From 3571e5304050aba8c8eab50a86c6c0a073e4710b Mon Sep 17 00:00:00 2001 From: "Bjoern A. Zeeb" Date: Wed, 15 Aug 2012 06:19:40 +0000 Subject: [PATCH] Import FreeBSD Security Advisories and Errata Notices, as well as their patches for easier mirroring, to eliminate a special copy, to make www.freebsd.org/security a full copy of security.freebsd.org and be eventually be the same. For now files are just sitting there. The symlinks are missing. Discussed on: www (repository location) Discussed with: simon (so) --- .../CERT-CA-98-13-tcp-denial-of-service.asc | 254 + .../advisories/FreeBSD-EN-04:01.twe.asc | 84 + .../advisories/FreeBSD-EN-05:01.nfs.asc | 84 + .../advisories/FreeBSD-EN-05:02.sk.asc | 85 + .../advisories/FreeBSD-EN-05:03.ipi.asc | 89 + .../advisories/FreeBSD-EN-05:04.nfs.asc | 82 + .../advisories/FreeBSD-EN-06:01.jail.asc | 90 + .../advisories/FreeBSD-EN-06:02.net.asc | 112 + .../advisories/FreeBSD-EN-07:01.nfs.asc | 119 + .../advisories/FreeBSD-EN-07:02.net.asc | 110 + .../advisories/FreeBSD-EN-07:03.rc.d_jail.asc | 104 + .../advisories/FreeBSD-EN-07:04.zoneinfo.asc | 136 + .../FreeBSD-EN-07:05.freebsd-update.asc | 145 + .../FreeBSD-EN-08:01.libpthread.asc | 99 + .../advisories/FreeBSD-EN-08:02.tcp.asc | 111 + .../advisories/FreeBSD-EN-09:01.kenv.asc | 113 + .../advisories/FreeBSD-EN-09:02.bce.asc | 113 + .../advisories/FreeBSD-EN-09:03.fxp.asc | 117 + .../advisories/FreeBSD-EN-09:04.fork.asc | 109 + .../advisories/FreeBSD-EN-09:05.null.asc | 185 + .../advisories/FreeBSD-EN-10:01.freebsd.asc | 156 + .../advisories/FreeBSD-EN-10:02.sched_ule.asc | 157 + .../FreeBSD-EN-12:01.freebsd-update.asc | 143 + .../FreeBSD-EN-12:02.ipv6refcount.asc | 161 + .../advisories/FreeBSD-SA-00:01.make.asc | 243 + .../advisories/FreeBSD-SA-00:02.procfs.asc | 183 + .../advisories/FreeBSD-SA-00:03.asmon.asc | 87 + .../advisories/FreeBSD-SA-00:04.delegate.asc | 92 + .../advisories/FreeBSD-SA-00:05.mysql.asc | 92 + .../advisories/FreeBSD-SA-00:06.htdig.asc | 90 + .../advisories/FreeBSD-SA-00:07.mh.asc | 113 + .../advisories/FreeBSD-SA-00:08.lynx.asc | 111 + .../advisories/FreeBSD-SA-00:09.mtr.asc | 85 + .../FreeBSD-SA-00:10.orville-write.asc | 90 + .../advisories/FreeBSD-SA-00:11.ircii.asc | 93 + .../advisories/FreeBSD-SA-00:12.healthd.asc | 85 + .../FreeBSD-SA-00:13.generic-nqs.asc | 90 + .../advisories/FreeBSD-SA-00:14.imap-uw.asc | 105 + .../advisories/FreeBSD-SA-00:15.imap-uw.asc | 87 + .../advisories/FreeBSD-SA-00:16.golddig.asc | 94 + .../FreeBSD-SA-00:17.libmytinfo.asc | 157 + .../FreeBSD-SA-00:18.gnapster.knapster.asc | 111 + .../advisories/FreeBSD-SA-00:19.semconfig.asc | 373 + .../advisories/FreeBSD-SA-00:20.krb5.asc | 98 + .../advisories/FreeBSD-SA-00:21.ssh.asc | 109 + .../advisories/FreeBSD-SA-00:22.apsfilter.asc | 89 + .../FreeBSD-SA-00:23.ip-options.asc | 172 + .../advisories/FreeBSD-SA-00:24.libedit.asc | 142 + .../FreeBSD-SA-00:25.alpha-random.asc | 134 + .../advisories/FreeBSD-SA-00:26.popper.asc | 105 + .../advisories/FreeBSD-SA-00:27.XFree86-4.asc | 110 + .../advisories/FreeBSD-SA-00:28.majordomo.asc | 76 + .../advisories/FreeBSD-SA-00:29.wu-ftpd.asc | 99 + .../advisories/FreeBSD-SA-00:30.openssh.asc | 141 + .../advisories/FreeBSD-SA-00:31.canna.asc | 116 + .../advisories/FreeBSD-SA-00:32.bitchx.asc | 93 + .../FreeBSD-SA-00:33.kerberosIV.asc | 153 + .../advisories/FreeBSD-SA-00:34.dhclient.asc | 125 + .../advisories/FreeBSD-SA-00:35.proftpd.asc | 99 + .../advisories/FreeBSD-SA-00:36.ntop.asc | 145 + .../advisories/FreeBSD-SA-00:37.cvsweb.asc | 106 + .../advisories/FreeBSD-SA-00:38.zope.asc | 96 + .../advisories/FreeBSD-SA-00:39.netscape.asc | 117 + .../advisories/FreeBSD-SA-00:40.mopd.asc | 98 + .../advisories/FreeBSD-SA-00:41.elf.asc | 148 + .../advisories/FreeBSD-SA-00:42.linux.asc | 194 + .../advisories/FreeBSD-SA-00:43.brouted.asc | 98 + .../advisories/FreeBSD-SA-00:44.xlock.asc | 103 + .../advisories/FreeBSD-SA-00:45.esound.asc | 99 + .../advisories/FreeBSD-SA-00:46.screen.asc | 99 + .../advisories/FreeBSD-SA-00:47.pine.asc | 107 + .../advisories/FreeBSD-SA-00:48.xchat.asc | 94 + .../advisories/FreeBSD-SA-00:49.eject.asc | 94 + .../FreeBSD-SA-00:50.listmanager.asc | 96 + .../advisories/FreeBSD-SA-00:51.mailman.asc | 90 + .../advisories/FreeBSD-SA-00:52.tcp-iss.asc | 258 + .../advisories/FreeBSD-SA-00:53.catopen.asc | 297 + .../advisories/FreeBSD-SA-00:54.fingerd.asc | 142 + .../advisories/FreeBSD-SA-00:55.xpdf.asc | 96 + .../advisories/FreeBSD-SA-00:56.lprng.asc | 94 + .../advisories/FreeBSD-SA-00:57.muh.asc | 97 + .../advisories/FreeBSD-SA-00:58.chpass.asc | 111 + .../advisories/FreeBSD-SA-00:59.pine.asc | 105 + .../advisories/FreeBSD-SA-00:60.boa.asc | 101 + .../advisories/FreeBSD-SA-00:61.tcpdump.asc | 112 + .../advisories/FreeBSD-SA-00:62.top.asc | 154 + .../FreeBSD-SA-00:63.getnameinfo.asc | 124 + .../advisories/FreeBSD-SA-00:64.global.asc | 106 + .../advisories/FreeBSD-SA-00:65.xfce.asc | 94 + .../advisories/FreeBSD-SA-00:66.netscape.asc | 97 + .../advisories/FreeBSD-SA-00:67.gnupg.asc | 92 + .../advisories/FreeBSD-SA-00:68.ncurses.asc | 214 + .../advisories/FreeBSD-SA-00:69.telnetd.asc | 231 + .../advisories/FreeBSD-SA-00:70.ppp-nat.asc | 129 + .../advisories/FreeBSD-SA-00:71.mgetty.asc | 100 + .../advisories/FreeBSD-SA-00:72.curl.asc | 91 + .../advisories/FreeBSD-SA-00:73.thttpd.asc | 95 + .../advisories/FreeBSD-SA-00:74.gaim.asc | 94 + .../advisories/FreeBSD-SA-00:75.php.asc | 112 + .../advisories/FreeBSD-SA-00:76.tcsh-csh.asc | 150 + .../advisories/FreeBSD-SA-00:77.procfs.asc | 194 + .../advisories/FreeBSD-SA-00:78.bitchx.asc | 115 + .../advisories/FreeBSD-SA-00:79.oops.asc | 93 + .../FreeBSD-SA-00:80.halflifeserver.asc | 84 + .../advisories/FreeBSD-SA-00:81.ethereal.asc | 92 + .../advisories/FreeBSD-SA-01:01.openssh.asc | 129 + .../advisories/FreeBSD-SA-01:02.syslog-ng.asc | 96 + .../advisories/FreeBSD-SA-01:03.bash1.asc | 108 + .../advisories/FreeBSD-SA-01:04.joe.asc | 97 + .../advisories/FreeBSD-SA-01:05.stunnel.asc | 96 + .../advisories/FreeBSD-SA-01:06.zope.asc | 92 + .../advisories/FreeBSD-SA-01:07.xfree86.asc | 150 + .../advisories/FreeBSD-SA-01:08.ipfw.asc | 133 + .../advisories/FreeBSD-SA-01:09.crontab.asc | 96 + .../advisories/FreeBSD-SA-01:10.bind.asc | 104 + .../advisories/FreeBSD-SA-01:11.inetd.asc | 104 + .../advisories/FreeBSD-SA-01:12.periodic.asc | 85 + .../advisories/FreeBSD-SA-01:13.sort.asc | 93 + .../advisories/FreeBSD-SA-01:14.micq.asc | 97 + .../advisories/FreeBSD-SA-01:15.tinyproxy.asc | 95 + .../advisories/FreeBSD-SA-01:16.mysql.asc | 110 + .../advisories/FreeBSD-SA-01:17.exmh.asc | 96 + .../advisories/FreeBSD-SA-01:18.bind.asc | 252 + .../advisories/FreeBSD-SA-01:19.ja-klock.asc | 70 + .../advisories/FreeBSD-SA-01:20.mars_nwe.asc | 98 + .../advisories/FreeBSD-SA-01:21.ja-elvis.asc | 112 + .../advisories/FreeBSD-SA-01:22.dc20ctrl.asc | 100 + .../advisories/FreeBSD-SA-01:23.icecast.asc | 101 + .../advisories/FreeBSD-SA-01:24.ssh.asc | 260 + .../FreeBSD-SA-01:25.kerberosIV.asc | 130 + .../advisories/FreeBSD-SA-01:26.interbase.asc | 85 + .../advisories/FreeBSD-SA-01:27.cfengine.asc | 99 + .../advisories/FreeBSD-SA-01:28.timed.asc | 92 + .../advisories/FreeBSD-SA-01:29.rwhod.asc | 88 + .../FreeBSD-SA-01:30.ufs-ext2fs.asc | 90 + .../advisories/FreeBSD-SA-01:31.ntpd.asc | 160 + .../advisories/FreeBSD-SA-01:32.ipfilter.asc | 108 + .../advisories/FreeBSD-SA-01:33.ftpd-glob.asc | 112 + .../advisories/FreeBSD-SA-01:34.hylafax.asc | 96 + .../advisories/FreeBSD-SA-01:35.licq.asc | 100 + .../advisories/FreeBSD-SA-01:36.samba.asc | 106 + .../advisories/FreeBSD-SA-01:37.slrn.asc | 96 + .../advisories/FreeBSD-SA-01:38.sudo.asc | 95 + .../advisories/FreeBSD-SA-01:39.tcp-isn.asc | 236 + .../advisories/FreeBSD-SA-01:40.fts.asc | 171 + .../advisories/FreeBSD-SA-01:41.hanterm.asc | 105 + .../advisories/FreeBSD-SA-01:42.signal.asc | 130 + .../advisories/FreeBSD-SA-01:43.fetchmail.asc | 94 + .../advisories/FreeBSD-SA-01:44.gnupg.asc | 94 + .../advisories/FreeBSD-SA-01:45.samba.asc | 111 + .../advisories/FreeBSD-SA-01:46.w3m.asc | 95 + .../advisories/FreeBSD-SA-01:47.xinetd.asc | 101 + .../advisories/FreeBSD-SA-01:48.tcpdump.asc | 130 + .../advisories/FreeBSD-SA-01:49.telnetd.asc | 263 + .../FreeBSD-SA-01:50.windowmaker.asc | 100 + .../advisories/FreeBSD-SA-01:51.openssl.asc | 150 + .../advisories/FreeBSD-SA-01:52.fragment.asc | 177 + .../advisories/FreeBSD-SA-01:53.ipfw.asc | 155 + .../FreeBSD-SA-01:54.ports-telnetd.asc | 142 + .../advisories/FreeBSD-SA-01:55.procfs.asc | 192 + .../FreeBSD-SA-01:56.tcp_wrappers.asc | 135 + .../advisories/FreeBSD-SA-01:57.sendmail.asc | 163 + .../advisories/FreeBSD-SA-01:58.lpd.asc | 157 + .../advisories/FreeBSD-SA-01:59.rmuser.asc | 131 + .../advisories/FreeBSD-SA-01:60.procmail.asc | 106 + .../advisories/FreeBSD-SA-01:61.squid.asc | 109 + .../advisories/FreeBSD-SA-01:62.uucp.asc | 160 + .../advisories/FreeBSD-SA-01:63.openssh.asc | 271 + .../advisories/FreeBSD-SA-01:64.wu-ftpd.asc | 111 + .../advisories/FreeBSD-SA-01:65.libgtop.asc | 124 + .../advisories/FreeBSD-SA-01:66.thttpd.asc | 92 + .../advisories/FreeBSD-SA-01:67.htdig.asc | 110 + .../advisories/FreeBSD-SA-01:68.xsane.asc | 106 + .../advisories/FreeBSD-SA-02:01.pkg_add.asc | 108 + .../advisories/FreeBSD-SA-02:02.pw.asc | 97 + .../FreeBSD-SA-02:03.mod_auth_pgsql.asc | 104 + .../advisories/FreeBSD-SA-02:04.mutt.asc | 116 + .../advisories/FreeBSD-SA-02:05.pine.asc | 127 + .../advisories/FreeBSD-SA-02:06.sudo.asc | 103 + .../advisories/FreeBSD-SA-02:07.k5su.asc | 186 + .../advisories/FreeBSD-SA-02:08.exec.asc | 196 + .../advisories/FreeBSD-SA-02:09.fstatfs.asc | 127 + .../advisories/FreeBSD-SA-02:10.rsync.asc | 104 + .../advisories/FreeBSD-SA-02:11.snmp.asc | 128 + .../advisories/FreeBSD-SA-02:12.squid.asc | 145 + .../advisories/FreeBSD-SA-02:13.openssh.asc | 213 + .../advisories/FreeBSD-SA-02:14.pam-pgsql.asc | 103 + .../FreeBSD-SA-02:15.cyrus-sasl.asc | 112 + .../advisories/FreeBSD-SA-02:16.netscape.asc | 141 + .../FreeBSD-SA-02:17.mod_frontpage.asc | 99 + .../advisories/FreeBSD-SA-02:18.zlib.asc | 171 + .../advisories/FreeBSD-SA-02:19.squid.asc | 105 + .../advisories/FreeBSD-SA-02:20.syncache.asc | 111 + .../advisories/FreeBSD-SA-02:21.tcpip.asc | 104 + .../advisories/FreeBSD-SA-02:22.mmap.asc | 87 + .../advisories/FreeBSD-SA-02:23.stdio.asc | 168 + .../advisories/FreeBSD-SA-02:24.k5su.asc | 99 + .../advisories/FreeBSD-SA-02:25.bzip2.asc | 294 + .../advisories/FreeBSD-SA-02:26.accept.asc | 126 + .../advisories/FreeBSD-SA-02:27.rc.asc | 107 + .../advisories/FreeBSD-SA-02:28.resolv.asc | 126 + .../advisories/FreeBSD-SA-02:29.tcpdump.asc | 96 + .../advisories/FreeBSD-SA-02:30.ktrace.asc | 98 + .../advisories/FreeBSD-SA-02:31.openssh.asc | 79 + .../advisories/FreeBSD-SA-02:32.pppd.asc | 109 + .../advisories/FreeBSD-SA-02:33.openssl.asc | 2018 + .../advisories/FreeBSD-SA-02:34.rpc.asc | 136 + .../advisories/FreeBSD-SA-02:35.ffs.asc | 137 + .../advisories/FreeBSD-SA-02:36.nfs.asc | 101 + .../advisories/FreeBSD-SA-02:37.kqueue.asc | 93 + .../FreeBSD-SA-02:38.signed-error.asc | 105 + .../advisories/FreeBSD-SA-02:39.libkvm.asc | 123 + .../advisories/FreeBSD-SA-02:40.kadmind.asc | 191 + .../advisories/FreeBSD-SA-02:41.smrsh.asc | 129 + .../advisories/FreeBSD-SA-02:42.resolv.asc | 123 + .../advisories/FreeBSD-SA-02:43.bind.asc | 218 + .../advisories/FreeBSD-SA-02:44.filedesc.asc | 107 + .../advisories/FreeBSD-SA-03:01.cvs.asc | 110 + .../advisories/FreeBSD-SA-03:02.openssl.asc | 1602 + .../FreeBSD-SA-03:03.syncookies.asc | 120 + .../advisories/FreeBSD-SA-03:04.sendmail.asc | 254 + .../advisories/FreeBSD-SA-03:05.xdr.asc | 139 + .../advisories/FreeBSD-SA-03:06.openssl.asc | 160 + .../advisories/FreeBSD-SA-03:07.sendmail.asc | 256 + .../advisories/FreeBSD-SA-03:08.realpath.asc | 336 + .../advisories/FreeBSD-SA-03:09.signal.asc | 197 + .../advisories/FreeBSD-SA-03:10.ibcs2.asc | 137 + .../advisories/FreeBSD-SA-03:11.sendmail.asc | 126 + .../advisories/FreeBSD-SA-03:12.openssh.asc | 323 + .../advisories/FreeBSD-SA-03:13.sendmail.asc | 163 + .../advisories/FreeBSD-SA-03:14.arp.asc | 172 + .../advisories/FreeBSD-SA-03:15.openssh.asc | 335 + .../advisories/FreeBSD-SA-03:16.filedesc.asc | 122 + .../advisories/FreeBSD-SA-03:17.procfs.asc | 221 + .../advisories/FreeBSD-SA-03:18.openssl.asc | 178 + .../advisories/FreeBSD-SA-03:19.bind.asc | 176 + .../FreeBSD-SA-04:01.mksnap_ffs.asc | 135 + .../advisories/FreeBSD-SA-04:02.shmat.asc | 166 + .../advisories/FreeBSD-SA-04:03.jail.asc | 111 + .../advisories/FreeBSD-SA-04:04.tcp.asc | 154 + .../advisories/FreeBSD-SA-04:05.openssl.asc | 134 + .../advisories/FreeBSD-SA-04:06.ipv6.asc | 119 + .../advisories/FreeBSD-SA-04:07.cvs.asc | 133 + .../advisories/FreeBSD-SA-04:08.heimdal.asc | 170 + .../advisories/FreeBSD-SA-04:09.kadmind.asc | 121 + .../advisories/FreeBSD-SA-04:10.cvs.asc | 137 + .../advisories/FreeBSD-SA-04:11.msync.asc | 118 + .../advisories/FreeBSD-SA-04:12.jailroute.asc | 110 + .../advisories/FreeBSD-SA-04:13.linux.asc | 164 + .../advisories/FreeBSD-SA-04:14.cvs.asc | 182 + .../advisories/FreeBSD-SA-04:15.syscons.asc | 104 + .../advisories/FreeBSD-SA-04:16.fetch.asc | 158 + .../advisories/FreeBSD-SA-04:17.procfs.asc | 147 + .../advisories/FreeBSD-SA-05:01.telnet.asc | 142 + .../advisories/FreeBSD-SA-05:02.sendfile.asc | 133 + .../advisories/FreeBSD-SA-05:03.amd64.asc | 105 + .../advisories/FreeBSD-SA-05:04.ifconf.asc | 124 + .../advisories/FreeBSD-SA-05:05.cvs.asc | 143 + .../advisories/FreeBSD-SA-05:06.iir.asc | 138 + .../advisories/FreeBSD-SA-05:07.ldt.asc | 125 + .../advisories/FreeBSD-SA-05:08.kmem.asc | 168 + .../advisories/FreeBSD-SA-05:09.htt.asc | 178 + .../advisories/FreeBSD-SA-05:10.tcpdump.asc | 116 + .../advisories/FreeBSD-SA-05:11.gzip.asc | 132 + .../advisories/FreeBSD-SA-05:12.bind9.asc | 112 + .../advisories/FreeBSD-SA-05:13.ipfw.asc | 117 + .../advisories/FreeBSD-SA-05:14.bzip2.asc | 156 + .../advisories/FreeBSD-SA-05:15.tcp.asc | 139 + .../advisories/FreeBSD-SA-05:16.zlib.asc | 103 + .../advisories/FreeBSD-SA-05:17.devfs.asc | 135 + .../advisories/FreeBSD-SA-05:18.zlib.asc | 112 + .../advisories/FreeBSD-SA-05:19.ipsec.asc | 116 + .../advisories/FreeBSD-SA-05:20.cvsbug.asc | 148 + .../advisories/FreeBSD-SA-05:21.openssl.asc | 165 + .../advisories/FreeBSD-SA-06:01.texindex.asc | 143 + .../advisories/FreeBSD-SA-06:02.ee.asc | 130 + .../advisories/FreeBSD-SA-06:03.cpio.asc | 203 + .../advisories/FreeBSD-SA-06:04.ipfw.asc | 105 + .../advisories/FreeBSD-SA-06:05.80211.asc | 101 + .../advisories/FreeBSD-SA-06:06.kmem.asc | 116 + .../advisories/FreeBSD-SA-06:07.pf.asc | 120 + .../advisories/FreeBSD-SA-06:08.sack.asc | 109 + .../advisories/FreeBSD-SA-06:09.openssh.asc | 183 + .../advisories/FreeBSD-SA-06:10.nfs.asc | 143 + .../advisories/FreeBSD-SA-06:11.ipsec.asc | 134 + .../advisories/FreeBSD-SA-06:12.opie.asc | 144 + .../advisories/FreeBSD-SA-06:13.sendmail.asc | 262 + .../advisories/FreeBSD-SA-06:14-amd.txt | 208 + .../advisories/FreeBSD-SA-06:14.fpu.asc | 170 + .../advisories/FreeBSD-SA-06:15.ypserv.asc | 130 + .../advisories/FreeBSD-SA-06:16.smbfs.asc | 148 + .../advisories/FreeBSD-SA-06:17.sendmail.asc | 153 + .../advisories/FreeBSD-SA-06:18.ppp.asc | 155 + .../advisories/FreeBSD-SA-06:19.openssl.asc | 150 + .../advisories/FreeBSD-SA-06:20.bind.asc | 156 + .../advisories/FreeBSD-SA-06:21.gzip.asc | 162 + .../advisories/FreeBSD-SA-06:22.openssh.asc | 273 + .../advisories/FreeBSD-SA-06:23.openssl.asc | 287 + .../FreeBSD-SA-06:24.libarchive.asc | 94 + .../advisories/FreeBSD-SA-06:25.kmem.asc | 135 + .../advisories/FreeBSD-SA-06:26.gtar.asc | 129 + .../advisories/FreeBSD-SA-07:01.jail.asc | 192 + .../advisories/FreeBSD-SA-07:02.bind.asc | 144 + .../advisories/FreeBSD-SA-07:03.ipv6.asc | 136 + .../advisories/FreeBSD-SA-07:04.file.asc | 133 + .../FreeBSD-SA-07:05.libarchive.asc | 137 + .../advisories/FreeBSD-SA-07:06.tcpdump.asc | 113 + .../advisories/FreeBSD-SA-07:07.bind.asc | 127 + .../advisories/FreeBSD-SA-07:08.openssl.asc | 117 + .../advisories/FreeBSD-SA-07:09.random.asc | 122 + .../advisories/FreeBSD-SA-07:10.gtar.asc | 99 + .../advisories/FreeBSD-SA-08:01.pty.asc | 170 + .../advisories/FreeBSD-SA-08:02.libc.asc | 121 + .../advisories/FreeBSD-SA-08:03.sendfile.asc | 150 + .../advisories/FreeBSD-SA-08:04.ipsec.asc | 104 + .../advisories/FreeBSD-SA-08:05.openssh.asc | 145 + .../advisories/FreeBSD-SA-08:06.bind.asc | 163 + .../advisories/FreeBSD-SA-08:07.amd64.asc | 140 + .../advisories/FreeBSD-SA-08:08.nmount.asc | 113 + .../advisories/FreeBSD-SA-08:09.icmp6.asc | 113 + .../advisories/FreeBSD-SA-08:10.nd6.asc | 145 + .../FreeBSD-SA-08:11.arc4random.asc | 168 + .../advisories/FreeBSD-SA-08:12.ftpd.asc | 155 + .../advisories/FreeBSD-SA-08:13.protosw.asc | 146 + .../advisories/FreeBSD-SA-09:01.lukemftpd.asc | 160 + .../advisories/FreeBSD-SA-09:02.openssl.asc | 201 + .../advisories/FreeBSD-SA-09:03.ntpd.asc | 155 + .../advisories/FreeBSD-SA-09:04.bind.asc | 452 + .../advisories/FreeBSD-SA-09:05.telnetd.asc | 124 + .../advisories/FreeBSD-SA-09:06.ktimer.asc | 117 + .../advisories/FreeBSD-SA-09:07.libc.asc | 156 + .../advisories/FreeBSD-SA-09:08.openssl.asc | 171 + .../advisories/FreeBSD-SA-09:09.pipe.asc | 144 + .../advisories/FreeBSD-SA-09:10.ipv6.asc | 136 + .../advisories/FreeBSD-SA-09:11.ntpd.asc | 145 + .../advisories/FreeBSD-SA-09:12.bind.asc | 153 + .../advisories/FreeBSD-SA-09:13.pipe.asc | 131 + .../advisories/FreeBSD-SA-09:14.devfs.asc | 141 + .../advisories/FreeBSD-SA-09:15.ssl.asc | 184 + .../advisories/FreeBSD-SA-09:16.rtld.asc | 145 + .../FreeBSD-SA-09:17.freebsd-update.asc | 162 + .../advisories/FreeBSD-SA-10:01.bind.asc | 212 + .../advisories/FreeBSD-SA-10:02.ntpd.asc | 148 + .../advisories/FreeBSD-SA-10:03.zfs.asc | 152 + .../advisories/FreeBSD-SA-10:04.jail.asc | 137 + .../advisories/FreeBSD-SA-10:05.opie.asc | 166 + .../advisories/FreeBSD-SA-10:06.nfsclient.asc | 159 + .../advisories/FreeBSD-SA-10:07.mbuf.asc | 156 + .../advisories/FreeBSD-SA-10:08.bzip2.asc | 162 + .../advisories/FreeBSD-SA-10:09.pseudofs.asc | 134 + .../advisories/FreeBSD-SA-10:10.openssl.asc | 168 + .../advisories/FreeBSD-SA-11:01.mountd.asc | 150 + .../advisories/FreeBSD-SA-11:02.bind.asc | 152 + .../advisories/FreeBSD-SA-11:03.bind.asc | 86 + .../advisories/FreeBSD-SA-11:04.compress.asc | 158 + .../advisories/FreeBSD-SA-11:05.unix.asc | 182 + .../advisories/FreeBSD-SA-11:06.bind.asc | 181 + .../advisories/FreeBSD-SA-11:07.chroot.asc | 232 + .../advisories/FreeBSD-SA-11:08.telnetd.asc | 173 + .../advisories/FreeBSD-SA-11:09.pam_ssh.asc | 185 + .../advisories/FreeBSD-SA-11:10.pam.asc | 186 + .../advisories/FreeBSD-SA-12:01.openssl.asc | 320 + .../advisories/FreeBSD-SA-12:02.crypt.asc | 155 + .../advisories/FreeBSD-SA-12:03.bind.asc | 176 + .../advisories/FreeBSD-SA-12:04.sysret.asc | 177 + .../advisories/FreeBSD-SA-12:05.bind.asc | 176 + .../advisories/FreeBSD-SA-96:01.sliplogin.asc | 127 + .../advisories/FreeBSD-SA-96:02.apache.asc | 93 + .../FreeBSD-SA-96:03.sendmail-suggestion.asc | 113 + .../advisories/FreeBSD-SA-96:08.syslog.asc | 77 + .../advisories/FreeBSD-SA-96:09.vfsload.asc | 141 + .../FreeBSD-SA-96:10.mount_union.asc | 121 + .../advisories/FreeBSD-SA-96:11.man.asc | 118 + .../advisories/FreeBSD-SA-96:12.perl.asc | 144 + .../advisories/FreeBSD-SA-96:13.comsat.asc | 141 + .../advisories/FreeBSD-SA-96:14.ipfw.asc | 246 + .../advisories/FreeBSD-SA-96:15.ppp.asc | 235 + .../advisories/FreeBSD-SA-96:16.rdist.asc | 118 + .../advisories/FreeBSD-SA-96:17.rzsz.asc | 139 + .../advisories/FreeBSD-SA-96:18.lpr.asc | 89 + .../advisories/FreeBSD-SA-96:19.modstat.asc | 109 + .../FreeBSD-SA-96:20.stack-overflow.asc | 272 + .../advisories/FreeBSD-SA-96:21.talkd.asc | 357 + .../advisories/FreeBSD-SA-97:01.setlocale.asc | 208 + .../advisories/FreeBSD-SA-97:02.lpd.asc | 99 + .../FreeBSD-SA-97:03.sysinstall.asc | 106 + .../advisories/FreeBSD-SA-97:04.procfs.asc | 445 + .../advisories/FreeBSD-SA-97:05.open.asc | 168 + .../advisories/FreeBSD-SA-97:06.f00f.asc | 234 + .../advisories/FreeBSD-SA-98:01.land.asc | 219 + .../advisories/FreeBSD-SA-98:02.mmap.asc | 239 + .../advisories/FreeBSD-SA-98:03.ttcp.asc | 114 + .../advisories/FreeBSD-SA-98:04.mmap.asc | 201 + .../advisories/FreeBSD-SA-98:05.nfs.asc | 127 + .../advisories/FreeBSD-SA-98:06.icmp.asc | 128 + .../advisories/FreeBSD-SA-98:07.rst.asc | 508 + .../advisories/FreeBSD-SA-98:08.fragment.asc | 96 + .../advisories/FreeBSD-SA-99:01.chflags.asc | 183 + .../advisories/FreeBSD-SA-99:02.profil.asc | 94 + .../advisories/FreeBSD-SA-99:03.ftpd.asc | 110 + .../advisories/FreeBSD-SA-99:04.core.asc | 284 + .../advisories/FreeBSD-SA-99:05.fts.asc | 152 + .../advisories/FreeBSD-SA-99:06.amd.asc | 187 + .../security/advisories/FreeBSD-SN-02:01.asc | 157 + .../security/advisories/FreeBSD-SN-02:02.asc | 182 + .../security/advisories/FreeBSD-SN-02:03.asc | 146 + .../security/advisories/FreeBSD-SN-02:04.asc | 166 + .../security/advisories/FreeBSD-SN-02:05.asc | 271 + .../security/advisories/FreeBSD-SN-02:06.asc | 225 + .../security/advisories/FreeBSD-SN-03:01.asc | 111 + .../security/advisories/FreeBSD-SN-03:02.asc | 60 + share/security/patches/EN-04:01/twe.patch | 195 + share/security/patches/EN-04:01/twe.patch.asc | 7 + share/security/patches/EN-06:02/net.patch | 141 + share/security/patches/EN-06:02/net.patch.asc | 7 + share/security/patches/EN-07:01/nfs60.patch | 421 + .../security/patches/EN-07:01/nfs60.patch.asc | 7 + share/security/patches/EN-07:01/nfs61.patch | 153 + .../security/patches/EN-07:01/nfs61.patch.asc | 7 + share/security/patches/EN-07:02/net.patch | 16 + share/security/patches/EN-07:02/net.patch.asc | 7 + .../security/patches/EN-07:03/rc.d_jail.patch | 18 + .../patches/EN-07:03/rc.d_jail.patch.asc | 7 + .../security/patches/EN-07:04/zoneinfo.patch | 3705 + .../patches/EN-07:04/zoneinfo.patch.asc | 7 + .../patches/EN-07:05/freebsd-update.patch | 43 + .../patches/EN-07:05/freebsd-update.patch.asc | 7 + .../patches/EN-08:01/libpthread.patch | 85 + .../patches/EN-08:01/libpthread.patch.asc | 7 + share/security/patches/EN-08:02/tcp.patch | 94 + share/security/patches/EN-08:02/tcp.patch.asc | 7 + share/security/patches/EN-09:01/kenv.patch | 33 + .../security/patches/EN-09:01/kenv.patch.asc | 7 + share/security/patches/EN-09:02/bce.patch | 18 + share/security/patches/EN-09:02/bce.patch.asc | 7 + share/security/patches/EN-09:03/fxp.patch | 18 + share/security/patches/EN-09:03/fxp.patch.asc | 7 + share/security/patches/EN-09:04/fork.patch | 82 + .../security/patches/EN-09:04/fork.patch.asc | 7 + share/security/patches/EN-09:05/null.patch | 45 + .../security/patches/EN-09:05/null.patch.asc | 7 + share/security/patches/EN-09:05/null6.patch | 48 + .../security/patches/EN-09:05/null6.patch.asc | 7 + share/security/patches/EN-10:01/mcinit.patch | 20 + .../patches/EN-10:01/mcinit.patch.asc | 7 + .../security/patches/EN-10:01/multicast.patch | 100 + .../patches/EN-10:01/multicast.patch.asc | 7 + .../patches/EN-10:01/nfsreconnect.patch | 27 + .../patches/EN-10:01/nfsreconnect.patch.asc | 7 + share/security/patches/EN-10:01/rename.patch | 17 + .../patches/EN-10:01/rename.patch.asc | 7 + share/security/patches/EN-10:01/sctp.patch | 14 + .../security/patches/EN-10:01/sctp.patch.asc | 7 + share/security/patches/EN-10:01/zfsmac.patch | 78 + .../patches/EN-10:01/zfsmac.patch.asc | 7 + .../patches/EN-10:01/zfsvaccess.patch | 72 + .../patches/EN-10:01/zfsvaccess.patch.asc | 7 + .../security/patches/EN-10:02/sched_ule.patch | 38 + .../patches/EN-10:02/sched_ule.patch.asc | 7 + .../patches/EN-12:01/freebsd-update.patch | 13 + .../patches/EN-12:01/freebsd-update.patch.asc | 7 + .../patches/EN-12:02/ipv6refcount-83.patch | 110 + .../EN-12:02/ipv6refcount-83.patch.asc | 7 + .../patches/EN-12:02/ipv6refcount.patch | 128 + .../patches/EN-12:02/ipv6refcount.patch.asc | 7 + share/security/patches/SA-00:01/make.patch | 146 + .../security/patches/SA-00:01/make.patch.asc | 9 + share/security/patches/SA-00:02/procfs.patch | 100 + .../patches/SA-00:02/procfs.patch.asc | 9 + .../patches/SA-00:17/libmytinfo.patch | 25 + .../patches/SA-00:17/libmytinfo.patch.asc | 9 + .../security/patches/SA-00:19/semconfig.patch | 285 + .../patches/SA-00:19/semconfig.patch.asc | 9 + .../security/patches/SA-00:23/ip-options.diff | 71 + .../patches/SA-00:23/ip-options.diff.asc | 9 + share/security/patches/SA-00:24/libedit.patch | 20 + .../patches/SA-00:24/libedit.patch.asc | 9 + share/security/patches/SA-00:25/kernel.gz | Bin 0 -> 1586756 bytes share/security/patches/SA-00:25/kernel.gz.asc | 9 + .../security/patches/SA-00:25/kernel.sys.diff | 1289 + .../patches/SA-00:25/kernel.sys.diff.asc | 9 + share/security/patches/SA-00:30/sshd.patch | 21 + .../security/patches/SA-00:30/sshd.patch.asc | 9 + share/security/patches/SA-00:41/elf.patch | 65 + share/security/patches/SA-00:41/elf.patch.asc | 9 + share/security/patches/SA-00:42/linux.patch | 83 + .../security/patches/SA-00:42/linux.patch.asc | 9 + .../patches/SA-00:52/tcp-iss-3.x.patch | 196 + .../patches/SA-00:52/tcp-iss-3.x.patch.asc | 9 + share/security/patches/SA-00:52/tcp-iss.patch | 52 + .../patches/SA-00:52/tcp-iss.patch.asc | 9 + share/security/patches/SA-00:54/fingerd.patch | 40 + .../patches/SA-00:54/fingerd.patch.asc | 9 + share/security/patches/SA-00:58/vipw.patch | 17 + .../security/patches/SA-00:58/vipw.patch.asc | 10 + .../patches/SA-00:61/tcpdump-3.x.patch | 256 + .../patches/SA-00:61/tcpdump-3.x.patch.asc | 10 + .../patches/SA-00:61/tcpdump-4.x.patch.v1.1 | 479 + .../SA-00:61/tcpdump-4.x.patch.v1.1.asc | 10 + .../security/patches/SA-00:62/top.patch.v1.1 | 51 + .../patches/SA-00:62/top.patch.v1.1.asc | 10 + .../patches/SA-00:63/getnameinfo.patch | 26 + .../patches/SA-00:63/getnameinfo.patch.asc | 10 + .../security/patches/SA-00:68/ncurses.tar.gz | Bin 0 -> 1404734 bytes .../patches/SA-00:68/ncurses.tar.gz.asc | 10 + .../patches/SA-00:69/telnetd.patch.v1.1 | 116 + .../patches/SA-00:69/telnetd.patch.v1.1.asc | 10 + share/security/patches/SA-00:70/ppp.patch | 21 + share/security/patches/SA-00:70/ppp.patch.asc | 10 + share/security/patches/SA-00:76/csh.patch | 42 + share/security/patches/SA-00:76/csh.patch.asc | 10 + share/security/patches/SA-00:76/tcsh.patch | 69 + .../security/patches/SA-00:76/tcsh.patch.asc | 10 + .../patches/SA-00:77/procfs.3.5.1.patch.v1.1 | 184 + .../SA-00:77/procfs.3.5.1.patch.v1.1.asc | 10 + .../patches/SA-00:77/procfs.4.1.patch | 334 + .../patches/SA-00:77/procfs.4.1.patch.asc | 10 + .../patches/SA-00:77/procfs.4.2.patch | 40 + .../patches/SA-00:77/procfs.4.2.patch.asc | 10 + share/security/patches/SA-01:01/openssh.patch | 50 + .../patches/SA-01:01/openssh.patch.asc | 10 + .../security/patches/SA-01:08/ipfw-3.x.patch | 122 + .../patches/SA-01:08/ipfw-3.x.patch.asc | 10 + .../SA-01:08/ipfw-4.2-regression.patch | 19 + .../SA-01:08/ipfw-4.2-regression.patch.asc | 10 + .../security/patches/SA-01:08/ipfw-4.x.patch | 220 + .../patches/SA-01:08/ipfw-4.x.patch.asc | 10 + .../patches/SA-01:09/crontab-4.x.patch | 100 + .../patches/SA-01:09/crontab-4.x.patch.asc | 10 + .../patches/SA-01:11/inetd-3.5.1.patch | 18 + .../patches/SA-01:11/inetd-3.5.1.patch.asc | 10 + .../security/patches/SA-01:11/inetd-4.2.patch | 74 + .../patches/SA-01:11/inetd-4.2.patch.asc | 10 + .../security/patches/SA-01:12/periodic.patch | 30 + .../patches/SA-01:12/periodic.patch.asc | 10 + .../patches/SA-01:13/sort-3.5.1.patch | 49 + .../patches/SA-01:13/sort-3.5.1.patch.asc | 10 + .../patches/SA-01:13/sort-4.1.1.patch | 49 + .../patches/SA-01:13/sort-4.1.1.patch.asc | 10 + .../patches/SA-01:24/sshd-4.2-release.patch | 210 + .../SA-01:24/sshd-4.2-release.patch.asc | 10 + .../patches/SA-01:24/sshd-4.2-stable.patch | 194 + .../SA-01:24/sshd-4.2-stable.patch.asc | 10 + .../patches/SA-01:25/telnetd-krb.3.5.1.patch | 247 + .../SA-01:25/telnetd-krb.3.5.1.patch.asc | 10 + .../patches/SA-01:25/telnetd-krb.4.2.patch | 247 + .../SA-01:25/telnetd-krb.4.2.patch.asc | 10 + share/security/patches/SA-01:28/timed.patch | 65 + .../security/patches/SA-01:28/timed.patch.asc | 10 + share/security/patches/SA-01:29/rwhod.patch | 43 + .../security/patches/SA-01:29/rwhod.patch.asc | 10 + share/security/patches/SA-01:30/fs.patch | 56 + share/security/patches/SA-01:30/fs.patch.asc | 10 + .../security/patches/SA-01:31/ntpd-3.x.patch | 47 + .../patches/SA-01:31/ntpd-3.x.patch.asc | Bin 0 -> 152 bytes .../security/patches/SA-01:31/ntpd-4.x.patch | 46 + .../patches/SA-01:31/ntpd-4.x.patch.asc | Bin 0 -> 152 bytes .../security/patches/SA-01:32/ipfilter.patch | 169 + .../patches/SA-01:32/ipfilter.patch.asc | 10 + .../security/patches/SA-01:33/glob.3.x.patch | 559 + .../patches/SA-01:33/glob.3.x.patch.asc | 10 + .../security/patches/SA-01:33/glob.4.x.patch | 567 + .../patches/SA-01:33/glob.4.x.patch.asc | 10 + share/security/patches/SA-01:40/fts.patch | 98 + share/security/patches/SA-01:40/fts.patch.asc | 10 + .../patches/SA-01:42/signal-4.3.patch | 64 + .../patches/SA-01:42/signal-4.3.patch.asc | 10 + .../patches/SA-01:48/tcpdump-4.x.patch | 64 + .../patches/SA-01:48/tcpdump-4.x.patch.asc | 10 + .../patches/SA-01:49/telnetd-crypto.patch | 2651 + .../patches/SA-01:49/telnetd-crypto.patch.asc | 10 + share/security/patches/SA-01:49/telnetd.patch | 1256 + .../patches/SA-01:49/telnetd.patch.asc | 10 + share/security/patches/SA-01:51/openssl.patch | 86 + .../patches/SA-01:51/openssl.patch.asc | 10 + .../security/patches/SA-01:52/frag-3.x.patch | 84 + .../patches/SA-01:52/frag-3.x.patch.asc | 10 + .../security/patches/SA-01:52/frag-4.x.patch | 118 + .../patches/SA-01:52/frag-4.x.patch.asc | 10 + share/security/patches/SA-01:53/ipfw.patch | 75 + .../security/patches/SA-01:53/ipfw.patch.asc | 10 + share/security/patches/SA-01:55/procfs.patch | 181 + .../patches/SA-01:55/procfs.patch.asc | 10 + .../patches/SA-01:56/tcp_wrappers.patch | 11 + .../patches/SA-01:56/tcp_wrappers.patch.asc | 10 + .../security/patches/SA-01:57/sendmail.patch | 17 + .../patches/SA-01:57/sendmail.patch.asc | 10 + .../patches/SA-01:58/lpd-3.x-4.2.patch | 56 + .../patches/SA-01:58/lpd-3.x-4.2.patch.asc | 10 + share/security/patches/SA-01:58/lpd-4.3.patch | 56 + .../patches/SA-01:58/lpd-4.3.patch.asc | 10 + .../patches/SA-01:59/rmuser.patch.v1.1 | 59 + .../patches/SA-01:59/rmuser.patch.v1.1.asc | 10 + share/security/patches/SA-01:62/uucp.patch | 114 + .../security/patches/SA-01:62/uucp.patch.asc | 10 + share/security/patches/SA-01:63/sshd.patch | 23 + .../security/patches/SA-01:63/sshd.patch.asc | 10 + share/security/patches/SA-02:01/pkg_add.patch | 11 + .../patches/SA-02:01/pkg_add.patch.asc | 10 + share/security/patches/SA-02:02/pw.patch | 11 + share/security/patches/SA-02:02/pw.patch.asc | 10 + share/security/patches/SA-02:07/k5su.patch | 48 + .../security/patches/SA-02:07/k5su.patch.asc | 10 + .../security/patches/SA-02:08/exec-43R.patch | 203 + .../patches/SA-02:08/exec-43R.patch.asc | 10 + share/security/patches/SA-02:08/exec.patch | 194 + .../security/patches/SA-02:08/exec.patch.asc | 10 + share/security/patches/SA-02:09/fstatfs.patch | 16 + .../patches/SA-02:09/fstatfs.patch.asc | 10 + share/security/patches/SA-02:13/openssh.patch | 17 + .../patches/SA-02:13/openssh.patch.asc | 10 + share/security/patches/SA-02:18/zlib.patch | 88 + .../security/patches/SA-02:18/zlib.patch.asc | 10 + .../SA-02:18/zlib.v1.1.corrected.patch | 49 + .../SA-02:18/zlib.v1.1.corrected.patch.asc | 10 + .../security/patches/SA-02:18/zlib.v1.1.patch | 117 + .../patches/SA-02:18/zlib.v1.1.patch.asc | 10 + .../security/patches/SA-02:20/syncache.patch | 28 + .../patches/SA-02:20/syncache.patch.asc | 10 + share/security/patches/SA-02:21/tcpip.patch | 82 + .../security/patches/SA-02:21/tcpip.patch.asc | 10 + share/security/patches/SA-02:22/mmap.patch | 17 + .../security/patches/SA-02:22/mmap.patch.asc | 10 + share/security/patches/SA-02:23/stdio.patch | 112 + .../security/patches/SA-02:23/stdio.patch.asc | 10 + .../patches/SA-02:23/stdio.patch.v1.2 | 109 + .../patches/SA-02:23/stdio.patch.v1.2.asc | 9 + .../patches/SA-02:23/stdio2.patch.v1.2 | 24 + .../patches/SA-02:23/stdio2.patch.v1.2.asc | 9 + share/security/patches/SA-02:25/bzip2.patch | 1180 + .../security/patches/SA-02:25/bzip2.patch.asc | 10 + share/security/patches/SA-02:26/accept.patch | 51 + .../patches/SA-02:26/accept.patch.asc | 9 + share/security/patches/SA-02:27/rc.patch | 15 + share/security/patches/SA-02:27/rc.patch.asc | 9 + share/security/patches/SA-02:28/resolv.patch | 44 + .../patches/SA-02:28/resolv.patch.asc | 9 + share/security/patches/SA-02:29/tcpdump.patch | 23 + .../patches/SA-02:29/tcpdump.patch.asc | 9 + share/security/patches/SA-02:30/ktrace.patch | 18 + .../patches/SA-02:30/ktrace.patch.asc | 9 + share/security/patches/SA-02:32/pppd.patch | 13 + .../security/patches/SA-02:32/pppd.patch.asc | 9 + share/security/patches/SA-02:33/openssl.patch | 50892 ++++++++++++ .../patches/SA-02:33/openssl.patch.asc | 9 + .../security/patches/SA-02:33/openssl2.patch | 11 + .../patches/SA-02:33/openssl2.patch.asc | 9 + share/security/patches/SA-02:34/rpc.patch | 34 + share/security/patches/SA-02:34/rpc.patch.asc | 9 + share/security/patches/SA-02:35/ffs.patch | 17 + share/security/patches/SA-02:35/ffs.patch.asc | 9 + share/security/patches/SA-02:36/nfs.patch | 23 + share/security/patches/SA-02:36/nfs.patch.asc | 9 + share/security/patches/SA-02:37/kqueue.patch | 18 + .../patches/SA-02:37/kqueue.patch.asc | 9 + .../patches/SA-02:38/signed-error.patch | 50 + .../patches/SA-02:38/signed-error.patch.asc | 9 + share/security/patches/SA-02:39/libkvm.patch | 47 + .../patches/SA-02:39/libkvm.patch.asc | 9 + share/security/patches/SA-02:40/kadmind.patch | 68 + .../patches/SA-02:40/kadmind.patch.asc | 9 + share/security/patches/SA-02:41/smrsh.patch | 66 + .../security/patches/SA-02:41/smrsh.patch.asc | 9 + share/security/patches/SA-02:41/smrsh2.patch | 61 + .../patches/SA-02:41/smrsh2.patch.asc | 9 + share/security/patches/SA-02:42/resolv.patch | 686 + .../patches/SA-02:42/resolv.patch.asc | 9 + share/security/patches/SA-02:43/bind.patch | 404 + .../security/patches/SA-02:43/bind.patch.asc | 9 + .../security/patches/SA-02:44/filedesc.patch | 29 + .../patches/SA-02:44/filedesc.patch.asc | 9 + share/security/patches/SA-03:01/cvs.patch | 50 + share/security/patches/SA-03:01/cvs.patch.asc | 7 + .../security/patches/SA-03:02/openssl46.patch | 64610 ++++++++++++++++ .../patches/SA-03:02/openssl46.patch.asc | 7 + .../patches/SA-03:02/openssl46.patch.gz | Bin 0 -> 378295 bytes .../patches/SA-03:02/openssl46.patch.gz.asc | 7 + .../patches/SA-03:02/openssl462.patch | 11505 +++ .../patches/SA-03:02/openssl462.patch.asc | 7 + .../patches/SA-03:02/openssl462.patch.gz | Bin 0 -> 66741 bytes .../patches/SA-03:02/openssl462.patch.gz.asc | 7 + .../security/patches/SA-03:02/openssl47.patch | 10210 +++ .../patches/SA-03:02/openssl47.patch.asc | 7 + .../patches/SA-03:02/openssl47.patch.gz | Bin 0 -> 59328 bytes .../patches/SA-03:02/openssl47.patch.gz.asc | 7 + .../security/patches/SA-03:02/openssl4b.patch | 18727 +++++ .../patches/SA-03:02/openssl4b.patch.gz | Bin 0 -> 87631 bytes .../patches/SA-03:02/openssl4b.patch.gz.asc | 7 + .../security/patches/SA-03:02/openssl4s.patch | 18727 +++++ .../patches/SA-03:02/openssl4s.patch.asc | 7 + .../patches/SA-03:02/openssl4s.patch.gz | Bin 0 -> 87631 bytes .../patches/SA-03:02/openssl4s.patch.gz.asc | 7 + .../security/patches/SA-03:02/openssl50.patch | 18130 +++++ .../patches/SA-03:02/openssl50.patch.asc | 7 + .../patches/SA-03:02/openssl50.patch.gz | Bin 0 -> 80366 bytes .../patches/SA-03:02/openssl50.patch.gz.asc | 7 + .../security/patches/SA-03:03/syncookie.patch | 217 + .../patches/SA-03:03/syncookie.patch.asc | 7 + .../SA-03:04/sendmail-4.6-i386-crypto.bin.gz | Bin 0 -> 262184 bytes .../sendmail-4.6-i386-crypto.bin.gz.asc | 7 + .../sendmail-4.6-i386-nocrypto.bin.gz | Bin 0 -> 251498 bytes .../sendmail-4.6-i386-nocrypto.bin.gz.asc | 7 + .../SA-03:04/sendmail-4.7-i386-crypto.bin.gz | Bin 0 -> 262877 bytes .../sendmail-4.7-i386-crypto.bin.gz.asc | 7 + .../sendmail-4.7-i386-nocrypto.bin.gz | Bin 0 -> 252256 bytes .../sendmail-4.7-i386-nocrypto.bin.gz.asc | 7 + .../SA-03:04/sendmail-5.0-i386-crypto.bin.gz | Bin 0 -> 264172 bytes .../sendmail-5.0-i386-crypto.bin.gz.asc | 7 + .../sendmail-5.0-i386-nocrypto.bin.gz | Bin 0 -> 253496 bytes .../sendmail-5.0-i386-nocrypto.bin.gz.asc | 7 + .../security/patches/SA-03:04/sendmail.patch | 497 + .../patches/SA-03:04/sendmail.patch.asc | 7 + share/security/patches/SA-03:05/xdr-4.patch | 102 + .../security/patches/SA-03:05/xdr-4.patch.asc | 8 + share/security/patches/SA-03:05/xdr-5.patch | 102 + .../security/patches/SA-03:05/xdr-5.patch.asc | 8 + share/security/patches/SA-03:06/openssl.patch | 135 + .../patches/SA-03:06/openssl.patch.asc | 8 + .../SA-03:07/sendmail-4.6-i386-crypto.bin.gz | Bin 0 -> 262253 bytes .../sendmail-4.6-i386-crypto.bin.gz.asc | 7 + .../sendmail-4.6-i386-nocrypto.bin.gz | Bin 0 -> 251514 bytes .../sendmail-4.6-i386-nocrypto.bin.gz.asc | 7 + .../SA-03:07/sendmail-4.7-i386-crypto.bin.gz | Bin 0 -> 262825 bytes .../sendmail-4.7-i386-crypto.bin.gz.asc | 7 + .../sendmail-4.7-i386-nocrypto.bin.gz | Bin 0 -> 252281 bytes .../sendmail-4.7-i386-nocrypto.bin.gz.asc | 7 + .../SA-03:07/sendmail-5.0-i386-crypto.bin.gz | Bin 0 -> 264235 bytes .../sendmail-5.0-i386-crypto.bin.gz.asc | 7 + .../sendmail-5.0-i386-nocrypto.bin.gz | Bin 0 -> 253592 bytes .../sendmail-5.0-i386-nocrypto.bin.gz.asc | 7 + .../security/patches/SA-03:07/sendmail.patch | 107 + .../patches/SA-03:07/sendmail.patch.asc | 7 + .../security/patches/SA-03:08/realpath.patch | 25 + .../patches/SA-03:08/realpath.patch.asc | 7 + .../security/patches/SA-03:09/signal47.patch | 43 + .../patches/SA-03:09/signal47.patch.asc | 7 + .../security/patches/SA-03:09/signal4s.patch | 43 + .../patches/SA-03:09/signal4s.patch.asc | 7 + .../security/patches/SA-03:09/signal50.patch | 71 + .../patches/SA-03:09/signal50.patch.asc | 7 + .../security/patches/SA-03:09/signal51.patch | 82 + .../patches/SA-03:09/signal51.patch.asc | 7 + share/security/patches/SA-03:10/ibcs2.patch | 20 + .../security/patches/SA-03:10/ibcs2.patch.asc | 7 + .../security/patches/SA-03:11/sendmail.patch | 10 + .../patches/SA-03:11/sendmail.patch.asc | 7 + .../security/patches/SA-03:12/buffer44.patch | 319 + .../patches/SA-03:12/buffer44.patch.asc | 7 + .../security/patches/SA-03:12/buffer45.patch | 269 + .../patches/SA-03:12/buffer45.patch.asc | 7 + .../security/patches/SA-03:12/buffer46.patch | 344 + .../patches/SA-03:12/buffer46.patch.asc | 7 + .../security/patches/SA-03:13/sendmail.patch | 22 + .../patches/SA-03:13/sendmail.patch.asc | 7 + share/security/patches/SA-03:14/arp.patch | 43 + share/security/patches/SA-03:14/arp.patch.asc | 7 + .../security/patches/SA-03:15/openssh46.patch | 282 + .../patches/SA-03:15/openssh46.patch.asc | 7 + .../security/patches/SA-03:15/openssh47.patch | 228 + .../patches/SA-03:15/openssh47.patch.asc | 7 + .../security/patches/SA-03:15/openssh48.patch | 347 + .../patches/SA-03:15/openssh48.patch.asc | 7 + .../security/patches/SA-03:15/openssh4s.patch | 347 + .../patches/SA-03:15/openssh4s.patch.asc | 7 + .../security/patches/SA-03:15/openssh51.patch | 248 + .../patches/SA-03:15/openssh51.patch.asc | 7 + .../security/patches/SA-03:16/filedesc.patch | 55 + .../patches/SA-03:16/filedesc.patch.asc | 7 + .../security/patches/SA-03:17/procfs43.patch | 543 + .../patches/SA-03:17/procfs43.patch.asc | 7 + .../security/patches/SA-03:17/procfs4x.patch | 583 + .../patches/SA-03:17/procfs4x.patch.asc | 7 + .../security/patches/SA-03:17/procfs50.patch | 370 + .../patches/SA-03:17/procfs50.patch.asc | 7 + .../security/patches/SA-03:17/procfs51.patch | 374 + .../patches/SA-03:17/procfs51.patch.asc | 7 + .../security/patches/SA-03:18/openssl96.patch | 77 + .../patches/SA-03:18/openssl96.patch.asc | 7 + .../security/patches/SA-03:18/openssl97.patch | 126 + .../patches/SA-03:18/openssl97.patch.asc | 7 + .../security/patches/SA-03:19/bind-833.patch | 106 + .../patches/SA-03:19/bind-833.patch.asc | 7 + .../security/patches/SA-03:19/bind-834.patch | 106 + .../patches/SA-03:19/bind-834.patch.asc | 7 + .../security/patches/SA-03:19/bind-836.patch | 106 + .../patches/SA-03:19/bind-836.patch.asc | 7 + .../patches/SA-04:01/mksnap_ffs_5_1.patch | 104 + .../patches/SA-04:01/mksnap_ffs_5_1.patch.asc | 7 + .../patches/SA-04:01/mksnap_ffs_5_2.patch | 44 + .../patches/SA-04:01/mksnap_ffs_5_2.patch.asc | 7 + share/security/patches/SA-04:02/shmat.patch | 14 + .../security/patches/SA-04:02/shmat.patch.asc | 7 + share/security/patches/SA-04:03/jail.patch | 72 + .../security/patches/SA-04:03/jail.patch.asc | 7 + share/security/patches/SA-04:04/tcp47.patch | 137 + .../security/patches/SA-04:04/tcp47.patch.asc | 7 + share/security/patches/SA-04:04/tcp51.patch | 291 + .../security/patches/SA-04:04/tcp51.patch.asc | 7 + share/security/patches/SA-04:04/tcp52.patch | 203 + .../security/patches/SA-04:04/tcp52.patch.asc | 7 + share/security/patches/SA-04:05/openssl.patch | 24 + .../patches/SA-04:05/openssl.patch.asc | 7 + share/security/patches/SA-04:06/ipv6.patch | 81 + .../security/patches/SA-04:06/ipv6.patch.asc | 7 + share/security/patches/SA-04:07/cvs.patch | 53 + share/security/patches/SA-04:07/cvs.patch.asc | 7 + .../security/patches/SA-04:08/heimdal51.patch | 706 + .../patches/SA-04:08/heimdal51.patch.asc | 7 + .../security/patches/SA-04:08/heimdal6.patch | 558 + .../patches/SA-04:08/heimdal6.patch.asc | 7 + share/security/patches/SA-04:09/kadmin.patch | 11 + .../patches/SA-04:09/kadmin.patch.asc | 7 + share/security/patches/SA-04:10/cvs.patch | 85 + share/security/patches/SA-04:10/cvs.patch.asc | 7 + share/security/patches/SA-04:11/msync4.patch | 54 + .../patches/SA-04:11/msync4.patch.asc | 7 + share/security/patches/SA-04:11/msync5.patch | 45 + .../patches/SA-04:11/msync5.patch.asc | 7 + .../security/patches/SA-04:12/jailroute.patch | 13 + .../patches/SA-04:12/jailroute.patch.asc | 7 + share/security/patches/SA-04:13/linux4.patch | 59 + .../patches/SA-04:13/linux4.patch.asc | 7 + share/security/patches/SA-04:13/linux5.patch | 50 + .../patches/SA-04:13/linux5.patch.asc | 7 + share/security/patches/SA-04:14/cvs.patch | 630 + share/security/patches/SA-04:14/cvs.patch.asc | 7 + share/security/patches/SA-04:15/syscons.patch | 26 + .../patches/SA-04:15/syscons.patch.asc | 7 + share/security/patches/SA-04:16/fetch.patch | 17 + .../security/patches/SA-04:16/fetch.patch.asc | 7 + share/security/patches/SA-04:17/procfs4.patch | 47 + .../patches/SA-04:17/procfs4.patch.asc | 7 + share/security/patches/SA-04:17/procfs5.patch | 76 + .../patches/SA-04:17/procfs5.patch.asc | 7 + share/security/patches/SA-05:01/telnet4.patch | 372 + .../patches/SA-05:01/telnet4.patch.asc | 7 + share/security/patches/SA-05:01/telnet5.patch | 93 + .../patches/SA-05:01/telnet5.patch.asc | 7 + .../patches/SA-05:02/sendfile_4.patch | 15 + .../patches/SA-05:02/sendfile_4.patch.asc | 7 + .../patches/SA-05:02/sendfile_5.patch | 15 + .../patches/SA-05:02/sendfile_5.patch.asc | 7 + share/security/patches/SA-05:03/amd64.patch | 47 + .../security/patches/SA-05:03/amd64.patch.asc | 7 + share/security/patches/SA-05:04/ifconf4.patch | 20 + .../patches/SA-05:04/ifconf4.patch.asc | 7 + share/security/patches/SA-05:04/ifconf5.patch | 20 + .../patches/SA-05:04/ifconf5.patch.asc | 7 + share/security/patches/SA-05:05/cvs.patch | 99 + share/security/patches/SA-05:05/cvs.patch.asc | 7 + share/security/patches/SA-05:05/cvs410.patch | 99 + .../patches/SA-05:05/cvs410.patch.asc | 7 + share/security/patches/SA-05:06/iir.patch | 22 + share/security/patches/SA-05:06/iir.patch.asc | 7 + share/security/patches/SA-05:07/ldt4.patch | 30 + .../security/patches/SA-05:07/ldt4.patch.asc | 7 + share/security/patches/SA-05:07/ldt5.patch | 30 + .../security/patches/SA-05:07/ldt5.patch.asc | 7 + share/security/patches/SA-05:08/kmem4.patch | 75 + .../security/patches/SA-05:08/kmem4.patch.asc | 7 + share/security/patches/SA-05:08/kmem4x.patch | 106 + .../patches/SA-05:08/kmem4x.patch.asc | 7 + share/security/patches/SA-05:08/kmem5.patch | 122 + .../security/patches/SA-05:08/kmem5.patch.asc | 7 + share/security/patches/SA-05:08/kmem5x.patch | 154 + .../patches/SA-05:08/kmem5x.patch.asc | 7 + share/security/patches/SA-05:09/htt410.patch | 184 + .../patches/SA-05:09/htt410.patch.asc | 7 + share/security/patches/SA-05:09/htt411.patch | 194 + .../patches/SA-05:09/htt411.patch.asc | 7 + share/security/patches/SA-05:09/htt5.patch | 372 + .../security/patches/SA-05:09/htt5.patch.asc | 7 + share/security/patches/SA-05:10/tcpdump.patch | 99 + .../patches/SA-05:10/tcpdump.patch.asc | 7 + share/security/patches/SA-05:11/gzip.patch | 64 + .../security/patches/SA-05:11/gzip.patch.asc | 7 + share/security/patches/SA-05:12/bind9.patch | 25 + .../security/patches/SA-05:12/bind9.patch.asc | 7 + share/security/patches/SA-05:13/ipfw.patch | 74 + .../security/patches/SA-05:13/ipfw.patch.asc | 7 + share/security/patches/SA-05:14/bzip2.patch | 411 + .../security/patches/SA-05:14/bzip2.patch.asc | 7 + share/security/patches/SA-05:15/tcp.patch | 63 + share/security/patches/SA-05:15/tcp.patch.asc | 7 + share/security/patches/SA-05:15/tcp4.patch | 63 + .../security/patches/SA-05:15/tcp4.patch.asc | 7 + share/security/patches/SA-05:16/zlib.patch | 16 + .../security/patches/SA-05:16/zlib.patch.asc | 7 + share/security/patches/SA-05:17/devfs.patch | 20 + .../security/patches/SA-05:17/devfs.patch.asc | 7 + share/security/patches/SA-05:18/zlib.patch | 24 + .../security/patches/SA-05:18/zlib.patch.asc | 7 + share/security/patches/SA-05:19/ipsec.patch | 47 + .../security/patches/SA-05:19/ipsec.patch.asc | 7 + share/security/patches/SA-05:20/cvsbug.patch | 22 + .../patches/SA-05:20/cvsbug.patch.asc | 7 + .../security/patches/SA-05:20/cvsbug410.patch | 51 + .../patches/SA-05:20/cvsbug410.patch.asc | 7 + .../security/patches/SA-05:20/cvsbug53.patch | 39 + share/security/patches/SA-05:21/openssl.patch | 28 + .../patches/SA-05:21/openssl.patch.asc | 7 + .../security/patches/SA-06:01/texindex.patch | 96 + .../patches/SA-06:01/texindex.patch.asc | 7 + .../patches/SA-06:01/texindex5x.patch | 97 + .../patches/SA-06:01/texindex5x.patch.asc | 7 + share/security/patches/SA-06:02/ee.patch | 104 + share/security/patches/SA-06:02/ee.patch.asc | 7 + share/security/patches/SA-06:03/cpio.patch | 499 + .../security/patches/SA-06:03/cpio.patch.asc | 7 + share/security/patches/SA-06:04/ipfw.patch | 16 + .../security/patches/SA-06:04/ipfw.patch.asc | 7 + share/security/patches/SA-06:05/80211.patch | 49 + .../security/patches/SA-06:05/80211.patch.asc | 7 + share/security/patches/SA-06:06/kmem.patch | 31 + .../security/patches/SA-06:06/kmem.patch.asc | 7 + share/security/patches/SA-06:06/kmem60.patch | 47 + .../patches/SA-06:06/kmem60.patch.asc | 7 + share/security/patches/SA-06:07/pf.patch | 16 + share/security/patches/SA-06:07/pf.patch.asc | 7 + share/security/patches/SA-06:08/sack.patch | 24 + .../security/patches/SA-06:08/sack.patch.asc | 7 + share/security/patches/SA-06:09/openssh.patch | 104 + .../patches/SA-06:09/openssh.patch.asc | 7 + share/security/patches/SA-06:10/nfs.patch | 11 + share/security/patches/SA-06:10/nfs.patch.asc | 7 + share/security/patches/SA-06:10/nfs4.patch | 11 + .../security/patches/SA-06:10/nfs4.patch.asc | 7 + share/security/patches/SA-06:11/ipsec.patch | 31 + .../security/patches/SA-06:11/ipsec.patch.asc | 7 + share/security/patches/SA-06:12/opie.patch | 22 + .../security/patches/SA-06:12/opie.patch.asc | 7 + .../security/patches/SA-06:13/sendmail.patch | 2973 + .../patches/SA-06:13/sendmail.patch.asc | 7 + .../patches/SA-06:13/sendmail410.patch | 2936 + .../patches/SA-06:13/sendmail410.patch.asc | 7 + .../patches/SA-06:13/sendmail411.patch | 2972 + .../patches/SA-06:13/sendmail411.patch.asc | 7 + share/security/patches/SA-06:14/fpu.patch | 141 + share/security/patches/SA-06:14/fpu.patch.asc | 7 + share/security/patches/SA-06:14/fpu4x.patch | 70 + .../security/patches/SA-06:14/fpu4x.patch.asc | 7 + share/security/patches/SA-06:15/ypserv.patch | 84 + .../patches/SA-06:15/ypserv.patch.asc | 7 + share/security/patches/SA-06:16/smbfs.patch | 27 + .../security/patches/SA-06:16/smbfs.patch.asc | 7 + .../security/patches/SA-06:17/sendmail.patch | 155 + .../patches/SA-06:17/sendmail.patch.asc | 7 + share/security/patches/SA-06:18/ppp.patch | 127 + share/security/patches/SA-06:18/ppp.patch.asc | 7 + share/security/patches/SA-06:18/ppp4x.patch | 127 + .../security/patches/SA-06:18/ppp4x.patch.asc | 7 + share/security/patches/SA-06:18/ppp53.patch | 127 + .../security/patches/SA-06:18/ppp53.patch.asc | 7 + share/security/patches/SA-06:19/openssl.patch | 31 + .../patches/SA-06:19/openssl.patch.asc | 7 + share/security/patches/SA-06:20/bind.patch | 154 + .../security/patches/SA-06:20/bind.patch.asc | 7 + share/security/patches/SA-06:21/gzip.patch | 200 + .../security/patches/SA-06:21/gzip.patch.asc | 7 + .../security/patches/SA-06:22/openssh4x.patch | 256 + .../patches/SA-06:22/openssh4x.patch.asc | 7 + .../security/patches/SA-06:22/openssh5x.patch | 296 + .../patches/SA-06:22/openssh5x.patch.asc | 7 + .../security/patches/SA-06:22/openssh6x.patch | 295 + .../patches/SA-06:22/openssh6x.patch.asc | 7 + .../patches/SA-06:23/openssl-correction.patch | 16 + .../SA-06:23/openssl-correction.patch.asc | 7 + share/security/patches/SA-06:23/openssl.patch | 313 + .../patches/SA-06:23/openssl.patch.asc | 7 + .../patches/SA-06:24/libarchive.patch | 55 + .../patches/SA-06:24/libarchive.patch.asc | 7 + share/security/patches/SA-06:25/kmem.patch | 16 + .../security/patches/SA-06:25/kmem.patch.asc | 7 + share/security/patches/SA-06:26/gtar.patch | 82 + .../security/patches/SA-06:26/gtar.patch.asc | 7 + .../patches/SA-07:01/jail5-correction.patch | 16 + .../SA-07:01/jail5-correction.patch.asc | 7 + share/security/patches/SA-07:01/jail5.patch | 211 + .../security/patches/SA-07:01/jail5.patch.asc | 7 + share/security/patches/SA-07:01/jail60.patch | 214 + .../patches/SA-07:01/jail60.patch.asc | 7 + share/security/patches/SA-07:01/jail61.patch | 214 + .../patches/SA-07:01/jail61.patch.asc | 7 + share/security/patches/SA-07:02/bind61.patch | 257 + .../patches/SA-07:02/bind61.patch.asc | 7 + share/security/patches/SA-07:02/bind62.patch | 257 + .../patches/SA-07:02/bind62.patch.asc | 7 + share/security/patches/SA-07:03/ipv6.patch | 66 + .../security/patches/SA-07:03/ipv6.patch.asc | 7 + share/security/patches/SA-07:04/file5.patch | 125 + .../security/patches/SA-07:04/file5.patch.asc | 7 + share/security/patches/SA-07:04/file6.patch | 132 + .../security/patches/SA-07:04/file6.patch.asc | 7 + .../patches/SA-07:05/libarchive.patch | 231 + .../patches/SA-07:05/libarchive.patch.asc | 7 + share/security/patches/SA-07:06/tcpdump.patch | 89 + .../patches/SA-07:06/tcpdump.patch.asc | 7 + share/security/patches/SA-07:07/bind.patch | 670 + .../security/patches/SA-07:07/bind.patch.asc | 7 + share/security/patches/SA-07:08/openssl.patch | 47 + .../patches/SA-07:08/openssl.patch.asc | 7 + share/security/patches/SA-07:09/random.patch | 15 + .../patches/SA-07:09/random.patch.asc | 7 + share/security/patches/SA-07:10/gtar.patch | 21 + .../security/patches/SA-07:10/gtar.patch.asc | 7 + share/security/patches/SA-08:01/pty5.patch | 17 + .../security/patches/SA-08:01/pty5.patch.asc | 7 + .../patches/SA-08:01/pty5stable.patch | 105 + .../patches/SA-08:01/pty5stable.patch.asc | 7 + share/security/patches/SA-08:01/pty6.patch | 93 + .../security/patches/SA-08:01/pty6.patch.asc | 7 + .../patches/SA-08:01/pty6stable.patch | 181 + .../patches/SA-08:01/pty6stable.patch.asc | 7 + share/security/patches/SA-08:01/pty7.patch | 127 + .../security/patches/SA-08:01/pty7.patch.asc | 7 + .../patches/SA-08:01/pty7stable.patch | 223 + .../patches/SA-08:01/pty7stable.patch.asc | 7 + share/security/patches/SA-08:01/pty8.patch | 205 + .../security/patches/SA-08:01/pty8.patch.asc | 7 + share/security/patches/SA-08:02/libc.patch | 19 + .../security/patches/SA-08:02/libc.patch.asc | 7 + .../security/patches/SA-08:03/sendfile.patch | 61 + .../patches/SA-08:03/sendfile.patch.asc | 7 + .../patches/SA-08:03/sendfile55.patch | 16 + .../patches/SA-08:03/sendfile55.patch.asc | 7 + .../patches/SA-08:03/sendfile61.patch | 42 + .../patches/SA-08:03/sendfile61.patch.asc | 7 + share/security/patches/SA-08:04/ipsec.patch | 16 + .../security/patches/SA-08:04/ipsec.patch.asc | 7 + share/security/patches/SA-08:05/openssh.patch | 17 + .../patches/SA-08:05/openssh.patch.asc | 7 + share/security/patches/SA-08:06/bind63.patch | 1220 + .../patches/SA-08:06/bind63.patch.asc | 7 + share/security/patches/SA-08:06/bind7.patch | 1208 + .../security/patches/SA-08:06/bind7.patch.asc | 7 + share/security/patches/SA-08:07/amd64.patch | 25 + .../security/patches/SA-08:07/amd64.patch.asc | 7 + share/security/patches/SA-08:08/nmount.patch | 17 + .../patches/SA-08:08/nmount.patch.asc | 7 + share/security/patches/SA-08:09/icmp6.patch | 23 + .../security/patches/SA-08:09/icmp6.patch.asc | 7 + share/security/patches/SA-08:10/nd6-6.patch | 86 + .../security/patches/SA-08:10/nd6-6.patch.asc | 7 + share/security/patches/SA-08:10/nd6-7.patch | 87 + .../security/patches/SA-08:10/nd6-7.patch.asc | 7 + .../patches/SA-08:11/arc4random.patch | 81 + .../patches/SA-08:11/arc4random.patch.asc | 7 + .../patches/SA-08:11/arc4random6x.patch | 81 + .../patches/SA-08:11/arc4random6x.patch.asc | 7 + share/security/patches/SA-08:12/ftpd.patch | 113 + .../security/patches/SA-08:12/ftpd.patch.asc | 7 + share/security/patches/SA-08:13/protosw.patch | 23 + .../patches/SA-08:13/protosw.patch.asc | 7 + .../security/patches/SA-08:13/protosw6x.patch | 23 + .../patches/SA-08:13/protosw6x.patch.asc | 7 + .../security/patches/SA-09:01/lukemftpd.patch | 135 + .../patches/SA-09:01/lukemftpd.patch.asc | 7 + share/security/patches/SA-09:02/openssl.patch | 149 + .../patches/SA-09:02/openssl.patch.asc | 7 + .../security/patches/SA-09:02/openssl6.patch | 127 + .../patches/SA-09:02/openssl6.patch.asc | 7 + share/security/patches/SA-09:03/ntpd.patch | 13 + .../security/patches/SA-09:03/ntpd.patch.asc | 7 + share/security/patches/SA-09:03/ntpd63.patch | 13 + .../patches/SA-09:03/ntpd63.patch.asc | 7 + share/security/patches/SA-09:04/bind.patch | 26 + .../security/patches/SA-09:04/bind.patch.asc | 7 + share/security/patches/SA-09:05/telnetd.patch | 43 + .../patches/SA-09:05/telnetd.patch.asc | 7 + share/security/patches/SA-09:06/ktimer.patch | 14 + .../patches/SA-09:06/ktimer.patch.asc | 7 + share/security/patches/SA-09:07/libc.patch | 65 + .../security/patches/SA-09:07/libc.patch.asc | 7 + share/security/patches/SA-09:08/openssl.patch | 63 + .../patches/SA-09:08/openssl.patch.asc | 7 + .../security/patches/SA-09:08/openssl6.patch | 63 + .../patches/SA-09:08/openssl6.patch.asc | 7 + share/security/patches/SA-09:09/pipe.patch | 16 + .../security/patches/SA-09:09/pipe.patch.asc | 7 + share/security/patches/SA-09:10/ipv6-6.patch | 21 + .../patches/SA-09:10/ipv6-6.patch.asc | 7 + share/security/patches/SA-09:10/ipv6.patch | 23 + .../security/patches/SA-09:10/ipv6.patch.asc | 7 + share/security/patches/SA-09:11/ntpd.patch | 155 + .../security/patches/SA-09:11/ntpd.patch.asc | 7 + share/security/patches/SA-09:11/ntpd63.patch | 153 + .../patches/SA-09:11/ntpd63.patch.asc | 7 + share/security/patches/SA-09:12/bind.patch | 17 + .../security/patches/SA-09:12/bind.patch.asc | 7 + share/security/patches/SA-09:13/pipe.patch | 355 + .../security/patches/SA-09:13/pipe.patch.asc | 7 + share/security/patches/SA-09:14/devfs6.patch | 17 + .../patches/SA-09:14/devfs6.patch.asc | 7 + share/security/patches/SA-09:14/devfs7.patch | 13 + .../patches/SA-09:14/devfs7.patch.asc | 7 + share/security/patches/SA-09:15/ssl.patch | 57 + share/security/patches/SA-09:15/ssl.patch.asc | 7 + share/security/patches/SA-09:16/rtld.patch | 23 + .../security/patches/SA-09:16/rtld.patch.asc | 7 + share/security/patches/SA-09:16/rtld7.patch | 22 + .../security/patches/SA-09:16/rtld7.patch.asc | 7 + .../patches/SA-09:17/freebsd-update.patch | 25 + .../patches/SA-09:17/freebsd-update.patch.asc | 7 + share/security/patches/SA-10:01/bind9-6.patch | 317 + .../patches/SA-10:01/bind9-6.patch.asc | 7 + .../security/patches/SA-10:01/bind9-63.patch | 308 + .../patches/SA-10:01/bind9-63.patch.asc | 7 + .../security/patches/SA-10:01/bind9-64.patch | 317 + .../patches/SA-10:01/bind9-64.patch.asc | 7 + .../security/patches/SA-10:01/bind9-71.patch | 336 + .../patches/SA-10:01/bind9-71.patch.asc | 7 + .../security/patches/SA-10:01/bind9-72.patch | 336 + .../patches/SA-10:01/bind9-72.patch.asc | 7 + .../security/patches/SA-10:01/bind9-80.patch | 327 + .../patches/SA-10:01/bind9-80.patch.asc | 7 + share/security/patches/SA-10:02/ntpd.patch | 29 + .../security/patches/SA-10:02/ntpd.patch.asc | 7 + share/security/patches/SA-10:03/zfs.patch | 23 + share/security/patches/SA-10:03/zfs.patch.asc | 7 + share/security/patches/SA-10:03/zfs712.patch | 23 + .../patches/SA-10:03/zfs712.patch.asc | 7 + share/security/patches/SA-10:04/jail.patch | 15 + .../security/patches/SA-10:04/jail.patch.asc | 7 + share/security/patches/SA-10:05/opie.patch | 16 + .../security/patches/SA-10:05/opie.patch.asc | 7 + .../security/patches/SA-10:06/nfsclient.patch | 40 + .../patches/SA-10:06/nfsclient.patch.asc | 7 + share/security/patches/SA-10:07/mbuf.patch | 12 + .../security/patches/SA-10:07/mbuf.patch.asc | 7 + share/security/patches/SA-10:08/bzip2.patch | 18 + .../security/patches/SA-10:08/bzip2.patch.asc | 7 + .../security/patches/SA-10:09/pseudofs.patch | 12 + .../patches/SA-10:09/pseudofs.patch.asc | 7 + share/security/patches/SA-10:10/openssl.patch | 53 + .../patches/SA-10:10/openssl.patch.asc | 7 + .../security/patches/SA-10:10/openssl7.patch | 12 + .../patches/SA-10:10/openssl7.patch.asc | 7 + share/security/patches/SA-11:01/mountd.patch | 13 + .../patches/SA-11:01/mountd.patch.asc | 7 + share/security/patches/SA-11:02/bind.patch | 13 + .../security/patches/SA-11:02/bind.patch.asc | 7 + share/security/patches/SA-11:03/bind.patch | 13 + .../security/patches/SA-11:03/bind.patch.asc | 7 + .../security/patches/SA-11:04/compress.patch | 126 + .../patches/SA-11:04/compress.patch.asc | 7 + .../patches/SA-11:05/unix-linux.patch | 33 + .../patches/SA-11:05/unix-linux.patch.asc | 7 + share/security/patches/SA-11:05/unix.patch | 22 + .../security/patches/SA-11:05/unix.patch.asc | 7 + share/security/patches/SA-11:05/unix2.patch | 55 + .../security/patches/SA-11:05/unix2.patch.asc | 7 + share/security/patches/SA-11:06/bind7.patch | 83 + .../security/patches/SA-11:06/bind7.patch.asc | 7 + share/security/patches/SA-11:06/bind8.patch | 83 + .../security/patches/SA-11:06/bind8.patch.asc | 7 + share/security/patches/SA-11:07/chroot7.patch | 194 + .../patches/SA-11:07/chroot7.patch.asc | 7 + share/security/patches/SA-11:07/chroot8.patch | 196 + .../patches/SA-11:07/chroot8.patch.asc | 7 + share/security/patches/SA-11:08/telnetd.patch | 28 + .../patches/SA-11:08/telnetd.patch.asc | 7 + share/security/patches/SA-11:09/pam_ssh.patch | 64 + .../patches/SA-11:09/pam_ssh.patch.asc | 7 + share/security/patches/SA-11:10/pam.patch | 18 + share/security/patches/SA-11:10/pam.patch.asc | 7 + .../patches/SA-12:01/openssl-sgc-fix.patch | 46 + .../SA-12:01/openssl-sgc-fix.patch.asc | 7 + share/security/patches/SA-12:01/openssl.patch | 503 + .../patches/SA-12:01/openssl.patch.asc | 7 + .../security/patches/SA-12:01/openssl2.patch | 502 + .../patches/SA-12:01/openssl2.patch.asc | 7 + share/security/patches/SA-12:02/crypt.patch | 13 + .../security/patches/SA-12:02/crypt.patch.asc | 7 + share/security/patches/SA-12:03/bind-90.patch | 69 + .../patches/SA-12:03/bind-90.patch.asc | 7 + share/security/patches/SA-12:03/bind.patch | 58 + .../security/patches/SA-12:03/bind.patch.asc | 7 + .../SA-12:04/sysret-81-correction.patch | 48 + .../SA-12:04/sysret-81-correction.patch.asc | 8 + .../security/patches/SA-12:04/sysret-81.patch | 24 + .../patches/SA-12:04/sysret-81.patch.asc | 8 + share/security/patches/SA-12:04/sysret.patch | 26 + .../patches/SA-12:04/sysret.patch.asc | 7 + share/security/patches/SA-12:05/bind.patch | 23 + .../security/patches/SA-12:05/bind.patch.asc | 7 + 1185 files changed, 317546 insertions(+) create mode 100644 share/security/advisories/CERT-CA-98-13-tcp-denial-of-service.asc create mode 100644 share/security/advisories/FreeBSD-EN-04:01.twe.asc create mode 100644 share/security/advisories/FreeBSD-EN-05:01.nfs.asc create mode 100644 share/security/advisories/FreeBSD-EN-05:02.sk.asc create mode 100644 share/security/advisories/FreeBSD-EN-05:03.ipi.asc create mode 100644 share/security/advisories/FreeBSD-EN-05:04.nfs.asc create mode 100644 share/security/advisories/FreeBSD-EN-06:01.jail.asc create mode 100644 share/security/advisories/FreeBSD-EN-06:02.net.asc create mode 100644 share/security/advisories/FreeBSD-EN-07:01.nfs.asc create mode 100644 share/security/advisories/FreeBSD-EN-07:02.net.asc create mode 100644 share/security/advisories/FreeBSD-EN-07:03.rc.d_jail.asc create mode 100644 share/security/advisories/FreeBSD-EN-07:04.zoneinfo.asc create mode 100644 share/security/advisories/FreeBSD-EN-07:05.freebsd-update.asc create mode 100644 share/security/advisories/FreeBSD-EN-08:01.libpthread.asc create mode 100644 share/security/advisories/FreeBSD-EN-08:02.tcp.asc create mode 100644 share/security/advisories/FreeBSD-EN-09:01.kenv.asc create mode 100644 share/security/advisories/FreeBSD-EN-09:02.bce.asc create mode 100644 share/security/advisories/FreeBSD-EN-09:03.fxp.asc create mode 100644 share/security/advisories/FreeBSD-EN-09:04.fork.asc create mode 100644 share/security/advisories/FreeBSD-EN-09:05.null.asc create mode 100644 share/security/advisories/FreeBSD-EN-10:01.freebsd.asc create mode 100644 share/security/advisories/FreeBSD-EN-10:02.sched_ule.asc create mode 100644 share/security/advisories/FreeBSD-EN-12:01.freebsd-update.asc create mode 100644 share/security/advisories/FreeBSD-EN-12:02.ipv6refcount.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:01.make.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:02.procfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:03.asmon.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:04.delegate.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:05.mysql.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:06.htdig.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:07.mh.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:08.lynx.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:09.mtr.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:10.orville-write.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:11.ircii.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:12.healthd.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:13.generic-nqs.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:14.imap-uw.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:15.imap-uw.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:16.golddig.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:17.libmytinfo.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:18.gnapster.knapster.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:19.semconfig.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:20.krb5.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:21.ssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:22.apsfilter.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:23.ip-options.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:24.libedit.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:25.alpha-random.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:26.popper.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:27.XFree86-4.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:28.majordomo.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:29.wu-ftpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:30.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:31.canna.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:32.bitchx.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:33.kerberosIV.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:34.dhclient.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:35.proftpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:36.ntop.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:37.cvsweb.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:38.zope.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:39.netscape.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:40.mopd.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:41.elf.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:42.linux.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:43.brouted.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:44.xlock.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:45.esound.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:46.screen.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:47.pine.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:48.xchat.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:49.eject.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:50.listmanager.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:51.mailman.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:52.tcp-iss.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:53.catopen.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:54.fingerd.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:55.xpdf.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:56.lprng.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:57.muh.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:58.chpass.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:59.pine.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:60.boa.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:61.tcpdump.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:62.top.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:63.getnameinfo.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:64.global.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:65.xfce.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:66.netscape.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:67.gnupg.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:68.ncurses.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:69.telnetd.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:70.ppp-nat.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:71.mgetty.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:72.curl.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:73.thttpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:74.gaim.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:75.php.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:76.tcsh-csh.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:77.procfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:78.bitchx.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:79.oops.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc create mode 100644 share/security/advisories/FreeBSD-SA-00:81.ethereal.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:01.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:02.syslog-ng.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:03.bash1.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:04.joe.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:05.stunnel.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:06.zope.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:07.xfree86.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:08.ipfw.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:09.crontab.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:10.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:11.inetd.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:12.periodic.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:13.sort.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:14.micq.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:15.tinyproxy.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:16.mysql.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:17.exmh.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:18.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:19.ja-klock.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:20.mars_nwe.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:21.ja-elvis.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:22.dc20ctrl.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:23.icecast.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:24.ssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:25.kerberosIV.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:26.interbase.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:27.cfengine.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:28.timed.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:29.rwhod.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:30.ufs-ext2fs.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:31.ntpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:32.ipfilter.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:33.ftpd-glob.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:34.hylafax.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:35.licq.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:36.samba.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:37.slrn.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:38.sudo.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:39.tcp-isn.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:40.fts.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:41.hanterm.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:42.signal.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:43.fetchmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:44.gnupg.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:45.samba.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:46.w3m.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:47.xinetd.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:48.tcpdump.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:49.telnetd.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:50.windowmaker.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:51.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:52.fragment.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:53.ipfw.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:54.ports-telnetd.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:55.procfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:57.sendmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:58.lpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:59.rmuser.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:60.procmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:61.squid.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:62.uucp.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:63.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:64.wu-ftpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:65.libgtop.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:66.thttpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:67.htdig.asc create mode 100644 share/security/advisories/FreeBSD-SA-01:68.xsane.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:02.pw.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:04.mutt.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:05.pine.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:06.sudo.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:07.k5su.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:08.exec.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:09.fstatfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:10.rsync.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:11.snmp.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:12.squid.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:13.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:14.pam-pgsql.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:16.netscape.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:17.mod_frontpage.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:18.zlib.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:19.squid.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:20.syncache.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:21.tcpip.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:22.mmap.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:23.stdio.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:24.k5su.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:25.bzip2.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:26.accept.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:27.rc.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:28.resolv.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:29.tcpdump.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:30.ktrace.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:31.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:32.pppd.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:33.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:34.rpc.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:35.ffs.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:36.nfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:37.kqueue.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:38.signed-error.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:39.libkvm.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:40.kadmind.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:41.smrsh.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:42.resolv.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:43.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-02:44.filedesc.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:01.cvs.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:02.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:03.syncookies.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:04.sendmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:05.xdr.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:06.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:07.sendmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:08.realpath.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:09.signal.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:10.ibcs2.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:11.sendmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:12.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:13.sendmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:14.arp.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:15.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:16.filedesc.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:17.procfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:18.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-03:19.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:02.shmat.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:03.jail.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:04.tcp.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:05.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:06.ipv6.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:07.cvs.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:08.heimdal.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:09.kadmind.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:10.cvs.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:11.msync.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:12.jailroute.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:13.linux.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:14.cvs.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:15.syscons.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:16.fetch.asc create mode 100644 share/security/advisories/FreeBSD-SA-04:17.procfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:01.telnet.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:02.sendfile.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:03.amd64.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:04.ifconf.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:05.cvs.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:06.iir.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:07.ldt.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:08.kmem.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:09.htt.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:10.tcpdump.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:11.gzip.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:12.bind9.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:13.ipfw.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:14.bzip2.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:15.tcp.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:16.zlib.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:17.devfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:18.zlib.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:19.ipsec.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:20.cvsbug.asc create mode 100644 share/security/advisories/FreeBSD-SA-05:21.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:01.texindex.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:02.ee.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:03.cpio.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:04.ipfw.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:05.80211.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:06.kmem.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:07.pf.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:08.sack.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:09.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:10.nfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:11.ipsec.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:12.opie.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:13.sendmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:14-amd.txt create mode 100644 share/security/advisories/FreeBSD-SA-06:14.fpu.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:15.ypserv.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:16.smbfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:17.sendmail.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:18.ppp.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:19.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:20.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:21.gzip.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:22.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:23.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:24.libarchive.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:25.kmem.asc create mode 100644 share/security/advisories/FreeBSD-SA-06:26.gtar.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:01.jail.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:02.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:03.ipv6.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:04.file.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:05.libarchive.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:07.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:08.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:09.random.asc create mode 100644 share/security/advisories/FreeBSD-SA-07:10.gtar.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:01.pty.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:02.libc.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:03.sendfile.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:04.ipsec.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:05.openssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:06.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:07.amd64.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:08.nmount.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:09.icmp6.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:10.nd6.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:11.arc4random.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:12.ftpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-08:13.protosw.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:01.lukemftpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:02.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:03.ntpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:04.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:05.telnetd.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:06.ktimer.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:07.libc.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:08.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:09.pipe.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:10.ipv6.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:11.ntpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:12.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:13.pipe.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:14.devfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:15.ssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:16.rtld.asc create mode 100644 share/security/advisories/FreeBSD-SA-09:17.freebsd-update.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:01.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:02.ntpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:03.zfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:04.jail.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:05.opie.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:06.nfsclient.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:07.mbuf.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:08.bzip2.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:09.pseudofs.asc create mode 100644 share/security/advisories/FreeBSD-SA-10:10.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:01.mountd.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:02.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:03.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:04.compress.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:05.unix.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:06.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:07.chroot.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:08.telnetd.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:09.pam_ssh.asc create mode 100644 share/security/advisories/FreeBSD-SA-11:10.pam.asc create mode 100644 share/security/advisories/FreeBSD-SA-12:01.openssl.asc create mode 100644 share/security/advisories/FreeBSD-SA-12:02.crypt.asc create mode 100644 share/security/advisories/FreeBSD-SA-12:03.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-12:04.sysret.asc create mode 100644 share/security/advisories/FreeBSD-SA-12:05.bind.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:01.sliplogin.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:02.apache.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:03.sendmail-suggestion.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:08.syslog.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:09.vfsload.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:10.mount_union.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:11.man.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:12.perl.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:13.comsat.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:14.ipfw.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:15.ppp.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:16.rdist.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:17.rzsz.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:18.lpr.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:19.modstat.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:20.stack-overflow.asc create mode 100644 share/security/advisories/FreeBSD-SA-96:21.talkd.asc create mode 100644 share/security/advisories/FreeBSD-SA-97:01.setlocale.asc create mode 100644 share/security/advisories/FreeBSD-SA-97:02.lpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-97:03.sysinstall.asc create mode 100644 share/security/advisories/FreeBSD-SA-97:04.procfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-97:05.open.asc create mode 100644 share/security/advisories/FreeBSD-SA-97:06.f00f.asc create mode 100644 share/security/advisories/FreeBSD-SA-98:01.land.asc create mode 100644 share/security/advisories/FreeBSD-SA-98:02.mmap.asc create mode 100644 share/security/advisories/FreeBSD-SA-98:03.ttcp.asc create mode 100644 share/security/advisories/FreeBSD-SA-98:04.mmap.asc create mode 100644 share/security/advisories/FreeBSD-SA-98:05.nfs.asc create mode 100644 share/security/advisories/FreeBSD-SA-98:06.icmp.asc create mode 100644 share/security/advisories/FreeBSD-SA-98:07.rst.asc create mode 100644 share/security/advisories/FreeBSD-SA-98:08.fragment.asc create mode 100644 share/security/advisories/FreeBSD-SA-99:01.chflags.asc create mode 100644 share/security/advisories/FreeBSD-SA-99:02.profil.asc create mode 100644 share/security/advisories/FreeBSD-SA-99:03.ftpd.asc create mode 100644 share/security/advisories/FreeBSD-SA-99:04.core.asc create mode 100644 share/security/advisories/FreeBSD-SA-99:05.fts.asc create mode 100644 share/security/advisories/FreeBSD-SA-99:06.amd.asc create mode 100644 share/security/advisories/FreeBSD-SN-02:01.asc create mode 100644 share/security/advisories/FreeBSD-SN-02:02.asc create mode 100644 share/security/advisories/FreeBSD-SN-02:03.asc create mode 100644 share/security/advisories/FreeBSD-SN-02:04.asc create mode 100644 share/security/advisories/FreeBSD-SN-02:05.asc create mode 100644 share/security/advisories/FreeBSD-SN-02:06.asc create mode 100644 share/security/advisories/FreeBSD-SN-03:01.asc create mode 100644 share/security/advisories/FreeBSD-SN-03:02.asc create mode 100644 share/security/patches/EN-04:01/twe.patch create mode 100644 share/security/patches/EN-04:01/twe.patch.asc create mode 100644 share/security/patches/EN-06:02/net.patch create mode 100644 share/security/patches/EN-06:02/net.patch.asc create mode 100644 share/security/patches/EN-07:01/nfs60.patch create mode 100644 share/security/patches/EN-07:01/nfs60.patch.asc create mode 100644 share/security/patches/EN-07:01/nfs61.patch create mode 100644 share/security/patches/EN-07:01/nfs61.patch.asc create mode 100644 share/security/patches/EN-07:02/net.patch create mode 100644 share/security/patches/EN-07:02/net.patch.asc create mode 100644 share/security/patches/EN-07:03/rc.d_jail.patch create mode 100644 share/security/patches/EN-07:03/rc.d_jail.patch.asc create mode 100644 share/security/patches/EN-07:04/zoneinfo.patch create mode 100644 share/security/patches/EN-07:04/zoneinfo.patch.asc create mode 100644 share/security/patches/EN-07:05/freebsd-update.patch create mode 100644 share/security/patches/EN-07:05/freebsd-update.patch.asc create mode 100644 share/security/patches/EN-08:01/libpthread.patch create mode 100644 share/security/patches/EN-08:01/libpthread.patch.asc create mode 100644 share/security/patches/EN-08:02/tcp.patch create mode 100644 share/security/patches/EN-08:02/tcp.patch.asc create mode 100644 share/security/patches/EN-09:01/kenv.patch create mode 100644 share/security/patches/EN-09:01/kenv.patch.asc create mode 100644 share/security/patches/EN-09:02/bce.patch create mode 100644 share/security/patches/EN-09:02/bce.patch.asc create mode 100644 share/security/patches/EN-09:03/fxp.patch create mode 100644 share/security/patches/EN-09:03/fxp.patch.asc create mode 100644 share/security/patches/EN-09:04/fork.patch create mode 100644 share/security/patches/EN-09:04/fork.patch.asc create mode 100644 share/security/patches/EN-09:05/null.patch create mode 100644 share/security/patches/EN-09:05/null.patch.asc create mode 100644 share/security/patches/EN-09:05/null6.patch create mode 100644 share/security/patches/EN-09:05/null6.patch.asc create mode 100644 share/security/patches/EN-10:01/mcinit.patch create mode 100644 share/security/patches/EN-10:01/mcinit.patch.asc create mode 100644 share/security/patches/EN-10:01/multicast.patch create mode 100644 share/security/patches/EN-10:01/multicast.patch.asc create mode 100644 share/security/patches/EN-10:01/nfsreconnect.patch create mode 100644 share/security/patches/EN-10:01/nfsreconnect.patch.asc create mode 100644 share/security/patches/EN-10:01/rename.patch create mode 100644 share/security/patches/EN-10:01/rename.patch.asc create mode 100644 share/security/patches/EN-10:01/sctp.patch create mode 100644 share/security/patches/EN-10:01/sctp.patch.asc create mode 100644 share/security/patches/EN-10:01/zfsmac.patch create mode 100644 share/security/patches/EN-10:01/zfsmac.patch.asc create mode 100644 share/security/patches/EN-10:01/zfsvaccess.patch create mode 100644 share/security/patches/EN-10:01/zfsvaccess.patch.asc create mode 100644 share/security/patches/EN-10:02/sched_ule.patch create mode 100644 share/security/patches/EN-10:02/sched_ule.patch.asc create mode 100644 share/security/patches/EN-12:01/freebsd-update.patch create mode 100644 share/security/patches/EN-12:01/freebsd-update.patch.asc create mode 100644 share/security/patches/EN-12:02/ipv6refcount-83.patch create mode 100644 share/security/patches/EN-12:02/ipv6refcount-83.patch.asc create mode 100644 share/security/patches/EN-12:02/ipv6refcount.patch create mode 100644 share/security/patches/EN-12:02/ipv6refcount.patch.asc create mode 100644 share/security/patches/SA-00:01/make.patch create mode 100644 share/security/patches/SA-00:01/make.patch.asc create mode 100644 share/security/patches/SA-00:02/procfs.patch create mode 100644 share/security/patches/SA-00:02/procfs.patch.asc create mode 100644 share/security/patches/SA-00:17/libmytinfo.patch create mode 100644 share/security/patches/SA-00:17/libmytinfo.patch.asc create mode 100644 share/security/patches/SA-00:19/semconfig.patch create mode 100644 share/security/patches/SA-00:19/semconfig.patch.asc create mode 100644 share/security/patches/SA-00:23/ip-options.diff create mode 100644 share/security/patches/SA-00:23/ip-options.diff.asc create mode 100644 share/security/patches/SA-00:24/libedit.patch create mode 100644 share/security/patches/SA-00:24/libedit.patch.asc create mode 100644 share/security/patches/SA-00:25/kernel.gz create mode 100644 share/security/patches/SA-00:25/kernel.gz.asc create mode 100644 share/security/patches/SA-00:25/kernel.sys.diff create mode 100644 share/security/patches/SA-00:25/kernel.sys.diff.asc create mode 100644 share/security/patches/SA-00:30/sshd.patch create mode 100644 share/security/patches/SA-00:30/sshd.patch.asc create mode 100644 share/security/patches/SA-00:41/elf.patch create mode 100644 share/security/patches/SA-00:41/elf.patch.asc create mode 100644 share/security/patches/SA-00:42/linux.patch create mode 100644 share/security/patches/SA-00:42/linux.patch.asc create mode 100644 share/security/patches/SA-00:52/tcp-iss-3.x.patch create mode 100644 share/security/patches/SA-00:52/tcp-iss-3.x.patch.asc create mode 100644 share/security/patches/SA-00:52/tcp-iss.patch create mode 100644 share/security/patches/SA-00:52/tcp-iss.patch.asc create mode 100644 share/security/patches/SA-00:54/fingerd.patch create mode 100644 share/security/patches/SA-00:54/fingerd.patch.asc create mode 100644 share/security/patches/SA-00:58/vipw.patch create mode 100644 share/security/patches/SA-00:58/vipw.patch.asc create mode 100644 share/security/patches/SA-00:61/tcpdump-3.x.patch create mode 100644 share/security/patches/SA-00:61/tcpdump-3.x.patch.asc create mode 100644 share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1 create mode 100644 share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc create mode 100644 share/security/patches/SA-00:62/top.patch.v1.1 create mode 100644 share/security/patches/SA-00:62/top.patch.v1.1.asc create mode 100644 share/security/patches/SA-00:63/getnameinfo.patch create mode 100644 share/security/patches/SA-00:63/getnameinfo.patch.asc create mode 100644 share/security/patches/SA-00:68/ncurses.tar.gz create mode 100644 share/security/patches/SA-00:68/ncurses.tar.gz.asc create mode 100644 share/security/patches/SA-00:69/telnetd.patch.v1.1 create mode 100644 share/security/patches/SA-00:69/telnetd.patch.v1.1.asc create mode 100644 share/security/patches/SA-00:70/ppp.patch create mode 100644 share/security/patches/SA-00:70/ppp.patch.asc create mode 100644 share/security/patches/SA-00:76/csh.patch create mode 100644 share/security/patches/SA-00:76/csh.patch.asc create mode 100644 share/security/patches/SA-00:76/tcsh.patch create mode 100644 share/security/patches/SA-00:76/tcsh.patch.asc create mode 100644 share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1 create mode 100644 share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1.asc create mode 100644 share/security/patches/SA-00:77/procfs.4.1.patch create mode 100644 share/security/patches/SA-00:77/procfs.4.1.patch.asc create mode 100644 share/security/patches/SA-00:77/procfs.4.2.patch create mode 100644 share/security/patches/SA-00:77/procfs.4.2.patch.asc create mode 100644 share/security/patches/SA-01:01/openssh.patch create mode 100644 share/security/patches/SA-01:01/openssh.patch.asc create mode 100644 share/security/patches/SA-01:08/ipfw-3.x.patch create mode 100644 share/security/patches/SA-01:08/ipfw-3.x.patch.asc create mode 100644 share/security/patches/SA-01:08/ipfw-4.2-regression.patch create mode 100644 share/security/patches/SA-01:08/ipfw-4.2-regression.patch.asc create mode 100644 share/security/patches/SA-01:08/ipfw-4.x.patch create mode 100644 share/security/patches/SA-01:08/ipfw-4.x.patch.asc create mode 100644 share/security/patches/SA-01:09/crontab-4.x.patch create mode 100644 share/security/patches/SA-01:09/crontab-4.x.patch.asc create mode 100644 share/security/patches/SA-01:11/inetd-3.5.1.patch create mode 100644 share/security/patches/SA-01:11/inetd-3.5.1.patch.asc create mode 100644 share/security/patches/SA-01:11/inetd-4.2.patch create mode 100644 share/security/patches/SA-01:11/inetd-4.2.patch.asc create mode 100644 share/security/patches/SA-01:12/periodic.patch create mode 100644 share/security/patches/SA-01:12/periodic.patch.asc create mode 100644 share/security/patches/SA-01:13/sort-3.5.1.patch create mode 100644 share/security/patches/SA-01:13/sort-3.5.1.patch.asc create mode 100644 share/security/patches/SA-01:13/sort-4.1.1.patch create mode 100644 share/security/patches/SA-01:13/sort-4.1.1.patch.asc create mode 100644 share/security/patches/SA-01:24/sshd-4.2-release.patch create mode 100644 share/security/patches/SA-01:24/sshd-4.2-release.patch.asc create mode 100644 share/security/patches/SA-01:24/sshd-4.2-stable.patch create mode 100644 share/security/patches/SA-01:24/sshd-4.2-stable.patch.asc create mode 100644 share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch create mode 100644 share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc create mode 100644 share/security/patches/SA-01:25/telnetd-krb.4.2.patch create mode 100644 share/security/patches/SA-01:25/telnetd-krb.4.2.patch.asc create mode 100644 share/security/patches/SA-01:28/timed.patch create mode 100644 share/security/patches/SA-01:28/timed.patch.asc create mode 100644 share/security/patches/SA-01:29/rwhod.patch create mode 100644 share/security/patches/SA-01:29/rwhod.patch.asc create mode 100644 share/security/patches/SA-01:30/fs.patch create mode 100644 share/security/patches/SA-01:30/fs.patch.asc create mode 100644 share/security/patches/SA-01:31/ntpd-3.x.patch create mode 100644 share/security/patches/SA-01:31/ntpd-3.x.patch.asc create mode 100644 share/security/patches/SA-01:31/ntpd-4.x.patch create mode 100644 share/security/patches/SA-01:31/ntpd-4.x.patch.asc create mode 100644 share/security/patches/SA-01:32/ipfilter.patch create mode 100644 share/security/patches/SA-01:32/ipfilter.patch.asc create mode 100644 share/security/patches/SA-01:33/glob.3.x.patch create mode 100644 share/security/patches/SA-01:33/glob.3.x.patch.asc create mode 100644 share/security/patches/SA-01:33/glob.4.x.patch create mode 100644 share/security/patches/SA-01:33/glob.4.x.patch.asc create mode 100644 share/security/patches/SA-01:40/fts.patch create mode 100644 share/security/patches/SA-01:40/fts.patch.asc create mode 100644 share/security/patches/SA-01:42/signal-4.3.patch create mode 100644 share/security/patches/SA-01:42/signal-4.3.patch.asc create mode 100644 share/security/patches/SA-01:48/tcpdump-4.x.patch create mode 100644 share/security/patches/SA-01:48/tcpdump-4.x.patch.asc create mode 100644 share/security/patches/SA-01:49/telnetd-crypto.patch create mode 100644 share/security/patches/SA-01:49/telnetd-crypto.patch.asc create mode 100644 share/security/patches/SA-01:49/telnetd.patch create mode 100644 share/security/patches/SA-01:49/telnetd.patch.asc create mode 100644 share/security/patches/SA-01:51/openssl.patch create mode 100644 share/security/patches/SA-01:51/openssl.patch.asc create mode 100644 share/security/patches/SA-01:52/frag-3.x.patch create mode 100644 share/security/patches/SA-01:52/frag-3.x.patch.asc create mode 100644 share/security/patches/SA-01:52/frag-4.x.patch create mode 100644 share/security/patches/SA-01:52/frag-4.x.patch.asc create mode 100644 share/security/patches/SA-01:53/ipfw.patch create mode 100644 share/security/patches/SA-01:53/ipfw.patch.asc create mode 100644 share/security/patches/SA-01:55/procfs.patch create mode 100644 share/security/patches/SA-01:55/procfs.patch.asc create mode 100644 share/security/patches/SA-01:56/tcp_wrappers.patch create mode 100644 share/security/patches/SA-01:56/tcp_wrappers.patch.asc create mode 100644 share/security/patches/SA-01:57/sendmail.patch create mode 100644 share/security/patches/SA-01:57/sendmail.patch.asc create mode 100644 share/security/patches/SA-01:58/lpd-3.x-4.2.patch create mode 100644 share/security/patches/SA-01:58/lpd-3.x-4.2.patch.asc create mode 100644 share/security/patches/SA-01:58/lpd-4.3.patch create mode 100644 share/security/patches/SA-01:58/lpd-4.3.patch.asc create mode 100644 share/security/patches/SA-01:59/rmuser.patch.v1.1 create mode 100644 share/security/patches/SA-01:59/rmuser.patch.v1.1.asc create mode 100644 share/security/patches/SA-01:62/uucp.patch create mode 100644 share/security/patches/SA-01:62/uucp.patch.asc create mode 100644 share/security/patches/SA-01:63/sshd.patch create mode 100644 share/security/patches/SA-01:63/sshd.patch.asc create mode 100644 share/security/patches/SA-02:01/pkg_add.patch create mode 100644 share/security/patches/SA-02:01/pkg_add.patch.asc create mode 100644 share/security/patches/SA-02:02/pw.patch create mode 100644 share/security/patches/SA-02:02/pw.patch.asc create mode 100644 share/security/patches/SA-02:07/k5su.patch create mode 100644 share/security/patches/SA-02:07/k5su.patch.asc create mode 100644 share/security/patches/SA-02:08/exec-43R.patch create mode 100644 share/security/patches/SA-02:08/exec-43R.patch.asc create mode 100644 share/security/patches/SA-02:08/exec.patch create mode 100644 share/security/patches/SA-02:08/exec.patch.asc create mode 100644 share/security/patches/SA-02:09/fstatfs.patch create mode 100644 share/security/patches/SA-02:09/fstatfs.patch.asc create mode 100644 share/security/patches/SA-02:13/openssh.patch create mode 100644 share/security/patches/SA-02:13/openssh.patch.asc create mode 100644 share/security/patches/SA-02:18/zlib.patch create mode 100644 share/security/patches/SA-02:18/zlib.patch.asc create mode 100644 share/security/patches/SA-02:18/zlib.v1.1.corrected.patch create mode 100644 share/security/patches/SA-02:18/zlib.v1.1.corrected.patch.asc create mode 100644 share/security/patches/SA-02:18/zlib.v1.1.patch create mode 100644 share/security/patches/SA-02:18/zlib.v1.1.patch.asc create mode 100644 share/security/patches/SA-02:20/syncache.patch create mode 100644 share/security/patches/SA-02:20/syncache.patch.asc create mode 100644 share/security/patches/SA-02:21/tcpip.patch create mode 100644 share/security/patches/SA-02:21/tcpip.patch.asc create mode 100644 share/security/patches/SA-02:22/mmap.patch create mode 100644 share/security/patches/SA-02:22/mmap.patch.asc create mode 100644 share/security/patches/SA-02:23/stdio.patch create mode 100644 share/security/patches/SA-02:23/stdio.patch.asc create mode 100644 share/security/patches/SA-02:23/stdio.patch.v1.2 create mode 100644 share/security/patches/SA-02:23/stdio.patch.v1.2.asc create mode 100644 share/security/patches/SA-02:23/stdio2.patch.v1.2 create mode 100644 share/security/patches/SA-02:23/stdio2.patch.v1.2.asc create mode 100644 share/security/patches/SA-02:25/bzip2.patch create mode 100644 share/security/patches/SA-02:25/bzip2.patch.asc create mode 100644 share/security/patches/SA-02:26/accept.patch create mode 100644 share/security/patches/SA-02:26/accept.patch.asc create mode 100644 share/security/patches/SA-02:27/rc.patch create mode 100644 share/security/patches/SA-02:27/rc.patch.asc create mode 100644 share/security/patches/SA-02:28/resolv.patch create mode 100644 share/security/patches/SA-02:28/resolv.patch.asc create mode 100644 share/security/patches/SA-02:29/tcpdump.patch create mode 100644 share/security/patches/SA-02:29/tcpdump.patch.asc create mode 100644 share/security/patches/SA-02:30/ktrace.patch create mode 100644 share/security/patches/SA-02:30/ktrace.patch.asc create mode 100644 share/security/patches/SA-02:32/pppd.patch create mode 100644 share/security/patches/SA-02:32/pppd.patch.asc create mode 100644 share/security/patches/SA-02:33/openssl.patch create mode 100644 share/security/patches/SA-02:33/openssl.patch.asc create mode 100644 share/security/patches/SA-02:33/openssl2.patch create mode 100644 share/security/patches/SA-02:33/openssl2.patch.asc create mode 100644 share/security/patches/SA-02:34/rpc.patch create mode 100644 share/security/patches/SA-02:34/rpc.patch.asc create mode 100644 share/security/patches/SA-02:35/ffs.patch create mode 100644 share/security/patches/SA-02:35/ffs.patch.asc create mode 100644 share/security/patches/SA-02:36/nfs.patch create mode 100644 share/security/patches/SA-02:36/nfs.patch.asc create mode 100644 share/security/patches/SA-02:37/kqueue.patch create mode 100644 share/security/patches/SA-02:37/kqueue.patch.asc create mode 100644 share/security/patches/SA-02:38/signed-error.patch create mode 100644 share/security/patches/SA-02:38/signed-error.patch.asc create mode 100644 share/security/patches/SA-02:39/libkvm.patch create mode 100644 share/security/patches/SA-02:39/libkvm.patch.asc create mode 100644 share/security/patches/SA-02:40/kadmind.patch create mode 100644 share/security/patches/SA-02:40/kadmind.patch.asc create mode 100644 share/security/patches/SA-02:41/smrsh.patch create mode 100644 share/security/patches/SA-02:41/smrsh.patch.asc create mode 100644 share/security/patches/SA-02:41/smrsh2.patch create mode 100644 share/security/patches/SA-02:41/smrsh2.patch.asc create mode 100644 share/security/patches/SA-02:42/resolv.patch create mode 100644 share/security/patches/SA-02:42/resolv.patch.asc create mode 100644 share/security/patches/SA-02:43/bind.patch create mode 100644 share/security/patches/SA-02:43/bind.patch.asc create mode 100644 share/security/patches/SA-02:44/filedesc.patch create mode 100644 share/security/patches/SA-02:44/filedesc.patch.asc create mode 100644 share/security/patches/SA-03:01/cvs.patch create mode 100644 share/security/patches/SA-03:01/cvs.patch.asc create mode 100644 share/security/patches/SA-03:02/openssl46.patch create mode 100644 share/security/patches/SA-03:02/openssl46.patch.asc create mode 100644 share/security/patches/SA-03:02/openssl46.patch.gz create mode 100644 share/security/patches/SA-03:02/openssl46.patch.gz.asc create mode 100644 share/security/patches/SA-03:02/openssl462.patch create mode 100644 share/security/patches/SA-03:02/openssl462.patch.asc create mode 100644 share/security/patches/SA-03:02/openssl462.patch.gz create mode 100644 share/security/patches/SA-03:02/openssl462.patch.gz.asc create mode 100644 share/security/patches/SA-03:02/openssl47.patch create mode 100644 share/security/patches/SA-03:02/openssl47.patch.asc create mode 100644 share/security/patches/SA-03:02/openssl47.patch.gz create mode 100644 share/security/patches/SA-03:02/openssl47.patch.gz.asc create mode 100644 share/security/patches/SA-03:02/openssl4b.patch create mode 100644 share/security/patches/SA-03:02/openssl4b.patch.gz create mode 100644 share/security/patches/SA-03:02/openssl4b.patch.gz.asc create mode 100644 share/security/patches/SA-03:02/openssl4s.patch create mode 100644 share/security/patches/SA-03:02/openssl4s.patch.asc create mode 100644 share/security/patches/SA-03:02/openssl4s.patch.gz create mode 100644 share/security/patches/SA-03:02/openssl4s.patch.gz.asc create mode 100644 share/security/patches/SA-03:02/openssl50.patch create mode 100644 share/security/patches/SA-03:02/openssl50.patch.asc create mode 100644 share/security/patches/SA-03:02/openssl50.patch.gz create mode 100644 share/security/patches/SA-03:02/openssl50.patch.gz.asc create mode 100644 share/security/patches/SA-03:03/syncookie.patch create mode 100644 share/security/patches/SA-03:03/syncookie.patch.asc create mode 100644 share/security/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz create mode 100644 share/security/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz create mode 100644 share/security/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz create mode 100644 share/security/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz create mode 100644 share/security/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz create mode 100644 share/security/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz create mode 100644 share/security/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:04/sendmail.patch create mode 100644 share/security/patches/SA-03:04/sendmail.patch.asc create mode 100644 share/security/patches/SA-03:05/xdr-4.patch create mode 100644 share/security/patches/SA-03:05/xdr-4.patch.asc create mode 100644 share/security/patches/SA-03:05/xdr-5.patch create mode 100644 share/security/patches/SA-03:05/xdr-5.patch.asc create mode 100644 share/security/patches/SA-03:06/openssl.patch create mode 100644 share/security/patches/SA-03:06/openssl.patch.asc create mode 100644 share/security/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz create mode 100644 share/security/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz create mode 100644 share/security/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz create mode 100644 share/security/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz create mode 100644 share/security/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz create mode 100644 share/security/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz create mode 100644 share/security/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz.asc create mode 100644 share/security/patches/SA-03:07/sendmail.patch create mode 100644 share/security/patches/SA-03:07/sendmail.patch.asc create mode 100644 share/security/patches/SA-03:08/realpath.patch create mode 100644 share/security/patches/SA-03:08/realpath.patch.asc create mode 100644 share/security/patches/SA-03:09/signal47.patch create mode 100644 share/security/patches/SA-03:09/signal47.patch.asc create mode 100644 share/security/patches/SA-03:09/signal4s.patch create mode 100644 share/security/patches/SA-03:09/signal4s.patch.asc create mode 100644 share/security/patches/SA-03:09/signal50.patch create mode 100644 share/security/patches/SA-03:09/signal50.patch.asc create mode 100644 share/security/patches/SA-03:09/signal51.patch create mode 100644 share/security/patches/SA-03:09/signal51.patch.asc create mode 100644 share/security/patches/SA-03:10/ibcs2.patch create mode 100644 share/security/patches/SA-03:10/ibcs2.patch.asc create mode 100644 share/security/patches/SA-03:11/sendmail.patch create mode 100644 share/security/patches/SA-03:11/sendmail.patch.asc create mode 100644 share/security/patches/SA-03:12/buffer44.patch create mode 100644 share/security/patches/SA-03:12/buffer44.patch.asc create mode 100644 share/security/patches/SA-03:12/buffer45.patch create mode 100644 share/security/patches/SA-03:12/buffer45.patch.asc create mode 100644 share/security/patches/SA-03:12/buffer46.patch create mode 100644 share/security/patches/SA-03:12/buffer46.patch.asc create mode 100644 share/security/patches/SA-03:13/sendmail.patch create mode 100644 share/security/patches/SA-03:13/sendmail.patch.asc create mode 100644 share/security/patches/SA-03:14/arp.patch create mode 100644 share/security/patches/SA-03:14/arp.patch.asc create mode 100644 share/security/patches/SA-03:15/openssh46.patch create mode 100644 share/security/patches/SA-03:15/openssh46.patch.asc create mode 100644 share/security/patches/SA-03:15/openssh47.patch create mode 100644 share/security/patches/SA-03:15/openssh47.patch.asc create mode 100644 share/security/patches/SA-03:15/openssh48.patch create mode 100644 share/security/patches/SA-03:15/openssh48.patch.asc create mode 100644 share/security/patches/SA-03:15/openssh4s.patch create mode 100644 share/security/patches/SA-03:15/openssh4s.patch.asc create mode 100644 share/security/patches/SA-03:15/openssh51.patch create mode 100644 share/security/patches/SA-03:15/openssh51.patch.asc create mode 100644 share/security/patches/SA-03:16/filedesc.patch create mode 100644 share/security/patches/SA-03:16/filedesc.patch.asc create mode 100644 share/security/patches/SA-03:17/procfs43.patch create mode 100644 share/security/patches/SA-03:17/procfs43.patch.asc create mode 100644 share/security/patches/SA-03:17/procfs4x.patch create mode 100644 share/security/patches/SA-03:17/procfs4x.patch.asc create mode 100644 share/security/patches/SA-03:17/procfs50.patch create mode 100644 share/security/patches/SA-03:17/procfs50.patch.asc create mode 100644 share/security/patches/SA-03:17/procfs51.patch create mode 100644 share/security/patches/SA-03:17/procfs51.patch.asc create mode 100644 share/security/patches/SA-03:18/openssl96.patch create mode 100644 share/security/patches/SA-03:18/openssl96.patch.asc create mode 100644 share/security/patches/SA-03:18/openssl97.patch create mode 100644 share/security/patches/SA-03:18/openssl97.patch.asc create mode 100644 share/security/patches/SA-03:19/bind-833.patch create mode 100644 share/security/patches/SA-03:19/bind-833.patch.asc create mode 100644 share/security/patches/SA-03:19/bind-834.patch create mode 100644 share/security/patches/SA-03:19/bind-834.patch.asc create mode 100644 share/security/patches/SA-03:19/bind-836.patch create mode 100644 share/security/patches/SA-03:19/bind-836.patch.asc create mode 100644 share/security/patches/SA-04:01/mksnap_ffs_5_1.patch create mode 100644 share/security/patches/SA-04:01/mksnap_ffs_5_1.patch.asc create mode 100644 share/security/patches/SA-04:01/mksnap_ffs_5_2.patch create mode 100644 share/security/patches/SA-04:01/mksnap_ffs_5_2.patch.asc create mode 100644 share/security/patches/SA-04:02/shmat.patch create mode 100644 share/security/patches/SA-04:02/shmat.patch.asc create mode 100644 share/security/patches/SA-04:03/jail.patch create mode 100644 share/security/patches/SA-04:03/jail.patch.asc create mode 100644 share/security/patches/SA-04:04/tcp47.patch create mode 100644 share/security/patches/SA-04:04/tcp47.patch.asc create mode 100644 share/security/patches/SA-04:04/tcp51.patch create mode 100644 share/security/patches/SA-04:04/tcp51.patch.asc create mode 100644 share/security/patches/SA-04:04/tcp52.patch create mode 100644 share/security/patches/SA-04:04/tcp52.patch.asc create mode 100644 share/security/patches/SA-04:05/openssl.patch create mode 100644 share/security/patches/SA-04:05/openssl.patch.asc create mode 100644 share/security/patches/SA-04:06/ipv6.patch create mode 100644 share/security/patches/SA-04:06/ipv6.patch.asc create mode 100644 share/security/patches/SA-04:07/cvs.patch create mode 100644 share/security/patches/SA-04:07/cvs.patch.asc create mode 100644 share/security/patches/SA-04:08/heimdal51.patch create mode 100644 share/security/patches/SA-04:08/heimdal51.patch.asc create mode 100644 share/security/patches/SA-04:08/heimdal6.patch create mode 100644 share/security/patches/SA-04:08/heimdal6.patch.asc create mode 100644 share/security/patches/SA-04:09/kadmin.patch create mode 100644 share/security/patches/SA-04:09/kadmin.patch.asc create mode 100644 share/security/patches/SA-04:10/cvs.patch create mode 100644 share/security/patches/SA-04:10/cvs.patch.asc create mode 100644 share/security/patches/SA-04:11/msync4.patch create mode 100644 share/security/patches/SA-04:11/msync4.patch.asc create mode 100644 share/security/patches/SA-04:11/msync5.patch create mode 100644 share/security/patches/SA-04:11/msync5.patch.asc create mode 100644 share/security/patches/SA-04:12/jailroute.patch create mode 100644 share/security/patches/SA-04:12/jailroute.patch.asc create mode 100644 share/security/patches/SA-04:13/linux4.patch create mode 100644 share/security/patches/SA-04:13/linux4.patch.asc create mode 100644 share/security/patches/SA-04:13/linux5.patch create mode 100644 share/security/patches/SA-04:13/linux5.patch.asc create mode 100644 share/security/patches/SA-04:14/cvs.patch create mode 100644 share/security/patches/SA-04:14/cvs.patch.asc create mode 100644 share/security/patches/SA-04:15/syscons.patch create mode 100644 share/security/patches/SA-04:15/syscons.patch.asc create mode 100644 share/security/patches/SA-04:16/fetch.patch create mode 100644 share/security/patches/SA-04:16/fetch.patch.asc create mode 100644 share/security/patches/SA-04:17/procfs4.patch create mode 100644 share/security/patches/SA-04:17/procfs4.patch.asc create mode 100644 share/security/patches/SA-04:17/procfs5.patch create mode 100644 share/security/patches/SA-04:17/procfs5.patch.asc create mode 100644 share/security/patches/SA-05:01/telnet4.patch create mode 100644 share/security/patches/SA-05:01/telnet4.patch.asc create mode 100644 share/security/patches/SA-05:01/telnet5.patch create mode 100644 share/security/patches/SA-05:01/telnet5.patch.asc create mode 100644 share/security/patches/SA-05:02/sendfile_4.patch create mode 100644 share/security/patches/SA-05:02/sendfile_4.patch.asc create mode 100644 share/security/patches/SA-05:02/sendfile_5.patch create mode 100644 share/security/patches/SA-05:02/sendfile_5.patch.asc create mode 100644 share/security/patches/SA-05:03/amd64.patch create mode 100644 share/security/patches/SA-05:03/amd64.patch.asc create mode 100644 share/security/patches/SA-05:04/ifconf4.patch create mode 100644 share/security/patches/SA-05:04/ifconf4.patch.asc create mode 100644 share/security/patches/SA-05:04/ifconf5.patch create mode 100644 share/security/patches/SA-05:04/ifconf5.patch.asc create mode 100644 share/security/patches/SA-05:05/cvs.patch create mode 100644 share/security/patches/SA-05:05/cvs.patch.asc create mode 100644 share/security/patches/SA-05:05/cvs410.patch create mode 100644 share/security/patches/SA-05:05/cvs410.patch.asc create mode 100644 share/security/patches/SA-05:06/iir.patch create mode 100644 share/security/patches/SA-05:06/iir.patch.asc create mode 100644 share/security/patches/SA-05:07/ldt4.patch create mode 100644 share/security/patches/SA-05:07/ldt4.patch.asc create mode 100644 share/security/patches/SA-05:07/ldt5.patch create mode 100644 share/security/patches/SA-05:07/ldt5.patch.asc create mode 100644 share/security/patches/SA-05:08/kmem4.patch create mode 100644 share/security/patches/SA-05:08/kmem4.patch.asc create mode 100644 share/security/patches/SA-05:08/kmem4x.patch create mode 100644 share/security/patches/SA-05:08/kmem4x.patch.asc create mode 100644 share/security/patches/SA-05:08/kmem5.patch create mode 100644 share/security/patches/SA-05:08/kmem5.patch.asc create mode 100644 share/security/patches/SA-05:08/kmem5x.patch create mode 100644 share/security/patches/SA-05:08/kmem5x.patch.asc create mode 100644 share/security/patches/SA-05:09/htt410.patch create mode 100644 share/security/patches/SA-05:09/htt410.patch.asc create mode 100644 share/security/patches/SA-05:09/htt411.patch create mode 100644 share/security/patches/SA-05:09/htt411.patch.asc create mode 100644 share/security/patches/SA-05:09/htt5.patch create mode 100644 share/security/patches/SA-05:09/htt5.patch.asc create mode 100644 share/security/patches/SA-05:10/tcpdump.patch create mode 100644 share/security/patches/SA-05:10/tcpdump.patch.asc create mode 100644 share/security/patches/SA-05:11/gzip.patch create mode 100644 share/security/patches/SA-05:11/gzip.patch.asc create mode 100644 share/security/patches/SA-05:12/bind9.patch create mode 100644 share/security/patches/SA-05:12/bind9.patch.asc create mode 100644 share/security/patches/SA-05:13/ipfw.patch create mode 100644 share/security/patches/SA-05:13/ipfw.patch.asc create mode 100644 share/security/patches/SA-05:14/bzip2.patch create mode 100644 share/security/patches/SA-05:14/bzip2.patch.asc create mode 100644 share/security/patches/SA-05:15/tcp.patch create mode 100644 share/security/patches/SA-05:15/tcp.patch.asc create mode 100644 share/security/patches/SA-05:15/tcp4.patch create mode 100644 share/security/patches/SA-05:15/tcp4.patch.asc create mode 100644 share/security/patches/SA-05:16/zlib.patch create mode 100644 share/security/patches/SA-05:16/zlib.patch.asc create mode 100644 share/security/patches/SA-05:17/devfs.patch create mode 100644 share/security/patches/SA-05:17/devfs.patch.asc create mode 100644 share/security/patches/SA-05:18/zlib.patch create mode 100644 share/security/patches/SA-05:18/zlib.patch.asc create mode 100644 share/security/patches/SA-05:19/ipsec.patch create mode 100644 share/security/patches/SA-05:19/ipsec.patch.asc create mode 100644 share/security/patches/SA-05:20/cvsbug.patch create mode 100644 share/security/patches/SA-05:20/cvsbug.patch.asc create mode 100644 share/security/patches/SA-05:20/cvsbug410.patch create mode 100644 share/security/patches/SA-05:20/cvsbug410.patch.asc create mode 100644 share/security/patches/SA-05:20/cvsbug53.patch create mode 100644 share/security/patches/SA-05:21/openssl.patch create mode 100644 share/security/patches/SA-05:21/openssl.patch.asc create mode 100644 share/security/patches/SA-06:01/texindex.patch create mode 100644 share/security/patches/SA-06:01/texindex.patch.asc create mode 100644 share/security/patches/SA-06:01/texindex5x.patch create mode 100644 share/security/patches/SA-06:01/texindex5x.patch.asc create mode 100644 share/security/patches/SA-06:02/ee.patch create mode 100644 share/security/patches/SA-06:02/ee.patch.asc create mode 100644 share/security/patches/SA-06:03/cpio.patch create mode 100644 share/security/patches/SA-06:03/cpio.patch.asc create mode 100644 share/security/patches/SA-06:04/ipfw.patch create mode 100644 share/security/patches/SA-06:04/ipfw.patch.asc create mode 100644 share/security/patches/SA-06:05/80211.patch create mode 100644 share/security/patches/SA-06:05/80211.patch.asc create mode 100644 share/security/patches/SA-06:06/kmem.patch create mode 100644 share/security/patches/SA-06:06/kmem.patch.asc create mode 100644 share/security/patches/SA-06:06/kmem60.patch create mode 100644 share/security/patches/SA-06:06/kmem60.patch.asc create mode 100644 share/security/patches/SA-06:07/pf.patch create mode 100644 share/security/patches/SA-06:07/pf.patch.asc create mode 100644 share/security/patches/SA-06:08/sack.patch create mode 100644 share/security/patches/SA-06:08/sack.patch.asc create mode 100644 share/security/patches/SA-06:09/openssh.patch create mode 100644 share/security/patches/SA-06:09/openssh.patch.asc create mode 100644 share/security/patches/SA-06:10/nfs.patch create mode 100644 share/security/patches/SA-06:10/nfs.patch.asc create mode 100644 share/security/patches/SA-06:10/nfs4.patch create mode 100644 share/security/patches/SA-06:10/nfs4.patch.asc create mode 100644 share/security/patches/SA-06:11/ipsec.patch create mode 100644 share/security/patches/SA-06:11/ipsec.patch.asc create mode 100644 share/security/patches/SA-06:12/opie.patch create mode 100644 share/security/patches/SA-06:12/opie.patch.asc create mode 100644 share/security/patches/SA-06:13/sendmail.patch create mode 100644 share/security/patches/SA-06:13/sendmail.patch.asc create mode 100644 share/security/patches/SA-06:13/sendmail410.patch create mode 100644 share/security/patches/SA-06:13/sendmail410.patch.asc create mode 100644 share/security/patches/SA-06:13/sendmail411.patch create mode 100644 share/security/patches/SA-06:13/sendmail411.patch.asc create mode 100644 share/security/patches/SA-06:14/fpu.patch create mode 100644 share/security/patches/SA-06:14/fpu.patch.asc create mode 100644 share/security/patches/SA-06:14/fpu4x.patch create mode 100644 share/security/patches/SA-06:14/fpu4x.patch.asc create mode 100644 share/security/patches/SA-06:15/ypserv.patch create mode 100644 share/security/patches/SA-06:15/ypserv.patch.asc create mode 100644 share/security/patches/SA-06:16/smbfs.patch create mode 100644 share/security/patches/SA-06:16/smbfs.patch.asc create mode 100644 share/security/patches/SA-06:17/sendmail.patch create mode 100644 share/security/patches/SA-06:17/sendmail.patch.asc create mode 100644 share/security/patches/SA-06:18/ppp.patch create mode 100644 share/security/patches/SA-06:18/ppp.patch.asc create mode 100644 share/security/patches/SA-06:18/ppp4x.patch create mode 100644 share/security/patches/SA-06:18/ppp4x.patch.asc create mode 100644 share/security/patches/SA-06:18/ppp53.patch create mode 100644 share/security/patches/SA-06:18/ppp53.patch.asc create mode 100644 share/security/patches/SA-06:19/openssl.patch create mode 100644 share/security/patches/SA-06:19/openssl.patch.asc create mode 100644 share/security/patches/SA-06:20/bind.patch create mode 100644 share/security/patches/SA-06:20/bind.patch.asc create mode 100644 share/security/patches/SA-06:21/gzip.patch create mode 100644 share/security/patches/SA-06:21/gzip.patch.asc create mode 100644 share/security/patches/SA-06:22/openssh4x.patch create mode 100644 share/security/patches/SA-06:22/openssh4x.patch.asc create mode 100644 share/security/patches/SA-06:22/openssh5x.patch create mode 100644 share/security/patches/SA-06:22/openssh5x.patch.asc create mode 100644 share/security/patches/SA-06:22/openssh6x.patch create mode 100644 share/security/patches/SA-06:22/openssh6x.patch.asc create mode 100644 share/security/patches/SA-06:23/openssl-correction.patch create mode 100644 share/security/patches/SA-06:23/openssl-correction.patch.asc create mode 100644 share/security/patches/SA-06:23/openssl.patch create mode 100644 share/security/patches/SA-06:23/openssl.patch.asc create mode 100644 share/security/patches/SA-06:24/libarchive.patch create mode 100644 share/security/patches/SA-06:24/libarchive.patch.asc create mode 100644 share/security/patches/SA-06:25/kmem.patch create mode 100644 share/security/patches/SA-06:25/kmem.patch.asc create mode 100644 share/security/patches/SA-06:26/gtar.patch create mode 100644 share/security/patches/SA-06:26/gtar.patch.asc create mode 100644 share/security/patches/SA-07:01/jail5-correction.patch create mode 100644 share/security/patches/SA-07:01/jail5-correction.patch.asc create mode 100644 share/security/patches/SA-07:01/jail5.patch create mode 100644 share/security/patches/SA-07:01/jail5.patch.asc create mode 100644 share/security/patches/SA-07:01/jail60.patch create mode 100644 share/security/patches/SA-07:01/jail60.patch.asc create mode 100644 share/security/patches/SA-07:01/jail61.patch create mode 100644 share/security/patches/SA-07:01/jail61.patch.asc create mode 100644 share/security/patches/SA-07:02/bind61.patch create mode 100644 share/security/patches/SA-07:02/bind61.patch.asc create mode 100644 share/security/patches/SA-07:02/bind62.patch create mode 100644 share/security/patches/SA-07:02/bind62.patch.asc create mode 100644 share/security/patches/SA-07:03/ipv6.patch create mode 100644 share/security/patches/SA-07:03/ipv6.patch.asc create mode 100644 share/security/patches/SA-07:04/file5.patch create mode 100644 share/security/patches/SA-07:04/file5.patch.asc create mode 100644 share/security/patches/SA-07:04/file6.patch create mode 100644 share/security/patches/SA-07:04/file6.patch.asc create mode 100644 share/security/patches/SA-07:05/libarchive.patch create mode 100644 share/security/patches/SA-07:05/libarchive.patch.asc create mode 100644 share/security/patches/SA-07:06/tcpdump.patch create mode 100644 share/security/patches/SA-07:06/tcpdump.patch.asc create mode 100644 share/security/patches/SA-07:07/bind.patch create mode 100644 share/security/patches/SA-07:07/bind.patch.asc create mode 100644 share/security/patches/SA-07:08/openssl.patch create mode 100644 share/security/patches/SA-07:08/openssl.patch.asc create mode 100644 share/security/patches/SA-07:09/random.patch create mode 100644 share/security/patches/SA-07:09/random.patch.asc create mode 100644 share/security/patches/SA-07:10/gtar.patch create mode 100644 share/security/patches/SA-07:10/gtar.patch.asc create mode 100644 share/security/patches/SA-08:01/pty5.patch create mode 100644 share/security/patches/SA-08:01/pty5.patch.asc create mode 100644 share/security/patches/SA-08:01/pty5stable.patch create mode 100644 share/security/patches/SA-08:01/pty5stable.patch.asc create mode 100644 share/security/patches/SA-08:01/pty6.patch create mode 100644 share/security/patches/SA-08:01/pty6.patch.asc create mode 100644 share/security/patches/SA-08:01/pty6stable.patch create mode 100644 share/security/patches/SA-08:01/pty6stable.patch.asc create mode 100644 share/security/patches/SA-08:01/pty7.patch create mode 100644 share/security/patches/SA-08:01/pty7.patch.asc create mode 100644 share/security/patches/SA-08:01/pty7stable.patch create mode 100644 share/security/patches/SA-08:01/pty7stable.patch.asc create mode 100644 share/security/patches/SA-08:01/pty8.patch create mode 100644 share/security/patches/SA-08:01/pty8.patch.asc create mode 100644 share/security/patches/SA-08:02/libc.patch create mode 100644 share/security/patches/SA-08:02/libc.patch.asc create mode 100644 share/security/patches/SA-08:03/sendfile.patch create mode 100644 share/security/patches/SA-08:03/sendfile.patch.asc create mode 100644 share/security/patches/SA-08:03/sendfile55.patch create mode 100644 share/security/patches/SA-08:03/sendfile55.patch.asc create mode 100644 share/security/patches/SA-08:03/sendfile61.patch create mode 100644 share/security/patches/SA-08:03/sendfile61.patch.asc create mode 100644 share/security/patches/SA-08:04/ipsec.patch create mode 100644 share/security/patches/SA-08:04/ipsec.patch.asc create mode 100644 share/security/patches/SA-08:05/openssh.patch create mode 100644 share/security/patches/SA-08:05/openssh.patch.asc create mode 100644 share/security/patches/SA-08:06/bind63.patch create mode 100644 share/security/patches/SA-08:06/bind63.patch.asc create mode 100644 share/security/patches/SA-08:06/bind7.patch create mode 100644 share/security/patches/SA-08:06/bind7.patch.asc create mode 100644 share/security/patches/SA-08:07/amd64.patch create mode 100644 share/security/patches/SA-08:07/amd64.patch.asc create mode 100644 share/security/patches/SA-08:08/nmount.patch create mode 100644 share/security/patches/SA-08:08/nmount.patch.asc create mode 100644 share/security/patches/SA-08:09/icmp6.patch create mode 100644 share/security/patches/SA-08:09/icmp6.patch.asc create mode 100644 share/security/patches/SA-08:10/nd6-6.patch create mode 100644 share/security/patches/SA-08:10/nd6-6.patch.asc create mode 100644 share/security/patches/SA-08:10/nd6-7.patch create mode 100644 share/security/patches/SA-08:10/nd6-7.patch.asc create mode 100644 share/security/patches/SA-08:11/arc4random.patch create mode 100644 share/security/patches/SA-08:11/arc4random.patch.asc create mode 100644 share/security/patches/SA-08:11/arc4random6x.patch create mode 100644 share/security/patches/SA-08:11/arc4random6x.patch.asc create mode 100644 share/security/patches/SA-08:12/ftpd.patch create mode 100644 share/security/patches/SA-08:12/ftpd.patch.asc create mode 100644 share/security/patches/SA-08:13/protosw.patch create mode 100644 share/security/patches/SA-08:13/protosw.patch.asc create mode 100644 share/security/patches/SA-08:13/protosw6x.patch create mode 100644 share/security/patches/SA-08:13/protosw6x.patch.asc create mode 100644 share/security/patches/SA-09:01/lukemftpd.patch create mode 100644 share/security/patches/SA-09:01/lukemftpd.patch.asc create mode 100644 share/security/patches/SA-09:02/openssl.patch create mode 100644 share/security/patches/SA-09:02/openssl.patch.asc create mode 100644 share/security/patches/SA-09:02/openssl6.patch create mode 100644 share/security/patches/SA-09:02/openssl6.patch.asc create mode 100644 share/security/patches/SA-09:03/ntpd.patch create mode 100644 share/security/patches/SA-09:03/ntpd.patch.asc create mode 100644 share/security/patches/SA-09:03/ntpd63.patch create mode 100644 share/security/patches/SA-09:03/ntpd63.patch.asc create mode 100644 share/security/patches/SA-09:04/bind.patch create mode 100644 share/security/patches/SA-09:04/bind.patch.asc create mode 100644 share/security/patches/SA-09:05/telnetd.patch create mode 100644 share/security/patches/SA-09:05/telnetd.patch.asc create mode 100644 share/security/patches/SA-09:06/ktimer.patch create mode 100644 share/security/patches/SA-09:06/ktimer.patch.asc create mode 100644 share/security/patches/SA-09:07/libc.patch create mode 100644 share/security/patches/SA-09:07/libc.patch.asc create mode 100644 share/security/patches/SA-09:08/openssl.patch create mode 100644 share/security/patches/SA-09:08/openssl.patch.asc create mode 100644 share/security/patches/SA-09:08/openssl6.patch create mode 100644 share/security/patches/SA-09:08/openssl6.patch.asc create mode 100644 share/security/patches/SA-09:09/pipe.patch create mode 100644 share/security/patches/SA-09:09/pipe.patch.asc create mode 100644 share/security/patches/SA-09:10/ipv6-6.patch create mode 100644 share/security/patches/SA-09:10/ipv6-6.patch.asc create mode 100644 share/security/patches/SA-09:10/ipv6.patch create mode 100644 share/security/patches/SA-09:10/ipv6.patch.asc create mode 100644 share/security/patches/SA-09:11/ntpd.patch create mode 100644 share/security/patches/SA-09:11/ntpd.patch.asc create mode 100644 share/security/patches/SA-09:11/ntpd63.patch create mode 100644 share/security/patches/SA-09:11/ntpd63.patch.asc create mode 100644 share/security/patches/SA-09:12/bind.patch create mode 100644 share/security/patches/SA-09:12/bind.patch.asc create mode 100644 share/security/patches/SA-09:13/pipe.patch create mode 100644 share/security/patches/SA-09:13/pipe.patch.asc create mode 100644 share/security/patches/SA-09:14/devfs6.patch create mode 100644 share/security/patches/SA-09:14/devfs6.patch.asc create mode 100644 share/security/patches/SA-09:14/devfs7.patch create mode 100644 share/security/patches/SA-09:14/devfs7.patch.asc create mode 100644 share/security/patches/SA-09:15/ssl.patch create mode 100644 share/security/patches/SA-09:15/ssl.patch.asc create mode 100644 share/security/patches/SA-09:16/rtld.patch create mode 100644 share/security/patches/SA-09:16/rtld.patch.asc create mode 100644 share/security/patches/SA-09:16/rtld7.patch create mode 100644 share/security/patches/SA-09:16/rtld7.patch.asc create mode 100644 share/security/patches/SA-09:17/freebsd-update.patch create mode 100644 share/security/patches/SA-09:17/freebsd-update.patch.asc create mode 100644 share/security/patches/SA-10:01/bind9-6.patch create mode 100644 share/security/patches/SA-10:01/bind9-6.patch.asc create mode 100644 share/security/patches/SA-10:01/bind9-63.patch create mode 100644 share/security/patches/SA-10:01/bind9-63.patch.asc create mode 100644 share/security/patches/SA-10:01/bind9-64.patch create mode 100644 share/security/patches/SA-10:01/bind9-64.patch.asc create mode 100644 share/security/patches/SA-10:01/bind9-71.patch create mode 100644 share/security/patches/SA-10:01/bind9-71.patch.asc create mode 100644 share/security/patches/SA-10:01/bind9-72.patch create mode 100644 share/security/patches/SA-10:01/bind9-72.patch.asc create mode 100644 share/security/patches/SA-10:01/bind9-80.patch create mode 100644 share/security/patches/SA-10:01/bind9-80.patch.asc create mode 100644 share/security/patches/SA-10:02/ntpd.patch create mode 100644 share/security/patches/SA-10:02/ntpd.patch.asc create mode 100644 share/security/patches/SA-10:03/zfs.patch create mode 100644 share/security/patches/SA-10:03/zfs.patch.asc create mode 100644 share/security/patches/SA-10:03/zfs712.patch create mode 100644 share/security/patches/SA-10:03/zfs712.patch.asc create mode 100644 share/security/patches/SA-10:04/jail.patch create mode 100644 share/security/patches/SA-10:04/jail.patch.asc create mode 100644 share/security/patches/SA-10:05/opie.patch create mode 100644 share/security/patches/SA-10:05/opie.patch.asc create mode 100644 share/security/patches/SA-10:06/nfsclient.patch create mode 100644 share/security/patches/SA-10:06/nfsclient.patch.asc create mode 100644 share/security/patches/SA-10:07/mbuf.patch create mode 100644 share/security/patches/SA-10:07/mbuf.patch.asc create mode 100644 share/security/patches/SA-10:08/bzip2.patch create mode 100644 share/security/patches/SA-10:08/bzip2.patch.asc create mode 100644 share/security/patches/SA-10:09/pseudofs.patch create mode 100644 share/security/patches/SA-10:09/pseudofs.patch.asc create mode 100644 share/security/patches/SA-10:10/openssl.patch create mode 100644 share/security/patches/SA-10:10/openssl.patch.asc create mode 100644 share/security/patches/SA-10:10/openssl7.patch create mode 100644 share/security/patches/SA-10:10/openssl7.patch.asc create mode 100644 share/security/patches/SA-11:01/mountd.patch create mode 100644 share/security/patches/SA-11:01/mountd.patch.asc create mode 100644 share/security/patches/SA-11:02/bind.patch create mode 100644 share/security/patches/SA-11:02/bind.patch.asc create mode 100644 share/security/patches/SA-11:03/bind.patch create mode 100644 share/security/patches/SA-11:03/bind.patch.asc create mode 100644 share/security/patches/SA-11:04/compress.patch create mode 100644 share/security/patches/SA-11:04/compress.patch.asc create mode 100644 share/security/patches/SA-11:05/unix-linux.patch create mode 100644 share/security/patches/SA-11:05/unix-linux.patch.asc create mode 100644 share/security/patches/SA-11:05/unix.patch create mode 100644 share/security/patches/SA-11:05/unix.patch.asc create mode 100644 share/security/patches/SA-11:05/unix2.patch create mode 100644 share/security/patches/SA-11:05/unix2.patch.asc create mode 100644 share/security/patches/SA-11:06/bind7.patch create mode 100644 share/security/patches/SA-11:06/bind7.patch.asc create mode 100644 share/security/patches/SA-11:06/bind8.patch create mode 100644 share/security/patches/SA-11:06/bind8.patch.asc create mode 100644 share/security/patches/SA-11:07/chroot7.patch create mode 100644 share/security/patches/SA-11:07/chroot7.patch.asc create mode 100644 share/security/patches/SA-11:07/chroot8.patch create mode 100644 share/security/patches/SA-11:07/chroot8.patch.asc create mode 100644 share/security/patches/SA-11:08/telnetd.patch create mode 100644 share/security/patches/SA-11:08/telnetd.patch.asc create mode 100644 share/security/patches/SA-11:09/pam_ssh.patch create mode 100644 share/security/patches/SA-11:09/pam_ssh.patch.asc create mode 100644 share/security/patches/SA-11:10/pam.patch create mode 100644 share/security/patches/SA-11:10/pam.patch.asc create mode 100644 share/security/patches/SA-12:01/openssl-sgc-fix.patch create mode 100644 share/security/patches/SA-12:01/openssl-sgc-fix.patch.asc create mode 100644 share/security/patches/SA-12:01/openssl.patch create mode 100644 share/security/patches/SA-12:01/openssl.patch.asc create mode 100644 share/security/patches/SA-12:01/openssl2.patch create mode 100644 share/security/patches/SA-12:01/openssl2.patch.asc create mode 100644 share/security/patches/SA-12:02/crypt.patch create mode 100644 share/security/patches/SA-12:02/crypt.patch.asc create mode 100644 share/security/patches/SA-12:03/bind-90.patch create mode 100644 share/security/patches/SA-12:03/bind-90.patch.asc create mode 100644 share/security/patches/SA-12:03/bind.patch create mode 100644 share/security/patches/SA-12:03/bind.patch.asc create mode 100644 share/security/patches/SA-12:04/sysret-81-correction.patch create mode 100644 share/security/patches/SA-12:04/sysret-81-correction.patch.asc create mode 100644 share/security/patches/SA-12:04/sysret-81.patch create mode 100644 share/security/patches/SA-12:04/sysret-81.patch.asc create mode 100644 share/security/patches/SA-12:04/sysret.patch create mode 100644 share/security/patches/SA-12:04/sysret.patch.asc create mode 100644 share/security/patches/SA-12:05/bind.patch create mode 100644 share/security/patches/SA-12:05/bind.patch.asc diff --git a/share/security/advisories/CERT-CA-98-13-tcp-denial-of-service.asc b/share/security/advisories/CERT-CA-98-13-tcp-denial-of-service.asc new file mode 100644 index 0000000000..5b73963404 --- /dev/null +++ b/share/security/advisories/CERT-CA-98-13-tcp-denial-of-service.asc @@ -0,0 +1,254 @@ +-----BEGIN PGP SIGNED MESSAGE----- + + +CERT Advisory CA-98-13-tcp-denial-of-service + + Original Issue Date: December 21, 1998 + + Last Revised + +Topic: Vulnerability in Certain TCP/IP Implementations + +Affected Systems + + Some systems with BSD-derived TCP/IP stacks. See Appendix A for a + complete list of affected systems. + +Overview + + Intruders can disrupt service or crash systems with vulnerable TCP/IP + stacks. No special access is required, and intruders can use + source-address spoofing to conceal their true location. + +I. Description + + By carefully constructing a sequence of packets with certain + characteristics, an intruder can cause vulnerable systems to crash, + hang, or behave in unpredictable ways. This vulnerability is similar + in its effect to other denial-of-service vulnerabilities, including + the ones described in + + http://www.cert.org/advisories/CA-97.28.Teardrop_Land.html + + Specifically, intruders can use this vulnerability in conjunction with + IP-source-address spoofing to make it difficult or impossible to know + their location. They can also use the vulnerability in conjunction + with broadcast packets to affect a large number of vulnerable machines + with a small number of packets. + +II. Impact + + Any remote user can crash or hang a vulnerable machine, or cause the + system to behave in unpredictable ways. + +III. Solution + +A. Install a patch from your vendor. + + Appendix A contains input from vendors who have provided information + for this advisory. We will update the appendix as we receive more + information. If you do not see your vendor's name, the CERT/CC did not + hear from that vendor. Please contact your vendor directly. + +B. Configure your router or firewall to help prevent source-address spoofing. + + We encourage sites to configure their routers or firewalls to reduce + the ability of intruders to use source-address spoofing. Currently, + the best method to reduce the number of IP-spoofed packets exiting + your network is to install filtering on your routers that requires + packets leaving your network to have a source address from your + internal network. This type of filter prevents a source IP-spoofing + attack from your site by filtering all outgoing packets that contain a + source address of a different network. + + A detailed description of this type of filtering is available in RFC + 2267, "Network Ingress Filtering: Defeating Denial of Service Attacks + which employ IP Source Address Spoofing" by Paul Ferguson of Cisco + Systems, Inc. and Daniel Senie of Blazenet, Inc. We recommend it to + both Internet Service Providers and sites that manage their own + routers. The document is currently available at + + http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2267.txt + + Note that this type of filtering does not protect a site from the + attack itself, but it does reduce the ability of intruders to conceal + their location, thereby discouraging attacks. + +Appendix A - Vendor Information + + Berkeley Software Design, Inc. (BSDI) + + BSDI's current release BSD/OS 4.0 is not vulnerable to this problem. + BSD/OS 3.1 is vulnerable and a patch (M310-049) is available from + BSDI's WWW server at http://www.bsdi.com/support/patches or via our + ftp server from the directory + ftp://ftp.bsdi.com/bsdi/patches/patches-3.1. + + Cisco Systems + + Cisco is not vulnerable. + + Compaq Computer Corporation + + SOURCE: (c) Copyright 1994, 1995, 1996, 1997, 1998 Compaq Computer + Corporation. + + All rights reserved. + + SOURCE: Compaq Computer Corporation + Compaq Services + Software Security Response Team USA + + This reported problem is not present for the as shipped, Compaq's + Digital ULTRIX or Compaq's Digital UNIX Operating Systems Software. + + - Compaq Computer Corporation + + Data General Corporation + + We are investigating. We will provide an update when our investigation + is complete. + + FreeBSD, Inc. + + FreeBSD 2.2.8 is not vulnerable. + FreeBSD versions prior to 2.2.8 are vulnerable. + FreeBSD 3.0 is also vulnerable. + FreeBSD 3.0-current as of 1998/11/12 is not vulnerable. + + A patch is available at + ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/CA-98-13/patch + + Fujitsu + + Regarding this vulnerability, Fujitsu's UXP/V operating system is not + vulnerable. + + Hewlett-Packard Company + + HP is not vulnerable. + + IBM Corporation + + AIX is not vulnerable. + + IBM and AIX are registered trademarks of International Business + Machines Corporation. + + Livingston Enterprises, Inc. + + Livingston systems are not vulnerable. + + Computer Associates International + + CA systems are not vulnerable. + + Microsoft Corporation + + Microsoft is not vulnerable. + + NEC Corporation + + NEC Corporation EWS-UX, UP-UX and UX/4800 Unix systems are not + vulnerable to this problem. + + OpenBSD + + Security fixes for this problem are now available for 2.3 and 2.4. + + For 2.3, see + + www.openbsd.org/errata23.html#tcpfix + + For our 2.4 release which is available on CD on Dec 1, see + + www.openbsd.org/errata.html#tcpfix + + The bug is fixed in our -current source tree. + + Sun Microsystems, Inc. + + We have confirmed that SunOS and Solaris are not vulnerable to the DOS + attack. + + Wind River Systems, Inc. + + We've taken a look at our networking code and have determined that + this is not a problem in the currently shipping version of the VxWorks + RTOS. + _________________________________________________________________ + +Contributors + + The vulnerability was originally discovered by Joel Boutros of the + Enterprise Security Services team of Cambridge Technology Partners. + Guido van Rooij of FreeBSD, Inc., provided an analysis of the + vulnerability and information regarding its scope and extent. + ______________________________________________________________________ + + This document is available from: + http://www.cert.org/advisories/CA-98-13-tcp-denial-of-service.html. + ______________________________________________________________________ + +CERT/CC Contact Information + + Email: cert@cert.org + Phone: +1 412-268-7090 (24-hour hotline) + Fax: +1 412-268-6989 + Postal address: + CERT Coordination Center + Software Engineering Institute + Carnegie Mellon University + Pittsburgh PA 15213-3890 + U.S.A. + + CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4) + Monday through Friday; they are on call for emergencies during other + hours, on U.S. holidays, and on weekends. + +Using encryption + + We strongly urge you to encrypt sensitive information sent by email. + Our public PGP key is available from http://www.cert.org/CERT_PGP.key. + If you prefer to use DES, please call the CERT hotline for more + information. + +Getting security information + + CERT publications and other security information are available from + our web site http://www.cert.org/. + + To be added to our mailing list for advisories and bulletins, send + email to cert-advisory-request@cert.org and include SUBSCRIBE + your-email-address in the subject of your message. + + Copyright 1998 Carnegie Mellon University. + Conditions for use, disclaimers, and sponsorship information can be + found in http://www.cert.org/legal_stuff.html. + + * CERT is registered in the U.S. Patent and Trademark Office + ______________________________________________________________________ + + NO WARRANTY + Any material furnished by Carnegie Mellon University and the Software + Engineering Institute is furnished on an "as is" basis. Carnegie + Mellon University makes no warranties of any kind, either expressed or + implied as to any matter including, but not limited to, warranty of + fitness for a particular purpose or merchantability, exclusivity or + results obtained from use of the material. Carnegie Mellon University + does not make any warranty of any kind with respect to freedom from + patent, trademark, or copyright infringement. + _________________________________________________________________ + + Revision History + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBNn64knVP+x0t4w7BAQHd/wQAv+1cQif/KNdFZ1ObARzlJJUd9T0Za5WM +GjZwrlYR3CIm+eByVbGGizCYTXzuiTjQdenKxfDXAXXwqZRIvFbpjU3qWY6kCicf +BhTbvzOOIT/ROhr9fWRwPqqPMKUyUYaJCbeWYWeV6PFJ6fYhWrBihiE+yml4n1Xp +k2lHvwHl9lE= +=9kEz +-----END PGP SIGNATURE----- + diff --git a/share/security/advisories/FreeBSD-EN-04:01.twe.asc b/share/security/advisories/FreeBSD-EN-04:01.twe.asc new file mode 100644 index 0000000000..02153d39d5 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-04:01.twe.asc @@ -0,0 +1,84 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + + +FreeBSD-EN-04:01.twe Errata Notice + The FreeBSD Project + +Topic: twe(4) driver may hang on heavily loaded systems + +Category: core +Module: twe(4) device driver +Announced: 2004-06-28 +Credits: Vinod Kashyap + Paul Saab +Affects: FreeBSD 4.10-RELEASE +Corrected: 2004-06-26 02:22:24 UTC (4.10-RELEASE-p1) + +I. Background + +The twe(4) driver handles the 3ware series of RAID controllers. + +II. Problem Description + +On 6xxx series controllers the driver may try to repeatedly submit the +same request if the cmd queue gets full, which may happen under extremely +high I/O rates. + +III. Impact + +Once the driver entered the state it was repeatedly submitting the same +request all normal disk I/O through the controller stops. The computer +would require a hard reset, any pending I/O buffered in memory would be +lost. + +IV. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to the RELENG_4_10 errata branch dated +after the correction date using cvsup(1) or cvs(1). This is the preferred +method. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/patches/EN-04:01/twe.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/patches/EN-04:01/twe.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch -p0 < /path/to/patch + +Then follow the normal procedures for rebuilding/reinstalling the kernel. +Note that this method will only work with no errors if your system was +installed from scratch using the FreeBSD-4.10 Release CDs or FTP install. +If that is not the case you may see errors while patching the UPDATING +file. Those errors would be harmless. Any other errors while running +patch(1) should be investigated before proceeding with the rebuild/reinstall. + +V. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- -------------------------------------------------------------------------- +RELENG_4_10 + src/sys/dev/twe/twe.c 1.1.2.8.2.2 + src/sys/dev/twe/twe_freebsd.c 1.2.2.8.2.1 + src/sys/dev/twe/twevar.h 1.1.2.6.2.2 + src/sys/conf/newvers.sh 1.44.2.34.2.3 + src/UPDATING 1.73.2.90.2.2 +- -------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFA3ZYO/G14VSmup/YRAlOqAJ0cTgJcc83f+aAnHSFejBbUwMp5vQCdGpfB +mHTWM/zA65ZjvrPEq1mrZy8= +=T1Ow +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-05:01.nfs.asc b/share/security/advisories/FreeBSD-EN-05:01.nfs.asc new file mode 100644 index 0000000000..84e84f6480 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-05:01.nfs.asc @@ -0,0 +1,84 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + + +FreeBSD-EN-05:01.nfs Errata Notice + The FreeBSD Project + +Topic: NFS Server may panic under certain load patterns + +Category: core +Module: nfsserver +Announced: 2005-01-05 +Credits: Robert Watson +Affects: FreeBSD 5.3-RELEASE +Corrected: 2005-01-05 03:35:00 UTC + +I. Background + +The Network File System (NFS) allows a system to share directories and files +with others over a network. By using this, users and programs can access +files on remote systems almost as if they were local files. + +II. Problem Description + +Due to a bug in nfsrv_create() a call to nfsrv_access() might be made +while holding the NFS server mutex, which results in kernel panics under +certain load patterns. + +III. Impact + +NFS servers that encountered the load pattern would crash and reboot. + +IV. Solution + +Do one of the following to update the source tree: + + 1) Upgrade your vulnerable system to the RELENG_5_3 errata branch dated + after the correction date using cvsup(1) or cvs(1). This is the + preferred method. + + 2) Obtain the updated files using the cvsweb interface. Cvsweb is a + Web interface to the CVS repository. The URL to the general + interface is "http://www.freebsd.org/cgi/cvsweb.cgi/". You can + obtain any of the source files for the RELENG_5_3 branch by going + to the src directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src") + and then selecting the "RELENG_5_3" branch tag. With the branch + tag set navigate to the files listed below in the "Correction + details" section and download them, making sure you get the correct + revision numbers. Copy the downloaded files into your /usr/src tree. + +If using the second procedure you should make sure you have used that +same procedure to download all previous Errata Notices and Security +Advisories. We strongly discourage this procedure due to the problems +that may be caused by not doing that - using the first procedure takes +care of making sure all updates get applied. + +Then follow the normal procedures for rebuilding/reinstalling the kernel. +Details about rebuilding/reinstalling are available here: + + http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html + +V. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- -------------------------------------------------------------------------- +RELENG_5_3 + + Revision Changes Path + 1.342.2.13.2.6 +5 -0 src/UPDATING + 1.62.2.15.2.8 +1 -1 src/sys/conf/newvers.sh + 1.147.2.1.2.2 +52 -38 src/sys/nfsserver/nfs_serv.c + +- -------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 (FreeBSD) + +iD8DBQFB3HLR/G14VSmup/YRAuOXAJwI4YDlIDgLSkf8gTGSGKV+9CJX0wCgmVik +x/MKtaf+dAelJTDxrUGUfmo= +=ywyb +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-05:02.sk.asc b/share/security/advisories/FreeBSD-EN-05:02.sk.asc new file mode 100644 index 0000000000..d1980aab56 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-05:02.sk.asc @@ -0,0 +1,85 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + + +FreeBSD-EN-05:02.sk Errata Notice + The FreeBSD Project + +Topic: sk(4) driver instability on SMP systems + +Category: core +Module: sys_pci +Announced: 2005-01-06 +Credits: Peter Edwards, John-Mark Gurney, David O'Brien, Bjoern A. Zeeb +Affects: FreeBSD 5.3-RELEASE +Corrected: 2005-01-06 17:54:47 UTC + +I. Background + +The sk(4) network driver provides support for SysKonnect-based Gigabit +Ethernet adapters. + +II. Problem Description + +Several programming errors were discovered in the sk(4) network driver, +including an off-by-one error and a missing lock. + +III. Impact + +FreeBSD symmetric multiprocessing (SMP) systems using the sk(4) network +driver may experience data corruption or system crashes. Symptoms +include panics, page faults, aborted SSH connections, and corrupted file +transfers. + +IV. Solution + +Do one of the following to update the source tree: + + 1) Upgrade your vulnerable system to the RELENG_5_3 errata branch dated + after the correction date using cvsup(1) or cvs(1). This is the + preferred method. + + 2) Obtain the updated files using the cvsweb interface. Cvsweb is a + Web interface to the CVS repository. The URL to the general + interface is "http://www.freebsd.org/cgi/cvsweb.cgi/". You can + obtain any of the source files for the RELENG_5_3 branch by going + to the src directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src") + and then selecting the "RELENG_5_3" branch tag. With the branch + tag set navigate to the files listed below in the "Correction + details" section and download them, making sure you get the correct + revision numbers. Copy the downloaded files into your /usr/src tree. + +If using the second procedure you should make sure you have used that +same procedure to download all previous Errata Notices and Security +Advisories. We strongly discourage this procedure due to the problems +that may be caused by not doing that - using the first procedure takes +care of making sure all updates get applied. + +Then follow the normal procedures for rebuilding/reinstalling the kernel. +Details about rebuilding/reinstalling are available here: + + http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html + +V. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +- -------------------------------------------------------------------------- +RELENG_5_3 + + Revision Changes Path + 1.342.2.13.2.7 +4 -0 src/UPDATING + 1.62.2.15.2.9 +1 -1 src/sys/conf/newvers.sh + 1.83.2.2.2.1 +33 -16 src/sys/pci/if_sk.c + 1.20.2.2.2.1 +1 -0 src/sys/pci/if_skreg.h + +- -------------------------------------------------------------------------- + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 (FreeBSD) + +iD8DBQFB3YWR/G14VSmup/YRAisHAKCZDDsbpJ6QQWtVQaU+lo1N8OKQfACdGOdL +dppEWGvxke7etwmpDK63k98= +=x28D +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-05:03.ipi.asc b/share/security/advisories/FreeBSD-EN-05:03.ipi.asc new file mode 100644 index 0000000000..9dca15a3cb --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-05:03.ipi.asc @@ -0,0 +1,89 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + + +FreeBSD-EN-05:03.ipi Errata Notice + The FreeBSD Project + +Topic: FreeBSD/i386 may panic under heavy load on SMP machines + +Category: core +Module: smp +Announced: 2005-01-16 +Credits: Stephan Uphoff, Xin LI +Affects: FreeBSD 5.3-RELEASE +Corrected: 2005-01-16 08:29:14 UTC + +I. Background + +Inter-processor Interrupt, also known as ``IPI'', is a mechanism on +multiprocessor system (specifically, SMP) to indicate some event that the +other CPUs should be aware of. + +II. Problem Description + +Under FreeBSD 5.3-RELEASE prior to the correction date, when there are +more than two pending IPI vectors per local APIC it is possible to cause +deadlocks. The deadlock will then result in a kernel panic. + +III. Impact + +SMP servers that encounted heavy load, e.g. buildworld with md(4) and -jN, +can easily be crashed. + +IV. Solution + +Do one of the following to update the source tree: + + 1) Upgrade your affected system to the RELENG_5_3 errata branch dated + after the correction date using cvsup(1) or cvs(1). This is the + preferred method. For information on how to use cvsup(1) to update + your source code see: + http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html + + 2) Obtain the updated files using the cvsweb interface. Cvsweb is a + Web interface to the CVS repository. The URL to the general + interface is "http://www.freebsd.org/cgi/cvsweb.cgi/". You can + obtain any of the source files for the RELENG_5_3 branch by going + to the src directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src") + and then selecting the "RELENG_5_3" branch tag. With the branch + tag set navigate to the files listed below in the "Correction + details" section and download them, making sure you get the correct + revision numbers. Copy the downloaded files into your /usr/src tree. + +If using the second procedure you should make sure you have used that +same procedure to download all previous Errata Notices and Security +Advisories. We strongly discourage this procedure due to the problems +that may be caused by not doing that - using the first procedure takes +care of making sure all updates get applied. + +Then follow the normal procedures for rebuilding/reinstalling the kernel. +Details about rebuilding/reinstalling are available here: + + http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html + +V. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +- --------------------------------------------------------------------------- +RELENG_5_3 + + Revision Changes Path + 1.342.2.13.2.8 +4 -0 src/UPDATING + 1.62.2.15.2.10 +1 -1 src/sys/conf/newvers.sh + 1.101.4.1 +2 -50 src/sys/i386/i386/apic_vector.s + 1.235.2.3.2.1 +65 -37 src/sys/i386/i386/mp_machdep.c + 1.8.4.1 +42 -9 src/sys/i386/include/apicvar.h + 1.78.4.1 +2 -5 src/sys/i386/include/smp.h + +- --------------------------------------------------------------------------- + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 (FreeBSD) + +iD8DBQFB6yY3/G14VSmup/YRAtq7AJ4nr1MGKyV1kzEhTRN66L7atWbUUgCdHERt +tYcKMOFWc6i7sjGuJBqZvog= +=k5nm +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-05:04.nfs.asc b/share/security/advisories/FreeBSD-EN-05:04.nfs.asc new file mode 100644 index 0000000000..7245c559bc --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-05:04.nfs.asc @@ -0,0 +1,82 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +FreeBSD-EN-05:04.nfs Errata Notice + The FreeBSD Project + +Topic: NFS Client may panic when encounted errors + +Category: core +Module: nfsclient +Announced: 2005-12-19 +Credits: Mohan Srinivasan, Xin LI +Affects: FreeBSD 6.0-RELEASE +Corrected: 2005-12-19 10:58:58 UTC + +I. Background + +The Network File System (NFS) allows a system to share directories and files +with others over a network. By using this, users and programs can access +files on remote systems almost as if they were local files. + +II. Problem Description + +Due to a locking issue in nfs_lookup() a call to vrele() might be made +while holding the vnode mutex, which results in kernel panic when doing +VFS operations under certain load patterns. + +III. Impact + +NFS clients that encountered the load pattern would crash and reboot. + +IV. Solution + +Do one of the following to update the source tree: + + 1) Upgrade your affected system to the RELENG_6_0 errata branch dated + after the correction date using cvsup(1) or cvs(1). This is the + preferred method. + + 2) Obtain the updated files using the cvsweb interface. Cvsweb is a + Web interface to the CVS repository. The URL to the general + interface is "http://cvsweb.freebsd.org/". You can obtain any of + the source files for the RELENG_6_0 branch by going to the src + directory ("http://cvsweb.freebsd.org/src") and then selecting + the "RELENG_6_0" branch tag. With the branch tag set navigate + to the files listed below in the "Correction details" section and + download them, making sure you get the correct revision numbers. + Copy the downloaded files into your /usr/src tree. + +If using the second procedure you should make sure you have used that +same procedure to download all previous Errata Notices and Security +Advisories. We strongly discourage this procedure due to the problems +that may be caused by not doing that - using the first procedure takes +care of making sure all updates get applied. + +Then follow the normal procedures for rebuilding/reinstalling the kernel. +Details about rebuilding/reinstalling are available here: + + http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html + +V. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +- --------------------------------------------------------------------------- +RELENG_6_0 + + Revision Changes Path + 1.416.2.3.2.6 +5 -0 src/UPDATING + 1.69.2.8.2.2 +1 -1 src/sys/conf/newvers.sh + 1.258.4.1 +1 -1 src/sys/nfsclient/nfs_vnops.c + +- --------------------------------------------------------------------------- + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFDujwhFdaIBMps37IRAiPOAKCC9BmZhzFEBm6/kzKMDpZVXk7X/QCfTmsY +kHH+tM9KBV1Vau80d0G3vk4= +=UvNX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-06:01.jail.asc b/share/security/advisories/FreeBSD-EN-06:01.jail.asc new file mode 100644 index 0000000000..7e2b796d48 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-06:01.jail.asc @@ -0,0 +1,90 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +FreeBSD-EN-06:01.jail Errata Notice + The FreeBSD Project + +Topic: Jail startup scripts may override some global jail_* + variables. + +Category: core +Module: etc_rc.d +Announced: 2006-07-07 +Credits: Florent Thoumie, Pawel Dawidek, Cheng-Lung Sung +Affects: FreeBSD 6.1-RELEASE +Corrected: 2006-07-07 07:25:21 UTC + +I. Background + +System startup scripts, typically in /etc/rc.d, control what happens +as a system boots to multi-user mode. The behavior of those scripts +can be controlled by "global" variables in /etc/rc.conf. + +II. Problem Description + +The names of several internal variables in the jail startup script +conflicted with those of global variables that could be set by +administrators. In addition, some configuration variables are not +properly validated in the jail startup script. + +III. Impact + +Jails may not have started up as the administrator intended. If some +configuration variables required by jail configuration in /etc/rc.conf +are not correctly set jail startup may have been attempted by the script +anyway. + +IV. Solution + +Do one of the following to update the source tree: + + 1) Upgrade your affected system to the RELENG_6_1 errata branch dated + after the correction date using cvsup(1) or cvs(1). This is the + preferred method. For information on how to use cvsup(1) to update + your source code see: + http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html + + 2) Obtain the updated files using the cvsweb interface. Cvsweb is a + Web interface to the CVS repository. The URL to the general + interface is "http://www.freebsd.org/cgi/cvsweb.cgi/". You can + obtain any of the source files for the RELENG_6_1 branch by going + to the src directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src") + and then selecting the "RELENG_6_1" branch tag. With the branch + tag set navigate to the files listed below in the "Correction + details" section and download them, making sure you get the correct + revision numbers. Copy the downloaded files into your /usr/src tree. + +If using the second procedure you should make sure you have used that +same procedure to download all previous Errata Notices and Security +Advisories. We strongly discourage this procedure due to the problems +that may be caused by not doing that - using the first procedure takes +care of making sure all updates get applied. + +Then use mergemaster(8) to install the updated startup script support. Note +that mergemaster(8) will expect to find a normal object file tree having +resulted from doing 'make world' in /usr/src, and will build one if it +does not exist. If you do not have a recent object file tree you may +want to just manually copy the src/etc/rc.d/jail and src/etc/defaults/rc.conf +files into place. + +V. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +- --------------------------------------------------------------------------- +RELENG_6_1 + + Revision Changes Path + 1.416.2.22.2.5 +3 -0 src/UPDATING + 1.23.2.3.2.2 +102 -91 src/etc/rc.d/jail + 1.69.2.11.2.5 +1 -1 src/sys/conf/newvers.sh + +- --------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFErgzzFdaIBMps37IRAh17AJwLueUv5ZzXrbZG8qtL1lwgpPZCCgCfYGxE +2oAorGMRBTbqVx/YhKJX1lA= +=Lmti +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-06:02.net.asc b/share/security/advisories/FreeBSD-EN-06:02.net.asc new file mode 100644 index 0000000000..aaa32196b6 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-06:02.net.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-06:02.net Errata Notice + The FreeBSD Project + +Topic: Networking Issues + +Category: core +Module: sys +Announced: 2006-08-28 +Credits: Robert Watson, JINMEI Tatuya +Affects: FreeBSD 6.1-RELEASE +Corrected: 2006-08-28 07:31:11 UTC (RELENG_6_1, 6.1-RELEASE-p5) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The FreeBSD kernel provides basic networking services, supporting the +IPv4 and IPv6 network protocols. + +II. Problem Description + +Several issues have been discovered in the networking code in the +FreeBSD 6.1 kernel. Specifically: + +1. A pointer was not being checked for validity before being + dereferenced. + +2. Some statistics-keeping code in the UMA memory allocator + erroneously counted certain types of successful memory allocations + as failures. + +3. IPv6 neighbor discovery did not work correctly over point-to-point + links. + +III. Impact + +The impacts of these bugs are varied. + +1. The pointer dereferencing issue could cause a kernel panic. + +2. The memory statistics-keeping error could cause the kernel to + report an incorrect number of memory allocations that failed. + One symptom of this problem is a artificially high count of + "requests for mbufs denied" in the output from "netstat -m". + +3. The IPv6 neighbor discovery bug could cause spurious warnings to + be generated when running IPv6 over point-to-point links. This + problem was particularly noticeable over gif(4) tunnels. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or to the RELENG_6_1 +security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-06:02/net.patch +# fetch http://security.FreeBSD.org/patches/EN-06:02/net.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6_1 + src/UPDATING 1.416.2.22.2.7 + src/sys/conf/newvers.sh 1.69.2.11.2.7 + src/sys/netinet/ip_output.c 1.242.2.8.2.1 + src/sys/netinet6/in6.c 1.51.2.8.2.1 + src/sys/netinet6/nd6.c 1.48.2.12.2.1 + src/sys/vm/uma_core.c 1.119.2.15.2.1 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-06:02.net.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFE8pwjFdaIBMps37IRAtQkAKCd89w0feF8PI4RM5cD90WQX/fPOgCfb/OH +wecGoGYP8sZw8vTx0i5HqQQ= +=Qj8N +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-07:01.nfs.asc b/share/security/advisories/FreeBSD-EN-07:01.nfs.asc new file mode 100644 index 0000000000..19ee34bfa4 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-07:01.nfs.asc @@ -0,0 +1,119 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-07:01.nfs Errata Notice + The FreeBSD Project + +Topic: NFS server reliability issues + +Category: core +Module: sys_nfsserver +Announced: 2007-02-14 +Credits: Kostik Belousov, + Pawel Jakub Dawidek, + Padma Bhooma, + Hiroki Sato +Affects: All FreeBSD 6.x releases prior to 6.2-RELEASE +Corrected: 2007-01-07 13:20:24 UTC (RELENG_6, 6.2-STABLE) + 2007-02-14 22:30:33 UTC (RELENG_6_1, 6.1-RELEASE-p14) + 2007-02-14 22:29:57 UTC (RELENG_6_0, 6.0-RELEASE-p18) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The Network File System (NFS) allows a host to export some or all of +its file systems so that other hosts can access them over the network +and mount them as if they were on local disks. NFS is built on top of +the Sun Remote Procedure Call (RPC) framework. FreeBSD includes +server and client implementations of NFS. + +II. Problem Description + +The NFS server subsystem had the following three problems: + + - Inconsistent locking that leads to performance degradation and can + cause a system panic during certain operations to manipulate symbolic + links. + + - A memory leak in pathname lookup operation. + + - A bug that prevents a symbolic link with a particular pathname from + being created. + +III. Impact + +Under some circumstances, the NFS server subsystem can cause a system +panic due to bugs in the FreeBSD kernel. This can be serious and could +lead to a denial of service especially in an NFS server configuration +where the server shares home directories amongst many clients. +This is because several particular operations from a client can trigger +the panic without special privilege on either the server and the client. + +IV. Solution + +Perform one of the following: + +1) Upgrade your affected system to 6-STABLE, or to the RELENG_6_1 or +RELENG_6_0 errata branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.0 and +6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.0] +# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs60.patch +# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs60.patch.asc + +[FreeBSD 6.1] +# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs61.patch +# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs61.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +V. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6_1 + src/UPDATING 1.416.2.22.2.16 + src/sys/conf/newvers.sh 1.69.2.11.2.16 + src/sys/nfsserver/nfs_serv.c 1.156.2.2.2.1 + src/sys/nfsserver/nfs_srvsubs.c 1.136.2.2.2.1 + src/sys/nfsserver/nfsm_subs.h 1.37.6.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.23 + src/sys/conf/newvers.sh 1.69.2.8.2.19 + src/sys/nfsserver/nfs_serv.c 1.156.4.1 + src/sys/nfsserver/nfs_srvsubs.c 1.136.4.1 + src/sys/nfsserver/nfsm_subs.h 1.37.4.1 +- ------------------------------------------------------------------------- + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-07:01.nfs.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQFF047GFdaIBMps37IRAlDuAJ9sjXfjvIl+F9/sqZSXksUeagRIAwCePXsA +cb9f5GWVCblMm/Y90CUjYTE= +=g+wq +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-07:02.net.asc b/share/security/advisories/FreeBSD-EN-07:02.net.asc new file mode 100644 index 0000000000..61421e7e10 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-07:02.net.asc @@ -0,0 +1,110 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-07:02.net Errata Notice + The FreeBSD Project + +Topic: IPv6 over Point-to-Point gif(4) tunnels + +Category: core +Module: sys_netinet6 +Announced: 2007-02-28 +Credits: Bruce A. Mah +Affects: FreeBSD 6.2-RELEASE +Corrected: 2007-02-08 22:52:56 UTC (RELENG_6, 6.2-STABLE) + 2007-02-28 18:24:37 UTC (RELENG_6_2, 6.2-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The FreeBSD kernel provides basic networking services, including +(among other protocols) the IPv6 network protocol stack. + +The gif(4) tunnel driver provides a generic tunnelling interface, +which is commonly used to carry IPv6 packets across an IPv4 internetwork. + +II. Problem Description + +FreeBSD 6.2-RELEASE contains a regression in the behavior of IPv6 +over gif(4) tunnels configured as point-to-point interfaces (in +other words, gif(4) interfaces with an explicitly-configured destination +address and a 128-bit prefix length). When such an interface is +configured, a route to the destination address must be added implicitly +by the kernel to allow packets to traverse the tunnel properly. +FreeBSD 6.2-RELEASE does not do this. + +III. Impact + +In some cases, it may be impossible for a host to send IPv6 traffic over a +gif(4) tunnel interface due to the lack of an appropriate routing table +entry. + +IV. Workaround + +One workaround is to add a route to the destination address explicitly +using the route(8) command, as in the following example: + +# route add -host -inet6 ADDRESS -interface GIF -nostatic -llinfo + +In the command line above, ADDRESS and GIF should be replaced by the +destination IPv6 address and the interface name of the gif(4) tunnel, +respectively. + +In some cases, the host route to the destination may be added implicitly +as a side-effect of receiving inbound packets over the tunnel. + +V. Solution + +Perform one of the following: + +1) Upgrade your affected system to 6-STABLE or to the RELENG_6_2 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.2 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-07:02/net.patch +# fetch http://security.FreeBSD.org/patches/EN-07:02/net.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ---------------------------------------------------------------------------- +RELENG_6_2 + src/UPDATING 1.416.2.29.2.5 + src/sys/conf/newvers.sh 1.69.2.13.2.5 + src/sys/netinet6/nd6.c 1.48.2.15.2.1 +- ---------------------------------------------------------------------------- + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-07:02.net.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQFF5ct4FdaIBMps37IRAjN0AJ9llRTF/ccXBJDRqJeFDocSkIF5lQCdF2ww +y+4KLUVBRVLLQz0AJuKygfc= +=x04b +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-07:03.rc.d_jail.asc b/share/security/advisories/FreeBSD-EN-07:03.rc.d_jail.asc new file mode 100644 index 0000000000..1237cb15b2 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-07:03.rc.d_jail.asc @@ -0,0 +1,104 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-07:03.rc.d_jail Errata Notice + The FreeBSD Project + +Topic: rc.d jail script interface IP alias removal + +Category: core +Module: etc_rc.d +Announced: 2007-02-28 +Credits: Philipp Wuensche +Affects: FreeBSD 6.2-RELEASE. +Corrected: 2007-01-02 11:14:07 UTC (RELENG_6, 6.2-STABLE) + 2007-02-28 18:24:37 UTC (RELENG_6_2, 6.2-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The jail(2) system call allows a system administrator to lock a process +and all of its descendants inside an environment with a very limited +ability to affect the system outside that environment, even for +processes with superuser privileges. It is an extension of, but +far more powerful than, the traditional UNIX chroot(2) system call. + +The host's jail rc.d(8) script can be used to start and stop jails +automatically on system boot/shutdown. The jail_interface rc.conf(5) +variable can be used to automatically add and remove an IP address on +a specific network interface when a jail starts and stops. + +II. Problem Description + +A cleanup of the rc.d jail script did not rename the variables used by +the jail_interface feature when removing the IP address in the case +where the jail startup fails. This may result in ifconfig(8) being +run with incorrect arguments. + +III. Impact + +Since the wrong variable is used, in some cases, ifconfig(8) will +remove an arbitrary IP address instead of the IP address of the jail +if startup of a jail fails. It may be possible for a user with root +access in a jail to provoke this situation by intentionally making +jail startup fail. + +IV. Workaround + +Do not use the jail_interface feature; instead, manually configure IP +addresses for the jails. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or to the RELENG_6_2 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.2 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-07:03/rc.d_jail.patch +# fetch http://security.FreeBSD.org/patches/EN-07:03/rc.d_jail.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# install -o root -g wheel -m 555 etc/rc.d/jail /etc/rc.d + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/etc/rc.d/jail 1.23.2.8 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.5 + src/sys/conf/newvers.sh 1.69.2.13.2.5 + src/etc/rc.d/jail 1.23.2.7.2.2 +- ------------------------------------------------------------------------- + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-07:03.rc.d_jail.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQFF5ct8FdaIBMps37IRAu3qAKCHNEFb/kqTVyFSllHyG6YOg+qccACfbmfI +CiEeWDDU73GVG+T15VeGH2Q= +=EQyo +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-07:04.zoneinfo.asc b/share/security/advisories/FreeBSD-EN-07:04.zoneinfo.asc new file mode 100644 index 0000000000..1c6da081b1 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-07:04.zoneinfo.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-07:04.zoneinfo Errata Notice + The FreeBSD Project + +Topic: Zoneinfo file update + +Category: core +Module: share_zoneinfo +Announced: 2007-02-28 +Affects: FreeBSD 6.1-RELEASE +Corrected: 2007-02-28 18:23:09 UTC (RELENG_6_1, 6.1-RELEASE-p15) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The tzsetup(8) program allows the user to specify the default local +timezone. Based on the user's choice, tzsetup(8) copies one of the +files from /usr/share/zoneinfo to /etc/localtime. This file actually +controls the conversion. + +II. Problem Description + +In 2005 several governments, among them the United States of America and +Canada, decided to change when Daylight Savings Time begins and ends. +The change takes effect in 2007. Because of that change the data in +the zoneinfo files needs to be updated, and if the computer's local +time zone is affected tzsetup(8) needs to be run so /etc/localtime +gets updated. + +FreeBSD 6.1-RELEASE shipped with the correct zoneinfo files for the United +States time zones affected by the change made in 2005, but the zoneinfo +files for several other countries (e.g. Canada) do not contain current +information. + +III. Impact + +If the /usr/share/zoneinfo files as well as /etc/localtime are not updated +on a computer that has its time zone set to one of the regions affected by +the change made in 2005 it will display the wrong time between March 15th +and April 1st, then again between October 28th and November 4th. All things +on that computer that rely on the system time (e.g. cron jobs, timestamps +entered in log files, etc) will be affected. + +IV. Workaround + +At least in theory the system time could be manually adjusted by an hour +on the affected dates. However the system will still incorrectly say whether +or not Daylight Savings Time is in effect (e.g. it will still say the +time is "EST" instead of "EDT" for the Eastern US). Doing this is NOT +recommended because the kernel stores timestamp information in the +filesystem and other places using its internal representation of time +(based on UTC). + +Since the following is such a frequently asked question we will mention +the answer here. Using an NTP server as the source of your system's +time will NOT automatically take care of the change in Daylight Savings +Time. This patch should still be applied if you are in a region that +is affected. + +V. Solution + +Following the instructions in this Errata Notice will update all of +the zoneinfo files to be the same as what was released with FreeBSD +6.2-RELEASE. + +Perform one of the following: + +1) Upgrade your affected system to 6-STABLE or to the RELENG_6_1 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.1 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-07:04/zoneinfo.patch +# fetch http://security.FreeBSD.org/patches/EN-07:04/zoneinfo.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/share/misc +# make obj && make depend && make && make install +# cd /usr/src/share/zoneinfo +# make obj && make depend && make && make install +# tzsetup + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6_1 + src/UPDATING 1.416.2.22.2.17 + src/sys/conf/newvers.sh 1.69.2.11.2.17 + src/share/misc/iso3166 1.13.12.1 + src/share/zoneinfo/Makefile 1.20.6.1 + src/share/zoneinfo/africa 1.14.14.2.2.1 + src/share/zoneinfo/antarctica 1.1.2.10.12.2.2.1 + src/share/zoneinfo/asia 1.25.2.2.2.1 + src/share/zoneinfo/australasia 1.25.10.2.2.1 + src/share/zoneinfo/backward 1.1.2.11.2.2.2.1 + src/share/zoneinfo/etcetera 1.1.2.5.14.1.2.1 + src/share/zoneinfo/europe 1.29.2.2.2.1 + src/share/zoneinfo/factory 1.5.38.1 + src/share/zoneinfo/leapseconds 1.13.2.1.2.1 + src/share/zoneinfo/northamerica 1.25.2.2.2.1 + src/share/zoneinfo/southamerica 1.24.2.2.2.1 + src/share/zoneinfo/systemv 1.1.2.2.14.1.2.1 + src/share/zoneinfo/yearistype.sh 1.1.2.5.14.1.2.1 + src/share/zoneinfo/zone.tab 1.17.2.1.2.1 +- ------------------------------------------------------------------------- + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-07:04.zoneinfo.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQFF5ct/FdaIBMps37IRAiXgAJ4ldnfI9FL27J9n4/nHM9D0K1Qf6gCghXiL +9VMtdP/Us5QtJ7n4psLVIlg= +=AiEF +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-07:05.freebsd-update.asc b/share/security/advisories/FreeBSD-EN-07:05.freebsd-update.asc new file mode 100644 index 0000000000..f613a1a6ae --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-07:05.freebsd-update.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-07:05.freebsd-update Errata Notice + The FreeBSD Project + +Topic: FreeBSD Update problems updating SMP kernels + +Category: core +Module: usr.sbin +Announced: 2007-03-15 +Affects: FreeBSD 6.2 +Corrected: 2007-03-08 05:43:12 UTC (RELENG_6, 6.2-STABLE) + 2007-03-15 08:06:11 UTC (RELENG_6_2, 6.2-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +FreeBSD Update is a system for building, distributing, and installing +binary security and errata updates to the FreeBSD base system. Starting +with FreeBSD 6.2-RELEASE, the FreeBSD Update client software, +freebsd-update(8), has been included in the FreeBSD base system. + +II. Problem Description + +Due to a programming error in the FreeBSD Update client, kernels built +from the default SMP kernel configuration (including those distributed +as part of the release) are not correctly identified as such. On the +i386 platform, they are not recognized; on the amd64 platform, they are +mis-identified as GENERIC kernels. + +III. Impact + +On the i386 platform, if a system is running a kernel built from the +default SMP kernel configuration, and this kernel is installed somewhere +other than /boot/SMP/kernel, the FreeBSD Update client will not download +and install updates for it. + +On the amd64 platform, if a system is running a kernel built from the +default SMP kernel configuration, and this kernel is installed somewhere +other than /boot/SMP/kernel, the FreeBSD Update client will replace it +with a kernel built from the GENERIC (single-processor) kernel +configuration. + +IV. Workaround + +As described in Security Advisories and Errata Notices, it is possible to +update FreeBSD systems by applying source code patches and rebuilding the +affected components. + +Note that systems which are not running SMP kernels are not affected. + +Note also that this problem applies only to FreeBSD 6.2 systems using the +FreeBSD Update client distributed as part of the FreeBSD base system. +The FreeBSD Update client distributed as security/freebsd-update in the +FreeBSD Ports Collection is not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your affected system to 6-STABLE or to the RELENG_6_2 errata +branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-07:05/freebsd-update.patch +# fetch http://security.FreeBSD.org/patches/EN-07:05/freebsd-update.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/freebsd-update/ +# make obj && make && make install + +V.1. IMPORTANT NOTES to users of FreeBSD Update: + +a) i386 systems: + +It is possible that past kernel updates have not been downloaded and +installed by FreeBSD Update. To ensure that all available updates have +been installed, run FreeBSD Update twice; first to download and install +an updated FreeBSD Update client, and second to download and install any +updates which were missed earlier. + +b) amd64 systems: + +It is possible that systems which were initially installed with an SMP +kernel have been "updated" by replacing the kernel with a GENERIC kernel. +To see which kernel is running, run +# sysctl kern.smp.maxcpus +which will report either 1 (GENERIC kernel) or 16 (SMP kernel). (Note +that `uname -i`, the standard mechanism for determining a kernel ident, +returns "GENERIC" on both amd64 GENERIC and SMP kernels.) + +If FreeBSD Update has replaced an SMP kernel by a GENERIC kernel, +repeatedly run +# freebsd-update rollback +and reboot until the system is running an SMP kernel. + +Once you have verified that the system is running the correct kernel, run +FreeBSD Update twice *without rebooting*. The first time FreeBSD Update +is run it might replace an SMP kernel with a GENERIC kernel; but on the +second run (after an updated FreeBSD Update client is installed, and as +long as the system has not been rebooted into the wrong kernel) it will +download the correct kernel. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.4 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.6 + src/sys/conf/newvers.sh 1.69.2.13.2.6 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.2.2.2 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-07:05.freebsd-update.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQFF+pUJFdaIBMps37IRAo+tAKCTwLNoR2C+ACCfQ8LNm7UKJ/K2egCgh2aS +GPNjhwdxwSbjhzNPs4aidwo= +=K+Fo +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-08:01.libpthread.asc b/share/security/advisories/FreeBSD-EN-08:01.libpthread.asc new file mode 100644 index 0000000000..3080efa90d --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-08:01.libpthread.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-08:01.libpthread Errata Notice + The FreeBSD Project + +Topic: Problems with fork(2) within threaded programs + +Category: core +Module: libpthread +Announced: 2008-04-17 +Credits: Julian Elischer, Dan Eischen +Affects: FreeBSD 6.3 +Corrected: 2008-02-04 20:05:20 UTC (RELENG_6, 6.3-STABLE) + 2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +POSIX threads are a set of functions that support applications with +requirements for multiple flows of control, called threads, within a +process. The fork(2) system call is used to create a new process. + +II. Problem Description + +The libpthread threading library on FreeBSD 6.3 fails to properly +reinitialize mutexes when a threaded process invokes fork(2). + +III. Impact + +After the fork(2) system returns, the newly created child process may +freeze in user space for no apparent reason. This affects any threaded +application that invokes fork(2), most frequently those that call +fork(2) before execve(2) or system(3) to run external programs. + +IV. Workaround + +On some systems, using libthr instead of libpthread, via the libmap +configuration file libmap.conf(5), may be an acceptable workaround. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE or the RELENG_6_3 +security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 6.3 systems: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-08:01/libpthread.patch +# fetch http://security.FreeBSD.org/patches/EN-08:01/libpthread.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libpthread +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/lib/libpthread/sys/lock.c 1.9.2.2 + src/lib/libpthread/thread/thr_kern.c 1.116.2.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.6 + src/sys/conf/newvers.sh 1.69.2.15.2.5 + src/lib/libpthread/sys/lock.c 1.9.2.1.8.1 + src/lib/libpthread/thread/thr_kern.c 1.116.2.1.6.1 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-08:01.libpthread.asc + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFIBpWeFdaIBMps37IRAg2wAJ9jwXi2ZTaYXBdsU6CzS8dCzsQ5cwCcD2Fu +NCao693yWJo1bJrCrrbG8Ww= +=7mo1 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-08:02.tcp.asc b/share/security/advisories/FreeBSD-EN-08:02.tcp.asc new file mode 100644 index 0000000000..77764d2d56 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-08:02.tcp.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-08:02.tcp Errata Notice + The FreeBSD Project + +Topic: TCP options padding + +Category: core +Module: sys_netinet +Announced: 2008-06-19 +Credits: Bjoern A. Zeeb, Mike Silbersack, Andre Oppermann +Affects: 7.0-RELEASE +Corrected: 2008-05-05 20:59:36 UTC (RELENG_7, 7.0-STABLE) + 2008-06-19 06:36:10 UTC (RELENG_7_0, 7.0-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The Transmission Control Protocol (TCP) of the TCP/IP protocol suite +provides a connection-oriented, reliable, sequence-preserving data +stream service. TCP packets can contain "TCP options" which allow for +enhancements to basic TCP functionality; depending on the length of +these options, it may be necessary for padding to be added. + +II. Problem Description + +Under certain conditions, TCP options are not correctly padded. + +III. Impact + +A small number of firewalls have been reported to block incorrectly +padded TCP SYN and SYN/ACK packets generated by FreeBSD 7.0, with the +result that an attempt to open a TCP connection to or from an affected +host across such a firewall will fail. + +IV. Workaround + +Disabling RFC 1323 extensions and selective acknowledgments will +eliminate the need for TCP option padding and restore interoperability. +Note that disabling these features may cause a reduction in performance +on high latency networks and networks that experience frequent packet +loss. + +To disable these features, add the following lines to /etc/sysctl.conf: + +net.inet.tcp.rfc1323=0 +net.inet.tcp.sack.enable=0 + +And then run "/etc/rc.d/sysctl restart" to make the change effective. + +V. Solution + +Perform one of the following: + +1) Upgrade your affected system to 7-STABLE, or the RELENG_7_0 security +branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 7.0 systems: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-08:02/tcp.patch +# fetch http://security.FreeBSD.org/patches/EN-08:02/tcp.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/netinet/tcp.h 1.40.2.1 + src/sys/netinet/tcp_output.c 1.141.2.6 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.6 + src/sys/conf/newvers.sh 1.72.2.5.2.6 + src/sys/netinet/tcp.h 1.40.4.1 + src/sys/netinet/tcp_output.c 1.141.2.3.2.1 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-08:02.tcp.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkhaAaQACgkQFdaIBMps37KmwgCfdC7qerBUDdmxPLe6yKZEwb7/ +TqwAoJGFuowGOY/oeEQr6/AQZm3zgRY3 +=UlPD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-09:01.kenv.asc b/share/security/advisories/FreeBSD-EN-09:01.kenv.asc new file mode 100644 index 0000000000..99fb0f36bb --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-09:01.kenv.asc @@ -0,0 +1,113 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-09:01.kenv Errata Notice + The FreeBSD Project + +Topic: Kernel panic when dumping environment + +Category: core +Module: kern +Announced: 2009-03-23 +Affects: FreeBSD 7.x +Corrected: 2009-03-23 00:00:50 UTC (RELENG_7, 7.2-PRERELEASE) + 2009-03-23 00:00:50 UTC (RELENG_7_1, 7.1-RELEASE-p4) + 2009-03-23 00:00:50 UTC (RELENG_7_0, 7.0-RELEASE-p11) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The kenv(2) system call allows userland processes to get, set, and unset +kernel environment variables, as well as to dump all of the entries in +the kernel environment. + +II. Problem Description + +When dumping all of the entries in the kernel environment, the kernel +does not adequately bounds-check the size of the buffer into which the +environment should be written. + +III. Impact + +An unprivileged process can cause the FreeBSD kernel to attempt to +allocate a very large amount of memory, thereby causing the FreeBSD +kernel to panic. + +IV. Workaround + +No workaround is available, but systems without untrusted local users +are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1 +or RELENG_7_0 security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 7.0 and 7.1 +systems. + +a) Download the patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-09:01/kenv.patch +# fetch http://security.FreeBSD.org/patches/EN-09:01/kenv.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/kern/kern_environment.c 1.47.2.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.7 + src/sys/conf/newvers.sh 1.72.2.9.2.8 + src/sys/kern/kern_environment.c 1.47.6.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.15 + src/sys/conf/newvers.sh 1.72.2.5.2.15 + src/sys/kern/kern_environment.c 1.47.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r190301 +releng/7.1/ r190301 +releng/7.0/ r190301 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-09:01.kenv.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEUEARECAAYFAknG0gwACgkQFdaIBMps37ILlwCfcbVKW5FlPK+GtATY34wfkDWr +5tAAmMteIrkXAeBgp3QNI6pFiHzgunE= +=wJeF +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-09:02.bce.asc b/share/security/advisories/FreeBSD-EN-09:02.bce.asc new file mode 100644 index 0000000000..681076050c --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-09:02.bce.asc @@ -0,0 +1,113 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-09:02.bce Errata Notice + The FreeBSD Project + +Topic: bce(4) does not work with lagg(4) LACP mode + +Category: core +Module: sys/dev +Announced: 2009-06-24 +Credits: Pete French + David Christensen +Affects: FreeBSD 7.2 +Corrected: 2009-05-20 21:13:49 (RELENG_7, 7.2-STABLE) + 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +bce(4) is a network device driver for Broadcom NetXtreme II +(BCM5706/5708/5709/5716) PCI/PCIe Gigabit Ethernet adapters. The +lagg(4) driver is a pseudo network interface driver which allows +aggregation of multiple network interfaces as one virtual interface +for the purpose of providing fault-tolerance and high-speed links. + +II. Problem Description + +The bce(4) driver used an incorrect total packet length calculation. This +bug was accidentally added just after 7.1-RELEASE. + +III. Impact + +When adding a bce(4) interface on the system as a lagg(4) member with +the LACP aggregation protocol enabled network communication via the +bce(4) interface stops completely. Although the bce(4) interface +works if it is not a lagg(4) member, the incoming traffic statistics +which can be found in netstat(1) output will be incorrect because +every packet is recognized as full-sized one. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 + security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.2 system. + +a) Download the relevant patch from the location below, and verify the + detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch +# fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot + the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/dev/bce/if_bce.c 1.34.2.8 + src/sys/dev/bce/if_bcereg.c 1.16.2.3 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.5 + src/sys/conf/newvers.sh 1.72.2.11.2.6 + src/sys/dev/bce/if_bce.c 1.34.2.7.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r192477 +releng/7.2/ r194808 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-09:02.bce.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkpBu9cACgkQFdaIBMps37IyrgCeKorJrpSXubynKzNJ2ld4j1K3 +RqoAnAjhR8Fld9c8gJUIP/BuQ0wx2atT +=oSkz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-09:03.fxp.asc b/share/security/advisories/FreeBSD-EN-09:03.fxp.asc new file mode 100644 index 0000000000..4954df4d93 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-09:03.fxp.asc @@ -0,0 +1,117 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-09:03.fxp Errata Notice + The FreeBSD Project + +Topic: Poor TCP performance of fxp(4) + +Category: core +Module: sys/dev +Announced: 2009-06-24 +Credits: Bjoern Koenig + Pyun YongHyeon +Affects: FreeBSD 7.2 +Corrected: 2009-05-07 01:14:59 (RELENG_7, 7.2-STABLE) + 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +fxp(4) is a network device driver which provides support for Ethernet +adapters based on the Intel i82557, i82558, i82559, i82550, and i82562 +chips. It supports TCP segmentation offload (TSO) for IPv4 on i82550 +and i82551. + +II. Problem Description + +When a TSO option is enabled, fxp(4) always sets the length of outgoing IP +packets as the interface MTU (Maximum Transmission Unit). This could +could cause the packet to be lost when the TCP receiver advertises a smaller +MSS (Maximum Segment Size) than the interface MTU on the sender side. + +III. Impact + +TCP connections via fxp(4) can cause significantly poor performance +when the TSO option is enabled due to packet loss. Note that the loss +depends on the receiver side's MSS. + +IV. Workaround + +Disable TSO of fxp(4) interfaces on your system. There are two ways +to do this: + + (disable TSO of a specific interface; "fxp0" in the below example) + # ifconfig fxp0 -tso + + (disable TSO of all interfaces on the system) + # sysctl net.inet.tcp.tso=0 + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 + security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.2 system. + +a) Download the relevant patch from the location below, and verify the + detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch +# fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot + the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/dev/fxp/if_fxp.c 1.266.2.15 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.5 + src/sys/conf/newvers.sh 1.72.2.11.2.6 + src/sys/dev/fxp/if_fxp.c 1.266.2.14.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r191867 +releng/7.2/ r194808 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-09:03.fxp.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkpB3kwACgkQFdaIBMps37IjxwCgkw+SiBKPWl/VV5dudLRZEi/2 +upMAn2CNg1EOpeM4FCuS+C5KaXwIehh2 +=sX1l +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-09:04.fork.asc b/share/security/advisories/FreeBSD-EN-09:04.fork.asc new file mode 100644 index 0000000000..04ce18c0c7 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-09:04.fork.asc @@ -0,0 +1,109 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-09:04.fork Errata Notice + The FreeBSD Project + +Topic: Deadlock in a multi-threaded program during fork(2) + +Category: core +Module: libc +Announced: 2009-06-24 +Credits: Konstantin Belousov , + Max Brazhnikov +Affects: FreeBSD 7.2 +Corrected: 2009-05-03 17:51:38 (RELENG_7, 7.2-STABLE) + 2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +fork(2) is a system call which causes creation of a new process. +FreeBSD supports invoking the malloc(3) function during the fork(2) in +a process running in threaded mode which involves locking of the memory +allocator. + +II. Problem Description + +A lock order reversal has been found in the interaction between the +malloc(3) implementation and threading library. When a multi-threaded +process calls the fork(2) system call in a thread and the malloc(3) +function in another thread it can cause a deadlock in the child +process. + +III. Impact + +A multi-threaded program that calls fork(2) in a thread and malloc(3) +in another thread can make the child process stop unintentionally. +There is no direct impact on the other processes or the kernel. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2 + security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.2 system. + +a) Download the relevant patch from the location below, and verify the + detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch +# fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libc +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/lib/libc/stdlib/malloc.c 1.147.2.7 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.5 + src/sys/conf/newvers.sh 1.72.2.11.2.6 + src/lib/libc/stdlib/malloc.c 1.147.2.6.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r191767 +releng/7.2/ r194808 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-09:04.fork.