From e4303838dfdf4226a1249d01f627dbb92a9b7103 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Tue, 26 Feb 2008 13:22:26 -0500 Subject: [PATCH] We now build libssh2 in Xcode and it's a much better UB/10.4 citizen --- PrintDrop.xcodeproj/project.pbxproj | 223 +- Source/AppController.m | 2 +- Vendor/build-libssh2.sh | 31 - Vendor/libssh2-0.18.tar.gz | Bin 541428 -> 0 bytes Vendor/libssh2/Headers/libgcrypt.h | 186 ++ .../libssh2/Headers}/libssh2.h | 0 Vendor/libssh2/Headers/libssh2_config.h | 173 ++ Vendor/libssh2/Headers/libssh2_priv.h | 1144 ++++++++ .../libssh2/Headers}/libssh2_publickey.h | 0 .../libssh2/Headers}/libssh2_sftp.h | 0 Vendor/libssh2/Headers/openssl.h | 224 ++ Vendor/libssh2/Source/channel.c | 2168 +++++++++++++++ Vendor/libssh2/Source/comp.c | 340 +++ Vendor/libssh2/Source/crypt.c | 256 ++ Vendor/libssh2/Source/hostkey.c | 455 ++++ Vendor/libssh2/Source/kex.c | 1906 ++++++++++++++ Vendor/libssh2/Source/mac.c | 311 +++ Vendor/libssh2/Source/misc.c | 241 ++ Vendor/libssh2/Source/openssl.c | 316 +++ Vendor/libssh2/Source/packet.c | 1244 +++++++++ Vendor/libssh2/Source/pem.c | 207 ++ Vendor/libssh2/Source/publickey.c | 1094 ++++++++ Vendor/libssh2/Source/scp.c | 811 ++++++ Vendor/libssh2/Source/session.c | 1535 +++++++++++ Vendor/libssh2/Source/sftp.c | 2325 +++++++++++++++++ Vendor/libssh2/Source/transport.c | 761 ++++++ Vendor/libssh2/Source/userauth.c | 1459 +++++++++++ libssh2/lib/libssh2.a | Bin 452112 -> 0 bytes libssh2/lib/libssh2.la | 35 - libssh2/share/man/man3/libssh2_banner_set.3 | 32 - .../share/man/man3/libssh2_channel_close.3 | 31 - .../man3/libssh2_channel_direct_tcpip_ex.3 | 39 - libssh2/share/man/man3/libssh2_channel_eof.3 | 18 - .../share/man/man3/libssh2_channel_flush_ex.3 | 34 - .../man/man3/libssh2_channel_forward_accept.3 | 21 - .../man/man3/libssh2_channel_forward_cancel.3 | 29 - .../man3/libssh2_channel_forward_listen_ex.3 | 48 - libssh2/share/man/man3/libssh2_channel_free.3 | 27 - .../man3/libssh2_channel_get_exit_status.3 | 20 - .../libssh2_channel_handle_extended_data.3 | 37 - .../libssh2_channel_handle_extended_data2.3 | 37 - .../share/man/man3/libssh2_channel_open_ex.3 | 56 - .../man3/libssh2_channel_process_startup.3 | 49 - .../share/man/man3/libssh2_channel_read_ex.3 | 44 - .../man/man3/libssh2_channel_request_pty_ex.3 | 52 - .../share/man/man3/libssh2_channel_send_eof.3 | 26 - .../man/man3/libssh2_channel_set_blocking.3 | 28 - .../man/man3/libssh2_channel_setenv_ex.3 | 43 - .../share/man/man3/libssh2_channel_wait_eof.3 | 21 - .../man/man3/libssh2_channel_x11_req_ex.3 | 46 - libssh2/share/man/man3/libssh2_hostkey_hash.3 | 29 - libssh2/share/man/man3/libssh2_poll.3 | 19 - .../man/man3/libssh2_poll_channel_read.3 | 18 - libssh2/share/man/man3/libssh2_scp_recv.3 | 40 - libssh2/share/man/man3/libssh2_scp_send_ex.3 | 52 - .../share/man/man3/libssh2_session_abstract.3 | 26 - .../man/man3/libssh2_session_callback_set.3 | 30 - .../man/man3/libssh2_session_disconnect_ex.3 | 40 - libssh2/share/man/man3/libssh2_session_free.3 | 21 - libssh2/share/man/man3/libssh2_session_init.3 | 44 - .../man/man3/libssh2_session_last_errno.3 | 22 - .../man/man3/libssh2_session_last_error.3 | 33 - .../man/man3/libssh2_session_method_pref.3 | 42 - .../share/man/man3/libssh2_session_methods.3 | 29 - .../man/man3/libssh2_session_set_blocking.3 | 32 - .../share/man/man3/libssh2_session_startup.3 | 42 - .../man/man3/libssh2_sftp_close_handle.3 | 52 - .../share/man/man3/libssh2_sftp_fstat_ex.3 | 49 - libssh2/share/man/man3/libssh2_sftp_init.3 | 41 - .../share/man/man3/libssh2_sftp_last_error.3 | 23 - .../share/man/man3/libssh2_sftp_mkdir_ex.3 | 46 - libssh2/share/man/man3/libssh2_sftp_open_ex.3 | 53 - libssh2/share/man/man3/libssh2_sftp_read.3 | 47 - libssh2/share/man/man3/libssh2_sftp_readdir.3 | 60 - .../share/man/man3/libssh2_sftp_rename_ex.3 | 58 - .../share/man/man3/libssh2_sftp_rmdir_ex.3 | 43 - libssh2/share/man/man3/libssh2_sftp_seek.3 | 26 - .../share/man/man3/libssh2_sftp_shutdown.3 | 26 - libssh2/share/man/man3/libssh2_sftp_stat_ex.3 | 62 - .../share/man/man3/libssh2_sftp_symlink_ex.3 | 70 - libssh2/share/man/man3/libssh2_sftp_tell.3 | 26 - .../share/man/man3/libssh2_sftp_unlink_ex.3 | 44 - libssh2/share/man/man3/libssh2_sftp_write.3 | 41 - .../man/man3/libssh2_userauth_authenticated.3 | 22 - .../share/man/man3/libssh2_userauth_list.3 | 43 - .../man/man3/libssh2_userauth_password_ex.3 | 50 - .../libssh2_userauth_publickey_fromfile.3 | 51 - 87 files changed, 17364 insertions(+), 2273 deletions(-) delete mode 100755 Vendor/build-libssh2.sh delete mode 100644 Vendor/libssh2-0.18.tar.gz create mode 100644 Vendor/libssh2/Headers/libgcrypt.h rename {libssh2/include => Vendor/libssh2/Headers}/libssh2.h (100%) create mode 100644 Vendor/libssh2/Headers/libssh2_config.h create mode 100644 Vendor/libssh2/Headers/libssh2_priv.h rename {libssh2/include => Vendor/libssh2/Headers}/libssh2_publickey.h (100%) rename {libssh2/include => Vendor/libssh2/Headers}/libssh2_sftp.h (100%) create mode 100644 Vendor/libssh2/Headers/openssl.h create mode 100644 Vendor/libssh2/Source/channel.c create mode 100644 Vendor/libssh2/Source/comp.c create mode 100644 Vendor/libssh2/Source/crypt.c create mode 100644 Vendor/libssh2/Source/hostkey.c create mode 100644 Vendor/libssh2/Source/kex.c create mode 100644 Vendor/libssh2/Source/mac.c create mode 100644 Vendor/libssh2/Source/misc.c create mode 100644 Vendor/libssh2/Source/openssl.c create mode 100644 Vendor/libssh2/Source/packet.c create mode 100644 Vendor/libssh2/Source/pem.c create mode 100644 Vendor/libssh2/Source/publickey.c create mode 100644 Vendor/libssh2/Source/scp.c create mode 100644 Vendor/libssh2/Source/session.c create mode 100644 Vendor/libssh2/Source/sftp.c create mode 100644 Vendor/libssh2/Source/transport.c create mode 100644 Vendor/libssh2/Source/userauth.c delete mode 100644 libssh2/lib/libssh2.a delete mode 100755 libssh2/lib/libssh2.la delete mode 100644 libssh2/share/man/man3/libssh2_banner_set.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_close.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_direct_tcpip_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_eof.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_flush_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_forward_accept.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_forward_cancel.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_forward_listen_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_free.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_get_exit_status.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_handle_extended_data.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_handle_extended_data2.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_open_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_process_startup.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_read_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_request_pty_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_send_eof.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_set_blocking.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_setenv_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_wait_eof.3 delete mode 100644 libssh2/share/man/man3/libssh2_channel_x11_req_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_hostkey_hash.3 delete mode 100644 libssh2/share/man/man3/libssh2_poll.3 delete mode 100644 libssh2/share/man/man3/libssh2_poll_channel_read.3 delete mode 100644 libssh2/share/man/man3/libssh2_scp_recv.3 delete mode 100644 libssh2/share/man/man3/libssh2_scp_send_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_abstract.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_callback_set.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_disconnect_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_free.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_init.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_last_errno.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_last_error.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_method_pref.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_methods.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_set_blocking.3 delete mode 100644 libssh2/share/man/man3/libssh2_session_startup.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_close_handle.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_fstat_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_init.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_last_error.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_mkdir_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_open_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_read.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_readdir.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_rename_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_rmdir_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_seek.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_shutdown.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_stat_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_symlink_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_tell.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_unlink_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_sftp_write.3 delete mode 100644 libssh2/share/man/man3/libssh2_userauth_authenticated.3 delete mode 100644 libssh2/share/man/man3/libssh2_userauth_list.3 delete mode 100644 libssh2/share/man/man3/libssh2_userauth_password_ex.3 delete mode 100644 libssh2/share/man/man3/libssh2_userauth_publickey_fromfile.3 diff --git a/PrintDrop.xcodeproj/project.pbxproj b/PrintDrop.xcodeproj/project.pbxproj index 19e2ea9..812d65a 100644 --- a/PrintDrop.xcodeproj/project.pbxproj +++ b/PrintDrop.xcodeproj/project.pbxproj @@ -10,8 +10,31 @@ 1E1624F30D736C500067F3B4 /* GradientBackView.m in Sources */ = {isa = PBXBuildFile; fileRef = 1E1624F20D736C500067F3B4 /* GradientBackView.m */; }; 1E1625410D736EF20067F3B4 /* DraggableImageView.m in Sources */ = {isa = PBXBuildFile; fileRef = 1E1625400D736EF20067F3B4 /* DraggableImageView.m */; }; 1E1626560D7388110067F3B4 /* AppController.m in Sources */ = {isa = PBXBuildFile; fileRef = 1E1626550D7388110067F3B4 /* AppController.m */; }; - 1EE1E1D90D744BB8002999AD /* libssh2.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1EE1E1D80D744BB8002999AD /* libssh2.a */; }; 1EE1E3E50D7482E7002999AD /* gradient.png in Resources */ = {isa = PBXBuildFile; fileRef = 1EE1E3E30D7482E7002999AD /* gradient.png */; }; + 1EE1E4710D748AE4002999AD /* libgcrypt.h in Headers */ = {isa = PBXBuildFile; fileRef = 1EE1E4580D748AE4002999AD /* libgcrypt.h */; }; + 1EE1E4720D748AE4002999AD /* libssh2.h in Headers */ = {isa = PBXBuildFile; fileRef = 1EE1E4590D748AE4002999AD /* libssh2.h */; }; + 1EE1E4730D748AE4002999AD /* libssh2_config.h in Headers */ = {isa = PBXBuildFile; fileRef = 1EE1E45A0D748AE4002999AD /* libssh2_config.h */; }; + 1EE1E4740D748AE4002999AD /* libssh2_priv.h in Headers */ = {isa = PBXBuildFile; fileRef = 1EE1E45B0D748AE4002999AD /* libssh2_priv.h */; }; + 1EE1E4750D748AE4002999AD /* libssh2_publickey.h in Headers */ = {isa = PBXBuildFile; fileRef = 1EE1E45C0D748AE4002999AD /* libssh2_publickey.h */; }; + 1EE1E4760D748AE4002999AD /* libssh2_sftp.h in Headers */ = {isa = PBXBuildFile; fileRef = 1EE1E45D0D748AE4002999AD /* libssh2_sftp.h */; }; + 1EE1E4770D748AE4002999AD /* openssl.h in Headers */ = {isa = PBXBuildFile; fileRef = 1EE1E45E0D748AE4002999AD /* openssl.h */; }; + 1EE1E4780D748AE4002999AD /* channel.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4600D748AE4002999AD /* channel.c */; }; + 1EE1E4790D748AE4002999AD /* comp.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4610D748AE4002999AD /* comp.c */; }; + 1EE1E47A0D748AE4002999AD /* crypt.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4620D748AE4002999AD /* crypt.c */; }; + 1EE1E47B0D748AE4002999AD /* hostkey.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4630D748AE4002999AD /* hostkey.c */; }; + 1EE1E47C0D748AE4002999AD /* kex.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4640D748AE4002999AD /* kex.c */; }; + 1EE1E47E0D748AE4002999AD /* mac.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4660D748AE4002999AD /* mac.c */; }; + 1EE1E47F0D748AE4002999AD /* misc.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4670D748AE4002999AD /* misc.c */; }; + 1EE1E4800D748AE4002999AD /* openssl.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4680D748AE4002999AD /* openssl.c */; }; + 1EE1E4810D748AE4002999AD /* packet.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4690D748AE4002999AD /* packet.c */; }; + 1EE1E4820D748AE4002999AD /* pem.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E46A0D748AE4002999AD /* pem.c */; }; + 1EE1E4830D748AE4002999AD /* publickey.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E46B0D748AE4002999AD /* publickey.c */; }; + 1EE1E4840D748AE4002999AD /* scp.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E46C0D748AE4002999AD /* scp.c */; }; + 1EE1E4850D748AE4002999AD /* session.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E46D0D748AE4002999AD /* session.c */; }; + 1EE1E4860D748AE4002999AD /* sftp.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E46E0D748AE4002999AD /* sftp.c */; }; + 1EE1E4870D748AE4002999AD /* transport.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E46F0D748AE4002999AD /* transport.c */; }; + 1EE1E4880D748AE4002999AD /* userauth.c in Sources */ = {isa = PBXBuildFile; fileRef = 1EE1E4700D748AE4002999AD /* userauth.c */; }; + 1EE1E48C0D748B19002999AD /* liblibssh2.a in Frameworks */ = {isa = PBXBuildFile; fileRef = 1EE1E4500D748AC9002999AD /* liblibssh2.a */; }; 8D11072A0486CEB800E47090 /* MainMenu.nib in Resources */ = {isa = PBXBuildFile; fileRef = 29B97318FDCFA39411CA2CEA /* MainMenu.nib */; }; 8D11072B0486CEB800E47090 /* InfoPlist.strings in Resources */ = {isa = PBXBuildFile; fileRef = 089C165CFE840E0CC02AAC07 /* InfoPlist.strings */; }; 8D11072D0486CEB800E47090 /* main.m in Sources */ = {isa = PBXBuildFile; fileRef = 29B97316FDCFA39411CA2CEA /* main.m */; settings = {ATTRIBUTES = (); }; }; @@ -28,8 +51,31 @@ 1E1625400D736EF20067F3B4 /* DraggableImageView.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = DraggableImageView.m; path = Source/DraggableImageView.m; sourceTree = ""; }; 1E1626540D7388110067F3B4 /* AppController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = AppController.h; path = Source/AppController.h; sourceTree = ""; }; 1E1626550D7388110067F3B4 /* AppController.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; name = AppController.m; path = Source/AppController.m; sourceTree = ""; }; - 1EE1E1D80D744BB8002999AD /* libssh2.a */ = {isa = PBXFileReference; lastKnownFileType = archive.ar; name = libssh2.a; path = libssh2/lib/libssh2.a; sourceTree = ""; }; 1EE1E3E40D7482E7002999AD /* English */ = {isa = PBXFileReference; lastKnownFileType = image.png; name = English; path = English.lproj/gradient.png; sourceTree = ""; }; + 1EE1E4500D748AC9002999AD /* liblibssh2.a */ = {isa = PBXFileReference; explicitFileType = archive.ar; includeInIndex = 0; path = liblibssh2.a; sourceTree = BUILT_PRODUCTS_DIR; }; + 1EE1E4580D748AE4002999AD /* libgcrypt.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libgcrypt.h; sourceTree = ""; }; + 1EE1E4590D748AE4002999AD /* libssh2.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libssh2.h; sourceTree = ""; }; + 1EE1E45A0D748AE4002999AD /* libssh2_config.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libssh2_config.h; sourceTree = ""; }; + 1EE1E45B0D748AE4002999AD /* libssh2_priv.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libssh2_priv.h; sourceTree = ""; }; + 1EE1E45C0D748AE4002999AD /* libssh2_publickey.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libssh2_publickey.h; sourceTree = ""; }; + 1EE1E45D0D748AE4002999AD /* libssh2_sftp.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = libssh2_sftp.h; sourceTree = ""; }; + 1EE1E45E0D748AE4002999AD /* openssl.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = openssl.h; sourceTree = ""; }; + 1EE1E4600D748AE4002999AD /* channel.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = channel.c; sourceTree = ""; }; + 1EE1E4610D748AE4002999AD /* comp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = comp.c; sourceTree = ""; }; + 1EE1E4620D748AE4002999AD /* crypt.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = crypt.c; sourceTree = ""; }; + 1EE1E4630D748AE4002999AD /* hostkey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = hostkey.c; sourceTree = ""; }; + 1EE1E4640D748AE4002999AD /* kex.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = kex.c; sourceTree = ""; }; + 1EE1E4660D748AE4002999AD /* mac.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = mac.c; sourceTree = ""; }; + 1EE1E4670D748AE4002999AD /* misc.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = misc.c; sourceTree = ""; }; + 1EE1E4680D748AE4002999AD /* openssl.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = openssl.c; sourceTree = ""; }; + 1EE1E4690D748AE4002999AD /* packet.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = packet.c; sourceTree = ""; }; + 1EE1E46A0D748AE4002999AD /* pem.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = pem.c; sourceTree = ""; }; + 1EE1E46B0D748AE4002999AD /* publickey.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = publickey.c; sourceTree = ""; }; + 1EE1E46C0D748AE4002999AD /* scp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = scp.c; sourceTree = ""; }; + 1EE1E46D0D748AE4002999AD /* session.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = session.c; sourceTree = ""; }; + 1EE1E46E0D748AE4002999AD /* sftp.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = sftp.c; sourceTree = ""; }; + 1EE1E46F0D748AE4002999AD /* transport.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = transport.c; sourceTree = ""; }; + 1EE1E4700D748AE4002999AD /* userauth.c */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.c; path = userauth.c; sourceTree = ""; }; 29B97316FDCFA39411CA2CEA /* main.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = main.m; sourceTree = ""; }; 29B97319FDCFA39411CA2CEA /* English */ = {isa = PBXFileReference; lastKnownFileType = wrapper.nib; name = English; path = English.lproj/MainMenu.nib; sourceTree = ""; }; 29B97324FDCFA39411CA2CEA /* AppKit.framework */ = {isa = PBXFileReference; lastKnownFileType = wrapper.framework; name = AppKit.framework; path = /System/Library/Frameworks/AppKit.framework; sourceTree = ""; }; @@ -40,12 +86,19 @@ /* End PBXFileReference section */ /* Begin PBXFrameworksBuildPhase section */ + 1EE1E44E0D748AC9002999AD /* Frameworks */ = { + isa = PBXFrameworksBuildPhase; + buildActionMask = 2147483647; + files = ( + ); + runOnlyForDeploymentPostprocessing = 0; + }; 8D11072E0486CEB800E47090 /* Frameworks */ = { isa = PBXFrameworksBuildPhase; buildActionMask = 2147483647; files = ( + 1EE1E48C0D748B19002999AD /* liblibssh2.a in Frameworks */, 8D11072F0486CEB800E47090 /* Cocoa.framework in Frameworks */, - 1EE1E1D90D744BB8002999AD /* libssh2.a in Frameworks */, ); runOnlyForDeploymentPostprocessing = 0; }; @@ -68,7 +121,6 @@ 1058C7A0FEA54F0111CA2CBB /* Linked Frameworks */ = { isa = PBXGroup; children = ( - 1EE1E1D80D744BB8002999AD /* libssh2.a */, 1058C7A1FEA54F0111CA2CBB /* Cocoa.framework */, ); name = "Linked Frameworks"; @@ -88,16 +140,65 @@ isa = PBXGroup; children = ( 8D1107320486CEB800E47090 /* PrintDrop.app */, + 1EE1E4500D748AC9002999AD /* liblibssh2.a */, ); name = Products; sourceTree = ""; }; + 1EE1E4560D748AE4002999AD /* libssh2 */ = { + isa = PBXGroup; + children = ( + 1EE1E4570D748AE4002999AD /* Headers */, + 1EE1E45F0D748AE4002999AD /* Source */, + ); + name = libssh2; + path = Vendor/libssh2; + sourceTree = ""; + }; + 1EE1E4570D748AE4002999AD /* Headers */ = { + isa = PBXGroup; + children = ( + 1EE1E4580D748AE4002999AD /* libgcrypt.h */, + 1EE1E4590D748AE4002999AD /* libssh2.h */, + 1EE1E45A0D748AE4002999AD /* libssh2_config.h */, + 1EE1E45B0D748AE4002999AD /* libssh2_priv.h */, + 1EE1E45C0D748AE4002999AD /* libssh2_publickey.h */, + 1EE1E45D0D748AE4002999AD /* libssh2_sftp.h */, + 1EE1E45E0D748AE4002999AD /* openssl.h */, + ); + path = Headers; + sourceTree = ""; + }; + 1EE1E45F0D748AE4002999AD /* Source */ = { + isa = PBXGroup; + children = ( + 1EE1E4600D748AE4002999AD /* channel.c */, + 1EE1E4610D748AE4002999AD /* comp.c */, + 1EE1E4620D748AE4002999AD /* crypt.c */, + 1EE1E4630D748AE4002999AD /* hostkey.c */, + 1EE1E4640D748AE4002999AD /* kex.c */, + 1EE1E4660D748AE4002999AD /* mac.c */, + 1EE1E4670D748AE4002999AD /* misc.c */, + 1EE1E4680D748AE4002999AD /* openssl.c */, + 1EE1E4690D748AE4002999AD /* packet.c */, + 1EE1E46A0D748AE4002999AD /* pem.c */, + 1EE1E46B0D748AE4002999AD /* publickey.c */, + 1EE1E46C0D748AE4002999AD /* scp.c */, + 1EE1E46D0D748AE4002999AD /* session.c */, + 1EE1E46E0D748AE4002999AD /* sftp.c */, + 1EE1E46F0D748AE4002999AD /* transport.c */, + 1EE1E4700D748AE4002999AD /* userauth.c */, + ); + path = Source; + sourceTree = ""; + }; 29B97314FDCFA39411CA2CEA /* PrintDrop */ = { isa = PBXGroup; children = ( 080E96DDFE201D6D7F000001 /* Classes */, 29B97315FDCFA39411CA2CEA /* Other Sources */, 29B97317FDCFA39411CA2CEA /* Resources */, + 1EE1E4560D748AE4002999AD /* libssh2 */, 29B97323FDCFA39411CA2CEA /* Frameworks */, 19C28FACFE9D520D11CA2CBB /* Products */, ); @@ -135,7 +236,41 @@ }; /* End PBXGroup section */ +/* Begin PBXHeadersBuildPhase section */ + 1EE1E44C0D748AC9002999AD /* Headers */ = { + isa = PBXHeadersBuildPhase; + buildActionMask = 2147483647; + files = ( + 1EE1E4710D748AE4002999AD /* libgcrypt.h in Headers */, + 1EE1E4720D748AE4002999AD /* libssh2.h in Headers */, + 1EE1E4730D748AE4002999AD /* libssh2_config.h in Headers */, + 1EE1E4740D748AE4002999AD /* libssh2_priv.h in Headers */, + 1EE1E4750D748AE4002999AD /* libssh2_publickey.h in Headers */, + 1EE1E4760D748AE4002999AD /* libssh2_sftp.h in Headers */, + 1EE1E4770D748AE4002999AD /* openssl.h in Headers */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; +/* End PBXHeadersBuildPhase section */ + /* Begin PBXNativeTarget section */ + 1EE1E44F0D748AC9002999AD /* libssh2 */ = { + isa = PBXNativeTarget; + buildConfigurationList = 1EE1E4550D748ADB002999AD /* Build configuration list for PBXNativeTarget "libssh2" */; + buildPhases = ( + 1EE1E44C0D748AC9002999AD /* Headers */, + 1EE1E44D0D748AC9002999AD /* Sources */, + 1EE1E44E0D748AC9002999AD /* Frameworks */, + ); + buildRules = ( + ); + dependencies = ( + ); + name = libssh2; + productName = libssh2; + productReference = 1EE1E4500D748AC9002999AD /* liblibssh2.a */; + productType = "com.apple.product-type.library.static"; + }; 8D1107260486CEB800E47090 /* PrintDrop */ = { isa = PBXNativeTarget; buildConfigurationList = C01FCF4A08A954540054247B /* Build configuration list for PBXNativeTarget "PrintDrop" */; @@ -167,6 +302,7 @@ projectRoot = ""; targets = ( 8D1107260486CEB800E47090 /* PrintDrop */, + 1EE1E44F0D748AC9002999AD /* libssh2 */, ); }; /* End PBXProject section */ @@ -185,6 +321,29 @@ /* End PBXResourcesBuildPhase section */ /* Begin PBXSourcesBuildPhase section */ + 1EE1E44D0D748AC9002999AD /* Sources */ = { + isa = PBXSourcesBuildPhase; + buildActionMask = 2147483647; + files = ( + 1EE1E4780D748AE4002999AD /* channel.c in Sources */, + 1EE1E4790D748AE4002999AD /* comp.c in Sources */, + 1EE1E47A0D748AE4002999AD /* crypt.c in Sources */, + 1EE1E47B0D748AE4002999AD /* hostkey.c in Sources */, + 1EE1E47C0D748AE4002999AD /* kex.c in Sources */, + 1EE1E47E0D748AE4002999AD /* mac.c in Sources */, + 1EE1E47F0D748AE4002999AD /* misc.c in Sources */, + 1EE1E4800D748AE4002999AD /* openssl.c in Sources */, + 1EE1E4810D748AE4002999AD /* packet.c in Sources */, + 1EE1E4820D748AE4002999AD /* pem.c in Sources */, + 1EE1E4830D748AE4002999AD /* publickey.c in Sources */, + 1EE1E4840D748AE4002999AD /* scp.c in Sources */, + 1EE1E4850D748AE4002999AD /* session.c in Sources */, + 1EE1E4860D748AE4002999AD /* sftp.c in Sources */, + 1EE1E4870D748AE4002999AD /* transport.c in Sources */, + 1EE1E4880D748AE4002999AD /* userauth.c in Sources */, + ); + runOnlyForDeploymentPostprocessing = 0; + }; 8D11072C0486CEB800E47090 /* Sources */ = { isa = PBXSourcesBuildPhase; buildActionMask = 2147483647; @@ -226,6 +385,35 @@ /* End PBXVariantGroup section */ /* Begin XCBuildConfiguration section */ + 1EE1E4510D748AC9002999AD /* Debug */ = { + isa = XCBuildConfiguration; + buildSettings = { + COPY_PHASE_STRIP = NO; + GCC_DYNAMIC_NO_PIC = NO; + GCC_ENABLE_FIX_AND_CONTINUE = YES; + GCC_MODEL_TUNING = G5; + GCC_OPTIMIZATION_LEVEL = 0; + INSTALL_PATH = /usr/local/lib; + PREBINDING = NO; + PRODUCT_NAME = libssh2; + ZERO_LINK = YES; + }; + name = Debug; + }; + 1EE1E4520D748AC9002999AD /* Release */ = { + isa = XCBuildConfiguration; + buildSettings = { + COPY_PHASE_STRIP = YES; + DEBUG_INFORMATION_FORMAT = "dwarf-with-dsym"; + GCC_ENABLE_FIX_AND_CONTINUE = NO; + GCC_MODEL_TUNING = G5; + INSTALL_PATH = /usr/local/lib; + PREBINDING = NO; + PRODUCT_NAME = libssh2; + ZERO_LINK = NO; + }; + name = Release; + }; C01FCF4B08A954540054247B /* Debug */ = { isa = XCBuildConfiguration; buildSettings = { @@ -236,13 +424,10 @@ GCC_OPTIMIZATION_LEVEL = 0; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = PrintDrop_Prefix.pch; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)/libssh2/include\""; + HEADER_SEARCH_PATHS = "\"$(SRCROOT)/Vendor/libssh2/Headers\""; INFOPLIST_FILE = Info.plist; INSTALL_PATH = "$(HOME)/Applications"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SRCROOT)/libssh2/lib\"", - ); + LIBRARY_SEARCH_PATHS = "\"$(SRCROOT)/build/Release\""; OTHER_LDFLAGS = ( "-undefined", suppress, @@ -261,13 +446,10 @@ GCC_MODEL_TUNING = G5; GCC_PRECOMPILE_PREFIX_HEADER = YES; GCC_PREFIX_HEADER = PrintDrop_Prefix.pch; - HEADER_SEARCH_PATHS = "\"$(SRCROOT)/libssh2/include\""; + HEADER_SEARCH_PATHS = "\"$(SRCROOT)/Vendor/libssh2/Headers\""; INFOPLIST_FILE = Info.plist; INSTALL_PATH = "$(HOME)/Applications"; - LIBRARY_SEARCH_PATHS = ( - "$(inherited)", - "\"$(SRCROOT)/libssh2/lib\"", - ); + LIBRARY_SEARCH_PATHS = "\"$(SRCROOT)/build/Release\""; OTHER_LDFLAGS = ( "-undefined", suppress, @@ -284,7 +466,7 @@ GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNUSED_VARIABLE = YES; PREBINDING = NO; - SDKROOT = "$(DEVELOPER_SDK_DIR)/MacOSX10.5.sdk"; + SDKROOT = "$(DEVELOPER_SDK_DIR)/MacOSX10.4u.sdk"; }; name = Debug; }; @@ -298,13 +480,22 @@ GCC_WARN_ABOUT_RETURN_TYPE = YES; GCC_WARN_UNUSED_VARIABLE = YES; PREBINDING = NO; - SDKROOT = "$(DEVELOPER_SDK_DIR)/MacOSX10.5.sdk"; + SDKROOT = "$(DEVELOPER_SDK_DIR)/MacOSX10.4u.sdk"; }; name = Release; }; /* End XCBuildConfiguration section */ /* Begin XCConfigurationList section */ + 1EE1E4550D748ADB002999AD /* Build configuration list for PBXNativeTarget "libssh2" */ = { + isa = XCConfigurationList; + buildConfigurations = ( + 1EE1E4510D748AC9002999AD /* Debug */, + 1EE1E4520D748AC9002999AD /* Release */, + ); + defaultConfigurationIsVisible = 0; + defaultConfigurationName = Release; + }; C01FCF4A08A954540054247B /* Build configuration list for PBXNativeTarget "PrintDrop" */ = { isa = XCConfigurationList; buildConfigurations = ( diff --git a/Source/AppController.m b/Source/AppController.m index f6b3fb8..d9e6f3c 100644 --- a/Source/AppController.m +++ b/Source/AppController.m @@ -235,7 +235,7 @@ shutdown: if (channel) { - libssh2_channel_free(channel); + //libssh2_channel_free(channel); channel = NULL; } libssh2_session_disconnect(ssh, "Normal disconnect."); diff --git a/Vendor/build-libssh2.sh b/Vendor/build-libssh2.sh deleted file mode 100755 index c0fab69..0000000 --- a/Vendor/build-libssh2.sh +++ /dev/null @@ -1,31 +0,0 @@ -#!/bin/sh - -NAME=libssh2-0.18 -DEST=`cd ..; pwd`/libssh2 -CONFIG="--prefix=$DEST --disable-shared --enable-static" - -# cleanup -rm -rf $NAME - -# unzip -tar xzvf $NAME.tar.gz -cd $NAME - -# build ppc -./configure $CONFIG CFLAGS="-arch ppc" -make -mv src/.libs src/libs-ppc - -make clean - -# build i386 -./configure $CONFIG -make -mv src/.libs/libssh2.a src/libssh2-i386.a - -# make universal -lipo -create src/libs-ppc/libssh2.a src/libssh2-i386.a -output src/.libs/libssh2.a - -# put it in the right place -make install -ranlib $DEST/lib/libssh2.a \ No newline at end of file diff --git a/Vendor/libssh2-0.18.tar.gz b/Vendor/libssh2-0.18.tar.gz deleted file mode 100644 index 096afb6f79fcc730d5f6079af824e8fc22188096..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 541428 zcmV(jK=!{MiwFR4+%`u71ME9#ciKp{`D%Ve4dFC~gT&?~!R<~H$8IxY8=k>gUXsRz zD4@ndQfslHt z_^Z!&0!PBob2Ub1!= zin$lE&}C!;j5CWnt|KjOvtSv(UFPt)Faega1J_&naykpy=0Sk3h5fTAjRt<$wZ*Ct)J=({+k?A;= znahQ8E`pHHz5OEK>>9PEQQIlz0Aetc0h>r$F#JSPfhM)bmTrW5WWE^7AoS%Z3IQx+ z+!<9Zedcr#*lTXKoZSaV-=jIrnS{gkeuUcfuuz4#=m6=Lg4t(SF-G=?p%B{OqVRI6Lh3 z*-`hLwOOxyKIj}=oV3qb@8Z1I?H`(q^@WHv3p5_k?SxJT6gU_*?W>Kx7)%;2UL z4_qBcbs_Rdhuij&jw1v!1Sxvp18?1M27ma4Qa?<~o&SPSt7i)i^aJ6HVdJ4S z69FpmXSG2?Fa0`oBGdJ!zo0QjqdCR{QixcDq{+zy1B6l;umK@J;yDjd83!}&OvQ;i zWx@&lWy%+|-nfdg!INQ@1#&KJ4ytfhXJ7`=2&C#vP_IE`Swf713jXkX=^# zS2zY=t)R$2M=T_Ok$KmEQWrzcjU-bE(>Lp}QnACWHzQ*jDEsTZquR z3{r;YI>k^KFN9J+6bpzI7H}Iy5*$@a8!kOaEV;SZzZBNYW%)ua&u-zU#>^0`7*x!1 zwNfcw=5kTMr(!?YS9T}95R`3uONCKOK zRa0hx6IYQUgMW?qaS}-Ji$aAKNUf zGHMC*@|3@sxqqu3ct$Odd$0=76#zNe-4q|_bP_<$v{Y=tTp%IH!-mHaNd({tVCg=U z2xr|~oW}Mr;;Sr&c>hX112vf2mAPn^Q4KV$x9o1e13j<6DpW0b1~Uj>ie9 zL*#B|7_mbPiG`QUn1-yz_Q1QqWGoD7g*uSQp}AzN?^gdTVbDFF!R_ z&?s;{rjsI*qAvn&p+||I zl8Z)zfWalzhdM?=c_l1Ti7Fv2@FF>8^2V?;=1ZYw!O#vIj~lD(>F@&r=OJNd@02A@)#;K zkAI1%_SSk{nO+mD4+ui){Wdu5z3ZIsR{`NWEU|B>l>N)iXwHKxR@>c0apqTO9LyMl z-7AEuHT_6``BIwCB|?+e7!C#}3`?t(alEp}zO&m~;UwX`8XegQ)e78XUc{gtJVf2SCxA_BMuW*p@; zVD^bqC3Xh>pv8*`#gU2O5sahxe7TRZRp~39yguvwe1Vosi|H?J{KXfx{tEidsf3dD zr%FNlNClQD(Nrp>B!*&rve*N8*ownmZi8|y%4=C{3jbNJUNh_UYn8S(7<$`g!D0sd zbMHuGl~`gJU?e}`1}TPaP}EIJ2OG2UtF(Xs6N#S~iSaXz#fyAqQ+c+}7AdM3l8!r! z!y>pU6dSZ7ncKiXU#XN!>oTBX=w6v_X76e3ApqtGhIPqW6kvPFxB~t;P}-{q2JvVN zO_VO@IqNN<4}vJ&?Jw937J*p4>X!a({~drzOwTl@*__V!pYm77wM;(>r?6~_aYQAV zQF~=Hwn~_&HkBhySk;8~1P4OI?%@;YwFk%h1-!Om6tY7qLvfk1*2P)-^l*6EJ~-~2 z9b!M85DXqoVJvctOdW{MI^17PM5~^Kp4tZk>q`?4(t0l}kA&ozzdZ>5PJLiG@&% z2x#E+9A)!{>SFF;(}r2E1SJc!5)56-^%0*+SlwEM5dcEt#L7n5a6||sg*_=(QolKL zqvZ-BreG|0GAUE0V7aZw0p}j=>0O|v4rkv#PUdsH@`oE}%T#W+%Q8-E!TAI>jZsT6dCXUKji7NN!VuUtFLhjQ~ zLlePh8UvLxFn1t=SyR{vNHDYS1sSD5?t$3O64|!J9iWsT_iinNK>fmo8nfux0~k(U z)!u4^h6}L?k@e6}56*T5<#g-;NJBZn%0X~ktcJQeHB6!qY7z7KdN1F~=Bu6C`Od4W zTPJ8Xu5Lj^<=X%()VjUq3kV(?0@@~4SkGl}17xK09u7gM;ShSkLbh2sgb0{65U`?+ zjaxSLg||XVZo^HLc{Ws=*mW$lb(=*YdZiSrq153)_vi?MSrS)Ds0nVO6Ky6TsAR5) zoeR*6!_+-;Vl|4#_|y6LM#H(mzJkDQ+kseLhByaHSRrgAwxElZHS{}2--lzP*(9#K z6C(+G`R(kYs$+vTs6b7%IgKD8Dnsmn_QkhVbLA*2m_Q!I|8Zi@J{5}RBQ zE^RgQl1{WRaQ3urewp+{%2L}$)oo~{>=zNWxTe_ET{SRVPk^_p(P8zoG5l(lt6$7& z@p4W3eTjy2(7PB8KJ^Zb)ArfLQTt$UaejDi{NwQa?C`|s_72b6gU;D+I@h*TO3?Fh z=<{$81xJxl7wvuqK^hW2E)&xIY}V;xp@7XRs7iMR-}L!^Hwxd};Ctbl-uZV3*Xc1z zxdk!ANmBcLp&X;Uo~wdpG`v|Q&1Cd=Z_qMaKmZ$FSN6Ib;_Avx0tH4q_)1_ajmvxLE%e< zkjoCRg!-eBDiXZFM~|U2HWJXq@M|t@3L&n8_^|V8ovN*YAMI@Ei4>J-;|POKK)#D} zWqc%(Jk3=8iBSwnQ|N1AL}-&7CC->HfIEFdEW;O8J_DS!!J&fHwt-pBJq(O>Mjt)}4(+FCfI{UI|mcNwZ z0jTSnb0G%Qa&+}xX;QHv;3-bL2z^XM-Wa9 z+M2;m6|b+J$%dHJA7dh}x3d`Lj>c&}inQ|pR`1|pG|%F9@OGbxx0}HuZjHzHmF2Xf zI5nQw*UlOr^VPvyjd$=U-m7)I_KC)O`(to#l+Ui_vkFwK=a^1X_TUp)^|)-Dyi!4M@9)6rOuP;_co=XZ1@xsfaLM9) zT*q;sSz4iq1+)he9}+;pJ>uA9UJIL0>t+KBhJfYaTb}CIcv50Ml!%}*Hr!xxf9aHd z?ppo*bMO7&<5#Evj8`k5Gky8YG~$ykL7I7_5|-gr~1w~jl;#mDMtuZOtcrTz0) zHP~}zIVL&tJYF~J#thmuXe!_{TFgB!OIJ^rQF)89CVJZG-~HV`?G4`@81XWBFTWDv z*BcLd&sx*G@%Ut9@`*W@HrqVpK9qMyCTm}b67^8=8)-m|O1-nr$)TAH?DLnKRW*)Q zBkkcGVh#;uovlV4eK6zvgf6 z&iik6@Bl#S1-a@@VyiejF{EW1&SK{QH0A2(v2b*s>{{To*CZd zssJQ*C3c7PZu0znLp_gBG6a#cb=>Ml4%i`d1g$l>XWYitii0gSp6B~Vk~ zjqGuS_0^tLLM0+w=0loq{uPQz^|JZIbZIPMTwNx;OCR#62+Ftpt@1t1ZTu`|z3Kcr z_qZc~_6a2Xh)+daQLScY+1IF)5-zvQy4f`Tep0+=?~&sMPj1|(4)5D_GrQ{~U9TuV zo+SVT0}yyTO%_%&o#dGqictT9RYho3=WaM&Ys|4A3jNK(cBNivmcAFW0W`OvqU@bq zg^@MCpvUQ1hRx*Y;$usl8Sc0g2id3gxfif-1g5l%iUN_XJc^;y(g?SuX$3H|KG9ANSAk4hs%##^`M*jsB54obGg-gE; z>SGm*Z^*fGmd9-Y50HiB@!dN5t%>M2i*2lt=)7aE$e)0(L3rU1oJ}wR;F;N==CxP#mE97K-xt0HAz!@R{7|ft*dR3IS~z%&2#r zNI9AYzWd{%h5&M|-UrkA{4AhwMY_70NiXA`?pYqhmX#?Z$;t`LK)ff4K7=dZWn6xm z>Bh6TvGluYaS1%(Hdt(yZL*kRoGktYd&PH`*OF|)i0d_ zXhtUK1=QanjUklUTW0e5)l7cJ1T9;7P^_s|f9i8@X28mNnoq^Hm^t>VLa_|p|xbMZ^ z(I9qW-@P-8tVvrL2?c`<(k#y=q_#G*aNI&GhORp{Ht5IyeJlJ{J_@)HHT8k;-^0_OV5l zF6VSb!3JS$q=-J~7dssP&BwFer*VpP>oR|p;pd!z6&e6&|L4=UlEeNK`Vh1MocaY zZY_W$KW$v*thZO@rwrb%;`PKe$HQ(iI|#dVtuzJ5MI|G&eU$2R)9~MnXPFB~)3JD= z9RgiX;kZ(3A^$qux#*}ns9j=L5*% zw92L4pn~RU46Ng6SszzzfY5YMZLkarY9u0zsR}zu{UUpIQQMSRZgvsA>*ToJXt$3~wlvxkQa@dao7SKz9EnD~YBitB8CSTDlWXLm#`;=l ztIE)QJ>5CkZ=7~^n@2k*A3M#X)5gjBoqFT>5#eAKaD>iq@W{}A3T|VU!9HSZSW(u3 z(X{q&Ekqh$F(gk&3Ng9%P0!Z@kb;bW0_nvqS1ZY_0Dz&cs%q7&?M;RroP9XSqrHnL z0B(7HQd9_|&z|Y%f{+m@aZSsfGn{n|fD*?Gap8+tSEaU#J%$#M;%U(NGMi3d)zE_| z;xl-BuIcqmK85?ZB2*tgyF;Ziy5@|Ck4iO{uZ(Yj; zX=o+2#%)xuvCV&KJI#yj+GW0QW#?;!46R5gG75IV&g0>geaXWYIGCNBW?OYE5-Jur zgnFcX@4|4|dKL!4#;tqr&<$ACxPyZ`UDD&_x*HDAP=8*9-Yqr0tE7dN$iGgfILb8k zDb3V@X0?Jts6{n_yiXD3VYgC}YSWUo9*ux|OnkbKgS8uIqno>jFsJ7di{X{718uaZ z619f1wTmg?l7;v8^;eE9W|)HAF3^n=bejz9ZYF-QP-ea7(qfhii&2~JP`RFD>K6#8 zdI@!HO%h0-{468t-ryDl({*@?(&Pr}f7ZU@FEmI0rPHD9s^j%GGW3W>v_TTh+L||? z`5P(u0tbd)1ga~iSOuz_W1qPIgm_mFf^?G0b!dFJrjb`db3jhlKC0@KZgIOnXQ<47 z>4o#JM_y8|Hewax7aJz0BQk944JU85h_cF$~ir- z@&2!_Ptm0nm!`yj)VCMmKsTf545ZN#se-==_E{5}VU?-UIlH98U~1u2Udqj<7|%uv zRI)COwGcBLKvwz648@DDBPOpN|R>+FJ&?@E_4_GNBYT+QfRN|HLHvD)|rvR7Jn1>3Q>x@LIo)Rd3gctMEmt z-gM}Q4G=Pu=gy5g^YsXs5ikher|snk#l)&T4P9^IKjlI(6HHc$UC!swJjr0@!mXVS zDv0u(Tq1&M3_)IpAfJSwSjZ%;MF~M6u?NbqrTJVmZ2ZA?m5vwe+&CpDU;k4n#bF+p zH5bxIIvszUVl3yCL5s)8=j=lANaVY4-7{g}PZSFy=8duYvQ&g#69p!sJuWn_R1y#ndXHrY{qD@->DmP*ffyLcgENN;Ak(`q9bH1Q(cfX z1LaU-BUrT=?t%K-a^QRfIKMhDEX3OP&;Ob{a(oA|3h}YCF2M0e?lUdC#7;AiVj&7L zUH}3k=+1|;D98ecXZ-`xRFlg4m!w%it+!@kR%}^IjN1M$B#UPaQHFY5wOpKH@bgB! ze%v~3Z!JI1MB@So-Y6YxNN+^mzyAV;#w(=c$~X?&C*Jug$hukmZ#)|GMfeEg2 z*DC>q0??f|e>BM-pbOMy0d)$GB;j(&qg3$FQy3S7qbU}sI_e2*gOCCO1!WL?N{dq9 z2{DTvaFiGy2SGlxC}KqDfHj_s9AKqg)H2pM8iDP#>IB~F8MYE+QPkUd7n_HC-Yygq z@T36If9&nB$zF&toCJn1P)Bmtyn|MyM80`RBo%Se%NXB)61a;V2bO*GBqd~gmsYfn z%Hv8Y6>1ozbCe)2F$gSSLhrLiIrEc*W2Og^rY^D7Vy>JsnU$qDSbWzN-kNSR#*4P~ zHL?GqYDC)W7H)NG#QMx$|&1!tW2QS3EwFpiDE4 zi9d*MzP%P|&$ImFl% zPd@Yd8yJ4CJM2z7-CmDLNo*>5AizkC(oFFu>I1w|)AguWTHYnB6OOW2S~|>Pbp@nV z1!;9D(iJ+Y^mBPPPj)_k!SU$-6x-)=>hcO{nosTTZ z+0pi3?zUF&Ml_h6y`e^M{3=h%vo)Ci>CXJQ6_&$jp2Kf|`8lQKCFNXf)=Rcxbn<_4 zetufx+UaFB^s7y3T%g!(?`4bdmyvZ)6mWmDw&VAlasQLi7~ME{S(H_+p<;a2>)~GD zF7ceePMcCwsz-njHI^gN;YgHRRzZih_FEdT*1W3|$O!|qSOYX&$I=jS`I$K5?#kRm?r|Is{JLMXkb+Xpx1 zL3-Fc+W%t-!=rlGHcvh+N@m`OXbRy=;&f%14_sk0kM^tPaJn>*7)HB4ulBXIINUT(GXycLha1$ z0g)w<*a|4+dl($T6>tsVKmE2$d?Qv|)fS^Yeqi0Bea~O~*qkda>43C_Lz<8NoxbYL z83;!{^AH@mJrRc8n>tp(&V^oVlYy~w`s=B22DER79`1bwS1U~@qX@ZB;Ed3UZvA?iwa<+|!gy?Y$f@ILolN84Kk5r=*7lFi0-tD+ zrh&b1-srV<5<}E)F0CwZ!Pgk}KIqr&c)qMlZ?YUn)1z$Yr#&I!6v1(b+OUg5_ohdx zZV_5+*`B9%hsUD~LQK8+eEB(hMX~$2ph9OJkV!7P*1xXO*Du%$aPS%l*ee` zO3)bMu6BTt$yVCigBWHJEca8~3w{_+52!7U1xu~&Bm7zbc3&*$A>qM7;KB4>1`Ky6 zc(AO$q;vn_QICp+=}(xvQKkAbu%J(lg5^8)`Izx!z+*|V&xl(2;tUl>k&RA=yk8DF z9mPpR6sv`rGG4U42CZ%d4KR(Hrk!1VJG+{8cH`~rO6>%#U_s0qg>=OZfH(0!Kn66n|0jennd%rSmM-HU7)~$-7>y>F46Ea)99oizk~SiW z7bwHC@E~Fqv!C(mkir&afpkIq;bG=@WVyc^Sv2&`LM>EQiy$J6^KvHen-QV3gdUH} z|4;{x4heNCyi%*agS9l3DE^vMYjbI>#(5>NQ&OGHq)t^f!%9^%lTfKDn}V@3=;Y>4 zpjFSXEN|-GcV~`;;rP&2mgmtE_RPb+?N98yay=eIwRydb24gvXg<>2uck5dz6uk13 zPz9C$tPH;<8~(=#;`LVqd)D2XgoHsiN}ft7uZ)Aq6my`Y;HUf({EFSCC22l$vlx@ZD8Prd~LEsaWIR{RG*F)Mn}cvE*mS zfcM>1<_Uec6Alm3!JhL+-HG$ z@F>VH|23iE4cEt57KmctPBGYrdn%%t=nGYoivDXS>- z508Dp&v)#|$1~~q=%OXySO9HG=XO1W#mfUYd)?U`#TaZmGvlD%**Q4as$&x{EtuG3 z*ypMR-xxVQW_H5lOGaaSi)k+ba@g0oqmT0^543K&S!rM@c|Z|IEs=?P$ckR z`-d}NHb5bA0o1a;^vNxVNHcqBtX<(hGizjTrE=ShLmF_Dl&ToE{N0n3-`uKMHv(ZQ z?+gbZ6QBkKbzP^8qtl(!=6Pc)r8|L!5=RjGhJun4JbM~w%oZcS@Z~901BY?WgO03# z0_#Umq$p(OE2F{EkakJ;gfz@Tr*lf)2vAIh{b4^tIUrD*Fy^VHFpmL66-S3VAXT1F zl)qtnweAt_R8%9#oIEjMB-%ee+&Nsm7A~m3L=a=jP`5FdI|gR|VbiRELpFXs8D|Ai z7bs3W#n|En`?v$MB3!pYf$?t3D6Fs1woVM>m9T{qMYR93axOV1RR|<&jaZMa!3UlC z@nNfZ&^U<*_pSYAq@;az)H*rt)Dw#98Kui=e~=90;Rk}L>ATJhyNr`TAfn)>o(T~1 zDu)6RjHFY+3UnxdI2oepQ;08E?AoJ-^fZ3FpzUJs<5BY>>&+f(C9!9~7o%k7*a{M^ ztHPuX6FLwN4*)rjrj!mq6W!_14RZjqTr$X$VZP=b%L>V}h>YO~z_q}X>V(4gKl#jC z3+jpIw(Jz^JAch#Ptm#c(|Dwyg@-M4aFYG>&&KW}Wo=|(ZGrdrcera!2I!kz3UaO8 zQC2zFm>z;ixDpl~vCXHzaE3p_L@6RwZ^5>0scO^cj))0)6W^U7BO>0!_CIVg)O%8T zQkK#NuWBeUP1E>u?$20+E!gZZvbarI3a2AqZibQ$;)K|R`2+NTMWO1>SfR<#;+8nG z7pNu!3{fvbt$9|q5C|E~0p2@2P<|dB3yX3^v3uz>PZ8QUyr37Lrm-QOMZwf>0QQM) z1Ze+X)YFMyu$y9gXA@6@1@B8(K-A^YX{o9PhyOGr_ta$y zVNp*f$~}$I4yj;EchB$~ z%veEmjoVfRCJbThz{QppWQ1_odd)61gv;{LD#bp^~f~d!`lr&IwT-LluSeDHB zQtHRE>dlj$!9Ml*kcIn8g<)3BQng}c)}#OBA z=`dU`di!v04^v=pmwNR*$?}5qQP-~x1@arc-xC&bUAlm>%`J4y!<1EPItaI#!?zsq zwTaU~0(e>wlr88Zt>B{LP#j@-RfLAwY_5c{@`5fJt?A?iNRt{;6NYSQK%*lh6B=~#L1AN#GA$f1_@dg(wk;gvw9ptzlslTAX# zgZQ#A2_j91H|#zces|ztCfKg;&qtIM6gCGt5_wo+>pHVEG$=H`A954xNOa_!*g-H94OK=_Dcl0uAaeDQqSUw*PkwgZ?ZepO!7C&q z@vsLzN2BFTlmePJbME@HX;xrabN?Qz^on#xi zBa1jB6I)rPHmL(q!ozE2vsOQCUf_0XmN^Mxm{fN#1p-TjUjDg!j@dF#Z^h^%$a)yo zk>YqU##{!bTh5P^NC68m96~GGx!RtEILdZ05@n$8c5keH>>~WI!Xqi2UzTadBrwM0 zrv|>@^Ga1Z;G|htPC1HFIymM8-ce+Uv%O6;m4kugU`DSTKL7 zpjuW7+W*`sMN0PC1-0PAexzWtoXblM!RU|Mv_+)T(nMg4Wz3Z8_L1AceDF%Pw833| zHm*#A{pRuU=vNpc4=-9mOt7ga(Z?dkU0Qd_=ECf|!rbBro*w&y_z%hX&ccul`iTnR#)i`3yPve#^a^D1RI4HY}KRF7b%ucMv+JA;V5<; zxZci1;RI1di=;tv1(j@e~K-RT!+ zW`lhA&K8!OEY)t{-R&}0@Ed3LfEnsg8kx;~HL~QkVfFtUMLf}XO+8`Ye`*(fr#l|} z?mzT6$Jy%6hxYyy`u)2GXPjs_{`+{Ao)@By&Or<#GE1|z zlRdjg2wmNsFNvl+b{>4QcGUQzZH1{eq$N2SKUr93;zx3d0oI*#l*Z;V!}PN@v-2xq==;Q#1b+jZdlv9Jwzj@K>tr#GC87c{_L zv#t%;G!`{M2O$Hnh8Y0ti0yJ5Yx}|~)!JvR#)+kpoc~y2Z)om0(`7UVSjq`l$}hrF zNx)Kh5thvaESoRFQcb{8eHoUMBsA02@sP{_`}1Ab^C$hMguuqp~_-B zo0x$w)_)#d)G)Cbx{YjB-(D>ns%+F0sl{^0R4b{7Toa-}{Y6aN5fL1dh8KH<(0}W% z@#C_g;>a*!byRr*ppn4Z?S{2oJ32nXn+zT`NT#8&?^v_$xbKXtvHxXpvq$ZdCAg+5 zWSi?>Zxp!ZZqny>`~r zx}oZqQ$(+9EgMm5*d4zOgo~6=$)$Kk9Q20qG5gJUMmjZ&Uh=x<%_(sK_hGROq9VG@ zV!9Es_FylVYXCWt-ji$w^T@z3@fH*F_?4iXeoiz-v|N;ES);$FZiL%u_Od8G}l|Jj=&fy`G zVKsi(*OJc6%veqf5L%Z8nsM^dt3haMNd-x2ElW`}rJO=P$U-ttOR9|S3AnQLsliDO z02%#|M&vi{&@-u~!^_(#I%QNWU?KBF|C02O##G#CM}BH2=uK}1%fwab9=E<`nd;Jk zFC+wj%Lk~FRC#=b_Z}j|!0r0yL+?Lsue7{qSHAmuRn*U{)>aA^Z>7hzmDc(#Fgz>A zRI2Mlv1OF~?YC&XBaMApjsH7o9JD*u*LEV-H|0@Bi>cK6aYW`O^o4DKWTdPAT8Z>2 z$jU7zUrE;k3Uh__Y1a;FW)@Dv-h%GfxWF9XLJ4R~mnb|cEwZPb%A~-(0w3w7-6K;F zJbWdz<=_~B$*e5IS#ma(L=qOZj7r8iM-|L~BX7n)C?{Ubp8hSwye@JYk)b_ot!Z+U zg|!8lcn1yitaRkTR43@8_>-KpPR9ub$!t6D3bWOwUt)@oWxdboytdh~8``5d$OQVY z+PiTQvKIMxCZGrIr#5efziJ)E5OK|RW4nEF+~{=RyNr*T`eIXi+8knlQ(OX-apBQfr?EtjJz88TWRv?fIH+}YX`TF23g)Lv+hq}BbS;dw#rR|mG*SK+hOjJ zN`S#(Vp_-S&}RZ=9JWN;yg9=t7?`w_N6}3+-A|5fHyL^*0Ugo*r%#`d?*E}8%_RRp5e9Rc zt>ibGTPIz`JeNSeEaNSw<0eiyhp%n(&A>LosytE#l{>uh z0)GhHeN?h6)?^FOwL`Tv73z!sHd{w1Kf?FGx{CyLza`q_C~dKsF`2uL0=MTxuB2a` zA#v();5(Qf%Swb34o5&HmLVaojPRY8-#C~x6H2!miw6|U_J%W6|Znr`5Y zqJrJWjKTvScC!a3;YH*PV2?P1QGtxH&m6DM(iFvbSQJkrB{Z>b{W00vh_uMfh)lhE zR~`~jv`3(Xg$aE7zSE zg@Y<)n4TueKiN^%q$u(CY-V)d}@F;cRuT z^g35l>R6dPfmA#5HYG|)nx^7^R7-!Gs$nVaBl#cJlb_6uc(~`>WR1k9bT!#`)Mwkp zOTAj^lc_=al;iE4`Tu7GSLk&g#wsl+lTe&*Ge|o7xfPSC^Rc*kd z^_S=W{_Owtz0)wfs20nm%FES#=hDUfR&oXp*#hB-qzt+jSo#t^16AA=fAoBqYAlV35B(!^eHw3Dk z8Q0E-Mt!G&CBORWtIwF7Kzabt1}a^c-gZXg)4tcebZ_Ci;d6KvjY=1mb#6XkbbT^1di#mg|FoHO#Lhk-H0q(`1SA_^Bu`LIFd|B%lgD6a;mgPxVXCqcCUN{w-~PUN z@E)gc06mS)|6?D>E?ZW8d+%_&zSpVm@9x##>E85%1^;f?7zx>K`Dcv3cm46OM?EP(SGpx3sNhqC z0strschVSTSyYTrNG=dg_zb*W-y3*n5;DTL5n(7e+b#^EfUZGsXimowd%lw#LeoDUKjKa=Mq!Il7^@bqRqrK&?m5jaX3QX-i1*7!h*zHN}y^F8*>17x{i;Q3ai` z5_Q6n+x5<1;1pa&YnLSd*z_-|vx{Q9ETXY7&CmcvHA?CvWb(l1^x-!(hCGiymI5j0 z_z1WTlvyZd2t|iIyEhI{{=xA)X!c>`%?Lk+Rs?*oE1}|A1}+Ma9Qzk}RZ##N7gcp} zU>qS=QUhwD+yAYIy2}tShzTHWoKsl53!Wr0D}wnQ#^SEH-xkS`J(@h|;jTA?6@%S? znZpPsCNoP+(=Sq36rpwWA_>PV6z8DW6eUGMa(gyL^Kv12ti{ zqBWHbz!kTscU{Fs5#|I-A}|YT-ut(-Iz9Jve149FwN+l`wTJ1#9@2E7bQj||kl!wF zvefQUbUX4ehS05wBqVy$g@tezQP^g?B$({69o8?!B7Gt*_f4WOE<@-6HF^uBwilO0 zSOw>bmfw}Br6_m*syv7qn<%}}V*B{gg%`{hlFlOr}|WQ9JEMcW0=U z6G5>V1{!r>myr=Dknk7}Yv2z2D>|cY&x;sQ3%sQ7eVDG2(_OTeprH238!nOzmN1OM z85*I?W3ZL zVE{CW`f}j`c9%h!unyXP;@QBj&?D+awPd$Z8}S7NOTX2Wdpx5+H#CJcMsHz*@jia(jaX-oa`2u1!1^kzwe+c+` ziMAwN9(*`7VD>58M-(lG?8)M2bF5FnqH>PoEfDV*I1Gr>aS3@Q;Ls285VU>12jUhP z41=aQNgysdXJpM~%bU)y4s-<(97jvAd5O#x915%ebXu^SSR5qa;%<@CzbEz$_0SRJ z@RGyb?*>IKF5>>UZ_mv38p`s@U0t_)327F-z!jTLUxKj`~DgYcML?Dm45+Q>GIuY^U76sjb z^lOM7K6Kh8sirhqni@N%6dBLR-B01>^zIN@Mq+kJeI|(}ijgqDaB`t_iibKPg=S2M zin~#oWA;6!4h@=h+x`GM&*JD-LW;H}u%JHX?d><+SFh}ClAgRNo@10(_}j-QRX0?A z<-mu9-yxzBI`e~45o{G`1VoyO=~9c1C3n&D3hq!31$cGcLD9SiGF#%u$p@2Lrc@S4 zC8tlNE%pPY*hQT}0kOxZ?{wvTlf*uFgClvayHbjo^#TinE+{m__@>AFNI@YGJaCw= zfKfXX(r!H~#$nfl6XL5m-4h~8Z`|%U;zh?J>(g7n_C#uCw>UKxzr@=bRi=XW#p@!J zSi{mWtJpbOtj;v1Bpf7|KR7O>Mc(5di4uiFH7v$ME{IDH1B?VYR~vN$*2_xFGc@YZ zBFP>Z(Lao`euhhnlZWWcQZd3zO(d4GK+BUx(e|kegz?K$N{}&86jUe6}q1^Vktgz)kM`o* z9C3`e5#tlvcW#k2yVWioOWv1#4|X0*1MDEE@MfoZyeL>wTAP@p(Qc#>1~KenpDaYF zL>$P8rYqBUVZ!n4!>N+@q!z?iNfO{XqY0sy!%5JH;P~JV6zi%liwJicDtd;l1xg*Q z76Qg~>c&9>E#{T+^23Nda<>CVFg~Lvf!S>om51?mw^Q5Q(ziP`mEKRt(ZwGb{F~Ov zt~e8thPQVGXJF+~KVr1VKi!h-YAB6fa3_;ZZ<*<3E9U&!FJd4%08>D$zkwV`JQ0humt?QB`H*y=+&julOi*XLw8zCv zQ)zh=Q~fCM|j$_}kRvAbG7x zijt$ZaP%mnpkvxo0h3RutIR#YejIQ}x5Uw>7~{z1B1>_?3s8tdm+3`e>!GYV5~zSH zQHc%`ft|!f6K0oJ$q_Iv>p0TaOvGAqEW!0-01=YiMRM%I_6)5Exsg1;_R&cZLo(M7ek`)hkY({f7B)rL9pV^C0!_FgWDuc*aoDoif4F$q zqE{^;(N73{!|~~2%(41mh#?Z>g#& zNZjiiT^he4%Eb+C!R^r-OL|v|iev|+1g`^ab#RffJF1@r-msEI4;2j9t-$R>xMbQ* zFQqK3*0E&?eM~wUu@=z6Z$Xu_m%Nf&5^chGd55V~f+SQ?S27KaMA&p}#i3kQqILw$ z^Mn}c!Xe^&hw0|*HA#l7`g|ZkA*JOS0h8s9SPl>HU6$Jt^&mAgAz*~0J|v|pzygb6 zl2L&t+qAScV-}sSyzT8p#4jjQ?vVC}MbE!5=>WskJJ}~=I_f&p6sy$N)kOP@huj+= zvO?bXmMo2-+j7gop*jp=q6z1WP|^0`!EW`C_iqs>5Og zC>Piw`3g#uOw-?&sa%|7bt@}YFtStXE43n>B#o7}rKJxKnFPiRT1Qb_ z;$Oo~r9hcFDMliGV7p_Y*EvVOP@xS}2Z`60)nOrAedrIXAvwaHR=i8ZjoOC;P$GI? z3EP}2-|GpK#%iDB(R3pe0SuIyB%zIo#X7 zt@)8J;?-yN437tVS`=3;sV~GWvmIm5rSY(jw<1XeEDU%Vc)eb%BVCTHf4(+ z^8lnu3H&~3=upKo;>!T$^B2LT!NbKO59kP~89X~<*f6mkS_7A0DOeyynk@h(v_c5) zhXg#`#{hG}%ITN7EhR)w?OP%57v3Mq#x!Ltnudw84dF{7^?F-^JMNJ>)=p_->Eb2T z2y8oqBHXKiEo2^>?xv(35YGyfl&GHPL|Jg-wintDR@_oIP^-(GW=991V@72$7q0g` zN8tH5UEx_#foJW8rU1^~NLCW{BkoX~GbL!%2jIl*hOEKBN zPm{_O5%v%*vHL;?Ux1lo=ADSvV2W;!`3X+wx0(CZvhqt-iO%Il4tN zC5zLzA?|jEU1B92#n?*bn81eP^Yhpopmn(4NI(KW%;1wV9hDJa*r-jBS#0o>?g&R_O*ZEW*Bkqv$Oh%EQ*J+JEy z@wP`N<5SG(MrKpi*Aq=IUrW)7Bv7id2>}n~CjeuK-9iI_@|Q{I2&`{hQyaE4X@JLg zfIUgvVu~K2#uu6Lm{7(W1t6eo>0`6~;qatw*AITQKh}?r>j&*0UlVtXA~a;22@c{Qo_Q_uT*giTr zK00hQN=ifn^(V}2_Bz8c{}^*2Bp8BQ)&+jJhY|@mchlDlU^snW=0}RODSVAAD{Qxd zO+IFl^-QcL)K1&u7VPy36mo`_!1CCw2#QB`(cbmW0RAp8op7DM0~QO*@7Do9xmu}| zi0F9F1DaLWsk#P%ABk9>*y znaWpEPT+~SQLP@!_r8WcjSzJunbvGkTqZOk4bI0Ll7Ny}dBXUHnk`V~4Ca}JO#e#K zm+V6#Sb;z>F1)*mkgXuJL&Q7R9_|+fhB+50suh0aEF2_wBtb`ZW())>CW%O6T2hD! zzUtJC7oTJ-fNF5pN*M+oJ2W1UT%;}SyD+aVg~KZ7-uOc2io6QdrTxLF+Z+_tpn)z8 zaRqSWO6GoQpg32P$ip@pp~>bc+jhfm)a1pi3e9kGT|&MS)Ey+Wf5OlleQvanSyEI* z4lTp;u}6f1LvaFxwX&!WFAa^cK-7_=LwQB|P>Shy?QbbcSuqk{JW?>I9-!$p{*O<$^gEG_Ne*NHNw@&etj*Ev!jpKT| zdGKC%07FY`7(}cMhOc0$p)l<{gFCKB*l99YDc{dR=XeU&0pfGazDlw8;Ib6<1X9qg zj|Ap%;0hn3g%{-oJ&IkSw6a<#EdF9yV?0-H7Cu`i_^@TaDBC|B9<`f?2S1b6Vt*G$ z3;mEW$MgdAy=J{-S=*Bk1Sb--4mn^1yubwHA?D#JUKC{7SNWejuP|18FEkF6d=bh= zSU&bwR^y zBB!w4T?i+bL0tYf3syV0wLkyzVqjqYwMZ3M0WMMpqaWyES&Iye+4u0p*LLwdqMYkJ zl*@1!=8B9alh|0lik}#pv>4ec=BGGIY6TaxK$Q$cZlzx_xBEJF#1(qr?k%S6Oi3E)B0w}cC_G#ccm#VUj(bXw^Wz<8-K3>10aio%4 zCQGkmdNcrBAuep$@{7s~9LR#D2dJ+g3=ZB&a_%_o3lNx;;9A%b0rhcy!3+QeN6;0B zan4Qln5k+)1tX6eI`zAyKf7Oa3)2d3jkM3HgPgExw>jcpw;4$BIXS;3~@m zbtO?d^6^p{-m2;5Rgg#wPn!=dPd0TjJl>Qf(SS0sumyrfQ z(^DjN2AHxmOLy=Z#Z}>epjEgqRRH?-)b048bVjYjIUxV}d8xGWdAay`>8F1de_kol zzn_<1tbVRyq*IK}6@H;Lr?&4?sjX8esSMsfVBcNU) z);bM)E9%A2jr8BCp9mD#lVDKnUO0Y;uS7yqd<>$&WpU_VIbw^#oD|jY=*=m51a`#6 zoNK}=t0J#BZAsCvv7)FZa>*C616b%FjV>35^e`W+qjaYmEvkqf}x;RQ0%oW zl1aq-@@veU7cGX`E)wDq(O!s%0?|9mxig`&F>^ga5oST;_CzXL?FQ_*-H;9TinU6) zOd25c0dYx4Ox5G&+4sX4j?WyjBMGMUK&0LyFenX?A&#WxI@@K+7grM7nK$xR#c(`a zfgQpL(T{{Ey6d$n z7dZF$ua9Iu?%l77z|7IR&04uk4>kGFbNi9QEr_ISTzNeFsajk6SppaXmF5rVlXuF0 z$(sxB9J+wKkXsd@;qa*+@kzn@aq2m)+YJPa>yWy`U9WA(?p4IYg%{!efoFp9Q>9v? zK8eU?vaj?e=n*V`0JJWT?HvEbNPiAp$B`$ya{&~GN2Pmye+0XY+d9AC07LNOocI<5 zdpe+=Qt1KQIH)z1(~9{LXskC3?Q%Edb2(obs`30MFY)%`G0Uz8MouNcNX+r5h0{o39kmr0<9&)t}v@uXmd zMvC+UaigXCuF2KL6STULTDj_d;Ej8i1n_|lb=S>&D^lXWu`T7O_seO+!GVeg(`+m2>>Gms&z`E&epeItI}_-Ql#H0nC*KW%LOtO40rv(-}y5Wa{( z;jaX+jkOfGL9N!QmSkT8yda%m!2kYq+W*<*NB5`x>CgOlg#^sH`hm~#<5j@_)~XEe z^voObQ+MqKK8XXwuX>g86};=!_)i}T^ukePx-8_W7+t3 zo&SzTj`&ldgqPw+wN#Fuei~lO_b_<`$E$5(0gNk*e_rvQ`17cGi7)<*G97+3s8w-( z;7=g_5S4;?gsCUE%kj_4mtw^S&dtB^#VP*dbB>g@O#6W!+`j&r7DPTKKluSmMYLb(x@#34mi9AKq?RmF%NAKLCyLx`3J=dd_^*YvZp>f$+3qCx2#(1e=vhJN-g07Twfd z+3}#uwALFR;s1h+rb-uhyp*+;AkG7qU0hLlDGU)g=5<+ zhDsQCD~tsDl)j#fG_l4~b(zQu;0Ak`Dve+**ch=u8l|2g#8da&pfFb~t2t?(+p z+~{l|3zU{UrKS=y@R3*u8a-rRX`t$p{@*$+Lp_3KR*LX{%QD??b7<24eg5S|<@4f} z67RzAMB|?qQ)!MkC(&15iQu`s6thrVX>to_q~c0UC8=l1V6~E>l=K(t8~QIIa1xa_ z*5dDqLQ1~UK`1II0Ynl?db#AgpsOkb19)VT=+qTo2YvPAp30}I6;G~HU6zW>zySM>8Meg-tdf7jK+x_H>QQ6L2KLazhoc6h~)x4poTWsoGJ zw@8%nLtg=K`!}H{f1K6INNQ1;v&}O10|_>M2t+S|Xyd;(@lq50MsJCNQ?G$E(m1+A%7<-uec)7 zR$1UJ`KGoJKmMaCAJwL2oX4+UzT^%ddB_ixC}$<675FU?gX&T2AtngbV?R-^vZ4PH z$3PN>$xmYU#l&IqGZBPZ2|*yHVIWPIfWt&$rdTaqtY#{ zRT)7vW(owUB0;v0Hiv?E%oIpMVFEH!2x!J+DIy}X#gJ-D6=XtEFN*Y|D#XO3`aJN| ziG`bRMW-U=FC-wTI#H79EvzrU9dTEQxD-#ds@lnNXT&rnl_4sVpZ+EO@Gc$kHX>S5 zRTJrhS9Fpy`AZ;AMS}7#BtjJsCPU@V04^6Q6oebvxehPrrKBt64%2a^UO`0P%BOYhaa}!bsHYhJW4rPhDPSr= zq%c1@YX1^ZEPvbxRph&uz3lQZjzunUQkz_Q}O(xPt zS~y99i32ETMq|RVD~tr0$c}%K77|8*k`^K}Hw+knCJbz(0R-J)3+SWT%Z<~pm!)ti z9afUMrc5-{+Zyqzo6MKvA5>BynGr=r@pjY|5214gV?j0U(7PFRjdHs(Lr~BS(mh_M zxDXO^7v5R6AW?bFpeH&#?s-D@ftgU9Q>Qx)4VCD9ifeIt{;9iRVs^00fRd;{ETA5% zzHtUAL6c;w6Qv>wsVWii-SoFs-gucO-^A~-&H#p*GXa7VN-i7B3NZqy3Sze-{T~-A zuH+UJQr)CPG**YR7JM}p>jFIIqMrqaq&a_+b4YopMIG;)RIMFCM|XlMy}FZirAL^dfEvYLRO@Q|&g z(yNPs$*k{57*z?QIxCE745J?*#;plyyO6~d)4#dgXHMg7iwepBg<6LK>P5~>%g=h_ zFHJb}WwNlunl)MRU+1HdfqGdd<)>5xhHw{9Nm*-jQ>8`1zoy+F$otcAU*1ipet4tR zUJr0idkHCc{Sk)}>Y`xuf%T?`E9l%-Uu zx`R-!cOz_(rdPb-dw^@M=eD>$sYSA^$~lDm(XgE<=XWkjy%_1m@~Imtm)yTpgR_TE zu7YLaI+w4=LV*4u`JMJVZw1SGKVMx|(-1Cem7My5dr4HU{Z!3wFg+`;E;mxGZOq-@ zO(?vngV0}0*tH25FSY6~Rn4#M-R7tL#+Dtpq?(YTQmQ)x*q12Et`Jo15#EQoq3eq+d|CmrDm*5It+s(y+a2pGRIr~BjaYA*0%vI1! zq{Z%IWFLD z0PCuu!bOEJa;`A^AxR#7l$DBCArW`@XC_$>7L@gwLdQRAy&Q5jJjdH4VN6Z*VG(Na zy-A?x9seXFI{3JzzLAlZXfpIRP)qKaNFG9O&NZD|u%at~~eRiH);Gm6fcm9Q<0@_YT_f z?;R}YzQT#9trYW*nMoYP8=I=GvK}Rt3NgU@gG-wl_(Ko4g`B|!KK_yB(*D_*suheb zOdPLNA|y|TD6T97jH0I0x?-W&q~LB73H4S7QBj-3t8gN&rk1Z{yTfh(6qShxUxTi~ zR|7s|XBrsFOlX5k$5qkP(={vxDyi4{#lSsvC5J>lKB^|U7T}*vVnp!irFwd08Uw8_ z`c0^=T*n5a_@h$JsaCF)Csria2Gsd@VVAz#Fi%z5cg(u$Bu6!iqO*l+CR{zdsFicqBf&IuZ{h{M_-SqZXLG%m zlj^~Kx_z}_+QO)YN26)EpQvbz6lSZ$1!ZIYFpPXN|AFgG+LeFDrbk>@RvsC|o~ZRC z=M-5e42r10aR;WmM1B*6{n2`v)tvrlqueb{U`PE+&qU_=BX@|Km_YEO2?|>GrLd|W zu9?huH3*6^E5CCB?lD~Re-7%9PZs1c68D__lG&M z3Vpl8WcTRQKpL?+Hi|q|=rm^}S{d{OBmLPric|Aw4En69ym~q5`jKUdD>5i8&QxryWqU*_Xgja? zom$r?34Uqw2N07Vr_CW*-5C0uoJZNngqfr&bB`v><0G{_YGyXqGc@}sW;cTw7?~jE zW0;$olhq0aKcPuu9>X1a?!Z+-{vaan0sLcB)1Wz4Jmj$UiY!iQuZ;3&dY>$PBZ}YT zmA}y|IMr8GQ^)g6PQD6HE9PM;bG_siB742bHQau>PS4G)0Tcv$&Zt5|*UOuISBX_z zPtmf%CLm{L#1;co)*ze;FLG55;l;XX#PB+EzR=XoR5F7+V#BrTfIJVqLFh}@Y6FEP zi)I|J8CbYEn|iORYK#L@OXDEj�QuIVDK{FbXhha1KQ(z8aYKa6GK$lHBl7E9Qr_ zDJ2Ow+6B}S)z)UMrgf^8*V^TTwrY88T~26e&DatX=J`#n8JjZJ(%Ui%do$INGF==Q zZc_M@t3*pI)s&t|m_$kQ1Cqai@ANR$s!1Bd$2hKiWx!f!yqRaA65b95ZWP>3MG$F| zqNrxTUDE#|x4Fn^ z`KI>DjIGH+JBd=*PCLJN=JtqSTU7EaMQ$$pCQFeBDHpW3C91eq&Ew8Vo=6o&XOnMN zYGNcu4EN_O))DbFOHo2iF~<=3kl_53c)hW1GV0w}FJAWyvwZ#X)#W4smk6(75^~*~`Ztq!{H&7YhTNjryxU;(%4Xje z(7D@dmu`HlbUQGZ9ier19ugvRZ#vl7djH8`if*a-TECrECn94c~%%;BR=t6OUBrLKE%e5Da;a!SY}3>xBCwq=MY z0tCf>MRWabA6AoNTJ1EpaZ)Mo52bvyPu(a7U8mSl^p!DV_KMaEva6qNZlC9I9s5}) zT&l_4#l$`XD_|hj?U`Mpr_(;SH73IiMP%LqMk=N7%l*K0dbdSA zvU4xtVIm`!eGzwF8I(n0t3<$QiI?s;VmR58?Xd%kY4LPnMs_y7-e>`+Vz(G+&ZCHH19VB}soP}1@ zb5Hyr`wkTsQ9LpM$c6p06eRqhzaWJ*mA$$F@=rVw5zS*qYj6&%C}w4Fl>$LA#qa@D zyKx^z{c$K~m>+_Om*|GqAu&~+m1MSMzN3J}+y~|`_ zid!c?%H9ve77i{P7=hU3JtvUganrbljigrA4==q)#ts$GM{;1w^dbo$74uhk%QoOxhJPghjGX>J9x4t=%+13OcbuMhwh$Az39f2U7{d*#2aY=|wp`B( zQ!t3o8#r9CCx<<}+2B8$98s3{UXM%`&ic2hIk>zPow#tkOJ4b)7f%RuEEM%&BJlP? zN92La5%JwgcgU0*gfGT_i-?1Hv>NqPDy})UMxL?gF!EmzGo7(OD$4lN%i4>{H!&3W zRn*cc1PUd&9naY-S=i9UsZ7moJ0lq>K25V&mS>@yB$Sj4_Fl;7_lTr%EhQ zVjDSKb>yzaWqR(3sKNt5mhgT zUkZG97Wkp7)uZ3qXZ@2RHY4{^y^n1vS!{0l;B>t>W@hZiT*L@eS~N}msV45W-$(LM zBWd}CED(nUNHy1uByx|!1VOCM9>-D_%3_J-)Yq_Tr`;W@@yB@R@T>^qBTU5>h@_)Q zOhfrkkgQxMeu1B+YzQp$D|R_?^!4f0$bYp7qEWnFv8=iX)N3T{&C`xiMZBYpACOWu zvKsKAX0CCYS4Si*qBH|cRcbkb7SpI(QIm7 zl(y!@q^)_%puFe=`t}Us&3Wl)A1<{m{hzCW@5&GKBi?i@BvqXC*Ync`emJ`f1Vi&r5!+_t*NYry7>13x??k+i zP-Zcttkha2CzW~P%7sfRu)E^`GuHQSF<;0i#00h6un!*vXYP7|mQxAdk0^5%Cn36a zZVMTiukD921bujUwkF3|Az=AkqU}v0X|{J|3ao%0Vx8%7o~TWcn?=8Q^;{$hDIdvtX+C zIN2D76F&8?FmoO!==IKrPCw3JCQ=5^(gMocsSQrheC;k`;$TdePU05Im51s4V45&< za}G@<5mw0YzLwM0AL{#PZ20=s3S20DFjNSf_^?Vz;%FxrtgzYsvcYbjzJ~6=i|->D z6h$_xh4Wb>HJAL5)_Z2~+NpcSu?Ssz1qIkLtKC;3KGd>FS1BS!EoW6s3`4{MlHXYx zv8IMQ*m$`j0&mD7%oFOqRj>t@6D9$rvJOC)LM*3k4a5K`M>609kvp5Vtjc{XQU(?% zljXI@fq|(dvARGGCHj#uNT9A$c7puH7`P+T9-w>`$-3!}hFWAc9_J#6S8@f-n=$ba zt>vj&Nf!OnDk4?^%tzZCV_j0lGliKGS799EYQ-?~l~P5udaCY<)0p&GVKQ5#GQc0| zlXp5$lO?Y?+M6q^1ya|TAiY(^YgZA;31#F;DiK8btAFX`e7P7cXT6(Obi;OOxGuM% z3`n>lf-$Y22A+S5;6f{Un1&V2b<9A=tzhzuWn+jOI63F)G@NUl6Ztqy1Pn(G>9S=M zQ-))+*B;@N@z7CFl@E+gGpeteZ5qvD6n6&$m8gR~)Ve=Zug^7dhTNuNO64j{^dQei zcZIEojWeheLRmU`MMPXMeF@Li`l3iQe$S?nCL(Y}WjD#ruMDFpOb28zP4QDr(9J0B zcx>32Im#=*$r?Y9I%+v~Kh@@&TnbGzpaCxvMRexn&_i_RU0;X~sPSUGbjVkxo^X?K zro@+DCp0UZcxdExFR4o3KleEKm{!DM3h9khSLUmmG}T+u8S5)4#v~!eR{|j2uk?Zh z8G?&VmSJ_KD&eGIu%cOgKXuapC@z`$PU7#xck%;Q-&vkFp@0g15r0<(ovKiF7$Q`V zDnT;#M2X(H{+)#JiSN>3R~2E+L88ns(FO^{W0~TlX^Z*#yb>}mM!Yb}mQ9tBjA0%O zvov2y{1P?UdL~}>^lV9$Z@eypaO$$elA~^VeKPRoMnMl93U0{y3>?NnyD_;2irM*ab zv5S~>Ohkf@p+yc&hc-r^7mm({y5XWK3mWMe5|DPYaXXwhgWy3Z*?*_Lc zm0cQ3?Knfv?c1%$9i9U9nFM&|-Js#qyRp~r*-dnDyCSw--0wS%hmwk+GYT(!OzsPZ z5Ev%}yYF2BE#J4_k3$D)ZQ0+ux2Hbv`F0aEQgExI0s{w%PGy`Z80&p>|6}itgFZ4G zf43VwZ+K~c@ALwXFv*tvk%js8QQUod7y1%--HR>E5G?!L?Ylrej6y8*9`6WX+rJ+= zP_>? zs@YX@1T2Wxbqg%K>jOBlyVV+H#)YfJ-GYX@eFsQ|pp@GkXjYpU*&P^fZ`^h7-J`fO z3?S~26jb&6E@eJ;xs-MY>_C%_i^Vh{C*D# z4E?x}Xv3%E$fA814ukgtl#1V?+=-0UBHt$R5!2xYs&fOBNAtwN9)$+rw&-!DSDGc6 zBwcPeuBZ(3MuCT$QS5!%dSR#yto@>OcN#nPyC30W!$u^0 z+Ui`>;SwXKP}`!`(~{cWiZ9 z5_dZ6FvOi^YkRNW+;8lZ&{*K$&~E(D03M?Cp}x158u8)BgT^t8Av4@}4d`tB-Cl#6 zg8}a}j~m-BZ_baIcz+d67&H{ltkrUB!sAOBdu*#WSv#{Zo_IrwPr)c5P} z8!dY&o*k@fnjl!G?UUoiKK31^q;>MH)o!*=+70{t;o(k8^t#nJ{-L?uXuY=g4skhl z?UPoc0PVEv)I30eiG$DZ{O+XH#3|&}X*Z6KPmbEn!-Hj5`HwJ3(AhfF-l6F}JfLC2 zd>tPDh;VT}Xf>$EA3rqU(=pC4O`%pV0834AzA1@h@#t7ifX)=B{1e`JsvZ=khk}idK_* zBKB45Wc!0y13VwAmi3qC|DKNiBUCj!e+<%SbA3IB{;RI9Z*CI(w^7|#->hr`{a2}N zJkx()yL*$LFy5O`L%rrjQ}Ntp+HY>p|~?FbbYwDkB~g-+24-n?^`eM zOXC5O2CmaDb)E019~-2SCT*M;D%w4xIjXw%Uz2hfQ_BZ24MwKWg6bgx^cKLtt1$*W zWA!pn0->Z~a4O%sLtsYx_R;vX4|KyG&|yQML>y=t--H)Hb)4RkO4`jG^=n&DNzxVu zCJ(x>1f(tW5-2b-pht-n(nDmWEsGjQ8V{%^DZ2}QB=z$VE4G<_Ive*aJw#%cn*=4)0YS*lY|7ZyMma(*J#23Bz1x4KQ=x{FCNrR zZ`y*rUZIV82`9;J!H#qR#IAP+;CK7J9{|PXhY=RvuS5NE6?1!4YUN4+F5o(is*Wxd zGEK1ZoRB@pA51}5T>uDeGt;0@`bpc-35YFl)J72&Cqv|Rpk1h&G=gDFV4qWq5$$7? zxA<79K*tBkaBtY{k9)2FR-zb2~?%eF~0jMg{yLK}Fc&%eAV+r{FA+aE2)yTu!_#1`6Kz&dQDgPN#dJbbfd z0q@X(jXfGiZx+MV(h5M}pFi1ee*V1l(?9K>S3WP7R#rb(R!56eeBceop)ZU3cD58o z(j6+zRwz_kv=Gphh}h6E+2t7b#J z>^R*wdI>f}$}QjxX*LGo`I`lKJNQG!IBd7FAdONgsQ)S!160qW<4~Ioda&C8Do{ef zma}aGvYY=x)|KX*Gs%bJZr62taCmL3_6Gih7jQP<@4}0>3-;gt&ZWx)zi~r8DX^_J zY8-!9p+@K_*%1NuAhZVu5)jjcGeYxns(gJRFcs#_l(t8>-Oy!j*!9qANJ66n5&3=} zMoyI-J}|TsacEwEX_{>GbQz2X3hUau%+Nk-FkNn0S!Tgp;BcW|Ax;4HMjpEh2MxC{ zW7BB}T`3UP3YDQ4%`g@~OCl;Wa>9^AE4Dfe|FGY{tfD;0xT1sf=)H&_rsC^rF zYux;>&Xfrh{w-eoTIBz^^iQAv9kJmKovek=796Ob4vCHVxl}44zw`dMzHk3jKYo9L zyc52)tPiZn{rrpZJD){b4f!390q-=r-~u-q2e>Gfu&s(vrz9o}k1*QDkXCreN@Ef! zLqP!#x^PGsGTfq(6$BPwV;I0bqds6LS|)mp87A;Wx zUlgAMT;g*NFG+L}ggSf<+`$;{Yg-+JGrYnqtHlCz*dlUn$g+z0-m(pNu5z7f=oGqsgxh!@8s00p!u~_K>P=PEsScA^S@JJcYQ-gJA)w+O}ppe59 zCMxdcv-r=Ep?~B=mG%T6IEEM{P98|y^%Y$g42TAX<{pp6Qp*P z1N6fAaLj+{Uowfrf|4W~`op5~8$9bf=Qy{wPPc2{b8fAci!$2rISL=40m@7KE&MLZ zb$$z7Bk^%*f$;_+>=*x_XMty~0I|^jT>2;Ae?#%dlYf2nFw{|yypUcb_z`;vX`s63 z#By%iD;g-K6JC_J>=V{ElXdT+AgUMA1!pEG6iFf5m7c!`{QH^B}TIBT`m1J!g%n_bv~3_%elLzrK{feYHDl$_MY@$upD7R)QuU5xKl zLZ=I=d_0|QU&3Cvc~M<}8*kx8^<}~S_1El2TlVt{l3$^opTy8j>1eI!DbV6x&3 zX@6(0_S~!0;TVuv^}D}Uk_}Lf@SOF1v{4}sjwA*dqr=4$Zx7h0Ttm`E%+oM6fbQUo zs|6Gc9)&0Dmly5B!@U^HBEnHG`3zuM@(Z_niMKgk%`p@%C(K=Ow_>;On9<>-k7Fc+ z#d$7GTpM|Unsih4e3$KG2|8Upba~1fcS#_zTQa&HM?GRv1f%e)aOu;3fs+JZ^KdmD!VF#oF) z<-aWo!0d~Ejj5C3+rXCs8amsbf05{Kk>(qSFE{8f0$%7|I_DJc<$d6sV%Y&9_ZSii z5AeJ@LH7cc=OJ*n0)LAuTag#qX^~XMBTv%Q8A(k<42Wk0Ys(qILE=>B&WW4~ZEo`B zMD;2)B}`F0`p%Ig+5_#IS!XE*qfeJKB2p{{i z*q>r$Yh^hBVBv-K%U)p1HRuB1WioP;UKT2O!#{ue=hn|FTdS*!;>8vWYjyD#WsX0w zffr{$5ih8+g!zbRkvN)npI#@m0TBf}Hs(^)yE6c~aW+gA1Dkk$rz5f$kooYMcOyV5 z*+mL?0t_{&oV8J)e?3`5l25Mi3i}KnUaZ1;z*6!DmW!kO#XiGbBvu2r!|Qm7w6y@P zX{M#XId^-4RuC&=nlK_N)Iv}w7v49L_J;!OhNK}vxa&tK@$mgVhn6`T2P9Tjyfe;W zsy!5eqnieIQ4YS3`Q;rP`1FrT+An_+wKsx7U5jEXJ^2nloGp6zr;lY(@uCWzy)W1wk!T#B=!S} zi-)eAqSeVd*xswR+V$i2Zx%kk`0tCaf5TOvn?by12Y?a=KE*1nSm7sa;_-udDQEU&Om?C8Q6s`JmwK#__Lh= zDS>+6t>2${>-X=w_0D*%8No_@fQN9pLvotMsmZXWsXXXEYcF=xegVEcr76G-Doi+ z;iTfvXxq`*8Qw-0O7bc39*uwznL4Rv%1_$%AJLgfE@+6F;F=q?0pF1p&>JH zb0tw}51r!hE@8dWDyo&F@4h#@^7&f9L*rceUe6w%!-z>UD*(WfgfVLl+jxl~X)@@v zzqXZx&uu7Gx7Nm-5mPvLR89=^zR>mZ+`-LgIzo zX5p&8x+stR98Q@a;)w0m*4cE#LGxZIjZK`a8YbTLdRT@9pS6moZ= z#ZiX;to4S5$#o!1%QJw^NnZtsxUtV@B!*U1Bj;uudHs;p%cN*X2sVU9-R`6NXxxxd z3#ZgOGfH9*?o&x(YckmYE z24kB}{dy(hN8YJ&b?EvZx$Y&#Q!?GF6ciqJYYd9!fr%4&kzW(_Bkak9$&(O|@T5z_ zF4M9JmtWqmkLTT+G;W>A!M6ned@y?XzWCB!zBAf?1L@y^A(ou$%P(jDU9OZjHqidN zwz*j=m+^h2THf4zw*USj_TToIi?OxDK1j#ZBYMjlN_!KIM#Z+R7mVUt?VZDuw)L*@ zzIkB(*OC(OrKNL>4GCEHTN}9lAAYL*j5_i1GL_-mnxlFxy(ky#)qj57bI-8&Uh`e6 z^`YANp>f=59v=K;|N1%l`J08G{<#4Et}e^^z--;(UhRZYV85}$@hLnky+Et+0#H@M z^XLM8E!#!Ax-3;C;i&ILOL4t|eN_PNZ$TBnPF?*}`#BCpbq;`+pm7XzP+EDh0OjF- zR7NRa`Wkw}FVLNG5@K}*h}B$()dWQDKD@btDYX|03tWO9YCm(a-z@$gt1K2$bBY!M z63)WH>)djkR{K~hOH+;Ie|z@Q`E&aJFdgwIsBwb-_xk!;mHdA;*Q>R)wGH(D-l%Ro zNm3K@=vx4pLr8aT0+7q79XReIS&tfWIX^fbIO* zaR16fX5?LK2jGw^Ldmk;3*J-Epv+a`k6_%5{jz~bY#y}Q^}RiG1VMVTv>F>*uyr1a z3^-COkbUIL3{)X<14#dGS->y>pXd&;S49d;!GWi&ufA%_0ki{W7@`p)8l+<22c(Y2 zLw88!q3=B>!q{XHmJ?pSLhOYjTtI*ecGnwSP?)KAB4-r#H9q5 zMXYCf1|w_}Wg6!`3f@^{fm(VkPzd=JV9>A&Hujfm39LrQ0(-TRffpi!<_wiAG_fUc zk)a}bl+&!q5V5#Lku!7TT4LS(`Zjt5T)5a4&es(=7xbN55%^d%`lnk}v7L+OE~O}t zs|rjtaMfsI*a!Z;cpms;V6JYuFx%(AYh5@Md#QJUwU+Hm_m*Pq@<-8}?Z<9{OnLSw zQmZHx&q)-YYUEcjEG1fq)XF5(U>6peL!l|a;v>fkFl7s!SKJa%8+VHnpmK%G^?Xjr^4=0Ion$zbASeZ|WdPKtN-v7ZfQ)M6AZ?QES9Xl3T=gxD<(5g^Bu4Jf+aa z2t(JP2Ug<9X@i$j{U0b`>$8h5XlnVY0aS6@_Z^ge4G?HZeUZ4AYKy!}QYkshtdsAN zsI5%|-Zt?n*t4ub&Wz)P#IF)R=sPy8UeS*UYa>S)FHC%Npqg|S%~>FE?f2Z%@j15g z5hsL9tSG=cg%2B({+l8J^&Gs)374XWX_q2OkKit+T`5RMK_cN_2G6lUd96D@?{(cJ zI2+?35vBGLEF>P|3lXjdyJAzRaJgjtf%w0k-wjtEhc(*V+{}&thwKu?|65<*sBDxu z{#WfU_WCpb_XO)Nw|RILjXL4QIO_S=!&2?>`2R|6o%sLST6JS%bFB*Nzh0}XKlA@z z;=j`81^Y#_w`J!nd*RBilqwj0V{^54J(1UwL3 zpH#K=mxD`iSW^!x$wYxy}L^LB4+cReydCZ#L-F;S0?8|{i-buqc z7N&2=tdO@ova$hi4(FWf3tppz0($;aN@yNLXvqm7AH7ba{=VKkV6SbA6v8G=GC_t- zfjvviH=ApcOi4A$M2e7vpiWuXQ8=#t_M10=8qy9X3NU<42=H4b-K9#43R zrPOyu{1W(F$iFSK%!xi+V3ZA^^iW28s4-MnHzbKa8{Nhx+Lmaegc0}=ExNiMka8*m zOAxWZoxBGH(hsAaH$<%`S*rQLpB3v8q!wPbN!YE!?e81yPOEXS!`JW0P}-i-7NNPv zar>ynnFWPkJ6=Tl0I;~}yZH1cqyIIZ=PzUbQCr)nX!d`Y|D(EDeWw4vko_NFe{InT z-B&kae7|m20N+=(s?`j>w;G??$Mw!mv(>iW*r8BeS&f_e`5EgPShQFqmFxHE<~4>>BCun9A4yBJM#lf2HJ7D7(8=w znJ&t6`jg9GG<|oN-yHE*rY~rPi}uVN4r*sE#F@~bTtwCa9mH<4m#mtLq9QG~!y~?q zI%E+&9+?ZFPf0EWp)K!>qTAduG1+1M8g*obnA{TX@G2L)MCsXw>*#(AR(~pIB2cvbR+ZEu27z5kBBUh-8}LOW@cdZeQx6@5Ho-2 zJFq%#5Dfjv-+{O=erJ7t2ldpG3WVm5`HQPcn6@6KWX--w?8p=}lnN4(5og2j`3%oq zb_VfN?j%TIqv5sjV9}SsCEzskr<|VSYp7%Vg6?oRzy`VPgsyvOdaZN-*-yEX6W$K` z-tf}=5#3M>ugAmuDr9S(e2-3bXp_~^471!`P8mePIiD~b-nAcO4{2P2A|>O&M>BZ3 z9&3L#G4gc&UtGtJNB>nT<%;0{tCjV2(*L0v_?iBDO8#FgdzSgHY;Kij(*GqOJs9WD z(2C6U#xl}x@67G9pzc0$UXf9*n-TZIjTUp~6rh;G?r(F~hq5AZri$%v4($;osq4z{ z-xS3f=?V4h?c6+}qpTu~*J|VF9kQ&^sTJCk@<`^or8HpgXre zj({>q69z{!^|qk;s)F^v?SBK2P0ZCI zZBf|^0dENMuEm>xMp#`&ye|!lN##JK0NxHJ?t=KA3L-+EQ*f2+04GU|UftF>qS@6+;snPoR}g4OCgra&o}55^Ow;TG-onC=C~ zZf_si8t(u&)gPZ<2rg<4lTj3$}kLv&k2F1OEKWIa2* z>*cN^66)Y&Zx7d;r1IeuR=B>mceu?=uw5TAO@JiD0H!ZcO_HlG+ULon922aJQ+xYQ za{s4f=#QxXuU5qUU)`*2Y^;(0NBLR)`!x4|YS|6`ADeLHZ`G<(Z~X+Md*Ag*Xhlv| zPq9mr{`u0IJXC4YPH)L8e^!$)z7Ngq&Ul$(9b|M;JfwWx>AS-`*AWKy`2lWNfF>Ih zB0up^UNs#Pi=$!K*m8iwG50(DF4#uQ9;PF2WxpIFMKn4OU zD7f;z6I_bu6qrm<+HKg))k6w*5D9tJpOtR<^UHryW+RWN|6f}xOaI?Bbo>JPuUdPK z|M)cYUuxNn{=emyTWhu1{C_2+hw=Ya(26!2JBh5z5AE|S+cEh3CMms<6J4aJJbWc7 zyn8}^H2-1*LcUozc?@b7gJff)G7Esp?8?$4UnDH1*i)qx2ops`k+|C)=#?}!!<5ZcZC#^FhuftZTH2JIXjAGQy-5BInfb^OZdd%}rb z#tBqbA(X5Zh~}P9RS}uvndF$=t_t!`SD}>(af@}~a=3JH4=9BD&a^0T+j?Mal?tq@ zMo0Ryyt^?>T#g0f)i{eIgjC@bImabWD8-;9>~6X>-l5^iasIu-ZtYqW5*|nv(D#i` zv2G3leb-G&V(mGblb|Fri% zFZ%;r{s`znL_jHcMJ*m`m@?=U%-1}2z3Q&F^IBA70kJZj-IIgurKOd@EwL`k%dre& z_qfrBKO;8LzaBSI^@*Qi2;>g2BBMj-*1oEH#@;Pq#T<%6bWjix<1oS;$jog~dP#O1 zDcQ%EkVD$CgwjNHXm5*X6u{R|dPqIl5BjhwP%>;q$v$$(vO@9yWS^-;#kXYKdBNW+ z7>x0G&JrE&xy1+TGXQ&tPHRwPx5Y{(dLGQzb1Uw;q36L|J-1}nQ#}vTJ(n9!T-m{? z7ZJ@j(quxTQC}IraImtj>H-lKCEFr<819C&F2g7b!q5r*oMZ*%uapjYDdlE8+X_?E zGxW7N?ZlV#d?;eLNeP1=gx1o4ek{R>qq`pdiaA+YUQQauNea1l3%!ygwz5iQ&=ye^ zVacxdNvILI2C0S|aVTw^;*f93zTJ{RdQ=)l68FKR){mMrdE^we3Vq^K1y0|*FqD}} zv;!o&)4kv|;LVnpFpF1B7-va4I}s6-5(5`7J)j>519~!DV=puTM`4{06*P zYI%h1St3AR>5eww5*JRi0lycOCmF#%zXEW&|JS`jf6hYxRmzpL|JT|^t@2F&J*od! zPUz3MeZC$t>L&;Mp%p30W-Z4OE5Z+nFa|az=Df$K=(0E)b zKt|~Hg%F5iLRj6;{$m40 z0?+vWDf$1zvK!1m*0-t~Tk9`p76WMT9!wOV!z>b}<+PIMT9FW>a=|<61+;di=mtbd zHu^|dIY8a;i|7orE@aFG_L<6WqrzPo4+ujB?4Z;%7#$+wxs^Uvf;;AzO9-F5gyM1( z=R$B1u|mOhOocG4BCwFnGfKTm-4xCh?4H!UkeTojo?R*-ah%P-^3I2T;Bwkgs-QWz z>UUv}85xsef}DRM^N>$nRnqN|rxMJ8C5sL*m4jrXcuPv=Nrdm1#&J00Hgrq*P>BZ> z{Y)ruSoX!)M&V9(|JTe3ng=k(SUDkFvD8AbP06)0QKR!ggi zIy`PSb|&;Ky^rT{E`Dfkbq4=mQy9z#mH)3-D@p&~D*WH`{r@!g|HNf~2yfsl+=ufG zHoz|G?t5f^m6S+v6(ko(2q?S_XSOUwf?<|^%pMP92It`vX(1a+QyktEj5zz=3B%Dv z0C$G4+kC9fS;N)*bad zp!xqv+UGkYe&jh=)%Jy@hr63Xqv;L&&^T`HHg(c!9_XYcAQ2iMRfmk4l~8SrN)+6V z48}q@$&US5y_jdo|D`f2Jd*vV^8YDslsDH<{=ZRqj{ow+@_%jFjS0YN<$1IK3fco^ z0Fw||@`Lu%!z(ZFho~;MubhA_8ifh=e90j5Tgz1v6a?u44I8L8@it4mk+wWj7~W|v z#5uj0y(^gpXVGXJ#fgV8)-&`?DmN6J1^4g8L}DwESVmwLKo$(5Rau;3#>sLf@ND;x3?GxfExp8GVpW#N zvSU+>R1twkq~Y{Jj>m$sgMo8NLE1yU#E=@0^Fc9Ki53(F08$*5a3VnK;gJ_f9|Kb8 zGd1<>nDS&qmpI6sPUAq4J2Qr4*H78Q-2a)pPY-VYS*~r!{GV$ZWwig? ztW}@mzdr5#pILTeD(LmKt?KMlKnmuA(E@3>MHQOMvBL`t#7T~Y_oM+*txURpwfk1| zBz48hRA?D`KxD~C6&G(O(gZlpi6#uDTJDY8opB(d54r7+PubpXesI$$kviK}NWq=? z;ukY2cthd;DsNNvv88=Xd?WTR)}?gEsJDqQq8SGi4|&%VY@8mBL#~F0^bWS$b1=-Q zyshC*^*GaY+!Yg%Aopd8_z;sJEa%cMPnS%JAp&*|B`;*%LBoY@srvFd1TuuA`z^`Ze?`iCR63b3R-^;uC z|7d_7CjJWoLp*k`crS@SBY-V;_8PiVjn?U@kxNivVUYF6*G$~0PZWantnZx5JTe2n z=d#rhHHbHF!sBOh2k+85V;AOVv*!g*9=A>oD-*J1H4YgUxEz`eFHYJtiJB%-Nq!S0 zaf+n>>aD#5WI^cDRlICS)f4-DecJ7;#CBCy*ALjum2_rj)DxU>K_=p(5Vak)nx9zz zMM0G5{w1o_332J9AupBiFkCVMB=-ob3!PJLxN0LY+=fS~{h*tP1wK4#9PBn>iI?R3 zu)2F0eK;~Dcbdm~K{dWBnc4-h4~I3AC--wek@*6OoKhs} zoPZ)<(9c@Szf5QPnFjlP>;F_r_eZ1ufC5a@e`}l1`Tw3){->6m<$mQm(SRvn4<_)F z@QQ4*MHpJxZ6!T$W|8&575g8z6Xi8BL7v4y{;-`6+7~bZbUHpO*bEY|oiOSF_P-K&&6v@lVC5}@G~f}%Bcms(PjX}@`6 zmzN7ljYSCr$0O`P^`Et>EgfYo>WYMq78^aZI3l-Nb;k*hDGI13;KRjckOW$>Bv1+h zC2+gBgLG6y+@zd95vMrrK3}7=d4(xU!;&o`{ly(ag|?a!XqKf^!hWkv!Sh-lI*m_l zAXpkZot=8S-f6XW;ND(lV6c!3MkB`1t_o#=@a;@SsgWy*(fedYMH}O$kOVG9*%JV$ zoN*J^D8nQ!SWXGKCq==)wFXW%@Iw|p9?&SX$x=}}x{C6V)r`dm1Hf8+hO`-qY*r+_) ze?6`LUvk-vhX2*tR%MPLfEvJuiv*|xWkWCwje=j2opKQqk%J0p9qWhnn=4lrPJRWW>4<$hUe@ zD3X9EYIy_bCTd;#x5DjYXd^*=E66dJBX)ee4$veEMmJ$_77Q-%F(VfAl=5_Q0Ay`g z=22lKXerrWYnJ|E%wy~thkUw)RiQnRA=?gswtr6e^k>rlp;vB)#E6e4|EW}j{71|G zw7&VA|KSPsfBLfDHv?1*>tVEj8oZ)JSmalZZsjNnFDkYX$*OWh>$8?93_>^Wrb0K>~QQ)1QyP8uB@pB{2`-{|rgJ}y<@(Sf6j&0LU#QYcbx7aVs1(uk2*dJ1$romnhElL_c4_2fOJtkeb8i(Ee1Z;1zT2 z1Y~!8Pp{9om1%}x&={bdIP+H0E}jExA)91)-}U`VPdEdFUAU5m9X2z`^R^Vdn%1Q> zsHcwkkeMTHRw*jc%zOxqi{(Sj7uC@6nTd=QYBm`Hu6Zillrp8}2v%`5o@}nismJiQ zy>#K;IKYQ`1E5Moe5z%UhgF})xZ)>Z%=i)OOamEG_wL&K|>U(?d>f7IUppjKJd-F7Yll8I~CSrKyUs9}9cbEy4>cE{n zidfj3?Cf*6h(C+7=PY~fSz!J@C;yL={oR!WoF@NS-$>_w-9VMVGyV6J^8eJb6A8F> zuS9SOh!3U#NJ52+ne?Kly?m&wu!$C?=m6MLFiGLbJgpg$uB84Y=@;_DZ&ruOgL}CJ=^#GBQjq_6e68r zpUP%w>rQ1`^I8V*wFm zI5A)0?cfx1@KR$}ZgA=YIg^8N?sTb4#_MM zaZRZwgduW7TBq5n5M2-A?6948KX&RzM|;ifI&Lx;v@rh{t0XEZb2nb5KOxEZhqZZ| zaQ}Blz+!f1Pxtidgi{v&-S ziq#M@1}o0;*^S6M4=tRX5h6`vGL$^dv|ubnvCHr)2R@g{TL5U#9mV1wR0o6?&ZQep z(Z%N{oRm9eV#3KUBsJJhhY)z8BkIy0W~zRT9!lJiWMCxG33XxPZ7w&3%!8fi^{KL2cve2lMn+7% z&Hr~2UO)dg<^IP|AIKuypYNaX{x5Hqb@@Nu|D+OlzW=}E{U0y;Jw*Ky$i44;1qg2Z z3l!liR#Fp^&hN-A!7kxz)0Mr4GTX?#iPECvn3aXw$%`;G&6ycxXipuIHC3M=ReJ;2~~fG{08n640d|{$8`L!&5dXJ z|B3Ct49iZ4Ve?*rz%o!D%o;2UxyY_ALk^jK>W|^%#_FVS9+BZ*v(;`KG>+{RdwRo@ z_y*z_kj`dxA!;Z2X@&aNiC>WAZD-)zpj1we(K>ryrsyiMEfWrG4uxn_V-1)Ypu{m0 z0PEZvirMARrh%H__V&?g^T^UBx?~@?*ZRyWYF=0u3m+U9On`>lY;4RHNA%Sca!QVr zi*ZaTVXURITzRaPk;_^Z!MJdJL}U)>N$m7`fk-3(S3-{s)zZ9E$$sZamc}ZV=>O~` zX<$vP1UvJDA{WuJm5EW`~F^ zOG&y_^S#@lGk}p}Yutl)hZ<$cdrxhn!R%07*le(2Tq|(V8;rK>IH1_L4u`fA4NW;u9J!1* zJK>~eh=7|XL{{h45b@TYH{$IRTb_{wIvc^3Wio~Uw&wV?CdejRwsyR`1r7>e17VEY zC{C~aI6-Wu8qsC&&>xI{o^Jnj7P#)C#{aL>YKHj#&-~xh+JEt~KY-a60(vlOF9KGy z@lUA2yoVWE948Y~>(16+*i{qjdfJ`4YbEr*_PQhw6jt2MS%d~_Q!RY{ckO7V z&&{)J@1FP{gSiBpG2wn0V5Z>zwerSBI{s7bIsVgA;s4aK-#7e|0`)M_pJH%m5kxjG zY>;xl2v14WpJ-@m#uLW$ot$hisju0Le?3eUms2_MjjP5vT(YLa_w09WuO2g>3-y%CWr{b8C)%npYwAVO{A0~rK-{IgR0IT6sLL_p~5 znVSgcIkw+3{h#Ej?jHhnYW(;0ny~-dtfAt+T-m5qp6UOmmH$i%0b8@HwXJd$*npX( zKo1!OHVd+7p9@pB0qQmoOUihr^TvJ1LZ7P7TY+MO@LVYJ_y-f~_~IIfrq1d3?2A|k za^noFc}8Risu&8S2~zr+Q%sR4=@q5CxgbA0OF7~ZSt3ZE%(P0+xRTavOzO_tbe~CM z3tD4PC3}fTPIl|_C<qzzHIo#AkY2K(>?fMv&5ogFn zGRz5X3px-1!;(OH<58ceOe9%U*x#H*>7q$x!c2u|0AsB7@xTodF_O(@nfSj3mD%Pp zF()xqSSQcW(0?Wx{&4p{S`<^f6fLd_Y{J@u-~W}$+NR9^Qrp;AL;Ih~bNr_#y8rW* z-IxKUvObG9pc&-7>3|%tDkyv^9uPX}jl;S1K;~8^X@nm6mTwBF19APF-#4J!mh$a7 z114j$M*kPkMn<( zYt;?%|AJS~`2WfDKVsR9x}UX;EqM47>3&2W)s!BEreMjGv3!LCjHbN6h-_E6RJ$m& z&bbS?x~4eUMY;3`dOKZrg1)uNAB-ARq5Fz@1auNs#@RkOvy`Ce4Wkm#-?7^a?;w?X zll;9?@JjXpO0px76bloz;zfi4Mk$Pr+eXcO+R|!)Ge0OL zfSD*5wRc8N0DmG^)R90X*(93aj02pZPHPPa9SJB|-PEM&uc=9GL6yRqRQP(V{?tIx zEYT8jmyl&POqhvwPF;~tikw9=DFQGSEO}XHqwB)pWtr08_}v{>eZsTwi#Yqhd6|T=huBj7Q{Cs!~Jc?FDvU z1ybz70XoeB0!<|N>q+5}{k?m8>SJn(Cem9DXXZ+QSql6yDoZdLqIFc?XEKGYN7IXf znV5RZbOcU{-y9F7zoWmSmPWgD0pKPaq4GLkUp7L&j3BvHzH-7qE0PQ`2H7a`BNm1}{TJ z?0CW(M3~maniAE9r4ri$mX6z@upSgr5ra;^Ex(Iy7!+mL7g`d&MhlcpDK$75fMbF! z0bM=W@v%jLx``&ZfQojWZ3(`h{Qq8fe^&m#ytbag|7*3ijc5G-bn<@<@4vj8^S^}h zP?~>-4Z9qfLYA_x3eg`c)E~nLAaMbhZ2(N#fBuO9YlQ57q7{J08tI2J1t3B_5gT?C zxWzagjnLr(iwVqA-*v)B10ed0a9GU^0ODB(m_B(BI=wKXu$N0Rv(6q!c`L27r$N%J zSC_51H1~%2NhIx+7o;2z%GE}w-7yh-2oU3Nba7K0Ef9Uflrp`MP5tI6^nrMIt zmpS*)r8LAA6q8Yg0-7;qx=1{&NwMkX)uOJat+W$X2Z}?DE$VSmY`Fn*8AB`P4DH`h ztcPdi#=|H#fONC&X^mh!KEu;zitB%w{sWfb^0DbZ;P$Jj_#bPv^=JE!C#3&)+3y?r z1ED+&{YQ}E;Qxr3R@tf$?rwH?63+O3K&&rt%@1J~l8hd#x-yw06hxqZb_V@@bQ@4^ zW`fNoB>=#HokNiTPbLVWNhN}AAEPrUl7{=X7{<4*PEEqZ2B%&`kvioi48&I~kC!Xz z4Mu&6d=MrmC6NcH&)NH23dxH43W^fpT)J!vLQ0GzbP z|CzT#M+&++NHNWKB}}vbtCgky_u6J{9q@k@zE_{||C8YV$;)o=1TSxuUu{*^XAS{v z0{mc6ppC%!;*jr{&O9Z+5bnecauFtr8qFzLo%u-XLIQ8Y>@XG$L|{ixDEBvE9wx}Ei}9q`w$3mLCM~C zgL8I42*;;9haqZHFZj;lC_0gEPDhuJBaBca&a#dqG@nV1AdHIMaFrkYF)OlXoxA3H zm^~gM=FvqxGq#c%Xo$?U*O)F=Y?L0b-63Cx$?D?XEZOf=8XaoH zN*04VP=x2^c-*XTxXqs-kvY~N!|;c0X@-3Crn6MdOCP7T_{_vT9{(4){r;o#e`{4~ z|G%-ZxkmZl*2>TR-%rT@@vkvmuxg|7-?UP8d*G$_xz05eq1LzRMx>$Pfx+pwQe(<}qgF zD7u~#Pma#@k@lHm);W2c7Mp5exlxa#*_?SCh3We0;{9wAk8dZ3&OVA6Ue_BkKm3Ps z%zAqKFYKFGYZKn%7MP0v*QNjW`evn!_<#L5|Id@*|MapOZh`f!>c-ak?7_bTtOtwy zCE=-19~v4&RgvNC_R$dQ43LJ)b~aUX4HF_k!((CWs>SwcSsA%MyZCqiSY$0fnrM?9 zgP^J>@<*wBZNpSfHWFWr0{6l@YQ_`gr7|JRoNzEYqV)&toB#PEbgs2^~se;YoX`hBl!V}XYb2obkC zHDUt>JIHu#Mi;`xlZtSrhg2bc8HWz0_9Q!z+oKt~qqm!vI>hPS5n%2>a$D*nkcV#R zvBG0uHyFrqI_!kZWPutv)JnO$4=H#B$)o&$vVrxll+!2g1XGj@Jvc@%p(Sg!rg(A$ zpOaERk<7C7LiP`zZ-Fo`Sp0w*bb|AQOa&6Pcq-)d(mQf&y*87B0+x3vs8_lVO}g(Q-KMlY8)~ zd*ML+fPn&0BTb-@CP;5kdHi9IZrR(~hKO;XEz_$|(vtMb3azBk@H2*dEao^3+PG0L zG4g0^PB@EM@Fz>oI-TW%gimgun$<)Bb$3BP@k=&pF_Yr z4E^6lW5;3dp26S#GK>G0%>TDuTU*2YA8Q+%&+?xqqW|?}H_-lTTk9LMgniNA+@J2( zV4>U`Fp>xdh9MSO+efpAbuw02Ch#-HK4G$yWd49!l*upt5gGahkvEXf4n8A!`h~ji zMU)RQNxVx=!ZN;_3X+0gcr`G zYYeV?r28oj-Rr)hT43tZ$3^bdg3>Gb;(`zVK!nnEngDu~#P!ofi0NgXw8qbNa{qhw zA94>|J6_ar{j<9hfm7qZtf&3|*PrA6J+=NXUUnh^*Y6YtAPwxnbbbn8(ZiTHto5=g>bdg4ZYXS2*RuIPpW}Z$t^J?A><^g#bLc;K{!aioA^)d9Q};~+ zI`p3~<=4z`1E*D6?5gG5qvtn zfdMv!zKQ$*0|39f6;;`Tv*(Xb`xr8y7`SK981%d++u#iLO08lM4Ch=KM}_GjV|c|= zWMz8ZnMbC4n5Lm?%v4|3#~DKsZON9dFZ>X1`iOi_sRowU46-aW5o(GksL6~TK!46? z1NrzLRf?DHZRf%XFYadmGBy5NwVJa3STAop$NzmA{GVL*dl-P|fbNa=6Tmc_Prs7} zoLCglK9s(*+o#^z6rWEl^5r}}RcpHW>6We8&VD#-wZCut*!fUzedz4(tYbl-$gR90 ztq=7Iu?s3vJJIR>U_>cQdfvGkMyVNQt529?F;60vnzF35xU3i#pjx~@;9^m|x5JU! z1;pRAm)z2M2{=g^unxKkoi5l`wXD6uPA(h$|7AZ#Pk29EIsLI)n%DW%w#K89y@W#{ zD7Z5`OqBy83Y=^Elp_mKuL>L-!M(u=@*?;h`Zz+$e%$i{;5IQvFAO|F^MKOw@7Bw7 zy8K6Ir8=YN_Kv22)9n8$8&dwiz5y%%%71_Zc*g%vD*s6@yFmv~*(z^ttbYSz@J6%Be~jASWE&GAyy^D|3hmSGD)1_s=?#tF!c<9m7rO#o zdp&9Icj0>H7m@b5GrG~gz|V}=jbR*<2BEq?ON6?kn8Ze#B9mMx6p_}a`n9HwlE{Sv z`XRjjNeco*zdOL-=ag%UE|9CJQm&#QTIdyQH|my3rMRxq`2*g^!3>mLVwh@&tP%y2 z67ane#)VCQ=|eha8?6$T{D_Z~-z~aDt_Pg8VAi8GNk1l>Sw9z zA4&g*?sM*q7j*y=MB}@}fttqu*J_(g|E+CoZd8%~->g-hdw+8jyju--udXSDL|l`2hBnLl^*h)E-uW1b{k_eFry9ZQj6f>tOhOyDB-El#`}EL z+(Z9|ZjWcUWcT#|oXY>#r2cQCQrSfQf4#c??Em*f`oH9|8s#d+bAU)l4-@-C zL1PRr1AjzO;GK?9TIkEX9}kigE*rQ)c3^S_ki^G&yM5ezchYXO>=o>3$h}N%>sj{S6&{&-)&|3bEIx<1>zXsDkS|_BqfH z#yosVAoI*iKL<*9q(BM(gE5r<er5^!4npGs{b75{U6v;3_8d1Cutwd@ZO z`BMOUIGbMyuxQg`ocQGK5k3XTDd~HdUH5vqDi(q>(Mxbb^I_BjL_C*|;miqxs0Bgt zh(QRFO={y+HXCv8#6Xhr|i)NPB-xXj0%qD`}Gel{~e?^vzp1y7b`$PdiluumwiAw32qgk_4u(9e?n z&gFdf6fKg}|7;%T2Oj*k!V5>3tz(`(dkj~5(7(ldQrdM7T)cd}kP_L3t}Sza2rB|& zUoB$jDIp?o$Q#YTCD=*D%H)}GyV5P{`=b2*4sWu*JDTM(VcPRlSN;p z^s2PM5yn+vXHc@fw%>OB;hA?1IKJZzN8{+N1uwV#(QQB`hD+PacIDNpwF3UTPXBJu zznk>$OZxX!0ZG9!{ac}bs|A1pe{1w>js9J??OhD8-SW?(Yor-=QO!aKvH;9@7kfit z5B1?-6hy2Pib}5uN#?-;2*~Y+K!xH;rssf-HUvvD6gg1*)to9z#9bJ_KSAMKCzR~;;}_yt^3aPYuR;x zfeD(~rEf6mqkkSuRp1PxTNGXFH;z%d(yqUQ`w$I91ADjGK4`RB_U_@aU5ENd_2YJP z`(&?vY#*H*A04(DFu1oZxKsD*-#2KN5YwS;Ct@d49Mc-&bndMV~7Ooc@2oez!rPUDzL$XD2jWs9S|`oVy{iM`xWZ#!sev}|#j@J>9eE$isG zk^FtwYA0TZIwuF|TB$c!FZqg=0s7#L`fh}CNH5-6Xe6Y+#@}zPa4c3IFGOpn3E;L5 z_xBGEc*nqz>;QiXd-GuKG<$HV3MhgcAO@vj?1gi*;v&@{VQF>Ly60|Hx4ExSPdz&?W!y);cxFX>Ia?O=3b*^zp+|}C&%0L zM4Kl53EQP6kp(>S9K$=Bp5#atUMvAS-`;5+FH>2px4d8-93SrP!slV&pPgB_^$eSl zniZXakJ`>%mOn+G@OQiMsd=z_NY9N=?c;g}ODxMRiswN*zO{%utJ5obf;aoHM4esW zFdFna{wcq;k59Bu_zS&N^O9^g0sz^4=BqYifIw|M5aY7O7UzxWH@Ch|SsEcK7y z(~FPazqPiv@o{?_pP&c(hdT{^A%4L7-M#wz7QLh=cyn|_KaY;+IsPu5;q9kS^y1Se zdX^RFiQecV@h|>5g8jh1@#(GA*#2;czws~s z>TJv3oo(^vK)pE-Z`$fj8{WJ>Zcyjx0e*jKz&4;4^z_!+-Q2{V@CTk%?{`JtWp%Fo zq5eao0}S%}?c*Qm=6IWY^VZU@3GE)E-|^S@etMgF6_-)B)7#`5twbAsn_wkAytVdr z)Ud?kTPraLt^evV-u08&M5Dtx7=EAh~IcY^!x@VKpgjbFy)P>QS2|tNhw-a?R&NOLH1zBA{78P+UU8X!kI^<=e5D`!K5_#279RQCc&NRlA8)NwZzz}?etOHKtwz!^ zsq6GTCsc3wr~K9(jpHxyL%#R53ce~0tYFU%;xGLBtras-Z^a|O3w%G)-ix2`&6n&M zKfxP}EyHi<>8*wF<~vMu;%n_Elj<>vPK3J}Wc*8f5kr*E;;kPS_GQUF=fO4k?7ppI9l>iMk_iMAlTMLKJ4*^dUCFGJZ{kXq;3= zrg5HBh9m6dHy5}$gUtAfnF_H|vLg+6Iuv_p=8{!&QF1NK>#*>L>QI1>@yJ{VO@4AA zq=O)s%E;K|d0(TB4276m!W~}af{)|yo4(#uD%im?On1zr0-^b1{^F_< zrmZ*f`~B>j#Ewis%i3gQKF2OQnNPWsAQRgeUKtasOMh~O`mcnM^AN}`53wBm7>?EAjqq79e7b{ea4|1IOFJ|ga2SwP>Q~q zQwEW6&L_03y!M0aA&pCnPy1dM4?b#ZNaR?vEI6E7s6Q_{1Jn!?vEOKISw;cnRt~S0 zBj*&NyrhJ0+4|}&Swy%aR9d|F$7{RiV~1_K>x8boXson|WvP&Due^8x?^c%OZ>ZQy zi||k|{$dH49TZ^I_lfTz7Jk`w21N{07`Pz`^}d3l+O?PQkbo6jCm(mb|};0gi~ug zo_Fs-LJU8p*|dQFUL(h}2mRYFaMZ&hAil`=`&-sm#b96;&+L^_-?uE|$KcE^A)>T9 z_^(BDehw7z!Ws_+yH-SQ4$$V7*&scNXHS48aX5$=A`ucol~ z!iyK)f{v?8H8}9pQTT*^Z7PwES#{`8Jcf^91Zc9(G$aSWNO39mH zcW3JTP4wm$!a?xf{?$f1sv=;)aP^<1mCv6`tE-E@yiN`cs_28mp}khf27VyO#oA(a zbT)Yh9I36}2V>I|h}krk7@y!cCrh9NtMr5Dm#TB!1Z zZYr#s-FmAGesSToys?tC7r6F2@fz1tQq=~e&;TS84rI#k?{jBC&aXCy|ppb*f49A5Zq z3I6X~%mZ9+##-9Nol{fp{%&;G?K*iWoz}h9Imc`ydW2H@*=5`p*|H zw63oH`s>0k@oq|z8Z&@O4t(|3H1VWC*SDpH^LZq2HS(LDcq7n%?@j47qxxQa3uxFL zeww>SyS1?T(?3^ndlw4vh81l?d8oW#|Mg8=73h-8x6*>>ikKp7abcAUX!E9D>tbUq zCkoLZG#HDLo>gN}vx0NbTTRS^sHhjw?nIhG*?Fjo9oJ?{hX5OBWEV%r+4`w|h0W~LPhO-!f$OYb6Kg)OwOF*lRa_QUPEWK`M% z_Efh`(xz=vmE?PD@=Y;hK)=XU0@O>NmltuNbQX3Y)wxdN;D`{vER;>fKjGjbq5#88P#~x1jMm@JbFwp7sDtXl`FC4Z!HRM&dPI3yhDN1ZWy&_@w1pZH72DWbN2sP6?DtC+N z8-yy(wuf-{h#drbhPMq?S4*C_7pLu$mj%hW}r~sIO~lTWjUne7^;x2a5ox!7FmO4(WD#D?*^5o04>*d>nW1xDS&<>2Vl+ z4kuEuL+?LsClb*`Is@m1(*RHzbPaNcQE;n@sW+G0vI8F7-GO8j3QKKgt=&;rN z#0Nzl@9MI3;a|H~!V4exH5`qkFX%}3GLyO__v5nM49E&vB4mIexTJ7Dq(BX5@RO5l z{FJv9ZyTo@jVTy_oU9&)=9Jjx4-~xMId;Lr#V$ZJc8}NvB1A!cV2WmLJ>e< ztM`<}$sf)WA(9dRPi$>Um`GV{mWYknP>tF+hVeLr2@{0|Lef;cm$@Y)rt@U*Y7y-k z-m(1QB8~}3H3?%=!N|9$2;6~s=5}ahdmIEnE%a|WXaW5Hzs8gxic_q0#}Qv>d6|V1 z69!0`gDSa!d*;K|v9(s&s?8Yp51~Aa)Q2De z9eXc9j?Qms$$nJ>Pm|Q01RIAy)W#u<2?63a4~X&qxUt{_Bh8X*xMbJ+7^~&{!tl{z z@*8suTnV0$csAnXfHPCAAeW9I{8%O(Q{vmAK>es$utcC*<^;Sbbo*x%6~-MV9tRji0fTnc-;$YfOiLGeRqbyLicQyHzBbUD@)73APu}e1)Gss zJi`*FW)LifrSia&78ApFxWvTCHhM1Hrv5Fo!eMuznJm8`9R_d>WJ9GX3Fs+Vl6&1( zT%9Y}CAIQ0@36+tJ~NMBih0cRmAQWICAR#>r9iX5A(*$IDgxbp>u#u#8CytzGLb4! zPYVY;8uBB6T0rWgnb>G7w^9_U_c>wuy1Xm!$g1hJT<$}Li!WTGPI*5>g3Xiq%~ zJUyPeQl#m_y2nJS^oR9@?W*=+4Miv^49v=R&{-5 z(XW8@U{YTRuNbGN$5buC3{0|ybBKF0vfR8Tb7cg{TUpjZmOFL->z|koNPNEbhQLg8 zP-UAT91!1#FM4AG=mGH4sp8@-Hi1OJj3bm;+P|3OBbJ5JjED@$LI6P$3qYILwUXVw z9eG{4r9=)LHT8m~C{mOa!pQVg6oE}ptM1x3{1~_6)pRX*K~$n6)`pAA!Y0ug8aD}& z9^}9Z^9=-wKTx6*Dpkt#J|;@`6j7porwZB%ORn_B8;l3GGw{c-a8PGFgtZ>}*Kk>$ z%Tz~t7H1FBMT!B)8}gK8>U>LK&+$@fedz4B-m7FtADag|haWrjo&R^zYKsjeNh-Cu zlARi+6#A)dq+5#K=rL}R5su}5QCNKU+nc~`tQrHzZTr(A*W^%{lB(J^1t=!=GuCtg7klN zedC$_|3dj6jDh$oWo7bR*|aOQt!i~^ece9496IAOLG8;JHl0Hv3^8UNk|02W0v<$X zmSNXYRA%3aqhZV2wA3Zt4gLvkM-luLVawp@5?GHeUXG>iSD&qc7s7)i4d6k>IfCb~ zix9-+h)*cD>)J9V64VC(D$rKoU6n3~pbW!4Ji&)^ZvDa@xdW(3p6aL&D?#_YGg}4C zHI3z)HyVVlg?_C$#blFE2>AFjD;b9{9f=$R`Wz_FECku1Aic-+<0eg^W^p!ock4Hb*!NDcM+X zK1S7JoL)2lx}5D)e%cD$D-R+4v;_p+&p(&!mXA3xWLDB-L$$3+b*n0@r zg2A7aYJn|M$m$n>RZ7;^@TYlZyPn9`E=nUW0i`glh|jq-D1-d1-E+^Jai5@lOrY55Tc7jADyB3GZW|BoeyrnEjw&IbY=(RJ{xXd zxc!lR>yJgodVCC24l*$#)%RN#u3LH2_qK+9r$Mejyf+Bx|HmFEO|z88ewX9fFaGp z7-I?|WshDJxPa8o`PjikCNAw>DVNThSvVQ6HToDnG_Wxou$=5#Nm{RqS>zL8lbr7Y z7!ywT)*>aYtxixIg8Q#Vn455`P z7iJ1o;=LYjG~~>#@Bt0SMDxjZ0g`MvZc>b$rwDhBzV~6XE_I57t4r{Os{YTg7!;?n2^k1c1tF6_D{#)NH*VZ@D|F5#P`E397MgCh|(erh6 zmnq{`5oy1I-2zl;zxVra*oOAEfJmM5x03GggY)k!dj;;YzD<=;7$fso*(>GRf-> zx=F<|BfA6R?TrP(yHAhe&M<(uN7Bis=XZ(9a^%us&NEUs0!n0K*Htc9N(`ot zBp%^`AeKlci{@y8ev3PQ;rEg19Qtt~(T2}g0k;psVeo#C%mNGOor1R`r4Xpjk+_m4 z4)!QCKsr2f!J=7`q=d?TMinWB1#CM~MZ;zcaKjC?d~kAL?GMeC-8$TDf2x{jbvF;*7i@rG9~`!UQ`v8}p=A58Kuu?BV#UMV zOa?b>HIc&2kid-&I}8yRmhHWIbHA}uf<8dIcH@V}LECP9z+79&5g&d$XdJ^BGQ)k> zfX>$6?KQYL81PQ>xUtQd3D;2j{PP9S?v;3pe(5+pVZ*;>qKw=npZYG z2)UrNN8_dpikw2CUh=<%SRv!Y3N|@7;f72BPqvTbFcu~OENkPz|5))%>L-0-Coj;z z9dt*xOL06%qWPzSP6;+8!Z!!~-XCR}d zbYYhBn{$vvP2M&$S5IA((%fOEv0FdcYu_CXrgCev6&%7YvqMXxs2sG*)0jq0vO<2| z6J@Gn|MiVEX*9ax+SH6*cK5i^n0}w61~&cjO5x>+m2%GtQW9nuM&zHujI&PWn>W@B zJ7ktQo$2Oe5VLHmg^#fnflcXU5FL$2@_YjhFE8I^ek}8^-_UsruIveW_D(1-bcfM> z@Ez7qA-iKi{3AY=x~-lYl7SHM0UGKHy1LfQoG@xBZ^VGyFl^o&m@R?csP3G&js9C= zGJZMth|Sxf*$G9QuQ#^9gys$ZKpQ==!395uTbxKjUKqn3HxqvGnGd?@?%oU6&4uI6 zeKbH4yc$oBiO#umho*LBZt}-oXrY!GW?i_U+Sksd3lp!k3I`6C1a^det}=a*M)W_G z4dmE-=%R98d{NQ&fDr>IXaD@8U!L`l<)2nLCxrxQ{e;IXG_Uqujv0mc~L>E|b*4{bH8wB^dScoi|rCv$^KoUDajP^sm3py*F#i`lN|FH#|+R;NSmlfSj0w zZ>HJ{vaXV0vnJEAAvSF=^D-2`d`zse}hErjG4eSfnT)HD-GvK%w$?bfcxbmZx1wQ%0JH{3v>;=3UI^ zPP(h)9FQ+`r%u`m4+Sd8h8nKNNteeY)F#jyS&v=2Y*^;>DZnkUm~M|^t191fK5oKY zdJ;$ma;svck|#JC8DQ0}!=Bc3Hzuz22_RReo~kMQqC6b0t$CMmqQLIaaIw%6q5qrE z!wPEn+>N4GyNWg@!}FO%Fy#s3p9431xhp9j)l}w2%oCPzMk2*Xb4+1GzC%9n?|(No zyEOI2%Fr>B8zXhkw>hvD%ZtnAPYFiNnwbHZr85)2ExuY@Hg_n&-dPXXoxkQ^&x`ir z@2NMRgWp$ohKtMhV!Ixc7`;EgahId~t^LZpB(t5LFS#TWnIWdKrxU6sG08+S!~W49 z0~yg{_XH%Wy6&XA`!R3M2#pkn4ihm#U_thdY*c|h%3u20%$c;04o2khMKoD9v2xPP z7X`@iBeK1+Z;=WU!DqdoI|iyMXO_`S)Ekc7nT`PV#a#qORk?@ss7>h7xo@KbKwzi# zkX@Ee=Y9X&>#{wrsWU>9_ejU&&0P@b>=)nsotlgErvZrbJR41;H&!gZo?Ut}x!*tM zaIYzS#q3DtTl?h%saE4~54Zu0$%(t)_lHj-?Z`t9h4@s?Ea`a28!1Hd!@TK5p4qS@ zBdD{K5?wDNm(aZkmSO>Lfv6p`y!EdmIu=VKj3mCy%;khdJn%US35D?Dd?bSHyACiO z8+14Ny{+rO>7zpd%n(^hKFR8?ERDYTW?3l%4Ks_5uXc!0$gaue7Pw|${_Hc~?{ln= zzIzr?a9fIT9-3yE>^YK_pi`|zVYftnKe1cL*2k`tbG8h%@-)<8{vyk0W?yWHP3L#| zSsYC~iy@!I5YFQ0f8s2b#^H=6B@cZdVg8!uLv*B#J7SuwP`6fo#=CdAPi;!CD;EA4 z{U!|Z|77Ubd9oYUY?^a76P>$RQ`BBt6Z&`u^MTsT<^vCD!t+oD1omXhpWm_4Uxv;S z`{`kH{w5Ql`|kPsTK211ki_8M`n`hf#6PB=WHVh^$U%4}y&uUT>=n2vU?o;W)@cqB z65q^TXcK}dP;{~D3&h6}mkJ|)gwC-4FrE9;z;!NP=b8E5)oyC-zD9X#6Wzid%)V>= z-u7MV_pkJOB{;D2t`_VbR*v;J(i^=!BGY`67fc3azvzc2dsX%tWs zb;(n(!$WGHevit@obG%{y}Mnj{;m}4l`34f&q~|PXQl14()L+t`>eEmG^K6M`I=j8 z``hnWk-PD%$i0suce)$g1dXoHBRs2Zm8!_^J!@?f5rc%*0Jg~A;o^Cjvq_d*q|jH~ zW!x*jZ>{Z9t#BBhxBqq3?C(ll7yi!9oe0Av&fSR5U9O7mk8|*FT>qo$x{Zfc*KItj z>%OS0S32yJ79nyu5#8q$T8(0JIitSwb-K8dSKKicm)DDFMKXmY4QN{Q#K`Xw zUrHR6Jj6s3lRN@jmL@#NWZVi|cPT&cR|bu|Hg{ZwWYf;@Jx0esexpFEzy0OeL0RyM% z?ff+HG=Jg1sfc4!Va3crOY?_yudu395TPNgYIgRFK~m=kkb0lMrwJo#CSNs>;L{^2B+&k3SxNFP z%3-)>-^=E(r@7qRgM~YtbwwVKyS-zG)BL%ZiEOxgq|zxUmRbA*M-OuG_TF;jQ0`)A7U<2&2!eKJ8(Tk<^Lc z4w!L(Q;yFZOyjDMAaN>JYB&OH5S=Z}u=%X1)Um<7 z46fJq-(cUAZTj~!(()|N$por(Ol6p_z&GHRiOs)=+4QbVmBYh_k!LeRXuwjP1j=6}hha|kxMAv+So0UVI?*wez_XKP_i(ei<{BpO=Z1Pe5ol8>U{!b_8GUR)* zr+3faaHqTtDQ@9O=6NzPmY-%}=JX2L^EXX6o}V3IR*RJUtO#Z;?1XFxGtk&6dxdn? z1HA<{8JyhRG=n);N`o)JapsQgo*;6iHhFOqOsNVUFh#)wrY5+%;ygbULH@DHQJl}q zEj}nZ%0Cd5nbE+_kjCQU$QFlS8~&*Yf1&T18r zZ_fIc=l}Bm6Ej*Ymntt;!=Sqwo<*Zl_d(kz!+#rVYxuXaxn9=)mdn*zrM$WEmr8kK zeSNdMRxMZmQm#}s)~kQ9|4M8G60+tqS;tqA{Y7VMT2 zIQDzL4>$GD{x*bP=WoS+Dfz+qcW7%}2a=E~he(&9M^&#RY{8G+o`>rA({TicnIuqX zkPY`w=#PUgYl}|3p%dI9EjkFv`up08F3{@^|6%~2f#37aysi@wzDA;SgrO25yZ}dm zf93U%5M5#a3cT3P{C?lRCR0Oy*z>SnNc9G8v?aP`r#cs+nYic`nU)X6Azg=#xGgDA z0N3oQ=^FZx*9G#K?%zIuLnwNqLn3v!THGyYxZ8KUfg6-^y93Q?Gb6hL0z`Z(h=~iJ$$Rgh!0NxEeryp`%xdyy&R972GJi-Ilqv}|Kgpk58 zKkod6-^Y**Lq9Gg+JK_Y@K&^sF(L@OAB51ETcu}&%MEUJ!aKjCG>(SjL2iE@3Y}u{D-S)@&al?jZ zpdWr{?lgAncR#|%hP{1w^y6{!{fD;w;c#!Kaon=&2Rm4E`|zNB+S|zy7|_ zvX|o7!Mdgif_2(HId1G@-(gBxC+}MAX8WYwu-_jZ?zBX&TaDu%n%j-mYkThymt)sH zX*CMaPPpI8t~~DXP73gjx*AN3EXaLC9zeQ&$c#Ra>8l6-)p{a9BenRz##(q z*labHVf~uW#rFsm8~<2`mQQH-PzGy4_xP8#sSC8gc5~OR@BGlj{&RU7c15enJrVn= zb+Y|ItO2{)SYHGG(jNmtU67<39H^_(#e(4rQ6BKcBB$}l-Lijh13YW?hJEdX3MaW} zW55nS9^(-_o&uSD@ULBTbw+W8gZLr1#PXrNuyaUz01pMN`hwjXldN$hblFIWo)gNU zgN?``aQm*qPDG-Ywl^5Tg$UgURrl5z_c?%)067BE==s;f^T6p5enx?R5B;9l-*^#` z5MbMYP^%^Vty;V7Bf-Pj(d~%6w7>4TXWr1Yfko-;emd$j51Q?X8qZ7(*mdNwl=ojX zQ{(WcaWJWkTBgP}9F4|=8f%#v$Bp{Vq&C(wH9j80!JSZJBU59q)viyPtj$b~-6=I* zW@@w=?TK|>8QPd!rBXI72;jv0MXwm=cVd;Qq00W@4-;m%l3n-x?9AOLXACFQ^Rfv6* zP!RTvQ1os94@Xckp1g3yO5wKCBfhELLuX!j^Z0bH>X*?e5a)c8ty(B^f$Pm1Mph2Q zCB28}Ckvko>5TFyR?io&CA8+Y6v0cU*o-T#kQJeWEVNbpPRNsr--!>e6V+HGg|52T zV<8xuNe2((DcB3gZr3FSLd?$Ja)QDvdFb^5 zf-XJ2zpJUq%@q61x;WCg#=9Y<&Jr@WqOwuflm=2BU7j#7ZCZ-ok&gEbwf#EtLHHTV zM?--Nl#IWz*OQ;b?u8G3=k38C!eptTdlMxDkn#h%U8tQUs+J&J_t7u8orf3I4Q z+s7Ukqel7G-Z6AYj1T0e#U)*$gmnPNpjb z)`W>56me8h(wfJ96Pk^eBUEumvFpxjA*u@SI4cV_H?4yb6-KG-n zsqi^1*lQ`16g7TQrRI$%v5(yw*ctyGd)>?a?JT`cSddJ!e=%uHjj-0xWFza^H;?&L zySd*uJelayy&%HwCv0ed95!Fyx$9=${<5#b$iEoZs!O~^^V%{Z+R6x6tTvp`i6BwKKG?ewU<^#p3MOKN%uI&$Iw3zxc+d?M4H5i-{|d5a{^6 z-FJd>_l^sYPc!CDhk;gn+|VTXRN~CrOv9e#^i@E1BPh@tcQ2&sKuiw2y>`)pL7r}* zuuklVR1^BVB(LKsQ5+0dYbHyPIO`#I`kQo*W&@**shAm4D$-7jD^nvh;m!C6<%CR7P#e%Jdq2-?9+II9vIa;GiOti?JO#67t?54ER)dKr=DU6Rt1^B{^#i_v=$QW4ANByUsdt>7U9!&%r`E z;U&qF;HFdG<4;S=Gf9x3;0zKZQ5y9mv&xY~c!my!WlV8&bIGGtqzHmJ*^%GxE1Rds z5K(2M4=5Kfakc{|>Rxn!Ci`jq=a{ABw~P$d=jSf#;iWt)f9t7}k}vSm7Dkg>B_>H{ zXoh5Cp^=su5dyD%I`R-zdML^qff=w+?vWNJC7y2z!>f%vEgPbj*x!^=F72{~CI`S@ zV=zCj=dykf?iN@(Y6}-as`JF&&@Kyop({BIq@3l8$R8pBuZDoOx&`fsEGKY6f}F~@ zYDdAaI~Xmc=o=QwX$+les}OgUj07_izaj*II-u9t5{Vlw77`i~-sMT?W{}kJPow{3 z7S06uoe@rcPqFZ%p5k{UoYcF2r=BK6h(cg^ zoW(IH^hN&zvN;obkmQS3a1MyA6*h251z5sYE3vDSXfiFBQ{G`}L6~ygK0G*RY_}Ub z2@lEN$8Gp##_P}|fRUG7kmV#{=HIz+DF1U?ppe+{`r4y$pInSkb|tub!@O%9$)g@; z*&p+S9@Do{4kZA?IvfHw3QN?zfb-~a|9SoGo(HeQ818}4uGpd$o?RPrYQZD{8Q{ZS z!yOyA9Cz*ayJq&#^ zFvBg0E_B@pcr~eVaO|ObO$&i0wIrU9HPKR4nv{tv*3wz~SUVwCf}{9l5LFua8nN~~ z($#qBm$&TZ&_m`QgRP5EE@YH6=?+rKCFK6~dmc9LE{U47lbZ4w$-!imW&1mIu2N{! zING~mRbXG1JQ6C}9+3Km?F}C=$;yPVr8)Oe>Rw8L{mJ`z;`NkWsj`_Sp5P$HRvZ6u z17B)rFhU?>8Vao*I=7~Z(tc8GZ%mxWTYM&mubll+&W&SIo*^XXoo>IFeFIymoP8S1iw%;Fp~lQ+K)wP?U{t+1cCgcE_Vz7D6Ccq;7_&^+E3xo703$q&Z{* zOH3hT?AOpCpwYrx6ASA1v#bdtTYH^6U}t^jJX~5^R#Cx8;l&V=#5B%?1eB4o(ud-A z1kL`t!M3i|{QnwpE>6{ADGqANefYrD64|i}U z=k+Tw;T+QM8yVy;w8yoon*7W(&$jKVu!C^h9r-}}Q?U1l-Fn@i`4B(TMlO@`po zA%#XVJ;#jOE>#`#;f+j&J~*wN0kSP`GE(>C?y-N(-4OP#6Y6SfZ3Ll~PtmP*`*7!Q zi?wAKyrI{l*<1U@J{u3aC`tsZvRXgqleemq=eZ3%UZ-QbqU^k&rC3GzHld%*^sg zA|c~ffr@ndS^+F;UYlxH8W1PeC~M3UKG?}i9kX;>corY!=*8!3!thMHDL!a(RD6KL zmpy5Z)V}fb=|}Bu6E>K$>a6E)Mf=ZUCKu@dOxMM~wg0G2I(-Q_q;+;r4z`p0doS|Q zT+MjK@f%UW7vl)s_Z0a7M6T-$1PL4)LEGKFF9mLMwVxKxlkg2cV@$;4+hu!68bf!S zQ|JgV=#s}_=kfpZSoh9tm~8A~rfZ$NzV*DoB;KPB zb9OIPE786DdNbW)-q0iW_7>-+h_^UH`h%zN<1=GrMx39$FNf}DA>B%7BK?yNC=)X5 zLF*`Cog>BG{jFz}NSBh3(8`WaInL99IR>ceCF7smL=~yg+$Gc2^a+`mYD-ps&b5`A ziMuA-dh_N_k=kj#G*^H9GHI^l+V0kydnd<@d4kOg)I51Q<~W%1rVX1MF?DKlQ*vcZ zM*`_&S#xH;N*#_lvrH|-`0|bkvowUunHv|dOLIfxRIglj`S%f(6*gxevz8^VmWN1j z_0Y#kJ5n?En#1o&vSFqO!ZV$R%DoRnW$KAwf*Y>9$Q}0F9z`y#KG?Z1-(1SY9%Bb| zn(q$|j~liswwxFu;AY;jGmuQP`EujlTb_QU6D9uzlL?~@gJg2YU6=v)4#y%l zSgby(JVDj6F@u_3Qz`utY2H)&c{-3-3(u;ud|6@!fb>ONpV(LBS!};a#OrxIcT4s+ z_Ie>H#*r4o^Csk-$S$;mk&22eB>ky+S1!`+K&|n;2k9k00wIuVrLKJ_bxA zrW?3!VX)7U(*tD=E5#lKj6!${;~-1H(B~mZ%fN1~H;1ft{1Lv%F@e>!l{#0trapnJ=OTmAAEn z@el*klD#U$8KqU0U7&R*ul4B}dyIpafi{XK&NN(o58Z3H3k}3pO01};g8ta<`hyXM z3-Zvsz&zC1hADLpu)&wau2Hy2U$>OBmMD7?_+Y@;g8m}uIg}LSLMbfIrrq$v;6J1l znNvZQ>=P2Msj?dAWP_S#)7=^r&Qpd44I@-$BXuDD;SRgCg=8fL7|I*!w+R{u1ic)q znf9GaOdS#kbFz%;?A(o5?d0|falA1MkLh(?G)4_C0GE;$4kIUs4oqPWir+~cn2}My zhu5>gVSQHjG<_qZ`tG%5-B|#aiNBxhn`Nhw={({0Gg9HH@%J+lb?ws3$FMV~vCQ>e z&#HdVB3<2MmJN9Tj5@JU=zFE^H{@-nHl@6=Gis-d0f>ZT@~e=Vrr5tAJ|k$Z4ZO1- z+;SLenV*A(dgTNj(uo|w9M?R@mta<1XpR}}{bM#IyF&_?d-X+!knV`~ZDKDdSjWA3 zp+m@eN2qU8dohb1cxp#7YT;yG;?EPi!`$w@I+FmA?u!0#Vn@z!i{Gy!2@vUy=pQF` zWIP1Y=JI|$Ny12XCGmC2W+B4ho_j@yk=-iV*NJ@@T;6-zCP1WnqJNw`DTDi;pTVTl zGnla>_usLTHtekXHM||%f5WDLWcrf$Y>Lm9a>Pv1C3@4-Y`hHrX=Y!$Nd2Ib-HsQy z-3YJA!%>*E1T*}Xd+7`FfQhCgGKzA_qC{F27@a5Cc9Z!Mw0|Uy#G34(NbxX5S>{Hv z#^zyxpC=@nMKIJi@~HkYp*4-ubv815)XZSXco0DTcQ*5PQXC}ypZDN&i#XyGAJfoW;Y2!XEGJ!2OVC%(LI}&D)=H+Y;Xa6 zFNrsryG$+}C74dVHi~U(_BVF1?re3!Hfzc1YnOWm#_8X&zG|q>|!G5 zXj;;;vJ|4HaB@Tw#+p0SM81u!bhZa0$CJ=urq!By-u202&BXbc(Zxc?4HIg@7VeI2 z^$L@#>fe$FQJ>Yki8LQfz1N8S(pec(T~_bRZe;*PpdX_aX^tQ%Qsw%$kS=S9yeH^X zC!C@gHrWE@%7*Q=(38|t(h@XtE6rirIm?Y^u<4wvf;C11&K%U4)40!o?w?runuq4Q z{$Kzo_yO>I+Alke@V>bEcIuF448=G}P&8dwG|w5xT2W59Qs?h*erM-8t!4wvS&r&N z%S&Sb8D@H_g*3@Lk9C>xUXt4BIpC!A*iU@Abww~v?>Lk>uD_hQ!dn8Tyt^@aKkM3|y`%9N?a-MiBu_?MiuP1b!x^>w^EnB{&1JB3V zd}fJ)kxk^8IU7BGju~ZpC@eJdOc3un7n(`pS+4nEYVc>ubxn|5))YEyHbzFzD79r4 zd&H@vUR&v|nAO3lZ9@USlXbqctLq!-Afq_rJ>Ly6-8-(uwekZ*5ensJb%t1xgdt8h za)VH3|1$l8qWYA_-}8525=L_4$uEz;0YkXX+&Bz09^O^-(#+l4cRLtx~oZ`R6XB)fH=ujfoJb30KbKE=va}mG4wg zQYi(DH-*sgDqT0f9hb0cCI9R!bR*3&cMhKF5E&^!I@;m5i}nj=LVWk4+%C8V}oVrFlIRj6flD#3I?RG>3(ZcO1lb^l=o z%ya$vizZh}$Y1rCXRqa6tga{G(a$K&jQ2hN=8dxS5}!FulP1`d`IQn9O*tnT()tEE z^EyAb6H18-EHIubEG8ZBR9P{n3pPuNQ#qj=E&E046U~g9{T}&|(@#|uVGYs8HY0?l zK7UES)MJq{2+hT4Fq%oE#J0Htki-^SP928Vf51d3DG@Jc&z&!Eiop&cmr|DP_Hu%P zr^3u@Mh*I{We_~l#!nt|{4cQ^wX*ShQ@BU1*0-rO*4=>(sW0@fh!nOnQCsXc3TAfd z+UgJ$L^fthATJ|W_4_&~%IS;|KDot`ZNCE!Nv46OTp!7NaeZ&#MI{|X%SUr?>3~Kz z`suAb@?5y1^n$CITr}}nPY$POr{__i*Gf4VgdWi8Hwk3=jl|B3Grw_%y^endhkNLD zP)3UQSL=wLszY{WQeGwWcFe>W%#LOX0DY5x?Va`9vlz`Z-kmU_c~H!x9K{|4IVHyn zNBL`%@|`6ECC`L~)v=vH#GR|W$dh$TB}O8baT@Q;sB6gSlTpc#*B?Xu?6sW(C-E}Y zJtXVT3NKqK)qo+an5>f^Wlg|ePJ+dw&b!@m2RzFSkPzUfbQd%4M}r_=Tu&6o<4vxk z{A?2b`NaCRZNATy&`(S*n62n`xb2UC)K9{Qa_ z7tAQq&lBq-BAFn^&*xl?0{rQ=mh+y4iQy1*A}dK~&9hPF-6ZpFkXeQqYXRZ zi$SK6O!$_0f6pSLpL3395+KgL5VJ4Bq?4gK^{LZ1+?{YV@^I0V3_}UMhZ0BJ?byts zmx*25k$OK0{K)V6eY=5xCr1{VuqPAS1|>OLMjprM&AxAR=E_07D)#Oy+OLe!%Ku2m zc{=Adr-(P^&A3f>vROnfU*>2mnSpIk;TPiVuFK&QQ1t3X4nR-ym_9bzJwKt;%qSz9 zs+6)qC?}#*hvWAsp0Z$vzLvs7NJr8@1j&yzU5|7GQj#&iG!ry2a2sI^X}}&cq%oaK zP?b>&&u{`J@A~<6x&iaera$O;fmwy1OtA9w2pN|$>D806H=kdVkgrdWbxHd-jDp*# z)m2FeVK%e0{IKi44^_rQd-YClJQ&`L=iWrLXI`5ji9A_=of1a- zX2KzO0S0JYVmV+;Bdi zUw^fi(s-E@N#$g7Z(VvL+Cek{rUXy4>ZoO%5QbnP3t-r&38Xm7P9^prRVfSUbx!ZI z?N9z4con#);7K z0U=HS$@y+y!hbzC{70NdD(O#_ajBo%vS6C~{};70K*{|5+{bcqzs{qO%=4y7C?XB+ zPjU|L?*WyCG@ldHL_K1@E7V--$myy`BN08X>&|o<+@SP(IBOtr{+NtT^TrE?ERQDL z!z^0HxdS&Ej_s^KG-R;+a7meGQt>^u$IcYh-rPAYW)5I7=cdnfImp3Zck1}WPS1Nx zGd?@n&HjiAwmiHzpA(KTj^qqFxcoCPS?BiH(Hke~*zU9wQ@ilDIlWirQclezI-W}z zbl<~Q&LB1u{OJm#hgBBMs3>|^%%iQo5(`dW);ZNB@^+o9Fj4Jmr#9|WI&JVwyXrn? zLu;GaoPXG5V6qHHCQ-0r3=cW8d`xP1bmnb#5!t+=u-U|5zgaorFBwm@mJx$l4=>)D zSF|;gSSw|XVr1#>$<9yU-L)Ac@p^iD%o3+$)^H{{8!Z!5Wo8SQRA-l$muL4q)?I_{ zdrq?_K`d&X*a9G@G$8qc2@y2dSj;3qk;nJ7Wz9VB&+I{Cgw*~uOV|4Kl$;has zkw2mY?gJND3NIYQa(~XeEwYozG`lLIcQQOyS_C2)L3yrIO1T--aYoUktS`e=be&U^ zAX~s?%eHOXwr$(CZKKOJx@_CFZQJJb{bJ@}VqzXo{(y|kv)5i*MqLwWGz4lg?yav; z60_&@#e+y<5hX<{qzdvvs$lNoPrOX(i6;#G9A2*`G6^GQHjp zq?XVdkX>&8$lop4dxxMFcA--RWrBO+=E2C+PjP&E^w7*(558bDVMbAY>YneGK0|u& z9eDisW*;~Ilz#?O%Pr|NR!om<1nY@O7=UEvxeIB?Qlg)L-^5VwmCmWFDMXGxTb?ja zI_A9m@O(>{D-C&?y<5CQ>ZHWxFK62!_lrl^&dkzc6_1^jTdD{h8rsejsh>1)@8^+u zhHUZ5caG%Z$p){P<_1ncRlA7QB4>q<=EnZ(hsbGW6x3BVR{l$>{0Q!lKBo{Jwf-%; zB%1l(5`V7Xe#17(jhb&fuxLPbirN-rLn=!%mXb{&DTX9Wm`l0T2+%?=L(;lfexTm_ zzf};-pKPYG5Wh5$mW{s&$nB~S9{&cQGspa7pr)j`4Xo-wb#_*=9X&ChiX7Od8E~TG zcscQ{Xk`GJSz$qP=Q``fINwDVvh1j=SxoKu2&`HB#ggCu%x`ri;E}O- z2F{`nvB!R%#2|j~4~kDWFO%IXG6QDLh7n#OKK!M{PTX3{8|E|2%;=~2n0r1ZaaPZz z^v=B0)5`26q-s+;hiek&t702TdYT8Eft2f}a0uAKelHk}bm~46I^tq>3Q+G^ZDgvJ zou`My6N}IUB{w(g*o{zXjA3?SWJA$HYE&j5W5xjwl>X%8JsMUJn5meC(P9SSbyRRd zG183*mW=D?fS9o^WAS=n`$>)B6QBe873ti8_m$#CpWvtt==pY>J9bFSUZoPD2KtLC zOO~8Bvv#?iX-V{>5!JU_o2MU!o|^9=iWiDK!W*8ZxiZ1NG%|qO#;tB0^cW6x_sVg> zeKCF+BNJ|Z&bMWWSIl2%*?o^NH6u6U6?QYIFk?Mu#|8J>7*iT4dPK}cA8j$jbTWoO z8Io#>Y`*0RKR_XO{yN0>?~N35PGQDN{AgC(7KderB$UmMJIvdlIOSvESE@;f=SIG3 z+N(O%g92Z9^mz%=;)JGm516DV^RK$tME3pz#nj_ZCF0`-WnvZhHX#Z<KU7uO-qkqfI|a3e+j=V&b*{owB#}SBm=S3TB4I`$@PyYzor}|S(HZOi zWlZH>ezDDMd>N8mtxvIgaoCW3K2(sDJ|mMk*NL4P1?q)j_ZVW(_~J_Fmd;?Mv`E=; zTP8I)BOtXZ}D~G+g+c;S-x;vOEV4dfos;u68HUwYpR_5oG>Ll()VXdhKz>s z{AycvKV1Z$Ow|ZW{pYnyj(PBt zN=cTasG*qTTc_~{6Em;$n^Z?;x(dJ9tztPo)(OIeGLQyTz+$=m3YF^#@qls)SJHsu zMeOsP$n2_0p%l)c;!)ZUE+YW)H3uv*SU4#&Tk$#jzn7aAthMa-$IZ0vm)d!+>nHw8 zrWpv-roA5A@B}_E@ED9R16!NW-JAZF_vJ3d4B2qC%(2Q5jgPfDK4rBSpP17+ z+-Ok(zQ~Is@S%+y_in}=9}8^UfCi!+f?Bn}=a+5Jq~3=Px%xN)M}T*=;`ftKBD|QC z)lGyB))@KGyn|vdKwN72sw9lI6Cl%;_JMO|%3%FbKnFK<+Jz_Fl4dvqst;Q26qJ@z zU=rcXZb-q`)!}&lp!Xj#Psq9m+I!UsZy&@g;8u+A_pFq~-Oe!O ztRQ>*#BaI$x_21LWg8UPx}T*OPQtCuFa~CMB{My92m?0HG+qMZ+|_eQ+}uYQ9zf&V zc7R;W$Lu$gN1G_>@y;JH>3s>nzBd*FprMj z7!XsVRQM?y!{ZJZ_di&ppR!h^q9mFJzn*{1kQOl(i*{wrsmYx(d(={s;N6IMUrGx)##yn3nJ zzCVNy_6$ZxPMPuqVp_S-x694FZVAAHNn{nV3;+bNU}UpqZs^OJgVL|O#EF~OKYk>j zjIlgXYEGD|VD73))4;FDU>WWBc&Z+KE?w$`Yq)ADuSy?W$r>A#ngp9`Fc$}(23dB! zY<79<8)}$DR^AlZ&HV8<>R5exBR}%~UKB^o>?4+6&w?NLIC1Dy&XhBoVy*ETdAhT! zs`;L3lQYyg-5^bRTgd?UmU|xW6(2FN^L-#N6ZjKo(=O!dl=v*M={Z5=oas4X71vk% zMH$0=J4CUyU6zz~n4l6@7l#z`vm)|M{AbMKZrr!a-7T;GmY{W3*CRl@;e3nT^cIsx z;U>4=m+6%Us@x9eTo+a1UmpR-y!E>AxkT*#L9wIgj|Btm__RR_3VZNqX(IWHhmig0 z=AC>2E>`;D+86w}FBrTC-z>=4I?m(#6k~H=25n3VYWM|&J$R|#?&Z(#RkyGICR+o= zmOs8f)Ka%BiMkufX?1MYm7>l1e7WtrgwtYn?vIOQWQ!+JBo*cQ{mqHri@6y$$Q656NL!HZio{6ng9!3Z$)VP;FC1;70Shm6m8<@~i!&Kc_6oC>9(43YFbQjA9y7kODFec4OWJQ@%l`}be zRQB|;Dkq`Fv{_sdL6@hz?S+0ml9|pS=~YiJH%D#0AJ7-B>08Qz=Ugr(j&WTA;$q+i z)~KA$r1y@f!I+f7Uu>*HcK>D(SFU=?{SG>#ftuS^=CVL~)4IkeR{Pikm93-nvV__Tg{`3pdjI*xc zFva&UGzJfks5+=Ol-OB%Ya$OPb-Vo7&g&9JqNv2}o?tR3`gAq%7CB(QB{RCZZVsq# zhBx^Zw^W$Y;*ZO!Tdzpm-im#SBi>gpf*4)6+vQExq^jBwN=7yn(~=C*_LdkiV#rR+ z>(p!y!7ZsTj_dck479oc+X<#wZzV;o>@aAF22S3NHAHiFG^a4?klHX|hpD-cRjIUOJaI|G z9%j|%^}dP6kGT1k-X9h*VDLSd->|@pat}T?D~8WDlFQ%OAHFYke4z7n#+JsG?y_9W z=JNUK`F}mVAKG8UZja99`VRgmMH~f}i~Ii);cHBO{#?=B)zq9;HRzjmGN`kDy>eax zpL#-fEZ}IIY4Zbc*7D-sFs$IjVX8tn9tw2sT7)Nx(w?mP-32{&Me>{eo`>I81)3e|rRbIYN^n1irCbw;EO{LRt#CcJ_oJYkS#fjSJH==zUu_26(5;DL3E*$y;Aof^C8^ALwVJE-7|;vW3R zw;CCB5&O5L2k`8Vm3xCI9}H#%$O^c?@|fd1bU4Ai4JqoHlH5bc>&8_WLnf-_n|4E>I%)Z>EpX~Fx?*jzp=gIhu^kr`DKfL z2a&^5a{n@;^=bPCS7zDYmbvZDIs_MR-TZTjGtn>YHpgR$*X&h=WDI_JfdKN@`9NDVO0*R)IHy~)*Oi_a?OrnOE09I)H=RZBI!m(ArKqQL0TK5OoQ z^Z%54|01}?lBGApYd-F+vc2S`nG2wHv)xAKSMI$3U^9YqlkC{}oXUnDf-)@0QqB$p zb*#7V#O!{>Y#DhqJAXq(>&uDXkT!X+aajJadHBLi{Oq;4dM)`k-s5)Nm(;wFdUti+ z<5v0IIvE4Q2NW&F6S#mWzqS{{rloBGQbLC6QK+l62G9ta zU%zCEv?{Sy?>%0;P&eIo@uk$>!F~zl#Y9_%DpQgVwh3Vkuz&-VO3Ar7f<9-0D`r%5 zPbw9`tdUsAr)>gq^>pU(nGWaDsl52v`qizR6m0i@@P2wFvE zdPVr732mVwxGN+4E(tyTWTO!tv@t3%w>z_h_zc6{Y8 z9HZqy5EKVbjr8eTVwMiDSOdLALSYg3p8&i!k}>3#U~0Z!@0UtCG@UCI*}z}tlM>?rJ#}y%`)^-eFk1oJr^NpC!pfi<&Ne$q7duPL`Tv$ zg5&tfPAP9??60{70g~y~Qs^@Dz$lT!so8j)P1kH2?8$a}l77c4$BnzP>Sp4w=iI00 z({{j5L=JbBn@Y^!f_WeWD__fn_ix+KMS?#!e!pN^OOs5Rgn?>9CCmU2>4wyY`(o+dalx`N-8Mllfd3XrQk3*r8)`;KC7{EpIt zxr?0i{PWeQ8=HH_EUSei0*a_yFJ(0f(%RhAzD)u z2CvxuWh6x%DDohpjxf4%i(M@rR#i0*jOhDKaH~sfCW4S!jw@%V01>WA2;*71aEIff z*DwzQ6F2ASF&2JH6fr$ zOz*!F;y_k3KlfsJO7VxbW6boWbs|YiQOQ&gxCfqfz{}5SQsQDvz$syhqXekc2raR| zM$ncG0g-7Xma_b#VoBi`s#Vc&hLC9b0GeCH_m%fCNJ1{1I&TfvH#!b;G^Oj^DKi48 z($T@}nQUDX97tQRcPyjZ3|ag8WCHm`?sGEUjB$<^SN3ky(v5~e_ zHzmzLpUsy&h<2GDyOqTclfVF|`N-{d{ON&hKqANfhB&g6*WsZfSjud>R&J-$;<{l7 zp7Xf+{gzJb0J#7P5F}=o!_DF!r(;fYeK!|8@%w($|GN8~H}U#=+6jfp{2duRM~~)i zBjgy$&FsE$iQ5>-tSg|(gJ;1%ltk2JS)X1ISI2%@!V@X2Xu2082CTsjglI@wZxD)j zSmnwjpa4AQH}e+qd$6PGfH&t~F)}|j$WLWGH9{$=ti1nk##}1PRcymvk_Q3{@qGv$w3;ldbH@Q@Ovywl%mHZ9qpkYiZtBv`cR=JjHMA|qy3gEu=Z z?a19SD`_E)i3^GHQ=iWsrJ$fl{Q(_eL3SiD)FsxKRYeg~)!Q$$+~XPh2?3GEbT)WV ziNljza7}OdExkRhBY{yl)OU~JH`0B2A2Gqa&;w~=n(CLD*c%p+{!wB|39CkJ zNnN!){R3YHXE8`lSvG`4#VX~6_*g7cp#&O1W+Na4YCRb+ba!WV5mk@R6qOudW61K1 z2SQ^pN9_q#*Pj3K;D{*jd;w8du2S$zz?}0%Cj5rc|p-b z^{B9p!Z%Uf;LINrh-dx&-{{Yn+Qo0`-QUXlxA!D5-0$98{>s~xJoeoDUv=Op|L5P2 zqaXb!`xR&EU795NwSPvST0U)k-jAB?m@OGv>mH0b}XvIq%h?PTfeVecd+;xULx$$Pzf@)hDDB0VnY! zzcRI;>c=J5gy;KD13(9i6F_ymLR7-1z|rZEnd}xe5wQ;Q(`&gBW9V7=7wUQI_28## zM910N+0ae^TPTJDIZAHsPkNsLoTCh7cZn_?oz24*uM!lst0iNXSY_ip3+%Caq%$XL z^mUE~Ly-qwrlrcJ@jsE&j?OKlBcu2d-BmOJb|rwXWO$ZgBa9qc86O916(MfF(!R6FnIS z0(xKMw0kglQc!j}5R`k>wcJV2M+GMJc%WI`++!Q;dy+&50VDhs`?(gtaa;#j8bnss z1o{Iw*Ni^{`+9NZ9W3DR!;D$(LW>z5B50t7CEb?VAEH(S86Ad9$BdWdK~*=Mm$|rU zxDw5|^NHO-(n|%CBeH%wh`t*q339T_<_y!EalhhX+ys(e8Mj<{a?YY_m?~)B07&2h z(8H<|sgC}0%{nrPw!Fw5OBsXYPg?#&TIm5H$c*!{*B?gKM4!_pMGz59bt=(;S{NQk zUYfKXMi(Os(_Aw65jMSb7giwuY=s3FB>$=i9rPRgf^F+}aWB3Bko|{9Ew~!!Hhck( z$H?hvv-T`d2uzXuQObOaMC$H4BEW@M76|zomTU&xs3kLFTt=i}WVXBpd9fx_3$5+s z0fXSvi4pHIo`%2N_IVs{@}@GMz-^}UlR%~i5EsDYh9`i!F&{>nE44{zuoQ6_LjuiD zfU)8=CV*yLkcn9PgO~{ZT+erFj_(h<&tZWyQ9wcdV}&7!i9R~RqnYnN8Aa4V2jYfAC3IUZv!ylp*k>uwwlZR~Qmm;>?h6l7lo7!Q(1V_zC#Ek1ssC`&NEvrB zfO)ay=5Y4v+y%n{;cp#KUD&XYOyTjaf#!w0DXI2{yT;6!TS?A0)?`(sPD~d11$>p_ z7%ULdoO_o>@%&|$x0(TpuM>fbj2h0QLS0S&=F7R@>GfW|>lzRLO`6?(uC~-!+X`*u zoV=p+yX^i0_T;z(n15CW{>hF+P0B?sY`)W?q6HDf=1F&J3L7_u%)junR<&tsD~?sW zhPW%jPumg{%fpop(DG(ZGbc;1VzTd;yK3t0no z_ke$N+9(`=!P}MhGD;L76=AgBA4}3>56V9Bz(k*wFcQI*JPbB#6#^!3^%lC)YP2f8 zWv+=_L~R_<+StcWoH=u>h6dB;v0s_sPdFti*ePv9$Q>JMC3*a4Y%OO){)DF7t@vWJ zp|s}#_ctnNK)L@2RrpS%a_pPiX+GxN&D1{XLwhWeEWFtM%LC$tP7tO|o^P(&(M`?LS6dIQC zwO|3`5ONyDg4@RY8=B$<_o7`?ke+_k#YHmK{O+9mbR^*_e7_SQevkZYBsSsGT*<6o zFtNUIi`*E=3roYpnZHaw;0=6&^w$60g-L5Lxc22cW9VU(-spQ3b=AX zhejE2>`Nn4q_aRT2rhP*ZeTSHbN1LqMlh)u!=`&)nEyfA=R6!?yn^jwTw^(E2}?xF zfl;r%Lrdrs1Edhyc43;Dct7VQdzvD8ntaI(q4^0IA!n4m#T@AD29zRy5f=tZi*9C6G)3VoFjVn=Eta5>&51#G2U(G9&;hvZSU`&i6(KA zb{#K!hZvc+DT2ONpoQleyfqo;xP~Y>dpZPdg)AGbyQ@@(VeGG>(2MXfe;8^N9hE zCj!oNCe$?Ma3Ls%CY1GS4nQV`XA2ARwBG5;2MDEacO`doX4~Pcq;Qr^1CiGu7qRPM zkEzMqT(3T&6GN2mqy_4cQu{Mo_e~SgJtp^xf*{ zNK2Bn`@VMO9Qq0ZtR297^2?sZvQQ9N4E0YM?@<8WT)zx zHfl(ZmZ6gKxupuUYs}KwLl!NuMAlMX;0@e^YL||v%WtY(HxWFVFkL}D|V0fhO zd!P(F=0^*bQ72zRn6WF4E<{cnlZQx5>+;!#Cs)J?;Cu(4YiTDIDrAyg9aMjhQMA={ z_oD-be%*loL~UB*j|bXK7`ecOIzn@=2g7W=-r(K_(aqLqgq%o0R&G@2zSlZ(z>&g_RFGc3f7?AanX{ec-TxIx9l8~t&l$u5Zs^L?@BQLCbtCNMCvS*b zNzPkGHj~`6lA238`N{YFuzqaw&F`#1-v_)vvR)hy(NG8!@1h$KCJ~50K`ONV3d`=V z1T{X2sH>T=2?Oj{Lp2BympcDa8jQ&owgAu!W9}ZD3jvdV_n3+#gpO@?&3A-hl+0PN z(c44DZeRou*A$ZXFw>s6IFUPLGCAa%hziTneej7P zva)*}VzlS+N_IXt4bc}8p}cgD2|e*^pD$Uh!9#+?I`%SAIGRc$u3Bi&@|yQ;QVv~_ zjlU!n!~IAl8Sp0ULyfeL4KXL`h{L8v%$oPfXCz4{!PyMn;Mf?Q{DK#QutG&mtlPNy zUg|wYEZ+NNw*!c}Mzv_A5GX{>37#P+yHOg`Uh@2wZiysk&cev`p#!|{YsXN_1`A|t zU90ZJh-0WqiOzxvcxJFmofYd@GZZ1AS+hV=l#+r9`R(j;5rPU_Y*$ok`x_LT0q^Ze zT;!f?W8bRd-C5c4+NR?jH*Nkkd~GTJAn0b%P|%wm=y2vI;7gJabyzIa1!&D$QMM@JgPeo_Z1S7eGC`j%C{TNlBG!=;+Wp^9=O< z&bc9#9DBu$cQWMA0Hzh=Hgmg!zy@xYSs&zBcnzb`k`MnAFSmHgXnv}zaxg0Z`6 z9g^;8B#GJrMbQ;W;6UwY*d8_%Y(_DmVQ7-5F<#&$?>J*s2&Cq|d$Spp_|QK~ z1LcZ2Eu*F8F%pG_Zd{y6TQCG-%B}b^`qk&Zg%FMHn2|O^_F@l&l^!~D#Z97dsDtKQW(##_P`i0A-EqzRK~{}_N{Dms zXGdd7D^1hH=YR05`BVP$$5)v|h*19+=3p2KQFKOZ4)?w=9MZ;46p%Wm;G~qr#xk_* ztcy?*2JCNr)Y6lUX8HNLdii536KF)nt0hX{j~ESwfesewR=At_*$Yo0x{s7=JEhx)RLdCOCIxyrwL( zmRrm^zFD7#bLi=QlW$}urtabn*2na!6Z!hLz?%O+7+4ndtW~W7Ft&iI!up(RFGf^W z;)ITm^YVWmH$ARU5ybMq#uC*c6{QzGyJLN_iyFeKbHY>m>NQ?qvDPa0sEPJD&C?rw zWGH>COPH#cigMj8`~f|eL>FSgQg?0_*cs2?P=gdM9PxIn{y9SA^yMcaq?SQa*(l16 z3-UF`U5LPMQYQkf8X{tCEU8dkEJ>+oYpw+=(UB;L0BCXwhN!A7>X9;pf12*ZKRH7s zzZ-cz>krBPgmLU#cojezqJ6rmXt@XmCsmXD!##*eFIijM4+j>0~&z*Bw8Z z&)2_U2~CGxpmXM??4s1JBXf=*N>_Kh0&C5~2I?caICJLDhzQ^Q8E?#YW?41_A)AB* zM=V#4;?@7>sceeh*t?#nvDCS{`=C!!$p}H2{`Q!IWz2)Ms$;iQZE*rAl1rT$xY9or zLO#!wy>%&rfplj4QtefHq#cg}Wrii0KU<+>90@B|U;yAX)H!oC`X_}bHYC#55g zJ!XNlG(Nj~dJ6ZMxog;q*?mlC&c!h@k7d`fd=~YSb7aX7{U!%~YYas2yt81e2x*`i z^!jpGU$U_Gx>c)AI~g(fJ}lr6kXOdxXvj~HGnYv0Yf_qh&$10fyj&93TXkGRu8b4T zjI!a~u&9g1#5km`Q2#mVXtrH0oO-bUGGHNeRx<2>$d;1n>aaRd6rpWV!vs;gKB9tN zPLe}T>{kmaLyY9SgOFxY?KJ)?98GJzI-X3|;KXY=2E>@!Z$i(OrkMfNh^BPYU#SE6 zUERX*uSOn;xM0{Bs0+5AWR?6ehqaNfr`&itTCC0?PG98bo!Ge6;j}eP7u=m3ff+U; z2D3w!(%}Z%;b@pwH1I=8tF{}QzEAT-wZ(E#TZqg3-3Fl00aXfzT%{xHPvL|1T58K7-?nWN*TN3>=?5UYGXC4h96B8A6q!`2W)i#;b89xp#-{e z_6t-uw`YWD@H}#g<~i1%R`J&MzCPXo*_9G|Pp=A-*fGT8(t~$aR*8=^%jrkk!->2` z5zzwv>$+TS`7Od;#}Vk(E51Z*RsZU()iX%#X~wWL)0Fp1pm`1iq=U&=Qm*KqppEe< z$m_13Y-L&tO{fkFa{XBU6roM5{FH`p`dM7(8KxeKSTo3;Hvg^j=AI}`{o$&H%*PFl z#gm^k`0d^(0#&_4tc5$hi-m-BX+tcp%m2CmOUgDd%|;Z;R~0l006X z?1EX~uOnCWU70IvTBLWr*)@qnlRhSm&55smuts%ns!0NUtPSnfFdR6?$}}5cW#mO2ddNw5qR4#@K6@rZhh< zgAOIKWa7PhIQsQaeekyt|4}q}Yew)Be2cCH(Q&gzbh|p~_s>Po0!zfxbWve>y@!*c zWH0yUR@~s&1BXW;$)sqIsFBt<(We67uZH+k%hqwYP32K+A*-b-dXU|&R(v8cC7|ym zh-^g=i@8tnuF5t34!!z=)nc*hMHZ(pj{T^?&rXuk7W|;(?M=gv!?z1oQJycnidYoN{HuW%*IsMOG?rO-!VY8DA0|ieJ=iq1LL8_<7ByRp2A*L+5RS@u?|(w?`7c0{j9&(@}$$vwiVa8q$EHr%evX%0#t9bwmBEP zV&%^&5;vP~n~j)6#bL)<<{BG|XCPe9RBYIU%?s&b1q zFj*QmaCJk)z1hVTZ4wN(aGktD_-!wf7ZkbNfWd!{@1St?l!x!cf9}4+;QS$FAG<#d z2|iJa>J^PS4M|pW%jI&rBI>o$Qa2{by3FIXDYF`9_{Et{M!PD z1N$MRKo|Ch8p^N=?(NmkNd-h7RuKh(<9IO9ST4RBXenMR-?dJ@tE8$DnIm@v{C?TA zxA~Q|{zdPTI~d-yjyGdN#mG7vYFl3uNo*)L3^%o<7E=Au@ojX$z z+MY~B(9+4wRu)R=5K!n_!CY_RimVV$k=>79pmY+*;I@{EukML+0dobJbW=NH;LK;E zxq=E3{cF~ryh4B%k0y)HuG9i5J$^=p6f1!LN6I;7#_%-W3-OAX<~zh z(!PM6Ck~0Ep~8SA8@C!Fl&7SIYH=K{1dVBQ?sf;CH8rnVvk~)QU1jL*fjdD8^~%0# zMvsJIkf3K7R!b9+xZSmjGrUVs444M@KwY6*(5Kt+K8j8kzdyY8pT{Z-?mLnkN#)Sk zi|duFCT`!e^={tqvo&c2T8Et7PM|)XA(7q@odSC&)Y%=$X+E8&wCi0ita8YAaC_f~Mb} zZD54xF41Qlax3%gRVsxB8giM7x{hrLd}P&M~o@>ypmr82~F58fVW ze75(*eFgMyl$B^qR^Ix-6gN0Y*0J39BcS~eZ_$NQ5XF}Iroh38?OF~9^iu6`wH1=K z9-g)r_4rB*`~8O*is~@raomL3Vm?M`&cNz=$yIiFo3B3_S=Jh}@j}XQ+7>leYt_6e z-(oT7Wc-O-QWr}4Ag77*?^Gri9S(Lqav1@eQh!R?UFmVzG<== zrnW*C63J#A%v6OL*n0_PKuKb|e92}KSnQjwWYge@TC?sL<05Gb*MjfTQBjL(D~l4} z$P)b{F#$5=GC@+x-EkKb?9h^)e64xnjn^j%jFK%4>PBo=@#V%!45lVWe^MP{ML6n@JXO*N0=ij-a4{{A+hw_` zk@jIcf7ZIQsrQ3Bt55p#clj(`XFhGRRE^|9-33w*Raw!(p#TrjAAjFx(|f6vbZ8m{ z=c(u`W#uxWyRM87b=gjb6gbfL>VnC%3}^?fQLO2fnFABh#d9gkgZ1NG*TuSoj&&H! zRm+G{8KJ+%VQQfXC}2XaK#JlU_>`KK5wU40;%DircQssSLNVz)6cOsg(z$?1h-hH` zg1M|v!r+n3LwxF~S;u8he3c(zX8(p;ItnC>+S(KU3%XaTY)HXT2pGe5-ShaqiP4UE zMJq;+Q6LGlUm&-O3%B;79&Q%RF}E@Jt;l(vgoY6cav67?zUP+{zzW@+oJpCdg#%2b}&4QvT_&*qgix1v?*0IG!jX( z|1vDXKH`t9W^>d(Lcu9JL;kl7;Wr?kuBY^8VRSz_ZjseI8P>ZEs$%r<`C>LD!o0sC2fzW34=M6Vk)6@R1V+Yn`HVU6d{i)gl?W{WJpT`W-^2T;|;_N=L^U+^6vaz@iXDqwNuL4NAJ_l>J zg@~uF=%mN*(eJf0l-Kb4B>c(*^KI!O!}h?yKQ$cm1vxJh(m*W%LR3h@*A9S~vKyO` zFVZrsY*_${@Iy41^+tTFRQy|=Fzyu=be%2tFQ*>CZZCq(XaMFM{2K@Ot}r{otPoea zJLHA@?+V)`_AeJYkv?iSmJ!J+TLezn$Cqy60=vqV>F2 zIAP(J_ZA4`r2+T{z;(k)ZS^AGWw#|BeyP}&r}xIiz<>J(+d(sI`uMFL&J26OZs;Ob z1{|gLt-gK4E)VG=o7~pdt^3^hC7_2^ZoA6}+yE`%^$P|b)5iZVAN8lcw%|4(ap(O~ zuXmgOwslRh)OilM`=+_0x8+s4o7Zit|D40*v|BCKu+7&BFCXAwkJZQDcgLC->iz0T zd;8{H6MyNLYU)c{0Li5VvKby?J74s$4p2YmhC3wsEq^^9uh(}mNL_b`fv_eL;~Ws^ z^;1gH2K8=TeIz z|FZ?dYT84|P8X19rJ^RxS>K&v>^+)192mn882Wj$09qrW7*syj7M&n*GD5<72hFz@ zJX9`+u^tLveuR9SH%L9+5^=HjC=W{m%7NtYW$vw{V*>ckz^XBHU5!;Nb}(Bb&g$Z@eE>W!Mdl{k3Wf6YW`NF_K6-9%9hSZb4sG zdy?Xzrti3&t2|u(gYOfK^wR;KXM?=vLE7+>K?a zPjeU#Eu^Ojtfvan!xYv-70D5QHQ}!&Qp09l-hi0qTIWlhyYv9w$IbEI8;~fyyX?PQ zh4=v<9>HCuDEFmts*|{#j0(pB^&3WM%*(XtVWhKr0}gJu90iq^Y}c;r`Q-XLrk%F) z*0ezT;)2a8V1l<31GBRJQfawG<9!T*EJ`%(M}Vbh++#=5c{GIt$_EMwM|hXU@{R#f zz1f^$fOYm1H6#ugwm^^~Mqg`C_}(eQ*nl?Pb?p0mBs-?B@d?{_Oj6f`MIM;36W4_P zqBWkTu@|&mf z6J0F9t4`?&M+`+caLiK9>17{tS-PEov->e@$5gn>hwR4d5|k*tl8h{=Zd(qo=gc*& zSFN)0~dD<5P<%1%gF~8T+`lZ>nnSJ>ZCRfDjANr3`@XVqBT0Qes5$z?oi!;w24 z`>XNqdj2uppa4Bu9`n$)t~{?;Iv&bYqB0zy#%D6r@KkplR5WAc=GXoElKu`m+=T;$ zSnYt8S?QmOz>;fqH)4f4So(i{!Sx@0o)$Vc+IQ|tUax-VEqMH8 ze(>Y+mht&LKfbcO4#(}j&((k9 zWu4U0VyE**-{|xb*?20N(4Rjl^moS3jlFx|dEi%+2U1VN>>RO$z@hVV_fL6()ZQnj z-g}y*?W|3|ba}7fG|6lG0=gcBo?UTE>5(4Oc^P&z)KTNZ$Z?kv#NGS`m9B*PV#m^l zFBbaY;^5!pZNx0W29@iBR4-rWy4mCl&Ym0+S#k%KnLfyz0gVQxEqvP#jLe;b9|r_YL>aarcL2zWK+ zGis!?F&TQI^@o^BN;mpe$Ow^Z*{*m*SE4N9fJuxOG&j!NJ2E2R$&-M~)VgkM#EloU z4&{51iak4X-~(=>?{}{915~tT2#1_*23%?g0dqA2fU8)8!`q*Q4Fh!c)p@@lTmxwJ zcS7SMvQvV**Nmoh)2hgMu^Di}Y7LT7H3dy#Cev=U8-q9RHiboIg~7^fu~r#wTw#K! ztg}EB(9x(N_VKi8i$|A(OP53Jy<1|ZCI+k?F#fOy9=2u0Xp64Bu)SlrX@BM^&rX9D=J3&8OyWIH9_3?TD zV}IE9eeNP{`Qj(b`h8y9_K^??a%v}lz3$#cU*v?lun@QO+ngVPrHc$oI`6`PpRJ%9 z?y0l^9j2h1PN+s5HfNnEQnLmgeehs`+F=+4{OvPEkEV8s4ciZO!h&JjowjsoFyniusO%I1W=v!Y{Y zj{S{G?gf0M86hrI|96|xQp@kRr#-A4`RLvH<#uIVH~;+ zdCC`)S-{B@v;9l%$1(c&NvXS;K0|p5H-kL9HxwOktLt_ktm}U@S9q4g+WBdbU7~({ zzJ!=yn43bGiUdJmn%k0sEotF6MhFEPbVCu%Wt|mM?6j&(KUaK z-$ZhxNA(4m3jxO!9?rWKso(m^iwZ9B$C$j&;v>QgXv^le1$X8)pVf*8@Um^4*9vh+ z4=UxxgsoTDx<)j5mo;(K* z+J;LZf}(|&lsYd4iX$U&pABpe(aJNS$%hW>tcG1!bMQwzKfSIM^Rx6ZQHhO+qUiG=A5ek>E8c7 zbgk;He(8s`YWAFCe8Y?mm#4j}Yb%X?+kFEvc%`?>4ImsvszuE2^6o|MytOTe%WDEm zUhNtVH$=Lh3Z)zOMtg?rfF)pa%e!A7-iPR>RuY&u&g0(sfD0|99UAZVYtcU80;hK; zCLSq7@6#+bWc|af7j6Xwm3E*zY>w;by9{aOyYqWKcDM*Y*uB`vlt-df@0z znA(Wt{2PY|x^92&`He9Z554d}{MJ^}5;n;iMWdRYI|eaY^VH7nindL&hf^EdC(_Tt z@2&Aw7xc-d!R_i(YngB@u2-{k{rS;2-SQIuvMH#`X&wo>I&NPONhQ{i2Jw(V9So(7 zqm{n5rUK)}xg2jsd7J&~)?0Gg#0|<8>}A27u`T3{w^=!iz+%|?6~D;3m?gMooo>54v;c}OAR}f(8=x1MvZRb8 zl>H0&2094VBK=2NVOrErwX_;Y-j3ec4lwQ({9yUK?@qOJY>kV;qFu&M@F*RTUTg!4 zJ%Y}XyaWE6ubtD7B})R+KaJv(PdfG?TL4IZihRe86OdQaE$$BxYcylUk{%(8JqOI-(e*3Bp7QH(1BH?*=Er4tVY3 zXN~-lr`+`0IXsPJ5s^4!m@HrB=)w=aiZDZ^2VN4EE8L+(6w^iUQ_FR70zR#!^*GNo zP>%V9qQwm}KSGq=As8jYhi33sG{=hv_=jtY=?*iFn{4du zuNy-~tHaKXDUTQT10z|lFKUAGh5JHN739*K@4>MuFegy~yq8=Lp3(ebJ4Krlp)Q6% zZ$3;NJ)Eq(1~AihT~pyRtE;fd$Fm4A54w|twCgvP?H}x1>mN^2lsUY1C?TC?;58bV zV_+Zuj$IySTA!qD)PDw4jCQNZ*J%|Vu4Nw2x-ooL3ln`&OuDBf2j0_M{gt-0K)I0U zHxGIbkP*73`K%J?1W+LZ6Bze8eK-Ds795YEkPyamF<|A(@;#pDByQ+M!{0U%?=2S{ z-BQ$R?ZI%Sp42#pxX<`|xr~O)h?R^7Oo~Z)Cdl~JmHd~YNeRk?f_*>R?v*;$!^}ka z*K8sN5%K8uCzoQiMsJ#2+N%%)+eSAjmnX1Pyf z4S3Ps=hYbzGY!qp)wLRQ4Z&y6_0z=8L_o+@K%>V*0{V%C$hlKDqz(d(vt;!W<+P%I z!0|<*i^4U|&*!ND@PCu$!q8(pV_nC@^4e()^$ps)cqy`6M zfs?03WeQ1H`OJ;sj4b&f-Fyp0H}e3o40b$j^2gxI^-b2X3B2$!e}d8e#fE8P(9%-K z`}9|bWqC57X#+CG=5d?m!J%-l>hJ8s73tB+61pexL1`6A(S{brYpslQjlv29h5PYJ zJ>bNds|`{?y75mCFA|C}#TBl2k2J2Q)ss5|nyVl#ieTffYUu5O%7lDeAW|{whETy8 z7yc7_B zw|gk}vCTqc1epF%8pIj$MKmp3wDKQExl@Y6-U+lwBqd1;<+nP;`jee=twyOe@265l z2_j4(Wc%Cvi6S}dB;*B-zC~;2$6(_gX~i(!uI`u0U=dc}uYe4vUXTP#m?egCSQCGI zd?E8a9qeT1lRHM|5NDX%K-^=D6sY5Qrw%7nRNTgXGAU=Qt!Ls0shG>8McI zEC#cl;Di_m>WGMpJ}Ll%Mj3?xdS4!jc#;CV-iFRZbxH05a~el7`6`i2PavL58Ip%` zsiNS_q5E&8IdK5`f_}gT^D*7Y5!Y`(JN$D;AIK3~NoGcb((XW>PmWqdyb=yshj6rGh$|C@J&n-bu(RISR2 zvGtY_Jz`=5AIVF6KeM8y(IU5n&m_L9~Fl)(Dw-yRT zH(8BBX1!%(f^G_TPN6THMX=8V+n=w1L9rztefIB1bJ!Vy^3Iyf{(CKEo~Hu?Hb%9fROyq;lu8=^VA zbFt9wmFfjdIqr7!bIE`M+=PPEP%(HP$~;|=2#J^#7-!m>AF_&#EV%suA}A2(Spt;& zF8|vSF8i%oxZx-;mnD2b%P4z83AyB>K0<{Q7Q{HkD;g%1v*uWik{)P8-=vd&Irx^A zyI;~N%BQRvcs{$s$;x+VmVfU)7_GFscuL|-Ow1b2+i<;1J^NeVC@d>-dnX3j?0V5E zi80o!!7~9%jz>5x#l1!40~x96uN9^06=XR{mfnZFpa4{_#=KMgGiU*3NsMCvQ-gY%C({ z0<;a;V!qWCsKd;eVSZjP+c!-Hb?{0&hLM~yb4mQgdlS)R<0>9i`{P;>@?|Lxer-B! zDUZEk)WH-{rzjOItxhWj?IINH9juwQ8CT_)5!9fcO)hcRe#qnJXK!{bp7k#N!-0z{ zjHugQbqBgqFxk8!@`BS@eOwMzAD>g@rFG{Bxqm zzKTgqEJrB!&?i8EW*?Ei)=IsZbt{B^U|P%#1gk@@^vI<4hTde&r=zwf^f^F5=$iws z568W`7fb~K30EOPk6o@03^ln|m&b_wvm|1T1%4yqu>EImNB<$^dFW|Afh*{777%$K=`Nwbv8-F%{RCJ32 z-6I_j*0IA%opE)`_+{ltLQOa$#BKtm+;}^i&uP&32Io0&RL4)ZM{3&sJ$f3w!~n4u zGwm9OsbfpgHEbLFSOZ9%@3L2^9AM9e(w#JPO*$zEm6VO=zL~>?KIt0Z$}=>!nhapFls7N-k2Q!3S5MPurg$?(b$$>c`Du_rd$i&G%S7Kp% z2&>h3#O z?^Db|*j*}A)sj(P*bpqAW<)_c0JAJ%S3FUK%S!Khr!2-*FPXnpnLo}|Fq})9c$nBy zYQ#?*$j7_nGJq&g{+3rf^0DjJb@NDca>7Udm-EO`EG{JcG|XOI6+S$`Lqd=&1a~5f z%=LSYYj@AeB`mlfs<@LLbGakF$3eacled2N6F0M3f8ZPC1ku@tD|kt&>^-29{MS)cUw1}#5j8WY_2cBJdKk4L3k zCC5;qpPV#Q>!5K_wBdm3wCr0&wfLE+!Z+CUegOGhKA3gHFow5lJ7fNM zTRUeLIPdLvlfffb4arT#ndE_w!+HeV;__`L9NbHaEso^&KeQEOcAjP#`4t;y{X{Q@ z4n-8$TW-_Jq1B{jR%00h_0gR$nKTr3&*SlUSgzhz_t|CJ^dh!G_vViXe8CtgPFJ_>@uRWz zm>9pQsJ{Ly#tXQZGCM?ZClIyooyI{Y;9;S5!!yLcpBr6ka?^aP5T_%db9WyW3XjW>zaN_Ye=NB zT`F}pKa1%y0sV8v80}!BtU%GjiJA~y5t}IZ()Io}CaQZhufU{YnM|leVcfQtLZk4| zEpBK*OUjL6P+O{!TsPB7c3AW(}D)p1gKadpL33O_c1bXF>I$-_RHg$C~m zQ&21ss;>_%fo?zxEpZG2!AN4%b(2GzVz{>$*8s|j#Z`w%OlbhY(wweY-&#sha`x(a z{G9%Ewp0WK9YLM2QL03;P+BtdNODN!qCHe3{^!-iwpyKo@mR?P{$L3GcRH^}K(ZIY z5R`&>fX4{jx!|>sUo|O2^Ze8wjB#M2C&LV;ljFQq*M|KPL$T3fM=U1of znI~-sqevWLmHEQk5DD_(CgaL)CTfP%#_HGvrtX-A2v~<{kKRB#;znEt1ITSD`~E zv(hB5(j=sezM6^tx~9i8$P_U5?8ogQ3YtBLvTJR zJv&F1yY*+u5rTz3z|gh(R*VU(|==ZeXu#L455Fzk8e{mpP6jG0fh?$?=$VV@i- z5r>l$s9Gkn$N=;G-Ci|Ae;-NFFTDOBU7V8nN5~&K6A<6Q#7c7dnWKD}_OO_L1@A`F zuP|R0@|YKY3mn>7VU%Y!Z-?jKBde^jC<|->I3ZuLG2F=Kk0%JH+}&pBbR1x2qYk~% z%l;J$T#&8t{%yohv-TnDK5CYL2ma2W73jiKX&yky2^!Cwb9h3%>2mu40CJjUG*gvw zf8~an73t|0&CkAFDaYgwpmIbN-H6~hjM=1oPnRyy3^C$~J39Q!vTlIM=SAR}YDx~F zEE5BsLAa)Kemj$C9xTlmz&(J9e|GAgh19WAXHe{n4AKdMH%i0^D&1XK%_dtpNQ~LC z2V4bz=BCZLi*@?{OlZ45+v9=n-O0AM8VjHH5SXN4WxO>EsSm~>32e0pV>G=HrUui~ zrDmHj47xL6SlG48$c-k5@WfYHivS@(2pc4+F!li&BYUiPN9FOi?Ca;wvxo}E6Of^1 zL3_aG_x$%c()|7je;bt|- zT62;FqIs|Z;6|mtbA*0WFFXEsMvc)*Tf>DBgmH*@b8idD+y_sjQTU96d$|f=W(aAb z7^zF`lfaj#e4sq!?@}OQR}buPj&|zBDR=U7m zm!H~;o2c3(?$fG;adVt&jz!E^GYmnRz*|0=NK=%3z; z$`nkv++q|Yxkq~t#A7)J56+^qxwzGK3JGRJaJnbcmE2t=d3rOiql{1*I9Ww$E7lI! zgo97TB@7jEW>8Tv!N82gAC@%J%>e=-Km?<69{_ApwSQ}SDfRxfQ*PY7SV+xi-a{^ z({L|fMYypH{zeIj>eN@pZ#lQ~_mLdzA~Zrt?W5$6{rXgV`hZyf+(GYtLWDY-Coyeq%43Y(E%rBA-Zm%@>0oqrCKJRBGe}Pf7BTv5;1g(~~&Q#>2Y*WM$t7aaaR&YqI(aEeITIzAl=n z2}wpvIi%*Duuw;0rH$a}eK4V4bz&TuM^^C%?l-ynAve}_L*|bGM1L@hkCw^QkA(@r z@!XFW4_Yf|-6C(foJ|mSmNN`hs2v`Egovwxr&bHE*VAk4S(9axl>Z1xIF-y~r3R~Q zA*=9)_oRX8DV{U&izdCe&&VUR!X<+G0P0b8nyYB3o-wG(XQsOpQLNocg|TW7v$V|J zGFEgBv-aTC**trF^twLLZb;(A!4rfL5gI5#f)+<;LxpWsQS;pYOqz&D-Eo8&@_&_jMGa zxjwbX$!C+3iPIvhS>nwDhTJc=C`9=9Ig=n=rCae~<=Mk>+WdXdxwHU(T~?>+0_)VY&4J)6CzT}UHnpUC zkf*QKGyPi2cEFXF(GQo*b=jZ?mZb+{RXYs`Mdrn2Kc#zf1(>Ca+XPUgVL$)ltaZoN z1hmD=bBSSkrqNZKZm%M(dN5(F*9Mge=H$HTvBf=YVt+Yeec`xwB+c|uXHc0eq%0w@4*uhj-FGS%6SV}F z{#EQ?Ef=|@+4H1T@(W(m`O3*ouW*5j+I%Z98@A*&iqBhjGHT+!e?JrZUC!Un$o{if zE?!`7F2}Z2x^<<-d~TF!l!*X4a?WPn-lcx5M2vKxR;8U8IzX~85v(A&m&JIdwzJVSeXiR z(k$GVnXkFUFNmPB{ICGiFL`K>Lb`uWc&u2qI4N`qsKGVUWr<0@QWCK{R$zKPa5m6R zQN)z!;=IaiF8pqYd*of*(w@}GrwkIeTZ-MM(a0!8WgFoR37Is2eup%kRxRZ7gT?ph zzS2LH{9&A|$mbJq6aJj6kBaliC~?P#0r!$gbMQ!rne0r;Hku`KK8g15hR_2$pvvup znPwqRc_~X7ZYQv!AhYLDwdpIe??y3H8?b@<%T@_gQc_c4$8c6|oE?#oL~1l-QoCJL zd+Dg|y`G%Kc7PhQnKm#hG9j%IO=M^5$?cy1RcGE;zfjV)#1_@Uw7ggg5$tb57)(Nk zT!=N|t}_2u$(b3YH4g7U6f;E7CHkqpwX^eIpH-)q0>ME13Xz9{q_P?7b zs1O2El8&VCsT6vmybk?*#Yh%@>041{s~0?9Fb zUitP=1Y?f5KqK?eKcTL{G5^F!yo7S#UV)ukn2fK%Cma2}AAu~?_GEF4_ePyE!^u+T ze<0AepvuK(eSECzN^Ma%scKvaa}+kIO_9c{N=Vhh%k$_Y%F*_qmWKkkh57L?-)P%Z zJMcPV8LzJCpL0^>HZZ5#8h*Qw2+HIkVgZ3`POIub@-RZ@hQ;;3)J2(tVSef?gB)K% z)(}Uo(n@=>`oZ(gfO7uPf%a)hg}69QS!exS_v48nxY)m48-`()j?5*P5At7l&oSAm zj-fgcdXq@*D<3+>R*hmUjaC4W9swIUaFzR8iNA-1IPOiNqbx=hXy&|Kw@>$NOm5-T zyX?V;m;pY<@!yT!4ceJ(?!KO=6S<3Xy-v;sXuckc#T*{*_s;LvvxkwLMeHcD7`Gk+ zUkc%HEuOiZo>6dEt^Z+RGFCFCMv-mY&OBgUaQF{If7WpUF8??|^i+Qf%}zw)X?Lvy zu&(}xi8)*mjnd)J2t0GAvVzmsjpU9Fz5X`$PSXDt5gPt_*q^}(I7FA3dtOU2X#n^o z(y==TK1>K#VQFlT(bhMZVYK+6vAg3=*(G1?5S&3n{<^-6sM7s^z?M4y0b2@Sk|ILXd=sKHDPZ6gsr6erw9sR$tlp8@ z{%?xys^nj+W$$TkbY{C)YGQa~qI(|2ZKlKM#W=?#UROFVRvAo&o3voWS`QZYmo(P88Oaz#XbKu+$0VPa+YVISN*8A#{IZ zxW?+|#2Za~2tKVhJFFcvU^_GIS^s~i zWpDaN)`CyV*L&xVzgfl%3(}aMSBkPe=D}frqj24Jbyl0*G$Y#wi;w>L?Up4Lw&GErk*AKpOWnevW6^M z)7BcT*|lRUgu+q|j9Y<@jrE%q0OS7^X*tb{Yw*3ov0Z14+Yopx@ld*Cl!U>ht`>ry zTJrTk`}PlC^6yEF=a=hG=Z>LR*0g}!qvos0ft#G^bg zy>zG*q3B<~-mh*&BrQ;{=cGHsqlM);hmTU1_MLtp9FWK6Eh`m+@AcUsqJQC0JvM?9 zC(K^tfh>0jem)e!It7rXS3=9&uT4>3Cr6m_A~jQZD9moa#Jj&{8MyiuBIDwL3Amqnu+gJ0Y3Kj&e5 z7)_nYtsB+T;@V(e>kXX$3L(#Pf@y{IZaKNYR8s#Ab_E^anO;J7jagsj-$`s&O%Wwh zx5m2>{#x_M?vfxEKt$jHdK8pXO0l?62+-SfXW}_pWg4_Xc{(Hcz5ZTuE(}?dED}^Q zu3!!J&cU+zlpcaCc&--Hsd!E5!&6vUbZQ^CIg?}W+Mo(XG2zZ%S+q022!gj*`-4dP zn6XW}?`h&wK)SO?8Qg{Onkk^=jx#ZEMK@b7cyQbO1_ELp+2aO3z{7km1o!bz?xhXh z$bFA$I9QNHlxju^l@?EkEXe&i25hXJb%aH!J=bmSH)IuTU_@2bbXQbXB~^?d6V??7 z7!qw26nlZNI4@`FKV&LUR$S4`UnU`yJ4$NRl0^H-+(N)A2ene6rYd-1va1^MMCBzE zQ>ZhzT2AnNa04+)J1nOK3i?w|I*^RQn46Q0dW%2a`Mtn|dk>uQUa2vx?}?SD`+dvOhA6i=X78$&XOW_& zDSW_R5VIQd(l+ZK%3|gHQDSD;#^$=xxjB@tu@U|&Ue^@=BVWD=l%l_q4~l9bjQ!GC zs-`|mMRVMfU+RxslfsNO(=Ca0VZz@^nJ@{SEk67}{pN-`OoaZRnI>yNVMKx3NQ!Ax zML0Z;G;9epTz)@L)ZUv~)o!O059Wl^ z>n8nQFVdM0=Y`10{R-$!wI9BvA31kLU(TPN;Rmv(zvDl4E#HR~KRaqaJvHCHdS5@? z??2v8KOg5mFEuwmBX&Ax+yHMwRQH$#H57FGxUp}bz#u&Xsj$%M6I#6++jeQx$`*cB zTu4mn^7`E1y!WP1Gho)?t%Xc(-AMsH6jwYBd@^oaQ9z)dR^f=aWlIY;o|ch|q>GV3vomu_x|*{w6_0 z0B782fIzHtiAk+LWn1>}BSlG~y5rd<#(Z|iS&0ns--OlPybaj|_MV9Pp^r)*q}uH9 z(G~3VcF(WXBzE&o+z@=EBr$)M8%}+o`BFV|)giQCmwUjCTlXLp^g^Va4=!*)m3=AV zr~gD|h|75y_ig&P=tNuq)7n`|@2eEsl0OF=vi5F%SJ1}A-Koklb6b_lxx@cbxt0qH zl;@UM2CrL6;AQc(k}fN%ES>cW*#s}72^}To*>PbC+7w95N|6MjochZV$)q@YErW@I zEtwRFSt-AF0mb4ZxzFkp;qjE+IWVdOg~04K4C3eOeVQ5iNX$if5-kHD+7GjjTMdj} zM*40IF>b6s*I2nDW>&AB+3NIA5?_QNG&pZ0hj!>nDU;($8@gbRT6~P@3^cC3-S?(a z);4j8Swl3>(}<@Qjch5F6#&Gt*ZgeRNcgTyOAbr6W|&AiWDQ#Z620YF@0Uegr`@1kGAi- zQP>2gAUWO{<|HJ1z8_|S{C$o3I7}n67-43rz3aH;MWkzJFouR?B}%dIGDJs4LM7V> z!Ie_f#C_-<)9vA=j#kX#c7+wF=d?%GgaxH(1S?b5)V*L+{ojQ6qsq0(cow0=3Pn(K zv!}3IbNbzkz4B~233PPxT$238x67^%{}GUhsLAFyVPzBo0QAPNn z2As25m60icnbhG*?I6*I^M1KkMCZ)W-Ce>Rk|4$)mCbv@P>LZBYn&XsW9A&2E6Us-OuF>5h6_(;n#p2>vtcMz+M1}7?1RBtUMZ+%L@^H+uZ$~V0*3WOLrU~~ zC8av!A~KExZXhww^SRpXFf9B?fDD2sL*+AO#~F+VaK)9UwHI1`t?^>}tQ&7<2xcYT zvGmA1QZ=YEaTeI_Q~N3NZwgPd%{SrK zK?&lf0=B6`(AvSc%Ujqs5aMrI6IpsM^loZ%2S;{X@177C;3ZU0bp`d)HsH%^-U7y3 zWUY$a(Dz*lDa?p(6%FjFc5vX&SJYgQ$!nGtTc3p)EZXxMgo?53RUlRWS=Bjw|8?S|=Nr)F9UYUETRQ-s2 z^qXPsw%4Non+E9!kmz}rvy~o8%_84M-(Q44tK?u14lS#VkH%2aOBeZZ`?*GDHp$nbtAH&-^+_xDl~xJc>>4m93f#dkGE{NP z0Zp+rMMU!mT%jj&&05elA&2Mw<~IvNt!*_%OTB z^uC7ZMO*`1SbCO-XxuhHrUbsJwcKQoJxWT{6}?uk_^er(Uk(p%oNhW^m%M3 zt)_$Abr0(2qf@7K;D^@^op;ywVv7Ux_UW>F9woR#s&QzT>r7?vFVXb`<}G@Yrzn`? zCQmX1dFqKvA&5ryU4W+-G zZWUxon_*M-4a4W>Jjav%xoDiy_CT-B zJ~9#2{bE7k2-9s)80D)nG$@~4-{4pW7B4F2y%~5up=qGawOv`IcnM8++iXglq=voa z6UMTAW(S00K|u1Tn#r9erRbAJ%kd^C1#*Mr%p-2^fsH*Ea`UV3m3dq;4JL4Luis;> zfvHMZ@Xy&b%bNd?7;3ya#mx+jD2}NRe|BkqGPQ*5J+ypVOkf*}jvj&)G`4fm5frNu ze3^Ufw@4h?VLBkFSA%S&UeF(&9^f;ARZYm%b7+GA4BalIocUvkaCDID@(>z8naU>> zY99Xt>7AILaRi8TYRyP16Z8q%gxq%J@}0^ ztV>XYjBpne+Vfua$(Fx$mC$ZqTIb{(m)M*tF~~S#LOEW72`)Mg=|c?sMD7EF+{ti@ zL}I7|4~>1Y~!H4V_03RslH>&Lh?j~#>~7#pbAqjATZZPhNP%fbbG z>iXN@q_aZN|Ma)8D0G^|y6o9z8)ME_!}w|ia+(s_!OuKgHa1C|41nF@c&D}28F7ey zt)0qUIv=QmCvH@c9wM>-hwQ}Qlf%UDS%oz=!OngYJRFQNU`2t-Y}9~}V;Xr^taz#u z2VqsH$HMU;c@~ra^IR11hBCyl4<)QINXCpTTnciFhOr zZ$3o%eVK=q<=xN5tqVMuZSo^DC4Fil%FzR{Qa3O$fSiHY8QPGAx72FHa{Cy~FJ1(@ zliS=kSx|d)-gIDKY5o|iIR#;+Ic#wD(^-Y_k^xmA6Eg-;12ibgyizu#6YRi&hlQ{3 z=IF%aAly`#X9|#B$fQb`uOVk$no%1%f1^}29p77i)g7G5xD9M-`LrqE4O)W zaJb{k_J2B1ZtDom>VIKaJuzfz_e^zG2rsZZ_AFq>8ieS zm$)ta>p^vbyliaS>|j^mvD5+KSJC|$sPr7|kA)rvgJ71t2mpw02t*4I?LP3@@xWF& zgM<=oa=MRaz_!gV%PCc1lo(Fp0#bq5pj{!z0Uc&@ok+0efU-ZF%wV8CofBuF?P|K} zCMZ!sduJ+vT1!Raid<%2Uo4Y&+;h*zAlZ$tCC%qfM-zds-HPs6tv>s*GK=9WAUp8N z*3J8cj5-5k6}gl|gZ5-Lbx)P@JEWW?aQ6}Wg4gzHg$^OK9&7$PL6#FNQ%wRps#~7< zRF42OifY2GRQuWxd!fksnBFk(E=!K_TYRob|?adS{Ti%#{yX&*kN9gGs zb&h96!r;-P@=SX{=O?>K(j^55^qQRrd2jcySH~r{-YKDbw7XMzV7c6>0(NSEN{x>S zgqfehgzIJ%RL1jGHsqf}DQ8U@_3Q7GJS;hxX)Qfy0{2$*kZy0*zkqa2y*?48eAS!* z=Q-$N!{K1J-aRObPBCH{?RsV%k1DNhIwFzwNE3NrbV18Bm!MWz8(XXw-unXqdU&$z z-)!RFJz)B=x*C#q%`T^pGDFkK3R_M(fb*QZ>4y0zD6RKuVzd@L_I(SSO%Lnx;ol#& z@TVIF*p~u>-TwQKWq6)HV38I9T@t4?zr(ihW!h_VX|CAuV*Xz=y#)mMssjFy$;p&u z_x`|1YsXU5B@8LSuRWxpA~vA-bvG7kL1^B@o+KDCFp-~-S=#hgW_3QFM%F$^vY*e}kru5~|M&&$1L5eYm4=#D>r&jn6sU#Qd3Y$9|^EO_MbBjkY3ka z=4<3y)(4Yu0U%od1(3VyJ{SpqT#La`p8ZTtj2F6$IE(8E9mb2hn7mM`SN9|>`T{{q zo=zUkT;DwJSJ1j~q32EXP3x0mz&Vgd1WXo12Rf;@6_MsWrE1&hX*=a@N4N-&k-NFNf9nmfj~dWHM`N|bWl&F9;DO^ zff-!(owMs(yyzky&4TTOt-wm%%8<$L*s(SN}vuCF?|zCK63iZ@RBCf zrWjjnpUdt>Zi^r#Sd+bGSPd5;3##G`OG+8V)2DQ>R#`_q0rI}O6rEhmr$IZ$+9YW% z(9t26V~GvS=~?dI9Vc^P*jL~Q6e2>+$+2u1KdH7fjk*H>ic1fZ#YlO25keS8$Pzht znOKn?U*cJ{034WJ;clxs&a5s|;~sDiCF0WvC=RRN;Sct&Qdec^7RdOuWrY`_gxiQG zy+hxQAM&dol?!6K1_9Kdq|N2B&{@RtW6#7IzJ6hh*S1m!n4IJ*qcKw*;JWQIF}B6W z{}L<}hV|`iP`4p9u*12ru;e=tBpRxI$wPeW_%e$Qk@I#x#8MekU11oA>`1kPAPo!EM( z`dqC2&9K5QWr@dK9%p`P`>9DOlPi53eyw7U=e8ihQLV@3fR{H+P{a+I(x$=RD&Dj( z*6srhm;&(1Z2BuVdSezk3UTB81%nF&l9Hjtk6zo?q2W@cRai$7l!vh`C_P3_htg34 zoPCXfJ%@QG$!Fez^TLZ~cOAI*9O~;LfZz`)3XEQLGkE0%`>-pkz~#nFkvb3b>sh~Og_9=_A&(0g zv2UAKwzZ$agi4GsAN;hq+oq0jcU-L~@Ph7^doUL0O?w6h+TlZ^-gM-fafu@$8>0}< zU^q4V+a>c-Rvur&YY(}+sZ7}(S1z743Bm860GnsFWqrCsAN*mzO5|<-+CQ*)D;#Lp z+&(euK^(265+wWmmOGZVYW=g2J@ z8l#|Q;Nd1aH88LuTi|w|secM~)Ik(u=EZs1TW|snJNs?&DM5RDODPqY{+XOpnrE3t zt#K~IJys`Q^3?^Q4k7r5U?q=Gimg<9QKq_wDj~;R@d%VRdQhCiT?h zH+3Oq$UQ}5Ub?dQ7)FMl1EZSKyr*@acY=K`_!~G52CeSU^pVFea z1K~~Ft%?5r-MrfjAS*^bo1=<)CYd(=eK^k4Vr%Oc1Vcq@gXRw35}#iGOQmfqsrzJD zQhP;C_5(Q)JKO(5DkD5k`b20jLdUF)dHsc+n$~!uL}Aus2D$bD`D8qa0<51w6g09< z1iH|>VxMo%3(672c)&itV7xEub&Z>j5BrrC@LgTie8Op@{{G2N)02DvjPJ-vzDHEY zD>OSRt$_E|hl`t@M8!v=!F%6B&c2We>fXS>n~Zv$%jn|yFv3OMqoPqzKd zQ3siFd%>#Q=89Ts^KHc+XgmUI%h$u`uAKK4bBqDokkRN0%;B`XSnT#Pj8;5KteURz zT;6Lz0zXmfQoVM{WIqM^=hQ9@omcF%6}7k+reccot!s~ z#jM@ps3cWfCSqldBP7!M|Lq7cKHZCr*}QckYn>9SY|=FX3vI_yc~(D*El%u} zh{TskbAN=iK3$JY7$)mtow&j%R%!4!-xe)})ApDVwx63T4hR+&WzX56Uec)xhoE~A z*K~v)3sOF-5ZJ-Z88u^Zw#3wB`pp26ZhdI<#A*Jq3D$A+X^3MxA7{*i zEZXGg?ERMNChe2#9?p3`n7b9^42Jj-(3PWwUEkS13>g`z$@u7jSr;qGvZZnjC1Nj^ zB8Rc~579igFk6koy86<4ErF<=)ZD*Ny&?3S6hU2L96C8?B0QYTp&16rgsbxl+&^+- zpcELqm17+@~u3r#@*SM855hV3x7BrX((m_)1#+T5;5RUU*3a*D|R zfsvO~?#94k$XN0Be7=?h85`PZkj_Ll-J~ir}HE zP;4C}1KunjSc|7tqBFlv%Z(&QRM9f)!ZwxeMh^fvq`WK(sRm{^;=4b0&@?6+V2gl| z&9%m4`H^JsH{F$Dt6O*PVn48`Py3#W4{A$P z$d|1CJ10yk6h4hEX9-tkj&gXCb-N`l*R~|Mui~^at2N}Q_}39K5PP!BF=gD<#6(-B zwMT_jA*|QSnvX~gX8YOEOUNB5-%S2GwGH`JQ?!D)jnE*!j~F{}BKy472XSnS%2W?! zX^Rt=0d;e%F?ik+pT!@7Wt$kZ3KpK7!AeS2`I7jgn#!@>ggaalcS7fUqU^Ty|Q ziwCbvKaR_&3*Z{3{}NjrV)ejy!gUWmLrWP;%Z11WJoBU~2tMcEqqL8wJKjLhlv)SB z>W$w*$dA8;LiUA`w>CX<0LUj2opStk8l>A4dgUlZ8WL5}hV6+J$zfs?iai~xu{r5eR zVxwOP=5JZRXk+TeY`pTly9%X;wXxXdhpS(op!O7`85A(+aV<9pz_sG)cVuNGUX?wL z!r8CUHYX~Ff_F3d6DGL+o;^`@rFS8_QnE@eyp#oC`T&#`*FnTx`XTQ4+vlRvPN?>A z?7BOcdeWr)K|j|8le3{4h#lj;zP|UoFhh*Fj)ZkbH`bUqG>r;>F=d^EG3#SRQ&sMz z*GIfw@m`6_65Nja(EeCjJJ23iIwV1(++N1Xf_$l|WSE2Y)bKc7*#9PM-FC_TjeV}g zd0WaV+j;rwk*jU9l&8yKcpE}4()63zxd@A3^M+zDy@^df4NYBR7D)kC4z3ArQ2V)H$h+|=ZZgIP0_ zfrJr_j>2(_7MP$zidvB4$&=|@&E?@;BZVi!2F9V)x`>VZCSs#6PX?j}nL*?&C)un{ zTQs`eM;3h=#5Jw8@kn(eL1eX0A_&K0*J>RzV?#;|$*V>eX-K5ShCJaT<=E&!S!$?z zOxDJ(l(1HVI<2+gDe=H!|5VX@D-hKLP6!`BSet&L9FJ4h$DVHySUU&>W+CuoC5-;| z-U_jZwCid)NagTn^o2S$@0!4(5TM<>xGOcKmjP|~IMICnl9Mb9Aw769`#GLJb}}*& zipL>W+s4P>PTw^qX0|NkoNw)<|wx4LUI%l$8)bUg)%-t|?y|hjp(vnF~F}BbF$) zo#!jP<3*YN_-kT5!!wJG8gXYqCh-ud#E3IxR6i*foG_=rM4%GfPaJHwOW3b=q9xV0 zNO&T8fni67XGwi=Lf~DeAzxa2@*06_d=Hq6puMZ^r>Qy{9bGbyb zfLAW4I#+2pD;*Ac@+cB)wssUXO$k|NsU-6htTcE!`l3e2aS&Y`1<&KJK8N~WG6`8M zPMGV~K~y9~KNURfxmghZ(ih0m?yBbtfKti%-kNk69ibWO7N>%d_3XseO*qEYdztIb zp-g_EYVZvD%Rx4)dKSnAHq5)zxiGs6Y@Z-TFP577d&Bl46=$tZ~%4!c#(xd9;b|r$frkmg_tHa9j!yAD(`&9urS2KbDeW+Nu9* zNrN9+P@6)LQJ0F7w8OxQ11v-Rm6D!eyM=+hic-x(HSN7e8{{q;WEX7Q3cR`3&F^*u zLzcVWG>XJG!zdxDV&}`stmw>>2~1qgX`*{~kuyP`XW$XyFSVsjA0I-T>fe}~M;uC` z$4_r>Y1k;z*>3`7i1^YYaU@&GRN1fL^z62|nB=#cnM_Qp>#i9$GYk(LjggkyuFc*# z7pb?{+P=0aS738KeO?*ACShtc+gf^JlrPca7XY>sGm4d4;-uL#Kus?}{+Xl@7i!ZI zyNrcLTpZeBgR=OrIq_)Nmu-!Z0k#*mh%o22w=fMp8FGu=)!Bdmb(a}0?7Qz#1f)Rfk@)d1i9-^& zlC}W125tXiI&-CTDSlgPtpU=GVjwQyn7Yp+2!!v4=V7}0YHltKc9&X5#pxNi#4k5j zK}|v>N^6WQKUiHVy5{mSM;dW^E`-iCKJ;ENcBJ3Q>-4Cpw77LZkg-N|c5yhF#30fy z3^m++s;+ovlqPui-C&{ZiE9aVyvd1cQGv)59M(LTCRjeSt9W0g@wY~QnW0P===|j6 zwJ#J>_V}m0h&qNJMeXrSBpgJd+%L?M-S~If}c!36$nJd;yUFEDGzn<4YI>uJX* zasP1OTR*r~pncwms@(=Hd8(Ra8Xg5G@#`^dpP`#|vnP?V%q=$P%FjzRC+jBgjG{iA z7GZ&>`%0rRoEFI=roQg zo0>C6K(C|8SmS#Bx#%(S$x1PJ(u45l&5F5B1@~Tvq7~5(KV^N$!r`DOzIf1KT=i8A zlr$gRDmwM%B3CiEf3dsQQ`mlWrfPU4M30*We;$W5gdr)q45GxIPLeHu^_k5n28LmUVLlH-~sD#LjWvKC0|Dq6a2!yI+Hj8;s-uNGko-G4Jq zs6(?l73!5b$sOm9d2$NtNr(}N>dwJIi0fO=!_DH@IKh=_BJiFko6-l98$x1pcClvDEu;xp}ZI2 zOeV++I@B&2uEX3l*VyPI>T&$%tTYxgJDD8Hq*FWYu z#Jls{E^sh9cd;|sAI*ck&HyHkj7TF&pP+(Ni3X6sx#?>JBiH)3m`bh7C)(kgALy22 zPUPRWjQ3KC2dIu4C=`Rk^xDJYiq#iDJ>21og9Ir_Bj1gb%jL9bXl$Si0x@y$ORg<@ ze^cBgmx;xwX#e;+-$K)7l`~j`3sYimRp<&GbxgEqo}`&!D>XqlPD#=u>9DZYT^NMgxO>VW<-##kx$kU3ga_SWASwQ+m8h3Jwul=Jz#-Qjo(Trv^a zX=M5wjEu0OdW zbxe%E2&Ztwzmk7HhzJtEh5PUhEh!^N)YZ_SY68s(c5W#Vt~S2HFOa}JY`{g8k#w?G z)elg*ihlTa|4sW{yC6EM7#>GS1lt1|syy5fb=ZSBT-4U`pPz@3*gCF#wLj1GEK30#YD6AFZ0oMaWI51357(2(HJH94{$vruy%u$vn>E)j~;buz47l9Zm z^%&o4s_qr#xt9S^GF$VCS%)K!-D_>Z`978hqkC{FpbJA{HI;G(qb;$|&veYl@yjTy z)SI)L2hCFW*5SIsIo%{royGptg^H>3@r#iL#-z9VllrhYa#bynb1X|aCNkxv_Y@~m zpD}Y()w&lMGaesc0l#O?478#)2KN(aY2CS4{rI98xJcM5q*V#Sea`PYGkSlR>Js_U zj1^KkyD2GYO}9Dz5n>pACE#0dp>U>Wwhp0O{a|u0A#+be!pe$nj0C0g>>35|{f{8IQO%)U}>Zg#WSs*21cqr}U+p41kFwvXGPD}ILICZ@uo+xohH;lkd=I;4CF#VH zwKtnJIEBhON=?y=}djK-T~iU@syf z=#jU?a35#sO^#0#x1dKb?t<%l7EZfNTAhCH+dlpO>x zuRrn8vs2%>-8$5cJrvnxIF=^Qmyi8R+?cxah~t~XVrC9~uV+p;vkbtP5fN5B&DNHkqDhuRn#7YXuie}PZ%CH|YJ!CzMnTRZN-e%-1-I(Dn zE#eHD^l*BD{FtPGPF30BJHHI8axY=DkQg&$0g%-Ro9TbBv^MU{cH4_Q_rSt_zf$VZ zD;$?z=_J^>7Ud*&fN)=;lOxQo#~%{7NcnKV!4K_!q>IGepbnt;eG=`6U>Z*yE?t^- z{Xo=r-0Rm-XsFaN+lU`?FeckFN9wRNQh#h^%nuWp4nZ;d=QV?F8Wf;Pu^4^=F0uisu^na0q?q8$5saAELs| zvF>S6%IY3HA`gGOucXrHX~sx*hIrCcdf9^p!sNlQRp(F0o~VGa-HF`>0~-|UU*bYL zLBvM1WA@SMvwbmR&R!@pwE1}CX!csux$UL-xUC=G{?pd^&Wahz6C(;znyHW&HffP- zQg;x9@@1GCXdjRQ81$kuJESSp+~GBqbcv%f&TIk-oA=sStPAI?hy{Zt5ZKk$imgs- zoA>DOS`6ypYHGp#MBGQ43+jMW94_e zkSf$6hS@^?q*wNiJzj9}0>a2zXV@|)194vnL`B;?2hWpju2+fc<4vb#CnG||KNI|= zqvEQ5)GypL8^XLW7|{N#xz7R*~wu(8Sg6sCw*p1 zdM@Du(we)<+-?`y;;h|QLQmRmYp9C>uu1@Cz_U$!iEPz49ntJwlFewAp9(H;rj3{y zK=KF;+zH*=<(fQ*=s?aBi!Wp4+NrWbG*xvvCcib)WYpJB*V9YZ@KBo{YzLU(`6hbn zPxgg3H_8o=#hgChT3Db){ZUWJUESiX2Fl?eGdLk)cmkE9;m>{0__*9cOA*} z3w9xCu?+gKBOkO+{=!-ca>O#qg`w86tA}hmfW*ix=HVB%`}<^6Y|_%yE2M}b`IaEF z(DbH-Yj}GMni3xFA!d(aU$w$e(>%0T1S6{C2ob!+v^=jXyTr$1<6{^%d|abd|JI((8@|6 zv`Los$LJ6l8z+7;PURVQ&INVewX_ob|uNVmn!<4hAdpdjZsJAmL@9K=Jy4k!`872gnT9{vYu? zf36f7g}yU`X~0=JCKZ>yl9(W#h@8R;|E?V?DL)$i;s0+HmA{o6=a2tyUIF2&=nbmB z0*ROI){8F9l)t9`tED2n_P^RvIf?qeZ>eYu^K4Bz7_{UzOs$O2ZxbNA%`rz<^UTiefox1A4GluScVw&JbsPUXcN~fACP>)eFzBJS$3^2@o zn(3%QzvRs=bpLE$0X)yV(Yr045j=?1{DQjNCgQ!?bs?y~*RL49si$H`Rs?ap!Rzi3 zxNbrX_Hp}HW&iwMxpS4NZgji@7XSS?&TKIx?Yt#yw!Io9Z%BKj0+t-5BY>U8T{Udx z|GA~2oI3Qs(o)IueoqluWKTC-7BHO(G}u`6)6WJ~dsy$J3aIuvc>@d*+1eY*jQv5EQgiq-GOBP3d-JP~gqec!SSPXdn$Mlj zc+Z#%;_to_v$@F^oF+}!bB2oFxqZEj1qXPUp8l~Ihpg8Wg(Ls2#44R!{tQ1iB|4k~ zU)Mu57APRGS{O_a!cP7$(0sJLy1I^Nnd*}!-#~8 zYlML%Ls2GZ7MOdpbEBsiqBs*DHxBuG$kFw2Z))mxJfY10QZyNy@>3_s7X0_zh~?}G zMw4OO%}rWs!fciX5zac$d(grq6*VB zT~PdO=c67|$iwu^yXkK=qovaAaQoEz3919WnQ^f>jboQ1PU^%<3m`v*@V0s%!lbhzj~%Tal)R4rH{y9o~BC=S+{ z)sr)}3?|wh`*P)LR+KhRxx2Z|L+jXx%vzZA`M@QTo$L3k0T5BREi2YSiJ^167%-sxJw(mR(NQ9DU^IA4!@UyH<7N#k6>&Y+9VSZNDZ;qbML zIOg%|)Qkoc_wn?CWyUN8f5y1wum)2jXsDa>(pr>Ooe)IH15}IQ(?k`| zbo59ONb=5wKY8l$1@*;x9>MW8*KlGu-fu{c(jjh}%PTH3YQm9~8m))vx*pWG$*X%$N; z;Au8|C`v@K55{$j-DJNP&vgQ;@Ri_ov{!q~ng_KxTTDf2f(5%Ur5wn=6K(!A>I@D% zO5!WqsKmN&X2%hQ=a_KC6(v(|&SYkban#oQj@poV5E@LA2NdP<9)r-e` zA{u0U+N1YY5zNk#5?Ex#-+wp^;7Sf%0X>+L4CG8}HWm9V>7euLpl~{tTomt*#1r(b zo~`}aR~2NKv3Vu2+BLLq%92`!8LZ;uG|ikBLu@5^;q|p98R0#Ty))fQb5ID6dW=44}c1z5D0aj=!6SZL~4A(L<0 zvW;UWSfZf^|Fga$m7JFUp}KpCxVBF@4=fNGV<<4GX^!GxSz|o)oxywRPkJ5P8S{BBYybW*=oOB?$F(vT8e+3&Pb35}e zk*(7KGv$YN<=&T?ZcgIS>2eSOjFNhvAk(GaCKfdoMoiunkYH%4<&;9{y$u(1U#E@e zPS<|(>k9Ll27}ghu*NGfvci|`^Ag$Ds;&FC)Sn_qW$f36a<>dP)U)uWgP)R%B@U7s zyIpnr!|d`Sj0@b{NGQHJ^3Hq)<86(-bB&WAbo8qe$kZlmjHLByUZz$ijQ-dKbv}@h ziFIQqNDGz)GbsGQ)!&*XEfy*KZpaXXkk_MIWy|}O0FF%1RawWr;nrl~Dst!Q^#Qf! zPm0DfJr#n$$8*>Y&kpxn&k;0Gy%qC8S%01UE9LyyB9gjHrMg7_+ioN)Y2tMsr!;HW ztlyYhA3IXRZy5Kr;{=K45~$i$is=Pi>2qB}(>24{`0*A5`XN32-sM+O-x`T0ugDbs zuC_4VOz0ulot*lVnnJ6K5V=lT-y$}uFgMStwS6YV=R9FEBp5rgYoEoel6RA~N9GmFb^;+s01(9Yn7Z&@*Y?#5Og@_YY{21iE8Z)%=UNcq_`umetj>K z6fhA)b0Dw|x_*QZS#>`$b>M{+3fa>G#$vp4ZWrM9wt>`XwD*owW95Cu*It)V3FVcY zVmof;0`vwuPLQ~Bx>3KBwbYVhgZv1b#*~pLJKnb*lB4W&D()q_<>^g+?}|>5zRv&~juRth0*7_=%t+k4$&O zlweFiycBu0qo1D-+$yj==1Qh@7Z{{clg)m-@e2rju^#o4B_1BJz4aM048Vv~?3H=N zDB!(aMI}E%II-`w&x&p02|Y)`4BXsS=f!VLt;X-8sh)=GdVh~+Uk2_{BNI4r*T4*< zB%TC6&xAcjc?4Y+jmdBjB}xmtTb-dE<0-;N7LETwg`Pm*B883E8yQhFL3E8}4=IE$ zEQ)-~#)30zmcB+!Z(9T;7(*rZ3bp4ZV#F25`gDq6aS3S z6l;8p<(H)+k^U{}7?wg%U<#h&6d7RB?fP;g2N&n;2%Xqhy#)f(=NIF-Zj`sbgb+G1 zTeeKDq(^sLnSA6;xwgTQomC0;U^Zs1UQTO}ugpRmN1*K4NbQ;UoR7-6*)RgzQ~yqF0F z0a@-F0_r`*q$|70Rh~&@aXixuHUer+V%$_qNTkeBDaH(Q00D z1ZFt8Xr+uNBSqMqMuaK0H{Y5yxW7C2hK4dBmrd3v3A2(=0e<2Fe7>6#Mxf6}?8H+2 zQ-*xam(0c1ZsC&O0yjv%;fgPp1Wm&nB@X>!6}^^(7ni0h2}LRJ$%E2arir|a9K@dV zjPv&iz>N?jO6qSO2(%PN5I7uBB|)$R72=pv(m7m&zcle{x-g%t@JHDvrRx6VBKdYi z)E1Lr;>cr7`9{q=s7shTo{YB&0BM4RnFs_~FCB@hLE4vfG$Zk>vL0++HI-F?FNNj6 z^tK3~pTWdq^Dw)d1Sdro=$m0($YyYKI979+v3gN9V<<`#CES*0=ss^*IIj_B-)xjV zUG9`gLaDkpa(-S>xa^iRWW%)a%oeVGEdw$l?_K-xzBP4cf?w4%xs8&R>)_Jb69u)3 zROj>zKGd&T?Fy`rKzgz`_Tcgco=FZX5B*}wCkk;}scf=i=rTE7t2*kkjiRS^7WGa$ zCWBvdYAX2c(ss_hXsbk6V&SQa~r*X6->ys*hLLe-__geEdnI2JW_KTBwk+}FJ= zqnU6qf0C-IG-~JEV}T;02)SsK{?3=2-fg&g1^BETVei7J@?dMXcl|( z%fjzS((RN>{1>aVD?p;DJ{+0mSM9_o_r-+~NoLU~=@7(944qntPI;YaQ4v%b9N{z5 zpk$G5F-g<7a^Qkx;03X-GrY;R3nt_mld|Y%R?c&$!?K?h?Qs8i2eI1OTh*$jY9mzkl zY<88T)3lFSQ_Jg1oQ0x=bx!3{3FO(@w9H$gjKW%NN=c5_5nmJG&yI2&Wpr_VI_q*| z0JdlFEQ86E0R zSjiL)$KOXAb4A4iu*N*nr^0e4MkZHIQu-8ltm1esWE#o(LeY^}W(o)oO zU!K3vV88QS9DSst?g(xS>Q_mZzqEibD|XubbtY1X+R~YWlFppKh{>kH->*$!Y2K%_ z+8$tD&ikco#5$B|$7sOaVDJGH+l+*@e2mSwNSvRTzvK_zT0|bR=aQ)roX8Y{1YS3s zK;(ZWO~MvZe!VtI{dS5T5j@K8p=xJ@aln&P8$*e+fjw+~9j*;O8VnI*^h|LIWc0AV z)Op@RGy@J3%x&`}B$X@%w7}sLBz1nd@W{jq{hsjV-&XWK}PfZ&@OsAxAn&R`LPGGeY79qN%u_R zkCPPPlN42T0@@tGHwYf=gFPy_+`zw8B>vH;lOG=cl)Rg>eWmwij?SJR8oo2-h6)3= zZaE{g`{IFHp4cEDx2Z_XJ_`onYbe>Jsq z%Z~A_hY{a*x5BU!zFxvrC#rX}?Awg&$pT4#o1b_kO8$P?V~#f7H71Q{eNcF=j`R8Y zRG?a3d#?!1xV!J$J#!I%s#7$og-wR^3Tz!wH+1#xLs(3u6kP4}d-Y7*b^mmt9SIvo zpY!PoPvW&H0vH$3K^u(ARrdT7c~#}C69_iGePqxm>(DJ{u35Y-3V!@&aKoTsyY|+9 z<&?J8=R{}3e+l5mY9&&y>yN4>cN+gjomN9p;JxN8>bLw`TSb?7M%}W*!D(qvLs4T9yY{LEO|n~lwc6oF{mJm`?$P?M zFK;T3L=d47OoMTwT+Q(6;)pL$Y?>v7Tl{yO0x})Q;}9Q@nwx z09a;edhD8Uzo3oc)XDs?+4@(X)i~eMovVZ0jUEZL?Q)fWJKEtGmC_xu!Zg5eiLk-K zX<;qAw)JnmsV&>vfOh*`dt|F7wVo{dY2qUA$;xlm?s1x@q-%Ni=G~=7c`crcU=$;7 zsl2l&slF#T9VnjcID5OTy8Zj-eN`znlGm}^+e0l`R=30r}OaFBoE&%BX*YASshcNey;a+=E-43yxjNNGFAHwL_S*_;hUQ?E%|IISB)y@;Q45#9#0C*1(+^;x9}*Xb>&5b zNLNx&W?mrkq&rsD?7#6;p2O2`p&NqBsp$1_-e-@QlTd4~zv7so+%{!boZZZ%n+?wH#uU%qz>7XmoZXdhu$@5Zpr+Jk-BYdX?y; zNh}*r-I(MAAgHrt$nbKvI1|}XU@QCXKp05xl$9An$yRim0}c{F(=<4^zi&61@w1xk z!sxhYXBqTGkno{Dc@BW3=S(Ms?ahLi?*R0#(KRN1jTz|+O z(xhkh1MBrWt4ejwGa|Hg!c}j}Px)Af&GjX|2i&xOkve?Bsz)g@Z3@}XO69 z@Ms_G%8j0(PgRHOTkDA&%zeb7__40nFN4I*B>-&=`!z|G{xf+?{!$zql*nOdq0fpI zly#SNS{Q=pr=xnEo%J_aaf#Ttg-BZ2C?%Vhi2lgg{YbRozon>r7EA@K(r7A7(Chki z%&bt)IksJV`|4Fyv~#Usr`eMHMmWudFHuDo*iiT_ z!==cUdu@+v&2wc4WN10%32AgzlqqE8iR!2G*<^H~9PvRynq%26yL4son#Q zHS_(eHGv#Uz}fI$6N=8QwmNbKrk;)7RBmu{Ukn`5j|gF~CGO(a4`YuokY8o}aJah4 z5Z-Om5D1Xvxu9{jW{=}=DbM`)jV7HGx{;HrUSQ1*6*b?biYs}B%W{{|;uonnu5nCSeO40fqBtB|WgUUy8^ghuxw|X+70F(ukTDVX z(^4j9jMEnBXyxKSd3na{<75tRR_2~Y<~e0^BH*=~>3OW+(x=h&b^_u7J46-Y@9Tgf zL=OtTFoRt7O5=xaN2=OxKOxU7i;gS>JaJu`f+h^QC(+G$IOlLKGPe8Wwf$~~5ovI5 ziF@UkmLrtPK3ny{N|`-dpqFLwvv21MMA&0oc~{P+Sd8}3bk|- zmckCrGn3P)=n>!0*vImILJO8b+hAA2e*kxV3c>a}fo=dpwDvnsNJ9oZdbBC+Bqhc;&og3?AkA67%~aCDyEZ`#(^8 zV0SzAU7x1-pPu^vZQv7xvU3{uMcP|g@`LeOyA7<+a8bi3#4RVtR}b%2D#$|Qqggf9 zb3e>G+BFuY#0mv^d9V@w0~(&rqj#cBs4coT3wfudq8RMBIeq4b5vQ-cXgphL9n zJn9%?7JQCD)R0Uu+J6)Id9<7K~5ue?s!{moupR8pqK3Z-+Vn^VN}L z4hmyPbFuR`4ifZ#Bl+$f=$Zb~O0MS0_p1CM6wAtZappk=8JwD9Cb_vG5;V`mz+U*6 zc&#Fv?*Zw%jo6zcBwaHa2nfwdo(igARf}A3L$H&v>t7F5&^tb&iOCN~Ei*TE}wIOKV zte_3eI}2@@(&THG^`vzzcmKl0zCXROppHEpi+go}<n~a{VVAE3#tkw}$BDWx>a3&-7eb^Z$qJ)4S@b=I@6(AcoN0fd^^L zvqmk@?VsHLBvlt?6cD^<;mytJIqMuk3AgR}FROZ%3LeL9#lr7U2UKD<{KbP7fc8x} z5QlP*9hHn%@_%F@3=a9}%lZQ& zzX3#cKB3|13`rU(17|+601T8rH=i91>WrWeY?iW9I5dVVeJDYltf>L^`*ZS6yVH(o z3fwtEC$bpEf5F{=BhV`AV}=9%^x$boh#Yb3E~3ag1jj#|-*TK{yvUXSI7X6xyu*d? zS~C@NMr>)lCeXVhd})~m$$G;tBE{-9Yyg-2S2G4hjBQ~f8#S|R%-jA9T>-vDO=#y< z#idvC3Y%r6Tu8F`<`AFPwKwa?$D*;2v%_*)Rsg~n`?}dY8Mm-o@k5wjhgj6k zN9fNX^v)zxd0?N*D59zMN(>U46bwSEeZo89Ayn(Ep7;ue3PdrEqJuZYzMCla>D@D6 z79mO^FH;b3VSPI77`)oM^X5Suj5x3w2oe~KNd`lqRq&FCffd22Oc-uN1cI;}d4i}| z1>qO6C!~2rt0aTs{C zkkCuP{!%RBP36EjL}oGcpK>I0s9nIbb&Ruv=S62MyY41td^qM;82&_uqn%f=H$`t- z^$=}Mjd=|ZLvNzGv<^!-Gj{SnqfV@)nB!TW4V;8kiPvtcCyErVv|Z4i(#o2kn@(X| zYJP0_fzDU>evYBo%1y>ivg3%nI2p-Rpd?E$r-}2H6XiGCMn%UBh^M;0(wT1G$JOk1UbuM z&Ff==(*XEZiZ0~Q!)4d_A^DY_A_P@V0|XUEL5WZAIBC1Es!7kDK%zyETPp-O5hGtZ z0)7Vi;8tBP4SbYtF%ln*=yqsxSksRo59h)WTEc`jFe)}gIS+Lc&mr{fOlcb{W$aSl zYi-fyt5p18mFm&1dzw5eTEY_0Yfa;l?Ia+m{vmhhKbW0^i9attdTvQQS&U2gIvV}d z?lEV&GN+G=-KXL)O7#Q@|P$2lC3490M*m2a$LKzx7DZhqQy?DAZ3Ko?{|=@ zM`qrnYS*--kt}5hhBC%>$a*zY&mq_P4Sjut0)pWr#{gj0*rbd+G}(k7r!B!=JuPL8 zGoB<|a7v}s>h=PATxyWmFcF_5%*9XZ2qo;XS8J=N=e#?fuT8zAqLi>p)gKWxII~h( zhDG-Ihm3~sB^(t;6BWnRJ1vQgr(mNu{8In)Z7bJ?<&VV-<^k3@v@VHeCHJp#TIUlp zLV7}8IkdMfg}BwKX%dlu)qz=iZ^7Dv>uKd8 z%JQf=C*z0K`Ef;ROuQ`f0^UF^T1dr!C=dGJnV{KLU2j49HGMi0-vBps(le*O>_jDa zx@+S?@9u&T^SC;{guPeI{{~`TzTNJlzK4=Zzk`pUeT=&sF(~pSm*LNy+#zmg%1f8g zPPh+^e`<^GX^GHI&j=(~6gAqBFq)ez_ok^-ck-5EIoj-3hqM~0dxt|LGHYHWmoiDk z%96iZsJu;&XnILqk}=BOA;^W#-%=FU^@@MY%{r;a=tW4v!!9m%596irVTU2(`T5QwIWEc|7EiYa`5%Yb{+eQx+!ri3+Fj5PKuLq>0t4 zi)i0p9M7u57Gx$ol@Pt(Ot4RpW0(q0Brb7;eSgn$rJ>(&7jJ9NJyldvIuaR3ozcs` zWXsE{3THDF^;~BDkQSP9%KMB2Zdc75GLZJvO;4 zb6Mbp$BUqwLZI-f?{xq{M6*ls{xocIr$OPTA5<8tg|zXbAfk^?E5eErL<@GsI;zu= z(Va`thv`Q;HGSdXOFB*_ws`Iq(n;W}!|_xQx~QM<$JuobzjY2XsvYr**e+vr>jFz8 zx04MBV#2_mpGYS$-x7O+{vnbjL>&!i+j`9*s!)hije2{@q%*TH0FW<6R^mg;Q3%02 z9Nbq4-J25Wy5IAU#NQV&3E}!O+bAYA$YTR6G>bbXbH|_@AJlQq_5`B2TrU)Wq+ce{ z1TuFQ6#c`R_DoyHX8#BP#n5C!Oq*sYUgPa~4|qM+7u%hhBri-yLPho&7&h$Ukuaz- zcAr5PA0@#xmY+j$FAdgb9TIc5rY=jB>v=-{lczy?k;HrfEvQWQYAilCnq`Dx_|b^H zSW&Qa)=f2UskT4g5w|sWYfg6AV(<_id+x4S+83*@!qhxTjD5URS(mek9bvm!0htE? z4P7;G{OZ`_^V^80x!PbaLw;%SC!M&#sBu^q&b!5tDGYUB9XJMfr`fqgwQB3mS>=Y+ zw3xsJ1KIE(AkI@+6+zEQe??dddTNX{JOvF$#nuHd0A^*T#|;t1xR8)fWP7@qRCOq5 zxZ9Fyh<4rc%f7Ov>kLNk-Kgw7voMZV;10&=?&PQqTW;`9wBXQv^UD9_Oaz9JlK$8vkUGnh z|G+?c`c4_1?vACalaMg8T~iVO(EmA)sa1{nU@NNlh8Xj&JTY zIRbr66Q;|x*yA4uKCgRckiN%KcxnB8Icu3OzeUKaC?C{1PBWxqM4X~_KRXw&*h_QU zfDOAhT~8cSiRW87nk-KAW6&bGgVGuD_%K!)ZgTA>C*0)sr&Bd_D;h*t+?5AR>MMlE z4PIWm{Fieex&iqZ)`9!MF6n?ls}7?#Gv9lyZ%J?w-y1fZ#2C&!{Dt2$-^D9jrvkcn z`*a2#tF8gfFbYy*9#^*VH*8PI{*=+Lm6Agq+M^HE)^x!J@WrLo9*5zLyXk^m&DL59 z8;tolIj(BP4ZCywQ0*VEC0vi&A&_;4Cr7lp9K#3t2}Z_iBp9xK;S@R7w(6bREBk<9 zqFE`ZFBOK7Etc26$)k2Dj65Gh1f7-If){Q~A>ed>pH;rx%B^0Auq44^@Ipfqu}pb( z!XL$_EjE7~jgSyGq$Gb&><*SQyjKQ2X%)l%_ZjajFQ%Z;g-8EL#Re@rmpqe%QpzG~#@+JOuB1JDE?`zlTIYl%rlZ zm_BvXtrL%NmD2E%?|VJQ^ABa9@5JxcP>`;ntnJsYu@@qjK>f9GJRtwa+nT|H4oFr0 zDw9xxS^i#c_hn7XZdIFp8qnAN@pBSg9A3atj4p5Z9eOu#>jzK-e-fm z;Z|F}E98VY+-7;~T5Ovd@&wbOwmbVmopCnETmzPr36Lkoso zZG!0cvd1ewoe%vXPn1;zDHn=4DHtlZIS2aFMpwI+cIDN!_9UGyk|!sz+$E3@ zVbygh<%99hw|Bz~$YWfQdP>H*N=k*xdgDKP{)oMdd?FXZyruRFVUl->1mN2xrh%t; z7;<@rwiJAvIq2>$nz^EX2)KIMn&t0MZ>G0xCa#sEo4<|f8ljX9QynDyik=aR->JE3A zHl>9^O02lFBE`f?_vc71Hd9-yNlCnKqmw5|I>R3>i4?n|@R>?*uoJTZ1=Uy-Lj4r? z-E$0QEjJCiRzt>R0ny-FRy`O?U>IS*bzJ({L6SM1$p|Ak=d&&f&XH)XutHS@J<@5EBCquC5CxU_(EtO_)SFn>N z4;pt#Kue$TXF2A|?)=uD_gBV6nM&@WM22YD7=_O|i)w8mwcAp>PY!oa8d;LF{H?WC^gYgPAx_386_1BoPN5oR8 zs_!yT8`bwy$L2%`R*3DW@t(?az0H9fq#tay&Z+BXwyk=03EN|%K7*AwW#1p}1B2I~ zpD{*PEM9(W6`i_boRnGmk%D;(6GWwtdv6J@)DL4%c2N9O|7;Pxz{J3CEaHtfUO+YxD;>;A7>EoccGN5k;Zt18}+~ z1qr3EoMl#-;W)=J|Kh;9sg6f04c>jWyCDP%r_-lFM*NPS!cRl zV`rNEjm~Y+o;*eyq~7=2S&2@uV*UYysP@-vZ@VV@XrTY;6fmE1d>?eEa!p-)ty-W) zs#KUuM>@pON1#hXtjRb5k{wVW3E3gJk(#(%#zLOMh!NVbKSpZ3CAt;cY;@R7xZo2@ z!ThdP>Ssc`zqTikDa5M+zc+Mfg19fJkg&xlFfsje5#h)sE;i+NI@BL$g_q5RCQzRDdyr`OZ4GHk7%{sn*+z+{KptYLq(H6hyOiegG$S)2L!`sjKebv zGcspT=OcYkaBbh<=LDvBYA99`kWZ3mSFITt=g|o2Gi~)xLZj0QKmKo|ol|qBQMjgK z+qP}nwrx9KY`bII?sSZfZQHidaWdJ1gI%)^cFk0+AMhSM^{(~Y_jO?cy>UC0kp|qu zOo2lyWSa6spEP!!QAu}sl@+%gYA(#Nl#!0r$z=R8Lzg957m-*{p7zU;3!B6N?iVK# zst2@E3epxFMredEw2w~C7Gu74#c%_HjwtG-vo1NS$Vwn<-Ta5H7G+fcDh};hdIlYR zH?RH2q%H4~$Mf8TOeZwx2xY@CdnIX@biL7%n0r4(KnwJkw@K0YIX$ubX%MVyb8-Zk zm_1bfRR@o1_7+&PZ$H0h&J1m4i<|hWGmEzowf;${9q_v()z~Gg6ILkpiM9Fr(xN4M zYvuq3TiJ;%(CaP4U4bcUl}oL@lrlRXi(K8UAXqu;c0iN6YF5k79B5@JHSRK(w{EAR zVkFcZ&Fqb?8^Cz0|90vE%m|?2TD5=!ceUcT99St%uLa ze>_tzI{v=U?S^Y5ME%gql=pE}E?(6$LjV<#AkL+hbSF2SP~J7_jCaFwQn^ZL-8}@U z(0Gbkj=R)my)?sddjy?l*pMGB7c;? z)Jis|KEItb)I7JFME9mm$I!r7L|ZLJ{)KYIGCtqJA}98ks;cZ|zSof4$md2tv0kIl zAyBR-GpL~sCgi0LxZ>(-OrH&pY5$5ocXD}3nU8>7IW_!Bf@95AhD94kQ(bRdQ@%&v z7tztFld!`RQa*`sGtqXYE^R}Cf7Nlm^L|TOGyyHU)?}Q<%o2z(>10^{KFqqi$N!G0 z99DT;!x%4{UMK-$8LwI@;Dn=Egn0(uW2Q8lKoq6eNtC1-pPF_3zDH4vq1aw6L_$M= z^(%RazzRvyM<{=AK0+be7hUClix^>F#?En9FbpYqk#&nNaVlf^+I8)Tu0B#EU&=q%t zTFD#?;t@T&J}_*E`P+`m0&)cMRsa(}>2>CLAildkbc}{i4VW$T2eMJ&0GYNo1Cx&n z1FA?oIm2K!Xy66E3GQmit-@+c|2d?j$e7&f3E$NzvX=j*6=&!qX-rmc`_EQ+v~43z zP?c<;(<-7=^eV}0Iv2|j>nvVJ1i#0kZ7Am5H5-`-_#zib#tSxWBB;4IL8f7lI#k(- zJ~?Wfj~Pw==CN9uu0Wrh9Yzc)rrwt2Y#N=jJKtDmQbbhkxHM-BsG9r>K8j!PhUN6n zvnk40cpMKap-7Ll(;hjQHJ?qaUPstPOV2hv;Bu;>?=XRucUJ(<$Q!kBdlg2H7q@RW zSV}79TcCho%6QKqELkSQPH#z$N9#`gDw&jD^D6`ddMANdN%qP=z9$;p_g)>q2P0z8 zE0>zIRpgVQ*krCXfT-|5#isH0IzSeS#*jPmo3%1zO6bd2Oj$|~FhsWm6E?AKcy?NX zN^j8uDWT|xBa?#-(@|ICR-W?)!HHnVLMl#DAwvfZ)(|Hrj*FRs5|V>bfRopNY?2?jze*y%Ucs&9dXMXJ!@>ndKE<%Ha%Nv+=om z2X+*r1bq>2$F4CgRv;K|uC3OhB`wv*c>$xsD}^XmX@_qi{1eXOOzn>1n^p_IV<{n% ztfKm3H%zO1$=Xk$;rLKHocR(%U3%Q@B+ku;2rtY7FG{s1$BHs1{odqtn}5$#a+=JCF%=PSt zhOjT>SbVANwoe8aaOlf=5}F`S=kt%NSLqO_R17tf*04Yf*p`DPPf}=sdXdmcQ=_#`f1O0M z;7HuMB3&+7Xu_O_C3QxC=U~1?TUKIKo?868XT5lL)jBkNGZKKJ$^wHcTOl5s$_i9~ z|8$2njMYb1ixIK6Yqi-7U0LZ3H5d?0&>}sa1kE3kqNRV%;lI5oJh0E$^wlp7|L4o*W0 z#^k!_@E{=Nq;l~=h~LBh9*zy6AEc_N_76HO*-JXeSlZD^_rI@Rk2iZMEkcw9cW zPu7vENgO8(x<^=|DgmOA)+J}_G?uP2L?VV$hZsAWg}VrMp<`2WLc=!7V3EszlLM93 z)JO{mhpLu{pW^CjZ?na65fg}HL$0phXVz$}`I*TbFP8NKp!QBIggUAX8RU$HCizgN z5L0-1BT@`I>}lhc$>|VfC*hVA0j#!N3ahn{ChBE3ocb0kqP}$L0**|mrEy1{v(rj; zwzFF-GP(rOC#0^o)zU`6a7uMaponSAz&VK~2^vifULUY3ON;pql0A~Y<)kCMAoLyl zox(sq{;lWUXF%M3BkP1Nb+E4!>~4X%8gT2`=f6EzK^3q}cQLb=f^q190XtnWR}Cv% z8Xbns)xRO=06XY^3FI&`FupRi&BFVBgS2%@E{E$H-K!F6eQm9J?E4*|u=^-R9s5f(|<8l-lz} z-27N_{I*itYEd!>whQr*qQa^Ra+ZH3*f__1dkPrL*XQao*2M>WWxj%Ibb{>`|0FjF z!PKkFAm(OAQkfr(a}|UOmUE7kFfX<81;iBry)f|s!^TC_klg{<$DP(-deMLLiS&cZ zluWaOYn9@=2|p2!^T4|#Y>R|U)mkE?i%u*hfd%<0Z!%>PP4WS>lPQlcAy^JOgEuC3V}Z(TB%N59yFJA#|MMifV~g`@Bec81hg=q$wa z`!ydmTSA?+?~1zII_Qb^@^Lims;@^>-5q(BKqAKSI@mvU!`X&vYm71uVnYExmKihn9{7oN%CLj3->Sc0O53h!rX*VR*zGC?|~E^M*h7dBAPa=Q~qe1 zIXz9=v*3(RnP!N{EB~c8s(5Rs*{nU<(a}PXWv`U>=># zt_d_Q&(cj~VR@mVTEW3^NN76@qCGFs)Z+GvZeQZ3x{vk<$8?FB{e+ct;n%e@67>Pl z5%o*u{2ON^3n5-WuN?xdd&t@Js|K?}P;F!<6LuR^%~$BX+Hxb?kA9t&%k0-bLA5-c z0COh?viq4#lk15lV@w%Reau#;;*cB!aa>upq@BLt?JI2necV&{bgM;iuc4zCXP10a zAQU41;~)iYVD-9KsLm^uVlJC$mz})2P&|ALe&31!CVk zeCnWT;&VZJ+9SChh$5{gepU{=ET`I~cLi))vJRR0(!s7lMln~_P;($1%9N9b%3tK= zd6$UG2`+qG+p@r4T#Q2hyg=!F)*~zNjOE8S=_#*C)ICg?MU+Dwz z_sXm;N4K1e7KMxe@QUf-+alIlMY$?sy{w4k? zzW-I~uxZQLSaWoYp?H}T0cd5&E)Y$3KqjKt{rmxGD-cdE^d7cvMq(khx{E6ig_R{b zF34#>%c*wdyK3l~jCpUCu*q%|YZ~{a*03Gz*1o|e15KyLc#=$ulEzaB8o7z#Wo@7K zF2WisWRSw#s*d^2?5TOw%#f!Gn9J?-sc}U|zJguxZ4aSJEuj?RiD}TmZ2;ureH9L# zH56B$j-XTedy+KHJf{$i^<&d{I_&)gGV5XVj>PR>Syuw7^2Jx=ukwxSOKg7vbQJhiz}zw z@Sl$AMO~o$PW#``9xvi;lH{{veJ*a-c}o>P6&+lpp5Zp3Yq};X^Y+6*ahW)<$F$Vp zxpO0+ABp3&Q~{E8unQd~!=KoMB+dtLp1zw?#evM@QJy9exNBZ4b$!~QhA(!BE&TXT z-D~KsjHKXT;m%n~D4SoK6A_+s*32X9-1r?e^aDVir}yoNs}y*S<4Qq$CKTiOngl#R z?SvMlmgBi(4s|z5N3m!!HZhv2fnJ5T!Xzi8j)y$FiyPcJi+e|#UWiVlkji%6lfQDZ zdsPc_f+TjQMC?+RscyNMy*5anAuv!nxt|qe|$@y-ggX zWrtz1q;Zgz3xspOb%ET@shB%5j+&nsN-5uVI__-6yBzg^uB2hh@pc*6mzZH1u4wDS z@!q`qBHpXjup7rr%$5SCzCgbmU0Z^^dd#j*He7)4170O>@|)LQyN6i_NSW%wA-x3We^eh4#`MyFvQ&0oF&P@l8c9`$dpwL2k zz5{oB8(B){_i-Ib-WqN(Ux@AFC~WTy1R|3Py%uV5K_9BX1?9C2^y+5wa1HZI{(7Ru z%SyAf4y_m6pPN_IK#`k5!~>3TnBD4JVw=QCbij77gq0JQ_|8ck-5BctBw39-nU$(1 zwQ`cw;Wy#R?jYlnOD@{~9%U^RS0~~?bFNi0Y4=<{){OeN=KNM~OAiXaIW zu4C-{FXDtG$|EfvE`|EVkHtk;_tds&|l{y_@V%Nu=p*!g7Na8mWp zYPeq+NBTt@?-@IhOSS@$YLmc>b9DW6yN)$@eKi=w4R>wKeFj zD>yGzv^w^*a*g6l=IWPo3LGm&1sReDb~e9!XO%u3JkKS%&B6Umd7nYJsd zOIe$|Qp=Fuxi%QaujqTy8l+w4y1nH{u3*Y$sZqAIkIu>pj?Z5+lV8h;>+_LDa|2B| zI2XJljy{KyFDqJu8!IJC3|sF8HdCyWmsX(&)LdF>{;2}1rDDj8rtPEcqA-tx-?J9y3DchRzbMW|0o*nqf!leaDXG7Gr4Oul?c zVK2Oo>J6&Ku2yPD6`oIEU#$(hvwE?NWhUYFQWrw!nGbPKg*(Z@RYOftgZ)JC{;bBS z<1Y=+do7M_tK=0Hm)-K{lZJsJdoXiBTlbDo=Az!*^TqraD`1ga*b^+{!0aAQ7M{V@ zqnz2{61!{wDXHiyWq1sIk_e@jYdc6)AI`r8DWV0xshUZ3u zSZ=C&5;81T{)#coac`}mF-)149Cgkbz9tw}mQw`Hw|*k(oO3>G$RiQ4uJ(Z=Cg=WV zvoax=gGOstAkrT3Q-*u2F}?RkMteW0f)h~x&2C_jP`t=Ph1nZ;*mF{`oT``G!J??fGc6eYQPh^4@A^m7#+lT8t>biq7sAFRnDD zw)7OsBa1{9iFUF~V>_oab0}dKMfQUN36+#VB!YCu*-{$HZvlrCro42uG8wa%`L!L{ zNv$X}k2&*LiDQ*8d*1f79g9aA0BFQm zkhWKC;TS98TvRl!JzeKII8Ia+Jn9j*^=6_*h-|+s6i(nLS1NojRspQcKRzICrTzBQ zq1JwVi}$;%!X;kiw@vc)oG>#A#edVFZgfGvqx!GziZ6=Ls5P3}6M2jnYnhqi#(OjA zpW8&Ag4WIv@s7)th-(+QFyU)KE^tlXa?qiEOzlmxYXd#rT>*XX+zep4SMJvo6{+nQ1@AUO>OD z6p9@uH|)4|=V?i~&h^qo)gXx^S=gZh`*+9|y9u~2&FO^klmxWK)9a@$((&# zRS}M+l7AF>r<@ghP*&T+Ldg^{p)gVqw1X7Wc5g9^vXVWT_^&hQx>OE(MUTe0`aYk? zP8U3WIg(#oM>$HzSFe_|H_ijZx)BGt9N)_3qJ*V}EE;ENU7AC7M7hjxVFy$vt>vN3 zd%~}&G*9Fs!?-*eN#e6W8svy1Z3h z6*9jj9rCMH!j$?}hM&|k5xs!#<3Di4WxQfX_(FDkl2sG<60j?zCZ9RdDczV$n)#F_}F6bi|6^ekP z5Ott>R!X?JGU}&_OhH|v^BHAdWA-gXOD@CPDTWR%l>Ai{mZa4?n_YQfQ@5Ipd386Y zNiMrT3`fZ7Y{5Z-r1C*>vE<3o6qZ(DmkQF-zO)jKYgt)^)!apZI`sP$bwvnfSxV*P zQWlF}o=`TRW83$;N+ia1B>JIqYs7-a&ju7lU0+!R)6bFa3Tbl1Up}AlDZ*+`*+}d) zq!uIosKZ%a0;npdjDSQbu)sQB&qZ2m>z zIOPL_^6mM4*zVCEsOXR;b00UwXA2ae})!;R&CcmDLCk-Qq6&+YV#LdH@4Wcdr67*mbW50d!S zhIh%>mt8?3@Lx?=waYF~ko@&OBMQ>-1>3yEDQ$ZrDp}Sdwsyn&rJ*ivM`2HbJnDDr zh0FNLQ7t^lFUbBUu*`|@kj6O9)qnTEAL$APH6Zj3KI&*u$}guK7;0m5OsKN`PU0gn zz9?WadC&agY;?d|?<%M50kg=KZi#z+PpocKTqvB$EfnWMFK~Cp7J(E19Pt?L5ce?0 z9C&~%ye~l=8B>Ab0b9orkMFn-!8?2{)Cgl?=3&%XJT$A{F6nH^71$=JVo&%w0DipW za=6If@3Riz1KZpIxA(`p?{Gobhu6ZF=IdAG6wuG&Nw$jl#T#%HFUfEm6AK%~QDBwR z2fHwW`~xT}^%cf|oJ|r^4JilWjpUK6!jr@!R}%r zrn^nR0wrssrsPMdJNmEiWJDDWD>u95F;^bb+in|@j&GOpCocs{SM|qdz|h)1cdypZ zx6Yj)%j_uvwe3NV+a2EJxBm{EEGTMKh?C3uxzMafwYaR2z24*`A-Ac6D)%wFZe!%? zi`VAq&z9g224dkD1+T69`_<>efkk?5uEz{d7Y4mM*1quH)__gB{3ZnV0>oJc+s}2L ztH$l@<2z@Y!Q9sJT83C+*3A|AQ@e*J=NL{%Pys6s-SuH(=|c_5I`%gZCVO;9a!RrSZJ- z&%e5Lh3ZUix zGomkX68rxW(Fcwv?7Yk6#Q%lat3-+ks-?uqyONE|x2Rb%({25=j`P9!vHtRFj7RVr zpXN%hC)(t**P@wR0N2bv$0SMXOW(IC3n7vXboXoJ%PNrl6gW2}7>LI?QgOdH&~}