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkpBvBsACgkQFdaIBMps37LnLQCeNw8Es9R9X8QySoZni2JQ9Kma +N+8An3Ff/bB4l3dvgfAa0rAA+TjbfQBV +=8YtE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-09:05.null.asc b/share/security/advisories/FreeBSD-EN-09:05.null.asc new file mode 100644 index 0000000000..c2c388e988 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-09:05.null.asc @@ -0,0 +1,185 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-09:05.null Errata Notice + The FreeBSD Project + +Topic: No zero mapping feature + +Category: core +Module: kern +Announced: 2009-10-02 +Credits: John Baldwin, Konstantin Belousov, Alan Cox, and Bjoern Zeeb +Affects: All supported versions of FreeBSD. +Corrected: 2009-10-02 18:09:56 UTC (RELENG_8, 8.0-RC2) + 2009-10-02 18:09:56 UTC (RELENG_7, 7.2-STABLE) + 2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4) + 2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8) + 2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE) + 2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7) + 2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +In the C programming language, address 0 (NULL) is used to represent +unallocated memory. NULL pointer dereferences are a common class of C +programming bug in which pointers are not properly checked for NULL +before being used. Dereferencing a NULL pointer normally terminates +execution, via a segmentation fault for user processes, or a page +fault panic in the kernel. + +II. Problem Description + +On most architectures, the FreeBSD kernel splits the process virtual +memory address space into two portions: user and kernel. This +improves system call performance by avoiding a full address space +switch when a process enters the kernel, and improves performance for +kernel access to user memory. + +However, in this design, address 0 is part of the user-controlled +portion of the virtual address space. If the kernel dereferences a +NULL pointer due to a kernel bug, a malicious process that has mapped +code or data at address 0 may be able to manipulate kernel behavior. +For example, if a malicious user process maps code at address 0 and +then triggers a kernel bug in which a NULL function pointer is +invoked, the kernel may execute that code with kernel privilege rather +than panicking. + +III. Impact + +This errata patch introduces a mitigation feature in which user +mapping at address 0 is disallowed, limiting the attacker's ability to +convert a kernel NULL pointer dereference into a privilege escalation +attack. + +The feature is disabled by default in FreeBSD 7 and lower, and must be +enabled by setting the sysctl(8) variable security.bsd.map_at_zero to +0. In FreeBSD 8 and later feature is enabled by default. + +While extremely rare, certain applications may rely on mapping memory +at address 0. Careful testing is advised when enabling this feature +when using virtual machines, emulation technologies, and older a.out +format binaries. + +Changing the mentioned sysctl(8) variable only affects processes +started after the sysctl(8) variable was set. Processes started +before the sysctl(8) variable was changed will continue to run with +the setting of the sysctl(8) variable which existed when the processes +was started. + +Consequently, to ensure that the sysctl(8) variable affects all +processes, a reboot is required with the sysctl(8) variable configured +as mentioned below. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your system to 6-STABLE, 7-STABLE, or 8-RC, or to the +RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +Enable feature as mentioned below. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, and 7.2 systems. + +a) Download the relevant patch from the location below, and verify the + detached PGP signature using your PGP utility. + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/EN-09:05/null.patch +# fetch http://security.FreeBSD.org/patches/EN-09:05/null.patch.asc + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/EN-09:05/null6.patch +# fetch http://security.FreeBSD.org/patches/EN-09:05/null6.patch.asc + +NOTE WELL: The patch for FreeBSD 7.x can be used on FreeBSD 8, but +does not enable the feature by default! + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +To actually enable the feature in FreeBSD 6.x and 7.x, add the +following to either /boot/loader.conf or /etc/sysctl.conf: + + security.bsd.map_at_zero="0" + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/kern/kern_exec.c 1.275.2.9 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.11 + src/sys/conf/newvers.sh 1.69.2.18.2.13 + src/sys/kern/kern_exec.c 1.275.2.8.4.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.18 + src/sys/conf/newvers.sh 1.69.2.15.2.17 + src/sys/kern/kern_exec.c 1.275.2.8.2.1 +RELENG_7 + src/sys/kern/kern_exec.c 1.308.2.11 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.7 + src/sys/conf/newvers.sh 1.72.2.11.2.8 + src/sys/kern/kern_exec.c 1.308.2.8.2.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.11 + src/sys/conf/newvers.sh 1.72.2.9.2.12 + src/sys/kern/kern_exec.c 1.308.2.6.2.2 +RELENG_8 + src/sys/kern/kern_exec.c 1.337.2.3 + src/sys/kern/init_main.c 1.303.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r197715 +releng/6.4/ r197715 +releng/6.3/ r197715 +stable/7/ r197715 +releng/7.2/ r197715 +releng/7.1/ r197715 +stable/8/ r197714 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-09:05.null.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iD8DBQFKxltpFdaIBMps37IRAoniAJ9ENWQ431doaje7gXrAfAov5l0FKwCdFRxh +rTmlD1oew/hZTMBuFKM/LSI= +=+ZZf +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-10:01.freebsd.asc b/share/security/advisories/FreeBSD-EN-10:01.freebsd.asc new file mode 100644 index 0000000000..66aaaf985b --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-10:01.freebsd.asc @@ -0,0 +1,156 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-10:01.freebsd Errata Notice + The FreeBSD Project + +Topic: Various FreeBSD 8.0-RELEASE improvements + +Category: core +Module: kern +Announced: 2010-01-06 +Affects: FreeBSD 8.0-RELEASE. +Corrected: 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +Since FreeBSD 8.0 was released, several stability and performance problems +have been identified. This Errata Notice describes several fixes judged to +be of particular importance, but low risk, to users with specific workloads +or using specific features that trigger these problems. + +Areas where problems are addressed include NFS, ZFS, Multicast networking, +SCTP as well as the rename(2) syscall. + +II. Description + +* Slow NFS client reconnects when using TCP + +Under certain circumstances the NFS client can queue requests even though +the remote server has initiated a connection shutdown. +The deferred notice of the shutdown can cause slow reconnects against +an NFS server that drops inactive connections. + +* Possible panics in ZFS + +Due to inadequate checks, attempts to modify a file on a read-only ZFS +snapshot will lead to a 'dirtying snapshot' kernel panic. + +The system will also panic if ZFS is combined with a MAC policy supporting +file system labeling (e.g., mac_biba(4) or mac_mls(4)). + +* Multicast regression and panic + +Multicast filtering may not pass incoming IGMP messages if the group +has not been joined. User space routing daemons will therefore not see +all IGMP control traffic. + +Further, the system will panic under certain circumstances in the IPv4 +multicast forwarding path. + +* Panic when invalid SCTP message received during connection shutdown + +Receiving a specially crafted SCTP shutdown message with an invalid +Transmission Sequence Number may cause the system to panic if there +has been a valid association. + +* Panic caused by rename(2) + +If a path argument to the rename(2) syscall ends in '/.', insufficient +checking will cause the system to panic. + +III. Solution + +Perform one of the following: + +1) Upgrade your system to 8-STABLE, or to the RELENG_8_0 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 8.0 systems. + +a) Download the relevant patch from the location below, and verify the + detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-10:01/nfsreconnect.patch +# fetch http://security.FreeBSD.org/patches/EN-10:01/nfsreconnect.patch.asc + +# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsvaccess.patch +# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsvaccess.patch.asc + +# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsmac.patch +# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsmac.patch.asc + +# fetch http://security.FreeBSD.org/patches/EN-10:01/multicast.patch +# fetch http://security.FreeBSD.org/patches/EN-10:01/multicast.patch.asc + +# fetch http://security.FreeBSD.org/patches/EN-10:01/mcinit.patch +# fetch http://security.FreeBSD.org/patches/EN-10:01/mcinit.patch.asc + +# fetch http://security.FreeBSD.org/patches/EN-10:01/sctp.patch +# fetch http://security.FreeBSD.org/patches/EN-10:01/sctp.patch.asc + +# fetch http://security.FreeBSD.org/patches/EN-10:01/rename.patch +# fetch http://security.FreeBSD.org/patches/EN-10:01/rename.patch.asc + +b) Apply the patches. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +IV. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- - ------------------------------------------------------------------------- +RELENG_8_0 + src/UPDATING 1.632.2.7.2.5 + src/sys/conf/newvers.sh 1.83.2.6.2.5 + src/sys/netinet/ip_mroute.c 1.155.2.1.2.2 + src/sys/netinet/raw_ip.c 1.220.2.2.2.2 + src/sys/netinet6/raw_ip6.c 1.111.2.1.2.2 + src/sys/rpc/clnt_vc.c 1.8.2.2.2.2 + src/sys/kern/vfs_lookup.c 1.132.2.1.2.2 + src/sys/netinet/sctp_input.c 1.82.2.2.2.2 + src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c + 1.24.2.2.2.1 + src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c + 1.46.2.7.2.1 + src/sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h 1.3.4.1.2.1 + src/sys/cddl/compat/opensolaris/sys/vnode.h 1.12.2.2.2.2 +- - ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- - ------------------------------------------------------------------------- +releng/8.0/ r201679 +- - ------------------------------------------------------------------------- + +V. References + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-10:01.freebsd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iD8DBQFLRRFQFdaIBMps37IRAuq9AJ9fq1708qfDgnyzuNRWnumiQhJD2gCcDqWd +AyQA3ZdKXci6S8d9UauJFw4= +=NwGp +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-10:02.sched_ule.asc b/share/security/advisories/FreeBSD-EN-10:02.sched_ule.asc new file mode 100644 index 0000000000..384ae179fc --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-10:02.sched_ule.asc @@ -0,0 +1,157 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-10:02.sched_ule Errata Notice + The FreeBSD Project + +Topic: Deadlock in ULE scheduler + +Category: core +Module: kern +Announced: 2010-02-27 +Credits: Attilio Rao +Affects: FreeBSD 7.0, 7.1, and 7.2. +Corrected: 2009-09-24 09:08:22 UTC (RELENG_7, 7.2-STABLE) + 2010-02-27 10:55:43 UTC (RELENG_7_2, 7.2-RELEASE-p7) + 2010-02-27 10:55:43 UTC (RELENG_7_1, 7.1-RELEASE-p11) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +FreeBSD has two schedulers: the classic 4BSD scheduler and a newer, +more SMP-aware scheduler called ULE. The 4BSD scheduler was the +default scheduler until FreeBSD 7.0. Starting with FreeBSD 7.1 the +default scheduler is ULE. + +The scheduler is responsible for allocating CPU time to threads and +assigning threads to CPUs. Runnable threads (i.e. threads which are +not waiting for a blocking operation, such as an I/O operation, memory +allocation or lock acquisition, to complete) are assigned to a CPU and +placed in that CPU's run queue. Each thread and each CPU's run queue +is protected by a separate lock. + +II. Problem Description + +When a thread is reassigned from one CPU to another, the scheduler +first acquires the thread's lock, then releases the source CPU's run +queue lock. The scheduler then acquires the target CPU's run queue +lock and holds the lock while it adds the thread to the queue and signals +the target CPU. Finally it reacquires the source CPU's run queue lock +before unlocking the thread. A thread on the target CPU, having been +notified of the reassigned thread's arrival on the target CPU's run +queue, will then acquire the thread's lock before switching it in. + +If, at the same time, a third thread tries to acquire both the source +and target CPUs' run queue locks, a three-way deadlock may occur: + + - The second thread has acquired the target CPU's run queue lock, but + has not yet acquired the first thread's lock. + + - The third thread has acquired the source CPU's run queue lock, and + is waiting to acquire the target CPU's run queue lock, which is + locked by the second thread. + + - The first thread is waiting to acquire the source CPU's run queue + lock, which is held by the third thread, in order to release its + own lock. + +As a result both CPUs' run queues are locked, and each of the three +threads is waiting to acquire a lock held by one of the others. + +Eventually every CPU in the system ends up in a state where it is +waiting to acquire each other's locks. + +It has not been determined whether this also affects single-CPU +systems but it is recommended this Errata Notice be applied to +single-CPU systems as well. + +III. Impact + +Affected systems may become deadlocked and require power-cycling. The +chance of a deadlock occurring increases with the number of CPUs. +There may be other aggravating factors such as running powerd(8). But +eventually any multi-processor system using the ULE scheduler will +become deadlocked. + +IV. Workaround + +Replace SCHED_ULE with SCHED_4BSD in your kernel configuration, +recompile your kernel and reboot the system. + +Note that systems running the 4BSD scheduler are not affected; to +determine what scheduler a system is using, run +# sysctl kern.sched.name + +V. Solution + +Perform one of the following: + +1) Upgrade your system to 7-STABLE, or to the RELENG_7_2 or RELENG_7_1 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.1 and +7.2 systems. + +a) Download the relevant patch from the location below, and verify the + detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-10:02/sched_ule.patch +# fetch http://security.FreeBSD.org/patches/EN-10:02/sched_ule.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/kern/sched_ule.c 1.214.2.9 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.10 + src/sys/conf/newvers.sh 1.72.2.11.2.11 + src/sys/kern/sched_ule.c 1.214.2.8.2.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.14 + src/sys/conf/newvers.sh 1.72.2.9.2.15 + src/sys/kern/sched_ule.c 1.214.2.7.2.2 + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r197453 +releng/7.2/ r204409 +releng/7.1/ r204409 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-10:02.sched_ule.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAkuI+1oACgkQFdaIBMps37ItgACghSdnagnmy9Zohrh5IKuhygiy +kVsAn2EXtts/l+IrjuWIzODSSUzLylia +=mj/v +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-12:01.freebsd-update.asc b/share/security/advisories/FreeBSD-EN-12:01.freebsd-update.asc new file mode 100644 index 0000000000..336cf2e101 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-12:01.freebsd-update.asc @@ -0,0 +1,143 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-12:01.freebsd-update Errata Notice + The FreeBSD Project + +Topic: freebsd-update support for FreeBSD 9.0-RELEASE + +Category: core +Module: freebsd-update +Announced: 2012-01-04 +Affects: All versions of FreeBSD prior to 9.0-RC2. +Corrected: 2011-10-26 20:07:58 UTC (RELENG_7, 7.4-STABLE) + 2012-01-04 23:47:20 UTC (RELENG_7_4, 7.4-RELEASE-p6) + 2012-01-04 23:47:20 UTC (RELENG_7_3, 7.3-RELEASE-p10) + 2011-10-26 20:06:27 UTC (RELENG_8, 8.2-STABLE) + 2012-01-04 23:47:20 UTC (RELENG_8_2, 8.2-RELEASE-p6) + 2012-01-04 23:47:20 UTC (RELENG_8_1, 8.1-RELEASE-p8) + 2011-10-26 20:01:43 UTC (RELENG_9, 9.0-RC2) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +freebsd-update(8) allows system administrators to install binary updates to +the base FreeBSD install, as distributed by the FreeBSD Project. + +II. Problem Description + +freebsd-update in affected releases is unable to perform an automated upgrade +to FreeBSD 9.0 due to unsupported characters in FreeBSD 9.0 filenames. When +this bug is triggered, updates fail with the following error message: + + The update metadata is correctly signed, but + failed an integrity check. + Cowardly refusing to proceed any further. + +III. Impact + +Affected systems are unable to update from affected releases to FreeBSD 9.0 +using freebsd-update. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) For FreeBSD 7.x, upgrade your system to 7-STABLE, or to the RELENG_7_4 or + RELENG_7_3 security branch dated after the correction date. For FreeBSD + 8.x, upgrade your system to 8-STABLE, or to the RELENG_8_1 or RELENG_8_2 + security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.3, 7.4, 8.1, +and 8.2 systems. + +a) Download the relevant patch from the location below, and verify the + detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/EN-12:01/freebsd-update.patch +# fetch http://security.FreeBSD.org/patches/EN-12:01/freebsd-update.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/freebsd-update +# make obj && make && make install + +3) To update your affected system via a binary patch: + +Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE, or 8.2-RELEASE on the +i386 or amd64 platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.7 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.8 + src/sys/conf/newvers.sh 1.72.2.18.2.11 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.5.4.2 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.12 + src/sys/conf/newvers.sh 1.72.2.16.2.14 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.5.2.2 +RELENG_8 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.16.2.6 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.8 + src/sys/conf/newvers.sh 1.83.2.12.2.11 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.16.2.4.2.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.11 + src/sys/conf/newvers.sh 1.83.2.10.2.12 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.16.2.3.2.2 +RELENG_9 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.25.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r226813 +releng/7.4/ r229539 +releng/7.3/ r229539 +stable/8/ r226812 +releng/8.2/ r229539 +releng/8.1/ r229539 +stable/9/ r226811 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-12:01.freebsd-update.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk8E5YQACgkQFdaIBMps37LeTACeKYRkY5s+Iy+JCf/Zc3yvKSLD +2RsAnRsmN3gCPYglNjwkhJctdkLdGULh +=6LzH +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-EN-12:02.ipv6refcount.asc b/share/security/advisories/FreeBSD-EN-12:02.ipv6refcount.asc new file mode 100644 index 0000000000..9178d35d42 --- /dev/null +++ b/share/security/advisories/FreeBSD-EN-12:02.ipv6refcount.asc @@ -0,0 +1,161 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-EN-12:02.ipv6refcount Errata Notice + The FreeBSD Project + +Topic: Reference count errors in IPv6 code + +Category: core +Modules: sys_netinet sys_netinet6 +Announced: 2012-06-12 +Credits: Scott Long, Rui Paulo, Maksim Yevmenkin +Affects: FreeBSD 8.0 and later +Corrected: 2012-06-09 22:44:49 UTC (RELENG_8, 8.3-STABLE) + 2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3) + 2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9) + 2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11) + 2012-06-09 22:44:24 UTC (RELENG_9, 9.0-STABLE) + 2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3) + +For general information regarding FreeBSD Errata Notices and Security +Advisories, including descriptions of the fields above, security +branches, and the following sections, please visit +. + +I. Background + +The FreeBSD network stack implements Internet Protocol version 6 (IPv6), +the successor to IPv4. IPv6 is now seeing widespread deployment. + +Reference counts are a programming technology used by the FreeBSD kernel +to maintain stability of objects while in use. + +II. Problem Description + +The FreeBSD IPv4 and IPv6 kernel implementations employ reference counts to +protect IP addresses configured on network interfaces. Due to multiple +bugs, IPv6 address references may be improperly acquired or released; IPv4 +is unaffected. + +III. Impact + +Under high IPv6 network load, reference counts may improperly hit zero +due to overflow or underflow, causing an IPv6 address, which is still in +use, to be freed. This will lead to a kernel panic on next access. + +IV. Workaround + +No workaround is available, but systems not using any IPv6 communication +are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 8-STABLE, or 9-STABLE, or to the +RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 security branch dated +after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 8.3, 8.2, +8.1, and 9.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 8.1-RELEASE, 8.2-RELEASE, and 9.0-RELEASE] +# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount.patch +# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount.patch.asc + +[FreeBSD 8.3-RELEASE] +# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount-83.patch +# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount-83.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, or 9.0-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_8 + sys/netinet/tcp_input.c 1.411.2.22 + sys/netinet6/in6.c 1.121.2.28 + sys/netinet6/ip6_input.c 1.132.2.9 +RELENG_8_3 + src/UPDATING 1.632.2.26.2.5 + src/sys/conf/newvers.sh 1.83.2.15.2.7 + sys/netinet/tcp_input.c 1.411.2.19.2.2 + sys/netinet6/in6.c 1.121.2.23.2.2 + sys/netinet6/ip6_input.c 1.132.2.6.4.2 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.11 + src/sys/conf/newvers.sh 1.83.2.12.2.14 + sys/netinet/tcp_input.c 1.411.2.9.2.2 + sys/netinet6/in6.c 1.121.2.12.2.2 + sys/netinet6/ip6_input.c 1.132.2.6.2.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.14 + src/sys/conf/newvers.sh 1.83.2.10.2.15 + sys/netinet/tcp_input.c 1.411.2.6.2.2 + sys/netinet6/in6.c 1.121.2.11.2.2 + sys/netinet6/ip6_input.c 1.132.2.4.2.2 +RELENG_9 + sys/netinet/tcp_input.c 1.437.2.7 + sys/netinet6/in6.c 1.139.2.16 + sys/netinet6/ip6_input.c 1.147.2.4 +RELENG_9_0 + src/UPDATING 1.702.2.4.2.5 + src/sys/conf/newvers.sh 1.95.2.4.2.7 + sys/netinet/tcp_input.c 1.437.2.2.2.2 + sys/netinet6/in6.c 1.139.2.4.2.2 + sys/netinet6/ip6_input.c 1.147.2.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r236827 +releng/8.3/ r236953 +releng/8.2/ r236953 +releng/8.1/ r236953 +stable/9/ r236826 +releng/9.0/ r236953 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this Errata Notice is available at +http://security.FreeBSD.org/advisories/FreeBSD-EN-12:02.ipv6refcount.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (FreeBSD) + +iEYEARECAAYFAk/XQFQACgkQFdaIBMps37LBygCeLi30YsLogAWsemBcX/WdtOqi +35UAoIVvwvGi+fOs/fGm2PoAixAWqhSH +=2X+g +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:01.make.asc b/share/security/advisories/FreeBSD-SA-00:01.make.asc new file mode 100644 index 0000000000..7ed4c2666b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:01.make.asc @@ -0,0 +1,243 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:01 Security Advisory + FreeBSD, Inc. + +Topic: Insecure temporary file handling in make(1) + +Category: core +Module: make +Announced: 2000-01-19 +Affects: All versions before the correction date. +Corrected: 2000-01-16 +FreeBSD only: NO + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:01/make.patch + +I. Background + +The make(1) program is typically used to schedule building of source +code. It has a switch ('-j') to allow parallel building by spawning +multiple child processes. + +II. Problem Description + +The -j option to make(1) uses temporary files in /tmp to communicate +with its child processes by storing the shell command the child should +execute. This is useful on multi-processor architectures for making +use of all of the available CPUs, and is also widely used on +uniprocessor systems to minimize the scheduling latency of the build +process. + +However make(1) uses the temporary file in an insecure way, repeatedly +deleting and reusing the same file name for the entire life of the +program. This makes it vulnerable to a race condition wherein a +malicious user could observe the name of the temporary file being +used, and replace the contents of a later instance of the file with +her desired commands after the legitimate commands have been written. + +This vulnerability was discovered as part of the FreeBSD Auditing +Project, an ongoing effort to identify and correct security +vulnerabilities in the FreeBSD operating system. + +All versions of NetBSD and OpenBSD are also believed to be vulnerable +to this problem. Other systems using a BSD-derived make(1) binary may +also be vulnerable. + +III. Impact + +Local users could execute arbitrary shell commands as part of the +build process scheduled by "make -j" by another user. + +IV. Workaround + +Avoid using the '-j' flag to make(1). + +V. Solution + +Upgrade your system to one that is listed above as having the problem +resolved, or patch your present system. + +To patch your present system: save the patch below into a file, and +execute the following commands as root: + +cd /usr/src/usr.bin/make +patch < /path/to/patch/file +make all +make install + +Patches for 3.4-STABLE and 4.0-CURRENT systems before the resolution date: + + Index: job.c + =================================================================== + RCS file: /home/ncvs/src/usr.bin/make/job.c,v + retrieving revision 1.16 + diff -u -r1.16 job.c + --- job.c 1999/09/11 13:08:01 1.16 + +++ job.c 2000/01/17 01:42:57 + @@ -163,14 +163,6 @@ + #define JOB_STOPPED 3 /* The job is stopped */ + + /* + - * tfile is the name of a file into which all shell commands are put. It is + - * used over by removing it before the child shell is executed. The XXXXXXXXXX + - * in the string are replaced by mkstemp(3). + - */ + -static char tfile[sizeof(TMPPAT)]; + - + - + -/* + * Descriptions for various shells. + */ + static Shell shells[] = { + @@ -993,7 +985,7 @@ + /* + * If we are aborting and the job table is now empty, we finish. + */ + - (void) eunlink(tfile); + + (void) eunlink(job->tfile); + Finish(errors); + } + } + @@ -1668,6 +1660,7 @@ + Boolean cmdsOK; /* true if the nodes commands were all right */ + Boolean local; /* Set true if the job was run locally */ + Boolean noExec; /* Set true if we decide not to run the job */ + + int tfd; /* File descriptor for temp file */ + + if (previous != NULL) { + previous->flags &= ~(JOB_FIRST|JOB_IGNERR|JOB_SILENT|JOB_REMOTE); + @@ -1697,6 +1690,12 @@ + } + job->flags |= flags; + + + (void) strcpy(job->tfile, TMPPAT); + + if ((tfd = mkstemp(job->tfile)) == -1) + + Punt("cannot create temp file: %s", strerror(errno)); + + else + + (void) close(tfd); + + + /* + * Check the commands now so any attributes from .DEFAULT have a chance + * to migrate to the node + @@ -1722,9 +1721,9 @@ + DieHorribly(); + } + + - job->cmdFILE = fopen(tfile, "w+"); + + job->cmdFILE = fopen(job->tfile, "w+"); + if (job->cmdFILE == NULL) { + - Punt("Could not open %s", tfile); + + Punt("Could not open %s", job->tfile); + } + (void) fcntl(FILENO(job->cmdFILE), F_SETFD, 1); + /* + @@ -1830,7 +1829,7 @@ + * Unlink and close the command file if we opened one + */ + if (job->cmdFILE != stdout) { + - (void) eunlink(tfile); + + (void) eunlink(job->tfile); + if (job->cmdFILE != NULL) + (void) fclose(job->cmdFILE); + } else { + @@ -1859,7 +1858,7 @@ + } + } else { + (void) fflush(job->cmdFILE); + - (void) eunlink(tfile); + + (void) eunlink(job->tfile); + } + + /* + @@ -2403,13 +2402,6 @@ + * be running at once. */ + { + GNode *begin; /* node for commands to do at the very start */ + - int tfd; + - + - (void) strcpy(tfile, TMPPAT); + - if ((tfd = mkstemp(tfile)) == -1) + - Punt("cannot create temp file: %s", strerror(errno)); + - else + - (void) close(tfd); + + jobs = Lst_Init(FALSE); + stoppedJobs = Lst_Init(FALSE); + @@ -2914,7 +2906,7 @@ + } + } + } + - (void) eunlink(tfile); + + (void) eunlink(job->tfile); + } + + /* + @@ -2948,7 +2940,6 @@ + } + } + } + - (void) eunlink(tfile); + return(errors); + } + + @@ -3024,6 +3015,7 @@ + KILL(job->pid, SIGINT); + KILL(job->pid, SIGKILL); + #endif /* RMT_WANTS_SIGNALS */ + + (void) eunlink(job->tfile); + } + } + + @@ -3032,7 +3024,6 @@ + */ + while (waitpid((pid_t) -1, &foo, WNOHANG) > 0) + continue; + - (void) eunlink(tfile); + } + + #ifdef REMOTE + Index: job.h + =================================================================== + RCS file: /home/ncvs/src/usr.bin/make/job.h,v + retrieving revision 1.10 + diff -u -r1.10 job.h + --- job.h 1999/08/28 01:03:31 1.10 + +++ job.h 2000/01/17 01:42:31 + @@ -93,6 +93,8 @@ + #define JOB_BUFSIZE 1024 + typedef struct Job { + int pid; /* The child's process ID */ + + char tfile[sizeof(TMPPAT)]; + + /* Temporary file to use for job */ + GNode *node; /* The target the child is making */ + LstNode tailCmds; /* The node of the first command to be + * saved when the job has been run */ + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv +Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface + +iQCVAwUBOIVvCFUuHi5z0oilAQF7nQP+No1n5Rl2g0ltvu+Vrx2ImMZreOwz04zZ +a6MM+bQQ0q/pXgupzSQ3xcfpzZzHjQx2+ajMg4P+l7+OsBvjBvrVFrc021rRW18W +Ds3A/Vlm8seaWOe4Q4u5qSTdp2PO9HXJrEQWL37xAQtqVyT3J2E37MQyEfENWg4d +FeIUCiTIMuA= +=86yT +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:02.procfs.asc b/share/security/advisories/FreeBSD-SA-00:02.procfs.asc new file mode 100644 index 0000000000..d1181c6fc5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:02.procfs.asc @@ -0,0 +1,183 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:01 Security Advisory + FreeBSD, Inc. + +Topic: Old procfs hole incompletely filled + +Category: core +Module: make +Announced: 2000-01-24 +Affects: All versions before the correction date. +Corrected: 2000-01-20 +FreeBSD only: NO + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:02/procfs.patch + +I. Background + +procfs provides access to other processes memory spaces. This is +intended to be used in debugging and has many safeguards built into it +to prevent abuse. + +II. Problem Description + +In January 1997 a fatal flaw in *BSD procfs code (leading to a local +root compromise) was discussed on various security forums. The exploit +code dealt with /proc/pid/mem interface. Since then *BSD kernels +contained a simple fix which was meant to close this hole. + +Unfortunately, throughout these three years it was still possible to +abuse /proc/pid/mem in a similar, though more complicated fashion, +which could lead to local root compromise. + +III. Impact + +Local users can gain root access. + +IV. Workaround + +You can unmount /proc. In both 3.x-stable and 4.0-current this will +break truss and gcore. In 3.x-stable systems only it will reduce the +amount of information ps reports. + +V. Solution + +Apply the following patch + + Index: sys/filedesc.h + =================================================================== + RCS file: /base/FreeBSD-CVS/src/sys/sys/filedesc.h,v + retrieving revision 1.15.2.1 + diff -u -r1.15.2.1 filedesc.h + --- filedesc.h 1999/08/29 16:32:22 1.15.2.1 + +++ filedesc.h 2000/01/20 21:39:29 + @@ -139,6 +139,7 @@ + int fsetown __P((pid_t, struct sigio **)); + void funsetown __P((struct sigio *)); + void funsetownlst __P((struct sigiolst *)); + +void setugidsafety __P((struct proc *p)); + #endif + + #endif + Index: kern/kern_descrip.c + =================================================================== + RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_descrip.c,v + retrieving revision 1.58.2.3 + diff -u -r1.58.2.3 kern_descrip.c + --- kern_descrip.c 1999/11/18 08:09:08 1.58.2.3 + +++ kern_descrip.c 2000/01/20 21:40:00 + @@ -984,6 +984,62 @@ + } + + /* + + * For setuid/setgid programs we don't want to people to use that setuidness + + * to generate error messages which write to a file which otherwise would + + * otherwise be off limits to the proces. + + * + + * This is a gross hack to plug the hole. A better solution would involve + + * a special vop or other form of generalized access control mechanism. We + + * go ahead and just reject all procfs file systems accesses as dangerous. + + * + + * Since setugidsafety calls this only for fd 0, 1 and 2, this check is + + * sufficient. We also don't for setugidness since we know we are. + + */ + +static int + +is_unsafe(struct file *fp) + +{ + + if (fp->f_type == DTYPE_VNODE && + + ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS) + + return (1); + + return (0); + +} + + + +/* + + * Make this setguid thing safe, if at all possible. + + */ + +void + +setugidsafety(p) + + struct proc *p; + +{ + + struct filedesc *fdp = p->p_fd; + + struct file **fpp; + + char *fdfp; + + register int i; + + + + /* Certain daemons might not have file descriptors. */ + + if (fdp == NULL) + + return; + + + + fpp = fdp->fd_ofiles; + + fdfp = fdp->fd_ofileflags; + + for (i = 0; i <= fdp->fd_lastfile; i++, fpp++, fdfp++) { + + if (i > 2) + + break; + + if (*fpp != NULL && is_unsafe(*fpp)) { + + if (*fdfp & UF_MAPPED) + + (void) munmapfd(p, i); + + (void) closef(*fpp, p); + + *fpp = NULL; + + *fdfp = 0; + + if (i < fdp->fd_freefile) + + fdp->fd_freefile = i; + + } + + } + + while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL) + + fdp->fd_lastfile--; + +} + + + +/* + * Close any files on exec? + */ + void + Index: kern/kern_exec.c + =================================================================== + RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_exec.c,v + retrieving revision 1.93.2.3 + diff -u -r1.93.2.3 kern_exec.c + --- kern_exec.c 1999/08/29 16:25:58 1.93.2.3 + +++ kern_exec.c 2000/01/20 21:39:29 + @@ -281,6 +281,7 @@ + if (attr.va_mode & VSGID) + p->p_ucred->cr_gid = attr.va_gid; + setsugid(p); + + setugidsafety(p); + } else { + if (p->p_ucred->cr_uid == p->p_cred->p_ruid && + p->p_ucred->cr_gid == p->p_cred->p_rgid) + +VI. Credits + +We are republishing a heavily edited FEAR security advisory (number 1) +entitled "*BSD procfs vulnerability". More information about FEAR can +be found at http://www.fear.pl. We would like to thank +nergal@idea.avet.com.pl for sending a preliminary version of the +advisory to us in time to correct the problem. + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv +Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface + +iQCVAwUBOJFWeFUuHi5z0oilAQHo2AP+N4GDREEmjxy6RUvt+G3cRe1Sx4yxr/Jd +q70D5Icp3JlcJgxGfWFqGGvt8yx9xMm6d57mFDltdvPKr0TY0n0bY39BJlRAto9n +gn8BJJvQ0WQ15ctOQKIsGwGJqHvA+p4qAHYFE3sUIZn6oMz5//C5OmaC7mFtrycY +TI64bNR+0F8= +=/F89 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:03.asmon.asc b/share/security/advisories/FreeBSD-SA-00:03.asmon.asc new file mode 100644 index 0000000000..c1b61b9466 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:03.asmon.asc @@ -0,0 +1,87 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:03 Security Advisory + FreeBSD, Inc. + +Topic: Asmon/Ascpu ports fail to drop privileges + +Category: ports +Module: asmon/ascpu +Announced: 2000-02-19 +Affects: Ports collection before the correction date. +Corrected: 2000-01-29 +FreeBSD only: yes + +I. Background + +Two optional third-party ports distributed with FreeBSD can be used to +execute commands with elevated privileges, specifically setgid kmem +privileges. This may lead to a local root compromise. + +II. Problem Description + +Asmon and ascpu allow users to execute arbitrary commands as part of a user +configuration file. Both applications are Linux-centric as distributed by +the vendor and require patching to run under FreeBSD (specifically, using +the kvm interface and setgid kmem privileges to obtain system statistics); +this patching was the source of the present security problem. This is a +similar flaw to one found in the wmmon port, which was corrected on +1999/12/31. + +Note that neither utility is installed by default, nor are they "part of +FreeBSD" as such: they are part of the FreeBSD ports collection, which +contains over 3100 third-party applications in a ready-to-install format. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit of +the most security-critical ports. + +III. Impact + +If you have not chosen to install the asmon or ascpu ports/packages, then +your system is not vulnerable. If you have, then local users can obtain +setgid kmem rights, which allows them to manipulate kernel memory, and +thereby compromise root. + +IV. Workaround + +Remove the asmon and ascpu ports/packages, if you have installed them. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the asmon and/or ascpu +ports. + +2) Reinstall a new package obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/asmon-0.60.tgz +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/ascpu-1.8.tgz + +after the correction date. At the time of advisory release, the asmon +package was not available - you may need to use one of the other methods +to update the software. + +3) download a new port skeleton for the asmon and/or ascpu ports from: + +http://www.freebsd.org/ports/ + +and use it to rebuild one or both ports. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOK+LsFUuHi5z0oilAQHRZAP+MC3e3NhGNTDhiL/GAQjewUS8c16ClPhj +WruCd5Tu1WJA2Em8Q19Ui7vrLRLQ9aXzTocUOBd6x6/zqpM3lS1aJMwvV9BkZ59G +ONh6aiM7FbWPKukW1YThKDn0Vjtc5JaDHsbJ4dVHQh/IMqZD8hqocLG4AjJDxnLj +qlRyhiCr/lA= +=l1gj +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:04.delegate.asc b/share/security/advisories/FreeBSD-SA-00:04.delegate.asc new file mode 100644 index 0000000000..a16b3893eb --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:04.delegate.asc @@ -0,0 +1,92 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:04 Security Advisory + FreeBSD, Inc. + +Topic: Delegate port contains numerous buffer overflows + +Category: ports +Module: delegate +Announced: 2000-02-19 +Affects: Ports collection before the correction date. +Corrected: 2000-02-02 +FreeBSD only: NO + +I. Background + +An optional third-party port distributed with FreeBSD contains numerous +remotely-exploitable buffer overflows which allow an attacker to execute +arbitrary commands on the local system, typically as the 'nobody' user. + +II. Problem Description + +Delegate is a versatile application-level proxy. Unfortunately it is +written in a very insecure style, with potentially dozens of different +exploitable buffer overflows (including several demonstrated ones), each of +which could allow an attacker to execute arbitrary code on the delegate +server. This code will run as the user ID of the 'delegated' process, +typically 'nobody' in the recommended configuration, but this still +represents a security risk as the attacker may be able to mount a local +attack to further upgrade his or her access privileges. + +Note that the delegate utility is not installed by default, nor is it "part +of FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3100 third-party applications in a ready-to-install format. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit of +the most security-critical ports. + +III. Impact + +If you have not chosen to install the delegate port/package, then your +system is not vulnerable. If you have, then local or remote users who can +connect to the delegate port(s), or malicious servers which a user accesses +using the delegate proxy, can potentially execute arbitrary code on your +system in any number of ways. + +IV. Workaround + +Remove the delegate port/package, if you have installed it. + +V. Solution + +Unfortunately no simple fix is available - the problems with the delegate +software are too endemic to be fixed by a simple patch. It is hoped the +software authors will take security to heart and correct the security +problems in a future version, although user caution is advised given the +current state of the code. + +Depending on your local setup and your security threat model, using a +firewall/packet filter such as ipfw(8) or ipf(8) to prevent remote users +from connecting to the delegate port(s) may be enough to meet your security +needs. Note that this will not prevent legitimate proxy users from +attacking the delegate server, although this may not be an issue if they +have a shell account on the machine anyway. + +Note also that this does not prevent "passive" exploits in which a user is +convinced through other means into visiting a malicious server using the +proxy, which may be able to compromise it by sending back invalid +data. Several flaws of this type have been discovered during a brief +survey of the code. + +If you are running FreeBSD 4.0, a possible solution might be to confine the +delegate process inside a "jail" (see the jail(8) manpage). A properly +configured jail will isolate the contents in their own separate "virtual +machine", which can be suitably secured so that an attacker who gains +control of a process running inside the jail cannot escape and gain access +to the rest of the machine. Note that this is different from a traditional +chroot(8), since it does not just attempt to isolate processes inside +portions of the filesystem. This solution is not possible under standard +FreeBSD 3.x or earlier. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOK+NTVUuHi5z0oilAQGGnAP+NOxAOVpEUpyR0iQwNjA1Je7B4M5gOxzc +NwqQKp7WBm/IzzIW23KvyPcbTld83+m2tnhdNW3srh8ESSYDaa/hhmG2AtR0LYEL +H2EWTIBcPBhidquX+ihKGTSaMnMjYpmp6GVGSsBqcNFXAPGHiJ6BbsEg2k6rJSLz +wgL0NJ+qkCI= +=ZhXO +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:05.mysql.asc b/share/security/advisories/FreeBSD-SA-00:05.mysql.asc new file mode 100644 index 0000000000..a8f0768081 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:05.mysql.asc @@ -0,0 +1,92 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:05 Security Advisory + FreeBSD, Inc. + +Topic: MySQL allows bypassing of password authentication + +Category: ports +Module: mysql322-server +Announced: 2000-02-28 +Affects: Ports collection before the correction date. +Corrected: 2000-02-15 +FreeBSD only: NO + +I. Background + +MySQL is a popular SQL database client/server distributed as part of the +FreeBSD ports collection. + +II. Problem Description + +The MySQL database server (versions prior to 3.22.32) has a flaw in the +password authentication mechanism which allows anyone who can connect to +the server to access databases without requiring a password, given a valid +username on the database - in other words, the normal password +authentication mechanism can be completely bypassed. + +MySQL is not installed by default, nor is it "part of FreeBSD" as such: it +is part of the FreeBSD ports collection, which contains over 3100 +third-party applications in a ready-to-install format. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit +of the most security-critical ports. + +III. Impact + +The successful attacker will have all of the access rights of that +database user and may be able to read, add or modify records. + +If you have not chosen to install the mysql322-server port/package, then +your system is not vulnerable. + +IV. Workaround + +Use appropriate access-control lists to limit which hosts can initiate +connections to MySQL databases - see: + +http://www.mysql.com/Manual_chapter/manual_Privilege_system.html + +for more information. If unrestricted remote access to the database is not +required, consider using ipfw(8) or ipf(8), or your network perimeter +firewall, to prevent remote access to the database from untrusted machines +(MySQL uses TCP port 3306 for network communication). Note that users who +have access to machines which are allowed to initiate database connections +(e.g. local users) can still exploit the security hole. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the mysql322-server +port. + +2) Reinstall a new package obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/databases/mysql-server-3.22.32.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/databases/mysql-server-3.22.32.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/databases/mysql-server-3.22.32.tgz + +3) download a new port skeleton for the mysql322-server port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOLtYEVUuHi5z0oilAQHtbwP/TF0hNZwrO/wAuBjYF8Eff5aDU1KtnA9D +u0bcUakDgF/nODVxgOFZ1MfaK95PAhRqdYvtwssTqTXwlRB+PU0vtwjdt3p3l8d3 +SixfhxT+Ys/v222jK+o6lJdxfKOC4chNDseboSRoCSLEESNl2NDGkBKezKSzzlng +vzxtva695bI= +=KYqf +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:06.htdig.asc b/share/security/advisories/FreeBSD-SA-00:06.htdig.asc new file mode 100644 index 0000000000..86403ddd9f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:06.htdig.asc @@ -0,0 +1,90 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:06 Security Advisory + FreeBSD, Inc. + +Topic: htdig port allows remote reading of files + +Category: ports +Module: htdig +Announced: 2000-03-01 +Affects: Ports collection before the correction date. +Corrected: 2000-02-28 +FreeBSD only: NO + +I. Background + +The ht://Dig system is a complete world wide web indexing and searching +system for a small domain or intranet. + +II. Problem Description + +There is a security hole in the htsearch cgi-bin program for versions of +htdig prior to 3.1.5, which allows remote users to read any file on the +local system that is accessible to the user ID running htsearch (usually +the user ID running the webserver process, user 'nobody' in the default +installation of apache). + +Note that the htdig utility is not installed by default, nor is it "part +of FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3100 third-party applications in a ready-to-install format. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit +of the most security-critical ports. + +III. Impact + +If you have not chosen to install the htdig port/package, then your system +is not vulnerable. If you have, then local or remote users who can connect +to a web server which contains the htsearch cgi-bin executable can read +any file on your system which is accessible to the user running the +htsearch process (typically user nobody). It is not currently believed +that an attacker can exploit this hole to modify or delete files, but they +may be able to use the ability to read files to mount a further attack +based on other security holes they discover. + +IV. Workaround + +Remove the /usr/local/share/apache/cgi-bin/htsearch file, if you do not +make use of it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the htdig port. + +2) Reinstall a new package obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/textproc/htdig-3.1.5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/textproc/htdig-3.1.5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/textproc/htdig-3.1.5.tgz + +(Note: it may be several days before the new packages appear on the FTP +site) + +3) download a new port skeleton for the htdig port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOL1um1UuHi5z0oilAQGtnwP+JsTP4KCrAO/fEIMG70a79tPsLeqUiuyP +ihPc5Rw/e6wguW8qPLXvLGSsT5zzkXLOeuww+2ViPpYehTkD4cB1zt3UsWeNSGa+ +kkWQyYFwK/3BaHbsN8COu4xa5c4B+VdqbFXa3G/cIM+MRRTxlhrDWqaJp58UKpD3 +OA7HcbSdSKk= +=A+Nm +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:07.mh.asc b/share/security/advisories/FreeBSD-SA-00:07.mh.asc new file mode 100644 index 0000000000..2cdad2d777 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:07.mh.asc @@ -0,0 +1,113 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:07 Security Advisory + FreeBSD, Inc. + +Topic: mh/nmh/exmh/exmh2 ports allow remote execution of binary code + +Category: ports +Module: mh/nmh/exmh/exmh2 +Announced: 2000-03-15 +Revised: 2000-03-19 +Affects: Ports collection before the correction date. +Corrected: [See below for a more complete description] + All versions fixed in 4.0-RELEASE. + mh: 2000-03-04 + nmh: 2000-02-29 + exmh: 2000-03-05 + exmh2: 2000-03-05 +FreeBSD only: NO + +I. Background + +MH and its successor NMH are popular Mail User Agents. EXMH and EXMH2 are +TCL/TK-based front-ends to the MH system. There are also Japanese-language +versions of the MH and EXMH2 ports, but these are developed separately and are +not vulnerable to the problem described here. + +II. Problem Description + +The mhshow command used for viewing MIME attachments contains a buffer +overflow which can be exploited by a specially-crafted email attachment, +which will allow the execution of arbitrary code as the local user when the +attachment is opened. + +The *MH ports are not installed by default, nor are they "part of +FreeBSD" as such: they are part of the FreeBSD ports collection, which +contains over 3100 third-party applications in a ready-to-install +format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to +this problem. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit +of the most security-critical ports. + +III. Impact + +An attacker who can convince a user to open a hostile MIME attachment sent +as part of an email message can execute arbitrary binary code running with +the privileges of that user. + +If you have not chosen to install any of the mh/nmh/exmh/exmh2 +ports/packages, then your system is not vulnerable. + +The Japanese-language version of MH is being actively developed and is +believed to have fixed this particular problem over a year ago. Consequently +the ja-mh and ja-exmh2 ports are not believed to be vulnerable to this problem. + +IV. Workaround + +1) Remove the mhshow binary, located in /usr/local/bin/mhshow. This will +prevent the viewing of MIME attachments from within *mh. + +2) Remove the mh/nmh/exmh/exmh2 ports, if you you have installed them. + +V. Solution + +The English language version of the MH software is no longer actively +developed, and no fix is currently available. It is unknown whether a fix +to the problem will be forthcoming - consider upgrading to use NMH instead, +which is the designated successor of the MH software. EXMH and EXMH2 can +both be compiled to use NMH instead (this is now the default behaviour). It +is not necessary to recompile EXMH/EXMH2 after reinstalling NMH. + +SOLUTION: Remove any old versions of the mail/mh or mail/nmh ports and +perform one of the following: + +1) Upgrade your entire ports collection and rebuild the mail/nmh port. + +2) Reinstall a new package obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/nmh-1.0.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/nmh-1.0.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/nmh-1.0.3.tgz + +3) download a new port skeleton for the nmh port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +VI. Revision history + +v1.0 2000-03-15 Initial release +v1.1 2000-03-19 Update to note that the japanese-localized ports are not + vulnerable + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBONXFXlUuHi5z0oilAQHQ/QP9FCTFiFlaeSv2ROM46PbDkF6MN39SLTuv +DEW6a6wmMU5+YbSTlFLjvYrqYgpjOmM7NMOMhhceVVpoZVMMPonHuJxHWh7YvF2G +T4bZcRM3kpRcjXAOQnIiUrgh77zoEmfBysAmHZbNucCmOB5y7UqHI3CM31+geiPR +/bsvHCy4U0U= +=Odcg +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:08.lynx.asc b/share/security/advisories/FreeBSD-SA-00:08.lynx.asc new file mode 100644 index 0000000000..42b7cf6663 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:08.lynx.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:08 Security Advisory + FreeBSD, Inc. + +Topic: Lynx ports contain numerous buffer overflows + +Category: ports +Module: lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current +Announced: 2000-03-15 +Revised: 2000-05-17 +Affects: Ports collection before the correction date. +Corrected: 2000-04-16 [lynx-current] + 2000-04-21 [lynx] +FreeBSD only: NO + +I. Background + +Lynx is a popular text-mode WWW browser, available in several versions +including SSL support and Japanese language localization. + +II. Problem Description + +Versions of the lynx software prior to version 2.8.3pre.5 were written +in a very insecure style and contain numerous potential and several +proven security vulnerabilities (publicized on the BugTraq mailing +list) exploitable by a malicious server. + +The lynx ports are not installed by default, nor are they "part of +FreeBSD" as such: they are part of the FreeBSD ports collection, which +contains over 3200 third-party applications in a ready-to-install +format. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A malicious server which is visited by a user with the lynx browser +can exploit the browser security holes in order to execute arbitrary +code as the local user. + +If you have not chosen to install any of the +lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports/packages, +then your system is not vulnerable. + +IV. Workaround + +Remove the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports, +if you you have installed them. + +V. Solution + +Upgrade to lynx or lynx-current after the correction date. + +After the initial release of this advisory, the Lynx development team +conducted an audit of the source code, and have corrected the known +vulnerabilities in lynx as well as increasing the robustness of the +string-handling code. As of lynx-2.8.3pre.5, we consider it safe +enough to use again. + +Note that there may be undiscovered vulnerabilities remaining in the +code, as with all software - but should any further vulnerabilities be +discovered a new advisory will be issued. + +At this time the lynx-ssl/ja-lynx/ja-lynx-current ports are not yet +updated to a safe version of lynx: this advisory will be reissued +again once they are. + +1) Upgrade your entire ports collection and rebuild the lynx or +lynx-current port. + +2) Reinstall a lynx new package dated after the correction date, +obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/lynx-2.8.3.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/lynx-2.8.3.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/lynx-2.8.3.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/lynx-2.8.3.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/lynx-2.8.3.1.tgz + +Note that the lynx-current port is not automatically built as a package. + +3) download a new port skeleton for the lynx/lynx-current port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +VI. Revision History + +v1.0 2000-03-15 Initial release +v1.1 2000-05-17 Update to note fix of lynx and lynx-current ports. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOSMQT1UuHi5z0oilAQHlgwP9EiLqvf8MM55fvftEXPMfL6PJ6HFQPYMH ++TqX5Q/P9s0mgBFiGfN8wblmtEUyZ1GwF8goPa9fqqJIfNg8Qu2zWqJOYPjc20hW +yo3Rxbi+lEWOYxLpxBKDhvBH7yWxiV8Nm1+w73a76BjaZ20E0b91hgw2lebFiZPi +uzK38WjnFNQ= +=qWEC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:09.mtr.asc b/share/security/advisories/FreeBSD-SA-00:09.mtr.asc new file mode 100644 index 0000000000..0780e8a0a2 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:09.mtr.asc @@ -0,0 +1,85 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:09 Security Advisory + FreeBSD, Inc. + +Topic: mtr port contains a local root exploit. + +Category: ports +Module: mtr +Announced: 2000-03-15 +Affects: Ports collection before the correction date. +Corrected: 2000-03-07 (included in FreeBSD 4.0-RELEASE) +FreeBSD only: NO + +I. Background + +mtr ("Multi Traceroute") combines the functionality of the "traceroute" and +"ping" programs into a single network diagnostic tool. + +II. Problem Description + +The mtr program (versions 0.41 and below) fails to correctly drop setuid +root privileges during operation, allowing a local root compromise. + +The mtr port is not installed by default, nor is it "part of FreeBSD" as +such: it is part of the FreeBSD ports collection, which contains over 3100 +third-party applications in a ready-to-install format. The FreeBSD +4.0-RELEASE ports collection is not vulnerable to this problem. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit of +the most security-critical ports. + +III. Impact + +A local user can exploit the security hole to obtain root privileges. + +If you have not chosen to install the mtr port/package, then your system is +not vulnerable. + +IV. Workaround + +1) Remove the mtr port if you have installed it. + +2) Disable the setuid bit - run the following command as root: + +chmod u-s /usr/local/sbin/mtr + +This will mean non-root users cannot make use of the program, since it +requires root privileges to properly run. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the mtr port. + +2) Reinstall a new package obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mtr-0.42.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/net/mtr-0.42.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/net/mtr-0.42.tgz + +Note: it may be several days before the updated packages are available. + +3) download a new port skeleton for the mtr port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOM/J3FUuHi5z0oilAQFdjQP+MCxSn1WYvRehaxky8xnOLP8sAOiLvxLf +DG3emT6hgG7IFKTHNQ/KvHE5M9Y4/frk1tJGKVb/RKEbpbDDF3mmN0eq6S2B2Qda +TB4YjbaLVAnFKVhFcbZjVfc4YTtutNgl7xd/4bvXennki77oQiO5T3VRNnIXkjD1 +NUk4XQDyTQ4= +=Rrxf +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc b/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc new file mode 100644 index 0000000000..70bf197319 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc @@ -0,0 +1,90 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:10 Security Advisory + FreeBSD, Inc. + +Topic: orville-write port contains local root compromise. + +Category: ports +Module: orville-write +Announced: 2000-03-15 +Affects: Ports collection before the correction date. +Corrected: 2000-03-09 +FreeBSD only: Yes + +I. Background + +Orville-write is a replacement for the write(1) command, which +provides improved control over message delivery and other features. + +II. Problem Description + +One of the commands installed by the port is incorrectly installed +with setuid root permissions. The 'huh' command should not have any +special privileges since it is intended to be run by the local user to +view his saved messages. + +The orville-write port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3100 third-party applications in a ready-to-install +format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to +this problem. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit of +the most security-critical ports. + +III. Impact + +A local user can exploit a buffer overflow in the 'huh' utility to +obtain root privileges. + +If you have not chosen to install the orville-write port/package, then +your system is not vulnerable. + +IV. Workaround + +Remove the orville-write port if you have installed it. + +V. Solution + +Remove the setuid bit from the huh utility, by executing the following +command as root: + +chmod u-s /usr/local/bin/huh + +It is not necessary to reinstall the orville-write port, although this +can be done in one of the following ways if desired: + +1) Upgrade your entire ports collection and rebuild the orville-write port. + +2) Reinstall a new package dated after the correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz + +Note: it may be several days before the updated packages are available. + +3) download a new port skeleton for the orville-write port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOM/KWlUuHi5z0oilAQHk3AP+PEWNZ95ou8Oyf0nFzgAvjRCc4T060cJf +8qncBFmbWKvl/VHGJnj+u5HPE2LciZb/SdQxH0Ibuvm45hjt7umRrNcHQABmhtYV +9kG2k2cG+w9QtPnWQUtk7UDAQ2nmbyvQBsUJI+wrILoTHaKU1nLBivzzQbZPX9Nr +YTNtkrInpV0= +=c84W +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:11.ircii.asc b/share/security/advisories/FreeBSD-SA-00:11.ircii.asc new file mode 100644 index 0000000000..8c43b3b163 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:11.ircii.asc @@ -0,0 +1,93 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:11 Security Advisory + FreeBSD, Inc. + +Topic: ircII port contains a remote overflow + +Category: ports +Module: ircII +Announced: 2000-04-10 +Credits: Derek Callaway via BugTraq + "bladi" via BugTraq +Affects: Ports collection before the correction date. +Corrected: 2000-03-19 +FreeBSD only: NO + +I. Background + +ircII is a popular text-mode IRC client. + +II. Problem Description + +ircII version 4.4 contained a remotely-exploitable buffer overflow in +the /DCC CHAT command which allows remote users to execute arbitrary +code as the client user. + +The bug was originally reported in 1997 in a much older version of +ircII, but was apparently not corrected at the time, and the problem +was recently rediscovered independently. Development on the version of +ircII previously in ports ceased several years ago, and has been taken +up by a new group who have fixed this problem (and possibly +others). FreeBSD now provides this new version of ircII. + +The ircII port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3200 third-party applications in a ready-to-install +format. FreeBSD 4.0 did not ship with the ircII package available +because this vulnerability was reported to us late in the release +cycle and it was not possible to upgrade the port in time. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A remote user can cause arbitrary code to be executed on the local +system as the user running ircII. + +If you have not chosen to install the ircII port/package, then your +system is not known to be vulnerable to this problem, although there +are several other IRC clients which are derived from ircII including +Epic and BitchX. At this time it is unknown whether other clients are +vulnerable to this problem. + +IV. Workaround + +Remove the ircII port, if you you have installed it. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the ircII port. + +2) Reinstall a new package dated after the correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/irc/ircII-4.4S.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/ircII-4.4S.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/ircII-4.4S.tgz + +3) download a new port skeleton for the ircII port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOPJAMVUuHi5z0oilAQHKpgQAjdphg+Xaw4J7J5+dowvgrgoggA4YG0P5 +a7Nodawpvm2ya8jBStmi0cs3LhYIXZUPQfY3lqiAfEbf4Ndd4r5KUbQ+iAjgz4lZ +XHG0PjUGE98dK3eHZbLszaMIwPbBaCyicCD0gLPCVm40O0VOlqY+WHO9MfITgpec +GFF3l8b8Ym0= +=IU1d +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:12.healthd.asc b/share/security/advisories/FreeBSD-SA-00:12.healthd.asc new file mode 100644 index 0000000000..b43208eb2e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:12.healthd.asc @@ -0,0 +1,85 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:12 Security Advisory + FreeBSD, Inc. + +Topic: healthd allows a local root compromise + +Category: ports +Module: healthd +Announced: 2000-04-10 +Credits: Discovered during FreeBSD ports collection auditing. +Affects: Ports collection before the correction date. +Corrected: 2000-03-25 +Vendor status: Updated version released. +FreeBSD only: NO + +I. Background + +healthd is a small utility for monitoring the temperature, fan speed +and voltage levels of certain motherboards. + +II. Problem Description + +healthd v0.3 installs a utility which is setuid root in order to +monitor the system status. This utility contains a trivial buffer +overflow which allows an unprivileged local user to obtain root +privileges on the system. + +The healthd port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3200 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.0 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A local user can obtain root privileges by exploiting a vulnerability +in the healthd utility. + +If you have not chosen to install the healthd port/package, then your +system is not vulnerable. + +IV. Workaround + +Remove the healthd port, if you you have installed it. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the healthd port. + +2) Reinstall a new package dated after the correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/healthd-0.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/healthd-0.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/sysutils/healthd-0.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/healthd-0.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/healthd-0.3.tgz + +3) download a new port skeleton for the healthd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOPJABVUuHi5z0oilAQGEjgP/VQi4gknLQTpons+W/D3pT1fsk9F55HjQ +80pdBIfRxWNekFA+ZlfDNESLbG3qPyr+R4UaVxIZMnMVM/ZZRGPc/suYOxoHWZv0 +F29AqveqINRewGHJoF+hw+DDGJPrrWy2t25BW9AX8KXPCJ2C1uiyChN+2egdJT5J +EcTA8JgVU8I= +=RtRI +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:13.generic-nqs.asc b/share/security/advisories/FreeBSD-SA-00:13.generic-nqs.asc new file mode 100644 index 0000000000..8b47ffe1bd --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:13.generic-nqs.asc @@ -0,0 +1,90 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:13 Security Advisory + FreeBSD, Inc. + +Topic: generic-nqs contains a local root compromise + +Category: ports +Module: generic-nqs +Announced: 2000-04-19 +Credits: Philippe Andersson + via BugTraq +Affects: Ports collection before the correction date. +Corrected: 2000-04-16 +Vendor status: Updated version released. +FreeBSD only: NO + +I. Background + +Generic-NQS is a Network Queuing System for batch-processing jobs across +multiple machines. + +II. Problem Description + +Generic-NQS versions 3.50.7 and earlier contain a security vulnerability +which allow a local user to easily obtain root privileges. Unfortunately, +further details of the location and nature of the vulnerability were not +provided by the original poster, upon request of the Generic-NQS +developers. + +The generic-nqs port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3200 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.0 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A local user can obtain root privileges by exploiting a vulnerability +in the generic-nqs package. + +If you have not chosen to install the generic-nqs port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Remove the generic-nqs port, if you you have installed it. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the generic-nqs port. + +2) Reinstall a new package dated after the correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/generic-nqs-3.50.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/generic-nqs-3.50.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/generic-nqs-3.50.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/generic-nqs-3.50.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/generic-nqs-3.50.9.tgz + +Note that it may be a few days before the updated package is available. + +3) download a new port skeleton for the generic-nqs port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOP4kUVUuHi5z0oilAQGmYAQAntm5ianpGoWd2dr2Nf294InKoxRK5tt+ +61yGHUdZiFIWNUcEEow158vCnmAid1XyBRrYdeZLCs0EU0gaHRL21a1RpKab31T1 +oc8pPK5mCyygwrXCf/u4aZES/HQyVbpryEqnvrggSzjlXExhsl6i+4YEBYHUO2Mi +s8xowH91Sy4= +=eXhd +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:14.imap-uw.asc b/share/security/advisories/FreeBSD-SA-00:14.imap-uw.asc new file mode 100644 index 0000000000..77d6875e2b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:14.imap-uw.asc @@ -0,0 +1,105 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:14 Security Advisory + FreeBSD, Inc. + +Topic: imap-uw contains security vulnerabilities for "closed" + mail servers + +Category: ports +Module: imap-uw +Announced: 2000-04-24 +Credits: Michal Zalewski + Michal Szymanski via BugTraq +Affects: Ports collection. +Corrected: See below. +Vendor status: Aware of the problem, no satisfactory solution provided. +FreeBSD only: NO + +I. Background + +imap-uw is a popular IMAP4/POP2/POP3 mail server from the University +of Washington. + +II. Problem Description + +There are numerous buffer overflows available to an imap user after +they have successfully logged into their mail account +(i.e. authenticated themselves by giving the correct password, +etc). Once the user logs in, imapd has dropped root privileges and is +running as the user ID of the mail account which has been logged into, +so the buffer overflow can only allow code to be executed as that +user. + +Thus, the vulnerability is only relevant on a "closed" mail server, +i.e. one which does not normally allow interactive logins by mail +users. For a system which allows users to log in or execute code on +the system, there is minimal vulnerability. + +Note that once a user has successfully exploited the vulnerability to +gain access to their user account they may be able to mount further +attacks against the local (or a remote) machine to upgrade their +privileges. + +The imap-uw port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3200 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.0 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A user with a mail account on the imap server can execute arbitrary +code as themselves on that machine. This is only likely to be a +security issue on "closed" mail servers which do not allow interactive +shell logins. + +Only imapd is known to be vulnerable to this time - the other daemons +installed by the imap-uw port (ipop2d/ipop3d) are not known to suffer +from the same vulnerability. + +If you have not chosen to install the imap-uw port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +1) Deinstall the imap-uw port/package, if you you have installed it. + +2) If you do not specifically require imap functionality +(i.e. pop2/pop3 is sufficient) then disable the imap daemon in +/etc/inetd.conf and restart inetd (e.g. with the command 'killall -HUP +inetd') + +V. Solution + +Unfortunately the vulnerabilities in imapd are quite extensive and no +patch is currently available to address them. There is also no +"drop-in" replacement for imap-uw currently available in ports, +although the mail/cyrus port is another imap server which may be a +suitable replacement. Cyrus has different configuration and +operational requirements than imap-uw however, which may make it +unsuitable for many users. + +Until a security audit of the imap-uw source can be completed and the +vulnerabilities patched, it is recommended that operators of "closed" +imapd servers take steps to minimize the impact of users being able to +run code on the server (i.e., by tightening the local security on the +machine to minimize the damage an intruding user can cause). + +This advisory will be updated once the known vulnerabilities in +imap-uw have been addressed. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOQTN61UuHi5z0oilAQEe9QQAhoPtcTPFYv4RSvh0x/FYe1x8J4kmvi0x +I5fFL3Am8Yfjra/ETGE/WQpGttIFluyfs7RmOc7aglJHp9Aeii9zgCU0dv+3TIZb +FA0NUpode09tfEOP4ciuL1Diae9utoPc+80mitbGFoNL1uAUj4QKWxNNCJ1K6Jyd +plUnZwIFx64= +=qaIn +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:15.imap-uw.asc b/share/security/advisories/FreeBSD-SA-00:15.imap-uw.asc new file mode 100644 index 0000000000..f32ef95960 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:15.imap-uw.asc @@ -0,0 +1,87 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:15 Security Advisory + FreeBSD, Inc. + +Topic: imap-uw allows local users to deny service to any mailbox + +Category: ports +Module: imap-uw +Announced: 2000-04-24 +Credits: Alex Mottram via BugTraq +Affects: Ports collection. +Corrected: See below. +Vendor status: Notified. +FreeBSD only: NO + +I. Background + +imap-uw is a popular IMAP4/POP2/POP3 mail server from the University +of Washington. + +II. Problem Description + +The imap-uw port supplies a "libc-client" library which provides +various functionality common to mail servers. The algorithm used for +locking of mailbox files contains a weakness which allows an +unprivileged local user to lock an arbitrary local mailbox. + +In the case of POP2/POP3 servers, this means that the mailbox will not +be able to be accessed at all by the owner. In the case of IMAP4 +servers, the folder can be opened for reading, but not writing +(i.e. can only be accessed read-only). + +Note that this is a different vulnerability than that described in +FreeBSD Security Advisory 00:14, and affects all imap-uw servers which +provide shell-level access to users. However note that by virtue of +advisory 00:14, all users who can access their mail remotely via imap +can acquire such access even without explicit shell login access. + +The imap-uw port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3200 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.0 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A user who has, or who can obtain (see advisory 00:14) shell access to +the mail server can prevent an arbitrary mailbox from being opened via +pop2/pop3, or can force the mailbox to be only opened read-only via +imap. + +If you have not chosen to install the imap-uw port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +1) Deinstall the imap-uw port/package, if you you have installed it. + +2) Consider using another POP2/POP3 server if you do not require IMAP +functionality. See the notes regarding alternative IMAP servers in +FreeBSD Security Advisory 00:14. + +V. Solution + +No patch is currently available. It is encumbent on the imap-uw +developers to redesign the mailbox locking scheme to provide a secure +locking mechanism which is not vulnerable to local denial-of-service +attacks. + +This advisory will be updated once the known vulnerabilities in +imap-uw have been addressed. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOQTN8FUuHi5z0oilAQH58gP+JtkvDh4EFR13jGKxb6PERkt9x6Cpy+DY +1P56XODBiK4tnbTjdke2JLLNUHpSYtN23h8zt1DtnlxnxunQa8Y6fhptbpgHUWAu +ZIJlLLnl0iQcjj3Lqwz2E2BaFsyZxlVSGQnD/EmI+tyZcY+oTYbomCgi1RW3kbn+ +fmNJXmwTXCg= +=TwTN +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:16.golddig.asc b/share/security/advisories/FreeBSD-SA-00:16.golddig.asc new file mode 100644 index 0000000000..977b976e4c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:16.golddig.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:16 Security Advisory + FreeBSD, Inc. + +Topic: golddig port allows users to overwrite local files + +Category: ports +Module: golddig +Announced: 2000-05-09 +Credits: Discovered during internal ports collection auditing. +Affects: Ports collection. +Corrected: 2000-04-30 +Vendor status: Email bounced. +FreeBSD only: NO + +I. Background + +Golddig is an X11 game provided as part of the FreeBSD ports collection. + +II. Problem Description + +The golddig port erroneously installs a level-creation utility setuid +root, which allows users to overwrite the contents of arbitrary local +files. It is not believed that any elevation of privileges is possible +with this vulnerability because the contents of the file are a textual +representation of a golddig game level which is highly constrained. + +The golddig port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3200 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.0 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +An unprivileged local user can overwrite the contents of any file, +although they are restricted in the possible contents of the new file. + +If you have not chosen to install the golddig port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +One of the following: + +1) Deinstall the golddig port/package, if you you have installed it. + +2) Remove the setuid bit from /usr/local/bin/makelev. This will mean +unprivileged users cannot create or modify golddig levels except in +their own directories. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the golddig port. + +2) Reinstall a new package dated after the correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/games/golddig-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/games/golddig-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/games/golddig-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/games/golddig-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/games/golddig-2.0.tgz + +Note: it may be several days before the updated packages are available. + +3) download a new port skeleton for the golddig port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBORhjV1UuHi5z0oilAQHa4AP8D5QZo+zNieNemPMfMW77JIxsHtCHCg+M +MEG6CkJ6QOZlwJ8Mav1ExMyQywWncccgkazBFyK2KG5rAqpxX4KMZ+C3zfysTraS +cHVCVBw73yx0t53/FnvoR3yqtI+GdmhPaw9X3icCtp9st3hiSMF759yPqOUKBbIu +JFgdfAuXaqs= +=Pxca +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:17.libmytinfo.asc b/share/security/advisories/FreeBSD-SA-00:17.libmytinfo.asc new file mode 100644 index 0000000000..46c163fb54 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:17.libmytinfo.asc @@ -0,0 +1,157 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:17 Security Advisory + FreeBSD, Inc. + +Topic: Buffer overflow in libmytinfo may yield increased + privileges with third-party software. + +Category: core +Module: libmytinfo +Announced: 2000-05-09 +Affects: FreeBSD 3.x before the correction date. +Corrected: 2000-04-25 +FreeBSD only: Yes + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libmytinfo.patch + +I. Background + +libmytinfo is part of ncurses, a text-mode display library. + +II. Problem Description + +libmytinfo allows users to specify an alternate termcap file or entry +via the TERMCAP environment variable, however this is not handled +securely and contains a overflowable buffer inside the library. + +This is a security vulnerability for binaries which are linked against +libmytinfo and which are setuid or setgid (i.e. run with elevated +privileges). It may also be a vulnerability in other more obscure +situations where a user can exert control over the environment with +which an ncurses binary is run by another user. + +FreeBSD 3.x and earlier versions use a very old, customized version of +ncurses which is difficult to update without breaking +backwards-compatibility. The update was made for FreeBSD 4.0, but it +is unlikely that 3.x will be updated. However, the ncurses source is +currently being audited for further vulnerabilities. + +III. Impact + +Certain setuid/setgid third-party software (including FreeBSD +ports/packages) may be vulnerable to a local exploit yielding +privileged resources, such as network sockets, privileged filesystem +access, or outright privileged shell access (including root access). + +No program in the FreeBSD base system is believed to be vulnerable to +the bug. + +FreeBSD 4.0 and above are NOT vulnerable to this problem. + +IV. Workaround + +Remove any setuid or setgid binary which is linked against libmytinfo +(including statically linked), or remove set[ug]id privileges from the +file as appropriate. + +The following instructions will identify the binaries installed on the +system which are candidates for removal or removal of file +permissions. Since there may be other as yet undiscovered +vulnerabilities in libmytinfo it may be wise to perform this audit +regardless of whether or not you upgrade your system as described in +section V below. In particular, see the note regarding static linking +in section V. + +Of course, it is possible that some of the identified files may be +required for the correct operation of your local system, in which case +there is no clear workaround except for limiting the set of users who +may run the binaries, by an appropriate use of user groups and +removing the "o+x" file permission bit. + +1) Download the 'libfind.sh' script from + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh + +e.g. with the fetch(1) command: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh +Receiving libfind.sh (460 bytes): 100% +460 bytes transferred in 0.0 seconds (394.69 Kbytes/s) +# + +2) Verify the md5 checksum and compare to the value below: + +# /sbin/md5 libfind.sh +MD5 (libfind.sh) = 59dceaa76d6440c58471354a10a8fb0b + +3) Run the libfind script against your system: + +# sh libfind.sh / + +This will scan your entire system for setuid or setgid binaries which +are linked against libmytinfo. Each returned binary should be examined +(e.g. with 'ls -l' and/or other tools) to determine what security risk +it poses to your local environment, e.g. whether it can be run by +arbitrary local users who may be able to exploit it to gain +privileges. + +4) Remove the binaries, or reduce their file permissions, as appropriate. + +V. Solution + +Upgrade your FreeBSD 3.x system to 3.4-STABLE after the correction +date, or patch your present system source code and rebuild. Then run +the libfind script as instructed in section IV and identify any +statically-linked binaries (those reported as "STATIC" by the +libfind script). These should either be removed, recompiled, or have +privileges restricted to secure them against this vulnerability (since +statically-linked binaries will not be affected by recompiling the +shared libmytinfo library). + +To patch your present system: save the patch below into a file, and +execute the following commands as root: + +cd /usr/src/lib/libmytinfo +patch < /path/to/patch/file +make all +make install + +Patches for 3.x systems before the resolution date: + + Index: findterm.c + =================================================================== + RCS file: /usr/cvs/src/lib/libmytinfo/Attic/findterm.c,v + retrieving revision 1.3 + diff -u -r1.3 findterm.c + --- findterm.c 1997/08/13 01:21:36 1.3 + +++ findterm.c 2000/04/25 16:58:19 + @@ -242,7 +242,7 @@ + } else { + s = path->file; + d = buf; + - while(*s != '\0' && *s != ':') + + while(*s != '\0' && *s != ':' && d - buf < MAX_LINE - 1) + *d++ = *s++; + *d = '\0'; + if (_tmatch(buf, name)) { + @@ -259,7 +259,7 @@ + } else { + s = path->file; + d = buf; + - while(*s != '\0' && *s != ',') + + while(*s != '\0' && *s != ',' && d - buf < MAX_LINE - 1) + *d++ = *s++; + *d = '\0'; + if (_tmatch(buf, name)) { + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBORc3NFUuHi5z0oilAQGcaAP6Ar4+mNTHR/qXUJ+MFIVy+AQHFDwpYq5f +KgBpCRzgKVZs/zfsQ+LwC1vCHzusftTK0lEd//2pfGZHt3ln0eD1s6qt+Q6+ZJBE +MYYiXvqoBL1ob2Ahts6uEUs/vbMb4bCbEmMCn4ad2iU+neKH9a81Lk3frIaJjAVK +8/6vW7wH9W4= +=NDsR +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:18.gnapster.knapster.asc b/share/security/advisories/FreeBSD-SA-00:18.gnapster.knapster.asc new file mode 100644 index 0000000000..f5a24f31fd --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:18.gnapster.knapster.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:18 Security Advisory + FreeBSD, Inc. + +Topic: gnapster/knapster ports allows remote users to view local files + +Category: ports +Module: gnapster/knapster +Announced: 2000-05-09 +Reissued: 2000-05-16 +Credits: Fixed by vendor. + Knapster vulnerability pointed out by: + Tom Daniels via BugTraq +Affects: Ports collection. +Corrected: 2000-04-29 (gnapster) + 2000-05-01 (knapster) +Vendor status: Updated version released. +FreeBSD only: NO + +I. Background + +Gnapster and knapster are clients for the Napster file-sharing network. + +II. Problem Description + +The gnapster port (version 1.3.8 and earlier), and the knapster port +(version 0.9 and earlier) contain a vulnerability which allows remote +napster users to view any file on the local system which is accessible +to the user running gnapster/knapster. Gnapster and knapster do not +run with elevated privileges, so it is only the user's regular +filesystem access permissions which are involved. + +Note that there may be further undiscovered bugs in these and other +napster clients leading to a similar vulnerability. System +administrators and users should exercise discretion in installing a +napster client on their system. + +The gnapster/knapster ports are not installed by default, nor are they +"part of FreeBSD" as such: they are part of the FreeBSD ports +collection, which contains over 3200 third-party applications in a +ready-to-install format. The ports collection shipped with FreeBSD 4.0 +contains this problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users can view files accessible to the user running the +gnapster/knapster client. + +If you have not chosen to install a napster client, then your system +is not vulnerable to this problem. + +IV. Workaround + +Deinstall the gnapster and/or knapster port/package, if you you have +installed them. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the gnapster +and/or knapster port. + +2) Reinstall a new package dated after the correction date, obtained from: + +[gnapster] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/gnapster-1.3.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/gnapster-1.3.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/gnapster-1.3.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/gnapster-1.3.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/gnapster-1.3.9.tgz + +[knapster] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/knapster-0.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/knapster-0.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/knapster-0.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/knapster-0.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/knapster-0.10.tgz + +3) download a new port skeleton for the gnapster/knapster ports from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port(s). + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +VI. Revision History + +v1.0 2000-05-09 Initial release +v1.1 2000-05-16 Update to note that knapster 0.9 is also vulnerable and + broaden warning to include all napster clients. +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOSMRPVUuHi5z0oilAQHclAP/X+2Xdki6PUEZ/fCHdwZTLEC0kQNenOJ9 +oWxWFuI4z3jpylQ3CweIoo9akx32ZzyIVHTViG3mF2BC+NRQShl1aXu2MYqy6vKc +c4R+oHxx2OeYSQo4Q8rS8Ttxa543ynXg9wLBL0vtGMq07GtVYTXpg1+Ooi+QKe2o +9JMpcxAohAQ= +=2iHQ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:19.semconfig.asc b/share/security/advisories/FreeBSD-SA-00:19.semconfig.asc new file mode 100644 index 0000000000..7516c517c8 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:19.semconfig.asc @@ -0,0 +1,373 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:19 Security Advisory + FreeBSD, Inc. + +Topic: local users can prevent all processes from exiting + +Category: core +Module: kernel +Announced: 2000-05-23 +Credits: Peter Wemm +Affects: 386BSD-derived OSes, including all versions of FreeBSD, + NetBSD and OpenBSD. +Corrected: 2000-05-01 +FreeBSD only: NO +Patch: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:19/semconfig.patch + +I. Background + +System V IPC is a set of interfaces for providing inter-process +communication, in the form of shared memory segments, message queues +and semaphores. These are managed in user-space by ipcs(1) and +related utilities. + +II. Problem Description + +An undocumented system call is incorrectly exported from the kernel +without access-control checks. This operation causes the acquisition +in the kernel of a global semaphore which causes all processes on the +system to block during exit() handling, thereby preventing any process +from exiting until the corresponding "unblock" system call is issued. + +This operation was intended for use only by ipcs(1) to atomically +sample the state of System V IPC resources on the system (i.e., to +ensure that resources are not allocated or deallocated during the +process of sampling itself). + +In the future, this functionality may be reimplemented as a sysctl() +node. + +III. Impact + +An unprivileged local user can cause every process on the system to +hang during exiting. In other words, after the system call is issued, +no process on the system will be able to exit completely until another +user issues the "unblock" call or the system is rebooted. This is a +denial-of-service attack. + +IV. Workaround + +None available. + +V. Solution + +Upgrade to FreeBSD 2.1.7.1-STABLE, 2.2.8-STABLE, 3.4-STABLE, +4.0-STABLE or 5.0-CURRENT after the correction date. + +Alternatively, apply the following patch and rebuild the kernel and +the src/usr.bin/ipcs utility. This patch removes the semconfig() +syscall. It has been tested to apply cleanly against 3.4-RELEASE, +3.4-STABLE, 4.0-RELEASE and 4.0-STABLE systems. + +1) Save this advisory as a file, and run the following commands as root: + +# cd /usr/src +# patch -p < /path/to/advisory +# cd usr.bin/ipcs +# make all install + +2) Rebuild and reinstall the kernel and kernel modules as described in +the FreeBSD handbook (see: +http://www.freebsd.org/handbook/kernelconfig.html for more information) + +3) Reboot the system + +Patches for FreeBSD systems before the resolution date: + + --- sys/kern/syscalls.master 2000/01/19 06:01:07 1.72 + +++ sys/kern/syscalls.master 2000/05/01 11:15:10 1.72.2.1 + @@ -342,7 +342,7 @@ + 221 STD BSD { int semget(key_t key, int nsems, int semflg); } + 222 STD BSD { int semop(int semid, struct sembuf *sops, \ + u_int nsops); } + -223 STD BSD { int semconfig(int flag); } + +223 UNIMPL NOHIDE semconfig + 224 STD BSD { int msgctl(int msqid, int cmd, \ + struct msqid_ds *buf); } + 225 STD BSD { int msgget(key_t key, int msgflg); } + --- sys/kern/init_sysent.c 2000/01/19 06:02:29 1.79 + +++ sys/kern/init_sysent.c 2000/05/01 11:15:56 1.79.2.1 + @@ -243,7 +243,7 @@ + { 4, (sy_call_t *)__semctl }, /* 220 = __semctl */ + { 3, (sy_call_t *)semget }, /* 221 = semget */ + { 3, (sy_call_t *)semop }, /* 222 = semop */ + - { 1, (sy_call_t *)semconfig }, /* 223 = semconfig */ + + { 0, (sy_call_t *)nosys }, /* 223 = semconfig */ + { 3, (sy_call_t *)msgctl }, /* 224 = msgctl */ + { 2, (sy_call_t *)msgget }, /* 225 = msgget */ + { 4, (sy_call_t *)msgsnd }, /* 226 = msgsnd */ + --- sys/kern/syscalls.c 2000/01/19 06:02:29 1.71 + +++ sys/kern/syscalls.c 2000/05/01 11:15:56 1.71.2.1 + @@ -230,7 +230,7 @@ + "__semctl", /* 220 = __semctl */ + "semget", /* 221 = semget */ + "semop", /* 222 = semop */ + - "semconfig", /* 223 = semconfig */ + + "#223", /* 223 = semconfig */ + "msgctl", /* 224 = msgctl */ + "msgget", /* 225 = msgget */ + "msgsnd", /* 226 = msgsnd */ + --- sys/kern/sysv_ipc.c 2000/02/29 22:58:59 1.13 + +++ sys/kern/sysv_ipc.c 2000/05/01 11:15:56 1.13.2.1 + @@ -107,15 +107,6 @@ + semsys(p, uap) + struct proc *p; + struct semsys_args *uap; + -{ + - sysv_nosys(p, "SYSVSEM"); + - return nosys(p, (struct nosys_args *)uap); + -}; + - + -int + -semconfig(p, uap) + - struct proc *p; + - struct semconfig_args *uap; + { + sysv_nosys(p, "SYSVSEM"); + return nosys(p, (struct nosys_args *)uap); + --- sys/kern/sysv_sem.c 2000/04/02 08:47:08 1.24.2.1 + +++ sys/kern/sysv_sem.c 2000/05/01 11:15:56 1.24.2.2 + @@ -26,8 +26,6 @@ + int semget __P((struct proc *p, struct semget_args *uap)); + struct semop_args; + int semop __P((struct proc *p, struct semop_args *uap)); + -struct semconfig_args; + -int semconfig __P((struct proc *p, struct semconfig_args *uap)); + #endif + + static struct sem_undo *semu_alloc __P((struct proc *p)); + @@ -38,7 +36,7 @@ + /* XXX casting to (sy_call_t *) is bogus, as usual. */ + static sy_call_t *semcalls[] = { + (sy_call_t *)__semctl, (sy_call_t *)semget, + - (sy_call_t *)semop, (sy_call_t *)semconfig + + (sy_call_t *)semop + }; + + static int semtot = 0; + @@ -47,8 +45,6 @@ + static struct sem_undo *semu_list; /* list of active undo structures */ + int *semu; /* undo structure pool */ + + -static struct proc *semlock_holder = NULL; + - + void + seminit(dummy) + void *dummy; + @@ -87,64 +83,12 @@ + } */ *uap; + { + + - while (semlock_holder != NULL && semlock_holder != p) + - (void) tsleep((caddr_t)&semlock_holder, (PZERO - 4), "semsys", 0); + - + if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0])) + return (EINVAL); + return ((*semcalls[uap->which])(p, &uap->a2)); + } + + /* + - * Lock or unlock the entire semaphore facility. + - * + - * This will probably eventually evolve into a general purpose semaphore + - * facility status enquiry mechanism (I don't like the "read /dev/kmem" + - * approach currently taken by ipcs and the amount of info that we want + - * to be able to extract for ipcs is probably beyond what the capability + - * of the getkerninfo facility. + - * + - * At the time that the current version of semconfig was written, ipcs is + - * the only user of the semconfig facility. It uses it to ensure that the + - * semaphore facility data structures remain static while it fishes around + - * in /dev/kmem. + - */ + - + -#ifndef _SYS_SYSPROTO_H_ + -struct semconfig_args { + - semconfig_ctl_t flag; + -}; + -#endif + - + -int + -semconfig(p, uap) + - struct proc *p; + - struct semconfig_args *uap; + -{ + - int eval = 0; + - + - switch (uap->flag) { + - case SEM_CONFIG_FREEZE: + - semlock_holder = p; + - break; + - + - case SEM_CONFIG_THAW: + - semlock_holder = NULL; + - wakeup((caddr_t)&semlock_holder); + - break; + - + - default: + - printf("semconfig: unknown flag parameter value (%d) - ignored\n", + - uap->flag); + - eval = EINVAL; + - break; + - } + - + - p->p_retval[0] = 0; + - return(eval); + -} + - + -/* + * Allocate a new sem_undo structure for a process + * (returns ptr to structure or NULL if no more room) + */ + @@ -873,17 +817,6 @@ + register struct sem_undo **supptr; + int did_something; + + - /* + - * If somebody else is holding the global semaphore facility lock + - * then sleep until it is released. + - */ + - while (semlock_holder != NULL && semlock_holder != p) { + -#ifdef SEM_DEBUG + - printf("semaphore facility locked - sleeping ...\n"); + -#endif + - (void) tsleep((caddr_t)&semlock_holder, (PZERO - 4), "semext", 0); + - } + - + did_something = 0; + + /* + @@ -898,7 +831,7 @@ + } + + if (suptr == NULL) + - goto unlock; + + return; + + #ifdef SEM_DEBUG + printf("proc @%08x has undo structure with %d entries\n", p, + @@ -955,14 +888,4 @@ + #endif + suptr->un_proc = NULL; + *supptr = suptr->un_next; + - + -unlock: + - /* + - * If the exiting process is holding the global semaphore facility + - * lock then release it. + - */ + - if (semlock_holder == p) { + - semlock_holder = NULL; + - wakeup((caddr_t)&semlock_holder); + - } + } + + --- sys/sys/sem.h 1999/12/29 04:24:46 1.20 + +++ sys/sys/sem.h 2000/05/01 11:15:58 1.20.2.1 + @@ -163,13 +163,5 @@ + * Process sem_undo vectors at proc exit. + */ + void semexit __P((struct proc *p)); + - + -/* + - * Parameters to the semconfig system call + - */ + -typedef enum { + - SEM_CONFIG_FREEZE, /* Freeze the semaphore facility. */ + - SEM_CONFIG_THAW /* Thaw the semaphore facility. */ + -} semconfig_ctl_t; + #endif /* _KERNEL */ + + --- sys/sys/syscall-hide.h 2000/01/19 06:02:31 1.65 + +++ sys/sys/syscall-hide.h 2000/05/01 11:15:58 1.65.2.1 + @@ -191,7 +191,6 @@ + HIDE_BSD(__semctl) + HIDE_BSD(semget) + HIDE_BSD(semop) + -HIDE_BSD(semconfig) + HIDE_BSD(msgctl) + HIDE_BSD(msgget) + HIDE_BSD(msgsnd) + --- sys/sys/syscall.h 2000/01/19 06:02:31 1.69 + +++ sys/sys/syscall.h 2000/05/01 11:15:59 1.69.2.1 + @@ -196,7 +196,6 @@ + #define SYS___semctl 220 + #define SYS_semget 221 + #define SYS_semop 222 + -#define SYS_semconfig 223 + #define SYS_msgctl 224 + #define SYS_msgget 225 + #define SYS_msgsnd 226 + --- sys/sys/syscall.mk 2000/01/19 06:07:34 1.23 + +++ sys/sys/syscall.mk 2000/05/01 11:15:59 1.23.2.1 + @@ -148,7 +148,6 @@ + __semctl.o \ + semget.o \ + semop.o \ + - semconfig.o \ + msgctl.o \ + msgget.o \ + msgsnd.o \ + --- sys/sys/sysproto.h 2000/01/19 06:02:31 1.59 + +++ sys/sys/sysproto.h 2000/05/01 11:16:00 1.59.2.1 + @@ -662,9 +662,6 @@ + struct sembuf * sops; char sops_[PAD_(struct sembuf *)]; + u_int nsops; char nsops_[PAD_(u_int)]; + }; + -struct semconfig_args { + - int flag; char flag_[PAD_(int)]; + -}; + struct msgctl_args { + int msqid; char msqid_[PAD_(int)]; + int cmd; char cmd_[PAD_(int)]; + @@ -1158,7 +1155,6 @@ + int __semctl __P((struct proc *, struct __semctl_args *)); + int semget __P((struct proc *, struct semget_args *)); + int semop __P((struct proc *, struct semop_args *)); + -int semconfig __P((struct proc *, struct semconfig_args *)); + int msgctl __P((struct proc *, struct msgctl_args *)); + int msgget __P((struct proc *, struct msgget_args *)); + int msgsnd __P((struct proc *, struct msgsnd_args *)); + --- usr.bin/ipcs/ipcs.c 1999/12/29 05:05:32 1.12 + +++ usr.bin/ipcs/ipcs.c 2000/05/01 10:51:37 1.12.2.1 + @@ -56,7 +56,6 @@ + struct shminfo shminfo; + struct shmid_ds *shmsegs; + + -int semconfig __P((int,...)); + void usage __P((void)); + + static struct nlist symbols[] = { + @@ -420,11 +419,6 @@ + seminfo.semaem); + } + if (display & SEMINFO) { + - if (semconfig(SEM_CONFIG_FREEZE) != 0) { + - perror("semconfig"); + - fprintf(stderr, + - "Can't lock semaphore facility - winging it...\n"); + - } + kvm_read(kd, symbols[X_SEMA].n_value, &sema, sizeof(sema)); + xsema = malloc(sizeof(struct semid_ds) * seminfo.semmni); + kvm_read(kd, (u_long) sema, xsema, sizeof(struct semid_ds) * seminfo.semmni); + @@ -470,8 +464,6 @@ + printf("\n"); + } + } + - + - (void) semconfig(SEM_CONFIG_THAW); + + printf("\n"); + } + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOSpSolUuHi5z0oilAQH+jgP9HxVwbtFPUs9E3CuoeKb6rdDM6GRZUqgt +WpXRSpGkAjQmGNZl/33DN7gt0HnjIvl4lZCHhSVKrl4vg4URU+MQJKEudmdm7/v/ +G6nH33ytuXtjC1/tMGquuHLnzhaaaDmYJErPtHgyWPbuN9JTTlvaqQjtJ6IsyBPU +27eN3Py107o= +=bah2 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:20.krb5.asc b/share/security/advisories/FreeBSD-SA-00:20.krb5.asc new file mode 100644 index 0000000000..8f7fb29698 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:20.krb5.asc @@ -0,0 +1,98 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:20 Security Advisory + FreeBSD, Inc. + +Topic: krb5 port contains remote and local root exploits. + +Category: ports +Module: krb5 +Announced: 2000-05-26 +Credits: Jeffrey I. Schiller +Affects: Ports collection prior to the correction date +Corrected: 2000-05-17 +Vendor status: Patch released +FreeBSD only: NO + +I. Background + +MIT Kerberos 5 is an implementation of the Kerberos 5 protocol which +is available in the FreeBSD ports collection as the security/krb5 +port. FreeBSD also includes separately-developed Kerberos 4 and 5 +implementations from KTH, which are optionally installed as part of +the base system (KTH Heimdal, the Kerberos 5 implementation, is +currently considered "experimental" software). + +II. Problem Description + +The MIT Kerberos 5 port, versions 1.1.1 and earlier, contains several +remote and local buffer overflows which can lead to root compromise. + +Note that the implementations of Kerberos shipped in the FreeBSD base +system are separately-developed software to MIT Kerberos and are +believed not to be vulnerable to these problems. + +However, a very old release of FreeBSD dating from 1997 (FreeBSD +2.2.5) did ship with a closely MIT-derived Kerberos implementation +("eBones") and may be vulnerable to attacks of the kind described +here. Any users still using FreeBSD 2.2.5 and who have installed the +optional Kerberos distribution are urged to upgrade to 2.2.8-STABLE or +later. Note however that FreeBSD 2.x is no longer an officially +supported version, nor are security fixes always provided. + +The krb5 port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +nearly 3300 third-party applications in a ready-to-install format. The +ports collection shipped with FreeBSD 4.0 contains this problem since +it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local or remote users can obtain root access on the system running krb5. + +If you have not chosen to install the krb5 port, then your system is +not vulnerable to this problem. + +IV. Workaround + +Due to the nature of the vulnerability there are several programs and +network services which are affected. If recompiling the port is not +practical, please see the MIT Kerberos advisory for suggested +workarounds (including the disabling or adjustment of services and +removal of setuid permissions on vulnerable binaries). The advisory +can be found at the following location: + +http://web.mit.edu/kerberos/www/advisories/krb4buf.txt + +V. Solution + +1) Upgrade your entire ports collection and rebuild the krb5 port. A +package is not provided for this port for export control reasons. + +2) download a new port skeleton for the krb5 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +3) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOS626lUuHi5z0oilAQHUWAP+LqSso3fDe+k7/6EJMc5iH9JgbrD2JARh +mQOV6m9qUgZbcaEc9oUrsEJIurFGGukCAbGA82dPHGWpNFzbzL3pXgqcswVvHIqV +qoZuzLyLV5+1NaurwovmXD2hQH56Cgaa+N4byxuxs+cnIbfJNF8DEYjhnPqVHc9l +sP0RelxSDuk= +=yPXe +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:21.ssh.asc b/share/security/advisories/FreeBSD-SA-00:21.ssh.asc new file mode 100644 index 0000000000..5444f7b7c7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:21.ssh.asc @@ -0,0 +1,109 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:21 Security Advisory + FreeBSD, Inc. + +Topic: ssh port listens on extra network port [REVISED] + +Category: ports +Module: ssh +Announced: 2000-06-07 +Credits: Jan Koum +Affects: Ports collection. +Corrected: 2000-04-21 +FreeBSD only: Yes + +I. Background + +SSH is an implementation of the Secure Shell protocol for providing +encrypted and authenticated communication between networked machines. + +II. Problem Description + +A patch added to the FreeBSD SSH port on 2000-01-14 incorrectly +configured the SSH daemon to listen on an additional network port, +722, in addition to the usual port 22. This change was made as part of +a patch to allow the SSH server to listen on multiple ports, but the +option was incorrectly enabled by default. + +This may cause a violation of security policy if the additional port +is not subjected to the same access-controls (e.g. firewallling) as +the standard SSH port. + +Note this is not a vulnerability associated with the SSH software +itself, and it is not likely to be a risk for the majority of +installations, since a remote user must still have valid SSH +credentials in order to access the SSH server on the alternate +port. The risk is that users may be able to access the SSH server from +IP addresses which are prohibited to connect to the standard port. + +The ssh port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 3300 third-party applications in a ready-to-install format. The +ports collection shipped with FreeBSD 4.0 contains this problem since +it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +FreeBSD 4.0 ships with OpenSSH, a free implementation of the SSH +protocol, included within the base system. OpenSSH does not suffer +from this misconfiguration. + +III. Impact + +Remote users with valid SSH credentials may access the ssh server on a +non-standard port, potentially bypassing IP address access controls on +the standard SSH port. + +If you have not chosen to install the ssh port/package, or installed +it prior to 2000-01-14 or after 2000-04-21, then your system is not +vulnerable to this problem. + +IV. Workaround + +One of the following: + +1) Comment out the line "Port 722" in /usr/local/etc/sshd_config and +restart sshd + +2) Add filtering rules to your perimeter firewall, or on the local +machine (using ipfw or ipf) to limit connections to port 722. + +3) Deinstall the ssh port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the ssh port. + +2) download a new port skeleton for the ssh port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. Note that packages are not provided +for the ssh port. + +3) Use the portcheckout utility to automate option (2) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +VI. Revision History + +v1.0 2000-06-07 Initial release +v1.1 2000-06-07 Corrected typo in name of sshd config file + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOT7lF1UuHi5z0oilAQHLaQP+LyCyEfrzDh63awRl8swXzHLpYib1upd+ +nUbctw+HOc7GfWGCUFfzhTUWvuwjqx43reE1XSX5ETXm4nVKwMDCum35FomlrUB+ +3LQeXHgsogeTmGzNoWqaJBhvC7ffMBWZrW4JFokasyWbOgJhhWiklBRVojkale0Y +e+CNOgK3f3U= +=no4A +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:22.apsfilter.asc b/share/security/advisories/FreeBSD-SA-00:22.apsfilter.asc new file mode 100644 index 0000000000..a9c7bbe727 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:22.apsfilter.asc @@ -0,0 +1,89 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:22 Security Advisory + FreeBSD, Inc. + +Topic: apsfilter allows users to execute arbitrary commands as + user lpd + +Category: ports +Module: apsfilter +Announced: 2000-06-07 +Credits: Fixed by vendor. +Affects: Ports collection. +Corrected: 2000-04-29 +Vendor status: Updated version released. +FreeBSD only: NO + +I. Background + +apsfilter is a print filter which automatically handles the conversion +of various types of file into a format understood by the printer. + +II. Problem Description + +The apsfilter port, versions 5.4.1 and below, contain a vulnerability +which allow local users to execute arbitrary commands as the user +running lpd, user root in a default FreeBSD installation. The +apsfilter software allows users to specify their own filter +configurations, which are read in an insecure manner and may be used +to elevate privileges. + +The apsfilter port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3300 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.0 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local users can cause arbitrary commands to be executed as root. + +If you have not chosen to install the apsfilter port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the apsfilter port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the apsfilter port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/print/apsfilter-5.4.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/print/apsfilter-5.4.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/print/apsfilter-5.4.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/print/apsfilter-5.4.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/print/apsfilter-5.4.2.tgz + +3) download a new port skeleton for the apsfilter port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOT7YnFUuHi5z0oilAQExcgP/T7U8rtKfUE6sn3QiLrhVueX/h06gvUtp +aSwqtd4EVS8FMbnMARs+TAcrLUVQBaHf7RA0LtIHhD441HNUmC0mbtL0GJQr1tI4 +3H5tfqav7y3C0PiLe+4yy4HPjhOcZtOneldIf76hU+HiaCwWo6uBvv7ue3z1IIJQ +o6BuABiKzE0= +=S7V8 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:23.ip-options.asc b/share/security/advisories/FreeBSD-SA-00:23.ip-options.asc new file mode 100644 index 0000000000..dc91a0744c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:23.ip-options.asc @@ -0,0 +1,172 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:23 Security Advisory + FreeBSD, Inc. + +Topic: Remote denial-of-service in IP stack [REVISED] + +Category: core +Module: kernel +Announced: 2000-06-19 +Revised: 2000-07-11 +Affects: FreeBSD systems prior to the correction date +Credits: NetBSD Security Advisory 2000-002, and + Jun-ichiro itojun Hagino +Corrected: (Several bugs fixed, the date below is that of the most + recent fix) + 2000-06-08 (3.4-STABLE) + 2000-06-08 (4.0-STABLE) + 2000-06-02 (5.0-CURRENT) +FreeBSD only: NO + +I. Background + +II. Problem Description + +There are several bugs in the processing of IP options in the FreeBSD +IP stack, which fail to correctly bounds-check arguments and contain +other coding errors leading to the possibility of data corruption and +a kernel panic upon reception of certain invalid IP packets. + +This set of bugs includes the instance of the vulnerability described +in NetBSD Security Advisory 2000-002 (see +ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc) +as well as other bugs with similar effect. + +III. Impact + +Remote users can cause a FreeBSD system to panic and reboot. + +IV. Workaround + +Incoming packets containing IP Options can be blocked at a perimeter +firewall or on the local system, using ipfw(8) (ipf(8) is also capable +of blocking packets with IP Options, but is not described here). + +The following ipfw rules are believed to prevent the denial-of-service +attack (replace the rule numbers '100'-'103' with whichever rule +numbers are appropriate for your local firewall, if you are already +using ipfw): + +ipfw add 100 deny log ip from any to any ipopt rr +ipfw add 101 deny log ip from any to any ipopt ts +ipfw add 102 deny log ip from any to any ipopt ssrr +ipfw add 103 deny log ip from any to any ipopt lsrr + +Note that there are legitimate uses for IP options, although they are +no believed to be in common use, and blocking them should not cause +any problems. Therefore the log entries generated by these ipfw rules +will not necessarily be evidence of an attempted attack. Furthermore, +the packets may be spoofed and have falsified source addresses. + +V. Solution + +One of the following: + +1) Upgrade your FreeBSD system to 3.4-STABLE, 4.0-STABLE or +5.0-CURRENT after the respective correction dates. + +2) Apply the patch below and recompile your kernel. + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:23/ip_options.diff +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:23/ip_options.diff.asc + +# cd /usr/src/sys/netinet +# patch -p < /path/to/patch_or_advisory + +[ Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system ] + +VI. Revision History + +v1.0 2000-06-19 Initial release +v1.1 2000-07-11 Note workaround using ipfw. + + Index: ip_icmp.c + =================================================================== + RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v + retrieving revision 1.39 + diff -u -r1.39 ip_icmp.c + --- ip_icmp.c 2000/01/28 06:13:09 1.39 + +++ ip_icmp.c 2000/06/08 15:26:39 + @@ -662,8 +662,11 @@ + if (opt == IPOPT_NOP) + len = 1; + else { + + if (cnt < IPOPT_OLEN + sizeof(*cp)) + + break; + len = cp[IPOPT_OLEN]; + - if (len <= 0 || len > cnt) + + if (len < IPOPT_OLEN + sizeof(*cp) || + + len > cnt) + break; + } + /* + Index: ip_input.c + =================================================================== + RCS file: /ncvs/src/sys/netinet/ip_input.c,v + retrieving revision 1.130 + diff -u -r1.130 ip_input.c + --- ip_input.c 2000/02/23 20:11:57 1.130 + +++ ip_input.c 2000/06/08 15:25:46 + @@ -1067,8 +1067,12 @@ + if (opt == IPOPT_NOP) + optlen = 1; + else { + + if (cnt < IPOPT_OLEN + sizeof(*cp)) { + + code = &cp[IPOPT_OLEN] - (u_char *)ip; + + goto bad; + + } + optlen = cp[IPOPT_OLEN]; + - if (optlen <= 0 || optlen > cnt) { + + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) { + code = &cp[IPOPT_OLEN] - (u_char *)ip; + goto bad; + } + @@ -1174,6 +1178,10 @@ + break; + + case IPOPT_RR: + + if (optlen < IPOPT_OFFSET + sizeof(*cp)) { + + code = &cp[IPOPT_OFFSET] - (u_char *)ip; + + goto bad; + + } + if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) { + code = &cp[IPOPT_OFFSET] - (u_char *)ip; + goto bad; + Index: ip_output.c + =================================================================== + RCS file: /ncvs/src/sys/netinet/ip_output.c,v + retrieving revision 1.99 + diff -u -r1.99 ip_output.c + --- ip_output.c 2000/03/09 14:57:15 1.99 + +++ ip_output.c 2000/06/08 15:27:08 + @@ -1302,8 +1302,10 @@ + if (opt == IPOPT_NOP) + optlen = 1; + else { + + if (cnt < IPOPT_OLEN + sizeof(*cp)) + + goto bad; + optlen = cp[IPOPT_OLEN]; + - if (optlen <= IPOPT_OLEN || optlen > cnt) + + if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) + goto bad; + } + switch (opt) { + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWuYHFUuHi5z0oilAQEp+wP/bK5jRQXK/d3sQw9cph/usAbiYUD6Ux3l +MIo1R1ZPWnIE20Hx334hvr3u5AUnbtjkFg+86WZcpv5bgWjKS2VLyV4UjJIMMOQr +sSDXta5X4XRO0aXv1Td/Jlkoh2UcoayhKssYa3LLwgcYq++BBGrwbJM+ShUGmllS +qQ86FwHKdow= +=5Ksz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:24.libedit.asc b/share/security/advisories/FreeBSD-SA-00:24.libedit.asc new file mode 100644 index 0000000000..200ca96e99 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:24.libedit.asc @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:24 Security Advisory + FreeBSD, Inc. + +Topic: libedit reads config file from current directory + +Category: core +Module: libedit +Announced: 2000-07-05 +Affects: All versions of FreeBSD prior to the correction date +Credits: Tim Vanderhoek +Vendor status: Notified +Corrected: 2000-05-22 +FreeBSD only: NO + +I. Background + +libedit is a library of routines for providing command editing and +history retrieval for interactive command-oriented programs. + +II. Problem Description + +libedit incorrectly reads an ".editrc" file in the current directory +if it exists, in order to specify configurable program +behaviour. However it does not check for ownership of the file, so an +attacker can cause a libedit application to execute arbitrary key +rebindings and exercise terminal capabilities by creating an .editrc +file in a directory from which another user executes a libedit binary +(e.g. root running ftp(1) from /tmp). This can be used to fool the +user into unknowingly executing program commands which may compromise +system security. For example, ftp(1) includes the ability to escape to +a shell and execute a command, which can be done under libedit +control. + +The supplied patch removes this behaviour and causes libedit to only +search for its configuration file in the home directory of the user, +if it exists and the binary is not running with increased privileges +(i.e. setuid or setgid). + +FreeBSD 3.5-RELEASE is not affected by this vulnerability, although +4.0-RELEASE is affected since the problem was discovered after it was +released. + +III. Impact + +An attacker can cause a user to execute arbitrary commands within a +program which is run from a directory to which the attacker has write +access, potentially leading to system compromise if run as a +privileged user (such as root). + +IV. Workaround + +Do not interactively run utilities which link against libedit from +directories which can be written to by other users. + +To identify utilities which link dynamically against libedit, download +the libfind tool and detached PGP signature as follows: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:24/libfind.sh +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:24/libfind.sh.asc + +Verify the detached signature using your PGP utility. + +Run the libfind.sh tool as root, as follows: + +# sh libfind.sh libedit / + +Note that it is not feasible to locate utilities which link statically +against libedit since there are no common strings embedded in such +binaries. However the following is believed to be a complete list of +statically and dynamically linked FreeBSD system utilities which link +against the library: + +/bin/sh +/sbin/fsdb +/usr/bin/ftp +/usr/sbin/cdcontrol +/usr/sbin/lpc +/usr/sbin/nslookup +/usr/sbin/pppctl + +Because libedit is not a portable library in common use there are +unlikely to be many FreeBSD ports which link statically against it: no +such ports are known at this time. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable system to a version dated after the +correction date. + +2) Save the advisory into a file or download the patch and detached +PGP signature: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:24/libedit.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:24/libedit.patch.asc + +Verify the detached PGP signature using your PGP utility. + +Apply the patch and rebuild as follows: + +# cd /usr/src/lib/libedit +# patch -p < /path/to/patch/or/advisory + +and rebuild your system as described in + +http://www.freebsd.org/handbook/makeworld.html + + --- el.c 1999/08/20 01:17:12 1.6 + +++ el.c 2000/05/22 05:55:22 1.7 + @@ -290,13 +294,10 @@ + char *ptr, path[MAXPATHLEN]; + + if (fname == NULL) { + - fname = &elpath[1]; + - if ((fp = fopen(fname, "r")) == NULL) { + - if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL) + - return -1; + - (void)snprintf(path, sizeof(path), "%s%s", ptr, elpath); + - fname = path; + - } + + if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL) + + return -1; + + (void) snprintf(path, sizeof(path), "%s%s", ptr, elpath); + + fname = path; + } + + if ((fp = fopen(fname, "r")) == NULL) + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWGmz1UuHi5z0oilAQF1rwP/QhuVAAmc1873YHkhTS8kMTPR63HoIlkc +8VRgf0PU6Z3AObVq6fjt3ZikCUXf7d8NhiTqRdL1Cb/Koai56yP+E5Fqbt2U5JCC +cNbWIlI8NYKxAybgOsx+9EJGSnGfrjjjvxG6MguwcyJ+W1DS3M41mDzv8C1hdpqw +/QAi9qToH+Q= +=TlZc +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:25.alpha-random.asc b/share/security/advisories/FreeBSD-SA-00:25.alpha-random.asc new file mode 100644 index 0000000000..6e7192d043 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:25.alpha-random.asc @@ -0,0 +1,134 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:25 Security Advisory + FreeBSD, Inc. + +Topic: FreeBSD/Alpha platform lacks kernel pseudo-random number + generator, some applications fail to detect this. + +Category: core +Module: kernel +Announced: 2000-06-12 +Affects: FreeBSD/Alpha prior to the correction date. +Corrected: 2000-05-10 (4.0-STABLE) + 2000-04-28 (5.0-CURRENT) +FreeBSD only: Yes + +I. Background + +The FreeBSD kernel provides a cryptographic-strength pseudo-random +number generator via the /dev/random and /dev/urandom interfaces, +which samples hardware measurements to provide a high-quality source +of "entropy" (randomness). + +II. Problem Description + +The FreeBSD port to the Alpha platform did not provide the /dev/random +or /dev/urandom devices - this was an oversight during the development +process which was not corrected before the Alpha port "became +mainstream". FreeBSD/i386 is not affected. + +As a consequence, there is no way for Alpha systems prior to the +correction date to obtain cryptographic-strength random numbers, +unless an application "rolls its own" entropy gathering +mechanism. This in itself is not a vulnerability, although it is an +omission and a departure from the expected behaviour of a FreeBSD +system. + +The actual vulnerability is that some applications fail to correctly +check for a working /dev/random and do not exit with an error if it is +not available, so this weakness goes undetected. OpenSSL 0.9.4, and +utilities based on it, including OpenSSH (both of which are included +in the base FreeBSD 4.0 system) are affected in this manner (this bug +was corrected in OpenSSL 0.9.5) + +Therefore, cryptographic security systems on vulnerable FreeBSD/Alpha +systems (including OpenSSH in the base FreeBSD 4.0 system) may have +weakened strength, and cryptographic keys generated on such systems +should not be trusted. + +III. Impact + +Cryptographic secrets (such as OpenSSH public/private keys) generated +on FreeBSD/Alpha systems may be much weaker than their "advertised" +strength, and may lead to data compromise to a dedicated and +knowledgeable attacker. + +PGP/GnuPG keys, and keys generated by the SSH or SSH2 ports, are not +believed to be weakened since that software will correctly detect the +lack of a working /dev/random and use alternative sources of +entropy. OpenSSH and OpenSSL are currently the only known vulnerable +applications. + +IV. Workaround + +None available. + +V. Solution + +One of the following three options, followed by step 2). + +1a) Upgrade your FreeBSD/Alpha system to FreeBSD 4.0-STABLE after the +correction date. + +1b) install the patched 4.0-RELEASE GENERIC kernel available from: + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz + +e.g. perform the following steps as root: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz.asc + +[ Verify the detached PGP signature using your PGP utility - consult your +utility's documentation for how to do this ] + +# gunzip kernel.gz +# cp /kernel /kernel.old +# chflags noschg /kernel +# cp kernel /kernel +# chflags schg /kernel + +1c) Download the kernel source patch and rebuild your FreeBSD/Alpha +kernel, as follows: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.sys.diff + +Download the detached PGP signature: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.sys.diff.asc + +and verify the signature using your PGP utility. + +Apply the patch: + +# cd /usr/src +# patch -p < /path/to/kernel.sys.diff + +Rebuild your kernel as described in + +http://www.freebsd.org/handbook/kernelconfig.html + +and reboot with the new kernel. + +NOTE: Because of the significant improvements to the FreeBSD/Alpha +platform in FreeBSD 4.0, it is not planned at this time to backport +the necessary changes to FreeBSD 3.4-STABLE. + +2) Immediately regenerate all OpenSSH-generated SSH keys and +OpenSSL-generated SSL certificates, and any other data relying on +cryptographic random numbers which were generated on FreeBSD/Alpha +systems, whose strength cannot be verified. [Note: for most systems, +the only significant vulnerability is likely to be from OpenSSH and +OpenSSL-generated keys and certificates (e.g. for SSL webservers)] + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOUVa6lUuHi5z0oilAQG/VQP/bXSr0YdjwTVuHrc1JOTzKMqSJYyff50d +6Jg7VNL+X2B7hQcWUC8Rn/m+qy6byc9g51v8Wyk70olUs1Fy4bTGh+iEpE0mbQ45 +tx75z/Uhq46fYP3ldBx9XvXJQxRHXrPos7gfTOVVdJcchIIgJdtxC7LfvOswbnvY +EK+rxB2I9f8= +=ee12 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:26.popper.asc b/share/security/advisories/FreeBSD-SA-00:26.popper.asc new file mode 100644 index 0000000000..e833dd6679 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:26.popper.asc @@ -0,0 +1,105 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:26 Security Advisory + FreeBSD, Inc. + +Topic: popper port contains remote vulnerability [REVISED] + +Category: ports +Module: popper +Announced: 2000-07-05 +Revised: 2000-07-11 +Credits: Prizm +Affects: Ports collection. +Corrected: 2000-05-25 +Vendor status: Notified +FreeBSD only: NO + +I. Background + +QPopper is a popular POP3 mail server. + +II. Problem Description + +The qpopper port, version 2.53 and earlier, incorrectly parses string +formatting operators included in part of the email message header. A +remote attacker can send a malicious email message to a local user +which can cause arbitrary code to be executed on the server when a POP +client retrieves the message using the UIDL command. The code is +executed as the user who is retrieving mail: thus if root reads email +via POP3 this can lead to a root compromise. This vulnerability is +not present in qpopper-3.0.2, also available in FreeBSD ports. + +The qpopper port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3500 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.0 contains this +problem since it was discovered after the release, but it was fixed in +time for FreeBSD 3.5. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users can cause arbitrary code to be executed as the retrieving +user when a POP client retrieves email. + +If you have not chosen to install the qpopper-2.53 port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the qpopper-2.53 port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the qpopper port, +or upgrade to qpopper-3.0.2 available in /usr/ports/mail/popper3. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/qpopper-2.53.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/qpopper-2.53.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/qpopper-2.53.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/qpopper-2.53.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/qpopper-2.53.tgz + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/qpopper3-3.0.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/qpopper3-3.0.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/qpopper3-3.0.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/qpopper3-3.0.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/qpopper3-3.0.2.tgz + +3) download a new port skeleton for the qpopper port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +VI. Revision History + +v1.0 2000-07-05 Initial release +v1.1 2000-07-11 Correct URL of qpopper-2.53 package and note availability of + qpopper3-3.0.2. Update size of ports collection. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWuXjlUuHi5z0oilAQGviQP/TQqQXqwU0TBkJbvdtuLLXZdcjywbX39p +O5EgHOjsHxnLkfOCYXJ+wQ+2s88OZouFhsR4OcTJDC8UobgVlKicOOEShov6IkrN +rwJfkc7fgxuLVOW8Y3ef3gixqhCkCsgMI5NlvKt88YThr1y0Z8GnK5u9gxz1YUKA +M9iveHnUsSU= +=5bHQ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:27.XFree86-4.asc b/share/security/advisories/FreeBSD-SA-00:27.XFree86-4.asc new file mode 100644 index 0000000000..9f17c5cf86 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:27.XFree86-4.asc @@ -0,0 +1,110 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:27 Security Advisory + FreeBSD, Inc. + +Topic: XFree86-4.0 port contains local root overflow + +Category: ports +Module: Xfree86-4 +Announced: 2000-07-05 +Credits: Michal Zalewski +Affects: Ports collection. +Corrected: 2000-06-09 +Vendor status: Vendor eventually released patch +FreeBSD only: NO + +I. Background + +XFree86 4.0 is a development version of the popular XFree86 X Windows +system. + +II. Problem Description + +XFree86 4.0 contains a local root vulnerability in the XFree86 server +binary, due to incorrect bounds checking of command-line +arguments. + +The server binary is setuid root, in contrast to previous versions +which had a small setuid wrapper which performed (among other things) +argument sanitizing. + +The XFree86-4 port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3400 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.0 contains this +problem since it was discovered after the release, but it was fixed in +time for FreeBSD 3.5. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users can obtain root access. + +If you have not chosen to install the XFree86-4 port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the XFree86-4 port/package, if you you have installed it, or +limit the execution file permissions on the /usr/X11R6/bin/XFree86 +binary so that only members of a trusted group may run the binary. + +V. Solution + +At this time, we do not recommend using XFree86 4.0 on multi-user +systems with untrusted users, because of the lack of security in the +server binary. The current "stable" version, XFree86 3.3.6, is also +available in FreeBSD ports. + +One of the following: + +1) Upgrade your entire ports collection and rebuild the XFree86-4 port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/XFree86-4.0.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/XFree86-4.0.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11/XFree86-4.0.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/XFree86-4.0.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11/XFree86-4.0.tar.gz + +An updated version of XFree86, version 4.0.1, has just been released, +which is believed to also fix the problems detailed in this advisory, +however the X server is still installed setuid root and so the above +warning against installation on multi-user machines still applies. The +packages will be available at the following locations in the next few +days: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/XFree86-4.0.1.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/XFree86-4.0.1.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11/XFree86-4.0.1.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/XFree86-4.0.1.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11/XFree86-4.0.1.tar.gz + +3) download a new port skeleton for the XFree86-4 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWGrplUuHi5z0oilAQFDjgP9E3l6VG7ic+F0HMDsSDGbsYrIFM3hvBDJ +hu22Vu/F18PyeOVrgZY4ljE/BvdSy4bJMJSDJsrP4jYicse7ArwvSLEJOjoIuPoK +ErUCz34UgNAWs+zszFD0V5xAuWH3Oyii4qamqDnSaurYl6oKp5tPNx2vSrA3UDxM +moK703Mpfak= +=nu3f +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:28.majordomo.asc b/share/security/advisories/FreeBSD-SA-00:28.majordomo.asc new file mode 100644 index 0000000000..14c8907504 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:28.majordomo.asc @@ -0,0 +1,76 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:28 Security Advisory + FreeBSD, Inc. + +Topic: majordomo is not safe to run on multi-user machines + +Category: ports +Module: majordomo +Announced: 2000-07-05 +Affects: Ports collection. +Corrected: See below +Vendor status: Problem documented +FreeBSD only: NO + +I. Background + +Majordomo is a popular mailing-list manager. + +II. Problem Description + +Majordomo contains a number of perl scripts which are executed by a +setuid wrapper for providing mailing-list management +functionality. However there are numerous weaknesses in these scripts +which allow unprivileged users to run arbitrary commands as the +majordomo user, as well as obtaining read and write access to the +mailing list data. + +The majordomo port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3400 third-party applications in a ready-to-install +format. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users can run commands as the 'majordomo' user, +including accessing and modifying mailing-list subscription data. + +If you have not chosen to install the majordomo port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the majordomo port/package, if you you have installed it, or +limit the permissions of the majordomo/ directory and/or its contents +appropriately (see below). + +V. Solution + +Since the vendor has chosen not to fix the various security holes in +the default installation of majordomo, there is no simple solution. It +may be possible to adequately secure the majordomo installation while +retaining required functionality, by tightening the permissions on the +/usr/local/majordomo directory and/or its contents, but these actions +are not taken by the FreeBSD port and are beyond the scope of this +advisory. + +Instead we recommend that majordomo not be used on a system which +contains untrusted users, or an alternative mailing-list manager be +used. There are several such utilities in the FreeBSD ports +collection. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWGsGFUuHi5z0oilAQFUtgP9Gwb/h0AFJB8RH9LkE3zlmaTfePGGnIgk +/SBux8RBiwPnEw4M25mZt26eV6Bd/MIdN8Gnb7q551TD8nrZu0N6//vi5w8uM5/l +itRXtnE4FfqERWOTOt25b8N0kCtqESqGMPMyA1m1x+7wFHpq1B69gsQl8MbohUr5 +NlLkkEu6AQI= +=EkWc +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:29.wu-ftpd.asc b/share/security/advisories/FreeBSD-SA-00:29.wu-ftpd.asc new file mode 100644 index 0000000000..1e3c906936 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:29.wu-ftpd.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:29 Security Advisory + FreeBSD, Inc. + +Topic: wu-ftpd port contains remote root compromise [REVISED] + +Category: ports +Module: wu-ftpd +Announced: 2000-07-05 +Revised: 2000-07-11 +Credits: tf8 +Affects: Ports collection. +Corrected: 2000-06-24 +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +wu-ftpd is a popular FTP server. + +II. Problem Description + +The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability +which allows FTP users, both anonymous FTP users and those with a +valid account, to execute arbitrary code as root on the local machine, +by inserting string-formatting operators into command input, which are +incorrectly parsed by the FTP server. + +The wu-ftpd port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5 and 4.0 +contains this problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +FTP users, including anonymous FTP users, can cause arbitrary commands +to be executed as root on the local machine. + +If you have not chosen to install the wu-ftpd port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the wu-ftpd port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the wu-ftpd port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/wu-ftpd-2.6.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/wu-ftpd-2.6.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/wu-ftpd-2.6.0.tgz + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) download a new port skeleton for the wu-ftpd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +VI. Revision History + +v1.0 2000-07-05 Initial release +v1.1 2000-07-11 Clarify that vulnerability affects all FTP users, not + just anonymous FTP. Correct URL of package. Update + size of ports collection. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWuZzVUuHi5z0oilAQH+bgQAhpYzJ0xiU787xQFr/YnOJHe0k/CJiDOU +yrfyvGq4Grl4F/czojsyRTd5DwQzBKqIYm1H/z73gxI6nbEe0KaP+omfpzaAy7iK +pLyQJ5qbjQLuc54ed+gV1+lH84QkuMHzUygj5iqvjn91uAA5nMKEMnGbESZz3J4J +NjYmA1EfXbI= +=T7IG +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:30.openssh.asc b/share/security/advisories/FreeBSD-SA-00:30.openssh.asc new file mode 100644 index 0000000000..f4646636d0 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:30.openssh.asc @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:30 Security Advisory + FreeBSD, Inc. + +Topic: OpenSSH UseLogin directive permits remote root access + +Category: core +Module: openssh +Announced: 2000-07-05 +Credits: Markus Friedl +Affects: FreeBSD 4.0-RELEASE, FreeBSD 4.0-STABLE and 5.0-CURRENT + prior to the correction date +Corrected: 2000-06-11 +Vendor status: Disclosed vulnerability. +FreeBSD only: NO + +I. Background + +OpenSSH is an implementation of the SSH1 (and SSH2 in later versions) +secure shell protocols for providing encrypted and authenticated +network access, which is available free for unrestricted use. + +II. Problem Description + +The sshd server is typically invoked as root so it can manage general +user logins. OpenSSH has a configuration option, not enabled by +default ("UseLogin") which specifies that user logins should be done +via the /usr/bin/login command instead of handled internally. + +OpenSSH also has a facility to enable remote users to execute commands +on the server non-interactively. In this case, the UseLogin directive +fails to correctly drop root privileges before executing the command, +meaning that remote users without root access can execute commands on +the local system as root. + +Note that with the default configuration, OpenSSH is not vulnerable to +this problem, and this option is not needed for the vast majority of +systems. + +OpenSSH is installed if you chose to install the 'crypto' distribution +at install-time or when compiling from source, and you either have the +international RSA libraries or installed the RSAREF port. + +III. Impact + +If your sshd configuration was modified to enable the 'UseLogin' +directive then remote users with SSH access to the local machine can +execute arbitrary commands as root. + +IV. Workaround + +Set 'UseLogin No' in your /etc/ssh/sshd_config file and restart the +SSH server by issuing the following command as root: + +# kill -HUP `cat /var/run/sshd.pid` + +This will cause the parent process to respawn and reread its +configuration file, and should not interfere with existing SSH sessions. + +Note that a bug in sshd (discovered during preparation of this +advisory, fixed in FreeBSD 5.0-CURRENT and 4.0-STABLE as of +2000-07-03) means that it will fail to restart correctly unless it was +originally invoked with an absolute path (i.e. "/usr/sbin/sshd" +instead of "sshd"). Therefore you should verify that the server is +still running after you deliver the HUP signal: + +# ps -p `cat /var/run/sshd.pid` + PID TT STAT TIME COMMAND + 2110 ?? Ss 0:00.97 /usr/sbin/sshd + +If the server is no longer running, restart it by issuing the +following command as root: + +# /usr/sbin/sshd + +V. Solution + +One of the following: + +1) Upgrade to FreeBSD 4.0-STABLE or 5.0-CURRENT after the correction +date. Note that these versions of FreeBSD contain a newer version of +OpenSSH than was in 4.0-RELEASE, version 2.1, which provides enhanced +functionality including support for the SSH2 protocol and DSA keys. + +2) Save this advisory as a file and extract the relevant patch for +your version of FreeBSD, or download the relevant patch and detached +PGP signature from the following location: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:30/sshd.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:30/sshd.patch.asc + +Verify the detached signature using your PGP utility. + +Issue the following commands as root: + +# cd /usr/src/crypto/openssh +# patch -p < /path/to/patch/or/advisory +# cd /usr/src/secure/lib/libssh +# make all +# cd /usr/src/secure/usr.sbin/sshd +# make all install +# kill -HUP `cat /var/run/sshd.pid` + +See the note in the "Workarounds" section about verifying that the +sshd server is still running. + +VI. Patch + + Index: sshd.c + =================================================================== + RCS file: /home/ncvs/src/crypto/openssh/sshd.c,v + retrieving revision 1.6 + diff -u -r1.6 sshd.c + --- sshd.c 2000/03/09 14:52:31 1.6 + +++ sshd.c 2000/07/04 03:40:46 + @@ -2564,7 +2564,13 @@ + char *argv[10]; + #ifdef LOGIN_CAP + login_cap_t *lc; + +#endif + + + /* login(1) is only called if we execute the login shell */ + + if (options.use_login && command != NULL) + + options.use_login = 0; + + + +#ifdef LOGIN_CAP + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWPAn1UuHi5z0oilAQEt8QP+KlhsdMVqBjI6mhO/opnpIr+vFo5zxu4R +rhPwSfyXf/ufRPcJbiQFjBlHwQWaOnt2N3w6MJYI4qNySPHmqIa1Cnxv8Em0K/ke +wdFr8sXOZiqgBbu1aJRSsB+5Vc/TQFdHcY/QGwpUIUGYkDvEYcp46iDpQgiS41BW +9hRgZIgcigo= +=nEJ0 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:31.canna.asc b/share/security/advisories/FreeBSD-SA-00:31.canna.asc new file mode 100644 index 0000000000..95a94973ac --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:31.canna.asc @@ -0,0 +1,116 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:31 Security Advisory + FreeBSD, Inc. + +Topic: Canna port contains remote vulnerability [REVISED] + +Category: ports +Module: Canna +Announced: 2000-07-05 +Revised: 2000-07-11 +Affects: Ports collection. +Corrected: 2000-06-29 +Credits: Shadow Penguin Security + +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +Canna is a Kana-Kanji conversion server. + +II. Problem Description + +The Canna server contains an overflowable buffer which may be +exploited by a remote user to execute arbitrary code on the local +system as user 'bin'. + +The Canna port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3500 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 3.5 contains this +vulnerability since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users can run arbitrary code as user 'bin' on the local system. +Depending on the local system configuration, the attacker may be able +to upgrade privileges further by exploiting local vulnerabilities. + +If you have not chosen to install the Canna port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +One of the following: + +1) Deinstall the Canna port/package, if you you have installed it. + +2) Consider limiting remote access to the Canna server using ipfw(8) +or ipf(8). + +3) Create a /etc/hosts.canna file on the Canna server and list the +hosts which you wish to allow access to the Canna server. For example, +if you want to allow access via localhost only, include the following +in your /etc/hosts.canna file: + + localhost + unix + +If you want to allow access via localhost and some-other-host.com, +which has IP address x.y.z.w, include the following: + + localhost + unix + x.y.z.w + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the Canna port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/japanese/ja-Canna-3.2.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/ja-Canna-3.2.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/japanese/ja-Canna-3.2.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/ja-Canna-3.2.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/japanese/ja-Canna-3.2.2.tgz + +Note: it may be several days before updated packages are available. + +3) download a new port skeleton for the Canna port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +VI. Revision History + +v1.0 2000-07-05 Initial release +v1.1 2000-07-11 Add additional access-control method submitted by KOJIMA Hajime + Correct package URL. Update size of ports collection. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWuZD1UuHi5z0oilAQEAOgP9FFIPBLNxpRkRC4lQqNHDcBQ/7EOapw1p +YstPyT2sJkykj66QtS4CC5Wd4r7qy4EPQodAqYFgQqMRNyZX3PNzuoRTB+CNzE3f +bV1bQq75FTpWBlDhD1LMxSjywgENeBUkuq214diIzUJMBucOa9caFDZ5K+22WquR +S5O/SGoqI/A= +=dynV +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc b/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc new file mode 100644 index 0000000000..bda36aae46 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc @@ -0,0 +1,93 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:32 Security Advisory + FreeBSD, Inc. + +Topic: bitchx port contains client-side vulnerability + +Category: ports +Module: bitchx +Announced: 2000-07-05 +Affects: Ports collection. +Corrected: 2000-07-03 +Vendor status: Patch released +FreeBSD only: NO + +I. Background + +BitchX is a popular IRC client. + +II. Problem Description + +The bitchx client incorrectly parses string-formatting operators +included as part of channel invitation messages sent by remote IRC +users. This can cause the local client to crash, and may possibly +present the ability to execute arbitrary code as the local user. + +The bitchx port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3400 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.0 and 3.5 contain +this problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote IRC users can cause the local client to crash, and possibly +execute code as the local user. + +If you have not chosen to install the bitchx port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Issue the following bitchx command (e.g. as part of a startup script): + +/ignore * invites + +which will disable processing of channel invitation messages. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the bitchx port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/bitchx-1.0c16.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/bitchx-1.0c16.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/bitchx-1.0c16.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/bitchx-1.0c16.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/bitchx-1.0c16.tar.gz + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) download a new port skeleton for the bitchx port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWGvPlUuHi5z0oilAQGEQAP+MbpDIPmejoZUcpVCpIBFP+2LwmR/ouwu +LMuDVgY5l3kaWNIypTNAbMVPDZFx1l3+LEUJfurBLydpH8PnB17C7tE+uPXpNDzA +ph3jjHXazN8DvvdYCD6EcEXccgGIWREz+OUPsH4VZtqC0g84Lt7tpZwBFZ+Fh2Py +gjxO4c2fPE8= +=B4nR +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:33.kerberosIV.asc b/share/security/advisories/FreeBSD-SA-00:33.kerberosIV.asc new file mode 100644 index 0000000000..5ba16436ff --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:33.kerberosIV.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:33 Security Advisory + FreeBSD, Inc. + +Topic: kerberosIV distribution contains multiple vulnerabilities + under FreeBSD 3.x + +Category: core +Module: kerberosIV +Announced: 2000-07-12 +Credits: Assar Westerlund +Affects: FreeBSD 3.x systems prior to the correction date +Corrected: 2000-07-06 +FreeBSD only: NO + +I. Background + +KTH Kerberos is an implementation of the Kerberos 4 protocol which +is distributed as an optional component of the base system. + +II. Problem Description + +Vulnerabilities in the MIT Kerberos 5 port were the subject of an +earlier FreeBSD Security Advisory (SA-00:20). At the time it was +believed that the implementation of Kerberos distributed with FreeBSD +was not vulnerable to these problems, but it was later discovered that +FreeBSD 3.x contained an older version of KTH Kerberos 4 which is in +fact vulnerable to at least some of these vulnerabilities. FreeBSD +4.0-RELEASE and later are unaffected by this problem, although FreeBSD +3.5-RELEASE is vulnerable. + +The exact extent of the vulnerabilities are not known, but are likely +to include local root vulnerabilities on both Kerberos clients and +servers, and remote root vulnerabilities on Kerberos servers. For the +client vulnerabilities, it is not necessary that Kerberos client +functionality be actually configured, merely that the binaries be +present on the system. + +III. Impact + +Local or remote users can obtain root access on the system running +Kerberos, whether as client or server. + +If you have not chosen to install the KerberosIV distribution on your +FreeBSD 3.x system, then your system is not vulnerable to this +problem. + +IV. Workaround + +Due to the nature of the vulnerability there are several programs and +network services which are affected. The following libraries and +utilities are installed by the KerberosIV distribution and must be +removed or replaced with non-Kerberos versions to disable all +Kerberos-related code. + +bin/rcp (*) +sbin/dump (*) +sbin/restore (*) +usr/bin/kadmin +usr/bin/kauth +usr/bin/kdestroy +usr/bin/kinit +usr/bin/klist +usr/bin/ksrvtgt +usr/bin/telnet (*) +usr/bin/cvs (*) +usr/bin/passwd (*) +usr/bin/rlogin (*) +usr/bin/rsh (*) +usr/bin/su (*) +usr/lib/libacl.a +usr/lib/libacl_p.a +usr/lib/libacl.so.3 +usr/lib/libacl.so +usr/lib/libkadm.a +usr/lib/libkadm_p.a +usr/lib/libkadm.so.3 +usr/lib/libkadm.so +usr/lib/libkafs.a +usr/lib/libkafs_p.a +usr/lib/libkafs.so.3 +usr/lib/libkafs.so +usr/lib/libkdb.a +usr/lib/libkdb_p.a +usr/lib/libkdb.so.3 +usr/lib/libkdb.so +usr/lib/libkrb.a +usr/lib/libkrb_p.a +usr/lib/libkrb.so.3 +usr/lib/libkrb.so +usr/lib/libtelnet.a +usr/lib/libtelnet_p.a +usr/libexec/kauthd +usr/libexec/kipd +usr/libexec/kpropd +usr/libexec/telnetd (*) +usr/libexec/rlogind (*) +usr/libexec/rshd (*) +usr/sbin/ext_srvtab +usr/sbin/kadmind +usr/sbin/kdb_destroy +usr/sbin/kdb_edit +usr/sbin/kdb_init +usr/sbin/kdb_util +usr/sbin/kerberos +usr/sbin/kip +usr/sbin/kprop +usr/sbin/ksrvutil +usr/sbin/kstash + +The files marked with a "(*)" are part of the base FreeBSD system when +the Kerberos distribution is not installed, and are replaced when +Kerberos is installed. Therefore you will need to replace them with +non-Kerberos versions from another system, or perform a recompilation +or reinstallation of FreeBSD after removal, if you wish to continue to +use them. + +If you have chosen to install any ports with Kerberos support, such as +the security/ssh port, then you should also remove, or recompile these +with support disabled. + +As an interim measure, access control measures (either a perimeter +firewall, or a local firewall on the affected machine - see the +ipfw(8) manpage for more information) can be used to prevent remote +systems from connecting to Kerberos services on a vulnerable Kerberos +server. + +V. Solution + +Upgrade your vulnerable FreeBSD 3.x system to a version of FreeBSD +dated after the correction date (FreeBSD 3.5-STABLE dated after the +correction date, 4.0-RELEASE or 4.0-STABLE). See +http://www.freebsd.org/handbook/makeworld.html for more information +about upgrading FreeBSD from source. + +Be sure to install the Kerberos code when performing an upgrade +(whether by source or by a binary upgrade) to ensure that the old +binaries are no longer present on the system. + +See the note in section IV. above about recompiling ports which were +compiled with Kerberos support. + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOWzyeVUuHi5z0oilAQFJEwP/ZaecQhuSYfdR4ckwsDtGF86AvmRuqkTo +8A55zz2DeBUPKAVrvJAEuzM15zEL4+w+dofCep9gMAPWlgpNoNHRs4H3BLUjMiXc +UpFgKDYtY/gwYXZKOLVbe4as++G2Polk+oQXrRItV1LGKbjrtjuozPRGmkwCYwOk +/rUWX1tCNLI= +=ysen +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc b/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc new file mode 100644 index 0000000000..e00a0e089b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:34 Security Advisory + FreeBSD, Inc. + +Topic: dhclient vulnerable to malicious dhcp server + +Category: core, ports +Module: dhclient, isc-dhcp2 (ports), isc-dhcp3 (ports) +Announced: 2000-08-14 +Affects: All releases of FreeBSD after FreeBSD 3.2-RELEASE and + prior to the correction date (including FreeBSD 4.0 + and 3.5, but not 4.1) + Ports collection prior to the correction date. +Credits: OpenBSD +Vendor status: Updated version released +Corrected: 2000-07-20 [FreeBSD 4.0 base system] + 2000-08-01 [isc-dhcp2 port] + 2000-07-21 [isc-dhcp3 port] +FreeBSD only: NO + +I. Background + +ISC-DHCP is an implementation of the DHCP protocol containing client +and server. FreeBSD 3.2 and above includes the version 2 client by +default in the base system, and the version 2 and version 3 clients +and servers in the Ports Collection. + +II. Problem Description + +The dhclient utility (DHCP client), versions 2.0pl2 and before (for +the version 2.x series), and versions 3.0b1pl16 and before (for the +version 3.x series) does not correctly validate input from the server, +allowing a malicious DHCP server to execute arbitrary commands as root +on the client. DHCP may be enabled if your system was initially +configured from a DHCP server at install-time, or if you have +specifically enabled it after installation. + +FreeBSD 4.1 is not affected by this problem since it contains the +2.0pl3 client. + +III. Impact + +An attacker who has or gains control of a DHCP server may gain +additional root access to DHCP clients running vulnerable versions of +ISC-DHCP. + +If you are not using dhclient to configure client machines via DHCP, +or your DHCP server is "trusted" according to your local security +policy, then this vulnerability does not apply to you. + +IV. Workaround + +Disable the use of DHCP for configuring client machines: remove the +case-insensitive string "dhcp" from the "ifconfig_" directives in +/etc/rc.conf and replace it with appropriate static interface +configuration according to the rc.conf(5) manpage. + +An example of a DHCP-enabled interface is the following line in +/etc/rc.conf: + +ifconfig_xl0="DHCP" + +V. Solution + +NOTE: At this time the FreeBSD 3.x branch has not yet been patched, +due to logistical difficulties. Users running a vulnerable 3.x system +are advised to either upgrade to FreeBSD 4.1, disable the use of +DHCP as described above, or use the dhclient binary from the isc-dhcp2 +port dated after the correction date. + +1) Upgrade your vulnerable FreeBSD 4.0 system to a version dated after the +correction date. See + +http://www.freebsd.org/handbook/makeworld.html + +for instructions on how to upgrade and recompile your FreeBSD system +from source, or perform a binary upgrade, e.g. to FreeBSD 4.1-RELEASE, +described here: + +http://www.freebsd.org/releases/4.1R/notes.html + +2) (If using the isc-dhcp2 or isc-dhcp3 ports) One of the following: + +2a) Upgrade your entire ports collection and rebuild the isc-dhcp2 or isc-dhcp3 port. + +2b) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[isc-dhcp3] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/isc-dhcp3-3.0.b1.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/isc-dhcp3-3.0.b1.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/isc-dhcp3-3.0.b1.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/isc-dhcp3-3.0.b1.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/isc-dhcp3-3.0.b1.17.tgz + +NOTE: The isc-dhcp2 port is not available as a package. + +2c) download a new port skeleton for the isc-dhcp2 or isc-dhcp3 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +2d) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOZh3J1UuHi5z0oilAQHXBQQAmCLlTUfikHbgBelFd22agjTo/AVwR933 +El0AMRHakiBJAHTMseZ4Nj+HyGUgVzD3oRMgmjx1u+HUCQM2/akuXXZdSHlur5Jc +OyEGxcwxyzYXnNzWAL1vh6MYrpkGDfh74bHircLdO16d6uC1d+0VFmkxUOOFN4zb +g7yK3m2ZOxo= +=qTwd +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:35.proftpd.asc b/share/security/advisories/FreeBSD-SA-00:35.proftpd.asc new file mode 100644 index 0000000000..09b0b1b277 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:35.proftpd.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:35 Security Advisory + FreeBSD, Inc. + +Topic: proftpd port contains remote root compromise + +Category: ports +Module: proftpd +Announced: 2000-08-14 +Credits: lamagra +Affects: Ports collection prior to the correction date. +Corrected: 2000/07/28 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +proftpd is a popular FTP server. + +II. Problem Description + +The proftpd port, versions prior to 1.2.0rc2, contains a vulnerability +which allows FTP users, both anonymous FTP users and those with a +valid account, to execute arbitrary code as root on the local machine, +by inserting string-formatting operators into command input, which are +incorrectly parsed by the FTP server. + +This is the same class of vulnerability as the one described in +FreeBSD Security Advisory 00:29, which pertained to the wu-ftpd port. + +The proftpd port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 3700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5 contains this +problem since it was discovered after the release, but FreeBSD 4.1 did +not ship with the proftpd package (and the port was disabled to +prevent building) because the vulnerability was known but not yet +fixed. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +FTP users, including anonymous FTP users, can cause arbitrary commands +to be executed as root on the local machine. + +If you have not chosen to install the proftpd port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the proftpd port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the proftpd port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/proftpd-1.2.0rc2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/proftpd-1.2.0rc2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/proftpd-1.2.0rc2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/proftpd-1.2.0rc2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/proftpd-1.2.0rc2.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the proftpd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOZh1u1UuHi5z0oilAQFYQQP/UH7MbeD/cm3aPGrPdb8NXUo9giAajayX +uWazNh+kfJGUrpVg3DaYo7jY2ZG5yrBBo5kZRFUUSy5OpDvD20I3QBhtNV0gWItD +n2mkSDP90BG4scmVuwx+GexCz5gZ+frpM2hKXlhtFqJRMA2Sk0R4vzapIvc16EFN +6nraHfzVSCk= +=7ifu +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:36.ntop.asc b/share/security/advisories/FreeBSD-SA-00:36.ntop.asc new file mode 100644 index 0000000000..9c84c640ea --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:36.ntop.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:36 Security Advisory + FreeBSD, Inc. + +Topic: ntop port allows remote and minor local compromise + +Category: ports +Module: ntop +Announced: 2000-08-14 +Credits: Discovered during internal auditing +Affects: Ports collection prior to the correction date. +Corrected: 2000-08-12 (However see below) +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +ntop is a utility for monitoring and summarizing network usage, from +the command-line or remotely via HTTP. + +II. Problem Description + +The ntop software is written in a very insecure style, with many +potentially exploitable buffer overflows (including several +demonstrated ones) which could in certain conditions allow the local +or remote user to execute arbitrary code on the local system with +increased privileges. + +By default the ntop port is installed setuid root and only executable +by root and members of the 'wheel' group. The 'wheel' group is +normally only populated by users who also have root access, but this +is not necessarily the case (the user must know the root password to +increase his or her privileges). ntop allows a member of the wheel +group to obtain root privileges directly through a local exploit. + +If invoked in 'web' mode (ntop -w) then any remote user who can +connect to the ntop server port (which is determined by local +configuration) can execute arbitrary code on the server as the user +running the ntop process, regardless of whether or not they can +authenticate to the ntop server by providing a valid username and +password. + +This will not necessarily yield root privileges unless ntop -w is +executed as root since by the time it services network connections the +program has dropped privileges, although it retains the ability to +view all network traffic on the sampled network interface (instead of +just the connection summaries which ntop normally presents). However, +since ntop is not executable by unprivileged users, it is likely that +the majority of installations using 'ntop -w' are doing so as root, in +which case full system compromise is directly possible. + +The ntop port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 3700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5 and 4.1 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local users who are members of the wheel group can obtain root +privileges without having to pass through the normal system security +mechanisms (i.e. entering the root password). If ntop is run in "web" +mode (ntop -w) then remote users who can connect to the ntop server +port can also execute arbitrary code on the server as the user running +ntop -w (usually root). + +If you have not chosen to install the ntop port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +1) Remove the setuid bit from the ntop binary so that only the +superuser may execute it. Depending on local policy this vulnerability +may not present significant risk. + +2) Avoid using ntop -w. If ntop -w is required, consider imposing +access controls to limit access to the ntop server port (e.g. using a +perimeter firewall, or ipfw(8) or ipf(8) on the local machine). Note +that specifying a username/password access list within the ntop +configuration file is insufficient, as noted above. Users who pass the +access restrictions can still gain privileges as described above. + +V. Solution + +Due to the lack of attention to security in the ntop port no simple +fix is possible: for example, the local root overflow can easily be +fixed, but since ntop holds a privileged network socket a member of +the wheel group could still obtain direct read access to all network +traffic by exploiting other vulnerabilities in the program, which +remains a technical security violation. + +The FreeBSD port has been changed to disable '-w' mode and remove the +setuid bit, so that the command is only available locally to the +superuser. Full functionality will be restored once the ntop +developers have addressed these security concerns and provided an +adequate fix - this advisory will be reissued at that time. + +To upgrade your ntop port/package, perform one of the following: + +1) Upgrade your entire ports collection and rebuild the ntop port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/ntop-1.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ntop-1.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/ntop-1.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/ntop-1.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/ntop-1.1.tgz + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) download a new port skeleton for the ntop port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOZh1m1UuHi5z0oilAQFcIgQArlP0hzT+scsGxjI7wTWXh5fgm5E+CFh0 +EfeIvYgGCzsCCCAS0nm3vo+a1IUxloJdk27K2oO4aCjTLy+gLe/vnW28gWn9dzle +nIyUDFudMpsx/WpO4F4UkMPTX+w0fiWpNvY2KddjwOeBn2xhRJik9ZVTMpc7zTe6 ++2DGgV9jAnM= +=9UuJ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:37.cvsweb.asc b/share/security/advisories/FreeBSD-SA-00:37.cvsweb.asc new file mode 100644 index 0000000000..b610d5488f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:37.cvsweb.asc @@ -0,0 +1,106 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:37 Security Advisory + FreeBSD, Inc. + +Topic: cvsweb allows increased access to CVS committers + +Category: ports +Module: cvsweb +Announced: 2000-08-14 +Credits: Joey Hess +Affects: Ports collection prior to the correction date. +Corrected: 2000-07-11 +Vendor status: Patch released +FreeBSD only: NO + +I. Background + +cvsweb is a CGI script which provides a read-only interface to a CVS +repository for browsing via a web interface. + +II. Problem Description + +The cvsweb port, versions prior to 1.86, contains a vulnerability +which allows users with commit access to a CVS repository monitored by +cvsweb to execute arbitrary code as the user running the cvsweb.cgi +script, which may be located on another machine where the committer +has no direct access. The vulnerability is that cvsweb does not +correctly process input obtained from the repository and is vulnerable +to embedding of commands in committed filenames. Such an action is +however usually highly visible in the CVS repository and provides an +audit trail of sorts for such abuses unless the committer has access +to modify the repository files directly to cover his or her tracks. + +This vulnerability may or may not be a security issue depending on the +local security policy (for example, CVS itself is known to easily +allow committers to execute commands on the CVS server even without a +login account, so this presents little additional exposure if cvsweb +is run on the CVS server itself). + +The cvsweb port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 3700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5 contains this +problem since it was discovered after the release, but it was fixed +prior to the release of FreeBSD 4.1. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +CVS committers can execute code as the user running the cvsweb.cgi +script, which may present a violation of local security policy. + +If you have not chosen to install the cvsweb port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the cvsweb port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the cvsweb port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/cvsweb-1.93.1.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/cvsweb-1.93.1.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/cvsweb-1.93.1.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/cvsweb-1.93.1.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/cvsweb-1.93.1.10.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the cvsweb port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOZh1qlUuHi5z0oilAQEAjAP7B+Kss7dLQ3upyq8HLwVMr5fhOPgW6TWK +BtkZ71mBapFQleZi9vWbpd/R2Cow7i42nsZQi8d7kERiXJRW6EGXr125aIA5NopV +1NoR4BKa9KYOP0CI9jqYUWiMj5PfNy03HlLbrDzHbGOIbqMqcsERXEFNGvt0Qvb4 +qkjHlQ9faRE= +=VajH +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:38.zope.asc b/share/security/advisories/FreeBSD-SA-00:38.zope.asc new file mode 100644 index 0000000000..93220ee8cf --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:38.zope.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:38 Security Advisory + FreeBSD, Inc. + +Topic: zope port allows remote modification of DTML documents + +Category: ports +Module: zope +Announced: 2000-08-14 +Credits: Unknown +Affects: Ports collection prior to the correction date. +Corrected: 2000-08-05 +Vendor status: Patch released +FreeBSD only: NO + +I. Background + +zope is an object-based dynamic web application platform. + +II. Problem Description + +To quote the vendor advisory about this problem: + +> The issue involves an inadequately protected method in one of +> the base classes in the DocumentTemplate package that could allow +> the contents of DTMLDocuments or DTMLMethods to be changed +> remotely or through DTML code without forcing proper user +> authorization. + +The zope port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +nearly 3700 third-party applications in a ready-to-install format. The +ports collections shipped with FreeBSD 3.5 contains this problem, but +FreeBSD 4.1 did not ship with the proftpd package (and the port was +disabled to prevent building) because the vulnerability was known but +not yet fixed. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users can modify DTML documents without authorization. + +If you have not chosen to install the zope port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the zope port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the zope port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/zope-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/zope-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/zope-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/zope-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/zope-2.2.0.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the zope port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOZh1lFUuHi5z0oilAQFsowP+JE+R5hHUpY0pDfNl9Dd/ai354XJh8PYG +X5DlmdMTMiByXkR0KMZBMB9SuRljuqBsknc8L3KB8UIyMUccnN0IhsFqZ2WEYiY4 +EAgS7I5EPTf/4y6g81Vt4g+s3l2XXu845kOv92hwJxFgUMINVXrIduJpdICAgcpr +rcw+4BM/Www= +=AoKX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:39.netscape.asc b/share/security/advisories/FreeBSD-SA-00:39.netscape.asc new file mode 100644 index 0000000000..8a3b037706 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:39.netscape.asc @@ -0,0 +1,117 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:39 Security Advisory + FreeBSD, Inc. + +Topic: Two vulnerabilities in Netscape + +Category: ports +Module: netscape +Announced: 2000-08-28 +Credits: Solar Designer (Vulnerability #1) + Dan Brumleve (Vulnerability #2) +Affects: Ports collection prior to the correction date. +Corrected: 2000-08-19 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +Netscape is a popular web browser, available in several versions in +the FreeBSD ports collection. + +II. Problem Description + +There are two security problems in recent versions of netscape: + +1) Versions prior to 4.74 + +A client-side exploit may be possible through a buffer overflow in +JPEG-handling code. Although an exploit is not known, attackers may be +able to execute arbitrary code on the local machine as the user +running netscape, or at the very least cause the netscape binary to +crash. + +2) Versions prior to 4.75 + +The Java Virtual Machine implementation has security vulnerabilities +allowing a remote user to read the contents of local files accessible +to the user running netscape, and to allow these files to be +transmitted to any user on the internet. + +The netscape ports are not installed by default, nor are they "part of +FreeBSD" as such: they are part of the FreeBSD ports collection, which +contains over 3700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5 and 4.1 are +vulnerable to these problems. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users can read files on the local system accessible to the user +running netscape, if java is enabled, and may be able to execute +arbitrary code on the local system as that user. + +If you have not chosen to install a netscape port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the netscape port/package, if you you have installed it. + +Vulnerability 2) can be worked around by disabling Java in the +"Advanced" section of the Preferences control panel. Vulnerability 1) +can be worked around by disabling the "Automatically load images" +option in the same location, although this is not a very practical +workaround. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the relevant +netscape port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/ + +Since there are so many variations of the netscape ports in the +FreeBSD ports collection they are not listed separately +here. Localized versions are also available in the respective language +subdirectory. + +3) download a new port skeleton for the netscape port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOaqy41UuHi5z0oilAQGsgAP/TGyAq7u74FJ/rYkfmTd4qyiyjN2XF0nH +9Pikcu4EAJo8R0yhIU0mmXdK3HXWKRTKzH43+gLH6yZGVTr5SQu4a4RYgS4T8sbD +Iu3p45DwYfZVQCjsJoseF48kaXlScheoxoR3+Et5khzhBDuwRedUXAK4VMWAm3Fp +/4vWrTKykTc= +=A0Wy +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:40.mopd.asc b/share/security/advisories/FreeBSD-SA-00:40.mopd.asc new file mode 100644 index 0000000000..de83429e7c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:40.mopd.asc @@ -0,0 +1,98 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:40 Security Advisory + FreeBSD, Inc. + +Topic: mopd port allows remote root compromise + +Category: ports +Module: mopd +Announced: 2000-08-28 +Credits: Matt Power , OpenBSD +Affects: Ports collection prior to the correction date. +Corrected: 2000-08-09 +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +mopd is used for netbooting older DEC machines such as VAXen and +DECstations. + +II. Problem Description + +The mopd port contains several remotely exploitable +vulnerabilities. An attacker exploiting these can execute arbitrary +code on the local machine as root. + +The mopd port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 3700 third-party applications in a ready-to-install format. The +ports collections shipped with FreeBSD 3.5-RELEASE and 4.1-RELEASE +contain this problem, since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users can execute arbitrary code on the local machine as root. + +If you have not chosen to install the mopd port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +One of the following: + +1) Deinstall the mopd port/package, if you have installed it. + +2) Restrict access to the mopd port using a perimeter firewall, or +ipfw(8)/ipf(8) on the local machine. Note that users who pass these +access restrictions may still exploit the vulnerability. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the mopd port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mopd-1.2b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mopd-1.2b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mopd-1.2b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mopd-1.2b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mopd-1.2b.tgz + +NOTE: Be sure to check the file creation date on the package, because +the version number of the software has not changed. + +3) download a new port skeleton for the mopd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOaqy6FUuHi5z0oilAQG14gQAn9RVxulK3pIyHi3aQ5j9p0OnlOoP9Wg2 +yKEPARafL+WXHS1oJ+5ZGdhUG2rZjU1QktS0xTy5PXSo0mcX91jLJ7ASwg6K5w2e +rpZMBRHZVFy3HltzFxwygZGGbENIbZNzZ9Qd9Luq/OPPxZzb/9NsHnUovk5/lyIE +yCAt/USxiDs= +=tlfC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:41.elf.asc b/share/security/advisories/FreeBSD-SA-00:41.elf.asc new file mode 100644 index 0000000000..254951d6a0 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:41.elf.asc @@ -0,0 +1,148 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:41 Security Advisory + FreeBSD, Inc. + +Topic: Malformed ELF images can cause a system hang + +Category: core +Module: kernel +Announced: 2000-08-28 +Credits: Adam McDougall +Affects: FreeBSD 3.x, 4.x and 5.x prior to the correction date +Corrected: 2000-07-25 (FreeBSD 5.0-CURRENT) + 2000-07-23 (FreeBSD 4.0-STABLE) +FreeBSD only: Yes + +I. Background + +The ELF binary format is used for binary executable programs on modern +versions of FreeBSD. + +II. Problem Description + +The ELF image activator did not perform sufficient sanity checks on +the ELF image header, and when confronted with an invalid or truncated +header it suffered a sign overflow bug which caused the CPU to enter +into a very long loop in the kernel. + +The result of this is that the system will appear to lock up for an +extended period of time before control returns. This bug can be +exploited by unprivileged local users. + +This vulnerability is not present in FreeBSD 4.1-RELEASE, although +3.5-RELEASE and 3.5.1-RELEASE are vulnerable. + +III. Impact + +Local users can cause the system to lock up for an extended period of +time (15 minutes or more, depending on CPU speed), during which time +the system is completely unresponsive to local and remote users. + +IV. Workaround + +None available. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.1-RELEASE, 4.1-STABLE +or 5.0-CURRENT after the respective correction dates. FreeBSD +3.5-STABLE has not yet been fixed due to logistical difficulties (and +the patch below does not apply cleanly). Consider upgrading to +4.1-RELEASE if this is a concern - this advisory will be reissued once +the patch has been applied to the 3.x branch. + +2) Apply the patch below and recompile your kernel. + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch.asc + +# cd /usr/src/sys/kern +# patch -p < /path/to/patch_or_advisory + +[ Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system ] + + --- imgact_elf.c 2000/04/30 18:51:39 1.75 + +++ imgact_elf.c 2000/07/23 22:19:49 1.78 + @@ -190,6 +190,21 @@ + object = vp->v_object; + error = 0; + + + /* + + * It's necessary to fail if the filsz + offset taken from the + + * header is greater than the actual file pager object's size. + + * If we were to allow this, then the vm_map_find() below would + + * walk right off the end of the file object and into the ether. + + * + + * While I'm here, might as well check for something else that + + * is invalid: filsz cannot be greater than memsz. + + */ + + if ((off_t)filsz + offset > object->un_pager.vnp.vnp_size || + + filsz > memsz) { + + uprintf("elf_load_section: truncated ELF file\n"); + + return (ENOEXEC); + + } + + + map_addr = trunc_page((vm_offset_t)vmaddr); + file_addr = trunc_page(offset); + + @@ -341,6 +356,12 @@ + } + + error = exec_map_first_page(imgp); + + /* + + * Also make certain that the interpreter stays the same, so set + + * its VTEXT flag, too. + + */ + + if (error == 0) + + nd.ni_vp->v_flag |= VTEXT; + VOP_UNLOCK(nd.ni_vp, 0, p); + if (error) + goto fail; + @@ -449,6 +470,17 @@ + /* + * From this point on, we may have resources that need to be freed. + */ + + + + /* + + * Yeah, I'm paranoid. There is every reason in the world to get + + * VTEXT now since from here on out, there are places we can have + + * a context switch. Better safe than sorry; I really don't want + + * the file to change while it's being loaded. + + */ + + simple_lock(&imgp->vp->v_interlock); + + imgp->vp->v_flag |= VTEXT; + + simple_unlock(&imgp->vp->v_interlock); + + + if ((error = exec_extract_strings(imgp)) != 0) + goto fail; + + @@ -610,9 +642,6 @@ + imgp->auxargs = elf_auxargs; + imgp->interpreted = 0; + + - /* don't allow modifying the file while we run it */ + - imgp->vp->v_flag |= VTEXT; + - + fail: + return error; + } + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOaq1hlUuHi5z0oilAQGpvgQAoaeqjoU1QppgQ+yXF7KOL6EfTQ9mrdEe +zKQ6vU//hc1ejKx9C4zmQybflQIpkHS2TMNAfXuvFG74hvETwa8cpVqolJU29CCf +FKlGTCAGCSzosWrndBuvakKqjeVvvQR4JydVhkO04neVEfbUXkich/2PT+3h3dKW +GuW3coG8nYE= +=2w2A +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:42.linux.asc b/share/security/advisories/FreeBSD-SA-00:42.linux.asc new file mode 100644 index 0000000000..d9784deef6 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:42.linux.asc @@ -0,0 +1,194 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:42 Security Advisory + FreeBSD, Inc. + +Topic: Linux binary compatability mode can cause system compromise + +Category: core +Module: kernel +Announced: 2000-08-28 +Credits: Boris Nikolaus +Affects: FreeBSD 3.x, 4.x and 5.x prior to the correction date +Corrected: 2000-07-23 (FreeBSD 5.0-CURRENT) + 2000-07-29 (FreeBSD 4.1-STABLE) + 2000-08-24 (FreeBSD 3.5-STABLE) +FreeBSD only: Yes + +I. Background + +FreeBSD is binary-compatible with the Linux operating system through a +loadable kernel module/optional kernel component. + +II. Problem Description + +The linux binary-compatability module implements a "shadow" filesystem +hierarchy rooted in /compat/linux, which is overlayed against the +regular filesystem hierarchy so that Linux binaries "see" files in the +shadow hierarchy which can mask the native files. + +Filenames in this shadow hierarchy are treated incorrectly by the +linux kernel module under certain circumstances, and a kernel stack +overflow leading to a system compromise by an unprivileged user may be +possible when very long filenames are used. This is only possible when +the linux kernel module is loaded, or the equivalent functionality is +statically compiled into the kernel. It is not enabled by default. + +This vulnerability was fixed just after the release of FreeBSD +4.1-RELEASE, and 3.5-RELEASE is also vulnerable. + +III. Impact + +Local users may be able to obtain root privileges on the system when +linux compatability mode is enabled. + +IV. Workaround + +To determine whether the linux compatability module has been loaded, +execute the following command as root and look for a 'linux.ko' entry: + +# kldstat + Id Refs Address Size Name + 1 7 0xc0100000 270be0 kernel + 2 1 0xc0371000 5540 vesa.ko + 3 1 0xc0377000 10094 randomdev.ko + 4 1 0xc0e17000 4e000 nfs.ko + 5 1 0xc0e83000 11000 linux.ko + +If present, unload the "linux" module by executing the following +command as root: + +# kldunload linux + +For safety, remove the /modules/linux.ko file to prevent it being +reloaded accidentally, and add or change the following line in +/etc/rc.conf: + +linux_enable="NO" # Linux binary compatibility loaded at startup (or NO). + +If the module is not loaded, to determine whether the functionality +has been statically compiled into the kernel, check the kernel +configuration file for the following line: + +options COMPAT_LINUX + +If present, remove and recompile the kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 3.5-STABLE, 4.1-STABLE or +5.0-CURRENT after the respective correction dates. + +2) Apply the patch below and recompile your kernel. + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:42/linux.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:42/linux.patch.asc + +# cd /usr/src/sys/i386/linux +# patch -p < /path/to/patch_or_advisory + +[ Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system ] + + Index: linux_misc.c + =================================================================== + RCS file: /home/ncvs/src/sys/i386/linux/linux_misc.c,v + retrieving revision 1.77.2.3 + retrieving revision 1.77.2.4 + diff -u -r1.77.2.3 -r1.77.2.4 + --- linux_misc.c 2000/07/20 05:31:56 1.77.2.3 + +++ linux_misc.c 2000/07/30 05:36:11 1.77.2.4 + @@ -954,6 +954,8 @@ + tv[1].tv_usec = 0; + /* so that utimes can copyin */ + tvp = (struct timeval *)stackgap_alloc(&sg, sizeof(tv)); + + if (tvp == NULL) + + return (ENAMETOOLONG); + if ((error = copyout(tv, tvp, sizeof(tv)))) + return error; + bsdutimes.tptr = tvp; + Index: linux_util.c + =================================================================== + RCS file: /home/ncvs/src/sys/i386/linux/linux_util.c,v + retrieving revision 1.9.2.1 + retrieving revision 1.9.2.2 + diff -u -r1.9.2.1 -r1.9.2.2 + --- linux_util.c 2000/07/07 01:23:45 1.9.2.1 + +++ linux_util.c 2000/07/30 05:36:11 1.9.2.2 + @@ -162,7 +162,10 @@ + else { + sz = &ptr[len] - buf; + *pbuf = stackgap_alloc(sgp, sz + 1); + - error = copyout(buf, *pbuf, sz); + + if (*pbuf != NULL) + + error = copyout(buf, *pbuf, sz); + + else + + error = ENAMETOOLONG; + free(buf, M_TEMP); + } + + Index: linux_util.h + =================================================================== + RCS file: /home/ncvs/src/sys/i386/linux/linux_util.h,v + retrieving revision 1.10 + retrieving revision 1.10.2.1 + diff -u -r1.10 -r1.10.2.1 + --- linux_util.h 1999/12/04 11:10:22 1.10 + +++ linux_util.h 2000/07/30 05:36:11 1.10.2.1 + @@ -56,29 +56,27 @@ + static __inline caddr_t stackgap_init(void); + static __inline void *stackgap_alloc(caddr_t *, size_t); + + +#define szsigcode (*(curproc->p_sysent->sv_szsigcode)) + + + static __inline caddr_t + stackgap_init() + { + -#define szsigcode (*(curproc->p_sysent->sv_szsigcode)) + return (caddr_t)(PS_STRINGS - szsigcode - SPARE_USRSPACE); + } + + - + static __inline void * + stackgap_alloc(sgp, sz) + caddr_t *sgp; + size_t sz; + { + - void *p = (void *) *sgp; + - *sgp += ALIGN(sz); + + void *p = (void *) *sgp; + + + + sz = ALIGN(sz); + + if (*sgp + sz > (caddr_t)(PS_STRINGS - szsigcode)) + + return NULL; + + *sgp += sz; + return p; + } + - + -#ifdef DEBUG_LINUX + -#define DPRINTF(a) printf a; + -#else + -#define DPRINTF(a) + -#endif + + extern const char linux_emul_path[]; + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOaq1wFUuHi5z0oilAQFcVQQAlYhhDM6T/qEDqVTvG9yr9mv++LVGqqRE +SI4MEbmwbV5NvmFqTM2OzGpKsUaAy9gEfA5mjVKR+PRFoY7g68heFGAKWSRHmgs5 +ramrzVxBHOeviaHeAXpH7LgJOdFo8EwhqehLtv+M0I5n9JJjPvAEWXG9cdiYXTto +pKJAPVXr9NU= +=r8gN +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:43.brouted.asc b/share/security/advisories/FreeBSD-SA-00:43.brouted.asc new file mode 100644 index 0000000000..b87977a405 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:43.brouted.asc @@ -0,0 +1,98 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:43 Security Advisory + FreeBSD, Inc. + +Topic: brouted port allows gid kmem compromise + +Category: ports +Module: brouted +Announced: 2000-08-28 +Credits: Discovered during internal auditing +Affects: Ports collection prior to the correction date. +Corrected: 2000-08-22 +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +brouted is a dynamic routing daemon. + +II. Problem Description + +The brouted port is incorrectly installed setgid kmem, and contains +several exploitable buffer overflows in command-line arguments. An +attacker exploiting these to gain kmem privilege can easily upgrade to +full root access by manipulating kernel memory. + +The brouted port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5-RELEASE and +4.1-RELEASE contain this problem, since it was discovered after the +releases during internal auditing. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users can obtain group kmem privileges, and upgrade +further to full root privileges. + +If you have not chosen to install the brouted port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Execute the following command as root to remove the setgid bit on the +/usr/local/sbin/brouted file: + +# chmod g-s /usr/local/bin/brouted + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the brouted port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/brouted-1.2b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/brouted-1.2b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/brouted-1.2b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/brouted-1.2b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/brouted-1.2b.tgz + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) download a new port skeleton for the brouted port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOaqy+lUuHi5z0oilAQHDzwQApGoedKCQAZcpjqafuNA9jPQ0fQ2PaScu +OZlBlflrUVNAMcEkL3y9lmahdVTcdOBpKAALDzIxYnKYlSxGg1RTtxHoWhJiCD97 +c2mc9Ni65YCHab5O90WBHK+VjTiFzfq+dpG+rXLB1W2Pfq68Xf8O2rb2eSjdVW3d +/wazSPNLcSg= +=V2xB +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:44.xlock.asc b/share/security/advisories/FreeBSD-SA-00:44.xlock.asc new file mode 100644 index 0000000000..9da8473ccf --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:44.xlock.asc @@ -0,0 +1,103 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:44 Security Advisory + FreeBSD, Inc. + +Topic: xlockmore port allows reading of password file + +Category: ports +Module: xlockmore +Announced: 2000-08-28 +Credits: bind +Affects: Ports collection prior to the correction date. +Corrected: 2000-08-15 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +xlockmore is a utility for locking console access to an X terminal. + +II. Problem Description + +The xlockmore port, versions 4.17 and below, installs the setuid root +binary xlock, which contains a vulnerability due to incorrect use of +the syslog() function. The xlock program correctly drops root +privileges prior to the point of vulnerability, however it may retain +in memory part of the hashed password database for the user accounts +on the system. + +Attackers who can retrieve hashed password information from the memory +space of the process can mount attacks against the user account +passwords and possibly gain access to accounts on the system if +successful. + +The xlockmore port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5-RELEASE and +4.1-RELEASE contain this problem, since it was discovered after the +releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users may be able to gain unauthorised access to +parts of the /etc/spwd.db file, allowing them to mount guessing +attacks against user passwords. + +If you have not chosen to install the xlockmore port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +One of the following: + +Deinstall the xlockmore port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the xlockmore port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/xlockmore-4.17.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/xlockmore-4.17.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11/xlockmore-4.17.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/xlockmore-4.17.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11/xlockmore-4.17.1.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the xlockmore port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOaqzxFUuHi5z0oilAQEJJgP/cpBPXxsnmcGysBYnZkq0+mhMYxxDyX/D +czvyS90uO3k9slC+QYsmgLeTRrDpULcHNsePwxYKbt+zEydcENLhpiiGRuGkKrvD +b5UH9Sjle3rF3nTecxKRPTPD0009Tk356YeYOPVofqfZzCQpR8MqUHGz9cmhBuXH +t/y3LtBhLDo= +=sJTv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:45.esound.asc b/share/security/advisories/FreeBSD-SA-00:45.esound.asc new file mode 100644 index 0000000000..8c2681c0e3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:45.esound.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:45 Security Advisory + FreeBSD, Inc. + +Topic: esound port allows file permissions to be modified + +Category: ports +Module: esound +Announced: 2000-08-31 +Credits: Brian Feldman during internal auditing +Affects: Ports collection prior to the correction date +Corrected: 2000-06-30 +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +EsounD is a component of the GNOME desktop environment which is +responsible for multiplexing access to audio devices. + +II. Problem Description + +The esound port, versions 0.2.19 and earlier, creates a world-writable +directory in /tmp owned by the user running the EsounD session, which +is used for the storage of a unix domain socket. A race condition +exists in the creation of this socket which allows a local attacker to +cause an arbitrary file or directory owned by the user running esound +to become world-writable. This can give the attacker access to the +victim's account, or lead to a system compromise if esound is run by +root. + +The esound port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.0 and 3.5 contain +this problem, but it was corrected prior to the release of FreeBSD +4.1. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local users can cause files or directories owned by the target user to +become world-writable when that user runs the esd daemon (e.g. by +starting a GNOME session), allowing a security breach of that user +account (or the entire system if esd is run by root) + +If you have not chosen to install the esound port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the esound port/package, if you have installed it (see the +pkg_delete(1) manual page for more information). + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the esound port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/esound-0.2.19.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/esound-0.2.19.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/esound-0.2.19.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/esound-0.2.19.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/esound-0.2.19.tgz + +3) download a new port skeleton for the esound port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOa6cE1UuHi5z0oilAQGGPwP/ePOVTscGQ6G4deQqeYVehEk8KTPr0nhm +nWgQln3jZW46maoMgBHq/Zdj5DM+H9xmC9qaVjdJ2mYcNQIL3ldntO8IIeQfZ/zA +kqy+CthlLiF7FSnwC4XwpzBU4OWxuNPT02naD2kK1p6ERcn1QKbqfvzel40Sc2wQ ++XnHbXpx4qE= +=RtJ1 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:46.screen.asc b/share/security/advisories/FreeBSD-SA-00:46.screen.asc new file mode 100644 index 0000000000..0d8d03216f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:46.screen.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:46 Security Advisory + FreeBSD, Inc. + +Topic: screen port contains local root compromise + +Category: ports +Module: screen +Announced: 2000-09-13 +Affects: Ports collection prior to the correction date. +Corrected: 2000-09-01 +Credits: Jouko Pynnönen +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +screen is a popular application that multiplexes a physical terminal +between several processes. + +II. Problem Description + +The screen port, versions 3.9.5 and before, contains a vulnerability +which allows local users to gain root privileges. This is +accomplished by inserting string-formatting operators into +configuration parameters, which may allow arbitrary code to be +executed. + +The screen port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3800 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.1 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local users can obtain root privileges. + +If you have not chosen to install the screen port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Remove the setuid bit on the program: execute the following command as +root: + +chmod 555 /usr/local/bin/screen-3.9.5 + +Note that this should be considered a temporary measure and may affect +the behaviour of the screen program. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the screen port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/screen-3.9.8.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/misc/screen-3.9.8.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/misc/screen-3.9.8.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/misc/screen-3.9.8.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/misc/screen-3.9.8.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the screen port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOb/kA1UuHi5z0oilAQEXLwQAkMV9qAgfMfciDsW/Oseik/kGc//iuPwA +nlQltRMXbVjdEhbe9QgyhVxd7gr3MZcRCfRTdqZodbXZpwA2WwB4BV6syjtuZE7+ +ShHCk3cyhgFBAlO7rBdDCu6+GCtfsmjJV3d4McHhsy40UzLxmVDuoEkVYp+TkS1U +6shlUZTkIvI= +=GTCE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:47.pine.asc b/share/security/advisories/FreeBSD-SA-00:47.pine.asc new file mode 100644 index 0000000000..95b59f3ed9 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:47.pine.asc @@ -0,0 +1,107 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:47 Security Advisory + FreeBSD, Inc. + +Topic: pine4 port allows denial of service + +Category: ports +Module: pine4 +Announced: 2000-09-13 +Affects: Ports collection. +Corrected: 2000-07-17 +Credits: Juhapekka Tolvanen +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +Pine is a popular mail user agent. + +II. Problem Description + +The pine4 port, versions 4.21 and before, contained a bug which would +cause the program to crash when processing a folder which contains an +email message with a malformed X-Keywords header. The message itself +could be deleted within pine if identified, but other operations such +as closing the folder with the message still present would cause the +program to crash with no apparent cause, discarding changes to the +mailbox. + +The FreeBSD port of pine4 was changed on 2000-07-17 to use an updated +version of the c-client library which is used to handle the mailbox +processing. This library does not contain the bug and versions of +pine4 built with it (i.e. ports or packages dated after the correction +date) do not suffer from this vulnerability. + +The pine4 port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3800 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.1 and 3.5.1 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users can cause pine4 to crash when closing a mail folder by +sending a malformed email. + +If you have not chosen to install the pine4 port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the pine4 port/package, if you have installed it. + +It may be possible to use a mail filtering utility such as procmail +(available in FreeBSD ports as /usr/ports/mail/procmail) to filter out +the malformed X-Keywords header from incoming mail, but this solution +is not discussed here. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the pine4 port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.21.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/pine-4.21.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.21.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/pine-4.21.tgz + +NOTE: Be sure to check the file creation date on the package, because +the version number of the software has not changed. + +3) download a new port skeleton for the listmanager port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOb/kgFUuHi5z0oilAQEwgAQAnYgLOfvgfM88DLjUXgoZBkVRoroeU8rz +2DXUw4LEQ6ARzruWPepALW2Yls+g5SraDCLHmuTo6tb3vR6kwQ97gQmzNCNDxK9T +/5m4EFYo2ErTOB4nO/MqepJ+/0t4oBPByhaRjQBSqQncaN4FIkWgboqfpbYdL6HC +cnQSlc+0FPs= +=R2n+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:48.xchat.asc b/share/security/advisories/FreeBSD-SA-00:48.xchat.asc new file mode 100644 index 0000000000..7ff6369194 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:48.xchat.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:48 Security Advisory + FreeBSD, Inc. + +Topic: xchat port inappropriately handles URLs + +Category: ports +Module: xchat, xchat-devel +Announced: 2000-09-13 +Affects: Ports collection. +Corrected: 2000-08-27 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +Xchat is a popular graphical IRC client. + +II. Problem Description + +The xchat IRC client provides the ability to launch URLs displayed in +an IRC window in a web browser by right clicking on the URL. However +this was handled incorrectly in versions prior to 1.4.3, and prior to +1.5.7 in the 1.5 development series, and allowed a malicious IRC user +to embed command strings in a URL which could cause an arbitrary +command to be executed as the local user if the URL were to be +"launched" in a browser as described above. + +The xchat port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3800 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.0 and 3.5.1 +contain this problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote IRC users can cause an arbitrary command to be executed by the +local user, if they attempt to launch a malformed URL by right +clicking on it. + +If you have not chosen to install the xchat or xchat-devel +ports/packages, then your system is not vulnerable to this problem. + +IV. Workaround + +Do not attempt to launch URLs which contain the ` (backtick) character. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the xchat or +xchat-devel port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/xchat-1.4.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/xchat-1.4.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/xchat-1.4.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/xchat-1.4.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/xchat-1.4.3.tgz + +3) download a new port skeleton for the xchat port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOb/kBlUuHi5z0oilAQEoEgP+Lso/K6rgAVDeWfsfean7fmKVX1ViID0j +LUGlnLGohzSRC14W+21NIfChc0yl9gMmJRgkNHRLPkuyQBmdp8iHBsQlejjeq2PH +ZqSF6++V3YBqm4H7EgfaNKTk3wn0l/8w+dw3l9iMxmcS8P1oxo4lq04Ufao/N8TS +iCWpAmNQI44= +=0uMP +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:49.eject.asc b/share/security/advisories/FreeBSD-SA-00:49.eject.asc new file mode 100644 index 0000000000..d3f59587a5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:49.eject.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:49 Security Advisory + FreeBSD, Inc. + +Topic: eject port allows local root exploit + +Category: ports +Module: eject +Announced: 2000-09-13 +Affects: Ports collection. +Corrected: 2000-08-21 +Credits: Discovered during internal auditing +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +Eject is a utility for ejecting the media from a CD or optical disk +drive. + +II. Problem Description + +The eject program is installed setuid root, and contains several +exploitable buffers which can be overflowed by local users, yielding +root privileges. + +The eject port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3800 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.1 and 3.5.1 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged users can obtain root privileges on the local system. + +If you have not chosen to install the eject port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the eject port/package, if you have installed it, or limit +the file permissions on the /usr/local/sbin/eject file (e.g. remove +setuid permission, or limit it to a trusted group) + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the eject port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz + +NOTE: Be sure to check the file creation date on the package, because +the version number of the software has not changed. + +3) download a new port skeleton for the eject port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOb/kCVUuHi5z0oilAQHfygP/d5QizD/ClKWD6MiKke2lspaI4sLTAKAh +QpnrJv2nF7tgK5DV+7X8J9f4dtSLippccwCscsvF8GT8d6RleP3dN0KfDRou/W/d +BVUgj2SfRNvsacbc8SyiaekT8ylne70WcYT93RrJ7vWbxTRXGEnOkbJD1rgDSksP +RLywyeVfI+U= +=G4Dr +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:50.listmanager.asc b/share/security/advisories/FreeBSD-SA-00:50.listmanager.asc new file mode 100644 index 0000000000..ef843dde56 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:50.listmanager.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:50 Security Advisory + FreeBSD, Inc. + +Topic: listmanager port allows local root compromise + +Category: ports +Module: listmanager +Announced: 2000-09-13 +Affects: Ports collection. +Corrected: 2000-09-08 +Credits: Discovered during internal auditing +Vendor status: Updated version released. +FreeBSD only: NO + +I. Background + +Listmanager is a mailing list manager. + +II. Problem Description + +The listmanager port, versions prior to 2.105.1, contained several +locally exploitable buffer overflow vulnerabilities which could be +used to gain root privileges. + +Since the source code to listmanager is not available, it is difficult +to determine whether there are remaining security vulnerabilities, or +whether the software was previously exploitable remotely, but we +believe the author has made a good faith effort to improve the +security of the code. + +The listmanager port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3800 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.1 and 3.5.1 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged users can obtain root privileges on the local system. + +If you have not chosen to install the listmanager port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the listmanager port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the listmanager port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/listmanager-2.105.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/listmanager-2.105.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/listmanager-2.105.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/listmanager-2.105.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/listmanager-2.105.1.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the listmanager port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOb/kC1UuHi5z0oilAQGUUwQArIH9EegIaatzGdjc9t1g8y7hKEajUTzC +Y5qeFxkOKosCMEEVfiZns6mo+nMuQsTwfxgthCnsCqX9PDXXAWrBjDOixmhp5nB3 +3ro8UvTiivXIplzncCEbBWZocXCLZWLPV2uoemsr3Py9OZHmCeXKuqsX0OonIHDy +r+cAObdg7XA= +=YlxZ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:51.mailman.asc b/share/security/advisories/FreeBSD-SA-00:51.mailman.asc new file mode 100644 index 0000000000..5fd54b41b6 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:51.mailman.asc @@ -0,0 +1,90 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:51 Security Advisory + FreeBSD, Inc. + +Topic: mailman port allows local root compromise + +Category: ports +Module: mailman +Announced: 2000-09-13 +Affects: Ports collection. +Corrected: 2000-08-05 +Credits: +Vendor status: Updated version released. +FreeBSD only: NO + +I. Background + +Mailman is a mailing list manager. + +II. Problem Description + +The mailman port, versions prior to 2.0b5, contained several +locally exploitable vulnerabilities which could be used to gain root +privileges. + +The mailman port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 3800 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.1 and 3.5.1 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged users can obtain root privileges on the local system. + +If you have not chosen to install the mailman port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the mailman port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the mailman port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/mailman-2.0b5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mailman-2.0b5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/mailman-2.0b5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mailman-2.0b5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/mailman-2.0b5.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the listmanager port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOb/kDlUuHi5z0oilAQGvbAQAihAdHJMSq1ZyN71EzJ0FpBmzdgDYEIJ2 +keMI1mMfgTgH3gxGnQ9POji6vdw+FxuB2QQuNJvvc8xAsbTLxq18kfeLjlRglc9+ +rc23bwT83N5PVdQwJEMyvWugghxvT/3MYhnO3djNnpdep8jPmkAinjJWvVFcb50y +kRwD3IJtjUc= +=U45z +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:52.tcp-iss.asc b/share/security/advisories/FreeBSD-SA-00:52.tcp-iss.asc new file mode 100644 index 0000000000..7cf5925758 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:52.tcp-iss.asc @@ -0,0 +1,258 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:52 Security Advisory + FreeBSD, Inc. + +Topic: TCP uses weak initial sequence numbers + +Category: core +Module: kernel +Announced: 2000-10-06 +Credits: Hacker Emergency Response Team +Affects: FreeBSD 3.x, 4.x and 5.x prior to the correction date +Corrected: 2000-09-28 (5.0-CURRENT, 4.1.1-STABLE, 3.5.1-STABLE) +FreeBSD only: NO + +I. Background + +TCP network connections use an initial sequence number as part of the +connection handshaking. According to the TCP protocol, an +acknowledgement packet from a remote host with the correct sequence +number is trusted to come from the remote system with which an +incoming connection is being established, and the connection is +established. + +II. Problem Description + +It has long been known that an attacker who can guess the initial +sequence number which a system will use for the next incoming TCP +connection can spoof a TCP connection handshake coming from a machine +to which he does not have access, and then send arbitrary data into +the resulting TCP connection which will be accepted by the server as +coming from the spoofed machine. + +Systems derived from 4.4BSD-Lite2 including FreeBSD include code which +attempts to introduce an element of unpredictability into the initial +sequence numbers to prevent sequence number guessing by a remote +attacker. However the pseudo-random number generator used is a simple +linear congruent generator, and based on observations of a few initial +sequence values from legitimate connections with a server, an attacker +can guess with high probability the value which will be used for the +next connection. + +In order for this to be successfully exploited, the attacker must also +satisfy the following conditions: + +a) be able to initiate several consecutive TCP connections to an open +port on the server in a short space of time (immediately followed by +the attack itself). Quiescent servers (those which are not receiving +connections from other systems at the time of attack) are therefore +most vulnerable to the attack. + +b) be able to prevent the spoofed client machine from responding to +the packets sent to it from the server, by making use of an address +which is offline or by executing a denial of service attack against +it to prevent it from responding. + +c) make use of an application-level protocol on the server which +authenticates or grants trust solely based on the IP address of the +client, not any higher-level authentication mechanisms such as a +password or cryptographic key. + +d) be able to guess or infer the return TCP data from the server to +the spoofed client (if any), to which he will not have access, + +All versions of FreeBSD prior to the correction date including 4.1.1 +and 3.5.1 are vulnerable to this problem. + +The FreeBSD Security Officer would like to thank the Hacker Emergency +Response Team for working with us to bring this matter to our +attention, and to coordinate the release of this advisory. + +III. Impact + +Systems running insecure protocols which blindly trust a TCP +connection which appears to come from a given IP address without +requiring other authentication of the originator are vulnerable to +spoofing by a remote attacker, potentially yielding privileges or +access on the local system. + +Examples of such protcols and services are: the rlogin/rsh/rexec +family when used to grant passwordless access (e.g. via .rhosts or +hosts.equiv files); web server address-based access controls on +scripts which do not require user authentication and which control +privileged resources; tcp-wrappers host access controls around +services which do not authenticate the connection further; lpr +address-based access controls, and others. + +Note that the rlogin family of protocols when configured to use +Kerberos or UNIX passwords are not vulnerable to this attack since +they authenticate connections (using Kerberos tickets in the former +case, and account passwords in the latter). Source address based +authentication in the rlogin family of protocols is not used by +default, and must be specifically enabled through use of a per-user +.rhosts file, or a global /etc/hosts.equiv file. + +Attackers can also forge TCP connections to arbitrary TCP protocols +(including protocols not vulnerable to the spoofing attack described +above) and simulate the effects of failed remote access attempts from +a target machine (e.g. repeated attempts to guess a password), +potentially misleading the administrators of the server into thinking +they are under attack from the spoofed client. + +IV. Workaround + +Note that in order to exploit the vulnerability an attacker must make +several real connection attempts in close succession to a port on the +target machine (e.g. a web server). Since in order for the attack to +be successful the machine must be quiescent (i.e. not accepting any +other connections), this rapid connection activity followed by a +connection to an insecure service may provide a signature which can be +used to detect and trace the attacker. + +Possible workarounds for the vulnerability include one or both of the +following: + +1) Disable all insecure protocols and services including rlogin, rsh +and rexec (if configured to use address-based authentication), or +reconfigure them to not authenticate connections based solely on +originating address. In general, the rlogin family should not be used +anyway - the ssh family of commands (ssh, scp, slogin) provide a +secure alternative which is included in FreeBSD 4.0 and above. + +To disable the rlogin family of protocols, make sure the +/etc/inetd.conf file does not contain any of the following entries +uncommented (i.e. if present in the inetd.conf file they should be +commented out as shown below:) + +#shell stream tcp nowait root /usr/libexec/rshd rshd +#login stream tcp nowait root /usr/libexec/rlogind rlogind +#exec stream tcp nowait root /usr/libexec/rexecd rexecd + +Be sure to restart inetd by sending it a HUP signal after making any +changes: + +# kill -HUP `cat /var/run/inetd.pid` + +Audit the use of other services including those noted in section III +above and either disable the service, or if possible require it to use +a stronger form of authentication. See workaround 3) below. + +2) Impose IP-level packet filters on network perimeters or on local +affected machines to prevent access from any outside party to a +vulnerable internal service using a "privileged" source address. For +example, if machines on the internal 10.0.0.0/24 network are allowed +to obtain passwordless rlogin access to a server, then external users +should be prevented from sending packets with 10.0.0.0/24 source +addresses from the outside network into the internal network. This is +standard good security policy. Note however that if an external +address must be granted access to local resources then this type of +filtering cannot be applied. It also does not defend against spoofing +attacks from within the network perimeter. Consider disabling this +service until the affected machines can be patched. + +3) Enable the use of IPSEC to authenticate (and/or encrypt) vulnerable +TCP connections at the IP layer. A system which requires authenticaion +of all incoming connections to a port using IPSEC cannot be spoofed +using the attack described in this advisory, nor can TCP sessions be +hijacked by an attacker with access to the packet stream. FreeBSD 4.0 +and later include IPSEC functionality in the kernel, and 4.1 and later +include an IKE daemon, racoon, in the ports collection. Configuration +of IPSEC is beyond the scope of this document, however see the +following web resources: + +http://www.freebsd.org/handbook/ipsec.html +http://www.netbsd.org/Documentation/network/ipsec/ +http://www.kame.net/ + +V. Solution + +Note that address-based authentication is generally weak, and should +be avoided even in environments running with the sequence numbering +improvements. Instead, cryptographically-protected protocols and +services should be used wherever possible. + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or +3.5.1-STABLE after the respective correction dates. + +2a) FreeBSD 3.x systems + +Download the patch and detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss-3.x.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss-3.x.patch.asc + +# cd /usr/src/sys/ +# patch -p < /path/to/patch + +[ Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system ] + +2b) FreeBSD 4.x systems + +Apply the patch below and recompile your kernel. + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss.patch.asc + +# cd /usr/src/sys/netinet +# patch -p < /path/to/patch_or_advisory + +[ Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system ] + +Patch for vulnerable 4.x systems: + + Index: tcp_seq.h + =================================================================== + RCS file: /usr2/ncvs/src/sys/netinet/tcp_seq.h,v + retrieving revision 1.11 + retrieving revision 1.12 + diff -u -r1.11 -r1.12 + --- tcp_seq.h 1999/12/29 04:41:02 1.11 + +++ tcp_seq.h 2000/09/29 01:37:19 1.12 + @@ -91,7 +91,7 @@ + * number in the range [0-0x3ffff] that is hard to predict. + */ + #ifndef tcp_random18 + -#define tcp_random18() ((random() >> 14) & 0x3ffff) + +#define tcp_random18() (arc4random() & 0x3ffff) + #endif + #define TCP_ISSINCR (122*1024 + tcp_random18()) + + Index: tcp_subr.c + =================================================================== + RCS file: /usr2/ncvs/src/sys/netinet/tcp_subr.c,v + retrieving revision 1.80 + retrieving revision 1.81 + diff -u -r1.80 -r1.81 + --- tcp_subr.c 2000/09/25 23:40:22 1.80 + +++ tcp_subr.c 2000/09/29 01:37:19 1.81 + @@ -178,7 +178,7 @@ + { + int hashsize; + + - tcp_iss = random(); /* wrong, but better than a constant */ + + tcp_iss = arc4random(); /* wrong, but better than a constant */ + tcp_ccgen = 1; + tcp_cleartaocache(); + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOd5Gv1UuHi5z0oilAQEzJwQAkJbKJBJcaIYFbMuRnINbNQQS/mLUuRoh +fIzPEC17B2fwx+NjuHppBXroOsmsw0enM4tk7afP2yc3z2Ecyapr+oQH9KzBQ+nQ +56IGoi5/MLgEY2KQn3kQBV++pH9zo/F/Gz3XV/x2gDUgLy0F9p2eYjDGkrA1U1H2 +NTx5kXB6ZE4= +=zdbr +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:53.catopen.asc b/share/security/advisories/FreeBSD-SA-00:53.catopen.asc new file mode 100644 index 0000000000..7c556b95a4 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:53.catopen.asc @@ -0,0 +1,297 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:53 Security Advisory + FreeBSD, Inc. + +Topic: catopen() may pose security risk for third party code + +Category: core +Module: libc +Announced: 2000-09-27 +Affects: FreeBSD 5.0-CURRENT, 4.x and 3.x prior to the correction date. +Corrected: Problem 1: 2000-08-06 (FreeBSD 5.0-CURRENT) + 2000-08-22 (FreeBSD 4.1-STABLE) + 2000-09-07 (FreeBSD 3.5-STABLE) + Problem 2: 2000-09-08 (FreeBSD 5.0-CURRENT, 4.1-STABLE and + 3.5-STABLE) +Credits: Problem 1: Discovered during internal auditing + Problem 2: Ivan Arce +FreeBSD only: NO + +I. Background + +catopen() and setlocale() are functions which are used to display text +in a localized format, e.g. for international users. + +II. Problem Description + +There are two problems addressed in this advisory: + +1) The catopen() function did not correctly bounds-check an internal +buffer which could be indirectly overflowed by the setting of an +environment variable. A privileged application which uses catopen() +could be made to execute arbitrary code by an unprivileged local user. + +2) The catopen() and setlocale() functions could be made to use an +arbitrary file as the source for localized data and message catalogs, +instead of one of the system files. An attacker could create a file +which is a valid locale file or message catalog but which contains +special formatting characters which may allow certain badly written +privileged applications to be exploited and execute arbitrary code as +the privileged user. + +This second vulnerability is slightly different from the problem +originally discovered by Ivan Arce of Core-SDI which affects multiple +UNIX operating systems, which involved a different environment +variable and which FreeBSD is not susceptible to. However +Vulnerability 2 was discovered in FreeBSD after the publication the +Core-SDI advisory, and has the same effect on vulnerable applications. + +NOTE that the FreeBSD base system is not believed to be vulnerable to +either of these problems, nor are any vulnerable third party programs +(including FreeBSD ports) currently known. Therefore the impact on the +majority of FreeBSD systems is expected to be nonexistent. + +III. Impact + +Certain setuid/setgid third-party software (including FreeBSD +ports/packages) may be vulnerable to a local exploit yielding +privileged access. No such software is however currently known. + +It is believed that no program in the FreeBSD base system is +vulnerable to these bugs. + +The problems were corrected prior to the release of FreeBSD 4.1.1. + +IV. Workaround + +Vulnerability 1 described above is the more serious of the two, since +it does not require the application to contain a coding flaw in order +to exploit it. A scanning utility is provided to detect privileged +binaries which use the catopen() function (both statically and +dynamically linked binaries), which should be either rebuilt, or have +their privileges limited to minimize potential risk. + +It is not feasible to detect binaries which are vulnerable to the +second vulnerability, however the provided utility will also report +statically linked binaries which use the setlocale() functions and +which *may* potentially be vulnerable. Most of the binaries reported +will not in fact be vulnerable, but should be recompiled anyway for +maximum assurance of security. Note that some FreeBSD system binaries +may be reported as possibly vulnerable by this script, however this +is not the case. + +Statically linked binaries which are identified as vulnerable or +potentially vulnerable should be recompiled from source code after +patching and recompiling libc, if possible, in order to correct the +vulnerability. Dynamically linked binaries will be corrected by simply +patching and recompiling libc as described below. + +As an interim measure, consider removing any identified setuid or +setgid binary, removing set[ug]id privileges from the file, or +limiting the file access permissions, as appropriate. + +Of course, it is possible that some of the identified files may be +required for the correct operation of your local system, in which case +there is no clear workaround except for limiting the set of users who +may run the binaries, by an appropriate use of user groups and +removing the "o+x" file permission bit. + +1) Download the 'scan_locale.sh' and 'test_locale.sh' scripts from + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/scan_locale.sh +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/test_locale.sh + +e.g. with the fetch(1) command: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/scan_locale.sh +Receiving scan_locale.sh (337 bytes): 100% +337 bytes transferred in 0.0 seconds (1.05 MBps) +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/test_locale.sh +Receiving test_locale.sh (889 bytes): 100% +889 bytes transferred in 0.0 seconds (1.34 MBps) + +2) Verify the md5 checksums and compare to the value below: + +# /sbin/md5 scan_locale.sh +MD5 (scan_locale.sh) = efea80f74b05e7ddbc0261ef5211e453 +# /sbin/md5 test_locale.sh +MD5 (test_locale.sh) = 2a485bf8171cc984dbc58b4d545668b4 + +3) Run the scan_locale.sh script against your system: + +# sh scan_locale.sh ./test_locale.sh / + +This will scan your entire system for setuid or setgid binaries which +make use of the exploitable function catopen(), or the potentially +exploitable function setlocale(). Each returned binary should be +examined (e.g. with 'ls -l' and/or other tools) to determine what +security risk it poses to your local environment, e.g. whether it can +be run by arbitrary local users who may be able to exploit it to gain +privileges. + +Note that this script reports setlocale() usage (i.e. vulnerability 2) +only in statically linked binaries, not dynamically linked binaries, +because of the high rate of false positives. It is likely that the +majority of such setlocale() binaries identified are not insecure and +their identification by this script should not be taken as evidence +that they are vulnerable, but they should be recompiled anyway for +maximum assurance of security. + +4) Remove the binaries, or reduce their file permissions, as appropriate. + +V. Solution + +Upgrade your vulnerable FreeBSD system to 4.1-STABLE or 3.5-STABLE +after the correction date, or patch your present system source code +and rebuild. Then run the scan_locale.sh script as instructed in +section IV and identify any statically-linked binaries as reported by +the script. These should either be removed, recompiled, or have +privileges restricted to secure them against this vulnerability (since +statically-linked binaries will not be affected by simply recompiling +the shared libc library). + +To patch your present system: save the patch below into a file, and +execute the following commands as root: + +cd /usr/src/lib/libc +patch < /path/to/patch/file +make all +make install + +Patches for FreeBSD systems before the correction date: + + Index: msgcat.c + =================================================================== + RCS file: /usr2/ncvs//src/lib/libc/nls/msgcat.c,v + retrieving revision 1.21 + retrieving revision 1.27 + diff -u -r1.21 -r1.27 + --- nls/msgcat.c 2000/01/27 23:06:33 1.21 + +++ nls/msgcat.c 2000/09/01 11:56:31 1.27 + @@ -91,8 +91,9 @@ + __const char *catpath = NULL; + char *nlspath; + char *lang; + - long len; + char *base, *cptr, *pathP; + + int spcleft; + + long len; + struct stat sbuf; + + if (!name || !*name) { + @@ -106,10 +107,10 @@ + } else { + if (type == NL_CAT_LOCALE) + lang = setlocale(LC_MESSAGES, NULL); + - else { + - if ((lang = (char *) getenv("LANG")) == NULL) + - lang = "C"; + - } + + else + + lang = getenv("LANG"); + + if (lang == NULL || strchr(lang, '/') != NULL) + + lang = "C"; + if ((nlspath = (char *) getenv("NLSPATH")) == NULL + #ifndef __NETBSD_SYSCALLS + || issetugid() + @@ -129,13 +130,22 @@ + *cptr = '\0'; + for (pathP = path; *nlspath; ++nlspath) { + if (*nlspath == '%') { + + spcleft = sizeof(path) - (pathP - path); + if (*(nlspath + 1) == 'L') { + ++nlspath; + - strcpy(pathP, lang); + + if (strlcpy(pathP, lang, spcleft) >= spcleft) { + + free(base); + + errno = ENAMETOOLONG; + + return(NLERR); + + } + pathP += strlen(lang); + } else if (*(nlspath + 1) == 'N') { + ++nlspath; + - strcpy(pathP, name); + + if (strlcpy(pathP, name, spcleft) >= spcleft) { + + free(base); + + errno = ENAMETOOLONG; + + return(NLERR); + + } + pathP += strlen(name); + } else *(pathP++) = *nlspath; + } else *(pathP++) = *nlspath; + @@ -186,7 +196,7 @@ + MCSetT *set; + long lo, hi, cur, dir; + + - if (!cat || setId <= 0) return(NULL); + + if (cat == NULL || setId <= 0) return(NULL); + + lo = 0; + if (setId - 1 < cat->numSets) { + @@ -212,8 +222,8 @@ + if (hi - lo == 1) cur += dir; + else cur += ((hi - lo) / 2) * dir; + } + - if (set->invalid) + - (void) loadSet(cat, set); + + if (set->invalid && loadSet(cat, set) <= 0) + + return(NULL); + return(set); + } + + @@ -225,7 +235,7 @@ + MCMsgT *msg; + long lo, hi, cur, dir; + + - if (!set || set->invalid || msgId <= 0) return(NULL); + + if (set == NULL || set->invalid || msgId <= 0) return(NULL); + + lo = 0; + if (msgId - 1 < set->numMsgs) { + @@ -318,7 +328,7 @@ + off_t nextSet; + + cat = (MCCatT *) malloc(sizeof(MCCatT)); + - if (!cat) return(NLERR); + + if (cat == NULL) return(NLERR); + cat->loadType = MCLoadBySet; + + if ((cat->fd = _open(catpath, O_RDONLY)) < 0) { + @@ -351,7 +361,7 @@ + + cat->numSets = header.numSets; + cat->sets = (MCSetT *) malloc(sizeof(MCSetT) * header.numSets); + - if (!cat->sets) NOSPACE(); + + if (cat->sets == NULL) NOSPACE(); + + nextSet = header.firstSet; + for (i = 0; i < cat->numSets; ++i) { + Index: setlocale.c + =================================================================== + RCS file: /home/ncvs/src/lib/libc/locale/setlocale.c,v + retrieving revision 1.27 + retrieving revision 1.28 + diff -u -r1.27 -r1.28 + --- locale/setlocale.c 2000/09/04 03:43:24 1.27 + +++ locale/setlocale.c 2000/09/08 07:29:48 1.28 + @@ -129,7 +129,7 @@ + if (!env || !*env) + env = getenv("LANG"); + + - if (!env || !*env) + + if (!env || !*env || strchr(env, '/')) + env = "C"; + + (void) strncpy(new_categories[category], env, ENCODING_LEN); + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOdKTo1UuHi5z0oilAQH9QwQAhEdiXOU7A/hZpMBKU5bWz6alLqr7o4wp +YcypPTnSoMQ2OkFlmuX9sdcgRfwl3gZ1z3QfjhE/eXG7rYSerEyxqcBqgQOBbCUH +vURxPEIRqV90DMMZAp62viA1X1Vyx/Ie2WXG/r5Wck1/Zu6BSxsUo3yiWD4gFoVb +L1f0kBgl2/A= +=YtCH +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:54.fingerd.asc b/share/security/advisories/FreeBSD-SA-00:54.fingerd.asc new file mode 100644 index 0000000000..5f9819345c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:54.fingerd.asc @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:54 Security Advisory + FreeBSD, Inc. + +Topic: fingerd allows remote reading of filesystem + +Category: core +Module: fingerd +Announced: 2000-10-13 +Credits: NIIMI Satoshi +Affects: FreeBSD 4.1.1-RELEASE +Corrected: 2000-10-05 (4.1.1-STABLE) +FreeBSD only: Yes + +I. Background + +The finger service is used to provide information about users on the +system to remote clients. + +II. Problem Description + +Shortly before the release of FreeBSD 4.1.1, code was added to +finger(1) intended to allow the utility to send the contents of +administrator-specified files in response to a finger request. However +the code incorrectly allowed users to specify a filename directly, the +contents of which would be returned to the user. + +The finger daemon usually runs as user 'nobody' and invokes the +finger(1) command in response to a remote request, meaning it does not +have access to privileged files on the system (such as the hashed +password file /etc/master.passwd), however the vulnerability may be +used to read arbitrary files to which the 'nobody' user has read +permission. This may disclose internal information including +information which may be used to mount further attacks against the +system. + +Note that servers running web and other services often incorrectly run +these as the 'nobody' user, meaning this vulnerability may be used to +read internal web server data such as web server password files, the +source code to cgi-bin scripts, etc. + +FreeBSD 4.1-RELEASE, 4.0-RELEASE, 3.5.1-RELEASE and FreeBSD 4.1-STABLE +systems dated before 2000-09-01 or after 2000-10-05 are unaffected by +this vulnerability. + +III. Impact + +Remote users can obtain read access (as the 'nobody' user) to large +parts of the local filesystem on systems running a vulnerable +fingerd. This may disclose confidential information and may facilitate +further attacks on the system. + +IV. Workaround + +Disable the finger protocol in /etc/inetd.conf: make sure the +/etc/inetd.conf file does not contain the following entry +uncommented (i.e. if present in the inetd.conf file it should be +commented out as shown below:) + +#finger stream tcp nowait/3/10 nobody /usr/libexec/fingerd fingerd -s + +On IPv6-connected systems, be sure to disable the IPv6 instance of the +finger daemon as well: + +#finger stream tcp6 nowait/3/10 nobody /usr/libexec/fingerd fingerd -s + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE dated after +the correction date. + +2) Apply the patch below and rebuild your fingerd binary. + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:54/fingerd.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:54/fingerd.patch.asc + +# cd /usr/src/usr.bin/finger +# patch -p < /path/to/patch_or_advisory +# make all install +# cd /usr/src/libexec/fingerd +# make all install + +Patch for vulnerable 4.1.x systems: + + Index: finger.c + =================================================================== + RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v + retrieving revision 1.15.2.3 + retrieving revision 1.21 + diff -u -r1.15.2.3 -r1.21 + --- finger.c 2000/09/15 21:51:00 1.15.2.3 + +++ finger.c 2000/10/05 15:56:13 1.21 + @@ -293,6 +293,16 @@ + goto net; + + /* + + * Mark any arguments beginning with '/' as invalid so that we + + * don't accidently confuse them with expansions from finger.conf + + */ + + for (p = argv, ip = used; *p; ++p, ++ip) + + if (**p == '/') { + + *ip = 1; + + warnx("%s: no such user", *p); + + } + + + + /* + * Traverse the finger alias configuration file of the form + * alias:(user|alias), ignoring comment lines beginning '#'. + */ + @@ -323,11 +333,11 @@ + * gathering the traditional finger information. + */ + if (mflag) + - for (p = argv; *p; ++p) { + - if (**p != '/' || !show_text("", *p, "")) { + + for (p = argv, ip = used; *p; ++p, ++ip) { + + if (**p != '/' || *ip == 1 || !show_text("", *p, "")) { + if (((pw = getpwnam(*p)) != NULL) && !hide(pw)) + enter_person(pw); + - else + + else if (!*ip) + warnx("%s: no such user", *p); + } + } + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOebB4FUuHi5z0oilAQEE1AP+I7zDBn5TagYJEELea7ltGkNZ5h3nZi5E +FwxqYekriycAzOqctwzu7lO2AO7KoPTzAfu4OCd+s+ijK+zpXkt+eOAttbhPwENJ +RMAJPwcGr139mIT2ofuEUhtE9NZ66gg7WNh+8ixjtovKbZl1W/slX+wOqlaCcbLm +U4t3bj6bx5M= +=fg83 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc b/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc new file mode 100644 index 0000000000..d7d8b295c1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:55 Security Advisory + FreeBSD, Inc. + +Topic: xpdf contains multiple vulnerabilities + +Category: ports +Module: xpdf +Announced: 2000-10-13 +Credits: Unknown +Affects: Ports collection prior to the correction date. +Corrected: 2000-09-04 (4.1.1-RELEASE) +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +xpdf is a PDF viewer for X Windows. + +II. Problem Description + +The xpdf port, versions prior to 0.91, contains a race condition due +to improper handing of temporary files that may allow a local user to +overwrite arbitrary files owned by the user running xpdf. + +Additionally, when handling URLs in documents no checking was done for +shell metacharacters before starting the browser. This makes it possible +to construct a document which cause xpdf to run arbitrary commands when +the user views an URL. + +The xpdf port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +nearly 4000 third-party applications in a ready-to-install format. +The ports collections shipped with FreeBSD 3.5.1 and 4.1 contain this +problem since it was discovered after the releases, but it was +corrected prior to the release of FreeBSD 4.1.1. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local users, using a symlink attack, can cause arbitrary files owned +by the user running xpdf to be overwritten. Also, malicious PDFs can +cause arbitrary code to be executed. + +If you have not chosen to install the xpdf port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the xpdf port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the xpdf port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/graphics/xpdf-0.91.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/xpdf-0.91.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/graphics/xpdf-0.91.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/xpdf-0.91.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/graphics/xpdf-0.91.tgz + +3) download a new port skeleton for the cvsweb port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOebCfVUuHi5z0oilAQEcuAP8DYr3RrCnnysWYS3eVyNJ1sokvXOXZdhZ +hI8ialbbpKY+kEtnL0DrUmeJ9c5xsVb70XJQ3D80n8O2N8I9ZAbfiHadY+omZPZX +Hpk47MuA3R4G6jXldnyq545/QdK3+uKMLkNiGG63P5VcyUsQ3bpB1uIRIX/a9U6Z +rdQfL0s3N0k= +=qh/t +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:56.lprng.asc b/share/security/advisories/FreeBSD-SA-00:56.lprng.asc new file mode 100644 index 0000000000..25941a91c9 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:56.lprng.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:56 Security Advisory + FreeBSD, Inc. + +Topic: LPRng contains potential root compromise + +Category: ports +Module: LPRng +Announced: 2000-10-13 +Credits: Chris Evans +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-13 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +LPRng is a popular printer daemon. + +II. Problem Description + +The LPRng port, versions prior to 3.6.24, contains a potential +vulnerability which may allow root compromise from both local and +remote systems. The vulnerability is due to incorrect usage of the +syslog(3) function. Local and remote users can send string-formatting +operators to the printer daemon to corrupt the daemon's execution, +potentially gaining root access. + +The LPRng port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 4000 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1, 4.1 and +4.1.1 contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local and remote users may potentially gain root privileges on systems +using LPRng. + +If you have not chosen to install the LPRng port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the LPRng port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the LPRng port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/LPRng-3.6.25.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/LPRng-3.6.25.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/LPRng-3.6.25.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/LPRng-3.6.25.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/LPRng-3.6.25.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the cvsweb port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOebCc1UuHi5z0oilAQGIrwP+I0aP9pZOMT4FbOar8NpMExmeQXNr74+e +euwWeJZszDNe4p0a2yGB9Xn4CrkQZNhwZKUoDzk1K9RrDxNwjwT7gouKMGgn38Lr +OIQLi2FZqgT0cbnGusdK4sxbQZl2AnPkEunQOskeXhCbZX97wMQOjDid72ZXxNAR +l+KW/XexpuQ= +=Ew7y +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:57.muh.asc b/share/security/advisories/FreeBSD-SA-00:57.muh.asc new file mode 100644 index 0000000000..38591c9a8c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:57.muh.asc @@ -0,0 +1,97 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:57 Security Advisory + FreeBSD, Inc. + +Topic: muh IRC bouncer remote vulnerability + +Category: ports +Module: muh +Announced: 2000-10-13 +Credits: Maxime Henrion +Affects: Ports collection prior to the correction date. +Corrected: 2000-09-10 (4.1.1-RELEASE) +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +muh is an IRC bouncer, a program that allows a host to act as a relay +between an IRC client on a local/remote machine and the IRC server. + +II. Problem Description + +The muh port, versions 2.05c and before, contains a vulnerability +which allows remote users to gain the privileges of the user running +muh. This is accomplished by sending a carefully crafted exploit +string containing string format operators to a user using muh but who +is not connected. When the user reconnects and executes '/muh read', +muh will allow the remote attacker to execute arbitrary code as the +local user. + +The muh port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +nearly 4000 third-party applications in a ready-to-install format. +The ports collections shipped with FreeBSD 3.5.1 and 4.1 contain this +problem since it was discovered after the releases, but it was +corrected prior to the release of FreeBSD 4.1.1. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote IRC users can cause arbitrary code to be executed as the user +running muh. + +If you have not chosen to install the muh port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the muh port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the muh port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/muh-2.05c.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/muh-2.05c.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/muh-2.05c.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/muh-2.05c.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/muh-2.05c.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the cvsweb port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBOebDhVUuHi5z0oilAQE/3wP+K6oPSZ4jsnLAILhZD3fjdp+3bW7IhDmQ +PoXpqSyEypJ6TlP0wLaZwhz1VPThAN9yVaUTzA7W8MVQyKCdIDBWu86WmcZ4CsY9 +v7ku77tshEcxza+ggegy9PkSWYDfaQIyGzRyZht280qxn5XUFIeEvXkx+YHKvffo +Rm4dlo/akzA= +=0bP+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:58.chpass.asc b/share/security/advisories/FreeBSD-SA-00:58.chpass.asc new file mode 100644 index 0000000000..a30972e547 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:58.chpass.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:58 Security Advisory + FreeBSD, Inc. + +Topic: chpass family contains local root vulnerability + +Category: core +Module: chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd +Announced: 2000-10-30 +Credits: Problem fixed during internal auditing. + Vulnerability pointed out by: caddis +Affects: FreeBSD 3.x (all releases), FreeBSD 4.0-RELEASE, + FreeBSD 4.0-STABLE prior to the correction date +Corrected: 2000/07/20 (FreeBSD 4.0-STABLE) + 2000/10/04 (FreeBSD 3.5.1-STABLE) +FreeBSD only: NO + +I. Background + +ch{fn,pass,sh} are utilities for changing user "finger" information, +passwords, and login shell, respectively. The yp* variants perform the +analogous changes on a NIS account. + +II. Problem Description + +A "format string vulnerability" was discovered in code used by the +vipw utility during an internal FreeBSD code audit in July 2000. The +vipw utility does not run with increased privileges and so it was +believed at the time that it did not represent a security +vulnerability. However it was not realised that this code is also +shared with other utilities -- namely chfn, chpass, chsh, ypchfn, +ypchpass, ypchsh and passwd -- which do in fact run setuid root. + +Therefore, the problem may be exploited by unprivileged local users to +gain root access to the local machine. + +All versions of FreeBSD prior to the correction date including 4.0 and +3.5.1 are vulnerable to this problem, but it was fixed in the 4.x +branch prior to the release of FreeBSD 4.1. + +III. Impact + +Local users can obtain root privileges on the local machine. + +IV. Workaround + +Remove the setuid bit on the following utilities. This has the +side-effect that non-root users cannot change their finger +information, passwords, or login shells. + +# chflags noschg /usr/bin/chfn /usr/bin/chpass /usr/bin/chsh +# chmod u-s /usr/bin/chfn /usr/bin/chpass /usr/bin/chsh +# chflags noschg /usr/bin/ypchfn /usr/bin/ypchpass /usr/bin/ypchsh +# chmod u-s /usr/bin/ypchfn /usr/bin/ypchpass /usr/bin/ypchsh +# chflags noschg /usr/bin/passwd +# chmod u-s /usr/bin/passwd + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.1-RELEASE, +4.1.1-RELEASE, 4.1.1-STABLE or 3.5.1-STABLE after the respective +correction dates. + +2) Apply the patch below and recompile the respective files: + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:58/vipw.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:58/vipw.patch.asc + +Execute the following commands as root: + +# cd /usr/src/usr.sbin/vipw +# patch -p < /path/to/patch_or_advisory +# make depend && make all install +# cd /usr/src/usr.bin/chpass/ +# make depend && make all install +# cd /usr/src/usr.bin/passwd/ +# make depend && make all install + +Patch for vulnerable systems: + + --- pw_util.c 1999/08/28 01:20:31 1.17 + +++ pw_util.c 2000/07/12 00:49:40 1.18 + @@ -250,7 +250,7 @@ + extern int _use_yp; + #endif /* YP */ + if (err) + - warn(name); + + warn("%s", name); + #ifdef YP + if (_use_yp) + warnx("NIS information unchanged"); + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOf3/FFUuHi5z0oilAQEAhAQApmUnWU8Se8V6rAsy98jJLBXp11mmCnaB +lVPve0SjOEhTjYVOfLEslDIPECP1WNrO3Ep/FiczhoTVrMBzWjh74XIGaiDbRxEy +UDWh/cQhAaEmy/KPwraoPas6T2lsJ9brBu5LycKQj/F2SMYCNQOQ3UK4rmXqmf+z +jAqmmerfaPo= +=YNNN +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:59.pine.asc b/share/security/advisories/FreeBSD-SA-00:59.pine.asc new file mode 100644 index 0000000000..9904c18282 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:59.pine.asc @@ -0,0 +1,105 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:59 Security Advisory + FreeBSD, Inc. + +Topic: pine4 port contains remote vulnerability + +Category: ports +Module: pine4/pine4-ssl/zh-pine4/iw-pine4 +Announced: 2000-10-30 +Affects: Ports collection. +Corrected: 2000-10-29 +Credits: arkane@SPEAKEASY.ORG +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +Pine is a popular mail user agent. + +II. Problem Description + +The pine4 port, versions 4.21 and before, contains a buffer overflow +vulnerability which allows a remote user to execute arbitrary code on +the local client by the sending of a special-crafted email +message. The overflow occurs during the periodic "new mail" checking +of an open folder. + +The pine4 port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4000 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.1.1 and 3.5.1 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +Administrators should note that the Pine software has been a frequent +source of past security holes, and makes extensive use of string +routines commonly associated with security vulnerabilities. The +FreeBSD Security Officer believes it is likely that further +vulnerabilities exit in this software, and recommends the use of +alternative mail software in environments where electronic mail may be +received from untrusted sources. + +III. Impact + +Remote users can cause pine4 to crash when closing a mail folder by +sending a malformed email. + +If you have not chosen to install the pine4 port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the pine4 port/package, if you have installed it. + +The risk can be decreased by not leaving pine sitting idle with an +open folder, but it cannot be completely eliminated without patching +and recompiling the software. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the pine4 port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.21_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/pine-4.21_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.21_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/pine-4.21_1.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the listmanager port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOf3+NVUuHi5z0oilAQHjFQQAmVrnuMQbQwPKf8LVdsNFgc6470e8Lz07 ++8OTApKVTzX1WVbBNQUTJ8tC0TSiZt/BTOq41EVHc+yP6W8gJWPWmGJHMH2vtd2q +/5X1o+Q17IP2doXuDBT2MUJH7simUJBPbZ9Fi+AuI+lecCx80Q9W9qndEypdwpwZ +j01EAufwmMk= +=nefD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:60.boa.asc b/share/security/advisories/FreeBSD-SA-00:60.boa.asc new file mode 100644 index 0000000000..90cf277244 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:60.boa.asc @@ -0,0 +1,101 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:60 Security Advisory + FreeBSD, Inc. + +Topic: boa web server allows arbitrary file access/execution + +Category: ports +Module: boa +Announced: 2000-10-30 +Credits: Lluis Mora +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-07 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +Boa is a high-performance web server. + +II. Problem Description + +The boa port, versions after 0.92 but prior to 0.94.8.3, contains a +vulnerability which allows remote users to view arbitrary files +outside the document root. The vulnerability is that boa does not +correctly restrict URL-encoded requests containing ".." in the path. + +In addition, if the administrator has enabled CGI extension support, a +request for any file ending in .cgi will result in the file being +executed with the privileges of the user id running the web server. +Since the .cgi file may reside outside the document root, this may +result in untrusted binaries/scripts being executed. If an attacker +can upload files to the system, e.g. via anonymous FTP, they can cause +arbitrary code to be executed by the user running the web server. + +The boa port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 4000 third-party applications in a ready-to-install format. +The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain +this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users may view any file on the system that is accessible by the +webserver account. In addition, the webserver account may be +compromised due to the execution of arbitrary files outside the +document root. + +If you have not chosen to install the boa port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the boa port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the boa port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/boa-0.94.8.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/boa-0.94.8.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/boa-0.94.8.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/boa-0.94.8.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/boa-0.94.8.3.tgz + +3) download a new port skeleton for the cvsweb port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOf3+LlUuHi5z0oilAQHuAAP+PB/Y6PwDyWZrfvX5cKRdnQiwebU2FPiS +BhKSwjwBsE4jZGFw0YC+tU6TksGhun6LvvIw0DVHXRevH0VwPcf18akuqKQrFhPA +r3NQ1atFvrdDoGQN0J4px1vANXKPu6afe1LKaMTeF+sbjokoniScnAFyH9IHBvQH +mVUcDXhq7sU= +=WmZ+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:61.tcpdump.asc b/share/security/advisories/FreeBSD-SA-00:61.tcpdump.asc new file mode 100644 index 0000000000..c2227bbbac --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:61.tcpdump.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:61 Security Advisory + FreeBSD, Inc. + +Topic: tcpdump contains remote vulnerabilities [REISSUED] + +Category: core +Module: tcpdump +Announced: 2000-10-31 +Reissued: 2000-11-06 +Credits: Discovered during internal auditing. +Affects: All releases of FreeBSD 3.x, 4.x prior to 4.2 + FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the + correction date +Corrected: 2000-10-04 (FreeBSD 4.1.1-STABLE) + 2000-10-05 (FreeBSD 3.5.1-STABLE) +Vendor status: Patch released +FreeBSD only: NO + +0. Revision History + +v1.0 2000-10-31 Initial release +v1.1 2000-11-06 Corrected patch + +I. Background + +tcpdump is a tool for monitoring network activity. + +II. Problem Description + +Several overflowable buffers were discovered in the version of tcpdump +included in FreeBSD, during internal source code auditing. Some +simply allow the remote attacker to crash the local tcpdump process, +but there is a more serious vulnerability in the decoding of AFS ACL +packets in the more recent version of tcpdump (tcpdump 3.5) included +in FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE, which may allow +a remote attacker to execute arbitrary code on the local system +(usually root, since root privileges are required to run tcpdump). + +The former issue may be a problem for systems using tcpdump as a form +of intrusion detection system, i.e. to monitor suspicious network +activity: after the attacker crashes any listening tcpdump processes +their subsequent activities will not be observed. + +All released versions of FreeBSD prior to the correction date +including 3.5.1-RELEASE, 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE +are vulnerable to the "remote crash" problems, and FreeBSD +4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE are also vulnerable to the +"remote execution" vulnerability. Both problems were corrected in +4.1.1-STABLE prior to the release of FreeBSD 4.2-RELEASE. + +III. Impact + +Remote users can cause the local tcpdump process to crash, and (under +FreeBSD 4.0-RELEASE, 4.1-RELEASE, 4.1.1-RELEASE and 4.1.1-STABLE prior +to the correction date) may be able to cause arbitrary code to be +executed as the user running tcpdump, usually root. + +IV. Workaround + +Do not use vulnerable versions of tcpdump in network environments +which may contain packets from untrusted sources. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or +3.5.1-STABLE after the respective correction dates. + +2a) FreeBSD 3.x systems prior to the correction date + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch.asc + +# cd /usr/src/contrib/tcpdump +# patch -p < /path/to/patch +# cd /usr/src/usr.sbin/tcpdump +# make depend && make all install + +2b) FreeBSD 4.x systems prior to the correction date + +NOTE: The patch distributed with the original version of this advisory +was incomplete and did not include all of the security fixes made to +the tcpdump utility. In particular, it did not address the remote code +execution vulnerability. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1 +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc + +# cd /usr/src/contrib/tcpdump +# patch -p < /path/to/patch +# cd /usr/src/usr.sbin/tcpdump +# make depend && make all install +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOgcNKFUuHi5z0oilAQGYQAP9F00eE4rd0M46f8WMWTO7uFb1gV2p4Y0l +KV0vT1wMy+PdmFNpo7SVrb/tdpa4Wtxb/Q/tu7RDZQqFI29yBPTFnE1iu8T2BSAm +cO/dE5ypkjJkEjf8QjxqQXVhTbtIVVQa3Tosw3AdUFP0gKHUkZ36ryCQVxbqRMQK +c0ZkdbwESp8= +=uaOo +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:62.top.asc b/share/security/advisories/FreeBSD-SA-00:62.top.asc new file mode 100644 index 0000000000..d1b3b2aace --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:62.top.asc @@ -0,0 +1,154 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:62 Security Advisory + FreeBSD, Inc. + +Topic: top allows reading of kernel memory [REISSUED] + +Category: core +Module: top +Announced: 2000-11-01 +Reissued: 2000-11-06 +Credits: vort@wiretapped.net via OpenBSD +Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior + to 4.2), FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior + to the correction date. +Corrected: 2000-11-04 (FreeBSD 4.1.1-STABLE) + 2000-11-05 (FreeBSD 3.5.1-STABLE) +FreeBSD only: NO + +0. Revision History + +v1.0 2000-11-01 Initial release +v1.1 2000-11-06 Updated patch released. + +I. Background + +top is a utility for displaying current system resource statistics +such as process CPU and memory use. It is externally-maintained, +contributed software which is included in FreeBSD by default. + +II. Problem Description + +A "format string vulnerability" was discovered in the top(1) utility +which allows unprivileged local users to cause the top process to +execute arbitrary code. The top utility runs with increased +privileges as a member of the kmem group, which allows it to read from +kernel memory (but not write to it). A process with the ability to +read from kernel memory can monitor privileged data such as network +traffic, disk buffers and terminal activity, and may be able to +leverage this to obtain further privileges on the local system or on +other systems, including root privileges. + +All released versions of FreeBSD prior to the correction date +including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, +but it was fixed in the 4.1.1-STABLE branch prior to the release of +FreeBSD 4.2-RELEASE. + +III. Impact + +Local users can read privileged data from kernel memory which may +provide information allowing them to further increase their local or +remote system access privileges. + +IV. Workaround + +Remove the setgid bit on the top utilities. This has the side-effect +that users who are not a member of the kmem group or who are not the +superuser cannot use the top utility. + +# chmod g-s /usr/bin/top + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or +3.5.1-STABLE after the respective correction dates. + +2) Apply the patch below and recompile the relevant files: + +NOTE: The original version of this advisory contained an incomplete +patch which does not fully eliminate the security vulnerability. The +additional vulnerability was pointed out by Przemyslaw Frasunek +. + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.v1.1 +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.v1.1.asc + +Execute the following commands as root: + +# cd /usr/src/contrib/top +# patch -p < /path/to/patch_or_advisory +# cd /usr/src/usr.bin/top +# make depend && make all install + +Patch for vulnerable systems: + + Index: display.c + =================================================================== + RCS file: /mnt/ncvs/src/contrib/top/display.c,v + retrieving revision 1.4 + retrieving revision 1.5 + diff -u -r1.4 -r1.5 + --- display.c 1999/01/09 20:20:33 1.4 + +++ display.c 2000/10/04 23:34:16 1.5 + @@ -829,7 +831,7 @@ + register int i; + + /* first, format the message */ + - (void) sprintf(next_msg, msgfmt, a1, a2, a3); + + (void) snprintf(next_msg, sizeof(next_msg), msgfmt, a1, a2, a3); + + if (msglen > 0) + { + Index: top.c + =================================================================== + RCS file: /mnt/ncvs/src/contrib/top/top.c,v + retrieving revision 1.4 + retrieving revision 1.5 + diff -u -r1.4 -r1.5 + --- top.c 1999/01/09 20:20:34 1.4 + +++ top.c 2000/10/04 23:34:16 1.5 + @@ -807,7 +809,7 @@ + { + if ((errmsg = kill_procs(tempbuf2)) != NULL) + { + - new_message(MT_standout, errmsg); + + new_message(MT_standout, "%s", errmsg); + putchar('\r'); + no_command = Yes; + } + Index: top.c + =================================================================== + RCS file: /mnt/ncvs/src/contrib/top/top.c,v + retrieving revision 1.5 + retrieving revision 1.6 + diff -u -r1.5 -r1.6 + --- top.c 2000/10/04 23:34:16 1.5 + +++ top.c 2000/11/03 22:00:10 1.6 + @@ -826,7 +826,7 @@ + { + if ((errmsg = renice_procs(tempbuf2)) != NULL) + { + - new_message(MT_standout, errmsg); + + new_message(MT_standout, "%s", errmsg); + putchar('\r'); + no_command = Yes; + } + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOgcN7lUuHi5z0oilAQFqJgP/bn4SN6FaNvazYMaVzypsEgWzofK/kdlu +iWXcdZVkoFZlF4J7e6M/wRn0xS1lvNPlv5yNF4bYa7lnZHeNzS/58v94+Sze2ooV +bgML9JzhfaM0Ps+/mAXO4FzGi+WryTkdZGl9KVkwT+QwuRer/bz4GoJvnrsGuBpf +dXoovvpgwiA= +=hVPb +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:63.getnameinfo.asc b/share/security/advisories/FreeBSD-SA-00:63.getnameinfo.asc new file mode 100644 index 0000000000..cb7deaac46 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:63.getnameinfo.asc @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:63 Security Advisory + FreeBSD, Inc. + +Topic: getnameinfo function allows remote denial of service + +Category: core +Module: libc +Announced: 2000-11-01 +Credits: Pavel Kankovsky +Affects: FreeBSD 4.x (all releases prior to 4.2), 4.1.1-STABLE prior + to the correction date. +Corrected: 2000/09/25 (FreeBSD 4.1.1-STABLE) +FreeBSD only: NO + +I. Background + +The getnameinfo() function is part of the protocol-independent +resolver library from the KAME project. + +II. Problem Description + +An off-by-one error exists in the processing of DNS hostnames which +allows a long DNS hostname to crash the getnameinfo() function when an +address resolution of the hostname is performed (e.g. in response to a +connection to a service which makes use of getnameinfo()). + +Under the following conditions, this bug can be used as a denial of +service attack against vulnerable services: + +* The attacker must control their DNS server. +* The service must be run as a persistent daemon (i.e. running + "standalone", not spawned as-needed from a supervisor process such + as inetd) +* The daemon must perform the getnameinfo() call on the remote + hostname prior to forking a child process to handle the connection + (otherwise it is just the child process which dies, and the parent + remains running). +* The daemon is not automatically restarted by a "watchdog" process. + +All released versions of FreeBSD 4.x prior to the correction date +including 4.0, 4.1, and 4.1.1 are vulnerable to this problem, but it +was fixed in the 4.1.1-STABLE branch prior to the release of FreeBSD +4.2-RELEASE. The FreeBSD 3.x branch is unaffected since it does not +include the KAME code. + +Note that this vulnerability is not believed to pose a vulnerability +for any servers included in the FreeBSD base system. It is only a +potential problem for certain third party servers fulfilling the above +conditions (none of which are currently known). Therefore the impact +on the vast majority of FreeBSD systems is expected to be nonexistent. + +III. Impact + +Remote users may be able to cause a very small class of network +servers to terminate abnormally, causing a denial of service +condition. + +IV. Workaround + +None practical. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD 4.x system to 4.1.1-STABLE after +the correction date. + +2) Apply the patch below and recompile the relevant files: + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch.asc + +Execute the following commands as root: + +# cd /usr/src/lib/libc +# patch -p < /path/to/patch_or_advisory +# make depend && make all install + +Patch for vulnerable systems: + + --- net/getnameinfo.c 2000/07/05 05:09:17 1.5 + +++ net/getnameinfo.c 2000/09/25 23:04:36 1.6 + @@ -154,12 +153,12 @@ + (flags & NI_DGRAM) ? "udp" : "tcp"); + } + if (sp) { + - if (strlen(sp->s_name) > servlen) + + if (strlen(sp->s_name) + 1 > servlen) + return ENI_MEMORY; + strcpy(serv, sp->s_name); + } else { + snprintf(numserv, sizeof(numserv), "%d", ntohs(port)); + - if (strlen(numserv) > servlen) + + if (strlen(numserv) + 1 > servlen) + return ENI_MEMORY; + strcpy(serv, numserv); + } + @@ -253,7 +252,7 @@ + *p = '\0'; + } + #endif + - if (strlen(hp->h_name) > hostlen) { + + if (strlen(hp->h_name) + 1 > hostlen) { + freehostent(hp); + return ENI_MEMORY; + } +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOgCgVlUuHi5z0oilAQGqfwP/SYLG0yD0uR4wdPHy5S9eXH4HqtNrVpF7 +NlN3iMjHrzIDqeFSYoRTbMEhrbTTGMWYIEadadW9zjlnHfGNRniYx2oOhm+0tqsI +C3wlqsGAo2GXsXfr1hOpcVc1GqLhsK3oLgz9RRMoMlRWJ+K0bHHLwKlB9uEoxPJ2 +X/WHJ//RQXI= +=YFwv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:64.global.asc b/share/security/advisories/FreeBSD-SA-00:64.global.asc new file mode 100644 index 0000000000..6191abb0c5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:64.global.asc @@ -0,0 +1,106 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:64 Security Advisory + FreeBSD, Inc. + +Topic: global port allows remote compromise through CGI script + +Category: ports +Module: global +Announced: 2000-11-06 +Credits: Shigio Yamaguchi +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-09 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +global is a source-code tagging system for indexing and searching +large bodies of source code. + +II. Problem Description + +The global port, versions 3.5 through to 3.55, contains a +vulnerability in the CGI script generated by the htags utility which +allows a remote attacker to execute code on the local system as the +user running the script, typically user 'nobody' in most +installations. + +There is no vulnerability in the default installation of the port, but +if an administrator uses the 'htags -f' command to generate a CGI +script enabling the browsing of source code, then the system is +vulnerable to attack caused by incorrect validation of input. + +An older version of global was included in previous releases of +FreeBSD; this is not vulnerable to the problem described here. + +The global port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4100 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 +contain this problem since it was discovered after the releases, but +it was corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +If the 'htags -f' command is used to generate a CGI script which is +then installed under a webserver, then remote users may execute +arbitrary commands on the local system as the user which runs the CGI +script. + +If you have not chosen to install the global port/package, or you have +not used the 'htags -f' command to produce a CGI script, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the global port/package, if you you have installed it, or +remove the 'global.cgi' file installed on the website. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the global port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/global-4.0.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/global-4.0.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/global-4.0.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/global-4.0.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/global-4.0.1.tgz + +3) download a new port skeleton for the cvsweb port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOgcQslUuHi5z0oilAQHKXAP/Wz2SmgOAIYFOquE3z+++5nbNxKYmKS/J +Tb1ClUtPSSk6s/dfX3t17O1o0a/Pmj3u+CxAdRXdIka1XAQE9lY2pL4uhEVr0nXT +/+I4Hap17OZVdNTTiF/a6LYd/WYbJkMrRbADnZjvRp5zrOpPwbzc1ZwIn9GRqiHc +XYA/cWGGWXg= +=+ex8 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:65.xfce.asc b/share/security/advisories/FreeBSD-SA-00:65.xfce.asc new file mode 100644 index 0000000000..7858be0515 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:65.xfce.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:65 Security Advisory + FreeBSD, Inc. + +Topic: xfce allows local X session compromise + +Category: ports +Module: xfce +Announced: 2000-11-06 +Credits: Nicholas Brawn +Affects: Ports collection prior to the correction date. +Corrected: 2000-11-01 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +xfce is a window manager/desktop environment for the X Windows system. + +II. Problem Description + +Versions of xfce prior to 3.52 contain a startup script which +incorrectly allows access to the X display to all other users on the +local system. Such users are able to monitor and control the contents +of the display window as well as monitoring input from keyboard and +mouse devices. For example, this allows them to monitor passphrases +typed into a terminal window, among other possibilities. + +The xfce port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 4100 third-party applications in a ready-to-install format. The +ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are vulnerable +to this problem since it was discovered after the releases, but it was +corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local users can monitor and control the contents of the X display +running xfce, as well as input devices such as mice and keyboards. + +IV. Workaround + +Deinstall the xfce port/package, if you you have installed it, or +remove the lines containing 'xhost +$HOSTNAME' in the following files: + +/usr/X11R6/etc/xfce/xinitrc +/usr/X11R6/etc/xfce/xinitrc.mwm + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the xfce port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11-wm/xfce-3.12.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/xfce-3.12.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11-wm/xfce-3.12.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/xfce-3.12.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11-wm/xfce-3.12.tgz + +3) download a new port skeleton for the xfce port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOgdCalUuHi5z0oilAQEwxwP+OoowcV51kn3hHjcFWZRk2GAIw/mu6gxP +GsLscf2IMAX+dyJG+sNtpzktsrMsIFcv5ADjNjhW+WAqqGhNCosV6cQ8/BNi0+m4 +o4Mqyc3jsYBkWzzXd/W6y4EWStup+7/iz/68DPdIUHs1IyfFQ7DiCgWXzZBo8GG1 +6muI/XYYm6Q= +=Ioj2 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:66.netscape.asc b/share/security/advisories/FreeBSD-SA-00:66.netscape.asc new file mode 100644 index 0000000000..9cb0bb78d5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:66.netscape.asc @@ -0,0 +1,97 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:66 Security Advisory + FreeBSD, Inc. + +Topic: Client vulnerability in Netscape + +Category: ports +Module: netscape +Announced: 2000-11-06 +Credits: Michal Zalewski +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-29 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +Netscape is a popular web browser, available in several versions in +the FreeBSD ports collection. + +II. Problem Description + +Versions of netscape prior to 4.76 allow a client-side exploit through +a buffer overflow in html code. A malicious website operator can cause +arbitrary code to be executed by the user running the netscape client. + +The netscape ports are not installed by default, nor are they "part of +FreeBSD" as such: they are part of the FreeBSD ports collection, which +contains over 4100 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are +vulnerable to this problem since it was discovered after the release, +but it was corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote attackers can execute arbitrary code on the local system by +convincing users to visit a malicious website. + +If you have not chosen to install the netscape port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the netscape port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the relevant +netscape port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/ + +Since there are so many variations of the netscape ports in the +FreeBSD ports collection they are not listed separately +here. Localized versions are also available in the respective language +subdirectory. + +3) download a new port skeleton for the netscape port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOgdCqFUuHi5z0oilAQFMFgQAjrqHzfVCD2oLCya0budGincSy+e6onfi +XCMqyf8sAeEO5Bg4klVhkTMKCCPo9MEeLNWm3EwQHU4bN8wxD9NUHkYrVgNCsD8b +rN34aAogoJR1fsfN960OW9EHWH8trPJDlC6IS1KYOmpOL8AuBfmbahL1vSx5TtZP +vPFky0dFwKg= +=mKdp +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:67.gnupg.asc b/share/security/advisories/FreeBSD-SA-00:67.gnupg.asc new file mode 100644 index 0000000000..1f450f7cce --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:67.gnupg.asc @@ -0,0 +1,92 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:67 Security Advisory + FreeBSD, Inc. + +Topic: gnupg fails to correctly verify signatures + +Category: ports +Module: gnupg +Announced: 2000-11-10 +Credits: Jim Small +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-18 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +GnuPG is an implementation of the PGP digital signature/encryption +protocol. + +II. Problem Description + +Versions of gnupg prior to 1.04 fail to correctly verify multiple +signatures contained in a single document. Only the first signature +encountered is actually verified, meaning that other data with invalid +signatures (e.g. data which has been tampered with by an attacker) +will not be verified, and the entire document will be treated as +having valid signatures. + +The gnupg port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4100 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are +vulnerable to this problem since it was discovered after the releases, +but it was corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Documents containing multiple signed regions of data can be corrupted +or tampered with by an attacker without detection, as long as the +first signature in the document remains valid. + +IV. Workaround + +Deinstall the gnupg port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the gnupg port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/gnupg-1.04.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/gnupg-1.04.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/gnupg-1.04.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/gnupg-1.04.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/gnupg-1.04.tgz + +3) download a new port skeleton for the gnupg port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOgx6dlUuHi5z0oilAQEGaAP+KXIJlLBgF7tXXtLWcyJkhI6mAxgMyHEJ +y+9RkI22mz7etMN1Nqm22Rj1cYBO99Q35lx4qJpuGftuRV+D9P6f5FbXMp+qhw24 +K1t07eQhgiiNO1y9snvvEwwWtsHiosMFyIleFdbJwXoioqNsDFcByOwbG7zoEOOU +BfDBTmKtPvQ= +=1ZMA +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:68.ncurses.asc b/share/security/advisories/FreeBSD-SA-00:68.ncurses.asc new file mode 100644 index 0000000000..126fbc73e9 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:68.ncurses.asc @@ -0,0 +1,214 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:68 Security Advisory + FreeBSD, Inc. + +Topic: ncurses allows local privilege escalation [REVISED] + +Category: core, ports +Module: ncurses +Announced: 2000-11-13 +Revised: 2000-11-20 +Affects: FreeBSD 5.0-CURRENT, 4.x prior to the correction date. + FreeBSD 3.x not yet fixed. +Corrected: 2000-10-11 (FreeBSD 4.1.1-STABLE) + 2000-11-10 (ncurses port) +Credits: Jouko Pynnonen +FreeBSD only: NO + +0. Revision History + +v1.0 2000-11-13 Initial release +v1.1 2000-11-20 Corrected status of 3.x, referenced ncurses port + +I. Background + +ncurses is a text-mode display library used for formatting the output +of applications on a variety of terminals. It is externally +maintained, contributed code which is included in FreeBSD by default. + +II. Problem Description + +There exists an overflowable buffer in the libncurses library in the +processing of cursor movement capabilities. An attacker can force a +privileged application to use the attacker's termcap file containing a +specially crafted terminal entry, which will trigger the vulnerability +when the vulnerable ncurses code is called. This allows them to +execute arbitrary code on the local system with the privileges of the +exploited binary. + +The systat utility included in the FreeBSD base system is known to use +vulnerable ncurses routines. It runs with increased privileges as a +member of the kmem group, which allows it to read from kernel memory +(but not write to it). A process with the ability to read from kernel +memory can monitor privileged data such as network traffic, disk +buffers and terminal activity, and may be able to leverage this to +obtain further privileges on the local system or on other systems, +including root privileges. + +There may be other vulnerable applications included in the FreeBSD +base system, but no others are confirmed to be vulnerable due to the +difficulty in identifying a complete list of vulnerable ncurses +functions. However the following is a complete list of FreeBSD system +binaries which link against ncurses and run with increased +privileges. They may or may not be vulnerable to exploitation. + +/usr/sbin/lpc +/usr/bin/top +/usr/bin/systat + +FreeBSD 3.x and earlier versions use a very old, customized version of +ncurses which is difficult to update without breaking +backwards-compatibility. The update was made for FreeBSD 4.0, but 3.x +will not be updated to the newer version. At this stage the +vulnerability has not been fixed in FreeBSD 3.x. + +The ncurses port (versions prior to 5.2) also contains this +vulnerability. It was corrected prior to the release of FreeBSD 4.2. + +III. Impact + +Certain setuid/setgid software (including FreeBSD base system +utilities and third party ports/packages) may be vulnerable to a local +exploit yielding privileged access. + +The /usr/bin/systat utility is known to be vulnerable to this problem +in ncurses. At this time is unknown whether /usr/bin/top and +/usr/sbin/lpc are also affected. + +The problems were corrected prior to the release of FreeBSD 4.2. + +IV. Workaround + +It is not feasible to reliably detect binaries which are vulnerable to +the ncurses vulnerability, however the provided utility will scan for +privileged binaries which use ncurses and which may potentially be +vulnerable. Some of the binaries reported may not in fact be +vulnerable, but should be recompiled anyway for maximum assurance of +security. + +Statically linked binaries which are identified as potentially +vulnerable should be recompiled from source code if possible, after +patching and recompiling libc, in order to correct the vulnerability. +Dynamically linked binaries will be corrected by simply patching and +recompiling libc as described below. + +As an interim measure, consider removing any identified setuid or +setgid binary, removing set[ug]id privileges from the file, or +limiting the file access permissions, as appropriate. + +Of course, it is possible that some of the identified files may be +required for the correct operation of your local system, in which case +there is no clear workaround except for limiting the set of users who +may run the binaries, by an appropriate use of user groups and +removing the "o+x" file permission bit. + +1) Download the 'scan_ncurses.sh' and 'test_ncurses.sh' scripts from + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh + +e.g. with the fetch(1) command: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh +Receiving scan_ncurses.sh (381 bytes): 100% +381 bytes transferred in 0.1 seconds (7.03 kBps) +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh +Receiving test_ncurses.sh (604 bytes): 100% +604 bytes transferred in 0.1 seconds (6.55 kBps) + +2) Verify the md5 checksums and compare to the value below: + +# md5 scan_ncurses.sh +MD5 (scan_ncurses.sh) = 597f63af701253f053581aa1821cbac1 +# md5 test_ncurses.sh +MD5 (test_ncurses.sh) = 12491ceb15415df7682e3797de53223e + +3) Run the scan_ncurses.sh script against your system: + +# chmod a+x ./test_ncurses.sh +# sh scan_ncurses.sh ./test_ncurses.sh / + +This will scan your entire system for setuid or setgid binaries which +make use of the ncurses library. Each returned binary should be +examined (e.g. with 'ls -l' and/or other tools) to determine what +security risk it poses to your local environment, e.g. whether it can +be run by arbitrary local users who may be able to exploit it to gain +privileges. + +4) Remove the binaries, or reduce their file permissions, as appropriate. + +V. Solution + +Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE after the +correction date, or patch your present system source code and +rebuild. Then run the scan_ncurses.sh script as instructed in section +IV and identify any statically-linked binaries as reported by the +script. These should either be removed, recompiled, or have privileges +restricted to secure them against this vulnerability (since +statically-linked binaries will not be affected by simply recompiling +the shared libc library). + +To patch your present system: download the updated ncurses code from +the below location, and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz.asc + +Verify the detached PGP signature using your PGP utility. + +cd /usr/src +tar xvfz /path/to/ncurses.tar.gz +cd /usr/src/lib/libncurses +make all +make install + +In contrast to the usual practise, a simple patch fixing the security +vulnerability is not provided because the vendor did not make one +available, and the updated ncurses snapshot which fixed it contains +numerous other changes whose purpose and relation to the fix was +unclear. + +[ncurses port] + +If you have installed a vulnerable version of the ncurses port, one of +the following steps may be used to upgrade it: + +1) Upgrade your entire ports collection and rebuild the ncurses port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/ncurses-5.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/ncurses-5.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/ncurses-5.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/ncurses-5.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/ncurses-5.2.tgz + +3) download a new port skeleton for the ncurses port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhmaFlUuHi5z0oilAQG5MwP9FStZoFKPCqfciIbIcFrE0wLYuEOeI24S +j9D4rSwU1ALzHB7DMpeXmju5pDRROmgUTIOGnBN9FcXZly4lDN3Y9yyIeW6Ia5UZ +wWbkhxsn573kD3P00WHAB1F1ccbbK4+SPNLkdJDgyyqAC4SdgeJEg5+z+Wcx7d3E +t/Xsv/X1ylA= +=ZiMW +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:69.telnetd.asc b/share/security/advisories/FreeBSD-SA-00:69.telnetd.asc new file mode 100644 index 0000000000..42fd43353b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:69.telnetd.asc @@ -0,0 +1,231 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:69 Security Advisory + FreeBSD, Inc. + +Topic: telnetd allows remote system resource consumption [REVISED] + +Category: core +Module: telnetd +Announced: 2000-11-14 +Revised: 2000-11-20 +Credits: Jouko Pynnonen +Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior + to 4.2), FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior + to the correction date. +Corrected: 2000-11-19 (FreeBSD 4.1.1-STABLE) + 2000-11-19 (FreeBSD 3.5.1-STABLE) +FreeBSD only: NO + +0. Revision History + +v1.0 2000-11-14 Initial release +v1.1 2000-11-20 Corrected patch, pointed out by + Christos Zoulas + +I. Background + +telnetd is the server for the telnet remote login protocol. + +II. Problem Description + +The telnet protocol allows for UNIX environment variables to be passed +from the client to the user login session on the server. However, some +of these environment variables have special meaning to the telnetd +child process itself and may be used to affect its operation. + +Of particular relevance is the ability for remote users to cause an +arbitrary file on the system to be searched for termcap data by +passing the TERMCAP environment variable. Although any file on the +local system can be read since the telnetd server runs as root, the +contents of the file will not be reported in any way to the remote +user unless it contains a valid termcap entry, in which case the +corresponding termcap sequences will be used to format the output sent +to the client. It is believed there is no risk of data disclosure +through this vulnerability. + +However, an attacker who forces the server to search through a large +file or to read from a device can cause resources to be spent by the +server, including CPU cycles and disk read bandwidth, which can +increase the server load and may prevent it from servicing legitimate +user requests. Since the vulnerability occurs before the login(1) +utility is spawned, it does not require authentication to a valid +account on the server in order to exploit. + +All released versions of FreeBSD prior to the correction date +including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem, +but it was fixed in the 4.1.1-STABLE branch prior to the release of +FreeBSD 4.2-RELEASE. + +III. Impact + +Remote users without a valid login account on the server can cause +resources such as CPU and disk read bandwidth to be consumed, causing +increased server load and possibly denying service to legitimate +users. + +IV. Workaround + +1) Disable the telnet service, which is usually run out of inetd: +comment out the following lines in /etc/inetd.conf, if present. + +telnet stream tcp nowait root /usr/libexec/telnetd telnetd + +telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd + +2) Impose access restrictions using TCP wrappers (/etc/hosts.allow), +or a network-level packet filter such as ipfw(8) or ipf(8) on the +perimeter firewall or the local machine, to limit access to the telnet +service to trusted machines. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or +3.5.1-STABLE after the respective correction dates. Note that the +original patch was incorrect and caused telnetd to behave incorrectly +in certain situations. + +2) Apply the patch below and recompile the relevant files: + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch.v1.1 +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch.v1.1.asc + +Execute the following commands as root: + +# cd /usr/src/libexec/telnetd +# patch -p < /path/to/patch_or_advisory +# make depend && make all install + +Updated patch for vulnerable systems: + + Index: ext.h + =================================================================== + RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v + retrieving revision 1.7 + retrieving revision 1.8 + diff -u -r1.7 -r1.8 + --- ext.h 1999/08/28 00:10:22 1.7 + +++ ext.h 2000/11/19 10:01:27 1.8 + @@ -87,7 +87,7 @@ + #endif + + extern int pty, net; + -extern char *line; + +extern char line[16]; + extern int SYNCHing; /* we are in TELNET SYNCH mode */ + + #ifndef P + Index: sys_term.c + =================================================================== + RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v + retrieving revision 1.24 + retrieving revision 1.26 + diff -u -r1.24 -r1.26 + --- sys_term.c 1999/08/28 00:10:24 1.24 + +++ sys_term.c 2000/11/19 10:01:27 1.26 + @@ -480,14 +480,10 @@ + * + * Returns the file descriptor of the opened pty. + */ + -#ifndef __GNUC__ + -char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + -#else + -static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + -char *line = Xline; + -#endif + #ifdef CRAY + -char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"; + +char myline[16]; + +#else + +char line[16]; + #endif /* CRAY */ + + int + @@ -1799,6 +1795,13 @@ + strncmp(*cpp, "_RLD_", 5) && + strncmp(*cpp, "LIBPATH=", 8) && + #endif + + strncmp(*cpp, "LOCALDOMAIN=", 12) && + + strncmp(*cpp, "RES_OPTIONS=", 12) && + + strncmp(*cpp, "TERMINFO=", 9) && + + strncmp(*cpp, "TERMINFO_DIRS=", 14) && + + strncmp(*cpp, "TERMPATH=", 9) && + + strncmp(*cpp, "TERMCAP=/", 9) && + + strncmp(*cpp, "ENV=", 4) && + strncmp(*cpp, "IFS=", 4)) + *cpp2++ = *cpp; + } + Index: telnetd.c + =================================================================== + RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v + retrieving revision 1.22 + retrieving revision 1.24 + diff -u -r1.22 -r1.24 + --- telnetd.c 2000/01/25 14:52:00 1.22 + +++ telnetd.c 2000/11/19 10:01:27 1.24 + @@ -805,13 +805,12 @@ + #else + for (;;) { + char *lp; + - extern char *line, *getpty(); + + if ((lp = getpty()) == NULL) + fatal(net, "Out of ptys"); + + if ((pty = open(lp, 2)) >= 0) { + - strcpy(line,lp); + + strlcpy(line,lp,sizeof(line)); + line[5] = 't'; + break; + } + @@ -1115,7 +1114,7 @@ + IM = Getstr("im", &cp); + IF = Getstr("if", &cp); + if (HN && *HN) + - (void) strcpy(host_name, HN); + + (void) strlcpy(host_name, HN, sizeof(host_name)); + if (IF && (if_fd = open(IF, O_RDONLY, 000)) != -1) + IM = 0; + if (IM == 0) + Index: utility.c + =================================================================== + RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v + retrieving revision 1.13 + retrieving revision 1.14 + diff -u -r1.13 -r1.14 + --- utility.c 1999/08/28 00:10:25 1.13 + +++ utility.c 2000/10/31 05:29:54 1.14 + @@ -330,7 +330,7 @@ + { + char buf[BUFSIZ]; + + - (void) sprintf(buf, "telnetd: %s.\r\n", msg); + + (void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg); + (void) write(f, buf, (int)strlen(buf)); + sleep(1); /*XXX*/ + exit(1); + @@ -343,7 +343,7 @@ + { + char buf[BUFSIZ], *strerror(); + + - (void) sprintf(buf, "%s: %s", msg, strerror(errno)); + + (void) snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno)); + fatal(f, buf); + } +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhmZhlUuHi5z0oilAQECjQP/RJyFP/msuoNj1ebyeE4PjXHFV99FoVIY +jeBCjheFN+9kVR2ZqGxzhF8Ds1jsHI2oURhjNwRkf+OGNzCfDKEseTa0/Aa59XG5 +68O9DKP2CEZnNra3N5uWCBX7ozGI1iCfJkBstSXBhdpyeumOjhfkEF1cwvJldyWl +YMIWv/MwRWs= +=wuWd +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:70.ppp-nat.asc b/share/security/advisories/FreeBSD-SA-00:70.ppp-nat.asc new file mode 100644 index 0000000000..f3e081b7e6 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:70.ppp-nat.asc @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:70 Security Advisory + FreeBSD, Inc. + +Topic: ppp "deny_incoming" does not correctly deny incoming packets + +Category: core +Module: ppp +Announced: 2000-11-14 +Credits: Robin Melville +Affects: FreeBSD 3.5, 3.5.1, 4.1, 4.1.1 + FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the + correction date. +Corrected: 2000-10-30 (FreeBSD 4.1.1-STABLE) + 2000-10-30 (FreeBSD 3.5.1-STABLE) +FreeBSD only: Yes + +I. Background + +The ppp(8) utility includes network address translation functionality +for translating between public and private IP address ranges. It uses +the libalias library to perform translation services. + +II. Problem Description + +The "nat deny_incoming" command is documented as "refusing all +incoming connections" and is commonly used as a simple "firewall" to +prevent outside users from connecting to services on the internal +network. However the behaviour of the ppp code was changed in the 4.x +and 3.x branches prior to the release of FreeBSD 4.1 and 3.5 (on +2000-06-05 and 2000-06-03 respectively) to allow passing of packets +which are not understood, such as IPSEC packets and other IP protocol +traffic not explicitly recognised by the code as being an "incoming +connection attempt". While this was arguably incorrect behaviour in +itself, the code also incorrectly allowed through ALL incoming +traffic, effectively turning "deny_incoming" into a no-op. + +Thus, users who are using the deny_incoming functionality in the +expectation that it provides a "deny by default" firewall which only +allows through packets known to be part of an existing NAT session, +are in fact allowing other types of unsolicited IP traffic into their +internal network. + +The behaviour of ppp was corrected to only allow incoming packets +which are known to be part of a valid NAT session, which gives the +desired packet filtering behaviour in the general case. Outgoing IP +traffic which is not understood by libalias (such as an outgoing IPSEC +packet part of a VPN) will cause a NAT session to be established which +will allow incoming packets with the corresponding source and +destination IP addresses and protocol number to pass, but all others +to be denied. + +This behaviour may be sufficient for the security needs of many users, +although users with advanced filtering or security policy requirements +are advised to use a more configurable packet filter such as those +provided by ipfw(8) or ipf(8) which can meet their needs. + +The following released versions of FreeBSD are the only releases +vulnerable to this problem: 3.5, 3.5.1, 4.1, 4.1.1. It was fixed in +the 4.1.1-STABLE branch prior to the release of FreeBSD 4.2-RELEASE. + +III. Impact + +Remote users can cause incoming traffic which is not part of an +existing NAT session to pass the NAT gateway, which may constitute a +breach of security policy. + +IV. Workaround + +Use a true packet filter such as ipfw(8) or ipf(8) on the PPP gateway +to deny incoming traffic according to the desired security policy. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or +3.5.1-STABLE after the respective correction dates. + +2) Apply the patch below and recompile the relevant files: + +Either save this advisory to a file, or download the patch and +detached PGP signature from the following locations, and verify the +signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:70/ppp.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:70/ppp.patch.asc + +Execute the following commands as root: + +# cd /usr/src/usr.sbin/ppp +# patch -p < /path/to/patch_or_advisory +# make depend && make all install + +Patch for vulnerable systems: + +Index: nat_cmd.c +=================================================================== +RCS file: /mnt/ncvs/src/usr.sbin/ppp/nat_cmd.c,v +retrieving revision 1.49 +retrieving revision 1.50 +diff -u -r1.49 -r1.50 +- --- nat_cmd.c 2000/07/11 22:11:31 1.49 ++++ nat_cmd.c 2000/10/30 18:02:01 1.50 +@@ -421,7 +421,11 @@ + break; + + case PKT_ALIAS_IGNORED: +- - if (log_IsKept(LogTCPIP)) { ++ if (PacketAliasSetMode(0, 0) & PKT_ALIAS_DENY_INCOMING) { ++ log_Printf(LogTCPIP, "NAT engine denied data:\n"); ++ m_freem(bp); ++ bp = NULL; ++ } else if (log_IsKept(LogTCPIP)) { + log_Printf(LogTCPIP, "NAT engine ignored data:\n"); + PacketCheck(bundle, MBUF_CTOP(bp), bp->m_len, NULL, NULL, NULL); + } +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhG88FUuHi5z0oilAQFcaAP8D9gkr5GbGfj0visocGTMzKmhbXCwtgVX +B5qwVdDKYSx3sAicK32gsnKdxJYno5D7Vd8ic0/N28DfuR+rw7tyGKPkgZZQiptL +CTODBugeHFV/XZ3CyES+orkRN78Wgc6kBZtvyudaXtYHbzRo2K48acOGnQN/X4tR +Tt613Vl57rY= +=SCKm +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:71.mgetty.asc b/share/security/advisories/FreeBSD-SA-00:71.mgetty.asc new file mode 100644 index 0000000000..2b3dee43ea --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:71.mgetty.asc @@ -0,0 +1,100 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:71 Security Advisory + FreeBSD, Inc. + +Topic: mgetty can create or overwrite files + +Category: ports +Module: mgetty +Announced: 2000-11-20 +Credits: Stan Bubrouski +Affects: Ports collection prior to the correction date. +Corrected: 2000-9-10 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +mgetty is a replacement for the getty utility designed for use with +data and fax modems. + +II. Problem Description + +The mgetty port, versions prior to 1.1.22.8.17, contains a +vulnerability that may allow local users to create or overwrite any +file on the system. This is due to the faxrunqd daemon (which usually +runs as root) following symbolic links when creating a .last_run file +in the world-writable /var/spool/fax/outgoing/ directory. + +This presents a denial of service attack since the attacker can cause +critical system files to be overwritten, but it is not believed the +attacker has the ability to control the contents of the overwritten +file. Therefore the possibility of using this attack to elevate +privileges is believed to be minimal. + +The mgetty port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4100 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 +contain this problem since it was discovered after the releases, but +it was corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users may create or overwrite any file on the +system. + +If you have not chosen to install the mgetty port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the mgetty port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the mgetty port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/comms/mgetty-1.1.22.8.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/comms/mgetty-1.1.22.8.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/comms/mgetty-1.1.22.8.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/comms/mgetty-1.1.22.8.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/comms/mgetty-1.1.22.8.17.tgz + +3) download a new port skeleton for the mgetty port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhmWG1UuHi5z0oilAQE5jAP+Lj1qI76n/cHjmfR05NTckZ4EI1Fkt708 +zZfEL9B4y8FCgluw9nLNhVKHYjkQFg/b0SEgBetElPu+k6ivcu9EqI2Gk4RIyT82 +HJFqOOnvX2yodMgZo1NozEot3aw3DIQg8TFs0Z/w0E4e+02iCytPmZYfrE5vbWif +q1qAcFpgJWE= +=l2yv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:72.curl.asc b/share/security/advisories/FreeBSD-SA-00:72.curl.asc new file mode 100644 index 0000000000..e3ef1a2fbd --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:72.curl.asc @@ -0,0 +1,91 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:72 Security Advisory + FreeBSD, Inc. + +Topic: curl client-side vulnerability + +Category: ports +Module: curl +Announced: 2000-11-20 +Credits: Wichert Akkerman +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-30 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +curl is a multi-protocol file retrieval tool. + +II. Problem Description + +The curl port, versions prior to 7.4.1, allows a client-side exploit +through a buffer overflow in the error handling code. A malicious ftp +server operator can cause arbitrary code to be executed by the user +running the curl client. + +The curl port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 4100 third-party applications in a ready-to-install format. +The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain +this problem since it was discovered after the releases, but it was +corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious FTP server operators can execute arbitrary code on the local +system when a file is downloaded from this server. + +If you have not chosen to install the curl port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the curl port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the curl port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/curl-7.4.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/curl-7.4.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/curl-7.4.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/curl-7.4.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/curl-7.4.1.tgz + +3) download a new port skeleton for the curl port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhmXtlUuHi5z0oilAQGoWwP8D4Do6NX9PMIrCaky4BU4rj37l5PO7kHn +h94zc2ISFpX5IBceUDCbVNjJJPkA8hXHhWXHZulpruu6yza/V9Oo3Uz86HrzY4Tw +7Rj3iwQ/5/wJW3Ya/BcnBozk1/NlnAxGzKluTOlHe8UCFPV8JtCrE5RPRHMQ3BP8 +IN3EDVdvLzw= +=EQge +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:73.thttpd.asc b/share/security/advisories/FreeBSD-SA-00:73.thttpd.asc new file mode 100644 index 0000000000..eee7a61363 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:73.thttpd.asc @@ -0,0 +1,95 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:73 Security Advisory + FreeBSD, Inc. + +Topic: thttpd allows remote reading of local files + +Category: ports +Module: thttpd +Announced: 2000-11-20 +Credits: ghandi@MINDLESS.COM +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-30 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +thttpd is a simple, small, fast HTTP server. + +II. Problem Description + +The thttpd port, versions prior to 2.20, allows remote viewing of +arbitrary files on the local server. The 'ssi' cgi script does not +correctly restrict URL-encoded requests containing ".." in the path. +In addition, the cgi script does not have the same restrictions as the +web server for preventing requests outside of the web root. These two +flaws allow remote users to access any file on the system accessible +to the web server user (user 'nobody' in the default configuration). + +The thttpd port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4100 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 +contain this problem since it was discovered after the releases, but +it was corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users may access any file on the system accessible to the web +server user (user 'nobody' in the default installation). + +If you have not chosen to install the thttpd port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the thttpd port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the thttpd port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/thttpd-2.20b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/thttpd-2.20b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/thttpd-2.20b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/thttpd-2.20b.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/thttpd-2.20b.tgz + +3) download a new port skeleton for the thttpd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhmWNFUuHi5z0oilAQF1sQP9Fc/jBFjSNhzGIGc+bglEOiepdajSk3Ep +wtoLUQJug56qcbUtxgg6FxbDv7xW/uYZ1YKWYQsjAr0tyYv+zTSVgvxAhREY1En2 +TIqrRTjTPir5yAodzsVvueTdjVhgQhWKHlrNMUKK3hfWoeLXiLhtFTDn8jam/2pO +tw8I3tWT16I= +=+HRv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:74.gaim.asc b/share/security/advisories/FreeBSD-SA-00:74.gaim.asc new file mode 100644 index 0000000000..ac85747eea --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:74.gaim.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:74 Security Advisory + FreeBSD, Inc. + +Topic: gaim remote vulnerability + +Category: ports +Module: gaim +Announced: 2000-11-20 +Credits: Stan Bubrouski +Affects: Ports collection prior to the correction date. +Corrected: 2000-11-16 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +gaim is a popular AOL Instant Messenger client. + +II. Problem Description + +The gaim port, versions prior to 0.10.3_1, allows a client-side +exploit through a buffer overflow in the HTML parsing code. This +vulnerability may allow remote users to execute arbitrary code as the +user running gaim. + +The gaim port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 4100 third-party applications in a ready-to-install format. The +ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain this +problem since it was discovered after the releases, but it was +corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may execute arbitrary code as the user running +gaim. + +If you have not chosen to install the gaim port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the gaim port/package, if you you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the gaim port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/gaim-0.10.3_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/gaim-0.10.3_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/gaim-0.10.3_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/gaim-0.10.3_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/gaim-0.10.3_1.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the gaim port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhmWVVUuHi5z0oilAQGDvwP+LYld3QmBByW+w9LkQ6wKLtaqFqWO+dEL +1JQm44OEVgWX01btMuyVvso9iqn3bCVHE8CatXPp4mnwEgR29lu2taU7ilKWOxwX +Odh9Q+XrWGaCRP/LkiPYUVpsc1gwoBpqEdrGjbv2LhIg04uyd/W1rwEfSPtOZUNW +3ISE4DYF7RQ= +=Yt3k +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:75.php.asc b/share/security/advisories/FreeBSD-SA-00:75.php.asc new file mode 100644 index 0000000000..959766ff66 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:75.php.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:75 Security Advisory + FreeBSD, Inc. + +Topic: mod_php3/mod_php4 allows remote code execution + +Category: ports +Module: mod_php3/mod_php4 +Announced: 2000-11-20 +Credits: Jouko Pynnönen +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-12 (mod_php4), 2000-10-18 (mod_php3) +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +php is a commonly used HTML-embedded scripting language. + +II. Problem Description + +The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3 +(mod_php4), contain a potential vulnerablilty that may allow a +malicious remote user to execute arbitrary code as the user running +the web server, typically user 'nobody'. The vulnerability is due to +a format string vulnerability in the error logging routines. + +A web server is vulnerable if error logging is enabled in php.ini. +Additionally, individual php scripts may cause the web server to be +vulnerable if the script uses the syslog() php function regardless of +error logging in php.ini. + +The mod_php ports are not installed by default, nor are they "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4100 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 +contain this problem since it was discovered after the releases, but +it was corrected prior to the release of FreeBSD 4.2. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users can execute arbitrary code on the local system +as the user running the webserver (typically user 'nobody'). This +vulnerability requires error logging to be enabled in php.ini or by +using the syslog() php function in a script. + +If you have not chosen to install the mod_php3 or mod_php4 +port/package, then your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the mod_php3/mod_php4 port/package, if you you have +installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the +mod_php3/mod_php4 port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[php3] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-3.0.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-3.0.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-3.0.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-3.0.17.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-3.0.17.tgz + +[php4] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-4.0.3pl1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-4.0.3pl1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-4.0.3pl1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-4.0.3pl1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-4.0.3pl1.tgz + +3) download a new port skeleton for the mod_php3/mod_php4 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhmWdlUuHi5z0oilAQHlCQP/W+MsHrhJbBEg8JRhw5ZoGh8DI/KHD6gT +PYgaIhr72vmHYN7xtkuHDxV1C5O15YC+z7CzZseYvpdfBDVDm3qKwBQdN5EuumQg +09LHPZEwayLYlgdRmoRQiP8OGsrYER29sYFQZlKvf8ZJw4tZkwJKPmpGBO5bxvSk ++N5lbHKNdHw= +=gy7y +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:76.tcsh-csh.asc b/share/security/advisories/FreeBSD-SA-00:76.tcsh-csh.asc new file mode 100644 index 0000000000..822c78d4cf --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:76.tcsh-csh.asc @@ -0,0 +1,150 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:76 Security Advisory + FreeBSD, Inc. + +Topic: tcsh/csh creates insecure temporary file + +Category: core, ports +Module: tcsh, 44bsd-csh +Announced: 2000-11-20 +Affects: FreeBSD 4.x, 3.x prior to the correction date. +Corrected: 2000-11-04 (FreeBSD 4.1.1-STABLE) + 2000-11-05 (FreeBSD 3.5.1-STABLE) + 2000-11-09 (44bsd-csh port) + 2000-11-19 (tcsh port) +Credits: proton +FreeBSD only: NO + +I. Background + +tcsh is an updated version of the traditional BSD C Shell +(csh). Versions of csh and tcsh are included in the FreeBSD ports +collection (tcsh, 44bsd-csh) and the FreeBSD base system (csh, tcsh). + +II. Problem Description + +The csh and tcsh code creates temporary files when the '<<' operator +is used, however these are created insecurely and use a predictable +filename based on the process ID of the shell. An attacker can +exploit this vulnerability to overwrite an arbitrary file writable by +the user running the shell. The contents of the file are overwritten +with the text being entered using the '<<' operator, so it will +usually not be under the control of the attacker. + +Therefore the likely impact of this vulnerability is a denial of +service since the attacker can cause critical files writable by the +user to be overwritten. It is unlikely, although possible depending +on the circumstances in which the '<<' operator is used, that the +attacker could exploit the vulnerability to gain privileges (this +typically requires that they have control over the contents the target +file is overwritten with). + +All versions of FreeBSD prior to the correction date are vulnerable to +this problem: the /bin/csh shell included in the base system (which is +the same as /bin/tcsh in recent versions) as well as the tcsh +(versions prior to 6.09.03_1) and 44bsd-csh ports (versions prior to +44bsd-csh-20001106) in the ports collection. The problems with the +base system shells and the 44bsd-csh port were resolved prior to the +release of FreeBSD 4.2. The tcsh port was not fixed prior to the +release, but the port is disabled in FreeBSD 4.2 since the same +software exists in the base system. + +III. Impact + +Unprivileged local users can cause an arbitrary file writable by a +victim to be overwritten when the victim invokes the '<<' operator in +csh or tcsh (e.g. from within a shell script). + +If you have not installed the tcsh or 44bsd-csh ports on your +4.1.1-STABLE system dated after the correction date, your system is +not vulnerable to this problem. + +IV. Workaround + +None practical. + +V. Solution + +Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE after the +correction date, or patch your present system source code and +rebuild. + +To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 4.x base system] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/tcsh.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/tcsh.patch.asc + +Verify the detached PGP signature using your PGP utility. + +cd /usr/src/contrib/tcsh +patch -p < /path/to/patch +cd /usr/src/bin/csh +make depend && make all install + +[FreeBSD 3.x base system] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/csh.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/csh.patch.asc + +Verify the detached PGP signature using your PGP utility. + +cd /usr/src/bin/csh +patch -p < /path/to/patch +make depend && make all install + +[Ports collection] + +One of the following: + +1) Upgrade your entire ports collection and rebuild the tcsh/44bsd-csh +port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[tcsh] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/tcsh-6.09.03_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/tcsh-6.09.03_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/tcsh-6.09.03_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/tcsh-6.09.03_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/tcsh-6.09.03_1.tgz + +[44bsd-csh] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/44bsd-csh-20001106.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/44bsd-csh-20001106.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/44bsd-csh-20001106.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/44bsd-csh-20001106.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/44bsd-csh-20001106.tgz + +3) download a new port skeleton for the tcsh/44bsd-csh port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOhmfAlUuHi5z0oilAQGTBQP/fKPInKBn9a5NZSc5fWPYKdQda2gL1Mji +bMaOpF6DiYb9NqKSQdBayq+cf3SI0tqnx0MWDads+Vx6E7zZJ1Eai8zXB0vx37sO +vYULKsaK0Gp2wvPfEn0lDUN1l6tn7OQJIXg63i9qF2r/88G2stNbuxG6w++uponc +PsehE1pTGQY= +=ZAeV +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:77.procfs.asc b/share/security/advisories/FreeBSD-SA-00:77.procfs.asc new file mode 100644 index 0000000000..7ad46bbc55 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:77.procfs.asc @@ -0,0 +1,194 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:77 Security Advisory + FreeBSD, Inc. + +Topic: Several vulnerabilities in procfs [REVISED] + +Category: core +Module: procfs +Announced: 2000-12-18 +Reissued: 2000-12-29 +Affects: FreeBSD 4.x and 3.x prior to the correction date. +Corrected: 2000-12-16 (FreeBSD 4.2-STABLE) + 2000-12-18 (FreeBSD 3.5.1-STABLE) +Credits: Frank van Vliet + Joost Pol (Problem #1, #2) + Esa Etelavuori (Problem #3) +FreeBSD only: NO + +0. Revision History + +v1.0 2000-12-18 Initial release. +v1.1 2000-12-29 Note FreeBSD 3.x also vulnerable to problem #1 (local + root vulnerability), update 3.x patch, correct typo in + mount command. + +I. Background + +procfs is the process filesystem, which presents a filesystem +interface to the system process table, together with associated data. + +II. Problem Description + +There were several problems discovered in the procfs code: + +1) Unprivileged local users can gain superuser privileges due to +insufficient access control checks on the /proc//mem and +/proc//ctl files, which gives access to a process address space +and perform various control operations on the process respectively. + +The attack proceeds as follows: the attacker can fork() a child +process and map the address space of the child in the parent. The +child process then exec()s a utility which runs with root or other +increased privileges. The parent process incorrectly retains read and +write access to the address space of the child process which is now +running with increased privileges, and can modify it to execute +arbitrary code with those privileges. + +2) Unprivileged local users can execute a denial of service against +the local machine by mmap()ing a processes own /proc//mem file in +the procfs filesystem. This will cause the system to enter into an +infinite loop in the kernel, effectively causing the system to hang +until manually rebooted by an administrator on the system console. + +3) Users with superuser privileges on the machine, including users +with root privilege in a jail(8) virtual machine, can overflow a +buffer in the kernel and bypass access control checks placed on the +abilities of the superuser. These include the ability to "break out" +of the jail environment (jail is often used as a compartmentalization +tool for security purposes), to lower the system securelevel without +requiring a reboot, and to introduce new (possibly malicious) code +into the kernel on systems where loading of KLDs (kernel loadable +modules) has been disabled. + +III. Impact + +1) On vulnerable FreeBSD systems where procfs is mounted, unprivileged +local users can obtain root privileges. + +2) On vulnerable FreeBSD systems where procfs is mounted, unprivileged +local users can cause the system to hang. + +3) On vulnerable FreeBSD systems, superusers who can load the procfs +filesystem, or on systems where it is already mounted, can bypass +access control checks in the kernel which would otherwise limit their +abilities. Consequences include the ability to break out of a jail +environment, to lower securelevel or to introduce malicious code into +the kernel on systems where loading of KLDs has been disabled. For +many systems this vulnerability is likely to have minor impact. + +IV. Workaround + +To work around problems 1 and 2, perform the following steps as root: + +Unmount all instances of the procfs filesystem using the umount(8) +command: + +# umount -f -a -t procfs + +Disable the automatic mounting of all instances of procfs in +/etc/fstab: remove or comment out the line(s) of the following form: + +proc /proc procfs rw 0 0 + +The linprocfs filesystem, which provides additional interfaces to +Linux binaries to emulate the Linux procfs filesystem, is believed not +to be vulnerable to the problems described in this advisory and +therefore does not need to be unmounted. Note however that some Linux +binaries may require the presence of both procfs and linprocfs in +order to function correctly. + +To work around problem 3 is more difficult since it involves the +superuser, but the following steps are believed to be sufficient: + +* Unmount all procfs filesystems which are visible from within jail + environments, to prevent a jail root compromise from compromising + the entire system. Since jailed users do not have the ability to + mount filesystems, a successful jail root compromise in a jail + without procfs visible cannot exploit this vulnerability. + +* Remove the "options PROCFS" line from your kernel configuration file, + if present, and compile a new kernel as described in + http://www.freebsd.org/handbook/kernelconfig.html + + If the running kernel was compiled with "options PROCFS", then any user + who has root privileges can mount procfs and exploit vulnerability 3, + regardless of system securelevel. + + If the kernel does not include this option, then an attempt to mount + procfs will trigger a load of the procfs.ko KLD module, which is + denied at securelevel greater than zero. Since this vulnerability + only has meaning (in the case of unjailed root users) on systems which + are kept in a securelevel greater than zero, this will always be + true, and such systems are not vulnerable to the problem. + +Note that unmounting procfs may have a negative impact on the +operation of the system: under older versions of FreeBSD it is +required for some aspects of the ps(1) command, and it may also break +use of userland inter-process debuggers such as gdb. Other installed +binaries including emulated Linux binaries may require access to +procfs for correct operation. + +V. Solution + +Upgrade your vulnerable FreeBSD system to 3.5.1-STABLE or 4.2-STABLE +dated after the correction date, or patch your present system source +code and rebuild. + +To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 3.5.1-RELEASE] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.3.5.1.patch.v1.1 +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.3.5.1.patch.v1.1.asc + +Verify the detached PGP signature using your PGP utility. + +[FreeBSD 4.1-RELEASE and FreeBSD 4.1.1-RELEASE] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.patch.asc + +Verify the detached PGP signature using your PGP utility. + +[FreeBSD 4.2-RELEASE] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.2.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/sys +# patch -p < /path/to/patch + +If procfs is statically compiled into the kernel (e.g. the kernel +configuration file contains the line 'options PROCFS'), then rebuild +and reinstall your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system with the new kernel for the changes to take effect. + +If procfs is dynamically loaded by KLD (use the kldstat command to +verify whether this is the case) and the system securelevel has not +been raised, then the system can be patched at run-time without +requiring a reboot, by performing the following steps after patching +the source as described above: + +# cd /usr/src/sys/modules/procfs +# make all install +# umount -f -a -t procfs +# kldunload procfs +# kldload procfs +# mount -a -t procfs +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOkyr7FUuHi5z0oilAQFBOgP+NimZ8FVU04GDn3XuzWnRQLsr0fpdQfua +cBAq9ND0ksYYerl2CoK4Obk81aWPdq9h+mZqhaxd2c2w3e98WFsRr6Xa9gXKcu4p +5GI08hqu5EKsCjzDFJzHBkHrFlze1dGvEF2696hpwhGXWGT0wLEixOuqEX95KXiO +rDcAYveLhlw= +=4NIQ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:78.bitchx.asc b/share/security/advisories/FreeBSD-SA-00:78.bitchx.asc new file mode 100644 index 0000000000..f69eed0ead --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:78.bitchx.asc @@ -0,0 +1,115 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:78 Security Advisory + FreeBSD, Inc. + +Topic: bitchx/ko-bitchx allows remote code execution [REVISED] + +Category: ports +Module: bitchx/ko-bitchx +Announced: 2000-12-20 +Reissued: 2000-12-29 +Credits: nimrood +Affects: Ports collection prior to the correction date. +Corrected: 2000-12-12 +Vendor status: Updated version released +FreeBSD only: NO + +0. Revision History + +v1.0 2000-12-20 Initial release +v1.1 2000-12-29 Noted the vulnerability of ko-bitchx also + +I. Background + +bitchx is a popular IRC client. It is available in a Korean-localized +version as the ko-bitchx package. + +II. Problem Description + +The bitchx port, versions prior to 1.0c17_1, and ko-bitchx port, +versions prior to 1.0c16_3, contains a remote vulnerability. Through +a stack overflow in the DNS parsing code, a malicious remote user in +control of their reverse DNS records may crash a bitchx session, or +cause arbitrary code to be executed by the user running bitchx. + +The bitchx/ko-bitchx ports are not installed by default, nor are they +"part of FreeBSD" as such: they are part of the FreeBSD ports +collection, which contains over 4300 third-party applications in a +ready-to-install format. The ports collections shipped with FreeBSD +3.5.1 and 4.2 contain this problem since it was discovered after the +releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may execute arbitrary code as the user running +bitchx. + +If you have not chosen to install the bitchx or ko-bitchx +port/packages, then your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the bitchx and/or ko-bitchx port/packages, if you have +installed them. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the bitchx or +ko-bitchx ports. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[bitchx] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/BitchX-1.0c17_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/BitchX-1.0c17_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/BitchX-1.0c17_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/BitchX-1.0c17_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/BitchX-1.0c17_1.tgz + +[ko-bitchx] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/korean/ko-BitchX-1.0c16_3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-BitchX-1.0c16_3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/korean/ko-BitchX-1.0c16_3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-BitchX-1.0c16_3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/korean/ko-BitchX-1.0c16_3.tgz + +NOTE: It may be several days before updated ko-bitchx packages are +available. + +3) download a new port skeleton for the bitchx/ko-bitchx port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOkyVpVUuHi5z0oilAQHtTwP9E5ykEMUfnT8ihxBTfolYtjIzTcwK9G4w +wiU2ldGTkEJWze1gc02cBq9i0zhG27cpHRgrDGE3xpVg2W5rra9r9JpGG75VRktE +f0AfiBnvJd7Oy+svDpHngqNx6/mTxrumh9qsEOSeP81ko9oWOHuf/Ek1VQDp9mFj +ONhD/SENhHI= +=Cpy1 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:79.oops.asc b/share/security/advisories/FreeBSD-SA-00:79.oops.asc new file mode 100644 index 0000000000..998a3bc2a5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:79.oops.asc @@ -0,0 +1,93 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:79 Security Advisory + FreeBSD, Inc. + +Topic: oops allows remote code execution + +Category: ports +Module: oops +Announced: 2000-12-20 +Credits: |CyRaX| +Affects: Ports collection prior to the correction date. +Corrected: 2000-12-14 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +oops is a caching WWW proxy server. + +II. Problem Description + +The oops port, versions prior to 1.5.2, contains remote +vulnerabilities through buffer and stack overflows in the HTML parsing +code. These vulnerabilities may allow remote users to execute +arbitrary code as the user running oops. + +The oops port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains over +4200 third-party applications in a ready-to-install format. The ports +collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem +since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may execute arbitrary code as the user running +oops. + +If you have not chosen to install the oops port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the oops port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the oops port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/oops-1.5.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/oops-1.5.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/oops-1.5.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/oops-1.5.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/oops-1.5.2.tgz + +NOTE: It may be several days before updated packages are available. + +3) download a new port skeleton for the oops port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOkDD+VUuHi5z0oilAQF/GQQAphFsq7DIG9Gez7F6ry71W/c9vwC0RMgz +4IWDeYtkLQhB86n2nkQFMeRQi6EAAOKrOeVJtGhjgtOib6nR6sPCJxbY+s7G/RCw +/hz1q6xG4MOw+obhFUsKO8UyWfONYGnKNB5JLqi/dbzXPXwSuuf6wKPClZbXRNEv +aR8tF+briCU= +=ZwXz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc b/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc new file mode 100644 index 0000000000..29b10472e1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc @@ -0,0 +1,84 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:80 Security Advisory + FreeBSD, Inc. + +Topic: halflifeserver allows remote code execution + +Category: ports +Module: halflifeserver +Announced: 2000-12-20 +Credits: Mark Cooper +Affects: Ports collection prior to the correction date. +Corrected: 2000-11-29 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +halflifeserver is a dedicated server for hosting Half-Life games. + +II. Problem Description + +The halflifeserver port, versions prior to 3.1.0.4, contains local and +remote vulnerabilities through buffer overflows and format string +vulnerabilities. These vulnerabilities may allow remote users to +execute arbitrary code as the user running halflifeserver. + +The halflifeserver port is not installed by default, nor is it "part +of FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4200 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may execute arbitrary code as the user running +the halflifeserver software. + +If you have not chosen to install the halflifeserver port/package, +then your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the halflifeserver port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the halflifeserver +port. + +2) download a new port skeleton for the halflifeserver port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. Due to license restrictions no binary +package is provided for the halflifeserver port. + +3) Use the portcheckout utility to automate option (2) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOkDIQVUuHi5z0oilAQGcqQQApE+76gPjqdkQf9TvbGBThPxcSocU8F+N +GHiBPzkrgVHqCLYee0sywsQ4KRg2awuq+sP6EcqLTfaIGLZqPgS4xNZ6gqOrrgLP +wxvGdtlqgad5lXLEvs1uYwBmj+lTNteYWy6KC04za2rLHYdkZce21kyj+6preXZs +trAQ2uVDvsM= +=s4GT +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-00:81.ethereal.asc b/share/security/advisories/FreeBSD-SA-00:81.ethereal.asc new file mode 100644 index 0000000000..515b6f14ff --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-00:81.ethereal.asc @@ -0,0 +1,92 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-00:81 Security Advisory + FreeBSD, Inc. + +Topic: ethereal allows remote code execution + +Category: ports +Module: ethereal +Announced: 2000-12-20 +Credits: mat@hacksware.com +Affects: Ports collection prior to the correction date. +Corrected: 2000-11-21 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +ethereal is a tool for monitoring network activity. + +II. Problem Description + +The ethereal port, versions prior to 0.8.14, contains buffer overflows +which allow a remote attacker to crash ethereal or execute arbitrary +code on the local system as the user running ethereal, typically the +root user. These vulnerabilities are identical to those described in +advisory 00:61 relating to tcpdump. + +The ethereal port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4200 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 are +vulnerable to this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users can cause the local ethereal process to crash, or +to execute arbitrary code as the user running ethereal (usually root). + +IV. Workaround + +Do not use vulnerable versions of ethereal in network environments +which may contain packets from untrusted sources. + +Deinstall the ethereal port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the ethereal port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/ethereal-0.8.14.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ethereal-0.8.14.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/ethereal-0.8.14.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/ethereal-0.8.14.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/ethereal-0.8.14.tgz + +3) download a new port skeleton for the ethereal port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOkDOpVUuHi5z0oilAQFETAP/dV59JADazj/mrRLSW8a6JQluGrU4ZnYY +60KmcRkiuCte+WehA3ZE0h2WRz+RbWuszeyIZ21j6Kz4a0mbb0WURcHtj5CtlQZj +BMgezi15rnSfIzfFX4lEZX6bzR9xaPuJSfrRNaMhWY+ioWLQ+fFL8OcllTfa+LYx +HUzOVq9kWQk= +=s7BI +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:01.openssh.asc b/share/security/advisories/FreeBSD-SA-01:01.openssh.asc new file mode 100644 index 0000000000..31acca7db3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:01.openssh.asc @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:01 Security Advisory + FreeBSD, Inc. + +Topic: Hostile server OpenSSH agent/X11 forwarding + +Category: core/ports +Module: openssh +Announced: 2001-01-15 +Credits: Markus Friedl +Affects: FreeBSD 4.1.1-STABLE prior to the correction date + Ports collection prior to the correction date +Corrected: 2000-11-14 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +OpenSSH is an implementation of the SSH1 and SSH2 secure shell +protocols for providing encrypted and authenticated network access, +which is available free for unrestricted use. Versions of OpenSSH are +included in the FreeBSD ports collection and the FreeBSD base system. + +II. Problem Description + +To quote the OpenSSH Advisory: + + If agent or X11 forwarding is disabled in the ssh client + configuration, the client does not request these features + during session setup. This is the correct behaviour. + + However, when the ssh client receives an actual request + asking for access to the ssh-agent, the client fails to + check whether this feature has been negotiated during session + setup. The client does not check whether the request is in + compliance with the client configuration and grants access + to the ssh-agent. A similar problem exists in the X11 + forwarding implementation. + +All versions of FreeBSD 4.x prior to the correction date including +FreeBSD 4.1 and 4.1.1 are vulnerable to this problem, but it was +corrected prior to the release of FreeBSD 4.2. For users of FreeBSD +3.x, OpenSSH is not installed by default, but is part of the FreeBSD +ports collection. + +The base system and ports collections shipped with FreeBSD 4.2 do not +contain this problem since it was discovered before the release. + +III. Impact + +Hostile SSH servers can access your X11 display or your ssh-agent when +connected to, which may allow access to confidential data or other +network accounts, through snooping of password or keying material +through the X11 session, or reuse of the SSH credentials obtained +through the SSH agent. + +IV. Workaround + +Clear both the $DISPLAY and $SSH_AUTH_SOCK variables before connecting +to untrusted hosts. For example, in Bourne shell syntax: + +% unset SSH_AUTH_SOCK; unset DISPLAY; ssh host + +V. Solution + +Upgrade the vulnerable system to 4.1.1-STABLE or 4.2-STABLE after the +correction date, or patch your current system source code and rebuild. + +To patch your present system: download the patch from the below +location and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:01/openssh.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:01/openssh.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/crypto/openssh +# patch < /path/to/openssh.patch +# cd /usr/src/secure/lib/libssh +# make depend && make all +# cd /usr/src/secure/usr.bin/ssh +# make depend && make all install + +[Ports collection] + +One of the following: + +1) Upgrade your entire ports collection and rebuild the OpenSSH port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/openssh-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/openssh-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/openssh-2.2.0.tgz + +NOTE: Due to an oversight the package version was not updated after +the security fix was applied, so be sure to install a package created +after the correction date. + +3) download a new port skeleton for the OpenSSH port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOmN6RFUuHi5z0oilAQGAUAQAllC+FmvfYpmP6gQqO+xB6UIZsK0GQsAM +WRCOiULMLBD4kHJkYVJUQmSyK5jPxEVkwILX3jE9qZhB65alW20L965mQS/DjM5p +bj0itnwTy1DL6dul15vWBfCJKxL/A0SrgVv+hnDwHx3YU4x0re/1bNU3gVa8bT1K +Nnu2/m1wmpU= +=MAzv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:02.syslog-ng.asc b/share/security/advisories/FreeBSD-SA-01:02.syslog-ng.asc new file mode 100644 index 0000000000..7859e1d615 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:02.syslog-ng.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:02 Security Advisory + FreeBSD, Inc. + +Topic: syslog-ng remote denial-of-service + +Category: ports +Module: syslog-ng +Announced: 2001-01-15 +Credits: Balazs Scheidler +Affects: Ports collection prior to the correction date. +Corrected: 2000-11-25 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +syslog-ng is a replacement for the standard syslogd daemon, a service +for logging of local and remote system messages. + +II. Problem Description + +The syslog-ng port, versions prior to 1.4.9, contains a remote +vulnerability. Due to incorrect log parsing, remote users may cause +syslog-ng to crash, causing a denial-of-service if the daemon is not +running under a watchdog process which will automatically restart it +in the event of failure. + +The syslog-ng port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 4500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote attackers may cause syslog-ng to crash, causing a +denial-of-service if the daemon is not running under a watchdog +process which will automatically restart it in the event of +failure. The default installation of the port/package is therefore +vulnerable to this problem. + +If you have not chosen to install the syslog-ng port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the syslog-ng port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the syslog-ng port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/syslog-ng-1.4.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/syslog-ng-1.4.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/syslog-ng-1.4.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/syslog-ng-1.4.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/syslog-ng-1.4.10.tgz + +3) download a new port skeleton for the syslog-ng port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOmN6R1UuHi5z0oilAQGfWgP/Yd6fjKCernj84HSuHgdXCxT3g27VFub6 +9k62GJ1wiwz8S3v4zvx1C1xbhE+pgBv+EuBe8SEp0R2BtKC/RdcrWAwYtxvqA/6d +yknNjwBSJ2yvkZMzeG2pZXsy6TG8n6lIiEp0aCWqOsSn5FgykXg1YfAXiJ1Mo0Gu +aNKBcOEMCag= +=0IjM +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:03.bash1.asc b/share/security/advisories/FreeBSD-SA-01:03.bash1.asc new file mode 100644 index 0000000000..4dbee2224b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:03.bash1.asc @@ -0,0 +1,108 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:03 Security Advisory + FreeBSD, Inc. + +Topic: bash1 creates insecure temporary files + +Category: ports +Module: bash1 +Announced: 2001-01-15 +Affects: Ports collection prior to the correction date. +Corrected: 2000-11-29 +Credits: Various +FreeBSD only: NO + +I. Background + +bash is an enhanced bourne-like shell. + +II. Problem Description + +The bash port, versions prior to the correction date, creates insecure +temporary files when the '<<' operator is used, by using a predictable +filename based on the process ID of the shell. An attacker can +exploit this vulnerability to overwrite an arbitrary file writable by +the user running the shell. The contents of the file are overwritten +with the text being entered using the '<<' operator, so it will +usually not be under the control of the attacker. + +Therefore the likely impact of this vulnerability is a denial of +service since the attacker can cause critical files writable by the +user to be overwritten. It is unlikely, although possible depending +on the circumstances in which the '<<' operator is used, that the +attacker could exploit the vulnerability to gain privileges (this +typically requires that they have control over the contents the target +file is overwritten with). + +This is the same vulnerability as that described in advisory 00:76 +relating to the tcsh/csh shells. + +The bash1 port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 4500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 are +vulnerable to this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users can cause an arbitrary file writable by a +victim to be overwritten when the victim invokes the '<<' operator in +bash1 (e.g. from within a shell script). + +If you have not chosen to install the bash1 port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the bash1 port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the bash1 port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/bash-1.14.7.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/bash-1.14.7.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/bash-1.14.7.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/bash-1.14.7.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/bash-1.14.7.tgz + +NOTE: Due to an oversight the package version was not updated after +the security fix was applied, so be sure to install a package created +after the correction date. + +3) download a new port skeleton for the bash1 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOmN6SVUuHi5z0oilAQERhgQAqW3ZEBCxXC2lZvqypspSwjPdc6kU3eQm +gUNMdrk6BZX2Pj8t8q+xK9rHasyXw2fkPeZ93EvBHhOa4p5l5UARhCllNS628LAJ +Vk3zalfHKtZIO1bCq16R5NpyQ1zh+QB9mPnl9q8KINyO0gEUtq0n3LKgr7yr74tN +2TC9j+g5GhU= +=RLhf +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:04.joe.asc b/share/security/advisories/FreeBSD-SA-01:04.joe.asc new file mode 100644 index 0000000000..221b3a9161 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:04.joe.asc @@ -0,0 +1,97 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:04 Security Advisory + FreeBSD, Inc. + +Topic: joe creates insecure recovery files + +Category: ports +Module: joe +Announced: 2001-01-15 +Credits: Christer Öberg and Patrik Birgersson, + of Wkit Security AB +Affects: Ports collection prior to the correction date. +Corrected: 2000-12-12 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +joe is a text editor. + +II. Problem Description + +The joe port, versions prior to 2.8_2, contains a local vulnerability: +if a joe session with an unsaved file terminates abnormally, joe +creates a rescue copy of the file called ``DEADJOE'' in the same +directory as the file being edited. The creation of this copy is made +without checking if the file is a symbolic link. If the file is a +link, joe will append the contents of the unsaved file to the linked +file: therefore if the joe editor is run on a private file in a public +directory such as /tmp, an attacker can access the contents of the +edited file by causing it to be appended to a world-writable file +owned by the attacker if the joe process terminates abnormally. + +The joe port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +nearly 4500 third-party applications in a ready-to-install format. +The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this +problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious local users, under certain restricted conditions, may obtain +read access to non-readable files edited using the joe editor. + +If you have not chosen to install the joe port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the joe port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the joe port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/editors/joe-2.8_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/editors/joe-2.8_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/editors/joe-2.8_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/editors/joe-2.8_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/editors/joe-2.8_2.tgz + +3) download a new port skeleton for the joe port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOmN6S1UuHi5z0oilAQGiyAP+I8VOR5J8ThxuinRuGlwI9sIRImmMRxfd +oHYJFWQRoNfQTSdE6Q+ushjqJNPL7JrU8PZjSL/6wE89CVGeZL+70/wTz8HU9Ihi +8j8y98Fo+NvkBgpaLz5Ypo7Wpi3rZiEPzKTmfByk6CjVuwUc5k13aswcIg3TcZh0 +TZuJFzhBxm8= +=baNZ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:05.stunnel.asc b/share/security/advisories/FreeBSD-SA-01:05.stunnel.asc new file mode 100644 index 0000000000..3f086be547 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:05.stunnel.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:05 Security Advisory + FreeBSD, Inc. + +Topic: stunnel contains potential remote compromise + +Category: ports +Module: stunnel +Announced: 2001-01-15 +Credits: Lez , Brian Hatch +Affects: Ports collection prior to the correction date. +Corrected: 2000-12-20 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +stunnel is an SSL encryption wrapper for network services. + +II. Problem Description + +The stunnel port, versions prior to 3.9, contains a vulnerability +which could allow remote compromise. When debugging is turned on +(using the -d 7 option), stunnel will perform identd queries of remote +connections, and the username returned by the remote identd server is +written to the log file. Due to incorrect usage of syslog(), a +malicious remote user who can manipulate their identd username can +take advantage of string-formatting operators to execute arbitrary +code on the local system as the user running stunnel, often the root +user. + +The stunnel port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 4500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may execute arbitrary code on the local system +as the user running stunnel using stunnel, under certain circumstances. + +If you have not chosen to install the stunnel port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the stunnel port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the stunnel port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/stunnel-3.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/stunnel-3.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/stunnel-3.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/stunnel-3.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/stunnel-3.10.tgz + +3) download a new port skeleton for the stunnel port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOmN6T1UuHi5z0oilAQGFYwP/TLc1mxrH+2H7XhW/srJraZwtQn33z66t +1xASiaxefICPgnFvXHZoTMpkJI5ow2SFyLjUE2jG1MW2e5iu6fl7AeYIYNT1BF2t +cqr6LRS92Srant5YbFqoBaTUuJtjw61T0P+dcjHfMCJAHVtihoQk8Ngw2YoX0KfV +5ReEYZPh530= +=okQ9 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:06.zope.asc b/share/security/advisories/FreeBSD-SA-01:06.zope.asc new file mode 100644 index 0000000000..5afab0d955 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:06.zope.asc @@ -0,0 +1,92 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:06 Security Advisory + FreeBSD, Inc. + +Topic: zope vulnerability allows escalation of privileges + +Category: ports +Module: zope +Announced: 2001-01-15 +Credits: Erik Enge +Affects: Ports collection prior to the correction date. +Corrected: 2000-12-20 +Vendor status: Patch released +FreeBSD only: NO + +I. Background + +zope is an object-based dynamic web application platform. + +II. Problem Description + +The zope port, versions prior to 2.2.4, contains a vulnerability due +to the computation of local roles not climbing the correct hierarchy +of folders, sometimes granting local roles inappropriately. This may +allow users with privileges in one folder to gain the same privileges +in another folder. + +The zope port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +nearly 4500 third-party applications in a ready-to-install format. +The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this +problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Zope users with privileges in one folder may be able to gain the same +privileges in other folders. + +If you have not chosen to install the zope port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the zope port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the zope port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/zope-2.2.4.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/zope-2.2.4.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/zope-2.2.4.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/zope-2.2.4.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/zope-2.2.4.tgz + +3) download a new port skeleton for the zope port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOmN6UVUuHi5z0oilAQGVdAP/TPreDK7sB21+F5wO6KAWKBZe4NZIRAlt +aajsBSTmpCYGtQ1dbsIeMUtTYOzdR8FKO0CPYfZbl1cjGljW3HpWIus0ildznNeA +LznyYR9fwoSNU0Vh9xtqZ3OolCGw+GY98Wg55RcgToDDxeNnT4ZSGZnf4zdwQw9S +QbDfN6Br1oM= +=c035 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:07.xfree86.asc b/share/security/advisories/FreeBSD-SA-01:07.xfree86.asc new file mode 100644 index 0000000000..de0ae43643 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:07.xfree86.asc @@ -0,0 +1,150 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:07 Security Advisory + FreeBSD, Inc. + +Topic: Multiple XFree86 3.3.6 vulnerabilities + +Category: ports +Module: XFree86-3.3.6, XFree86-aoutlibs +Announced: 2001-01-23 +Credits: Chris Evans + Michal Zalewski +Affects: Ports collection prior to the correction date. +Corrected: 2000-10-24 (XFree86-3.3.6) +Vendor status: Fixed in XFree86 4.0.1, no patches released by vendor. +FreeBSD only: NO + +I. Background + +XFree86 is a popular X server. It exists in three versions in the +FreeBSD ports collection: 3.3.6 and 4.0.2, as well as a.out libraries +based on XFree86 3.3.3. + +II. Problem Description + +The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple +vulnerabilities that may allow local or remote users to cause a denial +of service attack against a vulnerable X server. Additionally, local +users may be able to obtain elevated privileges under certain +circumstances. + +X server DoS: + Remote users can, by sending a malformed packet to port 6000 TCP, + cause the victim's X server to freeze for several minutes. During + the freeze, the mouse does not move and the screen does not update + in any way. In addition, the keyboard is unresponsive, including + console-switch and kill-server key combinations. Non-X processes, + such as remote command-line logins and non-X applications, are + unaffected by the freeze. + +Xlib holes: + Due to various coding flaws in libX11, privileged (setuid/setgid) + programs linked against libX11 may allow local users to obtain + elevated privileges. + +libICE DoS: + Due to inadequate bounds checking in libICE, a denial of service + exists with any application using libICE to listen on a network port + for network services. + +The XFree86-aoutlibs port contains the XFree86 libraries from the +3.3.3 release of XFree86, in a.out format suitable for use with +applications in the legacy a.out binaryformat, most notably being the +FreeBSD native version of Netscape. It is unknown whether Netscape is +vulnerable to the problems described in this advisory, but it believed +that the only potential vulnerability is the libICE denial-of-service +condition described above. + +The XFree86 and XFree86-aoutlibs ports are not installed by default +(although XFree86 is available as an installation option in the +FreeBSD installer), nor are they "part of FreeBSD" as such: they are +part of the FreeBSD ports collection, which contains almost 4500 +third-party applications in a ready-to-install format. The ports +collections shipped with FreeBSD 3.5.1 and 4.1.1 contain these problem +since they were discovered after the releases, but the XFree86 problem +was corrected prior to the release of FreeBSD 4.2. At the time of +advisory release, the XFree86-aoutlibs port has not been corrected. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local or remote users may cause a denial of service attack against an +X server or certain X applications. Local users may obtain elevated +privileges with certain X applications. + +If you have not chosen to install the XFree86 3.3.6 port/package or +the XFree86-aoutlibs port/package, or you are running XFree86 4.0.1 or +later, then your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the XFree86-3.3.6 and XFree86-aoutlibs ports/packages, if +you you have installed them. + +Note that any statically linked binaries which make use of the +vulnerable XFree86 routines may still be vulnerable to the problems +after deinstallation of the port/package. However due to the +difficulty of developing a reliable scanning utility for such binaries +no such utility is provided. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the XFree86-3.3.6 +port. + +2) Deinstall the old package and install an XFree86-4.0.2 package +obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/XFree86-4.0.2_5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/XFree86-4.0.2_5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/XFree86-4.0.2_5.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: XFree86-3.3.6 packages are no longer made available, only the +newer XFree86-4.0.2 packages. + +Note also that the XFree86-aoutlibs port has not yet been fixed: there +is currently no solution to the problem other than removing the +port/package and recompiling any dependent software to use ELF +libraries, or switching to an ELF-based version of the software, if +available (e.g. the BSD/OS or Linux versions of Netscape, as an +alternative to the FreeBSD native version). The potential impact of +the vulnerabilities to the local environment may be deemed not +sufficiently great to warrant this approach, however. + +3) download a new port skeleton for the XFree86-3.3.6 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOm3xpFUuHi5z0oilAQF+zQQAiwIQSv6MemATgo6v2/QwMjttGpbMxbh2 +s94CK+aAlbtRlsrBZl6DIWwVydc1C3k6EHnM+NHqwhfOq/yrwp7JDKwVUmvi+5Qx +1UAY8QRu45OednLsyT2qUuNrowjMmkdB0EcsqQq2UvLtN2054m6AmpZk1t3TjGTr +CCOFX30qIn0= +=pI+q +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:08.ipfw.asc b/share/security/advisories/FreeBSD-SA-01:08.ipfw.asc new file mode 100644 index 0000000000..91efe6cec4 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:08.ipfw.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:08 Security Advisory + FreeBSD, Inc. + +Topic: ipfw/ip6fw allows bypassing of 'established' keyword + +Category: core +Module: kernel +Announced: 2001-01-23 +Credits: Aragon Gouveia +Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases), + FreeBSD 3.5-STABLE and 4.2-STABLE prior to the + correction date. +Corrected: 2001-01-09 (FreeBSD 4.2-STABLE) + 2001-01-12 (FreeBSD 3.5-STABLE) +FreeBSD only: Yes + +I. Background + +ipfw is a system facility which allows IP packet filtering, +redirecting, and traffic accounting. ip6fw is the corresponding +utility for IPv6 networks, included in FreeBSD 4.0 and above. It is +based on an old version of ipfw and does not contain as many features. + +II. Problem Description + +Due to overloading of the TCP reserved flags field, ipfw and ip6fw +incorrectly treat all TCP packets with the ECE flag set as being part +of an established TCP connection, which will therefore match a +corresponding ipfw rule containing the 'established' qualifier, even +if the packet is not part of an established connection. + +The ECE flag is not believed to be in common use on the Internet at +present, but is part of an experimental extension to TCP for +congestion notification. At least one other major operating system +will emit TCP packets with the ECE flag set under certain operating +conditions. + +Only systems which have enabled ipfw or ip6fw and use a ruleset +containing TCP rules which make use of the 'established' qualifier, +such as "allow tcp from any to any established", are vulnerable. The +exact impact of the vulnerability on such systems is undetermined and +depends on the exact ruleset in use. + +All released versions of FreeBSD prior to the correction date +including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable, but it was +corrected prior to the (future) release of FreeBSD 4.3. + +III. Impact + +Remote attackers who construct TCP packets with the ECE flag set may +bypass certain ipfw rules, allowing them to potentially circumvent +the firewall. + +IV. Workaround + +Because the vulnerability only affects 'established' rules and ECE- +flagged TCP packets, this vulnerability can be removed by adjusting +the system's rulesets. In general, it is possible to express most +'established' rules in terms of a general TCP rule (with no TCP flag +qualifications) and a 'setup' rule, but may require some restructuring +and renumbering of the ruleset. + +V. Solution + +One of the following: + +1) Upgrade the vulnerable FreeBSD system to FreeBSD 3.5-STABLE, or +or 4.2-STABLE after the correction date. + +2) Patch your present system by downloading the relevant patch from the +below location: + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-4.x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-4.x.patch.asc + +[FreeBSD 3.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-3.x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-3.x.patch.asc + +Verify the detached PGP signature using your PGP utility. + +Execute the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch +# cp /usr/src/sys/netinet/tcp.h /usr/src/sys/netinet/ip_fw.h /usr/include/netinet/ +# cd /usr/src/sbin/ipfw +# make depend && make all install +# cd /usr/src/sys/modules/ipfw +# make depend && make all install + +For 4.x systems, perform the following additional steps: + +# cp /usr/src/sys/netinet6/ip6_fw.h /usr/include/netinet6/ +# cd /usr/src/sbin/ip6fw +# make depend && make all install +# cd /usr/src/sys/modules/ip6fw +# make depend && make all install + +NOTE: The ip6fw patches have not yet been tested but are believed to +be correct. The ip6fw software is not currently maintained and may be +removed in a future release. + +If the system is using the ipfw or ip6fw kernel modules (see +kldstat(8)), the module may be unloaded and the corrected module +loaded into the kernel using kldload(8)/kldunload(8). This will +require that the firewall rules be reloaded, usually be executing the +/etc/rc.firewall script. Because the loading of the ipfw or ip6fw +module will result in the system denying all packets by default, this +should only be attempted when accessing the system via console or by +careful use of a command such as: + +# kldload ipfw && sh /etc/rc.firewall + +which performs both operations sequentially. + +Otherwise, if the system has ipfw or ip6fw compiled into the kernel, +the kernel will also have to be recompiled and installed, and the +system will have to be rebooted for the changes to take effect. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOm3yulUuHi5z0oilAQEJbQP+Nf6JEKNUz0bOhgOYmY0DDCQNbY/2dlxA +Qhs59HSB9Y7cwP+NuFKhix2fii8Y5oSOxjfMhllRl0yIQMHloG6orXNBuYJQ++d5 +A/e+eoePNTzTo7kbaEZyvS3pGBodkueUmnKAqT9Ho/SGY00p4/JxpNcp3KuYT4Re +gyKXSFV3rkQ= +=7XOn +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:09.crontab.asc b/share/security/advisories/FreeBSD-SA-01:09.crontab.asc new file mode 100644 index 0000000000..9c6bd697b5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:09.crontab.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:09 Security Advisory + FreeBSD, Inc. + +Topic: crontab allows users to read certain files [REVISED] + +Category: core +Module: crontab +Announced: 2001-01-23 +Revised: 2001-01-25 +Credits: Kyong-won Cho + Patch obtained from OpenBSD (Todd Miller ) +Affects: FreeBSD 3.x (all releases), 4.x (all releases prior to 4.2) + FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the + correction date. +Corrected: 2000-11-11 (FreeBSD 4.1.1-STABLE) + 2000-11-20 (FreeBSD 3.5.1-STABLE) +FreeBSD only: No + +0. Revision History + +v1.0 2001-01-23 Initial release +v1.1 2001-01-25 Update to credit OpenBSD as source of patch + +I. Background + +crontab(8) is a program to edit crontab(5) files for use by the cron +daemon, which schedules jobs to run at specified times. + +II. Problem Description + +crontab(8) was discovered to contain a vulnerability that may allow +local users to read any file on the system that conform to a valid +crontab(5) file syntax. Due to crontab(5) syntax requirements, the +files that may be read is limited and subject to the following +restrictions: + +* The file is a valid crontab(5) file, or: +* The file is entirely commented out; every line contains either only + whitespace, or begins with a '#' character. + +The greatest security vulnerability is the disclosure of crontab +entries owned by other users, which may contain sensitive data such as +keying material (although this would often be publically disclosed +anyway at the time when the crontab job executes, via process +arguments and environment, etc). + +All released versions of FreeBSD prior to the correction date +including FreeBSD 4.1.1 are vulnerable to this problem. The problem +was corrected prior to the release of FreeBSD 4.2. + +III. Impact + +Malicious local users can read arbitrary local files that conform to +a valid crontab file syntax. + +IV. Workaround + +One of the following: + +1) Utilize crontab allow/deny files (/var/cron/allow and +/var/cron/deny) to limit access to use the crontab(8) utility. + +2) Remove the setuid privileges from /usr/sbin/crontab. However, this +will not allow users other than root to use cron. + +V. Solution + +One of the following: + +Upgrade the vulnerable FreeBSD system to 3.5-STABLE or 4.1.1-STABLE +after the correction date. + +To patch your present system: download the relavent patch from the +below location and execute the following commands as root: + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/usr.sbin/cron/crontab +# patch -p < /path/to/patch +# make depend && make all install +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOnCTnVUuHi5z0oilAQGinAP8DtcJTo/0t/ajgbhccOSGMm9DHCN+jsou +Nw+3rH07ImrSgeIyINi8d2J+tPL2eakesXm2yKOniuS25PoJN/GuzMC9Qvfybkvg +cmKz3f4Fbzu9auWUUx2c+7GZargpGPRjxuNt86RucYswWjTT96MLs0ORGo9hZbXr +F0kM+1EZoTg= +=ONjc +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:10.bind.asc b/share/security/advisories/FreeBSD-SA-01:10.bind.asc new file mode 100644 index 0000000000..e94c41eaed --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:10.bind.asc @@ -0,0 +1,104 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:10 Security Advisory + FreeBSD, Inc. + +Topic: bind remote denial of service + +Category: core, ports +Module: bind +Announced: 2001-01-23 +Credits: Fabio Pietrosanti +Affects: FreeBSD 3.x prior to the correction date. + Ports collection prior to the correction date. +Corrected: 2000-11-27 (FreeBSD 3.5-STABLE) + 2001-01-05 (Ports collection) +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +bind is an implementation of the Domain Name System (DNS) protocols. + +II. Problem Description + +A vulnerability exists with the bind nameserver dealing with +compressed zone transfers. Due to a problem with the compressed zone +transfer (ZXFR) implementation, if named is configured for zone +transfers and recursive resolving, it will crash after a ZXFR for the +authoritative zone and a query of a remote hostname. Since named is +not configured under a watchdog process which will automatically +restart it after a failure, this will lead to the denial of DNS +service on the server. + +All versions of FreeBSD 3.x prior to the correction date including +3.5.1-RELEASE are vulnerable to this problem. In addition, the bind8 +port in the ports collection is also vulnerable. FreeBSD 4.x is not +affected since it contains versions of BIND 8.2.3. + +III. Impact + +Malicious remote users can cause the named daemon to crash, if it is +configured to allow zone transfers and recursive queries. + +IV. Workaround + +A partial workaround can be implemented by disallowing zone transfers +except from trusted hosts. Note that if the trusted hosts are +compromised or contain malicious users, name servers with this bug +will be vulnerable to the denial of service attack. + +V. Solution + +[Base system] + +Upgrade your vulnerable FreeBSD system to 3.5.1-STABLE after the +correction date. + +[Ports collection] + +If you have chosen to install BIND from the ports collection and are +using it instead of the version in the base system, perform one of the +following steps: + +1) Upgrade your entire ports collection and rebuild the bind8 port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/bind-8.2.2p7.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/bind-8.2.2p7.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/bind-8.2.2p7.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the bind8 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOm320lUuHi5z0oilAQHFXAP+NVSPyykl5nfZlsU/ocqyMAAt/ArNz1F/ +4GEL8Q5GF2+hhEOG4PoKfDiwQ/CK8gQT8kn46YI8k7J6kyDES3g15zQTPX0E2lJa +dK0kpL4iWcLndZRHgFmE80//qY2E8G/pVIvhNi4yzjcFVTpshdSdl4OMcMf9IaYE +zrWZ3Eyvdns= +=PmSi +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:11.inetd.asc b/share/security/advisories/FreeBSD-SA-01:11.inetd.asc new file mode 100644 index 0000000000..4e1ffbfce1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:11.inetd.asc @@ -0,0 +1,104 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:11 Security Advisory + FreeBSD, Inc. + +Topic: inetd ident server allows remote users to partially + read arbitrary wheel-accessible files [REVISED] + +Category: core +Module: inetd +Announced: 2001-01-29 +Revised: 2001-01-29 +Credits: dynamo +Affects: FreeBSD 3.x (all releases) + FreeBSD 4.x (all releases) +Corrected: 2000-11-25 (FreeBSD 4.2-STABLE) + 2001-01-26 (FreeBSD 3.5-STABLE) +FreeBSD only: Yes + +0. Revision History + +v1.0 2001-01-29 Initial release +v1.1 2001-01-29 Correctly credit original problem reporter + +I. Background + +The inetd ident server is an implementation of the RFC1413 +identification server which returns the local username of the +user connecting to a remote service. + +II. Problem Description + +During internal auditing, the internal ident server in inetd was found +to incorrectly set group privileges according to the user. Due to +ident using root's group permissions, users may read the first 16 +(excluding initial whitespace) bytes of wheel-accessible files. + +All released versions of FreeBSD prior to the correction date +including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable. + +III. Impact + +Users can read the first 16 bytes of wheel-accessible files. + +To determine which may be potentially read, execute the following +command as root: + +# find / -group wheel \( -perm -40 -a \! -perm +4 \) -ls + +The inetd internal ident server is not enabled by default. If you +have not enabled the ident portion of inetd, you are not vulnerable. + +IV. Workaround + +Disable the internal ident server, if enabled: comment out all lines +beginning with "auth" in /etc/inetd.conf, then restart inetd by +sending it a SIGHUP: + +# killall -HUP inetd + +V. Solution + +One of the following: + +Upgrade the vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE +after the correction date. + +To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 4.2 base system] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-4.2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-4.2.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/usr.sbin/inetd +# patch -p < /path/to/patch +# make depend && make all install +# killall -HUP inetd + +[FreeBSD 3.5.1 base system] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-3.5.1.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-3.5.1.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/usr.sbin/inetd +# patch -p < /path/to/patch +# make depend && make all install +# killall -HUP inetd +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOnXa9FUuHi5z0oilAQGoPQP+ItWj4ScnyoBGBQw/CMLQN0XHWcEaT777 +dY8IL6U6NeSI0g/XAk5mVk2a0AExqimkhZFtaphg49y8XwjgbWGqtWHh0YMHa4k3 +ILtpOKQpDiGRda15FQUX+Pij8m3T1UdOmFQgCw2hFWnLh3eSgye7thHJzBjUlxCM +WI5aiOcdOk4= +=aAJS +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:12.periodic.asc b/share/security/advisories/FreeBSD-SA-01:12.periodic.asc new file mode 100644 index 0000000000..47f662831c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:12.periodic.asc @@ -0,0 +1,85 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:12 Security Advisory + FreeBSD, Inc. + +Topic: periodic uses insecure temporary files [REVISED] + +Category: core +Module: periodic +Announced: 2001-01-29 +Revised: 2001-01-29 +Credits: David Lary +Affects: FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE, + and 4.1.1-STABLE prior to the correction date. + No FreeBSD 3.x versions are affected. +Corrected: 2000-11-11 +FreeBSD only: Yes + +0. Revision History + +v1.0 2001-01-29 Initial release +v1.1 2001-01-29 Correctly credit original problem reporter + +I. Background + +periodic is a program to run periodic system functions. + +II. Problem Description + +A vulnerability was inadvertently introduced into periodic that caused +temporary files with insecure file names to be used in the system's +temporary directory. This may allow a malicious local user to cause +arbitrary files on the system to be corrupted. + +By default, periodic is normally called by cron for daily, weekly, and +monthly maintenance. Because these scripts run as root, an attacker +may potentially corrupt any file on the system. + +FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE, and 4.1.1-STABLE +prior to the correction date are vulnerable. The problem was +corrected prior to the release of FreeBSD 4.2. + +III. Impact + +Malicious local users can cause arbitrary files on the system to be +corrupted. + +IV. Workaround + +Do not allow periodic to be used in untrusted multi-user environments. + +Disable the normal periodic system maintenance scripts by either +commenting-out or removing the periodic entries in /etc/crontab. + +V. Solution + +One of the following: + +1) Upgrade the vulnerable FreeBSD system to 4.1.1-STABLE after the +correction date. + +2) Affected FreeBSD 4.x systems prior to the correction date: + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:12/periodic.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:12/periodic.patch.asc + +Execute the following commands as root: + +# cd /usr/src/usr.sbin/periodic +# patch -p < /path/to/patch +# make depend && make all install +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOnXa7lUuHi5z0oilAQHW2AP7BP+YRA93Guy+ImRy1O2IHw/6qYBivSA1 +fpYrTERUyyBHbe04KypWjloHfzvKIZoYApXdleECkVBPMYwNPNixTYVrU4zR4qbC +EjgtF4OhjLjmO/LqbKPiwDC7TEWWi3OtPWwpJlqT7uNoHmg+o6ySTJPPyrpAFuUQ +FS8I+DjVESA= +=wBFp +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:13.sort.asc b/share/security/advisories/FreeBSD-SA-01:13.sort.asc new file mode 100644 index 0000000000..40f711d1c7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:13.sort.asc @@ -0,0 +1,93 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:13 Security Advisory + FreeBSD, Inc. + +Topic: sort uses insecure temporary files + +Category: core +Module: sort +Announced: 2001-01-29 +Credits: Discovered during internal auditing +Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases + prior to 4.2), FreeBSD 3.5-STABLE prior to the + correction date. +Corrected: 2000-11-11 (FreeBSD 4.1.1-STABLE) + 2001-01-01 (FreeBSD 3.5-STABLE) +FreeBSD only: NO + +I. Background + +sort(1) is a program to sort lines of text. It is externally +maintained, contributed software which is included in FreeBSD by +default. + +II. Problem Description + +During internal auditing, sort(1) was found to use easily predictable +temporary file names. It does create these temporary files correctly +such that they cannot be "subverted" by a symlink attack, but the +program will abort if the temporary filename chosen is already in use. +This allows an attacker to cause the sort(1) command to abort, which +may have a cascade effect on other scripts which make use of it (such +as system management and reporting scripts). For example, it may be +possible to use this failure mode to hide the reporting of malicious +system activity which would otherwise be detected by a management +script. + +All released versions of FreeBSD prior to the correction date including +FreeBSD 3.5.1 and FreeBSD 4.1.1 are vulnerable. The problem was +corrected prior to the release of FreeBSD 4.2. + +III. Impact + +Attackers can cause the operation of sort(1) to fail, possibly +disrupting aspects of system operation. + +IV. Workaround + +None appropriate. + +V. Solution + +One of the following: + +Upgrade the vulnerable FreeBSD system to FreeBSD 3.5-STABLE, +4.2-RELEASE, or 4.2-STABLE after the correction date. + +To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 4.1.1 base system] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-4.1.1.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-4.1.1.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/gnu/usr.bin/sort +# patch -p < /path/to/patch +# make depend && make all install + +[FreeBSD 3.5.1 base system] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-3.5.1.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-3.5.1.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/gnu/usr.bin/sort +# patch -p < /path/to/patch +# make depend && make all install + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOnXd6VUuHi5z0oilAQF0XAP/d2M9nevTRLhEqTzutYfj2Whxxm1P8HgW +1hRPi3n3r9I7m9cBCjree6N33CRJoa0pdKovL5OgC04AWdRSKhfVHsLJYQz41Vi2 +tfqfZCTdhCWmwx9TGeVek9Pk3OrUIwhfzg+YBqX+ioQYaenB+25FHK1cigmXdeWp +UZWDyGlrmyM= +=vOx+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:14.micq.asc b/share/security/advisories/FreeBSD-SA-01:14.micq.asc new file mode 100644 index 0000000000..0433a50cb5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:14.micq.asc @@ -0,0 +1,97 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:14 Security Advisory + FreeBSD, Inc. + +Topic: micq remote buffer overflow vulnerability + +Category: ports +Module: micq +Announced: 2001-01-29 +Credits: recidjvo@pkcrew.org +Affects: Ports collection prior to the correction date. +Corrected: 2001-01-24 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +micq is a text-based ICQ client. + +II. Problem Description + +The micq port, versions prior to 0.4.6.1, contains a remote +vulnerability: due to a buffer overflow, a malicious remote user +sending specially-crafted packets may be able to execute arbitrary +code on the local system with the privileges of the micq process. To +accomplish this, the attacker must be able to sniff the packets +between the micq client and ICQ server in order to gain the session +key to cause the client to accept the malicious packets. + +The micq port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 4500 third-party applications in a ready-to-install format. The +ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this +problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may cause arbitrary code to be executed +with the privileges of the micq process. + +If you have not chosen to install the micq port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the micq port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the micq port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/micq-0.4.6.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/micq-0.4.6.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/micq-0.4.6.1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the micq port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOnXfalUuHi5z0oilAQEhPQP/aq4wwNE4IFedgd2Fz8IEZo+cfiu5dsPa +P1fNoylanm+TbLBEV+hJwjt5lBQHQoEmMh3efz2x7foj42QMP6YPtw6WPcwbXtVQ +uTSra4+3Ck2NdO+5WDju2X0kMbIBWJMCAPrGEpr/EkNbJRu76Ojp6Cw31WBx17X7 +BwLriuu9c9I= +=Iluh +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:15.tinyproxy.asc b/share/security/advisories/FreeBSD-SA-01:15.tinyproxy.asc new file mode 100644 index 0000000000..fa277c9fc9 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:15.tinyproxy.asc @@ -0,0 +1,95 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:15 Security Advisory + FreeBSD, Inc. + +Topic: tinyproxy contains remote vulnerabilities + +Category: ports +Module: tinyproxy +Announced: 2001-01-29 +Credits: |CyRaX| +Affects: Ports collection prior to the correction date. +Corrected: 2001-01-22 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +tinyproxy is a lightweight http proxy. + +II. Problem Description + +The tinyproxy port, versions prior to 1.3.3a, contains remote +vulnerabilities: due to a heap overflow, malicious remote users can +cause a denial-of-service by crashing the proxy. Additionally, the +attacker may potentially cause arbitrary code to be executed as the +user running tinyproxy. + +The tinyproxy port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may cause a denial-of-service and potentially +cause arbitrary code to be executed. + +If you have not chosen to install the tinyproxy port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the tinyproxy port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the tinyproxy port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/tinyproxy-1.3.3a.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/tinyproxy-1.3.3a.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/tinyproxy-1.3.3a.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the tinyproxy port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOnXgJ1UuHi5z0oilAQHo6wQAj3xyGIyobs/grdxqowjFMcpE86ZxuguC +/FzN9pNGbj2/tRv+5XWALJs4dl5mfqNruxeNlFy7uNZAoLztRd5DxuPa/KLJBh3R +NYUFjCBzBbjMDZzSOQSpRWwMrs8o/y5qWgAEdVQXqTmXPrKKnbiIBpAYRX/9pzGW +s199naiw8yM= +=M4Q1 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:16.mysql.asc b/share/security/advisories/FreeBSD-SA-01:16.mysql.asc new file mode 100644 index 0000000000..24bf94bfef --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:16.mysql.asc @@ -0,0 +1,110 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:16 Security Advisory + FreeBSD, Inc. + +Topic: mysql may allow remote users to gain increased + privileges + +Category: ports +Module: mysql322-server/mysql323-server +Announced: 2001-01-29 +Credits: Nicolas GREGOIRE +Affects: Ports collection prior to the correction date. +Corrected: 2001-01-19 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +mysql is a high-performance database server. + +II. Problem Description + +The mysql323-server port, versions prior to 3.23.22, and all +mysql322-server ports contain remote vulerabilities. Due to a buffer +overflow, a malicious remote user can cause a denial-of-service by +crashing the database. Additionally, the attacker may be able to gain +the privileges of the mysqld user, allowing access to all databases +and the ability to leverage other local attacks as the mysqld user. +In order to accomplish this, the attacker must have a valid mysql +account. + +The mysql322-server and mysql323-server ports are not installed by +default, nor are they "part of FreeBSD" as such: they are part of the +FreeBSD ports collection, which contains over 4500 third-party +applications in a ready-to-install format. The ports collections +shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was +discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote mysql users may cause a denial-of-service and +potentially gain access as the mysqld user, allowing access to all +databases on the mysql server and the ability to leverage other local +attacks as the mysqld user. + +If you have not chosen to install the mysql322-server or +mysql323-server ports/packages, then your system is not vulnerable to +this problem. + +IV. Workaround + +Deinstall the mysql322-server or mysql323-server port/package, if you +have installed it. + +V. Solution + +Note: the mysql322-server port has been removed since mysql 3.23 is +now the stable mysql branch. People using older mysql322-server +ports/packages are urged to update to the mysql323-server +port/package. + +One of the following: + +1) Upgrade your entire ports collection and rebuild the +mysql323-server port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/databases/mysql-3.23.32.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/databases/mysql-3.23.32.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/databases/mysql-3.23.32.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the mysql323-server port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOnXg81UuHi5z0oilAQEIKgP/fLnAPAIJt33PQl6NYnBzivsjX0/w0TGW +MVkX3OAz14EZYGEajJJfCf2QboqvDYMMuoYNQS3MF8eTmSNQxpzDpRzFyU8zeiUj +UnAzKWk+4vjTRkM8BcQHuXfsuzh/H1KjENjo+gbCrmXitLWjuFSS9l/U91tWeyMM +sQevoqqqXQE= +=8xko +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:17.exmh.asc b/share/security/advisories/FreeBSD-SA-01:17.exmh.asc new file mode 100644 index 0000000000..0a818b8f7a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:17.exmh.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:17 Security Advisory + FreeBSD, Inc. + +Topic: exmh symlink vulnerability + +Category: ports +Module: exmh2 +Announced: 2001-01-29 +Credits: Stanley G. Bubrouski +Affects: Ports collection prior to the correction date. +Corrected: 2001-01-22 +Vendor status: Updated version released +FreeBSD only: No + +I. Background + +exmh is a tcl/tk based interface to the mh mail user agent. + +II. Problem Description + +The exmh2 port, versions prior to 2.3.1, contains a local +vulnerability: at startup, if exmh detects a problem in its code or +configuration an error dialog appears giving the user an option to +fill in a bug report and email it to the maintainer. If the user +agrees to mail the maintainer a file named /tmp/exmhErrorMsg is +created. If the file exists and is a symlink, it will follow the +link, allowing local files writable by the user to be overwritten. + +The exmh2 port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious local users may cause arbitrary files writable by the user +running exmh to be overwritten, in certain restricted situations. + +If you have not chosen to install the exmh2 port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the exmh2 port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the exmh2 port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/exmh-2.3.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/exmh-2.3.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/exmh-2.3.1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the exmh2 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOnXiAVUuHi5z0oilAQFN1QP/Y8TNT5P86VCujRk704GXV9Lxw4W6+lgZ +s6wmSPnm8BmO/MZo4RZ+snZToo9lZWEbgU490LU7sUjy8ehMiP6F2OpViuFT76ug +INFou7NHIAmMre2iFzyy6pcsLttX0emc02qUiEPDCLXrgF0BvhbqC3myXsbUzrpJ +srN7OD3Y8l4= +=1966 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:18.bind.asc b/share/security/advisories/FreeBSD-SA-01:18.bind.asc new file mode 100644 index 0000000000..268843e01a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:18.bind.asc @@ -0,0 +1,252 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:18 Security Advisory + FreeBSD, Inc. + +Topic: BIND remotely exploitable buffer overflow + +Category: core, ports +Module: bind +Announced: 2001-01-31 +Credits: COVERT Labs + Claudio Musmarra +Affects: All released versions of FreeBSD 3.x, 4.x. + FreeBSD 3.5-STABLE prior to the correction date. + FreeBSD 4.2-STABLE prior to the correction date. + Ports collection prior to the correction date. +Corrected: 2001-01-30 (FreeBSD 3.5-STABLE) + 2001-01-29 (FreeBSD 4.2-STABLE) + 2001-01-29 (Ports collection) +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +BIND is an implementation of the Domain Name Service (DNS) protocols. + +II. Problem Description + +An overflowable buffer related to the processing of transaction +signatures (TSIG) exists in all versions of BIND prior to +8.2.3-RELEASE. The vulnerability is exploitable regardless of +configuration options and affects both recursive and non-recursive DNS +servers. + +Additional vulnerabilities allow the leaking of environment variables +and the contents of the program stack. These vulnerabilities may +assist the ability of attackers to exploit the primary vulnerability +described above, and make provide additional information about the +state or configuration of the system. + +All previous versions of BIND 8, such as the beta versions included in +FreeBSD 4.x prior to the correction date (designated the version +number BIND 8.2.3-T<#>B) are vulnerable to this problem. Systems +running versions of BIND 9.x (available in the FreeBSD ports +collection) are unaffected. + +Further information about the vulnerabilities is contained in the CERT +advisory located at: + +http://www.cert.org/advisories/CA-2001-02.html + +Note that this advisory also describes vulnerabilities in the BIND 4.x +software, which is not included in any recent version of FreeBSD. + +All versions of FreeBSD 3.x and 4.x prior to the correction date +including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this +problem, if they have been configued to run named (this is not enabled +by default). In addition, the bind8 port in the ports collection +(versions prior to 8.2.3) is also vulnerable. + +To check whether a DNS server is running a vulnerable version of BIND, +perform the following command as any user: + +% dig @serverip version.bind. CHAOS TXT + +The following segment of output indicates a non-vulnerable server +running BIND 8.2.3-RELEASE: + +... +;; ANSWER SECTION: +VERSION.BIND. 0S CHAOS TXT "8.2.3-REL" +... + +III. Impact + +Malicious remote users can cause arbitrary code to be executed as the +user running the named daemon. This is often the root user, although +FreeBSD provides built-in support for the execution of named as an +unprivileged 'bind' user, which greatly limits the scope of the +vulnerability should a successful penetration take place. + +IV. Workaround + +There is no known practical workaround to prevent the vulnerability +from being exploited, short of upgrading the software. A partial +workaround to limit the impact of the vulnerability should it be +exploited is to run named as an unprivileged user. + +Add the following line to /etc/rc.conf: + +named_flags="-u bind -g bind" # Flags for named + +Add the following line to your /etc/namedb/named.conf file, in the +"options" section: + + pid-file "/var/named/named.pid"; + +See the named.conf(5) manual page for more details about configuring +named. + +Perform the following commands as root: + +Create a directory writable by the bind user where named can store its +pid file: + +# mkdir /var/named +# chown bind:bind /var/named + +Shut down the DNS server: + +# ndc stop + +Restart it using the non-privileged user and group: + +# ndc -p /var/named/named.pid start -u bind -g bind + +Note that when not running as the root user, named will lose the +ability to re-bind to interfaces which change address, or which are +added to the system after named has been started. If such an event +takes place, named will need to be stopped and restarted in order to +re-bind to the interface(s). See the ndc(8) manual page for more +information about how to do this. + +Use of the -t option to named will also increase security when run as +a non-privileged user by confining the named process to a chroot +environment and thereby partially limiting the access it has to the +rest of the system. Configuration of these options is beyond the +scope of the advisory. The following website contains information +which may be useful to administrators wishing to perform this step: + +http://www.losurs.org/docs/howto/Chroot-BIND.html + +Note that this tutorial does not specifically relate to FreeBSD, and +the information contained therein may need to be modified for FreeBSD +systems. + +Note that such a penetration of the unprivileged bind user may still +allow the attacker to take advantage of a local security vulnerability +or misconfiguration to further increase privileges. Therefore this +should only be considered a temporary workaround while preparations +can be made to upgrade permanently. + +It is recommended that all affected users upgrade their systems +immediately as described in the following section. + +V. Solution + +Note that BIND 8.2.3-RELEASE is more strict about invalid zone file +syntax than older versions. DNS zones which contain errors may need +to be corrected before the new version can be run. + +[Base system] + +Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE +after the respective correction dates. + +A binary tarball containing the updated BIND files may be released in +a few days, but is being held back for quality assurance reasons. In +the meantime an unofficial tarball is available from the following +location. Users are advised that the following tarball has not been +tested on a production system, and those wishing to perform an upgrade +without upgrading the entire OS are advised to use the bind8 port as +described below. + +http://www.freebsd.org/~kris/bind-8.2.3-4.x.tgz +http://www.freebsd.org/~kris/bind-8.2.3-4.x.tgz.asc + +To fetch and install it, perform the following actions as root: + +# fetch http://www.freebsd.org/~kris/bind-8.2.3-4.x.tgz +# fetch http://www.freebsd.org/~kris/bind-8.2.3-4.x.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# cd / +# tar xvfz /path/to/bind-8.2.3-4.x.tgz + +Stop and restart the named process as shown: + +# ndc restart + +See the note in the previous section about how to restart ndc as a +non-privileged user if it has been configued to run that way. + +[Ports collection] + +If you have chosen to install BIND from the ports collection and are +using it instead of the version in the base system, perform one of the +following steps: + +1) Update your entire ports collection and rebuild the bind8 port. + +If you are installing the port for the first time, be sure to edit the +named_program variable in /etc/rc.conf to point to the installed +location of the named executable. + +The bind8 port can be configured to install itself in /usr and read +configuration data from /etc so that it is drop-in compatible with the +system version of BIND. Install the port as follows: + +# cd /usr/ports/net/bind8 +# make PREFIX=/usr PIDDIR=/var/run DESTETC=/etc/namedb \ + DESTRUN=/var/run all install clean + +If you install the BIND port over the top of the system version in +this way, be sure to add the following line to /etc/make.conf to +prevent the future rebuilding of the system version during 'make +world': + +NO_BIND= true # do not build BIND + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/bind-8.2.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/bind-8.2.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/bind-8.2.3.tgz + +NOTE: It may be several days before updated packages are available. + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the bind8 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOniArlUuHi5z0oilAQGE+AQAiwizuORMqyzOw21QFyap2Z7lv7BkYuiC +9zZ97X3WR+i8AujTfIrhwK1UdO6KFbp5Rjc54f3XHtaMotoRcp3x24xADpGQDP4s +Xyw267ZoV7ZYuG6VcAgBzq9pqiCnU9rqRQy2aRn/8iCvcl/G5249B3DuMMtLiMw+ +Iuz0OOxWeLM= +=hanM +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:19.ja-klock.asc b/share/security/advisories/FreeBSD-SA-01:19.ja-klock.asc new file mode 100644 index 0000000000..f510c598f6 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:19.ja-klock.asc @@ -0,0 +1,70 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:19 Security Advisory + FreeBSD, Inc. + +Topic: ja-xklock port contains a local root compromise + +Category: ports +Module: ja-xklock +Announced: 2001-02-07 +Credits: Found during internal auditing +Affects: Ports collection prior to the correction date. +Corrected: See below. +Vendor status: N/A +FreeBSD only: No + +I. Background + +The ja-xklock is a localized xlock clone, which locks an X display. + +II. Problem Description + +The ja-xklock port, versions 2.7.1 and earlier, contains an +exploitable buffer overflow. Because the xklock program is also +setuid root, unprivileged local users may gain root privileges on the +local system. + +Because the ja-xklock port is unmaintained and due to the software's +age, this vulnerability has not yet been corrected. Additionally, the +ja-xklock port is scheduled for removal from the ports system if it +has not been audited and fixed within one month of discovery. In the +event the ja-xlock port is corrected, this advisory will be rereleased +with updated information. + +The ja-xklock port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users may gain root privileges on the local system. + +If you have not chosen to install the ja-xklock port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the ja-xklock port/package, if you have installed it. + +V. Solution + +It is suggested that an alternative, such as xlock or xlockmore, is +used instead of the ja-xklock port. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOoGkUFUuHi5z0oilAQGzvwQAkiQisnaY94dUvy+a/RJoeY5j04yQf92u +P8I5aTWn6CfVP2a5xpRW8I2xRpJtiUAVzNmAYflW9gGgzQL9GXHy8roiaYMP+V7Y +X3zWhRV7Kb/L9jVKEGurwLaygF6m11AkmWUKbb8Hi95rzsJokTWA93MZK+exKfZ9 +lFBOA3QC2vA= +=gIGE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:20.mars_nwe.asc b/share/security/advisories/FreeBSD-SA-01:20.mars_nwe.asc new file mode 100644 index 0000000000..de1ab42fdf --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:20.mars_nwe.asc @@ -0,0 +1,98 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:20 Security Advisory + FreeBSD, Inc. + +Topic: mars_nwe contains potential remote root compromise + +Category: ports +Module: mars_nwe +Announced: 2001-02-07 +Credits: Przemyslaw Frasunek +Affects: Ports collection prior to the correction date. +Corrected: 2001-01-30 +Vendor status: Vendor notified +FreeBSD only: NO + +I. Background + +mars_nwe is a Novell Netware server emulator. + +II. Problem Description + +The mars_nwe port, versions prior to 0.99.b19_1, contains a remote +format string vulerability. Because of this vulnerability, a +malicious remote user sending specially-crafted packets may be able to +execute arbitrary code on the local system, potentially gaining root +access. + +The mars_nwe port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may cause arbitrary code to be executed +on the local system, potentially gaining root access. + +If you have not chosen to install the mars_nwe port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the mars_nwe port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the mars_nwe port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mars_nwe-0.99.b19_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mars_nwe-0.99.b19_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mars_nwe-0.99.b19_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the mars_nwe port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOoGk4VUuHi5z0oilAQFwUAP9HAYPxR6z25Lg6QzlsWMBJt8UDx7JKZx8 +bR4U9l6IFzNS3p4IgwtiFDrqfCNpRRBtWDrXYmpWdwL2g1cx6MGWLayCeGq6g1ha +MfKTTPlFrmSorXm6NdtcH33wDD05ScWQPCjhATJT3b4VxcbfmR1SEPxqXBOw6Whe +MFKc9SisWEc= +=m02+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:21.ja-elvis.asc b/share/security/advisories/FreeBSD-SA-01:21.ja-elvis.asc new file mode 100644 index 0000000000..1518c6c8ba --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:21.ja-elvis.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:21 Security Advisory + FreeBSD, Inc. + +Topic: ja-elvis and ko-helvis ports contain a local + root compromise + +Category: ports +Module: ja-elvis/ko-helvis +Announced: 2001-02-07 +Credits: Found during internal auditing +Affects: Ports collection prior to the correction date. +Corrected: 2001-01-28 +Vendor status: Vendor notified +FreeBSD only: No + +I. Background + +The ja-elvis and ko-helvis ports are localized versions of elvis, +a vi editor clone. + +II. Problem Description + +The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1 +and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the +elvrec utility. Because elvrec is setuid root, unprivileged local +users may gain root privileges on the local system. + +The ja-elvis and ko-helvis ports are not installed by default, nor +are they "part of FreeBSD" as such: they are part of the FreeBSD +ports collection, which contains over 4500 third-party applications +in a ready-to-install format. The ports collections shipped with +FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered +after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users may gain root privileges on the local +system. + +If you have not chosen to install the ja-elvis or ko-helvis +ports/packages, then your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the ja-elvis or ko-helvis port/package, if you have +installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the ja-elvis or +ko-helvis port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] + +[ja-elvis] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/japanese/ja-elvis-1.8.4_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/ja-elvis-1.8.4_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/japanese/ja-elvis-1.8.4_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/ja-elvis-1.8.4_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/japanese/ja-elvis-1.8.4_1.tgz + +[ko-helvis] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/korean/ko-helvis-1.8h2_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-helvis-1.8h2_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/korean/ko-helvis-1.8h2_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-helvis-1.8h2_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/korean/ko-helvis-1.8h2_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the ja-elvis or ko-helvis port +from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOoGlh1UuHi5z0oilAQE/ggP/QR9lSQtamdAZCI1WXR2HwwVgu+UITBdK +QCmYhia7H+YVRUp9Oiya1zZ/FyKQlz1VjoRVQEtU9jeHuo1tocABn6pobZLqc1z+ +gyUHX6vbC4wNVB1PFMX6RYUCpP50K4/QS6kQmLJdspYteCE7om374QyKTzQgoObh +1FNmh60FcbI= +=uB1V +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:22.dc20ctrl.asc b/share/security/advisories/FreeBSD-SA-01:22.dc20ctrl.asc new file mode 100644 index 0000000000..4e11be7279 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:22.dc20ctrl.asc @@ -0,0 +1,100 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:22 Security Advisory + FreeBSD, Inc. + +Topic: dc20ctrl port contains a locally exploitable buffer overflow + yielding gid dialer + +Category: ports +Module: dc20ctrl +Announced: 2001-02-07 +Credits: Found during internal auditing +Affects: Ports collection prior to the correction date. +Corrected: 2001-02-07 +Vendor status: Vendor notified +FreeBSD only: No + +I. Background + +dc20ctrl is a program to control Kodak DC20 digital cameras. + +II. Problem Description + +The dc20ctrl port, versions prior to 0.4_1, contains a locally +exploitable buffer overflow. Because the dc20ctrl program is also +setgid dialer, unprivileged local users may gain gid dialer on the +local system. This may allow the users to gain unauthorized access to +the serial port devices. + +The dc20ctrl port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 4500 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users may gain increased privileges on the local +system including potentially unauthorized access to the serial port +devices. + +If you have not chosen to install the dc20ctrl port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the dc20ctrl port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the dc20ctrl port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/graphics/dc20ctrl-0.4_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/dc20ctrl-0.4_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/graphics/dc20ctrl-0.4_1.tgz + +NOTE: it may be several days before updated packages are available. + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the dc20ctrl from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOoGyClUuHi5z0oilAQFzvgP/fhW32mvqDBlqUodUFjjWYmRaLJmaU3Wi +zNm5C/eb36jA9auvmZv9lE4UOlkPng1Kvhg8z0cSvWzhEUNk9IAdklvGsGXhvN/I +rjJHdVG6qSFmmsfSrlQwwfNqbhivPITM7Iv2xH0WPLoaStvMnFFmm4bERPJ/4hAq +8O9ZKoRXqyA= +=J8Ao +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:23.icecast.asc b/share/security/advisories/FreeBSD-SA-01:23.icecast.asc new file mode 100644 index 0000000000..01177d1b31 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:23.icecast.asc @@ -0,0 +1,101 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:23 Security Advisory + FreeBSD, Inc. + +Topic: icecast port contains remote vulnerability + +Category: ports +Module: icecast +Announced: 2001-03-12 +Credits: |CyRaX| +Affects: Ports collection prior to the correction date. +Corrected: 2001-03-10 +Vendor status: Unresponsive +FreeBSD only: NO + +I. Background + +icecast is a server for streaming MP3 audio. + +II. Problem Description + +The icecast software, versions prior to 1.3.7_1, contains multiple +format string vulnerabilities, which allow a remote attacker to +execute arbitrary code as the user running icecast, usually the root +user. + +There are a number of other potential abuses of format strings which +may or may not pose security risks, but have not currently been +audited. + +The icecast port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 4700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Arbitrary remote users can execute arbitrary code on the local system +as the user running icecast, usually the root user. + +If you have not chosen to install the icecast port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the icecast port/package, if you have installed it. + +V. Solution + +Consider running the icecast software as a non-privileged user to +minimize the impact of further security vulnerabilities in this +software. + +To upgrade icecast, choose one of the following options: + +1) Upgrade your entire ports collection and rebuild the icecast port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/icecast-1.3.7_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/icecast-1.3.7_1.tgz + +NOTE: It may be several days before updated packages are available + +[alpha] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/icecast-1.3.7_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/icecast-1.3.7_1.tgz + +3) download a new port skeleton for the icecast port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOq1b9lUuHi5z0oilAQF0VQQAgjsvLSPtZ1pu6OtkGxuMJhCmmeCvFJvL +4szsF1csrFrXhaH7z1VjJP8r/Q2NBzWcS3qujkhGRObsGGyvAJKk7QVrqnjXV3gD +rgLnphjNlKt0VuXafxXwTT8YTxoCbzOHy23aa0KaRWoCAVcVi4AAZs4XHEUgU+Ov +lWOyEgxUBEk= +=WM3Y +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:24.ssh.asc b/share/security/advisories/FreeBSD-SA-01:24.ssh.asc new file mode 100644 index 0000000000..f06f162894 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:24.ssh.asc @@ -0,0 +1,260 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:24 Security Advisory + FreeBSD, Inc. + +Topic: SSH1 implementations may allow remote system, data compromise + +Category: core/ports +Module: openssh, ssh +Announced: 2001-02-12 +Credits: Michal Zalewski (Vulnerability 1) + Core-SDI (http://www.core-sdi.com) (Vulnerability 2) +Affects: FreeBSD 4.x, 4.2-STABLE prior to the correction date + Ports collection prior to the correction date. +Corrected: OpenSSH [FreeBSD 4.x base system]: + 2000-12-05 (Vulnerability 1) + 2001-02-11 (Vulnerability 2) + OpenSSH [ports]: + 2001-02-09 (Vulnerability 1) + 2001-02-11 (Vulnerability 2) + ssh [ports]: + 2001-02-09 (Vulnerability 1) + 2001-02-09 (Vulnerability 2) +Vendor status: Patches released. +FreeBSD only: NO + +I. Background + +OpenSSH is an implementation of the SSH1 and SSH2 secure shell +protocols for providing encrypted and authenticated network access, +which is available free for unrestricted use. + +An SSH1 client/server (ssh) from ssh.com is included in the ports +collection. This software is not available free of charge for all +uses, and the FreeBSD Security Officer does not recommend its use. + +II. Problem Description + +There are two flaws in the SSH1 protocol as implemented by OpenSSH and +ssh. + +Vulnerability 1: + + An integer overflow may allow arbitrary remote users to obtain root + permissions on the server running sshd. This is due to a coding + mistake in code intended to work around a protocol flaw in the SSH1 + protocol. This vulnerability was corrected in OpenSSH 2.3.0, which + was committed to FreeBSD 4.2-STABLE on 2000-12-05. + +Vulnerability 2; + + Remote attackers who can observe the encrypted contents of a user's + SSH1 session, and who have the ability to mount large numbers of + connections fo the SSH1 server may be able to break the transient + server key used by the server to negotiate encryption parameters for + the session, and from there can decrypt the entire contents of the + snooped connection. The transient key has a lifetime of only one + hour by default, but all snooped SSH1 sessions captured within this + timeframe may be broken if the attack is successful. + + This attack is mitigated by the requirement to initiate large + numbers of SSH1 protocol connections to the server during the + lifetime of the key. On average a sustained connection rate of + around 400 connections and SSH1 protocol handshakes must be carried + out per second to have a high chance of succeeding within the 1 hour + lifetime of the server key. OpenSSH contains rate-limiting code + which will limit the number of outstanding connections to a fraction + of this number in the default configuration, and computational and + network limitations may reduce this number still further. + Therefore, though the potential impact of this flaw is great, it is + made very difficult to exploit in practice. However, note that even + though the chances of success are reduced, the vulnerability is not + eliminated. + +OpenSSH is installed if you chose to install the 'crypto' distribution +at install-time or when compiling from source, and is installed and +enabled by default as of FreeBSD 4.1.1-RELEASE. By default SSH1 +protocol support is enabled. + +If SSH1 protocol support has been disabled in OpenSSH, it is not +vulnerable to these attacks. They do not affect implementations of +the SSH2 protocol, such as OpenSSH run in SSH2-only mode. + +Versions of the OpenSSH port prior to openssh-2.2.0_2, and versions +of the ssh port prior to ssh-1.2.27_3 are vulnerable to these attacks. + +III. Impact + +Arbitrary remote users may be able to execute arbitrary code as root +on an SSH1 server accepting connections via the SSH1 protocol. + +Remote users who can snoop the encrypted contents of SSH1 sessions +belonging to other users, and who can mount a very high rate of +connections to the server may be able to mount an attack leading to +the ability to decrypt these sessions. This attack may disclose +account password details as well as other sensitive data. + +IV. Workaround + +If you are running sshd, disable the use of the SSH1 protocol in +OpenSSH. SSH1 contains inherent protocol deficiencies and is not +recommended for use in high-security environments. Note that some +third-party SSH clients are not capable of using the SSH2 protocol, +however the OpenSSH client (version 2.1 and later) included in FreeBSD +is SSH2-capable. + +To disable SSH1, add the following line to the /etc/ssh/sshd_config +file (/usr/local/etc/sshd_config for the OpenSSH port): + +Protocol 2 + +and remove any other "Protocol" directives from that file. + +Execute the following command as root: + +# kill -HUP `cat /var/run/sshd.pid` + +This will cause the parent process to reread its configuration file, +and should not interfere with existing SSH sessions. + +V. Solution + +- --[OpenSSH - base system]----- + +One of the following: + +1) Upgrade to FreeBSD 4.2-STABLE after the correction date. Note that +these versions of FreeBSD contain a newer version of OpenSSH (version +2.3.0) than was in 4.2-RELEASE (version 2.2.0). + +2) Download the patch and detached PGP signature from the following +location: + +The following patch applies to FreeBSD 4.2-RELEASE. + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-release.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-release.patch.asc + +The folllowing patch applies to FreeBSD 4.2-STABLE which is running +OpenSSH 2.3.0 (4.2-STABLE dated after 2000-12-05) + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-stable.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-stable.patch.asc + +Verify the detached signature using your PGP utility. + +Issue the following commands as root: + +# cd /usr/src/crypto/openssh +# patch -p < /path/to/patch +# cd /usr/src/secure/lib/libssh +# make all +# cd /usr/src/secure/usr.bin/ssh-agent +# make all install +# cd /usr/src/secure/usr.sbin/sshd +# make all install + +Finally, if sshd is already running then kill and restart the sshd +daemon: perform the following command as root: + +# kill -KILL `cat /var/run/sshd.pid` && /usr/sbin/sshd + +This will not affect sessions in progress. + +- --[OpenSSH - port]----- + +Use one of the following options to upgrade the OpenSSH software, then +kill and restart the sshd daemon if it is already running. This will +not affect sessions in progress. + +To kill and restart the sshd daemon, perform the following command as +root: + +# kill -KILL `cat /var/run/sshd.pid` && /usr/local/sbin/sshd + +1) Upgrade your entire ports collection and rebuild the OpenSSH port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/openssh-2.2.0_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-2.2.0_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-2.2.0_2.tgz + +NOTE: It may be several days before updated packages are available. + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the OpenSSH port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +- --[ssh - port]----- + +Use one of the following options to upgrade the ssh software, then +kill and restart the sshd daemon if it is already running. This will +not affect sessions in progress. + +To kill and restart the sshd daemon, perform the following command as +root: + +# kill -KILL `cat /var/run/sshd.pid` && /usr/local/sbin/sshd + +1) Upgrade your entire ports collection and rebuild the ssh port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/ssh-1.2.27_3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ssh-1.2.27_3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/ssh-1.2.27_3.tgz + +NOTE: It may be several days before updated packages are available. + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the OpenSSH port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOoiAylUuHi5z0oilAQEoVgP/Qc5UXjRnR3byHZfQyM4VyuwCWAWeAaD7 +HPjlhLTiOb0HUqsVhiraIX5Mgi5ReySj2wREd4EKW9pEKiXfcXCWItivG8PrV/P8 +NHEo5B393r1G8ovtkt3fu0bQ7RhOrxOeHRn5mxbmk8pIrRg7oxeZ02ygJiCV8LqT +hoOxMmU4FYQ= +=REEI +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:25.kerberosIV.asc b/share/security/advisories/FreeBSD-SA-01:25.kerberosIV.asc new file mode 100644 index 0000000000..ead8f8d876 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:25.kerberosIV.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:25 Security Advisory + FreeBSD, Inc. + +Topic: Local and remote vulnerabilities in Kerberos IV + +Category: core +Module: libkrb, telnetd +Announced: 2001-02-14 +Credits: Jouko Pynnönen +Affects: FreeBSD 4.2-STABLE and 3.5-STABLE prior to the + correction dates. +Corrected: 2000-12-13 (FreeBSD 4.2-STABLE) + 2000-12-15 (FreeBSD 3.5-STABLE) +FreeBSD only: NO + +I. Background + +telnetd is the server for the telnet remote login protocol, which is +available with optional support for the Kerberos authentication +protocol. libkrb is the library used for Kerberised applications +(including telnetd and login). FreeBSD includes the KTH Kerberos +implementation, which is externally maintained, contributed software, +as an optional part of the base system. + +II. Problem Description + +The advisory describes three vulnerabilities: first, an overflow in +the libkrb KerberosIV authentication library, second, improper +filtering of environmental variables by the KerberosIV-adapted telnet +daemon, and finally, a temporary file vulnerability in the KerberosIV +ticket management code. + +A buffer overflow exists in the libkrb Kerberos authentication +library, which may be exploitable by malicious remote authentication +servers. This vulnerability exists in the kdc_reply_cipher() call. +An attacker may be able to overflow this buffer during an +authentication exchange, allowing the attacker to execute arbitrary +code with the privileges of the caller of kdc_reply_cipher(). + +The telnet protocol allows for UNIX environmental variables to be +passed from the client to the user login session on the server. The +base system telnet daemon, telnetd, goes the great lengths to limit +the variables passed so as to prevent them from improperly influencing +the login and authentication mechanisms. The telnet daemon used with +KerberosIV relied on an incomplete list of improper environment +variables to remove from the environment before executing the login +program. This is a similar vulnerability to that described in +Security Advisory 00:69. + +Two environment variables have been identified that place users of +Kerberos at risk. The first allows the remote user to change the +Kerberos server used for authentication requests, increasing the +opportunity for an attacker to exploit the buffer overflow. The +second allows the configuration directory for Kerberos to be modified, +allowing an attacker with the right to modify the local file system to +cause Kerberos to autheticate using an improper configuration +(including Kerberos realm and server configuration, as well as +srvtab). These vulnerabilities may be used to leverage root access. + +A race condition exists in the handling of ticket files in /tmp; this +vulnerability may be exploited by a local user to gain ownership of +arbitrary files in the file system. This vulnerability can be +leveraged to gain root access. + +These vulnerabilities only exist on systems which have installed the +optional Kerberos IV distribution (whether or not it is configured), +which is not installed by default. + +III. Impact + +If your system has the KerberosIV distribution installed, remote and +local users may be able to obtain root privileges on the local system. + +IV. Workaround + +To prevent remote root compromise via the telnet service, disable the +telnet service, which is usually run out of inetd: comment out the +following lines in /etc/inetd.conf, if present. + +telnet stream tcp nowait root /usr/libexec/telnetd telnetd + +telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd + +The local root compromise cannot be easily worked around. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.2-STABLE or +3.5-STABLE after the respective correction dates. + +2) Apply the relevant patch from below and recompile the affected +files: + +Download the relevant patch and detached PGP signature from the +following locations, and verify the signature using your PGP utility. + +[FreeBSD 4.2] +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.4.2.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.4.2.patch.asc + +[FreeBSD 3.5.1] +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.3.5.1.