w)BPB!;_+PAe}wI1A}EWbm#O!GYXWj+(wk{9cfNZrlMaRX$hG!MKR)f=BOfFOAtY zqq=-aFMdMbgoT(c0Ly$qkRXYfodrpH!VQV$RuopQ1tG(k!HCl(+_jQh{njg$93gs$ zHR@w%=ARTb$-ZQi0}QE5EE#!K@fZ~iRbnyiJO?kOWeBPf zPA(|v7O35?5cv=CPPbbD1A1qwGV+VI+u@Ne_=oc;I%U0qV{-3)ML3G-#dee^K2S@D z4Z5q3n@yyDz~eA7&J&vvfapk(6w$kNh99pavaH$%$+Z^{`l+XiFy{2yrOIFT`k0S2 zi?DQ)ugOt%EsbL;mD))yn6)KZ5&7h~V#k3NWpe~Xh zhCsmmj@oK7kXKCMvg%3=VYkZ=Ko|*Bse9{z!W-+vnYV1dUuHX`Dr$vd^{Zf;cFpZ?^Q62v$(BL!zz^=Cx8&mvc~7&Bl%$))eO>17~Vv^0TAGqqA)QRhgoDOkb;s@Ug5dO)+y9+Gyjx# zr`)VdCE>w-^K)6@bIioQ4^I5e;j0c8)s=y=3uo9CpRLYRg;IXpNS}2$N#9Qv0FQQ7 zDP9VE$4v~V9Oz>ERhkkmXfwKR+8@&hr-T7^9dx>zJ)4E=i@x0LYfL|;5LDBWB!cOk zW}LBP)XfjMl+(z>g864+NNbS#KslV*qMG*vStFO)V%iB5v3Nz#VNiIs-rH>9*z_Lr zAtP=ezHjigSDcIc^V0E8&Wq40;-z$Imr<&I3E5W-j%K-6Ai*FD!OT0~0J7KSA6LqO zx&GzherSkNbbXBnp92&Po(I+qzpCGRVuBv|78*VGU#XG3$pz@7ba8AS%14WyRp9S- z-FTBR^U#=#xX=UCLRQ}k!Yr3L&WhmE;-3|u(4%YJxBJW~i^I5@UElPpZAa0QUK2N+ z`!Af_kWsL=*3RUP=?hoZbN&(%CC7KWw=bQ~WmN5I-ZwPi4T-VHHtRDrl+aJ2QvqVML*Ip21mD$$;$L zCM0^YxLzE91U{WXs9MsYw*SHa7IZ!kU7Z~axB{~~p4p<#dx;-Abfwf24r|j5=%P!CzYe=dIpD+Sl{=H4pex7`PeDE7 z$|D+Ep@r7#-!8eOLA6-2=Fn_CS2K}}0lqogFE2L}Ep;k;tnyt8=B!H>yzpYvZ=Q9w z(dGCYtB_}{gILzj@{_Hk&PS6U+l6^_@5U^(&A?n> zFA7S5e~&t?8?{^@4!zdAnA^i!==~Ln;~uB%xzJYg=L<0WPZ(?B%%Gl=?(r{TYxHiJK-T|omdJFdOqR(2CYuSq6Y&Lkz6K1l zk41Y<|CAI+`7&h43bOMtA4iGj(72hM$5xZvp;K-yfKd-;w*1}@(;vYh9_--1Z8>#Njt%w-!52j{5Rt>e`~Bt${ZLjA9tFFMZKLQ zwug#E|EKvozsoT|?mz>hyC=Lygxmoh!RSCTY28f`Y8blJU*DAT%*|yKXZc?qkgWFY z0o&`>KSzs4Eo;rcbgR-EuF0;^#+o?N#dB6{S&+6P)ys$;IJa$XB>2Op1%qWqD#(#5^EmmCNbK3CsG&^4m*$35^Q?m#5ar{!Q)3CknlOXYa zqI2UOkXYi0dc5>vK<|=z^ku$U*^ZXT+p&Fe4jym#2L`;CbCQxgR&UZD~Cs(@qRY9KUA7g7;SJ+$ru;NH>LZ zh&bgZhD%Hsf-4VEZ!wwP7`P%yR!H`X!hpzDHBp=bC)w+C=*!lYL5EB>B#|8^PQL@x z15CF|g(e$b+|Y6Zgl+;S3+4LoEV2o6yh;4@e0TMnB91TG{O@5M{0XH*yqcOG4>0%J zby9Xiwvz^6-qR;|Ctk5_{!6N5QYZOgmjUaqU*57?a@WKOYyXC$Om|*Dx+T3DY3!~X z9uZHlHV``kn~+y^b0@xf7?=VK7M{pji|8%{4mQlH9M;uD z$`oCX#4d**+`=8i9r`?!{5?w%Mo9}0^Y>91c1{v9jzLFtyUmFrEw)x>JxqN|M0s1< zzOmfuPe^1+z=Yt0_iam6_3e`QawA#sQT{4SI2>}1e_pr!a33m5LEMMgt@G{<+`VoK z$h@XxjkCf=zphU zv9m^Av|2d8GjNa^oDl<(8T(>$n9FVITR!_29STtQXa~*5w)0mkiThy#k)tR$DGg4> z#U72*wSR)dc_Xo_C48z9rKn{XC0IEOQrvolBpVSmk#}lBQqhb3)IPLMhH#v&?(7C) z%0MzK<;@5QG}s<$OBuqDM(6H+Af}&4X2`4jRSS4sB6+3393Fb{)xW8;Ge}KI!+;}8 zi4pUyv*_-ujZcN$R32Nj)UpiL_5W>R z`iq%nDJz}iHYdiKG}&!sw>q8C&wUUo@NrM-Gc~w;llbqrqD9yy?(+S}LdUc(1Tl%AVCiuw_yuc#llJxSq`7{EF_M z4aQNA(jgXy$e}kT#(d!sG%F@L32^&p4cH<^lLAoB4ngsf$$vOYBC=+j=RKORsmT7&I)(Z zG;KJFibZBl&$AhGj5(q%pRZnAi%!$hu)zd-55_kvOGQgq)4}od*D4ejd)0|ibJb55 zXs%LP1RVL8wqz6WusX?$97Zb&#Xmd{BU~(x#u|3d&}O*I0u(v7Y4nH&TQ2D|!84`M zRF)3o8*}UKI~JZlWRictJ+Ipm!bCrli>`vfuKY$Lj4)Vb^dY9D#K!O*kVNyg%QJHs zSXF-<8~OKcIG47J$()S9DH!e;Ia_(arh|m4urNPTj&Wjn>MnaFfMDKbO^hD4u-R#)S_dqyFA zz61`IJ`;*``>P85uI*rFgTFP>Xx5TiqM=45u)3VWCq8*Oq^y!+C@f=ctoa7t+GOn&(DeP0_gH*iTi?^X0w;YdMcQlCenLbE_?Y-_|PH%6bgJ zX_&QVTU&bffijZ}=KBDw(1|e#ExgD#=f8{q6i7r+Wp>DuODjk3A%I=I8%M~sEU0v> zgA@#be;svb%$JO7$rkvl+KD2Hq;iQd)F(6)a|Ww;>l!wRVR<~kw6>lVM=`v_r^Sd5 z196)q{_FduJD{P!GwHHaI+Xfou!0OZdt#fKnBXk)P6Qi?Qb#pjz8lD z{8^@-@()HQw{dXk9D;bx6iH4^N*UT;wX6F!WF|c9#!(eZ*W7(rtw}+34O#s)8|SC2fP$Cf#PH!ZH%RyOB+X8lDaa@KWe{QWWP7b}6aWk}6^~-dzGSB4-N)ouDvB~FsIda8tzF|4z*0_iqcbI4ixoU?%a4N$%q$?wFAoU1U72_Evh3T1nl7vIkEEhI&iiB#yRNm808I8|&L<#40uvGiF^2fMQ zIUf`-31a!@Stc}hJW7ZB?)|4hHA>;_4Gem`9SwSTQdg>T0ArW<7+MktgpFS`U_z+< zc4v(JQ}Qg43w?O^5dt!7QSCeI+O#$YnIvuY4eUpVul>s{0UdCAl(8n$;gtNt&h z2*7=aKIv0n!TP^~Y;267bUp{c&01TP&{n#W$Cvw85Y8#X(-v;)&B}5cRb)$au}NO* zi7vn|`JRX^4Fx#zdxxkTE>iKX~rdS6Z#uca-I3) zJk)b+{nc*DQ)1=vB$@G|tTKv+U(gBGI^8b-cniTj$xaNFkqZ^@uxEKcolN|l*|jYP zL1*1Xq>@vNiHtHW)RFJ%`alXgfb9pF!_YCP{MhTT(#B&HNm#Hqr$5<0eht?vOwRkd zK46(ZDZ!GO2}yr;l?VhYb;rj_M@MI5Y)<$BOl{WaVKMK>dvHf3-+8#zv}-dNV%8B$ zl+*Ps!!RKP=^nz7(>a>~?|%eq`=V}=)AIrv;IC1EigZpSVBD_> zJ!S*Ea`&F%s$ob#;i)VFWGMaAIgD)48UuSFmIHaxiEHeoWjIRIgP37Kl_17_2!t+u zn@W%l{@u4$yNgVcG2#ycjpo0;zy!?Qq-VLc6TfVBwrUVJ?V zhUFEH;XD-GVTS!jMs7&~lOAQg!OK1@MtNS9Pcra)uz4Z7P1pJfyg8FSi5>TZ$jo;# zZA=K+u+23$G)>}r+xAA&7EyH4H8wOBcNzt}-M;TIYQOv_hp9%j>g~J?mC{0mQ zc+}A6uBQFf7(XXG@^y+Zf^zon#0(K&%1rrstavw!Xzbhd?n`eaPnFUmO7O`b7_aJv z;pk_QW-|jVnd>`Lv&8D@zt$$UQdn+Sj(e+i+vmXPPM8O$qF0BT05vEFWGdcjaX4N{ zx`5HL6t=~|u+~&zs~g)=7_)C}ue09lLJ(s?>z3leJ;Nrpf%Srs2%m%PNUJJX%H?w7 zpG200oI?#t&f>ls-4m`R5wzJY-;0?A^wC-ZI!N!xyD7FNxH^6%lWH&V*)UHjd|k*I z=Wray)r?rr@5KZ8N3VXBi2(WF*osQS+;+O2+G}qQQnKL0mL}%Zl$b|dK8inT(GuOi zI|DwQI@pdS*1H>i1h+k>rRT;?)Md!<>?AkIooppN+TK(_B^)5M+QNNh#tjnPu{PDB zvJVx8qH6I@pQ|&@%rwM^rDLSC5KyL%4j^4CqoLkJ~h9JV}Aa$N-Oi-FmszrsgO7&^xU8D0 zD_7IgZ$3o>e-mjY2}oe%lV7A0$P{k1qQWQyrH&pNG>Tp9({2tf(s|SQg^{JYXB7Cl z;D*r2X{c~TL@5>%Q3fB7)gZK-R~7J6CsP&uraW--;^w%MzFK_jF%kV^t1%+)NUO~zytsY|#woJ{8k;b!9(DtHn^p$d6 z(>i9AnY8&D=P)u9cF3C#5>)j*=Fe0NmVcc{+iB?J7#grSSK+&x7rRwMloYWQJ7Ga5AGiIe822E7jsUQkGS&-wsimN9_ zNcHz6C+4oCe9ZJ6n9|Qayn3~PPK@10zMbuM-9QNNlEJ83H*@ZHriwb4>2$wHCmx5B z1koT9$& zoCx)W;S6AX(FlM|#C`aRQkL6Cw`f309xA@=+o-Q8CL$eu6}c5SgbKCX?*z?2>E|>U zxvn-xAIm3e4C*n&+Fkp&PdWM)mHgLi%vLy3IYOozM(!3)o&}GBN4=ztEwh(zS37h1 zU2^puP^UEXlM)x|HWDc4xD2#w#EEM}JauH$g~8ayQ4Zufp5?$$amZ7Dd{kE~Y-}|K zPN;2N$uHLB5=t)hlsV9*w=wzAGU&HYe35Q^Y+Uc(UM}E~bbT{`*RNVotw&9SzU_~{ zlPv_oq2`t3QU}5xTVTn z9ODJcV<;r{m6O$4X5~Dl5ASw1?8#B(?4RZ=a;mDS`P469D;l|N7dmr>B?pm`5{8?b zwlL<_?C;Zo?4Ia>{Osw?x(4=4dG6-6@z?|PkKs}1Z6to{MtU)r(q_N_Y~I;m=JI&Y zeL&3|E6(?H3XeARWQHQM-&%8YvDsQP6L91B09>bAmA#@Xc>_jPOeBolrwQ`)`Se6n zDa>+L0az%MRSdGE_P_s@;_zf}vrRUh^s9Ff#jw9j;Bnx!ujC0r1KpUJhj&mL4`As0 z24^;Hw%xfno*(AUSCvZQ;9MiIA2w^3hKCdH;#he)qktN?pK(S6CHZ?lqwz`~v}tyR zJ;|Xyfuk+KLPELVu8X8Cu@Ci|;()=4ah!&-+fsqnvQJ?5JxtM0+(m+m8!Z$2h-i4yR~E+78<7860jeF!7MoIx&ok0KfP2e~Od3UZpC2 z-FUG)6QZq#XMA?Jw6`~BZ#-YM0vlR$-}@`)5^hgDRkVtn9C@`h_I$eUjGj$jfTNz( z9hgL4Cff6xokK#pln%j8T(5LZQ;iDDwe#_D)^V&Ci^I4PCkDTR_zv=AJOEAXl96FS z5peXNRq#%&l2y;x%Q&HZL)uCN{7KJeZx<8@VXN@9=>|A~h&R$^{BBeDUl<3PAVF+5 zJ#QC;5xCz1XT|1gC_lGUO{6o?ic>IG3ye8ZS#!VUr15EO^WY72hZ&4!f&`IPXCgs`LT2l^HQCy;b(swMwHd%--w zB|{W;>NEi=7a`-VI3s3`78fp&^hv;59lNlIX-4o+++O^J3)el+{;+baU>ec&0dK&e z^?7^RdT?C5LV5YLx2_ItJUc5`D0x4_40Osnz?VrP@6vBeYxRW_VfY3f#CD< zSxkKvcTx0)K>V_Wq@0q7S(bh%==SJX;PX^B0Sdv#%j-30-{A{NqKqK7;W0p^CAe<* z9A@?|&RI0zc+R5iQLg?wl?-a~7AuTKED#ylug5>DgxL zb65fV4d|+2xGpXPb=g~gVX(DKivuI~pQcf%Hs`-E!51-aMC zvy05rE_q;&&weidf>2@I+h#M;lZwRa)|C93uSx~UxTav=^RH^oBn*jHYbBg0qx|j6 z*_7}dfyz3!+b)+)Q9%*sa%pc*LH4m@iR-Ib+p(!-b(>gWgn`$dT?P(yUHJhB90{^+ z?|ouH166s{@}$Js*Vh{$Vmxm6qkbe4wzO69iI{~?;z7W@b@Tkd?HBi*wNr}U>2&C= zHXURl{vD2G4GeNYsUvNNe(O~fhe=DwW^l!B$c}IhPv;aFxXq>;M>1)M+VKKYXma3a zGkZ@BPdIKQe@gIOitH9ek-_evZGW;t@h?B!QV6}4;wGw~dfEE3IU@un*VQH7+~Bs8 zXTKMuM(@a#n@_zLWZ(diqV&oORMQIk&Nd1!>{b`I4o*fWUx;4z(u4|806^&EeD*5@ zq^+MW)ZC{bg0LYq@BXQoc8gVs)L~$mo5ti#z&f}t$_>kW6t*$zVF$2 zrK`8>Um(av?eRBTI~MIrGdSLCMsGw;hL6CgD3eP@0B%66s(t7O$6 zG6e#5SG2K za6iAIr_ja-6%h}SjwoY!!b$f?z8LUxzCjagE8m3RV3i6;j7(|Xx3!N==*{wrtKTt6 z_FVeDztOzu8ZnOw6Q{HAKWlP=j>dyE3-h#va)0L}fYaCf!ZYtcbS#$*yT5@UUX4mXHGv(y>>b<@-lxzRf=< z7AaQW91P;OJF9}~F^|d?V9Qf3afz&WEY+(2J4@C8>82w`;Nl?W8LPDZv|E#VjkbZz z;P;+&F7C_!`Q=j1f`OL#MNbx116FEtOCw%DbqF7GK0|Ein)F$G$9ec2_${8|qw8?E8JL>$B=@ zXX#wxX-!A&`~7l_^Ydn9<=b8A`>%lnxl>egPU3*UD?esxhamXv#eG;odbD82M<$!F zd)zH&^UZ%gj=}4gwXldD2%Oq65efxMkq}FuMj|D5A`Wigg#78c+L+Oo{deA|t5!%{ zK%Q6s!UvOhNb}ta67<#^*b^+)d!Oq*9B^9_VQ1_O+q(>Qu$veqzs$7kAvG1yb450; z>DQ_ClANt7#Ezn)3~?Mc-kFFac&~DguN@la{I^y&HtO)3g3hb2R+^VDf+IHsTmmS$ zHIH-6Zd?NXM7%#wGxZitd;HJ{OLuK-4XnxpOZn_(VB^rd@o+0RI!>hS^4a(mpqwU{ z5h5TmU^57`z9_G{hWo0MSB7e#nr0ArV7XKTrXvE&tixWTDvTy&6A@i`BzCmz&7)L0 zgE$#J0-IER@G_3fR>{P8QJWyaw9M_^Z9(R*C-L_61S$n5nTdO&Co8yAi zWLTf*0M-1+n6|~M=7Has}rTls3;tyk)HqI-VvVz0uDUL+GysZ9u2yvR2VNPD7 ze!s6Sei@Es8AeDQvL~EqFx=!_Myiv=N;F~l9{`R(ald4>%Yh%jDTw3`?SkMQEyu4( zbN9i=j9zy3e@b(CJ^;L2J|wW={eYpal2F<9M_qSxKVXLL^j?refIEzUO&j4~v0re) z@7?`XI=0mJy2OJXravge+zXQE&h#u6)Bb(zcdssA9pN%ZX24xS#`nWjM95I4DcqtU zC3S36ILRLLmQt&Zf#V@Hdrpt<{DJN*6$PFcN;}qztObR9HnkicQnqzIgU6Qkz`ZFH zlPg85ko*dJAdLJNj)ic{qqAP8=ecI=qu98U0bTy{7FCRFm{$KHt$so83lB?OoDTA1 zGDtMO1>!_^#lY>1FmC^a-bksX;J{DIN*@=z(|9${a@!iCFCg3Fmt8y#w(C&z z;+075*rc^+@%_~iaDF#-gZS{VrKje7zER5?TPuCfo)_a;ANORJS5Se>2CmzUdtIjW zA1?web}-58CpSF?L2851R5nRv?~%`jy4NRSILKBjXZKzfZ~RQt&XVZ7RO1I@P}w7r&qf+SB>6N2P?g%6bHIArACA2~=I!g?!JddX zzQ3VBb>WSIvA#TTkbWO;7EtSb!Xo50^#(1C#=EY-qVxu@@T&@wD-K=~f zZEfV=Xpzj%oi6l+hU0d1tQGi(L^zFNK59NIJ7|e!5?Rk!H0)_iI3-B@EEP8x)|#2J zIHxbr$RZ6v|Fj*COD+g%*YSFM-h?+Y#sJ_5vV<0yV#aJ+YH@4kX=HDSlJ_7~@e-Po zNe}4C9#FH%zF%3rO%G^P&<)v&Az>6VNs6fqrFu_}QjMIVk?@J?k44y1JR+fX#gBh|j$D#WcBQsZcI+kVV6_@j-={7IkYe zU_iTUH$)Z)G68g7L!UW8c&NT04VgAaWFVy8e5bDqLp%FN@&#}9#i7}4WLq8jHTi=r zk2%(dc9ETVfnc47S|Lx@XIdd?OJsHB3oa2H^IvO?ph??! z??FEqu7^G*&L>du`mC2#qUzcDe0No;o!PLf=qwUx>>fq_<|fAW{T~UYS2@R!fTJY( zOqy-YayOM7iO3ZyR&_$-Wwx3@icTG6X=aON-THX_%Qv5ngA9`YJgBtN@Pkb*H&jtJ znXT9DoyKnMbnm475)-Q*M-y59XHIPL_%lrEtSGebf%{BjB2i(e)3Gb5s<@T=LI}({ zcMsgGeVlXhvKX!&c8bh(E^e73vd4eetQbR`r;b3+mzfAL-~T6O!W`>dmA>d)q^iOG z!{%ZZU12(c%)svv<0HIA#EodbMaru7&g=Fo_=8Fo+i{ItH_F0wqfGXsW#z(&qr>pz zUGDep^cWQGb;&l`)G5kl4jOO1h_DiAX1{sx>iF>VC_y}!-WnbjW@_>9=;YolKA&xj zwYO<4ekBR4it^}V6hptpyiURLSCl%rIyNaPo$#S3rd>{C>L<(W9HO~xWH?wpJiE+h z^qRr&wffMzNs6xWKW;Zk80%b>l6Lkl)YXskboFC~uJYTl`Fol?mC?O+%H<1IgWcM@ zxJy<(67aq zUYe9)`m;8bhi!#^s0vXxjah<>dDruYKClmaZgAc;-!}8Lylr`V*I#Tk&w?Uld~#3DB2*%>?_dh5&JIeD$bGt}G7_q0mbQ4r_Fx+t;KiTOcWF(B`krtye- zV#{7sOvD2sH-=q-4O{m`&;~@+N-2R1`4Y@LpxD@xdX!9pqE~We5_=ZX`TfxS*&;jM z*V;8-=kY>ds<_Q7Y#Gr{RX43qG^G*&vKS-o!MA;N#u`l6-afa ziT3q=tv;(fJAKJU3)f?HVWxM<5E!*e}-E-YerI-gg0bA2tw8v|#P#Z6)UX9vbqbJoh{QQx=udeF# zHfS8{wXmgU)Pv^@F(!OYpF2Bxy#`_A#|?r`HC|F1^&P55@Yd-`^`%~KjmE!9Jz3#n zq8hu@{|$m#rS{gI>Gjs>O@n&7wh`9jpL`U29@aOEeiE$bRO2OmKGWu8gGTwRA?8Y_ z7pk{Tm|mx{jUP3v(mXVH4~+5g8Q_$(LA75}4GwRGzQ2^U^?q`EKNk?O27PW2j-FH7 zKN8fMF}_+Oe6vbzR0$W)c+dIlbKDu@TPKLCyuGI(4jXk*7N5}kJvZocmUYBgx!n1U z)bO~+sFgiq%=SwxxT@a)Xpn{pQNd+pWSNX7r|OElNQI%?X6+y^=K#4{jK&#nh5;;& zNFDSlDX2hzMtuILt0U;LWVnY~gE{C}K=XZ=+hIHe!@cEgJ`lQ%v2TX@)@PiV;}f1O z8t%vlczvHVBoC4}#4?-*fp_`W?3SRV2Z5!zC+)nR8vbQoxD+h#VF1r+&zOEl@v=Zc6`*Ci)bjqbyLosIwOl$zBDRlVG>_L++UwT-d}%c@qYd9 zkuvE^NceM#_^TUFzlr$YMEq|e{@fxyLE50&Yeqjgj#pN~HeM2p8eb1I<1eYb6{DX& zJ`Y#WI(=Vz8m@s2nwcF=r8T|YQ|f1xW1WwmYVYoZBd+fX+R^GgCsTUIz=(&!UAH!07ZE)&t)WYXa>3hSV>nf*Qz9&2lF~a9; zwb}$Cia+n94csAocrgU#~<{Bt(_dR9<;+FcJg_f9k`c1vP(B$Bg!LL@Gw3H zwMo8A!a%y~j=XCJ-I=1N^ci?w>LB1>{M62LdkE|4*>(bsnCplLz(y)qCcJJh!#KZ6 z0#H9XUtSuRVVBo;>ss(pO{`HwqI=(?WM%^MB@~P!G0UcINBw_HfQraIcFc!3TO@$) zRr?aQr77VmvQULJn_woAh$a%8HAIEBmTB>2cW&0Y*LB8DDfVQheCAq=3Iou8K-`IF z)Cq;_dD3$|EX`HtCpsh79A^27%sx-5;SrVBimeX%0HQN!JZn>vX>$ z0?!u_4h7Wl;2d}Dbtg_wf*STF0jshC%4;3J?-VI-04tok9cL1V&Nw(yc*(o~Q|!R= zZV?-+4g4`iLqMevwsG!sp&Z3F9HJAD*MW{)`oKl|PPf9?5wK`Hlic|ek*z0iT?&j< z(N$uY+n{Z=T@eGa;+ZWii9snV4uZqDM6{wQqP`P@|MZD{w*c9RKg2T2Y3s7FQV`*UliFtN&1Ak-u&>mmrD8#Apjb@r zSnK4Nqfs5BA{y-X$sraSX+hY8@#+UOV5T6}1f5mmG^A=Ex8p zW;C&}=rFe)b}TZh5&J^_Vq;0-r50i+v23elOOD0158yoq@_!65tRHak#4CbNrkIG* zElJ`9l4Q`(>eE%=N|AV%Phji!KYH-}DgL0qpi(h+;rDv}O~8xg6h9^hyl!C~p9+Zw zFP4JB`ie5&5Ic-IWp6{{TlyPBEwKbMjrxjFh(}cE1iU2w6?DRjD_P9%55rRU!%_&{ zoMjpOZYk0Op;VQjA9|t4M#`0n@`^2XYo^>4Wmc3~?#^yGHmpAMG48Lo)JDn-N)`gv zl|Tl{XKX~)Qitw`ribp4#uerzD1v25PC%q!ZyyQj6Qr)_6*@9A0g^R!-=V%@!V@##C|^p5Zanh-SZEA>Q| zPVcc(Pumlxbs-5AU#ky>B!8dXcFQAQLNygJ#4qe+M`#yYWz=9@gSDf}G|DsJeO4b1nnSG$D2zG}&tI zH(MvodbaW$Bdz_~N&U4}V>!OJt(YS_7KdUy->oE7xX-hQb>mLs<>@O`Fct%OcQP1w zl4hBM1~PTWN3s$9}M%NS5V=l)K8;=}ov(rduJ7qZv+d|;M>a>)0> z#I`6DO9L8J6d->}t2)t-N8aJQ7L5Zr1DRj>BO>f`ZqYFw-Jy0w$Z$x7dSBU3dQ0&u z_E;RnWi<`X7?mR!J)%tqsf5s@xg%6h9*F=G9RlE z%0_Rlyv~)2L1m$a8;B%(0!zYTp@5A?39X2f-?nGq4q<-a+0u2zCpDOLHfcr+W-nm}kJQlzWv(Zf@nG6iYttP>Qy!Xj z7M#FSjdCtssk>>P-?h=~LuVwWFagFzv5G=C?a07#KKRF8WLtot8YtF8NLlIW@eknkhhCN8(F^L z0|u1tu-77dEG=4goNW9R@&xc%V*8CK~Yx=3xBiL({w0;XanSOOTm;V^ut+rXgpB8 zwCEsFs4!&zz>hKu&?ri-3+#Fxpy8qH^{vPXn8e22Q zm|?+x@x^Xg=&Flbx!KnF=c&0;BxJkwdAXWdl*Vs%aoPy9BKBBR&NvErKp@=51n-Kb z3)fmxnFMT^pXhel;*N{tB&8*Y-7^83DwON)SJ>Afv)LL4*~M^WH8O(;uIkJye*a$j z^F{E&?%L161ZYA^(zGYJBC4ZQ6i;Sisn~uoMM^Z4MPDlkzB65HOnnB)9QD()SeHkJ1H4 zgNK|0*4v?lh4d&O@r^)jv)`wQ#v+*(23`QRAGg;?q3tEwCptU_7a>fbKJS9l83k{>%Nd03dHBHt@B)jFo}CAT>t79bE(Q=;`~+(&ci(j%q)EtguKBsw`$Mnw z`PTX8T((XNZt^E?oOwR|&*=hCwls^3R&-?{vx9TJ7(m z+s>@q78%pkJk74yHs^2_wYFLFKSkc=MEtjrxFckqB4Q?S#4jM<2u45>j=<+^GER)F z=azGf=4X_2%&t$9b>cH209f60R%}@1N}mtUIcq?;DEH{OkjH+z&1pobJ>*> zTutAb0Nm_5)6Dx4w2}nN+>_8^G;v2lgHyHkp`^YW8LkgoDUo?IY(>iTVwR0aRr-(H zhH&!a#LT`0>64bE+R@AWr))JypMS%R2D<&%*k)*b^C&Zj$=S9TgJkF4UbKd1++6f7 zXWv>l?x}M2Z3Ro;ds9JM_UH)*9*sDYWC2iGKf?_I)|um+Gy5?I+DU{KIpm;~e)1Uy z&HTe74wN-cIED+^JvWumiEXCijjHvZce=qzRP!^(*+!qcnT|Gk#s8R-4btx4@n8e} z{)?PzX!Y}B4Iy*JQ;kW^^Pg$7wr4%k=-r;-M8l_mSD)cLgT-gqc}@;@4ma5wIHI72 zFyN}pzTb6G7mNnSXjMWPLY+W@|h3|0~*9&kNyQUDQdw_RHKqR1VxX; zK$LeG&R$|`$$r^R4oO)oS(VR{-MfLV8A3zXCF%93z6PBVCkXM7`?`fqFL6J@68}P_ zg@c;>7IdZtpDLw9n=%~Jz`sEQ6Q>8f zuzRQCZs8g*DsqS1l8D@Shc;$E6~GZ<^~2h$Za z+~>?4FT}&APf7QVHlW<6Hry{WiHSP5n|r{hElwV#lnFv6XxP7I1}DcSMT?LH&OcMA znMj!*Dd}jOaoX%8Kva_x6`9h{ZucD^^0brzD&b6Hs8a@*1W^u9aM3IS)EI7t0cH$m_Zi=;*5rul524ymf%#8|ubMJ;_5R>dJYeBvqsP$God+T~+uX{Jo z?X$!ul(hI)xN$T8*e0!fzlXgA*0U&A77 z9^m5qt)*$Nd9E)x(x~n-VtT1%xU!mEO09)X-fBDUj{Q-pd8biw=B()cNE3VJ;Q9zuG`X=49O+RqlCO#e4Wu(EWs`Tq;c&nDZZ;CTv;BLFgO)n=V| z8r-cc)#7N41dvO&uu#{TiM}tfT+NoItVS3lRXz|8T#W^fiUxq35t1g-@O02CbIC0P zF*|cL6-!Dy$CJg(@?wmSsjuyxfAbgNWtqZ9Vo)3*;5XX4wdUUGabp@9@~4B5+wnn8 zrm&I(U%HcdY#Uh=IhZZGC8J?L z*5`5F_|yTNcdlgo9qPFx9y)tPqSIsW?=Vd}?<92L2U|D;Wra$aGPkFiwI#=1z<=j( zUi>IJZR?qg7oOU?NW8PTdzcWaElWRDpz+j>#*%N`qqA0LyzE_V)ziBgPtWmZ^i@PR z&wy0T8Ds8lT0Ba!b}}P6|HNL(aOznIR5L-If6gtY)S3I4l{){-j>-t`84w!g^oaM< z)b3?!G$VHAYgOda+?*|Pc=O=b+FoMJaA|8ibVg1e?P8>rrHhfJNBRaEk@f610BAcT zchBSmU*T^0gjEGhQhmy*Mq287XZXrDNOqN(y}B?)r{ikl)12>vX~U$s;+bUwF_QRz za_O!Cp*MiA{g0Xa$ISgrYyX0Wibo-c1jUH5{<{>DdDBv!Q(e&(!fibAh7{|0G6*Ka zp+6ccDb5!2VQ4#>Xm~=zl)@gvKr{yf>$xXEZ9_qx<5XgVN+^`e0i~dRx3Xwa#w5X~ zxK! z9r<71{{8v?1cjGZD%I!9!Kkw=MEpwU;o4Y%e^1xf@o)9n#)|$I{;jR7JX`y(>dMoN zjb|%s8}NOly1Mpk<-ge93Xyy;E9&pxrN zAD^6i17~!HGC&{WkuQl%Ya{xL+g{)AqO%G4@0W;84$*3OjO=qb@~^$FOKvb^=}SH@ zl!(J4KgU6rQVIlA518$y=o*W3E}*<0yjP?-q=X;9w;bV<;GFx{F0a{9=mLK2b=;Eh z%|Wq|(lmsP!uX&vuNHO-8t(KQukVg3iQR!_HO$EFz<9fpj(hJOg`MF5!X8NT{#CbIF-xvk%S{WaAhb{mxA+4f1$ARSAMSx1qOat zNVEY(oxz=GABMxh`=bClbBA`{lYkqMyMrz~1=u6iIZCy|5jRGg^O1+HCX{ZKuoU-Y@g4m48*98hI&QRD z?C_X1_mB3P01p~Ct{t2-8!cKV&4c>h=}zxBn!3k@<2H8I{;=?xwjbj)?Y`8BQ(AnC{y#{X%2E5ZeZq!do05bem z2RuS2_h`JWqei_6-vKoZ7+3B1w-RCpz_uFya|-3)CEKa(*IqSRtPo-c>)H?m^He`Q zZtP><0VS=|m#vfL$>~Xhy*fPHX^CE==~1)ZXl=2*L!6FXcG_x`pq-N%H4jh#aqt?x zzdUU<5ruqqPCz(3JvwO~9u#5b-!#yIsa}KHJB04T0~$8q>+twDgp2r~*`OZ3c@07( z)Bp?<;%bPI79g;GqLsu}0iP$@cqwU758B1$gh~_+BkqiE*%Ew#zxtg+)O`{TNiN=C zM4T(BZ*=14DRUr@UB%`4W3p#F8tiHm<6TXQBJ+efGFIHzV-ZOo!B@xeJGMvH&jvD*Oc=mh;+d~0%;q}}(SPWEs0Oo35K6=;C81^S~{cw%zfSe#0UX7d}JDhpA%x)8e zrKO9ZVY>XMa)t}kn_l=sx`GXn$?~JTu1dZbX0lfYSkV(4=&3~aqfy9C<;#bP@K=~S+F&gs<6JQLDz%L?ZToGaFh=-9l>^qou zISUMPhr=Gu7y-uGiT?au=yS$8+gih0vDmAkzPeIk8-+0v0*vi&CsWX2?(rw`LE%~P z54GKWhUbbb+F_b<9@*iNLLO|$Ko6HZ*<$!eP^YnMf-9#gX+y0Vm`ODwtY6}&Db7#S z*L0r4`68L!(MX%K`T+=*BRHAExgErLJgCo3;e+dY6L*A|mQ*)qtxp8CWX#lDAOIO1 ze=-IJ#LbL~BSymARxVDgSz+W~IO%7!U zQj}ax#$Er0YY)TZJhLqNDM#q9$;yq{yBN8yV5UWj7_E7|B%#upw>6R^F&#P34j*lJ zRHC2zI~z8_$skf^E(o%Brm~?_lC}8YnwR9q7W=>DC7IJpZj2eIsFeG>C6quEDkxL| z38hr17TQTs3w49wK58MT{+Cb-VL#?o3k{clU%p%h;nf|_u$pCy|93P)UCCj((=SDQ(5WtBVxH{weCBnY2aF)p@l=!x^+Z!-$q= z7%Gc?p8?G85iq}pU@m6>a~T118G^Z+0nA+l%$-IyZJnY?ZPgW$3Ld!yS%#Du5~re1 zsf4m@mEDIqTub)yB{WVN?EgC&CoA`QXpPhTnah{cICY~Mr|#F&I6dH^_#zr70r;E7 z>0vZZk+r5DQ@RPqlsU9ZxINxayF~Vp;xX*8>$BTM9vvT^98R@(-f6WoLWR~Y$5&Zw zf1}#3ZbbXl)wN&uPdxO-Z)aTEb`7mvcZ#x3LufIB^>kQx>x=2; zq_mZ!o6{XZv$Lpss_5oidFd*;u2j)=|3noXs)`I19i30-RME*ZNaliBRCJ~om$mqV ztLP*ZC8+3jgo-Z9bS$+K+)~fp(_BQYzbJ}8y7sV?tTl`(4W~haftHd7C~=Bd$fb{R zDVOAZOUptmv8Xr{DJ#j{#x+DzG!^X)e}~dd_y*4p6b}I75Mv$;G^spC@yF#R*n1?r zp#UVxnL(c6@Ij!_i4BW;6}N(`1HEplPl>Nq@%!pZ%spK{{^o4`pXQ*BWw?{Kz?by@ z4qrql209k^F_d%jx`u&)b~ZMn{JRj#a~}zD*6(h_yb9w~f>;q$lH5MxYxWM{t`_To z)vZxL)Q{oc{CEE2{eKSjosTZ+Rlb)0&q{UW*$VpqtUujYdAhc-PX0eD8{hnYzQ(`r zl!5k*H&|O;22Ok7T~_)Z^SNAocdz!UwY^Z_Uy8Zh;miMS)K6Nly}rvmS|~IRPIj8d z#djEsX5jWJ{`tQmFZ}+{@)Tu-_+#mL7JKp0y^TNYI~~hIFR(mCjbRX2y2m5GS)RLn z%frce&+Aw_7<4S76b#t%;$mzm4zlVXK!?xxs|m1hOk|30a=D$oy=}2-7YeP@-QDKf zVx`;b<#G!JcvswH3k5MxMTAnX7g^b7{3ZXxr&B8jUvZ0p8FqTTO;I+NixS6Z(sKh& z8{atRe<=T#i{*+?cTnZ6DZ~sZZs4(l zJU3$nf-8r=xEP@O=iyP~pw-%I9~_c~CSJbZ-OyY>@+m)3cSDt|&wufP# zzT+Uf1+7oD2Ap?djlolD#M%>lxso!>mwShAcAKr&@tX2Y@+eh_R6N$#Ed)|uPoW-o znFg_5Yn{Yv;nQT8^fr|wVQY!iTH6uWv%;je8cgw8*6|zE6^)1iicmbwKXu-QG8(Q#vh!rfA zj1(-JfD^2k9VG}TiV=j60U=P;h7YKn2_09Itq<@)tjC5BDq#={MGL178Y&Vd)o$9} z<0g8B@Z?P(Tu!i4y^SnhjW~K^C)v)kuOeXL3NC zC`>qbbCCd~({r7{WXS260O(KR6hSIWpX1B&S~{5E?v8noV!o_#SCl12_l?;t)7%t; zchlm=O*YlBLLOv>JeU!3H#6k!jF5+!ArEJS{Cj4|zt0HSt!AIX>a4I=v%_AU5q8IS zFE03!G9l3mZfj#BdSy;K6Y)olXJ$2o<95qrusg+k+SYB|gfQ0a485MyvUMI~)&%=i zn^kJ!NXfiuK1^G&gKRlBvquk_Rpqif@ZgpGH1y182AO93h=xUy?8B z(rG8QS9BwLMK@e7-P!hvzaw|N%nbQ*M#y)WA>Yji`8K-RZf&cro4^h;&F`Pb4!a5L zP<30lE_@k|cn|Jo8gI_k?FZ#kmcd(@Nz{@NS%mSxQm5k$uiOz?Fcm1Ztmrz5==J6i zDh-zkOY}zAizR_T+=R90)RS1&af8*3r&Juiw&8obbKXfSUj1=Z6^HLri?2Qpi?2RU zEq>nfZ!WyxiYlC6q=O!HF8s-epI|!c$;fbm@dlNmZ>ccXx^6&4;cwgRx@%P0BuP<} z&JQ-kFR?Vrvd*^CyY!1Gl_EsvU1u*FxSf$Z=9Y89v=a%|HX?eNFr+DqY_3u1eTpqC zpoGpx>(UZUko__(EtAp{PJgQU`GCD_zB)MFx4oj#zC1AW1d-RYtrtZh{v)v{E%@^R z^-@&O9$BmLV=0zS28|jtfKg)S-Z&_+u@4)(MZ#C+z z*G$PKtmoVTlVr!c_4U<_wW-0zLlX^mG#dD()y73+N$RMwtw0>fuW3nGhbf1s9K@xB1Y#C7GSic8)8Mvmo7QU=`i6>xQXj|uhE8;easdsi_*Ie^#QrA zdp^1BPWr=aYG7S;1n1pO>k4iCh_P;~FEBM}4aRSA!jvjFYwg}hhQ%HC%S-t8vKqqPHIx#;QX$6!EL?kx=pHeE~{3^E*Ig?Yx1 zum>I9gAVk7nuV{XE4D;1^o&aJ`HUXSEgf9F#qI$`oKe;HkpyF82@(f0fx}TA{b(sq z8Ne!T*>ZeoT`#D<7tz|s?5K4(@y>P<(rgvN?sLPU)fH@HYT2Kl=yNFg4{iKxGqxU! z(RAMu2c5#=yTM|J0!gOsO%K<#m_uIY;-WVRt_liUpQV+JU;^P9cS^UVyVAdl%FqV= z`MNIG;uPh#fGq;2S>z5^kd+gZ9DUL4y)FOgbG{j>OEx zD@=HeuP$J1anI7w(^qh8^vG$CbFxP%UY${u6?HG1!stab^qA|j$gn{0A|7Ny?JC?I zh$jRLb4Bu}VH6}{>crExnKc<~`DaxmjNJn32e>w}|Bln^Nuk)G&}ei(@q)qP7^8@| z*YIdC>B9kvTxlgNmAM|^j6C3NJwKow^2!If*1d&chzS$4!S}EN#Z&t}gd?)tnaL5c z3{baL$V?HRFi<{AVRG%rBur20ZqKHx{QslNHdEZ0odzZFP3wm8k`*Z_1-&6U`E*+n zs@sD(43R+YdcM<*6gTtABk5bY7$*%n?ua#bF&T8|Y;{9U)+h+Mxau5s=^<%2-R=k% z76x<-|50J2peyH^ii@0&MJ`R@X$qk^6rq8RH?n{ZW$gRrv@ZWlF$&atarBo6U@-PaE(dhwj@&4; zl=#n)b^`bJfuEK40vag72-}#UhQMTL)(+YyBP$qdituQ3G<}Br{t&e`#8c&LbvcHW zCJHAHnBu><_RQgGAG1SCT-W4|F)D6_@x-lA(g&sh%t7cBuieodDwm|vN(?XxiU-7~ zumjXN(SEe`i?slt{a|vy~wWux*7rd14-ufGhffS|kefU1kbH zDGQE56~&a9@atD@=Od*!L;l}&ogSw`5IKNQM;yN1q*dI4qIj~wG}SOyw%6sKQ7sB5 znE?=JK8EC|Jgj2#CYWQYV8YS6SGSjPoJ6XM&gwbCE1%&mrwjlXxR5Q&NhK)CcN?#=o{% zoXoRH33l>NO^A+FP{PqVmyp^Vm_l>B7;rA_s|ZRUS-Twv@4@J1$o3Cq#*k-_4ivCX zR~(YWSjz`78^9+)=yHW>0L z`O^Vm4iC6JILP6C4-$#b?>FfV5Jf9E6AQ`*gyX>SSsCC;!tmo9t8s9+-`Ka8{%n0J z&c_;u*F0EKP=BwbG=tn@fTurbW5skPb++m=yd zm@-g(aits^gt~9j!S50E9amXP8ca_uj(Oq+*SiLGig?U zGYkC%2(EnF^9DoMDFo}qqWp@^AHZfq<^z5&Ky41$6Zj*!N8dQWib;l-5aA&VU^J#X z*+bMesaNzoD9O$NEARD0JCniK>mgf*9Ss>8Y+0_diQ#H=2_F|KP#(8lFuKhOx~d%} z3_5v5_oi69NIinC+Li9QKAw{RLVzB1qylj`^10%k)L95jgvrW@(6iy?t<+Q^-uWq1 zn5Kw3JSULm5_EHiXOAK3;+`T)7k9S^EsuxmmfOMpwXR%1R{=JbB0Ev{y?Z3<9F6?3 z-|>5S>WZl;v$3f}m02V(EeAnrta~WI+&-{GI73GtVZrbjYW7hXYCIA8XIr3YBAheh z^7*~xG9r8wDgwjP+453ONFCeh|IiqsF|Ck<)#OqO$!G9?QiV(|VI?7r(S0gX2Fh`l zzRyj(VBYhWFp2pRiflQhXufi8(Dpm~wdeuHpK_aOk*LlYsAjl8jD^mF6f<#e$% zasYL@M>x63o4~(dx2sw;kkQIX%u8KoYKV^mQE$TvhzJ`CYm?5}j06qCPPmZ?d~=&q zM1M$&9IbK=4-Ojjlg3UuOD8qBO`b5Dqjr7>n>neSG};G^H@`G~YegHF?XE2Kw4h^m zWy`p>4_`&3Wxe?gvkn@fb;dxNu-087M!F<%21KSCTp>61vj~}e=cCXzqN)eA{ymiC z{n1B$gAj~y1JJr=UjN{XFJq$)Y&?DsdFUm8nhZYjZOdV>B7hAcU!}xcq%lT*YTVph zxiJ?Z&c`ZvP@z3Ya2XOVrJb8&+#<=iy>h!0oKJ@R_4!K0{*W59>$`!xb26`yaN$b1 z{-f&-)!?9m0&0nCU!h>n8C}9UANZ3?L*Gg5Icj1^`>K!=$Pp+VtuzYKk9uea0h7_6 zbguZY$5PYEc{6UC!mv>c5?PE?(iy06FHld2rZ+tLF?FZ!%lr>|M+}=0u`6(?o369G z?ky|hFEV)Q-fl&&1H(#OCK$Mv&e*%Al$}$IXu;O4+qP}nwzb>4ZQHhO+qP})wr$(? z-{;)qzTEr|_py>%Su2%FX4PC{jBokOXGZ@7Zf&5g5b!a1+SsFV|C~MOq0!|C+oU4i z*0(|TQ_6Ta*dq1%UQhP6fm%z;ty&dHacVWTIz5LSZ*bD_(Q=j6oFZyFA7U^MFeR+= z^@DF;&yE~n>1aXB0ye3;h)yTox=Ebtud}ziJ^MgiD{p3mmj1YlM2IlKGq{|8k-(3? zFDLZLi#KJKLg$DS3dypGXYD@|ZYmR*r8+wwS5m99x>AF^uMJ$u^tOxb5EI~VZRU^q zgo@2V728)3ZY=RgTGU~Su<|g>$j6{EKWj~tnCy#HKDRm8Qh_}xN=JyDH=Ug81W+AL z5gVbmf7>3LWk2gBdKC@W!~Z^so^G#y&F1`ykTP>U{ZjyKBum){2PpTPQc4D;WJu!S z>t{y^Pnbrf*ZFH6l67FYbircYNFzd5DDalCErGVbvGA4lqU8_?-z9%Nk78c3^kj~a zKr2Vm4%sQz+#KCHT7?JBOHdS@s*<+=1HX;6%SD(>#Rb5?9?*NSd$s8lS zb-p^8AEY0>XvaUpy9nmI|C}w;bvYTS>AUM}u#XB!|9UGA8O zzRf;t|3w{Gspcq7!IGmd{W4JN7lc#UB3JEpC!`^fUU3laB)pO>w&^+@1vz-{jwqQ* zD9QH*(5)2CP;7(NvqJ_zHRc~Y3-xe<5ymMv-lZSAqR$esF)v>qt*O%D)3J;F=e9zMd;mFj%`p{O;CO= zdLUw%B@E<})VE_fTqH7*VFXh}bPvzCePRsYuuqWJndB@J!!N{}UE~^*4wUAxc(fF=F3$-^+3-N-^iRl2 zBz;>knHB8PjH98b#eH}0;!4k|44d$Qp}v{rozc;1x7H@^d8?TAt=4<##aX26%>Xrc zQBI?|2J1t!4ivQ!tY@PQpKSd46+=0LVIiBr?|2LEA-1W&I)M;*G2y>8b3Pj74c;fq z7s916ufKP>!oGHBqJmY$B!c@>@{4>AU3V$4&3tjCNC;lfCOUlUzV;^jD@xae9I3{p zmiNoEhqQ7`Q#s-u%6MJ!ebp`5us_b$hQ`Lh=rKZZ&d{5EG+6_RMpDv~KIknZ6Uk-X zEW*?(_e!*LFp95h2Ca_DAJ#W@Erwh2QMBiWx3|U*ODrn)<4ZMRZOB-Io@mo(`o;0* zFxJoZzA+DiPST{B`aWma2GRzSaN8X{rJLK>^M60(IggHg-lv{VDA?@$#e+25$ATY; zxUEbdD3akui4QE+3^38|7jyL+r8r;@z=~YRr|A@g0l91CQSBTjinJ-MgvVO*f&Nmy zC0JlX71=rFcCpa~_TUu;g$ zQLZBr7K|Q^!oFq#3E*GRi}k)xFoYPo%n##KlzPFA5?Oh9oePTI?W084EAKSrN+ikm z=60zxZ>Ng}kG^LUKb6<2i zJRR)52#VlZs*U+?sM|$+#9i^;F3bP5AEnu%z{!&blH}&wV4JWp>5%BnSTNYJe zUmC1jsH`fSC8S#tVH(0Iz$*yUTn%ns3jhE`uB}Ks`;@y-I_Z578#eCQ4I>0&;G-;c zwq7Q+fo+PHGRmptR>ZjpVn{cv3ga^TuRn@Tgkg%BX7#DZgh{z1+GNbpr74S<&OCNZ zp?o@eTybw}J>kN?rL&^dfO*k305_uENAxz89N%yiA!Wj05%~+EI;oGmBRXK{2pdLT zW#qs`OsNI7dsW^x0U^07|3ge_W{iflW4L7Fcpb?K(a-D)PgWWfa-Uek$s4H-`t2~~ zzXpylj#?A+*FsLm^ACm+nS#UxM$vWJkwIyagb8^t?q!Cqi%rIO ztQB!_iUNS_BW5D`b%{j9A_Ss><~|W^l=~T{1eARaN&2BhwPk0`h^T+8wx)zEgx*E5 z!19gktIBcpHvEZ?vbT$plIIpHWLj&rwuhmg>P5|>!-yCaqahpF?v*~hF80cX2CPpC z5xMi$C`o`uv$(XTwE`^}>C|A(LgfK`=>_oMYYMn6DO?>M8a~F;c8aA^^3VLPi!F8u z*HFxvrz==yl!vQ@>SxAdN-)dTt81MG@gotJa7;9f?wg%`Xd?{Y_Bd}RQS0cZt*Fa=p4-9 zmIs*yVT2pCUl96R%0$VEiD?13%N7E^pl-RfTQQ-O%sS0u{U@|?&o*g;r%9+akh8KF z_a^NZy;y&R0iX*8hEo@r<0yQB#i+RnwhtuSdls0)R$33i@8F@k>>{gq3<4cdX0rx* z=BF8=#Lqa%;6W6R%iy03jpi;Q0!-`*Gf;gRH@|mKB;EpmKSz9Z%4R(*|-g8i5bHw zEkmb=@y*_*!Z6ST*Z2bMjOpLz9=Gu|!j6Xde318->s{xExefA}XKd3?w#{*0F$qzS z0iXUpF)|%lY%7U$J_w1Lg%N&!>vXguIZ+rz|7Z`Y{qrm5m}cO+bp9iUaJ-hJ)qTvOB^6)vS_*0Ms;u8ZYS&b$>8tjM%t%(4-+EKNB0|;>?=K zO-`q81p#zikIAVyHEPaopW(>ISkUhoP$LUn@ueKw6K}=M@7WgE<^_4Xn-(j| zxIPHp32rEN7I%qghZJo%0sRP#l*HHqK-0!eHega)7d_!Mv;cj7X@&# zmcy{v7)USt~KpM#y zJ?~nnXjyycYvPO>DHmVR!DSH7-cXBS^ue1)OcTRIb{KNtmAS|)!@>z31)><%U(8JyawuPQwu7v--OAJgrclsYL8VQA%i=qvI&Auu}zjYgTYdI|?Tzz@5j)a>rf5PmMl6`wP%%Lz1|~C93P*3CYR)m~ zy_48*01NswC2BDSmTR!EGkEIL9h+(zOJXAq6G(?9a||G-;SSW|Q-cqYECbm*V$m3> zOSNjlRb0st5eNnZ-B_8?evCS%?Zh1vjQw}|0?Z$~660?`Y}4lv|BX(03&iwM=S%om zB*p0bp@Niv3xg_+P*|cEqFbvk-i?;=uMX{mrl9$1rGZFfMpU^~F(C$obrKKWK+Hsa zp6rvMm~VQgln5BL!#=ikzaODH@`ji}cNL;UzA2Yv=;VmurMh)TwL(Ib)j1;?RWPiD z{A{Rn+w`G?$X~SIV6<u)a3avtG{=w_)+4vWbW6jJzk* zhqATrXo?e3m74INIm{5uL)nb-{b^~?_wKB_-6(?D>g;&Cq{ z#7$GQ=rkohXBOG`ZiGgUJb`dcXG%)$%Q;jr}N^nC|oVH>1hWPOtTsA4IkW@?>WmUx#20JRDY!~(? z970-YDI8TSlU-&r@DG=7#)s3Tcx>E49lC)u3Hy|}lPXv#6w3Rm{VDUU|Fr$E+wQNT zLAAYgzVEHB<=0ey`>#5*xs>|Ca>;q}r{&J-OY^(6_U?vpfh_Ak_$(2J#W!3>GQ-?Q zscS~hxjS&JmAMjxzw{2bvyN32V8_!1br!rjJqleb`6rWP7USXHkr<*peRc*>jg* zdnVJsA9tK=T9xyd#Pm)2lIcoK6QLq9$?V-1o9kL}qr#ukW_W?JGk$ub~gMTvNM$3K7pUUql8*e#7r>K9PotH&pES8ba1 z@jNAnkA~L9Sbn4oc$BMrwYfVPP?Kob_S!7EV2vsZ@eRnLI67&HoPpkD=Z&;@td}^= zw+9X$e68zn<1Cw8pSJ0L^I2tMz>8!r1e#U>?ApBpP!4oUVhdPTlZJw`-3p8WR9H*bM&|cn_O+$2BEUd$z=0{?$uhd{VFzX++h!^n+f;f(O&# zydRHn%Es4@Ta|Bu+T&lN91N}$TA&>2>(0@BC@nJ7BKg+-z(5=#ZT>D+!h&MFHbow^ zFeDwm*Zavp!1C>VsoWd9re*=(Qo#PcKXzU%0GqV&M%F2(vQ_FJP3P)_uSyC)%4JEo z9mcY3p>x9m4;>X*mN<7nH?o@JXtQA&do(u%o${nPC<(Z&{*!RjhqD-EY@IpZR&a<%8C}N7X)6vx~PN_E%yA@Er(8UUM+% z9hB=`a3c60h|9Z*Ai>v)+t6kJ_FM8Hn9p4=L0HWyPeZ%kLq}o0;vM_&rmSJBOGhX+ zYRNcB!USMzei5`<^-~9+23L|ZJovAvEH{F9DM%H(fw-sX3feTG(_<=n+vve zcC%40Ed-ria{aN)PdcT)7gP2$MLasM@;w`~_M zXH7WRP)+cDVg*$F8&=KMemit0Ww6 zp54vCNrXQ(=G605$1Akdc4t1Y)%L8jN?_+Sd^_n~)K-D z16~Em9R53OY9o=qOQ~2N^a}OM%QE|lwbCEalziI*<`BDN+sO!iW$sSWB98Ayk?sqb zMXJ4}=1qiur9V{P2lNRx1-I4#`tI2^h-6DZ_NF2CfF`eq{?d5xlUhK(!~V9!X^oE> zjMvm1nwYp-%P~CD#rhZE2KoIZ3g;>$8~V8snZ*HkKiUW{w!fSF{mV6w2I!0kK=}Rc{nhGJ#MrthAD9!-M{@c7R8^ixoSV@1Cn8rZ zZa>U{(obwFO4!X2oj&}}X;jQle`SlfG=bP#=Kq-tsiRm;0??34Ry_&3w% z_QcSXBzHjd+lpy6XFe9a-O-kyN$GO~x+Zbf2~kUY?~#XGUhYlqt%f-($aXi>>)I04 z>+kzIuG5#oYsimJJan@z{m}2@haZMl?XQqGUgfF>zq_`XJa@Jgo%3b+s_9K158sl% zJ%)6#I&MT1mg$ppJB)DrX1^RC?b&$D&TU=Jjs5yXcP$vdPLc6s7B0pI}4AQ4=N3b>lA_>CoSGd_PL zS3oMhL(QiP(HKv>(8c_pk_rD{6IZ2PQ3~xwi{g#|s&CVY+n;l073~cz?XAsKy;OYg z>B9h4n@}r3$=s{KLgd|;wrB$Zn<#$AUchhX*o=wmT?hnD-Q6@7c1-)TDTH>HV-{wb)B>no?HpFFRo(OV2_7!Hh2b?qaz)zdk)XF#>)1Wy>>4D`vTe|{>-BVCL<@01U3$8F;j(By0uO8Yy z{U}6W@%04U(qNJfFmeSfP8{}kzfz<@DmHbI877qY9Ut663L-?FHHyc|lD<`U0Kl!}g*>p5WpYq>D&xGf#> zime1t+_!s2=+plEVXFQg<%=iN`eUDt)O|Hs5ih(#1#S>`qrwP!dG~hF4E4f z3*yg^aIe-cME4NP>E<3HqN8;i!}<$F#6x}yN$xZQsMp}t=v{~%B~pLT;I&JgQXp?y zK?+W$)lHoQqh)+i3k;%te9pdbn}^3bm`PUFXHBLJF6!DLz({^Q1B8JV=;sF_zS{@| zQh|?sfK*IaUO`5T04myT_>u5j*Wxfi< z3X^#}RoP|9o|^&2LqU81$|$n}F{Ldu!P}VPa>d;YYJ;PA*aYxz=IKjsv-2R4if%yo zxm8)6;ubruV48^bXk^;GIC0{Py*fluLzPK2C4TZ24Y36?KZ@)8tpm%$g`;e|gB@XB zWD7k)xo`^|j%x23ns~8x3mu6H_y!jEDeMK5C^_^cn7AqZ1?=GY2446~=>{6Ix&9@D z(5d|;Brs$50|;`d|0TGHWgbzWU8;27_SovhHMR?y3osrQ(QfYxISzGi2JX`pSm$k9A}LNasm01aB?sL zZB@mMYn$6onosWJ=N*ap39v$H5FJI)SL5^6`W(;VoaSF~`(-g5mvP5SDQ)NWN=_Fy z`>W+-PRs{FWl0$YS9PQxuP!&vDZMy)RR9qMaioxTT$CUpd{ZI%wqH{Aw+Y?KrXXfU z?vZ5G5)9-^Ml~@L1qf%FW+wXGay&kDlY@q}G-^#$V2f{V+Xnva>E2ol-iSSxEP##< zPT8>e5VF&tFBL9$Hv+iKh|;FFV#Xpn!4W;tDL=;9?KB#i%JxHFMy{|oec%FMieCvk(7ivYt~A!Nm#{zLGl}N}*_mTCE!x~6jhh2N1@f{vm#-zK_HISA z@ODN8C^@E}Drjh%-*#RrJ-0SXXSsdoN9bEl>t1=z!e@qM+!1LIBn;hfAqNs|q=k;HhVFpdK~vKR`I;wQR^nBtU3lA5;){%A%$i~`0B>xp<% z>uMwhzGHRK3x|L5j>ITRozt5v4PwL&6|6x3U)#cDAt=X1~88E zdS7~~9RQ}ir6A@s&w@lC_FY7s6PCOr3X4lyaovJd*ptx}-|blhPb2BAS57jE+hT12 z;{KPQeYI0+doexn**+b8_O|5W8dM)OT8QxFm;vqRD;Fzr0BS$4(`uJ++_wYFmk?!q zT3GwCErb>q2w^rZIdt^yJ>KUaNrF&S2iCc=5ik0dhdF4xy8?=qhBje0jpSGDITy}dKfZtJLg7HV=;-zZ zQPTAiC+pFHx~=6je5-KO$Nc|%Fh|K7&>p!m?}t#n;aZuWCfhW_KbA69s8e3-92^CN z{C+kSIH5j3@!{7H1~}{G=DLBI$g!M6$y)2U*2ew-vDZ==h)AOk0)cDcAoh1??Ni;ZvutvCr=3f(M_cO86XEG3JvjH{6G5qZpZaI?m~Qjv;Cmg^pc4OohbS znFjVLP|8N$g~}tjE|$gxcECVM>_W9y-lU$Go_RP02P;pQzLs~}{vCSJ?|C~DhJSdV z4jkTjV{j^R5;79I|KABaniswgL-N#sXE!N zb#(f)*KfOTMH-~mRd!S-B4Ei0pT(tK^?;cIi@PU8l3A1~vq$ERoqUNhJ=7D;LU)>V znj!0$)e~Mv>MSj_*urO6n7_~{`7|<;)F!P!tZ^jasbFRPSi4d%HL<#0@PV`7{WFHT zNwOuPu}sM*~j_WP7&TIr|4>m1R8oL$_O%T-Y&^NtIh0UL` zOeMDxVfOZUzN;*9_~MQ;sM$41DAnU4hDYWP#h^S#s1df~2DoOt18Uex-_U?&2W+tg z+FKCKuwEGx+0>cUiIO&dWssFO-miZ^%eC=asCmB8U47hcXVu2;dMmImuq{!3EDzSk z*GC$ge>BQfa%*aRB7dG(zx5GT7<5!iB@kQ3PotF#XiX36RDEWyK7gN<0D9?kC7|Jb zo!*#BF#Ba*lrfb;{&A=<4M#xfh;k|j%x8c&`JkKJy&i62=jHQcd>K|O6fbgUkT&eX z1FOP{e>a0u16@#7enI!HJlM`w1IN&7$I2*|{bJH=BWiv(F#~9eewCaJIx+eiDxmZ9 zmu2e8C56)+h7Kv-EHo+_gs5%OD9iEEfQ{f_cFw`moFzdy_iR-N<{B=Btt%1D#?3-u z9W#!=Dlw*E)rIT7?2&k-P{tWItyjJhb}&Hp|FG49&dmO6Xh+atO!CF)UQ}iSS$m`I z4aE}y=BFW9zipr5xBai7y>1R-Swb?+|0n^Rup=l+`GldH=^zXkD;SLD5dp#fqFdlC zs_fKMIX=h@riBm3T_TE@q|F}1pU7_HDvouJ@f+S0p79<@LDMty}H0bJ=j|pi2cA4tiM%=;lBgkLfC}KG%o7AMRnw3YHFe5uKK}s(aBK z`yRxO@T6^fy3UZ(Qz@}1jE2ty8-H7jKDcNxeg~(I0d$NINJDU?w}dO$EdVAePm4o+uJhy^ldgh|HhkNnDe? z7;*-I&|2!%Az+~joIa4D=U*0-~on(bS^Iq#wsCWtteP5&y?58b?vGM` zx<%vv`FyqgdC+8;wGYDo3B(_Log0Wn{^S^r)xA4__30Xp-MKyR zB}D-D%{~wZ=V!QDDu~2Kf3*+CPePp-jP>0c75_Zl6W0a8+@;S=Fx?xyd1V}k1>hff zW$cf&{A}xw)%SOJiK{Q zz4@4q!G$4XWbetS!O@1yfU-!%=m)F^Acd+s==peFD-?dt zRjWQ+wuI4$MXaLKWf3I?`$I@W(HX&5!6@`3=5bL8V2G+$1r+tyuO5tHdG`&=1wyY1 zFpBkec(k0iiIt=o=x{-#KgyM)9olfQ>PgWFXS|Ys`G1D;F2H&=pTQ=N*ipUEFa~n# zEl69BprdCUW!Qp*PN6-Fp?BKI;VG9? z6p}40Oki0TAEh4Mi)!es$v5O#y{IMJlbGYUQDQhVErmFED6WSkAtwQJNyJHYy=zEk zMWjNT+>{}vTSWZ>84wRvl;)H7g*1p)~0U} z4=_!cP2KeIzAf`Do+3bqPZjG z-^+*leU9>4X?~k48`_%!#NX_aRzE!W$#2qv6MlJRtrC6sW&tMvC5pVkLGkL~~bzt1KgV~9R)I)E6HktsbT4N;UKHmChxGAM9gk}LY zxA~t`+e(q;K*=;kb-3b!=aFAS7zL(a8q?W$Z$ElkMk0E>Q)hx{scg8Ya4eX1H zl>;pvY3UGEa>OM>_wMIY6_j}K3n93oM2E|I5z6loBh_C|l`-E*((B|3%#=UGf%JPK z7w*@>kSWM#l=+5y)?CE@Ioxd+t%>I#=IcX+llW+A=YiRlbSUqOr z-O{yhW!hzV2iXIEb#-m^{@2Y&W9iPdZ?EikDMJFj+$+ciVAzFg5@5tapaj5Q9jZnw z6v0aQPyMNB~oSsmn*T_j>(`RHh0dQ4Uh`6yiWJMI7}W zSk<@y5>`k9s8gMEYvnyJ_iIkzyw2$HbC33M3+DzN>qtL5PMWFQJ#EX*_Kj6bR;Z8W z_d9*eKq}y|%ao%(G+!JXJPPm;@|`?C{CJ1)WSuuoVm*`UR0sWl%SU}u`-HL-9k$92 zUr%h3MZt|~KRcG-bIb?e!}>xT&l<5&3HGpeXP{3{y(@bGcjzfYRnHz~533vVK~1nI$l2=@=UVN{|S5wr2K6gpga0&+dM zoxpf(_Kf^QK|yH#05ti_I2aL6N7jnvQ|LS^~tAqO9)7R>} zET;X-{Fr$da#4w&^4at;KXeD<@@W9r7J=0>OF;&X>Y?YEX+)kcF~fp|lZqF(J3lVd ziyPM$%uLVz7B#+BVU*_{fcSfV;X|cqd-}G_MD|wvu-j=NW-D94YVW{;MG}}q-@?Vq z0UR@px)pbKMr1kZe-dJgNidipv+%2sDFTb@uBuisF|%d~=TjO1*wLo3=8l}711m_c z=?#;o8~Ru7PjX#6GBI8JzBD){v4({c$Hz!!4sCL!0rtQ=L}mYgEi=5= zcStj$tBzH4YH!r=0&G5K{LU$5C1>EF=~y#5ae;XHVfSnT%qmA-Pyfi9a$Kz>IUkg( z7zP$?LV~am*h-`^9O)X|g1H1@3b=tJnUZ#vw7EH3w@+jzQ4?mQc@w*^+lI7ld|`XG z)BYNWX=jk5)9zDMvnNPUmcXN+Xck`pgKB1NrSPICfs0 zPHGnFqfT`HP@_b_%4Ec1YH)zX4o7?8HOOD!J z5jdZ+ddP-$GSQ4ywH6l#kA>0W;9_ujEQyF-F4OZF?vA!1=aa5_dmD~tgS+akYkTYn z?irL7F=aOyxFDW1WDVBBSOl@viZf*cH`+Q`&s9J;Qf4Qdv5~E zXUi8-E+#`9wi~3WeSwEdg@udu?7Iq{3}uW6BIV@WJ{z1ks-u9dHWVgI z%VqeNXRIe=DZTlC?x%I^H{gghn(9r;@dk@T0c~zz`nCez^j}8+x{>3?3x7u&AvOF` zE3_}hY_33N?ilqGt=EB1c2g)uaob%$T?_m6;Ve56UrUR_X;kE7elTGH`APpOw&Q|P zf*Au2R|AKWPLNIEFl~qoP(7I4JP73InHP+QtQ}}6Kl;HwumkR58do->dqlii5S*SN zPe;EJ%dn8qU|8oj2!cWhhK!qJ$h@NbSbto{M&y8VD;CYq!`1!0!8Hutt=%8%bFw5g zA5{*|7rLM8teWuTHI$gS+Qp9{g+VOca6s>|pgH&#U+ahuY6+JHcT@0qv zJoEv~8)XCO!f&?NOo`3|>as&KIJ`_w#MR!bMC$g(!hq=Xn+WS1d0^q)+pXqNiPC9? z58U~LM^dNN(1=C|<)wBZ10fqSlxH<0aYcdJxV^NiR-fv`mVj$RJ5TskqL6%b8Wp#g z#JiTngHDfq*_qBvU51X_8A8}rdhkS-T4?$`_mht3OCg>KWaZ?h$3mI&;B=Cy$&Tf>d=c0p0s7fZ0RDnDv5( zte1nV*SeCW%|oG``E^Fl-j$fv?D)I3sr>uY&rugsmbr8R=(b*MQanCMS zBAwk-YYO8YXw5|amf^l82X0T#FkC9K9$QyW-U4dab-2*R#;uF_7-q%jpENRa`?ya+L#BS7`)~^R& zXY#Lnl?Wve)P3DncIQ(GI2=A7=50V!L!l>Frw-Ec>#JsB(Gqnw?$vNPe`O;?ip7u4zTqZ)LADu<%S zLgpUg1G)9icPB>yHYhVn0G6X?xBEOl{B6z_TXc~f5FQxb&v=o64gXl`o%@WN>VlUt zR{AX1Zdr#^`&jA+q}b_^LhilSnHePUsrUOn{G`2F2xIg*bbjj|1kEWnG?A(K$f;ai zfnHH!fa*W`r4P^$xQEeRm&twvp;B6ZdPqvpXv0N(p{ACS6}8C_6A<^?|Ms>i#)W?8 z0e7BZ1Qz6LF17gJtX1OnrOO-fC7nbku2bI$n8{5pu$0T~i=%bwXsZ^e#cdfVMNK1cC)|@Bkux+~VI` zszYMu2LC(W5h#=(J4s5E*u0Fh#LliW5~EsGG+JnSNt_-C;0{;H-qN2o;+7S}asH1D zo4rvsG^)DJoTH-YH|&^DHUt7&AF3YF6<~T)xNYF5ng%8 z^@#Kdx5vJayczH=je{_zg`ehD4bRs2htX$#KoeE)>|=cX{$+=LKi2E^iywUeCG_Z~ zcgFW$I5hG=YFhX6gz%?hlPb4)(I(wqQ#q{E)O35SZwO2301n6vcJ>^AT)4=eq?GaD z-#ql#@{A#tS$QV5*c2a8)r=B#Gf7aiars0>T;RA|f=?+5lOvH?N)DjgoF-AZb+x)J z!jh*(g?J0Vi-Y+LiX78Q{vUZ`etOrfi=%#!7=AzBM;cA7?~?%s*GSr*L|R_;YdVX* z%{hvdk;YIAPtC#g=g^oz%siTR!dAbxouNe1=F_SNQgYu2*Kt&?yi zjGL*{G=WRu<+Z_vmvpX}(l@ecCieJ05H1u6O%_wF<_j(0*#Lb1c8zwQ^o5xD-meAq>tQoLAI$O@X)mrN2zFosciL3at} z+H{q5-rj;a*o9h@OZQxzDF*Q&DQCYD%N&Mn?XrQzxK4OzgPoLzFI29!x>%Dn#L-Bi zgZE05qxu#|5DEQBo^}x6nx%>yUB3~S}a()9F7n{lwyyMVs^fwWyGa~3og z+$Ff<9)XM-@A4>GQLEd3uU4e&gYsvFdkbr;~S`s%Hz``acq4Y+FVaPa5`=p{fzmTl@U z43vY#Aa{a;%jd~nMx6jNB)NZ6OS+m&o6V!K)Hr!TZF&~RR`HO zNKi()$bnDOO%9*BSoBkihSq0x=1~nf#E-RHDc5mt3oNO&pkdb8 zT8Jc++_WbR)!~%S;-@_aLWk7j|Ll7N;!IRPUW-sTXSd|wpu4)OM7uazH|%E|a)wdo zFxa`9K!}OK)4suUiLJq)&A@Y-jfj`+!y}55cmgk87-Wtyj<{jZFr?XBQh0r|gQrs_o4;Ew`k;wSdXa60sjgrQ zTYsbcN+6Dcr3*@C;cEt974y3&I|43tXJ912w+m@K(Drb1cI5)-SAr^Eh6vP91__QP=n!y;#jlQ;_B~lcWeV42b{YB zO+wy`CEk3n4hdGMud%A_F&2xQINh!RsTPZW4KmbKV1w$7QTtiOPxapP%z%OsiS-tu zTudcbN|Pd^4JD-lW%yFWw1(cbj$(bHgqDaJUlI-E-rdk)SqiV0b`CEYOyPZBZGY&@ zr}7xCkwp3?7)yd6I!J=BZ&Ddw=Y^KPD{jHkAu;C4qfR>S?xRL#sO+Y0;D$*6x*|X8 zLdVFGwR&u{0w0@Mn*rY3-LkD#z(MV(v4FU&@fU?LZ%ik1iMF}Ts;D=OjK^LEnH%i^ zLYTbfANlnFlPLP-$L^LMV`-M3=|%wFmM^%66MTSokP5C(Ey>6z=;9{vnU1tk>a5^J zP%sAD;U8!;x0zBpHduvAL5~E);+H+3Sef%yrDtO7J-+?F_s0f*jg9|Ik44Yz>lGSK znWhc%d*6RkIkIsp`pfm*=Wkx@4@81`cMaf5a?>Hy;KPbvKRuhoki*8E_{oRGLccyE z3q1O}L=c>v#FHJ7jIU+b;lLev3 z!$qn)2dC;A4Gs2b~gCAd3WJGoc&iDEgtVxjSp%8LX&;s*377!j9@x+~Txe93( z2pF#A9vS`FGwV4ae?}TXcg3Y$K9NtQigAiO4Gs*>!J&HL2FO2ma5PYsK&%a?5am?89Gvsu)ZL}r zgC%Pd9Q{ZKb^0w*Car#DtVBg6c}lp1Yz@G(vqwoO+lzZLJtlW2d7i+8MLEjrj5r3dfleH4m z8N}y{-vg!8e7b%fZ%xcvD5gK`Fyq}!9^I^CN}@oudnD0e?)Lf9Hm==|=<|(sk7bzj zPx2{{7_8_|!(nGB{NdlYBmDt;mkZW@TnQfpz{QHK=s~rSn?Bt*sc)5JA(RB>;kn(Wi;eOlHVyt5BaxCVM#L8D??%mPvbN(DBzQ ztJfQXs~iqktA5B1hwh+-;UGpBdlL8xNjl|o=mv^6cr|nZN0IV{>x?IODM|7FJ+2yT zVU+Bc*8^jbM;u(9`#0BX_16vVSW!5;xpGzXea#e-`-xDk_a(-6)lR2PkK6cEbA%?F z47>=h3#CJnqEy3qUNhX51QzhC ziofpGVP!cn!71cFfX=02>M9A>1{AdI@Aq6h*)7=5aGiDTE^oZS6555ruRfspM*bMy z2(iUjTUH_+X5hc(MbpIc5LUPoNhZp zN4|*nvNBjaq+9}p{YI-*d(|khUu(ydK|#bjAv!JP9zS|?c6fSnbb3<8WO(Q%U8`fo za_h8Shq~I6-CA?+^tkcnx9jj0-lv;LzBfxirD86;5KOmxwXJEU+pOXl7bszkHk`+-ISAYl zw+;}<5pgmK)gp5)#sZH$2Uy_}=kTF_E#^2uAcfT;oR%+qau)>Taw8GPqYI0?>QNqR zu)bCX zNn-k4Ws}9K{Sd3RU@5gpmPD*T`a#~~clmbdmr7qY?EmPD*~?-u?6r||^^HlGB5tS-=$ zCM;W28GXxvaPZ>`(YRvd)S(y)TAgs8e`mz4VS(^)J!lKdyC5P467w$y-oG(t6o=FT zGIZ`x7~rmABff1bvu$6nGe=(EPcWP*nRkopFy&2#K@*ECbZq?1;tV_0c&iDFGsbn|o)vbU!{SV5UbaIRn3KJj z3`Sie>Ba{cS&%`JI^E`HGynGkTj3rkHT zr@nLR^(TFdpL>b%Dle3!H>u*4Ga|y?Z@uCifNp|jsjbW0ctRD&`rr;^0OuB6p)oi- zG8JSufV}OM9KV(pSD*RX%lZx(Q}OdC4~HTB+WSG*54!)l91g{?m9!^2|NZLdNaQr+ z-clIg3jHr9L%f|GkMBSz?ZRU3PDmb9k#0N+Q`Hfm3b+VSK0q*!4Tei~N=M(;$XapB#fXDK3hoTDCsg0f0aeE18e zeTCCgGPTB3wXY|mu8vs|$x<1{pSy$#!30&u2foNwD|p#7vZ;uAdol!>M~RN5&q2A0 zR>TVE4V***-{sclNduQ5;rZx7RRC85Xw>t@8~k{?j2nMAOeCHFsi#~fOiwyU1OfNR z8l%0asLye^flwz%7{b^&BxrUyLQr^vKY)>X7&%vt_6??@EFr~pTtjUe6$D(sDxa=!7FRc(ek{siH2KXthUOkG2HZYiI2nvLmG2n2(joT% zC<4gH#Vc3}hAL6n>q*BIaY2h=cxC>(P4>L{<0>n_wtR51y!y-X+oNI{-D7E;0Gz&e z>G**@@ilyO*b<28a$7z{0yN7EP&W!NKN+A?pE{5LZrpIFDtE18j8(%J_Ggy<4%{&+ z_<>-ht{=Y2upaQW>x=|JcSp`8YOh&kfO*_-_En5!AYUD0}qqnh1+sE-iFOME%Aa)EYu+X8oWVb)r(~lgdL#bE~XyJgm?I za=_6S(>9eKpFUlAuJynVE>!C~qY8Tsdmd|i{ODq9>(Rm0z#K> zmSE-IQH1FvAmM|4Ww=ybDkkob7InNJcY0ymQzZ^;Wp#aJMXPidKn?VU==dAgPw5*x zTCc25ZltBaN4`?GKU@MyFtkhpxs@%u+&uKl$>BNmTdpRL2pAP$=9De(ZUSiNotH< zkHAy=Xo-0p8vi?e5G;UUVmQYxPayB~LYZFPIVc0pE4Q!C1Eh|qgf11pP=`a;83_rR z1Xjcx9#`ZRO1>#npS`DG}<4;~UYM5WX(CuAx29+z)_-VI`dP7?Kc-zbajkQ~i zyzOTww;#&Z0q5x zVBGb5d?jO#mmJy2hl>K#h86c}|NC3}@VI?&_(pnU8afLK$icOZ!lJ_)hj*ZKQwh~5FoQh2 zRxo83;ATLH<|2)R11Fr|oA_w7@&b3VTsV4#y%0nS5TjfO#ORCYT{@&_NgbBfDFaqA zv}j2aT5`P=tqPy)*bnv9qy|B=?RIC_n*{h@4%6g}KnSbn8Jz{_3bFvFtm2lcMlUV~ z{-|3hvOjnp&+YZqt16sTIvz@XMp;E^<>PIs zzV^3-vuOdLa=G)5(7_J)dvMq1FH3pqW4>6F=5HoI#eTLlx1A73fpH*h1tnTPWL6Ra zEU#{_)AIoi@86cpScgKO5*&vU5D}miy7T~C$-HwM+2XQyEBE=m2&oV^eL^9^e*N=@ zy8rpCi;bG}T&OI|(p%Kz7Ax9rp<{0L8aMt&Xl-@7pq__^uiFTUi)=wVaoxrc2=7;8 z@5PLNg3~=)Sc}+7(PV8(WijnSJch}I1L7OMu3A`At~V5rdSr>672gV@w-frS46%3Y zHD}&mmCFcUHr%XFzn(FJoQ6B2@w|;xnEJBKWBjTz;f4)@or<6uc|ut_w{!LYyyvdc zH5yRzJ>TiJL0oS8gM93@02zB62s24d6iw{;{O7$41zFs&BuFz`F>GD`ok^ah;c_Yn_G2kwa*aVUc z#yW6-k(arF^qz%i6ir)kDf<1;^B~4yf(@?ua5cb5-Liv50C{ahR%F5-+9y1z{Ko&{r%F~NzJv!#Js8C8f(~1HylIa<}-0QX7y&E`vuS524ZH&kJ&S>Fu;(~Om?loB2%RT=oU8gvFNN)Ba)2{B2J z%3Dkv=9!#WX}*QNlb#aE80H1(s*%({-Bg?-EF0cMd-I}S?)dgu(BDo0fOC@kR+}5e zB>3uO`l>RPsUYJ7qZN(B75(Sq%qPwqs9&5zz_30I{Gv@tvQ!b;?G%|RQ_}(^(|RB= zmkc1eKM^rb>sDOhmLltl=;G~q`>=3!QhP>G^$dXJ{IhA})Uxx$$6 zzt)ZmnhS~I4p6=X$DiV?<%PlF0y%`JlS}ke*8hlMujE@YQSKT)c>#>1H@~I6-Bce? z0$|l)a#h34Hyi#bHvHer?``JyIyt49;71GoX=eCI3m|8NCH#su`S&urkKi@k_C7ub zkta4A{AdwnhaYV@UNXsGb_R}WHJatgh$c^NSOsrCtz-~0tc7`a)if>)x#6Bjp%ex( z#bJ0}8~2W28BJ_>ZOp7d!SFqvH_hY8*yYKj+%+m9#bFl=U`zOP)EC@cJ(u0ZXJ!$x zIqE8m*HzQ932;%lkJ|8BpiRXuFugj$;89_6=c?}JjLp&1NXdesFN#eOSR=!T6 zMBf{Pl7SO`J&(kH)d7(RGxjH)E3Iles2?_vCq!Y)+qQWHeYOz3e{UwO3SaPvGSgHc zj5oDopr{WE_4;BcGzbxqeIOBWk+%O27*&;(|FtM1Mo$K4Zy?Sc&SFVe~Xby-zyxs`4Nu0Fh@7x(F)LDhp3%W?k#m)G0 zWn<9gFBN`uz}xgH412rZD(@V<o#fSqPUq=Bg2CMM*vjB{MQbGk}r~gkJ(!`vwyu zN-pU2qR5x2X)PzFy&amC`r%GPM)9AM|Cvls7%Y;-;CMXp&e71il5#q-bVN+8$qug2 zMA8opBK6D`sI?x4A%vm-CXCbD4p}N4v7x$3>`#B)+d& zCpzo!^y{*obV9)7CrHtfvXw-}t*A1PG)J(mk5N*69#*x3heP^0;LAG-$HXu0xT5h$0>71F!AHbW{==vI{8N7G-fu)v`4# zgak@1Odv%CZNX}UF%$3^gHi=ho}f4)CZzOh;C9>~;49DCFWB|bOx&{JCoy%K01n?N zg5gnGjUnGVS62R& zo2!0eWEP!A|0{x-w;lV!Tn>8o2%gd3yo6q+N9C@2KDo>r0F26s6(<9JvdG6JN{rwm z3?6|5ns4_Ttc+BEdM`Shz=5#Gtx`)&-IG&d8GM6*czig1D$7{Qg}Q#d%wpEk0+&%I z()d{PAYpbiwX_n}Vd|Diu_6?)NJT#t<{C24Ost@(wzrGAAw^rredjlju9|h>SvpO| zg7-&<$0sm5yWGDHoybP4*R6oSt`gNFckBeoi^Oa*qY~O&G2%*3`C^+*17gI6)g}p- z#H4L}hClhQMNF`aKNoZ8gdrd2f~%2xI~GZVVOaTGEKPCFmSOqA13Bc%{DImzgs5%d z`p+1{ROTb_0zE$4d4(y&%@~)qWu(>-9uJ(GkLWf6ZTwTQtj*=p^4{@sUQ3sm zSTb*9aYluDwD)*YWMvATUgj^$xcvi<1Bj$26_8cVF-)mxGy<*A!_qeNtaO?Gz-3TP ziyvt;FFEKUhS3U7#)jl1(mqobJE8OrSbi(dO?NRgR}f74^X zLa|f2kA-Qt23^!F5PVgQ6}*aDVfoE`k&$Dma+u|4g%=*CX+MB`7Ox_;2NS}=ydSbR|to} z7${|YH6oV-GDLbz5-hs4#YKgz0d5ehNlcs=e9+qNZ!$uNHGJ8?TxN?2qHtb{b7u^LYVBYFqrKNHW9J8H^YM_+xA zr_02;=3Xqm_#LOmx8@5EL>I2UgxWlRwh{`|(GC?$+`tUZVmYCLKyQ9@E2Y{(e!$HH z%}Yp=8emQt-P3@3Yr&>EmgO-o8-+;c8y2PLljrj=yocU`>Rc`+DmdQl8p*AOFhfC8 zk+kFT+2X<U2k5Yt6T8 zjeOZ*QxsjH2yXnCOR8qvtVIwVz}3HCooNWfO@La$b~H&bLw5<*q6j?+_*h4CTll+? zjF;%-lltAjI6bk@0>5q0RPi_!o#6y!It)y22rr10jnFa!qqy_^b*^dQIGbnsjQ2dn zPh>7pOaJn?cKlnL=G4?9p@t2_Rt#YQGqqazaielu0s*JjgRO5>#61z0iKxWmxqMOc zEg(?BGZ&{GV_JmAZp!TD>J!N>vx?K=z8VsY^4e;()d+TXJ??YKSZ=y^!RGGUmcv*+ilp5=qkFP z9srA7#SKV2*l!*j9%H#}_T#hSqRLvs7D-X0Kj3aMi@=XjhWn#l|IEs$6cCa*7T5fr zWh#_SBX> zSP9=dbPWw#*U|i{fu}fi{hzCW-q0SR9NWg9AF+C88XVkrejQ7*^Z4)#rKA>;r&Pp74 z&RtI}GyC=&2E5Mcv30Cnm3{JVCHpkH`Iyx?mk+zwR%KyOutd2wb-*wR21;8*E4rd) zkq$;6l|i8oy?|Q4T#idxtNKw24@gY32B$M=D@1Bg-7M(c;$raqKPyYi?+RyU|6G3m ze(7EDT?ljG`*+pvu@C^{uK%Nc*vV!4fVS8|fVYqNPB$z|lK$R7yG313Kn0vRX0C%g zoy@nYTXYDLB8~D4S%2#Y2=;r2ezY32;Qoav^8MV z=8~1viV5*bwhIygut#XH$YK12i#;;IKLHmpkye(qK?-sf} z((xmE4MCETO4r4(1Eb{+@FCjfjj4iCw}dZHe+OKU+vSvp@|i5UAcuzJ!22bdmL=tH zS%ce4I!|t+1r`;$B3BHHP^{NWLIn5MH_X~KOMbQs7;zerSz6X` zBUiSMMaZ^3WU1~+y8mFj>lz?Zu9FeaR(OFE2sAa?C-9aTZp&E31w8dz!jH0Z-7a8d# zCS$LM3F^D>0`H8-a;MKdD1a>ZEk?hj!EzC?6h;)!ALYW7#ipCX=W8#f+Sw5J2G-MQaTwf=EOv3?fel&PaR!3!@%$I;Hilx z8yPjgkO4W6>{{RK#}^H;Azl-XFLcOADi=P@czlULGfyIRaUzQ7o!=~{6-`WD{6Ml< zWdUTU2~5{Es|ZhXqCK=m!6Peu2h4ltAFvnP@Ij;`;K3b|H~K{05Z&nC7g_pYXVI*{ zj4L2{le~6be>>aEkwixEwS#@;{^&c8M9FAsp6TVP>*k+nEgW3e#@`9?S4w!nmNH@v= zTJ3jVoC4D{uC^r+`iewWkG9FlfjrzOY<&#hTYDSks?fK(X-mUGA7V682AR%!MT?@| znz-!I0*7NVQu#DH(8MdsczdhmA8ie)$M3@8bQe|LpsT5{wB_k~rCO;*3c-`<{TI|R zt^2UL9#bB9wqAM4(9#-(3dLp~3{8R%kiE$S3xDk`LP!8CMgRMyHi|@CBK9yV`;SOX z_@%m{zE#Bz@d{5^j=ZF!o4a7>56F{5m;so!0py|%N69WKCwrJbj#7HiHQi$~JQdII zB`VTZVa#DL8Tdi=In)+?XE@=j9&h;7;?x8s5QP?}(OI(4s`T;GaX*#XDJuvX=(8sS z-yK{781m4;!zi8+E4jbO#oheZUFvrA?ZWG$)3gjX>{bAmOGBereUJpt1 zl8Gctiik{gx)1;p{UqRdK}Dt_wA$d=8X|!H);voWGGK`ul~3QIvNK>y+_7ef1wH=; z&P@|e_AyHZ)Qk?;%U;2419GWLf;O<_HlYDHMo zg@wNe&!)LYp)FD@Ww>dE^yra=FdlIeFY^_4HuvblGpITv0nIyme+J>rcr><5mYQF4 zT4^}gv29L2^fi{Egu~n0K}#8RLtg2x^WZILzJ`f_cq%R^8Qgf|&J~HqY>#J`Tq>`v zep<@IC(D0YD);fkw|XA*y&*o;ezLrFD35jwpY@$fud}_jikavoag_%g`oIJa;KU2# zLA(ig7B+H#x@Fl8{7{WNT}M!`1Zj@tkVFK~&zTve_K&;ioNCDd4! zf$#n8w7*~9xQSA$WVdgcM$lqEZRN)9JWFZm*l;@x#a|nPSor z*E@Gb+$6d&IwVkXPRsMFnL?r66D7)#PJ{e@3kRrc zqc3=3tgxbX4#mvAG#?{p`vZ9>E&o&I3<3x3Aj1{bXG9X=`wUmGm9qDsNH&x`D*XfMrs!^f4S<>jsA ze`2bwrK_8cGsJJp-K}8xY_kO4*zzTO-#+{2_WPv;D9XRH_e+dkiQsIX*m%Si-whTS z{O`lG({03EXF)uJgXPz*Q6Hn(MDZQa;P-Iz)3(!6fd@w|N^C4Oth&)RB z9|e0F7y&+G^~siin+rUql&hw5bcL}NWo{fx=YjK)|Irn(eki_dn69ZrK)CG$?@yVy z5Igs8p()8b^%g{CCUjxtehb|GP8f5OJv;YkD3=8a%6tf=FnK8UYUK7|nRaFLk6h@~ zO66c+%N!pO-*39AMf_JRqI6h`rb3=Qcy3I*xcFN!-mkAwo&OLKorwc?{Iaz}xAYii zH!>CR+*g*GBR{f3W zK0^7V{iwiUGHa(N1f4b?P1(jDshm;M3L~jMist-Pd(QMlqCCF* zU{!h!=?hjGz$g1eL>EPx`$B?Ip<`3J9=4Ws8^R=)HQx7&HA@^6^(Cc5OGlb_ZSPg4mIRfhQII8H~(QY!j1m zSK%;jdY{WLfgN4C@H)8bOM^l!#4q;w`1C+CY>*OL;Gu1+$|*F>II{1L{SolKspajq zmzj`|xJfKp!sUp4V$otPsc3U)|7b}MOkVEtx&ybvwiMl4Np=Q_qB70ovoh<&eF~6l z!BLcag=nDry`bZ-RaVvajcdBhoeaF&8)yQ*1PPNlge#Vh&>|R;7@?EoG2o(a3M@xXQ7au-hQ-=#mtth2`3aqfW_&4S!rGuB;`G_ z*sxD`y$A(@$=D_i{Ks!sIP^5>me3guL~WLRU(5;WHlK$HIc(8(axxJWpwqdAeqZ>b zHjhQUohP%r1*7k5LEFRf>A^|UKrbY}#F$9!#@hzQm~HGf-!hrXjGGDSn9CJ&mdnV0 z%2?#ZPn$2cp_SH)&7WVq4;?qp(Hzbk|NV zuZJWrUyw-;W-!l(NuDssvaA^DHMFcoSnCg;JoxiTX+!+UcsLR9xIQdUVJ(XY#bu|U z$oyhXSJN!)od5;tDN`wPmUO0vF_6Ome9(kPCNX)!ljud=Xs4OkKD=xpQE-#7_@AAv!W-J1LV&+Wm0+&E@ z7ctnxK%NVKz@N_%XW>#_#O@T-Ph*xVK?Pam^)<+O5p;v6Fp&}BB@7k+gf549m^c*# zTicGqutcJ!8JZ~AJUc75YcK1-mtMVY{`W6?`v-?d|8v|rIsNs`+u#1zIq!7ci_0tT zUmtt@fj|6x6pSa=H@A2HuCA`FZ#;eW{Ku8j^85Fjn}8a* zG3}r`6jgCk;R4ek>$|&LZ(=GRv&WAgGafxv@L~p>jd2DVf?3G3pY&9FgFyi!(@56rM@Iu|rK2Tc6O5tycHrYHp0BpR3Pu5ZfBEDI z)%^fpSovBHjg8SrKCmL@df?UL(6M&0Sd>w;A2EGf-K!nEYD3w!*gl1MCzBMvozJ6T zCy|I4-0rhy(ZRu^aLa+l>9-tOa=TD$hIU`o|2x_)JTls)-_zTLVl%XRT!&_(Adc$_ zLRfN%7u1ORG|V}YzV!6Prx_hl5LEX@)s+@UX+)nu_GXTSD2HA!AE+)G{wR7hW((sK zTgeRzCg;J}8&AXvozPCzrcr-=@3WC4%3%2RX;lC&p^;2=@t#HTMCyN4(kFRZ*T8R;Y%C#Og8B#WXy zkzT%O9;~gxyS;=o7dZ^1+UcRPdFXULI+w0tEJ|k^p4e$1VtUxSuG$e|z2142q4!}w z#Q+)ywU>L1cI$QRxUo|>gBELWM4Ofp4c>;H>`4FRGM@@ze?_sLp^yNFQkBRn`~i+x zi)ab^Vc=s#+vWxH``&nr)>#-qng?YgvqLHx$)#p=7jXa;Ku(LlYs--U*b5|V%t}EK ztMNa8T+~lKylUZ$_dfabV+@i`Ku5o*6VRhGn#Q;l9TpS=+kT(a(KGWPG~8bJ)H3wYY$> zFw}O-7@}xH6w%C72DK!~*$81HC(HzyIL&HB8gJ!l+-bJ-r*@`?q1g2RhT4+DWfQf9 zG#8NBf`yA%n21;?CaVCFl0%8~I>K2_YA4P5LvWTcstdk2XQA#Ua29$uCugDFPvC-o_XUf0~i8gexw> zSm;FpV^IreX2!xfg^jToV-dx7Yps)Z^8nuM?PX>!)0hnURLEqSUz*kE1F$n3y~KQM zM<35r=A##mvLLF7neY4Fzg^{iVrElJ;6}DlJRnapGBw&cQzXe`lH?Q3Mfo4krlP2O zFlJ={oHbLg`wHTs4|K+>loLgaE6~# z_?d-~(FM&g6qFFkoUH5IA73pdC9~$e%#IxBQX75ww{s7R)wQYF_WW1sxKRx2CpB_3V}o#ZeE55J?L13H>h5hoMg zbHZ(6$#v-7v9)r40R%ZYHR|p{{Q)L`&vyrdp>j zTPKAxK02IMyucHah}=!2&BgmsJ8fgCD38Lt(*2f*f-XEJab`wt$G;rlK4cuV?@UUK zHWs}IHK)Oz3lwK!p$Y>~Q}k7m(X;Y z{bLiqzh5Htmkk2&SoJ-RyN+OCu(^zwG>y>w+IR|Zihj#)+Lwyj1(F?X$_-Ow>&XE= z7*23^((m8l2Gl_(yOqMk2YIR}d zb;*k#FPMCu3R2u?`WL*gdpmR}g-K8%NOT7aIJl$NGF?%p=VMqbhxPoyCB+7&q&Aq; zvNIWZ<2!cc^ZP$JknOx+KW7W8u)0c&h7HRMeir3z8WzT!ih~dV(=OA(t505;RQCMq zcI2Msf{8NA3)N^=LmN@3!g-tO8<$9%{Px@Ukiyifjh<6v*Tp2lL7TLs?Y=v{@+rU5 zqkLGI;vO33QYjN8F@~NNliOjNQ&SrtK>cgvf|W$i=!7Ttb4-=_Xo&6v^ThU#k#|6UvYp zp!nhiW`({3OVaTubwmO;gsu=22VHABS1Q97h0(aUz^>EiFt-hEc|30tLDy3SIb(tn zCK8K{mqMA#R2AHFRsDZMqU`ECst0Z3lP;1I-2{JL+OEY2`m)maG8>o5sdT6Wm$CX#pPg9@kf`r z98dvY1jtSwsi+rPAntQO*T*auMX?oNa^-wz90eP~^u=PV`S7{oAEtp-SfZG-rUFNi zG_*g8ZOi(0O`t3?SJo}snZ8L=6JmRg_NB1!2QWaKCSeZx8Cxu=Ah?lji+*ak?ElRY zFd8!xBFvgiMQnv)UCYuF?N%+E@VT(5% zVS|#&kF|xQyWU0JV))Rp|rWPql z1A-rqV6!0O4+q3ZynP(GVxa1BgdYl8k`BG&MLbt*@Q@efE?a!J zQr%emU_^4t2;+lcX3xhZs)k7@YZM}dIp=}j!z*_oV-kgsSWU5fLBtk6q+(~}qU_`X z87?mK1Zg5o+VZ=~yUOxnm`TQgm4m7OkYyR`3-`sYv?!26;%NxPPhst~7<~T@{(Zmv zeV8%=&z_=+*p0#7;-NO%d&u7D~6%8>OM z;G5@D=%HXr2~;>_ef7(9z@}%0+skAdZ(UcMTfL9&k!B&qQL!L!?4*<69v%TrBS>wR z$$ILF9YFB?gC0J@1BIjmg<6-cXyx_?l z0~Jw=U75Coaz~ei8GT7XLOIhJ4jqvcH9&`Tvc(>VgtUC~p;IM~sl>|H6;=Huif;U^ zM>L6%VPyE1aF)5CeM3n#FHotYS;2iUgb7?z!&bxV`w6`1Q3xgEiIBb{Bn0^ z5l>k*YW+@Hx^n^3^qNknAktDqYbddGii9eNK01+mGbt3?7x;I5k zjj=J)5(y9&hS0(pANEE;I<~2a^RWsY}RMrpQGlqKYZ2B!wljX_XB1o>&AT z#t;oZTnX<>EEcj7ns}VJJ{YD_Dp?l?hZw|GgfQRT+eso{JK?f;&qBw|g!j4^2+V`d z&*PyvBlAKN5t*Cg#@=CVr;YaEiHdP4Cc}o~JHjr4=U*k6_%SSva+w_+9-r(tc-Ra6 zCZK~Q1+{Qk*Ml=MB2x!bv6F$;sU&qSA{%edc;0sb(m($f9>Xay7RkFDBfV~$7a-3} ze12wovAtLxp&7pZXu(#H&-a4%1m`%9=GuAG`|#;wI-I;wJg@wC#6#|H3}Z5YmeF#U zv>Wm<3@}*CS)8{-ilbsAakNE-=2D!|>IsOG%EJJd3jpr&1heS8I!f$E#PeaUv1rNw ziIWJ?>J%z(uNp^t&6h1s5AFTN$?LO)c5brn&@4G zRmlc`a{74#MP(EpQs(XxSuRuz$*7uFND+7j9`K~)7~_%}#lFDF;m)7%TuL9fixXaq z{XX%oogR`L%%HC5LnSTzUKCl&gUQIHu5kC34i_tF$@XCs7WrTr|LeceH29TV13y^8Tv?SJ^S~&)eru8J;#V4U5;u)%l5@?dE|0yz6@szB#`~qZ>?pXeYNWo2?9Y~OSyTGQ?R^E5CL5&J*Wi<=J@Hxnv6_^`3|qofAJRQREw|BTIK<-PEGxSdy?jW=BoDGU`$mToEf8_Af0fNr@z3U?n$K zckI)@#9-NdmHi7QvMfWwD6Y_uaPUpWb(prk{l0 zB=PWR&m=rdp&`fU+cpnoDPy1)Y zFnwT>iBIzb(9Lw>)MA(>!~xB|Kvmeu>{awYlrz+_gzQTQVrNEt`w9nHwjZg0nH5a~p%!2NyV4#vfl^M+c;iw}dYz5OZZVnr=+n+i90-_GS{ z>73S^{8TZ-R4vGU>p=)-nv!8>j!KdEfcFlJmwDX@<#R4FF$=co%30wpB)6sAx!Em0 zfB1o=?h4Z3!KV7w?{p6KGnqI!432!Hpm4?>YH#TUI@wsQoDTMrE@Gl!`r(BeURxgQ z>$muLZ+Wnv*9>~n??o%-ed@vfHr3azS_l31*yk8SpPz_n+n}GHVv!a`0$CuJP}&)Z z&qg*wvmx^Vkllj8YQqpl8AQH;DdY7A{Kuqo&hVFN zGsX94y3GTWp+RZJ32LA*Q);w)5U)&g2>wvBf>1GL?4}KXM6Lu044M_!hft~3?TWNE z>;tOrs=qIyvgMj?0WKVLz!>_0Hzva{*rzCMrpy-=ICsG&LV;bUzsba6lQ)a`mwD!0 z4t#X_hB7Ck37nn->{1y2nC=-uWgaS92TVpz(oV9%c>F_%mh#JpkrJ{l7{DTofNqT+ zEvfhX^0+C$(#aS|LV(A(h>P6ZJi1r}8J1s?dHDZl?@JrgIFg2+ui{s9FdKvn=&)ob za+EbjNY+NzE9BT&$%{rXNV5ip%z%#A-rxS#(cRN?aY*u!1nbgr>HW0R( z;|j4(^~ZGzII5sq1-AK4Yqp=|@48`bnyoP66>}ew0cAe{rg(1ybsJbV5oJh9A8B^( z_6ER$*-%m?`@ZIsMg#8__Y|Q)^pY^uQa)}e+DpFKJ-Q0yJjJb+wLw_oVUk}H&1C_1 z;js#jve#vc4;pZ|a7Y&lm|Y@zM*eUQ>?PO{2TD$uqRV6};Q&B_xkZu{Cl=kvgpDN8 zM3R&*xHsWhY9Zt=66VWiLpzNOH07CO6%(uFNF#+zI;HgEcVsr;45Tqc324HSNe`QY znD1T}MWcI7hl7USDGKUww$$lfXXE9Iuw8srCWrqBC`kpC>BWc&Mp08?ZLCV*fw+6T zxrYO$d|2A}k)yVA88zn9E*BtR9LC~)lc(d|IR3Y7bo z0u!NQ8%#zWaVE;7nm~!cnxjOD{V4TJsS;BC(<-7inQS20bec5N=YYp#$I%Z{&6Y~| z$M?O|>Y`#c_hI1nIS4A;WuF%FG)_H1iS<-1-)nLm05sooWy~rx;snI}`w(9E-xYWe zq)=5MisU$8wg(aIDga_5P>$pI-Y!ZVoiKYzm4XhSfs*I;J;xf@Xoc4UDAY zxUXq+KThs%8ulG;;5;|X4M6-T`iMtD^^pUL96ugvyvHLO6k)w9Xv0~N(nOGBo?I%` zPHVtU^O-0Kzf0e(*$}HCr)49)B}~`aliV`QOv z5K`R2m{l-Iz|OSDo}qMM4+cOUky9X2<-LJWWVX|B2DjxhQf1g6b{!*xa`Rck?>D;G zQM@D_ra7{~7r;v@xB;0Jenz~c;s8xRvcFAyX`DnI>ZxI}{GSId&pp~v7RR72oQ+Yq zD*o;{mz55gH4cyQA`dp2$>0?bic5kJSaBK9M?6_fgwwiOfFRO9CM z?y}Q@o<_SBnZ@nuzb2eTC^>HWpvb7{!_Tql!wy8JFR4>$(-*V}Q}*l5X05TaRokr_ zvq&XQ`0`9D_U>daRxr7!u_Z%g=~fQKo#D?(Yf6)Vj=VvgNC!f-Lf^O^_suL4fNmTd zHKKL&|L(Mtf<=q2P-G_^CAq05?4vhMujO8&L!u8PWYcCV=Hv}^R2`8&Z51j#7Jxe27iWK4cc8~;x zOhhr@HLEP4sB}k;+{x5YqiJ&P5HpHiZU#bCu?xR-(zgNco z4Qct`vNy6$Z$SQF4ek1{A(ozJN5dz!I0_tJ8j$k{8LhGB3m@2@e156${8K)o55;fw zhDw2h&EYbLYYwjBFP^)&GtmEntW0IYG+hXufanA|FAwma!`;epjXrRGoY3ox89j_{ zZB=>ypmB73yfY88n_lQ}r5+r!0hz*CCSg3N~5O=q5_K!GJ3Tu*-JOh<6Dk@BKFeK*_*bT_N z4C3*yoFGVy)<{GH!tj|4rF)8|Z^DRRG1%Jr*cHifw1YHJQFufYGRYW^VvXmtCn`H{ zi}A?Z$o0p9>Y`mdNgYtdOeni=HG#or(GTK66xPrTaZViAIpstj5tjYSPKP=s-Q3I$ z8_{t?Wb#pE9~Lyksz-a^E@X&=265}h3j(c!t9UNxpA`5P{Y?PD;6Ap<~MUV|; zOnAw^EM=i*AVyp0FY}n=CY{7EAP|XY&=ij!7c%!??IXm2dB7W-9ka=#LN7{3z!7(^ z8^fNQarPjlqOpSL{nn7FVEx=^82{O zB3ce_1Zl>l`p4#55$Y6fT5}UBIyLe-Qmf}qvJtN_M56{XdVND^wn4!J7;&nLC)mLl zx7+lQ1-t;1W)nT%0AJax`yhclMW19s{@g}I0f(?#kF-s(W%~^-nLMR<&yFoaU`EzY z{;2R>G=-@wJer4j{5XY+>Gvn)V`3ownw$(g6vmDn@7?GmBVUK z*fTV0mudJC5)t~S5K`m?76szLw+H2~#3jMaikF0dj_`b0Ivx)hRkByM);wkm_8B^_ zf9`H>EYn;||T_tJn@LgTv#SRPTH zdniBT)db%K6wdzW4gzY0K@R&mnmh*9;YlzKddAQsU{Ik@{6AI0jFKqBPvITub#C>| z18e3xWTJFw6A-=|IdvmBkNa?H@dWEYjMhNGM7KJ+#1ILVC(j(7PH@WkCchoY4H+R< z!nY#vlNcyP2OWkI;Y(5IZP#F9369#r*{MbDx|5TS7=cCS2%nH1{qnt(F=uSdm|Bul zbcya!EEJ}$gCQl1X$+y8=Y~oiq6}^|$0d^{Xfz?NU~#FEES1j$0sGAL7eHG1fP{*q zv9DH(;<^Lhg@5S|VZ*`wVR!q3TUq(-+qYr|O(EdU<#IBVzTI(vYNi~C6vUy~E&(oP zz5fndPYzrOgeKPw{Vz zuGdH!7)~w@Fq@BbI%is?<&9FYUPL1wO+$cdJ7Qfw9Ff&n0X6j%abfpt&uJ2oO+niw z)e^~Arb83S7}T=93X!2gG$P(qG6s^eT~i(06FEFJX`i ziwrI#ZKwj&48_V{8SxqjR;Adks{3UiNmeank>Sg6HP2Ck6OLkzv^Cbh#-G_snz*bP zBHWC0M!SN$fYKkDjcaw$O37g?YBWw3x7m{Yw-AaQ6JoGw`7~Ma?7YQs!I7~&G7{|Drs>SBj*AuFvys+% zhAUo7nw%_8W^r-|Ka$KIqdyeQSc#P39_}N7yuRKm=eG*65J7q^30VzES>m-^*m}2k zH^FHK4Cg3}PaRE=Uk5p$;Ht!1T*cjc$ycX}A_8P3Ts7XUjGdQ_;@foSx{t>=ConfM z9uEK`Cn1jd6B{vwrS-a2C&;C|^H%tS+m0?%MpRci_XcFmiA=M^nmxG7>4?BZZtME; z0>(L#z0`n0X~2UWM2lNKIazt~?%hY@xxDaEF83VAu2vBTF^&Q?%)yNn#Gn8<+EAC3 zyG_c(QKqUyKOJ_2A(xiqtkaQ&JRh}?@VV#G?|dXR`x^{k40z!J#U;u?-^XPMxz;j* zBaWj;D+GiHkV6?`TgsdTzPtmaV;Dy=1$2U5Lel7lp-s;`>ABT`Sm3D z$x>2mAR4+d&NhxZHA~AY!Lgwq<%J+3(;Jx^MT3lH7=b zNXf(=QetV2vC?!q9hjaK!l1J6o5ljm$YY8 zvA_@z`v=`pDVRKk21kr6q@R%3ayoXiw5!?6xhW44B@s*rM=d0BRLGTo8Nbu5Xs@*15s zJe+I0^te+gA@TCk9$4auII=soh1(SU9pOaMQ6_Y_U8X!gZ5L&-QU*ls3{BU=?YSNv zYd#nk@B1m|EwTuDs`M#J_A-E8CFxRE6VyM!!N>NH(855PSS)l|W z=k|ru>#6K~5(Z%-zlqA3`9^_AImI;%2CTp*z7iz@7U$PQdAI}#U%8P)wkloOsqTvD z=20VRmePw74FnhzxvNO0L^UN#jn_2IslKAOXgv4RhQjw-_UBrbJb2=7Jxttj-XKo*tfmLTFZxXHua9zcuIxmoS$+1Ih?$+perU#yM7uK zI-1B)hCMJ);drEXmxVeKYK2tXob^Q#HOx)AKeMGj0CB*3OlLdIdWOgQnHG1{Dowa9 z*$@_g;PW?^a`fgt%c+~25D$ttA}nI%`{Ta3i3|_&Qd$qq!JUN2Z{qD}RHb^4MD0eB zW$K(sId^|Z6e7^gZj>3MMU=bOkG4Hh3Y#}&z4^2Q5jPJa(l1Dl>pNWsxK_L?F_1e_ zD+A9`8F10?6Ak2`Xo8Tb{N;|JoNCE?r>J7iYwM8{m2w{cm#Y9esvI?#tBv*ogWo|n zFv>qtXk{y}T$1PTJh?c~>k$ne16dl&Y=UoS5J0%%XFCP?3( zCi|jp^nbZPm|p?~+Jv)mZZ$8(PyhAKpS(CnktodR&lF9DGlj^}QyQIsB7S7(OLVI$ zkz~vEZ4YDA5P(2k1A7UIkUVkZbsQCOqiEZLrV{qUT{MQN>W*Y_WoSL&CiaGEMVW(d zHX9gio7xHT`xNkWO)NT{8`qJ!aHwG29UZ779(o)XX&R(Xp4`gLyK7rL@~rm#qEefY zKE;y`)hbCB-$B6DZ0_#*T!j5rjiy+y4`9XLLeb)&8qFRSNFH(WcujmdM#l#d;Ur?CeJi10H? znz#JBh};@yDoO)0_nlf|+6gD#69_zA+Y63hm*C+DttBJ?Mo7{p~B;M#luQ1=?c zJ_8d#EsN#y6QxEDN2&V*0PR((2lclUSn=Suz1sdUbmwThcKk_%aL--(i?K5r+Tle^ zItXLAj7c8RQ76<%A(odC=K4#HAi5a3TMPH?P^4{Tk%KvOhW#-;FeImD3hHn}Pe``N ztxPC9GzO7NIu(jKpMbtsp-5OMlp~Y3;EKVthon~u$-z?(XiD$l62btDjlSnxSpy^; zFk-iF+@aXt5Ag7*)U`0mY}wUa|6goeTvM4$5?N9ul85umxnwi8!8Z!BI7A$#&r$%J=pE_f! zj}Q|HanosVn`&wZVZ5=C9+4tW^tHA7dE&y^{0NE2)%i&-M|<8j6ViFNBj=Fb|57wzWb$Dd1t zF2u!U^M;{sd$!#ZubfVYEwZa}T0d9IUqUSalg>FKPfk#7qICh-KrG6MXDhW6`Fpl4 z$3tZwD^aCCw14dknq<0((PE~u@|Ha*VFs{5<_?kw6G}V>CYh&m?nm*2?H(<(2SRDF zau30`($k0BR{;n007tj?aB&g79het3$brk<(Pi#nU&@aD(Fflj1Pe|$dHeQS(? z-TGZUzG@F;K^wI%lu1OTeWO$wq18b#GY5YjkqTeBJ4(|A`Jv-BE#*5QZ6jHwKN@*d ztA@4gRK5$7;yQWeETg6I)R@;zk&N^GD_36c0CiXLGLMq0-&<(^KjNKJz;EzH^zozU zUX4=I2dba@ISMh1`#K8+&R%H_LsTMgu^_#sBIvAs-)2(?@_@g#DCvew#KN?q9updF zXfSZnI!@EUST(9`nH(b2Z+1jcZWT!FP&SYNjyCC$Go-SBz$=yh{lXro$l|8)u(te1 zFyX}XWB3c`Wgiz|<7{4S$T99x1??|&a#DKtZZ~`OoR)DTn|)3i;XlZ;LjgwD4tZ+n zLlkB~R?ZQXo%P;^yS!2_-@X+RmS z&cG86dJ3PyD+&MHdq2NY5M)Sqhfp=SzT6BGYmQ)-h0RC<)6wD?>@pADA651@5B5sA z+$Zr5vAXo*Q?V#k#OZ=qdAhQ^x+)%v&z{IGO(w-91Tz@QGO*eGV>nx7QQ zT2ssRa1)RaR;)O(1D|K+7*}~1)C1@de0VxuxuY1L`t}YY&QU%~NmmAX50|=dCY=kw z3J+nltfp4}dlm$D)Y?dnACF{C$+wAuBk%5@08GrV-$D}+&%OXc2)&a&gcjt}qVF~o z|7b>h!_3dp^^2l^7D#yL#lsQd2M*V5|taiG6eJ^+!Q|KqXt`PxEl1|&9cEk1c%U+zf}%lwC^Oe> zox4{gr9c22-wDGz5%xpOOWlBSZC)M&g z4#mWz2ulbn$Yep2*7fbq6`dg3lN`?YSD7FcC9Dfs6~O9QIZG_v+|*qDmx%v8ceeoG z-(1*ltx-ae%&*2S!g!wcHCiMJG3fRi4jiqGAVg+NEG|{Zx@caM9Cc{(MkLIs7c`&E zDWDkk=Ki4=?zVIf)s1^C6HA7tFlC&30Qu^J;N$5+%P@@e(BiT{JgRtrIr|renH+BJ zL+DS3j50lU*biauDJ4OM80~ZNpC-1s8?N~x-5jx@RmiF2gadOAmTlnM*r8{foTzt2 z1emd1PqU|4qQgj_fD(n%EPX#EaRQ*(hEaM0K1N;@Woboo<%sBtmpjd#r5}x$Wlr-( z8lxlEZT)@+k?5DWYUjSOYu50Zn;enjZuf>gr2*U6-E17a-fy5C(6q-u9e|X*Ki(v4 z#xs7~Jmb_^1DHb$fG|gY81ZG9~jp$Ke<`ec3P;#(&cBe;+P5#e$nnt zNdn~W5c>HjJ@oS(F6!uw`&>+Rb(j7yZtjmCztqjm8yn3?Nk^vga$t}<&K!YKcTC^H z1@9+#Vi?ydkrD?wF5}xVF2Y>#J~9`qPg0kg6rG|v+es=#&KPlbr6NWCimDZ(du^0N z=f?63m!$28^ z$-3~AHyX9wtwsYcVB8-yQBqg7`ttK#WAtGJz?XDzDJ#dla5;xM3;U_d1VeZ6UNBJg z!&%j*+mA`Ff=A+w>%F&tvj?h^qJK)`ESQkea(PW)^6lm&AS7<-LGw1nKAP&K^-|}e z*%YM?{s&L%>siBu1$Jf+HqgpwXIaElArINwL zcX#8h2hB6~fJTU+sCe14$&kPqQ4(grbJs70BA;i~CMo|=>SKD9elwdK3H__dg(lEn zrgHR?8f(sd`TT^2OV|YQQSKbx7ohv?Ckr!EikT_JWTq6KL##iM;OI}QQ8h@!BXx?7 zEDkbHO|Fzz%gdjODwQPfw2}P*Gs3Jw5t)@r2JAdt$WJGyO_K#YxRms+hI0>M%=%CU zax;PIOrWas!9iL0xqfE>>z_crnizN%4(oW+=7+>*cQ*n4QpoKaGoPMbh&lr0O&?fb z?!F;c=I$SFWo~q^mATK9p81RWfzcL~e+KeD;imkS zi2hO+{rbML_u9mwFT_6%(o|;&xlPW9@S>c;ZIS(lFaF`5p7ye_7_5N&b552rp+M{C z+Q@{}|H!V9(j=DTHD;8dujZO0M&0~uD?-U!ogSiTd{n&>Q!Lfo{g;X-0i##R_NT{8 zGnKTS(`o&=tvdkm!N&IQGQTTDu~xpJGf=fLnhYiuB*W_QaXz*0hIRp;)^_opmW!Xu zba7%GHPg`_#6`zFw>s-tVNlXZc?rYp_dMR|aF0J<4AJTTlVA}mch<$ibMfhUxIkuZ z%)Brz-V5+BQPH1cw*GfdI{9cUiJWYYF&9fhIH%9S3MRrUt-X7PcDIpNWeyrT7sTNr zLN>TsTAqVGf+SUfm*;pKIG~a1wWK@;{&D+sVHOn(jE0HJ;8D+9W&b7?G{yb)n!`ab-8x8VH){Lei^eE+#|;r-`E zS&C)v!p58;A9I?`hNC4t5*H-1ekSEaG$o$>`_O^@o|U%qV*lV69;D|odj6xxNL5CB z-FCfhd76{5Jv$_$56SlId_2JU*uK-z0B-!QB9hH%GFw#l4Y-~rUZ;lyYuCMia3h=U6M3SZF6q=;N}e{-28+=^Cv}>(cqaA zXRMpn-&r;Fl5yL56vy4CBO|gwjH9K$)bK;?ea1P6pP)5!|I6pKtEXD>x9<+@b@7IR z2-9thQG=Op^fA%HwJo~N#pM8A_;70%b!6ddTZYfc1lW{G@)GWT#Jz;K*+Y-(SiM^n z$%oM~>2c7>5AFg9$Ld^Lw?1(jTDY%*2X}3&=ZpU$H)5Rweun0?Fpb)gFeu&+b*Slj z=mgTa1%`140|({dCcv0KoXJwM&ni+Sb)==@Q0otM0&CIio86@|Nof-);^)XK)Jyk>#UM0dr;oCvyqY-NCo8$X(P? z$%(vmhjMZx5Sr0*n4ux?Vu&t$(gvY>0;<#^&N;j!_6_m9$bU#Eo5zS<5V?qfb-^ow zem27ax@_?!s)4{Pz8qp^PijFenWX6apr0xfH7>+0`+g3tou(a%0^PTqo|=%lRN$T4 zm)4cz4m~VF<~@MlpdS=ax?Vk~ysT4K;j3>Ckb@Hx+{#SzGL{+ip8e$Lfd{s!<$RV^Wp4ZRmINy>(&h z#gu{w7||tsfo(f*IyhzM%B8_{w7Ay~FPiE;oOoWp=)#pB@}^2xtf{IL65sza*W7e; z(3y5w$^|QdiQw#BsZ$=yFy0FS4Wj%fh*!`pfwxkLx(=&KE}2) z;i}u!s&bJ;L2l&h?xy;X+HVzN!$D6go#^F&7{+WkDp|3{=+l}hM z-r>$}?Wl3MQ%x>VZB!cv(NFc?>Wx>GqfL0R|4U={p!!Qau{PlF`YU)-PXe&{+kRzl zr%EttM``u3nd-r24L{(SrE+G$>cRfj&UWy+vcC-@Kg?9C8@Uc301GfjwVK)8tiFA_ z0doXT!3X%cZ5D(d8AC4Kyt&yh<>cnKppsbt-Zifpbc@LrLvO<00}zqVo_k^TAoez1 zF1a`F3Xg;_RWvuyDLH4EOz3N5yPUxOf(5FQ6Tk_QZ5utjgUz_5{H)Ov(hD6l_`6Yu+Vp{4})4d4yxg%-wUkd37eO36K&SE zUhmJJq)yJe;z_2}>&S#N`2q1CWK{=?;B@;PxHq|94MYYFq_YGn@`_YV@r}+vsRvO{ z*s>{;4{O`r zB~h|FT7CQ8w)+ABzejdfg=s?30UR}qt?bz{wS9&KA+}x|Q@~!Pg^;J6-y@6UH_%L! zu5@K)akh|G{5a8sU6i9pc9#g<0n{C82?C;tGc1^Ag7J|~y{m-rKn|0@3K;VX*m$H$ zLAzqBN6OdM&?AupA}81FXILf#ygc3$?ob*g!}j(E&VU$u97~$O|4gb@-sVzDpowqp zElw`#XmY@uV}BY1KYNDLfCKH5Z9jD*4G>xR8>BN;>Dumq#NuV zA9ZF;n=?=8Ojp^`huz}Qr>qppvD~2?fH<zXmC*%&ftE4DV6e&5BbL+^aYs z^7WC9@g6UzE21gbu~mbv)Z@-G=L{+E{_e?vBG3 zxX25n@_1U;wef33`cyV%pj?DG*as1QPlKF3KnP z=M(9u4E^o2fTk$^NyOSkO^{L!G2Y0QI$2(5mLm5^uuGH9_{j*{4sSR(8;hb*XbiK? zz5wSgVK@}Zb{H|BUjo3zN!RRKF!T|tpteA4)<+bJ&9R>0F_lJqj?JHr0AoDCRC4BM zZQdUodXiegojU9)w2N~Y#qmrD!D+en#jqdLc2Uu%Pi3FT^owaYGvKaZ4O8yn#aBw&21tfl=+)KnV={xbHaqh*icr-YNqpk&(fUq;Uib<;&gGbzys+ z>#ZXS2J*ivH!&iI+%iuqGMb*%&1P`7(i|GB#R>r649Ca}rbPC*(POWF!Dx6H=DPepbK(p=txKvX&@!ENKXVqbp$}26e<(F_}U5_{+&qkoUsB|;H zv`H1S;yW|zV3HF-XmRtpXEc4mFPMdVEbf@>1a1e@>mfzJTn%=>Y^A4MY1yettECAg zt=_f7`<{E+c#apop|A?z4-W-2m3@e0U+Xr{BijrKfj=Oh&Ed2>OoKme#e2 zD>;QO)@W*ktTQ4AB{AvNvu8?7I!gQrA8S3bu-9}W9x9ZBl0zX%)%en(LlbNP*eFof zA37-B)5)EPxk7V4C5&TxJ!GF@=h?l1lEt0hhWpH2#Rb3ioIym267CU{Ig_`4K1JFY znSpmjaU$nD@?{<#QRNXpNiK)?IlMip{lC{cM>T4T1pFv}D+FTu*Y#KPTd)m1*!2K7 zst6gWb)QtbA1jDvB#p4TFb!y$A~G|L<~uW4YWArN0wyip=(HxP5HSWwD-Act&~NOH z>$5c+xLpkNmr}6nwuT)$eLm&)anqh`oG|PWrp`>_laY(Q&P-%$l9|G6G`dyDq(|!h zSa-uQ5gQ&F&vflzFJ@4{HS~blByJRFZkt7Xh+W#xo-tbYsR-bDmK<-ivEG5f#fIxi z9MMVuz;yjabg}rgnlDZJS5bw)u@4AA!F|t~5N!a3(EZE^4ar9KG%jr)q{+^+qgy4D zw`h}LjYrU)recdE=gR@I_Tz51$F{bgr=d;Y{}YeO+@9Tugh_^t@);-mWWMA%BMkF$VflK@Mi zC<>3nH9ePYtIWeHkK{p5RCeAL69Rx^RC5k*8oX3`LLaA}?A%buO!kPGM|9OA`-$xj znEV5Ju$+l;!j^Nxv4>@+Lme|bz0`Z^23s{~NeRYQII8T!m7g_;JrnuCCNO{g?^Ko- zr)U$CrSeFqDH9s1lUIdQux_INfDD5^Q$#fQmm{JDglG^s8;DO#N@#egL2)8bB|4N! zVQD{MbbR`mP#sG&@d&}0a8E@Rn-u4J8XedU6%PSMMN_C}h%jyu`HmXS$B&WWAp4Rw z04njWFv_L`j`rj>C4YUZk*r}hl1((BFnEI`)?vH)ufI9#5X?Z7bqKz|7W`K_>tI44 z)`8yEE5Fu8(?S2TuB>E2=)dq~LRu&R$X6hS3^o6!2OxIxA?pFH#Qvb{1tbC@K@Ji< z^K}ZPb8_H2?dsWYHr5a77E&01XiA8;m-o^igpA z!PhE&MNOWvK9RA**mnfo2&Q0~@5mLU-w68$jick^oxhW@AzZn~2S>HZt`6gFNV+At9&}Om4-cQ5C)0(mC|osOa#e(JUAW{)=wCX0d0xx@rJB`SbVigef9ykv zwMZF-Ax25-4mAdW5shcdTLzeQZ-{pZ0Kc$%wuj588z2KwmEjCG9KO#QrlED)MtOlW z$n=Ii3aA8A{fB?aJs}rJRDp3=D(PHFY5;-VZt6%2mmWH^5?Eye>7mu1g&vCHRM>vg z>a(w5NLcdW-}P6GUu#G8orC?y(A=l2DSv<$(6j*hXM6YHWuyN3W&KzQ8PK)oTKqnA z2Q1$qY7RGnoT#pKs|>+K*B)3+VE3)&0Bsmy7^uCoS*Q9)G-3ScrP zV!N=d$ng_*^c(oZfhGDVfO6Z?-}RAszr*|mP-IEmU3Bo$4|t_Fy4Ho$B%@lOh8+Kr ztI21wSY;4W$IxhA+RgV3%=GK9P#2M&Ie% zsUHV!quH{XoiQ-57|lroFqnrnm0TW6M$8Z8q{$DhPV7@KT~R@wemU%gUY};tjU`!| zn^ZzdqY}SKVN~Kbn1k>wciowya9?VqCM(Sh@)Q+%E=iJM+5%lsV$G5I!o(VY#BA7H zzSXuTDLzUgmE5Dr)KZCc6Pd`dCGmo6P=@7^Rg!E16U!yp+ob~>4{1b+k;c7=H71*$ zG<9=oH_d}Mx@7p!PO(BJG9A(LH0^t0>13_ysFNbq^kaH4T4z386{R?zs8(2eKDtU+ zH=bBFsvaLzXrjF`iakiI&~|PbzSpD+a`euYK{eDqNiQg)PKFAS%ZK6f!DPk6DCXl` zkj%#k59r6~j_Ak9R`TOiYx(i6XY}KAhe;Jrq@X^AD4UNVGD%g85epwh0;%wE6nXJ6 zjllRgj-2^8f}l}WfRDtcJA@mq#AI)ae;|2>VQES5?JMJbBKop$W^g}loSvR$PtQ)- z59&1g_B4mDPtot`R69OFksQNpPy_7$bedJ)pjh&Umff*#8;UYlU!lEIjG7iQQPdWV zckExR4~eZrOw9RQLR$o$4UO}sC%Jb^z}UB8jn08PEaAs&zM!a7{AqZO$u}WSG0f=1 ze-dHA%f-YGi}|yNbz#VqT$}*gEW}B(eSx?O{YYGV_;ifJL=GAFII zlu`a?6LPHkCy%}pIpTy+x}v60SCDq!dH)~(DK9Mk;~)7mQ4)vjv?cksj`K(0JzXMY zHCgXU z)#}HUy+f4pz_irXMfK9^U0|GJi=`-JLQ8^EZNLiWdmSAU-=mhpkOw>>d1U|AqkvoU z)q+_5@yDk{{QDXG{R92|V^ORup(GRjUZ%fS=Gl9) z;)yM^^tV_Vf{E6s|JJm*HI1(U2}SBcD7v)&WPBv27fpg?`_yX zKV8797Z<%@*>cKVXHd3V!=I_sPlGm;1QDCVZuzoX&pC9I)dOU!B{t+U0lfMmaNKZ3 zIBgU#IWp?DbXoGcipQt^@_Kf}A?x^dVV!#zD$8fBpMR<3R9GQxVxBA81r^YDMKvMe z6@}{ojCqcDr9y)jD8?BIV0F!M;>d#m>g+U^ZeMCQV0>z`aDb{Jx~2n^H#^6#4qhLN z%KmTSP37pQvVZ*Bb1l)qq&ozOv}73V((*j3H@Jnaqgh7nsQLn16%i zl)}18lv8_l({?adi-q!*+wp6L0?CdG$5vY42UGYQ#Z*0aP*i#sH@=#uA{-L`- z`PqG?-5EWWBK8<|3V<*+cYqzN;Lrs^cG?X(T!KYWBTS(yOQf`L5%;yI020GeMLJF> zW|L&6J~ndelRcIx8kI*$M{ygCykM4gjVhDqn^1A6!xSrzgmu6;H%S>GJp=1C zj{gDwk~&Jow!5@DeKZsk7OCQ`W)m=ZZ$OAf`gkMu#%o|6Xf-A8#7J(U1SbryRJdr5~cInu` z%2hXwxO3&q{IG|@SAJU%KkLxm?3eWY_rffoI>JHT>lu$1hkE~Spv6`U-h zkf5f&fiNFEdL&-fws-c0l$#4vZXW*%G_WkOE^+_``@;%&iQ@rd__{}Es?|eZvVl08 z$A3uW^ATgKQmiOIb}Pof`A%N`{cN3!cu)c|V@yY-Ny0{M zLbHYBrs3?etUqYZ=ed>wD}H0K`xB0UWfbOgCCa&?{hClRmfTA`tX-hS*ks%C2g+s9 z;=l{|sv%$L88=_5(?dIv{VB^CGM@x0&w|bd&-9vKWTffnhO!}5VC33MIJ_s@ zVao?~6$Tyorwk+2jBR>ll__Vmc2tw`L7;uooKP3&Nlll`#-iex@QNCTO-7lDc3TS7 z&26eO45DZX_bk$)1RkO6H{^W51JBjV`ew;+4D5A-t8jmh%I@#UOOexYlAeV$lCofi zG&_v$@Ci%5mgBH*Fm$VJm`>ASj;LtP?F%FZvdlW|RknAkjp`nZSU+l*fWDiz7uQa2 zU2N{|%GjpxQg<5O;>7@0r+msL)s^u8TElK17vCeIr+9GAn^PWI6)>BFI;O0fVF@ET};w5()-i&KPtO$%$n6mm^|$npgp%9b6kiRrPSu7Bx46=mmc{37$2 znhw^L)^&to-`LzfKT!MVVJZ_FhmlqICRP2DI*oFsFO@};&9KsTQME3b?BvuFqXBE6 zQVeyi8>c($ijLj80Cs@raH&B5X9hmvpd0W}g{DJ+oADaKZBmeEH5wnlbp}??c87it z{#TTmM241JMaKR!V+y3x#+53(#)kLMN&gx}3(fb^=bumq2WsXjboBq33DmOGQt*=p z5ae8C#W%+0z!hZ<4@I=Tg5jJu_~S+{@*)Dt(o8f$(b!GGk>4Z``OC!7tqw58JtDmo zaa_*u%Z7ZT=>~qCP#fbmGuHD{AlaRE1Pr}PhQ;I$?QrRjJRZ98Tu5ldpfIcEVK9^F zN=<2yTApmtBpo*Si7+&}iOr$M8Ah!ZQjIIxz{Al#EoUOi-N_nE(g-KE%(N_QppJcm z$c*O)Nv0H4abo);^~#CuYSSF$pCVn+`D#KVBl1a?$;|+}Co7f{doxN2J-Rcj?Jl9V zJ3xMkD)7XH)0O3t-6O0jPa9cG-S+KrM!sm^uZ^7fD?{QG!0IFhP-vO1az6BQ&1g#$ z>Xi9{n`I$_x~_;HE(@{cc<_M(IQUZBfR;%;yBG)`EYDVynWO@(NF}#tSO=?H+Clp# znU?^q(x{se6B^ao$ZJKfpw6-tqFQ8GlIgUZcH8#wglc;?>OGc+>(dQSiSb*mKU-*p zX<57=B=;kOA(Z^VZO2Hr#@0jxk{>fs{b1s@NK_(bl9W+YJ?TRxSw|HrAO1uG)kci5 z!N~Kaj-MW4suFYT$l@wbvkL}o8Sl%$Wy4?WKO7(?1IG5uR2ELwyO_Rm(%lg2%-A)L zuXln5cVx||QZ|#gSz;R{Ws{_Akd(0tP0lm4I&)2BuX4*g0WG0Z*=IxJ9Q>(u9V!H1e2!EJ2|6fg28Re`Ywrt`QLCBcAv zPOvzoo+N!RPGU&%oM^VXv0(^S%9*f`g_;PzBKn6}exNXjR*n1WGohgkyL5&icAg+I zxSUBc6iY_GX%=PSzQCSulFTvQFp=yNw3KX(mWYCm82 zcn~uRFZW)Tu2+?L(4stpoc~97*0o+iN|i1N)=b=fnJLH-2F}#HXZ3uHJr?f+&6mpF zAkg61VvSHH*&KRgd#cbRZSt6evYPH&j+Yr@T0OSyQ0Yu2$dE)@$FST|S7Gk%PL7J(AVJhYJu{gh&B{Z3+0+*83Vf@0wklm7|G_Mb)rD*U70ki9jVi+wbN zipnT5hKhMG6y_`x6~CMb>?nybj|$WypOa+XS}QNx4hKi3HVpzs1H=zfGZudrASGi^ zr!pIp9EUh}dXyJ|19WRqhFnz2GmYs}*pvZCI$d9@RmeTq=u^~aH4(p!wu;TL4;D;_ z;|FO%Rqu+LH%}fF-J;3knrKwyC^UXtD&NJ#LsQnfN$L)bTuUD9G8&houfslfINEcgH$!zH-k@+N!6?1V+|b!FoS96 z{9%W1H?M}#ZN7<84~h|mEUkBl4NAM%BF)tU^hw4MOYM{yXDqE(!R?FOZ{Uy}2|8qEER@u?b%Bbc0fo?v zTb`#Q&5&(6j_FtJGj=U~#L>-6;m~uNoN&pCOOZs^=!S?I0Jd?Ek&aM`LBXbCUT#e+AB`jzouR}? zbA}AFME5xB)k7>vNa&wQGht@_H{~NXb2RKt*+kqFI@Cz~GhJcMjifBlN=3~+pls<2 zpe>>Tbzjs|K$4!}m+{lVl4^rXAU97Aw%S5AAt6X(%wi-pl4Bse3`7%1+s2yJ@^#ZD zew1hcr9fK0J!U(f)RdXIB+?>xBSq+!WPZ=)5(yt@P8ExVtdKmDc%M?FSl=+O?6Xog zJn)b|M#`Y$J{z%i>C^?8Yt?|unTW?nVhc%LA(?2xA!X22+uuwz_A==A; zl1WG@E`*M{rYyKmp?<`C8@0J;Qs)9|jmAKL&wUkG-4CKCZTv@pgSwf}HOSs17nobjpqno-smxUk+ig2Bx`T-s$P}Yb zdL&<^(7}|jC_=R<&oHx^9df}2=49YA1U$I}oC2a?sCw+1oLKG&236tRP44$M7^dKy z(wE)Rxx?7jE=l==h|h2{{S)(1qs@Nq_k7^(9^Oc3TR0zeJ5a6(OW$+QU%#b7ra{8KiJ=? zLb+E5^<$3hq`&jz&;aVS&B#afWq&XJ;o#-JYHyF}NL5MtE(10x0Xba2=gbUhK_^QC z+b&9;*#^C;z7WCI>z3nDK@E_7N@thb-&3MSsuk=@7VL9Zs}%szz|?prqa>#|T})v5 z90|p@dbSF6Bk3=at{~POU>X3V#YEe_rb|dBU_lwv3BZs!yQo{QI|I+T!FVBTdMMdB zs3jAm$P)kj?mO|k@Q!#L6{SRm6a=0XaPT?uxG-k!yqYlLXv@HjbU8ZJ$;r#=W^MZj z7Wf?*&mGwpKuqAYk-=-AEuii|^B8cci5bFRDZAsDCMpRN#?ENc!aD=BZwz~)-B`N@%wi3AVtB-%wpZnDWO z#u>(}CfE4Tzkae3ty6(Y+dK8+H@f0wA2aJ9RWtCF!Ay(wA4Bw$gZ*s{EZ%W6Zn;BK z0vU50V>3QbxN*JrWr(0@_tkOgzM3yQPgtgfgz^|>NN>a`;>kSh23olD4x)AAlt{45 z?-$Pf)S#Czknt zW+5}@ky&u_$SBivpOjaw)}noUayQPw1#5lWpXm00%USB%1O2WAaL3i@+1a%xwV;3M$7UPnw>fJ zZnbN#rR=cDfwSp)w(J#wMG-f}=WF6w>3i)P9AFlB-9}c$7cuW#*?Lhh4N+8AtE@?s zfI$+v{#*PfwRcE@<}jbVa~_StwFzk{y-v)k=C#c^HB;)hGZoQ zV>~9kDB&@@Z_s<0;W$VPh`4t_Mmk7MXZ^@&1L-OnfSo%-AOFipJeUQh@k8bj23Txo z2r2fu9845w1DQ-*y+NDo`ND@!N#H&y7>I}|sCD6k0cj&|<)4S)Jm)+k^Gk*2oSB^O zl5xqaRgAv@d&_EWLW@_iNDqau8+tN&U6qf^gbs%$G+pf7B2GVw+{mDDr$37vHBivW z6G}d2V8(aZP&zL@PCoF&q>qBV2w3g+A!lwgY$H?v6zCxq*1#AI{w{vjZ;n+yO(m3) zuk};L%+{$SO|noXn#k15n!qd#{OGZZunM23_yeiMHM)A?*?o~WH%u-cbUkp=Rb7r( z!JRO=juHTq{5Q6}C*9bzzvk4|F|6Hf&1X_-@i`UaB{z;H$>zmR<}%U1N>{Y?QN9@M zDR4yLu_O;hg@zXMjYj==v)X9TCR0Dqjh`ubCI}h>jv~JR1MN`cg6L;D(hI?dCejFc zS{4^LSD}nws#13w{Eu%iKz>;)EM^D-+M5oW14?zzFSsGB@|-a&w=apN=YSwc!XmXH zN}WS7?>90Z)B=$+eb%6lOggE|BvLtrI%*6weUzPUae}2eOg>Z-%GFCY>pr38<$N0 zNM9p0?jjo_IB^7yV-6uoHO|}znp$+t`()-3H|{#l!z@#D%fXss4|hF0dibWY2y+~t zrqx4D0ctct_y>s=jeowc)Ej%XdcCq;YwTjyyv@v<&K1n?(xJ)NtfPR1vJXq~K0TU1 zQ5HY)3QC7fkTqNxzzEk459YdPTNE{2spzjQe?1*m(;CF-iJ!k;Q=CVH22q=JfeD;V zmlQK94O7BBI_!1O_|IWMS||!I^jYtMs8CyobI-Qko8ufw&vADttk%0iCX~K<^%py7SEk&s^snHWP@tV8Q4^IYsTuut*K*(XfOKYlENCRLeLdd(aH; z@$I*7YgXuyo{*^alKZZ2#qfvcvaD>4i z{q__2@2dQF&6rS3n=H+sRp5VVn*@95pl<76j=jVcs}gEcT3Mj!ai zvT*`X7^0#r&>+M`6UYY2tc|)(m=Zkc7&}cmu{#V*JNjv0^Q98T&%qFwX!2Kb&?gY6 z$-s%SNMzR_j2RM95cI;dhS9VB&c%8rEF zCRZls=H%oFDYSw6r6Q#iroes z&l|O6(AA`1uhRle3g)UQ)Wn;X?piZb=UmEtJ2(ESB}_H`vYnDz(ATZzrKYNW-UB>d zI^S7G6Z=Kjx@dUqmjUhOiLDCO0T>l;i1+p!&s4M7IEM%Jvxng|ZP`Vp+grv(ZT!H1!1q0&4rBeC>m1~Q#U%5aKqMj0P@;}X%M({Y_!j6V(rzay@ z<`up`7Sd@lOG&sTg5t{)&T^uiM(U7%3C8?L{8HJO9#sW%QNoy$Hij9Scvj-HSujSY z*>B=FZ2VXE5lQe4qp#1iP{|nnPErA_%N%^Ty+!;NG89;{AS!APPs-r%scDR4?zh@AnY_`^)9D#`(n!Tn21f!M_j&6<1$ zf9wr`tbN@BMofjgKod=-m8atR9^l}H&!aTRfU_(OGNc{++V5u?T`$y!y;D&&5jDJ_ zO|Vw}acZ1w?$Ud$=M=!w>JnFRuJiNZQzNlh4r` z(JZpK2e#Lw`q&uQ(Y!STs8^5y%%2P&L5db<;aquEpaEUlvm5k_a!w$ zXM5ARaA5Wpqi6gMnCfqb77{jB-;bPwz}{{G`XoRZtL2p<;0-wwHj-Fm$vo-$Jiv7q zMkDt?B9e{z99&eCxEQfA{;=oztJAN;&E1dNy>H=8(;$&{hfSyT8QDy?@nsv#Rw!>;tJ@B|Nj_7bM!>W0+l(+W+S zR0mUE`v z{4CndKf8MK8`d%MuJ&85A638p3!_b_=mFOpUjR`9Dr9^4f#}+>d(nP)*n(r*xurz) z(MB~insD-wR0&KFhSKT6x^*YS9I5w|R0o(zWP;afq+dgw`c3LnPI<$)-j%ndPL-`4js>qwcv=4ip-E=Q{lv7-it*((}=354rE1kp`dA7c${=wXD4njtHI-5n=le)#NFwRTb)B)CP+vrSEH8Z z`I4Dxxgmco(kIcJBXNdW14;_v`|FvA)7Mmkq1l+SV)nD|r>yFm46l@aoTX$YAl`5xIQHTG;)7xvAtH6N0ngZ5w7yOH_>>l(Ri#FGdSkS zu0*}qonVP%$L4dpn}wiz(Oyw-gd`95$-?n(}>C5rNgNZK-oaM*^C#Y^j=+ z3f8g&P^uDw!icL~i&EFXxkU{Pg2DLX@+$$-Wk?Xojj6a(MuavMk0uW#@-V(=$fG1G zWb~w$UiL3iXWqJgPgDE>yD>jMe|nO8w}N@-vd7s1#Xb+-Y{uTa%oZqk%lru@K^b`O z=-ZRxauG1icTk{=1wM$rM*$e|oA@L?nG0DOCNE+r{>gO1t^PU3E13cqAfef{grQoV1j3 z-1M!cT?#Vzh4arY@URz5a5_Dbk(((t0ZAE(HV8^2JCcrCPeI)=$yiIq*`?kEy^-~} zCqVh3O(WFf#A%dw;7rWt$r9kKkjod*wgP=kDbW)0upBY}+`e#nJxbT=aesQ0UI*PS z%0krGE@EArSs%}vAIl4^@@X*8EsCy-=?=;+ zSx7uGSpIqIyudMwafy-1=a|1pEW@ZB#f|u69vICyWNZoa1iFEv+;lMgfM>UD54U(r zryC+)E=-a}dL9m)M?h3E95O93LRn%8qCBUFf_j)ns7LgC&%UxfwKKWnJg7+OE-{dy z@`Xsu7nU)sByn@#ap+-mPU{?lDcgX(JhrmNg*4SHK4zU#%UP{9URLTgWJG}zQ%u~u zLNeboDhj`0BaRchSN|3LR7ePOX_3w5Ir`S1sE|)2roD$h*hjd+C4@J~EpaG6?EOWv zNp_{pp$7|sYh(HTup7jWwG_W4>+d;D&-LB*z;Ns?XTs)ilO6bXgX1!9&oIP-XJ+6k7$P{t7X;h{Yo z4hGW2perG9&$Jg?{kZFrsoV2!Qqtzp&3MI{}LBH;9HjZBJH!u-t0`)zHSds=y zG7~NRkm+&r>7;xL38-Lksgf*}R}C_648q#xzYmg0L+O#AGuv% zw@R0GryrIb^xSa0BtgR56m%(UM%*&le55}i>LPEHigm!WFBM{LI+|D?YbBj(Sg0wN zsoY@SsKX{rLvU8EU`F(i&jMZb!l^hpSz3Pgu1q2DPsK_Zexr?j@M3wXO!9eHo+e%C zI%(Wb_;on|g}=%_J}EDiS58ropV~o8uSo!pUOg*65#@3@3Sqsl%S#^a0s%{N;SU?|%(;EB?cl|r%>ecb(7+6~>8 zlQH~A0cmVdx4J{SBPwOFWp%Dxv9lw7df!|d{MUNXay$J?r&mVeOB!DK<(@tGSsuW^ zk0>yGN9j8-@;-86@(PX|J=~KA_0TB~;J6Bbid8!40~vXUlTle+q>8(kyc}3N6+l~M z{nk*lF}06$eYh95nsXtNRJ%>l{lhsnrA@wlX20Ljq$a+BE0c+%83fXnIV(m_Q0%{~()@Vw3=76DceY<}tUfLJ|VEnI^wIGI%RU1I!zoXW|^l1r6Gy6L2>TMYS*<_Y5= z5=S3(k^(4&w4tsKJbo=dl$|!3B7Jjr*Drq#95dM-O0GFt5|_XMOepZaP4N-^MwBol z_%o{BONTNZMHpVd>8j32r~^D?5*Lm?V|bRrSExE=ic#yCKFZdGT|!xmD7}?bPpJge zvEO*L>bHD8=TtUk=@M1aE>Y-oWpz-Tf6J1yGG+#$*YnG8+n{(5tHU?;eX19VGQSrd zAqTjBLhaX%4@6-fCeZG+ko2FMP&<;>^zzLa?UCi*ql*R#FEbZf{?yW6duKcV=1%bmpH$~EqHKaXWn7h!f)kRP z6i1@xiG(J#z;geU)qKB>Jfh(MuZSCx+VNVFP+9q*!$of?A9%R&6I|dEg;P?liyTi+ z&^ilR=lP|Z2bZe{1KM5zj4@gD~1t7$pdxgCL7MN178dG9*fKikZI~Ws? zx#!;d`IQ1|fXbP>VDr8*6q}TGf?XFrv%xtnp241jdNx7XDdG}okeM{NwF>JEwX;`KgC8d8^>!Yc#6UN?}4Yl zvr#LguA&m&ImMA3_*`?R5ZOgOK?GD2 zB}IIwFF%iyUnU#`BxhdIDv(AfVbYmjG?-DIBv#jtn1FkWM8+PjiDe8A)2?J9<76up ziX5v5jT!gZjJQrK(()=yR=(WY6f39YA107aPpe17B)VGoyi)!Fs8zQeRdK59o>EIl z5JqSU>pUtICXJ-lQI#RVm{e`}#uh^$rb#0>aDl(O@PG@(9uk;ypw$Ns8_I79eOmr;xx7?cLk&=|SJWne#5!gJOtCiuK`+{q&O0 zvmnDSELY`a9S2U_CJ_}0g3+_Yh|Uj+Vv47^4?%C%ALl+$CNrR~xC@^aKgBW7G-9qV z(Y0c-1S<_W%_+<@iE>*e5WjQykTgmU1NC?V(I0wtX@IG*P1;X(bsP<-@N9?xoIu*2 zre&N++#id0FuO{>;j1)kq!(Dkje>+qzMdOWvPK-grbd2u(C{Qyna~n69@Vvt{u3OU z(q=Xk?-sYsR}f#Fc^&0-9w}`$WGsv^S1f!v+k&)XJ7VABxlC7Dj^i-TYwNLXdAzo~ zB1*65@AJL&`cW;>pe(V)Kv}o%4(xTdWRg>^Hjs?GNZ86H!UR@rcjqNh39K^n0y8Bx z6%Q4cxzyPqr?gw1(!MNeIvOM+z?(X_!c)QpWP?z=`?f>G4|h%t5NWTTs{o`(z$}EJ<8ya90AnSl%uht`@huiNuuQVBog}_6>Q^gISBqxI0?Mfj7=ko_dPFe$ zQt?TSP|9H*fm~Www#vPy@&M4Xq3QY@^r-K7eR_;%*kIC1? zCG(!x!9xDZ^}1F^#rvi#3hHwiH+$*a8+16jbJxCR<2t~in}ng!AONd!ItDt0vRfL4 z(t`#U9$^e%lUJU+d-u_JE-!pk*{21mK{|ZdktReoh}sKu>L3g=&mwqL3?`O3OA3+r zr#GDH9>jS3s_ ztNmap3*jI;f~QQ3ksBsoEm)4M?RoI!_@GKoQf;76vY5I>l)7*WIoVwJCUT;Gewj~CHY2D-pLxJ{C4@FpWhoy<6c(ARd4L*=_LYd2Iwjemq~*+{+*JMn`JQCA_56BDq_{*?gkhvUBBfF40b5#L2~HUOD0BSpH?RdTFNX5O zK&>LuPwW+fdE7__fDV*LKN(qt(C7zK>CwRl&e}BIq10a}((?g%n4QFoFD?yO){u z+_WJfG=2_r#?neUtWyrux7l1W_RmJuwz0H|BbDka-%AqO7K#uL!VUicEP~LJ?*I^J*#egqpV`oE6{J>3Zm@#URzh zI^cvy5<~W0x%*6>+tLx%ABjyHX0}Vg4vg#<5 z0^Dtdj)Yno3f&CPlo2Q)HhlW-%$EKDYyt26>=gDnw4~u7f2Q>vwNMi-O;#iD2R?dp zX{T=PGaWc0xhBDWB98uwT>SwMUv!ti5+>q3DV>J~;W|PDIK{R!D$AOWMD0e>W9rDs zC`0`rk%vG=yHN&_7F6!y>8)Q4VMspxaNwzEAm`ucG=sZsPN#)JnSs-FfS<+d@)Fnv zBwYp`tPN)e2M&ZHlS0u%=l(BvEajw2-aJJO6PID9oX@BjJJ~)hCpF$>D^0&Cbka&%f!8%+AYUloZn&JS z7UdnB&ebbs3lSx%C6O$zg>1yd*d+A$ zgPRXsbJcW9sl9p+J0p2)V*-ul2j0-oj;g8T&|Dpx)l$H0dQ!W2t3*Uf&O5$UqcL(m zJ$QY*o`VAL1OLI9#ebD7GkK%7fxz>RJ^3<|eM(a2ur>GW~{sDmY zD%FGf+s0ZB0M zO9^xRB}Wil4Bf4T`*tYOwz?fL^WU&PrUz#7R)a`1%Na!`rQ^r>V^8Dm9f@mu7kjaB zb}pm2nQ0X+sWuzN*_o3h-<9p1yFT9001f7GBaatIe#&qXa>eOpO4==>Z1|#K1(aPQ z^EqS!8n8X+JVPpz!zP)QstA-U{2IbSWbC^OJffd>#SX zBrXbV&$iF~)^b{M#xbHXV8j8y%lf8RDX)}?kx}7mhNMkaLEoE?AA5tPvdjAC0m`8$ zP7iSPXq7C11rAnQ!vW@P(@}$!DNjh)z}gK;O2BdKbu$v4)}527o3^B7S19zwKvDih z&uIfZ5~$5fFRG@?dU4c{4+b4&DNj-9ITlZ$Y|bBye#-4Ky(^1QO2I`n$~$hKqsg|< zgS*2#60b3<>|ofl1~#r9-#L1XVZQZlQaKIT4jNa!ZCkh{!qfiQC;cJkC`F)suNhSn z_Jp?d1-U@sDR+V5qIzDdyGi`(g!bxOzt-o^|voQUT3XdLUNZpru0) z^Nwy+KWtHf5&5J)m=vsgI%mZFFy3@g49zpSyfpGqijo!20iwP3rgNn<52VUwVfrkN zI;B&g#7U2nJTn2wnR0xlxa0IbPfehbHhFhD3UgDQf{8r4$X4TS8;t#~raUuq(;b(& z=}t zHzgfEVh5z(9(N^B*hX;r8)RCNYYJbL5&KO?#P-lR5kpVH1H}#MpjG;3gW^+|;L6rF9FlHTU6^QWM2J2)8s^FaC|jH=LAy zr!WsPRp=cz=;Tc?iwI-9-5$X#&?X3>G~_QhA~PLdiLW~A|09bE*;Q6vzI0(jH^~yH zd2S-X~ou@6z=Y7 zv3sS-QF}N!A&zq7Ov;F(YNqDC362LRx(N?>FTjp`9_}>_kqv92TDdk8qs;Bp6MP3L z-M7CuLd=aB_FjOrrk{euh55{4-BHrS6i-!&B3MYXMsl0ztMWo2u3Jdv z35=jqwC|uNEsV^uA#Qy8_o3Yz1mVhF(dK6?< zT921q1VSMLIB)}p6>xf(q#E{O84k9i;#K$*cCtL_b+sL!=;<%1>2*g*2^u(N_gyW| zK98jCD_dz}nx54JH+SGR zdp`B|(IWvJ!VvW>-0--SF^a|EZe?$G=cOzGJM+IoKlr-sxxT+gE>7jC27Tv|Vn%7J z6+14bfpJcjLBLZOq!>O$b6pq6Tfo=f$V&EH@n}zW3Ff|s;a_~~*2il?#s#}2tmorv zPPE-|>|`u!X1B=iZZ?iy?>EqVCI3Ljqx|ISyIW13!F`NsDu}wDFw%v+!?=F5#rn~n z-JH%?VEZ8`-f^l_bM1|#&&=tHW{Ct{ZA57^!n~DdXn4IsnanV~nND1$UcBx(H*bKD zdRCS?y_1vWrFZYlglEspoM>f=u(7h58oeovxs(J?(PS_mD$>NLt(Jb&9^4u$lI#4l zaI~@Z z&lwhB`fvyazXa3vu8@IRd-d(cQLX-Z_jvwfWI918K5^1P#ENiZHz=T@j1fp#k{)F+ zDh%FbDs7Ppi_p2{%MdTye?mEuL1b@o6J7*a6j9uKyaB9))AC4EIP56g^}^=>jOU~l zr|WK-pvoB&_l2S!Mia^Jq2l@hRlg&KG&QJ11> zm2+0Jfpl1KJ>u#f{nn`cTG^e4kFt6}to*Di*`61P0?9~cLzU3);TR;oM2xf%>I8-z zzX{4nWVNARTz592CpMb%@VY~LFf*r&EyvdA%b0??l`wMNC|wzy4v?n#UMrV_u7)(q z8)b9cDYFEN1!tm>L|#V6kV=APri~q$F#>;@i$3m%ublpT`u(yvl@{HnS=zGj&uQR? zAqxea8gICrLJ$YpUZ%lz3E?a!otE6F)yO2oB1Ltic{DKN`dai_PdcijudUPp>f;}~ z3h5R7d{=mc;CFXk9v>X+HV%&twi`eW*I&V#dIl~qH62?!yES;++}&+d;cY4Y2j0H4 zwLVQJKc}?jfX+SC;z?GLa|5B=xo2NvdZ031&6~BY*ZcD)2@Sq0iW308xBw@h)#;R* z3{?hcURZ>0Dhm6Xo&6^(jon&hzfsxWZ0x}UepNA#e!6ygEoi!Y`7^$zMH^ekAG92o zYS8O8RcbV`DHCLIxdS9D4WCmFLgPi?cN{TP#d#D-EdgaiFrHHZ&mIh6=8unF*PhE6G4`X4dT6y9 z@lYil8{;_1vkU)W;se;;@B*LS6_O8E6;85uw&Ax_|P=w%^Xp|)Rn2_s}Ha;$+BLNDiYFA8b3jw{DI)o3kx znN(|Yrygz$YlUBqtfpEERZDG6qC%Pl`V&mWW@6d>y@ayxvVilgvXqdd40EUe@qqND z)g&7eDLg}b*|nM;$Jsi!Q5=SHxr|y=qvu z1D9|fUKW8o{VxW~$16goc7hL-h2pVq4?amn`vCo~)Q631=|YqaRxo@%rsR43vVJ_T zJ{B^m-8ibodvR1P3Pi>pNA2g@FjLh_+vW$jlTJ`lYjr&kqhx|Tt zP?$l}g(!+dmzCkb#oH4NGJbrHe1xQsS-c2*iG``sRC=LCUmM<)>2N|*$2FMO!=u_E z?5BjYnCY%I_y&Np7b%W|gwOD8*h~JZl}k5bQJ7TF&)+X=N;%TSjl8Uq&q#72r9eBM zAvTxLPjn(B=JuV_+HSfbrQurtI9dfpZ(4cb$REF3DjJ$>FiRhkZ)a|ISu@BL{yy7xYB=$?CYFE5`>% z85*UJHUN}bnsl_3R+y=hRMlLB7oIQ^K3nrAsw0cJpxK-OKKrf^Veh$|k30xW=0-Lbej&yI z40A)2`&#}(f5j$^!E~*gjV1ZqgsnJ$Uw|rFQiFffzgS&72a1%I-U|;SuP#GKr_qHN)pbZqITiSQVes*hR-2>w}ziTJG=A4?Czqf<(7BaC$==IdY7_ zC1FToNO~3?u$1WJYSmWH?@ z@_^GeF%}g#`jSF?c!i0djP6RdKM$bu(D!KQ1-V^}!@Lmy&X~E-X*XP7;!T7`PkPga z_-UsXdJcv<==P~}_ez-WB6A7Q`pLlH>e1q|pMQ?NHkJ+(_xOtzrtE=vFbW!-K_U<6 zDK#=^6>I%uYP&9HGVe)KR;nRW(+3+xlr9DU1@~D1 z*W5^F_D$alS9vU!&qApxVgPgc9ER{ga5~Kz!N(D6Pir0=e7FTvA)``8)1W7K%f#jT z{FW*3s@uQyNOwM8Er^w+rIjN7{e=Er6BM--FhF~N)+%BPH#}kbqS)y*%fxgNjiD$a z4ACllS)PWS3IeKLU~)t;>~$QVNbvT>44FP19FiaRZ}I3Y!bxnQzln1`93V|lgsOyv zTu+-Ycik2RM`n9y+y;cKENLDHcc{~(9`+TNOSCPpDV5j92YZ!Y;3DN@ck}Y!aXcs1 zrWnufZSl7J8|GDP+Oj#OVot*FdYE=M89wiFEYYW{e6c)sgkB){shKce#)G^T;{jH zB_6?LepuPx6qEibEtCS%6@DZhn&rROq1gfuK%{V@Q#MaQYV=@#YiC={Gm^6IyFxLT zJm8vt+Cl#f=rjQ7vQ;wr*>HEnJgf+UL0K3nv&>l_3#Lw|piYkMFq?VqyB%CR z=p!&xut--nE@I2>qeu`Y9abEZy5j6Q7eh|W2b37~g#|0HZi4~thn{;&;p9nw2SBt5 zwAqp0hp?ewXAOPD(E+chhUnP-x{3-naQgtmhe?I)q357TmQygiF8i&ZLx4abFWd0O zz|qXAkuhI_f_h>uNKK1kAw-Uj2iHC=rP13(+Vs5(5<`kMu%SLJ9<7=}sg~K~End~; zc*$&>n@89%s)pP?W7>(sQHxcasyjV+^DA;cGU*_mO9sGytYCVK_9OzarTA7y-LnQ5 zQ5~C>dx5uLFf5{DLx3m|=Q%oK!cJ*BH#Q+;xoi0}S|}MP$+hNg4&?3{`jmGwL!kt_ zn08ZJ-l>fbrOxndo|7C8rqSoUL8+a2f^OX*ZYENQgr~!$`0&^ReHK*LXb$RRL(n8y z0v1G_G&N$TJsz{HxL{73r4oQF`#hC4r>|C{pv5yP(+Sg7gXi`-EgD?A^7}^qG&di# zTUg990hu*mWW_q?SH#XNF0j*G_6*mAj1pmHpikU_)RpA+cIp_T1TY3QD1Tz|=S`_OLHctsmj0;Hjt7(s+aNu*8BRcTm-(alT^Ae17V99JpjVBI38hCX6X^rpluD=&bSXI-O|Rv$mU9(7T~a)g$z zC?~Kv9vB5)`i%TgFxJxdG$0IFN{U&cG@wb^pj@d1Owti95TFN3UBD<{hf8$W7u8KV zWpG;o@qkiZ5=+&9D4Rc7DX%TD(D6~~;KSp|7#shr87>YSRsXtmmeFJwPzjqm7|f@# zE2j7}o(x<5@yBOGfGriHB-ttxW|>ESdCCkP9jhar#V327HEM(=O8WgodNoP*Z!!|H zaL1|y@)1(qXirKv<*tHFwL*JJXhj^U-%xL;G+kSjW9a5dZVAbZE34zQf|k|=lrJE) zFDq_UcI!2%wVI$JwH@%qx#b46TnN8opoI)x?<<;TmxVX@k;-i3A8ECN`i!rP5~y?t zh~nzO-X0vyI?l(uq3}Sl<_8JkQvjVnV!u|~km>gX>r+qoV_$uuqJYfC|f5 zag7+5kgPPjC}&>tB`x_uGhAs)uXWk_han9t^A#j z-4CqORJWT&3Io7`gImg!jnq*G=ygP)SFS_JpeeofnbHbWt9dAc{qj&l)1xaCh!L-d zPkbkmA)zJtm?D!0k9 z7*!pR1GWnQvWd~DbbM09N(BM35^`I?FYK8Qj7$+5WU{$h751Q6R?Nd5^qayn%B0-B zRLJy1Fb#Mem&;|g4M1&m?Xb4LS=+Df)ar!E(h(QZg|JnSF^btVqB|(Ctjs~#z2>cG zqO2FXiS!A=#kI{=tJxy_{q`;Xvt9jHmUzqT!OMSDvsmyAN;huh`VQ>oWzYG2h_frT zRxA_e+txys>!O1uK+u+^b$HXiv8AbFAQ6$B_F#YYU1sx)X<_qAgWA6)QjoVTo6_=0 zj?Y@PT6i8%lw?E-sNC_ILm-qjTZxmxy8};EFECi5gyoV*O9tpUfD7`nY?=WcAHIx;|biNxf#923A0l_HzEjI92}Owu6*ASiReOa@O z*#RkI;3LvvqX`v7-LO#ZAcJQRFgPf$4ok1!Qs2--n#M-xG2RtRw1(a8Enk*st<(}{ zn|Z*7n)yB}?ZFF1%4dCPLBpCk*%`5!N4-_|JJfpeBX(z+Vkh~+9FNsHoN zY4ih`P?2ot2c*>NS$#AVC$X2Yj{&dRKChx)L4rXdlVflAbT#jbCI_%`P>^ZCiCE>(5)9`E%|44#*6Zp`;GE!1SoN9o_xC*Do2Fin$ zr>GKlXricV-AX`!t~{hV<+xd<*k$q(>pDvF@1FZjlrJiG6Esv-onk8f5)P9Ms0WQl zY|9@60VyjxZ-J&%t#hSy@iT6?MSa+t+Gc~|?=6cJ@kFeOHSyFi%pk>cUR&2@skT4J z=bU``GMmS!R0%*SvnOGtvrx1CAm@}X^MWT(vP8z$?C1wL{vXhkq4;osNb=Q*>^#+>CaK z;cJ6-h_)ZZi#CE5N#Cj9&@@m{_@3eqZipMhpVYAU2>ciV^?carkB8f{3o?Oj*tlPw zlqQ?;;ch%DHS>hE&q{8dt(ed%AL#`tPS3V1|FY{3T7bl}5(Z8#O2q-04!s^(y95++ zeb_q$mYVYgt1w>5eoKkkGAiLAWub&XxJ4~Ql+YPvTLIO&76WXhk+VV`s zDuoO{fCPaVQhDtG3A`tdx?vAV$)1ks#sS&@05MdK?+@Wtusjs4`@u0JTGR60`(hqt z%F$;-AqU%6!23Lt1;ySlWYEJG; zzOZB$Saw~Uc8 zl4JqOZmqJpv%lTgJUEVuz*RkQA}J85^K7)-!6)dapXD0CsI`bBGU$k3i58@Amnuiw z(uZX}7=1}C43rT7tmTl!K`EgGTyK3c3INg_Hdkrjbfp?PgEe{0lPjvs?4FG`q3}`m zYOH_^*ywsbi~J|wMuAU)W?wf<)vme>$sq)V7B68w>bsTttBw3Axg$ikHI>4}n7k9A zBNlE&TlZ~C12ch+%ZC2Xm<0v4d$gp?Cb4q_Cb zHIVC-Y9{ont4l5km=v;S*xN$#9cTcSBn8YEVI@iI;>;8O-`+TrY)QAB#aK+*gm=BX zfJVG$hKY0#JAmy$P=v1xtODCcCGVF6L|I94h;x7y>QbO0;wMyBd?nXXb<0kVjYwE> zf*fk!cKaQ?v}qj3tUf0LM0OX!0e4*Yy^zE?bpSaEpc}Xc+i)M}5l`@E&mS-qpk&-+ zF1#LUtMB@Q5>WC@pqvN>an?p3iQ>Vq1?0lZ@Ms(MaiXa-bp%hM1w59^T>%=cV-J9p zBpQK2(drce#Ke@te;$<=f=LAqP3eI0A~%}i1dP=&Bx;NyRjyAA{3@M!`1U9YgLP#lMsuhHKwHe|J)kWbhCQ+oIinHaKpCVK2B9p7 zU%?H$xY$SQaq9G0$R~u0WFsB|Mz=x$jrXIV8pV1_g3NghjKXwP?6-uJws zculc9(AuxtAKVI7fN}Wdri)ll+Fm%g#IUHYfx53ECsKz+BK(0~AcLnx7fKPkBpz+Tk5ZVDSc#?q*9!WV9$+l<- z!cArjaT;qD&@Uw$FJ<~2jJ@b2&3N~#FiaUsaj6nIDQg9nLU5Nz>3Zc@2K8)E6-4_u zQmCgrWJzSjC=|m$Cs0Hg3NFlq7`h))6dq+;t0aYl)6dGlC^BM~sv+dtp+3oTV9#>Q zcC_qr-2u=bRzEDzzh!|Ct`7D#VpTJm3Wyt-kSdOjwo<$?S$Pvyp&=QWr9_frNe$_} ztt)SYAqA9ghz!nZI&{+|%!FfRqhL7Cic%=w-|p*aQCfe&-#-**lxfT`WqBnNK2MBw z;XIIla^M0LHf&y!xTq`Tq$~}lLxbCxTv`FhtvmEYA5Mscst*b@X?p_}?x17}V7z2o zUth+Vl##hDaqe7D&?@D46LR{PKLqZjvRx|*>A?Za(EdRQPQlJT$A5^`I60uKfc1A1 zTd_sZi%sUPJlC>$B4U(3ixM>X@_wWE5Tx5iyG^V*-}h{7U|B-b$wDzu-EgRa{w29W z!z!YeFgGKue6{0@(gs~4cB8mhL>f!a80p*3HlavUWu)Sd4wW058EK=Ul#!&Yq_Wg^ zUyHi|5y2Hp7Nu~Jpjtoz?xB~gCgr6!x8cfxI&%6%N*(Sb8I!B|LZO2;DByn7g5aa_!OlG zC(xvH3{3`or|Q%fbbY?&a6YW_C%^wb+2Zs#={3@a9fcl$~>JRl`&<) z&`&W&jCzA4bmKW$3uS5NAjU(}wq91+gA)rz_J$cXGR0rQjFY`m^Y()5jYC!;)!(+s zyZlX{WJdX{EE~AuM#QU0j<*`rMqXFH&YL_^Py#6?=9JjbQwm~q0eSJU%`EO62QK=7 zgQPyQ+!BYDX>)Blq+uO8{v}|5!8OKdfQ?^bLmIX#xt71kD@n$i0J525+E9cE_4^4* zk{WW8F_N4=>A5Ag303B>L9CJ!iIrqnoak4>vyfutKx1Lx_4%Y~2GBh2U;f!R=HNd0 zQO%g;AhDcKSKme1 zoP5N(ze?xs-mrU)Nq7t>vX77WB1N|`KR~49-BgZYf(oFp-`I*O@#Lcj6;JXxkuDRb*LJCliRl{kSMgWJM>~hnS)>w@6H@3=8An*x@AaLRCE^B< z4%%)Eq}K+=uLQ>b8ouDgZQ%u#QIe*PH9)Vn=+a4?TzT_LI>IKj4ksn`4v2~9BikGL zSsJ2qlseM{77o$;3BNAHtm{q^K=iGfH~@S}M)h28ZZ4=E6uNqbyBf|%(zy%NChGJ- z#b0+eYf!SbTQ?@6T1~VxJV~-sO)kl&d@RHu1ZKMzDqKizD{u}-?fTodllJ}X+etg0 z0yCxeP`Z%PTtVw;q^gF*O`#iG3uDm$oDXA>qRFCSnNvEdpoHCi=~BubP1XmP3b?;~ zWj^L3@-%LGWmSZ2$_6r0q3i^$x72CFW|W&dTAUCXWr~;Xd0=(gHkq_BQI?Ue_LBBQ zr(6uA!%7t7d>Pp^UL73#BIb#+m+lWrk_7-d7!T)~NR9C1C{`Yaz^$3#hGh0By?RF>d8%%=Pfm=>d7R3YeM7=~?oLCtUCuNB!%{Oc_{1_rQ^B`f zB%u;2iAew@!wj2cIU>h0=J;D)Ul7U=C}bxSypA?5BVR;bQ}he2OeQuY7GgOQD(K`S zL9fw%_~(%P3MqxNMY+{Z-bEp&gr!*i+l8fw-hxRiZa`t?R4jG0K#ND=3*aPZiX-lW zgiZo*8$q0Q|FV=d9Zco>l7E@~6wtsy=|ak4{%w{~ieFYTnYhZ#W@&$i0({^AOOgta zd@hfgqfyEZS=uqV#EG`2iN4qMT6Fd{q}2y7@uNy{ zc+zN4r-YI;dl5^MND*aml2n~j7!VNpvXP4vAnCsu^OU|bHJU*Oq1S4s{I?t5DI#hA z6aq{s#aigcmuEHi00}i;X)pcq+#Tce{LMmKndT`GSGf5^$$8Qeu(UU_08w0E_}IZw z15}Q+HcTto3`VD8%XNSve)>t|ft|@?1OY(z&R{(=_kzesA}Gs;uMYNqTNmnU2FgO` zC_9$)z9PpX3Q@xPUuH@$QVyHVqL%_P5-N_cR*I4fT5t38HdTEgf0Ox)|r=qV?_1>D`pFUdow9k*ruQlL&e=T z@JUZVHI;P_tdg=E2}Ij!ox-NrD?i7hFP5%EK0IG%C?f+c8zT)3 zHhY@Q8cd=bGYl~!;&N~UV#rWYgG(_CbK|4=t^#n?ou7`V+A@ht`*qPPQz6QpKfGG<*_cYKi5W0C474-|zdfcRbBvl|2gt0$kPQTR8Q+P$?lv0F!-|0{cD>Tl1FIg8T>IYj` zM$uA=t>y9$Of4yxU9t3RZ4F>UFY-nlR1Rt$gaE|rp2V+2Xwj9fc%?kYP~j+C*RDtL z;;j}kNJT-ePEK2jb~SgUT~C!H8EKv?6tbWM8|IxzLow`P(2;q&d{KseJ}YQhH@Z7n zxVr{ym}JCqQNFB$YgfkIL&EA-i_tO3>?6V6_dNPMM};eKB*`JBIwNiu&d@m$HRMWM z-`?4jA-|-bRWYa~EktqSo86x$ddf#{W?#nQ5YL{ine$pGt0a3W9-3Mb@^%8OAWfR3 z^YJyTi;B&5t6-kr(p|tYYG}@M)RHDflpJ7?TDw0WZ!#TT#ZorHychDk<`}{3qUZbp zlW+z*uB5P&L2ozJwJ)ORHEThv9v5jK<&|9ji+s}7!(^OP-t*dJvRR5a}% zGn_yfO>c7Z)SE`XAddk%6iZ~NYNLIUj(H%=N;x_W7=Dnxv4SUfDLv?em{vM4mN4QG zvirid2Z)yK)=^m;9Q1W=cDXE3j<$cpdJ^}rNj`_kxdysjo)C7ahZ&JQ7sAAGyfH9h zXOX|JlsUlcIp)PsysNYh>$=F#vauZ@G^?e7h9+dQRzF6&<;c{qtFWS0=sb}zCh5z< zGp4h)$)E+Q5d~Q~NwD{VICizEnGu<&NhV{;bcaGFIMOX3uz*Gb9^Eq8qK+AfoF{fj zr=5nUhQclOT_E={2&oQafk|MDy{<#HJrV~!v2WiD>H}Z~@u(iat${y^3|3+;72-h6 z7gg1mjL;q*LG}r!#dMHI$FRF(@hW|JF<_?|YeV8FMi+*O9IQLq>!~m(B@k700Sym7X6l$cUkS(on{ z>icgjLTr$zZ-0BYrc6Ob$7757w1w*8g~Xn2^t17@J@NfgQA+QeT?(z99mf@H>w=#SZyFF1DBTQf^&4|#OfDe9Ta6xy1 zq)%w~5uY^DgBQhe;#lhQ^54lUn=!^YmnSbgATzC|U6NVl?UqjAqffL%OX@XoQA1;YzYl9 z5yO|U;;9)4-Q-)sBi5bM7L-smeYIrzz}yoxKrJWl8csjb<&c9^*}W?V=nA^Xv1e9~ zm6OvsHq1m(((~T1l}uo9!#Z!%u5y%OGIgP7SN@BlZ}f~Ou$A&U7MXu(qYb+o2-KS$_xxOC-j*S}s1$|X)VB1nTlR)hk5Jl`RJH6+IP|}E z>Oi*0zwKhq<>xGXmkGMjlo9z2$7_iTv@8g`fnj}UK$Pl>>tZ+N?F-rH2~cRP^%6ye#-0DI8v&83=yyPsRqCuBA%>H?7uR|ZR#Lt=QNdQgouWM zSv;NDNG^EkhrsKL5HTIpz$Nwy50UAX>1jW2HAfllyVGM2C!_1^M~Q9;imHZHTcNEN z+ZBb3+K6x^^UhmWTt}pznB)0YOTQF;c00r&W5TKcrAkNL?=pPdPzTivb=>BAmV<`X zDYv#?nAy@L+R~BvcnZ0Jq!a}KplC}DNrQSV%q*kDk{oAgd;fJo2l1XGp%ib7Ok7og)g zXo`}bH3SEV0K%00C5LO5a$O6(M$Q3V`Q91BR{xGBup!41U@iA5$7y`uxD~)7fj&8a zd>IhoF?v$+(sT0HBu&KCGfWmn{xUL8Sl_yl*}>{4YH$Wag04?PZXPWapnO5QF<43- zDC6^!xEpbLizL;u^^)pfKnI88Kv1SB%i~luEDEJx8-YIsP=`kQKMOXBC=V=eY>$V% zpwBYEl|YpWVre~hC{ko94La}iR6jxxellAPGtFuV*{Pwz$X})?s_elBLJ_DzgbmrE z=zp+l&f%yJFx5=Npx}h6Q0y!8W@5ial^^8lnT|dn=VK$E`#?25q3#L}7@!k5pV|C# zp+{hpyMaH9FnGxHPkeI<@>MFP8M>o5w2ZwmzbZAE-QzP9($iZ+Uf6*Ia(a_Xsr!fk> zNOLP-h@#ndTnd$%Hz1IC1?CV1oR72I$Ss$0`tzqimDqMU+mcjKppt~6CSme$w-=;} zlF_G`amWM_a}`~Iz%GFDW?_}~Eb=bN0{E3xjM{UC^xK*;j4CK)~LgqV*5{~oATR7Jvvb!iEs zbx1nox$2<$N-_@G$r2XrNR5P;b7dZGJ~Y{dBwb`EDvrhlSWk{NZ3;tWQs#ro5SlP% z!n!Gh8^hC6+Jz~@BVD>4(PX@2TEkS*Gn&QY8EKbnT!Y3$i7X?hWuzD*p!m@OgEFPGfW5%DX@DC! zC>SP&xj9NosPg#fb>d7eEVFbtdmiSC_EPcycNryPq7AMNLx9O*f5d~v5~u+FlbUAgS;ZY%7CxoWs?bx!!I}VHIQIe z8V6B`*`)HI!taKBYi0nYhH2Lf5h-llIu8`WB09Mf2VU;3N)pES+HuZHqdqyk_o*K_ zEoc0*)l|mB^y&ZpjDKK!zJIw=S}HI9uxQ^{XbQCWz-?e=_-D_a;lInz)|SkF)t~=c zUV65?wzl?k`6;|#US3^$`hQ~W&oq&0AnM;g^ZM&(npXFrrsnDDYWn&=U4!+9)n8j) zSy_7m>;GhRW%d8W|IOC_v;WaykCgIy14(wLIJ4g75<4XQHG2QIX z#OI%vdGR5S#&r09<=N`98UFv;>+iP*eH4*3KP&!Ue)4qn39SFqwP#PCJzH9Xa&Z06 z@c)0rSmv5plmLPIx=!NEV4l_ zKVn=)VE3d^>;mP!W;1Z9|1))eT?+ht8P1bMHvj9gFIhQgvHasodHLxNWjF`ioNj1w z(Csh!nAdB796Z!o%w)nzubhkWWj1*ClRQ-A%b(*f8`vU#flqB1ws=+fwbppEvtK`` z{<6||MXnUG%C*z;-R64+WcOMa{L`qkUpwA`{~9~{;c7h_rrRDYI=z&N_223ZY!2#% zD*CtnA~pzoyHQaXHDB-V)Q>l@maa7H!Sc3JTB;l!RvOgFP(zm2w-&LFMl}N@_5%}t z_~99BH+zFl_?7K>JvaOciI&K#CIX{5N7)OyB+lc5_Wqr&Hj6%3e_{735;W*(k$*jkeWwI=4_wmVX}l zO0sQU4}X4Tr4as#t5xmbRmCi{XEi>P#F~RcV zhR|0EziFUB$9zGJeEvK6zL3~sFa)=N6W$A>+$;d5Cf@yb}Xuf!E^?DSR z&A#EJUgEud>le)}Lhf*|k8b+|w@5lik9)wP+r3IvbgWyI$Wx8SYbFfEmngtj0B{Y0 zp?S@bE3gGCfL3OqJq!3r&E2~AM+?@Z2yIWYE)^L|o4i}3Wglu*Zf(l7eu+V4n?`Uw zwhtX#O6|1LZ!M4`6k97xBOsW8wB!9Y8YIwd?2I$#4 z*B(C?_R@3k0$GMNF1wv9`|B(F@|s0%B^Zfxc6%t|AXu2;#9bt4^XkAbfB4>T?}Sj8fiu*UBNZyxTp!R_%bk* z30DDuQ^&~K3wt!dGE6ZS!Aj6V-B!{t|=GwYw*4%Zh^4uaPN& zW8&RLK8ARJ%JK2h&db-wwYsnd1J8e+G4T!sf@NzO*cW)TOw1Fe2yifHErlM2_RYL8 z!I(F>TU5jvJQqfz0R2agKv&jp3czJhhm92=f&<9!r6}rvk-!I;n4)9%F3?;r$mXWv zC9$`L-Hmqce26i2NuXf9Cd8}fca6AUAaq++<=7#fYXjGlGA z_&&afjlgY~^F5H~7a0uOby4o<-oMRLu{vl&dx9OAM z&u}GCd2TLTSGmn6(*nRy68e3*dX6OVZJ$}-syJu+?JCBe8UX;h$n3M+oZJUAoPkbI z>vDbzX%M9ID>?lPkO_-of!L1tp=0g_HGPvUS_DlXs*E6rO#CU7@mPnemWccl#)?Bn z0DU!w5O%ZU`nJ9@<$d@(UQXR>p{tc3sxRxAL^`46_?od-7jkwVt=~GLE~^%S8?$=k ztV0uxo_A>K9_@$(iDum&tWAo zQvciR-&^-Pf&O>t$=Xun{6BfRvNk*aUt0f*%T2o9<)!JBzd-t5JESbTW|=37v1uQP zdi9Xg+_lNpd@B9vOiLQpl14jtyt7w}cMqci%v7tBsaDn3>Z{8Ber;DQpmw8YcRs7) zwQ1^Ik8AbgY)UsblEgRn_pHDv<(h-v8hLnRsFiA78Hkdp2B4-CWaps(9ADLovOj2$q&P{vx4g8n zYN+rC5q2r*prKVWba!wC%trx>5;Ta>3b(MoL#mj5NP2YlrTju-JRtUQFy;LGHoiOU@9W$J@jed%U3u{7+$-w`zq1)M_6+ zk8I5S*Soua6S;Zfl6*xW`d`%lhb+~bpI!d9w)T|df6vyQt*k9QSwZ>#((;p;{O>FH ze<%UqsuTeJxVW+^mRHu7SJ#(+08ZorBjZgZ{Ugg7CH3w;D~ET4vs?%qPr|>Ao8s8;F2R#N;6;jf^r1Xoz~iO2!MWOOS?L zjQG&)5By>hEXA|FuGfw#ua93fetEgMvww`*#l6F07;$3Vv|2~C`r*NTy(Sij9n?UY-;WkJf8P8G~4+&@@WXU&9_6cI{e&1{oA^;E;(BaQX__u@O~I|earcKb|It-XWZm-^Y5LLz36 z5*Fb`ps$RA?u>%IG6D3}QPAIyg1(xf0x?u?JU4$Y^;>xOD}|Uo4#%2wUdE1FRcaWO zlIGxhlM^e5X}lB@`^D4o-Q?4er1+S+Re#uQ+IB0p4kIReweTgBpF#<2^wUc5fqX(g z;~X1pO*FG{U+I0bV~=ggV)%Q>^Ad$I;v>NFQtJ@h!#WIxt`2HbkP z)c_WE(_nG$C;SqJc}dvmx&_?Te^cZ-bOZguaA#BIHH=VzT4VC zeH^(~Jd{2!%^DI(vIgK6q}WXDV}IcN6_tQr-|0qeqGUawQEP3K_HZrit3z9be43G8 zP)z`p=ACB^aqD+fE-BPl6*EdoFw{F8XoW#d$YIWun14nk<{Kq%)-G8l`BKL3K-V~M z1GEP!iL`VEqf9wQ023mqRZ3DxXVdCa;17vTwlJ0Z)~;%PYv=7=ZJov4K(H(ZIrWgg z;H=hNj8>w|vF>52xoHtLmKv>YPw3mALVzRZmU3`@gA( zo?~X<-acdx?^pJ)zGh?m&+fCf-%jw*khptV<%?D|M>H_se;?@G)LqfB{6T{lXAK2u zvBW7HtJj@ak2ArcklXybxJ>$Mk^m2`?1?Y*-8DZWj*Y1kdULdMT>EIgsR9#m9C~wn z^m@NK2|(h>>y4eG*Y%^1(U))VYyJ*o|F-{MMB)mv`~v`Y=-A&c>GD6e-moJZy=Q8=ZOEtr{JDWpkwrZ%WG@T zBKp6zrL|f7$FC6oO)WQR{nlnd;ASq8vmkI^LTeVBylH~P#k66js%&bVR(klkS%kTJ zD7zj~*VX(is;(I0@E|%b+(Sk$Vli=MQS@d}^kz}?W>NHJK5(-rdb22cf9EKAD27ak zqPKLjytO614@HgZ0+JZ3;+YR|7ll|Dye}D)FA*Tlh`I%@EoUI{EQw>Ww|`%0Y+~F$ z7R2hne})kD`4^F-#+J{ftUsc5uobLSw9~kl4P2NYTwgM@H*y0Y`8pCJ?v$w^suPFA z97-<7fak0|(H3T52>-fa2q*LZxSs%cjQn@y>GE<^{=4#Ic_#n;YW^Qm0Q|#)d42pP z9X+&v2Zsind34M?I{wlg9g{e67}DvP-^Sk{c-uHZ_RMGF@9DEK3pzIoIyV!0|3$>! ze?@12hm&o8GuHio7m@b2XL3IaarCDNag_N2M(+1EaG%<^{Z9~_X=ZGm6c1{&k@@pK zzoqyc^Z?`Zdw(`H!8dIhK2rXVlFBcT|L5tmwTS%x$+IWVX7c|pE&r$G=73Mn9z^sH z*Og-7zip8}(mT{-Sk`}{vi-c93HQef_eGj?|LY6)zroBsv%EaBygYyJygcbX7c(u* z9keuG*Q)-$+6-9oUUkVdkVP<(@(u^1;%L}vmS@XiIe%8D& ztADk;Fe7z9VYS=m%+8^W0;kVl)ia{R3|-dz0n`s8a8*8_oJe{p5&Ua_f*PQSTmSj8P$?$bxCDe&_@iD>*$@n9tbMp zzKj!iZY6ndMa~XPjp0d#0(#<<0-O(o%X)NYXwS|<(ihKeUZwA*mIL1hjX|^T^dsZ` zdw7*aRmR_aHl6V({jbt-m7U&ajsLa$>J|KP=-KcUDMujn+)KDTY_H7c6M${nZB(x!F$Mp)ZE@DP zum|T)pXH0+lAq)|I)GKrx-G4cYt)Y`)nDqh?M7{XGt%*8#HMtg8oNIUn1)TmbKHFL1habA#$14#nU@@`|J+ueD& zT|N5k@Ob=$b!}jlZpTg6UTyE-=(kDsSjg66B+QVth?=?}yT`=y7E~F(=lX7^Gh(kD z9_;Rp2jbfupyNh>sn>RE)nGf+?=YzP6r&;wlipZlSU)DKhgXxqb0-0JFd;P9rxSpK zT{{^(pg}ME@c@qiVb>>zI2pi+;NAL*giXeR{H@N%ep0Bs^(Fz!dvId7%E)RwTxF&; z8Qg(28Pwy-#4u&_(6KOO?9s_!PI6}uP~*}V3w1cbDFT?UCp$;lu5BbhZ4ig>YApT9 z0>-hkqUrRJUoMrz{=u<0s#Op6_JGK&Z5lAN=?mT-h=OV+pq_mV0Du>4J9Y_q{I1n2 zU3l)WUsB5Wl7DF}1AW^YST_l9H($Yp{uXfm8-iPPyL~kJ2D1GRKoXizj#s3?{TqH! zz1Kb(N}kJWFkU)*0fwgmjQ}Q^11K2Gz&_f;0N2pBn(wU(+bDhr^m=8x7Fj@CGBm3I z{#;yRqA77cyZ{CPhsTzrEJTyw0&*D@>~+N43L)qvM2z+CyN+d$NZn+$2Ez zmA%?X7)Zfi*&dlhOaPDZVgf|uv;5ocx!b|vd4q|2cw9M3>EsmMk_J}JL*74byNxOsWRBT0m$3zHZ}>mvutV%+!f#;IipIg#Rvm8Q zmpjLGa}IDjb}aA0=4mFtm7TXGe{kDjE1%HRH+CyW+ckn%k4&ZAMLh&e=NZ{p=0(ee zSwu!2}BI6X9PZ#42KXwbj&2w$50kO2&z&?est9xewS7t}lz zu_C~N4v-BKRLpB2+^<0Ji(P^3-n%8F!%`q+$=7H!`<+)Z{+9>^HjDl>OLj2}88%%cu=@x8n&n=9 z_}uH!h+N??Ub9eGv-IV&^yQPKFQ26?|Ax|*&vKRj9decb&9ZWQfi&jn>8`)ML>{x8 z=J&{HKE*=M5}f}z5}bd*G~<&;T?@rm1G;_FpfP5Nxnr@?JiBS5r_-o#Y0=o%CcX@Z zBEzF;V$9L~L2rQGd1#M}&XY~f1)&IL6uZp`+%|c#>@*KY8Nw`5ntc+MWrHCKEYS-p zG2~l3AlfWX_AFn@O#fr%|GuXZXpH`6b@}OPME~>j*^`<5|5wZZ9aRE7`x=SBXPLlf z%8^+n@L4ACStjsVCh%D%@IP51mYL@1%WIy#u^czwlJ@C7d2a5acQQ}lI2F_^Db6ex z{NG3Glu5~SF;hZKt>pQP+NjT@min{mr^e>Bj|%3$K$80@65R(179AmGa^=dXeoUly zVZIXJHoE?W(W4}KKy?9-rk<+rWz{0ZrU@vpbo|LIimY}wEzY$vuc#JZO0)(0}4 z5H7>tH^ogNCJYCW($T++OgBk)!vyz(p&$AwK0Ap^N01U}rtln1l5xlUpf?YH9hq?_ zww;i~hb>e)*a~)ztd$yvN+0HQ6q?-H8@XYT1(~Ep+~5z_qK+fwvW{r7<~g+1#66fG z?o~AARV-7{w2Hc^uEUv9Z}#U;q5pdT_ph=3Uu!E*QUCXB?b*uO^3!GX|5{s~>Hofl z{x9nOwJcSCKQ6AUishB{<+b(IHF0iTpx@_YzF&sAPdem=L_;ijD^KY@HPZvm^niao zJz%PSFIgKGRrI;-c4L4n&c@PARrfi(q?##CQZqHyXHa9!R97>nslT_=)R$IU&D^DC z?ou)Oby=js)2b}e<;gxKs;7QV zR!@y^VKO#Uk`n4uT=OKGiJUy_{bb%(FdHf!UTa96aY4K$3>tS$x31f40+FJlFNUoR zU7SRkQVOnwM3)OZ0HHh1;1T?hd#gOSf-Qtoyu9>0t-z2=EJgOr)@I}1wWEXi@7t|H z{1fmtlFv!_PK(NceyPyoWhy5BVodP8>_LjgaU*$6VH$h(g+;l_U;+r+#0o9pCkZ~f z-%?f1SRNK&I9Q)hfeDijY}(LHQUV*=;ZJwhn*B`@vixN=T;t;ZwH)u>I-oK7pS34X zo<{w@R+m?1`k${5|1Z4UtOHt_-u?;E=;fA;8pz_g_Y_(S=I zl)>C9&L1|C9P01EqWWb%^Ey$`Kb()R6!VYPDOsr}S7>bHzqMt>QpWi1%JK2h&db-w zwYsnd1J9o(KH%t3e|qWDqWw*S`M#&l-8Vj9ihd0S3Lj9-0)$q_?p?q-Q${n+*~EF$ z92N^g$D`doAGX`f&P0?y^VI2byJKDW;`{i#Hx6q@dpjh%si)|Nh?0~X6%&J$m8oxg zU58EpW@1X3N2o>#PKXer>~F(Ce+Wmr*@PPdHcjU|y^?S~_H-D0>%6d{$qmr7l#$*xCEE3E8FO!gT8yj~0^e-%Yuj5>{>v~b~ z(Zkfy)3lMUpxw7>U~^WN?~uMNe?cJ@O~!Kld(cpPR`=z`$NOZbIjJ~VnVuZ|JkPxU zAAHBHQ?q_mqB*HW1s836ugyEr2(DZNgG2{toB#Zpc3Tay8|f@e1cL8xCV}bOI=7fz zS#Nz~v|QEqvp!7)qhm+`zdgL|$}$qORON^ZHNm3On}DK@+0^gT*wlp>SXzc$Frpcap{Lg-JNCO$0z#JHvg!n@tc(xbkoSk55iQm#L1W(lb|@pvVV${ z#*gnBatFslT64UG?1oIDd9)Smnx-f&ZcUhPkVkn@2rqnDjbS)Xg9UM85?QgrbS-d& zBeB}(xQj9mtXsb}^d|rIe!TG>(IVW`W4AY3@qjSBzs<+XPHC+MvYa{CnQG6biRQA( zTv`-b3|=T69qyBbytGJ(MX-&Td>Z1)tpw%GXti2gzuB0;ZnF{Tyzl2+{M@dbNaQbd zMG?@HM;LJw2c=xNxG0i$S~8xBA?`mnoYk$KO@sQ=8ly4J>97^1)h{oP*G>*W5#~i# zyKtqv9{nMw2IhV#LGA@PUul@9l@%n}e7tW=jomZl8^+>0T?O+jGXqrS7Y&*EO$`j= zYv%Z9wZ%_*|+7(-k1crk}%@GxZ%haVP z4q6(-*K(&$M=4d5Oe-_ucYW_&!1Ps&pNY|&YiuWKHD&lT$eTF1gIZxp;(g?71YP*4 zb@0vBtjm>R7n2axTiKK89}_ANo4R&J!>^MK^mi3*V_#vf@MPFl*jeMqDr5^eJq=IK zUA)hYoKCR5I$+{&h=$VRi-M2T27DztI1ewd5*OJ?bhVK{@Mp*9?n`bZga@sRBB6C)k)FeB{{c&%%p=IMWbosgoNP%& z`0S-Q0lbLiw=sco)YVL@f5zK-d4UC_8~!$Y8?#vaK3JP?O#k^&t^Wz5VNLh@ zeAPq6*Z*A7Zb5e{*o~BS?xNkZGU* zuLghsCI|rE&*Vy`Ehvl|5w_bc1}0SW4|TcZw|D~nzP!d?TPP2@ijcg;aPPVNra#I1 zLs2>61@E3G^575L7u{3aM-0=tiv##u#cB8@>Znpgp0VU|+g;vYcQ(w4kMy>8M_YY3 z*u4>ff=|;zkOR@wE@*ovJABXV4}hOQ-@a5umfNaK90K2+O&v|B@jo@yR8#jq-rR4s z$R9kOboI3SUy=|W=0uEV*HRrHE2-DhK^=_w*HUF4c>-JMr}iWsS>d>*1tb6S^0P4v z*YjFW;O<~cD0V_I47U`Oi>Ij1-h=-D7!sWnjfy8X9Kw`f06g($@2ntBOy=f?C->9V z+I(#C=kd2Pi<-LDK&)~^>HXc(jBEtJ4>cs@&>(!H$*+O#jOSc7*4vMZLdc`S_yv{(L-Ynr;3t103D!91yyo*VjN$t97IcKbc%-K!y9D`X#_r>M`>v++?2BYeAu5{ub+8jLemCBOfnUmJh&9@Lt+q0wyaE^! z9Y0q`l@7~~kVY|c4r4QCZB*-`N$cw38sj_2Z+nG(vvTfS?`%gzA@@_~;MAq) z-L1)v_{#zV3wO?pz8UFp)mE?iRt(np?(_OG@w-hbiA1XD`2kX-#{_UyG;d7j7 z-PhM&fPf|=Gj%3-2rV@EoHqFiGa2At$)8)p!_FkA3Wk2!Mr@Y@uTv)tttu@Ys#Hdm z);Y5RveJ%l?v2r72fS|>t+*ruZW`b5se@3FZm?g$$8tYEwHx##d@~}CVvz#`PntAZPZPWAIqT=bP)t5DtkGG!2 z?B_c^1{*s7>!aBE2QesPNt>ofow&hd*D29+!oIvA~m8m1>a-_#`i^h z0C!~mClMlj3P-K@mtbkTpT`=RryyAPAVb3O|I6BK12gaWe&iR*Wu9qo3V4$VJ!KnpfC4M|PS{b~pYj4@m5rL+WJ`<>@#$ibihC(exMk4da{i8EMxSF^jp$z+3nEG9Z&?{-i;hy$G*U0dkEpg?%!W*U!WVu&p09mj+ola&*fA69%hbU-2zTrkGL|ROg=mppUt@ii9Xa@?){99&-*HE)z{o)}#59Rn^ zcRhqj)MY(hnuJw2gBk>;(4N54ai2>?x@;a}*n8VBX-5I?wjJr{V z62Owk$bwM`FmJB}ifcpQ9>TJ>CUCc6hLsJPwR0D{rSC3YkL#~Ny|)wgM`5}Hz@Nu> zuaEDq0O?%s)VXif$LP8sy{}MzUKTx3AC^cvLE1LAX~rSF7%z-hj6k z+VfH$L2O~+&QA9Ja)a+2F?M->r08^cOU_gPanE5jl7B_^fXp5;c70iA3c1>zHoxBi z)&Fin`rfVV9Zw_tX4cTsHJ+9LzlVL_R0}J7SS#+QdVWi2cCas4M{Z3%%0#kD!C$2t z&^-8MX&E$sD~4rX!E>B%T8(y;ool31QvKRnDn)zap>Ks>ry`@sZyAXa9ywnz#V~(Q z8-p4*W!(wCM$7M``;hkk@pg-kFGG+V6?HR(9XRdvfp+meOjbX>Eo*6hV9^TONiSZ+ zfb7jjv`bt$BK0bAJqP_6kQC_Y6Lo9d*+smi{p5g+JzT|}s9zhXw=t}3Xp}8JE{EkYp;1}o4NBQEeABKj2z^Jk`#~V-WcT-Y%B%IjYhx27p~iaMRi>yxj9E0j7%>D9L*S1<3|4azAeD{@JkGzcuP zbGs)zjGl-axn#uz4l`VPuHI|>S>{{zf|z=WM;pdwrD^6pSE~}3oqWrop>kF6x?wlg zYMa&ymVP7-O~s6w9QP>*72CUW!bKC8|>RV z3W8aWb|1gvUc*VZJ&}7mrQE^d6Tqq(<01HK>gVV!tGX~OT`XSpGej~?G0;MAjL!t! zL-?geuM4nXZDj`ZoI9i*m=2sZ_P4MIM!~=rg4bZ(^%@`P*piHB-AY|r1`Wm6fZS7< z7-lz0-+r{DkxG&$xHnurSb?3z-&M$oa}Vwl#5PRqYJt+nE8bpTFP}eHr)%_4)B4Rn zcQ;xGyP0OJf`cah5!B-KPnj&;m!9H>h3ZFYifQX4V92jsG@DQrzMy=%NBc@T>!P>x zzhO^@hx_;FO{9v$Dsry09))IvSz~Z5D4AnDU!x9SBrDLBGJJJH{dxcwWH+ zmOq)Xz>%G)y`Nx9)M$5HCM^{<#bIvj#bq}C1HM_M5d$Hqvv!f0Y%>RP*x>lxg@+ok zh1Ks)fSNPe@_ranwwu$QXt5l;r^If+{4g3KIN3_#N@dV21qKqaqoqwNe!6Irq znvp26YwOC8YsICbGi-bDtR;iIt}o5H3`rqRTInPm5W461Ky?Wmo3W<|d_WI0A}8Zk zL8Q^+zqIgR;yS*$Z@5kU2gG2145n8LpzL)@?Ut^mNv-fm3z)8A*76IBhDvRj~q z5!=IqKW=Q3Mg@{DVz82+uHv2tQFdZ9D?g_j)bTH9&3B?St!-(%ifuTO#zz%`=C8Hc z-ZnO%ZwjYa_=XzmvjN}|KLMW@EG7`Bt7YM=%n?S)D1vzz0CAv~R9)4f%J=m>LQ7D= zryq~o#A)L~9p+|#1-@`L%myF^zyvEk{${KHeRL2S8LTVlR#|VBOBH2GT3&k;msQC` zN$8Ei8hJGiGhas(VbM1&Fl3hQF>?w5<>&vB!SYvUUo>T5g78QOVag{BAJ*wmg(Lw9 zF0v)`$Xw;CI?=BTyd@*K5}H39IJWiB`U@2(@Oo8NAJji2l0S(s@P)UeW|1pOCDBmL z|M%!&bx*2}gB~il2vBA{zvyo%91F_15HL1x(;|PgEt@$$Bs!}}i5x^P&e9Kp*h-T* z#EX}bVYxSMJqTgk7P@2Lzu)`G2;*)ZaU{?k5M{*J3JvS}$&}*!z!fmXu65oWqBtxP zaX-UlzRC!B?MVv?8L2DGg+dU7enq)x{}n~EB^kma4TNbvQEKH0JX^CQym*d}kDC@f z1syCnTh2x=J2f*ss+NGc5UFaGHqzDomz`g(SEp0tx1;;CeL*q8{l0<4HH9E@&e)|Df%>?EDgiD`VCPo$`(KQ0!0a&|DZUVj zvvT?AvTV6vXQJ8X8$r(lXyPiFgrH;r_c-|M7UAhJ3G$AlP7a5iTUqMR5;$v72{rQ9 zZ_(-t58y)wTz=m?F}`ncn%2jdf!T0be+L%?p*9-3rgZ4MyjsTvvBsZso-PjDH9V|thGE`y{_-*#&73HP9_WL z0hr%zOv0|WaQ{e+Y}d=M0d12e_7=;B6mWD?xl2OY4B$jbB*SCzg0qsfrmvsDTccYX z3sG1>dh&3ku&!^R3b8E2HgUS$A&BtXNo)xkqKrRQ*J$4VbdIhHEG<(1v(pb96##vL zXE=uIE*oYQa3VEg*l4=6FfZD#QWjHK-|L{qzfX@Xn_motvdBB^JFzYVZpUuX+eU4A zdsOCMUh~^6i&^E__dV~u>fb>&@tbTZ=U{53scu@@!Y72+6AI~3N;7^k80bf=;`mSt z`Oz*jcl`)&j^Zy~RQg~!^7 zjKt$LnaSaW>r2DDgX9Ya?|G%Km}kzj42++pPayQ48nxB9kLFUZj&9&ms)pefd0=AK zad?qnnRK$hJLHYLL3L<1kpFGUupx&#m}`J7rj62~b*ag2NionqbV-0lcPyRZiek5P zG)xin2Xr+<|1fzi7&kHpB`a{*zznzGwG?H5mMOU6K@N@6W-0R{hJ>KUa zfs8<9d5Igw@6;!z+9pPqwx^~rZxl!_T|>+UUx#fm;gZC>m|TVsF?@VJQl|>)iD$4D zcmdx`;$vb&bu&Qc9w>s+3;pTLY-?i&K~_l0 zRy{bn2@W}E3{lWuA@1M4K?iHt>|5s$hvj8Grj8KNRB*U45KoY&nUGuuhW$Scp}o;bpNG9+5H}yAvD-5flx%oXi5pu z(P7`Te@Alx#w4wU`qad&YKa7oXp{dQJ0cLBbt8l;zY_t3tZ(TzT?M?@Bb;0+^gR7( zd^v)%#vc3TE$l5Iq{I+%0^mvDOQHh1yhX+Gjm~zC8s5bz&DL2>#gW?Zwc4J zK~n>B;$ZMTlNmZ=T+XhMDcQ%MJVXt5RGHSyD0R}?f0IB`o>F1ntE!${V>{J5pEfWp zOz*gm`>S#+<<6EH+<3%>m5{9H+5_X1m>tTbSTZT?X@WA{HAzJ|TEdBSoRQ^9x8T+g z{}{_%Yns{^jwao~xevNu(E~gjU1z`lv^D&7W8sPgcddfpes#By8UX+1M@~p(X(!%y zCia${8x;1HK>)vv5av84oQ636s>}f!5&(bokK!73MD=V2$c<-_7e_VxDVKmkixt8n zOkl;$qv_{Qc5_Qgz2i6M9j`6atK;9#na-DM>rKMnXSn5?t*yRS-dCIOpZ0%0TKm4= z+;_Y`6}P#PmovR!&!(s~_Y3wEsdh=eCTtR0$cZ)?ma>2Kior_8b{CU!Zf<&lP`()b z|8Q-S3Xvu)CgyPhu6=6b$NC(z;+9X+I+roniVe5=YKW4O<~rJpn~u)bGaSyFRGLNm zNdm&r91o3tXRsHstxd9idC*|WoV*?lb_bq7hY{vhN@isd%SRJY@_Wf03uA(oniD>4=z`PS+BFD_n; zChAbQk<87|iIEeKs3NMMH=#{A7TmD}OI#Mz^TCA$Ay6KLBJ;AR3+;o{YH@i-+o3u# zT@&SGWj`$W>l~?ttBtBnl~wzmz>&x~Y^o|fR?}_7`YDCt=@S;v?MBE&tbkQwDL4Ej zV#tEJ!K1q;r3*tcE%9V7i1&t4y6s(xe5muBW<}EWO>o$9(szTg#|$H)OO-}53l94- z-~bS0i&&bf2wT!-8CfFM=*AC@xjuWo*ABL7WQf2FLU58dW-cACEI>gC@d{3&j%5Wj z!8g*1oa#nSj>vIy2iEk=wWtn<>+90>y?dV0SW26y=@v#(SBBuptBhgwZUmI?Oa$X! zj4)`yD%sNQzyB0muPKpkOlHl*_;4wgPE;9C0N2qYoea^V!)Jq>Rl<_o56UXfVhu~i z6N+D}tYBx7Yt2>duo6;70kSL|J#A*QXSW3HjJOn7HbTwyd)5G{Trc7FdkYvGDcpDI zwf>;o5R8sCC~aPdaMDPl=Nx*+3gn~cxxA;9tjv0|ZcD6opTcN5jr9#Lmo`qO{2{v- zkYcPK)q2R|+Cc9qH0`JpirQp=UtW%e6Tgj-sx+mIVRziNujwaixY6Jso(Z-1% z>5(EAD)gEn&Z%aAf3uo+qiu3%*6-|YxUJ|{hhI64eUq`!BSy6bQOUDdOaIwJIXAIr za*F7(E){bPD}B7Wa&OX?bGs^6tzFR8)GmKLcQ)ryL*Zrm&C{4L0rFctgx0cLI@2h+ z?jvB9H8BV+N~mu8pIQ{cV@Ed1PL#R!$s#EI!B8noL(+UrVz5u7!HXvJ%hNZY5uP?r z7pc2ZTNvYsPM^_$mvmk1&Em9pan+x;=#b)kN$VaXub1ND|DxI$ zt0KCm-*KbNR{mG&iJ4j1UNu;Mps8imZA$ug$Y~mwJ+)~RfjzgZ4{wc#!b!5F2HltS z=FqDm2a5fszdXXFi;YodScNkpD>{3q)H{aJ)^_Nr zO)q_?57=Eq)CV=!u=2T4E7sJ_LxX1+wZ5vd{>xlG*6?L%S!u!YAXCe!y*Y2N!9hl+ z&vvIHJ8uxyWGX8)`s2R&#C=YC#5caTq0?7)!Q1`ZV*Iz+I7e$E>`aO*-!G|Ew1Nr2 zst%x}?MZLOPi+fSyZ6ef?ez}r<4<>|&r4?K3v1HP&6cO@+>h%)f8bN`&&|#L&quIX zPKZ1scWCmX8)8v;Lq*;JDRpT_iw-?h?4@#t_--uq0<2batTmc})&OUseH44DaOR=BSF6gU zv(};QcgkLqaaq0}Wx z`%tjAG2U2EDT-=Xf$ZJ`icGMB*rFK?n2!-J@pBPbmAR@4T-E&Oj&8S-KoHA9HW=EKihx9jck-52$+9e}WI8vEav_>! zS|3CND}(Y?Z`fYf?IC^HTZy4%8IjrTEl1wF&I5denK?0N)UsTc4sq}pm0JdD_iyu7 zw8xq0LEl~+=t8$g&4d`z8ycG0?}M?T&<|RjzOd%5?9fink67Fvr(511F0cE?)3qN@ zpU?fHnclAVm7nvX1dAc^qW#%;anC(Q8jtKS zrq6iUayw7zz=l>*2YkX)8!xf8qxK;hN=|Khqa`%5t=_rN2C7{qHipTGO=YhsYXH&^ zDV{UR!KV{B_uUu@n%TqcSmM)hCQFf1>717;)Vv!U?N&YNdZ-t6XDa4Rq-#l_A&PD1 zdMz9-TD|dfXSKQsVR3N=dwW5cH1)aPxAMRo4#=rj$=dKGyD`t%MDfJ}uvy#oA9$#C z@corve@N)5cj-Vm$S&i>Ai{U{Qi4*#>=PJxKpV;c!~Ugh@(Ke>P}IigbI<18=FxI+ zj^MbcZnA%tw((hL$C1xLBmBkAYuQ9$4p0pv4a8;8F#sNw^NY|YuN&f*_-#%oN7>PT zNZlkqM2-Wap)*F=f1;wEG(m~tp*kGnjx1vKfi6fqtAVWHfj(l3G6`I_?wBQo23SvO zhAh@Uyo>w?w|_rmL?oP6Ynd3>eanV*rz)HRcI5U?N8?U_Z6E)r)E}La@6NnHl!`vy zjewj@cVz)sSn}j+jNTLvdbzxRsL=^^G=c2k^v*t3%#SZZzP2jM%81I`Uw}Kg0ZMl* zLKzEM=1pKstVQZez%8L8fjrM7bhddAndtYJm=e*|5FyTt^fQA_$dWc6nF;104& zJ#o|b?tS_$(?bKp8mcYuTrE7csCXRJ=dSo*K8w4BoNf*j>l% zUb+(abq0PjNtw4k82SGG;(GWZy^Z$8 z#RFC@cse{i`;N>$`57>E5c=0kn|sO2yE-&t$~p6#OUXd{4EG{0E*P$Z&9!#26i9`Z z`SVn4jOfuYer&y2v0Rf<=A>%ylbuw#OhV5Y+O6+(KRY`-@N7U68=3AHtwO(>0v)u;6H z^Xp9o@6truvMK5f0V=3uI|mHY3}cqz@*pMSaD2)~hNh|z-O>;jU+MDVC3UF9#p`u1 zYt^$h@Whs~Ps*v@*}!J)kh6K3$a8|J{sltZ7k$KnCN}6>wxI-g31l+WF$wrD7vXrn zfaNo6IV#>H759$(Q{18KXq8R}w_B&5v-k&(1)r(k1~wZgl)9NRM(M4YR}8io98fnH zGBS6~t7f@P69r@+Q5i^Z@a`ma#?`Mh@3=3Y_Os$Mf&KW_2&JFMV;Hf?>Bv*!8OU8d z=}}Xp0NOOSbH^IVY?W1THr#4|<2?87u!%X{dSai6=7aLfwv@Difxp}G z>uK@Jd~GvCC>f_ji>H2d0A{*kNMq^$sj2ECYH(UZ)t_ z{wn(z**@0v&}!0`*^{Z^nP;jC^<_`#JyDxZ@=F1lRRGXX0-#W3;fZ~G7#onSzf45% zR#PmxuRE&wvRFX%7*D0THzLO6sq9!YSz;RDQ*RHEK30s1<81ZF@hEy9;8ARsNDJlc zBb28F`JpsN8ha(F0IxJS4^^^XZEolR)lNgRiMGbc)GwTjxhz4&*_~BfS{|RH&h6Sr z98+Lo#a|1)9u1+hMO=h0V1d;Uuu^C=Iz~%2zWU|rw{bztB;OZ|G>e&2Px^CA-C=S163PKr;h)fTYQW=2g<}TipdY~lAfJlJ`xxV-CqSp4%L@( zBAFZ|RQhlF%VMFX81JD%ge8CVl6Cxxn~Jc76UeQon`JH{B>edxV9D)y&Z#t_mlSE~ z85_2&9ZLk$@frm=1X$w8RG4%@_@A*$v!{?DpewL$ZSU)!4YZjdS)RC|iyzd4@UnXz=(GVJ!QaDWzZ~@w=fke9tmjxe-XGe@)zNy`dUx9Vq}l>K)gI0N-p$#< z-J2w%Pj`+l#<6U?keC^BUbm$fG%KlDTNaCKtC)K$SdTofv&m9;Wsi2KPp%ZdSYkxo z1Iid)C{m6BR@@iVEJd#@Je&P1KAufH3%kux%oEF73Cj?CAOFE!Qxr6pQ$vqWi*~T@ zN^f*9K{ud8>W>w-4pdgEprkXU>7JU z>D2a?BizE-bLl0Mk6ZWsxn*#Hhj!1YMU0b86S`jqX)JG-TB#cSGi&rWA8PGyy89eV zSw^HiVoq=y#%@xuGQWuQ`Z}~2sDp4`2U(cijT@RBd=OpreuP<=L*bbV)r`DVlMn<{ z@hpk03m6X_{@MI&Tqm-<+2%`;z_k!FRBf6})dXpEmu0x>RQfPVf`H_Avs2=EWV@%q zBTDvDjzA&ER zuRE@pfLUV>qt&xTj?np#TNbcX?2{qN#{4)#Z#Y6z?FC6*Ij+|KD_jbuox)1`bQ4^w zis=4v|GZ3p)v;n(zUfZ~LZhp@{VPHNfRSA8o`96EWf#9|lgg%ABzBI!e{XM5!mM@g z#OHss4)tD#7f(G5*{ zpG{IVf%eU6v`Jx=4PBX0NJWJeo#)}txur7K_U<%bQ40zS5h-`S39JVZqT17wnt8Hv zcFpJOL2T{9#BWpH>Z_|}il>)nmbt=ZNDC0kICBC7G{p-rk+Omf*<~O6NBl&nrmfpq zynH=28MSn1TdyW*C{LifpEW;VaiZ*NvqcKWoBUI!r=twZp|>N(m6(T#tH+6zUKgvm zld05f+L^9)u&eW;lk|13uOl<2N-2i^RpMBz^_pTBG%*e$n??l?)?1sbJW!lS zuIPj=aW~t_nDcpbya_*CY zOK)aU1Uh>`fzkCkv9qqwrO`PruD2<97o|GgzG^IB~M{5*1_MiiJ#8hqqgm6El0ZA)SP-WK*XSyBx0=iXi zHPnW_D1)Ry#T-ev+KY8p$3d_O;ZGCp9@Fug!@TxJkJ(*j+W!2reEbI@Ixji|MRdOh16aNb4(Ej} z4{b5E+JvaYw6MuyV;=e3SlbW_{3(>A+^TR1<)+?zGS00StMEc~`1~C<@-72Q&y1;x zlZWi$P^zzquO-D!k^U1STW6qNN!T^iC_5b7-QM?$6_YF0*QSG)l|lE3HiK2oG4?tm z{$-mV70f%l^x&2^ET01c!Vj6E{%vLJDjq!XhE|bW}x>yrz@L2fqs!^R_ z)i~=@>QMpXdF~}j|ELv8)S-r)Elg6-V6}=^W2Jmul~0;KH2p_y7Sg(ml}^WRjFM8h z+8N^oj8dC+Ddin}CuI#2jHrtGq8ced4OHv0S<)aUK$;ze=fVy%iineCpO_WAlb`5) zAETnyqU&}x9d)(tgJqj82bn8<`dF za}R+d;Igi;oHcI~$oWg{G}Mz6iEN8X)shc3n(CMhypxD2kMa_+f0;6s1DTM&0`|@# zX%}3QxVxykzN$98Uew$BjkNiD7v1C%uMG8@ni`5{lFQyHYV`K>%D0^lCjxkOJ!Z5` zR9M3`%SHmW+!L32_ov_YF}f9)^i|m;hw1oAmD$q+IjyU!Of@xh^gh3L^*a^kLlTq6-7{KkM#a&Gkjxo){hJ{jicg{O znE8(y8UQKxTXTJOLN1|Nfz^LO3;cv-Yp`$-ju1d#n>2`Eg~FV#eVGfCU=huqQ2;hu zMx>n(-MVSXS%9mB3(|AXn2;6KEB<+uy7tZ8 z`8;)DZ-Z>TwH{zO@B=#)Ra5_8E>?G#ta>)5){yL5qP2-|tN6CwV|_w9BR$Ba0=s~gGoC9&Dq z2e?jf#jZL6xFi8y@XF>ThiIPYp@$yD;7UCRkT zH0%+tcr;75f34X9V zhgi+G$zf58vY${mj4GHCc(i)?j36nPN->*!jg!G-nISE4J9FTC{R=k+ZabJqF zstEc`b#*;%wnK5)2zygqxHb;3%J5wW-C-^2&5WQ`4RPXv@8shHk?rBt=J@$bq@V-e z+d}q94Qf}?wvL^ZSt0}Z9z6JMkW3%b7DH?!aIN7#5^1oGDl(M3H$gw%8g*?g@KkX- zuOhcE6?BvE^jNT44egR0?wk!%kPRnEB{)UNJ|I-_3|(pfDWog;@lU!#pG%w=Nz*9( z$P}bnj+@#cyE~G-LHn4VDKeoL2=x)V3r*)MO9!&2M}^aa?K&@ASMn!e)_Y#T&-p3@ z49jl!2qwarD6!%KTf9|-6m)deP?>!rj(!|qdtvWNKjM{S%aJ@XjWKm7T2nSQ=Q_2Z zZP0{-+AAq7$c$2tQ~|p4RGZ`MWV=18J9(LA??-}Mi5RnWmo{aX?5G;?ao9X-AX1Y0 zi>_W0nHdRh5a=H2+`~Y?OW2C$$|+RQw8Se?dZj24LdJuq|D*(D0KfrlJ2V-RQ2q^i zwR`?@gnr!G$Y7iXa``l_Vv!X1dX7w{eMJ^y-QNr8^6DB^28{Sg-iS92bnVM;1e)>_ z(f==EFILfSkq(G)AI2Wju9{!jJ9hu*vJl-hOP&zCBE;O0iy=c553V5LS5YcUg~Nljd-9746i@ zsDWThjkMdA&?A+o#``Jx9YHGYj;F+FUab(CLmj|=mx2C2?_`smx;OjkwoQ6l>Oyw(CdQ8~XKd!tEba*o&4-EUP;PZt^6kS(1bd6_can z_;r5PJsOt{DvfT0`uWx0;2Q-pZ5qmNVsuiS#?t!;up+lA8_f&^aV>Om5EGPB<@~-H z$wXAcDfOsfO3y1+8mGz<+gYFdaM9ICKPdvO4fzHx3w;#e?roROrv9+aK%&N~#WJS8r<%E8}Q6?q$9Dkb)@lr4_exXwwnsRhgOY?@M+*$W_z zGM^XTgv&&hp)UR#dcyy?$7`)N5loe4UW%Ja|0a0A@-eYEA*%CLn>m)}EeBtUPMM9r z8RC%jUAW)UBEi5)RUEZ)@XQOipE;hpqE1fel(43^WI;Je{Ss^zDV|^*GDzUiyt92N zeUOax_tNLi9Pz4DVlOeau+*MdCVnCL7|4J)&(8e!X8cq4A(pH%D|@M?n~JeSyG3?p zS^Iip9P*>HyrP6V6m&H8{jj@Z7BYNapE5oR7XU-_Hn2gTnDp|lBHrLcRk5k&`DNL? zw=SL{9G^dj{1Q*MpFk{6;ULL2H0g*k=KKc~o6$CEYvRJ=K)P{(EAfke!w^2+zcRT8 zWyk|xOlnttl&gaDjg@hatv<_=>Z3~C=o0T(o%c+AARLMWLYy;;#f59e4@R|N6V06g6i~p(W5bIawU86DgdFs4w&lfJ`a6N z^`{2yd)Z31*TH9vx61V4^iUP)IfHDc{s2G+ea&5^?j37mboPqT8AF)XW7GFz9{SK`^Oc2rwZ<~mO$w)LICr@ z|2@Qe(vcV)5-g?L9(m^4P(uEn{dlrTEkXZDxq(F*SjaQ|&xKN9rn1uso-DEN;=dnA*O2(r5OJ^7X`<-*zhan4 zPd(Jz#1$pkMzhx`rkL|)>psJ2qyPNR4Q*E~fA&i>GXk5XlpAOndbe^_KHj3g);w5Z zD-x@KBHzOw5g25j|Hu2{tXWKztxbqWGNhOP^M_y6mUEd-uVg)8CGmWe31rRefPG%7IL_f13hgaOWx2Z`Ll+WzH=>W8FPpA z(fDNb6h={!r=t>F^tCl)zRn3 z6=%W< zfN{=W4cGeqW^9n%-0=TTUizf%Fe~8xKOgH7t^~gI~XK}hrz4$N&I7;>B~2abW_vp411Lp^7Il@@<}>scm91V z1+R3;6z_O#Pz=KOfF-`xZ7HJvi(U-pX=2gzo7ojAkN-1`w(GR2+=|l5jQf9}TH;f# z+`U*K_rGA7-_*v_tKYFhqTd%#^ihO+sQX^Ja>E z{Wsp4sc?eG;Y^bg`9I-dIbTvr5`RACbUxH%X)&;N+{HkwZrk`jp}_v<|7O5h`I&hp z*ZSO`s~wop9N>c5-Q>CCkt>_wndmLgHzvLR`JcbiAbjz|HEiSr)Wa^dsllah57IWw z2rST?$ft(dLP>}>wUGTr$^Rgfpn-W{5%E@r@XYrw=KfC1GDAxK0v(HLn*ONtVd7hV zIMC;R=er{%Ded0SJWOImtyp*&Ir$6K+={3F8=>#wFX`m$JGO}GAdW_OPl+CJzHhM` zJ{u9r&j7s%&13(IehP3EFf3mIDqVw%^FoOX$GN|VXfQwCu&|C^bXF;m=Kc!=ka#{W zHwsB_mnj4isp6YdK1|%BGJ=dXM&yI09dXIUJJ-QgL>Ahk=LV=>>1Yi_ z!wm{(+9MQ8sTk1j&Qo`NT)Bhm2ev%8BE4$8S?)I;=4ZsTS4-~Y*Ew#|vL9!^YBCG) zFsGS3{m(e5BN!95V|!9#3EI-W@o!h(O>UpX-s&!6E5`3@Tof&47=lQw@jVU`kav1{~zLUEGYfm$+TQDx3oee z=4a)J9Qetz=DrK3o``D=Dnq|Qa)20ya*_2=A_3eYAQ6mN>s}Q&9ItAIZv0c=icac) zSv#L8a^cdBj8>VxNL@!(%6HADJW9Y_C|zqDs^-;eH@$!rcRzmO1TlSqc$YDxD^ zjw0VJ;evHKU@j}J$kFAktEUKU&NGnOr62MsM-;P1Y8jJ(uV1{T^1$I*sng1WCT8f8 zBGX9InoOQ(hR&ep*RUb#n;P&elg$q;cMFeW!Un|r#(Fl|IUFil19qm=$FHDbwL$(S zN&%dt(AR<0YHhetoQz@&Xod5afmHX!XQ`vN|MEIIrYTU#1#Wy(SOZT&8i~@0u91nG zPIYbGFsX~kOjw=}ye@-cQ)^=#uUGO`DN0h?J&@{Ygc_$%9)gpK>k$_jm_ zN}38LD?X4Rl!*>xrLl^4qq4%lXK)q> z0cIB8JmAnZ7k)J64niMA1~6qe3uIw6gj(~)lCv_R1wq*LF(w5TDY(cWLCB9DNR%`! zuv+eSinznRZl?sV*VFs21yq`8BFEUUdS*t0F*cn7KS6gSgfLN8QYFI-?QX`Pk8VQi zb6v(gDOXsHSvG-a$yDcojT}vmP#3+{3H)Oq>NWSh=uvPGcpM<)e2Z|6d!cBY$k&iU zed_j{Ou{53i0vs0@)wC=Xx5+%S^%Amqmm2}`C$Iy)6n{|suG^Xu3~v+MIad?#$n+} zKoWooN^p^_| z2hC6u4l&~P8VBqvY;J|CHop}sz_+R=z-)fOHBFlkE_VdO#Klq)1`hQs5uXhH}YXJi$|%`WnjU5qzA4U-2m&FFB+{ za5_0VVRR;86+C6l6c{O*r~kd^dCFW*&zSE*Dnb8dTMHTIYF(Xeq*KVzPl#r zT!uV#DWK9=(*DL$6Zs>^C}Rkt`zk!{SnF*sQJ+lk-ktW3?o9D9pFNarH)Ry z1T*me+dxLZ0@8$_O@PS=OjOdKuCf*sZ6}Ty`J3SgG)%a}Io@f$d<94B4LATbG6qp&NLG)u3_KsEOTO_#Yu|K(1;{?)S7` z4}m~QQ*8)w90btfL43iG%mMG()R9=h*dVomG}@mS{R`H5kNGWQaaj->4Dq0(4D3aO zXm}eSOjl`F_7TY>TjcIgQxn7auNS7kR<2l@pwDRDO2Ln0RE)ai7?R1PY9edVRWX>9 z#@Qudyj7fX5jg^BQ{m7J3eZ9uO-f=Y64igMS+_FzR;VwQZq05_{kNJjG^iQd0Sak~ zI{-rn!(78?6O2#ksR^9wwpb3#j}8v^m2WVwFqo7yRxld$@wIdf?Y+U`cWYS(V}^^N zi!-uFI&tXRp2i;8$krTVTq`826%|Yd9wgaR*IIJZy@Tf}Q{RKRETU61{82eTRk$$j;@*xd75<3Lp+iJ-8z&^=Vt7EswS2#;dxe8Ku~&J$szwy z2Rbfi`?{#YLJEr5cgo-&(5{CX0i_0QwNY0*J|=4Va%w7qz?bqBB|H)&RPYIbE*Ks~ z{0mOJh^Qd>M#+ygVKMW0N%2k|K=8)x^t8$YamQ=4EM;K|2qNLS9U^%DIC;r%1 za|q#HBn{VigXs+89&kreZ% z*z_E7((0Pg=WKEuNLI)X3sTG2155Zrob{84^eO6198INHI%Wn;K%kPplLGqT%Y(x` zA;FBKynyRjA6S7Xr+Ixg0U1h)K({NF=a1ir9G%zj8r6w! z>^wt1BrRf))JYXCfeiRWmrRf|qtL9_P&bqs5Dbr+(df_Rq)1ZzQ&oynC}ZLxwEbWCUyp>n_P{?aM+2s*k^cgFcxKeQ5M~B zgmQ7cE}kB}5YP8_kDff)f4aB7=g#x4$)Bb0WM_9;cGZBh;IbYC7c%=EzlHq4MH!@C z;M4&gYzMHV*3Xi7GJ?|yVkS{YVL>a%Sug>7w*(?rbm!bI=!)rv7I;(7iW`qDA$H~WJLBKQ-M zPl2Wn7s&3e>1?ZqWt?zKKq|mo0t~l_i&P@{vUDFtZ`G%oKrN!EAAXM(bkOb}@Ztw= z!O8Z->>y}=l$o0_jZ=w=YTXQKLRjj-!()A>(4=5FU}z1sL34FfMF!tXMvVCt6k%_CYeC>`yRXq&`%V-ROrbMU>ICbC7Dn(Owd@B-MnY3;E|ahrl6@w z*ptCg&f^eOb3^DZ1nRZb;HV9bNo!gPN$pJvJu}?6rnD4Iaa-(;Ch5MZZmm&eEN>8C z)1Z2Mzd%HZ9~w#y$Lm1~57Mgq=*E`JUpZ(=+rD>TOja4pT!!VSsat#af`(B_%gp-Z zhKz8CIx!A%$d_y~bH~SE*}Yhsb8tE`R@uU9JPU)>4i&AEefZ#}fcGRD@%NE>UUU?a^(j*{PHMcOC*ebL6`d2dUsx=#p+SxX|kfrO>RhA?lvdZP^HM;^0 zGezOoqEea$-Bt%smY1P+(w4jpRo}Aj-F9OzTRhEzuyldz1y?UDmD6w#j<2>#nQFN8 zQrOzLYfT|wl5ogJoaVW^-G-WJ`kq$)M$(qGK(+@|GSy@&DH_30_ejG$*G3QKjWU_z zAl+{Hvg&TnY!_9E|4yri?Ft4Xi?@{n3S(JZYC&HX)?{AqxOr!HQq!uWJ%g-NZpKVi z*bpqkK;8?RFK!#_MrpRJ0-NJZLnR5?t7#7JM)<7vZ6l1PNd+=tK5nV85Y|zzr{&Gv z&YAd`GYkIILZ=p}W$-Chf>G>>)y^efm|A?!SU4kk!v|*&oN*$*qpO6D z?yI|1vGLt^n>GCRF8zCt{=HBCKA?ZUrGLMxiOu!(b^3RsR)T*w>G>}GdyoFTPyap; zkCFfbEBD72$fO>{6Ob6NlWXE2>NZMrt#2yKciA`qeax52eAM8nq)KNP!&Xe9K?p~3 zR663>Jf*waaZEAcYIvzTPQp`UPAJRJwZ|1Hwa3(7_K$4G6;LNWlP`c3Jx6Yqdoc<9zjYt7?V99 zU(8Y=YQ%YZi@J(Z2g&A)d_zG0zf)$0Qrtu-KA_Cd8x=HdsQja(`iG1|@Bd(ROzC|| z*;O3Bq~IoZ?!bDK|A{+y@b@#|&A74}^0)K7q{F(k#Pwpl$?rqTsD5M;f8fPGiQY!> zMWpj2cAjLhJgJ>0T`bQ#JI}j0c}jF)h4J8Ih7sk?y`4kGPRoZFqGG>wDd2wvmB9>j z&UXIOwD41&j{YxSE!7O7S$}KO%X}&#TTBlo;=ACoiBSWuQo1YC^m3o(b(^XLPC+7- zub=u{U<+7>%!^vi_-xfpo;oWep;;mctV7@p9BT~Sr4ku4Xt+ZpulV?v6N^H?kHlt+i%sJS;J?$u&mUnn0u_aUzwq?r^D}98` z{COdNi(lqbgkoHg<19`8JNj0{uu-#;MaIPpe?X$#)=k?$FK*D(5A+* zyulP1gu0Z}Dp%T=2sfR{C`&@x9I2o=7lBlgq4NXXbp_oRjvFB>0Q(a{p@yA^0tfA2 zOdSrLio2MfoTau!IQ#AmgRx)lp8I&`0W$*gJt0%Q3)cUzn!z6^b2QijVfPii$!HKl zF9&t)m4ZtCB%ocnVWMk7g*sSrEB|V};N1qj8&1-3=Ph)1CkigdGOUz5y^~T3=G2DR z9ys5p4U7ppC}^oCerFB*{k$&qbdrn%ufDw>kr6m&msA9L|5klL@vnfnG?c}0t;oBVr2$+12Z`rT;V>X&+@4I z_JD=)j)$8JE(`SF9D&RR8`3$4jF+b2utATU{Cm8|!ZAzQykiPBW|NWTqu>H}a5zOy z$g0Grv*^R)J#nwGj!N!EiSl^ZTaJ1F_G`SNfKH9Au2DAeM&&@x^L&Rc4NA!DD9Lxv7-NvI>FGY^DQ z>N(5=ympYCMFUD)Hm#Lb%|PBi$a_sXmju}la_(Q_h?*ibn< zc)I`e$kHgeJ*{aOO@Znd@(;aVnxdGx9+}PUkBXgH+xCp+bfB|A5{7@N1FDeQYHL*( zCZuvZU9^lTHQx%oIiJYPhH=6XC@OYTZS=Gqd#?x6}$11C<-09R#mwyIh6e6 zjT~x^raPkLlcL#e6G~{*BvE`U%X&uyCxqSWc5c?d&x*P0YN6+kf*yxQD47$Xa6I8F z&}k!)8w+bRrjLj1egQ+WQalLI;^#P4@Lt$sRc%Wi;9@iRID1{jKYmIUwvu>xF+6WceAv_d~v71HXVJDgXUqfsPp7*G3W z*{FgRrz4~0TBPKgPogHn+*{P-n@^&KQSP5UwuteIPonkkCB}O{dj7&9r{9%rCEB3` z>mbZgx@t*-0oviBI6ojC(y@{`=`(PWkQH92iE8jr_sKm7RZ!s=oo$E&41Hf(g=-5s z3Qes)#}r1~*&sMLeCPP!#lGeE43)ghd@MO=AADELfG3DmlglbyxX46UUS~G2&1Lf~ z7XBXSJ=0$k0z-!IH1- zsh^&+PhZ~;2ZS}lNFGLKzDjmR!26H@^I#Pcy{bYXvn6#e<`b3ghKKG?sm}cF=0##> zp3%*PiBQs6Tv6w?|^THA$NJUcZv`3LK* z1oUFt3fg^SxNq|Lx6JMEmZ7Ko&zU%xC%#p|vC)PZDAAdiRp3+z?C-2@aTVDM0u021 zp7i~nf(l@zg_EO6J1Zd)WzljfazKWxPF1H!Op7~ z*`9913E?T0Z)M#*H4-{7doqcN=EE(J+?4BtHIkV@-BPE%8XkH-sePoKqK>*ji{=nn zunkpp&rr>%<0bAO_mo1oGLu6wu9d}GevY;dt?#;b6(Y9_lAI!~!7?MMdwS05;#Htj z?T(`Yo~BTZpTxsZ`tFn2x|{ zeaLN8m>xEkvZ5D;%opoaoG8F_c~TYSQ<9@uA-@krS(&qS&Z0?6N(Js)**u=m9qE%{ zPjdARv6z(KxBLWW$KcY(JEUeB(jWD{Tq;c!`y{Z6xHu0O*CIB)r`jh~+xg?wmlE93 zgn>1FW}Z~`cYiwS!0Gum=pqyl6WnE~GGn8wNKf^m#T^^X8Y3H&>%EK-ZW4DevAq6s zc`heKv8+;@Yg@cL-tRowIe7X4{Kp$I` zqUrdFn7V8}d^kgRNTw&R-&Url`maGv~aWuxJunlaZMKdfIl5_xFk?p;O2z@zq|{A*y4h!X-kP zguK=42`A4ol%P!d6{@-gK~Ibfdd;SXPOUSj!RLi(LC4J?MQ(JnDQUEFU!29Uo?c2) zWlO&i-@EzbP|p(VD#FVINfn0~gj}=>Fdklb!a-s_dQlNFA<%g^8O!?+(iw30gE)cw zz;LD4?7-Z@Y@tE?Rr<4_8!cI_njpyxq5RY`_UE>&JWlHKR=fhm~>CGS;q?2K|wd# z1PGA^jw@ro-!B8DqvPf#E+vNZ%1}amtFLWB2Ui4d6Oeu~4Tgk410)*R3dr*haN2S2t4F5Po#S+BO=C9esT9@OZCo%^yi&?onu3##u)r+At2D9>3T*JXE_y@v%t~ zyXn#C_jkF0so3p;490#XRs<8YM$4goOQaOo(gU&qRtViv=$F3iO*rf|n)q+CyW7O0 zA38?RTE!n`N$X$wll$5%4n^e0EjU8P=_dRuyBwbQa0w4b$M``GnEXIRtA&D>n&!|* zxYoyyHfY~E-aQgWdoM7U6JPc*xI_%Q7NeN=t?gH4-qQ@$umGOfKvrH*gk!^0(lLgK zhc$%=iju~u2AOTxc6`WpvAfR{gHF3KJ}P3{#-8s}4woy_&z4y7!e`4|Vso}!aUDFU zK`p)CeDxK(44fswNc7UtFg=@B4ad^HtI>glFlN>jxqA&7iAc}gcZl$V z{!5g93;!57bzXf(7o!1)B{!+BMs`%nM>Ec}t5QrLm>WMmlcgatr<`qWrP047bB>p^ zS~Dw1;_`|)jo-x|AOWsurwnNmY(1#c^OVziiLzdwL&AXZnsv_OYQMHX0AQSPLmK!D zsSSds!6znoKX!HFK7@I|3zTp0eMx~X)@aelLX}5>ujENBLe{j816d28eTZ7M)MX69 ztZ>LBdIt7UoJS^UE-DHInJs!I0~P(iBR>Sr`nvgUoSAhZCBsolv`2p@zcx z_&_?45DJmpJ5(o-+;tE7*cMI@T%LD^%6pJ7>(GpkD9Rt8A}@^Irk1j_J3x7ya)oe?IHVoP0J8F~Zml#uX7l|@=#Q#ia*C4fQDIK6|>joD=5S?RxI1)dY zOCvIr!L3c4z!LTNP=!OoD=RjxsW6(Srvb+vP`B2U%0mfNd5hxJ>JzL2BJb4?NgfyFn{ut$98LH|+T3Y$)z&OD9!_XqIo1YWju_hDtYr+P#uL)(xNe5)e zM0R~B-jNsv<)PuRuLgLzE4csC&rQeE?22zGUr(cx# zc9)u@h7{ESGy3nAOIbi!H*eR!a<0YAhA-bgFyZtnQXcJC=FSwEliUo{M-3d_A>idVwHwGt+V?k`OiYL#^hTr&%h|#n7|-(k8zULE^C)wO?k*7uj!*)iouT>B?sDx z;fQE%gM?p7o3GpL%A4j_Up3FR)8;l&s#TgzWl2A!tuiKV@mJ-AY4LsdeNxKo1z0{b zCb%5=baAJ(iDXxAMNLI%9Ir%_cAny-S;=8Tz@U;+db)&p_T=FB_~7YdE$m-PZ)W+v zRc=?_6OaA~gf!u%4A`rt3R$J1$%d>U<-l#2K9nnxnyA;&5(xdvt?-G%j-=LskF9KC zZGxXkx5%|v`$XpOEEOmQvBL1J7{yz*V%8PdHE5{oE@=1gEp~T(WW_paWRID8d;S7( zD;rIn)G~knCD1Wv(LZ0ET22}sDkoS%Q}SDl!nY;F#A3?L5FwRSs!eB9m0EtHsCAt( zH!P?f2{&;E0pLug$|?$W@S{rKE@*2pF9m~%DdgkZ<$ zo8=?;=>__Z`zh&^so0H%I%CPB8ebNuzy@&2_SxV7^79grrL*th_lbk^RJAI5g8> zD}=2NgM!7tXqik) zDmxHzEP!=6au%mSv{8_=l^!nTWQg5R=@}R8JJi*3A|j$~mE#)oxWi=LA(yDPqin<^9u`T|r$sJHPz%rgsO9=?c(uLJ3>twD{{>W2*)e{{62c{sP8QrYqG%{JjmM zcrjreDsG)h)91llB_Yj=A_bxR@EJ^)M5eMhHf+Da&U_2&)IjLm`R9He8Q(`-LaAt1 zR`FGJA*I^%>_v;19XIVf#7*!?`#fwKi0tOq%@N4=0;K(4Efkbyr+Ma`lxXJqyKfe6(%a-i07XS3r5#|nImJ&S^7>HtOrlO3mUvIqG68pISa&XPE20vx+ zAc`S`Y)W1?o;ZVLA8Du%3+V8KMb9-^!5`OT-Q@M36;XFumt%wz`^IpQEK#iPNiruc zOd>;V^Vx>Ru`-)n#whwW&iq0g@4x6^AGU69Ia@@_^shZi8g z?zQG*J^E&!?K*>iyj?rJc-(4OhdJj%2TNrMDn}fqB@stg-+*K#3G^)`H=~;FnLXQz z5Ux(WtO7mZM+Rk3yO65~m7Z3M8=YluqY7%a%|0+?*9Qg|0c+|=YMP<3y2TO}Gc98y zZpm`h5uSFg_k4eP%#cW@wf0t>^0l4a(fAzDqXKPX|PiMby#8#6+LWf9E z6;(uRO-j*CG4x_MzEW2P@-PV^i;7_+El5j3nWk3c!*w7Q46wqr02&NrL=GxK`n#j8 zWNJu^-Fm)3NjN#Sv=Wk%oLM zA|eg`bQZ}a)Z>&aSlL+x|FplexBpzy;U7~dvDXr1#PSZFK01<23LgtHVbKWfhFL5d z)XIDF19DjkEX$0SZcz`6k|B&__!YFHO!=M*)xo0?eC3{0Bq3PaRp2BC(T?2<4m3+Hj_zk`^+Ybqhd;HiA!sc-L?t-QZ&gckuPP5%j%1IUnsK=yNe-pNUVx$Pr8r0jgc3W=5Z}`GO$?i$ZLKhX z2HxMGR{&n2aD+-S_akAilnKa`$`H{g6++6I7_oy2U$RLQH_Y>ovuM(Yle5{tx_{|b z;X&CQPgF5!%UUxv?8)PRXW5L>*~R#JB`j$RM|`VIB&|F5cIJAfE9z;PV8i)Xh_^6& zmkQm&y9ylmF`P47Ln(VaQHF$NwzERaJ@O5L9v;a^K{7bSg@2_ksKm~b7dy{qgwVqS zDJH@59R4jhl|e=DbcF}PF+!KhlpirFW?$4{!c^cr@@#LLR6>);O?L^YJVx=DyXC65 zO!C+{bJxwJE!ueJGB9;`FJxZUN4C@5dDzLT8tzyYTNeR|BzS@}-e!%G9f+;S8!eqg z_i}~>A3j{eRT4{_?T8%XGlWf(v2h)XfqlTasWFMAN5|o4Y_3@gA`HYr0rvC7@NHk;2p$6kOKo z@PAc~YdgOW!{{Bfrzd?QfV;y?h$94hoeOETNY*)hqxNK;Cw5B+`Z#~!@L*e!SA%w9 zhGXU7>5e9?%7*;$E{J+@f=53}vMo3z#z7qh!&8jHZ8=XUUuA3z0{^oB(lZ7rqOw*a zgT5}}RFYhS=451(pKi%AW8fTXQcO3Ekb|X?;BjURA^U~Sq^>p93+r}MH0yYgxxLL0 zXAAIL615g(x!J@Eaa_!FTZdTSfk@8cf07R_OWnDy1G^SNFI(;5j*kF#=8}q zto{whNMbiuX$8|_kvs@ToNt1X=-no0nf`qS{vBE&pB8QfVx#KQh*jduX3WUM?N9+; zTPN!2#59gal#J}HcFnJ<%0;DW5;H40H49dAg+Y>5dN7MyC-|@U`pbWPIsCF$|MI6V zpL}`j)cHpa3t`pRy)0<}5F~V^0g~mx57%@e(lV7h11g$OAu``JzqnI0hnTq;iFv(o40m+|ZXB`f@{GZs@nT zq05kz+`AOtsNTIgy9lFdX@#L}TV;iDTi;V)ZoeEny}MafPy{P$JwJggYcuog?L3EU z<Qy~wW!FJ&ArB)OQC4@z{bk-t@52R{U%`VR;dHe%%)lhi$ri( ziF8jlcB)jUq|lH&LsdX_d|8gcu+NHfLI%MuI#H&q#;}gTr%w(8|DF3DvJP=OM)(MW zofISJIPO*_7ajv8Oel^d&HM8B7YS2@~YxS8U0ar@c~ia`qn43}ue z9eM&cu{+{vd_m)m-~dJAZXx2EBB%y;tm4@Qx}l~=SSRk3{8~2)+9a7-M~%O;tkyWPK(YMJ0n|?EiX;Q$p$uuAc0Z$s*c7LY>ht) zE8Aq~s0<6@Wf$b!Rz8(VAe^3*V?SAjY0z{?hSydu9Ho4Ty}$DWwu6UocsoAaIsOU5 z>v6w-T7g7O!(a2S9O$)`h@r0SbP_N2?+jZ18O#OGy4_nb76dwfDnp;$-CMQq+1)KP z>)G9H(YK`$&kc=us3VK!<{x9q1J$WGwJS}X4Rg1d-QD8tWq0@YHwDa2<1uzT)MOsp z_(U%8XJZPg$)CaWZwiCZoouCBGK*WW_`^>9<2Zy_Jp~mj&6ywz+W1Z59QN1W#kvoR za!vcN^Ot6QOS8U=S)W=DvqO39A zVaB=}Wv-WDV^-e~>@|!gQj02)uQOx%2e6$i5V@{<1`L8O9=Ha+IE~NZNCyS>$LBST zu&8XoBXSldA7BCjb5W5j{wCxdqlMvq$2N~(u>uP3k^tsgfgzMq&VZ>x#U>a=BT%^c z(rdYfTm@lORY+}wYYmXA)D%z{w}~XcQ(2fQTmlKxJr=fOcNc{-y0D_0lGL^a2&XtO z1j}h)wN)$g3pqQW?>D~og!i%XkFw^de?xVMUE77E%M6-VchG=oZ@|pvqIg+EZwl&F zKx(-QEk)29iJ((v=u!;*1Tj>&bu~y|654PUFUsg+i@DB!A#UJOY5O-*+Wx^T=I^Vy zb&v*4Q5m?wrG9s*-@QHkuC$i5!^+4xH$P+n)T4_AnuMmbYn`fS@ni5$=8VTdAlfI= zuy+ujdBpRE2;Btz>4$@~F)L=lEf+J_+whKfmc;LHZy;+kMAu4&JTm^NF)-v>G)fEX zu2!WTCvD4Wq;zPhdH&;>adf${bTtGa&0gt}HE9S63^XxGbS1+hvS0 zx7I%4Kkc=u-~=5kpw*ViC5EK)&3vLc#MquxEyVWBw7FvCY?sSb$>CQe7XI{#SJ8X> zK5ya-LD;JNSemxCv@1UXx2x#1WnB&qqj_ItZ}urY_wFy(W$*s5zWVtu*H=G(?!GFy zP_)VgDK{!f0F?`oIuZVFO1&0ehSy zN{RLD(nnPT>?wrE?2rvN30S->n3tI}azdCF!f#Lv1w7PfX-V}^Wycd z;>}vK>7A7BKzk2E*uJ6BBM?j|kfc>I^cD#uR8OVxq>vAT@NF=-l3}fdKRAm)!Z;tQ z_(@58I$`|Te@{SEfthvE@MVj#i{rCCBT zGfbS_@Vf`=W>6`JG|xBB@8Fcc*~N2AuLgdFq|__;xn{nvaX}vS3bu+OEzuX5O(Nq%>SPLTScRVf&}qyRacsy z@`tWenbMm0n{01wr7SU&xU$RI#5?sUB03O2)E*p1 zj=^quZEAIjQy&=XkmFCWVn;@1r--9k6NCCKpp=a3-7x6_1LxY%62bML*@FNc6k)Jq z@&Hwx(wMqvgy-?Pal(jjpui6w?0dC8W?^Y}uh;(R8{%m2%DOJY9#Z>=&4^AXW4X7r zJP#QvvU1F61@J-tnMP@a^ag7E0&A?6vUWLISH~1>C7l&T(N3Z;a7!x`S7vM51o*X+ z!8Ud|O6)%065i`y8*kRytL;W(tzGq`%Q7_?%X8)qVRxI@wiNpZ11hO$5su|9g#=Q+ z4+lm%m0R;gv2wr1oypjz4N0n#(0YRRJMvKiW>rk7s!koP7CwG zFxSGd!J#1qqdgQQ>o&hnjuY(bv4}Q|$8L%;OnuCUq}LmQqv_RWdv@p5Ds5m9TU>~g zbbf7q5KXVpjRUJaM>AmwViK20ilk;4r8m?{+-4COjl?(KD3!!F-&j7)+DE1347qV% z(ri`N47#^B!O+K6r7XNPRz*SGYl0)4A_%vgA5rs2@TMTpn9*Kgjm0CMAXTf!Nb*@I z=1Eb;;uyk@4qiRk-$IEm&D1l2mDhc%K?Y6(1sXu3p>=$B8|&U8f%F2c}uN%--7)bI`uRDZO@|e%T)-2>G@a>a&9kszAn%#{5{2_H& zAW|+HC@mK8eUUgY@(5w88*HyVBQMaYFRQkw6sS7>3j7kXVi1N57g~s87H9n=pwHZL zDv|;U5cmkZaUlPaVb);-d~-OkSUdCOh|WXO%2 z<_hHtq7SK4+jRUPlfvE(b5{netjU}VtP=x&zb;RPnTNOC4E3@&Q?|1$WG93fE^iE- z^%uU8$&6}jJ)Zu%U>B3q`mb{(_j~MR)A+sHo7d&|+rJ;nH%wk}cwQKV93B{ZqrEEG zyHx7UVClc7`eiDIwi!c~MSrec;Wo;={%+8y*aMj7*NX$xF@;%Mgh@f%_2}XMSX%*q z#H~Qir3!z)_F07Ezu|EQQJRcS<~oOxX*3qvBwQ?&zx`%$C+tV?S#&zkSG%2#b_Y6- z5g-eWu|Op3FTSZ%^c?uxY$!&gPd4&fi^k{rRjhq&F*8Uk?5qiPpW9bVPYtz7Co6OF zEsM%gjZTDmuiM`jRLpRMZz!54l+ux8m=1J7>2L9fX?e%=A`n?w90E zqLWIhYBM!rO|VeNnsv5G|N9&SmOT5vnrGWH{WI}wwR997<8tjR*Un#l?QDH6=_a>v z<@Ymag}oiEELYTWMJ;!u#n#x(j|+c1fg<5`3a427(4sqj)_KKAlo93KV@OtpSLYA+ zJOTr3gM8Q}h@2^lEax%1BHABq@m$o8HXXM_S8_LaV~bKOCO6jt!F6edBT+nJyKLoa zCJv5|#O}A>&G(0%k@;GutM0eo-NO0GB}iaBYE0QN{m-`>-BGCI->2iApPV($e{kQ0 zapu)k+QgVFY5p}bNPG)LJ&D;Ng8Vt-!63dM-6Pa2C0%4Xjt4=+{t(Z1kH!7QH(n~z zq)QP<8mX*ZI!-3tu{fRJhKF{am#FhCJvunt7i(g5E$OE5D2S?J)k?XB4j1$bD}+BG zXLY-TzrrrXzYuGISRKI!X_CwD)<%2*KqZCSusQ2}dGtDbgIlvhqc2wZ0cvtqRX=2T zHBGc8U@BIL8ox@hn0J0>fL9TtG52yA81cyJ}g?6E?;Jr&-iCqoRIc@;)%IHbtdfbKXP zz_vQ>VdMQ?kBy1X0@@CT+$lmg}ou(!H;*_89`qzQ(zh}gD^o& ztXI)26`x3rTWpRr@69u(x&D{={juc-ev@T0TAyFm-K0N9DF7e0(5uZwnR zrM?4ah5C*!>U*7^p1pk4IX-&%e0RSLFJE=>WoQ4@i~Xk<+3mQ~DYHL^0-=!m8i$Wc zNP<|NSe7T2q7w@WLvot@3C=Cb=s*H^IMpOO@$w}?gSfySQ!IZZq=Q@wC5{@iv)kF- z+5Kt1^YhN3oZf{+(L}$j%D8XyFiawj#256YfSEYoQQBpD258G-B}}4pG8(~dJf(!p zcT<84jwNx$L_tdzD!-_Q<{!6YGF2NHJnZir#-xN%WV#Z=jbhE{&nQr~7O?#_A!SVT ztO}8xdE%O$ZQfaHi0#GIa_sVHu$j&xHt46Dyknp6xP7b25DFnx3v zMpP-3ZhEl>ry|F(1f|3y?XxNE(oqbbjED-5z)oT;OLl=&4l6ADk|!Hum|y`6waLyf zY^h6Rw6(7E-GnWL)*KT9f&8au^_Q=xZf79cvoAAx?dPlFOJFkX|K1ZPdmtUuwP)W+ z{RzB4H-%K3j3l@U`>xB%h&>Ob_~BdZ7d?652Yug-M<_>9kD^Q~`%jUN?e4lTq2xjd z%jqQnkzvaeAKE(bF|3@4=Y?f=NAAdFtI_S{EA~quF+nL*DqA73)M`&bcB|z|b9t)j z-1;#=A*9$c2|W}>{%AA^yX5C@{^)^>v8Ks_Rf;Lcim^|fFB&rbb+ z*X!TCS!-9Tm1cXRIr7B!qM<@Zu-$e5R`9VlYxY1*BTG)7S?(f&J7m4f3t)c72hQUHuc9h?nf z7oJxw`!ve5C4Ru^*3?U#F}27U8Ao(OY>K<$p13a_=&@9x_wG2M_r~eitAt+T90Twb z62&UMB%XBQ6bqYt*f{s3vuVnwbnELzE~_H)NV| zJb_-%ltABlykNAb{N4)g_fhaq3h4LIX~DDD{$$0Vw1DWGy;HC#O%$bhk8RtwZTlYU z9^1BU+qP}nwr$&U{_dXXo``vxh+PpGRry*~nJd?~_M~8LihLw?Fov}9%GOQ72wNV& zs|m|0$*wI{&{-^tYv8<{NN3r!ItuAS5*xZH<)TOlBRSbr{4OGfX=r*Da2|(3*#-h^ z<96k)3yqx_@;nu-V9O(^QfnTnX$$Oec&0d~ZmB9}zKo!XBDY{>6xmbt<8awXHf&K= zej|QU#!+@oHryV+3^}*7(0L-PZ&JUymU(ny&&D0Gd-9UNMVKvOUrG){~kv4Y%S-GlbQBKp4n*<~S1ks}dz=w5HUBz`;L53mY($ ztN0igCSX^h8eOyyyx!k!5WMfxa3xrmoC z1fmkgNnwZx0(b!@HLK&aj_n)MtI*e2118H&#xUp9xeX>(BQ_{61nw_mK92!Hx+NIY zye+AO)YAH|KX1R?^@(hobq`fi2|}Lu-rV{!;cBM~Ge??}H2&2M<^J`jcj2!H%s}^P;EqsqK!e$M~qBjQ3 zurT#i+K9!vAhE6vXV*2^oe?8W|47R7iVs$_uO@sXF+ZAdvVuNZM?WrbIi${`UN1F4 zN4vp?ww4w}2U$V!JYKyiIiLezjv2Wjq+ zWG12#;pFu##?8g1qK*DU0Jjv}EIMUaC%hgij$#24;XhOa-K>d9+cZ=?kmcBLRcckT zZIX4}GaXodWu!Nv>Wev!ei+E=-4(i+8Jnz}`YJ*Y5PCFu+-PEyz|e~HoN0W!%T-%653 zSwtu2N^ua4l@*)tHVX$|?L9F&u%-pq(2gVaZIW}ro536&+Kt>i#V=9bZ@uG7fb*a|Brt`uE}P{CCpfn^<|TMp`yJd^9o7A{{Ea!k;_WEv-7=Zj?V9*&+=AWq zVTsZH!J6N|36qA2ZAbcl3&0btAwCVi7k0?&M=aKvyPAADK4EyXLcBE3G}{8kN1enf@h5c5^zoiQ0DiOjT}LP# ziMU?*rIHvvvM}~Lmm*RAE{GN**6_tov zL7~J}#2ovO)|14^S549#Uix4f;5;j* zGVhG_#H~A0-QvU~T?QM7y~TRfPGN8e)7N6fg8gtU>CQ#X{I-_LnJu|ShugZ6m%!Wm zVuq-&{`hEKM`w@~>8BP6FJ8ps#(!Mo(i%~HzY$`{+_bs)w9$IJggh&nJ{eO(z^wmK>{(o0nmM)*m zU_q=e+w^|x$Vhr0KgF4^Nv}$n^+B!A8-6v#(H12lRJ=LNeE`3&ds$;fU;%@cK%q4B z3@ZW-oZqw%Hv-ZxC!|5#d+OUjOv3G>FV`y%7Na?TLblc43;5f>FCQbaL*_q&uV*51 z5!D-Hf=qsa!MA=<5FFTyz~E%DXk9~^8w>P|CvlwxWIQ3;kMv$3T8tc+-3yJx4YTKoM94xX|}Bd?JwCTXELjn-a7#8Id^jV2TL{iZIp` z+g9*bK|l-J&j$x}fWhc7LmV3H;M0i)5`n-stKIXed=I;B%I z_EtJyeE+`!e=`gdiZ<~p$J@u(q3OLm&Vl17m`?_OJ)}A;O{~xB>|=VAjxAR}pl~HI z0cawa0`!J){JSwSwL&2H5cLNCqP}G0U0mpU3Ot@dIW{~VOqn}??>?W5tu4~+M|_vU zrf|N=_~o8QvX>@x?C{YT%`0anS++f$wWHfWyt9Eh2JcuPQog@)=6RK2AXFsL^ z!bt~PM0SlYf}0?7N7(OhVsM=3MvUFcmsBM1lNf1kF^M|ZUxIbN=3iG$I58QOSF>Wl zmCI2Qq+QzhU?;_zm~K?j!8H9@Gqzzdkx5P%A4s*{amUI()NXo}zW?+CP-^x4=*vKx z9=(C=AHz{2-Oo%@v!^OV^Lz)DQhyD<@~Cj+Xw8oI=LjRBHcj*;I1$F}!W*CF55a2wCKOUH)y_l`d5ncy; zSD_tF5BC<3Bw9*CweWTtPa05zx&H5ZuDZ!&yFe8p%Q^q@TZjUPy_hpb7^gmPK0bDl z!URf!)ZnlCSCj#ZQif0m-nY|NI!GDzA6;T`h!U7cV3YHA;}0@Q3V7rz$SQEx<) zQZpBX#2u{3jU#q6StqRnmhH*fL&3<5OEx^;c&Ej0DC_-_SdCKbi|flR!*Drtm8D7eo^LGZZ$BP3smedr_cZe z0G$04%WlDe2vNEls?3;Fb4`0?uI|+9Vu}h7l>6jOTHgnkx#zw zyBNBj&w3KB${{`;qY=jt>;;S&1egOsP%%cs!148wDHLC=S2SjPY zz5YXxYb%Yb%nQnvv4@IL_qgOWjjQh2!zG`wdrd<7u=hbqQtMcc7{2Or7Va?1!Z<- z1-rCCuUl}>#U(TKU71z5ufS`>ncbEZg# zAxaclUILM+lXKH%s(<1=WR&z892!12G${_Z0 zqJVNnL?g$X<>JoB`M%8#4g<%Y^S;z#3g?x@Q`pU$**p&9Q~69Gh&@KI(=A$-Rs zvdpfjvh!Ov6(z}f3wt8O{&utz!ayKZw^W0vW|=u$BLPa1UV#%nF^)rdwwp* zowur{>ag|F&7jQb6pbE==t4%uh|lwnKsBLgaz`_z45IgN8&$IEVqRXX%Nq(QnEfLq zxH-61Ow+X`b+@q(P@sm}4W{mf)Wg|A9gWZ+yt<3cP+l04#8M#Xr3*)X(?z+?d|yX$ z?FDz#*EuZVnnf%Qcwt%10#Cksxs$;MGw zfXWiapuZ-T+dWB}m_FNyoZWer=d`1zukR3uayJTNt5b$m3*ePqR1vq~*khUd{5rq! zRfZ)v$ux~dS>nn?9>N^jo^J&d%F{d#X>p^P7f}wXbm%i|C zO8gp4H0jh7hmSC5gjx-C=oc(?FN7Rj=NC5aeEAOzF4mZxxUuEW_qg3-==?l}dubp>tvb^1(wr#2@F=z`*}{Zf`@~lDZd5EX*+1dfec{?6 zuzd6t3)6bM)94-s61~U3tytxTD$VnrI3$IX%W~szaHv3Q10sSCX{)~TiijEb4k8*H zPrBEl9e<*RI^*iVaQSw8oFB5BRoKNUuQ0wfRaARwS#LE&G`zV|($#QC7}e`=Sbn=V zc>^oYf@6HYr3aBvXyEAURCUMXR1>MkrcpftQ3mE*bFbCl;bQl^I${tc46dPDho4u~ zJXda$#^+FSui~(OOpCo;s@Vr8weXkM_T)3c(sPV3GIcPlVH{uoU7M7(Q&>r<%Ik=T z^S6PypEo08qSIXK1VOTb8uZM1!Q60ITlXDzpV?qU5Vjq0Ks54JN7jv?s_>feqN*RN z-55l!pX(LWd8v&vgvgSMy;$%~P~~>7959c%RbqG?*?KU?c@Yl@)pBc$X;QAfW(_?i zBurozqBPJsGn}z@VtVFqN$|LVX0fz*dWylInhZ&enoQN7dr3&|4T@w!_M+Pctz`zY zWn>MhUeJw9UN}BvH)&2&k`>WFF>y%RX9|b1sL1HCu2ij|VVsObD^$vs7uq09Aky}O zH-JmB>m<6P=y7+H->;?uoNUFVP3x}rsNweVKwJ^Qsae%TYXql5kOcyQ;Z5nIgXZ?8 zBAFV%9g%hTC2$gdQ;-qjP@RUDp?rdginBtWJ{CZ&1;VIx=M1AKMaoc9%Aak7zI!jw zrLP7!Lfw@XUxHfBeb}qq)xQTrVFifmlT4G8RW#m)ja`aoQK>0wuF#+?`?dMU!9>AcLz6~_yBc+* z3OzVHs|0G8k$V3&K_C+N3uaMAo~Jg+>LV~iV+9>2tzt!Ch|)z1L%t=_RAYJ7s`)x4 zph?u9Z>IqA*Lf*;Rq+A?qODWnXwrjwR#!Lo-@Hp8zMJ?7M(9(OjfGw=h4PO2BVq*Z5d<_x)6{Y(zO1oSkXuuf*(w+XTax%80-f8^Puu z<*M56lS>V7D|f*aTBB;e8)1Ea)W4CW@7sYULuW3Y2N(XEL!m-zb=yyRn%o~hO9=)< z*5Do65ywLHXcg1n-qU97&hE^jOPVj{pv4ia!H)AKF z{up}-XaBpOQ!kvXw9qT3J5CW}#ybV=K28@%u@Rxx-jq&w=+&-1u5y0w-)ueYFQo2B z&nHSkMx_zsK)s7iNxyRrg=!j)iee4|<3x7|_hOC01Xdhd%rM1GCd0GK{XZ|h> z=tRK4fv>YLi4Mas7@Z1(Bj!7!CfhLqE;GW`uHK=_2-LrTs(mjArWy)kAkz8p(=Wd`Tyz8_Eo;%Ag~G$5=gG58!Yy*vu$Qzv#R0kdsK zRFpYOx2M65;n~(UlPFnUlBPM@4*DX;)28j+OzHwADfPsaa_+4_nUYIlx(f_49p{j) z#-qMacHxUztIAWA8a-Eq8pCPPEVca1r_V#e$U;j_utDum=`uR_4#aPx%wc!nK#zc1 zrCvYh+q!J&su0`6*ZqWbeTvw|YU4bR*gK_|U{QMD_s^dvY@*r)Zo^u^KY*wk@$r?CJV8UFlG*?&leK|>PZ`2Mqa>Seu z7mDKpv8Wwpv_wmRFLM$Y1|X&t0SW+!l@Wik@SC3c9+na1u_eR0o&w-5dpVm+BOgaq!KzPRZO9V!RR1>9JI zrsUqBl?uC1wL*bgl3=BaRuv^zs2r8EAy@1J5$Y6Ku;(!J#$4byo}Xf@$__co=yM=3 zRdJzp{UFY8!NCIpU{oYVL=L|A-MDXDCAtyC5QT^XMN@@XrP^}>Z@HmWS_w7j+fpT2 ziA-bVri$pmyg%m-bP+~=iiBWf*8BWdW3Q|Ou8#QO=qt4#N;)8wpw#EWpcrym8rBRU zFzR{;KAxd?T7WaXtKen_jvZ8rg2`!4kk)30-i3Gl!>evf!-wGv)se!i7Nx*;Qt?W~ zkp%62(sgJFVm)2b1~z@MHUFoiN0ULI>!2#;t3f124(CHcZ|tx@|JIRyT)t0W$S6gZ^q+3?b{RjrM_CNshkadWLaZePBG3azhUjNY}qSH z7xSGG;E32cay5xlrf^GsXQvh8attIw0YNc+$eGjKyAxt2NQ%vNE5{WSuP74?QQkX* z2}i6RDcpq#GE(}V04~){0o8E8;L-w3w@56(AjH1{I{$`{hCMmX6rpAX_gW;tH_=ZR zBk_sFk%bYp69;VM@{NiUh;z$tmB+)*g#2$b4|Itv4!d*;;&bt2_00c;LGkIQiXCc3 zDQG`G4NQ2nvh?nJEMwHzYLwf*jjD3O>_4`v&uhQFZ-22p)UO4!_`HgDiWX|Wn^bvY zMh{((h1f*ng)5&eO?0e=Y%3qa5rEBBxGS!d3@_&M)OxF>&Q~rNyTd-F-}YD&C6#O` zyqrsCp{#xoCYOj>P@(CqG71dCWpA;mK}; zOi3{S?d7Dr25$KRzLT`}?#1*}YMpiGd9rIGLM4RO`^_tGV;O#m)@3Ok6)~MTis$f@ zwLK$JN)?5UV>s`S$Sig;hCe-+5&WQp;*?=p#x`7}9 zn#kge0Kc>eqd9vDumhOg6M`e+;(kEoR0z*`nOH!DIg_UsS}GQ^c@iuce!QyBB}n76 zD6f8`q%4^W*$f2-(>QEEM)E8@d$&lTG-`oGWfrn)87-?rRa>6PsycJqaU$oho1JYL zE8~K_>~thpL{By&qFCmXua!)hJ0e=moE7)|1W0H0S zA6SGEqbdhSP78;%T5MoSBk+;)>*XK4Ll5BOB3lt6yIzQ)tzjb>5v>mP9z?u#n4IPb zxGeeAA-qx3W6K-I&%puY*+^g&cpCU_ZL0xle*dNL^_l_TASN}C*V{jMgpnDj1A}?z z_lA6%ip97tYx2Ef%dExo@*isp80yN6mwBeYrJd zn~oOmi+xrP|GqW8loNu%JPGD>k2mc`%|Nk1(CprKn}KZ%0y|R|vyNts(2TnD$%b*~+wqh!ffrpz{!-Dwt%U z-22?wuJZ@T8al+4cq+{0UAdMh=~QScaF5ymgDRl^vcMu#vVR5Yp*!&rB#?CM3X`qj zUk$rpWxT(Ab0H#=%DcJ&cty{+Ub?fYLORg!@#WRW zKkj%w#rmtGG}S3s=SL-x<(H*2Ra$)j1=?U^eS>8}oiZt>e-?j;h%W%;t8_9|sD4Z^ z<7O7+>lB6habI2f?0%7`stb>HcfABW0P`Td2t6g5yb9)>=vY(DaDtInm3K9;J;u+U zJuWq$&WBrmit<~&+V?r8MuHCtLr;ZoqsJ>Pmo!nSogV+R4#DjQ3wEI4kDhd*`d zT2o;aIyB$~DH`d0n_2dD(h$l?kt*W$28nNUFVchkk zSLwQ&uWC+HejP#tTGu;1wkcZa{S6X`i9e`7W~dH+7%I!y$Lj&pVDdb{hH`J;wl%z` z1k()Iv)9(y#RIm9I3Fd;(iD@xZuy^ydqNkHnQ+%x$5M)_%^JhqTgJx~99>Q;Rtt?H z_)${DbV2h+EpVKpquZ2LwAqP#r7fPQKlGSRE0b`%x2b6PT9P;3E!NtFM0^Z8DU)@s zfJ2HWGRtuxKUCOd6tVJ+OONF<1i_0#dGuVPsiohp zNe@dB6-N(%JN`AMr@CU|WTvl_s)R5iBQ{WT7gx?{Vv9{Xdi)-`mBbu99`T0U2YAGK z4CB+vnq1Rshb*#)+I4^O0|xSXF!*qVvoAtrwnPU22e9naoSjBIDK<6&l|4|SM|>O7 zm%aeu-Q2hXz5-%3;?F-#&wSue>|34m- zTsf0VfjMjfDh%$hX>|Mz1>idj_4?@o?zX9xm*~pPVV%Y@RV~54L%}BWsjq`vf|V>Z zSrEPHruOQjp~wRWP^(JbHej(U6L*>WAI9~7$ceVNILP*RBIL?^BP;u%<-FB5BVLoF zUjzPU8FdZ&x)Gy^WzKERvxc&*KkRh2iYBS5D#|n4L)aHE#U{WM2eeD9IyVZHiL5{U zQe}IdFx!1T@LA%;P2fv~+Q&M?L@Plid7+z*SMf=&rv9Z^_1KgM@;xABRqJxc)-(vm zow&mX9G;Rt9k!=rHQm>Xe1?D~L}imc2n$Or;hSSKnO?Hys`h5}0D^lF;ExhyG!);~ zKIz0RdJijKXt8SRtW;4_etw}zD`q&cEtk)7<#iy@&qg%Dl{Ec^zcody#n4V>4NWzV zW3XZJI(^Dt_r8j)llp&|@GRm+(3*N^KY$R@gBLhp3%!2{w@S2A(C5ZDtV7S8HGLP+ zwIvJI*2BD7Wfv)vuWMAK)>4)mdWznO7JbvZk&heVeb{f*CdSQ@16rfK2;4t>dEh8> zR0XuQjLFWGl!AYSSc4_5cCH34wYfv=SjgY=Hr0KIg8Y{yp z=`)-#m<8{1E_+fs6#(%VdUiUWf@&< zs@L>0UjjRU-SPS--T*ttm39u=>4GT}2i+EE3MdV}4Xi!{N1$b|t2|JwF$QTt7O^!o z)#S5bxDx8D$QyZgJ*H!=x3d=#s*hLbt<(B(DmQtBSVse(VM* zjzZlr;$uIM+?55uBKP6)?YrSbtRpKx>?3641J{F4nA+}fwTi$CD_ZolrbXPXHkVR1 z%IPNEool+hdU0LwOl8=hIOqBVS}iZZ3<2d&*oKIh_nTkgThVD7GEYkWiG7Pkc(&A> z1BE*++JnO5XGKJ|Cg_bVEMs29#Sj-vEcAxa7_^^5&;ix4YS95c{1p=F9%jJnB+(QZ zKsiuM|6>#edvJ@+ETP(t&jnZS5dFAwHZC6jjpqKFr&_l^H`I{(9(1p|`&LHz!Ox^7 zw$MTxxJA!HLc=8&_gU-Bd%$Xm*4;5Fz6ckkTx?H2DWyew<2!ltd+o3~UCt)q$G>6h zH-Bs0alL0Tve{4}J~X0TS413~2#+YKJk&Ud{4J<XcP|+*2+iMc*!YaVXU_6^F2BpaCl7kHmpT1p{E_p5~t3Yaa~*{%ySE=*l>E3qb)b@XnEK~I{kyRrt@Yux*hbi$q{p2T9x^OyQdrk*Il zpDPst!+cyHC%zw+td%R>yUDt3AUr`yqkVQ$UhrllzxPj%8cZ15lAgr&u3Yym$l<&f zLEy{7X$t=?aW;6mSuH15$x^UAIwJbfzEo`YM8uP{8J;DoP|rh~_kx`kd0ePKi8raX z6EXF0x_3iH=EAwDssd3SMJ#zYNf!AK?CeIEi&7){M>P`XUzmeCSbJ#(?t9d^;RVj# zUevH`-%=(5Qp^Kjt_}z_6}Q9sC`nO)3&P9o`ikhx*~+kn_fP@r#rLwJ#See047cQr zh(-b28}+zG8FycBbCy zuV5-jOZx|tc9Kp9+XV{D4W3barI}1~$)qavDWS#887(=h#8yi)p5$_wEHpWjwFP+n zcxm3l3_+Y#AC`P&b$y+T=nL7Qn8RwZ;QW_@b>av6Eiw75V1R&a7{q&@1G8`M!&kZRGyUuo>J@)8)) zOcU8hn2{n1IU}l-hT&D%BYco|Q0rtLC8a)uSemlm1`=Sy)3-%c+*4KKN)M-qZd2AG zcgeylIm@*=&e?oCuJ5bXYsrJtC!>eWB6cwEdpnj8jXhY!;E_>^A(lSd;uGd(rE3Qx@=2wcMlGhT*Z6z0Ct~YMw77HDs3CD47h2CU0 z){M*~7iIKCnmpvxeX$&7>?$4>?+5+LU8GZTa`4+_ z$NiBChosQ_gh1{_fn96LKgj*%AQi-TvCcoQdvg`@SzP(vS3iSUT&Z_%zNV#}2vG*Y z5;6-9Q=H%seYq&mRoAHwKl#{8)O-JrxZKl zAg+&!ECMe8l{?*&z{+)3Bet}#aKR7>g&(VNd~{VD|79tco5^#FeLFort>i=fa0Lj( z_jE+CFZ~so8*)@@NU7&tCb{SGusunXvoyY)0#5f20q;2^C^h8)N zf~2Wg?Lx^vbw*Q(5PfESyuk2L(PqL)s7TUM|dq@yNX^2lt2{{*AdT?%Zu7hwt!y9%bidip^ZG;9RZVf!PP`H z+Sz0B5C^9l*St8N_lV2j_JI?5Wc%mv(b)nabD_bePHAx1q#$Gb90^1D{!n%BVeB#> zD=Y&W4kl|8m#+DxbXTtO@jqJinl&;!)PAK{qhvpB-3brn@d8^=Y*%7xctXGQ!GWvy z`S~Ca!xaOKWDiMFY&FPp{BpaN%pI*llsH3N(Y`}Mx>>3kWUVD#^$6rGN3wNcDlQ@} zQ|OtZ^FsDMSrsRiLwq@2*N@pAFDV!GEs@AG>Q zP}(Vad>Soo=XIZH_^ z%XHqNV%i<48?`?a+CNp{KNRRkLxaX|Cdfr3s88sFbw~%rdL(*7Y(uR=@xK^SJr3?k zqJOKhTMcelk{%!@TN?1WnO(3>iaoXD3Y!E@$VLu>gTuH#Eof4{#KObI=|{HEl+ zYlZ|x%}N8xK-mam!=Pi$!`aIXdWON+%n#LD8`Bmak`UWPNhQK(3Y2M^@Ao~F>4ifW z9|)HE94r`(-Ai%O(YQu+<re#A@KeSbd^Akg#fS~PC$?cKwOn7xmzPPG8GQy>gmO*7{!Wck@qB^bFK9y?_DjD zppV=kI1{rIH0%ez8}0zWq`<#75md?TH3?J04$H}2(&^4`*E?i3$I{9?`h^{UK>f8x zDjKrc*B*qsst?ez7IS(d^mfI{*fGX3$V&0K$NvK!YUV?1>U17IgYX``*l@KV)(Tt= zNdFh`kSlv?0L^NO8Mz{|OLF;doYLe!>S1KBqc<86MDuzSr_GY3y~}gR8=_TFmTWJV zEVjyJBr-)$PQWq;(~(wAIZHF9bs_*keP^6%jQ(D%Kwwp50l-7xw_{Tt`vCbl0x@PF z;Rj(FcWX#%wN`n5-!&~VC*g%Q`XAyMuWJ=p&>b>N3T+h7FJ2Y=YpN5?PP)oChd=*| zf2bR@d(j=1jR(FOk#V4#wzK~Gg^eg=1Tv*1hMXy|2LYfZw#@@YeXBC)2U{6MHPCMR zlwxHu%I&}<;8%bfH)&^5)%Ct!^J7x--E;ADvt8L#u_W2hHHYoC?=fdOzGk2AKf1?4 z(K+BpI1x{MWo7W@3T^)YP6n#3`T+7U8&jR>U3I1|o6^epi$^ek@66-ei|oe?_R39X zo(V2*w5E34=`uzRwp{2Zg`25bu!|5QsIi>6ar8?d+JW&nSuLOag$*Hd0*_ueq>+rgY<8@%v7)({gg-|S)8o3l-d zrPHF(n1VGi;3 zML%}`0IH7*(9H8%g!EAcuw3Mw{&Sxg0dxyI2roJwn^EQiSHP}pioPi5{6N9f`tgp> zg54bCnCpTCf0MeeGU@;|*bkBk!69m3cZ{J?{nP;^r!BAC6!90JpGwdT;g`*re#g{# z9)dR_Ed+;h2bKD&fW3};P#~G0_R~bm0e5aGf2qUVJ@oAY5BNoO&`Aeq8$)8T22)Pc z%@>t^C~Zs$JCOmu2?Q}eT@iJXd1Q#K)%ek{@_E*A7&Z#k@WH*2HCKfj_rXTFbA|(% zgHLJsf4gOL<2-ykc*O^}x3~3$epwNu^_=QM4;(Q6iR)ZX#4n8-uRwl%J3LX%N#?lp}msc(|C|)Ffiay%%+<8m`6FR!C~w0yB=Xj-=>} zS?;Ib<`klPW<>ePGqrd{K2 zP_#b{@DVk9ZYl-GUJGg^>R&Pj0m%csWMc;Lu+`0uqJ9!BvkNjdB;{e6|7h>c)zNCc z2Mc=pYA@nV@aiz&wcXRVp^)PRf1ok&E;DP#r$=dH%pa``yqw22<1|&=X1H6%g0rd= zV%*a>-K$~u2f&zW+`zd*GBY|gBC)BOn}bm59R(^I<))aUc@osc*?cBM)c3r+btlvAK;8=5PPJB_uH&t2l zRs95ASMd%~X^DTS3Rgbi@)pfdpLF*>{x-EcmOVyt` zaSPu5I^>^8>uh-B8lN(V)16E_Zx}W>j?2M`Pg@AI$8=CTmILpG25OA-Yx$ogeBVYJ zFNbjPdU(-ogx&dDNB-Yjw5LYYoqX)jOcLQV6kFxGllMlnTJqw?DZPSzY3lLW$7@}t zuE#~T?Z~nz{b%-cnvf+@dyW*Dv}lhC>|Yz8=F_L<6#k45;W;E44<{5?oCFy^->BJ+ zdxRMqE}D<088)RNF{l7C+)ycG5l ztL6+J@N+l?&ZCH9;qE^H)L{(HGOffbN8tvw<3O=P`S7+A?CJoBeK>CR0O~`Ht*B?s zngstCR5fx2;{y&m-M)&;M!HMcM)nZ1gUU9M!0s?(cV7y2BEae-uTs~B=QoaPi`elD z0kW)b69qNBl>RZ3^E&Jyd3(S#^(Y1HpFOKJ8t&JQMPlwk}Txtre{ILZJ1b+!jOBq0wScn$-Q z>Jdj8rhJ=ot7+ z#KBz>`>zBQ*#$w-t=p6X>rX&1Au+!XG;=-Q2$>g{(>5+2*u*4<4jTQi#w1udtr z7qKAGQ$q_(8dtcWh}wEb!PUHXhSJsYGKY=IiK5jvhuDOtoex3-i^L=9mcFr zWEr>M3m^%<{wE!bnD}(mthah2h-h(rb@TIi!-}+}?oE!Hp@EVXVrF`Tl9AZDXHNL# z?AI+6b?5uGKzz2wQvtgMQ0ZeI`6CT z7l+vpjJX3BS`54ac)=N5kqG;Pg7!RpGO}FGU+Ml6Tv3>wo zhH&-hXtH-(4;NU87y%~LshpoV*A`?sPwRZhbT>vmEYmv7hOK)8xx$V(yW7oFQ91G-Np)mvr)#~KPfE$wVZS?_(BhMqu2ee~tSF%N>|2cPn2D&F_)(Uf` zzGH{i)wNS~L6^5T5q6-3edIj>7|m`V%Giw}oq}NRU(wcGZ(kR=^+;G2ZcW}csKlag z5Nw$2>$r`sVou>$lho*8nnJj<5H0D$?)O&*oC^GsbbjEImtn7C9wZZjI|YsUDI`8C zKiPX1E}`t(*PrIZA99mKil;ypII_k5nEWl|7g=78hxAqt{V5dv#JwWiA00r^x`85K zFox9!Ry<4V&5n`dDerkAu2I`c^pGXoI>}hI+4u8GnWGLcxaFQEbNCW3t#|Etcs>H9 zt?!K%fMn8a7(hqKSPR~v-R(%?kOEX_UkVXDw4~N~@dTSXz^)9?&ZyEPioGy@>k_p2 zT_@dLu1*&IbQmQNBoz&yJTKP~g%5?*q;I@dwX1za=JY?HpwypQ*!99}p$7<+c>q{} z2H#?a_I@kU-~lHkc7}4$tv!FXfZY96UobNg zB4i}aXlfRhA+p|FviW|uVs0eqeXUYzJX61~mqqab#N>#K0h?DmTq6}k5}Fw4 zqdhBjES5#h(0GRNf@ZAE=GNzNUrSqc`kDw?g~=>4x7}!QKBMrYxhg@{kVYH)LL0$G z9cS2|0*$1X#};k39*@VzxxNF~pG16fJihV4NQ2TpLgQqJ*5&oE_9}R-*JV3inkNHu z72$Dt~UoUyZHkO&6dW+ku>twl}RM+VPh(r@+d-6k`pGE z@B)8Xy9N9@+9_e?9*ym!P(#epXE{IZH1!!ZX!@%eDx%^>Sb1+uXG|N8BQdTk;Jb?(1_ ziDrX^dnw^Y(PQBWhrCn6i`pb*3he)WOyeH*06CXt_(4xmR)s_*CA3oQ2h z3FhGrQbboTcsu~G^o3SytLW~PFd)y@Gw7xrp!COP6*)RX3M!CPqI@4tBe*uEWUiL6 z(yIc+UH%dX*;v5{VjJS5MetM~Pia2PA`Jo#VvAIrF-0r*%i=W$M=K2N30Teq8*EG3 zO{5JJMRospblipAJKhbP_l5TSC)pCjo}%kd$?IJN-JtUmOiXhOYQb$6m+unzl6Z%N zYj_ug*T|I0z&eTNCgNv*N%G74-u3qP!N~~SwyXHLn=PmXG?$O~cSEKWtGIebdr}j*Ij8&&A5mgD8)%BfK*V<~5lKu&d~Z~l@*Gyw7`W^Tx7!l*u%1=5S>Rv*2ziD- z2LSc_oY7`1Mk}RhPqErrhfEaTIZ4Dujfa-?T_>bLUbf5<&}^fb;3XtunM7p&SyDbI zc=4kAPmdM?R5?K7DTsx>=N1mo=#&9bf39kb{`ajOngZVZL5uv{o zDv$4oqZ`#r50psX)PH$*HP3yY3doFvwIXYKcpY@R_`}ygi>;F!`~*5HwXlLAI_RXk z=b`dqE~9fJ2R*{GkcSrem7};E7+V313qR!?34l_zffA3x_7Zu`42XGX6Kotk8LJ+F z=+A`w>f>fTB041KAn>fW=4#7fp}_~if-HSryk|OyjymdzTt@bs_%|pG3FGw^{zd-j z>-0vl>pL_O$UW~GpO&^qbRT22%GNDxukG1PEgKnt->S!eK6;8K6w8E3S_sd7;dbCi z{)|y0(34TeR_At=qn2nFUQv4Y{#2+Xp0F4Wz=kR@C!sON+*j`s)8Q6~zI$PFREq)eLGbne%nWo$R~shvrC zOZ&e7c|eB0E80JZ3YD7go*R?=e7$Ph$CSCSat3T0c~TlD6v2RQU83-}N!Y(q_uYIN zY#3~3Ost9VF7g|!5%uPU0;nIpV{a(=T0c2}^}OPAB7?xJ>-Pjf=Ti)+pyJA;k$;B3 z)p)I7%?yPQZ&j5+rR}v>@l4f?YD-l)p9L4y>^#gPh#?ekibZ(@E!7n@_s@bTNMx)E zts+1JY)m3;!RCo@Wef;n4U;klqj-5g15bLVZidVQ5X%Dw9!B*?zw(4XvbU5`E*e1qA79CP#%v3WK&OW27kVpd1NYjI9ST z(}LR`wz_c7!wM}D-5<3S5nbSx3hKRq|F*lcD8RNuPkaEPGC$;{o-&>~8jjvNS_4Y;&t7;viS zz=fupl59o*R1Lo%iD#$5Sr{ohh+aHyWQlf&DD-$TEUw!k#?CgySrvz??ikwMw&of55MR<$R5wWwO#XSmvP^Sqj^S`CC7BvKqj5< z0=7=yI!s^y$D9k0XyF zbFO4h_X*SsDRxvIt7hiEN>lxvUNN@c@w;78^nh%H9G>pGpcW`BK_0v+hK&y)F-jnc zVG66fH7sRK7O@*spvZB$RYG+Wu`aqIdCXU5`buQ0ByadSF-6%Luq`XB)u_Wd!xW|r zyVH{yI&=_+h~j&VR9V%+A~|XJ9?YojIZh;G(I|(7T`lphqE+%}3_R}V-5Sv1@Ph2u z>LHKvs*Mu-K|_8Y&Iu@~v*(aMxg<~xe%DCP%O$REx#Cp6T*CQ_M)RFPucdZV5@PvX zxwIIN*lf(2_inb2e)381HF+|BDkPho=eG)Bv-7+VyJqKki@q(XgXx<#2@o6mLPsR~cgFgeb)fDca zyVy#%*qYC?;f+{R=s+Kra z8JsG$C}<_v-nN!6l7(9se`@J8 z%kAri+n4UpDYN#E+0kUJD!Gc5W=@p3dzqRwMLU`K_WKIKMYDaZ#zod@9?$u77V{_M zD0T;Y2H|)HcX7HtlYYr*ZbeX5o%@Hf7k7zGsbgt@xwD|~Jd5pQQ~WMMv?|UOq}AAL zEd}YNAe|AU?Zu*3h%Hb%T+`j!K9^vPw+5qIk*kT)pK234e)0U^*{$w=M6qz&qc1I$ zV!6@XaHCV*Sv+0;m>rMnRLRz|G;4;;-Q47SDcaTar{7nWE|}wEIUZc4c|7KmS<0V} zgIJCK3{v!TZen-3n|jGvZbgKaUHeC}6K7!+SFkjH(kv)F&tNl|1iy>yEK74mXE`QI z$$2R`XC-HAm8hj*%gr{UbapY`?BYSMv%8CC#Jgqwk+no78<=s%!5kSHnx({()R?D~ z3>(B-6ktg^&s%=tyzWR0P5Q_`THRz~r;%TeTfR*Z>W8nPuHCNn`tXJPfDbK5<$g1z zsUI!bFe}~O;o*y;qeDt2pIg1bfJ|#FYI{s)uQlk|ub*~g0r1c&462D8v|bq_wvaz`YNAWXumfZj;vJb zAP$M-0cy*p&a4LM(=4&S8EbRe%haz{%)Z;>AQ`f60>LE^)_oV4{FtBu>go7u5Ga!( zX=McR3{Eil3!x~|mIqTp=xHG;kYEs=;vXn3^(ezAMrUlGH5kZD-Sc7G6A$j)QyEOc zN#rCg%~t5!t%?NqSyb|mgGf!EZVYS%%m@BiRR~b%Q{V0C&-&+R zl7#&${a*gm+1m9r{R~eeNSF>FDFSME3ROjR-8!i#a35K3^d_mil2(vj`ekFS`Q?}7 z16@wP{FTSvAB28d|MJW7389x9Asp){NXU(p;>l<@6I``quWDWogYh}cMrm1xmhRGa zwik@hl($34Ix-pbBGTv#{j;#U<~pvM4>)cp0(gdfc$PG#+u%4v!npxpHd+_b1!4(^)xz}`xg{m0MupSc}DHHSGb z3j8NA?(>RrEmB@O?1Z=hLSd=2wzejI0eKJweiiacg5EN`ErAD<4K)e3Y!{4Q6Oh(| zv_=#%Evlg&qBrS6P6>EKX6K5e@=FT3@mUo9Cuk6j7Y124Ox+Aa|B8H9upT;Bt|~+Y z17=UU7=@mYMM*aI`~5&_QAo0oCg6&?CP0M}6&QZRtA%vA_LAYcRI^B!mmV*CELRaF zDuyssgJ6_ku>7P)o=g%yS-BrTm7gL`FjNyi*HE}8GT8bH1VW?Mlkb4#wIGiHiNwEw z)RB+K%P@vbU;*QpXq-;Y>auF;SfKr4`yq0w6@3oS4rRu5O1_fNZH25OvjSX(SGHUm zP-2+BT%1*J-YbEy3@?;94}su$XsmmBflb|b##zPsFJ zm)q=en_X_Rf7xx;(qWsnZkcE@S+B}~Ft9tl0V-z@m`J|32&223@OnUCMGEUkMeeHC zIhh*T`XI)yum;Y;cR|#!cTP!ArtDzK;*FEi0h?-73bJfd?Ug#eAOX3WUPdv6!^wYU zzrBKn;0mgbfU6eQp8V+Gb77V7BUMe_2PjCgTl16AyYU#gsxFC%5FiE-rZMP;A zsf+|fU7u2dv|)MzwN!*YTa-%{(931lDqQ(ckpLy+gW988h*J{IP$Up(I2;XhFl9!4 zroo~2su{c`6Uti|A-T}GTYK2TR9xRK&!#`18D_IuTM)3e{s>-={N~L)yJ=TRqx$+pVwp>`0x%oXfS444LzQYAF_XG+B8cb^$ z7bj&h$#@*{6MKWBal*`l>NROCcAj+_jAS~7!cC923lxFE1)UscO-5rSF?*pE;ZzBG ziO?vPr}utI1w;y@q$|-rgOFr})r~4h^y7f{-vPpYukl`Gz%$~6iL7o`6^g#kCQ4Ab zF>qNN$+E6!8FPr$yHz2Em@^;IQ1sA3D|r)Ospgte>sx!sU3E_SA` za+xXxskS(>hz;yzBB_3Rcm08rr(LEcTs2wB*4MHdMKz&h8K|#maZp`O^X=V@_2~d$ z$SQImU@kbLS#l0SBag7=GH67{0Tf}wqErP=so4KyjZ?m zAk?}0Zh0;M-;5pA1gqTQoB6OnQn(nj@-N{CR`8bXE?Nshcv%50Mhf9ZYN*7sgWdU8 z#i;FT;3Imf<(OdfS4GeWZh!4DCwIAmE$ zbdF3= zLUuL5Jsy0!zPZkAz(WV30Trv~On{wUPeEIr)Q6Pcqtg!(K=`gvLNOatrp9QvS7_lz zsG}JDQPZN3ZcOFgx@Sev$xl~LmL=-I1PDOs?xv^@{lSHQmEyZGFz>p5&&zbhX#o8I zycFT)@2iIgF7P}CFiiV*<==bq?|rNLU~pN1>c-<6Qy`V2;~;Hhiq)|sOn3>3DnX<- zEy^+^V)rf5Cs{>`OR06dr+`O@Tcvb698m5wFoBltPudRId2QF4UlEshMYv{NCQ-VQ2r8GBo>IHH+dbtUYPu}M7?Di{(qU!V_&m`Z zNM6LK5*yR^X?vHRBM$ujJ2l@KPEURs!4^~MAm1FJe3Kh9okb|4!Tx-rp=e%qS)n=i;S4va(j~gU3T8!^XOP z+E{!U{8hQu*Z(_(WxGz&ky$yZhs`K2&SA^8RA*vF;1{ zD-Eb~8~+U9^O}RivCr%Ogy(8z#2WLeT8C2QW|^&F6kMcn`d|)+|EI;_7v_1Yh$#`c z=5Uj++r>OVw_7+3Oed|(tn+0dY%W+{{4{(V*hCOR! z#VTE0gQc-X!}JWp`%H!;4Bpm#TEkI_^scctSuO8& zZT`IgPnO5w!RXvCIuKuPPFfYQY9T{N;e9KIkdl#-@Bc=zq*m6BCsAAMvJKK50l&nq zxZn6r#!HwnH5Qu7D>M6Hh3YKp@W`&iBbXQoY$D$_?vjXuayWF=Br;k>CGOZ!Xg_nU zb&ZK<&XoFQo{Se@S~xL|jvqBQiYCUVu&ShIX*NEEfE_08wwc`wP9~X%WFgEzrmXA# zCskq~GI+DMLEYc8hA^E(ae8mgpxI^4?wFfw0(2yEBd_aUcNd>lpJRVo4$t>#CX;m<~EE>&92>q>9l9o z&02G_!e7`|7rB~Gy{jlp$-3}6B`Zqb(2DIv>T^C;``z&bcAF~|MCFca0$5mpJosMI z06-U6NL0vREsL4}EJAI*5kM{@$Bem!yZLqA$bdcSj)w00Xk$TMiMKy6?a`|O zP4L(3+oS0fwIL0PyJX&eW(7@}E&xf*-V_-KWYJ22fXaSE@L@b0Nnw%q*mgms_W#%p`Ph9SNN9>Hq>B^6;1bmGXt!851ipC&5YnVHo z%uc;wqE5PdSKf@dc;^!Nt?N@aFKY28Zc_8+;gz}9QYUdMyyl{rr*Cu4Otz(MI@XZ;vW+TqeJk=JI-g)c4p~2k)i{uq zd=TeMJ<-#~iRFm*niPUkeI?1d=ltXZ@#H2)%qeE&F_LYn)SFIF;pG`~<{9&Ebv*nA zPifaW9@_I}<`FTQu=tqx&HB9?922KaV$A!8oEdL)EX;J-?6YCMdoyo}&WPD0`ka_8 zIiK=6M&if<3wKclY@2+2AsQ-rcz$PvPJVnKcEA4G^5jFCL^qAPi3Z~sQ4mbl*`&U@kLxr`<5SC?JM&D2;>qTI zmtAGq-C3WV`7ym{jnUdha{$l6T9ulL_6Z4n9_`WX6VeUT|Lqaz19}oisoxJ~qQBml zG9s|DU5%Q>EoAx*#;WyAYG>xoXk~?ltH8**^3b^or{t;;e6yywGw1tF2v2d`bCw&<`VMIQy+;YJ}!350?#R;Li?i;?~^BD)gx*3q*`Hi6-R*>qD?-wy9g<#Q$*G{m@wJHP$>XOjf{ZX9}rgiKkt!M&x`%L_n~hlr&JX zL+F4e4`Gn2M~*+4o@kXjj}MO??i_ZG9z8nVf6;ld^YC!LQ!Y8aDTQfJJB?R&gHVl@ z*d+vo8cb1WzTaR8?2e`IUiD9_=-&_$$UdsLal$h$5i~JObSQLma^Ooq9OypLu?8E; zh87IMZU_fJ>p~HF^Ekv=jI)rg6v-NjQJaWJ5dDG(v9 zk(yOpac&ekfcQNLA@ z;uI_)fwPdnh5iY~C|%pBlXZHvoX9BEiBq8<-Db_zwpM z_DMEgevx&)WY8eQr@;+O+Q>+SDs{Brs_OfaL50kaG`X$47fu7(H}Ofw5MrL0VN~d*9hd!4qS*y4Du2*EilYkXOO;X5;mG z{X6UD#(IMoD|C97qzYL|D!#|B8-@)2YJ7LMvEJBhBMY8dISy6<1fT!(P2;X;G#XhV zn?Ph^Q7TV>ktBFj`?j%JKup!14LI*{ZYmvU2R^!%~^e^PF_!v}5gbmz%Fov2W% z!AqZO=07}m_4W9}sn8bq;{R5=y$mrz-!=3^{qAN}ao-s`S^d!2xeCtXgw&{3@UcIf1Ou_t z5Rd%9yI33?i0|Ka?~niO|DzWVM(1JFKxsxg0i}&782=#Gk@2fGUW>sHwbxz3K$V+e zW(DEYIy!b1tDzGsrYG*vf*r@aCIogSOiL6qhaj0?=%OrEtEQqI=u!%TKMzV+-7VA_z;%G|Fo@t%Lq(x zqDtTxh*x#67xxQ=fI@ATt#Mg_Lsy&zqjT{v=mM8Mg)@%${@=;z-G7{-VirzAKj7U_ z%3`5ps5H1B8e?`N%jjYhLT?Xbz~o&Z^M)W^q+=L+yx4#wbjE-xx|{_atD>00RT%}0 z)CQR|U5A~OSoTU|IthZvQjw4Km@;Slo%7wF<9o9YMmV6I!xx>MT{z@F{(0y5>eOXe z6XX}E&Au!{H3K~2EAP+{^}DckurmljoHm2K!$Xbeah>%(chps~sXDP7szI?v)L5+C zrVK6$PUHN^bY{I%LO6;x?n- z@={o#<09D#@KHtkf1|p?AE55|inUe^m^u7=*IL0X)!kLtq z;YFARh!0K(+bH0!6lupj6EyII#(U$p>~Nfrp^q%fAf9(e*@RQN3+sh<}C;>;51-qoA9nEvLcw z0=0eXm-khZu)y`p2ag`@@=xLqZ;il%z&=7eiQi#u;2efGT*B%Se*mWysnZ#v1xtFG zyhWocy5ne+=CaX|vMXLxK7je;t{<~zY8(}!@*X7dy`v}fO68;YQruhr?ty5EP0?Nx zn-4ZO?%fk#i;cVYHaEWcX7k(ildODE$mUQ*TTW}g);hIvo}o-(5KQ6!Zn?clfR`MK z;nyh++{_Amu8vYnsnG`@^QtCOZ&L(^ zZE3}oPuDJ=s6ovu^q@I*FL`FpX%GFW=o9&Vf`rVKzFRj46#qS4ChAY37~$SMhBkot zR3ms91YXfUsyM-Lj~dwU?P$aYU-Q)Kq1yc<)xJ#?x@xTHDzXal;X1_e>;=R+rut#O zYl^6@tV|_eKsHN@Q63gX(4fK`0FCQSpzKW87K=@(`hTn$_2I+sJfoQFa~IYhdoG}d z?h*^nV`j!`;a3SrVGT-tyY~0UCr-h zch)&tiM-yLUNbX5aI%48Le?n9=m-`*Mnu6Fw|K;yq9@p`v->^uV5hTx_^8uCT>x^3 zeNk8YzWVY*Ud!c9UKAT1QfHE4zo74=>9T^94<_18aEr?f^Zl2v$sn+(iq>_ z5QQ1{Hpkoqh5kt@%IpOW(OC2n=a)cCK=!2jnQ;sUowEdvgIGh3$_1kBIAk*^=NbyV zMqpbA5}>gYu@c$%{_6`KBBC#Ogb9q3Wa1Iokbx1rdKZ|xA0mP#LUXQvpbu|P<^12c zVixCv8d9eiM#l!)$wBI5ZppveII-a_=U$M*@B8q(TD%rfuRUcwKDV^~nN>JSLW)F( z^dB_7+i0ve?vnW++LQ4G=lna>!&Ftw?@^Chv6f{T z-*6&#y6cg+#>zF2)C%Mug!oIwXp0!s#~9nqmWX5}=1E41xjAA{R`YAFfaa-wa{yP% zJ?Hc9Ij%jB9#XJqYnnQDq#PZw z%XUuHIo3?o+qfq+6Tf(V;LM(Wk2CK~a=O2j8~zvfH#SB6C;IpF$=31n{X*lC!V=8| z2|6clvF(HGIW@Qv#aDVN;;ssve|Yeawm9WDYVNMdfYV8?BMzeFfBmpA%lss34QAq~ z7+2ZN*jpUY2+ zyvCtur(+uaBjKEia$kPt^UKDqNXq;S0_xrNLcjz+tBJh;iHZ8qq zSYt6pRZLo~L9@zr7+;p88koDjOC}L$Br^2TE&}V0823m6{T<|2qN3B#h;d1zIzkHr zqebMs13piYd8QgE)E|z{rdlfa7jMb9;5|8ZudcQ$o1)bcr(qANV3ZijTITLVZ$Xq+o8er?+JHFVYm0ai-5o zoFXr9-LMBNG8>qQWE~!p=|OI3px_=SLw}%xB~a`a^|^u5wSJn62Mn`63@+I4CQ_Iv zctMI;Ifx9cBUvp?L){*kJ%!eM5#%Q{VFR! zRWj&OswnB6^Pheh)cA8%Z`v!8`xNyh^V$_V;bWs=yw1T{(hm4uHMvB9Ag;Ak!(EZCG8 zFI-R#VY6y+udzu7VT}2a@McJk!L&gKXbFM6o!P3j0Vjc;pe&aFp}Sv`C67!a9jV^$ z?tT^+EN%$7GShQe z^FVV2CJi0kD>8FIRjw3s*mCxQ%BEAUSieMB-cvs2?avjb9A7!R*eP-&wD6AfjoSf6 zyZiOmHSx1Foxb0=Piuu@1|7-}Ds_}FAHq>n+*KMqCel5J6-BF%IL~8p=7LOkI>P#( z`5z9tL=@V}HqxU8DbeKG{gokRy2#d$6eQszkf(-Hcc{G+!IVz}9qfy?GYos60TnWl zaEv1|3YwY~_@1^4R9UmfquxL}g48j3-GX*0)O^ zRSghstuG27x(k3F5&7o5ScTspd9_R^cm`7~udY`3Q<>ErYwa>?|4;Z&d#x%sK?n7? zt+q@q;ZU7#<`bj85~`LoYiMVIK`K_xb{P&2jFPmPiCABCVJ$aGISek^KkM&=hk#KI z8skPLj6DJtIUUFJrocQG0uC)_`so)%ewed$&<(gPh}{_MmJP^z<>~ z!cVt&LZMBG2i@HKAevqd?2wXh)MPcIlfa$BvzS9C9QogNbc#4;XgvZp$Tc;`+~#zo z(~V_{J_5feDj=jV8|{3v?o&x+OG;>4o?BkAmK`_^oH)E|DN;SiMCL8di4|>VGCKJa zmD`XxNTs&O;aTKQ&o$0|3+HA5n{DpcEKLJ|dK8cG{5);5wo=Mucf|gs zRIVuzLjt;uCZy|w9U{)E;%VoTJN+DI4eL(Hv*iO63_6S^*(G(xijHrLcP`;DL=bBz z`aHfM)zmnF{=^$W@{p!DAt}OS7r>KzE-^&*oxIGLVz-gMjGrQpWbfmPEvzfj?yTWY zy{vb%SxaP&|1M+>r6@}S!v99cPKkntsMm<(H@0CmB4d*Y3mz7;#EqT7?fg(2D z7Ok-zvd47Zj9P_GjfB`(&-LMFt8BKDbq&_8ReGi%wTECR`N?Qbah7?rE$-OqtR#i9 zW*%K)DlCP;j-G3{oM+!tMdF!O6jSXSt?9TTrHgk#avG;HY#6k$M4_=@E>cOIRH z3N#_d8$LgK_+44VpN>m>{=v?&3wxAr&M}r;V@Ai=La!A(GJlvamXdNRqu$x%a+b5$ zV^KdB8Na7Rox?s!+cC#Ote*tIY1-S+b)KQefMXe?et5hmHXEBPI4f|e3E5t$&;;GD zzfQ*MjhL;q#xhhFO#5Vl{wtE0@gsdS8Dkt@jUug#Rh@Gt>vt(m21i@a#YlSE(u|C+ z^-ThMe4^i5N>Tm7KF}kT$f|S}?Z#|HhW2FR@j$soQS1ap%BnW(&Vts@8sh7F|NVdV z-v6O(Bk3Ri8UGbq;huqDIgl@HNon5%2<15f`9Rv{E>4ZG1?Xa1u4M;kNdNZFeB0IP zt8E}@dY3-W1xs4(u6Ac&a0pM2tG6Jdm|r5oLRJ) z7Z@W$0Xml#$HL%jo%$Y5V{)kOcA#eX)U1_n`ccpy`G830jH0QBXno)$1v(ay-Kz8P zz2*B!TOWF72sn3DG!|BPyC{=HU0d|B(VtlBjUoz#HsI=2$rjWI$phEt?1Axip}AlRcsuZoRuXcAVGGKi_6 zFYV>9a=&yvsJfR;En{S1@x5%k=?e-VYzB#vwMrm-gheSOQtl>!4SKV*x z1B`4R#Naj4!Q9U#JxoTcn!Vy;oT}w4u*d949;VyDO@wjA9c3;i5QBhdM*a2u`ZsSf zH(Zt{?#>1{Hv>nQ)1*DeCjPmpGak%F3hG8vVY-&^%t*znPXl!sMyuI`A-8jioEEVw zIh5>nCVr~M)m828@4npKKYF>bzqwro7!8eSkJGK~qs_zJ7cbG-wCU&)O{WyuQAfM`JA2z||6u>Q63`@Ks{=WXa{Qr$?6|3(MH`oG)55&f8+ zc@$S%o9u%JJq<95A}p-Oo2G@BC{G_uCry_*+r!wwh5}Co>qD#q&81q27+w^__TMC( z=MP%Wc;yXMES=3TRG*WK|0#ubi=YX04*qgB4$xGI$m1-CUWdahP+6__@XQ%|^0!zx5)!r5Bl(7=B3oIW{3SR9pXRfWKg=wrwUI) zpi9no-@d$zA+1e{Po`Yfrn*<9q&}lPqnN*?a}VUj%7Ma$Ajh>SSXwge{oDj|fBhCF z?CBGgXd=r`Nuom}@^X^sHw&|m#PrLlMv`CmJmx}7u($f=6h+xAO-4PRTkRCCryE!^ zKC@w0YHq?eK9Bju?BAO^p5)vloTW1i z-su1yxOsxne4HLJ9HN(x1o$v+Y-Elx8IWrPB_nkVi{BcOnyVD7ddwBjhEKwHQWKJU zT)pVlOeKhD25aGT+|_`L=sHAc0jP1eqA1yt2C9oFX|&EGvg$ro3q9}Z1k(pRa#wy_ zw9z`Ud}m_vsy}$uA>1DNc(q3f?AAmXIfRgMmSv={33#)hVtA6Nt_Xg93OjKMncjj} zA<}_nI~e1+t}Y}0_p#p}#VBS!BZ0xp!3E`nPotO>I&h;nQp7UV&8KC;6jte(3tb7a) zHB4;sFehS+r<}}mQ9sB#RlT|CI{!paQKn*Y|C5tFjN|+9#~(SDMilrxzaLRg=I0f( zj!@_wBrGHujCFjmxAA;$_o3qWYB>YX^+FJ%fJ=S!q3(xj{<$;;gVV?OTuK#xg(0W}d~ij}Kf>Fb<+dC6`MkwW zI#Ao&Y90Q(-@+r<+D*vNeeluUoeR2AY{!m))pI($^!!EkXrseN8-2fBa#D7~*(^B) zv1h`X2b^Szf!7kwSVxEaOzpUiqI-|;j3P7c8=)`q5#udX_1DqB_t5S4U!B- z#Ow4>2$Ddd=lqt}zcTnPm_>>qT;RJBfaMG}i{LM@-AJbx=M)RHw=up%Kh%ya+)|8K z{!WB(4FcS~V#IaM01;z62n@xAuRk7_UYr~J9OZ1?JjF(U@&!Lhjzfe2gTzY$I)-L> z2twe!yQ-hVC|F1ea9_sOosj{Q1Tz1z%(!=V!z^x_Ve8P!u60W&_vxI8Q(M$WW_B~D z`1+LW@S}8YYKHl#hi2!mAC(N#9goUWoPBOlYZIc?EO{64%ib4219EnXHDzb$LZCJc zKDxd6(?RRyhvehOPt=D>er7LZDX<^42>3)GK`6n>dgmWmiC<%ABPh;tVrg;i``l7KHsCxyykHL=2J z*RO3MzO@Di{{=81Yx{~y%)gH0Z+gDQwX@zyM9amkv`nHp~LobqRAH)^F}jX+eN;p&SCcVND;89L+%Fc`;_iT z|H+@VvN^5f05D}>c~|(e5{>0Cm5KXv{%)AJRTq`C*jh$Dpj(`iYa)9Vao!|Ghkes) zkNjZ}AwXa$OD=ykj}41{$XHX7!&6qE2vCS-#weD|n50k=eJ%=}${>VRM1G{(bjM^J zl6z>jkIs`9xG=CrTOPA6F_+gc04-Zvs@BK-xBc*B1A+GaiovR)5m+}) zyox-DoeFHnl*p;m<+zX*1M=c0Ip}q4+>f0~r9>SnI6xE7wMFDr-UX;_!!xM%HxswL z)>v-r9X1?IAY~<`kkAk=lyrxWN!I5CSp2XKtTd9ufYrF>(06|457X8Hcx;8*jKT$JG#F{7IYB%qupj!7mdK#>8R&z<-Zrz5(rR6=0A z7eN#U>5M`yhzErr#B=@THMJ19zN?%yV7PTo=u^?A1#C@BE+9g~3xdVK83w5$Qaciz zMVke^!orR2)?3en77aVYIY0!qQ-Jv@#LMpP5Z;V8b6WR5EiBkF)+`aZlFNfb47c+?xT^1g|m z(%Z1|@bH2cLUr@S3xR%>WPUn3qh2Gd3xrW!C%L_{F}vwwF})+I$x(|_qxDtZ*h#v_ zgl(S(Szc^ZQ(bftGG58oQ8fh*Re2L>oT}WON#eV?yXb-w!_!de$ub%&t5Xu0R-SI} z?Cz`ghezuUtR(de{x+_gedoys^`0v~4a0TEdBPX%aNHlQ-+vh(pcfU|Q}=^kF(x>c-V|HXelR7~SgA%7;ObH(eS|NCpc{|36AC~7^z?ykfc zV5MhJ`UCMBy@8g@bNbP-#I(2uct{O|k zl}wK9+;K@yKB*#!5vMyjw7|;96v-F$s65hR5K#{AifE)am=+$hn@nHgIh!q0bGg;h zDD5<-7Tcd!zfw+Z*bv79oT*j!yGQQja-3jQ&YTEv2%)Y5PVj-AHc|s}(~gf*PcB6< z>X0IDFY5)V3?#DQD9*7suM?m9>UjPu<<{uMAW9r}VG*5Wv15*@Mh0k$+DB{Jv0Gc# z$6naoJ}3);dBao=djk;TMuabgg9FShq~rw;-1}~K$V zlnIoQ-@dVbyY?Z!=ykPu_}yyl?Ek!p(XnckGH;t3z+6{x+mRd3clQqtvD~`)?wdu9 z*Wzl(N^0Mjhw%tbYiK?K$&HiWS^l3aVyet-AB3@v$BWNt; zY$Ha47a5QNym)2m<3^3n77BbOS*uMRCiMb@W%y;PKyfkKTudyQwy6U;I>PIUfmV`b z0MVguAc%CQ;}}D1w&a{959z6#k7m-AFIdTsQJ6$juSGgM1%mw^KlcaFLrq1f8~a`d zsWN`|vvxrt~iwuQlpge{F8r?`c|2LMbR&51};x)AS_E?;$U*TJ%Y`zjOP|6MP^>6M{ zqq*?M0ki*U=;R;x^BfIHILy32=;>Gp!Y=2RebIt*J*Txya1J#h~jM{K&U zupiUOC=9!l^a-}~I_>GaDbXe_c`_oQ%CeL)2_l73o$w;66eKmt(r%7MU~IA=-YqBP zICNl*`+`@dKX_rKxhdtf&>Ou6%wxt8GVif*n@`-U3ruf|4cBb|C89+vZ55~2Gp6zy zVu`mbY!z_14To-S(OvXC6O zU(&QLsju}L?eks;dgi^$bb*=~uGBd~4T^QUMMHs~F5!O#Urhr^U85Ge-9JsfMA&ci z*Qb@Q>`8=yn9Nllgy>?wf=#+X`G`m;tU-yIVj@ZMdY3cWe&}6-^7G7qC5ja zDt8=ST5NA{F_G)#ZN-zB-{9g7d0*NV!mfd3qQadqq*$FZLt-BXr&NX-ENd8F5DfiG zpVdEcj5`G;MXOglv;+;&6(4k8#b;r760EU?PFnKgN~X8* zPOr3B0~?QPfzm>%MNzr!~q576Ht#{(-tYf@{yYF;z?qg^i5i8|tBE`BPLYMC)LZ$X&5>9u3+W%@(z?kn>8 z7(dVLZ6eOxOwy!B?VA4TWQgqsMtufFdMgg#NW6d%_N?PM$t>X{rqZh8(0MPm9n%%YSlCFtboyvH?=b83_5tXLv7 z2KLEgKatugvk_*cR`)Rd{5z-yWoS+%49cHd`Ap8?Zhm@Y4ohEEe|qurs}_1lw4NVq zZR08Fs|TwI8^mP8Q3L4{)Rv^gn146p-8NKCrP-aveKl~9Jz|9 zRYau&PxwKsjoRR0=(ziiqv_%tFIHszTn=Ff1X%JBb{5gR5;Q#}0o`=={tCjIQ5nve zEHl69j4Mb7(6M!$gpXX3)9HshgcPCfVzpt4^ONQ;Hzxq@IqWUT$s8aKeWGLvHXMk z2vAb*A(lvv4Su4<07*nD{V+Adm@E?zjZ&p5eVGt3;|CKxKPJ`eOyXn+Q)BH}#y1jO zxAu^gAQn5ujia?}8C??F;pwScAvUu_&v2daC6Fp9)D0OC;zm>K3(|aq``!hK#O(JNS9s(>NBd|L4fJch#qEUMSJT>*&ZGXVdxAfu> z!V?UA1XX0Ncfzm|EG3dZ5K)+2A-yPg1O(P6ezz=BlHyQ6$sCfvu?CiJ6FM?sY=w#Y zj6af0G4!IPg~Ha`rTG|o>&Fyi)c8#&kZ!2=0?x1yG05}+xer2RPbkj# z>&W(Qbe2`Ky1KadL`83b@vWot-v_7yBWS+DTZTadERMgMBSyz>(Nt)yBb(0ae^l-GcnU;%CieXiCi2F^ z_wH#cJr!BiZ$@kAEmE=Fwenta!ZX7z*Gr?9(UHmP5r zgl*{*c}WDFs`g|r4sJ*@0eujI+cJbz1-pMf05Dg z##>Lht;mY!k&`2%X*JrQjt?WaUli}78qg+JG0A*X?6@m)I_yY9T9FCI&c^d)cf4C6 zYaSL}hZN8*MQ6zYQ}SdfcDOA$TDo_cI9alia^!BsfAtQ8rF5ztvhV3&r~x0NW`9-=7Y9C%=Dqul&)nZUWgMBtAQPz`S3Wp z>gB;!+X)O3evKvz$aHRyaZ-&5<@3EPry7L9O`?{Ab|d>lEypj?(5B8Rk&{tEJu!5j zOR_Ua6z(MFPIuPh`jSefLpL$E-RG+o(rdh)Ps4NvnZN!+>_Jxa-1m@|Ov8R(906}BfK`Pg|C z*W`^yAwhhS)#DY+jiZ54^=TT1w#xVP!+zbr3@}o3WCHO7w8z3MOXlfv5Y&$dtP-OU z;W-kWrkQXZI;edY1|8iT4k&tZ+SIko$5B*^#?EJ=Shnz2O>AtO#)g2nH1dH=OT`4k zG7wLU39k>+_*J0UQGFEFPyBjZ2jfR7O3)_X-P(KE+SqKp+}QbL<8UEAZNsu!Opix; z)FcI-6iWcU?Mc7n7*D?v$?+ZHoFTbsvNNHQZqnmi$cqOq1;)lRZUzoRmg4!)CxRKO zAfg~Z=U^D+w-)qzekbroK5rP(rfx9-y5;q+M(5NVaB0GolqQK{OflUkRgZF0wB4YUXubJ@cTbP!{D#MzY5NiMy=CE1_jOFd%z| zx=dRo(t*xmaebYjxlE=Di{485Wsq-+`UL_gnhuEhB8)!5`L9<(+*r)j)L9?sl>y#~ zEfLU>K^R2=G(A8Gmy!Vn%BP5}@5sSzjdR5MPtWRC&W zmlzaB*IuVv^^SisK64TkBwj9jaolI`7kqaTtrOSJA#b@)gF&lRVzd#gx=(3DBlf!S zx}0TkSsAI5GG|Hh%d;@-NQT>j(+-V7UQwwGgx1if;39H9{nCk_=8x);RpKs2MJ2Ec zCe_#vb1UTAR9~EZ!1A}heYHvb9M`0k7FX79r;EoGwC7yfB3k0H!HG@XZy{oM>BAOh znKfl($k@|ZDrZgAy2DysC7);vc3G+xhjNvAolXn5ZRT++&MT6*O&?%|`BhX70#v%C zJ!ol2V%??g?Mue=xeqYt?Ez~7kc674OtJ!rDCn5bFP5LSu(VSN>IbASSH zv|h!3EA-RBjwwZVoC2OGb7N)JnycuzVYLLxY z{3U;60sbG2hkZrWP$B_n0$)aL4@4*puF)q%91Rj}HLYQD$)S8OpzMp#^Z5WjM73J& zL3bSC|0;-z2`xFBPK5zrE7Uoml7+=57-v%H0a?OD<$XnZW<3XTuPEK)`%fw#^aKoh z=scN|ILO@N5%+N}I7bd#kA_$4ltBp>gd@qs78a`f$YE}>)O2vEFEx+(PjhKeae)?+ z;(Akx>quk!S^S9jD<#cw7|P3OrdL|kdNY%1C+_BAGUL)pHj5649rbsr_M2L|SF>}> ztf)k?CLGJ;z;S(<%rxASJ4hAbe2+WUFMWCEG38a5XToblK5_Q>IKM7MOjCu$Tj|C^esi`p2oFm)G|4} zs7PfluPNBwaOc%iG4zvzUq;ofVBme*G9|*0wRy^Gl^K={Q(|tI&n2f)g>t^8AkR>K z!NeYrS14r_%H14uHb!FW4$oiSt}5s~GYS9|_9RY1Cr!0)g8J1$;bY>CsS8fESDudh z?UsJywtMC0xA(#AElQzfMuoOHlqdROdmN4c^kAQI&wo%Izug7h zHHya+=j$1o4K6*ziCLBi%9WKM_q{WJglNm*X~)xhS|`;X(-Sidv|}HUD?a81MjtTB z;YjbbfEA8UVDCkLZrWJSfx=G5s0y9>7xAVVF(4a9HK26^$EF*!N8%2S+otIRY>cqM zcf$)duDlrfr_iePMbLroF$d#tgjWRVe)Mt+5!^vQlq_Y-obr)suwErQN`yI<(ZWIi z9fSpk^lIGEMN~06K385rL~ssIh%1DRpVdY4$aGB01eJM8ou(2a`rj@C*^`Oi`;vX> z)n;t4qj`!rK7is?VD*p4w@`v#Mlt*mD=QSyj%)Bv!C8Kj^0@{?ujLsKp#^f7!IYY+8T0MWgeH_N`27{~dOX z&Qx1lUfE*nMrXziF4x3?Th~lGU&cUFX0@N*0&zFC`p?<^AhxI*Ss!FH@67gK&Q!GJ zfp2^|yF+Y_|8KN9Sflwrbnf!sZE=tf&9gVibWdk(_;L{SMQr(K zZgAM%mo4tg7WZX~`?AF)+0Vz{7-b{{pFIM?Wdn6!&RPicM?(EhokLgQhttw#$~C z6dNW`zVqqI3Qvl0fD8Xg#sS(P`kR9*>zuck4KBoJfW)7cE3e2&6kowHm3qr-}-6em+jWp-m}g9 z)=y3)Zf35K?$!}FHLWgQ5TBFTac453LH!_o` zck1av4s>XVutU^ZB`)rgf6Gimf`9<$j5$dw;ImmavVv@!ygVkZbxVQ1| zf3*${Tl)vUq9~2x8q9VNMKT&p7$OGyfLA&Sfhb_RHR*vV)kDzd81zBc8(~shSA;V< zjZ^KFNNKRbIwUmy5sNj9y$tNhOJLaV3eqNbkyPN|&_jvO1NhtGKpw$z*NC z@7=dv;mOWin4d{%C>5F&3HT&YEr6H|qOg9A9-Q{WVP|0x(^r6e9;`oHee$6~0>2Tb z6<4u@oB()*wj|wOw#oE5{XHaeV@15^QP8uO{S(0sqsN(5We_L@^2zIwa%@@u^DQdRX~&P{EOu@4F>WVh-)if#I-Nt z+81%{i@5ehT>B!fnT=_7sjckIQsGU%csDX!T-%+Ca#Hn_5}j4rK#*w@q-Cp182`jL zwv~98FwlwN%vjZ&tVuI#a-{w+8NlpZ_rt|J@Uom&^m#`y)Y()`%TP?}fu6eJ3X1!a zLRU+Hy#Z@K^eI;$d-QA9e~JZ>9KqT}|HS8`vB~I+j6a5%hBZuOHWhiPz&lL^dGhT< z(oLfn=aXz+Db_)z7XCp%q8euV?ul>beYBRfGo4;n4kG;ln@wPO5_0prI_Rs7-B-&w zIpX^r(KD=@c!)}QOEKnxz_$lp+b7IdsEa~5FtaMshdLdGJ@sOD)2(E%`Mltgb5Rt5 zjEc=(-?vy+0{HQ8V;>f|op=dh#RFLToR6q#U;f#Y@~}NgBAUGPB)X8!PGW%iq0^K^ z$iqC`i%B?RlNsu(brpDzADT@Kx)5B#rr;yYDu!|iZm=L~TRoqBC4acB6B6ox-W0%uvA^e(Rm_GN!kPlj#RD7N3K* zjCK3C&f$F^-{H8+N#f7^zCZLve%ydtv9cNCNfzFBEa>1PUlc-O8?ZY1_+=oy{1KgV zPa=QBAm9T#+Ke+bW4A@O#I6kmI(FV5Qd5Fj5MaYo)r5_%?G2I`ptI0s2ij2vgQJLxa zBM&`2U<>t!^ch{)LwyZP-G=W!9d}6whM`1YX08|O+}PxHF)g6i9s3yF1{(MXNxvNq zC?oNy$tP?8@oD_xTBIbpCdo{pn8+{2TWot63`RIcSPpUeq3=Y-2$j3J$$!{9ws8pm z-{RlfJBQmZlyJ?x{ninvXHXjc;ph9$ogf;HFk&Vn|UwG%w)-=yVm6&)YniNps0!wzJ>^q?jEJkC3sI^1P zxYaDp5K@w9!y2yi-e+!(`-$89hBk!CCCqSBr17}(8T)F%lR?lfdL+EM;3=qP;+MrU z(yWwaV3Nnc9(&X@$42wR%6_) zJ$I;V=iQe%*Aro9q|zpci&v%d>kUce3NiYdJ~2 z?Ur^+It8gP8n%f)Su^Edl3`enq1+X7vA+96b;633$cI^VJ{?|9q{QnyBDpRhlk1$Z zxGo-z>#6AEx@6kpXF1&eI>D8%6DZDk}^NT4p9_w{D8=`@de*Gb)~w!F_4+By& z)IL4K#SJ>>`w)M8cu7ebK!V5AJ3X|yN|C0+228c$s1>!UR?t#fWgkdWs4PoE8@4wB zNT^av3H?L7HFJtQe)6FrXJFrd-)e0iU`FI0ez2RI|4LO!U_(7ckC}Olluf>#U;pMV zHNO73cC6~^#V~w_zS=Bic7s3STsn2q?Fi9z~2y-19ng zO2ya}D0h=;gZX=4DX+o5;akeV9jh(#P|0RExEhk5_`>F*TKVp~$IJNdH}vnf^zV1e zYW4p8`}FS${kuy4KA?Xe(!Y=B-^cXtH<%k^2s+PEcsjy_e(G5W8=uEY+it(jEx$A! z#oQwv3=&A`_}P0brLUpM2D%pX_2}$`Ls$-=43GW@&fbD1tiC^kTmSE@KX$#q?FA#( z?~H$-PCt&@&oPuzdWB^^#a%qY@d5D&wW^|9<+>iqH~z(6RZYbC>oe2TCjv{F3V zeYwAVbflggfL5hmY#hGa-TZkERIC?2AHFy^+D6P2-`68+)=Fk1h;_=mC!=#G$W zL6iN+gU{+DCp3z)YT;B8b!g*=_YPJT2}AHEW}cZ>^YioS>Gsan+N;P zc6acZaBU2aFl|s~ILd>hju-F`0T^9ls#p9`?=RYCn6k^R{C>PflSLy2!-8Z%mcgL^ zE+i`|4<>gM);?|AJkNRy|5fa)Kuuz7DmY%K@CkxghB$m6X)i6UE^WP)>O!v4s)`Ec zSLJm;7VEZ&^kczcLPyys(_T;5{q^1ac3|nTMKP{B;(-+vpYPzlB;93Y)*hQ&%Rp+t za?9j*2^UrmBqs*jN@rMeD~UvE)tu~Vn$n5JA_9YRD|ALd09otR_&43=8x=XAS=T2u zx*C~PsfR~gDzYy4f!xwFZi;Yi8)8t*XH*o|HyFZ#MaeqqdO*=I#T-Q@g1YXLOz_aH zY#h?Vjl+tzNXj)|Fn8QECK9)T)=4UYKWLGnxzd=o&|DBvskkzI!IgDEwj6tBew{X; zQy}%Ya;aM1z!!ES?Fq#Vj10n>zV%~;^ANXza(B2-FjCux+Z?8d^^%d5s-|Ch7&tvE zGJ{UM{;cJ($DDp|%ceA)0Sc`gNOmatQBC;5eoHi$J=&^cPl5V?&{V${?>zg@ zsqFr9*@H-Hw=(HT!3x=XnHS+NEd8@|8G#VdEh#=@q{Wvq+@APnxc54&mptFt+1+ey zK8KGpKTVy$TRD-|n%dgi6U_&1noh%Ar$J*Z#qD3M-C+!>fy)Y}#8F**C%73xSpE!*yeVs2R z5aa{8-}0hmy{6%}t}B+^#D0d?Rtp38CXj`M(8xe1$1Mq}b}Qmyn_~s0W9GP9N^&qS zFn%8h7f$Fb(ntE2BMwI8-!ym!K+&?=bKdmuO&BeHlYcn8QCeHYRnD7kM6E{WLwH4> z{aRNwtY!PsZ;wYbumxSmI@nVQ+UFnC{zj)0Al-oonq)1>9ZmO7jJiYdNkf}+SmBX?hEASA%uLTdaCkYy;tlL=K7BXei z@d&Exj=a7fj-&3C(ckNBlI7~5mIZ&T*rrbX33+BvY~%SDwx?E9SfnGpCb57t}5_4+_TOqTsF==6YNojN@buIK=o=_ew~{&@%C9?BD7O(734tuS{v|RV z{%RCP3XYmsKq+{b+k`nX*X{~(+{2p#9{!{MjBq|^x!|OV8ZLNN-Yy@D)$v#?WDB^o7Fs!wn$!!#M8~WFVCZOgPUbt zSnmy_*11YO3x@DOgTk`bjD7%pQ2vb$jpDpWJR(SWsh6OPDohTEbuClP{t!uV5LvV+ z1_+M+gceL@!51kbz4B(Q7C`76_weis*NF!L=t=mF+=XCXMpug!>+F%*v#u-I zGf2CL{fTy$$kH@K7pYi#N~DO^bEa=p5>L!s6e4`sD>{C^9k6rMpzF2K;pY@>v&373 z)sqj9-il*s9xaRsOUD(6g$Yjq31+iz6*ugijzsIcNxMmB1T(o)wR{(!Y=7%V{>a4F zMX`!48U&r)Dmttu`qeN*d<>IN@kxvokq6D^nHGy2HWJ2z^h1)F*((XZ2fdVx>tshp zWn_Es4%5N~NOn0sP8=7P^T1jl36o>4qtyDkrL?=1qykS(ByW)n!0IIIvLtY2y}Nm{ zH4Y+TVW4@}e&}u`&%1=#TF!%Hvp}D1vOZ8r= z7h3~x(2VnfjF`D5oz~`tbQ*=E1vG}5DIY?d4!tu1sNxY47XmDa7Pja-yy%-|@S)ud zUK7=$b0IAyIxxTuuHU152L$QP7*`v7PDJO)@NDQ^n0diMn<9!;vVL%uMwss?N6int zeuS}q**?&CK_>=4@tcw*gGREF?^ajZo-Q;^oBT~md*2PbU|5;pqBpVaMCpn?ofPpi z$uNv9nz)bl$8alfn|w*o)1qo!OsFkYOLPto;(8L7V!$-_gbgB1#mpTIiFFoibGYS? zRs*46xkWAMt=(Map=E~B9$6V)${z!~n3A&i#$MxAVka(A57(=y8!3~hIU|*Z?D`{a zz!D8iUHCvwHL~|&W@CK;MIXSTmrkpbpigNw#zVbfk)kX!*drqehQ`vtGKfItePcMM zJSkS6(vELLiiJ;Uia`tOAhi(xvbV2gqd4Y&0BvvipD@)2kR$ozPiS>J@@(9O zKh}ptDD*M3slXHV`Xlj~Vg0flFrIj#_(G59Cf! z7mj`c-4c&tTfb}^u46+Jdm*RfCA~;-ul)Pj9vKU4hM^?=kMajb7e?xbEe~}ubX)U( zAE!jHe#hcTkrqe2Gqm@ki;2yqbh|dE()aKKelgzt7v~rv%mD$Kah>>tB}R@cTIjgI zfDyFc@}aPVX`uxqB&`v{BuJOV&Bd*l@Bsq91L-Clwz$B$Q!Rez*b7fLP0OC@jvXoV zXX9`onx+<7+gCPgB?}>{jUr~k%1hm`>{@l&7Wr&4A)+UYwv{69OxE2B9#UB3xIbeP zSuf8-BiYBaNd%X&QR5lD9%|r};v;N4K;rY3v<)nx@Q}uB}!BD4G=Ccj}FSx zn6{~vbi-Y*=H8A?TCom|a$%+oV>Y$jdTooTeLt^O@%*I`NL9`)7MOzaJcgy+>;oDr ztzV#WAPWn(Cv+Huc49ZN0iTv7zcJyZE$t-kWtyN>BB`=Y;%{>+DVJ}mEOk%&o^0=L zWjs&BpR*D>$y(8uN}2de?f=I<`W=qJM4C0 z=UFvpteoQxUnO?qMd-`L!CpG3Yx7`lZ+r7)3%AB2<@etO!>~`9i>Cf%8E9^?g3(Q+ zQ?U{-K0T!)jb8ZHk7Lc8SJn54nkB01t9A9tMzTqiS+8in^W=RDjb;ReR0R1vhG0>w zp5L*}fH;;KYWT#1u7ZlU^?y4rUSKR8I{>le;FKzXPP0Y17hJ;K&BMmtGukosp4BP* z4?$DVqd_ZE6X@tEI@oMl0a2fr|STpKU zJTKyK_TD8Q!q3pW%HH*+0(tO{f2j5#_Z4`OZVU;%eGa3f?p>OK6^$xH!Y{`)24o4q zuu|f=SLl{_L8t3i`1PLZp=OLhkIa;CU*{^0*}2OVM2UJGBr!CO)Ue>t$Kit}FnHRJ zcpujGC>^?&jKU*2bqTx(hZL6n`Y{L3@(u9{6K8cdIbS$L336 z(CE|56dG)ZN`*m@*4y}_Js7Ol5I$8I4AmOl=UoY(ZQ`kLRYLz_q}4neV0x9L3w|%m zgX+yzWiYxjbrLwLso9v(&idnZfrm}rt)ROOp{z2>#HK?~2%8DZTD^|Eu8!`0Xf zJ4@fSF|^2e2cPGHX5mvZw3uQ~(Cd(FB+$4#7F^!EnAsR01w&T#tMPp5cfR7cB;3HB z@1nqgUpEf-clUSJw84XDp?SZ(YA1u4e97S@>;Ri~8 z6ify$G@yS%_^$m%-dwd~CxHu>TjlM?fuaS--PKF2*V_zEd96HR7WmH;pTXKz^O!x| z@ZZ|9mZ5-akg#MrQrh*IYtr4NAZhw1Jtqv-a>J=+mpq{Fb`ySW6OvjKn({ z*mkO5bHQDzHWwSsl}1f7cBj!e1D-A*cF3cGQ)C*u&u|3cUkopTKOd^3RUd7?*f`vH zd2qPwNEEkl3;JfwIVgM(2cF-zYIX!mD9HeI9mY+KWD}UQprhij_Bb9f4z7|nQ^8eh zuj{Rir<+^b&vt&={l9Nfg@&6qjz5Mx?Utj&}-`+{P-Q*4AKPbkrk)R+%s~TpvX%gaEVF&}Eu>5B(#%?wX3b znq3T2y(D!1ULdYk7PW-)M14S@hdDcdP4gHqmm51G%*X9i9re9UO+Tn4(p7@f zO&9|G6&Qym)i)i`M9|0MN)j)Z492vtPZ|~*^l4uGJm`o>l)soI1~LKRpywdL=&8?W z`p~(e?Qjk3d!pMQqA^3L=!^lRF~w^~Zg0MNwOE-;v<|mue_k-^2i*a6!+FJ^JC!+- zU)4gQ06ssvcaPpZh98)!A{D-HtQI*B1iqfF9p7GDT-10KbA-%Bg4$qUiE6K2l}c-` zUa`3L>eb8w8@^f~v1Mz!mCSZ|nUdO2D$Q~5Z$ZO|jFWflN6+%D8|JmF69m6i4zjoaxaum)QD5fuRjXsz;;TXphHX|$75g*aM=@Xpb$!Bv@2ba9ZKXuq1Hk}W-Z?h-(1sWaFl@On_<4@k}pI9MF&s6CK z`KUrSc`RcyJMCJ0#wF)kQS5QDUc~?tbb`TP&Br(?-zf~KZC#r$zoEn{4Du+|c_L{Li zW&Jpv#_70%k@XhT<*Xl;B**fv;!Hd@|0H%ho$-Tari|G9LA0SSF?48e%Utf@V+>B> zAFp1SCmg%fAJY-7bzuq+uaih5j0ND!N)n07iWA`1VcTbWN-EWnRm9YocuO1hP-Nx! z&rB&aw&XU?T?2-g-*oPWKJZ> zaD%vfyM?Z*q~GZRjw2c#i?MML8!8CXxV>&R8*k$4HsQI)5BSn(Rv4q)ZkxyEaxfkS zr&s2_T$@AP?x_33L^S(?aHuey5bjuNi6rFP!M>->gW+`qy7O z$3*_WB7#c4HUjR}M^joqtj8hZ7k*zEBzoE$+hjfm<}XJR8C*JrY$AjAV0jV*1Zy@jUQK`&3SFYwAmN5arJ<)C-|KyO%FBbfS*sx|MgJgOaQ z1mRigIJOSQ^moatn(4rn)W!vr`x7295O}9}qz)724KkTEg1_n&ifg#ka!z;QSDQ7-~XH72kP8@xWU_W0szCIHi zA0;4-iPG8-=~PX}5;hpx=!x~tl{N=_E3N?=b#$A=4Ed*JG2J2~0c;YEt|x(sPt#y*-B$ZK|2G6c`)#-I2ULrAekokwpvHQCV9?b^{_3`9 z)Is|p=^5V}c61yYE|;K2O59r`+5hRYts1QIxxB^q6>ZKiZ6v4}vo*1Wq89|AI{k)h z2yzT0%q@puZip^7j zIngdGx`O9~6t5xTr%&r)RZ*7DBUOxMAz=^5s@|1KQc&0W2^r{w^$9~HoUHDZvBwUV z(VM#+JI%0#SkMC4Tkyn3+XtWGG7FVD1052EqPd%Z?=KNQlDMd>zmYU7u7>qKntBm( zpqc{nMJIRo4L`&_4kc2^zD8wlu{{tJtnP<8NA;@eMYk$H>!Ha;kPFHB7j=v84-ssx zUzfv_I+>!eQ1Xx^{)Pz{z5FRuv$*Wjg@g>$O7Wf(FLR-~6slEXsWyRhI~?~Tkgk`> z6=QRASzUDDx#d(%5vTIhoF5$etm2wD_h=sZV=w6;Uh;~Qq(|Y^zl9|G;KvRTL z2_yP~S~m*LJb_jO`W}rC6+RddgrBPxo(1%TcET zl)8>s_D8Prx<&%i4j1`K-7&n5NN~iL2&c6&#|{|%Fj;TS)_#)d7E8`=V7cKJIki+T ztK_uUhtGlqUb9MNnoaw|l%5tD0mQtJvMCYemS<>){CKxkN753dv%^oc_sC|Fz z@a-PwM355}9jXWeae~1T;)F#z0y-B&oGk(`opTx~CwAsvPQWM;8E_ZSS>A+5RrF-# zg^}RsaGNdZ0v{bQBuZE@@3+D#u{;+Vv_VW2V!VB-k%%omfL1>v~N z`xLi8m>nh*5%^~PWH{>5nJ$Rt!h-ucncT8uCZ+dfzs50&K_De8)AkUGNrooZeZBhN z&9(XEE?vu1&#_UM&l1p>B8{@K(7>3R0(ftUx{EKD3>s1|Jr~_uXl+iE?>SPsQyO{x zB%YK_B0TPgbX`k%Z2d}+qKMj>2y?^Wk0h!Q&Lf>>EYs|O%mR{A#Ue=)Sz@5d8J?9e z?M})0kd7;93yhhrj>D5}Z)i+9tk2NgIGiW*<-sQHi>IIXu%b%)g;$Wj>`^Kk>W-<=Sn41e}83FlRf@)m*TVrzxu5E z(n%bzC=yyi$~vbWx~sIg!i=E6L*t5kKQ^_IHb;ng!|*K~-ASksaz8rb!^mRBA%EyT zxL29eCFD5q{pRL}teC3{9b5i<6f$DHOy-v+EhbTEKs-rgjdQ^%w;po^ z98oXM>4~T}@hBrea+W$Xp}$lEvg){78f9as`BvgnZ2vXkXA`u;`kv7S=O$4;@ZKQL zCaHu$X$HqvwKx;-#O!_X;+V6ma;nyqazq>5(KSoXK5IYZ_;)^-0S=StL4jm2H?MvP zqOsTA0NxA2$g=uH%u$crN3>#afj!!zpSv4%6ds;}s;(ZWL%-{LNNS*}oWrW3`~sOuI9VTWS)_P??pG^Z4ZX+R@>5jpj8mr17S- ziSjiF9k8%7*k(I}jKLM#)6ElaR@j1x<$x z$<1T_(_C6qT!2&IG^Mys9c({~AMuGT*^MNVPcy9vR;@QPX~g4hqR)WkzqXQ1DNb7| zXu~yhjH}tsZYwDtIi*qq$MvOM&FO;t?EDJ^?o($>{#!U$5u7lQ|H)t zBGHMndi=1CR!}j(uofuxO_FA`)@mgf{X_VsR2!e}<@Na0~N^1PpxK@o?Zg>UfT{p~N=qIVTj6Jl1f%k38ln8a2IhFUR8TK||AQQvr zG{(^oF>TiHA1I;s-6@UwCsNUx$Z%`5WRtqGqGJwVJe!+Njf{a}Ut?7ChB=nVSQcyW z5*;EW)LN({ZDBk%`|xG;ecooqPy)`S9vOWqhLsn*@PxDbuHi@>$6c}Y@3m(7w8R!7 z#f8BV87B*eQ%%L8(sPiQQ;@9+_i+bEq#xoQ=Rm2lDN26AN1Cs)fuC}yorC~;$AZb+ z7n$UXO!7r0`682ikx4$eOfq*j;>g^TYPQPi*~|Fy?N#f!{2ti?K?hpciyKvaXzm z7i7U24LzMm1%Z|kwJ##@xNI)4k0+4G=*b~SfrHG+_F77|D3DD4tZsnlr4v+TdLfAp zszWx@xn4m(YZ?2O9RI-I6F-dNGe&YWi=8?QqQ;t)=#EqGMQbjI4c*gX*N#FOv+dB@ z%JY9=q`Z(PYq^CQ+#Zj(k4<~3h14H=^k@t{3fnhmWZBv44jxE;LyWyWKh^7R7(d! zS~+qP}1bFF=LpT6mT5LfZc z7%|89*2v~o$TwDgCFcVVs$dA)TiVJ7@E5aw%?L#m`TsDnEr29%m>LULKoXu`06?%4 zPn<5aPa)HB+$9y*)=2iy*I_HZu26|xY)F^UnB)-~6J=2H$Q|oGC%so^>QGzEz zIOH+u7lVV{WH(L|4+M! zPaxlQQ!D6#_@e&F(qHC6l})hq5t$;oiSnBqTPqx_E(`15kr?Oe%EQ%HYOgPxYqPG8 z9Kgql=sKed<2kpr)I>(xqmmNi@wOwU zKlmkMXj;C1xA4WjFJC@o_(JB)J!uXtZ_v-8f2*-)JrD2Q8RGRXS82RnER0FKg^Uly z8?nj4lf=zXMKm4On$Q^*p0sOzJ~v&_)1kAf)^Tl$F1^kqV=%T5QGx;YG0G_2)TXX) zLK)+v+bTS~I!`Nc0{^~Nne14xPN62q(Xlj(Vr);=ArxrU{-q8btRb(nW9rJV48C7^ zzFbeDRV=Q#e}fxWj<9Fw`7jlWKG)H!2!&Y{6q`58u3rja{30~%@vc%p$TC1uDdNd_|JTjTMEk<;w9ggs{{CAyK z{EM>GCoBE=iJ3&3oc+7;w#f!Xf5Lf_Wt;^zk|v_D2+{r%51ZNi4%EK)O)9;Xj<%B$ z5D>?JLjd3_)?PhSe?|!?vIw&=5W#dmubCK1Eq@2gxXcigJ)9}dPAk?PBM~7&AW{8W zA`WuKON%*adknUjKF?ZBdL)3sg*1Hvo&$lDKd>cBDvD8u$$z-!!uC1yfRrixB8((l z)XCQl7NG1eA*!+Re4tZwopM_e6`U*;B7b3 z%uZAjAdHPbd#dv+IMD6+gHXwpQ$@^!)OsT30i1ud{^Nc}tl1VG#RYzqMZ8@V$tr1% zE_55;JgIzQ6E+XW?t3;l#D(Gt?A8me#AFY}ys25~?A+AIvD$i>vl-nXmE!GTn*gl2 zZlX~)f7jF6D7_M~TJ06kbWaE$Z;rhw_v&0XMPuT6viulbHP=k4r7F`iOm|u}As8K7 zQVox7sQV|2ic;HR30m<4#!ZP@h)`}3-HmPTW7txA3@6t#L-d5DZnTV`SaDO$hkB7E zh9)m!-rvbv|9t`A<~`(uT&>~uUB(6>K)LC?Ycq*rH40uO3h2#>66H;-z@6`OiD$6a zBTgB)n^3IS{9uJMq z`mGu6D*%F$mUMvgGl7p(p1cSIrT`ij*vCHOY-WdSqniZvTBf}=1@_IIp zrDl?84aDeEI22`v23@e>+-@7f1g`{dg+|RI=pU7x8oj#cJIlv!%rcc4E%{4*FMqvR4l=rTRz=>yT&RDR+S$oXn1$F-{0o7m#E-yX=%S5 zXDr#?;L3)dg#`fqdrZ}wkXeq?-90nSN!Z*%J=x`=Np;yhfJS*p#0RA8>yG8ck!9Jk zB;GSKMQu~3z{8(tMWD&w4mAFo*(cBgRU^)wa{t06LdY^A8pJAiFUWl_&P2c#+xjPJ zFpc4`DdZbn3=J*(mWLkbzmeGS%d9)Yjfbh z0Zf*$KbHd?j6g5N_VwO1r8qtQ*jaMSX|L)B&pqNMmxxOM@%p*nmK-Nhj=X_oEKVI- zxNRhnxkCHQk;&hKGoZfK?~6SL?@5;Q>ec}lPBu-}#1V$wTJi8pTAV4OJgI#UmbqYzT|MZ8B-uW+y1D?}VC z{ri;g&fA=S=--Y}nCw(<2FB-qHzRvc`On`BOlfTbq46&G;{&kK?7Gc{<&rlVWZ=CK8F2Hiq zhj)y0-t1U7?$F0wNVc#LPkhw#5)&Jh`rBK#s=X!RcK#9Bvid#ILkrk2zM_vCfR0O)*QB=@TX_rRkxR`-07Sl5}l-w$=P z(&+n{DnTbUpgBIQ1c!<- zLnkmD0Qw(@3fRjiCB;SZ=fXZO*wm2X1pbD1kw#G>k-G^6{(pMxu@$0^NiGI*2%P&i zliHwoI-)?1<$$J;deoc(MhCt@I4sDS&tWtGDpQ`&W?2nOlNW>(8;j5VbwZe-T3qjw zmNLt$LGGVGxiNOL0f71IQph;rfz-3Z8o;u!HE6}h z0qgRCwI9Z^K#v3hPh=Xc)n4-9D!$dLekECcCq7mLT{0;s`AjFYWsp+6DH%CWs`q@{ z5TRG*)fF!kM%7x)@+G&P%|4Kv4fOVDsGK>wrL{Lv6*WOCptKe_wG}&RNzI_UhCLUx z_T5g&uVCP^$0zPXtw9B`UnJqHG!dQs^X|)?@ah z3T!G*v2v56sE5_2keXS2u#Yyj#X6r^uIuQC&0B@@q1!An#jv~JMghCgylRcg{#m^uu(TTQkJ!oO(d0$qv+3|uGYib^ zM;^>4&j)P!_Ia8V=}r0*Zzc7^`@5obx>WS3ohTRy2LfyWw*B^BrfUNd5*jy7DDV~g zyoPN0$+k#W(!tBS$QF8--47$IRw_2Vc_@Y(ukeSa&Cj54Kht?rDT!n>9GWhD|G7RD zS%)vYcGWLQph;)b@L-P}pO5G13olj>reuUYo)fa7Zr+4k-0xt1!8?A4;(>vpH4Ez- zZp$XSiUIa*73VJYb5dR@n8Tn}Iazae`R9L{cS<26;-J0~0X1crh14nRi3hfM7tw6A zGZnf6dz!Xl5QY#w(w#cHm=~1SglggXE#9!1eihvdN@nSy&j14&U7pJ}6&|QRU_Hyr zSQCzaM$6!YYBg|bL#PN4idgiU#Hz?|p5M#ndy~K+H~+MeQ~a`_dq$JHrw%1&FE$5( z$x<>tTwCXyF^Pek7_(*Bd_69YlkGdpU}-XDv&(4}zUdGK5soC1cbW6-*4IcxD~$mh z#bK*CIM49qkutbc-s}b64kB5ey&i%CS4^OhJu_>`#E97E&UUBtz%)&D=R8iT*HV{= z_%;MCbhV_L`NQ60E+lB?Q$_2*4chVZ?k6mb86Mx8;elJx*goB98{eo?*6*xI!4plG z89U#g%Pm@Zd|8&ci#_)$T;`y>gR(=pJd7n%X_K)IqUm$IK ze*2^Luo&<3V^m3PZ%XXCqURT-YnPnpYMi@mOTGA)PG+!yv1%l5iJxU;2r}9(a23$p zO{Dm!$Cm}t07V-x@1s!!Wc%p4TcNz>bh}S!bNGDUtQJ#s zuqNMx6W{X3Hrq%T!>+%jxG)CZ-Pi<;YFp8`oM>;Pv@V;8@AYgqVL5U>*xBjua)(bz z1e@C{aoSRaS~GY8i1jpZ9Zn~O4JL^EGJbz#SNJZCIMh<`h#9dzba7mSkm{f=P!1=U z=oIG^E{mbl=%aegi;dR#N;Hk$wOd-8g}>htspm4V>f@zdamT9Th^ONkx_xIV$8b#| z;5*8;pD?(49YeQOx7XaP;CAtcb`Qd&%5NMSH2y`rH%Qq+2SxJ~Oo920Q6o>pVeHis zvVgoI!J1X5FFWJaqr=|E-RcrLYyAkS^I$NmqH-~$Kk*#|SM7y$fMJ{&HqAa%^VMrP zq%5>F&-7)^JN?9`z&f1IL#DJ|c1wpqN^xXPmA%la83M-krZEl>!WX zYtgGb7?mE&9=7>pUo_HCNExtARmK4W1d7eWE6R6 zlQ%{ekH+MF;s&MH=~Yc3%PsdF)+LTQ*PVLCCT3YN!~AiIW4VSLi`eLWx4s!w3zJ5> zfpQF7vSM3SHgPK4u4!^3PDt=kW|G?$*;o-4GRR6;u}LBN=xe4&-`}EF8O+2&zHbix zynAZxl$HH%pWF)Ozth#DOkunmAC~6^zHH7n)jk-b7pC-0r=r+_QR)l|ex|VDzHG znO|iR+_+RM1VVGDX&%;4_RudC1-IzTYb?@`GDhSXnSzwC4D9|;;H{VMAN!iDp5SAI zRP^cdcwJYAbrnkJEBz($8r9f^k4JbRijXg_`&y2gnf1FAz-ARV0or)ikJ=e5G1;kR zRpq)dF?b#(?O+GpbMREd^a$k0%dl zp0c@lQ;t&s3_wUObbSxrd$2<_m-LEYUI+$_HbBU3nlvk8a3v=iN?wp6JM^Hzaf>P2 zp;uL}8O3Gu1v&zxtOX#)U+8@EWm|h`X7A%mCUZnnL`hJS2P%}}e&ax&t{o6!AW}|q z_)-DyDrdmX^^Qi$0S=DD2(PBU4mw6jfY1YwkO>q7B-Kku^v@}H^a&aHi&r+{Pr@QM z@>)?!Rq7~y9DixN>o8+L%*z47u>NhfF@?Xp7soJ`+G0R9144X$YYxT{66t=#K(z=e z|Ay=zD_B0pWgrKl5*E_$wig=k5kV?}Zlp}~^jeNs7C4q{9C_6}^TSxXf#<>ypVgW` z6R3l?>5CZes>$~+*FL&SLJ`tELxuOt79J(3rUA6-=XC>2#Jo zP-w{Rz_~H1()|(V2t3EkUbYnlBRXEB+9y3F-R4Ph}H+whDpOa z4~~D6=hBP#>ONdFobT4~yZyUMVAV?vT46fNNi2uL*cGOAk&o^DTz@x@<|^EWXn~#F z&l}3NV(rn+&*qHmwzf{tK#QwSoO8>QeCkf5s?<`X2DfijdrL=8mv1d-hAuGV2!>R{ z7mHc@kDF3F>$a`!x6`c08@}ctz1a{7{Z0{1J^La@Le|xR!vV z9>^++?v*urvIL0pGcFbOtYzZG_REefE>}fkhYqs;A4HXHRnUV(n^_Svsa6#zaP_Xz z?E#VI>TAOpqJk@oz;|CaJs&_>8=}C+rv$n~AMP$88`ix>ckJRXIDDVE*q} zTV3vgC#dsegu~^?cSfTZ`38mWnx2P`%S6Fe`%z168CMh|3U zMt3^HhK1k8kKSp^ZTBj(-9V(qsXzbV@9p52R11xBe49BzbLAk&eLq4sSF1xNWZc*~ zy=e8Z&asd}YUo~4aq2&JCzsIgG0*s$YW(1$6?UdvOzw&Uc5?b-m?o%Aes)wmymPNa z7$Ag*Ik%b-m1rXdv>wXTWd7TXOR5}srYOJ!m$H%Pt}*s#w}N1YXd^-@atLjs>QX4W zd(z$Ap%@BZao<O!-uG8p2TDJK&f@%e?`vJ>us)v zfk{?D^}C%=ymk9v>f&8*!Ki7(tUf`(P5NE>xm)T4bHnz>wL&`UECVgb#IZPq=CvP z1P_OW*@YqyshNvDVTi>v$Cw^bNCKn?Hvh#Q*0e8{m?TkOf!R4(!}?sk)^DkiFyb z?+$B;bZz*NX7AKk4Pis6ZIfRjQW9ORX)*bO6E-giy=a>-11n0;Us-90Cgf+554Mf0 zPlmOQbl4*~7>wfhlB}mE2lV|%Wven2ur$`qscJaR12?~inckM{NYCt(_f#L@fQ}>J zAZY-bo4tScp#yfUAyj9D7cW6+quhTu#0`OBr$cmR%61!7+bjx+Ba=)Sb@Pp& zG{^10wUlyI)AK*}g)zf{05DU4lkg3jW)9QSTM}Bh6!Ld#Uu;%z^R9r~+(g^7Wno$D zPC&~36)12S;Mb0-mE#qFABVtiM(P3YC-Iht3xwxY?qiirnz6e^6w=3>voY?)!PpegSRle3oZ?uQ zLcOy&ZIkioAu+@gI9m(kOhLr1=X%kb<$?cB@VF-`2(_31V*cLZzH)Kw+cPKkUt|cL zR+VIwO9o#QvtDjR4KtMvM-SnMDx2${a_oheB}vN2FvrA)9P*WbVA@IYHs7+&Tj)&I z-|ILns;*%bhM!fYchC9_sork=eklboMFQ(}9HW@cWZY%?rf;C1sBkpRouRS!t@?96 zHRI|$UYP2y@^fCf`BBJ$(vdW`??*6VR=8yeX*jqa^5~Fc%ZeBLiks-={ve^l=QZ3m zqnuZRsC%HyE3=UBe8&g&If6Qf*NxTrYmEKqDU*lWfTo-!^+O0 z)SKcOBK4i846c)0e88!nq){!sa8OscxdzQ=ix@9{7F5{rP`P0{P9d;~rs~4wMo4R5 z?B*da+AGPZtkF+}2Df2m-XPW*fStsBCDfGP5ysAQAQTw#E_D#rI@&!R7jSuC90Rpzg@mFn!m9 zJHe{gUWyFLn;XTgz0b`-9a^@BsFpTkl?8tGQYBs6_P@~& z{uGq*j|gd(vLKBc!kJeHs+114DqDAwwG4W9wT0E~-DOsJIyb-wIMB;ocVv}d+?Ra@ zQbvgC27jE zq9P?XR?u%PRIkeEzkr$ECEwmXpS<}HbSg%fV zxZ(1RA9K>Zq083Vv9*j*e=U3RjhGB|g-pXQHp=OY3I9y$x#I6L|-krgZGg#fW;%3Ra7Uinn!aZyv(L zwvHWA+s>0%vv4C-DC>L|!fiJC)OUo;2EpXEuviRTiko#LlTUgAN?2ziaTmExHqmaJ z#P%%pjty6V%4`Xt#Nip?56eiA?0E*ma25~_VSUvy*POGyTX7}LCMum>Mmj0OxKkAWdY zo-d6+#^Ss`W0pM6{#=|VY0x;M4C9nlu6z?D)hep#jC&=sA$VghzoT4|^{#{lBe(lU zGbot1cv!z$9U-0%?Cua=mFo;$O5=n2Hgz_Nv9YuavcU)cp5F&0=@W~W`d0oYnhdws z$Rr0!RMRP?SCKd!+jCp0V^!>~^k#+eN z|4tk>9H3YKr`(Q;Q>b(6v8KPfhK5UtM8s{^pU15C%coJ30^yt&W(xr7WI&oWOFh#824%Bwc;4&d=eN(zq{E7kRl8&|F;lsTA27sNd|=exR@$s zRF_7+HfqDQ+IDHr;k|vHbBOvcBTZ|xE3rCzn95b7jO4lk?>22~fhcB=b4EH7F9BHr z6#*j-?M*TN*xV0tp`F={U=bt>VL}gvoE|uS%dEv@BlhkgH z9rv+ZP_F7A>;A$&a+b9-J>=`CFVdA8stVP@Yfgmr1x}-}Qw*$F^pSf9(E1#2OhhBN zJUNkD5Uiz2qoPD6l z&wA9i;3B@EV=~Pkx+=T2nhO8mVvi~D5cVLH5b5yy+`694qyVrUyJ$KMts=p9lvcw| z0}^GY>9)7AywXjeD35)TvWvD#hdURV)Rw$+J{Y>fls6+k=fD~l`*aPw)EeDUvXSOoS582$Pb&NQA7fA`OYrYRUl(vWMR#mLeho=seXIh z4VJ(E%{EqPT*Kg=IP*$x>%pB3AMYPGxNInGcjIUt486P2D;Owpvf4iGSV>LENb@5_nF@uWbNuvVW5MYD8`;5tWuZGL*@ycSqs93PV zjoxRZE}J8_BdzTvRFER&K4BzI$QTvT_mya(F9jEsbB3^Elx-GMFWzG?kVbN*E(=%T zmd~wHj3%je?)EJ5%O;SD6VEBaseQJQ--6gi%p_9b0h#X$|=$*xRZmKjalM9Qc z1UCD3$k0ijsOrtE-AAQ0YGO&`!?AyZf1@p7a}@4+PMJz6b<1;c_okYa7bc-IEcdau z4W4SXIFNMJRa3=fq5p(&~!}uqTl)Zlpi+qlY||wGMx#F-~xr|KL&j zbsT|nuMKUK#-{MvP@oexy>+aiX9E-c5Js6ZWk{UJ)a;I31{jg_ASb#35s!SPXta>DG2CHskT8-tG`bo)E4ADmH zs)r9_Vm)m+`9G6{US#$Ypn?uI$m-wzQAH6dZOj&_UWLEq52aYv{b)m;8Y%&qD)3qN zlPe1>fIuP7jqGgo1QTco4ZmLN<|l7U+(|{Nw>_t0?<{6QkcHOgsLvi;F-lcstSt6O=8MvCfj)t z*29y^eFzhgUkc>c6L)f6LLjlcIJ@5I)Q8>LrM?31G`+n|E#BtWQ6poI>*(d>1=w*A zA&FeT%CWnQ-monXt7}Aq=Ev1z*&#N|Q7b3^3cJj=IuLg0>AD`1PNWF zuX>OuG{W}wD$6zLA&W_C|LO9e{~NxreOvVClMw;6Uzrdm#u7FE?Fe-|3VIS`9V>5q zRJDwU_NrmA5AATBV8L`t>K_a%>SglI88AzNS*h%hHK7=Dv`RH{#G_yLAV&&9>qo~6ls5T&_)cn zS0fP79e#ZuUW;Y?sU)zWKku1ldp@n3l-)u8TVvHNq{%!RyxBsC$@fowQ95?A8xR# zY2j)fri9>T2ww|pNm*w|S~a!M%YnyHVpyrvl{YQc@A?dY1O1NxQNIh*!tdLZE4k zqzJ+aQ2?mGOCqPC490~HNQ6Tw^(BC*Iyc;@=1YAdT5TxnYtvH{y6XT+EBU;y5*S%m z)Ia+B#;`EX37G@{bbYCN@Ow?OYR!Dk$}rl_sMemi2|}bcsEe&o9-cEL4;*wh%hL$5 z8Nq8;8ShR3~T;>2_2J*w&eIqMor&N-m=q(oNlWVX;tT&EnbY1(7n134Uiq#Mu>aG~N9cn?aP83qPRcsntqfdf zDIp~+VE){={+S1nueacLx6tm#D=le#Aiyr<8oADcll~8Yo*aub7g94$?#MG}yq6h8 zRW3+d%~e~ZyJgO<{|t~aWs(D|7sJ{bzOp8Y4td)d-ZPMHaE z{V2ldt-_s3lTTJ7$XvQ~;sQmz$V)k}feijZo96<&h?(Q< zz&#1jYTBvvDBbNk0bR-6~Ood zAe=vZjsPN?=nWcRvHT_&m`7;`&N~RIPuJeWUB-rkCzv1K96PcdM`CG=eRIP*Vs;|x zBLMOZC?T2eJ-IsW15cABh1ju{wB(XbrsTQ{CI3Y4?d0^qIp|X`;8pvGT%VEDp>O?0 zJ@_ervKbDA^&R-)Ccf$LvVINxthGmhfm1m`UOx7Yp&|Hud!%;+YBfLnMD%+R=A&1Zj$hD^i@ zHH>XVy>Q=QfMWs?|B%KGmgas4xAO+cgC+(E`3@bIl{y8)<1I!fb{kLEOb`3FKjHxI zA;ec-L^PqQkn~r(;v0?m)vhe#8gAT7(vNJX>YOy{@&+6_%0G~`ESA$Rk2}|mU~ye* zjK}*$`w)xtgOB{usK|^Fs#X>BU`PRv=z>6R9QN5}@i8S;Dwgxm_X07S7>0>O0ch-F zVnO?Bd>vCU%y6x9y&KV2)V|u=?wSAkpQDXnGC?d1iF}`M$tw%tf}V9Cr4}um|F#C> z4--ed7u@sz>s*yNQp$p_sX#FX*)_8TW2OE=SBHmK9(6B1798imHMl$;jQsx}>}n|m z1Gc|?p;AF7Uc@Otq{$|9i!XVsomD+xeq1buLZAl2ILNnCLp_{!w!vcbly_V~i!P9` zg7z1^YM0Rg3U4_XAd1#Ktlq3QZ|OTVQvyOQY>PPJBhG+6Za ztrGSn*M6`#5RwqY!G(k@O4B0?0m@u4Us{VVjWBQg(LXx6Jrz%ZYzcyv;2()*@|9DE z49(TC8Srru(qP9?Ar=_stHUO0C&O1C)CE_0(u#oXBMx0n^YgRaqfp-Qg8w<-!iK?s zGbZV&g=^9LKR02+91^8FjNz(;gUR73Oy9$cZB~dUw!%C0<>TLfis$!c<0+$ z5UzM%_p<+I7`25HjZWi=jgs@PCw=#^RQgRXlOaQGVG63tCR(qgok5dam+2EyGnn}hCV=2MmH#j* z^w53wKk`-l+$`fgC(QraS1J1Pr@I}~a2I@B@yp$rJ5h!0$3#e98nPHLp|&(NtSOii zrqlM7JQ4Wyr9d(E0dDv0+CPR3-#4t5(HizdXTeG3~|7uac9(; z&Tqh8QuxX)-7;M0OsAiQGUAMfYMSUsT;k|2pf1{2P9n!JT-;F|0JQd`fr?Ts0%g{V z!|s_o#Xppe%t#|jk@S03SnJjpPyUus>2A+YD z;aaq|l-ZM?ps22+9}WsN>UX|H`w!L~@D+|GVpgXQN#k;X#xMs^0eQY>4ez92FD1Q& zW>4b~46=0&(#=Jy!fBoF(I_Fo8Bx1dXILO^J;CczC*>RV^9i`B3|-N#9z{bKt8Q9Q zNq-fnBgThZOO!Minuwobz3>URXElGu=j5sO)EI)=mE$sp>9jA#QFh?+xn|+T{+G(y zD^ESeZ#rzQLKLOb7(oe|+CV?&Z98UvKt4XtN>mcV!tJ}#8qq$3SnWt_tk0aF$_Rj(Cc^&p7iXDysbEL;- z>;bA=0?36q1%isde^ZlpI)yVET!$*>&BOSqFQZ7fg5@&}jeE_*?@ogKqzOVJQR71S z;oscnr9+v_A_AxNog%v6#AL2J6oE^eOck~z>O8K4t8VWg8YlN(A1j5a`0l?xmcEqFH6cb=`wHCGH)m-`f}foM z7QfOvmdvb;&$Uqu`~L!2?=1fVWW62#2gthUGfI^G1+tK1{sUyKh~s`stA8DYx-aqi zoD#v#M+~hARIwcEfwpNjFCu%p7(-Fv&q5%tJ39>#6G0xnAdwiwsafb|@Wl88D9|J9 zz@YfT8hJr+WQVwcZl8ap6lc3|*4uK7X_$~;=4E*KkUTP=h!c?$FfSbm`~jR0rI^MX z@rOVLkNZD7R+PIqBv1i-Sy5iBNe3~C^8nOr(y-L?S|O|8r1a|DQh{jfro?s`R1Rma z;X7c}fr-P@C$-a72dc%q2nnY;LJog*X)x->L?)k==gr!_5?ECt(WZiW8P^=2KY;~` zyg93~kKWOJ`b6{%C`8NB6;YS}@v#HAVEsN3uD&V#nsh*M2~lpw^tLX)8zaR4d!q3% zD|^)=`|5u^taN{)gZJm=S^Xg_m5#2^sBk|WqqH#su4KZCQv$T68F4xlPff0$C$NeY zN!ZVd%!?uqIOeXU#8On~+iK@BEJ+wySLmCk&W7BsZ#@(wHS_)Qm$ql0dXG{W93mT| z3_nkM!Vk0CrK{dx^TRvAN=O#It-*s((q*t)(bV6} z!Z`*Y5+cc(MJ)*`61qRchisrML?xb&uMZ6$p_)i4WJ8v780z0|=uDUe8B2BI4>BAJ zm3j4VetJ`4{*>=P=t-L-{$B!XV*53E-aLS9Mec_9(h)yD@niwS;WKbNTh3{ICH^Y) zl&ZqS+1dUsJYpO0KvT4(3ohbdzvmahBFX*gCI{-_SzLTM!y$>iJKib+4RPpEakNdD zrd{9u9L)WI#37j@-)uYnc`J1@w z(t<_b^12274Ie21rI{e_nDar~1UVJ^Ub=qj#af5fo*j)FjTm7hz4OR!x-Yl<_Ankj z%v;>=Mj!HIk_H9)^H(HU6pn8vUB4!jR?D}~`=q?uPuCCYBg-omnm$()zL;szrWFSB z2swsLJR3iDT}-^((C{VKe?=^*{14%#MTk^1X< zxkudyjs%G_QvFs|yuS}RD4bbmZy{MIfT~8vLYN)!NSXAhy4*%ELDqD^ zgZtfS+s0^SP7OI5%B+z&4^xjC(~p1K9sYk6t>sZri*X+LiMvRq#WX%aPx$yKjg6XSR!v&imYl0@g$%G6-OFoh z+%H{Jt;bjT(KPTh4r=C|~l|E$F91{5|yS<0g9Kv^_$kwLocz6j?*} zAcQ|PYt%a)egC2|38pJrMQphsJvqvd)cJL^@y$A?C8s)Q_sBbYq_WE?`a--|xUtMT4l*kgx%kKD{$*xFuoSy@~C z?<%662*DEo9YN$7zBrr?T&v;YdV>h9|9&&+Rw5G5mj)53C%8_?@A-Xxkhfjj)G6}b z4O)@RG66|27GH#ENU;D8no&rAN#HcDkB-8I{`BcnW;gm%=pXQw1)%)Ig>Lk8nYiAe znjEVnuu;TW2>Xs$0^frN-F3#oR+&QW;i7yd2w{mHgKS2ku9f!anncz;w4x=%o;!ze zeR65QZ6gTr#huY<6>ukB`Tr!i3-H zrgNSTuAu?TDZ)dxXAoXa~D3q%9DF`99Nr8B@!D& zQ{)MG8Z9_IhQD|e{6-@->}c}ABAWr4c)&1iwXj5fWY{D!B2|ysD47LZAV5*numiI8 ztZ6lTKxX4_|DSDaYZ(92H`3Sk2Fs>LE)??vFNQ2&dEFDDXb;z?`zP~7KiG#k>e%7& z-tHxMvkB&&9k7l%pTZ%)-+QSCOGuS_+8A$1@5BxrdUQ$Vhc7eqFFTEa`UZmuP@Xsn zM=#QI|8;9HLz>!^5^+#@`4yUU2JE9s*DkeQT*P6?xs zqH%*#6NS8d<(|X_)6^6Za%`u5?Kpx?hONIHhOQqXye@JPwM~kN3XKO=$u1Se9GrM& z=nQ@9ibCUPr7;S?^WH$Cfk46L3F-;HT)arZG-doMg+^htWDbZGLp|gHnd$9#Lo8iy z!_o`wyfNr(5HDWX`!m_yACu}`h^_?158el*xiQ4l6om<5{PL%AE_6f7m}zK4iuQhb(G~T;a0ve=$Cw zL-)8&pVh8Q^9pf3kXQT_RmPGPl{>y zQk$A1qB7R6bt-Q%h_=lCx9$&fC(wM)&?Gwpo;6z*^18Bj9kckd)1t8fb~x|~ zBsQrq3Gn8N=+F%jV4 zVNK^wKVP!vFAQ18ThXqbw9%DOHaW^3+#3C0(G#CkJ_>n#f-kbu9;h)2_&LH9V}DTb z?LuUK z(>ZF}^5V&LI%#}_J=9J~BwG~Ky!(A9_#rpB%_Q2#RVz3-T5F`tX2JLJJ}q(|7a+c` zB<1*d&K=1?4%$<5txXBijl=pNHo-D5oi@AtH~TwI8MaD?TKd|!bf*?ZE=4#v?q#Fx zyI>BIGo9r9P1a!^#32g)PP3(a$c2yz8>7=FR|###+6@3(r0J)5nrm!@p_rj4RXJnK zx^fK`3*eqMAkNJHDT3GK-<#As%bP$`pr{tpw$@j#@M8WJ!Lx#-;aX6HbM(IoJrs~0CE-HZ&Mt1jv*|6{F0Joet%}NI zNCOH!Tfh}?vSWzgY(SVbePDcUOL)20`zOt6xk1s4=5Ef)oGAaN2u?G`0C-Vk)E6Is zG9Q%A`=2DZW1-@l|M2|FRW6iP6nSz=Vh3et+x!mTnd;*G`3zS#7Ozx@G}Yw$=}PbLuKy(zbOrMW=;FH-A#p@L=Hba!bJ}|_ zVDtjzTB(1r+j_i`M4|PJ@nUWBRZ$;OoJa%f`nw|i0av~#4{5R*(F^!b3;a_uXXC#u z@XP`HF^dGwtm~Z8MjPUI%__PsjBjBrzo+u=p~y|bL8Xv|w*ONBZijB@S}a3}m?3lSFvAdz@{_hF0KA0-!}5|Py6UKE+crEF#><}DDDA8^Tz zMc;|9cVx67zXOo*?X{id_^vZ3QXh^un2?~DA=dn2;vr*z%5;5;xAzWzS5qo9O))YG|_?fFnTukrG zalN1qMOB#8N7eIgmyk3x%|1%``; zUy5ljWY)ufD+YtM?ku@wYPg>R1In;D$&$a&1=2b)9~Hr~few3)dr-PqLoyd<-*N_R zJza5J4x};o{@p1N{pkN;>>ijaYXi1Tcbs%=8#}gb+qP}9W81cE+crC9$96J#-tViK zshOIpsr4iF+Uvfr<22W;#@@0PwmbI;jJm8*oQ0H3VS1v^6vjd0KG#X9G#B3Q6&EJ5 z{*k~D{s`csrT=BS0c6YkU2z1)8s&tt5SXAn$d?7M^E@&zASwl% z@c>cm2WX>O-8)Yuewq z%~m+6Z>D=Mnwcu>QIOzfa8o#) zgE|N1b;NV-Zox0a!mynJRC=DrumHjT6IYk5;m?xJDi$Buez=u%IM_ZDZ(7Z4%I20#{ zRxG@tIH4JI09koaqAb3oI<0|g6-;baI~mXVaatDn;2`&-S=nVmH0G1SbrgMvN6{ey zs8mAgf`|LO8*;l_wdqZU>aPx`xrGAl?KZ+EuO_ho{%y>Ie}S_Gqm1sX542Ms`uQ@5 zdz2cpAX0-Y5fjOS(N*@3TG>kAHsEsqTqeghR9B!z`b4 zr<|*5%_Z|Powc(;eeU3J;UCFFBU)jzL@=bv@(Rn0x7olw@7kK)l3alZ9I0K1^2)(! zYJ}wF#zrq_Y}UzhU-1RBbid4`9}y1+*j|}5|IP%_8K{MFb9L+`KN2Fs`oy)NM#6)J z|IISy+Jrg)#BT-$p@TVC<+jnkIf8QroUdFFju_?5q(>b{z@;CF!r0Nr*QJtr^%)}K zSyiTX#a5lP`=Gl(pxgPtXXe$n1qHM9W-AnCM~yMR+Fc zTfRQudzn!8V450r8Hj^U;S(Gz%$yl2lnx4cd_Ox#N(Y8A^hPwDR^%^$WCF`{o`VH| zydd^s_)SLMBN(%~&NpeFQRIQJG1DYz=RwnLM85iG#8sMm21M0U5#RckWVP5Hg*Xt$ zbYr+I4#8nyZ{u+MlN%)*Jk%wldP$yk9mfiDc;ms=j}lkk}?F_5b-hm5t%7H4EUSR!*14^t(X`>N5> zGVVSKi!OgOZ>H+RJVwGum{$4-jd0Pfg*tQ)-g+rtvjIDqjq#TTlZ<>7;(Ri|?Q?r_ z5;2ZS+5wIlqFnmrXEl^B1WUl_)dao)HNss46}QQwGCT{U z^QaoxGN+ou6dW6E4r&x4JiIHpGMN<)xA0jblsJ6%e!55mUTyY7;@93GUTlxf#XNj2 zwZ`$#FkgIq^_l3&atQXr`W`ueD9;1}jQoDh`;70aKi8B9at$cg5YWY{IN^!y*8~yx zsOfS)3?2L(=Oq|@bw4p=mg$bAhFa>Z6oHdar_nm`Xdn;WEvcQd11&>Ad#D6nFRilN zUHyl%lK%1MJ=(~V{XBNH9@3n8yc6}3Ga#$Gxm{y@b081boS%zs4y0|X9(q7zI0DR8 zPq${XzW=H5g|yQ@ON0nH2@TmTVfKJhG1iFN=AXc^ZHuISk}|}WW1PM7F20Umuz~NVJaQ&k<-Xzd}KR+2TAn>MS6}tQ8QxXxAfw zC_=hg2<;g#FWb(F;hoa!leX$ez4D;C_lmq{XzrQB?1Mukd%NGGgDq`Z zzffO&oSxv822k)75ZCTt!b`cO6Rx3xT^uP9auel!$JiF_(4IJZ)Vqh2BW)2t`zBoO za{g3iUt3w)?tP-ku68UgDZC#f8nEN#4=#!qM!vZJss8IMAn!V%Wzx>EOfqdL>osyl ztJ7<3gyJWrk!%k^ATZ0tb}?gNWmeFO{hWve5H7$SD=fsmF8-H+3Ej{>wE|ZXfv>lh53AB1|OFr9eGFZ5t%8jH^$~e+8+?C?uU7 za*JSO(RPoJfp)ioc9$JRx`5~CfXFor31(#B+_dqQtjD&MC(iN!!n?if?+t@s%U{;m z=_7q^7}?q>pLXV2mUF2{wBtjlv0*!-R1e30p?Ep`Y7*?>-4De(6m*}pe~U*}^;X$e z?^b&?d`BN^dtGCwl=|2}OY7NZV#L=IvlO>NEGWl7tkW>?b3~WM;NfPehU52;`E+u7 zQQyu}eV>O~?|C(W`x~>tHIRfQCWfu-wj0FoAC^b1Dvz?fMLw<7f8E+KGVU@KI%Nf{ z9;;h7nZa`Oq`~c~$NSbpYl(utk3iF6qF0l9>Hy$d0^wkyT&TGlu_LP!NwWyEgys8l zWhiD-OaN@2P>048Me%pc<|q&8H`F}RP>pHA3-koV1Z_qk{pxwOg12Z<8ECOX#uU4> z7AB4*@pHJDa5-cu4tU*W5nE|%O2$mY^`%A%j$uAINwz6QAO72N4>`Ml3qm1@li$Nb z4GtqH%i#{9Hznm_DY_K+8b94fv_LTXM28BlI@o{)YBet{f~_MD{l?SW6N#*EVPPjv zb`LydHWxq?>Rms7+b_~5GN)vJI zI{DQ7H~|FuIJyM$uqGkzDE#AUFWo0jd{;eqMf$ynbSPzJfErC1kaW^QC;Fk9ggB zOru`(0vpKe4YGou&tO6I^JDn5nH}Vq*sFIpzB2FzgixzRJSw3_sCfqyfhsE3^)h+1 z0C<;c0~!__0B=)OzkMw+n?37lm;+f_`{JP!Hs?iiavL5IfN`7CW6 zQ4CJMUSK3drS@Zm3KOnFj@M;tkwb9(q=j+$SXd&H;6b-(I8g8}^BdS2i6_;8C2O}) zg$n>M9qnAnbc<^Pk;a?!5&=)S~~Hsa5&)nSa~x78*nopj8pMtIRj~ab_~Li zh_(X=?eyCu=46_oSE;!=1^Bsg$0l=Jd+Dst>gw+9m8VK{h)}vkrLEf##-TwcJA~lu z%DZ%-?LZ%qYG55UX$|L*{-z;DdhULC-k#lgl^i_!J==Nfr`9Q$6)$U z^q(@5BbuT7np{B>SS)i8JR_VoQbgDq-PMW!ZiQwA9&0VzTmTup zOt+wF9GZSJkAxPlB9ZmoBGO9T@?RLJ^Q!U(IGg+70z0hkJaQ{S|g2k&ueuFOl zdMh5bINZIbC-oGwvHenKPI=Na6?c@I*Q*yd4hn`!4>HTD1B=mp1AOR8Pv>ySq@K@p zST~&IXujr<$)E65;~J2Cm1RAI9S}wTFM^X392C)fMz(J{#G) zzD={;9dy3GjTVxmg5%8%n>2xVZ4=0{mZ7ESzf#XXbpJ9T$9NVuT>?vSaG_t&XM@=h z9l_b|7biVs$tnD6iy+TgJ>Ax;Q8;J2`Qaz&OZ(5w&Hn0$Vz+UzW|^>(O;~93km(jW z*PxDTtZ*kbKI1qg=0DIwn34!)%t6nlLhQ=Tog>}4q~x_d{D4vHGxdwR@%nNt$?1;Kw!#W@@3!~aLk3EV0pA@V~96VvMR}@#GCKBnFw*- zk}1uoGf8RcCQfRXp7FtZtjiv4O0~`<`OGZUT>W)UfTaGGNd{CbGk>mgc8=IZ+V|hJP|7q zj89!2&KbnW$G2(X1_jI*=EI&2Xlk=9O#g_5D_T<8rAK8Nh{W-`ETX7uFxI2mz&(bt zzO?WnYO8BB0S7?68H9ggH@k5UEIE-vS4MLFoMUO6nzIA4L`I#L2=(8CAtEKIL40!= z7m$aZ#Pdj~-SDH7ZaPaHa8g3nTl5#i{Y;IiYa|R~I1SKAz)``>e1s_m^k?oXfuv9O z8Ls}weTJl@dslWlYt-kuU}txlJ|j{?_w-G<(9DGji$Xty5A++)MpO19aDx#bf3ic ziY%o|ScM|Aaj{6x=!oT>hVAP$o|Rpq9SV(J+xO2LKDgKxSwbb;}Y*7NR&OT>828qO`ffsBZ7Q%2G?U=LnK zyO5j{^{Ha^l0_JmkR2t&1Y|#p3*|a}1h%3+xcIQH2adHS)|=VQW8!3uAgT zXC}gMhETnAlL5*}=lm)EYhV!<{v$az;vdZO{;47FEH)0`syeYG5?XrA7UtadQ-ZTv zEUF^6GYzp}xs_#%A1-FPO?Gif=k{VFuY1K#S)s$pQWxW>hsWZ~N1fo5O$W`VBJd!Q zUDZAP`C>8_xDWe5ckTVh$b7e zQE+U(r)eoWVvE}X50dERs$qjf;fw5`g2@f$GbBi$XtHrT9Vpc-k@XT`yP2*|b}*k@ zdr)?s{dL|{!cw{b-`r$wa!1X5vcUE?m~2#$?~))R-yrik33)f`KvuHN_o$WG7HPCI zVO?lWsGfRSEHv-O`!!SKxe=sP z;adWYR+b0fqtPDx`)5s&)N)rlCuUddSTa(jeLWRp_fIzGE1lNRdCqxqJ%O~toRE0x zuhHg7cU|GgGi_2NAS>4KfA$nQ%^ue|sPCa)IY^rLgIPv=f&RZX3&1&DZZ^y-TWu&g?vY4`?NHpWr3(ojN&ewYvw(wONk^`hUw$9J%erq#Z4T*+0Fmy z_}e1`E3k)LLRhAW9>y8x1YOB!=QzU8t;!@YO6pD{Q?m~z!QdpiX4rOqy2C&H%qqf_ zsp(x+MM$Wl1{lg7Z!3>fJ`WIUHl1HPm*(zb!!SK0>>yJ6;Ch4?U0R zj~tN2jfq+DAXCjg1W29qkb*^Kbo}ys+=m50w^MQu2#bn7Qlk(j0gM!%89gXLO&)#< z#swSq)SE$xA7ue+q#6C~SF8)!#|gP($1l;wlkIa(ivz38lm5NhPZSmj}CMsKUDJ z9kt9CRlL15OkO7dUO@;NUs>z2Sl{UBA~TZeGxJmHc!!6Q7zpmmE?p zx6+*Z-c}$bB_aWr8;mL^gt8!lkz&Tsi2@SGO&nM9H>y}c5m8G?4(>*^E;kqJ^G}m2 zlhLJKn>3{fVRRETfoRU$K^NfQeOdI2if<_Lcvu>0sMl+nvv3m-zn?R;U5b&c1!tlVvr^Tb4*(Gy~v(B<8=lN9+ zMd+FxY6BIb4=a(~;gJoW&y1U|d+$RtI@%6C6exD-hQcabVC-52V~dl97{ zZxz~?Bkx>Op*^kN_F@nCv2)aYOTzXN`BKt4@!IoQwNeyS^57X-LJ|;!44|VsulSUg zb$xT2!wXHkJxcM5)z3k(s+aCt^h!ef{0|AV3dfI2bG67Lb)EL6Zu-I}>AJVyWs`2j z5Wv7qh|iDnINiKn8t8z5?6v+GL?~N=EY{>{xwWJ@k4e5jb{dAV$!_N1_?0}mvU;b@ zSy&4|1ec3n+R!NFvauPgb>3`k=#a1edWOyogYN}JV8Sy*d5V(bfw0wAWoI_dcSSCC zQl0;bQE%;m3Nc(0md1(QxJTdvU=Kr>P{(7gFGk*)liarRl!wa@M5}_zNS~i1DbXTwJ&A!tNsb|Mgto=4eNYm~>DBITbK(l%`p;b;5WZ@wRJJ`WL z%fA4{<+82Q1&r6#C^`L-3#?@&fp=s<;dt%@xt#W4eSoM~fls{7e+1a*r&A?z1oXuH z&eE&^f!ZrIO`d2nhw!CfVH4zk_zoZpWi;mGC@Oj#;CNSQFWsy^LSl`eLDH~8T?UjyqBRgaiV4q; zF3165Ys8Lq!&xOd`s#tu;BVt6lEX zPV!rEdDX+G&w2QUlKr+<_Wh;ne9~^*`~q~dtwuHEg!O&}!@ZHmAhP8>AI z0Rb>15e1Y)esIV?W{Tj9BW>lwpxj7XN)700qH;tWbA6z5cmw8LNWaf>y{>^lqu8g9 zeowVV|7oR8*~f|)?qQ)vGv?2jKhh6SS3nXm?AN4L4mf53bwPwjFo@-yMn(8dW83m* z3Ww4}e+O~$uY3pm$_Mx@?(K_jFcISW8WeUYkK@zdOcOCOcEH#oK_F^m)ktHM8H`va zejGOrHT2rsgYDNmF%}T4ys5?TPs5vO(uTgT8XxJT0fx;`C&Hx<4I-l6dxYZzC5&0+ zRRbQDBn5RahYuAqN4-XR54813w}q8ei;m6Jcb#3ETsvnnC|@cBJja=r$do7;!W7KCGmG-8)s%KTRY=447-iY|^2 z3lBAqNjucVJ@Ym+!&BWM#<*$lqSd2Tz*M|up2)1a4z zTG3V6?*n3M2btim`817hmh^*)aQ!`{yzhy^_`|SZD3F0CMw~=O-ZSC}=wdCl)qLgT zCK)_vB)l>%`!{flpwVD3eFqaUz%yI?%4w+TNOla^LY$fSq}|V%Um6)x)2;^={8%Wq zf-H`KAyIRo>}TFm{u6OUhyN3C0S1Bpr-;iynv#z2E>V86$8`Z)<`Oh! z0UN#=Eoj5~FJDR4nbA8k$Jn`OU$w-ro^$ebsQ_$F#ZhP2%HkEn942MT3*qAbw})FQ zk|>B4hGqcJ{IY3pzA#Rg0lMGS{OUTe!+UeDDPRlYbo@G6fb*{EUzj?s;u9^e0(CsN z61H$weCEV;j1#63p)~j52>8t;#*Y>0bfX7OPCSA=N>emdQ8FC^)wsnVH1WJMt`QcW zmLZ!6C+t2tbhA(*G@BVzC>6TxU;z^*{#P?)L0w|Uk4V;X-BIR5UCw&NG_0JYD!yXa z*^D3ccfUx3QE=GnP<~G*K1kGu9c*R=-*qTtnx2vH@4QMAK}^9dT&Mc5pb#(B)saRq zJ`wkf>TbMKTm?&>W~<>PTC1*p$w}Ha)<0GJiavR7Uhqkx+joN%h&A4 zTbrdxJf6N2Z+#(#MEUm1=A?j`lW0|6cAHhBZ6L*2Syy(XKs_YlH-t1%GZd=dCV{8S zAUlpI6jT_>ME7ROnIY%8Yen`Ap(<1v?#Kug1ekycQzmIbQ&`YK&nF1tE(mUQ7X5mD zSWnTk>DW1ruwufa?&fZV$*jC;C4dYmJrkmx2YReWT$Xoqb{@*j7cdzo%HS0$;4I-0 zds|jBic>lZgLF!Rp9#qmG=wkDKt>1@1M+epl^vk>25*7&gLJWeSa-z*p-y8Ws~E~+ zDra|^r%z7+1Te0LYF&T4yo6Hggg5CzMHR}>$OnbsAQ+XRkjamQK8ld#08>0e1|1ayQO z2lhcVNxnWo99T9`lAKHu2@6qlgrY|pX$J?T7SdCg+zoW^i=}^a6RxCHtI|I$$pp!f zjTzHxrJWe_EUYPWTd7q)C^#FKTw7)%5FPh#k}z5Am{|gGE}@F zn!x-HW+CBgn?918MKR;ivs>e8EDBpizC-$_(rmW=y8c~aBCXYHCILX3RALlsk2Q?@~9`W!rH=J{GrR5XAv{B)= z6}O_Pm*O$G1HoH|*Yfpa?m~(J0rcmd&b<%RTG+X0#(ZuwMhbTr?I%Ix9xWNfXiz%c zUcQmFJLmOE%?kCxU2v7?_i@rs3FRo#l)y}5wF;9_J%of+r**CN9RRHQb z9x(@;5y+e}_I(QL94bSA>m$9!SGHH2q{N7FWQilv8hkif(PI!4iI`i$c1hzD zNJ@~sx)T={S$IjkBK%JAmdC`svdMLP&o3}8ghv*7SiG(M$}EWRl|<*srF^-@{m+n< zo_Eim6_VBcq)rE#Ed3}Uht9Uk*bPmz1UK9{6tuPf^02;md7<(54DVZW=Tt2E^f50$ zo7|2%{aO(!qG=Br$6Eya9@O70gdz)t9&Ab{O9hji zE*q$$FCf%Lu`j((ypV*gncX5}=VXfwa==N#ZcL5V>413{(2v<#4YgE_QUTMv9`wG| zwz`oa0GMH7(b}#fef@|)8~aRF=@z^xolNKB|3rU4c-kEiB1lqN%hcv^R+CsCL17Wv zCZPb&WVOTRVYPoy+HAX3Asxa@dJmDG5A-?=CNUwYx%eqvL8t(FRK)hn7JYP1)tlVW zq+}UhD;_y1R%J9a`jDUmm~@0)$q3r&-eW?#MHceF^q5PlM5KuYmH8g(-;?$;sSbgy zL_ejI;XBU?5=}5G^xcYNc^K;b{kH@L(WoY%5~smx%>N{Y;h$5ET_#Xu8QL8D(pDgx zPhC4HD`_$>JLfOKbAvl+jy8-tHY}H$m`HYNo$RkP~oGfp0>Mr?SW${Fy08WLbpnZ|#yURn_sG&V+#y+{jv;#a7KjSlpT%-%6^W z!N=Q#k5dd#D#^$dW6FD#0^h}YCyvIna81=2)KM!!W$mlm{FoCoLnZ~RZ|XEn7~hhm z(FGSm{C~+#a#7c9LlY7OoWXgVM-;MF!3|YPYm9^$kdX;l;%QBavge3pB3Kr|kXX?u z&|#zC>9yc^0b}Ais5XT}Jzi>Lq*V@2ivnPzzE3PQU1%Wewy*TAJP{2o4N6dQ26n9& zpb(&2@`B$C_V^&&H0#7b4{77>vEYx<(=S6J(7#Xl6&PZ+vLjFg={uB?L85a&62ry$ zua|+f1IwDO%&TNVfh@CwgDLqO*IetDoL?|@)4rKg(NNLN^9kL$DTcvxS#PO*hsHWU zImmhtrkTYhmpvQL{F`P^6|l;r-JBSpes?I2|4Nz%SMw{ige*z!YtWX^*C1*Vu-t9y z0rtN1woWB-ZiH!AN0t}V5A=nPqzrQ%s;aV*4vM9Iza zk~60xh}cCfDm~0R(`MZ4!E(oSF8vU#a~G;MJE!eFL?mK_**|f^h1L7Fw0G!Y7dSk) zi?|~CSTgV$p3*6*=ssVyenXw_D$0vq>L+8h9m2f80OI4=TW0F@4+opXaEpmM8zbh( zV}6;WDzym8Cf@$Q7|suJHo?-U?Y;}I*Yo3smJ{~?l9VAz{^6F(v|sOkB32!FOZsWp zs}%~9{sM}K1Gr58&y1B&2p$P}$W*DRKRE!#*boDE0vALr$qY$y$ZN+rXCI)rm;ovG z)3M4N26x%z$irDOZ3ti4CB2J~AkRGYOl0iEAKimne)iCsfQZO-p?%CV&!eg8+6@Mf z$PoA+TG->b4XcK&W~9qQNnP1Xr${D9l41WU%?cDMhTvn!Bw0hTErp8{!?)y(&SEU3 z$tXTl^Dd&G!hWX^+hhD=8ia9UH z^XQuZV(ivJd@nU%Vt*0Zyfq~Pb>ZyY$3ZcNIlFQ{86Wazvk~n!++RO^JzV@*)F^L4 z-@xcieUrFeSl_@7AX|_e>VqCeL4oZeWyg3TsMM^01Anu*i%f>cHtuC6)Ccus_KHT$pHIw!+lTy29&3V2=3oI{ra2H#BHcm z;ojPv)k5HKnXitY@$Sqp-I-*rfCUF_ZF-yQ?{mJF*CS2ToI$X!{`$e*Hxg#viymu{ zK~`Ux$RUZRfnXL1X6;`8{N$4vhszRm0?%@{u6*jpy>_;+ff<#BMefUQ(H`FplCI(F z+M9W+EP`&~)4l06?!9Tu)Omyyhb&i~na&tV0Qu2UoTk94H5FJqX}anT-_9C0yXW%8 z&oJq*pOt?~0NP|}PxV@se7Z$6w-q^Z)v%f^f?0^I0IA$jq$ zyROcru8W_mCbhTKY){$8e40x1Tj|!lQ_8b&X%)H+HxJC~nVA9%p@LA$;JY z6&GDq<`dy5B3`V)8T@ulOGY-~qMB`t`Drd__8T@^Uhk5;^TQZEw!NT{h@Br+9tN@b z6T)uLCjUrya;mDlM8VX)FkkE^Hbl)PSb2X)$Th-ywb;!H^w`Hk1sXxmsMgGQ4+``I zB{QhG%#5Ta4otWze`*&O6qLXcch(o1M5s3`=3nOuXQM8DL$RXBfA2<@ifLIc>zEj5 z3+Y6U7fPNOneTM6;rw+Idg{lLz++a28)Oiz|2b?B{?~X5sYHdHW__8EF=w&2m6&BWNK!byFU#xVs3naoe|vZ zdg<9-Gf~Lx8HDY?>_m&e3>)?56IEE#47sgWm@2}|Rvt0ddOIinuJ%YEHJH#f%-(Iy z#K_3+q%2STw{xgdZ~C4OS^y{2`2cTnx}Li^Fnf(}gnnpK_cm9&4J)P#_hx{E<-wkO z+(+xG2VPCB%C(LLbhCs$C8=J7)xPjv>fhtSi$}-OT;r!f3t5Kg50p5q8l{&F(1Iz= z5tHCr1B4RMrq%KCwd3ge6b6108!Cl`Vz50bQZm(xbfLr}BO<1BsHH_+N~&k6)rbnO z^)70%Eq6hj)^1tn5JWED4(r>gA)DXj+Tt8&!N1Eq!E@}!YUyocxVhO1=GrBO((!vG z0Ygd&K%t2<;+;;7@t0em5z}GK!qHT%`J$8JH41=P2oO6cg?Gl%a}9cbZqDog6w;6& z0bsi|oE;KBUK}0SX(liH5{qwSYFVy|5#2JjtkOg|RuO>T--|5oe-y7cFB(t++M|gq z3`b^{+u;$JG~8}!nI!UL$K`RWvfXD52QwERuBrn0)Q&aA+pw~)2!ZK{5h%V0Pb&D2 zC-(Xp*rq6@c0kRB$h~=ZkNFx#osxlgB46T08WWQxWg#HA@SJ(fKXo1rgm^O~FG>K( z416@X^%){9zb!=^Qv@G#_^*Oq`-)g8-_%D54n3yj&?y;R5l&)lMdKWa3tDMPw(3(I zPvPhGU)r)%97q)rBm&tfQ6;sREWckOFaiIF|LyvG6a6k6%^eWsQ2F&CMmVnlPLfW- zglJo1V~WMFg0-g{%E&tY}-cNxK&;4 zWGiaRSSsNc6U%dKI>E<)9bSel7kg$nut|y<%|{bvj!|u@)VUR1_>a2Hbe+)jneUdA z^=i!0&F}f>>T7;7`g8h{@x|6$*$d3h2Hytns>eMXu3tth)ts}qZ}av&&DF9aA%=6~ z@6P(B>N~`{7@rM}t)0wzkc6VL?%K7EVT_xQUgAGd%1<^0gtn4Kd<1w9BSoFcSp`tZBVa%577!vJ=*+ev zLa0-~%`h5fC01XkP#_}bpeo_N9Pv=+3c_CwoYQne2TkPTYo2dD@Vp*cb+NnIhv&>X zq>pVSz;f4t3xU2XRo()@29q5#mi=4x z&Ea%(oWaqyYtB!SGPmo0>+|-G2Wr8;-8dWFA8=91`D?%hQ@$ua<=ua_6rUXTBFOi6ab21SEvl&Nfi2WA}+2k-q{T{rez)* zi*x6LQgh8kL%R-5GUn~jj+4SIGLXkedT%_YiqpdE9{*BMHfrQV`7!`DDYVVl>KeR5 z25XnLg08*s?i1E~IowX|?4+m|;82Gi#wJLkzvi)l)tc@6Bk;MP7`yhR9LbTd7BRuE zo&C|axckLrW#cg6<`X4>+c3)67)Lu`Y*_y!#B+j|=)=lPtNd;QGW9ecG&7K{hg#&V z(RH>eK^h7PY_&^8O!aKWz(&T(`3Gmekf# z*rn9)Wmf5E;BzM>iX(hmX%>Sj+7ia((2sXaF)3-nbnnb_bWbR6Ah+mCdb(1U1%k#6 z9fQoc(yzMi=!p8*8TIu;IT-ki8Uk;GY!p!NjY^{!PLcVy^6L{h^i&V?fkTMnouq?M zRS+l!M|?scP5@sC6U3vv4haMo9~+UpRI5$wV#wO@Dcj&Twx_NlSjg|*^2X8VXiof1 zCWOUR?x}DjV?_cc!zK6#*(^KT5ISB=m89#8Erug!s3?wk$*=w<-!dDM4 z9{#>JI3&CTl#!mEwN3Y))^}yeU;Q6uIKy&oAqFTsfKsQ{k4DoMG-><`mj!3b&MuW= z$Q5PR4r>m_*+)TyS^rL-hP~@h%dd9k-ykca>Q`f(5pg!Z(?(G1qaf{^at>{GPwq*$ zqJ?ejDqUXgeW7DZtk_7Ep8Ej~T6AZ!?J~R}BeQ283-{>j2bpmAI}e{vK}v(zGj~CW zcwQk@Pz~FSQgiDH3k5p+F~j&gJ?h2Y>S-jCMZF7bzE=>by#v1A(NZVKwQ5(r^-88b zMrO;73`wq!dzliy!!O1rTND|Ef-HXeuZj1U+1QHf`PZVeBe(Ta_+h|Jd%D%-U&z9f2q$WiA9<+i|`@yxI{p%cLHDSQg5hcTbiOBdqf3`Bw zu%^7k2tovie#{#!-R}u~7=tT@5X3*%lKcxy+VsE(!!0z~TRDjqbG+l~WS{a};0{s@ zWS?9Lz|2uj&k+od9IIkc#6)ob^qwzw?F0waH>ad)mwOZlkO}+`l61s*Dwq^T3UG{q z6T-gW=c@`|xI+DW=RO}yt!MBl13`ih{7INt_tvRH+PfxPO^%H#$TmMuvzsN=XQ;G; zDTxDKmiG^G+^q2aFI1tX`_)+45Q$i^MC22n8pIeSVOC8?*8SUVx?i1#AEZ{4+1IfB z5G*s7Psef))v5RmB6xfX_>{x1`*EoK+bcx&cmWmp&fNE?QDdStwf6_7Yok}FcGzt+ zpO8lw{SOVAL-J4y4|i`!7+`SYT^srslxyHBL;Ab`XGk$F0g5}F;bT51_v{~e3+D-i zYQ#cvfwi@GBbUYM9=(rn>p(z^(V~?<^~k3Sq7i8ckrRf^sU@$;XbX_8KXYlTBBc>S zJL3Z^g0oK6nU{*OHx>qMNC3T#giM_3pt)i~{-@sW1W#n3#p0ltr22)HRB&Ka7k%kw zCK)SFg=9eNmJCi1I1C{xFp_bB|A!Eib|Dst6i-@clFtBrtvNg_5f7zDrg^JIdc2}K z0bg#bp}Mxiazsa1F_`r?rM38)?7jxp8ti{^8Q~DM8ZM4Dy?|LV?RxG;H{SwQ*BnSm z=47((SYaAkECx`Z{N>{Bl=<}tr-UIjMYie!<%GZDcqMa~f6jqWQW90S>f&@z(3vB1 z;x<2QqME)qqr)Kr9`$VWPvQ#U{LxLd)lk%ShfU1O!3^od_T?R$+6LSc!?CJ*TjJ z-#zQI*g1AAppr5x#d6(S&9QHgkzkqXBRm}Z9%FW>yW9PFYV&wfQj40N*l3Ps=7Tjp zIdUTpK4PP8*7Gu+4~7VIh}vZ5sP?$tdR_sODq6ViF``PbN3gAjlDLf#IZ;r;d6?Xp zG7v!%F+It45jSyE@@kJk#5t#{4=j*Hvmx6j9P=Oq$oy?1qlNdX_c9dyGolT>NmLC4 zAF}0I4Q2)_y062bMD=j}Qd$4JS;>-Ljv~%N z|KHgutLTipbBAp=K{AjWX3YMD{yk@N?fP8K+U)W2*Yfh>yDL0i*)rL2A_M#U+#Ujjx&7AL?RyttvbyrR zN5fdpyC#I0<9&oXO3YqU==Mod0!xg_9W3(X5J*=F4BM=ED?$1Ewn5!L+&v(kRw@#C zO*E>>yC2O6ym&9Ue7XuNfE)#bW1&jM66yaf5YFXP>8hcK164p22 z97%(BE7e1rA>GlcTW~W#(-JLGC(L6&K6!m?;p<;Bq3-#@{H9Pe`Pd@XL20QD!2jc0 zV$Wp2#o8mz1NKKgF=uWg-$>)7Se99b$g7Wa* z)SETJ;dEe}bs82R%lw}?Sl^DLRE+d78(g%XG9N(0WB11t7e0zy{Gy^BoZ~&lEJfpM z1xKnB6+4)(wX#Ewf!Dhs^WHL%!+Wb+HA?21VoJ<^@b_dskRyhqhA>qNia2c}d1(Hk zHQT~WS~O{;3e_v*`L4W!lk`A_Cg)M@Y0E}HEp18=Hr^mu+e zu^QC(DSXEtNM_KnHujwbNGk;TL3FQ%OyZ|ipP#g_-1welPQo)@aSu<6W~%G%Ytc+) zKN>I_$4Hu)$;QVy9t^KPmzrQ}^{9nNhl+c%NVl9Z*Da-BA%O0k<4AiDv-1?HHwBiN z*c<@1;Obd(|ZxbAfEdZ?EX^dP}#WKd=m*Cz4{fWVJ03y^rqVF~_Vq%kSN9CMsaK zQq2FhK6BYv^!N`Rq(AwA2OFGWp@@PNvu}thP)L4{E!f70%Fh$wgt<*haKPdE?)U5_ zpTX;@Q;o&Yu;@J=dop75sG zJI{L^oM*QE{~`ySp~lHyEV0D@VKuK^ep%e5^!pa}@>YABRO5pK)2RJ#bMOrO=#3!1 z4xH37B3wOya%hy0pl+oquO2iPW!G?!X5L8XX}RncdrwU_o5gapBkQ=>wIQ8|iqH-LrJhf!akseD{7CEU`U5LAEV(TlLO`@s`{C_W z&rAAb5QRYbB-Di9o|mUFsnSHIV) zzTc-c3sXe?h2&>OTy%=?XL>|z3l1Oi#bj#kURI|_r}uZJ75((a7pHGfO@(r}XK;bHCFCtL7*!f~(4I(IPe@E1re@F-s2A^PF*zE+x zF+yon7ha-chho#g!_|uj4OoB(Qqm#oYFgXbGsK@C*$gM9@9gfwdFXAR4cNk(6bxiD z6sc!32?=(`_Y^6IU{PCP=pn#-O64x|akTM)k%?5Q$;N@HOrq{^=@H!x5CY&Ls_Ch> zj6uz$PRPgRl**=^YdUZNG_MY%i<|DHYMNC6(WA}$7KF!__m@jE7yCYBevu2uB9sw8~0nY*F6!j?!0Fq@Ln5?KYJ|h*2vJu-k7o zFps&~_gNmlogQZ-C`n@EfERh1QBF6j1vPFgRHFVnVb5VIWX zfIaN&CwPU^3!Z71Ea1s@KxEn>ylg_d3>e^sn`eanrE>S?RWR$T8Kw6jkxX?z9$2>< zy{{3fy(Q0jcQ?H4PA?RwVEaay)`Ua&J~Ll;u?kozT6J6MGG*lI&@P8_7Ua|TQW}}3 zV=~(bq;;M(8(j*%30+-L-MwM(&0g9N{hpOxC<=}j!lmGT8{bmUOnSzfdxfSYXa`!P zdM>H0yXm4|T(SJ@v^IJ(WukqX8!8_mWqQWzpt_Q*fZR&ovda&X_*+ute8~Jg=L3_# z8MzTszqNidc1SG5bsqZ-p83ams$vM`y}l)6pnhoHD9JYuvY%kJSJhZ#dTJrZ$|> z=CH)cnYY#V?c0K%AN@ywb{Eag~KMiYfBR%4}?pm^cJFU)vKoj=fbr z&xU7fHBUF^Jbmk$qfatx@v6wGAQEMGVT6ydse4{W2|ZNpa8Ee)e*eC08Q7LZji0#5z*Php(1ca z0?D?#iWw@6M-8z#qO2*Ck}s@T0o$|~+Ugzm{d5%bSCx8iJI(+?UeY1)1@(S5iMgjF zaL3ujCu$H|A!8PkhNoL&_C6sTlKoI^p7|4V-WCm3w^3d#olS$UU!}cdh-fF^|C@x zB6+QMzRfj7RruMV(7t#pbQ=aoV?2bx7QAkTIKIGOr6K5|9Pe*WV?Q7RGn#OW{qep2 z#m|?*Pq^qKg3XbHGjD{Ve3$BD6gmh=V&&8D3anw%%mB+2YPHjekO(Y+jFTp&3Udo& zih*8ln;B;P*b~>5@M^F*N2dQk!if{v)gO^?3#K8H%scEngrPy!Hxyh3F5&)ybwi|R zH+^$r4#;;z5y;6f1D40+LtR6eE@eao4MC z#r_@CJ-Y-Wp7F-%gyay_r5goa-;64e*DIp`0_IdK(v`HF_%_2VGYK^uMEaj0NE~wg ze>fp@5plDdFnsO}D2-H?zdtGG_XD6Lw14@3yzmD)R zlP)ihivQ&M%a$ykCfDC{PY^Fvb6&`7`gL>z3`?BBJLh%&I{r z5XvnotYmv<1ON8mm8$zGTPm+)Q;q{uiVmhLwAe-6wLBU+$aP~koSt;3BY3sM`S^wrjgFB*j6P@cKx$N|3hTQ>t)Bjx&SENDt zz@$?lyBO{LtU!TOrr0B6EqN{73M!rqgZJRH4cOWp%+Jyt=PD@BPbWfj4KV{~VE>O& z7z#!!JPq@~hA&}n!u3)Q5idc#8a*xV^s$A@#Qi(ERM-Y@t(fk+$a-W%g>asw;X0l% zmKHzTLqX@XVzlx%i?)bEqT_LG>T?oG9+rE%K63mYLrx6J?ipj*t>LFqQ(i@5%`>(8FTKYho&PzOfM3v@@$O;(GzWtMGX z`;+A45&^vX5D1%)<01ym37i;9$`rcBtY}n|#-O>pN9*>*@0t@WZh@mcr^!|mB?Tuv zsBWaG^9ucr4&(L|NCRc^u4>54SY<|UPo1XP(%q|7tBZdsq^cOXo_ z8r)V&%-eq}{br*Fkmr8^XoCuR2WBQ%TJdq&Y{UNoBABjtO7Gg_OI{@zJlft3OkKNf zmsRX(8i}0_4@WJvW7*3O2B5Am#Lmhgn#a^+nF-K3H^+0}d5~q)P5T>MuzlC?uGL4g z!b4Yxz?)^9)SP=$c(tPR%w*!yuJp*|(`ZNUHfvt$wgVG#K9%0XkX%t9yBMpSnftlZ zog-C_UjTFU#JqJtx7LP7GpfvAl7o4_+~su$_j763N^GZhr|3Gb0B*_eW|ndO%sy@+A2FM6(VX|A0`7QX8y z%U$+przne~?Cu`|RTy*0HK_BZAJp)34HBb6 z!M2@$FT024>yvNIJIaSd%lyqjKu)JK3GOS+PXqMzmw{1UiGiiBSmlNdEGIY`FXP=E zRFU)RsMTD~RHPV+4_u_H>e2m zPErhwZ4ZT-5u;F1eJ14hKSmaSA=QQCfD%N6ItWTa|_H_Rj3NtmIM9+lr zchJ&2Cj_$^8p`^3JvS3b4Zq=mMqu3kTNF${AnvX<6h&VUNy6u)QAj|QD`>lvdOi$M z=s_PF!w*U)`uR3zy^Xh@$Jzq$;t!yXW1|FMiNsh&m5CEznn#3KhRhNL8>wy@&z`^L z_Ts#Dl}UDXEP(;iR(h~=Rg!y08w%{xphi&_;8fVCK&H+Ea}{yC851#%7ZYa^e!kcb=xb>Lr-tdIk&R zi&TLpox=7Ss*nEVt|K@G=ZdLTwL+bH;iJb}VHxzW`~)FoF6T4+?oaT!_-6KgWBF|O zjnDerXA45g_V#}z1;Zm6pn}D^Ak!4}+DlAyDka5G~7PmGu` zP$aM-v5XxBGrGV{tq%5g`4&DnJQCIih+jQJJ%2pl{}_}H#QGshpbFVsc8AR0APDUE zPrug-_h5^=aCv*Ry$fHhL%iY!uA(cY7Ne&e!Xst26=PrE(gy>#ub&b`+|Lq^h|${U z4BHa2RtO(s5D`JP5h5x}97~Jb4oqj0zge#SuHxzaJ6Mk6SgSZjHHQrb+H*rh>3SKr zb0uF68a6#pFivq&`P%r~5{0n4GAF zDZv%2k>?izoLBSLKarj#fcyhkXz`CkBqXB?xWY+lPU90DOPWC2jNlFQi_~> zg@lwg4bCs0xs4i(-Moo|%|mIa^@Kx)(M)$FoshWn zw(jW66Xd_W&)GWTZiv>UXe~YuA`7nf)@t?D8y>HV&Uk$+t~uy1y^q-Y-P+H@t=1SZ zxA$vPdQKzdP6g9Yd)*MPK)g8m(Y)!DH9k8AZ{1a&t;(}AQczS5ln_R&Qr99H+fwWx z*>chKfrT>dyWqg1yDBX$=t0F2L0hgc1?zkl?mhif#GVFw3i8p+B?{C|>9JWn&3fw0 zPpvM$A2v4tSO5P>3&zbbQ(rEy2vfLL5`DR~b&@=OKG!Ti0lzYS0U8vU!axNoGbQ`u}SS<^*%8=#8prt10z;RJvvnr;MJu zeGT5lNms@^_Jd)++7%YDo~k>2A|cd5G5JEau$?kHbU(cuj`LRt(WJ!Rb%w4RFuV+K zD8WJ3Y}AmZoLk2Y*QDA4*x+d#Xh_H91rRN zk1Xx~ep##AVH?fV6x51~-9XZ*t8UA-(vQaomF$l{fNLy2zFC-DPu9s0dT&(fR<^1^ z`dV>Fmx7^a_*5APsJ}>7!Kro)Sck=|KJB#vPFSk*RTZp*exL3kQuyKF_pzAMrFYYP z#nrGbor*eAMiW7c?@?td-IC4PzOuda<$wKDPO=pBJz*Lqi1n0}&DUHAlr_H3w3ALi zRi`I`OTeg0qL_b$^wdAhB+83HV$1CO38r^sDpg%a`G)1w#Qiru!{P4Ep_4tc2Rfyo zLUE%rOsz}es56cj=nk}C)fVlG`vmlQbl5%d7AhPeniCvc_WkGa{vP8d>0{gvdZFP_ zK7x`xuHa%gvB)C&rF)gwww`-hc(8W_x{3ahEM)gYo%CES_1idA;C3wJu*c9S+Ssso z=MGS^vT&obf+i!}l#kTmun7Vz<(;)UDp)&fX_9enzDdZtxdTB;)LjZ03n2SA31p*bTu9 zsms9Ch4q|Z6r^b=bdA~FWsG0B)^2XMQFO?E`??0sTF|)fE1>%hGPUlS&=J&|#+XL$ zi*pCUCEw`5rdU4XIb1-dshl)maygkPFfsWzPEKTCi?55pZLHxm`AZzKN%fS3KyrQn zrx*BrB%|FFm+$W`MGdx_*5*6UMygDw6MvU!;+Fc75-F$F_#uyJg2Yt*h8d9=&vqd1 zzjRgd$Nv4$ebR7E-`vcsb(r6FY`gK2%AqjHy#h!)qpU}(d{I)NWx}1 z>Fj_$3lR>R_Hn(&V6r2j+46`Il@5OnU`W$^x8xlJ&V?SsMzJ{Hht@G95yLbed!%q& zLdG#}MCvU%*Cis}pCf5VDpe5&lZCLLZ@{86O#rJLgt?m)bb@{pO6%X zzG%(V(iAs03P?ldiddAVc2L@mhU&)R$5Y}fMuu-ezw?e5%4@K(fTt2cn?)LbZ$gfv zlsLC0b!_5KRX>Jc+Mp5UCDCZaZ3v$ueKQi$a*+CK)caUiL`nRk111We1PMV$Kb)Qb za>T{Gw{|u+YDvKdl5=B8X}EziO>z-i2=CJr%NLwxrg33q2Ner^W`rhX`7olwPeRR$ zYe}Vyl8}`Cbcq%~;n~}p`MYi{J-81US3s(b#jB?ri0ve;8mc4jh#$v^p-Gw_hunn= z%(b~9)@$w@nJf87#Z#tIVc7TbbC6 zpfk35LQjq;4nuj&N$Z}h5|`0Bj_;So$XZ5ec*E-(N1L}b?{7B*TJk+^C*PngTe|8s z!^%^&VC>~+JH=IG(s8Rc*-&~6^Td0-Gn2V_7 zCzI6NTp>Atan7Ke=7XHX>)UK4j@AN6q3r$C-tZc#h# zQySAFlS>D1%O;Sk3`h~g$e|e9kVh5UumwXaHuS>+TNCGqvVs~Y?5UC)Pbu7<6o{E6 znG^;Akg+ryl1Ri!)@6QS<5^?xwoF~g8($)dWhpuVUg(kD8wf+`4=0Hf3DMN&PetHG z$R?Xp_c9l*T@~1w$RWq;ndCpYw%sE~V2{iF$y{AP0@7UPM;Uhp$4DfvAvArbIHL7JT96)S!TN`AWf>;gUg{Hgo`o ziHHm)LNg$wjjhj9s@c{~N-_x9qHfu0e29RXC+b5bCQ$g55XTf%%Icbohf!vq-z+jB z;ubMCwBec~#-DZ*6jz)?Ux)Qj>}2&oRS6=vn^7SuC5I;g%y zL=)4EOAoEr&E^>DlIdm|tMvd{A+t~%mJCx;b0Ue&km=V<%bX0qgte6Qj@4G*l+N}L zxh4Ho0gAFtM_Rc+?lPP+iA>+`-&?$uMkXje#&p!=g4zninsi)z?HXAJI3n!YIAM~# zhtTuXm$>xk*RGT)9$%OeqpUwsbQ*)i+HtiG8{q=`KWWCC0l_b7=Q{fOo`OvcQKf~_ z3J`dn1yq1TWHrx3gGmtUJ6*AfUxqPySW1~Ogk12|4Om4xUiosY>CH^ zn&%`xSn!CiQh6tp$^_*&43#Q=q{2`$KBZi0smoB5gPWNy#o!C_T+7ohtW$edH_K48 zIP2Fz(|h$L_NzTff#LNzT5XlcvBPQc)a)edG;ew4zpCZH_H3a`Da8b28*%;xTq+*O zU9zKcVG@{Y)h{I5R;$s#G8g>^u%|U+?#3Oq4d#|Bk}AmyhQ4St04NDGa>@}cWfgND zf19AZn8l`s>R#LsxzI594fF`UHgd#GJsy%~aA94iSY>schZ~5%vlroT?PF?r&Arl~ z#vrD*fnXFEhGcMde8A1xp(H}fK9< zdKERb?IC$&9|^xttR~G z_XBM6KpYv)CE+FLJB8TtZnZj4@$|Sdqa;jY>vr6Z9C8%33b&`OFNT30woFbzWq1oE zt-iT;zGkm;AM1b6C*4fC(^_#jaf@FJ@7+^Fe&e9oQqv#)yE3Z2c=R+Qi&B-M(#?FY zvq5=@xCD8xl&73`@^n~2l%{0Qak^9@)uAq;r`8}k8QcA!ooT`6)Z#u5ytjKQ^quPb zZX{~+To{WQm@x{S<$J`-xp6Q`#OBJ~wXA;p zy9!*8ZioD2Y358HWX8FcWMG@6%(IY>5oq(E8XZy~LMP-iu7VD;xp@pgNhi;s?0R(Z z*pj1sq8r09J`u=FJ>F+~BSIKX$Wazv?UwsaN{E=2TOdUpa z%P>=r*=!?35hB!)hg7YC^7s9IWU zkx#Gd&}{0`W#!$-?LU2|SDYkUGCC=Q!L~mEnfNW?8rV}otI_jX+KZ&u^SU)_PwRg# zcNL-zOb+F}0e$r?9Ay(({u_P*)PQN0&a2$MlceHTV6!03KPp6dA3vtvHw6H@t5Cj+Ozg75ARSE6X0o{OtmLw zG&Pcjd>J7Ll2F6yv(y!XSGWP6o_BPwnjVvHM$ z!K1Bnz(Cp`*8Z$E|GnlBS+G>)q~8imSC0+@idIEW%T!hQ!_8XvPdaTmDr(7^~-}H_DKI<0M1k_l2pnwEA|f?eaX!cUk>v<%X&sZ zV*;ZN%(3LdGF|CF6t^QTWc@)861OF`|1Xv1)C+&3@gO6ASdI46@ufkv)%HczG6#AA zxz?DbrTI9n<vXJ*dfBY0y84$>mN%?b-;V3iaF z?pG0fb7ZIjQyUwA_jp}LiEybLo5ewTQ0kHTgnL~Y=(|9{!O*{Hn~uOeuOPp40yqMK zuri|<K~^$8^=OHmy6T!6PGz}1$-6q6Mjkw}aW1Ooa$li|vjopH>+Ziq%L($jyN(3F zXv*_$N~UbJM}5*laz@lp7^Xe|*ob~Hx|DYtz^2KUsa6!y_*1a3DYrac#xE>YI=T*Q z9&~wk*2&yZG4;F4I2UtJfHJOQKt^y_ksZHU6CdUsnfjnP;R|b9SI@9o9Tr=1*BuBH zk+H33;8(dreaVd=4iSZZ#eQ4yOdYS4qg;quxz1qBBWMW%Wt*tIScasre64w#33PKC zFieXkQ!j3JBxN)_b_i#<3|@Y*WdA@85FER3IF<6B?W6JL^`cr^Dk$-wq~gYC?4%+9 zQB6kMn~qLrXU*kGIHbhL9NE>X2-ncSFP~kX-1Cc6kORZ?XXA*? zK^-2Ki6{N$*54uu1g24p?IRIm8>%MF0}Yfh^L%MYA&6xiz7VNuR)7`?%$iubqVe6U z8cenX?TY;bA3G6?O+<*elsE}k>(97jk1rQ~Ow6q}jPUt=O0M)lzQbtdgnLhwD=zlV zIcyI@9gwBaD;GfQ*}CO#CD$XGDuHSdt=L}XM`b0UMYr4zHyIoAg?Z*f9W^aK$Z2Ug zQ#(#tHBD|erHLLwI#9x3Dl4cL;)sj%KyIj0mqUfkEZoRAlzvW(Ld0LV_IDa=d{V#_ zp-3;!MKSVl7SkTz?Ah@z1v5d0Cq6`1A=|js_&?ZUQuP2_ok?56bE{Y`EBx55npV{6 zUx%!$S0Wu2DhRm2go@)fuP6l}_7Ao)u3y}Z(K%0h8I<`~)ye1X89=ItH;HKq0O%JX zz-TYS32nq}SUJ-!6E(a(Q1Q)mMLpLLSt~>Y?7GvOZzO(esMVsiy16X(j zLKV%Mm0RoOt;ewK&L8Xp2d`-nA6pQIT)?zJ42lu?M|qZXn$!BF=na&@djH@TgRDnOOd+6;>xWwW{q)k{>)8mv#}8{@-3_3(FFJPo2NyIN zXl#YmI>Su2L!=wF=@f4%o>~~v8N3DI&Uc+#S0azc$`hntwE5*b=}#&z@ru5T8aO7LSGAiR9(`7#16ywLA#vgr`TEsWFvJL0E= zfk2~hyb?>j>*9%D@q< z<2l5irDAe&<27Xz0r! zUNS}a$q7e0y!wdEc*K;UeC_FQtmBdhC9b?;6Jvn^Cc;wW z9nv^rHS^@GY%`$f@=kHxz{Cm|@eqXBra|)hjUpziF%&NSKxQJj-bL{g^j%wOq>i=4 zsCI${8gW^j1JlO{Pb2CGwaq|tQSnRvP-W4#{^?ZWf6_=S)MCEhH+9NUFJE)IRQnE< zsEMJ7*NOzhMVVM}ONyDKbPsM- zgiqd;>jSo=@r!km3HS-eL{sP*x0u{{SaBi=yv%AP2Utg? zxF~Y`xaU>TUrApxs8CZLw$er48jlShZWnPveBIbkI?xizrZ%fP%ETe>Z~vK>G?rG{ ztN#oOZ(hr*EkTnwDJ~tY+(2gu^DS>pDx`|0$dFB##NI@uW8z4`fJ+nz_+Y2*sq6(% z1&WJ3uU+t!_Dl$Up=_ey;ak9IMPV){zuQY2yRE##4?p zaX;|SELF&xw5Sio!#GygtsQ+G74;{+x{g}=%4BHfjzQCP-FJ1>F-jNEwCf`)Fva~F z)>MWwxZmB$9$jsLm7y#X<#*KkNlk4|BG<%UkKtpEq$Jnx81p%gS<8vroF>W>8qo~T z;Z_E3eTkT!PE@oMM}Ape45s=^A{wass|RPHub?9;?Y zYA@pRcwP5`lBq48!XPN+)lfyVi45)wDbnf%H4i4b9I^cym_2BDw%b=cEYi{T+-<}@ z%3e`WE?uIm*}5a3AE-}$B&IZ5D>mww<{kpSt|(9hV~Gz4p-fiMS$ z^>JHl2Wft17c-8a+z2~KMEoDA##YD?RRU0~J#uQI5^H4ruBVdoK4x=~RG@C(`M`6{pn1WNiVAV%Rzp zrJLroBMFzZf&1VqPf)-|@beXF>+@NDN2~&QUJJTGD0Ly!yl_{8W&)r+B(VrDh$}b_ z>JP-1hQOg&AVRnAIC{f73@?bJV+~zuI)pjNr0XE&r~>oWrSgJL~V9hh8)X za!SbKw#st|^%-e|x#R*koSyt=#%1q4D2kS1LSW_kl^0P0qBKM?#9JivK(D}`iKwJZ zNcdOB>0y`XxopSi`o*t|c#!@4S6wv9`+?QFiCMdf7QLfMBj~WE-zb?5uN{W8YHsY6 z;;cfOLKh{aK@no( zxwXIc1$qmZVYECBwd^S!w(Kj}dvio9Rk_<1MIyKTPkr&P0avuFM>AgwREzzfd?mhN zfXD_T%+V(iVr+j5yKabih&Xaw5;;~lU72)>2K783{YUZJQVKk&QlSi=t9d8Yy5zae zEexW+;zXd{ACjrx;Lke-TQN#ADidK!1KNG3Y;I9tB5nrNG#w4|X>%?`&TuUqNQ^(m z7XjdlAlpfSm;l=e2&#jM(U>|!BDSo&pgAarF6geB(z~5;`t=R+(|mdGy@W@D9@kax zp>c~0*-e8y-@9kacB~%|4SN9r8TULXgXdoVO;JnRaoG@w7xw%-OQJ;Q?t?v#;JfTD z7pg(T{r%%0U6&~%NH)4#0ZJ~j@c)ziz`A}p?5eu`S;b?dCM6LjdYXM!7*v*%hr(dj zQTF(e{7lLVv^{vUFA|Wtk>rQq33A9qxG+nVxb696jwXCAp_eK7vw zl>GvS-~GLZQ8B;(7qQk}c>UNc&xd1g7{Os`x_3Do4^aTP$HQCUUdN2`BQ!?!?BYXk z;&h_nA2mssjL3r@DN1afxg5*NVC#>YVbaR;oBwnQ&pmj;V^t?kFD+iQMoj6{sVPc- zr*qBVCc3CInkDqxo{xU$)ER}BvP1tTYnEA2PzsiN_bg#eU6PKEXICkkVx%>+29yI) zv`mQL%4XW`*a2EH<;U*|0hoR6KT3EiXJ!3+R-&r^ zY|p5>ctB+Qov1+dWVfaHbBa-=3!_y9)e~dMTh&diYx3GUCqE1m=X?~hR z&!GO&QyFL#$d8!3=V@5=SC~LQ1dTPzP-K+d2{TQiq0@MdVjbbu+V1gLKK5+#oS z4qff|o*U==ZkQfm!A>;L*a-T9sDms-DtDPpP+mRnu~Zv(wZXcsU4yz-Vg!Hf zJC${c*x&~I?YUG3Lz$QIcUHs4)$~HqRMCz$kB%{0cww9c?f3bUlF6~5!J*HSf7hOz zHRt-5TX+>F_qE=p|H4wE7wH{!7tK__U*9i|8Kw%#y&joM`C?|%UaZH+yU!Lt{~(Hd z+nxQ1s7(6`2^zq|b>J#Cw|2EU!ovNzo5J0F5aD_qLE^i?|H^Z#FLa}haEK(f@k4qC z>yz?X)sTZgGl!e+u=tN(*9rLE{p41Nq5CY9-DUy4!U&zOU^WIQ+TIr;X9W;IGRjy~ z0>e-4?8X0rQFjFZhfh_n+=j98mM7|3;Ep0_0oA#jT3SCH`nfF@j%4wZ1;1_m3BHq- zwFQ_qn8?QLF%w3eAo~Vlsv}#O_IV4c_D$J9t%#u#_G9^_NfH)2Z^~Xxf#}Zi?qKOg zl*!}NKT~an4o@f&h42^Lq_1Hxq8E$w?-ic=Bl_1Z4e*M-n zC#uU0sRb3aShQ@J!qHDB*9Cu2zgK5ZF?)2FrJWt#8V5cB>n=Z%ZS_PY$et;(q*#vV zrGJ&H>%7~h%X*5YF2^saT87%&+lO0Lo(WRxanfE?;G1NCOxR1Pr9BkMzRr%a2f1)| zOi0{Uc)*9YGV~EMDnl~C+yY^$$9T}4BRxh<_0&hAkFiH$tlyMuJ&Yg<1w)N9CMaa| z00;ZE1L~SY1CQ{m`<}Oq=l%R+;D4xJHSqlKFRRJ-pi;s*dCM)0?+E${Xe+w0C)D-e zZk`Bp*-U2K0rB18>^Ofdog72xbR)JfOBMlnO1FPsE80*s9@bYq*r@hFtSER;CDQo9 z1P9Dvo_W=se0rBMNP`?xKd2w$ke|_?otgu&ksHrqc@K3mV|wB{$J7I&s1&MP{Jy}9 z-FwPJ5#qIS$)RU(y4Zpetsj_EZ_j`KL0f~oon4IhA{DYEPL;WxywqvM&IAf%9;giN ztjNHkBmFTaj{}xEc=M}mM1Gc=TO0e_IB;W_lT3v2;4#R==5mkZ zHu}BU)?>>h2Hzs)Xc0?~SjFk+tPmTSz0LXYWUYz2$N42Wz+8AoLHNS!x`D&7ric@5 zIAv9DN5!@XpZe&fY`~*jN}M<~iVZDFjcB5boDQhA|DAeOrUWH`X_c8EpnivYmFD<9 ze~@FpZ#-E7K)o#LqE*eOt>bqi=u4q~Eug96_u+Z@o|;T)l@tY%NRo3e)03`UqKms$ zOo&i>)Z@YXuQ1pd&5bYx={}vA=cb)phA8{~C#l>Bn~vilAzhTzv2~gdMCwdMEPh^+ zppgOYT&$!U;Ljw16{zFSE8N&-9d(ImJdx`N75?Qz^=l4Qg=K{_5Gp^zQh$AN?wNcj zi?Glm0SAtlSc)tYhvt+AM_Gz4uP&2E=@-s1mN6x)Nhu8Qrd1hC#kAPI3pf^*2%i=- z?vLpwmrZ&7$QL7{WEhVMq(OGa9P-=aK?VsJZl<~xiyh<ubi$-=y za;2(LO`pfS0=Lc)6Nu*Iug@}k79~Axv3kCuT{FG=G*gQRsx|E)f|)yEl<+`U27L9n zKepoI?Eyv@H9xQ?_QcFDqaIpsZP-7wnc&fp1|{E!CO=gQyTbH8Z5;<-?bGf3dYezd zjy$id7tV`+>ev&`A_w`gFvT1q*5_u5G`+Si%yGJArc$xMnG{?$hV7ZF+X}2b+!}lo4*b1 zTh*=dMF=VIKu2>P<0(MKQG&w)6hR<}aHW#PS*nJKy2;W=cppVD%~p^S_XivX-xKK) zHH529Q6=<|q_?yQCo!_-2bv6E3FBq^{nLYlM{kaaq@HsoM-qj>2_rEG?UH>WI_*Y@ z$S+4;)XyRe4C3nIp@06qyUK)17IqN8IVmC@KUe$kcpWerMX!sNAlw9#{T0%)ByYyeYTJz>#&djE&!4S;!>Qbn+5qE|bMB$M8+DCLl9Kg`AasAeb0m;3hB!;R z`LFD(jI)2#^wc-) zOJtIA1cRtJnNtSn?E)+9zYKxK*VhNLnX-EBWFs4M^jIyZp%_{6gH$V0P?+J;d9UdA zC;<^M_ov*;n;|Hs29IH=Y=o?!Cp?9);p$ekoPr#+E*UTTdZGC}NDsk|7_0f*V^<$O z2>cNQjTO;X@K3%i9S2-Hin9sQR!k`C**l+~P{$!Hgwe^EQ!^{jP%;*}vBxnLUh+6O zM?!mYtuC2TF3wM-FY#;3s zqT%ln&FD!p^=(FkKRudEI#nQ&7+74%Eb zi}l7^^?>aQa4X0R|B!Au;cd3wL~f{7#39}_zS9EDS2-z@Es45Y=<}*H5A}PEOCjP< z`23hxX6YffW=rImMoZ+W*!e?zt>7ZoSZi=MQubvDb^0t*RkB1pR9m|{f*=_;fZK<0 zE9J|KMl*guS`sCAm&cd&wqwdENl_v~5j4(pMZiukeh7*v6?KbWAwAd%r4P|%G;>v% zfsguE(yx|qHBBMBh+e|~ge$#Ta8V=9O3^V|j0+z5l46ZcFFeT{{21=?b3D7{-9g~2 zZ2V3l5*mG#v}~dbp6Rcd$vl4eHMGoRfZCd&bVbqNcbvcX65Z`FfPWK%6kR$?X1FsY znAYwEoWcNcfcLPMCk$0yB>_a7@%ChESMIbZNYak|e5Cc6HzHHtGy^7Mz{e zb^$yGIL1DuxD*|1%JB{N9U}KeR|%SH9GOF2#`i4GWdlZ#M*S?ckP*iz-||^ob7ea+ zS#v6k-Bz5prx~uXv7^)-ieH`c4pR5K_d+7hsisOA-y-1(M_BB+hlGwaQ(`^UuY5%yl6kL&8AKv;Uab_xE83#*P_{so zno>UfymV750C_CfoHd#^6KJ>V$|vgyT`4&19RO}*Yn+7?^i~+W<-y%Ckz=H1AVBik zZO?jcsvSnXiWSMC^RtL6ctvOu%`i@sHbr)2=}dv-tFD%?PA0;+whjT&b_WyLF$k~2 zCMG4K21)!_;L=uWM;eTZ9t}$+uR%XqdeY7~2c>&3Dkw{l$~j=%B^Z!4L1D71s~TXw zoIHW!Kulp)G4tvPo2*BqBHXlw`i3mtPAT`3X+c`~xx=KtQ?(BeXb`Nf6;G=4ux`s@ zQchIbI-=gAqDNDk84SbcYDp&_axOLt5VwDXzw+q_Ai^!48VN|P0${2;vwyEqs_3$b zW06v${Tih~+R}W5|D?couX(uR@bEk^jYQrXBfuPCY+Diums$|hZa2zJS{9AJHK=V- z#Rx!7mYKd`C)^iOaxeibn<5rDLt;aO=w@f!+CL4~iDl#+GFH|jO{e5T91CQ`>`|!E z5dR<(=y39rCnVL-@QRXr|J1ojYSvto#lSE>T>R4YB68eqJL=th935YekSBA3vFQYt zcMRx#EIt*$zA6eV6Y>ec<@>^XybObVoZ`N7sG1l=4r~2@0n{8-lJ!s`Bz{PJU{-}V ze`M%!Xg^7u|Ji+LP*fA4MXN!8${gLr;x4+aXHaLaR;YwL0lk(b^)ywunT~{y;Ey2l zgoLR{Q=#W~xxnD~)0}dwz-69E%i%)n$GMmP&soVa4E-+NMlMs&y9Lhg7k`6@!JR9) z8e^8y4y{*_DGOveth;u}M^S}6`oLdFjhYMtR&I@nYcXIy&rn^<+Av*9fJEr%ppze! zeRs0ncrlk+G?(f|Kqta1I04Wx*e0y2^-4!EUBA9gV66rgptd?3Mp3}5(;&2Ny@Jv; zO&3GIq|<6>buNMeRbj=0n{C@_2~W8nV9A!m`MH9_!gKR-g27`=O{97VWM0J~958)dR3aa3Ew>W$Ef0nSdc` zB_m53V;rm+1cmG`ElO1d=UYwj`0`i;=`nZO>!q~nggmb!FJT}-Z|9#24D+ZD!#K4R z573VADk!GK<<%8>n1vp2M0d7q2Yr7}o8I%fxK8*G7!1P}u}2|iW{u^7(FAos-9&Z< zgS>J*J1uK0b(3nS!RWUub-4vT=#4FAL?LMf3YA2oa2*iy%ZHlzCarH6^_S!x;ZK~i zzmk@Vy1NQZEkj);M26^A&uga;(wNkF@n$j4H$vp$!oyCMEF9Avp<3CMEFVLtAy-nV zu<(TMExO)2O`DiUEmDJt-)EuITHaLP+TfCF-)0hPWTX)PH#nMunTbN;VtgorLh{Q) zEFAHdeO7c!#7?!0?g#wUA_)A}AWe&^L;(8RHq`a9R`{Pp9dkX@4UHtCGD(C}90x}7 zFTxyj{ge`gvI5@MGDbnBLly93b3)_5+~2Ki=O#kox8hiF8!mI8T&{clouul^mQeT6 zN#c#TWjBocZ=4D@7k6Ag(}8$p!6X0=GR8~UER|BGf8(&H{@IAyg=%O3BBbrr;-UXa zMWk{4D}1}NM6mj)DI#7*QPE)HX<;$JNg@bwfE@jnzrtSCz;&AgJ}>NKHVa$ixJV{{ zlSkx6`}%}?>qyXON~Xf2s*!j3?9%46N@!bPI7~|6K|3>XmOglVC81~%q`P|}Bxmq; zGbH*mYTO$3hpEOwAZru$&aagN1K2|RC;QBSO)kBB*ShjSVb2?)w42boGvJY&tw1WP zo@~Q%T$Rw6?RBzll0+B!eawNnDCa-97BlD+H$RdA*4vxGR+)BzjM*R;091$P6b>Hu z;i=%CMp7^}9=Z-3`No2?5i2eZwyt&Ks=v_+met6WGU&Os)CMYE`l75N4;Le+r&m{A z`1MVY0H?=GmFeF=&F{)1gbmIt^u*+92Uwq<#GWs-3Qf>2uCpa3`MZm6c=TvKi+z@<_&2^Q@`oZwu}3G?f{l7l98`UyRW;`5d@D46m!D$pGwL&(Zm{zGO0Z*&g-zE z)Tohla}umuxYhy3m?!SW#@?r=HO~;C;uaCd5?`E-1?KNe;X+47xUHCK1)K3i=k_%B z`c&F=&^J`#dA{Jc2(%_rINJ?;o4!K+P0K|!b0bvjV7?SIntvgECqJv^7wAdCQjnF_ znhQa_O4v}F>($OmT^B_Q`A$3dTx}pR(~sPJIaU#hMtiFeP#V{h4Nh7EDjv@$90&Eu zTnSB6QP>ZDAT>Yjfds@DAttJn8*=I-3hqbr$HAQ7BJa3(!1@+bu|~+;k6aHcptD1U zzK^7R@N~7+0%+L=`?CqrU3XX=Zp8f&g`0U6S?qG`QZzaOpkBH0Xl%U_cySD7?+>)hJl2O%F)joXwNv0 zLpv3smhn{ccEFqUq+CV&Tl)7u#Sxaw2w8Jy18e)#rPRr8;&FFgkXZKWJi`Y2D-<-D zp=Q*XbzT;uY*oti0^9^)Dn&lf>6P7d>;j66JRG5ue$rjp)boS*C>XD4om zChhXzZfWSXyx6R5<))Dl zvJjSbnW`?&W8p*;Pt(DM7IY{rPG5}M3jSKSWoxXw#$I5T@8j*)1stsXK+NF-UCww$ zFT>~0^;%P%Q5_z4xruk{RKL!v$8S$PX9HzaY)*1I`K`zsyj>&qKU5#P)3WwZ3D~Gy z#oq)6{>m>xm0|08>JBF$i?b{VqLW_}qrKD1GS7&*mxaw_r#(!g&iT>R@|Kn0j`_#H zK6BGy${BF%P#U7L&@Wna1wZG??A#OhLE|5(mVV`fi&|tRIC9P=7i$N1d0Go2Ph}SD`byrY@fy# zK2uWn{29u$M-X}{P zM3Apj0FO;zOcCTCB0`Ci!J9`SZtOp2qkc8QDZ<-)R}snlt`IMo?8X4>9Ha5SrJchD zPEL$Kxn0Qp3=%PcI;_C{h%XCQ_3g0w#S?rfJ0|g8%RWUIU@C9Yf5!Uh3U_HX3|aU5 zA5-~L<;8J+VPwisKo^S3Q(nNnesiO=JNVwl?$|!LFon`2+Wgbw4=UtRbyI3Ee`%vP zXv>XTn8Ctgbly80qwDm;%%MlkTz^^oE?M|6NXi(mZ3H{2fMi@J_ws!|qjs#SE!t#8 zy}zvS;X`_`IP5e%=&`hoVa1VZBLxIs_M=+H<5}Iq)5#t_J6X16H=SAhYAym|;3|$| z_L7RKD3UG}pMf^a5;+QyXu~k1g4oxIn2xj=U%I{`;{ z8eVIw%JBtwqleZN4AZ0)5E_rq6)G?-t9@j*jFU7hHq|LGO%4r=pDBnf6v^Nc$f0Fi zDr`rdG$Og3uNNgK>?-0@8798MPRp9JC~}uLzaUpJ)A9DFd|XLBfDMo#1R}9+3F+)) zwcX_k49okYdiMH6_Ci!aRSBv8zQ9p6r#U5Tp+BR5SL&I+bfI-$ma6vDgvR1*B%;C* z>hObIhuu{R%srug*UaCHS67~iI0nwj`83T43eQ9356T7XsIDCh%jVA1U_}Ia=1U?6Ejs6z^#6Ua0eAnqYeV=-?xG10p z=$gNSfQKN3wy%e~n|r%EPh}1OnE#CZ;Oq0D=lgr4bY96G)(m68K*@F|3a6&ZTV7_t znzE$Jh9dVu&ja!du-g}#{=O#`_hh3mVSTja_U&sQ(WZ2!aZM=0$7GHO-F2O0oMZ;f zDC};vj$ZD!P&8e*DVSF7e-X9yjP7LfgJX)h!1SDtoWx5<^xX3c4AJ4c82(L>PZR+pCA z3cT;XmzMzLu)2HA(E~WDN#I9Bx;(jb)ZlST>S~buKfh4TlN}6P{@{^lM)Y2xy++f; z08R94bZ}w6zb;?EEErxoAYIOF3LWpo{ehdFal+JWCExxgI7 z-l&%1IbB{j

pavh3VmXoh`FE=UHM$DEkJa~TJqEkPEv{kyQq61GhTFNLGUvJ~a#qeHYLgPPU_B>#?_1+}g;-j=9Z=eTJ|i>$mYWsX( zswX5-b2O1058~Wpo)HP|s#2FFpS9jrg7dJLi|SP#VyM9+#53`1Pd`1Aj`^(I1`3SP z7?i{@?k1vgd2LXFqBfkfc6;OuT^}7{W}@%xqDd%Q-ci|C8j)Z%OYTyBLw9|7_Tb7$ zOlAsuSMN}EaMM@ZwA#4;uJ2v; zEva768eI<@0NB1`X+LW;12wHoEl9IFXTi};fzUc#w)J7Jf;6NYYJqEY@SJ7w`aQ{D!g2l2lQU#W^2LlWZfZX%{c-rp- zP6U!{)RLvn)2X{lbrpCQTCsS!iSrU&d_sqz8K;y4SYTv0MSwIlD-YEi_!N)Vk|*U2 zmWAi+Cd(K4&eyKUT5h$JM`T*lP&DmV6dxDp?ePFtYOV6*Vdbh61Vxm*HgcMQ?p$1U zw2#tESp#ZH0Zju-PomqvbA}-4x=}z@1~_Fn3gVzGsvyRWI9a?WDg`R&`XM$SW>JyQ zI+{H<(#~Y4eWdnJDut3__hEPYfS_DmLRSs240A~2u&(00)Aa`A)7bCZ1E8TtwUAQi(N+o~sjTHAsOA znoQW+**`eKd^PdpaglZLxf;63nF)(9AMRNJ$=i=Y2COuUS1@}*#N+jdv2pyCn-Nq# z*cMB$5Qk{#vRs^iHUdw}m&`F{r!>4X6`NIgAo8ReIl5Wvcqrm<=$*oot^#jk@#X?x zQLs%NP@1fES6(2cqj~^3)WvZ7;%prF#hER5o{klGCi%j#(8Ehcz*3C&i=JtU#54wg z{Q-yjBbYx4I-LfPf{ad|&X=_UfvFl@cf*4!a3A0!xu_K;D(YbQ~)D1bx9b-5-20LP%udTIh{B0~XPPKh9nd zAsdFDUt)MGRx6b%KqC5Yjo!qmc1-9k!^Eh zI-}C@!4K$X1znWABZn&km8P<4mn;Yl+%MU*%BkK}iS|X$gL~$8SJ4awJzWvrMFFyP zyJ=H_LzgBQDWj%|q^?nm-R^&N+%hNZyFg34K1iSopu2&0jPaT0P=^au*@1bwifx1uG;uT|Bq_KN&p}@nB&7J^;POpvPv`id72af_t zSOeJ86%43!2IY!)-fnXZGQJjd+^C4`cu0u1A+!#M&&ofPOiKEA)&LdnSCpa=s>O8a za53r%Wfe=jy@(Sr9=WJ5WGL=K$sPw_2aq72s7|kB)a6jX6w=8xm6%X6C{?@9yfG;# zVH_I3?zWs0l%$M%1G6qx{2}%RN)Ll>Kq2m=d*)(nJ(!D%*u1z1#4za)Hw8o(FuqY0 z2;oT#``b4mL79lGR%82c^Jw$<;0RmPARJ{NMB*~xtAX|gmlLsG(osAa`3)}b5cfrS zA*|MrMJn7GLJF>PdP=A_vM-Sp~R zo;T#cK>-(riJKVVY}`3gBJ`x*W;)m1PA*FMaV699c&ER#7!w=JYs#gCt`=$eg48K5 zEwS3d_m5;EB0AAqza`vJ4B}X-)m8HBa$eL#Me2SKM(RjId%4#GFq)hI&gosJq zrl@qJH2AuLP(#r(I}t=pil~v;4Gb%)U5Hzb3YNCoSfDoquuo@^uS!8(Mn@TiYn#e0_f{#66hI@~I+x!i6JDF(#+x zqQbu^tAF$$srp9`av?!lIyswqs|_%i2s~|z1o-UABQOI%CqSqQbDIgG0DdpLOLakm ztD0neG+sci0Eq7fioXUhz6Bgl13UwJZKb84r``6=#9X+RnZZWFO)@@{@G=!hgdrlb z)Y(J;EcAC2_I~L6F?MC38#V-p!pz?qXPHC>Y>~tA%h$+%^u;op(k~0Y>s`W4Y0O|B zQyD;pWe+7(4<9~6=#NWXSndFywUahHkC7WXbg$mrM*{C}bJx9lq9)2@+TnQ-_bXRY z2DvJh4!27%#&-@nT`o=~Xq`miX3|QN9J420M2##Ws;0^xg4?L+W~B>z`#tOE2N3`a zTfc<_z>tno!k@6S=Ka3Ro( zMn4c%S9%X*g!T^V6FM?f0Oa&9-BJ632xGCk#p_?bzxHuC2Y*HG<8rx&H@&q}zvm7x z)p!*-;~F0A7^d~?bGKc)zg9kVM+&&geXhM9t{$qBA3_Q7CLk?nWFHy6svUUIjXZjQ zRlxzMnt1f!)EEH2#VdybLFMqG>wfgW978dCz|xM-1v+_DlX6Slpxvx-G% zW|_X>KH*o)6TD%@Oa|m4E6w(hDR}D0<^X}K+M%X*%gCWr@dN%=+}Vdzwn5fO-}t6pVy+~b`L$wkL-_9i@zqdm z?-Nu3{aCt(Nkx`lL#`E_2cA9^#1GLPhQ)Y`mE~%6qx$>avrksvv|8K=u`Fge6>@6I!8lMX!Z*N{&zCzUK=)z5qV>#a?*%e zD%g_u3|s=7ZCrG^2`S1AnSveHr)xuuboTmGi41NKxb)b2Cs9)$=x#soT^B8{{0cMw zYX4=#8mb~hgRFT+N_YQs=)FVzT`bo|r&ikd(JxUYtjNIqDH8?~r`{DbrSPWNf()4r z9qzE%0IR`CeQHuEXM=)rSx$lUj!+_ar3u4c4V|7xjzvgWfk$JrMnfmL}vBF0`M zJH`30B#_ZTDOw73>xc(!`5(P@e7*}rbS3tk5r&aPv3d8b6)o(^_=q&>7-1X%> zL&7t|Dc1}8<4u{)B?|9T44_-{{=NdBybVKQ8t@^$)rx1>1ZfyvQ99$|y~mHWa*U2>o}i(OY9-c;lldn^$C5;z-GnzG+q4a2+4|ke+6# zBdX9QS22lwl&*3s*L2vCwq$8695bfD{B*oqB5M&gUWYEAU9zi^0;aHJDNvQo5G{Ro z6_P9&F3S^-;=lR?LU49Q?HgLqO`P!5sLEjr>qN*UOr4;MM$?M!d8H#>eJ|Tay zmgQ8Fka|cIs&PY2c}^4(^ddEEDu3AtzOu!JhWkX2oq?jLOj7Qw%qp(WsAM|7B$~d; zay4wY$;RiXYi)MCT};yhhP(GyblQFStv`j=n@nt*0qha#24A6;YAT5&f{ie7p9MsE zcKgvb3RCN^riGMI09c%CAeBz13BDCCBxtKoHn9i@0`1)Of9tryp=VLIG@TRO#f1we zJBf?uF`dCizh-)ag`v1e?)l^{uhTm7hOHs_iK*pCk1rn@w#XaDU(U+#84atSQFT83 zBYHAwZNJ{Gw+@fCpY6OB^@F{`o!#vt)+;n8J!fTk*VRtz(20gL?kC%R<>mv&;fHPf zGo9bfP*0L4JdM+A3ZcX9BlY2lLGCiW7873s)$)x3#$qI7$-NG0w8tZ_hXHbwhv3|6 zSgV|ntEHrCY@{m3*Z2Bm=gLK!&yhB%lkRs6?_=>OB{^|V0-Y837DCw)N!YXr4+(GI zdu~THiIa@lohHPUSVTp&C{Mi%C?(eOzI53uKU=y6&iKi#mhxjDm&($nt?X7O@Ib2s zY+MxJcvK#FE}uf)Vl# z=??w$7TsRY>A3dD;WI_Ht6B|t)Ux~6qYG*h5IJU4%@P3VY^q_ZCIX;IJum}mLk}k6 z;)FVq5pqgK+V)n$Rxz{HBslB!UKG!4$Swhof>h$JzzH(rflDvhrp^Ombf`jcLC2niDF-sl8fnF_iVJpIIwjYx!>C%dS4pyOcTrN&1nRAA55mZr&WsQL zZoFvyx_#8xIoSUWn){>=0iqh65i~9K4_eQ651zIfFP}D!6%B~WU6 zeBKb7NAUj^KW{%j+CCIVoBKeH2y(5pdkneZ4}ag^<8xS`UJZM5X&fKz9LiLaA)i1H znN9>ypMYAcd7%dON@5|juk3nO0)*~)X_A*pp!(?M;0F)>9GEBDro<%s);#IzDC`9)Y``EpLoUl}uuE_yvzr z)D@-p6xuN@9k4loMudx6v)RlwPnzsIw3&O|%wuvB9T7FP15wD5=Q>-|K+7MW`lDt} zeS>VtA39FgzHTWhNPUI&pw)<%GR+;lVgF)%NNh!U^TGSFmf}ELR6XsHJ_os)OMT;9Xq9Cvpl ze)yr)+CCs1#vg%Vmf3PZ|1ZMb|LOMgoqgm(9UmO*3b^}=`oaFQo#$|29NFhcvEUVF zS5la$am!-I@sOAZ0-3ksWC?%B_WdJD3Mj@^zi6s>OFvMnf1Ipig^dfROHL{&3L)N) z-2QuyxB@~O114OPQxrq~);8~eDgpxjH&U^S)m{}diV2)Mi zag|0@lrgy~6{ZL&aw^V4%)Oz};F*#+!IE-? zni4RmYUJw5dU)n#MaBz%kV$Igbr!B|Q(mtmqg1+dP+oz^NEIlzk-&ZHcWr=dSZcxt z3Js_}$%P(Ptj#0(xOrr$`#^tMsCtlGRfV4)p991={b+8h1)$zqXK8=&|(Uo+&4Z69q5vOdH5>FP;M z(36@Dsid#WBY4G(?XtVY1Y*@0~Fl6$`=5mW#my5B+Il3nQb!@#vzF zMZc$(vSRJ;QQrMM&dD?a-%E*uBQsib6K4E`Pni3quR_tmjiv9HMi;mlBUjo}=NvUy za*UPtHlOd*TlGB{pnlYK0={Kmh3n+pmLfzTA3%2+QW1~C86cl>NoDzdA<#u4uED|6 ze{H?oJA^{=DX|cSW9yv~P;53J?`9*XR*UexNpA!J3bDvb?Gc24~`W}M!m}O zFIM@2B@;6K1ru9j10(w_3mW%&nttQmGAK0j8+rE)S|CS~wgNU{5GWt^CUjRU87(X= zU>MYR5OhsQ(cV%YU0UFNRCcFx<@Uxs(RKRgqYH#STd@;=vfv|*u>~J%`G6&3BwG|W(g|#s zgzsXYM7!^JV?VH*LXXABi7R`GiTRUdUdGfg(k^P)&fb{)J0h=1`Yk0qz~K+L1nuLW ztbiv)6$h_YB+eys{gi`FoN~St`9H3*btMA z03KcE3K0>H9*LDSoiZX|GB|UI&1fNmBv2(*kcS3}OVB5p#D>s%3g3fUJ>FMxsv6GJ&Y#N4-3kAOY#i^t`8kW5lLdpjub){3`$s}Pe&K!G&0ib z{^s6xB`Fx5>}(`i(Fw>L>x8HUnYV;OosN5U=3rnVh63Gt4q|5NxllYrFEk@{B}odC zjEK7BB?3k0aC0mBqwB7ww<{J)J*Y~4w4xj@`j*57vy%8WI(ICpKr%Zglt285#-)RR z#riHci`q+iM5#=<*g#?|JF`WDVv9G8(T`BBZUje~q9Z07Ex9vMPTjOi8*4kZfU(6( zU_OR2M!1Vs;zGw3Ic0%U7B^*NLQ}lbbMO*dG{dD8_l^xj>#6sigs-qhqwAt&a7wAY z25bcGBYAthN!wv@jb7-fTfd8;n`8b0gAI*Rw|5+% za?_Ip!!@x%`b3SLUWeHRL$EdRxEp*&be>sEmiM-g+8 zFi`^3VS+T78czCPY?=^TGf^a6s~JpyiWO!EP!r)Kq8a#l3a2s=YkrDH2Q4a-919f` zmB_$~l^ih|(Oz26=up!DuWfdB5^IMj(u9f=#dnF=j|C}oA!iPO0;#Z)P9Jg@Dq*Ir z49}c?r+c!AF*#6%jdAMF@wQ7mW;jRfbMn#6GbM!}n3J@WF1*WrB@}ztXa?VD2cS9! zZ7quBjR#`CM`sie!Sj2mXMY63MswEI4~+K%^u z<_kJ80LZTkR8_E9d&EjsWXNn!Wtyf<9+Ob|4g=dAS`(BaCbk{Qt(_!EvNeo6G|!tb zk&-A?EYsq}R5_hcTcnn-`gB;WSTaa;nnZ~RQvt%)!MQp~nDeL1c+Od>a0YuTP(Vx^ z45|16VQGZ*jB54Pl9c=+>{hAmmZe8*kPZo^5czmofOL#eG^L@N?6^2}`=lK@9;!o( zF5af&Eb_607jz_*ba~C7Cyh&^Pf-;B0>?}x0$OUg#dXNl6XG%RNGs{fXYwHE$V(o^ zRD&QDzRAOAbvqMA!m18Qd~}T~%R>Sh8jw^gmO2nbc5{&Jcqg=;L}Cv@S`>t>9m2w> z%jv2Bu3I}tXpez+&afR%c*+blVkp5t!djNB0gG99u8m&uIZ{hf`%dc)Zr<`PHbHZ7 z2c3}G(zQhW>9lT;8(9kW^XukO4I7)-6Khd10n&OB!D`9r$-UAX-x#vd+Au@{CQp!7 zY3FdUc&9_5yz|F6LZ-pT0AKlvbXBg>T@wOzyR{U<0UX4yTHo^W!ULL(RWuD%dNSz1 z15FVnm#D&v{9+bRljka0UI1h4%1CNJQ%u{6bwj(6oVgiQ(}WJ#H@p@(s-feQVQ?=U z75v&nyTpyetEVJKVK+unB7Czl9i1#A4UzOACb5-jmPL2JG&jxA%+a_%V-rb^pp8c2 zpXm^BujFBlIt6OF0gFnlDQYV$>xt@ANop^g7>9r6g&Jfx=|oHS&q#NpsY5HQa8%1D zCY!gaws8+f`Z3myX3?5TOeS|Ws@#-Rv($5v@uflyaH}b-rX>9+*>?N`&6&EB;AKK? zGCab_X2l=zPQzXdSYj6*XGm{NwiDB3i#0>LMw*(O2IH$(5k)wvFhM!alA1Ex`&$$A zWTc*rWd-ISY$`N#*tS6I!8L*4?%EllEfC_0Ym~CuqK7vKRL2)O)H+vj!U{JPlogE8 zA0C`gc$qA)@eqa2CP#Xx70)PA-s6>0d00Q3)Z z_F3U5!6Kk#8U+abS&#JFZ+U3if`Aq9$#%kSBc#;Y_|P51NMcS#9=!shYpvMo$JIakb-GXKD3VNB#nnhJ`g&NyctV&4vI?2Nh8U_YTat`XqeM&6NV)RSI8qrD!I89}q59$#sqzA5alLUIu zO`gGkUZ6WU6Y!E~_X9RtEsq*R$o)gx#7ldK5-q=a>fy&h7jX)TS9uu-h;TX)0^#~k z%7>wSBY{ZTmt`%8_%XWSEY|AG2b(R&A%sIJh2-hAKu%gWMD=&E{2h904Jw1nvDGqJ zg~m{7Cv8?x(OFL{j4Z5DmaUlw76!uXQ4y7Qiy^UGZpH!43>g9bsu9GJLfD5RfL{y< z4pc9ITL^meOd}S7cS1ew77CMa3+L7MT#l5^l}2rl#WZDr=~#Z#Y*ya}@9nk?r(f`a zUyDjz7cJ@9ZT(rl4&ZWhcCFLpt1i|oFBc8pbf<8Bz6(@qN%P@9*h$=qmoT)lXI!Cg?kN%vdcNDZRSyf)=jj5F+ehKSo=qwRI zcaR>DK}QP2a~dhBGF6=;xw}bP6QO28HiDrq5&OaP83-wd1T7~CF7?;A^f3wvA^wQ| zn9eJoA`5gpHCMp$j%NwDllq&f$PrCUoa=PTBF$#dn2<2w|3Aw#Q0|(q#xhXv;=48sgo4mlulm1h3@AC?{|H;aWOn(NG6m$;zZOft^xk|)L%{T2{DpRa zNuBz;nE~<`=2n1;EDiC;=0<>jp%Gwkk-B3Wz~qYmF(!Z#E8Up|AlElH0Gt~D-hlyN zVCc78v=%;yw4hx;#(Tqc@iGYUg=T4Vg$m#;6upZpn7-iJ#wYB_2eAYs<4CL)Hv~Uy zh))>kONGr;N@GeJaC3ks3vJN8bEzvA`T&>GhxfMIB{Vy-0|mj5m4)t%0X!lo*usJ+ z3J)a&W01KfU)N_>>b`Nsp9mRm5^5RY$yot2gaR zU6xWO!q~XaBlhHUB+o|NBC?VJez&S~5@ZJ0LtXDMmYy;bC6uUDftXgqYZzW(oQ@^& zcWZ0=u)%s3_V@~E{i-%mV%-HkEs$-8Hbvg0CjBa^4nQnRq-j_b`K6IJ;Bcf+Rk13w zlK#Y@6ab^{fIA?w+=1O^DS5)biSa)b*YflltucokXD9@uX;< zK@`3Z3fJlU(n6|+hEW=h!>uoom0qV9sy8?zrOg*maaFto_9_>GIfTr6dHUP&cI)71 zYx@WelJ?N6Sg5TUv#mt^)y+B_z*cpc;0o&SD;E{OwN*=gQ3jIyN&FZ$(4?xf>qh(+ zt$$IH4dMqJ1a(~ps4Ik+D!AUsAE9kokE>jUIE6XKp&QY=(sz;Jl#)Sc%oAVGFE z_s!JZo#W%(ZS|pPEx@;M`Ea>V{-PyLy>p-`cqMsyeQOb4&k$|m88CE6&0uB2`lP0j zQB9IbEQ|y;F1(M1*R_!Ku0LG z!6!PS7*k7i?q+lY<&Bbnaf`G`1R$B1oiVB-8&M+tE3f;I(_Kfj7^DND{De#V!CH{V?4NRAtxH18 z#O1-Tx+=pxQT9cozx0pl;X3@Jbv6t(cUYBm1E^a#U>!$e80eb>6duF$3Juk%QdGD6z5`cYI1 ziT5SAoWvXIdqild`5ijp8BOT5hNXUqa*8h3otaR9=OV z2-|PFZmZXO^A_gigIKwGu=e0d34b3ydWgS|wjVs8-zSe&`TgO2{C)g{et|5H)#kdo zwntAM)G_zN2M@WHhmY#AR<8YttbLnm$J!{2dW&iT+zPdzoxE7~p~fYCEb3lwh=gR< zMXELElylndxNWmn-#^)+F>K%8rr+-$KB3O5IXqn0i1&orlh$VB$86>Nn;`&HSjDbkx9l z(_{eQ;`FxwgEg)jiCEq+*PC!o!TF(T-F1(TyUsRMJaw%B5|7o7Xk21ggMX5EiWzK@ zMN(HKv6qL^cs5}rnQg!8zC(5_32Bkf#Tp`)u#DJ>|5Hi>0h(vd#N8ixcXkYaediG7 zlk~OUf)Dn%JBna5=rK?BS{Fd;M=4Bgg4F+<<_E zMQ)3Ltwff#9x^;op12{IYJgJPZ+!Pp$2${C>T~fee*PrJ_%p6_0oYaz1UjxH6cJ^y z`WCghRyU?5?E`jn0=i`(;8%}pshfys=|cp)-Vqv<{jU`&)%esEEMgdb^%I4i`h4?5 z|4+rnfCdv0lfpA6IZkh zlq}Kq4?i>|5?W;5jCgf$wAEkohQi6F|AC24n*S?g{sNEGa_}9 zB+wK~fY7ni>}2f1=?*gG3wKoi1X+Vn`#$hmhD6xmFV9;n{53t7Z5tBwGcvZh^oC>r zksG`_FSDd0S3*yc(1Mg%q`2SnD;Byr>x_H7YY~**z_DSiwfx#-Ndc-gCu{Br`f8CYL&|K_VF{CR zrxH0l%lNUTe5x^uV%!K7779XQEvets(vDnx=`)cCg+LC^^;Ojp=8X!eJ?Axe5$~H_OG5bJ@3jBqHknj43@52ZPNs_V>9#29ArpvlnXOvOT|hpp zwt*g8&fWK@DPrt@Y5c0QC2xJoM7r_O{2SDKP+|0Y4*BMNPga#N=n(QEj}$;-8U8Gk zcSx4|vN{(fR9Pe4B6Ky2I>&4eA&uaTnLviAyvLQOw9n=*h<=0VEcmd8 z?yt#NrLLl?79PxS_$`RPjc^FBro5SG0N&YIi%<8VLo^9oG}o4wAKk~hA<~m<%gh=v zuN=%-7_m#`Ybh@iyPHSPw_69#p0$pp70Q#fwfpxUudUpF^!>vJj~_q$e&unAeS1Nt z9GGFC9qQkGr)Sp}J=_0d>n=HmkQr<_bWf+w_#Iu^D zsv1_ko|2vKGSgDDt!F#Cbl^3%k6TZ7jvFj`z9~67TXj>@vNSX}*MWR(ow_6cw)Ct? zcZxX)I41$W2njepTjytM^lXh{wi+V(ujOb>IwQYAWGPWb{Oo!3V2(-Wm~@Uw|2Hw| zqX%C%Ce7%2pyLy^T3jL#uK1`VrbR96N)Qc4B*SsM zoza@Y0BX;Lp?lf5PGxmDNuO)F>k{KM?D1`HO4HUf8^fQ*I=>&yPxbk!K0np}DZEEU zYV)hn&96r0VY50%pL6s%N1y+5=yUb&avd@|eFrxoqq?aiG(pzH`;U?5_E#ShFDJJ# z`NE^TR4j^J&wHmFTAjCt*8>h49#z3YwZyW{lA?e`@p5#g#0v#xA?2%Z-VM~k310a# zIxLlN7yc?uKZBM-pGo$G`g4JzR!HIKb)NmzW7l%8_Yd~Bb0NjTE_zJ0yD9<&Z9J(n zB-28!O%e(Oxybp8(K2ZhPS?DVwN}V~;HOW8fdWnP+HFxD41tO%W6?4NHV4Q+sPGN#=&ATG zP>#IsoL-CPA%S}`lO>!ziIbv~!YP&;(>~?pat|uFltu`PG=i>Ub9YBWn{2x=ZuZc% z&mBdIad`0Y06+m~R;)lNH`9!rERmW`d?MIP2hNWX>>W62n=7ji3nw8vh$-thF@i6u zamk`8XzHTaY_}ai`u3^sb;zEw%sk#@!s9yV+5-Sh2{kE zRnGCw8CqT-Mdee>6AX&xjPQcS;pXw4#9mbqDnm;wXUSZBRUhCb=%+n$-#fBa>BmyJ zm1JX(E;%;DJzJCC)%jJTJDs;rqCgKA1yUS%6%BZAkBLDgWJlOll1t2B@7ccn2>qC;wXs`Uf zq6343x5<~nGtr20l7|h7=V7DVJkziLgX5G{Lf!6~M{1m7(zPQEH&55aT0Qni5(~f;nXZ? zbp$afQtQxJVs*%n5%H4zA(mf-cZe5|Uvid7fW>SxIqXKJU1rAKirHjR-VL#?`OZeN za=eg;hU5}<@LJ>aY8c2($U6^}Jz3hVw>EcoYjt7Vi#bCXOX0ORxD!fm<9+t8T>4#m z{a+WQ(x6~^BQO14E0w~2$dOzL+K#gMv^95#pr?d&=|LK?8kJX+dQh9D*Nyf%x;>=Z z!^V_Me45__3X@1gbPW9HK@|@zeiX%o*@R?GBr;_g^ssi)4)*{lpuuJ5B)m=&I%4)_ zsxC-!)lAgntM(CU%$3#s zQ(lU26`Hwx@Yc*FX6G5jto+oZYU9mEyL>~&uI9~`Wz6SkGj_%q10&y$mwv z!x$qM#sj#~+0+UD?e08%UO)Qn@VEvEyT_r|o&CD;O?_z{9&JC{d5vjw7-1_l3Re+& zWeUOWVg%-EI7|DTuG0xV^f8M45U*>sf|RHgv)3QS8i@`=a&jGj&LmJr_tUqi-vYAHi3*AT}nQdzXM zOTF=oG1L;V)K4UZ%Yh>T%HaB=ecJ9gXXh90f8KR_eQ)pwK<4=U<<<3{ zm1_Cp=F|Gt_Os_NcK-Ft?%w{v;s1BkIDYx-tJlB%yVYuaECi<~ZBSDCtf5-Oi_KrR zTL74O-34PihiDKg6QA>7X*h#O@WGJOa9W#T?xC#n<40qc0gl%%pN!}A@5CorAhY4) znVUWiH+~#y{&+$MLP#p>-@1`YL+4cGiDyH+RV$j58&^^(!+^eS^YzV z?vf|g1bBj(%LUq6DIim!Y^k$91?)_QA8sR|U})oIqBw;Pc9u0uQ_fR-rq0qbhDnqOvljL^ke)M=kXTdfj-p2vzNJiwnkxB#-*!v zS{UIGT_y2`M0r=Mmqbr?NrS(}l4hj9-(Qz^tJT8E=Q!nWch=tu8)cvS6N%8zMFZS` z61a1E;7+K5yQd9ir4T+FoiG#J-GXMAaB^i{k#0>z+>DmEAw@CsjLtw^OrkL+(g%t3 zMrNtRLyg=4O>zS~ItzU=>zvF?vD}<)nU#8(btq9`iz!{X#c-2=InsUvXr~~p zCQdMMeP>__m3M>cMY)^642*Te_onQ})VnAo6%BOQQ?^)j>yu=br$jHWVsr6395uLC!h?@ zQ>kXu<9e7YP+%U z@~`}td~nH$H_pYGn3Gx8<4H|M&dC{>qO+WuGo77xaDrx@qZ3d=>W7){tCLn|&cK+S zi4h0iDNywk42{nxIJ^15faN+${$HByukYpS+NGhS7=&73ux%niLoTZwQw^`uT1 zw9(fD+4K#DK6&sr7{0NZ1maQmyv9kDA!drtS@Ow0)5biC&YSEhd8PNUg*|h+P7mGgW52?Zjwme?myP^STsafSFF9w?#ZDl&O!6w~T4W-jWGveU_53M# zBw$rtiFn_eIykH0278jDTkY_BnrK1UZoOyoj-|jDl$}G6C{dTK%eHOXwr$>9b<4JG z+qP}nwr$&1*Z=xOk9yJ(IoOe-jLeLaC-+`!ea--F1OE7UHF3JPkZ&6+IEoU}2SYI} z@SV8}KssrVbr`c1+dBjZz)lW$L4=%8!nM7(sz-y<`y&m>?PXzc>Rxb2r=^l;-53}|wNDU_uut%&7SSpT#g z#)j~5MoER9&PE10LZBm8KuOA=8(jByh=jDZuB;ZFJBkaq*BR!VEV%w%!r)#zD}U2m zE{B{SU3?n2L_Ro-oELaMgy?)4^n4@XzJ<*64)Wxb*Eq7J2scZ?=xe&ur?pEe!&e4t zU=X+We6;7j%sgE?wl?Tc)1aZSL>P!yrA!GU2{xOmDLuCCB;R_z60qzO>zW5`_n6x(&YMLI3bx2K|JmN9B9cFA(Qi#86Mz%t`}P zfy?EN8m1#DZWBzvoxb-bYmnJ{lsVp<&2_SE?Sj8*X?Bj*zf+FCH)Rhm%SDGPKr)mr zl{JF9j8}3H>;Pnm`C#ZTyjEO!l_C)j=g_;o?(}lDF17_NC(v@OwWL8*R3$-OFI2Ih zs{ccGEt3D|SXw9#0Cht>pn3yLf!rny1c>xr3`TOE{q7Wq4FaZNa$4)DawoyN2$@V( z-q^MMbsY)QnpS;Vwj6{#j>5%kPx6e5$xXqUye>2E1oL0uAGK#n9P6G!U2r+m;dni& zy~?zrTKjD)#o0jJb41x%X)6MIqf1a1L(70!#|zk8$}Z|r``3vFH16vn_+jpLxuH~= z?pbV315{$$oX$q_y>mqiNmcLo+Wfdnt3u;1ruKHao7AJ?UpgBk5yT3(a%vr0*;~}n zD%hdZ*}L3W(hcPGf4fiD zuILw8dJR++q5ln`8PT5!^Euy=IZun2Si`uT;elkHj+RDxnR_QK9Xm>ZO!y5uhf z`3uS4zUj1l2+SeC7UW`vX5vFYc%uNw@!ytzrtW?E6myY@0_rMp7zLV3S@R2Z4Kv43 ztJts4$#hnWEGrD=5uBkh%a#Fz5K@Mg!d_1bpTyKf;GLs_34_3L`XlqDz#qJEv>7S@ z56lAGTB>@yH^QqUh=v#)li2oE-ZSyFfe0@-Ho<3ZM>c(+JA+`#1~>7plmLTn^#N=m z>)m99;ZLr;)}eGhpfMsHiZLpc9vA~XQCo0(ugS?Y0V8~#|B)hCn#ebu2nQt%9cU;b ze3N%9=}tX5dYggF&icum&UnbdJ`Q@@NmIwlB22Ncy9-D>nN4;e?&}nHlVm6c`fepp;BCWCA*&X*7t63k>s* zEv0q5{z(&n{!Ehu!$?p*U@8YBmQk3E8`ZQ)WSe&5I~s@!E-u$U*AkwR|AxJk z>PS*pjiw&grj}?lo|NB-y`C&(5<5THtqvp6xA7aE&f1+Ep{(MTh4k~W4)JUy3WBme z`wImEG_?3Qn>g{Lk0LyM$XvXcZFn{D4hc9o{)P#v-R@IR@^b6R3MaAMu;Squ?q-f- zfT%B)^wF>L7+{fGg*mrCUTWC|;o07{T7rLub8&8oQ3=2x;Y3hx0S`#MWGvCY>c@E4 zn2BkI7rlNlb!v;`7-zIlYKm0Urg`^uz#`d(bR{AS7xR_hpFd>T6eTW<-Fb#y5s#+G z?ung2a%rbjm4JK7fV7M=%W6esKx=?`PHBUW^fb!=_!gwQx0Ko|;5yhAK%1kg|FW}D z4T3wK+%GVV8OtvKny58D)|wb^bJk~pO0yuh-NOdRij)oAw3n-_t_;07^`c!%Iu#*< zXvvs7hv)_kr9;%69D-CkSvsEcrd990tmO4p`s49f_;~oSG=CnjbaOX@yZ}N`8V8;Z z+zDY5qozi77CO%MZ>{$3{#E}nTc828<&T(N-_b-3UC8w)Qphz|783!4$!bVt&89cHr2l;dUIP%r^7AORHoUE{JO)*!hXr*^L&&&S z5g}HTW2Q4Yt9lp>M3m?LVKuLtE3!epE&s0he&(K|>rplMS0DfFdB@2Y6B6e0Y+BJ@ z4n%ppDJDb{?HRnJ-;5+@m*cycMTAI%>9K6tmOwh+F^1*+!MZJ-Hh$>@+t@afqiQdx z-G~Gz-8HyeH9kYeA|@gc^B{Tkj*kq;*Q*{qbi^Yskf9CP%b`FG8=i zYA-x>R#{st0V-9*iL?9Z`>83iOF8j9jq^Y#ES;~ePG#DTZ`QV*vg{E{oJqR^Lajx2 z0!wxTHcSPk00_MBy8{dZ&9zqdh6TYP7#`m^*2Ao!(-$XAWuO52;{F&ml4N$%gv)^I^R*3eckH1+M2u;&2em&lG>3&d{W%> z(6aVwZvgwemak*lZ!coFsz-VTwGj`xp=VO%MOR00SUP4{j$ar?V{9S6TIYR4ttCLJ z=Mh+h>px~ad16(WY3Q2*=>m~qT$C^ceTE2?-u06U=s+*bdur*G;~mbn@`CI&a87px zVs5v)D*u=C-B(xfZ|)G{=Pjt7^^YJsC~$d z-K71W*c9Fs+0#xv2~IsxPHai-r0Xi+2PTUb(any~OTW9n;y&&;XJtDDA-*CJ^kEU; zQe4xSwOIsobM6Iw!la)Yzd)utSs*pZefKX|1sSY{Ynuog7(9KZb3lebTzHC6yk|(j zEd*lHTpZ0OlYS0KT2Tf$tok&>y3uv=JyhZhA!^tg^416K-t+a6ZP!6{vgvQ+n_!U6 zM!XsaUZW~k;J(l5mo6v8$;15vFH4i3HqLsd)c$5>j6Tbpc`t3994Q9)AG`Ho^tI-L zkL}xk^P-p47b#Gb4N)QGwp=8QLdEH8#(gOf+)g(o)v`~ln9onDuxOAg=5J)wq%$OT zP`Zo8aZhE}vL?ZVvgOBO4{|AnNLPDS;`T^&j7ka*TX9@}zjBJN&m*0-OLw{ln(;FZ z;zB5ZthcTh@3TTNS)J6$)g2BrpY&1$aBZ`3$BR6mq{)-evbplp$`pAF2T*v}g_Oq6r)OnDro@?ha*`w6+~cN8pQ#?!j~YDL-`0){e~9; zR+jhkDP}(9Y3TI(h{0hKUkQk$yOei&G^l~&b{&1L^REPkUWNzQ{upI(Cv`K&gW4?T zUo!e>Db`CmxYmx4LI0?lEkfxaiN4Gj4^os%Amx%>RHO-LelA5~FBID;ffJ!cL#ERs z4xx`-5Kq;J;Nc^jkRxhioDCC%eTB-1?wkRoC*X+fSoAn7MqD(dQ9{lTx13D6#W-vq zWWI2m@J|09O0ru#gG_M`j@k+Z>U*p`dcMAk%mI!QhH1`72e^a(LunB2TwutU9rbaj zV7A*A%_R=+$UDM)vAW`qiVF-zTx}cL5h_}y?HOu|RstqO#|;XhKTHXTfX7e&=;f6n zE3vJgtKbmSI(|Jc|GcOBG~Dgm*Wv7=(!WF|^d3^Z;Q;8N{YkN^8GHcF97S=2DQ4DD z?-4+^yMrEblu|QvUY?;b9f;%hbtUp%;E}I4+;7dkS`*Z{53b1j$CeyBCp>!#&z-L= zu;UhN8dGbcdMM3-66l49RLBR1QCRGX#ZIoq`jatJZ(kE>Pde z{*8xoIX_~eggPW5<{0f1s!9}y{UG5Q!&4}SS^=KB8FK2h&!e@w4L1_ao;G{s!k-5y zFGP~p1O(@Xw%FoTKtumr~j%iw_;axO2T6n_v1BZNG?L8I$QZ5ik2+; z1%vC!^QWlvV2!6SWW_$qldoY68r+b41(&LJT%r|Xd6l)>YB$i4{>mb!dKHGtw+^d^ zHP-{S<^;nDU=a8mC(7z~4Od>zqw*XDrR_H#sD~F%KL%Qja{yXN(}Q0IoFL%oJKWG- zd47VSfJm6Fae;Ebi}ExF-GD$qR}kVA7Z&Ac&CsfyZJavj`aQgYU2O>KVdM?%kzX-g zPwIka758+IAFPmqAiF*+4~^K&DF1e|YGdZz?5h-!P@zMj_FP5>UnjXLXa*D*?1G;N zq2s1e$NRNvWP)h->eAUV!0hNT(1@(g^73$tzXJ&3ydg;{?ewtYI)yFmHJBR`C1KJs zsJ1FP;{OUpRy2%hE2%Z-XcK*31HoB*2%ROY9D=>I zxy4&*)BJDpye{(XmXD{IR?+f{^t24AOE4-%Io|8n*rs*(@?u4+l z*uJextn2CG8Ic48eFe{`D54@%t;8I$9!pc+^o~)JBvUv-C`DVtett{Sq}|NAbNBH6@iooK=ny-@)$M`Dhte||KY*nYT%zP&w_;wO`3m->kYOWiVa$EuPV4B zWO*-3MnG_`#rCrV?lxY?Y2YU>MgYJ4rQELYYU@%Hb@C81XzRtmF9a)~%tVqrwdEW4BsRbD)ku$; zSQ?3vo?o0p5)o1VViPlq&z&aQ2A@9&-+KYB=0s?)4Z)61Boi9(ze{hzEFFp8vZn@N zE}ceL1Pgn*XzHCl>guHG>Z|IP%*alP13uDtM8QKMni<{#O|a=r&ULL&en{k8EkAHI zMa8ic71k{Op)IX$x6z?I3lvY`Ev=*BfT+)1^tC>|A}vpruD4(3Z)aBkyk{V`i=;=w zJZ5+07|Z}a_}MsO+o@!4vU#Cxb9+c@hc-$~3qpe{3n}eg@vzVDrc%T*)2863A&wdk zn%s(YN38l6g+ENSj&8id^-y$rOfo7IpGj`qXR%BIpU7knH%qhrr%9*?E2kX@vw+^~ z|4XqN5u53yMQ|&|Ldv;h>(n^J!afhf4Xk$d%sNSk3J^r8s}7D-6NrII9_>Z(mW505 zD|FCKe!DAz)b$I>?`e)mC25OFujOZNv~_SMcK?u=nR8t4DW$q-CE<@chLjY3H zx(A-W<_yCu&F3iP&Bi}w4lKmrut%RPPoB1)+gIaSJj_Ui)s^;QW@acq$-`OU_a3W8 zvGw`gCDACrlEVKMHZEC9I|z6G*k1_sL1~{MQt0aMRCbAKNg`Lzi)`%da$z5Q3kvg; zR;sBjoEH*jMbJ;=2zty~+mzZ&Oauu2U2f^oCSMaZ5-m$9S{$#Xp};AB_4TQi+IK%# z5EIZ3thb%;;Sz@5JsOZQJ4&#$bNH1NbwR7_n;RLyrfWm8k0k!~-b>X(0^nTqK7YM{ zIrV`+23rnKH7P-nGvo76*!McI0qE6WHTS+tv4r#B`^Axhj=1VUM!fNB1Zo2T| zRNZw|Plv6YaXBSw^x+zOBd;wujBFvo1)O3~XIh@*$x@* zfSsy6;70wGJ>5Jq^}SP=Ju~5?3$|MtQ0hfR2vwhh`zO5nwd!bk{1902qS8dN`J-zh zk58!O{`^Vr1{#21)f7pO7^jWt{*XgVl;MBZL;N7$BCa{v9VcWy#{J*|&<$3_h0!JD z+PYxUE3K8pdf}P31L|hCL9AZJOCCHwkhh0f=9YkZ0mrgg z1cVT6)pn>CX_GN7hrnLd`&jg-Nv2-y6zjOwWl2;9l-Ea)fvvPIeY>2nrq}$O!?%4(pY;-*A zM3)cW_X0U)89YmN^-_baZ3CCI8;!epS?8-Hfy_cEP^o5PQMYo=UfTqo`pE`Q_YHpQ zG{-29>$v4+hW5fK0zxj;&mxt?qvRhzdhWt}Bq^P}G!MjK@*s~&Tg<`U@n9eR0{A8TuK7JC|IbgQ#dum!lQ#SD~RQ7FNfCM?c3vs*->i{qp_ zN_W@>8$@a-xNrtEB%kA&`q<_D)_5VQ2{Hr+H1FoPHN~ejA3=)CrbB)JG+%Uq$wjT_ z3;rSR0)O7auo!$9N#Tn`WfU9lFQ-eW;_B2UWbRQTWO#gP^ zJr^5I-}EPT-duDZi~a>ZMz>fw{z7!#kG<#9{gL3$&FvR(>8e5i|K=8tx3g{IiaE}u zHQp5qjOeRIbjk;K6u9D*Jb99d1flWCnq3nKGIz>5biS^vUS09aIdZR04Wblw_S>03A!y(1vD;}v54SK~C;PCn){`yn=wN9PAJ z49#6jyz8>LB|iTK?br-{loP%6M)zL4;=2vx&fM1LH`+;QbE959Qs?i!zc>&d+L^*J36oRJ|)7WGMl1BN#$2_6Q7G+ zRbW~m(lt2Bmz6&q8yO!}Q(slfcs!??@}I?}WI>K}ZF<8ZdC6G5gDa(!#PrVYQwo() z=#o@=r5kj{Yhe34X%578+8Y7w2u*rl8zcQU0QML!UN1OFoE>=fxg^oT{~C7$laZEc z8YIDs;Wd;by&0B0Ht_;Z6l9cV)iJBUy?+ah6;5p7g@VU@7JIsffcAZ-B5<(8A4 z=boK6vy=0ljGLf26h9EVOdCc&m;vFv+Q9V)rnA0cVavI;wmFNwzT{{BaJP_*dqT%- z`z+G#nV>4J?NO}Ap_|p4Q&b#zQf#8)J`{9jbgq;e z9|&xDH@SAZfN2h?v9*pRdcJglM#G+>F>P9*%fS zhBRVW9u_o9r}T<0*FydIJc}Ed_ya|;FAc4tMVXT&qI)tTjMA<^KV-YPQV)@172yRR zp`BoNO9^x3pM}9yARV%$eM;3Ts8g;m;aG{JT8T?8K`n3rTn|l|!dWMSTdC_xT6M_z zJg1ADj}ep0dFQ;>7)UkFCQs*e$?QVE_r)q>kXY$-P` zI02G)`+}4^K;pc3pX)s|)THC!+T_jT)<7DF!v!rH6#!^hNFq zf1O@S+i=!{r9vSr5qa8G@PCU}5ZKpW<1tR=+WH2aH(Im^$;WstfYav&Qp6SjB?sM2 zy9Cw!^P1-o^)<{Rv1r#y|MDr6Ni_Lb5X*2~;2?L2HB$|Qc1rAMM0tx22&wUD7^a5C zt3S#Be#DnmK2^l-{5CUn-}Bez_mlr7d2wampix1io>8$RxF^z)M4&HK4#4t2Q;Hv) z1jzv2*wQ+P)%ynT`~JQquXI9?XlH5|SP8){04OKY=9CWFgwamd#cb6?mL!A1^Ow~( zK4>{$)*TLWz^squhR32;Cmlegi(&Xr;a}`4Ol>ZeE{F=1TC6aHW2*FrXxU5x?Q8hU zW@YNo{@__n`FJ#u6Dz1LHeaG#1wsVmAI4`f!&72Fl)L(^Gh43QD7ZE zViy);Ef5!I9hN=(?Z3YMX2~RxE|2VQMHEXPsE%w^L76(VD$pA33Z>aLxq@{5G`*J4 zBb#{5m)1U;9@4eQvKBxP!pl&6Dj8EtSSpQbrEvE3X}W^?$OI!L;BXcc6y-6FMINrR zt8TIlgk21v2}qbC)$boHUR7yZ^U(AwtKg4@sAoZ@dea(TyaFdn%AIxgT$zg6;@47j z);tf!KV4!T*e6F*A@VkQ&f#z6^C_0q>0I%pYPVLZOXb+1O98CCkNS6i9Ig^*>fk`3 z;z7s)OEw6Hq(sCe!qWLFyb=`zS%N<7(wy0oT!@zA&thVr{?bO;%bi0{_ zdg*t$1`BQjTTrTK;uLFb_+uEH=VBD%=7&tQx(n_iiDBj@nevNDtuijR6v;+w@xqbFGmqaW z#=$7VcWHHfi9g`8AzsxLP<6F@H#c!5-{wmkpL+H?6$ZA)1Z-V+rmE9lMs)XG2S)&O zFHMV3S(zmC0fvAfs7*Rn8*)Eu@WCRg_K4mxp^E*aRP=5qY5jWH<}NW{o9&V#ar$o0 z9v#)iCxN$UYVCU-uCS!G8aCTM+uqz*=acyd`RzFIRwDJ?ulW;sHN&&wT(iX0a3{x9 zx{`3hlX;ZvfM0$|uN6Q)8}s((Q+Rp*>0&Gb(Cylm^>xe~?iR;3kM~+>T@U(H!KcWiX{-Em+Qa7k)r)0; z0g2eXgtt>H!F?W^{TZ8|fXqS^sS<&n7<2u;Q?SPBo_sLxIB%Ry=j!%WkjJ<~$qkIv zS)U)Zc=h&NEB-BaTALKD)DQf@-mG2<*q}vGXuC#bwdHWvohbvEOL&%D2K7qhTD(5T z!BycwZi#W@A9!ryJ|p-k#1`0WYHmW6SjXucJ*J$hu|Ueo~P12BnhU2 zr}3IoP~9nRM2#pK;j{Y8C8Pk9g6c*B%U$5#L91uL1nb%_^4Vx{sFkQaeWN)*S_QeM zW$bv*oKUpfqs`6#tgrL01+7r~QuYVSN&5UEpS{f>eu#RBy+lxcv#oj&AfvJZyvDWw zMCuP8hqbkYfAUk$nK(v)=|AXQTrNERHaWHPd|`vR^w^88^nl-T+XkBo?Gb0R5q}D< z;37)6d#$Qf>>Sr2K4assgE??OLwQ;wgU z(#tJtl%n3Y2xR8Pv15dN1uQ>o1(Z|`Pn1L*^fraxFo0_$@*YB--(^cse)T?VRUGB- z()j-acA$9DT3f&IpKFSz@dsJP&VX1ch3zGJM^sH*)<5`Ovo-vx_*O_G|9g`*CI zpGGTjUp8?CKd37#UhsK5A74Mn%aQi`%cz`%Rc#4L(|xzNNbJzL@o@7Cmcq^KBAFL| zx2D#3R(SY0lCB*oy7rmClghkKAFBAm?Yr00C)6OOkD7-Nf;EQ#RzDc;o86~wxOceJ zAEhFVQvJmiZRYrNqoG*3EjB9l*n-WD9Oy)wSAX;hbnAcfRYfT2AQ5|}v|8k}g@gAm!i7nkH=U#DUf=u@)zY`J+DBx}0RshP z2}RO(c5a~t?GIE?m@ZQsrxb%e7N-f>e)9;JV}$U2`WyN?m)^a~C5%nP(v7IX{w^RZMlR}g| z7*yr=z(2j1dy5(=ZY|&wEw|S#)97L4AgMS3ToLM^e!&sl2V?CN5Z7d%EJ*r5NxMWf zNJvN3YY1$S+Zr#zKR>g*v_Ksa|MBR3#%;s7lo=Mz-oy-}igIGSomBl76Y!dJj5gO` zqqO*9TW}nyglLH32??RnQ6oN@!&az~rWwIdsJwF#Ev`fqh8M5u`6wc!oFAfY>P`V# zC(!z851)Lat~NNK&i%2U1uvXbOHgFK@zH}6pUaO#HyBSTR8Yyd=tqq`F;wBXs!@e{ zpAYc6s`ke`-sY;k!r|p6e00Fh;Sa!Fw%h?gzkoH_I-Krt6V`d+sJVOd$T7f)vlUml% zK~0f%Xwr}@+L-yxULcQm1O3dVnC8`QYL%-{DO`fQ%veaUwICQ*@8KUr<~8ny_DQOK z35qK$4FZ-g3v(V#=C{vXm`_`(8&#Bn7kGWqI!<006m6%WNO4>-hB=4s`&W{?6%aIM z3DdmZ6(pqqBh3QJawO&t(ejuN7n+Cs7VDO zYZjvrYbGI0rx>pMhMPdJZiK8-Iq*5|NI31_Uz|h+R-tOhs|>!i3@Z^uCU8%>93#ks_vnZi#dU|YAeu#* zYkFvesuzL73=rih)rd%W)+*2x0aR%SNcwLY!AMvI`k26bzUTMKgoqURu zb?PoY08kp57Otug6+|T`m;|_!i(v;-$s#jw<8DO1x1TBV#*tdQhhV{y0V9j6p}0n( z3H&YHfikKs_kpQckiDSeu&_OZ9u<3RGS+NleQ>X0Enx912hlZLnc zZzUkZ@#lB)FSENqN93;^VzF8s+V!06(?NxG*k;-S3LVV@ThD35IT zg2+^!Rm(l_h(euIi&d0gFwg1S==-3BVBdLWHikQs6K8^}9 zABaS;LoQ~|Q*zwvRrztQti$cK2 z@u&YUG>?Ksy+M$DPi`Bx4=V6P@`d~)RRnUe~WOpi7BU|8?pEKQYW>?vT$ zE*IA|miS!uMihRr^y}xOqCgpyE>;O#huJOfi5k>WlpK>&ZipGJW0GB28^^OS2OE%! z6J}|)NRpg}HMe_!JhRbx$=XAtC$Vb!wV!1au1F zyMRzPd7@c8gcj5iGJ%eLM+ovAdZD(1<<9R+QiQ(6^5-?^Y&Pm;>j5$3SAG=mP#Q#5 z_O@cejk)XIFOfmLPRST5GuY~|7sJf_2aPTtV1+?cFlQ{J{(nFmg%CI{gZzdrL9U2` zi|+|!07I^iQwvy2t19rQVyjj1Fl69c{A~7s@*=>|+x;^{z}EF6djAL-(_s)YwDYmF zWhiEvOxs*FYZP=gTl~8w+CgESHDzw4eMisV1glh1K=G}Ma(Gi!c9O5SxhpXzEqT(b zI|4msuL8px52T<+k7F5004`szMT1xxt0d=`v<{H~D(C?3rj@RCt%Y$aoO4Ud}c(GHu}g z7A<7o@nXg>Y%)V6y@vn@UvDXz#*wOapN0Ow;jFVH=_?E-!;)x(?Bc?9Nqfh2Qvlu+ zjWyr9)vi^ekTDSTDFi8WJYSo>b{6I+a2|q@_$ANeL8WEU6TyIY695C5RtbgsZ@bZ& zfRfQtsF2e3!0Gt6UzgqJR7wKLB^J?uKWLs5Zz2q&n~j@P-J7Dyiof4vsTZ; zg4KHai8v>3JA=baxI`a(^8$kY8&IjiX%T;@kO9X_tjK^388oSDyYAr(-j*|}Ki%j# zUUoB2!Ja5we8ywHJ&>ldf0#|3Mn0h=siZ!^T6GLLAncdK_d%Qzt(NTQ5UK@k1njuo zys;e{Wg@XKFBOOLm%i@VNh_EgJYl6{U&)Y`FA zCy`sjKX9=eWcyE{D#~<>xRQbzer%|A21_6RytbM;`KG?G_){VX%Ov3oB1h9PFss%u zl?8``&2mi3%k1xr@NdL^7xn~c0Y|DZIgIa7DH>Q&#v(DXp^~f`?=r}&mm6|!fg1@7 zc$=XROAgQhL4j0VC9zocpy`M}+O0w}sr&m|Cx5l;zym&YAK2)28_YM7qb@KDZ4mmv zMysXS7pPjX24$EfO&FpeEBOF%Lu_UqWL1U5+JJ*jnP|b+Z*PG;78c;mVJgA++X{6` zw7V)BU5)^<#N1X^|4*F?_+(T4y#x<7SG1|CNr80XKu#WsKUsaCA1{?BMBoTOdtvj!=2Ua3Q((Io2Q6b%ci<>igvCDNjRJ@WEf`W4u3Uvp@(vnvyXvAHs-jqZG1QoQ{a`SvV=K zDK?32Tc=h+Fn6i?^dN#o# zO|w4GGLiA0{^#W9N5$@VR8+;BsGNPRp|B@`XQKSM;P*ZJ_thwt=9r{QLhmy%|ESJ) z+}eZr^Vw8ku`d9`++VjYTTWJbJ=;Wezypfh9*brxYP1iXr6#>^3cjmpt+s6k}1Dw-4^5ymp6IO(zu zn6Ev^{GoOUf291feujH+V`HU*0y3_}1ozmUPvLk4SA8RPsR+Jv@+ShHw~op7#v^?a9z3)TD7Ig=nsj~%$F^Gz@x3N!*T1n85Fl`Vi?W>hB)elTq85RRG5GD zTxK@oy%YYcvv<%g`FXM-wo$H#ZVuHzML^wvV3&x5^X6f{m^kzpA(iZ9Ih?0vJJix}{Jg>k24e0g{6Zv6;tL{!X>W?M z*_SZmGA8FT?&`&m=~E!m9m*aMgi`1d+O9n_D?w8J|P~GPIij9oY*|a z75a8{?To9f{XbBRTu~+9HHvo+64O10j|Jl;pQic1rVJ)t`ZILORow3Et7|))bQckq z`KYNVfRUi|oPi=9o}&AJ=Ca)~K9G(5C5=$2)sG@X+%b-6`Wtg3rbtq=a#MNY@RGU{ zI7ty&cKdGe8Zv9BCq&u&#-;34h1Kl`Ft5h{BJZ*M$5~zkO_qn6HsbV;!>St2{EJT# zAcKT8oj~<$D3QxU4Wnf*6PE_-OR8ogpG2iWE0FE4;TQF@ybyYH`$te##F(zm0rE~^H0!aSghYjm%)s(0~UN{ zsPu?UT!WdE2;gR4e@$Mnj-~VDMM^R2fQdv;A5@h>rRgR<^|sdzp0m(iE%DjBwH5-K zc_=G!eNc!y+`J_oQPFan{8xl)hw=4p2tfDVqFFO}3;*y#r3}`zUP_;QAVm5*!!ocqZs!&d=_aBAwUgUP1-mN<8iF_k^yP(op z2aZsyA4+W^HctP@^GsYxP()Kv^2s!LMSBa0QQ#2sq401Dp9zDRH*!yg3x&?1QF)G( ze1av^a-GADF2&tEWyWm?uOKg$BP|e*b_%d+-ycWPCB%9dyCh*_SaJGezGzAh;(=y0 z2ki*o@q6gNvB(pH?U=$wa~~`c;v;#LG(^*xg<3>c-81N(QjGC9O@|r>IqJg{^xmP+ z6Zm!D%V!?ynFfU?rL1(th)4)vg-7|CVut>r8e(6%;Dhby4@q#zN!czj%t*$u$3f1p zW3-PkRsVq2Zb4w^K~?Dt%>#33V!c@Y zWNEm4VtCAZgfK|(8grMgJkp~x_CPFlk7@)B7hi2In);zJl~fanCLVnvS_TF1K0+g# zVHbsJHA4g$X$G~88B-M|$9L)h$dG9XD{Se<1Tf%F$-(KeN0!D=i|g`#||eyI>@=EJE`X0=smCw%}1nyrzKI@8SZ|~5c!~K zx2RKlI@CDXAR76|9OOMia%B!`?nA4r?>w2lws_(-jZ$$ar~8xI|KKTqxh<8Vs>Sx8 zE2gqPEcvW?cFSV*r&7B{oN#XQK$#>!-eu04QjJm~?{i|0h;x6;1Vnz~&AdDwJrrCG z1QZ+)RLDWuW7F|pr+Ewds^x zqq)P{OR6^|lDfimdu&Cgkv^J74j;7b>NGqv%d5%4{|Y@7Yov7!0~A+0QZDj!44k-m z$UiL#KQb@H)g`LrJk=sGA!C5eAU_9t1i9QZ+EPY(1hJ_9Y$Xu(5uJT7dGW`4(=5Qc z?rgb1IUVQ#6UCvK#f{9(Mcg*_kX!QI; z3Cc8T2`ft*!0C-`D5XN20w-6;+fP%6n}2-q2s3N{4|oiY`No@VWAWh1JQ`#pnEh@u zv&MDt?;rngZOX7_A9@s_L8@Itw}-+GNF*J8Bt3l${Ozot{5|ETmCZwn)pxM`o{fy? zgSt1H$!p40)|Ux5$JnRgwUE8!;yt}Bak+^BE`SbxztpaLKa7FBr>M}_Fr0o8>8jAD zZshI~{p^!^PwIuw=KfuI$u9Og2>=la>2XywdwWU@3C7cPA0im*fqW~E0B=e_$Zd+9 zj!(hJ=yZYyT|53pK;3%OEyfoVdqgz53g#&?^iv&Ep# zBX%J^&lh^pLrs_ie2a55!o|Lg>(?RXAT@+=Y&q!(`j3=Y)5<+>Xmo^cFf$43t%(C2 z10xPQ?s%vZlpM9;QM&?63qW=Rj@Ikn_Ys5`1W#=IVkP$e-HAf9FU~W(4>5TzCNI8k z@cd-ABYy|jYXJEu29egwaoD)~y`5_`3_|r=(cRZ3Vud`PESraI5oJvQB?*btMN}I^ z=wAUj7l9zOPN#32PUjdMT`?{D*jz~2aG5n5Cok^HV}dDY*o(+?$c+0ch_`>8T%4yuA+xo61z=r6r}P zjUkDsXRf6gpw|@Zox9f1c9MFX59i_Sfs1B_>KErZW{YURXPf(tiXaAd%j*(*k@3TC z=KWiuS48P19?gyLH}!d(R^?W%*{sx7K`4M=;Z^nMBj zGBRS>qdH185`Q+rusifGu(KIF{_d0zez9;7-5I1g^rMv+LjRxFUELH@Z%+n^DV=O- zlVky_-`maY*0DJ4e|~fuI4F~ zKKA0$smP5{WxOee%L@L8^DrMYtFIOlm>b-WOySQ`3Y=Cc33u9E*4{_#66+sHtZV+( zk;9Jy{cHahV2wa5%L;br{VOIXzijg*c!r~k30Ypwi;1PDav5a@l)|zwCCc#wmnd@! zeY3{=k;*qJBL+T$@e-lse@f{nCe<1;2SWy@7{!EQY-Vl|PbPW;5E5>Ptbqi;d+wXH zgq7BPtU}}O87B137dDb1GP z)hZ>82ieVMt>R^(LR4iZ3GX!IVkR1LS9DJi2L*!9xdVSR;i=8z^kQ`iSRgq}D!I-@ z4OlZl#SD4SO`33s9}z9zGT{aRnCnNc;}T7?ALZ7b1Z7NVl8Tae{UbA?<_|$x>W$5k zA8Sc)K_$SsM9($^xEJ$eltf(4L#qP7Lbm7>Ri((Lgcaj?&Z^H0yAxmxo29eREQb0M)0b5wpVi|d0>NL^i=r24ojS!g< z#$_9jiR^fY6b2X2NJiU9dF*K5R3NvU#7@ce0^=P7HcaWopg_AhAc5c|^*lyJOvkD? zlHwzA2A!h3j1HA(!u$?kN8ixrEl=~jcyM5}bBc;iO}w>}g~(wh{xn1SqTK6a#{1f1 z2&3{xs)C!jHfbq@$_;Nq-kgF`GEdW6L`1~+o~`WAsq=ep-tt#ZoW#GnMlbIaTTDRB zBy%-ZKPJY1BvjasJ~A&8CSks3#&}N3LhK;40x!WDzrnCFmFdE|+6N&74?i#jTpT$; z8U6MP1H$?^&S!m5=U>I&VZ4wIfp-8e6UAK!57S2^Oq7GincBz9&?=UUu9(U9i^-LM zvYvFCAvKvQMxW0OoVOjX3>?wDoJ(KM zAv%e-mJ}({m_FKx$sJYS=6JY(o8XSTfxcdDt4+)#bGsGsK-LsGf_T0pJ}e{>$Z<2q zD{Thl+H6N4>@z^GxA8%O`n-3eZF3=UZN)*i#eF^Ms0x))?MEp@|Ltd0ft3rX^MLj~dod2uvP+f%g+pn8botYYM*t{| z*D7?b{ie{wlrLRru{UgJTrhQ>u`~8zQue1Tahjb#uo*8iCywfkVThuuK^D}bRq{Q3 zQHqtryXi%4@rD0MSkq#@TgfY;IAp}CuH;O)auc$8 zAhr{_o({s^v(d@`b3@!B<+tobNG4!Y{po$3MS@M~pc?WqQyqDNF}W6-M|`;$xhw>e zeGs%*d%SanS8#`W9PbM#53JMzX<;#FN-TQQt&m{WIGDx>n~>S>>QVrIRFXHP&mHNa zd9+CYfgxesa|yhr;7(mOs)O>O!n5Jl)zVeH$j%6M9n^lzz+OdcX?Ls@ZZU#KRfB7h zBu;HeW4XA|Ki>q4DEWk2qLYw8v&(|bSuP@(7m>wZDX;cqQs(#K;N(kR*f%_*WEQ2< z*o@IrAB@3=E^^o`foGH)1?I-8@73w-Ie63lbrdsE?&hgdb>J||(LL6DW|)dW&+MKQ zR9vJv;D*oI${Aca$9eQl$n1GsWj++(L^VK17_XN3x#d$)a`m@J=wS6g;q$pOmr+cYt@$QWTo@)~ zSK^t0k}8M7!&?!VJP9Z$t4Md;N(_BC3rmj4xhEu(jp+lJ#^$mt+AxqgL^GK9dX4TO zcrp}-UpCVX*EKqIT=1Cxc(9D|&1&$`QhYDuv3 z@)L>5aFVK56|nPPwnvMp*;W~71YHq{do=<@%ESchjhF;9FoqA+={R)jtXA6@I?(fq z`v;z(N$dOSBV9-53+{AJ^HxO95+cjzFaNgCXI1K!<`S$SG^AUBK-T7K-&e3cij$rV zrhX!9bhcv1ou{M!7XW@hfxoTFg=GK?{KktnYG0568M`7y!Lg_oSQE!=lLMjjOW4T~ z+$6Ob+^Hku-H_L2KBUl744N$ROyN9~1lj3Oq;u#GX=ZlFa1L!w$qut*ggerVYoIu# zz_&g0*r5#C)o~0BABSgm1)I*X%@7}x6x)M(D`cH(H>|q3QoPXwfzk6far~BBE*G#~0 zc^i!Z%`@w>36(Nyr2F8&_9f>Ze{5gmHU$L(cq-5oXs;pa;@8dHm)l}1S7JxKNNivZ zmtn3w7|3X0yi9U$mSi!Ri$GHDUe1Ruj3}CwY)59qARs+wM6R_1Q5ZKsRg>joxeOmD zB8K!N>W&HsKmWm5(o%1BM98H5W{p@F%_Tt0ixk28&F>^|rj)nK1T{BwHRf~Qi!vc`S)4|D&1G`(3bjKmP*$to8Om;ZQRUW5gm`dQq)LQkhVnWcZTmVfNynKd@Gi#rL;wO zip*6su8e*pUQ^G$0s^W-0RjBl!xc*%0wxlHd0Jmkgqti)s%lZf??-)ZuI9+9lU(h4 zI3+1H7zK>dYdN;g9CBe9WqLvlYq@CqaK&jOlCcRnxPA77W^|Y~Ig)qrugt_X zNR&>+)>#u|QM?+uWcV67de(KU_N}3BfTOQGi89;l?6k!VU7ILZAuM|_Jyl^R70xuBgdy6@kqDZ+^PSO-GL=u| zZUQQaw1xMcNhM^wcmuVjqYd?q2wkMmgvUpqs@^-(Of?4y#PtfQ&q~>Cou~^ST#2q6 z1?~sYbuO`60;jslSrd|-@%hDisI39q z7|Vm9hc^SNgXGpmA30D{2N@hHk|*&Uya7%$PIW=RT8SS;>JbLG3a-VY1dW#7SxlP+lcv^W2{I>Xv4p>-6`Z8K zLVf(FYOd%*TPby`lNjR*jWB$U^1CHD7YIjebzBmLfw2q`rYwr70`~F_rS%5Ht&ajw zs|*;@aF6FCQ4>|EQyz7x&ilQX7r#=cAt2VL%;2z_iQZ{hB{t`T6>w;3dOEP zKUN%Z+Ud8iRdjX2XQY9BO)N9zqeMBNhBcuo@=H9OMaf`rhlB)?C-DkPz4zWR18#Kb z!X;m+S~E{fhh8HWd&tBZ0G>j8gFIZMIO&AaO`tRs!{Tw|3dvpT>uPBDKKVmpm37Gg z5A4l&Lsow`t=vUm(vDkHHHK`T;0u}n!M?x=RA)?6g-r<#o2Kq6GK?gg6{_b2{rx3= zcu8p|TE}pa9j6hiKkPwF#iS2Zz>vB43z!p@`x z`wv%vHI!hD=>s=Rsq|U{2(e&{g z8h*(!K`e^EED&ybs!J=XODotJrJ|x@c1Ad9Xp@f)E@fz;eE6Nr)yM!fkQTt{e>rqV zGJH?q7`qf$f}$`o5;&xy>rhSzNmCAq0`C%qBs|#^dxT{wu?Db;m*^LMH15OlbgxTz z*V#H~NNpb5?E>9n`$iFp5J@IU@0`I%cu+4oiZyI=$YM4Ud5NO(oT3pLU!5+AK~5yh z2KE?5Dokrp07~+X+Hw81J?yZ@TfY9H>u`#SvV~&NxDPJ-rDbB zDrxW}(KgI&^L?+yn}hfQsI_O9+@kmUaT_nIWC9uZE9M?aU-{b4t@LRxs2&+tGo_H} z#otI*p%8M)SNy|}qkZMZKFlUgsR|HFcnBP5P*-fafXD6q(nkhdiSF*-eoN{D_IuCm z(AFcbw(2_MN}*r=Cv<`!C3aK?+qBWt2m1@*m>qt)zLGLifLG)+49C)KsL=5SxVwxP zlN^(x3D^J4|0VsCuHnlomDTU7mu~<5TJ_G`z~HctA3w(5)yEH4%wP5I|5jHXuReVE z@X_icNQak45C2a*{5wsg8i@M+`>wx=7SQQ-D;ia@qhF6|Lp(Z`tG6k1YjXSO<4u{@Wp= z$N1Jc13Yq&cnGJeeeQ^Z%f2(L{qW$&|7T^^85kEoC1ZK4yCj~m!2DMkaOzQIWd-Y5 zUIyYu>>nJ9?X8_-c>RACCLeDeJwN{Ka9iYFA;gNMtM4Bb#nv_4mfUuE*X_R(yY4AE zu+E8fWppE~DmU+p|h zI6OKy6r0_ycX{XxIo9Kr;&{3+6)QSZqup*{LENVzmkXuuq9wy2dXm5o^~1wjyNj`| z|DUyYyj$zJ9re+?ZAhD1Tp-_xbjaOpR~j#$ z9v^MikGVg;y$($VfNju6v#H*@(e(hpbZrGXP2E!EZcv1pf;}OsT{uY|tUQ5BtS+cB zrGJ0gsNY|!o%(G&KX_9a_0m_>BmE_uh~b){3P8K>V&(Z8-0O#Zr+a^`0wbWHHuCYj zR)_IRYKAG;k+?VPq%26$`_euXjKtJf2;UTb!&*SaazYfZpkU}9J6vM+^gz-KJ>-|k!!F|wP&QcWnktl?pg~zpiN4yJs51XH`-TM8^iVn^m}8t z;dQzjK=E!|4F0omYLAS%jY_dfwlJu{j`xS{CJOaop(?ahx8X7r$~|2bUT<)#^26)F z=r$E#1b}zW^=+zn=Um;UH~`|Uio5=;%A@oE_R?*t7})K1&aGBq;Ph@)e0=>Ka_SF`#Mbui z_A%T|U+gr*tAnFo8i$+pZGr0Y_Xt1S}Af1sDTq}KRkrj z4d45a@5M#G>O*)#xp`ue;6yz8C96>7Tv-2eRj`Lg(5 z8&}ZlXUG45^B=_IzxP+?`2WkufA8uahW=d)B%I_HQF$(uKqi*>LjPW#AZ2mhACqXc zh-F{;&N^!XmCr;N2*sNVr#tv)ce@`+HSc4`d5{0e7uO%rANdNoywm^C%Uf%a`c;?S z2E@o)7thBI@-oFQeS3T+esIpZwtw;SdGD&ycSb+T68W9ZdZZVn_hPm3M69i>Jg%;M zUtRrPtbV`#@c#PRBXRzY>e{{yDRqk7;b$CV*&(WqJ>SN#@CI8aR4{QUKg%-y6LT*#_`t9ktKf@ zYHAkB`6b2imC-*jB4)9C>h{Z*_t#_>u-N8N9g5|bWEI8ApYCA#zA=r4pd9Pk_OH9t zHU6F4HP}98*Pxj08dnkT+I#fCsJq5i)q;b`Du;dmaHyTJeH?T^1xBU1BV8$4^@GFT zu(wO?BJQjQW!zq(VGnKb-0M0$ScD&Zcsu`D-AlaT`H$ACSFc_k?LxVW(P*$2xEELp z^*U_b-etQj2S)GtrTP&^7b~9Q7wUZd5JuA;h_Ze59-Y$c;iRAiJ-oa?+;c6pU??7h zE&A+0md_p7j2P2i+TVIZ7Zw1P*uH$X4#f>X0&ISXX8~%`s{K|S49@|vb^R*jr=79+ z3gHIctbgxdw;)ZF|M+wG1gC>ZNC8L7Icuxfq69Tq(PDM4v71Xur-dkAeg8-_ z#sg&C<)C{wRIUe#wT{Mp^aId>Ocm}6rq(0xWUA?_#84$6aZ0&s$cD<@OW$k1<2RTj zIdHWa->E48kcMs5ZqskiKc{dj0ulu51GX?eJA=6yj6@&t^U&@4Zrc}Rs4O0S|H!P- zO_>~bn#nQhxfEW%)c3}HG~(6|WCsM$fwqI>J*z$9O+>&D*+UY)>okCm&d~8q2!TOx z1bI<@)h(6F-gs0-^?vuXlwV@ZUc_6ptw2auW)DqJYX1=cj%_KZG4l`YK0%bZbaHvD za2g84g4F_)2pb9K-!-S_tnZb1{AG%34p_+i{0jFU%+tW>VAvIfPpqB&`tD0OD*)k? zcPjW_r7Ce<@C_^2!JQh=8buVL5qzY4P(+9&@g2&}NdJDPE{BKJCX_|~8;N5s376!1Fod-)AeHnho-fl1b!a9py-aDNC-!dN}NV7C>Wy$6mjtb3ajWziJj<0 z3Xu5O>B$Ez)S*`t&+vm3wD1eE%jqc)e$cBHV|X-%#=<(zquuGSe{bX5F3}?nvRK5d zyL<{knWB+PZ}tiz2n%-4IvxN5_P%9x@C_~ilKR18bhGVm?EsVogHcMDR#otum@(0UpEiU{_c4u`ukI6Lc2doT^Qp8XM zh(!$Ang0Q>yvYA-S&7|S7Xh}=Z1am?D3)qRTfqGcN%~ zY7FnPG(zK^U_4ead)}hD4t?Oub+YTuOAk%9p&FW$QJs%yHf`o zu$}h#XnS*OFY=W?h8ExKBX=M&{3Uq<;_^T?6^%5r^s@LNWxy8DWO{DoMa6hbn;ZGr zoSVdN3iqddXQ)blt~ML&t;8 zrp6vyRK7cg7geU2<>jI#tdym>H|v6atOb~&qdnLq!w}TTR0EJK#Rf_)sb@7Psd{TE zCXqxYW;wNi3E70JpNMm0MvIF9vXK?XFj>&2@Jh!prU;Q<0U}NAvVL5L1(85Z7)(uL zEL~1gG(Fajb#+iABQ`Z0iR5TsN|F#$MgDhrMl(4`x%iO^$x}IHHi+ny9oW?!KwbKj z_Tg?rHyqXe?~KZs5kQ0peMSleCM|SKz>#MhO_FL-!#u=TQje5111D2;b-v+;{qxw?P0 zo0<2ZL0W<%7k>+oZEHI?QY#0T$7*eTnUw#k*QW}u7q0P zy;ncjJKWs=ExkGf_0}s6ezf-mR&%9Fo`ak*=lBVL$RqKd-}fsNvo&Mys4u znUp+JeM!u`X{+0H+dzzCzoY_UhaC}#=ZCwMX)8f^*mBt6yXqA29E-Ema92Yji8-EC(4%CMw2wLifg%lp~3$9L-iv2J5u>k-;N6-ete**&SthIOsYfN77G99E4p; zs|L`QI2#YiQKItZ%pCZ%5*j+q3|1nsdh>}jxXJU`wJa3ru1`S-)o%We%7-cogo>jJ z+~zShS-c2|Q&oOhB;aPn^WSNI<+3C%v?v>nN>~m@F(TIE^{875+;q}EcCtP~Ptrfq zT_>Yr=Y8hKNyTBaWPhDdfx79X=fJDnXIRRw-tS0){*Sz$_TJs4YD|{?=h`aie?EBh zaOKhchma4>*Ok?|{?C{AhmzY%^yWRHXft>ck+_xvWhnKEo&7p0Z-@0NP?sByKbZya zQ$iLGZK#MXj2IKE2_%~&&&1@~s;KTjSwjs4lVy!Ys&&sr7m|u4z~-7csc=w}#JqJ+ zl0`|G*_Oy^ynOa-=XI^ca`F1%AzeLdWbwDR)v>mAcV!9-|Es%@c#mWVM&@%-J#g75 z`rukrpFb1T-^y$-y(N_b5-QUD3u;nET+eq!_1{qA_6xs_jA)sm2-Cw{gX)fw!&d{b z6U=H+9!c~VksV9HO3kP*=vKh(Mtrp^KV$itt{?d`&5$ix_*2L-%`ji%E>RX`uZHqA zBvfm9S(^DJxT!PaYOcfoRp5U`-u~Yg!v8BP_tF2;!$)fm9<1J9xsUk&{@U6c|9^>p z3ZF#oH1nHquWG0eZM9l+fy^*{OtD)lGn^?zA4{Ao1t-`m5W6Kq`|&?l|iMjc|3?LtQs0I>(U z(?2akn=WQwFpHKtDukh?m2(BnqHdLX=(t0EMwK3T_*#_MDQ>R7=y9b|AeZ^MSp0`8 zxc{9s+2`u(arJdWH5bb?4(h)sxUC^a_SM1B*3w#OrT7;qy3f_y{|4&qTBkipk)4-5 zODp{|s-8=Q^YSbB#3Pwf`J6S-?_3FeQNlCTvYU|E3T3ENlGN4>eeQBs8Fwu#eok%n zq$ZJ_JVmQtP|sb@E>EuUX)!*Fi&Lt_FVX~L<_>EEE^^mrSEq+9KfW^c=_%oM3iSlT z(nWBULu6T28zgQsmjmX1g0khTx|VZQ%ekuMT-EZ6sanDYpQ~E_ZB;F2TD`fd zvrAF|DWFpBu;jL8o+I zRs5d@iw(k&e;!05{}7|>?-uz7x8mP6@{j6#IPyMlG zOiqkMn1NcQht>)M!=wN+Nht911(=y;f2HO8Tmfb#?5%`M^B^))_3JB$;Bwn77Yb4m z?5(wqvAd=ZJCb~!W#yWO9hrw6nTH*jhaH)R9hrw6`R9fm$>9H~)%)D`KWl4`iU0R- z?eT+$tE+3s|9kx4{+$2!MfiVG*;A34T0w7-bspm%ELDW93spY(Ce=cflI0H=gwJcg z15EOxk=pY~-71`T>939219yO_N^z#u+S}QG{_6f(tEF2aMZ%Z+=<>qoC#CM}A0uC| z5lu%0mgAkhZA@3Xqvm(1fw&f{@1TCXi(j^nEvveW3ha)seetTX`Sj&8v0SzM(Qw=z z3D%FH%t|RubPr z_L5jBiT#(myZpC^SJjmwj%fkDj)#3&=O;_OmseppG%v_79XfWmdo9L(*Kr0VaXN+` z+h=SEfPBPD`&wKr)=s=#>s7P_sG)4!`_0YfpI=c2X4X#0noFJ-V6?R&2Lw9I} z`lCQ+uTe+Ilb&tA4<|@}1YgvX{`5Zh_CEFzX1w2qwQKhVP!wKVcrw45ANd=rZl!~8 zMB`P2HC|=$gyyqa4;n`R7qBWu%Q(lz2RSvEip$5^PdM)sSyK3{pGk!xXh0inqtZPT z-DZ{jzH^D*K-{x4*C}H_&7R#apW_)?cCJ_jAN>li3jex4vagbA-g?n`zWutjzx|5z z`E_Tb2#7j8w@>`M_Fw+pNdBgh|E;dAM&rM%J$yJn|G!fCA4hZgsw97P4~Put;^trg z7gW|DVe#L6CH|vcf0cqiktjUlO&F2+iLXlNH>u++?@O5YTyh;Vi~7vMk#;6Y`H~=} zm|k7BkZ)3DU#X}sdB#4EkdNAGwOZ6x%VfZ2i6f>d_1Oe}QwaU;KJNXEgn>XAH4b*S z!vcc8P9Qj4cfJCl;NL68{MQ-q9_>-dRn&T0V!=?P`K(Cy^9eON6Y{T==21zxQPSqD zvn+)`#vZDKYKe7DirCmZ2RA{6&^q}X{~Y4#FxC&maMPa@No78h2z#RV`tHw&TZy$Z zk@H_H+Md2|Ux9dget3MA!-MSmqljzJIUQXOoORzBjOHiG=R8q5H(Q{-*J0r!2LH+R z{P*qQh}1N~YiArm@xx9x4T z$HR@&-e3a&7v^FO{u^zay8VsexxaDlo^AYRa1Q@D^d~oqFm=v~{aX0H!!f|Y9lHOW z=>PHl!^i)(y0ZG{(ftPxA3R&*Oaa6~5<%f6SXGlgCs&nP~qabvTP?5CcyYhe=%da}1^2>M2`k=kUeyX%T=ntPN z-sykV*OkG3xoz0&SD&FxqRiNA=FqTzE;h>E|J_l~cKa3o;_kOb>i&PU@^E$a0r~%a zxc1=wqt!>~|MB6Yx&OZ}B>&Nijv}3*_ulO|;+#Y^UH4Ci{H>wwN?CjJQ_^9eZ{NG* zjcySIHQVc=j)Gp6DY(8MvB#y`?XpHe=ko5C;e_XNMO3xit zoX+@1>d7PO^0AZ-oe%9E3X{&TL0>kwpMhYVSEG>r=$yVHtv$H2-Jek zb`D-1i_QJt#H-Dtqs{%}-!>rc=mIVY!g=p-O%#n7Duyu)?fwWIqM_Vz`>6f`N^Cye z+1)w*4PDSZ+d1CfZZyQRgCnsi4mXdEcj_;9H;=^O%cH}C#&$)BhU2K2MW<)Ub9+Xs zGej?NBirrzJZ6-?`Ovd&M_kzN9az@3noM$q-Ym(Q>*@ZOqU%~}I3E4+OKnw^fv7(wWD+Q%v`rNixK$B$Juc-7YYH z*#RcGhUH=jI6^}0P>N2|tl&7}S$`|3-bpmBqD^eceUp;XK%bL)ep1zW6ZKwIPxp3J zRnNtF1sJ8wN>%4e9LPf5?R>Mc_iX>Hefo4~2e`o29e#YYy?^lZWN&MuQh_t>@&3oTyJlSv8A=jO|n|Ht2{Q7R4n)xt;RX80FGD9&iMJto^70f?DRcaF7Y;T{o zA09nDIYijRC&$}o`wtKH>WDfifky{0Qt$rj^e1gb_EnxuJ|yZde^D#h^%VIuP*Yv~ zfH;urgDH^J-5>t4aUW-DP*KXJfd@4C+j+9PwF$qM)qeq1e%*XaGw~%R$;IT^W_Hu@PAm)&z z6Wa2XBIG>PxKcG!Vr{F2|JL9u^bFw$50Bc94~`zfq&_@7V+b;(&;U-IuRs#j7}lYW zroZR7`>Y~izg?{>PC#`2_C9QZdD^L5_9_qe58J0dZM_{`-Gi5GwZZS8Bgi4n#?x=_ zRd%0lAM9+O0_B)g`jw=6^0!kQOB7ySW}R2eP2Oa@J)}5vjGl!wZf7xhR^5ODlzP@^ z42BKh*>AIsnWAMJt`4#nTxm`ULgrkf`N4ti4W=}R`AgvTFfNh8FJa9hvua@VP6gYq zhrO;gywu^m6bJ{%)F;GZVW;kAm%t%m(}z5pUIphX)FD-CO=|w&W5u;+@Y<>Em)>ZU zLCKs4ha~?(iln(*Rwqy_ZWUGr>I{M5f#^t_aZU5V0X7X`eYU<{tH75wC2vzxw`%!%Yvp;Xbq*){Y773nXw}!@pN;ja z8g7Us`m0)>=HvBg=VE<=%jNX=?%}~!4JvHixpxQt z+PI4x?eO64>9M@t_y*t7cl-}O-@ji`tJoyzMbIXv(2YA#=pZO^3=PIF_@5L<{0@(5 z2d8Q<1ui_0v)j=CI)KdaVEgbfEw6)}HbyiD&b@6}{-aaaFGvapxte4HVG|X|IOuQHDzyqE0(oPpN^cT}dsXR--WKr% z|IHKi#g@8(VFRhaOElz!CV^pbRguB8oV7_)XpZMyoB%e5#M9s_1gd6)c1B&<_~9>i zZ7Gk^N!kzO`fNNNj-A6-Rm3jbeex1cr;Bx1sYr6fN{iB8ljOv$s>@_6gW&+Ah%Lkn zea(N<<9IsQs=!(94KN>Uc0vzr;>Z;tu6DPNCz*V!(w(xEAH2#&`PN{F1)(k^Yp3HY zNYEeN9m0_T*io}TY*p8r)px^-e`IebAJ&t~@NQp!G_NsDe+VBlM12PS*@coiFM(m^ zTh2SE10?k=#Bg6MAcH!kvxE`b+2j*{=9~J|o@clyaY}hIE|5k>{j_6FN7oe*>)Y3_ zU_l-R!qd+c3>2JcPtQ*FVXe!lM4uO=7wN>d3s{8Tn-z2| zK|X(d)5dow72`g1_T+eX|D>@#xgLF32Z5ns_T>+->M(;{dC(u^49R9<7836qC+wP% zI^%*Ru!BsO2M2*pwO34ceA7UE7!fQNg3Y3qVxyckerQyy38f+F$yB+2skn12V6BNw zGK|4x4_Ge^FAPg|JT+kwgJ7a7Y4`r5S_pj`K9`e8BOjED=XG)7ze2r}?X` zbNc7JvPAzXj7U^js`5>P+ghEV8Y@M*iY&(&>^E6$oQZJY%^yti@cKfb`U<1`Lhpfr zN=`n)`6H#?zgO?%yJ4Z7bU+N4i6pkpKwvaw)Pz+oMK~oF`=R1?K`MFXwL(=<6hmJs zz4Ym35cdn5kufe?ak;{^rZM#Ko*(xDQu)*%S&fuRhZ$+b`a{yOTn&dfxi4YDA=T;y zu!B{#dvK5w3G}XMm&A<;Ln5S_HKn2#F}w^$8jhlPLV%+Oj7*JM0(H{)g>)jQYs^Vo z&H6$-GgPr{Z4#T?+QuCZt019dU11DvUxhU|uiDtltz+NEhQ|!C1cRi!%9-1uq|kBkQoGulU_Ac zYKPR9IJ^T%jf!81zoHo&2}D%{ynOoP7=fyxW1^J-3B9&)=eL^MQTWypN~`WYKG{2_ zR5~UQx_XSVM(^vte!J3KrM66fieXu7DtuZ0vF7S4JYLGZ9bD5WbE^)YV1wvHuNvFj zvKB0BYTSU^w+13GIx()ReYK81mh!dc>YDTypGWxDZ}`^-`0GRMTq<l?>qH&?z zFo=uI0S!O?S*`2UJv$#yfz3z4yR2I~pRjCJ>oX_;zPr=Uq6~^hH2dVCNvn!AtpvlV z5}PW4#Wid;o0V`dJmQ6dpPaVP&Zawjleg6IUW;rY`_itt@o|_ zt?yeuw0>;WTB^15V)gwh{Ffwk%mcZ%5;)t#zb!N^Afi|znpm=pNUG*HRj3Jy4p#0W zeqfjGvU=E02d{EH7kcnf(?zPfiwtHQ1>DhyFC8cqj5S?;k`l@kg=+|RXVTnax}BZ4 z5}tM+bBIFnLJ_zr1tmCmDp>{gmDpeET!?>X=UiSD-zYl-Cchq%LNW58Seo;pt_;^P zLzQx5E!NBd!I3(?Ekw!6H$LqX(ZeD`S;rL8LlH^Kx}+M_M+;P>y@3I38ukbWWBB$@ zq9>m`nYM_6ug2L(CBH5!IOZ_CGI{{aY;?-6+23n#J)QmIHhq<7?=gr0OC71it-`Y++5CdOOcS+LetaFU^6A?@caF*I3#jwmEh&7ItYS49 z&FbiR+>f>$mRdxiXFesc*=OpG5ss~XOG@$tWS%jT+0(Uf7TSjH+d8@Vl0(Yh7+l~K98~=Q<$#3d*26Xy_IJ@)ZeDtP!o~(P{1BPPf z_1x7Iy_K~?dLoj9@-NXs=F2b5;aO6(r&~IMJ`KLaEpXH6vfkZcH5C-#vfr;JrrYhQ z-fau2@pB3nSPkE+uhhmlX0UDQPYS6TW?W^MXj8Puj>5?zqODJ2J+KW=oUvh+YN%-4 zO{JMjVNJXx4W)by*M#@6uqKLGoi*WpL<$a8g}W}C&*dxQt*iItCE?_=T2z;+5hB!{ z(pDSYbPR`noN4KdtP9#5g@h9dN;~9xNEUFrLrh@IOrhcbKye{O#Vj7V0(k-T_EuKl zI@=gqmG(SZA@~6|GU=DQ!PqP^+grM2&Zo|F?3E?2=?JB>+12HjSGvgjno%Rx?~R5S z!1EIKqp%cTK_`m2ZAbl<`^w6tKvUq=B?G2dObnVK8={}VRT$>$sQAk^*VnllUI}u< z(c~K$D!LxMp7tlb5$bHbE(EpOLYuv>Z&P-bRS{Qdr0NnicLUZ-Oh;<7 z?olV|Jo~+Tf(m}TtCD`eOyjM`B`gyZ^;)aVA;!r?*t*8hzU=F_@6}s6n49}aBYEN) zAq$T4LcLpsH~Ch9xGx34tr|4gC2p^Tup`tQH@EIc&@fHnawBEv+Rd7H1?AEC(hZa) z&pVlJj-2`(YSK)ZCZB`DmM2k5Gl|*kQSy_w65NuC^t8k;Y3p$G_(pcQT_rkKiKu0S z>Z*N!wMR2$HXuV)RW=})NpQ~WdGbs2Owa}{3ar(uK7q3a`)b0vDYqzC&?o_l+NI%D z`Ly#Yuh2O!pMVhdaty86Y9&?v)$Uw(^A^ZLT{ajcV->WvK=0Ia3=)IHVhH`*YBgCu^Z@gFZ%w{VM-yBCw+x!kD8{V@vqXpGVuPIIl}7-U%&uSCt2=9)_L zymvKFy$PNMyxkcyyT=f2KfcuhRba(ZH?p2@+=Akr_r}wz3(Zc_E1h3!k`gzWZw><+ zhWFyb7N<4G9X6JI^D-mxO{+bOU%(LWR2Y%XYAij$QD?ETMWq5ij1a9dmJQkv6HABtbdIa;iLvbv)dYJ z^Tuo?f<>T!E2jD|9M|di6{)^lezbH8#kjO|G4(hkrj3u3Ykl(6)Z>Jo=jzTsT5~S7 zET%uViHllvy<0?R05MtE9gXhui5NmMi0j(SdN6wdca+xMRx7e_EXA+^n*K#bXhcS0 z%3aYq12lm^vspB;%+QEvFdQ_PLqJuUHK?0x@?(T;k?k-y&Kk7ch=>GjqBP>j#mRVl zT9vB!MyM6^`OyY?byXElgQ{_Ss8oDUy@h=3G~8m~A(x9mpx_ZO{NLyXr^i}=H5KaD z$K=*>cvR6|VE5U_1)apm7XKsM!Niox(H-hBVw&b5(qv4g1#v27qFnFRJW6*-S5mB1 zA&sF_F*QB}iIsQm!g9(D|G*2erco+c#-sEab<``~!b{c{=MM9iolQClScxxe#0Hgs zMCz^)lCv%|RMDIJRy83rKvc4F!Q{&Ewi4TIyk}?oGS!NG)_WKbt{u%kH@!6CmXdp| zL;b`it0|H|R~R$9^^Izsax%Vs$YC=x-nG3fPfAqFBL0-57adC26l>f&w;2q)y?8UC z>7^O5X+{ANy^zQpH{qwme8snQ!vqt4kuZP6pUgV>H40%|N|j|PTa2FcMt3@DpjmER z1!lU*4XPn@`roF#3?<`6Bgfdw6U!up5^hUXMkaE)f>&6U+r!fWB|EvK=kUBGI}B1i z?oYP=zEa-m?LWFktg?%!y@Rkj{MPAEASt>ftoqB^y?GmF9a!V!ST2%o>l}x(=G=Se ze7IjZuS+gNxK623EW90gl&>~@t0K0$FNn~PGnruqZ`&)0YigVUC86fY5!6Eyc)uGZ z2JF0byGI?|!w18zeXz3)6OR{z7)pW zmr*8H=zDA`G$FHaF&s!!C=^e(OW))o*}2|Hj9e@ z3wt!h-AKFK6CA*S7|qk52^DHK`Q&JKkGyi|uDa(J%ahK_#Mtk3I=~A%9lSnRS*RQ<{@+rtLzV;GL2k~Te-x{2?jf0`K z0Y^iBIZnSp$<<7Zm`rqsfeVvsAwE!rLpd4hdEGSi|0mvcXb5s`JXj=S&k`^sA8ma5SqkmeiPCy!5^Gh1-WTmW$@bbQ`L=^v!>=i^uE+-wIViBIS)9S9UFUo zU~W8E*!@dnZP}m$tbAz9gXkJh0n6*WLfxLZ6{pE#CtdARqz$gbnMNLYxjHxkb`B&( zB4@G3*~GEmWx8{L{N2+kh6-Sb!?BIzbA3MUkQ(2tCM+AM>`i);t5;bzl9N5!4c`c` z0}Mza`Q*$q9iilww^6{+r+E94l<-^~uv~U39^j}mvw{&BUi^c<6N1Z@wMo!y+ng8; z=Wg3Um4cNbl~$MUTobLaNYEJzcw?3VQ%k#DV+iUFMrEm=<`Y)9vV~vR(j^w=Sha{S zfmoX~y)=)}nmD=n8@F}4gE%H6hsfMDTy=4?uu~1|h5Ju#L!w-x(c%ggh##Y@yTnD( z7}j_d0R0X~H*GD&qKj5c?won#v7mcs(^nRJml|>)dyne=3^-(C%uTD5FPugJC?=Gi~x%_u5W01Jq7XA$VDVmq1rT@*WUenZzZMgs4p4 z3+Za~{>HYIf`DSy2a7?1X>@^jE~q<3E;{D+Dd!IqGS0}uvCAWZq^sVLE6mjtda3;u zwQme;;8#uT;m@75Ro%IK#zjDqum6gP*VmJC9(SgC<1O5~#B|uJ(aG&|Sp1^*Caem;_{g(cPM#h%w$giS-aX7xttl4>%H-))YG|{XJ-|lujPqYFP zq;c@Jh{U(1H`PR!*{Z5bMaRSke7l5_tG zM-zzSE%MPzOc(I+Ys@%Mc#8}Lj~wPpolXZwr-UGNjX+mf>cDa|GRQH)GjXgCwSu0( zc*7s@XZP&wC>_wHfOT{spW*2kyGxsy--FuwnyUQ;{#$|n>NUSETLvLPgj|B` zEnGhFu}s0xXUi;fVhhn5yTw+ZW3`|KrAoPg1kd$SyI{gA!_%2DA-5_cD%@^NGF!Fhot;Ogz02!-_@d^J1ozA+R+?!ytxFd8X$BJBU)c8-?)%)n&z<-A zwRxXk+xMNXzS8gEr}MsJUU%%ksQ{ewkIo`bf?T3#7Ohgbnp3 zzyIOKq=x@fOMh9Zzdx@&e^K)@J7g%GV=FO3W#s!RC_gCKXt!_y0(FEM07yW$zuuc5 z55qN@)`epnGH)_>pP799`LF9QR;wn51IfllbXz*3cbiEChj*6rlCrJ4*OPsmlWAa(-bopoom*b>}M+V3z{C?O5t zmANDLiT$q(A@s`lz9ODMMYqh;?Q`o|TuZzDR&Q>*#>*QRh6 zi@T+dj>FC?Il|f+n)o(}QMi3jPI_D}T#U~2k+d8vE~n30wVA>0g_X(0uh)fO;tqy{ zLy8DD;~t%+K~5F`ol6mQu{E6FaD`dkU+?#7E@kv`3YrKx2{%Y7h^37tVkbOkUj$Zx$UO z)1Z-f`{cFKYz>!gv$Q_Asx9a6zLs1-*PPZ+e2d(mwW3|?X5}1_LTwr!Qj0C*23@jX z(P)|j);0)G8o7Lr$vRF@O*HOx#ezg>sggo1v!S%U8A0_XuF5wKnsslYaT_Z)VqR@m zvbToe^w_CUiLBwC46n$5mq6JF3LK=AEEO0OXD>9UviY>r$?y*J;szxQvf0L~Qrt>k zrl@+IfXGo{6fo2d^!r(#d3LT=h#DJkEFf-=)&WpF3ipIygooTzmte3{P;DCBddk7F z%OOq?z^}qe{kd$f%088B26RSJ`+7aaO#Z#Z9};hv@ru(gh)H4=w&+M zd6(ro1E2o|8rTT0#+8o?n@~=H5o^m5k^h<%9RN)>XOsrCLI!(cL?wi1WfV^*jX<^F zg{%qpp?hnDh~`IGKf>N3clFdSc4lD522c5Rg(^e52t~scy$Ub#Zu@1go5A$A^Ox<5 z>D5-`OdA)ezHsD-B@x668b7ltC?g7rMhiy<3fhRDhfIrD^UF&Lh=Bo2qIVjx+llYK z>nGAoEcTIEnd82@bQ{mzcw_X5#P#6y>?>jhC01^6@E?x}SJaXlnVOlF+p*MF>>w!8 zfucByE=v)H;?x*AQ0wEDZK#7WVZMr2>!vsHmXkZ>69mPrHWOC|=!ha1+V2S<#jKDV+Qp2`9ec7v^zbBPfgvN%vxCb~RLtfv5SD zdnq5T;t0)ag^c@}39;`kbi=(~hbJUln@f86MZcRxXe`4BE_#cd?c)Pv7!;X#cssZGBh^hUTUi>@p?0$atzz+ z&}p;4OI#C;*!EjA6{>|uH#J}8bq=BEl;RFmJ~Yc87mS824{fjf?-gwHje15);K zUq#^^mJRv>z_jCSkSE}9Is}!UBh}2(n3V_{HrXdj4ZH+yFSD2xP_9~WS{dJW zqucJXIu$Ci+*i~;A~{N^fNoC(!?jmuTtb^IIqX-$i(iY|P z`@I@x_+y4$Ietzmaj>h^#%jafEa8*6UBU-_!-T)xTPCd&LWpq=h=Kf>8kDLohQo68 zEqO)}+lV=v0?-PJwgwbZfT?wu2NGWJyaf`vP4IMcM)|;+ur_(TXExgIXo; z;`HOC6`DN}>WC?WZsjm38t~khQO59x9ZzgnX1|O!Mi9D0^Ik#&(cd2JKYOyb3Dg5c zO{N2~C0pZ*Kx!83W-vq;!j8jj!rKevu^f1j_BT_OzU`24q)sC2l&KlIe0?$O=WEzM z{!a4>JC`Yhe9=?iVHN{J($+G8{p%6*neZOoWW?LCTDd+pg`g?6t##;$);!l_%1)hl zLsofs@6pM|IBm8+FH;?aiJHxUxu9J+dm+(&|E8A{(g5#iezWxygcERM@RmXgn7Jv< zHKE^w}P`^oMEJd32yZ$Sr`cnCS{Y9_*aHb$*Ys@wH2v zD1Lj-FY)lz&eKaXP_NPTYRmp?52n`_+1PN-`G#V2C#=~M!8D64*c!gL5<5@^0Fk4h zHV|+SD#~4q92+wjdB>e4{MC>t!GF;$C2-oYnLY2F8P^kjxC2~adiv-rJ=@jCdMCnQ z(RGdCn0zVY@67u2;KMi@KOpw^2|SKww1<5H+q4*~&VyvIMMlW-hT+)IN~{uejV88-GTi96y)?IXp-d6wnkGKIs#;3LzqHrp`>vaH3z?O%vY ze{rud=^)rQxU+549<~SB8v;_JQHnH8`#GZSlhD$9=an_IVj1Lk-j$2SYb}JlNkuA% zVyijUqz=HE4^k0j0v};*i50Yx8SYrc`|wsmur}D}eA=5Ju=}gt2-sYX_qP)0lsn)U%I-eJdROUFf$ZANOsE*>Royh(cK@c%vR1Jv}>qdiFqY z5DUUn_{z^jGjM>j;;O~q+uLN3sl1sqK@;p$Mw?>la;>Xu zUIs#NY#c2g4)y0{#cJ%&->dhlGrAt_w?o&@)5x%Wco?~`^25k6xwtypRj`RQm(POo(?+tx${{RN5=F`mlMB7M@BpO0A^s!DxHCpK5)rK&d~euXZ19DLTG z0z<=5>g4MIokc?n4=c+W?po)>x#yo0Br$QFZ1IH?c1CY>h>JHF59z$5b%8b+<9eb_ zBg-^)19?`FODCED1u9AtpN2wqSeU)LztxzhzPI?6p0QPPRoho3_3%w0^~D0z~=tj@kL$=JV}Zmyq+hC9ZKJi#9dQM z+KXgK?lbg@gk4Ay(@y`!R}a<~h0$78$K%ZC^}Rm1S2{WxQV(%bm)Htl2$HLItEo_u zxjWL*g0^{)4VZ7-g3ICZEzWJ5PA2?KW5F9H=j?<_js)zle^yIQ2gW%;)|I0k6``x? zS7>)qd5@b9??EyhJ3sC1{7s>LSnU(``z!eOVoK6Ja;2tHjiWqIuhY^|4n-ajQIEMr zI!Ha7U2poCWoSz?xBcP}+5xnU-}a0+@txL^X?xm8QGDw1-|EG77~J2ugdK8%&qmw< z#}xt(sgI`oLkT<-F3HZywcH;Y4zV!p-^4xx?eT zHx9;4p}q+%rzz=aIOt|;#G}gu@3e^TD@q14Y|cjwk(NEpQq}j012Ip+OK5arwYJm^ zvZY=skEs&fJG4A0-bkt7d;9EQ-qzs^_O4*M;*C z7j7?wQY`Li)HC;BAu%?&>o(3N#@@niC8p`53*(CioxG~?cs=YL zCrk&I{dU2^-|Eue&MJP+A@i+=NEKYGIVN%RLTl*!0_SOxY^FtYNH%q$seHl5FkS9l zA8WKDjhx$^H~o+6k(+O!PPrM1Q_%VRJ^NQq6bC24TW-{n*+?aeCr8PGcEDuy#uINY8Wh-w5=*{;K{@n?MjT&~Cu+TmF_wbjh~@J&N23q19nx&c|Y zVNH1iLrM$NA|R9mA|_gMgjd>EQFaZw=Cn!B-brC=O+MYX+>IG@Y*}6duP5I(dihO0 z9u6n^9$zAP>uVE4wnr%y0q#F=)NS)_N#4~JYW0W$VrjXNE+zDg+*R>-p@A8QqLi*REvdPu8uBr!TT$t`FTB zfSgU2bHNQrJCiBhPD!}X9rW?IM!M1FyDMpq4ka(^GcJ!^%2>Rnk{aRzMZ$kc)gT(d zD$||D5L?b;cbr~fH2NFcJPDuN8+7{9E*TehRCk)Ovk$gUKma;Oy`A>B`H>A9zf4E@ zuzO>gLc8on^ZA{PyDv;@P9znK2r_DC@Ou_19_7(fHaa((w5XJd?7?p1oF$n(b$Ms_ zb@T4)Z*()^`J30@+Tq$kxi}BZ$=mG?LPve%$N*`)zSq1vePc)!-(G zJTGt@?WRhGN$CwbUcf%O^VL_T41(6o@-^OMK@PdI+Y{}=^7AW?&VHPB%By*%Xgg*)(v z$>MB#4h<6{^wI<4vTA&L52Whr-Y9>LAz+n6S^M^0;{x3gDg2M{ugCl5WMZ?ADI5K@ z>fqC|sUW#y!up+A!dnWXjlTdm^M!xhDH{F5tLNI$51}X1g zXch_KZOV8+w<1ug8fW=vILH~FPdnQHJ-)Z(_}-(h_nKDTTT*$CbN?Qv{yj`4WL-sr z6Df;Z-dxKI~3}yjWO?jFRRrWIR)0 zF%0XL7Qx}I#)<;Opqzl(M-$?K!iH?!%0@W!F!-1#1;q#jfs%9aldTCizA!TjYM8@L zZE6#P*7$1~5MWV$^M=4rB|LL5Y+RP`3x^Ed5`QBfM4Ie28^i>SewI@EW}YQQTLVtY zBadZ?5XBZgm>yRj8?(TnwXF?It<< z9|jpb*TnKFCH~U9=u3sI+$NRueN!RY?;&JX4FDcpLrqGEwvXKdKFhDr%|rVq_?H5X!T2Y7brdXm ze2Zb3p4+-~+|G@4u2aVxXHIX#JinNr3xQ*Yi+@sPd~KZ&g4brD6`VUffUMcx9iKwc zi~4uyu9rG^#4ubIF)%McP~Y0c!^JCz7SCj8*~hKiJUGKG{5+zgT4>Y94Hfo8_hVr% zk6?UVH;?!(aw|WN@=e4Y@X*zR-`-+(`H1~x(H+LPdxU=9g>A-R1E22l5uuY?`Ft$O zcRrrd@IOyfg-VR5I?!k)%^A0{E=U%`oGfr{i|7mGLamLMu(ZHViz=jEZmcwL0qg5I z2@)w*tVCop5CLQ>h+`uZHzZbF&8}7qVx{Ie5Cf)uCeP9lFSF&0pV`82ynmk9%1>-g z5aeYWQkM7bH`X$U8q}LiCF+*7^VRSt7WO293*+*p-{GR%!84n@nvjo+1qhz?o;RUF$K_Lk#YudOfBe8uLo2WEL zE2(_UE#U3uN%s-Brp41+h8@%m>gIyaGK#Z?5ADISHJfV1#v}_PKr(XotRRrGwX{)( zWp|n+LLvrLu?^Fo1aV|E=A3R68c5(}5$o{%yk4B8m!W-V>%7J7Zza!K)pvf@53NMC z;81S5)2ij`o9k-*3fBC2h~!%=+>PAC_21;}LJOd;#n&!vcv-vslFZ%*oxS1*kPAX^ zM(1lr6i%-o9gdR=DT&g@Qjd;WQySP#lDW_8UM?9#6CuhuhZw^2;rk_?jo)OS<@gbH z{FEMGa4dzxRGe5l;dy+1z@2CVmx|$bJa+2_0(Gs<&;pV4G*qYqHmni)x$icD*J44+ z9Z<(lVzm|{*2sUP{ie8+%$sbA{*Yj^v`*7WXyZSVcxS)3`JLAoO%S2CP}00XJ;4=G zp~l2V!2<1cuEyzgGl*LjfogWl53KD086H?zX14GJ0S{6jxpt=@STU3_2Rs@gavyw7f#oE4CC8 zdb~;s5<*c@qM74@kAtQ!2W}88gi(^Trqs?9(AF7D0nw>Pnacs;UZ>+%?DL}!C9qMg z^qN@{WCvI@mhjnd+X+%T5s}`kk#4=(oRXr-YAEUhp~8)MIA zKG!G_Em>&v8r8>_T;&OIJl3$iMqct27>QLQm4`!e*)0|rAgFQ|5WJK;jWq|B!Q>Te z9g*#4J-nQPV?rz$2Cn(Rm%Dq%2m23Czf7#F|1*hcx%AMfNY_rlU9~KrwhRx zVj~(NYV+_@`BJQEQuE?8vQ04RYy>Ea~)1&I*OrJwi7 zCHFbl=D^>IcBmSAdR?@>E^~8R$?Xob1X^YaO&a@b3dH2Y8xh+ss%mj}Qbo7U$RS!Z z0q!f!{M~BW82%9IL8RU)NCIs(YgWyCsG6zG!4Tb;BZ$F4npvF&i5#_x(gAY#e1~K3 zq596&_aO-{Z#k+sjEuR8bwc}@d_=n#_}Iai;sr%Ua~2ZIt}@c&G61={TL!?S|Fv~e z0WmnC2DK=T$dh2_TubzEf;xylw({1_npx@(3` zre=seV;XNr>Ef}(&Fwe8JX4!e^?gkRqq2L|`gCjiJQJq2xw zZNaE+0;Z3z`GuBOc}puA35k|s$*~f0Ua|NmY_QMKk!=l>+qQst6JOu;Q9597HeSrW zSxmpL6?V2XJ^mP*6NOi?WEMkRmA+1UeRTfPn3|TQP>rdtPAqcu0%V>e>ZDeMNEuPY zp#qbpM#4l+$_dxqRu>RX7vd=&!Bjqqs}ylgXYrNafw8#orvU&fy|o~G%AlzcCE5pl zF4Y{0|0WGuqYr||fgo}e4rWXGT($^54Wv>!gcO{OKaR0Rj*B?nq8(W51Y zvAAfBod}TO=k6+ghxPOn%f#tI+st!tj`w@7#-@Bx%70<`)%soeKqF; zEV@26WdMuD&!z~lIGfT6*l(hizcA?&d2h`=7Fj*>=(~8XhH5FN5Z8%g9G#Q`uZlG*Ya2|tAr6a&)$y47VyT)nW#