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc + +NOTE: This patch assumes you have already applied the patch in security advisory +SA-00:69. + +Execute the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch +# cd /usr/src/kerberosIV +# make depend && make all install +# cd /usr/src/libexec/telnetd +# make depend && make all install +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOopfGFUuHi5z0oilAQGIZwP+OTdYs+CQQ0oZegWsQRNkf6CJCCCu/ban +XWs5wIwEFESq8rCdtg4c6y2RKdF+oySU05nXRYG3gl2Il+71zjhTUnsXi2mM5WHi +on6m8GOB9EGurb2xszuqNBREa61wGoYZTptzm/NKW7meaDVDlCwe1Mq+orz7ai3m +WrEZuR94UFU= +=TyCm +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:26.interbase.asc b/share/security/advisories/FreeBSD-SA-01:26.interbase.asc new file mode 100644 index 0000000000..a4f03e7c36 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:26.interbase.asc @@ -0,0 +1,85 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:26 Security Advisory + FreeBSD, Inc. + +Topic: interbase contains remote backdoor + +Category: ports +Module: interbase +Announced: 2001-03-12 +Credits: Firebird project +Affects: Ports collection prior to the correction date. +Corrected: See below. +Vendor status: No update released +FreeBSD only: NO + +I. Background + +Interbase is a SQL database server from Borland. + +II. Problem Description + +The interbase software contains a remote backdoor account, which was +apparently introduced by the vendor in 1992. The interbase source +code has recently been released and is the basis for a derivative +project called firebird, who are credited with discovering the +vulnerability. + +The backdoor account has full read and write access to databases +stored on the server, and also gives the ability to write to arbitrary +files on the server as the user running the interbase server (usually +user root). Remote attackers may connect to the database on TCP port +3050. + +The interbase port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 4700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users who can connect to the interbase database server can +obtain full access to all databases using a backdoor account built +into the server itself. This account cannot be disabled. + +If you have not chosen to install the interbase port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +1) Deinstall the interbase port/package, if you have installed it. + +2) Use packet filters on your perimeter firewalls, or ipfw(8)/ipf(8) +on the interbase server to prevent connections from untrusted systems +to TCP port 3050 on the interbase server. Note that local users, or +arbitrary users on systems permitted to connect to the TCP port can +still access the backdoor account. + +3) Migrate to the firebird database, which is an open-source +derivative of the interbase software which does not contain the +backdoor account. + +V. Solution + +The FreeBSD port of interbase is not provided by Borland -- it is +provided in binary form from Rios Corporation -- and there does not +appear to be a patch available for the security vulnerability. +Therefore there is currently no complete solution to this security +vulnerability; see the previous section for possible workarounds. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOq1c21UuHi5z0oilAQEfhgP/aoWhV5eBmmKkYcpVxRhu+FkkOYJvIwih +RIsCmTKISP5f0smt37Qw4B0o5F2EmAUVncYFNGK39Co+Pxr9eyRx0PD4HvX8JnZ3 +7QtqRE4Oh2LwX0xpd9tpUpT1yxdGX9u+TSB+9MdB5hIyEsnRjwuMwZn1vUOBB8uk +whVMpvQLc/w= +=C9Nl +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:27.cfengine.asc b/share/security/advisories/FreeBSD-SA-01:27.cfengine.asc new file mode 100644 index 0000000000..2a081a83be --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:27.cfengine.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:27 Security Advisory + FreeBSD, Inc. + +Topic: cfengine port contains remote root vulnerability + +Category: ports +Module: cfengine +Announced: 2001-03-12 +Credits: Pekka Savola +Affects: Ports collection prior to the correction date. +Corrected: 2001-01-21 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +cfengine is a system for automating the configuration and maintenance +of large networks. + +II. Problem Description + +The cfengine port, versions prior to 1.6.1, contained several format +string vulnerabilities which allow a remote attacker to execute +arbitrary code on the local system as the user running cfengine, +usually user root. + +The cfengine port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains nearly 4700 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Arbitrary remote users can execute code on the local system as the +user running cfengine, usually user root. + +If you have not chosen to install the cfengine port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +One of the following: + +1) Deinstall the cfengine port/package, if you have installed it. + +2) Implement access controls on connections to the cfengine server, +either at the application level using the cfengine configuration file, +or by using network-level packet filtering on the local system using +ipfw(8)/ipf(8), or on the perimeter firewalls. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the cfengine port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/cfengine-1.6.3.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/cfengine-1.6.3.tar.gz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the cfengine port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOq1dclUuHi5z0oilAQFhhAQApfRMj88GYMKiTtLeyjWeaDLFIlDjUTl4 +fF1QQNzetOSIoVjA+CsbkTgsX/c8B6Lc7BuTI7K3BLKUu2QC2GbYkn5/ymCdYQeE +dW2S00bMdBP6GwURAdFnizezkZq5Y3oEVYXVL4s91M9jb3wCwNOwnbfKH/aegFvL +ZOjDvMUdjb0= +=yzjS +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:28.timed.asc b/share/security/advisories/FreeBSD-SA-01:28.timed.asc new file mode 100644 index 0000000000..87c093a1c8 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:28.timed.asc @@ -0,0 +1,92 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:28 Security Advisory + FreeBSD, Inc. + +Topic: timed allows remote denial of service + +Category: core +Module: timed +Announced: 2001-03-12 +Credits: Discovered during internal source code auditing +Affects: All released versions of FreeBSD 3.x, 4.x. + FreeBSD 3.5-STABLE prior to the correction date. + FreeBSD 4.2-STABLE prior to the correction date. +Corrected: 2001-03-10 (FreeBSD 3.5-STABLE) + 2001-01-07 (FreeBSD 4.2-STABLE) +FreeBSD only: NO + +I. Background + +timed(8) is a server for the Time Synchronisation Protocol, for +synchronising the system clocks of multiple clients. + +II. Problem Description + +Malformed packets sent to the timed daemon could cause it to crash, +thereby denying service to clients if timed is not run under a +watchdog process which causes it to automatically restart in the event +of a failure. The timed daemon is not run in this way in the default +invocation from /etc/rc.conf using the timed_enable variable. + +The timed daemon is not enabled by default, and its use is not +recommended (FreeBSD includes ntpd(8), the network time protocol +daemon, which provides superior functionality). + +All versions of FreeBSD 3.x and 4.x prior to the correction date +including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this +problem, if they have been configued to run timed. It was corrected +prior to the forthcoming release of FreeBSD 4.3. + +III. Impact + +Remote users can cause the timed daemon to crash, denying service to +clients. + +IV. Workaround + +Implement packet filtering at perimeter firewalls or on the local +machine using ipfw(8)/ipf(8) to prevent untrusted users from +connecting to the timed service. The timed daemon listens on UDP port +525 by default. + +V. Solution + +Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE +after the respective correction dates. + +To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:28/timed.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:28/timed.patch.asc + +This patch has been verified to apply to FreeBSD 4.2-RELEASE and +FreeBSD 3.5.1-RELEASE. It may or may not apply to older releases. + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/usr.sbin/timed/timed +# patch -p < /path/to/patch +# make depend && make all install + +Kill and restart timed to cause the changes to take effect. If you +have started timed with non-standard options (e.g. by setting +timed_flags in /etc/rc.conf) then the below command will need to be +modified appropriately. + +# killall -KILL timed +# /usr/sbin/timed + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOq1emVUuHi5z0oilAQEYEwP/cPNMQO7LjlEs2/MyxJwVKpQLRzmprJjQ +i2QpXEvkZgXSxAcIh15jNsR1TPwUnzCRWHZ5touw0DxTbTbMsnzRVx0/P5jGmQCT +6n5Z11puyEg336zET+tGhVnEt9Ybm7Z/h7Et+njVRTVqbe2AtpFeSbI5NXlZCgs6 +ZUYxdLUhfPM= +=Dw88 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:29.rwhod.asc b/share/security/advisories/FreeBSD-SA-01:29.rwhod.asc new file mode 100644 index 0000000000..56de22964c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:29.rwhod.asc @@ -0,0 +1,88 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:29 Security Advisory + FreeBSD, Inc. + +Topic: rwhod allows remote denial of service + +Category: core +Module: rwhod +Announced: 2001-03-12 +Credits: Mark Huizer +Affects: All released versions of FreeBSD 3.x, 4.x. + FreeBSD 3.5-STABLE prior to the correction date. + FreeBSD 4.2-STABLE prior to the correction date. +Corrected: 2000-12-23 (FreeBSD 3.5-STABLE) + 2000-12-22 (FreeBSD 4.2-STABLE) +FreeBSD only: NO + +I. Background + +rwhod(8) is a server which implements the rwho protocol, which +communicates information on system uptime and logged-in users between +machines on a network. + +II. Problem Description + +Malformed packets sent to the rwhod daemon could cause it to crash, +thereby denying service to clients if rwhod is not run under a +watchdog process which causes it to automatically restart in the event +of a failure. The rwhod daemon is not run in this way in the default +invocation from /etc/rc.conf using the rwhod_enable variable. + +All versions of FreeBSD 3.x and 4.x prior to the correction date +including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this +problem, if they have been configued to run rwhod (this is not enabled +by default). + +III. Impact + +Remote users can cause the rwhod daemon to crash, denying service to +clients. + +IV. Workaround + +Implement packet filtering at perimeter firewalls or on the local +machine using ipfw(8)/ipf(8) to prevent untrusted users from +connecting to the rwhod service. The rwhod daemon listens on UDP port +513 by default. + +V. Solution + +Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE +after the respective correction dates. + +To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:29/rwhod.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:29/rwhod.patch.asc + +This patch has been verified to apply to FreeBSD 4.2-RELEASE and +FreeBSD 3.5.1-RELEASE. It may or may not apply to older releases. + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/usr.sbin/rwhod +# patch -p < /path/to/patch +# make depend && make all install + +Kill and restart rwhod to cause the changes to take effect. If you +have started rwhod with non-standard options (e.g. by setting +rwhod_flags in /etc/rc.conf) then the below command will need to be +modified appropriately. + +# killall -KILL rwhod +# /usr/sbin/rwhod + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOq1fmlUuHi5z0oilAQG05QP/bQpUXpXc+X3/k/jbqgxjNOXwfzYRwNph +trCjRBKDKZrBGvlS2mTSbyisn6Rcv5PhigVAmU7sllrrXmYDCuMjNoMQqIhRwMax +ojaklsg6F8rX3zNwUlaQp45ZYiJ9Zi34kkRRnZQ5oAFciS6I/3tYnP9t0Sedbbsi +V/na+hI/Gtk= +=TskQ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:30.ufs-ext2fs.asc b/share/security/advisories/FreeBSD-SA-01:30.ufs-ext2fs.asc new file mode 100644 index 0000000000..62fb1c5da7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:30.ufs-ext2fs.asc @@ -0,0 +1,90 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:30 Security Advisory + FreeBSD, Inc. + +Topic: UFS/EXT2FS allows disclosure of deleted data + +Category: kernel +Module: ufs/ext2fs +Announced: 2001-03-22 +Credits: Sven Berkvens , Marc Olzheim +Affects: All released versions of FreeBSD 3.x, 4.x. + FreeBSD 3.5-STABLE prior to the correction date. + FreeBSD 4.2-STABLE prior to the correction date. +Corrected: 2000-12-22 (FreeBSD 3.5-STABLE) + 2000-12-22 (FreeBSD 4.2-STABLE) +FreeBSD only: NO + +I. Background + +UFS is the Unix File System, used by default on FreeBSD systems and +many other UNIX variants. EXT2FS is a filesystem used by default on +many Linux systems, which is also available on FreeBSD. + +II. Problem Description + +There exists a data consistency race condition which allows users to +obtain access to areas of the filesystem containing data from deleted +files. The filesystem code is supposed to ensure that all filesystem +blocks are zeroed before becoming available to user processes, but in +a certain specific case this zeroing does not occur, and unzeroed +blocks are passed to the user with their previous contents intact. +Thus, if the block contains data which used to be part of a file or +directory to which the user did not have access, the operation results +in unauthorized access of data. + +All versions of FreeBSD 3.x and 4.x prior to the correction date +including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this +problem. This problem is not specific to FreeBSD systems and is +believed to exist on many filesystems. + +This problem was corrected prior to the forthcoming release of FreeBSD +4.3. + +III. Impact + +Unprivileged users may obtain access to data which was part of deleted +files. + +IV. Workaround + +None appropriate. + +V. Solution + +Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE +after the respective correction dates. + +To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch.asc + +Verify the detached PGP signature using your PGP utility. + +This patch has been verified to apply against FreeBSD 3.5.1-RELEASE, +FreeBSD 4.1.1-RELEASE and FreeBSD 4.2-RELEASE. It may or may not +apply to older, unsupported releases. + +# cd /usr/src +# patch -p < /path/to/patch + +Rebuild and reinstall your kernel as described in the FreeBSD handbook +at the following URL: + + http://www.freebsd.org/handbook/kernelconfig.html + +and reboot for the changes to take effect. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOrpp2lUuHi5z0oilAQEXFwQAjIKJPtcwJOW2nyLkkIl9Ma59xpuOWEHL +gZr7KQ6xi2KVH8D6Jztt8gaF+Qb3HRyq8BQUzqL20f+O8yfr8IyX0w5OWu1VkEYu +ctKKwhMRtd+Cc4L9Y56Ck3DhK5CgDwCVUlThNShR8/omKFd+pWulYcaIdKwTzZIe +aCnSgvTvAHU= +=Jn5m +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:31.ntpd.asc b/share/security/advisories/FreeBSD-SA-01:31.ntpd.asc new file mode 100644 index 0000000000..64be9ab2c3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:31.ntpd.asc @@ -0,0 +1,160 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:31 Security Advisory + FreeBSD, Inc. + +Topic: ntpd contains potential remote compromise + +Category: core/ports +Module: ntpd +Announced: 2001-04-06 +Credits: Przemyslaw Frasunek +Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases), + FreeBSD 3.5-STABLE and 4.2-STABLE prior to the + correction date. + Ports collection prior to the correction date. +Corrected: 2001-04-06 (FreeBSD 4.2-STABLE, 3.5-STABLE, and ports) +Vendor status: Vendor notified. +FreeBSD only: NO + +I. Background + +The ntpd daemon is an implementation of the Network Time Protocol +(NTP) used to synchronize the time of a computer system to a +reference time source. Older versions of ntpd, such as those in +FreeBSD 3.x, were named xntpd. + +II. Problem Description + +An overflowable buffer exists in the ntpd daemon related to the +building of a response for a query with a large readvar argument. +Due to insufficient bounds checking, a remote attacker may be able +to cause arbitrary code to be executed as the user running the +ntpd daemon, usually root. + +All versions of FreeBSD prior to the correction date, including +FreeBSD 3.5.1 and 4.2, and versions of the ntpd port prior to +ntp-4.0.99k_2 contain this problem. The base system and ports +collections that will ship with FreeBSD 4.3 do not contain this +problem since it was corrected before the release. + +III. Impact + +Malicious remote users may be able to execute arbitrary code on an +ntpd server as the user running the ntpd daemon, usually root. + +The ntpd daemon is not enabled by default. If you have not enabled +ntpd, your system is not vulnerable. + +IV. Workaround + +Disable the ntpd daemon using the following command: + +# kill -KILL `cat /var/run/ntpd.pid` + +Additionally, the ntpd daemon should be disabled in the system's +startup configuration file /etc/rc.conf, normally accomplished by +changing "xntpd_enable=YES" to "xntpd_enable=NO". + +Since NTP is a stateless UDP-based protocol, source addresses can be +spoofed rendering firewalling ineffective for stopping this +vulnerability. + +V. Solution + +[Base system] + +One of the following: + +1) Upgrade to FreeBSD 4.2-STABLE or 3.5.1-STABLE after the correction +date. + +2) Download the patch and detached PGP signature from the following +location: + +The following patch applies to FreeBSD 4.x. + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:31/ntpd-4.x.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:31/ntpd-4.x.patch.asc + +The folllowing patch applies to FreeBSD 3.x. + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:31/ntpd-3.x.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:31/ntpd-3.x.patch.asc + +Verify the detached signature using your PGP utility. + +Issue the following commands as root: + +[FreeBSD 4.x] + +# cd /usr/src +# patch -p < /path/to/patch +# cd /usr/src/usr.sbin/ntp +# make all install + +[FreeBSD 3.x] + +# cd /usr/src +# patch -p < /path/to/patch +# cd /usr/src/usr.sbin/xntpd +# make all install + +Finally, if ntpd is already running then kill and restart the ntpd +daemon: perform the following command as root: + +# kill -KILL `cat /var/run/ntpd.pid` && /usr/sbin/ntpd + +[Ports collection] + +Use one of the following options to upgrade the ntpd software, then +kill and restart the ntpd daemon if it is already running. + +To kill and restart the ntpd daemon, perform the following command as +root: + +# kill -KILL `cat /var/run/ntpd.pid` && /usr/local/sbin/ntpd + +1) Upgrade your entire ports collection and rebuild the ntpd port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/ntp-4.0.99k_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ntp-4.0.99k_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/ntp-4.0.99k_2.tgz + +NOTE: It may be several days before updated packages are available. + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the ntpd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBOs5Oi1UuHi5z0oilAQGb+QP+MqTyEGJBziGnw2gHwAnK3lAaMFyKurBc +cgpm61uWpOBsTnJGJ9t5uI3IGPjxsjjmyZR2ONYMIUCRC2b6MA21oEsenD3F8Jeu +UphzKdv9IswnSkZFRI5v0PoFtUOKihDU1SLfp2DKjJel8HralhYuDiCOQ/pIpGCj +emIKnwcGVu4= +=FTKv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:32.ipfilter.asc b/share/security/advisories/FreeBSD-SA-01:32.ipfilter.asc new file mode 100644 index 0000000000..e3cc8960af --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:32.ipfilter.asc @@ -0,0 +1,108 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:32 Security Advisory + FreeBSD, Inc. + +Topic: IPFilter may incorrectly pass packets [REVISED] + +Category: core +Module: IPFilter +Announced: 2001-04-16 +Revised: 2001-04-19 +Credits: Thomas Lopatic +Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases), + FreeBSD 3.5-STABLE, and 4.2-STABLE prior to the + correction date. +Corrected: 2001-04-07 (FreeBSD 4.2-STABLE) +Vendor status: Corrected +FreeBSD only: NO + +0. Revision History + +v1.0 2001-04-16 Initial release +v1.1 2001-04-19 Corrected patch location + +I. Background + +IPFilter is a multi-platform packet filtering package. + +II. Problem Description + +When matching a packet fragment, insufficient checks were performed +to ensure the fragment is valid. In addition, the fragment cache is +checked before any rules are checked. Even if all fragments are +blocked with a rule, fragment cache entries can be created by +packets that match currently held state information. Because of +these discrepancies, certain packets may bypass filtering rules. + +All versions of FreeBSD prior to the correction date, including +FreeBSD 3.5.1 and 4.2, contain this problem. The base system that +will ship with FreeBSD 4.3 does not contain this problem since it +was corrected during the beta cycle before the release. + +III. Impact + +Malicious remote users may be able to bypass filtering rules, allowing +them to potentially circumvent the firewall. + +IPFilter is not enabled by default. If you have not enabled IPFilter, +your system is not vulnerable to this problem. + +IV. Workaround + +Since fragment cache matching occurs before filtering rules checking, +it is not possible to work around this problem using IPFilter rules. + +V. Solution + +[FreeBSD 3.x] + +Due to the age of the IPFilter package shipped with FreeBSD 3.x, it +is recommended that FreeBSD 3.x systems update to IPFilter 3.4.17 +using the package available from the authors website: +http://coombs.anu.edu.au/~avalon/ip-filter.html + +[FreeBSD 4.x] + +One of the following: + +1) Upgrade to FreeBSD 4.2-STABLE after the correction date. + +2) Download the patch and detached PGP signature from the following +location: + +The following patch applies to FreeBSD 4.1-RELEASE through 4.2-STABLE. + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:32/ipfilter.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:32/ipfilter.patch.asc + +Verify the detached signature using your PGP utility. + +Issue the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch + +If the system is using ipfilter as a kernel module, the module may be +rebuilt and installed and ipfilter rules reloaded with the following +commands: + +# cd /usr/src/sys/modules/ipfilter +# make all install +# kldunload ipl && kldload ipf && ipf -Fa -f /etc/ipf.rules + +Otherwise, if ipfilter is compiled into the kernel, a new kernel will +need to be compiled and installed and the system will have to be +rebooted for the changes to take effect. + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOt860lUuHi5z0oilAQF3YAP/QjuLc+e2gGAiuQSxfi9wE5Kw9Q4pYp66 +SNFxhz1cvfg/zfCe81bM3+M/GYDAZEqrmWsfvObKXuU+8BCMeJ/C+Jifu+P6hO4K +galMavQ5UTzwnw4lwK4VU/D7zefX5HHOXk0jb/Q6DFs/4KKIFCmGHoBYhuGKbwm0 +soEQYwDEAps= +=nkCa +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:33.ftpd-glob.asc b/share/security/advisories/FreeBSD-SA-01:33.ftpd-glob.asc new file mode 100644 index 0000000000..0fb5739a61 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:33.ftpd-glob.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:33 Security Advisory + FreeBSD, Inc. + +Topic: globbing vulnerability in ftpd [REVISED] + +Category: core +Module: ftpd/libc +Announced: 2001-04-17 +Revised: 2001-04-19 +Credits: John McDonald and Anthony Osborne, COVERT Labs +Affects: FreeBSD 3.x (all releases), FreeBSD 4.x (all releases), + FreeBSD 3.5-STABLE and 4.3-RC prior to the + correction date. +Corrected: 2001-04-17 (FreeBSD 4.3-RC) + 2001-04-17 (FreeBSD 3.5-STABLE) +Vendor status: Corrected +FreeBSD only: NO + +0. Revision History + +2001-04-17 v1.0 Initial release +2001-04-19 v1.1 Corrected patch and patch instructions + +I. Background + +Numerous FTP daemons, including the daemon distributed with FreeBSD, +use server-side globbing to expand pathnames via user input. This +globbing is performed by FreeBSD's glob() implementation in libc. + +II. Problem Description + +The glob() function contains potential buffer overflows that may be +exploitable through the FTP daemon. If a directory with a name of +a certain length is present, a remote user specifying a pathname +using globbing characters may cause arbitrary code to be executed +on the FTP server as user running ftpd, usually root. + +Additionally, when given a path containing numerous globbing +characters, the glob() functions may consume significant system +resources when expanding the path. This can be controlled by +setting user limits via /etc/login.conf and setting limits on +globbing expansion. + +All versions of FreeBSD prior to the correction date, including +FreeBSD 3.5.1 and 4.2 contain this problem. The base system that +will ship with FreeBSD 4.3 does not contain this problem since it +was corrected before the release. + +III. Impact + +Remote users may be able to execute arbitrary code on the FTP server +as the user running ftpd, usually root. + +The FTP daemon supplied with FreeBSD is enabled by default to allow +access to authorized local users and not anonymous users, thus +limiting the impact to authorized local users. + +IV. Workaround + +If the FTP daemon is executed from inetd, disable the FTP daemon by +commenting out the ftp line in /etc/inetd.conf, then reload the +inetd configuration by executing the following command as root: + +# killall -HUP inetd + +V. Solution + +One of the following: + +1) Upgrade to FreeBSD 4.3-RC or 3.5.1-STABLE after the correction +date. + +2) Download the patch and detached PGP signature from the following +location: + +The following patch applies to FreeBSD 4.x: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch.asc + +The following patch applies to FreeBSD 3.x: + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch.asc + +Verify the detached signature using your PGP utility. + +Issue the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch +# cp /usr/src/include/glob.h /usr/include/ +# cd /usr/src/lib/libc +# make all install +# cd /usr/src/libexec/ftpd +# make all install + +If the FTP daemon is running standalone, it will have to be manually +stopped and restarted. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOt83elUuHi5z0oilAQGvLwP+Mg6yScJhgTuGnJ1037opvwPEbKb0JWF4 +CuC8lKB0xV3BMQhQ8BRC3RVJWptFDv8qlWxW7kCyiuYk19oS8IUsllvwD6uftHZI +iph5TF3F37DNiE2lEp4T5/VSPqkEaYoV0Iu9+S43V7M2dPWVPS4tziPQamtBupdQ +OhsFSsEGgVU= +=AV6T +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:34.hylafax.asc b/share/security/advisories/FreeBSD-SA-01:34.hylafax.asc new file mode 100644 index 0000000000..5ef959f5fb --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:34.hylafax.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:34 Security Advisory + FreeBSD, Inc. + +Topic: hylafax contains local compromise + +Category: ports +Module: hylafax +Announced: 2001-04-23 +Credits: Marcin Dawcewicz +Affects: Ports collection prior to the correction date. +Corrected: 2001-04-17 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +HylaFAX is a facsimile system for UNIX systems. + +II. Problem Description + +The hylafax port, versions prior to hylafax-4.1.b2_2, contains a +format string bug in the hfaxd program. A local user may execute +the hfaxd program with command-line arguments containing format string +characters, potentially gaining root privileges on the local system. + +The hylafax port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 5000 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. +The ports collection that shipped with FreeBSD 4.3 is not vulnerable +since this problem was corrected prior to the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local users may gain root privileges on the local system. + +If you have not chosen to install the hylafax port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the hylafax port/package if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the hylafax port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/comms/hylafax-4.1.b2_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/comms/hylafax-4.1.b2_2.tgz + +NOTE: it may be several days before updated packages are available. + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the hylafax port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBOuTqs1UuHi5z0oilAQEWwgQAlhOuE800ddI0J9hiGsQKli2LJyQ18ObQ +w0/rdjahJDkOLrx5IGlFe9M1IzjbeXauYT6TUnaOxfwMo58bUy1T7QZ9ROUYzE39 +DzrN1JmjcTshG3HdgsdVfSwjQirYpN6uvRVWQx6ncMpuN5bSw3RZ3ci4WH/LsKty +tZ9P/gD6bAs= +=EFP3 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:35.licq.asc b/share/security/advisories/FreeBSD-SA-01:35.licq.asc new file mode 100644 index 0000000000..62312d1378 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:35.licq.asc @@ -0,0 +1,100 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:35 Security Advisory + FreeBSD, Inc. + +Topic: licq contains multiple remote vulnerabilities + +Category: ports +Module: licq +Announced: 2001-04-23 +Credits: Stan Bubrouski +Affects: Ports collection prior to the correction date. +Corrected: 2001-03-13 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +licq is an ICQ client. + +II. Problem Description + +The licq port, versions prior to 1.0.3, contains a vulnerability in +URL parsing. URLs received by the licq program are passed to the +web browser using the system() function. Since licq performs no +sanity checking, a remote attacker may be able to pipe commands +contained in the URL causing the client to execute arbitrary +commands. Additionally, the licq program also contains a buffer +overflow in the logging functions allowing a remote attacker to +cause licq to crash and potentially execute arbitbrary code on the +local machine as the user running licq. + +The licq port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 5000 third-party applications in a ready-to-install format. The +ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this +problem since it was discovered after the releases. The ports +collection that shipped with FreeBSD 4.3 is not vulnerable since this +problem was corrected prior to the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote attackers may be able to crash licq or execute arbitrary +commands on the local machine as the user running the licq program. + +If you have not chosen to install the licq port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the licq port/package if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the licq port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/licq-1.0.3.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/licq-1.0.3.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the licq port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBOuTqtFUuHi5z0oilAQGRMAQAkun9z8bA3ZGNHt0MjYrFdjFCg8EWZ4H6 +3e7pQxTXJktJkI6NgNVqycjezo4PMrTI5BOm8wMjnCpElI0sapZdf5mso65iJd8D +WOrQYGsPA4//1tjv7P/VAtc61k53kr0HzwvZbczwbhiQqkEKFxxN4kyRuF4f9eQ1 +dFkYSVA+kVg= +=J8Cm +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:36.samba.asc b/share/security/advisories/FreeBSD-SA-01:36.samba.asc new file mode 100644 index 0000000000..3bde85466b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:36.samba.asc @@ -0,0 +1,106 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:36 Security Advisory + FreeBSD, Inc. + +Topic: samba ports contain locally exploitable /tmp races + +Category: ports +Module: samba +Announced: 2001-04-23 +Credits: Marcus Meissner +Affects: Ports collection prior to the correction date. +Corrected: 2001-04-18 +Vendor status: Updated version released +FreeBSD only: No + +I. Background + +Samba is an implementation of the Server Message Block (SMB) +protocol. + +II. Problem Description + +The samba ports, versions prior to samba-2.0.8 and samba-devel-2.2.0, +contain /tmp races that may allow local users to cause arbitrary +files and devices to be overwritten. Due to easily predictable +printer queue cache file names, local users may create symbolic links +to any file or device causing it to be corrupted when a remote user +accesses a printer. In addition, the file will be left with world- +writable permission allowing any user to enter their own data. + +The samba ports are not installed by default, nor are they "part of +FreeBSD" as such: they are part of the FreeBSD ports collection, which +contains over 5000 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 +contain this problem since it was discovered after the releases. +The ports collection that shipped with FreeBSD 4.3 is not vulnerable +since this problem was corrected prior to the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users may cause arbitrary files or devices to be +corrupted and gain increased privileges on the local system. + +If you have not chosen to install the samba ports/packages, then +your system is not vulnerable to this problem. + +Samba servers that do not have any printers configured are not +vulnerable. + +IV. Workaround + +Deinstall the samba port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the samba port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.0.8.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.0.8.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-devel-2.2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-devel-2.2.0.tgz + +NOTE: it may be several days before updated packages are available. + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the samba from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBOuTqtVUuHi5z0oilAQEaFAQAlriJxzRK8s/UnIJliIIGqZgdp+bTiKfs +XV66+DD0+RZtWcsjPx5imCCfsWJgdurq9JpM6iWYJCir34wargJygpZRWSU/Pnov +yKw2IrNbOVkp4ASRbXCqLm+Z6WZKXhbJN+f/8N+ts2XVk+QJrZWzCRqa1ynyx1I1 +MpvXhM9lTvk= +=qspP +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:37.slrn.asc b/share/security/advisories/FreeBSD-SA-01:37.slrn.asc new file mode 100644 index 0000000000..2c6c89be7c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:37.slrn.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:37 Security Advisory + FreeBSD, Inc. + +Topic: slrn contains remotely-exploitable buffer overflow + +Category: ports +Module: slrn +Announced: 2001-04-23 +Credits: Bill Nottingham +Affects: Ports collection prior to the correction date. +Corrected: 2001-04-04 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +slrn is a slang-based NNTP news reader. + +II. Problem Description + +The slrn port, versions prior to slrn-0.9.7.0, contains a buffer +overflow in the wrapping/unwrapping functions of message header +parsing. If a sufficiently long header is parsed, a buffer may +overflow allowing the execution of arbitrary code contained in a +message header as the user running the slrn program. + +The slrn port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 5000 third-party applications in a ready-to-install format. The +ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this +problem since it was discovered after the releases. The ports +collection that shipped with FreeBSD 4.3 is not vulnerable since this +problem was corrected prior to the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Arbitrary code may be executed on the local machine as the user +running the slrn program. + +If you have not chosen to install the slrn port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the slrn port/package, it you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the slrn port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/news/slrn-0.9.7.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/news/slrn-0.9.7.0.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the slrn port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBOuTqtVUuHi5z0oilAQHqsAP+PEzZ8FPPCrKKKDGP7gACN77r5dbbE9LF +MYSVGp2Z2+vwSysJG2BOtyNrrKlUhaKTLAoWZF+7ytV9ujli+bI06R2iYoe5SqMM +a7K1N1XKNvXdvq1nYjDuawIzJzl9b2B8XavPFEtwkkxDVAtq2ODKTabAtllrNnfV +hD4HsUzFMRI= +=al4w +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:38.sudo.asc b/share/security/advisories/FreeBSD-SA-01:38.sudo.asc new file mode 100644 index 0000000000..59a6f9f02e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:38.sudo.asc @@ -0,0 +1,95 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:38 Security Advisory + FreeBSD, Inc. + +Topic: sudo contains local buffer overflow + +Category: ports +Module: sudo +Announced: 2001-04-23 +Credits: Chris Wilson +Affects: Ports collection prior to the correction date. +Corrected: 2001-03-07 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +sudo is a program that allowss a sysadmin to give limited root +privileges to users and logs root activity. + +II. Problem Description + +The sudo port, versions prior to sudo-1.6.3.7, contains a local +command-line buffer overflow allowing a local user to potentially +gain increased privileges on the local system. + +The sudo port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 5000 third-party applications in a ready-to-install format. The +ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this +problem since it was discovered after the releases. The ports +collection that shipped with FreeBSD 4.3 is not vulnerable since this +problem was corrected prior to the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Local users may potentially gain increased privileges on the local +system. + +If you have not chosen to install the sudo port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the sudo port/package if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the sudo port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/sudo-1.6.3.7.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/sudo-1.6.3.7.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the sudo port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.4 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBOuTqtlUuHi5z0oilAQGsKQP9HXFq79DNvBXkV+03EadLPoJV1gwzG2lp +KCJeMOhMc2pKgPcGIxMQ9bmLC7gI+xkr2XrjEpsUnYHCoBS2F7Jd9gKQZNLvGqVy +r2hCiTKcg1rObIYML4cghlo12Ppe7saxXszBmNa4VnHZwC4ksuREvZWJc+jKJ5oz +zybz712C8iQ= +=CQtP +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:39.tcp-isn.asc b/share/security/advisories/FreeBSD-SA-01:39.tcp-isn.asc new file mode 100644 index 0000000000..7049616b69 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:39.tcp-isn.asc @@ -0,0 +1,236 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:39 Security Advisory + FreeBSD, Inc. + +Topic: TCP initial sequence number generation contains + statistical vulnerability + +Category: core +Module: kernel +Announced: 2001-05-02 +Credits: Tim Newsham + Niels Provos for the revised algorithm +Affects: All released versions of FreeBSD 3.x, 4.x prior to 4.3. + FreeBSD 3.5-STABLE prior to the correction date. + FreeBSD 4.2-STABLE prior to the correction date. +Corrected: 2001-05-02 (FreeBSD 3.5-STABLE) + 2001-04-18 (FreeBSD 4.3-RC) +FreeBSD only: NO + +I. Background + +TCP network connections use an initial sequence number as part of the +connection handshaking. According to the TCP protocol, an +acknowledgement packet from a remote host with the correct sequence +number is trusted to come from the remote system with which an +incoming connection is being established, and the connection is +established. + +II. Problem Description + +It has long been known that an attacker who can guess the initial +sequence number which a system will use for the next incoming TCP +connection can spoof a TCP connection handshake coming from a machine +to which he does not have access, and then send arbitrary data into +the resulting TCP connection which will be accepted by the server as +coming from the spoofed machine. + +The algorithm used to generate TCP initial sequence numbers was +subject to statistical analysis, which allows an attacker to guess a +range of values likely to be in use by a given server at a moment in +time, based on observation of the value at a previous time (for +example, by initiating a TCP connection to an open port on the +server). + +Note that this vulnerability is different to the vulnerability +described in Security Advisory 00:52 (which dealt with failure of the +PRNG used in the ISN generation algorithm; this advisory relates to a +higher-level weakness in the algorithm itself). + +In order for this to be successfully exploited, the attacker must also +satisfy the following conditions: + +a) be able to initiate a TCP connection to an open port on the server. + +b) be able to prevent the spoofed client machine from responding to +the packets sent to it from the server, by making use of an address +which is offline or by executing a denial of service attack against +it to prevent it from responding. + +c) make use of an application-level protocol on the server which +authenticates or grants trust solely based on the IP address of the +client, not any higher-level authentication mechanisms such as a +password or cryptographic key. + +d) be able to guess or infer the return TCP data from the server to +the spoofed client (if any), to which he will not have access. + +All versions of FreeBSD 3.x and 4.x prior to the correction date +including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this +problem. The problem was corrected prior to the release of FreeBSD +4.3-RELEASE by using the TCP ISN generation algorithm obtained from +OpenBSD, which uses a more sophisticated randomization method that is +believed not to be vulnerable to the problem described here. + +A more satisfactory, long-term solution would be to implement the +algorithm described in RFC 1948; plans are underway to implement this +algorithm for FreeBSD, and it is likely that it will be included in +future releases of FreeBSD. + +III. Impact + +Systems running insecure protocols which blindly trust a TCP +connection which appears to come from a given IP address without +requiring other authentication of the originator are vulnerable to +spoofing by a remote attacker, potentially yielding privileges or +access on the local system. + +Examples of such protcols and services are: the rlogin/rsh/rexec +family when used to grant passwordless access (e.g. via .rhosts or +hosts.equiv files); web server address-based access controls on +scripts which do not require user authentication and which control +privileged resources; tcp-wrappers host access controls around +services which do not authenticate the connection further; lpr +address-based access controls, and others. + +Note that the rlogin family of protocols when configured to use +Kerberos or UNIX passwords are not vulnerable to this attack since +they authenticate connections (using Kerberos tickets in the former +case, and account passwords in the latter). Source address based +authentication in the rlogin family of protocols is not used by +default, and must be specifically enabled through use of a per-user +.rhosts file, or a global /etc/hosts.equiv file. + +Attackers can also forge TCP connections to arbitrary TCP protocols +(including protocols not vulnerable to the spoofing attack described +above) and simulate the effects of failed remote access attempts from +a target machine (e.g. repeated attempts to guess a password), +potentially misleading the administrators of the server into thinking +they are under attack from the spoofed client. + +IV. Workaround + +Possible workarounds for the vulnerability include one or more of the +following: + +1) Disable all insecure protocols and services including rlogin, rsh +and rexec (if configured to use address-based authentication), or +reconfigure them to not authenticate connections based solely on +originating address. In general, the rlogin family should not be used +anyway - the ssh family of commands (ssh, scp, slogin) provide a +secure alternative which is included in FreeBSD 4.0 and above. As of +FreeBSD 4.2-RELEASE these services were not enabled by default. + +To disable the rlogin family of protocols, make sure the +/etc/inetd.conf file does not contain any of the following entries +uncommented (i.e. if present in the inetd.conf file they should be +commented out as shown below:) + +#shell stream tcp nowait root /usr/libexec/rshd rshd +#login stream tcp nowait root /usr/libexec/rlogind rlogind +#exec stream tcp nowait root /usr/libexec/rexecd rexecd + +Be sure to restart inetd by sending it a HUP signal after making any +changes: + +# kill -HUP `cat /var/run/inetd.pid` + +Audit the use of other services including those noted in section III +above and either disable the service, or if possible require it to use +a stronger form of authentication. See workaround 3) below. + +2) Impose IP-level packet filters on network perimeters (ingress +filtering) or on local affected machines to prevent access from any +outside party to a vulnerable internal service using a "privileged" +source address. For example, if machines on the internal 10.0.0.0/24 +network are allowed to obtain passwordless rlogin access to a server, +then external users should be prevented from sending packets with +10.0.0.0/24 source addresses from the outside network into the +internal network. This is standard good security policy. Note +however that if an external address must be granted access to local +resources then this type of filtering cannot be applied. It also does +not defend against spoofing attacks from within the network perimeter. +Consider disabling this service until the affected machines can be +patched. + +3) Enable the use of IPSEC to authenticate (and/or encrypt) vulnerable +TCP connections at the IP layer. A system which requires authenticaion +of all incoming connections to a port using IPSEC cannot be spoofed +using the attack described in this advisory, nor can TCP sessions be +hijacked by an attacker with access to the packet stream. FreeBSD 4.0 +and later include IPSEC functionality in the kernel, and 4.1 and later +include an IKE daemon, racoon, in the ports collection. Configuration +of IPSEC is beyond the scope of this document, however see the +following web resources: + + http://www.freebsd.org/handbook/ipsec.html + http://www.netbsd.org/Documentation/network/ipsec/ + http://www.kame.net/ + +V. Solution + +Note that address-based authentication is generally weak, and should +be avoided even in environments running with the sequence numbering +improvements. Instead, cryptographically-protected protocols and +services should be used wherever possible. + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-RELEASE or +3.5.1-STABLE after the respective correction dates. + +2) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 4.1/4.2 base system] + +This patch has been verified to apply to FreeBSD 4.1 and 4.2 only. It +may or may not apply to older releases. Users of FreeBSD 4.1 must +apply the patch from advisory 00:52 before applying this patch. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-4.2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-4.2.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/sys/netinet +# patch -p < /path/to/patch + +[ Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system ] + +[FreeBSD 3.5.1 base system] + +The following patch applies to FreeBSD 3.5.1-RELEASE which has already +had the patch from advisory 00:52 applied. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-stable.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-stable.patch.asc + +The following patch applies to unpatched FreeBSD 3.5.1-RELEASE only. +It may or may not apply to older, unsupported releases. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-rel.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-rel.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/sys/netinet +# patch -p < /path/to/patch + +[ Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system ] +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.5 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBOvB10FUuHi5z0oilAQETgAP/T7SbJS12PBczn9SRWPQ5exuZYMoj1VxR +BJmeTafE1x3kBP195JkW3dF4klWynIgVakNtIndIH+pJvfBPe7Mo8PclKqRjEE2S +JLGtPFPq7bYp0/tyaFy6wm26cLPye4/3x6qLthC04/WZVI4rqg6nY1qoiKAUBu7Z +VFtFxTH+E/A= +=CkM7 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:40.fts.asc b/share/security/advisories/FreeBSD-SA-01:40.fts.asc new file mode 100644 index 0000000000..d75210b4ac --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:40.fts.asc @@ -0,0 +1,171 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:40 Security Advisory + FreeBSD, Inc. + +Topic: fts(3) routines contain race condition [REVISED] + +Category: core +Module: libc +Announced: 2001-06-04 +Revised: 2001-08-16 +Credits: Nick Cleaton + Todd Miller helped to develop the + patch. +Affects: FreeBSD 4.3-RELEASE, 4.3-STABLE prior to the correction + date. +Corrected: 2001-06-01 +FreeBSD only: NO + +0. Revision History + +2001-06-04 v1.0 Initial release +2001-08-16 v1.1 Corrected typo in recompilation instructions + +I. Background + +The standard C library (libc) contains a set of routines known as fts +which allow an application to recursively traverse a filesystem. + +II. Problem Description + +The fts routines are vulnerable to a race condition when ascending a +file hierarchy, which allows an attacker who has control over part of +the hierarchy into which fts is descending to cause the application to +ascend beyond the starting point of the file traversal, and enter +other parts of the filesystem. + +If the fts routines are being used by an application to perform +operations on the filesystem hierarchy, such as find(1) with a keyword +such as -exec or -delete, or rm(1) with the -r flag, these operations +can be incorrectly applied to files outside the intended hierarchy, +which may result in system damage or compromise. + +All versions of FreeBSD prior to the correction date including +4.3-RELEASE are vulnerable to this problem. + +III. Impact + +Local users may be able to remove or modify files on the local system +which are owned or writable by a user running a command that uses the +FTS routines in a vulnerable way. + +If the system administrator has enabled the daily_clean_tmps_enable +variable in /etc/periodic.conf, the find -delete command is run once +per day, allowing unauthorised removal of files on the system. This +option is not enabled by default. + +IV. Workaround + +None appopriate for the general vulnerability. The instance exposed +by the daily_clean_tmps_enable setting can be prevented by disabling +this switch in /etc/periodic.conf, if it has been enabled. + +V. Solution + +One of the following: + +1) As of FreeBSD 4.3-RELEASE, we have introduced a new ``security fix +CVS branch'' which contains security fixes only, which can be tracked +using the standard FreeBSD tools (cvsup/CVS/etc). The branch name is +``RELENG_4_3''. Upgrade your vulnerable FreeBSD system to the +RELENG_4_3 branch after the correction date. + +2) Upgrade your vulnerable FreeBSD system to 4.3-STABLE after the +correction dates. + +3) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 4.3 base system] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:40/fts.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:40/fts.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/lib/libc +# patch -p < /path/to/patch +# make depend && make all install +# cd /usr/src/lib/libc_r +# make depend && make all install +# cd /usr/src/bin/chmod +# make depend && make all install +# cd /usr/src/bin/cp +# make depend && make all install +# cd /usr/src/bin/ls +# make depend && make all install +# cd /usr/src/bin/pax +# make depend && make all install +# cd /usr/src/bin/rm +# make depend && make all install +# cd /usr/src/usr.bin/chflags +# make depend && make all install +# cd /usr/src/usr.bin/du +# make depend && make all install +# cd /usr/src/usr.bin/find +# make depend && make all install +# cd /usr/src/libexec/ftpd +# make depend && make all install +# cd /usr/src/usr.sbin/chown +# make depend && make all install +# cd /usr/src/usr.sbin/ckdist +# make depend && make all install +# cd /usr/src/usr.sbin/ctm +# make depend && make all install +# cd /usr/src/usr.sbin/mtree +# make depend && make all install +# cd /usr/src/usr.sbin/pkg_install +# make depend && make all install + +This patch has been verified to apply to FreeBSD 4.3-RELEASE and +4.2-RELEASE; it may or may not apply to older, unsupported versions of +FreeBSD. + +4) An experimental upgrade package is available for adventurous users +who wish to provide testing and feedback on the binary upgrade +process. This package may be installed on FreeBSD 4.3-RELEASE systems +only, and is intended for use on systems for which source patching is +not practical or convenient. + +Since this is the first binary upgrade package produced for the +FreeBSD base system, it is not recommended that this be used on +production systems without first being tested on a scratch machine; +since the package replaces critical system files, a failed upgrade can +leave a system in an unusable state. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patch state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:40/security-patch-fts-01.40.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:40/security-patch-fts-01.40.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +Bring the system down to single-user mode; this package should not be +installed from multi-user mode. If it desired to remove the package +at a later date, you should again do so from single-user mode. + +# shutdown now +# pkg_add security-patch-fts-01.40 + +Follow the directions given after the installation of the package to +complete the system upgrade. + +To bring the system back up to multi-user mode, type the following +command: + +# exit +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO3y5tFUuHi5z0oilAQF6PwP/fFXgo2bL/IlDleuWCQsVB/C1By8QPL5J +Z0Hi4yl28Z8hEGRTI8qK2UXIliskU+ixlD0j9N6yxJDe17KIY/4w3gGJGsux3J7j +TSHXZOfsX0CE61Jssm9kUpOzilwJBOhRvii0BSso7njtVIQpFpWBgIMne+lNluFe +S7SZsk6sqgg= +=K6yG +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:41.hanterm.asc b/share/security/advisories/FreeBSD-SA-01:41.hanterm.asc new file mode 100644 index 0000000000..8068b096bb --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:41.hanterm.asc @@ -0,0 +1,105 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:41 Security Advisory + FreeBSD, Inc. + +Topic: hanterm ports allow local root compromise + +Category: ports +Module: ko-hanterm, ko-hanterm-xf +Announced: 2001-07-09 +Credits: ksecurity@iland.co.kr +Affects: Ports collection prior to the correction date. +Corrected: 2001-05-29 +Vendor status: Contacted +FreeBSD only: NO + +I. Background + +hanterm is a modified version of xterm which supports Korean language +entry and display. It is included in the FreeBSD ports collection in +two versions: ko-hanterm and ko-hanterm-xf. + +II. Problem Description + +The hanterm binary is installed with setuid root permissions, but +contains insecure code which allows unprivileged local users to obtain +root access on the local system. + +The hanterm ports are not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 5400 third-party applications in a ready-to-install +format. The ports collections shipped with FreeBSD 4.3 contain this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Unprivileged local users can obtain root access on the local system. + +If you have not chosen to install the ko-hanterm or ko-hanterm-xf +ports/packages, then your system is not vulnerable to this problem. + +IV. Workaround + +1) Deinstall the ko-hanterm and ko-hanterm-xf ports/packages, if you +have installed them. + +2) Remove the setuid root permission from the /usr/X11R6/bin/hanterm +file. Execute the following command as root: + +# chmod u-s /usr/X11R6/bin/hanterm + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the +ko-hanterm/ko-hanterm-xf ports. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ko-hanterm: +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-hanterm-3.1.5_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-hanterm-3.1.5_1.tgz + +ko-hanterm-xf: +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-hanterm-xf-19_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-hanterm-xf-19_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the ko-hanterm/ko-hanterm-xf port +from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO0lzS1UuHi5z0oilAQGuXwP9EZWLrlaxYZYBBFLASErm2PjTSgazT/8c +EyrxNw33Qal+xecxopeS3p/3Cf9x/Y0cH53ZMJoId6MaWJSwQOWlVqNC/ehjm2tx +NPfLu3eR1JhguFoQ0YRHnMBvX1KBRfVQnfoa7HFd1vPeKEqsaXBvRz8HSurpgNml +nUXVwvklmPc= +=W5bd +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:42.signal.asc b/share/security/advisories/FreeBSD-SA-01:42.signal.asc new file mode 100644 index 0000000000..3f27f8fc34 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:42.signal.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:42 Security Advisory + FreeBSD, Inc. + +Topic: signal handling during exec may allow local root + compromise + +Category: core +Module: kernel +Announced: 2001-07-10 +Revised: 2001-08-06 +Credits: Georgi Guninski +Affects: All released versions of FreeBSD 4.x, + FreeBSD 4.3-STABLE prior to the correction date. +Corrected: 2001-07-09 +FreeBSD only: Yes + +0. Revision History + +2001-07-10 v1.0 Initial release +2001-08-06 v1.1 Binary upgrade package available + +I. Background + +When a process forks, it inherits the parent's signals. When the +process execs, the kernel clears the signal handlers because they are +not valid in the new address space. + +II. Problem Description + +A flaw exists in FreeBSD signal handler clearing that would allow for +some signal handlers to remain in effect after the exec. Most of the +signals were cleared, but some signal hanlders were not. This allowed +an attacker to execute arbitrary code in the context of a setuid +binary. + +All versions of 4.x prior to the correction date including and +4.3-RELEASE are vulnerable to this problem. The problem has been +corrected by copying the inherited signal handlers and resetting the +signals instead of sharing the signal handlers. + +III. Impact + +Local users may be able to gain increased privileges on the local +system. + +IV. Workaround + +Do not allow untrusted users to gain access to the local system. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE after the +correction date. + +2) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 4.1, 4.2, and 4.3 base systems] + +This patch has been verified to apply to FreeBSD 4.1, 4.2, and 4.3 only. +It may or may not apply to older releases. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/sys/kern +# patch -p < /path/to/patch + +[ Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system ] + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +Since this vulnerability involves the FreeBSD kernel which is often +locally customized on installed systems, a universal binary upgrade +package is not feasible. This package includes a patched version of +the GENERIC kernel which should be suitable for use on many systems. +Systems requiring a customized kernel must use an alternative +solution. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:42/security-patch-signal-01.42.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:42/security-patch-signal-01.42.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-signal-01.42.tgz + +The new kernel is named /kernel.GENERIC to avoid conflict with the +default kernel name (``/kernel''). To cause the system to boot +automatically with the new kernel, add the following line to +/boot/loader.conf: + +kernel="/kernel.GENERIC" + +and reboot the system to load the new kernel. The old kernel is still +available and can be manually loaded in the boot loader in case of +problems. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO28Pu1UuHi5z0oilAQHjeAQAmND4sSS6k1RHCz+uHSQb6hrX6vkKDr2M +/9EMf/S90WFwVfIi7ifEgeY3U6XJpRd2Bdx1rCPOCMdSYkehd+WqVM8ZSgHkbpAL +vrwS8KHrcC/G7KhCGzH5c6PjZYISdHXi4hWB9aV11zmmJZk3wL5GlIAaH8Dik403 +w2SjxgHHM8w= +=qVIE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:43.fetchmail.asc b/share/security/advisories/FreeBSD-SA-01:43.fetchmail.asc new file mode 100644 index 0000000000..1cadc36bc5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:43.fetchmail.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:43 Security Advisory + FreeBSD, Inc. + +Topic: fetchmail contains potentially exploitable buffer + overflow + +Category: ports +Module: fetchmail +Announced: 2001-07-10 +Credits: Wolfram Kleff +Affects: Ports collection prior to the correction date. +Corrected: 2001-06-15 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +fetchmail is a program used to retrieve email from POP and IMAP +servers. + +II. Problem Description + +The fetchmail port, versions prior to fetchmail-5.8.6, contains a +potentially exploitable buffer overflow when rewriting headers +longer than 512 bytes. This problem may allow remote users to +cause fetchmail to crash and potentially execute arbitrary code +as the user running fetchmail. + +The fetchmail port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 5400 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.3 is vulnerable +to this problem since it was discovered after its release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users using specially crafted email messages may be able to +cause fetchmail to crash and potentially execute arbitrary code as +the user running fetchmail. + +If you have not chosen to install the fetchmail port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the fetchmail port/package if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the fetchmail port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/fetchmail-5.8.6.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/fetchmail-5.8.6.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the fetchmail port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBO0sNt1UuHi5z0oilAQH3NAP/aozGB400MgGyT/mndBk39Y1tD1aPR1AN +yDUG+ddeiskXWjR2UNUd3hqQNJ/8LNMqty8MYOVDB+4S+Pvk4MS2iXcW/4r8yPuT +2V0FfHos3ytxk/mujf7IlVhwp3fnGCFJpFJatgbhUUoU8gakl8BfR87zT77RbiDQ +OuGG+fpBKEw= +=zCcz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:44.gnupg.asc b/share/security/advisories/FreeBSD-SA-01:44.gnupg.asc new file mode 100644 index 0000000000..b520ddcf5c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:44.gnupg.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:44 Security Advisory + FreeBSD, Inc. + +Topic: gnupg contains format string vulnerability + +Category: ports +Module: gnupg +Announced: 2001-07-10 +Credits: fish stiqz +Affects: Ports collection prior to the correction date. +Corrected: 2001-05-30 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +GnuPG is an implementation of the PGP digital signature/encryption +protocol + +II. Problem Description + +The gnupg port, versions prior to gnupg-1.0.6, contains a format +string vulnerability. If gnupg attempts to decrypt a file whose +filename does not end in '.gpg', the filename is copied to the +prompt string, allowing a user-supplied format string. This may allow +a malicious user to cause arbitrary code to be executed as the user +running gnupg. + +The gnupg port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 5400 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.3 is vulnerable +to this problem since it was discovered after its release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A malicious user supplying a file to be decrypted by the target user +running gnupg may be able to craft a filename causing arbitrary code +to be executed as the user running gnupg. + +If you have not chosen to install the gnupg port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the gnupg port/package if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the gnupg port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/gnupg-1.0.6_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/gnupg-1.0.6_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the gnupg port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBO0sNuVUuHi5z0oilAQEnPAP/XadCoa6avlv67LottE8OKLdxSbMRgVXL +haBWIyZTMSLRiwgfiQS1riDXslCT8rI8piXSv5HI1zjT7OgkV6zXXRP2pez/EdLe +H9sHUJMZNYP1VRfUUlxkmwfelT9cgD2Di3y9vrDouZTt4B5wEGgrzeNeQq1eFNlc +7SvBBZsxEZQ= +=g1DW +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:45.samba.asc b/share/security/advisories/FreeBSD-SA-01:45.samba.asc new file mode 100644 index 0000000000..45ef08ee8a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:45.samba.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:45 Security Advisory + FreeBSD, Inc. + +Topic: samba + +Category: ports +Module: samba +Announced: 2001-07-10 +Credits: Michal Zalewski +Affects: Ports collection prior to the correction date. +Corrected: 2001-06-23 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +Samba is an implementation of the Server Message Block (SMB) +protocol. + +II. Problem Description + +The samba ports, versions prior to samba-2.0.10, +samba-devel-2.2.0a, and ja-samba-2.0.9.j1.0_1, fail to properly +validate NetBIOS names. By sending a specially crafted NetBIOS name +containing unix path characters, a remote user may be able to cause +the samba server to write the log files to arbitrary locations on +the local filesystems. + +If samba is configured to use the '%m' macro in the 'log file' +directive, the NetBIOS name will be substituted without sanity +checking. This will allow the remote user to insert arbitrary paths +given the 15 character NetBIOS name limit. However, if a local user +can create symlinks accessible via this problem, a remote user may be +able to append to any arbitrary file or filesystem. + +The samba port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 5400 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.3 is vulnerable +to this problem since it was discovered after its release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users using specially crafted NetBIOS names may be able to +insert arbitrary paths in log file names, causing log files to be +written in unintended and inappropriate locations. + +If a local user can create symlinks accessible via this problem, a +remote user may be able to append to any arbitrary file or +filesystem. + +If you have not chosen to install the samba port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Remove all occurrences of the %m macro from smb.conf. Replacing the %m +macro with the %I macro (replaced with the IP address of the client machine) +is the recommended workaround for most sites. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the samba port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.0.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.0.10.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.2.0a.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.2.0a.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/ja-samba-2.0.9.j1.0_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/ja-samba-2.0.9.j1.0_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the samba port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBO0sNulUuHi5z0oilAQGpUwP9FbgICIWlBI0KeUpp6YHwXUfQejJuls63 +lP9lnN25B+aSgXNvXQKaSVgQrWXY7AjdX2hhp/zShIUoDTYt4rVQyByUH4Zdl704 +HMzyX7+CiQ4tzG2lXwdHL1Bb1kVHtqX84GTpt+NlnUGSYYzTr/+wKHv04z1nIQ11 +Z0Nrmj64Coo= +=VgXS +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:46.w3m.asc b/share/security/advisories/FreeBSD-SA-01:46.w3m.asc new file mode 100644 index 0000000000..61dc7f1110 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:46.w3m.asc @@ -0,0 +1,95 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:46 Security Advisory + FreeBSD, Inc. + +Topic: w3m contains remotely exploitable buffer overflow + +Category: ports +Module: w3m +Announced: 2001-07-10 +Credits: OGASAWARA Satoshi (LAC / s.ogaswr@lac.co.jp) + KOBAYASHI Shigehiro (LAC / sigehiro@lac.co.jp) +Affects: Ports collection prior to the correction date. +Corrected: 2001-06-19 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +w3m is a console-based web browser. + +II. Problem Description + +The w3m port, versions prior to w3m-0.2.1_1, contains a buffer +overflow in the parsing of MIME headers. A malicious server which +is visited by a user with the w3m browser can exploit the browser +security holes in order to execute arbitrary code on the local +machine as the local user. + +The w3m port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 5400 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.3 is vulnerable +to this problem since it was discovered after its release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A malicious server which is visited by a user with the w3m browser +can exploit the browser security holes in order to execute arbitrary +code as the local user. + +If you have not chosen to install the w3m port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the w3m port/package if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the w3m port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/w3m-ssl-0.2.1_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/w3m-ssl-0.2.1_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/w3m-ssl-0.2.1_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/w3m-ssl-0.2.1_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the w3m port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBO0sQOFUuHi5z0oilAQG5DAP9EbxSc5vGjRnQCV5Nvs2x5pF/ZHvErLab +164B1fsx02DGCJ6wxi/7Di68DM6BoQ+LTSuWvC0f1HXEhUSa9F9+tDjl+bZ+8Mn8 +3p0x3mT1wjajkW0ejOuochFnnQv0Yhwdx2Wc7UhtFyQOKTElNbt5/yN0XnFvjVtj +h7/liv1MgbE= +=a/OU +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:47.xinetd.asc b/share/security/advisories/FreeBSD-SA-01:47.xinetd.asc new file mode 100644 index 0000000000..e2daca3269 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:47.xinetd.asc @@ -0,0 +1,101 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:47 Security Advisory + FreeBSD, Inc. + +Topic: xinetd contains multiple vulnerabilities + +Category: ports +Module: xinetd +Announced: 2001-07-10 +Credits: zen-parse@gmx.net +Affects: Ports collection prior to the correction date. +Corrected: 2001-06-30 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +xinetd is a replacement for inetd, the internet super-server. + +II. Problem Description + +The xinetd port, versions prior to xinetd-2.3.0, contains a +potentially exploitable buffer overflow in the logging routines. +If xinetd is configured to log the userid of remote clients obtained +via the RFC1413 ident service, a remote user may be able to cause +xinetd to crash by returning a specially-crafted ident response. This +may also potentially execute arbitrary code as the user running +xinetd, normally root. + +In addition, xinetd used a default umask of 0. This may +inadvertently cause applications started by xinetd to create +world-writable files unless the applications explicitely set the +umask. + +The xinetd port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 5400 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.3 is vulnerable +to this problem since it was discovered after its release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Remote users may be able to cause xinetd to crash and potentially +execute arbitrary code as the user running xinetd. + +Processes started by xinetd may inadvertently use a umask of 0, causing +files created by these processes to by world-writable. + +If you have not chosen to install the xinetd port/package, then +your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the xinetd port/package if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the xinetd port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/xinetd-2.3.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/xinetd-2.3.0.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the xinetd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBO0sPDlUuHi5z0oilAQFOnAQAnzylUXvLsBiT2F5Mfwn94nd/r7nrP1WI +a7hVwyXSYlfBXRFzsyUQsn1ED/t6mNzDKAiztZ7ZzsIfLxgcy7vFyzWmJSqEx6kk +pPYzx2KXxB6FXbrSoX1Q4a5WgqWONgFEcG1Vua3nVmApdF0gy8XWinV9I0VWdlVY +hQjelLjBi1U= +=umCA +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:48.tcpdump.asc b/share/security/advisories/FreeBSD-SA-01:48.tcpdump.asc new file mode 100644 index 0000000000..f1d8d1174d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:48.tcpdump.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:48 Security Advisory + FreeBSD, Inc. + +Topic: tcpdump contains remote buffer overflow + +Category: core +Module: tcpdump +Announced: 2001-07-17 +Credits: Nick Cleaton +Affects: All releases of FreeBSD 4.x prior to 4.4, + FreeBSD 4.3-STABLE prior to the correction date + FreeBSD 3.x is unaffected. +Corrected: 2001-07-09 +Vendor status: Patch released +FreeBSD only: NO + +I. Background + +tcpdump is a tool for monitoring network traffic activity. + +II. Problem Description + +An overflowable buffer was found in the version of tcpdump included +with FreeBSD 4.x. Due to incorrect string length handling in the +decoding of AFS RPC packets, a remote user may be able to overflow a +buffer causing the local tcpdump process to crash. In addition, it +may be possible to execute arbitrary code with the privileges of the +user running tcpdump, often root. + +The effects of this vulnerability are similiar to those described in +advisory FreeBSD-SA-00:61.tcpdump.v1.1. + +All released versions of FreeBSD prior to the correction date +including 4.3-RELEASE are vulnerable to this problem, however it does +not affect the FreeBSD 3.x branch which includes an older version of +tcpdump. + +III. Impact + +Remote users can cause the local tcpdump process to crash, and may be +able to cause arbitrary code to be executed as the user running +tcpdump, often root. + +IV. Workaround + +Do not use vulnerable versions of tcpdump in network environments +which may contain packets from untrusted sources. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the +RELENG_4_3 security branch after the respective correction dates. + +2) FreeBSD 4.x systems prior to the correction date: + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:48/tcpdump-4.x.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:48/tcpdump-4.x.patch.asc + +# cd /usr/src/contrib/tcpdump +# patch -p < /path/to/patch +# cd /usr/src/usr.sbin/tcpdump +# make depend && make all install + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) is +requested to security-officer@FreeBSD.org so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +Two versions of the upgrade package are available, depending on +whether or not the system has openssl installed. To verify whether +your system has openssl installed, perform the following command: + +# ls /usr/bin/openssl + +Possible responses: + +/usr/bin/openssl # This response indicates you have openssl present + +ls: /usr/bin/openssl: No such file or directory + # This reponse indicates you do not have + # openssl present + +3a) If OpenSSL is not present + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:48/security-patch-tcpdump-nossl-01.48.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:48/security-patch-tcpdump-nossl-01.48.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-tcpdump-nossl-01.48.tgz + +3b) If OpenSSL is present + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:48/security-patch-tcpdump-ssl-01.48.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:48/security-patch-tcpdump-ssl-01.48.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-tcpdump-ssl-01.48.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO1R5i1UuHi5z0oilAQFdCQQAhFUzYA7plZN1O0rK/iU/jPaoCqM0KDPP +Vdg+3zP8I5Vovdbxdns1DVefI3PVhZbLwh8E0ZnEz544FB5atiYsRiqQxuoEMZiN +1JSRHUOIYyAChtIUZY1JV9eF8GfemWaAcgNp7mNWYKl7dUn0nYERfTO92YNm+l7M +3nNvOwkhqLU= +=PrXC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:49.telnetd.asc b/share/security/advisories/FreeBSD-SA-01:49.telnetd.asc new file mode 100644 index 0000000000..2a1e518fcb --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:49.telnetd.asc @@ -0,0 +1,263 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:49 Security Advisory + FreeBSD, Inc. + +Topic: telnetd contains remote buffer overflow + +Category: core +Module: telnetd +Announced: 2001-07-23 +Revised: 2001-07-27 +Credits: Sebastian +Affects: All releases of FreeBSD 3.x, 4.x prior to 4.4, + FreeBSD 4.3-STABLE prior to the correction date +Corrected: 2001-07-23 +FreeBSD only: NO + +0. Revision History + +2001-07-23 v1.0 Initial release +2001-07-27 v1.1 Updated patch instructions, kerberosIV package + available, added reference to SSH in workarounds. + +I. Background + +telnetd is the server for the telnet remote virtual terminal protocol. + +II. Problem Description + +An overflowable buffer was found in the version of telnetd included +with FreeBSD. Due to incorrect bounds checking of data buffered for +output to the remote client, an attacker can cause the telnetd process +to overflow the buffer and crash, or execute arbitrary code as the +user running telnetd, usually root. A valid user account and password +is not required to exploit this vulnerability, only the ability to +connect to a telnetd server. + +The telnetd service is enabled by default on all FreeBSD installations +if the 'high' security setting is not selected at install-time. This +vulnerability is known to be exploitable, and is being actively +exploited in the wild. + +All released versions of FreeBSD prior to the correction date +including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this +problem. It was corrected prior to the forthcoming release of +4.4-RELEASE. + +III. Impact + +Remote users can cause arbitrary code to be executed as the user +running telnetd, usually root. + +IV. Workaround + +1) Disable the telnet service, which is usually run out of inetd: +comment out the following lines in /etc/inetd.conf, if present. + +telnet stream tcp nowait root /usr/libexec/telnetd telnetd + +telnet stream tcp6 nowait root /usr/libexec/telnetd telnetd + +and execute the following command as root: + +# kill -HUP `cat /var/run/inetd.pid` + +An alternative remote login protocol such as the SSH secure shell +protocol (which is installed by default in FreeBSD), can be used +instead. The SSH protocol is the recommended protocol for remote +logins to FreeBSD systems because of the superior authentication, +confidentiality and integrity protection it supplies relative to other +protocols such as telnet. + +2) Impose access restrictions using TCP wrappers (/etc/hosts.allow), +or a network-level packet filter such as ipfw(8) or ipf(8) on the +perimeter firewall or the local machine, to limit access to the telnet +service to trusted machines. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the +RELENG_4_3 security branch after the respective correction dates. + +2) FreeBSD 3.5.1, 4.x systems prior to the correction date: + +There are two versions of the patch available, for systems with and +without the /usr/src/crypto/telnet sources. To determine whether your +system has the crypto-telnet sources installed, perform the following +command: + +# ls /usr/src/crypto/telnet/telnetd + +A response of + +ls: /usr/src/crypto/telnet/telnetd: No such file or directory + +indicates you do not have the crypto sources present and should +download the non-crypto-telnet patch: see section 2b) below. + +These patches have been verified to apply to FreeBSD 4.2-RELEASE, +4.3-RELEASE and 3.5.1-STABLE dated prior to 2001-07-20 (users of +3.5.1-RELEASE must have applied the patches from FreeBSD Security +Advisory 00:69 prior to applying this patch). These patches may or +may not apply to older, unsupported releases of FreeBSD. + +2a) For systems with the crypto-telnet sources installed + +Under FreeBSD 4.x, the crypto-telnet client can be built in two +versions: with or without support for the KerberosIV authentication +system. Under FreeBSD 3.x there is only one way to build the +crypto-telnet client: with KerberosIV support. + +To determine whether your system has the kerberosIV distribution +installed, perform the following command: + +# ls /usr/lib/libkrb.a + +Possible responses: + +/usr/lib/libkrb.a # This response indicates you have kerberosIV present + +ls: /usr/lib/libkrb.a: No such file or directory + # This reponse indicates you do not have + # kerberosIV present + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd-crypto.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd-crypto.patch.asc + +2aa) For systems with the crypto-telnet sources installed but without +KerberosIV installed + +[FreeBSD 4.x systems] + +# cd /usr/src/ +# patch -p < /path/to/patch +# cd /usr/src/secure/lib/libtelnet +# make depend && make all +# cd /usr/src/secure/libexec/telnetd +# make depend && make all install + +[FreeBSD 3.x systems] + +# cd /usr/src/ +# patch -p < /path/to/patch +# cd /usr/src/lib/libtelnet +# make depend && make all +# cd /usr/src/libexec/telnetd +# make depend && make all install + +2ab) For systems with the crypto-telnet sources installed and with +KerberosIV installed + +# cd /usr/src/ +# patch -p < /path/to/patch +# cd /usr/src/kerberosIV/lib/libtelnet +# make depend && make all +# cd /usr/src/kerberosIV/libexec/telnetd +# make depend && make all install + +2b) For systems without the crypto-telnet sources installed + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd.patch.asc + +# cd /usr/src/ +# patch -p < /path/to/patch +# cd /usr/src/lib/libtelnet +# make depend && make all +# cd /usr/src/libexec/telnetd +# make depend && make all install + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +Three versions of the upgrade package are available, depending on +whether or not the system has the crypto or kerberosIV distributions +installed. + +To determine whether your system has the crypto distribution +installed, perform the following command: + +# ls /usr/bin/openssl + +Possible responses: + +/usr/bin/openssl # This response indicates you have crypto present + +ls: /usr/bin/openssl: No such file or directory + # This reponse indicates you do not have + # crypto present + +To determine whether your system has the kerberosIV distribution +installed, perform the following command: + +# ls /usr/lib/libkrb.a + +Possible responses: + +/usr/lib/libkrb.a # This response indicates you have kerberosIV present + +ls: /usr/lib/libkrb.a: No such file or directory + # This reponse indicates you do not have + # kerberosIV present + +3a) If crypto is present + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-crypto-01.49.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-crypto-01.49.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-telnetd-crypto-01.49.tgz + +3b) If kerberosIV is present + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-kerberosIV-01.49.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-kerberosIV-01.49.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-telnetd-kerberosIV-01.49.tgz + +3c) If neither crypto nor kerberosIV are present + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-01.49.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-01.49.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-telnetd-01.49.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO2HHK1UuHi5z0oilAQH9dwP/eupJuy60kLzGcJx5JVfDHyv0IoNvnMX2 +OsQw4+PwcvVv3r2nQn8FAiGa5WYlG+9Ft/s9XWuCUtWt35EiCmdo9I/72vuOasHN +goiu+i+ncJeAp2BrgXerilHqBQnVnMI+QQrmKBiyhUPA3xR+t6JxRfk2DaCYSuvx +tEQXDNB7wxU= +=3OFg +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:50.windowmaker.asc b/share/security/advisories/FreeBSD-SA-01:50.windowmaker.asc new file mode 100644 index 0000000000..8e0cc10524 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:50.windowmaker.asc @@ -0,0 +1,100 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:50 Security Advisory + FreeBSD, Inc. + +Topic: windowmaker contains possibly exploitable buffer overflow + +Category: ports +Module: windowmaker/windowmaker-i18n +Announced: 2001-07-27 +Credits: Robert Marshall +Affects: Ports collection prior to the correction date. +Corrected: 2001-07-24 +Vendor status: Updated version released +FreeBSD only: NO + +I. Background + +Windowmaker is a GNUstep-compliant X11 window manager which emulates +the NeXTSTEP interface. + +II. Problem Description + +The windowmaker ports, versions prior to windowmaker-0.65.0_2 and +windowmaker-i18n-0.65.0_1, contain a potentially exploitable buffer +overflow when displaying a very long window title in the window list +menu. Since programs such as web browsers will include the contents +of a webpage's title tag in window titles, this problem may allow +authors of malicious webpages to cause windowmaker to crash and +potentially execute arbitrary code as the user running windowmaker. + +The windowmaker ports are not installed by default, nor are they +"part of FreeBSD" as such: they are part of the FreeBSD ports +collection, which contains over 5500 third-party applications in +a ready-to-install format. The ports collection shipped with FreeBSD +4.3 is vulnerable to this problem since it was discovered after +its release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Under certain circumstances, remote webservers may cause windowmaker +to crash and potentially execute arbitrary code as the user running +windowmaker. + +If you have not chosen to install the windowmaker port/package, +then your system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the windowmaker package if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the windowmaker +or windowmaker-i18n port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/windowmaker-0.65.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/windowmaker-0.65.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/windowmaker-i18n-0.65.0_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/windowmaker-i18n-0.65.0_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) download a new port skeleton for the windowmaker or windowmaker-i18n +port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO2HM5VUuHi5z0oilAQH8ZAP9GibPUuDW96J9ylQs/V3aoTblSlw3zaXX +8EkouFxYEDTk0LBJfwyq343z4OfrM21A8gxlQiW+b620JkNkL795zkRQ01DxbQle +bDaOOICvXpVmHyI0Xxn3qLCeQJpuNhJkT5kvf+49q4ldljsIiHNc6FFTOpcA0SlW +NKPR3OpUy+o= +=A5Cb +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:51.openssl.asc b/share/security/advisories/FreeBSD-SA-01:51.openssl.asc new file mode 100644 index 0000000000..e96590dd46 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:51.openssl.asc @@ -0,0 +1,150 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:51 Security Advisory + FreeBSD, Inc. + +Topic: OpenSSL 0.9.6a and earlier contain flaw in PRNG [REVISED] + +Category: core +Module: openssl +Announced: 2001-07-30 +Revised: 2001-07-31 +Credits: Markku-Juhani O. Saarinen + The OpenSSL Project +Affects: All releases of FreeBSD 4.x prior to 4.4, + FreeBSD 4.3-STABLE prior to the correction date +Corrected: 2001-07-19 21:00:45 UTC (FreeBSD 4.3-STABLE) + 2001-07-19 21:01:08 UTC (FreeBSD 4.3-SECURITY aka RELENG_4_3) +FreeBSD only: NO + +0. Revision History + +v1.0 2001-07-30 Initial release +v1.1 2001-07-31 Corrected patch instructions + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL +Project is a collaborative effort to develop a robust, +commercial-grade, full-featured, and Open Source toolkit implementing +the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS +v1) protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +A flaw in the pseudo-random number generator (PRNG) of OpenSSL +versions previous to 0.9.6b allows an attacker to determine the PRNG +state and future output under certain restricted conditions, thereby +weakening the strength of the PRNG and any cryptographic protection +which is derived from it. In effect, the flaw is that a portion of +the PRNG state is incorrectly used as the PRNG output, allowing +attackers to gain knowledge of the internal state of the PRNG by +observing the output if they can sample it in a certain way. + +An attack taking advantage of this flaw has been identified that can +recover the complete state of the PRNG from the output of one +carefully sized PRNG request followed by a few hundred consecutive +1-byte PRNG requests. + +This access pattern is not typically obtainable in real-world uses of +the PRNG in cryptographic protocols, and no exploit against a protocol +supported by OpenSSL is currently known. + +III. Impact + +By successfully exploiting a flaw in the PRNG, an attacker can gain +important information that may allow him to deduce nonces (leading to +the compromise of the protocol session) or encryption keys (allowing +the attacker to obtain the plaintext of the encrypted data). + +Whether or not this flaw is exploitable depends upon the specifics of +the application using OpenSSL. No vulnerable applications or +protocols are currently known. + +IV. Workaround + +None applicable. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the +4.3-SECURITY (aka RELENG_4_3) security branch after the respective +correction dates. + +2) FreeBSD 4.x systems prior to the correction date: + +The following patch have been verified to apply to FreeBSD +4.2-RELEASE, 4.3-RELEASE and 4.3-STABLE dated prior to the correction +date. These patches may or may not apply to older, unsupported +releases of FreeBSD. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:51/openssl.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:51/openssl.patch.asc + +# cd /usr/src/ +# patch -p < /path/to/patch +# cd /usr/src/secure/lib/libcrypto/ +# make depend && make all install + +One must also recompile any statically linked applications that use +OpenSSL's PRNG. There are no such applications in the base system. + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:51/security-patch-openssl-01.51.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:51/security-patch-openssl-01.51.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-openssl-01.51.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected for the maintained versions of FreeBSD. + +FreeBSD Version and CVS Tag + Path Revision +- ------------------------------------------------------------------------- +FreeBSD 4.3-SECURITY (tag: RELENG_4_3) + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.1.2.2.2.1 +FreeBSD 4.3-STABLE (tag: RELENG_4) + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.1.2.4 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO2cIaFUuHi5z0oilAQHilgQAq8VsYlRClfALI5NLhJ5HPJpI+WZYr9wp +rhPygQgYKuTsM89XYi3Cz3OUxNP7l4x1Zp846DHLS+9TVuOWxclxxWCvwybcIT/L +3uhqwTAVM225g7TqDdc3kq0sFVTs3NRb13PgPz84QUdl/DcYkikfH49SSbvrQvch +hHGsw1Ohiao= +=R/xp +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:52.fragment.asc b/share/security/advisories/FreeBSD-SA-01:52.fragment.asc new file mode 100644 index 0000000000..0d8326164b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:52.fragment.asc @@ -0,0 +1,177 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:52 Security Advisory + FreeBSD, Inc. + +Topic: Denial of service using fragmented IPv4 packets +Category: kernel +Announced: 2001-08-06 +Credits: "James Thomas" via NetBSD +Affects: All releases of FreeBSD 3.x, 4.x prior to 4.4, + FreeBSD 4.3-STABLE prior to the correction date +Corrected: 2001-06-16 23:48:04 UTC (FreeBSD 4.3-STABLE) + 2001-08-05 23:08:26 UTC (RELENG_4_3) + 2001-08-06 09:20:57 UTC (FreeBSD 3.5.1-STABLE) +FreeBSD only: NO + +I. Background + +The IP protocol allows datagrams (``packets'') to be fragmented in +transit to allow transportation by lower layers with a smaller frame +size than the desired IP datagram size. The fragments are collected +and reassembled on the destination system. + +II. Problem Description + +Remote users may be able to prevent a FreeBSD system from +communicating with other systems on the network by transmitting large +numbers of fragmented IPv4 datagrams. For the attack to be effective, +the attacker must have a high-bandwidth connection to the target +system (for example, connected via a local network or over a fast +remote network connection). + +IP datagram fragments destined to the target system will be queued for +30 seconds, to allow fragmented datagrams to be reassembled. Until +recently, there was no upper limit in the number of reassembly queues. +Therefore, a malicious party may be able to transmit a lot of bogus +fragmented datagrams (with different IPv4 identification field) and +cause the target system to exhaust its mbuf pool, preventing further +network traffic processing or generation while the starvation +condition continues. + +To solve this problem an upper limit was placed on the number of +fragment reassembly queues. This value is tunable at runtime using +the net.inet.ip.maxfragpackets sysctl: the sysctl is set to a default +value at system startup but may be tuned up or down depending on the +role of the system (e.g. if the system is a busy server which +typically receives a lot of fragmented datagrams, you may want to set +the value higher). The old system behaviour of an unlimited number of +reassembly queues can be obtained by setting this sysctl to a negative +value. + +Note however that attackers are still able to prevent legitimate +fragmented IPv4 traffic from being reassembled by flooding the system +with bogus fragmented datagrams and keeping the reassembly queues +full. Unfragmented IPv4 communications will be unaffected by such an +attack when this variable is set. + +All versions of FreeBSD 3.x and 4.x prior to the correction date +including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this +problem, although exploitation is mitigated by the need for +high-bandwidth access to the target machine. + +III. Impact + +IPv4-connected systems can be put into a resource-starved state from +which they are unable to send or receive network traffic by the +constant bombardment of the system by fragmented datagrams. + +IV. Workaround + +A possible workaround for systems which are under active attack is to +increase the value of the NMBCLUSTERS kernel option on attacked +machines and rebuild the kernel as described in the following URL: + + http://www.freebsd.org/handbook/kernelconfig.html + +This may provide a temporary solution until the patch can be applied: +normally, it is the cluster mbufs which are exhausted by this attack. +By setting NMBCLUSTERS to a higher value, you may be able to prevent +the mbuf memory pool from being starved. + +VI. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the +RELENG_4_3 security-fix branch dated after the correction date. + +2) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 4.x] +This patch has been verified to apply to FreeBSD 4.2-RELEASE and +4.3-RELEASE systems. It may or may not apply to older, unsupported +releases. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:52/frag-4.x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:52/frag-4.x.patch.asc + +[FreeBSD 3.x] +This patch has been verified to apply to FreeBSD 3.5.1-RELEASE +systems. It may or may not apply to older, unsupported releases. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:52/frag-3.x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:52/frag-3.x.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src/ +# patch -p < /path/to/patch + +Rebuild the kernel as described in the following URL: + + http://www.freebsd.org/handbook/kernelconfig.html + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +Since this vulnerability involves the FreeBSD kernel which is often +locally customized on installed systems, a universal binary upgrade +package is not feasible. This package includes a patched version of +the GENERIC kernel which should be suitable for use on many systems. +Systems requiring a customized kernel must use an alternative +solution. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:52/security-patch-fragment-01.52.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:52/security-patch-fragment-01.52.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-fragment-01.52.tgz + +The new kernel is named /kernel.GENERIC to avoid conflict with the +default kernel name (``/kernel''). To cause the system to boot +automatically with the new kernel, add the following line to +/boot/loader.conf: + +kernel="/kernel.GENERIC" + +and reboot the system to load the new kernel. The old kernel is still +available and can be manually loaded in the boot loader in case of +problems. + +VII. Credits/References + +NetBSD wrote the original advisory from which large portions of this +advisory was taken. + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO28VK1UuHi5z0oilAQHU9AQAor9fi3Lp5Xtny/zPJpVcX4+96WvsqX4e +j7xtydSKwbZg78AxCYzD53FnZ/Tmb0XCf6if0L+k4QFzBsmavauB2hoszJMuT1x0 +WdcQmBvzIy5Oibffv88Kev760K7icdkskWYTLPJMxmP0dec9NZBLkTcR6udMyy2u +JbK9HknLMiE= +=8PO/ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:53.ipfw.asc b/share/security/advisories/FreeBSD-SA-01:53.ipfw.asc new file mode 100644 index 0000000000..34c682b89a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:53.ipfw.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:53 Security Advisory + FreeBSD, Inc. + +Topic: ipfw `me' on P2P interfaces matches remote address + +Category: core +Module: ipfw +Announced: 2001-08-17 +Credits: Igor M Podlesny +Affects: FreeBSD 4-STABLE after February 20, 2001 and prior + to the correction date + FreeBSD 4.3-RELEASE +Corrected: 2001-07-17 10:50:01 UTC (FreeBSD 4.3-STABLE) + 2001-07-18 06:56:23 UTC (RELENG_4_3) +FreeBSD only: YES + +I. Background + +ipfw is a system facility which allows IP packet filtering, +redirecting, and traffic accounting. ipfw `me' rules are filter rules +that specify a source or destination address of `me', intended to +match any IP address configured on a local interface. + +II. Problem Description + +A flaw in the implementation of the ipfw `me' rules when used in +conjunction with point-to-point interfaces results in filter rules +which match the remote IP address of the point-to-point interface in +addition to the intended local IP address. + +III. Impact + +IP datagrams with a source or destination IP address of a remote +point-to-point link may be handled in a way unintended by the system +administrator. + +For example, given an interface such as + + tun0: flags=8051 mtu 1500 + inet 1.1.1.1 --> 2.2.2.2 netmask 0xff000000 + +and this ipfw rule: + + 00010 allow ip from me to any + +packets with a source address of 2.2.2.2 would be allowed to pass when +the administrator may have reasonably expected it not to match this +rule. + +IV. Workaround + +Do not use ipfw `me' rules. Rewrite any existing `me' rules to use +explicit IP addresses. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the +RELENG_4_3 security branch after the respective correction dates. + +2) FreeBSD 4.x systems prior to the correction date: + +The following patches have been verified to apply to FreeBSD +4.3-RELEASE and 4-STABLE dated prior to the correction date. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:53/ipfw.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:53/ipfw.patch.asc + +# cd /usr/src +# patch -p < /path/to/patch +# install -c -m 0444 -o root -g wheel /usr/src/sys/netinet/in_var.h /usr/include/netinet/ +# cd /usr/src/sbin/ipfw +# make depend && make all install + +The following steps will be different depending upon whether your +system has ipfw compiled into the kernel or is using the ipfw KLD. If +the output of `kldstat' includes `ipfw.ko', then you are using the KLD +and should follow the directions listed in (2a) below. Otherwise, if +your kernel configuration file contains the line `options IPFIREWALL', +you should follow the directions listed in (2b) below. + +2a) Execute the following commands as root: + +# cd /usr/src/sys/modules/ipfw +# make depend && make all install + +2b) Rebuild and reinstall your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html + +In either case 2a) or 2b), you must reboot your system to load the new +module or kernel. + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the +files which are replaced by the package. These backup copies will +be reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:53/security-patch-ipfw-01.53.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:53/security-patch-ipfw-01.53.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-ipfw-01:53.tgz + +Restart your system after applying the patch. + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected, for the supported branches of FreeBSD. The +$FreeBSD$ revision of installed sources can be examined using the +ident(1) command. + +[FreeBSD 4.3-STABLE] + + Revision Path + 1.33.4.1 src/sys/netinet/in_var.h + +[RELENG_4_3] + + Revision Path + 1.33.2.2 src/sys/netinet/in_var.h + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO32OK1UuHi5z0oilAQGFaAQAoeOYBYHehpMs28K1K4BKneLF4/KBfel/ +NGmGslQVe4DHxiIfV2WWyQw1KjH/N8NSOiBsri8+pMZkFaOyBw1Q41vUCd+2pZW1 +97qYWj6aWjIlpNm9/zOPnWN6smge4OZ7UCqX1+VsP6nf8VBrEfOYl44hl82oCMk9 +S9NvqSOqDsI= +=HqMM +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:54.ports-telnetd.asc b/share/security/advisories/FreeBSD-SA-01:54.ports-telnetd.asc new file mode 100644 index 0000000000..12841e1034 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:54.ports-telnetd.asc @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:54 Security Advisory + FreeBSD, Inc. + +Topic: telnetd contains remote buffer overflow + +Category: ports +Modules: krb5/heimdal/SSLtelnet +Announced: 2001-08-20 +Credits: Sebastian +Affects: Ports collection prior to the correction date. +Corrected: 2001-07-19 21:43:41 UTC (heimdal) + 2001-07-24 15:29:39 UTC (krb5) + SSLtelnet port not yet corrected +FreeBSD only: NO + +I. Background + +telnetd is the server for the telnet remote virtual terminal protocol. + +II. Problem Description + +This advisory is closely related to the previously released +FreeBSD-SA-01:49.telnetd.v1.1 advisory. That advisory pertains to the +telnetd included in the base FreeBSD system. This advisory pertains +to optional third-party telnetd implementations found in the FreeBSD +ports collection. + +An overflowable buffer was found in the versions of telnetd included +with several ports. These ports include: + + MIT Kerberos V (security/krb5) prior to version 1.2.2_2 + Heimdal (security/heimdal) prior to version 0.4b_1 + SSLtelnet (net/SSLtelnet) - this port is not yet fixed; see below. + +Due to incorrect bounds checking of data buffered for output to the +remote client, an attacker can cause the telnetd process to overflow +the buffer and crash, or execute arbitrary code as the user running +telnetd, usually root. A valid user account and password is not +required to exploit this vulnerability, only the ability to connect to +a telnetd server. + +These ports are not installed by default, nor are they "part of +FreeBSD" as such: they are part of the FreeBSD ports collection, which +contains over 5600 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.3 is vulnerable to +this problem since it was discovered after its release, but the +problems with the krb5 and heimdal ports were corrected prior to the +(forthcoming) release of FreeBSD 4.4. + +The SSLtelnet vulnerability has not yet been corrected: due to +divergences in the code, it is more difficult to correct the +vulnerability in that port. This advisory will be reissued once the +vulnerability is corrected. + +III. Impact + +Remote users can cause arbitrary code to be executed as the user +running telnetd, usually root. + +IV. Workaround + +1) Disable the telnet service, which is usually run out of inetd: +comment out lines in /etc/inetd.conf that begin with the word `telnet', +if present, e.g. + +telnet stream tcp nowait root /usr/local/libexec/telnetd telnetd + +telnet stream tcp6 nowait root /usr/local/libexec/telnetd telnetd + +and execute the following command as root: + +# kill -HUP `cat /var/run/inetd.pid` + +2) Impose access restrictions using TCP wrappers (/etc/hosts.allow), +or a network-level packet filter such as ipfw(8) or ipf(8) on the +perimeter firewall or the local machine, to limit access to the telnet +service to trusted machines. + +3) Deinstall the affected ports/packages if they are installed. + +V. Solution + +The updated ports include fixes for this vulnerability: + krb5-1.2.2_2 and later + heimdal-0.4b_1 and later + +1) Upgrade your entire ports collection and rebuild the affected +ports (packages are not currently available for these ports). + +2) Download a new port skeleton for the affected ports from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +3) Use the portcheckout utility to automate option (2) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Affected port (module) + Path Revision +- ------------------------------------------------------------------------- +MIT Kerberos V (krb5) + ports/security/krb5/Makefile 1.27 + ports/security/krb5/files/patch-appl::telnet::telnetd::authenc.c 1.1 + ports/security/krb5/files/patch-appl::telnet::telnetd::ext.h 1.2 + ports/security/krb5/files/patch-appl::telnet::telnetd::slc.c 1.1 + ports/security/krb5/files/patch-appl::telnet::telnetd::state.c 1.2 + ports/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c 1.2 + ports/security/krb5/files/patch-appl::telnet::telnetd::termstat.c 1.1 + ports/security/krb5/files/patch-appl::telnet::telnetd::utility.c 1.2 +Heimdal (heimdal) + ports/security/heimdal/Makefile 1.39 + ports/security/heimdal/files/patch-ad 1.6 +- ------------------------------------------------------------------------- + +VII. References + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO4GGS1UuHi5z0oilAQENdgQAn48FDb8KqMftJGSS2ueRb9aZPuosS/3T +2I6AC3AOtBIKe+3fhnURdivPIXBWMZ4GyzkctfvQ0NaKUnnVqTzoxdSVN4wStJ1e +yXdJ9b4d5lyKvT0+JJI9IMylcA5o5kp5b36OpkB48Oo3y/4ZdiskJn3ZoU4zpBeU ++uCUTpg3TGM= +=SChg +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:55.procfs.asc b/share/security/advisories/FreeBSD-SA-01:55.procfs.asc new file mode 100644 index 0000000000..da27946f7f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:55.procfs.asc @@ -0,0 +1,192 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:55 Security Advisory + FreeBSD, Inc. + +Topic: procfs vulnerability leaks set[ug]id process memory + +Category: core +Module: procfs +Announced: 2001-08-21 +Credits: Joost Pol +Affects: FreeBSD 4.x, 4.3-STABLE prior to the correction + date. +Corrected: 2001-08-12 07:29 PDT (4.3-STABLE) + 2001-08-13 12:45 PDT (RELENG_4_3) +FreeBSD only: Yes + +I. Background + +procfs is the process filesystem, which presents a filesystem +interface to the system process table, together with associated data. +procfs provides access to the memory space of processes via the +synthetic /proc//mem file, subject to access control checks. + +linprocfs is an implementation of procfs which implements a +Linux-style procfs, for use with Linux binaries so they can obtain +access to exported kernel data. It uses procfs to provide the +/proc//mem file. + +II. Problem Description + +Prior to the migration of system monitoring utilities (such as ps(8)) +to use the sysctl(8) management interface, these utilities formerly +used procfs and direct kernel memory access to extract process +information, and they ran with the setgid kmem privilege to allow +direct kernel memory access. The procfs code checks for gid kmem +privilege when granting access to the /proc//mem file -- however, +the code which is used to allow read-only access via the kmem group +was incorrect, and inappropriately granted read access to the caller +as long as they already had an open file descriptor for the procfs mem +file. + +The result of this problem is that if a process initially has +debugging rights to a second process, it may retain access to the +target process' memory space, even if the target process has upgraded +privilege by virtue of performing an execve() call on a setuid or +setgid process. This vulnerability can lead to the leaking of +sensitive information from such processes, which could be used as the +basis for additional attacks, resulting in escalation of attacker +privilege on the system. + +The linprocfs filesystem is also vulnerable to the problem if procfs +support is available in the kernel (statically compiled in, or +dynamically loaded as a module). If procfs support is not available +then linprocfs is not vulnerable to this problem. + +All released versions of FreeBSD 4.x including FreeBSD 4.3-RELEASE are +vulnerable to this problem if the procfs filesystem is in use. It was +corrected prior to the (forthcoming) release of FreeBSD 4.4-RELEASE. + +III. Impact + +Attackers may be able to extract sensitive system information, such as +password hashes from the /etc/master.passwd file, from setuid or +setgid processes, such as su(1). This information could be used by +attackers to escalate their privileges, possibly yielding root +privileges on the local system. + +Because this attack may only be used on processes that initially are +"debuggable" by the attacking process, this attack is limited to +executed processes which gain privilege by virtue of being setuid or +setgid, and so it cannot be used against other processes which are +already running with privilege such as already-running daemons +containing sensitive system information. + +IV. Workaround + +To work around the problem, perform the following steps as root: + +Unmount all instances of the procfs and linprocfs filesystems using +the unmount(8) command: + +# umount -f -a -t procfs +# umount -f -a -t linprocfs + +Disable the automatic mounting of all instances of procfs in /etc/fstab: +remove or comment out the line(s) of the following form: + +proc /proc procfs rw 0 0 +proc /compat/linux/proc linprocfs rw 0 0 + +V. Solution + +1) Upgrade your vulnerable system to 4.3-STABLE or the RELENG_4_3 +security branch, dated after the respective correction dates. + +2) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:55/procfs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:55/procfs.patch.asc + +Verify the detached PGP signature using your PGP utility. + +This patch has been verified to apply to FreeBSD 4.3-RELEASE and +4.2-RELEASE (users of 4.2-RELEASE should already have the patch from +FreeBSD SA-00:77.procfs installed). It may or may not apply to older, +unsupported releases of FreeBSD. + +# cd /usr/src/sys +# patch -p < /path/to/patch + +If procfs is statically compiled into the kernel (i.e. the kernel +configuration file contains the line 'options PROCFS'), then rebuild +and reinstall your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system with the new kernel for the changes to take effect. By default +procfs is statically compiled in the GENERIC kernel configuration. + +If procfs is dynamically loaded by KLD (use the kldstat(8) command to +verify whether this is the case) and the system securelevel has not +been raised to a level of 1 or higher, the system can be patched at +run-time without requiring a reboot by performing the following steps +after patching the source as described above: + +# cd /usr/src/sys/modules/procfs +# make depend +# make all install +# umount -f -a -t procfs +# kldunload procfs +# kldload procfs +# mount -a -t procfs + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the +files which are replaced by the package. These backup copies will +be reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:55/security-patch-procfs-01.55.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:55/security-patch-procfs-01.55.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-procfs-01.55.tgz + +Restart your system after applying the patch. + +VI. CVS Revisions + +The following $FreeBSD$ CVS revisions contain the fixes for this +vulnerability. The $FreeBSD$ revision of installed sources can be +examined using the ident(1) command. These revision IDs are not +updated by applying the patch referenced above. + +[FreeBSD 4.3-STABLE] + + Revision Path + 1.3.2.5 src/sys/i386/linux/linprocfs/linprocfs_vnops.c + 1.32.2.2 src/sys/miscfs/procfs/procfs.h + 1.46.2.2 src/sys/miscfs/procfs/procfs_mem.c + 1.76.2.5 src/sys/miscfs/procfs/procfs_vnops.c + +[RELENG_4_3] + + Revision Path + 1.3.2.3.2.1 src/sys/i386/linux/linprocfs/linprocfs_vnops.c + 1.32.2.1.2.1 src/sys/miscfs/procfs/procfs.h + 1.46.2.1.2.1 src/sys/miscfs/procfs/procfs_mem.c + 1.76.2.3.2.1 src/sys/miscfs/procfs/procfs_vnops.c +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO4LGfFUuHi5z0oilAQGvFAP9Es3OpWi/tolP9Kfbw3+EWCfGupQ9QMtP +xTKwwmp8epr+So1x+bHNaXBdGm5DJq4fvqUOh5kUHkNM5Gfkp2gPPwWXB9J6Ct3e +ut3nUlJBeY8K+qV8DGdH4/InuW4HG+Jvw0WSGCmTZnz6q17K0ESJXp2cS5qB7eeL +/66o9YNotkE= +=FHFP +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc b/share/security/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc new file mode 100644 index 0000000000..7a0d6dfd9c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc @@ -0,0 +1,135 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:56 Security Advisory + FreeBSD, Inc. + +Topic: tcp_wrappers PARANOID hostname checking does not work + +Category: core +Module: tcp_wrappers +Announced: 2001-08-23 +Credits: Tony Finch +Affects: FreeBSD 4.1.1-RELEASE + FreeBSD 4.2-RELEASE + FreeBSD 4.3-RELEASE + FreeBSD 4.3-STABLE before the correction date +Corrected: 2001-07-04 20:18:11 UTC (FreeBSD 4.3-STABLE) + 2001-07-04 20:18:54 UTC (RELENG_4_3) +FreeBSD only: Yes + +I. Background + +FreeBSD has included Wietse Venema's tcp_wrappers since 3.2-RELEASE. +tcp_wrappers allows one to add host-based ACLs to network +applications, and additionally provides connection logging and some +detection of DNS spoofing. + +II. Problem Description + +The addition of a flawed check for a numeric result during reverse DNS +lookup causes tcp_wrappers to skip some of its sanity checking of DNS +results. These sanity checks are only enabled by the 'PARANOID' ACL +option in the configuration file, and simply weaken the 'PARANOID' +host checks to the level of assurance provided by the regular host +ACLs. + +This vulnerability was corrected prior to the (forthcoming) release of +FreeBSD 4.4-RELEASE. + +III. Impact + +An attacker that can influence the results of reverse DNS lookups can +bypass certain tcp_wrappers PARANOID ACL restrictions by impersonating +a trusted host. Such an attacker would need to be able to spoof +reverse DNS lookups, or more simply the attacker may be the +administrator of the DNS zone including the IP address of the remote +host. + +IV. Workaround + +None. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the +RELENG_4_3 security branch after the respective correction dates. + +2) FreeBSD 4.x systems prior to the correction date: + +The following patche has been verified to apply to FreeBSD +4.2-RELEASE, 4.3-RELEASE and 4.3-STABLE dated prior to the correction +date. This patch may or may not apply to older, unsupported releases +of FreeBSD. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:56/tcp_wrappers.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:56/tcp_wrappers.patch.asc + +# cd /usr/src/ +# patch -p < /path/to/patch +# cd /usr/src/lib/libwrap +# make depend && make all install + +One must also recompile any statically linked applications that link +against libwrap.a. There are no such applications in the base system. + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the +files which are replaced by the package. These backup copies will +be reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:56/security-patch-tcp_wrappers-01.56.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:56/security-patch-tcp_wrappers-01.56.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-tcp_wrappers-01.56.tgz + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected, for the supported branches of FreeBSD. The +$FreeBSD$ revision of installed sources can be examined using the +ident(1) command. The patch provided above does not cause these +revision numbers to be updated. + +[FreeBSD 4.3-STABLE] + + Revision Path + 1.2.2.3 src/contrib/tcp_wrappers/socket.c + +[RELENG_4_3] + + Revision Path + 1.2.2.2.2.1 src/contrib/tcp_wrappers/socket.c + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO4VsbFUuHi5z0oilAQGSLgQAlmWnYpSy1Da8Yvs4XkpQTgN32/9aBhM0 +yMM+qnd80ZYUayTNyqxKvgJDc7nROUa/qt+lWp6U1a9wuQEPX72Zq7549l8/SfuB +IkCsnwf6w8lzMCVYzTQeWm7qvf00QOWsqPCvIbw61SwPN1FfF8WLYBUCuT3hShJx +r8mBg+t55eY= +=az63 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:57.sendmail.asc b/share/security/advisories/FreeBSD-SA-01:57.sendmail.asc new file mode 100644 index 0000000000..118affff77 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:57.sendmail.asc @@ -0,0 +1,163 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:57 Security Advisory + FreeBSD, Inc. + +Topic: sendmail contains local root vulnerability [REVISED] + +Category: core +Module: sendmail +Announced: 2001-08-27 +Revised: 2001-08-30 +Credits: Cade Cairnss +Affects: FreeBSD 4-STABLE after August 27, 2000 and prior to + the correction date, FreeBSD 4.1.1-RELEASE, + 4.2-RELEASE, 4.3-RELEASE +Corrected: 2001-08-21 01:36:37 UTC (FreeBSD 4.3-STABLE) + 2001-08-22 05:34:11 UTC (RELENG_4_3) +FreeBSD only: NO + +0. Revision History + +v1.0 2001-08-27 Initial release +v1.1 2001-08-30 Update package to remove setuid bit from saved file; + add non-openssl package; correct typo in package + instructions; note that $Id: FreeBSD-SA-01:57.sendmail.asc,v 1.2 2001/09/06 21:05:35 kris Exp $ not updated in + RELENG_4_3. + +I. Background + +sendmail is a mail transfer agent. + +II. Problem Description + +Sendmail contains an input validation error which may lead to the +execution of arbitrary code with elevated privileges by local users. +Due to the improper use of signed integers in code responsible for the +processing of debugging arguments, a local user may be able to supply +the signed integer equivalent of a negative value supplied to +sendmail's "trace vector". This may allow a local user to write data +anywhere within a certain range of locations in process memory. +Because the '-d' command-line switch is processed before the program +drops its elevated privileges, the attacker may be able to cause +arbitrary code to be executed with root privileges. + +III. Impact + +Local users may be able to execute arbitrary code with root privileges. + +IV. Workaround + +Do not allow untrusted users to execute the sendmail binary. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the +RELENG_4_3 security branch after the respective correction dates. + +2) FreeBSD 4.x systems after August 27, 2000 and prior to the +correction date: + +The following patch has been verified to apply to FreeBSD +4.1.1-RELEASE, 4.2-RELEASE, 4.3-RELEASE and 4-STABLE dated prior to +the correction date. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:57/sendmail.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:57/sendmail.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch +# cd /usr/src/lib/libsmutil +# make depend && make all +# cd /usr/src/usr.sbin/sendmail +# make depend && make all install + +3) FreeBSD 4.3-RELEASE systems: + +** NOTE: The initial version of the upgrade package did not remove +** setuid root privileges from the saved copy of the sendmail binary. +** To correct this, deinstall the old package using the pkg_delete(1) +** command and install the corrected package as described below. + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the +files which are replaced by the package. These backup copies will +be reinstalled if the package is removed, reverting the system to a +pre-patched state. + +Two versions of the package are available, depending on whether or not +OpenSSL is installed. If the file /usr/lib/libcrypto.so exists on the +local system, follow the directions in section 1a) below, otherwise +follow the directions in section 1b). After adding the package, +proceed with the instructions in section 2). + +1a) If crypto is installed: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:57/security-patch-sendmail-crypto-01.57.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:57/security-patch-sendmail-crypto-01.57.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-sendmail-crypto-01.57.tgz + +1b) If crypto is not installed: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:57/security-patch-sendmail-nocrypto-01.57.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:57/security-patch-sendmail-nocrypto-01.57.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-sendmail-nocrypto-01.57.tgz + +2) Restart sendmail after applying the patch by executing the following +commands as root: + +# killall sendmail +# /usr/sbin/sendmail -bd -q30m + +The flags to sendmail may need to be adjusted as required for the +local system configuration. + +VI. Correction details + +The following is the sendmail $Id: FreeBSD-SA-01:57.sendmail.asc,v 1.2 2001/09/06 21:05:35 kris Exp $ revision number of the file that +was corrected for the supported branches of FreeBSD. The $Id: FreeBSD-SA-01:57.sendmail.asc,v 1.2 2001/09/06 21:05:35 kris Exp $ +revision number of the installed source can be examined using the +ident(1) command. Note that the $Id: FreeBSD-SA-01:57.sendmail.asc,v 1.2 2001/09/06 21:05:35 kris Exp $ tag was not updated on the +RELENG_4_3 branch because a newer vendor release of sendmail was not +imported, instead only this vulnerability was patched. + + Revision Path + 8.20.22.4 src/contrib/sendmail/src/trace.c + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO46RWlUuHi5z0oilAQH+VwP+MBpBopVejzWdHAjm0cEslleHZThEjja4 +qNd28CAQOy5KAdDcP61pqT2LcxlFUXyjRPjcVo6eqGaO63Lz3Ov2nnm3LPfcyR18 +PQaQkezGxTIfORuXxZiNA4EI51zjoquIRVWwMJaR1Azx+vf/u9XPIDVKA7rkL3df +wvTf9D4V7ZU= +=L1XV +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:58.lpd.asc b/share/security/advisories/FreeBSD-SA-01:58.lpd.asc new file mode 100644 index 0000000000..d96e2c8c77 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:58.lpd.asc @@ -0,0 +1,157 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:58 Security Advisory + FreeBSD, Inc. + +Topic: lpd contains remote root vulnerability + +Category: core +Module: lpd +Announced: 2001-08-30 +Credits: ISS X-Force +Affects: All released versions FreeBSD 4.x, 3.x, + FreeBSD 4.3-STABLE, 3.5.1-STABLE prior to the correction + date +Corrected: 2001-08-30 09:27:41 UTC (FreeBSD 4.3-STABLE) + 2001-08-30 09:28:35 UTC (RELENG_4_3) + 2001-08-30 09:46:44 UTC (FreeBSD 3.5.1-STABLE) +FreeBSD only: NO + +I. Background + +lpd is the BSD line printer daemon used to print local and remote +print jobs. + +II. Problem Description + +Users on the local machine or on remote systems which are allowed to +access the local line printer daemon may be able to cause a buffer +overflow. By submitting a specially-crafted incomplete print job and +subsequently requesting a display of the printer queue, a static +buffer overflow may be triggered. This may cause arbitrary code to be +executed on the local machine as root. + +In order to remotely exploit this vulnerability, the remote machine +must be given access to the local printer daemon via a hostname entry +in /etc/hosts.lpd or /etc/hosts.equiv. lpd is not enabled on FreeBSD +by default. + +All versions of FreeBSD prior to the correction date including FreeBSD +4.3 contain this problem. The base system that will ship with FreeBSD +4.4 does not contain this problem since it was corrected before the +release. + +III. Impact + +Users on the local machine and on remote systems which are allowed to +connect to the local printer daemon may be able to trigger a buffer +overflow causing arbitrary code to be executed on the local system as +root. + +lpd is not enabled by default. If you have not enabled lpd, your +system is not vulnerable. + +IV. Workaround + +Disable lpd by executing the following command as root: + +# killall lpd + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the +RELENG_4_3 security branch after the respective correction dates. + +2) FreeBSD 3.x, 4.x systems prior to the correction date: + +The following patches have been verified to apply to FreeBSD +4.2-RELEASE, 4.3-RELEASE, 4.3-STABLE and 3.5.1-STABLE dated prior to +the correction date. It may or may not apply to older, unsupported +versions of FreeBSD. + +Download the relevant patch and the detached PGP signature from the +following locations, and verify the signature using your PGP utility. + +[FreeBSD 4.3-RELEASE, 4.3-STABLE] + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-4.3.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-4.3.patch.asc + +[FreeBSD 4.2-RELEASE, 3.5.1-STABLE] + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch +# cd /usr/src/usr.sbin/lpr +# make depend && make all install + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:58/security-patch-lpd-01.58.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:58/security-patch-lpd-01.58.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-lpd-01.58.tgz + +Restart lpd after applying the patch by executing the following +commands as root: + +# killall lpd +# /usr/sbin/lpd + +VI. Correction details + +The following is the $FreeBSD$ revision number of the file that was +corrected for the supported branches of FreeBSD. The $FreeBSD$ +revision number of the installed source can be examined using the +ident(1) command. The patch provided above does not cause these +revision numbers to be updated. + +[FreeBSD 4.3-STABLE] + Revision Path + 1.15.2.8 src/usr.sbin/lpr/common_source/displayq.c + +[RELENG_4_3] + Revision Path + 1.15.2.3.2.1 src/usr.sbin/lpr/common_source/displayq.c + +[FreeBSD 3.5.1-STABLE] + Revision Path + 1.14.2.2 src/usr.sbin/lpr/common_source/displayq.c + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO46QLFUuHi5z0oilAQEJQQQAkjEeA8fQMhbFswTq743vCdfGKTSZbXRI +IF1hbTPKQ8G+dX57lMDgkR7WiFOf/DR9AFuX6gevCslCNJo8hySW74UxnnRv67/6 +lsNUqWfAXD+d/yDUMO6amWUlz8xFNpIHa5Zf8F1QaPI3TBzrKKPekFUa3sHwlBD1 +WSFK0ZoFMgw= +=8ZK/ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:59.rmuser.asc b/share/security/advisories/FreeBSD-SA-01:59.rmuser.asc new file mode 100644 index 0000000000..7ba66f613b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:59.rmuser.asc @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:59 Security Advisory + FreeBSD, Inc. + +Topic: rmuser contains a race condition exposing /etc/master.passwd + +Category: core +Module: rmuser +Announced: 2001-09-04 +Credits: dynamo@harvard.net +Affects: FreeBSD 4.2-RELEASE, 4.3-RELEASE + FreeBSD 4.3-STABLE prior to the correction date. +Corrected: 2001-07-28 12:10:15 UTC (4.3-STABLE) + 2001-09-04 07:46:57 UTC (RELENG_4_3) +FreeBSD only: Yes + +I. Background + +rmuser is a perl script used to completely remove users from a system. + +II. Problem Description + +When removing a user from the system with the rmuser utility, the +/etc/master.passwd file and it's corresponding database /etc/spwd.db +must be updated. The rmuser script was incorrectly doing this by +creating a new master.passwd file with an unsafe umask and then using +chmod to set its permissions to 0600. Between the time that the file +was created and the time that its permissions were changed the file is +world-readable. + +This is only a minor security vulnerability since the rmuser command +is only used infrequently on most systems, and the attack is highly +timing-dependent. + +All versions of FreeBSD prior to the correction date including FreeBSD +4.3 contain this problem. The base system that will ship with FreeBSD +4.4 does not contain this problem since it was corrected prior to the +release. + +III. Impact + +For a brief amount of time while running rmuser, a world-readable copy +of /etc/master.passwd is available. A local attacker who reads this +file can extract password hashes from the copy of /etc/master.passwd. +This information could be used by attackers to escalate their +privileges, possibly yielding root privileges on the local system, by +mounting an offline dictionary attack in order to guess the plaintext +passwords of the accounts on the local system. + +IV. Workaround + +Use the pw(8) utility to remove users instead of rmuser. + + - "pw userdel " will only remove the user from + /etc/passwd, /etc/master.passwd and /etc/group + - "pw -r userdel " will also remove the user's home + dirrectory + +V. Solution + +1) Upgrade your vulnerable system to 4.3-STABLE or the RELENG_4_3 +security branch, dated after the respective correction dates. + +2) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:59/rmuser.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:59/rmuser.patch.asc + +Verify the detached PGP signature using your PGP utility. + +This patch has been verified to apply to FreeBSD 4.2-RELEASE and +4.3-RELEASE. It may or may not apply to older, unsupported releases +of FreeBSD. + +# cd /usr/src/usr.sbin/adduser +# patch -p < /path/to/patch +# make depend && make all install + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:59/security-patch-rmuser-01.59.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:59/security-patch-rmuser-01.59.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-rmuser-01.59.tgz + +VI. CVS Revisions + +The following $FreeBSD$ CVS revision contain the fixes for this +vulnerability. The $FreeBSD$ revision of installed sources can be +examined using the ident(1) command. These revision IDs are not +updated by applying the patch referenced above. + +[FreeBSD 4.3-STABLE] + + Revision Path + 1.8.2.5 src/usr.sbin/rmuser.perl + +[RELENG_4_3] + + Revision Path + 1.8.2.2.2.1 src/usr.sbin/rmuser.perl +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO5SH1lUuHi5z0oilAQEWLAQAniPWZpgjNvhoT6ECltW4G9lKlsswDur9 +WMKkX2KEvZ9pswx3rqkn1IC+kBTfgdwwhU/54dyx1HKb2XJH5QdGpW/H/niTox4z +ImJjctZNvnEuB52si1+Ivx3avwgw57YjAsJgLcv+CYYW+iizX1zVFBjdce6PDQgI +pb50qM0sJYA= +=hxQ5 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:60.procmail.asc b/share/security/advisories/FreeBSD-SA-01:60.procmail.asc new file mode 100644 index 0000000000..faaf28705a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:60.procmail.asc @@ -0,0 +1,106 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:60 Security Advisory + FreeBSD, Inc. + +Topic: Multiple vulnerabilities in procmail signal handling + +Category: ports +Module: procmail +Announced: 2001-09-24 +Credits: Philip A. Guenther +Affects: Ports collection prior to the correction date. +Corrected: 2001-06-29 06:46:38 2001 UTC +FreeBSD only: NO + +I. Background + +procmail is an incoming mail processor, typically used to implement +mail filters as well as sorting incoming mail into folders. + +II. Problem Description + +procmail versions prior to procmail 3.20 performed unsafe actions +while in the signal handlers. If a signal is delivered while procmail +is already in an unsafe signal handler, undefined behaviour may +result, possibly leading to the ability to perform actions as the +superuser under unprivileged local user control. + +The procmail port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 5900 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 is not +vulnerable to this problem since it was discovered before its release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Because procmail runs setuid root, a local attacker may be able to +take advantage of these problems in order to obtain superuser +privileges, although there are no known exploits as of the date of +this advisory. + +IV. Workaround + +1) Deinstall the procmail port/package if you have it installed. + +V. Solution + +The port procmail-3.20 and later versions include fixes for these +vulnerabilities. + +1) Upgrade your entire ports collection and rebuild the procmail port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/procmail-3.21.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/procmail-3.21.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) Download a new port skeleton for the procmail port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/mail/procmail/Makefile 1.38 +ports/mail/procmail/distinfo 1.11 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO6+biVUuHi5z0oilAQHoEgP9HCVVpBp0+sTfJR5ATE2B5rVCLk6qQZVC +oGsQ2Xr5pm6JZfcFM4iuSPqdd8weosX6l1g81uyBTM7aHvae5ul+iQLNkFyW2CeI +98lGEa2pWV9Qw7/c19/nUSHwTGr++9XtUGysfnpI/zSQqGjkcNJF3gVe4Hsn153Q +wJ5Y519JoC4= +=Ti/S +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:61.squid.asc b/share/security/advisories/FreeBSD-SA-01:61.squid.asc new file mode 100644 index 0000000000..d90652ddde --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:61.squid.asc @@ -0,0 +1,109 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:61 Security Advisory + FreeBSD, Inc. + +Topic: Squid in accelerator-only mode ignores ACLs + +Category: ports +Modules: squid22, squid23, squid24 +Announced: 2001-10-08 +Credits: Paul Nasrat +Affects: Ports collection prior to the correction date. +Corrected: 2001-07-29 12:29:00 (squid23) + 2001-08-28 16:48:35 2001 UTC (squid24) +FreeBSD only: NO + +I. Background + +The Squid Internet Object Cache is a web proxy/cache. + +II. Problem Description + +If squid is configured in acceleration-only mode (http_accel_host is +set, but http_accel_with_proxy is off), then as a result of a bug, +access control lists (ACLs) are ignored. + +III. Impact + +A remote attacker may use the squid server in order to issue requests +to hosts that are otherwise inaccessible. Because the squid server +processes these requests as HTTP requests, the attacker cannot send or +retrieve arbitrary data. However, the attacker could use squid's +response to determine if a particular port is open on a victim host. +Therefore, the squid server may be used to conduct a port scan. + +IV. Workaround + +1) Do not run squid in acceleration-only mode. + +2) Deinstall the squid port/package if you have it installed. + +V. Solution + +The port squid-2.3_1 and later 2.3 versions, and the port squid-2.4_5 +and later 2.4 versions include fixes for this vulnerability. The +squid-2.3 and squid-2.2 ports have been deprecated and removed from +the ports collection, and users are advised to upgrade to squid-2.4 as +soon as possible. + +1) Upgrade your entire ports collection and rebuild the squid port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.3_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.4_5.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/squid-2.3_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/squid-2.4_5.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) Download a new port skeleton for the procmail port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Affected port + Path Revision +- ------------------------------------------------------------------------- +squid22 + *NOT CORRECTED* +squid23 + ports/www/squid23/Makefile 1.78 + ports/www/squid23/distinfo 1.57 +squid24 + ports/www/squid24/Makefile 1.84 + ports/www/squid24/distinfo 1.61 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO8IVHVUuHi5z0oilAQGK1AP+MZ+Drf7VzdO1O0nr4SIIS8/FGmLYsIha +WsjWUBpmIeQk/c8jjLDMu32yIRoZNSu3F1Alc4XieDznAE8ZjburLMHY9RrQHOOY +WKuBcjjgSpmeB84MVIT0nCOtlI6+cmk7gLflxNYwUY1QKkIff5KrhTRqByJnICW3 ++g0WZtpdinE= +=js2W +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:62.uucp.asc b/share/security/advisories/FreeBSD-SA-01:62.uucp.asc new file mode 100644 index 0000000000..86cedc7986 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:62.uucp.asc @@ -0,0 +1,160 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:62 Security Advisory + FreeBSD, Inc. + +Topic: UUCP allows local root exploit + +Category: core +Module: uucp +Announced: 2001-10-08 +Credits: zen-parse@gmx.net +Affects: All released versions of FreeBSD 4.x prior to 4.4. + FreeBSD 4.3-STABLE prior to the correction date. +Corrected: 2001-09-10 20:22:57 UTC (FreeBSD 4.3-STABLE) + 2001-09-10 22:30:28 UTC (RELENG_4_3) +FreeBSD only: NO + +I. Background + +Taylor UUCP is an implementation of the Unix-to-Unix Copy Protocol, a +protocol sometimes used for mail delivery on systems where permanent +IP connectivity to the internet is not available. + +II. Problem Description + +The UUCP suite of utilities allow a user-specified configuration file +to be given on the command-line. This configuration file is +incorrectly processed by the setuid uucp and/or setgid dialer UUCP +utilities while running as the uucp user and/or dialer group, and +allows unprivileged local users to execute arbitrary commands as the +uucp user and/or dialer group. + +Since the uucp user owns most of the UUCP binaries (this is required +for UUCP to be able to write to its spool directory during normal +operation, by virtue of being setuid) the attacker can replace these +binaries with trojaned versions which execute arbitrary commands as +the user which runs them. The uustat binary is run as root by default +during the daily maintenance scripts. + +All versions of FreeBSD 4.x prior to the correction date including +4.3-RELEASE are vulnerable to this problem, but it was corrected prior +to the release of FreeBSD 4.4-RELEASE. + +III. Impact + +Unprivileged local users can overwrite the uustat binary, which is +executed as root by the daily system maintenance scripts. This allows +them to execute arbitrary commands as root the next time the daily +maintenance scripts are run. + +IV. Workaround + +One or more of the following: + +1) Set the noschg flag on all binaries owned by the uucp user: + +# chflags schg /usr/bin/cu /usr/bin/uucp /usr/bin/uuname \ +/usr/bin/uustat /usr/bin/uux /usr/bin/tip /usr/libexec/uucp/uucico \ +/usr/libexec/uucp/uuxqt + +2) Remove the above binaries from the system, if UUCP is not in use. + +3) Disable the daily UUCP maintenance tasks by adding the following +lines to /etc/periodic.conf: + +# 340.uucp +daily_uuclean_enable="NO" # Run uuclean.daily + +# 410.status-uucp +daily_status_uucp_enable="NO" # Check uucp status + +# 300.uucp +weekly_uucp_enable="NO" # Clean uucp weekly + +V. Solution + +We recommend that UUCP be removed entirely from systems containing +untrusted users: to remove UUCP, refer to the directions in section IV +above. Compiling the UUCP binaries when rebuilding the FreeBSD system +can be prevented by adding the following line to /etc/make.conf: + +NOUUCP=true + +1) Upgrade your vulnerable FreeBSD system to 4.4-RELEASE, 4.4-STABLE +or the RELENG_4_3 security branch dated after the respective +correction dates. + +2) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +[FreeBSD 4.3] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:62/uucp.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:62/uucp.patch.asc + +Verify the detached PGP signature using your PGP utility. + +# cd /usr/src +# patch -p < /path/to/patch +# make depend && make all install + +3) FreeBSD 4.3-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.3-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:62/security-patch-uucp-01.62.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:62/security-patch-uucp-01.62.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-uucp-01.62.tgz + +VI. Correction details + +The following is the $FreeBSD$ revision number of the file that was +corrected for the supported branches of FreeBSD. The $FreeBSD$ +revision number of the installed source can be examined using the +ident(1) command. The patch provided above does not cause these +revision numbers to be updated. + +[FreeBSD 4.3-STABLE] + Revision Path + +[RELENG_4_3] + Revision Path + 1.8.4.1 src/gnu/libexec/uucp/cu/Makefile + 1.6.4.1 src/gnu/libexec/uucp/uucp/Makefile + 1.5.4.1 src/gnu/libexec/uucp/uuname/Makefile + 1.5.4.1 src/gnu/libexec/uucp/uustat/Makefile + 1.6.4.1 src/gnu/libexec/uucp/uux/Makefile + 1.10.8.1 src/usr.bin/tip/tip/Makefile + 1.3.2.2.2.1 src/etc/periodic/daily/410.status-uucp + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBO8IU0FUuHi5z0oilAQFE4gP/dqLwzjAk3M5fhtfsENFy0OAlzQA70SG3 +IJibpH19KdjcQX53CrLI/wI34JXqCVfiGpw2kLSysL6yfbBI+3Z2YUxPRaxrtoGF +9R4ZcCuuLuE14pCmAtWnLEdXFHVRThJzsLzk2xEZkhYU5hufW3+IqfIMcMNayQbf +BSI5/zAjPG4= +=TBLy +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:63.openssh.asc b/share/security/advisories/FreeBSD-SA-01:63.openssh.asc new file mode 100644 index 0000000000..4a2cffbf2a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:63.openssh.asc @@ -0,0 +1,271 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:63 Security Advisory + FreeBSD, Inc. + +Topic: OpenSSH UseLogin directive permits privilege escalation + [REVISED] + +Category: core/ports +Module: openssh +Announced: 2001-12-02 +Revised: 2001-12-06 +Credits: Markus Friedl +Affects: FreeBSD 4.3-RELEASE, 4.4-RELEASE + FreeBSD 4.4-STABLE prior to the correction date + Ports collection prior to the correction date +Corrected: 2001-12-03 00:53:28 UTC (RELENG_4) + 2001-12-03 00:54:18 UTC (RELENG_4_4) + 2001-12-03 00:54:54 UTC (RELENG_4_3) + 2001-12-02 06:52:40 UTC (openssh port) +FreeBSD only: NO + +0. Revision History + +v1.0 2001-12-02 Initial release +v1.1 2001-12-06 Corrected patch instructions + +I. Background + +OpenSSH is an implementation of the SSH1 and SSH2 secure shell +protocols for providing encrypted and authenticated network access, +which is available free for unrestricted use. Versions of OpenSSH are +included in the FreeBSD ports collection and the FreeBSD base system. + +II. Problem Description + +OpenSSH includes a feature by which a user can arrange for +environmental variables to be set depending upon the key used for +authentication. These environmental variables are specified in the +`authorized_keys' (SSHv1) or `authorized_keys2' (SSHv2) files in the +user's home directory on the server. This is normally safe, as this +environment is passed only to the user's shell, which is invoked with +user privileges. + +However, when the OpenSSH server `sshd' is configured to use +the system's login program (via the directive `UseLogin yes' in +sshd_config), this environment is passed to login, which is invoked +with superuser privileges. Because certain environmental variables +such as LD_LIBRARY_PATH and LD_PRELOAD can be set using the previously +described feature, the user may arrange for login to execute arbitrary +code with superuser privileges. + +All versions of FreeBSD 4.x prior to the correction date including +FreeBSD 4.3 and 4.4 are potentially vulnerable to this problem. +However, the OpenSSH server is configured to not use the system login +program (`UseLogin no') by default, and is therefore not vulnerable +unless the system administrator has changed this setting. + +In addition, there are two versions of OpenSSH included in the +ports collection. One is ports/security/openssh, which is the +BSD-specific version of OpenSSH. Versions of this port prior to +openssh-3.0.2 exhibit the problem described above. The other is +ports/security/openssh-portable, which is not vulnerable, even if the +server is set to `UseLogin yes'. + +III. Impact + +Hostile but otherwise legitimate users that can successfully +authenticate using public key authentication may cause /usr/bin/login +to run arbitrary code as the superuser. + +If you have not enabled the 'UseLogin' directive in the sshd +configuration file, you are not vulnerable to this problem. + +IV. Workaround + +Doing one of the following will eliminate the vulnerability: + +1) Configure sshd to not use the system login program. Edit the + server configuration file and change any `UseLogin' directives + to `UseLogin no'. This is the preferred workaround. + +2) If for whatever reason, disabling `UseLogin' is not possible, + then one can instead disable public key authentication. Edit the + server configuration file and change any `RSAAuthentication', + `DSAAuthentication', or `PubKeyAuthentication' directives + to `RSAAuthentication no', `DSAAuthentication no', and + `PubKeyAuthentication no', respectively. + +For sshd included in the base system (/usr/bin/sshd), the +server configuration file is `/etc/ssh/sshd_config'. For sshd +from the ports collection, the server configuration file is +`/usr/local/etc/sshd_config'. + +After modifying the sshd configuration file, the sshd daemon must be +restarted by executing the following command as root: + +# kill -HUP `cat /var/run/sshd.pid` + +V. Solution + +1) Upgrade the vulnerable system to 4.3-RELEASEp21, 4.4-RELEASEp1, or +4.4-STABLE after the correction date, or patch your current system +source code and rebuild. + +2) FreeBSD 4.x systems prior to the correction date: + +The following patch has been verified to apply to FreeBSD +4.3-RELEASE, 4.4-RELEASE, and 4.4-STABLE dated prior to the +correction date. It may or may not apply to older, unsupported +versions of FreeBSD. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch.asc + +Execute the following commands as root: + +# cd /usr/src/crypto/openssh +# patch < /path/to/sshd.patch +# cd /usr/src/secure/lib/libssh +# make depend && make all +# cd /usr/src/secure/usr.sbin/sshd +# make depend && make all install + +3) FreeBSD 4.4-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.4-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. In addition, the package automatically restarts +the sshd daemon if it is running. + +Three versions of the upgrade package are available, depending on +whether or not the system has the kerberosIV or kerberos5 +distributions installed. + +3a) For systems without kerberosIV or kerberos5 installed: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-sshd-01.63.tgz + +3b) For systems with kerberosIV only installed: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-sshd-kerberosIV-01.63.tgz + +3c) For systems with kerberos5 only installed: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-sshd-kerberos5-01.63.tgz + +3d) For systems with both kerberosIV and kerberos5 installed: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-sshd-kerberosIV-kerberos5-01.63.tgz + +[Ports collection] + +One of the following: + +1) Upgrade your entire ports collection and rebuild the OpenSSH port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-3.0.2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-3.0.2.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) Download a new port skeleton for the openssh port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/crypto/openssh/session.c + HEAD 1.18 + RELENG_4 1.4.2.11 + RELENG_4_4 1.4.2.8.4.1 + RELENG_4_3 1.4.2.8.2.1 +src/crypto/openssh/version.h + HEAD 1.9 + RELENG_4 1.1.1.1.2.7 + RELENG_4_4 1.1.1.1.2.5.2.1 + RELENG_4_3 1.1.1.1.2.4.2.1 +ports/security/openssh/Makefile 1.79 +- ------------------------------------------------------------------------- + +For OpenSSH included in the base system, there is a version string +indicating which FreeBSD localizations are available. The following +table lists the version strings for each branch which include this +security fix: + +Branch Version string +- ------------------------------------------------------------------------- +HEAD OpenSSH_2.9 FreeBSD localisations 20011202 +RELENG_4 OpenSSH_2.9 FreeBSD localisations 20011202 +RELENG_4_4 OpenSSH_2.3.0 FreeBSD localisations 20011202 +RELENG_4_3 OpenSSH_2.3.0 green@FreeBSD.org 20011202 +- ------------------------------------------------------------------------- + +To view the version string of the OpenSSH server, execute the following +command: + + % /usr/sbin/sshd -\? + +The version string is also displayed when a client connects to the +server. + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Comment: http://www.nectar.cc/pgp + +iQCVAwUBPBDzPFUuHi5z0oilAQECogP+IDA7Sn9Rzfk6W+LDly1YlZHu8A6qRg0R +umq5u4ZbNRxEmUgGGpRkZ7U4dn25LCbECqhXu+UZLXHTn2gLN1gt9HTNIaNo4fmS +E8Y+6JPMfJfQc/er1VmD1YNDkWd0VS88gwfnbHby9GiwGv4geRpIe/VsgvA8Fc1d +vpOYor3W6ag= +=7u2U +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:64.wu-ftpd.asc b/share/security/advisories/FreeBSD-SA-01:64.wu-ftpd.asc new file mode 100644 index 0000000000..8820bc4e4f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:64.wu-ftpd.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:64 Security Advisory + FreeBSD, Inc. + +Topic: wu-ftpd port contains remote root compromise + +Category: ports +Module: wu-ftpd +Announced: 2001-12-04 +Credits: CORE Security Technologies + Contact: Ivan Arce (iarce@corest.com) +Affects: Ports collection prior to the correction date +Corrected: 2001-11-28 10:52:26 UTC +FreeBSD only: NO + +I. Background + +wu-ftpd is a popular full-featured FTP server. + +II. Problem Description + +The wu-ftpd port, versions prior to wu-ftpd-2.6.1_7, contains a +vulnerability which allows FTP users, both anonymous FTP users and +those with valid accounts, to execute arbitrary code as root on +the local machine. This may be accomplished by inserting invalid +globbing parameters which are incorrectly parsed by the FTP server +into command input. + +The wu-ftpd port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +FTP users, including anonymous FTP users, can cause arbitrary commands +to be executed as root on the local machine. + +If you have not chosen to install the wu-ftpd port/package, then your +system is not vulnerable to this problem. + +IV. Workaround + +Deinstall the wu-ftpd port/package, if you have installed it. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the wu-ftpd port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.1_7.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.1_7.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) download a new port skeleton for the wu-ftpd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/ftp/wu-ftpd/Makefile 1.41 +ports/ftp/wu-ftpd/files/patch-ap 1.2 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPA0CA1UuHi5z0oilAQENSQP9HaHiACNyiHZtV8ILnUZWb+D01qf0wTy2 +gbZJGfKL/JTP41KLR4EpUitF5SZ+3Zjm8Ebv8XXCjCFWgIBU1xhZaXgi2U9PRLlG +XxHKzvpGnTuBj3uJiLs2UvAbQ9Jz5Wp02u6fJV75dcbnXTPLSGRvxJZwOb2FHxnE +MBUlG+QDpPw= +=sp+c +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:65.libgtop.asc b/share/security/advisories/FreeBSD-SA-01:65.libgtop.asc new file mode 100644 index 0000000000..123cc61146 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:65.libgtop.asc @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:65 Security Advisory + FreeBSD, Inc. + +Topic: Buffer overflow in libgtop_server + +Category: ports +Module: libgtop +Announced: 2001-12-11 +Credits: Flavio Veloso +Affects: Ports collection prior to the correction date +Corrected: 2001-11-29 15:06:19 UTC +FreeBSD only: NO + +I. Background + +libgtop is a library for gtop, the GNOME version of the top command. +The top command is a tool to display and update information about the +top cpu processes. + +II. Problem Description + +The libgtop port versions prior to libgtop-1.0.12_1 contain a stack +buffer overflow in libgtop_server, allowing an arbitrary amount of +data from the client application (assumed to be gtop) to be read +into a fixed-sized buffer. A local attacker can exploit this bug to +cause libgtop_server to execute arbitrary code. libgtop_server runs +with increased privileges as a member of group kmem, which allows +it to read kernel memory (but not write it). A process with the +ability to read from kernel memory can monitor privileged data such as +network traffic, disk buffers and terminal activity, and may be able +to leverage this to obtain further privileges on the local system or +on other systems, including root privileges. + +The libgtop port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A successful exploit of this stack buffer overflow would allow an +attacker arbitrary access to kernel memory, possibly acquiring +information allowing further increases in privileges. + +No exploit is known to exist at this time, and it is not known +whether this buffer overflow is exploitable even in theory. In any +case, local access to the machine on which libgtop_server is running +is required to attempt an attack. + +IV. Workaround + +1) Deinstall the libgtop port/package if you have it installed. + +OR + +2) Remove the setgid bit from the libgtop_server executable by +executing the following command as root: + +# chmod g-s `which libgtop_server` + +V. Solution + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/libgtop-1.0.12_1.tar.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/libgtop-1.0.12_1.tar.gz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) Download a new port skeleton for the libgtop port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/devel/libgtop/Makefile 1.45 +ports/devel/libgtop/files/patch-src::daemon::gnuserv.c 1.1 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Comment: http://www.nectar.cc/pgp + +iQCVAwUBPBY6xlUuHi5z0oilAQHwmQQAh3KtiIcKjmw5e9B2ABmdRYlwWFVEgN9F +QlUj8NqiDUaekQoLb5p923Y8VC0/9e/alRrnvd4kcmVmU8PUpXNaMp4cHz1mHnLQ +7w4QQ+qzmEOGJFOiUjE21FY8gPR3HH2rKiIOJyeHezRkUqhWMqlERJ08hnmtqjib +2TukQesxbzw= +=gyPX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:66.thttpd.asc b/share/security/advisories/FreeBSD-SA-01:66.thttpd.asc new file mode 100644 index 0000000000..107284c67c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:66.thttpd.asc @@ -0,0 +1,92 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:66 Security Advisory + FreeBSD, Inc. + +Topic: thttpd port contains remotely vulnerability + +Category: ports +Module: thttpd +Announced: 2001-12-11 +Credits: GOBBLES SECURITY +Affects: Ports collection prior to the correction date +Corrected: 2001-11-22 00:10:56 UTC +FreeBSD only: no + +I. Background + +thttpd is a simple, small, portable, fast, and secure HTTP server. + +II. Problem Description + +In auth_check(), there is an off-by-one error in computing the amount +of memory needed for storing a NUL terminated string. Specifically, a +stack buffer of 500 bytes is used to store a string of up to 501 bytes +including the terminating NUL. + +III. Impact + +Due to the location of the affected buffer on the stack, this bug +can be exploited using ``The poisoned NUL byte'' technique (see +references). A remote attacker can hijack the thttpd process, +obtaining whatever privileges it has. By default, the thttpd process +runs as user `nobody'. + +IV. Workaround + +1) Deinstall the thttpd port/package if you have it installed. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/thttpd-2.22.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/thttpd-2.22.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) Download a new port skeleton for the thttpd port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/www/thttpd/Makefile 1.23 +ports/www/thttpd/distinfo 1.20 +ports/www/thttpd/files/patch-fdwatch.c removed +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Comment: http://www.nectar.cc/pgp + +iQCVAwUBPBY6x1UuHi5z0oilAQEHrgQAgscqPT0AVJcotWgO1t8WuJQyNukLHnDS +qGa8LT7ebuMY/Nl6JJzTYudwmr16RtJNPSYTfk1eHPWgAYzKyiNM7uMU87ZDplpM +FOggQbjdhFPNUE3WK8P2cmdm+7mrZbdWGJmvZpYH4TRNn6yQVV4F8tENl+nPu3I+ +5IGxGqgr2vA= +=1MCH +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:67.htdig.asc b/share/security/advisories/FreeBSD-SA-01:67.htdig.asc new file mode 100644 index 0000000000..a446a3d69a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:67.htdig.asc @@ -0,0 +1,110 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:67 Security Advisory + FreeBSD, Inc. + +Topic: htdig configuration file vulnerability + +Category: ports +Module: htdig +Announced: 2001-12-17 +Credits: Rafal Wojtczuk +Affects: Ports collection prior to the correction date +Corrected: 2001-09-25 07:08:47 2001 UTC +FreeBSD only: NO + +I. Background + +htsearch is a part of htdig. The htdig system is a complete World Wide +Web indexing and searching system. + +II. Problem Description + +htsearch can be run either remotely as a CGI or from the command line. +htsearch supports several options for use from the command line, such +as an option specifying a configuration file that it should use. +However, these options are not limited to use via the command line. +When run as a CGI script, htsearch still honors these options, which +may be passed as part of the URL. As a result, a remote attacker can +request that htsearch use any file that the webserver has sufficient +privilege to read as a configuration file. + +The htsearch port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A remote attacker may use htsearch as a kind of denial-of-service +attack by causing it to read a never-ending special file such as +`/dev/null'. + +More seriously, if the attacker has a local account or can otherwise +create a file on the target system (such as via anonymous FTP upload +or Samba), then he can remotely read any file on the target system for +which the webserver has sufficient privilege. + +IV. Workaround + +1) Deinstall the htdig port/package if you have it installed. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the htdig port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/textproc/htdig-3.1.5_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/textproc/htdig-3.1.5_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) Download a new port skeleton for the htdig port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/textproc/htdig/Makefile 1.20 +ports/textproc/htdig/file/patch-htsearch_cc 1.1 +- ------------------------------------------------------------------------- + +VII. References + + + + +-----BEGIN PGP SIGNATURE----- +Comment: http://www.nectar.cc/pgp + +iQCVAwUBPB4x3FUuHi5z0oilAQHsFgP/XYz0xj2mb7RjsKxkrM0Ymtur3CJAWjc/ +2lNGjTWMCg46PFX+wlLkd5O37Ryr6wPALamLJu30WmYNgIMPU64vlTrqXVzgPgwv +ZZP3xv8qKTNrZwo40QYxTgeWF2dxIHAztrcD25CEUvrgPTAs0ZjwLKoVxM3sCqyl +Fr2A/AN+JWw= +=oZgk +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-01:68.xsane.asc b/share/security/advisories/FreeBSD-SA-01:68.xsane.asc new file mode 100644 index 0000000000..777d1375e5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-01:68.xsane.asc @@ -0,0 +1,106 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-01:68 Security Advisory + FreeBSD, Inc. + +Topic: xsane port uses insecure temporary file handling + +Category: ports +Module: xsane +Announced: 2001-12-17 +Credits: Tim Waugh , michal@harddata.com +Affects: Ports collection prior to the correction date +Corrected: 2001-12-14 01:58:36 UTC +FreeBSD only: NO + +I. Background + +The XSane application is a gtk based X11 front-end to the SANE +(Scanner Access Now Easy) library used to interface with scanners. +XSane will acquire images using devices such as scanners and cameras. + +II. Problem Description + +XSane creates temporary files in /tmp during the process of scanning +images and to communicate with SANE (the back-end application which +actually performs the scans) during image preview and save. + +However XSane creates temporary files using mktemp(3), which can be +easily predicted (see the BUGS section of the mktemp(3) man page). +This makes XSane vulnerable to exploit, opening the opportunity for a +user's files to be overwritten through a race condition. + +The xsane port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A local user may be able to cause xsane (run by another user) to +overwrite any file for which the latter user has sufficient privilege. +While it is advisable to run XSane with a non-privileged user account, +many users run it using the root account, increasing the risk. + +IV. Workaround + +1) Deinstall the xsane port/package if you have it installed. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/xsane-0.82.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/xsane-0.82.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) Download a new port skeleton for the xsane port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/graphics/xsane/Makefile 1.30 +ports/graphics/xsane/distinfo 1.20 +ports/graphics/xsane/pkg-plist 1.18 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Comment: http://www.nectar.cc/pgp + +iQCVAwUBPB4x0lUuHi5z0oilAQGbNwP+NZpON4EgH8X/5Jzqr9ITnB4R3ljyka52 +lf1fuHrVgX1JJAi5SCFcNaJWcLC44Y24+Yzs4b3zsGszMS+dkG8GrkO+wD2nsTjq +KTEGy8o+3Wyon/gcGQkU1AyhLdfticZhVSTubkcfg8AZUvkQV7zPuvLVronOcYGb +QKpTRN0MDJo= +=qr4R +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc b/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc new file mode 100644 index 0000000000..eb22d75ff9 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc @@ -0,0 +1,108 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:01 Security Advisory + FreeBSD, Inc. + +Topic: Directory permission vulnerability in pkg_add [REVISED] + +Category: core +Module: pkg_install +Announced: 2002-01-04 +Revised: 2002-01-07 +Credits: The Anarcat +Affects: All versions of FreeBSD prior to the correction date. +Corrected: 2001/11/22 17:40:36 UTC (4.4-STABLE aka RELENG_4) + 2001/12/07 20:58:46 UTC (4.4-RELEASEp1 aka RELENG_4_4) + 2001/12/07 20:57:19 UTC (4.3-RELEASEp21 aka RELENG_4_3) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-01-04 Initial release +v1.1 2002-01-07 Correct terminology in problem description. + +I. Background + +pkg_add is a utility program used to install software package +distributions on FreeBSD systems. + +II. Problem Description + +pkg_add extracts the contents of the package to a temporary directory, +then moves files from the temporary directory to their ultimate +destination on the system. The temporary directory used in the +extraction was created with world-searchable permissions, allowing +arbitrary users to examine the contents of the package as it was +being extracted. This might allow users to attack world-writable +parts of the package during installation. + +III. Impact + +A local attacker may be able to modify the package contents and +potentially elevate privileges or otherwise compromise the system. +There are no known exploits as of the date of this advisory. + +IV. Workaround + +1) Remove or discontinue use of the pkg_add binary until it has +been upgraded. + +2) When running pkg_add, create a secure temporary directory (such +as /var/tmp/inst) and secure the directory permissions (chmod 700 +/var/tmp/inst). Set the TMPDIR environment variable to this +directory before running pkg_add. + +V. Solution + +1) Upgrade your vulnerable FreeBSD system to 4.4-STABLE, or the +RELENG_4_4 or RELENG_4_3 security branches dated after the respective +correction dates. + +2) FreeBSD 4.x systems prior to the correction date: + +The following patch has been verified to apply to FreeBSD 4.3-RELEASE, +4.4-RELEASE, and 4-STABLE dated prior to the correction date. This +patch may or may not apply to older, unsupported releases of FreeBSD. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch +# cd /usr/src/usr.sbin/pkg_install +# make depend && make all install + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected in the FreeBSD source + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/usr.sbin/pkg_install/lib/pen.c + HEAD 1.37 + RELENG_4 1.31.2.6 + RELENG_4_4 1.31.2.2.2.1 + RELENG_4_3 1.31.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPDnE7VUuHi5z0oilAQHc3AP+IVLft31MShGngUPRQOQRHsNPjdqwdacj +ptKjsMfGCpDRyqgIc8CoaI/Bln6VKkKS3HuOYx4pYOPY5QjBPy9JpPSJrAxP/H/N +424apgpo2eCmGcoIbCdM2RH1YYyKZANzt5igWNss1FbppvYbVwx+zZPBA4dyl9MZ +8rat83zoMAc= +=g74K +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:02.pw.asc b/share/security/advisories/FreeBSD-SA-02:02.pw.asc new file mode 100644 index 0000000000..2a5c1bf259 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:02.pw.asc @@ -0,0 +1,97 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:02 Security Advisory + FreeBSD, Inc. + +Topic: pw(8) race condition may allow disclosure of master.passwd + +Category: core +Module: pw +Announced: 2002-01-04 +Credits: ryan beasley +Affects: All releases prior to 4.5-RELEASE, + 4.4-STABLE prior to the correction date +Corrected: 2001-12-21 15:21:32 UTC (4.4-STABLE aka RELENG_4) + 2001-12-21 15:22:55 UTC (4.4-RELEASEp1 aka RELENG_4_4) + 2001-12-21 15:23:04 UTC (4.3-RELEASEp21 aka RELENG_4_3) +FreeBSD only: YES + +I. Background + +The pw(8) utility is used to create, remove, modify, and display system +users and groups. + +II. Problem Description + +When creating, removing, or modifying system users, the pw utility +modifies the system password file `/etc/master.passwd'. This file +contains the users' encrypted passwords and is normally only readable +by root. During the modification, a temporary copy of the file is +created. However, this temporary file is mistakenly created with +permissions that allow it to be read by any user. + +III. Impact + +A local attacker can read the temporary file created by pw(8) and +use the encrypted passwords to conduct an off-line dictionary attack. +A successful attack would result in the recovery of one or more +passwords. Because the temporary file is short-lived (it is removed +almost immediately after creation), this can be difficult to exploit: +an attacker must `race' to read the file before it is removed. + +IV. Workaround + +1) Do not use pw(8) to create, remove, or modify system users. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4-STABLE (RELENG_4), the +4.4-RELEASE security-fix branch (RELENG_4_4), or the 4.3-RELEASE +security-fix branch (RELENG_4_3), dated after the correction date. + +2) FreeBSD 4.x systems prior to the correction date: + +The following patch has been verified to apply to FreeBSD 4.3-RELEASE, +4.4-RELEASE, and 4-STABLE dated prior to the correction date. This +patch may or may not apply to older, unsupported releases of FreeBSD. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/pw +# make depend && make all install + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected in the FreeBSD source + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/usr.sbin/pw/pwupd.c + HEAD (CURRENT) 1.18 + RELENG_4 (4-STABLE) 1.12.2.4 + RELENG_4_4 (4.4-RELEASE security branch) 1.12.2.3.4.1 + RELENG_4_3 (4.3-RELEASE security branch) 1.12.2.3.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPDZOB1UuHi5z0oilAQE/FQP/UjSXBA+ntiemKMpvgQfHkvNFjT/L9VC6 +j1q7yhuM+JKIeQcAiotvEFmnRjZquJaNTvBRa4TSbr9943smZ7w8wC3lzq4aLBSv +e4L1F/uIUx19hyeEDL8FEdE5hqiltFJVa605pNoyLtLBQx9UfYkdfZo9SqFtAIdl +qNU0wX2XJU0= +=g2Uh +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc b/share/security/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc new file mode 100644 index 0000000000..d849bf38b7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc @@ -0,0 +1,104 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:03 Security Advisory + FreeBSD, Inc. + +Topic: mod_auth_pgsql port authentication bypass + +Category: ports +Module: mod_auth_pgsql +Announced: 2002-01-04 +Credits: RUS CERT +Affects: Ports collection prior to the correction date +Corrected: 2001-10-02 11:33:49 UTC +FreeBSD only: NO + +I. Background + +mod_auth_pgsql is an Apache module which allows the Apache web server +to use a PostgreSQL database for user and/or group authentication. + +II. Problem Description + +The mod_auth_pgsql port, versions prior to mod_auth_pgsql-0.9.9, +contain a vulnerability that may allow a remote user to cause +arbitrary SQL code to be execute. mod_auth_pgsql constructs a SQL +statement to be executed by the PostgreSQL server in order to lookup +user information. The username given by the remote user is inserted +into the SQL statement without any quoting or other safety checks. + +The mod_auth_pgsql port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A remote user may insert arbitrary SQL code into the username during +authentication, leading to several exploit opportunities. In +particular, the attacker may cause mod_auth_pgsql to use a known fixed +password hash for user verification, allowing him to authenticate as +any user and obtain unauthorized access to web server data. + +IV. Workaround + +1) Deinstall the mod_auth_pgsql port/package if you have it installed. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_auth_pgsql-0.9.9.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_auth_pgsql-0.9.9.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) Download a new port skeleton for the mod_auth_pgsql port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected in the FreeBSD source + +Path Revision +- ------------------------------------------------------------------------- +ports/www/mod_auth_pgsql/Makefile 1.3 +ports/www/mod_auth_pgsql/distinfo 1.2 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPDZOBVUuHi5z0oilAQHfNgQAgp9FKI4P0XfSzBdbcdOnqPCBJji4TPLS +gENpCcvT55dWcGjYr0XsJrsk1NhF3Qq0TR8CnN2OmWaxx1ugoqwdc6o0vqzYIQ5H +DAwBK4tbYOBYmram7A+0VBbTxPlHTnTop56i3/w2xaxafMHdlrzB2zCO7pimU83i +2MAKa0dLwS4= +=l5iu +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:04.mutt.asc b/share/security/advisories/FreeBSD-SA-02:04.mutt.asc new file mode 100644 index 0000000000..2f57cb3d99 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:04.mutt.asc @@ -0,0 +1,116 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:04 Security Advisory + FreeBSD, Inc. + +Topic: mutt ports contain remotely exploitable buffer overflow + [REVISED] + +Category: ports +Module: mutt +Announced: 2002-01-04 +Revised: 2002-01-06 +Credits: Joost Pol +Affects: Ports collection prior to the correction date +Corrected: 2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x) + 2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-01-04 Initial release +v1.1 2002-01-06 Corrected typo in mutt port version. + +I. Background + +Mutt is a small but very powerful text-based mail client for Unix +operating systems. + +II. Problem Description + +The mutt ports, versions prior to mutt-1.2.5_1 and +mutt-devel-1.3.24_2, contain a buffer overflow in the handling of +email addresses in headers. + +The mutt and mutt-devel ports are not installed by default, nor are +they "part of FreeBSD" as such: they are parts of the FreeBSD ports +collection, which contains over 6000 third-party applications in a +ready-to-install format. The ports collection shipped with FreeBSD 4.4 +contains this problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +An attacker may send an email message with a specially crafted email +address in any of several message headers to the victim. When the +victim reads the message using mutt and encounters that email address, +the buffer overflow is triggered and may result in arbitrary code +being executed with the privileges of the victim. + +IV. Workaround + +1) Deinstall the mutt and mutt-devel ports/packages if you have them +installed. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the ports. + +2) Deinstall the old packages and install news package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-1.2.5_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-devel-1.3.24_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-1.2.5_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-devel-1.3.24_2.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. + +3) Download a new port skeleton for the mutt or mutt-devel port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected in the FreeBSD source + +Path Revision +- ------------------------------------------------------------------------- +ports/mail/mutt/Makefile 1.110 +ports/mail/mutt/files/patch-rfc822.c 1.1 +ports/mail/mutt-devel/Makefile 1.141 +ports/mail/mutt-devel/files/patch-rfc822-security 1.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPDiTdlUuHi5z0oilAQFUhwP9GrypvSZsDm4VXsvv0bTXMdgySDM6nR+f +lTe+WtKuJu6unu/Befb5ep2Nb/nt4AzRZzwR/8b9amROk63eFa5fHe8RrwZa7aug +9BGGTOWtH+PKYrqB4BAGMBsEYPEleUyED4XTc/wrCrYGXigNTxgRKAeBmxe8UMO1 +G7SzKi2sFYE= +=dHuU +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:05.pine.asc b/share/security/advisories/FreeBSD-SA-02:05.pine.asc new file mode 100644 index 0000000000..57ff8eb04c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:05.pine.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:05 Security Advisory + FreeBSD, Inc. + +Topic: pine port insecure URL handling [REVISED] + +Category: ports +Module: pine +Announced: 2002-01-04 +Revised: 2002-01-10 +Credits: zen-parse +Affects: Ports collection prior to the correction date +Corrected: 2002-01-10 16:47:18 UTC +FreeBSD only: NO + +0. Revision History + +v1.0 2002-01-04 Initial release. +v1.1 2002-01-10 Corrected vulnerable versions and the `Corrected details' + section. + +I. Background + +PINE is an application for reading mail and news. + +II. Problem Description + +The pine port, versions previous to pine-4.44, handles URLs in +messages insecurely. PINE allows users to launch a web browser to +visit a URL embedded in a message. Due to a programming error, PINE +does not properly escape meta-characters in the URL before passing it +to the command shell as an argument to the web browser. + +The pine port is not installed by default, nor is it "part of FreeBSD" +as such: it is part of the FreeBSD ports collection, which contains +over 6000 third-party applications in a ready-to-install format. The +ports collection shipped with FreeBSD 4.4 contains this problem since +it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +An attacker can supply commands enclosed in single quotes ('') in a +URL embedded in a message sent to the victim. If the user then +decides to view the URL, PINE will launch a command shell which will +then execute the attacker's commands with the victim's privileges. It +is possible to obfuscate the URL so that it will not necessarily seem +dangerous to the victim. + +IV. Workaround + +1) Deinstall the pine port/package if you have it installed. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.44.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.44.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. + +3) Download a new port skeleton for the pine port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected in the FreeBSD Ports Collection since +4.4-RELEASE. + +Path Revision +- ------------------------------------------------------------------------- +ports/mail/pine4/Makefile 1.61 +ports/mail/pine4/distinfo 1.20 +ports/mail/pine4/files/patch-aa 1.4 +ports/mail/pine4/files/patch-ac 1.11 +ports/mail/pine4/files/patch-af 1.12 +ports/mail/pine4/files/patch-ai 1.11 +ports/mail/pine4/files/patch-aj 1.5 +ports/mail/pine4/files/patch-ak 1.6 +ports/mail/pine4/files/patch-al 1.11 +ports/mail/pine4/files/patch-am 1.6 +ports/mail/pine4/files/patch-an 1.5 +ports/mail/pine4/files/patch-ap 1.3 +ports/mail/pine4/files/patch-at 1.6 +ports/mail/pine4/files/patch-au 1.4 +ports/mail/pine4/files/patch-ax 1.5 +ports/mail/pine4/files/patch-az 1.3 +ports/mail/pine4/files/patch-be 1.1 +ports/mail/pine4/files/patch-bf 1.1 +ports/mail/pine4/files/patch-bg 1.1 +ports/mail/pine4/files/patch-reply.c 1.2 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPD3LZlUuHi5z0oilAQH6EAP/bz0Yeydx2zCmQb0j4zmbKM5R8McyKaYb +tl/Vo/ViCll6xKXUuAOjFpyIkQMOmHGLwHXmqjJD+XRb0hSgrsCqRmWhUicppZjH +dY0zjvtKspbDN37ScOO+MJmGsmq1mfZGs8JUMCbYivDuLhRM/5bvnenUsigNUaQW +hkwKI6heurk= +=BQ0F +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:06.sudo.asc b/share/security/advisories/FreeBSD-SA-02:06.sudo.asc new file mode 100644 index 0000000000..cbdae8968a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:06.sudo.asc @@ -0,0 +1,103 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:06 Security Advisory + FreeBSD, Inc. + +Topic: sudo port may enable local privilege escalation + +Category: ports +Module: sudo +Announced: 2002-01-16 +Credits: Sebastian Krahmer +Affects: Ports collection prior to the correction date +Corrected: 2002-01-15 02:56:33 UTC +FreeBSD only: NO + +I. Background + +Sudo is a program designed to allow a sysadmin to give limited root +privileges to users and log root activity. + +II. Problem Description + +The sudo port, versions prior to sudo-1.6.4.1, contains a +vulnerability that may allow a local user to obtain superuser +privileges. + +If a user who has not been authorized by the system administrator +(listed in the `sudoers' file) attempts to use sudo, sudo will send an +email alert. When it does so, it invokes the system mailer with +superuser privileges, and with most of the user's environment intact. + +The sudo port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +If the system mailer's behavior can be influenced by the settings of +environmental variables, then an attacker may obtain superuser +privileges. There is at least one mailer (postfix) that can be +influenced in this fashion. + +IV. Workaround + +1) Deinstall the sudo port/package if you have it installed. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/sudo-1.6.4.1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/sudo-1.6.4.1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. + +3) Download a new port skeleton for the sudo port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/security/sudo/Makefile 1.43 +ports/security/sudo/distinfo 1.26 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPEYIq1UuHi5z0oilAQEgTAP/YXD+lSngGwbloUn09xvwgn8i5uGaEX5O +Rj1v7XM3HRT/Gmr1CJiK7LtMbj/iilHzC2YiTAUHyxYzdEU7k9SnLgxK6rcSYNql +5wkYL1asHQhFPYejEqQVPKejrr4L/+/bYmQbkLKc9EMdErnhYoNrw6QbN+XvmO6p +oAzSK07ixi4= +=rmb8 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:07.k5su.asc b/share/security/advisories/FreeBSD-SA-02:07.k5su.asc new file mode 100644 index 0000000000..724f3453e8 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:07.k5su.asc @@ -0,0 +1,186 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:07 Security Advisory + FreeBSD, Inc. + +Topic: Kerberos 5 su command uses getlogin for authorization + +Category: krb5, ports +Module: crypto/heimdal/appl/su, heimdal +Announced: 2002-01-18 +Credits: Aaron +Affects: FreeBSD 4.4-RELEASE + FreeBSD 4.4-STABLE prior to the correction date + Ports collection prior to the correction date +Corrected: 2002-01-15 21:52:48 UTC (RELENG_4) + 2002-01-17 15:45:05 UTC (RELENG_4_4) + 2001-10-31 19:58:05 UTC (heimdal port) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-01-18 Initial release +v1.1 2002-09-09 Corrected date of heimdal port correction + +I. Background + +The getlogin and setlogin system calls are used to manage the user +name associated with a login session. + +k5su is a Kerberos 5-enabled su program. Like su, it allows +authorized users to `switch user' in order to obtain additional +privileges. + +II. Problem Description + +The setlogin system call, the use of which is restricted to the +superuser, is used to associate a user name with a login session. The +getlogin system call is used to retrieve that user name. The setlogin +system call is typically used by applications such as login and sshd. + +The k5su command included with FreeBSD, versions prior to 4.5-RELEASE, +and the su command included in the heimdal port, versions prior to +heimdal-0.4e_2, use the getlogin system call in order to determine +whether the currently logged-in user is `root'. In some +circumstances, it is possible for a non-privileged process to have +`root' as the login name returned by getlogin. + +The `k5su' command may be installed as part of FreeBSD when Kerberos 5 +support is requested, or it may be installed from the FreeBSD Ports +Collection (ports/security/heimdal), in which case it is installed +simply as `su'. + +The Heimdal port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +In some circumstances, process that have been started by root but have +given up superuser privileges may be able to invoke `k5su' to regain +superuser privileges. + +IV. Workaround + +Commands to be executed as root are signified by lines starting with +the `#' character. + +[Kerberos 5 in the base system] + +Remove the set-user-ID bit from the `k5su' executable by running the +following command as root: + +# chmod u-s /usr/bin/k5su + +[Heimdal port] + +Remove the set-user-ID bit from the `su' executable by running the +following command as root: + +# chmod u-s /usr/local/bin/su + +V. Solution + +[Kerberos 5 in the base system] + +NOTE: If the file /usr/bin/k5su does not exist on your system, +Kerberos 5 is not installed and you do not need to take any action. + +Do one of the following: + +1) Upgrade your system to 4.4-STABLE or the RELENG_4_4 security +branch, dated after the respective correction dates. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4-RELEASE +and 4.4-STABLE dated prior to the correction date. It may or may not +apply to older, unsupported versions of FreeBSD. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:07/k5su.patch +# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:07/k5su.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/k5su.patch +# cd /usr/src/kerberos5/lib +# env MAKE_KERBEROS5=yes make depend +# env MAKE_KERBEROS5=yes make all install +# cd /usr/src/kerberos5/usr.bin/k5su +# env MAKE_KERBEROS5=yes make depend +# env MAKE_KERBEROS5=yes make all install + +[Heimdal port] + +Do one of the following: + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/heimdal-0.4e_2.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/heimdal-0.4e_2.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) Download a new port skeleton for the heimdal port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +[Kerberos 5 in the base system] + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/crypto/heimdal/appl/su/su.c + HEAD 1.1.1.4 + RELENG_4 1.1.1.1.2.2 + RELENG_4_4 1.1.1.1.2.1.4.1 + RELENG_4_3 1.1.1.1.2.1.2.1 +- ------------------------------------------------------------------------- + +[Heimdal port] + +Path Revision +- ------------------------------------------------------------------------- +ports/security/heimdal/Makefile 1.46 +ports/security/heimdal/patch-appl::su::su.c 1.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPXzS0lUuHi5z0oilAQEpXQP9G3KRTXz9IBC+S+VwKwIx6lqZ0omDL8Ec +8AqhmzGyTxGikBdWL3qSZH3Ab51R9QCAd8JnN08HqrAqduzIzzG7zrmWn7r643zO +CZQH/w/1n9bwvt4nSqG8h3xwwEKKxtSKJC1/gJSPEafvVyXumOPlrcpdDktwUBHE +UaE0lGT+43U= +=v8Mv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:08.exec.asc b/share/security/advisories/FreeBSD-SA-02:08.exec.asc new file mode 100644 index 0000000000..9239a02f78 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:08.exec.asc @@ -0,0 +1,196 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:08 Security Advisory + FreeBSD, Inc. + +Topic: race condition during exec may allow local root compromise + +Category: core +Module: kernel +Announced: 2002-01-24 +Credits: Logan Gabriel , + Robert Watson , + Dag-Erling Smørgrav +Affects: All released versions of FreeBSD 4.x prior to 4.5-RELEASE. + FreeBSD 4.4-STABLE prior to the correction date. +Corrected: 2002-01-22 17:22:59 UTC (4-STABLE, RELENG_4) + 2002-01-23 23:05:00 UTC (4.4-RELEASE-p4, RELENG_4_4) + 2002-01-23 23:05:53 UTC (4.3-RELEASE-p24, RELENG_4_3) +FreeBSD only: NO + +I. Background + +When a process is started from a set-user-ID or set-group-ID binary, +it is marked so that attempts to attach to it with debugging hooks +fail. To allow such attachments would allow a user to subvert the +process and gain elevated privileges. + +II. Problem Description + +A race condition exists in the FreeBSD exec system call +implementation. It is possible for a user to attach a debugger to a +process while it is exec'ing, but before the kernel has determined +that the process is set-user-ID or set-group-ID. + +All versions of FreeBSD 4.x prior to FreeBSD 4.5-RELEASE are +vulnerable to this problem. The problem has been corrected by marking +processes that have started but not yet completed exec with an +`in-exec' state. Attempts to debug a process in the in-exec state +will fail. + +III. Impact + +Local users may be able to gain increased privileges on the local +system. + +IV. Workaround + +None. Do not allow untrusted users to gain access to the local +system. + +V. Solution + +One of the following: + +1) Upgrade your vulnerable FreeBSD system to 4.4-STABLE, or the +RELENG_4_3 or RELENG_4_4 security branch, dated after the respective +correction date. + +2) To patch your present system: + +a) Download the relevant patch from the following location: + +[FreeBSD 4.4-STABLE, or RELENG_4_3 and RELENG_4_4 security branches] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:08/exec.patch +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:08/exec.patch.asc + +[FreeBSD 4.3-RELEASE only] + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:08/exec-43R.patch +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:08/exec-43R.patch.asc + +b) Verify the detached PGP signature using your PGP utility. + +c) Execute the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch + +Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html +and reboot the system. + +3) FreeBSD 4.4-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.4-RELEASE systems only, and is +intended for use on systems for which source patching is not practical +or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +Since this vulnerability involves the FreeBSD kernel which is often +locally customized on installed systems, a universal binary upgrade +package is not feasible. This package includes a patched version of +the GENERIC kernel which should be suitable for use on many systems. +Systems requiring a customized kernel must use an alternative +solution. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02:08/security-patch-exec-02.08.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02:08/security-patch-exec-02.08.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-exec-02.08.tgz + +The new kernel is named /kernel.GENERIC to avoid conflict with the +default kernel name (``/kernel''). To cause the system to boot +automatically with the new kernel, add the following line to +/boot/loader.conf: + +kernel="/kernel.GENERIC" + +and reboot the system to load the new kernel. The old kernel is still +available and can be manually loaded in the boot loader in case of +problems. + +VI. Correction details + +The following list contains the $FreeBSD$ revision number of the +files that were corrected in the FreeBSD source. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/conf/newvers.sh + RELENG_4_4 1.44.2.17.2.5 + RELENG_4_3 1.44.2.14.2.14 +src/sys/kern/kern_exec.c + RELENG_4 1.107.2.13 + RELENG_4_4 1.107.2.8.2.1 + RELENG_4_3 1.107.2.5.2.2 +src/sys/kern/sys_process.c + RELENG_4 1.51.2.3 + RELENG_4_4 1.51.2.1.4.1 + RELENG_4_3 1.51.2.1.2.1 +src/sys/miscfs/procfs/procfs.h + RELENG_4 1.32.2.3 + RELENG_4_4 1.32.2.2.2.1 + RELENG_4_3 1.32.2.1.2.2 +src/sys/miscfs/procfs/procfs_ctl.c + RELENG_4 1.20.2.2 + RELENG_4_4 1.20.2.1.4.1 + RELENG_4_3 1.20.2.1.2.1 +src/sys/miscfs/procfs/procfs_dbregs.c + RELENG_4 1.4.2.3 + RELENG_4_4 1.4.2.2.2.1 + RELENG_4_3 1.4.2.1.2.1 +src/sys/miscfs/procfs/procfs_fpregs.c + RELENG_4 1.11.2.3 + RELENG_4_4 1.11.2.2.2.1 + RELENG_4_3 1.11.2.1.2.1 +src/sys/miscfs/procfs/procfs_mem.c + RELENG_4 1.46.2.3 + RELENG_4_4 1.46.2.2.2.1 + RELENG_4_3 1.46.2.1.2.2 +src/sys/miscfs/procfs/procfs_regs.c + RELENG_4 1.10.2.3 + RELENG_4_4 1.10.2.2.2.1 + RELENG_4_3 1.10.2.1.2.1 +src/sys/miscfs/procfs/procfs_status.c + RELENG_4 1.20.2.4 + RELENG_4_4 1.20.2.3.4.1 + RELENG_4_3 1.20.2.3.2.1 +src/sys/miscfs/procfs/procfs_vnops.c + RELENG_4 1.76.2.7 + RELENG_4_4 1.76.2.5.2.1 + RELENG_4_3 1.76.2.3.2.2 +src/sys/sys/proc.h + RELENG_4 1.99.2.6 + RELENG_4_4 1.99.2.5.4.1 + RELENG_4_3 1.99.2.5.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPFCAl1UuHi5z0oilAQGyiQP/V2byHL40v23S1q4PanobNUPhKUQBKsVI +OCmBowy2r7Ka0GPDFxAko/xeXnZmM9lvZ0PqMdpy5god27txxAtXmvmJjMPc3dRK +SbJGvfrGSrRMvXR8rrpIOugq0mkMePiXsS8RDAkcAHAXpFF0MVuQfoaQYykn+LiV +i6D4RvGxGZw= +=ywM6 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:09.fstatfs.asc b/share/security/advisories/FreeBSD-SA-02:09.fstatfs.asc new file mode 100644 index 0000000000..2957e4f93c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:09.fstatfs.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:09 Security Advisory + FreeBSD, Inc. + +Topic: fstatfs race condition may allow local denial of + service via procfs + +Category: core +Module: kernel +Announced: 2002-02-06 +Credits: Stefan Esser +Affects: All released versions of FreeBSD prior to 4.5-RELEASE +Corrected: 2002-01-07 20:47:34 UTC (RELENG_4) + 2002-01-17 15:46:46 UTC (RELENG_4_4) + 2002-01-17 15:47:04 UTC (RELENG_4_3) +FreeBSD only: YES + +I. Background + +fstatfs() is a function that retrieves filesystem statistics in the +kernel. procfs is the process filesystem, which presents a filesystem +interface to the system process table and associated data. + +II. Problem Description + +A race condition existed where a file could be removed between calling +fstatfs() and the point where the file is accessed causing the file +descriptor to become invalid. This may allow unprivileged local users +to cause a kernel panic. Currently only the procfs filesystem is +known to be vulnerable. + +III. Impact + +On vulnerable FreeBSD systems where procfs is mounted, unprivileged +local users may be able to cause a kernel panic. + +IV. Workaround + +Unmount all instances of the procfs filesystem using the umount(8) +command by performing the following as root: + +# umount -f -a -t procfs + +Disable the automatic mounting of all instances of procfs in +/etc/fstab, remove or comment out the line(s) of the following form: + +proc /proc procfs rw 0 0 + +Note that unmounting procfs may have a negative impact on the +operation of the system: under older versions of FreeBSD it is +required for some aspects of the ps(1) command, and unmounting it may +also break use of userland inter-process debuggers such as gdb. Other +installed binaries including emulated Linux binaries may require access +to procfs for correct operation. + +V. Solution + +1) Upgrade your vulnerable FreeBSD system to 4.5-RELEASE or +4.5-STABLE, or the RELENG_4_5, RELENG_4_4, or RELENG_4_3 security +branches dated after their respective correction dates. + +2) FreeBSD 4.x systems prior to the correction date: + +The following patch has been verified to apply to all FreeBSD 4.x +releases dated prior to the correction date. This patch may or may +not apply to older, unsupported releases of FreeBSD. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:09/fstatfs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:09/fstatfs.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch + +If procfs is statically compiled into the kernel (i.e. the kernel +configuration file contains the line 'options PROCFS'), rebuild +and reinstall your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system with the new kernel for the changes to take effect. + +If procfs is dynamically loaded by KLD (use the kldstat command to +verify whether this is the case) and the system securelevel has not +been raised, the system can be patched at run-time without +requiring a reboot by the execution of the following commands after +patching the source as described above: + +# cd /usr/src/sys/modules/procfs +# make depend && make all install +# umount -f -a -t procfs +# kldunload procfs +# kldload procfs +# mount -a -t procfs + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of the +file that was corrected in the FreeBSD source. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/kern/vfs_syscalls.c + HEAD 1.216 + RELENG_4 1.151.2.13 + RELENG_4_4 1.151.2.9.2.1 + RELENG_4_3 1.151.2.7.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPGFTc1UuHi5z0oilAQGoMgP/REVJNr2Y+khbQAVX1VM+bnySdGxFKDVS +0niQ7ZrnI/Ffs7Kw0Nf5T82kvL2gFKRKPW1F2bl+A3qwDO2CBq/mKWLPuP+Ha/Id +oLtLeE446o/Gv6wdYpKzcdzUtPFcAhaPdD8DxSmdXyVjXuIYXgojM4wPgQcf5PVL +YW7uAAQ2cM0= +=T2JK +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:10.rsync.asc b/share/security/advisories/FreeBSD-SA-02:10.rsync.asc new file mode 100644 index 0000000000..d98a530898 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:10.rsync.asc @@ -0,0 +1,104 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:10 Security Advisory + FreeBSD, Inc. + +Topic: rsync port contains remotely exploitable vulnerability + +Category: ports +Module: rsync +Announced: 2002-02-06 +Credits: Sebastian Krahmer +Affects: Ports collection prior to the correction date +Corrected: 2002-01-23 23:32:21 UTC +FreeBSD only: NO + +I. Background + +rsync is a powerful network file distribution/synchronization utility. + +II. Problem Description + +The rsync port, versions prior to rsync-2.5.1_1, is not careful enough +about reading integers from the network. In several places, signed and +unsigned numbers are mixed, resulting in erroneous computations of +buffer offsets. + +The rsync port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.5 contains the +corrected version of this port (rsync-2.5.1_1). + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A remote attacker may cause rsync to write NUL bytes onto its stack. +This can be exploited in order to execute arbitrary code with the +privileges of the user running rsync. This is particularly damaging +for sites running rsync in server mode, although a hostile server may +also affect rsync clients. + +IV. Workaround + +1) Deinstall the rsync ports/packages if you have them installed. + +V. Solution + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/rsync-2.5.1_1.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/rsync-2.5.1_1.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. + +3) Download a new port skeleton for the rsync port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected in the FreeBSD source. + +Path Revision +- ------------------------------------------------------------------------- +ports/net/rsync/Makefile 1.61 +ports/net/rsync/files/patch-251-secfix 1.1 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPGFAr1UuHi5z0oilAQFwZwP/fssLUKJ8mnaIPZhCj4XYT1rQJStyXnVQ +kI3OFdHX/xoYTEffohoHAJqHkGfVTeriDOgRhEFy9jCreQwsIevyqEKPnBE4Kotx +NhdOfLRO+kKndpDj/oqc/rGzm5tuofsg88fw7ZINqZDdQy0OGpbA8mqyB18g1aEL +DDA6wACcxbA= +=XnJ+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:11.snmp.asc b/share/security/advisories/FreeBSD-SA-02:11.snmp.asc new file mode 100644 index 0000000000..eacafe1589 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:11.snmp.asc @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:11 Security Advisory + FreeBSD, Inc. + +Topic: ucd-snmp/net-snmp remotely exploitable vulnerabilities + +Category: ports +Module: net-snmp +Announced: 2002-02-12 +Credits: OUSPG: Oulu University Secure Programming Group + http://www.ee.oulu.fi/research/ouspg/ +Affects: Ports collection prior to the correction date +Corrected: 2002-01-21 16:54:50 UTC +FreeBSD only: NO +CERT: CA-2002-03 + +I. Background + +The Net-SNMP (previously known as UCD-SNMP) package is a set of Simple +Network Management Protocol tools, including an agent, library, and +applications for generating and handling requests and traps. + +NOTE: The Net-SNMP port directory is ports/net/net-snmp, but the +package name is still ucd-snmp. + +II. Problem Description + +The Net-SNMP port, versions prior to 4.2.3, contains several remotely +exploitable vulnerabilities. The OUSPG has discovered vulnerabilities +in many SNMPv1 implementations through their `PROTOS - Security +Testing of Protocol Implementations' project. The vulnerabilities are +numerous and affect SNMPv1 request and trap handling in both managers +and agents. Please refer to the References section for complete +details. + +The Net-SNMP port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.5 does not +contains this problem. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Although no exploits are known to exist at this time, the +vulnerabilities may be exploited by a remote attacker in order to +cause the SNMP agent to execute arbitrary code with superuser +privileges. Malicious agents may respond to requests with specially +constructed replies that cause arbitrary code to be executed by the +client. Knowledge of the SNMP community name is unnecessary for such +exploits to be effective. + + +IV. Workaround + +1) Deinstall the ucd-snmp port/package if you have it installed. + +V. Solution + +Do one of the following: + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ucd-snmp-4.2.3.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) Download a new port skeleton for the net-snmp port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz + +NOTE: Many other applications utilize the Net-SNMP libraries. These +applications may also be vulnerable. It is recommended that such +applications be rebuilt after upgrading Net-SNMP. The following +command will display applications installed by the FreeBSD ports +collection that utilize Net-SNMP: + + pkg_info -R ucd-snmp-\* + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/net/net-snmp/Makefile 1.59 +ports/net/net-snmp/distinfo 1.15 +ports/net/net-snmp/pkg-plist 1.18 +ports/net/net-snmp/files/freebsd4.h (removed) +ports/net/net-snmp/files/patch-aclocal.m4 1.1 +- ------------------------------------------------------------------------- + +VII. References + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCUAwUBPGmij1UuHi5z0oilAQGFQgP4ku0xC5v8hKJBXYbiSXmwVDpHpV6WHIWP +zuTSiyvKbUX7nKm6c9IMB+5ep2/SGdJXxWos+YZcncv8VgR5i47K1M1dYXwwniRg +dZMY/a2lL3B8902bHQq4zpR0TrgE7Wp1IhRNAeS8SZw1pnW86pgLsQzIr6WYhpzM +rgiaaaG+AQ== +=VdS0 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:12.squid.asc b/share/security/advisories/FreeBSD-SA-02:12.squid.asc new file mode 100644 index 0000000000..9f709a75a8 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:12.squid.