CW$m+j7THszqx7QJ?@ew@07z1jYw0VUPKMX1Hb4AY# z%vgzz`HT(_JIMw)-Bju2%JuXdq&Xa#T){EnBJ20Ec*!(!j2`$8yiiPo&{dpZUthyv zbIHvPj~dO$4mOt-4n!MGR;xTvMr@WV%=8NRC>ak#hu4qP=^UA`b!fnW;_w&Aq8o7R zfVY4g@kMbf`S;!I%fMlRt(3M;vjNZ^;a~86jxE78sVmd(mgz*b#@pHnhlcXZpqvD8 zYx^)fQ_lW4O^hUw^b%Arboal8d5*&dz>xj z(q@Y;B-mU#)a&?49b@G08sXY&OA_B)*8}|1mqr0kRfn*EBeUv?tLXGmN0fP608J*CGv5+-cs>;^A%GiTB%SaC2niC zxwumcUES%l?@F&I%C0ZSIO2n4vesyjCz*&KVt*}P!z@A$lB>ja+9nf%owrqqO9e^x zbO3ciK)bhV?v_^A&pc-fCe|djkI{Emu@{k|=Q{UEEODlAaq;uH)vU{FEe`0I^p-mn zI}Va+J|w?N#85#z20oLU=#4g5Hr|Wb>_!`?O$41TbKWr6HV@0~%9vb_#57_lZgb>n zoZRc78N!LLgT9TGl0oI+)4gt-rxFj9;Z7-^`XSaV=k@Ss& zf3V&u!AxlIk6Xtxq>ja1T;|yo%;#RE-H}S-le`(@OS5L%YX-{$MK|hFS>I2#h{PX} z_p#2k1w?;cfO7(f3H}N%?9x8)(BKOiVmX(zVv}htmU2{+T=Xa1el6ELO|oWVeV?lf zxENkvC^G*a7;GzJ-#L0o-gmQun`stU(9qlSLFwtB%=W=su{@lWg@BNV?azTif}CxU z9<^lYVR6exhU1n5GXS|c`NCo3ZwJmzWqXUDST+t5MWRO{fMV(B;Dk=j#%n-F=;U$r z5))nbu3iE+NqhYO_B$9A_fkl^HTBcL&?6$k8($ELVxf;uC^NrKflxz>e!6eg%m_Mt`YC3|NdkQVR}v)%Eq7 zzE6VjrVFJ7cXR7GIzuV;dG>UzVf#GWI-wL?Vpxluz0?Ec?MgmmwFzvyc@G(1d-s>a z?I-&?64+Y9IgT@n^(glUb>G!}FynMJPx%%*V!+uD<%2i9JY$pq@?{e#K{vZUX^XUg z(j7ubHht+@j;}-$w{4MRi|oa7GU^rWQ?A*LWr`~WQ8plyWm49Q4{L!I%B&g-#{}oV z6^!$Iz3|7_f)*-S+$yw?b&h>#iB(^*$g_!JVD)}f8J!ppLkp+;!JN_?v_%E0;>)HD41WzWA1MV+SZ> zBEgKH*=){J^2V5C5KYfpmw)+-bm5&<@s4Q6*7l%wZA!rU(o}1{te@Z-pRD0r+*cng z2T-Nj&=39r-LZEy1nBB`7@>ELPr8+Q>A2@f(IJh5hCR2k>#-yT#kWK2p16IFgjFSB zHvCXmwxBJqR2`kEjQ;fa{Zuw+2IS}zd6Mg%Z=4N9o4~qXDsUwP)R= z;{NVoIN4&qwcVH*Ouco-$FpqYyj)vhDQXM&r zt5A-A+ML}fpSi4Q!O-vy<}>cjQrJ~o#-WvSQ8TG6V}ImwfOm^P;TdKVVO+#4iu{6> zsAd{Mo#a9i-GxHSG`{1sVL#cK@@H|T9huK#s)X-udL34VlA0Sgat6nLH=_liELX~RZ@wTew+&QVKi=^ zx8W#9V z*d|RtmLg1xo?na9!ayx(rhJ|LV>lN3>uP5@9^(aB1E}{ZLrZHktesw7_TFwKjVh&0 zJd04>{7-AshE!_r9 z1VdMUT;)WlQ?T}7`TDQT)z-RoKw!PZ7FzW5u15`EyOz9?+LC^?qL@GgOTBT@zX2d_b(9*K?)=w_y-AR zN#jz%Gd&^%6{X`>C_u4Z{70jD5z7nw6N!l6gC_HUiw0``fO9%C*!N=tE$}OJ(|9d2 z?3o{Y+z8L)p8v)}EhByHo%r>LSff9b2u8!+U?L6-WN-p&-*fZDyQlzo%xEylKhn-4 zoxK*_dn)C^5h;ePk+U(;VcFSb$7vURI!OP$#Zsa^TNvjsyC*u}0l>j|RHmYhpO& zA3>}WZmBV4Sf@F8`OnmfZMJE^pi(h(gunyFcvvUV!p_7@gS7$}Zy3_vkbMSD&e(0e z=W@&oFNxhgI`|LPQ`i%0`jLeN0@O5b9|S8aTth_F(*efV4tPW2P^);jhor1mYNKCu zgqV`{1e(}zy%%aOFPuirVNQc#2$5k$edd6RF(5alLX-n7Hrhck;fP^a;u}QSr33b5 zZ=5^kS`0WS7G@V2ZO_KUU@~kv5F@l>u!#cR_r7hr*R?LDfwrNd=8M^sAu7|rs{Df0 zAC_v5RL3UFoSc$*?^ncs$>?l8j){`7@WGPazHw;}_YlWykn6Y4Q4 zm4JMfkaCzA7?N3Xbuuow6knRG?xs=*6%&i+GgsFAR8f~q8>zV(pq)-BgnExAV{k_5 z!y+fAShJ9OlMqj5&aUF_^PzoXs8pG|w*>qf*mj`#iZIPvGh~mcl#zwyDgkX2m3Frw zkfQo#(H?m=lQ(6dm!cb}chhuPOi;8-4V^xCdgo>HH!(kNSz5hFe6x(7Gi|S@#a4$v z*VNTC%X1VcKpefq<899dLz+Q6pD3j)Fw%iY>I*8qnDP-qN-2klQc+=_{kUB!Vnk-P zh7z~i*d7rtW+BhrKWeA4zQ2q4Z!fE#@PPG3!sm*2EFM&cmnvYI=wcD_J}yHpjU1_} zsmx6vyRjk$7En4zFwsZ1L02yJ_!wzo{swWjVq30LmrDV0BU1+b)ILH*FSQc$M1AnR zrD>wcwis-s%`UXB_)M~RwPC(!y&+AM-s!uqSkL;}PwNH52dFo(L9G50MS{_|H^7oa!$M9FxN2N2A_DdKW^5`S z>QYQ3X#uq-MUS;9aPL}uo9SlZUO5W6LU!-m8Bc|Th7l3y6$f|acS2qH?3gQ`4RNKJ zgj<1JYOC^dAl8a)O>-)D!qZKpZ*_R40ou!!R7Cj%|CT$I7{H04PpuN8fffXoH^cEO zthGNxs>{VH9qqY^3`Zu0L9ApNYN9XlEWo_ljgMk6Ll?$bKJ35FwD~>8Di=t|W)Te) zm2g-6;YHeSbNcqEH?o(BOIiizG~uV=o9s2ZG|{|rV04;l>R8W)r9@8%vM`to_2rs0 zD)CFiYoeU*iA;!yHE}p-oe!=F>cPfl=eX|H?-?2p6lk0^^C^&x4LhOK=}_7&6Wq(K z!f%>qeGt5wL1EkiYTe_*r|JTBH<*8h=1o%)6I2yqcBQGGbxHNA$ygrCNP^` zD)QbfZmRjFGg<||(W^u<7xgP)Y{f;b`}sCRTUI%?J#-^N+<;f{y3g)@EVYgI+zk9X z?Z9|AVyzZ4BnjO~Rr!#|(>XmfydyAD(-9CGCrlGTQ?;ydJ#x_E^$nU4m}mO87ldnx z(0!s!N(EBR^8qBeu>|vO$uR}-VC$B|aKkCpSZ^$qz}Gox6P*r)_M+vhB`o*RSbN0I zi}v2HXj|?U;znX!*muG)oe{?vyGPqC%zE^N)W8VwQM-578IRn@N=@LGRkPV7-a+BM zip29#ei0vMjQ_vG2*0wBbBn)-w?)u%jKFdfI(#RM(A;!!h>ED6ig>DMHF=@?5=C=q z0X)k9^4H9w0qN1X@K9*berLLG>o5WOKtI!cn@{%kvPq8p@`W9@eYfq1-*#~M@j1P= zU7u~=-_+B_iXRw= zvbx^dSRd7Nm63r9oczjhJOl-6LC~mDM^HOdjy1XXFTl!Lv_TGRtZ5l4zjC>>C4X+G zF;b^DxQV{Gf&#FNt&+=8xuR#9BuqCsHM~Lh_s}uRN-O!Av&yI zm@b6EUN%QG;IYhD`SgZ{IB6f_hTQPoy~fTK$t32iXD>l19#klws9QMxRXvHt0f2W2 zEwMa7$cNuI4mf*(WmxXbaY7cM$897gLLA{^Q&>65fOFQxFkD3oIT{uMz-ckRGzw4P{+v|fY;pz$d67XDxMLKRTvJ*sZe57a7y7b( zQR2+{IvvA&*=f>>2!0>vwN*r4O)3W%Fvvgyh8b0fEY6a?6N_<3=`r6Jl~@QNIqou? zh|gVHNvn!U*~lCQp!86tv)E}`R*&|dJ=xn-$5|JcyM~yW$gKx?rV<1YM@gk{Fl&xx zS?eT7X^4(ZgEXJqcn6c=5O_H$xYJIjhxk+Mz2+5gF&@6k24cCrZ2I7x4Bhh}Vtu4n z*QwuPBc(BdHH_Mgy3F2?-mH(GdgfR)B17;_wz+_}era0_6_UcE=!>#U)_)rKi;<1e zd^p%7T{R;jvO=45#5o1rw3%(>&6J{>XK(T3+nd{b;@E6D>e!kfbpxl!Vb*Yqmt!$U{kfj@C%sYM$vNz>`$UI4oFE6bZJY_jDWf1M ziaMH(87#*EGe#Bh%k;JJ3c~}E9v!{|mYAeC6gHnjXi%GOQ^=q<`EnV11M}=-DC1q8 zS{ZrdZ!Qw+-W>~G)L?IHel2-ll!Qzr@D{8jgR>g3T5qiTuvlP#M>ozzBgv!vH|b5z zE00ykJQw5CC68=CC|$Jn-WbRl)D4ft#Y~`quQO;4V#4*)8=IXJ&eMVRkuzY^lX0)} zDmP-DGXOR(E4&*&_tzRBNR6D?^jI1CfiBqm#Fw-lhlwNYH$(9xP{Yj7;4HLAd1Wp+ zLcFUP3Pb&BiEeJuMJaEVQ<&bTX6ep!`3r!FghRH7y31F8&QM#a*zYH|Cvs5&n9P|kXD%kihhYQvuH}4J1 zvTmLR)9Z_D{Ar`hQ0NQ@jhKwGpa7e!oT7eiK%VXRj2 z3Z_u9sVPr(xgwx?*D{VS{2uBkp}sG&Z>#DHK)O+>IIt%TUrqc7>KRD1Eoi zeXvDc7+ML;MT&NsMz9*V`?2+8;Zn<9X(c2ka55q;?iE?!XaL4Yyx{rsaBjqmnPYFS zJIY31pZJZl{OuZn17jwTJwYN&04YByYISa5lU9nc$+jLdh=63K0kBVlWIzoT$dtMBQDWNyatPoQI7#z)ZXlK{#xbRL)n6ZG%C4H>m{7yb>|e z@}-7b+G;-3`^(I55lv2fiW(;^ap!EYXLLOrghibih5h*&mdgmJ#6BR1KVQLDmju5GcAiHDdFYE?-|#2VQ+od((zzD1R%*Nn(f^MYdD zN|K5WnBEwQEeVCGd2J~Zr{-1bSe2my|2Q2Be6BXo#LkVc*{482m~Ge>&&jgysGPTfXF~&crhUz%`lvVkKKN;=QL2`i8VLS1Hkhs8XdV& zze4g^)&ZpWDgYM}43ik%((=)vg2aSyf`&~K&S~s&aRqiM?jHz^sk%VacvOO6apUYI zt{jXQtx@-BNZZ^dIuZjV(`lGrwHc2^BiHDcy#c-a+I>0BUiYwr@ctefENSpARJbyV zGc8V5yuBH!SA?6~Xh5rnIolL-77e+q@n3Y&+US)Ur3X}40Qq(6Vn7(ZU}HNNTKa}X z(r=9_t*8^a5H>#+%o7tEqBrin<>Y)3{ZcD_p=`Cme)a4ohD+meIxyXq!R5l+lbex_ zb;>uo@8P^XefxfxU%nTlocFN1W}-imZfg`AcP7+V_8HqRurSawJmotd673OfCMB4r z#El1dInJ_+yxT~DNxs()uz$WMZ}Fg6iPxgiiri*U`|fyE;@D!R^T}{DefvlB-2K|0 zw6Ov0-k>wikOdiY*LhKlrvr93F?b=etZ9xxlym1i7X9H-I!XI62V%4_&Y13X%s15? zc5)HL37*Wb&gOg+b~o0eR%;E092nfpBrj`ctawTDsNVC{VNTFHTw+-YD?$!+bRETr zDQqhwOwI)N&?^}i!JYTdHyZ!(g8zPg$Nw39E`LdX)tw+9#R=PadUCRNc!qN$tuTiz z1ale=2H6#i>1!O{2^{LjMW*jrM-j&~#!=ke$mTYClkkR>hsZFwf58}??EQWJbpPlO z`={IS?>S1y!~X>Xgo_b+1-1XX4U1!2ca`y>B+-OEQv`Cm1ns#Zr<5^YmbsfRc5Hl^ zg1jeEg0qnRh~DaOn`yr@#RwjrG-ng6zVU+k>Hp4l)}^(RJgQkv5Son~#t>7Bq)O#V60*W+$k;B{L8@ZYe)hc> zmeoVHg`*=Rq1LS_&dU3h-2LOxQk^$zO^4@jvJxIsTrqTXseeA6MTNpi=+;F#E3sIr zJEUdFJ`bfpp&vmcPS-wxMmDSOsMHV5J0U&Los5Nx)`o7VNghte;U?BBU1v~*q}7$s zgxQ1P$1qG&jGTUD%Y6#$rPin^I2OIsqDZY-TT^)t^-Z4Lvsf=IJL*9A|L)PL`fKxR z){-!&w?pa+k(I@jl{S{igdcel{JqYBb0tNPq59|eF~&73Q_w)egdwg_bWLy%u=gy!T9P#~>Ufz2eK-R_k9ge9Z^m#GR(Ez|gx>aMdO~D}v#>VyV0Rx=TgZVL}p^ zV0PYw@imcPKg$;sF-2XDXA_Keg4cD<@c>`B&GS+0XEol=p5F;)bP_A5vx)$NFk~9x zQY+}m37)k1(*Xxr*NDHl7vK(<@$gOCq$ylXl%{N>FFPhLf%2H4^e(hWZ2zEqw$xgx)=(Sn5PV;f^WmpU zO%pRO2?NTSXlBjGEiga%vE%$+WClFC%jUIwF@$7#yuaf_6z4+GUK41F0`%Ay`hqvO zyjexx6f&4%J8CbJ-f)@GjI4!w6E7TLw=h^EQp5Sd)oD5`|{h_QcV5Cj?-K2sY106Re zo!qLE`NQe)-NOUV4r0C4tPyoWT_0-I^=^#`s6V_rq%4OAcTbPcBjdW)@4+D&^)4hK zXNVt8*4M6giX>(mMnus=vsovmDy>OLv=lmom_=T+(R9J^ll)8ZxB60jd6k@-^0X_D zDaTqUhxx@DFH(YMpy`(6*_$p}BFo|PZTJihKU#^q($?TcLXaUh&*ff9K!&cH%qKOP zgM_uW2od~V^FcRh;sG`^PFx_k*^xS;Q95oBp<@Prn1jeMb9q``QUd#+!6%A122n0z zE!lLS^Qdc(w3 z*37|{?1{j!Q;zoE)KxwNUPq%r<|F3Fr9IXu+)lfFp3&9v0QWOHd<$!s8HT@+_$KJQ zYr~u16NfmFhtZp_@9N*f-2A-A5SrVYk%6!xK24nPIK+|gm2LqxzipOYSdu}OsIg)@SE4)+6s2i z;Vlo0pW5vX9(N06VT^+2T?|s-1^{qCkG~$!4?4Plel}4GY-M6`g$82Tc#?B}Wac`< zF~Ka3`gnuGmjLKVPlAP=N;Hdfj=jeFu_H)!G`j+~$lhFt$)8+2BDTA(IK>!Z53n}{4Yt<0pe(Jc!@$jKXG)IP`_3=f~=nrv9yMnj^lD#vs( zcBk}Cp75kXBE7tpC+EINKA2~@l9Jb=WrZ!jc1`3*Y!=1}pC@=y(zcjVvYxv>`lIdB z9s4WHuRqIapJeFiNKbg9uU2~a&(-zlo4RN}n0W|Z0G5HGM2|sU-}E{eR-lK8EB(=Q zm(KQ%k|NPJZTO4*yTx;=J06ZkSr*q{9YOn;VKpXYg@Q#}2Wp4>m4(f*~5>P_z zeyeSbhWX{!>M!`uJyMnF2^IS$oL7WuLa<1IGDVdW-qcXzNoqh#A`58&O-HUXWKQD@ zsvbS9%ENWl78A?5GXNZ-8K@}F+1-<@xy6c-0@*N-9qejo@z(8K5qNNKBIZyi0M)8ERLu_W&J*>6^G<#L{oc_d(jx&)TtlN*>gpXD-c82? z)YyNh$al9a(K}TS&USX_??(sQk55%&Xi~UUR1MyM6V<#6@+%z!x6a|WNq%lYqIwQ6 zi-!v(!Qn`M-BX*Y*61@LjE)Q@LA@BX6(|Bt18?;01;!v?{(?LlW4>6^OFzPkqs=5^ zdelfHuA0!iy<>rU9K8l>s9ZU!jkBZUjEaX~3@2>Kx=j`x`3#6p3tg%rx&s^0Zrf0!zuY(riN z5J=Ko^$JSP`98`=V3{|3PShHgyWdE&{75@79|KvYyo|@z4>|30vJqn?xo!u&W>PHd zb3xI5ek|IL0;AnWv4kKfGvlGw5%*3fX1h>V*+k>Q3UaKE3afFDtm05eW+r9%%0}afZ0smx92Xr~TJ*87s#pmG|Jdg!g2dT1rNQ-3+(DiG^QA#!J?W zKFsp}Tz>3tTT8dtwR$e&E8nhsgOpF=`3rIVBHv$x^LxBssZs>58O;Bd?Eh0XfO%U$ zd=vOQ+rT2D=>;&0Zw6uDwa>aC{C-=)@3AR-MvU@kk)O6PP`iQaMvEqqJ+eFa8v_o* z0-J+bWE{s%(@>0lEbSEO<_qBUh9tBn5_V zTUZ$)tI|o=DVh58lZT!d52xdYrfVB)8QsoX?3Px%DnQEVsPq2Imr-;(M1CAjP`8qb z$;Eje$=Y18K5sT&tg5^AQrzNNa>ll%FuxoR40TyO8j@W`KD=bUf%+#qD1Fpc9w2zJ zEi-W|rTA=1>b>9utHuw?y{I<>xa3~U`;kD!nU3@zq)h_;hUOR(4NylGJ}N^4MvhD3 zWXv#7Yo0Uy8#xEAVV{YvU_a{Ibo#O>I~`lL>NAd9L1mK*oKu`O&r2!0lbPxgwQHw8 z%*hf2cd0k1iKgMC3fG)G$iPu&39R%-^BTsKqwF|?Yd$)LmyMS^0pZ}wR4(x+tdoeO z0lZU^d!f^tt2jM^fG=81o0Zqw43ulPwUUR?W0&kldvC9s>!B8`F-Z5?TJ1bijFDdh zOkOq=Avh<8{bKNK#3bZmT5+nB&TriL&AyUYztxbHCs8=-rG=QylFw_FNXe+~hQuzN za)Ws<&V!1wMI;u9kw-;3A|7LeQIh3QolEE{(jKdTrT5kU7z zu8Dhx0F;3HT z&~2)fX0u8DxL6<2Emc$Zkkw1eMuq-BVwLe+no97(f=ppGQCy>hosqecUnB$arA`x? z43|bPXt1*GrsgWXz!neuhxc)TfHLpo=BztguAq%Q#(yR+#{^j@u?q-rS&MvhSj24> z82(^ksn5&xKUMH6#^7b?Zno0pPigOei?kP$HV~jQqsUmu-x|#BSp0&r><+0!<>qb1 zdQ@zAkzH6HH41yN^Fi;(k!6;Y#F$u=L+Egs0dW}6b+bqRxkLZCLw~LvnkZKZ9skQV zX|EOk)Anf^h4;o6>AjfnxRoUuurxH3eddG<@Ilki^o9`hT7qpWZ=WBWymjB1a=VidJxc*Rm$o-?q|)zS+bJ3X+X4`@bI0YRisH{@1Sl42j=L6(#Ttu!2! zd>k7FM_a3SwXFynCyDor!Rpq5beoY##2;A+(<}pa+bF+*&6iX5HZ6coKjkaIndLJ| zx$HE$%)-XwYB^a3vX)L&->^%YJyoqym$i|qy0&4)fNZPkT9OHZW!1i@gh5{xGuK>J zM+0lG3G_p@eaHtr+s!h=O@}u)i@?5(F$1+;wCz-a>=*^3a7KED_f~1J)j1(K{42? z%dls7Duz*BouN6?{_%0POT=!y|AYl_zzw3<%GEtPs zEgJyx)T^a8X(p9$k|N%w;VhM{l~eJ4bguUba0>-j&b1iXY567V8JkqS-Qs|yk*5dgc;kH_|_Okr4v)uH2bl=QYFK8GKA#N-L0Yq(8aBuBhE-Z4?!)hvN+ z3s8wndqcbiJC4`uiVqd6C>E1k7uK5=Row|M>3DLi4xQAc?toSEM@#dDIE(OgaD=Jy&hcz&Ug52WInBWkD0km7jE|C0gcaCNXauj*Ir$Bo~I`;KpAq zj8S4eM6Ft8nOqytVrzPBA=$()P;xe{L3eoz3vDS+YVE&g6vr=SjEFHG6k9;^9O?Mt zZF9z`U}avk#37w90XMW}%s9f`FInoO>l5u#D+mvv8p`)joDMK?8<;{8jl@05#@B(5 zueP%+`1y*9zs<7cO(>tt2slPO} z?{sF6)C;L@vpCyuGKmav)kCRqMz~cy*oD#5p-*K*TeE9u`GK?i=&1`7(TdNGdnUM5 zX`$>C#%^)Q&&LL`bd&gz)ql1gZ35%q6e3zw%c}j*m$pz>Rj5goIWnZ(Onlv)^x13f zR*loQs_xs`eZ@gsl-D)edoMnc^p9ewyIzg$u^$gsoEYh@E8Kd_%cQbYzWKOW^#)|# zRoybY>9HT|9LP|ZPcj(h83x4r<_wAV-XZ}#*7JzhGbDie?kcPd}uB)!*SwI)W~5pM2RFo;1jMd@dLBaR?MQ6 zQ?|%jQm70hUq%K;C8t;%RT1I@2?DLKcp2Dl97>D_pML5VP>yap2EpbHD$1oL3* zrW~(|;`6{T_5u_!cK^@s+K`fFY=m-T07-tfPl4Ca_fiQX5b8|3yLA0hgIuu53 zY=?23d}xXJ(Vggg%vd!N*oe@!C@r@Z$GvrK4zT^SrnTf=x#dS*NT>A}1bYLg{-8~Q zkPeGsD{L*kXmsy746x>Y#(juwDKP~sH-_Hixy5kvs6n}%{ z+-}51aE7#S8ti9ud;Jz$+@@C+-@|*2DH|Ih5R%3V!n&NdIAFrPs1;BqgW>&X6XmaZ zsEiU)*t$&JjnDb5jVytgUJJ|OXtBc~D{e{GiKvQn^N+d$41w4zG?EpYz^R96mz1Oq zY8HDOG4n+7X*QclX;U{r5L{Ld=@K5n5a5)LK~c#I|4k1Uu9u$9V;31^qK$N@sIzD) zpQ=7#Jd=^-OI%w-4=AfkWc9cucnNjPh@BQ$Kz8~JfK@A=4P=$Vmlhg0z}t8J>kntG z#Hz3iA=F%utZ2(3(cXSgk>ZnD*!t_&CGChcI@&fUAy!kdNwtWED%hjKPI$7G09+tt zKmwOVy3NsCJ4|i4_YXfr+eWQ%?^JpJA%~PQb&OFmxv*J|Rg;_9iTjGSqHaxzd&%nM zBC}G*rip1dny(Nu#%WVzJE0_RUJgOT(xQF*fKJOq?}~aebmUF_39WKXFszb-B`})d zP_X|@hNI#>^3Gz`eR!Lgv=oG|3(3uIRplbI8XWyi+H!lNtIu^JZ<@@RDU9P4EdthA zKJ8CjILjqhqr)&H?L58ALZ~$wXyUoR7cB(oM{|-Ed6mGAQgxAb zUQI_@LY)pmUF;3x8L|*gkfR~6Vu-8gt+$mjKo>8UF@_D4YO&0}qp7f=S@wDj0I3#dF$vPRzLrn){xuaoq;&NC{f|ux} zv}quW_>>IGObkS5h+%g6n(j?z;dGpkRo5(Gq3a%jDwATogtepgTmVl5n+6MUHxIND zko!FL{nPj;(em`YAG8-ioSl}E#gt&Qv zQy~1NRyi?SATBT*bW-OT3KvXWyyehfgSa84kZlZ~>FL$hhV9u_90(UW+^D{L^+5yZ zN_-Ub?i#)}_(^54UYe)%Gi8XI7fh|5W=GucV zF7xR{j^+py)Gx}C+3LVL+A$Bna*5*$q;yHET2<%yzZY+#y`-_LWAU|se_m;alvgHZ z3X#NZ*Og00_}a7!h<77?qw-UV&X~en5Y38g17saui17xyy6`}9w)ptN&NXkIID2uj z$|g$rTw6~Macy_{yty;NPdLHvoEIM!m|<<5`_31B8l)8Y@NcN$GrN-Acj(%GMBzIo z4&y*HJ2uS0x1#=`Np#rh%motBBeoL9^PL1pl8#`%hTS=J>lQTl_@>72uq<+1PBfSs zYIs2=VXEkD-6;f4=^>+K{^f2AJqxvCSC`q<@NPvz+|F2NJ+sjKSSg{bm^vue@s4fk zdbIFJd!aVdccv(}XK?WrB2h>5hl1riTWjm-Z0+1x)ooNYSJafw(UNL*QjDq_rAUkv zkWYr=KxF0wO;@6DM5#*Q80iUd-XUudA?_oUDa=2Y)gFn;p0S8VG&IvkW-d(Zaw{nj z-pnCE*GaZj`V68AYF0G1<-C)5sa5nsXY{agp@ndfD=tC{q*h3xoeQm^SD}rD^vq!*G$)wus$pHr0~L!18rpc2g5s?9m&VaQ(+t z|2q>37x};z@BxDb?X2yX{)?GdZxR~PmTA8N1^7Z5urs3pbG2ed9aguxaW@FAbOv92 z(7N9uOS?@EKfiA8Y^H9{e08ply?(oldnQATvWGT5If1r+iENkKQ_SqEekc z-PzeYJ+*;?Sau-@5WSwrRKOYq=<96u;T|Y^hpiWcogOn zvJ@CGtvq7rZ+6(S&hr8Sz9v}pDBktD=vCcG`%TB7L7PbgVHXT8Uqy~R^;padeOsg3 zGb4sm>%7sg(c*<)2Q_Zc)nJHT0HT1vQ<21MDvOWAwKA)ALm4;&)`i`se@Ucf4clio zj6D!28tz9n$+w!CT^ptSl*-=TrnZw$sfi=VEmn~@9yCl~;g224AVS@o!Q|AptdOk$ zMTy)S$lKLsAA_)atw8~jV_*cN9t&93Ne5_Q&F0m5zY+lj4yat8I4})hsI)hS-`MhC z%S$ZLnu9E?S$v$M@g$obIGAA|0kKguC2;{xc_tCN4QkcaZia#Rh<9PACKDpe-Eoki zq8d@;Zkzc?6du&?sM4AI`B1|~D)8LoL_>{!rb(+b@6XyP>5W!ym=e0Z%gc;HN&>^? zqrmb0&N_}h{Hq=5vYHNlhcOkV?A>Pz;WIp4qEbLk9fgY(9MGsXopa>9+yk53t|9~m z3eG?WyAq=btwr*o>f;e!0DXHfx|b$z$dq*S}!b1 zvk`ATN;_Fo_vB4~E4mb8BFinW+*xmYJ!%(|lCE;*aj-DLTB(E&EoJGxq=LX*_Wjy> z^`4yL^@*hX%KqXXa#z2=P5tfe=?k4o++NMSvX90_+OfJOSe}i1a$`Sd!H3?USui;&3^s+=%!+s}fd3l*=DWCQxz&%k5s0Qo~Cm}-_v!&uGY!lYpyT@E- zg~|KU7%bF( zDsAr(U!y{)rJ?wODK({i_&!7q2dq$K>pbJv=;)xmdvJ8TcUaSq;oYX%M!6Zc3}A5LPA{!) z#zh97qU2bx0K&;9;hShLmq&aWDzq)N^X!?vV9@FG_z8D+T#k$> z!@D>A4~>i7pxaI-ZKC^%y-Soqvf0B|bMl*?!HE6odtadKf4L8S(4POXzW5OC~%i@<=|(FFC24P4+9H}L7;GAfxl!U#)kFX{iDMQ$0LKkEQbbgeMRM= z2o>Oktkt99dHk!Oi9AZTcJIHXYk%R8Hq+mEwu67sN^K!Ge{a9~T%P{g8U2%;{avSN zc>G*`{^g$TfmQlKj{XH_Wyi;#Ez}qA?JxK1FI!{_`tzG`t1+~?TLd|-Yf~`X-+N=< zUzFght#VKG)L8Mf}q>y?G_umY5KS+#cXdHRn$WZw z2rbjweJ=R2C_chc;h12H3_mSeW+*0i`{?t#^_eUoy!?kx0z1E%$fVMc#Peu9ZFU@N zjiL%m;1(}?S5pCe)Oe(#_Yi|azUHKkp#BPVdE6hq6OZVyf|2mtsO30IFKKlri5$(F z9UauXmv@Yh%)kI!IJTfNx*YghyN{In_BIFCd>^Rw!gwLh1y|qEzaLJ`uQTU91JWg& z5FO2RQs?)XHfBCf$L!2TP%UizE>{%!a60Z}*2Y{KVN9pPmdk)ud?x^C4^afqBl?!d zv#F$2Szk3H+|c&;6moD%E>jaS&lKByJ4`huBbCvniP!0BbsfukY%W(XZdCR7kzT9E+dF^Te!Qouf8RSf-9I|4p6x%`J3ZTea*Vkv%e~8PcB$I!&Zs}l@xKaC z86wxWk{#e(?<&g~NOzYNtmqh{Fb>!diy$;#AxJIEIir$lhp)k9zlXd;F4i#+0X21* z@j1~rQxwQqS6j_e5W+U$KgcVpagW+!Xx*(SH?h}+1C6ngRwb$UCUkl&7vY!}ag7km z6YW@DHs7^P^*{#xfvVB;Gg%t*Q^e2*LQ|;Y*7&cEUm5uX+UiC8!G!D%;8?1Jb~TGK zTrF9q<12xrm%?4d6n#f0HXAS~!fbYYb^}8L<ExcYGRp$otU#)DT;+8Fuy{p+*?D0+z!Iyb2fER45EU#Uy4Jt zhG@pO>!4@mtKB#moR0iTx^un$5VfpHjAvRw3SXF zWgGZqSv^8*K7~z&?G6f{!uBL%bh(PKUn`3$Qv=!d@aS+4B-Yxj0)mFi;bQjbqOwd# z_)#&N1b(HV`&ZiS)3e>3cDs&}tbV90D@RbDj1@)TU4?@Hb|d`Qd6|y!qkc`7@$RAF zjPB7!Bc!s6Z1M)9D2SxXz>P?X(mXmQ=+zS_=4bKag~kQivb%k@t$OGOtBtC64-P1% z`Oo`@U*DA|Oc&A%12=-4RU$o+HE2f;AOs?rjZvY3Qg?&G>Giv{9QaO$0%cJ`%nntI z@@(22HmHCcJIY22aKthalGgs+rd!lhRbG~u6D(Ss;=aqg;tb)&B9onVyKqj;?^ixl zV$}8gh1#mTYnd4=T}6aj+LqG%MLT0H++qzV_3qA^TH$8b)twKO5BG%{Dg4X$70w<8 zZetroIB;L%miTC#We-nxHH-`%TKRzd=wxpXKD2*6I{Dl7$b;Njvm;txtT znT}TKFehk3jHcw#C5eNnmrLX{u0OUaiL;AqE5`Qakj~4bGT5ptMOMwSoR2k^m$fHK z28vuwmLpQ4H#p+!ZieMzdL>pTxGZvGFvec{Y5tN?#2S5!ZNixa5Qm|D=#HKa`HrEa zL={BTeH~?Fs&SKStFT<{$;=@?c>Fn_k(tBnEk)$fUDpl2+q~QSmN*Se|7GtjL-gpc zUpF^s*TYM_OL%vYckiygcb>j(-tnHZ{w2PuJB+GmA7K&5(OyNU#l;`T+sf!XVw6hSUb$fF*@BS_Pv~cc8c!P?%~9fz-DQN@vsw`?8Oa~ zZhIqIj;$7R)W(edA*=l$Ct(1h*C?zTVHqlp$#Tk?_V?E|8C>C zPsP=f&BLxMsL`BTgUhvnYJ3|kd|6$&kV3O+bgtSqQa*%irMfggEQq7 zxe_55hD8C?R)^hQ7f%Y~>=LiRhL|lT+lg=@(j?(ZU8cQ09j*(?3oJyOO3?WoBb@cd z2rGmi4&guzNA-|Je}Dlqqvj<<+j303A%d46@gxHI68(QDml2JT<76laaI|kz6 z1}7wUEIkuyOc8=%IW(<m#+e$AOT8CsFNv#|l$U_ziHg%Vp;NwQun+XWf7 zy|czBGsm_Vu_Y4z#aJ5@tjzsTEv?1M3&Xgy9OnT;;=xAkHF`!9Bj)UdHZInp0?#Zu z7fGA3*w7%zc{kT+%lCMU1t(f0G?5KVG%qYs39V}UHMd)ST%uMI3rqxq6-JgB#4XT1 zOOGPuF5ES5dT!OX85`iREquRV!1c4Z-74H99jwGuy&0#Y5&A=P#=Q|L@k@3dXu`Z* z=oWjZSBY!;?CdRzZJOu7jzeG>w&tdG4z)W9W;j4^V+NT(_(3|CTbQfc?t&ldSnSvU zGSEd4QEOQ}N=cBUc{KsBy{Pn`G-q60%;yGkhpeX%4RWT-C_#M`1NZiOuY8~}j&x-` z%(MVrEZV_zks!)4UXZ;z9i!mw4wdJS>O+t_@6nHu7mO;Wcp|fs*FhRMjF@yOwvz@V; z<8^8lV(YX^$JXWB8p4k@0?&W|jK=xN`HV)ioF?Pg&TWzb4J_<&sL?+kz3HA8GS-Vb zqU}XcM~VGp*ryq~3r+o8!z_Y_+A$4oAn^0_r@ey%HpC<+hz0_9_c2sYgHri6*(Mnt zDoc-)>Nm^^V?DQUb|LnY(`c^G&cvrf&SwYpH}2OQvT%3su!LI_;0`^(vw+w&CCynE zFDzi-38e+?ZIKshRzw2Vpn=9IQ7|CaE@&A9lfl<_SvcvD#xqeM5$6UQxA9CB!zI%YMBYDC3(cawDH2`gfaZ52Dzpy(|&_H}u+DN)r zl(L*wm)2f-ZzNkI*RKPT=q8-UlG5?*95&MOlpWdg*b%^*v$~i8&NfW7qwhwnj6!ZF z3k-mti39?_cKht5oWMI#r-eTf)c*}e(&fJ8ApU)8V+c@ zmJ6JN7E)WaD8OLDKhhJa30OrCcVDv(1g0-3I`p~NEawF zz~Hd*lnj0dMOB|%no=>^h7|iLN(BZ=geD*&2Z?#w-GyN*xn)CCw0s{3WUI`5R#k!y#OwJ>BZsYFDHs8>Lro<& z4Q7bxMLrx~(C|oWxsaT|_fT90v3o+`&=p?ro!F$Bac@>u*DFXcmZAzI_5Jq=q(~~u z5`9s9pHI5IVe{n={wtUu{~a7A;kEzn8gXDcg}mwb%72&UAS_P8ba<5X-*qN8qbx{v zldq%N7~i@Eax2H%XFs){Y(J}8`?iC#Hok?IN`FPmI42Xl!7m4Uhw*IoduUSUB-*%h z_nvDOL>7I!`zP(wz2ohZ?X#m3o6UQzYU?%oiJItq+pM{TI);E`|5isS)iDlya=LqT ziq?Vt>)ro+e0(gg(bUTMbaZ+bKG^zy+Wz}q8w+{34Ld^{?}6HAb9~75aN?%g8%{4` zMmxKmZE4UMY z@CEYYJDLe-f`0c-q1hLd!$y8}#qaO)zaYxrfg>Db`XFInR_@ekJ8kUl?mc|^m`u*n z-WZrM3Zkg^8z?q5YAPBlw%4V^-m;`OKc8$LAMd%#9pA2?DlVO@sb;fTSC=E;bCXMG za5o!|*OdO)ZvTC|y?yfdloqAWY>LI072#Td$_`8t40QGI>A}JMN`*(l4lxdGdqUH2 zzrq>STj0Lk=}4`(#W6?5M9xcvk{s8t5?Y_y@-7iU%WlhFO4)uOF^mIkOfR#}tFqK6 zn%Q!pNzm_qrlS?p#5ENpht$;N{-k}G!mRu4yw37Gy~=nLVRWDk6^vP>RsSQOYO;dW*Ohz{ z+j;e6-WnupI(;#@SF29$zN9?TV2nj4Ymi&FMm_!NE+is>(s#0n$q6EQnj*2O#m=tC z;WW8b!7PE;qBpSUkc8Z!zyWZ})z_4M+9blQaNSN_m03F$b9d)0CcYm?+~tySotO0~f_fX6 zg>El@rF6s?lFP~5gFI-OysU9pdwJR)y-cB_(?Q<5!kVxNbxemm3N4=LH*+{R56GIv zlE2zgckde^K$a@D9j&m?5k&k!=s|M>tThy8)d~-UrfjDS9N+tPf_P*;@Rm7q&!+D3 z(2B1Mp4i|oA`;Cs!XoOHXE0FZkI**xLH}&3WbeuG*)LxtIN1r#_7{nvQXo^TmE`U( zSZv@vN%QYe<&=_Ivw}(1)L-&RUHt%ZA&$3(4mT=J)&edWH){K^3!#!q2)W z`fZCU&-C>4#AL$Xx&m()i6V@}u^rnFBu1YS+*oGu9xlwf z5!D}ka@Rt`HIs{%(Is!sYqY}IDTSik!63^T52OWmrLXEbnIchegDtzA_t6Ii4+I_u zSVis?yl4-yw-XTn#1G?QiYVgL&8uwEdDG=}O|6++kDfc~0a!&Zw8V%Z9Ds%0m!zvY zIwt#WIg2CckGnRsh6$I4{jGnMEfP)pI-Qo8XuYgDZ)>ePHGkz8c>ucaS-<^Qpz_(A zau(N<7HGz&A3fg3LWeVCR-{oY_E@1=U5rQRoQAlikKR1sdp>EpIaq2j#Q)A+P;t)c z^ogr`XKcq7=)x^JQQnQRj$l`AF>@cntp`vLgVQEnCZ}-)2dd%!}7gaE;ztw%I(-|XlS(ko|4Mx#!^*6n&fld4dOyM^YobJ2u+bdEE?t|w2JEvM0e)gK5ayj!r> zpWNq>lu_E>+x2$AzTSfM&0>D#>`zzr!E%?0C;>ofM`FD%fx3{`(fpJs`~z=;o*lP( z?`P&EG8)qbmNK%z;)`PTVklh%pHBRX5&djpzZH>J7M|(&9LHzZlUwXbbRp#-pIVrG zLxbrkLQEW9^R*QoKh558-@b-~&TDkUcP9z{p~PIAea{NZirJR%(L5z1`G3;IQCI7^Vi~wJ#N$3h&+quf5ZvM#^d3*-9i6vQiwWk8va-* zJUFcREW!DxwXCnxHhIRTBOY1Nek-H?PQJ`hvIS9f&C_YFQ3W()uM3$>@hMY&vD7Ar z%643xUhrA3VxrTy-|9wfQdvNG%sLd)zx(_ICBcDkB^{Yo)&-Qo9a{I|A6olp`)vCl zDfSD>Ll&|^j~@b^(K4B<@O`)VqM;E<%2(VCV*{-1EsgP=R|cB6tkHG!(b>^YYwj5> zhw*%w!AVRMogA#Zm#ZBNGg$YE!7F-#8H6Ul=?zEyW;j)E(!qq$FipgHm0)8NvB+t9 zrJVK#ok$|Ql_4i@He)~qp+pS8=J-P*2bpVfuu2iwkWH40`G-Tda<=*;2Xn{2JXejO zRk($!w@Orb=eQ{<&jvnXAi`hfn1g7TN^NM7v?|MAC{`&}D$C}5%mhTHuFU*n`J=5r zmMhDj$@*jYR>mJ(uVefnJ-of)$MP-gK7cgQW?rKi6Y?iE6_&>+$EcRwp&Ab_(En6| z`Zbl>hha!NujtHzVJ~th<~p0C$V<}B1Q!?;f<1(Cp?dU4c+DUmAV+kEQ`id|WK`D` zHD}(epvm1<%>s69PCAyDstu{eSGle%P*zJldMFgx4R z$q<1-H{08A8a#S>a=6#tIeG%3%KpQHy?V3aSOk+H?SGyA)D{BK_Ox(9|hc#;mu zQ>zAVYMK_7DQK^RycFugF&Ye zk{pN7NkusLYt&6#mA%2#0F)qu5Lp)}$7!C2B?O8GHz;|D^{T0}ZR~ z#upV0N*A1@(NBeCHni**dk`wLJk~_+$q*g+26h%*EHZ2?yJ>-E|caAXB+(-pcRe_ z&HD3S*I%qwzx=Y+LNi+#_P560SQgA%lOJK!rTnHekCuqw9DtCC>p7R5{!K=anl-|I zmiBe-WwwA9qR~tX5_4N_AkRR+25bpsq(_UsL0J@h#yO2lI8ktpF>&xWKA40(jZJoQ>oH@1CE;74}0jdEofpD(G zJ2=(%4t6>;z!7}n`R;f%GPRE0bS-HM!Egqjn%(z=iMOCPVQkqNlc25sq)~HG;j3&{ zFDb&A5dpoGR2+8y1>!DYD(g=urL)^oOH2{pxnsZ4os{Nr-#44yCx^Y-Y1;U$b$;Je zqnv#}CX{IVS+p{8m!hHax13hB;iRf~D+fB9iDi#IB+hjrMpe!_csd{7R06L!tSOXZye30h|9e~9Mq20OF&1Vg=?Mp&xXh;K zh@;nIm`93)>0mG3vJqH{!0UKm3z`8SPHn7&Qo8bp=RM!4L}tR$M#Tc+-ln4aqOzSa z$vDM9u#U17>MhT?>rz9Ql+ccYlvdh!oKpsm*<+y{C0P%CLSj}Eune%nrpt?LLbNs+ z_kfkR1+YL^lOO5C2T$?8S+tO39zP3%BDetzkxTpaRKyE40N$|m6#+N&$~zriBW4oD zrp>h~p#yS0!$@|9{o$a&X8=-JMC#?kPM(2;+2suE0EUv9pokKzHsND}B>pfvI#nn4 zAV)XaZf^@L;Dq>_;riw#2orD=*TRJMm-L&Nm}u^oy|)58*hMv)iPa_~Aixnt1Rp1? z+ro3_*TPe0BpMUf!r^&zX2bmWV=D+I*Q(OzSqs7!hi-ppA=!L7;O(D$291)5r~!!) z&Z~so3&)hC;G?#z9%}VVh9_1E8)YR3)Hfm2Zy&9H;gHuIzR5YJAQ>8lfdk9BD1yJc zA>ki)$MppNMBvPPptMEGU7ug5IO~;{*|HnRolU*M3S3-;zSS&f1(ncp03}R0XU^dVei87S#Z@6_IbB}UEkNf# z%~;KBG@Kp?G!<|?B*h~e-6K+gTTXOXU{K^R*LevCd-c`ZK=o^25=!w(L?E}epQw1u ze0Ct3%yfVV28~NpE)LOz1J@>;19`-;2k==(L*}0xI-mfE5(8@6!Xx_YY|zUFolLVB zC5{F$N@H|6OacZ zVGr7f87uL91k1>F2ormqnhB^S`3zIO0+JezW=GU|n@~E|!b4Jv-&W=9C@!D_U|Rw` zv}LAqoj~b&-6@h^sv6DO9%uQqKS?4^+Pg!J4`w{Eg#~j?{W_20L*Qsh!Zs?C+Ze36 zbKQ*uz6)pC9;@_)B4pbtFEK!ZWQAroqqd=`kO{AT0lV6OqYm~4x*G`hDCm9Ukv&u? znLr!V3^T^G*L0^qE@+#mv?FuQixM;QT@%S`PT)5TWUbOmkXGKL<8HpDvgTEDjlr>P zEtp@fVD$jYoki-dKrL~tp^2%BuT71|eS0v0ZEbSHIc023ksLj3z-Znp9qqx2nLSh^ zyaSTFb(T6-h>=|ULvs-%DIE#Q50k**u0oI&Q4iSQQShDONXS2pX(!Yh*X?TGEX3Rc zVUS{AGzL>8Ef#$tqcG1ZhZY=Y(Ls) zDe@%=K1nt{@5Zw6mmph!4Y}mAdgp5bD>hSi%(|p=cXUMbe&s?o7K7CwA8u>*_2(_M z{vxSLbt+jkv4dFQxXA!COF{S<26%)0;}!15X`dqCO(bw3U+(pD&W8uKemX)t&L!Ys zP}5d_Qk4N|=$hf99;0(OJ>ZoyKceN#Iev}yZb^55OExg^h#KN)lJo?xOG=q&F)D<) z&nrpkAm>Li zQ7s`}KKGu1OHo-vyHd;F>F`}kl!pCmATx)6Vzl#Zs-(G^oO85Vqe24-CL6#aBy{@g z^evXsrdJk1*L#gA8yiln-@^V#+oIu^%R1m9?c#m(BkduJ94a^zUm>p~Ef=glWXo{m z9<7--a8#P)4%?mP$aF`&tdo)9z1~=47b51WdBDl`;lcjHtt$VEujLH|1cE`PAfwC; z$Zm@|QqDrSFZ;P@-JfU)Zeb(sOqiGgCYYP1Fo)dqN8XbB@ShHu(c*H+&i(k` zUPLK36`46WFFuscj!)paJ(`9}8Xg-L2Zc&LGZ2+O8ZJv}xqWFRkvQbBg#XPqw#J>>W4t_DE0pq#KRilB1Fk5o(W;Dh0?EzWVQ1HvQ zZ8-2es3-9XKRak(3^I5+8KOF{qt~7$fe@Y5s#SdOJBK%D25?Dd@KkljH;8~Y7wrzm z-s1SeS{n>md14SUrPU@;1OwMAT^mWkxWfPkk^r3y+|5kGwatnpob)W>J)^*)byW}} zfjFbJ{Uk*T4vb9%lqg3{5adlXg&S7x*(lkp%;PYrej+zqwjllMwE8u3UO1DvVNst+ zy7H4Ip9XluAe$EhIbZ)(KKKETrOFgN1RMNC{iuVdkVo4v5=nS=RDS9w%ZhOGA$IC^^N-R0_Ioi4<149G- zLa6j$a%ax0BdpwVdUb@^k$@FDE0H)2`I}Li1fEz1I+(4^P7Q6n_kHMN@8?K_=@)OWW8Ftl4p=yYF6&= zNNImm2g@fm-p!fw$wcFYN}ynxv}tzx8b(B$q@uC7xuRqQR?INrlz2-|ejQ$L(KRV~ z%}NAoRlZnTtC}kOsJ&~e{j|3RLc`i%xVGBtl0}%{ycWOJO#_-ug1gkkx-n|ZRk!EJ z;$qUOhI4nJZA@^eKG9F*7^8z{YWGMT9-YB9BM|TuUbLTmfu10AjciQ3gxENOshs1+ zk6=>0IJD_iin&#T2|xd_!n!M9`Iux&76cajNZ%##q^{G7#a|VEf#bvM zs#Y=I=%rrSG+w(Adu>hB;$lFTlddekS&{9n76|3FWQJ@H2LOA!8iZsE zhBmaG!Z>&u@lzN6UR{l|kz|A|$!N?21GH^u)5{DvF7=Ak1*&I4ZNLaQqOC1^0a$$A zo}mD{09K#3p11zHwcPr(^_SLaYo%3hy=#4Fy>H!bec$?_^5sd7pw1A z;lCt-Lo3#wz`$sNZ_bosqKxA7947$h(i!U_EF*Thp$z)5%7( z;80|l7++b8e6DF5y{N?c20b~pjA?z&KVeqn7i>qbx4fnxp02zhw+FGtqM!%Y@`cP} z$5*01k6HO(wNA`E7HvfYrf;xOV9T(V7&nl8y^0a^ic6r;txL;Dxu(gvaamXL(_Dai ztcP#GSJ5{{t-t7uT1qa!F-AI$0##!TByGu8KsJqQ{A(B_l>|AgGd(^Shdpt6D`gvoo3+mk zX0kLk@Z#3QncJc(>|e*(Jc8f_R&oX8>O3)Za0^t>5FnDlHJX?*lmY_qo7E^R%ZqxZ zOF-{%KO9=AHEr>Z%ANMIhT*ie&M9e4lb6II&Rqigysi7ElGR>tbFtq&7Ex^YV92q+ zNO_x2(3~IJE>IOH)fR%tEix@`VO|mDa^qt=562A(41*VAlW__M3^YO`EHiSNC+m7! zxx=1am2y4_bzkdM(tJrBJBWirPS;sx#beh&KdX8bMGGWnRY>x*h;3^y4Yq||Ll5<0?`SSHgU&^g8Ou0gF7ap z7(y<=bFmws&K@xEMzK4+zP?dR_l5hRW!M<5ChBfE!ISzvpEz1Z)3`A5qC=XCcx$;= z8#H>F?Uw7mgqa#NW8Cqn=Nw_xsMWYw`2u@svp=lQ4Dl|##PcezOg>kXIB(jR@3F2g z7zy4vkw%Q?$xp!G2TZblKLidD=K&&%iF4;YPLVn)+VBN>0f)hX=!0O8h3|_X7KIzw z60a5!^jLGlS64LZQ^cH*^S!(i#fks2WO@n)+pZ|x^fqHXh5E)z3u?01$-Tkd5?Utij@@t?3Y_4j( zUs3`v60slli51IVRPlcsDkXD4U$;l5`PQtXaACaUIG$63W;mW>*l_j?3|Htnh2v_q zV39ZFy-2}L)m*nPc#SMs&oCx9ic;*8poC28<;5*-$+1!L8G7L&nT7UhShhCJT}||* zh_PIy3&wCc6id)md75Tx0eNVx7pQdd=;wteubNKt{1rL3b-@BIk3Jrl~}5)=F`&Z@2p`>e>F91~SwRrGP?viDYNSjH6I02pS!$0t&s4fP81-_+_lg)dB*SU?;LVmw_m4y$KYX53e%{orukS zm1QWGs_X{+g_}h^u`@TUa?|rtR1CZPQQY*zM^K-44A(?$g}b2-DS8D*gSMovxn$XH zF3tlUsfKNKn~8EbTH9;Yk&{k!(@DxB8`>*1X9j+rX)h#nTd+dN?FR3k)22KoM{tyS%Sqb5JVBXh0@2HYl7ivx-;slN67v_>M|#Xb-$hNY~L=o zd&Lp1ZqcO$UJ%Npu8byn)2VFC9s2e~^w%L#&p>){nBE4JtxWN*k^ zt*J91fX#V-pc?sQjn(06CeSOE1m9{J-;zBDd7FY#bP>*6;x*@(P3gW+>U7wLT`cDd zlK#MYOcRC`%oG&UxLniaaAaHbL^6uz2^t$-;~Y>Eo34$;;FY!^aJ~HOAn6q3y6@1b z@4jh~HJ$4@eME(N-^o>31KElcp-kCgyo>j1=9Rf!i==0x-g;83-BQLM)Pleo$oP-+ zjJOl^uN@8ZNpO9|(*mTtm6T9E`!G0J#Rq7Hq5e{dmHtx9hJLBUZr@#NiZ`$hHGBVf;FJS z5tQx2TA1~$TZPZYb!vxG3T2hE{<1tSXRVN%Z9Hj9%s;e#8tJ@VVR+*`3(FfWl3M-GFmm^ zQsH{cWr%W1L+Dq|LN>|#%N$C!=zN!#EZP|%z1^%k?G!Ix-R>foL_WDerMz{iHYx^P zq*VkGlc8COsJRQRhFxQLcgWrfq>*UiL6vn-UO9=|dZ&9PV~Og~f(6|arWrRpQB8*8 z?#Cz|!?he#MsQ!hO*4#(79$Pnn}gaDU79r3{!o;!$sn;O61pq-PlYDrb)=*Ve2px?efP z-SmB7Jgz`?a8$i0zk6cvX|>MKv^qa z*ViQ83qep1R_@l}NVW~9t2Ksr?y<-7vO1?q9Y8D8=-I9)=ze+ygL#b*4=n62%TfRK zR{{F2M^Bq94gW^qoqYXZwb*nq5WW|RcJ8EMkp~W;V$(&qHy0V&uOLu$h_Dh6z#N@p zZ{Xj-1R(#giOZYX!m7nfVA1{FKQp=wU-JD3g2vf%Q0xwi4sBXs_w7)Z6)}4WgG$7Vz4+s-3Il&1{wARuNtg<*wXKL*RW(Tx_Gb?!fDdRmZAHfuu*3iifAe`xS1SfgJ!#Y zi>tE5`R6-PDjWACMr-K81~%^Zva#0n-i8E|{L9t~gXPz&U+PFgt&J~}^Wef|oMGf0 zJ{;r}&Ph1P`ZOPtzFO;qD1d_IjEqf(1)v#LI=De}A1xWX$GJ5}P7aG)UDKj--7*>M z*ru<)kQ2kEdu~`Zg8J~4m5xoyx^_{P1C%LH^J0_UD>Xc$*>=nq-0dFi0J}yG#rj4i zqBJNw6Sqtr2|dy((H=P3IZMo>GA*o!qJ^%ty!9-YtSZkzhq;ZG(-=OTW)mg&$>Vf@ z@(n`#UZXjKfv05TQ}@8j3o?Lwi78Y#Ytb2~pkI(7l=Pk^G-5p;zW_sJOW_hsx6b`& z+vQDfG)d9bXaS(l_(epB$yvB__;`GvA_`FC#^H|v2J$U<=9ynRH|p2f^#xn4V9UrR zdw9h@tql+zdil$s?3!bJ9JT)rES*ARY}T)n?P7OWL=SPK8<0(q)C#s#@VQWlgFKD1 zx>cKx+#JC-oaUFk+AnSvq;euFRUuL3iHT^USzsD&L~OD+SNO}PVQyG;G`%- zgH~5PJc2u(0tfpKclS@$tanM)BiLlrW(#{FRk&A__CTTKhgwkNmF~@mi{Gp*Kw9UG z1Fo&+6^0IesyoGSkJf!1mN)Ww?HGtsvJ`EC)XA9p!iE2%bRMHN%lsG%6m03OO4YuHZt2+|6@p*S-XS%ukF52VEuNS*{1 z$eCMc_f4nNXvLRmJ)3ma``ueB*9h}C+Px8-jv5Un;oJ;sf`*E&bT7baog;{<* z|I_?$Zh^aXYxf&efTmr~K*JjR3Pw-CN#|eXhI5K{CLTfzTM;J2Nj@M29LjEwo2H4|gx^x1ztrrK!xXG*=KN&-z!2*vLFvIi+y-mo>h*6*9)`@%}F&@#m zTWxJ&BlehS+kaBHqiz@$76%$6UyWG>skQyh=N|LGDyEcRkR+IJX_@z~216u7RCYxVz{`JTgKNumvB_;BgotRLkB5$bbWcVtmk~s_z>S>#d+G;gqJM=7sB6{3bH; z$ZB0-*}-t-BcqF090rjy)TQm$gTQ&MDg_@*Ja70}X*VNv_-?~i3vqiF*;vRuc9vb- zP1Xwm7r4pl?F+_^WV=fboFbQKeqI9&B23^g>qD5tw#yNW>I>=EZ#^I%tHjTWN0hi2WmyYA6!>%PU3=$tz+Ro_;di!bY zaSlp|1FEwfXgCrS#%-L0A$Z4+0d)RV$HTp)(;uoLk+P8b5ZjwqZTlNyp;} zvS_10A!C8Kv~fHEs7Ft^xvNQ>v;}+pVEgc~I@oD%9~|I6J7>Qf@6nH=gM;le`uPM- z4?uaRj^2_R=LT$iM>@7D7px)Hw~z@~b9?@{)vCH_E!H?c+k4TN8kCtTO#cXdBnbpb ztN|%5p>yzPhU#eyWpLf4IZcXz-FJKWsGlMZAURVC09BXP$ifrK!{P)m3|MZ2)$09l z-bDK+8^0sBRhW1B83HZ9_G#QG^a+qZy|*7`oCVpfg1(QhgOi;DF*UvhitA`t5GUf) zoqtE*g(#p^41DUc&b>w#5yTI=Z#wFuQLP5)yqN0&9+v+-ayRO;oa>LlB072USz(CA z*Ni>EXkz2u70av~xW=exOHe87Np*37Gw|&x2%dT^ituThW7_5mMy^ri-!yp_^wTa8d<#JG*kZ|D0N&-=?5o81X0+GHu!2d3%eH+EjL>(+5&gcfv z;@0D%q0x8(J^TWx+ruxAc}{eCJ-s2sihpNJpVqt*G2)U&gR4+B1RCnLX<+= zL2`!;BtGJu23!ubHpjy}?_GG}rRYEizUXx}#^tW@;Xb#n25F+Htk;-!RY$b6(AY~{ zt0G4Zh+5=2+Mv*Ad4|P^<%Hh7vo#v=5}7OLnKmO!vy4WHRwFU9k-%=GU^wE0;z+7L zhA}anb^nF8@RxkCXG7v@6aywkFUyTDX(4v5rrreyUK`@f9sEMV|ML?d>-*9EvnP9- z+LvLRxelur*aFz8MW+_gqN)(uC#J27@O4&k{UL0f*|<@KYo%ZbyGJ;vuTA4Wymm=1k*Yr_%lU1)51k8MRQ;wQA%5B?o% zbC}{5?GCb*=ydC@-=!zjDc6e%j=UV;!4L0H;skdK7dKn9PLB`e>6fKa()g2=F9Ae} zn+1z+3YprJ^qv+VP`}VN2m2@%f91EVmgMKdRA>u48J-QV= z1_RW5@h+WDdc?6wYoGIA+G`tqtfCVbIv-%XZW+g%{WQoaOQJFWxpQ(h`^Guxb`8>$ zjOlzKEFwLeHmmR0SNlU!@QMgrD?HDLIldLM8q%LM+~_!(Upq%cGqQ|A@=Q<&Zd1WK zQ^tp8CkaAYmufGK>%z4eRzE*V+wzITF|&QwA|%(Jl@)(~gmE-a7HKO@(2vzi{GD1~@ zfCos}nvO_$idO=?4%SXX)@YzvQ18m(`w*3~yP9;A2uM-Pz}vCSq1od)t`E4>?M-8CAQS&BB_d050nn)faIz#LMcDAEoW4Hq zW|!%-KiPsdXJfk2MGR~`&8IJB(8B=J?9PTUJEvg39B2*_G$+Kwvyfs;}4 z*@Lh*^p4RV4u9&}D%%;T7y?G3xe+`zig&~NEq-q*+M0#ii-!j-Drf!FkcC!KMJ9#a z4CFhiDdU?D88RxZQaQCWoH>mdln;$wKbKpELDdt5$(`?*;iI;^tVe!|<1NM;5KJHE?)B$kD zFq5wxuo(r3%>GIHZ_=AwXgdW;Y7T4SEIsWJf8mJN8o`VV$YFf_;b-d7Dmtb^y!)W| zjXLN$mQDbT>9|{SVUj9liLpz9ok*IK$S@LR33M|ZS&7?e^RI}Z2(99ZEm+5$K|6`w zWIEAVcQn1A^*VgML_la5l#cbCuJ~jliPkVxe^@gF?pPn+ioo?IrbqTUi50|_wr{0J(^-o zMkf?@orxO+Zf6n6?046g+_-1CwHGqvWgP==MO`A_nv*C*dY@BZJ{ed%4`pKlMh6k~HLw8mIZ*0po>jz^NS{|sAfO(5 zN|BX?_K!kUnQsoG$J&gkV=|Z8B*>;k3U4N~ z8IW>(6fAQyG3F}bvBd);C5RDjXH@gp0;1}&vRLelxUgLC+JU>mE`xiwOMgtqG{?;A zS7>K>c)Hub5}>gceT#jm1r;n2C}emwz$0(n3^;Blw;pX0kPr3`|K^SJ0lszi6n~VV z*;g5l%uumSAHyzq-f5FzMN8YRfbEQ$Tdlw6v4F!{h{z~o9x0?mra6%YxsHlq(kx-- z=+~F_y*|i1S!V6b63m;|8fI!4$(1G;C9`t)cj_hixigV?x)jID{BSYqjqO@Q@0>0L`vl1-OJB+!#b;>ge- z5IQ9gD^Y2mu;Tl}6u56&-eY0DojyrG7=1zKq`7dVITmJMsSNwCwaDJ>L-Lic>rQz( z|LHGJM6xUX5g|>C<49Z4j$RY_TIdT*Rvsi|8M2KiP8|;SQgP$>y*$2jv+4#oSm7MWdcuaYK~!mFd{i4J&(#Z$*o*G9!gE+Kg;CT7m+buL(tP0@ zHJhbESpmj(L1iRGY6S@Xo0kmzoSLGg3$t$E7^|J9CntM{XU{iJ_Wr()QRAO)Za?08 z@giEEo-IA%u8L4SC+&ri+eJG{4EW9qII*A*K>MuGSy)lR8Wm|Ds#=|e4|bM8NfRo& zkrF(YOrZh}YJ?h8w8>WzzuX36!82J}!$K=gmYGwrCe?}hV@&AXbY`^@#Z4vHr3E+E zUA`1#-ZViwDim}N7)^&;wpJl_?Vm1T!1!FrRn>LKYQq!wL;_<+s|9_HDwA*gev_BOIvWZTMrYB}tie0I&G}JmrA9ZdYqZHLh&T=AT z>xB4iW*cw_xDn<`);5Lrd7?m9t>BC;Pb%uE;w z|1Nc7nQl?Vbc>ab)h({t3HzAa%c${q^u`h@u1PcO(9IfQcd$1$YR*Hbqzyo@a8ZXI3J|f&r z*fP4g>=|+%Rq8P*;qWS{-|HaDfD)i%co(^bC0q^Jub>##fN()`xi|$u1cgwnYz<0a zL_7rLOHp({zX)VZ)bRp9!JBMsTH4i!+LdJ+BQ4Eei8m!x3jewRW=61h=#-~zv*k{e zOSq;}G+WG!(lK;l3X&YUhhI~J2PinJ?fqvqYR#LBB_8aDT+br%C@$JmgY6P7SFVulb;7q)Ns4 zs$t-CSa=sHd&cW|qatx?y+W0GIGso?p{b!9P;D;u`ZVooBB3G_?!&#u`-dn~ogEz= zAla&&qr*r0k2ixhR^*W|_P6967qJIN*#!z%yh3VqP$9otutH7@sSk$0EY;ujrRpZU z!WFwoH|Pz%;6eg<2|`v^LvU=~g;#rn?q=ox{rTsA+#e*D{N>%oo#w`0*9qu({j=9` z2mXBb-FNu!#&_S`asSnS{@=!(?>4^q=9_OfzJ>Q28ynw#^Z(R0|C0t%cSQgDKX?A0 zq^~l<7D%r@-_U$}?_TNrZvbs<-1+v-*WcXR`1ZSRVgA3~faL1`{W<@?`=9M6?VaP} zM+e)FPt}%c>{nMN!%;gQcR(z!uY*L>pLVm#!S43%E_`n`*WuH;5DgsrDwPfq4Z05Z z@RFr+ws(4lMO9b$OMR(A!BpGFCr6J@wx4+4{@gPD4c9+UWV7>Gm&T0s|MfTDeGTjX zn{V!X`|aI(UqiZ$yWiaV=Fj#2NBmh|RXfAc&6t8zuI$v+UD&JXO!o7*H<`dO>F43N zyQcOBohC*X=qpN!a2bT?fX<(*YI{0)iD>Mny=xHp|8tmUmvHhOz$g5Al64Uju6Hpt z29Oj!XrN6I2%(*U&GD3wuVF4aFvGFOv&0l+`!zZyj?g?}f(PUgo1JzspWL|mmr4UR z0bq64bvD_Qrm3KDbX0T=B*-Xmj8v=TGei-xiKLF9SVd3)cnMF%568LI8j?v4UP%nP@D}|m zOyjQ6IfDmof~u8q@3l5=rBTXzh?9UbiMot&!e!(Ge?=drVs{fAG_ zj^JIgeF~Wq{09I1qV}F0pX{BUs-qLN|K#{!AIgIYPPPxv_V-R{o$Md(96a6KKYYBV zpbT|*bOxurC;MlR^6Y4hsxIclj7N{ulf9FjpWw~*!~KK(vtOvzNBd`oSmPt8a$6m5 zpPcRQJU!SxQO8eDj*m|FXuU%hclS?s4z~B7?Cmz84N$Mz`}^MEnL7Omu}S>*y?QTCo2o$wqM+fu91_E0UDbGA*@Ln$zD@ELwTe0sWnNG6;(J7;?*Cr?S) zScjSa83qX&yZsbne&cW-9a6VpypB$O!E$jtXf~+DKmW7`pH6UuY2dbTL{4D)W^X#Pj@TX6%ix&hSAKG3Sw43@`e zI(dLvL|>lV_>cd%w}yXzLw|oue}6}R|CRp!k2RDz@6g{H^!HuVro+Eq)6+fr`x~Vm z!D3RUdY68LSNWbws)4eiqYgj3>)IzWX{qC3uvUEx01B(gL7qP>oLFpFNY%=p^U5pSn#== z_OT(5R{gwx_7gI6X704<|FWiS0MJ|mSgVzuVXph>oBKxaS?17XWX}ReLA1+&p&F-y z30Z}PLIZT#lNlg?QEGtBJviMvYd_ik+unl;>lc7UKj2>vDpu=&Z|&2A%HNN-&wg@~ zj$U2Cgr%Icx+1^p>kq`Gmr@8YJtp9v!FSnubQ=5Uro(2CjSeSkHY@3MyWQ!+@10$2 z)>cxjzWcA!pW3jg<3{vV^Fwt7KfuleW3UZ-a-9QobhQyA_C$U@(Ds<^{AC*@32BOc zS67XWYFsPeoo-4|q(l0y{Fc!T-;R~)sNV&G&G97B5Xpn?IT+}HU0 zAf|D`nFEP&@7Y;%Sa!7kk?qRJL~xj&`6+Pwr7h zS9z9p`gotxyuL?dBaiLtdl-^3FC@Rdw~ic_`UQCqub_|sNV&mZ zF*|xj68%Rr8y=7Sr3GM^zUfG$gLQb#S4|*Yw|DoB_YOgd-+{wNo$IheSFc>Z5+WtA zsshn=D_oLGv+m-oyJ|^kU-PByicOcjO;NigO0IRCRF}VVu(y5K#%p+>nu<#^M#EWM z;a5OJ^xS5ji&K-J+0kE)9{wksV4N@26@2C7)r!^X3jH$g-QkMrU3d2$Z9hH0)rIo@ z9xHE~q`;MVGs;|VkRosWA*sOJp%E@MiUI`H18R{3G&=B`EFId{6tZYb=@;66hKkwQ z!7`x9r}D4Y^g1yh``b}T3#Hgc{%RiNSLNW$txhgG>*7MXvlF^j`7NRX2<*L*TR8$(rnP>B#DF}KM3y)#z&XV4CqFL~s{a zw0&^8N3ZRp{&sfq)cJ%@_~mT-gkQoBc;*NE_4MorS2I1!Z+>f-#{>JsUr;L1?^#0G z{`qh8;^)6TfQiJPJ3IIbT0qXi^g#zjmA##xj_?`(<)`+J zes1r`n?v*FP~M!GH)rtX@yQ-Fo_@eH@ke?=zaCT`efJ$c!awlawEmH_U1#UqKW+bg zuMMl@@y^LFB)~lI-#n=g|+v^tyks_n7)`d&q(~1^<3f z;k_2$@vjFJk?ir65%T3n`{7fhKUAXGulA))N4@|~5`4B_kt_}$yWjbZO#$pGEJ9w{ zG;*A9)5t4K;~pkAMQrU=&_LI$R+14S&En&i2XlCGE63lQ#2L{oA}{{%9Wbd*LPK z;QA-nQ4-YCAy@8yy`PTzJVL2x&K5?b}UYeV?{HVWm zMpOF*9`yU6lVNC5zot7G`-Pt$RP0&)f&AomJG6<1I;HKN^9bK2*L`W6{KQkgqkDK@pYY4& z(7dLfu8x3T>!$}5qvLqMzvvD2)xMP{_<~0>U8Q-D_hx$EBPrt?!ZI|TdK z#Q$IXqY_n8Y?f@BC5jF?&ikkQdS&SWVU1-Y!W#P#Va6C!k)We$(M%jDM^JLBRd}~r zH$aT4(+!XD6rpGZ_Z>L`;ZHf=q}PoGkjgmA>0rO4V`SdBZ%d>X8~5c6TCUU2E}=TY z4>Dh`*^2d1nX1*oKOW7l22+OTwbvmvDj}AYDw~_X(gdk(XaDFa%$j+pe{9CpO9eHD z=qm(iZRvrG{f~B_SG^>5xIcQZ^=R6n!ch!L6s1AaZ!C6j%8JNx=wHAr2nwY8f-)@ZS^1uVta<063|4`L2f#YC11U2dH-#A$W(9*sb1`MS~6Rjcdk zwR6oCIDjQX*h6ag?=q2Z-b-b8MxX@5}xP+>p!@oHh9i>ib z;jATOH4+eA1)Wg(H!_N>-GcFJaFwf$z7hQcCZ*{n=|!_sskj;zPb_uC%;q|3%TRkz z*QSEULstx~G&{}VW+f(6+_I3v+=$xZJ1HHQi)l;FQQ9>R2EFbSFNVut&ABSFN*!k~m_iY2xe1A6^lgZ{wp z2Q}>+wlx@v?&=|&yC4T=^BA4CmXkCYuP&mH#;j3v+0#Xo+J znL3B8S_f5EI56jbPTl94y2#+tT=r)!I-?^0mo2;gA3b>pSp07>d+ylVQT4gEG}`6L z{h{6F4_F+fj z`>;BiH}SUYq;qmdvam!4b^kWaw$5?y?#1?QFZy&+t@Z@_Xu6T0C?BPi2{%bx7r zxKXS3Mi~DYw$>UJ{f>QcpI57QUcm7Ri0gwrFpzWHJCZ6^sA=MaF6g9?R^*23SG_K@ zZhse=!~Ln?Mad?5)SXr;`1htN8BIMVg*(tCZ?NH^cEJnHcY z|8x4w6Zo6#s_3?t?PVIIf!d@CUHCy7A2N2`x^o}3Q25VVd_zAF6#;+buX>{`*1>R_ zx6E{#P?7xXQ6yJU^H(-4P)wnzsigx?P4dZHGK7Okb&^Z`N)BecZZrx`q%b_-`RSZg zc_z_;4b3JF#ZrCJ`1ao6-}g_B4$*KNC*mE#_q!z5IR8w*aH2Hkgl zOLd%Kf%Hb_<_~(c`XfdE`R=@tqKTBcNC$%q76rP0@hq|KnvqeG zk}j3yy2xHq(AyNjKt~|8!|xS6P38?gA-sM)(oeS@w+q;wIbAT*hcQ*0M#&(}=}KAd zZm+8t;Sal3=ozif>A<|Baf|lMPGy?Eq~Io1u3M)?(ij0TCP{Ik@tXwM^1E*`tq5&# zs|kaIkldyNr!iFAxj@8JB`=1~d;@2f&beyzGy7RuXTQFGZ->oxLYESDb4&o~(cT!c z^@4`c9l*Z3k8Y(aI_2&B4`jxM; zG>L+@K7m-V$CKG;tr9 zvCuoO9*kQ4z6t-k(sJE!6wT#GO(i+C>|t9V3S|@OHV`j3D2fimWdwX98c0N7JBvEV zELNW6?|+5ywoP4s|2{dl+kvn2U!W+z+AwVPTQgY2B#Et8C3KM)H@SAMvTq{F*+&c58ACmN#Ri^ z+!1Ucrk!)MyZtwlZ}R9;Bmrcm8sZfc6MHpDGwG6q4-x6Lxw2j=y8UP9|Kz zrqcCPxEkj+)v+Pp)DN2)Z4PtjpJ*0gKj4%570pfTSA4>+MuWC#;T7p(-u|{de^Az+ zpw2=qx-{vl`{Xu}Siolaumu*6c%F$GF4pA)Ty!s)mBoLLRc{O|2ZY&-N5--Yqp;JwU<8zfSv|T>HhoS1Ra> zithi}xDl59K;ZDuXUjxy%?Vn3&=vGHn>`l*!^C8Sg~SklxejNEUR@qEJmXv|)Zt3B zOLh=RxbvGFkccQp|I+WgTUF(?U3uDK(r-EgjD?w@B%H8``Ct{$_8QP=8_YsnyaQ+vDVwA(noZsdA%H^LfH#NiCJpSqE@E6gRit-9iTbzY=0C#IJdxFI0LPMQf zt^v}|dery1$W_T+iUcb}OGHZgS|(P88kX*x-~x7#ylsM1Wt zhIpL<{hX`kUpK$`kF~Fx-+o=k!~WyLr;2=`CyY%kicKup#GpeL1Jd{oh(lKHfXI=FFZ5|%&J;NjEABUyr`Tt`NCs+UcUGV?D`KA>A z>AUa9|Nq{%-`x4`+i%eSf8*;v@t^)6|Nk!(0VC%xfqG8~;nRfK(y;XnjF&*3@#rC5 zS*}!MnQT=zC~WC-mapV(qF&gbrL46yL0&bq`e1r}k&VC5q3v*xG|Ax{dZ+OpFV@$ulJm-SZ!j1p1$y`D@6`PmP)F zs6dC2gKeFUvT>hI%nUfPl6-mR?pys|Ymls|T2iGxuc<0EAO5A5)bC?Ke1EqkmRZK2 z_$9J16N(~LT@1Eh!j+*|`D%c0}3Lt9JMuWG=(DS+q9BHM>g zpUfzhKHqs;tID|77B2V6_J1Co%qp1^)Oe0=QSScXoN_5ajpuyva*wyqc7B>wE+?ol z4f*9Jk#f)WpMXTQ{p2`Srv2DTs)lM>Fl%^@R8{e?{6T&+QSzx&mQuJ+gkptt(Mw1vKKNKO~-V7C`%bHKHsa!Sk*Rb3jTL) zLS|!x0mz8y*Cj-~sDgmSy;b;S^3vsR9M5|~@ws~l4gN(%2Pb7-$OK-f&U4j-(8mf?tcB|%^xb!g?@<@zN>mKkI^jy58& zU8Do}UtPVkL3yr*?ZI@CBS;%Pf1uhCbWy@N_yv=m`(ujboK6bZNN(D&;amq*BTlK* zNtj3!DHa%xz~*NZuIHjZ?7Ye=3NyUQvXLH3Y*~(>3&#@&78`2-=Jfc0XS2axY3655lHJZ;=ffdRz^@q3!YHAck55DJ%ojc#){(o=dn{WTz|NnUW?+)RA-)kTU_?kLR z$EkWe>}Lq-{e2EkR}ZwlVK~0}fslaXh~R(1e*X#k{U_}ApRnJ5!hZi>hyA|9n8HSZ zc>3t-ynp!hT?aLMI>1X*gbiQD;HQ_A5)-!Dol$?9<9`(nM68mX z1kQFk9qe$2zymhb-$n8Gt$LH@hQrywbsVwok`}wL#-E07C_)?p?WV|W#;@3LIoUlT ziozvEG?b|Blx_z{5}UOH$Gt0JU|7&WHmT)!${bIaQR>EgtyVDDhE|H2K*mQ<4h&75 zShfyOM|wsY*ysRimAd@-I-UycUkTjl*#S(ex`)zAr82o0WjLI`x`9!uwwoo4m+OAJ zKQm_=xXkXsUNonCn^VB{8FLL-)P(}Gt2hb(UbihX`{|^cV?Eu z?X&&A?*&=z1+7K}#_TpD&_yu!C4+QOOj^>Z)4j7W?cK0pH`fS;Ij3#EJRwZY`E5Jd z+ujY5mJay#0eMA*ZKG9?PBh~8B{UV}Gmt0BT8E_BKHdMXya-# z?u=~5dnZr!DICJ7D$IO&w(XrKN4t2hQ>^W;GqUYHJ44^ZUAK{cm3)=Tyrs;VHyGIc zOB&2v{Y6o+t2nH9OOa<234V;M`E}Z#W-OcHH!fX6pI>Jw#@N1`_E~ec>R4ewVfjnC zUAQn&wGqCJISw)Y=Bu|s`l<2zi{N|r2Tg$lV} zY5rbu;BPknw{CvA1z4yJuwd=j-f_zqXIB`hd1medyBzOqcq0M(=Ebm2@u~;2 zX9X9NDZ?9u96FIrNOsq>LNUadc22Ss_#EBGtjYCtww`BrO^Hz?hHnPh%*LPm{OqY6 zzB_lmvlYW9rY4f#<`(qy^u#Ubo>S0bCHx$eaMzab^I|1D3rg6qB|P&>m_Kq?+?B7cjVP} z=es!3k$P!XK}S|J6u~MWx_Kr1TqxmgKy>p;cvdK3BOp3mf)OKV5uXuuCVXKryU|c9 zS@WtX($@%B=ygW7ltYDD|2CeWR_b-!dv@_4J7#ffJiO=)^5LM_Y^v>JJQQa+c}swOn2|tc|T=v#2penR@lBsqWw7cJMDg&!!d9?9**I( zRgce6`{-|F6~|KV9X*Ptj!k0w@TiT7qjqo{j|rxb+8%R2U_0EmCy=jWsnIF_=}Ck_ zViVhbxV_tcvUhrl5aHgRZ%W#|b98tJ(zK&=i3_HX+9quu9GyDU^Idejk3l>>eR_<> z;O-$y#i**ifB5(9gZ1B>$0{VZ}052kHkUim(#PoCzw1sq5t30qqA*XID32ESygRB zXH-rk(0WupAKRha_?8Zeko4BB_M ztk{%vP$(&u9K>N5)3f&8ljE~ryySn45C2(vJ930n8~-tjE^(#^Dc-E?D5c>^6FP8I zP&nRYh1-e4!f>OxoDMp4KSjr=H+;+|DZD!!;}E4FP^aB>09!z$zqTJ5jz(x*hv|z$ zN89V(_T%mSL(`(Ylar$pd1<-o_VGUE*NO1a)0M7z%$0&hmPMZ&s*y{6Q70#dX#7^7g{vRhogRHHUiCrS4zQF)m{fx^RY53Ps}J;_NRyIcw_h z>A?XJ$qLu82wf0Io-~(`ZBgfXGG_qKgC6PPf#7E|R02+HnqI{WPO|tXy;9&J@)DrwvkMUPM+-B#sIqm-Iy<0KmneWb<)+hCH_AT}MSy$5U zXIwtl=d5H5vdnk9pFv(Mn;)(u5a#N$dAV)aBC^}OZZcNU0=-0eE9fDrTN%|MR z2j-TLW~TqgXK?*k!2jdhyLaw<6Zrppy>aK>pZ*_z`hWcC|M92)$DjTmfBJv?>HqP+ z#Q&q{`k}o(7V_n={vi3J3pvOi#CeCee!;t&d>tkJ;#;z;#n-4c+eUt<(mvLS2plNZ zONd%x6+0Z~6<9$hv!E5;U1jraas9;dAdW>P&=_4ar z>Gt~!I9JESgmkh{rrx#96v}{7JN1F#5a8n%UX%G-q#Dc-mS=MmKFO6Sj+GQ=9NikBs(4X2*PIu7HC3uVANsoX2`fj_8Cq?DW^Rzb%+=gsThkHcg zVQGg)f8RSez#-a+m3WbN^H)Ss+I7V{nxVlsG-Yz%tFydw(Y~1{_5GGY6U}aG ztcx8erZGv(;FbZ4;gKex)r}rj0wh%cGXtThpAS{~I_>olib*9P0wDlYo}it<6wy9V z9wBrgnX7y=W_{rUgx#sk2KtH^Sonxt(sINT&RHM|dLRN+h^xgNTO+rK37G_DY2M4m z6~ea~Q-4qnL@V=jOkyGQQ(|oAO&Y8inwm5g%>XMDx8+TGlZzxNqSOrtjBhm-3!9}q zd-lsO|Mg$=>Sr>4fA(xm{r~L!dt=+iu|E!$cDC&BP`V6| z%-~Ti3H|1)1scPf2QxkXu35pVYcEbyjG!9v7Vn|$Q>+a)N`%oez?1TxVy_C7r|Gr<~ndD zk@Z%alfbzM-&0MezJ0hy^}nzx11ns?jg-a&-_(1RoQ5O)M4EB&IEorpDbJR;`Lgxw z=mNC))Sp%QSly{@S2ey}&F(Xg;I)TDzCL@N*G#6%)wj{xK$i5x>$#J`*owhMfEv3!@Qwgi z+;!reh)7DlSH1NHgCRl_!&JTMeGq@&YJBU~^Co=qvh||zhUt{+%U4&*-g0NJsNm(* zja6`e_n@%Fqc=&xo$b9Z?CHpeM`H;n&q;ssV6Sm~PV07}%|XA|&M)$^!CW18v^S%b z*43L_%V4V!E+V$d^{qWRo)A*x0t&l*wXQCS9(#4tI6G2ChdcZ1X-M_AYdiaN<_POJ zPoFxw+p4j6UTbiGzP!9@ifyWl<=p+?4<|$3ZO9W`VG9T^-48;SMGQch5hKO0;?Sul z=sc>>S$P9WoUxH1Rv9wyY;P|-9J)PbkI2v}AlF{-E!n{JzUOSdyFPqhxI{Ji$9 z*5&7DoH1rvprhy4jmDf=NF&*Prdlp^xF_!a`sfv%-*2CtoL=0(i2MBNrXiIufa93n3Bfwfl%Tlu8)n=`wQCyNj2y3xFX%x9Tl6?d;&6Fb=Tciw$Fbfaz+ zDLk-R{(Em7(L!$#R!@Y`2HNs~t*HHE=UU}tn_3%*Do`9EMVV*JR~-90V%B4Am_+7e zr^$;%5lHl33u4dFIM&r?ul=TDiqD$`92Dabwduuqa0Ok0If?A%s+=L=0|e5}%Rl3% zFNh(U1KbH{7gUr19+4i$xH|oZ+BnAXFjfz7lR zT;8e-z42|>Z9)D$Z&A)0H!m+wTHiL_%vuap>g8qg=G(^iMT?+H9bbQcb<;X-7EC@> zs(D;6X;q3ANVk;d@@JK59v8a$=^p8_G>sk1ETtQJTvY0eu$gJ=i6-M{J1esg-=C#9Td zHi(ivj#Y0ga-c5_ewiO~CrZ^&4t`06-!l6ng!&cD!J&;kF$?e96a~sr`Vv_NAW`8pVN!1Z@IcU zAX-BAiMm7p1a^C@9W@|i6`|oA4F+?%yt+Qkbh%@?yn+#iKfaf#=k`r~G$nKiL-y>x z8gFh2`)Yhp$s1?(bu4FekX%vsDWK?KFErwC-d245tt>%CuS z4KzA3tz{ZJQ+Gh7wGwY#d|Qk<6~WeedDMK_IzQQ;?fQqx)n!tI(x4hC#@S3ry*~&nc4_kaCv-r*2)sr`GF}i zwK3hs8(~&C_CzBmz{qYI8#<BZ?yb}P5%)FJ-&B3q|u|4$k$PskfueP{Nf z9u`3RO>}BFcnJ4s#636O6ZV#Y>J@Z>eVyC zeOT>R7uSvB%NG}?|Bw+@>t8HTN6@vNQ?*_M2bx?W@VR_WYmp$i>dy9@I@8Cex>KK1 z=Ncx(%^NGiRCQ-(PMzs+rq!L@Idxv2UYuOMwgVJZclPGgQ5w-yo&7m=44G+-?O;wF zBIkh-ZtOZmaL_!yGPigZe-^>PKj^UlMt8oPedcm7Np-jII^dw^d4sF&7Qw;v{wH;I z=AEA@+NHWX^G3*DgWbJ3w+I_CARw((XMgUQ%PvH9w+IeYG^E_IJ(hS#icy;t5=o2n zvodA`MzZ}QEiL-S=J3A7iv656>mwt*6=$oq$mV@E6xZ+CB|iQT294k;R-VY zd8lD?HiXG&&WIsvofRlcHP$t(W6JAxVO6FU;ZDs5`pOv)lk~e``mow6=Rr<-thye- z=}hKAqCl92E6(a_dG4~{m@EukscEZ*p!|F1-M4Pt_;${+qKI}uo;xsG$27ZHRZ`$K zr9Y**aRxNnz%DPkT9NLViVfqwQa;N=VzzPT2IE$H(p#d>AY6E7b3tR^ z_UEhxipVb(NvmjauVOEPNlYHzPp|w$m25!^u^|3Hot$VN`n8G^Q8YQzqh+&WIbAFf zfzPxwa^v_ejJmV&%92yaS^`KHQ-J_f&s<@)MZ|_Q(rt+yYOB*Omvhk8)T|P$m5f?{ zD?77S!@^t}x_08%ZoSzsEm~gh=8asJ3v9%sJ@7j~MsUeO1eQ;`B_9<5m1GjAp>xgN|6mOuszqsO3ZW zr#@=*WJY6}vEIz;q^x~~v~8*3XOstz6<&bGKQMyh2;mWw?W*HOk$cas)9ndu+Q5f1 z3WrT#E>L@PpaG=4_Nmc{J4ozVYtFU)iAK0N@vnl)_ujP9wF-)gSf?QZscp-&xtSiE zsmy#N2785v*!Frb$d4!O7^+F|W@g&K`|zEs!zXObM`PM-xn-Fx=O8j;KJ-T-vc)W; zH#Vnse>VM+H|4x@G~Mj1(^9mMi=UUAX%v$-Y!H&MRod)z=V2eV)k1wim3Gw#}?BSnIrTZAJXwDWx=C>7vb>6PQ>0?g7co zKxf4y&y%eMT9PEuvg*)g$^%S&#Rq@rq# zJ0pLz_?9Jh+G3_X%ZPi%g4&%Y7**e8aucOKWa>3?-v_MM%A zrLhed(_PW6c?S$FhK&zj9hSnd-D4|xK^O7FLuhNj!;Cdb486=zMvTK4UX83@(T zF%8ZiK|{oF<~K7gR{a%C$XcvbZp)@9_*u~th8`#y3G&-*Sj#aS65(8a*htWpH4uJO z4}kzfv$Y8!Gt*+AYr<3oUuqi=y9iNJWfM&PZo+ zzv(rcy-A+pD6_Oie)1#TuwqB%!$G>4O|HP^|5KkV4u`D(e0MMdI;;UCC?>rLbH;3~ zyKP{w#3CRD5JVZOVYmCQiKUR6w-!VR0cXs+jgxEiTv})coK2I;8;iULQv|3 z)~Bp;gb(h~lHXfMst6s1i-0&4bAhGx2JBL{fkf$L9hTUGXJ^nQ&RdGAQRxisCylG? z#_Cv4@KZduK!vcz*UOi`t4z`qNbqm3Yde zf38GjFo|y$y{i1~EJ+bs%0Xs@J=#}Hd3Ljz8>PHpvqg7AdG4|RuX!K*G3U^j#M#x^ z)PTB}G$$wKIdA*_Qypho!pHawe!KXcXSu2RwWPKtVUn~tBSDlk zW?ROcN|gl86|G3}%oz+2^zsLLh}cZk=GzZ;r==m15^YKr5=Wg%HZNO8$w1gy{qm-f z{8h3h2y-&#C=l}U1&Hr=oIseb+{6C-b|9sB>^Ev;|=lnkp z&i`W~V@VwO_|FfJ7n1py0 zQ<$x8Q}KFhj`JKrs?$My@54#by<-v{s#A>$9534sBm)5F+Yr>4jLRq^D`LLf19}Uc z)5gtnryIGw@gZW7$G25`bU8_p67SsU^hnk>XGY|{gfYmszBS)-g5^z7do5%+1%~xh z+&i1M1X_NQ6UR*(v`8aErBzG{+1~VZ_M?&Z2uZYM1 zUT~rVM5hB$#zcW1#mEiPi9$}}Aa?4+F1G37l{*{s1MeCWRFZFtdV#IbL>7 z*y_14e5vU`jNNxsq5Iw?dZN!4|A=WBm)?RdVcU7l^4{GI^3N1H(*L$3Tk(eJlB?-X%ZsGV zPP&hX+e~|}{I7$fnfoU5o3VAXcPCk%WjAP{)yMtN>UrbNZSnGFbo|(8dJhkk{0n%K z>+$c5ZXl(a&JMy>XiSZvs4Kgt1*RL{PR8BvE-31VO-vprVFihIm`lg~CrMmW@;`#~ zp5L!UP-lE%(b(ht{Q~*l-tO+fF64jP`}MuY+mCntYrDR)v;R5&_aE}-(Vv{HwjXT8 zx1~qUt2Xj(_p{?>v9( zeATB{-}Hk?&GlSQE#I_b7Jz*lcXp~OhfA7WI#3bN!N046{ zagt<~8r^GAn~|YWKjTVPD9X*)g3*}M--+5Y7P*#)0>y>a2xc*d8$;^5QJ;l;%0Pul zb$fa&o^yjRpk4;-0c7N2vhq9*=lJRs$Dyj8A6>k9esp~E>bh}Vy}W8%AKjcHf<5!@ zR5pxeRrt1XebG3}tA`PL!FxXn10Jq{Lg)Cn;=I6LXD6JX7e8dRTC|C+L6>SPE1$N< z0ID+n!8;T3SG^z#zO@-q(gR$8MbtniL1dN?8mdHrRQub2?hi>|C0lVwFRRXF;GABc zzHts}`?7n-$4^%~u*XJQIR}LPW+^Wu8#Gqzr6=pfIlFfD4`}RToIDnT-ua4aL&h!I zF9I1zHX|`B>Q06u`Vx7P&J%(TZt5Km7MUE~h(o?(mpM%z^7L`iGPJ~2PQ;9e43^Xfd?v!iAMFIGUwXqt>fe^=JYA{Lk9v)}Q~p zz%m^jLw0s^d3lDAcrQ5q@#$IPx^;DWOlx*Gcv>PdZj6xOt80W}R-LELy%#f*$1+iY z_3Gcw>Z51VC0&nI={SudMQr#UdC%%12O>!$GM!=Pgd<~3;G9CL zJg;it-Nj*ikQoVK0ITZEb@4kLbm(=KSRTh2^#wlry~mH`-!He9sNPwwH#$e*RPjML z8b2+lkZPQ#{}UZvr}~|<^Yvfq3hwuR{>feluGgFdZ=K^*^`h}*x=aDh9AFCL-mbt< zZ%_TZKX0SsPPkj!dB2|px;Pvl5AodUlOT-u(xv`8lra2s$7f65$M5&BO!&99Gr41s zm#1C*bN-M~e)Ie)JLCzGMd92LPsY}G6Rg(rm&Qq?;PYszj-LxFb ztp(cb>C~s#8@Ulgi`FN(oSz0^@`^CSByOGIT`3opb?*DXQnYGmBqDQr) zLI5}QU;oO^&@d!pOEC}Go+TR$r=}i+^hX7>P%XShMre>fq6VU~SwR}%&LoP6>LZe! zs8pg?Rd59nL32@6|J?6HA*gZZJ3mHn7aBxOFjE?n|0#{idG`{M5letqv_)pmI2?$< z#kXMGxq)PIR-Np1^~h;@V@Wg9wNnE#o1_!W*xVVkTO;fsQ;>YaJ>nGyGl49A zAQb%^mJVe&JGWFvz?`eec&rqALvDvt(Qsl~W-^84eT6D+e)qSfTV4=(j3wAZ8Dgsf0FW;C%1Ih6uhOT3*ebHjVj#uA}Q(4Wakq zx`@4LZoY7qQ;P0Fm#BncS%(7$`?-vkLg0_Sja`ey6u>R5OM;bcKIW1y1pI||67xE6ThuVL{*Ae1y>Y(!wJRtP26|C}}4&ZXtUW#RD-QtE4|ewk4)R;*SPwJkpQc zVJy4QHLVzf7gj>2M{!?soTdUmxTmO$P($YPSi!9tX?wTsdzhHyiAMmXZ1aNb@?s*z z7|{&`O?uYKc*9z$aGTZcwmoZW32xTTP6*6zy}?LR6n$E9XZvZAeQz8e);1k) z&|7!DcDB0S`>kLy7-YcfP*Vy6Gq8nVZuZT>_@W33nLXE8wuYV?u!DUp;*hcAqEEml z2vY(n;J=fzv$*yESf8@SV1>{^ zaz_?Yk9xT8(?fms{KVOLTl-?xz;edm4gO=MF9a(nS4~ID@BR18ZxKoQ0dhzDz9ek= z>f-cGnt%GqT9*{xu=&>cVY~ig4OQv)PVI;7>X+7Iou2pU+2$#720V*{`Q)oO2grZo zYq9zZ-HgrS%cEz_tD~EjtIl8k!b!=UoHOu~%^9WkX2x{Q9?fBwGQ3On*d~{y5rzC` z9X>UqgxoMSKx_t~)yWL@gj<~}GTF6|zu1o{i&iFsbn~$?Hx)^v(kBpygnj05;sP-3 z2w|EkuB6!#z^!^#n@`BhlnI#;D^pkLN;d}zIG7f1LYi#$kVy*HYDy?QrxOm4{BfsN znu2=;K9j(-QbgM2k(+tMV=nE;bm{5Q!JZJMY9~O~B*JVxC0b0yWN>oJJ5b<6{a9^r zLQEpMx*-gEX>X~PN*13?kp_y$j4f&(&8yaJyljE*yu#@91~a7@E8cM&-Kz|zU?iqy z5wa=r&>dJU5MfUHcRw(tYR+lTskWo>fH#u(E6KA7K-4OUJI`u?%?)MdYN)2EQcBdL zj|H>Kv~{%~c6NXK)%>b${+ilI-f6rQ6E&1RImN}`1m)cI*N#BtAdTF@_SwAr}X70*HsUqZL1Z&u+qUH#O^MhDyVJ+ z;?Tpvd!BuZ<)mMmi@<7TY9AjtuRS@Kkp~SCOkGs-`8V#=y64`SNweW#!4{`+*<8H5 zJOw`wROa6B`B3@DdFJ&AR-lGKTJi6jEp;Qc2zlr;&IHIhd$PjAWTWi-TLlMpwx2k^ z;qrzp1|XuQyAWVn`?osPzgZ=mYG|HH$(f`%fx3D66RQKOFHIRDA`D1q^+~`Ql&w={ zTqLb^Q{Zf?vh~lkEgIq0KezEuO#gylOw?mfoDq$>^xOJRnbXC@mo=2t%n{2Q<(q@O zKW?CA-ySmJ)vZY!!CCGQf30SljD|SP)-GkX=#kS1x^n;}K~woiHXn1%<^0-e3Ww@Y z9ImG)op-}7Oe!qU|Fxq#PAy?_HZy4CQ%%U)oj*+S6??3tXUhe*4VSjA-|KminAI3L zR*(q$x^NqSjB>s}C+_+`?Ct-UWr*jCR6b7FK3m-WA0e_a${=MLK>y^bU1@2eTXz(P z-TV0>l{~7!S%kZqsl1$4>t=LvnQsM*=-j(WPrPqQc9sEiRUcMQ1bB%)xEMZF(Vg1P zLLFWgovR`qS+~CcS3Tp5rW*r9ywks{{a`}R-N@||@*dp(KGP7DdwD^*-Cx^Nnugh= z%;DT|JepdbL-5@W=g_;?PNC`~;*P2$0&ExzDo$LOKF)`sRV>0Rib#Cnoluqs(@bhc z!<7;`e8kc%vUsxz-v=+?!`9k_niYhafLW>IlevgT!Rra$+W3v}x zz}9Lt&Yrhgv`K8!({QSqe^+0AN`x^+Mp{kL-m9wro!S@GQF!M?qt5EGoItJ)Xqt4H zmeR@}H3FkLFeCb5yZZRYsTZ}P6S)9rEOEYx z5?(YVPzE@H{A}bCt`?PmaxBsaPH*$i=*>Xyu0|eaSeZ?v_%?K zs)%8m)_2kAi##RrK|b@Aa;HdBf(*HEjzKUADLiJE4bN7z_57e4J9iM;C}*AOfX(|= zU=1NUkr|kp@&+DDo2Vnz3F`r3C4UK0LnfRs3gg&s<8y-ZH9W58o26RH;+%1;uc^jr?s{TrnWG7vRd-E% zO6&$wvciS?wal-U>n|hbTdwkKS)lfp=_=*W%*jxpn(LTHBeCUv3gv00i+e4DTW$iD zylT0M89^1lOG$Plg$|0Em?UkJHBvxg^*?XnCA2) zdH})BQ%9~#{G7RbvUO)CX%=s@y1Vo1<|_T|tp2)L9eRV_?oK-%`Xjux9-Y;4UY8k` ztr|#kLApJvuRf$+*lp5N(&`00Wg0%%L-m6_)9k@s+Zv@j*$qGED!NX>p z7QZZqO|4c8PoE|{6xFfxCF!QxE_9JvZmMa1bji9lBl^%)O8Zhh3?XKispTs#Yx=6k z%beCjI<HETW{aKt#9?$sc^>~ zQPI1Bc5QvLb~i}5wQl|M&DPdBey^@&T3!9A#MlY&sXb$5G^rLU|9o4kRMvkoy`^B? z^lQIeVgy#B*)_78&U|}72gPio>8G&B65W-~j*&Ow>9Jjb_Rg*Ta#a1tcJ<2^9J8Np zxt&3)^S<@A{*>DK>Z``(b1J;3dnKP?$ocQg`<7V@C$y6^{5aJ>8(uPK+;Jj4=1dwkbZGnoUt8y?KbIV7< zJ9E?p7`!>&d+|Io_1U}?MiSl!KOWa+xLqcLEQUXf_4TdCronffSc1ALC#05jGMI=J zu%l!tD5U~*)Mj{huC5h+6SzQhmXHk=Xo_O>adLVMvm0LeILs`NWoAv~WGz*A7cYiy z6fAvtWouKOrPg5NP2ms#71c9zz*GMOL(q~@YYgfY4FX5>bI|wV`0pISqZ;3S^3X`d z@t=0<2iw~m|LI`oVE=Lb@qcaC>yP(7$AABW;y)$fpVam{RrAZ$&W{xp@`mMwaFRrf zAR=-2rSheGiZD&p`gXOxSF7)rG=2>w=F%8}WFTaHQ?Fm|I~zlPyfqp7gDq(z*1%Vb zkx4~@yxh5v(u%Kf`do zfqz^^yr(_q4ZRHFFdF-lA(y#IqBYU9AnI-3JG3}(EUri_C`4Pog&$4@hz>E!N3=H3 z{9j?YLx9fBR}9XlI9m#aFw)M^>sP*Yvc9cc4}W+t9F zP~|xCRk~q`z>IO|&q?GWjans|zqmzIc(fG>HidsZo*YNei*GAdoGQ)+tJbul!U7@s zl1E@fZTN}cTaU0J;pjsZ&|fVT_k4G&@}Qa7_<)4oBnqfo<3SOJ+$%hWC3sbS^#4N> z=81#mPsPhuVet_vE7@Z8DZX_jO`D2c4fvzRTx(Vl2ZA2Mkdw9nnoFHgz@CAMHTANQ zA1z)5fUh{OPj6l#D7OmQ&auG}toz&3i<62K7oHkZ@!cy)Ecl#A=iFry0X`@EJAx|B zi~i0r%P%f3PA{HcQ$HLwz2@WxfT!l(a9s9FYUR~=POx_lAYU=j+I5g}JF;GBv#I&m~M<}7`($Xsnl!YGYGaUbGrBX0>x?Wl@ojz|qU3FGhSJndI z_YhO#4c zqS7b+p&R<3&i}3Zs{XcGO1VCuKw?CMC(cR!6n|;I&Ezc?S31`#1Pdo%YRBOKaSM6< zh5w@-5E@*@BEEmDV&pLV5u0{D;rM_&t4yfBn3iq$9&`u>e*PT~d-$FP-Wln)$5;He zGs4?jx~$BHm*jWVU!G6XRbzSpF3a@z3g-4BM&pXsqw$m8>{TIO;qt zb>lJpMJy$eHvGi@24PElj$0MQ(n=&Wr!KU{Jaj2~;Yn)5^T=0~S_ zef<2CZiAEN4gQ7DER3d#s!~n-mXsiu*WVYEt&Wo-cEzINT~qv2%9Tz9ZPn=*AkK!6 zJ!YhI5Y=F7y5tUsHTrKi>Z-!P1G;anp+{uu>>;!aV<;~*fKuslqzIL2$0#6Fj@53t zMB_Co8mXQ3d5*_OA)5dP@E_BQwNkb3ytux6h4gf52DCFk#8{k5QTd@m2d3djc?Csz z~8#EIchvQZRrTq3n! z>}_HPqf}n>DqP`cz=lFh&eL1QpC5oHt5qE!#uU>pkP^fyS!(1)CRMSFyp%C8+<>TN z3}Z8cTO5O<9D|M=L1>Oa7LMRON6?C6Fi(ll2k}aTX~k>zky8yk_z+s*9qU@3SM8MP zTJU>gD?naY z;}p7;u;R|z-%P1tnepP&wVj#0tjIbr3ZTAE9{y*bDXgRqmD$*B!UMJlA!m=PW!;<(3@Yz8 z%PZ6SA)&o!N9t-j%vR{=qPgKk4GE;r5A5D7nn+H>nyk*M6;zGA=&Bq+Y{DtNfv6&H zsCj)Qx0R@9Hqu7WT}I_KtDSMuj$n;=48e&KIJg633cpW+R!G%L%^Xw`Ybz7j*^jd= z)sSlrDFlcd6ykL48#DyZI;zIhT`Fc?HNXmFW-iuUYv1TpOx|!bzCT2hiV=#FxLa#f zQ@cBW%rUO-aq7Dc1avwq-~@?w z5vjvfiM2FvItZ{EE0!k=t9|4Q3MVn+y;vslGQ1L;8HHC;28lt#`f)(D;Bq5q3G&Jy^ejB@(iJlNYKyg6#|sGrt%ceQ;e5y94n zogH)P+4Z2D=jg4mrCzm_Nec-cTG8E8+h*N*z5ZuJlb_5lI!UU}a)LOC07*wJ{gVU*p?a(4Uiy=) z2;QZTa)QXXpNs-CL1GpfV_+#w!CxNAPoYWsddkC-xn1y1OVese7JxMkZC!-#(PII; zp*4axytnPIRLiHmsVg+$1n8;;-tDT$^%~=IjyKvw2r8fxPWG)EP9Xk?>4LqLFsCS^ zc(n9}X<$t+Ug{9!&`#!{TYD%gb?BU?#-5^WvIjnUe3CV%*IPds|8oJJpHj8-aoR3r z+;y-`oZgTMshmYvFcyuwop*>{;EEL7A9K!%o-Rp+{DJY;SA+Yhw6dYU%Sx5gkv@LK z>r2qhB)r92G^(DV< zMo}>h!OUoE$e{k>>~3$D`J~mP8NEsJM1%?7CI7xTzdAX+u5Qtb-=Jq-yFR)&xje6~ zt*L^{YeXJhG=F>IL_^GBbxo>obyv;rRU3(FUZ1M16GtO0AvT>1&fYAddk8Z@<)B^* z(U$B2R;*gJ`z%{w&p2qN8mZdcX?jQPKb)==denYoAR=XVk_Gk$L|}S~H>wV6y2i_^ z>Z>{JKcWaoa8LITrvQ3h>U(eB^q zPxWsR(`Guzk(`pp+uMMxRJm$ix&8g59DU}aq~8EN2q-{;oB#qH&vY{xaA3Om-?~+M z@U42`OdS*F)GE(z_iO1ER;B!J>Hp3<~IMiPVTde2+VTI>J2@(~ykpr&eHn1w; zYi;25kXYf?5BMH)gN_eCQJ3RzBrbQ7l&Y5QlZa;P?9{esx#+K|eLAIr9;_U2I;I*+ zPtn_cPsgdV?`T^04Ru9MALuosNSt@7)6|CW%e=ye38iXC)f;`G10_a&*Y8XQ;Us3$ zB^i}ri(oz!Mx1|u4|o#R23mwM6R*hArX3`^6V}1IPULpHL`qY0H1T1Fc27<$>*@#L zopa~jBT=U}!iM2rq?{!bqghon8-vKW^PGNIE2Z4HWfAzeZPCdPlia6UjI*oBi<-QF ztW&+o_&ui@O>~d8*AG)vf{Y=utM<|7*|cXAPa}fyknH@l*W*8>0hJcEi$&b!RYQ(PC~8 z0kYt0^6y&LqA`GAKSlyuU>iBpJWYL2)@6@!`r2?cdrND)O6etew(_Gh(z+L6Ju#eCIj zytTfy{#N~2U*GDlDxy-|6+fq!Uw>mLTS;xLZki^xzNV_JuL^iFJ(tJ1ZTF?L@j`d8cH!N%zS* zriG5@oadf4bb_=Yu=he%J=+dO8AnCo$WF6Z)1ooD{Eeih1!$?Qt+h&WZKu9PL;j-r zy}{)Sq5Z&f17||NZ;{T?^v=o{(N^aX>mpv%vQJop@DGH3NYUrg87yVR(o)Y$n_hB% z>;hLxuoW%i$Ut!lNh!&z5^S0Q04?dhKtKaogX9s_UJT8)!#g9YE-?(_{H7>6@w?0~ z$q*hTl0a^PE%0KINpZMKw+*`i4F2vm9B{H0#Pmi5`g-RE=s?Q=S=1*M2FlvZZnPp9 zpYR2z2Xv9U*8)c`j`7Hv;xxwD2=0JS=XG)Up4j@+CEjH1G7K)+jX z1dE+L-An=>7erD;BF;1rselpjYEpVnwQ{O`Hgn1XJ`3_}DW4v&u!M%VR9y;jSb@ODOc5siImi< zmDDR)6Xp~^?=r^_!w`jmbo zcWM@pu3(;eT%12TR)*DSRW|o8I+ZqZ%EtFhVKMiss?+Ad5*!CnS+Ig^sHjbbQj}30 zVLEAtFWI(=oDz6S%UWF^F<1SC&7OE6JM53S|#u2~0H)!@74%DV|h_6rs%?IcFiV zRU1nzq++Ul)zn&ELs2>R@lL$p33+ zXMg{{>f4X&dj~s@x9hwAwO!xd+uQ!^|Mf@w`A%6iV*g83>rbgvb-trR1al8#?a#Lm zjD_EWz6q*rx;P|R3f*8LX=0qOZ1o++woHsQ5_LFxMzDmF`hD#OU8I4O%SAz>kWyX0 ztJScIWab!v>3)+I+FlO{ⓈR4<2Ke>o0ID17#jc0F6L$zZ@jdMMR%BkFS6`f*1-- z(br>sd<)(BLvc&;*^nQY#r3IQhi;^MG!%v12@k&JTn4zl`fTv8D0^;}Z{&e{52F~S z{v^vx$q{3iVW{&AD#J|)8b*!qOP1=fCo;^2`nO_KC4yc;ot@}@G*)6JE-wMvT_p}w z0xBPOt8^REqK?Nj-kQn<&u${=al@X2mLTv3dfbx5MujQEmb6rX7V#{e|K4le@v^tv zF7|4p?DQsqj#&>ED)G?*@y^1pF@$4@bu8S$eQ-p^4nn+0R2#A@(h?^~WKf~iXHyGU z`-ShIHlwXRX3!KWBc|1M$DqB%eLXd98j2UZC*FevcwM9-31aOwMqRDa=p>B_yrzc? zK^rFoJ9y3qq`;nd3@`f(~{C9gVCS3?}_L5yVIo0*njVWzWD%`Z8jA41GuMn zo%ggrgD_Mn*7eZZ7+IuObb~suPUB-|<7m>yIXHmD(c^OJbY}mQj@1#BbAc9*7G>FGvn%63ULgD90w@Y`qWwB7L z24QvVwqx^557ii|*DuT~nH;tEo*;kEu4#{t@Ivmmjl?_snoo6MTMELfFcsu%Kyhl< z4}Q;GKfXSDE(XFQaS`|+s;$O3V4aR?a+<7RklWOX_SP+$q!jeO^#7>U}OilCp^LHBIyIAl{dc#KHV6XwhY(h2!7wj~x^2i>4`6V^P z*fEw$$Yr+2i)!B-AW#fm$vwE_?%U3UQ^0Njw>qKqn$Dxl7kH zWby2e97eH#{oh&g_L7dpz`L(FO&?|#e-C4?7sv33wo!b=c`*S}jGS)+chVCDF5jU< zi^mEOpU?>D$6WM66F%beZSX;F41_?3-jC=aB}hYW`go+boar5Ov3*eAuhS3e*xrdU zHs?4D;OL6$l9=BlE-KT2j3C6ul8HsQg<~E3AO)eI5@7P-DAOJ7rY&0~Fh)btG;D?1 z=PdMX4>%+{C?F0^QW$DPW#%F#a^l4*P&9IPnRW5lWxRzD02}4$?=lKP39a~cGA61i z(4}HrNUd=Wk>z%Ig=ZIIHddG8qOxInh`slBj z?lmk2ZM!DFR@L(Bu!=#oSu#f?9eThFns18&M(L2rOP?r@CVKOtKF@x}1oJ-IQ!EwD zZ|Z}YA!g77QIrt99S#0K)W}h{j-$6e2|!*m^-XW+5XLb3=j@otDT`~#l5FtJRYs(4 zYP~Plc{l9DTeX~-Q?+yVgFl=M9l|110oRVh^cwq^+{uC7-G?20`+n?6S630y++!1+ zL907h{C>xyj5=G4rZ~QG>duLk!#cMgHnFmVq6E_yIRHNL{zwH1nZU8i_Fcn2^ORL zlAUEFLlYHlyX}p~9Ag@o2P7Pg0*GCz$NqSt%vh#aGJs7txio}`W3o(7V!QTb?I5q> zsR%Ms+lBRON~}fDA$+mXtLi}LAV<6cs)HaN6fE$uR>ILbUN??T&Kro&(Y!f2JF7Sl zuvOGf$u)Bp_H{#4Io*^RAi)N)>wVD`^G$d3KJ>dWPS(Bi$nO!kye`MVOi5u^2Z&iE zxph&A<~sH`P>BTd4>}fU%R`W5d+D%Bjm}8Hg7axKH>ANHMiRnTE_2w~1}ti1FC%fH z^E{aJ6@5z$HNLxYI{xUEgF*P?Eq#4r#k@gh@{Z{>MNAwqQy}})>UEu`Pn~TQSv-B= zK%hGrZQx{%CUoitz8t7Kmo_aT#K3sEry#XOyR{`hiI~SxkXSi-LDf5l`8yRK+Kex0 z_}j*t*6GFRjp?C6D-5(m9Fh6f^CN_r6BH`Mwdh6wp_72))+eQ9P|%V*19{S>v)iA* zK$MPc;6cB^fzjkRE{tfLV?tr~>3!Or+9x^ST4)3sT`=L$mBg`34~V5ALd{$>&RWN3 zh$DkRgN0Noi8lC!7+!Jc9FmmluYWuw&&;5!&7~B(TZpYSZ0?+n#2!j;TxOQ*0oW1M<{o0?;2X457RsiN3YZ* z-Hnmr-V)qNq^M*m#PYV%U zZe4$nS1X6|pIHMY`T(|;7K^kjv50Vzi*#5ddQLNmnhaBNT_zzFYpEJ=qycNyf1Y>~ zPa9#z2$briI?=c`LHm=ypjh>>#4h!?GnH!7Y=04~p*1E;`6fX8%h;mB35#nH*4Iy+ zeGaqT562Q5j!$)xtW}FeR0JYlLY9e4isRkEqLf~~^SqH-7kxp48xF?hG~jF(08ST@ zQZZgKGzlwE32QVxk9Lt}N8_mS=jx_GZ8X!`Rw5$;siMqj6qhN=3?0Mn`OTFaE^3!u zL4r^zE`}bU!HSR8yP`qrVId|G*8_Mx9#1;&cw;uMy>jXf6P8H! z1T>UbOwjn%)jJj|1%V2OMYB86-qBQh4)Rg5VJ22OVLu?WXy`OW z8pm7eFyz&rmN~J|eKIiX$^aTmj9&u^;*N!_W*M4fewGU|i9aXUsg@8BUEGU9TfV|+ zy>J4ngCWn=X31Ee$05ad3~A!G;PMjmZUk+bv(GD(60>0p-UoLm5k8o(if=8&uhijF z0HtS|i2I^6O-CmzS#s7{pgx3QBPwonJ?qI3Y^jT1z#$xfJW@arTdch1Lq-U$$21gu z3&Oyw{6dqqJCoQB%B~U`azefK=QiX3Dxi_IzVUs$HSt45myC#WhHi)0$LG(QCuQXv z&mpgUo}LVXaX556j%W%YiXr~Ble2LN{0d*ByhLdlN=0FScZ(&wfj$OWl4#%9EboaG z^$D9=41D93mX9M3vgpg)a4BBsacL$+WhfosVfb2iTWAdYwSXDNS((733`P(VqX4}r zylqX~+?M*liuIgfO~BJ2<5Jn2nip={vv5-8YK5v3)Ufh~4{{}q8)fV0tIJN2KuY%T z(q&5oLdrpSH}JZ^wo*bO-6+I1xKAy&JXS>o1BWVJ~3eLc7ervBI;%hAYmAirf|UdO0v@ z1ph?332XxW3C+XDS&j@-b~RCW3BK!9Mpv$F!CvJF*iNVgif;+h%g`Hi;?9 zG|{xE#gZ8a1;cBFyUGX=4B{jpyTT_nI|vkUE&CxU zXkGUMZ~Csq=I*rpfJ$t5v|$}YkP7bEkCS#zs`0wpE1N+pd?9!N6N0imEGgGWCb!Oe z-^F!S?Z#S8kSTA3PaUHAePJ;ag*bvFhPw*L<7 zr`!+)S|eSk17DqiXo2#m16>X=jYeYynL>KtXHcF0ag3nhbo=-^~97R$%Vi- zIMTDRcd)_|#!$j^aDH^GDEipBB`Uu6py|72BUI`fmQB7ixQf`4k%{#$tSFGNt~k@%-|-VbPhOhj2qc!3fJ4C7{?) z_U?(v1Pi9^RW-D^lIdZAJG8!X|0PC0R+X;TSK;jmNweFMq9F*{L>vfYgitUwn+sEz zLChX)#+?y_64t3JiOKjW(F#j@w-_MRjl5w6RuThBqhECt3uz$$eYr4fr3Wbmn7Pt; zXhZl}#9IjO0^2m@Fe80S(S$oiTxf;@gTwj__PQp#sm(J_cvonN#ziymge%Cm0uC7lJVExjm*S6{9S>veLP}i!n;Cu+$?wJdg zoI$X(VZk1tV^uAhgyLk)lN*e+^OgwZ{B zxM8w*&z{S9NtCM@bO#nYkuwluNR-tOCo?{DYPFga zps(gP(awZ>BDLMRz9Y0o?0CM?d3b8Zgf};~g^jY;w&K*)OSD$zJOP1`hr_iil`umN z&0)dTKR`>kY?x27(!xVZT={mw+dz+*iI%kjsCDr4b0|5kz&51!w(c`YmU0a{up906o* z(&!yXm_!XQqcyip3q>@tS^|RKh`1xH!e3O8>esqVaVy$TER3exNe)81r3{19w#?aE z@l+WGUyFUGKp8O#kJ6N>{=$o1l#{ex*sULIXP>_TolYxIBWl3vep41=3tg<@^(wf1#l&#P86DSL4q1n&hcRrd zq7e~Wu`-^62G^*Cm>I32EtMfC`GgVi2fj~j2FgfqK4)(Gz5V}m5|lsE|8IMH?*RUP z2lUVO!S4PZ^1tox?0@$E`y>ARNn1{?5)H7sqmEr|_)ao5zIt|Ydfj}Ahy+l2j0WD@ zm}Ouk>r<)3;jSm`!_o@8Wt=}FGmf*dwxJ4@%ZS>rwsC&+ZKLdL1>qpga0k7zMoQCs`XNdy}l0}>P5m>ZN*zZQ?oZmM19ZOMA9_GNa!lQ3Iw>x;s;mA7rX)k=Sl?QXOipCnACAz!Zw;gh1966F+b6) zo7UX#Z~%}EBJw#GmPm^cg8%}5Nqwn`=FT*kP*+>e7)d!hF)Lf3N$m9|1El(cg^*4% zh-7>^(clx~c%;0KJrNf`5$HxpbBSO#)IcVEAcj9LeV{TAk_3}8*0RUD5pke)i5pGj zzlRCBCDqhcohp^){4L^qjiFYFjI9-X!nU&ExT4Y%s4x}tK(6BK*Qt;jyc^J(H;E--b$1SZJ;;OcEz(NQ&Cp= zIIamWTS@ptp@&sT4lhGPlA43+YVumeZx??^TO-Oo4=7dP;{(x~CKdECQJ~I-rDiNV z2|ha9De6wt&WZ_MJeD1E$9j0Y9+#3Pmc_ctE(C)Z5ZMuQ2_i1xUG01o;-7E2olb2M z_#L81YVGK2Y9N*B2;mDe0qZY96G;gMp7+k%pVqcjo}u*w?)*SBEjVtgPTj<^S9xUQ zf#VleZ=GLJUuAFT&~(1~>Min1tJG&2nf@T1{D>dwB>#xKpD(VD&Yd5KbZP!rDqT+k z{jTZY9ShP762{I}icoMVgMy24QXR74#)tzdiL6t#0Z#xoZLXu7boozHelv8jD4+J_ zr_^9MN`EMMSozPT{N^fzQ4n1}ztTwqfrV9YJv+j!@O^ZK7#Sp!t;r;~<;)~>pc&~9 z1rbbDm%Z_ZqmUIix*WigMR-ynyR0?Q-m0`kl(v<80h}F_E-Tmt0F8vi79U zg3zyE1L-Q)p>O)Zq!vbf0#*Qt0V)+NU0~`x!_<2PQv$sjjxw2&@>-C1n(45{vf&(C z%Zk~>Tbg+(8<+(3OLc$9!9XN>gVe6*9fzb#!_^Qb8*L87W{!`F*&|sZPi)$uC%JRC z+HO<}9s8mEFQ*?W!v}g-qxNI|auwD}YEPf8{agL2>VT1I3eK-36^cLp^@o4HeY^GJ z=Gw38YyTE#t8#0Z)7G7^XEiKgv#>jnkp;7RyWSMiB~azc2AP*%ubHfl|b)b5I-ZA?}GU z+D^V9skaNsJ`1;G&)F0|j!mV}Lu=HG>RtsiOYSDnU~Gt~t|FF2^9a}=MY1Dl@U>v~ zsdGEBvTnV+(x{OWhQ?0yT-k3b3w)Jvs^95giJn%^6U_INUZ#>KrMl_5@$H*oJnj-o zNP=4?Spkx*K}l6m$O_lm7(3OIl$3FNIOi8?BvunVB3=k0<89W zw9qH?A1^;h|K3>9%GGlOmYDQ1^$LlK3TW-O`thq;h7znu$`&<|0xszUdw@Slv@uoD`e-FfR> zK>`xm(7MoARNX}*4*U*$l@^C68@8N$uMBKdbUY%7ZaLNzL46+vlU#4(wGNNyadZWw zTh?i_i6^{s*-2HKEXWn1(P3OG%M1|diQp1?wu|G_MzclS-W4%?UJhZ%039=mA*^9e zJi+Jrd4=t02)}O7y)godbf?b_T)Bz%zc1IMOR=4xqC&?Fpk{H2+t6{2)qxhYJ-#Du z#@S#_lPP?D(Yd{Kd=DzkhpnesOvA-`CBXSKqyU^Zh^EcBkw0`nUeS z-VKI9IQlsvZ2SK1!~HMnfI$5c!YUs6aHBL5Gm6+bxolR&X3z>o%(qrIg3087-LDyI zfr6n%h=}>;5C1&;ar4mGa<ExX)TnM3_`YNC(SO&ZWOO-Ioa z{4b$oT=8iJl>F575Y4%38{n+#s5mt}WA!XKE?s4)>e_Xb)w$dRv7E-*m4upk#0gVW zN0szRzL#WgvCu-$#`*-S2{|K4t})Ykiq=1v&I4=By(r=#E(LicObr6EJy*RSda~@~z~| za3H^9VCZ)V##2D zARb`Y2uoME6$vHgbM9ES+EFHB9ICojvaX(k)(jI+g; zf)2Mn@DWO)r}7kv1%)SEfU{wvtufGyP%a$1ITYu5G}0OHHjCxjXu!u1a3EfO>}%46 z{X#71ir96Z8R;{vC+iGJ8cPo1PzSJ9QU9dpC#n_9nd^XF>2_mXO66?(>Cquk?&})Q@bdReUY18T zmPfNXBz_^9l$*~!<^Qa0zO99a8YRSAk7}DK1mQ4RcxzfNaoa!(dV3QPuwRyv{59%2 zhoz&D%5n}!zAI?9(S80UvCwpuo{dIthnf^f&&8ZEHF)a)SebU1T&l9|yKt z)fb7Mo~R7~mBjg4h0!-D;Is-^wXv!N)jHW_?P?IN5)QoebaDbYevi19DQYZ*1g4R; z3(rqI*JIuW#L_#?6G_N57f*2tTwe&1iN4)WgN*-P#TM&J)W89eYgW|ON7@J6N+y9w zC~+vL2;(v|HxJ||g>nwp)jc6df2>pn3{P0?CyvHVn$Td~OCqDSCFR_Pw){Gf1>hN5 zrN#KuByyH8lwSAgl<3X~(KZM&%WrD{N0y+a1iDXE;sI)+Hd$Tb3aY;DR9GOCy=}4= z%Y3Atx?ZLxq+cXcs?b^6s#Mk`>FSKRq*JbZqI+%be7F_?EKZC)q;OT8tA+*+&<2V) z*FNOBd`ZdKx5q`_gDi*2@%gDYSXP&^97w?#rYnmii@LQ~DD7+#_kfE?@| zY=ZfIxSpcgR%xx*)Km^D=9aCjPBSR!qo3b`Be1wud0WqIBh$$LEp+HZOvBfEF!l!P zF`>jnItw)++wT(Q5oy+QVdo$Zk<9TDcIpuaO{6Q`lp>I#ouC(@0$>m`zdF+6@v-x` zwk@PA2YZlOLf4qI8!XXKT_{LRw=@0zmfs8i2to-F4un2|ROnFGG6TzLG3VQD_FHGF zrQ1VmW_6jFTp~p?$h3}g!nN*@9)Z=~Lb!>K*<0tZupxv9f2+SH&1T-yQ>m2D=+nZ< zKU~1FBxVvmhi+}_W1Xf+{~*5b+jX|c_zBOu@_LV7%Qd$YKKm$aCOOY4N)EFO7W)*8 zG!qw}fRol&pOO+Kn6&alv(`_TtA3&w>S;MenjL=tlf9GBYpb`TRrVg% zB>-Y!vO?N1gYI8}y1P%HMl6Or^j4h1)`G8R~9ko1m?J{Z+Fn#L}!KEX~{6fFFNa zj805IsQwg#T0`fxZsyw#e}i=>!K78fP?@rsHkMna;i)D~a}N`L>LwX{qCT)Q{CU*1Lhb?m>CJ!|0vsw^wC|{foYjEzVocG zm?C+mLQ=oUiZ*6AeVt>IorT#`%2^sMErgdo6=Etm3!x@X&W0;PZGDGU<<^DbTDp$e z#)4&NI2OU0INE*(>VDWmX`yi9psg*N{Ip3x>_u`3nTC`zKXdkK7#!frZeMMt zs{@z_v|2g&%#^IYDrsO~w>PCRptiDjcR*lb+A3;uU#_#n($Y#wP)Wsg4#GRrNFsZK z)Dku}W6vzLwrSi+rYiS+%&wKD5o^k^o<$K-*YFGf9wr9M%qxUtfn zv9pE_7%L5>)N|tKuaha6Ml_jk@;FJ4E?c8=o3bz?g6ockknAO#g(M~GHn2EV&Ay+d zyrTzXf!kEI-KTl0G`HH`G?}4$%R#HEx+Up4DLFP3P(Xu(weHM$b_=Fc^mQ-itL7L> zjwUNCDrOEDW6xj#LMHXNn||EWY2;IMjvmpHl+OH)6d^R964Ip5BDByV)X-c>mrxPz zcpXH+*lkM)4yC45CW1fwSW9=fp6>9673aszN=4mgm9@%YWqq!E%-+nI)RD?VT_79) zMf4~LLCy#vW9w3tq)b>meWA7Q9c_*)f%4&So>)$oGWwy!Dq3HSDs?Z+##nI04&9a= zpAv)(IifsuAF!RB9q!JAJmM=?)NTm{w+Z{%O_Ae>z+d?#u)TxkD^L2#3>m zqb|p}Aq-z-l8Dcn&Y39!?MEsgn;7H3-=5ky6YNu4j5$(C>-ebFoj*NAU?VnXRFhbL zVnAMO%Sw&~+vb%VH#44}i1Jjh%OvIL^X5}JO^cb)h2^RK9Buig8l6#M(|pUbptI|x z?B=E{=d31`xt-1yZ&_n&TTme(6U)$ZwHO=`51JXFrumvq^r^}iBlg^=bF0G@|8%&n zwMl%lO9*q8^E$?GmAwf@O5Bh(2V!d=5em9C^v5bj>Q9|R$N^z}y)Kyu#lTwvcdG7w z>a2^3`_7lBF}#Gyd@U)?dVKiL9~?p(Km7C1`4M6v77e{U`~f8hr>q+~dj0L8Lp<8o zQ)fR%2*?f?vr*nGV;JY{|3&)~+uk{AiNYo*${Yol2AL0g_lY%%SfH>q7aJFFytjdv zqQIJjp+jRi79*LsO;!Y2ofQN@J=%k50~6qC>9U-I(ku)DO^U)~jM@HZY=)t{agyPd zlCPjdi8p#0gb6+q%Ho^VCuy{%ifYsrgf?I*?r`Ox#_>qZG}$psl1pnke-(>k zCd(-jzau#k)y-cs=zJj*o|%)4oY`xs6;FCS|HIQ&;o`NN-6*1&-r1@Vm(EBe1YXP@ zrnP^=w_Pl5tI4!}qsxi0nd*b+-(FVE^UcE%8V|5u+3BuNp)(8D{a?dv>8DzoscYbp z&S>;MM4){p$Nq!JG2ufSwqhwz0QkuHVY~X}kNnrBvkEV+Rd{i&);71C`0&tqTX){R zJsc$l(Yhil9~Z4`5kqVAh2E|mE=uPtU`?KjIdV`(wv3!WsO6lkttTw@UgIB2(-p(` zy&n@f@IQCrrdc9U`zB5t;;YEc9ia%Gw5P%#If2sz$GoGEzH?WrFNUkXu5R())fYbh z#^2R{oZ>hAT`sMpL7krYSm=L}gRzo-Ci2Ut?>QUj70Ay6TLxMIx1T!qeIzw{K+7=Hg%uLUHoU~&u`y4f9{*BfoGv~$~@i`bI7I?GTiOT z^igqj*6$S>=kepmh4H@-E~mczxW2!?e^5W5_x0_)y~qFM?0=5`^M~*M z?-2oRUi`Q1-5uKh{ezvoz54F<4(&g}|9p=B^hf;BwxN38Yk?~|Mk6{gU|T?e{BD=$l!Oy|GPVTyLH6>+dtUbdHi@6@&ESr4)#9d|34)D->3Rh zdIb5P3FgVRDDZ<;3^ixx-nj6_uQ`x|@)fE&{b0gkV2)exDke^awX?)NP2EV3xQAn7 zZ5keO`ezuHd>govp7WL08@Tc9H~rxURQg)gSUV+VBHLQ!y;HA!fe3?-x3<5a|2y@A z!`+?3y&b3jj$3Pd7&&V^t53B;;AXo1SfxQHZkprnunk=32gYEx&Dxiq!~?tt-$P4% zaq=x9;}FZ%!|!KD%|=Q6yYkfO9Bu_%u7ng?y$5yl52TM0k$Y^q`p4Pnvlh~+l*}*Z zsZ*~R8)OJ6jW1S0EWrj9=UtTpX=)H7rKiDIX$kl@?lDvQ6<&5IJ8zqB~ zFw%*ATJSENa8jFr{Zc|cnO5`W=;rj8x~pfKjFUE%(f`HSxz>fMaPzc^&7NhufD&gPgeZRPMM=^R&fX_PScHC=S4X1kh}S-n4bFI z=n%MwTUL7g`t_^pGiu^?JRTixZQb47)vN+rrISYU7+vVqTtk*x#OYnz_~x)id-}9o zo*o)4^K}`)g6aLy_3=w8Q>9YUTe)<8(>!_(ApgG6EYXe}e@nj)_6Wt6sJBJ~(?tT0 z(j)UYtN)V0AYzyX`IqdagjIyRED8N0iN~XG%toYXqqSP;(b>uM>BS4`akm)e4B#`c zXQh>sXIK+? zz4FN6M|qOw9?_W_`$PX1CH$#geieL;rcBC1de^5Gy`Ql!C(p_iX{}sZxxBie)~c5~ z^z+%@PfoGlkp%QFv00BU(U)I;rJpBi$JK~TJ?<`<;tgB#>1-6@v?SRfV_7^c6UL%p zuE(#ROS-I;^Ty5fvOC% zM2qx*$VMivEv*qOw~(Ixz303}AaAGb2MBhk^n9U;uIadU?;sSkjxb$!ceoX|RB~sW zjjd7ChX_30qVlz0{88!XHO?J9Axy5E6n#jBZuHJJJ#k}44y}}uFcTcEm6h{E8I&H` zu`E&bL${++j47L1AZJARy5$H?R2K9n-^^m#{TYy`j6$`)*TCB=~LS}o8Jzbjuo|2 zf)}MQJPQBrKhDOgXs&}d@%^yv~&_Cjnx)N z$)g>aO2lRF*&aQH-;@~yt$FvK+h1!Xc+g!_6d=0s`MAl%AqCX`Utd94M)&Y zA!C*w#C|7ss!%dH`(GT`?GVy)KeQOTV+|i!pYGt&s@F+xZUy+95U83u14{Gc+ZMmx z@>xHI)V1x-h^~c@kO4R7ph0)w_XB57VTnghwvA(IBx$2Vji@#rB~HSCr&bFQL|U89 z7X9pc>f!Dd9&mi`K^sO@8JZZ%h{m*syh>Ov3lQ%CIO`PTdFSNcdnv$YYryQ zK&lA|T@i254!1CFPORg9sNJsSEI?i1MP3F5IjYtPgZDPb-3ZvYkqt4OpA&d+?Op5z zVHIo&AtHJJ30jquhIs09)I(LJf8ydG#OM_b$%RXU-P&t9R~0HU3E1595kZdEx;$ zi_xdMSbfAKG9NLMQuE@92&S9o=_ccVaU*qkdU1@Y;S#T&*6<&b&1&SOlHdyGX~{{7 zVrr*ATnU3v-U<=Ux6=ylT4u#tXXS+pYPLdm_*X%VnTk`js78%n5TKQptjn2kLaX}e z`PJq14cC9+jju$_-MsV1o!jG(j+=8W+G_Qsq=+0uc5i`ME3IUg$gpr_Rn}s1N-Oqo zlade#B|wW^{KXoh0Oa}Q$*VKzhQ9+_uUNzXW?q8?yJ^syIXnUgefMQYVs~m4L;IOg z@_Qz{bdUMRGrNY?5mi7*SZ;2it>9g}SV1Cvk)#c>*I!=YEDxM z6X-s%4f%ae72FEjaR^_Vg=%ClJE(+{XRTMwMvD%2+Jx+>>@3{FxmGoPy(R_kU zMVlpbTuOC+h=GV7$08nGQwu8eI+E7-HO%Ap_9U`=B(T% zgDUB+B2Nf)YHZ~jMb=h(ssW<-ThwliSOfI=HFrt(zog+QtyI@GuFt7_WHqc4`RHP% zRI*~$u&I%6hVPh0pRayWA@!l|86GdWWdAD)QrQYM9rL-<=QAT4Ss)5x?8v1oyW z&p>+utmVu$@Q90>BjWq4Ol*5YLZvXlu4Pqhzt5xPQnK8cdLi56dLoU`@uR9bq#wpA zt}qa^{z)~H)6Nm`2*P%=gex|wLaCDK@V+OaJD+VrUKom zR_L5C8*eJ&gsEr@3rjSMq{USC7etV z$g#y$t2quwMJ0qF2l10nq=PDXNL|^d_@UJad45FapiSmfABNot+`OsSOt{wjbg);{ z(kS*O-H`50Z^)RSsGQodGrxVj(5`Vo!eO&Yir+97J;u*h0Yt%zE!i{+xA=0W>#B=k zf#pUoMR-V2zIoN?u9A<1NUZUON$Sip@{rdy)W^cgiXP9KFA;?2#g+95FINn;Q6}h=a!%!vrtcOdD3ZRmHX$PeJ)jk- zB66)25CfZ=pNJZuh8{=`Y;F}23L@Kg)SZo6Cr>l9IWRzc{FlI#uAgs@jdYL!D-nocg>vFOR-! zU?EPA&#&f}W(4g8E%wNnTX^7kBcw|2dIR@*0;5$BQHWq?EUEz#2V42ca-!ESJ=JM=p(bC^H zTUSTdN9T)AmTEK`XN}{<*N0B>`RV22yLI%O0q9`C;#bQRrv-XNgFn4EXdRuLTrXFv zc}cjGYN7i4n$6RH(6O2B@nHIvZCo5ZJEMbe_1!^kQ`Yx%zqVYkctx+Tj^t1-ya&x@ z<9hMp$2h(Vmu_5NFH`p7a^cd1G;hupFHLvov(wAP@!-qL=FPM3mjD}6=i=ym34D8X zeR*@aT%~j1=+^Zz2zrTmaQTay%cDgR?%Bea`S|E;siB`Aol&KQ_m~FGgFjvTHWl=? zaN(Q3pIPBc=?TB zWNAMvFru`Ze){k~TtC%V;{7nbMbw5VYoX~X?5Uy4t15|s&2;%sI$jZ-7FqFE9rwNK z57^5>MAICH`Ea_OwG9MJD#H@B_#+z!6o1y{1HZ$R|IfI;7WsdFBGVNHe@A02{@Z<5XChYUC)Z?$g zVEC&>5kLM8-h=fW^``d`{4hu@8Dd=!Ga-hwbQXStFxbW@OUB^vD)>jTAe-WDFnWy!gBLE`EA9MFf8;DVvEEwu_ckD6@s~ zXAi>99)zDg2>(}k5dPy7>q{S;>d(JKUw-x|e27P(?KyWMva8FB=cg}PFCXq~X!#e? z1kRT7E;P+#{0txJQW$*pDExokqwxCZf}Vg}-5>)T84tq;`4px+32nG|O?4H(RAZXZ zCv-Dh6eg6T;irL%`AB*At_6Q3>J=NyNI5mR#N&`YC(!dzo{(Y(y7Kft#wXG^ME<|y z^Y_`GbK0NtvrFRQE{T7n!(rO{h5kJ`x;YZby`q*9&JJYa@@|TcX5pxyGwQ`mh$(Nz z6WmB!vJ3qC?b~S&#~K75aYWP`4YF~31BCLnv;rPI@CLPzABccczW~1S^OoqLciz1` zyz@TDkD=R9Km1tzQin_)Ad&G@3nOo+eoWc}zhfGUJF2&s03O7pJoLuu^_Xtc7`Kf) z(v=aplkqKK^CD|)q7Q(B2h=%7{Z?pnqwMr1L1!!?N5c?A-iS(ixK}d#fd8+!7W-Rq z*kf^@LC0HW@d(89OBzqgkyIgc%{rorit*%jyF!gvpi<$VXcN>rsMVFHCXPi?EVzT; zO_+EkC}&d;syJ39_KKWxJuNe4E>Wr6j|qBO!ar5<39ZCW6+r_J!2-Y&Rdh4eW0S;e zI<)BT?brHoPOZ5ftq?8q6fMD=^>YhOSwpWj{xF7Xsd85}pXpb#O#HOCogQD6(a-4x z-NR>RR2D~Jqtqvkwrst#Yi~MV6->B9 z1e#eJB^tDT7Ojo?Y_Co3H*>8Od=Ku5mQ|H1TGqVJ$+9M23zk(+PsVOq(7?CJU}s7t zvyhV6Q#7k=&VjXy^8!q5tH^89+p6B#mDRT9>{ZFAQx2W9n|3uy!JTp5HlS3}dYSy1 zW@(d}dbD$0$AMMSO)r3QRMA4e^C^^;bx7Bnp0^JvA#Q=!da_(o@6}>t-%s^)sBeXQ z6qa^pKjIUp_*J}h*8ZvJ7U5O7l>97PHV~=#9_CUs;%#qD+6YYqK;KYOZw z_Ei7uss7nh{j;a~XHWIdp6Y*$r@EEcV0qE(qva&C|0DX%1w@>Vvw@c_wQRFRfm9fn zH^1=Ip>m8pKpVz!Q7iVwm7;kig_S8?t3&hgmMGu#Bd;@VjXNWM)bc(oQPT^1OO);n zCh_fZ9rPk^nVG->aJddfV(r>uz1C#3L`~@Zmg_6>ex7*oxHTHzFIO=p5Lt4q31V99 z0pW2vfXh|$g7?df?#}hc0(0GEYb`gYyT~7Vi;Yd$jJ9sw_;!Kfac4xk(|NyOQQ410 z#-R*LTW&iZM{Z}lL>1(CY`dLz3m$%5t?S2~kd})M^im^S@TBSD>`<{(2LqQt-;1Ik zd_bizTB6d>8{dXq_PbfSR=h-wCC`|twlJ!JC9<3>0_31O@D{DpLx$M}w+H31n~RoR zZc9*ut;&`d&Ei;`ivtlaQ+Bz*L>??;mZ>mYu7lX~-Ys1Ab~5gUcfrEtmji?Neh9O( zC2EYl!C=v{lVHil8Q(8Z7?^dDa@u~sg}*%bvVm}1rXpP_?a+<7E%taLeD1$r5Hw5^ z13w-wQ-0*e@m&~om+Z!PI<(;227;LyuI@;9}V0w zJr9creHGa$vF*#VaVT1XEB4=aa5y+;GJF8xO#%lVwK_UT2L@Htj2qlLy-7s1BWkNN zfoq0@7$~Y?A~0kZciN!&V;0wPLHxYJSm8e`SXz-AoYjX4l>h@axRIuvT&0yMj!@M( zrb?+g%xJ1QQ;gx~U~MykwP{nb+>hG+@gZT}=IIlV#*V$hm9A-|JfZM_U(jau% z_;2E8*7@Y2(Td~0?bNro_YnVWZ*PBh|6q6Lzqaf3gT4Ca_-}v2pRLVL@u%c$I;;e~z8XY+=a!nA4BfyX4$SFO7Xcy-FeYZBNyoT3 zRKY{nR5Oha)JPYhP3VGVr_fl!=AhwJ;J4b0(R`}4;UIGAXi4li6FP4DOJ`^2aDV%7 zdnXk-?spo^R;lzz>1I?UmaR<_B~I;|6jBbzUr98S+U?h-W=rWW_=0Vkm4TrqI2956ssP5bMbQwG; z{f3!I4{+3Iji1bH4u3v8$-KDFzWBxNPx|x%)uH2Dy!n>c4JkeHBI%qskSFv^JLLDA zYQ5qFp+oQJP8+*^;B{*?UVhX*pNzc^Tz?Zn6*UJldV3&!+T+u%CTOblC#BS=@cAVR zOz7(df7&cN7q8CFo|K}o+gF2h`bPum>BjAIGaK?r7fcNZEuPV!q+s&NGz%DHrZ5no zV!UH~zDH3w4zc{Pny;SBi64)`*gKO7CvX6ZKy<&U*^m|9bjr!BRIwXg(y3Cqu@~O> zGHQC`S0hyfAN+15Sw=d-_)*CM2fa@o(WESQ>mm$}Mx!PKRvYP!r;{ZsTq#Xsu2e}D z6*c(`=CZe*PVfT!nVs1GwASZrwMPzMW+1UTZ(|bG#Al&lZ0lnj;JM)5m zezoibpA)B6JV_fKH#V_&*Bt!AyDH1dLkyc&apoV{)n3xGo=n*5K@hxbd#bja(udaG zaL}h+|fX z_anZqV9Uh!|m_e}kZ$o>i7(CM0(<|o?EITszhvL8n^185hK=`~)mMSA`Jrwe>m&mu-oMXO z@@hVES=HC+^!RFTgVpjAuBM}z)$#ZnMyZH|r-tlnsfISDZ{1{Gs@7N3(vlN1)TJIT zyKcWDlE53x9jGB!%$7aTpP24=stF`s^^I-9D;4K23Io}@qAEOeQ}o!G5J1~AN3Py% z6Rnm#y)3aHn8r~vTOH$z?yFmKt}PHSQsllfB6<%V-7z;ORvs0nJsBH5p&NQ} zu#Rw@?{I)<9^k;}u+ir73E|tvP%+_15ix?%nJ_F9HkyJDfr0Xqge-kd?QWR0wWiAw zT0`e`+yIs;ZHaZ+^P?ChRO&%F_WQl$nd)+s&@P(d;uU<98tfKZorttmcd;HTO28Pe z1cM=tFFYy#x{Y@3Zo#xt)3*}77djeh(B;U!5jw@1g#oduuTy;`^YCLcAU%E=CuC9Z z3#=&P8+SZ5k>BvCnZpwGEHk!+AmTbd8Km|Fm~$ zSmM#qRASm)T0eh`@JR!SEkLgchGK8<-eVA;C6P4)fDv}44dLq`!OU)go8P;G39Z95 zw-khTmDCyu=wdc(fTYgJ9a{6p3}642>T57a~SL$o3T}QQR3fRmX{{bU6j|`eg0`bU9b5F4#j$`!-#%gN17JG$N zKN^qWpN^ftT?on`6>`_L27r4SH#lHZ>rw7*1)|UvK^%V5x$xdYB#>0C#v`xe_xuh= zsf~uxo<$^d+=x&l9SkMXQMgL?Xf+k9i(0R}nq)FP#Cp;nH~g-J$@N=catqhkQ@nK< zOwlh5Y!WNd<=e{u^V`V5eD~+0@~h~??hZ;*e|<2Mo?wUj;A3IE#V~I9d{6i zmfS|+r%>&;;0@d*ou4OuB$WoFO0TwvcZ?e@tBIY4Mvo7bt@$EL?rq zSiWVrHR(r@Zh{GurK3e+^m_}^O&cI8lmO_ycmv3{FARRo`?|3(ER^*nJ_CM+e4B27 zDGGbZr?T!+I<;Xb;f96;Cgu|p6f>Gh#!&rQOMMXiTl%kWD;gnPa3CTRXA$xx8SS5P zdiwQO=TGT&?YX39slKPEN&6npl(Twwn1D!@>xuQHa0>)Or4X>jagB@1^Tv7d@wfCu zr;oV4@!GgD)XkecF$#214v-(+a|Ck1i0ym(M5X|$TqC;a13|GrluOlRvOoj3zI$RG0ka|t&ygD zCJ+o^h{chQcpQAhgfXM$J(oxuYeD2}s{?J$DQ4(vPHhsKW0~yFQ;a`Z8zJ~AjO90DEZ~?$r1;MJOhp@G&Q5IyXvZPpyGjdS z+K9ghBKAhm%2zRyaQKo+Q5MI-H4dYI2LBh!xbrqiZPMP zbT$>epGHH_xP;8G5SAFa_i46=(F>s?KI}wsdv~T&&XVDF#s-lk9KEx%?FhmTL8q(G z;vh6YfD@f|&(|-9wQ&R8IU^+)gfIipMG_X6+wxi{_R$RllekgaA0x#3fLjs+mJiwW zvM|Pc3U%rVwhLq~;>^zJO|@QEzZTU_icHQaWodhoYj|gS>Mkv+l*VR^%k06~hip+I zJqM>Patqprp_w`isS_}J!0EX?`Msu=#WHDRB3zkfwoatcgzYNXFkqEUUQqEAAC|C> z%+)Cda$0<)wLzl35x$UmvcXIWSd`mF`eNd;3BhHdJN-)IAX!lTQWfNvW_hQDL)`t; z9kckjQ_#MVw^4cmwiYy*g9RL^X{3NAcP2FWM||}Xvd<`$ognn8zMJ~<4owP zsUOfa8bJcy2?s*(l$244=!>A>-S`Wa_zM+LWK=&KhxCqKY|uY2@X?YW+SpM96>o4) z#2nownhBDm1skhhUEwodP2i}oqHuLmJNC7s)lPkH44phN3|_P$x|h#4#{Zl6U*dft zsiYtLVfMfEgU37Dod0?EV0(9Orw;tTv;R5&^B8~?qrQ`>)BF46Pp z#p%t4f{cpuL-ogsNfpaz@Edqh#kEY-Qm(3U_cgDNPfo8leu$&akM?_s#l!EnrZOOS zA6(ozTSA*}>Gx>hymfwbdT~SlHLhFdmnV%Wr0~yb*oF z)q>`D`C!Bcywf9}t=h@W>Nv zzIxWY*`W40-;iV?SpBd@FIJJ}?!)ZVid*HfqciV5{RxA0s&tXA$6No*hNaNK zZ#P%pZqzp4mRGml*0)CM&f33eFS~y9+jQ2IpRjL$rPk4_n@hM#7@%4+seRRak6$*9 zzdgNpvGGG@ct4sV*Nx_@vzv{iYU${i9@bO+mS3VzWT`whYAek9vRR{dCvM<-gLPh0 z?@(#hZXrc@8*^mTh)bobCuBgIgX_T9RW|XQz#NX{kx|tvzOtoPORUG<^E!8JUB{^d3bV=}W zY<{W)FXs8|qSZ7HfHH&vOun8zyScpN(#Nf5r!N{8C#Odj=7?5*p*_0#_Ju-FsdJd% zjif-u8NKVPa|>(g=6i>(PGB7_qWEVT$39aKr!#KCmzb`nrR>dJYIK39qA)zDM#gkKnG&(xluqw=) zE`#=kwop`&^)_-$Y223j@nk)3NfB+|3VF|#kZ07VchBryL9k$ z=3QJ?WoEDlwqTpDZ7vBrh0vy%^xd>&>s_2Rf5`Sog2z-YGo=Bb+eKw#<7|u0Anf}c zF^GE>O@eSeEvZ3}{8smOr*2EwwZT#{Tjbb+vs+Uv2ncJv-GZooS-u9o4|h70-ZH{xi@4~3qVcru#0-qLtC;Zv#?hCnWLDUjFatCA4o7`IHA$d zK^Qha@=Q<6k5Y-`PFP(_W1H!F(Yik(XDtm;20+_E?bcklGfVQ4qUc+JmH9Pf2H^7J-&4_Co8jI=YGsc5K?af1g6)*p7WJG^{*?*v%rk?LP3u8hDT|?;6WJJ!Y*bx z&?!(ZsdRo+ME#lq2ts@sAbz2Z&k%heR%f$1zdU84&Z762z|AN25YM)V(lg&yXJBh? zTb`3&`~`!TXZ%`C6N=eBW{`iWA~R?|U5;1JeELV4q~kaA7vAI(ZkPtfnp{2E4%EGq zkNbaNPjCw|tudrAIb+dWEdEOl0{>+u?zX1&RO;vs5;SZLB!i%>+7@ya)NBU0coSJc zokoSvnNU+Js@rkws(h5Dq&TOkeyPOt84}`FH$&IeFRQr>unEX446vk9_An-fR%I>! zql$(zH3Rz=z@Ff;kq!UaLgSa5pAI~rSfIwq5th^_8+>V0gHRlar;oD7Zco*u7@f*1 zXamPMB!Rc;bo>#xhHBNhxV&+$8^@RD=Z%Y##)&%L(^F?Q9+A5nGWUkKR?TnkN0BjE z!zau*fAG4{)X>k5j+YrX6)zlhQB%`H?t34qfp?cb;;tX_kX0cX@rk^le!RO?r|b86 zzE{2V27{p+RQpjl84+h7L3*on3)CHn&8Q}!;!8hWlcfMwwIxRCbFQo?Gx;P~b!z%F zDg>vRKdksZ7`q=VLH9?6=|BUaWI%zXRYI76`T9=>ZX~RC(G2G zA1lSHQa0*{SVY7gdmyu9xF)hVQH>$D3yZoLsC4d%jUQB46sOk-#sm6SnHo4cItv0V z&~LoCkGCfHrW9}KcJMX!23}{ZiYnp0JosTpTBqMI<1c8$jYjSkME6vb{>CqQOc#Fs z>f*S$F$%?(0gZ*du6yrD=YqmeM!eXLGV7yarNk8#EoBmUv22~$ZDW)`^Y%Njs9+#X zXx_-r(+iPc$>#B(bZQ5rtdUdzB}+L8sXWb2M+uyEhlbX&_$v@#Jmb4oZ_Y2F6rjZg zyJ08kNml*x)y>tbo6<+=|Bo5Do`wBSuNp7Z|L^SY?QYlqtG@lXzQ4bJP(Rp4{IC7` z!Ds#dAMpoasH*jPwZ82r)u_{iaj_TmOQn@f2RR5XubYPs44=fYG;p5NLFCX}IFKnb zs!~ZexcxCovg_ z@!^O09TS;B(>UtFQov=ciQ~4R6OX(O!g}hg1U@_;;>mDGz5c@b_xnm|#pQZk*sD1z zNEn{}3hp^-2GP=`l`pno-8C7)FLmyCO|VjTc<5*qnsO{c zTr*r9+B+1k-ofq;5lv8}hU3x-o_4*l z>kt0oj{WY_$J@JK?(O`=rJt&qzc9hs!i$~#FZOp9TNM>5-+(n136Xc=F}veTWHZ?R zT}Li2t>{v8!NDrgeINOrb9L(v{1KpDI^O=Wy7PtOq>dkVJ7slI;gP6l=NJiW4ILtw zyWt(XM=MM8(n{Cs&~At$U((Cof}4H{_2h(#y@XhDq`lDHfh-!C@IFg*}#ye1wt zyhGc#K3D9fYxAd?xrUK)fLag$q=|>&D6S+9%uIClG3ZX%mD5#Pxf9oLX1QZg9Jd+4 z4H4b2`=^f_L}lu8Z#>da*S;^UOl^*KE(TjhB-OwRtTEI9Ss6T@2U^@d%_despcIw% z#Bmi?Rm$;k2;dqMooC$F^TWgM#r0SG=LI6^mZ#|B+PKV~a(zDnqxP=Nx1_u)Iw-pL~3 zXA0+Wz?M5tjHK9Ylkc(Q4wJY&UJqW6rIqtn%^PRKHBmFl4m~;%;O#H-KyMml! ztt$B{iW-n)7IWK}gDTAo^J`DdF|Q37WNrhQAx_l>Mk8pt7URLv$|Oi^4m&PX@*E_M z&!k`viJW3e%>{)5s=zv$M^@`&MB<4M#)vLzq6mf_&m%k0X2qh$g~|;QS@_k~x^Xr87$zg7x96}S@bXMVHkpn6dGrS#)F z?*ku2WmVo!l}%pUnioQ$M*e&K4(d?d0^J%NU0EqZvyZBl(75^|G^n}_i^EkA*D*6O zz^5JsT}nOcwvn$oqXF|fP4@|?RS1}>J`)e`3)#4p$bPa z4!($?Y}S70-2S)(bRR%d5nB~@>5TuKTYHHBOx}I&t*nrLZf2T|vNn$ZWkIJL3wb-% z9t|jq;VO0lxoP0a0HnnM(f|_@2B9qMcNDqA4BUo;uGo&%(xY7vS!jI?k)9Wq5)9(b z=|e@Pz>t1MGF}Ncl|=laQi1D8Oeprv7`c8RGM3Q@=JSJlv14FQzBb3HBe;#7c0@E9 zM}hBpknm_*e9KfHm8B-=LE6fi^CHyN{-u>{&WlaOgP`|#3_6T}=02PxVa1FA_Y|@J zxVl?kh)uIDx=KDhmP>HWA{IKcsFluw#7ZHllP1WVS@hTpYVH3Kg6sxxqrL&k>4Fa+ ztdh_rfsw+o9VZ7zQL&#m<_ldXd^0PwOnnMKD`=ZQFbH4O@Q#hV#pemYqJ#-JRbXON zFI^o@DP#)3@+F{Wm~-nPA1~GPN<>>Sc-Dl`vzanxe zBSHfIhZ$iYL5kCRT;187zn4=qt)Xzj!GNxU1ds`3`ksvE_{%Syp2tyz<7qgRkU&(I z@T+zb;^8vT5yq`zDg+f=Sk_FgalUgzbPI1{uG9@_ibTVkA*#qmaY%G50@Zpd&Y`Oy zGLah-LF9ADBw8|}hH;DAtFx0!Ru>4z!f--&P8AT;4>`#QaXrFjJ-AI_(sW|Fs+E`y z?&!D5bmECtAney@f%=?vi{%?E&cC;d&L0Ue4b%LB2#LDz`DPSlj!M7Nk;7#-Twhpf zq-ThgvIg9V!Z=P8Hpunqf3SPlo-fohj-R>@CJ^)`jj^9MzdPn5!=WSPBw{|g-*|qH z1(<$lG!~2+I3JtM?`n(#VVL-mjvn0Ck|46T42aafTz=L{?ym2Zyn)dr=Fu8-39Le& z?y?O;{nZg62s=J_1U>JLb}y!R@MXgqH!VKqabe#f#{*u<2BDx0%3Z~eTovWR>4fb# zRN3?b@4>ApP-ZI!HE1i}B?nsN;S#OPaf&#&2I0tJegNTp%p%b_j1wA{!w!lKNqV@` zY)BCkddON{4(O_4N?P&!)4}~Y4UZsdb?FNOOf;8cM726*992c^F6F%@Le4f~hEHH@ zgeXt6W7PF!psxjqSw0z|7?T}IKygq%I_H2ypk}H)=JVP1tjT{-IC-0shFqFuD@g?G zsp$5&qp(SxcZ6ZPutW*-!B1q(?%>Y7k0oh9cOp^URimu^qFE1XnSm~TY*-p3Aw$C= zP=TlzGG$(NKMuy);!|b8vN^~Hk3$?*(f_6E+IcG35)HCZCQyTd$4fWoM19wDR@fNaTCjDa>b2bh;#9mqd~t^JdRb9_B8_ z0u#%^GvB-8{x1?+Tk^WXNew0$OSM+XumP&wN*<80yg!kO+?<{_nm0%1SB8CMiKRA7 z#AfG(zJxrbQ~PD0vk1$I=^l%1nh8W<`_?>uOxI%b4(aLDIO|3fjbV>(8*Rl{B3Ji%?E9^Vq-|m@Rk=IxlXIM@S9|#9 z!YyDCy&&cY)&?i5$cxkz5HCZ1*tN}<{9tPLYtEVfj)tJ7GavOWtwRy0qq~%LKtu@h zJ2Cf<+)&n|APU7W4BzQqlM5>zPkKFC5YzD(Ifr6dyA!&q-98<$%n;bQ-}yUn(7hP> zFTRTL;+ucz7d2vGzn(@e&*|b|qMp;*;*ut=`yw1ma2&xVc29eYUQvX4qp&;aXfBOa z*!rlb5xBY%lhQC5`aT(;vvdstc)XhE0jJiq`Lqngoc0Sv{yu_ zO*p`(_d#qcHT$HQY{xm4rdS(3VG~kUTc9#;rQ>QWJ8H2(K^SShEF#EfI}lr%Z;prw zc`CM{p^nykbp+>=R^#Z!(dmUq!vPth0#!Orh}t3D@KP|bzmSqSqf;yd8C+N_0ctAK za4pkutkeUyI*mb+kVxXLDzOgDi3m^#filzL#X%)a!A79P!X9g)snZuqW+ZYQ#Y5W$ zHJFF8wb4{I)Zat4vvDAwaWD+5pOWZjD&wMWc^^^$y1#_6D^mrJ>W{bUkH6Rv)d3@& zJ5OxYmBA|uEoGY(O4KT3lk*H-`| zIDkm|55_h^UR4KH^LG6jo*gbTPmEG+v+e&p)oGuP=X@%3* zi6EUvXhFEJ#{rGKZ!`56M;DOV9lHJbLl9FrY6s0Ie^+Ot!&GaR4ZTmiw(kZUt%DGq z8yG-8V1I!^4;z1}L_QB5zx!B@zhC<94v3xA-s2r>{yW8z{zMs^ z4s)H%Oy5Y#P#*$s@tPp=pr<4nd=tPLN8fjnbjBLO_Tnl^WkG;zI~p_gQUr(Xew8#` z|6TT>>jAQtVJ7^@+n51g;Yh6k6n%Quv=!6EoZnEDx$E$W>O%-&P~e1)-AK^MGp{jmxD z3F0Lggl|!UrXN}pye;_%cQfo3 z9U#nU`=GvGryp}?nDSm`7&z)Cw*WM5)p+2>x2$pl)kKE@a2fzhD&oH_a!D2iE!|;e zc{PL}U!V8EAGe^^n8dh%X<*Zklqt7So;v{JMavVN4+F-inQAER23NCft3*ftCJK?o zVEixlHliDa^LjyG%a%F8L{g10GPw)2UN)Arg>1jEz{=S$asn$J##vfd%4DNIX7Muk z6jAF|>~Yfdm>#Ir<=%qq?V$uK7GC*T^F&)DRh-MF^Tw%f*LG`P3JtDKMn#BdlaN6N zXZ^|!fABS}*%1NtR}(1%+dFkXaCju*;5u_hyC7&G-J$V7+@*7xKHqX%XG$G9ulTr4 z17NzGb{4S?Z*F@ZI~SvFwluw7cX~D{wKULG{#RHpgRZ8dG@}hexwXJ|^1!mkvT$5Z z(TH;DrbZ(tXrZxu?4mNBodoc_%UuXdA}8~9ifX0@ZP)uGV~lSnW4bqkf*}GG$^`Q2 z-VbL_5INFw=a=fWsKdg(a+XAT`Xnm?lav;-odvUsJeXP(u1YkNyR~RVJ?~xanq>Md z?y{h_oK=y&KFO-sa>0U`^~~Po%r0F&XRJx>j~=f=lWsd^1#mH928|551Q@lrlvup9 zU<^6E19Y{a#MIb)1))q zSb9o!Q*);yUOTT8{Yn(8w&iC*jTOTK!f#(k)-VBaGVOm#j+gkbF*7VXb33tp&JLX^ zYgh?wD27k4*R|q1h%E%q)rT*Z7EysCv3aiDk2yygF$H1q8L^R9=Je;ZB34DS+Q^Lk zcM?V9Hw``j<|po*QTvN3QA8?MSdE9S?3CZ_^up>QAL@0m_Bm)Zr;+r!<~8xDMh7Bv}tDc?3`b=N+b9($_i!+$Sw=;K_umY@q>FNzS-k^A{ zrlH*3&9?HX#?R)Ju*5u9y!gs@h^B zEZQHD!Ow>VTo`lEf)c~dLU^+z0=g9Bv9k6BARvmjTqZ)@mR&#Yga|N^&!4GM`FKKq zMbLx7ss?A}68rg86T_lH{wKk_1;WrmuFJ?t`6Gg_K+y`Ax?y53Ao@t@*xM@B#BO!K zp39EgZo?o!M7EaYV?6TMdL^8UYs&#yR;Tw$IZ|q^Vanvqh;o>`i67Y0AJC229VNhr zoa&=m`JKm`0Nebo*i6THa90BHzvql*;3H$C!bZ)3M@^JgOsLc)XOlhPzw6SaP|fcO z4=I%QNA#3I!G&GIRxRn%`54g17bWLUQf~Z@?J>Ekeoru&3HrbPvSulTKcY`VN(ib2 zi^&#waXj(IX1piO7%n$lxJ-M z7=yZ8YpPjqooDu0b2RdR1qOt>tgltUiP$bhTcoIIdUh_G3kF9CXAQJJ><$=xSk5w8q-HHez!tcp9-#5G|aJB~Z~gfv{w9d7~F=HlIyO z;ri|?4gl@P#2{E3qvI_NLS?@bMtZbr4wXAs2abXIy9l znm&rQr*@M_R}&Bz7MFe`AwYF3aP8I1@ez_eVv}koK=1;;>$z-LoukrKPWEEQ98+K7 z+9tb-NyRYL3su0a*zI{h#we_!@7znR`MX^d`T}AO*Rmsa-p2v0O)%~uWbe=)aNrF> zS?aCWnfr-#HZQ$xB)C)GKUiohQeoKHb&O~V@VPqvXvD4=mi6JmUefTw-U)}wxO_sx z-`#2P;3pioj9wTZO!#r_!ELSS4D)p@c$@Eww6OQuQVwbh`k*c3X|@QxU|ZZ}&&EyYaO;TiqH)=JtoTh12^ICAQ&RCI zV1AW<`D)khLm#U)a@0zlIkvyBiS6<#!c+#9JMyn-FNhEx*92%n3%7 zOR3W_vrfKT&%i!uM-od8mp7z}1Q~$?ow#!v>}_2L>gpE))1JiR2OE*k3gl_uVH`CY zgcy5rgBpVwc2&pK;;c4=Y?PA>i)+v?XZ;N)5iN~`fm6nP_uBqW_D@AD5d(e`EE`v) zik3ZhuG99IN`|x}VOJ!7{exQ(8-9tgvqV!%U@87ufG0mGmzDQ1XwRt3AD#avFq_6= zGhBI;q3CnEFXLMs9RgTK4D7R^^xTolDdkHm&l9Ex)J=v5k#K~)$S2l;?_Ke}nZ{~F zs};1Aq><9E5G6+hUvbI{jm}vfjql9Mj!kA}sX5^4V=ZFDw zpYn=^$6SE}7Ga*NC>(`-9eq~e9>LZe5e+_w?mhf&l*b@?OGsyG;RpgY^fe5-6P6xK z`i_iP7z^lC$5ac*<4NTOpXm_UwS%jtw_$~LXf3J=!Zrup>Z%Cyp3ii3u}L0c z#zr%Y`Zmh69}Q_m79sXT-lt}iT*bU&1vI~LQk+^rr)U9hEE%-9^V~$h#>;{YGLCp) zhu(SKD2do)l2L-?;C%>nc$yDm6`&8y$H)`AOBEF$86HvhvaWENM<67Q{*wru*uR}k zqUK(kQ`u>9Q*W^(jD7306aFgi!z$;93*_EbKK5O|tNi&DtZS%HRqV(Fd}K;1?5Enk zS42Ly(ve(e2>a_v7A(&jDhV2vnZ7F4hg!Z2K$S>5L3=1MnB5%Fu98M6anxhy3M`*_ z{z5O>zGO>VAdtv3y=6)FmqWC9=_&;M<>sq!=BBHdfwNtMvh&kbNYw@MRXkWxGA~_4 zY2{SJW`p|_rjc|NZtR#`76SZ82tfyOPi$yK?uzg&#^+vab2+p}oJ8`G&~&Jbh(4+^ zN7(M%ib|HF{cr>~9**jlGbI23857NJ_6u4F)h@>rQRjqP=P-Bb*z?qkGo00y8JUhU z#9_HC4`j$H1EiEf-V6?Ir$QW<)gp{Sgzbq4>65~d=JueaN1L7 zkn_F7Ttd%Q9cOj}ZhOiWKo3gPGuEJdOT>EWxI=DHvNzO{bGLBP$c)eZI)~fnS$9V! zgJ6#%{xOD-fFj6n>BQ`B-MO6v?>H@(%V7%b@zfuXpGYF~@Z2Wjgf&X?5$X2#syhpX z4*eY{?ay@bfF#6xH46H?Dzd#P>6Ip|sdUUbMI705s2Tr+5M`kb5tp66-5^zoj3{T?Q9 z43k*9yqwy$Oy%EU`9n&xV#S&H!#l?T`smJ;VVp`T_{k4~-IYWO%Djf{kUc5A0`LS; z*A1s2ANaa5-{=pTcZ#rsc$834b~tPSltTpy{_vr&0Y}PXDjd2rQR~#$JPv#+tYN%J z^VNpqGdW;Yf@OAyMyN0v1wv1=$c zWg28qAs7!hgY+Fzkt89w9345GFACj_7HG(Ox~U|kq7p=yG})rO8;7a&K|*nbfp3xE zTeXoVCgsG8bWt+TI~qXb@xTeDKpHk~>L@#I8!WX-HIpA}Yj2qZRWs9?i&OT|_4Bi% z7flf%9Md#kyHVtaQ6?`|VYfv=oGbYQvXe(ljVKBGToCPf)+iQ_FKq^~^kQ|r_JsB& z9HkP`EiU86x85N!G8XGbwts+$|)>>?`+h~T1T75dxXGNsT2 zmO$vDj%0t zEgIe7T&3XDzH)daHpd|BU0Ts#t&)dLL-)br^v|r6rI8!Z{8SWM`W0b!31lR{u)_In zWcR$cWQHM?>`|~U0#x_C@e>6lh(gEqD@pUa3vOj*$5LvuD;=&DackW^oBApxl`;z! zU(-y#4-C%B%$tdVg=pBfVQ{ZzYIm_y7_iF9pRk~CKFP_-+TTTm^E1YfR(uOs|K7TS z8N;!x<6i?}nHMKq)VR33IljEOaH?Xlp%Ts=RGf2yq}R+_JPV@%?uz5T{?*y9?N^-3 zkr%vn$8`LidhOr|(>N^76jil27O{y*0RE6OmjO-keXozf`Xj&RY_C80J=SFIlFSIv z)pfF8*dehiA-o~S-6&Y=B#-MvR18`8A)kn?ogaXM^dEd&^tN_h-vCV25`#p2OSyH1c^uHH=E8-nIu7FZ%UXQWMRF4Mw@ec+XQ9$)}7~q zVqd+_B%qCi(2`Kh$sG~<t5k%{++ROGmh^-)Y8KGa_2Nz>Td%_0FLiywmSLyk#w-DVS3ME=6Qsc0 zK<*(J*OnC(Em=e)1B`Trj4&J8AT02ENb2g)OuRvl(;SsnkhK{X9b_H!^1)?H1Oz*PhA>O>1*btK!muKbrI>glCE3`fBK^-_=|H z;QQ_4|K1K>Y=0xDr`D$x^mr=P^tYGFSZOgRht8|mQVtL)0BHjZGx^1WtZ;6ekp2|0?{q!E( z)9FR?=IHE9bXiPG3X=UOkjb8r3l2h%KsK+^^V7?VXQ!7HhrstxrZLKv+S7nmOh3|bud%ONq`>d_z;8$ ze?bDnTM%V;p2}FLv;OiYt6#!?=l;7}h%{ahDHVn9ov%!mt8dIN9`BTXu))*>{QKNK zC!^9ngDT>yn8&8l6)MT``O%xR28SKlxS_l19UmEQ;P>2MJo#ow!>L6RolQs9wfw0@ zeXg^WMC_c+G|MMydWsg%A}hokQ8IMp9o}QNXO-C|c5o#>f75DQJ{KW7L5#e*YSDqb zdDTqBOAlDG-Rf?=*tXYV^N*30#iX`^Ww9i|o-*uZy#*0f;3kcScczpZb1Z+BMJ+fJw;!6nO1Z0bs5 z zdj9*hsk!#?A z-(z_ZAp=6?uv+PVq6vcT8sCq?2RE0dFKQ80Gx54*2-l-` zj%3w@Cd8}^t(-EQrE@n9B}9@#ECRASG{b=#(Sp{ug(!zYCqe(;eUi zghBtsKfbwb|56R2yIR-#`lIG<(ofh^mzx^t17L()$zI_+VKe{fi6@o`=_ODQld}r3 zwG0MJ{ZY%1#rn*mF$PdlC{QikZbT=<=3r$+rIp`fNLoUt!CNC{yXW6!Em9ZD3G!(0 zW?+eOr>_S=x5FnKMSeoTb!3%ntxIUucb?>3HaU5f4V;7;W3Ou~*X*ZR4-6ujNaR7y zS|`dhaRFq46JUe5Ll4CM>H1J)*ncZOc!YK;!Us2Uc6!{n zXf`x0@!)ojFR#8oy?DWcsR$LJn*QjcaP281Y#3`LmH7DESdBCz)7a%4ibd>^@ytC; zNny1`flBhIr1J!W@06=4)CvYVwF)VT3I;Y0p+8T@>k{o!m>__>2hBIPs!g??U9W`A!k9_)}y~5cD&1DHFqIV(YnISVTzlC7dj~7^6z2AM}>!8~2`YJ&>7{$BW zP>gC=l$%cLGkd?1G)vm%!`d4y99BkxtYX2v11_<&lEWs#u%M7}wrw>M2ktz|Jte@Uw5iBtg+=`Enz&F9MjvjUHh_j(6*e1yOO$mo%>%W7{jh28$5?xWhNWaeo><+ zsX8{Y@!b_9FRf>1m&f0>&KeglZeDUy=#{o72}h|BNEmi#SOA>Hn?~c!jbeO|Oj>cT z?qnP?Vy@R7C$R#Q9iKn0h~<~^`__eHR{r|>1(H3&7eTG`4(9~VTj}ME>6GCzE(i6d z0!tn7gAs)VZ3j!LB!>z^haZnE8@l50%*=&=u%*zChVK?^XpuZjbMlecp^lafWR$A{ zTO@e*VtTMcmcncqO}e?mlhv7Zz*36fvk9?F&V_e}Mg-nDxR^TRN**g7Vu{&dI-*90 z#agRSi><1R-0Ya{kHx19;X8~1448GyzV~9-@3MAl0z1||kZd-$H=CbDf{VF2E7mz! zK{DMUC;NQw1vxT0-yK`A8S6Di8LvIK?R0v1We}wfF>4Cd)pmL%zMiLvi3vwe?wU9- zM3MDbcNwR0O>2Wm{<6Rt{O)%0sTt$ix{$X1Dz-c_?pS3<9^MyZmD}OqhYLtkwW53y zFi)(#1LwDcGy%NltaX}JI$C`wcMQep#~H^wk>0Y&2ey?%<$1fQ5F1CPxl=tXdck*S9wuvj2g zbsBQ!fKt{1Vz!%z0x4eM*PO6E7C(_`U8uE;2MfmmCvt%ZMq|XUjqJ5;(sr%BUp@Y= zX|=ugaT;z*_hmSIhG*9I69NEWK%c*;4u*2!)1`iE8PYA=wZ#hCZ4{WcED*#YH~d;* zm^EjPU9_^}DGamb6h>K7cDD;g-*G?`!aznEFRdho)p~Rs-kYv7zL&(NC+3*nblSJr zxChFV5!)zBIN5LlW2{N9$EI3}+Qf|prhhE-CReOEr#8z0G+iX<@5V*%L*;_+6( zQG#Sl5K7w8Nb<9XcQn*+(&y+MqLp-|Wdpn$vSGkkBU;vb%Timsn&PsvOC4#8WQgVw z)ZWC`2j7CVgtuo*qf-X(ijX*BYEk=h%LoFs_cqtx+3qDS|S6NT!7?r;4;l zWGm1eK>8AeFcofN#bf~QJZ*+hgW-?zq!}xgL=62l2*vf>2%aBoW~!W(*vk4|<_yg)An~M0|sD!JW5`yZ|QJ5zob{L!9_nPefFSN{pl+1dOfs zo=*?q)T($R#kc-wBte@`ytYr1+CZ}^TgAP~KH$hI#^u^a?U~Tj40(1?6}!f=!9nK+ zk|~NGld89Xw~FnLk{)oL8Kuok7h`0pyIA1M2gXBV=8eikDUfU@=!MZIV{<>2Uy0u`%ibr- z!8?@bV2r?hHV-&mhqfF(FGGau^chmS$~+_Cn6hjH$KVpj;fhHs#++4~km4;41aO*y z3qEFP7?E?ty@Nd9m}YcVC19vKP9l&Au81ZD=QwFV|Pv#hq_m#R^o!d1=$I>>K5e z?QZ$_$IC{ev5i=nmB3ql+8L;vqzFSV)_jONAm`3no*q2Y_H$}2v1QpSWNCx1zOiFG zhiLO2pfXyQL-q4|{3i!OQi!T;6A>xvYyx(&Kw9=Dg?Q5)egq^#hX|;}m_Vq|Eoee6ZYWobaIDFp za_y6LJmpIHajo8d!d7SbR6a0@Yi55Q%YZmpW0 zn3EiN9j00%ODJ0P?*HbVAW zCmDp#foU|>XJT2GLK;X8NCX;(uRIRkz;1ug97+etNQABVSQtuK{==>!u?b>Ykq?Mv zNAxk>P1$g858r3;$#z$bUQ|5oMffgErI4I+A|B#MMCu#}Ryb>Jj7$1#^$dz_a z8cjBw78M#>S^Fk&tmLAG7ZSp|b(Es*lMYdYuBlX~AJr^uPr>rBr4-^q;6n(M`Eg6D zF1I7-TUE3h>ZN6}WL$rLb<;X;+`POzL1z^cUstn>qRgy)Bpjs<3Lq$d1SwZ9C1d#b z&KJHVG8b5B<T}WRX-R#rw)`%1HZ@c zH=Vo4h55T&qcr;J#|?im{w~F&PeI@-D?8_=y||ZGjSHeVTNjt~enaFTrIpEG>=UN; zB>jS&sJg@EYwdfdwq@wuzm-4DI#%XVu({Im|0UD3hZ&ee-t04un{x_I4j$UUG{#EX z)Gph$7F2#r8;gLhwLs6jzRwy*SMdT&<|o;U;*T0gnvRAlLG-m|0iBdvbLYXGr8&YA ziFo4%iGiU729DqBIX0`vVT@BNzW)&uosod;VcC6(GWg`GqHO&?&Zs7(KtnN>+<19@ zbX+Z;pX_e|-HV3i`r<_{H}~FmwJcz3+WUOjh03_WYeVW>&-P{8P6NPM7`{t440DA% zDFJMT1NI%Y@Q;L~P>LuMXVPknl|6nEMYCcwNun@gS13AE({cvnV*i9lJCFC81U=5a z$`OYWY)rfDurY&ZKXl+|#)gu{lYMc!b^;z=7);ih!Su?lPT+F{Yu2>3YoH7 zJOQvME9~G%G?d+Cove*(${|5RCmh}DSTbRPDymg_R~;(vZhUzk`Y-{$A7WowW7!VF zG4Lhp?~lK0I&t8R=&~DYV+TtZ54F;Aqg+Z+HKZgch` zwyJbv#~XIt7(t@4CKU(O`VI&GEaJKqOOL=1ianDkDNnye5p+)maT?7eH?eNI!^LNcuOm^yV--?du_lt^kKN|flB5(e@IK>t7l1K$aa-{ zGv6aGtiDUQ>ml2OLooW<6J?9aEb6I*34{BTcla>10^46c)B`y;rjB4>EBM(1JDIj4 zo7w(ST&hKe7+&uI&CD?OBU&2-jifhFw6ej+luxjIFhGsYkP#o z^-Q~k=#R$Faem+PV;m;oQ~h9|ViYH2!ZMSySW9$fMIcblHvI`95AzgH+7%d3Wd}GV z#<5#X3u{ccXN~{?3RlwY-mxb^%DGkLfkVuk#PrunJhRv&F~;)M$~k24ECOCQ)OIe~|44UvsXsD~3Cwi`<1HJ-ef`jk?>-@VTbB1r03AOkYL5l>px&2xkUvckF=)ZfQ%z1YH*+h zWYJcaSq$Kn2k|f&B54^CYK#Ho{-CVf^R>5&KD1g8pgo;w4VAVth6i$MtXXW8D;y&c zIjN)qwE01c{AX0pA$La;TU~f(gTw9; zDXBQLZxnVX9hDYCUF=tv&C@r;rF#*J9>ZXZ@eqe9HzBS8ObB=i&yCuxW@I7UR?F0d zPbrdGun7*gnXI5hOoUg181cIA2@qWED$*JFNVK>ThduT@oj<{>!r>?u%!gnr6XNfC zUf3fLV*c74&@$2t7ib{r9PI5oKRQ=(A;4^n$X6}s z1O#J2c-63&)Y$7=Eb1tX#fwE>CC1^z?U4l9(2;M%)86lcB?+Tg{~o9qA|gFP@-3LGQj;DXpZ8FNoc4@; zns_VHjA=S71#etFuV52d?ZC@`Lq%7l7fHmJ0FcQZaRPNbNJlLfwPL*El(C^|$Q!aC zOWYw39!(ZQGNeMHf|eIHi*`iXR`XM05*A3>;Jv*7I^QCe;ra32 z&i*a|hTyk@TAk>#5B_j6By7)tV9vatPscANSU)5rf;4EG&gu~z0Haz{Nr=v0HE#f= zu2O^(sNmi*QA=@*x%PzpA3G+j)HOh4SeDxS$P|bW+uEICf1U zJD_i_u)n>%ovC0s%u34@u0L|S_B-8sMSl>b;rY>Vtz270jV)uN=Jt`o4YvhmF2_I( zgwLa(Ko-yjU^GLPe!|IkAla6VC6G@)l&m9DSLgzpR~SxL(u&==9B(F=aAx9&*>yux z0BRs^lp`Q8Ou(Z&kE4*uSw+c%`K<62;i}dY_v8gOiNC$K$Tcy~0W#4nPrEP{NF7&LV=OoM8x_qF|uS>z>>4b8!Gozp(a+*87C74q^z1-8-CcU8lCBMP3q_a?egL0bQW69&&QsJs8A7y zXh8%WB98jBvmB&s1xHb4CbL5J)yPvq&ao)Ul3}1AAfW5<5J5lCs!LE~rjb3!m7QcV z?aA1Z$0`ww&{$UBCA#|hVc1P0BKkj@;}QmSUW9}zAWK6C9R$DCz)_%B&57^u41UgH zUd%SY59&o{#+b!S=Hx0-L5-0Y&6gN3-!|T~PA^Vxz($6WFSK99&*r zy?TSBkC3#**08rfPK6+ekoar`9^^T_!6d$A?5S=A#xX=*4kT)v0xcD*4G|7OT!`Xk zV{DQk91Xk=E>sRgrVZ}hksp|IQ(p#6<*c=+5S>&Q6bJm-x!bvHzTs~6wWRDJ$U#xO z&_dWG?ZvCJGZE#uh*P-*FLB8E!M(-AD#c09+dB{HIb-mc+9jl?>Ue{JE8Enb^hIo% zswer_tg6m2kp{%1#P>w}zo%RDI&9ODStG4~Wm0}@gFnb5iQW_@v8Ih-_}_^@QbU)vi(JMXaAv?#R&EriEK`bA>&)O zb}LbOy8AVqp+K3RCY`eh<3|99fCNH?N8Zm+=7Cj*PD;^I1BeYc=dP#|TK3-7sP9y=JRW9(WsO6-_z8!fZtV`y=WXPCRMH_wg7R7gbhz zvl#XIQk09jKy5^&w3AB3z3#2E&{?O~JMnux->bf)lMVAN8jX>XbN>&d=rj()03znW z=`wMuRp$msbLT| zsdA>OEEK0A-x4D$X%IKc)&O=tZkFd(KvaaM!f`m4$AA5+gjO*L;FA%+b8z`(v-t%fSqW3NLpSPHnelWx zkWFPm1XXm{eK0B1AtXfc7qL}gE__2n+omIKji&xF zqbU+es`V4_$PQPJ%qc#3HOu2!&;lns_uCVbFEs_(hTz%f`{)6L!l82pt-LtOGNGfy z#5SEkM8bB`Q~isjNS{LH>?8_DN-Z1`({6$VFdwW;^f^j#7lJ1L7q22Zbe5UBI_>a- z#+5_7ELDFAkjN7&SwdY-!9Eg|A;<3;f-9%Bm?%A`#8-eV=>&<2?~tM;NaZJbeR^?n z`MPy<^7mKfZjP;KJ$?|SdP9`yq2nB#y*~QB>D=Jje|~!1ym?T=MI<(U>${iJG;ySF z59{T}L#wNYP}>zN84FuHv?uX>br6OlEkIA{=F({)-zTKjQr%C9ht)*AJ{vQM^hc~6 z_?Cgqz&bRRAiCh=pspSfH$s}oLP%>Y^#{q}Wf(&6nD9hV{NQ$lMLcv~-y+Q3gPK`P z0=T$gVX@omjNsR~v94!{T}vy#;%4K`W17{txLo!ix#SukYCr}H+BoZtuQml^m9(u`|yA8&4 zDjO>s);*|kdzUQU5z>&9wcdKnNoz$&M)x`_JBW*l+CGtJ(fxxbrh)MaDp`Nvu}K=6 z@Ip4Y)%7F(clZwWy6#xfO7Tbc_ndt#AtVo!(Fh*}HdwM6-(8yIU~(%(cP!CJYJ}?W z855f%OEcSM-MU>iC*v&EEjSV5A_)UdX9RKg^rdG-N>zr6=;XV`b@TM{f~jk68OjT} z$HE~ydr%{6V8BX@(S%Od!2gq;;8H5x0z!eX9b-625T;YwI?s;9-cqw2Dx$!SvYv~r zA?!c!)|@&;HLKB`2R6!SZl5?kBK5|%5sZ46)DwLzo3)IWyUwpoy?Tafanr{dtk zAj2nh==VhgL08)`Qm>hq-fSlFQNu~5e5CU5K;ZeH=8D+m2RArVjAWXZRjX@LzZb9u zDy`i3Lk~tGyj~MSo$Xe4zIfpJToAs=OR=+Ts|7|gQ#6u_Z!jflWNxdqkwhaeCjq`? zEC(MkL-um;hOvgd=7NJ| z3%!6FW1x(}V9E)CNlY8H>C5%e#Yv0J5vgr_7pp=S#=;T)!H6fpR8O#>^5VZauf4&b z!s!F;QWbbUcf(--^G2Oo4q>vz{M1zvi`s)$brQ2u+eF&Po#9JVAYMuG|c#1Ek(1quGF zd6J|c4!YWq84?v_aSbiGN;16%vhF%;2AiU3!(hPE5I05=?lG>Y2hQY0gMlggFVr+d zShicw!v>>>C?pe2T3PZkw!&&$X=8fL)`$e&RYu;aG?rhLR*=c^vF>+gS&XljFdj$4 z>em4=bFGjCJAx!OiQv57gfSI6F|b!E>tm3^$n^QUNUEj}PrhZ8Q)Cz=a6Hd4$|*FA zQbP458S;wB23%TsC7}~?Y@$BFvgO!B<>0lYdPx~H;cQDvHswo3#4ghBJg8-9NFkl! zyF=%N#NzUim6pj&v6O;S)-blZc>L+jS{P|1DH%&EVsEr@;zoDcylG!&(R=__nxk2o z>K+g(zA2+g8)gh?8T?0&$ELA5$Zs+5x_w@D2(sPozb5fG$up_kN?^?!N%&#s)Ikw& zx#FtTbq*i4N;#%48R-!R4AN0Vk|bF&R%k(aB+7rP4Y#Dg0!R*Q@c@gLo6D0+6EX}B z%0ub_?LL?QS*n+uc5k#l8_+iRLn5JilYt70a;IXE5Ua=P8XHA1Glf!6zNEt&(Drtw3??cu1>ESaw)Rt^Fh;?qdzM$?VlfZ@R)jZM=^V~ zf&OQOC5ww-n*bl5wm%-a@w-G;WKE#{QB)C*7ZW))Wh9w-RjNN7D}vKid&5zp-&7FUfYjEA(`!H;;})HrRo{6yEAKfP z!xmTkqR{F^T=F-oJXk;+?IwUbJA6xidjCG2PWw zr?yk4PMtc-pdHF#maKjTJ}@dh8yi-?<}P!g@>B0psr_i z$gwTuG5@>^IIc&kH8ixQiPlkg)yekNyc1$1D0Fsp1qh3R)&l9n6=0zh;M`vr6kyQE zdS!6sUkq4c(6MU#`)%zcDs=q@ho*qyU|(O}!1mkjwn<`;_s_ALBdv$xZiM2>#vhMv z#9O0;xw>`3tW!xHZ8kCPoE7y#saf3$e!?Dx6l=1*iT)y#cTS+1SJocCw#bEE>N+$@ z*Hg#=jPHy3PnB(9O^G1fsvY+I_**3ejTYK8O#rdx2ipM%ED7sqfd-3+l3ggt9PK&5R7pd zu@f-Zb=5>6!?AvjV*X}`&d8su+(BX5-AsY!Xl z8Z}2<^7M*V2tdS%+K|ooV4(e>pog;^$nt=xM4@Ab8B&4C>ox5~vgig9_XwuZ7rKrv zWzc%J-Dd5$TU9i_>#nKFsO0N#JV1;jx2_U|+7cmA>o(CJ#;`@_L- zf+lpnx`syMEi)OnsJwPmKP?{~a)e~%mS4=_(1-A?fG%jPE`Fg!;orvl7v+jCCxjjU z67m(U+FOLY>ZR})_H)#8C2OVVwLg(N*k#acorC(w{S-UdMYa`9{>l|p&Btn(C_;9r zR(n1{kA|1zcffyfu!Tj$U%@$G0r@8&6-|s^k4?O6B8I4Dp?clgHp54NZdv>kZrd6y#DwPRBd0JsS$@( zO%w!hAt zGiI@lgK+>$=%99@Ii2=|<-<$1QTCF*Ty8h7pyL1g{{VTf;iO2r4d zHNpecq)+au*c}sYCQUKhEZ$jrwd)XUF8eDX@1rdG`Pglf6$mUk732OcN6K%FBp?TY zCxgQVHv%^j)+V9LXwKBzIh5oqy>xm0(gg8HAs8LnZ=L(hbesQ z_^jqZ=8xnP84Y<&XjRzqo8A7chBR>>zpDXF^Ri%L5F3{e+StM$?#Jp^>&haL*I{49 zrn_=@T(2sh@cv;LSo{a4wHMXmUDTXDSVmrlzLF^*3fV;{>Eogm-|}KS%E`)274i*m z{DwDeV&4FyZjZNKkWS74ddeH? zfI^WdFF%3sQM^&rpBGL~%13q9UK7)TFy@04U9^?c&8s;IDaf@>E8dsf`P**nhx}fQ$CCq-AW)sN) zrj#x-s!Rjbxw;D4U5;?t8Sr;x4tZx#E)HO<$k{wuk)b-kYmCOxghM-W1|&8=r;v2Y z-L8rgB6}7Y8MJ$6D_+x{A*DBCMI@IW!8c+@42PVFC| zu$?M?Xv0=9Kqhg_9#oBEbae*d#^d-j*%LP{+TyK8$PPO#N)!6B9ybg5-atm~4;~fA zP(h6dDhV{G=gzDwruN{vsYQ_|i!{5x@shzqp7vsmBi$VJx&bkBeGHLjDqcXB?A9k_ z)pfP;*d4!{`ezHTlk~?@q8$V>}~t5CMM$2)7|Ie zg2;ab7T|zqx(T-T85N^N%W*E7A4$Ryj@z&`F}|P)8hZF(x8yA*WTFb*Cyx3f2XA7( z?$~Xz+hIH^-m33WW)h`}SH|5J33`-a@Nj&?Bw7j-eo$-=-fdXbKU!Qek$9d?mgkY+ zyAa|b`s#zc!m%p6l~%)iei0K7<^K!B9yV7}lSs8S3UgV!pN{_>(}6*pNYL#4?f&;Q zKNX&AwYc{8k{#gq4(nKj-}dGv{#|>twQB!`-}>stqs_mqt!{5^Y;JFCZan(i>e~9+ z=EmRrf2)Dy&aCRc|0X}L-S7D;ck&}pl~*T+jf3iGwQ}01RVx1SS-EmrJ3cDZo)&(t z*5BnY7v<#mkL10MbzN|SuJy;j#bQAfw~Bcz$QBOpZiR9=APHEgqFH9KtTN!Ia2_{7 zn88ptnf@Sim%S}lpr21)9W9?l`ur~Mop~5R44(I>R(yf%?8&oQ`LTBNZ262LU$$Dv z3IK(Jfx%oj92kTwlYLgHWc)pD{w`~U`20&8JcNWE?NCiO^e-4LaGn>FF7R(s653FG zc2a%WsJwi+eD+JDQ9C+C3H0%cm$k#{$-BIN7Ee=!x#Fe-`xZ4l;K$fk-K5_Z)z9vj zG?6$ASAcxZu-9y{_dK+-bHKHRLzAG!D^jJd=vu%^ZCy@@z)t{)Luis@B2KFHSBIy| zXYf(Ro_=T9wRh@`lRMqW%+zFNpr!7__z!(MSRdr`QY!5a-f7_QL}>Y1;!@%boOU}Y znmYl{EC9+<8dM| zU2-I0dPy?CP16DGQS=;H5*2)X^6FXR_~mI`uL?bozv+?u%^k?ddQt;5dx6+1L@9So z# zi+-WAX6Ia=mUI2RRVifNd%qlf8jk!dR^ew>GXC1?s{cK`ujl;rA4=`uV+jLJz4sE4 zOlryLQHf)4oVKVHr-=$H5CW*8=jK5=Yb@UaIhOCZnO6Mu?Z=dj!e66)aOT_Nb_NgS z{c%U!;f?Y7oUW)Rqh4ds=`_aT{5b;7$KXvLo4syZJJMs_3=^e36KlXDs{wrfkJ;Nw z3m+{6DXiTmWil8>K|KEZngNlasNLur5|=}O(R1i#2FZ9|`SokF*T`67);8Dv?q`(4 zY|9)#ZchgiA<6PfoCL$_kqylFGVb<`*n>mgB2%A6uJ$+pa)bEDZ{*-CPtHOGCdf41_8dUW?1z0V;OT^{ zuO%vW;kCqyC>R&SnaEl!yl$b%9xRNDzKT6ICaXp`ybZ`U4&~?2BB%Ykh1`sJ3;fLb z>Z62t!&(v6dhrp35kzGbFE%kWB~}kC6b;>(nu$K^kGE2qK|7N0BYLyLEtrgJNr7g) z_;}0Mg`;|ZZvgz_pc93adEcO@sf|jbe*EgBQe9G;xft}u-l(}LQV=}RCYgNyyg(` zVaV9P7ylHf6n#tsYve%Tc;y&d8Yt`^@&a8lEv^8nU~3h#`Q-$R#`xP&7OLOw!l zD**;NFw-G@FWBRVqUK={Z&pM_5cx*BJD!C?8><^rPzXkeg{ad}2o1eEg^cMZF(r0Eac9*FU{LbZz6itDO7rH`fWT_}6A&Pg~?v4^bQ7l;u z5Ii>A8M$9W6&MsC5?gN|t1}fv7LS9oSB6}^I(tYlQl{B%D<+o)>a&kWg{83cOQBZM zm6k4+-bV`BbCU%qnaKCuT{|HNn=NZ04ElkdrB2u0>iYxzfel)r4zX+%e!+8i=cD7( zTBW*t#+LGI%E&B1^c=Or0N%+KYIuxin#Y(18dyD!-5iCh0IGgOz>%;6*3S^_@2SjH z_qSjqCajp_sQOxZ%46svZ4_mbv9)k);VD*0Q<}l!3RcV6z1ZAXg-k25>M^yLo=uua zYp!%r4^GM44h|cw51Mjz=Hn)w#lTp+dHHN3FDDo(PFlq-bUvx;BwmA|zlM4iC5^{(Gxm{%2ci91l^1&2a{n7R>l}5K^#aGRYpEhTpZxwIdCGP z4+mWfQPmOq7!_Nj;E_l$Vv++F2L>E`FdX0X0$$5d;Pm8YB~e>G^GYk4cf_f&28MRK zm6G>RMP>UhbT&wPWbyI`D|ylfq-wiqomPL`!=!h4s$!h0xxpw4Ao10Z9h%1^xt)R^*@McUz16Dc2Q!jtN8oqElhVi|iW*l5p6`=~N6t1F`#;-fx;AlI(Ev2Ue4 zpXPm;zvca>je7O;>0w?zf41g5w@av@WU5iTLskG=>;Xa(KJQr#&B!XL9aWc~mw&1@ z%%{A+miNz)qqHC*Vka#OSQ2&{h#hAwuQsb9H!V`7G=G5N)g=!C!^wJgx01}3`;#0}uOb7D_PchIt@gyH4=@94WV4NgmO7|`Rh zHU9EFHuxH%8hHh1j$x1031^i7j{mJEWn-R6p&?NlCyl6VIW&|H`S8m!4^M((Qdc>+ zO1<$MQz;XqY^*m9tL38xIuCvU58gvr$BEw*olrB*+8;tuotlu)uTxc4UTpL_WoE(@ zFOpP(3pj*|{|J)V;~|JfZbiG>?vK@u^-UfcL(0$CwoMDk&`2)R%F(a%&5Ywgqz9Xg4ZlR3}kGUR!j? zYiUECM*%Q3ZtI&l)^t6(g)Bb_j_c9!rh2Twwo63^n~?k*26t_D%E;qwFQfz6)&mdR zLqnlr-QJtNJI|9%-Jr94o{Q{&^`tE@G9~pXdtg0j6Ra<|3({yuFyE@b-)uKy6(7{< zZQ- zTq$LaU0tc}6aQ?aKq{H9UvXe8F_3`3L%GG1Yld763|;Q=wd=k1PelLcYP0l5sm45d z^e9FDht*})Rv)cxZEbC@ZA1Fn>IUlnY~Abs{OR)#?*(=PcXv8q)AhgBwpKT`QU7ao zYi;w<>Z1+R|JvH#yx0HwGkyri07b4BYf9~jvMg| zJ_;y`5gNA8xd~PJpNuB`f&aXT+B1?4`_5tQNuzuMdr$53ITj6XVE?(f8caw42pP=B zK04kTph9k8y|}hP+HI`C2AxCooAd(ydU0#LSS-SyMuZ&r#INJ5kEJ#F$RW-~8&o57o zpEW9#q)(MHFtN2t`LOZ)xPF?HLz?iid{S+^0RFHB3A6G^lQ9?e|A`KJlE=VDSy;i9@k;p=fvP89lSLA~u8k6Nyh6*xum~ zS(=0+)#tpGf8FF4FZ#S2_s7o7yIo|%6d|Zc`+5$RU-K0fUku@`Do}RPavG)*bJ8Mz`Qox?({(QWH{sLL~h3He;zW zTkZSA3#Cv?X=zNELYn3%%5l&{FQ#6nFKtbgh2P+?&M=~|XOEg5G-nFqZPb_AmMq{PSVuJZ!HN;4Nnjfvb8D(LJ!#4DH7`M#9R} zhD>wL3?u4Eu=pBPKa~oU6BB^B03nfT zXVVcCu;b66Av`cP{fLtKx#)=W?(WIRVM1g7}gie3Ke{3R>!uPwvUO zedSIERrUFt#(M8r;cwLmJZlx^177fHNWndma`t*m=X+28r;%TjXHcIJ#zi)sYs4PgN#wbJUT+ZXC6 z@%M=}y|qhNAKu1*S~X{)_?RXSuE;w~g-H(a0fZ4KZiFu>&7n-lA)In3Erm-<~HyE4h=zB(V zVbn(%kBl{E&->y8Gz0H!q6!b&o0%!pM2kNRJz?!Uk`A#|RL}54qu@e9Stt&MYG656 zYcfKG4goVnk47T;BpDi7j3`qFv2;N|8|wu$Er-~%1>%xUS%^P zgNuQW>K-FSflJgV0?E(?%=8jPw3yUX(J}uZXZsxFmLXAi-18d}{g7VZIGUg9x=}I? z)Wk0OwGQS)7bptQ02#Xw$Wp+bxB@f;!%%751?V%`_0TS3aeJ`ip#F99JRI~e;++gR zR6=OsLLq0bBz|P?t~7cultuqo%k0GTlkI5{mX>ZIK-ew_r;4)140`UdoQHdf_3yo3 zKCCp#hlhI=pR63oGOxfH3RudqH57$zV3rDjzZB+w(Q~xp=kvoQ^_@TN<@2QI?eJKp z?&xMfE3x*J7!Lg7KllP!C}GFwGIM!kT#(5%&@4XJ;gWRzD0d{P&*rAF4zJr0<@Xs4v0F1&6NKZm6D!ej|KUi)us(f#k*`u+XypL73f&$zn&-S8g9 zZ+l^5f`7L$Fe2~<{|y^jCk$cFe+Ze=?|1XorEFVvarWqd#sk6-Jv({@Kqy2u)c%sA zlpO*$(hmdlH%q3uXj|Rv$<3!+{z_q06o9ye#U}-|?5cT#ZVm0`pf7~xi0pfs+86jk z=6{5b3n^YE^TupkEk*`pUPq?iz*v;!jyBIdBpBLGOX{O0Q?Hw$cq0oX;8jzr)fOYe z*=qLbKjn{+EW0USYbeK9y6Z%*{~w#(9&x006Rg3B42>_wWSHYnxF0tsfKYky(vYhQ z$NK7%Y|YqK%?_Yc)(GVRgjZqnBG>``h2nlJpS?IfsJ_cNEG~Z{mi9sF<=~T7wZjA0 zk{-;uKJ*?qk`#dcvRwJG{7j!cAD|per|xBcm#4;2`9*c7kd@aj-UHYKA4IIT^lDMl zP%IXGtCGY9NaUaIfTTbhhhrptx?yL|pE6%O*@1Y?bF`q9N6G?08we*f*y-(G#&E`0m^+ZW%~ zowojiWTC58OHH}=JVYilCeGC<4ATH7rK=&e2#ZON{z{BblK$77ZvM0P|Lv`fwTS-L z+V=ML{r>;w>3_MKzoYxLk)->z_W1EO>V9qfMRdRFlk*V(==K9*SzySsca1DsaYX97bBr zjDIFVAn4LNs6h5ZOIHTE`uVesC^$BGC!s&cd1<;^Vkix7hb#F#bXe06b_B4jZID{KhYxcl)LAGUNY% z{C7563@_DZbdJ;=`>Poky&s&)O1gwJ1r`P>0&~cM#H)%^A-6M9OA+O4X#dd^4-_)BE&fx(GHV+T@ z0ujNeYhW7tOhzG1jr1ZgLIwp25AZM>phs`ftUzrEtz1!brddYG#sCGci%uYWO?0)B zSDp~HrXpzuqpTFs98S-;4jHmd_9lIDYhbD%do9Rq$!?kRgaRaHLNg_u z5mvt5iGL~|F01Va&;)i2*c+TA2hBJ??zy@wK+RO9l12yIcT&IN-{4aK45uricL!iE4%MtJqJ!k0 zBT&A;l%2BXT#9}wi;~xn7UEJ=p(m);q8*WmUs92+l*}Bnpy!%2!aKpJXuDu}pUJx2 z%^1$dcUd2~5J+Tz9wcGwH?;G^e3AN%>i$4uTt=aMZ2quU z4|RMG;selu)d(d>EE7Zn123$w7$CaC~E(; zzHu-A|1;13JmX3Nu;z*Ywu|f248R`!g$=;ycvOWG(eiq6YtvO8(FQTgbjg2~_uB#b zWe)nSE;^kSE+q(+MFnM3+GwIDA_@>K3;`An(H{~={|i11d)<~OVqj!Hda*0uai?P` zId!Tu>aU*EPkCd4_GN!ZdG{AKqdK(`ENwe!OLKC;VhzXsO68lgBBj)4J7>pp))fXo z>2}lr@SHV6Luj+V$AEl^>UAcZw2eKIwp*IRSSTUaiO_lFkZAer2&LcoGdT71!(MkR zlJ8=vz#h~aB;2;LL(AjYo98XaaBZ0>TD8Wgsx{}cwm&}P=L1TN#XC}V9hc*Z>fKiGzu{f&SM&g&?`}_s*}@-t z8fpEWDtPkINIpkZFXn^ANG31>_UF~S{^Z!9GMZhrV;)@0c2*qZM*IghF~IqIOC1IT z3{;Q4#-PNnfk+u4B*yZ^ngcJRL}hm1?`%u&p(+h_U~QqE5PhzTcW+By9kR>{KGUEhz?IB}8Z@a}#_jlK_$n;XB40HG8gw^(@ z2vY|lQV6*i<_jDp;BU3&Hi@dy#BrhpnasfOKA#IVoxi&DY6?pz$)FYv=KU_t(3e)D|Cvw}5n^rl zpspbCiiY8bn6j$iF)IDoon5vzDDX2dm@15-I6TTVNheR(thgf99V{p;80%jN+h}G4Dk%EOu4%#Q?digOJhuu( zKRj_|L!A`QJO>$Br|h>m-5P$aJM2(b(&%M-9v7SQfCTpCg|WvZUf5GRXnilhwiqQeDpQvaAt*CC?-1JFpZ7u%m}W*;R{eM%ZqbKt!(m z!+^)WRdq1GBGi z#KW1Yj7F5ytxGK-%=Lb7(1Q22JbrIZo5;<$!mu2%ZYA}Mo9P!d8X4K@gQ1XT-rS*R z+hMN1Z*i_2?0X2+K!Os?2;=yi{99av;Z=v;H<)#AyHB$Z6y>Ww>1bM{`a#A=z9<`mG-}&+$nY$e+Lw;fn+tQ4Fhmg zH%tSe$#tCaryHF6% zVup?At!IfvOrqsE3531=yabJESL)%?o5f1ZD)R;_0U9nga6(P2oXv(_Y8^V-2tCP! zA#KJ>X9I{gdc>htn}I%0Ii4-pi8RgIX_OZ{l-*Gfmi(N7XwClZgLc74F6!8XXAU3^vdGjg*lbCg9m zMtH%HBbqhnNS9=5s6+BCgiPi>>q_8%J19sETDY_U)xqxX&5n!C+&=FHJ;jD;mGmtK zi{aG0&(wU*RD8MeK@k@h{cqsEh$%y_=OK6mQA+kfC~)Os;omB?$c7)4W~-4tzEcH~ z*YbN6ATp1d<1gwc=l0O+qW)G<{thcx!$jivui^UmbR`CiUJM%?e;johjc?6{ zQZ7a1+Ayrsl!p#~U_Qe-5U|zsM(ZA8HKHsVQtJp)OPQF9(Dy(lD zB{L|(RxX6q6_^AzXwQhyPOg48F?EfuIE{6AubfF>VTN!0C<)zDG_VC1dre?Sz1sUI zS23ZyBqutR!oo;4hl!lM2jJ{m4e9nFI$ z&yz;!(cr0);pzcnC~Vkx1{gjwdFU#Hm)R-H>!A}MnE}u)g&ZK+-G8%;xP}5wp_K(r zZGdP;zF`8wo0o=s*{QntbmnkIzNIZ9glu9yyZxFz2wytW)&1RguLv)0%-t~GwujB8 zY$liL{G1BzxO}}Mv-Yy0siY>-1fQJtW^7;f1Tc`9syvX*@UqMjCW=kJiaKR0qzuHC z0LTc>oF=6%MNxAZ`{+caa++eve=~ktBC2yzn30p*0m-Yc6&Rvx`4T;Q!xW$SUMD#I zd12Ix&AcVDRJ5`~J_zOix6y8AJKw46aDX_>fImcfS{9{=h;&dr=P0i7b||}BqoOI57XWA1-@F#tZ7cl+%=_*AH%m(5 zd!+IW6YnY0Zr!cUWBU`c>qP7;#O4@ocT?T^Qn{%NXT<|L{qwTvL(BF9F6IPGriWHd ze~7xc22xp?f|9BpAFd9r*$DT_&!q*jQYSF#kMjnmDXs0aF722x?OI|1S;UHyy+A1|YI{$#S`;<)9=8Xmg~sm8!Wot)ilnvSdtdJYD9PozZMK(AIIm7% zy5Mmtsv_Q??b}ovHzJxoj(E~$m;0trav54(xEAbfQ93I>6xtTz`ZJt9yr_cg}O28>x`>|t!?2VXz<^;LHu4)H*tu!?&^50q* zj{Q=KcypcP%vAfQ$X)8e5B?~xDyMZ+l0Kx5mIkdInGZ>VqMJd}LQKHo6+QZ&llKA@ z0cAzF($jhil_wl@QEa`4{6qcoPj`;Q7WS#bW}Wu%X4`2d*KF@{hAkf1|6XeyTIBCZ z>IDr(Mm(yQXlSR9dqo#*l?HR!P>m)Xtz-?)?01@}$Xq!mASC<|2)yJ#OKN#A^1D4n zi|*oT_qE$F6HLp=a1y^z6w3h|9?cN?m?$mrg6V>?MKh>)dS;68oaUn}o_li%8t8{s zC1dyrCYV%Nee%VQJ8+7)b7l?ZlU@mwjT)uH4ABgrEg&W7wVbIkT%;oT?E?V~q1Uoc zZj!i0wKObPc^q#kuE|dr?#2*0$^+VZG*@Z3_J{mX6vt%3axtBdxM_8{7Ihz!@NKjm z-aqhN@IM2!M1~>|g*=`FAb7kfHQfb(L*_7iUXK^Iu8Eu`c=*m@jBZO7GZkjhx`4-S zN~(sE6=2)mQVZ<%_R9*sB*)ayXn8(V+3WO)qHa3ZY-eZNPcra;!W?p12cwQMrRpi% zBrvnI9gFLMei{F9#`z%SCN_8FI^e|8X_Nt#K=}>LI5{C0G}w(;MNY_%#d|c}CMwm_ zvI5i0xj&HYJdjBurD@*Ca?CfXBl?dkGJ%`@%GYlcbkf>MwJ~an<#qx1o}gn6 z-na2zoitB@m$v=hWe69Y zlN5WbF>*K}BwH+GR!_`NSkz*lCh+9#$8oH4k1fVhw`m><>y?l*uF1v?DV?G-Pb%+b z4w7-(oX|ntc((66J-qiZoRG^Sj@!1JVLp`%tp%PR_>&EZt#)hdzswF;@gx!XbSw~= zL9P)zvtJ;E>>!LUSR-8gxYDHJBE9b{`0nq(LCUdT@s2Zje*SE z$@1U_Vg5%FL2{i-(#Vs9-qcoCOdL;+zWs}}HZWe$b^>F@or{|}s`S6y^rb+pTDJL? z7|4DC2GYLvbN$|CGjB{ozbik4v@!Te1u)6anwkc?rHc*C5l^guB^85nZHGiV68F!2 z7AIR)*5)wEPLN@Y;_1QCoTDWB3C8}EzdXfWZ3s(QTl<&3_*+?1A*~UoZy&oa?V(v& z*HpH|LGkEMwv@tdabq)ufTsyJDyMd{EF0jLj7ClK zpDIA|%se`5=5J{OQ!O~npzeJWFUSNDLe(ebmROj!89*keaN40ARgXgP zH@I*SRHa|SG;GLe8&1LUgLtIDS2FuxV%)}=1dHSS6XsirS8+UF-)a9lm=Vci8Iv+87Q}K45uYg?>Yo zyALTGxQlt8(Y*$6${g;<;v74mHXmBA1;-4O_z^=`Y|gOtA@ilBS#k3u(qbz zW7qEGF|!+4SI|?OG;SIOn#Ro1iH!>3kitI1h{Dk7()nY~qz$R|q1wPik6NjfvMGO* z_nv@r)9?`0WE#6*KN?vY1Sr3;K}dMD1#+0NVeulQbCx+q zk-%Ry+U$3+RYX&ee`$(0Rxypo2mBTQu$bDcZ8$=!JuZ) zYVH%u9oLA0LALvM%|AM?P*FSS3jJhQBpr}hnnO(Tb9P^{uXmJ>vbB95ADYmbgB0WI zv(MK&we*bacHUV)1NT)Bdxk(T^c{iNeV$`zVP1q5>Y>$M0=+E<+d4}&oR%H+ISX}h zM#qRvFX4EhbWOC004UslP_)3+ z1(`y91(EWs@DYVMvTLrJUa_K>a{3~iVV#~_y!&}^fvpMDH7tWu;>ADpk&v|x_Q*^y zU4H6#HL>w686D3Mqi4&`vb;cLw{zG)p3|7SdkK_)QAGi0$U83#XF;Rc_<87Eio?4N znj_avTKMcW+W%f{alZXK^;%#yMN)a~-W86&`T`XfGUUYY;H0h8XClt? zDl4k#7i{C$IbzV!F$-_NI)k<{S!bnpLu3$2x_>kRkGgS`na1oUgl6*jY#ToBH8SZ@ z(~-V!0*_6|e#~v$<~e)CY5$+W_u9Pv2Dgq%4fFd1)1}HY237K_90Tt2#l2)1yyX?z zW`GmpGPcI1+WY`{nKaB+pm7=(p{Bcg)Fl_s@KfE$N>4 zrIYWwd=CQoWjnJ@`PqIr9nSO-EBkSAMT>3uvU>@Rz~7P1*gpqNTj90?dff3l%<+O*QWE-M0$ z+%f8LQItU*ag-IhzeO0U&{dHKPJjdS^}dyM#o=c;b7x`r(QF)?>}**6ZOnhOc)da9CXIQ|GOuIr8y^yUZJ?!7 zwBYQXxr0;Zn~~$Df=b{5bW4m_AD5}iSu)7SGf7@X9WUMqJ_b6LkXwsP<<}6R$H8~Q zFtIrUOYe_6^7rGh4*P>om!hBV3eLKSmgO@c0QYCqn!vb#!wvE@NONJg6}Tae;Dnm% z|L7|dBd_1L1Q9?~qV+mB_yPvdPEI0#&OxT~$`!7R@J^;@COl`H-<8kA?GqzOG#cpB z@)AL;lB)=PM^bID-5;<^yONvL_}w3^t`8H{+Iy4pyE}dA-rQwfRb&t_S}wl@N2}59 zWOVyRIW2GUE9;s3r~{M#G_ZGBy1t9L|2Jb!c%b@As|ugcXr~4%oh8+k*}qhz@_28N zGPkjVjT&TvG18=ajdnL$U_ZKc&uB9k9$h-Ci_$la@!mp|vqiGQy`I7;;m;o=c9~$T zY{N4NA!vs)&a4$0fu4WBv5Io>L`_u#Kb$sv|HK`mP_4v%%h%Ap(M8aXv|I-#p4s?i z%O-m8$GLwvzUQw+g^Z|zzWNmQ29nQJd?V=b8Kh0Y>sbwhntg1gV~P6KQhjTq_UH_g zBdK1!#gqy!Iq0sZF=J&r+@B9;KgSgKAaXw5k)=XY?f3PmVv~_1pQS4Apn%N3tIdxS zT9oW#B+Vg;rBtKW54 z3VThD>hmFdl08$#{P8~?YL@kH@E;(D@h{=w(5Uw>1@S(G1aZmDq`qmS|L$3KHAi0w5Ln6=EtqzX_3AW!fcwYOsn6~0N?B5Zu95;MSnARqcrw=5 zz$GgfDE@CHZO}husq~t{&4^`>^Z(W)r&j%$vpRlBHa#KNtKT+fPt?AV1%!2g`~>k zu~^>kF_9gkWc+xp{`yhf2uMCa02ut{*t3$5&Q+z@s?XL>M`_N{x^}UMtuuZh-ApmO zJe)mXhf#EnGZ$N~b=Ymaz}@u#GhcV_&WQlKk1_AMg#j^%uzZ4Wy7)vYoPxTv4Lo`06 zG^ri-HvdBiufT?UsAIqG8`ra^gN3W{Ql0+Ns(sN`SCQ6J!L8lyGfD8-l?R?%VV>?Y zJteNAui9|(Y^R(1E@(Owo`Yg<`4T?LQ?x?Z(w75_z3to4(#J*eG_QhSTa#Y5dyHAI zXpAK{x!;_A+MLBfkYBy=N^_ZDK{P^4T(at4?zz zp62@~o(f4njPuz{XHs5x^wuc-PDzZ#pDeEdW}O{*-BaRJNW~n=fzgh>_qoCdg5C5&8jqY1nJ;KGS?vGCk=Ub#~R@;I&)*cHx=cex>Qv%$H(SY%J%FL7o~ zKTqm5G=;OLpn_B>dlw@)7WMY&`m`%3_{jcTFKf6hE-T-z#rU2cmi z?tSvHcc9fH!3hH~?^_^TN6urCE6+QAlteEuN)HDm9+F9x4$%b+3ZyCm!T~tA1&A1G z_3<|C|7>9oT1YzWAO9~Be$H6_K?G0SGwj}S{=#Vt!>(LNIrklEC!*1O&c^PvGQ-3#?LUy3KsJsxl_YH36?xV|!tH(!RZ+c67b>5I6`fFHW1AJL7O9&u2Mg`fx4KCmYU?ZzF}15EE+YZ`jBRp$`BeZGZuTQ@5WN8T&Dw5DjKaW1 z9Z3@ZUwnIX+`KE7wSkF%#uAeKAqtE<%c6vb@SZ|-%i-!XZc16+ivo$N{5b*fSeSV7 z`dcLC2O2p{X3)9K3#M8d&hC>wrhi#U!coTX1%&XMGKBrcj6SY<3WzuV4j`k-k0w20 zndw@{{5JHH0zH(W9f#%H2^GN1ch<&>tIw*Caf2EGHhn=-hA65|@DB+lX)T2D>R?Uu z$DDCDIDYv|Pa-4mbY_GYrDGmj7&XkDc&H!fBGm{biv9zN<{+Fm9Ro4>(Rw067xD6B z)1fhY3go>JzpT>Lxw9l|24lD-;|8JM1#&ZK7$um?cB47af}B=OcJ&;U2eOc!6sH=S z(W{Yeup}wbCTNeCMCQZp;|RjVGPbwYDNF!FmB7chkm}4T+Tba|>9nN1u|1>Pno}1M z_;m2JSQ}wkX^AqlcBL^>Zs}AV(Wbc_V{AD}7YSrJF=e&sRA#gAi`Nn&qNqwOvn@TniMX3e#G3z&dV{eE~I(;%IpK~Rd1F&cu*&!g9s8-^|3;~R1_`ev?HE0kONNN$C zz{5s-gW^Mm=t^=)=J(Ea@dFq!7L1%7yVtk6^)_P{Xp=G2lre?oUHrzOC@46Mi`|wK z(2+~S^d%>;ApU91%wOdMfjW_~`ETQ}$aBX_JFxQPCH1hv2|Cf6?uW?W+>^FQj#qTQ z-Fp5;BLbgbZs4D7NnKEqppkn`?Ve_~m2>T%CPUn4T6H>ID!qCluvKCBa+;o$xUj&W zU&MZ0yb@X-^>b$f4!)pW*}6(#q=PAF6StJ*8m$*HLus*EHRS#S_HiLu?vcdHWrk(9isb-pnBN-CugieA<&9pP3or1T%M5zWw;@@h`N=X(j72) zDk?0mj`(f`iXH&soVmbl@aC?zvD@5M_Vz>MLCV-FQayc$Ju@tduYp~&bHyv;+rP?M zI&qyVDC+I*KFzrNV{|Hvfl`SWR*HwS=5oB!U>=I z#CnH23sWPEpr)=bxKbh*UF7^AuTdHn^NBTfWAr9yTL$uFp@@A~9KYB#TPY2T8tZQQ zRy2^|=7(R1F=|onUBU2TnJa|O^|o@<3Pg1;L0*k3MIe9n_8_G3O}dSSs-7Ly{0|-5 zYsDOlXvzr)+{-!n%HNpIb4nN5F=RK4AHKbix*A@$>Y^K?u|Q-ucCH^%G5Z84omNqi;#P({)&k#;m~KG&`b@YPp|YGnz^R2l(14ro zY3crEn_xS0FQHbI41HeDa|b>XSD^q2YnPA}j85ix3#oejdeO8oLx(a5CV@V7C~&WC zmmvSu75X#7u5ae;oZqY2wAyLVs2*lW7a~;i)ZB9Q#F_sRBQ@bHk%%TsP2t+F*+2yq zM(uYhDvftUv@R-z63OewstgwbwPI-ma_#t~2wOzIwqtlP%Dn~L9>2FJhwEZw5W-Hy zIVa(tMj2E$86!ZE<1WN#iE%xy-GhTltTy2Sn?J;qY)xA3p}J)jPKQ3}{60Z8dgPx; z^I^NsQMi}tNIuLf6(tAp>yJ12UK&RGdoL$okKnTyHJa6dQ?-dgb zD<{<$klu($=_7JbHZwMA{L=!>$O7OwR^v4(G#bZ@sCc>0(@7Ysr%^7_60VA`Ak7 z`xdk-+2K{Ni2?vgw@NEV0L@$Htap!G?Hy&OQOJ>iqLyJLS4W<{STO$0ef4Jf;gEs% z3f+WP5}wLNxi4Y3G}0oio4jK+sg?W4)m(Uqw@s=fEsA7>t1~BOVtVXsIe{#zP>sW# zo+wJVpV@q;p(>NPTZ-VEegrQ#WI0nOxd4{gcc^~@>e`W-HWfq2>&TLsz8zD=pIddm zuG3BY>ru92<>;tL-W8bJjY-EZej4ie=oM5W1uS6rh^y#!MKJ*dh40W$Ab*d|OZ{z~lZZtBkbfYtL%9XA>J@*il0k(v@dhp? z-je&<#@o{+_B0!AF_=w-tf5}2rydHj~fbmX`Qt^RGaU zc(>Rb*@dPhK}Vhh!-4z|TI(rlEvW^}7#%!Y#1l$~EzW&m@-$`6*;3o+75?lgIPN7F zOj`=eED!6i0rAuTk)(R_PU&R1PPyKfYTjZ{?KZ2kq3b}MgAQm<*D~1vpKT0V+saPf)5=p zj>RAteVJcRDF=4dcQy07njPi3uren%cyD>#gD$Rt*K?z?YbePmjkN#?N9jx`7sO6g z7-Jn?-QY;?d>Pjn8*fY;7vcF|%6pc3;PTnPQ5VKmF18c8!hn5QS}O#%T79ALH*~pw z$kKSqmb6cVZncw|wy@Y@&_qd^52}s~yRjkUCpfW|L3oe(Y@u6aMOK*pz(*BW`8Ugv?6Bk7 zX3Ja8b!5CmefE8`={dmWIGh6yUt#$bhe<&@yO_1OllW>@^t%o56O5Q^0-jJ82D zQ8QPw&C#UWa==!-?3J4m{7n?sR&=)UR+axBqX zl$&h;PlN2bgSV9e?tgepi0ijH;&_BO{+A*jHuk{e@QOYHehtv&d(!b`U|E^OU8I2{ zsO?3IRYtBzt<|vnvWk{DW+8diM2#iJgUqtL$I-tjYZj_kBt0QM9I{3!5i;w$KLqy zusHv|j*+%WQuX*@8!8gQ2KsiL2vf0W5K4zwQPoC^?LK&0M9k(0HxuLb2)#F*fNDhK zz*H9|=$q!v35`Z(wTT!M#Rf%MS6n;>6InU;SP5X87$!uHGx&b27-M=oi*0eLC)r~` zobMl0QwYBH?X2v|YJm}VlPX7mFq`KKigR6rj)6JFUuZX^7nC#oMDiFW`Vb7Qr~;3~ zI-z1@44`S!X2&>_(u6C{!qrO$kAcBk1MaCMU)ik*H^SZJU|N?N0l%zQiFXNC52KFfuQ3$dd!;+>#b=w?ay!zb}JxAL7S*!xy?T@wKXx`B-jc?yVyf!;2^Z zDoyrdb`Dd%UMI{QiQ34m<5_nMPzl?dGV9Ii z_NqNov)0t**9NN&y;buN(ON*~Fs21o`CxfU$hP~Hm}3dW8^Ux0LaBy+F7$1k-}1=O zt+=r@k}Eh^pRaDbIZ6V{IKf5;43o2jgKt>kSla!S21Leat$s+ZjektPp@KL1MU5Tp zG{Bje4>y7dDNF4+n7@C9=ge8_biMw}aQ&^WMYP>%wIQyh1^Dt+S8rY>{Is!g`D2<@>Y9dFwK{PkK7PN8#kZ;-~4e=(WMNZb&`9srd7CA;ETt zU>$u%OGpJV84fpC!?)L<%E`})y32xlHq!;&8rNS_CVsgOT_BKTJMJdz_%8fX5~9O- zgf@wd_nLQJ0%DFn969&I+n{+nXFLj012#4nZ1_DxQ%|;UH0?K7u}U-oFwkfx=mAfD zfmE*w14#uhG9uUU8`3^bHOasp>FJEro?cbZ + +#define LIBSSH2_MD5 1 + +#define LIBSSH2_HMAC_RIPEMD 1 + +#define LIBSSH2_AES 1 +#define LIBSSH2_BLOWFISH 1 +#define LIBSSH2_RC4 1 +#define LIBSSH2_CAST 1 +#define LIBSSH2_3DES 1 + +#define LIBSSH2_RSA 1 +#define LIBSSH2_DSA 1 + +#define MD5_DIGEST_LENGTH 16 +#define SHA_DIGEST_LENGTH 20 + +#define libssh2_random(buf, len) \ + (gcry_randomize ((buf), (len), GCRY_STRONG_RANDOM), 1) + +#define libssh2_sha1_ctx gcry_md_hd_t +#define libssh2_sha1_init(ctx) gcry_md_open (ctx, GCRY_MD_SHA1, 0); +#define libssh2_sha1_update(ctx, data, len) gcry_md_write (ctx, data, len) +#define libssh2_sha1_final(ctx, out) \ + memcpy (out, gcry_md_read (ctx, 0), 20), gcry_md_close (ctx) +#define libssh2_sha1(message, len, out) \ + gcry_md_hash_buffer (GCRY_MD_SHA1, out, message, len) + +#define libssh2_md5_ctx gcry_md_hd_t +#define libssh2_md5_init(ctx) gcry_md_open (ctx, GCRY_MD_MD5, 0); +#define libssh2_md5_update(ctx, data, len) gcry_md_write (ctx, data, len) +#define libssh2_md5_final(ctx, out) \ + memcpy (out, gcry_md_read (ctx, 0), 20), gcry_md_close (ctx) +#define libssh2_md5(message, len, out) \ + gcry_md_hash_buffer (GCRY_MD_MD5, out, message, len) + +#define libssh2_hmac_ctx gcry_md_hd_t +#define libssh2_hmac_sha1_init(ctx, key, keylen) \ + gcry_md_open (ctx, GCRY_MD_SHA1, GCRY_MD_FLAG_HMAC), \ + gcry_md_setkey (*ctx, key, keylen) +#define libssh2_hmac_md5_init(ctx, key, keylen) \ + gcry_md_open (ctx, GCRY_MD_MD5, GCRY_MD_FLAG_HMAC), \ + gcry_md_setkey (*ctx, key, keylen) +#define libssh2_hmac_ripemd160_init(ctx, key, keylen) \ + gcry_md_open (ctx, GCRY_MD_RMD160, GCRY_MD_FLAG_HMAC), \ + gcry_md_setkey (*ctx, key, keylen) +#define libssh2_hmac_update(ctx, data, datalen) \ + gcry_md_write (ctx, data, datalen) +#define libssh2_hmac_final(ctx, data) \ + memcpy (data, gcry_md_read (ctx, 0), \ + gcry_md_get_algo_dlen (gcry_md_get_algo (ctx))) +#define libssh2_hmac_cleanup(ctx) gcry_md_close (*ctx); + +#define libssh2_crypto_init() gcry_control (GCRYCTL_DISABLE_SECMEM) + +#define libssh2_rsa_ctx struct gcry_sexp + +int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa, + const unsigned char *edata, + unsigned long elen, + const unsigned char *ndata, + unsigned long nlen, + const unsigned char *ddata, + unsigned long dlen, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *e1data, + unsigned long e1len, + const unsigned char *e2data, + unsigned long e2len, + const unsigned char *coeffdata, unsigned long coefflen); +int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, + LIBSSH2_SESSION * session, + FILE * fp, unsigned const char *passphrase); +int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, unsigned long m_len); +int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session, + libssh2_rsa_ctx * rsactx, + const unsigned char *hash, + unsigned long hash_len, + unsigned char **signature, + unsigned long *signature_len); + +#define _libssh2_rsa_free(rsactx) gcry_sexp_release (rsactx) + +#define libssh2_dsa_ctx struct gcry_sexp + +int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *gdata, + unsigned long glen, + const unsigned char *ydata, + unsigned long ylen, + const unsigned char *x, unsigned long x_len); +int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, + LIBSSH2_SESSION * session, + FILE * fp, unsigned const char *passphrase); +int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsa, + const unsigned char *sig, + const unsigned char *m, unsigned long m_len); +int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, + const unsigned char *hash, + unsigned long hash_len, unsigned char *sig); + +#define _libssh2_dsa_free(dsactx) gcry_sexp_release (dsactx) + +#define _libssh2_cipher_type(name) int name +#define _libssh2_cipher_ctx gcry_cipher_hd_t + +#define _libssh2_cipher_aes256 GCRY_CIPHER_AES256 +#define _libssh2_cipher_aes192 GCRY_CIPHER_AES192 +#define _libssh2_cipher_aes128 GCRY_CIPHER_AES128 +#define _libssh2_cipher_blowfish GCRY_CIPHER_BLOWFISH +#define _libssh2_cipher_arcfour GCRY_CIPHER_ARCFOUR +#define _libssh2_cipher_cast5 GCRY_CIPHER_CAST5 +#define _libssh2_cipher_3des GCRY_CIPHER_3DES + +int _libssh2_cipher_init(_libssh2_cipher_ctx * h, + _libssh2_cipher_type(algo), + unsigned char *iv, + unsigned char *secret, int encrypt); + +int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, + _libssh2_cipher_type(algo), + int encrypt, unsigned char *block); + +#define _libssh2_cipher_dtor(ctx) gcry_cipher_close(*(ctx)) + +#define _libssh2_bn struct gcry_mpi +#define _libssh2_bn_ctx int +#define _libssh2_bn_ctx_new() 0 +#define _libssh2_bn_ctx_free(bnctx) 0 +#define _libssh2_bn_init() gcry_mpi_new(0) +#define _libssh2_bn_rand(bn, bits, top, bottom) gcry_mpi_randomize (bn, bits, GCRY_WEAK_RANDOM) +#define _libssh2_bn_mod_exp(r, a, p, m, ctx) gcry_mpi_powm (r, a, p, m) +#define _libssh2_bn_set_word(bn, val) gcry_mpi_set_ui(bn, val) +#define _libssh2_bn_from_bin(bn, len, val) gcry_mpi_scan(&((bn)), GCRYMPI_FMT_USG, val, len, NULL) +#define _libssh2_bn_to_bin(bn, val) gcry_mpi_print (GCRYMPI_FMT_USG, val, _libssh2_bn_bytes(bn), NULL, bn) +#define _libssh2_bn_bytes(bn) (gcry_mpi_get_nbits (bn) / 8 + ((gcry_mpi_get_nbits (bn) % 8 == 0) ? 0 : 1)) +#define _libssh2_bn_bits(bn) gcry_mpi_get_nbits (bn) +#define _libssh2_bn_free(bn) gcry_mpi_release(bn) diff --git a/libssh2/include/libssh2.h b/Vendor/libssh2/Headers/libssh2.h similarity index 100% rename from libssh2/include/libssh2.h rename to Vendor/libssh2/Headers/libssh2.h diff --git a/Vendor/libssh2/Headers/libssh2_config.h b/Vendor/libssh2/Headers/libssh2_config.h new file mode 100644 index 0000000..30af66f --- /dev/null +++ b/Vendor/libssh2/Headers/libssh2_config.h @@ -0,0 +1,173 @@ +/* src/libssh2_config.h. Generated from libssh2_config.h.in by configure. */ +/* src/libssh2_config.h.in. Generated from configure.in by autoheader. */ + +/* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP + systems. This function is required for `alloca.c' support on those systems. + */ +/* #undef CRAY_STACKSEG_END */ + +/* Define to 1 if using `alloca.c'. */ +/* #undef C_ALLOCA */ + +/* Define to 1 if you have `alloca', as a function or macro. */ +#define HAVE_ALLOCA 1 + +/* Define to 1 if you have and it should be used (not on Ultrix). + */ +#define HAVE_ALLOCA_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_ARPA_INET_H 1 + +/* disabled non-blocking sockets */ +/* #undef HAVE_DISABLED_NONBLOCKING */ + +/* Define to 1 if you have the header file. */ +#define HAVE_DLFCN_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_ERRNO_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_FCNTL_H 1 + +/* use FIONBIO for non-blocking sockets */ +/* #undef HAVE_FIONBIO */ + +/* Define to 1 if you have the `gettimeofday' function. */ +#define HAVE_GETTIMEOFDAY 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_INTTYPES_H 1 + +/* use ioctlsocket() for non-blocking sockets */ +/* #undef HAVE_IOCTLSOCKET */ + +/* use Ioctlsocket() for non-blocking sockets */ +/* #undef HAVE_IOCTLSOCKET_CASE */ + +/* Define if you have the gcrypt library. */ +/* #undef HAVE_LIBGCRYPT */ + +/* Define to 1 if you have the header file. */ +#define HAVE_MEMORY_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_NETINET_IN_H 1 + +/* use O_NONBLOCK for non-blocking sockets */ +#define HAVE_O_NONBLOCK 1 + +/* Define to 1 if you have the `poll' function. */ +#define HAVE_POLL 1 + +/* Define to 1 if you have the `select' function. */ +#define HAVE_SELECT 1 + +/* use SO_NONBLOCK for non-blocking sockets */ +/* #undef HAVE_SO_NONBLOCK */ + +/* Define to 1 if you have the header file. */ +#define HAVE_STDINT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDIO_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STDLIB_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRINGS_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_STRING_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_IOCTL_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SELECT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_SOCKET_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_STAT_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TIME_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_TYPES_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_SYS_UIO_H 1 + +/* Define to 1 if you have the header file. */ +#define HAVE_UNISTD_H 1 + +/* Enable "none" cipher -- NOT RECOMMENDED */ +/* #undef LIBSSH2_CRYPT_NONE */ + +/* Enable newer diffie-hellman-group-exchange-sha1 syntax */ +#define LIBSSH2_DH_GEX_NEW 1 + +/* Compile in zlib support */ +#define LIBSSH2_HAVE_ZLIB 1 + +/* Use libgcrypt */ +/* #undef LIBSSH2_LIBGCRYPT */ + +/* Enable "none" MAC -- NOT RECOMMENDED */ +/* #undef LIBSSH2_MAC_NONE */ + +/* Name of package */ +#define PACKAGE "libssh2" + +/* Define to the address where bug reports for this package should be sent. */ +#define PACKAGE_BUGREPORT "libssh2-devel@lists.sourceforge.net" + +/* Define to the full name of this package. */ +#define PACKAGE_NAME "libssh2" + +/* Define to the full name and version of this package. */ +#define PACKAGE_STRING "libssh2 -" + +/* Define to the one symbol short name of this package. */ +#define PACKAGE_TARNAME "libssh2" + +/* Define to the version of this package. */ +#define PACKAGE_VERSION "-" + +/* If using the C implementation of alloca, define if you know the + direction of stack growth for your system; otherwise it will be + automatically deduced at runtime. + STACK_DIRECTION > 0 => grows toward higher addresses + STACK_DIRECTION < 0 => grows toward lower addresses + STACK_DIRECTION = 0 => direction of growth unknown */ +/* #undef STACK_DIRECTION */ + +/* Define to 1 if you have the ANSI C header files. */ +#define STDC_HEADERS 1 + +/* Version number of package */ +#define VERSION "0.18" + +/* Define to 1 if your processor stores words with the most significant byte + first (like Motorola and SPARC, unlike Intel and VAX). */ +/* #undef WORDS_BIGENDIAN */ + +/* Number of bits in a file offset, on hosts where this is settable. */ +/* #undef _FILE_OFFSET_BITS */ + +/* Define for large files, on AIX-style hosts. */ +/* #undef _LARGE_FILES */ + +/* Define to empty if `const' does not conform to ANSI C. */ +/* #undef const */ + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +/* #undef inline */ +#endif diff --git a/Vendor/libssh2/Headers/libssh2_priv.h b/Vendor/libssh2/Headers/libssh2_priv.h new file mode 100644 index 0000000..ee06a24 --- /dev/null +++ b/Vendor/libssh2/Headers/libssh2_priv.h @@ -0,0 +1,1144 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#ifndef LIBSSH2_PRIV_H +#define LIBSSH2_PRIV_H 1 + +#define LIBSSH2_LIBRARY +#include "libssh2_config.h" + +/* The following CPP block should really only be in session.c and + packet.c. However, AIX have #define's for 'events' and 'revents' + and we are using those names in libssh2.h, so we need to include + the AIX headers first, to make sure all code is compiled with + consistent names of these fields. While arguable the best would to + change libssh2.h to use other names, that would break backwards + compatibility. For more information, see: + http://www.mail-archive.com/libssh2-devel%40lists.sourceforge.net/msg00003.html + http://www.mail-archive.com/libssh2-devel%40lists.sourceforge.net/msg00224.html +*/ +#include + +#ifdef HAVE_POLL +# include +#else +# ifdef HAVE_SELECT +# ifdef HAVE_SYS_SELECT_H +# include +# else +# include +# include +# endif +# endif +#endif + +#include "libssh2.h" +#include "libssh2_publickey.h" +#include "libssh2_sftp.h" + +/* Needed for struct iovec on some platforms */ +#ifdef HAVE_SYS_UIO_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +#ifdef HAVE_SYS_IOCTL_H +# include +#endif +#ifdef HAVE_INTTYPES_H +#include +#endif + +#ifdef LIBSSH2_LIBGCRYPT +#include "libgcrypt.h" +#else +#include "openssl.h" +#endif + +/* RFC4253 section 6.1 Maximum Packet Length says: + * + * "All implementations MUST be able to process packets with + * uncompressed payload length of 32768 bytes or less and + * total packet size of 35000 bytes or less (including length, + * padding length, payload, padding, and MAC.)