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:12 Security Advisory + FreeBSD, Inc. + +Topic: multiple security vulnerabilities in squid port + +Category: ports +Module: squid24 +Announced: 2002-02-21 +Credits: Jouko Pynnonen + Henrik Nordstrom +Affects: Ports collection prior to the correction date +Corrected: 2002-02-19 13:46:22 UTC +FreeBSD only: NO + +I. Background + +The Squid Internet Object Cache is a web proxy/cache. + +II. Problem Description + +The following security vulnerabilities are known to exist in versions +of Squid prior to 2.4-STABLE4 (port version 2.4_8): + +1) The optional SNMP monitoring interface suffers from a memory leak. +The FreeBSD port does not normally include this code, but it can be +enabled with a compile-time option. + +2) A buffer overflow exists in the code charged with parsing the +authentication portion of FTP URLs. + +3) The optional HTCP interface can not be properly disabled at +run-time. The FreeBSD port does not normally include this code, but +it can be enabled with a compile-time option. + +The squid port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains thousands of third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.5 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +1) An attacker with the ability to send packets to the Squid SNMP port +can cause Squid to run out of memory and crash. (NOTE: The FreeBSD +port does not have SNMP enabled by default.) + +2) An authorized user of the squid proxy may submit a specially +crafted ftp:// request in order to crash the squid process, causing a +denial of service. It may also be possible to cause the execution of +arbitrary code with the privilege level of the squid process, although +no such exploits are known to exist at this time. + +3) Unauthorized users may utilize cache resources by using HTCP. +(NOTE: The FreeBSD port does not have HTCP enabled by default.) + +IV. Workaround + +1) As regards the SNMP issue, the following configuration statement +will disable the SNMP support altogether: + + snmp_port 0 + +2) Optionally, set up a firewall rule to block incoming packets to the +Squid SNMP port (normally, UDP port 3401) from untrusted hosts. + +3) For the second vulnerability, deny forwarding of non-anonymous FTP +URLs by inserting the following rules at the top of squid.conf, prior +to any http_access allow lines: + + acl non_anonymous_ftp url_regex -i ftp://[^/@]*@ + http_access deny non_anonymous_ftp + +4) No workaround exists for the HTCP issue except to set up a firewall +rule to block incoming packets to the Squid HTCP port (normally, UDP +port 4827) from untrusted hosts. + +5) Alternatively, deinstall the squid port/package. + +V. Solution + +Do one of the following: + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ + squid-2.4_8.tgz + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/ + squid-2.4_8.tgz + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. + +3) Download a new port skeleton for the squid port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/www/squid24/Makefile 1.87 +ports/www/squid24/distinfo 1.63 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPHT5kVUuHi5z0oilAQFGvwQAj+u0n0OOsV7hxxkMEgCBaZg/LBJWmOkR +FwOCxy27eSgSdEqoZcNpZlPM+aFUf6r9bWbg5+S66R+kLb7cMOblgZX69YoU6kn7 +QedUoHyBWYuoNd5pBG1VJmyW4NZrQ4vPOM7bdfddSNxt1YpW5P0NNjPaTTmBe96E +tZg1bT4hXhM= +=N1OC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:13.openssh.asc b/share/security/advisories/FreeBSD-SA-02:13.openssh.asc new file mode 100644 index 0000000000..f0d44b375d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:13.openssh.asc @@ -0,0 +1,213 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:13 Security Advisory + FreeBSD, Inc. + +Topic: OpenSSH contains exploitable off-by-one bug + +Category: core, ports +Module: openssh, ports_openssh, openssh-portable +Announced: 2002-03-07 +Credits: Joost Pol +Affects: FreeBSD 4.4-RELEASE, 4.5-RELEASE + FreeBSD 4.5-STABLE prior to the correction date + openssh port prior to openssh-3.0.2_1 + openssh-portable port prior to openssh-portable-3.0.2p1_1 +Corrected: 2002-03-06 13:57:54 UTC (RELENG_4) + 2002-03-07 14:40:56 UTC (RELENG_4_5) + 2002-03-07 14:40:07 UTC (RELENG_4_4) + 2002-03-06 13:53:38 UTC (ports/security/openssh) + 2002-03-06 13:53:39 UTC (ports/security/openssh-portable) +CVE: CAN-2002-0083 +FreeBSD only: NO + +I. Background + +OpenSSH is a free version of the SSH protocol suite of network +connectivity tools. OpenSSH encrypts all traffic (including +passwords) to effectively eliminate eavesdropping, connection +hijacking, and other network-level attacks. Additionally, OpenSSH +provides a myriad of secure tunneling capabilities, as well as a +variety of authentication methods. `ssh' is the client application, +while `sshd' is the server. + +II. Problem Description + +OpenSSH multiplexes `channels' over a single TCP connection in order +to implement X11, TCP, and agent forwarding. An off-by-one error in +the code which manages channels can result in a reference to memory +beyond that allocated for channels. A malicious client or server may +be able to influence the contents of the memory so referenced. + +III. Impact + +An authorized remote user (i.e. a user that can successfully +authenticate on the target system) may be able to cause sshd to +execute arbitrary code with superuser privileges. + +A malicious server may be able to cause a connecting ssh client to +execute arbitrary code with the privileges of the client user. + +IV. Workaround + +Do one of the following: + +1) The FreeBSD malloc implementation can be configured to overwrite + or `junk' memory that is returned to the malloc arena. Due to the + details of exploiting this bug, configuring malloc to junk memory + will thwart the attack. + + To configure a FreeBSD system to junk memory, execute the following + commands as root: + + # ln -fs J /etc/malloc.conf + + Note that this option will degrade system performance. See the + malloc(3) man page for full details on malloc options. + +2) Disable the base system sshd by executing the following command as + root: + + # kill `cat /var/run/sshd.pid` + + Be sure that sshd is not restarted when the system is restarted + by adding the following line to the end of /etc/rc.conf: + + sshd_enable="NO" + + AND + + Deinstall the openssh or openssh-portable ports if you have one of + them installed. + +V. Solution + +Do one of the following: + +[For OpenSSH included in the base system] + +1) Upgrade the vulnerable system to 4.4-RELEASEp9, 4.5-RELEASEp2, + or 4.5-STABLE after the correction date and rebuild. + +2) FreeBSD 4.x systems prior to the correction date: + +The following patch has been verified to apply to FreeBSD 4.4-RELEASE, +4.5-RELEASE, and 4.5-STABLE dated prior to the correction date. It +may or may not apply to older, unsupported versions of FreeBSD. + +Download the patch and the detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/sshd.patch +# cd /usr/src/secure/lib/libssh +# make depend && make all +# cd /usr/src/secure/usr.sbin/sshd +# make depend && make all install +# cd /usr/src/secure/usr.bin/ssh +# make depend && make all install + +[For the OpenSSH ports] + +One of the following: + +1) Upgrade your entire ports collection and rebuild the OpenSSH port. + +2) Deinstall the old package and install a new package obtained from +the following directory: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ + +[other platforms] +Packages are not automatically generated for other platforms at this +time due to lack of build resources. + +3) Download a new port skeleton for the openssh or openssh-portable +port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision + Branch +- ------------------------------------------------------------------------- +[Base system] +src/crypto/openssh/channels.c + HEAD 1.8 + RELENG_4 1.1.1.1.2.6 + RELENG_4_5 1.1.1.1.2.5.2.1 + RELENG_4_4 1.1.1.1.2.4.4.1 +src/crypto/openssh/version.h + HEAD 1.10 + RELENG_4 1.1.1.1.2.8 + RELENG_4_5 1.1.1.1.2.7.2.1 + RELENG_4_4 1.1.1.1.2.5.2.2 +src/sys/conf/newvers.sh + RELENG_4_5 1.44.2.20.2.3 + RELENG_4_4 1.44.2.17.2.8 + +[Ports] +ports/security/openssh/Makefile 1.81 +ports/security/openssh/files/patch-channels.c 1.1 +ports/security/openssh-portable/Makefile 1.21 +ports/security/openssh-portable/files/patch-channels.c 1.1 +- ------------------------------------------------------------------------- + +Branch Version string +- ------------------------------------------------------------------------- +HEAD OpenSSH_2.9 FreeBSD localisations 20020307 +RELENG_4 OpenSSH_2.9 FreeBSD localisations 20020307 +RELENG_4_5 OpenSSH_2.9 FreeBSD localisations 20020307 +RELENG_4_4 OpenSSH_2.3.0 FreeBSD localisations 20020307 +- ------------------------------------------------------------------------- + +To view the version string of the OpenSSH server, execute the +following command: + + % /usr/sbin/sshd -\? + +The version string is also displayed when a client connects to the +server. + +To view the version string of the OpenSSH client, execute the +following command: + + % /usr/bin/ssh -V + +VII. References + + + +The Common Vulnerabilities and Exposures project (cve.mitre.org) has +assigned the name CAN-2002-0083 to this issue. + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPId+x1UuHi5z0oilAQGvpAP+NDgcpdZAo8aB2ptAbbS7h3MzJULCnPlN +BqnQ+AylR8HTcPt7XduF6Sh8KSpu75Y5uCJcrNvAoF2jmnH3DFa79GY4hEj7VvCl +DiAzN3bwcTFBAPWSNaCXK6odyqCjumMOL3drgtibuMHZuQSKn5ZOvNKquVSXuaY+ +86MXQwGukUU= +=csOr +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:14.pam-pgsql.asc b/share/security/advisories/FreeBSD-SA-02:14.pam-pgsql.asc new file mode 100644 index 0000000000..954d3b69b8 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:14.pam-pgsql.asc @@ -0,0 +1,103 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:14 Security Advisory + FreeBSD, Inc. + +Topic: pam-pgsql port authentication bypass + +Category: ports +Module: pam-pgsql +Announced: 2002-03-12 +Credits: Jacques A. Vidrine +Affects: pam-pgsql port prior to pam-pgsql-0.5.2 +Corrected: 2002-01-21 20:06:05 UTC +FreeBSD only: NO + +I. Background + +pam-pgsql is a PAM module which allows PAM-enabled applications such +as login(1) to use a PostgreSQL database for user authentication. + +II. Problem Description + +The affected versions of the pam-pgsql port contain a vulnerability +that may allow a remote user to cause arbitrary SQL code to be +executed. pam-pgsql constructs a SQL statement to be executed by the +PostgreSQL server in order to lookup user information, verify user +passwords, and change user passwords. The username and password given +by the user is inserted into the SQL statement without any quoting or +other safety checks. + +The pam-pgsql port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains thousands of third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A user interacting with a PAM-enabled application may insert arbitrary +SQL code into the username or password fields during authentication or +while changing passwords, leading to several exploit opportunities. +In all versions of the pam-pgsql port prior to 0.5.2, attackers may +add or change user account records. In addition, in versions of the +pam-pgsql port prior to 0.3, attackers may cause pam-pgsql to +completely bypass password authentication, allowing them to +authenticate as any user and obtain unauthorized access using the +PAM-enabled application. Since common PAM applications include +login(1) and sshd(8), both local and remote attacks are possible. + +IV. Workaround + +1) Deinstall the pam-pgsql port/package if you have it installed. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the port. + +2) Download a new port skeleton for the pam-pgsql port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +3) Use the portcheckout utility to automate option (2) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD Ports Collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/security/pam-pgsql/Makefile 1.9 +ports/security/pam-pgsql/distinfo 1.3 +ports/security/pam-pgsql/pkg-descr 1.2 +- ------------------------------------------------------------------------- + +VII. References + +This vulnerability is very similar to previous vulnerabilities +involving Apache modules and discovered by RUS-CERT. + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCUAwUBPI4OwVUuHi5z0oilAQGXIgP4pJSV/n8+rQG8xj69zvyquOzjaYJW3aP3 +0OvjTDmBh2NsB4y/3bxFzYnZnTH5reDEMtZnznpBGAElvibXesRN1f4NTaPa2mWo +qpNF9ELBdNtGGqUZy6hm3kLjdgggpzTLP8luvt1tXdR4WRBgI48c8WxYxYd/u3oa +g/gXHvFK2Q== +=PWQc +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc b/share/security/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc new file mode 100644 index 0000000000..965adf2b62 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:15 Security Advisory + FreeBSD, Inc. + +Topic: cyrus-sasl library contains format string vulnerability + +Category: ports +Module: cyrus-sasl +Announced: 2002-03-12 +Credits: Kari Hurtta +Affects: cyrus-sasl port prior to cyrus-sasl-1.5.24_8 +Corrected: 2001-12-09 03:07:36 UTC +FreeBSD only: NO +CVE: CAN-2001-0869 + +I. Background + +Cyrus-SASL is an implementation of RFC 2222 SASL (Simple +Authentication and Security Layer), a method for adding authentication +support to connection based protocols. + +II. Problem Description + +Affected versions of the cyrus-sasl port contain a format string +vulnerability. The format string vulnerability occurs during a call +to the syslog(3) function. + +The cyrus-sasl port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains thousands of third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.4 is vulnerable +to this problem since it was discovered after its release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +Malicious remote users may cause an application using cyrus-sasl to +execute arbitrary code with the privileges of the process using the +cyrus-sasl library. However, there are no known exploits at this +writing, and the author of cyrus-sasl does not believe that this bug +is exploitable. See the `References' section for more information. + +If the cyrus-sasl port is not installed, then your system is not +vulnerable to this problem. The following command can be used to +determine whether or not the cyrus-sasl port is installed: + +# pkg_info -I cyrus-sasl-\* + +IV. Workaround + +Deinstall the cyrus-sasl port if you have installed it. + +V. Solution + +Do one of the following: + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old port and install a corrected version from the +following directories. + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/ + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +3) Download a new port skeleton for cyrus-sasl from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/security/cyrus-sasl/Makefile 1.30 +ports/security/cyrus-sasl/files/patch-lib::common.c 1.1 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPI4Ox1UuHi5z0oilAQEqfAQAm21BK3iBrye7YKOpNIe4HhWyLx5YyPs+ +AEASVCg9J4n3vp//nhaOlpC9vQgdoBSX/vRDx5GCS8fkkw/l0R/KmTit1Kezahht +ms4LbcSqjxKzscPBwT3ZJZt166z5JyUXkzVOsGbEG11WMgeH/jQ4oTG/Xk9cGWH9 +r+BCSjm3phw= +=VRs8 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:16.netscape.asc b/share/security/advisories/FreeBSD-SA-02:16.netscape.asc new file mode 100644 index 0000000000..cbf41dc1d3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:16.netscape.asc @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:16 Security Advisory + FreeBSD, Inc. + +Topic: GIF/JPEG comment vulnerability in Netscape + +Category: ports +Module: netscape +Announced: 2002-03-12 +Credits: Florian Wesch +Affects: All Netscape ports with versions prior to 4.77 +Corrected: 2001-04-07 16:41:36 UTC +FreeBSD only: NO + +I. Background + +Netscape Navigator or Communicator is a popular web browser, available +in several versions in the FreeBSD ports collection. + +II. Problem Description + +The GIF89a and JPEG standards permit images to have embedded comments, +in which any kind of textual data may be stored. + +Versions 4.76 and earlier of the Netscape browser will execute +JavaScript contained in such a comment block, if execution of +JavaScript is enabled in the configuration of the browser. + +The Netscape browser supports a non-standard URL scheme, `about:'. +Visiting `about:' URLs causes Navigator to display information which +may be sensitive. For example, `about:global' gives a listing of +recently accessed URLs; `about:cache' shows a similar listing, but +with the time each page was visited and the name of each corresponding +file in the disk cache; and `about:config' displays the full +configuration of the browser. + +JavaScript executed from the comment block of a maliciously +constructed image can send information from an `about:' URL back to a +hostile Web server. + +The Netscape ports are not installed by default, nor are they "part of +FreeBSD" as such: they are part of the FreeBSD ports collection, which +contains thousands of third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.5 contains some +Netscape versions which are vulnerable to these problems. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security audit +of the most security-critical ports. + +III. Impact + +The browser can be caused to transmit sensitive information to a +hostile Web server, if JavaScript is enabled and a page on the server +is visited. + +If you have not chosen to install a Netscape port or package, your +system is not vulnerable to this problem. + +IV. Workarounds + +Do one of the following: + +1) Deinstall affected Netscape ports or packages, if any are installed. + +2) Disable JavaScript. This can be done interactively by running +Navigator, going to the Edit menu, choosing Preferences, and changing the +setting in the Advanced section. + +Alternatively, append the line: + +user_pref("javascript.enabled", false); + +to the $HOME/.netscape/preferences.js of every user. Users are likely +to want to re-enable JavaScript, because its use is required by some +Web sites. If they do, they could become vulnerable again. + +3) Similarly, disable automatic loading of images. The corresponding +configuration line is: + +user_pref("general.always_load_images", false); + +Some Web sites require images. If users enable automatic loading, or +if they click the Images button, they could become vulnerable again. + +4) Install a filtering proxy, and configure it to block all images +from untrusted sites. The www/adzap or www/adzapper ports may be +suitable. Doing this will make many Web sites unviewable. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the relevant Netscape +port, if available. Netscape binaries for several platforms, including +FreeBSD/i386, were discontinued before the release of 4.77. + +2) Deinstall the old package and install a new package, obtained from the +following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ + linux-netscape-communicator-4.79.tgz + linux-netscape-navigator-4.79.tgz + +[alpha] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/ + netscape-communicator-4.78.tgz + +3) Download a new port skeleton for the Netscape port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +NOTE: Since there are so many variations of the Netscape ports in the +FreeBSD ports collection they are not listed separately +here. Localized versions are also available in the respective language +subdirectory. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz + +VI. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPI4O0lUuHi5z0oilAQHv/AP+PQ4rd6932o1k3UJqc/+a6jdA5rD0LH1g +GLki733Egvx7K7ChjjBO2mmHCRVsvIBy/dIU1rlX/YM5ncXT4Mpgm34eL6EzhjQq +CD/733AIw2jEvSICBNeG3W1ytCzj4qBetjkXlj8/wbi/1f27jyj3kW+kVZ9TX20A +gICIJdL948I= +=al/K +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:17.mod_frontpage.asc b/share/security/advisories/FreeBSD-SA-02:17.mod_frontpage.asc new file mode 100644 index 0000000000..80b8a847ea --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:17.mod_frontpage.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:17 Security Advisory + FreeBSD, Inc. + +Topic: mod_frontpage port contains exploitable buffer overflow + +Category: ports +Module: mod_frontpage +Announced: 2002-03-12 +Credits: Martin Blapp +Affects: mod_frontpage port prior to version mod_portname-1.6.1 +Corrected: 2002-02-05 16:18:42 2002 UTC +FreeBSD only: NO + +I. Background + +mod_frontpage is a replacecement for Microsoft's frontpage apache +patch to support FP extensions. It is installed as a DSO module. + +II. Problem Description + +Affected versions of the mod_frontpage port contains several +exploitable buffer overflows in the fpexec wrapper, which is installed +setuid root. + +The mod_frontpage port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains over 6000 third-party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.5 contains this +security problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A local attacker may obtain superuser privileges by exploiting the +buffer overflow bugs in fpexec. + +IV. Workaround + +1) Deinstall the mod_frontpage ports/packages if you have them installed. + +V. Solution + +Do one of the following: + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. + +3) Download a new port skeleton for the mod_frontpage port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the $FreeBSD$ revision numbers of each +file that was corrected in the FreeBSD source. + +Path Revision +- ------------------------------------------------------------------------- +ports/www/mod_frontpage/Makefile 1.7 +ports/www/mod_frontpage/distinfo 1.4 +ports/www/mod_frontpage/files/patch-Makefile.PL 1.3 +ports/www/mod_frontpage/files/patch-Makefile.in 1.1 +ports/www/mod_frontpage/files/patch-mod_frontpage.c 1.4 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPI4O11UuHi5z0oilAQF43wQAlp8eUBSGRLb1ggNxDVwzvB40ZEOWrIB0 +6P3xIvUW6bFXsHgrBm+WuF7evUm8K85hs1QPp4nDUSdgWArxP9izdSXMKsJ0rtkA +RAeDMgpMOsDoQaKl9ljDVFbf9xs3hTO6S3UsRaRuQeTvcqhsKRZNbUvOVrAULEOG +GZ6n2CFh+Rk= +=sCnv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:18.zlib.asc b/share/security/advisories/FreeBSD-SA-02:18.zlib.asc new file mode 100644 index 0000000000..a74cf7f4aa --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:18.zlib.asc @@ -0,0 +1,171 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:18 Security Advisory + FreeBSD, Inc. + +Topic: zlib double-free + +Category: core, ports +Module: zlib +Announced: 2002-03-18 +Revised: 2002-04-22 +Credits: Matthias Clasen + Owen Taylor +Affects: All released versions of FreeBSD + FreeBSD 4.5-STABLE prior to the correction date + Various ports using or including zlib +Corrected: 2002-02-24 23:12:48 UTC (RELENG_4) + 2002-02-24 23:22:57 UTC (RELENG_4_5) + 2002-02-24 23:23:58 UTC (RELENG_4_4) + 2002-02-24 23:24:46 UTC (RELENG_4_3) +CVE: CAN-2002-0059 +FreeBSD only: NO + +0. Revision History + +v1.0 2002-03-18 Initial release +v1.1 2002-04-18 Corrected ZFREE location in kernel patch + Corrected deflate window size check +v1.2 2002-04-22 Corrected advisory revision dates. + +I. Background + +zlib is a compression library used by numerous applications to provide +data compression/decompression routines. + +II. Problem Description + +A programming error in zlib may cause segments of dynamically +allocated memory to be released more than once (double-freed). +If an attacker is able to pass a specially-crafted block of invalid +compressed data to a program that includes zlib, the program's +attempt to decompress the crafted data may cause the zlib routines +to attempt to free memory multiple times. + +Unlike some implementations of malloc(3)/free(3), the malloc(3) and +free(3) routines used in FreeBSD (aka phkmalloc, written by +Poul-Henning Kamp ), are not vulnerable to this type +of bug. From the author: + + Most mallocs keep their housekeeping data right next to the + allocated range. This gives rise to all sorts of unpleassant + situations if programs stray outside the dotted line, free(3) + things twice or free(3) modified pointers. + + phkmalloc(3) does not store housekeeping next to allocated data, + and in particular it has code that detects and complains about + exactly this kind of double free. + +When attempting to double-free an area of memory, phkmalloc will +issue a warning: + + progname in free(): error: chunk is already free + +and may call abort(3) if the malloc flag 'A' is used. + +III. Impact + +If an attacker is able to pass a specially-crafted block of invalid +compressed data to an application that utilizes zlib, the attempt to +decompress the data may cause incorrect operation of the application, +including possibly crashing the application. Also, the malloc +implementation will issue warnings and, if the `A' malloc option is +used, cause the application to abort(3). In short, an attacker may +cause a denial of service in applications utilizing zlib. + +IV. Workaround + +To prevent affected programs from aborting, remove the 'A' from +the malloc flags. To check which malloc flags are in use, issue the +following commands: + +# ls -l /etc/malloc.conf +# echo $MALLOC_OPTIONS + +A nonexistent /etc/malloc.conf or MALLOC_OPTIONS environmental variable +means that no malloc flags are in use. See the malloc(3) man page for +more information. + +V. Solution + +[FreeBSD 4.x base system] + +1) Upgrade your vulnerable system to 4.5-STABLE or to one of the +RELENG_4_4 or RELENG_4_5 security branches dated after the respective +correction dates. + +2) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +For FreeBSD 4.x systems that have the previous zlib patch applied: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:18/zlib.v1.1.corrected.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:18/zlib.v1.1.corrected.patch.asc + +For FreeBSD 4.x systems that do not have the previous zlib patch +applied: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:18/zlib.v1.1.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:18/zlib.v1.1.patch.asc + +Verify the detached PGP signature using your PGP utility. + +This patch has been verified to apply to all FreeBSD 4.x versions. + +# cd /usr/src +# patch -p < /path/to/patch +# cd lib/libz +# make depend && make all install + +Then rebuild and reinstall your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system with the new kernel for the changes to take effect. + +[ports] + +Various ports may statically link zlib or contain their own versions +of zlib that have not been corrected by updating the FreeBSD libz. +Efforts are underway to identify and correct these ports. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/lib/libz/deflate.c + RELENG_4 1.5.2.1 + RELENG_4_5 1.5.8.1 + RELENG_4_4 1.5.6.1 + RELENG_4_3 1.5.4.1 +src/lib/libz/infblock.c + RELENG_4 1.1.1.4.6.1 + RELENG_4_5 1.1.1.4.12.1 + RELENG_4_4 1.1.1.4.10.1 + RELENG_4_3 1.1.1.4.8.1 +src/sys/net/zlib.c + RELENG_4 1.10.2.3 + RELENG_4_5 1.10.8.2 + RELENG_4_4 1.10.6.2 + RELENG_4_3 1.10.4.2 +- ------------------------------------------------------------------------- + +VII. References + + + +The Common Vulnerabilities and Exposures project (cve.mitre.org) has +assigned the name CAN-2002-0059 to this issue. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPMQkDVUuHi5z0oilAQEWKAP+OT1w4Nilf/mfBjXu9xFPeRRyyKaq8ALX +Hmm2XQ3plhUsqjFupYxdss5+PuIhT7OiLoc8n+B7n8DjjTtGEK/Ds7/iBlox+b+3 +JhhE4HBbwLDMpQ9VSI36iV4qr7YuNZbpCCrAG85bOIhWQDRdc+IWkdxW4P0flhAm +42eaFTWtbB4= +=QAcg +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:19.squid.asc b/share/security/advisories/FreeBSD-SA-02:19.squid.asc new file mode 100644 index 0000000000..1e3b9e1d4c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:19.squid.asc @@ -0,0 +1,105 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:19 Security Advisory + FreeBSD, Inc. + +Topic: squid heap buffer overflow in DNS handling + +Category: ports +Module: squid24 +Announced: 2002-03-26 +Credits: zen-parse +Affects: squid port prior to version 2.4_9 +Corrected: 2002-03-22 00:19:55 UTC +FreeBSD only: NO + +I. Background + +The Squid Internet Object Cache is a web proxy/cache. + +II. Problem Description + +Incorrect handling of compressed DNS responses could result in a +heap buffer overflow. + +The squid port is not installed by default, nor is it "part of +FreeBSD" as such: it is part of the FreeBSD ports collection, which +contains thousands of third- party applications in a ready-to-install +format. The ports collection shipped with FreeBSD 4.5 contains this +problem since it was discovered after the release. + +FreeBSD makes no claim about the security of these third-party +applications, although an effort is underway to provide a security +audit of the most security-critical ports. + +III. Impact + +A malicious DNS server (or an attacker spoofing a DNS server) could +respond to DNS requests from squid with a specially crafted answer +that would trigger the heap buffer overflow bug. This could crash the +squid process. This bug is not known to be exploitable. + +IV. Workaround + +1) Deinstall the squid port/package if you have it installed. + +V. Solution + +One of the following: + +1) Upgrade your entire ports collection and rebuild the port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/ + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. + +3) Download a new port skeleton for the squid port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision +- ------------------------------------------------------------------------- +ports/www/squid24/Makefile 1.89 +ports/www/squid24/distinfo 1.64 +- ------------------------------------------------------------------------- + +VII. References + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPKDNPVUuHi5z0oilAQGQJQP+KfkRVCuIlwzQazMv7K6+KAIAwBkm2EdZ +lVA2MCnzfxtWW23ZGIRnE6gW2gzzT4C3Ccrkg4llriVCIj4rdQ08UOSqF9JAZBWV +2RfYdTMUSeHEgYbkn0od9xeGc8zW3VltCH/I3ky/StWmMZv5eH9j6mPBddEeQG/y +Nuz/Ms0oJrI= +=m4VV +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:20.syncache.asc b/share/security/advisories/FreeBSD-SA-02:20.syncache.asc new file mode 100644 index 0000000000..69cb866943 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:20.syncache.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:20 Security Advisory + FreeBSD, Inc. + +Topic: syncache/syncookies denial of service + +Category: core +Module: net +Announced: 2002-04-16 +Credits: Alan Judge + Dima Ruban +Affects: FreeBSD 4.5-RELEASE + FreeBSD 4.4-STABLE after 2001-12-14 19:53:01 UTC + FreeBSD 4.5-STABLE prior to the correction date +Corrected: 2002-02-20 16:48:49 UTC (RELENG_4) + 2002-02-21 16:38:39 UTC (RELENG_4_5, 4.5-RELEASE-p1) +FreeBSD only: YES + +I. Background + +The SYN cache ("syncache") and SYN cookie mechanism ("syncookie") are +features of the TCP/IP stack intended to improve resistance to a class +of denial of service attacks known as SYN floods. + +II. Problem Description + +Two related problems with syncache were triggered when syncookies were +implemented. + +1) When a SYN was accepted via a syncookie, it used an uninitialized +pointer to find the TCP options for the new socket. This pointer may +be a null pointer, which will cause the machine to crash. + +2) A syncache entry is created when a SYN arrives on a listen socket. +If the application which created the listen socket was killed and +restarted --- and therefore recreated the listen socket with a +different inpcb --- an ACK (or duplicate SYN) which later arrived and +matched the existing syncache entry would cause a reference to the old +inpcb pointer. Depending on the pointer's contents, this might result +in a system crash. + +Because syncache/syncookies support was added prior to the release of +FreeBSD 4.5-RELEASE, no other releases are affected. + +III. Impact + +Legitimate TCP/IP traffic may cause the machine to crash. + +IV. Workaround + +The first issue described may be worked around by disabling syncookies +using sysctl. Issue the following command as root: + + # sysctl -w net.inet.tcp.syncookies=0 + +However, there is no workaround for the second issue. + +V. Solution + +1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_5 +security branch dated after the respective correction dates. + +2) To patch your present system: download the relevant patch from the +below location, and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:20/syncache.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:20/syncache.patch.asc + +This patch has been verified to apply to 4.5-RELEASE only. + +Verify the detached PGP signature using your PGP utility. + +Execute the following commands as root: + +# cd /usr/src +# patch -p < /path/to/patch + +Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/conf/newvers.sh + RELENG_4_5 1.44.2.20.2.2 +src/sys/netinet/tcp_syncache.c + RELENG_4 1.5.2.5 + RELENG_4_5 1.5.2.4.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPLw9nVUuHi5z0oilAQFwpAP9EJludFfmQfMWU4supMdZ1K//qeqgtJVn +XrEX3TZjqOxRSnlzUUibbO2agnW7yCd8i2Qq0/3KyvMrcS4qSLmcvhQPsZxc26Bx +Xakz3uvCRIA0XlpJAd/HirsdPHQ94q0JMdnx6C1kW+EMQzM/0KKLpVNsdnFopy0m +mtPNSZRYgHk= +=9qwI +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:21.tcpip.asc b/share/security/advisories/FreeBSD-SA-02:21.tcpip.asc new file mode 100644 index 0000000000..262a6dfe3a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:21.tcpip.asc @@ -0,0 +1,104 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:21.tcpip Security Advisory + FreeBSD, Inc. + +Topic: routing table memory leak + +Category: core +Module: net +Announced: 2002-04-17 +Credits: Jayanth Vijayaraghavan + Ruslan Ermilov +Affects: FreeBSD 4.5-RELEASE + FreeBSD 4-STABLE after 2001-12-07 09:23:11 UTC + and prior to the correction date +Corrected: 2002-03-22 16:54:19 UTC (RELENG_4) + 2002-04-15 17:12:08 UTC (RELENG_4_5) +FreeBSD only: YES + +I. Background + +The TCP/IP stack's routing table records information about how to +reach various destinations. The first time a TCP connection is +established with a particular host, a so-called "cloned route" entry +for that host is automatically derived from one of the predefined +routes and added to the table. Each entry has a reference count that +indicates how many existing connections use that entry; when the +reference count reaches zero, the entry is removed from the table. + +II. Problem Description + +A bug was introduced into ip_output() wherein the processing of an +ICMP echo reply message would cause a reference count on a routing +table entry to never be decremented. Thus, memory allocated for the +routing table entry was never deallocated. + +III. Impact + +This bug could be exploited to effect a remote denial of service +attack. An attacker could cause new routing table entries (for +example, by taking advantage of TCP's route cloning behavior) and +then utilize this bug to cause the route entry to never be +deallocated. In this fashion, the target system's memory can be +exhausted. + +IV. Workaround + +Use a packet filter (see ipf(8) or ipfw(8)) to deny ICMP echo +messages. + +V. Solution + +1) Upgrade your vulnerable system to 4.5-STABLE, 4.5-RELEASE-p3, or +the RELENG_4_5 security branch dated after the respective correction +dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[4.5-RELEASE, + 4-STABLE between 2001-12-28 10:08:33 UTC and 2002-02-20 14:57:41 UTC] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:21/tcpip.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:21/tcpip.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +sys/netinet/ip_icmp.c + RELENG_4 1.39.2.16 + RELENG_4_5 1.39.2.14.2.1 +sys/netinet/ip_mroute.c + RELENG_4 1.56.2.4 + RELENG_4_5 1.56.2.3.2.1 +sys/netinet/ip_output.c + RELENG_4 1.99.2.29 + RELENG_4_5 1.99.2.24.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPL3IEFUuHi5z0oilAQE56AP/X0tJA/Q0y42JDqxI2A0NRnKyR5YWoH8D +i3izr0MxMTyPnuWg+uZHZhr/ve2AS2mTfNi7do0Ehdw0U2CEMnPKEVLMqt7kMFmL +i+ib4HCijb4RWn3WEC6ueO14SQDCB+X9w/yCVEfeHMWd2PrQWtDoCPmurOuQCz4W +IFu9kJLMhMA= +=qsYz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:22.mmap.asc b/share/security/advisories/FreeBSD-SA-02:22.mmap.asc new file mode 100644 index 0000000000..7c0612ad86 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:22.mmap.asc @@ -0,0 +1,87 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:22.mmap Security Advisory + FreeBSD, Inc. + +Topic: mmap/msync denial of service + +Category: core +Module: net +Announced: 2002-04-18 +Credits: Harry Newton + Matt Dillon +Affects: All releases of FreeBSD up to and including 4.5-RELEASE + 4.5-STABLE prior to the correction date +Corrected: 2002-03-08 17:22:20 UTC (RELENG_4) + 2002-04-15 17:14:28 UTC (RELENG_4_5) + 2002-04-15 17:18:12 UTC (RELENG_4_4) +FreeBSD only: YES + +I. Background + +The mmap(2) and msync(2) system calls are part of the memory mapped +I/O API. + +II. Problem Description + +A bug existed in the virtual memory management system involving a +failure to check for the existence of a VM object during page +invalidation. This bug could be triggered by calling msync(2) on an +anonymous, asynchronous memory map (i.e. created using the mmap flags +MAP_ANON and MAP_NOSYNC) which had not been accessed previously. + +III. Impact + +Local users may cause the system to crash. + +IV. Workaround + +None. + +V. Solution + +1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the +RELENG_4_5 (4.5-RELEASE-p3) or RELENG_4_4 (4.4-RELEASE-p10) security +branches dated after the respective correction dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:22/mmap.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:22/mmap.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD ports collection. + +Path Revision + Branch +- ------------------------------------------------------------------------- +sys/vm/vm_map.c + RELENG_4 1.187.2.13 + RELENG_4_5 1.187.2.12.2.1 + RELENG_4_4 1.187.2.9.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPL8Rs1UuHi5z0oilAQFlZwP8CUMHSJ7p0ODbcPty+ugWwOTgYeiI9A2K +P3ezU/PZmEU3Opb864q+J2lhudBUW0NSmVCW4PWdiaPq7Rbhic5QZ7J4eCMPbyKe +IjSVmSsqvJhjEcHW8i7w0PCe1+hKWWRm1Z2X9SvWNVJqpfkggGdJQMZKNH1lJQN8 +6Dm26nElyww= +=/H3G +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:23.stdio.asc b/share/security/advisories/FreeBSD-SA-02:23.stdio.asc new file mode 100644 index 0000000000..d65825bbea --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:23.stdio.asc @@ -0,0 +1,168 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:23.stdio Security Advisory + The FreeBSD Project + +Topic: insecure handling of stdio file descriptors + +Category: core +Module: kernel +Announced: 2002-04-22 +Credits: Joost Pol , + Georgi Guninski +Affects: All releases of FreeBSD up to and including 4.6-RELEASE + 4.6-STABLE prior to the correction date +Corrected: 2002-07-30 15:40:46 UTC (RELENG_4) + 2002-07-30 15:42:11 UTC (RELENG_4_6) + 2002-07-30 15:42:46 UTC (RELENG_4_5) + 2002-07-30 15:43:17 UTC (RELENG_4_4) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-04-22 Initial release +v1.1 2002-04-23 Patch and revision numbers updated +v1.2 2002-07-29 procfs issue; updated patch + +I. Background + +By convention, POSIX systems associate file descriptors 0, 1, and 2 +with standard input, standard output, and standard error, +respectively. Almost all applications give these stdio file +descriptors special significance, such as writing error messages to +standard error (file descriptor 2). + +In new processes, all file descriptors are duplicated from the parent +process. Unless these descriptors are marked close-on-exec, they +retain their state during an exec. + +All POSIX systems assign file descriptors in sequential order, +starting with the lowest unused file descriptor. For example, if a +newly exec'd process has file descriptors 0 and 1 open, but file +descriptor 2 closed, and then opens a file, the new file descriptor is +guaranteed to be 2 (standard error). + +II. Problem Description + +Some programs are set-user-id or set-group-id, and therefore run with +increased privileges. If such a program is started with some of the +stdio file descriptors closed, the program may open a file and +inadvertently associate it with standard input, standard output, or +standard error. The program may then read data from or write data to +the file inappropriately. If the file is one that the user would +normally not have privileges to open, this may result in an +opportunity for privilege escalation. + +The original correction for this problem (corresponding to the first +revision of this advisory) contained an error. Systems using procfs +or linprocfs could still be exploited. The dates for the original, +incomplete correction were: + +Corrected: 2002-04-21 13:06:45 UTC (RELENG_4) + 2002-04-21 13:08:57 UTC (RELENG_4_5) + 2002-04-21 13:10:51 UTC (RELENG_4_4) + +III. Impact + +Local users may gain superuser privileges. It is known that the +`keyinit' set-user-id program is exploitable using this method. There +may be other programs that are exploitable. + +IV. Workaround + +[FreeBSD systems earlier than 4.5-RELEASE-p4 and 4.4-RELEASE-p11] + +None. The set-user-id bit may be removed from `keyinit' using the +following command, but note that there may be other programs that can +be exploited. + +# chmod 0555 /usr/bin/keyinit + +[FreeBSD versions 4.5-RELEASE-p4 or later, 4.4-RELEASE-p11 or later, + 4.6-RELEASE, and 4.6-STABLE] + +Unmount all instances of the procfs and linprocfs filesystems using +the umount(8) command: + +# umount -f -a -t procfs +# umount -f -a -t linprocfs + +V. Solution + +The kernel was modified to check file descriptors 0, 1, and 2 when +starting a set-user-ID or set-group-ID executable. If any of these +are not in use, they will be redirected to /dev/null. + +1) Upgrade your vulnerable system to 4.6-STABLE; or to any of +the RELENG_4_6 (4.6.1-RELEASE-p1), RELENG_4_5 (4.5-RELEASE-p10), or +RELENG_4_4 (4.4-RELEASE-p17) security branches dated after the +respective correction dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + + +[FreeBSD systems earlier than 4.5-RELEASE-p4 and 4.4-RELEASE-p11] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.v1.2 +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.v1.2.asc + +[FreeBSD versions 4.5-RELEASE-p4 or later, 4.4-RELEASE-p11 or later, + 4.6-RELEASE, and 4.6-STABLE] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio2.patch.v1.2 +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio2.patch.v1.2.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +sys/sys/filedesc.h + RELENG_4 1.19.2.4 + RELENG_4_6 1.19.2.4 + RELENG_4_5 1.19.2.3.6.1 + RELENG_4_4 1.19.2.3.4.1 +sys/kern/kern_exec.c + RELENG_4 1.107.2.15 + RELENG_4_6 1.107.2.14.2.1 + RELENG_4_5 1.107.2.13.2.2 + RELENG_4_4 1.107.2.8.2.3 +sys/kern/kern_descrip.c + RELENG_4 1.81.2.12 + RELENG_4_6 1.81.2.14 + RELENG_4_5 1.81.2.9.2.2 + RELENG_4_4 1.81.2.8.2.2 +sys/conf/newvers.sh + RELENG_4_6 1.44.2.23.2.6 + RELENG_4_5 1.44.2.20.2.11 + RELENG_4_4 1.44.2.17.2.16 +- ------------------------------------------------------------------------- + +VII. References + +PINE-CERT-20020401 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPUbXw1UuHi5z0oilAQFgKQP/eOnmHorw/4NVEAEKTQp4+X7Px9p1wUGq +6OcLH5GuTbbwexd7KbCjbjzNZF7zgz1Qph2v7NQXb+W/ZaW2hEgcoURXkBomVxjl +61oXu72P35bmgNo7GQ794v/WDHd8FymtBv0kyY/vuZqg6l99tTuwi2ryV1ZszVrh +w21lAbhkyQo= +=YGVw +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:24.k5su.asc b/share/security/advisories/FreeBSD-SA-02:24.k5su.asc new file mode 100644 index 0000000000..27f91befde --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:24.k5su.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:24.k5su Security Advisory + The FreeBSD Project + +Topic: k5su utility does not honor `wheel' group + +Category: kerberos5 +Module: kerberos5/usr.bin/k5su +Announced: 2002-05-20 +Credits: jmallet@FreeBSD.org +Affects: FreeBSD 4.4-RELEASE + FreeBSD 4.5-RELEASE + FreeBSD-STABLE prior to the correction date +Corrected: 2002-05-15 12:51:30 UTC (RELENG_4) + 2002-05-15 12:56:21 UTC (RELENG_4_5) + 2002-05-15 13:04:00 UTC (RELENG_4_4) +FreeBSD only: YES + +I. Background + +The k5su utility is a SU utility similar to su(1), and is used to +switch privileges after authentication using Kerberos 5 or the local +passwd(5) file. k5su is installed as part of the `krb5' distribution, +or when building from source with MAKE_KERBEROS5 set. Neither of +these are default settings. + +II. Problem Description + +Historically, the BSD SU utility only allows users who are members +of group `wheel' (group-ID 0) to obtain superuser +privileges. The k5su utility, however, does not honor this convention +and does not verify group membership if a user has successfully +authenticated. + +k5su also lacks other features of su(1), such as checking for +password expiration, implementing login classes, and checking +for the target user's login shell in /etc/shells. + +III. Impact + +Contrary to the expectations of many BSD system administrators, users +not in group `wheel' may use k5su to attempt to obtain superuser +privileges. Note that this would require knowledge of the root +account password, or an explicit entry in the Kerberos 5 `.k5login' +ACL for the root account. + +IV. Solution + +Remove the set-user-ID bit from the k5su utility: + +# chmod u-s /usr/bin/k5su + +This will completely disable k5su. + +Sites which wish to use Kerberos 5 authentication for SU and are +comfortable with its limitations may choose to leave the set-user-ID +bit enabled. As of the correction date, FreeBSD (including the +upcoming 4.6-RELEASE) will install k5su if requested, but the +set-user-ID bit will not be enabled by default. See also the +ENABLE_SUID_K5SU option in make.conf(5). + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/UPDATING + RELENG_4 1.73.2.67 + RELENG_4_5 1.73.2.50.2.12 + RELENG_4_4 1.73.2.43.2.12 +src/etc/defaults/make.conf + RELENG_4 1.97.2.65 + RELENG_4_5 1.97.2.59.2.1 + RELENG_4_4 1.97.2.58.2.1 +src/kerberos5/usr.bin/k5su/Makefile + RELENG_4 1.73.2.67 + RELENG_4_5 1.97.2.59.2.1 + RELENG_4_4 1.1.2.2.2.1 +src/share/man/man5/make.conf.5 + RELENG_4 1.12.2.16 + RELENG_4_5 1.12.2.12.2.1 + RELENG_4_4 1.12.2.10.2.1 +- ------------------------------------------------------------------------- + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBPOkdtFUuHi5z0oilAQFd1wP8CUxrBx+DJhQZqLpOocpF4yd8IWclz4Uu +8I8LT5RaWNKMrOt9FB6/jGthRFNqTL72XeDaezxT72IFSUHIpF9wI87aKNVDknPp +vQxh0Pr8/8EqvOLhvT6Hu/20xKrBZe2bht/lUQ/HxrgriaZteTAMfMYL653xgP5U +M+0f/mfSm3w= +=lTOo +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:25.bzip2.asc b/share/security/advisories/FreeBSD-SA-02:25.bzip2.asc new file mode 100644 index 0000000000..27b4d1ad24 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:25.bzip2.asc @@ -0,0 +1,294 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:25 Security Advisory + The FreeBSD Project + +Topic: bzip2 contains multiple security vulnerabilities + +Category: core/ports +Module: bzip2 +Announced: 2002-05-20 +Credits: Volker Schmidt, Philippe Troin +Affects: FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE, + FreeBSD 4.5-STABLE prior to the correction date. + bzip2 port prior to bzip2-1.0.2 +Corrected: 2002-02-18 09:12:53 UTC (4.5-STABLE, RELENG_4) + 2002-02-23 18:28:09 UTC (4.5-RELEASE-p1, RELENG_4_5) + 2002-02-23 18:33:18 UTC (4.4-RELEASE-p8, RELENG_4_4) + 2002-02-22 13:21:22 UTC (bzip2 port) +FreeBSD only: NO + +I. Background + +bzip2 is an advanced block-sorting file compression utility. + +II. Problem Description + +When creating a file during decompression, the bzip2 utility failed +to use the O_EXCL flag, potentially overwriting files without warning. +In addition, the bzip2 utility did not securely create new files +causing a race condition between creating the file and setting the +correct permissions. + +When compressing a file pointed to by a symbolic link, the bzip2 +utility incorrectly stored the permissions of the symbolic link +instead of the file. This may result in potentially lax file +permissions (rwxr-xr-x), causing the decompressed file to be +world-readable. + +bzip2 was incorporated into FreeBSD prior to FreeBSD 4.4-RELEASE. +Previous versions of FreeBSD did not contain bzip2 and are unaffected +unless bzip2 was installed from the ports collection or manually by +the system administrator. + +III. Impact + +1) Files may be inadvertently overwritten without warning. + +2) Due to the race condition between creating files and setting proper +permissions, a local user may be able to read the contents of files +regardless of their intended permissions. + +3) Decompressed files that were originally pointed to by a symbolic +link may end up with in incorrect permissions, allowing local users +to view their contents. + +IV. Workaround + +1) Deinstall the bzip2 port/package if you have it installed. + +V. Solution + +[FreeBSD 4.4 or 4.5 base system] + +1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_4 or +RELENG_4_5 security branch dated after the respective correction dates. + +2) To patch your present system, download the relevant patch from the +below location, and execute the following commands as root: + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:25/bzip2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:25/bzip2.patch.asc + +Verify the detached PGP signature using your PGP utility. + +This patch has been verified to apply to FreeBSD 4.4-RELEASE and +4.5-RELEASE. + +# cd /usr/src +# patch -p < /path/to/patch +# cd lib/libbz2 +# make depend && make all install +# cd ../../usr.bin/bzip2 +# make depend && make all install + +3) FreeBSD 4.4-RELEASE and 4.5-RELEASE systems: + +An experimental upgrade package is available for users who wish to +provide testing and feedback on the binary upgrade process. This +package may be installed on FreeBSD 4.4-RELEASE and 4.5-RELEASE +systems only, and is intended for use on systems for which source +patching is not practical or convenient. + +If you use the upgrade package, feedback (positive or negative) to +security-officer@FreeBSD.org is requested so we can improve the +process for future advisories. + +During the installation procedure, backup copies are made of the files +which are replaced by the package. These backup copies will be +reinstalled if the package is removed, reverting the system to a +pre-patched state. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02.25/security-patch-bzip2-02.25.tgz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02.25/security-patch-bzip2-02.25.tgz.asc + +Verify the detached PGP signature using your PGP utility. + +# pkg_add security-patch-bzip2-02.25.tgz + +[ports] + +1) Upgrade your entire ports collection and rebuild the bzip2 port. + +2) Deinstall the old package and install a new package dated after the +correction date, obtained from the following directories: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/archivers/ +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/archivers/ + +[alpha] +Packages are not automatically generated for the alpha architecture at +this time due to lack of build resources. + +NOTE: It may be several days before updated packages are available. Be +sure to check the file creation date on the package, because the +version number of the software has not changed. + +3) Download a new port skeleton for the bzip2 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +[Ports collection] + +Path Revision +- ------------------------------------------------------------------------- +ports/archivers/bzip2/Makefile 1.36 +ports/archivers/bzip2/distinfo 1.10 +ports/archivers/bzip2/pkg-descr 1.5 +ports/archivers/bzip2/pkg-plist 1.14 +- ------------------------------------------------------------------------- + +[Base system] + +Branch + Path Revision +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/bzip2/CHANGES 1.1.1.1.2.2 + src/contrib/bzip2/FREEBSD-upgrade 1.1.2.1 + src/contrib/bzip2/LICENSE 1.1.1.1.2.2 + src/contrib/bzip2/Makefile 1.1.1.1.2.2 + src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.2 + src/contrib/bzip2/README 1.1.1.1.2.2 + src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.2 + src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 + src/contrib/bzip2/blocksort.c 1.1.1.1.2.2 + src/contrib/bzip2/bzip2.1 1.1.1.1.2.2 + src/contrib/bzip2/bzip2.c 1.1.1.1.2.2 + src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.2 + src/contrib/bzip2/bzlib.c 1.1.1.1.2.2 + src/contrib/bzip2/bzlib.h 1.1.1.1.2.2 + src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.2 + src/contrib/bzip2/compress.c 1.1.1.1.2.2 + src/contrib/bzip2/crctable.c 1.1.1.1.2.2 + src/contrib/bzip2/decompress.c 1.1.1.1.2.2 + src/contrib/bzip2/dlltest.c 1.1.1.1.2.2 + src/contrib/bzip2/huffman.c 1.1.1.1.2.2 + src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 + src/contrib/bzip2/makefile.msc 1.1.1.1.2.2 + src/contrib/bzip2/manual.texi 1.1.1.1.2.2 + src/contrib/bzip2/randtable.c 1.1.1.1.2.2 + src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.2 + src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.2 + src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.2 + src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 + src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.2 + src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 + src/contrib/bzip2/spewG.c 1.1.1.1.2.1 + src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 + src/contrib/bzip2/words0 1.1.1.1.2.1 + src/contrib/bzip2/words1 1.1.1.1.2.1 + src/contrib/bzip2/words2 1.1.1.1.2.1 + src/contrib/bzip2/words3 1.1.1.1.2.2 +RELENG_4_5 + src/sys/conf/newvers.sh 1.44.2.20.2.2 + src/contrib/bzip2/CHANGES 1.1.1.1.2.1.4.1 + src/contrib/bzip2/FREEBSD-upgrade 1.1.4.1 + src/contrib/bzip2/LICENSE 1.1.1.1.2.1.4.1 + src/contrib/bzip2/Makefile 1.1.1.1.2.1.4.1 + src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.1.4.1 + src/contrib/bzip2/README 1.1.1.1.2.1.4.1 + src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.1.4.1 + src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 + src/contrib/bzip2/blocksort.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/bzip2.1 1.1.1.1.2.1.4.1 + src/contrib/bzip2/bzip2.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/bzlib.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/bzlib.h 1.1.1.1.2.1.4.1 + src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.1.4.1 + src/contrib/bzip2/compress.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/crctable.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/decompress.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/dlltest.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/huffman.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 + src/contrib/bzip2/makefile.msc 1.1.1.1.2.1.4.1 + src/contrib/bzip2/manual.texi 1.1.1.1.2.1.4.1 + src/contrib/bzip2/randtable.c 1.1.1.1.2.1.4.1 + src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.1.4.1 + src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.1.4.1 + src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.1.4.1 + src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 + src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.1.4.1 + src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 + src/contrib/bzip2/spewG.c 1.1.1.1.2.1 + src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 + src/contrib/bzip2/words0 1.1.1.1.2.1 + src/contrib/bzip2/words1 1.1.1.1.2.1 + src/contrib/bzip2/words2 1.1.1.1.2.1 + src/contrib/bzip2/words3 1.1.1.1.2.1.4.1 +RELENG_4_4 + src/sys/conf/newvers.sh 1.44.2.17.2.7 + src/contrib/bzip2/CHANGES 1.1.1.1.2.1.2.1 + src/contrib/bzip2/FREEBSD-upgrade 1.1.6.1 + src/contrib/bzip2/LICENSE 1.1.1.1.2.1.2.1 + src/contrib/bzip2/Makefile 1.1.1.1.2.1.2.1 + src/contrib/bzip2/Makefile-libbz2_so 1.1.1.1.2.1.2.1 + src/contrib/bzip2/README 1.1.1.1.2.1.2.1 + src/contrib/bzip2/README.COMPILATION.PROBLEMS 1.1.1.1.2.1.2.1 + src/contrib/bzip2/Y2K_INFO 1.1.1.1.2.1 + src/contrib/bzip2/blocksort.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/bzip2.1 1.1.1.1.2.1.2.1 + src/contrib/bzip2/bzip2.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/bzip2recover.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/bzlib.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/bzlib.h 1.1.1.1.2.1.2.1 + src/contrib/bzip2/bzlib_private.h 1.1.1.1.2.1.2.1 + src/contrib/bzip2/compress.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/crctable.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/decompress.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/dlltest.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/huffman.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/libbz2.def 1.1.1.1.2.1 + src/contrib/bzip2/makefile.msc 1.1.1.1.2.1.2.1 + src/contrib/bzip2/manual.texi 1.1.1.1.2.1.2.1 + src/contrib/bzip2/randtable.c 1.1.1.1.2.1.2.1 + src/contrib/bzip2/sample1.bz2.uu 1.1.1.1.2.1.2.1 + src/contrib/bzip2/sample1.ref.gz.uu 1.1.1.1.2.1.2.1 + src/contrib/bzip2/sample2.bz2.uu 1.1.1.1.2.1.2.1 + src/contrib/bzip2/sample2.ref.gz.uu 1.1.1.1.2.1 + src/contrib/bzip2/sample3.bz2.uu 1.1.1.1.2.1.2.1 + src/contrib/bzip2/sample3.ref.gz.uu 1.1.1.1.2.1 + src/contrib/bzip2/spewG.c 1.1.1.1.2.1 + src/contrib/bzip2/unzcrash.c 1.1.1.1.2.1 + src/contrib/bzip2/words0 1.1.1.1.2.1 + src/contrib/bzip2/words1 1.1.1.1.2.1 + src/contrib/bzip2/words2 1.1.1.1.2.1 + src/contrib/bzip2/words3 1.1.1.1.2.1.2.1 +- ------------------------------------------------------------------------- + +All files in src/contrib/bzip2 have identical revision numbers on +their respective branches but do not contain the revision number in +the source code. + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBPOkduVUuHi5z0oilAQHJtAP/ZoPk981NwyoAzX+BlL9EM0JAl9bYBSmp +lgoSORQhK2Cu5DxqOt1J1GIu3748qrAU4+YkZ5JkucA6UgzDFd+mLcQbE57qrDCs +rweqLHipm/fjQ8MXFbs5O2ZlrAPTauAiBYk60OtHEoYe5SE70By4zy8o0jzoKo8H +5dXKGYTnve0= +=UUGE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:26.accept.asc b/share/security/advisories/FreeBSD-SA-02:26.accept.asc new file mode 100644 index 0000000000..10e3c918ca --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:26.accept.asc @@ -0,0 +1,126 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:26.accept Security Advisory + The FreeBSD Project + +Topic: Remote denial-of-service when using accept filters + +Category: core +Module: kernel +Announced: 2002-05-29 +Credits: Mike Silbersack +Affects: FreeBSD 4.5-RELEASE + FreeBSD 4-STABLE after 2001-11-22 and prior to the + correction date +Corrected: 2002-05-21 18:03:16 UTC (RELENG_4) + 2002-05-28 18:27:55 UTC (RELENG_4_5) +FreeBSD only: YES + +I. Background + +FreeBSD features an accept_filter(9) mechanism which allows an +application to request that the kernel pre-process incoming connections. +For example, the accf_http(9) accept filter prevents accept(2) from +returning until a full HTTP request has been buffered. + +No accept filters are enabled by default. A system administrator must +either compile the FreeBSD kernel with a particular accept filter +option (such as ACCEPT_FILTER_HTTP) or load the filter using +kldload(8) in order to utilize accept filters. + +II. Problem Description + +In the process of adding a syncache to FreeBSD, mechanisms to remove +entries from the incomplete listen queue were removed, as only sockets +undergoing accept filtering now use the incomplete queue. + +III. Impact + +By simply connecting to a socket using accept filtering and holding a +few hundred sockets open (~190 with the default backlog value), one +may deny access to a service. In addition to malicious users, this +affect has also been reported to be caused by worms such as Code Red +which generate URLs that do not meet the http accept filter's +criteria. + +Systems are not affected by this bug unless they have enabled accept +filters in the kernel and are utilizing an application configured to +take advantage of this feature. Apache (versions 1.3.14 and later) is +the only application known to utilize accept filters by default. + +IV. Workaround + +Do not use accept filters. If you have enabled the ACCEPT_FILTER_DATA +or ACCEPT_FILTER_HTTP options in your kernel, remove these options and +recompile your kernel as described in + and reboot the +system. If you have loaded one of the kernel accept filters by using +kldload(8), then you must modify your startup scripts not to load +these modules and reboot your system. You may list loaded kernel +modules by using kldstat(8). If loaded, the HTTP accept filter will +be listed as `accf_http.ko', and the Data accept filter will be listed +as `accf_data.ko'. + +For affected versions of Apache, accept filters may be disabled either +by adding the directive ``AcceptFilter off'' to your configuration +file, or via a compile-time option, depending upon the version. +Please see the Apache documentation for details. + +V. Solution + +1) Upgrade your vulnerable system to 4.5-STABLE; or to the RELENG_4_5 +(4.5-RELEASE-p6) security branch dated after the respective correction +dates. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.5-RELEASE +and 4.5-STABLE systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:26/accept.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:26/accept.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/kern/uipc_socket.c + RELENG_4 1.68.2.21 + RELENG_4_5 1.68.2.17.2.1 +src/sys/kern/uipc_socket2.c + RELENG_4 1.55.2.15 + RELENG_4_5 1.55.2.10.2.1 +src/sys/conf/newvers.sh + RELENG_4_5 1.44.2.20.2.7 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPPUCC1UuHi5z0oilAQFApAP6ApvgOydr72UHKHXiRZnGxiwBhpyVE+mH +5xdDP45s0GaUChA7GLbpv0hLL5syNPMavo7ygRuqD6pHFA0xpVn3hUXtLh09dhwS +YTDWrC2VL9QJmFWIxMNzo0OXD1uDBrlGEk3Ew0jWT2ewe46QW1czpPYCeGg4Bx+i ++FzEQ9V4D8k= +=W+BP +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:27.rc.asc b/share/security/advisories/FreeBSD-SA-02:27.rc.asc new file mode 100644 index 0000000000..72badd7638 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:27.rc.asc @@ -0,0 +1,107 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:27.rc Security Advisory + The FreeBSD Project + +Topic: rc uses file globbing dangerously + +Category: core +Module: rc +Announced: 2002-05-29 +Credits: lumpy +Affects: FreeBSD 4.4-RELEASE + FreeBSD 4.5-RELEASE + FreeBSD 4-STABLE prior to the correction date +Corrected: 2002-05-09 17:39:01 UTC (RELENG_4) + 2002-05-09 17:40:27 UTC (RELENG_4_5) + 2002-05-09 17:41:05 UTC (RELENG_4_4) +FreeBSD only: YES + +I. Background + +rc is the system startup script (/etc/rc). It is run when the FreeBSD +is booted multi-user, and performs a multitude of tasks to bring the +system up. One of these tasks is to remove lock files left by X +Windows, as their existence could prevent one from restarting the X +Windows server. + +II. Problem Description + +When removing X Windows lock files, rc uses the rm(1) command and +shell globbing: + + rm -f /tmp/.X*-lock /tmp/.X11-unix/* + +Since /tmp is a world-writable directory, a user may create +/tmp/.X11-unix as a symbolic link to an arbitrary directory. The next +time that rc is run (i.e. the next time the system is booted), rc will +then remove all of the files in that directory. + +III. Impact + +Users may remove the contents of arbitrary directories if the +/tmp/.X11-unix directory does not already exist and the system can +be enticed to reboot (or the user can wait until the next system +maintenance window). + +IV. Workaround + +Find and remove or comment-out the following line in /etc/rc: + + rm -f /tmp/.X*-lock /tmp/.X11-unix/* + +The following command executed as root will do this: + + /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc' + +V. Solution + +1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the +RELENG_4_5 (4.5-RELEASE-p6) or RELENG_4_4 (4.4-RELEASE-p13) security +branches dated after the respective correction dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:27/rc.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:27/rc.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Install the new rc script: + +# cd /usr/src/etc +# install -c -o root -g wheel -m 644 rc /etc/rc + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/etc/rc + RELENG_4 1.212.2.50 + RELENG_4_5 1.212.2.38.2.1 + RELENG_4_4 1.212.2.34.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPPUdKVUuHi5z0oilAQExLgP/boRbYHYXHXBC9YW1sf6FFFwhaY5iOYeZ +1JAHA+CZGyOas4RPgIBN6zxVPRX70KOdREp9flkgVvdOvODljk6k6TUjqE4xwTj9 +wi0yS81Hp04uQfx+PwJSLdFvKIR/gr/TMWn1f1KD2Vy3nzZh6IAuCdzcg0z9AKlc +OQf5FWVpn8s= +=NaDG +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:28.resolv.asc b/share/security/advisories/FreeBSD-SA-02:28.resolv.asc new file mode 100644 index 0000000000..a4c50b636a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:28.resolv.asc @@ -0,0 +1,126 @@ +============================================================================= +FreeBSD-SA-02:28.resolv Security Advisory + The FreeBSD Project + +Topic: buffer overflow in resolver + +Category: core +Module: libc +Announced: 2002-06-26 +Credits: Joost Pol +Affects: All releases prior to and including 4.6-RELEASE +Corrected: 2002-06-26 06:34:18 UTC (RELENG_4) + 2002-06-26 08:44:24 UTC (RELENG_4_6) + 2002-06-26 18:53:20 UTC (RELENG_4_5) + 2002-06-26 21:43:44 UTC (RELENG_4_4) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-06-26 Initial release +v1.1 2002-06-XX Add RELENG_4_4 update and workaround + +I. Background + +The resolver implements functions for making, sending and interpreting +query and reply messages with Internet domain name servers. +Hostnames, IP addresses, and other information are queried using the +resolver. + +II. Problem Description + +DNS messages have specific byte alignment requirements, resulting in +padding in messages. In a few instances in the resolver code, this +padding is not taken into account when computing available buffer +space. As a result, the parsing of a DNS message may result in a +buffer overrun of up to a few bytes for each record included in the +message. + +III. Impact + +An attacker (either a malicious domain name server or an agent that +can spoof DNS messages) may produce a specially crafted DNS message +that will exploit this bug when parsed by an application using the +resolver. It may be possible for such an exploit to result in the +execution of arbitrary code with the privileges of the resolver-using +application. Though no exploits are known to exist today, since +practically all Internet applications utilize the resolver, the +severity of this issue is high. + +IV. Workaround + +By using a local caching nameserver that reconstructs all DNS responses, +such as BIND 9, any badly formed DNS responses may be `filtered out', +including malicious ones. Note that the name server must be run locally +on the same host as the resolver-using application, or other measures +must be taken to ensure the integrity of communications between the +name server and the application. Failure to do so may allow the +possibility of spoofed DNS responses which bypass the name server. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, +RELENG_4_5, or RELENG_4_4 security branch dated after the correction +date (4.6-RELEASE-p1, 4.5-RELEASE-p7, or 4.4-RELEASE-p14). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.5, +FreeBSD 4.4, and FreeBSD 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating systems as described in +. + +Note that any statically linked applications that are not part of +the base system (i.e. from the Ports Collection or other 3rd-party +sources) must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/lib/libc/net/gethostbydns.c + RELENG_4 1.27.2.2 + RELENG_4_6 1.27.10.1 + RELENG_4_5 1.27.8.1 + RELENG_4_4 1.27.6.1 +src/lib/libc/net/getnetbydns.c + RELENG_4 1.13.2.2 + RELENG_4_6 1.13.2.1.8.1 + RELENG_4_5 1.13.2.1.6.1 + RELENG_4_4 1.13.2.1.4.1 +src/lib/libc/net/name6.c + RELENG_4 1.6.2.6 + RELENG_4_6 1.6.2.5.8.1 + RELENG_4_5 1.6.2.5.6.1 + RELENG_4_4 1.6.2.5.4.1 +src/sys/conf/newvers.sh + RELENG_4_6 1.44.2.23.2.2 + RELENG_4_5 1.44.2.20.2.8 + RELENG_4_4 1.44.2.17.2.13 +- ------------------------------------------------------------------------- + +VII. References + + diff --git a/share/security/advisories/FreeBSD-SA-02:29.tcpdump.asc b/share/security/advisories/FreeBSD-SA-02:29.tcpdump.asc new file mode 100644 index 0000000000..d432bcd3f6 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:29.tcpdump.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:29 Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in tcpdump when handling NFS packets + +Category: contrib +Module: tcpdump +Announced: 2002-07-12 +Credits: dwmw2@redhat.com +Affects: All releases prior to and including 4.6-RELEASE + FreeBSD 4.6-STABLE prior to the correction date +Corrected: 2002-07-05 13:24:57 UTC (RELENG_4) + 2002-07-12 13:29:47 UTC (RELENG_4_6) + 2002-07-12 13:31:10 UTC (RELENG_4_5) + 2002-07-12 13:31:44 UTC (RELENG_4_4) +FreeBSD only: NO + +I. Background + +The tcpdump utility is used to capture and examining network traffic. + +II. Problem Description + +Versions of tcpdump up to and including 3.7.1 contain a buffer +overflow that may be triggered by badly formed NFS packets, and +possibly other types of packets. + +III. Impact + +It is not currently known whether this buffer overflow is exploitable. +If it were, an attacker could inject specially crafted packets into +the network which, when processed by tcpdump, could lead to arbitrary +code execution with the privileges of the user running tcpdump +(typically `root'). + +IV. Workaround + +There is no workaround, other than not using tcpdump. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, +RELENG_4_5, or RELENG_4_4 security branch dated after the correction +date (4.6-RELEASE-p2, 4.5-RELEASE-p8, or 4.4-RELEASE-p15). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, and +4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:29/tcpdump.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:29/tcpdump.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/tcpdump +# make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/contrib/tcpdump/interface.h + RELENG_4 1.4.2.3 + RELENG_4_6 1.4.2.1.6.1 + RELENG_4_5 1.4.2.1.4.1 + RELENG_4_4 1.4.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPS8+yFUuHi5z0oilAQGEaAQApQpuobpvrYILjiJh9Zvfnupop9aDuQ/G +9RvnGVv0ZXrKtD8aRiP3JrjouGvZm9WLqXsXlnf0wmTXdWWg5ibjuJK/gDtdiqjA +iuZvq5Rx+IKD33pZpAocg74zIv3nDYv1S+3ndJXtYcSFw7EnC4QHu3mFrZK81RcQ +6LpcUuxVTl8= +=hQ/2 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:30.ktrace.asc b/share/security/advisories/FreeBSD-SA-02:30.ktrace.asc new file mode 100644 index 0000000000..ace9bb5170 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:30.ktrace.asc @@ -0,0 +1,98 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:30 Security Advisory + The FreeBSD Project + +Topic: Users may trace previously privileged processes + +Category: core +Module: ktrace +Announced: 2002-07-12 +Credits: Theo DeRaadt + Darren Reed +Affects: All releases prior to and including 4.6-RELEASE + FreeBSD 4.6-STABLE prior to the correction date +Corrected: 2002-07-05 22:36:38 UTC (RELENG_4) + 2002-07-11 16:47:41 UTC (RELENG_4_6) + 2002-07-11 16:47:55 UTC (RELENG_4_5) + 2002-07-11 16:56:05 UTC (RELENG_4_4) +FreeBSD only: NO + +I. Background + +The ktrace utility is a debugging tool that allows users to trace +system calls, I/O, and file system lookup operations executed by or on +behalf of a process and its children. Since this could potentially +reveal sensitive information, the kernel will normally only allow a +user to trace his or her own processes, and will immediately stop +tracing a process that gains special privileges, for instance by +executing a setuid or setgid binary. The ktrace utility depends on +the KTRACE kernel option, which is enabled by default. + +II. Problem Description + +If a process that had special privileges were to abandon them, it +would become possible for the owner of that process to trace it. +However, that process might still possess and / or communicate +sensitive information that it had obtained before abandoning its +privileges, which would then be revealed to the tracing user. + +III. Impact + +In theory, local users on systems where ktrace is enabled through +the KTRACE kernel option might obtain sensitive information, such +as password files or authentication keys. No specific utility is +currently known to be vulnerable to this particular problem. + +IV. Workaround + +Recompile the kernel without the KTRACE option, and reboot. + +V. Solution + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, and +4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:30/ktrace.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:30/ktrace.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/kern/kern_ktrace.c + RELENG_4 1.35.2.6 + RELENG_4_6 1.35.2.5.4.1 + RELENG_4_5 1.35.2.5.2.1 + RELENG_4_4 1.35.2.4.4.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPS8+qFUuHi5z0oilAQH+XwQAlGxDecckzp1md5S3S3JfLSkvI3vMHzTw +nezUkanQ+2M65kj3QUzDnhv+jR0KpgAXCfMIVFUekb+rO8fbxbVygyWZH3T501F/ +5nhoNGwkbTVdjY9x34dSOvVJHNUZ0zn9Y+aQiC5msK4ZyI2GFdrH/Kfa1Ubh7H6z +w1/J3NNJ5Bs= +=z5iy +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:31.openssh.asc b/share/security/advisories/FreeBSD-SA-02:31.openssh.asc new file mode 100644 index 0000000000..8eb784f2fd --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:31.openssh.asc @@ -0,0 +1,79 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:31 Security Advisory + The FreeBSD Project + +Topic: openssh contains remote vulnerability + +Category: core +Module: OpenSSH +Announced: 2002-07-15 +Credits: ISS X-Force + Theo DeRaadt +Affects: FreeBSD-CURRENT between 2002-03-18 and 2002-06-25 +Corrected: 2002-06-25 19:10:07 (HEAD) +FreeBSD only: NO + +I. Background + +OpenSSH is a free implementation of the SSH protocol suite, and +provides encrypted and authenticated remote login, file transfer and +command execution. + +II. Problem Description + +SSH clients and servers communicate by exchanging discrete messages +with a variable number of parameters. Due to the lack of sufficient +integrity checks in a portion of the server code responsible for +handling incoming SSH2_MSG_USERAUTH_INFO_RESPONSE messages, it was +possible for a malicious client to send a message that would cause the +server to overwrite portions of its memory with client-provided data. + +III. Impact + +An remote attacker using an SSH client modified to send carefully +crafted SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain +superuser privileges on the server. + +Please note that this problem only affects FreeBSD-CURRENT. No +versions of FreeBSD-STABLE are or were ever vulnerable to this bug. + +IV. Workaround + +Do one of the following: + +1) Disable SSH entirely. + +2) Use a firewall to block incoming SSH connections from untrusted + hosts. + +3) Add the following line to /etc/ssh/sshd_config, and restart sshd. + +ChallengeResponseAuthentication no + + Note that this will prevent the use of OPIE and similar challenge- + based authentication methods with SSH. + +V. Solution + +Update your system to the latest -CURRENT. + +VI. Correction details + +No correction details are provided in this advisory. + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBPTLiBVUuHi5z0oilAQFNAwQAoF1azTbsIiUc9O2VvIah+ueT5N3//qgf +ka+t5I5FtL8wFDKJXXf3JWx9lqf+JkscrL4SpMyY/OmL2wagvUeVHan+pE9dXRnK +YzFjdD8hP3GMiC1g0Dvwg9StoBs8kx+qP8dascS87Ql2QYo7aYcq6aageLSoy4Nj +iRHaJB2gZP8= +=nSnf +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:32.pppd.asc b/share/security/advisories/FreeBSD-SA-02:32.pppd.asc new file mode 100644 index 0000000000..9760f4754b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:32.pppd.asc @@ -0,0 +1,109 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:32.pppd Security Advisory + The FreeBSD Project + +Topic: exploitable race condition in pppd + +Category: core +Module: pppd +Announced: 2002-07-31 +Credits: Sebastian Krahmer +Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p1 +Corrected: 2002-07-30 03:50:40 UTC (RELENG_4) + 2002-07-30 19:15:52 UTC (RELENG_4_6) + 2002-07-30 19:16:46 UTC (RELENG_4_5) + 2002-07-30 19:17:27 UTC (RELENG_4_4) +FreeBSD only: NO + +I. Background + +FreeBSD ships with several implementations of the Point-to-Point +Protocol (PPP). The pppd program is one of these implementations. It +provides basic support for negotiating a link, while encapsulation is +done by driver code in the kernel. + +II. Problem Description + +A race condition exists in the pppd program that may be exploited +in order to change the permissions of an arbitrary file. The file +specified as the tty device is opened by pppd, and the permissions +are recorded. If pppd fails to initialize the tty device in some way +(such as a failure of tcgetattr(3)), then pppd will then attempt to +restore the original permissions by calling chmod(2). The call to +chmod(2) is subject to a symlink race, so that the permissions may +`restored' on some other file. + +Note that the pppd program is installed set-user-ID to root, so that +any file's permissions may be changed in this fashion. + +III. Impact + +A malicious local user may exploit the race condition to acquire write +permissions to a critical system file, such as /etc/crontab, and +leverage the situation to acquire escalated privileges. + +In FreeBSD 4.4-RELEASE and later, the local user must be in group +`dialer' in order to run pppd and attempt to exploit this race. + +IV. Workaround + +Remove the set-user-ID bit from pppd by executing the following +command as root: + +# chmod u-s /usr/sbin/pppd + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, +RELENG_4_5, or RELENG_4_4 security branch dated after the correction +date (4.6.1-RELEASE-p2, 4.5-RELEASE-p11, or 4.4-RELEASE-p18). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, +and 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/pppd +# make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +usr.sbin/pppd/main.c + RELENG_4 1.19.2.1 + RELENG_4_6 1.19.10.1 + RELENG_4_5 1.19.8.1 + RELENG_4_4 1.19.6.1 +sys/conf/newvers.sh + RELENG_4_6 1.44.2.23.2.7 + RELENG_4_5 1.44.2.20.2.12 + RELENG_4_4 1.44.2.17.2.17 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPUfQ4VUuHi5z0oilAQGaYwP/djtLXxRveB2xDy54hACNSArKnfAbEwEP +PisB8Er2Zl4CmwnKx3BO8zWoV+nb7afcWGoy2eU14b/sXTLpInpx+823J8nP3BUK +bsUInanuFxX6LfSTbzjRT+8wxxXKO4oarPFfxfVis09ekjO+FqTtm2pAV13ug/+s +Wrb8IG4YYVA= +=tfMD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:33.openssl.asc b/share/security/advisories/FreeBSD-SA-02:33.openssl.asc new file mode 100644 index 0000000000..7c223bc076 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:33.openssl.asc @@ -0,0 +1,2018 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:33.openssl Security Advisory + The FreeBSD Project + +Topic: openssl contains multiple vulnerabilities + +Category: core +Module: crypto/openssl +Announced: 2002-08-05 +Credits: A.L. Digital Ltd + The Bunker + The OpenSSL Project + Adi Stav + James Yonan + Dr. Stephen Henson + Neohapsis +Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p9 +Corrected: 2002-08-05 16:27:52 UTC (RELENG_4) + 2002-08-05 16:28:18 UTC (RELENG_4_6) + 2002-08-05 16:28:40 UTC (RELENG_4_5) + 2002-08-05 16:28:58 UTC (RELENG_4_4) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-07-31 Initial release +v1.1 2002-08-05 Corrected patch; updated list of affected utilities + +I. Background + +FreeBSD includes software from the OpenSSL Project. The +OpenSSL Project is a collaborative effort to develop a robust, +commercial-grade, full-featured, and Open Source toolkit implementing +the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS +v1) protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +The OpenSSL libraries contain multiple buffer overflows, including +errors in the handling of the client master key in the SSL2 protocol +implementation; the handling of the session ID in the SSL3 protocol; +and in the handling of buffers used for representing integers in +ASCII on 64-bit platforms. In addition, arbitrary or intentionally +malicious data passed to the ASN.1 decoder may cause undefined +behavior. + +Please see the OpenSSL Security Advisory in the `References' section +for more details. + +The original correction for this problem (corresponding to the first +revision of this advisory) contained a typo and introduced another +bug. The dates for the original correction were: + +Corrected: 2002-07-30 22:04:59 UTC (RELENG_4) + 2002-07-31 02:54:36 UTC (RELENG_4_6) + 2002-07-31 14:04:45 UTC (RELENG_4_5) + 2002-07-31 16:40:30 UTC (RELENG_4_4) + +III. Impact + +At least one of the buffer overflows is known to be exploitable, and +the others may be as well. A successful exploit of an application +using OpenSSL may result in arbitrary code execution. Both clients +and servers may be attacked. + +IV. Workaround + +Disabling the SSL2 protocol in server applications should render +server exploits harmless. There is no known workaround for client +applications. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, +RELENG_4_5, or RELENG_4_4 security branch dated after the correction +date (4.6.1-RELEASE-p10, 4.5-RELEASE-p18, or 4.4-RELEASE-p25). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, +and 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD versions earlier than 4.6-RELEASE-p3, 4.5-RELEASE-p13, or +4.6-RELEASE-p20] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:33/openssl.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:33/openssl.patch.asc + +[FreeBSD versions 4.6-RELEASE-p3 or later, 4.5-RELEASE-p14 or later, +4.6-RELEASE-p20 or later, and 4.6-STABLE] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:33/openssl2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:33/openssl2.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# find crypto/openssl -size 0c -delete + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of +the base system (i.e. from the Ports Collection or other 3rd-party +sources) must be recompiled if they use OpenSSL (libssl or libcrypto). + +All affected applications must be restarted in order to use the +corrected library. Though it is not required, rebooting may be the +easiest way to accomplish this. + +The following components of the FreeBSD base system are known to +utilize OpenSSL's libssl or libcrypto. System administrators may +choose to recompile only these applications rather than the entire +operating system, though it is not recommended. + +bin/rcp +gnu/usr.bin/cvs/cvs +kerberos5/libexec/hprop +kerberos5/libexec/hpropd +kerberos5/libexec/ipropd-master +kerberos5/libexec/ipropd-slave +kerberos5/libexec/k5admind +kerberos5/libexec/k5passwdd +kerberos5/libexec/kdc +kerberos5/libexec/telnetd +kerberos5/usr.bin/k5admin +kerberos5/usr.bin/k5destroy +kerberos5/usr.bin/k5init +kerberos5/usr.bin/k5list +kerberos5/usr.bin/k5passwd +kerberos5/usr.bin/k5su +kerberos5/usr.bin/telnet +kerberos5/usr.sbin/k5stash +kerberos5/usr.sbin/ktutil +kerberosIV/libexec/kauthd +kerberosIV/libexec/kipd +kerberosIV/libexec/kpropd +kerberosIV/libexec/telnetd +kerberosIV/usr.bin/kadmin +kerberosIV/usr.bin/kauth +kerberosIV/usr.bin/kdestroy +kerberosIV/usr.bin/kinit +kerberosIV/usr.bin/klist +kerberosIV/usr.bin/telnet +kerberosIV/usr.sbin/ext_srvtab +kerberosIV/usr.sbin/kadmind +kerberosIV/usr.sbin/kdb_destroy +kerberosIV/usr.sbin/kdb_edit +kerberosIV/usr.sbin/kdb_init +kerberosIV/usr.sbin/kdb_util +kerberosIV/usr.sbin/kerberos +kerberosIV/usr.sbin/kip +kerberosIV/usr.sbin/kprop +kerberosIV/usr.sbin/ksrvutil +kerberosIV/usr.sbin/kstash +lib/libpam/modules/pam_kerberosIV +lib/libpam/modules/pam_krb5 +lib/libpam/modules/pam_ssh +sbin/dump +sbin/md5 +sbin/mount_nfs +sbin/nfsd +sbin/restore +secure/lib/libssh +secure/libexec/sftp-server +secure/libexec/ssh-keysign +secure/libexec/telnetd +secure/usr.bin/sftp +secure/usr.bin/ssh +secure/usr.bin/ssh-add +secure/usr.bin/ssh-agent +secure/usr.bin/ssh-keygen +secure/usr.bin/ssh-keyscan +secure/usr.bin/telnet +secure/usr.sbin/sshd +usr.bin/passwd +usr.bin/rlogin +usr.bin/rsh +usr.bin/su +usr.sbin/pkg_install/sign +usr.sbin/ppp +usr.sbin/pppd +usr.sbin/sendmail +usr.sbin/tcpdump/tcpdump + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssl/CHANGES 1.1.1.1.2.3 + src/crypto/openssl/Configure 1.1.1.1.2.3 + src/crypto/openssl/FAQ 1.1.1.1.2.4 + src/crypto/openssl/FREEBSD-Xlist 1.1.2.3 + src/crypto/openssl/INSTALL 1.1.1.1.2.3 + src/crypto/openssl/LICENSE 1.1.1.1.2.3 + src/crypto/openssl/Makefile.org 1.1.1.1.2.4 + src/crypto/openssl/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/NEWS 1.1.1.1.2.4 + src/crypto/openssl/PROBLEMS 1.1.1.1.2.1 + src/crypto/openssl/README 1.1.1.1.2.4 + src/crypto/openssl/README.ENGINE 1.1.1.1.2.2 + src/crypto/openssl/STATUS Removed + src/crypto/openssl/TABLE Removed + src/crypto/openssl/apps/CA.pl 1.1.1.1.2.3 + src/crypto/openssl/apps/Makefile.save Removed + src/crypto/openssl/apps/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/apps/apps.c 1.1.1.1.2.3 + src/crypto/openssl/apps/asn1pars.c 1.1.1.1.2.3 + src/crypto/openssl/apps/ca.c 1.1.1.1.2.3 + src/crypto/openssl/apps/der_chop 1.1.1.1.2.2 + src/crypto/openssl/apps/dgst.c 1.1.1.1.2.3 + src/crypto/openssl/apps/dsaparam.c 1.1.1.1.2.4 + src/crypto/openssl/apps/eay.c Removed + src/crypto/openssl/apps/enc.c 1.1.1.1.2.3 + src/crypto/openssl/apps/openssl.c 1.1.1.1.2.3 + src/crypto/openssl/apps/openssl.cnf 1.1.1.1.2.5 + src/crypto/openssl/apps/pem_mail.c Removed + src/crypto/openssl/apps/pkcs12.c 1.1.1.1.2.3 + src/crypto/openssl/apps/pkcs7.c 1.1.1.1.2.3 + src/crypto/openssl/apps/req.c 1.1.1.1.2.4 + src/crypto/openssl/apps/rsa/01.pem Removed + src/crypto/openssl/apps/rsa/1.txt Removed + src/crypto/openssl/apps/rsa/SecureServer.pem Removed + src/crypto/openssl/apps/rsa/s.txt Removed + src/crypto/openssl/apps/s_client.c 1.1.1.1.2.4 + src/crypto/openssl/apps/s_time.c 1.1.1.1.2.2 + src/crypto/openssl/apps/smime.c 1.1.1.1.2.3 + src/crypto/openssl/apps/speed.c 1.3.2.4 + src/crypto/openssl/apps/tkca Removed + src/crypto/openssl/apps/x509.c 1.1.1.1.2.4 + src/crypto/openssl/certs/rsa-ssca.pem Removed + src/crypto/openssl/config 1.1.1.1.2.4 + src/crypto/openssl/crypto/Makefile.save Removed + src/crypto/openssl/crypto/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/asn1/Makefile.save Removed + src/crypto/openssl/crypto/asn1/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/asn1/a_bitstr.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/a_enum.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/a_gentm.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/a_int.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/a_set.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/asn1/a_sign.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/a_strnid.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/asn1/a_time.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/a_utctm.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.5 + src/crypto/openssl/crypto/asn1/d2i_dhp.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/asn1/d2i_dsap.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/d2i_r_pr.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/asn1/pkcs8.c Removed + src/crypto/openssl/crypto/asn1/t_pkey.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/t_x509.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/asn1/x_pubkey.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bf/Makefile.save Removed + src/crypto/openssl/crypto/bf/Makefile.uni Removed + src/crypto/openssl/crypto/bio/Makefile.save Removed + src/crypto/openssl/crypto/bio/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/bio/b_print.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bio/b_sock.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/bio/bf_buff.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bio/bf_lbuf.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/bio/bf_nbio.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bio/bio.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/bio/bss_bio.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bio/bss_log.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bn/Makefile.save Removed + src/crypto/openssl/crypto/bn/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/bn/asm/ia64.S 1.1.1.1.2.1 + src/crypto/openssl/crypto/bn/asm/mips3.s 1.1.1.1.2.3 + src/crypto/openssl/crypto/bn/bn.h 1.1.1.1.2.4 + src/crypto/openssl/crypto/bn/bn_comba.c Removed + src/crypto/openssl/crypto/bn/bn_div.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/bn/bn_gcd.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/bn/bn_mont.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bn/bn_mul.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bn/bn_opts.c Removed + src/crypto/openssl/crypto/bn/bn_prime.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/bn/bn_rand.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/bn/bn_sqr.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bn/comba.pl Removed + src/crypto/openssl/crypto/bn/d.c Removed + src/crypto/openssl/crypto/bn/new Removed + src/crypto/openssl/crypto/bn/old/b_sqr.c Removed + src/crypto/openssl/crypto/bn/old/bn_com.c Removed + src/crypto/openssl/crypto/bn/old/bn_high.c Removed + src/crypto/openssl/crypto/bn/old/bn_ka.c Removed + src/crypto/openssl/crypto/bn/old/bn_low.c Removed + src/crypto/openssl/crypto/bn/old/bn_m.c Removed + src/crypto/openssl/crypto/bn/old/bn_mul.c.works Removed + src/crypto/openssl/crypto/bn/old/bn_wmul.c Removed + src/crypto/openssl/crypto/bn/old/build Removed + src/crypto/openssl/crypto/bn/old/info Removed + src/crypto/openssl/crypto/bn/old/test.works Removed + src/crypto/openssl/crypto/buffer/Makefile.save Removed + src/crypto/openssl/crypto/buffer/buffer.h 1.1.1.1.2.1 + src/crypto/openssl/crypto/cast/Makefile.save Removed + src/crypto/openssl/crypto/cast/Makefile.uni Removed + src/crypto/openssl/crypto/comp/Makefile.save Removed + src/crypto/openssl/crypto/comp/Makefile.ssl 1.1.1.1.2.3 + src/crypto/openssl/crypto/comp/comp.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/conf/Makefile.save Removed + src/crypto/openssl/crypto/conf/Makefile.ssl 1.1.1.1.2.3 + src/crypto/openssl/crypto/conf/conf.c Removed + src/crypto/openssl/crypto/conf/conf.h 1.1.1.1.2.4 + src/crypto/openssl/crypto/conf/conf_api.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/conf/conf_def.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/conf/conf_def.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/conf/conf_lcl.h Removed + src/crypto/openssl/crypto/conf/keysets.pl 1.1.1.1.2.2 + src/crypto/openssl/crypto/cryptlib.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/cryptlib.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/crypto.h 1.1.1.1.2.4 + src/crypto/openssl/crypto/des/DES.pod Removed + src/crypto/openssl/crypto/des/MODES.DES Removed + src/crypto/openssl/crypto/des/Makefile.PL Removed + src/crypto/openssl/crypto/des/Makefile.lit Removed + src/crypto/openssl/crypto/des/Makefile.save Removed + src/crypto/openssl/crypto/des/Makefile.uni Removed + src/crypto/openssl/crypto/des/PC1 Removed + src/crypto/openssl/crypto/des/PC2 Removed + src/crypto/openssl/crypto/des/des.h 1.2.2.4 + src/crypto/openssl/crypto/des/des.man Removed + src/crypto/openssl/crypto/des/des.pl Removed + src/crypto/openssl/crypto/des/des_crypt.man Removed + src/crypto/openssl/crypto/des/doIP Removed + src/crypto/openssl/crypto/des/doPC1 Removed + src/crypto/openssl/crypto/des/doPC2 Removed + src/crypto/openssl/crypto/des/fcrypt.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/des/podd.h Removed + src/crypto/openssl/crypto/des/read_pwd.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/des/rnd_keys.c 1.1.2.3 + src/crypto/openssl/crypto/des/shifts.pl Removed + src/crypto/openssl/crypto/des/sk.h Removed + src/crypto/openssl/crypto/des/supp.c Removed + src/crypto/openssl/crypto/des/testdes.pl Removed + src/crypto/openssl/crypto/dh/Makefile.save Removed + src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/dh/dh_gen.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/dh/dh_lib.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/dh/dhtest.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/dsa/Makefile.save Removed + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/dsa/dsa_asn1.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/dsa/dsa_lib.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/dso/dso.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/dso/dso_dlfcn.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/ebcdic.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/err/Makefile.save Removed + src/crypto/openssl/crypto/err/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/err/err.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/err/err.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/err/err_all.c 1.2.2.4 + src/crypto/openssl/crypto/evp/Makefile.save Removed + src/crypto/openssl/crypto/evp/bio_b64.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/evp/bio_enc.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/evp/c_allc.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/evp/c_alld.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/evp/e_bf.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/evp/e_cbc_3d.c Removed + src/crypto/openssl/crypto/evp/e_cbc_bf.c Removed + src/crypto/openssl/crypto/evp/e_cbc_c.c Removed + src/crypto/openssl/crypto/evp/e_cbc_d.c Removed + src/crypto/openssl/crypto/evp/e_cbc_i.c Removed + src/crypto/openssl/crypto/evp/e_cbc_r2.c Removed + src/crypto/openssl/crypto/evp/e_cbc_r5.c Removed + src/crypto/openssl/crypto/evp/e_cfb_3d.c Removed + src/crypto/openssl/crypto/evp/e_cfb_bf.c Removed + src/crypto/openssl/crypto/evp/e_cfb_c.c Removed + src/crypto/openssl/crypto/evp/e_cfb_d.c Removed + src/crypto/openssl/crypto/evp/e_cfb_i.c Removed + src/crypto/openssl/crypto/evp/e_cfb_r2.c Removed + src/crypto/openssl/crypto/evp/e_cfb_r5.c Removed + src/crypto/openssl/crypto/evp/e_ecb_3d.c Removed + src/crypto/openssl/crypto/evp/e_ecb_bf.c Removed + src/crypto/openssl/crypto/evp/e_ecb_c.c Removed + src/crypto/openssl/crypto/evp/e_ecb_d.c Removed + src/crypto/openssl/crypto/evp/e_ecb_i.c Removed + src/crypto/openssl/crypto/evp/e_ecb_r2.c Removed + src/crypto/openssl/crypto/evp/e_ecb_r5.c Removed + src/crypto/openssl/crypto/evp/e_ofb_3d.c Removed + src/crypto/openssl/crypto/evp/e_ofb_bf.c Removed + src/crypto/openssl/crypto/evp/e_ofb_c.c Removed + src/crypto/openssl/crypto/evp/e_ofb_d.c Removed + src/crypto/openssl/crypto/evp/e_ofb_i.c Removed + src/crypto/openssl/crypto/evp/e_ofb_r2.c Removed + src/crypto/openssl/crypto/evp/e_ofb_r5.c Removed + src/crypto/openssl/crypto/evp/encode.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/evp/evp.h 1.2.2.4 + src/crypto/openssl/crypto/evp/evp_key.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/evp/m_md4.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/hmac/Makefile.save Removed + src/crypto/openssl/crypto/idea/Makefile.save Removed + src/crypto/openssl/crypto/idea/Makefile.ssl 1.4.2.4 + src/crypto/openssl/crypto/idea/Makefile.uni Removed + src/crypto/openssl/crypto/idea/i_cbc.c 1.4.2.4 + src/crypto/openssl/crypto/idea/i_cfb64.c 1.4.2.4 + src/crypto/openssl/crypto/idea/i_ecb.c 1.4.2.4 + src/crypto/openssl/crypto/idea/i_ofb64.c 1.4.2.4 + src/crypto/openssl/crypto/idea/i_skey.c 1.4.2.4 + src/crypto/openssl/crypto/idea/idea.h 1.4.2.4 + src/crypto/openssl/crypto/idea/idea_lcl.h 1.4.2.4 + src/crypto/openssl/crypto/idea/idea_spd.c 1.4.2.4 + src/crypto/openssl/crypto/idea/ideatest.c 1.4.2.4 + src/crypto/openssl/crypto/idea/version 1.4.2.4 + src/crypto/openssl/crypto/lhash/Makefile.save Removed + src/crypto/openssl/crypto/lhash/lh_test.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/md2/Makefile.save Removed + src/crypto/openssl/crypto/md2/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/md32_common.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/md4/md4_locl.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/md5/Makefile.save Removed + src/crypto/openssl/crypto/md5/Makefile.uni Removed + src/crypto/openssl/crypto/md5/md5_locl.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/mdc2/Makefile.save Removed + src/crypto/openssl/crypto/objects/Makefile.save Removed + src/crypto/openssl/crypto/objects/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/objects/o_names.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/objects/obj_dat.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/objects/obj_dat.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/objects/obj_dat.pl 1.1.1.1.2.3 + src/crypto/openssl/crypto/objects/obj_mac.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/objects/obj_mac.num 1.1.1.1.2.2 + src/crypto/openssl/crypto/objects/objects.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/objects/objects.pl 1.1.1.1.2.2 + src/crypto/openssl/crypto/objects/objects.txt 1.1.1.1.2.2 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.4 + src/crypto/openssl/crypto/pem/Makefile.save Removed + src/crypto/openssl/crypto/pem/pem.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/pem/pem2.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/pem/pem_info.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/pem/pem_lib.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/perlasm/x86nasm.pl 1.1.1.1.2.1 + src/crypto/openssl/crypto/perlasm/x86unix.pl 1.1.1.1.2.2 + src/crypto/openssl/crypto/pkcs12/Makefile.save Removed + src/crypto/openssl/crypto/pkcs12/pkcs12.h 1.1.1.1.2.4 + src/crypto/openssl/crypto/pkcs7/Makefile.save Removed + src/crypto/openssl/crypto/pkcs7/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/pkcs7/README Removed + src/crypto/openssl/crypto/pkcs7/pk7_attr.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/pkcs7/pkcs7.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/pkcs7/verify.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/rand/Makefile.save Removed + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.1.2.5 + src/crypto/openssl/crypto/rand/rand.h 1.1.1.1.2.4 + src/crypto/openssl/crypto/rand/rand_egd.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/rand/rand_win.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/rand/randfile.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/rc2/Makefile.save Removed + src/crypto/openssl/crypto/rc2/Makefile.uni Removed + src/crypto/openssl/crypto/rc4/Makefile.save Removed + src/crypto/openssl/crypto/rc4/Makefile.uni Removed + src/crypto/openssl/crypto/rc5/Makefile.save Removed + src/crypto/openssl/crypto/rc5/Makefile.uni Removed + src/crypto/openssl/crypto/ripemd/Makefile.save Removed + src/crypto/openssl/crypto/ripemd/Makefile.uni Removed + src/crypto/openssl/crypto/ripemd/rmd_locl.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/rsa/Makefile.save Removed + src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.5 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.3 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.4 + src/crypto/openssl/crypto/rsa/rsa_oaep.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/rsa/rsa_oaep_test.c Removed + src/crypto/openssl/crypto/sha/Makefile.save Removed + src/crypto/openssl/crypto/sha/Makefile.uni Removed + src/crypto/openssl/crypto/sha/sha_locl.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/stack/Makefile.save Removed + src/crypto/openssl/crypto/tmdiff.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/txt_db/Makefile.save Removed + src/crypto/openssl/crypto/txt_db/txt_db.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509/Makefile.save Removed + src/crypto/openssl/crypto/x509/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/x509/x509.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509/x509_obj.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/x509/x509_trs.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509/x509_txt.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509/x509_vfy.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509v3/Makefile.save Removed + src/crypto/openssl/crypto/x509v3/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/x509v3/README Removed + src/crypto/openssl/crypto/x509v3/v3_ia5.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509v3/v3_utl.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509v3/x509v3.h 1.1.1.1.2.3 + src/crypto/openssl/demos/b64.c 1.1.1.1.2.2 + src/crypto/openssl/demos/maurice/example1.c 1.1.1.1.2.1 + src/crypto/openssl/demos/maurice/loadkeys.c 1.1.1.1.2.1 + src/crypto/openssl/dep/crypto.txt Removed + src/crypto/openssl/dep/files Removed + src/crypto/openssl/dep/gen.pl Removed + src/crypto/openssl/dep/ssl.txt Removed + src/crypto/openssl/doc/apps/ca.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/crl2pkcs7.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/apps/enc.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/apps/openssl.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/rsautl.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/apps/s_server.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/smime.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/verify.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto.pod Removed + src/crypto/openssl/doc/crypto/BN_bn2bin.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/BN_rand.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/crypto/EVP_DigestInit.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/EVP_SignInit.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/RSA_check_key.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/crypto/RSA_generate_key.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/crypto/bio.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/crypto/blowfish.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/bn.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/crypto.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/des_modes.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/err.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/rand.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/rsa.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/threads.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/openssl.pod Removed + src/crypto/openssl/doc/ssl.pod Removed + src/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_free.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 1.1.1.2.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_new.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod 1.1.1.2.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 1.1.1.2.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod 1.1.1.2.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod 1.1.1.2.2.2 + src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_accept.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_alert_type_string.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_clear.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_connect.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_do_handshake.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod 1.1.1.2.2.2 + src/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_get_error.pod 1.1.1.1.2.4 + src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_get_session.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_new.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_read.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_rstate_string.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_session_reused.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_set_session.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/ssl/SSL_shutdown.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/SSL_state_string.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_want.pod 1.1.1.1.2.1 + src/crypto/openssl/doc/ssl/SSL_write.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod 1.1.1.2.2.2 + src/crypto/openssl/doc/ssl/ssl.pod 1.1.1.1.2.4 + src/crypto/openssl/doc/ssleay.txt 1.1.1.1.2.3 + src/crypto/openssl/e_os.h 1.1.1.1.2.4 + src/crypto/openssl/e_os2.h 1.1.1.1.2.2 + src/crypto/openssl/mt/README Removed + src/crypto/openssl/mt/mttest.c Removed + src/crypto/openssl/mt/profile.sh Removed + src/crypto/openssl/mt/pthread.sh Removed + src/crypto/openssl/mt/purify.sh Removed + src/crypto/openssl/mt/solaris.sh Removed + src/crypto/openssl/openssl.spec 1.1.1.1.2.3 + src/crypto/openssl/shlib/Makefile.hpux10-cc Removed + src/crypto/openssl/shlib/hpux10-cc.sh Removed + src/crypto/openssl/shlib/irix.sh Removed + src/crypto/openssl/shlib/solaris-sc4.sh Removed + src/crypto/openssl/shlib/solaris.sh Removed + src/crypto/openssl/shlib/sun.sh Removed + src/crypto/openssl/ssl/Makefile.save Removed + src/crypto/openssl/ssl/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/ssl/s23_clnt.c 1.2.2.4 + src/crypto/openssl/ssl/s23_lib.c 1.2.2.4 + src/crypto/openssl/ssl/s23_pkt.c 1.1.1.1.2.2 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.4 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.4 + src/crypto/openssl/ssl/s2_enc.c 1.2.2.4 + src/crypto/openssl/ssl/s2_lib.c 1.2.2.4 + src/crypto/openssl/ssl/s2_meth.c 1.2.2.4 + src/crypto/openssl/ssl/s2_pkt.c 1.2.2.4 + src/crypto/openssl/ssl/s2_srvr.c 1.2.2.4 + src/crypto/openssl/ssl/s3_both.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/ssl.h 1.1.1.1.2.4 + src/crypto/openssl/ssl/ssl2.h 1.1.1.1.2.4 + src/crypto/openssl/ssl/ssl3.h 1.1.1.1.2.3 + src/crypto/openssl/ssl/ssl_asn1.c 1.1.1.1.2.3 + src/crypto/openssl/ssl/ssl_cert.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/ssl_err.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/ssl_locl.h 1.1.1.1.2.4 + src/crypto/openssl/ssl/ssl_sess.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/ssl_stat.c 1.1.1.1.2.2 + src/crypto/openssl/ssl/ssltest.c 1.1.1.1.2.3 + src/crypto/openssl/ssl/t1_enc.c 1.1.1.1.2.4 + src/crypto/openssl/test/Makefile.save Removed + src/crypto/openssl/test/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/test/bctest 1.1.1.2.2.2 + src/crypto/openssl/test/dsa-ca.pem Removed + src/crypto/openssl/test/dsa-pca.pem Removed + src/crypto/openssl/test/testss 1.1.1.1.2.2 + src/crypto/openssl/tools/c89.sh 1.1.1.1.2.1 + src/crypto/openssl/tools/c_rehash 1.1.1.1.2.3 + src/crypto/openssl/util/dirname.pl 1.1.1.1.2.1 + src/crypto/openssl/util/domd 1.1.1.1.2.2 + src/crypto/openssl/util/libeay.num 1.1.1.1.2.4 + src/crypto/openssl/util/mk1mf.pl 1.1.1.1.2.3 + src/crypto/openssl/util/mkdef.pl 1.1.1.1.2.4 + src/crypto/openssl/util/mkerr.pl 1.1.1.1.2.3 + src/crypto/openssl/util/pl/BC-32.pl 1.1.1.1.2.3 + src/crypto/openssl/util/pl/Mingw32.pl 1.1.1.1.2.4 + src/crypto/openssl/util/pl/VC-32.pl 1.1.1.1.2.3 + src/crypto/openssl/util/pod2man.pl 1.1.1.1.2.3 + src/crypto/openssl/util/pod2mantest 1.1.1.1.2.1 + src/crypto/openssl/util/pod2mantest.pod 1.1.1.1.2.1 + src/crypto/openssl/util/selftest.pl 1.1.1.1.2.3 + src/crypto/openssl/util/sep_lib.sh Removed + src/crypto/openssl/util/ssleay.num 1.1.1.1.2.3 + src/secure/lib/libcrypto/Makefile 1.15.2.13 + src/secure/lib/libcrypto/des_crypt.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/opensslconf-alpha.h 1.1.2.3 +RELENG_4_6 + src/crypto/openssl/CHANGES 1.1.1.1.2.2.6.1 + src/crypto/openssl/Configure 1.1.1.1.2.2.6.1 + src/crypto/openssl/FAQ 1.1.1.1.2.3.6.1 + src/crypto/openssl/FREEBSD-Xlist 1.1.2.2.6.1 + src/crypto/openssl/INSTALL 1.1.1.1.2.2.8.1 + src/crypto/openssl/LICENSE 1.1.1.1.2.2.6.1 + src/crypto/openssl/Makefile.org 1.1.1.1.2.3.6.1 + src/crypto/openssl/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/NEWS 1.1.1.1.2.3.6.1 + src/crypto/openssl/README 1.1.1.1.2.3.6.1 + src/crypto/openssl/README.ENGINE 1.1.1.1.2.1.8.1 + src/crypto/openssl/STATUS Removed + src/crypto/openssl/TABLE Removed + src/crypto/openssl/apps/CA.pl 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/Makefile.save Removed + src/crypto/openssl/apps/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/apps/apps.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/asn1pars.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/ca.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/der_chop 1.1.1.1.2.1.8.1 + src/crypto/openssl/apps/dgst.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/dsaparam.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/apps/eay.c Removed + src/crypto/openssl/apps/enc.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/openssl.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/pem_mail.c Removed + src/crypto/openssl/apps/pkcs12.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/pkcs7.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/req.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/apps/rsa/01.pem Removed + src/crypto/openssl/apps/rsa/1.txt Removed + src/crypto/openssl/apps/rsa/SecureServer.pem Removed + src/crypto/openssl/apps/rsa/s.txt Removed + src/crypto/openssl/apps/s_client.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/apps/s_time.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/apps/smime.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/speed.c 1.3.2.3.6.1 + src/crypto/openssl/apps/tkca Removed + src/crypto/openssl/apps/x509.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/certs/rsa-ssca.pem Removed + src/crypto/openssl/config 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/Makefile.save Removed + src/crypto/openssl/crypto/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/asn1/Makefile.save Removed + src/crypto/openssl/crypto/asn1/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/asn1/a_bitstr.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/a_enum.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/a_gentm.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/a_int.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/a_set.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/asn1/a_sign.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/a_strnid.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/asn1/a_time.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/a_utctm.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/asn1/d2i_dhp.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/asn1/d2i_dsap.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/d2i_r_pr.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/asn1/pkcs8.c Removed + src/crypto/openssl/crypto/asn1/t_pkey.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/t_x509.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/x_pubkey.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bf/Makefile.save Removed + src/crypto/openssl/crypto/bf/Makefile.uni Removed + src/crypto/openssl/crypto/bio/Makefile.save Removed + src/crypto/openssl/crypto/bio/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/bio/b_print.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bio/b_sock.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/bio/bf_buff.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bio/bf_lbuf.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/bio/bf_nbio.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bio/bio.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bio/bss_bio.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bio/bss_log.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bn/Makefile.save Removed + src/crypto/openssl/crypto/bn/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/bn/asm/mips3.s 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bn/bn.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/bn/bn_comba.c Removed + src/crypto/openssl/crypto/bn/bn_div.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/bn/bn_gcd.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/bn/bn_mont.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bn/bn_mul.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bn/bn_opts.c Removed + src/crypto/openssl/crypto/bn/bn_prime.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/bn/bn_rand.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/bn/bn_sqr.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bn/comba.pl Removed + src/crypto/openssl/crypto/bn/d.c Removed + src/crypto/openssl/crypto/bn/new Removed + src/crypto/openssl/crypto/bn/old/b_sqr.c Removed + src/crypto/openssl/crypto/bn/old/bn_com.c Removed + src/crypto/openssl/crypto/bn/old/bn_high.c Removed + src/crypto/openssl/crypto/bn/old/bn_ka.c Removed + src/crypto/openssl/crypto/bn/old/bn_low.c Removed + src/crypto/openssl/crypto/bn/old/bn_m.c Removed + src/crypto/openssl/crypto/bn/old/bn_mul.c.works Removed + src/crypto/openssl/crypto/bn/old/bn_wmul.c Removed + src/crypto/openssl/crypto/bn/old/build Removed + src/crypto/openssl/crypto/bn/old/info Removed + src/crypto/openssl/crypto/bn/old/test.works Removed + src/crypto/openssl/crypto/buffer/Makefile.save Removed + src/crypto/openssl/crypto/buffer/buffer.h 1.1.1.1.10.1 + src/crypto/openssl/crypto/cast/Makefile.save Removed + src/crypto/openssl/crypto/cast/Makefile.uni Removed + src/crypto/openssl/crypto/comp/Makefile.save Removed + src/crypto/openssl/crypto/comp/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/comp/comp.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/conf/Makefile.save Removed + src/crypto/openssl/crypto/conf/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/conf/conf.c Removed + src/crypto/openssl/crypto/conf/conf.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/conf/conf_api.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/conf/conf_def.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/conf/conf_def.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/conf/conf_lcl.h Removed + src/crypto/openssl/crypto/conf/keysets.pl 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/cryptlib.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/cryptlib.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/crypto.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/des/DES.pod Removed + src/crypto/openssl/crypto/des/MODES.DES Removed + src/crypto/openssl/crypto/des/Makefile.PL Removed + src/crypto/openssl/crypto/des/Makefile.lit Removed + src/crypto/openssl/crypto/des/Makefile.save Removed + src/crypto/openssl/crypto/des/Makefile.uni Removed + src/crypto/openssl/crypto/des/PC1 Removed + src/crypto/openssl/crypto/des/PC2 Removed + src/crypto/openssl/crypto/des/des.h 1.2.2.3.6.1 + src/crypto/openssl/crypto/des/des.man Removed + src/crypto/openssl/crypto/des/des.pl Removed + src/crypto/openssl/crypto/des/des_crypt.man Removed + src/crypto/openssl/crypto/des/doIP Removed + src/crypto/openssl/crypto/des/doPC1 Removed + src/crypto/openssl/crypto/des/doPC2 Removed + src/crypto/openssl/crypto/des/fcrypt.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/des/podd.h Removed + src/crypto/openssl/crypto/des/read_pwd.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/des/shifts.pl Removed + src/crypto/openssl/crypto/des/sk.h Removed + src/crypto/openssl/crypto/des/supp.c Removed + src/crypto/openssl/crypto/des/testdes.pl Removed + src/crypto/openssl/crypto/dh/Makefile.save Removed + src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/dh/dh_gen.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/dh/dh_lib.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/dh/dhtest.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/dsa/Makefile.save Removed + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/dsa/dsa_asn1.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/dsa/dsa_lib.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/dso/dso.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/dso/dso_dlfcn.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/ebcdic.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/err/Makefile.save Removed + src/crypto/openssl/crypto/err/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/err/err.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/err/err.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/evp/Makefile.save Removed + src/crypto/openssl/crypto/evp/bio_b64.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/evp/bio_enc.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/evp/c_allc.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/evp/c_alld.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/evp/e_bf.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/evp/e_cbc_3d.c Removed + src/crypto/openssl/crypto/evp/e_cbc_bf.c Removed + src/crypto/openssl/crypto/evp/e_cbc_c.c Removed + src/crypto/openssl/crypto/evp/e_cbc_d.c Removed + src/crypto/openssl/crypto/evp/e_cbc_i.c Removed + src/crypto/openssl/crypto/evp/e_cbc_r2.c Removed + src/crypto/openssl/crypto/evp/e_cbc_r5.c Removed + src/crypto/openssl/crypto/evp/e_cfb_3d.c Removed + src/crypto/openssl/crypto/evp/e_cfb_bf.c Removed + src/crypto/openssl/crypto/evp/e_cfb_c.c Removed + src/crypto/openssl/crypto/evp/e_cfb_d.c Removed + src/crypto/openssl/crypto/evp/e_cfb_i.c Removed + src/crypto/openssl/crypto/evp/e_cfb_r2.c Removed + src/crypto/openssl/crypto/evp/e_cfb_r5.c Removed + src/crypto/openssl/crypto/evp/e_ecb_3d.c Removed + src/crypto/openssl/crypto/evp/e_ecb_bf.c Removed + src/crypto/openssl/crypto/evp/e_ecb_c.c Removed + src/crypto/openssl/crypto/evp/e_ecb_d.c Removed + src/crypto/openssl/crypto/evp/e_ecb_i.c Removed + src/crypto/openssl/crypto/evp/e_ecb_r2.c Removed + src/crypto/openssl/crypto/evp/e_ecb_r5.c Removed + src/crypto/openssl/crypto/evp/e_ofb_3d.c Removed + src/crypto/openssl/crypto/evp/e_ofb_bf.c Removed + src/crypto/openssl/crypto/evp/e_ofb_c.c Removed + src/crypto/openssl/crypto/evp/e_ofb_d.c Removed + src/crypto/openssl/crypto/evp/e_ofb_i.c Removed + src/crypto/openssl/crypto/evp/e_ofb_r2.c Removed + src/crypto/openssl/crypto/evp/e_ofb_r5.c Removed + src/crypto/openssl/crypto/evp/encode.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/evp/evp.h 1.2.2.3.6.1 + src/crypto/openssl/crypto/evp/evp_key.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/evp/m_md4.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/hmac/Makefile.save Removed + src/crypto/openssl/crypto/idea/Makefile.save Removed + src/crypto/openssl/crypto/idea/Makefile.uni Removed + src/crypto/openssl/crypto/lhash/Makefile.save Removed + src/crypto/openssl/crypto/lhash/lh_test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md2/Makefile.save Removed + src/crypto/openssl/crypto/md2/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/md32_common.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md4/md4_locl.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md5/Makefile.save Removed + src/crypto/openssl/crypto/md5/Makefile.uni Removed + src/crypto/openssl/crypto/md5/md5_locl.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/mdc2/Makefile.save Removed + src/crypto/openssl/crypto/objects/Makefile.save Removed + src/crypto/openssl/crypto/objects/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/objects/o_names.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/objects/obj_dat.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/objects/obj_dat.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/objects/obj_dat.pl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/objects/obj_mac.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/objects/obj_mac.num 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/objects/objects.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/objects/objects.pl 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/objects/objects.txt 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/pem/Makefile.save Removed + src/crypto/openssl/crypto/pem/pem.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/pem/pem2.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/pem/pem_info.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/pem/pem_lib.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/perlasm/x86nasm.pl 1.1.1.1.10.1 + src/crypto/openssl/crypto/perlasm/x86unix.pl 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/pkcs12/Makefile.save Removed + src/crypto/openssl/crypto/pkcs12/pkcs12.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/pkcs7/Makefile.save Removed + src/crypto/openssl/crypto/pkcs7/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/pkcs7/README Removed + src/crypto/openssl/crypto/pkcs7/pk7_attr.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/pkcs7/pkcs7.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/pkcs7/verify.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rand/Makefile.save Removed + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.1.2.4.6.1 + src/crypto/openssl/crypto/rand/rand.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/rand/rand_egd.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/rand/rand_win.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/rand/randfile.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/rc2/Makefile.save Removed + src/crypto/openssl/crypto/rc2/Makefile.uni Removed + src/crypto/openssl/crypto/rc4/Makefile.save Removed + src/crypto/openssl/crypto/rc4/Makefile.uni Removed + src/crypto/openssl/crypto/rc5/Makefile.save Removed + src/crypto/openssl/crypto/rc5/Makefile.uni Removed + src/crypto/openssl/crypto/ripemd/Makefile.save Removed + src/crypto/openssl/crypto/ripemd/Makefile.uni Removed + src/crypto/openssl/crypto/ripemd/rmd_locl.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rsa/Makefile.save Removed + src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.4.6.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.2.6.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rsa/rsa_oaep.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/rsa/rsa_oaep_test.c Removed + src/crypto/openssl/crypto/sha/Makefile.save Removed + src/crypto/openssl/crypto/sha/Makefile.uni Removed + src/crypto/openssl/crypto/sha/sha_locl.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/stack/Makefile.save Removed + src/crypto/openssl/crypto/tmdiff.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/txt_db/Makefile.save Removed + src/crypto/openssl/crypto/txt_db/txt_db.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/x509/Makefile.save Removed + src/crypto/openssl/crypto/x509/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/x509/x509.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/x509/x509_obj.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/x509/x509_trs.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/x509/x509_txt.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/x509/x509_vfy.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/x509v3/Makefile.save Removed + src/crypto/openssl/crypto/x509v3/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/x509v3/README Removed + src/crypto/openssl/crypto/x509v3/v3_ia5.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/x509v3/v3_utl.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/x509v3/x509v3.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/demos/b64.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/demos/maurice/example1.c 1.1.1.1.10.1 + src/crypto/openssl/demos/maurice/loadkeys.c 1.1.1.1.10.1 + src/crypto/openssl/dep/crypto.txt Removed + src/crypto/openssl/dep/files Removed + src/crypto/openssl/dep/gen.pl Removed + src/crypto/openssl/dep/ssl.txt Removed + src/crypto/openssl/doc/apps/ca.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/apps/crl2pkcs7.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/apps/enc.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/apps/openssl.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/apps/rsautl.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/apps/s_server.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/apps/smime.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/apps/verify.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto.pod Removed + src/crypto/openssl/doc/crypto/BN_bn2bin.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/BN_rand.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/EVP_DigestInit.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/EVP_SignInit.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/RSA_check_key.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/RSA_generate_key.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/bio.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/blowfish.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/bn.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/crypto.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/des_modes.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/err.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/rand.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/rsa.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/threads.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/openssl.pod Removed + src/crypto/openssl/doc/ssl.pod Removed + src/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_free.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 1.1.1.2.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_new.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod 1.1.1.2.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod 1.1.1.2.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 1.1.1.2.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod 1.1.1.2.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod 1.1.1.2.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod 1.1.1.2.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_accept.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_alert_type_string.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_clear.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_connect.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_do_handshake.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod 1.1.1.2.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_get_error.pod 1.1.1.1.2.3.6.1 + src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_get_session.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_new.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_read.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_rstate_string.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_session_reused.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_set_session.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_shutdown.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/SSL_state_string.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_want.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_write.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod 1.1.1.2.2.1.6.1 + src/crypto/openssl/doc/ssl/ssl.pod 1.1.1.1.2.3.6.1 + src/crypto/openssl/doc/ssleay.txt 1.1.1.1.2.2.6.1 + src/crypto/openssl/e_os.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/e_os2.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/mt/README Removed + src/crypto/openssl/mt/mttest.c Removed + src/crypto/openssl/mt/profile.sh Removed + src/crypto/openssl/mt/pthread.sh Removed + src/crypto/openssl/mt/purify.sh Removed + src/crypto/openssl/mt/solaris.sh Removed + src/crypto/openssl/openssl.spec 1.1.1.1.2.2.6.1 + src/crypto/openssl/shlib/Makefile.hpux10-cc Removed + src/crypto/openssl/shlib/hpux10-cc.sh Removed + src/crypto/openssl/shlib/irix.sh Removed + src/crypto/openssl/shlib/solaris-sc4.sh Removed + src/crypto/openssl/shlib/solaris.sh Removed + src/crypto/openssl/shlib/sun.sh Removed + src/crypto/openssl/ssl/Makefile.save Removed + src/crypto/openssl/ssl/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/s23_clnt.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s23_pkt.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s2_enc.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s2_lib.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s2_pkt.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s2_srvr.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s3_both.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/ssl.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/ssl2.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/ssl3.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/ssl/ssl_asn1.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/ssl/ssl_cert.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/ssl_err.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/ssl_locl.h 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/ssl_sess.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/ssl/ssl_stat.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/ssl/ssltest.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/ssl/t1_enc.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/test/Makefile.save Removed + src/crypto/openssl/test/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/test/bctest 1.1.1.2.2.1.6.1 + src/crypto/openssl/test/dsa-ca.pem Removed + src/crypto/openssl/test/dsa-pca.pem Removed + src/crypto/openssl/test/testss 1.1.1.1.2.1.8.1 + src/crypto/openssl/tools/c89.sh 1.1.1.1.4.1 + src/crypto/openssl/tools/c_rehash 1.1.1.1.2.2.6.1 + src/crypto/openssl/util/dirname.pl 1.1.1.1.4.1 + src/crypto/openssl/util/domd 1.1.1.1.2.1.8.1 + src/crypto/openssl/util/libeay.num 1.1.1.1.2.3.6.1 + src/crypto/openssl/util/mk1mf.pl 1.1.1.1.2.2.8.1 + src/crypto/openssl/util/mkdef.pl 1.1.1.1.2.3.6.1 + src/crypto/openssl/util/mkerr.pl 1.1.1.1.2.2.8.1 + src/crypto/openssl/util/pl/BC-32.pl 1.1.1.1.2.2.8.1 + src/crypto/openssl/util/pl/VC-32.pl 1.1.1.1.2.2.8.1 + src/crypto/openssl/util/pod2man.pl 1.1.1.1.2.2.6.1 + src/crypto/openssl/util/pod2mantest 1.1.1.1.4.1 + src/crypto/openssl/util/pod2mantest.pod 1.1.1.1.4.1 + src/crypto/openssl/util/selftest.pl 1.1.1.1.2.2.8.1 + src/crypto/openssl/util/sep_lib.sh Removed + src/crypto/openssl/util/ssleay.num 1.1.1.1.2.2.8.1 + src/secure/lib/libcrypto/Makefile 1.15.2.11.6.1 + src/secure/lib/libcrypto/des_crypt.3 1.1.1.2.10.1 + src/secure/lib/libcrypto/opensslconf-alpha.h 1.1.2.2.6.1 + src/sys/conf/newvers.sh 1.44.2.23.2.8 +RELENG_4_5 + src/crypto/openssl/CHANGES 1.1.1.1.2.2.4.1 + src/crypto/openssl/Configure 1.1.1.1.2.2.4.1 + src/crypto/openssl/FAQ 1.1.1.1.2.3.4.1 + src/crypto/openssl/FREEBSD-Xlist 1.1.2.2.4.1 + src/crypto/openssl/INSTALL 1.1.1.1.2.2.6.1 + src/crypto/openssl/LICENSE 1.1.1.1.2.2.4.1 + src/crypto/openssl/Makefile.org 1.1.1.1.2.3.4.1 + src/crypto/openssl/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/NEWS 1.1.1.1.2.3.4.1 + src/crypto/openssl/README 1.1.1.1.2.3.4.1 + src/crypto/openssl/README.ENGINE 1.1.1.1.2.1.6.1 + src/crypto/openssl/STATUS Removed + src/crypto/openssl/TABLE Removed + src/crypto/openssl/apps/CA.pl 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/Makefile.save Removed + src/crypto/openssl/apps/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/apps/apps.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/asn1pars.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/ca.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/der_chop 1.1.1.1.2.1.6.1 + src/crypto/openssl/apps/dgst.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/dsaparam.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/apps/eay.c Removed + src/crypto/openssl/apps/enc.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/openssl.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/pem_mail.c Removed + src/crypto/openssl/apps/pkcs12.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/pkcs7.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/req.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/apps/rsa/01.pem Removed + src/crypto/openssl/apps/rsa/1.txt Removed + src/crypto/openssl/apps/rsa/SecureServer.pem Removed + src/crypto/openssl/apps/rsa/s.txt Removed + src/crypto/openssl/apps/s_client.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/apps/s_time.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/apps/smime.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/apps/speed.c 1.3.2.3.4.1 + src/crypto/openssl/apps/tkca Removed + src/crypto/openssl/apps/x509.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/certs/rsa-ssca.pem Removed + src/crypto/openssl/config 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/Makefile.save Removed + src/crypto/openssl/crypto/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/asn1/Makefile.save Removed + src/crypto/openssl/crypto/asn1/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/asn1/a_bitstr.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/a_enum.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/a_gentm.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/a_int.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/a_set.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/asn1/a_sign.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/a_strnid.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/asn1/a_time.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/a_utctm.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.3.4.2 + src/crypto/openssl/crypto/asn1/d2i_dhp.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/asn1/d2i_dsap.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/d2i_r_pr.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/asn1/pkcs8.c Removed + src/crypto/openssl/crypto/asn1/t_pkey.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/t_x509.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/asn1/x_pubkey.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bf/Makefile.save Removed + src/crypto/openssl/crypto/bf/Makefile.uni Removed + src/crypto/openssl/crypto/bio/Makefile.save Removed + src/crypto/openssl/crypto/bio/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/bio/b_print.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bio/b_sock.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/bio/bf_buff.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bio/bf_lbuf.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/bio/bf_nbio.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bio/bio.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bio/bss_bio.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bio/bss_log.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bn/Makefile.save Removed + src/crypto/openssl/crypto/bn/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/bn/asm/mips3.s 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bn/bn.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/bn/bn_comba.c Removed + src/crypto/openssl/crypto/bn/bn_div.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/bn/bn_gcd.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/bn/bn_mont.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bn/bn_mul.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bn/bn_opts.c Removed + src/crypto/openssl/crypto/bn/bn_prime.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/bn/bn_rand.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/bn/bn_sqr.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bn/comba.pl Removed + src/crypto/openssl/crypto/bn/d.c Removed + src/crypto/openssl/crypto/bn/new Removed + src/crypto/openssl/crypto/bn/old/b_sqr.c Removed + src/crypto/openssl/crypto/bn/old/bn_com.c Removed + src/crypto/openssl/crypto/bn/old/bn_high.c Removed + src/crypto/openssl/crypto/bn/old/bn_ka.c Removed + src/crypto/openssl/crypto/bn/old/bn_low.c Removed + src/crypto/openssl/crypto/bn/old/bn_m.c Removed + src/crypto/openssl/crypto/bn/old/bn_mul.c.works Removed + src/crypto/openssl/crypto/bn/old/bn_wmul.c Removed + src/crypto/openssl/crypto/bn/old/build Removed + src/crypto/openssl/crypto/bn/old/info Removed + src/crypto/openssl/crypto/bn/old/test.works Removed + src/crypto/openssl/crypto/buffer/Makefile.save Removed + src/crypto/openssl/crypto/buffer/buffer.h 1.1.1.1.8.1 + src/crypto/openssl/crypto/cast/Makefile.save Removed + src/crypto/openssl/crypto/cast/Makefile.uni Removed + src/crypto/openssl/crypto/comp/Makefile.save Removed + src/crypto/openssl/crypto/comp/Makefile.ssl 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/comp/comp.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/conf/Makefile.save Removed + src/crypto/openssl/crypto/conf/Makefile.ssl 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/conf/conf.c Removed + src/crypto/openssl/crypto/conf/conf.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/conf/conf_api.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/conf/conf_def.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/conf/conf_def.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/conf/conf_lcl.h Removed + src/crypto/openssl/crypto/conf/keysets.pl 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/cryptlib.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/cryptlib.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/crypto.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/des/DES.pod Removed + src/crypto/openssl/crypto/des/MODES.DES Removed + src/crypto/openssl/crypto/des/Makefile.PL Removed + src/crypto/openssl/crypto/des/Makefile.lit Removed + src/crypto/openssl/crypto/des/Makefile.save Removed + src/crypto/openssl/crypto/des/Makefile.uni Removed + src/crypto/openssl/crypto/des/PC1 Removed + src/crypto/openssl/crypto/des/PC2 Removed + src/crypto/openssl/crypto/des/des.h 1.2.2.3.4.1 + src/crypto/openssl/crypto/des/des.man Removed + src/crypto/openssl/crypto/des/des.pl Removed + src/crypto/openssl/crypto/des/des_crypt.man Removed + src/crypto/openssl/crypto/des/doIP Removed + src/crypto/openssl/crypto/des/doPC1 Removed + src/crypto/openssl/crypto/des/doPC2 Removed + src/crypto/openssl/crypto/des/fcrypt.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/des/podd.h Removed + src/crypto/openssl/crypto/des/read_pwd.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/des/shifts.pl Removed + src/crypto/openssl/crypto/des/sk.h Removed + src/crypto/openssl/crypto/des/supp.c Removed + src/crypto/openssl/crypto/des/testdes.pl Removed + src/crypto/openssl/crypto/dh/Makefile.save Removed + src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/dh/dh_gen.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/dh/dh_lib.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/dh/dhtest.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/dsa/Makefile.save Removed + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/dsa/dsa_asn1.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/dsa/dsa_lib.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/dso/dso.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/dso/dso_dlfcn.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/ebcdic.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/err/Makefile.save Removed + src/crypto/openssl/crypto/err/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/err/err.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/err/err.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/evp/Makefile.save Removed + src/crypto/openssl/crypto/evp/bio_b64.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/evp/bio_enc.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/evp/c_allc.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/evp/c_alld.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/evp/e_bf.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/evp/e_cbc_3d.c Removed + src/crypto/openssl/crypto/evp/e_cbc_bf.c Removed + src/crypto/openssl/crypto/evp/e_cbc_c.c Removed + src/crypto/openssl/crypto/evp/e_cbc_d.c Removed + src/crypto/openssl/crypto/evp/e_cbc_i.c Removed + src/crypto/openssl/crypto/evp/e_cbc_r2.c Removed + src/crypto/openssl/crypto/evp/e_cbc_r5.c Removed + src/crypto/openssl/crypto/evp/e_cfb_3d.c Removed + src/crypto/openssl/crypto/evp/e_cfb_bf.c Removed + src/crypto/openssl/crypto/evp/e_cfb_c.c Removed + src/crypto/openssl/crypto/evp/e_cfb_d.c Removed + src/crypto/openssl/crypto/evp/e_cfb_i.c Removed + src/crypto/openssl/crypto/evp/e_cfb_r2.c Removed + src/crypto/openssl/crypto/evp/e_cfb_r5.c Removed + src/crypto/openssl/crypto/evp/e_ecb_3d.c Removed + src/crypto/openssl/crypto/evp/e_ecb_bf.c Removed + src/crypto/openssl/crypto/evp/e_ecb_c.c Removed + src/crypto/openssl/crypto/evp/e_ecb_d.c Removed + src/crypto/openssl/crypto/evp/e_ecb_i.c Removed + src/crypto/openssl/crypto/evp/e_ecb_r2.c Removed + src/crypto/openssl/crypto/evp/e_ecb_r5.c Removed + src/crypto/openssl/crypto/evp/e_ofb_3d.c Removed + src/crypto/openssl/crypto/evp/e_ofb_bf.c Removed + src/crypto/openssl/crypto/evp/e_ofb_c.c Removed + src/crypto/openssl/crypto/evp/e_ofb_d.c Removed + src/crypto/openssl/crypto/evp/e_ofb_i.c Removed + src/crypto/openssl/crypto/evp/e_ofb_r2.c Removed + src/crypto/openssl/crypto/evp/e_ofb_r5.c Removed + src/crypto/openssl/crypto/evp/encode.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/evp/evp.h 1.2.2.3.4.1 + src/crypto/openssl/crypto/evp/evp_key.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/evp/m_md4.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/hmac/Makefile.save Removed + src/crypto/openssl/crypto/idea/Makefile.save Removed + src/crypto/openssl/crypto/idea/Makefile.uni Removed + src/crypto/openssl/crypto/lhash/Makefile.save Removed + src/crypto/openssl/crypto/lhash/lh_test.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/md2/Makefile.save Removed + src/crypto/openssl/crypto/md2/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/md32_common.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/md4/md4_locl.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/md5/Makefile.save Removed + src/crypto/openssl/crypto/md5/Makefile.uni Removed + src/crypto/openssl/crypto/md5/md5_locl.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/mdc2/Makefile.save Removed + src/crypto/openssl/crypto/objects/Makefile.save Removed + src/crypto/openssl/crypto/objects/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/objects/o_names.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/objects/obj_dat.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/objects/obj_dat.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/objects/obj_dat.pl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/objects/obj_mac.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/objects/obj_mac.num 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/objects/objects.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/objects/objects.pl 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/objects/objects.txt 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/pem/Makefile.save Removed + src/crypto/openssl/crypto/pem/pem.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/pem/pem2.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/pem/pem_info.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/pem/pem_lib.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/perlasm/x86nasm.pl 1.1.1.1.8.1 + src/crypto/openssl/crypto/perlasm/x86unix.pl 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/pkcs12/Makefile.save Removed + src/crypto/openssl/crypto/pkcs12/pkcs12.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/pkcs7/Makefile.save Removed + src/crypto/openssl/crypto/pkcs7/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/pkcs7/README Removed + src/crypto/openssl/crypto/pkcs7/pk7_attr.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/pkcs7/pkcs7.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/pkcs7/verify.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/rand/Makefile.save Removed + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.1.2.4.4.1 + src/crypto/openssl/crypto/rand/rand.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/rand/rand_egd.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/rand/rand_win.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/rand/randfile.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/rc2/Makefile.save Removed + src/crypto/openssl/crypto/rc2/Makefile.uni Removed + src/crypto/openssl/crypto/rc4/Makefile.save Removed + src/crypto/openssl/crypto/rc4/Makefile.uni Removed + src/crypto/openssl/crypto/rc5/Makefile.save Removed + src/crypto/openssl/crypto/rc5/Makefile.uni Removed + src/crypto/openssl/crypto/ripemd/Makefile.save Removed + src/crypto/openssl/crypto/ripemd/Makefile.uni Removed + src/crypto/openssl/crypto/ripemd/rmd_locl.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/rsa/Makefile.save Removed + src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.4.4.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.2.4.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/rsa/rsa_oaep.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/rsa/rsa_oaep_test.c Removed + src/crypto/openssl/crypto/sha/Makefile.save Removed + src/crypto/openssl/crypto/sha/Makefile.uni Removed + src/crypto/openssl/crypto/sha/sha_locl.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/stack/Makefile.save Removed + src/crypto/openssl/crypto/tmdiff.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/txt_db/Makefile.save Removed + src/crypto/openssl/crypto/txt_db/txt_db.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/x509/Makefile.save Removed + src/crypto/openssl/crypto/x509/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/x509/x509.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/x509/x509_obj.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/x509/x509_trs.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/x509/x509_txt.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/x509/x509_vfy.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/x509v3/Makefile.save Removed + src/crypto/openssl/crypto/x509v3/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/crypto/x509v3/README Removed + src/crypto/openssl/crypto/x509v3/v3_ia5.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/x509v3/v3_utl.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/x509v3/x509v3.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/demos/b64.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/demos/maurice/example1.c 1.1.1.1.8.1 + src/crypto/openssl/demos/maurice/loadkeys.c 1.1.1.1.8.1 + src/crypto/openssl/dep/crypto.txt Removed + src/crypto/openssl/dep/files Removed + src/crypto/openssl/dep/gen.pl Removed + src/crypto/openssl/dep/ssl.txt Removed + src/crypto/openssl/doc/apps/ca.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/apps/crl2pkcs7.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/apps/enc.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/apps/openssl.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/apps/rsautl.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/apps/s_server.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/apps/smime.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/apps/verify.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto.pod Removed + src/crypto/openssl/doc/crypto/BN_bn2bin.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/BN_rand.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/crypto/EVP_DigestInit.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/EVP_SignInit.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/RSA_check_key.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/crypto/RSA_generate_key.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/crypto/bio.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/crypto/blowfish.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/bn.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/crypto.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/des_modes.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/err.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/rand.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/rsa.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/crypto/threads.pod 1.1.1.1.2.2.6.1 + src/crypto/openssl/doc/openssl.pod Removed + src/crypto/openssl/doc/ssl.pod Removed + src/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_free.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 1.1.1.2.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_new.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod 1.1.1.2.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod 1.1.1.2.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 1.1.1.2.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod 1.1.1.2.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod 1.1.1.2.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod 1.1.1.2.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_accept.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_alert_type_string.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_clear.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_connect.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_do_handshake.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod 1.1.1.2.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_get_error.pod 1.1.1.1.2.3.4.1 + src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_get_session.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_new.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_read.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_rstate_string.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_session_reused.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_set_session.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_shutdown.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/SSL_state_string.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_want.pod 1.1.1.1.6.1 + src/crypto/openssl/doc/ssl/SSL_write.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod 1.1.1.2.2.1.4.1 + src/crypto/openssl/doc/ssl/ssl.pod 1.1.1.1.2.3.4.1 + src/crypto/openssl/doc/ssleay.txt 1.1.1.1.2.2.4.1 + src/crypto/openssl/e_os.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/e_os2.h 1.1.1.1.2.1.6.1 + src/crypto/openssl/mt/README Removed + src/crypto/openssl/mt/mttest.c Removed + src/crypto/openssl/mt/profile.sh Removed + src/crypto/openssl/mt/pthread.sh Removed + src/crypto/openssl/mt/purify.sh Removed + src/crypto/openssl/mt/solaris.sh Removed + src/crypto/openssl/openssl.spec 1.1.1.1.2.2.4.1 + src/crypto/openssl/shlib/Makefile.hpux10-cc Removed + src/crypto/openssl/shlib/hpux10-cc.sh Removed + src/crypto/openssl/shlib/irix.sh Removed + src/crypto/openssl/shlib/solaris-sc4.sh Removed + src/crypto/openssl/shlib/solaris.sh Removed + src/crypto/openssl/shlib/sun.sh Removed + src/crypto/openssl/ssl/Makefile.save Removed + src/crypto/openssl/ssl/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/s23_clnt.c 1.2.2.3.4.1 + src/crypto/openssl/ssl/s23_pkt.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.3.4.1 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.3.4.1 + src/crypto/openssl/ssl/s2_enc.c 1.2.2.3.4.1 + src/crypto/openssl/ssl/s2_lib.c 1.2.2.3.4.1 + src/crypto/openssl/ssl/s2_pkt.c 1.2.2.3.4.1 + src/crypto/openssl/ssl/s2_srvr.c 1.2.2.3.4.1 + src/crypto/openssl/ssl/s3_both.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/ssl.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/ssl2.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/ssl3.h 1.1.1.1.2.2.6.1 + src/crypto/openssl/ssl/ssl_asn1.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/ssl/ssl_cert.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/ssl_err.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/ssl_locl.h 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/ssl_sess.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/ssl/ssl_stat.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/ssl/ssltest.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/ssl/t1_enc.c 1.1.1.1.2.3.4.1 + src/crypto/openssl/test/Makefile.save Removed + src/crypto/openssl/test/Makefile.ssl 1.1.1.1.2.3.4.1 + src/crypto/openssl/test/bctest 1.1.1.2.2.1.4.1 + src/crypto/openssl/test/dsa-ca.pem Removed + src/crypto/openssl/test/dsa-pca.pem Removed + src/crypto/openssl/test/testss 1.1.1.1.2.1.6.1 + src/crypto/openssl/tools/c89.sh 1.1.1.1.6.1 + src/crypto/openssl/tools/c_rehash 1.1.1.1.2.2.4.1 + src/crypto/openssl/util/dirname.pl 1.1.1.1.6.1 + src/crypto/openssl/util/domd 1.1.1.1.2.1.6.1 + src/crypto/openssl/util/libeay.num 1.1.1.1.2.3.4.1 + src/crypto/openssl/util/mk1mf.pl 1.1.1.1.2.2.6.1 + src/crypto/openssl/util/mkdef.pl 1.1.1.1.2.3.4.1 + src/crypto/openssl/util/mkerr.pl 1.1.1.1.2.2.6.1 + src/crypto/openssl/util/pl/BC-32.pl 1.1.1.1.2.2.6.1 + src/crypto/openssl/util/pl/VC-32.pl 1.1.1.1.2.2.6.1 + src/crypto/openssl/util/pod2man.pl 1.1.1.1.2.2.4.1 + src/crypto/openssl/util/pod2mantest 1.1.1.1.6.1 + src/crypto/openssl/util/pod2mantest.pod 1.1.1.1.6.1 + src/crypto/openssl/util/selftest.pl 1.1.1.1.2.2.6.1 + src/crypto/openssl/util/sep_lib.sh Removed + src/crypto/openssl/util/ssleay.num 1.1.1.1.2.2.6.1 + src/secure/lib/libcrypto/Makefile 1.15.2.11.4.1 + src/secure/lib/libcrypto/des_crypt.3 1.1.1.2.8.1 + src/secure/lib/libcrypto/opensslconf-alpha.h 1.1.2.2.4.1 + src/sys/conf/newvers.sh 1.44.2.20.2.14 +RELENG_4_4 + src/crypto/openssl/CHANGES 1.1.1.1.2.2.2.1 + src/crypto/openssl/Configure 1.1.1.1.2.2.2.1 + src/crypto/openssl/FAQ 1.1.1.1.2.3.2.1 + src/crypto/openssl/FREEBSD-Xlist 1.1.2.2.2.1 + src/crypto/openssl/INSTALL 1.1.1.1.2.2.4.1 + src/crypto/openssl/LICENSE 1.1.1.1.2.2.2.1 + src/crypto/openssl/Makefile.org 1.1.1.1.2.3.2.1 + src/crypto/openssl/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/NEWS 1.1.1.1.2.3.2.1 + src/crypto/openssl/README 1.1.1.1.2.3.2.1 + src/crypto/openssl/README.ENGINE 1.1.1.1.2.1.4.1 + src/crypto/openssl/STATUS Removed + src/crypto/openssl/TABLE Removed + src/crypto/openssl/apps/CA.pl 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/Makefile.save Removed + src/crypto/openssl/apps/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/apps.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/asn1pars.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/ca.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/der_chop 1.1.1.1.2.1.4.1 + src/crypto/openssl/apps/dgst.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/dsaparam.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/eay.c Removed + src/crypto/openssl/apps/enc.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/openssl.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/pem_mail.c Removed + src/crypto/openssl/apps/pkcs12.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/pkcs7.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/req.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/rsa/01.pem Removed + src/crypto/openssl/apps/rsa/1.txt Removed + src/crypto/openssl/apps/rsa/SecureServer.pem Removed + src/crypto/openssl/apps/rsa/s.txt Removed + src/crypto/openssl/apps/s_client.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/s_time.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/apps/smime.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/apps/speed.c 1.3.2.3.2.1 + src/crypto/openssl/apps/tkca Removed + src/crypto/openssl/apps/x509.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/certs/rsa-ssca.pem Removed + src/crypto/openssl/config 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/Makefile.save Removed + src/crypto/openssl/crypto/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/asn1/Makefile.save Removed + src/crypto/openssl/crypto/asn1/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/asn1/a_bitstr.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/a_enum.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/a_gentm.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/a_int.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/a_set.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/asn1/a_sign.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/a_strnid.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/asn1/a_time.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/a_utctm.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.3.2.2 + src/crypto/openssl/crypto/asn1/d2i_dhp.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/asn1/d2i_dsap.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/d2i_r_pr.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/asn1/pkcs8.c Removed + src/crypto/openssl/crypto/asn1/t_pkey.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/t_x509.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/asn1/x_pubkey.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bf/Makefile.save Removed + src/crypto/openssl/crypto/bf/Makefile.uni Removed + src/crypto/openssl/crypto/bio/Makefile.save Removed + src/crypto/openssl/crypto/bio/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/bio/b_print.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bio/b_sock.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/bio/bf_buff.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bio/bf_lbuf.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/bio/bf_nbio.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bio/bio.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bio/bss_bio.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bio/bss_log.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bn/Makefile.save Removed + src/crypto/openssl/crypto/bn/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/bn/asm/mips3.s 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/bn/bn.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/bn/bn_comba.c Removed + src/crypto/openssl/crypto/bn/bn_div.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/bn/bn_gcd.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/bn/bn_mont.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bn/bn_mul.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bn/bn_opts.c Removed + src/crypto/openssl/crypto/bn/bn_prime.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/bn/bn_rand.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/bn/bn_sqr.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/bn/comba.pl Removed + src/crypto/openssl/crypto/bn/d.c Removed + src/crypto/openssl/crypto/bn/new Removed + src/crypto/openssl/crypto/bn/old/b_sqr.c Removed + src/crypto/openssl/crypto/bn/old/bn_com.c Removed + src/crypto/openssl/crypto/bn/old/bn_high.c Removed + src/crypto/openssl/crypto/bn/old/bn_ka.c Removed + src/crypto/openssl/crypto/bn/old/bn_low.c Removed + src/crypto/openssl/crypto/bn/old/bn_m.c Removed + src/crypto/openssl/crypto/bn/old/bn_mul.c.works Removed + src/crypto/openssl/crypto/bn/old/bn_wmul.c Removed + src/crypto/openssl/crypto/bn/old/build Removed + src/crypto/openssl/crypto/bn/old/info Removed + src/crypto/openssl/crypto/bn/old/test.works Removed + src/crypto/openssl/crypto/buffer/Makefile.save Removed + src/crypto/openssl/crypto/buffer/buffer.h 1.1.1.1.6.1 + src/crypto/openssl/crypto/cast/Makefile.save Removed + src/crypto/openssl/crypto/cast/Makefile.uni Removed + src/crypto/openssl/crypto/comp/Makefile.save Removed + src/crypto/openssl/crypto/comp/Makefile.ssl 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/comp/comp.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/conf/Makefile.save Removed + src/crypto/openssl/crypto/conf/Makefile.ssl 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/conf/conf.c Removed + src/crypto/openssl/crypto/conf/conf.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/conf/conf_api.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/conf/conf_def.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/conf/conf_def.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/conf/conf_lcl.h Removed + src/crypto/openssl/crypto/conf/keysets.pl 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/cryptlib.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/cryptlib.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/crypto.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/des/DES.pod Removed + src/crypto/openssl/crypto/des/MODES.DES Removed + src/crypto/openssl/crypto/des/Makefile.PL Removed + src/crypto/openssl/crypto/des/Makefile.lit Removed + src/crypto/openssl/crypto/des/Makefile.save Removed + src/crypto/openssl/crypto/des/Makefile.uni Removed + src/crypto/openssl/crypto/des/PC1 Removed + src/crypto/openssl/crypto/des/PC2 Removed + src/crypto/openssl/crypto/des/des.h 1.2.2.3.2.1 + src/crypto/openssl/crypto/des/des.man Removed + src/crypto/openssl/crypto/des/des.pl Removed + src/crypto/openssl/crypto/des/des_crypt.man Removed + src/crypto/openssl/crypto/des/doIP Removed + src/crypto/openssl/crypto/des/doPC1 Removed + src/crypto/openssl/crypto/des/doPC2 Removed + src/crypto/openssl/crypto/des/fcrypt.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/des/podd.h Removed + src/crypto/openssl/crypto/des/read_pwd.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/des/shifts.pl Removed + src/crypto/openssl/crypto/des/sk.h Removed + src/crypto/openssl/crypto/des/supp.c Removed + src/crypto/openssl/crypto/des/testdes.pl Removed + src/crypto/openssl/crypto/dh/Makefile.save Removed + src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/dh/dh_gen.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/dh/dh_lib.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/dh/dhtest.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/dsa/Makefile.save Removed + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/dsa/dsa_asn1.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/dsa/dsa_lib.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/dso/dso.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/dso/dso_dlfcn.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/ebcdic.c 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/err/Makefile.save Removed + src/crypto/openssl/crypto/err/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/err/err.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/err/err.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/evp/Makefile.save Removed + src/crypto/openssl/crypto/evp/bio_b64.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/evp/bio_enc.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/evp/c_allc.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/evp/c_alld.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/evp/e_bf.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/evp/e_cbc_3d.c Removed + src/crypto/openssl/crypto/evp/e_cbc_bf.c Removed + src/crypto/openssl/crypto/evp/e_cbc_c.c Removed + src/crypto/openssl/crypto/evp/e_cbc_d.c Removed + src/crypto/openssl/crypto/evp/e_cbc_i.c Removed + src/crypto/openssl/crypto/evp/e_cbc_r2.c Removed + src/crypto/openssl/crypto/evp/e_cbc_r5.c Removed + src/crypto/openssl/crypto/evp/e_cfb_3d.c Removed + src/crypto/openssl/crypto/evp/e_cfb_bf.c Removed + src/crypto/openssl/crypto/evp/e_cfb_c.c Removed + src/crypto/openssl/crypto/evp/e_cfb_d.c Removed + src/crypto/openssl/crypto/evp/e_cfb_i.c Removed + src/crypto/openssl/crypto/evp/e_cfb_r2.c Removed + src/crypto/openssl/crypto/evp/e_cfb_r5.c Removed + src/crypto/openssl/crypto/evp/e_ecb_3d.c Removed + src/crypto/openssl/crypto/evp/e_ecb_bf.c Removed + src/crypto/openssl/crypto/evp/e_ecb_c.c Removed + src/crypto/openssl/crypto/evp/e_ecb_d.c Removed + src/crypto/openssl/crypto/evp/e_ecb_i.c Removed + src/crypto/openssl/crypto/evp/e_ecb_r2.c Removed + src/crypto/openssl/crypto/evp/e_ecb_r5.c Removed + src/crypto/openssl/crypto/evp/e_ofb_3d.c Removed + src/crypto/openssl/crypto/evp/e_ofb_bf.c Removed + src/crypto/openssl/crypto/evp/e_ofb_c.c Removed + src/crypto/openssl/crypto/evp/e_ofb_d.c Removed + src/crypto/openssl/crypto/evp/e_ofb_i.c Removed + src/crypto/openssl/crypto/evp/e_ofb_r2.c Removed + src/crypto/openssl/crypto/evp/e_ofb_r5.c Removed + src/crypto/openssl/crypto/evp/encode.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/evp/evp.h 1.2.2.3.2.1 + src/crypto/openssl/crypto/evp/evp_key.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/evp/m_md4.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/hmac/Makefile.save Removed + src/crypto/openssl/crypto/idea/Makefile.save Removed + src/crypto/openssl/crypto/idea/Makefile.uni Removed + src/crypto/openssl/crypto/lhash/Makefile.save Removed + src/crypto/openssl/crypto/lhash/lh_test.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/md2/Makefile.save Removed + src/crypto/openssl/crypto/md2/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/md32_common.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/md4/md4_locl.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/md5/Makefile.save Removed + src/crypto/openssl/crypto/md5/Makefile.uni Removed + src/crypto/openssl/crypto/md5/md5_locl.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/mdc2/Makefile.save Removed + src/crypto/openssl/crypto/objects/Makefile.save Removed + src/crypto/openssl/crypto/objects/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/objects/o_names.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/objects/obj_dat.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/objects/obj_dat.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/objects/obj_dat.pl 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/objects/obj_mac.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/objects/obj_mac.num 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/objects/objects.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/objects/objects.pl 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/objects/objects.txt 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/pem/Makefile.save Removed + src/crypto/openssl/crypto/pem/pem.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/pem/pem2.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/pem/pem_info.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/pem/pem_lib.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/perlasm/x86nasm.pl 1.1.1.1.6.1 + src/crypto/openssl/crypto/perlasm/x86unix.pl 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/pkcs12/Makefile.save Removed + src/crypto/openssl/crypto/pkcs12/pkcs12.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/pkcs7/Makefile.save Removed + src/crypto/openssl/crypto/pkcs7/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/pkcs7/README Removed + src/crypto/openssl/crypto/pkcs7/pk7_attr.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/pkcs7/pkcs7.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/pkcs7/verify.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/rand/Makefile.save Removed + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/rand/rand.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/rand/rand_egd.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/rand/rand_win.c 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/rand/randfile.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/rc2/Makefile.save Removed + src/crypto/openssl/crypto/rc2/Makefile.uni Removed + src/crypto/openssl/crypto/rc4/Makefile.save Removed + src/crypto/openssl/crypto/rc4/Makefile.uni Removed + src/crypto/openssl/crypto/rc5/Makefile.save Removed + src/crypto/openssl/crypto/rc5/Makefile.uni Removed + src/crypto/openssl/crypto/ripemd/Makefile.save Removed + src/crypto/openssl/crypto/ripemd/Makefile.uni Removed + src/crypto/openssl/crypto/ripemd/rmd_locl.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/rsa/Makefile.save Removed + src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.4.2.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.2.2.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/rsa/rsa_oaep.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/rsa/rsa_oaep_test.c Removed + src/crypto/openssl/crypto/sha/Makefile.save Removed + src/crypto/openssl/crypto/sha/Makefile.uni Removed + src/crypto/openssl/crypto/sha/sha_locl.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/stack/Makefile.save Removed + src/crypto/openssl/crypto/tmdiff.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/txt_db/Makefile.save Removed + src/crypto/openssl/crypto/txt_db/txt_db.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/x509/Makefile.save Removed + src/crypto/openssl/crypto/x509/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/x509/x509.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/x509/x509_obj.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/crypto/x509/x509_trs.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/x509/x509_txt.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/x509/x509_vfy.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/x509v3/Makefile.save Removed + src/crypto/openssl/crypto/x509v3/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/x509v3/README Removed + src/crypto/openssl/crypto/x509v3/v3_ia5.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/x509v3/v3_utl.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/crypto/x509v3/x509v3.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/demos/b64.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/demos/maurice/example1.c 1.1.1.1.6.1 + src/crypto/openssl/demos/maurice/loadkeys.c 1.1.1.1.6.1 + src/crypto/openssl/dep/crypto.txt Removed + src/crypto/openssl/dep/files Removed + src/crypto/openssl/dep/gen.pl Removed + src/crypto/openssl/dep/ssl.txt Removed + src/crypto/openssl/doc/apps/ca.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/apps/crl2pkcs7.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/apps/enc.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/apps/openssl.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/apps/rsautl.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/apps/s_server.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/apps/smime.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/apps/verify.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto.pod Removed + src/crypto/openssl/doc/crypto/BN_bn2bin.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/BN_rand.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/crypto/EVP_DigestInit.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/EVP_SignInit.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/RSA_check_key.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/crypto/RSA_generate_key.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/crypto/bio.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/crypto/blowfish.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/bn.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/crypto/crypto.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/des_modes.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/err.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/rand.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/crypto/rsa.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/crypto/threads.pod 1.1.1.1.2.2.4.1 + src/crypto/openssl/doc/openssl.pod Removed + src/crypto/openssl/doc/ssl.pod Removed + src/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_free.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 1.1.1.2.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_new.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod 1.1.1.2.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod 1.1.1.2.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 1.1.1.2.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod 1.1.1.2.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod 1.1.1.2.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod 1.1.1.2.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod 1.1.1.1.2.1.4.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_accept.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_alert_type_string.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_clear.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_connect.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_do_handshake.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod 1.1.1.2.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_get_error.pod 1.1.1.1.2.3.2.1 + src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_get_session.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_new.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_read.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_rstate_string.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_session_reused.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_set_session.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod 1.1.1.1.2.1.2.1 + src/crypto/openssl/doc/ssl/SSL_shutdown.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_state_string.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_want.pod 1.1.1.1.8.1 + src/crypto/openssl/doc/ssl/SSL_write.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod 1.1.1.2.2.1.2.1 + src/crypto/openssl/doc/ssl/ssl.pod 1.1.1.1.2.3.2.1 + src/crypto/openssl/doc/ssleay.txt 1.1.1.1.2.2.2.1 + src/crypto/openssl/e_os.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/e_os2.h 1.1.1.1.2.1.4.1 + src/crypto/openssl/mt/README Removed + src/crypto/openssl/mt/mttest.c Removed + src/crypto/openssl/mt/profile.sh Removed + src/crypto/openssl/mt/pthread.sh Removed + src/crypto/openssl/mt/purify.sh Removed + src/crypto/openssl/mt/solaris.sh Removed + src/crypto/openssl/openssl.spec 1.1.1.1.2.2.2.1 + src/crypto/openssl/shlib/Makefile.hpux10-cc Removed + src/crypto/openssl/shlib/hpux10-cc.sh Removed + src/crypto/openssl/shlib/irix.sh Removed + src/crypto/openssl/shlib/solaris-sc4.sh Removed + src/crypto/openssl/shlib/solaris.sh Removed + src/crypto/openssl/shlib/sun.sh Removed + src/crypto/openssl/ssl/Makefile.save Removed + src/crypto/openssl/ssl/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/s23_clnt.c 1.2.2.3.2.1 + src/crypto/openssl/ssl/s23_pkt.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.3.2.1 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.3.2.1 + src/crypto/openssl/ssl/s2_enc.c 1.2.2.3.2.1 + src/crypto/openssl/ssl/s2_lib.c 1.2.2.3.2.1 + src/crypto/openssl/ssl/s2_pkt.c 1.2.2.3.2.1 + src/crypto/openssl/ssl/s2_srvr.c 1.2.2.3.2.1 + src/crypto/openssl/ssl/s3_both.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/ssl.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/ssl2.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/ssl3.h 1.1.1.1.2.2.4.1 + src/crypto/openssl/ssl/ssl_asn1.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/ssl/ssl_cert.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/ssl_err.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/ssl_locl.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/ssl_sess.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/ssl_stat.c 1.1.1.1.2.1.4.1 + src/crypto/openssl/ssl/ssltest.c 1.1.1.1.2.2.4.1 + src/crypto/openssl/ssl/t1_enc.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/test/Makefile.save Removed + src/crypto/openssl/test/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/test/bctest 1.1.1.2.2.1.2.1 + src/crypto/openssl/test/dsa-ca.pem Removed + src/crypto/openssl/test/dsa-pca.pem Removed + src/crypto/openssl/test/testss 1.1.1.1.2.1.4.1 + src/crypto/openssl/tools/c89.sh 1.1.1.1.8.1 + src/crypto/openssl/tools/c_rehash 1.1.1.1.2.2.2.1 + src/crypto/openssl/util/dirname.pl 1.1.1.1.8.1 + src/crypto/openssl/util/domd 1.1.1.1.2.1.4.1 + src/crypto/openssl/util/libeay.num 1.1.1.1.2.3.2.1 + src/crypto/openssl/util/mk1mf.pl 1.1.1.1.2.2.4.1 + src/crypto/openssl/util/mkdef.pl 1.1.1.1.2.3.2.1 + src/crypto/openssl/util/mkerr.pl 1.1.1.1.2.2.4.1 + src/crypto/openssl/util/pl/BC-32.pl 1.1.1.1.2.2.4.1 + src/crypto/openssl/util/pl/VC-32.pl 1.1.1.1.2.2.4.1 + src/crypto/openssl/util/pod2man.pl 1.1.1.1.2.2.2.1 + src/crypto/openssl/util/pod2mantest 1.1.1.1.8.1 + src/crypto/openssl/util/pod2mantest.pod 1.1.1.1.8.1 + src/crypto/openssl/util/selftest.pl 1.1.1.1.2.2.4.1 + src/crypto/openssl/util/sep_lib.sh Removed + src/crypto/openssl/util/ssleay.num 1.1.1.1.2.2.4.1 + src/secure/lib/libcrypto/Makefile 1.15.2.11.2.1 + src/secure/lib/libcrypto/des_crypt.3 1.1.1.2.6.1 + src/secure/lib/libcrypto/opensslconf-alpha.h 1.1.2.2.2.1 + src/sys/conf/newvers.sh 1.44.2.17.2.19 +- ------------------------------------------------------------------------- + +VII. References + + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPU6q91UuHi5z0oilAQF3nQP+MH41YT4ubm4E2JvtYVi4x/Si1YZXxvJh +UdaOz5iHRj79yfbLlr6tDdpcZNG7qlF1MRPCKS9da2LumF+XR5+7+hgEZ5sPx2XA +IA0HJImGp5gdb7rQsFBdFC2uVpBcw7IWWM+rascbCqGNGiQerA9KcYt6M12pecyb +6Do272kW3/w= +=tD16 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:34.rpc.asc b/share/security/advisories/FreeBSD-SA-02:34.rpc.asc new file mode 100644 index 0000000000..3e1a21d7cc --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:34.rpc.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:34.rpc Security Advisory + The FreeBSD Project + +Topic: Sun RPC XDR decoder contains buffer overflow + +Category: core +Module: libc +Announced: 2002-08-01 +Credits: ISS X-Force +Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p5 +Corrected: 2002-08-01 12:23:20 UTC (RELENG_4) + 2002-08-01 12:23:40 UTC (RELENG_4_6) + 2002-08-01 12:23:58 UTC (RELENG_4_5) + 2002-08-01 12:24:20 UTC (RELENG_4_4) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-07-31 Initial release +v1.1 2002-08-01 Corrected patch + +I. Background + +Sun RPC is a remote procedure call framework which allows clients +to invoke procedures in a server process over a network somewhat +transparently. XDR is a mechanism for encoding data structures for +use with RPC. NFS, NIS, and many other network services are built +upon Sun RPC. + +The FreeBSD C runtime library (libc) contains an XDR encoder/decoder +derived from Sun's RPC implementation. + +II. Problem Description + +An error in the calculation of memory needed for unpacking arrays in +the XDR decoder can result in a heap buffer overflow. + +III. Impact + +Any application using Sun RPC may be vulnerable to the heap buffer +overflow. Depending upon the application, this vulnerability may be +exploitable and lead to arbitrary code execution. + +Though no exploits are known to exist currently, many RPC-based +services run as the superuser (such as NFS, the NIS server, rpc.statd, +and others) and thus this vulnerability should be considered +high-risk. + +No RPC-based services are enabled by default in FreeBSD installations. + +IV. Workaround + +Do not run any RPC-based services. The RPC-based services running +on a machine may be determined by: + + # rpcinfo -p + +To disable any RPC-based services at next boot, add (or change if it +is already present) the following lines in /etc/rc.conf: + + portmap_enable="NO" + nfs_client_enable="NO" + nfs_server_enable="NO" + nis_client_enable="NO" + nis_server_enable="NO" + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, +RELENG_4_5, or RELENG_4_4 security branch dated after the correction +date (4.6.1-RELEASE-p6, 4.5-RELEASE-p15, or 4.4-RELEASE-p22). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, +and 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of +the base system (i.e. from the Ports Collection or other 3rd-party +sources) must be recompiled if they use Sun RPC. + +All affected applications must be restarted in order to use the +corrected library. Though it is not required, rebooting may be the +easiest way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/lib/libc/xdr/xdr_array.c + RELENG_4 1.8.2.3 + RELENG_4_6 1.8.10.4 + RELENG_4_5 1.8.8.3 + RELENG_4_4 1.8.6.3 +src/sys/conf/newvers.sh + RELENG_4_6 1.44.2.23.2.11 + RELENG_4_5 1.44.2.20.2.16 + RELENG_4_4 1.44.2.17.2.21 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPUkpkFUuHi5z0oilAQF7TQP9H50V3qUsZcWC5nemnMO9CL+QBmIuuGkE +C7p3mBxcH6mS5EmUU4zFOum4QSaEh9J47I7CGcS+sNg7JN5lfK1oSwsE9JidbZz4 +kx9cQrx+rppQuQyK9tK4TXVXz0PiUdZMs3vgytJDuAOu38bg3ttUd4jhTIKHnLGh +NMjQMH2vNUk= +=yP62 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:35.ffs.asc b/share/security/advisories/FreeBSD-SA-02:35.ffs.asc new file mode 100644 index 0000000000..a71b9b3ce8 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:35.ffs.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:35.ffs Security Advisory + The FreeBSD Project + +Topic: local users may read and write arbitrary blocks on + an FFS filesystem + +Category: core +Module: kernel +Announced: 2002-08-05 +Credits: Matt Dillon , + Ian Dowse , + Tor Egge +Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p4 + 4.6-STABLE prior to the correction date +Corrected: 2002-06-23 22:34:52 UTC (RELENG_4) + 2002-07-31 17:55:22 UTC (RELENG_4_6) + 2002-07-31 17:55:11 UTC (RELENG_4_5) + 2002-07-31 17:54:57 UTC (RELENG_4_4) +FreeBSD only: YES + +I. Background + +The Berkeley Fast File System (FFS) is the default filesystem used by +FreeBSD. + +II. Problem Description + +A bug in the calculation of the maximum permitted FFS file size +allows users to create files that are larger than FreeBSD's virtual +memory system can handle. The integer overflows that result when such +files are accessed may map filesystem metadata into the user file, +permitting access to arbitrary filesystem blocks. + +The bug is encountered only on FFS filesystems with a block size of +16k or greater on the i386 architecture, or 32k or greater on the +alpha architecture. Also, the filesystem must have at least 6 blocks +of free space, and the user must have write access to at least one +file in the filesystem. + +The default FreeBSD FFS filesystem block size was changed from 8k to +16k on all architectures just before 4.5-RELEASE. + +III. Impact + +Local attackers may cause a denial of service by simply corrupting the +filesystem. A local attacker may also be able to read and write +arbitrary files on local filesystems, allowing them to gain superuser +privileges. + +FFS filesystems with a block size less than 16k (on the i386 +architecture) or 32k (on the alpha architecture), such as those +created using the default FFS filesystem block size prior to +4.5-RELEASE, are not vulnerable. + +The following command can be used to determine the block size +used on a given filesystem: + + # dumpfs /some/filesystem | grep '^bsize' + +IV. Workaround + +On filesystems with 16k blocks, the bug cannot be exploited when a +process has a file size resource limit (RLIMIT_FSIZE) of 63 MB or +less. This can be most easily accomplished by modifying +/etc/login.conf so that the appropriate login classes (typically +`default') contain a field entry such as the following: + + :filesize=63m:\ + +After editing /etc/login.conf, the corresponding capability database +must be rebuilt with the following command: + + # cap_mkdb /etc/login.conf + +Please see login.conf(5) for details. Note that this will not affect +currently running processes, nor new processes started by users who +are already logged in. + +The corresponding limit appropriate for filesystems with 32k or larger +blocks is not known at this time, and might be smaller or larger than +63 MB. + +It is the responsibility of applications such as `login' and `sshd' to +read and honor login.conf. Be aware that 3rd party applications that +provide login functionality may or may not honor login.conf. + +V. Solution + +1) Upgrade your vulnerable system to 4.6-STABLE; or to any of the +RELENG_4_6 (4.6.1-RELEASE-p5), RELENG_4_5 (4.5-RELEASE-p14), or +RELENG_4_4 (4.4-RELEASE-p21) security branches dated after the +respective correction dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. The following patch +has been tested to apply to all FreeBSD 4.x releases. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:35/ffs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:35/ffs.patch.asc + +b) Recompile your kernel as described in +http://www.freebsd.org/handbook/kernelconfig.html and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +sys/ufs/ffs/ffs_vfsops.c + RELENG_4 1.117.2.10 + RELENG_4_6 1.117.2.9.2.1 + RELENG_4_5 1.117.2.7.2.1 + RELENG_4_4 1.117.2.3.2.1 +sys/conf/newvers.sh + RELENG_4_6 1.44.2.23.2.10 + RELENG_4_5 1.44.2.20.2.15 + RELENG_4_4 1.44.2.17.2.20 +- ------------------------------------------------------------------------- + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPU8ML1UuHi5z0oilAQGkWQP/fJvzkrl2ptG87Qn2pIa24kLyax5WCnca +uPhq9JxIhXIxAqdIZcrEbbTyeRo/ygtsLzxDKOP0G+A2VxilVL9Ld3a32OSM+nzM +uiSnVHTIxPtmkyZnwdmyTcrBki290p/W3LnZhxzfAt1vdIRD+ibOkBXNAaXFxDRz +T1UzIarVqgM= +=wq5s +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:36.nfs.asc b/share/security/advisories/FreeBSD-SA-02:36.nfs.asc new file mode 100644 index 0000000000..9e5b9a3bd5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:36.nfs.asc @@ -0,0 +1,101 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:36.nfs Security Advisory + The FreeBSD Project + +Topic: Bug in NFS server code allows remote denial of service + +Category: core +Module: nfs +Announced: 2002-08-05 +Credits: Mike Junk +Affects: All releases prior to 4.6.1-RELEASE-p7 + 4.6-STABLE prior to the correction date +Corrected: 2002-07-19 17:19:53 UTC (RELENG_4) + 2002-08-01 19:31:55 UTC (RELENG_4_6) + 2002-08-01 19:31:54 UTC (RELENG_4_5) + 2002-08-01 19:31:54 UTC (RELENG_4_4) +FreeBSD only: NO + +I. Background + +The Network File System (NFS) allows a host to export some or all of +its filesystems, or parts of them, so that other hosts can access them +over the network and mount them as if they were on local disks. NFS is +built on top of the Sun Remote Procedure Call (RPC) framework. + +II. Problem Description + +A part of the NFS server code charged with handling incoming RPC +messages had an error which, when the server received a message with a +zero-length payload, would cause it to reference the payload from the +previous message, creating a loop in the message chain. This would +later cause an infinite loop in a different part of the NFS server +code which tried to traverse the chain. + +III. Impact + +Certain Linux implementations of NFS produce zero-length RPC messages +in some cases. A FreeBSD system running an NFS server may lock up +when such clients connect. + +An attacker in a position to send RPC messages to an affected FreeBSD +system can construct a sequence of malicious RPC messages that cause +the target system to lock up. + +IV. Workaround + +1) Disable the NFS server: set the nfs_server_enable variable to "NO" + in /etc/rc.conf, and reboot. + + Alternatively, if there are no active NFS clients (as listed by the + showmount(8) utility), just killing the mountd and nfsd processes + should suffice. + +2) Add firewall rules to block RPC traffic to the NFS server from + untrusted hosts. + +V. Solution + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, and +4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel and modules as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/nfs/nfs_socket.c + RELENG_4 1.60.2.5 + RELENG_4_6 1.60.2.3.2.1 + RELENG_4_5 1.60.2.1.6.1 + RELENG_4_4 1.60.2.3.4.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPU8NTVUuHi5z0oilAQHMZAP+L80QudeELKHfZYxG5PPf6cuWkreACavl +LP1oJDHLWuw32K4tM0Y+v505t+U2/wGnl2dSqwkfemzxlhzfsmrbubQx8EFgO6sb +nhEEtSfu4t81ylHTY+qEWFtRweB5A1tGJaYV67wybWZxulkYJ9qnRLKF4PToc0E3 +T1Y/CN0DNYA= +=2YSa +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:37.kqueue.asc b/share/security/advisories/FreeBSD-SA-02:37.kqueue.asc new file mode 100644 index 0000000000..c0385e9981 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:37.kqueue.asc @@ -0,0 +1,93 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:37.kqueue Security Advisory + The FreeBSD Project + +Topic: local users can panic the system using the kqueue mechanism + +Category: core +Module: kqueue +Announced: 2002-08-05 +Credits: Mark Delany +Affects: FreeBSD 4.3-RELEASE + FreeBSD 4.4-RELEASE + FreeBSD 4.5-RELEASE + FreeBSD 4.6-RELEASE + FreeBSD 4.6-STABLE prior to the correction date +Corrected: 2002-08-05 15:05:15 (RELENG_4) + 2002-08-05 15:13:48 (RELENG_4_6) + 2002-08-05 15:13:44 (RELENG_4_5) + 2002-08-05 15:13:40 (RELENG_4_4) +FreeBSD only: YES + +I. Background + +The kqueue mechanism allows a process to register interest in +particular events on particular file descriptors, and receive +asynchronous notification when these events occur on the selected +descriptors. + +II. Problem Description + +If a pipe was created with the pipe(2) system call, and one end of the +pipe was closed, registering an EVFILT_WRITE filter on the other end +would cause a kernel panic. + +A common scenario in which this could occur is when a process uses a +pipe to communicate with a child and uses kqueue to monitor the pipe, +and the child dies shortly after the fork(2) call, before the parent +has had time to register the filter. + +III. Impact + +A local attacker may cause the system to panic by executing their own +malicious application. + +IV. Workaround + +There is no known workaround. + +V. Solution + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, and +4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:37/kqueue.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:37/kqueue.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +sys/kern/sys_pipe.c + RELENG_4 1.60.2.13 + RELENG_4_6 1.60.2.12.2.1 + RELENG_4_5 1.60.2.11.2.1 + RELENG_4_4 1.60.2.10.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPU8OFlUuHi5z0oilAQFTugP/S+2u/BK8Oz53oFTcTY84ReNRJZMEJ8dX +PVHMWZ7xl4stYoeo8iX+moq+R2riZqEfzT+lx1lYZBkYkkmIwGxI+6qJgBqkPriL +acswOhfdzLSgwIoXNJsGdO9vlYwsNqiRsf5Yay+gKDqRUxCPA27X528uc1jhtAdd +UzagA6Lhrk8= +=uTZC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:38.signed-error.asc b/share/security/advisories/FreeBSD-SA-02:38.signed-error.asc new file mode 100644 index 0000000000..652e21529f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:38.signed-error.asc @@ -0,0 +1,105 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:38.signed-error Security Advisory + The FreeBSD Project + +Topic: Boundary checking errors involving signed integers + +Category: core +Module: sys +Announced: 2002-08-19 +Credits: Silvio Cesare +Affects: All releases of FreeBSD up to and including 4.6.1-RELEASE-p10 +Corrected: 2002-08-13 02:42:32 UTC (RELENG_4) + 2002-08-13 12:12:36 UTC (RELENG_4_6) + 2002-08-13 12:13:05 UTC (RELENG_4_5) + 2002-08-13 12:13:49 UTC (RELENG_4_4) +FreeBSD only: YES + +I. Background + +The issue described in this advisory affects the accept(2), +getsockname(2), and getpeername(2) system calls, and the vesa(4) +FBIO_GETPALETTE ioctl(2). + +II. Problem Description + +A few system calls were identified that contained assumptions that +a given argument was always a positive integer, while in fact the +argument was handled as a signed integer. As a result, the boundary +checking code would fail if the system call were entered with a +negative argument. + +III. Impact + +The affected system calls could be called with large negative +arguments, causing the kernel to return a large portion of kernel +memory. Such memory might contain sensitive information, such as +portions of the file cache or terminal buffers. This information +might be directly useful, or it might be leveraged to obtain elevated +privileges in some way. For example, a terminal buffer might include +a user-entered password. + +IV. Workaround + +None. + +V. Solution + +1) Upgrade your vulnerable system to 4.6.2-RELEASE or 4.6-STABLE; +or to any of the RELENG_4_6 (4.6.1-RELEASE-p11), RELENG_4_5 +(4.5-RELEASE-p19), or RELENG_4_4 (4.4-RELEASE-p26) security branches +dated after the respective correction dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. The following patch +has been tested to apply to all FreeBSD 4.x releases. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + +and reboot the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/i386/isa/vesa.c + RELENG_4 1.32.2.1 + RELENG_4_6 1.32.10.1 + RELENG_4_5 1.32.8.1 + RELENG_4_4 1.32.6.1 +src/sys/kern/uipc_syscalls.c + RELENG_4 1.65.2.12 + RELENG_4_6 1.65.2.9.6.1 + RELENG_4_5 1.65.2.9.4.1 + RELENG_4_4 1.65.2.9.2.1 +src/sys/conf/newvers.sh + RELENG_4_6 1.44.2.23.2.16 + RELENG_4_5 1.44.2.20.2.20 + RELENG_4_4 1.44.2.17.2.25 +- ------------------------------------------------------------------------- + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPWDpxFUuHi5z0oilAQHCWgP+PmomqbDBiBHKG6JWrx8Kz8M6gnrg4omw +w/vH5uK2lHGL6ZGecwvhJOTbV4bKXt1C1dKoUyA7WH7l9nQi+1CrZwT/D5mkteU+ +XEqtNfRhiaDokj/5I8MA0OM80+jryeAimxYDEi2vm315RIOMeR/sdP7m7H2vl9cZ +V8rt/2zD2wc= +=LpMd +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:39.libkvm.asc b/share/security/advisories/FreeBSD-SA-02:39.libkvm.asc new file mode 100644 index 0000000000..d34885f5ed --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:39.libkvm.asc @@ -0,0 +1,123 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:39.libkvm Security Advisory + The FreeBSD Project + +Topic: Applications using libkvm may leak sensitive descriptors + +Category: core +Module: libkvm +Announced: 2002-09-16 +Credits: David Endler , + +Affects: All releases prior to and including 4.6.2-RELEASE. + Security branch releases prior to 4.4-RELEASE-p27, + 4.5-RELEASE-p20, and 4.6.2-RELEASE-p2. +Corrected: 2002-09-13 14:53:43 UTC (RELENG_4) + 2002-09-13 15:04:22 UTC (RELENG_4_6) + 2002-09-13 15:07:26 UTC (RELENG_4_5) + 2002-09-13 15:09:07 UTC (RELENG_4_4) +FreeBSD only: NO + +I. Background + +The kvm(3) library provides a uniform interface for accessing kernel +virtual memory images, including live systems and crash dumps. Access +to live systems is via /dev/mem and /dev/kmem. Memory can be read and +written, kernel symbol addresses can be looked up efficiently, and +information about user processes can be gathered. + +The kvm_openfiles(3) function opens the special device files /dev/mem +and /dev/kmem, and returns an opaque handle that must be passed +to the other library functions. + +II. Problem Description + +Applications that wish to present system information such as swap +utilization, virtual memory utilization, CPU utilization, and +so on may use the kvm(3) library to read kernel memory directly +and gather this information. Such applications typically must +be run set-group-ID kmem so that the call to kvm_openfiles(3) +can access /dev/mem and /dev/kmem. + +If the application then uses exec(2) to start another application, +the new application will continue to have open file descriptors to +/dev/mem and /dev/kmem. This is usually avoided by marking file +descriptors as close-on-exec, but since the handle returned by +kvm_openfiles(3) is opaque, there is no direct way for the application +to determine what file descriptors have been opened by the library. +As a result, application writers may neglect to take these file +descriptors into account. + +III. Impact + +Set-group-ID kmem applications which use kvm(3) and start other +applications may leak /dev/mem and /dev/kmem file descriptors. If +those applications can be specified by a local user, they may be +used to read kernel memory, resulting in disclosure of sensitive +information such as file, network, and tty buffers, authentication +tokens, and so on. + +Several applications in the FreeBSD Ports Collection were identified +that are affected: asmon, ascpu, bubblemon, wmmon, and wmnet2. There +may be other applications as well. + +IV. Workaround + +Remove the set-group-ID bit on affected applications. This will +result in the applications losing some functionality. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6, +RELENG_4_5, or RELENG_4_4 security branch dated after the correction +date (4.6.2-RELEASE-p2, 4.5-RELEASE-p20, or 4.4-RELEASE-p27). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4, FreeBSD +4.5, FreeBSD 4.6, and FreeBSD 4.6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libkvm +# make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/lib/libkvm/kvm.c + RELENG_4 1.12.2.3 + RELENG_4_6 1.12.2.2.8.1 + RELENG_4_5 1.12.2.2.6.1 + RELENG_4_4 1.12.2.2.4.1 +src/sys/conf/newvers.sh + RELENG_4_6 1.44.2.23.2.19 + RELENG_4_5 1.44.2.20.2.21 + RELENG_4_4 1.44.2.17.2.26 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPYXz/1UuHi5z0oilAQGNGAP/cpg8s9L034EbrJriQDicHptv/2QgSnrw +2BvOaUXRIEweDz7FAoLstbxDFVE3Hx9+zN4gn7S49WIbFjATFRcL2FT/1yBhrbBx +Yp20/gveFQSU+AnjsriKVDrH9ksBO4/ZX6lBxjvxD0Hbyj4ATd027jNAXl7WeLbq +2DN6Lf4FB1Y= +=699Y +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:40.kadmind.asc b/share/security/advisories/FreeBSD-SA-02:40.kadmind.asc new file mode 100644 index 0000000000..32d6c3e673 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:40.kadmind.asc @@ -0,0 +1,191 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:40.kadmind Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in kadmind daemon + +Category: core, ports +Module: crypto_heimdal, crypto_kerberosIV, heimdal, krb5 +Announced: 2002-11-12 +Credits: Johan Danielsson , + Sam Hartman , + Love Hoernquist-Astrand , + Tom Yu +Affects: All releases prior to and including FreeBSD 4.7-RELEASE. +Corrected: 2002-10-23 13:07:44 UTC (RELENG_4) + 2002-10-23 13:21:32 UTC (RELENG_4_7) + 2002-10-23 13:21:02 UTC (RELENG_4_6) + 2002-10-23 13:20:19 UTC (RELENG_4_5) + 2002-10-23 13:19:46 UTC (RELENG_4_4) + 2002-10-24 02:52:00 UTC (RELENG_3) + 2002-10-23 22:30:39 UTC (krb5 port, krb5-1.2.6_1) + 2002-10-24 15:01:11 UTC (heimdal port, heimdal-0.5.1) +FreeBSD only: NO + +I. Background + +The Kerberos 4 administrative server, kadmind, runs on the Kerberos +Key Distribution Center (KDC) and provides administrative access to +the Kerberos database. It is part of the KTH Kerberos 4 +implementation. The Kerberos 5 administrative server, k5admind, +provides the same function in the Heimdal Kerberos 5 implementation, +and includes a Kerberos 4 compatibility feature. + +The k5admind server is installed as part of the `krb5' distribution, +or when building from source with MAKE_KERBEROS5 set. The kadmind +server is installed as part of the `krb4' distribution, or when +building from source with MAKE_KERBEROS4 set. Neither is installed by +default. + +The Heimdal Kerberos 5 administrative server is also available as part +of the heimdal port (ports/security/heimdal). The MIT Kerberos 5 +implementation also includes a Kerberos 5 administrative server +(ports/security/krb5). The MIT Kerberos 5 administrative server is +named `kadmind'. + +II. Problem Description + +A stack buffer overflow is present in the Kerberos 4 administrative +server, kadmind, and in the Kerberos 4 compatibility layer of the +Kerberos 5 administrative server, k5admind. + +III. Impact + +A remote attacker may send a specially formatted request to k5admind +or kadmind, triggering the stack buffer overflow and potentially +causing the administrative server to execute arbitrary code as root on +the KDC. The attacker need not be authenticated in order to trigger +the bug. Compromise of the KDC has an especially large impact, as +theft of the Kerberos database could allow an attacker to impersonate +any Kerberos principal in the realm(s) present in the database. + +IMPORTANT NOTE: According to the MIT security team, there is evidence +that this bug is being actively exploited. + +IV. Workaround + +Perform one of the following: + +1) Disable kadmind and/or k5admind by performing the following: + + Set kadmind_server_enable (for kadmind) and kadmind5_server_enable + (for k5admind) to "NO" in /etc/rc.conf. + + Check /etc/inetd.conf to verify that kadmind and k5admind are + not being started from inetd. + + Check that kadmind is not running as a service by executing the + following command: + + # ps axlwww | egrep 'kadmind|k5admind' + + If kadmind or k5admind are running, kill them by executing the + following command as root: + + # kill + +2) Deinstall the heimdal or krb5 port/packages if installed. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.7-STABLE; or to the RELENG_4_7, +RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the +correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4, FreeBSD +4.5, FreeBSD 4.6, and FreeBSD 4.7 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:40/kadmin.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:40/kadmin.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/kerberos5/libexec/k5admind +# make depend && make all install +# cd /usr/src/kerberosIV/usr.sbin/kadmind +# make depend && make all install + +If you have the `heimdal' or `krb5' port/package installed, then do +one of the following: + +1) Upgrade your entire ports collection and rebuild the port. + +2) Download a new port skeleton for the heimdal or krb5 port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +3) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/crypto/heimdal/kadmin/version4.c + RELENG_4 1.1.1.1.2.4 + RELENG_4_7 1.1.1.1.2.3.2.1 + RELENG_4_6 1.1.1.1.2.1.8.1 + RELENG_4_5 1.1.1.1.2.1.6.1 + RELENG_4_4 1.1.1.1.2.1.4.1 +src/crypto/kerberosIV/kadmin/kadm_ser_wrap.c + RELENG_4 1.1.1.3.2.1 + RELENG_4_7 1.1.1.3.12.1 + RELENG_4_6 1.1.1.3.10.1 + RELENG_4_5 1.1.1.3.8.1 + RELENG_4_4 1.1.1.3.6.1 +src/kerberosIV/include/version.h + RELENG_4 1.3.2.1 + RELENG_4_7 1.3.12.1 + RELENG_4_6 1.3.10.1 + RELENG_4_5 1.3.8.1 + RELENG_4_4 1.3.6.1 +src/kerberos5/include/version.h + RELENG_4 1.2.2.6 + RELENG_4_7 1.2.2.5.2.1 + RELENG_4_6 1.2.2.3.2.1 + RELENG_4_5 1.2.2.2.4.1 + RELENG_4_4 1.2.2.2.2.1 +- ------------------------------------------------------------------------- + +For Heimdal Kerberos 5 and MIT Kerberos 5 found in the FreeBSD Ports +Collection, the first corrected versions are: + +ports/security/heimdal heimdal-0.5.1 +ports/security/krb5 krb5-1.2.6_1 + +VII. References + + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iQCVAwUBPdFHs1UuHi5z0oilAQFH2wP/X8LODwBJpU07idHIJoxoaSeVnISEKz1o +580Koss/zgt/vcItvqssdGDBaBMa0XFz4JQaUOX4WYEACuguR+1wAxmiMseqyzyK +EHXPO5Igqb3V+5J2SBl3Skwx3Z5QEDlBQXRpVBPYl6HBPTV2QBjjBY9L0B/6hPao +74KIgvrEix0= +=oVsJ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:41.smrsh.asc b/share/security/advisories/FreeBSD-SA-02:41.smrsh.asc new file mode 100644 index 0000000000..c2ab42a829 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:41.smrsh.asc @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:41.smrsh Security Advisory + The FreeBSD Project + +Topic: smrsh restrictions can be bypassed [REVISED] + +Category: core +Module: contrib_sendmail +Announced: 2002-11-15 +Credits: zen-parse , + Pedram Amini , + iDEFENSE +Affects: All releases prior to FreeBSD 4.7-RELEASE +Corrected: 2002-10-08 00:53:31 UTC (RELENG_4) + 2002-10-08 00:57:20 UTC (RELENG_4_7) + 2002-10-26 21:11:30 UTC (RELENG_4_6) + 2002-10-26 21:10:59 UTC (RELENG_4_5) + 2002-10-26 21:10:22 UTC (RELENG_4_4) + 2002-10-26 21:08:42 UTC (RELENG_4_3) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-11-12 Initial release. +v1.1 2002-11-15 Correct patch instructions. Update workaround. + Add CVE reference. + +I. Background + +The sendmail Restricted Shell command (smrsh) is intended as a +replacement for the system shell (/bin/sh) for use by sendmail. It +limits the set of programs that can be executed through sendmail to +those in a single directory, and limits shell built-in commands. + +II. Problem Description + +Errors in smrsh's handling of command arguments with "||" or spaces +may allow the execution of commands outside of those in its target +directory. Since command arguments may be specified in local users' +`.forward' files, the smrsh restrictions may be bypassed using such +files that are specially crafted. + +III. Impact + +Users with a local account and the ability to create or modify their +`.forward' files can circumvent the smrsh restrictions. This is +mostly of consequence to systems which have local users that are not +normally allowed access to a login shell, as such users may abuse this +bug in order to execute arbitrary commands with normal privileges. + +IV. Workaround + +[The workaround described in revision 1.0 of this advisory was + effective, but disabled more functionality than was necessary.] + +Disable sendmail delivery to programs. To do so, add the following line +to the sendmail.mc file, regenerate the sendmail.cf configuration file, +and restart sendmail. + + MODIFY_MAILER_FLAGS(`LOCAL', `-|') + +V. Solution + +1) Upgrade your vulnerable system to 4.7-STABLE; or to the RELENG_4_7, +RELENG_4_6, RELENG_4_5, RELENG_4_4, or RELENG_4_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4, FreeBSD +4.5, and FreeBSD 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[For FreeBSD 4.6 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh.patch.asc + +[For FreeBSD 4.3, 4.4, and 4.5 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh2.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +[The following two steps apply only to FreeBSD 4.6 systems.] +# cd /usr/src/lib/libsm +# make depend && make + +# cd /usr/src/lib/libsmutil +# make depend && make +# cd /usr/src/libexec/smrsh +# make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/contrib/sendmail/smrsh/smrsh.c + RELENG_4 1.3.6.9 + RELENG_4_7 1.3.6.8.2.1 + RELENG_4_6 1.3.6.6.2.1 + RELENG_4_5 1.3.6.5.4.1 + RELENG_4_4 1.3.6.5.2.1 + RELENG_4_3 1.3.6.4.2.1 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iQCUAwUBPdUXEVUuHi5z0oilAQEIAQP49AjM5zG8qH0/XzOFA2IDBp5djGIs3H1R +2demoBwF4W71AiUXURZvMwNpqV6+gRenCaOAzMis2pyOkW9aheT+eGoL4YWjQR/E +aQsuX0j3XgXEVss+wQ9DPgkS+IyiYkPMrjpCNJbkQHuhwAQJj9VXrs0pbvl5NQLv +JUcPZ70k3Q== +=k1dg +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:42.resolv.asc b/share/security/advisories/FreeBSD-SA-02:42.resolv.asc new file mode 100644 index 0000000000..5db5853e8e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:42.resolv.asc @@ -0,0 +1,123 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:42.resolv Security Advisory + The FreeBSD Project + +Topic: buffer overrun in resolver + +Category: core +Module: libc +Announced: 2002-11-12 +Credits: KOZUKA Masahiro , + Mark Andrews +Affects: All releases prior to 4.7-RELEASE +Corrected: 2002-09-22 12:20:23 2002 UTC (RELENG_4) + 2002-10-23 14:48:21 2002 UTC (RELENG_4_6) + 2002-10-23 14:50:52 2002 UTC (RELENG_4_5) +FreeBSD only: NO + +I. Background + +The resolver implements functions for making, sending and interpreting +query and reply messages with Internet domain name servers. +Hostnames, IP addresses, and other information are queried using the +resolver. + +II. Problem Description + +Several libc functions --- including getaddrinfo(), gethostbyname(), +getnetbyname(), and others --- utilize the DNS resolver functions +res_search, res_query, and/or res_send. These resolver functions all +return the length of the query response received, which may be larger +than the buffer supplied to hold the response. When this is the case, +the resolver-calling function may attempt to read and parse data +beyond the bounds of the buffer it supplied. + +III. Impact + +A malicious attacker could spoof DNS queries with specially crafted +responses that will not fit in the supplied buffer. This might cause +some applications to fail (denial-of-service). + +IV. Workaround + +There is no known workaround. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.7-RELEASE or 4.7-STABLE; or to +the RELENG_4_7, RELENG_4_6 (4.6-RELEASE-p4), or RELENG_4_5 +(4.5-RELEASE-p22) security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.5 and +FreeBSD 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:42/resolv.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:42/resolv.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of +the base system (i.e. from the Ports Collection or other 3rd-party +sources) must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/lib/libc/net/getaddrinfo.c + RELENG_4 1.9.2.11 + RELENG_4_6 1.9.2.9.2.1 + RELENG_4_5 1.9.2.8.4.1 +src/lib/libc/net/gethostbydns.c + RELENG_4 1.27.2.3 + RELENG_4_6 1.27.10.2 + RELENG_4_5 1.27.8.2 +src/lib/libc/net/getnetbydns.c + RELENG_4 1.13.2.3 + RELENG_4_6 1.13.2.1.8.2 + RELENG_4_5 1.13.2.1.6.2 +src/lib/libc/net/name6.c + RELENG_4 1.6.2.7 + RELENG_4_6 1.6.2.5.8.2 + RELENG_4_5 1.6.2.5.6.2 +src/lib/libc/net/res_mkquery.c + RELENG_4 1.15.2.2 + RELENG_4_6 1.15.2.1.6.1 + RELENG_4_5 1.15.2.1.4.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iQCVAwUBPdF49FUuHi5z0oilAQHQyQQAq4hmcQAMIRiQNS9auxWO+Q+xKZyDwpE/ +Pm3SnkJ6TBQGqoYGioDKN1b4P1jPNWsfm8RKO2GLogLYjwl5VfrEhYJAqj/MvxzM +poDp2PE7EEGk/yXfnTOOdMcBQjqYev+iUYUfvY9tgXbl83O/0iPlxtCHyfbxDQFy +aICe2zMdmX8= +=BceR +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:43.bind.asc b/share/security/advisories/FreeBSD-SA-02:43.bind.asc new file mode 100644 index 0000000000..45d5d99aea --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:43.bind.asc @@ -0,0 +1,218 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-02:43.bind Security Advisory + The FreeBSD Project + +Topic: multiple vulnerabilities in BIND [REVISED] + +Category: core +Module: bind +Announced: 2002-11-15 +Credits: ISS X-Force +Affects: All released versions of FreeBSD +Corrected: 2002-11-14 05:15:15 UTC (RELENG_4) + 2002-11-14 02:05:57 UTC (RELENG_4_7) + 2002-11-14 03:18:41 UTC (RELENG_4_6) + 2002-11-14 04:05:12 UTC (RELENG_4_5) + 2002-11-14 05:11:57 UTC (RELENG_4_4) +FreeBSD only: NO + +0. Revision History + +v1.0 2002-11-14 Initial release. +v1.1 2002-11-15 Correct patch instructions. Clarify workaround. + Add CVE references. + +I. Background + +BIND 8 is an implementation of the Domain Name System (DNS) protocols. + +II. Problem Description + +ISS X-Force has disclosed several vulnerabilities affecting BIND 8. +The names which ISS has given each vulnerability are used in this +advisory. The first is a buffer overflow in the BIND 8 code +responsible for creating DNS responses which include SIG resource +records (RRs) from its internal cache (`BIND SIG Cached RR Overflow +Vulnerability'). The second is an error in the BIND 8 code which +constructs a response to an EDNS query (i.e. a query containing OPT +RRs) with a large packet size. A miscalculation triggers an assertion +failure (`BIND OPT DoS'). The third is a problem in the verification +of SIG RR expiry times, which can result in a null pointer dereference +(`BIND SIG Expiry Time DoS'). + +III. Impact + +BIND SIG Cached RR Overflow Vulnerability: A remote attacker may be +able to cause a name server with recursion enabled to execute +arbitrary code with the privileges of the name server process. + +BIND OPT DoS and BIND SIG Expiry Time DoS: A remote attacker may be +able to cause the name server process to crash. + +IV. Workaround + +BIND 9 is not affected by these vulnerabilities. For those who have +the option, upgrading to BIND 9 is recommended. BIND 9 is available +in the FreeBSD Ports Collection (ports/net/bind9). The bind9 port +includes migration notes in /usr/local/share/doc/bind9/misc/migration. + +Name servers with recursion disabled are not vulnerable to the `BIND +SIG Cached RR Overflow Vulnerability' nor to the `BIND SIG Expiry Time +DoS'. To disable recursion, edit the BIND 8 configuration file +(default path /etc/namedb/named.conf) to add `recursion no;' and +`fetch-glue no;' to the options statement. e.g., + + options { + recursion no; + fetch-glue no; + /* ... other options ... */ + }; + +Restart the name server after editing the configuration file. +NOTE: This workaround is only appropriate for name servers +which are authoritative only. Caching name servers will no longer +function correctly if recursion is disabled. + +Restricting recursion to only your own organization's clients (by +means of the `allow-recursion' directive) limits, but does not +eliminate, the impact of these vulnerabilities by making them harder +to exploit. Restricting recursion in this fashion is generally +recommended. To restrict recursion, edit the BIND 8 configuration +file to include an `allow-recursion' statement and an address list +appropriate for your organization. e.g., + + options { + allow-recursion { 10.0.0.0/8; }; + /* ... other options ... */ + }; + +Running BIND 8 as a non-privileged user (rather than as the superuser) +may reduce the impact should the name server be compromised via the +`BIND SIG Cached RR Overflow Vulnerability'. Running as a +non-privileged user is generally recommended. Likewise, running BIND +8 in a chroot environment may reduce the impact and is generally +recommended. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.7-STABLE; or to the RELENG_4_7, +RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the +correction date (4.7-RELEASE-p2, 4.6.2-RELEASE-p5, 4.5-RELEASE-p23, +4.4-RELEASE-p30). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, +4.6, and 4.7 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:43/bind.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:43/bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libbind +# make depend && make +# cd /usr/src/lib/libisc +# make depend && make +# cd /usr/src/usr.sbin/named +# make depend && make && make install +# cd /usr/src/libexec/named-xfer +# make depend && make && make install + +After upgrading or patching your system, you must restart named. +Execute the following command as root: + +# ndc restart + +VI. Correction details + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/contrib/bind/CHANGES + RELENG_4 1.1.1.7.2.8 + RELENG_4_7 1.1.1.7.2.7.2.1 + RELENG_4_6 1.1.1.7.2.6.2.2 + RELENG_4_5 1.1.1.7.2.4.4.2 + RELENG_4_4 1.1.1.7.2.4.2.2 +src/contrib/bind/bin/named/db_defs.h + RELENG_4 1.1.1.2.2.6 + RELENG_4_7 1.1.1.2.2.5.2.1 + RELENG_4_6 1.1.1.2.2.4.2.2 + RELENG_4_5 1.1.1.2.2.3.4.2 + RELENG_4_4 1.1.1.2.2.3.2.2 +src/contrib/bind/bin/named/db_sec.c + RELENG_4 1.1.1.1.4.4 + RELENG_4_7 1.1.1.1.4.3.4.1 + RELENG_4_6 1.1.1.1.4.3.2.1 + RELENG_4_5 1.1.1.1.4.2.6.2 + RELENG_4_4 1.1.1.1.4.2.4.2 +src/contrib/bind/bin/named/ns_defs.h + RELENG_4 1.1.1.3.2.7 + RELENG_4_7 1.1.1.3.2.6.2.1 + RELENG_4_6 1.1.1.3.2.5.2.2 + RELENG_4_5 1.1.1.3.2.3.4.2 + RELENG_4_4 1.1.1.3.2.3.2.2 +src/contrib/bind/bin/named/ns_ncache.c + RELENG_4 1.1.1.2.2.3 + RELENG_4_7 1.1.1.2.2.2.4.1 + RELENG_4_6 1.1.1.2.2.2.2.1 + RELENG_4_5 1.1.1.2.2.1.6.2 + RELENG_4_4 1.1.1.2.2.1.4.2 +src/contrib/bind/bin/named/ns_req.c + RELENG_4 1.1.1.2.2.11 + RELENG_4_7 1.1.1.2.2.10.2.1 + RELENG_4_6 1.1.1.2.2.9.2.2 + RELENG_4_5 1.1.1.2.2.7.4.2 + RELENG_4_4 1.1.1.2.2.7.2.2 +src/contrib/bind/bin/named/ns_resp.c + RELENG_4 1.1.1.2.2.8 + RELENG_4_7 1.1.1.2.2.7.2.1 + RELENG_4_6 1.1.1.2.2.6.2.2 + RELENG_4_5 1.1.1.2.2.4.4.2 + RELENG_4_4 1.1.1.2.2.4.2.2 +src/contrib/bind/lib/nameser/ns_name.c + RELENG_4 1.1.1.2.2.4 + RELENG_4_7 1.1.1.2.2.3.2.1 + RELENG_4_6 1.1.1.2.2.2.2.2 + RELENG_4_5 1.1.1.2.2.1.6.2 + RELENG_4_4 1.1.1.2.2.1.4.2 +src/contrib/bind/lib/nameser/ns_samedomain.c + RELENG_4 1.1.1.1.4.1 + RELENG_4_7 1.1.1.1.14.1 + RELENG_4_6 1.1.1.1.12.1 + RELENG_4_5 1.1.1.1.10.1 + RELENG_4_4 1.1.1.1.8.1 +src/sys/conf/newvers.sh + RELENG_4_7 1.44.2.26.2.4 + RELENG_4_6 1.44.2.23.2.22 + RELENG_4_5 1.44.2.20.2.24 + RELENG_4_4 1.44.2.17.2.29 +- ------------------------------------------------------------------------- + +VII. References + + + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iQCVAwUBPdT59FUuHi5z0oilAQEQaAP+O167paqmU92KUMlxKIcjhJeV0eIQST5Y +X3K9VaKBrfE0TCMjJd8j5QnPlRkjPVy8A4wEFrZpEp1Ah94ns8JjyEoiluyA0TFF +Fx6EXnUw5rtOpyKqmdL7FPFSwcJTcv3Zs1eEsaQvRc3E9ygF6e9TJCCayfxB7qMn +SECyOVkopuA= +=9Y+6 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-02:44.filedesc.asc b/share/security/advisories/FreeBSD-SA-02:44.filedesc.asc new file mode 100644 index 0000000000..121fe0961f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-02:44.filedesc.asc @@ -0,0 +1,107 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-02:44.filedesc Security Advisory + The FreeBSD Project + +Topic: file descriptor leak in fpathconf + +Category: core +Module: kernel +Announced: 2003-01-07 +Credits: Joost Pol +Affects: FreeBSD 4.3-RELEASE and later versions +Corrected: 2002-11-11 01:43:31 UTC (RELENG_4) + 2003-01-06 12:37:52 UTC (RELENG_4_7) + 2003-01-06 12:38:21 UTC (RELENG_4_6) + 2003-01-07 15:17:16 UTC (RELENG_4_5) + 2003-01-07 15:17:40 UTC (RELENG_4_4) + 2003-01-06 21:20:54 UTC (RELENG_5_0) +FreeBSD only: YES + +0. Revision History + +2003-01-06 v1.0 Initial release. +2003-01-07 v1.1 Added information regarding bug in FreeBSD 5.x. + Added correction details for RELENG_4_5, RELENG_4_4. + +I. Background + +The fpathconf system call provides a method for applications to +determine the current value of a configurable system limit or option +variable associated with a pathname or file descriptor. + +II. Problem Description + +A programming error in the fpathconf system call can result in the +given file descriptor's reference count being erroneously incremented. + +A similar problem exists in the developer preview versions of FreeBSD +5.0, affecting the lseek(2), dup(2), and other system calls. + +III. Impact + +A local attacker may cause the operating system to crash by repeatedly +calling fpathconf on a file descriptor until the reference count wraps +to a negative value, and then calling close on that file descriptor. + +Similarly, it may be possible to cause a file descriptor to reference +unallocated kernel memory, but remain valid. If a new file is later +opened and the kernel allocates the new file structure at the same +memory location, then an attacker may be able to gain read or write +access to that file. This may in turn lead to privilege escalation. + +IV. Workaround + +There is no workaround. + +V. Solution + +The following patch has been verified to apply to FreeBSD 4.4, 4.5, +4.6, and 4.7 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/kern/kern_descrip.c + RELENG_4 1.81.2.15 + RELENG_4_7 1.81.2.14.4.1 + RELENG_4_6 1.81.2.14.2.1 + RELENG_4_5 1.81.2.9.2.3 + RELENG_4_4 1.81.2.8.2.3 + RELENG_5_0 1.169.2.2 +src/sys/kern/vfs_syscalls.c + RELENG_5_0 1.297.2.2 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+GxDCFdaIBMps37IRAkDtAJ9Ma79bfwhHHBMe1v0gVgvzrFtoMgCgmh/v +iyuKtTozFxmSATQP1w5VEWg= +=MWcN +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:01.cvs.asc b/share/security/advisories/FreeBSD-SA-03:01.cvs.asc new file mode 100644 index 0000000000..2888a3b406 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:01.cvs.asc @@ -0,0 +1,110 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:01.cvs Security Advisory + The FreeBSD Project + +Topic: remotely exploitable vulnerability in cvs server + +Category: contrib +Module: contrib_cvs +Announced: 2003-02-04 +Credits: Stefan Esser +Affects: All FreeBSD versions prior to 4.6-RELEASE-p7, 4.7-RELEASE-p4, + 5.0-RELEASE-p1 +Corrected: 2003-01-21 22:26:46 UTC (RELENG_4) + 2003-02-04 18:05:07 UTC (RELENG_5_0) + 2003-02-04 18:07:20 UTC (RELENG_4_7) + 2003-02-04 18:08:26 UTC (RELENG_4_6) +FreeBSD only: NO + +I. Background + +The Concurrent Versions System (CVS) is a version control system. It +may be used to access a repository locally, or to access a `remote +repository' using several different methods, including `ext' (rsh), +and `pserver' (password-authenticated server). When accessing a +remote repository, the target machine runs the CVS server to fulfill +client requests. + +II. Problem Description + +The implementation of the CVS server contains a programming error which +can lead to a block of memory being freed more than once (i.e. a +double-free bug). + +Separately, the CVS server allows clients with write access to specify +arbitrary commands to execute as part of an update (update-prog) or +commit (checkin-prog). This is a dangerous feature that is generally +not needed: there are other, safer methods of triggering program +execution. + +III. Impact + +An attacker may exploit the double-free bug in order to bypass write +access checks. Combined with the update-prog/checkin-prog feature, +the attacker may be able to execute arbitrary commands with the +privileges of the CVS server. The impact is most severe when running +the CVS server in `pserver' mode to provide read-only access to the +world (anoncvs). + +IV. Workaround + +Do not use `pserver' mode directly. Instead, use one of the safer +methods described in the following online resources: + + + + +V. Solution + +1) Upgrade your vulnerable system to 4.7-STABLE; or to the RELENG_4_7 +(4.7-RELEASE-p4), RELENG_4_6 (4.6-RELEASE-p7), or RELENG_5_0 +(5.0-RELEASE-p1) security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.6, 4.7, and +5.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:01/cvs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:01/cvs.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/cvs +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/contrib/cvs/src/server.c + RELENG_5_0 1.17.2.1 + RELENG_4_7 1.13.2.2.6.1 + RELENG_4_6 1.13.2.2.4.1 +- ------------------------------------------------------------------------- + +VII. References + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+QAU9FdaIBMps37IRAvYzAKCeaZ1eWwiWNxRqgNRwnn4TwuwPPACdGF8T +0Ym2kCQxU0sJSRxmgAA/yM4= +=9+5m +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:02.openssl.asc b/share/security/advisories/FreeBSD-SA-03:02.openssl.asc new file mode 100644 index 0000000000..f81a92f977 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:02.openssl.asc @@ -0,0 +1,1602 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:02.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL timing-based SSL/TLS attack + +Category: core +Module: openssl +Announced: 2003-02-25 +Credits: Brice Canvel (EPFL), Alain Hiltgen (UBS), + Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) +Affects: All FreeBSD versions prior to 4.6.2-RELEASE-p8, + 4.7-RELEASE-p5, 5.0-RELEASE-p2 +Corrected: 2003-02-20 15:07:20 UTC (RELENG_4) + 2003-02-20 17:14:09 UTC (RELENG_5_0) + 2003-02-20 20:42:04 UTC (RELENG_4_7) + 2003-02-21 16:32:47 UTC (RELENG_4_6) +FreeBSD only: NO + +0. Revision History + +2003-02-24 v1.0 Initial release +2003-02-25 v1.1 Updated patches; corrected URLs + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL +Project is a collaborative effort to develop a robust, commercial- +grade, full-featured, and Open Source toolkit implementing the Secure +Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) +protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +- From the OpenSSL Project advisory (see references): + + In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge + Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and + demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. + + The attack assumes that multiple SSL or TLS connections involve a + common fixed plaintext block, such as a password. An active attacker + can substitute specifically made-up ciphertext blocks for blocks sent + by legitimate SSL/TLS parties and measure the time until a response + arrives: SSL/TLS includes data authentication to ensure that such + modified ciphertext blocks will be rejected by the peer (and the + connection aborted), but the attacker may be able to use timing + observations to distinguish between two different error cases, namely + block cipher padding errors and MAC verification errors. This is + sufficient for an adaptive attack that finally can obtain the complete + plaintext block. + +III. Impact + +A powerful attacker (one who can intercept and replace network +messages between a client and a server) may be able to obtain +plaintext data from encrypted data streams in TLS/SSL using block +ciphers in CBC mode. + +IV. Workaround + +Disable the use of ciphersuites which use CBC mode in SSL or TLS. The +method of adjusting the list of acceptable ciphersuites varies from +application to application. See the application's documentation for +details. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_7 +(4.7-RELEASE-p5), RELENG_4_6 (4.6.2-RELEASE-p8), or RELENG_5_0 +(5.0-RELEASE-p2) security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.6.2, 4.7, +and 5.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.7-STABLE systems after 2003/02/14 and 4.8-PRERELEASE systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl4s.patch.gz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl4s.patch.gz.asc + +[FreeBSD 5.0 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl50.patch.gz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl50.patch.gz.asc + +[FreeBSD 4.7 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl47.patch.gz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl47.patch.gz.asc + +[FreeBSD 4.6.2 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl462.patch.gz +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl462.patch.gz.asc + +b) Execute the following commands as root: + +# cd /usr/src +# gunzip -c /path/to/patch | patch -E + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of the +base system (i.e. from the Ports Collection or other 3rd-party sources) +must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssl/CHANGES 1.1.1.1.2.6 + src/crypto/openssl/Configure 1.1.1.1.2.6 + src/crypto/openssl/FAQ 1.1.1.1.2.7 + src/crypto/openssl/FREEBSD-Xlist 1.1.2.5 + src/crypto/openssl/INSTALL 1.1.1.1.2.5 + src/crypto/openssl/Makefile.org 1.1.1.1.2.7 + src/crypto/openssl/Makefile.ssl 1.1.1.1.2.7 + src/crypto/openssl/NEWS 1.1.1.1.2.7 + src/crypto/openssl/PROBLEMS 1.1.1.1.2.4 + src/crypto/openssl/README 1.1.1.1.2.7 + src/crypto/openssl/apps/Makefile.ssl 1.1.1.1.2.6 + src/crypto/openssl/apps/apps.c 1.1.1.1.2.5 + src/crypto/openssl/apps/apps.h 1.1.1.1.2.4 + src/crypto/openssl/apps/ca.c 1.1.1.1.2.5 + src/crypto/openssl/apps/dgst.c 1.1.1.1.2.5 + src/crypto/openssl/apps/dh.c 1.1.1.1.2.4 + src/crypto/openssl/apps/dhparam.c 1.1.1.1.2.4 + src/crypto/openssl/apps/dsa.c 1.1.1.1.2.4 + src/crypto/openssl/apps/dsaparam.c 1.1.1.1.2.6 + src/crypto/openssl/apps/enc.c 1.1.1.1.2.5 + src/crypto/openssl/apps/engine.c 1.1.1.1.2.2 + src/crypto/openssl/apps/gendh.c 1.1.1.1.2.4 + src/crypto/openssl/apps/gendsa.c 1.1.1.1.2.4 + src/crypto/openssl/apps/genrsa.c 1.1.1.1.2.4 + src/crypto/openssl/apps/ocsp.c 1.1.1.1.2.2 + src/crypto/openssl/apps/openssl.c 1.1.1.1.2.5 + src/crypto/openssl/apps/pkcs12.c 1.1.1.1.2.5 + src/crypto/openssl/apps/pkcs7.c 1.1.1.1.2.5 + src/crypto/openssl/apps/pkcs8.c 1.1.1.1.2.4 + src/crypto/openssl/apps/progs.h 1.1.1.1.2.4 + src/crypto/openssl/apps/rand.c 1.1.1.1.2.4 + src/crypto/openssl/apps/req.c 1.1.1.1.2.6 + src/crypto/openssl/apps/rsa.c 1.1.1.1.2.4 + src/crypto/openssl/apps/rsautl.c 1.1.1.1.2.4 + src/crypto/openssl/apps/s_client.c 1.1.1.1.2.6 + src/crypto/openssl/apps/s_server.c 1.1.1.1.2.5 + src/crypto/openssl/apps/smime.c 1.1.1.1.2.5 + src/crypto/openssl/apps/speed.c 1.3.2.6 + src/crypto/openssl/apps/spkac.c 1.1.1.1.2.4 + src/crypto/openssl/apps/verify.c 1.1.1.1.2.4 + src/crypto/openssl/apps/x509.c 1.1.1.1.2.6 + src/crypto/openssl/config 1.1.1.1.2.7 + src/crypto/openssl/crypto/aes/aes_core.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/asn1/a_time.c 1.1.1.1.2.5 + src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.1.2.5 + src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/bf/Makefile.ssl 1.1.1.1.2.5 + src/crypto/openssl/crypto/bio/b_sock.c 1.1.1.1.2.6 + src/crypto/openssl/crypto/bio/bio.h 1.1.1.1.2.5 + src/crypto/openssl/crypto/bio/bio_lib.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/bn/Makefile.ssl 1.1.1.1.2.6 + src/crypto/openssl/crypto/bn/asm/ia64.S 1.1.1.1.2.2 + src/crypto/openssl/crypto/bn/asm/pa-risc2.s 1.1.1.1.2.3 + src/crypto/openssl/crypto/bn/bn_lcl.h 1.1.1.1.2.4 + src/crypto/openssl/crypto/bn/bn_prime.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/cast/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/conf/conf_mall.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/conf/conf_sap.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/des/Makefile.ssl 1.1.1.1.2.5 + src/crypto/openssl/crypto/des/asm/crypt586.pl 1.1.1.1.2.2 + src/crypto/openssl/crypto/des/asm/des-586.pl 1.1.1.1.2.3 + src/crypto/openssl/crypto/des/cbc_cksm.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/des/des_locl.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/des/destest.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.6 + src/crypto/openssl/crypto/dh/dh_lib.c 1.1.1.1.2.6 + src/crypto/openssl/crypto/dsa/dsa_lib.c 1.1.1.1.2.6 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.6 + src/crypto/openssl/crypto/dsa/dsa_sign.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/dsa/dsa_vrf.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/dsa/dsagen.c 1.1.1.1.2.1 + src/crypto/openssl/crypto/dsa/dsatest.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/dso/dso_dl.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/ec/ec.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/ec/ec_err.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/ec/ec_lib.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/ec/ec_mult.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/ec/ectest.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/engine/Makefile.ssl 1.1.1.1.2.2 + src/crypto/openssl/crypto/engine/engine.h 1.1.1.1.2.2 + src/crypto/openssl/crypto/engine/enginetest.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/err/err.c 1.1.1.1.2.6 + src/crypto/openssl/crypto/err/err_all.c 1.2.2.6 + src/crypto/openssl/crypto/evp/digest.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/evp/evp_acnf.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/evp/evp_enc.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/evp/evp_test.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/krb5/Makefile.ssl 1.1.1.1.2.2 + src/crypto/openssl/crypto/md2/md2test.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/md4/md4.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/md5/Makefile.ssl 1.1.1.1.2.5 + src/crypto/openssl/crypto/md5/md5.c 1.1.1.1.2.1 + src/crypto/openssl/crypto/md5/md5.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/mem.c 1.1.1.1.2.5 + src/crypto/openssl/crypto/o_time.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/objects/obj_dat.h 1.1.1.1.2.5 + src/crypto/openssl/crypto/objects/obj_mac.h 1.1.1.1.2.4 + src/crypto/openssl/crypto/objects/objects.txt 1.1.1.1.2.4 + src/crypto/openssl/crypto/ocsp/Makefile.ssl 1.1.1.1.2.2 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.7 + src/crypto/openssl/crypto/perlasm/x86asm.pl 1.1.1.1.2.3 + src/crypto/openssl/crypto/perlasm/x86ms.pl 1.1.1.1.2.3 + src/crypto/openssl/crypto/perlasm/x86nasm.pl 1.1.1.1.2.3 + src/crypto/openssl/crypto/perlasm/x86unix.pl 1.1.1.1.2.4 + src/crypto/openssl/crypto/rand/rand.h 1.1.1.1.2.6 + src/crypto/openssl/crypto/rand/rand_lib.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/rc4/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/rc5/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/rc5/rc5_locl.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/ripemd/Makefile.ssl 1.1.1.1.2.5 + src/crypto/openssl/crypto/ripemd/rmd160.c 1.1.1.1.2.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.5 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.6 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/rsa/rsa_test.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/sha/Makefile.ssl 1.1.1.1.2.4 + src/crypto/openssl/crypto/ui/Makefile.ssl 1.1.1.1.2.2 + src/crypto/openssl/crypto/ui/ui_openssl.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/x509v3/ext_dat.h 1.1.1.1.2.3 + src/crypto/openssl/crypto/x509v3/v3_ocsp.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/x509v3/v3_purp.c 1.1.1.1.2.5 + src/crypto/openssl/crypto/x509v3/v3conf.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/x509v3/x509v3.h 1.1.1.1.2.5 + src/crypto/openssl/demos/x509/mkcert.c 1.1.1.1.2.2 + src/crypto/openssl/demos/x509/mkreq.c 1.1.1.1.2.2 + src/crypto/openssl/doc/HOWTO/certificates.txt 1.1.1.1.2.2 + src/crypto/openssl/doc/apps/ca.pod 1.1.1.1.2.5 + src/crypto/openssl/doc/apps/dhparam.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/dsa.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/apps/dsaparam.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/gendsa.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/genrsa.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/pkcs7.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/apps/pkcs8.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/apps/req.pod 1.1.1.1.2.4 + src/crypto/openssl/doc/apps/rsa.pod 1.1.1.1.2.4 + src/crypto/openssl/doc/apps/spkac.pod 1.1.1.1.2.2 + src/crypto/openssl/doc/apps/x509.pod 1.1.1.1.2.4 + src/crypto/openssl/doc/crypto/BN_generate_prime.pod 1.1.1.1.2.3 + src/crypto/openssl/doc/crypto/EVP_SealInit.pod 1.1.1.1.2.4 + src/crypto/openssl/doc/standards.txt 1.1.1.1.2.3 + src/crypto/openssl/openssl.spec 1.1.1.1.2.6 + src/crypto/openssl/ssl/bio_ssl.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.7 + src/crypto/openssl/ssl/s3_both.c 1.1.1.1.2.6 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.1.2.6 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.6 + src/crypto/openssl/ssl/ssl.h 1.1.1.1.2.7 + src/crypto/openssl/ssl/ssl_cert.c 1.1.1.1.2.6 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.6 + src/crypto/openssl/ssl/ssltest.c 1.1.1.1.2.5 + src/crypto/openssl/test/Makefile.ssl 1.1.1.1.2.6 + src/crypto/openssl/test/testgen 1.1.1.1.2.3 + src/crypto/openssl/util/bat.sh 1.1.1.1.2.1 + src/crypto/openssl/util/libeay.num 1.1.1.1.2.6 + src/crypto/openssl/util/mk1mf.pl 1.1.1.1.2.5 + src/crypto/openssl/util/mkdef.pl 1.1.1.1.2.6 + src/crypto/openssl/util/ssleay.num 1.1.1.1.2.5 + src/secure/lib/libcrypto/Makefile.inc 1.7.2.11 + src/secure/lib/libcrypto/man/ASN1_OBJECT_new.3 1.2.2.2 + src/secure/lib/libcrypto/man/ASN1_STRING_length.3 1.2.2.2 + src/secure/lib/libcrypto/man/ASN1_STRING_new.3 1.2.2.2 + src/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 1.2.2.2 + src/secure/lib/libcrypto/man/BIO_ctrl.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_f_base64.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_f_buffer.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_f_cipher.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_f_md.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_f_null.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_f_ssl.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_find_type.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_new.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_push.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_read.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_s_accept.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_s_bio.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_s_connect.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_s_fd.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_s_file.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_s_mem.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_s_null.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_s_socket.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_set_callback.3 1.3.2.2 + src/secure/lib/libcrypto/man/BIO_should_retry.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_CTX_new.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_CTX_start.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_add.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_add_word.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_bn2bin.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_cmp.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_copy.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_generate_prime.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_mod_inverse.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_new.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_num_bytes.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_rand.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_set_bit.3 1.3.2.2 + src/secure/lib/libcrypto/man/BN_swap.3 1.2.2.2 + src/secure/lib/libcrypto/man/BN_zero.3 1.3.2.2 + src/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 1.3.2.2 + src/secure/lib/libcrypto/man/DH_generate_key.3 1.3.2.2 + src/secure/lib/libcrypto/man/DH_generate_parameters.3 1.3.2.2 + src/secure/lib/libcrypto/man/DH_get_ex_new_index.3 1.3.2.2 + src/secure/lib/libcrypto/man/DH_new.3 1.3.2.2 + src/secure/lib/libcrypto/man/DH_set_method.3 1.3.2.2 + src/secure/lib/libcrypto/man/DH_size.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_SIG_new.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_do_sign.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_dup_DH.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_generate_key.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_generate_parameters.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_new.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_set_method.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_sign.3 1.3.2.2 + src/secure/lib/libcrypto/man/DSA_size.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_GET_LIB.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_clear_error.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_error_string.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_get_error.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_load_strings.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_print_errors.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_put_error.3 1.3.2.2 + src/secure/lib/libcrypto/man/ERR_remove_state.3 1.3.2.2 + src/secure/lib/libcrypto/man/EVP_BytesToKey.3 1.2.2.2 + src/secure/lib/libcrypto/man/EVP_DigestInit.3 1.3.2.2 + src/secure/lib/libcrypto/man/EVP_EncryptInit.3 1.3.2.2 + src/secure/lib/libcrypto/man/EVP_OpenInit.3 1.3.2.2 + src/secure/lib/libcrypto/man/EVP_PKEY_new.3 1.2.2.2 + src/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 1.2.2.2 + src/secure/lib/libcrypto/man/EVP_SealInit.3 1.3.2.2 + src/secure/lib/libcrypto/man/EVP_SignInit.3 1.3.2.2 + src/secure/lib/libcrypto/man/EVP_VerifyInit.3 1.3.2.2 + src/secure/lib/libcrypto/man/OBJ_nid2obj.3 1.2.2.2 + src/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 1.3.2.2 + src/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 1.3.2.2 + src/secure/lib/libcrypto/man/PKCS12_create.3 1.2.2.2 + src/secure/lib/libcrypto/man/PKCS12_parse.3 1.2.2.2 + src/secure/lib/libcrypto/man/PKCS7_decrypt.3 1.2.2.2 + src/secure/lib/libcrypto/man/PKCS7_encrypt.3 1.2.2.2 + src/secure/lib/libcrypto/man/PKCS7_sign.3 1.2.2.2 + src/secure/lib/libcrypto/man/PKCS7_verify.3 1.2.2.2 + src/secure/lib/libcrypto/man/RAND_add.3 1.3.2.2 + src/secure/lib/libcrypto/man/RAND_bytes.3 1.3.2.2 + src/secure/lib/libcrypto/man/RAND_cleanup.3 1.3.2.2 + src/secure/lib/libcrypto/man/RAND_egd.3 1.3.2.2 + src/secure/lib/libcrypto/man/RAND_load_file.3 1.3.2.2 + src/secure/lib/libcrypto/man/RAND_set_rand_method.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_blinding_on.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_check_key.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_generate_key.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_new.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_print.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_private_encrypt.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_public_encrypt.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_set_method.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_sign.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 1.3.2.2 + src/secure/lib/libcrypto/man/RSA_size.3 1.3.2.2 + src/secure/lib/libcrypto/man/SMIME_read_PKCS7.3 1.2.2.2 + src/secure/lib/libcrypto/man/SMIME_write_PKCS7.3 1.2.2.2 + src/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 1.2.2.2 + src/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 1.2.2.2 + src/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 1.2.2.2 + src/secure/lib/libcrypto/man/X509_NAME_print_ex.3 1.2.2.2 + src/secure/lib/libcrypto/man/X509_new.3 1.2.2.2 + src/secure/lib/libcrypto/man/bio.3 1.3.2.2 + src/secure/lib/libcrypto/man/blowfish.3 1.3.2.2 + src/secure/lib/libcrypto/man/bn.3 1.3.2.2 + src/secure/lib/libcrypto/man/bn_internal.3 1.3.2.2 + src/secure/lib/libcrypto/man/buffer.3 1.3.2.2 + src/secure/lib/libcrypto/man/crypto.3 1.3.2.2 + src/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 1.2.2.2 + src/secure/lib/libcrypto/man/d2i_DHparams.3 1.3.2.2 + src/secure/lib/libcrypto/man/d2i_DSAPublicKey.3 1.2.2.2 + src/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 1.2.2.2 + src/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 1.3.2.2 + src/secure/lib/libcrypto/man/d2i_X509.3 1.2.2.2 + src/secure/lib/libcrypto/man/d2i_X509_ALGOR.3 1.2.2.2 + src/secure/lib/libcrypto/man/d2i_X509_CRL.3 1.2.2.2 + src/secure/lib/libcrypto/man/d2i_X509_NAME.3 1.2.2.2 + src/secure/lib/libcrypto/man/d2i_X509_REQ.3 1.2.2.2 + src/secure/lib/libcrypto/man/d2i_X509_SIG.3 1.2.2.2 + src/secure/lib/libcrypto/man/des.3 1.3.2.2 + src/secure/lib/libcrypto/man/dh.3 1.3.2.2 + src/secure/lib/libcrypto/man/dsa.3 1.3.2.2 + src/secure/lib/libcrypto/man/engine.3 1.2.2.2 + src/secure/lib/libcrypto/man/err.3 1.3.2.2 + src/secure/lib/libcrypto/man/evp.3 1.3.2.2 + src/secure/lib/libcrypto/man/hmac.3 1.3.2.2 + src/secure/lib/libcrypto/man/lh_stats.3 1.3.2.2 + src/secure/lib/libcrypto/man/lhash.3 1.3.2.2 + src/secure/lib/libcrypto/man/md5.3 1.3.2.2 + src/secure/lib/libcrypto/man/mdc2.3 1.3.2.2 + src/secure/lib/libcrypto/man/pem.3 1.2.2.2 + src/secure/lib/libcrypto/man/rand.3 1.3.2.2 + src/secure/lib/libcrypto/man/rc4.3 1.3.2.2 + src/secure/lib/libcrypto/man/ripemd.3 1.3.2.2 + src/secure/lib/libcrypto/man/rsa.3 1.3.2.2 + src/secure/lib/libcrypto/man/sha.3 1.3.2.2 + src/secure/lib/libcrypto/man/threads.3 1.3.2.2 + src/secure/lib/libcrypto/man/ui.3 1.2.2.2 + src/secure/lib/libcrypto/man/ui_compat.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CIPHER_get_name.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_COMP_add_compression_method.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_add_session.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_ctrl.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_flush_sessions.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_free.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_new.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_sess_number.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_sessions.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_cert_store.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_info_callback.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_mode.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_options.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_timeout.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_set_verify.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_CTX_use_certificate.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_SESSION_free.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_SESSION_get_time.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_accept.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_alert_type_string.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_clear.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_connect.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_do_handshake.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_free.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_SSL_CTX.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_ciphers.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_client_CA_list.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_current_cipher.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_default_timeout.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_error.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_ex_new_index.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_fd.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_peer_cert_chain.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_peer_certificate.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_rbio.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_session.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_verify_result.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_get_version.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_library_init.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_load_client_CA_file.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_new.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_pending.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_read.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_rstate_string.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_session_reused.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_set_bio.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_set_connect_state.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_set_fd.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_set_session.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_set_shutdown.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_set_verify_result.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_shutdown.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_state_string.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_want.3 1.2.2.2 + src/secure/lib/libssl/man/SSL_write.3 1.2.2.2 + src/secure/lib/libssl/man/d2i_SSL_SESSION.3 1.2.2.2 + src/secure/lib/libssl/man/ssl.3 1.2.2.2 + src/secure/usr.bin/openssl/man/CA.pl.1 1.2.2.2 + src/secure/usr.bin/openssl/man/asn1parse.1 1.2.2.2 + src/secure/usr.bin/openssl/man/ca.1 1.2.2.2 + src/secure/usr.bin/openssl/man/ciphers.1 1.2.2.2 + src/secure/usr.bin/openssl/man/crl.1 1.2.2.2 + src/secure/usr.bin/openssl/man/crl2pkcs7.1 1.2.2.2 + src/secure/usr.bin/openssl/man/dgst.1 1.2.2.2 + src/secure/usr.bin/openssl/man/dhparam.1 1.2.2.2 + src/secure/usr.bin/openssl/man/dsa.1 1.2.2.2 + src/secure/usr.bin/openssl/man/dsaparam.1 1.2.2.2 + src/secure/usr.bin/openssl/man/enc.1 1.2.2.2 + src/secure/usr.bin/openssl/man/gendsa.1 1.2.2.2 + src/secure/usr.bin/openssl/man/genrsa.1 1.2.2.2 + src/secure/usr.bin/openssl/man/nseq.1 1.2.2.2 + src/secure/usr.bin/openssl/man/ocsp.1 1.2.2.2 + src/secure/usr.bin/openssl/man/openssl.1 1.2.2.2 + src/secure/usr.bin/openssl/man/passwd.1 1.2.2.2 + src/secure/usr.bin/openssl/man/pkcs12.1 1.2.2.2 + src/secure/usr.bin/openssl/man/pkcs7.1 1.2.2.2 + src/secure/usr.bin/openssl/man/pkcs8.1 1.2.2.2 + src/secure/usr.bin/openssl/man/rand.1 1.2.2.2 + src/secure/usr.bin/openssl/man/req.1 1.2.2.2 + src/secure/usr.bin/openssl/man/rsa.1 1.2.2.2 + src/secure/usr.bin/openssl/man/rsautl.1 1.2.2.2 + src/secure/usr.bin/openssl/man/s_client.1 1.2.2.2 + src/secure/usr.bin/openssl/man/s_server.1 1.2.2.2 + src/secure/usr.bin/openssl/man/sess_id.1 1.2.2.2 + src/secure/usr.bin/openssl/man/smime.1 1.2.2.2 + src/secure/usr.bin/openssl/man/speed.1 1.2.2.2 + src/secure/usr.bin/openssl/man/spkac.1 1.2.2.2 + src/secure/usr.bin/openssl/man/verify.1 1.2.2.2 + src/secure/usr.bin/openssl/man/version.1 1.2.2.2 + src/secure/usr.bin/openssl/man/x509.1 1.2.2.2 +RELENG_5_0 + src/UPDATING 1.229.2.7 + src/crypto/openssl/CHANGES 1.1.1.11.2.1 + src/crypto/openssl/Configure 1.1.1.10.2.1 + src/crypto/openssl/FAQ 1.1.1.9.2.1 + src/crypto/openssl/INSTALL 1.1.1.6.2.1 + src/crypto/openssl/Makefile.org 1.1.1.11.2.1 + src/crypto/openssl/Makefile.ssl 1.1.1.10.2.1 + src/crypto/openssl/NEWS 1.1.1.10.2.1 + src/crypto/openssl/PROBLEMS 1.1.1.2.2.1 + src/crypto/openssl/README 1.1.1.10.2.1 + src/crypto/openssl/config 1.1.1.10.2.1 + src/crypto/openssl/e_os.h 1.1.1.8.2.1 + src/crypto/openssl/openssl.spec 1.1.1.7.2.1 + src/crypto/openssl/apps/Makefile.ssl 1.1.1.6.2.1 + src/crypto/openssl/apps/apps.h 1.1.1.3.2.1 + src/crypto/openssl/apps/asn1pars.c 1.1.1.4.2.1 + src/crypto/openssl/apps/ca.c 1.1.1.6.2.1 + src/crypto/openssl/apps/ciphers.c 1.1.1.3.2.1 + src/crypto/openssl/apps/crl.c 1.1.1.3.2.1 + src/crypto/openssl/apps/crl2p7.c 1.1.1.3.2.1 + src/crypto/openssl/apps/dgst.c 1.1.1.5.2.1 + src/crypto/openssl/apps/dh.c 1.1.1.3.2.1 + src/crypto/openssl/apps/dhparam.c 1.1.1.2.2.1 + src/crypto/openssl/apps/dsa.c 1.1.1.3.2.1 + src/crypto/openssl/apps/dsaparam.c 1.1.1.5.2.1 + src/crypto/openssl/apps/enc.c 1.1.1.5.2.1 + src/crypto/openssl/apps/errstr.c 1.1.1.3.2.1 + src/crypto/openssl/apps/gendh.c 1.1.1.3.2.1 + src/crypto/openssl/apps/gendsa.c 1.1.1.3.2.1 + src/crypto/openssl/apps/genrsa.c 1.1.1.3.2.1 + src/crypto/openssl/apps/nseq.c 1.1.1.3.2.1 + src/crypto/openssl/apps/openssl.c 1.1.1.4.2.1 + src/crypto/openssl/apps/openssl.cnf 1.3.2.1 + src/crypto/openssl/apps/passwd.c 1.1.1.4.2.1 + src/crypto/openssl/apps/pkcs12.c 1.1.1.4.2.1 + src/crypto/openssl/apps/pkcs7.c 1.1.1.4.2.1 + src/crypto/openssl/apps/pkcs8.c 1.1.1.3.2.1 + src/crypto/openssl/apps/rand.c 1.1.1.2.2.1 + src/crypto/openssl/apps/req.c 1.1.1.6.2.1 + src/crypto/openssl/apps/rsa.c 1.1.1.3.2.1 + src/crypto/openssl/apps/s_client.c 1.1.1.5.2.1 + src/crypto/openssl/apps/s_server.c 1.1.1.4.2.1 + src/crypto/openssl/apps/s_time.c 1.1.1.3.2.1 + src/crypto/openssl/apps/sess_id.c 1.1.1.3.2.1 + src/crypto/openssl/apps/speed.c 1.9.2.1 + src/crypto/openssl/apps/spkac.c 1.1.1.2.2.1 + src/crypto/openssl/apps/verify.c 1.1.1.3.2.1 + src/crypto/openssl/apps/version.c 1.1.1.2.2.1 + src/crypto/openssl/apps/x509.c 1.1.1.5.2.1 + src/crypto/openssl/crypto/Makefile.ssl 1.1.1.7.2.1 + src/crypto/openssl/crypto/cryptlib.c 1.1.1.7.2.1 + src/crypto/openssl/crypto/crypto.h 1.1.1.5.2.1 + src/crypto/openssl/crypto/md32_common.h 1.1.1.3.2.1 + src/crypto/openssl/crypto/mem.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/mem_clr.c 1.1.1.1.4.1 + src/crypto/openssl/crypto/mem_dbg.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/opensslv.h 1.1.1.11.2.1 + src/crypto/openssl/crypto/tmdiff.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/uid.c 1.1.1.1.4.1 + src/crypto/openssl/crypto/asn1/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/crypto/asn1/a_sign.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/asn1/a_strex.c 1.1.1.1.4.1 + src/crypto/openssl/crypto/asn1/a_utctm.c 1.1.1.5.2.1 + src/crypto/openssl/crypto/asn1/a_verify.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/asn1/n_pkey.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/asn1/p8_pkey.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/bf/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/bf/bftest.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/bio/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/crypto/bio/bio.h 1.1.1.5.2.1 + src/crypto/openssl/crypto/bn/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/crypto/bn/bn.h 1.1.1.7.2.1 + src/crypto/openssl/crypto/bn/bn_lib.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/bn/bn_rand.c 1.1.1.6.2.1 + src/crypto/openssl/crypto/bn/bn_word.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/bn/bntest.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/bn/exptest.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/buffer/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/cast/Makefile.ssl 1.1.1.3.2.1 + src/crypto/openssl/crypto/cast/casttest.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/comp/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/conf/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/crypto/conf/conf_def.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/des/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/des/des.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/des/read2pwd.c 1.1.1.1.14.1 + src/crypto/openssl/crypto/des/read_pwd.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/des/str2key.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/dh/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/dh/dhtest.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/dsa/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/dsa/dsatest.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/dso/Makefile.ssl 1.1.1.2.2.1 + src/crypto/openssl/crypto/err/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/crypto/err/err_all.c 1.5.2.1 + src/crypto/openssl/crypto/evp/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/evp/bio_enc.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/evp/bio_ok.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/evp/c_allc.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/evp/c_alld.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/evp/e_idea.c 1.1.1.1.4.1 + src/crypto/openssl/crypto/evp/evp.h 1.11.2.1 + src/crypto/openssl/crypto/evp/evp_key.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/evp/p5_crpt.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/evp/p5_crpt2.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/evp/p_open.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/hmac/Makefile.ssl 1.1.1.3.2.1 + src/crypto/openssl/crypto/hmac/hmactest.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/idea/Makefile.ssl 1.5.2.1 + src/crypto/openssl/crypto/idea/i_cbc.c 1.5.2.1 + src/crypto/openssl/crypto/idea/i_cfb64.c 1.5.2.1 + src/crypto/openssl/crypto/idea/i_ecb.c 1.5.2.1 + src/crypto/openssl/crypto/idea/i_ofb64.c 1.5.2.1 + src/crypto/openssl/crypto/idea/i_skey.c 1.5.2.1 + src/crypto/openssl/crypto/idea/idea.h 1.5.2.1 + src/crypto/openssl/crypto/idea/idea_lcl.h 1.4.4.1 + src/crypto/openssl/crypto/idea/idea_spd.c 1.4.4.1 + src/crypto/openssl/crypto/idea/ideatest.c 1.4.4.1 + src/crypto/openssl/crypto/idea/version 1.4.4.1 + src/crypto/openssl/crypto/lhash/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/md2/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/crypto/md2/md2_dgst.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/md2/md2_one.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/md2/md2test.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/md4/Makefile.ssl 1.1.1.2.2.1 + src/crypto/openssl/crypto/md4/md4_one.c 1.1.1.1.4.1 + src/crypto/openssl/crypto/md4/md4test.c 1.1.1.1.4.1 + src/crypto/openssl/crypto/md5/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/md5/md5_one.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/md5/md5test.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/mdc2/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/mdc2/mdc2_one.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/mdc2/mdc2test.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/objects/Makefile.ssl 1.1.1.6.2.1 + src/crypto/openssl/crypto/objects/obj_dat.c 1.1.1.5.2.1 + src/crypto/openssl/crypto/objects/obj_dat.h 1.1.1.4.2.1 + src/crypto/openssl/crypto/objects/obj_mac.h 1.1.1.3.2.1 + src/crypto/openssl/crypto/objects/obj_mac.num 1.1.1.2.2.1 + src/crypto/openssl/crypto/objects/objects.txt 1.1.1.4.2.1 + src/crypto/openssl/crypto/pem/Makefile.ssl 1.1.1.3.2.1 + src/crypto/openssl/crypto/pem/pem_info.c 1.1.1.5.2.1 + src/crypto/openssl/crypto/pem/pem_lib.c 1.1.1.5.2.1 + src/crypto/openssl/crypto/pem/pem_seal.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/pkcs12/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/pkcs12/p12_crpt.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/pkcs12/p12_decr.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/pkcs12/p12_key.c 1.1.1.5.2.1 + src/crypto/openssl/crypto/pkcs7/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/crypto/pkcs7/bio_ber.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.7.2.1 + src/crypto/openssl/crypto/rand/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.6.2.1 + src/crypto/openssl/crypto/rand/rand_egd.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/rand/rand_win.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/rand/randfile.c 1.1.1.6.2.1 + src/crypto/openssl/crypto/rand/randtest.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/rc2/Makefile.ssl 1.1.1.2.2.1 + src/crypto/openssl/crypto/rc2/rc2test.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/rc4/Makefile.ssl 1.1.1.3.2.1 + src/crypto/openssl/crypto/rc4/rc4.c 1.1.1.1.14.1 + src/crypto/openssl/crypto/rc4/rc4test.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/rc5/Makefile.ssl 1.1.1.3.2.1 + src/crypto/openssl/crypto/rc5/rc5test.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/ripemd/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/ripemd/rmd_one.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/ripemd/rmdtest.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/rsa/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.8.2.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.8.2.1 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.6.2.1 + src/crypto/openssl/crypto/rsa/rsa_pk1.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/rsa/rsa_saos.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/sha/Makefile.ssl 1.1.1.3.2.1 + src/crypto/openssl/crypto/sha/sha1_one.c 1.1.1.1.14.1 + src/crypto/openssl/crypto/sha/sha1test.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/sha/sha_one.c 1.1.1.1.14.1 + src/crypto/openssl/crypto/sha/shatest.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/stack/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/threads/mttest.c 1.1.1.3.2.1 + src/crypto/openssl/crypto/txt_db/Makefile.ssl 1.1.1.4.2.1 + src/crypto/openssl/crypto/x509/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/crypto/x509/by_file.c 1.1.1.2.2.1 + src/crypto/openssl/crypto/x509/x509_cmp.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.4.2.1 + src/crypto/openssl/crypto/x509v3/Makefile.ssl 1.1.1.5.2.1 + src/crypto/openssl/demos/selfsign.c 1.1.1.2.2.1 + src/crypto/openssl/doc/c-indentation.el 1.1.1.3.2.1 + src/crypto/openssl/doc/openssl.txt 1.1.1.3.2.1 + src/crypto/openssl/doc/apps/passwd.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/apps/req.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/apps/smime.pod 1.1.1.3.2.1 + src/crypto/openssl/doc/apps/x509.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/crypto/BN_CTX_new.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/BN_add.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/BN_add_word.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/BN_bn2bin.pod 1.1.1.3.2.1 + src/crypto/openssl/doc/crypto/BN_copy.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/BN_generate_prime.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/BN_mod_inverse.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/crypto/BN_new.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/BN_rand.pod 1.1.1.5.2.1 + src/crypto/openssl/doc/crypto/DH_generate_key.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DH_generate_parameters.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DH_new.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DSA_SIG_new.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DSA_do_sign.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DSA_dup_DH.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DSA_generate_key.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DSA_generate_parameters.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DSA_new.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/DSA_sign.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/EVP_SealInit.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/crypto/RAND_bytes.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/RSA_check_key.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/crypto/RSA_generate_key.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/crypto/RSA_print.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/crypto/RSA_private_encrypt.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/RSA_public_encrypt.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/crypto/RSA_sign.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod 1.1.1.1.4.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.4.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 1.1.1.2.2.1 + src/crypto/openssl/doc/ssl/ssl.pod 1.1.1.7.2.1 + src/crypto/openssl/ssl/Makefile.ssl 1.1.1.6.2.1 + src/crypto/openssl/ssl/s23_clnt.c 1.6.2.1 + src/crypto/openssl/ssl/s23_lib.c 1.5.2.1 + src/crypto/openssl/ssl/s23_meth.c 1.1.1.2.2.1 + src/crypto/openssl/ssl/s23_srvr.c 1.6.2.1 + src/crypto/openssl/ssl/s2_clnt.c 1.9.2.1 + src/crypto/openssl/ssl/s2_enc.c 1.7.2.1 + src/crypto/openssl/ssl/s2_lib.c 1.8.2.1 + src/crypto/openssl/ssl/s2_meth.c 1.4.2.1 + src/crypto/openssl/ssl/s2_pkt.c 1.7.2.1 + src/crypto/openssl/ssl/s2_srvr.c 1.9.2.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.8.2.1 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.8.2.1 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.7.2.1 + src/crypto/openssl/ssl/s3_meth.c 1.1.1.1.14.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.6.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.9.2.1 + src/crypto/openssl/ssl/ssl.h 1.1.1.9.2.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.7.2.1 + src/crypto/openssl/ssl/ssl_sess.c 1.1.1.7.2.1 + src/crypto/openssl/ssl/ssltest.c 1.1.1.4.2.1 + src/crypto/openssl/ssl/t1_clnt.c 1.1.1.1.14.1 + src/crypto/openssl/ssl/t1_enc.c 1.1.1.8.2.1 + src/crypto/openssl/ssl/t1_meth.c 1.1.1.1.14.1 + src/crypto/openssl/ssl/t1_srvr.c 1.1.1.1.14.1 + src/crypto/openssl/test/Makefile.ssl 1.1.1.8.2.1 + src/crypto/openssl/test/methtest.c 1.1.1.1.14.1 + src/crypto/openssl/test/testssl 1.1.1.2.2.1 + src/crypto/openssl/tools/c_rehash 1.1.1.5.2.1 + src/crypto/openssl/tools/c_rehash.in 1.1.1.3.2.1 + src/crypto/openssl/util/libeay.num 1.1.1.7.2.1 + src/crypto/openssl/util/mk1mf.pl 1.1.1.4.2.1 + src/crypto/openssl/util/mkcerts.sh 1.1.1.1.14.1 + src/crypto/openssl/util/pod2mantest 1.1.1.1.10.1 + src/crypto/openssl/util/pl/BC-32.pl 1.1.1.4.2.1 + src/crypto/openssl/util/pl/Mingw32.pl 1.4.2.1 + src/secure/lib/libcrypto/Makefile 1.51.2.1 + src/secure/lib/libcrypto/man/BIO_ctrl.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_f_base64.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_f_buffer.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_f_cipher.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_f_md.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_f_null.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_f_ssl.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_find_type.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/BIO_new_bio_pair.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_push.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_read.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_s_accept.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_s_bio.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_s_connect.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_s_fd.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_s_file.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_s_mem.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_s_null.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_s_socket.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_set_callback.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BIO_should_retry.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_CTX_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_CTX_start.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_add.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_add_word.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_bn2bin.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_cmp.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_copy.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_generate_prime.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_mod_inverse.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_num_bytes.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_rand.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_set_bit.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/BN_zero.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/CA.pl.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DH_generate_key.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DH_generate_parameters.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DH_get_ex_new_index.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DH_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DH_set_method.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DH_size.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_SIG_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_do_sign.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_dup_DH.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_generate_key.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_generate_parameters.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_get_ex_new_index.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_set_method.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_sign.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/DSA_size.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_GET_LIB.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_clear_error.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_error_string.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_get_error.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_load_crypto_strings.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_load_strings.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_print_errors.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_put_error.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ERR_remove_state.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/EVP_DigestInit.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/EVP_EncryptInit.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/EVP_OpenInit.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/EVP_SealInit.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/EVP_SignInit.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/EVP_VerifyInit.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RAND_add.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RAND_bytes.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RAND_cleanup.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RAND_egd.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RAND_load_file.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RAND_set_rand_method.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_blinding_on.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_check_key.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_generate_key.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_get_ex_new_index.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_print.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_private_encrypt.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_public_encrypt.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_set_method.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_sign.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/RSA_size.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CIPHER_get_name.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_COMP_add_compression_method.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_add_extra_chain_cert.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_add_session.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_ctrl.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_flush_sessions.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_free.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_get_ex_new_index.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_get_verify_mode.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_load_verify_locations.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_sess_number.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_sess_set_cache_size.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_sess_set_get_cb.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_sessions.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_cert_store.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_cert_verify_callback.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_cipher_list.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_client_CA_list.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_client_cert_cb.3 1.1.1.1.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_default_passwd_cb.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_info_callback.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_mode.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_options.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_quiet_shutdown.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_session_cache_mode.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_session_id_context.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_ssl_version.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_timeout.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_tmp_dh_callback.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_tmp_rsa_callback.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_verify.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_CTX_use_certificate.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_SESSION_free.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_SESSION_get_ex_new_index.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_SESSION_get_time.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_accept.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_alert_type_string.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_clear.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_connect.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_do_handshake.3 1.1.1.1.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_free.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_SSL_CTX.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_ciphers.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_client_CA_list.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_current_cipher.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_default_timeout.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_error.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_ex_data_X509_STORE_CTX_idx.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_ex_new_index.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_fd.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_peer_cert_chain.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_peer_certificate.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_rbio.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_session.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_verify_result.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_get_version.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_library_init.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_load_client_CA_file.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_new.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_pending.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_read.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_rstate_string.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_session_reused.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_set_bio.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_set_connect_state.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_set_fd.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_set_session.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_set_shutdown.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_set_verify_result.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_shutdown.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_state_string.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_want.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/SSL_write.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/asn1parse.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/bio.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/blowfish.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/bn.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/bn_internal.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/buffer.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/ca.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/ciphers.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/config.1 1.1.1.1.2.1 + src/secure/lib/libcrypto/man/Attic/config.5 1.1.1.1.2.1 + src/secure/lib/libcrypto/man/Attic/crl.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/crl2pkcs7.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/crypto.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/d2i_DHparams.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/d2i_RSAPublicKey.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/d2i_SSL_SESSION.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/des.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/des_modes.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/dgst.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/dh.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/dhparam.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/dsa.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/dsa.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/dsaparam.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/enc.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/err.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/evp.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/gendsa.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/genrsa.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/hmac.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/lh_stats.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/lhash.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/md5.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/mdc2.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/nseq.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/openssl.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/passwd.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/pkcs12.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/pkcs7.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/pkcs8.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/rand.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/rand.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/rc4.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/req.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/ripemd.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/rsa.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/rsa.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/rsautl.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/s_client.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/s_server.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/sess_id.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/sha.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/smime.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/speed.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/spkac.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/ssl.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/threads.3 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/verify.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/version.1 1.1.1.2.2.1 + src/secure/lib/libcrypto/man/Attic/x509.1 1.1.1.2.2.1 + src/sys/conf/newvers.sh 1.48.2.3 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.7 + src/crypto/openssl/CHANGES 1.1.1.1.2.4.2.1 + src/crypto/openssl/Configure 1.1.1.1.2.4.2.1 + src/crypto/openssl/FAQ 1.1.1.1.2.5.2.1 + src/crypto/openssl/INSTALL 1.1.1.1.2.3.2.1 + src/crypto/openssl/Makefile.org 1.1.1.1.2.5.2.1 + src/crypto/openssl/Makefile.ssl 1.1.1.1.2.5.2.1 + src/crypto/openssl/NEWS 1.1.1.1.2.5.2.1 + src/crypto/openssl/PROBLEMS 1.1.1.1.2.2.2.1 + src/crypto/openssl/README 1.1.1.1.2.5.2.1 + src/crypto/openssl/config 1.1.1.1.2.5.2.1 + src/crypto/openssl/e_os.h 1.1.1.1.2.4.2.1 + src/crypto/openssl/openssl.spec 1.1.1.1.2.4.2.1 + src/crypto/openssl/apps/CA.pl 1.1.1.1.2.4.2.1 + src/crypto/openssl/apps/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/apps/apps.h 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/asn1pars.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/ca.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/ciphers.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/crl.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/crl2p7.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/der_chop 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/dgst.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/dh.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/dhparam.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/dsa.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/dsaparam.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/apps/enc.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/errstr.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/gendh.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/gendsa.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/genrsa.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/nseq.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/openssl.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/openssl.cnf 1.1.1.1.2.5.2.1 + src/crypto/openssl/apps/passwd.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/apps/pkcs12.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/pkcs7.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/apps/pkcs8.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/rand.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/req.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/apps/rsa.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/s_client.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/apps/s_server.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/apps/s_time.c 1.1.1.1.2.2.2.1 + src/crypto/openssl/apps/sess_id.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/speed.c 1.3.2.4.2.1 + src/crypto/openssl/apps/spkac.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/verify.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/apps/version.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/apps/x509.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/cryptlib.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/crypto.h 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/md32_common.h 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/mem.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/mem_clr.c 1.1.1.1.6.1 + src/crypto/openssl/crypto/mem_dbg.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/opensslconf.h 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.5.2.1 + src/crypto/openssl/crypto/tmdiff.c 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/uid.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/asn1/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/asn1/a_sign.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/asn1/a_strex.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/asn1/a_utctm.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/asn1/a_verify.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/asn1/n_pkey.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/asn1/p8_pkey.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/bf/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/bf/bftest.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/bio/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/bio/bio.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/bn/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/bn/bn.h 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/bn/bn_lib.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/bn/bn_rand.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/bn/bn_word.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/bn/bntest.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bn/exptest.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/buffer/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/cast/Makefile.ssl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/cast/casttest.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/comp/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/conf/Makefile.ssl 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/conf/conf_def.c 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/des/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/des/des.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/des/read2pwd.c 1.1.1.1.12.1 + src/crypto/openssl/crypto/des/read_pwd.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/des/str2key.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/dh/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/dh/dhtest.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/dsa/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/dsa/dsatest.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/dso/Makefile.ssl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/err/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/err/err_all.c 1.2.2.4.2.1 + src/crypto/openssl/crypto/evp/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/evp/bio_enc.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/evp/bio_ok.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/evp/c_allc.c 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/evp/c_alld.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/evp/e_idea.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/evp/evp.h 1.2.2.4.2.1 + src/crypto/openssl/crypto/evp/evp_key.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/evp/p5_crpt.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/evp/p5_crpt2.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/evp/p_open.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/hmac/Makefile.ssl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/hmac/hmactest.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/idea/Makefile.ssl 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/i_cbc.c 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/i_cfb64.c 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/i_ecb.c 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/i_ofb64.c 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/i_skey.c 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/idea.h 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/idea_lcl.h 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/idea_spd.c 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/ideatest.c 1.4.2.4.2.1 + src/crypto/openssl/crypto/idea/version 1.4.2.4.2.1 + src/crypto/openssl/crypto/lhash/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/md2/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/md2/md2_dgst.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/md2/md2_one.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/md2/md2test.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/md4/Makefile.ssl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/md4/md4_one.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/md4/md4test.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/md5/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/md5/md5_one.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/md5/md5test.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/mdc2/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/mdc2/mdc2_one.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/mdc2/mdc2test.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/objects/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/objects/obj_dat.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/objects/obj_dat.h 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/objects/obj_mac.h 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/objects/obj_mac.num 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/objects/objects.txt 1.1.1.1.2.2.2.1 + src/crypto/openssl/crypto/pem/Makefile.ssl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/pem/pem_info.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/pem/pem_lib.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/pem/pem_seal.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/pkcs12/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/pkcs12/p12_crpt.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/pkcs12/p12_decr.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/pkcs12/p12_key.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/pkcs7/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/pkcs7/bio_ber.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/rand/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.1.2.5.2.1 + src/crypto/openssl/crypto/rand/rand_egd.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/rand/rand_win.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/rand/randfile.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/rand/randtest.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/rc2/Makefile.ssl 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rc2/rc2test.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/rc4/Makefile.ssl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/rc4/rc4.c 1.1.1.1.12.1 + src/crypto/openssl/crypto/rc4/rc4test.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/rc5/Makefile.ssl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/rc5/rc5test.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/ripemd/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/ripemd/rmd_one.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/ripemd/rmdtest.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/rsa/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.5.2.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.3.2.1 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.4.2.1 + src/crypto/openssl/crypto/rsa/rsa_pk1.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/rsa/rsa_saos.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/sha/Makefile.ssl 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/sha/sha1_one.c 1.1.1.1.12.1 + src/crypto/openssl/crypto/sha/sha1test.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/sha/sha_one.c 1.1.1.1.12.1 + src/crypto/openssl/crypto/sha/shatest.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/stack/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/threads/mttest.c 1.1.1.1.2.2.10.1 + src/crypto/openssl/crypto/txt_db/Makefile.ssl 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/x509/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/crypto/x509/by_file.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/crypto/x509/x509_cmp.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/crypto/x509v3/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/demos/selfsign.c 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/c-indentation.el 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/openssl.txt 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/apps/passwd.pod 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/apps/req.pod 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/apps/smime.pod 1.1.1.1.2.3.2.1 + src/crypto/openssl/doc/apps/x509.pod 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/crypto/BN_CTX_new.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/BN_add.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/BN_add_word.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/BN_bn2bin.pod 1.1.1.1.2.3.2.1 + src/crypto/openssl/doc/crypto/BN_copy.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/BN_generate_prime.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/BN_mod_inverse.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/crypto/BN_new.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/BN_rand.pod 1.1.1.1.2.3.2.1 + src/crypto/openssl/doc/crypto/DH_generate_key.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DH_generate_parameters.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DH_new.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DSA_SIG_new.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DSA_do_sign.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DSA_dup_DH.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DSA_generate_key.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DSA_generate_parameters.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DSA_new.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/DSA_sign.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/EVP_SealInit.pod 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/crypto/RAND_bytes.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/RSA_check_key.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/crypto/RSA_generate_key.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/crypto/RSA_print.pod 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/crypto/RSA_private_encrypt.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/RSA_public_encrypt.pod 1.1.1.1.2.2.10.1 + src/crypto/openssl/doc/crypto/RSA_sign.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 1.1.1.1.2.1.10.1 + src/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.2.2.1 + src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 1.1.1.1.2.2.2.1 + src/crypto/openssl/doc/ssl/ssl.pod 1.1.1.1.2.4.2.1 + src/crypto/openssl/ssl/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/ssl/s23_clnt.c 1.2.2.4.2.1 + src/crypto/openssl/ssl/s23_lib.c 1.2.2.4.2.1 + src/crypto/openssl/ssl/s23_meth.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.4.2.1 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.5.2.1 + src/crypto/openssl/ssl/s2_enc.c 1.2.2.5.2.1 + src/crypto/openssl/ssl/s2_lib.c 1.2.2.5.2.1 + src/crypto/openssl/ssl/s2_meth.c 1.2.2.4.2.1 + src/crypto/openssl/ssl/s2_pkt.c 1.2.2.4.2.1 + src/crypto/openssl/ssl/s2_srvr.c 1.2.2.5.2.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.1.2.5.2.1 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/ssl/s3_meth.c 1.1.1.1.12.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.5.2.1 + src/crypto/openssl/ssl/ssl.h 1.1.1.1.2.5.2.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/ssl/ssl_sess.c 1.1.1.1.2.5.2.1 + src/crypto/openssl/ssl/ssltest.c 1.1.1.1.2.3.2.1 + src/crypto/openssl/ssl/t1_clnt.c 1.1.1.1.12.1 + src/crypto/openssl/ssl/t1_enc.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/ssl/t1_meth.c 1.1.1.1.12.1 + src/crypto/openssl/ssl/t1_srvr.c 1.1.1.1.12.1 + src/crypto/openssl/test/Makefile.ssl 1.1.1.1.2.4.2.1 + src/crypto/openssl/test/methtest.c 1.1.1.1.12.1 + src/crypto/openssl/test/testssl 1.1.1.1.2.1.10.1 + src/crypto/openssl/tools/c_rehash 1.1.1.1.2.4.2.1 + src/crypto/openssl/tools/c_rehash.in 1.1.1.1.2.2.8.1 + src/crypto/openssl/util/libeay.num 1.1.1.1.2.4.2.1 + src/crypto/openssl/util/mk1mf.pl 1.1.1.1.2.3.2.1 + src/crypto/openssl/util/mkcerts.sh 1.1.1.1.12.1 + src/crypto/openssl/util/pod2mantest 1.1.1.1.2.1.2.1 + src/crypto/openssl/util/pl/BC-32.pl 1.1.1.1.2.3.2.1 + src/crypto/openssl/util/pl/Mingw32.pl 1.1.1.1.2.4.2.1 + src/secure/lib/libcrypto/Makefile 1.15.2.13.2.1 + src/sys/conf/newvers.sh 1.44.2.26.2.7 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.35 + src/crypto/openssl/CHANGES 1.1.1.1.2.2.6.2 + src/crypto/openssl/Configure 1.1.1.1.2.2.6.2 + src/crypto/openssl/FAQ 1.1.1.1.2.3.6.2 + src/crypto/openssl/INSTALL 1.1.1.1.2.2.8.2 + src/crypto/openssl/Makefile.org 1.1.1.1.2.3.6.2 + src/crypto/openssl/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/NEWS 1.1.1.1.2.3.6.2 + src/crypto/openssl/README 1.1.1.1.2.3.6.2 + src/crypto/openssl/config 1.1.1.1.2.3.6.2 + src/crypto/openssl/e_os.h 1.1.1.1.2.3.6.2 + src/crypto/openssl/openssl.spec 1.1.1.1.2.2.6.2 + src/crypto/openssl/apps/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/apps/apps.h 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/asn1pars.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/apps/ca.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/apps/ciphers.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/crl.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/crl2p7.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/dgst.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/apps/dh.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/dhparam.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/dsa.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/dsaparam.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/apps/enc.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/apps/errstr.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/gendh.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/gendsa.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/genrsa.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/nseq.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/openssl.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/apps/openssl.cnf 1.1.1.1.2.4.6.1 + src/crypto/openssl/apps/passwd.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/apps/pkcs12.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/apps/pkcs7.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/apps/pkcs8.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/rand.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/req.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/apps/rsa.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/s_client.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/apps/s_server.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/apps/s_time.c 1.1.1.1.2.1.8.2 + src/crypto/openssl/apps/sess_id.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/speed.c 1.3.2.3.6.2 + src/crypto/openssl/apps/spkac.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/verify.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/apps/version.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/apps/x509.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/cryptlib.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/cryptlib.h 1.1.1.1.2.1.8.2 + src/crypto/openssl/crypto/crypto.h 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/md32_common.h 1.1.1.1.2.1.8.2 + src/crypto/openssl/crypto/mem.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/mem_clr.c 1.1.1.1.8.1 + src/crypto/openssl/crypto/mem_dbg.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/opensslconf.h 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/tmdiff.c 1.1.1.1.2.1.8.2 + src/crypto/openssl/crypto/uid.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/asn1/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/asn1/a_sign.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/asn1/a_strex.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/asn1/a_utctm.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/asn1/a_verify.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.3.6.3 + src/crypto/openssl/crypto/asn1/n_pkey.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/asn1/p8_pkey.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bf/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/bf/bftest.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bio/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/bio/b_print.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/bio/bio.h 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/bn/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/bn/bn.h 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/bn/bn_lib.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/bn/bn_rand.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/bn/bn_word.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/bn/bntest.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/bn/exptest.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/buffer/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/cast/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/cast/casttest.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/comp/Makefile.ssl 1.1.1.1.2.2.6.2 + src/crypto/openssl/crypto/conf/Makefile.ssl 1.1.1.1.2.2.6.2 + src/crypto/openssl/crypto/conf/conf_def.c 1.1.1.1.2.1.8.2 + src/crypto/openssl/crypto/des/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/des/des.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/des/read2pwd.c 1.1.1.1.10.1 + src/crypto/openssl/crypto/des/read_pwd.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/des/str2key.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/dh/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/dh/dhtest.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/dsa/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/dsa/dsatest.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/dso/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/err/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/err/err_all.c 1.2.2.3.6.1 + src/crypto/openssl/crypto/evp/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/evp/bio_enc.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/evp/bio_ok.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/evp/c_allc.c 1.1.1.1.2.1.8.2 + src/crypto/openssl/crypto/evp/c_alld.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/evp/e_idea.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/evp/evp.h 1.2.2.3.6.2 + src/crypto/openssl/crypto/evp/evp_key.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/evp/p5_crpt.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/evp/p5_crpt2.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/evp/p_open.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/hmac/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/hmac/hmactest.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/idea/Makefile.ssl 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/i_cbc.c 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/i_cfb64.c 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/i_ecb.c 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/i_ofb64.c 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/i_skey.c 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/idea.h 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/idea_lcl.h 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/idea_spd.c 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/ideatest.c 1.4.2.3.6.1 + src/crypto/openssl/crypto/idea/version 1.4.2.3.6.1 + src/crypto/openssl/crypto/lhash/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/md2/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/md2/md2_dgst.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md2/md2_one.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md2/md2test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md4/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/md4/md4_one.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md4/md4test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md5/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/md5/md5_one.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/md5/md5test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/mdc2/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/mdc2/mdc2_one.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/mdc2/mdc2test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/objects/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/objects/obj_dat.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/objects/obj_dat.h 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/objects/obj_mac.h 1.1.1.1.2.1.8.2 + src/crypto/openssl/crypto/objects/obj_mac.num 1.1.1.1.2.1.8.2 + src/crypto/openssl/crypto/objects/objects.txt 1.1.1.1.2.1.8.2 + src/crypto/openssl/crypto/pem/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/pem/pem_info.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/pem/pem_lib.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/pem/pem_seal.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/pkcs12/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/pkcs12/p12_crpt.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/pkcs12/p12_decr.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/pkcs12/p12_key.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/pkcs7/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/pkcs7/bio_ber.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/rand/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/rand/md_rand.c 1.1.1.1.2.4.6.2 + src/crypto/openssl/crypto/rand/rand_egd.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/rand/rand_win.c 1.1.1.1.2.2.6.2 + src/crypto/openssl/crypto/rand/randfile.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/rand/randtest.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rc2/Makefile.ssl 1.1.1.1.2.1.6.1 + src/crypto/openssl/crypto/rc2/rc2test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rc4/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/rc4/rc4.c 1.1.1.1.10.1 + src/crypto/openssl/crypto/rc4/rc4test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rc5/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/rc5/rc5test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/ripemd/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/ripemd/rmd_one.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/ripemd/rmdtest.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rsa/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.4.6.2 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.2.6.2 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.3.6.1 + src/crypto/openssl/crypto/rsa/rsa_pk1.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/rsa/rsa_saos.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/sha/Makefile.ssl 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/sha/sha1_one.c 1.1.1.1.10.1 + src/crypto/openssl/crypto/sha/sha1test.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/sha/sha_one.c 1.1.1.1.10.1 + src/crypto/openssl/crypto/sha/shatest.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/stack/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/threads/mttest.c 1.1.1.1.2.2.8.1 + src/crypto/openssl/crypto/txt_db/Makefile.ssl 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/x509/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/crypto/x509/by_file.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/crypto/x509/x509_cmp.c 1.1.1.1.2.3.6.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/crypto/x509v3/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/demos/selfsign.c 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/c-indentation.el 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/openssl.txt 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/apps/passwd.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/apps/req.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/apps/smime.pod 1.1.1.1.2.2.8.2 + src/crypto/openssl/doc/apps/x509.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/BN_CTX_new.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/BN_add.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/BN_add_word.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/BN_bn2bin.pod 1.1.1.1.2.2.8.2 + src/crypto/openssl/doc/crypto/BN_copy.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/BN_generate_prime.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/BN_mod_inverse.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/BN_new.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/BN_rand.pod 1.1.1.1.2.2.6.2 + src/crypto/openssl/doc/crypto/DH_generate_key.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DH_generate_parameters.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod 1.1.1.1.2.1.8.2 + src/crypto/openssl/doc/crypto/DH_new.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DSA_SIG_new.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DSA_do_sign.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DSA_dup_DH.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DSA_generate_key.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DSA_generate_parameters.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DSA_new.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/DSA_sign.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/EVP_SealInit.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/RAND_bytes.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/RSA_check_key.pod 1.1.1.1.2.1.8.2 + src/crypto/openssl/doc/crypto/RSA_generate_key.pod 1.1.1.1.2.1.8.2 + src/crypto/openssl/doc/crypto/RSA_print.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/RSA_private_encrypt.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/RSA_public_encrypt.pod 1.1.1.1.2.2.8.1 + src/crypto/openssl/doc/crypto/RSA_sign.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 1.1.1.1.2.1.8.1 + src/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod 1.1.1.1.2.1.6.1 + src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.1.6.2 + src/crypto/openssl/doc/ssl/SSL_CTX_new.pod 1.1.1.1.2.2.6.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.1.6.2 + src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod 1.1.1.1.2.1.6.2 + src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.1.6.2 + src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod 1.1.1.1.2.1.6.2 + src/crypto/openssl/doc/ssl/SSL_new.pod 1.1.1.1.2.2.6.2 + src/crypto/openssl/doc/ssl/ssl.pod 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/s23_clnt.c 1.2.2.3.6.2 + src/crypto/openssl/ssl/s23_lib.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s23_meth.c 1.1.1.1.2.1.6.1 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.3.6.2 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.3.6.2 + src/crypto/openssl/ssl/s2_enc.c 1.2.2.3.6.2 + src/crypto/openssl/ssl/s2_lib.c 1.2.2.3.6.2 + src/crypto/openssl/ssl/s2_meth.c 1.2.2.3.6.1 + src/crypto/openssl/ssl/s2_pkt.c 1.2.2.3.6.2 + src/crypto/openssl/ssl/s2_srvr.c 1.2.2.3.6.2 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/s3_meth.c 1.1.1.1.10.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/ssl.h 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/ssl_asn1.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/ssl/ssl_err.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/ssl_locl.h 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/ssl_sess.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/ssltest.c 1.1.1.1.2.2.8.2 + src/crypto/openssl/ssl/t1_clnt.c 1.1.1.1.10.1 + src/crypto/openssl/ssl/t1_enc.c 1.1.1.1.2.3.6.2 + src/crypto/openssl/ssl/t1_meth.c 1.1.1.1.10.1 + src/crypto/openssl/ssl/t1_srvr.c 1.1.1.1.10.1 + src/crypto/openssl/test/Makefile.ssl 1.1.1.1.2.3.6.2 + src/crypto/openssl/test/methtest.c 1.1.1.1.10.1 + src/crypto/openssl/test/testssl 1.1.1.1.2.1.8.1 + src/crypto/openssl/tools/c_rehash 1.1.1.1.2.2.6.2 + src/crypto/openssl/tools/c_rehash.in 1.1.1.1.2.2.6.1 + src/crypto/openssl/util/libeay.num 1.1.1.1.2.3.6.2 + src/crypto/openssl/util/mk1mf.pl 1.1.1.1.2.2.8.2 + src/crypto/openssl/util/mkcerts.sh 1.1.1.1.10.1 + src/crypto/openssl/util/mkerr.pl 1.1.1.1.2.2.8.2 + src/crypto/openssl/util/pod2mantest 1.1.1.1.4.2 + src/crypto/openssl/util/pl/BC-32.pl 1.1.1.1.2.2.8.2 + src/crypto/openssl/util/pl/Mingw32.pl 1.1.1.1.2.3.6.1 + src/secure/lib/libcrypto/Makefile 1.15.2.11.6.2 + src/sys/conf/newvers.sh 1.44.2.23.2.25 +- ------------------------------------------------------------------------- + +VII. References + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+W8BdFdaIBMps37IRApXfAJwMznR8VTdjX+8epBw0R2Pqwx7l/QCePFlB +mOHuSwtsik0LHq79iRCwYU0= +=Za02 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:03.syncookies.asc b/share/security/advisories/FreeBSD-SA-03:03.syncookies.asc new file mode 100644 index 0000000000..2be421f685 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:03.syncookies.asc @@ -0,0 +1,120 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:03.syncookies Security Advisory + The FreeBSD Project + +Topic: Brute force attack on SYN cookies + +Category: core +Module: sys_netinet +Announced: 2003-02-24 +Credits: Mike Silbersack +Affects: FreeBSD 4.5-RELEASE + FreeBSD 4.6-RELEASE prior to 4.6.2-RELEASE-p9 + FreeBSD 4.7-RELEASE prior to 4.7-RELEASE-p6 + FreeBSD 4.7-STABLE prior to the correction date + FreeBSD 5.0-RELEASE prior to 5.0-RELEASE-p3 +Corrected: 2003-02-23 19:04:58 UTC (RELENG_4) + 2003-02-23 20:18:48 UTC (RELENG_5_0) + 2003-02-23 20:19:29 UTC (RELENG_4_7) + 2003-02-24 02:42:06 UTC (RELENG_4_6) +FreeBSD only: YES + +I. Background + +SYN cookies are a technique used to mitigate the effects of SYN flood +attacks by choosing initial TCP sequence numbers (ISNs) that can be +verified cryptographically. FreeBSD implements this technique in the +TCP stack (where it is referred to as `syncookies') by default. + +II. Problem Description + +The FreeBSD syncookie implementation protects the generated ISN using +a MAC that is keyed on one of several internal secret keys which are +rotated periodically. However, the keys are only 32 bits in length, +allowing brute force attacks on the secrets to be feasible. + +III. Impact + +Once a syncookie key has been recovered, an attacker may construct +valid ISNs until the key is rotated (typically up to four seconds). +The ability to construct a valid ISN may be used to spoof a TCP +connection in exactly the same way as in the well-known ISN prediction +attacks (see `References'). Spoofing may allow an attacker to bypass +IP-based access control lists such as those implemented by +tcp_wrappers and many firewalls. Similarly, SMTP and other +connections may be forged, increasing the difficulty of tracing +abusers. Recovery of a syncookie key will also allow the attacker to +reset TCP connections initiated within the same 31.25ms window. + +IV. Workaround + +syncookies may be disabled using the `net.inet.tcp.syncookies' +sysctl(8). Execute the following command as root: + + # sysctl net.inet.tcp.syncookies=0 + +To disable syncookies at system startup time, add the following line +to sysctl.conf(5): + + net.inet.tcp.syncookies=0 + + +V. Solution + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_7 +(4.7-RELEASE-p6), RELENG_4_6 (4.6.2-RELEASE-p9), or RELENG_5_0 +(5.0-RELEASE-p3) security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.6, 4.7, and +5.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:03/syncookie.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:03/syncookie.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + +and reboot the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/sys/conf/newvers.sh + RELENG_5_0 1.48.2.4 + RELENG_4_7 1.44.2.26.2.8 + RELENG_4_6 1.44.2.23.2.26 +src/sys/netinet/tcp_syncache.c + RELENG_4 1.5.2.13 + RELENG_5_0 1.28.2.3 + RELENG_4_7 1.5.2.8.2.1 + RELENG_4_6 1.5.2.6.2.2 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+Whc6FdaIBMps37IRAgP9AJ4npQ6fYrxATBWOx8AdlKA/03GsggCcC4Br +GBDcKjEcnHInChHZVuXYg58= +=LfP+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:04.sendmail.asc b/share/security/advisories/FreeBSD-SA-03:04.sendmail.asc new file mode 100644 index 0000000000..38e1b1ab97 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:04.sendmail.asc @@ -0,0 +1,254 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:04.sendmail Security Advisory + The FreeBSD Project + +Topic: sendmail header parsing buffer overflow + +Category: contrib +Module: contrib_sendmail +Announced: 2003-03-03 +Revised: 2003-03-04 +Credits: Mark Dowd (ISS) +Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4 + FreeBSD 4-STABLE prior to the correction date +Corrected: 2003-03-03 18:03:18 UTC (RELENG_4) + 2003-03-03 17:19:49 UTC (RELENG_5_0) + 2003-03-03 17:20:23 UTC (RELENG_4_7) + 2003-03-03 17:21:58 UTC (RELENG_4_6) + 2003-03-03 17:22:07 UTC (RELENG_4_5) + 2003-03-03 17:22:16 UTC (RELENG_4_4) + 2003-03-03 17:22:26 UTC (RELENG_4_3) + 2003-03-03 17:23:11 UTC (RELENG_3) +FreeBSD only: NO + +0. Revision History + +v1.0 2003-03-03 Initial release +v1.1 2003-03-04 Added correction details for each branch. + +I. Background + +FreeBSD includes sendmail(8), a general purpose internetwork mail +routing facility, as the default Mail Transfer Agent (MTA). + +II. Problem Description + +ISS has identified a buffer overflow that may occur during header +parsing in all versions of sendmail after version 5.79. + +In addition, Sendmail, Inc. has identified and corrected a defect in +buffer handling within sendmail's RFC 1413 ident protocol support. + +III. Impact + +A remote attacker could create a specially crafted message that may +cause sendmail to execute arbitrary code with the privileges of the +user running sendmail, typically root. The malicious message might be +handled (and therefore the vulnerability triggered) by the initial +sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail +process. Exploiting this defect is particularly difficult, but is +believed to be possible. + +The defect in the ident routines is not believed to be exploitable. + +IV. Workaround + +There is no workaround, other than not using sendmail. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0, +RELENG_4_7, or RELENG_4_6 security branch dated after the correction +date (5.0-RELEASE-p4, 4.7-RELEASE-p7, or 4.6.2-RELEASE-p10, +respectively). + +[NOTE: At the time of this writing, the FreeBSD 4-STABLE branch is + labeled `4.8-RC1'.] + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 5.0, 4.7, +and 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libsm +# make obj && make depend && make +# cd /usr/src/lib/libsmutil +# make obj && make depend && make +# cd /usr/src/usr.sbin/sendmail +# make obj && make depend && make && make install + +c) Restart sendmail. Execute the following command as root. + +# /bin/sh /etc/rc.sendmail restart + +3) For i386 systems only, a patched sendmail binary is available. +Select the correct binary based on your FreeBSD version and whether or +not you want STARTTLS support. If you want STARTTLS support, you must +have the crypto distribution installed. + +a) Download the relevant binary from the location below, and verify +the detached PGP signature using your PGP utility. + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz.asc + +b) Install the binary. Execute the following commands as root. +Note that these examples utilizes the FreeBSD 4.7 crypto binary. +Substitute BINARYGZ with the file name which you downloaded in +step (a). + +# BINARYGZ=/path/to/sendmail-4.7-i386-crypto.bin.gz +# gunzip ${BINARYGZ} +# install -s -o root -g smmsp -m 2555 ${BINARYGZ%.gz} /usr/libexec/sendmail/sendmail + +c) Restart sendmail. Execute the following command as root. + +# /bin/sh /etc/rc.sendmail restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/sendmail/FREEBSD-upgrade 1.1.2.15 + src/contrib/sendmail/PGPKEYS 1.1.1.1.2.5 + src/contrib/sendmail/RELEASE_NOTES 1.1.1.3.2.14 + src/contrib/sendmail/cf/README 1.1.1.3.2.14 + src/contrib/sendmail/cf/cf/submit.cf 1.1.1.1.2.7 + src/contrib/sendmail/cf/m4/version.m4 1.1.1.3.2.14 + src/contrib/sendmail/cf/ostype/bsd4.4.m4 1.3.6.2 + src/contrib/sendmail/contrib/bitdomain.c 1.2.6.2 + src/contrib/sendmail/doc/op/op.me 1.1.1.3.2.14 + src/contrib/sendmail/libmilter/comm.c 1.1.1.1.2.8 + src/contrib/sendmail/libmilter/docs/smfi_setreply.html 1.1.1.1.2.3 + src/contrib/sendmail/libmilter/handler.c 1.1.1.1.2.6 + src/contrib/sendmail/libmilter/libmilter.h 1.1.1.1.2.9 + src/contrib/sendmail/libmilter/listener.c 1.1.1.1.2.11 + src/contrib/sendmail/libmilter/main.c 1.1.1.1.2.9 + src/contrib/sendmail/libsm/stdio.c 1.1.1.1.2.4 + src/contrib/sendmail/libsmdb/smdb2.c 1.1.1.1.2.8 + src/contrib/sendmail/mail.local/mail.local.c 1.6.6.13 + src/contrib/sendmail/makemap/makemap.c 1.3.6.6 + src/contrib/sendmail/praliases/praliases.c 1.3.6.7 + src/contrib/sendmail/smrsh/smrsh.c 1.3.6.11 + src/contrib/sendmail/src/README 1.1.1.3.2.13 + src/contrib/sendmail/src/TUNING 1.1.1.1.2.3 + src/contrib/sendmail/src/conf.c 1.5.2.13 + src/contrib/sendmail/src/conf.h 1.6.2.13 + src/contrib/sendmail/src/daemon.c 1.1.1.3.2.12 + src/contrib/sendmail/src/deliver.c 1.1.1.3.2.13 + src/contrib/sendmail/src/domain.c 1.1.1.3.2.8 + src/contrib/sendmail/src/err.c 1.3.6.7 + src/contrib/sendmail/src/headers.c 1.4.2.9 + src/contrib/sendmail/src/main.c 1.1.1.3.2.14 + src/contrib/sendmail/src/mci.c 1.3.6.10 + src/contrib/sendmail/src/milter.c 1.1.1.1.2.15 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.12 + src/contrib/sendmail/src/queue.c 1.1.1.3.2.13 + src/contrib/sendmail/src/savemail.c 1.4.2.10 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.14 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.13 + src/contrib/sendmail/src/tls.c 1.1.1.1.2.4 + src/contrib/sendmail/src/version.c 1.1.1.3.2.14 +RELENG_5_0 + src/UPDATING 1.229.2.9 + src/contrib/sendmail/src/daemon.c 1.1.1.14.2.1 + src/contrib/sendmail/src/headers.c 1.12.2.1 + src/contrib/sendmail/src/main.c 1.1.1.15.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.14.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.17.2.1 + src/sys/conf/newvers.sh 1.48.2.5 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.9 + src/contrib/sendmail/src/daemon.c 1.1.1.3.2.10.2.1 + src/contrib/sendmail/src/headers.c 1.4.2.7.2.1 + src/contrib/sendmail/src/main.c 1.1.1.3.2.12.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.10.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.12.2.1 + src/sys/conf/newvers.sh 1.44.2.26.2.9 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.37 + src/contrib/sendmail/src/daemon.c 1.1.1.3.2.8.2.1 + src/contrib/sendmail/src/headers.c 1.4.2.6.2.1 + src/contrib/sendmail/src/main.c 1.1.1.3.2.9.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.8.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.9.2.1 + src/sys/conf/newvers.sh 1.44.2.23.2.27 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.41 + src/contrib/sendmail/src/daemon.c 1.1.1.3.2.6.4.1 + src/contrib/sendmail/src/headers.c 1.4.2.5.4.1 + src/contrib/sendmail/src/main.c 1.1.1.3.2.6.4.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.6.4.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.7.4.1 + src/sys/conf/newvers.sh 1.44.2.20.2.26 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.40 + src/contrib/sendmail/src/daemon.c 1.1.1.3.2.6.2.1 + src/contrib/sendmail/src/headers.c 1.4.2.5.2.1 + src/contrib/sendmail/src/main.c 1.1.1.3.2.6.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.6.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.7.2.1 + src/sys/conf/newvers.sh 1.44.2.17.2.32 +RELENG_4_3 + src/UPDATING 1.73.2.28.2.29 + src/contrib/sendmail/src/daemon.c 1.1.1.3.2.4.2.1 + src/contrib/sendmail/src/headers.c 1.4.2.4.2.1 + src/contrib/sendmail/src/main.c 1.1.1.3.2.4.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.4.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.4.2.1 + src/sys/conf/newvers.sh 1.44.2.14.2.20 +RELENG_3 + src/contrib/sendmail/src/daemon.c 1.1.1.2.2.2 + src/contrib/sendmail/src/headers.c 1.3.2.2 + src/contrib/sendmail/src/main.c 1.1.1.2.2.2 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.2.1 +- ------------------------------------------------------------------------- + +VII. References + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+ZOcUFdaIBMps37IRAkunAJwO8ydi9lqBz0C7Rx2KQnspXehBkACfVTxs +1uOVHk3rXuMEgmwRoXoEKkA= +=IwY2 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:05.xdr.asc b/share/security/advisories/FreeBSD-SA-03:05.xdr.asc new file mode 100644 index 0000000000..1822815fa1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:05.xdr.asc @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:05.xdr Security Advisory + The FreeBSD Project + +Topic: remote denial-of-service in XDR encoder/decoder + +Category: core +Module: libc +Announced: 2003-03-20 +Credits: Riley Hassell, eEye + Todd Miller +Affects: All releases of FreeBSD prior to 4.6-RELEASE-p11, + 4.7-RELEASE-p8, 4.8-RELEASE and 5.0-RELEASE-p5 +Corrected: 2003-03-20 12:59:55 UTC (RELENG_4) + 2003-03-20 13:05:04 UTC (RELENG_4_6) + 2003-03-20 13:05:27 UTC (RELENG_4_7) + 2003-03-20 13:04:46 UTC (RELENG_5_0) +FreeBSD only: NO + +I. Background + +XDR (eXternal Data Representation) is a standard developed by Sun +Microsystems for platform-independent encoding of data types. It is +widely used by the Sun RPC (Remote Procedure Call) protocol and other +protocols. FreeBSD's standard C library includes routines for encoding +and decoding XDR, derived from a library originally distributed by +Sun Microsystems. + +II. Problem Description + +The xdrmem XDR stream object does incorrect bounds-checking. An +internal variable used for tracking bounds is a signed integer. +Bounds-checking is performed by subtracting the object length from +this signed integer, and then testing for a negative result. However, +if the object length is sufficiently large, the internal variable will +wrap and the result will be positive. + +III. Impact + +For some operations on the xdrmem XDR stream object, the +bounds-checking is followed by a memory copy. If the bounds-checking +error is exploited, then the memory copy will operate on a huge region +of memory, resulting in a segmentation violation. Thus, it may be +possible for an attacker to send maliciously formatted messages to a +service which utilizes the xdrmem XDR stream object and cause a +denial-of-service. + +IV. Workaround + +None known. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to the FreeBSD 4-STABLE branch; or +to the RELENG_4_7 (4.7-RELEASE-p8), RELENG_4_6 (4.6-RELEASE-p11), or +RELENG_5_0 (5.0-RELEASE-p5) security branch dated after the correction +date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.6, and 4.7 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-4.patch.asc + +The following patch has been verified to apply to FreeBSD 5.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-5.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of +the base system (i.e. from the Ports Collection or other 3rd-party +sources) must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/include/rpc/xdr.h 1.14.2.1 + src/lib/libc/xdr/xdr_mem.c 1.8.2.1 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.38 + src/include/rpc/xdr.h 1.14.10.1 + src/lib/libc/xdr/xdr_mem.c 1.8.10.1 + src/sys/conf/newvers.sh 1.44.2.23.2.28 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.10 + src/include/rpc/xdr.h 1.14.12.1 + src/lib/libc/xdr/xdr_mem.c 1.8.12.1 + src/sys/conf/newvers.sh 1.44.2.26.2.10 +RELENG_5_0 + src/UPDATING 1.229.2.10 + src/include/rpc/xdr.h 1.21.2.1 + src/lib/libc/xdr/xdr_mem.c 1.11.2.1 + src/sys/conf/newvers.sh 1.48.2.6 +- ------------------------------------------------------------------------- + +VII. References + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.0 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iD8DBQE+eb5xFdaIBMps37IRAiG+AJ4yWC/mnLQJAinaxAgt/CfvHY2wrQCfeaCR +W5v39BKPf1fGIK5T3/Rwcp8= +=MXpP +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:06.openssl.asc b/share/security/advisories/FreeBSD-SA-03:06.openssl.asc new file mode 100644 index 0000000000..3940438661 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:06.openssl.asc @@ -0,0 +1,160 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:06.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL timing-based SSL/TLS attack + +Category: crypto +Module: openssl +Announced: 2003-03-21 +Credits: Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa +Affects: All FreeBSD versions prior to 4.6-RELEASE-p12, + 4.7-RELEASE-p9, 5.0-RELEASE-p6 +Corrected: 2003-03-20 21:07:20 UTC (RELENG_4) + 2003-03-21 16:12:34 UTC (RELENG_4_7) + 2003-03-21 16:12:03 UTC (RELENG_4_6) + 2003-03-21 16:13:06 UTC (RELENG_5_0) +FreeBSD only: NO + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL +Project is a collaborative effort to develop a robust, commercial- +grade, full-featured, and Open Source toolkit implementing the Secure +Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) +protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +This advisory addresses two separate flaws recently fixed in OpenSSL: + (1) an RSA timing attack, and (2) the Klima-Pokorny-Rosa attack. + +- - - From the OpenSSL Project advisories (see references): + +(1) Researchers have discovered a timing attack on RSA keys, to which + OpenSSL is generally vulnerable, unless RSA blinding has been + turned on. + +(2) Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa + have come up with an extension of the "Bleichenbacher attack" on + RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0. + Their attack requires the attacker to open millions of SSL/TLS + connections to the server under attack; the server's behaviour + when faced with specially made-up RSA ciphertexts can reveal + information that in effect allows the attacker to perform a single + RSA private key operation on a ciphertext of its choice using the + server's RSA key. Note that the server's RSA key is not + compromised in this attack. + +III. Impact + +RSA timing attack: + An RSA private key may be compromised. + +Klima-Pokorny-Rosa attack: + A vulnerable server, when faced with specially made-up RSA + ciphertexts, can reveal information that in effect allows the + attacker to perform a single RSA private key operation on a + ciphertext of its choice using the server's RSA key. Note that the + server's RSA key is not compromised in this attack. + +IV. Workaround + +RSA timing attack: + Disable the use of RSA or enable RSA blinding in OpenSSL using the + RSA_blinding_on() function. The method of adjusting the list of + acceptable ciphersuites varies from application to application. See + the application's documentation for details. + +Klima-Pokorny-Rosa attack: + Disable the use of ciphersuites which use PKCS #1 v1.5 padding in SSL + or TLS. The method of adjusting the list of acceptable ciphersuites + varies from application to application. See the application's + documentation for details. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_7 +(4.7-RELEASE-p9), RELENG_4_6 (4.6-RELEASE-p12), or RELENG_5_0 +(5.0-RELEASE-p6) security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.6, 4.7, +and 5.0 systems which have already been patched for the issues resolved +in FreeBSD-SA-03:02.openssl. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:06/openssl.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:06/openssl.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of the +base system (i.e. from the Ports Collection or other 3rd-party sources) +must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Patch +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.6 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.7 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.7 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.39 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.2.6.3 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.3.6.2 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.6.3 + src/sys/conf/newvers.sh 1.44.2.23.2.29 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.11 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.3.2.2 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.2.2.4.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.5.2.1 + src/sys/conf/newvers.sh 1.44.2.26.2.11 +RELENG_5_0 + src/UPDATING 1.229.2.11 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.8.2.2 + src/crypto/openssl/crypto/rsa/rsa_lib.c 1.6.2.2 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.9.2.2 + src/sys/conf/newvers.sh 1.6.2.2 +- ------------------------------------------------------------------------- + +VII. References + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.0 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iD8DBQE+e3s9FdaIBMps37IRAufUAKCTht2X617uI3AB8G/RnRLNvmuFUwCffDNW +wMVBJ2SE2dSq6JcNdCFT9jA= +=PBbA +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:07.sendmail.asc b/share/security/advisories/FreeBSD-SA-03:07.sendmail.asc new file mode 100644 index 0000000000..f2141821e5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:07.sendmail.asc @@ -0,0 +1,256 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:07.sendmail Security Advisory + The FreeBSD Project + +Topic: a second sendmail header parsing buffer overflow + +Category: contrib +Module: contrib_sendmail +Announced: 2003-03-30 +Credits: Michal Zalewski +Affects: All releases prior to 4.8-RELEASE and 5.0-RELEASE-p7 + FreeBSD 4-STABLE prior to the correction date +Corrected: 2003-03-29 19:34:13 UTC (RELENG_4) + 2003-03-29 21:58:11 UTC (RELENG_5_0) + 2003-03-29 21:58:05 UTC (RELENG_4_7) + 2003-03-29 21:57:58 UTC (RELENG_4_6) + 2003-03-29 21:57:52 UTC (RELENG_4_5) + 2003-03-29 21:57:45 UTC (RELENG_4_4) + 2003-03-29 21:57:36 UTC (RELENG_4_3) + 2003-03-29 20:09:48 UTC (RELENG_3) +FreeBSD only: NO + +I. Background + +FreeBSD includes sendmail(8), a general purpose internetwork mail +routing facility, as the default Mail Transfer Agent (MTA). + +II. Problem Description + +A buffer overflow that may occur during header parsing was identified. +The overflow is possible due to a programming error involving type +conversions in the C programming language. + +NOTE WELL: This issue is distinct from the issue described in +`FreeBSD-SA-03:04.sendmail', although the impact is very similar. + +III. Impact + +A remote attacker could create a specially crafted message that may +cause sendmail to execute arbitrary code with the privileges of the +user running sendmail, typically root. The malicious message might be +handled (and the vulnerability triggered) by the initial +sendmail MTA, by any relaying sendmail MTA, or by the delivering sendmail +process. Exploiting this defect is particularly difficult, but is +believed to be possible. + +The defect in the ident routines is not believed to be exploitable. + +IV. Workaround + +There is no workaround, other than not using sendmail. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 4.8-RELEASE; or +to the RELENG_5_0, RELENG_4_7, or RELENG_4_6 security branch dated +after the correction date (5.0-RELEASE-p7, 4.7-RELEASE-p10, or +4.6.2-RELEASE-p13, respectively). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 5.0, 4.7, +and 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail.patch +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libsm +# make obj && make depend && make +# cd /usr/src/lib/libsmutil +# make obj && make depend && make +# cd /usr/src/usr.sbin/sendmail +# make obj && make depend && make && make install + +c) Restart sendmail. Execute the following command as root. + +# /bin/sh /etc/rc.sendmail restart + +3) For i386 systems only, a patched sendmail binary is available. +Select the correct binary based on your FreeBSD version and whether or +not you want STARTTLS support. If you want STARTTLS support, you must +have the crypto distribution installed. + +a) Download the relevant binary from the location below, and verify +the detached PGP signature using your PGP utility. + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz.asc + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz.asc + +b) Install the binary. Execute the following commands as root. +Note that these examples utilizes the FreeBSD 4.7 crypto binary. +Substitute BINARYGZ with the name of the file which you downloaded in +step (a). + +# BINARYGZ=/path/to/sendmail-4.7-i386-crypto.bin.gz +# gunzip ${BINARYGZ} +# install -s -o root -g smmsp -m 2555 ${BINARYGZ%.gz} /usr/libexec/sendmail/sendmail + +c) Restart sendmail. Execute the following command as root. + +# /bin/sh /etc/rc.sendmail restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/sendmail/FREEBSD-upgrade 1.1.2.16 + src/contrib/sendmail/RELEASE_NOTES 1.1.1.3.2.15 + src/contrib/sendmail/cf/README 1.1.1.3.2.15 + src/contrib/sendmail/cf/cf/submit.cf 1.1.1.1.2.8 + src/contrib/sendmail/cf/m4/cfhead.m4 1.3.6.8 + src/contrib/sendmail/cf/m4/proto.m4 1.1.1.4.2.13 + src/contrib/sendmail/cf/m4/version.m4 1.1.1.3.2.15 + src/contrib/sendmail/cf/mailer/usenet.m4 1.1.1.2.6.3 + src/contrib/sendmail/contrib/buildvirtuser 1.1.1.1.2.5 + src/contrib/sendmail/doc/op/op.me 1.1.1.3.2.15 + src/contrib/sendmail/editmap/editmap.8 1.1.1.1.2.2 + src/contrib/sendmail/include/sm/bdb.h 1.1.1.1.2.2 + src/contrib/sendmail/include/sm/conf.h 1.1.1.1.2.7 + src/contrib/sendmail/libmilter/docs/api.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/design.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/index.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/installation.html 1.1.1.1.2.3 + src/contrib/sendmail/libmilter/docs/other.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/overview.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/sample.html 1.1.1.1.2.3 + src/contrib/sendmail/libmilter/docs/smfi_addheader.html 1.1.1.1.2.3 + src/contrib/sendmail/libmilter/docs/smfi_addrcpt.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_chgheader.html 1.1.1.1.2.3 + src/contrib/sendmail/libmilter/docs/smfi_delrcpt.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_getpriv.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_getsymval.html 1.1.1.1.2.3 + src/contrib/sendmail/libmilter/docs/smfi_main.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_register.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_replacebody.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_setbacklog.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_setconn.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_setpriv.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/smfi_setreply.html 1.1.1.1.2.4 + src/contrib/sendmail/libmilter/docs/smfi_settimeout.html 1.1.1.1.2.3 + src/contrib/sendmail/libmilter/docs/xxfi_abort.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_body.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_close.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_connect.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_envfrom.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_envrcpt.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_eoh.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_eom.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_header.html 1.1.1.1.2.2 + src/contrib/sendmail/libmilter/docs/xxfi_helo.html 1.1.1.1.2.2 + src/contrib/sendmail/libsm/clock.c 1.1.1.1.2.5 + src/contrib/sendmail/libsm/config.c 1.1.1.1.2.3 + src/contrib/sendmail/mail.local/mail.local.c 1.6.6.14 + src/contrib/sendmail/src/README 1.1.1.3.2.14 + src/contrib/sendmail/src/collect.c 1.1.1.4.2.12 + src/contrib/sendmail/src/conf.c 1.5.2.14 + src/contrib/sendmail/src/deliver.c 1.1.1.3.2.14 + src/contrib/sendmail/src/headers.c 1.4.2.10 + src/contrib/sendmail/src/main.c 1.1.1.3.2.15 + src/contrib/sendmail/src/milter.c 1.1.1.1.2.16 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.13 + src/contrib/sendmail/src/queue.c 1.1.1.3.2.14 + src/contrib/sendmail/src/readcf.c 1.1.1.4.2.14 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.15 + src/contrib/sendmail/src/sm_resolve.c 1.1.1.1.2.3 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.14 + src/contrib/sendmail/src/tls.c 1.1.1.1.2.5 + src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.12 + src/contrib/sendmail/src/version.c 1.1.1.3.2.15 +RELENG_5_0 + src/UPDATING 1.229.2.13 + src/contrib/sendmail/src/conf.c 1.18.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.14.2.2 + src/contrib/sendmail/src/version.c 1.1.1.16.2.1 + src/sys/conf/newvers.sh 1.48.2.8 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.13 + src/contrib/sendmail/src/conf.c 1.5.2.11.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.10.2.2 + src/contrib/sendmail/src/version.c 1.1.1.3.2.12.2.1 + src/sys/conf/newvers.sh 1.44.2.26.2.12 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.41 + src/contrib/sendmail/src/conf.c 1.5.2.8.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.8.2.2 + src/contrib/sendmail/src/version.c 1.1.1.3.2.9.2.1 + src/sys/conf/newvers.sh 1.44.2.23.2.30 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.43 + src/contrib/sendmail/src/conf.c 1.5.2.6.4.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.6.4.2 + src/contrib/sendmail/src/version.c 1.1.1.3.2.7.4.1 + src/sys/conf/newvers.sh 1.44.2.20.2.27 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.43 + src/contrib/sendmail/src/conf.c 1.5.2.6.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.6.2.2 + src/contrib/sendmail/src/version.c 1.1.1.3.2.7.2.1 + src/sys/conf/newvers.sh 1.44.2.17.2.34 +RELENG_4_3 + src/UPDATING 1.73.2.28.2.31 + src/contrib/sendmail/src/conf.c 1.5.2.4.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.4.2.2 + src/contrib/sendmail/src/version.c 1.1.1.3.2.4.2.1 + src/sys/conf/newvers.sh 1.44.2.14.2.21 +RELENG_3 + src/contrib/sendmail/src/conf.c 1.3.2.3 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.2.2 + src/contrib/sendmail/src/version.c 1.1.1.2.2.2 +- ------------------------------------------------------------------------- + +VII. References + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+h18lFdaIBMps37IRAg7lAJ9hJLEHlLsXV9Nq20Yw3E3470ZqdQCfX1Sv +BBClV+coK1zwzq/zWcfejME= +=eDvb +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:08.realpath.asc b/share/security/advisories/FreeBSD-SA-03:08.realpath.asc new file mode 100644 index 0000000000..4eedf89b5c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:08.realpath.asc @@ -0,0 +1,336 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:08.realpath Security Advisory + The FreeBSD Project + +Topic: Single byte buffer overflow in realpath(3) + +Category: core +Module: libc +Announced: 2003-08-03 +Credits: Janusz Niewiadomski , + Wojciech Purczynski , + CERT/CC +Affects: All releases of FreeBSD up to and including 4.8-RELEASE + and 5.0-RELEASE + FreeBSD 4-STABLE prior to May 22 17:11:44 2003 UTC +Corrected: 2003-08-03 23:46:24 UTC (RELENG_5_0) + 2003-08-03 23:43:43 UTC (RELENG_4_8) + 2003-08-03 23:44:12 UTC (RELENG_4_7) + 2003-08-03 23:44:36 UTC (RELENG_4_6) + 2003-08-03 23:44:56 UTC (RELENG_4_5) + 2003-08-03 23:45:41 UTC (RELENG_4_4) + 2003-08-03 23:46:03 UTC (RELENG_4_3) + 2003-08-03 23:47:39 UTC (RELENG_3) +FreeBSD only: NO + +0. Revision History + +v1.0 2003-08-03 Initial release +v1.1 2003-08-04 Updated information for lukemftpd + +I. Background + +The realpath(3) function is used to determine the canonical, +absolute pathname from a given pathname which may contain extra +``/'' characters, references to ``/./'' or ``/../'', or references +to symbolic links. The realpath(3) function is part of the FreeBSD +Standard C Library. + +II. Problem Description + +An off-by-one error exists in a portion of realpath(3) that computes +the length of the resolved pathname. As a result, if the resolved +path name is exactly 1024 characters long and contains at least +two directory separators, the buffer passed to realpath(3) will be +overwritten by a single NUL byte. + +III. Impact + +Applications using realpath(3) MAY be vulnerable to denial of service +attacks, remote code execution, and/or privilege escalation. The +impact on an individual application is highly dependent upon the +source of the pathname passed to realpath, the position of the output +buffer on the stack, the architecture on which the application is +running, and other factors. + +Within the FreeBSD base system, several applications use realpath(3). +Two applications which are negatively impacted are: + +(1) lukemftpd(8), an alternative FTP server: realpath(3) is used to + process the MLST and MLSD commands. The vulnerability may be + exploitable, leading to code execution with superuser privileges. + + lukemftpd(8) was installed (but not enabled) by default in + 4.7-RELEASE and in 4-STABLE dated Jun 20 21:13:33 2002 UTC through + Nov 12 17:32:47 2002 UTC. It is not built or installed by default + in any other release. + + If the `-r' option to lukemftpd is used (as suggested by the + example /etc/inetd.conf supplied in 4.7-RELEASE), then successful + exploitation leads to code execution with the privileges of + the authenticated user (rather than superuser privileges). + +(2) sftp-server(8), part of OpenSSH: realpath(3) is used to process + chdir commands. This vulnerability may be exploitable, leading + to code execution with the privileges of the authenticated user. + +At the time of 4.8-RELEASE, the FreeBSD Ports Collection contained +the following applications which appear to use realpath(3). These +applications have not been audited, and may or may not be vulnerable. +There may be additional applications in the FreeBSD Ports Collection +that use realpath(3), particularly statically-linked applications and +applications added since 4.8-RELEASE. + +BitchX-1.0c19_1 +Mowitz-0.2.1_1 +XFree86-clients-4.3.0_1 +abcache-0.14 +aim-1.5.234 +analog-5.24,1 +anjuta-1.0.1_1 +aolserver-3.4.2 +argus-2.0.5 +arm-rtems-gdb-5.2_1 +avr-gdb-5.2.1 +ccache-2.1.1 +cdparanoia-3.9.8_4 +cfengine-1.6.3_4 +cfengine2-2.0.3 +cmake-1.4.7 +comserv-1.4.3 +criticalmass-0.97 +dedit-0.6.2.3_1 +drweb_postfix-4.29.10a +drweb-4.29.2 +drweb_sendmail-4.29.10a +edonkey-gui-gtk-0.5.0 +enca-0.10.7 +epic4-1.0.1_2 +evolution-1.2.2_1 +exim-3.36_1 +exim-4.12_5 +exim-ldap-4.12_5 +exim-ldap2-4.12_5 +exim-mysql-4.12_5 +exim-postgresql-4.12_5 +fam-2.6.9_2 +fastdep-0.15 +feh-1.2.4_1 +ferite-0.99.6 +fileutils-4.1_1 +finfo-0.1 +firebird-1.0.2 +firebird-1.0.r2 +frontpage-5.0.2.2623_1 +galeon-1.2.8 +galeon2-1.3.2_1 +gdb-5.3_20030311 +gdb-5.2.1_1 +gdm2-2.4.1.3 +gecc-20021119 +gentoo-0.11.34 +gkrellmvolume-2.1.7 +gltron-0.61 +global-4.5.1 +gnat-3.15p +gnomelibs-1.4.2_1 +gprolog-1.2.16 +gracula-3.0 +gringotts-1.2.3 +gtranslator-0.43_1 +gvd-1.2.5 +hercules-2.16.5 +hte-0.7.0 +hugs98-200211 +i386-rtems-gdb-5.2_1 +i960-rtems-gdb-5.2_1 +installwatch-0.5.6 +ivtools-1.0.6 +ja-epic4-1.0.1_2 +ja-gnomelibs-1.4.2_1 +ja-msdosfs-20001027 +ja-samba-2.2.7a.j1.1_1 +kdebase-3.1_1 +kdelibs-3.1 +kermit-8.0.206 +ko-BitchX-1.0c16_3 +ko-msdosfs-20001027 +leocad-0.73 +libfpx-1.2.0.4_1 +libgnomeui-2.2.0.1 +libpdel-0.3.4 +librep-0.16.1_1 +linux-beonex-0.8.1 +linux-divxplayer-0.2.0 +linux-edonkey-gui-gtk-0.2.0.a.2002.02.22 +linux-gnomelibs-1.2.8_2 +linux-mozilla-1.2 +linux-netscape-communicator-4.8 +linux-netscape-navigator-4.8 +linux-phoenix-0.3 +linux_base-6.1_4 +linux_base-7.1_2 +lsh-1.5.1 +lukemftpd-1.1_1 +m68k-rtems-gdb-5.2_1 +mips-rtems-gdb-5.2_1 +mod_php4-4.3.1 +moscow_ml-2.00_1 +mozilla-1.0.2_1 +mozilla-1.2.1_1,2 +mozilla-1.2.1_2 +mozilla-1.3b,1 +mozilla-1.3b +mozilla-embedded-1.0.2_1 +mozilla-embedded-1.2.1_1,2 +mozilla-embedded-1.3b,1 +msyslog-1.08f_1 +netraider-0.0.2 +openag-1.1.1_1 +openssh-portable-3.5p1_1 +openssh-3.5 +p5-PPerl-0.23 +paragui-1.0.2_2 +powerpc-rtems-gdb-5.2_1 +psim-freebsd-5.2.1 +ptypes-1.7.4 +pure-ftpd-1.0.14 +qiv-1.8 +readlink-20010616 +reed-5.4 +rox-1.3.6_1 +rox-session-0.1.18_1 +rpl-1.4.0 +rpm-3.0.6_6 +samba-2.2.8 +samba-3.0a20 +scrollkeeper-0.3.11_8,1 +sh-rtems-gdb-5.2_1 +sharity-light-1.2_1 +siag-3.4.10 +skipstone-0.8.3 +sparc-rtems-gdb-5.2_1 +squeak-2.7 +squeak-3.2 +swarm-2.1.1 +tcl-8.2.3_2 +tcl-8.3.5 +tcl-8.4.1,1 +tcl-thread-8.1.b1 +teTeX-2.0.2_1 +wine-2003.02.19 +wml-2.0.8 +worker-2.7.0 +xbubble-0.2 +xerces-c2-2.1.0_1 +xerces_c-1.7.0 +xnview-1.50 +xscreensaver-gnome-4.08 +xscreensaver-4.08 +xworld-2.0 +yencode-0.46_1 +zh-cle_base-0.9p1 +zh-tcl-8.3.0 +zh-tw-BitchX-1.0c19_3 +zh-ve-1.0 +zh-xemacs-20.4_1 + +IV. Workaround + +There is no generally applicable workaround. + +OpenSSH's sftp-server(8) may be disabled by editing +/etc/ssh/sshd_config and commenting out the following line by +inserting a `#' as the first character: + + Subsystem sftp /usr/libexec/sftp-server + +lukemftpd(8) may be replaced by the default ftpd(8). + +V. Solution + +1) Upgrade your vulnerable system to 4.8-STABLE +or to any of the RELENG_5_1 (5.1-RELEASE), RELENG_4_8 +(4.8-RELEASE-p1), or RELENG_4_7 (4.7-RELEASE-p11) security branches +dated after the respective correction dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. The following patch +has been tested to apply to all FreeBSD 4.x releases and to FreeBSD +5.0-RELEASE. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your operating system as described in +. + +NOTE WELL: Any statically linked applications that are not part of +the base system (i.e. from the Ports Collection or other 3rd-party +sources) must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_3 + src/lib/libc/stdlib/realpath.c 1.6.2.1 +RELENG_4_3 + src/UPDATING 1.73.2.28.2.32 + src/lib/libc/stdlib/realpath.c 1.9.4.1 + src/sys/conf/newvers.sh 1.44.2.14.2.22 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.45 + src/lib/libc/stdlib/realpath.c 1.9.6.1 + src/sys/conf/newvers.sh 1.44.2.17.2.36 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.44 + src/lib/libc/stdlib/realpath.c 1.9.8.1 + src/sys/conf/newvers.sh 1.44.2.20.2.28 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.42 + src/lib/libc/stdlib/realpath.c 1.9.10.1 + src/sys/conf/newvers.sh 1.44.2.23.2.31 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.14 + src/lib/libc/stdlib/realpath.c 1.9.12.1 + src/sys/conf/newvers.sh 1.44.2.26.2.13 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.3 + src/lib/libc/stdlib/realpath.c 1.9.14.1 + src/sys/conf/newvers.sh 1.44.2.29.2.2 +RELENG_5_0 + src/UPDATING 1.229.2.14 + src/lib/libc/stdlib/realpath.c 1.11.2.1 + src/sys/conf/newvers.sh 1.48.2.9 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.2 (FreeBSD) + +iD8DBQE/L/fQFdaIBMps37IRAkxPAJ9QDmqcmkxrlYaOw7prB/Qwlu5w7QCfVQiV +VpAcmS4V3Y0oE0WC92bBw+k= +=gDXa +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:09.signal.asc b/share/security/advisories/FreeBSD-SA-03:09.signal.asc new file mode 100644 index 0000000000..efe733fa28 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:09.signal.asc @@ -0,0 +1,197 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:09.signal Security Advisory + The FreeBSD Project + +Topic: Insufficient range checking of signal numbers + +Category: core +Module: sys +Announced: 2003-08-10 +Affects: All releases of FreeBSD up to and including 4.8-RELEASE-p1, + 5.1-RELEASE (but see `Impact' below) + FreeBSD 4-STABLE prior to the correction date +Corrected: 2003-08-10 23:09:28 UTC (RELENG_4) + 2003-08-10 23:14:08 UTC (RELENG_5_1) + 2003-08-10 23:17:48 UTC (RELENG_5_0) + 2003-08-10 23:19:35 UTC (RELENG_4_8) + 2003-08-11 10:14:38 UTC (RELENG_4_7) + 2003-08-11 10:16:35 UTC (RELENG_4_6) + 2003-08-12 20:23:24 UTC (RELENG_4_5) + 2003-08-12 20:23:51 UTC (RELENG_4_4) + 2003-08-12 20:24:13 UTC (RELENG_4_3) +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2003-08-10 Initial release +v1.1 2003-08-11 Updated correction details for RELENG_4_7, + RELENG_4_6, RELENG_4_5, RELENG_4_4, RELENG_4_3 + branches. Corrected an internal section reference. + Corrected a source file path name. + +I. Background + +Signals are a UNIX mechanism for handling asynchronous events such as +pressing the terminal interrupt key (e.g. Ctrl-C), job control, memory +access violations, I/O completion, and many others. Each signal is +assigned a positive number. There are a number of mechanisms by which +a process may cause a signal to be sent, including using the kill(2) +system call or registering with certain device drivers. + +II. Problem Description + +Some mechanisms for causing a signal to be sent did not properly +validate the signal number, in some cases allowing the kernel to +attempt to deliver a negative or out-of-range signal number. Such +errors were present in the ptrace(2) system call and the `spigot' +video capture device driver. + +The error in ptrace(2) was introduced in FreeBSD version 4.2-RELEASE +(4-STABLE dated Oct 26 04:34:41 2000 UTC). + +The `spigot' device driver (including the error) was introduced in +FreeBSD 2.0.5. It has never been included in the kernel installed by +default, nor in the GENERIC kernel configuration. Only systems with +`device spigot' added to the kernel configuration are affected by this +instance of the error. + +III. Impact + +In most cases, attempted delivery of a negative or out-of-range signal +number will trigger an assertion failure and panic, thereby crashing +the system. A malicious local user could use this vulnerability +as a local denial-of-service attack. + +However, in FreeBSD 5.x, the assertion code is not present if the +`INVARIANTS' kernel option is not used. In FreeBSD 5.0-RELEASE and +5.1-RELEASE, `INVARIANTS' is not enabled by default. In this +configuration, a malicious local user could use this vulnerability +to modify kernel memory, potentially leading to complete system +compromise. (FreeBSD 4.x is not vulnerable in this way.) + +IV. Workaround + +There is no workaround for the local denial-of-service attack. + +The more severe impact, present only in FreeBSD 5.x systems, can be +avoided by uncommenting or adding the `INVARIANTS' line to your kernel +configuration: + + options INVARIANTS #Enable calls of extra sanity checking + +Recompile your kernel as described in + +and reboot the system. + +NOTE WELL: This workaround is only for FreeBSD 5.x systems. This +workaround does not eliminate the possibility of a local +denial-of-service attack. + +V. Solution + +1) Upgrade your vulnerable system to 4.8-STABLE, or to any of the +RELENG_4_8 (4.8-RELEASE-p2), RELENG_4_7 (4.7-RELEASE-p12), or +RELENG_5_1 (5.1-RELEASE-p1) security branches dated after the +respective correction dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.1-RELEASE] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal51.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal51.patch.asc + +[FreeBSD 5.0-RELEASE] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal50.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal50.patch.asc + +[FreeBSD 4.8-RELEASE, 4.8-STABLE, 4.7-STABLE dated Jan 2 20:39:13 2003 UTC + or later] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal4s.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal4s.patch.asc + +[FreeBSD 4.3-RELEASE through 4.7-RELEASE, 4.7-STABLE dated before + Jan 2 20:39:13 2003 UTC] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal47.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal47.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + +and reboot the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +src/sys/UPDATING + RELENG_5_1 1.251.2.2 + RELENG_5_0 1.229.2.15 + RELENG_4_8 1.73.2.80.2.4 + RELENG_4_7 1.73.2.74.2.15 + RELENG_4_6 1.73.2.68.2.43 + RELENG_4_5 1.73.2.50.2.45 + RELENG_4_4 1.73.2.43.2.46 + RELENG_4_3 1.73.2.28.2.33 +src/sys/conf/newvers.sh + RELENG_5_1 1.50.2.3 + RELENG_5_0 1.48.2.10 + RELENG_4_8 1.44.2.29.2.3 + RELENG_4_7 1.44.2.26.2.14 + RELENG_4_6 1.44.2.23.2.32 + RELENG_4_5 1.44.2.20.2.29 + RELENG_4_4 1.44.2.17.2.37 + RELENG_4_3 1.44.2.14.2.23 +src/sys/i386/isa/spigot.c + RELENG_4 1.44.2.1 + RELENG_5_1 1.58.2.1 + RELENG_5_0 1.55.2.1 + RELENG_4_8 1.44.14.1 + RELENG_4_7 1.44.12.1 + RELENG_4_6 1.44.10.1 + RELENG_4_5 1.44.8.1 + RELENG_4_4 1.44.6.1 + RELENG_4_3 1.44.4.1 +src/sys/kern/sys_process.c + RELENG_4 1.51.2.7 + RELENG_5_1 1.108.2.1 + RELENG_5_0 1.104.2.1 + RELENG_4_8 1.51.2.6.2.1 + RELENG_4_7 1.51.2.4.2.2 + RELENG_4_6 1.51.2.3.4.2 + RELENG_4_5 1.51.2.3.2.2 + RELENG_4_4 1.51.2.1.4.3 + RELENG_4_3 1.51.2.1.2.3 +src/sys/kern/kern_sig.c + RELENG_5_1 1.239.2.1 + RELENG_5_0 1.197.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.2 (FreeBSD) + +iD8DBQE/OVDMFdaIBMps37IRAsaBAJ4zAzw4sDcu2oc/M7iiXfLQzg8WogCeNqeF +Di+jeJfFrpGAh+/JxUAW/60= +=qXMR +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:10.ibcs2.asc b/share/security/advisories/FreeBSD-SA-03:10.ibcs2.asc new file mode 100644 index 0000000000..580ebbbe34 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:10.ibcs2.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:10.ibcs2 Security Advisory + The FreeBSD Project + +Topic: Kernel memory disclosure via ibcs2 + +Category: core +Module: sys +Announced: 2003-08-10 +Credits: David Rhodus +Affects: All FreeBSD releases up to and including 4.8-RELEASE-p2, + 5.1-RELEASE-p1 +Corrected: 2003-08-10 23:30:18 UTC (RELENG_4) + 2003-08-10 23:28:16 UTC (RELENG_5_1) + 2003-08-10 23:29:10 UTC (RELENG_5_0) + 2003-08-10 23:31:11 UTC (RELENG_4_8) + 2003-08-10 23:31:51 UTC (RELENG_4_7) + 2003-08-10 23:32:22 UTC (RELENG_4_6) + 2003-08-10 23:32:44 UTC (RELENG_4_5) + 2003-08-10 23:33:18 UTC (RELENG_4_4) + 2003-08-10 23:33:50 UTC (RELENG_4_3) + 2003-08-10 23:35:21 UTC (RELENG_3) +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +FreeBSD contains a kernel option (IBCS2) and kernel loadable module +(ibcs2.ko) that provide system call translation for running Intel +Binary Compatibility Specification 2 (iBCS2) compliant programs. +It is not enabled in FreeBSD by default. + +II. Problem Description + +The iBCS2 system call translator for statfs(2) erroneously used the +user-supplied length parameter when copying a kernel data structure +into userland. If the length parameter were larger than required, +then instead of copying only the statfs-related data structure, +additional kernel memory would also be made available to the user. + +III. Impact + +If iBCS2 support were enabled, a malicious user could call the iBCS2 +version of statfs(2) with an arbitrarily large length parameter, +causing the kernel to return a large portion of kernel memory. Such +memory might contain sensitive information, such as portions of the +file cache or terminal buffers. This information might be directly +useful, or it might be leveraged to obtain elevated privileges in some +way. For example, a terminal buffer might include a user-entered +password. + +iBCS2 support is only present if the system administrator has enabled +it by including `option IBCS2' in the kernel configuration file, or +loaded it dynamically using kldload(8) or by setting `ibcs2_enable' in +rc.conf(5). + +IV. Workaround + +Disable iBCS2 support if it is enabled. + +V. Solution + +1) Upgrade your vulnerable system to 4.8-STABLE, or to any of the +RELENG_4_8 (4.8-RELEASE-p3), RELENG_4_7 (4.7-RELEASE-p13), or +RELENG_5_1 (5.1-RELEASE-p2) security branches dated after the +respective correction dates. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. The following patch +has been tested to apply to all FreeBSD 3.x, 4.x, and 5.x releases. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:10/ibcs2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:10/ibcs2.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + +and reboot the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/UPDATING + RELENG_5_1 1.251.2.3 + RELENG_5_0 1.229.2.16 + RELENG_4_8 1.73.2.80.2.5 + RELENG_4_7 1.73.2.74.2.16 + RELENG_4_6 1.73.2.68.2.44 + RELENG_4_5 1.73.2.50.2.46 + RELENG_4_4 1.73.2.43.2.47 + RELENG_4_3 1.73.2.28.2.34 +src/sys/conf/newvers.sh + RELENG_5_1 1.50.2.4 + RELENG_5_0 1.48.2.11 + RELENG_4_8 1.44.2.29.2.4 + RELENG_4_7 1.44.2.26.2.15 + RELENG_4_6 1.44.2.23.2.33 + RELENG_4_5 1.44.2.20.2.30 + RELENG_4_4 1.44.2.17.2.38 + RELENG_4_3 1.44.2.14.2.24 +src/sys/i386/ibcs2/ibcs2_stat.c + RELENG_4 1.10.2.1 + RELENG_5_1 1.21.2.1 + RELENG_5_0 1.16.2.2 + RELENG_4_8 1.10.14.1 + RELENG_4_7 1.10.12.1 + RELENG_4_6 1.10.10.1 + RELENG_4_5 1.10.8.1 + RELENG_4_4 1.10.6.1 + RELENG_4_3 1.10.4.1 + RELENG_3 1.8.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.2 (FreeBSD) + +iD8DBQE/Nt6YFdaIBMps37IRAtuMAJ4r2aUyHWiYDuUvrVyRlh0n7mF6FQCgmDiw +GOMr9asJmVzpRozE11KvtaE= +=cLnc +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:11.sendmail.asc b/share/security/advisories/FreeBSD-SA-03:11.sendmail.asc new file mode 100644 index 0000000000..0eacb78f4a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:11.sendmail.asc @@ -0,0 +1,126 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:11.sendmail Security Advisory + The FreeBSD Project + +Topic: sendmail DNS map problem + +Category: contrib +Module: contrib_sendmail +Announced: 2003-08-26 +Credits: Oleg Bulyzhin +Affects: 4.6-RELEASE (up to -p16), 4.7-RELEASE (up to -p13), + 4.8-RELEASE (up to -p3), 5.0-RELEASE (up to -p11) + 4-STABLE prior to Mar 29 19:33:18 2003 UTC +Corrected: 2003-08-25 22:33:14 UTC (RELENG_5_0) + 2003-08-25 22:35:23 UTC (RELENG_4_8) + 2003-08-25 22:36:10 UTC (RELENG_4_7) + 2003-08-25 22:38:53 UTC (RELENG_4_6) +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +FreeBSD includes sendmail(8), a general purpose internetwork mail +routing facility, as the default Mail Transfer Agent (MTA). + +II. Problem Description + +Some versions of sendmail (8.12.0 through 8.12.8) contain a +programming error in the code that implements DNS maps. A malformed +DNS reply packet may cause sendmail to call `free()' on an +uninitialized pointer. + +NOTE: The default sendmail configuration in FreeBSD does not utilize +DNS maps. + +III. Impact + +Calling `free()' on an uninitialized pointer may result in a sendmail +child process crashing. It may also be possible for an attacker to +somehow influence the value of the `uninitialized pointer' and cause +an arbitrary memory chunk to be freed. This could further lead to +some other exploitable vulnerability, although no such cases are known +at this time. + +IV. Workaround + +Do not use DNS maps. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5.1-RELEASE, or to the +RELENG_5_1, RELENG_4_8, or RELENG_4_7 security branch dated after the +correction date (5.1-RELEASE-p2, 4.8-RELEASE-p4, or 4.7-RELEASE-p14, +respectively). + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 5.0, 4.8, +4.7, and 4.6 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libsm +# make obj && make depend && make +# cd /usr/src/lib/libsmutil +# make obj && make depend && make +# cd /usr/src/usr.sbin/sendmail +# make obj && make depend && make && make install + +c) Restart sendmail. Execute the following command as root. + +# /bin/sh /etc/rc.sendmail restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +src/UPDATING + RELENG_5_0 1.229.2.17 + RELENG_4_8 1.73.2.80.2.6 + RELENG_4_7 1.73.2.74.2.17 + RELENG_4_6 1.73.2.68.2.45 +src/sys/conf/newvers.sh + RELENG_5_0 1.48.2.12 + RELENG_4_8 1.44.2.29.2.5 + RELENG_4_7 1.44.2.26.2.16 + RELENG_4_6 1.44.2.23.2.34 +src/contrib/sendmail/src/sm_resolve.c + RELENG_5_0 1.1.1.4.2.1 + RELENG_4_8 1.1.1.1.2.2.4.1 + RELENG_4_7 1.1.1.1.2.2.2.1 + RELENG_4_6 1.1.1.1.2.1.2.2 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.2 (FreeBSD) + +iD8DBQE/S5yPFdaIBMps37IRAlrjAJwPNdxh0GeZQUVk7WYHHefQ6qAnGgCfRi9B +7p9xVP++yIsd0W4UXnKde2k= +=aFZp +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:12.openssh.asc b/share/security/advisories/FreeBSD-SA-03:12.openssh.asc new file mode 100644 index 0000000000..17f85ddd30 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:12.openssh.asc @@ -0,0 +1,323 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:12 Security Advisory + FreeBSD, Inc. + +Topic: OpenSSH buffer management error + +Category: core, ports +Module: openssh, ports_openssh, openssh-portable +Announced: 2003-09-16 +Credits: The OpenSSH Project +Affects: All FreeBSD releases after 4.0-RELEASE + FreeBSD 4-STABLE prior to the correction date + openssh port prior to openssh-3.6.1_3 + openssh-portable port prior to openssh-portable-3.6.1p2_3 +Corrected: 2003-09-17 16:24:02 UTC (RELENG_4, 4.9-PRERELEASE) + 2003-09-17 14:46:58 UTC (RELENG_5_1, 5.1-RELEASE-p4) + 2003-09-17 14:50:14 UTC (RELENG_5_0, 5.0-RELEASE-p13) + 2003-09-17 14:51:09 UTC (RELENG_4_8, 4.8-RELEASE-p6) + 2003-09-17 14:51:37 UTC (RELENG_4_7, 4.7-RELEASE-p16) + 2003-09-17 14:52:08 UTC (RELENG_4_6, 4.6-RELEASE-p19) + 2003-09-17 14:52:42 UTC (RELENG_4_5, 4.5-RELEASE-p31) + 2003-09-17 14:57:32 UTC (RELENG_4_4, 4.4-RELEASE-p41) + 2003-09-17 14:58:56 UTC (RELENG_4_3, 4.3-RELEASE-p37) + 2003-09-17 16:07:48 UTC (ports/security/openssh) + 2003-09-17 16:07:48 UTC (ports/security/openssh-portable) +CVE: CAN-2003-0693, CAN-2003-0695, CAN-2003-0682 +FreeBSD only: NO + +0. Revision History + +v1.0 2003-09-16 Initial release +v1.1 2003-09-17 Typo in instructions for restarting sshd + Additional buffer management errors corrected + +I. Background + +OpenSSH is a free version of the SSH protocol suite of network +connectivity tools. OpenSSH encrypts all traffic (including +passwords) to effectively eliminate eavesdropping, connection +hijacking, and other network-level attacks. Additionally, OpenSSH +provides a myriad of secure tunneling capabilities, as well as a +variety of authentication methods. `ssh' is the client application, +while `sshd' is the server. + +II. Problem Description + +Several operations within OpenSSH require dynamic memory allocation +or reallocation. Examples are: the receipt of a packet larger +than available space in a currently allocated buffer; creation of +additional channels beyond the currently allocated maximum; and +allocation of new sockets beyond the currently allocated maximum. +Many of these operations can fail either due to `out of memory' or +due to explicit checks for ridiculously sized requests. However, the +failure occurs after the allocation size has already been updated, so +that the bookkeeping data structures are in an inconsistent state (the +recorded size is larger than the actual allocation). Furthermore, +the detection of these failures causes OpenSSH to invoke several +`fatal_cleanup' handlers, some of which may then attempt to use these +inconsistent data structures. For example, a handler may zero and +free a buffer in this state, and as a result memory outside of the +allocated area will be overwritten with NUL bytes. + +III. Impact + +A remote attacker can cause OpenSSH to crash. The bug is not believed +to be exploitable for code execution on FreeBSD. + +IV. Workaround + +Do one of the following: + +1) Disable the base system sshd by executing the following command as + root: + + # kill `cat /var/run/sshd.pid` + + Be sure that sshd is not restarted when the system is restarted + by adding the following line to the end of /etc/rc.conf: + + sshd_enable="NO" + + AND + + Deinstall the openssh or openssh-portable ports if you have one of + them installed. + +V. Solution + +Do one of the following: + +[For OpenSSH included in the base system] + +1) Upgrade your vulnerable system to 4-STABLE or to the RELENG_5_1, + RELENG_4_8, or RELENG_4_7 security branch dated after + the correction date (5.1-RELEASE-p3, 4.8-RELEASE-p5, or + 4.7-RELEASE-p15, respectively). + +2) FreeBSD systems prior to the correction date: + +The following patches have been verified to apply to FreeBSD 4.x and +FreeBSD 5.x systems prior to the correction date. + +Download the appropriate patch and detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +[FreeBSD 4.3 and 4.4] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch.asc + +[FreeBSD 4.5] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch.asc + +[FreeBSD 4.6 and later, FreeBSD 5.0 and later] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/sshd.patch +# cd /usr/src/secure/lib/libssh +# make depend && make all install +# cd /usr/src/secure/usr.sbin/sshd +# make depend && make all install +# cd /usr/src/secure/usr.bin/ssh +# make depend && make all install + +Be sure to restart `sshd' after updating. + +# kill `cat /var/run/sshd.pid` +# /usr/sbin/sshd + +[For the OpenSSH ports] + +One of the following: + +1) Upgrade your entire ports collection and rebuild the OpenSSH port. + +2) Deinstall the old package and install a new package obtained from +the following directory: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ + +[other platforms] +Packages are not automatically generated for other platforms at this +time due to lack of build resources. + +3) Download a new port skeleton for the openssh or openssh-portable +port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz + +Be sure to restart `sshd' after updating. + +# kill `cat /var/run/sshd.pid` +# test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in the FreeBSD base system and ports collection. + +Branch Revision + Path +- ------------------------------------------------------------------------- +[Base system] +RELENG_4 + src/crypto/openssh/buffer.c 1.1.1.1.2.7 + src/crypto/openssh/channels.c 1.1.1.1.2.10 + src/crypto/openssh/deattack.c 1.1.1.1.2.5 + src/crypto/openssh/misc.c 1.1.1.1.2.3 + src/crypto/openssh/session.c 1.4.2.18 + src/crypto/openssh/ssh-agent.c 1.2.2.11 + src/crypto/openssh/version.h 1.1.1.1.2.12 +RELENG_5_1 + src/UPDATING 1.251.2.5 + src/crypto/openssh/buffer.c 1.1.1.6.4.2 + src/crypto/openssh/channels.c 1.15.2.1 + src/crypto/openssh/deattack.c 1.1.1.5.4.1 + src/crypto/openssh/misc.c 1.1.1.4.2.1 + src/crypto/openssh/session.c 1.40.2.1 + src/crypto/openssh/ssh-agent.c 1.18.2.1 + src/crypto/openssh/version.h 1.20.2.2 + src/sys/conf/newvers.sh 1.50.2.6 +RELENG_5_0 + src/UPDATING 1.229.2.19 + src/crypto/openssh/buffer.c 1.1.1.6.2.2 + src/crypto/openssh/channels.c 1.13.2.1 + src/crypto/openssh/deattack.c 1.1.1.5.2.1 + src/crypto/openssh/misc.c 1.1.1.3.2.1 + src/crypto/openssh/session.c 1.38.2.1 + src/crypto/openssh/ssh-agent.c 1.16.2.1 + src/crypto/openssh/version.h 1.18.2.2 + src/sys/conf/newvers.sh 1.48.2.14 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.8 + src/crypto/openssh/buffer.c 1.1.1.1.2.4.4.2 + src/crypto/openssh/channels.c 1.1.1.1.2.8.2.1 + src/crypto/openssh/deattack.c 1.1.1.1.2.4.4.1 + src/crypto/openssh/misc.c 1.1.1.1.2.2.4.1 + src/crypto/openssh/session.c 1.4.2.17.2.1 + src/crypto/openssh/ssh-agent.c 1.2.2.10.2.1 + src/crypto/openssh/version.h 1.1.1.1.2.10.2.2 + src/sys/conf/newvers.sh 1.44.2.29.2.7 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.19 + src/crypto/openssh/buffer.c 1.1.1.1.2.4.2.2 + src/crypto/openssh/channels.c 1.1.1.1.2.7.2.1 + src/crypto/openssh/deattack.c 1.1.1.1.2.4.2.1 + src/crypto/openssh/misc.c 1.1.1.1.2.2.2.1 + src/crypto/openssh/session.c 1.4.2.16.2.1 + src/crypto/openssh/ssh-agent.c 1.2.2.8.2.1 + src/crypto/openssh/version.h 1.1.1.1.2.9.2.2 + src/sys/conf/newvers.sh 1.44.2.26.2.18 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.47 + src/crypto/openssh/buffer.c 1.1.1.1.2.3.4.3 + src/crypto/openssh/channels.c 1.1.1.1.2.6.2.2 + src/crypto/openssh/deattack.c 1.1.1.1.2.3.4.2 + src/crypto/openssh/misc.c 1.1.1.1.2.1.4.2 + src/crypto/openssh/session.c 1.4.2.12.2.2 + src/crypto/openssh/ssh-agent.c 1.2.2.7.4.2 + src/crypto/openssh/version.h 1.1.1.1.2.8.2.3 + src/sys/conf/newvers.sh 1.44.2.23.2.36 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.48 + src/crypto/openssh/buffer.c 1.1.1.1.2.3.2.2 + src/crypto/openssh/channels.c 1.1.1.1.2.5.2.2 + src/crypto/openssh/deattack.c 1.1.1.1.2.3.2.1 + src/crypto/openssh/scp.c 1.1.1.1.2.4.2.1 + src/crypto/openssh/session.c 1.4.2.11.2.1 + src/crypto/openssh/ssh-agent.c 1.2.2.7.2.1 + src/crypto/openssh/version.h 1.1.1.1.2.7.2.3 + src/sys/conf/newvers.sh 1.44.2.20.2.32 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.49 + src/crypto/openssh/buffer.c 1.1.1.1.2.2.4.2 + src/crypto/openssh/channels.c 1.1.1.1.2.4.4.2 + src/crypto/openssh/deattack.c 1.1.1.1.2.2.4.1 + src/crypto/openssh/scp.c 1.1.1.1.2.3.4.1 + src/crypto/openssh/session.c 1.4.2.8.4.2 + src/crypto/openssh/ssh-agent.c 1.2.2.6.4.1 + src/crypto/openssh/version.h 1.1.1.1.2.5.2.4 + src/sys/conf/newvers.sh 1.44.2.17.2.40 +RELENG_4_3 + src/UPDATING 1.73.2.28.2.36 + src/crypto/openssh/buffer.c 1.1.1.1.2.2.2.2 + src/crypto/openssh/channels.c 1.1.1.1.2.4.2.2 + src/crypto/openssh/deattack.c 1.1.1.1.2.2.2.1 + src/crypto/openssh/scp.c 1.1.1.1.2.3.2.1 + src/crypto/openssh/session.c 1.4.2.8.2.2 + src/crypto/openssh/ssh-agent.c 1.2.2.6.2.1 + src/crypto/openssh/version.h 1.1.1.1.2.4.2.4 + src/sys/conf/newvers.sh 1.44.2.14.2.26 +[Ports] + ports/security/openssh-portable/Makefile 1.75 + ports/security/openssh-portable/files/patch-buffer.c 1.2 + ports/security/openssh-portable/files/patch-deattack.c 1.1 + ports/security/openssh-portable/files/patch-misc.c 1.3 + ports/security/openssh-portable/files/patch-session.c 1.16 + ports/security/openssh-portable/files/patch-ssh-agent.c 1.1 + ports/security/openssh/Makefile 1.122 + ports/security/openssh/files/patch-buffer.c 1.2 + ports/security/openssh/files/patch-deattack.c 1.1 + ports/security/openssh/files/patch-misc.c 1.3 + ports/security/openssh/files/patch-session.c 1.15 + ports/security/openssh/files/patch-ssh-agent.c 1.1 +- ------------------------------------------------------------------------- + +Branch Version string +- ------------------------------------------------------------------------- +HEAD OpenSSH_3.6.1p1 FreeBSD-20030917 +RELENG_4 OpenSSH_3.5p1 FreeBSD-20030917 +RELENG_5_1 OpenSSH_3.6.1p1 FreeBSD-20030917 +RELENG_4_8 OpenSSH_3.5p1 FreeBSD-20030917 +RELENG_4_7 OpenSSH_3.4p1 FreeBSD-20030917 +RELENG_4_6 OpenSSH_3.4p1 FreeBSD-20030917 +RELENG_4_5 OpenSSH_2.9 FreeBSD localisations 20030917 +RELENG_4_4 OpenSSH_2.3.0 FreeBSD localisations 20030917 +RELENG_4_3 OpenSSH_2.3.0 green@FreeBSD.org 20030917 +- ------------------------------------------------------------------------- + +To view the version string of the OpenSSH server, execute the +following command: + + % /usr/sbin/sshd -\? + +The version string is also displayed when a client connects to the +server. + +To view the version string of the OpenSSH client, execute the +following command: + + % /usr/bin/ssh -V + +VII. References + + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.3 (FreeBSD) + +iD8DBQE/aKuVFdaIBMps37IRAj/nAJ9x7UQj1Mp0vTAZBHnjGsp/9LQLlQCfVybJ +AVHLwTVUmQXV9S2naBBX14I= +=JhlR +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:13.sendmail.asc b/share/security/advisories/FreeBSD-SA-03:13.sendmail.asc new file mode 100644 index 0000000000..447ed89770 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:13.sendmail.asc @@ -0,0 +1,163 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:13.sendmail Security Advisory + The FreeBSD Project + +Topic: a third sendmail header parsing buffer overflow + +Category: contrib +Module: contrib_sendmail +Announced: 2003-09-17 +Credits: Michal Zalewski + Todd C. Miller +Affects: All releases of FreeBSD + FreeBSD 4-STABLE prior to the correction date +Corrected: 2003-09-17 15:18:20 UTC (RELENG_4, 4.9-PRERELEASE) + 2003-09-17 20:19:00 UTC (RELENG_5_1, 5.1-RELEASE-p5) + 2003-09-17 20:19:22 UTC (RELENG_5_0, 5.0-RELEASE-p14) + 2003-09-17 20:19:52 UTC (RELENG_4_8, 4.8-RELEASE-p7) + 2003-09-17 20:20:08 UTC (RELENG_4_7, 4.7-RELEASE-p17) + 2003-09-17 20:20:31 UTC (RELENG_4_6, 4.6-RELEASE-p20) + 2003-09-17 20:20:54 UTC (RELENG_4_5, 4.5-RELEASE-p32) + 2003-09-17 20:21:15 UTC (RELENG_4_4, 4.4-RELEASE-p42) + 2003-09-17 20:21:40 UTC (RELENG_4_3, 4.3-RELEASE-p38) + 2003-09-17 20:22:03 UTC (RELENG_3) +FreeBSD only: NO + +I. Background + +FreeBSD includes sendmail(8), a general purpose internetwork mail +routing facility, as the default Mail Transfer Agent (MTA). + +II. Problem Description + +A buffer overflow that may occur during header parsing was identified. + +NOTE WELL: This issue is distinct from the issue described in +`FreeBSD-SA-03:04.sendmail' and `FreeBSD-SA-03:07.sendmail', although +the impact is very similar. + +III. Impact + +An attacker could create a specially crafted message that may cause +sendmail to execute arbitrary code with the privileges of the user +running sendmail, typically root. The malicious message might be +handled (and the vulnerability triggered) by the initial sendmail MTA, +by any relaying sendmail MTA, or by the delivering sendmail process. + +IV. Workaround + +Disable sendmail by executing the following commands as root: + + # sh /etc/rc.sendmail stop + # chmod 0 /usr/libexec/sendmail/sendmail + +Be sure that sendmail is not restarted when the system is restarted +by adding the following line to the end of /etc/rc.conf: + + sendmail_enable="NO" + sendmail_submit_enable="NO" + sendmail_outbound_enable="NO" + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_1, +RELENG_4_8, or RELENG_4_7 security branch dated after the correction +date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 5.1, 4.8, +and 4.7 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libsm +# make obj && make depend && make +# cd /usr/src/lib/libsmutil +# make obj && make depend && make +# cd /usr/src/usr.sbin/sendmail +# make obj && make depend && make && make install + +c) Restart sendmail. Execute the following command as root. + +# /bin/sh /etc/rc.sendmail restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.14 +RELENG_5_1 + src/UPDATING 1.251.2.6 + src/contrib/sendmail/src/parseaddr.c 1.1.1.17.2.1 + src/contrib/sendmail/src/version.c 1.1.1.19.2.1 + src/sys/conf/newvers.sh 1.50.2.7 +RELENG_5_0 + src/UPDATING 1.229.2.20 + src/contrib/sendmail/src/parseaddr.c 1.1.1.14.2.3 + src/contrib/sendmail/src/version.c 1.1.1.16.2.2 + src/sys/conf/newvers.sh 1.48.2.15 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.9 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.12.2.2 + src/contrib/sendmail/src/version.c 1.1.1.3.2.14.2.2 + src/sys/conf/newvers.sh 1.44.2.29.2.8 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.20 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.10.2.3 + src/contrib/sendmail/src/version.c 1.1.1.3.2.12.2.2 + src/sys/conf/newvers.sh 1.44.2.26.2.19 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.48 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.8.2.3 + src/contrib/sendmail/src/version.c 1.1.1.3.2.9.2.2 + src/sys/conf/newvers.sh 1.44.2.23.2.37 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.49 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.6.4.3 + src/contrib/sendmail/src/version.c 1.1.1.3.2.7.4.2 + src/sys/conf/newvers.sh 1.44.2.20.2.33 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.50 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.6.2.3 + src/contrib/sendmail/src/version.c 1.1.1.3.2.7.2.2 + src/sys/conf/newvers.sh 1.44.2.17.2.41 +RELENG_4_3 + src/UPDATING 1.73.2.28.2.37 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.4.2.3 + src/contrib/sendmail/src/version.c 1.1.1.3.2.4.2.2 + src/sys/conf/newvers.sh 1.44.2.14.2.27 +RELENG_3 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.2.3 + src/contrib/sendmail/src/version.c 1.1.1.2.2.3 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.3 (FreeBSD) + +iD8DBQE/aOHgFdaIBMps37IRAl09AKCVMKQCzC62EF7vZFnsZVoaGWpIMACfVGq0 +0df1GogdqBVYUXzNBdHrwYA= +=4xqj +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:14.arp.asc b/share/security/advisories/FreeBSD-SA-03:14.arp.asc new file mode 100644 index 0000000000..401b07d05f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:14.arp.asc @@ -0,0 +1,172 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:14.arp Security Advisory + The FreeBSD Project + +Topic: denial of service due to ARP resource starvation + +Category: core +Module: sys +Announced: 2003-09-25 +Credits: Apple Product Security +Affects: All releases of FreeBSD + FreeBSD 4-STABLE prior to the correction date +Corrected: 2003-09-24 21:48:00 UTC (RELENG_4, 4.9-PRERELEASE) + 2003-09-25 13:33:01 UTC (RELENG_5_1, 5.1-RELEASE-p8) + 2003-09-25 13:33:29 UTC (RELENG_5_0, 5.0-RELEASE-p16) + 2003-09-25 13:34:14 UTC (RELENG_4_8, 4.8-RELEASE-p10) + 2003-09-25 13:34:31 UTC (RELENG_4_7, 4.7-RELEASE-p20) + 2003-09-25 13:34:52 UTC (RELENG_4_6, 4.6-RELEASE-p23) + 2003-09-25 13:35:18 UTC (RELENG_4_5, 4.5-RELEASE-p34) + 2003-09-25 13:35:33 UTC (RELENG_4_4, 4.4-RELEASE-p44) + 2003-09-25 13:35:48 UTC (RELENG_4_3, 4.3-RELEASE-p40) +CVE Name: CAN-2003-0804 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2003-09-23 Initial release. +v1.1 2003-09-25 Initial patch was incorrect. + +I. Background + +The Address Resolution Protocol (ARP) is fundamental to the operation +of IP with a variety of network technologies, such as Ethernet and +WLAN. It is used to map IP addresses to MAC addresses, which enables +hosts on a local network segment to communicate with each other +directly. These mappings are stored in the system's ARP cache. + +FreeBSD's ARP cache is implemented within the kernel routing table as +a set of routes for the address family in use that have the LLINFO +flag set. This is most commonly often AF_INET (for IPv4). Normally, +when a FreeBSD system receives an ARP request for a network address +configured on one of its interfaces from a system on a local network, +it adds a reciprocal ARP entry to the cache for the system from where +the request originated. Expiry timers are used to purge unused +entries from the ARP cache. A reference count is maintained for each +ARP entry. If the reciprocal ARP entry is not in use by an upper +layer protocol, the reference count will be zero. + +II. Problem Description + +Under certain circumstances, it is possible for an attacker to flood a +FreeBSD system with spoofed ARP requests, causing resource starvation +which eventually results in a system panic. (The critical condition +is that a route exists for the apparent source of the ARP request. +This is always the case if the system has a default route configured +for that protocol family.) + +If a large number of ARP requests with different network protocol +addresses are sent in a small space of time, resource starvation can +result, as the arplookup() function does not delete unnecessary ARP +entries cached as the result of responding to an ARP request. + +NOTE WELL: Other BSD-derived systems may also be affected, as the +affected code dates well back to the CSRG branches. + +III. Impact + +An attacker on the local network may be able to cause the system to +hang or crash. The attacker must have physical access to the shared +network medium. In the case of a wireless network obtaining this +access may be trivial. Networks where proxy ARP is used to direct +traffic between LANs may be particularly vulnerable to the attack, +as the spoofed ARP requests could be bounced through to the target +via routers implementing proxy ARP. + +Because the attack operates at Layer 2, the use of strong encryption +technologies such as IPsec cannot protect a system against the attack. + +IV. Workaround + +There is no known workaround at this time. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_1, +RELENG_5_0, RELENG_4_8, or RELENG_4_7 security branch dated after the +correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 5-CURRENT, +4.9-PRERELEASE, and 4.8 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:14/arp.patch +ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:14/arp.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Rebuild your kernel as described in + +and reboot the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/netinet/if_ether.c 1.64.2.26 +RELENG_5_1 + src/UPDATING 1.251.2.10 + src/sys/conf/newvers.sh 1.50.2.10 + src/sys/netinet/if_ether.c 1.104.2.2 +RELENG_5_0 + src/UPDATING 1.229.2.22 + src/sys/conf/newvers.sh 1.48.2.17 + src/sys/netinet/if_ether.c 1.96.2.2 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.12 + src/sys/conf/newvers.sh 1.44.2.29.2.11 + src/sys/netinet/if_ether.c 1.64.2.22.2.2 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.23 + src/sys/conf/newvers.sh 1.44.2.26.2.22 + src/sys/netinet/if_ether.c 1.64.2.19.2.2 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.52 + src/sys/conf/newvers.sh 1.44.2.23.2.40 + src/sys/netinet/if_ether.c 1.64.2.18.2.2 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.51 + src/sys/conf/newvers.sh 1.44.2.20.2.35 + src/sys/netinet/if_ether.c 1.64.2.15.2.2 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.52 + src/sys/conf/newvers.sh 1.44.2.17.2.43 + src/sys/netinet/if_ether.c 1.64.2.11.2.2 +RELENG_4_3 + src/UPDATING 1.73.2.28.2.39 + src/sys/conf/newvers.sh 1.44.2.14.2.29 + src/sys/netinet/if_ether.c 1.64.2.10.2.2 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFASR8CFdaIBMps37IRAtGVAJ48U580/BpCE2RQ+Ukc//rTiKmdvgCfY0xa +DUu77Exj44DsCAJJSPfSHag= +=nR5L +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:15.openssh.asc b/share/security/advisories/FreeBSD-SA-03:15.openssh.asc new file mode 100644 index 0000000000..c7d96082b2 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:15.openssh.asc @@ -0,0 +1,335 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:15.openssh Security Advisory + The FreeBSD Project + +Topic: OpenSSH PAM challenge/authentication error + +Category: core +Module: openssh +Announced: 2003-10-05 +Credits: The OpenSSH Project +Affects: FreeBSD releases 4.6.2-RELEASE and later + FreeBSD 4-STABLE prior to the correction date + openssh port prior to openssh-3.6.1_4 + openssh-portable port prior to openssh-portable-3.6.1p2_5 +Corrected: 2003-09-24 21:06:28 UTC (RELENG_5_1, 5.1-RELEASE-p7) + 2003-09-24 18:25:31 UTC (RELENG_4, 4.9-PRERELEASE) + 2003-09-24 21:06:22 UTC (RELENG_4_8, 4.8-RELEASE-p9) + 2003-09-24 21:06:15 UTC (RELENG_4_7, 4.7-RELEASE-p19) + 2003-09-24 21:05:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p22) + 2003-10-03 20:55:14 UTC (openssh-3.6.1_5) + 2003-09-26 02:42:39 UTC (openssh-portable-3.6.1p2_5) +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +OpenSSH is a free version of the SSH protocol suite of network +connectivity tools. OpenSSH encrypts all traffic (including +passwords) to effectively eliminate eavesdropping, connection +hijacking, and other network-level attacks. Additionally, OpenSSH +provides a myriad of secure tunneling capabilities, as well as a +variety of authentication methods. + +The SSH protocol exists in two versions, hereafter named simply `ssh1' +and `ssh2'. The ssh1 protocol is a legacy protocol for which there +exists no formal specification, while the ssh2 protocol is the product +of the IETF SECSH working group and is defined by a series of IETF +draft standards. + +The ssh2 protocol supports a wide range of authentication +mechanisms, including a generic challenge / response mechanism, called +`keyboard-interactive' or `kbdint', which can be adapted to serve any +authentication scheme in which the server and client exchange a +arbitrarily long series of challenges and responses. In particular, +this mechanism is used in OpenSSH to support PAM authentication. + +The ssh1 protocol, on the other hand, supports a much narrower range +of authentication mechanisms. Its challenge / response mechanisms, +called `TIS', allows for only one challenge from the server and one +response from the client. OpenSSH contains interface code which +allows kbdint authentication back-ends to be used for ssh1 TIS +authentication, provided they only emit one challenge and expect only +one response. + +Finally, recent versions of OpenSSH implement a mechanism called +`privilege separation' in which the task of communicating with the +client is delegated to an unprivileged child process, while the +privileged parent process performs the actual authentication and +double-checks every important decision taken by its unprivileged +child. + +II. Problem Description + +1) Insufficient checking in the ssh1 challenge / response interface + code, combined with a peculiarity of the PAM kbdint back-end, + causes OpenSSH to ignore a negative result from PAM (but not from + any other kbdint back-end). + +2) A variable used by the PAM conversation function to store + challenges and the associated client responses is incorrectly + interpreted as an array of pointers to structures instead of a + pointer to an array of structures. + +3) When challenge / response authentication is used with protocol + version 1, and a legitimate user interrupts challenge / response + authentication but successfully authenticates through some other + mechanism (such as password authentication), the server fails to + reclaim resources allocated by the challenge / response mechanism, + including the child process used for PAM authentication. When a + certain number of leaked processes is reached, the master server + process will refuse subsequent client connections. + +III. Impact + +1) If privilege separation is disabled, no additional checks are + performed and an ssh1 client will be successfully authenticated + even if its response to PAM's challenge is patently wrong. On the + other hand, if privilege separation is enabled (which it is by + default), the monitor process will notice the discrepancy, refuse + to proceed, and kill the faulty child process. + +2) If more than one challenge is issued in a single call to the PAM + conversation function, stack corruption will result. The most + likely outcome will be a segmentation fault leading to termination + of the process, but there is a possibility that an attacker may + succeed in executing arbitrary code in a privileged process. + + Note that none of the PAM modules provided in the FreeBSD base + system ever issue more than one challenge in a single call to the + conversation function; nor, to our knowledge, do any third-party + modules provided in the FreeBSD ports collection. + +3) Legitimate users may cause a denial-of-service condition in which + the SSH server refuses client connections until it is restarted. + Note that this vulnerability is not exploitable by attackers who do + not have a valid account on the target system. + +IV. Workaround + +Do both of the following: + +1) Make sure that privilege separation is enabled. This is the + default; look for `UsePrivilegeSeparation' in /etc/ssh/sshd_config + or /usr/local/etc/ssh/sshd_config as appropriate and make sure that + any occurrence of that keyword is commented out and/or followed by + the keyword `yes'. The stock version of this file is safe to use. + +2) Make sure that the PAM configuration for OpenSSH does not reference + any modules which pass more than one challenge in a single call to + the conversation function. In FreeBSD 4.x, the PAM configuration + for OpenSSH consists of the lines in /etc/pam.conf which begin with + `sshd'; in FreeBSD 5.x, it is located in /etc/pam.d/sshd. The + stock versions of these files are safe to use. + + The following PAM modules from the FreeBSD ports collection are + known to be safe with regard to problem 2) above: + + - pam_mysql.so (security/pam-mysql) + - pam_pgsql.so (security/pam-pgsql) + - pam_alreadyloggedin.so (security/pam_alreadyloggedin) + - pam_ldap.so (security/pam_ldap) + - pam_pop3.so (security/pam_pop3) + - pam_pwdfile.so (security/pam_pwdfile) + - pam_smb.so (security/pam_smb) + + pam_krb5.so from ports (security/pam_krb5) is known to use multiple + prompts with the conversation function if the user's password is + expired in order to change the user password. + +3) Disable challenge / response authentication, or disable protocol + version 1. + + To disable challenge / response authentication, add the line: + ChallengeResponseAuthentication no + to sshd_config(5) and restart sshd. + + To disable protocol version 1, add the line + Protocol 2 + to sshd_config(5) and restart sshd. + +V. Solution + +Do one of the following: + +[For OpenSSH included in the base system] + +The following patches have been verified to apply to FreeBSD 4.6, 4.7, +4.8, and 5.1 systems prior to the correction date. + +Download the appropriate patch and detached PGP signature from the following +locations, and verify the signature using your PGP utility. + +[FreeBSD 4.6] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch.asc + +[FreeBSD 4.7] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch.asc + +[FreeBSD 4.8] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc + +[FreeBSD 5.1] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc + +[FreeBSD 4.8-STABLE / 4.9-PRERELEASE / 4.9-RC] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch.asc + +Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/sshd.patch +# cd /usr/src/secure/usr.sbin/sshd +# make obj && make depend && make all install + +Be sure to restart `sshd' after updating. + +# kill `cat /var/run/sshd.pid` +# /usr/sbin/sshd + +or, in FreeBSD 5.x: + +# /etc/rc.d/sshd restart + +[For the OpenSSH ports] + +Do one of the following: + +1) Upgrade your entire ports collection and rebuild the OpenSSH port. + +2) Deinstall the old package and install a new package obtained from +the following directory: + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ + +[other platforms] +Packages are not automatically generated for other platforms at this +time due to lack of build resources. + +3) Download a new port skeleton for the openssh or openssh-portable +port from: + +http://www.freebsd.org/ports/ + +and use it to rebuild the port. + +4) Use the portcheckout utility to automate option (3) above. The +portcheckout port is available in /usr/ports/devel/portcheckout or the +package can be obtained from: + +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz + +Be sure to restart `sshd' after updating. + +# kill `cat /var/run/sshd.pid` +# test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Path Revision + Branch +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssh/auth-chall.c 1.2.2.6 + src/crypto/openssh/auth.h 1.1.1.1.2.7 + src/crypto/openssh/auth1.c 1.3.2.10 + src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.8 + src/crypto/openssh/ssh_config 1.2.2.9 + src/crypto/openssh/ssh_config.5 1.4.2.5 + src/crypto/openssh/sshd_config 1.4.2.13 + src/crypto/openssh/sshd_config.5 1.5.2.6 + src/crypto/openssh/version.h 1.1.1.1.2.13 +RELENG_5_1 + src/crypto/openssh/auth-chall.c 1.6.2.1 + src/crypto/openssh/auth2-pam-freebsd.c 1.11.2.1 + src/crypto/openssh/ssh_config 1.21.2.1 + src/crypto/openssh/ssh_config.5 1.9.2.1 + src/crypto/openssh/sshd_config 1.32.2.1 + src/crypto/openssh/sshd_config.5 1.11.2.1 + src/crypto/openssh/version.h 1.20.2.3 +RELENG_4_8 + src/crypto/openssh/auth-chall.c 1.2.2.4.2.2 + src/crypto/openssh/auth.h 1.1.1.1.2.6.2.1 + src/crypto/openssh/auth1.c 1.3.2.9.2.1 + src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.5.2.2 + src/crypto/openssh/ssh_config 1.2.2.8.2.1 + src/crypto/openssh/ssh_config.5 1.4.2.4.2.1 + src/crypto/openssh/sshd_config 1.4.2.12.2.1 + src/crypto/openssh/version.h 1.1.1.1.2.10.2.3 +RELENG_4_7 + src/crypto/openssh/auth-chall.c 1.2.2.3.2.1 + src/crypto/openssh/auth.h 1.1.1.1.2.5.2.1 + src/crypto/openssh/auth1.c 1.3.2.8.2.1 + src/crypto/openssh/auth2-pam-freebsd.c 1.1.2.2.2.2 + src/crypto/openssh/ssh_config 1.2.2.6.2.1 + src/crypto/openssh/sshd_config 1.4.2.10.2.1 + src/crypto/openssh/version.h 1.1.1.1.2.9.2.3 +RELENG_4_6 + src/crypto/openssh/auth-chall.c 1.2.2.2.2.2 + src/crypto/openssh/auth.h 1.1.1.1.2.4.4.2 + src/crypto/openssh/auth1.c 1.3.2.7.4.2 + src/crypto/openssh/auth2-pam-freebsd.c 1.2.2.4 + src/crypto/openssh/ssh_config 1.2.2.4.4.2 + src/crypto/openssh/sshd_config 1.4.2.8.2.2 + src/crypto/openssh/version.h 1.1.1.1.2.8.2.4 +[Ports] + ports/security/openssh/Makefile 1.125 + ports/security/openssh/auth-pam.c 1.2 + ports/security/openssh/auth-pam.h 1.2 + ports/security/openssh/auth2-pam.c 1.2 + ports/security/openssh/patch-auth-chall.c 1.1 + ports/security/openssh-portable/Makefile 1.78 + ports/security/openssh-portable/auth2-pam-freebsd.c 1.5 + ports/security/openssh-portable/patch-auth-chall.c 1.1 + ports/security/openssh-portable/patch-auth-pam.c 1.1 + ports/security/openssh-portable/patch-auth-pam.h 1.1 +- ------------------------------------------------------------------------- + +Branch Version string +- ------------------------------------------------------------------------- +RELENG_4 OpenSSH_3.5p1 FreeBSD-20030924 +RELENG_5_1 OpenSSH_3.6.1p1 FreeBSD-20030924 +RELENG_4_8 OpenSSH_3.5p1 FreeBSD-20030924 +RELENG_4_7 OpenSSH_3.4p1 FreeBSD-20030924 +RELENG_4_6 OpenSSH_3.4p1 FreeBSD-20030924 +- ------------------------------------------------------------------------- + +To view the version string of the OpenSSH server, execute the +following command: + + % /usr/sbin/sshd -\? + +or for OpenSSH from the ports collection: + + % /usr/local/sbin/sshd -\? + +The version string is also displayed when a client connects to the +server. + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.3 (FreeBSD) + +iD8DBQE/gFCoFdaIBMps37IRApUWAJ9BZoW/uBY1Q0Phr3iQGBq8/I14dgCaAzvc +7gHHrB5lxeBXWIB37CXpM5s= +=DC+H +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:16.filedesc.asc b/share/security/advisories/FreeBSD-SA-03:16.filedesc.asc new file mode 100644 index 0000000000..215c741975 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:16.filedesc.asc @@ -0,0 +1,122 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:16.filedesc Security Advisory + The FreeBSD Project + +Topic: file descriptor leak in readv + +Category: core +Module: kernel +Announced: 2003-10-02 +Credits: Joost Pol +Affects: FreeBSD 4.3-RELEASE through 4.8-RELEASE + 4-STABLE prior to the correction date +Corrected: 2003-10-02 15:08:01 UTC (RELENG_4, 4.9-RC) + 2003-10-02 15:54:48 UTC (RELENG_4_8, 4.8-RELEASE-p11) + 2003-10-02 15:55:54 UTC (RELENG_4_7, 4.7-RELEASE-p21) + 2003-10-02 15:56:56 UTC (RELENG_4_6, 4.6-RELEASE-p24) + 2003-10-02 15:57:48 UTC (RELENG_4_5, 4.5-RELEASE-p35) + 2003-10-02 15:58:53 UTC (RELENG_4_4, 4.4-RELEASE-p45) + 2003-10-02 16:05:44 UTC (RELENG_4_3, 4.3-RELEASE-p41) +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The readv(2) system call performs a scatter read: it reads from the +input file descriptor and stores the data into multiple buffers as +instructed by the caller. + +II. Problem Description + +A programming error in the readv system call can result in the given +file descriptor's reference count being erroneously incremented. + +III. Impact + +A local attacker may cause the operating system to crash by repeatedly +calling readv on a file descriptor until the reference count wraps to +a negative value, and then calling close on that file descriptor. + +Similarly, it may be possible to cause a file descriptor to reference +unallocated kernel memory, but remain valid. If a new file is later +opened and the kernel allocates the new file structure at the same +memory location, then an attacker may be able to gain read or write +access to that file. This may in turn lead to privilege escalation. + +IV. Workaround + +There is no workaround. + +V. Solution + +The following patch has been verified to apply to FreeBSD 4.3, 4.4, +4.5, 4.6, 4.7, and 4.8 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:16/filedesc.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:16/filedesc.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/kern/sys_generic.c 1.55.2.11 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.13 + src/sys/conf/newvers.sh 1.44.2.29.2.12 + src/sys/kern/sys_generic.c 1.55.2.10.12.1 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.24 + src/sys/conf/newvers.sh 1.44.2.26.2.23 + src/sys/kern/sys_generic.c 1.55.2.10.10.1 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.53 + src/sys/conf/newvers.sh 1.44.2.23.2.41 + src/sys/kern/sys_generic.c 1.55.2.10.8.1 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.52 + src/sys/conf/newvers.sh 1.44.2.20.2.36 + src/sys/kern/sys_generic.c 1.55.2.10.6.1 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.53 + src/sys/conf/newvers.sh 1.44.2.17.2.44 + src/sys/kern/sys_generic.c 1.55.2.10.4.1 +RELENG_4_3 + src/UPDATING 1.73.2.28.2.40 + src/sys/conf/newvers.sh 1.44.2.14.2.30 + src/sys/kern/sys_generic.c 1.55.2.10.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.3 (FreeBSD) + +iD8DBQE/fGDRFdaIBMps37IRAnkpAKCFM8MrujjJN1tc4lZwii573usNvgCfdBeP +APcFpW5FsH+sLkWczgjj6eE= +=6zO7 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:17.procfs.asc b/share/security/advisories/FreeBSD-SA-03:17.procfs.asc new file mode 100644 index 0000000000..11d749c57d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:17.procfs.asc @@ -0,0 +1,221 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:17.procfs Security Advisory + The FreeBSD Project + +Topic: kernel memory disclosure via procfs + +Category: core +Module: sys +Announced: 2003-10-03 +Credits: Joost Pol +Affects: All FreeBSD releases +Corrected: 2003-10-03 12:03:50 UTC (RELENG_4, 4.9-RC) + 2003-10-03 13:02:17 UTC (RELENG_5_1, 5.1-RELEASE-p9) + 2003-10-03 16:57:38 UTC (RELENG_5_0, 5.0-RELEASE-p17) + 2003-10-03 13:03:44 UTC (RELENG_4_8, 4.8-RELEASE-p12) + 2003-10-03 13:04:19 UTC (RELENG_4_7, 4.7-RELEASE-p22) + 2003-10-03 13:05:05 UTC (RELENG_4_6, 4.6-RELEASE-p25) + 2003-10-03 13:05:44 UTC (RELENG_4_5, 4.5-RELEASE-p36) + 2003-10-03 13:06:32 UTC (RELENG_4_4, 4.4-RELEASE-p46) + 2003-10-03 13:07:37 UTC (RELENG_4_3, 4.3-RELEASE-p42) +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The process file system, procfs(5), implements a view of the system +process table inside the file system. It is normally mounted on +/proc, and is required for the complete operation of programs such as +ps(1) and w(1). + +The Linux process file system, linprocfs(5), emulates a subset of +Linux's process file system and is required for the complete operation +of some Linux binaries. + +II. Problem Description + +The procfs and linprocfs implementations use uiomove(9) and the +related `struct uio' in order to fulfill read and write requests. +Several cases were identified where members of `struct uio' were not +properly validated before being used. In particular, the `uio_offset' +member may be negative or extremely large, and was used to compute the +region of kernel memory to be returned to the user. + +III. Impact + +A malicious local user could arrange to use a negative or extremely +large offset when reading from a procfs ``file'', causing a system +crash, or causing the kernel to return a large portion of kernel +memory. Such memory might contain sensitive information, such as +portions of the file cache or terminal buffers. This information +might be directly useful, or it might be leveraged to obtain elevated +privileges in some way. For example, a terminal buffer might include +a user-entered password. + +IV. Workaround + +Unmount the procfs and linprocfs filesystems if they are mounted. +Execute the following command as root: + + umount -a -t procfs,linprocfs + +Also, remove or comment out any lines in fstab(5) that reference +`procfs' or `linprocfs', so that they will not be re-mounted at next +reboot. + +V. Solution + +1) Upgrade your vulnerable system to 4-STABLE, or to the +RELENG_5_1, RELENG_4_8, or RELENG_4_7 security branch dated +after the correction date. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.3] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch.asc + +[FreeBSD 4.4 and later 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch.asc + +[FreeBSD 5.0] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch.asc + +[FreeBSD 5.1] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + +and reboot the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.9 + src/sys/kern/kern_subr.c 1.31.2.3 + src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.4 + src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.4 + src/sys/miscfs/procfs/procfs_regs.c 1.10.2.4 + src/sys/miscfs/procfs/procfs_rlimit.c 1.5.2.1 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.5 + src/sys/sys/uio.h 1.11.2.2 +RELENG_5_1 + src/UPDATING 1.251.2.11 + src/sys/conf/newvers.sh 1.50.2.11 + src/sys/fs/procfs/procfs_dbregs.c 1.22.2.1 + src/sys/fs/procfs/procfs_fpregs.c 1.28.2.1 + src/sys/fs/procfs/procfs_regs.c 1.27.2.1 + src/sys/fs/pseudofs/pseudofs_vnops.c 1.35.2.1 + src/sys/kern/kern_subr.c 1.74.2.1 + src/sys/sys/uio.h 1.27.2.1 +RELENG_5_0 + src/UPDATING 1.229.2.23 + src/sys/conf/newvers.sh 1.48.2.18 + src/sys/fs/procfs/procfs_dbregs.c 1.21.2.1 + src/sys/fs/procfs/procfs_fpregs.c 1.27.2.1 + src/sys/fs/procfs/procfs_regs.c 1.26.2.1 + src/sys/fs/pseudofs/pseudofs_vnops.c 1.32.2.1 + src/sys/kern/kern_subr.c 1.63.2.2 + src/sys/sys/uio.h 1.23.2.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.14 + src/sys/conf/newvers.sh 1.44.2.29.2.13 + src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.10.1 + src/sys/kern/kern_subr.c 1.31.2.2.6.1 + src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.8.1 + src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.8.1 + src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.8.1 + src/sys/miscfs/procfs/procfs_rlimit.c 1.5.14.1 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.8.1 + src/sys/sys/uio.h 1.11.2.1.8.1 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.25 + src/sys/conf/newvers.sh 1.44.2.26.2.24 + src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.8.1 + src/sys/kern/kern_subr.c 1.31.2.2.4.1 + src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.6.1 + src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.6.1 + src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.6.1 + src/sys/miscfs/procfs/procfs_rlimit.c 1.5.12.1 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.6.1 + src/sys/sys/uio.h 1.11.2.1.6.1 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.54 + src/sys/conf/newvers.sh 1.44.2.23.2.42 + src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.6.1 + src/sys/kern/kern_subr.c 1.31.2.2.2.1 + src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.4.1 + src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.4.1 + src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.4.1 + src/sys/miscfs/procfs/procfs_rlimit.c 1.5.10.1 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.4.1 + src/sys/sys/uio.h 1.11.2.1.4.1 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.53 + src/sys/conf/newvers.sh 1.44.2.20.2.37 + src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.4.1 + src/sys/kern/kern_subr.c 1.31.2.1.2.1 + src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.3.2.1 + src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.3.2.1 + src/sys/miscfs/procfs/procfs_regs.c 1.10.2.3.2.1 + src/sys/miscfs/procfs/procfs_rlimit.c 1.5.8.1 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.2.1 + src/sys/sys/uio.h 1.11.2.1.2.1 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.54 + src/sys/conf/newvers.sh 1.44.2.17.2.45 + src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.8.2.1 + src/sys/kern/kern_subr.c 1.31.6.1 + src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.2.2.2 + src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.2.2.2 + src/sys/miscfs/procfs/procfs_regs.c 1.10.2.2.2.2 + src/sys/miscfs/procfs/procfs_rlimit.c 1.5.6.1 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.3.4.2 + src/sys/sys/uio.h 1.11.6.1 +RELENG_4_3 + src/UPDATING 1.73.2.28.2.41 + src/sys/conf/newvers.sh 1.44.2.14.2.31 + src/sys/i386/linux/linprocfs/linprocfs_misc.c 1.3.2.5.2.1 + src/sys/kern/kern_subr.c 1.31.4.1 + src/sys/miscfs/procfs/procfs_dbregs.c 1.4.2.1.2.2 + src/sys/miscfs/procfs/procfs_fpregs.c 1.11.2.1.2.2 + src/sys/miscfs/procfs/procfs_regs.c 1.10.2.1.2.2 + src/sys/miscfs/procfs/procfs_rlimit.c 1.5.4.1 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.3.2.2 + src/sys/sys/uio.h 1.11.4.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.3 (FreeBSD) + +iD8DBQE/fa1iFdaIBMps37IRAphTAJ9TRQEq6siz4yCRJhASpXds5tA9DwCfYUmi +n+9SLOWPfqDZuOxwO+WwsxI= +=AyWS +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:18.openssl.asc b/share/security/advisories/FreeBSD-SA-03:18.openssl.asc new file mode 100644 index 0000000000..be4693f51c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:18.openssl.asc @@ -0,0 +1,178 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:18.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL vulnerabilities in ASN.1 parsing + +Category: crypto +Module: openssl +Announced: 2003-10-03 +Credits: NISCC + Dr. Stephen Henson +Affects: FreeBSD versions 4.0-RELEASE through 4.8-RELEASE, + 5.0-RELEASE, and 5.1-RELEASE + 4-STABLE prior to the correction date +Corrected: 2003-10-03 01:32:13 UTC (RELENG_4, 4.9-RC) + 2003-10-03 18:13:19 UTC (RELENG_5_1, 5.1-RELEASE-p10) + 2003-10-03 20:22:27 UTC (RELENG_5_0, 5.0-RELEASE-p18) + 2003-10-03 18:14:26 UTC (RELENG_4_8, 4.8-RELEASE-p13) + 2003-10-03 20:24:31 UTC (RELENG_4_7, 4.7-RELEASE-p23) + 2003-10-03 20:24:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p26) +FreeBSD only: NO + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL +Project is a collaborative effort to develop a robust, commercial- +grade, full-featured, and Open Source toolkit implementing the Secure +Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) +protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +This advisory addresses four separate flaws recently fixed in OpenSSL. +The flaws are described in the following excerpt from the OpenSSL.org +advisory (see references): + + 1. Certain ASN.1 encodings that are rejected as invalid by the + parser can trigger a bug in the deallocation of the corresponding + data structure, corrupting the stack. This can be used as a denial + of service attack. It is currently unknown whether this can be + exploited to run malicious code. This issue does not affect OpenSSL + 0.9.6. + + 2. Unusual ASN.1 tag values can cause an out of bounds read + under certain circumstances, resulting in a denial of service + vulnerability. + + 3. A malformed public key in a certificate will crash the verify + code if it is set to ignore public key decoding errors. Public + key decode errors are not normally ignored, except for + debugging purposes, so this is unlikely to affect production + code. Exploitation of an affected application would result in a + denial of service vulnerability. + + 4. Due to an error in the SSL/TLS protocol handling, a server + will parse a client certificate when one is not specifically + requested. This by itself is not strictly speaking a vulnerability + but it does mean that *all* SSL/TLS servers that use OpenSSL can be + attacked using vulnerabilities 1, 2 and 3 even if they don't enable + client authentication. + +III. Impact + +A remote attacker may create a malicious ASN.1 encoded message that +will cause an OpenSSL-using application to crash, or even perhaps +execute arbitrary code with the privileges of the application. + +Only applications that use OpenSSL's ASN.1 or X.509 handling code +are affected. Applications that use other portions of OpenSSL +are unaffected (e.g. Apache+mod_ssl is affected, while OpenSSH is +unaffected). + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_1, +RELENG_4_8, or RELENG_4_7 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.6, 4.7, +4.8, 5.0, and 5.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.6, 4.7, 5.0 -- be sure you have previously applied the + patches for advisories FreeBSD-SA-03:02 and FreeBSD-SA-03:06 before + applying this patch.] + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl96.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl96.patch.asc + +[FreeBSD 4.8, 5.1] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl97.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl97.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of the +base system (i.e. from the Ports Collection or other 3rd-party sources) +must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5_1 + src/UPDATING 1.251.2.12 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.8.2.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.4.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.5.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.11.2.1 + src/sys/conf/newvers.sh 1.50.2.12 +RELENG_5_0 + src/UPDATING 1.229.2.24 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.7.2.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.4.2.2 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.9.2.3 + src/sys/conf/newvers.sh 1.48.2.19 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.15 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.7.2.