." + */ +#define MAX_SSH_PACKET_LEN 35000 + +#define LIBSSH2_ALLOC(session, count) session->alloc((count), &(session)->abstract) +#define LIBSSH2_REALLOC(session, ptr, count) ((ptr) ? session->realloc((ptr), (count), &(session)->abstract) : session->alloc((count), &(session)->abstract)) +#define LIBSSH2_FREE(session, ptr) session->free((ptr), &(session)->abstract) + +#define LIBSSH2_IGNORE(session, data, datalen) session->ssh_msg_ignore((session), (data), (datalen), &(session)->abstract) +#define LIBSSH2_DEBUG(session, always_display, message, message_len, language, language_len) \ + session->ssh_msg_disconnect((session), (always_display), (message), (message_len), (language), (language_len), &(session)->abstract) +#define LIBSSH2_DISCONNECT(session, reason, message, message_len, language, language_len) \ + session->ssh_msg_disconnect((session), (reason), (message), (message_len), (language), (language_len), &(session)->abstract) + +#define LIBSSH2_MACERROR(session, data, datalen) session->macerror((session), (data), (datalen), &(session)->abstract) +#define LIBSSH2_X11_OPEN(channel, shost, sport) channel->session->x11(((channel)->session), (channel), (shost), (sport), (&(channel)->session->abstract)) + +#define LIBSSH2_CHANNEL_CLOSE(session, channel) channel->close_cb((session), &(session)->abstract, (channel), &(channel)->abstract) + +typedef struct _LIBSSH2_KEX_METHOD LIBSSH2_KEX_METHOD; +typedef struct _LIBSSH2_HOSTKEY_METHOD LIBSSH2_HOSTKEY_METHOD; +typedef struct _LIBSSH2_MAC_METHOD LIBSSH2_MAC_METHOD; +typedef struct _LIBSSH2_CRYPT_METHOD LIBSSH2_CRYPT_METHOD; +typedef struct _LIBSSH2_COMP_METHOD LIBSSH2_COMP_METHOD; + +typedef struct _LIBSSH2_PACKET LIBSSH2_PACKET; +typedef struct _LIBSSH2_PACKET_BRIGADE LIBSSH2_PACKET_BRIGADE; +typedef struct _LIBSSH2_CHANNEL_BRIGADE LIBSSH2_CHANNEL_BRIGADE; + +typedef int libssh2pack_t; + +typedef enum +{ + libssh2_NB_state_idle = 0, + libssh2_NB_state_allocated, + libssh2_NB_state_created, + libssh2_NB_state_sent, + libssh2_NB_state_sent1, + libssh2_NB_state_sent2, + libssh2_NB_state_sent3, + libssh2_NB_state_sent4, + libssh2_NB_state_sent5, + libssh2_NB_state_sent6, + libssh2_NB_state_sent7, + libssh2_NB_state_jump1, + libssh2_NB_state_jump2, + libssh2_NB_state_jump3 +} libssh2_nonblocking_states; + +typedef struct packet_require_state_t +{ + libssh2_nonblocking_states state; + time_t start; +} packet_require_state_t; + +typedef struct packet_requirev_state_t +{ + time_t start; +} packet_requirev_state_t; + +typedef struct kmdhgGPsha1kex_state_t +{ + libssh2_nonblocking_states state; + unsigned char *e_packet; + unsigned char *s_packet; + unsigned char *tmp; + unsigned char h_sig_comp[SHA_DIGEST_LENGTH]; + unsigned char c; + unsigned long e_packet_len; + unsigned long s_packet_len; + unsigned long tmp_len; + _libssh2_bn_ctx *ctx; + _libssh2_bn *x; + _libssh2_bn *e; + _libssh2_bn *f; + _libssh2_bn *k; + unsigned char *s; + unsigned char *f_value; + unsigned char *k_value; + unsigned char *h_sig; + unsigned long f_value_len; + unsigned long k_value_len; + unsigned long h_sig_len; + libssh2_sha1_ctx exchange_hash; + packet_require_state_t req_state; + libssh2_nonblocking_states burn_state; +} kmdhgGPsha1kex_state_t; + +typedef struct key_exchange_state_low_t +{ + libssh2_nonblocking_states state; + packet_require_state_t req_state; + kmdhgGPsha1kex_state_t exchange_state; + _libssh2_bn *p; /* SSH2 defined value (p_value) */ + _libssh2_bn *g; /* SSH2 defined value (2) */ + unsigned char request[13]; + unsigned char *data; + unsigned long request_len; + unsigned long data_len; +} key_exchange_state_low_t; + +typedef struct key_exchange_state_t +{ + libssh2_nonblocking_states state; + packet_require_state_t req_state; + key_exchange_state_low_t key_state_low; + unsigned char *data; + unsigned long data_len; + unsigned char *oldlocal; + unsigned long oldlocal_len; +} key_exchange_state_t; + +#define FwdNotReq "Forward not requested" + +typedef struct packet_queue_listener_state_t +{ + libssh2_nonblocking_states state; + unsigned char packet[17 + (sizeof(FwdNotReq) - 1)]; + unsigned char *host; + unsigned char *shost; + uint32_t sender_channel; + uint32_t initial_window_size; + uint32_t packet_size; + uint32_t port; + uint32_t sport; + uint32_t host_len; + uint32_t shost_len; +} packet_queue_listener_state_t; + +#define X11FwdUnAvil "X11 Forward Unavailable" + +typedef struct packet_x11_open_state_t +{ + libssh2_nonblocking_states state; + unsigned char packet[17 + (sizeof(X11FwdUnAvil) - 1)]; + unsigned char *shost; + uint32_t sender_channel; + uint32_t initial_window_size; + uint32_t packet_size; + uint32_t sport; + uint32_t shost_len; +} packet_x11_open_state_t; + +struct _LIBSSH2_PACKET +{ + unsigned char type; + + /* Unencrypted Payload (no type byte, no padding, just the facts ma'am) */ + unsigned char *data; + unsigned long data_len; + + /* Where to start reading data from, + * used for channel data that's been partially consumed */ + unsigned long data_head; + + /* Can the message be confirmed? */ + int mac; + + LIBSSH2_PACKET_BRIGADE *brigade; + + LIBSSH2_PACKET *next, *prev; +}; + +struct _LIBSSH2_PACKET_BRIGADE +{ + LIBSSH2_PACKET *head, *tail; +}; + +typedef struct _libssh2_channel_data +{ + /* Identifier */ + unsigned long id; + + /* Limits and restrictions */ + unsigned long window_size_initial, window_size, packet_size; + + /* Set to 1 when CHANNEL_CLOSE / CHANNEL_EOF sent/received */ + char close, eof, extended_data_ignore_mode; +} libssh2_channel_data; + +struct _LIBSSH2_CHANNEL +{ + unsigned char *channel_type; + unsigned channel_type_len; + + /* channel's program exit status */ + int exit_status; + + libssh2_channel_data local, remote; + /* Amount of bytes to be refunded to receive window (but not yet sent) */ + unsigned long adjust_queue; + + LIBSSH2_SESSION *session; + + LIBSSH2_CHANNEL *next, *prev; + + void *abstract; + LIBSSH2_CHANNEL_CLOSE_FUNC((*close_cb)); + + /* State variables used in libssh2_channel_setenv_ex() */ + libssh2_nonblocking_states setenv_state; + unsigned char *setenv_packet; + unsigned long setenv_packet_len; + unsigned char setenv_local_channel[4]; + packet_requirev_state_t setenv_packet_requirev_state; + + /* State variables used in libssh2_channel_request_pty_ex() */ + libssh2_nonblocking_states reqPTY_state; + unsigned char *reqPTY_packet; + unsigned long reqPTY_packet_len; + unsigned char reqPTY_local_channel[4]; + packet_requirev_state_t reqPTY_packet_requirev_state; + + /* State variables used in libssh2_channel_x11_req_ex() */ + libssh2_nonblocking_states reqX11_state; + unsigned char *reqX11_packet; + unsigned long reqX11_packet_len; + unsigned char reqX11_local_channel[4]; + packet_requirev_state_t reqX11_packet_requirev_state; + + /* State variables used in libssh2_channel_process_startup() */ + libssh2_nonblocking_states process_state; + unsigned char *process_packet; + unsigned long process_packet_len; + unsigned char process_local_channel[4]; + packet_requirev_state_t process_packet_requirev_state; + + /* State variables used in libssh2_channel_flush_ex() */ + libssh2_nonblocking_states flush_state; + unsigned long flush_refund_bytes; + unsigned long flush_flush_bytes; + + /* State variables used in libssh2_channel_receive_window_adjust() */ + libssh2_nonblocking_states adjust_state; + unsigned char adjust_adjust[9]; /* packet_type(1) + channel(4) + adjustment(4) */ + + /* State variables used in libssh2_channel_read_ex() */ + libssh2_nonblocking_states read_state; + LIBSSH2_PACKET *read_packet; + LIBSSH2_PACKET *read_next; + int read_block; + int read_bytes_read; + uint32_t read_local_id; + int read_want; + int read_unlink_packet; + + /* State variables used in libssh2_channel_write_ex() */ + libssh2_nonblocking_states write_state; + unsigned char *write_packet; + unsigned char *write_s; + unsigned long write_packet_len; + unsigned long write_bufwrote; + size_t write_bufwrite; + + /* State variables used in libssh2_channel_close() */ + libssh2_nonblocking_states close_state; + unsigned char close_packet[5]; + + /* State variables used in libssh2_channel_wait_closedeof() */ + libssh2_nonblocking_states wait_eof_state; + + /* State variables used in libssh2_channel_wait_closed() */ + libssh2_nonblocking_states wait_closed_state; + + /* State variables used in libssh2_channel_free() */ + libssh2_nonblocking_states free_state; + + /* State variables used in libssh2_channel_handle_extended_data2() */ + libssh2_nonblocking_states extData2_state; +}; + +struct _LIBSSH2_CHANNEL_BRIGADE +{ + LIBSSH2_CHANNEL *head, *tail; +}; + +struct _LIBSSH2_LISTENER +{ + LIBSSH2_SESSION *session; + + char *host; + int port; + + LIBSSH2_CHANNEL *queue; + int queue_size; + int queue_maxsize; + + LIBSSH2_LISTENER *prev, *next; + + /* State variables used in libssh2_channel_forward_cancel() */ + libssh2_nonblocking_states chanFwdCncl_state; + unsigned char *chanFwdCncl_data; + size_t chanFwdCncl_data_len; +}; + +typedef struct _libssh2_endpoint_data +{ + unsigned char *banner; + + unsigned char *kexinit; + unsigned long kexinit_len; + + const LIBSSH2_CRYPT_METHOD *crypt; + void *crypt_abstract; + + const LIBSSH2_MAC_METHOD *mac; + unsigned long seqno; + void *mac_abstract; + + const LIBSSH2_COMP_METHOD *comp; + void *comp_abstract; + + /* Method Preferences -- NULL yields "load order" */ + char *crypt_prefs; + char *mac_prefs; + char *comp_prefs; + char *lang_prefs; +} libssh2_endpoint_data; + +#define PACKETBUFSIZE 4096 + +struct transportpacket +{ + /* ------------- for incoming data --------------- */ + unsigned char buf[PACKETBUFSIZE]; + unsigned char init[5]; /* first 5 bytes of the incoming data stream, + still encrypted */ + int writeidx; /* at what array index we do the next write into + the buffer */ + int readidx; /* at what array index we do the next read from + the buffer */ + int packet_length; /* the most recent packet_length as read from the + network data */ + int padding_length; /* the most recent padding_length as read from the + network data */ + int data_num; /* How much of the total package that has been read + so far. */ + int total_num; /* How much a total package is supposed to be, in + number of bytes. A full package is + packet_length + padding_length + 4 + + mac_length. */ + unsigned char *payload; /* this is a pointer to a LIBSSH2_ALLOC() + area to which we write decrypted data */ + unsigned char *wptr; /* write pointer into the payload to where we + are currently writing decrypted data */ + + /* ------------- for outgoing data --------------- */ + unsigned char *outbuf; /* pointer to a LIBSSH2_ALLOC() area for the + outgoing data */ + int ototal_num; /* size of outbuf in number of bytes */ + unsigned char *odata; /* original pointer to the data we stored in + outbuf */ + unsigned long olen; /* original size of the data we stored in + outbuf */ + unsigned long osent; /* number of bytes already sent */ +}; + +struct _LIBSSH2_PUBLICKEY +{ + LIBSSH2_CHANNEL *channel; + unsigned long version; + + /* State variables used in libssh2_publickey_packet_receive() */ + libssh2_nonblocking_states receive_state; + unsigned char *receive_packet; + unsigned long receive_packet_len; + + /* State variables used in libssh2_publickey_add_ex() */ + libssh2_nonblocking_states add_state; + unsigned char *add_packet; + unsigned char *add_s; + + /* State variables used in libssh2_publickey_remove_ex() */ + libssh2_nonblocking_states remove_state; + unsigned char *remove_packet; + unsigned char *remove_s; + + /* State variables used in libssh2_publickey_list_fetch() */ + libssh2_nonblocking_states listFetch_state; + unsigned char *listFetch_s; + unsigned char listFetch_buffer[12]; + unsigned char *listFetch_data; + unsigned long listFetch_data_len; +}; + +struct _LIBSSH2_SFTP_HANDLE +{ + LIBSSH2_SFTP *sftp; + LIBSSH2_SFTP_HANDLE *prev, *next; + + char *handle; + int handle_len; + + char handle_type; + + union _libssh2_sftp_handle_data + { + struct _libssh2_sftp_handle_file_data + { + libssh2_uint64_t offset; + } file; + struct _libssh2_sftp_handle_dir_data + { + unsigned long names_left; + void *names_packet; + char *next_name; + } dir; + } u; + + /* State variables used in libssh2_sftp_close_handle() */ + libssh2_nonblocking_states close_state; + unsigned long close_request_id; + unsigned char *close_packet; +}; + +struct _LIBSSH2_SFTP +{ + LIBSSH2_CHANNEL *channel; + + unsigned long request_id, version; + + LIBSSH2_PACKET_BRIGADE packets; + + LIBSSH2_SFTP_HANDLE *handles; + + unsigned long last_errno; + + /* Holder for partial packet, use in libssh2_sftp_packet_read() */ + unsigned char *partial_packet; /* The data */ + unsigned long partial_len; /* Desired number of bytes */ + unsigned long partial_received; /* Bytes received so far */ + + /* Time that libssh2_sftp_packet_requirev() started reading */ + time_t requirev_start; + + /* State variables used in libssh2_sftp_open_ex() */ + libssh2_nonblocking_states open_state; + unsigned char *open_packet; + ssize_t open_packet_len; + unsigned long open_request_id; + + /* State variables used in libssh2_sftp_read() */ + libssh2_nonblocking_states read_state; + unsigned char *read_packet; + unsigned long read_request_id; + size_t read_total_read; + + /* State variables used in libssh2_sftp_readdir() */ + libssh2_nonblocking_states readdir_state; + unsigned char *readdir_packet; + unsigned long readdir_request_id; + + /* State variables used in libssh2_sftp_write() */ + libssh2_nonblocking_states write_state; + unsigned char *write_packet; + unsigned long write_request_id; + + /* State variables used in libssh2_sftp_fstat_ex() */ + libssh2_nonblocking_states fstat_state; + unsigned char *fstat_packet; + unsigned long fstat_request_id; + + /* State variables used in libssh2_sftp_unlink_ex() */ + libssh2_nonblocking_states unlink_state; + unsigned char *unlink_packet; + unsigned long unlink_request_id; + + /* State variables used in libssh2_sftp_rename_ex() */ + libssh2_nonblocking_states rename_state; + unsigned char *rename_packet; + unsigned char *rename_s; + unsigned long rename_request_id; + + /* State variables used in libssh2_sftp_mkdir() */ + libssh2_nonblocking_states mkdir_state; + unsigned char *mkdir_packet; + unsigned long mkdir_request_id; + + /* State variables used in libssh2_sftp_rmdir() */ + libssh2_nonblocking_states rmdir_state; + unsigned char *rmdir_packet; + unsigned long rmdir_request_id; + + /* State variables used in libssh2_sftp_stat() */ + libssh2_nonblocking_states stat_state; + unsigned char *stat_packet; + unsigned long stat_request_id; + + /* State variables used in libssh2_sftp_symlink() */ + libssh2_nonblocking_states symlink_state; + unsigned char *symlink_packet; + unsigned long symlink_request_id; +}; + +#define LIBSSH2_SCP_RESPONSE_BUFLEN 256 + +struct _LIBSSH2_SESSION +{ + /* Memory management callbacks */ + void *abstract; + LIBSSH2_ALLOC_FUNC((*alloc)); + LIBSSH2_REALLOC_FUNC((*realloc)); + LIBSSH2_FREE_FUNC((*free)); + + /* Other callbacks */ + LIBSSH2_IGNORE_FUNC((*ssh_msg_ignore)); + LIBSSH2_DEBUG_FUNC((*ssh_msg_debug)); + LIBSSH2_DISCONNECT_FUNC((*ssh_msg_disconnect)); + LIBSSH2_MACERROR_FUNC((*macerror)); + LIBSSH2_X11_OPEN_FUNC((*x11)); + + /* Method preferences -- NULL yields "load order" */ + char *kex_prefs; + char *hostkey_prefs; + + int state; + int flags; + + /* Agreed Key Exchange Method */ + const LIBSSH2_KEX_METHOD *kex; + int burn_optimistic_kexinit:1; + + unsigned char *session_id; + unsigned long session_id_len; + + /* Server's public key */ + const LIBSSH2_HOSTKEY_METHOD *hostkey; + void *server_hostkey_abstract; + + /* Either set with libssh2_session_hostkey() (for server mode) + * Or read from server in (eg) KEXDH_INIT (for client mode) + */ + unsigned char *server_hostkey; + unsigned long server_hostkey_len; +#if LIBSSH2_MD5 + unsigned char server_hostkey_md5[MD5_DIGEST_LENGTH]; +#endif /* ! LIBSSH2_MD5 */ + unsigned char server_hostkey_sha1[SHA_DIGEST_LENGTH]; + + /* (remote as source of data -- packet_read ) */ + libssh2_endpoint_data remote; + + /* (local as source of data -- packet_write ) */ + libssh2_endpoint_data local; + + /* Inbound Data buffer -- Sometimes the packet that comes in isn't the packet we're ready for */ + LIBSSH2_PACKET_BRIGADE packets; + + /* Active connection channels */ + LIBSSH2_CHANNEL_BRIGADE channels; + unsigned long next_channel; + + LIBSSH2_LISTENER *listeners; + + /* Actual I/O socket */ + int socket_fd; + int socket_block; + int socket_state; + + /* Error tracking */ + char *err_msg; + unsigned long err_msglen; + int err_should_free; + int err_code; + + /* struct members for packet-level reading */ + struct transportpacket packet; +#ifdef LIBSSH2DEBUG + int showmask; /* what debug/trace messages to display */ +#endif + + /* State variables used in libssh2_banner_send() */ + libssh2_nonblocking_states banner_TxRx_state; + char banner_TxRx_banner[256]; + ssize_t banner_TxRx_total_send; + + /* State variables used in libssh2_kexinit() */ + libssh2_nonblocking_states kexinit_state; + unsigned char *kexinit_data; + size_t kexinit_data_len; + + /* State variables used in libssh2_session_startup() */ + libssh2_nonblocking_states startup_state; + unsigned char *startup_data; + unsigned long startup_data_len; + unsigned char startup_service[sizeof("ssh-userauth") + 5 - 1]; + unsigned long startup_service_length; + packet_require_state_t startup_req_state; + key_exchange_state_t startup_key_state; + + /* State variables used in libssh2_session_free() */ + libssh2_nonblocking_states free_state; + + /* State variables used in libssh2_session_disconnect_ex() */ + libssh2_nonblocking_states disconnect_state; + unsigned char *disconnect_data; + unsigned long disconnect_data_len; + + /* State variables used in libssh2_packet_read() */ + libssh2_nonblocking_states readPack_state; + int readPack_encrypted; + + /* State variables used in libssh2_userauth_list() */ + libssh2_nonblocking_states userauth_list_state; + unsigned char *userauth_list_data; + unsigned long userauth_list_data_len; + packet_requirev_state_t userauth_list_packet_requirev_state; + + /* State variables used in libssh2_userauth_password_ex() */ + libssh2_nonblocking_states userauth_pswd_state; + unsigned char *userauth_pswd_data; + unsigned char userauth_pswd_data0; + unsigned long userauth_pswd_data_len; + char *userauth_pswd_newpw; + int userauth_pswd_newpw_len; + packet_requirev_state_t userauth_pswd_packet_requirev_state; + + /* State variables used in libssh2_userauth_hostbased_fromfile_ex() */ + libssh2_nonblocking_states userauth_host_state; + unsigned char *userauth_host_data; + unsigned long userauth_host_data_len; + unsigned char *userauth_host_packet; + unsigned long userauth_host_packet_len; + unsigned char *userauth_host_method; + unsigned long userauth_host_method_len; + unsigned char *userauth_host_s; + packet_requirev_state_t userauth_host_packet_requirev_state; + + /* State variables used in libssh2_userauth_publickey_fromfile_ex() */ + libssh2_nonblocking_states userauth_pblc_state; + unsigned char *userauth_pblc_data; + unsigned long userauth_pblc_data_len; + unsigned char *userauth_pblc_packet; + unsigned long userauth_pblc_packet_len; + unsigned char *userauth_pblc_method; + unsigned long userauth_pblc_method_len; + unsigned char *userauth_pblc_s; + unsigned char *userauth_pblc_b; + packet_requirev_state_t userauth_pblc_packet_requirev_state; + + /* State variables used in llibssh2_userauth_keyboard_interactive_ex() */ + libssh2_nonblocking_states userauth_kybd_state; + unsigned char *userauth_kybd_data; + unsigned long userauth_kybd_data_len; + unsigned char *userauth_kybd_packet; + unsigned long userauth_kybd_packet_len; + unsigned int userauth_kybd_auth_name_len; + char *userauth_kybd_auth_name; + unsigned userauth_kybd_auth_instruction_len; + char *userauth_kybd_auth_instruction; + unsigned int userauth_kybd_num_prompts; + int userauth_kybd_auth_failure; + LIBSSH2_USERAUTH_KBDINT_PROMPT *userauth_kybd_prompts; + LIBSSH2_USERAUTH_KBDINT_RESPONSE *userauth_kybd_responses; + packet_requirev_state_t userauth_kybd_packet_requirev_state; + + /* State variables used in libssh2_channel_open_ex() */ + libssh2_nonblocking_states open_state; + packet_requirev_state_t open_packet_requirev_state; + LIBSSH2_CHANNEL *open_channel; + unsigned char *open_packet; + unsigned long open_packet_len; + unsigned char *open_data; + unsigned long open_data_len; + unsigned long open_local_channel; + + /* State variables used in libssh2_channel_direct_tcpip_ex() */ + libssh2_nonblocking_states direct_state; + unsigned char *direct_message; + unsigned long direct_host_len; + unsigned long direct_shost_len; + unsigned long direct_message_len; + + /* State variables used in libssh2_channel_forward_listen_ex() */ + libssh2_nonblocking_states fwdLstn_state; + unsigned char *fwdLstn_packet; + unsigned long fwdLstn_host_len; + unsigned long fwdLstn_packet_len; + packet_requirev_state_t fwdLstn_packet_requirev_state; + + /* State variables used in libssh2_publickey_init() */ + libssh2_nonblocking_states pkeyInit_state; + LIBSSH2_PUBLICKEY *pkeyInit_pkey; + LIBSSH2_CHANNEL *pkeyInit_channel; + unsigned char *pkeyInit_data; + unsigned long pkeyInit_data_len; + + /* State variables used in libssh2_packet_add() */ + libssh2_nonblocking_states packAdd_state; + LIBSSH2_PACKET *packAdd_packet; + LIBSSH2_CHANNEL *packAdd_channel; + unsigned long packAdd_data_head; + key_exchange_state_t packAdd_key_state; + packet_queue_listener_state_t packAdd_Qlstn_state; + packet_x11_open_state_t packAdd_x11open_state; + + /* State variables used in fullpacket() */ + libssh2_nonblocking_states fullpacket_state; + int fullpacket_macstate; + int fullpacket_payload_len; + libssh2pack_t fullpacket_packet_type; + + /* State variables used in libssh2_sftp_init() */ + libssh2_nonblocking_states sftpInit_state; + LIBSSH2_SFTP *sftpInit_sftp; + LIBSSH2_CHANNEL *sftpInit_channel; + unsigned char sftpInit_buffer[9]; /* sftp_header(5){excludes request_id} + version_id(4) */ + + /* State variables used in libssh2_scp_recv() */ + libssh2_nonblocking_states scpRecv_state; + unsigned char *scpRecv_command; + unsigned long scpRecv_command_len; + unsigned char scpRecv_response[LIBSSH2_SCP_RESPONSE_BUFLEN]; + unsigned long scpRecv_response_len; + long scpRecv_mode; + long scpRecv_size; + long scpRecv_mtime; + long scpRecv_atime; + char *scpRecv_err_msg; + long scpRecv_err_len; + LIBSSH2_CHANNEL *scpRecv_channel; + + /* State variables used in libssh2_scp_send_ex() */ + libssh2_nonblocking_states scpSend_state; + unsigned char *scpSend_command; + unsigned long scpSend_command_len; + unsigned char scpSend_response[LIBSSH2_SCP_RESPONSE_BUFLEN]; + unsigned long scpSend_response_len; + char *scpSend_err_msg; + long scpSend_err_len; + LIBSSH2_CHANNEL *scpSend_channel; +}; + +/* session.state bits */ +#define LIBSSH2_STATE_EXCHANGING_KEYS 0x00000001 +#define LIBSSH2_STATE_NEWKEYS 0x00000002 +#define LIBSSH2_STATE_AUTHENTICATED 0x00000004 + +/* session.flag helpers */ +#ifdef MSG_NOSIGNAL +#define LIBSSH2_SOCKET_SEND_FLAGS(session) (((session)->flags & LIBSSH2_FLAG_SIGPIPE) ? 0 : MSG_NOSIGNAL) +#define LIBSSH2_SOCKET_RECV_FLAGS(session) (((session)->flags & LIBSSH2_FLAG_SIGPIPE) ? 0 : MSG_NOSIGNAL) +#else +/* If MSG_NOSIGNAL isn't defined we're SOL on blocking SIGPIPE */ +#define LIBSSH2_SOCKET_SEND_FLAGS(session) 0 +#define LIBSSH2_SOCKET_RECV_FLAGS(session) 0 +#endif + +/* libssh2 extensible ssh api, ultimately I'd like to allow loading additional methods via .so/.dll */ + +struct _LIBSSH2_KEX_METHOD +{ + const char *name; + + /* Key exchange, populates session->* and returns 0 on success, non-0 on error */ + int (*exchange_keys) (LIBSSH2_SESSION * session, + key_exchange_state_low_t * key_state); + + long flags; +}; + +struct _LIBSSH2_HOSTKEY_METHOD +{ + const char *name; + unsigned long hash_len; + + int (*init) (LIBSSH2_SESSION * session, const unsigned char *hostkey_data, + unsigned long hostkey_data_len, void **abstract); + int (*initPEM) (LIBSSH2_SESSION * session, const char *privkeyfile, + unsigned const char *passphrase, void **abstract); + int (*sig_verify) (LIBSSH2_SESSION * session, const unsigned char *sig, + unsigned long sig_len, const unsigned char *m, + unsigned long m_len, void **abstract); + int (*signv) (LIBSSH2_SESSION * session, unsigned char **signature, + unsigned long *signature_len, unsigned long veccount, + const struct iovec datavec[], void **abstract); + int (*encrypt) (LIBSSH2_SESSION * session, unsigned char **dst, + unsigned long *dst_len, const unsigned char *src, + unsigned long src_len, void **abstract); + int (*dtor) (LIBSSH2_SESSION * session, void **abstract); +}; + +struct _LIBSSH2_CRYPT_METHOD +{ + const char *name; + + int blocksize; + + /* iv and key sizes (-1 for variable length) */ + int iv_len; + int secret_len; + + long flags; + + int (*init) (LIBSSH2_SESSION * session, + const LIBSSH2_CRYPT_METHOD * method, unsigned char *iv, + int *free_iv, unsigned char *secret, int *free_secret, + int encrypt, void **abstract); + int (*crypt) (LIBSSH2_SESSION * session, unsigned char *block, + void **abstract); + int (*dtor) (LIBSSH2_SESSION * session, void **abstract); + + _libssh2_cipher_type(algo); +}; + +struct _LIBSSH2_COMP_METHOD +{ + const char *name; + + int (*init) (LIBSSH2_SESSION * session, int compress, void **abstract); + int (*comp) (LIBSSH2_SESSION * session, int compress, unsigned char **dest, + unsigned long *dest_len, unsigned long payload_limit, + int *free_dest, const unsigned char *src, + unsigned long src_len, void **abstract); + int (*dtor) (LIBSSH2_SESSION * session, int compress, void **abstract); +}; + +struct _LIBSSH2_MAC_METHOD +{ + const char *name; + + /* The length of a given MAC packet */ + int mac_len; + + /* integrity key length */ + int key_len; + + /* Message Authentication Code Hashing algo */ + int (*init) (LIBSSH2_SESSION * session, unsigned char *key, int *free_key, + void **abstract); + int (*hash) (LIBSSH2_SESSION * session, unsigned char *buf, + unsigned long seqno, const unsigned char *packet, + unsigned long packet_len, const unsigned char *addtl, + unsigned long addtl_len, void **abstract); + int (*dtor) (LIBSSH2_SESSION * session, void **abstract); +}; + +#define LIBSSH2_DBG_TRANS 1 +#define LIBSSH2_DBG_KEX 2 +#define LIBSSH2_DBG_AUTH 3 +#define LIBSSH2_DBG_CONN 4 +#define LIBSSH2_DBG_SCP 5 +#define LIBSSH2_DBG_SFTP 6 +#define LIBSSH2_DBG_ERROR 7 +#define LIBSSH2_DBG_PUBLICKEY 8 +#ifdef LIBSSH2DEBUG +void _libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, + ...); +#else +#if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) +/* C99 style */ +#define _libssh2_debug(x,y,z, __VA_ARGS__) do {} while (0) +#elif defined(__GNUC__) +/* GNU style */ +#define _libssh2_debug(x,y,z,...) do {} while (0) +#else +/* no gcc and not C99, do static and hopefully inline */ +static inline void +_libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...) +{ +} +#endif +#endif + +#ifdef LIBSSH2DEBUG +#define libssh2_error(session, errcode, errmsg, should_free) \ +{ \ + if (session->err_msg && session->err_should_free) { \ + LIBSSH2_FREE(session, session->err_msg); \ + } \ + session->err_msg = (char *)errmsg; \ + session->err_msglen = strlen(errmsg); \ + session->err_should_free = should_free; \ + session->err_code = errcode; \ + _libssh2_debug(session, LIBSSH2_DBG_ERROR, "%d - %s", session->err_code, session->err_msg); \ +} + +#else /* ! LIBSSH2DEBUG */ + +#define libssh2_error(session, errcode, errmsg, should_free) \ +{ \ + if (session->err_msg && session->err_should_free) { \ + LIBSSH2_FREE(session, session->err_msg); \ + } \ + session->err_msg = (char *)errmsg; \ + session->err_msglen = strlen(errmsg); \ + session->err_should_free = should_free; \ + session->err_code = errcode; \ +} + +#endif /* ! LIBSSH2DEBUG */ + + +#define LIBSSH2_SOCKET_UNKNOWN 1 +#define LIBSSH2_SOCKET_CONNECTED 0 +#define LIBSSH2_SOCKET_DISCONNECTED -1 + +/* Initial packet state, prior to MAC check */ +#define LIBSSH2_MAC_UNCONFIRMED 1 +/* When MAC type is "none" (proto initiation phase) all packets are deemed "confirmed" */ +#define LIBSSH2_MAC_CONFIRMED 0 +/* Something very bad is going on */ +#define LIBSSH2_MAC_INVALID -1 + +/* SSH Packet Types -- Defined by internet draft */ +/* Transport Layer */ +#define SSH_MSG_DISCONNECT 1 +#define SSH_MSG_IGNORE 2 +#define SSH_MSG_UNIMPLEMENTED 3 +#define SSH_MSG_DEBUG 4 +#define SSH_MSG_SERVICE_REQUEST 5 +#define SSH_MSG_SERVICE_ACCEPT 6 + +#define SSH_MSG_KEXINIT 20 +#define SSH_MSG_NEWKEYS 21 + +/* diffie-hellman-group1-sha1 */ +#define SSH_MSG_KEXDH_INIT 30 +#define SSH_MSG_KEXDH_REPLY 31 + +/* diffie-hellman-group-exchange-sha1 */ +#define SSH_MSG_KEX_DH_GEX_REQUEST_OLD 30 +#define SSH_MSG_KEX_DH_GEX_REQUEST 34 +#define SSH_MSG_KEX_DH_GEX_GROUP 31 +#define SSH_MSG_KEX_DH_GEX_INIT 32 +#define SSH_MSG_KEX_DH_GEX_REPLY 33 + +/* User Authentication */ +#define SSH_MSG_USERAUTH_REQUEST 50 +#define SSH_MSG_USERAUTH_FAILURE 51 +#define SSH_MSG_USERAUTH_SUCCESS 52 +#define SSH_MSG_USERAUTH_BANNER 53 + +/* "public key" method */ +#define SSH_MSG_USERAUTH_PK_OK 60 +/* "password" method */ +#define SSH_MSG_USERAUTH_PASSWD_CHANGEREQ 60 +/* "keyboard-interactive" method */ +#define SSH_MSG_USERAUTH_INFO_REQUEST 60 +#define SSH_MSG_USERAUTH_INFO_RESPONSE 61 + +/* Channels */ +#define SSH_MSG_GLOBAL_REQUEST 80 +#define SSH_MSG_REQUEST_SUCCESS 81 +#define SSH_MSG_REQUEST_FAILURE 82 + +#define SSH_MSG_CHANNEL_OPEN 90 +#define SSH_MSG_CHANNEL_OPEN_CONFIRMATION 91 +#define SSH_MSG_CHANNEL_OPEN_FAILURE 92 +#define SSH_MSG_CHANNEL_WINDOW_ADJUST 93 +#define SSH_MSG_CHANNEL_DATA 94 +#define SSH_MSG_CHANNEL_EXTENDED_DATA 95 +#define SSH_MSG_CHANNEL_EOF 96 +#define SSH_MSG_CHANNEL_CLOSE 97 +#define SSH_MSG_CHANNEL_REQUEST 98 +#define SSH_MSG_CHANNEL_SUCCESS 99 +#define SSH_MSG_CHANNEL_FAILURE 100 + +void libssh2_session_shutdown(LIBSSH2_SESSION * session); + +unsigned long libssh2_ntohu32(const unsigned char *buf); +libssh2_uint64_t libssh2_ntohu64(const unsigned char *buf); +void libssh2_htonu32(unsigned char *buf, unsigned long val); +void libssh2_htonu64(unsigned char *buf, libssh2_uint64_t val); + +#define LIBSSH2_READ_TIMEOUT 60 /* generic timeout in seconds used when + waiting for more data to arrive */ +int libssh2_waitsocket(LIBSSH2_SESSION * session, long seconds); + + +/* CAUTION: some of these error codes are returned in the public API and is + there known with other #defined names from the public header file. They + should not be changed. */ + +#define PACKET_TIMEOUT -7 +#define PACKET_BADUSE -6 +#define PACKET_COMPRESS -5 +#define PACKET_TOOBIG -4 +#define PACKET_ENOMEM -3 +#define PACKET_EAGAIN LIBSSH2_ERROR_EAGAIN +#define PACKET_FAIL -1 +#define PACKET_NONE 0 + +libssh2pack_t libssh2_packet_read(LIBSSH2_SESSION * session); + +int libssh2_packet_ask_ex(LIBSSH2_SESSION * session, unsigned char packet_type, + unsigned char **data, unsigned long *data_len, + unsigned long match_ofs, + const unsigned char *match_buf, + unsigned long match_len, int poll_socket); + +int libssh2_packet_askv_ex(LIBSSH2_SESSION * session, + const unsigned char *packet_types, + unsigned char **data, unsigned long *data_len, + unsigned long match_ofs, + const unsigned char *match_buf, + unsigned long match_len, int poll_socket); +int libssh2_packet_require_ex(LIBSSH2_SESSION * session, + unsigned char packet_type, unsigned char **data, + unsigned long *data_len, unsigned long match_ofs, + const unsigned char *match_buf, + unsigned long match_len, + packet_require_state_t * state); +int libssh2_packet_requirev_ex(LIBSSH2_SESSION * session, + const unsigned char *packet_types, + unsigned char **data, unsigned long *data_len, + unsigned long match_ofs, + const unsigned char *match_buf, + unsigned long match_len, + packet_requirev_state_t * state); +int libssh2_packet_burn(LIBSSH2_SESSION * session, + libssh2_nonblocking_states * state); +int libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data, + unsigned long data_len); +int libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + size_t datalen, int macstate); +int libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, + key_exchange_state_t * state); +unsigned long libssh2_channel_nextid(LIBSSH2_SESSION * session); +LIBSSH2_CHANNEL *libssh2_channel_locate(LIBSSH2_SESSION * session, + unsigned long channel_id); +unsigned long libssh2_channel_packet_data_len(LIBSSH2_CHANNEL * channel, + int stream_id); + +/* this is the lib-internal set blocking function */ +int _libssh2_session_set_blocking(LIBSSH2_SESSION * session, int blocking); + +/* Let crypt.c/hostkey.c/comp.c/mac.c expose their method structs */ +const LIBSSH2_CRYPT_METHOD **libssh2_crypt_methods(void); +const LIBSSH2_HOSTKEY_METHOD **libssh2_hostkey_methods(void); +const LIBSSH2_COMP_METHOD **libssh2_comp_methods(void); +const LIBSSH2_MAC_METHOD **libssh2_mac_methods(void); + +/* Language API doesn't exist yet. Just act like we've agreed on a language */ +#define libssh2_kex_agree_lang(session, endpoint, str, str_len) 0 + +/* pem.c */ +int _libssh2_pem_parse(LIBSSH2_SESSION * session, + const char *headerbegin, + const char *headerend, + FILE * fp, char **data, unsigned int *datalen); +int _libssh2_pem_decode_sequence(unsigned char **data, unsigned int *datalen); +int _libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen, + unsigned char **i, unsigned int *ilen); + +#endif /* LIBSSH2_H */ diff --git a/libssh2/include/libssh2_publickey.h b/Vendor/libssh2/Headers/libssh2_publickey.h similarity index 100% rename from libssh2/include/libssh2_publickey.h rename to Vendor/libssh2/Headers/libssh2_publickey.h diff --git a/libssh2/include/libssh2_sftp.h b/Vendor/libssh2/Headers/libssh2_sftp.h similarity index 100% rename from libssh2/include/libssh2_sftp.h rename to Vendor/libssh2/Headers/libssh2_sftp.h diff --git a/Vendor/libssh2/Headers/openssl.h b/Vendor/libssh2/Headers/openssl.h new file mode 100644 index 0000000..cc7949b --- /dev/null +++ b/Vendor/libssh2/Headers/openssl.h @@ -0,0 +1,224 @@ +/* Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved. + * Author: Simon Josefsson + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include +#include +#ifndef OPENSSL_NO_MD5 +#include +#endif +#include +#include +#include +#include +#include + +#ifdef OPENSSL_NO_RSA +# define LIBSSH2_RSA 0 +#else +# define LIBSSH2_RSA 1 +#endif + +#ifdef OPENSSL_NO_DSA +# define LIBSSH2_DSA 0 +#else +# define LIBSSH2_DSA 1 +#endif + +#ifdef OPENSSL_NO_MD5 +# define LIBSSH2_MD5 0 +#else +# define LIBSSH2_MD5 1 +#endif + +#ifdef OPENSSL_NO_RIPEMD +# define LIBSSH2_HMAC_RIPEMD 0 +#else +# define LIBSSH2_HMAC_RIPEMD 1 +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x00907000L && !defined(OPENSSL_NO_AES) +# define LIBSSH2_AES 1 +#else +# define LIBSSH2_AES 0 +#endif + +#ifdef OPENSSL_NO_BLOWFISH +# define LIBSSH2_BLOWFISH 0 +#else +# define LIBSSH2_BLOWFISH 1 +#endif + +#ifdef OPENSSL_NO_RC4 +# define LIBSSH2_RC4 0 +#else +# define LIBSSH2_RC4 1 +#endif + +#ifdef OPENSSL_NO_CAST +# define LIBSSH2_CAST 0 +#else +# define LIBSSH2_CAST 1 +#endif + +#ifdef OPENSSL_NO_DES +# define LIBSSH2_3DES 0 +#else +# define LIBSSH2_3DES 1 +#endif + +#define libssh2_random(buf, len) \ + RAND_bytes ((buf), (len)) + +#define libssh2_sha1_ctx SHA_CTX +#define libssh2_sha1_init(ctx) SHA1_Init(ctx) +#define libssh2_sha1_update(ctx, data, len) SHA1_Update(&(ctx), data, len) +#define libssh2_sha1_final(ctx, out) SHA1_Final(out, &(ctx)) +#define libssh2_sha1(message, len, out) SHA1(message, len, out) + +#define libssh2_md5_ctx MD5_CTX +#define libssh2_md5_init(ctx) MD5_Init(ctx) +#define libssh2_md5_update(ctx, data, len) MD5_Update(&(ctx), data, len) +#define libssh2_md5_final(ctx, out) MD5_Final(out, &(ctx)) +#define libssh2_md5(message, len, out) MD5(message, len, out) + +#define libssh2_hmac_ctx HMAC_CTX +#define libssh2_hmac_sha1_init(ctx, key, keylen) \ + HMAC_Init(ctx, key, keylen, EVP_sha1()) +#define libssh2_hmac_md5_init(ctx, key, keylen) \ + HMAC_Init(ctx, key, keylen, EVP_md5()) +#define libssh2_hmac_ripemd160_init(ctx, key, keylen) \ + HMAC_Init(ctx, key, keylen, EVP_ripemd160()) +#define libssh2_hmac_update(ctx, data, datalen) \ + HMAC_Update(&(ctx), data, datalen) +#define libssh2_hmac_final(ctx, data) HMAC_Final(&(ctx), data, NULL) +#define libssh2_hmac_cleanup(ctx) HMAC_cleanup(ctx) + +#define libssh2_crypto_init() + +#define libssh2_rsa_ctx RSA + +int _libssh2_rsa_new(libssh2_rsa_ctx ** rsa, + const unsigned char *edata, + unsigned long elen, + const unsigned char *ndata, + unsigned long nlen, + const unsigned char *ddata, + unsigned long dlen, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *e1data, + unsigned long e1len, + const unsigned char *e2data, + unsigned long e2len, + const unsigned char *coeffdata, unsigned long coefflen); +int _libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, + LIBSSH2_SESSION * session, + FILE * fp, unsigned const char *passphrase); +int _libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsa, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, unsigned long m_len); +int _libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session, + libssh2_rsa_ctx * rsactx, + const unsigned char *hash, + unsigned long hash_len, + unsigned char **signature, + unsigned long *signature_len); + +#define _libssh2_rsa_free(rsactx) RSA_free(rsactx) + +#define libssh2_dsa_ctx DSA + +int _libssh2_dsa_new(libssh2_dsa_ctx ** dsa, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *gdata, + unsigned long glen, + const unsigned char *ydata, + unsigned long ylen, + const unsigned char *x, unsigned long x_len); +int _libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, + LIBSSH2_SESSION * session, + FILE * fp, unsigned const char *passphrase); +int _libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, + const unsigned char *sig, + const unsigned char *m, unsigned long m_len); +int _libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, + const unsigned char *hash, + unsigned long hash_len, unsigned char *sig); + +#define _libssh2_dsa_free(dsactx) DSA_free(dsactx) + +#define _libssh2_cipher_type(name) const EVP_CIPHER *(*name)(void) +#define _libssh2_cipher_ctx EVP_CIPHER_CTX + +#define _libssh2_cipher_aes256 EVP_aes_256_cbc +#define _libssh2_cipher_aes192 EVP_aes_192_cbc +#define _libssh2_cipher_aes128 EVP_aes_128_cbc +#define _libssh2_cipher_blowfish EVP_bf_cbc +#define _libssh2_cipher_arcfour EVP_rc4 +#define _libssh2_cipher_cast5 EVP_cast5_cbc +#define _libssh2_cipher_3des EVP_des_ede3_cbc + +int _libssh2_cipher_init(_libssh2_cipher_ctx * h, + _libssh2_cipher_type(algo), + unsigned char *iv, + unsigned char *secret, int encrypt); + +int _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, + _libssh2_cipher_type(algo), + int encrypt, unsigned char *block); + +#define _libssh2_cipher_dtor(ctx) EVP_CIPHER_CTX_cleanup(ctx) + +#define _libssh2_bn BIGNUM +#define _libssh2_bn_ctx BN_CTX +#define _libssh2_bn_ctx_new() BN_CTX_new() +#define _libssh2_bn_ctx_free(bnctx) BN_CTX_free(bnctx) +#define _libssh2_bn_init() BN_new() +#define _libssh2_bn_rand(bn, bits, top, bottom) BN_rand(bn, bits, top, bottom) +#define _libssh2_bn_mod_exp(r, a, p, m, ctx) BN_mod_exp(r, a, p, m, ctx) +#define _libssh2_bn_set_word(bn, val) BN_set_word(bn, val) +#define _libssh2_bn_from_bin(bn, len, val) BN_bin2bn(val, len, bn) +#define _libssh2_bn_to_bin(bn, val) BN_bn2bin(bn, val) +#define _libssh2_bn_bytes(bn) BN_num_bytes(bn) +#define _libssh2_bn_bits(bn) BN_num_bits(bn) +#define _libssh2_bn_free(bn) BN_clear_free(bn) diff --git a/Vendor/libssh2/Source/channel.c b/Vendor/libssh2/Source/channel.c new file mode 100644 index 0000000..61702a1 --- /dev/null +++ b/Vendor/libssh2/Source/channel.c @@ -0,0 +1,2168 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#ifdef HAVE_UNISTD_H +#include +#endif +#include +#ifdef HAVE_INTTYPES_H +#include +#endif + + +/* {{{ libssh2_channel_nextid + * Determine the next channel ID we can use at our end + */ +unsigned long +libssh2_channel_nextid(LIBSSH2_SESSION * session) +{ + unsigned long id = session->next_channel; + LIBSSH2_CHANNEL *channel; + + channel = session->channels.head; + + while (channel) { + if (channel->local.id > id) { + id = channel->local.id; + } + channel = channel->next; + } + + /* This is a shortcut to avoid waiting for close packets on channels we've forgotten about, + * This *could* be a problem if we request and close 4 billion or so channels in too rapid succession + * for the remote end to respond, but the worst case scenario is that some data meant for another channel + * Gets picked up by the new one.... Pretty unlikely all told... + */ + session->next_channel = id + 1; + _libssh2_debug(session, LIBSSH2_DBG_CONN, "Allocated new channel ID#%lu", + id); + return id; +} + +/* }}} */ + +/* {{{ libssh2_channel_locate + * Locate a channel pointer by number + */ +LIBSSH2_CHANNEL * +libssh2_channel_locate(LIBSSH2_SESSION * session, unsigned long channel_id) +{ + LIBSSH2_CHANNEL *channel = session->channels.head; + while (channel) { + if (channel->local.id == channel_id) { + return channel; + } + channel = channel->next; + } + + return NULL; +} + +/* }}} */ + +#define libssh2_channel_add(session, channel) \ +{ \ + if ((session)->channels.tail) { \ + (session)->channels.tail->next = (channel); \ + (channel)->prev = (session)->channels.tail; \ + } else { \ + (session)->channels.head = (channel); \ + (channel)->prev = NULL; \ + } \ + (channel)->next = NULL; \ + (session)->channels.tail = (channel); \ + (channel)->session = (session); \ +} + +/* {{{ libssh2_channel_open_ex + * Establish a generic session channel + */ +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_channel_open_ex(LIBSSH2_SESSION * session, const char *channel_type, + unsigned int channel_type_len, + unsigned int window_size, unsigned int packet_size, + const char *message, unsigned int message_len) +{ + static const unsigned char reply_codes[3] = { + SSH_MSG_CHANNEL_OPEN_CONFIRMATION, + SSH_MSG_CHANNEL_OPEN_FAILURE, + 0 + }; + unsigned char *s; + int rc; + + if (session->open_state == libssh2_NB_state_idle) { + session->open_channel = NULL; + session->open_packet = NULL; + session->open_data = NULL; + /* 17 = packet_type(1) + channel_type_len(4) + sender_channel(4) + window_size(4) + packet_size(4) */ + session->open_packet_len = channel_type_len + message_len + 17; + session->open_local_channel = libssh2_channel_nextid(session); + + /* Zero the whole thing out */ + memset(&session->open_packet_requirev_state, 0, + sizeof(session->open_packet_requirev_state)); + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Opening Channel - win %d pack %d", window_size, + packet_size); + session->open_channel = + LIBSSH2_ALLOC(session, sizeof(LIBSSH2_CHANNEL)); + if (!session->open_channel) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate space for channel data", 0); + return NULL; + } + memset(session->open_channel, 0, sizeof(LIBSSH2_CHANNEL)); + + session->open_channel->channel_type_len = channel_type_len; + session->open_channel->channel_type = + LIBSSH2_ALLOC(session, channel_type_len); + if (!session->open_channel->channel_type) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Failed allocating memory for channel type name", 0); + LIBSSH2_FREE(session, session->open_channel); + session->open_channel = NULL; + return NULL; + } + memcpy(session->open_channel->channel_type, channel_type, + channel_type_len); + + /* REMEMBER: local as in locally sourced */ + session->open_channel->local.id = session->open_local_channel; + session->open_channel->remote.window_size = window_size; + session->open_channel->remote.window_size_initial = window_size; + session->open_channel->remote.packet_size = packet_size; + + libssh2_channel_add(session, session->open_channel); + + s = session->open_packet = + LIBSSH2_ALLOC(session, session->open_packet_len); + if (!session->open_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate temporary space for packet", 0); + goto channel_error; + } + *(s++) = SSH_MSG_CHANNEL_OPEN; + libssh2_htonu32(s, channel_type_len); + s += 4; + + memcpy(s, channel_type, channel_type_len); + s += channel_type_len; + + libssh2_htonu32(s, session->open_local_channel); + s += 4; + + libssh2_htonu32(s, window_size); + s += 4; + + libssh2_htonu32(s, packet_size); + s += 4; + + if (message && message_len) { + memcpy(s, message, message_len); + s += message_len; + } + + session->open_state = libssh2_NB_state_created; + } + + if (session->open_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, session->open_packet, + session->open_packet_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending channel-open request", 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send channel-open request", 0); + goto channel_error; + } + + session->open_state = libssh2_NB_state_sent; + } + + if (session->open_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, + &session->open_data, + &session->open_data_len, 1, + session->open_packet + 5 + + channel_type_len, 4, + &session->open_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block", 0); + return NULL; + } else if (rc) { + goto channel_error; + } + + if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_CONFIRMATION) { + session->open_channel->remote.id = + libssh2_ntohu32(session->open_data + 5); + session->open_channel->local.window_size = + libssh2_ntohu32(session->open_data + 9); + session->open_channel->local.window_size_initial = + libssh2_ntohu32(session->open_data + 9); + session->open_channel->local.packet_size = + libssh2_ntohu32(session->open_data + 13); + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Connection Established - ID: %lu/%lu win: %lu/%lu pack: %lu/%lu", + session->open_channel->local.id, + session->open_channel->remote.id, + session->open_channel->local.window_size, + session->open_channel->remote.window_size, + session->open_channel->local.packet_size, + session->open_channel->remote.packet_size); + LIBSSH2_FREE(session, session->open_packet); + session->open_packet = NULL; + LIBSSH2_FREE(session, session->open_data); + session->open_data = NULL; + + session->open_state = libssh2_NB_state_idle; + return session->open_channel; + } + + if (session->open_data[0] == SSH_MSG_CHANNEL_OPEN_FAILURE) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, + "Channel open failure", 0); + } + } + + channel_error: + + if (session->open_data) { + LIBSSH2_FREE(session, session->open_data); + session->open_data = NULL; + } + if (session->open_packet) { + LIBSSH2_FREE(session, session->open_packet); + session->open_packet = NULL; + } + if (session->open_channel) { + unsigned char channel_id[4]; + LIBSSH2_FREE(session, session->open_channel->channel_type); + + if (session->open_channel->next) { + session->open_channel->next->prev = session->open_channel->prev; + } + if (session->open_channel->prev) { + session->open_channel->prev->next = session->open_channel->next; + } + if (session->channels.head == session->open_channel) { + session->channels.head = session->open_channel->next; + } + if (session->channels.tail == session->open_channel) { + session->channels.tail = session->open_channel->prev; + } + + /* Clear out packets meant for this channel */ + libssh2_htonu32(channel_id, session->open_channel->local.id); + while ((libssh2_packet_ask_ex + (session, SSH_MSG_CHANNEL_DATA, &session->open_data, + &session->open_data_len, 1, channel_id, 4, 0) >= 0) + || + (libssh2_packet_ask_ex + (session, SSH_MSG_CHANNEL_EXTENDED_DATA, &session->open_data, + &session->open_data_len, 1, channel_id, 4, 0) >= 0)) { + LIBSSH2_FREE(session, session->open_data); + session->open_data = NULL; + } + + /* Free any state variables still holding data */ + if (session->open_channel->write_packet) { + LIBSSH2_FREE(session, session->open_channel->write_packet); + session->open_channel->write_packet = NULL; + } + + LIBSSH2_FREE(session, session->open_channel); + session->open_channel = NULL; + } + + session->open_state = libssh2_NB_state_idle; + return NULL; +} + +/* }}} */ + +/* {{{ libssh2_channel_direct_tcpip_ex + * Tunnel TCP/IP connect through the SSH session to direct host/port + */ +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_channel_direct_tcpip_ex(LIBSSH2_SESSION * session, const char *host, + int port, const char *shost, int sport) +{ + LIBSSH2_CHANNEL *channel; + unsigned char *s; + + if (session->direct_state == libssh2_NB_state_idle) { + session->direct_host_len = strlen(host); + session->direct_shost_len = strlen(shost); + /* host_len(4) + port(4) + shost_len(4) + sport(4) */ + session->direct_message_len = + session->direct_host_len + session->direct_shost_len + 16; + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Requesting direct-tcpip session to from %s:%d to %s:%d", + shost, sport, host, port); + + s = session->direct_message = + LIBSSH2_ALLOC(session, session->direct_message_len); + if (!session->direct_message) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for direct-tcpip connection", + 0); + return NULL; + } + libssh2_htonu32(s, session->direct_host_len); + s += 4; + memcpy(s, host, session->direct_host_len); + s += session->direct_host_len; + libssh2_htonu32(s, port); + s += 4; + + libssh2_htonu32(s, session->direct_shost_len); + s += 4; + memcpy(s, shost, session->direct_shost_len); + s += session->direct_shost_len; + libssh2_htonu32(s, sport); + s += 4; + + session->direct_state = libssh2_NB_state_created; + } + + channel = + libssh2_channel_open_ex(session, "direct-tcpip", + sizeof("direct-tcpip") - 1, + LIBSSH2_CHANNEL_WINDOW_DEFAULT, + LIBSSH2_CHANNEL_PACKET_DEFAULT, + (char *) session->direct_message, + session->direct_message_len); + if (!channel) { + if (libssh2_session_last_errno(session) == LIBSSH2_ERROR_EAGAIN) { + /* The error code is still set to LIBSSH2_ERROR_EAGAIN */ + return NULL; + } else { + LIBSSH2_FREE(session, session->direct_message); + session->direct_message = NULL; + return NULL; + } + } + + LIBSSH2_FREE(session, session->direct_message); + session->direct_message = NULL; + + return channel; +} + +/* }}} */ + +/* {{{ libssh2_channel_forward_listen_ex + * Bind a port on the remote host and listen for connections + */ +LIBSSH2_API LIBSSH2_LISTENER * +libssh2_channel_forward_listen_ex(LIBSSH2_SESSION * session, const char *host, + int port, int *bound_port, int queue_maxsize) +{ + unsigned char *s, *data; + static const unsigned char reply_codes[3] = + { SSH_MSG_REQUEST_SUCCESS, SSH_MSG_REQUEST_FAILURE, 0 }; + unsigned long data_len; + int rc; + + if (session->fwdLstn_state == libssh2_NB_state_idle) { + session->fwdLstn_host_len = + (host ? strlen(host) : (sizeof("0.0.0.0") - 1)); + /* 14 = packet_type(1) + request_len(4) + want_replay(1) + host_len(4) + port(4) */ + session->fwdLstn_packet_len = + session->fwdLstn_host_len + (sizeof("tcpip-forward") - 1) + 14; + + /* Zero the whole thing out */ + memset(&session->fwdLstn_packet_requirev_state, 0, + sizeof(session->fwdLstn_packet_requirev_state)); + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Requesting tcpip-forward session for %s:%d", host, + port); + + s = session->fwdLstn_packet = + LIBSSH2_ALLOC(session, session->fwdLstn_packet_len); + if (!session->fwdLstn_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memeory for setenv packet", 0); + return NULL; + } + + *(s++) = SSH_MSG_GLOBAL_REQUEST; + libssh2_htonu32(s, sizeof("tcpip-forward") - 1); + s += 4; + memcpy(s, "tcpip-forward", sizeof("tcpip-forward") - 1); + s += sizeof("tcpip-forward") - 1; + *(s++) = 0x01; /* want_reply */ + + libssh2_htonu32(s, session->fwdLstn_host_len); + s += 4; + memcpy(s, host ? host : "0.0.0.0", session->fwdLstn_host_len); + s += session->fwdLstn_host_len; + libssh2_htonu32(s, port); + s += 4; + + session->fwdLstn_state = libssh2_NB_state_created; + } + + if (session->fwdLstn_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, session->fwdLstn_packet, + session->fwdLstn_packet_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending global-request packet for forward listen request", + 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send global-request packet for forward listen request", + 0); + LIBSSH2_FREE(session, session->fwdLstn_packet); + session->fwdLstn_packet = NULL; + session->fwdLstn_state = libssh2_NB_state_idle; + return NULL; + } + LIBSSH2_FREE(session, session->fwdLstn_packet); + session->fwdLstn_packet = NULL; + + session->fwdLstn_state = libssh2_NB_state_sent; + } + + if (session->fwdLstn_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, &data, &data_len, + 0, NULL, 0, + &session-> + fwdLstn_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, "Would block", 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_PROTO, "Unknown", 0); + session->fwdLstn_state = libssh2_NB_state_idle; + return NULL; + } + + if (data[0] == SSH_MSG_REQUEST_SUCCESS) { + LIBSSH2_LISTENER *listener; + + listener = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_LISTENER)); + if (!listener) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for listener queue", + 0); + LIBSSH2_FREE(session, data); + session->fwdLstn_state = libssh2_NB_state_idle; + return NULL; + } + memset(listener, 0, sizeof(LIBSSH2_LISTENER)); + listener->session = session; + listener->host = + LIBSSH2_ALLOC(session, session->fwdLstn_host_len + 1); + if (!listener->host) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for listener queue", + 0); + LIBSSH2_FREE(session, listener); + LIBSSH2_FREE(session, data); + session->fwdLstn_state = libssh2_NB_state_idle; + return NULL; + } + memcpy(listener->host, host ? host : "0.0.0.0", + session->fwdLstn_host_len); + listener->host[session->fwdLstn_host_len] = 0; + if (data_len >= 5 && !port) { + listener->port = libssh2_ntohu32(data + 1); + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Dynamic tcpip-forward port allocated: %d", + listener->port); + } else { + listener->port = port; + } + + listener->queue_size = 0; + listener->queue_maxsize = queue_maxsize; + + listener->next = session->listeners; + listener->prev = NULL; + if (session->listeners) { + session->listeners->prev = listener; + } + session->listeners = listener; + + if (bound_port) { + *bound_port = listener->port; + } + + LIBSSH2_FREE(session, data); + session->fwdLstn_state = libssh2_NB_state_idle; + return listener; + } + + if (data[0] == SSH_MSG_REQUEST_FAILURE) { + LIBSSH2_FREE(session, data); + libssh2_error(session, LIBSSH2_ERROR_REQUEST_DENIED, + "Unable to complete request for forward-listen", 0); + session->fwdLstn_state = libssh2_NB_state_idle; + return NULL; + } + } + + session->fwdLstn_state = libssh2_NB_state_idle; + + return NULL; +} + +/* }}} */ + +/* {{{ libssh2_channel_forward_cancel + * Stop listening on a remote port and free the listener + * Toss out any pending (un-accept()ed) connections + * + * Return 0 on success, PACKET_EAGAIN if would block, -1 on error + */ +LIBSSH2_API int +libssh2_channel_forward_cancel(LIBSSH2_LISTENER * listener) +{ + LIBSSH2_SESSION *session = listener->session; + LIBSSH2_CHANNEL *queued = listener->queue; + unsigned char *packet, *s; + unsigned long host_len = strlen(listener->host); + /* 14 = packet_type(1) + request_len(4) + want_replay(1) + host_len(4) + port(4) */ + unsigned long packet_len = + host_len + 14 + sizeof("cancel-tcpip-forward") - 1; + int rc; + + if (listener->chanFwdCncl_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Cancelling tcpip-forward session for %s:%d", + listener->host, listener->port); + + s = packet = LIBSSH2_ALLOC(session, packet_len); + if (!packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memeory for setenv packet", 0); + return -1; + } + + *(s++) = SSH_MSG_GLOBAL_REQUEST; + libssh2_htonu32(s, sizeof("cancel-tcpip-forward") - 1); + s += 4; + memcpy(s, "cancel-tcpip-forward", sizeof("cancel-tcpip-forward") - 1); + s += sizeof("cancel-tcpip-forward") - 1; + *(s++) = 0x00; /* want_reply */ + + libssh2_htonu32(s, host_len); + s += 4; + memcpy(s, listener->host, host_len); + s += host_len; + libssh2_htonu32(s, listener->port); + s += 4; + + listener->chanFwdCncl_state = libssh2_NB_state_created; + } else { + packet = listener->chanFwdCncl_data; + } + + if (listener->chanFwdCncl_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, packet, packet_len); + if (rc == PACKET_EAGAIN) { + listener->chanFwdCncl_data = packet; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send global-request packet for forward listen request", + 0); + LIBSSH2_FREE(session, packet); + listener->chanFwdCncl_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, packet); + + listener->chanFwdCncl_state = libssh2_NB_state_sent; + } + + while (queued) { + LIBSSH2_CHANNEL *next = queued->next; + + rc = libssh2_channel_free(queued); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + queued = next; + } + LIBSSH2_FREE(session, listener->host); + + if (listener->next) { + listener->next->prev = listener->prev; + } + if (listener->prev) { + listener->prev->next = listener->next; + } else { + session->listeners = listener->next; + } + + LIBSSH2_FREE(session, listener); + + listener->chanFwdCncl_state = libssh2_NB_state_idle; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_channel_forward_accept + * Accept a connection + */ +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_channel_forward_accept(LIBSSH2_LISTENER * listener) +{ + libssh2pack_t rc; + + do { + rc = libssh2_packet_read(listener->session); + if (rc == PACKET_EAGAIN) { + libssh2_error(listener->session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for packet", 0); + return NULL; + } + } while (rc > 0); + + if (listener->queue) { + LIBSSH2_SESSION *session = listener->session; + LIBSSH2_CHANNEL *channel; + + channel = listener->queue; + + listener->queue = listener->queue->next; + if (listener->queue) { + listener->queue->prev = NULL; + } + + channel->prev = NULL; + channel->next = session->channels.head; + session->channels.head = channel; + + if (channel->next) { + channel->next->prev = channel; + } else { + session->channels.tail = channel; + } + listener->queue_size--; + + return channel; + } + + return NULL; +} + +/* }}} */ + +/* {{{ libssh2_channel_setenv_ex + * Set an environment variable prior to requesting a shell/program/subsystem + */ +LIBSSH2_API int +libssh2_channel_setenv_ex(LIBSSH2_CHANNEL * channel, const char *varname, + unsigned int varname_len, const char *value, + unsigned int value_len) +{ + LIBSSH2_SESSION *session = channel->session; + unsigned char *s, *data; + static const unsigned char reply_codes[3] = + { SSH_MSG_CHANNEL_SUCCESS, SSH_MSG_CHANNEL_FAILURE, 0 }; + unsigned long data_len; + int rc; + + if (channel->setenv_state == libssh2_NB_state_idle) { + /* 21 = packet_type(1) + channel_id(4) + request_len(4) + + * request(3)"env" + want_reply(1) + varname_len(4) + value_len(4) */ + channel->setenv_packet_len = varname_len + value_len + 21; + + /* Zero the whole thing out */ + memset(&channel->setenv_packet_requirev_state, 0, + sizeof(channel->setenv_packet_requirev_state)); + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Setting remote environment variable: %s=%s on channel %lu/%lu", + varname, value, channel->local.id, channel->remote.id); + + s = channel->setenv_packet = + LIBSSH2_ALLOC(session, channel->setenv_packet_len); + if (!channel->setenv_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memeory for setenv packet", 0); + return -1; + } + + *(s++) = SSH_MSG_CHANNEL_REQUEST; + libssh2_htonu32(s, channel->remote.id); + s += 4; + libssh2_htonu32(s, sizeof("env") - 1); + s += 4; + memcpy(s, "env", sizeof("env") - 1); + s += sizeof("env") - 1; + + *(s++) = 0x01; + + libssh2_htonu32(s, varname_len); + s += 4; + memcpy(s, varname, varname_len); + s += varname_len; + + libssh2_htonu32(s, value_len); + s += 4; + memcpy(s, value, value_len); + s += value_len; + + channel->setenv_state = libssh2_NB_state_created; + } + + if (channel->setenv_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, channel->setenv_packet, + channel->setenv_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send channel-request packet for setenv request", + 0); + LIBSSH2_FREE(session, channel->setenv_packet); + channel->setenv_packet = NULL; + channel->setenv_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, channel->setenv_packet); + channel->setenv_packet = NULL; + + libssh2_htonu32(channel->setenv_local_channel, channel->local.id); + + channel->setenv_state = libssh2_NB_state_sent; + } + + if (channel->setenv_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, &data, &data_len, + 1, channel->setenv_local_channel, 4, + &channel-> + setenv_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + if (rc) { + channel->setenv_state = libssh2_NB_state_idle; + return -1; + } + + if (data[0] == SSH_MSG_CHANNEL_SUCCESS) { + LIBSSH2_FREE(session, data); + channel->setenv_state = libssh2_NB_state_idle; + return 0; + } + + LIBSSH2_FREE(session, data); + } + + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_REQUEST_DENIED, + "Unable to complete request for channel-setenv", 0); + channel->setenv_state = libssh2_NB_state_idle; + return -1; +} + +/* }}} */ + +/* {{{ libssh2_channel_request_pty_ex + * Duh... Request a PTY + */ +LIBSSH2_API int +libssh2_channel_request_pty_ex(LIBSSH2_CHANNEL * channel, const char *term, + unsigned int term_len, const char *modes, + unsigned int modes_len, int width, int height, + int width_px, int height_px) +{ + LIBSSH2_SESSION *session = channel->session; + unsigned char *s, *data; + static const unsigned char reply_codes[3] = + { SSH_MSG_CHANNEL_SUCCESS, SSH_MSG_CHANNEL_FAILURE, 0 }; + unsigned long data_len; + int rc; + + if (channel->reqPTY_state == libssh2_NB_state_idle) { + /* 41 = packet_type(1) + channel(4) + pty_req_len(4) + "pty_req"(7) + + * want_reply(1) + term_len(4) + width(4) + height(4) + width_px(4) + + * height_px(4) + modes_len(4) */ + channel->reqPTY_packet_len = term_len + modes_len + 41; + + /* Zero the whole thing out */ + memset(&channel->reqPTY_packet_requirev_state, 0, + sizeof(channel->reqPTY_packet_requirev_state)); + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Allocating tty on channel %lu/%lu", channel->local.id, + channel->remote.id); + + s = channel->reqPTY_packet = + LIBSSH2_ALLOC(session, channel->reqPTY_packet_len); + if (!channel->reqPTY_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for pty-request", 0); + return -1; + } + + *(s++) = SSH_MSG_CHANNEL_REQUEST; + libssh2_htonu32(s, channel->remote.id); + s += 4; + libssh2_htonu32(s, sizeof("pty-req") - 1); + s += 4; + memcpy(s, "pty-req", sizeof("pty-req") - 1); + s += sizeof("pty-req") - 1; + + *(s++) = 0x01; + + libssh2_htonu32(s, term_len); + s += 4; + if (term) { + memcpy(s, term, term_len); + s += term_len; + } + + libssh2_htonu32(s, width); + s += 4; + libssh2_htonu32(s, height); + s += 4; + libssh2_htonu32(s, width_px); + s += 4; + libssh2_htonu32(s, height_px); + s += 4; + + libssh2_htonu32(s, modes_len); + s += 4; + if (modes) { + memcpy(s, modes, modes_len); + s += modes_len; + } + + channel->reqPTY_state = libssh2_NB_state_created; + } + + if (channel->reqPTY_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, channel->reqPTY_packet, + channel->reqPTY_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send pty-request packet", 0); + LIBSSH2_FREE(session, channel->reqPTY_packet); + channel->reqPTY_packet = NULL; + channel->reqPTY_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, channel->reqPTY_packet); + channel->reqPTY_packet = NULL; + + libssh2_htonu32(channel->reqPTY_local_channel, channel->local.id); + + channel->reqPTY_state = libssh2_NB_state_sent; + } + + if (channel->reqPTY_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, &data, &data_len, + 1, channel->reqPTY_local_channel, 4, + &channel-> + reqPTY_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + channel->reqPTY_state = libssh2_NB_state_idle; + return -1; + } + + if (data[0] == SSH_MSG_CHANNEL_SUCCESS) { + LIBSSH2_FREE(session, data); + channel->reqPTY_state = libssh2_NB_state_idle; + return 0; + } + } + + LIBSSH2_FREE(session, data); + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_REQUEST_DENIED, + "Unable to complete request for channel request-pty", 0); + channel->reqPTY_state = libssh2_NB_state_idle; + return -1; +} + +/* }}} */ + +/* Keep this an even number */ +#define LIBSSH2_X11_RANDOM_COOKIE_LEN 32 + +/* {{{ libssh2_channel_x11_req_ex + * Request X11 forwarding + */ +LIBSSH2_API int +libssh2_channel_x11_req_ex(LIBSSH2_CHANNEL * channel, int single_connection, + const char *auth_proto, const char *auth_cookie, + int screen_number) +{ + LIBSSH2_SESSION *session = channel->session; + unsigned char *s, *data; + static const unsigned char reply_codes[3] = + { SSH_MSG_CHANNEL_SUCCESS, SSH_MSG_CHANNEL_FAILURE, 0 }; + unsigned long data_len; + unsigned long proto_len = + auth_proto ? strlen(auth_proto) : (sizeof("MIT-MAGIC-COOKIE-1") - 1); + unsigned long cookie_len = + auth_cookie ? strlen(auth_cookie) : LIBSSH2_X11_RANDOM_COOKIE_LEN; + int rc; + + if (channel->reqX11_state == libssh2_NB_state_idle) { + /* 30 = packet_type(1) + channel(4) + x11_req_len(4) + "x11-req"(7) + + * want_reply(1) + single_cnx(1) + proto_len(4) + cookie_len(4) + + * screen_num(4) */ + channel->reqX11_packet_len = proto_len + cookie_len + 30; + + /* Zero the whole thing out */ + memset(&channel->reqX11_packet_requirev_state, 0, + sizeof(channel->reqX11_packet_requirev_state)); + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Requesting x11-req for channel %lu/%lu: single=%d proto=%s cookie=%s screen=%d", + channel->local.id, channel->remote.id, + single_connection, + auth_proto ? auth_proto : "MIT-MAGIC-COOKIE-1", + auth_cookie ? auth_cookie : "", screen_number); + + s = channel->reqX11_packet = + LIBSSH2_ALLOC(session, channel->reqX11_packet_len); + if (!channel->reqX11_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for pty-request", 0); + return -1; + } + + *(s++) = SSH_MSG_CHANNEL_REQUEST; + libssh2_htonu32(s, channel->remote.id); + s += 4; + libssh2_htonu32(s, sizeof("x11-req") - 1); + s += 4; + memcpy(s, "x11-req", sizeof("x11-req") - 1); + s += sizeof("x11-req") - 1; + + *(s++) = 0x01; /* want_reply */ + *(s++) = single_connection ? 0x01 : 0x00; + + libssh2_htonu32(s, proto_len); + s += 4; + memcpy(s, auth_proto ? auth_proto : "MIT-MAGIC-COOKIE-1", proto_len); + s += proto_len; + + libssh2_htonu32(s, cookie_len); + s += 4; + if (auth_cookie) { + memcpy(s, auth_cookie, cookie_len); + } else { + int i; + unsigned char buffer[LIBSSH2_X11_RANDOM_COOKIE_LEN / 2]; + + libssh2_random(buffer, LIBSSH2_X11_RANDOM_COOKIE_LEN / 2); + for(i = 0; i < (LIBSSH2_X11_RANDOM_COOKIE_LEN / 2); i++) { + snprintf((char *) s + (i * 2), 2, "%02X", buffer[i]); + } + } + s += cookie_len; + + libssh2_htonu32(s, screen_number); + s += 4; + + channel->reqX11_state = libssh2_NB_state_created; + } + + if (channel->reqX11_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, channel->reqX11_packet, + channel->reqX11_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send x11-req packet", 0); + LIBSSH2_FREE(session, channel->reqX11_packet); + channel->reqX11_packet = NULL; + channel->reqX11_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, channel->reqX11_packet); + channel->reqX11_packet = NULL; + + libssh2_htonu32(channel->reqX11_local_channel, channel->local.id); + + channel->reqX11_state = libssh2_NB_state_sent; + } + + if (channel->reqX11_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, &data, &data_len, + 1, channel->reqX11_local_channel, 4, + &channel-> + reqX11_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + channel->reqX11_state = libssh2_NB_state_idle; + return -1; + } + + if (data[0] == SSH_MSG_CHANNEL_SUCCESS) { + LIBSSH2_FREE(session, data); + channel->reqX11_state = libssh2_NB_state_idle; + return 0; + } + } + + LIBSSH2_FREE(session, data); + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_REQUEST_DENIED, + "Unable to complete request for channel x11-req", 0); + return -1; +} + +/* }}} */ + +/* {{{ libssh2_channel_process_startup + * Primitive for libssh2_channel_(shell|exec|subsystem) + */ +LIBSSH2_API int +libssh2_channel_process_startup(LIBSSH2_CHANNEL * channel, const char *request, + unsigned int request_len, const char *message, + unsigned int message_len) +{ + LIBSSH2_SESSION *session = channel->session; + unsigned char *s, *data; + static const unsigned char reply_codes[3] = + { SSH_MSG_CHANNEL_SUCCESS, SSH_MSG_CHANNEL_FAILURE, 0 }; + unsigned long data_len; + libssh2pack_t rc; + + if (channel->process_state == libssh2_NB_state_idle) { + /* 10 = packet_type(1) + channel(4) + request_len(4) + want_reply(1) */ + channel->process_packet_len = request_len + 10; + + /* Zero the whole thing out */ + memset(&channel->process_packet_requirev_state, 0, + sizeof(channel->process_packet_requirev_state)); + + if (message) { + channel->process_packet_len += message_len + 4; + } + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "starting request(%s) on channel %lu/%lu, message=%s", + request, channel->local.id, channel->remote.id, + message); + s = channel->process_packet = + LIBSSH2_ALLOC(session, channel->process_packet_len); + if (!channel->process_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for channel-process request", + 0); + return -1; + } + + *(s++) = SSH_MSG_CHANNEL_REQUEST; + libssh2_htonu32(s, channel->remote.id); + s += 4; + libssh2_htonu32(s, request_len); + s += 4; + memcpy(s, request, request_len); + s += request_len; + + *(s++) = 0x01; + + if (message) { + libssh2_htonu32(s, message_len); + s += 4; + memcpy(s, message, message_len); + s += message_len; + } + + channel->process_state = libssh2_NB_state_created; + } + + if (channel->process_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, channel->process_packet, + channel->process_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send channel request", 0); + LIBSSH2_FREE(session, channel->process_packet); + channel->process_packet = NULL; + channel->process_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, channel->process_packet); + channel->process_packet = NULL; + + libssh2_htonu32(channel->process_local_channel, channel->local.id); + + channel->process_state = libssh2_NB_state_sent; + } + + if (channel->process_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, &data, &data_len, + 1, channel->process_local_channel, 4, + &channel-> + process_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + channel->process_state = libssh2_NB_state_idle; + return -1; + } + + if (data[0] == SSH_MSG_CHANNEL_SUCCESS) { + LIBSSH2_FREE(session, data); + channel->process_state = libssh2_NB_state_idle; + return 0; + } + } + + LIBSSH2_FREE(session, data); + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_REQUEST_DENIED, + "Unable to complete request for channel-process-startup", 0); + channel->process_state = libssh2_NB_state_idle; + return -1; +} + +/* }}} */ + +/* {{{ libssh2_channel_set_blocking + * Set a channel's blocking mode on or off, similar to a socket's + * fcntl(fd, F_SETFL, O_NONBLOCK); type command + */ +LIBSSH2_API void +libssh2_channel_set_blocking(LIBSSH2_CHANNEL * channel, int blocking) +{ + (void) _libssh2_session_set_blocking(channel->session, blocking); +} + +/* }}} */ + +/* {{{ libssh2_channel_flush_ex + * Flush data from one (or all) stream + * Returns number of bytes flushed, or -1 on failure + */ +LIBSSH2_API int +libssh2_channel_flush_ex(LIBSSH2_CHANNEL * channel, int streamid) +{ + LIBSSH2_PACKET *packet = channel->session->packets.head; + + if (channel->flush_state == libssh2_NB_state_idle) { + channel->flush_refund_bytes = 0; + channel->flush_flush_bytes = 0; + + while (packet) { + LIBSSH2_PACKET *next = packet->next; + unsigned char packet_type = packet->data[0]; + + if (((packet_type == SSH_MSG_CHANNEL_DATA) + || (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA)) + && (libssh2_ntohu32(packet->data + 1) == channel->local.id)) { + /* It's our channel at least */ + long packet_stream_id = + (packet_type == + SSH_MSG_CHANNEL_DATA) ? 0 : libssh2_ntohu32(packet->data + + 5); + if ((streamid == LIBSSH2_CHANNEL_FLUSH_ALL) + || ((packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA) + && ((streamid == LIBSSH2_CHANNEL_FLUSH_EXTENDED_DATA) + || (streamid == packet_stream_id))) + || ((packet_type == SSH_MSG_CHANNEL_DATA) + && (streamid == 0))) { + int bytes_to_flush = packet->data_len - packet->data_head; + + _libssh2_debug(channel->session, LIBSSH2_DBG_CONN, + "Flushing %d bytes of data from stream %lu on channel %lu/%lu", + bytes_to_flush, packet_stream_id, + channel->local.id, channel->remote.id); + + /* It's one of the streams we wanted to flush */ + channel->flush_refund_bytes += packet->data_len - 13; + channel->flush_flush_bytes += bytes_to_flush; + + LIBSSH2_FREE(channel->session, packet->data); + if (packet->prev) { + packet->prev->next = packet->next; + } else { + channel->session->packets.head = packet->next; + } + if (packet->next) { + packet->next->prev = packet->prev; + } else { + channel->session->packets.tail = packet->prev; + } + LIBSSH2_FREE(channel->session, packet); + } + } + packet = next; + } + + channel->flush_state = libssh2_NB_state_created; + } + + if (channel->flush_refund_bytes) { + int rc; + + rc = libssh2_channel_receive_window_adjust(channel, + channel->flush_refund_bytes, + 0); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + } + + channel->flush_state = libssh2_NB_state_idle; + + return channel->flush_flush_bytes; +} + +/* }}} */ + +/* {{{ libssh2_channel_get_exit_status + * Return the channel's program exit status + */ +LIBSSH2_API int +libssh2_channel_get_exit_status(LIBSSH2_CHANNEL * channel) +{ + return channel->exit_status; +} + +/* }}} */ + +/* {{{ libssh2_channel_receive_window_adjust + * Adjust the receive window for a channel by adjustment bytes + * If the amount to be adjusted is less than LIBSSH2_CHANNEL_MINADJUST and + * force is 0 the adjustment amount will be queued for a later packet + * + * Returns the new size of the receive window (as understood by remote end) + */ +LIBSSH2_API unsigned long +libssh2_channel_receive_window_adjust(LIBSSH2_CHANNEL * channel, + unsigned long adjustment, + unsigned char force) +{ + int rc; + + if (channel->adjust_state == libssh2_NB_state_idle) { + if (!force + && (adjustment + channel->adjust_queue < + LIBSSH2_CHANNEL_MINADJUST)) { + _libssh2_debug(channel->session, LIBSSH2_DBG_CONN, + "Queueing %lu bytes for receive window adjustment for channel %lu/%lu", + adjustment, channel->local.id, channel->remote.id); + channel->adjust_queue += adjustment; + return channel->remote.window_size; + } + + if (!adjustment && !channel->adjust_queue) { + return channel->remote.window_size; + } + + adjustment += channel->adjust_queue; + channel->adjust_queue = 0; + + + /* Adjust the window based on the block we just freed */ + channel->adjust_adjust[0] = SSH_MSG_CHANNEL_WINDOW_ADJUST; + libssh2_htonu32(channel->adjust_adjust + 1, channel->remote.id); + libssh2_htonu32(channel->adjust_adjust + 5, adjustment); + _libssh2_debug(channel->session, LIBSSH2_DBG_CONN, + "Adjusting window %lu bytes for data flushed from channel %lu/%lu", + adjustment, channel->local.id, channel->remote.id); + + channel->adjust_state = libssh2_NB_state_created; + } + + rc = libssh2_packet_write(channel->session, channel->adjust_adjust, 9); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(channel->session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send transfer-window adjustment packet, deferring", + 0); + channel->adjust_queue = adjustment; + channel->adjust_state = libssh2_NB_state_idle; + } else { + channel->adjust_state = libssh2_NB_state_idle; + channel->remote.window_size += adjustment; + } + + return channel->remote.window_size; +} + +/* }}} */ + +/* {{{ libssh2_channel_handle_extended_data + * How should extended data look to the calling app? + * Keep it in separate channels[_read() _read_stdder()]? (NORMAL) + * Merge the extended data to the standard data? [everything via _read()]? (MERGE) + * Ignore it entirely [toss out packets as they come in]? (IGNORE) + */ +LIBSSH2_API void +libssh2_channel_handle_extended_data(LIBSSH2_CHANNEL * channel, + int ignore_mode) +{ + while (libssh2_channel_handle_extended_data2(channel, ignore_mode) == + PACKET_EAGAIN); +} + +LIBSSH2_API int +libssh2_channel_handle_extended_data2(LIBSSH2_CHANNEL * channel, + int ignore_mode) +{ + if (channel->extData2_state == libssh2_NB_state_idle) { + _libssh2_debug(channel->session, LIBSSH2_DBG_CONN, + "Setting channel %lu/%lu handle_extended_data mode to %d", + channel->local.id, channel->remote.id, ignore_mode); + channel->remote.extended_data_ignore_mode = ignore_mode; + + channel->extData2_state = libssh2_NB_state_created; + } + + if (channel->extData2_state == libssh2_NB_state_idle) { + if (ignore_mode == LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE) { + if (libssh2_channel_flush_ex + (channel, + LIBSSH2_CHANNEL_FLUSH_EXTENDED_DATA) == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + } + } + + channel->extData2_state = libssh2_NB_state_idle; + return 0; +} + +/* }}} */ + +/* + * {{{ libssh2_channel_read_ex + * Read data from a channel blocking or non-blocking depending on set state + * + * When this is done non-blocking, it is important to not return 0 until the + * currently read channel is complete. If we read stuff from the wire but it + * was no payload data to fill in the buffer with, we MUST make sure to return + * PACKET_EAGAIN. + */ +LIBSSH2_API ssize_t +libssh2_channel_read_ex(LIBSSH2_CHANNEL * channel, int stream_id, char *buf, + size_t buflen) +{ + LIBSSH2_SESSION *session = channel->session; + libssh2pack_t rc = 0; + + if (channel->read_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Attempting to read %d bytes from channel %lu/%lu stream #%d", + (int) buflen, channel->local.id, channel->remote.id, + stream_id); + + /* process all incoming packets */ + do { + if (libssh2_waitsocket(session, 0) > 0) { + rc = libssh2_packet_read(session); + } else { + /* Set for PACKET_EAGAIN so we continue */ + rc = PACKET_EAGAIN; + } + } while (rc > 0); + + if ((rc < 0) && (rc != PACKET_EAGAIN)) { + fprintf(stderr, "return rc = %d\n", rc); + return rc; + } + channel->read_bytes_read = 0; + channel->read_block = 0; + + channel->read_packet = session->packets.head; + + channel->read_state = libssh2_NB_state_created; + } + + /* + * =============================== NOTE =============================== + * I know this is very ugly and not a really good use of "goto", but + * this case statement would be even uglier to do it any other way + */ + if (channel->read_state == libssh2_NB_state_jump1) { + goto channel_read_ex_point1; + } + + rc = 0; + + do { + if (channel->read_block) { + /* in the second lap and onwards, do this */ + rc = libssh2_packet_read(session); + channel->read_packet = session->packets.head; + } + + if (rc < 0) { + if (rc != PACKET_EAGAIN) { + channel->read_state = libssh2_NB_state_idle; + } + /* no packets available */ + return rc; + } + + while (channel->read_packet + && (channel->read_bytes_read < (int) buflen)) { + /* In case packet gets destroyed during this iteration */ + channel->read_next = channel->read_packet->next; + + channel->read_local_id = + libssh2_ntohu32(channel->read_packet->data + 1); + + /* + * Either we asked for a specific extended data stream + * (and data was available), + * or the standard stream (and data was available), + * or the standard stream with extended_data_merge + * enabled and data was available + */ + if ((stream_id + && (channel->read_packet->data[0] == + SSH_MSG_CHANNEL_EXTENDED_DATA) + && (channel->local.id == channel->read_local_id) + && (stream_id == + (int) libssh2_ntohu32(channel->read_packet->data + 5))) + || (!stream_id + && (channel->read_packet->data[0] == SSH_MSG_CHANNEL_DATA) + && (channel->local.id == channel->read_local_id)) + || (!stream_id + && (channel->read_packet->data[0] == + SSH_MSG_CHANNEL_EXTENDED_DATA) + && (channel->local.id == channel->read_local_id) + && (channel->remote.extended_data_ignore_mode == + LIBSSH2_CHANNEL_EXTENDED_DATA_MERGE))) { + + channel->read_want = buflen - channel->read_bytes_read; + channel->read_unlink_packet = 0; + + if (channel->read_want >= + (int) (channel->read_packet->data_len - + channel->read_packet->data_head)) { + channel->read_want = + channel->read_packet->data_len - + channel->read_packet->data_head; + channel->read_unlink_packet = 1; + } + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Reading %d of buffered data from %lu/%lu/%d", + channel->read_want, channel->local.id, + channel->remote.id, stream_id); + memcpy(buf + channel->read_bytes_read, + channel->read_packet->data + + channel->read_packet->data_head, channel->read_want); + channel->read_packet->data_head += channel->read_want; + channel->read_bytes_read += channel->read_want; + + if (channel->read_unlink_packet) { + if (channel->read_packet->prev) { + channel->read_packet->prev->next = + channel->read_packet->next; + } else { + session->packets.head = channel->read_packet->next; + } + if (channel->read_packet->next) { + channel->read_packet->next->prev = + channel->read_packet->prev; + } else { + session->packets.tail = channel->read_packet->prev; + } + LIBSSH2_FREE(session, channel->read_packet->data); + + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Unlinking empty packet buffer from channel %lu/%lu", + channel->local.id, channel->remote.id); + channel_read_ex_point1: + channel->read_state = libssh2_NB_state_jump1; + rc = libssh2_channel_receive_window_adjust(channel, + channel-> + read_packet-> + data_len - + (stream_id ? 13 + : 9), 0); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + channel->read_state = libssh2_NB_state_created; + LIBSSH2_FREE(session, channel->read_packet); + channel->read_packet = NULL; + } + } + channel->read_packet = channel->read_next; + } + channel->read_block = 1; + } while ((channel->read_bytes_read == 0) && !channel->remote.close); + + channel->read_state = libssh2_NB_state_idle; + if (channel->read_bytes_read == 0) { + if (channel->session->socket_block) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_CLOSED, + "Remote end has closed this channel", 0); + } else { + /* + * when non-blocking, we must return PACKET_EAGAIN if we haven't + * completed reading the channel + */ + if (!libssh2_channel_eof(channel)) { + return PACKET_EAGAIN; + } + } + } + + channel->read_state = libssh2_NB_state_idle; + return channel->read_bytes_read; +} + +/* }}} */ + +/* + * {{{ libssh2_channel_packet_data_len + * Return the size of the data block of the current packet, or 0 if there + * isn't a packet. + */ +unsigned long +libssh2_channel_packet_data_len(LIBSSH2_CHANNEL * channel, int stream_id) +{ + LIBSSH2_SESSION *session = channel->session; + LIBSSH2_PACKET *read_packet; + uint32_t read_local_id; + + if ((read_packet = session->packets.head) == NULL) { + return 0; + } + + while (read_packet) { + read_local_id = libssh2_ntohu32(read_packet->data + 1); + + /* + * Either we asked for a specific extended data stream + * (and data was available), + * or the standard stream (and data was available), + * or the standard stream with extended_data_merge + * enabled and data was available + */ + if ((stream_id + && (read_packet->data[0] == SSH_MSG_CHANNEL_EXTENDED_DATA) + && (channel->local.id == read_local_id) + && (stream_id == (int) libssh2_ntohu32(read_packet->data + 5))) + || (!stream_id && (read_packet->data[0] == SSH_MSG_CHANNEL_DATA) + && (channel->local.id == read_local_id)) || (!stream_id + && (read_packet-> + data[0] == + SSH_MSG_CHANNEL_EXTENDED_DATA) + && (channel-> + local.id == + read_local_id) + && (channel-> + remote. + extended_data_ignore_mode + == + LIBSSH2_CHANNEL_EXTENDED_DATA_MERGE))) + { + + return (read_packet->data_len - read_packet->data_head); + } + read_packet = read_packet->next; + } + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_channel_write_ex + * Send data to a channel + */ +LIBSSH2_API ssize_t +libssh2_channel_write_ex(LIBSSH2_CHANNEL * channel, int stream_id, + const char *buf, size_t buflen) +{ + LIBSSH2_SESSION *session = channel->session; + libssh2pack_t rc; + + if (channel->write_state == libssh2_NB_state_idle) { + channel->write_bufwrote = 0; + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Writing %d bytes on channel %lu/%lu, stream #%d", + (int) buflen, channel->local.id, channel->remote.id, + stream_id); + + if (channel->local.close) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_CLOSED, + "We've already closed this channel", 0); + return -1; + } + + if (channel->local.eof) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_EOF_SENT, + "EOF has already been sight, data might be ignored", + 0); + } + +#if 0 + /* + The following chunk of code is #ifdef'ed out, since I wanted it to + remain here with the given explanation why having the code in here + is not a good idea. The text is taken from the email Gavrie + Philipson wrote to libssh2-devel on Nov 8 2007. + + The logic behind this is that in nonblocking mode, if the local + window size has shrunk to zero, there's no point in trying to send + anything more. However, exiting the function at that point does not + allow any adjusts from the remote side to be received, since + libssh2_packet_read (that is called further on in this function) is + never called in this case. + + Removing this bit of code fixes the problem. This should not cause + busy waiting, since after the libssh2_packet_read, the function + correctly returns PACKET_EAGAIN if the window size was not adjusted. + */ + if (!channel->session->socket_block && + (channel->local.window_size <= 0)) { + /* Can't write anything */ + return 0; + } +#endif + + /* [13] 9 = packet_type(1) + channelno(4) [ + streamid(4) ] + buflen(4) */ + channel->write_packet_len = buflen + (stream_id ? 13 : 9); + channel->write_packet = + LIBSSH2_ALLOC(session, channel->write_packet_len); + if (!channel->write_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocte space for data transmission packet", + 0); + return -1; + } + + channel->write_state = libssh2_NB_state_allocated; + } + + while (buflen > 0) { + if (channel->write_state == libssh2_NB_state_allocated) { + channel->write_bufwrite = buflen; + channel->write_s = channel->write_packet; + + *(channel->write_s++) = + stream_id ? SSH_MSG_CHANNEL_EXTENDED_DATA : + SSH_MSG_CHANNEL_DATA; + libssh2_htonu32(channel->write_s, channel->remote.id); + channel->write_s += 4; + if (stream_id) { + libssh2_htonu32(channel->write_s, stream_id); + channel->write_s += 4; + } + + /* twiddle our thumbs until there's window space available */ + while (channel->local.window_size <= 0) { + /* Don't worry -- This is never hit unless it's a + blocking channel anyway */ + rc = libssh2_packet_read(session); + + if (rc < 0) { + /* Error or EAGAIN occurred, disconnect? */ + if (rc != PACKET_EAGAIN) { + channel->write_state = libssh2_NB_state_idle; + } + return rc; + } + + if ((rc == 0) && (session->socket_block == 0)) { + /* + * if rc == 0 and in non-blocking, then fake EAGAIN + * to prevent busyloops until data arriaves on the network + * which seemed like a very bad idea + */ + return PACKET_EAGAIN; + } + } + + /* Don't exceed the remote end's limits */ + /* REMEMBER local means local as the SOURCE of the data */ + if (channel->write_bufwrite > channel->local.window_size) { + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Splitting write block due to %lu byte window_size on %lu/%lu/%d", + channel->local.window_size, channel->local.id, + channel->remote.id, stream_id); + channel->write_bufwrite = channel->local.window_size; + } + if (channel->write_bufwrite > channel->local.packet_size) { + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Splitting write block due to %lu byte packet_size on %lu/%lu/%d", + channel->local.packet_size, channel->local.id, + channel->remote.id, stream_id); + channel->write_bufwrite = channel->local.packet_size; + } + libssh2_htonu32(channel->write_s, channel->write_bufwrite); + channel->write_s += 4; + memcpy(channel->write_s, buf, channel->write_bufwrite); + channel->write_s += channel->write_bufwrite; + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Sending %d bytes on channel %lu/%lu, stream_id=%d", + (int) channel->write_bufwrite, channel->local.id, + channel->remote.id, stream_id); + + channel->write_state = libssh2_NB_state_created; + } + + if (channel->write_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, channel->write_packet, + channel->write_s - + channel->write_packet); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send channel data", 0); + LIBSSH2_FREE(session, channel->write_packet); + channel->write_packet = NULL; + channel->write_state = libssh2_NB_state_idle; + return -1; + } + /* Shrink local window size */ + channel->local.window_size -= channel->write_bufwrite; + + /* Adjust buf for next iteration */ + buflen -= channel->write_bufwrite; + buf += channel->write_bufwrite; + channel->write_bufwrote += channel->write_bufwrite; + + channel->write_state = libssh2_NB_state_allocated; + + /* + * Not sure this is still wanted + if (!channel->session->socket_block) { + break; + } + */ + } + } + + LIBSSH2_FREE(session, channel->write_packet); + channel->write_packet = NULL; + + channel->write_state = libssh2_NB_state_idle; + + return channel->write_bufwrote; +} + +/* }}} */ + +/* {{{ libssh2_channel_send_eof + * Send EOF on channel + */ +LIBSSH2_API int +libssh2_channel_send_eof(LIBSSH2_CHANNEL * channel) +{ + LIBSSH2_SESSION *session = channel->session; + unsigned char packet[5]; /* packet_type(1) + channelno(4) */ + int rc; + + _libssh2_debug(session, LIBSSH2_DBG_CONN, "Sending EOF on channel %lu/%lu", + channel->local.id, channel->remote.id); + packet[0] = SSH_MSG_CHANNEL_EOF; + libssh2_htonu32(packet + 1, channel->remote.id); + rc = libssh2_packet_write(session, packet, 5); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send EOF on channel", 0); + return -1; + } + channel->local.eof = 1; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_channel_eof + * Read channel's eof status + */ +LIBSSH2_API int +libssh2_channel_eof(LIBSSH2_CHANNEL * channel) +{ + LIBSSH2_SESSION *session = channel->session; + LIBSSH2_PACKET *packet = session->packets.head; + + while (packet) { + if (((packet->data[0] == SSH_MSG_CHANNEL_DATA) + || (packet->data[0] == SSH_MSG_CHANNEL_EXTENDED_DATA)) + && (channel->local.id == libssh2_ntohu32(packet->data + 1))) { + /* There's data waiting to be read yet, mask the EOF status */ + return 0; + } + packet = packet->next; + } + + return channel->remote.eof; +} + +/* }}} */ + +/* {{{ libssh2_channel_wait_closed +* Awaiting channel EOF +*/ +LIBSSH2_API int +libssh2_channel_wait_eof(LIBSSH2_CHANNEL * channel) +{ + LIBSSH2_SESSION *session = channel->session; + int rc; + + if (channel->wait_eof_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Awaiting close of channel %lu/%lu", channel->local.id, + channel->remote.id); + + channel->wait_eof_state = libssh2_NB_state_created; + } + + /* + * While channel is not eof, read more packets from the network. + * Either the EOF will be set or network timeout will occur. + */ + do { + if (channel->remote.eof) { + break; + } + rc = libssh2_packet_read(session); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc < 0) { + channel->wait_eof_state = libssh2_NB_state_idle; + return -1; + } + } while (1); + + channel->wait_eof_state = libssh2_NB_state_idle; + + return 0; +} + +/* }}} */ + + +/* {{{ libssh2_channel_close + * Close a channel + */ +LIBSSH2_API int +libssh2_channel_close(LIBSSH2_CHANNEL * channel) +{ + LIBSSH2_SESSION *session = channel->session; + int rc = 0; + int retcode; + + if (channel->local.close) { + /* Already closed, act like we sent another close, + * even though we didn't... shhhhhh */ + channel->close_state = libssh2_NB_state_idle; + return 0; + } + + if (channel->close_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_CONN, "Closing channel %lu/%lu", + channel->local.id, channel->remote.id); + + if (channel->close_cb) { + LIBSSH2_CHANNEL_CLOSE(session, channel); + } + channel->local.close = 1; + + channel->close_packet[0] = SSH_MSG_CHANNEL_CLOSE; + libssh2_htonu32(channel->close_packet + 1, channel->remote.id); + + channel->close_state = libssh2_NB_state_created; + } + + if (channel->close_state == libssh2_NB_state_created) { + retcode = libssh2_packet_write(session, channel->close_packet, 5); + if (retcode == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (retcode) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send close-channel request", 0); + channel->close_state = libssh2_NB_state_idle; + return -1; + } + + channel->close_state = libssh2_NB_state_sent; + } + + if (channel->close_state == libssh2_NB_state_sent) { + /* We must wait for the remote SSH_MSG_CHANNEL_CLOSE message */ + if (!channel->remote.close) { + libssh2pack_t ret; + + do { + ret = libssh2_packet_read(session); + if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (ret < 0) { + rc = -1; + } + } while ((ret != SSH_MSG_CHANNEL_CLOSE) && (rc == 0)); + } + } + + channel->close_state = libssh2_NB_state_idle; + + return rc; +} + +/* }}} */ + +/* {{{ libssh2_channel_wait_closed + * Awaiting channel close after EOF + */ +LIBSSH2_API int +libssh2_channel_wait_closed(LIBSSH2_CHANNEL * channel) +{ + LIBSSH2_SESSION *session = channel->session; + int rc; + + if (!libssh2_channel_eof(channel)) { + libssh2_error(session, LIBSSH2_ERROR_INVAL, + "libssh2_channel_wait_closed() invoked when channel is not in EOF state", + 0); + return -1; + } + + if (channel->wait_closed_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Awaiting close of channel %lu/%lu", channel->local.id, + channel->remote.id); + + channel->wait_closed_state = libssh2_NB_state_created; + } + + /* + * While channel is not closed, read more packets from the network. + * Either the channel will be closed or network timeout will occur. + */ + do { + if (!channel->remote.close) { + break; + } + rc = libssh2_packet_read(session); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc <= 0) { + break; + } + } while (1); + + channel->wait_closed_state = libssh2_NB_state_idle; + + return 1; +} + +/* }}} */ + + +/* {{{ libssh2_channel_free + * Make sure a channel is closed, then remove the channel from the session + * and free its resource(s) + * + * Returns 0 on success, -1 on failure + */ +LIBSSH2_API int +libssh2_channel_free(LIBSSH2_CHANNEL * channel) +{ + LIBSSH2_SESSION *session = channel->session; + unsigned char channel_id[4]; + unsigned char *data; + unsigned long data_len; + int rc; + + if (channel->free_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Freeing channel %lu/%lu resources", channel->local.id, + channel->remote.id); + + channel->free_state = libssh2_NB_state_created; + } + + /* Allow channel freeing even when the socket has lost its connection */ + if (!channel->local.close + && (session->socket_state == LIBSSH2_SOCKET_CONNECTED)) { + while ((rc = libssh2_channel_close(channel)) == PACKET_EAGAIN); + if (rc) { + channel->free_state = libssh2_NB_state_idle; + return -1; + } + } + + channel->free_state = libssh2_NB_state_idle; + + /* + * channel->remote.close *might* not be set yet, Well... + * We've sent the close packet, what more do you want? + * Just let packet_add ignore it when it finally arrives + */ + + /* Clear out packets meant for this channel */ + libssh2_htonu32(channel_id, channel->local.id); + while ((libssh2_packet_ask_ex + (session, SSH_MSG_CHANNEL_DATA, &data, &data_len, 1, channel_id, 4, + 0) >= 0) + || + (libssh2_packet_ask_ex + (session, SSH_MSG_CHANNEL_EXTENDED_DATA, &data, &data_len, 1, + channel_id, 4, 0) >= 0)) { + LIBSSH2_FREE(session, data); + } + + /* free "channel_type" */ + if (channel->channel_type) { + LIBSSH2_FREE(session, channel->channel_type); + } + + /* Unlink from channel brigade */ + if (channel->prev) { + channel->prev->next = channel->next; + } else { + session->channels.head = channel->next; + } + if (channel->next) { + channel->next->prev = channel->prev; + } else { + session->channels.tail = channel->prev; + } + + /* + * Make sure all memory used in the state variables are free + */ + if (channel->setenv_packet) { + LIBSSH2_FREE(session, channel->setenv_packet); + } + if (channel->reqPTY_packet) { + LIBSSH2_FREE(session, channel->reqPTY_packet); + } + if (channel->reqX11_packet) { + LIBSSH2_FREE(session, channel->reqX11_packet); + } + if (channel->process_packet) { + LIBSSH2_FREE(session, channel->process_packet); + } + if (channel->write_packet) { + LIBSSH2_FREE(session, channel->write_packet); + } + + LIBSSH2_FREE(session, channel); + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_channel_window_read_ex + * Check the status of the read window + * Returns the number of bytes which the remote end may send without overflowing the window limit + * read_avail (if passed) will be populated with the number of bytes actually available to be read + * window_size_initial (if passed) will be populated with the window_size_initial as defined by the channel_open request + */ +LIBSSH2_API unsigned long +libssh2_channel_window_read_ex(LIBSSH2_CHANNEL * channel, + unsigned long *read_avail, + unsigned long *window_size_initial) +{ + if (window_size_initial) { + *window_size_initial = channel->remote.window_size_initial; + } + + if (read_avail) { + unsigned long bytes_queued = 0; + LIBSSH2_PACKET *packet = channel->session->packets.head; + + while (packet) { + unsigned char packet_type = packet->data[0]; + + if (((packet_type == SSH_MSG_CHANNEL_DATA) + || (packet_type == SSH_MSG_CHANNEL_EXTENDED_DATA)) + && (libssh2_ntohu32(packet->data + 1) == channel->local.id)) { + bytes_queued += packet->data_len - packet->data_head; + } + + packet = packet->next; + } + + *read_avail = bytes_queued; + } + + return channel->remote.window_size; +} + +/* }}} */ + +/* {{{ libssh2_channel_window_write_ex + * Check the status of the write window + * Returns the number of bytes which may be safely writen on the channel without blocking + * window_size_initial (if passed) will be populated with the size of the initial window as defined by the channel_open request + */ +LIBSSH2_API unsigned long +libssh2_channel_window_write_ex(LIBSSH2_CHANNEL * channel, + unsigned long *window_size_initial) +{ + if (window_size_initial) { + /* For locally initiated channels this is very often 0, so it's not *that* useful as information goes */ + *window_size_initial = channel->local.window_size_initial; + } + + return channel->local.window_size; +} + +/* }}} */ diff --git a/Vendor/libssh2/Source/comp.c b/Vendor/libssh2/Source/comp.c new file mode 100644 index 0000000..e8c83c8 --- /dev/null +++ b/Vendor/libssh2/Source/comp.c @@ -0,0 +1,340 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#ifdef LIBSSH2_HAVE_ZLIB +# include +#endif + +/* ******** + * none * + ******** */ + +/* {{{ libssh2_comp_method_none_comp + * Minimalist compression: Absolutely none + */ +static int +libssh2_comp_method_none_comp(LIBSSH2_SESSION * session, + int compress, + unsigned char **dest, + unsigned long *dest_len, + unsigned long payload_limit, + int *free_dest, + const unsigned char *src, + unsigned long src_len, void **abstract) +{ + (void) session; + (void) compress; + (void) payload_limit; + (void) abstract; + *dest = (unsigned char *) src; + *dest_len = src_len; + + *free_dest = 0; + + return 0; +} + +/* }}} */ + +static const LIBSSH2_COMP_METHOD libssh2_comp_method_none = { + "none", + NULL, + libssh2_comp_method_none_comp, + NULL +}; + +#ifdef LIBSSH2_HAVE_ZLIB +/* ******** + * zlib * + ******** */ + +/* {{{ Memory management wrappers + * Yes, I realize we're doing a callback to a callback, + * Deal... + */ + +static voidpf +libssh2_comp_method_zlib_alloc(voidpf opaque, uInt items, uInt size) +{ + LIBSSH2_SESSION *session = (LIBSSH2_SESSION *) opaque; + + return (voidpf) LIBSSH2_ALLOC(session, items * size); +} + +static void +libssh2_comp_method_zlib_free(voidpf opaque, voidpf address) +{ + LIBSSH2_SESSION *session = (LIBSSH2_SESSION *) opaque; + + LIBSSH2_FREE(session, address); +} + +/* }}} */ + +/* {{{ libssh2_comp_method_zlib_init + * All your bandwidth are belong to us (so save some) + */ +static int +libssh2_comp_method_zlib_init(LIBSSH2_SESSION * session, int compress, + void **abstract) +{ + z_stream *strm; + int status; + + strm = LIBSSH2_ALLOC(session, sizeof(z_stream)); + if (!strm) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for zlib compression/decompression", + 0); + return -1; + } + memset(strm, 0, sizeof(z_stream)); + + strm->opaque = (voidpf) session; + strm->zalloc = (alloc_func) libssh2_comp_method_zlib_alloc; + strm->zfree = (free_func) libssh2_comp_method_zlib_free; + if (compress) { + /* deflate */ + status = deflateInit(strm, Z_DEFAULT_COMPRESSION); + } else { + /* inflate */ + status = inflateInit(strm); + } + + if (status != Z_OK) { + LIBSSH2_FREE(session, strm); + return -1; + } + *abstract = strm; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_comp_method_zlib_comp + * zlib, a compression standard for all occasions + */ +static int +libssh2_comp_method_zlib_comp(LIBSSH2_SESSION * session, + int compress, + unsigned char **dest, + unsigned long *dest_len, + unsigned long payload_limit, + int *free_dest, + const unsigned char *src, + unsigned long src_len, void **abstract) +{ + z_stream *strm = *abstract; + /* A short-term alloc of a full data chunk is better than a series of + reallocs */ + char *out; + int out_maxlen = compress ? (src_len + 4) : (2 * src_len); + int limiter = 0; + + /* In practice they never come smaller than this */ + if (out_maxlen < 25) { + out_maxlen = 25; + } + + if (out_maxlen > (int) payload_limit) { + out_maxlen = payload_limit; + } + + strm->next_in = (unsigned char *) src; + strm->avail_in = src_len; + strm->next_out = (unsigned char *) LIBSSH2_ALLOC(session, out_maxlen); + out = (char *) strm->next_out; + strm->avail_out = out_maxlen; + if (!strm->next_out) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate compression/decompression buffer", + 0); + return -1; + } + while (strm->avail_in) { + int status; + + if (compress) { + status = deflate(strm, Z_PARTIAL_FLUSH); + } else { + status = inflate(strm, Z_PARTIAL_FLUSH); + } + if (status != Z_OK) { + libssh2_error(session, LIBSSH2_ERROR_ZLIB, + "compress/decompression failure", 0); + LIBSSH2_FREE(session, out); + return -1; + } + if (strm->avail_in) { + unsigned long out_ofs = out_maxlen - strm->avail_out; + char *newout; + + out_maxlen += + compress ? (strm->avail_in + 4) : (2 * strm->avail_in); + + if ((out_maxlen > (int) payload_limit) && !compress && limiter++) { + libssh2_error(session, LIBSSH2_ERROR_ZLIB, + "Excessive growth in decompression phase", 0); + LIBSSH2_FREE(session, out); + return -1; + } + + newout = LIBSSH2_REALLOC(session, out, out_maxlen); + if (!newout) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to expand compress/decompression buffer", + 0); + LIBSSH2_FREE(session, out); + return -1; + } + out = newout; + strm->next_out = (unsigned char *) out + out_ofs; + strm->avail_out += + compress ? (strm->avail_in + 4) : (2 * strm->avail_in); + } else + while (!strm->avail_out) { + /* Done with input, might be a byte or two in internal buffer during compress + * Or potentially many bytes if it's a decompress + */ + int grow_size = compress ? 8 : 1024; + char *newout; + + if (out_maxlen >= (int) payload_limit) { + libssh2_error(session, LIBSSH2_ERROR_ZLIB, + "Excessive growth in decompression phase", + 0); + LIBSSH2_FREE(session, out); + return -1; + } + + if (grow_size > (int) (payload_limit - out_maxlen)) { + grow_size = payload_limit - out_maxlen; + } + + out_maxlen += grow_size; + strm->avail_out = grow_size; + + newout = LIBSSH2_REALLOC(session, out, out_maxlen); + if (!newout) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to expand final compress/decompress buffer", + 0); + LIBSSH2_FREE(session, out); + return -1; + } + out = newout; + strm->next_out = (unsigned char *) out + out_maxlen - + grow_size; + + if (compress) { + status = deflate(strm, Z_PARTIAL_FLUSH); + } else { + status = inflate(strm, Z_PARTIAL_FLUSH); + } + if (status != Z_OK) { + libssh2_error(session, LIBSSH2_ERROR_ZLIB, + "compress/decompression failure", 0); + LIBSSH2_FREE(session, out); + return -1; + } + } + } + + *dest = (unsigned char *) out; + *dest_len = out_maxlen - strm->avail_out; + *free_dest = 1; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_comp_method_zlib_dtor + * All done, no more compression for you + */ +static int +libssh2_comp_method_zlib_dtor(LIBSSH2_SESSION * session, int compress, + void **abstract) +{ + z_stream *strm = *abstract; + + if (strm) { + if (compress) { + /* deflate */ + deflateEnd(strm); + } else { + /* inflate */ + inflateEnd(strm); + } + + LIBSSH2_FREE(session, strm); + } + + *abstract = NULL; + + return 0; +} + +/* }}} */ + +static const LIBSSH2_COMP_METHOD libssh2_comp_method_zlib = { + "zlib", + libssh2_comp_method_zlib_init, + libssh2_comp_method_zlib_comp, + libssh2_comp_method_zlib_dtor, +}; +#endif /* LIBSSH2_HAVE_ZLIB */ + +/* *********************** + * Compression Methods * + *********************** */ + +static const LIBSSH2_COMP_METHOD *_libssh2_comp_methods[] = { + &libssh2_comp_method_none, +#ifdef LIBSSH2_HAVE_ZLIB + &libssh2_comp_method_zlib, +#endif /* LIBSSH2_HAVE_ZLIB */ + NULL +}; + +const LIBSSH2_COMP_METHOD ** +libssh2_comp_methods(void) +{ + return _libssh2_comp_methods; +} diff --git a/Vendor/libssh2/Source/crypt.c b/Vendor/libssh2/Source/crypt.c new file mode 100644 index 0000000..2f32877 --- /dev/null +++ b/Vendor/libssh2/Source/crypt.c @@ -0,0 +1,256 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" + +#ifdef LIBSSH2_CRYPT_NONE +/* {{{ libssh2_crypt_none_crypt + * Minimalist cipher: VERY secure *wink* + */ +static int +libssh2_crypt_none_crypt(LIBSSH2_SESSION * session, unsigned char *buf, + void **abstract) +{ + /* Do nothing to the data! */ + return 0; +} + +/* }}} */ + +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_none = { + "none", + 8, /* blocksize (SSH2 defines minimum blocksize as 8) */ + 0, /* iv_len */ + 0, /* secret_len */ + 0, /* flags */ + NULL, + libssh2_crypt_none_crypt, + NULL +}; +#endif /* LIBSSH2_CRYPT_NONE */ + +struct crypt_ctx +{ + int encrypt; + _libssh2_cipher_type(algo); + _libssh2_cipher_ctx h; +}; + +static int +_libssh2_init(LIBSSH2_SESSION * session, + const LIBSSH2_CRYPT_METHOD * method, + unsigned char *iv, int *free_iv, + unsigned char *secret, int *free_secret, + int encrypt, void **abstract) +{ + struct crypt_ctx *ctx = LIBSSH2_ALLOC(session, + sizeof(struct crypt_ctx)); + if (!ctx) { + return -1; + } + ctx->encrypt = encrypt; + ctx->algo = method->algo; + if (_libssh2_cipher_init(&ctx->h, ctx->algo, iv, secret, encrypt)) { + LIBSSH2_FREE(session, ctx); + return -1; + } + *abstract = ctx; + *free_iv = 1; + *free_secret = 1; + return 0; +} + +static int +_libssh2_encrypt(LIBSSH2_SESSION * session, unsigned char *block, + void **abstract) +{ + struct crypt_ctx *cctx = *(struct crypt_ctx **) abstract; + (void) session; + return _libssh2_cipher_crypt(&cctx->h, cctx->algo, cctx->encrypt, block); +} + +static int +_libssh2_dtor(LIBSSH2_SESSION * session, void **abstract) +{ + struct crypt_ctx **cctx = (struct crypt_ctx **) abstract; + if (cctx && *cctx) { + _libssh2_cipher_dtor(&(*cctx)->h); + LIBSSH2_FREE(session, *cctx); + *abstract = NULL; + } + return 0; +} + +#if LIBSSH2_AES +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes128_cbc = { + "aes128-cbc", + 16, /* blocksize */ + 16, /* initial value length */ + 16, /* secret length -- 16*8 == 128bit */ + 0, /* flags */ + &_libssh2_init, + &_libssh2_encrypt, + &_libssh2_dtor, + _libssh2_cipher_aes128 +}; + +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes192_cbc = { + "aes192-cbc", + 16, /* blocksize */ + 16, /* initial value length */ + 24, /* secret length -- 24*8 == 192bit */ + 0, /* flags */ + &_libssh2_init, + &_libssh2_encrypt, + &_libssh2_dtor, + _libssh2_cipher_aes192 +}; + +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_aes256_cbc = { + "aes256-cbc", + 16, /* blocksize */ + 16, /* initial value length */ + 32, /* secret length -- 32*8 == 256bit */ + 0, /* flags */ + &_libssh2_init, + &_libssh2_encrypt, + &_libssh2_dtor, + _libssh2_cipher_aes256 +}; + +/* rijndael-cbc@lysator.liu.se == aes256-cbc */ +static const LIBSSH2_CRYPT_METHOD + libssh2_crypt_method_rijndael_cbc_lysator_liu_se = { + "rijndael-cbc@lysator.liu.se", + 16, /* blocksize */ + 16, /* initial value length */ + 32, /* secret length -- 32*8 == 256bit */ + 0, /* flags */ + &_libssh2_init, + &_libssh2_encrypt, + &_libssh2_dtor, + _libssh2_cipher_aes256 +}; +#endif /* LIBSSH2_AES */ + +#if LIBSSH2_BLOWFISH +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_blowfish_cbc = { + "blowfish-cbc", + 8, /* blocksize */ + 8, /* initial value length */ + 16, /* secret length */ + 0, /* flags */ + &_libssh2_init, + &_libssh2_encrypt, + &_libssh2_dtor, + _libssh2_cipher_blowfish +}; +#endif /* LIBSSH2_BLOWFISH */ + +#if LIBSSH2_RC4 +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_arcfour = { + "arcfour", + 8, /* blocksize */ + 8, /* initial value length */ + 16, /* secret length */ + 0, /* flags */ + &_libssh2_init, + &_libssh2_encrypt, + &_libssh2_dtor, + _libssh2_cipher_arcfour +}; +#endif /* LIBSSH2_RC4 */ + +#if LIBSSH2_CAST +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_cast128_cbc = { + "cast128-cbc", + 8, /* blocksize */ + 8, /* initial value length */ + 16, /* secret length */ + 0, /* flags */ + &_libssh2_init, + &_libssh2_encrypt, + &_libssh2_dtor, + _libssh2_cipher_cast5 +}; +#endif /* LIBSSH2_CAST */ + +#if LIBSSH2_3DES +static const LIBSSH2_CRYPT_METHOD libssh2_crypt_method_3des_cbc = { + "3des-cbc", + 8, /* blocksize */ + 8, /* initial value length */ + 24, /* secret length */ + 0, /* flags */ + &_libssh2_init, + &_libssh2_encrypt, + &_libssh2_dtor, + _libssh2_cipher_3des +}; +#endif + +static const LIBSSH2_CRYPT_METHOD *_libssh2_crypt_methods[] = { +#if LIBSSH2_AES + &libssh2_crypt_method_aes256_cbc, + &libssh2_crypt_method_rijndael_cbc_lysator_liu_se, /* == aes256-cbc */ + &libssh2_crypt_method_aes192_cbc, + &libssh2_crypt_method_aes128_cbc, +#endif /* LIBSSH2_AES */ +#if LIBSSH2_BLOWFISH + &libssh2_crypt_method_blowfish_cbc, +#endif /* LIBSSH2_BLOWFISH */ +#if LIBSSH2_RC4 + &libssh2_crypt_method_arcfour, +#endif /* LIBSSH2_RC4 */ +#if LIBSSH2_CAST + &libssh2_crypt_method_cast128_cbc, +#endif /* LIBSSH2_CAST */ +#if LIBSSH2_3DES + &libssh2_crypt_method_3des_cbc, +#endif /* LIBSSH2_DES */ +#ifdef LIBSSH2_CRYPT_NONE + &libssh2_crypt_method_none, +#endif + NULL +}; + +/* Expose to kex.c */ +const LIBSSH2_CRYPT_METHOD ** +libssh2_crypt_methods(void) +{ + return _libssh2_crypt_methods; +} diff --git a/Vendor/libssh2/Source/hostkey.c b/Vendor/libssh2/Source/hostkey.c new file mode 100644 index 0000000..b25fd31 --- /dev/null +++ b/Vendor/libssh2/Source/hostkey.c @@ -0,0 +1,455 @@ +/* Copyright (c) 2004-2006, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" + +/* Needed for struct iovec on some platforms */ +#ifdef HAVE_SYS_UIO_H +#include +#endif + +#if LIBSSH2_RSA +/* *********** + * ssh-rsa * + *********** */ + +static int libssh2_hostkey_method_ssh_rsa_dtor(LIBSSH2_SESSION * session, + void **abstract); + +/* {{{ libssh2_hostkey_method_ssh_rsa_init + * Initialize the server hostkey working area with e/n pair + */ +static int +libssh2_hostkey_method_ssh_rsa_init(LIBSSH2_SESSION * session, + const unsigned char *hostkey_data, + unsigned long hostkey_data_len, + void **abstract) +{ + libssh2_rsa_ctx *rsactx; + const unsigned char *s, *e, *n; + unsigned long len, e_len, n_len; + + (void) hostkey_data_len; + + if (*abstract) { + libssh2_hostkey_method_ssh_rsa_dtor(session, abstract); + *abstract = NULL; + } + + s = hostkey_data; + len = libssh2_ntohu32(s); + s += 4; + + if (len != 7 || strncmp((char *) s, "ssh-rsa", 7) != 0) { + return -1; + } + s += 7; + + e_len = libssh2_ntohu32(s); + s += 4; + + e = s; + s += e_len; + n_len = libssh2_ntohu32(s); + s += 4; + n = s; + s += n_len; + + if (_libssh2_rsa_new(&rsactx, e, e_len, n, n_len, NULL, 0, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0)) + return -1; + + *abstract = rsactx; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_hostkey_method_ssh_rsa_initPEM + * Load a Private Key from a PEM file + */ +static int +libssh2_hostkey_method_ssh_rsa_initPEM(LIBSSH2_SESSION * session, + const char *privkeyfile, + unsigned const char *passphrase, + void **abstract) +{ + libssh2_rsa_ctx *rsactx; + FILE *fp; + int ret; + + if (*abstract) { + libssh2_hostkey_method_ssh_rsa_dtor(session, abstract); + *abstract = NULL; + } + + fp = fopen(privkeyfile, "r"); + if (!fp) { + return -1; + } + + ret = _libssh2_rsa_new_private(&rsactx, session, fp, passphrase); + fclose(fp); + if (ret) { + return -1; + } + + *abstract = rsactx; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_hostkey_method_ssh_rsa_sign + * Verify signature created by remote + */ +static int +libssh2_hostkey_method_ssh_rsa_sig_verify(LIBSSH2_SESSION * session, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len, void **abstract) +{ + libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx *) (*abstract); + (void) session; + + /* Skip past keyname_len(4) + keyname(7){"ssh-rsa"} + signature_len(4) */ + sig += 15; + sig_len -= 15; + return _libssh2_rsa_sha1_verify(rsactx, sig, sig_len, m, m_len); +} + +/* }}} */ + +/* {{{ libssh2_hostkey_method_ssh_rsa_signv + * Construct a signature from an array of vectors + */ +static int +libssh2_hostkey_method_ssh_rsa_signv(LIBSSH2_SESSION * session, + unsigned char **signature, + unsigned long *signature_len, + unsigned long veccount, + const struct iovec datavec[], + void **abstract) +{ + libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx *) (*abstract); + int ret; + unsigned int i; + unsigned char hash[SHA_DIGEST_LENGTH]; + libssh2_sha1_ctx ctx; + + libssh2_sha1_init(&ctx); + for(i = 0; i < veccount; i++) { + libssh2_sha1_update(ctx, datavec[i].iov_base, datavec[i].iov_len); + } + libssh2_sha1_final(ctx, hash); + + ret = _libssh2_rsa_sha1_sign(session, rsactx, hash, SHA_DIGEST_LENGTH, + signature, signature_len); + if (ret) { + return -1; + } + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_hostkey_method_ssh_rsa_dtor + * Shutdown the hostkey + */ +static int +libssh2_hostkey_method_ssh_rsa_dtor(LIBSSH2_SESSION * session, void **abstract) +{ + libssh2_rsa_ctx *rsactx = (libssh2_rsa_ctx *) (*abstract); + (void) session; + + _libssh2_rsa_free(rsactx); + + *abstract = NULL; + + return 0; +} + +/* }}} */ + +static const LIBSSH2_HOSTKEY_METHOD libssh2_hostkey_method_ssh_rsa = { + "ssh-rsa", + MD5_DIGEST_LENGTH, + libssh2_hostkey_method_ssh_rsa_init, + libssh2_hostkey_method_ssh_rsa_initPEM, + libssh2_hostkey_method_ssh_rsa_sig_verify, + libssh2_hostkey_method_ssh_rsa_signv, + NULL, /* encrypt */ + libssh2_hostkey_method_ssh_rsa_dtor, +}; +#endif /* LIBSSH2_RSA */ + +#if LIBSSH2_DSA +/* *********** + * ssh-dss * + *********** */ + +static int libssh2_hostkey_method_ssh_dss_dtor(LIBSSH2_SESSION * session, + void **abstract); + +/* {{{ libssh2_hostkey_method_ssh_dss_init + * Initialize the server hostkey working area with p/q/g/y set + */ +static int +libssh2_hostkey_method_ssh_dss_init(LIBSSH2_SESSION * session, + const unsigned char *hostkey_data, + unsigned long hostkey_data_len, + void **abstract) +{ + libssh2_dsa_ctx *dsactx; + const unsigned char *p, *q, *g, *y, *s; + unsigned long p_len, q_len, g_len, y_len, len; + (void) hostkey_data_len; + + if (*abstract) { + libssh2_hostkey_method_ssh_dss_dtor(session, abstract); + *abstract = NULL; + } + + s = hostkey_data; + len = libssh2_ntohu32(s); + s += 4; + if (len != 7 || strncmp((char *) s, "ssh-dss", 7) != 0) { + return -1; + } + s += 7; + + p_len = libssh2_ntohu32(s); + s += 4; + p = s; + s += p_len; + q_len = libssh2_ntohu32(s); + s += 4; + q = s; + s += q_len; + g_len = libssh2_ntohu32(s); + s += 4; + g = s; + s += g_len; + y_len = libssh2_ntohu32(s); + s += 4; + y = s; + s += y_len; + + _libssh2_dsa_new(&dsactx, p, p_len, q, q_len, g, g_len, y, y_len, NULL, 0); + + *abstract = dsactx; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_hostkey_method_ssh_dss_initPEM + * Load a Private Key from a PEM file + */ +static int +libssh2_hostkey_method_ssh_dss_initPEM(LIBSSH2_SESSION * session, + const char *privkeyfile, + unsigned const char *passphrase, + void **abstract) +{ + libssh2_dsa_ctx *dsactx; + FILE *fp; + int ret; + + if (*abstract) { + libssh2_hostkey_method_ssh_dss_dtor(session, abstract); + *abstract = NULL; + } + + fp = fopen(privkeyfile, "r"); + if (!fp) { + return -1; + } + + ret = _libssh2_dsa_new_private(&dsactx, session, fp, passphrase); + fclose(fp); + if (ret) { + return -1; + } + + *abstract = dsactx; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_hostkey_method_ssh_dss_sign + * Verify signature created by remote + */ +static int +libssh2_hostkey_method_ssh_dss_sig_verify(LIBSSH2_SESSION * session, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, + unsigned long m_len, void **abstract) +{ + libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx *) (*abstract); + + /* Skip past keyname_len(4) + keyname(7){"ssh-dss"} + signature_len(4) */ + sig += 15; + sig_len -= 15; + if (sig_len != 40) { + libssh2_error(session, LIBSSH2_ERROR_PROTO, + "Invalid DSS signature length", 0); + return -1; + } + return _libssh2_dsa_sha1_verify(dsactx, sig, m, m_len); +} + +/* }}} */ + +/* {{{ libssh2_hostkey_method_ssh_dss_signv + * Construct a signature from an array of vectors + */ +static int +libssh2_hostkey_method_ssh_dss_signv(LIBSSH2_SESSION * session, + unsigned char **signature, + unsigned long *signature_len, + unsigned long veccount, + const struct iovec datavec[], + void **abstract) +{ + libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx *) (*abstract); + unsigned char hash[SHA_DIGEST_LENGTH]; + libssh2_sha1_ctx ctx; + unsigned int i; + + *signature = LIBSSH2_ALLOC(session, 2 * SHA_DIGEST_LENGTH); + if (!