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.1.2.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.4.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.7.2.1 + src/sys/conf/newvers.sh 1.44.2.29.2.14 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.26 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.6.2.1 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.3.2.2 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.5.2.3 + src/sys/conf/newvers.sh 1.44.2.26.2.25 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.55 + src/crypto/openssl/crypto/asn1/asn1_lib.c 1.1.1.1.2.3.6.4 + src/crypto/openssl/crypto/x509/x509_vfy.c 1.1.1.1.2.2.8.3 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.3.6.4 + src/sys/conf/newvers.sh 1.44.2.23.2.43 +- ------------------------------------------------------------------------- + +VII. References + + + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.3 (FreeBSD) + +iD4DBQE/fe+bFdaIBMps37IRAmp8AKCDqpNf+MCJ6K1eFyWPul/cnjSzTgCY8hd6 +IIOxA/5Hl4quuh64va5/5A== +=1DI+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-03:19.bind.asc b/share/security/advisories/FreeBSD-SA-03:19.bind.asc new file mode 100644 index 0000000000..a224aa1183 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-03:19.bind.asc @@ -0,0 +1,176 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-03:19.bind Security Advisory + The FreeBSD Project + +Topic: bind8 negative cache poison attack + +Category: contrib +Module: contrib_bind +Announced: 2003-11-28 +Credits: Internet Software Consortium +Affects: FreeBSD versions through 4.9-RELEASE and 5.1-RELEASE + 4-STABLE prior to the correction date +Corrected: 2003-11-28 22:13:47 UTC (RELENG_4, 4.9-STABLE) + 2003-11-27 00:54:53 UTC (RELENG_5_1, 5.1-RELEASE-p11) + 2003-11-27 16:54:01 UTC (RELENG_5_0, 5.0-RELEASE-p19) + 2003-11-27 00:56:06 UTC (RELENG_4_9, 4.9-RELEASE-p1) + 2003-11-27 16:34:22 UTC (RELENG_4_8, 4.8-RELEASE-p14) + 2003-11-27 16:35:06 UTC (RELENG_4_7, 4.7-RELEASE-p24) + 2003-11-27 16:37:00 UTC (RELENG_4_6, 4.6.2-RELEASE-p27) + 2003-11-27 16:38:36 UTC (RELENG_4_5, 4.5-RELEASE-p37) + 2003-11-27 16:40:03 UTC (RELENG_4_4, 4.4-RELEASE-p47) +CVE Name: CAN-2003-0914 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +BIND 8 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is the Internet domain name server. + +II. Problem Description + +A programming error in BIND 8 named can result in a DNS message being +incorrectly cached as a negative response. + +III. Impact + +An attacker may arrange for malicious DNS messages to be delivered +to a target name server, and cause that name server to cache a +negative response for some target domain name. The name server would +thereafter respond negatively to legitimate queries for that domain +name, resulting in a denial-of-service for applications that require +DNS. Almost all Internet applications require DNS, such as the Web, +email, and chat networks. + +IV. Workaround + +No workaround is known. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.9-STABLE; or to the RELENG_5_1, +RELENG_4_9, RELENG_4_8, or RELENG_4_7 security branch dated after the +correction date. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.9 and -STABLE systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch.asc + +[FreeBSD 4.8 and 5.1 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch.asc + +[FreeBSD 4.4, 4.5, 4.6, 4.7, and 5.0 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libbind +# make obj && make depend && make +# cd /usr/src/lib/libisc +# make obj && make depend && make +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install +# cd /usr/src/libexec/named-xfer +# make obj && make depend && make && make install + +After upgrading or patching your system, you must restart named. +Execute the following command as root: + +# ndc restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/bind/CHANGES 1.1.1.7.2.11 + src/contrib/bind/README 1.1.1.7.2.9 + src/contrib/bind/Version 1.1.1.3.2.10 + src/contrib/bind/bin/named-xfer/named-xfer.c 1.3.2.8 + src/contrib/bind/bin/named/Makefile 1.3.2.6 + src/contrib/bind/bin/named/ns_init.c 1.1.1.2.2.6 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.11 + src/contrib/bind/bin/nslookup/commands.l 1.4.2.5 + src/contrib/bind/bin/nslookup/debug.c 1.3.2.6 + src/contrib/bind/bin/nslookup/getinfo.c 1.3.2.9 + src/contrib/bind/bin/nslookup/main.c 1.3.2.7 + src/contrib/bind/doc/man/dig.1 1.3.2.4 + src/contrib/bind/doc/man/host.1 1.3.2.5 + src/contrib/bind/doc/man/nslookup.8 1.2.2.5 + src/contrib/bind/port/freebsd/include/port_after.h 1.6.2.9 + src/contrib/bind/port/freebsd/include/port_before.h 1.1.1.2.2.6 +RELENG_5_1 + src/UPDATING 1.251.2.13 + src/sys/conf/newvers.sh 1.50.2.13 + src/contrib/bind/Version 1.1.1.11.2.1 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.11.2.1 +RELENG_5_0 + src/UPDATING 1.229.2.25 + src/sys/conf/newvers.sh 1.48.2.20 + src/contrib/bind/Version 1.1.1.10.2.1 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.10.2.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.2 + src/sys/conf/newvers.sh 1.44.2.32.2.2 + src/contrib/bind/Version 1.1.1.3.2.9.2.1 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.10.2.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.16 + src/sys/conf/newvers.sh 1.44.2.29.2.15 + src/contrib/bind/Version 1.1.1.3.2.8.2.1 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.9.2.1 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.27 + src/sys/conf/newvers.sh 1.44.2.26.2.26 + src/contrib/bind/Version 1.1.1.3.2.7.2.1 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.7.2.2 +RELENG_4_6 + src/UPDATING 1.73.2.68.2.56 + src/sys/conf/newvers.sh 1.44.2.23.2.44 + src/contrib/bind/Version 1.1.1.3.2.6.2.2 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.6.2.3 +RELENG_4_5 + src/UPDATING 1.73.2.50.2.54 + src/sys/conf/newvers.sh 1.44.2.20.2.38 + src/contrib/bind/Version 1.1.1.3.2.4.4.2 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.4.4.3 +RELENG_4_4 + src/UPDATING 1.73.2.43.2.55 + src/sys/conf/newvers.sh 1.44.2.17.2.46 + src/contrib/bind/Version 1.1.1.3.2.4.2.2 + src/contrib/bind/bin/named/ns_resp.c 1.1.1.2.2.4.2.3 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.3 (FreeBSD) + +iD8DBQE/x8/PFdaIBMps37IRAsl8AJ9zgqn4QmO08d9zj9de8/uGKIQBNgCfeHKC +tM9nSOzoCrM+O+TpNn6ewt4= +=PJi2 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc b/share/security/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc new file mode 100644 index 0000000000..a7777500cb --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc @@ -0,0 +1,135 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:01.mksnap_ffs Security Advisory + The FreeBSD Project + +Topic: mksnap_ffs clears file system options + +Category: core +Module: mksnap_ffs +Announced: 2004-01-30 +Credits: Kimura Fuyuki + Wiktor Niesiobedzki +Affects: FreeBSD 5.1-RELEASE + FreeBSD 5.2-RELEASE +Corrected: 2004-01-27 19:33:16 UTC (RELENG_5_1, 5.1-RELEASE-p12) + 2004-01-29 22:54:31 UTC (RELENG_5_2, 5.2-RELEASE-p1) +CVE Name: CAN-2004-0099 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +Mounted filesystems can have a variety of flags set on them. Some +flags affect performance and reliability, while others enable or +disable particular security-related features such as the ability to +execute a binary stored on the filesystem or the use of access control +lists to complement normal Unix file permissions. + +The mksnap_ffs(8) command creates a `snapshot' of a filesystem. A +`snapshot' is a static representation of the state of the filesystem +at a particular point in time. Snapshots have a variety of uses, +but their primary purpose is to make it possible to run fsck(8) and +dump(8) on live filesystems. + +II. Problem Description + +The kernel interface for creating a snapshot of a filesystem is the +same as that for changing the flags on that filesystem. Due to an +oversight, the mksnap_ffs(8) command called that interface with only +the snapshot flag set, causing all other flags to be reset to the +default value. + +III. Impact + +A regularly scheduled backup of a live filesystem, or any other +process that uses the mksnap_ffs(8) command (for instance, to provide +a rough undelete functionality on a file server), will clear any flags +in effect on the filesystem being snapshot. Possible consequences +depend on local usage, but can include disabling extended access +control lists or enabling the use of setuid executables stored on an +untrusted filesystem. + +The mksnap_ffs(8) command is normally only available to the superuser +and members of the `operator' group. There is therefore no risk +of a user gaining elevated privileges directly through use of the +mksnap_ffs(8) command unless it has been intentionally made available +to unprivileged users. + +IV. Workaround + +Do not use the mksnap_ffs(8) command, nor the -L option of the dump(8) +command. + +It is recommended that you delete the mksnap_ffs(8) command from your +system to prevent accidental use: + +# rm /sbin/mksnap_ffs + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to the RELENG_5_1 or RELENG_5_2 +security branch dated after the correction date. + +NOTE WELL: Due to release engineering in progress at the time of this + writing, the RELENG_5_2 security branch (5.2-RELEASE-p1) + also includes numerous other critical bug fixes, most of + which are not security related. Please read src/UPDATING + for details on these changes. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.1 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_1.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_1.patch.asc + +[FreeBSD 5.2 systems] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_2.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/sbin/mksnap_ffs +# make obj && make depend && make && make install + +You are strongly encouraged to verify that all your filesystems have +the correct flags set. The mount(8) command can list currently mounted +filesystems and flags. Run the following command as root: + +# mount + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5_1 + src/sbin/mksnap_ffs/mksnap_ffs.c 1.2.2.1 + src/sys/conf/newvers.sh 1.50.2.14 +RELENG_5_2 + src/sbin/mksnap_ffs/mksnap_ffs.c 1.5.2.1 + src/sys/conf/newvers.sh 1.56.2.3 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAGn6pFdaIBMps37IRApSKAJ9XfweoblldFos1o7QlaDRVVIdFCACePueA +1jXllY/GB8cAeEQ8oaYYPTU= +=6qi5 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:02.shmat.asc b/share/security/advisories/FreeBSD-SA-04:02.shmat.asc new file mode 100644 index 0000000000..c05a75d9f3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:02.shmat.asc @@ -0,0 +1,166 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:02.shmat Security Advisory + The FreeBSD Project + +Topic: shmat reference counting bug + +Category: core +Module: kernel +Announced: 2004-02-05 +Credits: Joost Pol +Affects: All FreeBSD releases +Corrected: 2004-02-04 18:00:40 UTC (RELENG_4) + 2004-02-04 18:00:47 UTC (RELENG_5_2, 5.2-RELEASE-p2) + 2004-02-04 18:00:55 UTC (RELENG_5_1, 5.1-RELEASE-p14) + 2004-02-04 18:01:03 UTC (RELENG_5_0, 5.0-RELEASE-p20) + 2004-02-04 18:01:10 UTC (RELENG_4_9, 4.9-RELEASE-p2) + 2004-02-04 18:01:18 UTC (RELENG_4_8, 4.8-RELEASE-p15) + 2004-02-04 18:01:25 UTC (RELENG_4_7, 4.7-RELEASE-p25) +CVE Name: CAN-2004-0114 +FreeBSD only: NO + +I. Background + +The System V Shared Memory interface provides primitives for sharing +memory segments between separate processes. FreeBSD supports this +interface when the kernel is built with SYSVSHM option, or the sysvshm +module is loaded. By default, the FreeBSD kernel is built with the +SYSVSHM option. + +The shmat(2) system call, which is part of the System V Shared Memory +interface, is used to attach a shared memory segment to the calling +process's address space. + +II. Problem Description + +A programming error in the shmat(2) system call can result in a shared +memory segment's reference count being erroneously incremented. + +III. Impact + +It may be possible to cause a shared memory segment to reference +unallocated kernel memory, but remain valid. This could allow a local +attacker to gain read or write access to a portion of kernel memory, +resulting in sensitive information disclosure, bypass of access +control mechanisms, or privilege escalation. + +IV. Workaround + +NOTE: These workarounds could cause applications that use shared +memory, such as the X Window System, to exhibit erratic behavior or to +fail completely. + +Do one of the following: + +1) Disable the System V Shared Memory interface entirely by following +these steps: + + - Remove or comment out any lines mentioning `SYSVSHM' from your + kernel configuration file, and recompile your kernel as described + in . + + - Remove or comment out any lines mentioning `sysvshm' from + /boot/loader.conf and /etc/rc.conf. + + - On FreeBSD 5.x systems only , System V Shared Memory support may + be provided as a kld(4). To be absolutely safe, remove any files + named `sysvshm.ko' in /modules, /boot, and any subdirectories. + + - Finally, reboot your system. + +OR + +2) Configure the System V Shared Memory parameters so that no new +shared memory segments may be created, terminate all processes using +shared memory, and delete all existing shared memory segments. Run +the following commands as root: + + # sysctl -w kern.ipc.shmmax=0 + # echo 'kern.ipc.shmmax=0' >> /etc/sysctl.conf + # ipcs | awk '/^m/ { print $2 }' | xargs -n 1 ipcrm -m + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2, +RELENG_5_1, RELENG_4_9, or RELENG_4_8 security branch dated after the +correction date. + +NOTE WELL: Due to release engineering in progress at the time of this + writing, the RELENG_5_2 security branch (5.2-RELEASE-p2) + also includes numerous other critical bug fixes, most of + which are not security related. Please read src/UPDATING + for details on these changes. + +OR + +2) Patch your present system: + +The following patch has been verified to apply to FreeBSD 4.x and 5.x +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:02/shmat.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:02/shmat.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/kern/sysv_shm.c 1.45.2.8 +RELENG_5_2 + src/UPDATING 1.282.2.5 + src/sys/conf/newvers.sh 1.56.2.5 + src/sys/kern/sysv_shm.c 1.89.2.1 +RELENG_5_1 + src/UPDATING 1.251.2.15 + src/sys/conf/newvers.sh 1.50.2.15 + src/sys/kern/sysv_shm.c 1.83.2.1 +RELENG_5_0 + src/UPDATING 1.229.2.26 + src/sys/conf/newvers.sh 1.48.2.21 + src/sys/kern/sysv_shm.c 1.74.2.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.3 + src/sys/conf/newvers.sh 1.44.2.32.2.3 + src/sys/kern/sysv_shm.c 1.45.2.6.4.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.18 + src/sys/conf/newvers.sh 1.44.2.29.2.16 + src/sys/kern/sysv_shm.c 1.45.2.6.2.1 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.29 + src/sys/conf/newvers.sh 1.44.2.26.2.27 + src/sys/kern/sysv_shm.c 1.45.2.5.6.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAIpysFdaIBMps37IRAhx0AJ4zEQlvLeN+GfSA6jsudJNF/9zMOwCbBTwh +iBh78EKtn3hLcD6Qn4Lr7jY= +=+NrA +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:03.jail.asc b/share/security/advisories/FreeBSD-SA-04:03.jail.asc new file mode 100644 index 0000000000..7f3860d062 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:03.jail.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:03.jail Security Advisory + The FreeBSD Project + +Topic: Jailed processes can attach to other jails + +Category: core +Module: kernel +Announced: 2004-02-25 +Credits: JAS Group (http://www.cs.mu.oz.au/jas/) +Affects: FreeBSD 5.1-RELEASE + FreeBSD 5.2-RELEASE +Corrected: 2004-02-19 23:26:39 UTC (RELENG_5_2, 5.2.1-RC2) + 2004-02-25 20:03:35 UTC (RELENG_5_1, 5.1-RELEASE-p14) +CVE Name: CAN-2004-0126 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The jail(2) system call allows a system administrator to lock up a +process and all its descendants inside a closed environment with very +limited ability to affect the system outside that environment, even +for processes with superuser privileges. It is an extension of, but +far more stringent than, the traditional Unix chroot(2) system call. + +The jail_attach(2) system call, which was introduced in FreeBSD 5 +before 5.1-RELEASE, allows a non-jailed process to permanently move +into an existing jail. + +II. Problem Description + +A programming error has been found in the jail_attach(2) system call +which affects the way that system call verifies the privilege +level of the calling process. Instead of failing immediately if the +calling process was already jailed, the jail_attach(2) system call +would fail only after changing the calling process's root directory. + +III. Impact + +A process with superuser privileges inside a jail could change its +root directory to that of a different jail, and thus gain full read +and write access to files and directories within the target jail. + +IV. Workaround + +No workaround is available. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 5.2.1-RELEASE, or to the +RELENG_5_2 or RELENG_5_1 security branch dated after the correction +date. + +OR + +2) Patch your present system: + +The following patch has been verified to apply to FreeBSD 5.1 and 5.2 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5_2 + src/sys/kern/kern_jail.c 1.34.2.1 +RELENG_5_1 + src/UPDATING 1.251.2.16 + src/sys/conf/newvers.sh 1.50.2.16 + src/sys/kern/kern_jail.c 1.33.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAP4xVFdaIBMps37IRArw1AJ9jNZIsJHYlKt+NEsOgp5cti/Cs+gCdFa0j +3cvPHMce6awUESculjC3Z/I= +=LQo0 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:04.tcp.asc b/share/security/advisories/FreeBSD-SA-04:04.tcp.asc new file mode 100644 index 0000000000..751f582940 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:04.tcp.asc @@ -0,0 +1,154 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:04.tcp Security Advisory + The FreeBSD Project + +Topic: many out-of-sequence TCP packets denial-of-service + +Category: core +Module: kernel +Announced: 2004-03-02 +Revised: 2004-03-16 +Credits: iDEFENSE, Alexander Cuttergo +Affects: All FreeBSD releases +Corrected: 2004-03-02 17:19:18 UTC (RELENG_4) + 2004-03-16 13:47:33 UTC (RELENG_5_2, 5.2.1-RELEASE-p2) + 2004-03-15 20:02:06 UTC (RELENG_5_1, 5.1-RELEASE-p15) + 2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3) + 2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16) + 2004-03-17 10:50:45 UTC (RELENG_4_7, 4.7-RELEASE-p26) +CVE Name: CAN-2004-0171 +FreeBSD only: NO + +0. Revision History + +v1.0 2004-03-02 Initial release. +v1.1 2004-03-17 Fix minor performance issue in 5.2.1 patch. + Corrections for RELENG_5_1 and RELENG_4_7 added. + Note Alexander Cuttergo as the discoverer of this issue. + +I. Background + +The Transmission Control Protocol (TCP) of the TCP/IP protocol suite +provides a connection-oriented, reliable, sequence-preserving data +stream service. When network packets making up a TCP stream (``TCP +segments'') are received out-of-sequence, they are maintained in a +reassembly queue by the destination system until they can be re-ordered +and re-assembled. + +II. Problem Description + +FreeBSD does not limit the number of TCP segments that may be held in a +reassembly queue. + +III. Impact + +A remote attacker may conduct a low-bandwidth denial-of-service attack +against a machine providing services based on TCP (there are many such +services, including HTTP, SMTP, and FTP). By sending many +out-of-sequence TCP segments, the attacker can cause the target machine +to consume all available memory buffers (``mbufs''), likely leading to +a system crash. + +IV. Workaround + +It may be possible to mitigate some denial-of-service attacks by +implementing timeouts at the application level. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2, +RELENG_4_9, or RELENG_4_8 security branch dated after the correction +date. + +OR + +2) Patch your present system: + +The following patch has been verified to apply to FreeBSD 4.x and 5.x +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.2] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc + +[FreeBSD 5.1] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp51.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp51.patch.asc + +[FreeBSD 4.7, 4.8, 4.9] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/UPDATING 1.73.2.90 + src/sys/conf/newvers.sh 1.44.2.33 + src/sys/netinet/tcp_input.c 1.107.2.40 + src/sys/netinet/tcp_subr.c 1.73.2.33 + src/sys/netinet/tcp_var.h 1.56.2.15 +RELENG_5_2 + src/UPDATING 1.282.2.10 + src/sys/conf/newvers.sh 1.56.2.9 + src/sys/netinet/tcp_input.c 1.217.2.3 + src/sys/netinet/tcp_subr.c 1.169.2.4 + src/sys/netinet/tcp_var.h 1.93.2.2 +RELENG_5_1 + src/UPDATING 1.251.2.17 + src/sys/conf/newvers.sh 1.50.2.17 + src/sys/netinet/tcp_input.c 1.205.2.1 + src/sys/netinet/tcp_subr.c 1.160.2.1 + src/sys/netinet/tcp_var.h 1.89.2.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.4 + src/sys/conf/newvers.sh 1.44.2.32.2.4 + src/sys/netinet/tcp_input.c 1.107.2.38.2.1 + src/sys/netinet/tcp_subr.c 1.73.2.31.4.1 + src/sys/netinet/tcp_var.h 1.56.2.13.4.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.19 + src/sys/conf/newvers.sh 1.44.2.29.2.17 + src/sys/netinet/tcp_input.c 1.107.2.37.2.1 + src/sys/netinet/tcp_subr.c 1.73.2.31.2.1 + src/sys/netinet/tcp_var.h 1.56.2.13.2.1 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.30 + src/sys/conf/newvers.sh 1.44.2.26.2.28 + src/sys/netinet/tcp_input.c 1.107.2.32.2.1 + src/sys/netinet/tcp_subr.c 1.73.2.28.2.1 + src/sys/netinet/tcp_var.h 1.56.2.12.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAWC4yFdaIBMps37IRAgulAJ93O5yH4Z49oTx4HEdRJK+6sLco2gCfYCEZ +NpPTCWlG1oyLjOL2y6zKBfs= +=Naox +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:05.openssl.asc b/share/security/advisories/FreeBSD-SA-04:05.openssl.asc new file mode 100644 index 0000000000..327bd7f36a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:05.openssl.asc @@ -0,0 +1,134 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:05.openssl Security Advisory + The FreeBSD Project + +Topic: Denial-of-service vulnerability in OpenSSL + +Category: crypto +Module: openssl +Announced: 2004-03-17 +Credits: OpenSSL Project + Codenomicon Ltd +Affects: All FreeBSD 4.x and 5.x releases +Corrected: 2004-03-17 12:23:51 UTC (RELENG_4, 4.9-STABLE) + 2004-03-17 12:14:12 UTC (RELENG_5_2, 5.2.1-RELEASE-p3) + 2004-03-17 12:14:56 UTC (RELENG_5_1, 5.1-RELEASE-p16) + 2004-03-17 12:17:13 UTC (RELENG_4_9, 4.9-RELEASE-p4) + 2004-03-17 12:18:23 UTC (RELENG_4_8, 4.8-RELEASE-p17) +CVE Name: CAN-2004-0079 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL +Project is a collaborative effort to develop a robust, commercial- +grade, full-featured, and Open Source toolkit implementing the Secure +Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) +protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +When processing an SSL/TLS ChangeCipherSpec message, OpenSSL may fail to +check that a new cipher has been previously negotiated. This may result +in a null pointer dereference. + +III. Impact + +A remote attacker could perform a specially crafted SSL/TLS handshake +with an application that utilizes OpenSSL, triggering the null pointer +dereference and causing the application to crash. Depending upon the +specifics of the application, this may result in an effective +denial-of-service. + +IV. Workaround + +No workaround is known. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, +RELENG_4_9, or RELENG_4_8 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, +4.9, 5.1, and 5.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:05/openssl.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:05/openssl.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of the +base system (i.e. from the Ports Collection or other 3rd-party sources) +must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.9 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.7 +RELENG_5_2 + src/UPDATING 1.282.2.11 + src/crypto/openssl/crypto/opensslv.h 1.1.1.14.2.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.8.4.1 + src/sys/conf/newvers.sh 1.56.2.10 +RELENG_5_1 + src/UPDATING 1.251.2.18 + src/crypto/openssl/crypto/opensslv.h 1.1.1.13.2.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.8.2.1 + src/sys/conf/newvers.sh 1.50.2.18 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.5 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.8.2.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.6.4.1 + src/sys/conf/newvers.sh 1.44.2.32.2.5 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.20 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.7.2.1 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.1.2.6.2.1 + src/sys/conf/newvers.sh 1.44.2.29.2.18 +- ------------------------------------------------------------------------- + +VII. References + + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAWH8nFdaIBMps37IRAgsZAKCPXaoTb16c8JGJL+Uz7eOX8/864ACbB059 +AIfN8fbeiGJ3fdG0pKAMwMw= +=2f24 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc b/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc new file mode 100644 index 0000000000..a614a8e091 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc @@ -0,0 +1,119 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:06.ipv6 Security Advisory + The FreeBSD Project + +Topic: setsockopt(2) IPv6 sockets input validation error + +Category: core +Module: kernel +Announced: 2004-03-29 +Credits: Katsuhisa ABE, Colin Percival +Affects: FreeBSD 5.2-RELEASE +Corrected: 2004-03-29 14:01:33 UTC (RELENG_5_2, 5.2.1-RELEASE-p4) +CVE Name: CAN-2004-0370 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +IPv6 is a new Internet Protocol, designed to replace (and avoid many of +the problems with) the current Internet Protocol (version 4). FreeBSD +uses the KAME Project IPv6 implementation. + +Applications may manipulate the behavior of an IPv6 socket using the +setsockopt(2) system call. + +II. Problem Description + +A programming error in the handling of some IPv6 socket options within +the setsockopt(2) system call may result in memory locations being +accessed without proper validation. While the problem originates in +code from the KAME Project, it does not affect other operating systems. + +III. Impact + +It may be possible for a local attacker to read portions of kernel +memory, resulting in disclosure of sensitive information. A local +attacker can cause a system panic. + +IV. Workaround + +Do one of the following: + +1) Disable IPv6 entirely by following these steps: + + - Remove or comment out any lines mentioning `INET6' from your + kernel configuration file, and recompile your kernel as described + in . + + - Reboot your system. + +2) If all untrusted users are confined within a jail(8), ensure that +the security.jail.socket_unixiproute_only sysctl is set to 1 and +verify that no IPv6 sockets are currently open: + +# sysctl security.jail.socket_unixiproute_only=1 +# sockstat -6 + +This will restrict jailed processes to creating UNIX domain, IPv4, and +routing sockets, which are not vulnerable to this problem; note however +that processes inside a jail may still be able to inherit IPv6 sockets +from outside the jail, so this may not be sufficient for all systems. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to the RELENG_5_2 security branch +dated after the correction date. + +2) To patch your present system: + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:06/ipv6.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:06/ipv6.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the kernel as described in + and reboot the +system. + +d) Install updated kernel headers. + +# cd /usr/src/include +# make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5_2 + src/UPDATING 1.282.2.12 + src/sys/netinet6/ip6_output.c 1.71.2.2 + src/sys/netinet/ip6.h 1.10.2.1 + src/sys/conf/newvers.sh 1.56.2.11 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAaC6kFdaIBMps37IRAiCBAJ9ATb8FTKysuJvwlU8E0YOArWwP1gCcCCpw +rK7VXiZuLwD1zZmBepSHCt4= +=FLqJ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:07.cvs.asc b/share/security/advisories/FreeBSD-SA-04:07.cvs.asc new file mode 100644 index 0000000000..5a11c79744 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:07.cvs.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:07.cvs Security Advisory + The FreeBSD Project + +Topic: CVS path validation errors + +Category: contrib +Module: contrib_cvs +Announced: 2004-04-15 +Revised: 2004-04-16 +Credits: Sebastian Krahmer + Derek Robert Price +Affects: All FreeBSD versions prior to 4.10-RELEASE +Corrected: 2004-04-15 15:35:26 UTC (RELENG_4, 4.10-BETA) + 2004-04-15 15:42:50 UTC (RELENG_5_2, 5.2.1-RELEASE-p5) + 2004-04-15 15:59:05 UTC (RELENG_4_9, 4.9-RELEASE-p5) + 2004-04-15 15:59:54 UTC (RELENG_4_8, 4.8-RELEASE-p18) +CVE Name: CAN-2004-0180, CAN-2004-0405 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2004-04-14 Initial release. +v1.1 2004-04-15 Added additional CVE name. Corrected affected release + names. Reworded `Workaround' section. + +I. Background + +The Concurrent Versions System (CVS) is a version control system. It +may be used to access a repository locally, or to access a `remote +repository' using a number of different methods. When accessing a +remote repository, the target machine runs the CVS server to fulfill +client requests. + +II. Problem Description + +Two programming errors were discovered in which path names handled by +CVS were not properly validated. In one case, CAN-2004-0180, the CVS +client accepts absolute path names from the server when determining +which files to update. In another case, CAN-2004-0405, the CVS server +accepts relative path names from the client when determining which +files to transmit, including those containing references to parent +directories (`../'). + +III. Impact + +These programming errors generally only have a security impact when +dealing with remote CVS repositories. + +A malicious CVS server may cause a CVS client to overwrite arbitrary +files on the client's system. + +A CVS client may request RCS files from a remote system other than +those in the repository specified by $CVSROOT. These RCS files need +not be part of any CVS repository themselves. + +IV. Workaround + +Users of CVS clients should avoid accessing remote repositories. +Administrators of CVS repositories should disable remote access. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, +RELENG_4_9, or RELENG_4_8 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, +4.9, 5.1, and 5.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/cvs +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/cvs/src/client.c 1.2.2.7 + src/contrib/cvs/src/modules.c 1.1.1.5.2.4 +RELENG_5_2 + src/UPDATING 1.282.2.13 + src/sys/conf/newvers.sh 1.56.2.12 + src/contrib/cvs/src/client.c 1.10.4.1 + src/contrib/cvs/src/modules.c 1.1.1.8.6.2 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.6 + src/sys/conf/newvers.sh 1.44.2.32.2.6 + src/contrib/cvs/src/client.c 1.2.2.6.4.1 + src/contrib/cvs/src/modules.c 1.1.1.5.2.3.4.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.21 + src/sys/conf/newvers.sh 1.44.2.29.2.19 + src/contrib/cvs/src/client.c 1.2.2.6.2.1 + src/contrib/cvs/src/modules.c 1.1.1.5.2.3.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAf9JjFdaIBMps37IRAvX1AKCLBj7AKXeH0H+MQdQPOOlQESzi+wCZAV0I +NMgLCxOS/j9H34OJlYOLflU= +=W0D4 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:08.heimdal.asc b/share/security/advisories/FreeBSD-SA-04:08.heimdal.asc new file mode 100644 index 0000000000..8c8b7b5786 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:08.heimdal.asc @@ -0,0 +1,170 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:08.heimdal Security Advisory + The FreeBSD Project + +Topic: heimdal cross-realm trust vulnerability + +Category: core +Module: crypto_heimdal +Announced: 2004-05-05 +Credits: Heimdal project +Affects: FreeBSD 4 with Kerberos 5 installed, and FreeBSD 5 +Corrected: 2004-05-05 19:49:41 UTC (RELENG_4, 4.10-PRERELEASE) + 2004-05-05 19:55:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p6) + 2004-05-05 20:48:19 UTC (RELENG_4_10, 4.10-RELEASE-RC) + 2004-05-05 20:01:06 UTC (RELENG_4_9, 4.9-RELEASE-p6) + 2004-05-05 20:06:30 UTC (RELENG_4_8, 4.8-RELEASE-p19) +CVE Name: CAN-2004-0371 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +Heimdal implements the Kerberos 5 network authentication protocols. +Principals (i.e. users and services) represented in Kerberos are +grouped into separate, autonomous realms. Unidirectional or +bidirectional trust relationships may be established between realms to +allow the principals in one realm to recognize the authenticity of +principals in another. These trust relationships may be transitive. +An authentication path is the ordered list of realms (and therefore +KDCs) that were involved in the authentication process. The +authentication path is recorded in Kerberos tickets as the `transited' +field. + +It is possible for the Key Distribution Center (KDC) of a realm to +forge part or all of the `transited' field. KDCs should validate this +field before accepting authentication results, checking that each +realm in the authentication path is trusted and that the path conforms +to local policy. Applications are required to perform this type of +checking if the KDC has not already done so. + +Prior to FreeBSD 5.1, Kerberos 5 was an optional component of FreeBSD, +and was not installed by default. + +II. Problem Description + +Some versions of Heimdal do not perform appropriate checking of the +`transited' field. + +III. Impact + +For sites that have established trust relationships with other realms, +it is possible for the administrator(s) of those other realms to +impersonate any Kerberos principal in any other realm. + +IV. Workaround + +Disable all inter-realm trust relationships. The Heimdal advisory +listed in the References section below provides details for checking +for trust relationships and disabling them. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, +RELENG_4_9, or RELENG_4_8 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, +4.9, 5.1, and 5.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.8, 4.9, 5.1 with Heimdal 0.5.1] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:08/heimdal51.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:08/heimdal51.patch.asc + +[FreeBSD 5.2 with Heimdal 0.6] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:08/heimdal6.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:08/heimdal6.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libcrypto +# make obj && make depend && make +# cd /usr/src/kerberos5 +# make obj && make depend && make && make install + +Be sure to restart any running services that use Kerberos, such as +kdc(8) or sshd(8). Perhaps the simplest way to ensure all such +applications are restarted is to reboot the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/heimdal/kdc/config.c 1.1.1.2.2.4 + src/crypto/heimdal/kdc/kdc.8 1.1.1.2.2.5 + src/crypto/heimdal/kdc/kdc_locl.h 1.1.1.2.2.4 + src/crypto/heimdal/kdc/kerberos5.c 1.1.1.2.2.5 + src/crypto/heimdal/lib/krb5/krb5-protos.h 1.1.1.3.2.5 + src/crypto/heimdal/lib/krb5/rd_req.c 1.1.1.3.2.3 + src/crypto/heimdal/lib/krb5/transited.c 1.1.1.3.2.3 +RELENG_5_2 + src/UPDATING 1.282.2.14 + src/crypto/heimdal/kdc/config.c 1.1.1.7.2.1 + src/crypto/heimdal/kdc/kdc.8 1.1.1.7.2.1 + src/crypto/heimdal/kdc/kdc_locl.h 1.1.1.6.2.1 + src/crypto/heimdal/kdc/kerberos5.c 1.1.1.8.2.1 + src/crypto/heimdal/lib/krb5/krb5-protos.h 1.1.1.9.2.1 + src/crypto/heimdal/lib/krb5/rd_req.c 1.1.1.6.6.1 + src/crypto/heimdal/lib/krb5/transited.c 1.1.1.6.2.1 + src/sys/conf/newvers.sh 1.56.2.13 +RELENG_4_10 + src/crypto/heimdal/kdc/config.c 1.1.1.2.2.3.8.1 + src/crypto/heimdal/kdc/kdc.8 1.1.1.2.2.4.8.1 + src/crypto/heimdal/kdc/kdc_locl.h 1.1.1.2.2.3.8.1 + src/crypto/heimdal/kdc/kerberos5.c 1.1.1.2.2.4.8.1 + src/crypto/heimdal/lib/krb5/krb5-protos.h 1.1.1.3.2.4.8.1 + src/crypto/heimdal/lib/krb5/rd_req.c 1.1.1.3.2.2.10.1 + src/crypto/heimdal/lib/krb5/transited.c 1.1.1.3.2.2.8.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.7 + src/crypto/heimdal/kdc/config.c 1.1.1.2.2.3.6.1 + src/crypto/heimdal/kdc/kdc.8 1.1.1.2.2.4.6.1 + src/crypto/heimdal/kdc/kdc_locl.h 1.1.1.2.2.3.6.1 + src/crypto/heimdal/kdc/kerberos5.c 1.1.1.2.2.4.6.1 + src/crypto/heimdal/lib/krb5/krb5-protos.h 1.1.1.3.2.4.6.1 + src/crypto/heimdal/lib/krb5/rd_req.c 1.1.1.3.2.2.8.1 + src/crypto/heimdal/lib/krb5/transited.c 1.1.1.3.2.2.6.1 + src/sys/conf/newvers.sh 1.44.2.32.2.7 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.22 + src/crypto/heimdal/kdc/config.c 1.1.1.2.2.3.4.1 + src/crypto/heimdal/kdc/kdc.8 1.1.1.2.2.4.4.1 + src/crypto/heimdal/kdc/kdc_locl.h 1.1.1.2.2.3.4.1 + src/crypto/heimdal/kdc/kerberos5.c 1.1.1.2.2.4.4.1 + src/crypto/heimdal/lib/krb5/krb5-protos.h 1.1.1.3.2.4.4.1 + src/crypto/heimdal/lib/krb5/rd_req.c 1.1.1.3.2.2.6.1 + src/crypto/heimdal/lib/krb5/transited.c 1.1.1.3.2.2.4.1 + src/sys/conf/newvers.sh 1.44.2.29.2.20 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAmVTvFdaIBMps37IRAkhZAKCQZmbxNkicz82VEcPeDO/840uNxwCfQ/0U +NYT36OgpzsBI9Jc0cpDXTA4= +=i17O +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:09.kadmind.asc b/share/security/advisories/FreeBSD-SA-04:09.kadmind.asc new file mode 100644 index 0000000000..20806d82b7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:09.kadmind.asc @@ -0,0 +1,121 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:09.kadmind Security Advisory + The FreeBSD Project + +Topic: heimdal kadmind remote heap buffer overflow + +Category: contrib +Module: crypto_heimdal +Announced: 2004-05-05 +Credits: Evgeny Demidov, VulnDisco, Love Hornquist-Astrand +Affects: FreeBSD 4 systems built with both Kerberos 4 and Kerberos 5. + FreeBSD 5 systems prior to 5.1 built with both Kerberos 4 and + Kerberos 5. +Corrected: 2004-05-05 20:19:48 UTC (RELENG_4, 4.10-PRERELEASE) + 2004-05-05 20:48:57 UTC (RELENG_4_10, 4.10-RELEASE-RC) + 2004-05-05 20:15:56 UTC (RELENG_4_9, 4.9-RELEASE-p7) + 2004-05-05 20:17:51 UTC (RELENG_4_8, 4.8-RELEASE-p20) +CVE Name: CAN-2004-0434 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +Heimdal implements the Kerberos 5 network authentication protocols. +The k5admind(8) daemon provides the administrative interface to the +Kerberos Key Distribution Center (KDC). In some configurations, +k5admind also includes Kerberos 4 compatibility. + +NOTE: FreeBSD versions prior to 5.1-RELEASE contain optional Kerberos +4 support. FreeBSD versions 5.1-RELEASE and later do not include +Kerberos 4 support of any kind. + +II. Problem Description + +An input validation error was discovered in the k5admind code that +handles the framing of Kerberos 4 compatibility administration +requests. The code assumed that the length given in the framing was +always two or more bytes. Smaller lengths will cause k5admind to read +an arbitrary amount of data into a minimally-sized buffer on the heap. + +Note that this code is not present unless k5admind has been compiled +with Kerberos 4 support. This will occur if a FreeBSD system is +compiled with both of the WITH_KERBEROS4 and WITH_KERBEROS5 build flags. +These flags are never simultaneously set during the FreeBSD binary +release process; consequently, binary installs of FreeBSD (even with +Kerberos support installed) are not affected. + +III. Impact + +A remote attacker may send a specially formatted message to k5admind, +causing it to crash or possibly resulting in arbitrary code execution. + +IV. Workaround + +Disable the Kerberos 4 support in k5admind by running it with the +`--no-kerberos4' option. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_9 or +RELENG_4_8 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8 and +4.9. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:09/kadmind.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:09/kadmind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/kerberos5/tools +# make obj && make depend && make +# cd /usr/src/kerberos5/lib +# make obj && make depend && make +# cd /usr/src/kerberos5/libexec/k5admind +# make obj && make depend && make all install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/heimdal/kadmin/version4.c 1.1.1.1.2.6 +RELENG_4_10 + src/crypto/heimdal/kadmin/version4.c 1.1.1.1.2.5.6.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.8 + src/crypto/heimdal/kadmin/version4.c 1.1.1.1.2.5.4.1 + src/sys/conf/newvers.sh 1.44.2.32.2.8 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.23 + src/crypto/heimdal/kadmin/version4.c 1.1.1.1.2.5.2.1 + src/sys/conf/newvers.sh 1.44.2.29.2.21 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAmVp/FdaIBMps37IRArWAAJ9wsAaSmpmkdisZ7dKCdUqtjzi5/ACfQx91 +Rl2JAQ/JrZyoOlwYRea1SLc= +=gQfq +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:10.cvs.asc b/share/security/advisories/FreeBSD-SA-04:10.cvs.asc new file mode 100644 index 0000000000..d777d49558 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:10.cvs.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:10.cvs Security Advisory + The FreeBSD Project + +Topic: CVS pserver protocol parser errors + +Category: contrib +Module: contrib_cvs +Announced: 2004-05-19 +Revised: 2004-05-20 +Credits: Stefan Esser +Affects: All FreeBSD versions +Corrected: 2004-05-20 13:17:16 UTC (RELENG_4, 4.10-PRERELEASE) + 2004-05-20 13:17:42 UTC (RELENG_4_10, 4.10-RC) + 2004-05-20 13:18:08 UTC (RELENG_4_9, 4.9-RELEASE-p8) + 2004-05-20 13:18:07 UTC (RELENG_4_8, 4.8-RELEASE-p21) + 2004-05-20 13:18:06 UTC (RELENG_4_7, 4.7-RELEASE-p27) + 2004-05-20 13:18:10 UTC (RELENG_5_2, 5.2.1-RELEASE-p7) + 2004-05-20 13:18:09 UTC (RELENG_5_1, 5.1-RELEASE-p17) + 2004-05-20 13:18:09 UTC (RELENG_5_0, 5.0-RELEASE-p21) +CVE Name: CAN-2004-0396 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2004-05-19 Initial release. +v1.1 2004-05-19 Adjusted correction dates and reference URL. +v1.2 2004-05-20 Updated patch to work around bugs in some CVS clients. +v1.3 2004-06-05 Corrected the workaround section. + +I. Background + +The Concurrent Versions System (CVS) is a version control system. It +may be used to access a repository locally, or to access a `remote +repository' using a number of different methods. When accessing a +remote repository, the target machine runs the CVS server to fulfill +client requests. + +II. Problem Description + +Due to a programming error in code used to parse data received from +the client, malformed data can cause a heap buffer to overflow, +allowing the client to overwrite arbitrary portions of the server's +memory. + +III. Impact + +A malicious CVS client may run arbitrary code on the server at the +privilege level of the CVS server software. + +IV. Workaround + +Administrators of CVS repositories should disable anonymous remote +access. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, +RELENG_4_9, or RELENG_4_8 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.7, 4.8, +4.9, 4.10, 5.0, 5.1, and 5.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/cvs +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/cvs/src/server.c 1.13.2.7 +RELENG_4_10 + src/contrib/cvs/src/server.c 1.13.2.5.6.2 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.9 + src/sys/conf/newvers.sh 1.44.2.32.2.9 + src/contrib/cvs/src/server.c 1.13.2.5.4.2 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.24 + src/sys/conf/newvers.sh 1.44.2.29.2.22 + src/contrib/cvs/src/server.c 1.13.2.5.2.2 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.31 + src/sys/conf/newvers.sh 1.44.2.26.2.29 + src/contrib/cvs/src/server.c 1.13.2.2.6.3 +RELENG_5_2 + src/UPDATING 1.282.2.15 + src/sys/conf/newvers.sh 1.56.2.14 + src/contrib/cvs/src/server.c 1.19.4.3 +RELENG_5_1 + src/UPDATING 1.251.2.19 + src/sys/conf/newvers.sh 1.50.2.19 + src/contrib/cvs/src/server.c 1.19.2.2 +RELENG_5_0 + src/UPDATING 1.229.2.27 + src/sys/conf/newvers.sh 1.48.2.22 + src/contrib/cvs/src/server.c 1.17.2.3 +- ------------------------------------------------------------------------- + +VII. References + +http://ccvs.cvshome.org/servlets/NewsItemView?newsID=107 +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAwfk9FdaIBMps37IRAhNIAJ4twfnzkcUWj+NfaEO7QBl4/J5tmgCggrvR +HPugjWZJCBGmSguSQj9X8PY= +=BWOO +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:11.msync.asc b/share/security/advisories/FreeBSD-SA-04:11.msync.asc new file mode 100644 index 0000000000..17f675c882 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:11.msync.asc @@ -0,0 +1,118 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:11.msync Security Advisory + The FreeBSD Project + +Topic: buffer cache invalidation implementation issues + +Category: core +Module: sys +Announced: 2004-05-26 +Credits: Stephan Uphoff + Matt Dillon +Affects: All FreeBSD versions prior to the correction date +Corrected: 2004-05-25 22:46:38 UTC (RELENG_4, 4.10-STABLE) + 2004-05-25 23:07:55 UTC (RELENG_5_2, 5.2.1-RELEASE-p8) + 2004-05-22 23:09:19 UTC (RELENG_4_10, 4.10-RELEASE) + 2004-05-25 23:01:21 UTC (RELENG_4_9, 4.9-RELEASE-p9) + 2004-05-25 23:01:19 UTC (RELENG_4_8, 4.8-RELEASE-p22) +CVE Name: CAN-2004-0435 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The msync(2) system call is used by applications to request that +modified memory pages are written to permanent storage. + +II. Problem Description + +Programming errors in the implementation of the msync(2) system call +involving the MS_INVALIDATE operation lead to cache consistency +problems between the virtual memory system and on-disk contents. + +III. Impact + +In some situations, a user with read access to a file may be able to +prevent changes to that file from being committed to disk. + +IV. Workaround + +There is no workaround. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, +RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.9, +4.10 and 5.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.2] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch.asc + +[FreeBSD 4.8, 4.9, 4.10] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/ufs/ufs/ufs_readwrite.c 1.65.2.16 + src/sys/vm/vm_map.c 1.187.2.30 +RELENG_4_10 + src/sys/ufs/ufs/ufs_readwrite.c 1.65.2.14.4.1 + src/sys/vm/vm_map.c 1.187.2.24.2.4 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.10 + src/sys/conf/newvers.sh 1.44.2.32.2.10 + src/sys/ufs/ufs/ufs_readwrite.c 1.65.2.14.2.1 + src/sys/vm/vm_map.c 1.187.2.23.2.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.25 + src/sys/conf/newvers.sh 1.44.2.29.2.23 + src/sys/ufs/ufs/ufs_readwrite.c 1.65.2.13.2.1 + src/sys/vm/vm_map.c 1.187.2.17.2.1 +RELENG_5_2 + src/UPDATING 1.282.2.16 + src/sys/conf/newvers.sh 1.56.2.15 + src/sys/ufs/ffs/ffs_vnops.c 1.119.2.1 + src/sys/vm/vm_object.c 1.317.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAtH2pFdaIBMps37IRAmycAJ0cv/iG6NlGBsC1xT4gg/Gx3lF8DwCghfHl +G2wdUNyfvhz0u3kFB9pH41c= +=SK1u +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:12.jailroute.asc b/share/security/advisories/FreeBSD-SA-04:12.jailroute.asc new file mode 100644 index 0000000000..40e96d1c7f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:12.jailroute.asc @@ -0,0 +1,110 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:12.jailroute Security Advisory + The FreeBSD Project + +Topic: Jailed processes can manipulate host routing tables + +Category: core +Module: kernel +Announced: 2004-06-07 +Credits: Pawel Malachowski +Affects: FreeBSD 4.8-RELEASE + FreeBSD 4.9-RELEASE +Corrected: 2004-04-06 20:11:53 UTC (RELENG_4) + 2004-06-07 17:44:44 UTC (RELENG_4_9, 4.9-RELEASE-p10) + 2004-06-07 17:42:42 UTC (RELENG_4_8, 4.8-RELEASE-p23) +CVE Name: CAN-2004-0125 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The jail(2) system call allows a system administrator to lock up a +process and all its descendants inside a closed environment with very +limited ability to affect the system outside that environment, even +for processes with superuser privileges. It is an extension of, but +far more stringent than, the traditional Unix chroot(2) system call. + +The FreeBSD kernel maintains internal routing tables for the purpose +of determining which interface should be used to transmit packets. +These routing tables can be manipulated by user processes running +with superuser privileges by sending messages over a routing socket. + +II. Problem Description + +A programming error resulting in a failure to verify that an attempt +to manipulate routing tables originated from a non-jailed process. + +III. Impact + +Jailed processes running with superuser privileges could modify host +routing tables. This could result in a variety of consequences including +packets being sent via an incorrect network interface and packets being +discarded entirely. + +IV. Workaround + +No workaround is available. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to 4.10-RELEASE, or to the RELENG_4_8 +or RELENG_4_9 security branch dated after the correction date. + +OR + +2) Patch your present system: + +The following patch has been verified to apply to the FreeBSD 4.8 and +4.9 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:12/jailroute.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:12/jailroute.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/net/rtsock.c 1.44.2.13 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.11 + src/sys/conf/newvers.sh 1.44.2.32.2.11 + src/sys/net/rtsock.c 1.44.2.11.4.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.26 + src/sys/conf/newvers.sh 1.44.2.29.2.24 + src/sys/net/rtsock.c 1.44.2.11.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFAxNyTFdaIBMps37IRAkTtAJ9LL92gdrIr3drFL7+EzgIz3Tp3EQCgl3XM +FySjBz6+a74mtEX89hLRcBI= +=dWI/ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:13.linux.asc b/share/security/advisories/FreeBSD-SA-04:13.linux.asc new file mode 100644 index 0000000000..7cacb6f0b6 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:13.linux.asc @@ -0,0 +1,164 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:13.linux Security Advisory + The FreeBSD Project + +Topic: Linux binary compatibility mode input validation error + +Category: core +Module: kernel +Announced: 2004-06-30 +Credits: Tim Robbins +Affects: All 4.x and 5.x releases +Corrected: 2004-06-30 17:31:44 UTC (RELENG_4) + 2004-06-30 17:34:38 UTC (RELENG_5_2, 5.2.1-RELEASE-p9) + 2004-06-30 17:33:59 UTC (RELENG_4_10, 4.10-RELEASE-p2) + 2004-06-30 17:33:24 UTC (RELENG_4_9, 4.9-RELEASE-p11) + 2004-06-30 17:32:24 UTC (RELENG_4_8, 4.8-RELEASE-p24) +CVE Name: CAN-2004-0602 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +FreeBSD is binary-compatible with the Linux operating system through a +loadable kernel module/optional kernel component. + +II. Problem Description + +A programming error in the handling of some Linux system calls may +result in memory locations being accessed without proper validation. + +III. Impact + +It may be possible for a local attacker to read and/or overwrite +portions of kernel memory, resulting in disclosure of sensitive +information or potential privilege escalation. A local attacker can +cause a system panic. + +IV. Workaround + +The only known workaround is to disable the linux binary compatibility +layer and prevent it from being (re)loaded. Note that step (a) must be +performed before step (b). + +a) To prevent the linux compatibility layer being (re)loaded, remove the +/boot/kernel/linux.ko file (on FreeBSD 5.x) or the /modules/linux.ko +file (on FreeBSD 4.x), and add or change the following line in +/etc/rc.conf: + +linux_enable="NO" # Linux binary compatibility loaded at startup (or NO). + +Add or change the following lines in /boot/loader.conf: + +linux_load="NO" # Linux emulation +linprocfs_load="NO" + +In addition, remove any linprocfs file system listed in /etc/fstab. + +b) To disable the linux binary compatibility layer, first determine if +it is loaded: + +# kldstat -v | grep linuxelf + +If no output is produced, the linux compatibility layer is not loaded; +stop here. + +If the linux compatibility layer is loaded, determine if it is compiled +into the kernel or loaded as a module: + +# kldstat | grep linux.ko + +If no output is produced, the linux compatibility layer is compiled +into the kernel. Remove the line + +options COMPAT_LINUX + +from your kernel configuration file and recompile the kernel as +described in + and reboot the +system. + +If output is produced, then the linux compatibility layer is loaded as +a kernel module. If the module is not currently being used (by a +process running under linux emulation, for example) then it may be +possible to unload it: + +# kldunload linux +# kldstat | grep linux.ko + +If this does not successfully unload the module, reboot the system. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2, +RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.9, +4.10 and 5.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.2] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux5.patch.asc + +[FreeBSD 4.8, 4.9, 4.10] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux4.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/compat/linux/linux_ioctl.c 1.55.2.13 +RELENG_5_2 + src/UPDATING 1.282.2.17 + src/sys/compat/linux/linux_ioctl.c 1.112.2.1 + src/sys/conf/newvers.sh 1.56.2.16 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.3 + src/sys/compat/linux/linux_ioctl.c 1.55.2.12.4.1 + src/sys/conf/newvers.sh 1.44.2.34.2.4 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.12 + src/sys/compat/linux/linux_ioctl.c 1.55.2.12.2.1 + src/sys/conf/newvers.sh 1.44.2.32.2.12 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.27 + src/sys/compat/linux/linux_ioctl.c 1.55.2.10.6.1 + src/sys/conf/newvers.sh 1.44.2.29.2.25 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQFA48FqFdaIBMps37IRArpeAKCP1G1bFmYiD0v3Qdg8pq5zkV7JywCcDUHn +dz5yJTOovQSmIaLVD/Ei8Xw= +=SVrJ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:14.cvs.asc b/share/security/advisories/FreeBSD-SA-04:14.cvs.asc new file mode 100644 index 0000000000..d9611faea5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:14.cvs.asc @@ -0,0 +1,182 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:14.cvs.asc Security Advisory + The FreeBSD Project + +Topic: CVS + +Category: contrib +Module: cvs +Announced: 2004-09-19 +Credits: Stefan Esser, Sebastian Krahmer, Derek Price + iDEFENSE +Affects: All FreeBSD versions +Corrected: 2004-06-29 16:10:50 UTC (RELENG_4) + 2004-09-19 22:26:22 UTC (RELENG_4_10, 4.10-RELEASE-p3) + 2004-09-19 22:27:36 UTC (RELENG_4_9, 4.9-RELEASE-p12) + 2004-09-19 22:28:14 UTC (RELENG_4_8, 4.8-RELEASE-p25) + 2004-09-19 22:37:10 UTC (RELENG_5_2, 5.2.1-RELEASE-p10) +CVE Name: CAN-2004-0414, CAN-2004-0416, CAN-2004-0417, CAN-2004-0418, + CAN-2004-0778 +FreeBSD only: NO + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The Concurrent Versions System (CVS) is a version control system. It +may be used to access a repository locally, or to access a `remote +repository' using a number of different methods. When accessing a +remote repository, the target machine runs the CVS server to fulfill +client requests. + +II. Problem Description + +A number of vulnerabilities were discovered in CVS by Stefan Esser, +Sebastian Krahmer, and Derek Price. + + . Insufficient input validation while processing "Entry" lines. + (CAN-2004-0414) + + . A double-free resulting from erroneous state handling while + processing "Argumentx" commands. (CAN-2004-0416) + + . Integer overflow while processing "Max-dotdot" commands. + (CAN-2004-0417) + + . Erroneous handling of empty entries handled while processing + "Notify" commands. (CAN-2004-0418) + + . A format string bug while processing CVS wrappers. + + . Single-byte buffer underflows while processing configuration files + from CVSROOT. + + . Various other integer overflows. + +Additionally, iDEFENSE reports an undocumented command-line flag used +in debugging does not perform input validation on the given path +names. + +III. Impact + +CVS servers ("cvs server" or :pserver: modes) are affected by these +vulnerabilities. They vary in impact but include information disclosure +(the iDEFENSE-reported bug), denial-of-service (CAN-2004-0414, +CAN-2004-0416, CAN-2004-0417 and other bugs), or possibly arbitrary code +execution (CAN-2004-0418). In very special situations where the +attacker may somehow influence the contents of CVS configuration files +in CVSROOT, additional attacks may be possible. + +IV. Workaround + +Disable the use of remote CVS repositories. + +V. Solution + +Do one of the following: + +1) Upgrade your vulnerable system to the RELENG_4 stable branch, or to +the RELENG_5_2, RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch +dated after the correction date. + +OR + +2) Patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.9, +4.10 and 5.2.1 systems. Note that one *must* have previously applied +the patches pertaining to FreeBSD-SA-04:10.cvs in order to use these +patches. + +Note that FreeBSD 4.10-STABLE systems built from sources dated +2004-06-29 16:20:00 UTC or later include cvs 1.11.17, which has all +of these issues fixed. These patches should not be applied to those +systems. + +a) Download the relevant patches from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/cvs +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4_10 + src/UPDATING 1.73.2.90.2.4 + src/sys/conf/newvers.sh 1.44.2.34.2.5 + src/contrib/cvs/lib/xsize.h 1.1.1.1.6.1 + src/contrib/cvs/src/commit.c 1.8.2.5.6.1 + src/contrib/cvs/src/cvs.h 1.11.2.6.6.1 + src/contrib/cvs/src/filesubr.c 1.6.2.4.6.1 + src/contrib/cvs/src/history.c 1.1.1.6.2.4.6.1 + src/contrib/cvs/src/modules.c 1.1.1.5.2.4.2.1 + src/contrib/cvs/src/server.c 1.13.2.5.6.3 + src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.6.1 + src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.6.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.13 + src/sys/conf/newvers.sh 1.44.2.32.2.13 + src/contrib/cvs/lib/xsize.h 1.1.1.1.8.1 + src/contrib/cvs/src/commit.c 1.8.2.5.4.1 + src/contrib/cvs/src/cvs.h 1.11.2.6.4.1 + src/contrib/cvs/src/filesubr.c 1.6.2.4.4.1 + src/contrib/cvs/src/history.c 1.1.1.6.2.4.4.1 + src/contrib/cvs/src/modules.c 1.1.1.5.2.3.4.2 + src/contrib/cvs/src/server.c 1.13.2.5.4.3 + src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.4.1 + src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.4.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.28 + src/sys/conf/newvers.sh 1.44.2.29.2.26 + src/contrib/cvs/lib/xsize.h 1.1.1.1.10.1 + src/contrib/cvs/src/commit.c 1.8.2.5.2.1 + src/contrib/cvs/src/cvs.h 1.11.2.6.2.1 + src/contrib/cvs/src/filesubr.c 1.6.2.4.2.1 + src/contrib/cvs/src/history.c 1.1.1.6.2.4.2.1 + src/contrib/cvs/src/modules.c 1.1.1.5.2.3.2.2 + src/contrib/cvs/src/server.c 1.13.2.5.2.3 + src/contrib/cvs/src/wrapper.c 1.1.1.7.2.3.2.1 + src/gnu/usr.bin/cvs/lib/config.h.proto 1.16.2.1.2.1 +RELENG_5_2 + src/UPDATING 1.282.2.18 + src/sys/conf/newvers.sh 1.56.2.17 + src/contrib/cvs/lib/xsize.h 1.1.1.1.12.1 + src/contrib/cvs/src/commit.c 1.13.4.1 + src/contrib/cvs/src/cvs.h 1.17.4.1 + src/contrib/cvs/src/filesubr.c 1.10.6.1 + src/contrib/cvs/src/history.c 1.1.1.10.6.1 + src/contrib/cvs/src/modules.c 1.1.1.8.6.3 + src/contrib/cvs/src/server.c 1.19.4.4 + src/contrib/cvs/src/wrapper.c 1.1.1.10.6.1 + src/gnu/usr.bin/cvs/lib/config.h.proto 1.17.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.5 (FreeBSD) + +iD8DBQFBTterFdaIBMps37IRAlkjAJ9jZ40PME0gr8b6DyS+h6zVHCxGTgCfdJN/ +JiKgPD2YDy378kBO3hYd8Ao= +=qzxJ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:15.syscons.asc b/share/security/advisories/FreeBSD-SA-04:15.syscons.asc new file mode 100644 index 0000000000..cb54813d6a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:15.syscons.asc @@ -0,0 +1,104 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:15.syscons Security Advisory + The FreeBSD Project + +Topic: Boundary checking errors in syscons + +Category: core +Module: sys_dev_syscons +Announced: 2004-10-04 +Credits: Christer Oberg +Affects: FreeBSD 5.x releases +Corrected: 2004-09-30 17:49:15 UTC (RELENG_5, 5.3-BETA6) + 2004-10-04 17:04:25 UTC (RELENG_5_2, 5.2.1-RELEASE-p11) +CVE Name: CAN-2004-0919 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +syscons(4) is the default console driver for FreeBSD. Using the +physical keyboard and screen, it provides multiple virtual terminals +which appear as if they were separate terminals. One virtual terminal +is considered current and exclusively occupies the screen and the +keyboard; the other virtual terminals are placed in the background. + +II. Problem Description + +The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of +its input arguments. In particular, negative coordinates or large +coordinates may cause unexpected behavior. + +III. Impact + +It may be possible to cause the CONS_SCRSHOT ioctl to return portions of +kernel memory. Such memory might contain sensitive information, such as +portions of the file cache or terminal buffers. This information might +be directly useful, or it might be leveraged to obtain elevated +privileges in some way. For example, a terminal buffer might include a +user-entered password. + +IV. Workaround + +There is no known workaround. However, this bug is only exploitable +by users who have access to the physical console or can otherwise open +a /dev/ttyv* device node. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to the RELENG_5_2 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.2 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:15/syscons.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:15/syscons.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5_2 + src/UPDATING 1.282.2.19 + src/sys/conf/newvers.sh 1.56.2.18 + src/sys/dev/syscons/syscons.c 1.409.2.1 +- ------------------------------------------------------------------------- + +VII. References + + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.6 (FreeBSD) + +iD8DBQFBYYMTFdaIBMps37IRAuNbAJ4jbPnqo3vvEeD33ItW09r3zAuh5QCghq5v +SN4Y+OCpzJ7Szy3s++slzeQ= +=FlYi +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:16.fetch.asc b/share/security/advisories/FreeBSD-SA-04:16.fetch.asc new file mode 100644 index 0000000000..96c9fe53c4 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:16.fetch.asc @@ -0,0 +1,158 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:16.fetch Security Advisory + The FreeBSD Project + +Topic: Overflow error in fetch + +Category: core +Module: fetch +Announced: 2004-11-18 +Credits: Colin Percival +Affects: All FreeBSD versions. +Corrected: 2004-11-18 12:02:13 UTC (RELENG_5, 5.3-STABLE) + 2004-11-18 12:03:05 UTC (RELENG_5_3, 5.3-RELEASE-p1) + 2004-11-18 12:04:29 UTC (RELENG_5_2, 5.2.1-RELEASE-p12) + 2004-11-18 12:05:36 UTC (RELENG_5_1, 5.1-RELEASE-p18) + 2004-11-18 12:05:50 UTC (RELENG_5_0, 5.0-RELEASE-p22) + 2004-11-18 12:02:29 UTC (RELENG_4, 4.10-STABLE) + 2004-11-18 12:06:06 UTC (RELENG_4_10, 4.10-RELEASE-p4) + 2004-11-18 12:06:22 UTC (RELENG_4_9, 4.9-RELEASE-p13) + 2004-11-18 12:06:36 UTC (RELENG_4_8, 4.8-RELEASE-p26) + 2004-11-18 12:06:52 UTC (RELENG_4_7, 4.7-RELEASE-p28) +CVE Name: CAN-2004-1053 +FreeBSD only: YES + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2004-11-18 Initial release. +v1.1 2004-11-20 Added missing CVE name; removed empty references section. + +I. Background + +The fetch(1) utility is a tool for fetching files via FTP, HTTP, and HTTPS. + +II. Problem Description + +An integer overflow condition in the processing of HTTP headers can result +in a buffer overflow. + +III. Impact + +A malicious server or CGI script can respond to an HTTP or HTTPS request in +such a manner as to cause arbitrary portions of the client's memory to be +overwritten, allowing for arbitrary code execution. + +IV. Workaround + +There is no known workaround for the affected application, although +the ftp(1) application in the FreeBSD base system, and several +applications in the FreeBSD Ports collection provide similar +functionality and could be used in place of fetch(1). + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated +after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.10, +5.2, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch +# ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.bin/fetch +# make obj && make depend && make && make install + +3) IMPORTANT NOTE to users of FreeBSD Update: + +FreeBSD Update (security/freebsd-update in the FreeBSD Ports collection) +is a binary security update system for the FreeBSD base system. It is +not supported or endorsed by the FreeBSD Security team, but its author +has requested that the following note be included in this advisory: + + FreeBSD Update uses the fetch(1) utility for downloading security + updates to the FreeBSD base system. While these updates are + cryptographically signed, and FreeBSD Update is therefore immune from + most attacks, it is exposed to this vulnerability since the files + must be fetched before their integrity can be verified. + + As a workaround, FreeBSD Update can be made to use the ftp(1) utility + for downloading updates as follows: + + # sed -i.bak -e 's/fetch -qo/ftp -o/' /usr/local/sbin/freebsd-update + # freebsd-update fetch + # mv /usr/local/sbin/freebsd-update.bak /usr/local/sbin/freebsd-update + # freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/usr.bin/fetch/fetch.c 1.10.2.28 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.5 + src/sys/conf/newvers.sh 1.44.2.34.2.6 + src/usr.bin/fetch/fetch.c 1.10.2.23.2.1 +RELENG_4_9 + src/UPDATING 1.73.2.89.2.14 + src/sys/conf/newvers.sh 1.44.2.32.2.14 + src/usr.bin/fetch/fetch.c 1.10.2.21.2.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.29 + src/sys/conf/newvers.sh 1.44.2.29.2.27 + src/usr.bin/fetch/fetch.c 1.10.2.20.2.1 +RELENG_4_7 + src/UPDATING 1.73.2.74.2.32 + src/sys/conf/newvers.sh 1.44.2.26.2.30 + src/usr.bin/fetch/fetch.c 1.10.2.18.2.1 +RELENG_5 + src/usr.bin/fetch/fetch.c 1.72.2.2 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.4 + src/sys/conf/newvers.sh 1.62.2.15.2.6 + src/usr.bin/fetch/fetch.c 1.72.2.1.2.1 +RELENG_5_2 + src/UPDATING 1.282.2.20 + src/sys/conf/newvers.sh 1.56.2.19 + src/usr.bin/fetch/fetch.c 1.62.4.1 +RELENG_5_1 + src/UPDATING 1.251.2.20 + src/sys/conf/newvers.sh 1.50.2.20 + src/usr.bin/fetch/fetch.c 1.62.2.1 +RELENG_5_0 + src/UPDATING 1.229.2.28 + src/sys/conf/newvers.sh 1.48.2.23 + src/usr.bin/fetch/fetch.c 1.58.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.6 (FreeBSD) + +iD8DBQFBn6qYFdaIBMps37IRAkOZAJ4+DJtAK+I8lEvskiiFH10UOQHTUACfVn46 +g/AoLZ0r9AI8zW/trV2RRO8= +=HXQL +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-04:17.procfs.asc b/share/security/advisories/FreeBSD-SA-04:17.procfs.asc new file mode 100644 index 0000000000..0042ad0a0f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-04:17.procfs.asc @@ -0,0 +1,147 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-04:17.procfs Security Advisory + The FreeBSD Project + +Topic: Kernel memory disclosure in procfs and linprocfs + +Category: core +Module: sys +Announced: 2004-12-01 +Credits: Bryan Fulton, Ted Unangst, and the SWAT analysis tool + Coverity, Inc. +Affects: All FreeBSD releases +Corrected: 2004-12-01 21:33:35 UTC (RELENG_5, 5.3-STABLE) + 2004-12-01 21:34:23 UTC (RELENG_5_3, 5.3-RELEASE-p2) + 2004-12-01 21:34:43 UTC (RELENG_5_2, 5.2.1-RELEASE-p13) + 2004-12-01 21:33:57 UTC (RELENG_4, 4.10-STABLE) + 2004-12-01 21:35:10 UTC (RELENG_4_10, 4.10-RELEASE-p5) + 2004-12-01 21:35:57 UTC (RELENG_4_8, 4.8-RELEASE-p27) +CVE Name: CAN-2004-1066 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The process file system, procfs(5), implements a view of the system +process table inside the file system. It is normally mounted on +/proc, and is required for the complete operation of programs such as +ps(1) and w(1). + +The Linux process file system, linprocfs(5), emulates a subset of +Linux's process file system and is required for the complete operation +of some Linux binaries. + +II. Problem Description + +The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5) +file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline +pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process' +argument vector from the process address space. During this operation, +a pointer was dereferenced directly without the necessary validation +steps being performed. + +III. Impact + +A malicious local user could perform a local denial of service attack by +causing a system panic; or he could read parts of kernel memory. Such +memory might contain sensitive information, such as portions of the file +cache or terminal buffers. This information might be directly useful, or +it might be leveraged to obtain elevated privileges in some way. For +example, a terminal buffer might contain a user-entered password. + +FreeBSD 4.x does not implement the /proc/self/cmdline pseudofile in +its linprocfs(5) file system, and is therefore only affected if the +procfs(5) file system is mounted. + +In its default configuration, FreeBSD 5.x does not utilize procfs(5) +or linprocfs(5) and will therefore be unaffected by this vulnerability +unless the configuration is changed. + +IV. Workaround + +Unmount the procfs and linprocfs file systems if they are mounted. +Execute the following command as root: + + umount -A -t procfs,linprocfs + +Also, remove or comment out any lines in fstab(5) that reference +`procfs' or `linprocfs', so that they will not be re-mounted at next +reboot. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated +after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.10, +5.2, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs4.patch.asc + +[FreeBSD 5.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs5.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.6 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.6 + src/sys/conf/newvers.sh 1.44.2.34.2.7 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.5.4.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.30 + src/sys/conf/newvers.sh 1.44.2.29.2.28 + src/sys/miscfs/procfs/procfs_status.c 1.20.2.4.8.2 +RELENG_5 + src/sys/compat/linprocfs/linprocfs.c 1.84.2.1 + src/sys/fs/procfs/procfs_status.c 1.52.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.5 + src/sys/compat/linprocfs/linprocfs.c 1.84.4.1 + src/sys/conf/newvers.sh 1.62.2.15.2.7 + src/sys/fs/procfs/procfs_status.c 1.52.4.1 +RELENG_5_2 + src/UPDATING 1.282.2.21 + src/sys/compat/linprocfs/linprocfs.c 1.78.2.1 + src/sys/conf/newvers.sh 1.56.2.20 + src/sys/fs/procfs/procfs_status.c 1.49.2.1 +- ------------------------------------------------------------------------- +-----BEGIN PGP SIGNATURE----- + +iD8DBQFBrlpUFdaIBMps37IRAkqSAJ9bJt5VXd0g+OpZq76O84LGEtw3HgCfayws +iuc0B5+J0K67LvDIUA6+wck= +=2l7f +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:01.telnet.asc b/share/security/advisories/FreeBSD-SA-05:01.telnet.asc new file mode 100644 index 0000000000..c5155609d4 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:01.telnet.asc @@ -0,0 +1,142 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:01.telnet Security Advisory + The FreeBSD Project + +Topic: telnet client buffer overflows + +Category: contrib +Module: contrib/telnet +Announced: 2005-03-28 +Credits: iDEFENSE +Affects: All FreeBSD releases prior to 5.4-RELEASE +Corrected: 2005-03-28 15:50:00 UTC (RELENG_5, 5.4-PRERELEASE) + 2005-03-28 15:48:00 UTC (RELENG_4, 4.11-STABLE) + 2005-03-28 15:52:00 UTC (RELENG_5_3, 5.3-RELEASE-p6) + 2005-03-28 15:57:00 UTC (RELENG_4_11, 4.11-RELEASE-p1) + 2005-03-28 15:58:00 UTC (RELENG_4_10, 4.10-RELEASE-p6) + 2005-03-28 16:00:00 UTC (RELENG_4_8, 4.8-RELEASE-p28) +CVE Name: CAN-2005-0468 CAN-2005-0469 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The telnet(1) command is a TELNET protocol client, used primarily to +establish terminal sessions across a network. + +II. Problem Description + +Buffer overflows were discovered in the env_opt_add() and +slc_add_reply() functions of the telnet(1) command. TELNET protocol +commands, options, and data are copied from the network to a +fixed-sized buffer. In the case of env_opt_add (CAN-2005-0468), the +buffer is located on the heap. In the case of slc_add_reply +(CAN-2005-0469), the buffer is global uninitialized data (BSS). + +III. Impact + +These buffer overflows may be triggered when connecting to a malicious +server, or by an active attacker in the network path between the +client and server. Specially crafted TELNET command sequences may +cause the execution of arbitrary code with the privileges of the user +invoking telnet(1). + +IV. Workaround + +Do not use telnet(1) to connect to untrusted machines or over an +untrusted network. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_4_11, RELENG_4_10, or RELENG_4_8 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.10, +4.11, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet4.patch.asc + +[FreeBSD 5.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet5.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Rebuild the operating system as described in +. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.4 + src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.2.1 + src/crypto/telnet/telnet/telnet.c 1.4.2.6 + src/usr.bin/telnet/telnet.c 1.8.2.4 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.2 + src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.3.10.1 + src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.22.1 + src/crypto/telnet/telnet/telnet.c 1.4.2.5.12.1 + src/sys/conf/newvers.sh 1.44.2.39.2.5 + src/usr.bin/telnet/telnet.c 1.8.2.3.12.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.7 + src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.3.8.1 + src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.20.1 + src/crypto/telnet/telnet/telnet.c 1.4.2.5.10.1 + src/sys/conf/newvers.sh 1.44.2.34.2.8 + src/usr.bin/telnet/telnet.c 1.8.2.3.10.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.32 + src/crypto/heimdal/appl/telnet/telnet/telnet.c 1.1.1.1.2.3.4.1 + src/crypto/kerberosIV/appl/telnet/telnet/telnet.c 1.1.1.1.16.1 + src/crypto/telnet/telnet/telnet.c 1.4.2.5.6.1 + src/sys/conf/newvers.sh 1.44.2.29.2.29 + src/usr.bin/telnet/telnet.c 1.8.2.3.6.1 +RELENG_5 + src/contrib/telnet/telnet/telnet.c 1.14.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.9 + src/contrib/telnet/telnet/telnet.c 1.14.8.1 + src/sys/conf/newvers.sh 1.62.2.15.2.11 +- ------------------------------------------------------------------------- + +VII. References + +[IDEF0866] Multiple Telnet Client slc_add_reply() Buffer Overflow +http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities + +[IDEF0867] Multiple Telnet Client env_opt_add() Buffer Overflow +http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 + +iD8DBQFCSECrFdaIBMps37IRAnRJAJ0VbP6TyaX7SLE2EwSrIYU25JSD9wCfYoe9 +Qg2Lw/6QFLOgYG1jPuzogEs= +=0rFv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:02.sendfile.asc b/share/security/advisories/FreeBSD-SA-05:02.sendfile.asc new file mode 100644 index 0000000000..2626045fd0 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:02.sendfile.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:02.sendfile Security Advisory + The FreeBSD Project + +Topic: sendfile kernel memory disclosure + +Category: core +Module: sys_kern +Announced: 2005-04-04 +Credits: Sven Berkvens + Marc Olzheim +Affects: All FreeBSD 4.x releases + All FreeBSD 5.x releases prior to 5.4-RELEASE +Corrected: 2005-04-04 23:52:02 UTC (RELENG_5, 5.4-STABLE) + 2005-04-04 23:52:35 UTC (RELENG_5_4, 5.4-RELEASE) + 2005-04-04 23:53:24 UTC (RELENG_5_3, 5.3-RELEASE-p7) + 2005-04-04 23:53:36 UTC (RELENG_4, 4.11-STABLE) + 2005-04-04 23:53:56 UTC (RELENG_4_11, 4.11-RELEASE-p2) + 2005-04-04 23:54:13 UTC (RELENG_4_10, 4.10-RELEASE-p7) + 2005-04-04 23:54:33 UTC (RELENG_4_8, 4.8-RELEASE-p29) +CVE Name: CAN-2005-0708 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The sendfile(2) system call allows a server application (such as an HTTP +or FTP server) to transmit the contents of a file over a network +connection without first copying it to application memory. High +performance servers such as Apache and ftpd use sendfile. + +II. Problem Description + +If the file being transmitted is truncated after the transfer has +started but before it completes, sendfile(2) will transfer the contents +of more or less random portions of kernel memory in lieu of the +missing part of the file. + +III. Impact + +A local user could create a large file and truncate it while +transferring it to himself, thus obtaining a copy of portions of system +memory to which he would normally not have access. Such memory might +contain sensitive information, such as portions of the file cache or +terminal buffers. This information might be directly useful, or it +might be leveraged to obtain elevated privileges in some way. For +example, a terminal buffer might include a user-entered password. + +IV. Workaround + +No known workaround. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_4_11, RELENG_4_10, or RELENG_4_8 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.8, 4.10, +4.11, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_4.patch.asc + +[FreeBSD 5.3] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_5.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/ufs/ffs/ffs_inode.c 1.56.2.6 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.3 + src/sys/conf/newvers.sh 1.44.2.39.2.6 + src/sys/ufs/ffs/ffs_inode.c 1.56.2.5.12.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.8 + src/sys/conf/newvers.sh 1.44.2.34.2.8 + src/sys/ufs/ffs/ffs_inode.c 1.56.2.5.10.1 +RELENG_4_8 + src/UPDATING 1.73.2.80.2.33 + src/sys/conf/newvers.sh 1.44.2.29.2.29 + src/sys/ufs/ffs/ffs_inode.c 1.56.2.5.6.1 +RELENG_5 + src/sys/ufs/ffs/ffs_inode.c 1.93.2.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.1 + src/sys/ufs/ffs/ffs_inode.c 1.93.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.10 + src/sys/conf/newvers.sh 1.62.2.15.2.12 + src/sys/ufs/ffs/ffs_inode.c 1.93.4.1 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 (FreeBSD) + +iD8DBQFCUdSBFdaIBMps37IRAkJQAJ9jiw22zHygE8ui8ksl3T5jo12L6gCgkq5i +CYhVGcVxiWOU9Yu1Muwi1Xw= +=83NE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:03.amd64.asc b/share/security/advisories/FreeBSD-SA-05:03.amd64.asc new file mode 100644 index 0000000000..2b71af52bf --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:03.amd64.asc @@ -0,0 +1,105 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:03.amd64 Security Advisory + The FreeBSD Project + +Topic: unprivileged hardware access on amd64 + +Category: core +Module: sys_amd64 +Announced: 2005-04-06 +Credits: Jari Kirma +Affects: All FreeBSD/amd64 5.x releases prior to 5.4-RELEASE +Corrected: 2005-04-06 01:05:51 UTC (RELENG_5, 5.4-STABLE) + 2005-04-06 01:06:15 UTC (RELENG_5_4, 5.4-RELEASE) + 2005-04-06 01:06:44 UTC (RELENG_5_3, 5.3-RELEASE-p8) +CVE Name: CAN-2005-1036 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The AMD64 architecture has two mechanisms for permitting processes to +access hardware: Kernel code can access hardware directly by reason of +its elevated privilege level, while user code can access a subset of +hardware determined by a bitmap. + +II. Problem Description + +The bitmap which determines which hardware can be accessed by unprivileged +processes was not initialized properly. + +III. Impact + +Unprivileged users on amd64 systems can gain direct access to some +hardware, allowing for denial of service, disclosure of sensitive +information, or possible privilege escalation. + +IV. Workaround + +No workaround is known for amd64 systems; other platforms are not +affected by this issue. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE or to the RELENG_5_3 +security branch dated after the correction date. + +2) To patch your present system: + +a) Download the patch from the location below, and verify the detached +PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:03/amd64.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:03/amd64.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/amd64/amd64/machdep.c 1.618.2.10 + src/sys/amd64/amd64/mp_machdep.c 1.242.2.8 + src/sys/amd64/include/tss.h 1.16.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.2 + src/sys/amd64/amd64/machdep.c 1.618.2.9.2.1 + src/sys/amd64/amd64/mp_machdep.c 1.242.2.7.2.1 + src/sys/amd64/include/tss.h 1.16.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.11 + src/sys/conf/newvers.sh 1.62.2.15.2.13 + src/sys/amd64/amd64/machdep.c 1.618.2.1.2.1 + src/sys/amd64/amd64/mp_machdep.c 1.242.2.2.2.1 + src/sys/amd64/include/tss.h 1.16.4.1 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCdsQfFdaIBMps37IRAnIGAJ453F2kq8j86y2MDS0JqZ0JBS5+AwCbBU8t +RPLxihOwLQuoTtKykfrgeBA= +=UEL1 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc b/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc new file mode 100644 index 0000000000..e32a03bcfc --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:04.ifconf Security Advisory + The FreeBSD Project + +Topic: Kernel memory disclosure in ifconf() + +Category: core +Module: sys_net +Announced: 2005-04-15 +Credits: Ilja van Sprundel +Affects: All FreeBSD 4.x releases + All FreeBSD 5.x releases prior to 5.4-RELEASE +Corrected: 2005-04-15 01:51:44 UTC (RELENG_5, 5.4-STABLE) + 2005-04-15 01:52:03 UTC (RELENG_5_4, 5.4-RELEASE) + 2005-04-15 01:52:25 UTC (RELENG_5_3, 5.3-RELEASE-p9) + 2005-04-15 01:52:40 UTC (RELENG_4, 4.11-STABLE) + 2005-04-15 01:52:57 UTC (RELENG_4_11, 4.11-RELEASE-p3) + 2005-04-15 01:53:14 UTC (RELENG_4_10, 4.10-RELEASE-p8) +CVE Name: CAN-2005-1126 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce +a list of the existing network interfaces and copy it into a buffer +provided by the user process. + +II. Problem Description + +In generating the list of network interfaces, the kernel writes into a +portion of a buffer without first zeroing it. As a result, the prior +contents of the buffer will be disclosed to the calling process. + +III. Impact + +Up to 12 bytes of kernel memory may be disclosed to the user process. +Such memory might contain sensitive information, such as portions of +the file cache or terminal buffers. This information might be directly +useful, or it might be leveraged to obtain elevated privileges in some +way. For example, a terminal buffer might include a user-entered +password. + +IV. Workaround + +No known workaround. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, 4.11, +and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch.asc + +[FreeBSD 5.3] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/net/if.c 1.85.2.29 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.4 + src/sys/conf/newvers.sh 1.44.2.39.2.7 + src/sys/net/if.c 1.85.2.28.2.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.9 + src/sys/conf/newvers.sh 1.44.2.34.2.10 + src/sys/net/if.c 1.85.2.25.2.1 +RELENG_5 + src/sys/net/if.c 1.199.2.15 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.3 + src/sys/net/if.c 1.199.2.14.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.12 + src/sys/conf/newvers.sh 1.62.2.15.2.14 + src/sys/net/if.c 1.199.2.7.2.3 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCdsQnFdaIBMps37IRAqv+AJ4iFgJn+lud8kW+IPTuDe/fRNaKWwCeIMwY +llpfOaeaHq82l+ndg0F3uUM= +=NwqA +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:05.cvs.asc b/share/security/advisories/FreeBSD-SA-05:05.cvs.asc new file mode 100644 index 0000000000..5572831db0 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:05.cvs.asc @@ -0,0 +1,143 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:05.cvs Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in CVS + +Category: contrib +Module: cvs +Announced: 2005-04-22 +Credits: Alen Zukich +Affects: All FreeBSD 4.x releases + All FreeBSD 5.x releases prior to 5.4-RELEASE +Corrected: 2005-04-22 18:01:04 UTC (RELENG_5, 5.4-STABLE) + 2005-04-22 18:03:18 UTC (RELENG_5_4, 5.4-RELEASE) + 2005-04-22 18:07:10 UTC (RELENG_5_3, 5.3-RELEASE-p10) + 2005-04-22 18:13:30 UTC (RELENG_4, 4.11-STABLE) + 2005-04-22 18:17:22 UTC (RELENG_4_11, 4.11-RELEASE-p4) + 2005-04-22 18:16:15 UTC (RELENG_4_10, 4.10-RELEASE-p9) +CVE Name: CAN-2005-0753 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The Concurrent Versions System (CVS) is a version control system. It +may be used to access a repository locally, or to access a `remote +repository' using a number of different methods. When accessing a +remote repository, the target machine runs the CVS server to fulfill +client requests. + +II. Problem Description + +Multiple programming errors were found in CVS. In one case, variable +length strings are copied into a fixed length buffer without adequate +checks being made; other errors include NULL pointer dereferences, +possible use of uninitialized variables, and memory leaks. + +III. Impact + +CVS servers ("cvs server" or :pserver: modes) are affected by these +problems. The buffer overflow may potentially be exploited to execute +arbitrary code on the CVS server, either in the context of the +authenticated user or in the context of the CVS server, depending on +the access method used. The other errors may lead to a denial of +service. + +IV. Workaround + +No workaround is available for cvs servers; cvs clients are unaffected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.10] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch.asc + +[FreeBSD 4.11 and 5.3] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/cvs +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/cvs/src/login.c 1.3.2.6 + src/contrib/cvs/src/patch.c 1.1.1.7.2.7 + src/contrib/cvs/src/rcs.c 1.19.2.7 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.5 + src/sys/conf/newvers.sh 1.44.2.39.2.8 + src/contrib/cvs/src/login.c 1.3.2.5.2.1 + src/contrib/cvs/src/patch.c 1.1.1.7.2.6.2.1 + src/contrib/cvs/src/rcs.c 1.19.2.6.2.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.10 + src/sys/conf/newvers.sh 1.44.2.34.2.11 + src/contrib/cvs/src/login.c 1.3.2.4.6.1 + src/contrib/cvs/src/patch.c 1.1.1.7.2.5.6.1 + src/contrib/cvs/src/rcs.c 1.19.2.5.6.1 +RELENG_5 + src/contrib/cvs/src/login.c 1.8.2.1 + src/contrib/cvs/src/patch.c 1.1.1.13.2.1 + src/contrib/cvs/src/rcs.c 1.27.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.4 + src/contrib/cvs/src/login.c 1.8.6.1 + src/contrib/cvs/src/patch.c 1.1.1.13.6.1 + src/contrib/cvs/src/rcs.c 1.27.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.13 + src/sys/conf/newvers.sh 1.62.2.15.2.15 + src/contrib/cvs/src/login.c 1.8.4.1 + src/contrib/cvs/src/patch.c 1.1.1.13.4.1 + src/contrib/cvs/src/rcs.c 1.27.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753 +http://secunia.com/advisories/14976/ +http://xforce.iss.net/xforce/xfdb/20148 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.0 (FreeBSD) + +iD8DBQFCaUaaFdaIBMps37IRAvkoAJ47xsv+CGE12jJxGRMZrS8nFgx9XQCfVs5W +ZqGIq4p/ylx2yUZvZTjh34o= +=ldk9 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:06.iir.asc b/share/security/advisories/FreeBSD-SA-05:06.iir.asc new file mode 100644 index 0000000000..a0b793fb00 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:06.iir.asc @@ -0,0 +1,138 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:06.iir Security Advisory + The FreeBSD Project + +Topic: Incorrect permissions on /dev/iir + +Category: core +Module: sys_dev +Announced: 2005-05-06 +Credits: Christian S.J. Peron + Andre Guibert de Bruet +Affects: All FreeBSD 4.x releases since 4.6-RELEASE + All FreeBSD 5.x releases prior to 5.4-RELEASE +Corrected: 2005-05-06 02:33:46 UTC (RELENG_5, 5.4-STABLE) + 2005-05-06 02:34:18 UTC (RELENG_5_4, 5.4-RELEASE) + 2005-05-06 02:34:01 UTC (RELENG_5_3, 5.3-RELEASE-p11) + 2005-05-06 02:32:54 UTC (RELENG_4, 4.11-STABLE) + 2005-05-06 02:33:28 UTC (RELENG_4_11, 4.11-RELEASE-p5) + 2005-05-06 02:33:12 UTC (RELENG_4_10, 4.10-RELEASE-p10) +CVE Name: CAN-2005-1399 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2005-05-06 Initial release. +v1.1 2005-05-07 Updated credits to include Andre Guibert de Bruet, who + was inadvertantly omitted from the original advisory. + +I. Background + +The iir(4) driver provides support for the Intel Integrated RAID +controllers and ICP Vortex RAID controllers. + +II. Problem Description + +The default permissions on the /dev/iir device node allow unprivileged +local users to open the device and execute ioctl calls. + +III. Impact + +Unprivileged local users can send commands to the hardware supported by +the iir(4) driver, allowing destruction of data and possible disclosure +of data. + +IV. Workaround + +Systems without hardware supported by the iir(4) driver are not affected +by this issue. On systems which are affected, as a workaround, the +permissions on /dev/iir can be changed manually. + +As root, execute the following command: + +# chmod 0600 /dev/iir* + +On 5.x, the following commands are also needed to ensure that the +correct permissions are used after rebooting. + +# echo 'perm iir* 0600' >> /etc/devfs.conf +# echo 'devfs_enable="YES"' >> /etc/rc.conf + +If the administrator has created additional device nodes, or mounted +additional instances of devfs(5) elsewhere in the file system name +space, attention should be paid to ensure that either the iir device +node is not visible in those name spaces, or is similarly protected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after +the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/dev/iir/iir_ctrl.c 1.2.2.5 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.6 + src/sys/conf/newvers.sh 1.44.2.39.2.9 + src/sys/dev/iir/iir_ctrl.c 1.2.2.4.12.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.11 + src/sys/conf/newvers.sh 1.44.2.34.2.12 + src/sys/dev/iir/iir_ctrl.c 1.2.2.4.10.1 +RELENG_5 + src/sys/dev/iir/iir_ctrl.c 1.15.2.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.5 + src/sys/dev/iir/iir_ctrl.c 1.15.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.14 + src/sys/conf/newvers.sh 1.62.2.15.2.16 + src/sys/dev/iir/iir_ctrl.c 1.15.4.1 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCfEXyFdaIBMps37IRAu6WAJ9qBjsIfH7GGPRiHsvXwlkuau5kswCfXhan +YhoUBZ4gHuIXJFM1gOEAyVk= +=zRAR +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:07.ldt.asc b/share/security/advisories/FreeBSD-SA-05:07.ldt.asc new file mode 100644 index 0000000000..6f413c334e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:07.ldt.asc @@ -0,0 +1,125 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:07.ldt Security Advisory + The FreeBSD Project + +Topic: Local kernel memory disclosure in i386_get_ldt + +Category: core +Module: sys_i386 +Announced: 2005-05-06 +Credits: Christer Oberg +Affects: All FreeBSD/i386 4.x releases since 4.7-RELEASE + All FreeBSD/i386 5.x and FreeBSD/amd64 5.x releases + prior to 5.4-RELEASE +Corrected: 2005-05-06 02:40:19 UTC (RELENG_5, 5.4-STABLE) + 2005-05-06 02:40:49 UTC (RELENG_5_4, 5.4-RELEASE) + 2005-05-06 02:40:32 UTC (RELENG_5_3, 5.3-RELEASE-p12) + 2005-05-06 02:39:35 UTC (RELENG_4, 4.11-STABLE) + 2005-05-06 02:40:05 UTC (RELENG_4_11, 4.11-RELEASE-p6) + 2005-05-06 02:39:52 UTC (RELENG_4_10, 4.10-RELEASE-p11) +CVE Name: CAN-2005-1400 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The i386_get_ldt(2) system call allows a process to request that a +portion of its Local Descriptor Table be copied from the kernel into +userland. + +II. Problem Description + +The i386_get_ldt(2) syscall performs insufficient validation of its +input arguments. In particular, negative or very large values may +allow inappropriate data to be copied from the kernel. + +III. Impact + +Kernel memory may be disclosed to the user process. Such memory might +contain sensitive information, such as portions of the file cache or +terminal buffers. This information might be directly useful, or it +might be leveraged to obtain elevated privileges in some way. For +example, a terminal buffer might include a user-entered password. + +IV. Workaround + +No workaround is known for i386 and amd64 systems; other platforms are +not affected by this issue. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after +the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch.asc + +[FreeBSD 5.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/i386/i386/sys_machdep.c 1.47.2.4 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.7 + src/sys/conf/newvers.sh 1.44.2.39.2.10 + src/sys/i386/i386/sys_machdep.c 1.47.2.3.8.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.12 + src/sys/conf/newvers.sh 1.44.2.34.2.13 + src/sys/i386/i386/sys_machdep.c 1.47.2.3.6.1 +RELENG_5 + src/sys/i386/i386/sys_machdep.c 1.92.2.3 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.6 + src/sys/i386/i386/sys_machdep.c 1.92.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.15 + src/sys/conf/newvers.sh 1.62.2.15.2.17 + src/sys/i386/i386/sys_machdep.c 1.92.4.1 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCetz/FdaIBMps37IRAsGyAJ0e/186b85KV2w0iqXy+eZe4aoGMwCfSlRm +TqqVUL/yrYbXxlyzJZNEjPs= +=/YXX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:08.kmem.asc b/share/security/advisories/FreeBSD-SA-05:08.kmem.asc new file mode 100644 index 0000000000..943c49ec15 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:08.kmem.asc @@ -0,0 +1,168 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:08.kmem Security Advisory + The FreeBSD Project + +Topic: Local kernel memory disclosure + +Category: core +Module: sys +Announced: 2005-05-06 +Credits: Christian S.J. Peron + Uwe Doering +Affects: All FreeBSD releases prior to 5.4-RELEASE +Corrected: 2005-05-08 10:19:37 UTC (RELENG_5, 5.4-STABLE) + 2005-05-07 03:58:26 UTC (RELENG_5_4, 5.4-RELEASE) + 2005-05-08 10:23:52 UTC (RELENG_5_3, 5.3-RELEASE-p14) + 2005-05-08 10:26:42 UTC (RELENG_4, 4.11-STABLE) + 2005-05-08 10:29:54 UTC (RELENG_4_11, 4.11-RELEASE-p8) + 2005-05-08 10:35:56 UTC (RELENG_4_10, 4.10-RELEASE-p13) +CVE Name: CAN-2005-1406 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2005-05-06 Initial release. +v1.1 2005-05-07 Updated patch to include related issues reported by + Uwe Doering. + +I. Background + +In many parts of the FreeBSD kernel, names (of mount points, devices, +files, etc.) are manipulated as NULL-terminated strings, but are provided +to applications within fixed-length buffers. + +II. Problem Description + +In several places, variable-length strings were copied into fixed-length +buffers without zeroing the unused portion of the buffer. + +III. Impact + +The previous contents of part of the fixed-length buffers will be +disclosed to applications. Such memory might contain sensitive +information, such as portions of the file cache or terminal buffers. +This information might be directly useful, or it might be leveraged to +obtain elevated privileges in some way. For example, a terminal buffer +might include a user-entered password. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after +the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, and 5.3 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4x.patch.asc + +[FreeBSD 5.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5x.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/kern/uipc_usrreq.c 1.54.2.11 + src/sys/kern/vfs_subr.c 1.249.2.32 + src/sys/net/if_mib.c 1.8.2.3 + src/sys/netinet/ip_divert.c 1.42.2.8 + src/sys/netinet/raw_ip.c 1.64.2.20 + src/sys/netinet/tcp_subr.c 1.73.2.34 + src/sys/netinet/udp_usrreq.c 1.64.2.20 +RELENG_4_11 + src/UPDATING 1.72.2.91.2.9 + src/sys/conf/newvers.sh 1.44.2.39.2.12 + src/sys/kern/uipc_usrreq.c 1.54.2.10.8.1 + src/sys/kern/vfs_subr.c 1.249.2.31.6.1 + src/sys/net/if_mib.c 1.8.2.2.2.1 + src/sys/netinet/ip_divert.c 1.42.2.7.2.1 + src/sys/netinet/raw_ip.c 1.64.2.19.2.1 + src/sys/netinet/tcp_subr.c 1.73.2.33.4.1 + src/sys/netinet/udp_usrreq.c 1.64.2.19.6.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.14 + src/sys/conf/newvers.sh 1.44.2.34.2.15 + src/sys/kern/uipc_usrreq.c 1.54.2.10.6.1 + src/sys/kern/vfs_subr.c 1.249.2.31.4.1 + src/sys/net/if_mib.c 1.8.2.1.16.2 + src/sys/netinet/ip_divert.c 1.42.2.6.6.1 + src/sys/netinet/raw_ip.c 1.64.2.18.4.1 + src/sys/netinet/tcp_subr.c 1.73.2.33.2.1 + src/sys/netinet/udp_usrreq.c 1.64.2.19.4.1 +RELENG_5 + src/sys/kern/subr_bus.c 1.156.2.7 + src/sys/kern/uipc_usrreq.c 1.138.2.14 + src/sys/kern/vfs_subr.c 1.522.2.5 + src/sys/net/if_mib.c 1.13.4.2 + src/sys/netinet/ip_divert.c 1.98.2.3 + src/sys/netinet/raw_ip.c 1.142.2.5 + src/sys/netinet/tcp_subr.c 1.201.2.18 + src/sys/netinet/udp_usrreq.c 1.162.2.8 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.9 + src/sys/kern/subr_bus.c 1.156.2.5.2.1 + src/sys/kern/uipc_usrreq.c 1.138.2.13.2.1 + src/sys/kern/vfs_subr.c 1.522.2.4.2.1 + src/sys/net/if_mib.c 1.13.4.1.2.1 + src/sys/netinet/ip_divert.c 1.98.2.2.2.1 + src/sys/netinet/raw_ip.c 1.142.2.4.2.1 + src/sys/netinet/tcp_subr.c 1.201.2.15.2.1 + src/sys/netinet/udp_usrreq.c 1.162.2.7.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.17 + src/sys/conf/newvers.sh 1.62.2.15.2.19 + src/sys/kern/subr_bus.c 1.156.2.2.2.1 + src/sys/kern/uipc_usrreq.c 1.138.2.2.2.2 + src/sys/kern/vfs_subr.c 1.522.2.1.2.1 + src/sys/net/if_mib.c 1.13.6.1 + src/sys/netinet/ip_divert.c 1.98.4.1 + src/sys/netinet/raw_ip.c 1.142.2.2.2.1 + src/sys/netinet/tcp_subr.c 1.201.2.1.2.2 + src/sys/netinet/udp_usrreq.c 1.162.2.3.2.1 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCfe9TFdaIBMps37IRAoANAJ9SvXgbD8c2Pw4akOWba95PklG1NgCeOPce +Ib7DiBQuu7LR2ZG70BP+eKQ= +=8wrv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:09.htt.asc b/share/security/advisories/FreeBSD-SA-05:09.htt.asc new file mode 100644 index 0000000000..4f7170389f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:09.htt.asc @@ -0,0 +1,178 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:09.htt Security Advisory + The FreeBSD Project + +Topic: information disclosure when using HTT + +Category: core +Module: sys +Announced: 2005-05-13 +Revised: 2005-05-13 +Credits: Colin Percival +Affects: All FreeBSD/i386 and FreeBSD/amd64 releases. +Corrected: 2005-05-13 00:13:00 UTC (RELENG_5, 5.4-STABLE) + 2005-05-13 00:13:00 UTC (RELENG_5_4, 5.4-RELEASE-p1) + 2005-05-13 00:13:00 UTC (RELENG_5_3, 5.3-RELEASE-p15) + 2005-05-13 00:13:00 UTC (RELENG_4, 4.11-STABLE) + 2005-05-13 00:13:00 UTC (RELENG_4_11, 4.11-RELEASE-p9) + 2005-05-13 00:13:00 UTC (RELENG_4_10, 4.10-RELEASE-p14) +CVE Name: CAN-2005-0109 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2005-05-13 Initial release. +v1.1 2005-05-13 Additional details. + +I. Background + +Sharing the execution resources of a superscalar processor between +multiple execution threads is referred to as "simultaneous +multithreading". "Hyper-Threading Technology" or HTT is the name used +for the implementation of simultaneous multithreading on Intel Pentium +4, Mobile Pentium 4, and Xeon processors. HTT involves sharing +certain CPU resources between multiple threads, including memory +caches. FreeBSD supports HTT when using a kernel compiled with +the SMP option. + +II. Problem Description + +When running on processors supporting Hyper-Threading Technology, it is +possible for a malicious thread to monitor the execution of another +thread. + +NOTE: Similar problems may exist in other simultaneous multithreading +implementations, or even some systems in the absence of simultaneous +multithreading. However, current research has only demonstrated this +flaw in Hyper-Threading Technology, where shared memory caches are used. + +III. Impact + +Information may be disclosed to local users, allowing in many cases for +privilege escalation. For example, on a multi-user system, it may be +possible to steal cryptographic keys used in applications such as OpenSSH +or SSL-enabled web servers. + +IV. Workaround + +Systems not using processors with Hyper-Threading Technology support are +not affected by this issue. On systems which are affected, the security +flaw can be eliminated by setting the "machdep.hlt_logical_cpus" tunable: + +# echo "machdep.hlt_logical_cpus=1" >> /boot/loader.conf + +The system must be rebooted in order for tunables to take effect. + +Use of this workaround is not recommended on "dual-core" systems, as +this workaround will also disable one of the processor cores. + +V. Solution + +Disable Hyper-Threading Technology on processors that support it. + +NOTE: It is expected that future work in cryptographic libraries and +operating system schedulers may remedy this problem for many or most +users, without necessitating the disabling of Hyper-Threading +Technology. Future advisories will address individual cases. + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, and 5.4 systems. + +a) Download the relevant patch from the location below and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.10] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch.asc + +[FreeBSD 4.11] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch.asc + +[FreeBSD 5.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +NOTE: For users that are certain that their environment is not affected +by this vulnerability, such as single-user systems, Hyper-Threading +Technology may be re-enabled by setting the tunable +"machdep.hyperthreading_allowed". + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/i386/i386/mp_machdep.c 1.115.2.23 + src/sys/i386/include/cpufunc.h 1.96.2.4 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.10 + src/sys/conf/newvers.sh 1.44.2.39.2.13 + src/sys/i386/i386/mp_machdep.c 1.115.2.22.2.1 + src/sys/i386/include/cpufunc.h 1.96.2.3.12.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.15 + src/sys/conf/newvers.sh 1.44.2.34.2.16 + src/sys/i386/i386/mp_machdep.c 1.115.2.20.2.1 + src/sys/i386/include/cpufunc.h 1.96.2.3.10.1 +RELENG_5 + src/sys/amd64/amd64/mp_machdep.c 1.242.2.11 + src/sys/amd64/include/cpufunc.h 1.145.2.1 + src/sys/i386/i386/mp_machdep.c 1.235.2.10 + src/sys/i386/include/cpufunc.h 1.142.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.10 + src/sys/amd64/amd64/mp_machdep.c 1.242.2.7.2.4 + src/sys/amd64/include/cpufunc.h 1.145.6.1 + src/sys/conf/newvers.sh 1.62.2.18.2.6 + src/sys/i386/i386/mp_machdep.c 1.235.2.6.2.3 + src/sys/i386/include/cpufunc.h 1.142.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.18 + src/sys/amd64/amd64/mp_machdep.c 1.242.2.2.2.2 + src/sys/amd64/include/cpufunc.h 1.145.4.1 + src/sys/conf/newvers.sh 1.62.2.15.2.20 + src/sys/i386/i386/mp_machdep.c 1.235.2.3.2.2 + src/sys/i386/include/cpufunc.h 1.142.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.daemonology.net/hyperthreading-considered-harmful/ + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc +-----BEGIN PGP SIGNATURE----- + +iD8DBQFChJA4FdaIBMps37IRAo8nAJ9w7xtIF0atnxiKDhFOpBXEZQDtZQCghWdM +qc5lGST7l+iJEYN/7zTNUPY= +=WqEa +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:10.tcpdump.asc b/share/security/advisories/FreeBSD-SA-05:10.tcpdump.asc new file mode 100644 index 0000000000..ea6bb178e1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:10.tcpdump.asc @@ -0,0 +1,116 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:10.tcpdump Security Advisory + The FreeBSD Project + +Topic: Infinite loops in tcpdump protocol decoding + +Category: contrib +Module: tcpdump +Announced: 2005-06-09 +Credits: "Vade 79", Simon L. Nielsen +Affects: FreeBSD 5.3-RELEASE and FreeBSD 5.4-RELEASE +Corrected: 2005-06-08 21:26:27 UTC (RELENG_5, 5.4-STABLE) + 2005-06-08 21:27:44 UTC (RELENG_5_4, 5.4-RELEASE-p2) + 2005-06-08 21:29:15 UTC (RELENG_5_3, 5.3-RELEASE-p16) +CVE Name: CAN-2005-1267, CAN-2005-1278, CAN-2005-1279, CAN-2005-1280 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The tcpdump utility is used to capture and examine network traffic. + +II. Problem Description + +Several tcpdump protocol decoders contain programming errors which can +cause them to go into infinite loops. + +III. Impact + +An attacker can inject specially crafted packets into the network +which, when processed by tcpdump, could lead to a denial-of-service. +After the attack, tcpdump would no longer capture traffic, and would +potentially use all available processor time. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 +or RELENG_5_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3 and +5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/tcpdump/tcpdump +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/contrib/tcpdump/print-bgp.c 1.1.1.5.2.1 + src/contrib/tcpdump/print-isoclns.c 1.12.2.1 + src/contrib/tcpdump/print-ldp.c 1.1.1.1.2.1 + src/contrib/tcpdump/print-rsvp.c 1.1.1.1.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.11 + src/sys/conf/newvers.sh 1.62.2.18.2.7 + src/contrib/tcpdump/print-bgp.c 1.1.1.5.6.1 + src/contrib/tcpdump/print-isoclns.c 1.12.6.1 + src/contrib/tcpdump/print-ldp.c 1.1.1.1.6.1 + src/contrib/tcpdump/print-rsvp.c 1.1.1.1.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.19 + src/sys/conf/newvers.sh 1.62.2.15.2.21 + src/contrib/tcpdump/print-bgp.c 1.1.1.5.4.1 + src/contrib/tcpdump/print-isoclns.c 1.12.4.1 + src/contrib/tcpdump/print-ldp.c 1.1.1.1.4.1 + src/contrib/tcpdump/print-rsvp.c 1.1.1.1.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280 +http://marc.theaimsgroup.com/?l=bugtraq&m=111454406222040 +http://marc.theaimsgroup.com/?l=bugtraq&m=111454461300644 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:10.tcpdump.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCqBbUFdaIBMps37IRAlxdAJ9AsT7o5k1woMpE3DlC+HBebZlLKACfYFjD +0VOBWDzUFdR8IErJEYU2+9w= +=1cKJ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:11.gzip.asc b/share/security/advisories/FreeBSD-SA-05:11.gzip.asc new file mode 100644 index 0000000000..6fd27161b3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:11.gzip.asc @@ -0,0 +1,132 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:11.gzip Security Advisory + The FreeBSD Project + +Topic: gzip directory traversal and permission race vulnerabilities + +Category: contrib +Module: gzip +Announced: 2005-06-09 +Credits: Ulf Harnhammar, Imran Ghory +Affects: All FreeBSD releases +Corrected: 2005-06-08 21:26:27 UTC (RELENG_5, 5.4-STABLE) + 2005-06-08 21:27:44 UTC (RELENG_5_4, 5.4-RELEASE-p2) + 2005-06-08 21:29:15 UTC (RELENG_5_3, 5.3-RELEASE-p16) + 2005-06-08 21:29:53 UTC (RELENG_4, 4.11-STABLE) + 2005-06-08 21:30:43 UTC (RELENG_4_11, 4.11-RELEASE-p10) + 2005-06-08 21:31:16 UTC (RELENG_4_10, 4.10-RELEASE-p15) +CVE Name: CAN-2005-0988, CAN-2005-1228 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +gzip is a file compression utility. + +II. Problem Description + +Two problems related to extraction of files exist in gzip: + +The first problem is that gzip does not properly sanitize filenames +containing "/" when uncompressing files using the -N command line +option. + +The second problem is that gzip does not set permissions on newly +extracted files until after the file has been created and the file +descriptor has been closed. + +III. Impact + +The first problem can allow an attacker to overwrite arbitrary local +files when uncompressing a file using the -N command line option. + +The second problem can allow a local attacker to change the +permissions of arbitrary local files, on the same partition as the one +the user is uncompressing a file on, by removing the file the user is +uncompressing and replacing it with a hardlink before the uncompress +operation is finished. + +IV. Workaround + +Do not use the -N command line option on untrusted files and do not +uncompress files in directories where untrusted users have write +access. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, and 5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:11/gzip.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:11/gzip.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/gzip +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/gnu/usr.bin/gzip/gzip.c 1.10.2.1 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.11 + src/sys/conf/newvers.sh 1.44.2.39.2.14 + src/gnu/usr.bin/gzip/gzip.c 1.10.26.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.16 + src/sys/conf/newvers.sh 1.44.2.34.2.17 + src/gnu/usr.bin/gzip/gzip.c 1.10.24.1 +RELENG_5 + src/gnu/usr.bin/gzip/gzip.c 1.11.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.11 + src/sys/conf/newvers.sh 1.62.2.18.2.7 + src/gnu/usr.bin/gzip/gzip.c 1.11.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.19 + src/sys/conf/newvers.sh 1.62.2.15.2.21 + src/gnu/usr.bin/gzip/gzip.c 1.11.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228 +http://marc.theaimsgroup.com/?l=bugtraq&m=111271860708210 +http://marc.theaimsgroup.com/?l=bugtraq&m=111402732406477 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCqBbGFdaIBMps37IRAttLAJ41WPmKXczZAZgrBGBP1GorSM7E1gCfc8w9 +KFbns+zs2umrId0mCg1SjVk= +=6MzW +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:12.bind9.asc b/share/security/advisories/FreeBSD-SA-05:12.bind9.asc new file mode 100644 index 0000000000..e4bdd15a88 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:12.bind9.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:12.bind9 Security Advisory + The FreeBSD Project + +Topic: BIND 9 DNSSEC remote denial of service vulnerability + +Category: core +Module: bind9 +Announced: 2005-06-09 +Credits: Internet Systems Consortium +Affects: FreeBSD 5.3 +Corrected: 2005-03-23 18:16:29 UTC (RELENG_5, 5.3-STABLE) + 2005-06-08 21:29:15 UTC (RELENG_5_3, 5.3-RELEASE-p16) +CVE Name: CAN-2005-0034 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is the Internet domain name server. DNS Security +Extensions (DNSSEC) are additional protocol options that add +authentication and integrity to the DNS protocols. + +DNSSEC is not enabled by default in any FreeBSD release. A system +administrator must take special action to enable DNSSEC. + +II. Problem Description + +A DNSSEC-related validator function in BIND 9.3.0 contains an +inappropriate internal consistency test. When this test is triggered, +named(8) will exit. + +III. Impact + +On systems with DNSSEC enabled, a remote attacker may be able to inject +a specially crafted packet that will cause the internal consistency test +to trigger, and named(8) to terminate. As a result, the name server +will no longer be available to service requests. + +IV. Workaround + +DNSSEC is not enabled by default, and the "dnssec-enable" directive is +not normally present. If DNSSEC has been enabled, disable it by +changing the "dnssec-enable" directive to "dnssec-enable no;" in the +named.conf(5) configuration file. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_3 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src/ +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/contrib/bind9/lib/dns/validator.c 1.1.1.1.2.2 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.19 + src/sys/conf/newvers.sh 1.62.2.15.2.21 + src/contrib/bind9/lib/dns/validator.c 1.1.1.1.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0034 +http://www.kb.cert.org/vuls/id/938617 +http://www.isc.org/index.pl?/sw/bind/bind-security.php +http://www.isc.org/index.pl?/sw/bind/bind9.php + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCqBbfFdaIBMps37IRAiphAKCG8CX6eNFMNQYhahAER4gFVFc54wCfRZye +2C6LIcrq47xn5SRRV3T9ZL4= +=gFcD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:13.ipfw.asc b/share/security/advisories/FreeBSD-SA-05:13.ipfw.asc new file mode 100644 index 0000000000..60ebb7dd86 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:13.ipfw.asc @@ -0,0 +1,117 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:13.ipfw Security Advisory + The FreeBSD Project + +Topic: ipfw packet matching errors with address tables + +Category: core +Module: netinet +Announced: 2005-06-29 +Credits: Max Laier +Affects: FreeBSD 5.4-RELEASE +Corrected: 2005-06-29 21:38:48 UTC (RELENG_5, 5.4-STABLE) + 2005-06-29 21:41:03 UTC (RELENG_5_4, 5.4-RELEASE-p3) +CVE Name: CAN-2005-2019 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +ipfw(8) is a system facility which allows IP packet filtering, +redirecting, and traffic accounting. ipfw lookup tables are a way to +specify many IP addresses which can be used for packet matching in an +efficient manner. + +II. Problem Description + +The ipfw tables lookup code caches the result of the last query. The +kernel may process multiple packets concurrently, performing several +concurrent table lookups. Due to an insufficient locking, a cached +result can become corrupted that could cause some addresses to be +incorrectly matched against a lookup table. + +III. Impact + +When lookup tables are used with ipfw, packets may on very rare +occasions incorrectly match a lookup table. This could result in a +packet being treated contrary to the defined packet filtering ruleset. +For example, a packet may be allowed to pass through when it should +have been discarded. + +The problem can only occur on Symmetric Multi-Processor (SMP) systems, +or on Uni Processor (UP) systems with the PREEMPTION kernel option +enabled (not the default). + +IV. Workaround + +a) Do not use lookup tables. + +OR + +b) Disable concurrent processing of packets in the network stack by + setting the "debug.mpsafenet=0" tunable: + + # echo "debug.mpsafenet=0" >> /boot/loader.conf + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.4 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:13/ipfw.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:13/ipfw.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/netinet/ip_fw2.c 1.70.2.14 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.12 + src/sys/conf/newvers.sh 1.62.2.18.2.8 + src/sys/netinet/ip_fw2.c 1.70.2.10.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2019 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCwxeeFdaIBMps37IRAkOAAJ0cCLsoqdUsfTfPNxocl1/TSORXnwCeIq0L +wM2hw6x90lSyoEVYnxfAg2s= +=khtV +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:14.bzip2.asc b/share/security/advisories/FreeBSD-SA-05:14.bzip2.asc new file mode 100644 index 0000000000..4923cd4340 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:14.bzip2.asc @@ -0,0 +1,156 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:14.bzip2 Security Advisory + The FreeBSD Project + +Topic: bzip2 denial of service and permission race vulnerabilities + +Category: contrib +Module: contrib_bzip2 +Announced: 2005-06-29 +Credits: Imran Ghory, Chris Evans +Affects: All FreeBSD releases +Corrected: 2005-06-29 21:38:48 UTC (RELENG_5, 5.4-STABLE) + 2005-06-29 21:41:03 UTC (RELENG_5_4, 5.4-RELEASE-p3) + 2005-06-29 21:42:33 UTC (RELENG_5_3, 5.3-RELEASE-p17) + 2005-06-29 21:43:42 UTC (RELENG_4, 4.11-STABLE) + 2005-06-29 21:45:14 UTC (RELENG_4_11, 4.11-RELEASE-p11) + 2005-06-29 21:46:15 UTC (RELENG_4_10, 4.10-RELEASE-p16) +CVE Name: CAN-2005-0953, CAN-2005-1260 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +bzip2 is a block-sorting file compression utility. + +II. Problem Description + +Two problems have been discovered relating to the extraction of +bzip2-compressed files. First, a carefully constructed invalid bzip2 +archive can cause bzip2 to enter an infinite loop. Second, when +creating a new file, bzip2 closes the file before setting its +permissions. + +III. Impact + +The first problem can cause bzip2 to extract a bzip2 archive to an +infinitely large file. If bzip2 is used in automated processing of +untrusted files this could be exploited by an attacker to create an +denial-of-service situation by exhausting disk space or by consuming +all available cpu time. + +The second problem can allow a local attacker to change the +permissions of local files owned by the user executing bzip2 providing +that they have write access to the directory in which the file is +being extracted. + +IV. Workaround + +Do not uncompress bzip2 archives from untrusted sources and do not +uncompress files in directories where untrusted users have write +access. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, and 5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:14/bzip2.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:14/bzip2.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libbz2 +# make obj && make depend && make && make install +# cd /usr/src/usr.bin/bzip2 +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + contrib/bzip2/bzip2.c 1.1.1.1.2.3 + contrib/bzip2/bzlib.c 1.1.1.1.2.3 + contrib/bzip2/compress.c 1.1.1.1.2.3 + contrib/bzip2/decompress.c 1.1.1.1.2.3 + contrib/bzip2/huffman.c 1.1.1.1.2.3 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.12 + src/sys/conf/newvers.sh 1.44.2.39.2.15 + contrib/bzip2/bzip2.c 1.1.1.1.2.2.12.1 + contrib/bzip2/bzlib.c 1.1.1.1.2.2.12.1 + contrib/bzip2/compress.c 1.1.1.1.2.2.12.1 + contrib/bzip2/decompress.c 1.1.1.1.2.2.12.1 + contrib/bzip2/huffman.c 1.1.1.1.2.2.12.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.17 + src/sys/conf/newvers.sh 1.44.2.34.2.18 + contrib/bzip2/bzip2.c 1.1.1.1.2.2.10.1 + contrib/bzip2/bzlib.c 1.1.1.1.2.2.10.1 + contrib/bzip2/compress.c 1.1.1.1.2.2.10.1 + contrib/bzip2/decompress.c 1.1.1.1.2.2.10.1 + contrib/bzip2/huffman.c 1.1.1.1.2.2.10.1 +RELENG_5 + contrib/bzip2/bzip2.c 1.1.1.2.8.1 + contrib/bzip2/bzlib.c 1.1.1.2.8.1 + contrib/bzip2/compress.c 1.1.1.2.8.1 + contrib/bzip2/decompress.c 1.1.1.2.8.1 + contrib/bzip2/huffman.c 1.1.1.2.8.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.12 + src/sys/conf/newvers.sh 1.62.2.18.2.8 + contrib/bzip2/bzip2.c 1.1.1.2.12.1 + contrib/bzip2/bzlib.c 1.1.1.2.12.1 + contrib/bzip2/compress.c 1.1.1.2.12.1 + contrib/bzip2/decompress.c 1.1.1.2.12.1 + contrib/bzip2/huffman.c 1.1.1.2.12.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.20 + src/sys/conf/newvers.sh 1.62.2.15.2.22 + contrib/bzip2/bzip2.c 1.1.1.2.10.1 + contrib/bzip2/bzlib.c 1.1.1.2.10.1 + contrib/bzip2/compress.c 1.1.1.2.10.1 + contrib/bzip2/decompress.c 1.1.1.2.10.1 + contrib/bzip2/huffman.c 1.1.1.2.10.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0953 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260 +http://marc.theaimsgroup.com/?l=bugtraq&m=111229375217633 +http://scary.beasts.org/security/CESA-2005-002.txt + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCwxenFdaIBMps37IRAsYxAJ9K8pFrImuACPxauHUqGqumKs2nLQCfQ0ne +SQ0RlXP6MiG88y/2B2wF7aA= +=TvEK +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:15.tcp.asc b/share/security/advisories/FreeBSD-SA-05:15.tcp.asc new file mode 100644 index 0000000000..254e5c42ae --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:15.tcp.asc @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:15.tcp Security Advisory + The FreeBSD Project + +Topic: TCP connection stall denial of service + +Category: core +Module: inet +Announced: 2005-06-29 +Credits: Noritoshi Demizu +Affects: All FreeBSD releases. +Corrected: 2005-06-29 21:38:48 UTC (RELENG_5, 5.4-STABLE) + 2005-06-29 21:41:03 UTC (RELENG_5_4, 5.4-RELEASE-p3) + 2005-06-29 21:42:33 UTC (RELENG_5_3, 5.3-RELEASE-p17) + 2005-06-29 21:43:42 UTC (RELENG_4, 4.11-STABLE) + 2005-06-29 21:45:14 UTC (RELENG_4_11, 4.11-RELEASE-p11) + 2005-06-29 21:46:15 UTC (RELENG_4_10, 4.10-RELEASE-p16) +CVE Name: CAN-2005-0356, CAN-2005-2068 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The Transmission Control Protocol (TCP) of the TCP/IP protocol suite +provides a connection-oriented, reliable, sequence-preserving data +stream service. TCP timestamps are used to measure Round-Trip Time +and in the Protect Against Wrapped Sequences (PAWS) algorithm. TCP +packets with the SYN flag set are used during setup of new TCP +connections. + +II. Problem Description + +Two problems have been discovered in the FreeBSD TCP stack. + +First, when a TCP packets containing a timestamp is received, inadequate +checking of sequence numbers is performed, allowing an attacker to +artificially increase the internal "recent" timestamp for a connection. + +Second, a TCP packet with the SYN flag set is accepted for established +connections, allowing an attacker to overwrite certain TCP options. + +III. Impact + +Using either of the two problems an attacker with knowledge of the +local and remote IP and port numbers associated with a connection +can cause a denial of service situation by stalling the TCP connection. +The stalled TCP connection my be closed after some time by the other +host. + +IV. Workaround + +In some cases it may be possible to defend against these attacks by +blocking the attack packets using a firewall. Packets used to effect +either of these attacks would have spoofed source IP addresses. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, and 5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:15/tcp4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:15/tcp4.patch.asc + +[FreeBSD 5.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:15/tcp.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:15/tcp.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/netinet/tcp_input.c 1.107.2.44 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.12 + src/sys/conf/newvers.sh 1.44.2.39.2.15 + src/sys/netinet/tcp_input.c 1.107.2.41.4.3 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.17 + src/sys/conf/newvers.sh 1.44.2.34.2.18 + src/sys/netinet/tcp_input.c 1.107.2.41.2.1 +RELENG_5 + src/sys/netinet/tcp_input.c 1.252.2.16 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.12 + src/sys/conf/newvers.sh 1.62.2.18.2.8 + src/sys/netinet/tcp_input.c 1.252.2.14.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.20 + src/sys/conf/newvers.sh 1.62.2.15.2.22 + src/sys/netinet/tcp_input.c 1.252.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0356 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2068 +http://www.kb.cert.org/vuls/id/637934 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCwxe7FdaIBMps37IRAi39AJ9ss6PVEwloS4SlKEWi5S1hpHnzmACeJF7H +rKmK2NtleJ98dTLWW4QLMn4= +=6fBH +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:16.zlib.asc b/share/security/advisories/FreeBSD-SA-05:16.zlib.asc new file mode 100644 index 0000000000..c26c38197b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:16.zlib.asc @@ -0,0 +1,103 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:16.zlib Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in zlib + +Category: core +Module: libz +Announced: 2005-07-06 +Credits: Tavis Ormandy +Affects: FreeBSD 5.3, FreeBSD 5.4 +Corrected: 2005-07-06 14:01:11 UTC (RELENG_5, 5.4-STABLE) + 2005-07-06 14:01:30 UTC (RELENG_5_4, 5.4-RELEASE-p4) + 2005-07-06 14:01:52 UTC (RELENG_5_3, 5.3-RELEASE-p18) +CVE Name: CAN-2005-2096 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +zlib is a compression library used by numerous applications to provide +data compression/decompression routines. + +II. Problem Description + +An error in the handling of corrupt compressed data streams can result +in a buffer being overflowed. + +III. Impact + +By carefully crafting a corrupt compressed data stream, an attacker can +overwrite data structures in a zlib-using application. This may cause +the application to halt, causing a denial of service; or it may result +in the attacker gaining elevated privileges. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or +RELENG_5_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 5.3 and 5.4 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libz/ +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/lib/libz/inftrees.c 1.4.2.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.13 + src/sys/conf/newvers.sh 1.62.2.18.2.9 + src/lib/libz/inftrees.c 1.4.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.21 + src/sys/conf/newvers.sh 1.62.2.15.2.23 + src/lib/libz/inftrees.c 1.4.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFCy+TYFdaIBMps37IRAqB2AJ4j+wdqj1zJJZdTjskufo7rrsHhcwCgi0SZ +wXRUgGbgl/DtNzyvHi7t/bc= +=anun +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:17.devfs.asc b/share/security/advisories/FreeBSD-SA-05:17.devfs.asc new file mode 100644 index 0000000000..84ee9dfc20 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:17.devfs.asc @@ -0,0 +1,135 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:17.devfs Security Advisory + The FreeBSD Project + +Topic: devfs ruleset bypass + +Category: core +Module: devfs +Announced: 2005-07-20 +Credits: Robert Watson +Affects: All FreeBSD 5.x releases +Corrected: 2005-07-20 13:35:44 UTC (RELENG_5, 5.4-STABLE) + 2005-07-20 13:36:32 UTC (RELENG_5_4, 5.4-RELEASE-p5) + 2005-07-20 13:37:27 UTC (RELENG_5_3, 5.3-RELEASE-p19) +CVE Name: CAN-2005-2218 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The jail(2) system call allows a system administrator to lock a process +and all of its descendants inside an environment with a very limited +ability to affect the system outside that environment, even for +processes with superuser privileges. It is an extension of, but +far more powerful than, the traditional UNIX chroot(2) system call. + +The device file system, or devfs(5), provides access to kernel's device +namespace in the global file system namespace. This includes access to +to system devices such as storage devices, kernel and system memory +devices, BPF devices, and serial port devices. Devfs is is generally +mounted as /dev. Devfs rulesets allow an administrator to hide +certain device nodes; this is most commonly applied to a devfs mounted +for use inside a jail, in order to make devices inaccessible to +processes within that jail. + +II. Problem Description + +Due to insufficient parameter checking of the node type during device +creation, any user can expose hidden device nodes on devfs mounted +file systems within their jail. Device nodes will be created in the +jail with their normal default access permissions. + +III. Impact + +Jailed processes can get access to restricted resources on the host +system. For jailed processes running with superuser privileges this +implies access to all devices on the system. This level of access +can lead to information leakage and privilege escalation. + +IV. Workaround + +Unmount device file systems mounted inside jails. Note that certain +device nodes, such as /dev/null, may be required for some software to +function correctly. + +This can be done by executing the following command as root: + + umount -A -t devfs + +Also, remove or comment out any lines in fstab(5) that reference +`devfs' and has a mount point within a jail, so that they will not be +re-mounted at next reboot. + +Some device file systems might be busy, including the host's main /dev +file system, and processes accessing these must be shut down before +the device file system can be unmounted. The hosts main device file +system, mounted as /dev, should not be unmounted since it is required +for normal system operation. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4, +or RELENG_5_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3, and +5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:17/devfs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:17/devfs.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/fs/devfs/devfs_vnops.c 1.73.2.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.14 + src/sys/conf/newvers.sh 1.62.2.18.2.10 + src/sys/fs/devfs/devfs_vnops.c 1.73.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.22 + src/sys/conf/newvers.sh 1.62.2.15.2.24 + src/sys/fs/devfs/devfs_vnops.c 1.73.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2218 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFC3lYgFdaIBMps37IRAldmAJ458s06z3gkHNjn04R2Rq8XXwRKiQCffeJP +m9n3bmuoX0WJvckcdR8EhU4= +=2iFe +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:18.zlib.asc b/share/security/advisories/FreeBSD-SA-05:18.zlib.asc new file mode 100644 index 0000000000..c72fdf778f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:18.zlib.asc @@ -0,0 +1,112 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:18.zlib Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in zlib + +Category: core +Module: libz +Announced: 2005-07-27 +Credits: Markus Oberhumer +Affects: FreeBSD 5.3, FreeBSD 5.4 +Corrected: 2005-07-27 08:41:44 UTC (RELENG_6, 6.0-BETA2) + 2005-07-27 08:41:56 UTC (RELENG_5, 5.4-STABLE) + 2005-07-27 08:42:16 UTC (RELENG_5_4, 5.4-RELEASE-p6) + 2005-07-27 08:42:38 UTC (RELENG_5_3, 5.3-RELEASE-p20) +CVE Name: CAN-2005-1849 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +NOTE WELL: The issue discussed in this advisory is distinct from the +issue discussed in the earlier advisory FreeBSD-SA-05:16.zlib, although +the impact is very similar. + +I. Background + +zlib is a compression library used by numerous applications to provide +data compression/decompression routines. + +II. Problem Description + +A fixed-size buffer is used in the decompression of data streams. Due +to erronous analysis performed when zlib was written, this buffer, +which was belived to be sufficiently large to handle any possible input +stream, is in fact too small. + +III. Impact + +A carefully constructed compressed data stream can result in zlib +overwriting some data structures. This may cause applications to halt, +resulting in a denial of service; or it may result in an attacker +gaining elevated privileges. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or +RELENG_5_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3, and 5.4 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:18/zlib.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:18/zlib.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libz/ +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/lib/libz/inftrees.h 1.1.1.5.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.15 + src/sys/conf/newvers.sh 1.62.2.18.2.11 + src/lib/libz/inftrees.h 1.1.1.5.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.23 + src/sys/conf/newvers.sh 1.62.2.15.2.25 + src/lib/libz/inftrees.h 1.1.1.5.4.1 +RELENG_6 + src/lib/libz/inftrees.h 1.1.1.5.8.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD4DBQFC50oLFdaIBMps37IRAg/1AJjTCluaNxJuBbSalLtgF34iey8DAJ9BGJmr +9NNdJfcjbm4qucvUYdsOqA== +=XDop +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:19.ipsec.asc b/share/security/advisories/FreeBSD-SA-05:19.ipsec.asc new file mode 100644 index 0000000000..8216481ece --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:19.ipsec.asc @@ -0,0 +1,116 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:19.ipsec Security Advisory + The FreeBSD Project + +Topic: Incorrect key usage in AES-XCBC-MAC + +Category: core +Module: netinet6 +Announced: 2005-07-27 +Credits: Yukiyo Akisada, Yokogawa Electric Corporation +Affects: FreeBSD 5.3, FreeBSD 5.4 +Corrected: 2005-07-27 08:41:44 UTC (RELENG_6, 6.0-BETA2) + 2005-07-27 08:41:56 UTC (RELENG_5, 5.4-STABLE) + 2005-07-27 08:42:16 UTC (RELENG_5_4, 5.4-RELEASE-p6) + 2005-07-27 08:42:38 UTC (RELENG_5_3, 5.3-RELEASE-p20) +CVE Name: CAN-2005-2359 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +IPsec is a security protocol for the Internet Protocol networking +layer. It provides a combination of encryption and authentication of +system, using several possible cryptography algorithms. + +II. Problem Description + +A programming error in the implementation of the AES-XCBC-MAC algorithm +for authentication resulted in a constant key being used instead of the +key specified by the system administrator. + +III. Impact + +If the AES-XCBC-MAC algorithm is used for authentication in the absence +of any encryption, then an attacker may be able to forge packets which +appear to originate from a different system and thereby succeed in +establishing an IPsec session. If access to sensitive information or +systems is controlled based on the identity of the source system, this +may result in information disclosure or privilege escalation. + +IV. Workaround + +Do not use the AES-XCBC-MAC algorithm for authentication, or use it +together with some form of IPsec encryption. + +Systems which do not use IPsec, use other algorithms, or have IPsec +encryption enabled are unaffected by this issue. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or +RELENG_5_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3 and 5.4 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:19/ipsec.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:19/ipsec.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/netinet6/ah_aesxcbcmac.c 1.1.4.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.15 + src/sys/conf/newvers.sh 1.62.2.18.2.11 + src/sys/netinet6/ah_aesxcbcmac.c 1.1.4.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.23 + src/sys/conf/newvers.sh 1.62.2.15.2.25 + src/sys/netinet6/ah_aesxcbcmac.c 1.1.6.1 +RELENG_6 + src/sys/netinet6/ah_aesxcbcmac.c 1.2.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2359 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFC50oTFdaIBMps37IRAt3IAJ9tqRnoO5+6u/+3Nn8/Cos1cS1/ygCdHmzs ++LPbiS3Bye0Vdvssh7b6vYE= +=v16f +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:20.cvsbug.asc b/share/security/advisories/FreeBSD-SA-05:20.cvsbug.asc new file mode 100644 index 0000000000..4fd9d69f35 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:20.cvsbug.asc @@ -0,0 +1,148 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:20.cvsbug Security Advisory + The FreeBSD Project + +Topic: Race condition in cvsbug + +Category: contrib +Module: contrib_cvs +Announced: 2005-09-07 +Credits: Marcus Meissner +Affects: All FreeBSD releases +Corrected: 2005-09-07 13:43:05 UTC (RELENG_6, 6.0-BETA5) + 2005-09-07 13:43:23 UTC (RELENG_5, 5.4-STABLE) + 2005-09-07 13:43:36 UTC (RELENG_5_4, 5.4-RELEASE-p7) + 2005-09-09 19:26:19 UTC (RELENG_5_3, 5.3-RELEASE-p22) + 2005-09-07 13:44:06 UTC (RELENG_4, 4.11-STABLE) + 2005-09-07 13:44:20 UTC (RELENG_4_11, 4.11-RELEASE-p12) + 2005-09-09 19:24:22 UTC (RELENG_4_10, 4.10-RELEASE-p18) +CVE Name: CAN-2005-2693 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2005-07-07 Initial release. +v1.1 2005-07-09 Additional related issues fixed in FreeBSD 4.10 and 5.3. + +I. Background + +cvsbug(1) is a utility for reporting problems in the CVS revision +control system. It is based on the GNATS send-pr(1) utility. + +II. Problem Description + +A temporary file is created, used, deleted, and then re-created with +the same name. This creates a window during which an attacker could +replace the file with a link to another file. While cvsbug(1) is based +on the send-pr(1) utility, this problem does not exist in the version +of send-pr(1) distributed with FreeBSD. + +In FreeBSD 4.10 and 5.3, some additional problems exist concerning +temporary file usage in both cvsbug(1) and send-pr(1). + +III. Impact + +A local attacker could cause data to be written to any file to which +the user running cvsbug(1) (or send-pr(1) in FreeBSD 4.10 and 5.3) has +write access. This may cause damage in itself (e.g., by destroying +important system files or documents) or may be used to obtain elevated +privileges. + +IV. Workaround + +Do not use the cvsbug(1) utility on any system with untrusted users. + +Do not use the send-pr(1) utility on a FreeBSD 4.10 or 5.3 system with +untrusted users. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, and 5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.10] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug410.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug410.patch.asc + +[FreeBSD 5.3] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug53.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug53.patch.asc + +[FreeBSD 4.11 and 5.4] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/cvs/cvsbug +# make obj && make depend && make && make install +# cd /usr/src/gnu/usr.bin/send-pr +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/cvs/src/cvsbug.in 1.1.1.1.2.4 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.13 + src/sys/conf/newvers.sh 1.44.2.39.2.16 + src/contrib/cvs/src/cvsbug.in 1.1.1.1.2.3.2.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.19 + src/sys/conf/newvers.sh 1.44.2.34.2.20 + src/contrib/cvs/src/cvsbug.in 1.1.1.1.2.2.6.2 + src/gnu/usr.bin/send-pr/send-pr.sh 1.13.2.13.2.1 +RELENG_5 + src/contrib/cvs/src/cvsbug.in 1.1.1.3.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.16 + src/sys/conf/newvers.sh 1.62.2.18.2.12 + src/contrib/cvs/src/cvsbug.in 1.1.1.3.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.25 + src/sys/conf/newvers.sh 1.62.2.15.2.27 + src/contrib/cvs/src/cvsbug.in 1.1.1.3.4.1 + src/gnu/usr.bin/send-pr/send-pr.sh 1.35.6.1 +RELENG_6 + src/contrib/cvs/src/cvsbug.in 1.1.1.3.8.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2693 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.1 (FreeBSD) + +iD8DBQFDIeKFFdaIBMps37IRApOpAJ9RRKHLnuyFOuaM1pN09Sn3Rysv4gCgiF+/ +QJ1c9krguLbujP/YL4LaDP0= +=5W0R +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-05:21.openssl.asc b/share/security/advisories/FreeBSD-SA-05:21.openssl.asc new file mode 100644 index 0000000000..23e9f079e7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-05:21.openssl.asc @@ -0,0 +1,165 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-05:21.openssl Security Advisory + The FreeBSD Project + +Topic: Potential SSL 2.0 rollback + +Category: contrib +Module: openssl +Announced: 2005-10-11 +Credits: Yutaka Oiwa +Affects: All FreeBSD releases. +Corrected: 2005-10-11 11:52:46 UTC (RELENG_6, 6.0-STABLE) + 2005-10-11 11:53:03 UTC (RELENG_6_0, 6.0-RELEASE) + 2005-10-11 11:52:01 UTC (RELENG_5, 5.4-STABLE) + 2005-10-11 11:52:28 UTC (RELENG_5_4, 5.4-RELEASE-p8) + 2005-10-11 11:52:13 UTC (RELENG_5_3, 5.3-RELEASE-p23) + 2005-10-11 11:50:50 UTC (RELENG_4, 4.11-STABLE) + 2005-10-11 11:51:45 UTC (RELENG_4_11, 4.11-RELEASE-p13) + 2005-10-11 11:51:20 UTC (RELENG_4_10, 4.10-RELEASE-p19) +CVE Name: CAN-2005-2969 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The OpenSSL library implements the Secure Sockets Layer and Transport +Layer Security protocols, as well as providing a large number of basic +cryptographic functions. + +The Secure Sockets Layer protocol exists in two versions and includes a +mechanism for negotiating the protocol version to be used. If the +protocol is executed correctly, it is impossible for a client and +server both capable of the newer version of the protocol (SSLv3) to end +up using the older version of the protocol (SSLv2). + +II. Problem Description + +In order to provide bug-for-bug compatibility with Microsoft Internet +Explorer 3.02, a verification step required by the Secure Sockets Layer +protocol can be disabled by using the SSL_OP_MSIE_SSLV2_RSA_PADDING +option in OpenSSL. This option is implied by the frequently-used +SSL_OP_ALL option. + +III. Impact + +If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is enabled in a server +application using OpenSSL, an attacker who is able to intercept and +tamper with packets transmitted between a client and the server can +cause the protocol version negotiation to result in SSLv2 being used +even when both the client and the server support SSLv3. Due to a +number of weaknesses in the SSLv2 protocol, this may allow the attacker +to read or tamper with the encrypted data being sent. + +Applications which do not support SSLv2, have been configured to not +permit the use of SSLv2, or do not use the SSL_OP_MSIE_SSLV2_RSA_PADDING +or SSL_OP_ALL options are not affected. + +IV. Workaround + +No workaround is available. + +V. Solution + +NOTE WELL: The solution described below causes OpenSSL to ignore the +SSL_OP_MSIE_SSLV2_RSA_PADDING option and hence to require conformance +with the Secure Sockets Layer protocol. As a result, this solution +will reintroduce incompatibility with Microsoft Internet Explorer 3.02 +and any other applications which exhibit the same protocol violation. + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the +RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, and 5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:21/openssl.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:21/openssl.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in +. + +Note that any statically linked applications that are not part of the +base system (i.e. from the Ports Collection or other 3rd-party sources) +must be recompiled. + +All affected applications must be restarted for them to use the +corrected library. Though not required, rebooting may be the easiest +way to accomplish this. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.11 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.6 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.14 + src/sys/conf/newvers.sh 1.44.2.39.2.17 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.10.4.1 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.5.8.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.20 + src/sys/conf/newvers.sh 1.44.2.34.2.21 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.2.10.2.1 + src/crypto/openssl/ssl/s23_srvr.c 1.2.2.5.6.1 +RELENG_5 + src/crypto/openssl/crypto/opensslv.h 1.1.1.1.15.2.2 + src/crypto/openssl/ssl/s23_srvr.c 1.7.6.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.17 + src/sys/conf/newvers.sh 1.62.2.18.2.13 + src/crypto/openssl/crypto/opensslv.h 1.1.1.15.2.1.2.1 + src/crypto/openssl/ssl/s23_srvr.c 1.7.10.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.26 + src/sys/conf/newvers.sh 1.62.2.15.2.28 + src/crypto/openssl/crypto/opensslv.h 1.1.1.15.4.1 + src/crypto/openssl/ssl/s23_srvr.c 1.7.8.1 +RELENG_6 + src/crypto/openssl/ssl/s23_srvr.c 1.7.12.1 + src/crypto/openssl/crypto/opensslv.h 1.1.1.16.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.1 + src/crypto/openssl/crypto/opensslv.h 1.1.1.16.4.1 + src/crypto/openssl/ssl/s23_srvr.c 1.7.14.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.openssl.org/news/secadv_20051011.txt +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:21.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFDThqmFdaIBMps37IRAuh+AJ4wt03pXt8g+9okQLaChhwrLgT+DQCfaBwg +NQ1AyadfK+gC7adAcuLBQ2k= +=a1sE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:01.texindex.asc b/share/security/advisories/FreeBSD-SA-06:01.texindex.asc new file mode 100644 index 0000000000..245d5cbb20 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:01.texindex.asc @@ -0,0 +1,143 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:01.texindex Security Advisory + The FreeBSD Project + +Topic: Texindex temporary file privilege escalation + +Category: contrib +Module: texinfo +Announced: 2006-01-11 +Credits: Frank Lichtenheld +Affects: All FreeBSD releases. +Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) + 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) + 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) + 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) + 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) + 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) + 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) + 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) +CVE Name: CAN-2005-3011 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History. + +v1.0 2006-01-11 Initial release. +v1.1 2006-01-11 Corrected instructions for rebuilding texindex. + +I. Background + +TeX is a document typesetting system which is popular in the mathematics, +physics, and computer science realms because of its ability to typeset +complex mathematical formulas. texindex(1) is a utility which is often +used to generate a sorted index of a TeX file. + +II. Problem Description + +The "sort_offline" function used by texindex(1) employs the "maketempname" +function, which produces predictable file names and fails to validate that +the paths do not exist. + +III. Impact + +These predictable temporary file names are problematic because they +allow an attacker to take advantage of a race condition in order to +execute a symlink attack, which could enable them to overwrite files +on the system in the context of the user running the texindex(1) utility. + +IV. Workaround + +No workaround is available, but the problematic code is only executed +if the input file being processed is 500kB or more in length; as a +result, users working with documents of less than several hundred pages +are very unlikely to be affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or +RELENG_4_10 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x and 5.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch.asc + +[FreeBSD 6.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/texinfo/libtxi +# make obj && make depend && make +# cd /usr/src/gnu/usr.bin/texinfo/texindex +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + contrib/texinfo/util/texindex.c 1.1.1.3.2.4 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.15 + src/sys/conf/newvers.sh 1.44.2.39.2.18 + contrib/texinfo/util/texindex.c 1.1.1.3.2.3.6.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.21 + src/sys/conf/newvers.sh 1.44.2.34.2.22 + contrib/texinfo/util/texindex.c 1.1.1.3.2.3.4.1 +RELENG_5 + contrib/texinfo/util/texindex.c 1.1.1.7.4.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.18 + src/sys/conf/newvers.sh 1.62.2.18.2.14 + contrib/texinfo/util/texindex.c 1.1.1.7.8.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.27 + src/sys/conf/newvers.sh 1.62.2.15.2.29 + contrib/texinfo/util/texindex.c 1.1.1.7.6.1 +RELENG_6 + contrib/texinfo/util/texindex.c 1.1.1.8.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.7 + src/sys/conf/newvers.sh 1.69.2.8.2.3 + contrib/texinfo/util/texindex.c 1.1.1.8.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFDxNZZFdaIBMps37IRAkQ5AKCayEHnnoglWAyY2wA22huF9xmIxgCdFwpn +ePrdykp4BUjKqAMYCUupMK8= +=q74p +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:02.ee.asc b/share/security/advisories/FreeBSD-SA-06:02.ee.asc new file mode 100644 index 0000000000..73067f8d4b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:02.ee.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:02.ee Security Advisory + The FreeBSD Project + +Topic: ee temporary file privilege escalation + +Category: core +Module: ee +Announced: 2006-01-11 +Credits: Christian S.J. Peron +Affects: All FreeBSD versions +Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) + 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) + 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) + 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) + 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) + 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) + 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) + 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) +CVE Name: CVE-2006-0055 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The ee utility is a simple screen oriented text editor. This editor is +popular with a lot of users due to its ease of use. + +II. Problem Description + +The ispell_op function used by ee(1) while executing spell check +operations employs an insecure method of temporary file generation. +This method produces predictable file names based on the process ID +and fails to confirm which path will be over written with the user. + +It should be noted that ispell does not have to be installed in order +for this to be exploited. The option simply needs to be selected. + +III. Impact + +These predictable temporary file names are problematic because they +allow an attacker to take advantage of a race condition in order to +execute a symlink attack, which could allow them to overwrite files +on the system in the context of the user running the ee(1) editor. + +IV. Workaround + +Instead of invoking ispell through ee(1), invoke it directly. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or +RELENG_4_10 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:02/ee.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:02/ee.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.bin/ee +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + usr.bin/ee/ee.c 1.16.2.9 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.15 + src/sys/conf/newvers.sh 1.44.2.39.2.18 + usr.bin/ee/ee.c 1.16.2.7.6.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.21 + src/sys/conf/newvers.sh 1.44.2.34.2.22 + usr.bin/ee/ee.c 1.16.2.7.4.1 +RELENG_5 + usr.bin/ee/ee.c 1.31.4.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.18 + src/sys/conf/newvers.sh 1.62.2.18.2.14 + usr.bin/ee/ee.c 1.31.4.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.27 + src/sys/conf/newvers.sh 1.62.2.15.2.29 + usr.bin/ee/ee.c 1.31.6.1 +RELENG_6 + usr.bin/ee/ee.c 1.32.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.7 + src/sys/conf/newvers.sh 1.69.2.8.2.3 + usr.bin/ee/ee.c 1.32.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0055 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFDxL4YFdaIBMps37IRAlL2AJ4x+2WoVU3OJMEab2ch6sbBRaLoogCglFSE +n4bkyDA2e6afV7tG4ja8foA= +=42lw +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:03.cpio.asc b/share/security/advisories/FreeBSD-SA-06:03.cpio.asc new file mode 100644 index 0000000000..128c40b901 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:03.cpio.asc @@ -0,0 +1,203 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:03.cpio Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities cpio + +Category: contrib +Module: contrib_cpio +Announced: 2006-01-11 +Credits: Imran Ghory, Richard Harms +Affects: All FreeBSD releases. +Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) + 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) + 2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE) + 2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9) + 2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24) + 2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE) + 2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14) + 2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20) +CVE Name: CVE-2005-1111, CVE-2005-1229, CVE-2005-4268 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The cpio utility copies files into or out of a cpio or tar archive. + +II. Problem Description + +A number of issues has been discovered in cpio: + + . When creating a new file, cpio closes the file before setting its + permissions. (CVE-2005-1111) + + . When extracting files cpio does not properly sanitize file names + to filter out ".." components, even if the --no-absolute-filenames + option is used. (CVE-2005-1229) + + . When adding large files (larger than 4 GB) to a cpio archive on + 64-bit platforms an internal buffer might overflow. (CVE-2005-4268) + +III. Impact + + . The first problem can allow a local attacker to change the + permissions of files owned by the user executing cpio providing + that they have write access to the directory in which the file is + being extracted. (CVE-2005-1111) + + . The lack of proper file name sanitation can allow an attacker to + overwrite arbitrary local files when extracting files from a cpio + a archive. (CVE-2005-1229) + + . The buffer-overflow on 64-bit platforms could lead cpio to a + Denial-of-Service situation (crash) or possibly execute arbitrary + code with the permissions of the user running + cpio. (CVE-2005-4268) + +IV. Workaround + +Use a different utility to create and extract cpio archives, for +example pax(1) or (on FreeBSD 5.3 or later) tar(1). If this is not +possible, do not extract untrusted archives and when running on 64-bit +platforms do not add untrusted files to cpio archives. + +V. Solution + +NOTE WELL: The solution described below causes cpio to not exact files +with absolute paths by default anymore. If it is required that cpio +exact files with absolute names, use the --absolute-filenames +parameter. + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or +RELENG_4_10 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/cpio +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + contrib/cpio/copyin.c 1.6.6.2 + contrib/cpio/copyout.c 1.2.8.1 + contrib/cpio/cpio.1 1.3.6.1 + contrib/cpio/extern.h 1.2.8.1 + contrib/cpio/global.c 1.1.1.1.8.1 + contrib/cpio/main.c 1.3.2.1 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.15 + src/sys/conf/newvers.sh 1.44.2.39.2.18 + contrib/cpio/copyin.c 1.6.6.1.12.1 + contrib/cpio/copyout.c 1.2.36.1 + contrib/cpio/cpio.1 1.3.34.1 + contrib/cpio/extern.h 1.2.36.1 + contrib/cpio/global.c 1.1.1.1.36.1 + contrib/cpio/main.c 1.3.30.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.21 + src/sys/conf/newvers.sh 1.44.2.34.2.22 + contrib/cpio/copyin.c 1.6.6.1.10.1 + contrib/cpio/copyout.c 1.2.30.1 + contrib/cpio/cpio.1 1.3.28.1 + contrib/cpio/extern.h 1.2.30.1 + contrib/cpio/global.c 1.1.1.1.30.1 + contrib/cpio/main.c 1.3.24.1 +RELENG_5 + contrib/cpio/copyin.c 1.7.8.1 + contrib/cpio/copyout.c 1.2.32.1 + contrib/cpio/cpio.1 1.3.30.1 + contrib/cpio/extern.h 1.2.32.1 + contrib/cpio/global.c 1.1.1.1.32.1 + contrib/cpio/main.c 1.3.26.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.18 + src/sys/conf/newvers.sh 1.62.2.18.2.14 + contrib/cpio/copyin.c 1.7.12.1 + contrib/cpio/copyout.c 1.2.38.1 + contrib/cpio/cpio.1 1.3.36.1 + contrib/cpio/extern.h 1.2.38.1 + contrib/cpio/global.c 1.1.1.1.38.1 + contrib/cpio/main.c 1.3.32.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.27 + src/sys/conf/newvers.sh 1.62.2.15.2.29 + contrib/cpio/copyin.c 1.7.10.1 + contrib/cpio/copyout.c 1.2.34.1 + contrib/cpio/cpio.1 1.3.32.1 + contrib/cpio/extern.h 1.2.34.1 + contrib/cpio/global.c 1.1.1.1.34.1 + contrib/cpio/main.c 1.3.28.1 +RELENG_6 + contrib/cpio/copyin.c 1.7.14.1 + contrib/cpio/copyout.c 1.2.40.1 + contrib/cpio/cpio.1 1.3.38.1 + contrib/cpio/extern.h 1.2.40.1 + contrib/cpio/global.c 1.1.1.1.40.1 + contrib/cpio/main.c 1.3.34.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.7 + src/sys/conf/newvers.sh 1.69.2.8.2.3 + contrib/cpio/copyin.c 1.7.16.1 + contrib/cpio/copyout.c 1.2.42.1 + contrib/cpio/cpio.1 1.3.40.1 + contrib/cpio/extern.h 1.2.42.1 + contrib/cpio/global.c 1.1.1.1.42.1 + contrib/cpio/main.c 1.3.36.1 +- ------------------------------------------------------------------------- + +VII. References + +[CVE-2005-1111] +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111 +http://marc.theaimsgroup.com/?l=bugtraq&m=111342664116120 +https://savannah.gnu.org/patch/?func=detailitem&item_id=4006 +https://savannah.gnu.org/patch/?func=detailitem&item_id=4007 + +[CVE-2005-1229] +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229 +http://marc.theaimsgroup.com/?l=bugtraq&m=111403177526312 +https://savannah.gnu.org/patch/?func=detailitem&item_id=4005 + +[CVE-2005-4268] +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268 +https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFDxL4mFdaIBMps37IRAqQnAJ9Js/Joq8LJJT1kX6DXStgJMliqJQCfdZCx +bxuCX+ps+C0MR5UcLOExHvM= +=7laG +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:04.ipfw.asc b/share/security/advisories/FreeBSD-SA-06:04.ipfw.asc new file mode 100644 index 0000000000..f051d6478d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:04.ipfw.asc @@ -0,0 +1,105 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:04.ipfw Security Advisory + The FreeBSD Project + +Topic: ipfw IP fragment denial of service + +Category: core +Module: ipfw +Announced: 2006-01-11 +Credits: Oleg Bulyzhin +Affects: FreeBSD 6.0-RELEASE +Corrected: 2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE) + 2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2) +CVE Name: CVE-2006-0054 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +ipfw(8) is a system facility which provides IP packet filtering, +accounting, and redirection. Among the many features, while discarding +packets it can perform actions defined by the user, such as sending +back TCP reset or ICMP unreachable packets. These operations can be +performed by using the reset, reject or uncreach actions. + +II. Problem Description + +The firewall maintains a pointer to layer 4 header information in the +event that it needs to send a TCP reset or ICMP error message to +discard packets. Due to incorrect handling of IP fragments, this +pointer fails to get initialized. + +III. Impact + +An attacker can cause the firewall to crash by sending ICMP IP +fragments to or through firewalls which match any reset, reject or +unreach actions. + +IV. Workaround + +Change any reset, reject or unreach actions to deny. It should be +noted that this will result in packets being silently discarded. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE or to the RELENG_6_0 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.0 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:04/ipfw.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:04/ipfw.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/netinet/ip_fw2.c 1.106.2.6 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.7 + src/sys/conf/newvers.sh 1.69.2.8.2.3 + src/sys/netinet/ip_fw2.c 1.106.2.3.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0054 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFDxL4vFdaIBMps37IRAmrZAJ4qRzdR0zR0u9ZY5RTTsMF5ZcGBUACfa5Gn +9kbuhOTex8BBlNFRHYCd9e4= +=WcS+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:05.80211.asc b/share/security/advisories/FreeBSD-SA-06:05.80211.asc new file mode 100644 index 0000000000..c004a08a26 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:05.80211.asc @@ -0,0 +1,101 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:05.80211 Security Advisory + The FreeBSD Project + +Topic: IEEE 802.11 buffer overflow + +Category: core +Module: net80211 +Announced: 2006-01-18 +Credits: Karl Janmar +Affects: FreeBSD 6.0 +Corrected: 2006-01-18 09:03:15 UTC (RELENG_6, 6.0-STABLE) + 2006-01-18 09:03:36 UTC (RELENG_6_0, 6.0-RELEASE-p3) +CVE Name: CVE-2006-0226 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The IEEE 802.11 network subsystem of FreeBSD implements the protocol +negotiation used for wireless networking. + +II. Problem Description + +An integer overflow in the handling of corrupt IEEE 802.11 beacon or +probe response frames when scanning for existing wireless networks can +result in the frame overflowing a buffer. + +III. Impact + +An attacker able broadcast a carefully crafted beacon or probe response +frame may be able to execute arbitrary code within the context of the +FreeBSD kernel on any system scanning for wireless networks. + +IV. Workaround + +No workaround is available, but systems without IEEE 802.11 hardware or +drivers loaded are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE or to the RELENG_6_0 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/net80211/ieee80211_ioctl.c 1.25.2.9 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.8 + src/sys/conf/newvers.sh 1.69.2.8.2.4 + src/sys/net80211/ieee80211_ioctl.c 1.25.2.3.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.signedness.org/advisories/sps-0x1.txt +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0226 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFDzgUEFdaIBMps37IRAnB4AJ9btdO5oRpjDyksIQKhimmnAvaqSgCfdqZJ +q5gy4Ec/4lhZjoaGCbUuncU= +=XgsT +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:06.kmem.asc b/share/security/advisories/FreeBSD-SA-06:06.kmem.asc new file mode 100644 index 0000000000..6da88213d7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:06.kmem.asc @@ -0,0 +1,116 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:06.kmem Security Advisory + The FreeBSD Project + +Topic: Local kernel memory disclosure + +Category: core +Module: kernel +Announced: 2006-01-25 +Credits: Xin LI, Karl Janmar +Affects: FreeBSD 5.4-STABLE and FreeBSD 6.0 +Corrected: 2006-01-25 10:00:59 UTC (RELENG_6, 6.0-STABLE) + 2006-01-25 10:01:26 UTC (RELENG_6_0, 6.0-RELEASE-p4) + 2006-01-25 10:01:47 UTC (RELENG_5, 5.4-STABLE) +CVE Name: CVE-2006-0379, CVE-2006-0380 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The network sub-system commonly utilizes the ioctl(2) mechanism to pass +information regarding the current state and statistics of logical and +physical network devices. + +II. Problem Description + +A buffer allocated from the kernel stack may not be completely +initialized before being copied to userland. [CVE-2006-0379] + +A logic error in computing a buffer length may allow too much data to +be copied into userland. [CVE-2006-0380] + +III. Impact + +Portions of kernel memory may be disclosed to local users. Such +memory might contain sensitive information, such as portions of the +file cache or terminal buffers. This information might be directly +useful, or it might be leveraged to obtain elevated privileges in +some way. For example, a terminal buffer might include a user-entered +password. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE or 6-STABLE, or to the +RELENG_6_0 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.4 and 6.0 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.4-STABLE and 6.0-STABLE] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch.asc + +[FreeBSD 6.0-RELEASE] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/net/if_bridge.c 1.23.2.7 +RELENG_6 + src/sys/net/if_bridge.c 1.11.2.24 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.9 + src/sys/conf/newvers.sh 1.69.2.8.2.5 + src/sys/net/if_bridge.c 1.11.2.12.2.4 + src/sys/net80211/ieee80211_ioctl.c 1.25.2.3.2.2 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0379 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0380 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFD105UFdaIBMps37IRArxMAJ9fS+dok28f9PsFvJwH8fUkkVOiawCfV6HM ++qRRPaBQCOX9XRXwB35y7h8= +=pLt2 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:07.pf.asc b/share/security/advisories/FreeBSD-SA-06:07.pf.asc new file mode 100644 index 0000000000..8e0ed49818 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:07.pf.asc @@ -0,0 +1,120 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:07.pf Security Advisory + The FreeBSD Project + +Topic: IP fragment handling panic in pf(4) + +Category: contrib +Module: sys_contrib +Announced: 2006-01-25 +Credits: Jakob Schlyter, Daniel Hartmeier +Affects: FreeBSD 5.3, FreeBSD 5.4, and FreeBSD 6.0 +Corrected: 2006-01-25 10:00:59 UTC (RELENG_6, 6.0-STABLE) + 2006-01-25 10:01:26 UTC (RELENG_6_0, 6.0-RELEASE-p4) + 2006-01-25 10:01:47 UTC (RELENG_5, 5.4-STABLE) + 2006-01-25 10:02:07 UTC (RELENG_5_4, 5.4-RELEASE-p10) + 2006-01-25 10:02:27 UTC (RELENG_5_3, 5.3-RELEASE-p25) +CVE Name: CVE-2006-0381 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +pf is an Internet Protocol packet filter originally written for OpenBSD. +In addition to filtering packets, it also has packet normalization +capabilities. + +II. Problem Description + +A logic bug in pf's IP fragment cache may result in a packet fragment +being inserted twice, violating a kernel invariant. + +III. Impact + +By sending carefully crafted sequence of IP packet fragments, a remote +attacker can cause a system running pf with a ruleset containing a +'scrub fragment crop' or 'scrub fragment drop-ovl' rule to crash. + +IV. Workaround + +Do not use 'scrub fragment crop' or 'scrub fragment drop-ovl' rules +on systems running pf. In most cases, such rules can be replaced by +'scrub fragment reassemble' rules; see the pf.conf(5) manual page for +more details. + +Systems which do not use pf, or use pf but do not use the aforementioned +rules, are not affected by this issue. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE or 6-STABLE, or to the +RELENG_6_0, RELENG_5_4, or RELENG_5_3 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3, 5.4, +and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:07/pf.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:07/pf.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/contrib/pf/net/pf_norm.c 1.10.2.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.19 + src/sys/conf/newvers.sh 1.62.2.18.2.15 + src/sys/contrib/pf/net/pf_norm.c 1.10.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.28 + src/sys/conf/newvers.sh 1.62.2.15.2.30 + src/sys/contrib/pf/net/pf_norm.c 1.10.4.1 +RELENG_6 + src/sys/contrib/pf/net/pf_norm.c 1.11.2.3 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.9 + src/sys/conf/newvers.sh 1.69.2.8.2.5 + src/sys/contrib/pf/net/pf_norm.c 1.11.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0381 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFD105kFdaIBMps37IRAth+AKCPd0puGZJ1u1/gbFRgYMQpQs8TiQCcD1ai +56HQEqlhvzoW09g/05mbPCk= +=hyeL +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:08.sack.asc b/share/security/advisories/FreeBSD-SA-06:08.sack.asc new file mode 100644 index 0000000000..e8f09198ce --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:08.sack.asc @@ -0,0 +1,109 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:08.sack Security Advisory + The FreeBSD Project + +Topic: Infinite loop in SACK handling + +Category: core +Module: netinet +Announced: 2006-02-01 +Credits: Scott Wood +Affects: FreeBSD 5.3 and 5.4 +Corrected: 2006-01-24 01:16:18 UTC (RELENG_5, 5.4-STABLE) + 2006-02-01 19:43:10 UTC (RELENG_5_4, 5.4-RELEASE-p11) + 2006-02-01 19:43:36 UTC (RELENG_5_3, 5.3-RELEASE-p26) +CVE Name: CVE-2006-0433 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +SACK (Selective Acknowledgement) is an extension to the TCP/IP protocol +that allows hosts to acknowledge the receipt of some, but not all, of +the packets sent, thereby reducing the cost of retransmissions. + +II. Problem Description + +When insufficient memory is available to handle an incoming selective +acknowledgement, the TCP/IP stack may enter an infinite loop. + +III. Impact + +By opening a TCP connection and sending a carefully crafted series of +packets, an attacker may be able to cause a denial of service. + +IV. Workaround + +On FreeBSD 5.4, the net.inet.tcp.sack.enable sysctl can be used to +disable the use of SACK: + +# sysctl net.inet.tcp.sack.enable=0 + +No workaround is available for FreeBSD 5.3. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE or to the RELENG_5_4 or +RELENG_5_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patch have been verified to apply to FreeBSD 5.3 and +5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:08/sack.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:08/sack.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/netinet/tcp_sack.c 1.3.2.10 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.20 + src/sys/conf/newvers.sh 1.62.2.18.2.16 + src/sys/netinet/tcp_sack.c 1.3.2.5.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.29 + src/sys/conf/newvers.sh 1.62.2.15.2.31 + src/sys/netinet/tcp_sack.c 1.3.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0433 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFD4RCIFdaIBMps37IRAplNAJ9sEJf5VkMOJaWO7P/wNHEzzW1aqACfcAfL +e95PJAa1af/klNC+fZEipnY= +=yZbN +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:09.openssh.asc b/share/security/advisories/FreeBSD-SA-06:09.openssh.asc new file mode 100644 index 0000000000..fc2d6ef96c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:09.openssh.asc @@ -0,0 +1,183 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:09.openssh Security Advisory + The FreeBSD Project + +Topic: Remote denial of service in OpenSSH + +Category: contrib +Module: OpenSSH +Announced: 2006-03-01 +Affects: FreeBSD 5.3 and 5.4 +Corrected: 2006-03-01 14:19:48 UTC (RELENG_5, 5.5-PRERELEASE) + 2006-03-01 14:21:01 UTC (RELENG_5_4, 5.4-RELEASE-p12) + 2006-03-01 14:24:52 UTC (RELENG_5_3, 5.3-RELEASE-p27) +CVE Name: CVE-2006-0883 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2006-03-01 Initial release. +v1.1 2006-03-01 Corrected workaround instructions. +v1.2 2006-03-03 Further correction to workaround. + +I. Background + +OpenSSH is an implementation of the SSH protocol suite, providing an +encrypted, authenticated transport for a variety of services, +including remote shell access. + +Privilege separation is a mechanism used by OpenSSH to protect itself +against possible future vulnerabilities. It works by splitting the +server process in two: the child process drops its privileges and +carries on the conversation with the client, while the parent retains +its privileges, monitors the child, and performs privileged operations +on behalf of the child when it is satisified that everything is in +order. Privilege separation is enabled by default in FreeBSD. + +OpenPAM is an implementation of the PAM framework, which allows the +use of loadable modules to implement user authentication and session +management in a manner defined by the administrator. It is used by +OpenSSH and numerous other applications in FreeBSD to provide a +consistent and configurable authentication system. + +II. Problem Description + +Because OpenSSH and OpenPAM have conflicting designs (one is event- +driven while the other is callback-driven), it is necessary for +OpenSSH to fork a child process to handle calls to the PAM framework. +However, if the unprivileged child terminates while PAM authentication +is under way, the parent process incorrectly believes that the PAM +child also terminated. The parent process then terminates, and the +PAM child is left behind. + +Due to the way OpenSSH performs internal accounting, these orphaned +PAM children are counted as pending connections by the master OpenSSH +server process. Once a certain number of orphans has accumulated, the +master decides that it is overloaded and stops accepting client +connections. + +III. Impact + +By repeatedly connecting to a vulnerable server, waiting for a +password prompt, and closing the connection, an attacker can cause +OpenSSH to stop accepting client connections until the system restarts +or an administrator manually kills the orphaned PAM processes. + +IV. Workaround + +The following command will show a list of orphaned PAM processes: + +# pgrep -lf 'sshd.*\[pam\]' + +The following command will kill orphaned PAM processes: + +# pkill -f 'sshd.*\[pam\]' + +To prevent OpenSSH from leaving orphaned PAM processes behind, perform +one of the following: + +1) Disable PAM authentication in OpenSSH. Users will still be able to + log in using their Unix password, OPIE or SSH keys. + + To do this, execute the following commands as root: + +# echo 'UsePAM no' >>/etc/ssh/sshd_config +# echo 'PasswordAuthentication yes' >>/etc/ssh/sshd_config +# /etc/rc.d/sshd restart + +2) If disabling PAM is not an option - if, for instance, you use + RADIUS authentication, or store user passwords in an SQL database - + you may instead disable privilege separation. However, this may + leave OpenSSH vulnerable to hitherto unknown bugs, and should be + considered a last resort. + + To do this, execute the following commands as root: + +# echo 'UsePrivilegeSeparation no' >>/etc/ssh/sshd_config +# /etc/rc.d/sshd restart + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE or to the RELENG_5_4 or + RELENG_5_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3 and +5.4 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:09/openssh.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:09/openssh.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libssh +# make obj && make depend && make && make install +# cd /usr/src/secure/usr.sbin/sshd +# make obj && make depend && make && make install +# /etc/rc.d/sshd restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/crypto/openssh/auth-pam.c 1.14.2.1 + src/crypto/openssh/ssh_config 1.25.2.1 + src/crypto/openssh/ssh_config.5 1.15.2.1 + src/crypto/openssh/sshd_config 1.40.2.1 + src/crypto/openssh/sshd_config.5 1.21.2.1 + src/crypto/openssh/version.h 1.27.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.21 + src/sys/conf/newvers.sh 1.62.2.18.2.17 + src/crypto/openssh/auth-pam.c 1.14.6.1 + src/crypto/openssh/ssh_config 1.25.6.1 + src/crypto/openssh/ssh_config.5 1.15.6.1 + src/crypto/openssh/sshd_config 1.40.6.1 + src/crypto/openssh/sshd_config.5 1.21.6.1 + src/crypto/openssh/version.h 1.27.6.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.30 + src/sys/conf/newvers.sh 1.62.2.15.2.32 + src/crypto/openssh/auth-pam.c 1.14.4.1 + src/crypto/openssh/ssh_config 1.25.4.1 + src/crypto/openssh/ssh_config.5 1.15.4.1 + src/crypto/openssh/sshd_config 1.40.4.1 + src/crypto/openssh/sshd_config.5 1.21.4.1 + src/crypto/openssh/version.h 1.27.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248125 +http://bugzilla.mindrot.org/show_bug.cgi?id=839 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0883 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFECDAWFdaIBMps37IRAsP2AKCRL3EiifNuRKn57ro4w4oUc1yuKQCbBh5K +7lGPx1iUFg1HWQ9ssOqOP7Q= +=4dj+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:10.nfs.asc b/share/security/advisories/FreeBSD-SA-06:10.nfs.asc new file mode 100644 index 0000000000..9eee448f2b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:10.nfs.asc @@ -0,0 +1,143 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:10.nfs Security Advisory + The FreeBSD Project + +Topic: Remote denial of service in NFS server + +Category: core +Module: sys_nfsserver +Announced: 2006-03-01 +Credits: Evgeny Legerov +Affects: All FreeBSD releases. +Corrected: 2006-03-01 14:18:11 UTC (RELENG_6, 6.1-PRERELEASE) + 2006-03-01 14:18:46 UTC (RELENG_6_0, 6.0-RELEASE-p5) + 2006-03-01 14:19:48 UTC (RELENG_5, 5.5-PRERELEASE) + 2006-03-01 14:21:01 UTC (RELENG_5_4, 5.4-RELEASE-p12) + 2006-03-01 14:24:52 UTC (RELENG_5_3, 5.3-RELEASE-p27) + 2006-03-01 14:21:56 UTC (RELENG_4, 4.11-STABLE) + 2006-03-01 14:22:30 UTC (RELENG_4_11, 4.11-RELEASE-p15) + 2006-03-01 14:23:07 UTC (RELENG_4_10, 4.10-RELEASE-p21) +CVE Name: CVE-2006-0900 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The Network File System (NFS) allows a host to export some or all of +its filesystems so that other hosts can access them over the network +and mount them as if they were on local disks. NFS is built on top of +the Sun Remote Procedure Call (RPC) framework. + +II. Problem Description + +A part of the NFS server code charged with handling incoming RPC +messages via TCP had an error which, when the server received a +message with a zero-length payload, would cause a NULL pointer +dereference which results in a kernel panic. The kernel will only +process the RPC messages if a userland nfsd daemon is running. + +III. Impact + +The NULL pointer deference allows a remote attacker capable of sending +RPC messages to an affected FreeBSD system to crash the FreeBSD system. + +IV. Workaround + +1) Disable the NFS server: set the nfs_server_enable variable to "NO" + in /etc/rc.conf, and reboot. + + Alternatively, if there are no active NFS clients (as listed by the + showmount(8) utility), simply killing the mountd and nfsd processes + should suffice. + +2) Add firewall rules to block RPC traffic to the NFS server from + untrusted hosts. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or +RELENG_4_10 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:10/nfs4.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:10/nfs4.patch.asc + +[FreeBSD 5.x and 6.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:10/nfs.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:10/nfs.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/nfs/nfs_socket.c 1.60.2.7 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.16 + src/sys/conf/newvers.sh 1.44.2.39.2.19 + src/sys/nfs/nfs_socket.c 1.60.2.6.6.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.22 + src/sys/conf/newvers.sh 1.44.2.34.2.23 + src/sys/nfs/nfs_socket.c 1.60.2.6.4.1 +RELENG_5 + src/sys/nfsserver/nfs_srvsock.c 1.92.2.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.21 + src/sys/conf/newvers.sh 1.62.2.18.2.17 + src/sys/nfsserver/nfs_srvsock.c 1.92.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.30 + src/sys/conf/newvers.sh 1.62.2.15.2.32 + src/sys/nfsserver/nfs_srvsock.c 1.92.4.1 +RELENG_6 + src/sys/nfsserver/nfs_srvsock.c 1.94.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.10 + src/sys/conf/newvers.sh 1.69.2.8.2.6 + src/sys/nfsserver/nfs_srvsock.c 1.94.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0900 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:10.nfs.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2 (FreeBSD) + +iD8DBQFEBbOIFdaIBMps37IRAgmUAJ0fYEjr1gk8KpHGbcmhpPwh+GqI3ACcDH5X +dN3ngWsO1Z91GdTjJe0e7VE= +=GCDX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:11.ipsec.asc b/share/security/advisories/FreeBSD-SA-06:11.ipsec.asc new file mode 100644 index 0000000000..7085128887 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:11.ipsec.asc @@ -0,0 +1,134 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:11.ipsec Security Advisory + The FreeBSD Project + +Topic: IPsec replay attack vulnerability + +Category: core +Module: sys_netipsec +Announced: 2006-03-22 +Credits: Pawel Jakub Dawidek +Affects: All FreeBSD releases since 4.8-RELEASE +Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) + 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) + 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE) + 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13) + 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28) + 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE) + 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16) + 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22) +CVE Name: CVE-2006-0905 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +IPsec is a set of protocols, including ESP (Encapsulating Security Payload) +and AH (Authentication Header), that provide security services for IP +datagrams. ESP protects IP payloads from wire-tapping by encrypting them +using secret key cryptography algorithms. AH guarantees the integrity of IP +packets and protects them from intermediate alteration or impersonation by +attaching a cryptographic checksum computed using one-way hash functions. + +II. Problem Description + +IPsec provides an anti-replay service which when enabled prevents an attacker +from successfully executing a replay attack. This is done through the +verification of sequence numbers. A programming error in the fast_ipsec(4) +implementation results in the sequence number associated with a Security +Association not being updated, allowing packets to unconditionally pass +sequence number verification checks. + +III. Impact + +An attacker able to to intercept IPSec packets can replay them. If higher +level protocols which do not provide any protection against packet replays +(e.g., UDP) are used, this may have a variety of effects. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or +RELENG_4_10 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/netipsec/xform_esp.c 1.2.2.4 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.17 + src/sys/conf/newvers.sh 1.44.2.39.2.20 + src/sys/netipsec/xform_esp.c 1.2.2.3.6.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.23 + src/sys/conf/newvers.sh 1.33.2.34.2.24 + src/sys/netipsec/xform_esp.c 1.2.2.3.4.1 +RELENG_5 + src/sys/netipsec/xform_esp.c 1.9.2.2 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.22 + src/sys/conf/newvers.sh 1.62.2.18.2.18 + src/sys/netipsec/xform_esp.c 1.9.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.31 + src/sys/conf/newvers.sh 1.62.2.15.2.33 + src/sys/netipsec/xform_esp.c 1.9.4.1 +RELENG_6 + src/sys/netipsec/xform_esp.c 1.10.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.11 + src/sys/conf/newvers.sh 1.69.2.8.2.7 + src/sys/netipsec/xform_esp.c 1.10.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0905 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2.2 (FreeBSD) + +iD8DBQFEIXZEFdaIBMps37IRAuqlAJ9ri+xFH1TGs96vNt788uo6plbu1ACcDau4 +dm/4Df3zy7GguI+Ekp/hHuQ= +=+iZv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:12.opie.asc b/share/security/advisories/FreeBSD-SA-06:12.opie.asc new file mode 100644 index 0000000000..1ddf0d1752 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:12.opie.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:12.opie Security Advisory + The FreeBSD Project + +Topic: OPIE arbitrary password change + +Category: contrib +Module: contrib_opie +Announced: 2006-03-22 +Credits: Mykola Zubach +Affects: All FreeBSD releases. +Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) + 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) + 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE) + 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13) + 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28) + 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE) + 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16) + 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22) +CVE Name: CVE-2006-1283 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +OPIE is a one-time password system designed to help to secure a system +against replay attacks. It does so using a secure hash function and a +challenge/response system. The opiepasswd(1) program is used to set +up OPIE authentication for a user. OPIE is enabled by default on +FreeBSD through PAM. + +II. Problem Description + +The opiepasswd(1) program uses getlogin(2) to identify the user +calling opiepasswd(1). In some circumstances getlogin(2) will return +"root" even when running as an unprivileged user. This causes +opiepasswd(1) to allow an unpriviled user to configure OPIE +authentication for the root user. + +III. Impact + +In certain cases an attacker able to run commands as a non privileged +users which have not explicitly logged in, for example CGI scripts run +by a web server, is able to configure OPIE access for the root user. +If the attacker is able to authenticate as root using OPIE +authentication, for example if "PermitRootLogin" is set to "yes" in +sshd_config or the attacker has access to a local user in the "wheel" +group, the attacker can gain root privileges. + +IV. Workaround + +Disable OPIE authentication in PAM: + +# sed -i "" -e /opie/s/^/#/ /etc/pam.d/* + +or + +Remove the setuid bit from opiepasswd: + +# chflags noschg /usr/bin/opiepasswd +# chmod 555 /usr/bin/opiepasswd +# chflags schg /usr/bin/opiepasswd + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or +RELENG_4_10 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:12/opie.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:12/opie.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.bin/opiepasswd +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/opie/opiepasswd.c 1.1.1.2.6.4 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.17 + src/sys/conf/newvers.sh 1.44.2.39.2.20 + src/contrib/opie/opiepasswd.c 1.1.1.2.6.3.10.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.23 + src/sys/conf/newvers.sh 1.33.2.34.2.24 + src/contrib/opie/opiepasswd.c 1.1.1.2.6.3.8.1 +RELENG_5 + src/contrib/opie/opiepasswd.c 1.3.8.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.22 + src/sys/conf/newvers.sh 1.62.2.18.2.18 + src/contrib/opie/opiepasswd.c 1.3.12.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.31 + src/sys/conf/newvers.sh 1.62.2.15.2.33 + src/contrib/opie/opiepasswd.c 1.3.10.1 +RELENG_6 + src/contrib/opie/opiepasswd.c 1.3.14.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.11 + src/sys/conf/newvers.sh 1.69.2.8.2.7 + src/contrib/opie/opiepasswd.c 1.3.16.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1283 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2.2 (FreeBSD) + +iD8DBQFEIXZNFdaIBMps37IRAoChAJ9ZFa+7jKF11vpUOKxmh8FqcG3EXgCfYOqj +/M5ncIaa4gs6P9wihbZ1vZc= +=fccv +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:13.sendmail.asc b/share/security/advisories/FreeBSD-SA-06:13.sendmail.asc new file mode 100644 index 0000000000..a806300f68 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:13.sendmail.asc @@ -0,0 +1,262 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:13.sendmail Security Advisory + The FreeBSD Project + +Topic: Race condition in sendmail + +Category: contrib +Module: contrib_sendmail +Announced: 2006-03-22 +Affects: All FreeBSD releases. +Corrected: 2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE) + 2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6) + 2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE) + 2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13) + 2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28) + 2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE) + 2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16) + 2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22) +CVE Name: CVE-2006-0058 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +NOTE: The issue discussed in this advisory was reported to the FreeBSD +Security Team, and the patch which corrects it was supplied, by the +Sendmail Consortium via CERT. Due to the limited information available +concerning the nature of the vulnerability, the FreeBSD Security Team +has not been able to evaluate the effectiveness of the fixes, nor the +possibility of other workarounds. + +I. Background + +FreeBSD includes sendmail(8), a general purpose internetwork mail +routing facility, as the default Mail Transfer Agent (MTA). + +II. Problem Description + +A race condition has been reported to exist in the handling by sendmail +of asynchronous signals. + +III. Impact + +A remote attacker may be able to execute arbitrary code with the +privileges of the user running sendmail, typically root. + +IV. Workaround + +There is no known workaround other than disabling sendmail. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or +RELENG_4_10 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.10] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch.asc + +[FreeBSD 4.11 and FreeBSD 5.3] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch.asc + +[FreeBSD 5.4, and FreeBSD 6.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libsm +# make obj && make depend && make +# cd /usr/src/lib/libsmutil +# make obj && make depend && make +# cd /usr/src/usr.sbin/sendmail +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1 + src/contrib/sendmail/libsm/local.h 1.1.1.1.2.6 + src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.4 + src/contrib/sendmail/src/collect.c 1.1.1.4.2.17 + src/contrib/sendmail/src/conf.c 1.5.2.20 + src/contrib/sendmail/src/deliver.c 1.1.1.3.2.20 + src/contrib/sendmail/src/headers.c 1.4.2.16 + src/contrib/sendmail/src/mime.c 1.1.1.3.2.10 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.20 + src/contrib/sendmail/src/savemail.c 1.4.2.13 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.22 + src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.16 + src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.3 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.20 + src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.17 + src/contrib/sendmail/src/util.c 1.1.1.3.2.15 +RELENG_4_11 + src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1.12.1 + src/contrib/sendmail/libsm/local.h 1.1.1.1.2.5.2.1 + src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.3.2.1 + src/contrib/sendmail/src/collect.c 1.1.1.4.2.14.2.1 + src/contrib/sendmail/src/conf.c 1.5.2.17.2.1 + src/contrib/sendmail/src/deliver.c 1.1.1.3.2.17.2.1 + src/contrib/sendmail/src/headers.c 1.4.2.14.2.1 + src/contrib/sendmail/src/mime.c 1.1.1.3.2.8.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.17.2.1 + src/contrib/sendmail/src/savemail.c 1.4.2.11.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.19.2.1 + src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.14.2.1 + src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.2.12.1 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.17.2.1 + src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.14.2.1 + src/contrib/sendmail/src/util.c 1.1.1.3.2.13.2.1 + src/UPDATING 1.73.2.91.2.17 + src/sys/conf/newvers.sh 1.44.2.39.2.20 +RELENG_4_10 + src/contrib/sendmail/libsm/fflush.c 1.1.1.1.2.1.10.1 + src/contrib/sendmail/libsm/local.h 1.1.1.1.2.4.2.1 + src/contrib/sendmail/libsm/refill.c 1.1.1.1.2.2.6.1 + src/contrib/sendmail/src/collect.c 1.1.1.4.2.13.2.1 + src/contrib/sendmail/src/conf.c 1.5.2.16.2.1 + src/contrib/sendmail/src/deliver.c 1.1.1.3.2.16.2.1 + src/contrib/sendmail/src/headers.c 1.4.2.13.2.1 + src/contrib/sendmail/src/mime.c 1.1.1.3.2.7.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.2.6.16.2.1 + src/contrib/sendmail/src/savemail.c 1.4.2.10.6.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.18.2.1 + src/contrib/sendmail/src/sfsasl.c 1.1.1.1.2.13.2.1 + src/contrib/sendmail/src/sfsasl.h 1.1.1.1.2.2.10.1 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.2.6.16.2.1 + src/contrib/sendmail/src/usersmtp.c 1.1.1.3.2.13.2.1 + src/contrib/sendmail/src/util.c 1.1.1.3.2.12.2.1 + src/UPDATING 1.73.2.90.2.23 + src/sys/conf/newvers.sh 1.33.2.34.2.24 +RELENG_5 + src/contrib/sendmail/libsm/fflush.c 1.1.1.3.8.1 + src/contrib/sendmail/libsm/local.h 1.1.1.7.2.1 + src/contrib/sendmail/libsm/refill.c 1.1.1.5.2.1 + src/contrib/sendmail/src/collect.c 1.1.1.19.2.3 + src/contrib/sendmail/src/conf.c 1.26.2.3 + src/contrib/sendmail/src/deliver.c 1.1.1.21.2.3 + src/contrib/sendmail/src/headers.c 1.20.2.2 + src/contrib/sendmail/src/mime.c 1.1.1.12.2.2 + src/contrib/sendmail/src/parseaddr.c 1.1.1.20.2.3 + src/contrib/sendmail/src/savemail.c 1.16.2.2 + src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.3 + src/contrib/sendmail/src/sfsasl.c 1.1.1.14.2.2 + src/contrib/sendmail/src/sfsasl.h 1.1.1.4.8.1 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.2.3 + src/contrib/sendmail/src/usersmtp.c 1.1.1.18.2.3 + src/contrib/sendmail/src/util.c 1.1.1.17.2.2 +RELENG_5_4 + src/contrib/sendmail/libsm/fflush.c 1.1.1.3.12.1 + src/contrib/sendmail/libsm/local.h 1.1.1.7.6.1 + src/contrib/sendmail/libsm/refill.c 1.1.1.5.6.1 + src/contrib/sendmail/src/collect.c 1.1.1.19.2.1.2.1 + src/contrib/sendmail/src/conf.c 1.26.2.1.2.1 + src/contrib/sendmail/src/deliver.c 1.1.1.21.2.1.2.1 + src/contrib/sendmail/src/headers.c 1.20.2.1.2.1 + src/contrib/sendmail/src/mime.c 1.1.1.12.2.1.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.20.2.1.2.1 + src/contrib/sendmail/src/savemail.c 1.16.2.1.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.1.2.1 + src/contrib/sendmail/src/sfsasl.c 1.1.1.14.2.1.2.1 + src/contrib/sendmail/src/sfsasl.h 1.1.1.4.12.1 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.2.1.2.1 + src/contrib/sendmail/src/usersmtp.c 1.1.1.18.2.1.2.1 + src/contrib/sendmail/src/util.c 1.1.1.17.2.1.2.1 + src/UPDATING 1.342.2.24.2.22 + src/sys/conf/newvers.sh 1.62.2.18.2.18 +RELENG_5_3 + src/contrib/sendmail/libsm/fflush.c 1.1.1.3.10.1 + src/contrib/sendmail/libsm/local.h 1.1.1.7.4.1 + src/contrib/sendmail/libsm/refill.c 1.1.1.5.4.1 + src/contrib/sendmail/src/collect.c 1.1.1.19.4.1 + src/contrib/sendmail/src/conf.c 1.26.4.1 + src/contrib/sendmail/src/deliver.c 1.1.1.21.4.1 + src/contrib/sendmail/src/headers.c 1.20.4.1 + src/contrib/sendmail/src/mime.c 1.1.1.12.4.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.20.4.1 + src/contrib/sendmail/src/savemail.c 1.16.4.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.23.4.1 + src/contrib/sendmail/src/sfsasl.c 1.1.1.14.4.1 + src/contrib/sendmail/src/sfsasl.h 1.1.1.4.10.1 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.20.4.1 + src/contrib/sendmail/src/usersmtp.c 1.1.1.18.4.1 + src/contrib/sendmail/src/util.c 1.1.1.17.4.1 + src/UPDATING 1.342.2.13.2.31 + src/sys/conf/newvers.sh 1.62.2.15.2.33 +RELENG_6 + src/contrib/sendmail/libsm/fflush.c 1.1.1.3.14.1 + src/contrib/sendmail/libsm/local.h 1.1.1.7.8.1 + src/contrib/sendmail/libsm/refill.c 1.1.1.5.8.1 + src/contrib/sendmail/src/collect.c 1.1.1.21.2.1 + src/contrib/sendmail/src/conf.c 1.28.2.1 + src/contrib/sendmail/src/deliver.c 1.1.1.23.2.1 + src/contrib/sendmail/src/headers.c 1.21.2.1 + src/contrib/sendmail/src/mime.c 1.1.1.13.2.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.22.2.1 + src/contrib/sendmail/src/savemail.c 1.17.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.26.2.1 + src/contrib/sendmail/src/sfsasl.c 1.1.1.15.2.1 + src/contrib/sendmail/src/sfsasl.h 1.1.1.4.14.1 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.22.2.1 + src/contrib/sendmail/src/usersmtp.c 1.1.1.21.2.1 + src/contrib/sendmail/src/util.c 1.1.1.18.2.1 +RELENG_6_0 + src/contrib/sendmail/libsm/fflush.c 1.1.1.3.16.1 + src/contrib/sendmail/libsm/local.h 1.1.1.7.10.1 + src/contrib/sendmail/libsm/refill.c 1.1.1.5.10.1 + src/contrib/sendmail/src/collect.c 1.1.1.21.4.1 + src/contrib/sendmail/src/conf.c 1.28.4.1 + src/contrib/sendmail/src/deliver.c 1.1.1.23.4.1 + src/contrib/sendmail/src/headers.c 1.21.4.1 + src/contrib/sendmail/src/mime.c 1.1.1.13.4.1 + src/contrib/sendmail/src/parseaddr.c 1.1.1.22.4.1 + src/contrib/sendmail/src/savemail.c 1.17.4.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.26.4.1 + src/contrib/sendmail/src/sfsasl.c 1.1.1.15.4.1 + src/contrib/sendmail/src/sfsasl.h 1.1.1.4.16.1 + src/contrib/sendmail/src/srvrsmtp.c 1.1.1.22.4.1 + src/contrib/sendmail/src/usersmtp.c 1.1.1.21.4.1 + src/contrib/sendmail/src/util.c 1.1.1.18.4.1 + src/UPDATING 1.416.2.3.2.11 + src/sys/conf/newvers.sh 1.69.2.8.2.7 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.2.2 (FreeBSD) + +iD8DBQFEIXZWFdaIBMps37IRAldYAJ9nd+wQMJlQObUuio5tBEFwD0ULwwCbB2eI +u3JkyVwHx4WOgmZkg9QKang= +=d3RW +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:14-amd.txt b/share/security/advisories/FreeBSD-SA-06:14-amd.txt new file mode 100644 index 0000000000..bd538ffe8b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:14-amd.txt @@ -0,0 +1,208 @@ + + AMD Background/Response + Rich Brunner, AMD Fellow + +AMD appreciates the security community contacting us about +this issue and giving us a chance to respond. Many thanks to +Jan Beulich and Andi Kleen for first alerting us to the +concern around this issue and trying out several solutions. + + +Introduction +============ +To summarize the issue from AMD's perspective, AMD documents +the operation of the FXSAVE and FXRSTOR instructions as +follows in the "AMD64 Architecture Programmer's Manual +Volume 5: 64-Bit Media and x87 Floating-Point Instructions +Rev 3.06": + +(http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/26569.pdf) + + + FXRSTOR (pg 350): + + "FXRSTOR does not restore the x87 error pointers (last + instruction pointer, last data pointer, and last + opcode), except in the relatively rare cases in which + the exception summary (ES) bit in the x87 status word + is set to 1, indicating that an unmasked x87 exception + has occurred." + + + FXSAVE (pg 352): + + "FXSAVE does not save the x87 pointer registers (last + instruction pointer, last data pointer, and last + opcode), except in the relatively rare cases in which + the exception summary (ES) bit in the x87 status word + is set to 1, indicating that an unmasked x87 exception + has occurred." + +AMD purposely designed the implementation of the FXSAVE and +FXRSTOR instructions in the above manner to significantly +improve the performance of context-switching. AMD did not +want to penalize the performance of these instructions for +all operating systems for the relatively rare case when the +exception summary bit was set or the unlikely case of the +x87 exceptions pointers being successfully exploited in a +real customer environment. Instead, AMD designed the +instructions to optimize performance for the common case. + +As a result of the operation of FXSAVE and FXRSTOR, it is +theoretically possible for one process (reader) to observe +the x87 exception pointers of another process (writer) +provided that: + + + no other x87 instructions are executed that affect the + x87 exception pointers between the time the writer is + swapped out and the reader is swapped in; and + + + the reader does not have a pending x87 exception when + swapped back in; and + + + the reader does not issue any non-control x87 + instructions when swapped back in before examining x87 + exception pointers. + +Operating systems can employ one of several simple software +methods to remove the possibility of exploitation as +described below. In some cases, these methods may actually +*improve* the performance of an operating-system's +context-switching code. + + +Software Methods +================ +There are a number of methods, "Clear Sequences", that +software can use to ensure that the x87 exception pointers +(ip, dp, opcode) are initialized to benign values on every +context switch. Below are just a few examples of those +methods. + +Critical to the first two methods is an OS-dependent "safe +address": this is some location which can be accessed +without faulting and whose value is likely in the +processor's L1 data cache. This location will be loaded into +the x87 stack to ensure that the x87 exception pointers are +set to a benign value. + +[Note that the Data Segment Descriptor (DS) that is in +effect when the kernel executes the clear sequence is +recorded in the x87 exception pointers. Depending on the OS +kernel and its mode, this DS may be from the previous +process. To prevent this, the kernel should ensure that DS +is loaded with a benign value before executing FXSAVE. For +example, recent 32-bit Linux kernels already reload DS on +kernel entry.] + + + + + "FXRSTOR-centric" method + + This method sets the x87 exception pointers to a benign + state just before executing an FXRSTOR. It makes no + assumption about the state of the current x87 exception + pointers before executing the restore sequence. In the + normal case, where ES is not set before the FXRSTOR, the + "Clear Sequence" takes approximately 14 cycles (as + measured on an AMD Opteron). + + + + ## Restore Code ... + + ## Begin_Clear_Sequence + fnstsw %ax # Grab x87 ES bit + ffree st(7) # Clear tag bit to remove + # -possible stack overflow + bt $7,%ax # Test ES bit + jnc 1f # Jump if ES=0 + fnclex # ES=1, so clear it so fild + # -can't trap +1: fildl safe_address # Dummy Load from OS-dependent + # -"safe address" changes all + # -x87 exception pointers. + ## End_Clear_Sequence + fxrstor ... # Now swap in process state + + + + + "FXSAVE-centric" method + + This method may not apply to all operating systems + because it requires certain guarantees between FXSAVE + and a subsequent FXRSTOR; however, this is the method + that Linux will likely choose. This approach sets the + x87 exception pointers to a benign state just after + executing an FXSAVE. Between that point and entry into + another x87-using process, the requirement is that the + x87 state remains benign. If anything changes the x87 + exception pointers in the interim, then software must + clear out or save/restore the state explicitly again + before executing an FXRSTOR. + + In the normal case, where ES is not set after the + FXSAVE, the "Clear Sequence" takes approximately 7 + cycles (as measured on an AMD Opteron). However, the + added cycles to the FXSAVE code may be much less for + operating systems, like Linux, which currently place an + unconditional FNCLEX after the FXSAVE. The "Clear + Sequence" replaces the unconditional FNCLEX with a + conditional one and may actually *reduce* the number of + cycles used for the FXSAVE code. + + + ## FXSAVE Code + fxsave save_image # save old process state. + + ## Begin_Clear_Sequence + bt $7,save_image.fsw # Test saved ES bit + jnc 1f # Jump if ES=0 + fnclex # ES=1, so clear it so fild + # -can't trap +1: ffree st(7) # Clear tag bit to remove + # -possible stack overflow + fildl safe_address # Dummy Load from OS-dependent + # -"safe address" changes all + # -x87 exception pointers. + ## End_Clear_Sequence + ... + ## Restore Code + fxrstor ... # Now swap in process state + + + + + FNSAVE and FRSTOR + + 32-bit Operating Systems can use FNSAVE and FRSTOR to + always save and restore the complete x87 execution + state. However, because these instructions do not + save/restore XMM registers or associated state, software + must explicitly perform this operation. In addition, + because FSAVE/FNSAVE do not save the full 64-bit data + and instruction pointers for x87 state, 64-bit + applications should use FXSAVE/FXRSTOR, rather than + FSAVE/FRSTOR. + + + +Processors Affected +=================== +It is AMD's intent that all future "AuthenticAMD" AMD +processors (those that return "AuthenticAMD" for CPUID +vendor string) will follow the behavior of FXSAVE and +FXRSTOR as documented in the "AMD64 Architecture +Programmer's Manual Volume 5: 64-Bit Media and x87 +Floating-Point Instructions Rev 3.06". In addition, these +CPUID Families of "AuthenticAMD" AMD processors also follow +this behavior: + + + Family=06h: All 7th generation AMD processors (such as + AMD Athlon, AMD Duron, AMD Athlon MP, + AMD Athlon XP, and AMD Sempron). + + + Family=0Fh: All 8th generation AMD processors (such as + AMD Athlon64, AMD Athlon64 FX, AMD Opteron, + AMD Turion, and AMD Sempron). + +AMD processors which return "Geode by NSCe" for CPUID vendor +string do not follow this behavior. + diff --git a/share/security/advisories/FreeBSD-SA-06:14.fpu.asc b/share/security/advisories/FreeBSD-SA-06:14.fpu.asc new file mode 100644 index 0000000000..1d09a13b69 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:14.fpu.asc @@ -0,0 +1,170 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:14.fpu Security Advisory + The FreeBSD Project + +Topic: FPU information disclosure + +Category: core +Module: sys +Announced: 2006-04-19 +Credits: Jan Beulich +Affects: All FreeBSD/i386 and FreeBSD/amd64 releases. +Corrected: 2006-04-19 07:00:35 UTC (RELENG_6, 6.1-STABLE) + 2006-04-19 07:00:50 UTC (RELENG_6_1, 6.1-RELEASE) + 2006-04-19 07:01:12 UTC (RELENG_6_0, 6.0-RELEASE-p7) + 2006-04-19 07:01:30 UTC (RELENG_5, 5.5-STABLE) + 2006-04-19 07:01:53 UTC (RELENG_5_4, 5.4-RELEASE-p14) + 2006-04-19 07:02:23 UTC (RELENG_5_3, 5.3-RELEASE-p29) + 2006-04-19 07:02:43 UTC (RELENG_4, 4.11-STABLE) + 2006-04-19 07:03:01 UTC (RELENG_4_11, 4.11-RELEASE-p17) + 2006-04-19 07:03:14 UTC (RELENG_4_10, 4.10-RELEASE-p23) +CVE Name: CVE-2006-1056 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The floating-point unit (FPU) of i386 and amd64 processors is derived from +the original 8087 floating-point co-processor. As a result, the FPU +contains the same debugging registers FOP, FIP, and FDP which store the +opcode, instruction address, and data address of the instruction most +recently executed by the FPU. + +On processors implementing the "SSE" instruction set, a new pair of +instructions fxsave/fxrstor replaces the earlier fsave/frstor pair used +for saving and restoring the FPU state. These new instructions also +save and restore the contents of the additional registers used by SSE +instructions. + +II. Problem Description + +On "7th generation" and "8th generation" processors manufactured by AMD, +including the AMD Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64 +FX, Opteron, Turion, and Sempron, the fxsave and fxrstor instructions do +not save and restore the FOP, FIP, and FDP registers unless the exception +summary bit (ES) in the x87 status word is set to 1, indicating that an +unmasked x87 exception has occurred. + +This behaviour is consistent with documentation provided by AMD, but is +different from processors from other vendors, which save and restore the +FOP, FIP, and FDP registers regardless of the value of the ES bit. As a +result of this discrepancy remaining unnoticed until now, the FreeBSD +kernel does not restore the contents of the FOP, FIP, and FDP registers +between context switches. + +III. Impact + +On affected processors, a local attacker can monitor the execution path +of a process which uses floating-point operations. This may allow an +attacker to steal cryptographic keys or other sensitive information. + +IV. Workaround + +No workaround is available, but systems which do not use AMD Athlon, Duron, +Athlon MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, or Sempron +processors are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or +RELENG_4_10 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, and 6.