*signature) { + return -1; + } + + *signature_len = 2 * SHA_DIGEST_LENGTH; + memset(*signature, 0, 2 * SHA_DIGEST_LENGTH); + + libssh2_sha1_init(&ctx); + for(i = 0; i < veccount; i++) { + libssh2_sha1_update(ctx, datavec[i].iov_base, datavec[i].iov_len); + } + libssh2_sha1_final(ctx, hash); + + if (_libssh2_dsa_sha1_sign(dsactx, hash, SHA_DIGEST_LENGTH, *signature)) { + LIBSSH2_FREE(session, *signature); + return -1; + } + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_hostkey_method_ssh_dss_dtor + * Shutdown the hostkey method + */ +static int +libssh2_hostkey_method_ssh_dss_dtor(LIBSSH2_SESSION * session, void **abstract) +{ + libssh2_dsa_ctx *dsactx = (libssh2_dsa_ctx *) (*abstract); + (void) session; + + _libssh2_dsa_free(dsactx); + + *abstract = NULL; + + return 0; +} + +/* }}} */ + +static const LIBSSH2_HOSTKEY_METHOD libssh2_hostkey_method_ssh_dss = { + "ssh-dss", + MD5_DIGEST_LENGTH, + libssh2_hostkey_method_ssh_dss_init, + libssh2_hostkey_method_ssh_dss_initPEM, + libssh2_hostkey_method_ssh_dss_sig_verify, + libssh2_hostkey_method_ssh_dss_signv, + NULL, /* encrypt */ + libssh2_hostkey_method_ssh_dss_dtor, +}; +#endif /* LIBSSH2_DSA */ + +static const LIBSSH2_HOSTKEY_METHOD *_libssh2_hostkey_methods[] = { +#if LIBSSH2_RSA + &libssh2_hostkey_method_ssh_rsa, +#endif /* LIBSSH2_RSA */ +#if LIBSSH2_DSA + &libssh2_hostkey_method_ssh_dss, +#endif /* LIBSSH2_DSA */ + NULL +}; + +const LIBSSH2_HOSTKEY_METHOD ** +libssh2_hostkey_methods(void) +{ + return _libssh2_hostkey_methods; +} + +/* {{{ libssh2_hostkey_hash + * Returns hash signature + * Returned buffer should NOT be freed + * Length of buffer is determined by hash type + * i.e. MD5 == 16, SHA1 == 20 + */ +LIBSSH2_API const char * +libssh2_hostkey_hash(LIBSSH2_SESSION * session, int hash_type) +{ + switch (hash_type) { +#if LIBSSH2_MD5 + case LIBSSH2_HOSTKEY_HASH_MD5: + return (char *) session->server_hostkey_md5; + break; +#endif /* LIBSSH2_MD5 */ + case LIBSSH2_HOSTKEY_HASH_SHA1: + return (char *) session->server_hostkey_sha1; + break; + default: + return NULL; + } +} + +/* }}} */ diff --git a/Vendor/libssh2/Source/kex.c b/Vendor/libssh2/Source/kex.c new file mode 100644 index 0000000..9ae59c5 --- /dev/null +++ b/Vendor/libssh2/Source/kex.c @@ -0,0 +1,1906 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" + +/* TODO: Switch this to an inline and handle alloc() failures */ +/* Helper macro called from libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange */ +#define LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(value, reqlen, version) \ +{ \ + libssh2_sha1_ctx hash; \ + unsigned long len = 0; \ + if (!(value)) { \ + value = LIBSSH2_ALLOC(session, reqlen + SHA_DIGEST_LENGTH); \ + } \ + if (value) \ + while (len < (unsigned long)reqlen) { \ + libssh2_sha1_init(&hash); \ + libssh2_sha1_update(hash, exchange_state->k_value, \ + exchange_state->k_value_len); \ + libssh2_sha1_update(hash, exchange_state->h_sig_comp, \ + SHA_DIGEST_LENGTH); \ + if (len > 0) { \ + libssh2_sha1_update(hash, value, len); \ + } else { \ + libssh2_sha1_update(hash, (version), 1); \ + libssh2_sha1_update(hash, session->session_id, \ + session->session_id_len); \ + } \ + libssh2_sha1_final(hash, (value) + len); \ + len += SHA_DIGEST_LENGTH; \ + } \ +} + +/* {{{ libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange + * Diffie Hellman Key Exchange, Group Agnostic + */ +static int +libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(LIBSSH2_SESSION * + session, + _libssh2_bn * g, + _libssh2_bn * p, + int group_order, + unsigned char + packet_type_init, + unsigned char + packet_type_reply, + unsigned char + *midhash, + unsigned long + midhash_len, + kmdhgGPsha1kex_state_t + * exchange_state) +{ + int ret = 0; + int rc; + + if (exchange_state->state == libssh2_NB_state_idle) { + /* Setup initial values */ + exchange_state->e_packet = NULL; + exchange_state->s_packet = NULL; + exchange_state->k_value = NULL; + exchange_state->ctx = _libssh2_bn_ctx_new(); + exchange_state->x = _libssh2_bn_init(); /* Random from client */ + exchange_state->e = _libssh2_bn_init(); /* g^x mod p */ + exchange_state->f = _libssh2_bn_init(); /* g^(Random from server) mod p */ + exchange_state->k = _libssh2_bn_init(); /* The shared secret: f^x mod p */ + + /* Zero the whole thing out */ + memset(&exchange_state->req_state, 0, sizeof(packet_require_state_t)); + + /* Generate x and e */ + _libssh2_bn_rand(exchange_state->x, group_order, 0, -1); + _libssh2_bn_mod_exp(exchange_state->e, g, exchange_state->x, p, + exchange_state->ctx); + + /* Send KEX init */ + /* packet_type(1) + String Length(4) + leading 0(1) */ + exchange_state->e_packet_len = + _libssh2_bn_bytes(exchange_state->e) + 6; + if (_libssh2_bn_bits(exchange_state->e) % 8) { + /* Leading 00 not needed */ + exchange_state->e_packet_len--; + } + + exchange_state->e_packet = + LIBSSH2_ALLOC(session, exchange_state->e_packet_len); + if (!exchange_state->e_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, "Out of memory error", + 0); + ret = -1; + goto clean_exit; + } + exchange_state->e_packet[0] = packet_type_init; + libssh2_htonu32(exchange_state->e_packet + 1, + exchange_state->e_packet_len - 5); + if (_libssh2_bn_bits(exchange_state->e) % 8) { + _libssh2_bn_to_bin(exchange_state->e, + exchange_state->e_packet + 5); + } else { + exchange_state->e_packet[5] = 0; + _libssh2_bn_to_bin(exchange_state->e, + exchange_state->e_packet + 6); + } + + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sending KEX packet %d", + (int) packet_type_init); + exchange_state->state = libssh2_NB_state_created; + } + + if (exchange_state->state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, exchange_state->e_packet, + exchange_state->e_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send KEX init message", 0); + ret = -1; + goto clean_exit; + } + exchange_state->state = libssh2_NB_state_sent; + } + + if (exchange_state->state == libssh2_NB_state_sent) { + if (session->burn_optimistic_kexinit) { + /* The first KEX packet to come along will be the guess initially + * sent by the server. That guess turned out to be wrong so we + * need to silently ignore it */ + int burn_type; + + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Waiting for badly guessed KEX packet (to be ignored)"); + burn_type = + libssh2_packet_burn(session, &exchange_state->burn_state); + if (burn_type == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (burn_type <= 0) { + /* Failed to receive a packet */ + ret = -1; + goto clean_exit; + } + session->burn_optimistic_kexinit = 0; + + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Burnt packet of type: %02x", + (unsigned int) burn_type); + } + + exchange_state->state = libssh2_NB_state_sent1; + } + + if (exchange_state->state == libssh2_NB_state_sent1) { + /* Wait for KEX reply */ + rc = libssh2_packet_require_ex(session, packet_type_reply, + &exchange_state->s_packet, + &exchange_state->s_packet_len, 0, NULL, + 0, &exchange_state->req_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + if (rc) { + libssh2_error(session, LIBSSH2_ERROR_TIMEOUT, + "Timed out waiting for KEX reply", 0); + ret = -1; + goto clean_exit; + } + + /* Parse KEXDH_REPLY */ + exchange_state->s = exchange_state->s_packet + 1; + + session->server_hostkey_len = libssh2_ntohu32(exchange_state->s); + exchange_state->s += 4; + session->server_hostkey = + LIBSSH2_ALLOC(session, session->server_hostkey_len); + if (!session->server_hostkey) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for a copy of the host key", + 0); + ret = -1; + goto clean_exit; + } + memcpy(session->server_hostkey, exchange_state->s, + session->server_hostkey_len); + exchange_state->s += session->server_hostkey_len; + +#if LIBSSH2_MD5 + { + libssh2_md5_ctx fingerprint_ctx; + + libssh2_md5_init(&fingerprint_ctx); + libssh2_md5_update(fingerprint_ctx, session->server_hostkey, + session->server_hostkey_len); + libssh2_md5_final(fingerprint_ctx, session->server_hostkey_md5); + } +#ifdef LIBSSH2DEBUG + { + char fingerprint[50], *fprint = fingerprint; + int i; + for(i = 0; i < 16; i++, fprint += 3) { + snprintf(fprint, 4, "%02x:", session->server_hostkey_md5[i]); + } + *(--fprint) = '\0'; + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Server's MD5 Fingerprint: %s", fingerprint); + } +#endif /* LIBSSH2DEBUG */ +#endif /* ! LIBSSH2_MD5 */ + + { + libssh2_sha1_ctx fingerprint_ctx; + + libssh2_sha1_init(&fingerprint_ctx); + libssh2_sha1_update(fingerprint_ctx, session->server_hostkey, + session->server_hostkey_len); + libssh2_sha1_final(fingerprint_ctx, session->server_hostkey_sha1); + } +#ifdef LIBSSH2DEBUG + { + char fingerprint[64], *fprint = fingerprint; + int i; + + for(i = 0; i < 20; i++, fprint += 3) { + snprintf(fprint, 4, "%02x:", session->server_hostkey_sha1[i]); + } + *(--fprint) = '\0'; + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Server's SHA1 Fingerprint: %s", fingerprint); + } +#endif /* LIBSSH2DEBUG */ + + if (session->hostkey-> + init(session, session->server_hostkey, session->server_hostkey_len, + &session->server_hostkey_abstract)) { + libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_INIT, + "Unable to initialize hostkey importer", 0); + ret = -1; + goto clean_exit; + } + + exchange_state->f_value_len = libssh2_ntohu32(exchange_state->s); + exchange_state->s += 4; + exchange_state->f_value = exchange_state->s; + exchange_state->s += exchange_state->f_value_len; + _libssh2_bn_from_bin(exchange_state->f, exchange_state->f_value_len, + exchange_state->f_value); + + exchange_state->h_sig_len = libssh2_ntohu32(exchange_state->s); + exchange_state->s += 4; + exchange_state->h_sig = exchange_state->s; + + /* Compute the shared secret */ + _libssh2_bn_mod_exp(exchange_state->k, exchange_state->f, + exchange_state->x, p, exchange_state->ctx); + exchange_state->k_value_len = _libssh2_bn_bytes(exchange_state->k) + 5; + if (_libssh2_bn_bits(exchange_state->k) % 8) { + /* don't need leading 00 */ + exchange_state->k_value_len--; + } + exchange_state->k_value = + LIBSSH2_ALLOC(session, exchange_state->k_value_len); + if (!exchange_state->k_value) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate buffer for K", 0); + ret = -1; + goto clean_exit; + } + libssh2_htonu32(exchange_state->k_value, + exchange_state->k_value_len - 4); + if (_libssh2_bn_bits(exchange_state->k) % 8) { + _libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 4); + } else { + exchange_state->k_value[4] = 0; + _libssh2_bn_to_bin(exchange_state->k, exchange_state->k_value + 5); + } + + libssh2_sha1_init(&exchange_state->exchange_hash); + if (session->local.banner) { + libssh2_htonu32(exchange_state->h_sig_comp, + strlen((char *) session->local.banner) - 2); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 4); + libssh2_sha1_update(exchange_state->exchange_hash, + (char *) session->local.banner, + strlen((char *) session->local.banner) - 2); + } else { + libssh2_htonu32(exchange_state->h_sig_comp, + sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 4); + libssh2_sha1_update(exchange_state->exchange_hash, + LIBSSH2_SSH_DEFAULT_BANNER, + sizeof(LIBSSH2_SSH_DEFAULT_BANNER) - 1); + } + + libssh2_htonu32(exchange_state->h_sig_comp, + strlen((char *) session->remote.banner)); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 4); + libssh2_sha1_update(exchange_state->exchange_hash, + session->remote.banner, + strlen((char *) session->remote.banner)); + + libssh2_htonu32(exchange_state->h_sig_comp, + session->local.kexinit_len); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 4); + libssh2_sha1_update(exchange_state->exchange_hash, + session->local.kexinit, + session->local.kexinit_len); + + libssh2_htonu32(exchange_state->h_sig_comp, + session->remote.kexinit_len); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 4); + libssh2_sha1_update(exchange_state->exchange_hash, + session->remote.kexinit, + session->remote.kexinit_len); + + libssh2_htonu32(exchange_state->h_sig_comp, + session->server_hostkey_len); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 4); + libssh2_sha1_update(exchange_state->exchange_hash, + session->server_hostkey, + session->server_hostkey_len); + + if (packet_type_init == SSH_MSG_KEX_DH_GEX_INIT) { + /* diffie-hellman-group-exchange hashes additional fields */ +#ifdef LIBSSH2_DH_GEX_NEW + libssh2_htonu32(exchange_state->h_sig_comp, + LIBSSH2_DH_GEX_MINGROUP); + libssh2_htonu32(exchange_state->h_sig_comp + 4, + LIBSSH2_DH_GEX_OPTGROUP); + libssh2_htonu32(exchange_state->h_sig_comp + 8, + LIBSSH2_DH_GEX_MAXGROUP); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 12); +#else + libssh2_htonu32(exchange_state->h_sig_comp, + LIBSSH2_DH_GEX_OPTGROUP); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 4); +#endif + } + + if (midhash) { + libssh2_sha1_update(exchange_state->exchange_hash, midhash, + midhash_len); + } + + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->e_packet + 1, + exchange_state->e_packet_len - 1); + + libssh2_htonu32(exchange_state->h_sig_comp, + exchange_state->f_value_len); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->h_sig_comp, 4); + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->f_value, + exchange_state->f_value_len); + + libssh2_sha1_update(exchange_state->exchange_hash, + exchange_state->k_value, + exchange_state->k_value_len); + + libssh2_sha1_final(exchange_state->exchange_hash, + exchange_state->h_sig_comp); + + if (session->hostkey-> + sig_verify(session, exchange_state->h_sig, + exchange_state->h_sig_len, exchange_state->h_sig_comp, + 20, &session->server_hostkey_abstract)) { + libssh2_error(session, LIBSSH2_ERROR_HOSTKEY_SIGN, + "Unable to verify hostkey signature", 0); + ret = -1; + goto clean_exit; + } + + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sending NEWKEYS message"); + exchange_state->c = SSH_MSG_NEWKEYS; + + exchange_state->state = libssh2_NB_state_sent2; + } + + if (exchange_state->state == libssh2_NB_state_sent2) { + rc = libssh2_packet_write(session, &exchange_state->c, 1); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send NEWKEYS message", 0); + ret = -1; + goto clean_exit; + } + + exchange_state->state = libssh2_NB_state_sent3; + } + + if (exchange_state->state == libssh2_NB_state_sent3) { + rc = libssh2_packet_require_ex(session, SSH_MSG_NEWKEYS, + &exchange_state->tmp, + &exchange_state->tmp_len, 0, NULL, 0, + &exchange_state->req_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_TIMEOUT, + "Timed out waiting for NEWKEYS", 0); + ret = -1; + goto clean_exit; + } + /* The first key exchange has been performed, + switch to active crypt/comp/mac mode */ + session->state |= LIBSSH2_STATE_NEWKEYS; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Received NEWKEYS message"); + + /* This will actually end up being just packet_type(1) + for this packet type anyway */ + LIBSSH2_FREE(session, exchange_state->tmp); + + if (!session->session_id) { + session->session_id = LIBSSH2_ALLOC(session, SHA_DIGEST_LENGTH); + if (!session->session_id) { + ret = -1; + goto clean_exit; + } + memcpy(session->session_id, exchange_state->h_sig_comp, + SHA_DIGEST_LENGTH); + session->session_id_len = SHA_DIGEST_LENGTH; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "session_id calculated"); + } + + /* Cleanup any existing cipher */ + if (session->local.crypt->dtor) { + session->local.crypt->dtor(session, + &session->local.crypt_abstract); + } + + /* Calculate IV/Secret/Key for each direction */ + if (session->local.crypt->init) { + unsigned char *iv = NULL, *secret = NULL; + int free_iv = 0, free_secret = 0; + + LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(iv, + session->local.crypt-> + iv_len, "A"); + if (!iv) { + ret = -1; + goto clean_exit; + } + LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret, + session->local.crypt-> + secret_len, "C"); + if (!secret) { + LIBSSH2_FREE(session, iv); + ret = -1; + goto clean_exit; + } + if (session->local.crypt-> + init(session, session->local.crypt, iv, &free_iv, secret, + &free_secret, 1, &session->local.crypt_abstract)) { + LIBSSH2_FREE(session, iv); + LIBSSH2_FREE(session, secret); + ret = -1; + goto clean_exit; + } + + if (free_iv) { + memset(iv, 0, session->local.crypt->iv_len); + LIBSSH2_FREE(session, iv); + } + + if (free_secret) { + memset(secret, 0, session->local.crypt->secret_len); + LIBSSH2_FREE(session, secret); + } + } + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Client to Server IV and Key calculated"); + + if (session->remote.crypt->dtor) { + /* Cleanup any existing cipher */ + session->remote.crypt->dtor(session, + &session->remote.crypt_abstract); + } + + if (session->remote.crypt->init) { + unsigned char *iv = NULL, *secret = NULL; + int free_iv = 0, free_secret = 0; + + LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(iv, + session->remote.crypt-> + iv_len, "B"); + if (!iv) { + ret = -1; + goto clean_exit; + } + LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(secret, + session->remote.crypt-> + secret_len, "D"); + if (!secret) { + LIBSSH2_FREE(session, iv); + ret = -1; + goto clean_exit; + } + if (session->remote.crypt-> + init(session, session->remote.crypt, iv, &free_iv, secret, + &free_secret, 0, &session->remote.crypt_abstract)) { + LIBSSH2_FREE(session, iv); + LIBSSH2_FREE(session, secret); + ret = -1; + goto clean_exit; + } + + if (free_iv) { + memset(iv, 0, session->remote.crypt->iv_len); + LIBSSH2_FREE(session, iv); + } + + if (free_secret) { + memset(secret, 0, session->remote.crypt->secret_len); + LIBSSH2_FREE(session, secret); + } + } + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Server to Client IV and Key calculated"); + + if (session->local.mac->dtor) { + session->local.mac->dtor(session, &session->local.mac_abstract); + } + + if (session->local.mac->init) { + unsigned char *key = NULL; + int free_key = 0; + + LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key, + session->local.mac-> + key_len, "E"); + if (!key) { + ret = -1; + goto clean_exit; + } + session->local.mac->init(session, key, &free_key, + &session->local.mac_abstract); + + if (free_key) { + memset(key, 0, session->local.mac->key_len); + LIBSSH2_FREE(session, key); + } + } + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Client to Server HMAC Key calculated"); + + if (session->remote.mac->dtor) { + session->remote.mac->dtor(session, &session->remote.mac_abstract); + } + + if (session->remote.mac->init) { + unsigned char *key = NULL; + int free_key = 0; + + LIBSSH2_KEX_METHOD_DIFFIE_HELLMAN_SHA1_HASH(key, + session->remote.mac-> + key_len, "F"); + if (!key) { + ret = -1; + goto clean_exit; + } + session->remote.mac->init(session, key, &free_key, + &session->remote.mac_abstract); + + if (free_key) { + memset(key, 0, session->remote.mac->key_len); + LIBSSH2_FREE(session, key); + } + } + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Server to Client HMAC Key calculated"); + } + + clean_exit: + _libssh2_bn_free(exchange_state->x); + exchange_state->x = NULL; + _libssh2_bn_free(exchange_state->e); + exchange_state->e = NULL; + _libssh2_bn_free(exchange_state->f); + exchange_state->f = NULL; + _libssh2_bn_free(exchange_state->k); + exchange_state->k = NULL; + _libssh2_bn_ctx_free(exchange_state->ctx); + exchange_state->ctx = NULL; + + if (exchange_state->e_packet) { + LIBSSH2_FREE(session, exchange_state->e_packet); + exchange_state->e_packet = NULL; + } + + if (exchange_state->s_packet) { + LIBSSH2_FREE(session, exchange_state->s_packet); + exchange_state->s_packet = NULL; + } + + if (exchange_state->k_value) { + LIBSSH2_FREE(session, exchange_state->k_value); + exchange_state->k_value = NULL; + } + + if (session->server_hostkey) { + LIBSSH2_FREE(session, session->server_hostkey); + session->server_hostkey = NULL; + } + + exchange_state->state = libssh2_NB_state_idle; + + return ret; +} + +/* }}} */ + +/* {{{ libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange + * Diffie-Hellman Group1 (Actually Group2) Key Exchange using SHA1 + */ +static int +libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange(LIBSSH2_SESSION * + session, + key_exchange_state_low_t + * key_state) +{ + static const unsigned char p_value[128] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + + int ret; + + if (key_state->state == libssh2_NB_state_idle) { + /* g == 2 */ + key_state->p = _libssh2_bn_init(); /* SSH2 defined value (p_value) */ + key_state->g = _libssh2_bn_init(); /* SSH2 defined value (2) */ + + /* Initialize P and G */ + _libssh2_bn_set_word(key_state->g, 2); + _libssh2_bn_from_bin(key_state->p, 128, p_value); + + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Initiating Diffie-Hellman Group1 Key Exchange"); + + key_state->state = libssh2_NB_state_created; + } + + ret = + libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, + key_state-> + g, + key_state-> + p, 128, + SSH_MSG_KEXDH_INIT, + SSH_MSG_KEXDH_REPLY, + NULL, 0, + &key_state-> + exchange_state); + if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + _libssh2_bn_free(key_state->p); + key_state->p = NULL; + _libssh2_bn_free(key_state->g); + key_state->g = NULL; + key_state->state = libssh2_NB_state_idle; + + return ret; +} + +/* }}} */ + +/* {{{ libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange + * Diffie-Hellman Group14 Key Exchange using SHA1 + */ +static int +libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange(LIBSSH2_SESSION * + session, + key_exchange_state_low_t + * key_state) +{ + static const unsigned char p_value[256] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, + 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, + 0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, + 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, + 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, + 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, + 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, + 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, + 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, + 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, + 0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, + 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, + 0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, + 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, + 0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, + 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, + 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, + 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, + 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, + 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + int ret; + + if (key_state->state == libssh2_NB_state_idle) { + key_state->p = _libssh2_bn_init(); /* SSH2 defined value (p_value) */ + key_state->g = _libssh2_bn_init(); /* SSH2 defined value (2) */ + + /* g == 2 */ + /* Initialize P and G */ + _libssh2_bn_set_word(key_state->g, 2); + _libssh2_bn_from_bin(key_state->p, 256, p_value); + + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Initiating Diffie-Hellman Group14 Key Exchange"); + + key_state->state = libssh2_NB_state_created; + } + ret = + libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange(session, + key_state-> + g, + key_state-> + p, 256, + SSH_MSG_KEXDH_INIT, + SSH_MSG_KEXDH_REPLY, + NULL, 0, + &key_state-> + exchange_state); + if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + key_state->state = libssh2_NB_state_idle; + _libssh2_bn_free(key_state->p); + key_state->p = NULL; + _libssh2_bn_free(key_state->g); + key_state->g = NULL; + + return ret; +} + +/* }}} */ + +/* {{{ libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange + * Diffie-Hellman Group Exchange Key Exchange using SHA1 + * Negotiates random(ish) group for secret derivation + */ +static int + libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange + (LIBSSH2_SESSION * session, key_exchange_state_low_t * key_state) +{ + unsigned char *s; + unsigned long p_len, g_len; + int ret; + int rc; + + if (key_state->state == libssh2_NB_state_idle) { + key_state->p = _libssh2_bn_init(); + key_state->g = _libssh2_bn_init(); + /* Ask for a P and G pair */ +#ifdef LIBSSH2_DH_GEX_NEW + key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST; + libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_MINGROUP); + libssh2_htonu32(key_state->request + 5, LIBSSH2_DH_GEX_OPTGROUP); + libssh2_htonu32(key_state->request + 9, LIBSSH2_DH_GEX_MAXGROUP); + key_state->request_len = 13; + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Initiating Diffie-Hellman Group-Exchange (New Method)"); +#else + key_state->request[0] = SSH_MSG_KEX_DH_GEX_REQUEST_OLD; + libssh2_htonu32(key_state->request + 1, LIBSSH2_DH_GEX_OPTGROUP); + key_state->request_len = 5; + _libssh2_debug(session, LIBSSH2_DBG_KEX, + "Initiating Diffie-Hellman Group-Exchange (Old Method)"); +#endif + + key_state->state = libssh2_NB_state_created; + } + + if (key_state->state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, key_state->request, + key_state->request_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send Group Exchange Request", 0); + ret = -1; + goto dh_gex_clean_exit; + } + + key_state->state = libssh2_NB_state_sent; + } + + if (key_state->state == libssh2_NB_state_sent) { + rc = libssh2_packet_require_ex(session, SSH_MSG_KEX_DH_GEX_GROUP, + &key_state->data, &key_state->data_len, + 0, NULL, 0, &key_state->req_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_TIMEOUT, + "Timeout waiting for GEX_GROUP reply", 0); + ret = -1; + goto dh_gex_clean_exit; + } + + key_state->state = libssh2_NB_state_sent1; + } + + if (key_state->state == libssh2_NB_state_sent1) { + s = key_state->data + 1; + p_len = libssh2_ntohu32(s); + s += 4; + _libssh2_bn_from_bin(key_state->p, p_len, s); + s += p_len; + + g_len = libssh2_ntohu32(s); + s += 4; + _libssh2_bn_from_bin(key_state->g, g_len, s); + s += g_len; + + ret = + libssh2_kex_method_diffie_hellman_groupGP_sha1_key_exchange + (session, key_state->g, key_state->p, p_len, + SSH_MSG_KEX_DH_GEX_INIT, SSH_MSG_KEX_DH_GEX_REPLY, + key_state->data + 1, key_state->data_len - 1, + &key_state->exchange_state); + if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + LIBSSH2_FREE(session, key_state->data); + } + + dh_gex_clean_exit: + key_state->state = libssh2_NB_state_idle; + _libssh2_bn_free(key_state->g); + key_state->g = NULL; + _libssh2_bn_free(key_state->p); + key_state->p = NULL; + + return ret; +} + +/* }}} */ + +#define LIBSSH2_KEX_METHOD_FLAG_REQ_ENC_HOSTKEY 0x0001 +#define LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY 0x0002 + +static const LIBSSH2_KEX_METHOD libssh2_kex_method_diffie_helman_group1_sha1 = { + "diffie-hellman-group1-sha1", + libssh2_kex_method_diffie_hellman_group1_sha1_key_exchange, + LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY, +}; + +static const LIBSSH2_KEX_METHOD libssh2_kex_method_diffie_helman_group14_sha1 = { + "diffie-hellman-group14-sha1", + libssh2_kex_method_diffie_hellman_group14_sha1_key_exchange, + LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY, +}; + +static const LIBSSH2_KEX_METHOD + libssh2_kex_method_diffie_helman_group_exchange_sha1 = { + "diffie-hellman-group-exchange-sha1", + libssh2_kex_method_diffie_hellman_group_exchange_sha1_key_exchange, + LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY, +}; + +static const LIBSSH2_KEX_METHOD *libssh2_kex_methods[] = { + &libssh2_kex_method_diffie_helman_group14_sha1, + &libssh2_kex_method_diffie_helman_group_exchange_sha1, + &libssh2_kex_method_diffie_helman_group1_sha1, + NULL +}; + +typedef struct _LIBSSH2_COMMON_METHOD +{ + const char *name; +} LIBSSH2_COMMON_METHOD; + +/* {{{ libssh2_kex_method_strlen + * Calculate the length of a particular method list's resulting string + * Includes SUM(strlen() of each individual method plus 1 (for coma)) - 1 (because the last coma isn't used) + * Another sign of bad coding practices gone mad. Pretend you don't see this. + */ +static size_t +libssh2_kex_method_strlen(LIBSSH2_COMMON_METHOD ** method) +{ + size_t len = 0; + + if (!method || !*method) { + return 0; + } + + while (*method && (*method)->name) { + len += strlen((*method)->name) + 1; + method++; + } + + return len - 1; +} + +/* }}} */ + +/* {{{ libssh2_kex_method_list + * Generate formatted preference list in buf + */ +static size_t +libssh2_kex_method_list(unsigned char *buf, size_t list_strlen, + LIBSSH2_COMMON_METHOD ** method) +{ + libssh2_htonu32(buf, list_strlen); + buf += 4; + + if (!method || !*method) { + return 4; + } + + while (*method && (*method)->name) { + int mlen = strlen((*method)->name); + memcpy(buf, (*method)->name, mlen); + buf += mlen; + *(buf++) = ','; + method++; + } + + return list_strlen + 4; +} + +/* }}} */ + +#define LIBSSH2_METHOD_PREFS_LEN(prefvar, defaultvar) ((prefvar) ? strlen(prefvar) : libssh2_kex_method_strlen((LIBSSH2_COMMON_METHOD**)(defaultvar))) +#define LIBSSH2_METHOD_PREFS_STR(buf, prefvarlen, prefvar, defaultvar) \ + if (prefvar) { \ + libssh2_htonu32((buf), (prefvarlen)); \ + buf += 4; \ + memcpy((buf), (prefvar), (prefvarlen)); \ + buf += (prefvarlen); \ + } else { \ + buf += libssh2_kex_method_list((buf), (prefvarlen), (LIBSSH2_COMMON_METHOD**)(defaultvar)); \ + } + +/* {{{ libssh2_kexinit + * Send SSH_MSG_KEXINIT packet + */ +static int +libssh2_kexinit(LIBSSH2_SESSION * session) +{ + /* 62 = packet_type(1) + cookie(16) + first_packet_follows(1) + + reserved(4) + length longs(40) */ + size_t data_len = 62; + size_t kex_len, hostkey_len = 0; + size_t crypt_cs_len, crypt_sc_len; + size_t comp_cs_len, comp_sc_len; + size_t mac_cs_len, mac_sc_len; + size_t lang_cs_len, lang_sc_len; + unsigned char *data, *s; + int rc; + + if (session->kexinit_state == libssh2_NB_state_idle) { + kex_len = + LIBSSH2_METHOD_PREFS_LEN(session->kex_prefs, libssh2_kex_methods); + hostkey_len = + LIBSSH2_METHOD_PREFS_LEN(session->hostkey_prefs, + libssh2_hostkey_methods()); + crypt_cs_len = + LIBSSH2_METHOD_PREFS_LEN(session->local.crypt_prefs, + libssh2_crypt_methods()); + crypt_sc_len = + LIBSSH2_METHOD_PREFS_LEN(session->remote.crypt_prefs, + libssh2_crypt_methods()); + mac_cs_len = + LIBSSH2_METHOD_PREFS_LEN(session->local.mac_prefs, + libssh2_mac_methods()); + mac_sc_len = + LIBSSH2_METHOD_PREFS_LEN(session->remote.mac_prefs, + libssh2_mac_methods()); + comp_cs_len = + LIBSSH2_METHOD_PREFS_LEN(session->local.comp_prefs, + libssh2_comp_methods()); + comp_sc_len = + LIBSSH2_METHOD_PREFS_LEN(session->remote.comp_prefs, + libssh2_comp_methods()); + lang_cs_len = + LIBSSH2_METHOD_PREFS_LEN(session->local.lang_prefs, NULL); + lang_sc_len = + LIBSSH2_METHOD_PREFS_LEN(session->remote.lang_prefs, NULL); + + data_len += kex_len + hostkey_len + crypt_cs_len + crypt_sc_len + + comp_cs_len + comp_sc_len + mac_cs_len + mac_sc_len + + lang_cs_len + lang_sc_len; + + s = data = LIBSSH2_ALLOC(session, data_len); + if (!data) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory", 0); + return -1; + } + + *(s++) = SSH_MSG_KEXINIT; + + libssh2_random(s, 16); + s += 16; + + /* Ennumerating through these lists twice is probably (certainly?) + inefficient from a CPU standpoint, but it saves multiple + malloc/realloc calls */ + LIBSSH2_METHOD_PREFS_STR(s, kex_len, session->kex_prefs, + libssh2_kex_methods); + LIBSSH2_METHOD_PREFS_STR(s, hostkey_len, session->hostkey_prefs, + libssh2_hostkey_methods()); + LIBSSH2_METHOD_PREFS_STR(s, crypt_cs_len, session->local.crypt_prefs, + libssh2_crypt_methods()); + LIBSSH2_METHOD_PREFS_STR(s, crypt_sc_len, session->remote.crypt_prefs, + libssh2_crypt_methods()); + LIBSSH2_METHOD_PREFS_STR(s, mac_cs_len, session->local.mac_prefs, + libssh2_mac_methods()); + LIBSSH2_METHOD_PREFS_STR(s, mac_sc_len, session->remote.mac_prefs, + libssh2_mac_methods()); + LIBSSH2_METHOD_PREFS_STR(s, comp_cs_len, session->local.comp_prefs, + libssh2_comp_methods()); + LIBSSH2_METHOD_PREFS_STR(s, comp_sc_len, session->remote.comp_prefs, + libssh2_comp_methods()); + LIBSSH2_METHOD_PREFS_STR(s, lang_cs_len, session->local.lang_prefs, + NULL); + LIBSSH2_METHOD_PREFS_STR(s, lang_sc_len, session->remote.lang_prefs, + NULL); + + /* No optimistic KEX packet follows */ + /* Deal with optimistic packets + * session->flags |= KEXINIT_OPTIMISTIC + * session->flags |= KEXINIT_METHODSMATCH + */ + *(s++) = 0; + + /* Reserved == 0 */ + *(s++) = 0; + *(s++) = 0; + *(s++) = 0; + *(s++) = 0; + +#ifdef LIBSSH2DEBUG + { + /* Funnily enough, they'll all "appear" to be '\0' terminated */ + unsigned char *p = data + 21; /* type(1) + cookie(16) + len(4) */ + + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent KEX: %s", p); + p += kex_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent HOSTKEY: %s", p); + p += hostkey_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent CRYPT_CS: %s", p); + p += crypt_cs_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent CRYPT_SC: %s", p); + p += crypt_sc_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent MAC_CS: %s", p); + p += mac_cs_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent MAC_SC: %s", p); + p += mac_sc_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent COMP_CS: %s", p); + p += comp_cs_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent COMP_SC: %s", p); + p += comp_sc_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent LANG_CS: %s", p); + p += lang_cs_len + 4; + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Sent LANG_SC: %s", p); + p += lang_sc_len + 4; + } +#endif /* LIBSSH2DEBUG */ + + session->kexinit_state = libssh2_NB_state_created; + } else { + data = session->kexinit_data; + data_len = session->kexinit_data_len; + } + + if ((rc = libssh2_packet_write(session, data, data_len)) == PACKET_EAGAIN) { + session->kexinit_data = data; + session->kexinit_data_len = data_len; + return PACKET_EAGAIN; + } else if (rc) { + LIBSSH2_FREE(session, data); + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send KEXINIT packet to remote host", 0); + session->kexinit_state = libssh2_NB_state_idle; + return -1; + } + + if (session->local.kexinit) { + LIBSSH2_FREE(session, session->local.kexinit); + } + + session->local.kexinit = data; + session->local.kexinit_len = data_len; + + session->kexinit_state = libssh2_NB_state_idle; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_kex_agree_instr + * Kex specific variant of strstr() + * Needle must be preceed by BOL or ',', and followed by ',' or EOL + */ +static unsigned char * +libssh2_kex_agree_instr(unsigned char *haystack, unsigned long haystack_len, + const unsigned char *needle, unsigned long needle_len) +{ + unsigned char *s; + + /* Haystack too short to bother trying */ + if (haystack_len < needle_len) { + return NULL; + } + + /* Needle at start of haystack */ + if ((strncmp((char *) haystack, (char *) needle, needle_len) == 0) && + (needle_len == haystack_len || haystack[needle_len] == ',')) { + return haystack; + } + + s = haystack; + /* Search until we run out of comas or we run out of haystack, + whichever comes first */ + while ((s = (unsigned char *) strchr((char *) s, ',')) + && ((haystack_len - (s - haystack)) > needle_len)) { + s++; + /* Needle at X position */ + if ((strncmp((char *) s, (char *) needle, needle_len) == 0) && + (((s - haystack) + needle_len) == haystack_len + || s[needle_len] == ',')) { + return s; + } + } + + return NULL; +} + +/* }}} */ + +/* {{{ libssh2_get_method_by_name + */ +static const LIBSSH2_COMMON_METHOD * +libssh2_get_method_by_name(const char *name, int name_len, + const LIBSSH2_COMMON_METHOD ** methodlist) +{ + while (*methodlist) { + if ((strlen((*methodlist)->name) == name_len) && + (strncmp((*methodlist)->name, name, name_len) == 0)) { + return *methodlist; + } + methodlist++; + } + return NULL; +} + +/* }}} */ + +/* {{{ libssh2_kex_agree_hostkey + * Agree on a Hostkey which works with this kex + */ +static int +libssh2_kex_agree_hostkey(LIBSSH2_SESSION * session, unsigned long kex_flags, + unsigned char *hostkey, unsigned long hostkey_len) +{ + const LIBSSH2_HOSTKEY_METHOD **hostkeyp = libssh2_hostkey_methods(); + unsigned char *s; + + if (session->hostkey_prefs) { + s = (unsigned char *) session->hostkey_prefs; + + while (s && *s) { + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + int method_len = (p ? (p - s) : strlen((char *) s)); + if (libssh2_kex_agree_instr(hostkey, hostkey_len, s, method_len)) { + const LIBSSH2_HOSTKEY_METHOD *method = + (const LIBSSH2_HOSTKEY_METHOD *) + libssh2_get_method_by_name((char *) s, method_len, + (const LIBSSH2_COMMON_METHOD **) + hostkeyp); + + if (!method) { + /* Invalid method -- Should never be reached */ + return -1; + } + + /* So far so good, but does it suit our purposes? (Encrypting vs Signing) */ + if (((kex_flags & LIBSSH2_KEX_METHOD_FLAG_REQ_ENC_HOSTKEY) == + 0) || (method->encrypt)) { + /* Either this hostkey can do encryption or this kex just doesn't require it */ + if (((kex_flags & LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY) + == 0) || (method->sig_verify)) { + /* Either this hostkey can do signing or this kex just doesn't require it */ + session->hostkey = method; + return 0; + } + } + } + + s = p ? p + 1 : NULL; + } + return -1; + } + + while (hostkeyp && (*hostkeyp)->name) { + s = libssh2_kex_agree_instr(hostkey, hostkey_len, + (unsigned char *) (*hostkeyp)->name, + strlen((*hostkeyp)->name)); + if (s) { + /* So far so good, but does it suit our purposes? (Encrypting vs Signing) */ + if (((kex_flags & LIBSSH2_KEX_METHOD_FLAG_REQ_ENC_HOSTKEY) == 0) || + ((*hostkeyp)->encrypt)) { + /* Either this hostkey can do encryption or this kex just doesn't require it */ + if (((kex_flags & LIBSSH2_KEX_METHOD_FLAG_REQ_SIGN_HOSTKEY) == + 0) || ((*hostkeyp)->sig_verify)) { + /* Either this hostkey can do signing or this kex just doesn't require it */ + session->hostkey = *hostkeyp; + return 0; + } + } + } + hostkeyp++; + } + + return -1; +} + +/* }}} */ + +/* {{{ libssh2_kex_agree_kex_hostkey + * Agree on a Key Exchange method and a hostkey encoding type + */ +static int +libssh2_kex_agree_kex_hostkey(LIBSSH2_SESSION * session, unsigned char *kex, + unsigned long kex_len, unsigned char *hostkey, + unsigned long hostkey_len) +{ + const LIBSSH2_KEX_METHOD **kexp = libssh2_kex_methods; + unsigned char *s; + + if (session->kex_prefs) { + s = (unsigned char *) session->kex_prefs; + + while (s && *s) { + unsigned char *q, *p = (unsigned char *) strchr((char *) s, ','); + int method_len = (p ? (p - s) : strlen((char *) s)); + if ((q = libssh2_kex_agree_instr(kex, kex_len, s, method_len))) { + const LIBSSH2_KEX_METHOD *method = (const LIBSSH2_KEX_METHOD *) + libssh2_get_method_by_name((char *) s, method_len, + (const LIBSSH2_COMMON_METHOD **) + kexp); + + if (!method) { + /* Invalid method -- Should never be reached */ + return -1; + } + + /* We've agreed on a key exchange method, + * Can we agree on a hostkey that works with this kex? + */ + if (libssh2_kex_agree_hostkey + (session, method->flags, hostkey, hostkey_len) == 0) { + session->kex = method; + if (session->burn_optimistic_kexinit && (kex == q)) { + /* Server sent an optimistic packet, + * and client agrees with preference + * cancel burning the first KEX_INIT packet that comes in */ + session->burn_optimistic_kexinit = 0; + } + return 0; + } + } + + s = p ? p + 1 : NULL; + } + return -1; + } + + while (*kexp && (*kexp)->name) { + s = libssh2_kex_agree_instr(kex, kex_len, + (unsigned char *) (*kexp)->name, + strlen((*kexp)->name)); + if (s) { + /* We've agreed on a key exchange method, + * Can we agree on a hostkey that works with this kex? + */ + if (libssh2_kex_agree_hostkey + (session, (*kexp)->flags, hostkey, hostkey_len) == 0) { + session->kex = *kexp; + if (session->burn_optimistic_kexinit && (kex == s)) { + /* Server sent an optimistic packet, + * and client agrees with preference + * cancel burning the first KEX_INIT packet that comes in */ + session->burn_optimistic_kexinit = 0; + } + return 0; + } + } + kexp++; + } + return -1; +} + +/* }}} */ + +/* {{{ libssh2_kex_agree_crypt + * Agree on a cipher algo + */ +static int +libssh2_kex_agree_crypt(LIBSSH2_SESSION * session, + libssh2_endpoint_data * endpoint, unsigned char *crypt, + unsigned long crypt_len) +{ + const LIBSSH2_CRYPT_METHOD **cryptp = libssh2_crypt_methods(); + unsigned char *s; + + (void) session; + + if (endpoint->crypt_prefs) { + s = (unsigned char *) endpoint->crypt_prefs; + + while (s && *s) { + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + int method_len = (p ? (p - s) : strlen((char *) s)); + + if (libssh2_kex_agree_instr(crypt, crypt_len, s, method_len)) { + const LIBSSH2_CRYPT_METHOD *method = + (const LIBSSH2_CRYPT_METHOD *) + libssh2_get_method_by_name((char *) s, method_len, + (const LIBSSH2_COMMON_METHOD **) + cryptp); + + if (!method) { + /* Invalid method -- Should never be reached */ + return -1; + } + + endpoint->crypt = method; + return 0; + } + + s = p ? p + 1 : NULL; + } + return -1; + } + + while (*cryptp && (*cryptp)->name) { + s = libssh2_kex_agree_instr(crypt, crypt_len, + (unsigned char *) (*cryptp)->name, + strlen((*cryptp)->name)); + if (s) { + endpoint->crypt = *cryptp; + return 0; + } + cryptp++; + } + + return -1; +} + +/* }}} */ + +/* {{{ libssh2_kex_agree_mac + * Agree on a message authentication hash + */ +static int +libssh2_kex_agree_mac(LIBSSH2_SESSION * session, + libssh2_endpoint_data * endpoint, unsigned char *mac, + unsigned long mac_len) +{ + const LIBSSH2_MAC_METHOD **macp = libssh2_mac_methods(); + unsigned char *s; + (void) session; + + if (endpoint->mac_prefs) { + s = (unsigned char *) endpoint->mac_prefs; + + while (s && *s) { + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + int method_len = (p ? (p - s) : strlen((char *) s)); + + if (libssh2_kex_agree_instr(mac, mac_len, s, method_len)) { + const LIBSSH2_MAC_METHOD *method = (const LIBSSH2_MAC_METHOD *) + libssh2_get_method_by_name((char *) s, method_len, + (const LIBSSH2_COMMON_METHOD **) + macp); + + if (!method) { + /* Invalid method -- Should never be reached */ + return -1; + } + + endpoint->mac = method; + return 0; + } + + s = p ? p + 1 : NULL; + } + return -1; + } + + while (*macp && (*macp)->name) { + s = libssh2_kex_agree_instr(mac, mac_len, + (unsigned char *) (*macp)->name, + strlen((*macp)->name)); + if (s) { + endpoint->mac = *macp; + return 0; + } + macp++; + } + + return -1; +} + +/* }}} */ + +/* {{{ libssh2_kex_agree_comp + * Agree on a compression scheme + */ +static int +libssh2_kex_agree_comp(LIBSSH2_SESSION * session, + libssh2_endpoint_data * endpoint, unsigned char *comp, + unsigned long comp_len) +{ + const LIBSSH2_COMP_METHOD **compp = libssh2_comp_methods(); + unsigned char *s; + (void) session; + + if (endpoint->comp_prefs) { + s = (unsigned char *) endpoint->comp_prefs; + + while (s && *s) { + unsigned char *p = (unsigned char *) strchr((char *) s, ','); + int method_len = (p ? (p - s) : strlen((char *) s)); + + if (libssh2_kex_agree_instr(comp, comp_len, s, method_len)) { + const LIBSSH2_COMP_METHOD *method = + (const LIBSSH2_COMP_METHOD *) + libssh2_get_method_by_name((char *) s, method_len, + (const LIBSSH2_COMMON_METHOD **) + compp); + + if (!method) { + /* Invalid method -- Should never be reached */ + return -1; + } + + endpoint->comp = method; + return 0; + } + + s = p ? p + 1 : NULL; + } + return -1; + } + + while (*compp && (*compp)->name) { + s = libssh2_kex_agree_instr(comp, comp_len, + (unsigned char *) (*compp)->name, + strlen((*compp)->name)); + if (s) { + endpoint->comp = *compp; + return 0; + } + compp++; + } + + return -1; +} + +/* }}} */ + +/* TODO: When in server mode we need to turn this logic on its head + * The Client gets to make the final call on "agreed methods" + */ + +/* {{{ libssh2_kex_agree_methods + * Decide which specific method to use of the methods offered by each party + */ +static int +libssh2_kex_agree_methods(LIBSSH2_SESSION * session, unsigned char *data, + unsigned data_len) +{ + unsigned char *kex, *hostkey, *crypt_cs, *crypt_sc, *comp_cs, *comp_sc, + *mac_cs, *mac_sc, *lang_cs, *lang_sc; + size_t kex_len, hostkey_len, crypt_cs_len, crypt_sc_len, comp_cs_len; + size_t comp_sc_len, mac_cs_len, mac_sc_len, lang_cs_len, lang_sc_len; + unsigned char *s = data; + + /* Skip packet_type, we know it already */ + s++; + + /* Skip cookie, don't worry, it's preserved in the kexinit field */ + s += 16; + + /* Locate each string */ + kex_len = libssh2_ntohu32(s); + kex = s + 4; + s += 4 + kex_len; + hostkey_len = libssh2_ntohu32(s); + hostkey = s + 4; + s += 4 + hostkey_len; + crypt_cs_len = libssh2_ntohu32(s); + crypt_cs = s + 4; + s += 4 + crypt_cs_len; + crypt_sc_len = libssh2_ntohu32(s); + crypt_sc = s + 4; + s += 4 + crypt_sc_len; + mac_cs_len = libssh2_ntohu32(s); + mac_cs = s + 4; + s += 4 + mac_cs_len; + mac_sc_len = libssh2_ntohu32(s); + mac_sc = s + 4; + s += 4 + mac_sc_len; + comp_cs_len = libssh2_ntohu32(s); + comp_cs = s + 4; + s += 4 + comp_cs_len; + comp_sc_len = libssh2_ntohu32(s); + comp_sc = s + 4; + s += 4 + comp_sc_len; + lang_cs_len = libssh2_ntohu32(s); + lang_cs = s + 4; + s += 4 + lang_cs_len; + lang_sc_len = libssh2_ntohu32(s); + lang_sc = s + 4; + s += 4 + lang_sc_len; + + /* If the server sent an optimistic packet, assume that it guessed wrong. + * If the guess is determined to be right (by libssh2_kex_agree_kex_hostkey) + * This flag will be reset to zero so that it's not ignored */ + session->burn_optimistic_kexinit = *(s++); + /* Next uint32 in packet is all zeros (reserved) */ + + if (data_len < (unsigned) (s - data)) + return -1; /* short packet */ + + if (libssh2_kex_agree_kex_hostkey + (session, kex, kex_len, hostkey, hostkey_len)) { + return -1; + } + + if (libssh2_kex_agree_crypt + (session, &session->local, crypt_cs, crypt_cs_len) + || libssh2_kex_agree_crypt(session, &session->remote, crypt_sc, + crypt_sc_len)) { + return -1; + } + + if (libssh2_kex_agree_mac(session, &session->local, mac_cs, mac_cs_len) || + libssh2_kex_agree_mac(session, &session->remote, mac_sc, mac_sc_len)) { + return -1; + } + + if (libssh2_kex_agree_comp(session, &session->local, comp_cs, comp_cs_len) + || libssh2_kex_agree_comp(session, &session->remote, comp_sc, + comp_sc_len)) { + return -1; + } + + if (libssh2_kex_agree_lang(session, &session->local, lang_cs, lang_cs_len) + || libssh2_kex_agree_lang(session, &session->remote, lang_sc, + lang_sc_len)) { + return -1; + } + + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on KEX method: %s", + session->kex->name); + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on HOSTKEY method: %s", + session->hostkey->name); + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on CRYPT_CS method: %s", + session->local.crypt->name); + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on CRYPT_SC method: %s", + session->remote.crypt->name); + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on MAC_CS method: %s", + session->local.mac->name); + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on MAC_SC method: %s", + session->remote.mac->name); + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on COMP_CS method: %s", + session->local.comp->name); + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on COMP_SC method: %s", + session->remote.comp->name); + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on LANG_CS method:"); /* None yet */ + _libssh2_debug(session, LIBSSH2_DBG_KEX, "Agreed on LANG_SC method:"); /* None yet */ + + /* Initialize compression layer */ + if (session->local.comp && session->local.comp->init && + session->local.comp->init(session, 1, &session->local.comp_abstract)) { + return -1; + } + + if (session->remote.comp && session->remote.comp->init && + session->remote.comp->init(session, 0, + &session->remote.comp_abstract)) { + return -1; + } + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_kex_exchange + * Exchange keys + * Returns 0 on success, non-zero on failure + */ +int +libssh2_kex_exchange(LIBSSH2_SESSION * session, int reexchange, /* session->flags |= SERVER */ + key_exchange_state_t * key_state) +{ + int rc = 0; + int retcode; + + if (key_state->state == libssh2_NB_state_idle) { + /* Prevent loop in packet_add() */ + session->state |= LIBSSH2_STATE_EXCHANGING_KEYS; + + if (reexchange) { + session->kex = NULL; + + if (session->hostkey && session->hostkey->dtor) { + session->hostkey->dtor(session, + &session->server_hostkey_abstract); + } + session->hostkey = NULL; + } + + key_state->state = libssh2_NB_state_created; + } + + if (!session->kex || !session->hostkey) { + if (key_state->state == libssh2_NB_state_created) { + /* Preserve in case of failure */ + key_state->oldlocal = session->local.kexinit; + key_state->oldlocal_len = session->local.kexinit_len; + + session->local.kexinit = NULL; + + key_state->state = libssh2_NB_state_sent; + } + + if (key_state->state == libssh2_NB_state_sent) { + retcode = libssh2_kexinit(session); + if (retcode == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (retcode) { + session->local.kexinit = key_state->oldlocal; + session->local.kexinit_len = key_state->oldlocal_len; + key_state->state = libssh2_NB_state_idle; + return -1; + } + + key_state->state = libssh2_NB_state_sent1; + } + + if (key_state->state == libssh2_NB_state_sent1) { + retcode = + libssh2_packet_require_ex(session, SSH_MSG_KEXINIT, + &key_state->data, + &key_state->data_len, 0, NULL, 0, + &key_state->req_state); + if (retcode == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (retcode) { + if (session->local.kexinit) { + LIBSSH2_FREE(session, session->local.kexinit); + } + session->local.kexinit = key_state->oldlocal; + session->local.kexinit_len = key_state->oldlocal_len; + key_state->state = libssh2_NB_state_idle; + return -1; + } + + if (session->remote.kexinit) { + LIBSSH2_FREE(session, session->remote.kexinit); + } + session->remote.kexinit = key_state->data; + session->remote.kexinit_len = key_state->data_len; + + if (libssh2_kex_agree_methods + (session, key_state->data, key_state->data_len)) { + rc = -1; + } + + key_state->state = libssh2_NB_state_sent2; + } + } else { + key_state->state = libssh2_NB_state_sent2; + } + + if (rc == 0) { + if (key_state->state == libssh2_NB_state_sent2) { + retcode = + session->kex->exchange_keys(session, + &key_state->key_state_low); + if (retcode == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (retcode) { + libssh2_error(session, LIBSSH2_ERROR_KEY_EXCHANGE_FAILURE, + "Unrecoverable error exchanging keys", 0); + rc = -1; + } + } + } + + /* Done with kexinit buffers */ + if (session->local.kexinit) { + LIBSSH2_FREE(session, session->local.kexinit); + session->local.kexinit = NULL; + } + if (session->remote.kexinit) { + LIBSSH2_FREE(session, session->remote.kexinit); + session->remote.kexinit = NULL; + } + + session->state &= ~LIBSSH2_STATE_EXCHANGING_KEYS; + + key_state->state = libssh2_NB_state_idle; + + return rc; +} + +/* }}} */ + +/* {{{ libssh2_session_method_pref + * Set preferred method + */ +LIBSSH2_API int +libssh2_session_method_pref(LIBSSH2_SESSION * session, int method_type, + const char *prefs) +{ + char **prefvar, *s, *newprefs; + int prefs_len = strlen(prefs); + const LIBSSH2_COMMON_METHOD **mlist; + + switch (method_type) { + case LIBSSH2_METHOD_KEX: + prefvar = &session->kex_prefs; + mlist = (const LIBSSH2_COMMON_METHOD **) libssh2_kex_methods; + break; + + case LIBSSH2_METHOD_HOSTKEY: + prefvar = &session->hostkey_prefs; + mlist = (const LIBSSH2_COMMON_METHOD **) libssh2_hostkey_methods(); + break; + + case LIBSSH2_METHOD_CRYPT_CS: + prefvar = &session->local.crypt_prefs; + mlist = (const LIBSSH2_COMMON_METHOD **) libssh2_crypt_methods(); + break; + + case LIBSSH2_METHOD_CRYPT_SC: + prefvar = &session->remote.crypt_prefs; + mlist = (const LIBSSH2_COMMON_METHOD **) libssh2_crypt_methods(); + break; + + case LIBSSH2_METHOD_MAC_CS: + prefvar = &session->local.mac_prefs; + mlist = (const LIBSSH2_COMMON_METHOD **) libssh2_mac_methods(); + break; + + case LIBSSH2_METHOD_MAC_SC: + prefvar = &session->remote.mac_prefs; + mlist = (const LIBSSH2_COMMON_METHOD **) libssh2_mac_methods(); + break; + + case LIBSSH2_METHOD_COMP_CS: + prefvar = &session->local.comp_prefs; + mlist = (const LIBSSH2_COMMON_METHOD **) libssh2_comp_methods(); + break; + + case LIBSSH2_METHOD_COMP_SC: + prefvar = &session->remote.comp_prefs; + mlist = (const LIBSSH2_COMMON_METHOD **) libssh2_comp_methods(); + break; + + case LIBSSH2_METHOD_LANG_CS: + prefvar = &session->local.lang_prefs; + mlist = NULL; + break; + + case LIBSSH2_METHOD_LANG_SC: + prefvar = &session->remote.lang_prefs; + mlist = NULL; + break; + + default: + libssh2_error(session, LIBSSH2_ERROR_INVAL, + "Invalid parameter specified for method_type", 0); + return -1; + } + + s = newprefs = LIBSSH2_ALLOC(session, prefs_len + 1); + if (!newprefs) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Error allocated space for method preferences", 0); + return -1; + } + memcpy(s, prefs, prefs_len + 1); + + while (s && *s) { + char *p = strchr(s, ','); + int method_len = p ? (p - s) : (int) strlen(s); + + if (!libssh2_get_method_by_name(s, method_len, mlist)) { + /* Strip out unsupported method */ + if (p) { + memcpy(s, p + 1, strlen(s) - method_len); + } else { + if (s > newprefs) { + *(--s) = '\0'; + } else { + *s = '\0'; + } + } + } + + s = p ? (p + 1) : NULL; + } + + if (strlen(newprefs) == 0) { + libssh2_error(session, LIBSSH2_ERROR_METHOD_NOT_SUPPORTED, + "The requested method(s) are not currently supported", + 0); + LIBSSH2_FREE(session, newprefs); + return -1; + } + + if (*prefvar) { + LIBSSH2_FREE(session, *prefvar); + } + *prefvar = newprefs; + + return 0; +} + +/* }}} */ diff --git a/Vendor/libssh2/Source/mac.c b/Vendor/libssh2/Source/mac.c new file mode 100644 index 0000000..ed924d7 --- /dev/null +++ b/Vendor/libssh2/Source/mac.c @@ -0,0 +1,311 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" + +#ifdef LIBSSH2_MAC_NONE +/* {{{ libssh2_mac_none_MAC + * Minimalist MAC: No MAC + */ +static int +libssh2_mac_none_MAC(LIBSSH2_SESSION * session, unsigned char *buf, + unsigned long seqno, const unsigned char *packet, + unsigned long packet_len, const unsigned char *addtl, + unsigned long addtl_len, void **abstract) +{ + return 0; +} + +/* }}} */ + + +static LIBSSH2_MAC_METHOD libssh2_mac_method_none = { + "none", + 0, + 0, + NULL, + libssh2_mac_none_MAC, + NULL +}; +#endif /* LIBSSH2_MAC_NONE */ + +/* {{{ libssh2_mac_method_common_init + * Initialize simple mac methods + */ +static int +libssh2_mac_method_common_init(LIBSSH2_SESSION * session, unsigned char *key, + int *free_key, void **abstract) +{ + *abstract = key; + *free_key = 0; + (void) session; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_mac_method_common_dtor + * Cleanup simple mac methods + */ +static int +libssh2_mac_method_common_dtor(LIBSSH2_SESSION * session, void **abstract) +{ + if (*abstract) { + LIBSSH2_FREE(session, *abstract); + } + *abstract = NULL; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_mac_method_hmac_sha1_hash + * Calculate hash using full sha1 value + */ +static int +libssh2_mac_method_hmac_sha1_hash(LIBSSH2_SESSION * session, + unsigned char *buf, unsigned long seqno, + const unsigned char *packet, + unsigned long packet_len, + const unsigned char *addtl, + unsigned long addtl_len, void **abstract) +{ + libssh2_hmac_ctx ctx; + unsigned char seqno_buf[4]; + (void) session; + + libssh2_htonu32(seqno_buf, seqno); + + libssh2_hmac_sha1_init(&ctx, *abstract, 20); + libssh2_hmac_update(ctx, seqno_buf, 4); + libssh2_hmac_update(ctx, packet, packet_len); + if (addtl && addtl_len) { + libssh2_hmac_update(ctx, addtl, addtl_len); + } + libssh2_hmac_final(ctx, buf); + libssh2_hmac_cleanup(&ctx); + + return 0; +} + +/* }}} */ + +static const LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_sha1 = { + "hmac-sha1", + 20, + 20, + libssh2_mac_method_common_init, + libssh2_mac_method_hmac_sha1_hash, + libssh2_mac_method_common_dtor, +}; + +/* {{{ libssh2_mac_method_hmac_sha1_96_hash + * Calculate hash using first 96 bits of sha1 value + */ +static int +libssh2_mac_method_hmac_sha1_96_hash(LIBSSH2_SESSION * session, + unsigned char *buf, unsigned long seqno, + const unsigned char *packet, + unsigned long packet_len, + const unsigned char *addtl, + unsigned long addtl_len, void **abstract) +{ + unsigned char temp[SHA_DIGEST_LENGTH]; + + libssh2_mac_method_hmac_sha1_hash(session, temp, seqno, packet, packet_len, + addtl, addtl_len, abstract); + memcpy(buf, (char *) temp, 96 / 8); + + return 0; +} + +/* }}} */ + +static const LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_sha1_96 = { + "hmac-sha1-96", + 12, + 20, + libssh2_mac_method_common_init, + libssh2_mac_method_hmac_sha1_96_hash, + libssh2_mac_method_common_dtor, +}; + +/* {{{ libssh2_mac_method_hmac_md5_hash + * Calculate hash using full md5 value + */ +static int +libssh2_mac_method_hmac_md5_hash(LIBSSH2_SESSION * session, unsigned char *buf, + unsigned long seqno, + const unsigned char *packet, + unsigned long packet_len, + const unsigned char *addtl, + unsigned long addtl_len, void **abstract) +{ + libssh2_hmac_ctx ctx; + unsigned char seqno_buf[4]; + (void) session; + + libssh2_htonu32(seqno_buf, seqno); + + libssh2_hmac_md5_init(&ctx, *abstract, 16); + libssh2_hmac_update(ctx, seqno_buf, 4); + libssh2_hmac_update(ctx, packet, packet_len); + if (addtl && addtl_len) { + libssh2_hmac_update(ctx, addtl, addtl_len); + } + libssh2_hmac_final(ctx, buf); + libssh2_hmac_cleanup(&ctx); + + return 0; +} + +/* }}} */ + +static const LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_md5 = { + "hmac-md5", + 16, + 16, + libssh2_mac_method_common_init, + libssh2_mac_method_hmac_md5_hash, + libssh2_mac_method_common_dtor, +}; + +/* {{{ libssh2_mac_method_hmac_md5_96_hash + * Calculate hash using first 96 bits of md5 value + */ +static int +libssh2_mac_method_hmac_md5_96_hash(LIBSSH2_SESSION * session, + unsigned char *buf, unsigned long seqno, + const unsigned char *packet, + unsigned long packet_len, + const unsigned char *addtl, + unsigned long addtl_len, void **abstract) +{ + unsigned char temp[MD5_DIGEST_LENGTH]; + + libssh2_mac_method_hmac_md5_hash(session, temp, seqno, packet, packet_len, + addtl, addtl_len, abstract); + memcpy(buf, (char *) temp, 96 / 8); + + return 0; +} + +/* }}} */ + +static const LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_md5_96 = { + "hmac-md5-96", + 12, + 16, + libssh2_mac_method_common_init, + libssh2_mac_method_hmac_md5_96_hash, + libssh2_mac_method_common_dtor, +}; + +#if LIBSSH2_HMAC_RIPEMD +/* {{{ libssh2_mac_method_hmac_ripemd160_hash + * Calculate hash using ripemd160 value + */ +static int +libssh2_mac_method_hmac_ripemd160_hash(LIBSSH2_SESSION * session, + unsigned char *buf, unsigned long seqno, + const unsigned char *packet, + unsigned long packet_len, + const unsigned char *addtl, + unsigned long addtl_len, + void **abstract) +{ + libssh2_hmac_ctx ctx; + unsigned char seqno_buf[4]; + (void) session; + + libssh2_htonu32(seqno_buf, seqno); + + libssh2_hmac_ripemd160_init(&ctx, *abstract, 20); + libssh2_hmac_update(ctx, seqno_buf, 4); + libssh2_hmac_update(ctx, packet, packet_len); + if (addtl && addtl_len) { + libssh2_hmac_update(ctx, addtl, addtl_len); + } + libssh2_hmac_final(ctx, buf); + libssh2_hmac_cleanup(&ctx); + + return 0; +} + +/* }}} */ + +static const LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_ripemd160 = { + "hmac-ripemd160", + 20, + 20, + libssh2_mac_method_common_init, + libssh2_mac_method_hmac_ripemd160_hash, + libssh2_mac_method_common_dtor, +}; + +static const LIBSSH2_MAC_METHOD libssh2_mac_method_hmac_ripemd160_openssh_com = { + "hmac-ripemd160@openssh.com", + 20, + 20, + libssh2_mac_method_common_init, + libssh2_mac_method_hmac_ripemd160_hash, + libssh2_mac_method_common_dtor, +}; +#endif /* LIBSSH2_HMAC_RIPEMD */ + +static const LIBSSH2_MAC_METHOD *_libssh2_mac_methods[] = { + &libssh2_mac_method_hmac_sha1, + &libssh2_mac_method_hmac_sha1_96, + &libssh2_mac_method_hmac_md5, + &libssh2_mac_method_hmac_md5_96, +#ifdef LIBSSH2_HMAC_RIPEMD + &libssh2_mac_method_hmac_ripemd160, + &libssh2_mac_method_hmac_ripemd160_openssh_com, +#endif /* LIBSSH2_HMAC_RIPEMD */ +#ifdef LIBSSH2_MAC_NONE + &libssh2_mac_method_none, +#endif /* LIBSSH2_MAC_NONE */ + NULL +}; + +const LIBSSH2_MAC_METHOD ** +libssh2_mac_methods(void) +{ + return _libssh2_mac_methods; +} diff --git a/Vendor/libssh2/Source/misc.c b/Vendor/libssh2/Source/misc.c new file mode 100644 index 0000000..05f6329 --- /dev/null +++ b/Vendor/libssh2/Source/misc.c @@ -0,0 +1,241 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#ifdef HAVE_UNISTD_H +#include +#endif + +/* {{{ libssh2_ntohu32 + */ +unsigned long +libssh2_ntohu32(const unsigned char *buf) +{ + return (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; +} + +/* }}} */ + +/* {{{ libssh2_ntohu64 + * Note: Some 32-bit platforms have issues with bitops on long longs + * Work around this by doing expensive (but safer) arithmetic ops with optimization defying parentheses + */ +libssh2_uint64_t +libssh2_ntohu64(const unsigned char *buf) +{ + unsigned long msl, lsl; + + msl = (buf[0] << 24) | (buf[1] << 16) | (buf[2] << 8) | buf[3]; + lsl = (buf[4] << 24) | (buf[5] << 16) | (buf[6] << 8) | buf[7]; + + return ((msl * 65536) * 65536) + lsl; +} + +/* }}} */ + +/* {{{ libssh2_htonu32 + */ +void +libssh2_htonu32(unsigned char *buf, unsigned long value) +{ + buf[0] = (value >> 24) & 0xFF; + buf[1] = (value >> 16) & 0xFF; + buf[2] = (value >> 8) & 0xFF; + buf[3] = value & 0xFF; +} + +/* }}} */ + +/* {{{ libssh2_htonu64 + */ +void +libssh2_htonu64(unsigned char *buf, libssh2_uint64_t value) +{ + unsigned long msl = (value / 65536) / 65536; + + buf[0] = (msl >> 24) & 0xFF; + buf[1] = (msl >> 16) & 0xFF; + buf[2] = (msl >> 8) & 0xFF; + buf[3] = msl & 0xFF; + + buf[4] = (value >> 24) & 0xFF; + buf[5] = (value >> 16) & 0xFF; + buf[6] = (value >> 8) & 0xFF; + buf[7] = value & 0xFF; +} + +/* }}} */ + +/* Base64 Conversion */ + +/* {{{ */ +static const char libssh2_base64_table[] = + { 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', + 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z', + 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', + 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', + '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/', '\0' +}; + +static const char libssh2_base64_pad = '='; + +static const short libssh2_base64_reverse_table[256] = { + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, 62, -1, -1, -1, 63, + 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, -1, -1, -1, -1, -1, -1, + -1, 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, + 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, -1, -1, -1, -1, -1, + -1, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, + 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1 +}; + +/* }}} */ + + +/* {{{ libssh2_base64_decode + * Decode a base64 chunk and store it into a newly alloc'd buffer + */ +LIBSSH2_API int +libssh2_base64_decode(LIBSSH2_SESSION * session, char **data, + unsigned int *datalen, const char *src, + unsigned int src_len) +{ + unsigned char *s, *d; + short v; + int i = 0, len = 0; + + *data = LIBSSH2_ALLOC(session, (3 * src_len / 4) + 1); + d = (unsigned char *) *data; + if (!d) { + return -1; + } + + for(s = (unsigned char *) src; ((char *) s) < (src + src_len); s++) { + if ((v = libssh2_base64_reverse_table[*s]) < 0) + continue; + switch (i % 4) { + case 0: + d[len] = v << 2; + break; + case 1: + d[len++] |= v >> 4; + d[len] = v << 4; + break; + case 2: + d[len++] |= v >> 2; + d[len] = v << 6; + break; + case 3: + d[len++] |= v; + break; + } + i++; + } + if ((i % 4) == 1) { + /* Invalid -- We have a byte which belongs exclusively to a partial octet */ + LIBSSH2_FREE(session, *data); + return -1; + } + + *datalen = len; + return 0; +} + +/* }}} */ + +#ifdef LIBSSH2DEBUG +LIBSSH2_API int +libssh2_trace(LIBSSH2_SESSION * session, int bitmask) +{ + session->showmask = bitmask; + return 0; +} + +void +_libssh2_debug(LIBSSH2_SESSION * session, int context, const char *format, ...) +{ + char buffer[1536]; + int len; + va_list vargs; + static const char *const contexts[9] = { + "Unknown", + "Transport", + "Key Exchange", + "Userauth", + "Connection", + "scp", + "SFTP Subsystem", + "Failure Event", + "Publickey Subsystem", + }; + + if (context < 1 || context > 8) { + context = 0; + } + if (!(session->showmask & (1 << context))) { + /* no such output asked for */ + return; + } + + len = snprintf(buffer, 1535, "[libssh2] %s: ", contexts[context]); + + va_start(vargs, format); + len += vsnprintf(buffer + len, 1535 - len, format, vargs); + buffer[len] = '\n'; + va_end(vargs); + write(2, buffer, len + 1); + +} + +#else +LIBSSH2_API int +libssh2_trace(LIBSSH2_SESSION * session, int bitmask) +{ + (void) session; + (void) bitmask; + return 0; +} +#endif diff --git a/Vendor/libssh2/Source/openssl.c b/Vendor/libssh2/Source/openssl.c new file mode 100644 index 0000000..87e86dd --- /dev/null +++ b/Vendor/libssh2/Source/openssl.c @@ -0,0 +1,316 @@ +/* Copyright (C) 2006, 2007 The Written Word, Inc. All rights reserved. + * Author: Simon Josefsson + * Copyright (c) 2004-2006, Sara Golemon + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#include + +#ifndef EVP_MAX_BLOCK_LENGTH +#define EVP_MAX_BLOCK_LENGTH 32 +#endif + +int +_libssh2_rsa_new(libssh2_rsa_ctx ** rsa, + const unsigned char *edata, + unsigned long elen, + const unsigned char *ndata, + unsigned long nlen, + const unsigned char *ddata, + unsigned long dlen, + const unsigned char *pdata, + unsigned long plen, + const unsigned char *qdata, + unsigned long qlen, + const unsigned char *e1data, + unsigned long e1len, + const unsigned char *e2data, + unsigned long e2len, + const unsigned char *coeffdata, unsigned long coefflen) +{ + *rsa = RSA_new(); + + (*rsa)->e = BN_new(); + BN_bin2bn(edata, elen, (*rsa)->e); + + (*rsa)->n = BN_new(); + BN_bin2bn(ndata, nlen, (*rsa)->n); + + if (ddata) { + (*rsa)->d = BN_new(); + BN_bin2bn(ddata, dlen, (*rsa)->d); + + (*rsa)->p = BN_new(); + BN_bin2bn(pdata, plen, (*rsa)->p); + + (*rsa)->q = BN_new(); + BN_bin2bn(qdata, qlen, (*rsa)->q); + + (*rsa)->dmp1 = BN_new(); + BN_bin2bn(e1data, e1len, (*rsa)->dmp1); + + (*rsa)->dmq1 = BN_new(); + BN_bin2bn(e2data, e2len, (*rsa)->dmq1); + + (*rsa)->iqmp = BN_new(); + BN_bin2bn(coeffdata, coefflen, (*rsa)->iqmp); + } + return 0; +} + +int +_libssh2_rsa_sha1_verify(libssh2_rsa_ctx * rsactx, + const unsigned char *sig, + unsigned long sig_len, + const unsigned char *m, unsigned long m_len) +{ + unsigned char hash[SHA_DIGEST_LENGTH]; + int ret; + + SHA1(m, m_len, hash); + ret = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH, + (unsigned char *) sig, sig_len, rsactx); + return (ret == 1) ? 0 : -1; +} + +int +_libssh2_dsa_new(libssh2_dsa_ctx ** dsactx, + const unsigned char *p, + unsigned long p_len, + const unsigned char *q, + unsigned long q_len, + const unsigned char *g, + unsigned long g_len, + const unsigned char *y, + unsigned long y_len, + const unsigned char *x, unsigned long x_len) +{ + *dsactx = DSA_new(); + + (*dsactx)->p = BN_new(); + BN_bin2bn(p, p_len, (*dsactx)->p); + + (*dsactx)->q = BN_new(); + BN_bin2bn(q, q_len, (*dsactx)->q); + + (*dsactx)->g = BN_new(); + BN_bin2bn(g, g_len, (*dsactx)->g); + + (*dsactx)->pub_key = BN_new(); + BN_bin2bn(y, y_len, (*dsactx)->pub_key); + + if (x_len) { + (*dsactx)->priv_key = BN_new(); + BN_bin2bn(x, x_len, (*dsactx)->priv_key); + } + + return 0; +} + +int +_libssh2_dsa_sha1_verify(libssh2_dsa_ctx * dsactx, + const unsigned char *sig, + const unsigned char *m, unsigned long m_len) +{ + unsigned char hash[SHA_DIGEST_LENGTH]; + DSA_SIG dsasig; + int ret; + + dsasig.r = BN_new(); + BN_bin2bn(sig, 20, dsasig.r); + dsasig.s = BN_new(); + BN_bin2bn(sig + 20, 20, dsasig.s); + + libssh2_sha1(m, m_len, hash); + ret = DSA_do_verify(hash, SHA_DIGEST_LENGTH, &dsasig, dsactx); + BN_clear_free(dsasig.s); + BN_clear_free(dsasig.r); + + return (ret == 1) ? 0 : -1; +} + +int +_libssh2_cipher_init(_libssh2_cipher_ctx * h, + _libssh2_cipher_type(algo), + unsigned char *iv, unsigned char *secret, int encrypt) +{ + EVP_CIPHER_CTX_init(h); + EVP_CipherInit(h, algo(), secret, iv, encrypt); + return 0; +} + +int +_libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx, + _libssh2_cipher_type(algo), + int encrypt, unsigned char *block) +{ + int blocksize = ctx->cipher->block_size; + unsigned char buf[EVP_MAX_BLOCK_LENGTH]; + int ret; + (void) algo; + (void) encrypt; + + if (blocksize == 1) { +/* Hack for arcfour. */ + blocksize = 8; + } + ret = EVP_Cipher(ctx, buf, block, blocksize); + if (ret == 1) { + memcpy(block, buf, blocksize); + } + return ret == 1 ? 0 : 1; +} + +/* TODO: Optionally call a passphrase callback specified by the + * calling program + */ +static int +passphrase_cb(char *buf, int size, int rwflag, char *passphrase) +{ + int passphrase_len = strlen(passphrase); + (void) rwflag; + + if (passphrase_len > (size - 1)) { + passphrase_len = size - 1; + } + memcpy(buf, passphrase, passphrase_len); + buf[passphrase_len] = '\0'; + + return passphrase_len; +} + +int +_libssh2_rsa_new_private(libssh2_rsa_ctx ** rsa, + LIBSSH2_SESSION * session, + FILE * fp, unsigned const char *passphrase) +{ + (void) session; + if (!EVP_get_cipherbyname("des")) { +/* If this cipher isn't loaded it's a pretty good indication that none are. + * I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#( + * Someone buy me an OpenSSL manual and I'll read up on it. + */ + OpenSSL_add_all_ciphers(); + } + *rsa = PEM_read_RSAPrivateKey(fp, NULL, (void *) passphrase_cb, + (void *) passphrase); + if (!*rsa) { + return -1; + } + return 0; +} + +int +_libssh2_dsa_new_private(libssh2_dsa_ctx ** dsa, + LIBSSH2_SESSION * session, + FILE * fp, unsigned const char *passphrase) +{ + (void) session; + if (!EVP_get_cipherbyname("des")) { +/* If this cipher isn't loaded it's a pretty good indication that none are. + * I have *NO DOUBT* that there's a better way to deal with this ($#&%#$(%$#( + * Someone buy me an OpenSSL manual and I'll read up on it. + */ + OpenSSL_add_all_ciphers(); + } + *dsa = PEM_read_DSAPrivateKey(fp, NULL, (void *) passphrase_cb, + (void *) passphrase); + if (!*dsa) { + return -1; + } + return 0; +} + +int +_libssh2_rsa_sha1_sign(LIBSSH2_SESSION * session, + libssh2_rsa_ctx * rsactx, + const unsigned char *hash, + unsigned long hash_len, + unsigned char **signature, unsigned long *signature_len) +{ + int ret; + unsigned char *sig; + unsigned int sig_len; + + sig_len = RSA_size(rsactx); + sig = LIBSSH2_ALLOC(session, sig_len); + + if (!sig) { + return -1; + } + + ret = RSA_sign(NID_sha1, hash, hash_len, sig, &sig_len, rsactx); + + if (!ret) { + LIBSSH2_FREE(session, sig); + return -1; + } + + *signature = sig; + *signature_len = sig_len; + + return 0; +} + +int +_libssh2_dsa_sha1_sign(libssh2_dsa_ctx * dsactx, + const unsigned char *hash, + unsigned long hash_len, unsigned char *signature) +{ + DSA_SIG *sig; + int r_len, s_len, rs_pad; + (void) hash_len; + + sig = DSA_do_sign(hash, SHA_DIGEST_LENGTH, dsactx); + if (!sig) { + return -1; + } + + r_len = BN_num_bytes(sig->r); + s_len = BN_num_bytes(sig->s); + rs_pad = (2 * SHA_DIGEST_LENGTH) - (r_len + s_len); + if (rs_pad < 0) { + DSA_SIG_free(sig); + return -1; + } + + BN_bn2bin(sig->r, signature + rs_pad); + BN_bn2bin(sig->s, signature + rs_pad + r_len); + + DSA_SIG_free(sig); + + return 0; +} diff --git a/Vendor/libssh2/Source/packet.c b/Vendor/libssh2/Source/packet.c new file mode 100644 index 0000000..fd17186 --- /dev/null +++ b/Vendor/libssh2/Source/packet.c @@ -0,0 +1,1244 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#include +#include + +#ifdef HAVE_UNISTD_H +#include +#endif + +#ifdef HAVE_SYS_TIME_H +#include +#endif + +#ifdef HAVE_INTTYPES_H +#include +#endif + +/* Needed for struct iovec on some platforms */ +#ifdef HAVE_SYS_UIO_H +#include +#endif + +#include + +/* {{{ libssh2_packet_queue_listener + * Queue a connection request for a listener + */ +static inline int +libssh2_packet_queue_listener(LIBSSH2_SESSION * session, unsigned char *data, + unsigned long datalen, + packet_queue_listener_state_t * listen_state) +{ + /* + * Look for a matching listener + */ + unsigned char *s = data + (sizeof("forwarded-tcpip") - 1) + 5; + /* 17 = packet_type(1) + channel(4) + reason(4) + descr(4) + lang(4) */ + unsigned long packet_len = 17 + (sizeof(FwdNotReq) - 1); + unsigned char *p; + LIBSSH2_LISTENER *listen = session->listeners; + char failure_code = 1; /* SSH_OPEN_ADMINISTRATIVELY_PROHIBITED */ + int rc; + + (void) datalen; + + if (listen_state->state == libssh2_NB_state_idle) { + listen_state->sender_channel = libssh2_ntohu32(s); + s += 4; + + listen_state->initial_window_size = libssh2_ntohu32(s); + s += 4; + listen_state->packet_size = libssh2_ntohu32(s); + s += 4; + + listen_state->host_len = libssh2_ntohu32(s); + s += 4; + listen_state->host = s; + s += listen_state->host_len; + listen_state->port = libssh2_ntohu32(s); + s += 4; + + listen_state->shost_len = libssh2_ntohu32(s); + s += 4; + listen_state->shost = s; + s += listen_state->shost_len; + listen_state->sport = libssh2_ntohu32(s); + s += 4; + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Remote received connection from %s:%ld to %s:%ld", + listen_state->shost, listen_state->sport, + listen_state->host, listen_state->port); + + listen_state->state = libssh2_NB_state_allocated; + } + + if (listen_state->state != libssh2_NB_state_sent) { + while (listen) { + if ((listen->port == (int) listen_state->port) && + (strlen(listen->host) == listen_state->host_len) && + (memcmp + (listen->host, listen_state->host, + listen_state->host_len) == 0)) { + /* This is our listener */ + LIBSSH2_CHANNEL *channel, *last_queued = listen->queue; + + last_queued = listen->queue; + if (listen_state->state == libssh2_NB_state_allocated) { + if (listen->queue_maxsize && + (listen->queue_maxsize <= listen->queue_size)) { + /* Queue is full */ + failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */ + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Listener queue full, ignoring"); + listen_state->state = libssh2_NB_state_sent; + break; + } + + channel = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_CHANNEL)); + if (!channel) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate a channel for new connection", + 0); + failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */ + listen_state->state = libssh2_NB_state_sent; + break; + } + memset(channel, 0, sizeof(LIBSSH2_CHANNEL)); + + channel->session = session; + channel->channel_type_len = sizeof("forwarded-tcpip") - 1; + channel->channel_type = LIBSSH2_ALLOC(session, + channel-> + channel_type_len + + 1); + if (!channel->channel_type) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate a channel for new connection", + 0); + LIBSSH2_FREE(session, channel); + failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */ + listen_state->state = libssh2_NB_state_sent; + break; + } + memcpy(channel->channel_type, "forwarded-tcpip", + channel->channel_type_len + 1); + + channel->remote.id = listen_state->sender_channel; + channel->remote.window_size_initial = + LIBSSH2_CHANNEL_WINDOW_DEFAULT; + channel->remote.window_size = + LIBSSH2_CHANNEL_WINDOW_DEFAULT; + channel->remote.packet_size = + LIBSSH2_CHANNEL_PACKET_DEFAULT; + + channel->local.id = libssh2_channel_nextid(session); + channel->local.window_size_initial = + listen_state->initial_window_size; + channel->local.window_size = + listen_state->initial_window_size; + channel->local.packet_size = listen_state->packet_size; + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Connection queued: channel %lu/%lu win %lu/%lu packet %lu/%lu", + channel->local.id, channel->remote.id, + channel->local.window_size, + channel->remote.window_size, + channel->local.packet_size, + channel->remote.packet_size); + + p = listen_state->packet; + *(p++) = SSH_MSG_CHANNEL_OPEN_CONFIRMATION; + libssh2_htonu32(p, channel->remote.id); + p += 4; + libssh2_htonu32(p, channel->local.id); + p += 4; + libssh2_htonu32(p, channel->remote.window_size_initial); + p += 4; + libssh2_htonu32(p, channel->remote.packet_size); + p += 4; + + listen_state->state = libssh2_NB_state_created; + } + + if (listen_state->state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, listen_state->packet, + 17); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send channel open confirmation", + 0); + listen_state->state = libssh2_NB_state_idle; + return -1; + } + + /* Link the channel into the end of the queue list */ + + if (!last_queued) { + listen->queue = channel; + listen_state->state = libssh2_NB_state_idle; + return 0; + } + + while (last_queued->next) { + last_queued = last_queued->next; + } + + last_queued->next = channel; + channel->prev = last_queued; + + listen->queue_size++; + + listen_state->state = libssh2_NB_state_idle; + return 0; + } + } + + listen = listen->next; + } + + listen_state->state = libssh2_NB_state_sent; + } + + /* We're not listening to you */ + { + p = listen_state->packet; + *(p++) = SSH_MSG_CHANNEL_OPEN_FAILURE; + libssh2_htonu32(p, listen_state->sender_channel); + p += 4; + libssh2_htonu32(p, failure_code); + p += 4; + libssh2_htonu32(p, sizeof(FwdNotReq) - 1); + p += 4; + memcpy(s, FwdNotReq, sizeof(FwdNotReq) - 1); + p += sizeof(FwdNotReq) - 1; + libssh2_htonu32(p, 0); + + rc = libssh2_packet_write(session, listen_state->packet, packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send open failure", 0); + listen_state->state = libssh2_NB_state_idle; + return -1; + } + listen_state->state = libssh2_NB_state_idle; + return 0; + } +} + +/* }}} */ + +/* {{{ libssh2_packet_x11_open + * Accept a forwarded X11 connection + */ +static inline int +libssh2_packet_x11_open(LIBSSH2_SESSION * session, unsigned char *data, + unsigned long datalen, + packet_x11_open_state_t * x11open_state) +{ + int failure_code = 2; /* SSH_OPEN_CONNECT_FAILED */ + unsigned char *s = data + (sizeof("x11") - 1) + 5; + /* 17 = packet_type(1) + channel(4) + reason(4) + descr(4) + lang(4) */ + unsigned long packet_len = 17 + (sizeof(X11FwdUnAvil) - 1); + unsigned char *p; + LIBSSH2_CHANNEL *channel; + int rc; + + (void) datalen; + + if (x11open_state->state == libssh2_NB_state_idle) { + x11open_state->sender_channel = libssh2_ntohu32(s); + s += 4; + x11open_state->initial_window_size = libssh2_ntohu32(s); + s += 4; + x11open_state->packet_size = libssh2_ntohu32(s); + s += 4; + x11open_state->shost_len = libssh2_ntohu32(s); + s += 4; + x11open_state->shost = s; + s += x11open_state->shost_len; + x11open_state->sport = libssh2_ntohu32(s); + s += 4; + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "X11 Connection Received from %s:%ld on channel %lu", + x11open_state->shost, x11open_state->sport, + x11open_state->sender_channel); + + x11open_state->state = libssh2_NB_state_allocated; + } + + if (session->x11) { + if (x11open_state->state == libssh2_NB_state_allocated) { + channel = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_CHANNEL)); + if (!channel) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate a channel for new connection", + 0); + failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */ + goto x11_exit; + } + memset(channel, 0, sizeof(LIBSSH2_CHANNEL)); + + channel->session = session; + channel->channel_type_len = sizeof("x11") - 1; + channel->channel_type = LIBSSH2_ALLOC(session, + channel->channel_type_len + + 1); + if (!channel->channel_type) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate a channel for new connection", + 0); + LIBSSH2_FREE(session, channel); + failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */ + goto x11_exit; + } + memcpy(channel->channel_type, "x11", + channel->channel_type_len + 1); + + channel->remote.id = x11open_state->sender_channel; + channel->remote.window_size_initial = + LIBSSH2_CHANNEL_WINDOW_DEFAULT; + channel->remote.window_size = LIBSSH2_CHANNEL_WINDOW_DEFAULT; + channel->remote.packet_size = LIBSSH2_CHANNEL_PACKET_DEFAULT; + + channel->local.id = libssh2_channel_nextid(session); + channel->local.window_size_initial = + x11open_state->initial_window_size; + channel->local.window_size = x11open_state->initial_window_size; + channel->local.packet_size = x11open_state->packet_size; + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "X11 Connection established: channel %lu/%lu win %lu/%lu packet %lu/%lu", + channel->local.id, channel->remote.id, + channel->local.window_size, + channel->remote.window_size, + channel->local.packet_size, + channel->remote.packet_size); + p = x11open_state->packet; + *(p++) = SSH_MSG_CHANNEL_OPEN_CONFIRMATION; + libssh2_htonu32(p, channel->remote.id); + p += 4; + libssh2_htonu32(p, channel->local.id); + p += 4; + libssh2_htonu32(p, channel->remote.window_size_initial); + p += 4; + libssh2_htonu32(p, channel->remote.packet_size); + p += 4; + + x11open_state->state = libssh2_NB_state_created; + } + + if (x11open_state->state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, x11open_state->packet, 17); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send channel open confirmation", 0); + x11open_state->state = libssh2_NB_state_idle; + return -1; + } + + /* Link the channel into the session */ + if (session->channels.tail) { + session->channels.tail->next = channel; + channel->prev = session->channels.tail; + } else { + session->channels.head = channel; + channel->prev = NULL; + } + channel->next = NULL; + session->channels.tail = channel; + + /* + * Pass control to the callback, they may turn right around and + * free the channel, or actually use it + */ + LIBSSH2_X11_OPEN(channel, (char *) x11open_state->shost, + x11open_state->sport); + + x11open_state->state = libssh2_NB_state_idle; + return 0; + } + } else { + failure_code = 4; /* SSH_OPEN_RESOURCE_SHORTAGE */ + } + + x11_exit: + p = x11open_state->packet; + *(p++) = SSH_MSG_CHANNEL_OPEN_FAILURE; + libssh2_htonu32(p, x11open_state->sender_channel); + p += 4; + libssh2_htonu32(p, failure_code); + p += 4; + libssh2_htonu32(p, sizeof(X11FwdUnAvil) - 1); + p += 4; + memcpy(s, X11FwdUnAvil, sizeof(X11FwdUnAvil) - 1); + p += sizeof(X11FwdUnAvil) - 1; + libssh2_htonu32(p, 0); + + rc = libssh2_packet_write(session, x11open_state->packet, packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send open failure", 0); + x11open_state->state = libssh2_NB_state_idle; + return -1; + } + x11open_state->state = libssh2_NB_state_idle; + return 0; +} + +/* }}} */ + +/* {{{ libssh2_packet_new + * Create a new packet and attach it to the brigade + */ +int +libssh2_packet_add(LIBSSH2_SESSION * session, unsigned char *data, + size_t datalen, int macstate) +{ + int rc; + + if (session->packAdd_state == libssh2_NB_state_idle) { + session->packAdd_data_head = 0; + + /* Zero the whole thing out */ + memset(&session->packAdd_key_state, 0, + sizeof(session->packAdd_key_state)); + + /* Zero the whole thing out */ + memset(&session->packAdd_Qlstn_state, 0, + sizeof(session->packAdd_Qlstn_state)); + + /* Zero the whole thing out */ + memset(&session->packAdd_x11open_state, 0, + sizeof(session->packAdd_x11open_state)); + + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "Packet type %d received, length=%d", + (int) data[0], (int) datalen); + if (macstate == LIBSSH2_MAC_INVALID) { + if (session->macerror) { + if (LIBSSH2_MACERROR(session, (char *) data, datalen) == 0) { + /* Calling app has given the OK, Process it anyway */ + macstate = LIBSSH2_MAC_CONFIRMED; + } else { + libssh2_error(session, LIBSSH2_ERROR_INVALID_MAC, + "Invalid Message Authentication Code received", + 0); + if (session->ssh_msg_disconnect) { + LIBSSH2_DISCONNECT(session, SSH_DISCONNECT_MAC_ERROR, + "Invalid MAC received", + sizeof("Invalid MAC received") - 1, + "", 0); + } + LIBSSH2_FREE(session, data); + return -1; + } + } else { + libssh2_error(session, LIBSSH2_ERROR_INVALID_MAC, + "Invalid Message Authentication Code received", + 0); + if (session->ssh_msg_disconnect) { + LIBSSH2_DISCONNECT(session, SSH_DISCONNECT_MAC_ERROR, + "Invalid MAC received", + sizeof("Invalid MAC received") - 1, + "", 0); + } + LIBSSH2_FREE(session, data); + return -1; + } + } + + session->packAdd_state = libssh2_NB_state_allocated; + } + + /* + * =============================== NOTE =============================== + * I know this is very ugly and not a really good use of "goto", but + * this case statement would be even uglier to do it any other way + */ + if (session->packAdd_state == libssh2_NB_state_jump1) { + goto libssh2_packet_add_jump_point1; + } else if (session->packAdd_state == libssh2_NB_state_jump2) { + goto libssh2_packet_add_jump_point2; + } else if (session->packAdd_state == libssh2_NB_state_jump3) { + goto libssh2_packet_add_jump_point3; + } + + if (session->packAdd_state == libssh2_NB_state_allocated) { + /* A couple exceptions to the packet adding rule: */ + switch (data[0]) { + case SSH_MSG_DISCONNECT: + { + char *message, *language; + int reason, message_len, language_len; + + reason = libssh2_ntohu32(data + 1); + message_len = libssh2_ntohu32(data + 5); + /* 9 = packet_type(1) + reason(4) + message_len(4) */ + message = (char *) data + 9; + language_len = libssh2_ntohu32(data + 9 + message_len); + /* + * This is where we hack on the data a little, + * Use the MSB of language_len to to a terminating NULL + * (In all liklihood it is already) + * Shift the language tag back a byte (In all likelihood + * it's zero length anyway) + * Store a NULL in the last byte of the packet to terminate + * the language string + * With the lengths passed this isn't *REALLY* necessary, + * but it's "kind" + */ + message[message_len] = '\0'; + language = (char *) data + 9 + message_len + 3; + if (language_len) { + memcpy(language, language + 1, language_len); + } + language[language_len] = '\0'; + + if (session->ssh_msg_disconnect) { + LIBSSH2_DISCONNECT(session, reason, message, + message_len, language, language_len); + } + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "Disconnect(%d): %s(%s)", reason, + message, language); + LIBSSH2_FREE(session, data); + session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; + session->packAdd_state = libssh2_NB_state_idle; + return -1; + } + break; + + case SSH_MSG_IGNORE: + /* As with disconnect, back it up one and add a trailing NULL */ + memcpy(data + 4, data + 5, datalen - 5); + data[datalen] = '\0'; + if (session->ssh_msg_ignore) { + LIBSSH2_IGNORE(session, (char *) data + 4, datalen - 5); + } + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + break; + + case SSH_MSG_DEBUG: + { + int always_display = data[0]; + char *message, *language; + int message_len, language_len; + + message_len = libssh2_ntohu32(data + 2); + /* 6 = packet_type(1) + display(1) + message_len(4) */ + message = (char *) data + 6; + language_len = libssh2_ntohu32(data + 6 + message_len); + /* + * This is where we hack on the data a little, + * Use the MSB of language_len to to a terminating NULL + * (In all liklihood it is already) + * Shift the language tag back a byte (In all likelihood + * it's zero length anyway) + * Store a NULL in the last byte of the packet to terminate + * the language string + * With the lengths passed this isn't *REALLY* necessary, + * but it's "kind" + */ + message[message_len] = '\0'; + language = (char *) data + 6 + message_len + 3; + if (language_len) { + memcpy(language, language + 1, language_len); + } + language[language_len] = '\0'; + + if (session->ssh_msg_debug) { + LIBSSH2_DEBUG(session, always_display, message, + message_len, language, language_len); + } + /* + * _libssh2_debug will actually truncate this for us so + * that it's not an inordinate about of data + */ + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "Debug Packet: %s", message); + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + break; + + case SSH_MSG_CHANNEL_EXTENDED_DATA: + /* streamid(4) */ + session->packAdd_data_head += 4; + case SSH_MSG_CHANNEL_DATA: + /* packet_type(1) + channelno(4) + datalen(4) */ + session->packAdd_data_head += 9; + { + session->packAdd_channel = libssh2_channel_locate(session, + libssh2_ntohu32 + (data + 1)); + + if (!session->packAdd_channel) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_UNKNOWN, + "Packet received for unknown channel, ignoring", + 0); + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } +#ifdef LIBSSH2DEBUG + { + unsigned long stream_id = 0; + + if (data[0] == SSH_MSG_CHANNEL_EXTENDED_DATA) { + stream_id = libssh2_ntohu32(data + 5); + } + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "%d bytes received for channel %lu/%lu stream #%lu", + (int) (datalen - + session->packAdd_data_head), + session->packAdd_channel->local.id, + session->packAdd_channel->remote.id, + stream_id); + } +#endif + if ((session->packAdd_channel->remote. + extended_data_ignore_mode == + LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE) + && (data[0] == SSH_MSG_CHANNEL_EXTENDED_DATA)) { + /* Pretend we didn't receive this */ + LIBSSH2_FREE(session, data); + + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Ignoring extended data and refunding %d bytes", + (int) (datalen - 13)); + /* Adjust the window based on the block we just freed */ + libssh2_packet_add_jump_point1: + session->packAdd_state = libssh2_NB_state_jump1; + rc = libssh2_channel_receive_window_adjust(session-> + packAdd_channel, + datalen - 13, + 0); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + + /* + * REMEMBER! remote means remote as source of data, + * NOT remote window! + */ + if (session->packAdd_channel->remote.packet_size < + (datalen - session->packAdd_data_head)) { + /* + * Spec says we MAY ignore bytes sent beyond + * packet_size + */ + libssh2_error(session, + LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED, + "Packet contains more data than we offered to receive, truncating", + 0); + datalen = + session->packAdd_channel->remote.packet_size + + session->packAdd_data_head; + } + if (session->packAdd_channel->remote.window_size <= 0) { + /* + * Spec says we MAY ignore bytes sent beyond + * window_size + */ + libssh2_error(session, + LIBSSH2_ERROR_CHANNEL_WINDOW_EXCEEDED, + "The current receive window is full, data ignored", + 0); + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + /* Reset EOF status */ + session->packAdd_channel->remote.eof = 0; + + if ((datalen - session->packAdd_data_head) > + session->packAdd_channel->remote.window_size) { + libssh2_error(session, + LIBSSH2_ERROR_CHANNEL_WINDOW_EXCEEDED, + "Remote sent more data than current window allows, truncating", + 0); + datalen = + session->packAdd_channel->remote.window_size + + session->packAdd_data_head; + } else { + /* Now that we've received it, shrink our window */ + session->packAdd_channel->remote.window_size -= + datalen - session->packAdd_data_head; + } + } + break; + + case SSH_MSG_CHANNEL_EOF: + { + session->packAdd_channel = libssh2_channel_locate(session, + libssh2_ntohu32 + (data + 1)); + + if (!session->packAdd_channel) { + /* We may have freed already, just quietly ignore this... */ + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + + _libssh2_debug(session, + LIBSSH2_DBG_CONN, + "EOF received for channel %lu/%lu", + session->packAdd_channel->local.id, + session->packAdd_channel->remote.id); + session->packAdd_channel->remote.eof = 1; + + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + break; + + case SSH_MSG_CHANNEL_REQUEST: + { + if (libssh2_ntohu32(data + 5) == sizeof("exit-status") - 1 + && !memcmp("exit-status", data + 9, + sizeof("exit-status") - 1)) { + + /* we've got "exit-status" packet. Set the session value */ + session->packAdd_channel = + libssh2_channel_locate(session, + libssh2_ntohu32(data + 1)); + + if (session->packAdd_channel) { + session->packAdd_channel->exit_status = + libssh2_ntohu32(data + 9 + sizeof("exit-status")); + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Exit status %lu received for channel %lu/%lu", + session->packAdd_channel->exit_status, + session->packAdd_channel->local.id, + session->packAdd_channel->remote.id); + } + + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + } + break; + + case SSH_MSG_CHANNEL_CLOSE: + { + session->packAdd_channel = libssh2_channel_locate(session, + libssh2_ntohu32 + (data + 1)); + + if (!session->packAdd_channel) { + /* We may have freed already, just quietly ignore this... */ + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Close received for channel %lu/%lu", + session->packAdd_channel->local.id, + session->packAdd_channel->remote.id); + + session->packAdd_channel->remote.close = 1; + session->packAdd_channel->remote.eof = 1; + /* TODO: Add a callback for this */ + + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + break; + + case SSH_MSG_CHANNEL_OPEN: + if ((datalen >= (sizeof("forwarded-tcpip") + 4)) && + ((sizeof("forwarded-tcpip") - 1) == libssh2_ntohu32(data + 1)) + && + (memcmp + (data + 5, "forwarded-tcpip", + sizeof("forwarded-tcpip") - 1) == 0)) { + + libssh2_packet_add_jump_point2: + session->packAdd_state = libssh2_NB_state_jump2; + rc = libssh2_packet_queue_listener(session, data, datalen, + &session-> + packAdd_Qlstn_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return rc; + } + if ((datalen >= (sizeof("x11") + 4)) && + ((sizeof("x11") - 1) == libssh2_ntohu32(data + 1)) && + (memcmp(data + 5, "x11", sizeof("x11") - 1) == 0)) { + + libssh2_packet_add_jump_point3: + session->packAdd_state = libssh2_NB_state_jump3; + rc = libssh2_packet_x11_open(session, data, datalen, + &session->packAdd_x11open_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return rc; + } + break; + + case SSH_MSG_CHANNEL_WINDOW_ADJUST: + { + unsigned long bytestoadd = libssh2_ntohu32(data + 5); + session->packAdd_channel = libssh2_channel_locate(session, + libssh2_ntohu32 + (data + 1)); + + if (session->packAdd_channel && bytestoadd) { + session->packAdd_channel->local.window_size += bytestoadd; + } + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Window adjust received for channel %lu/%lu, adding %lu bytes, new window_size=%lu", + session->packAdd_channel->local.id, + session->packAdd_channel->remote.id, + bytestoadd, + session->packAdd_channel->local.window_size); + + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return 0; + } + break; + } + + session->packAdd_state = libssh2_NB_state_sent; + } + + if (session->packAdd_state == libssh2_NB_state_sent) { + session->packAdd_packet = + LIBSSH2_ALLOC(session, sizeof(LIBSSH2_PACKET)); + if (!session->packAdd_packet) { + _libssh2_debug(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for LIBSSH2_PACKET"); + LIBSSH2_FREE(session, data); + session->packAdd_state = libssh2_NB_state_idle; + return -1; + } + memset(session->packAdd_packet, 0, sizeof(LIBSSH2_PACKET)); + + session->packAdd_packet->data = data; + session->packAdd_packet->data_len = datalen; + session->packAdd_packet->data_head = session->packAdd_data_head; + session->packAdd_packet->mac = macstate; + session->packAdd_packet->brigade = &session->packets; + session->packAdd_packet->next = NULL; + + if (session->packets.tail) { + session->packAdd_packet->prev = session->packets.tail; + session->packAdd_packet->prev->next = session->packAdd_packet; + session->packets.tail = session->packAdd_packet; + } else { + session->packets.head = session->packAdd_packet; + session->packets.tail = session->packAdd_packet; + session->packAdd_packet->prev = NULL; + } + + session->packAdd_state = libssh2_NB_state_sent1; + } + + if ((data[0] == SSH_MSG_KEXINIT && + !(session->state & LIBSSH2_STATE_EXCHANGING_KEYS)) || + (session->packAdd_state == libssh2_NB_state_sent2)) { + if (session->packAdd_state == libssh2_NB_state_sent1) { + /* + * Remote wants new keys + * Well, it's already in the brigade, + * let's just call back into ourselves + */ + _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Renegotiating Keys"); + + session->packAdd_state = libssh2_NB_state_sent2; + } + /* + * If there was a key reexchange failure, let's just hope we didn't + * send NEWKEYS yet, otherwise remote will drop us like a rock + */ + rc = libssh2_kex_exchange(session, 1, &session->packAdd_key_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + } + + session->packAdd_state = libssh2_NB_state_idle; + return 0; +} + +/* }}} */ + +/* {{{ libssh2_packet_ask + * Scan the brigade for a matching packet type, optionally poll the socket for + * a packet first + */ +int +libssh2_packet_ask_ex(LIBSSH2_SESSION * session, unsigned char packet_type, + unsigned char **data, unsigned long *data_len, + unsigned long match_ofs, const unsigned char *match_buf, + unsigned long match_len, int poll_socket) +{ + LIBSSH2_PACKET *packet = session->packets.head; + + if (poll_socket) { + /* + * XXX CHECK *** + * When "poll_socket" is "1" libhss2_packet_read() can return + * PACKET_EAGAIN. I am not sure what should happen, but internally + * there is only one location that might do so, libssh2_packet_askv_ex() + */ + libssh2pack_t rc = libssh2_packet_read(session); + if ((rc < 0) && !packet) { + return rc; + } + } + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "Looking for packet of type: %d", (int) packet_type); + + while (packet) { + if (packet->data[0] == packet_type + && (packet->data_len >= (match_ofs + match_len)) && (!match_buf + || + (memcmp + (packet-> + data + + match_ofs, + match_buf, + match_len) + == 0))) { + *data = packet->data; + *data_len = packet->data_len; + + if (packet->prev) { + packet->prev->next = packet->next; + } else { + session->packets.head = packet->next; + } + + if (packet->next) { + packet->next->prev = packet->prev; + } else { + session->packets.tail = packet->prev; + } + + LIBSSH2_FREE(session, packet); + + return 0; + } + packet = packet->next; + } + return -1; +} + +/* }}} */ + +/* {{{ libssh2_packet_askv + * Scan for any of a list of packet types in the brigade, optionally poll the + * socket for a packet first + */ +int +libssh2_packet_askv_ex(LIBSSH2_SESSION * session, + const unsigned char *packet_types, + unsigned char **data, unsigned long *data_len, + unsigned long match_ofs, + const unsigned char *match_buf, + unsigned long match_len, int poll_socket) +{ + int i, packet_types_len = strlen((char *) packet_types); + + for(i = 0; i < packet_types_len; i++) { + /* + * XXX CHECK XXX + * When "poll_socket" is "1" libssh2_packet_ask_ex() could + * return PACKET_EAGAIN. Not sure the correct action, I + * think it is right as is. + */ + if (0 == libssh2_packet_ask_ex(session, packet_types[i], data, + data_len, match_ofs, match_buf, + match_len, i ? 0 : poll_socket)) { + return 0; + } + } + + return -1; +} + +/* }}} */ + +/* {{{ waitsocket + * Returns + * negative on error + * >0 on incoming data + * 0 on timeout + * + * FIXME: convert to use poll on systems that have it. + */ +int +libssh2_waitsocket(LIBSSH2_SESSION * session, long seconds) +{ + struct timeval timeout; + int rc; + fd_set fd; + + timeout.tv_sec = seconds; + timeout.tv_usec = 0; + + FD_ZERO(&fd); + + FD_SET(session->socket_fd, &fd); + + rc = select(session->socket_fd + 1, &fd, NULL, NULL, &timeout); + + return rc; +} + +/* {{{ libssh2_packet_require + * Loops libssh2_packet_read() until the packet requested is available + * SSH_DISCONNECT or a SOCKET_DISCONNECTED will cause a bailout + * + * Returns negative on error + * Returns 0 when it has taken care of the requested packet. + */ +int +libssh2_packet_require_ex(LIBSSH2_SESSION * session, unsigned char packet_type, + unsigned char **data, unsigned long *data_len, + unsigned long match_ofs, + const unsigned char *match_buf, + unsigned long match_len, + packet_require_state_t * state) +{ + if (state->start == 0) { + if (libssh2_packet_ask_ex + (session, packet_type, data, data_len, match_ofs, match_buf, + match_len, 0) == 0) { + /* A packet was available in the packet brigade */ + return 0; + } + + state->start = time(NULL); + + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "May block until packet of type %d becomes available", + (int) packet_type); + } + + while (session->socket_state == LIBSSH2_SOCKET_CONNECTED) { + libssh2pack_t ret = libssh2_packet_read(session); + if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if ((ret == 0) && (!session->socket_block)) { + /* If we are in non-blocking and there is no data, return that */ + return PACKET_EAGAIN; + } else if (ret < 0) { + state->start = 0; + /* an error which is not just because of blocking */ + return ret; + } else if (ret == packet_type) { + /* Be lazy, let packet_ask pull it out of the brigade */ + ret = + libssh2_packet_ask_ex(session, packet_type, data, data_len, + match_ofs, match_buf, match_len, 0); + state->start = 0; + return ret; + } else if (ret == 0) { + /* nothing available, wait until data arrives or we time out */ + long left = LIBSSH2_READ_TIMEOUT - (time(NULL) - state->start); + + if ((left <= 0) || (libssh2_waitsocket(session, left) <= 0)) { + state->start = 0; + return PACKET_TIMEOUT; + } + } + } + + /* Only reached if the socket died */ + return -1; +} + +/* }}} */ + +/* {{{ libssh2_packet_burn + * Loops libssh2_packet_read() until any packet is available and promptly + * discards it + * Used during KEX exchange to discard badly guessed KEX_INIT packets + */ +int +libssh2_packet_burn(LIBSSH2_SESSION * session, + libssh2_nonblocking_states * state) +{ + unsigned char *data; + unsigned long data_len; + unsigned char all_packets[255]; + int i; + int ret; + + if (*state == libssh2_NB_state_idle) { + for(i = 1; i < 256; i++) { + all_packets[i - 1] = i; + } + + if (libssh2_packet_askv_ex + (session, all_packets, &data, &data_len, 0, NULL, 0, 0) == 0) { + i = data[0]; + /* A packet was available in the packet brigade, burn it */ + LIBSSH2_FREE(session, data); + return i; + } + + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "Blocking until packet becomes available to burn"); + *state = libssh2_NB_state_created; + } + + while (session->socket_state == LIBSSH2_SOCKET_CONNECTED) { + if ((ret = libssh2_packet_read(session)) == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (ret < 0) { + *state = libssh2_NB_state_idle; + return ret; + } else if (ret == 0) { + /* FIXME: this might busyloop */ + continue; + } + + /* Be lazy, let packet_ask pull it out of the brigade */ + if (0 == + libssh2_packet_ask_ex(session, ret, &data, &data_len, 0, NULL, 0, + 0)) { + /* Smoke 'em if you got 'em */ + LIBSSH2_FREE(session, data); + *state = libssh2_NB_state_idle; + return ret; + } + } + + /* Only reached if the socket died */ + return -1; +} + +/* }}} */ + +/* + * {{{ libssh2_packet_requirev + * + * Loops libssh2_packet_read() until one of a list of packet types requested is + * available + * SSH_DISCONNECT or a SOCKET_DISCONNECTED will cause a bailout + * packet_types is a null terminated list of packet_type numbers + */ + +int +libssh2_packet_requirev_ex(LIBSSH2_SESSION * session, + const unsigned char *packet_types, + unsigned char **data, unsigned long *data_len, + unsigned long match_ofs, + const unsigned char *match_buf, + unsigned long match_len, + packet_requirev_state_t * state) +{ + if (libssh2_packet_askv_ex + (session, packet_types, data, data_len, match_ofs, match_buf, + match_len, 0) == 0) { + /* One of the packets listed was available in the packet + brigade */ + state->start = 0; + return 0; + } + + if (state->start == 0) { + state->start = time(NULL); + } + + while (session->socket_state != LIBSSH2_SOCKET_DISCONNECTED) { + int ret = libssh2_packet_read(session); + if ((ret < 0) && (ret != PACKET_EAGAIN)) { + state->start = 0; + return ret; + } + if (ret <= 0) { + long left = LIBSSH2_READ_TIMEOUT - (time(NULL) - state->start); + + if ((left <= 0) || (libssh2_waitsocket(session, left) <= 0)) { + state->start = 0; + return PACKET_TIMEOUT; + } else if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + } + + if (strchr((char *) packet_types, ret)) { + /* Be lazy, let packet_ask pull it out of the brigade */ + return libssh2_packet_askv_ex(session, packet_types, data, + data_len, match_ofs, match_buf, + match_len, 0); + } + } + + /* Only reached if the socket died */ + state->start = 0; + return -1; +} + +/* }}} */ diff --git a/Vendor/libssh2/Source/pem.c b/Vendor/libssh2/Source/pem.c new file mode 100644 index 0000000..58c01e8 --- /dev/null +++ b/Vendor/libssh2/Source/pem.c @@ -0,0 +1,207 @@ +/* Copyright (C) 2007 The Written Word, Inc. All rights reserved. + * Author: Simon Josefsson + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" + +static int +readline(char *line, int line_size, FILE * fp) +{ + if (!fgets(line, line_size, fp)) { + return -1; + } + if (*line && line[strlen(line) - 1] == '\n') { + line[strlen(line) - 1] = '\0'; + } + if (*line && line[strlen(line) - 1] == '\r') { + line[strlen(line) - 1] = '\0'; + } + return 0; +} + +#define LINE_SIZE 128 + +int +_libssh2_pem_parse(LIBSSH2_SESSION * session, + const char *headerbegin, + const char *headerend, + FILE * fp, char **data, unsigned int *datalen) +{ + char line[LINE_SIZE]; + char *b64data = NULL; + unsigned int b64datalen = 0; + int ret; + + do { + if (readline(line, LINE_SIZE, fp)) { + return -1; + } + } + while (strcmp(line, headerbegin) != 0); + + *line = '\0'; + + do { + if (*line) { + char *tmp; + size_t linelen; + + linelen = strlen(line); + tmp = LIBSSH2_REALLOC(session, b64data, b64datalen + linelen); + if (!tmp) { + ret = -1; + goto out; + } + memcpy(tmp + b64datalen, line, linelen); + b64data = tmp; + b64datalen += linelen; + } + + if (readline(line, LINE_SIZE, fp)) { + ret = -1; + goto out; + } + } while (strcmp(line, headerend) != 0); + + if (libssh2_base64_decode(session, data, datalen, b64data, b64datalen)) { + ret = -1; + goto out; + } + + ret = 0; + out: + if (b64data) { + LIBSSH2_FREE(session, b64data); + } + return ret; +} + +static int +read_asn1_length(const unsigned char *data, + unsigned int datalen, unsigned int *len) +{ + unsigned int lenlen; + int nextpos; + + if (datalen < 1) { + return -1; + } + *len = data[0]; + + if (*len >= 0x80) { + lenlen = *len & 0x7F; + *len = data[1]; + if (1 + lenlen > datalen) { + return -1; + } + if (lenlen > 1) { + *len <<= 8; + *len |= data[2]; + } + } else { + lenlen = 0; + } + + nextpos = 1 + lenlen; + if (lenlen > 2 || 1 + lenlen + *len > datalen) { + return -1; + } + + return nextpos; +} + +int +_libssh2_pem_decode_sequence(unsigned char **data, unsigned int *datalen) +{ + unsigned int len; + int lenlen; + + if (*datalen < 1) { + return -1; + } + + if ((*data)[0] != '\x30') { + return -1; + } + + (*data)++; + (*datalen)--; + + lenlen = read_asn1_length(*data, *datalen, &len); + if (lenlen < 0 || lenlen + len != *datalen) { + return -1; + } + + *data += lenlen; + *datalen -= lenlen; + + return 0; +} + +int +_libssh2_pem_decode_integer(unsigned char **data, unsigned int *datalen, + unsigned char **i, unsigned int *ilen) +{ + unsigned int len; + int lenlen; + + if (*datalen < 1) { + return -1; + } + + if ((*data)[0] != '\x02') { + return -1; + } + + (*data)++; + (*datalen)--; + + lenlen = read_asn1_length(*data, *datalen, &len); + if (lenlen < 0 || lenlen + len > *datalen) { + return -1; + } + + *data += lenlen; + *datalen -= lenlen; + + *i = *data; + *ilen = len; + + *data += len; + *datalen -= len; + + return 0; +} diff --git a/Vendor/libssh2/Source/publickey.c b/Vendor/libssh2/Source/publickey.c new file mode 100644 index 0000000..075db8a --- /dev/null +++ b/Vendor/libssh2/Source/publickey.c @@ -0,0 +1,1094 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#include "libssh2_publickey.h" + +#define LIBSSH2_PUBLICKEY_VERSION 2 + +/* Numericised response codes -- Not IETF standard, just a local representation */ +#define LIBSSH2_PUBLICKEY_RESPONSE_STATUS 0 +#define LIBSSH2_PUBLICKEY_RESPONSE_VERSION 1 +#define LIBSSH2_PUBLICKEY_RESPONSE_PUBLICKEY 2 + +typedef struct _LIBSSH2_PUBLICKEY_CODE_LIST +{ + int code; + const char *name; + int name_len; +} LIBSSH2_PUBLICKEY_CODE_LIST; + +static const LIBSSH2_PUBLICKEY_CODE_LIST libssh2_publickey_response_codes[] = { + {LIBSSH2_PUBLICKEY_RESPONSE_STATUS, "status", sizeof("status") - 1} + , + {LIBSSH2_PUBLICKEY_RESPONSE_VERSION, "version", sizeof("version") - 1} + , + {LIBSSH2_PUBLICKEY_RESPONSE_PUBLICKEY, "publickey", sizeof("publickey") - 1} + , + {0, NULL, 0} +}; + +/* PUBLICKEY status codes -- IETF defined */ +#define LIBSSH2_PUBLICKEY_SUCCESS 0 +#define LIBSSH2_PUBLICKEY_ACCESS_DENIED 1 +#define LIBSSH2_PUBLICKEY_STORAGE_EXCEEDED 2 +#define LIBSSH2_PUBLICKEY_VERSION_NOT_SUPPORTED 3 +#define LIBSSH2_PUBLICKEY_KEY_NOT_FOUND 4 +#define LIBSSH2_PUBLICKEY_KEY_NOT_SUPPORTED 5 +#define LIBSSH2_PUBLICKEY_KEY_ALREADY_PRESENT 6 +#define LIBSSH2_PUBLICKEY_GENERAL_FAILURE 7 +#define LIBSSH2_PUBLICKEY_REQUEST_NOT_SUPPORTED 8 + +#define LIBSSH2_PUBLICKEY_STATUS_CODE_MAX 8 + +static const LIBSSH2_PUBLICKEY_CODE_LIST libssh2_publickey_status_codes[] = { + {LIBSSH2_PUBLICKEY_SUCCESS, "success", sizeof("success") - 1} + , + {LIBSSH2_PUBLICKEY_ACCESS_DENIED, "access denied", + sizeof("access denied") - 1} + , + {LIBSSH2_PUBLICKEY_STORAGE_EXCEEDED, "storage exceeded", + sizeof("storage exceeded") - 1} + , + {LIBSSH2_PUBLICKEY_VERSION_NOT_SUPPORTED, "version not supported", + sizeof("version not supported") - 1} + , + {LIBSSH2_PUBLICKEY_KEY_NOT_FOUND, "key not found", + sizeof("key not found") - 1} + , + {LIBSSH2_PUBLICKEY_KEY_NOT_SUPPORTED, "key not supported", + sizeof("key not supported") - 1} + , + {LIBSSH2_PUBLICKEY_KEY_ALREADY_PRESENT, "key already present", + sizeof("key already present") - 1} + , + {LIBSSH2_PUBLICKEY_GENERAL_FAILURE, "general failure", + sizeof("general failure") - 1} + , + {LIBSSH2_PUBLICKEY_REQUEST_NOT_SUPPORTED, "request not supported", + sizeof("request not supported") - 1} + , + {0, NULL, 0} +}; + +/* {{{ libssh2_publickey_status_error + * Format an error message from a status code + */ +#define LIBSSH2_PUBLICKEY_STATUS_TEXT_START "Publickey Subsystem Error: \"" +#define LIBSSH2_PUBLICKEY_STATUS_TEXT_MID "\" Server Resports: \"" +#define LIBSSH2_PUBLICKEY_STATUS_TEXT_END "\"" +static void +libssh2_publickey_status_error(const LIBSSH2_PUBLICKEY * pkey, + LIBSSH2_SESSION * session, int status, + const unsigned char *message, int message_len) +{ + const char *status_text; + int status_text_len; + char *m, *s; + int m_len; + + /* GENERAL_FAILURE got remapped between version 1 and 2 */ + if (status == 6 && pkey && pkey->version == 1) { + status = 7; + } + + if (status < 0 || status > LIBSSH2_PUBLICKEY_STATUS_CODE_MAX) { + status_text = "unknown"; + status_text_len = sizeof("unknown") - 1; + } else { + status_text = libssh2_publickey_status_codes[status].name; + status_text_len = libssh2_publickey_status_codes[status].name_len; + } + + m_len = + (sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_START) - 1) + status_text_len + + (sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_MID) - 1) + message_len + + (sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_END) - 1); + m = LIBSSH2_ALLOC(session, m_len + 1); + if (!m) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for status message", 0); + return; + } + s = m; + memcpy(s, LIBSSH2_PUBLICKEY_STATUS_TEXT_START, + sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_START) - 1); + s += sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_START) - 1; + memcpy(s, status_text, status_text_len); + s += status_text_len; + memcpy(s, LIBSSH2_PUBLICKEY_STATUS_TEXT_MID, + sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_MID) - 1); + s += sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_MID) - 1; + memcpy(s, message, message_len); + s += message_len; + memcpy(s, LIBSSH2_PUBLICKEY_STATUS_TEXT_END, + sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_END) - 1); + s += sizeof(LIBSSH2_PUBLICKEY_STATUS_TEXT_END); + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, m, 1); +} + +/* }}} */ + +/* {{{ libssh2_publickey_packet_receive + * Read a packet from the subsystem + */ +static int +libssh2_publickey_packet_receive(LIBSSH2_PUBLICKEY * pkey, + unsigned char **data, unsigned long *data_len) +{ + LIBSSH2_CHANNEL *channel = pkey->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned char buffer[4]; + int rc; + + if (pkey->receive_state == libssh2_NB_state_idle) { + rc = libssh2_channel_read_ex(channel, 0, (char *) buffer, 4); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc != 4) { + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Invalid response from publickey subsystem", 0); + return -1; + } + + pkey->receive_packet_len = libssh2_ntohu32(buffer); + pkey->receive_packet = + LIBSSH2_ALLOC(session, pkey->receive_packet_len); + if (!pkey->receive_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate publickey response buffer", 0); + return -1; + } + + pkey->receive_state = libssh2_NB_state_sent; + } + + if (pkey->receive_state == libssh2_NB_state_sent) { + rc = libssh2_channel_read_ex(channel, 0, (char *) pkey->receive_packet, + pkey->receive_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc != (int)pkey->receive_packet_len) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for publickey subsystem response packet", + 0); + LIBSSH2_FREE(session, pkey->receive_packet); + pkey->receive_packet = NULL; + pkey->receive_state = libssh2_NB_state_idle; + return -1; + } + + *data = pkey->receive_packet; + *data_len = pkey->receive_packet_len; + } + + pkey->receive_state = libssh2_NB_state_idle; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_publickey_response_id + * Translate a string response name to a numeric code + * Data will be incremented by 4 + response_len on success only + */ +static int +libssh2_publickey_response_id(unsigned char **pdata, int data_len) +{ + unsigned long response_len; + unsigned char *data = *pdata; + const LIBSSH2_PUBLICKEY_CODE_LIST *codes = + libssh2_publickey_response_codes; + + if (data_len < 4) { + /* Malformed response */ + return -1; + } + response_len = libssh2_ntohu32(data); + data += 4; + data_len -= 4; + if (data_len < (int)response_len) { + /* Malformed response */ + return -1; + } + + while (codes->name) { + if ((unsigned long)codes->name_len == response_len && + strncmp(codes->name, (char *) data, response_len) == 0) { + *pdata = data + response_len; + return codes->code; + } + codes++; + } + + return -1; +} + +/* }}} */ + +/* {{{ libssh2_publickey_response_success + * Generic helper routine to wait for success response and nothing else + */ +static int +libssh2_publickey_response_success(LIBSSH2_PUBLICKEY * pkey) +{ + LIBSSH2_SESSION *session = pkey->channel->session; + unsigned char *data, *s; + unsigned long data_len; + int response; + int rc; + + while (1) { + rc = libssh2_publickey_packet_receive(pkey, &data, &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for response from publickey subsystem", + 0); + return -1; + } + + s = data; + if ((response = libssh2_publickey_response_id(&s, data_len)) < 0) { + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Invalid publickey subsystem response code", 0); + LIBSSH2_FREE(session, data); + return -1; + } + + switch (response) { + case LIBSSH2_PUBLICKEY_RESPONSE_STATUS: + /* Error, or processing complete */ + { + unsigned long status, descr_len, lang_len; + unsigned char *descr, *lang; + + status = libssh2_ntohu32(s); + s += 4; + descr_len = libssh2_ntohu32(s); + s += 4; + descr = s; + s += descr_len; + lang_len = libssh2_ntohu32(s); + s += 4; + lang = s; + s += lang_len; + + if (s > data + data_len) { + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Malformed publickey subsystem packet", 0); + LIBSSH2_FREE(session, data); + return -1; + } + + if (status == LIBSSH2_PUBLICKEY_SUCCESS) { + LIBSSH2_FREE(session, data); + return 0; + } + + libssh2_publickey_status_error(pkey, session, status, descr, + descr_len); + LIBSSH2_FREE(session, data); + return -1; + } + default: + /* Unknown/Unexpected */ + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Unexpected publickey subsystem response, ignoring", + 0); + LIBSSH2_FREE(session, data); + data = NULL; + } + } + /* never reached, but include `return` to silence compiler warnings */ + return -1; +} + +/* }}} */ + + +/* ***************** + * Publickey API * + ***************** */ + +/* {{{ libssh2_publickey_init + * Startup the publickey subsystem + */ +LIBSSH2_API LIBSSH2_PUBLICKEY * +libssh2_publickey_init(LIBSSH2_SESSION * session) +{ + /* 19 = packet_len(4) + version_len(4) + "version"(7) + version_num(4) */ + unsigned char buffer[19]; + unsigned char *s; + int response; + int rc; + + if (session->pkeyInit_state == libssh2_NB_state_idle) { + session->pkeyInit_data = NULL; + session->pkeyInit_pkey = NULL; + session->pkeyInit_channel = NULL; + + _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, + "Initializing publickey subsystem"); + + session->pkeyInit_state = libssh2_NB_state_allocated; + } + + if (session->pkeyInit_state == libssh2_NB_state_allocated) { + do { + session->pkeyInit_channel = + libssh2_channel_open_ex(session, "session", + sizeof("session") - 1, + LIBSSH2_CHANNEL_WINDOW_DEFAULT, + LIBSSH2_CHANNEL_PACKET_DEFAULT, NULL, + 0); + if (!session->pkeyInit_channel + && (libssh2_session_last_errno(session) == + LIBSSH2_ERROR_EAGAIN)) { + /* The error state is already set, so leave it */ + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block to startup channel", 0); + return NULL; + } else if (!session->pkeyInit_channel + && (libssh2_session_last_errno(session) != + LIBSSH2_ERROR_EAGAIN)) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, + "Unable to startup channel", 0); + goto err_exit; + } + } while (!session->pkeyInit_channel); + + session->pkeyInit_state = libssh2_NB_state_sent; + } + + if (session->pkeyInit_state == libssh2_NB_state_sent) { + rc = libssh2_channel_process_startup(session->pkeyInit_channel, + "subsystem", + sizeof("subsystem") - 1, + "publickey", strlen("publickey")); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block starting publickkey subsystem", 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, + "Unable to request publickey subsystem", 0); + goto err_exit; + } + + session->pkeyInit_state = libssh2_NB_state_sent1; + } + + if (session->pkeyInit_state == libssh2_NB_state_sent1) { + rc = libssh2_channel_handle_extended_data2(session->pkeyInit_channel, + LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block starting publickkey subsystem", 0); + return NULL; + } + + session->pkeyInit_pkey = + LIBSSH2_ALLOC(session, sizeof(LIBSSH2_PUBLICKEY)); + if (!session->pkeyInit_pkey) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate a new publickey structure", 0); + goto err_exit; + } + memset(session->pkeyInit_pkey, 0, sizeof(LIBSSH2_PUBLICKEY)); + session->pkeyInit_pkey->channel = session->pkeyInit_channel; + session->pkeyInit_pkey->version = 0; + + s = buffer; + libssh2_htonu32(s, 4 + (sizeof("version") - 1) + 4); + s += 4; + libssh2_htonu32(s, sizeof("version") - 1); + s += 4; + memcpy(s, "version", sizeof("version") - 1); + s += sizeof("version") - 1; + libssh2_htonu32(s, LIBSSH2_PUBLICKEY_VERSION); + s += 4; + + _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, + "Sending publickey version packet advertising version %d support", + (int) LIBSSH2_PUBLICKEY_VERSION); + + session->pkeyInit_state = libssh2_NB_state_sent2; + } + + if (session->pkeyInit_state == libssh2_NB_state_sent2) { + rc = libssh2_channel_write_ex(session->pkeyInit_channel, 0, + (char *) buffer, (s - buffer)); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending publickkey version packet", 0); + return NULL; + } else if ((s - buffer) != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send publickey version packet", 0); + goto err_exit; + } + + session->pkeyInit_state = libssh2_NB_state_sent3; + } + + if (session->pkeyInit_state == libssh2_NB_state_sent3) { + while (1) { + rc = libssh2_publickey_packet_receive(session->pkeyInit_pkey, + &session->pkeyInit_data, + &session->pkeyInit_data_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for response from publickey subsystem", + 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for response from publickey subsystem", + 0); + goto err_exit; + } + + s = session->pkeyInit_data; + if ((response = + libssh2_publickey_response_id(&s, + session->pkeyInit_data_len)) < + 0) { + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Invalid publickey subsystem response code", 0); + goto err_exit; + } + + switch (response) { + case LIBSSH2_PUBLICKEY_RESPONSE_STATUS: + /* Error */ + { + unsigned long status, descr_len, lang_len; + unsigned char *descr, *lang; + + status = libssh2_ntohu32(s); + s += 4; + descr_len = libssh2_ntohu32(s); + s += 4; + descr = s; + s += descr_len; + lang_len = libssh2_ntohu32(s); + s += 4; + lang = s; + s += lang_len; + + if (s > + session->pkeyInit_data + session->pkeyInit_data_len) { + libssh2_error(session, + LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Malformed publickey subsystem packet", + 0); + goto err_exit; + } + + libssh2_publickey_status_error(NULL, session, status, + descr, descr_len); + goto err_exit; + } + + case LIBSSH2_PUBLICKEY_RESPONSE_VERSION: + /* What we want */ + session->pkeyInit_pkey->version = libssh2_ntohu32(s); + if (session->pkeyInit_pkey->version > + LIBSSH2_PUBLICKEY_VERSION) { + _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, + "Truncating remote publickey version from %lu", + session->pkeyInit_pkey->version); + session->pkeyInit_pkey->version = + LIBSSH2_PUBLICKEY_VERSION; + } + _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, + "Enabling publickey subsystem version %lu", + session->pkeyInit_pkey->version); + LIBSSH2_FREE(session, session->pkeyInit_data); + session->pkeyInit_data = NULL; + session->pkeyInit_state = libssh2_NB_state_idle; + return session->pkeyInit_pkey; + + default: + /* Unknown/Unexpected */ + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Unexpected publickey subsystem response, ignoring", + 0); + LIBSSH2_FREE(session, session->pkeyInit_data); + session->pkeyInit_data = NULL; + } + } + } + + /* Never reached except by direct goto */ + err_exit: + session->pkeyInit_state = libssh2_NB_state_sent4; + if (session->pkeyInit_channel) { + rc = libssh2_channel_close(session->pkeyInit_channel); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block closing channel", 0); + return NULL; + } + } + if (session->pkeyInit_pkey) { + LIBSSH2_FREE(session, session->pkeyInit_pkey); + session->pkeyInit_pkey = NULL; + } + if (session->pkeyInit_data) { + LIBSSH2_FREE(session, session->pkeyInit_data); + session->pkeyInit_data = NULL; + } + session->pkeyInit_state = libssh2_NB_state_idle; + return NULL; +} + +/* }}} */ + +/* {{{ libssh2_publickey_add_ex + * Add a new public key entry + */ +LIBSSH2_API int +libssh2_publickey_add_ex(LIBSSH2_PUBLICKEY * pkey, const unsigned char *name, + unsigned long name_len, const unsigned char *blob, + unsigned long blob_len, char overwrite, + unsigned long num_attrs, + const libssh2_publickey_attribute attrs[]) +{ + LIBSSH2_CHANNEL *channel = pkey->channel; + LIBSSH2_SESSION *session = channel->session; + /* 19 = packet_len(4) + add_len(4) + "add"(3) + name_len(4) + {name} blob_len(4) + {blob} */ + unsigned long i, packet_len = 19 + name_len + blob_len; + unsigned char *comment = NULL; + unsigned long comment_len = 0; + int rc; + + if (pkey->add_state == libssh2_NB_state_idle) { + pkey->add_packet = NULL; + + _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, "Adding %s publickey", + name); + + if (pkey->version == 1) { + for(i = 0; i < num_attrs; i++) { + /* Search for a comment attribute */ + if (attrs[i].name_len == (sizeof("comment") - 1) && + strncmp(attrs[i].name, "comment", + sizeof("comment") - 1) == 0) { + comment = (unsigned char *) attrs[i].value; + comment_len = attrs[i].value_len; + break; + } + } + packet_len += 4 + comment_len; + } else { + packet_len += 5; /* overwrite(1) + attribute_count(4) */ + for(i = 0; i < num_attrs; i++) { + packet_len += 9 + attrs[i].name_len + attrs[i].value_len; + /* name_len(4) + value_len(4) + mandatory(1) */ + } + } + + pkey->add_packet = LIBSSH2_ALLOC(session, packet_len); + if (!pkey->add_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for publickey \"add\" packet", + 0); + return -1; + } + + pkey->add_s = pkey->add_packet; + libssh2_htonu32(pkey->add_s, packet_len - 4); + pkey->add_s += 4; + libssh2_htonu32(pkey->add_s, sizeof("add") - 1); + pkey->add_s += 4; + memcpy(pkey->add_s, "add", sizeof("add") - 1); + pkey->add_s += sizeof("add") - 1; + if (pkey->version == 1) { + libssh2_htonu32(pkey->add_s, comment_len); + pkey->add_s += 4; + if (comment) { + memcpy(pkey->add_s, comment, comment_len); + pkey->add_s += comment_len; + } + + libssh2_htonu32(pkey->add_s, name_len); + pkey->add_s += 4; + memcpy(pkey->add_s, name, name_len); + pkey->add_s += name_len; + libssh2_htonu32(pkey->add_s, blob_len); + pkey->add_s += 4; + memcpy(pkey->add_s, blob, blob_len); + pkey->add_s += blob_len; + } else { + /* Version == 2 */ + + libssh2_htonu32(pkey->add_s, name_len); + pkey->add_s += 4; + memcpy(pkey->add_s, name, name_len); + pkey->add_s += name_len; + libssh2_htonu32(pkey->add_s, blob_len); + pkey->add_s += 4; + memcpy(pkey->add_s, blob, blob_len); + pkey->add_s += blob_len; + *(pkey->add_s++) = overwrite ? 0x01 : 0; + libssh2_htonu32(pkey->add_s, num_attrs); + pkey->add_s += 4; + for(i = 0; i < num_attrs; i++) { + libssh2_htonu32(pkey->add_s, attrs[i].name_len); + pkey->add_s += 4; + memcpy(pkey->add_s, attrs[i].name, attrs[i].name_len); + pkey->add_s += attrs[i].name_len; + libssh2_htonu32(pkey->add_s, attrs[i].value_len); + pkey->add_s += 4; + memcpy(pkey->add_s, attrs[i].value, attrs[i].value_len); + pkey->add_s += attrs[i].value_len; + *(pkey->add_s++) = attrs[i].mandatory ? 0x01 : 0; + } + } + + _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, + "Sending publickey \"add\" packet: type=%s blob_len=%ld num_attrs=%ld", + name, blob_len, num_attrs); + + pkey->add_state = libssh2_NB_state_created; + } + + if (pkey->add_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) pkey->add_packet, + (pkey->add_s - pkey->add_packet)); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if ((pkey->add_s - pkey->add_packet) != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send publickey add packet", 0); + LIBSSH2_FREE(session, pkey->add_packet); + pkey->add_packet = NULL; + return -1; + } + LIBSSH2_FREE(session, pkey->add_packet); + pkey->add_packet = NULL; + + pkey->add_state = libssh2_NB_state_sent; + } + + rc = libssh2_publickey_response_success(pkey); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + pkey->add_state = libssh2_NB_state_idle; + + return rc; +} + +/* }}} */ + +/* {{{ libssh2_publickey_remove_ex + * Remove an existing publickey so that authentication can no longer be performed using it + */ +LIBSSH2_API int +libssh2_publickey_remove_ex(LIBSSH2_PUBLICKEY * pkey, + const unsigned char *name, unsigned long name_len, + const unsigned char *blob, unsigned long blob_len) +{ + LIBSSH2_CHANNEL *channel = pkey->channel; + LIBSSH2_SESSION *session = channel->session; + /* 22 = packet_len(4) + remove_len(4) + "remove"(6) + name_len(4) + {name} + blob_len(4) + {blob} */ + unsigned long packet_len = 22 + name_len + blob_len; + int rc; + + if (pkey->remove_state == libssh2_NB_state_idle) { + pkey->remove_packet = NULL; + + pkey->remove_packet = LIBSSH2_ALLOC(session, packet_len); + if (!pkey->remove_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for publickey \"remove\" packet", + 0); + return -1; + } + + pkey->remove_s = pkey->remove_packet; + libssh2_htonu32(pkey->remove_s, packet_len - 4); + pkey->remove_s += 4; + libssh2_htonu32(pkey->remove_s, sizeof("remove") - 1); + pkey->remove_s += 4; + memcpy(pkey->remove_s, "remove", sizeof("remove") - 1); + pkey->remove_s += sizeof("remove") - 1; + libssh2_htonu32(pkey->remove_s, name_len); + pkey->remove_s += 4; + memcpy(pkey->remove_s, name, name_len); + pkey->remove_s += name_len; + libssh2_htonu32(pkey->remove_s, blob_len); + pkey->remove_s += 4; + memcpy(pkey->remove_s, blob, blob_len); + pkey->remove_s += blob_len; + + _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, + "Sending publickey \"remove\" packet: type=%s blob_len=%ld", + name, blob_len); + + pkey->remove_state = libssh2_NB_state_created; + } + + if (pkey->remove_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) pkey->remove_packet, + (pkey->remove_s - pkey->remove_packet)); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if ((pkey->remove_s - pkey->remove_packet) != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send publickey remove packet", 0); + LIBSSH2_FREE(session, pkey->remove_packet); + pkey->remove_packet = NULL; + pkey->remove_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, pkey->remove_packet); + pkey->remove_packet = NULL; + + pkey->remove_state = libssh2_NB_state_sent; + } + + rc = libssh2_publickey_response_success(pkey); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + pkey->remove_state = libssh2_NB_state_idle; + + return rc; +} + +/* }}} */ + +/* {{{ libssh2_publickey_list_fetch + * Fetch a list of supported public key from a server + */ +LIBSSH2_API int +libssh2_publickey_list_fetch(LIBSSH2_PUBLICKEY * pkey, unsigned long *num_keys, + libssh2_publickey_list ** pkey_list) +{ + LIBSSH2_CHANNEL *channel = pkey->channel; + LIBSSH2_SESSION *session = channel->session; + libssh2_publickey_list *list = NULL; + unsigned long buffer_len = 12, keys = 0, max_keys = 0, i; + /* 12 = packet_len(4) + list_len(4) + "list"(4) */ + int response; + int rc; + + if (pkey->listFetch_state == libssh2_NB_state_idle) { + pkey->listFetch_data = NULL; + + pkey->listFetch_s = pkey->listFetch_buffer; + libssh2_htonu32(pkey->listFetch_s, buffer_len - 4); + pkey->listFetch_s += 4; + libssh2_htonu32(pkey->listFetch_s, sizeof("list") - 1); + pkey->listFetch_s += 4; + memcpy(pkey->listFetch_s, "list", sizeof("list") - 1); + pkey->listFetch_s += sizeof("list") - 1; + + _libssh2_debug(session, LIBSSH2_DBG_PUBLICKEY, + "Sending publickey \"list\" packet"); + + pkey->listFetch_state = libssh2_NB_state_created; + } + + if (pkey->listFetch_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, + (char *) pkey->listFetch_buffer, + (pkey->listFetch_s - + pkey->listFetch_buffer)); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if ((pkey->listFetch_s - pkey->listFetch_buffer) != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send publickey list packet", 0); + pkey->listFetch_state = libssh2_NB_state_idle; + return -1; + } + + pkey->listFetch_state = libssh2_NB_state_sent; + } + + while (1) { + rc = libssh2_publickey_packet_receive(pkey, &pkey->listFetch_data, + &pkey->listFetch_data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for response from publickey subsystem", + 0); + goto err_exit; + } + + pkey->listFetch_s = pkey->listFetch_data; + if ((response = + libssh2_publickey_response_id(&pkey->listFetch_s, + pkey->listFetch_data_len)) < 0) { + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Invalid publickey subsystem response code", 0); + goto err_exit; + } + + switch (response) { + case LIBSSH2_PUBLICKEY_RESPONSE_STATUS: + /* Error, or processing complete */ + { + unsigned long status, descr_len, lang_len; + unsigned char *descr, *lang; + + status = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + descr_len = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + descr = pkey->listFetch_s; + pkey->listFetch_s += descr_len; + lang_len = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + lang = pkey->listFetch_s; + pkey->listFetch_s += lang_len; + + if (pkey->listFetch_s > + pkey->listFetch_data + pkey->listFetch_data_len) { + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Malformed publickey subsystem packet", 0); + goto err_exit; + } + + if (status == LIBSSH2_PUBLICKEY_SUCCESS) { + LIBSSH2_FREE(session, pkey->listFetch_data); + pkey->listFetch_data = NULL; + *pkey_list = list; + *num_keys = keys; + pkey->listFetch_state = libssh2_NB_state_idle; + return 0; + } + + libssh2_publickey_status_error(pkey, session, status, descr, + descr_len); + goto err_exit; + } + case LIBSSH2_PUBLICKEY_RESPONSE_PUBLICKEY: + /* What we want */ + if (keys >= max_keys) { + libssh2_publickey_list *newlist; + /* Grow the key list if necessary */ + max_keys += 8; + newlist = + LIBSSH2_REALLOC(session, list, + (max_keys + + 1) * sizeof(libssh2_publickey_list)); + if (!newlist) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for publickey list", + 0); + goto err_exit; + } + list = newlist; + } + if (pkey->version == 1) { + unsigned long comment_len; + + comment_len = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + if (comment_len) { + list[keys].num_attrs = 1; + list[keys].attrs = + LIBSSH2_ALLOC(session, + sizeof(libssh2_publickey_attribute)); + if (!list[keys].attrs) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for publickey attributes", + 0); + goto err_exit; + } + list[keys].attrs[0].name = "comment"; + list[keys].attrs[0].name_len = sizeof("comment") - 1; + list[keys].attrs[0].value = (char *) pkey->listFetch_s; + list[keys].attrs[0].value_len = comment_len; + list[keys].attrs[0].mandatory = 0; + + pkey->listFetch_s += comment_len; + } else { + list[keys].num_attrs = 0; + list[keys].attrs = NULL; + } + list[keys].name_len = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + list[keys].name = pkey->listFetch_s; + pkey->listFetch_s += list[keys].name_len; + list[keys].blob_len = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + list[keys].blob = pkey->listFetch_s; + pkey->listFetch_s += list[keys].blob_len; + } else { + /* Version == 2 */ + list[keys].name_len = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + list[keys].name = pkey->listFetch_s; + pkey->listFetch_s += list[keys].name_len; + list[keys].blob_len = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + list[keys].blob = pkey->listFetch_s; + pkey->listFetch_s += list[keys].blob_len; + list[keys].num_attrs = libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + if (list[keys].num_attrs) { + list[keys].attrs = + LIBSSH2_ALLOC(session, + list[keys].num_attrs * + sizeof(libssh2_publickey_attribute)); + if (!list[keys].attrs) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for publickey attributes", + 0); + goto err_exit; + } + for(i = 0; i < list[keys].num_attrs; i++) { + list[keys].attrs[i].name_len = + libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + list[keys].attrs[i].name = (char *) pkey->listFetch_s; + pkey->listFetch_s += list[keys].attrs[i].name_len; + list[keys].attrs[i].value_len = + libssh2_ntohu32(pkey->listFetch_s); + pkey->listFetch_s += 4; + list[keys].attrs[i].value = (char *) pkey->listFetch_s; + pkey->listFetch_s += list[keys].attrs[i].value_len; + list[keys].attrs[i].mandatory = 0; /* actually an ignored value */ + } + } else { + list[keys].attrs = NULL; + } + } + list[keys].packet = pkey->listFetch_data; /* To be FREEd in libssh2_publickey_list_free() */ + keys++; + + list[keys].packet = NULL; /* Terminate the list */ + pkey->listFetch_data = NULL; + break; + default: + /* Unknown/Unexpected */ + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_PROTOCOL, + "Unexpected publickey subsystem response, ignoring", + 0); + LIBSSH2_FREE(session, pkey->listFetch_data); + pkey->listFetch_data = NULL; + } + } + + /* Only reached via explicit goto */ + err_exit: + if (pkey->listFetch_data) { + LIBSSH2_FREE(session, pkey->listFetch_data); + pkey->listFetch_data = NULL; + } + if (list) { + libssh2_publickey_list_free(pkey, list); + } + pkey->listFetch_state = libssh2_NB_state_idle; + return -1; +} + +/* }}} */ + +/* {{{ libssh2_publickey_list_free + * Free a previously fetched list of public keys + */ +LIBSSH2_API void +libssh2_publickey_list_free(LIBSSH2_PUBLICKEY * pkey, + libssh2_publickey_list * pkey_list) +{ + LIBSSH2_SESSION *session = pkey->channel->session; + libssh2_publickey_list *p = pkey_list; + + while (p->packet) { + if (p->attrs) { + LIBSSH2_FREE(session, p->attrs); + } + LIBSSH2_FREE(session, p->packet); + p++; + } + + LIBSSH2_FREE(session, pkey_list); +} + +/* }}} */ + +/* {{{ libssh2_publickey_shutdown + * Shutdown the publickey subsystem + */ +LIBSSH2_API int +libssh2_publickey_shutdown(LIBSSH2_PUBLICKEY * pkey) +{ + LIBSSH2_SESSION *session = pkey->channel->session; + + /* + * Make sure all memory used in the state variables are free + */ + if (pkey->receive_packet) { + LIBSSH2_FREE(session, pkey->receive_packet); + pkey->receive_packet = NULL; + } + if (pkey->add_packet) { + LIBSSH2_FREE(session, pkey->add_packet); + pkey->add_packet = NULL; + } + if (pkey->remove_packet) { + LIBSSH2_FREE(session, pkey->remove_packet); + pkey->remove_packet = NULL; + } + if (pkey->listFetch_data) { + LIBSSH2_FREE(session, pkey->listFetch_data); + pkey->listFetch_data = NULL; + } + + if (libssh2_channel_free(pkey->channel) == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + LIBSSH2_FREE(session, pkey); + return 0; +} + +/* }}} */ diff --git a/Vendor/libssh2/Source/scp.c b/Vendor/libssh2/Source/scp.c new file mode 100644 index 0000000..28eef5d --- /dev/null +++ b/Vendor/libssh2/Source/scp.c @@ -0,0 +1,811 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#include +#include + +/* {{{ libssh2_scp_recv + * Open a channel and request a remote file via SCP + * + * NOTE: Will block in a busy loop on error. This has to be done, + * otherwise the blocking error code would erase the true + * cause of the error. + */ +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_scp_recv(LIBSSH2_SESSION * session, const char *path, struct stat * sb) +{ + int path_len = strlen(path); + int rc; + + if (session->scpRecv_state == libssh2_NB_state_idle) { + session->scpRecv_mode = 0; + session->scpRecv_size = 0; + session->scpRecv_mtime = 0; + session->scpRecv_atime = 0; + + session->scpRecv_command_len = path_len + sizeof("scp -f "); + + if (sb) { + session->scpRecv_command_len++; + } + + session->scpRecv_command = + LIBSSH2_ALLOC(session, session->scpRecv_command_len); + if (!session->scpRecv_command) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate a command buffer for SCP session", + 0); + return NULL; + } + if (sb) { + memcpy(session->scpRecv_command, "scp -pf ", + sizeof("scp -pf ") - 1); + memcpy(session->scpRecv_command + sizeof("scp -pf ") - 1, path, + path_len); + } else { + memcpy(session->scpRecv_command, "scp -f ", sizeof("scp -f ") - 1); + memcpy(session->scpRecv_command + sizeof("scp -f ") - 1, path, + path_len); + } + session->scpRecv_command[session->scpRecv_command_len - 1] = '\0'; + + _libssh2_debug(session, LIBSSH2_DBG_SCP, + "Opening channel for SCP receive"); + + session->scpRecv_state = libssh2_NB_state_created; + } + + if (session->scpRecv_state == libssh2_NB_state_created) { + /* Allocate a channel */ + do { + session->scpRecv_channel = + libssh2_channel_open_ex(session, "session", + sizeof("session") - 1, + LIBSSH2_CHANNEL_WINDOW_DEFAULT, + LIBSSH2_CHANNEL_PACKET_DEFAULT, NULL, + 0); + if (!session->scpRecv_channel) { + if (libssh2_session_last_errno(session) != + LIBSSH2_ERROR_EAGAIN) { + LIBSSH2_FREE(session, session->scpRecv_command); + session->scpRecv_command = NULL; + session->scpRecv_state = libssh2_NB_state_idle; + return NULL; + } else if (libssh2_session_last_errno(session) == + LIBSSH2_ERROR_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block starting up channel", 0); + return NULL; + } + } + } while (!session->scpRecv_channel); + + session->scpRecv_state = libssh2_NB_state_sent; + } + + if (session->scpRecv_state == libssh2_NB_state_sent) { + /* Request SCP for the desired file */ + rc = libssh2_channel_process_startup(session->scpRecv_channel, "exec", + sizeof("exec") - 1, + (char *) session->scpRecv_command, + session->scpRecv_command_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block requesting SCP startup", 0); + return NULL; + } else if (rc) { + LIBSSH2_FREE(session, session->scpRecv_command); + session->scpRecv_command = NULL; + goto scp_recv_error; + } + LIBSSH2_FREE(session, session->scpRecv_command); + session->scpRecv_command = NULL; + + _libssh2_debug(session, LIBSSH2_DBG_SCP, "Sending initial wakeup"); + /* SCP ACK */ + session->scpRecv_response[0] = '\0'; + + session->scpRecv_state = libssh2_NB_state_sent1; + } + + if (session->scpRecv_state == libssh2_NB_state_sent1) { + rc = libssh2_channel_write_ex(session->scpRecv_channel, 0, + (char *) session->scpRecv_response, 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending initial wakeup", 0); + return NULL; + } else if (rc != 1) { + goto scp_recv_error; + } + + /* Parse SCP response */ + session->scpRecv_response_len = 0; + + session->scpRecv_state = libssh2_NB_state_sent2; + } + + if ((session->scpRecv_state == libssh2_NB_state_sent2) + || (session->scpRecv_state == libssh2_NB_state_sent3)) { + while (sb + && (session->scpRecv_response_len < + LIBSSH2_SCP_RESPONSE_BUFLEN)) { + unsigned char *s, *p; + + if (session->scpRecv_state == libssh2_NB_state_sent2) { + rc = libssh2_channel_read_ex(session->scpRecv_channel, 0, + (char *) session-> + scpRecv_response + + session->scpRecv_response_len, 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for SCP response", 0); + return NULL; + } else if (rc <= 0) { + /* Timeout, give up */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Timed out waiting for SCP response", 0); + goto scp_recv_error; + } + session->scpRecv_response_len++; + + if (session->scpRecv_response[0] != 'T') { + /* + * Set this as the default error for here, if + * we are successful it will be replaced + */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid data in SCP response, missing Time data", + 0); + + session->scpRecv_err_len = + libssh2_channel_packet_data_len(session-> + scpRecv_channel, 0); + session->scpRecv_err_msg = + LIBSSH2_ALLOC(session, session->scpRecv_err_len + 1); + if (!session->scpRecv_err_msg) { + goto scp_recv_error; + } + memset(session->scpRecv_err_msg, 0, + session->scpRecv_err_len + 1); + + /* Read the remote error message */ + rc = libssh2_channel_read_ex(session->scpRecv_channel, 0, + session->scpRecv_err_msg, + session->scpRecv_err_len); + if (rc <= 0) { + /* + * Since we have alread started reading this packet, it is + * already in the systems so it can't return PACKET_EAGAIN + */ + LIBSSH2_FREE(session, session->scpRecv_err_msg); + session->scpRecv_err_msg = NULL; + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Unknown error while getting error string", + 0); + goto scp_recv_error; + } + + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + session->scpRecv_err_msg, 1); + session->scpRecv_err_msg = NULL; + goto scp_recv_error; + } + + if ((session->scpRecv_response_len > 1) && + ((session-> + scpRecv_response[session->scpRecv_response_len - 1] < + '0') + || (session-> + scpRecv_response[session->scpRecv_response_len - 1] > + '9')) + && (session-> + scpRecv_response[session->scpRecv_response_len - 1] != + ' ') + && (session-> + scpRecv_response[session->scpRecv_response_len - 1] != + '\r') + && (session-> + scpRecv_response[session->scpRecv_response_len - 1] != + '\n')) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid data in SCP response", 0); + goto scp_recv_error; + } + + if ((session->scpRecv_response_len < 9) + || (session-> + scpRecv_response[session->scpRecv_response_len - 1] != + '\n')) { + if (session->scpRecv_response_len == + LIBSSH2_SCP_RESPONSE_BUFLEN) { + /* You had your chance */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Unterminated response from SCP server", + 0); + goto scp_recv_error; + } + /* Way too short to be an SCP response, or not done yet, short circuit */ + continue; + } + + /* We're guaranteed not to go under response_len == 0 by the logic above */ + while ((session-> + scpRecv_response[session->scpRecv_response_len - 1] == + '\r') + || (session-> + scpRecv_response[session->scpRecv_response_len - + 1] == '\n')) + session->scpRecv_response_len--; + session->scpRecv_response[session->scpRecv_response_len] = + '\0'; + + if (session->scpRecv_response_len < 8) { + /* EOL came too soon */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, too short", + 0); + goto scp_recv_error; + } + + s = session->scpRecv_response + 1; + + p = (unsigned char *) strchr((char *) s, ' '); + if (!p || ((p - s) <= 0)) { + /* No spaces or space in the wrong spot */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, malformed mtime", + 0); + goto scp_recv_error; + } + + *(p++) = '\0'; + /* Make sure we don't get fooled by leftover values */ + errno = 0; + session->scpRecv_mtime = strtol((char *) s, NULL, 10); + if (errno) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, invalid mtime", + 0); + goto scp_recv_error; + } + s = (unsigned char *) strchr((char *) p, ' '); + if (!s || ((s - p) <= 0)) { + /* No spaces or space in the wrong spot */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, malformed mtime.usec", + 0); + goto scp_recv_error; + } + + /* Ignore mtime.usec */ + s++; + p = (unsigned char *) strchr((char *) s, ' '); + if (!p || ((p - s) <= 0)) { + /* No spaces or space in the wrong spot */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, too short or malformed", + 0); + goto scp_recv_error; + } + + *(p++) = '\0'; + /* Make sure we don't get fooled by leftover values */ + errno = 0; + session->scpRecv_atime = strtol((char *) s, NULL, 10); + if (errno) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, invalid atime", + 0); + goto scp_recv_error; + } + + /* SCP ACK */ + session->scpRecv_response[0] = '\0'; + + session->scpRecv_state = libssh2_NB_state_sent3; + } + + if (session->scpRecv_state == libssh2_NB_state_sent3) { + rc = libssh2_channel_write_ex(session->scpRecv_channel, 0, + (char *) session-> + scpRecv_response, 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting to send SCP ACK", 0); + return NULL; + } else if (rc != 1) { + goto scp_recv_error; + } + + _libssh2_debug(session, LIBSSH2_DBG_SCP, + "mtime = %ld, atime = %ld", + session->scpRecv_mtime, session->scpRecv_atime); + + /* We *should* check that atime.usec is valid, but why let that stop use? */ + break; + } + } + + session->scpRecv_state = libssh2_NB_state_sent4; + } + + if (session->scpRecv_state == libssh2_NB_state_sent4) { + session->scpRecv_response_len = 0; + + session->scpRecv_state = libssh2_NB_state_sent5; + } + + if ((session->scpRecv_state == libssh2_NB_state_sent5) + || (session->scpRecv_state == libssh2_NB_state_sent6)) { + while (session->scpRecv_response_len < LIBSSH2_SCP_RESPONSE_BUFLEN) { + char *s, *p, *e = NULL; + + if (session->scpRecv_state == libssh2_NB_state_sent5) { + rc = libssh2_channel_read_ex(session->scpRecv_channel, 0, + (char *) session-> + scpRecv_response + + session->scpRecv_response_len, 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for SCP response", 0); + return NULL; + } else if (rc <= 0) { + /* Timeout, give up */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Timed out waiting for SCP response", 0); + goto scp_recv_error; + } + session->scpRecv_response_len++; + + if (session->scpRecv_response[0] != 'C') { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server", 0); + goto scp_recv_error; + } + + if ((session->scpRecv_response_len > 1) && + (session-> + scpRecv_response[session->scpRecv_response_len - 1] != + '\r') + && (session-> + scpRecv_response[session->scpRecv_response_len - 1] != + '\n') + && + ((session-> + scpRecv_response[session->scpRecv_response_len - 1] < 32) + || (session-> + scpRecv_response[session->scpRecv_response_len - 1] > + 126))) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid data in SCP response", 0); + goto scp_recv_error; + } + + if ((session->scpRecv_response_len < 7) + || (session-> + scpRecv_response[session->scpRecv_response_len - 1] != + '\n')) { + if (session->scpRecv_response_len == + LIBSSH2_SCP_RESPONSE_BUFLEN) { + /* You had your chance */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Unterminated response from SCP server", + 0); + goto scp_recv_error; + } + /* Way too short to be an SCP response, or not done yet, short circuit */ + continue; + } + + /* We're guaranteed not to go under response_len == 0 by the logic above */ + while ((session-> + scpRecv_response[session->scpRecv_response_len - 1] == + '\r') + || (session-> + scpRecv_response[session->scpRecv_response_len - + 1] == '\n')) { + session->scpRecv_response_len--; + } + session->scpRecv_response[session->scpRecv_response_len] = + '\0'; + + if (session->scpRecv_response_len < 6) { + /* EOL came too soon */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, too short", + 0); + goto scp_recv_error; + } + + s = (char *) session->scpRecv_response + 1; + + p = strchr(s, ' '); + if (!p || ((p - s) <= 0)) { + /* No spaces or space in the wrong spot */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, malformed mode", + 0); + goto scp_recv_error; + } + + *(p++) = '\0'; + /* Make sure we don't get fooled by leftover values */ + errno = 0; + session->scpRecv_mode = strtol(s, &e, 8); + if ((e && *e) || errno) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, invalid mode", + 0); + goto scp_recv_error; + } + + s = strchr(p, ' '); + if (!s || ((s - p) <= 0)) { + /* No spaces or space in the wrong spot */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, too short or malformed", + 0); + goto scp_recv_error; + } + + *(s++) = '\0'; + /* Make sure we don't get fooled by leftover values */ + errno = 0; + session->scpRecv_size = strtol(p, &e, 10); + if ((e && *e) || errno) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid response from SCP server, invalid size", + 0); + goto scp_recv_error; + } + + /* SCP ACK */ + session->scpRecv_response[0] = '\0'; + + session->scpRecv_state = libssh2_NB_state_sent6; + } + + if (session->scpRecv_state == libssh2_NB_state_sent6) { + rc = libssh2_channel_write_ex(session->scpRecv_channel, 0, + (char *) session-> + scpRecv_response, 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending SCP ACK", 0); + return NULL; + } else if (rc != 1) { + goto scp_recv_error; + } + _libssh2_debug(session, LIBSSH2_DBG_SCP, + "mode = 0%lo size = %ld", session->scpRecv_mode, + session->scpRecv_size); + + /* We *should* check that basename is valid, but why let that stop us? */ + break; + } + } + + session->scpRecv_state = libssh2_NB_state_sent7; + } + + if (sb) { + memset(sb, 0, sizeof(struct stat)); + + sb->st_mtime = session->scpRecv_mtime; + sb->st_atime = session->scpRecv_atime; + sb->st_size = session->scpRecv_size; + sb->st_mode = session->scpRecv_mode; + } + + session->scpRecv_state = libssh2_NB_state_idle; + return session->scpRecv_channel; + + scp_recv_error: + while (libssh2_channel_free(session->scpRecv_channel) == PACKET_EAGAIN); + session->scpRecv_channel = NULL; + session->scpRecv_state = libssh2_NB_state_idle; + return NULL; +} + +/* }}} */ + +/* {{{ libssh2_scp_send_ex + * Send a file using SCP + * + * NOTE: Will block in a busy loop on error. This has to be done, + * otherwise the blocking error code would erase the true + * cause of the error. + */ +LIBSSH2_API LIBSSH2_CHANNEL * +libssh2_scp_send_ex(LIBSSH2_SESSION * session, const char *path, int mode, + size_t size, long mtime, long atime) +{ + int path_len = strlen(path); + unsigned const char *base; + int rc; + + if (session->scpSend_state == libssh2_NB_state_idle) { + session->scpSend_command_len = path_len + sizeof("scp -t "); + + if (mtime || atime) { + session->scpSend_command_len++; + } + + session->scpSend_command = + LIBSSH2_ALLOC(session, session->scpSend_command_len); + if (!session->scpSend_command) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate a command buffer for scp session", + 0); + return NULL; + } + + if (mtime || atime) { + memcpy(session->scpSend_command, "scp -pt ", + sizeof("scp -pt ") - 1); + memcpy(session->scpSend_command + sizeof("scp -pt ") - 1, path, + path_len); + } else { + memcpy(session->scpSend_command, "scp -t ", sizeof("scp -t ") - 1); + memcpy(session->scpSend_command + sizeof("scp -t ") - 1, path, + path_len); + } + session->scpSend_command[session->scpSend_command_len - 1] = '\0'; + + _libssh2_debug(session, LIBSSH2_DBG_SCP, + "Opening channel for SCP send"); + /* Allocate a channel */ + + session->scpSend_state = libssh2_NB_state_created; + } + + if (session->scpSend_state == libssh2_NB_state_created) { + session->scpSend_channel = + libssh2_channel_open_ex(session, "session", sizeof("session") - 1, + LIBSSH2_CHANNEL_WINDOW_DEFAULT, + LIBSSH2_CHANNEL_PACKET_DEFAULT, NULL, 0); + if (!session->scpSend_channel) { + if (libssh2_session_last_errno(session) != LIBSSH2_ERROR_EAGAIN) { + /* previous call set libssh2_session_last_error(), pass it through */ + LIBSSH2_FREE(session, session->scpSend_command); + session->scpSend_command = NULL; + session->scpSend_state = libssh2_NB_state_idle; + return NULL; + } else if (libssh2_session_last_errno(session) == + LIBSSH2_ERROR_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block starting up channel", 0); + return NULL; + } + } + + session->scpSend_state = libssh2_NB_state_sent; + } + + if (session->scpSend_state == libssh2_NB_state_sent) { + /* Request SCP for the desired file */ + rc = libssh2_channel_process_startup(session->scpSend_channel, "exec", + sizeof("exec") - 1, + (char *) session->scpSend_command, + session->scpSend_command_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block requesting SCP startup", 0); + return NULL; + } else if (rc) { + /* previous call set libssh2_session_last_error(), pass it through */ + LIBSSH2_FREE(session, session->scpSend_command); + session->scpSend_command = NULL; + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Unknown error while getting error string", 0); + goto scp_send_error; + } + LIBSSH2_FREE(session, session->scpSend_command); + session->scpSend_command = NULL; + + session->scpSend_state = libssh2_NB_state_sent1; + } + + if (session->scpSend_state == libssh2_NB_state_sent1) { + /* Wait for ACK */ + rc = libssh2_channel_read_ex(session->scpSend_channel, 0, + (char *) session->scpSend_response, 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for response from remote", 0); + return NULL; + } else if ((rc <= 0) || (session->scpSend_response[0] != 0)) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid ACK response from remote", 0); + goto scp_send_error; + } + + if (mtime || atime) { + /* Send mtime and atime to be used for file */ + session->scpSend_response_len = + snprintf((char *) session->scpSend_response, + LIBSSH2_SCP_RESPONSE_BUFLEN, "T%ld 0 %ld 0\n", mtime, + atime); + _libssh2_debug(session, LIBSSH2_DBG_SCP, "Sent %s", + session->scpSend_response); + } + + session->scpSend_state = libssh2_NB_state_sent2; + } + + /* Send mtime and atime to be used for file */ + if (mtime || atime) { + if (session->scpSend_state == libssh2_NB_state_sent2) { + rc = libssh2_channel_write_ex(session->scpSend_channel, 0, + (char *) session->scpSend_response, + session->scpSend_response_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending time data for SCP file", 0); + return NULL; + } else if (rc != session->scpSend_response_len) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send time data for SCP file", 0); + goto scp_send_error; + } + + session->scpSend_state = libssh2_NB_state_sent3; + } + + if (session->scpSend_state == libssh2_NB_state_sent3) { + /* Wait for ACK */ + rc = libssh2_channel_read_ex(session->scpSend_channel, 0, + (char *) session->scpSend_response, + 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for response", 0); + return NULL; + } else if ((rc <= 0) || (session->scpSend_response[0] != 0)) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid ACK response from remote", 0); + goto scp_send_error; + } + + session->scpSend_state = libssh2_NB_state_sent4; + } + } else { + if (session->scpSend_state == libssh2_NB_state_sent2) { + session->scpSend_state = libssh2_NB_state_sent4; + } + } + + if (session->scpSend_state == libssh2_NB_state_sent4) { + /* Send mode, size, and basename */ + base = (unsigned char *) strrchr(path, '/'); + if (base) { + base++; + } else { + base = (unsigned char *) path; + } + + session->scpSend_response_len = + snprintf((char *) session->scpSend_response, + LIBSSH2_SCP_RESPONSE_BUFLEN, "C0%o %lu %s\n", mode, + (unsigned long) size, base); + _libssh2_debug(session, LIBSSH2_DBG_SCP, "Sent %s", + session->scpSend_response); + + session->scpSend_state = libssh2_NB_state_sent5; + } + + if (session->scpSend_state == libssh2_NB_state_sent5) { + rc = libssh2_channel_write_ex(session->scpSend_channel, 0, + (char *) session->scpSend_response, + session->scpSend_response_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block send core file data for SCP file", 0); + return NULL; + } else if (rc != session->scpSend_response_len) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send core file data for SCP file", 0); + goto scp_send_error; + } + + session->scpSend_state = libssh2_NB_state_sent6; + } + + if (session->scpSend_state == libssh2_NB_state_sent6) { + /* Wait for ACK */ + rc = libssh2_channel_read_ex(session->scpSend_channel, 0, + (char *) session->scpSend_response, 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for response", 0); + return NULL; + } else if (rc <= 0) { + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid ACK response from remote", 0); + goto scp_send_error; + } else if (session->scpSend_response[0] != 0) { + /* + * Set this as the default error for here, if + * we are successful it will be replaced + */ + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + "Invalid ACK response from remote", 0); + + session->scpSend_err_len = + libssh2_channel_packet_data_len(session->scpSend_channel, 0); + session->scpSend_err_msg = + LIBSSH2_ALLOC(session, session->scpSend_err_len + 1); + if (!session->scpSend_err_msg) { + goto scp_send_error; + } + memset(session->scpSend_err_msg, 0, session->scpSend_err_len + 1); + + /* Read the remote error message */ + rc = libssh2_channel_read_ex(session->scpSend_channel, 0, + session->scpSend_err_msg, + session->scpSend_err_len); + if (rc <= 0) { + /* + * Since we have alread started reading this packet, it is + * already in the systems so it can't return PACKET_EAGAIN + */ + LIBSSH2_FREE(session, session->scpSend_err_msg); + session->scpSend_err_msg = NULL; + goto scp_send_error; + } + + libssh2_error(session, LIBSSH2_ERROR_SCP_PROTOCOL, + session->scpSend_err_msg, 1); + session->scpSend_err_msg = NULL; + goto scp_send_error; + } + } + + session->scpSend_state = libssh2_NB_state_idle; + + return session->scpSend_channel; + + scp_send_error: + while (libssh2_channel_free(session->scpSend_channel) == PACKET_EAGAIN); + session->scpSend_channel = NULL; + session->scpSend_state = libssh2_NB_state_idle; + return NULL; +} + +/* }}} */ diff --git a/Vendor/libssh2/Source/session.c b/Vendor/libssh2/Source/session.c new file mode 100644 index 0000000..3d33b63 --- /dev/null +++ b/Vendor/libssh2/Source/session.c @@ -0,0 +1,1535 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#include +#ifdef HAVE_UNISTD_H +#include +#endif +#include +#include + +#ifdef HAVE_GETTIMEOFDAY +#include +#endif +#ifdef HAVE_ALLOCA_H +#include +#endif + +/* {{{ libssh2_default_alloc + */ +static +LIBSSH2_ALLOC_FUNC(libssh2_default_alloc) +{ + (void) abstract; + return malloc(count); +} + +/* }}} */ + +/* {{{ libssh2_default_free + */ +static +LIBSSH2_FREE_FUNC(libssh2_default_free) +{ + (void) abstract; + free(ptr); +} + +/* }}} */ + +/* {{{ libssh2_default_realloc + */ +static +LIBSSH2_REALLOC_FUNC(libssh2_default_realloc) +{ + (void) abstract; + return realloc(ptr, count); +} + +/* }}} */ + +/* {{{ libssh2_banner_receive + * Wait for a hello from the remote host + * Allocate a buffer and store the banner in session->remote.banner + * Returns: 0 on success, PACKET_EAGAIN if read would block, 1 on failure + */ +static int +libssh2_banner_receive(LIBSSH2_SESSION * session) +{ + int ret; + int banner_len; + + if (session->banner_TxRx_state == libssh2_NB_state_idle) { + banner_len = 0; + + session->banner_TxRx_state = libssh2_NB_state_created; + } else { + banner_len = session->banner_TxRx_total_send; + } + + while ((banner_len < (int) sizeof(session->banner_TxRx_banner)) && + ((banner_len == 0) + || (session->banner_TxRx_banner[banner_len - 1] != '\n'))) { + char c = '\0'; + + ret = + recv(session->socket_fd, &c, 1, + LIBSSH2_SOCKET_RECV_FLAGS(session)); + + if (ret < 0) { +#ifdef WIN32 + switch (WSAGetLastError()) { + case WSAEWOULDBLOCK: + errno = EAGAIN; + break; + + case WSAENOTSOCK: + errno = EBADF; + break; + + case WSAENOTCONN: + case WSAECONNABORTED: + errno = WSAENOTCONN; + break; + + case WSAEINTR: + errno = EINTR; + break; + } +#endif /* WIN32 */ + if (errno == EAGAIN) { + session->banner_TxRx_total_send = banner_len; + return PACKET_EAGAIN; + } + + /* Some kinda error */ + session->banner_TxRx_state = libssh2_NB_state_idle; + session->banner_TxRx_total_send = 0; + return 1; + } + + if (ret == 0) { + session->socket_state = LIBSSH2_SOCKET_DISCONNECTED; + return PACKET_FAIL; + } + + if (c == '\0') { + /* NULLs are not allowed in SSH banners */ + session->banner_TxRx_state = libssh2_NB_state_idle; + session->banner_TxRx_total_send = 0; + return 1; + } + + session->banner_TxRx_banner[banner_len++] = c; + } + + while (banner_len && + ((session->banner_TxRx_banner[banner_len - 1] == '\n') || + (session->banner_TxRx_banner[banner_len - 1] == '\r'))) { + banner_len--; + } + + /* From this point on, we are done here */ + session->banner_TxRx_state = libssh2_NB_state_idle; + session->banner_TxRx_total_send = 0; + + if (!banner_len) + return 1; + + session->remote.banner = LIBSSH2_ALLOC(session, banner_len + 1); + if (!session->remote.banner) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Error allocating space for remote banner", 0); + return 1; + } + memcpy(session->remote.banner, session->banner_TxRx_banner, banner_len); + session->remote.banner[banner_len] = '\0'; + _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Received Banner: %s", + session->remote.banner); + return 0; +} + +/* }}} */ + +/* {{{ libssh2_banner_send + * Send the default banner, or the one set via libssh2_setopt_string + * + * Returns PACKET_EAGAIN if it would block - and if it does so, you should + * call this function again as soon as it is likely that more data can be + * sent, and this function should then be called with the same argument set + * (same data pointer and same data_len) until zero or failure is returned. + */ +static int +libssh2_banner_send(LIBSSH2_SESSION * session) +{ + char *banner = (char *) LIBSSH2_SSH_DEFAULT_BANNER_WITH_CRLF; + int banner_len = sizeof(LIBSSH2_SSH_DEFAULT_BANNER_WITH_CRLF) - 1; + ssize_t ret; +#ifdef LIBSSH2DEBUG + char banner_dup[256]; +#endif + + if (session->banner_TxRx_state == libssh2_NB_state_idle) { + if (session->local.banner) { + /* setopt_string will have given us our \r\n characters */ + banner_len = strlen((char *) session->local.banner); + banner = (char *) session->local.banner; + } +#ifdef LIBSSH2DEBUG + /* Hack and slash to avoid sending CRLF in debug output */ + if (banner_len < 256) { + memcpy(banner_dup, banner, banner_len - 2); + banner_dup[banner_len - 2] = '\0'; + } else { + memcpy(banner_dup, banner, 255); + banner[255] = '\0'; + } + + _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Sending Banner: %s", + banner_dup); +#endif + + session->banner_TxRx_state = libssh2_NB_state_created; + } + + ret = + send(session->socket_fd, banner + session->banner_TxRx_total_send, + banner_len - session->banner_TxRx_total_send, + LIBSSH2_SOCKET_SEND_FLAGS(session)); + + if (ret != (banner_len - session->banner_TxRx_total_send)) { + if ((ret > 0) || ((ret == -1) && (errno == EAGAIN))) { + /* the whole packet could not be sent, save the what was */ + session->banner_TxRx_total_send += ret; + return PACKET_EAGAIN; + } + session->banner_TxRx_state = libssh2_NB_state_idle; + session->banner_TxRx_total_send = 0; + return PACKET_FAIL; + } + + /* Set the state back to idle */ + session->banner_TxRx_state = libssh2_NB_state_idle; + session->banner_TxRx_total_send = 0; + + return 0; +} + +/* }}} */ + +/* + * _libssh2_nonblock() sets the given socket to either blocking or + * non-blocking mode based on the 'nonblock' boolean argument. This function + * is copied from the libcurl sources with permission. + */ +static int +_libssh2_nonblock(int sockfd, /* operate on this */ + int nonblock /* TRUE or FALSE */ ) +{ +#undef SETBLOCK +#define SETBLOCK 0 +#ifdef HAVE_O_NONBLOCK + /* most recent unix versions */ + int flags; + + flags = fcntl(sockfd, F_GETFL, 0); + if (nonblock) + return fcntl(sockfd, F_SETFL, flags | O_NONBLOCK); + else + return fcntl(sockfd, F_SETFL, flags & (~O_NONBLOCK)); +#undef SETBLOCK +#define SETBLOCK 1 +#endif + +#if defined(HAVE_FIONBIO) && (SETBLOCK == 0) + /* older unix versions */ + int flags; + + flags = nonblock; + return ioctl(sockfd, FIONBIO, &flags); +#undef SETBLOCK +#define SETBLOCK 2 +#endif + +#if defined(HAVE_IOCTLSOCKET) && (SETBLOCK == 0) + /* Windows? */ + unsigned long flags; + flags = nonblock; + + return ioctlsocket(sockfd, FIONBIO, &flags); +#undef SETBLOCK +#define SETBLOCK 3 +#endif + +#if defined(HAVE_IOCTLSOCKET_CASE) && (SETBLOCK == 0) + /* presumably for Amiga */ + return IoctlSocket(sockfd, FIONBIO, (long) nonblock); +#undef SETBLOCK +#define SETBLOCK 4 +#endif + +#if defined(HAVE_SO_NONBLOCK) && (SETBLOCK == 0) + /* BeOS */ + long b = nonblock ? 1 : 0; + return setsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b)); +#undef SETBLOCK +#define SETBLOCK 5 +#endif + +#ifdef HAVE_DISABLED_NONBLOCKING + return 0; /* returns success */ +#undef SETBLOCK +#define SETBLOCK 6 +#endif + +#if (SETBLOCK == 0) +#error "no non-blocking method was found/used/set" +#endif +} + +/* + * _libssh2_get_socket_nonblocking() gets the given blocking or non-blocking + * state of the socket. + */ +static int +_libssh2_get_socket_nonblocking(int sockfd) +{ /* operate on this */ +#undef GETBLOCK +#define GETBLOCK 0 +#ifdef HAVE_O_NONBLOCK + /* most recent unix versions */ + int flags; + + if ((flags = fcntl(sockfd, F_GETFL, 0)) == -1) { + /* Assume blocking on error */ + return 1; + } + return (flags & O_NONBLOCK); +#undef GETBLOCK +#define GETBLOCK 1 +#endif + +#if defined(WSAEWOULDBLOCK) && (GETBLOCK == 0) + /* Windows? */ + unsigned int option_value; + socklen_t option_len = sizeof(option_value); + + if (getsockopt + (sockfd, SOL_SOCKET, SO_ERROR, (void *) &option_value, &option_len)) { + /* Assume blocking on error */ + return 1; + } + return (int) option_value; +#undef GETBLOCK +#define GETBLOCK 2 +#endif + +#if defined(HAVE_SO_NONBLOCK) && (GETBLOCK == 0) + /* BeOS */ + long b; + if (getsockopt(sockfd, SOL_SOCKET, SO_NONBLOCK, &b, sizeof(b))) { + /* Assume blocking on error */ + return 1; + } + return (int) b; +#undef GETBLOCK +#define GETBLOCK 5 +#endif + +#ifdef HAVE_DISABLED_NONBLOCKING + return 1; /* returns blocking */ +#undef GETBLOCK +#define GETBLOCK 6 +#endif + +#if (GETBLOCK == 0) +#error "no non-blocking method was found/used/get" +#endif +} + +/* {{{ libssh2_banner_set + * Set the local banner + */ +LIBSSH2_API int +libssh2_banner_set(LIBSSH2_SESSION * session, const char *banner) +{ + int banner_len = banner ? strlen(banner) : 0; + + if (session->local.banner) { + LIBSSH2_FREE(session, session->local.banner); + session->local.banner = NULL; + } + + if (!banner_len) { + return 0; + } + + session->local.banner = LIBSSH2_ALLOC(session, banner_len + 3); + if (!session->local.banner) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for local banner", 0); + return -1; + } + + memcpy(session->local.banner, banner, banner_len); + session->local.banner[banner_len] = '\0'; + _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Setting local Banner: %s", + session->local.banner); + session->local.banner[banner_len++] = '\r'; + session->local.banner[banner_len++] = '\n'; + session->local.banner[banner_len++] = '\0'; + + return 0; +} + +/* }}} */ + +/* {{{ proto libssh2_session_init + * Allocate and initialize a libssh2 session structure + * Allows for malloc callbacks in case the calling program has its own memory manager + * It's allowable (but unadvisable) to define some but not all of the malloc callbacks + * An additional pointer value may be optionally passed to be sent to the callbacks (so they know who's asking) + */ +LIBSSH2_API LIBSSH2_SESSION * +libssh2_session_init_ex(LIBSSH2_ALLOC_FUNC((*my_alloc)), + LIBSSH2_FREE_FUNC((*my_free)), + LIBSSH2_REALLOC_FUNC((*my_realloc)), void *abstract) +{ + LIBSSH2_ALLOC_FUNC((*local_alloc)) = libssh2_default_alloc; + LIBSSH2_FREE_FUNC((*local_free)) = libssh2_default_free; + LIBSSH2_REALLOC_FUNC((*local_realloc)) = libssh2_default_realloc; + LIBSSH2_SESSION *session; + + if (my_alloc) { + local_alloc = my_alloc; + } + if (my_free) { + local_free = my_free; + } + if (my_realloc) { + local_realloc = my_realloc; + } + + session = local_alloc(sizeof(LIBSSH2_SESSION), abstract); + if (session) { + memset(session, 0, sizeof(LIBSSH2_SESSION)); + session->alloc = local_alloc; + session->free = local_free; + session->realloc = local_realloc; + session->abstract = abstract; + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "New session resource allocated"); + libssh2_crypto_init(); + } + return session; +} + +/* }}} */ + +/* {{{ libssh2_session_callback_set + * Set (or reset) a callback function + * Returns the prior address + * + * FIXME: this function relies on that we can typecast function pointers + * to void pointers, which isn't allowed in ISO C! + */ +LIBSSH2_API void * +libssh2_session_callback_set(LIBSSH2_SESSION * session, + int cbtype, void *callback) +{ + void *oldcb; + + switch (cbtype) { + case LIBSSH2_CALLBACK_IGNORE: + oldcb = session->ssh_msg_ignore; + session->ssh_msg_ignore = callback; + return oldcb; + + case LIBSSH2_CALLBACK_DEBUG: + oldcb = session->ssh_msg_debug; + session->ssh_msg_debug = callback; + return oldcb; + + case LIBSSH2_CALLBACK_DISCONNECT: + oldcb = session->ssh_msg_disconnect; + session->ssh_msg_disconnect = callback; + return oldcb; + + case LIBSSH2_CALLBACK_MACERROR: + oldcb = session->macerror; + session->macerror = callback; + return oldcb; + + case LIBSSH2_CALLBACK_X11: + oldcb = session->x11; + session->x11 = callback; + return oldcb; + + } + _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Setting Callback %d", cbtype); + + return NULL; +} + +/* }}} */ + +/* {{{ proto libssh2_session_startup + * session: LIBSSH2_SESSION struct allocated and owned by the calling program + * Returns: 0 on success, or non-zero on failure + * Any memory allocated by libssh2 will use alloc/realloc/free + * callbacks in session + * socket *must* be populated with an opened and connected socket. + */ +LIBSSH2_API int +libssh2_session_startup(LIBSSH2_SESSION * session, int sock) +{ + int rc; + + if (session->startup_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "session_startup for socket %d", sock); + /* FIXME: on some platforms (like win32) sockets are unsigned */ + if (sock < 0) { + /* Did we forget something? */ + libssh2_error(session, LIBSSH2_ERROR_SOCKET_NONE, + "Bad socket provided", 0); + return LIBSSH2_ERROR_SOCKET_NONE; + } + session->socket_fd = sock; + + session->socket_block = + !_libssh2_get_socket_nonblocking(session->socket_fd); + if (session->socket_block) { + /* + * Since we can't be sure that we are in blocking or there + * was an error detecting the state, so set to blocking to + * be sure + */ + _libssh2_nonblock(session->socket_fd, 0); + } + + session->startup_state = libssh2_NB_state_created; + } + + /* TODO: Liveness check */ + + if (session->startup_state == libssh2_NB_state_created) { + rc = libssh2_banner_send(session); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending banner to remote host", 0); + return LIBSSH2_ERROR_EAGAIN; + } else if (rc) { + /* Unable to send banner? */ + libssh2_error(session, LIBSSH2_ERROR_BANNER_SEND, + "Error sending banner to remote host", 0); + return LIBSSH2_ERROR_BANNER_SEND; + } + + session->startup_state = libssh2_NB_state_sent; + } + + if (session->startup_state == libssh2_NB_state_sent) { + rc = libssh2_banner_receive(session); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for banner", 0); + return LIBSSH2_ERROR_EAGAIN; + } else if (rc) { + /* Unable to receive banner from remote */ + libssh2_error(session, LIBSSH2_ERROR_BANNER_NONE, + "Timeout waiting for banner", 0); + return LIBSSH2_ERROR_BANNER_NONE; + } + + session->startup_state = libssh2_NB_state_sent1; + } + + if (session->startup_state == libssh2_NB_state_sent1) { + rc = libssh2_kex_exchange(session, 0, &session->startup_key_state); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block exchanging encryption keys", 0); + return LIBSSH2_ERROR_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_KEX_FAILURE, + "Unable to exchange encryption keys", 0); + return LIBSSH2_ERROR_KEX_FAILURE; + } + + session->startup_state = libssh2_NB_state_sent2; + } + + if (session->startup_state == libssh2_NB_state_sent2) { + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "Requesting userauth service"); + + /* Request the userauth service */ + session->startup_service[0] = SSH_MSG_SERVICE_REQUEST; + libssh2_htonu32(session->startup_service + 1, + sizeof("ssh-userauth") - 1); + memcpy(session->startup_service + 5, "ssh-userauth", + sizeof("ssh-userauth") - 1); + + session->startup_state = libssh2_NB_state_sent3; + } + + if (session->startup_state == libssh2_NB_state_sent3) { + rc = libssh2_packet_write(session, session->startup_service, + sizeof("ssh-userauth") + 5 - 1); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block asking for ssh-userauth service", 0); + return LIBSSH2_ERROR_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to ask for ssh-userauth service", 0); + return LIBSSH2_ERROR_SOCKET_SEND; + } + + session->startup_state = libssh2_NB_state_sent4; + } + + if (session->startup_state == libssh2_NB_state_sent4) { + rc = libssh2_packet_require_ex(session, SSH_MSG_SERVICE_ACCEPT, + &session->startup_data, + &session->startup_data_len, 0, NULL, 0, + &session->startup_req_state); + if (rc == PACKET_EAGAIN) { + return LIBSSH2_ERROR_EAGAIN; + } else if (rc) { + return LIBSSH2_ERROR_SOCKET_DISCONNECT; + } + session->startup_service_length = + libssh2_ntohu32(session->startup_data + 1); + + if ((session->startup_service_length != (sizeof("ssh-userauth") - 1)) + || strncmp("ssh-userauth", (char *) session->startup_data + 5, + session->startup_service_length)) { + LIBSSH2_FREE(session, session->startup_data); + session->startup_data = NULL; + libssh2_error(session, LIBSSH2_ERROR_PROTO, + "Invalid response received from server", 0); + return LIBSSH2_ERROR_PROTO; + } + LIBSSH2_FREE(session, session->startup_data); + session->startup_data = NULL; + + session->startup_state = libssh2_NB_state_idle; + + return 0; + } + + /* just for safety return some error */ + return LIBSSH2_ERROR_INVAL; +} + +/* }}} */ + +/* {{{ proto libssh2_session_free + * Frees the memory allocated to the session + * Also closes and frees any channels attached to this session + */ +LIBSSH2_API int +libssh2_session_free(LIBSSH2_SESSION * session) +{ + int rc; + + if (session->free_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_TRANS, "Freeing session resource", + session->remote.banner); + + session->state = libssh2_NB_state_created; + } + + if (session->free_state == libssh2_NB_state_created) { + while (session->channels.head) { + LIBSSH2_CHANNEL *tmp = session->channels.head; + + rc = libssh2_channel_free(session->channels.head); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + if (tmp == session->channels.head) { + /* channel_free couldn't do it's job, perform a messy cleanup */ + tmp = session->channels.head; + + /* unlink */ + session->channels.head = tmp->next; + + /* free */ + LIBSSH2_FREE(session, tmp); + + /* reverse linking isn't important here, we're killing the structure */ + } + } + + session->state = libssh2_NB_state_sent; + } + + if (session->state == libssh2_NB_state_sent) { + while (session->listeners) { + rc = libssh2_channel_forward_cancel(session->listeners); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + } + + session->state = libssh2_NB_state_sent1; + } + + if (session->state & LIBSSH2_STATE_NEWKEYS) { + /* hostkey */ + if (session->hostkey && session->hostkey->dtor) { + session->hostkey->dtor(session, &session->server_hostkey_abstract); + } + + /* Client to Server */ + /* crypt */ + if (session->local.crypt && session->local.crypt->dtor) { + session->local.crypt->dtor(session, + &session->local.crypt_abstract); + } + /* comp */ + if (session->local.comp && session->local.comp->dtor) { + session->local.comp->dtor(session, 1, + &session->local.comp_abstract); + } + /* mac */ + if (session->local.mac && session->local.mac->dtor) { + session->local.mac->dtor(session, &session->local.mac_abstract); + } + + /* Server to Client */ + /* crypt */ + if (session->remote.crypt && session->remote.crypt->dtor) { + session->remote.crypt->dtor(session, + &session->remote.crypt_abstract); + } + /* comp */ + if (session->remote.comp && session->remote.comp->dtor) { + session->remote.comp->dtor(session, 0, + &session->remote.comp_abstract); + } + /* mac */ + if (session->remote.mac && session->remote.mac->dtor) { + session->remote.mac->dtor(session, &session->remote.mac_abstract); + } + + /* session_id */ + if (session->session_id) { + LIBSSH2_FREE(session, session->session_id); + } + } + + /* Free banner(s) */ + if (session->remote.banner) { + LIBSSH2_FREE(session, session->remote.banner); + } + if (session->local.banner) { + LIBSSH2_FREE(session, session->local.banner); + } + + /* Free preference(s) */ + if (session->kex_prefs) { + LIBSSH2_FREE(session, session->kex_prefs); + } + if (session->hostkey_prefs) { + LIBSSH2_FREE(session, session->hostkey_prefs); + } + + if (session->local.crypt_prefs) { + LIBSSH2_FREE(session, session->local.crypt_prefs); + } + if (session->local.mac_prefs) { + LIBSSH2_FREE(session, session->local.mac_prefs); + } + if (session->local.comp_prefs) { + LIBSSH2_FREE(session, session->local.comp_prefs); + } + if (session->local.lang_prefs) { + LIBSSH2_FREE(session, session->local.lang_prefs); + } + + if (session->remote.crypt_prefs) { + LIBSSH2_FREE(session, session->remote.crypt_prefs); + } + if (session->remote.mac_prefs) { + LIBSSH2_FREE(session, session->remote.mac_prefs); + } + if (session->remote.comp_prefs) { + LIBSSH2_FREE(session, session->remote.comp_prefs); + } + if (session->remote.lang_prefs) { + LIBSSH2_FREE(session, session->remote.lang_prefs); + } + + /* + * Make sure all memory used in the state variables are free + */ + if (session->startup_data) { + LIBSSH2_FREE(session, session->startup_data); + } + if (session->disconnect_data) { + LIBSSH2_FREE(session, session->disconnect_data); + } + if (session->userauth_list_data) { + LIBSSH2_FREE(session, session->userauth_list_data); + } + if (session->userauth_pswd_data) { + LIBSSH2_FREE(session, session->userauth_pswd_data); + } + if (session->userauth_pswd_newpw) { + LIBSSH2_FREE(session, session->userauth_pswd_newpw); + } + if (session->userauth_host_packet) { + LIBSSH2_FREE(session, session->userauth_host_packet); + } + if (session->userauth_host_method) { + LIBSSH2_FREE(session, session->userauth_host_method); + } + if (session->userauth_host_data) { + LIBSSH2_FREE(session, session->userauth_host_data); + } + if (session->userauth_pblc_data) { + LIBSSH2_FREE(session, session->userauth_pblc_data); + } + if (session->userauth_pblc_packet) { + LIBSSH2_FREE(session, session->userauth_pblc_packet); + } + if (session->userauth_pblc_method) { + LIBSSH2_FREE(session, session->userauth_pblc_method); + } + if (session->userauth_kybd_data) { + LIBSSH2_FREE(session, session->userauth_kybd_data); + } + if (session->userauth_kybd_packet) { + LIBSSH2_FREE(session, session->userauth_kybd_packet); + } + if (session->userauth_kybd_auth_instruction) { + LIBSSH2_FREE(session, session->userauth_kybd_auth_instruction); + } + if (session->open_packet) { + LIBSSH2_FREE(session, session->open_packet); + } + if (session->open_data) { + LIBSSH2_FREE(session, session->open_data); + } + if (session->direct_message) { + LIBSSH2_FREE(session, session->direct_message); + } + if (session->fwdLstn_packet) { + LIBSSH2_FREE(session, session->fwdLstn_packet); + } + if (session->pkeyInit_data) { + LIBSSH2_FREE(session, session->pkeyInit_data); + } + if (session->scpRecv_command) { + LIBSSH2_FREE(session, session->scpRecv_command); + } + if (session->scpSend_command) { + LIBSSH2_FREE(session, session->scpSend_command); + } + if (session->scpRecv_err_msg) { + LIBSSH2_FREE(session, session->scpRecv_err_msg); + } + if (session->scpSend_err_msg) { + LIBSSH2_FREE(session, session->scpSend_err_msg); + } + + /* Free the error message, if we ar supposed to */ + if (session->err_msg && session->err_should_free) { + LIBSSH2_FREE(session, session->err_msg); + } + + /* Cleanup any remaining packets */ + while (session->packets.head) { + LIBSSH2_PACKET *tmp = session->packets.head; + + /* unlink */ + session->packets.head = tmp->next; + + /* free */ + LIBSSH2_FREE(session, tmp->data); + LIBSSH2_FREE(session, tmp); + } + + LIBSSH2_FREE(session, session); + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_session_disconnect_ex + */ +LIBSSH2_API int +libssh2_session_disconnect_ex(LIBSSH2_SESSION * session, int reason, + const char *description, const char *lang) +{ + unsigned char *s; + unsigned long descr_len = 0, lang_len = 0; + int rc; + + if (session->disconnect_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_TRANS, + "Disconnecting: reason=%d, desc=%s, lang=%s", reason, + description, lang); + if (description) { + descr_len = strlen(description); + } + if (lang) { + lang_len = strlen(lang); + } + /* 13 = packet_type(1) + reason code(4) + descr_len(4) + lang_len(4) */ + session->disconnect_data_len = descr_len + lang_len + 13; + + s = session->disconnect_data = + LIBSSH2_ALLOC(session, session->disconnect_data_len); + if (!session->disconnect_data) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for disconnect packet", + 0); + session->disconnect_state = libssh2_NB_state_idle; + return -1; + } + + *(s++) = SSH_MSG_DISCONNECT; + libssh2_htonu32(s, reason); + s += 4; + + libssh2_htonu32(s, descr_len); + s += 4; + if (description) { + memcpy(s, description, descr_len); + s += descr_len; + } + + libssh2_htonu32(s, lang_len); + s += 4; + if (lang) { + memcpy(s, lang, lang_len); + s += lang_len; + } + + session->disconnect_state = libssh2_NB_state_created; + } + + rc = libssh2_packet_write(session, session->disconnect_data, + session->disconnect_data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + + LIBSSH2_FREE(session, session->disconnect_data); + session->disconnect_data = NULL; + session->disconnect_state = libssh2_NB_state_idle; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_session_methods + * Return the currently active methods for method_type + * NOTE: Currently lang_cs and lang_sc are ALWAYS set to empty string regardless of actual negotiation + * Strings should NOT be freed + */ +LIBSSH2_API const char * +libssh2_session_methods(LIBSSH2_SESSION * session, int method_type) +{ + /* All methods have char *name as their first element */ + const LIBSSH2_KEX_METHOD *method = NULL; + + switch (method_type) { + case LIBSSH2_METHOD_KEX: + method = session->kex; + break; + + case LIBSSH2_METHOD_HOSTKEY: + method = (LIBSSH2_KEX_METHOD *) session->hostkey; + break; + + case LIBSSH2_METHOD_CRYPT_CS: + method = (LIBSSH2_KEX_METHOD *) session->local.crypt; + break; + + case LIBSSH2_METHOD_CRYPT_SC: + method = (LIBSSH2_KEX_METHOD *) session->remote.crypt; + break; + + case LIBSSH2_METHOD_MAC_CS: + method = (LIBSSH2_KEX_METHOD *) session->local.mac; + break; + + case LIBSSH2_METHOD_MAC_SC: + method = (LIBSSH2_KEX_METHOD *) session->remote.mac; + break; + + case LIBSSH2_METHOD_COMP_CS: + method = (LIBSSH2_KEX_METHOD *) session->local.comp; + break; + + case LIBSSH2_METHOD_COMP_SC: + method = (LIBSSH2_KEX_METHOD *) session->remote.comp; + break; + + case LIBSSH2_METHOD_LANG_CS: + return ""; + break; + + case LIBSSH2_METHOD_LANG_SC: + return ""; + break; + + default: + libssh2_error(session, LIBSSH2_ERROR_INVAL, + "Invalid parameter specified for method_type", 0); + return NULL; + break; + } + + if (!method) { + libssh2_error(session, LIBSSH2_ERROR_METHOD_NONE, + "No method negotiated", 0); + return NULL; + } + + return method->name; +} + +/* }}} */ + +/* {{{ libssh2_session_abstract + * Retrieve a pointer to the abstract property + */ +LIBSSH2_API void ** +libssh2_session_abstract(LIBSSH2_SESSION * session) +{ + return &session->abstract; +} + +/* }}} */ + +/* {{{ libssh2_session_last_error + * Returns error code and populates an error string into errmsg + * If want_buf is non-zero then the string placed into errmsg must be freed by the calling program + * Otherwise it is assumed to be owned by libssh2 + */ +LIBSSH2_API int +libssh2_session_last_error(LIBSSH2_SESSION * session, char **errmsg, + int *errmsg_len, int want_buf) +{ + /* No error to report */ + if (!session->err_code) { + if (errmsg) { + if (want_buf) { + *errmsg = LIBSSH2_ALLOC(session, 1); + if (*errmsg) { + **errmsg = 0; + } + } else { + *errmsg = (char *) ""; + } + } + if (errmsg_len) { + *errmsg_len = 0; + } + return 0; + } + + if (errmsg) { + char *serrmsg = session->err_msg ? session->err_msg : (char *) ""; + int ownbuf = session->err_msg ? session->err_should_free : 0; + + if (want_buf) { + if (ownbuf) { + /* Just give the calling program the buffer */ + *errmsg = serrmsg; + session->err_should_free = 0; + } else { + /* Make a copy so the calling program can own it */ + *errmsg = LIBSSH2_ALLOC(session, session->err_msglen + 1); + if (*errmsg) { + memcpy(*errmsg, session->err_msg, session->err_msglen); + (*errmsg)[session->err_msglen] = 0; + } + } + } else { + *errmsg = serrmsg; + } + } + + if (errmsg_len) { + *errmsg_len = session->err_msglen; + } + + return session->err_code; +} + +/* }}} */ + +/* {{{ libssh2_session_last_error +* Returns error code +*/ +LIBSSH2_API int +libssh2_session_last_errno(LIBSSH2_SESSION * session) +{ + return session->err_code; +} + +/* }}} */ + +/* {{{ libssh2_session_flag + * Set/Get session flags + * Passing flag==0 will avoid changing session->flags while still returning its current value + */ +LIBSSH2_API int +libssh2_session_flag(LIBSSH2_SESSION * session, int flag, int value) +{ + if (value) { + session->flags |= flag; + } else { + session->flags &= ~flag; + } + + return session->flags; +} + +/* }}} */ + +/* {{{ _libssh2_session_set_blocking + * Set a session's blocking mode on or off, return the previous status + * when this function is called. + */ +int +_libssh2_session_set_blocking(LIBSSH2_SESSION * session, int blocking) +{ + int bl = session->socket_block; + _libssh2_debug(session, LIBSSH2_DBG_CONN, + "Setting blocking mode on session %d", blocking); + if (blocking == session->socket_block) { + /* avoid if already correct */ + return bl; + } + session->socket_block = blocking; + + _libssh2_nonblock(session->socket_fd, !blocking); + + return bl; +} + +/* }}} */ + +/* {{{ libssh2_session_set_blocking + * Set a channel's blocking mode on or off, similar to a socket's + * fcntl(fd, F_SETFL, O_NONBLOCK); type command + */ +LIBSSH2_API void +libssh2_session_set_blocking(LIBSSH2_SESSION * session, int blocking) +{ + (void) _libssh2_session_set_blocking(session, blocking); +} + +/* }}} */ + +/* {{{ libssh2_session_get_blocking +* Returns a session's blocking mode on or off +*/ +LIBSSH2_API int +libssh2_session_get_blocking(LIBSSH2_SESSION * session) +{ + return session->socket_block; +} + +/* }}} */ + +/* {{{ libssh2_poll_channel_read + * Returns 0 if no data is waiting on channel, + * non-0 if data is available + */ +LIBSSH2_API int +libssh2_poll_channel_read(LIBSSH2_CHANNEL * channel, int extended) +{ + LIBSSH2_SESSION *session = channel->session; + LIBSSH2_PACKET *packet = session->packets.head; + + while (packet) { + if (((packet->data[0] == SSH_MSG_CHANNEL_DATA) && (extended == 0) && + (channel->local.id == libssh2_ntohu32(packet->data + 1))) || + ((packet->data[0] == SSH_MSG_CHANNEL_EXTENDED_DATA) + && (extended != 0) + && (channel->local.id == libssh2_ntohu32(packet->data + 1)))) { + /* Found data waiting to be read */ + return 1; + } + packet = packet->next; + } + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_poll_channel_write + * Returns 0 if writing to channel would block, + * non-0 if data can be written without blocking + */ +static inline int +libssh2_poll_channel_write(LIBSSH2_CHANNEL * channel) +{ + return channel->local.window_size ? 1 : 0; +} + +/* }}} */ + +/* {{{ libssh2_poll_listener_queued + * Returns 0 if no connections are waiting to be accepted + * non-0 if one or more connections are available + */ +static inline int +libssh2_poll_listener_queued(LIBSSH2_LISTENER * listener) +{ + return listener->queue ? 1 : 0; +} + +/* }}} */ + +/* {{{ libssh2_poll + * Poll sockets, channels, and listeners for activity + */ +LIBSSH2_API int +libssh2_poll(LIBSSH2_POLLFD * fds, unsigned int nfds, long timeout) +{ + long timeout_remaining; + unsigned int i, active_fds; +#ifdef HAVE_POLL + LIBSSH2_SESSION *session = NULL; +#ifdef HAVE_ALLOCA + struct pollfd *sockets = alloca(sizeof(struct pollfd) * nfds); +#else + struct pollfd sockets[256]; + + if (nfds > 256) + /* systems without alloca use a fixed-size array, this can be fixed + if we really want to, at least if the compiler is a C99 capable one */ + return -1; +#endif + /* Setup sockets for polling */ + for(i = 0; i < nfds; i++) { + fds[i].revents = 0; + switch (fds[i].type) { + case LIBSSH2_POLLFD_SOCKET: + sockets[i].fd = fds[i].fd.socket; + sockets[i].events = fds[i].events; + sockets[i].revents = 0; + break; + + case LIBSSH2_POLLFD_CHANNEL: + sockets[i].fd = fds[i].fd.channel->session->socket_fd; + sockets[i].events = POLLIN; + sockets[i].revents = 0; + if (!session) + session = fds[i].fd.channel->session; + break; + + case LIBSSH2_POLLFD_LISTENER: + sockets[i].fd = fds[i].fd.listener->session->socket_fd; + sockets[i].events = POLLIN; + sockets[i].revents = 0; + if (!session) + session = fds[i].fd.listener->session; + break; + + default: + if (session) + libssh2_error(session, LIBSSH2_ERROR_INVALID_POLL_TYPE, + "Invalid descriptor passed to libssh2_poll()", + 0); + return -1; + } + } +#elif defined(HAVE_SELECT) + LIBSSH2_SESSION *session = NULL; + int maxfd = 0; + fd_set rfds, wfds; + struct timeval tv; + + FD_ZERO(&rfds); + FD_ZERO(&wfds); + for(i = 0; i < nfds; i++) { + fds[i].revents = 0; + switch (fds[i].type) { + case LIBSSH2_POLLFD_SOCKET: + if (fds[i].events & LIBSSH2_POLLFD_POLLIN) { + FD_SET(fds[i].fd.socket, &rfds); + if (fds[i].fd.socket > maxfd) + maxfd = fds[i].fd.socket; + } + if (fds[i].events & LIBSSH2_POLLFD_POLLOUT) { + FD_SET(fds[i].fd.socket, &wfds); + if (fds[i].fd.socket > maxfd) + maxfd = fds[i].fd.socket; + } + break; + + case LIBSSH2_POLLFD_CHANNEL: + FD_SET(fds[i].fd.channel->session->socket_fd, &rfds); + if (fds[i].fd.channel->session->socket_fd > maxfd) + maxfd = fds[i].fd.channel->session->socket_fd; + if (!session) + session = fds[i].fd.channel->session; + break; + + case LIBSSH2_POLLFD_LISTENER: + FD_SET(fds[i].fd.listener->session->socket_fd, &rfds); + if (fds[i].fd.listener->session->socket_fd > maxfd) + maxfd = fds[i].fd.listener->session->socket_fd; + if (!session) + session = fds[i].fd.listener->session; + break; + + default: + if (session) + libssh2_error(session, LIBSSH2_ERROR_INVALID_POLL_TYPE, + "Invalid descriptor passed to libssh2_poll()", + 0); + return -1; + } + } +#else + /* No select() or poll() + * no sockets sturcture to setup + */ + + timeout = 0; +#endif /* HAVE_POLL or HAVE_SELECT */ + + timeout_remaining = timeout; + do { +#if defined(HAVE_POLL) || defined(HAVE_SELECT) + int sysret; +#endif + + active_fds = 0; + + for(i = 0; i < nfds; i++) { + if (fds[i].events != fds[i].revents) { + switch (fds[i].type) { + case LIBSSH2_POLLFD_CHANNEL: + if ((fds[i].events & LIBSSH2_POLLFD_POLLIN) && /* Want to be ready for read */ + ((fds[i].revents & LIBSSH2_POLLFD_POLLIN) == 0)) { /* Not yet known to be ready for read */ + fds[i].revents |= + libssh2_poll_channel_read(fds[i].fd.channel, + 0) ? + LIBSSH2_POLLFD_POLLIN : 0; + } + if ((fds[i].events & LIBSSH2_POLLFD_POLLEXT) && /* Want to be ready for extended read */ + ((fds[i].revents & LIBSSH2_POLLFD_POLLEXT) == 0)) { /* Not yet known to be ready for extended read */ + fds[i].revents |= + libssh2_poll_channel_read(fds[i].fd.channel, + 1) ? + LIBSSH2_POLLFD_POLLEXT : 0; + } + if ((fds[i].events & LIBSSH2_POLLFD_POLLOUT) && /* Want to be ready for write */ + ((fds[i].revents & LIBSSH2_POLLFD_POLLOUT) == 0)) { /* Not yet known to be ready for write */ + fds[i].revents |= + libssh2_poll_channel_write(fds[i].fd. + channel) ? + LIBSSH2_POLLFD_POLLOUT : 0; + } + if (fds[i].fd.channel->remote.close + || fds[i].fd.channel->local.close) { + fds[i].revents |= LIBSSH2_POLLFD_CHANNEL_CLOSED; + } + if (fds[i].fd.channel->session->socket_state == + LIBSSH2_SOCKET_DISCONNECTED) { + fds[i].revents |= + LIBSSH2_POLLFD_CHANNEL_CLOSED | + LIBSSH2_POLLFD_SESSION_CLOSED; + } + break; + + case LIBSSH2_POLLFD_LISTENER: + if ((fds[i].events & LIBSSH2_POLLFD_POLLIN) && /* Want a connection */ + ((fds[i].revents & LIBSSH2_POLLFD_POLLIN) == 0)) { /* No connections known of yet */ + fds[i].revents |= + libssh2_poll_listener_queued(fds[i].fd. + listener) ? + LIBSSH2_POLLFD_POLLIN : 0; + } + if (fds[i].fd.listener->session->socket_state == + LIBSSH2_SOCKET_DISCONNECTED) { + fds[i].revents |= + LIBSSH2_POLLFD_LISTENER_CLOSED | + LIBSSH2_POLLFD_SESSION_CLOSED; + } + break; + } + } + if (fds[i].revents) { + active_fds++; + } + } + + if (active_fds) { + /* Don't block on the sockets if we have channels/listeners which are ready */ + timeout_remaining = 0; + } +#ifdef HAVE_POLL + +#ifdef HAVE_GETTIMEOFDAY + { + struct timeval tv_begin, tv_end; + + gettimeofday((struct timeval *) &tv_begin, NULL); + sysret = poll(sockets, nfds, timeout_remaining); + gettimeofday((struct timeval *) &tv_end, NULL); + timeout_remaining -= (tv_end.tv_sec - tv_begin.tv_sec) * 1000; + timeout_remaining -= (tv_end.tv_usec - tv_begin.tv_usec) / 1000; + } +#else + /* If the platform doesn't support gettimeofday, + * then just make the call non-blocking and walk away + */ + sysret = poll(sockets, nfds, timeout_remaining); + timeout_remaining = 0; +#endif /* HAVE_GETTIMEOFDAY */ + + if (sysret > 0) { + for(i = 0; i < nfds; i++) { + switch (fds[i].type) { + case LIBSSH2_POLLFD_SOCKET: + fds[i].revents = sockets[i].revents; + sockets[i].revents = 0; /* In case we loop again, be nice */ + if (fds[i].revents) { + active_fds++; + } + break; + case LIBSSH2_POLLFD_CHANNEL: + if (sockets[i].events & POLLIN) { + /* Spin session until no data available */ + while (libssh2_packet_read(fds[i].fd.channel->session) + > 0); + } + if (sockets[i].revents & POLLHUP) { + fds[i].revents |= + LIBSSH2_POLLFD_CHANNEL_CLOSED | + LIBSSH2_POLLFD_SESSION_CLOSED; + } + sockets[i].revents = 0; + break; + case LIBSSH2_POLLFD_LISTENER: + if (sockets[i].events & POLLIN) { + /* Spin session until no data available */ + while (libssh2_packet_read(fds[i].fd.listener->session) + > 0); + } + if (sockets[i].revents & POLLHUP) { + fds[i].revents |= + LIBSSH2_POLLFD_LISTENER_CLOSED | + LIBSSH2_POLLFD_SESSION_CLOSED; + } + sockets[i].revents = 0; + break; + } + } + } +#elif defined(HAVE_SELECT) + tv.tv_sec = timeout_remaining / 1000; + tv.tv_usec = (timeout_remaining % 1000) * 1000; +#ifdef HAVE_GETTIMEOFDAY + { + struct timeval tv_begin, tv_end; + + gettimeofday((struct timeval *) &tv_begin, NULL); + sysret = select(maxfd, &rfds, &wfds, NULL, &tv); + gettimeofday((struct timeval *) &tv_end, NULL); + + timeout_remaining -= (tv_end.tv_sec - tv_begin.tv_sec) * 1000; + timeout_remaining -= (tv_end.tv_usec - tv_begin.tv_usec) / 1000; + } +#else + /* If the platform doesn't support gettimeofday, + * then just make the call non-blocking and walk away + */ + sysret = select(maxfd, &rfds, &wfds, NULL, &tv); + timeout_remaining = 0; +#endif + + if (sysret > 0) { + for(i = 0; i < nfds; i++) { + switch (fds[i].type) { + case LIBSSH2_POLLFD_SOCKET: + if (FD_ISSET(fds[i].fd.socket, &rfds)) { + fds[i].revents |= LIBSSH2_POLLFD_POLLIN; + } + if (FD_ISSET(fds[i].fd.socket, &wfds)) { + fds[i].revents |= LIBSSH2_POLLFD_POLLOUT; + } + if (fds[i].revents) { + active_fds++; + } + break; + + case LIBSSH2_POLLFD_CHANNEL: + if (FD_ISSET(fds[i].fd.channel->session->socket_fd, &rfds)) { + /* Spin session until no data available */ + while (libssh2_packet_read(fds[i].fd.channel->session) + > 0); + } + break; + + case LIBSSH2_POLLFD_LISTENER: + if (FD_ISSET + (fds[i].fd.listener->session->socket_fd, &rfds)) { + /* Spin session until no data available */ + while (libssh2_packet_read(fds[i].fd.listener->session) + > 0); + } + break; + } + } + } +#endif /* else no select() or poll() -- timeout (and by extension timeout_remaining) will be equal to 0 */ + } while ((timeout_remaining > 0) && !active_fds); + + return active_fds; +} + +/* }}} */ diff --git a/Vendor/libssh2/Source/sftp.c b/Vendor/libssh2/Source/sftp.c new file mode 100644 index 0000000..fd4e5e6 --- /dev/null +++ b/Vendor/libssh2/Source/sftp.c @@ -0,0 +1,2325 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" +#include "libssh2_sftp.h" + +/* Note: Version 6 was documented at the time of writing + * However it was marked as "DO NOT IMPLEMENT" due to pending changes + * + * This release of libssh2 implements Version 5 with automatic downgrade + * based on server's declaration + */ + +/* SFTP packet types */ +#define SSH_FXP_INIT 1 +#define SSH_FXP_VERSION 2 +#define SSH_FXP_OPEN 3 +#define SSH_FXP_CLOSE 4 +#define SSH_FXP_READ 5 +#define SSH_FXP_WRITE 6 +#define SSH_FXP_LSTAT 7 +#define SSH_FXP_FSTAT 8 +#define SSH_FXP_SETSTAT 9 +#define SSH_FXP_FSETSTAT 10 +#define SSH_FXP_OPENDIR 11 +#define SSH_FXP_READDIR 12 +#define SSH_FXP_REMOVE 13 +#define SSH_FXP_MKDIR 14 +#define SSH_FXP_RMDIR 15 +#define SSH_FXP_REALPATH 16 +#define SSH_FXP_STAT 17 +#define SSH_FXP_RENAME 18 +#define SSH_FXP_READLINK 19 +#define SSH_FXP_SYMLINK 20 +#define SSH_FXP_STATUS 101 +#define SSH_FXP_HANDLE 102 +#define SSH_FXP_DATA 103 +#define SSH_FXP_NAME 104 +#define SSH_FXP_ATTRS 105 +#define SSH_FXP_EXTENDED 200 +#define SSH_FXP_EXTENDED_REPLY 201 + +#define LIBSSH2_SFTP_HANDLE_FILE 0 +#define LIBSSH2_SFTP_HANDLE_DIR 1 + +/* S_IFREG */ +#define LIBSSH2_SFTP_ATTR_PFILETYPE_FILE 0100000 +/* S_IFDIR */ +#define LIBSSH2_SFTP_ATTR_PFILETYPE_DIR 0040000 + +/* {{{ libssh2_sftp_packet_add + * Add a packet to the SFTP packet brigade + */ +static int +libssh2_sftp_packet_add(LIBSSH2_SFTP * sftp, unsigned char *data, + unsigned long data_len) +{ + LIBSSH2_SESSION *session = sftp->channel->session; + LIBSSH2_PACKET *packet; + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Received packet %d", + (int) data[0]); + packet = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_PACKET)); + if (!packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate datablock for SFTP packet", 0); + return -1; + } + memset(packet, 0, sizeof(LIBSSH2_PACKET)); + + packet->data = data; + packet->data_len = data_len; + packet->data_head = 5; + packet->brigade = &sftp->packets; + packet->next = NULL; + packet->prev = sftp->packets.tail; + if (packet->prev) { + packet->prev->next = packet; + } else { + sftp->packets.head = packet; + } + sftp->packets.tail = packet; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_sftp_packet_read + * Frame an SFTP packet off the channel + */ +static int +libssh2_sftp_packet_read(LIBSSH2_SFTP * sftp, int flush) +{ + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned char buffer[4]; /* To store the packet length */ + unsigned char *packet; + unsigned long packet_len, packet_received; + ssize_t bytes_received; + int rc; + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Waiting for packet"); + + if (flush && sftp->partial_packet) { + /* When flushing, remove previous partial */ + LIBSSH2_FREE(session, sftp->partial_packet); + sftp->partial_packet = NULL; + } + + /* If there was a previous partial, start using it */ + if (sftp->partial_packet) { + packet = sftp->partial_packet; + packet_len = sftp->partial_len; + packet_received = sftp->partial_received; + sftp->partial_packet = NULL; + } else { + if (flush && session->socket_block && !libssh2_waitsocket(session, 0)) { + /* While flushing in blocking mode, check before reading */ + return -1; + } + rc = libssh2_channel_read_ex(channel, 0, (char *) buffer, 4); + if (flush && (rc < 0)) { + /* When flushing, exit quickly */ + return -1; + } else if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (4 != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for FXP packet", 0); + return -1; + } + + packet_len = libssh2_ntohu32(buffer); + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Data begin - Packet Length: %lu", packet_len); + if (packet_len > LIBSSH2_SFTP_PACKET_MAXLEN) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_PACKET_EXCEEDED, + "SFTP packet too large", 0); + return -1; + } + + packet = LIBSSH2_ALLOC(session, packet_len); + if (!packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate SFTP packet", 0); + return -1; + } + + packet_received = 0; + } + + /* Read as much of the packet as we can */ + while (packet_len > packet_received) { + bytes_received = + libssh2_channel_read_ex(channel, 0, + (char *) packet + packet_received, + packet_len - packet_received); + + if (flush && (bytes_received < 0)) { + if (packet) { + /* When flushing, remove packet if existing */ + LIBSSH2_FREE(session, packet); + } + /* When flushing, exit quickly */ + return -1; + } else if (bytes_received == PACKET_EAGAIN) { + /* + * We received EAGAIN, save what we have and + * return to EAGAIN to the caller + */ + sftp->partial_packet = packet; + sftp->partial_len = packet_len; + sftp->partial_received = packet_received; + packet = NULL; + + return PACKET_EAGAIN; + } else if (bytes_received < 0) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Receive error waiting for SFTP packet", 0); + LIBSSH2_FREE(session, packet); + return -1; + } + packet_received += bytes_received; + } + + if (libssh2_sftp_packet_add(sftp, packet, packet_len)) { + LIBSSH2_FREE(session, packet); + return -1; + } + + return packet[0]; +} + +/* }}} */ + +/* {{{ libssh2_sftp_packet_ask + * A la libssh2_packet_ask() + */ +static int +libssh2_sftp_packet_ask(LIBSSH2_SFTP * sftp, unsigned char packet_type, + unsigned long request_id, unsigned char **data, + unsigned long *data_len, int poll_channel) +{ + LIBSSH2_SESSION *session = sftp->channel->session; + LIBSSH2_PACKET *packet = sftp->packets.head; + unsigned char match_buf[5]; + int match_len = 5; + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Asking for %d packet", + (int) packet_type); + if (poll_channel) { + int ret = libssh2_sftp_packet_read(sftp, 0); + if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (ret < 0) { + return -1; + } + } + + match_buf[0] = packet_type; + if (packet_type == SSH_FXP_VERSION) { + /* Special consideration when matching VERSION packet */ + match_len = 1; + } else { + libssh2_htonu32(match_buf + 1, request_id); + } + + while (packet) { + if (strncmp((char *) packet->data, (char *) match_buf, match_len) == 0) { + *data = packet->data; + *data_len = packet->data_len; + + if (packet->prev) { + packet->prev->next = packet->next; + } else { + sftp->packets.head = packet->next; + } + + if (packet->next) { + packet->next->prev = packet->prev; + } else { + sftp->packets.tail = packet->prev; + } + + LIBSSH2_FREE(session, packet); + + return 0; + } + packet = packet->next; + } + return -1; +} + +/* }}} */ + +/* {{{ libssh2_sftp_packet_require + * A la libssh2_packet_require + */ +static int +libssh2_sftp_packet_require(LIBSSH2_SFTP * sftp, unsigned char packet_type, + unsigned long request_id, unsigned char **data, + unsigned long *data_len) +{ + LIBSSH2_SESSION *session = sftp->channel->session; + int ret; + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Requiring %d packet", + (int) packet_type); + + if (libssh2_sftp_packet_ask + (sftp, packet_type, request_id, data, data_len, 0) == 0) { + /* The right packet was available in the packet brigade */ + return 0; + } + + while (session->socket_state == LIBSSH2_SOCKET_CONNECTED) { + ret = libssh2_sftp_packet_read(sftp, 0); + if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (ret <= 0) { + return -1; + } + + if (packet_type == ret) { + /* Be lazy, let packet_ask pull it out of the brigade */ + return libssh2_sftp_packet_ask(sftp, packet_type, request_id, data, + data_len, 0); + } + } + + /* Only reached if the socket died */ + return -1; +} + +/* }}} */ + +/* {{{ libssh2_sftp_packet_requirev + * Requie one of N possible reponses + */ +static int +libssh2_sftp_packet_requirev(LIBSSH2_SFTP * sftp, int num_valid_responses, + const unsigned char *valid_responses, + unsigned long request_id, unsigned char **data, + unsigned long *data_len) +{ + int i; + int ret; + + /* + * If no timeout is active, start a new one and flush + * any pending packets + */ + if (sftp->requirev_start == 0) { + _libssh2_debug(sftp->channel->session, LIBSSH2_DBG_SFTP, + "_requirev(): Initialize timeout"); + sftp->requirev_start = time(NULL); + + /* Flush */ + while (libssh2_sftp_packet_read(sftp, 1) > 0); + } + + while (sftp->channel->session->socket_state == LIBSSH2_SOCKET_CONNECTED) { + for(i = 0; i < num_valid_responses; i++) { + if (libssh2_sftp_packet_ask + (sftp, valid_responses[i], request_id, data, data_len, + 0) == 0) { + /* + * Set to zero before all returns to say + * the timeout is not active + */ + sftp->requirev_start = 0; + return 0; + } + } + + ret = libssh2_sftp_packet_read(sftp, 0); + if ((ret < 0) && (ret != PACKET_EAGAIN)) { + sftp->requirev_start = 0; + return -1; + } else if (ret <= 0) { + /* prevent busy-looping */ + long left = + LIBSSH2_READ_TIMEOUT - (time(NULL) - sftp->requirev_start); + + if (left <= 0) { + sftp->requirev_start = 0; + return PACKET_TIMEOUT; + } else if (sftp->channel->session->socket_block + && (libssh2_waitsocket(sftp->channel->session, left) <= + 0)) { + sftp->requirev_start = 0; + return PACKET_TIMEOUT; + } else if (ret == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + } + } + + sftp->requirev_start = 0; + return -1; +} + +/* }}} */ + +/* {{{ libssh2_sftp_attrsize + * Size that attr will occupy when turned into a bin struct + */ +static int +libssh2_sftp_attrsize(const LIBSSH2_SFTP_ATTRIBUTES * attrs) +{ + int attrsize = 4; /* flags(4) */ + + if (!attrs) { + return attrsize; + } + + if (attrs->flags & LIBSSH2_SFTP_ATTR_SIZE) + attrsize += 8; + if (attrs->flags & LIBSSH2_SFTP_ATTR_UIDGID) + attrsize += 8; + if (attrs->flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) + attrsize += 4; + if (attrs->flags & LIBSSH2_SFTP_ATTR_ACMODTIME) + attrsize += 8; /* atime + mtime as u32 */ + + return attrsize; +} + +/* }}} */ + +/* {{{ libssh2_sftp_attr2bin + * Populate attributes into an SFTP block + */ +static int +libssh2_sftp_attr2bin(unsigned char *p, const LIBSSH2_SFTP_ATTRIBUTES * attrs) +{ + unsigned char *s = p; + unsigned long flag_mask = + LIBSSH2_SFTP_ATTR_SIZE | LIBSSH2_SFTP_ATTR_UIDGID | + LIBSSH2_SFTP_ATTR_PERMISSIONS | LIBSSH2_SFTP_ATTR_ACMODTIME; + + /* TODO: When we add SFTP4+ functionality flag_mask can get additional bits */ + + if (!attrs) { + libssh2_htonu32(s, 0); + return 4; + } + + libssh2_htonu32(s, attrs->flags & flag_mask); + s += 4; + + if (attrs->flags & LIBSSH2_SFTP_ATTR_SIZE) { + libssh2_htonu64(s, attrs->filesize); + s += 8; + } + + if (attrs->flags & LIBSSH2_SFTP_ATTR_UIDGID) { + libssh2_htonu32(s, attrs->uid); + s += 4; + libssh2_htonu32(s, attrs->gid); + s += 4; + } + + if (attrs->flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) { + libssh2_htonu32(s, attrs->permissions); + s += 4; + } + + if (attrs->flags & LIBSSH2_SFTP_ATTR_ACMODTIME) { + libssh2_htonu32(s, attrs->atime); + s += 4; + libssh2_htonu32(s, attrs->mtime); + s += 4; + } + + return (s - p); +} + +/* }}} */ + +/* {{{ libssh2_sftp_bin2attr + */ +static int +libssh2_sftp_bin2attr(LIBSSH2_SFTP_ATTRIBUTES * attrs, const unsigned char *p) +{ + const unsigned char *s = p; + + memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); + attrs->flags = libssh2_ntohu32(s); + s += 4; + + if (attrs->flags & LIBSSH2_SFTP_ATTR_SIZE) { + attrs->filesize = libssh2_ntohu64(s); + s += 8; + } + + if (attrs->flags & LIBSSH2_SFTP_ATTR_UIDGID) { + attrs->uid = libssh2_ntohu32(s); + s += 4; + attrs->gid = libssh2_ntohu32(s); + s += 4; + } + + if (attrs->flags & LIBSSH2_SFTP_ATTR_PERMISSIONS) { + attrs->permissions = libssh2_ntohu32(s); + s += 4; + } + + if (attrs->flags & LIBSSH2_SFTP_ATTR_ACMODTIME) { + attrs->atime = libssh2_ntohu32(s); + s += 4; + attrs->mtime = libssh2_ntohu32(s); + s += 4; + } + + return (s - p); +} + +/* }}} */ + +/* ************ + * SFTP API * + ************ */ + +LIBSSH2_CHANNEL_CLOSE_FUNC(libssh2_sftp_dtor); + +/* {{{ libssh2_sftp_dtor + * Shutdown an SFTP stream when the channel closes + */ +LIBSSH2_CHANNEL_CLOSE_FUNC(libssh2_sftp_dtor) +{ + LIBSSH2_SFTP *sftp = (LIBSSH2_SFTP *) (*channel_abstract); + + (void) session_abstract; + (void) channel; + + /* Loop through handles closing them */ + while (sftp->handles) { + libssh2_sftp_close_handle(sftp->handles); + } + + /* Free the partial packet storage for libssh2_sftp_packet_read */ + if (sftp->partial_packet) { + LIBSSH2_FREE(session, sftp->partial_packet); + } + + /* Free the packet storage for _libssh2_sftp_packet_readdir */ + if (sftp->readdir_packet) { + LIBSSH2_FREE(session, sftp->readdir_packet); + } + + LIBSSH2_FREE(session, sftp); +} + +/* }}} */ + +/* {{{ libssh2_sftp_init + * Startup an SFTP session + * + * NOTE: Will block in a busy loop on error. This has to be done, + * otherwise the blocking error code would erase the true + * cause of the error. + */ +LIBSSH2_API LIBSSH2_SFTP * +libssh2_sftp_init(LIBSSH2_SESSION * session) +{ + unsigned char *data, *s; + unsigned long data_len; + int rc; + + if (session->sftpInit_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Initializing SFTP subsystem"); + + session->sftpInit_sftp = NULL; + + session->sftpInit_state = libssh2_NB_state_created; + } + + if (session->sftpInit_state == libssh2_NB_state_created) { + session->sftpInit_channel = + libssh2_channel_open_ex(session, "session", sizeof("session") - 1, + LIBSSH2_CHANNEL_WINDOW_DEFAULT, + LIBSSH2_CHANNEL_PACKET_DEFAULT, NULL, 0); + if (!session->sftpInit_channel) { + if (libssh2_session_last_errno(session) == LIBSSH2_ERROR_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block starting up channel", 0); + return NULL; + } else if (libssh2_session_last_errno(session) != + LIBSSH2_ERROR_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, + "Unable to startup channel", 0); + session->sftpInit_state = libssh2_NB_state_idle; + return NULL; + } + } + + session->sftpInit_state = libssh2_NB_state_sent; + } + + if (session->sftpInit_state == libssh2_NB_state_sent) { + rc = libssh2_channel_process_startup(session->sftpInit_channel, + "subsystem", + sizeof("subsystem") - 1, "sftp", + strlen("sftp")); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block to request SFTP subsystem", 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_CHANNEL_FAILURE, + "Unable to request SFTP subsystem", 0); + goto sftp_init_error; + } + + session->sftpInit_state = libssh2_NB_state_sent1; + } + + if (session->sftpInit_state == libssh2_NB_state_sent1) { + rc = libssh2_channel_handle_extended_data2(session->sftpInit_channel, + LIBSSH2_CHANNEL_EXTENDED_DATA_IGNORE); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block requesting handle extended data", 0); + return NULL; + } + + session->sftpInit_sftp = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_SFTP)); + if (!session->sftpInit_sftp) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate a new SFTP structure", 0); + goto sftp_init_error; + } + memset(session->sftpInit_sftp, 0, sizeof(LIBSSH2_SFTP)); + session->sftpInit_sftp->channel = session->sftpInit_channel; + session->sftpInit_sftp->request_id = 0; + + libssh2_htonu32(session->sftpInit_buffer, 5); + session->sftpInit_buffer[4] = SSH_FXP_INIT; + libssh2_htonu32(session->sftpInit_buffer + 5, LIBSSH2_SFTP_VERSION); + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Sending FXP_INIT packet advertising version %d support", + (int) LIBSSH2_SFTP_VERSION); + + session->sftpInit_state = libssh2_NB_state_sent2; + } + + if (session->sftpInit_state == libssh2_NB_state_sent2) { + rc = libssh2_channel_write_ex(session->sftpInit_channel, 0, + (char *) session->sftpInit_buffer, 9); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending SSH_FXP_INIT", 0); + return NULL; + } else if (9 != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send SSH_FXP_INIT", 0); + goto sftp_init_error; + } + + session->sftpInit_state = libssh2_NB_state_sent3; + } + + /* For initiallization we are requiring blocking, probably reasonable */ + rc = libssh2_sftp_packet_require(session->sftpInit_sftp, SSH_FXP_VERSION, + 0, &data, &data_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for response from SFTP subsystem", + 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for response from SFTP subsystem", 0); + goto sftp_init_error; + } + if (data_len < 5) { + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "Invalid SSH_FXP_VERSION response", 0); + goto sftp_init_error; + } + + s = data + 1; + session->sftpInit_sftp->version = libssh2_ntohu32(s); + s += 4; + if (session->sftpInit_sftp->version > LIBSSH2_SFTP_VERSION) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Truncating remote SFTP version from %lu", + session->sftpInit_sftp->version); + session->sftpInit_sftp->version = LIBSSH2_SFTP_VERSION; + } + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Enabling SFTP version %lu compatability", + session->sftpInit_sftp->version); + while (s < (data + data_len)) { + unsigned char *extension_name, *extension_data; + unsigned long extname_len, extdata_len; + + extname_len = libssh2_ntohu32(s); + s += 4; + extension_name = s; + s += extname_len; + + extdata_len = libssh2_ntohu32(s); + s += 4; + extension_data = s; + s += extdata_len; + + /* TODO: Actually process extensions */ + } + LIBSSH2_FREE(session, data); + + /* Make sure that when the channel gets closed, the SFTP service is shut down too */ + session->sftpInit_sftp->channel->abstract = session->sftpInit_sftp; + session->sftpInit_sftp->channel->close_cb = libssh2_sftp_dtor; + + session->sftpInit_state = libssh2_NB_state_idle; + return session->sftpInit_sftp; + + sftp_init_error: + while (libssh2_channel_free(session->sftpInit_channel) == PACKET_EAGAIN); + session->sftpInit_channel = NULL; + if (session->sftpInit_sftp) { + LIBSSH2_FREE(session, session->sftpInit_sftp); + session->sftpInit_sftp = NULL; + } + session->sftpInit_state = libssh2_NB_state_idle; + return NULL; +} + +/* }}} */ + +/* {{{ libssh2_sftp_shutdown + * Shutsdown the SFTP subsystem + */ +LIBSSH2_API int +libssh2_sftp_shutdown(LIBSSH2_SFTP * sftp) +{ + /* + * Make sure all memory used in the state variables are free + */ + if (sftp->partial_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->partial_packet); + sftp->partial_packet = NULL; + } + if (sftp->open_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->open_packet); + sftp->open_packet = NULL; + } + if (sftp->read_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->read_packet); + sftp->read_packet = NULL; + } + if (sftp->readdir_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->readdir_packet); + sftp->readdir_packet = NULL; + } + if (sftp->write_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->write_packet); + sftp->write_packet = NULL; + } + if (sftp->fstat_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->fstat_packet); + sftp->fstat_packet = NULL; + } + if (sftp->unlink_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->unlink_packet); + sftp->unlink_packet = NULL; + } + if (sftp->rename_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->rename_packet); + sftp->rename_packet = NULL; + } + if (sftp->mkdir_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->mkdir_packet); + sftp->mkdir_packet = NULL; + } + if (sftp->rmdir_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->rmdir_packet); + sftp->rmdir_packet = NULL; + } + if (sftp->stat_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->stat_packet); + sftp->stat_packet = NULL; + } + if (sftp->symlink_packet) { + LIBSSH2_FREE(sftp->channel->session, sftp->symlink_packet); + sftp->symlink_packet = NULL; + } + + return libssh2_channel_free(sftp->channel); +} + +/* }}} */ + +/* ******************************* + * SFTP File and Directory Ops * + ******************************* */ + +/* {{{ libssh2_sftp_open_ex + */ +LIBSSH2_API LIBSSH2_SFTP_HANDLE * +libssh2_sftp_open_ex(LIBSSH2_SFTP * sftp, const char *filename, + unsigned int filename_len, unsigned long flags, long mode, + int open_type) +{ + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + LIBSSH2_SFTP_HANDLE *fp; + LIBSSH2_SFTP_ATTRIBUTES attrs = { + LIBSSH2_SFTP_ATTR_PERMISSIONS, 0, 0, 0, 0, 0, 0 + }; + unsigned long data_len; + unsigned char *data, *s; + static const unsigned char fopen_responses[2] = + { SSH_FXP_HANDLE, SSH_FXP_STATUS }; + int rc; + + if (sftp->open_state == libssh2_NB_state_idle) { + /* packet_len(4) + packet_type(1) + request_id(4) + filename_len(4) + flags(4) */ + sftp->open_packet_len = filename_len + 13 + + ((open_type == + LIBSSH2_SFTP_OPENFILE) ? (4 + + libssh2_sftp_attrsize(&attrs)) : 0); + + s = sftp->open_packet = LIBSSH2_ALLOC(session, sftp->open_packet_len); + if (!sftp->open_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_OPEN or FXP_OPENDIR packet", + 0); + return NULL; + } + /* Filetype in SFTP 3 and earlier */ + attrs.permissions = mode | + ((open_type == + LIBSSH2_SFTP_OPENFILE) ? LIBSSH2_SFTP_ATTR_PFILETYPE_FILE : + LIBSSH2_SFTP_ATTR_PFILETYPE_DIR); + + libssh2_htonu32(s, sftp->open_packet_len - 4); + s += 4; + *(s++) = + (open_type == + LIBSSH2_SFTP_OPENFILE) ? SSH_FXP_OPEN : SSH_FXP_OPENDIR; + sftp->open_request_id = sftp->request_id++; + libssh2_htonu32(s, sftp->open_request_id); + s += 4; + libssh2_htonu32(s, filename_len); + s += 4; + memcpy(s, filename, filename_len); + s += filename_len; + if (open_type == LIBSSH2_SFTP_OPENFILE) { + libssh2_htonu32(s, flags); + s += 4; + s += libssh2_sftp_attr2bin(s, &attrs); + } + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Sending %s open request", + (open_type == + LIBSSH2_SFTP_OPENFILE) ? "file" : "directory"); + + sftp->open_state = libssh2_NB_state_created; + } + + if (sftp->open_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) sftp->open_packet, + sftp->open_packet_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block sending FXP_OPEN or FXP_OPENDIR command", + 0); + return NULL; + } else if (sftp->open_packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_OPEN or FXP_OPENDIR command", 0); + LIBSSH2_FREE(session, sftp->open_packet); + sftp->open_packet = NULL; + sftp->open_state = libssh2_NB_state_idle; + return NULL; + } + LIBSSH2_FREE(session, sftp->open_packet); + sftp->open_packet = NULL; + + sftp->open_state = libssh2_NB_state_sent; + } + + if (sftp->open_state == libssh2_NB_state_sent) { + rc = libssh2_sftp_packet_requirev(sftp, 2, fopen_responses, + sftp->open_request_id, &data, + &data_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block waiting for status message", 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->open_state = libssh2_NB_state_idle; + return NULL; + } + } + + sftp->open_state = libssh2_NB_state_idle; + + if (data[0] == SSH_FXP_STATUS) { + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "Failed opening remote file", 0); + sftp->last_errno = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + return NULL; + } + + fp = LIBSSH2_ALLOC(session, sizeof(LIBSSH2_SFTP_HANDLE)); + if (!fp) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate new SFTP handle structure", 0); + LIBSSH2_FREE(session, data); + return NULL; + } + memset(fp, 0, sizeof(LIBSSH2_SFTP_HANDLE)); + fp->handle_type = + (open_type == + LIBSSH2_SFTP_OPENFILE) ? LIBSSH2_SFTP_HANDLE_FILE : + LIBSSH2_SFTP_HANDLE_DIR; + + fp->handle_len = libssh2_ntohu32(data + 5); + if (fp->handle_len > 256) { + /* SFTP doesn't allow handles longer than 256 characters */ + fp->handle_len = 256; + } + fp->handle = LIBSSH2_ALLOC(session, fp->handle_len); + if (!fp->handle) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate space for SFTP file/dir handle", 0); + LIBSSH2_FREE(session, data); + LIBSSH2_FREE(session, fp); + return NULL; + } + memcpy(fp->handle, data + 9, fp->handle_len); + LIBSSH2_FREE(session, data); + + /* Link the file and the sftp session together */ + fp->next = sftp->handles; + if (fp->next) { + fp->next->prev = fp; + } + fp->sftp = sftp; + + fp->u.file.offset = 0; + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Open command successful"); + return fp; +} + +/* }}} */ + +/* {{{ libssh2_sftp_read + * Read from an SFTP file handle + */ +LIBSSH2_API ssize_t +libssh2_sftp_read(LIBSSH2_SFTP_HANDLE * handle, char *buffer, + size_t buffer_maxlen) +{ + LIBSSH2_SFTP *sftp = handle->sftp; + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len, request_id; + /* 25 = packet_len(4) + packet_type(1) + request_id(4) + handle_len(4) + offset(8) + length(4) */ + ssize_t packet_len = handle->handle_len + 25; + unsigned char *packet, *s, *data; + static const unsigned char read_responses[2] = + { SSH_FXP_DATA, SSH_FXP_STATUS }; + size_t bytes_read = 0; + size_t bytes_requested = 0; + size_t total_read = 0; + int retcode; + + if (sftp->read_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Reading %lu bytes from SFTP handle", + (unsigned long) buffer_maxlen); + packet = LIBSSH2_ALLOC(session, packet_len); + if (!packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_CLOSE packet", 0); + return -1; + } + sftp->read_state = libssh2_NB_state_allocated; + } else { + packet = sftp->read_packet; + request_id = sftp->read_request_id; + total_read = sftp->read_total_read; + } + + while (total_read < buffer_maxlen) { + s = packet; + /* + * If buffer_maxlen bytes will be requested, server may return all + * with one packet. But libssh2 have packet length limit. + * So we request data by pieces. + */ + bytes_requested = buffer_maxlen - total_read; + /* 10 = packet_type(1)+request_id(4)+data_length(4)+end_of_line_flag(1) */ + if (bytes_requested > LIBSSH2_SFTP_PACKET_MAXLEN - 10) { + bytes_requested = LIBSSH2_SFTP_PACKET_MAXLEN - 10; + } +#ifdef LIBSSH2_DEBUG_SFTP + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Requesting %lu bytes from SFTP handle", + (unsigned long) bytes_requested); +#endif + + if (sftp->read_state == libssh2_NB_state_allocated) { + libssh2_htonu32(s, packet_len - 4); + s += 4; + *(s++) = SSH_FXP_READ; + request_id = sftp->request_id++; + libssh2_htonu32(s, request_id); + s += 4; + libssh2_htonu32(s, handle->handle_len); + s += 4; + + memcpy(s, handle->handle, handle->handle_len); + s += handle->handle_len; + + libssh2_htonu64(s, handle->u.file.offset); + s += 8; + + libssh2_htonu32(s, buffer_maxlen); + s += 4; + + sftp->read_state = libssh2_NB_state_created; + } + + if (sftp->read_state == libssh2_NB_state_created) { + retcode = + libssh2_channel_write_ex(channel, 0, (char *) packet, + packet_len); + if (retcode == PACKET_EAGAIN) { + sftp->read_packet = packet; + sftp->read_request_id = request_id; + sftp->read_total_read = total_read; + return PACKET_EAGAIN; + } else if (packet_len != retcode) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_READ command", 0); + LIBSSH2_FREE(session, packet); + sftp->read_packet = NULL; + sftp->read_state = libssh2_NB_state_idle; + return -1; + } + sftp->read_packet = packet; + sftp->read_request_id = request_id; + sftp->read_total_read = total_read; + sftp->read_state = libssh2_NB_state_sent; + } + + if (sftp->read_state == libssh2_NB_state_sent) { + retcode = + libssh2_sftp_packet_requirev(sftp, 2, read_responses, + request_id, &data, &data_len); + if (retcode == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (retcode) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + LIBSSH2_FREE(session, packet); + sftp->read_packet = NULL; + sftp->read_state = libssh2_NB_state_idle; + return -1; + } + + sftp->read_state = libssh2_NB_state_sent1; + } + + switch (data[0]) { + case SSH_FXP_STATUS: + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, packet); + LIBSSH2_FREE(session, data); + sftp->read_packet = NULL; + sftp->read_state = libssh2_NB_state_idle; + + if (retcode == LIBSSH2_FX_EOF) { + return total_read; + } else { + sftp->last_errno = retcode; + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + return -1; + } + + case SSH_FXP_DATA: + bytes_read = libssh2_ntohu32(data + 5); + if (bytes_read > (data_len - 9)) { + LIBSSH2_FREE(session, packet); + sftp->read_packet = NULL; + sftp->read_state = libssh2_NB_state_idle; + return -1; + } +#ifdef LIBSSH2_DEBUG_SFTP + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "%lu bytes returned", + (unsigned long) bytes_read); +#endif + memcpy(buffer + total_read, data + 9, bytes_read); + handle->u.file.offset += bytes_read; + total_read += bytes_read; + LIBSSH2_FREE(session, data); + /* + * Set the state back to allocated, so a new one will be + * created to either request more data or get EOF + */ + sftp->read_state = libssh2_NB_state_allocated; + } + } + + LIBSSH2_FREE(session, packet); + sftp->read_packet = NULL; + sftp->read_state = libssh2_NB_state_idle; + return total_read; +} + +/* }}} */ + +/* {{{ libssh2_sftp_readdir + * Read from an SFTP directory handle + */ +LIBSSH2_API int +libssh2_sftp_readdir_ex(LIBSSH2_SFTP_HANDLE * handle, char *buffer, + size_t buffer_maxlen, char *longentry, + size_t longentry_maxlen, + LIBSSH2_SFTP_ATTRIBUTES * attrs) +{ + LIBSSH2_SFTP *sftp = handle->sftp; + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + LIBSSH2_SFTP_ATTRIBUTES attrs_dummy; + unsigned long data_len, filename_len, longentry_len, num_names; + /* 13 = packet_len(4) + packet_type(1) + request_id(4) + handle_len(4) */ + ssize_t packet_len = handle->handle_len + 13; + unsigned char *s, *data; + unsigned char read_responses[2] = { SSH_FXP_NAME, SSH_FXP_STATUS }; + int retcode; + + if (sftp->readdir_state == libssh2_NB_state_idle) { + if (handle->u.dir.names_left) { + /* + * A prior request returned more than one directory entry, + * feed it back from the buffer + */ + unsigned char *s = (unsigned char *) handle->u.dir.next_name; + unsigned long real_filename_len = libssh2_ntohu32(s); + + filename_len = real_filename_len; + s += 4; + if (filename_len > buffer_maxlen) { + filename_len = buffer_maxlen; + } + memcpy(buffer, s, filename_len); + s += real_filename_len; + + /* The filename is not null terminated, make it so if possible */ + if (filename_len < buffer_maxlen) { + buffer[filename_len] = '\0'; + } + + if ((longentry == NULL) || (longentry_maxlen == 0)) { + /* Skip longname */ + s += 4 + libssh2_ntohu32(s); + } else { + unsigned long real_longentry_len = libssh2_ntohu32(s); + + longentry_len = real_longentry_len; + s += 4; + if (longentry_len > longentry_maxlen) { + longentry_len = longentry_maxlen; + } + memcpy(longentry, s, longentry_len); + s += real_longentry_len; + + /* The longentry is not null terminated, make it so if possible */ + if (longentry_len < longentry_maxlen) { + longentry[longentry_len] = '\0'; + } + } + + if (attrs) { + memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); + } + s += libssh2_sftp_bin2attr(attrs ? attrs : &attrs_dummy, s); + + handle->u.dir.next_name = (char *) s; + if ((--handle->u.dir.names_left) == 0) { + LIBSSH2_FREE(session, handle->u.dir.names_packet); + } + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "libssh2_sftp_readdir_ex() return %d", + filename_len); + return filename_len; + } + + /* Request another entry(entries?) */ + + s = sftp->readdir_packet = LIBSSH2_ALLOC(session, packet_len); + if (!sftp->readdir_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_READDIR packet", + 0); + return -1; + } + + libssh2_htonu32(s, packet_len - 4); + s += 4; + *(s++) = SSH_FXP_READDIR; + sftp->readdir_request_id = sftp->request_id++; + libssh2_htonu32(s, sftp->readdir_request_id); + s += 4; + libssh2_htonu32(s, handle->handle_len); + s += 4; + memcpy(s, handle->handle, handle->handle_len); + s += handle->handle_len; + + sftp->readdir_state = libssh2_NB_state_created; + } + + if (sftp->readdir_state == libssh2_NB_state_created) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Reading entries from directory handle"); + if ((retcode = + libssh2_channel_write_ex(channel, 0, + (char *) sftp->readdir_packet, + packet_len)) == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (packet_len != retcode) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_READ command", 0); + LIBSSH2_FREE(session, sftp->readdir_packet); + sftp->readdir_packet = NULL; + sftp->readdir_state = libssh2_NB_state_idle; + return -1; + } + + LIBSSH2_FREE(session, sftp->readdir_packet); + sftp->readdir_packet = NULL; + + sftp->readdir_state = libssh2_NB_state_sent; + } + + retcode = + libssh2_sftp_packet_requirev(sftp, 2, read_responses, + sftp->readdir_request_id, &data, + &data_len); + if (retcode == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (retcode) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->readdir_state = libssh2_NB_state_idle; + return -1; + } + + if (data[0] == SSH_FXP_STATUS) { + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + if (retcode == LIBSSH2_FX_EOF) { + sftp->readdir_state = libssh2_NB_state_idle; + return 0; + } else { + sftp->last_errno = retcode; + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + sftp->readdir_state = libssh2_NB_state_idle; + return -1; + } + } + + num_names = libssh2_ntohu32(data + 5); + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "%lu entries returned", + num_names); + if (num_names <= 0) { + LIBSSH2_FREE(session, data); + sftp->readdir_state = libssh2_NB_state_idle; + return (num_names == 0) ? 0 : -1; + } + + if (num_names == 1) { + unsigned long real_filename_len = libssh2_ntohu32(data + 9); + + filename_len = real_filename_len; + if (filename_len > buffer_maxlen) { + filename_len = buffer_maxlen; + } + memcpy(buffer, data + 13, filename_len); + + /* The filename is not null terminated, make it so if possible */ + if (filename_len < buffer_maxlen) { + buffer[filename_len] = '\0'; + } + + if (attrs) { + memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); + libssh2_sftp_bin2attr(attrs, data + 13 + real_filename_len + + (4 + + libssh2_ntohu32(data + 13 + + real_filename_len))); + } + LIBSSH2_FREE(session, data); + + sftp->readdir_state = libssh2_NB_state_idle; + return filename_len; + } + + handle->u.dir.names_left = num_names; + handle->u.dir.names_packet = data; + handle->u.dir.next_name = (char *) data + 9; + + sftp->readdir_state = libssh2_NB_state_idle; + + /* Be lazy, just use the name popping mechanism from the start of the function */ + return libssh2_sftp_readdir_ex(handle, buffer, buffer_maxlen, longentry, + longentry_maxlen, attrs); +} + +/* }}} */ + +/* {{{ libssh2_sftp_write + * Write data to a file handle + */ +LIBSSH2_API ssize_t +libssh2_sftp_write(LIBSSH2_SFTP_HANDLE * handle, const char *buffer, + size_t count) +{ + LIBSSH2_SFTP *sftp = handle->sftp; + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len, retcode; + /* 25 = packet_len(4) + packet_type(1) + request_id(4) + handle_len(4) + offset(8) + count(4) */ + ssize_t packet_len = handle->handle_len + count + 25; + unsigned char *s, *data; + int rc; + + if (sftp->write_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Writing %lu bytes", + (unsigned long) count); + s = sftp->write_packet = LIBSSH2_ALLOC(session, packet_len); + if (!sftp->write_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_WRITE packet", 0); + return -1; + } + + libssh2_htonu32(s, packet_len - 4); + s += 4; + *(s++) = SSH_FXP_WRITE; + sftp->write_request_id = sftp->request_id++; + libssh2_htonu32(s, sftp->write_request_id); + s += 4; + libssh2_htonu32(s, handle->handle_len); + s += 4; + memcpy(s, handle->handle, handle->handle_len); + s += handle->handle_len; + libssh2_htonu64(s, handle->u.file.offset); + s += 8; + libssh2_htonu32(s, count); + s += 4; + memcpy(s, buffer, count); + s += count; + + sftp->write_state = libssh2_NB_state_created; + } + + if (sftp->write_state == libssh2_NB_state_created) { + if ((rc = + libssh2_channel_write_ex(channel, 0, (char *) sftp->write_packet, + packet_len)) == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_READ command", 0); + LIBSSH2_FREE(session, sftp->write_packet); + sftp->write_packet = NULL; + sftp->write_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, sftp->write_packet); + sftp->write_packet = NULL; + sftp->write_state = libssh2_NB_state_sent; + } + + rc = libssh2_sftp_packet_require(sftp, SSH_FXP_STATUS, + sftp->write_request_id, &data, &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->write_state = libssh2_NB_state_idle; + return -1; + } + + sftp->write_state = libssh2_NB_state_idle; + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + + if (retcode == LIBSSH2_FX_OK) { + handle->u.file.offset += count; + return count; + } + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, "SFTP Protocol Error", + 0); + sftp->last_errno = retcode; + + return -1; +} + +/* }}} */ + +/* {{{ libssh2_sftp_fstat_ex + * Get or Set stat on a file + */ +LIBSSH2_API int +libssh2_sftp_fstat_ex(LIBSSH2_SFTP_HANDLE * handle, + LIBSSH2_SFTP_ATTRIBUTES * attrs, int setstat) +{ + LIBSSH2_SFTP *sftp = handle->sftp; + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len; + /* 13 = packet_len(4) + packet_type(1) + request_id(4) + handle_len(4) */ + ssize_t packet_len = + handle->handle_len + 13 + (setstat ? libssh2_sftp_attrsize(attrs) : 0); + unsigned char *s, *data; + static const unsigned char fstat_responses[2] = + { SSH_FXP_ATTRS, SSH_FXP_STATUS }; + int rc; + + if (sftp->fstat_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Issuing %s command", + setstat ? "set-stat" : "stat"); + s = sftp->fstat_packet = LIBSSH2_ALLOC(session, packet_len); + if (!sftp->fstat_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FSTAT/FSETSTAT packet", + 0); + return -1; + } + + libssh2_htonu32(s, packet_len - 4); + s += 4; + *(s++) = setstat ? SSH_FXP_FSETSTAT : SSH_FXP_FSTAT; + sftp->fstat_request_id = sftp->request_id++; + libssh2_htonu32(s, sftp->fstat_request_id); + s += 4; + libssh2_htonu32(s, handle->handle_len); + s += 4; + memcpy(s, handle->handle, handle->handle_len); + s += handle->handle_len; + if (setstat) { + s += libssh2_sftp_attr2bin(s, attrs); + } + + sftp->fstat_state = libssh2_NB_state_created; + } + + if (sftp->fstat_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) sftp->fstat_packet, + packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + setstat ? (char *) "Unable to send FXP_FSETSTAT" + : (char *) "Unable to send FXP_FSTAT command", 0); + LIBSSH2_FREE(session, sftp->fstat_packet); + sftp->fstat_packet = NULL; + sftp->fstat_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, sftp->fstat_packet); + sftp->fstat_packet = NULL; + + sftp->fstat_state = libssh2_NB_state_sent; + } + + rc = libssh2_sftp_packet_requirev(sftp, 2, fstat_responses, + sftp->fstat_request_id, &data, + &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->fstat_state = libssh2_NB_state_idle; + return -1; + } + + sftp->fstat_state = libssh2_NB_state_idle; + + if (data[0] == SSH_FXP_STATUS) { + int retcode; + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + if (retcode == LIBSSH2_FX_OK) { + return 0; + } else { + sftp->last_errno = retcode; + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + return -1; + } + } + + libssh2_sftp_bin2attr(attrs, data + 5); + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_sftp_seek + * Set the read/write pointer to an arbitrary position within the file + */ +LIBSSH2_API void +libssh2_sftp_seek(LIBSSH2_SFTP_HANDLE * handle, size_t offset) +{ + handle->u.file.offset = offset; +} + +/* }}} */ + +/* {{{ libssh2_sftp_tell + * Return the current read/write pointer's offset + */ +LIBSSH2_API size_t +libssh2_sftp_tell(LIBSSH2_SFTP_HANDLE * handle) +{ + return handle->u.file.offset; +} + +/* }}} */ + + +/* {{{ libssh2_sftp_close_handle + * Close a file or directory handle + * Also frees handle resource and unlinks it from the SFTP structure + */ +LIBSSH2_API int +libssh2_sftp_close_handle(LIBSSH2_SFTP_HANDLE * handle) +{ + LIBSSH2_SFTP *sftp = handle->sftp; + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len, retcode; + /* 13 = packet_len(4) + packet_type(1) + request_id(4) + handle_len(4) */ + ssize_t packet_len = handle->handle_len + 13; + unsigned char *s, *data; + int rc; + + if (handle->close_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Closing handle"); + s = handle->close_packet = LIBSSH2_ALLOC(session, packet_len); + if (!handle->close_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_CLOSE packet", 0); + return -1; + } + + libssh2_htonu32(s, packet_len - 4); + s += 4; + *(s++) = SSH_FXP_CLOSE; + handle->close_request_id = sftp->request_id++; + libssh2_htonu32(s, handle->close_request_id); + s += 4; + libssh2_htonu32(s, handle->handle_len); + s += 4; + memcpy(s, handle->handle, handle->handle_len); + s += handle->handle_len; + + handle->close_state = libssh2_NB_state_created; + } + + if (handle->close_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, + (char *) handle->close_packet, + packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_CLOSE command", 0); + LIBSSH2_FREE(session, handle->close_packet); + handle->close_packet = NULL; + handle->close_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, handle->close_packet); + handle->close_packet = NULL; + + handle->close_state = libssh2_NB_state_sent; + } + + if (handle->close_state == libssh2_NB_state_sent) { + rc = libssh2_sftp_packet_require(sftp, SSH_FXP_STATUS, + handle->close_request_id, &data, + &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + handle->close_state = libssh2_NB_state_idle; + return -1; + } + + handle->close_state = libssh2_NB_state_sent1; + } + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + + if (retcode != LIBSSH2_FX_OK) { + sftp->last_errno = retcode; + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + handle->close_state = libssh2_NB_state_idle; + return -1; + } + + if (handle == sftp->handles) { + sftp->handles = handle->next; + } + if (handle->next) { + handle->next->prev = NULL; + } + + if ((handle->handle_type == LIBSSH2_SFTP_HANDLE_DIR) + && handle->u.dir.names_left) { + LIBSSH2_FREE(session, handle->u.dir.names_packet); + } + + handle->close_state = libssh2_NB_state_idle; + + LIBSSH2_FREE(session, handle->handle); + LIBSSH2_FREE(session, handle); + + return 0; +} + +/* }}} */ + +/* ********************** + * SFTP Miscellaneous * + ********************** */ + +/* {{{ libssh2_sftp_unlink_ex + * Delete a file from the remote server + */ +/* libssh2_sftp_unlink_ex - NB-UNSAFE?? */ +LIBSSH2_API int +libssh2_sftp_unlink_ex(LIBSSH2_SFTP * sftp, const char *filename, + unsigned int filename_len) +{ + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len, retcode; + /* 13 = packet_len(4) + packet_type(1) + request_id(4) + filename_len(4) */ + ssize_t packet_len = filename_len + 13; + unsigned char *s, *data; + int rc; + + if (sftp->unlink_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Unlinking %s", filename); + s = sftp->unlink_packet = LIBSSH2_ALLOC(session, packet_len); + if (!sftp->unlink_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_REMOVE packet", + 0); + return -1; + } + + libssh2_htonu32(s, packet_len - 4); + s += 4; + *(s++) = SSH_FXP_REMOVE; + sftp->unlink_request_id = sftp->request_id++; + libssh2_htonu32(s, sftp->unlink_request_id); + s += 4; + libssh2_htonu32(s, filename_len); + s += 4; + memcpy(s, filename, filename_len); + s += filename_len; + + sftp->unlink_state = libssh2_NB_state_created; + } + + if (sftp->unlink_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) sftp->unlink_packet, + packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_REMOVE command", 0); + LIBSSH2_FREE(session, sftp->unlink_packet); + sftp->unlink_packet = NULL; + sftp->unlink_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, sftp->unlink_packet); + sftp->unlink_packet = NULL; + + sftp->unlink_state = libssh2_NB_state_sent; + } + + rc = libssh2_sftp_packet_require(sftp, SSH_FXP_STATUS, + sftp->unlink_request_id, &data, + &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->unlink_state = libssh2_NB_state_idle; + return -1; + } + + sftp->unlink_state = libssh2_NB_state_idle; + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + + if (retcode == LIBSSH2_FX_OK) { + return 0; + } else { + sftp->last_errno = retcode; + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + return -1; + } +} + +/* }}} */ + +/* {{{ libssh2_sftp_rename_ex + * Rename a file on the remote server + */ +LIBSSH2_API int +libssh2_sftp_rename_ex(LIBSSH2_SFTP * sftp, const char *source_filename, + unsigned int source_filename_len, + const char *dest_filename, + unsigned int dest_filename_len, long flags) +{ + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len, retcode; + ssize_t packet_len = + source_filename_len + dest_filename_len + 17 + (sftp->version >= + 5 ? 4 : 0); + /* packet_len(4) + packet_type(1) + request_id(4) + + source_filename_len(4) + dest_filename_len(4) + flags(4){SFTP5+) */ + unsigned char *data; + int rc; + + if (sftp->version < 2) { + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "Server does not support RENAME", 0); + return -1; + } + + if (sftp->rename_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Renaming %s to %s", + source_filename, dest_filename); + sftp->rename_s = sftp->rename_packet = + LIBSSH2_ALLOC(session, packet_len); + if (!sftp->rename_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_RENAME packet", + 0); + return -1; + } + + libssh2_htonu32(sftp->rename_s, packet_len - 4); + sftp->rename_s += 4; + *(sftp->rename_s++) = SSH_FXP_RENAME; + sftp->rename_request_id = sftp->request_id++; + libssh2_htonu32(sftp->rename_s, sftp->rename_request_id); + sftp->rename_s += 4; + libssh2_htonu32(sftp->rename_s, source_filename_len); + sftp->rename_s += 4; + memcpy(sftp->rename_s, source_filename, source_filename_len); + sftp->rename_s += source_filename_len; + libssh2_htonu32(sftp->rename_s, dest_filename_len); + sftp->rename_s += 4; + memcpy(sftp->rename_s, dest_filename, dest_filename_len); + sftp->rename_s += dest_filename_len; + + if (sftp->version >= 5) { + libssh2_htonu32(sftp->rename_s, flags); + sftp->rename_s += 4; + } + + sftp->rename_state = libssh2_NB_state_created; + } + + if (sftp->rename_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) sftp->rename_packet, + sftp->rename_s - sftp->rename_packet); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_RENAME command", 0); + LIBSSH2_FREE(session, sftp->rename_packet); + sftp->rename_packet = NULL; + sftp->rename_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, sftp->rename_packet); + sftp->rename_packet = NULL; + + sftp->rename_state = libssh2_NB_state_sent; + } + + rc = libssh2_sftp_packet_require(sftp, SSH_FXP_STATUS, + sftp->rename_request_id, &data, + &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->rename_state = libssh2_NB_state_idle; + return -1; + } + + sftp->rename_state = libssh2_NB_state_idle; + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + + switch (retcode) { + case LIBSSH2_FX_OK: + retcode = 0; + break; + + case LIBSSH2_FX_FILE_ALREADY_EXISTS: + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "File already exists and SSH_FXP_RENAME_OVERWRITE not specified", + 0); + sftp->last_errno = retcode; + retcode = -1; + break; + + case LIBSSH2_FX_OP_UNSUPPORTED: + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "Operation Not Supported", 0); + sftp->last_errno = retcode; + retcode = -1; + break; + + default: + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + sftp->last_errno = retcode; + retcode = -1; + } + + return retcode; +} + +/* }}} */ + +/* {{{ libssh2_sftp_mkdir_ex + * Create an SFTP directory + */ +LIBSSH2_API int +libssh2_sftp_mkdir_ex(LIBSSH2_SFTP * sftp, const char *path, + unsigned int path_len, long mode) +{ + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + LIBSSH2_SFTP_ATTRIBUTES attrs = { + LIBSSH2_SFTP_ATTR_PERMISSIONS, 0, 0, 0, 0, 0, 0 + }; + unsigned long data_len, retcode, request_id; + /* 13 = packet_len(4) + packet_type(1) + request_id(4) + path_len(4) */ + ssize_t packet_len = path_len + 13 + libssh2_sftp_attrsize(&attrs); + unsigned char *packet, *s, *data; + int rc; + + if (sftp->mkdir_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, + "Creating directory %s with mode 0%lo", path, mode); + s = packet = LIBSSH2_ALLOC(session, packet_len); + if (!packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_MKDIR packet", 0); + return -1; + } + /* Filetype in SFTP 3 and earlier */ + attrs.permissions = mode | LIBSSH2_SFTP_ATTR_PFILETYPE_DIR; + + libssh2_htonu32(s, packet_len - 4); + s += 4; + *(s++) = SSH_FXP_MKDIR; + request_id = sftp->request_id++; + libssh2_htonu32(s, request_id); + s += 4; + libssh2_htonu32(s, path_len); + s += 4; + memcpy(s, path, path_len); + s += path_len; + s += libssh2_sftp_attr2bin(s, &attrs); + + sftp->mkdir_state = libssh2_NB_state_created; + } else { + packet = sftp->mkdir_packet; + request_id = sftp->mkdir_request_id; + } + + if (sftp->mkdir_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) packet, packet_len); + if (rc == PACKET_EAGAIN) { + sftp->mkdir_packet = packet; + sftp->mkdir_request_id = request_id; + return PACKET_EAGAIN; + } + if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_READ command", 0); + LIBSSH2_FREE(session, packet); + sftp->mkdir_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, packet); + sftp->mkdir_state = libssh2_NB_state_sent; + sftp->mkdir_packet = NULL; + } + + rc = libssh2_sftp_packet_require(sftp, SSH_FXP_STATUS, request_id, &data, + &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->mkdir_state = libssh2_NB_state_idle; + return -1; + } + + sftp->mkdir_state = libssh2_NB_state_idle; + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + + if (retcode == LIBSSH2_FX_OK) { + return 0; + } else { + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + sftp->last_errno = retcode; + return -1; + } +} + +/* }}} */ + +/* {{{ libssh2_sftp_rmdir_ex + * Remove a directory + */ +/* libssh2_sftp_rmdir_ex - NB-UNSAFE?? */ +LIBSSH2_API int +libssh2_sftp_rmdir_ex(LIBSSH2_SFTP * sftp, const char *path, + unsigned int path_len) +{ + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len, retcode; + /* 13 = packet_len(4) + packet_type(1) + request_id(4) + path_len(4) */ + ssize_t packet_len = path_len + 13; + unsigned char *s, *data; + int rc; + + if (sftp->rmdir_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "Removing directory: %s", + path); + s = sftp->rmdir_packet = LIBSSH2_ALLOC(session, packet_len); + if (!sftp->rmdir_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_MKDIR packet", 0); + return -1; + } + + libssh2_htonu32(s, packet_len - 4); + s += 4; + *(s++) = SSH_FXP_RMDIR; + sftp->rmdir_request_id = sftp->request_id++; + libssh2_htonu32(s, sftp->rmdir_request_id); + s += 4; + libssh2_htonu32(s, path_len); + s += 4; + memcpy(s, path, path_len); + s += path_len; + + sftp->rmdir_state = libssh2_NB_state_created; + } + + if (sftp->rmdir_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) sftp->rmdir_packet, + packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send FXP_MKDIR command", 0); + LIBSSH2_FREE(session, sftp->rmdir_packet); + sftp->rmdir_packet = NULL; + sftp->rmdir_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, sftp->rmdir_packet); + sftp->rmdir_packet = NULL; + + sftp->rmdir_state = libssh2_NB_state_sent; + } + + rc = libssh2_sftp_packet_require(sftp, SSH_FXP_STATUS, + sftp->rmdir_request_id, &data, &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->rmdir_state = libssh2_NB_state_idle; + return -1; + } + + sftp->rmdir_state = libssh2_NB_state_idle; + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + + if (retcode == LIBSSH2_FX_OK) { + return 0; + } else { + sftp->last_errno = retcode; + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + return -1; + } +} + +/* }}} */ + +/* {{{ libssh2_sftp_stat_ex + * Stat a file or symbolic link + */ +/* libssh2_sftp_stat_ex - NB-UNSAFE?? */ +LIBSSH2_API int +libssh2_sftp_stat_ex(LIBSSH2_SFTP * sftp, const char *path, + unsigned int path_len, int stat_type, + LIBSSH2_SFTP_ATTRIBUTES * attrs) +{ + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len; + /* 13 = packet_len(4) + packet_type(1) + request_id(4) + path_len(4) */ + ssize_t packet_len = + path_len + 13 + + ((stat_type == + LIBSSH2_SFTP_SETSTAT) ? libssh2_sftp_attrsize(attrs) : 0); + unsigned char *s, *data; + static const unsigned char stat_responses[2] = + { SSH_FXP_ATTRS, SSH_FXP_STATUS }; + int rc; + + if (sftp->stat_state == libssh2_NB_state_idle) { + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "%s %s", + (stat_type == LIBSSH2_SFTP_SETSTAT) ? "Set-statting" : + (stat_type == + LIBSSH2_SFTP_LSTAT ? "LStatting" : "Statting"), path); + s = sftp->stat_packet = LIBSSH2_ALLOC(session, packet_len); + if (!sftp->stat_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for FXP_MKDIR packet", 0); + return -1; + } + + libssh2_htonu32(s, packet_len - 4); + s += 4; + switch (stat_type) { + case LIBSSH2_SFTP_SETSTAT: + *(s++) = SSH_FXP_SETSTAT; + break; + + case LIBSSH2_SFTP_LSTAT: + *(s++) = SSH_FXP_LSTAT; + break; + + case LIBSSH2_SFTP_STAT: + default: + *(s++) = SSH_FXP_STAT; + } + sftp->stat_request_id = sftp->request_id++; + libssh2_htonu32(s, sftp->stat_request_id); + s += 4; + libssh2_htonu32(s, path_len); + s += 4; + memcpy(s, path, path_len); + s += path_len; + if (stat_type == LIBSSH2_SFTP_SETSTAT) { + s += libssh2_sftp_attr2bin(s, attrs); + } + + sftp->stat_state = libssh2_NB_state_created; + } + + if (sftp->stat_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, (char *) sftp->stat_packet, + packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send STAT/LSTAT/SETSTAT command", 0); + LIBSSH2_FREE(session, sftp->stat_packet); + sftp->stat_packet = NULL; + sftp->stat_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, sftp->stat_packet); + sftp->stat_packet = NULL; + + sftp->stat_state = libssh2_NB_state_sent; + } + + rc = libssh2_sftp_packet_requirev(sftp, 2, stat_responses, + sftp->stat_request_id, &data, &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->stat_state = libssh2_NB_state_idle; + return -1; + } + + sftp->stat_state = libssh2_NB_state_idle; + + if (data[0] == SSH_FXP_STATUS) { + int retcode; + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + if (retcode == LIBSSH2_FX_OK) { + return 0; + } else { + sftp->last_errno = retcode; + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + return -1; + } + } + + memset(attrs, 0, sizeof(LIBSSH2_SFTP_ATTRIBUTES)); + libssh2_sftp_bin2attr(attrs, data + 5); + LIBSSH2_FREE(session, data); + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_sftp_symlink_ex + * Read or set a symlink + */ +LIBSSH2_API int +libssh2_sftp_symlink_ex(LIBSSH2_SFTP * sftp, const char *path, + unsigned int path_len, char *target, + unsigned int target_len, int link_type) +{ + LIBSSH2_CHANNEL *channel = sftp->channel; + LIBSSH2_SESSION *session = channel->session; + unsigned long data_len, link_len; + /* 13 = packet_len(4) + packet_type(1) + request_id(4) + path_len(4) */ + ssize_t packet_len = + path_len + 13 + + ((link_type == LIBSSH2_SFTP_SYMLINK) ? (4 + target_len) : 0); + unsigned char *s, *data; + static const unsigned char link_responses[2] = + { SSH_FXP_NAME, SSH_FXP_STATUS }; + int rc; + + if ((sftp->version < 3) && (link_type != LIBSSH2_SFTP_REALPATH)) { + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "Server does not support SYMLINK or READLINK", 0); + return -1; + } + + if (sftp->symlink_state == libssh2_NB_state_idle) { + s = sftp->symlink_packet = LIBSSH2_ALLOC(session, packet_len); + if (!sftp->symlink_packet) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for SYMLINK/READLINK/REALPATH packet", + 0); + return -1; + } + + _libssh2_debug(session, LIBSSH2_DBG_SFTP, "%s %s on %s", + (link_type == + LIBSSH2_SFTP_SYMLINK) ? "Creating" : "Reading", + (link_type == + LIBSSH2_SFTP_REALPATH) ? "realpath" : "symlink", path); + + libssh2_htonu32(s, packet_len - 4); + s += 4; + switch (link_type) { + case LIBSSH2_SFTP_REALPATH: + *(s++) = SSH_FXP_REALPATH; + break; + + case LIBSSH2_SFTP_SYMLINK: + *(s++) = SSH_FXP_SYMLINK; + break; + + case LIBSSH2_SFTP_READLINK: + default: + *(s++) = SSH_FXP_READLINK; + } + sftp->symlink_request_id = sftp->request_id++; + libssh2_htonu32(s, sftp->symlink_request_id); + s += 4; + libssh2_htonu32(s, path_len); + s += 4; + memcpy(s, path, path_len); + s += path_len; + if (link_type == LIBSSH2_SFTP_SYMLINK) { + libssh2_htonu32(s, target_len); + s += 4; + memcpy(s, target, target_len); + s += target_len; + } + + sftp->symlink_state = libssh2_NB_state_created; + } + + if (sftp->symlink_state == libssh2_NB_state_created) { + rc = libssh2_channel_write_ex(channel, 0, + (char *) sftp->symlink_packet, + packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (packet_len != rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send SYMLINK/READLINK command", 0); + LIBSSH2_FREE(session, sftp->symlink_packet); + sftp->symlink_packet = NULL; + sftp->symlink_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, sftp->symlink_packet); + sftp->symlink_packet = NULL; + + sftp->symlink_state = libssh2_NB_state_sent; + } + + rc = libssh2_sftp_packet_requirev(sftp, 2, link_responses, + sftp->symlink_request_id, &data, + &data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_TIMEOUT, + "Timeout waiting for status message", 0); + sftp->symlink_state = libssh2_NB_state_idle; + return -1; + } + + sftp->symlink_state = libssh2_NB_state_idle; + + if (data[0] == SSH_FXP_STATUS) { + int retcode; + + retcode = libssh2_ntohu32(data + 5); + LIBSSH2_FREE(session, data); + if (retcode == LIBSSH2_FX_OK) { + return 0; + } else { + sftp->last_errno = retcode; + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "SFTP Protocol Error", 0); + return -1; + } + } + + if (libssh2_ntohu32(data + 5) < 1) { + libssh2_error(session, LIBSSH2_ERROR_SFTP_PROTOCOL, + "Invalid READLINK/REALPATH response, no name entries", + 0); + LIBSSH2_FREE(session, data); + return -1; + } + + link_len = libssh2_ntohu32(data + 9); + if (link_len >= target_len) { + link_len = target_len - 1; + } + memcpy(target, data + 13, link_len); + target[link_len] = 0; + LIBSSH2_FREE(session, data); + + return link_len; +} + +/* }}} */ + +/* {{{ libssh2_sftp_last_error + * Returns the last error code reported by SFTP + */ +LIBSSH2_API unsigned long +libssh2_sftp_last_error(LIBSSH2_SFTP * sftp) +{ + return sftp->last_errno; +} + +/* }}} */ diff --git a/Vendor/libssh2/Source/transport.c b/Vendor/libssh2/Source/transport.c new file mode 100644 index 0000000..13f5130 --- /dev/null +++ b/Vendor/libssh2/Source/transport.c @@ -0,0 +1,761 @@ +/* Copyright (C) 2007 The Written Word, Inc. All rights reserved. + * Author: Daniel Stenberg + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + * + * This file handles reading and writing to the SECSH transport layer. RFC4253. + */ + +#include "libssh2_priv.h" +#include +#include + +#include + +#define MAX_BLOCKSIZE 32 /* MUST fit biggest crypto block size we use/get */ +#define MAX_MACSIZE 20 /* MUST fit biggest MAC length we support */ + +#ifdef LIBSSH2DEBUG +#define UNPRINTABLE_CHAR '.' +static void +debugdump(LIBSSH2_SESSION * session, + const char *desc, unsigned char *ptr, unsigned long size) +{ + size_t i; + size_t c; + FILE *stream = stdout; + unsigned int width = 0x10; + + if (!(session->showmask & (1 << LIBSSH2_DBG_TRANS))) { + /* not asked for, bail out */ + return; + } + + fprintf(stream, "=> %s (%d bytes)\n", desc, (int) size); + + for(i = 0; i < size; i += width) { + + fprintf(stream, "%04lx: ", (long)i); + + /* hex not disabled, show it */ + for(c = 0; c < width; c++) { + if (i + c < size) + fprintf(stream, "%02x ", ptr[i + c]); + else + fputs(" ", stream); + } + + for(c = 0; (c < width) && (i + c < size); c++) { + fprintf(stream, "%c", + (ptr[i + c] >= 0x20) && + (ptr[i + c] < 0x80) ? ptr[i + c] : UNPRINTABLE_CHAR); + } + fputc('\n', stream); /* newline */ + } + fflush(stream); +} +#else +#define debugdump(a,x,y,z) +#endif + + +/* decrypt() decrypts 'len' bytes from 'source' to 'dest'. + * + * returns PACKET_NONE on success and PACKET_FAIL on failure + */ + +static libssh2pack_t +decrypt(LIBSSH2_SESSION * session, unsigned char *source, + unsigned char *dest, int len) +{ + struct transportpacket *p = &session->packet; + int blocksize = session->remote.crypt->blocksize; + + /* if we get called with a len that isn't an even number of blocksizes + we risk losing those extra bytes */ + assert((len % blocksize) == 0); + + while (len >= blocksize) { + if (session->remote.crypt->crypt(session, source, + &session->remote.crypt_abstract)) { + libssh2_error(session, LIBSSH2_ERROR_DECRYPT, + (char *) "Error decrypting packet", 0); + LIBSSH2_FREE(session, p->payload); + return PACKET_FAIL; + } + + /* if the crypt() function would write to a given address it + wouldn't have to memcpy() and we could avoid this memcpy() + too */ + memcpy(dest, source, blocksize); + + len -= blocksize; /* less bytes left */ + dest += blocksize; /* advance write pointer */ + source += blocksize; /* advance read pointer */ + } + return PACKET_NONE; /* all is fine */ +} + +/* + * fullpacket() gets called when a full packet has been received and properly + * collected. + */ +static libssh2pack_t +fullpacket(LIBSSH2_SESSION * session, int encrypted /* 1 or 0 */ ) +{ + unsigned char macbuf[MAX_MACSIZE]; + struct transportpacket *p = &session->packet; + int rc; + + if (session->fullpacket_state == libssh2_NB_state_idle) { + session->fullpacket_macstate = LIBSSH2_MAC_CONFIRMED; + session->fullpacket_payload_len = p->packet_length - 1; + + if (encrypted) { + + /* Calculate MAC hash */ + session->remote.mac->hash(session, macbuf, /* store hash here */ + session->remote.seqno, + p->init, 5, + p->payload, + session->fullpacket_payload_len, + &session->remote.mac_abstract); + + /* Compare the calculated hash with the MAC we just read from + * the network. The read one is at the very end of the payload + * buffer. Note that 'payload_len' here is the packet_length + * field which includes the padding but not the MAC. + */ + if (memcmp(macbuf, p->payload + session->fullpacket_payload_len, + session->remote.mac->mac_len)) { + session->fullpacket_macstate = LIBSSH2_MAC_INVALID; + } + } + + session->remote.seqno++; + + /* ignore the padding */ + session->fullpacket_payload_len -= p->padding_length; + + /* Check for and deal with decompression */ + if (session->remote.comp && strcmp(session->remote.comp->name, "none")) { + unsigned char *data; + unsigned long data_len; + int free_payload = 1; + + if (session->remote.comp->comp(session, 0, + &data, &data_len, + LIBSSH2_PACKET_MAXDECOMP, + &free_payload, + p->payload, + session->fullpacket_payload_len, + &session->remote.comp_abstract)) { + LIBSSH2_FREE(session, p->payload); + return PACKET_FAIL; + } + + if (free_payload) { + LIBSSH2_FREE(session, p->payload); + p->payload = data; + session->fullpacket_payload_len = data_len; + } else { + if (data == p->payload) { + /* It's not to be freed, because the + * compression layer reused payload, So let's + * do the same! + */ + session->fullpacket_payload_len = data_len; + } else { + /* No comp_method actually lets this happen, + * but let's prepare for the future */ + + LIBSSH2_FREE(session, p->payload); + + /* We need a freeable struct otherwise the + * brigade won't know what to do with it */ + p->payload = LIBSSH2_ALLOC(session, data_len); + if (!p->payload) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, (char *) + "Unable to allocate memory for copy of uncompressed data", + 0); + return PACKET_ENOMEM; + } + memcpy(p->payload, data, data_len); + session->fullpacket_payload_len = data_len; + } + } + } + + session->fullpacket_packet_type = p->payload[0]; + + debugdump(session, "libssh2_packet_read() plain", + p->payload, session->fullpacket_payload_len); + + session->fullpacket_state = libssh2_NB_state_created; + } + + if (session->fullpacket_state == libssh2_NB_state_created) { + rc = libssh2_packet_add(session, p->payload, + session->fullpacket_payload_len, + session->fullpacket_macstate); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc < 0) { + return PACKET_FAIL; + } + } + + session->fullpacket_state = libssh2_NB_state_idle; + + return session->fullpacket_packet_type; +} + + +/* {{{ libssh2_packet_read + * Collect a packet into the input brigade + * block only controls whether or not to wait for a packet to start, + * Once a packet starts, libssh2 will block until it is complete + * + * Returns packet type added to input brigade (PACKET_NONE if nothing added), + * or PACKET_FAIL on failure and PACKET_EAGAIN if it couldn't process a full + * packet. + */ + +/* + * This function reads the binary stream as specified in chapter 6 of RFC4253 + * "The Secure Shell (SSH) Transport Layer Protocol" + */ +libssh2pack_t +libssh2_packet_read(LIBSSH2_SESSION * session) +{ + libssh2pack_t rc; + struct transportpacket *p = &session->packet; + int remainbuf; + int remainpack; + int numbytes; + int numdecrypt; + unsigned char block[MAX_BLOCKSIZE]; + int blocksize; + int encrypted = 1; + + /* + * =============================== NOTE =============================== + * I know this is very ugly and not a really good use of "goto", but + * this case statement would be even uglier to do it any other way + */ + if (session->readPack_state == libssh2_NB_state_jump1) { + session->readPack_state = libssh2_NB_state_idle; + encrypted = session->readPack_encrypted; + goto libssh2_packet_read_point1; + } + + do { + if (session->socket_state == LIBSSH2_SOCKET_DISCONNECTED) { + return PACKET_NONE; + } + + if (session->state & LIBSSH2_STATE_NEWKEYS) { + blocksize = session->remote.crypt->blocksize; + } else { + encrypted = 0; /* not encrypted */ + blocksize = 5; /* not strictly true, but we can use 5 here to + make the checks below work fine still */ + } + + /* read/use a whole big chunk into a temporary area stored in + the LIBSSH2_SESSION struct. We will decrypt data from that + buffer into the packet buffer so this temp one doesn't have + to be able to keep a whole SSH packet, just be large enough + so that we can read big chunks from the network layer. */ + + /* how much data there is remaining in the buffer to deal with + before we should read more from the network */ + remainbuf = p->writeidx - p->readidx; + + /* if remainbuf turns negative we have a bad internal error */ + assert(remainbuf >= 0); + + if (remainbuf < blocksize) { + /* If we have less than a blocksize left, it is too + little data to deal with, read more */ + ssize_t nread; + + /* move any remainder to the start of the buffer so + that we can do a full refill */ + if (remainbuf) { + memmove(p->buf, &p->buf[p->readidx], remainbuf); + p->readidx = 0; + p->writeidx = remainbuf; + } else { + /* nothing to move, just zero the indexes */ + p->readidx = p->writeidx = 0; + } + + /* now read a big chunk from the network into the temp buffer */ + nread = + recv(session->socket_fd, &p->buf[remainbuf], + PACKETBUFSIZE - remainbuf, + LIBSSH2_SOCKET_RECV_FLAGS(session)); + if (nread <= 0) { + /* check if this is due to EAGAIN and return the special + return code if so, error out normally otherwise */ +#ifdef WIN32 + switch (WSAGetLastError()) { + case WSAEWOULDBLOCK: + errno = EAGAIN; + break; + + case WSAENOTSOCK: + errno = EBADF; + break; + + case WSAENOTCONN: + case WSAECONNABORTED: + errno = WSAENOTCONN; + break; + + case WSAEINTR: + errno = EINTR; + break; + } +#endif /* WIN32 */ + if ((nread < 0) && (errno == EAGAIN)) { + return PACKET_EAGAIN; + } + return PACKET_FAIL; + } + debugdump(session, "libssh2_packet_read() raw", + &p->buf[remainbuf], nread); + /* advance write pointer */ + p->writeidx += nread; + + /* update remainbuf counter */ + remainbuf = p->writeidx - p->readidx; + } + + /* how much data to deal with from the buffer */ + numbytes = remainbuf; + + if (!p->total_num) { + /* No payload package area allocated yet. To know the + size of this payload, we need to decrypt the first + blocksize data. */ + + if (numbytes < blocksize) { + /* we can't act on anything less than blocksize, but this + check is only done for the initial block since once we have + got the start of a block we can in fact deal with fractions + */ + return PACKET_EAGAIN; + } + + if (encrypted) { + rc = decrypt(session, &p->buf[p->readidx], block, blocksize); + if (rc != PACKET_NONE) { + return rc; + } + /* save the first 5 bytes of the decrypted package, to be + used in the hash calculation later down. */ + memcpy(p->init, &p->buf[p->readidx], 5); + } else { + /* the data is plain, just copy it verbatim to + the working block buffer */ + memcpy(block, &p->buf[p->readidx], blocksize); + } + + /* advance the read pointer */ + p->readidx += blocksize; + + /* we now have the initial blocksize bytes decrypted, + * and we can extract packet and padding length from it + */ + p->packet_length = libssh2_ntohu32(block); + p->padding_length = block[4]; + + /* total_num is the number of bytes following the initial + (5 bytes) packet length and padding length fields */ + p->total_num = + p->packet_length - 1 + + (encrypted ? session->remote.mac->mac_len : 0); + + /* RFC4253 section 6.1 Maximum Packet Length says: + * + * "All implementations MUST be able to process + * packets with uncompressed payload length of 32768 + * bytes or less and total packet size of 35000 bytes + * or less (including length, padding length, payload, + * padding, and MAC.)." + */ + if (p->total_num > LIBSSH2_PACKET_MAXPAYLOAD) { + return PACKET_TOOBIG; + } + + /* Get a packet handle put data into. We get one to + hold all data, including padding and MAC. */ + p->payload = LIBSSH2_ALLOC(session, p->total_num); + if (!p->payload) { + return PACKET_ENOMEM; + } + /* init write pointer to start of payload buffer */ + p->wptr = p->payload; + + if (blocksize > 5) { + /* copy the data from index 5 to the end of + the blocksize from the temporary buffer to + the start of the decrypted buffer */ + memcpy(p->wptr, &block[5], blocksize - 5); + p->wptr += blocksize - 5; /* advance write pointer */ + } + + /* init the data_num field to the number of bytes of + the package read so far */ + p->data_num = p->wptr - p->payload; + + /* we already dealt with a blocksize worth of data */ + numbytes -= blocksize; + } + + /* how much there is left to add to the current payload + package */ + remainpack = p->total_num - p->data_num; + + if (numbytes > remainpack) { + /* if we have more data in the buffer than what is going into this + particular packet, we limit this round to this packet only */ + numbytes = remainpack; + } + + if (encrypted) { + /* At the end of the incoming stream, there is a MAC, + and we don't want to decrypt that since we need it + "raw". We MUST however decrypt the padding data + since it is used for the hash later on. */ + int skip = session->remote.mac->mac_len; + + /* if what we have plus numbytes is bigger than the + total minus the skip margin, we should lower the + amount to decrypt even more */ + if ((p->data_num + numbytes) > (p->total_num - skip)) { + numdecrypt = (p->total_num - skip) - p->data_num; + } else { + int frac; + numdecrypt = numbytes; + frac = numdecrypt % blocksize; + if (frac) { + /* not an aligned amount of blocks, + align it */ + numdecrypt -= frac; + /* and make it no unencrypted data + after it */ + numbytes = 0; + } + } + } else { + /* unencrypted data should not be decrypted at all */ + numdecrypt = 0; + } + + /* if there are bytes to decrypt, do that */ + if (numdecrypt > 0) { + /* now decrypt the lot */ + rc = decrypt(session, &p->buf[p->readidx], p->wptr, numdecrypt); + if (rc != PACKET_NONE) { + return rc; + } + + /* advance the read pointer */ + p->readidx += numdecrypt; + /* advance write pointer */ + p->wptr += numdecrypt; + /* increse data_num */ + p->data_num += numdecrypt; + + /* bytes left to take care of without decryption */ + numbytes -= numdecrypt; + } + + /* if there are bytes to copy that aren't decrypted, simply + copy them as-is to the target buffer */ + if (numbytes > 0) { + memcpy(p->wptr, &p->buf[p->readidx], numbytes); + + /* advance the read pointer */ + p->readidx += numbytes; + /* advance write pointer */ + p->wptr += numbytes; + /* increse data_num */ + p->data_num += numbytes; + } + + /* now check how much data there's left to read to finish the + current packet */ + remainpack = p->total_num - p->data_num; + + if (!remainpack) { + /* we have a full packet */ + libssh2_packet_read_point1: + rc = fullpacket(session, encrypted); + if (rc == PACKET_EAGAIN) { + session->readPack_encrypted = encrypted; + session->readPack_state = libssh2_NB_state_jump1; + return PACKET_EAGAIN; + } + + p->total_num = 0; /* no packet buffer available */ + + return rc; + } + } while (1); /* loop */ + + return PACKET_FAIL; /* we never reach this point */ +} + +/* }}} */ + +#ifndef OLDSEND + +static libssh2pack_t +send_existing(LIBSSH2_SESSION * session, unsigned char *data, + unsigned long data_len, ssize_t * ret) +{ + ssize_t rc; + ssize_t length; + struct transportpacket *p = &session->packet; + + if (!p->outbuf) { + *ret = 0; + return PACKET_NONE; + } + + /* send as much as possible of the existing packet */ + if ((data != p->odata) || (data_len != p->olen)) { + /* When we are about to complete the sending of a packet, it is vital + that the caller doesn't try to send a new/different packet since + we don't add this one up until the previous one has been sent. To + make the caller really notice his/hers flaw, we return error for + this case */ + return PACKET_BADUSE; + } + + *ret = 1; /* set to make our parent return */ + + /* number of bytes left to send */ + length = p->ototal_num - p->osent; + + rc = send(session->socket_fd, &p->outbuf[p->osent], length, + LIBSSH2_SOCKET_SEND_FLAGS(session)); + + if (rc == length) { + /* the remainder of the package was sent */ + LIBSSH2_FREE(session, p->outbuf); + p->outbuf = NULL; + p->ototal_num = 0; + } else if (rc < 0) { + /* nothing was sent */ + if (errno != EAGAIN) { + /* send failure! */ + return PACKET_FAIL; + } + return PACKET_EAGAIN; + } + + debugdump(session, "libssh2_packet_write send()", &p->outbuf[p->osent], + length); + p->osent += length; /* we sent away this much data */ + + return PACKET_NONE; +} + +/* {{{ libssh2_packet_write + * Send a packet, encrypting it and adding a MAC code if necessary + * Returns 0 on success, non-zero on failure. + * + * Returns PACKET_EAGAIN if it would block - and if it does so, you should + * call this function again as soon as it is likely that more data can be + * sent, and this function should then be called with the same argument set + * (same data pointer and same data_len) until zero or failure is returned. + */ +int +libssh2_packet_write(LIBSSH2_SESSION * session, unsigned char *data, + unsigned long data_len) +{ + int blocksize = + (session->state & LIBSSH2_STATE_NEWKEYS) ? session->local.crypt-> + blocksize : 8; + int padding_length; + int packet_length; + int total_length; + int free_data = 0; +#ifdef RANDOM_PADDING + int rand_max; + int seed = data[0]; /* FIXME: make this random */ +#endif + struct transportpacket *p = &session->packet; + int encrypted; + int i; + ssize_t ret; + libssh2pack_t rc; + unsigned char *orgdata = data; + unsigned long orgdata_len = data_len; + + debugdump(session, "libssh2_packet_write plain", data, data_len); + + /* FIRST, check if we have a pending write to complete */ + rc = send_existing(session, data, data_len, &ret); + if (rc || ret) { + return rc; + } + + encrypted = (session->state & LIBSSH2_STATE_NEWKEYS) ? 1 : 0; + + /* check if we should compress */ + if (encrypted && strcmp(session->local.comp->name, "none")) { + if (session->local.comp-> + comp(session, 1, &data, &data_len, LIBSSH2_PACKET_MAXCOMP, + &free_data, data, data_len, &session->local.comp_abstract)) { + return PACKET_COMPRESS; /* compression failure */ + } + } + + /* RFC4253 says: Note that the length of the concatenation of + 'packet_length', 'padding_length', 'payload', and 'random padding' + MUST be a multiple of the cipher block size or 8, whichever is + larger. */ + + /* Plain math: (4 + 1 + packet_length + padding_length) % blocksize == 0 */ + + packet_length = data_len + 1 + 4; /* 1 is for padding_length field + 4 for the packet_length field */ + + /* at this point we have it all except the padding */ + + /* first figure out our minimum padding amount to make it an even + block size */ + padding_length = blocksize - (packet_length % blocksize); + + /* if the padding becomes too small we add another blocksize worth + of it (taken from the original libssh2 where it didn't have any + real explanation) */ + if (padding_length < 4) { + padding_length += blocksize; + } +#ifdef RANDOM_PADDING + /* FIXME: we can add padding here, but that also makes the packets + bigger etc */ + + /* now we can add 'blocksize' to the padding_length N number of times + (to "help thwart traffic analysis") but it must be less than 255 in + total */ + rand_max = (255 - padding_length) / blocksize + 1; + padding_length += blocksize * (seed % rand_max); +#endif + + packet_length += padding_length; + + /* append the MAC length to the total_length size */ + total_length = + packet_length + (encrypted ? session->local.mac->mac_len : 0); + + /* allocate memory to store the outgoing packet in, in case we can't + send the whole one and thus need to keep it after this function + returns. */ + p->outbuf = LIBSSH2_ALLOC(session, total_length); + if (!p->outbuf) { + return PACKET_ENOMEM; + } + + /* store packet_length, which is the size of the whole packet except + the MAC and the packet_length field itself */ + libssh2_htonu32(p->outbuf, packet_length - 4); + /* store padding_length */ + p->outbuf[4] = padding_length; + /* copy the payload data */ + memcpy(p->outbuf + 5, data, data_len); + /* fill the padding area with random junk */ + libssh2_random(p->outbuf + 5 + data_len, padding_length); + if (free_data) { + LIBSSH2_FREE(session, data); + } + + if (encrypted) { + /* Calculate MAC hash. Put the output at index packet_length, + since that size includes the whole packet. The MAC is + calculated on the entire unencrypted packet, including all + fields except the MAC field itself. */ + session->local.mac->hash(session, p->outbuf + packet_length, + session->local.seqno, p->outbuf, + packet_length, NULL, 0, + &session->local.mac_abstract); + + /* Encrypt the whole packet data, one block size at a time. + The MAC field is not encrypted. */ + for(i = 0; i < packet_length; i += session->local.crypt->blocksize) { + unsigned char *ptr = &p->outbuf[i]; + if (session->local.crypt-> + crypt(session, ptr, &session->local.crypt_abstract)) + return PACKET_FAIL; /* encryption failure */ + } + } + + session->local.seqno++; + + ret = send(session->socket_fd, p->outbuf, total_length, + LIBSSH2_SOCKET_SEND_FLAGS(session)); + + if (ret != -1) { + debugdump(session, "libssh2_packet_write send()", p->outbuf, ret); + } + if (ret != total_length) { + if ((ret > 0) || ((ret == -1) && (errno == EAGAIN))) { + /* the whole packet could not be sent, save the rest */ + p->odata = orgdata; + p->olen = orgdata_len; + p->osent = (ret == -1) ? 0 : ret; + p->ototal_num = total_length; + return PACKET_EAGAIN; + } + return PACKET_FAIL; + } + + /* the whole thing got sent away */ + p->odata = NULL; + p->olen = 0; + LIBSSH2_FREE(session, p->outbuf); + p->outbuf = NULL; + + return PACKET_NONE; /* all is good */ +} + +/* }}} */ +#endif diff --git a/Vendor/libssh2/Source/userauth.c b/Vendor/libssh2/Source/userauth.c new file mode 100644 index 0000000..91151f6 --- /dev/null +++ b/Vendor/libssh2/Source/userauth.c @@ -0,0 +1,1459 @@ +/* Copyright (c) 2004-2007, Sara Golemon + * All rights reserved. + * + * Redistribution and use in source and binary forms, + * with or without modification, are permitted provided + * that the following conditions are met: + * + * Redistributions of source code must retain the above + * copyright notice, this list of conditions and the + * following disclaimer. + * + * Redistributions in binary form must reproduce the above + * copyright notice, this list of conditions and the following + * disclaimer in the documentation and/or other materials + * provided with the distribution. + * + * Neither the name of the copyright holder nor the names + * of any other contributors may be used to endorse or + * promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND + * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, + * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR + * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, + * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE + * USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY + * OF SUCH DAMAGE. + */ + +#include "libssh2_priv.h" + +#include +#include + +/* Needed for struct iovec on some platforms */ +#ifdef HAVE_SYS_UIO_H +#include +#endif + + +/* {{{ proto libssh2_userauth_list + * List authentication methods + * Will yield successful login if "none" happens to be allowable for this user + * Not a common configuration for any SSH server though + * username should be NULL, or a null terminated string + */ +LIBSSH2_API char * +libssh2_userauth_list(LIBSSH2_SESSION * session, const char *username, + unsigned int username_len) +{ + static const unsigned char reply_codes[3] = + { SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, 0 }; + /* packet_type(1) + username_len(4) + service_len(4) + + service(14)"ssh-connection" + method_len(4) + method(4)"none" */ + unsigned long methods_len; + unsigned char *s; + int rc; + + if (session->userauth_list_state == libssh2_NB_state_idle) { + /* Zero the whole thing out */ + memset(&session->userauth_list_packet_requirev_state, 0, + sizeof(session->userauth_list_packet_requirev_state)); + + session->userauth_list_data_len = username_len + 31; + + s = session->userauth_list_data = + LIBSSH2_ALLOC(session, session->userauth_list_data_len); + if (!session->userauth_list_data) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for userauth_list", 0); + return NULL; + } + + *(s++) = SSH_MSG_USERAUTH_REQUEST; + libssh2_htonu32(s, username_len); + s += 4; + if (username) { + memcpy(s, username, username_len); + s += username_len; + } + + libssh2_htonu32(s, 14); + s += 4; + memcpy(s, "ssh-connection", 14); + s += 14; + + libssh2_htonu32(s, 4); + s += 4; + memcpy(s, "none", 4); + s += 4; + + session->userauth_list_state = libssh2_NB_state_created; + } + + if (session->userauth_list_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, session->userauth_list_data, + session->userauth_list_data_len); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block requesting userauth list", 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send userauth-none request", 0); + LIBSSH2_FREE(session, session->userauth_list_data); + session->userauth_list_data = NULL; + session->userauth_list_state = libssh2_NB_state_idle; + return NULL; + } + LIBSSH2_FREE(session, session->userauth_list_data); + session->userauth_list_data = NULL; + + session->userauth_list_state = libssh2_NB_state_sent; + } + + if (session->userauth_list_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, + &session->userauth_list_data, + &session->userauth_list_data_len, 0, + NULL, 0, + &session-> + userauth_list_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + libssh2_error(session, LIBSSH2_ERROR_EAGAIN, + "Would block requesting userauth list", 0); + return NULL; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_NONE, "No error", 0); + session->userauth_list_state = libssh2_NB_state_idle; + return NULL; + } + + if (session->userauth_list_data[0] == SSH_MSG_USERAUTH_SUCCESS) { + /* Wow, who'dve thought... */ + libssh2_error(session, LIBSSH2_ERROR_NONE, "No error", 0); + LIBSSH2_FREE(session, session->userauth_list_data); + session->userauth_list_data = NULL; + session->state |= LIBSSH2_STATE_AUTHENTICATED; + session->userauth_list_state = libssh2_NB_state_idle; + return NULL; + } + + methods_len = libssh2_ntohu32(session->userauth_list_data + 1); + memcpy(session->userauth_list_data, session->userauth_list_data + 5, + methods_len); + session->userauth_list_data[methods_len] = '\0'; + _libssh2_debug(session, LIBSSH2_DBG_AUTH, "Permitted auth methods: %s", + session->userauth_list_data); + } + + session->userauth_list_state = libssh2_NB_state_idle; + return (char *) session->userauth_list_data; +} + +/* }}} */ + +/* {{{ libssh2_userauth_authenticated + * 0 if not yet authenticated + * non-zero is already authenticated + */ +LIBSSH2_API int +libssh2_userauth_authenticated(LIBSSH2_SESSION * session) +{ + return session->state & LIBSSH2_STATE_AUTHENTICATED; +} + +/* }}} */ + +/* {{{ libssh2_userauth_password + * Plain ol' login + */ +LIBSSH2_API int +libssh2_userauth_password_ex(LIBSSH2_SESSION * session, const char *username, + unsigned int username_len, const char *password, + unsigned int password_len, + LIBSSH2_PASSWD_CHANGEREQ_FUNC((*passwd_change_cb))) +{ + unsigned char *s; + static const unsigned char reply_codes[4] = + { SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, + SSH_MSG_USERAUTH_PASSWD_CHANGEREQ, 0 + }; + int rc; + + if (session->userauth_pswd_state == libssh2_NB_state_idle) { + /* Zero the whole thing out */ + memset(&session->userauth_pswd_packet_requirev_state, 0, + sizeof(session->userauth_pswd_packet_requirev_state)); + + /* + * 40 = acket_type(1) + username_len(4) + service_len(4) + + * service(14)"ssh-connection" + method_len(4) + method(8)"password" + + * chgpwdbool(1) + password_len(4) */ + session->userauth_pswd_data_len = username_len + password_len + 40; + + session->userauth_pswd_data0 = ~SSH_MSG_USERAUTH_PASSWD_CHANGEREQ; + + s = session->userauth_pswd_data = + LIBSSH2_ALLOC(session, session->userauth_pswd_data_len); + if (!session->userauth_pswd_data) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for userauth-password request", + 0); + return -1; + } + + *(s++) = SSH_MSG_USERAUTH_REQUEST; + libssh2_htonu32(s, username_len); + s += 4; + memcpy(s, username, username_len); + s += username_len; + + libssh2_htonu32(s, sizeof("ssh-connection") - 1); + s += 4; + memcpy(s, "ssh-connection", sizeof("ssh-connection") - 1); + s += sizeof("ssh-connection") - 1; + + libssh2_htonu32(s, sizeof("password") - 1); + s += 4; + memcpy(s, "password", sizeof("password") - 1); + s += sizeof("password") - 1; + + *s = '\0'; + s++; + + libssh2_htonu32(s, password_len); + s += 4; + memcpy(s, password, password_len); + s += password_len; + + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Attempting to login using password authentication"); + + session->userauth_pswd_state = libssh2_NB_state_created; + } + + if (session->userauth_pswd_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, session->userauth_pswd_data, + session->userauth_pswd_data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send userauth-password request", 0); + LIBSSH2_FREE(session, session->userauth_pswd_data); + session->userauth_pswd_data = NULL; + session->userauth_pswd_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, session->userauth_pswd_data); + session->userauth_pswd_data = NULL; + + session->userauth_pswd_state = libssh2_NB_state_sent; + } + + password_response: + + if ((session->userauth_pswd_state == libssh2_NB_state_sent) + || (session->userauth_pswd_state == libssh2_NB_state_sent1) + || (session->userauth_pswd_state == libssh2_NB_state_sent2)) { + if (session->userauth_pswd_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, + &session->userauth_pswd_data, + &session->userauth_pswd_data_len, + 0, NULL, 0, + &session-> + userauth_pswd_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + session->userauth_pswd_state = libssh2_NB_state_idle; + return -1; + } + + if (session->userauth_pswd_data[0] == SSH_MSG_USERAUTH_SUCCESS) { + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Password authentication successful"); + LIBSSH2_FREE(session, session->userauth_pswd_data); + session->userauth_pswd_data = NULL; + session->state |= LIBSSH2_STATE_AUTHENTICATED; + session->userauth_pswd_state = libssh2_NB_state_idle; + return 0; + } + + session->userauth_pswd_newpw = NULL; + session->userauth_pswd_newpw_len = 0; + + session->userauth_pswd_state = libssh2_NB_state_sent1; + } + + if ((session->userauth_pswd_data[0] == + SSH_MSG_USERAUTH_PASSWD_CHANGEREQ) + || (session->userauth_pswd_data0 == + SSH_MSG_USERAUTH_PASSWD_CHANGEREQ)) { + session->userauth_pswd_data0 = SSH_MSG_USERAUTH_PASSWD_CHANGEREQ; + + if ((session->userauth_pswd_state == libssh2_NB_state_sent1) || + (session->userauth_pswd_state == libssh2_NB_state_sent2)) { + if (session->userauth_pswd_state == libssh2_NB_state_sent1) { + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Password change required"); + LIBSSH2_FREE(session, session->userauth_pswd_data); + session->userauth_pswd_data = NULL; + } + if (passwd_change_cb) { + if (session->userauth_pswd_state == libssh2_NB_state_sent1) { + passwd_change_cb(session, + &session->userauth_pswd_newpw, + &session->userauth_pswd_newpw_len, + &session->abstract); + if (!session->userauth_pswd_newpw) { + libssh2_error(session, + LIBSSH2_ERROR_PASSWORD_EXPIRED, + "Password expired, and callback failed", + 0); + return -1; + } + + /* basic data_len + newpw_len(4) */ + session->userauth_pswd_data_len = + username_len + password_len + 44 + + session->userauth_pswd_newpw_len; + + s = session->userauth_pswd_data = + LIBSSH2_ALLOC(session, + session->userauth_pswd_data_len); + if (!session->userauth_pswd_data) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for userauth-password-change request", + 0); + LIBSSH2_FREE(session, + session->userauth_pswd_newpw); + session->userauth_pswd_newpw = NULL; + return -1; + } + + *(s++) = SSH_MSG_USERAUTH_REQUEST; + libssh2_htonu32(s, username_len); + s += 4; + memcpy(s, username, username_len); + s += username_len; + + libssh2_htonu32(s, sizeof("ssh-connection") - 1); + s += 4; + memcpy(s, "ssh-connection", + sizeof("ssh-connection") - 1); + s += sizeof("ssh-connection") - 1; + + libssh2_htonu32(s, sizeof("password") - 1); + s += 4; + memcpy(s, "password", sizeof("password") - 1); + s += sizeof("password") - 1; + + *s = 0x01; + s++; + + libssh2_htonu32(s, password_len); + s += 4; + memcpy(s, password, password_len); + s += password_len; + + libssh2_htonu32(s, session->userauth_pswd_newpw_len); + s += 4; + memcpy(s, session->userauth_pswd_newpw, + session->userauth_pswd_newpw_len); + s += session->userauth_pswd_newpw_len; + + session->userauth_pswd_state = libssh2_NB_state_sent2; + } + + if (session->userauth_pswd_state == libssh2_NB_state_sent2) { + rc = libssh2_packet_write(session, + session->userauth_pswd_data, + session-> + userauth_pswd_data_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send userauth-password-change request", + 0); + LIBSSH2_FREE(session, session->userauth_pswd_data); + session->userauth_pswd_data = NULL; + LIBSSH2_FREE(session, + session->userauth_pswd_newpw); + session->userauth_pswd_newpw = NULL; + return -1; + } + LIBSSH2_FREE(session, session->userauth_pswd_data); + session->userauth_pswd_data = NULL; + LIBSSH2_FREE(session, session->userauth_pswd_newpw); + session->userauth_pswd_newpw = NULL; + + /* + * Ugliest use of goto ever. Blame it on the + * askN => requirev migration. + */ + session->userauth_pswd_state = libssh2_NB_state_sent; + goto password_response; + } + } + } else { + libssh2_error(session, LIBSSH2_ERROR_PASSWORD_EXPIRED, + "Password Expired, and no callback specified", + 0); + session->userauth_pswd_state = libssh2_NB_state_idle; + return -1; + } + } + } + + /* FAILURE */ + LIBSSH2_FREE(session, session->userauth_pswd_data); + session->userauth_pswd_data = NULL; + session->userauth_pswd_state = libssh2_NB_state_idle; + return -1; +} + +/* }}} */ + +/* {{{ libssh2_file_read_publickey + * Read a public key from an id_???.pub style file + */ +static int +libssh2_file_read_publickey(LIBSSH2_SESSION * session, unsigned char **method, + unsigned long *method_len, + unsigned char **pubkeydata, + unsigned long *pubkeydata_len, + const char *pubkeyfile) +{ + FILE *fd; + char c; + unsigned char *pubkey = NULL, *sp1, *sp2, *tmp; + size_t pubkey_len = 0; + unsigned int tmp_len; + + _libssh2_debug(session, LIBSSH2_DBG_AUTH, "Loading public key file: %s", + pubkeyfile); + /* Read Public Key */ + fd = fopen(pubkeyfile, "r"); + if (!fd) { + libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to open public key file", 0); + return -1; + } + while (!feof(fd) && (c = fgetc(fd)) != '\r' && c != '\n') + pubkey_len++; + if (feof(fd)) { + /* the last character was EOF */ + pubkey_len--; + } + rewind(fd); + + if (pubkey_len <= 1) { + libssh2_error(session, LIBSSH2_ERROR_FILE, + "Invalid data in public key file", 0); + fclose(fd); + return -1; + } + + pubkey = LIBSSH2_ALLOC(session, pubkey_len); + if (!pubkey) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for public key data", 0); + fclose(fd); + return -1; + } + if (fread(pubkey, 1, pubkey_len, fd) != pubkey_len) { + libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to read public key from file", 0); + LIBSSH2_FREE(session, pubkey); + fclose(fd); + return -1; + } + fclose(fd); + /* + * Remove trailing whitespace + */ + while (pubkey_len && isspace(pubkey[pubkey_len - 1])) + pubkey_len--; + + if (!pubkey_len) { + libssh2_error(session, LIBSSH2_ERROR_FILE, "Missing public key data", + 0); + LIBSSH2_FREE(session, pubkey); + return -1; + } + + if ((sp1 = memchr(pubkey, ' ', pubkey_len)) == NULL) { + libssh2_error(session, LIBSSH2_ERROR_FILE, "Invalid public key data", + 0); + LIBSSH2_FREE(session, pubkey); + return -1; + } + /* Wasting some bytes here (okay, more than some), + * but since it's likely to be freed soon anyway, + * we'll just avoid the extra free/alloc and call it a wash */ + *method = pubkey; + *method_len = sp1 - pubkey; + + sp1++; + + if ((sp2 = memchr(sp1, ' ', pubkey_len - *method_len)) == NULL) { + /* Assume that the id string is missing, but that it's okay */ + sp2 = pubkey + pubkey_len; + } + + if (libssh2_base64_decode + (session, (char **) &tmp, &tmp_len, (char *) sp1, sp2 - sp1)) { + libssh2_error(session, LIBSSH2_ERROR_FILE, + "Invalid key data, not base64 encoded", 0); + LIBSSH2_FREE(session, pubkey); + return -1; + } + *pubkeydata = tmp; + *pubkeydata_len = tmp_len; + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_file_read_privatekey + * Read a PEM encoded private key from an id_??? style file + */ +static int +libssh2_file_read_privatekey(LIBSSH2_SESSION * session, + const LIBSSH2_HOSTKEY_METHOD ** hostkey_method, + void **hostkey_abstract, + const unsigned char *method, int method_len, + const char *privkeyfile, const char *passphrase) +{ + const LIBSSH2_HOSTKEY_METHOD **hostkey_methods_avail = + libssh2_hostkey_methods(); + + _libssh2_debug(session, LIBSSH2_DBG_AUTH, "Loading private key file: %s", + privkeyfile); + *hostkey_method = NULL; + *hostkey_abstract = NULL; + while (*hostkey_methods_avail && (*hostkey_methods_avail)->name) { + if ((*hostkey_methods_avail)->initPEM + && strncmp((*hostkey_methods_avail)->name, (const char *) method, + method_len) == 0) { + *hostkey_method = *hostkey_methods_avail; + break; + } + hostkey_methods_avail++; + } + if (!*hostkey_method) { + libssh2_error(session, LIBSSH2_ERROR_METHOD_NONE, + "No handler for specified private key", 0); + return -1; + } + + if ((*hostkey_method)-> + initPEM(session, privkeyfile, (unsigned char *) passphrase, + hostkey_abstract)) { + libssh2_error(session, LIBSSH2_ERROR_FILE, + "Unable to initialize private key from file", 0); + return -1; + } + + return 0; +} + +/* }}} */ + +/* {{{ libssh2_userauth_hostbased_fromfile_ex + * Authenticate using a keypair found in the named files + */ +LIBSSH2_API int +libssh2_userauth_hostbased_fromfile_ex(LIBSSH2_SESSION * session, + const char *username, + unsigned int username_len, + const char *publickey, + const char *privatekey, + const char *passphrase, + const char *hostname, + unsigned int hostname_len, + const char *local_username, + unsigned int local_username_len) +{ + const LIBSSH2_HOSTKEY_METHOD *privkeyobj; + void *abstract; + unsigned char buf[5]; + struct iovec datavec[4]; + unsigned char *pubkeydata, *sig; + static const unsigned char reply_codes[3] = + { SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, 0 }; + unsigned long pubkeydata_len, sig_len, data_len; + int rc; + + if (session->userauth_host_state == libssh2_NB_state_idle) { + /* Zero the whole thing out */ + memset(&session->userauth_host_packet_requirev_state, 0, + sizeof(session->userauth_host_packet_requirev_state)); + + if (libssh2_file_read_publickey + (session, &session->userauth_host_method, + &session->userauth_host_method_len, &pubkeydata, &pubkeydata_len, + publickey)) { + return -1; + } + + /* + * 48 = packet_type(1) + username_len(4) + servicename_len(4) + + * service_name(14)"ssh-connection" + authmethod_len(4) + + * authmethod(9)"hostbased" + method_len(4) + pubkeydata_len(4) + + * local_username_len(4) + */ + session->userauth_host_packet_len = + username_len + session->userauth_host_method_len + hostname_len + + local_username_len + pubkeydata_len + 48; + + /* + * Preallocate space for an overall length, method name again, + * and the signature, which won't be any larger than the size of + * the publickeydata itself + */ + session->userauth_host_s = session->userauth_host_packet = + LIBSSH2_ALLOC(session, + session->userauth_host_packet_len + 4 + (4 + + session-> + userauth_host_method_len) + + (4 + pubkeydata_len)); + if (!session->userauth_host_packet) { + LIBSSH2_FREE(session, session->userauth_host_method); + session->userauth_host_method = NULL; + return -1; + } + + *(session->userauth_host_s++) = SSH_MSG_USERAUTH_REQUEST; + libssh2_htonu32(session->userauth_host_s, username_len); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, username, username_len); + session->userauth_host_s += username_len; + + libssh2_htonu32(session->userauth_host_s, 14); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, "ssh-connection", 14); + session->userauth_host_s += 14; + + libssh2_htonu32(session->userauth_host_s, 9); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, "hostbased", 9); + session->userauth_host_s += 9; + + libssh2_htonu32(session->userauth_host_s, + session->userauth_host_method_len); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, session->userauth_host_method, + session->userauth_host_method_len); + session->userauth_host_s += session->userauth_host_method_len; + + libssh2_htonu32(session->userauth_host_s, pubkeydata_len); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, pubkeydata, pubkeydata_len); + session->userauth_host_s += pubkeydata_len; + + libssh2_htonu32(session->userauth_host_s, hostname_len); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, hostname, hostname_len); + session->userauth_host_s += hostname_len; + + libssh2_htonu32(session->userauth_host_s, local_username_len); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, local_username, local_username_len); + session->userauth_host_s += local_username_len; + + if (libssh2_file_read_privatekey + (session, &privkeyobj, &abstract, session->userauth_host_method, + session->userauth_host_method_len, privatekey, passphrase)) { + LIBSSH2_FREE(session, session->userauth_host_method); + session->userauth_host_method = NULL; + LIBSSH2_FREE(session, session->userauth_host_packet); + session->userauth_host_packet = NULL; + return -1; + } + + libssh2_htonu32(buf, session->session_id_len); + datavec[0].iov_base = buf; + datavec[0].iov_len = 4; + datavec[1].iov_base = session->session_id; + datavec[1].iov_len = session->session_id_len; + datavec[2].iov_base = session->userauth_host_packet; + datavec[2].iov_len = session->userauth_host_packet_len; + + if (privkeyobj->signv(session, &sig, &sig_len, 3, datavec, &abstract)) { + LIBSSH2_FREE(session, session->userauth_host_method); + session->userauth_host_method = NULL; + LIBSSH2_FREE(session, session->userauth_host_packet); + session->userauth_host_packet = NULL; + if (privkeyobj->dtor) { + privkeyobj->dtor(session, &abstract); + } + return -1; + } + + if (privkeyobj->dtor) { + privkeyobj->dtor(session, &abstract); + } + + if (sig_len > pubkeydata_len) { + unsigned char *newpacket; + /* Should *NEVER* happen, but...well.. better safe than sorry */ + newpacket = LIBSSH2_REALLOC(session, session->userauth_host_packet, session->userauth_host_packet_len + 4 + (4 + session->userauth_host_method_len) + (4 + sig_len)); /* PK sigblob */ + if (!newpacket) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Failed allocating additional space for userauth-hostbased packet", + 0); + LIBSSH2_FREE(session, sig); + LIBSSH2_FREE(session, session->userauth_host_packet); + session->userauth_host_packet = NULL; + LIBSSH2_FREE(session, session->userauth_host_method); + session->userauth_host_method = NULL; + return -1; + } + session->userauth_host_packet = newpacket; + } + + session->userauth_host_s = + session->userauth_host_packet + session->userauth_host_packet_len; + + libssh2_htonu32(session->userauth_host_s, + 4 + session->userauth_host_method_len + 4 + sig_len); + session->userauth_host_s += 4; + + libssh2_htonu32(session->userauth_host_s, + session->userauth_host_method_len); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, session->userauth_host_method, + session->userauth_host_method_len); + session->userauth_host_s += session->userauth_host_method_len; + LIBSSH2_FREE(session, session->userauth_host_method); + session->userauth_host_method = NULL; + + libssh2_htonu32(session->userauth_host_s, sig_len); + session->userauth_host_s += 4; + memcpy(session->userauth_host_s, sig, sig_len); + session->userauth_host_s += sig_len; + LIBSSH2_FREE(session, sig); + + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Attempting hostbased authentication"); + + session->userauth_host_state = libssh2_NB_state_created; + } + + if (session->userauth_host_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, session->userauth_host_packet, + session->userauth_host_s - + session->userauth_host_packet); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send userauth-hostbased request", 0); + LIBSSH2_FREE(session, session->userauth_host_packet); + session->userauth_host_packet = NULL; + session->userauth_host_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, session->userauth_host_packet); + session->userauth_host_packet = NULL; + + session->userauth_host_state = libssh2_NB_state_sent; + } + + if (session->userauth_host_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, + &session->userauth_host_data, + &data_len, 0, NULL, 0, + &session-> + userauth_host_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + session->userauth_host_state = libssh2_NB_state_idle; + return -1; + } + + if (session->userauth_host_data[0] == SSH_MSG_USERAUTH_SUCCESS) { + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Hostbased authentication successful"); + /* We are us and we've proved it. */ + LIBSSH2_FREE(session, session->userauth_host_data); + session->userauth_host_data = NULL; + session->state |= LIBSSH2_STATE_AUTHENTICATED; + session->userauth_host_state = libssh2_NB_state_idle; + return 0; + } + } + + /* This public key is not allowed for this user on this server */ + LIBSSH2_FREE(session, session->userauth_host_data); + session->userauth_host_data = NULL; + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED, + "Invalid signature for supplied public key, or bad username/public key combination", + 0); + session->userauth_host_state = libssh2_NB_state_idle; + return -1; +} + +/* }}} */ + +/* {{{ libssh2_userauth_publickey_fromfile_ex + * Authenticate using a keypair found in the named files + */ +LIBSSH2_API int +libssh2_userauth_publickey_fromfile_ex(LIBSSH2_SESSION * session, + const char *username, + unsigned int username_len, + const char *publickey, + const char *privatekey, + const char *passphrase) +{ + const LIBSSH2_HOSTKEY_METHOD *privkeyobj; + void *abstract; + unsigned char buf[5]; + struct iovec datavec[4]; + unsigned char *pubkeydata, *sig; + unsigned char reply_codes[4] = + { SSH_MSG_USERAUTH_SUCCESS, SSH_MSG_USERAUTH_FAILURE, + SSH_MSG_USERAUTH_PK_OK, 0 + }; + unsigned long pubkeydata_len, sig_len; + int rc; + + if (session->userauth_pblc_state == libssh2_NB_state_idle) { + /* Zero the whole thing out */ + memset(&session->userauth_pblc_packet_requirev_state, 0, + sizeof(session->userauth_pblc_packet_requirev_state)); + + if (libssh2_file_read_publickey + (session, &session->userauth_pblc_method, + &session->userauth_pblc_method_len, &pubkeydata, &pubkeydata_len, + publickey)) { + return -1; + } + + /* + * 45 = packet_type(1) + username_len(4) + servicename_len(4) + + * service_name(14)"ssh-connection" + authmethod_len(4) + + * authmethod(9)"publickey" + sig_included(1)'\0' + algmethod_len(4) + + * publickey_len(4) + */ + session->userauth_pblc_packet_len = + username_len + session->userauth_pblc_method_len + pubkeydata_len + + 45; + + /* + * Preallocate space for an overall length, method name again, and + * the signature, which won't be any larger than the size of the + * publickeydata itself + */ + session->userauth_pblc_s = session->userauth_pblc_packet = + LIBSSH2_ALLOC(session, + session->userauth_pblc_packet_len + 4 + (4 + + session-> + userauth_pblc_method_len) + + (4 + pubkeydata_len)); + if (!session->userauth_pblc_packet) { + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + LIBSSH2_FREE(session, pubkeydata); + return -1; + } + + *(session->userauth_pblc_s++) = SSH_MSG_USERAUTH_REQUEST; + libssh2_htonu32(session->userauth_pblc_s, username_len); + session->userauth_pblc_s += 4; + memcpy(session->userauth_pblc_s, username, username_len); + session->userauth_pblc_s += username_len; + + libssh2_htonu32(session->userauth_pblc_s, 14); + session->userauth_pblc_s += 4; + memcpy(session->userauth_pblc_s, "ssh-connection", 14); + session->userauth_pblc_s += 14; + + libssh2_htonu32(session->userauth_pblc_s, 9); + session->userauth_pblc_s += 4; + memcpy(session->userauth_pblc_s, "publickey", 9); + session->userauth_pblc_s += 9; + + session->userauth_pblc_b = session->userauth_pblc_s; + /* Not sending signature with *this* packet */ + *(session->userauth_pblc_s++) = 0; + + libssh2_htonu32(session->userauth_pblc_s, + session->userauth_pblc_method_len); + session->userauth_pblc_s += 4; + memcpy(session->userauth_pblc_s, session->userauth_pblc_method, + session->userauth_pblc_method_len); + session->userauth_pblc_s += session->userauth_pblc_method_len; + + libssh2_htonu32(session->userauth_pblc_s, pubkeydata_len); + session->userauth_pblc_s += 4; + memcpy(session->userauth_pblc_s, pubkeydata, pubkeydata_len); + session->userauth_pblc_s += pubkeydata_len; + LIBSSH2_FREE(session, pubkeydata); + + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Attempting publickey authentication"); + + session->userauth_pblc_state = libssh2_NB_state_created; + } + + if (session->userauth_pblc_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, session->userauth_pblc_packet, + session->userauth_pblc_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send userauth-publickey request", 0); + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; + } + + session->userauth_pblc_state = libssh2_NB_state_sent; + } + + if (session->userauth_pblc_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, + &session->userauth_pblc_data, + &session->userauth_pblc_data_len, 0, + NULL, 0, + &session-> + userauth_pblc_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; + } + + if (session->userauth_pblc_data[0] == SSH_MSG_USERAUTH_SUCCESS) { + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Pubkey authentication prematurely successful"); + /* + * God help any SSH server that allows an UNVERIFIED + * public key to validate the user + */ + LIBSSH2_FREE(session, session->userauth_pblc_data); + session->userauth_pblc_data = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + session->state |= LIBSSH2_STATE_AUTHENTICATED; + session->userauth_pblc_state = libssh2_NB_state_idle; + return 0; + } + + if (session->userauth_pblc_data[0] == SSH_MSG_USERAUTH_FAILURE) { + /* This public key is not allowed for this user on this server */ + LIBSSH2_FREE(session, session->userauth_pblc_data); + session->userauth_pblc_data = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_UNRECOGNIZED, + "Username/PublicKey combination invalid", 0); + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; + } + + /* Semi-Success! */ + LIBSSH2_FREE(session, session->userauth_pblc_data); + session->userauth_pblc_data = NULL; + + if (libssh2_file_read_privatekey + (session, &privkeyobj, &abstract, session->userauth_pblc_method, + session->userauth_pblc_method_len, privatekey, passphrase)) { + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; + } + + *session->userauth_pblc_b = 0x01; + + libssh2_htonu32(buf, session->session_id_len); + datavec[0].iov_base = buf; + datavec[0].iov_len = 4; + datavec[1].iov_base = session->session_id; + datavec[1].iov_len = session->session_id_len; + datavec[2].iov_base = session->userauth_pblc_packet; + datavec[2].iov_len = session->userauth_pblc_packet_len; + + if (privkeyobj->signv(session, &sig, &sig_len, 3, datavec, &abstract)) { + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + if (privkeyobj->dtor) { + privkeyobj->dtor(session, &abstract); + } + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; + } + + if (privkeyobj->dtor) { + privkeyobj->dtor(session, &abstract); + } + + if (sig_len > pubkeydata_len) { + unsigned char *newpacket; + /* Should *NEVER* happen, but...well.. better safe than sorry */ + newpacket = LIBSSH2_REALLOC(session, session->userauth_pblc_packet, session->userauth_pblc_packet_len + 4 + (4 + session->userauth_pblc_method_len) + (4 + sig_len)); /* PK sigblob */ + if (!newpacket) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Failed allocating additional space for userauth-publickey packet", + 0); + LIBSSH2_FREE(session, sig); + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; + } + session->userauth_pblc_packet = newpacket; + } + + session->userauth_pblc_s = + session->userauth_pblc_packet + session->userauth_pblc_packet_len; + + libssh2_htonu32(session->userauth_pblc_s, + 4 + session->userauth_pblc_method_len + 4 + sig_len); + session->userauth_pblc_s += 4; + + libssh2_htonu32(session->userauth_pblc_s, + session->userauth_pblc_method_len); + session->userauth_pblc_s += 4; + memcpy(session->userauth_pblc_s, session->userauth_pblc_method, + session->userauth_pblc_method_len); + session->userauth_pblc_s += session->userauth_pblc_method_len; + LIBSSH2_FREE(session, session->userauth_pblc_method); + session->userauth_pblc_method = NULL; + + libssh2_htonu32(session->userauth_pblc_s, sig_len); + session->userauth_pblc_s += 4; + memcpy(session->userauth_pblc_s, sig, sig_len); + session->userauth_pblc_s += sig_len; + LIBSSH2_FREE(session, sig); + + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Attempting publickey authentication -- phase 2"); + + session->userauth_pblc_state = libssh2_NB_state_sent1; + } + + if (session->userauth_pblc_state == libssh2_NB_state_sent1) { + rc = libssh2_packet_write(session, session->userauth_pblc_packet, + session->userauth_pblc_s - + session->userauth_pblc_packet); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send userauth-publickey request", 0); + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, session->userauth_pblc_packet); + session->userauth_pblc_packet = NULL; + + session->userauth_pblc_state = libssh2_NB_state_sent2; + } + + /* PK_OK is no longer valid */ + reply_codes[2] = 0; + + rc = libssh2_packet_requirev_ex(session, reply_codes, + &session->userauth_pblc_data, + &session->userauth_pblc_data_len, 0, NULL, + 0, + &session-> + userauth_pblc_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; + } + + if (session->userauth_pblc_data[0] == SSH_MSG_USERAUTH_SUCCESS) { + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Publickey authentication successful"); + /* We are us and we've proved it. */ + LIBSSH2_FREE(session, session->userauth_pblc_data); + session->userauth_pblc_data = NULL; + session->state |= LIBSSH2_STATE_AUTHENTICATED; + session->userauth_pblc_state = libssh2_NB_state_idle; + return 0; + } + + /* This public key is not allowed for this user on this server */ + LIBSSH2_FREE(session, session->userauth_pblc_data); + session->userauth_pblc_data = NULL; + libssh2_error(session, LIBSSH2_ERROR_PUBLICKEY_UNVERIFIED, + "Invalid signature for supplied public key, or bad username/public key combination", + 0); + session->userauth_pblc_state = libssh2_NB_state_idle; + return -1; +} + +/* }}} */ + +/* {{{ libssh2_userauth_keyboard_interactive + * Authenticate using a challenge-response authentication + */ +LIBSSH2_API int +libssh2_userauth_keyboard_interactive_ex(LIBSSH2_SESSION * session, + const char *username, + unsigned int username_len, + LIBSSH2_USERAUTH_KBDINT_RESPONSE_FUNC((*response_callback))) +{ + unsigned char *s; + int rc; + + static const unsigned char reply_codes[4] = { SSH_MSG_USERAUTH_SUCCESS, + SSH_MSG_USERAUTH_FAILURE, SSH_MSG_USERAUTH_INFO_REQUEST, 0 + }; + unsigned int language_tag_len; + unsigned int i; + + if (session->userauth_kybd_state == libssh2_NB_state_idle) { + session->userauth_kybd_auth_name = NULL; + session->userauth_kybd_auth_instruction = NULL; + session->userauth_kybd_num_prompts = 0; + session->userauth_kybd_auth_failure = 1; + session->userauth_kybd_prompts = NULL; + session->userauth_kybd_responses = NULL; + + /* Zero the whole thing out */ + memset(&session->userauth_kybd_packet_requirev_state, 0, + sizeof(session->userauth_kybd_packet_requirev_state)); + + session->userauth_kybd_packet_len = 1 /* byte SSH_MSG_USERAUTH_REQUEST */ + + 4 + username_len /* string user name (ISO-10646 UTF-8, as defined in [RFC-3629]) */ + + 4 + 14 /* string service name (US-ASCII) */ + + 4 + 20 /* string "keyboard-interactive" (US-ASCII) */ + + 4 + 0 /* string language tag (as defined in [RFC-3066]) */ + + 4 + 0 /* string submethods (ISO-10646 UTF-8) */ + ; + + session->userauth_kybd_data = s = + LIBSSH2_ALLOC(session, session->userauth_kybd_packet_len); + if (!s) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for keyboard-interactive authentication", + 0); + return -1; + } + + *s++ = SSH_MSG_USERAUTH_REQUEST; + + /* user name */ + libssh2_htonu32(s, username_len); + s += 4; + memcpy(s, username, username_len); + s += username_len; + + /* service name */ + libssh2_htonu32(s, sizeof("ssh-connection") - 1); + s += 4; + memcpy(s, "ssh-connection", sizeof("ssh-connection") - 1); + s += sizeof("ssh-connection") - 1; + + /* "keyboard-interactive" */ + libssh2_htonu32(s, sizeof("keyboard-interactive") - 1); + s += 4; + memcpy(s, "keyboard-interactive", sizeof("keyboard-interactive") - 1); + s += sizeof("keyboard-interactive") - 1; + + /* language tag */ + libssh2_htonu32(s, 0); + s += 4; + + /* submethods */ + libssh2_htonu32(s, 0); + s += 4; + + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Attempting keyboard-interactive authentication"); + + session->userauth_kybd_state = libssh2_NB_state_created; + } + + if (session->userauth_kybd_state == libssh2_NB_state_created) { + rc = libssh2_packet_write(session, session->userauth_kybd_data, + session->userauth_kybd_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send keyboard-interactive request", 0); + LIBSSH2_FREE(session, session->userauth_kybd_data); + session->userauth_kybd_data = NULL; + session->userauth_kybd_state = libssh2_NB_state_idle; + return -1; + } + LIBSSH2_FREE(session, session->userauth_kybd_data); + session->userauth_kybd_data = NULL; + + session->userauth_kybd_state = libssh2_NB_state_sent; + } + + for(;;) { + if (session->userauth_kybd_state == libssh2_NB_state_sent) { + rc = libssh2_packet_requirev_ex(session, reply_codes, + &session->userauth_kybd_data, + &session->userauth_kybd_data_len, + 0, NULL, 0, + &session-> + userauth_kybd_packet_requirev_state); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } else if (rc) { + session->userauth_kybd_state = libssh2_NB_state_idle; + return -1; + } + + if (session->userauth_kybd_data[0] == SSH_MSG_USERAUTH_SUCCESS) { + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Keyboard-interactive authentication successful"); + LIBSSH2_FREE(session, session->userauth_kybd_data); + session->userauth_kybd_data = NULL; + session->state |= LIBSSH2_STATE_AUTHENTICATED; + session->userauth_kybd_state = libssh2_NB_state_idle; + return 0; + } + + if (session->userauth_kybd_data[0] == SSH_MSG_USERAUTH_FAILURE) { + LIBSSH2_FREE(session, session->userauth_kybd_data); + session->userauth_kybd_data = NULL; + session->userauth_kybd_state = libssh2_NB_state_idle; + return -1; + } + + /* server requested PAM-like conversation */ + + s = session->userauth_kybd_data + 1; + + /* string name (ISO-10646 UTF-8) */ + session->userauth_kybd_auth_name_len = libssh2_ntohu32(s); + s += 4; + session->userauth_kybd_auth_name = + LIBSSH2_ALLOC(session, session->userauth_kybd_auth_name_len); + if (!session->userauth_kybd_auth_name) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for keyboard-interactive 'name' request field", + 0); + goto cleanup; + } + memcpy(session->userauth_kybd_auth_name, s, + session->userauth_kybd_auth_name_len); + s += session->userauth_kybd_auth_name_len; + + /* string instruction (ISO-10646 UTF-8) */ + session->userauth_kybd_auth_instruction_len = libssh2_ntohu32(s); + s += 4; + session->userauth_kybd_auth_instruction = + LIBSSH2_ALLOC(session, + session->userauth_kybd_auth_instruction_len); + if (!session->userauth_kybd_auth_instruction) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for keyboard-interactive 'instruction' request field", + 0); + goto cleanup; + } + memcpy(session->userauth_kybd_auth_instruction, s, + session->userauth_kybd_auth_instruction_len); + s += session->userauth_kybd_auth_instruction_len; + + /* string language tag (as defined in [RFC-3066]) */ + language_tag_len = libssh2_ntohu32(s); + s += 4; + /* ignoring this field as deprecated */ + s += language_tag_len; + + /* int num-prompts */ + session->userauth_kybd_num_prompts = libssh2_ntohu32(s); + s += 4; + + session->userauth_kybd_prompts = + LIBSSH2_ALLOC(session, + sizeof(LIBSSH2_USERAUTH_KBDINT_PROMPT) * + session->userauth_kybd_num_prompts); + if (!session->userauth_kybd_prompts) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for keyboard-interactive prompts array", + 0); + goto cleanup; + } + memset(session->userauth_kybd_prompts, 0, + sizeof(LIBSSH2_USERAUTH_KBDINT_PROMPT) * + session->userauth_kybd_num_prompts); + + session->userauth_kybd_responses = + LIBSSH2_ALLOC(session, + sizeof(LIBSSH2_USERAUTH_KBDINT_RESPONSE) * + session->userauth_kybd_num_prompts); + if (!session->userauth_kybd_responses) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for keyboard-interactive responses array", + 0); + goto cleanup; + } + memset(session->userauth_kybd_responses, 0, + sizeof(LIBSSH2_USERAUTH_KBDINT_RESPONSE) * + session->userauth_kybd_num_prompts); + + for(i = 0; i != session->userauth_kybd_num_prompts; ++i) { + /* string prompt[1] (ISO-10646 UTF-8) */ + session->userauth_kybd_prompts[i].length = libssh2_ntohu32(s); + s += 4; + session->userauth_kybd_prompts[i].text = + LIBSSH2_ALLOC(session, + session->userauth_kybd_prompts[i].length); + if (!session->userauth_kybd_prompts[i].text) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for keyboard-interactive prompt message", + 0); + goto cleanup; + } + memcpy(session->userauth_kybd_prompts[i].text, s, + session->userauth_kybd_prompts[i].length); + s += session->userauth_kybd_prompts[i].length; + + /* boolean echo[1] */ + session->userauth_kybd_prompts[i].echo = *s++; + } + + response_callback(session->userauth_kybd_auth_name, + session->userauth_kybd_auth_name_len, + session->userauth_kybd_auth_instruction, + session->userauth_kybd_auth_instruction_len, + session->userauth_kybd_num_prompts, + session->userauth_kybd_prompts, + session->userauth_kybd_responses, + &session->abstract); + + _libssh2_debug(session, LIBSSH2_DBG_AUTH, + "Keyboard-interactive response callback function invoked"); + + session->userauth_kybd_packet_len = 1 /* byte SSH_MSG_USERAUTH_INFO_RESPONSE */ + + 4 /* int num-responses */ + ; + + for(i = 0; i != session->userauth_kybd_num_prompts; ++i) { + /* string response[1] (ISO-10646 UTF-8) */ + session->userauth_kybd_packet_len += + 4 + session->userauth_kybd_responses[i].length; + } + + session->userauth_kybd_data = s = + LIBSSH2_ALLOC(session, session->userauth_kybd_packet_len); + if (!s) { + libssh2_error(session, LIBSSH2_ERROR_ALLOC, + "Unable to allocate memory for keyboard-interactive response packet", + 0); + goto cleanup; + } + + *s = SSH_MSG_USERAUTH_INFO_RESPONSE; + s++; + libssh2_htonu32(s, session->userauth_kybd_num_prompts); + s += 4; + + for(i = 0; i != session->userauth_kybd_num_prompts; ++i) { + libssh2_htonu32(s, session->userauth_kybd_responses[i].length); + s += 4; + memcpy(s, session->userauth_kybd_responses[i].text, + session->userauth_kybd_responses[i].length); + s += session->userauth_kybd_responses[i].length; + } + + session->userauth_kybd_state = libssh2_NB_state_sent1; + } + + if (session->userauth_kybd_state == libssh2_NB_state_sent1) { + rc = libssh2_packet_write(session, session->userauth_kybd_data, + session->userauth_kybd_packet_len); + if (rc == PACKET_EAGAIN) { + return PACKET_EAGAIN; + } + if (rc) { + libssh2_error(session, LIBSSH2_ERROR_SOCKET_SEND, + "Unable to send userauth-keyboard-interactive request", + 0); + goto cleanup; + } + + session->userauth_kybd_auth_failure = 0; + } + + cleanup: + /* + * It's safe to clean all the data here, because unallocated pointers + * are filled by zeroes + */ + + LIBSSH2_FREE(session, session->userauth_kybd_data); + session->userauth_kybd_data = NULL; + + if (session->userauth_kybd_prompts) { + for(i = 0; i != session->userauth_kybd_num_prompts; ++i) { + LIBSSH2_FREE(session, session->userauth_kybd_prompts[i].text); + session->userauth_kybd_prompts[i].text = NULL; + } + } + + if (session->userauth_kybd_responses) { + for(i = 0; i != session->userauth_kybd_num_prompts; ++i) { + LIBSSH2_FREE(session, + session->userauth_kybd_responses[i].text); + session->userauth_kybd_responses[i].text = NULL; + } + } + + LIBSSH2_FREE(session, session->userauth_kybd_prompts); + session->userauth_kybd_prompts = NULL; + LIBSSH2_FREE(session, session->userauth_kybd_responses); + session->userauth_kybd_responses = NULL; + + if (session->userauth_kybd_auth_failure) { + session->userauth_kybd_state = libssh2_NB_state_idle; + return -1; + } + + session->userauth_kybd_state = libssh2_NB_state_sent; + } +} + +/* }}} */ diff --git a/libssh2/lib/libssh2.a b/libssh2/lib/libssh2.a deleted file mode 100644 index 1235448aeeb4a281bb588f5b4dd8d4280d15b426..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 452112 zcmd444|J5*l_&VBBtRGevMndFjY)yABgX;@5O&FyaUsi2VPspjWk+c%=npC)wS}Ze z!WMf9yOdU+mAB~``7D`Hb})@IBuftJKF%C^m)_7Ba+=X$88S^ym<)Z|nI+R? zmh_M`Nr<(--+lL0z54W(B>!QuvWxfU-gobP_uY5j-|zeW-TVL7cZ@Mn{BFUIf7Pbw zXOjq-w+O!?q)(gZl_c|4)pZQ+=-zzO-RmFNP#w$tt=~{xQ@wG+rW#~!s$LI(1+TBJ zez2w{7TfsHgZP(!?Kicxt$X3~Pd7aAWbB1!pKpGm0d(|7bXE!v)7p^y!PnEcja+7X8pfz7V4n z#w@#re?F;UT*Id|{Gx{cvxfh>hW}2(i#CizH2k!N&uF+)!`C(Zml__|@cSD6qYb0C zYgnt{3mSe&!+jclQ^P;g@b7I{RIK4j4Ieh<_ra?OI{W$&gs9KIc^Bbc4S#0!P`uEF zMgPK>f8PT5Uz$i`yD`O|RCuL^NfYTQLw>7 z=sWudU+Wm`YU|jsBQ-D_Qc~eNI{J2`dJDsQdxnNnec>zyQy~@kVrm%JJ;QB7!yUuB zhh|cS9=du{zyaN^R99P9$8g8|ur|y@>+RpsF&rXAAISG~&BX5?C{US!jvcQ+athPd zo9dfca$vB3M`~z@)fyb$JunktFxAl&swXsTs^`^I+iN|2UHz}Mb#(pq?xBzt8BBd? zcWP+3ZD4p$D48Lst1Z+Dh9Gz+H1SGL-xp`f1!$`8)libJb)cQZAVX9oz)*f#k%ARg z_-lhb!))i7A{B;=tY6;-MdX+2-!;&-D>dBR-{qUr;GTiunc3a_L&LA6_Ox|(40Y!i zyWAO6UP+CB7yITHJu4bQL-+LeDfPC2!Iancc6IES$+oj&DD_}XTUTmFf0sw7d$_-E z_eRfdCF8-GoMe5&{oQ#OlHp?v4|eSENUEWBba_qY@`hf?Q(P`Pzxg%4bN8TU=bA|? zgewZ8qo90Rw2~p1UdprRf!&?GJ;>SvThH$jIY>`mPiP7Ho3@>);T>M<vQB#SK@{_A)8FfP z)B&Wj-k*KOW2ko4(K*Cc_DDFUJ34xMJK>u088~QH&(My3@W;U6*V=)1_I7ywAe)<~ zK9@_kJ=2FcC|fI(MQ;b1D>XRS*FUpX4%R<76E>qGI!@tQ&O(FEcWCGEfc0SL@f=q? zRs?ko=W%D&P7X}@m0@c_3J`bKD;Tb4l9(~L2$evSvplmxDGa9iI(Frou%)pp z6n!X_dL>Zd5IZNw@H!9e+11{*&q( z?&0|CnS2&bmrSqO)wXl6f7i|)nG%H1fg9=U=S-%jZy2O^409;;tvyST&LM=rK*!L~ zYyBV)S}5ls^2EsY{(;mk_39$P7gI3iFyIhJZ%m~E(1DIYf3}x(vc4D4OjTr-_>P`| zZg`d*9Opc$nr+QBi`+HT(bkuG&BN0i3|>92$`mONcc{B#ecMpa7vT?Q=D(U6?Af`; zgAC4~t~nvp2??W~%~$Hi{uNs9R&Oe>-rcY<9_Mlw>s_5vuj^M@4Br3AFaH_=*W5SZ zhxH=X*(Mq{CWa`}k+Y1<{7YR1Ub8U_WqrN~;X>lIwGCrB$(a3XYioX@1(^ANt%q%S zuJ5}O;PcxVgJq)rwY3fO>_C6(?C%{K-rc!=CXLpUDBlilSPcV;%h3 z8iX5-*)xtJEVl%|Cj9tEeEwG8w;I2j@hkB6D$1Kr2Z8_gyVKY9ubMuY-n?XF;&s!K z*^Xb-T$@;FR%rYR;uT5k@gQB1sW+t=z~1<>NhIDjWs(;)rHWsHvUS79ehOdK?=#0R}F{;l8-+Tag9;8zLx)~GBq z_@mJcae!MH51={%)}4P*u?v0 z{H>K{-&>o_1bB^PqUC8@#|7m~3!iBDm=_=S;w+Pa3=`@4XgTz8Ghq|a@_iZb**5+D zo^<=2BbqlUW>2O;<5Jx*F|D9>8NrJ*68!ziL~S$LMA=QrBioJi0wLvDo54zWXMk z5!!*)Kcc#r{w4A&RQJiGSyEx?myg90kRSBpkSG1bts_bE^4kKdhwfHF*HP3H^nT}S zR+p~c&{HO?-V=8@{Qw`mM(cgj^7~lp-RRYO-E8$H@0?C;J;HQKJZCpKT`j&WvQr4~V^i))mLg*2g3QX|=m7zU5(MK|e5YU*4eW|&(@`X0e2kz+tDA__Sb&!v9^EOYyY*gwSUqqV14SKi{F~GZCFPiD003I zSr3{_(tIu@IIwrgw{-|<>(Bifc=R20X>&`tSJz4Oi8}TP(7HX3mgO;qeEMDTwmfY9 zc+$K?`^n|Quc-~xfzL$N9#)E8_rd-qvTY&u_qiUFp9so?`bOc?(ty!6=pUnrgOOII zM^~4-_7b1Bcg?nu^a9HM(y!U3s26n>kDKWqsDBq5pij!mCUheo#dl44ZCF{L4S$gD zyB4;ho^h4oM%dMPPo}#I$n*=!lr+(c)Ft#>6wq@~;$ZX?VYREvIo6ES)|c;Ri2gnf z`7=81ED%^{d4}VT`13DsFWHMW-TUMVBk_wSk}fG4sg0T9y}$i3+UCW`|G>7n?&)Dk z0X+oTrud|58`zoDAN8FWN1tmp3pb<9UPiu*J-P9ud;LPJqTE>6^G}>mNvDl*_?I-h| zsJWmzmU=@srJnvTFz)K@&wU+^?Mp`RvSrZ*vz62SCpfMzO1RP_;k%OL$F)!fYY_O} zZ+si;5w3}3ZG!dDeAgx-W3>E$=(6p4gAwK-d5r!C>4{P}& z>8-LpDO32Ag_~l9OFB$P9?e6Fdq~H0&IJxxxo*UINgk01~ z+|Hq%{vPCx>s(3g9dL~O$WLeMEc2gdIR9b24yU7NKj7%xERHzGR!4I*NE2m_c<_!O zd~`M7mgiVL&!>N;JdcF%9QSB04bp_Yab9*n%S-!!&lJk&9N_sA@k6Gx?xcytFD4A< z0NbXo{D^Jp=BC*#Xm;Xu+fei!=$ z-KcXZ3=vC9>W}Ja4_< zl{AZEpql_r)1<9q0y^OOhyFhS|GzY8p5pq4`COYMz%L>E>YqK5L7CA`Q#@L4O2#oB zVcaus^_b$fwwjX3t>Uv;ZmHIvd?GXWSiKx4Kij{zvj1fHd2PvkqywPUj&>|l8IEI~ z)K1-?pBx9AdT!6^Nqm6F4;_{t*Z!DLACLh4A&>9gJied_dD$P|C4H2qeQ}+1UirE9 zJpme%xpmUk?`8WV*KYaiBxy_9fbQ`y{ZZQdq}S#R1=`%7i=)jKRiWN)&U41r?c=n= zCO40y{vInJldO}h9>q?mU(si_?ehJP+Ofp}UCy=Nm2jm&offuy1X^69`E86f+5*nA zCTly<|5uuZ+RgA+Xk)RtFF&(_>*2lkZsVND-~yMajTvLtVV||@3%ee_(QS|ZCgUk} z)+{T%A*u#sX9C;oF4?`ZP8{1)Cwkq_+=bHCW*6*v&V|^?AZa(xr zX1mLHebepv27Teh!hT2Ae|Kj%Ukz_&rv4=bJTI@W*mCvnO3vLdH&X<@nUNi z^)f$4K6OufS&ca7Ff1Fh{WNkK>1OqR&2GNp_Z6LQG(z4+l;_;KQTzBlDVsmfY!1vh znx(zS19-%zY$4}L&32yIa87mI44ZX+ka0K9MBL3Yr>7wg`dbnEWD+=To|$Cd5LsVG ze#Vq1&12j@XFlhd$YFekJ|h! zKkVx_fZy-?{16{k9g}xMRtGYNOwj)}K(9%iJCZ)zs08hiwDZ=-9u3k%eKCJDG41cf zUjx~w3)jA!PxgXFGh}Mae1~T?kA0=U{L$J4%7Z5T3vGh^mNwBC923a{{4uv7|40e& zbj~+z?dfB+i6^=|n{ac!piQ_r-+bhTEtweXNbN`LvI+X*+A)s$HYLsGwFUH4#yL0e z=;zO&-f_f%kMR$o?HAL>sJ~JAJ=+$=OlR9Xf9}b)TA}`vesvt>=!=7#`fd7*yS8G3CvUZ4$C7vf7=P=^-EIS-#SN2@^$A>v~!UIxOEPOxRaZH zL-NrUv;)5^+loB7UqJm+M{bN}ybfirFb^=&s1rNWJks^-B@Q|cj{Yrv%B8QOEcukh zqtnxjgC6H8v{}~A@<$wbGxs3pITm5RWFPiRCa_(M$ zq@F|FMqJ3$%rIVWT2&tg>BQ)2^eIb=@a$f+zbC8nPttH>Uz4^6Wzha8`;7_D-l$Wi zovl?VKem(L72-F#+1UMw=w`PTNkC>dPBHFm3i04LRono&JP+=iL_d+ZI}f(?jKTNl zS#Isq3eTR|VjL?k3A6Vlf1iC?%MEdw@CFtzHWaccn&?0 zH1YrB(?uImNBclOaOPXP8~JR*+&MI4#`rP`8ea{eu^%*YYX=$cYS#mAGLHt^-;QVW z1#COcF*tsWFb!L9?JIMX-26HI=jx}~@6d;`e#Z0D(KF!X&Th{D?_;)w$4;o9Vf&-c z%3T=7eOqwjQv!9Nor!%?mO|r#EpO|s@kZ3ojak=N_QTMsU5z_cmVc@9p-J-~+ux1p zej8xFLdKHu+D==pmi=^PcHhGGhcDM%@%Akud%IsAsm1v*=+2{kB2`}dtWY`V7ybH{ zAm3jP?0{VKFIESThw(Xd33}q&Id&hPXW5V2R<3!r;?@#DTlufLmSB72=>dA0@Ay1p z%@Fj{xW{(jt7qmy;XSZ{V!F>Yi$@kg!5f^RK%@96&KxGX2Y{Em^!}Hl) zqyfHNp3m;Gd~bx$e%P(!sBd>?EvS1vBXa$$_#9-Mr_bJ)@BiQz;jmY zqnn-2es~IXH*a>DV)*R^+~58x_P61?c|U_bnr8_z{zKkbeD_AKAHweORKs2h`0VJ8fF}2{b!^)3tpJSYXAbt20PKhd+mi=F89Q!l=*Y`oY4+><#>pQt zhHUr=$`l$y+5w|o(T4po#Mv9quM)X2WW(rhehhi|nCBN(eSk59bqeig)PeR*skg@4 zXBk80O$%d4uj<$vL#k>2ZVd6;fMdvc!Z3zNIgB9#GslpJ8pFqs>Up$J!7;?I@5eEQ zfZlI<40+hy6-z*t4Fzl^IEG~P@BzkInCribx&ATC^*J^iK|kZT(FnS7 zMyltc?)cSw5j_h?Rt6JW4afcr>PVZjf#qwQC5LC%iFiexTzKX^fBta7VyD>Ef2Jj7N=u zH3ZZC8iM>dw-dZV{6;sMM!P<(!Cf9%&vIVk#v?mN0bQ04tRZ@Fr?eXRN#MIRL~gIk z%FZ=}?isCJEVy>u;TaS6!Z03H{nXEgJh~TFa~gFoG#-%;$0O>6{M~qz zatHR&s=kkW+D2|4?RDTDToFA2SO4Xa-Jpw-^b1vwvENRw$ zMeGaf3Ba0AHr{MX>h$b4xp#Gx?G{Iwcsg-QIo4z`-a+I%8|9Nz*>uvll^Ik#WzpHFVRO78i_t!}JoPqRt z-Y33^IIw{Uh8T+`)%FbJ*spzt;}_2YIQMq@V8vcJu4g3;UZj)rN#4G(w}#p$^rF~< zLqBzKZ_N6b*RSi`IW^}V?w%dv{$59L4OIrY=DCKt_eH_A<3Szz2-gVMpSqXlAO0GL zbq(2{y7zm?r*3omQEOT9IYJh!%v zTw_`2rBwAbZ(8uf`?ZYchu7S$Jn4u1HgJBJ>klahKRgLP?C##^9@b~pg!|z&^Jt%f z>kq%aC6MouP6O?evfrKb$nt zDx@)<$+M=Me>Q?nF~`(N=zbhOeb!_<*FRpm4SU#^96slIls{=!Kb`K8``7dnrS?vK z?!V9bxG3M`(SsbIXW`QduVxxN z5}J;A_}d}3!0lKP5m`o8%iRv@p)_rh*|QepQ(w$4v3JL(|2xtg3q_C6)nV|$JXyv{ z<{u`UZ86$u*G!;MEO}^Sw=W$y+arBU^CHCUEstCvYn?X>u;nS;OMW??=T0!a};;|iPB?x9$_3d#C941-jpkkc3hk^E8YEpLhZ=&*XyXC zJC{01I!{weSu_lJyI~_67^047Yus#89(7wHA=(~v?0Dus`|}~r-60>x5w1-*&*uFF+6nWHYyD0_ zPM$}=$K3fP>Q3_Ch7Ux3(yZ9){0?NrxFUC4L_Xqed3*X4WtB1qWSqf0Qv2Ko#+ho` zRi=IoY}elZ5Ig(w>U8Ei+$Xu?9hQYmP1wJ3K9RO^nlf6Qm{W-J-oqv40d_)R>}$sv z*Saj(aVib2YS!v>y?MBQE9JWdF0dgjstfC`w!}j zHBZ!yOQ%)V{oE5I9&~e-p|<-u#z#AC9(4-(CCn53M(sS~jo(8(56Ji+`C&K#+7a*( z+8NlH$}q9F)6PGXPqEKu?|lk`e0w`z9?8F_Td`N=6uZ>&rBWXF>BZ6Vi6wR&1KC7R z;4Aqmm&-e6Z6d<4$<@)#Y1X(r&{*N(pp!SZQN7R>>rlr_KAzf}Pe*K4%ecE@d3j2Q z^PD>HwRNKXU=7Z^0&5DkAD#=)zG>~P1irn|*%Isu{!gCI;aFFSd*_Sk`$sne2Vpvz zY(js{&V9B`|C8JAq78@5ec(SL6M&Jo^9wndqmX%adFgX(`)MEc(kE1RPB*7fkNwiW z4qP|NlQwmVap>kW@zJLQAGTkuwvYb!t6s$?zvBV?{gSrhyxf(Co(>?dE|a?tSEp$= z=2tPTZ6kP0hqViIYwrU^SMSp?p5wu49pCNP5RH_xJbe6rLB7ZjoSdxn<}}&~x)y&r zo;073^EX@H>2o?Z5MB%&HM#j?_Sx0&@k{2BScl2`bijWEI&^z!Sf9#zjQ7^+ET0J4 zU&b-mP9#BjVZ)xUy-l89m2pnzh~mc-FW+xrys~pE@%e01w43NuY3kal{7*P;sIN$? zZykqBZVp=Q42_?+ZM9JRjoOg-BgnrZ z*B@k!DRxVI=;mXv?>ibj`*!E$q4ur&O`LnkcmUb%@?^_c{pCHQMp-{X-@9YLlWl#0 zzV{>Pd$~D+^OcRBucR-fzi3S7*3IuxUf4phwt=L>d;x8lIPgIi6!(H{uN%@HhrK%2 z6sWVmFO2q(`;heI^sDD_kKf5jyTaT$8WXvp1Hdo4I%u6PLN{)HRfe&pjbn@G&Y11! z3rWGRH^h_kN6yo-WuX`7@S@W6)_%*m|I2atBJf4W;O+B@YZ;c^=k%U5%ij(w2YE`w zPujlYY>IgUcCLE!g6v#1J2!=IDm*tmPZ;V4{T0#w+Bx~b=>yWRIp z@xGZJJI|7P+;Zl+{5BsKvR&rfih0rw2w^WA`_Bs>gs>Ivv9tc;pzUnvVtR3r*gt4o z;9eE=y|)Ye&|vONpUHMnOb`i0Lr1H6yhhh6ac%$)`Lj9YuN&zEYQS;x@v zpK$fVq6dwi&-p+*&ju~m_LoIBR=+l{UfM_I>(I}B<$2l7q4gORnTLUnoqy)HljP<4 zHTn_gSl@G;Cc1^U5)&kI*hy2X}rR90$dQ)CMRM`|$|dXA)x} zLV4Z+a?U`*oho zf3KwSp*=dD9f)7mvR7+E`(z34BD;3D!nn$W@j%8p?#o_vd~KgCDfIjs>`L~$&_A%= zSed=^G6}j3fj-N$8_Q{f4X7*opx`ld^8){TV05!-u=}q!i2Cs*tHqr zxjomM{^i`1{r3=fu--i9^y|%Y&H=(;``Ps<@>;2bq$&C8JnXR{XOFTE$mb2H587x4 z+O`aF`%Kiq=_!>%?1T9Q``RpP!a_b7GUNR-zmh!xwX=QT_c8m=WoJGA`DB4H_=m`^ z@cLth^@a@?mCN%75fjuubSC#0@NSIT=b`^KPXE|*_54A^puO$gxw-swuHVagj%S~c zDX?~P^F(=GOy^V)neX~*H`q>#>fG&<^RC1=+U1?Fx?msvy{!DY-)QYOQmp!GNgBIf z=<-Fjde|E5$MqYm4W5RbSCY5%t(E9oh&#C7uTZW5<94!kvmKwY$Gx3%Jo*^ES8Q+P zwvk#qi(=m^w%})!TiWfw^x=@QZL^e>{Q)i8EpkWgyJpeG^aK99hISAtua?t3l--j} zXnq~e95Hre=Vx`Kqy3z1DElMeM?c9qHQ~&MPvJesY&p_nIr>n-zbpS=s2X@$QHD+DDQnvheivrp$2}$P*|2}gKBWKLyV&O(XR2Xm zrEZT4`z9IC&d^>US2^V1__PLL2JK=1ODpVz@?x8DKPV17&TnZ4?7On}g?`Dq263FR z;?AkO*V5fJaB0q?8XZ2yKAk^B{!Z^2kiXtF5IJbCC4!IqbOLK6_Cb4gD)s~Xz`oM- zF!0mFlRDTsRkB^e&fkJ(&Nw^fo<^gmlO%Z1fAYC=gOKTRN6(!}V+vC6k8Qv)WN&x$ z8;`z%^C!GN?{|N%<+H;VUYi4c!NFf{HRieJjoHza|9i2oqq8>^8}5(cD>m|> zuGkPhc9DwV<76@YctcD+|7FaR9ryxBmqWz&31YkOIiJBjdAP%S22wG8A;p*w+QX?` z1O0;?D3jx2zpa6u@wxupy!2?m!LYv!c#1zu|lqTcq~c2>ilI`Z_u?^n?lXp&BY_*|MNTb>Ps=t^8i;umL3tAy9OFZ+4& zNd53>uD+q2slm1OyLK`A0l!`NxRF-5D%O<(T)wI@m>R}s)nbD?Vvok|>AJ~04=)Bg zr60j3>0lHNfNx5D`qdO%A3qDVCmh8*@$8dAz+rW!;Ir@npYCCB$43ie zyBLpkregT0PyZl3x#YK#=oMn*9HW$xn(gY5kKN^(FIa!4SMk(2or-QKR)1fvDl^LR zYnN*s1+R|;Ka1&oim>v&SWn-p{jXp+cnzPBa>Qd$SzrG!U@>y#7p=rA&>}z1zn3o> z6a6z|K3{3W7Je59>6ZN()?k^5^yj*nK5AaNj&BAvzat{NG&W^kx@ObM&KmR57=8yV z{)?9^{)+>ES6TcQE>D>kdu{sWgfTCGSF`eKK5qHFfIdh5&mXeopF08kQd_?1%9MEy zcubeCz~fd|FcQZt{&QP54vCkZ#YxpL*A(?*Ja< z*;-=xC4t9!Cu5fHXU_qz&X(Kq?v(lLS({$H532{zcyiq8`3b4FF^^B#@{cENSPy*C zt8cgT>Y>*zZ3oh;Z?@^xsP~q4kD7XvOI^zGt4F<=UIYD-UwyHqx8;h4z^7d#MDC;J zG34)1y>G6ZGLK!h>3dEav$+zl<^(^=^BCe1mf7%8)Q9OuRQ^YXZTjKk43CJX~ed>yF@Y6VRwtebtuWD@!$2e&W?aUZy_-{SYsH+R}?7f5&7F57m?Ox^av5 zP{#6qs7Aw58$NhO!^0ZxV|dg&NO`n<$@jrZn_kyMdPhyo5u~dvzjbS-ObyC2y$N*J zLAH&Pmd-}-ZS(LpqFtC?@9+{94_B(pj!)oNSU8+@Y)u>13)m-^%)Pw1ov$j087lluC3Gy#{c*Qnd13Ikl z16M5F2hLmk2OwXk>W}()0PW9oO`XMGH)iqIwOIVMs8^@j!>2D!nYB|k{V?c#`XXMv zbI9UVjYEHG@5HMD9i|^@RJ^3cyC3njh!`l@l{qQl1cfYaxKZ7*&@fpA+?A8$U zBwejxxef2Ts^Lk7N6me#=e``D`-W}$VaWgKi+J3(UGY_}%1eN&UMN@Pdp7-WhWJO# zr+blBds!WyGM|P#Oh0xF*L&jlWLT@^dv62kU1|9e@7{z>*P$H*uh`<Z z{WJa835&M|A?vwjKtque=_*Ytox4w=+?5=^yHDEmW5+F>yHQ`#xqCmuqvq}!9JOUU zeCUzs&7i+Je$>Ryqx@M5k0qu|?3_(+nJ^{>nPbhC-lxhfy_JUmFSGb}PEDDW2W#JjC%52@+jIluBcD4V zH|uw24CTkIJU5q2nLAh5bQAdATw=`aCoTWm(-!~s7SK7F!@nJJG5zdu;vY2?M^L^c z2d_Xqm~Lva^eT*{^U1M%yibB(4)3V>1nD&8=zM~7kj6Cv;q!@d@GbY?Wj6gR^gy|9 zLwVNkHt3;kO%Ct2ahrYy^`yKQg0t)lP}WGLNDZVE6USe zZtc>r&hovLCRp(pz52 z^ii|y6w1eQ^p>5p>F38Ry`@)exuq9vSbAPV)RS~eQ4i9&sSD*|mQJK%%G?BgOt(Sa zNCm#_-fQvkXo8emEai}IZ26LXz}NO?`I2#)-hSPdFNrB$G1}YX1M-sIE_{xfMPo=` z$;q)OW7FFqcckK|S$GBMQ#ts;%Qn4z%JNx=@~qcF)zgA&Hof4YhNm?=tf98&f-2D2 zpQF2=(x$fq&iWS}C;m}WM7*vXUJ>z--ri{OqQd{EiPj)r+lBgwR@?M;=z;ViEfJ_bk0O*n1Rom|l1R_~;L$le%c(+b;nQ{!A}Ky|!Nhyd3EZ3O@~asZB3J{`S*H zP2?)l=M{cr3eT?F^diW!{RrUakUppIalp^m^rA+<#{oZv^jU>>13qQbi@E{t27Eu# zXB3_Ue4kCT9k(X|A4XdH>-I{(du@8rA;2pEZ$|o*mM;Mue3@Q!0`L;RYmh!^;a|7} zc$G~rI*&(jE&*PS^a+KZ2E5d!7hMJX^ig9Frj9H8$Q0hmXwxNSfFA+;9MZ=WJ`VU9 zn=YvWd>rs&NTdJr?+e|4AL%KDCjs1N(o^2p;T0LhzBWQo}VG#xz`^VTFc}L-3(j2_c7sB^nlM2vH;--(i*S zl-`5zGx#mVZ!LcJu&DD4>aXlrI5`)E`HPXW21F9t|jkY zRs@RhONfta9DIuZmBzuh_>VLWnTo%wamZVIPUFyL^xfqV(s==GVV<(_rD)gasEt1l znvpIWfA}nL{>a8-tk*xY@jLe;{)&y4T|wFRZ2WU)Q1*2jfAkXK|F?}NCJ?`@@e3$> zyN#Q1#3LF<)U3C03K*@j@nj27?y>QjYskOV#BTR4 z@qhHzCWjdOg7XZicJ}Tb>JBCR#S}kz-!m*9g5Nzfv*=)IM~Yuow|kszc8_x=8n!IE zPY!|-WE_;GA-%1ZH%3aB}RR7MIWkNG$ z+c6X(JGC>Zc>9zyfjb9N_yGJ2VSDqv7pSeOJX@!(J-uCMr`?@xohXThZtG6< z4#Z-jDp;zRF!!#meBHqhD>9Ul4Q6~ad3VILydvj z{j8dYHU+cd>uZBqwHqD`WNob8_)suw{X-kDYG41r`VFz%-}(*JHPst8Y%28q`Uk5Y zj9YAczaFPp?&I|z{=4!ze7hqj_0^thKC_%_Sez$&(Z_Y0RT4WQZK&S`h$o^&HpwZtqL>BgM<~Qe;#{r3< z4jh|NuKWPPh4^Lv+N`_s(!uZ6FK+=52ub6N4YNh?-TK~+*}q%AybIVXK;yX5 zxPWkx_d`_bSb;r*M#OJ1<`bMJjUm1Szb5?n$Au?<98zz>&*>A<;NNZK$e|MR{=)8- z;Lc4G-c8tycN4bY{kE-dZ8q(1Z8u%GSHin3?Rv+g8SyTSw^Ff;GYsB4naBN}5!};> zgMNI}K9j?{F`0BU@*kNOc3+A2&m5nO``+U$_aohXBGAq9(tAsM4@H`HYW;glnN=qD z9m!ef`u8sRP6xTKWbYsGzCOM&5BUSM_0FI7oSEUhEZi%~dwz;(|94O( zbhG=meCa8@lgT@-xWgvz(`Fp)6p?#WxJ&3iOT;^|7a?;Uo&yq{$1`Y4`L6tuFMuEA zm3I(;hdv)U9m9ROn3u-40u1k7x;t5w&@G;qpPrUGyI)&c96!lt*_Z5c_a4EM?^?9< zz6|&w!f*OR2L~;=*NwYh)lzqR*KCAkf_nAtmR10l_r`d4Pi*o7-l=U5Ji~V!ZF>T3 zdlLQP6#B(!^ouj-7iZBg&VkqY4ETTtp8-Gd0Q9DJ)z0Dm7~jb_hI;bO?>WBbkZHun z5H?AB;4T-^yjxg-_j=&H0p@nXkarrio8-HY2hjFNOa6A@b5{Evd7eYO7`Vr!|FA6L zVfI120@eb2+ENST<~MKHmsy7SyhkSatViPDqLWA;57;KtzHJ@{U(ypihGD!%H=E=3 z?)H*uwaw$G>qfOr#+_{Uf6u$m!pqw4amd+RzlmtS#j|~0Y2t7@CdUEe=4BDCabIPt`TduB+sOy_W-*_fdyh{Bf?5wzo zGE4v8EDo33C?{wOf zxp#gMSKj9ZJxCmI>w`bM{dRvq`|XAd-Qe#%`*lO~?Vi)5&AR8gKcf9cdLerpvNuC- z&D1a7XDvE~j#ZbXNITp0#*L_Zt}HNaM4xlx3Cg)=v2KL@-GFfe&nQ`+UuJ#Z^}KN; zaq!wn)QP$}iT-FtH|LKj$Unt=glEu3e4gB3F35h#u{T2>INy1(n{VrUID>JE^P{Yd zVJzYJl~x~JhVc;dzQ`u}0*&*%+q}om_8VbdaJ&RO1371`JA&&0e~pv9$DWLSgLmBP zo7ryLaMFq;UuVX!e%$6C*pw z7WW^&IN1N%a5t~_wsx4hdIywchoE`242fMf>wHMN{)b-j<$o&HT)*A74T;W_c1(b zmW+V+n8h!OO_?Rw@L+mL7kJ08J%F6HEgRc}&vfKnz)u4Xyye3RKLX%Bo90>d(j$NmBR!z-alm_RI&ul{alo6A z?p1g<;EgsNg}#<{173r4x5ATvSJ`wF^<0_+yc}uhfqzRY0WY;_>St*sGFPCU34|3I z0$LY@B^Q@`BPy zBED-Gb~-_`1^?)oW9fT{SA(tN+~vi+GduHHFTcf$*Lv|LFaAly?O%5Hn_jhTS8BMs zziY@8J}Qr*mkidxKOjtL%dN z{SU@so2u8xVzCX?_$Ri$y86MInpkY(hKB&*ANKnP_Y4f{hX04(?-yU%jDB?zM&b6A zWuLpPZ5U^)YAXoZ+M1te0cQT6+}~kt6vfLCF2Y`Y7G>`J{^%hfw}byxgy;o}8WEO) z2KtNq&11j6h={vTT;;F@@h@bue{=8m7Y(4R#X#c}O0X_d2rKc+{>{DLUpxWiH8>_< z-vy15%LrXPgwEXi{l&+CSPK3u2O5j35VC@78>y(xr|(?cia5fX(m+ihPG8o9AOAo@ ze(dh_cZ3!ATigJEw7HKk*IqpKH^;EQIgb6!eQ#|x6WHJ68iMn1?uBqadw*~quIr`j z+#dTMSlegcv%s|zVH3KxNN1wh^FwF zh`Jfp&AmGbb;BNAw0^3ufrMx7b{-d*)!B_F+pQ+$IkxU zSi|7p+7aG}qh$xz?#+3L`)QpcG`}gEC}O{M@CrphkcY#3hZ8G+13xto|0D0l)qD4PeYbkz&-N80K2si$vZZ=HtYfct>)hU6`)} zhv{e){3ZBBt|R<2g!^pBc{SGooc|V|&~lfiWd6%E=jqW)fY$(iT;Zny2R)`ER{%c^ zcsbI?6n+HoQk#wH1ndspYdQ<_g%Nbj(Q6NsCDKl62ZN zY}GKScnz4_k{)mbuTI0bhHDfrhABDmpdZ0g{ZOBh21xV*xLXHE2)Kl08kTBUqG7Ry zC@*-(|0MY!UqVDB`8sCrja~eO6 z_@KrwAb!}!A%cngg~p+W$d5D*-9;B^9QuylYu51E#ZM#dlK;kwkGf3L_QXp~ZSat7@M>*zm${5u%y<0^IL=%~ z=gwSwa0f2ekPf}$rd&S!V_T{#wbABe=g^$`W+%~wS1cs>_|~T66VJCj-rUl*qc_#j z$9r(O$#~B|cWMv|8czL#xiZ1_vIAJDz92$i4d4k$^<=dZRtrIJ+A4&Q)m|uq8;hu_ zHXVylrQK~9i*i--g>oZQVdb{DK`Weq4rQ~H=KyEHp%jK-aW~-)>ma+(!ODhz*?Ug~ z)>!9xbq2X6jd)(D0vEdKD9$H?8zSazXh490yhn5_%!D@CD3t(>(+E-Swi5{9S95=J zuZNZ$vt{^v4{3Y?emhSdcCI<@KP@|nGVpUZmn)4bgp6}N#E^fi7siTD!cX#^`|WV5 zMf8nJ@MFk7`g8t>%YB|(@hkB6i8BCH27!U~(5&}9Feg5h0jCEtvJT-{((w$=%JB|M zepl@j1`j!lz})-<=H_X@F~?u>ce*|rkU2HhI0D1BSwUwJ)=HI}%X5xwzxS}L5_e!0 zf##1{PI!4w*@w#iFyV@9j z2|lc0?+4ASyQzRo8OSE*R6=hh)`$b2vTU_^o?pUCGDd!mOBk}$d*N(P* zUpHynR;76GZ}E3kkN$lw*IqnZY{C1{5+a|ia~C}g)~9`K5bu|3*yWY@->@^xV}I4 z8qax0;T6L2xmV%n$ah-h4%^~A;1kz7EwWdE^i|xgN^Hr!!%lc}EsXYg6Eyg~%}c0z zg734#-L-Pm{qpEaa|QCf8Eki)X}Weh4w*|;{^OAG_&oI#e7`^UN^IMp4Zw4gw2|5& z>CcnyK;S;x5wt`08`PkAjC?%5b_8|C_oPd>UvMmI_xLt3?4cDpX~li4#ajO)a9W{P z`n6Wnm1pM8ueDM>+gBF1TEA9uGs^|~HuN2-Q9AT%%46Zzl}Af}M=NmX>sr9CRsEVP zBj4o#yg8%{eI0EnSmsgX!#e|hUC5^kdAyquEaU3WeU@OEcH}ksW#B&tkZy#(oZ&y! zANHbuwV;1>!^WCnV_l;-pC8?B+VRf)KSf!NAICf&FoHbUyUDCVKe!=&Zz0=1#P2O? z!QG+1RGoc5zqcUwT_N#%3p-Gc8|L>4`Fgjvbl*7`K|foe_um-DSd+b{`;WXo= zMSlq2+f2P-?{}5x0ygp?#{r>}8wZNM1Q})<2l)PSDPzZhqEXfhbvKa7e|LE~-;D~r z%lNPUjAQ5}ZGX`L(_!teZF&60j1xsqgYU<*e_M2j^3%t-{ab&}7x#RU7)$8u8sRHf zAY1`m@UEzfM-h){8&;scYakoHyWR|Zra7Nwx=YhMXQ&ABM0W`N3*Qfp&hcKtX!gB? z1!wkYY8SfezGF$sz?da|4iZ#6O0$;z@*MZl)rDAyQ?Tf?R z)`*uS5OOa9f02t=zMjL{wndVrID>tHM#KT<-I#^=EyCKh-A@C%Gd<;uYGsHck4Cpk! zWB9k|J-izuZPN<}n8puq;x9s4Lbwc;TT}zQq%F7b3hp0O+w>ynYaw_pf_%hZcvwRz zhjg(`FF32=0S$%zQL_MTv8>V3Ee72MT{g}0*J99JpmY`}{o*NGzF6~%D{Q*xl7^ES zDm*%F)6o$P6AbNrB3GXX?t4Xn&va=MY~dPk)>wSr3u3)^ULfHq4JR2M#q5>|eL zcWdxI5Yx*lQKkaFcExY7_|ai(k(65eWw^f+?bY;qC|3!&nvpJ1cnRQ*HXQ+}WhH>4 z9hMhcIPWja)p@Y8^o+H@oiIL=QZS3&2x!jIq`6_;%~0=~Sz#B-Qs z*AzYu_!*mypuKp1iSOW8c2(isfKS;p&v|%%iTYZ0Md3-nkM!cPNUYSYncfS-mD)xo|K2th}}Y7Ie0(y&_zW4ZGnNrSG0Wg3F6 zq)Rje$s*D%#{UfQCt;&8tDrlR)UZLrgocnu;IK~#A(w=ZOG3ycA>@*9jfOD|S7?a# z6*%OS5OPWgIVFUg5<)%+A(Di6rqkSs-(C3Kj^9fBK!f#=cX`}_5VWK(^X%$V_;G(T zhTqNj@!lI`kh3lBeSXaJB7M2@vB>|bXJQwj^KaWY$E?VIv2l)F(NY^P&LF7CjdP5P{=YWPajvLb>Fh_m#-5eQ{5Ch()U%RV{ta3F zu6p^(Zo^EkjWXxoE}R9a>4~Rv$8`npz&oq=Irvh{SLY;{e{vblbygyn%+6g!hcs6e zi8s$GD(W0nB-Wf&1d?Zg`8x2mCjpx@hGF)6l4oI%eLnX!UmUmP4R&!mTHta{WMmj21=1Mk*)gE ztrL(v1Bok9I$JJF36YsJg70V84jFh~vmN6HX$(=Gh4^Lv=04-x&T$2F+A%f>jU>XN zECEF3KI7cp05r6H`vruQqa7i~aJDN${;`gbZ+8>Ihm3jcJq-Wn5$9mWJpOU)=a0C2 z$5#x$0)N9T0BjBd<&1N5`U>`*OZKmN|4RN@K%{cwV5Dl|JCW*%A4Y1@7atkf8-0A_ zt<90dTiYWIlPe?f$?cK4IEZ3@27AzvWCoHvkTG~RJbIF8fnopOig?p3C z!@gfl(zM7Py{6+xcX)7|g|$5Ar4vZ|GQv)jOYWs z*stt`9)6(Tz~-6X50HN?X+9Oh-es@0`;BOywAVhLD$qXucPi07D=uiA`JFqz&iu~Z z7+|m=o~>rj|GES}YR<6!+~-f4=l)LX-i^9i%~29F+W9Jsz(^25C36 zL2*Ey;>5uvljIG%DUq<#REaF;>#(gley_>N#QwT>=ga&ynQ?aq(oeDPJ}-BwXK$yw zcy@Lp+v&hO+UcLXGacyZPMm*AUnzmD;~UH3TauE8Z$jFB(j?zbLmtmha8@b!N#Kjk zB9Hj&^Gvf{i8GsDA)Q9WZL~i9hWM2eo<8)u)^qulJJx7jC|`24)7Fi3^1peU>z~i= z6};6sJp0XKt4EyO$akh;%P)F#E8$z394vQ6^bGw!d=~Dk;Czs}w`W1m-|lde<{6x^ zh_0>vLg_SZRXSbybe?^S`QY7vdePR|X09Ei&EV7Ujli7$k#BwWzMOrB1N-9*^fOnz z_PVElpZR&d{ZQEx~#u_st4&xw9~uV*Y*?s$k$An%eQz>%lOEc%spYhGWP`C-}(EI zHx7fg%tyBU1a%Z!C0)u9&zSP0+4{ZNd2ah-l||}k@8GOOfU(M7Gc16uT~z(7adUC_j!4ox@t^1;W}kQ8!uy&xaNhk}BVN7rU2HSvnSu4u z@)KI`g@L**OdMQ(Nb6e45O!KEX{<+Bclg`e=!^H>yDelL^2A@wt&g%RH&`E&o<8m> zUgKQJJ!jJLoZbfN9|q$`wsOHx~|Z&bvoaekTm=Nd`Bhjjg^Pr8xtON zfwJx{E#?c$I3FT^;v~_>${>S5pD!M*HzlKx2k)IUZ}phsx3-#+w-!UbDBfGPSo%xgr@=>=lg_UFIh9vd_g9MTeRkZ_%`XhV~90 z?v0|2yHp=iNAN1n(u4fqSd(!{!PMIf7G!xtCOfH(R<#l*keiH8}59km(!tV7o|pZ&3nM@v*@^V z9y)IKXasbe=%D^)*Kz$93hTIj3uw25=(rs^Zb_Q@RUtY)VRc;3HG{K#jzQVB$mw_s z#wWQ8-9A&tTkauDb=>0VxKwrA;_2AwkbaK5O4)C5*R(6xZ?Ok7jW$EyyeaKy{?6B| z9Yaqim#s_3cV8#2oj1)4sR+<&oN$iE!WMjj4YK8yjiUv&s>G zw-=Uk@j0}?u(ko$AEZlP;A~CiGVtm8&fCPU0PPt%06n(`_vtykw(FeS(Yq@^Z-%T2 zAA?Lm|1<`jt{@!kI6jMiV%ea7a(=2w`-;66iaX7k=H1Qa0)1x;I+~Av;+=X&BhYsq zh5gOdcOF|soN)j2*aFa&y(#$X70wUAKQ+Ua8k1)8k3#y+N!xce|0Q(>-PJKfT|)ZK z=C7lFhz@4Uci>iO(Q7 z8UYl4COdyR1>2K34B9b!ZV)nmV%btFQ{=k#jRpM%z8hfi(bdPeq|tFYgo z?+ZqK#{zcb^K8hsquNc%!`Xa8(B>7s4{`_XXdmQqcC>$%agJq!cI3{e$JLJFkh`vc z9qpT^9o2a>0(SJ^)2PQBb`;-AobYiiz819Ib5Fj{t%DuKlP112#E#BbJ9_A+)FE^= z%eeLs`~%L~^!>v5^X`XkCQR)p?zM-rqqt{BPKTZyVGd$_58KPx(SF#G%uQfNbp`Bb zJYYv`N5@mnf^+`u!JjA(XGb&M_YZgy<>R!!q}jyz756Xrj4ta$n4T|hig+;UjIe|) zSMwte#y&-u*mTm=aQ@(EHYiN)3?z-n=U_DoE7tmnPDib7NKeLk@(Zr-Jo>~TZb<I9sXjQ z&%ONzzAO27kOB0sY24YllTGiym;<$|Enmod4Yoch`wVjC^uRCX(0wdQ!QFE0c>V93)_3+uKJN(0^Xv5)qybt_%Zhb`Md0h4BH$oqJ*FVY0|lvPiNhqBcE&E939}nX6OeG&^M2g z56eR4N501MCW&8vZ{i&CfBE~7ZPWkJJwr_$ zG=}(X*f-BIvo=e4X*Z!ZE4;1GHjJ}wwC$v+`jQ8edH|;5K-G&L>;me|=W4qVcC+j} z#?I_JB*g!%#CVn4rz!_+Jg=S|L*3d7Ykcq^tR7=C;8xBD7W3>G<>P$chT21%c-sEd zMV21s8x=kcJ5EneAuk@U$9^HkLeNUis7LrXm8}PSsQs?i>)?fW(tL*gFDFB8oy+>k zw+3{MFb*BiPFX+7k;$*$I+;HJ&N^8b>OZ>K>Wp%VAHrR;q`Cht(S!Y_$B5dr)E_*m zCZRKxiG7Cocz=rU&IoP5)dx^VSvgck)O{L$p5N~IAUa9}#+&nyWi$BWexjU7bb;>q zO!Ss^%V+UK4ymK82-+k5Tpc%J(ZbhX0z+6}TtuxCq=UAS`!}QyI-gfM2SDcl=%{?=e1Oh*D^Jy%pfhRd-2VlZRXR5-ok`G{ z1f6!3=TLyoA*HhgboMKq+j4ZSyLVXZ2c7+()2ehX1n6kry#E)VgYjGH_4^*3QI%%` zbS6NDzKr@g9H4X9%5(p>Kxd!QdBUSpt915(&OXqgA0nNL0XphO?(YGeai#O0a&&(6 zQ>8NwI^&?zqI8Y~=p0dbR)Nl#()o%<=bK7r40OgohklmwyceMJo~84d?}JVTbjoqo zXSPlMsz=LbP(Fk5Ni9DWC_km;zl!qc-`Vo6f2L8M@3Lw@dHTXG{mx6fhOHX5XxOZw z`yNcArjr^rXxOX$xL4%jn7( z88dSBaX0o?Wd4?|AMFEe`?RNzCY2*HiyY3EIyo?pUCr~Epd5!)j>dd_+|BiM<4k?5 z`EyT>Mk~iZ?U_Xm=Zl>jEs&!lM2?FpM@zmOtG@@_mYH(gbC)MaiQcvhx6r5 zj^?CU#r0oMA4gOUIX}p?%j&0r%lUbrUDk;ISNmvIImC|_ki(4yP7chqRy`LY$9pP= z%>Qz7tm6DW8IXf#&h$k|>~~@u`Pq+WX%9D+IR3bY7WH~Tqtqet zLR+aIH)spgZF;s@sYVU*GV!z z&0C|*b8REW zm(v~c=DXf}muo4^KfAHs?8Q4O2T;!e@EXWpGk)r4x+dw2inv6kCN(2EQ4h9~A#++kd5N{{-@7zN>3|rW?`;e8&=V z9n_=3l}nnH-%~%+j=XlzrCo9kdI&l>47+XM`TDl$>oT^nuAq5{?wowakTBt*W4N9*9xDB2i!&crutUd{JWgj+~wJo{# zkM^ne_h0UMll6DHd*kc4`!Blt)gP-~e15~=9n=M7a5SAh8i^O84S*UcDVpXUi3?-oTT2YMzgT{btXA0=8WL2WG(=m!jVY+BDwZc*L$T zRtj#m>^d2+Ybl54^M0*mf_8lXc6|tTowRN9 z%iBZR=3VlKOfn}0zS{S%Mip23IQ5r+Z+5zZ+~-h+wp;=mnB+JMK8NwX$0O)Ji&<97 zG)aA}?bc}B{bxGYfd2vHH^{fd5Auv%^g|qZCR6R0_Rjjv*WPEed%)gtW+h`V>6Uihc9D4a&kHQFL8Q+ZaGSh_CC~A^I*7gGd?oqj+e=ms z+n=X7_vYM{e(NLJ%WXdj*h`i5(^-3|3b&U}?E2vL@`>+jnK|s`>d%O0 zOZhkFXD|Qw=X2Z3Ro5ryV=uA)f7r{dQvaFu^3(6l!(O~P+(3K5Iz!hMO}aihjrGwP ztS!!>UC)R=#~dZQ7PN8hFUL_YtZ~Ym?YF}gh{yTjIO6mX?p%?1ioe{|z173#x|Y5$ z4FBt@s}>KRbAy%w_`4OKa{?z%8gY(WVf3F+eD(*2&-o?iK4JK`W!o-?-wS;9{Sf?R zKT>?o;T-)D#JTPW!~bK&=e)z=4 z$UgZjat{Nq5qS56)0VqrY=^U2C-$q;n1`Q5Ua{uUwk2^IdY6pgy;j9C3FFbR3|q`}YRe z)+3Oc&p`4%$q4MX3jESqH};fh?qHlHb^Bx!LL;PdR$9}29Kd$Kt!c~63 zLEPPqa&-89AUqdgun+T}WiQY5Tg**^?>@pByJ&*`LFH3@TE5Vo@W7d<@I_kWQ2s{e zx}-s$#yY!uNlq5tOBxp#_LUjdu8x#Rx*qll8DXd8VyB_c;@-4{HaolgxEr67e;Bky ze}4O+?a15dRrY%293j8`AoB;UceGjQI{OlP@%W_)r>z&@Cvrir#3O&|hBnJ_Ff+Q^ z>P+%qHzV$j7W~mFuP>ut$(lpj4s9UMeq)_v^{i>=sLtA)p|5rAqtAtljn_bK`ViiK zDGjsnx!XeaA)PI;-J$cm^L3{E^YxLOuB5J^x*FZ=zPV9$R?idI2i%=G?GLu?po?qh zHx-^vq}|mX;*=@JQ|vpGC-KzI*#}6&wQ-QfY;Ejl2o7jeVc&-BWc?C#ZFuH^eLA!c z>|FL`X7!Ep*k?oA9m02z7HE5M{&L{{j9I+pZLA#;Z#HEQ*R|nAZ1uRCm$;=Ia+z$} z+)|!iT=b1+GQ}~7R*By@euwcpiQfhMuEDjI<5!JeBYvD?Ou}ZkXV)ZjqRUDVr$3#9 zu4z*ZfYTpOhV=!NQ|gX#oDa#KB>ZD3<_7Ewq+dz;crNTGil5jvJ$*=F=PhiZ>`jw5 zU}Fk9q_FRKdV;H8}(arAu?UM7}{oDKXEN;@;pY$EXr+?`6 zop#LQE<5_(`0x?sC@uEnaA$%+IsEqyQ4ZRe*br=U1opu;k~?C#^WdUQu$6Myexp4D zS&-6pVhQo!@tNFZagE{y+BK2fE7Zx)(h6>fZ%~5g?E-GF(8|!WM8P1im;jzF^^8*Gi(; zaw0nIcO394UYC7^-N=KPu7pF9%KB=#C4SA2Ql9s0QEoB~kL;C1E z+MzA&&^JmSZRsn`BMC9{`<=bd{l5EgudcAc=~{2@LY%YD-e;eE_WA$k+lOm`#xH&y z`~PkXuy`*P;5k!3TEwh3DHMrA@?}+nGBv$Yrl>< zfpymB@Q3`UoYjo0ZNi2VPU$^;tY^8m-!8v$T9cENEZBH z4t#qKd@={VItRXFc6`x|9QaE)@Mm)1kLSQ2&4KUCfp5%#kLAFZ&WELNWD?? zi6ec{L$5?(pZ-wq8_|y5-b20S#e;48x;vtMhoXl&4z@?1+uahSF?kRjKHTF57ZFGj} zW1DK&1^VL269P7I@}|jp`w)_!#^(LwyFdNh?w4LjWj#yYl?-X@#NX5S+l9Xd{O!iy zGx+mlwtPR@d+10{ba(&$&bEWEc0`}=_?aUehxq-~Z@|r&q=vn}6WH?k#=%6Mwb!z=2PG zd-v5ZfAjPEKKF%xccXFF_rCG?-@Ufr_MU%pqwwGU-QUMw`_ao^`ITS$*S}J^c;LC! z|M}UfS3Y^|Kff^K(sk~Kn*P<#Jo#-iaQfZ-zgIB+XUT09FaF2>wQKoP6F;u}KllDz z$7k1F{?*_3rHXz3^r`5VpZ}eA{$xW@&oBMbfme&Se*CA-jOYJjUw7pHC|@&BJNmh2 zHf{S4ANhaYdA+*)f&U@zmmm4LuU{+r`v3gRKm6?VLygaW=Pw@n_uv0&OIi8$uRc5Q zw_p9~zghOj50{Vsu%KjF?=Qam^Hcw-)8*Tk&(z`bLaxOybNLMH%vZ7~>F>rTb$i7B zxe8-GSB1Y4B7c&Q=ag@&n%*!0++n z;kV^5X+BYcx`wx}_xWI{{0w*-z2^WrhQ=X^Ji@W27 z(CtvUc1%e4lNTlYNyy3cpX^q*LGdMYCrv%_@9Jy)*(pW(Sgqps4|RV!R7?v@#KH6L3}C_JKWtGY4ayG7I6 zqH@$)xs9oXo|$ef^uT=84yfCtZdCEb0@vJ77x^N6&A8xejw;-(F66fO62ZrA2^_ns zF61UYHcb4aiS>KsNBza1XO?Fzgydz2pevGF2wC(Y)Q(DSIL_svrR(`CF(NQe2` zgnTmICZuEGPKDzNS1XMCl5XR53E!ylZoH)7;KTSEk10H=F7$1~n-xx~Tdv{73L9~& zFGzUxIfYNFJFMYa4%Iyx4t-Kj)sWZKbLy$OE?rO6RYLz*gStqc`FRxSSr_r?Zh(HQ ztMYF^Jj!2nM#8H`)I~XvuFCS8G>=?{eoI8(>-(n6BbNl;3Vo~x?ISIupEM7jH|Ax1 zqmXnDPYb*iG^BetDSRJReXO4mc)iNG{FO_uyuRE*m33U;VeAiVHo;2$acaPSuwP&Wxx>A9+U&Oow zx>^^JcxzSuwU-25)2wb>-3oP$xY4WXo>I3&+|@VKy+C);te%G6be!eenXAtU{4(-y zAlqtO-2)@?cLwC|V2zg%Cag^yi*d*}F$Pd$bFroBOb@RntaYfy@ zx~j+Wn}jD#`E~HowJEroc2wOuahKgvSJPc)<4u}n zr@;53r>A8n1%4TL%D+tcE*sSN?dm4PEge@^(=BZwJZVa)hYKFxQs|lR%cq5JX}!j) zP#3|}>(a{-fALMwpY-A{z9I0-NRM(Y?i0F_8H8&+rk+Z!3jA`v(3MzuC(R=2v)kjh zi24NlaLKx;SC92ctPC>b%)jMR#)RM z)c6Y{5?*{o-LvYRPYk)KY3A=idKl;I59KnyMc|hq2g`5XaiO2r zr*6Brkz4AjToH@M+r=@&FZTFFss(-tdM3Z3QHfX7uWqxtNp%sQ`6wzDx9}?6NmDpz z%uBxdUpOG}OJ{^{!L-m7^dS6{mwrLFz%LyWx_p&4KOyvai1*T%N1u02;FrLk^5!*& z9C;CO!xz*&uCC1w-t?_PJe}{eeupaseyLOVgdhj=6|(8V)qIA4W;oCKtb0=3>-kuS8U+SDPdFKT#fF57!1pXA@(~3_5KP9l$OA`1oz^b2@urA3P5x4;E zOIVlW^#RuQ{89w?Zh;FXfR6x=bUvr^%$6D88wD>pq6Ris|7B&0{k@a zrGQU}d@U2e7Ykf)3-}4>@dn`IiXVm^uL)d;vS=9w{vzOGithyeyugJ>x1|&KQ-H@6 zp9FqN;KC;0lfaJw*79zt0)9l`!fxQJfbRpW{ZvZ?c!U!!90ooDd^6w?;s5Cw;2Q-l zJYmeIXMnE*JgoR>;Hw2LJPZ6Z@TGu{Dt-d^Vu1@U13!Vck#7Ljdi3dGyp4QK;KG~0 z4+DP@@PNke1pd6hMd17CPT)@g)^+WtlfX|2%(uWlodkXiaG%Dn0)9l`qDJ7WfbRp` zqxcB$-2xY(9)CIld^2G5$NYV226)6HTy&H$@O6MY6+aDpwZKKkfu9Dx6mYxZCx9;& zxabV<6O+c=0Nkqh;VEOT30!mu_+j8L0^XzePTID82;1krLpO zz>fiLR(utZBLcIZ`cxJ0eSn)39|68w;7Ahq2=L8-8wLO34DgKtN7}K&I0Jkg;H2WG zfv*-gG6?)M@TGto6h8rcvA~gIz@v?s3h5(k-;)3gx!GrsE{|@$!th!+g6k$4Ze4_1 zw;yXh)OqH|x;^T4tBdlq;gH+9t?KSkw?$p#*W$s;x{c~W9~N#<7cyA5UfsC5(1#6= zsavgXmAaMcM%6|BEq%GV(3gcv)P)`_jC@-c`miptYF$p~AH&}|{H?^_Cj237gWYJe z5r0wqfw$qC(U0P9J^nW1Z#Di_;I9^ckKhk-nyvWTfIq$^xfXwr)oj5ZWM?_q_o!FF zMIOx>{QU&e4&9cwpdp0`*UMYbd?PgcoP=`^GyFeF_-CQZ@GnU?vlRZ1;^%&5UYWcd z&ArUL-RehP^ZL|}yyyL^2MU=E-~P<|J&C*F3jBX2{zoU^|0nT3b{+>J={Gr93-+ayI|4q*yO8ET0;q&{_ z4gItiZtCEdU+T?hy!^Y@9qf3oC?Cf8UDu(5`YJcx$?kY%Zf|hAgS5`RLkEv+sWp2) z*06Q2d&PR!$M^2_geDUXac-_;Cyag16=SZj={CUIWD>1FfS?wZ4^9O;gSbk>VoCs zbi#Z=w&E+|J^+X7&9pbn8OT2>cM<;ZT2r=P@o`{Eg4o}~w;W?@ZeP%E(31FmqY>Yr zHNn0`Gw$c{+pR`>{~34rIC*k+@_27=aE&p)c8uD@-dAR|*1~=bYWp3g9b%XcU^I=o{ zq|L)S=6cfP!^UzbAMaS;E@%FCc`r5o1rz6+kg!u!O8W!&hT=~dhvB^Qi12)b{SEYU zlVP}rdV}9dAndycyQO)p#5+GO-{tfx?JcGKHHELy9um^tN*L}!=G*Bwm0!O-2T#|d zn%`mMcLezzMSjPS-*M#k*jqcy@wYx_PT;QQaQq#6S9TQNHI3n&pz$H#hkzdf9(SO> z1zYxUz#}ZHp?xMF_dFx+{jX8H|CLdudsYVF-}cHN{6~Q@D3LM17c9Eh&TWS2E@|a~a%WQx#=!6lE}sG8jP_jG_$i?gGA9kTT%6b4O7I!zhCh z=zJ7qFyB zdO8lY*KEV+mkuWm^>iFOe7JKHCP$2EhsIKP_{ZNl{3Q|2F_3>6&b>$*j=rw%T8D4)FZ8qV=KQ+O-l^y6<7e-rpSi@!@|4!=p0kG+S&>+f3H z{0mbiAMpr>qu67(fWKoHqp?4qKc?IZ%Tc*s{&q4;4SM+Bza1;fDi z0WMd3C-B_@hfV_D34Al)QpG2MZxlFm9{42ib%0A0Uj=-%z@Zu7tAH;BT&(yA@Wld$ zk^chdkn%9EW>{U6r-dPZ9>XD@g?rTPR<~90(1XRds0(>5oK!sOgN4D%x+o9p#uQ(z zaFx21>Y{$w^dY~cN4Z%S@>>_8Ieb2Nv&~o+c