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:14/fpu4x.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:14/fpu4x.patch.asc + +[FreeBSD 5.x and 6.x] +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:14/fpu.patch +# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:14/fpu.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/i386/isa/npx.c 1.80.2.4 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.18 + src/sys/conf/newvers.sh 1.44.2.39.2.21 + src/sys/i386/isa/npx.c 1.80.2.3.14.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.24 + src/sys/conf/newvers.sh 1.44.2.34.2.25 + src/sys/i386/isa/npx.c 1.80.2.3.12.1 +RELENG_5 + src/sys/amd64/amd64/fpu.c 1.154.2.2 + src/sys/i386/isa/npx.c 1.152.2.4 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.23 + src/sys/conf/newvers.sh 1.62.2.18.2.19 + src/sys/amd64/amd64/fpu.c 1.154.2.1.2.1 + src/sys/i386/isa/npx.c 1.152.2.3.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.32 + src/sys/conf/newvers.sh 1.62.2.15.2.34 + src/sys/amd64/amd64/fpu.c 1.154.4.1 + src/sys/i386/isa/npx.c 1.152.4.1 +RELENG_6 + src/sys/amd64/amd64/fpu.c 1.157.2.1 + src/sys/i386/isa/npx.c 1.162.2.2 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.1 + src/sys/conf/newvers.sh 1.69.2.11.2.1 + src/sys/amd64/amd64/fpu.c 1.157.6.1 + src/sys/i386/isa/npx.c 1.162.2.1.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.12 + src/sys/conf/newvers.sh 1.69.2.8.2.8 + src/sys/amd64/amd64/fpu.c 1.157.4.1 + src/sys/i386/isa/npx.c 1.162.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056 + +The latest revision of this advisory is available at +ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc + +VIII. Acknowledgements + +The FreeBSD Security Team would like to thank AMD, and Richard Brunner +specifically, for responding promptly to this issue and providing an +extensive response analyzing the problem. +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFEReGUFdaIBMps37IRAnmUAJ4lsl3bpH6duA5u/wssIa01o98BlwCgleWn +a1vJCiLwkkfqHtmBDKxaQ+A= +=4yls +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:15.ypserv.asc b/share/security/advisories/FreeBSD-SA-06:15.ypserv.asc new file mode 100644 index 0000000000..942010338d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:15.ypserv.asc @@ -0,0 +1,130 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:15.ypserv Security Advisory + The FreeBSD Project + +Topic: Inoperative access controls in ypserv(8) + +Category: core +Module: ypserv +Announced: 2006-05-31 +Credits: Hokan +Affects: All FreeBSD 5.x and FreeBSD 6.x releases +Corrected: 2006-05-31 22:31:21 UTC (RELENG_6, 6.1-STABLE) + 2006-05-31 22:31:42 UTC (RELENG_6_1, 6.1-RELEASE-p1) + 2006-05-31 22:32:04 UTC (RELENG_6_0, 6.0-RELEASE-p8) + 2006-05-31 22:32:22 UTC (RELENG_5, 5.5-STABLE) + 2006-05-31 22:32:49 UTC (RELENG_5_5, 5.5-RELEASE-p1) + 2006-05-31 22:33:17 UTC (RELENG_5_4, 5.4-RELEASE-p15) + 2006-05-31 22:33:41 UTC (RELENG_5_3, 5.3-RELEASE-p30) +CVE Name: CVE-2006-2655 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +The ypserv(8) utility is a server which distributes NIS databases to client +systems within an NIS domain. + +II. Problem Description + +There are two documented methods of restricting access to NIS maps through +ypserv(8): through the use of the /var/yp/securenets file, and through the +/etc/hosts.allow file. While both mechanisms are implemented in the server, +a change in the build process caused the "securenets" access restrictions +to be inadvertantly disabled. + +III. Impact + +ypserv(8) will not load or process any of the networks or hosts specified in +the /var/yp/securenets file, rendering those access controls ineffective. + +IV. Workaround + +One possible workaround is to use /etc/hosts.allow for access control, as +shown by examples in that file. + +Another workaround is to use a firewall (e.g., ipfw(4), ipf(4), or pf(4)) +to limit access to RPC functions from untrusted systems or networks, but +due to the complexities of RPC, it might be difficult to create a set of +firewall rules which accomplish this without blocking all access to the +machine in question. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE or 6-STABLE, or to the +RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, or RELENG_5_3 security +branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3, 5.4, +5.5, 6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch +# fetch http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/ypserv +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/usr.sbin/ypserv/yp_access.c 1.22.6.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.1 + src/sys/conf/newvers.sh 1.62.2.21.2.3 + src/usr.sbin/ypserv/yp_access.c 1.22.18.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.24 + src/sys/conf/newvers.sh 1.62.2.18.2.20 + src/usr.sbin/ypserv/yp_access.c 1.22.10.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.33 + src/sys/conf/newvers.sh 1.62.2.15.2.35 + src/usr.sbin/ypserv/yp_access.c 1.22.8.1 +RELENG_6 + src/usr.sbin/ypserv/yp_access.c 1.22.12.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.3 + src/sys/conf/newvers.sh 1.69.2.11.2.3 + src/usr.sbin/ypserv/yp_access.c 1.22.16.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.13 + src/sys/conf/newvers.sh 1.69.2.8.2.9 + src/usr.sbin/ypserv/yp_access.c 1.22.14.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2655 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFEfhuUFdaIBMps37IRAhH5AJ9cpTLcR+aWSRPUa1zUDYThhKDqowCggYr1 +4OyjFHW/C+NB9nMIX8Wf7IE= +=NNUN +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:16.smbfs.asc b/share/security/advisories/FreeBSD-SA-06:16.smbfs.asc new file mode 100644 index 0000000000..749a8192ef --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:16.smbfs.asc @@ -0,0 +1,148 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:16.smbfs Security Advisory + The FreeBSD Project + +Topic: smbfs chroot escape + +Category: core +Module: smbfs +Announced: 2006-05-31 +Credits: Mark Moseley +Affects: All FreeBSD releases. +Corrected: 2006-05-31 22:31:21 UTC (RELENG_6, 6.1-STABLE) + 2006-05-31 22:31:42 UTC (RELENG_6_1, 6.1-RELEASE-p1) + 2006-05-31 22:32:04 UTC (RELENG_6_0, 6.0-RELEASE-p8) + 2006-05-31 22:32:22 UTC (RELENG_5, 5.5-STABLE) + 2006-05-31 22:32:49 UTC (RELENG_5_5, 5.5-RELEASE-p1) + 2006-05-31 22:33:17 UTC (RELENG_5_4, 5.4-RELEASE-p15) + 2006-05-31 22:33:41 UTC (RELENG_5_3, 5.3-RELEASE-p30) + 2006-05-31 22:34:32 UTC (RELENG_4, 4.11-STABLE) + 2006-05-31 22:34:53 UTC (RELENG_4_11, 4.11-RELEASE-p18) + 2006-05-31 22:35:32 UTC (RELENG_4_10, 4.10-RELEASE-p24) +CVE Name: CVE-2006-2654 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +smbfs is a network file-system used to access file servers using the +SMB/CIFS protocol. chroot(2) is system call designed to limit a +process's access to a particular subset of a file-system. + +II. Problem Description + +smbfs does not properly sanitize paths containing a backslash +character; in particular the directory name '..\' is interpreted as +the parent directory by the SMB/CIFS server, but smbfs handles it in +the same manner as any other directory. + +III. Impact + +When inside a chroot environment which resides on a smbfs mounted +file-system it is possible for an attacker to escape out of this +chroot to any other directory on the smbfs mounted file-system. + +IV. Workaround + +Mount the smbfs file-systems which need to be used with chroot on top, +in a way so the chroot directory is exactly on the mount point and not +a sub directory. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, +RELENG_4_11, or RELENG_4_10 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.10, +4.11, 5.3, 5.4, 5.5, 6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:16/smbfs.patch +# fetch http://security.FreeBSD.org/patches/SA-06:16/smbfs.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/fs/smbfs/smbfs_vnops.c 1.2.2.11 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.19 + src/sys/conf/newvers.sh 1.44.2.39.2.22 + src/sys/fs/smbfs/smbfs_vnops.c 1.2.2.10.4.1 +RELENG_4_10 + src/UPDATING 1.73.2.90.2.25 + src/sys/conf/newvers.sh 1.44.2.34.2.26 + src/sys/fs/smbfs/smbfs_vnops.c 1.2.2.10.2.1 +RELENG_5 + src/sys/fs/smbfs/smbfs_vnops.c 1.46.2.2 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.1 + src/sys/conf/newvers.sh 1.62.2.21.2.3 + src/sys/fs/smbfs/smbfs_vnops.c 1.46.2.1.4.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.24 + src/sys/conf/newvers.sh 1.62.2.18.2.20 + src/sys/fs/smbfs/smbfs_vnops.c 1.46.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.33 + src/sys/conf/newvers.sh 1.62.2.15.2.35 + src/sys/fs/smbfs/smbfs_vnops.c 1.46.4.1 +RELENG_6 + src/sys/fs/smbfs/smbfs_vnops.c 1.61.2.2 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.3 + src/sys/conf/newvers.sh 1.69.2.11.2.3 + src/sys/fs/smbfs/smbfs_vnops.c 1.61.2.1.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.13 + src/sys/conf/newvers.sh 1.69.2.8.2.9 + src/sys/fs/smbfs/smbfs_vnops.c 1.61.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2654 + +The following three references correspond to independent bugs which +affect the Linux kernel but have the same impact: +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1863 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864 +https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFEfhueFdaIBMps37IRAquuAJ0eCPAahUu19kdTjKpVHrrtQ9q16gCfZ5sC +xknjanFlpMxJAZ7iYSxBvcI= +=PvoL +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:17.sendmail.asc b/share/security/advisories/FreeBSD-SA-06:17.sendmail.asc new file mode 100644 index 0000000000..e84e39e23c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:17.sendmail.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:17.sendmail Security Advisory + The FreeBSD Project + +Topic: Incorrect multipart message handling in Sendmail + +Category: contrib +Module: contrib_sendmail +Announced: 2006-06-14 +Affects: All FreeBSD releases. +Corrected: 2006-06-14 15:58:23 UTC (RELENG_6, 6.1-STABLE) + 2006-06-14 15:59:28 UTC (RELENG_6_1, 6.1-RELEASE-p2) + 2006-06-14 15:59:37 UTC (RELENG_6_0, 6.0-RELEASE-p9) + 2006-06-14 16:00:02 UTC (RELENG_5, 5.5-STABLE) + 2006-06-14 16:00:22 UTC (RELENG_5_5, 5.5-RELEASE-p2) + 2006-06-14 16:00:42 UTC (RELENG_5_4, 5.4-RELEASE-p16) + 2006-06-14 16:00:56 UTC (RELENG_5_3, 5.3-RELEASE-p31) + 2006-06-14 16:01:06 UTC (RELENG_4, 4.11-STABLE) + 2006-06-14 16:01:21 UTC (RELENG_4_11, 4.11-RELEASE-p19) +CVE Name: CVE-2006-1173 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +FreeBSD includes sendmail(8), a general purpose internetwork mail +routing facility, as the default Mail Transfer Agent (MTA). + +II. Problem Description + +A suitably malformed multipart MIME message can cause sendmail to exceed +predefined limits on its stack usage. + +III. Impact + +An attacker able to send mail to, or via, a server can cause queued +messages on the system to not be delivered, by causing the sendmail process +which handles queued messages to crash. Note that this will not stop new +messages from entering the queue (either from local processes, or incoming +via SMTP). + +IV. Workaround + +No workaround is available, but systems which do not receive email from +untrusted sources are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, +or RELENG_4_11 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.11, 5.3, +5.4, 5.5, 6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:17/sendmail.patch +# fetch http://security.FreeBSD.org/patches/SA-06:17/sendmail.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libsm +# make obj && make depend && make +# cd /usr/src/lib/libsmutil +# make obj && make depend && make +# cd /usr/src/usr.sbin/sendmail +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/sendmail/src/deliver.c 1.1.1.3.2.24 + src/contrib/sendmail/src/mime.c 1.1.1.3.2.14 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.31 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.19 + src/sys/conf/newvers.sh 1.44.2.39.2.22 + src/contrib/sendmail/src/deliver.c 1.1.1.3.2.17.2.2 + src/contrib/sendmail/src/mime.c 1.1.1.3.2.8.2.2 + src/contrib/sendmail/src/sendmail.h 1.1.1.4.2.19.2.2 +RELENG_5 + src/contrib/sendmail/src/deliver.c 1.1.1.21.2.6 + src/contrib/sendmail/src/mime.c 1.1.1.12.2.5 + src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.6 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.1 + src/sys/conf/newvers.sh 1.62.2.21.2.3 + src/contrib/sendmail/src/deliver.c 1.1.1.21.2.4.2.1 + src/contrib/sendmail/src/mime.c 1.1.1.12.2.3.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.4.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.24 + src/sys/conf/newvers.sh 1.62.2.18.2.20 + src/contrib/sendmail/src/deliver.c 1.1.1.21.2.1.2.2 + src/contrib/sendmail/src/mime.c 1.1.1.12.2.1.2.2 + src/contrib/sendmail/src/sendmail.h 1.1.1.23.2.1.2.2 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.33 + src/sys/conf/newvers.sh 1.62.2.15.2.35 + src/contrib/sendmail/src/deliver.c 1.1.1.21.4.2 + src/contrib/sendmail/src/mime.c 1.1.1.12.4.2 + src/contrib/sendmail/src/sendmail.h 1.1.1.23.4.2 +RELENG_6 + src/contrib/sendmail/src/deliver.c 1.1.1.23.2.3 + src/contrib/sendmail/src/mime.c 1.1.1.13.2.3 + src/contrib/sendmail/src/sendmail.h 1.1.1.26.2.3 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.3 + src/sys/conf/newvers.sh 1.69.2.11.2.3 + src/contrib/sendmail/src/deliver.c 1.1.1.23.2.2.2.1 + src/contrib/sendmail/src/mime.c 1.1.1.13.2.2.2.1 + src/contrib/sendmail/src/sendmail.h 1.1.1.26.2.2.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.13 + src/sys/conf/newvers.sh 1.69.2.8.2.9 + src/contrib/sendmail/src/deliver.c 1.1.1.23.4.2 + src/contrib/sendmail/src/mime.c 1.1.1.13.4.2 + src/contrib/sendmail/src/sendmail.h 1.1.1.26.4.2 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFEkDVJFdaIBMps37IRAqUCAJwKg8UZ2a5oO9XLXpPwgsBi+YdQcACgj2IY +D5jN+o1IfjomEK4IIY+xiR8= +=t7Wz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:18.ppp.asc b/share/security/advisories/FreeBSD-SA-06:18.ppp.asc new file mode 100644 index 0000000000..160de81443 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:18.ppp.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:08.ppp Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in sppp(4) + +Category: core +Module: sys_net +Announced: 2006-08-23 +Credits: Martin Husemann, Pavel Cahyna +Affects: All FreeBSD releases. +Corrected: 2006-08-23 22:01:44 UTC (RELENG_6, 6.1-STABLE) + 2006-08-23 22:02:25 UTC (RELENG_6_1, 6.1-RELEASE-p4) + 2006-08-23 22:02:52 UTC (RELENG_6_0, 6.0-RELEASE-p10) + 2006-08-23 22:03:55 UTC (RELENG_5, 5.5-STABLE) + 2006-08-23 22:04:28 UTC (RELENG_5_5, 5.5-RELEASE-p3) + 2006-08-23 22:04:58 UTC (RELENG_5_4, 5.4-RELEASE-p17) + 2006-08-23 22:05:49 UTC (RELENG_5_3, 5.3-RELEASE-p32) + 2006-08-23 22:06:08 UTC (RELENG_4, 4.11-STABLE) + 2006-08-23 22:06:40 UTC (RELENG_4_11, 4.11-RELEASE-p20) +CVE Name: CVE-2006-4304 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +0. Revision History + +v1.0 2006-08-23 Initial release. +v1.1 2006-08-25 Corrected name of affected driver. + +NOTE WELL: The original version of this advisory identified the affected +driver as ppp(4). This is incorrect; the problem occurs in the sppp(4) +driver instead. + +I. Background + +The sppp(4) driver implements the state machine and the Link Control +Protocol (LCP) of the Point-to-Point Protocol (PPP) and is used in +combination with underlying drivers which provide synchronous +point-to-point connections. In particular, sppp(4) is commonly used +with i4bisppp(4) and ng_sppp(4). + +II. Problem Description + +While processing Link Control Protocol (LCP) configuration options received +from the remote host, sppp(4) fails to correctly validate option lengths. +This may result in data being read or written beyond the allocated kernel +memory buffer. + +III. Impact + +An attacker able to send LCP packets, including the remote end of a sppp(4) +connection, can cause the FreeBSD kernel to panic. Such an attacker may +also be able to obtain sensitive information or gain elevated privileges. + +IV. Workaround + +No workaround is available, but systems which do not use sppp(4) are not +vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, +or RELENG_4_11 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.11, 5.3, +5.4, 5.5, 6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.x] +# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch +# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch.asc + +[FreeBSD 5.3] +# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp53.patch +# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp53.patch.asc + +[FreeBSD 5.4, 5.5, and 6.x] +# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp.patch +# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/net/if_spppsubr.c 1.59.2.15 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.21 + src/sys/conf/newvers.sh 1.44.2.39.2.24 + src/sys/net/if_spppsubr.c 1.59.2.13.10.1 +RELENG_5 + src/sys/net/if_spppsubr.c 1.113.2.3 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.3 + src/sys/conf/newvers.sh 1.62.2.21.2.5 + src/sys/net/if_spppsubr.c 1.113.2.2.4.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.26 + src/sys/conf/newvers.sh 1.62.2.18.2.22 + src/sys/net/if_spppsubr.c 1.113.2.2.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.35 + src/sys/conf/newvers.sh 1.62.2.15.2.37 + src/sys/net/if_spppsubr.c 1.113.2.1.2.1 +RELENG_6 + src/sys/net/if_spppsubr.c 1.119.2.3 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.6 + src/sys/conf/newvers.sh 1.69.2.11.2.6 + src/sys/net/if_spppsubr.c 1.119.2.2.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.15 + src/sys/conf/newvers.sh 1.69.2.8.2.11 + src/sys/net/if_spppsubr.c 1.119.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFE7u0+FdaIBMps37IRAhmDAKCVpSUMmugw8j5HEjMfSTln+3KdjwCeNKmx +Qna3jib3T9pASUWraImZYL0= +=XAoj +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:19.openssl.asc b/share/security/advisories/FreeBSD-SA-06:19.openssl.asc new file mode 100644 index 0000000000..9678d9c995 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:19.openssl.asc @@ -0,0 +1,150 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:19.openssl Security Advisory + The FreeBSD Project + +Topic: Incorrect PKCS#1 v1.5 padding validation in crypto(3) + +Category: contrib +Module: openssl +Announced: 2006-09-06 +Affects: All FreeBSD releases. +Corrected: 2006-09-06 21:18:26 UTC (RELENG_6, 6.1-STABLE) + 2006-09-06 21:19:21 UTC (RELENG_6_1, 6.1-RELEASE-p6) + 2006-09-06 21:20:08 UTC (RELENG_6_0, 6.0-RELEASE-p11) + 2006-09-06 21:20:54 UTC (RELENG_5, 5.5-STABLE) + 2006-09-06 21:21:50 UTC (RELENG_5_5, 5.5-RELEASE-p4) + 2006-09-06 21:22:39 UTC (RELENG_5_4, 5.4-RELEASE-p18) + 2006-09-06 21:23:16 UTC (RELENG_5_3, 5.3-RELEASE-p33) + 2006-09-06 21:24:04 UTC (RELENG_4, 4.11-STABLE) + 2006-09-06 21:24:54 UTC (RELENG_4_11, 4.11-RELEASE-p21) +CVE Name: CVE-2006-4339 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured, +and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +PKCS#1 v1.5 is a standard for "padding" data before performing a +cryptographic operation using the RSA algorithm. PKCS#1 v1.5 signatures +are for example used in X.509 certificates. + +RSA public keys may use a variety of public exponents, of which 3, 17, and +65537 are most common. As a result of a number of known attacks, most keys +generated recently use a public exponent of at least 65537. + +II. Problem Description + +When verifying a PKCS#1 v1.5 signature, OpenSSL ignores any bytes which +follow the cryptographic hash being signed. In a valid signature there +will be no such bytes. + +III. Impact + +OpenSSL will incorrectly report some invalid signatures as valid. When +an RSA public exponent of 3 is used, or more generally when a small public +exponent is used with a relatively large modulus (e.g., a public exponent +of 17 with a 4096-bit modulus), an attacker can construct a signature which +OpenSSL will accept as a valid PKCS#1 v1.5 signature. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, +or RELENG_4_11 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.11, 5.3, +5.4, 5.5, 6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:19/openssl.patch +# fetch http://security.FreeBSD.org/patches/SA-06:19/openssl.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in + and reboot the +system. + +NOTE: Any third-party applications, including those installed from the +FreeBSD ports collection, which are statically linked to libcrypto(3) +should be recompiled in order to use the corrected code. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.1.2.6 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.22 + src/sys/conf/newvers.sh 1.44.2.39.2.25 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.1.2.5.6.1 +RELENG_5 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.4.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.4 + src/sys/conf/newvers.sh 1.62.2.21.2.6 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.16.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.27 + src/sys/conf/newvers.sh 1.62.2.18.2.23 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.8.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.36 + src/sys/conf/newvers.sh 1.62.2.15.2.38 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.6.1 +RELENG_6 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.10.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.8 + src/sys/conf/newvers.sh 1.69.2.11.2.8 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.14.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.16 + src/sys/conf/newvers.sh 1.69.2.8.2.12 + src/crypto/openssl/crypto/rsa/rsa_sign.c 1.1.1.6.12.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.openssl.org/news/secadv_20060905.txt +http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (FreeBSD) + +iD8DBQFE/0FzFdaIBMps37IRApq5AJ9LYe7MpHgG+fGWs9zNaFWrTd5mFQCgj5k8 +0lBDO5lDb8jCB5vrjvfhyGY= +=ihRT +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:20.bind.asc b/share/security/advisories/FreeBSD-SA-06:20.bind.asc new file mode 100644 index 0000000000..71d9ef42c5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:20.bind.asc @@ -0,0 +1,156 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:20.bind Security Advisory + The FreeBSD Project + +Topic: Denial of Service in named(8) + +Category: contrib +Module: bind +Announced: 2006-09-06 +Credits: The Measurement Factory +Affects: FreeBSD 5.3 and later. +Corrected: 2006-09-06 21:18:26 UTC (RELENG_6, 6.1-STABLE) + 2006-09-06 21:19:21 UTC (RELENG_6_1, 6.1-RELEASE-p6) + 2006-09-06 21:20:08 UTC (RELENG_6_0, 6.0-RELEASE-p11) + 2006-09-06 21:20:54 UTC (RELENG_5, 5.5-STABLE) + 2006-09-06 21:21:50 UTC (RELENG_5_5, 5.5-RELEASE-p4) + 2006-09-06 21:22:39 UTC (RELENG_5_4, 5.4-RELEASE-p18) + 2006-09-06 21:23:16 UTC (RELENG_5_3, 5.3-RELEASE-p33) +CVE Name: CVE-2006-4095, CVE-2006-4096 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit +. + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet domain name server. DNS Security +Extensions (DNSSEC) are additional protocol options that add +authentication and integrity to the DNS protocols. + +II. Problem Description + +For a recursive DNS server, a remote attacker sending enough recursive +queries for the replies to arrive after all the interested clients +have left the recursion queue will trigger an INSIST failure in the +named(8) daemon. Also for a recursive DNS server, an assertion +failure can occur when processing a query whose reply will contain +more than one SIG(covered) RRset. + +For an authoritative DNS server serving a RFC 2535 DNSSEC zone which +is queried for the SIG records where there are multiple SIG(covered) +RRsets (e.g. a zone apex), named(8) will trigger an assertion failure +when it tries to construct the response. + +III. Impact + +An attacker who can perform recursive lookups on a DNS server and is able +to send a sufficiently large number of recursive queries, or is able to +get the DNS server to return more than one SIG(covered) RRsets can stop +the functionality of the DNS service. + +An attacker querying an authoritative DNS server serving a RFC 2535 +DNSSEC zone may be able to crash the DNS server. + +All of the above issues will result in a Denial of Service situation. + +IV. Workaround + +A possible workaround is to only allow trusted clients to perform recursive +queries. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, or RELENG_5_3 security +branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.3, 5.4, +5.5, 6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:20/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-06:20/bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install + +c) Restart the named application: + +# /etc/rc.d/named restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/contrib/bind9/bin/named/query.c 1.1.1.1.2.3 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.1.2.5 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.4 + src/sys/conf/newvers.sh 1.62.2.21.2.6 + src/contrib/bind9/bin/named/query.c 1.1.1.1.2.2.2.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.1.2.4.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.27 + src/sys/conf/newvers.sh 1.62.2.18.2.23 + src/contrib/bind9/bin/named/query.c 1.1.1.1.2.1.4.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.1.2.2.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.36 + src/sys/conf/newvers.sh 1.62.2.15.2.38 + src/contrib/bind9/bin/named/query.c 1.1.1.1.2.1.2.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.1.2.1.2.1 +RELENG_6 + src/contrib/bind9/bin/named/query.c 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.3 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.8 + src/sys/conf/newvers.sh 1.69.2.11.2.8 + src/contrib/bind9/bin/named/query.c 1.1.1.1.4.1.2.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.2.2.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.16 + src/sys/conf/newvers.sh 1.69.2.8.2.12 + src/contrib/bind9/bin/named/query.c 1.1.1.1.6.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096 +http://www.kb.cert.org/vuls/id/697164 +http://www.kb.cert.org/vuls/id/915404 +http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (FreeBSD) + +iD8DBQFFDQK8FdaIBMps37IRAj2LAJ0Y0zC/Soyr6GOLnYalU7ztpTzSpwCdExZy +j+Wxxc1IGOtrIYhV0sKTIEU= +=Gk4P +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:21.gzip.asc b/share/security/advisories/FreeBSD-SA-06:21.gzip.asc new file mode 100644 index 0000000000..e235145045 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:21.gzip.asc @@ -0,0 +1,162 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:21.gzip Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in gzip + +Category: contrib +Module: gzip +Announced: 2006-09-19 +Credits: Tavis Ormandy, Google Security Team +Affects: All FreeBSD releases. +Corrected: 2006-09-19 14:02:30 UTC (RELENG_6, 6.2-PRERELEASE) + 2006-09-19 14:03:26 UTC (RELENG_6_1, 6.1-RELEASE-p7) + 2006-09-19 14:04:13 UTC (RELENG_6_0, 6.0-RELEASE-p12) + 2006-09-19 14:06:21 UTC (RELENG_5, 5.5-STABLE) + 2006-09-19 14:07:13 UTC (RELENG_5_5, 5.5-RELEASE-p5) + 2006-09-19 14:08:10 UTC (RELENG_5_4, 5.4-RELEASE-p19) + 2006-09-19 14:09:09 UTC (RELENG_5_3, 5.3-RELEASE-p34) + 2006-09-19 14:11:35 UTC (RELENG_4, 4.11-STABLE) + 2006-09-19 14:13:53 UTC (RELENG_4_11, 4.11-RELEASE-p22) +CVE Name: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, + CVE-2006-4338 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +gzip is a file compression utility. + +II. Problem Description + +Multiple programming errors have been found in gzip which can be +triggered when gzip is decompressing files. These errors include +insufficient bounds checks in buffer use, a NULL pointer dereference, +and a potential infinite loop. + +III. Impact + +The insufficient bounds checks in buffer use can cause gzip to crash, +and may permit the execution of arbitrary code. The NULL pointer +deference can cause gzip to crash. The infinite loop can cause a +Denial-of-Service situation where gzip uses all available CPU time. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, +or RELENG_4_11 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.11, 5.3, +5.4, 5.5, 6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:21/gzip.patch +# fetch http://security.FreeBSD.org/patches/SA-06:21/gzip.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/gzip +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/gnu/usr.bin/gzip/gzip.h 1.3.12.1 + src/gnu/usr.bin/gzip/inflate.c 1.8.2.2 + src/gnu/usr.bin/gzip/unlzh.c 1.5.2.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.2.1 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.23 + src/sys/conf/newvers.sh 1.44.2.39.2.26 + src/gnu/usr.bin/gzip/gzip.h 1.3.36.1 + src/gnu/usr.bin/gzip/inflate.c 1.8.2.1.2.1 + src/gnu/usr.bin/gzip/unlzh.c 1.5.30.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.30.1 +RELENG_5 + src/gnu/usr.bin/gzip/gzip.h 1.4.2.1 + src/gnu/usr.bin/gzip/inflate.c 1.9.2.1 + src/gnu/usr.bin/gzip/unlzh.c 1.5.26.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.26.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.5 + src/sys/conf/newvers.sh 1.62.2.21.2.7 + src/gnu/usr.bin/gzip/gzip.h 1.4.14.1 + src/gnu/usr.bin/gzip/inflate.c 1.9.14.1 + src/gnu/usr.bin/gzip/unlzh.c 1.5.40.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.40.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.28 + src/sys/conf/newvers.sh 1.62.2.18.2.24 + src/gnu/usr.bin/gzip/gzip.h 1.4.6.1 + src/gnu/usr.bin/gzip/inflate.c 1.9.6.1 + src/gnu/usr.bin/gzip/unlzh.c 1.5.32.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.32.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.37 + src/sys/conf/newvers.sh 1.62.2.15.2.39 + src/gnu/usr.bin/gzip/gzip.h 1.4.4.1 + src/gnu/usr.bin/gzip/inflate.c 1.9.4.1 + src/gnu/usr.bin/gzip/unlzh.c 1.5.28.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.28.1 +RELENG_6 + src/gnu/usr.bin/gzip/gzip.h 1.4.8.1 + src/gnu/usr.bin/gzip/inflate.c 1.9.8.1 + src/gnu/usr.bin/gzip/unlzh.c 1.5.34.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.34.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.9 + src/sys/conf/newvers.sh 1.69.2.11.2.9 + src/gnu/usr.bin/gzip/gzip.h 1.4.12.1 + src/gnu/usr.bin/gzip/inflate.c 1.9.12.1 + src/gnu/usr.bin/gzip/unlzh.c 1.5.38.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.38.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.17 + src/sys/conf/newvers.sh 1.69.2.8.2.13 + src/gnu/usr.bin/gzip/gzip.h 1.4.10.1 + src/gnu/usr.bin/gzip/inflate.c 1.9.10.1 + src/gnu/usr.bin/gzip/unlzh.c 1.5.36.1 + src/gnu/usr.bin/gzip/unpack.c 1.6.36.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (FreeBSD) + +iD8DBQFFD/6bFdaIBMps37IRAgMGAJ9f7rYLs32ZEAKWwhcPqAWrp6fNwACgg2Wj +fw3izMEcpupfqNkkQKizV5g= +=xYxa +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:22.openssh.asc b/share/security/advisories/FreeBSD-SA-06:22.openssh.asc new file mode 100644 index 0000000000..5294f2e563 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:22.openssh.asc @@ -0,0 +1,273 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:22.openssh Security Advisory + The FreeBSD Project + +Topic: Multiple vulnerabilities in OpenSSH + +Category: contrib +Module: openssh +Announced: 2006-09-30 +Credits: Tavis Ormandy, Mark Dowd +Affects: All FreeBSD releases. +Corrected: 2006-09-30 19:50:57 UTC (RELENG_6, 6.2-PRERELEASE) + 2006-09-30 19:51:56 UTC (RELENG_6_1, 6.1-RELEASE-p10) + 2006-09-30 19:53:21 UTC (RELENG_6_0, 6.0-RELEASE-p15) + 2006-09-30 19:54:03 UTC (RELENG_5, 5.5-STABLE) + 2006-09-30 19:54:58 UTC (RELENG_5_5, 5.5-RELEASE-p8) + 2006-09-30 19:55:52 UTC (RELENG_5_4, 5.4-RELEASE-p22) + 2006-09-30 19:56:38 UTC (RELENG_5_3, 5.3-RELEASE-p37) + 2006-09-30 19:57:15 UTC (RELENG_4, 4.11-STABLE) + 2006-09-30 19:58:07 UTC (RELENG_4_11, 4.11-RELEASE-p25) +CVE Name: CVE-2006-4924, CVE-2006-5051 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +OpenSSH is an implementation of the SSH protocol suite, providing an +encrypted, authenticated transport for a variety of services, +including remote shell access. + +II. Problem Description + +The CRC compensation attack detector in the sshd(8) daemon, upon receipt +of duplicate blocks, uses CPU time cubic in the number of duplicate +blocks received. [CVE-2006-4924] + +A race condition exists in a signal handler used by the sshd(8) daemon +to handle the LoginGraceTime option, which can potentially cause some +cleanup routines to be executed multiple times. [CVE-2006-5051] + +III. Impact + +An attacker sending specially crafted packets to sshd(8) can cause a +Denial of Service by using 100% of CPU time until a connection timeout +occurs. Since this attack can be performed over multiple connections +simultaneously, it is possible to cause up to MaxStartups (10 by default) +sshd processes to use all the CPU time they can obtain. [CVE-2006-4924] + +The OpenSSH project believe that the race condition can lead to a Denial +of Service or potentially remote code execution, but the FreeBSD Security +Team has been unable to verify the exact impact. [CVE-2006-5051] + +IV. Workaround + +The attack against the CRC compensation attack detector can be avoided +by disabling SSH Protocol version 1 support in sshd_config(5). + +There is no workaround for the second issue. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, +or RELENG_4_11 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.11, 5.3, +5.4, 5.5, 6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 4.11] +# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh4x.patch +# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh4x.patch.asc + +[FreeBSD 5.x] +# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh5x.patch +# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh5x.patch.asc + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh6x.patch +# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh6x.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libssh +# make obj && make depend && make && make install +# cd /usr/src/secure/usr.sbin/sshd +# make obj && make depend && make && make install + +c) Restart the SSH daemon. On FreeBSD 5.x and 6.x, this can be done via + +# /etc/rc.d/sshd restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssh/deattack.c 1.1.1.1.2.6 + src/crypto/openssh/deattack.h 1.1.1.1.2.3 + src/crypto/openssh/defines.h 1.1.1.2.2.3 + src/crypto/openssh/log.c 1.1.1.1.2.6 + src/crypto/openssh/log.h 1.1.1.1.2.4 + src/crypto/openssh/packet.c 1.1.1.1.2.7 + src/crypto/openssh/ssh_config 1.2.2.10 + src/crypto/openssh/ssh_config.5 1.4.2.6 + src/crypto/openssh/sshd.c 1.6.2.12 + src/crypto/openssh/sshd_config 1.4.2.14 + src/crypto/openssh/sshd_config.5 1.5.2.8 + src/crypto/openssh/version.h 1.1.1.1.2.14 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.26 + src/sys/conf/newvers.sh 1.44.2.39.2.29 + src/crypto/openssh/deattack.c 1.1.1.1.2.5.6.1 + src/crypto/openssh/deattack.h 1.1.1.1.2.2.10.1 + src/crypto/openssh/defines.h 1.1.1.2.2.2.8.1 + src/crypto/openssh/log.c 1.1.1.1.2.5.8.1 + src/crypto/openssh/log.h 1.1.1.1.2.3.8.1 + src/crypto/openssh/packet.c 1.1.1.1.2.6.8.1 + src/crypto/openssh/ssh_config 1.2.2.9.6.1 + src/crypto/openssh/ssh_config.5 1.4.2.5.6.1 + src/crypto/openssh/sshd.c 1.6.2.11.8.1 + src/crypto/openssh/sshd_config 1.4.2.13.6.1 + src/crypto/openssh/sshd_config.5 1.5.2.7.4.1 + src/crypto/openssh/version.h 1.1.1.1.2.13.6.1 +RELENG_5 + src/crypto/openssh/auth.h 1.13.2.1 + src/crypto/openssh/deattack.c 1.1.1.7.2.1 + src/crypto/openssh/deattack.h 1.1.1.3.8.1 + src/crypto/openssh/defines.h 1.1.1.7.2.1 + src/crypto/openssh/log.c 1.1.1.10.2.1 + src/crypto/openssh/log.h 1.5.2.1 + src/crypto/openssh/packet.c 1.1.1.14.2.1 + src/crypto/openssh/session.c 1.44.2.1 + src/crypto/openssh/ssh_config 1.25.2.2 + src/crypto/openssh/ssh_config.5 1.15.2.2 + src/crypto/openssh/sshd.c 1.37.2.1 + src/crypto/openssh/sshd_config 1.40.2.2 + src/crypto/openssh/sshd_config.5 1.21.2.2 + src/crypto/openssh/version.h 1.27.2.2 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.8 + src/sys/conf/newvers.sh 1.62.2.21.2.10 + src/crypto/openssh/auth.h 1.13.8.1 + src/crypto/openssh/deattack.c 1.1.1.7.14.1 + src/crypto/openssh/deattack.h 1.1.1.3.20.1 + src/crypto/openssh/defines.h 1.1.1.7.8.1 + src/crypto/openssh/log.c 1.1.1.10.8.1 + src/crypto/openssh/log.h 1.5.8.1 + src/crypto/openssh/packet.c 1.1.1.14.8.1 + src/crypto/openssh/session.c 1.44.8.1 + src/crypto/openssh/ssh_config 1.25.2.1.2.1 + src/crypto/openssh/ssh_config.5 1.15.2.1.2.1 + src/crypto/openssh/sshd.c 1.37.8.1 + src/crypto/openssh/sshd_config 1.40.2.1.2.1 + src/crypto/openssh/sshd_config.5 1.21.2.1.2.1 + src/crypto/openssh/version.h 1.27.2.1.2.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.31 + src/sys/conf/newvers.sh 1.62.2.18.2.27 + src/crypto/openssh/auth.h 1.13.6.1 + src/crypto/openssh/deattack.c 1.1.1.7.6.1 + src/crypto/openssh/deattack.h 1.1.1.3.12.1 + src/crypto/openssh/defines.h 1.1.1.7.6.1 + src/crypto/openssh/log.c 1.1.1.10.6.1 + src/crypto/openssh/log.h 1.5.6.1 + src/crypto/openssh/packet.c 1.1.1.14.6.1 + src/crypto/openssh/session.c 1.44.6.1 + src/crypto/openssh/ssh_config 1.25.6.2 + src/crypto/openssh/ssh_config.5 1.15.6.2 + src/crypto/openssh/sshd.c 1.37.6.1 + src/crypto/openssh/sshd_config 1.40.6.2 + src/crypto/openssh/sshd_config.5 1.21.6.2 + src/crypto/openssh/version.h 1.27.6.2 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.40 + src/sys/conf/newvers.sh 1.62.2.15.2.42 + src/crypto/openssh/auth.h 1.13.4.1 + src/crypto/openssh/deattack.c 1.1.1.7.4.1 + src/crypto/openssh/deattack.h 1.1.1.3.10.1 + src/crypto/openssh/defines.h 1.1.1.7.4.1 + src/crypto/openssh/log.c 1.1.1.10.4.1 + src/crypto/openssh/log.h 1.5.4.1 + src/crypto/openssh/packet.c 1.1.1.14.4.1 + src/crypto/openssh/session.c 1.44.4.1 + src/crypto/openssh/ssh_config 1.25.4.2 + src/crypto/openssh/ssh_config.5 1.15.4.2 + src/crypto/openssh/sshd.c 1.37.4.1 + src/crypto/openssh/sshd_config 1.40.4.2 + src/crypto/openssh/sshd_config.5 1.21.4.2 + src/crypto/openssh/version.h 1.27.4.2 +RELENG_6 + src/crypto/openssh/auth.h 1.15.2.2 + src/crypto/openssh/deattack.c 1.1.1.7.8.1 + src/crypto/openssh/deattack.h 1.1.1.3.14.1 + src/crypto/openssh/defines.h 1.1.1.9.2.2 + src/crypto/openssh/log.c 1.1.1.13.2.1 + src/crypto/openssh/log.h 1.6.2.1 + src/crypto/openssh/packet.c 1.1.1.16.2.2 + src/crypto/openssh/session.c 1.46.2.2 + src/crypto/openssh/ssh_config 1.27.2.2 + src/crypto/openssh/ssh_config.5 1.17.2.2 + src/crypto/openssh/sshd.c 1.39.2.2 + src/crypto/openssh/sshd_config 1.42.2.2 + src/crypto/openssh/sshd_config.5 1.23.2.2 + src/crypto/openssh/version.h 1.30.2.2 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.12 + src/sys/conf/newvers.sh 1.69.2.11.2.12 + src/crypto/openssh/auth.h 1.15.2.1.4.1 + src/crypto/openssh/deattack.c 1.1.1.7.12.1 + src/crypto/openssh/deattack.h 1.1.1.3.18.1 + src/crypto/openssh/defines.h 1.1.1.9.2.1.4.1 + src/crypto/openssh/log.c 1.1.1.13.6.1 + src/crypto/openssh/log.h 1.6.6.1 + src/crypto/openssh/packet.c 1.1.1.16.2.1.4.1 + src/crypto/openssh/session.c 1.46.2.1.4.1 + src/crypto/openssh/ssh_config 1.27.2.1.4.1 + src/crypto/openssh/ssh_config.5 1.17.2.1.4.1 + src/crypto/openssh/sshd.c 1.39.2.1.4.1 + src/crypto/openssh/sshd_config 1.42.2.1.4.1 + src/crypto/openssh/sshd_config.5 1.23.2.1.4.1 + src/crypto/openssh/version.h 1.30.2.1.4.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.20 + src/sys/conf/newvers.sh 1.69.2.8.2.16 + src/crypto/openssh/auth.h 1.15.2.1.2.1 + src/crypto/openssh/deattack.c 1.1.1.7.10.1 + src/crypto/openssh/deattack.h 1.1.1.3.16.1 + src/crypto/openssh/defines.h 1.1.1.9.2.1.2.1 + src/crypto/openssh/log.c 1.1.1.13.4.1 + src/crypto/openssh/log.h 1.6.4.1 + src/crypto/openssh/packet.c 1.1.1.16.2.1.2.1 + src/crypto/openssh/session.c 1.46.2.1.2.1 + src/crypto/openssh/ssh_config 1.27.2.1.2.1 + src/crypto/openssh/ssh_config.5 1.17.2.1.2.1 + src/crypto/openssh/sshd.c 1.39.2.1.2.1 + src/crypto/openssh/sshd_config 1.42.2.1.2.1 + src/crypto/openssh/sshd_config.5 1.23.2.1.2.1 + src/crypto/openssh/version.h 1.30.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.openssh.com/txt/release-4.4 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (FreeBSD) + +iD8DBQFFHtD+FdaIBMps37IRAhw8AJ0dNrOCiYVEmqQqePByx/KUrdi+AACeNcB0 +T5VfZGGXDv31Py3yxejjhlw= +=f1ch +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:23.openssl.asc b/share/security/advisories/FreeBSD-SA-06:23.openssl.asc new file mode 100644 index 0000000000..c0997813bf --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:23.openssl.asc @@ -0,0 +1,287 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:23.openssl Security Advisory + The FreeBSD Project + +Topic: Multiple problems in crypto(3) + +Category: contrib +Module: openssl +Announced: 2006-09-28 +Credits: Dr S N Henson, Tavis Ormandy, Will Drewry + Stephen Kiernan (Juniper SIRT) +Affects: All FreeBSD releases. +Corrected: 2006-09-29 13:44:03 UTC (RELENG_6, 6.2-PRERELEASE) + 2006-09-29 13:44:31 UTC (RELENG_6_1, 6.1-RELEASE-p9) + 2006-09-29 13:44:45 UTC (RELENG_6_0, 6.0-RELEASE-p14) + 2006-09-29 13:45:01 UTC (RELENG_5, 5.5-STABLE) + 2006-09-29 13:45:43 UTC (RELENG_5_5, 5.5-RELEASE-p7) + 2006-09-29 13:45:59 UTC (RELENG_5_4, 5.4-RELEASE-p21) + 2006-09-29 13:46:10 UTC (RELENG_5_3, 5.3-RELEASE-p36) + 2006-09-29 13:46:23 UTC (RELENG_4, 4.11-STABLE) + 2006-09-29 13:46:41 UTC (RELENG_4_11, 4.11-RELEASE-p24) +CVE Name: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +0. Revision History + +v1.0 2006-09-28 Initial release. +v1.1 2006-09-29 Corrected patch. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured, +and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +Several problems have been found in OpenSSL: + +1. During the parsing of certain invalid ASN1 structures an error condition +is mishandled, possibly resulting in an infinite loop. [CVE-2006-2937] + +2. A buffer overflow exists in the SSL_get_shared_ciphers function. +[CVE-2006-3738] + +3. A NULL pointer may be dereferenced in the SSL version 2 client code. +[CVE-2006-4343] + +In addition, many applications using OpenSSL do not perform any validation +of the lengths of public keys being used. [CVE-2006-2940] + +III. Impact + +Servers which parse ASN1 data from untrusted sources may be vulnerable to +a denial of service attack. [CVE-2006-2937] + +An attacker accessing a server which uses SSL version 2 may be able to +execute arbitrary code with the privileges of that server. [CVE-2006-3738] + +A malicious SSL server can cause clients connecting using SSL version 2 to +crash. [CVE-2006-4343] + +Applications which perform public key operations using untrusted keys may +be vulnerable to a denial of service attack. [CVE-2006-2940] + +IV. Workaround + +No workaround is available, but not all of the vulnerabilities mentioned +affect all applications. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3, +or RELENG_4_11 security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 4.11, 5.3, +5.4, 5.5, 6.0, and 6.1 systems. + +a) Download the patch from the location below, and verify the detached +PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch +# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc + +NOTE: The patch distributed at the time of the original advisory was +incorrect. Systems to which the original patch was applied should be +patched with the following corrective patch, which contains only the +changes between the original and updated patch: + +# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch +# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in + and reboot the +system. + +NOTE: Any third-party applications, including those installed from the +FreeBSD ports collection, which are statically linked to libcrypto(3) +should be recompiled in order to use the corrected code. + +NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by +prohibiting the use of exceptionally large public keys. It is believed +that no existing applications legitimately use such key lengths as would +be affected by this change. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.3 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.5 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.9 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.5 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.4 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.8 + src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.9 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.9 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.4 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.9 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.10 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.9 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.25 + src/sys/conf/newvers.sh 1.44.2.39.2.28 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.1.2.2.6.1 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.1.2.4.8.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.1.2.7.6.2 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.1.2.4.8.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.1.2.7.6.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.2.2.8.4.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.2.4.8.4.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.1.2.3.8.1 + src/crypto/openssl/ssl/s2_clnt.c 1.2.2.8.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.1.2.9.4.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.1.2.8.4.1 +RELENG_5 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.4.1 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.6.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.2 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.3 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.2 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.6.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.2 + src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.2 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.2 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.6.1 + src/crypto/openssl/ssl/s2_clnt.c 1.12.2.2 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.2 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.2 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.7 + src/sys/conf/newvers.sh 1.62.2.21.2.9 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.16.1 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.18.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.4.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.4.2 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.4.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.18.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.4.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.4.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.4.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.18.1 + src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.4.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.1 +RELENG_5_4 + src/UPDATING 1.342.2.24.2.30 + src/sys/conf/newvers.sh 1.62.2.18.2.26 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.8.1 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.10.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.6.1.2.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.4.1.2.2 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.6.1.2.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.10.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.4.1.2.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.10.4.1.2.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.4.1.2.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.10.1 + src/crypto/openssl/ssl/s2_clnt.c 1.12.2.1.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.2.1.2.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.2.1 +RELENG_5_3 + src/UPDATING 1.342.2.13.2.39 + src/sys/conf/newvers.sh 1.62.2.15.2.41 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.6.1 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.8.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.4.8.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.8.6.2 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.6.8.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.8.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.7.6.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.10.6.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.12.6.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.8.1 + src/crypto/openssl/ssl/s2_clnt.c 1.12.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.13.4.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.4.1 +RELENG_6 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.12.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.2.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.2.2 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.2.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.12.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.2.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.11.2.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.2.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.12.1 + src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.11 + src/sys/conf/newvers.sh 1.69.2.11.2.11 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.14.1 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.16.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.6.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.6.2 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.6.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.16.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.6.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.11.6.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.6.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.16.1 + src/crypto/openssl/ssl/s2_clnt.c 1.13.6.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.6.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.19 + src/sys/conf/newvers.sh 1.69.2.8.2.15 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.12.1 + src/crypto/openssl/crypto/dh/dh.h 1.1.1.6.14.1 + src/crypto/openssl/crypto/dh/dh_err.c 1.1.1.5.4.1 + src/crypto/openssl/crypto/dh/dh_key.c 1.1.1.9.4.2 + src/crypto/openssl/crypto/dsa/dsa.h 1.1.1.7.4.1 + src/crypto/openssl/crypto/dsa/dsa_err.c 1.1.1.4.14.1 + src/crypto/openssl/crypto/dsa/dsa_ossl.c 1.1.1.8.4.1 + src/crypto/openssl/crypto/rsa/rsa.h 1.11.4.1 + src/crypto/openssl/crypto/rsa/rsa_eay.c 1.13.4.1 + src/crypto/openssl/crypto/rsa/rsa_err.c 1.1.1.4.14.1 + src/crypto/openssl/ssl/s2_clnt.c 1.13.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.4.1 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFFHSVwFdaIBMps37IRApTZAJ9YY6pldJ52FwtYHbMxsW5363NUgwCgl4tb +3jFuSkTKR6xVJ6ui4POBjkI= +=Bn+e +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:24.libarchive.asc b/share/security/advisories/FreeBSD-SA-06:24.libarchive.asc new file mode 100644 index 0000000000..cb45bbc343 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:24.libarchive.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:24.libarchive Security Advisory + The FreeBSD Project + +Topic: Infinite loop in corrupt archives handling in libarchive(3) + +Category: core +Module: libarchive +Announced: 2006-11-08 +Credits: Rink Springer +Affects: FreeBSD 6-STABLE after 2006-09-05 05:23:51 UTC +Corrected: 2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1) +CVE Name: CVE-2006-5680 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The libarchive library provides a flexible interface for reading and +writing streaming archive files such as tar and cpio, and has been the +basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3. + +II. Problem Description + +If the end of an archive is reached while attempting to "skip" past a +region of an archive, libarchive will enter an infinite loop wherein it +repeatedly attempts (and fails) to read further data. + +III. Impact + +An attacker able to cause a system to extract (via "tar -x" or another +application which uses libarchive) or list the contents (via "tar -t" or +another libarchive-using application) of an archive provided by the +attacker can cause libarchive to enter an infinite loop and use all +available CPU time. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to affected systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch +# fetch http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libarchive +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/lib/libarchive/archive_read_support_compression_none.c 1.6.2.2 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.5 (FreeBSD) + +iD8DBQFFUeSvFdaIBMps37IRAug+AKCWT9WdFvuqPZS0o7fp3f9GKd8/aQCfVcQE +WODSvmI0ArwZOcWIESQOnIQ= +=SDvI +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:25.kmem.asc b/share/security/advisories/FreeBSD-SA-06:25.kmem.asc new file mode 100644 index 0000000000..0137d383f1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:25.kmem.asc @@ -0,0 +1,135 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:25.kmem Security Advisory + The FreeBSD Project + +Topic: Kernel memory disclosure in firewire(4) + +Category: core +Module: sys_dev +Announced: 2006-12-06 +Credits: Rodrigo Rubira Branco +Affects: All FreeBSD releases. +Corrected: 2006-12-06 09:13:51 UTC (RELENG_6, 6.2-STABLE) + 2006-12-06 09:14:23 UTC (RELENG_6_2, 6.2-RC2) + 2006-12-06 09:14:59 UTC (RELENG_6_1, 6.1-RELEASE-p11) + 2006-12-06 09:15:40 UTC (RELENG_6_0, 6.0-RELEASE-p16) + 2006-12-06 09:16:17 UTC (RELENG_5, 5.5-STABLE) + 2006-12-06 09:16:41 UTC (RELENG_5_5, 5.5-RELEASE-p9) + 2006-12-06 09:17:09 UTC (RELENG_4, 4.11-STABLE) + 2006-12-06 09:18:02 UTC (RELENG_4_11, 4.11-RELEASE-p26) +CVE Name: CVE-2006-6013 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The firewire(4) driver provides support for IEEE 1394 ("FireWire") +interfaces. This driver provides some of its functionality via the +ioctl(2) system call. + +II. Problem Description + +In the FW_GCROM ioctl, a signed integer comparison is used instead of +an unsigned integer comparison when computing the length of a buffer +to be copied from the kernel into the calling application. + +III. Impact + +A user in the "operator" group can read the contents of kernel memory. +Such memory might contain sensitive information, such as portions of +the file cache or terminal buffers. This information might be directly +useful, or it might be leveraged to obtain elevated privileges in some +way; for example, a terminal buffer might include a user-entered +password. + +IV. Workaround + +No workaround is available, but systems without IEEE 1394 ("FireWire") +interfaces are not vulnerable. (Note that systems with IEEE 1394 +interfaces are affected regardless of whether any devices are attached.) + +Note also that FreeBSD does not have any non-root users in the "operator" +group by default; systems on which no users have been added to this group +are therefore also not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE, +or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, or RELENG_4_11 security +branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.11, 5.5, +6.0, and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:25/kmem.patch +# fetch http://security.FreeBSD.org/patches/SA-06:25/kmem.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/sys/dev/firewire/fwdev.c 1.2.4.17 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.27 + src/sys/conf/newvers.sh 1.44.2.39.2.30 + src/sys/dev/firewire/fwdev.c 1.2.4.16.4.1 +RELENG_5 + src/sys/dev/firewire/fwdev.c 1.44.2.2 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.9 + src/sys/conf/newvers.sh 1.62.2.21.2.11 + src/sys/dev/firewire/fwdev.c 1.44.2.1.4.1 +RELENG_6 + src/sys/dev/firewire/fwdev.c 1.46.2.2 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.1 + src/sys/dev/firewire/fwdev.c 1.46.2.1.6.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.13 + src/sys/conf/newvers.sh 1.69.2.11.2.13 + src/sys/dev/firewire/fwdev.c 1.46.2.1.4.1 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.21 + src/sys/conf/newvers.sh 1.69.2.8.2.17 + src/sys/dev/firewire/fwdev.c 1.46.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6013 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFFdo1QFdaIBMps37IRAj4vAJ4vzhNk4MBkhAxsmeIAA0UgnXXOwACfY+Oe +WhWIJLjTgqq+T3ZpySyRCNo= +=FbZj +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-06:26.gtar.asc b/share/security/advisories/FreeBSD-SA-06:26.gtar.asc new file mode 100644 index 0000000000..2f0c638293 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-06:26.gtar.asc @@ -0,0 +1,129 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-06:26.gtar Security Advisory + The FreeBSD Project + +Topic: gtar name mangling symlink vulnerability + +Category: contrib +Module: contrib_tar +Announced: 2006-12-06 +Credits: Teemu Salmela +Affects: FreeBSD 4.x and 5.x releases +Corrected: 2006-12-06 09:16:17 UTC (RELENG_5, 5.5-STABLE) + 2006-12-06 09:16:41 UTC (RELENG_5_5, 5.5-RELEASE-p9) + 2006-12-06 09:17:09 UTC (RELENG_4, 4.11-STABLE) + 2006-12-06 09:18:02 UTC (RELENG_4_11, 4.11-RELEASE-p26) +CVE Name: CVE-2006-6097 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +GNU tar (gtar) is a utility to create and extract "tape archives", +commonly known as tar files. GNU tar is included in FreeBSD 4.x as +/usr/bin/tar, and in FreeBSD 5.x as /usr/bin/gtar. + +II. Problem Description + +Symlinks created using the "GNUTYPE_NAMES" tar extension can be +absolute due to lack of proper sanity checks. + +III. Impact + +If an attacker can get a user to extract a specially crafted tar +archive the attacker can overwrite arbitrary files with the +permissions of the user running gtar. If file system permissions +allow it, this may allow the attacker to overwrite important system +file (if gtar is being run as root), or important user configuration +files such as .tcshrc or .bashrc, which would allow the attacker to +run arbitrary commands. + +IV. Workaround + +Use "bsdtar", which is the default tar implementation in FreeBSD 5.3 +and higher. For FreeBSD 4.x, bsdtar is available in the FreeBSD Ports +Collection as ports/archivers/libarchive. + +V. Solution + +NOTE: The solution described below causes GNU tar to exit with an error +when handling an archive with GNUTYPE_NAMES entries. The FreeBSD +Security Team does not consider this to be a significant regression, +since GNUTYPE_NAMES has not been used for many years and is not +supported by other archival software such as libarchive(3); but the +original (insecure) behaviour can be retained by running GNU tar with +the newly added --allow-name-mangling option. + +Perform one of the following: + +1) Upgrade your vulnerable system to 4-STABLE, or 5-STABLE, or to the +RELENG_5_5 or RELENG_4_11 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 4.11 and +5.5 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-06:26/gtar.patch +# fetch http://security.FreeBSD.org/patches/SA-06:26/gtar.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/tar +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_4 + src/contrib/tar/src/common.h 1.2.2.2 + src/contrib/tar/src/extract.c 1.4.2.4 + src/contrib/tar/src/tar.c 1.2.2.3 +RELENG_4_11 + src/UPDATING 1.73.2.91.2.27 + src/sys/conf/newvers.sh 1.44.2.39.2.30 + src/contrib/tar/src/common.h 1.2.2.1.10.1 + src/contrib/tar/src/extract.c 1.4.2.3.8.1 + src/contrib/tar/src/tar.c 1.2.2.2.6.1 +RELENG_5 + src/contrib/tar/src/common.h 1.2.10.1 + src/contrib/tar/src/extract.c 1.6.8.1 + src/contrib/tar/src/tar.c 1.3.4.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.9 + src/sys/conf/newvers.sh 1.62.2.21.2.11 + src/contrib/tar/src/common.h 1.2.22.1 + src/contrib/tar/src/extract.c 1.6.20.1 + src/contrib/tar/src/tar.c 1.3.16.1 +- ------------------------------------------------------------------------- + +VII. References + +http://marc.theaimsgroup.com/?l=full-disclosure&m=116414883029517 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:26.gtar.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQFFdo1YFdaIBMps37IRAsqUAKCFRV7yICNP8NyC/3+uHUTOKDrxWQCeIJ5a +HsY0N8aR6FoEiFYV/y5fO4k= +=0/ws +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:01.jail.asc b/share/security/advisories/FreeBSD-SA-07:01.jail.asc new file mode 100644 index 0000000000..9b204f860f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:01.jail.asc @@ -0,0 +1,192 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:01.jail Security Advisory + The FreeBSD Project + +Topic: Jail rc.d script privilege escalation + +Category: core +Module: etc_rc.d +Announced: 2007-01-11 +Credits: Dirk Engling +Affects: All FreeBSD releases since 5.3 +Corrected: 2007-01-11 18:16:58 UTC (RELENG_6, 6.2-STABLE) + 2007-01-11 18:17:24 UTC (RELENG_6_2, 6.2-RELEASE) + 2007-01-11 18:18:08 UTC (RELENG_6_1, 6.1-RELEASE-p12) + 2007-01-11 18:18:35 UTC (RELENG_6_0, 6.0-RELEASE-p17) + 2007-08-01 20:47:13 UTC (RELENG_5, 5.5-STABLE) + 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) +CVE Name: CVE-2007-0166 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +0. Revision History + +v1.0 2007-01-11 Initial release. +v1.1 2007-08-01 Corrected patch for FreeBSD 5.5. + +I. Background + +The jail(2) system call allows a system administrator to lock a process +and all of its descendants inside an environment with a very limited +ability to affect the system outside that environment, even for +processes with superuser privileges. It is an extension of, but +far more powerful than, the traditional UNIX chroot(2) system call. + +The host's jail rc.d(8) script can be used to start and stop jails +automatically on system boot/shutdown. + +II. Problem Description + +In multiple situations the host's jail rc.d(8) script does not check if +a path inside the jail file system structure is a symbolic link before +using the path. In particular this is the case when writing the +output from the jail start-up to /var/log/console.log and when +mounting and unmounting file systems inside the jail directory +structure. + +III. Impact + +Due to the lack of handling of potential symbolic links the host's jail +rc.d(8) script is vulnerable to "symlink attacks". By replacing +/var/log/console.log inside the jail with a symbolic link it is +possible for the superuser (root) inside the jail to overwrite files +on the host system outside the jail with arbitrary content. This in +turn can be used to execute arbitrary commands with non-jailed +superuser privileges. + +Similarly, by changing directory mount points inside the jail file +system structure into symbolic links, it may be possible for a jailed +attacker to mount file systems which were meant to be mounted inside +the jail at arbitrary points in the host file system structure, or to +unmount arbitrary file systems on the host system. + +NOTE WELL: The above vulnerabilities occur only when a jail is being +started or stopped using the host's jail rc.d(8) script; once started +(and until stopped), running jails cannot exploit this. + +IV. Workaround + +If the sysctl(8) variable security.jail.chflags_allowed is set to 0 +(the default), setting the "sunlnk" system flag on /var, /var/log, +/var/log/console.log, and all file system mount points and their +parent directories inside the jail(s) will ensure that the console +log file and mount points are not replaced by symbolic links. If +this is done while jails are running, the administrator must check +that an attacker has not replaced any directories with symlinks +after setting the "sunlnk" flag. + +V. Solution + +NOTE WELL: The solution described changes the default location of the +"console.log" for jails from /var/log/console.log inside each jail to +/var/log/jail_${jail_name}_console.log on host system. If this is a +problem, it may be possible to create a hard link from the new position +of the console log file to a location inside the jail. A new rc.conf(5) +variable, jail_${jail_name}_consolelog, can be used to change the +location of console.log files on a per-jail basis. + +In addition, the solution described below does not fully secure jail +configurations where two jails have overlapping directory trees and a +file system is mounted inside the overlap. Overlapping directory +trees can occur when jails share the same root directory; when a jail +has a root directory which is a subdirectory of another jail's root +directory; or when a part of the file system space of one jail is +mounted inside the file system space of another jail, e.g., using +nullfs or unionfs. + +To handle overlapping jails safely the administrator must set the +sysctl(8) variable security.jail.chflags_allowed to 0 (the default) +and manually set the "sunlnk" file/directory flag on all mount points +and all parent directories of mount points. If this is done while +jails are running, the adminstrator must check that an attacker has +not replaced any directories with symlinks after setting the "sunlnk" +flag. + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_1, RELENG_6_0, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.0, +and 6.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.5] +# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch +# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch.asc + +[FreeBSD 6.0] +# fetch http://security.FreeBSD.org/patches/SA-07:01/jail60.patch +# fetch http://security.FreeBSD.org/patches/SA-07:01/jail60.patch.asc + +[FreeBSD 6.1] +# fetch http://security.FreeBSD.org/patches/SA-07:01/jail61.patch +# fetch http://security.FreeBSD.org/patches/SA-07:01/jail61.patch.asc + +NOTE: The patch distributed at the time of the original advisory was +incorrect for FreeBSD 5.5 (both RELENG_5 and RELENG_5_5). Systems to +which the original patch was applied should be patched with the +following corrective patch, which contains only the changes between +the original and updated patch: + +# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5-correction.patch +# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5-correction.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# install -o root -g wheel -m 555 etc/rc.d/jail /etc/rc.d + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/etc/rc.d/jail 1.15.2.7 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.15 + src/sys/conf/newvers.sh 1.62.2.21.2.17 + src/etc/rc.d/jail 1.15.2.5.2.2 +RELENG_6 + src/etc/rc.d/jail 1.23.2.9 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.2 + src/etc/rc.d/jail 1.23.2.7.2.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.14 + src/sys/conf/newvers.sh 1.69.2.11.2.14 + src/etc/rc.d/jail 1.23.2.3.2.3 +RELENG_6_0 + src/UPDATING 1.416.2.3.2.22 + src/sys/conf/newvers.sh 1.69.2.8.2.18 + src/etc/rc.d/jail 1.23.2.2.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0166 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:01.jail.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFGsPfrFdaIBMps37IRAgksAJ4yGy3zTBcr2N+TbDoTlN3aHUA8QQCgi/8B +It4pOMoA0QMzAp8HxUWo+xU= +=9tTT +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:02.bind.asc b/share/security/advisories/FreeBSD-SA-07:02.bind.asc new file mode 100644 index 0000000000..1c19e43366 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:02.bind.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:02.bind Security Advisory + The FreeBSD Project + +Topic: Multiple Denial of Service vulnerabilities in named(8) + +Category: contrib +Module: bind +Announced: 2007-02-09 +Affects: FreeBSD 5.3 and later. +Corrected: 2007-02-07 00:42:09 UTC (RELENG_6, 6.2-STABLE) + 2007-02-09 20:24:15 UTC (RELENG_6_2, 6.2-RELEASE-p1) + 2007-02-09 20:23:29 UTC (RELENG_6_1, 6.1-RELEASE-p13) + 2007-02-07 00:46:35 UTC (RELENG_5, 5.5-STABLE) + 2007-02-09 20:22:44 UTC (RELENG_5_5, 5.5-RELEASE-p11) +CVE Name: CVE-2007-0493, CVE-2007-0494 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet domain name server. DNS Security +Extensions (DNSSEC) are additional protocol options that add +authentication and integrity to the DNS protocols. + +II. Problem Description + +A type * (ANY) query response containing multiple RRsets can trigger an +assertion failure. + +Certain recursive queries can cause the nameserver to crash by using memory +which has already been freed. + +III. Impact + +A remote attacker sending a type * (ANY) query to an authoritative DNS +server for a DNSSEC signed zone can cause the named(8) daemon to exit, +resulting in a Denial of Service. + +A remote attacker sending recursive queries can cause the nameserver to +crash, resulting in a Denial of Service. + +IV. Workaround + +There is no workaround available, but systems which are not authoritative +servers for DNSSEC signed zones are not affected by the first issue; and +systems which do not permit untrusted users to perform recursive DNS +resolution are not affected by the second issue. Note that the default +configuration for named(8) in FreeBSD allows local access only (which on +many systems is equivalent to refusing access to untrusted users). + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +and 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.5, FreeBSD 6.1] +# fetch http://security.FreeBSD.org/patches/SA-07:02/bind61.patch +# fetch http://security.FreeBSD.org/patches/SA-07:02/bind61.patch.asc + +[FreeBSD 6.2] +# fetch http://security.FreeBSD.org/patches/SA-07:02/bind62.patch +# fetch http://security.FreeBSD.org/patches/SA-07:02/bind62.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install + +c) Restart the named application: + +# /etc/rc.d/named restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.1.2.8 + src/contrib/bind9/lib/dns/validator.c 1.1.1.1.2.5 + src/contrib/bind9/lib/dns/include/dns/validator.h 1.1.1.1.2.4 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.11 + src/sys/conf/newvers.sh 1.62.2.21.2.13 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.1.2.4.2.2 + src/contrib/bind9/lib/dns/validator.c 1.1.1.1.2.3.2.1 + src/contrib/bind9/lib/dns/include/dns/validator.h 1.1.1.1.2.2.2.1 +RELENG_6 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.6 + src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.3 + src/contrib/bind9/lib/dns/include/dns/validator.h 1.1.1.1.4.3 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.4 + src/sys/conf/newvers.sh 1.69.2.13.2.4 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.4.2.2 + src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.1.4.2 + src/contrib/bind9/lib/dns/include/dns/validator.h 1.1.1.1.4.1.4.2 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.15 + src/sys/conf/newvers.sh 1.69.2.11.2.15 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.2.2.2 + src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.1.2.1 + src/contrib/bind9/lib/dns/include/dns/validator.h 1.1.1.1.4.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:02.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQFFzNnpFdaIBMps37IRAsCVAJ9qvyFe04YWnkvYkFQPsSTIP+SLYgCfUhO8 +alXiQEsy1iSwSI66d/e7gSk= +=HmF6 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:03.ipv6.asc b/share/security/advisories/FreeBSD-SA-07:03.ipv6.asc new file mode 100644 index 0000000000..2f011db4b7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:03.ipv6.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:03.ipv6 Security Advisory + The FreeBSD Project + +Topic: IPv6 Routing Header 0 is dangerous + +Category: core +Module: ipv6 +Announced: 2007-04-26 +Credits: Philippe Biondi, Arnaud Ebalard, Jun-ichiro itojun Hagino +Affects: All FreeBSD releases. +Corrected: 2007-04-24 11:42:42 UTC (RELENG_6, 6.2-STABLE) + 2007-04-26 23:42:23 UTC (RELENG_6_2, 6.2-RELEASE-p4) + 2007-04-26 23:41:59 UTC (RELENG_6_1, 6.1-RELEASE-p16) + 2007-04-24 11:44:23 UTC (RELENG_5, 5.5-STABLE) + 2007-04-26 23:41:27 UTC (RELENG_5_5, 5.5-RELEASE-p12) +CVE Name: CVE-2007-2242 + +I. Background + +IPv6 provides a routing header option which allows a packet sender to +indicate how the packet should be routed, overriding the routing knowledge +present in a network. This functionality is roughly equivalent to the +"source routing" option in IPv4. All nodes in an IPv6 network -- both +routers and hosts -- are required by RFC 2460 to process such headers. + +II. Problem Description + +There is no mechanism for preventing IPv6 routing headers from being used +to route packets over the same link(s) many times. + +III. Impact + +An attacker can "amplify" a denial of service attack against a link between +two vulnerable hosts; that is, by sending a small volume of traffic the +attacker can consume a much larger amount of bandwidth between the two +vulnerable hosts. + +An attacker can use vulnerable hosts to "concentrate" a denial of service +attack against a victim host or network; that is, a set of packets sent +over a period of 30 seconds or more could be constructed such that they +all arrive at the victim within a period of 1 second or less. + +Other attacks may also be possible. + +IV. Workaround + +No workaround is available. + +V. Solution + +NOTE WELL: The solution described below causes IPv6 type 0 routing headers +to be ignored. Support for IPv6 type 0 routing headers can be re-enabled +if required by setting the newly added net.inet6.ip6.rthdr0_allowed sysctl +to a non-zero value. + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +and 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch +# fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/netinet6/in6.h 1.35.2.5 + src/sys/netinet6/in6_proto.c 1.29.2.5 + src/sys/netinet6/route6.c 1.10.4.2 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.12 + src/sys/conf/newvers.sh 1.62.2.21.2.14 + src/sys/netinet6/in6.h 1.35.2.3.2.1 + src/sys/netinet6/in6_proto.c 1.29.2.4.2.1 + src/sys/netinet6/route6.c 1.10.4.1.4.1 +RELENG_6 + src/sys/netinet6/in6.h 1.36.2.8 + src/sys/netinet6/in6_proto.c 1.32.2.6 + src/sys/netinet6/route6.c 1.11.2.2 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.7 + src/sys/conf/newvers.sh 1.69.2.13.2.7 + src/sys/netinet6/in6.h 1.36.2.7.2.1 + src/sys/netinet6/in6_proto.c 1.32.2.5.2.1 + src/sys/netinet6/route6.c 1.11.2.1.4.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.18 + src/sys/conf/newvers.sh 1.69.2.11.2.18 + src/sys/netinet6/in6.h 1.36.2.6.2.1 + src/sys/netinet6/in6_proto.c 1.32.2.4.2.1 + src/sys/netinet6/route6.c 1.11.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:03.ipv6.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQFGM8/CFdaIBMps37IRAu30AJ9nDSBQetafO6QPf8pJSA7Fwk6qlQCePVg0 +2T4oPjAuyPYX9bkmP0EAdfs= +=MGTg +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:04.file.asc b/share/security/advisories/FreeBSD-SA-07:04.file.asc new file mode 100644 index 0000000000..bec1ea24a3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:04.file.asc @@ -0,0 +1,133 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:04.file Security Advisory + The FreeBSD Project + +Topic: Heap overflow in file(1) + +Category: contrib +Module: file +Announced: 2007-05-23 +Affects: All FreeBSD releases. +Corrected: 2007-05-23 16:12:51 UTC (RELENG_6, 6.2-STABLE) + 2007-05-23 16:13:07 UTC (RELENG_6_2, 6.2-RELEASE-p5) + 2007-05-23 16:13:20 UTC (RELENG_6_1, 6.1-RELEASE-p17) + 2007-05-23 16:12:10 UTC (RELENG_5, 5.5-STABLE) + 2007-05-23 16:12:35 UTC (RELENG_5_5, 5.5-RELEASE-p13) +CVE Name: CVE-2007-1536 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The file(1) utility attempts to classify file system objects based on +filesystem, magic number and language tests. + +The libmagic(3) library provides most of the functionality of file(1) +and may be used by other applications. + +II. Problem Description + +When writing data into a buffer in the file_printf function, the length +of the unused portion of the buffer is not correctly tracked, resulting +in a buffer overflow when processing certain files. + +III. Impact + +An attacker who can cause file(1) to be run on a maliciously constructed +input can cause file(1) to crash. It may be possible for such an attacker +to execute arbitrary code with the privileges of the user running file(1). + +The above also applies to any other applications using the libmagic(3) +library. + +IV. Workaround + +No workaround is available, but systems where file(1) and other +libmagic(3)-using applications are never run on untrusted input are not +vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +and 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.5] +# fetch http://security.FreeBSD.org/patches/SA-07:04/file5.patch +# fetch http://security.FreeBSD.org/patches/SA-07:04/file5.patch.asc + +[FreeBSD 6.1 and 6.2] +# fetch http://security.FreeBSD.org/patches/SA-07:04/file6.patch +# fetch http://security.FreeBSD.org/patches/SA-07:04/file6.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libmagic +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/contrib/file/file.h 1.1.1.7.2.1 + src/contrib/file/funcs.c 1.1.1.1.2.1 + src/contrib/file/magic.c 1.1.1.1.2.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.13 + src/sys/conf/newvers.sh 1.62.2.21.2.15 + src/contrib/file/file.h 1.1.1.7.8.1 + src/contrib/file/funcs.c 1.1.1.1.8.1 + src/contrib/file/magic.c 1.1.1.1.8.1 +RELENG_6 + src/contrib/file/file.h 1.1.1.8.2.1 + src/contrib/file/funcs.c 1.1.1.2.2.1 + src/contrib/file/magic.c 1.1.1.2.2.1 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.8 + src/sys/conf/newvers.sh 1.69.2.13.2.8 + src/contrib/file/file.h 1.1.1.8.8.1 + src/contrib/file/funcs.c 1.1.1.2.8.1 + src/contrib/file/magic.c 1.1.1.2.8.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.19 + src/sys/conf/newvers.sh 1.69.2.11.2.19 + src/contrib/file/file.h 1.1.1.8.6.1 + src/contrib/file/funcs.c 1.1.1.2.6.1 + src/contrib/file/magic.c 1.1.1.2.6.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:04.file.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFGVGjhFdaIBMps37IRAgogAJ9o/0yCxtRi527rgvhg/BoC/AvEsQCfcwMX +ABl7JIb1XiY6QKWQ6UfwlGA= +=meQ0 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:05.libarchive.asc b/share/security/advisories/FreeBSD-SA-07:05.libarchive.asc new file mode 100644 index 0000000000..282d73028f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:05.libarchive.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:05.libarchive Security Advisory + The FreeBSD Project + +Topic: Errors handling corrupt tar files in libarchive(3) + +Category: core +Module: libarchive +Announced: 2007-07-12 +Credits: CPNI, CERT-FI, Tim Kientzle, Colin Percival +Affects: FreeBSD 5.3 and later. +Corrected: 2007-07-12 15:00:44 UTC (RELENG_6, 6.2-STABLE) + 2007-07-12 15:01:14 UTC (RELENG_6_2, 6.2-RELEASE-p6) + 2007-07-12 15:01:32 UTC (RELENG_6_1, 6.1-RELEASE-p18) + 2007-07-12 15:01:42 UTC (RELENG_5, 5.5-STABLE) + 2007-07-12 15:01:56 UTC (RELENG_5_5, 5.5-RELEASE-p14) +CVE Name: CVE-2007-3641, CVE-2007-3644, CVE-2007-3645 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The libarchive library provides a flexible interface for reading and +writing streaming archive files such as tar and cpio, and has been the +basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3. + +II. Problem Description + +Several problems have been found in the code used to parse the tar and +pax interchange formats. These include entering an infinite loop if an +archive prematurely ends within a pax extension header or if certain +types of corruption occur in pax extension headers [CVE-2007-3644]; +dereferencing a NULL pointer if an archive prematurely ends within a +tar header immediately following a pax extension header or if certain +other types of corruption occur in pax extension headers [CVE-2007-3645]; +and miscomputing the length of a buffer resulting in a buffer overflow +if yet another type of corruption occurs in a pax extension header +[CVE-2007-3641]. + +III. Impact + +An attacker who can cause a corrupt archive of his choice to be parsed +by libarchive, including by having "tar -x" (extract) or "tar -t" (list +entries) run on it, can cause libarchive to enter an infinite loop, to +core dump, or possibly to execute arbitrary code provided by the +attacker. + +IV. Workaround + +No workaround is available, but systems which do not read tar or pax +extension archives provided by untrusted sources are not vulnerable. +Note that while these issues do not affect libarchive's ability to +parse cpio, ISO9660, or zip format archives, libarchive automatically +detects the format of an archive, so external metadata (e.g., a file +name) is not sufficient to ensure that a file will not be parsed using +the vulnerable tar/pax format parser. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +and 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-07:05/libarchive.patch +# fetch http://security.FreeBSD.org/patches/SA-07:05/libarchive.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libarchive +# make obj && make depend && make && make install +# cd /usr/src/rescue +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/lib/libarchive/archive_read_support_format_tar.c 1.26.2.8 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.14 + src/sys/conf/newvers.sh 1.62.2.21.2.16 + src/lib/libarchive/archive_read_support_format_tar.c 1.26.2.7.2.1 +RELENG_6 + src/lib/libarchive/archive_read_support_format_tar.c 1.32.2.5 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.9 + src/sys/conf/newvers.sh 1.69.2.13.2.9 + src/lib/libarchive/archive_read_support_format_tar.c 1.32.2.2.2.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.20 + src/sys/conf/newvers.sh 1.69.2.11.2.20 + src/lib/libarchive/archive_read_support_format_tar.c 1.32.6.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3641 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3644 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3645 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:05.libarchive.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD4DBQFGlkN5FdaIBMps37IRAl/vAJ4vKkZ9eXBW4PPljvbgALUlAPdxCQCXRMzY +4hKO09Xhj1akwPufFXJS2w== +=sRGA +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc b/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc new file mode 100644 index 0000000000..92c3567d3d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc @@ -0,0 +1,113 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:06.tcpdump Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in tcpdump(1) + +Category: contrib +Module: tcpdump +Announced: 2007-08-01 +Credits: "mu-b" +Affects: All supported versions of FreeBSD +Corrected: 2007-08-01 20:42:48 UTC (RELENG_6, 6.2-STABLE) + 2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7) + 2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19) + 2007-08-01 20:47:13 UTC (RELENG_5, 5.5-STABLE) + 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) +CVE Name: CVE-2007-3798 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +Tcpdump is a commonly used network diagnostic utility which decodes packets +received on the wire into human readable format. + +II. Problem Description + +An un-checked return value in the BGP dissector code can result in an integer +overflow. This value is used in subsequent buffer management operations, +resulting in a stack based buffer overflow under certain circumstances. + +III. Impact + +By crafting malicious BGP packets, an attacker could exploit this vulnerability +to execute code or crash the tcpdump process on the target system. This +code would be executed in the context of the user running tcpdump(1). +It should be noted that tcpdump(1) requires privileges in order to open live +network interfaces. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +and 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-07:06/tcpdump.patch +# fetch http://security.FreeBSD.org/patches/SA-07:06/tcpdump.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/tcpdump/tcpdump +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/contrib/tcpdump/print-bgp.c 1.1.1.5.2.2 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.15 + src/sys/conf/newvers.sh 1.62.2.21.2.17 + src/contrib/tcpdump/print-bgp.c 1.1.1.5.2.1.2.1 +RELENG_6 + src/contrib/tcpdump/print-bgp.c 1.1.1.8.2.1 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.10 + src/sys/conf/newvers.sh 1.69.2.13.2.10 + src/contrib/tcpdump/print-bgp.c 1.1.1.8.8.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.21 + src/sys/conf/newvers.sh 1.69.2.11.2.21 + src/contrib/tcpdump/print-bgp.c 1.1.1.8.6.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:06.tcpdump.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFGsPfwFdaIBMps37IRAmK/AJ0adsy8zlOOXaJhJJdcX6A0Uy+bSQCfQYVi +4qk7MNSrKFZotejLEXKMCYI= +=JIZh +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:07.bind.asc b/share/security/advisories/FreeBSD-SA-07:07.bind.asc new file mode 100644 index 0000000000..99b152fc66 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:07.bind.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:07.bind Security Advisory + The FreeBSD Project + +Topic: Predictable query ids in named(8) + +Category: contrib +Module: bind +Announced: 2007-08-01 +Credits: Amit Klein +Affects: FreeBSD 5.3 and later. +Corrected: 2007-07-25 08:23:08 UTC (RELENG_6, 6.2-STABLE) + 2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7) + 2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19) + 2007-07-25 08:24:40 UTC (RELENG_5, 5.5-STABLE) + 2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15) +CVE Name: CVE-2007-2926 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. DNS requests +contain a query id which is used match a DNS request with the response +and to make it harder for anybody but the DNS server which received the +request to send a valid response. + +II. Problem Description + +When named(8) is operating as a recursive DNS server or sending NOTIFY +requests to slave DNS servers, named(8) uses a predictable query id. + +III. Impact + +An attacker who can see the query id for some request(s) sent by named(8) +is likely to be able to perform DNS cache poisoning by predicting the +query id for other request(s). + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +and 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/contrib/bind9/bin/named/client.c 1.1.1.1.2.5 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.3 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.2.2 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.15 + src/sys/conf/newvers.sh 1.62.2.21.2.17 + src/contrib/bind9/bin/named/client.c 1.1.1.1.2.3.2.1 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.2.1.6.1 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.2.1.6.1 +RELENG_6 + src/contrib/bind9/bin/named/client.c 1.1.1.2.2.3 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.1 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.10 + src/sys/conf/newvers.sh 1.69.2.13.2.10 + src/contrib/bind9/bin/named/client.c 1.1.1.2.2.1.4.2 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.10.2 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.10.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.21 + src/sys/conf/newvers.sh 1.69.2.11.2.21 + src/contrib/bind9/bin/named/client.c 1.1.1.2.2.1.2.1 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.8.1 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.8.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926 +http://www.isc.org/sw/bind/bind-security.php +http://www.trusteer.com/docs/bind9dns_s.html + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:07.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFGsPfzFdaIBMps37IRAgIfAJ9cO2LUUc0eb8T+6pltpha91wR2IgCeITpx +H3SHyAkPMSICqnT9nY/UBE8= +=Fop4 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:08.openssl.asc b/share/security/advisories/FreeBSD-SA-07:08.openssl.asc new file mode 100644 index 0000000000..36316f73db --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:08.openssl.asc @@ -0,0 +1,117 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:08.openssl Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in OpenSSL SSL_get_shared_ciphers() + +Category: contrib +Module: openssl +Announced: 2007-10-03 +Credits: Moritz Jodeit +Affects: All FreeBSD releases. +Corrected: 2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE) + 2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8) + 2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20) + 2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE) + 2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16) +CVE Name: CVE-2007-5135 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured, +and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found +to be incorrectly fixed. + +III. Impact + +For applications using the SSL_get_shared_ciphers() function, the +buffer overflow could allow an attacker to crash or potentially +execute arbitrary code with the permissions of the user running the +application. + +IV. Workaround + +No workaround is available, but only applications using the +SSL_get_shared_ciphers() function are affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patch have been verified to apply to FreeBSD 5.5, 6.1, +and 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch +# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libssl +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.3 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.16 + src/sys/conf/newvers.sh 1.62.2.21.2.18 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.11.2.1.4.2 +RELENG_6 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.2 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.11 + src/sys/conf/newvers.sh 1.69.2.13.2.11 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.2.1.2.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.22 + src/sys/conf/newvers.sh 1.69.2.11.2.22 + src/crypto/openssl/ssl/ssl_lib.c 1.1.1.12.6.2 +- ------------------------------------------------------------------------- + +VII. References + +http://marc.info/?l=bugtraq&m=119091888624735 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:08.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFHBA+HFdaIBMps37IRAtTQAJ0bFBZt7DVJzhQkUcu7VdNS7Kj8cwCeMQaS +cNFjW3j2eolZhlee83l3blo= +=zwC2 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:09.random.asc b/share/security/advisories/FreeBSD-SA-07:09.random.asc new file mode 100644 index 0000000000..f395090345 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:09.random.asc @@ -0,0 +1,122 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:09.random Security Advisory + The FreeBSD Project + +Topic: Random value disclosure + +Category: core +Module: sys_dev_random +Announced: 2007-11-29 +Credits: Robert Woolley +Affects: All supported versions of FreeBSD +Corrected: 2007-11-29 16:05:38 UTC (RELENG_7, 7.0-BETA4) + 2007-11-29 16:06:12 UTC (RELENG_6, 6.3-PRERELEASE) + 2007-11-29 16:06:54 UTC (RELENG_6_3, 6.3-RC2) + 2007-11-29 16:07:30 UTC (RELENG_6_2, 6.2-RELEASE-p9) + 2007-11-29 16:07:54 UTC (RELENG_6_1, 6.1-RELEASE-p21) + 2007-11-29 16:08:54 UTC (RELENG_5, 5.5-STABLE) + 2007-11-29 16:09:26 UTC (RELENG_5_5, 5.5-RELEASE-p17) +CVE Name: CVE-2007-6150 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The random(4) and urandom(4) devices return an endless supply of +pseudo-random bytes when read. Cryptographic algorithms often depend +on the secrecy of these pseudo-random values for security. + +II. Problem Description + +Under certain circumstances, a bug in the internal state tracking on +the random(4) and urandom(4) devices can be exploited to allow replaying +of data distributed during subsequent reads. + +III. Impact + +This could enable an adversary to determine fragments of random values +previously read, allowing them to defeat certain security mechanisms. +Note that the attacker has to be in close proximity to the source of +the pseudo-randomness, which typically means local access to the system. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the +RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +and 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-07:09/random.patch +# fetch http://security.FreeBSD.org/patches/SA-07:09/random.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/dev/random/yarrow.c 1.44.2.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.17 + src/sys/conf/newvers.sh 1.62.2.21.2.19 + src/sys/dev/random/yarrow.c 1.44.8.1 +RELENG_6 + src/sys/dev/random/yarrow.c 1.45.2.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.2 + src/sys/dev/random/yarrow.c 1.45.2.1.6.1 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.12 + src/sys/conf/newvers.sh 1.69.2.13.2.12 + src/sys/dev/random/yarrow.c 1.45.2.1.4.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.23 + src/sys/conf/newvers.sh 1.69.2.11.2.23 + src/sys/dev/random/yarrow.c 1.45.2.1.2.1 +RELENG_7 + src/sys/dev/random/yarrow.c 1.47.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6150 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:09.random.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFHTuezFdaIBMps37IRAhp3AJ0UHJiYycOQCEai3Aid2uT6Jf3WZwCfdR65 +Ozmn0Qn6Ru54NRriBJG1o4g= +=95t9 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-07:10.gtar.asc b/share/security/advisories/FreeBSD-SA-07:10.gtar.asc new file mode 100644 index 0000000000..eed42569d9 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-07:10.gtar.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-07:10.gtar Security Advisory + The FreeBSD Project + +Topic: gtar directory traversal vulnerability + +Category: contrib +Module: contrib_tar +Announced: 2007-11-29 +Credits: Dmitry V. Levinx +Affects: FreeBSD 5.x releases +Corrected: 2007-11-29 16:08:54 UTC (RELENG_5, 5.5-STABLE) + 2007-11-29 16:09:26 UTC (RELENG_5_5, 5.5-RELEASE-p17) +CVE Name: CVE-2007-4131 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +GNU tar (gtar) is a utility to create and extract "tape archives", +commonly known as tar files. GNU tar is included in FreeBSD 5.x as +/usr/bin/gtar. + +II. Problem Description + +Insufficient sanity checking of paths containing '.' and '..' allows +gtar to overwrite arbitrary files on the system. + +III. Impact + +An attacker who can convince an user to extract a specially crafted +archive can overwrite arbitrary files with the permissions of the user +running gtar. If that user is root, the attacker can overwrite any +file on the system. + +IV. Workaround + +Use "bsdtar", which has been the default tar implementation since +FreeBSD 5.3. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_5 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-07:10/gtar.patch +# fetch http://security.FreeBSD.org/patches/SA-07:10/gtar.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/gnu/usr.bin/tar +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/contrib/tar/src/misc.c 1.3.8.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.17 + src/sys/conf/newvers.sh 1.62.2.21.2.19 + src/contrib/tar/src/misc.c 1.3.20.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFHTue3FdaIBMps37IRAgzFAKCMswqo5lH2+bb0yGRN+qhPqfBYlACfQ4+j +Dq8Gbv9wz/AwDyAEZq2+1eQ= +=1e8b +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:01.pty.asc b/share/security/advisories/FreeBSD-SA-08:01.pty.asc new file mode 100644 index 0000000000..f62f34fac1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:01.pty.asc @@ -0,0 +1,170 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:01.pty Security Advisory + The FreeBSD Project + +Topic: pty snooping + +Category: core +Module: libc_stdlib / libutil +Announced: 2008-01-14 +Credits: John Baldwin +Affects: FreeBSD 5.0 and later. +Corrected: 2008-01-14 22:57:45 UTC (RELENG_7, 7.0-PRERELEASE) + 2008-01-14 22:55:54 UTC (RELENG_7_0, 7.0-RC2) + 2008-01-14 22:56:05 UTC (RELENG_6, 6.3-PRERELEASE) + 2008-01-14 22:56:18 UTC (RELENG_6_3, 6.3-RELEASE) + 2008-01-14 22:56:44 UTC (RELENG_6_2, 6.2-RELEASE-p10) + 2008-01-14 22:56:56 UTC (RELENG_6_1, 6.1-RELEASE-p22) + 2008-01-14 22:57:06 UTC (RELENG_5, 5.5-STABLE) + 2008-01-14 22:57:19 UTC (RELENG_5_5, 5.5-RELEASE-p18) +CVE Name: CVE-2008-0216, CVE-2008-0217 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +pt_chown is a setuid root support utility used by grantpt(3) to change +ownership of a tty. + +openpty(3) is a support function in libutil which is used to obtain a +pseudo-terminal. + +script(1) is a utility which makes a typescript of everything printed +on a terminal. + +II. Problem Description + +Two issues exist in the FreeBSD pty handling. + +If openpty(3) is called as non-root user the newly created +pseudo-terminal is world readable and writeable. While this is +documented to be the case, script(1) still uses openpty(3) and +script(1) may be used by non-root users [CVE-2008-0217]. + +The ptsname(3) function incorrectly extracts two characters from the +name of a device node in /dev without verifying that it's actually +operating on a valid pty which the calling user owns. pt_chown uses +the bad result from ptsname(3) to change ownership of a pty to the +user calling pt_chown [CVE-2008-0216]. + +III. Impact + +If an unprivileged user is running script(1), or another program which +uses openpty(3), an attacker may snoop text which is printed to the +users terminal. + +If a malicious user has read access to a device node with characters +in the device name that match the name of a pty, then the malicious user +can read the content of the pty from another user. The malicious user +can open a lot of tty's resulting in a high probabilty of a new user +obtaining the pty name of a "vulnerable" pty. + +NOTE WELL: If a user snoops a pty the snooped text will not be shown +to the real user, which in many cases mean the real owner of the pty +will be able to know the attack is taking place. + +IV. Workaround + +Do not run script(1) as a non-root user. + +The ptsname(3) issue only affects FreeBSD 6.0 and newer. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, 6-STABLE, or +7.0-PRERELEASE, or to the RELENG_7_0, RELENG_6_3, RELENG_6_2, +RELENG_6_1, or RELENG_5_5 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +6.2, 6.3, and 7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 5.5] +# fetch http://security.FreeBSD.org/patches/SA-08:01/pty5.patch +# fetch http://security.FreeBSD.org/patches/SA-08:01/pty5.patch.asc + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/SA-08:01/pty6.patch +# fetch http://security.FreeBSD.org/patches/SA-08:01/pty6.patch.asc + +[FreeBSD 7.0] +# fetch http://security.FreeBSD.org/patches/SA-08:01/pty7.patch +# fetch http://security.FreeBSD.org/patches/SA-08:01/pty7.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/lib/libutil/pty.c 1.15.4.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.18 + src/sys/conf/newvers.sh 1.62.2.21.2.20 + src/lib/libutil/pty.c 1.15.16.1 +RELENG_6 + src/lib/libc/stdlib/grantpt.c 1.4.2.2 + src/lib/libutil/pty.c 1.15.10.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.3 + src/sys/conf/newvers.sh 1.69.2.15.2.3 + src/lib/libc/stdlib/grantpt.c 1.4.10.2 + src/lib/libutil/pty.c 1.15.20.2 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.13 + src/sys/conf/newvers.sh 1.69.2.13.2.13 + src/lib/libc/stdlib/grantpt.c 1.4.8.1 + src/lib/libutil/pty.c 1.15.18.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.24 + src/sys/conf/newvers.sh 1.69.2.11.2.24 + src/lib/libc/stdlib/grantpt.c 1.4.6.1 + src/lib/libutil/pty.c 1.15.14.1 +RELENG_7 + src/lib/libc/stdlib/grantpt.c 1.7.2.4 + src/lib/libutil/pty.c 1.17.2.3 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.1 + src/sys/conf/newvers.sh 1.72.2.5.2.2 + src/lib/libc/stdlib/grantpt.c 1.7.2.2.2.2 + src/lib/libutil/pty.c 1.17.2.2.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0216 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0217 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFHi+nfFdaIBMps37IRAhtUAJ9GXtRjTIxcbrCOxoMnO50ZLc5mAgCdGSyO +D83MVnUtP9rhzD2JfOPbaOw= +=V/kt +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:02.libc.asc b/share/security/advisories/FreeBSD-SA-08:02.libc.asc new file mode 100644 index 0000000000..c2ca59ea13 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:02.libc.asc @@ -0,0 +1,121 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:02.libc Security Advisory + The FreeBSD Project + +Topic: inet_network() buffer overflow + +Category: core +Module: libc +Announced: 2008-01-14 +Credits: Bjoern A. Zeeb and Nate Eldredge +Affects: FreeBSD 6.2 +Corrected: 2008-01-14 22:57:45 UTC (RELENG_7, 7.0-PRERELEASE) + 2008-01-14 22:55:54 UTC (RELENG_7_0, 7.0-RC2) + 2008-01-14 22:56:05 UTC (RELENG_6, 6.3-PRERELEASE) + 2008-01-14 22:56:18 UTC (RELENG_6_3, 6.3-RELEASE) + 2008-01-14 22:56:44 UTC (RELENG_6_2, 6.2-RELEASE-p10) +CVE Name: CVE-2008-0122 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The resolver is the part of libc that resolves hostnames (example.com) to +internet protocol (IP) addresses (192.0.2.1) and vice versa. + +The inet_network() function returns an in_addr_t representing the network +address of the IP address given to inet_network() as a character string in +the dot-notation. + +II. Problem Description + +An off-by-one error in the inet_network() function could lead to memory +corruption with certain inputs. + +III. Impact + +For programs which passes untrusted data to inet_network(), an +attacker may be able to overwrite a region of memory with user defined +data by causing specially crafted input to be passed to +inet_network(). + +Depending on the region of memory the attacker is able to overwrite, +this might lead to a denial of service or potentially code execution +in the program using inet_network(). + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7.0-PRERELEASE, or 6-STABLE, or +to the, RELENG_7_0, RELENG_6_3, or RELENG_6_2 security branch dated +after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.0, 6.3, +or 6.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-08:02/libc.patch +# fetch http://security.FreeBSD.org/patches/SA-08:02/libc.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/lib/libc/inet/inet_network.c 1.2.2.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.3 + src/sys/conf/newvers.sh 1.69.2.15.2.3 + src/lib/libc/inet/inet_network.c 1.2.2.1.4.1 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.13 + src/sys/conf/newvers.sh 1.69.2.13.2.13 + src/lib/libc/inet/inet_network.c 1.2.2.1.2.1 +RELENG_7 + src/lib/libc/inet/inet_network.c 1.4.2.1 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.1 + src/sys/conf/newvers.sh 1.72.2.5.2.2 + src/lib/libc/inet/inet_network.c 1.4.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:02.libc.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFHi+ntFdaIBMps37IRAr+GAJ9YxPIsD5OeyYkrwo5auWKgQwZRywCdHSrY +NsNxcHsgdo7divn+LEkQ9po= +=3RQQ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:03.sendfile.asc b/share/security/advisories/FreeBSD-SA-08:03.sendfile.asc new file mode 100644 index 0000000000..d8f7866c36 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:03.sendfile.asc @@ -0,0 +1,150 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:03.sendfile Security Advisory + The FreeBSD Project + +Topic: sendfile(2) write-only file permission bypass + +Category: core +Module: sys_kern +Announced: 2008-02-14 +Credits: Kostik Belousov +Affects: All supported versions of FreeBSD +Corrected: 2008-02-14 11:45:00 UTC (RELENG_7, 7.0-PRERELEASE) + 2008-02-14 11:45:41 UTC (RELENG_7_0, 7.0-RELEASE) + 2008-02-14 11:46:08 UTC (RELENG_6, 6.3-STABLE) + 2008-02-14 11:46:41 UTC (RELENG_6_3, 6.3-RELEASE-p1) + 2008-02-14 11:47:06 UTC (RELENG_6_2, 6.2-RELEASE-p11) + 2008-02-14 11:47:39 UTC (RELENG_6_1, 6.1-RELEASE-p23) + 2008-02-14 11:49:39 UTC (RELENG_5, 5.5-STABLE) + 2008-02-14 11:50:28 UTC (RELENG_5_5, 5.5-RELEASE-p19) +CVE Name: CVE-2008-0777 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The sendfile(2) system call allows a server application (such as a +HTTP or FTP server) to transmit the contents of a file over a network +connection without first copying it to application memory. High +performance servers such as the Apache HTTP Server and ftpd use sendfile. + +II. Problem Description + +When a process opens a file (and other file system objects, such as +directories), it specifies access flags indicating its intent to read, +write, or perform other operations. These flags are checked against +file system permissions, and then stored in the resulting file +descriptor to validate future operations against. + +The sendfile(2) system call does not check the file descriptor access +flags before sending data from a file. + +III. Impact + +If a file is write-only, a user process can open the file and use +sendfile to send the content of the file over a socket, even though the +user does not have read access to the file, resulting in possible +disclosure of sensitive information. + +IV. Workaround + +No workaround is available, but systems are only vulnerable if +write-only files exist, which are not widely used. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, 6-STABLE, or +7.0-PRERELEASE, or to the RELENG_7_0, RELENG_6_3, RELENG_6_2, +RELENG_6_1, or RELENG_5_5 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5, 6.1, +6.2, 6.3, and 7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.2, 6.3, and 7.0] +# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile.patch +# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile.patch.asc + +[FreeBSD 6.1] +# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile61.patch +# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile61.patch.asc + +[FreeBSD 5.5] +# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile55.patch +# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile55.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/kern/kern_descrip.c 1.243.2.11 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.20 + src/sys/conf/newvers.sh 1.62.2.21.2.21 + src/sys/kern/kern_descrip.c 1.243.2.9.2.1 +RELENG_6 + src/sys/kern/kern_descrip.c 1.279.2.16 + src/sys/kern/uipc_syscalls.c 1.221.2.5 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.5 + src/sys/conf/newvers.sh 1.69.2.15.2.4 + src/sys/kern/kern_descrip.c 1.279.2.15.2.1 + src/sys/kern/uipc_syscalls.c 1.221.2.4.4.1 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.15 + src/sys/conf/newvers.sh 1.69.2.13.2.14 + src/sys/kern/kern_descrip.c 1.279.2.9.2.1 + src/sys/kern/uipc_syscalls.c 1.221.2.4.2.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.26 + src/sys/conf/newvers.sh 1.69.2.11.2.25 + src/sys/kern/kern_descrip.c 1.279.2.6.2.1 + src/sys/kern/uipc_syscalls.c 1.221.2.1.2.1 +RELENG_7 + src/sys/kern/kern_descrip.c 1.313.2.1 + src/sys/kern/uipc_syscalls.c 1.259.2.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.3 + src/sys/kern/kern_descrip.c 1.313.4.1 + src/sys/kern/uipc_syscalls.c 1.259.4.2 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0777 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:03.sendfile.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.8 (FreeBSD) + +iD8DBQFHtC0DFdaIBMps37IRAqp8AJ91+flnCIUSvKoFQyXfD1YTnPnuqgCcDiPJ +SR4X1dNFENsHMq9ROrQhr1c= +=TX1R +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:04.ipsec.asc b/share/security/advisories/FreeBSD-SA-08:04.ipsec.asc new file mode 100644 index 0000000000..8986177770 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:04.ipsec.asc @@ -0,0 +1,104 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:04.ipsec Security Advisory + The FreeBSD Project + +Topic: IPsec null pointer dereference panic + +Category: core +Module: ipsec +Announced: 2008-02-14 +Credits: Takashi Sogabe, Tatuya Jinmei +Affects: FreeBSD 5.5 +Corrected: 2008-02-14 11:49:39 UTC (RELENG_5, 5.5-STABLE) + 2008-02-14 11:50:28 UTC (RELENG_5_5, 5.5-RELEASE-p19) +CVE Name: CVE-2008-0177 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The IPsec suite of protocols provide network level security for IPv4 +and IPv6 packets. FreeBSD includes software originally developed by +the KAME project which implements the various protocols that make up +IPsec. + +II. Problem Description + +There is an improper reference to a data structure in the processing of +IPsec packets, which can result in a NULL pointer being dereferenced. + +III. Impact + +A single specifically crafted IPv6 packet could cause the kernel to panic, +when the kernel had been configured to process IPsec and IPv6 traffic. + +This requires IPSEC to be compiled into the kernel, it does not necessarily +have to be configured at that point. + +IV. Workaround + +No workaround is available, but kernels which does not include IPsec +support are not vulnerable. The GENERIC and SMP kernel configurations +distributed with FreeBSD releases do not include IPsec support. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_5 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 5.5 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-08:04/ipsec.patch +# fetch http://security.FreeBSD.org/patches/SA-08:04/ipsec.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/sys/netinet6/ipcomp_input.c 1.7.4.2 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.20 + src/sys/conf/newvers.sh 1.62.2.21.2.21 + src/sys/netinet6/ipcomp_input.c 1.7.4.1.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://www.kb.cert.org/vuls/id/110947 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0177 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:04.ipsec.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.8 (FreeBSD) + +iD8DBQFHtC0HFdaIBMps37IRAt5gAKCGnYEX3r7n0Dsypmfv2m1J9pgICwCfd6uH +Gy2w6OYNovnfrb7EN0jWCjM= +=jHy3 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:05.openssh.asc b/share/security/advisories/FreeBSD-SA-08:05.openssh.asc new file mode 100644 index 0000000000..a532eaf368 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:05.openssh.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:05.openssh Security Advisory + The FreeBSD Project + +Topic: OpenSSH X11-forwarding privilege escalation + +Category: contrib +Module: openssh +Announced: 2008-04-17 +Credits: Timo Juhani Lindfors +Affects: All supported versions of FreeBSD +Corrected: 2008-04-16 23:58:33 UTC (RELENG_7, 7.0-STABLE) + 2008-04-16 23:58:52 UTC (RELENG_7_0, 7.0-RELEASE-p1) + 2008-04-16 23:59:35 UTC (RELENG_6, 6.3-STABLE) + 2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2) + 2008-04-17 00:00:04 UTC (RELENG_6_2, 6.2-RELEASE-p12) + 2008-04-17 00:00:28 UTC (RELENG_6_1, 6.1-RELEASE-p24) + 2008-04-17 00:00:41 UTC (RELENG_5, 5.5-STABLE) + 2008-04-17 00:00:54 UTC (RELENG_5_5, 5.5-RELEASE-p20) +CVE Name: CVE-2008-1483 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +OpenSSH is an implementation of the SSH protocol suite, providing an +encrypted and authenticated transport for a variety of services, +including remote shell access. The OpenSSH server daemon (sshd) +provides support for the X11 protocol by binding to a port on the +server and forwarding any connections which are made to that port. + +II. Problem Description + +When logging in via SSH with X11-forwarding enabled, sshd(8) fails to +correctly handle the case where it fails to bind to an IPv4 port but +successfully binds to an IPv6 port. In this case, applications which +use X11 will connect to the IPv4 port, even though it had not been +bound by sshd(8) and is therefore not being securely forwarded. + +III. Impact + +A malicious user could listen for X11 connections on a unused IPv4 +port, e.g tcp port 6010. When an unaware user logs in and sets up X11 +fowarding the malicious user can capture all X11 data send over the +port, potentially disclosing sensitive information or allowing the +execution of commands with the privileges of the user using the +X11 forwarding. + +NOTE WELL: FreeBSD ships with IPv6 enabled by default in the GENERIC +and SMP kernels, so users are vulnerable even they have not explicitly +enabled IPv6 networking. + +IV. Workaround + +Disable support for IPv6 in the sshd(8) daemon by setting the option +"AddressFamily inet" in /etc/ssh/sshd_config. + +Disable support for X11 forwarding in the sshd(8) daemon by setting +the option "X11Forwarding no" in /etc/ssh/sshd_config. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 5-STABLE, 6-STABLE, or 7-STABLE, +or to the RELENG_7_0, RELENG_6_3, RELENG_6_2, RELENG_6_1, RELENG_5_5 +security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 5.5, 6.1, +6.2, 6.3, and 7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-08:05/openssh.patch +# fetch http://security.FreeBSD.org/patches/SA-08:05/openssh.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libssh +# make obj && make depend && make && make install +# cd /usr/src/secure/usr.sbin/sshd +# make obj && make depend && make && make install +# /etc/rc.d/sshd restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_5 + src/crypto/openssh/channels.c 1.18.2.1 +RELENG_5_5 + src/UPDATING 1.342.2.35.2.21 + src/sys/conf/newvers.sh 1.62.2.21.2.22 + src/crypto/openssh/channels.c 1.18.8.1 +RELENG_6 + src/crypto/openssh/channels.c 1.20.2.3 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.6 + src/sys/conf/newvers.sh 1.69.2.15.2.5 + src/crypto/openssh/channels.c 1.20.2.2.4.1 +RELENG_6_2 + src/UPDATING 1.416.2.29.2.16 + src/sys/conf/newvers.sh 1.69.2.13.2.15 + src/crypto/openssh/channels.c 1.20.2.2.2.1 +RELENG_6_1 + src/UPDATING 1.416.2.22.2.27 + src/sys/conf/newvers.sh 1.69.2.11.2.26 + src/crypto/openssh/channels.c 1.20.2.1.4.1 +RELENG_7 + src/crypto/openssh/channels.c 1.23.2.1 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.5 + src/sys/conf/newvers.sh 1.72.2.5.2.5 + src/crypto/openssh/channels.c 1.23.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483 +http://www.openssh.com/txt/release-5.0 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.7 (FreeBSD) + +iD8DBQFICXCKFdaIBMps37IRAnTEAJ9vVF3ShIpmOes+FB4TGzIZeBB85gCdFOc5 +zHQV1Flg2JpAARha1Yz2q98= +=P9XX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:06.bind.asc b/share/security/advisories/FreeBSD-SA-08:06.bind.asc new file mode 100644 index 0000000000..4d81e8aca0 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:06.bind.asc @@ -0,0 +1,163 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:06.bind Security Advisory + The FreeBSD Project + +Topic: DNS cache poisoning + +Category: contrib +Module: bind +Announced: 2008-07-13 +Credits: Dan Kaminsky +Affects: All supported FreeBSD versions. +Corrected: 2008-07-12 10:07:33 UTC (RELENG_6, 6.3-STABLE) + 2008-07-13 18:42:38 UTC (RELENG_6_3, 6.3-RELEASE-p3) + 2008-07-13 18:42:38 UTC (RELENG_7, 7.0-STABLE) + 2008-07-13 18:42:38 UTC (RELENG_7_0, 7.0-RELEASE-p3) +CVE Name: CVE-2008-1447 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. DNS requests +contain a query id which is used to match a DNS request with the response +and to make it harder for anybody but the DNS server which received the +request to send a valid response. + +II. Problem Description + +The BIND DNS implementation does not randomize the UDP source port when +doing remote queries, and the query id alone does not provide adequate +randomization. + +III. Impact + +The lack of source port randomization reduces the amount of data the +attacker needs to guess in order to successfully execute a DNS cache +poisoning attack. This allows the attacker to influence or control +the results of DNS queries being returned to users from target systems. + +IV. Workaround + +Limiting the group of machines that can do recursive queries on the DNS +server will make it more difficult, but not impossible, for this +vulnerability to be exploited. + +To limit the machines able to perform recursive queries, add an ACL in +named.conf and limit recursion like the following: + +acl example-acl { + 192.0.2.0/24; +}; + +options { + recursion yes; + allow-recursion { example-acl; }; +}; + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE or 7-STABLE, or to the +RELENG_7_0 or RELENG_6_3 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3 and +7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.3] +# fetch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch +# fetch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch.asc + +[FreeBSD 7.0] +# fetch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch +# fetch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install + +NOTE WELL: This update causes BIND to choose a new, random UDP port for +each new query; this may cause problems for some network configurations, +particularly if firewall(s) block incoming UDP packets on particular +ports. The avoid-v4-udp-ports and avoid-v6-udp-ports options should be +used to avoid selecting random port numbers within a blocked range. + +NOTE WELL: If a port number is specified via the query-source or +query-source-v6 options to BIND, randomized port selection will not be +used. Consequently it is strongly recommended that these options not +be used to specify fixed port numbers. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/bind9/bin/named/client.c 1.1.1.2.2.5 + src/contrib/bind9/bin/named/server.c 1.1.1.2.2.4 + src/contrib/bind9/lib/dns/api 1.1.1.2.2.5 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.4 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.3 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.8 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.8 + src/sys/conf/newvers.sh 1.69.2.15.2.7 + src/contrib/bind9/bin/named/client.c 1.1.1.2.2.3.2.1 + src/contrib/bind9/bin/named/server.c 1.1.1.2.2.2.2.1 + src/contrib/bind9/lib/dns/api 1.1.1.2.2.3.2.1 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.2.2.1 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.1.2.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.6.2.1 +RELENG_7 + src/contrib/bind9/bin/named/client.c 1.1.1.6.2.2 + src/contrib/bind9/bin/named/server.c 1.1.1.6.2.2 + src/contrib/bind9/lib/dns/api 1.1.1.6.2.2 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.2 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.7 + src/sys/conf/newvers.sh 1.72.2.5.2.7 + src/contrib/bind9/bin/named/client.c 1.1.1.6.2.1.2.1 + src/contrib/bind9/bin/named/server.c 1.1.1.6.2.1.2.1 + src/contrib/bind9/lib/dns/api 1.1.1.6.2.1.2.1 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.1.2.1 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.1.2.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 +http://www.kb.cert.org/vuls/id/800113 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:06.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkh6UiMACgkQFdaIBMps37IE5ACfYzpWMhEXgWNdjwVlzd7JTwBS +Eu0AnRIogMIJ3fjQF4hcymtdwR6buRNc +=shnR +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:07.amd64.asc b/share/security/advisories/FreeBSD-SA-08:07.amd64.asc new file mode 100644 index 0000000000..70b1e7375e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:07.amd64.asc @@ -0,0 +1,140 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:07.amd64 Security Advisory + The FreeBSD Project + +Topic: amd64 swapgs local privilege escalation + +Category: core +Module: sys_amd64_amd64 +Announced: 2008-09-03 +Credits: Nate Eldredge +Affects: All supported FreeBSD/amd64 versions. +Corrected: 2008-08-21 09:58:18 UTC (RELENG_7, 7.0-STABLE) + 2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4) + 2008-09-03 19:09:47 UTC (RELENG_6, 6.4-PRERELEASE) + 2008-09-03 19:09:47 UTC (RELENG_6_3, 6.3-RELEASE-p4) +CVE Name: CVE-2008-3890 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel +CPU's. For Intel CPU's this architecture is known as EM64T or Intel +64. + +The gs segment CPU register is used by both user processes and the +kernel to convieniently access state data. User processes use it to +manage per-thread data, and the kernel uses it to manage per-processor +data. As the processor enters and leaves the kernel it uses the +'swapgs' instruction to toggle between the kernel and user values for +the gs register. + +The kernel stores critical information in its per-processor data +block. This includes the currently executing process and its +credentials. + +As the processor switches between user and kernel level, a number of +checks are performed in order to implement the privilege protection +system. If the processor detects a problem while attempting to switch +privilege levels it generates a trap - typically general protection +fault (GPF). In that case, the processor aborts the return to the +user level process and re-enters the kernel. The FreeBSD kernel +allows the user process to be notified of such an event by a signal +(SIGSEGV or SIGBUS). + +II. Problem Description + +If a General Protection Fault happens on a FreeBSD/amd64 system while +it is returning from an interrupt, trap or system call, the swapgs CPU +instruction may be called one extra time when it should not resulting +in userland and kernel state being mixed. + +III. Impact + +A local attacker can by causing a General Protection Fault while the +kernel is returning from an interrupt, trap or system call while +manipulating stack frames and, run arbitrary code with kernel +privileges. + +The vulnerability can be used to gain kernel / supervisor privilege. +This can for example be used by normal users to gain root privileges, +to break out of jails, or bypass Mandatory Access Control (MAC) +restrictions. + +IV. Workaround + +No workaround is available, but only systems running the 64 bit +FreeSD/amd64 kernels are vulnerable. + +Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386 +kernel are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_0, or RELENG_6_3 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3 and +7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-08:07/amd64.patch +# fetch http://security.FreeBSD.org/patches/SA-08:07/amd64.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/amd64/amd64/exception.S 1.125.2.3 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.9 + src/sys/conf/newvers.sh 1.69.2.15.2.8 + src/sys/amd64/amd64/exception.S 1.125.2.2.2.1 +RELENG_7 + src/sys/amd64/amd64/exception.S 1.129.2.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.8 + src/sys/conf/newvers.sh 1.72.2.5.2.8 + src/sys/amd64/amd64/exception.S 1.129.2.1.2.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3890 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:07.amd64.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFIvu2TFdaIBMps37IRAqt8AJsGd/2WDuMZYUeOcVKekHEHZWRoMACdGnVs +0JZMykjScj7GbrsOlOW3uQg= +=bs1z +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:08.nmount.asc b/share/security/advisories/FreeBSD-SA-08:08.nmount.asc new file mode 100644 index 0000000000..4408af1c5f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:08.nmount.asc @@ -0,0 +1,113 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:08.nmount Security Advisory + The FreeBSD Project + +Topic: nmount(2) local arbitrary code execution + +Category: core +Module: sys_kern +Announced: 2008-09-03 +Credits: James Gritton +Affects: FreeBSD 7.0-RELEASE, FreeBSD 7.0-STABLE +Corrected: 2008-09-03 19:09:47 UTC (RELENG_7, 7.1-PRERELEASE) + 2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4) +CVE Name: CVE-2008-3531 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The mount(2) and nmount(2) system calls are used by various utilities +in the base system to graft a file system object on to the file system +tree to a given mount point. It is possible to allow unprivileged +users to utililize these system calls by setting the vfs.usermount +sysctl(8) variable. + +II. Problem Description + +Various user defined input such as mount points, devices, and mount +options are prepared and passed as arguments to nmount(2) into the +kernel. Under certain error conditions, user defined data will be +copied into a stack allocated buffer stored in the kernel without +sufficient bounds checking. + +III. Impact + +If the system is configured to allow unprivileged users to mount file +systems, it is possible for a local adversary to exploit this +vulnerability and execute code in the context of the kernel. + +IV. Workaround + +It is possible to work around this issue by allowing only privileged +users to mount file systems by running the following sysctl(8) +command: + +# sysctl vfs.usermount=0 + +V. Solution + +NOTE WELL: Even with this fix allowing users to mount arbitrary media +should not be considered safe. Most of the file systems in FreeBSD +was not built to protect safeguard against malicious devices. While +such bugs in file systems are fixed when found, a complete audit has +not been perfomed on the file system code. + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_0 +security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-08:08/nmount.patch +# fetch http://security.FreeBSD.org/patches/SA-08:08/nmount.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/kern/vfs_mount.c 1.265.2.10 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.8 + src/sys/conf/newvers.sh 1.72.2.5.2.8 + src/sys/kern/vfs_mount.c 1.265.2.1.2.2 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3531 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:08.nmount.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFIvu2eFdaIBMps37IRAl9BAJ9Jnp+agN06pBkzPDwEnOT83MNd6QCghOFX +yvNI1gVmhAQ7MXOUvPoLcLk= +=EsCn +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:09.icmp6.asc b/share/security/advisories/FreeBSD-SA-08:09.icmp6.asc new file mode 100644 index 0000000000..6dbf95a80f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:09.icmp6.asc @@ -0,0 +1,113 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:09.icmp6 Security Advisory + The FreeBSD Project + +Topic: Remote kernel panics on IPv6 connections + +Category: core +Module: sys_netinet6 +Announced: 2008-09-03 +Credits: Tom Parker, Bjoern A. Zeeb +Affects: All supported versions of FreeBSD. +Corrected: 2008-09-03 19:09:47 UTC (RELENG_7, 7.1-PRERELEASE) + 2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4) + 2008-09-03 19:09:47 UTC (RELENG_6, 6.4-PRERELEASE) + 2008-09-03 19:09:47 UTC (RELENG_6_3, 6.3-RELEASE-p4) +CVE Name: CVE-2008-3530 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +IPv6 nodes use ICMPv6 amongst other things to report errors encountered +while processing packets. The 'Packet Too Big Message' is sent in +case a node cannot forward a packet because the size of the packet is +larger than the MTU of next-hop link. + +II. Problem Description + +In case of an incoming ICMPv6 'Packet Too Big Message', there is an +insufficient check on the proposed new MTU for a path to the destination. + +III. Impact + +When the kernel is configured to process IPv6 packets and has active +IPv6 TCP sockets, a specifically crafted ICMPv6 'Packet Too Big +Message' could cause the TCP stack of the kernel to panic, + +IV. Workaround + +Systems without INET6 / IPv6 support are not vulnerable and neither +are systems which do not listen on any IPv6 TCP sockets and have no +active IPv6 connections. + +Filter ICMPv6 'Packet Too Big Messages' using a firewall, but this +will at the same time break PMTU support for IPv6 connections. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE or 7-STABLE, or to the +RELENG_6_3 or RELENG_7_0 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3 and +FreeBSD 7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch +# fetch http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/netinet6/icmp6.c 1.62.2.11 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.9 + src/sys/conf/newvers.sh 1.69.2.15.2.8 + src/sys/netinet6/icmp6.c 1.62.2.9.2.1 +RELENG_7 + src/sys/netinet6/icmp6.c 1.80.2.7 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.8 + src/sys/conf/newvers.sh 1.72.2.5.2.8 + src/sys/netinet6/icmp6.c 1.80.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3530 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:09.icmp6.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFIvu2hFdaIBMps37IRAjxxAJwIIXP+ALAZkvG5m687PC+92BtXTwCfUZdS +AvvrO0r+UAa6bn1H9mFf9So= +=MBB1 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:10.nd6.asc b/share/security/advisories/FreeBSD-SA-08:10.nd6.asc new file mode 100644 index 0000000000..19945b1592 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:10.nd6.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:10.nd6 Security Advisory + The FreeBSD Project + +Topic: IPv6 Neighbor Discovery Protocol routing vulnerability + +Category: core +Module: sys_netinet6 +Announced: 2008-10-01 +Credits: David Miles +Affects: All supported versions of FreeBSD. +Corrected: 2008-10-01 00:32:59 UTC (RELENG_7, 7.1-PRERELEASE) + 2008-10-01 00:32:59 UTC (RELENG_7_0, 7.0-RELEASE-p5) + 2008-10-01 00:32:59 UTC (RELENG_6, 6.4-PRERELEASE) + 2008-10-01 00:32:59 UTC (RELENG_6_3, 6.3-RELEASE-p5) +CVE Name: CVE-2008-2476 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +IPv6 nodes use the Neighbor Discovery protocol to determine the link-layer +address of other nodes, find routers, and maintain reachability information. +The Neighbor Discovery protocol uses Neighbor Solicitation (ICMPv6 type 135) +to query target nodes for their link-layer addresses. + +II. Problem Description + +IPv6 routers may allow "on-link" IPv6 nodes to create and update the +router's neighbor cache and forwarding information. A malicious IPv6 node +sharing a common router but on a different physical segment from another +node may be able to spoof Neighbor Discovery messages, allowing it to update +router information for the victim node. + +III. Impact + +An attacker on a different physical network connected to the same IPv6 +router as another node could redirect IPv6 traffic intended for that node. +This could lead to denial of service or improper access to private network +traffic. + +IV. Workaround + +Firewall packet filters can be used to filter incoming Neighbor +Solicitation messages but may interfere with normal IPv6 operation if not +configured carefully. + +Reverse path forwarding checks could be used to make gateways, such as +routers or firewalls, drop Neighbor Solicitation messages from +nodes with unexpected source addresses on a particular interface. + +IPv6 router administrators are encouraged to read RFC 3756 for further +discussion of Neighbor Discovery security implications. + +V. Solution + +NOTE WELL: The solution described below causes IPv6 Neighbor Discovery +Neighbor Solicitation messages from non-neighbors to be ignored. +This can be re-enabled if required by setting the newly added +net.inet6.icmp6.nd6_onlink_ns_rfc4861 sysctl to a non-zero value. + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_0, or RELENG_6_3 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3 and +7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.3] +# fetch http://security.FreeBSD.org/patches/SA-08:10/nd6-6.patch +# fetch http://security.FreeBSD.org/patches/SA-08:10/nd6-6.patch.asc + +[FreeBSD 7.0] +# fetch http://security.FreeBSD.org/patches/SA-08:10/nd6-7.patch +# fetch http://security.FreeBSD.org/patches/SA-08:10/nd6-7.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/netinet6/in6.h 1.36.2.10 + src/sys/netinet6/in6_proto.c 1.32.2.10 + src/sys/netinet6/nd6.h 1.19.2.4 + src/sys/netinet6/nd6_nbr.c 1.29.2.11 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.10 + src/sys/conf/newvers.sh 1.69.2.15.2.9 + src/sys/netinet6/in6.h 1.36.2.8.2.1 + src/sys/netinet6/in6_proto.c 1.32.2.8.2.1 + src/sys/netinet6/nd6.h 1.19.2.2.6.1 + src/sys/netinet6/nd6_nbr.c 1.29.2.9.2.1 +RELENG_7 + src/sys/netinet6/in6.h 1.51.2.2 + src/sys/netinet6/in6_proto.c 1.46.2.3 + src/sys/netinet6/nd6.h 1.21.2.2 + src/sys/netinet6/nd6_nbr.c 1.47.2.3 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.9 + src/sys/conf/newvers.sh 1.72.2.5.2.9 + src/sys/netinet6/in6.h 1.51.4.1 + src/sys/netinet6/in6_proto.c 1.46.4.1 + src/sys/netinet6/nd6.h 1.21.4.1 + src/sys/netinet6/nd6_nbr.c 1.47.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476 +http://www.kb.cert.org/vuls/id/472363 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:10.nd6.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkjkF2cACgkQFdaIBMps37KWWgCZAfug94zPIdkzW0tdIdSDzH/0 +j18AnjypvJrRtzeQqhJkRU9wQWozgWvj +=ieTi +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:11.arc4random.asc b/share/security/advisories/FreeBSD-SA-08:11.arc4random.asc new file mode 100644 index 0000000000..a2097ba77b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:11.arc4random.asc @@ -0,0 +1,168 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08.11.arc4random Security Advisory + The FreeBSD Project + +Topic: arc4random(9) predictable sequence vulnerability + +Category: core +Module: sys +Announced: 2008-11-24 +Credits: Robert Woolley, Mark Murray, Maxim Dounin, Ruslan Ermilov +Affects: All supported versions of FreeBSD. +Corrected: 2008-11-24 17:39:39 UTC (RELENG_7, 7.1-PRERELEASE) + 2008-11-24 17:39:39 UTC (RELENG_7_0, 7.0-RELEASE-p6) + 2008-11-24 17:39:39 UTC (RELENG_6, 6.4-STABLE) + 2008-11-24 17:39:39 UTC (RELENG_6_4, 6.4-RELEASE) + 2008-11-24 17:39:39 UTC (RELENG_6_3, 6.3-RELEASE-p6) +CVE Name: CVE-2008-5162 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +arc4random(9) is a generic-purpose random number generator based on the +key stream generator of the RC4 cipher. It is expected to be +cryptographically strong, and used throughout the FreeBSD kernel for a +variety of purposes, some of which rely on its cryptographic strength. +arc4random(9) is periodically reseeded with entropy from the FreeBSD +kernel's Yarrow random number generator, which gathers entropy from a +variety of sources including hardware interrupts. During the boot +process, additional entropy is provided to the Yarrow random number +generator from userland, helping to ensure that adequate entropy is +present for cryptographic purposes. + +II. Problem Description + +When the arc4random(9) random number generator is initialized, there may +be inadequate entropy to meet the needs of kernel systems which rely on +arc4random(9); and it may take up to 5 minutes before arc4random(9) is +reseeded with secure entropy from the Yarrow random number generator. + +III. Impact + +All security-related kernel subsystems that rely on a quality random +number generator are subject to a wide range of possible attacks for the +300 seconds after boot or until 64k of random data is consumed. The list +includes: + +* GEOM ELI providers with onetime keys. When a provider is configured in + a way so that it gets attached at the same time during boot (e.g. it + uses the rc subsystem to initialize) it might be possible for an + attacker to recover the encrypted data. + +* GEOM shsec providers. The GEOM shsec subsytem is used to split a shared + secret between two providers so that it can be recovered when both of + them are present. This is done by writing the random sequence to one + of providers while appending the result of the random sequence on the + other host to the original data. If the provider was created within the + first 300 seconds after booting, it might be possible for an attacker + to extract the original data with access to only one of the two providers + between which the secret data is split. + +* System processes started early after boot may receive predictable IDs. + +* The 802.11 network stack uses arc4random(9) to generate initial vectors + (IV) for WEP encryption when operating in client mode and WEP + authentication challenges when operating in hostap mode, which may be + insecure. + +* The IPv4, IPv6 and TCP/UDP protocol implementations rely on a quality + random number generator to produce unpredictable IP packet identifiers, + initial TCP sequence numbers and outgoing port numbers. During the + first 300 seconds after booting, it may be easier for an attacker to + execute IP session hijacking, OS fingerprinting, idle scanning, or in + some cases DNS cache poisoning and blind TCP data injection attacks. + +* The kernel RPC code uses arc4random(9) to retrieve transaction + identifiers, which might make RPC clients vulnerable to hijacking + attacks. + +IV. Workaround + +No workaround is available for affected systems. + +V. Solution + +NOTE WELL: Any GEOM shsec providers which were created or written to +during the first 300 seconds after booting should be re-created after +applying this security update. + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_0, or RELENG_6_3 security branch dated after the correction +date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3 and +7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-08:11/arc4random.patch +# fetch http://security.FreeBSD.org/patches/SA-08:11/arc4random.patch.asc + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/SA-08:11/arc4random6x.patch +# fetch http://security.FreeBSD.org/patches/SA-08:11/arc4random6x.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/dev/random/randomdev.c 1.59.2.2 + src/sys/dev/random/randomdev_soft.c 1.11.2.3 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.2 + src/sys/dev/random/randomdev.c 1.59.2.1.8.2 + src/sys/dev/random/randomdev_soft.c 1.11.2.2.6.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.11 + src/sys/conf/newvers.sh 1.69.2.15.2.10 + src/sys/dev/random/randomdev.c 1.59.2.1.6.1 + src/sys/dev/random/randomdev_soft.c 1.11.2.2.4.1 +RELENG_7 + src/sys/dev/random/randomdev.c 1.61.2.1 + src/sys/dev/random/randomdev_soft.c 1.15.2.1 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.10 + src/sys/conf/newvers.sh 1.72.2.5.2.10 + src/sys/dev/random/randomdev.c 1.61.4.1 + src/sys/dev/random/randomdev_soft.c 1.15.4.1 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5162 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:11.arc4random.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkkq550ACgkQFdaIBMps37K3SwCfcj0iiFxH2tljR1N7/qhXWiW1 +N/cAoIjgcsh6sZG/upobud4TVme9QJPf +=SKuK +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc b/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc new file mode 100644 index 0000000000..b1609720b2 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:12.ftpd Security Advisory + The FreeBSD Project + +Topic: Cross-site request forgery in ftpd(8) + +Category: core +Module: ftpd +Announced: 2008-12-23 +Credits: Maksymilian Arciemowicz +Affects: All supported versions of FreeBSD. +Corrected: 2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE) + 2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2) + 2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7) + 2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE) + 2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1) + 2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7) +CVE Name: CVE-2008-4247 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP) +server that is shipped with the FreeBSD base system. It is not enabled +in default installations but can be enabled as either an inetd(8) server, +or a standard-alone server. + +A cross-site request forgery attack is a type of malicious exploit that is +mainly targeted to a web browser, by tricking a user trusted by the site +into visiting a specially crafted URL, which in turn executes a command +which performs some privileged operations on behalf of the trusted user +on the victim site. + +II. Problem Description + +The ftpd(8) server splits long commands into several requests. This +may result in the server executing a command which is hidden inside +another very long command. + +III. Impact + +This could, with a specifically crafted command, be used in a +cross-site request forgery attack. + +FreeBSD systems running ftpd(8) server could act as a point of privilege +escalation in an attack against users using web browser to access trusted +FTP sites. + +IV. Workaround + +No workaround is available, but systems not running FTP servers are +not vulnerable. Systems not running the FreeBSD ftp(8) server are not +affected, but users of other ftp daemons are advised to take care +since several other ftp daemons are known to have related bugs. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.0, and 7.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch +# fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/libexec/ftpd +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/libexec/ftpd/ftpcmd.y 1.64.2.3 + src/libexec/ftpd/extern.h 1.19.14.1 + src/libexec/ftpd/ftpd.c 1.206.2.4 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.4 + src/sys/conf/newvers.sh 1.69.2.18.2.7 + src/libexec/ftpd/ftpcmd.y 1.64.2.2.4.2 + src/libexec/ftpd/extern.h 1.19.30.2 + src/libexec/ftpd/ftpd.c 1.206.2.3.4.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.12 + src/sys/conf/newvers.sh 1.69.2.15.2.11 + src/libexec/ftpd/ftpcmd.y 1.64.2.2.2.1 + src/libexec/ftpd/extern.h 1.19.26.1 + src/libexec/ftpd/ftpd.c 1.206.2.3.2.1 +RELENG_7 + src/libexec/ftpd/ftpcmd.y 1.66.2.1 + src/libexec/ftpd/extern.h 1.19.24.1 + src/libexec/ftpd/ftpd.c 1.212.2.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.2 + src/libexec/ftpd/ftpcmd.y 1.66.6.2 + src/libexec/ftpd/extern.h 1.19.32.2 + src/libexec/ftpd/ftpd.c 1.212.6.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.11 + src/sys/conf/newvers.sh 1.72.2.5.2.11 + src/libexec/ftpd/ftpcmd.y 1.66.4.1 + src/libexec/ftpd/extern.h 1.19.28.1 + src/libexec/ftpd/ftpd.c 1.212.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r186405 +releng/6.4/ r186405 +releng/6.3/ r186405 +stable/7/ r186405 +releng/7.1/ r186405 +releng/7.0/ r186405 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4247 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAklQP8wACgkQFdaIBMps37ITvgCePP8oVI6cffvQu229Qg7eNshN +A0kAn3A6kjr+QovEwOVKNzjow1aCtU8K +=sDxD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-08:13.protosw.asc b/share/security/advisories/FreeBSD-SA-08:13.protosw.asc new file mode 100644 index 0000000000..ccb88d914c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-08:13.protosw.asc @@ -0,0 +1,146 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-08:13.protosw Security Advisory + The FreeBSD Project + +Topic: netgraph / bluetooth privilege escalation + +Category: core +Module: sys_kern +Announced: 2008-12-23 +Credits: Christer Oberg +Affects: All FreeBSD releases +Corrected: 2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE) + 2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2) + 2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7) + 2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE) + 2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1) + 2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The FreeBSD kernel provides support for a variety of different types of +communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol, +link-layer, netgraph(4), and bluetooth sockets. As an early form of +object-oriented design, much of the functionality specific to different +types of sockets is abstracted via function pointers. + +II. Problem Description + +Some function pointers for netgraph and bluetooth sockets are not +properly initialized. + +III. Impact + +A local user can cause the FreeBSD kernel to execute arbitrary code. +This could be used by an attacker directly; or it could be used to gain +root privilege or to escape from a jail. + +IV. Workaround + +No workaround is available, but systems without local untrusted users +are not vulnerable. Furthermore, systems are not vulnerable if they +have neither the ng_socket nor ng_bluetooth kernel modules loaded or +compiled into the kernel. + +Systems with the security.jail.socket_unixiproute_only sysctl set to +1 (the default) are only vulnerable if they have local untrusted users +outside of jails. + +If the command +# kldstat -v | grep ng_ +produces no output, the system is not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +and 7.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch +# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch.asc + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch +# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/kern/uipc_domain.c 1.44.2.4 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.4 + src/sys/conf/newvers.sh 1.69.2.18.2.7 + src/sys/kern/uipc_domain.c 1.44.2.3.6.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.12 + src/sys/conf/newvers.sh 1.69.2.15.2.11 + src/sys/kern/uipc_domain.c 1.44.2.3.4.1 +RELENG_7 + src/sys/kern/uipc_domain.c 1.51.2.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.2 + src/sys/kern/uipc_domain.c 1.51.2.1.2.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.11 + src/sys/conf/newvers.sh 1.72.2.5.2.11 + src/sys/kern/uipc_domain.c 1.51.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r186405 +releng/6.4/ r186405 +releng/6.3/ r186405 +stable/7/ r186405 +releng/7.1/ r186405 +releng/7.0/ r186405 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-08:13.protosw.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAklQP9QACgkQFdaIBMps37KL2gCfRlQ7kTB24DYnDEGRUC+px4bX +214AoJJrJjaeS6ITyk73AL/OK+rNAM4u +=7qyU +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:01.lukemftpd.asc b/share/security/advisories/FreeBSD-SA-09:01.lukemftpd.asc new file mode 100644 index 0000000000..2d7083dd06 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:01.lukemftpd.asc @@ -0,0 +1,160 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:01.lukemftpd Security Advisory + The FreeBSD Project + +Topic: Cross-site request forgery in lukemftpd(8) + +Category: core +Module: lukemftpd +Announced: 2009-01-07 +Credits: Maksymilian Arciemowicz +Affects: All supported versions of FreeBSD. +Corrected: 2009-01-07 20:17:55 UTC (RELENG_7, 7.1-STABLE) + 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) + 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) + 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) + 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) + 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) +CVE Name: CVE-2008-4247 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +lukemftpd(8) is a general-purpose implementation of File Transfer Protocol +(FTP) server that is shipped with the FreeBSD base system. It is not enabled +in default installations but can be enabled as either an inetd(8) server, +or a standard-alone server. + +A cross-site request forgery attack is a type of malicious exploit that is +mainly targeted to a web browser, by tricking a user trusted by the site +into visiting a specially crafted URL, which in turn executes a command +which performs some privileged operations on behalf of the trusted user +on the victim site. + +II. Problem Description + +The lukemftpd(8) server splits long commands into several requests. This +may result in the server executing a command which is hidden inside +another very long command. + +III. Impact + +This could, with a specifically crafted command, be used in a +cross-site request forgery attack. + +FreeBSD systems running lukemftpd(8) server could act as a point of privilege +escalation in an attack against users using web browser to access trusted +FTP sites. + +IV. Workaround + +No workaround is available, but systems not running FTP servers are +not vulnerable. Systems not running the FreeBSD lukemftpd(8) server are not +affected, but users of other ftp daemons are advised to take care since +several other ftp daemons are known to have related bugs. + +NOTE WELL: lukemftpd(8) is a different implementation of an FTP server +than ftpd(8). + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.0, and 7.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:01/lukemftpd.patch +# fetch http://security.FreeBSD.org/patches/SA-09:01/lukemftpd.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/libexec/lukemftpd +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.5.2.2 + src/contrib/lukemftpd/src/extern.h 1.1.1.4.2.2 + src/contrib/lukemftpd/src/ftpd.c 1.4.2.2 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.5 + src/sys/conf/newvers.sh 1.69.2.18.2.8 + src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.5.2.1.6.1 + src/contrib/lukemftpd/src/extern.h 1.1.1.4.2.1.6.1 + src/contrib/lukemftpd/src/ftpd.c 1.4.2.1.6.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.13 + src/sys/conf/newvers.sh 1.69.2.15.2.12 + src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.5.2.1.4.1 + src/contrib/lukemftpd/src/extern.h 1.1.1.4.2.1.4.1 + src/contrib/lukemftpd/src/ftpd.c 1.4.2.1.4.1 +RELENG_7 + src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.6.2.1 + src/contrib/lukemftpd/src/extern.h 1.1.1.5.2.1 + src/contrib/lukemftpd/src/ftpd.c 1.5.2.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.4 + src/sys/conf/newvers.sh 1.72.2.9.2.5 + src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.6.6.1 + src/contrib/lukemftpd/src/extern.h 1.1.1.5.6.1 + src/contrib/lukemftpd/src/ftpd.c 1.5.6.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.12 + src/sys/conf/newvers.sh 1.72.2.5.2.12 + src/contrib/lukemftpd/src/ftpcmd.y 1.1.1.6.4.1 + src/contrib/lukemftpd/src/extern.h 1.1.1.5.4.1 + src/contrib/lukemftpd/src/ftpd.c 1.5.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r186872 +releng/6.4/ r186872 +releng/6.3/ r186872 +stable/7/ r186872 +releng/7.1/ r186872 +releng/7.0/ r186872 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4247 +http://security.freebsd.org/advisories/FreeBSD-SA-08:12.ftpd.asc + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFJZR5UFdaIBMps37IRApUJAKCEGZggeEjPC67j5Tmxl2fEDJ9sIQCfTAKn +vpOXC5jix3XiB7wxGKrvNJM= +=qPEc +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:02.openssl.asc b/share/security/advisories/FreeBSD-SA-09:02.openssl.asc new file mode 100644 index 0000000000..3bd71aeb30 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:02.openssl.asc @@ -0,0 +1,201 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:02.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL incorrectly checks for malformed signatures + +Category: contrib +Module: openssl +Announced: 2009-01-07 +Credits: Google Security Team +Affects: All FreeBSD releases +Corrected: 2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE) + 2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1) + 2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8) + 2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE) + 2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2) + 2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8) +CVE Name: CVE-2008-5077 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +The EVP_VerifyFinal() function from OpenSSL is used to determine if a +digital signature is valid. The SSL layer in OpenSSL uses +EVP_VerifyFinal(), which in several places checks the return value +incorrectly and treats verification errors as a good signature. This +is only a problem for DSA and ECDSA keys. + +III. Impact + +For applications using OpenSSL for SSL connections, an invalid SSL +certificate may be interpreted as valid. This could for example be +used by an attacker to perform a man-in-the-middle attack. + +Other applications which use the OpenSSL EVP API may similarly be +affected. + +IV. Workaround + +For a server an RSA signed certificate may be used instead of DSA or +ECDSA based certificate. + +Note that Mozilla Firefox does not use OpenSSL and thus is not +affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.0, and 7.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch +# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch +# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libssl +# make obj && make depend && make && make install +# cd /usr/src/secure/usr.bin/openssl +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/crypto/openssl/apps/speed.c 1.13.2.1 + src/crypto/openssl/apps/verify.c 1.1.1.5.12.1 + src/crypto/openssl/apps/x509.c 1.1.1.10.2.1 + src/crypto/openssl/apps/spkac.c 1.1.1.4.12.1 + src/crypto/openssl/ssl/s2_srvr.c 1.12.2.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.2 + src/crypto/openssl/ssl/s2_clnt.c 1.13.2.2 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.5 + src/sys/conf/newvers.sh 1.69.2.18.2.8 + src/crypto/openssl/apps/speed.c 1.13.12.1 + src/crypto/openssl/apps/verify.c 1.1.1.5.24.1 + src/crypto/openssl/apps/x509.c 1.1.1.10.12.1 + src/crypto/openssl/apps/spkac.c 1.1.1.4.24.1 + src/crypto/openssl/ssl/s2_srvr.c 1.12.12.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.12.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.1 + src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.6.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.13 + src/sys/conf/newvers.sh 1.69.2.15.2.12 + src/crypto/openssl/apps/speed.c 1.13.10.1 + src/crypto/openssl/apps/verify.c 1.1.1.5.22.1 + src/crypto/openssl/apps/x509.c 1.1.1.10.10.1 + src/crypto/openssl/apps/spkac.c 1.1.1.4.22.1 + src/crypto/openssl/ssl/s2_srvr.c 1.12.10.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.12.10.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.1 + src/crypto/openssl/ssl/s2_clnt.c 1.13.2.1.4.1 +RELENG_7 + src/crypto/openssl/apps/speed.c 1.15.2.1 + src/crypto/openssl/apps/verify.c 1.1.1.6.2.1 + src/crypto/openssl/apps/x509.c 1.1.1.11.2.1 + src/crypto/openssl/apps/spkac.c 1.1.1.5.2.1 + src/crypto/openssl/ssl/s2_srvr.c 1.13.2.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1 + src/crypto/openssl/ssl/ssltest.c 1.1.1.10.2.1 + src/crypto/openssl/ssl/s2_clnt.c 1.15.2.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.4 + src/sys/conf/newvers.sh 1.72.2.9.2.5 + src/crypto/openssl/apps/speed.c 1.15.6.1 + src/crypto/openssl/apps/verify.c 1.1.1.6.6.1 + src/crypto/openssl/apps/x509.c 1.1.1.11.6.1 + src/crypto/openssl/apps/spkac.c 1.1.1.5.6.1 + src/crypto/openssl/ssl/s2_srvr.c 1.13.6.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.1 + src/crypto/openssl/ssl/ssltest.c 1.1.1.10.6.1 + src/crypto/openssl/ssl/s2_clnt.c 1.15.6.1 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.12 + src/sys/conf/newvers.sh 1.72.2.5.2.12 + src/crypto/openssl/apps/speed.c 1.15.4.1 + src/crypto/openssl/apps/verify.c 1.1.1.6.4.1 + src/crypto/openssl/apps/x509.c 1.1.1.11.4.1 + src/crypto/openssl/apps/spkac.c 1.1.1.5.4.1 + src/crypto/openssl/ssl/s2_srvr.c 1.13.4.1 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.4.1 + src/crypto/openssl/ssl/ssltest.c 1.1.1.10.4.1 + src/crypto/openssl/ssl/s2_clnt.c 1.15.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r186873 +releng/6.4/ r186872 +releng/6.3/ r186872 +stable/7/ r186872 +releng/7.1/ r186872 +releng/7.0/ r186872 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077 +http://www.openssl.org/news/secadv_20090107.txt + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFJZR5ZFdaIBMps37IRAofJAJ4lm2jGfsMo28c0W4zRkhZrKmttGwCgmdd9 +IvNUwk47W24SwhQAGH5+Ggw= +=UHSl +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:03.ntpd.asc b/share/security/advisories/FreeBSD-SA-09:03.ntpd.asc new file mode 100644 index 0000000000..cb1784b565 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:03.ntpd.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:03.ntpd Security Advisory + The FreeBSD Project + +Topic: ntpd cryptographic signature bypass + +Category: contrib +Module: ntpd +Announced: 2009-01-13 +Credits: Google Security Team +Affects: All FreeBSD releases +Corrected: 2009-01-13 21:19:27 UTC (RELENG_7, 7.1-STABLE) + 2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2) + 2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9) + 2009-01-13 21:19:27 UTC (RELENG_6, 6.4-STABLE) + 2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3) + 2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9) +CVE Name: CVE-2009-0021 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The ntpd daemon is an implementation of the Network Time Protocol +(NTP) used to synchronize the time of a computer system to a reference +time source. + +FreeBSD includes software from the OpenSSL Project. The OpenSSL +Project is a collaborative effort to develop a robust, +commercial-grade, full-featured Open Source toolkit implementing the +Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) +protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +The EVP_VerifyFinal() function from OpenSSL is used to determine if a +digital signature is valid. When ntpd(8) is set to cryptographically +authenticate NTP data it incorrectly checks the return value from +EVP_VerifyFinal(). + +III. Impact + +An attacker which can send NTP packets to ntpd, which uses +cryptographic authentication of NTP data, may be able to inject +malicious time data causing the system clock to be set incorrectly. + +IV. Workaround + +Use IP based restrictions in ntpd itself or in IP firewalls to +restrict which systems can send NTP packets to ntpd. + +NOTE WELL: If ntpd is not explicitly set to use cryptographic +authentication of NTP data the setup is not vulnerable to the issue +as described in this Security Advisory. + +V. Solution + +NOTE WELL: Due to an error in building the updates, this fix is not +available via freebsd-update at the time of this advisory. We expect +that this will be fixed within the next 48 hours. + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.0, and 7.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.4 and 7.1] +# fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd.patch +# fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd.patch.asc + +[FreeBSD 6.3 and 7.0] +# fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd63.patch +# fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd63.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/ntp/ntpd +# make obj && make depend && make && make install +# /etc/rc.d/ntpd restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.8.2 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.6 + src/sys/conf/newvers.sh 1.69.2.18.2.9 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.8.1.2.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.14 + src/sys/conf/newvers.sh 1.69.2.15.2.13 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.20.1 +RELENG_7 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.18.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.5 + src/sys/conf/newvers.sh 1.72.2.9.2.6 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.18.1.2.1 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.13 + src/sys/conf/newvers.sh 1.72.2.5.2.13 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.22.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r187194 +releng/6.4/ r187194 +releng/6.3/ r187194 +stable/7/ r187194 +releng/7.1/ r187194 +releng/7.0/ r187194 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021 +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:03.ntpd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFJbRUfFdaIBMps37IRAqdjAJ42YSH0bjaAJBEVyMM7/em/tu0xUQCfVPrs +IrH0Qxo4slvboQHsy1PbkN4= +=Q4rn +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:04.bind.asc b/share/security/advisories/FreeBSD-SA-09:04.bind.asc new file mode 100644 index 0000000000..a73bdb56e8 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:04.bind.asc @@ -0,0 +1,452 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:04.bind Security Advisory + The FreeBSD Project + +Topic: BIND DNSSEC incorrect checks for malformed signatures + +Category: contrib +Module: bind +Announced: 2009-01-13 +Credits: Google Security Team +Affects: All supported FreeBSD versions +Corrected: 2009-01-10 03:00:21 UTC (RELENG_7, 7.1-STABLE) + 2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2) + 2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9) + 2009-01-10 04:30:27 UTC (RELENG_6, 6.4-STABLE) + 2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3) + 2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9) +CVE Name: CVE-2009-0025 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. DNS Security +Extensions (DNSSEC) are additional protocol options that add +authentication as part of responses to DNS queries. + +FreeBSD includes software from the OpenSSL Project. The OpenSSL +Project is a collaborative effort to develop a robust, +commercial-grade, full-featured Open Source toolkit implementing the +Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) +protocols as well as a full-strength general purpose cryptography +library. + +II. Problem Description + +The DSA_do_verify() function from OpenSSL is used to determine if a +DSA digital signature is valid. When DNSSEC is used within BIND it +uses DSA_do_verify() to verify DSA signatures, but checks the function +return value incorrectly. + +III. Impact + +It is in theory possible to spoof a DNS reply even though DNSSEC +is set up to validate answers. This could be used by an attacker for +man-in-the-middle or other spoofing attacks. + +IV. Workaround + +Disable the the DSA algorithm in named.conf. This will cause answers +from zones signed only with DSA to be treated as insecure. Add the +following to the options section of named.conf: + + disable-algorithms . { DSA; }; + +NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup is +not vulnerable to the issue as described in this Security Advisory. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.0, and 7.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install +# /etc/rc.d/named restart + +c) Install and use a fixed version of BIND from the FreeBSD Ports +Collection. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/bind9/CHANGES 1.1.1.3.2.10 + src/contrib/bind9/FAQ 1.1.1.2.2.5 + src/contrib/bind9/FAQ.xml 1.1.1.1.2.5 + src/contrib/bind9/README 1.1.1.2.2.6 + src/contrib/bind9/aclocal.m4 1.1.4.1 + src/contrib/bind9/bin/dig/dig.1 1.1.1.1.4.4 + src/contrib/bind9/bin/dig/dig.c 1.1.1.2.2.4 + src/contrib/bind9/bin/dig/dig.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/dig/dig.html 1.1.1.1.4.4 + src/contrib/bind9/bin/dig/dighost.c 1.1.1.2.2.5 + src/contrib/bind9/bin/dig/host.1 1.1.1.1.4.4 + src/contrib/bind9/bin/dig/host.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/dig/host.html 1.1.1.1.4.4 + src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.1.4.4 + src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.1.4.4 + src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.1.4.4 + src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.2.2.4 + src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.1.4.4 + src/contrib/bind9/bin/named/client.c 1.1.1.2.2.7 + src/contrib/bind9/bin/named/config.c 1.1.1.2.2.4 + src/contrib/bind9/bin/named/controlconf.c 1.1.1.1.4.4 + src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.1.4.2 + src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.1.4.4 + src/contrib/bind9/bin/named/lwresd.8 1.1.1.1.4.4 + src/contrib/bind9/bin/named/lwresd.c 1.1.1.1.4.3 + src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/named/lwresd.html 1.1.1.1.4.4 + src/contrib/bind9/bin/named/main.c 1.1.1.2.2.3 + src/contrib/bind9/bin/named/named.8 1.1.1.1.4.4 + src/contrib/bind9/bin/named/named.conf.5 1.1.1.2.2.4 + src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.2.2.5 + src/contrib/bind9/bin/named/named.conf.html 1.1.1.2.2.4 + src/contrib/bind9/bin/named/named.docbook 1.1.1.1.4.4 + src/contrib/bind9/bin/named/named.html 1.1.1.1.4.4 + src/contrib/bind9/bin/named/query.c 1.1.1.1.4.6 + src/contrib/bind9/bin/named/server.c 1.1.1.2.2.6 + src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.2.2.2 + src/contrib/bind9/bin/named/unix/os.c 1.1.1.2.2.4 + src/contrib/bind9/bin/named/update.c 1.1.1.2.2.4 + src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.1.4.2 + src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.4.1 + src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.1.4.4 + src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.1.4.3 + src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.1.4.4 + src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.2.2.1 + src/contrib/bind9/bin/rndc/rndc.c 1.1.1.3.2.3 + src/contrib/bind9/config.h.in 1.1.4.1 + src/contrib/bind9/configure.in 1.1.1.2.2.6 + src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.2.2 + src/contrib/bind9/lib/bind/api 1.1.1.2.2.4 + src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/config.h.in 1.1.1.2.2.4 + src/contrib/bind9/lib/bind/configure.in 1.1.1.2.2.5 + src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.2.2.4 + src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.1.4.4 + src/contrib/bind9/lib/bind/dst/support.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.1.4.4 + src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.2.2.4 + src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.1.4.2 + src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.1.4.1 + src/contrib/bind9/lib/bind9/api 1.1.1.2.2.4 + src/contrib/bind9/lib/bind9/check.c 1.1.1.2.2.4 + src/contrib/bind9/lib/dns/adb.c 1.1.1.2.2.4 + src/contrib/bind9/lib/dns/api 1.1.1.2.2.7 + src/contrib/bind9/lib/dns/cache.c 1.1.1.1.4.3 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.1.4.6 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.1.4.5 + src/contrib/bind9/lib/dns/journal.c 1.1.1.2.2.3 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/message.c 1.1.1.1.4.5 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.3 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.3 + src/contrib/bind9/lib/dns/rbt.c 1.1.1.2.2.3 + src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.1.4.1 + src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.1.4.1 + src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.1.4.1 + src/contrib/bind9/lib/dns/request.c 1.1.1.1.4.4 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.10 + src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.5 + src/contrib/bind9/lib/dns/view.c 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/xfrin.c 1.1.1.2.2.5 + src/contrib/bind9/lib/isc/Makefile.in 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/api 1.1.1.2.2.5 + src/contrib/bind9/lib/isc/assertions.c 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.1.4.2 + src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.4.1 + src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.1.4.2 + src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.1.4.4 + src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/mem.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/portset.c 1.1.4.1 + src/contrib/bind9/lib/isc/print.c 1.1.1.1.4.2 + src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/timer.c 1.1.1.1.4.5 + src/contrib/bind9/lib/isc/unix/app.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.1.4.1 + src/contrib/bind9/lib/isc/unix/net.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.1.4.3 + src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.2.2.5 + src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.1.4.2 + src/contrib/bind9/lib/isc/unix/time.c 1.1.1.1.4.1 + src/contrib/bind9/lib/isccfg/api 1.1.1.2.2.4 + src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.2.2.5 + src/contrib/bind9/version 1.1.1.3.2.10 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.6 + src/sys/conf/newvers.sh 1.69.2.18.2.9 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.4.1 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.2.2.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.14 + src/sys/conf/newvers.sh 1.69.2.15.2.13 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.1.4.2.2.1 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.1.4.1.2.1 +RELENG_7 + src/contrib/bind9/CHANGES 1.1.1.10.2.4 + src/contrib/bind9/COPYRIGHT 1.1.1.4.2.3 + src/contrib/bind9/FAQ 1.1.1.6.2.2 + src/contrib/bind9/FAQ.xml 1.1.1.4.2.2 + src/contrib/bind9/README 1.1.1.7.2.2 + src/contrib/bind9/aclocal.m4 1.1.2.1 + src/contrib/bind9/bin/check/check-tool.c 1.1.1.3.2.2 + src/contrib/bind9/bin/check/named-checkconf.c 1.1.1.4.2.1 + src/contrib/bind9/bin/check/named-checkzone.c 1.1.1.3.2.2 + src/contrib/bind9/bin/dig/dig.1 1.1.1.4.2.2 + src/contrib/bind9/bin/dig/dig.c 1.1.1.5.2.2 + src/contrib/bind9/bin/dig/dig.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/dig/dig.html 1.1.1.4.2.2 + src/contrib/bind9/bin/dig/dighost.c 1.1.1.5.2.3 + src/contrib/bind9/bin/dig/host.1 1.1.1.4.2.2 + src/contrib/bind9/bin/dig/host.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/dig/host.html 1.1.1.4.2.2 + src/contrib/bind9/bin/dnssec/dnssec-keygen.8 1.1.1.4.2.2 + src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/dnssec/dnssec-keygen.html 1.1.1.4.2.2 + src/contrib/bind9/bin/dnssec/dnssec-signzone.8 1.1.1.4.2.2 + src/contrib/bind9/bin/dnssec/dnssec-signzone.c 1.1.1.5.2.2 + src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/dnssec/dnssec-signzone.html 1.1.1.4.2.2 + src/contrib/bind9/bin/named/client.c 1.1.1.6.2.4 + src/contrib/bind9/bin/named/config.c 1.1.1.4.2.3 + src/contrib/bind9/bin/named/controlconf.c 1.1.1.3.2.2 + src/contrib/bind9/bin/named/include/named/globals.h 1.1.1.3.2.1 + src/contrib/bind9/bin/named/interfacemgr.c 1.1.1.3.2.2 + src/contrib/bind9/bin/named/lwaddr.c 1.1.1.2.2.1 + src/contrib/bind9/bin/named/lwdgnba.c 1.1.1.2.2.1 + src/contrib/bind9/bin/named/lwdnoop.c 1.1.1.2.2.1 + src/contrib/bind9/bin/named/lwresd.8 1.1.1.4.2.2 + src/contrib/bind9/bin/named/lwresd.c 1.1.1.3.2.2 + src/contrib/bind9/bin/named/lwresd.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/named/lwresd.html 1.1.1.4.2.2 + src/contrib/bind9/bin/named/main.c 1.1.1.5.2.1 + src/contrib/bind9/bin/named/named.8 1.1.1.4.2.2 + src/contrib/bind9/bin/named/named.conf.5 1.1.1.5.2.2 + src/contrib/bind9/bin/named/named.conf.docbook 1.1.1.5.2.3 + src/contrib/bind9/bin/named/named.conf.html 1.1.1.5.2.2 + src/contrib/bind9/bin/named/named.docbook 1.1.1.4.2.2 + src/contrib/bind9/bin/named/named.html 1.1.1.4.2.2 + src/contrib/bind9/bin/named/query.c 1.1.1.6.2.2 + src/contrib/bind9/bin/named/server.c 1.1.1.6.2.4 + src/contrib/bind9/bin/named/unix/include/named/os.h 1.1.1.3.2.1 + src/contrib/bind9/bin/named/unix/os.c 1.1.1.5.2.1 + src/contrib/bind9/bin/named/update.c 1.1.1.5.2.2 + src/contrib/bind9/bin/nsupdate/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/bin/nsupdate/nsupdate.1 1.1.2.1 + src/contrib/bind9/bin/nsupdate/nsupdate.8 1.1.1.4.2.2 + src/contrib/bind9/bin/nsupdate/nsupdate.c 1.1.1.5.2.2 + src/contrib/bind9/bin/nsupdate/nsupdate.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/nsupdate/nsupdate.html 1.1.1.4.2.2 + src/contrib/bind9/bin/rndc/rndc-confgen.c 1.1.1.3.2.1 + src/contrib/bind9/bin/rndc/rndc.8 1.1.1.4.2.2 + src/contrib/bind9/bin/rndc/rndc.c 1.1.1.6.2.2 + src/contrib/bind9/bin/rndc/rndc.docbook 1.1.1.3.2.2 + src/contrib/bind9/bin/rndc/rndc.html 1.1.1.4.2.2 + src/contrib/bind9/config.h.in 1.1.2.1 + src/contrib/bind9/configure.in 1.1.1.6.2.3 + src/contrib/bind9/lib/bind/aclocal.m4 1.1.1.2.10.2 + src/contrib/bind9/lib/bind/api 1.1.1.5.2.2 + src/contrib/bind9/lib/bind/bsd/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/bsd/strerror.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/bsd/strtoul.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/config.h.in 1.1.1.4.2.3 + src/contrib/bind9/lib/bind/configure.in 1.1.1.5.2.3 + src/contrib/bind9/lib/bind/dst/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/dst/dst_api.c 1.1.1.5.2.2 + src/contrib/bind9/lib/bind/dst/hmac_link.c 1.1.1.4.2.2 + src/contrib/bind9/lib/bind/dst/support.c 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/include/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/include/arpa/nameser.h 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/include/isc/assertions.h 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/include/isc/eventlib.h 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/include/isc/misc.h 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/include/isc/platform.h.in 1.2.2.1 + src/contrib/bind9/lib/bind/include/netdb.h 1.1.1.4.2.1 + src/contrib/bind9/lib/bind/include/resolv.h 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/inet/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/inet/inet_net_pton.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/inet/inet_network.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/irs/Makefile.in 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/irs/dns_ho.c 1.1.1.4.2.1 + src/contrib/bind9/lib/bind/irs/getnetgrent.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/irs/getnetgrent_r.c 1.1.1.4.2.1 + src/contrib/bind9/lib/bind/irs/irp.c 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/isc/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/isc/assertions.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/isc/bitncmp.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/isc/ctl_clnt.c 1.1.1.2.2.2 + src/contrib/bind9/lib/bind/isc/ctl_srvr.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/isc/logging.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/nameser/Makefile.in 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/port_after.h.in 1.1.1.4.2.1 + src/contrib/bind9/lib/bind/port_before.h.in 1.1.1.4.2.2 + src/contrib/bind9/lib/bind/resolv/Makefile.in 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/resolv/res_debug.c 1.1.1.3.2.1 + src/contrib/bind9/lib/bind/resolv/res_mkquery.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/resolv/res_query.c 1.1.1.2.2.1 + src/contrib/bind9/lib/bind/resolv/res_send.c 1.1.1.4.2.1 + src/contrib/bind9/lib/bind9/api 1.1.1.5.2.2 + src/contrib/bind9/lib/bind9/check.c 1.1.1.5.2.4 + src/contrib/bind9/lib/dns/acache.c 1.1.1.1.2.1 + src/contrib/bind9/lib/dns/adb.c 1.1.1.5.2.2 + src/contrib/bind9/lib/dns/api 1.1.1.6.2.4 + src/contrib/bind9/lib/dns/cache.c 1.1.1.4.2.1 + src/contrib/bind9/lib/dns/dispatch.c 1.1.1.4.2.4 + src/contrib/bind9/lib/dns/dst_parse.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/dst_parse.h 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/include/dns/dispatch.h 1.1.1.3.2.4 + src/contrib/bind9/lib/dns/journal.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/master.c 1.1.1.2.2.2 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.2.1 + src/contrib/bind9/lib/dns/message.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.2 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.2.1 + src/contrib/bind9/lib/dns/rbt.c 1.1.1.4.2.1 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/rdata/generic/txt_16.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/rdata/in_1/apl_42.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c 1.1.1.2.2.1 + src/contrib/bind9/lib/dns/request.c 1.1.1.3.2.2 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.4 + src/contrib/bind9/lib/dns/rootns.c 1.1.1.2.2.2 + src/contrib/bind9/lib/dns/sdb.c 1.1.1.2.2.2 + src/contrib/bind9/lib/dns/tkey.c 1.1.1.4.2.1 + src/contrib/bind9/lib/dns/tsig.c 1.1.1.4.2.2 + src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.2 + src/contrib/bind9/lib/dns/view.c 1.1.1.2.2.2 + src/contrib/bind9/lib/dns/xfrin.c 1.1.1.5.2.3 + src/contrib/bind9/lib/dns/zone.c 1.1.1.5.2.2 + src/contrib/bind9/lib/isc/Makefile.in 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/api 1.1.1.5.2.3 + src/contrib/bind9/lib/isc/assertions.c 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/include/isc/assertions.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/include/isc/lex.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/include/isc/mem.h 1.1.1.3.2.1 + src/contrib/bind9/lib/isc/include/isc/msgs.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/include/isc/platform.h.in 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/include/isc/portset.h 1.1.2.1 + src/contrib/bind9/lib/isc/include/isc/resource.h 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/include/isc/socket.h 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/include/isc/timer.h 1.1.1.3.2.2 + src/contrib/bind9/lib/isc/include/isc/types.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/mem.c 1.1.1.3.2.2 + src/contrib/bind9/lib/isc/portset.c 1.1.2.1 + src/contrib/bind9/lib/isc/print.c 1.1.1.3.2.1 + src/contrib/bind9/lib/isc/pthreads/mutex.c 1.1.1.3.2.1 + src/contrib/bind9/lib/isc/timer.c 1.1.1.4.2.3 + src/contrib/bind9/lib/isc/unix/app.c 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/unix/include/isc/net.h 1.1.1.2.2.1 + src/contrib/bind9/lib/isc/unix/net.c 1.1.1.3.2.2 + src/contrib/bind9/lib/isc/unix/resource.c 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/unix/socket.c 1.1.1.5.2.3 + src/contrib/bind9/lib/isc/unix/socket_p.h 1.1.1.2.2.2 + src/contrib/bind9/lib/isc/unix/time.c 1.1.1.2.2.1 + src/contrib/bind9/lib/isccfg/api 1.1.1.4.2.3 + src/contrib/bind9/lib/isccfg/namedconf.c 1.1.1.5.2.2 + src/contrib/bind9/lib/lwres/api 1.1.1.5.2.2 + src/contrib/bind9/make/rules.in 1.1.1.4.2.2 + src/contrib/bind9/version 1.1.1.10.2.4 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.5 + src/sys/conf/newvers.sh 1.72.2.9.2.6 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.6.1 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.4.1 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.13 + src/sys/conf/newvers.sh 1.72.2.5.2.13 + src/contrib/bind9/lib/dns/opensslrsa_link.c 1.1.1.4.4.1 + src/contrib/bind9/lib/dns/openssldsa_link.c 1.1.1.3.2.1.2.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r187002 +releng/6.4/ r187194 +releng/6.3/ r187194 +stable/7/ r186997 +releng/7.1/ r187194 +releng/7.0/ r187194 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025 +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc +https://www.isc.org/node/373 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:04.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFJbRUmFdaIBMps37IRAonEAJsFQFtZGTz6tXFc5TSRMLhB1hxb6QCeI0Pd +ZFPKsX8/XspOTzRWA1h3QPk= +=dpqG +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:05.telnetd.asc b/share/security/advisories/FreeBSD-SA-09:05.telnetd.asc new file mode 100644 index 0000000000..db18b8c247 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:05.telnetd.asc @@ -0,0 +1,124 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:05.telnetd Security Advisory + The FreeBSD Project + +Topic: telnetd code execution vulnerability + +Category: core +Module: contrib +Announced: 2009-02-16 +Affects: FreeBSD 7.x +Corrected: 2009-02-16 21:56:17 UTC (RELENG_7, 7.1-STABLE) + 2009-02-16 21:56:17 UTC (RELENG_7_1, 7.1-RELEASE-p3) + 2009-02-16 21:56:17 UTC (RELENG_7_0, 7.0-RELEASE-p10) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The FreeBSD telnet daemon, telnetd(8), implements the server side of the +TELNET virtual terminal protocol. It has been disabled by default in +FreeBSD since August 2001, and due to the lack of cryptographic security +in the TELNET protocol, it is strongly recommended that the SSH protocol +be used instead. The FreeBSD telnet daemon can be enabled via the +/etc/inetd.conf configuration file and the inetd(8) daemon. + +The TELNET protocol allows a connecting client to specify environment +variables which should be set in any created login session; this is used, +for example, to specify terminal settings. + +II. Problem Description + +In order to prevent environment variable based attacks, telnetd(8) "scrubs" +its environment; however, recent changes in FreeBSD's environment-handling +code rendered telnetd's scrubbing inoperative, thereby allowing potentially +harmful environment variables to be set. + +III. Impact + +An attacker who can place a specially-constructed file onto a target system +(either by legitimately logging into the system or by exploiting some other +service on the system) can execute arbitrary code with the privileges of +the user running the telnet daemon (usually root). + +IV. Workaround + +No workaround is available, but systems which are not running the telnet +daemon are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1 or +RELENG_7_0 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.0 and 7.1 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:05/telnetd.patch +# fetch http://security.FreeBSD.org/patches/SA-09:05/telnetd.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libtelnet +# make obj && make depend && make +# cd /usr/src/libexec/telnetd +# make obj && make depend && make && make install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/contrib/telnet/telnetd/sys_term.c 1.18.22.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.6 + src/sys/conf/newvers.sh 1.72.2.9.2.7 + src/contrib/telnet/telnetd/sys_term.c 1.18.30.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.14 + src/sys/conf/newvers.sh 1.72.2.5.2.14 + src/contrib/telnet/telnetd/sys_term.c 1.18.26.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r188699 +releng/7.1/ r188699 +releng/7.0/ r188699 +- ------------------------------------------------------------------------- + +VII. References + +http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:05.telnetd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkmZ5xkACgkQFdaIBMps37L1/gCgid6+mQr/h3kHKq6bUL8TW+St +TBUAoIFSFbE0PsTtt1nrwlSAZwvvDL0s +=y6p4 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:06.ktimer.asc b/share/security/advisories/FreeBSD-SA-09:06.ktimer.asc new file mode 100644 index 0000000000..c5e5319508 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:06.ktimer.asc @@ -0,0 +1,117 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:06.ktimer Security Advisory + The FreeBSD Project + +Topic: Local privilege escalation + +Category: core +Module: kern +Announced: 2009-03-23 +Affects: FreeBSD 7.x +Corrected: 2009-03-23 00:00:50 UTC (RELENG_7, 7.2-PRERELEASE) + 2009-03-23 00:00:50 UTC (RELENG_7_1, 7.1-RELEASE-p4) + 2009-03-23 00:00:50 UTC (RELENG_7_0, 7.0-RELEASE-p11) +CVE Name: CVE-2009-1041 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +In FreeBSD 7.0, support was introduced for per-process timers as defined +in the POSIX realtime extensions. This allows a process to have a limited +number of timers running at once, with various actions taken when each +timer reaches zero. + +II. Problem Description + +An integer which specifies which timer a process wishes to operate upon is +not properly bounds-checked. + +III. Impact + +An unprivileged process can overwrite an arbitrary location in kernel +memory. This could be used to change the user ID of the process (in order +to "become root"), to escape from a jail, or to bypass security mechanisms +in other ways. + +IV. Workaround + +No workaround is available, but systems without untrusted local users are +not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1 +or RELENG_7_0 security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 7.0 and 7.1 +systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:06/ktimer.patch +# fetch http://security.FreeBSD.org/patches/SA-09:06/ktimer.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/kern/kern_time.c 1.142.2.3 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.7 + src/sys/conf/newvers.sh 1.72.2.9.2.8 + src/sys/kern/kern_time.c 1.142.2.2.2.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.15 + src/sys/conf/newvers.sh 1.72.2.5.2.15 + src/sys/kern/kern_time.c 1.142.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r190301 +releng/7.1/ r190301 +releng/7.0/ r190301 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1041 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-06:09.ktimer.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAknG0hQACgkQFdaIBMps37JA4gCfaznvIWKB/AU0cv6ojZUhheD4 +MuYAnAp3wuz3E7gIX6VK7PeUVnPp/41o +=MPIX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:07.libc.asc b/share/security/advisories/FreeBSD-SA-09:07.libc.asc new file mode 100644 index 0000000000..a73538b5cc --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:07.libc.asc @@ -0,0 +1,156 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:07.libc Security Advisory + The FreeBSD Project + +Topic: Information leak in db(3) + +Category: core +Module: libc +Announced: 2009-04-22 +Credits: Jaakko Heinonen, Xin LI +Affects: All supported versions of FreeBSD. +Corrected: 2009-04-11 15:19:26 UTC (RELENG_7, 7.2-PRERELEASE) + 2009-04-22 14:07:14 UTC (RELENG_7_1, 7.1-RELEASE-p5) + 2009-04-22 14:07:14 UTC (RELENG_7_0, 7.0-RELEASE-p12) + 2009-04-11 15:21:11 UTC (RELENG_6, 6.4-STABLE) + 2009-04-22 14:07:14 UTC (RELENG_6_4, 6.4-RELEASE-p4) + 2009-04-22 14:07:14 UTC (RELENG_6_3, 6.3-RELEASE-p10) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD's C library (libc) contains code for creating and accessing +Berkeley DB 1.85 database files. Such databases are used extensively +in FreeBSD; for example, the system password files (/etc/passwd and +/etc/master.passwd) are normally accessed via their database files +(/etc/pwd.db and /etc/spwd.db). + +II. Problem Description + +Some data structures used by the database interface code are not properly +initialized when allocated. + +III. Impact + +Programs using the db(3) interface to create Berkeley database files may +"leak" sensitive information into database files. If those files can be +read by other users, this may result in the disclosure of sensitive +information such as login credentials. + +IV. Workaround + +No workaround is available, but systems without untrusted local users are +probably not affected (since remote attackers will in most cases not be +able to read such database files). + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.0, and 7.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:07/libc.patch +# fetch http://security.FreeBSD.org/patches/SA-09:07/libc.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libc +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +NOTE: System administrators may wish to rebuild any system database files +which were created prior to applying this patch in case they contain +sensitive information. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/lib/libc/db/btree/bt_split.c 1.7.2.1 + src/lib/libc/db/btree/bt_open.c 1.11.14.1 + src/lib/libc/db/hash/hash_buf.c 1.7.14.1 + src/lib/libc/db/mpool/mpool.c 1.12.2.1 + src/lib/libc/db/README 1.1.40.1 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.8 + src/sys/conf/newvers.sh 1.69.2.18.2.10 + src/lib/libc/db/btree/bt_split.c 1.7.12.2 + src/lib/libc/db/hash/hash_buf.c 1.7.26.2 + src/lib/libc/db/mpool/mpool.c 1.12.12.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.15 + src/sys/conf/newvers.sh 1.69.2.15.2.14 + src/lib/libc/db/btree/bt_split.c 1.7.10.1 + src/lib/libc/db/hash/hash_buf.c 1.7.24.1 + src/lib/libc/db/mpool/mpool.c 1.12.10.1 +RELENG_7 + src/lib/libc/db/btree/bt_split.c 1.8.2.1 + src/lib/libc/db/btree/bt_open.c 1.12.2.1 + src/lib/libc/db/hash/hash_buf.c 1.8.2.1 + src/lib/libc/db/mpool/mpool.c 1.13.2.1 + src/lib/libc/db/README 1.1.50.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.8 + src/sys/conf/newvers.sh 1.72.2.9.2.9 + src/lib/libc/db/btree/bt_split.c 1.8.6.2 + src/lib/libc/db/hash/hash_buf.c 1.8.6.2 + src/lib/libc/db/mpool/mpool.c 1.13.6.2 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.16 + src/sys/conf/newvers.sh 1.72.2.5.2.16 + src/lib/libc/db/btree/bt_split.c 1.8.4.1 + src/lib/libc/db/hash/hash_buf.c 1.8.4.1 + src/lib/libc/db/mpool/mpool.c 1.13.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r190940 +releng/6.4/ r191381 +releng/6.3/ r191381 +stable/7/ r190939 +releng/7.1/ r191381 +releng/7.0/ r191381 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:07.libc.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAknvJlkACgkQFdaIBMps37JcyACggmDk96JTy3G5gGlzMlNuVsV7 +s5wAoIT2G2c3T6bYa7GeftWLpGGFo2Rp +=rdqD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:08.openssl.asc b/share/security/advisories/FreeBSD-SA-09:08.openssl.asc new file mode 100644 index 0000000000..456fde582a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:08.openssl.asc @@ -0,0 +1,171 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:08.openssl Security Advisory + The FreeBSD Project + +Topic: Remotely exploitable crash in OpenSSL + +Category: contrib +Module: openssl +Announced: 2009-04-22 +Affects: All supported versions of FreeBSD. +Corrected: 2009-04-22 14:07:14 UTC (RELENG_7, 7.2-PRERELEASE) + 2009-04-22 14:07:14 UTC (RELENG_7_2, 7.2-RC2) + 2009-04-22 14:07:14 UTC (RELENG_7_1, 7.1-RELEASE-p5) + 2009-04-22 14:07:14 UTC (RELENG_7_0, 7.0-RELEASE-p12) + 2009-04-22 14:07:14 UTC (RELENG_6, 6.4-STABLE) + 2009-04-22 14:07:14 UTC (RELENG_6_4, 6.4-RELEASE-p4) + 2009-04-22 14:07:14 UTC (RELENG_6_3, 6.3-RELEASE-p10) +CVE Name: CVE-2009-0590 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +The function ASN1_STRING_print_ex is often used to print the contents of +an SSL certificate. + +II. Problem Description + +The function ASN1_STRING_print_ex does not properly validate the lengths +of BMPString or UniversalString objects before attempting to print them. + +III. Impact + +An application which attempts to print a BMPString or UniversalString +which has an invalid length will crash as a result of OpenSSL accessing +invalid memory locations. This could be used by an attacker to crash a +remote application. + +IV. Workaround + +No workaround is available, but applications which do not use the +ASN1_STRING_print_ex function (either directly or indirectly) are not +affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_2, RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security +branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.0, 7.1, and 7.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl.patch +# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl.patch.asc + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl6.patch +# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl6.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libcrypto +# make obj && make depend && make includes && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.4.12.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.2 + src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.7.10.1 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.8 + src/sys/conf/newvers.sh 1.69.2.18.2.10 + src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.4.24.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1.6.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.7.22.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.15 + src/sys/conf/newvers.sh 1.69.2.15.2.14 + src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.4.22.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.2.10.1.4.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.1.1.7.20.1 +RELENG_7 + src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.6.2.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.5.2.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.2.2.1 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.2 + src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.6.8.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.5.8.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.2.8.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.8 + src/sys/conf/newvers.sh 1.72.2.9.2.9 + src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.6.6.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.5.6.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.2.6.1 +RELENG_7_0 + src/UPDATING 1.507.2.3.2.16 + src/sys/conf/newvers.sh 1.72.2.5.2.16 + src/crypto/openssl/crypto/asn1/asn1_err.c 1.1.1.6.4.1 + src/crypto/openssl/crypto/asn1/tasn_dec.c 1.1.1.5.4.1 + src/crypto/openssl/crypto/asn1/asn1.h 1.2.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r191381 +releng/6.4/ r191381 +releng/6.3/ r191381 +stable/7/ r191381 +releng/7.2/ r191381 +releng/7.1/ r191381 +releng/7.0/ r191381 +- ------------------------------------------------------------------------- + +VII. References + +http://openssl.org/news/secadv_20090325.txt +[Note that two of the issues mentioned in the OpenSSL advisory do +not affect FreeBSD.] + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAknvJegACgkQFdaIBMps37LB4gCffpTTOSdqyLK6ravrv6h8LqWE +MDcAn2SIjNmRL8Oktk0l9hLz0mhtcxWP +=Q7Zz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:09.pipe.asc b/share/security/advisories/FreeBSD-SA-09:09.pipe.asc new file mode 100644 index 0000000000..5fd0eb8d69 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:09.pipe.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:09.pipe Security Advisory + The FreeBSD Project + +Topic: Local information disclosure via direct pipe writes + +Category: core +Module: kern +Announced: 2009-06-10 +Credits: Pieter de Boer +Affects: All supported versions of FreeBSD. +Corrected: 2009-06-10 10:31:11 UTC (RELENG_7, 7.2-STABLE) + 2009-06-10 10:31:11 UTC (RELENG_7_2, 7.2-RELEASE-p1) + 2009-06-10 10:31:11 UTC (RELENG_7_1, 7.1-RELEASE-p6) + 2009-06-10 10:31:11 UTC (RELENG_6, 6.4-STABLE) + 2009-06-10 10:31:11 UTC (RELENG_6_4, 6.4-RELEASE-p5) + 2009-06-10 10:31:11 UTC (RELENG_6_3, 6.3-RELEASE-p11) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +One of the most commonly used forms of interprocess communication on +FreeBSD and other UNIX-like systems is the (anonymous) pipe. In this +mechanism, a pair of file descriptors is created, and data written to +one descriptor can be read from the other. + +FreeBSD's pipe implementation contains an optimization known as "direct +writes". In this optimization, rather than copying data into kernel +memory when the write(2) system call is invoked and then copying the +data again when the read(2) system call is invoked, the FreeBSD kernel +takes advantage of virtual memory mapping to allow the data to be copied +directly between processes. + +II. Problem Description + +An integer overflow in computing the set of pages containing data to be +copied can result in virtual-to-physical address lookups not being +performed. + +III. Impact + +An unprivileged process can read pages of memory which belong to other +processes or to the kernel. These may contain information which is +sensitive in itself; or may contain passwords or cryptographic keys +which can be indirectly exploited to gain sensitive information or +access. + +IV. Workaround + +No workaround is available, but systems without untrusted local users +are not vulnerable. System administrators are reminded that even if a +system is not intended to have untrusted local users, it may be possible +for an attacker to exploit some other vulnerability to obtain local user +access to a system. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, and 7.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:09/pipe.patch +# fetch http://security.FreeBSD.org/patches/SA-09:09/pipe.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/kern/sys_pipe.c 1.184.2.5 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.9 + src/sys/conf/newvers.sh 1.69.2.18.2.11 + src/sys/kern/sys_pipe.c 1.184.2.4.2.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.16 + src/sys/conf/newvers.sh 1.69.2.15.2.15 + src/sys/kern/sys_pipe.c 1.184.2.2.6.2 +RELENG_7 + src/sys/kern/sys_pipe.c 1.191.2.5 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.4 + src/sys/conf/newvers.sh 1.72.2.11.2.5 + src/sys/kern/sys_pipe.c 1.191.2.3.4.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.9 + src/sys/conf/newvers.sh 1.72.2.9.2.10 + src/sys/kern/sys_pipe.c 1.191.2.3.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r193893 +releng/6.4/ r193893 +releng/6.3/ r193893 +stable/7/ r193893 +releng/7.2/ r193893 +releng/7.1/ r193893 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:09.pipe.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkovjN0ACgkQFdaIBMps37JkXwCgmLcEMOMAEIXRoJ220zwZhMKn +f+gAn1bZyLMhfZU7TI0xxhizwetDwMVI +=J37B +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:10.ipv6.asc b/share/security/advisories/FreeBSD-SA-09:10.ipv6.asc new file mode 100644 index 0000000000..6f4cbddae7 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:10.ipv6.asc @@ -0,0 +1,136 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:10.ipv6 Security Advisory + The FreeBSD Project + +Topic: Missing permission check on SIOCSIFINFO_IN6 ioctl + +Category: core +Module: netinet6 +Announced: 2009-06-10 +Credits: Hiroki Sato +Affects: All supported versions of FreeBSD. +Corrected: 2009-06-10 10:31:11 UTC (RELENG_7, 7.2-STABLE) + 2009-06-10 10:31:11 UTC (RELENG_7_2, 7.2-RELEASE-p1) + 2009-06-10 10:31:11 UTC (RELENG_7_1, 7.1-RELEASE-p6) + 2009-06-10 10:31:11 UTC (RELENG_6, 6.4-STABLE) + 2009-06-10 10:31:11 UTC (RELENG_6_4, 6.4-RELEASE-p5) + 2009-06-10 10:31:11 UTC (RELENG_6_3, 6.3-RELEASE-p11) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +IPv6 is a new Internet Protocol, designed to replace (and avoid many of +the problems with) the current Internet Protocol (version 4). Many +properties of the FreeBSD IPv6 network stack can be configured via the +ioctl(2) interface. + +II. Problem Description + +The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check. + +III. Impact + +Local users, including non-root users and users inside jails, can set +some IPv6 interface properties. These include changing the link MTU +and disabling interfaces entirely. Note that this affects IPv6 only; +IPv4 functionality cannot be affected by exploiting this vulnerability. + +IV. Workaround + +No workaround is available, but systems without local untrusted users +are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, and 7.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/SA-09:10/ipv6-6.patch +# fetch http://security.FreeBSD.org/patches/SA-09:10/ipv6-6.patch.asc + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-09:10/ipv6.patch +# fetch http://security.FreeBSD.org/patches/SA-09:10/ipv6.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/netinet6/in6.c 1.51.2.13 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.9 + src/sys/conf/newvers.sh 1.69.2.18.2.11 + src/sys/netinet6/in6.c 1.51.2.12.2.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.16 + src/sys/conf/newvers.sh 1.69.2.15.2.15 + src/sys/netinet6/in6.c 1.51.2.11.2.1 +RELENG_7 + src/sys/netinet6/in6.c 1.73.2.7 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.4 + src/sys/conf/newvers.sh 1.72.2.11.2.5 + src/sys/netinet6/in6.c 1.73.2.6.2.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.9 + src/sys/conf/newvers.sh 1.72.2.9.2.10 + src/sys/netinet6/in6.c 1.73.2.4.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r193893 +releng/6.4/ r193893 +releng/6.3/ r193893 +stable/7/ r193893 +releng/7.2/ r193893 +releng/7.1/ r193893 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:10.ipv6.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkovjOUACgkQFdaIBMps37IFxwCgj0o1r4IQMIEvp3y4oIqhQwxe +cI8AoIlxweqjakKxu/A/Z4+xjoGmqUdF +=/kNi +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:11.ntpd.asc b/share/security/advisories/FreeBSD-SA-09:11.ntpd.asc new file mode 100644 index 0000000000..385a8e3d4c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:11.ntpd.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:11.ntpd Security Advisory + The FreeBSD Project + +Topic: ntpd stack-based buffer-overflow vulnerability + +Category: contrib +Module: ntpd +Announced: 2009-06-10 +Credits: Chris Ries +Affects: All supported versions of FreeBSD. +Corrected: 2009-06-10 10:31:11 UTC (RELENG_7, 7.2-STABLE) + 2009-06-10 10:31:11 UTC (RELENG_7_2, 7.2-RELEASE-p1) + 2009-06-10 10:31:11 UTC (RELENG_7_1, 7.1-RELEASE-p6) + 2009-06-10 10:31:11 UTC (RELENG_6, 6.4-STABLE) + 2009-06-10 10:31:11 UTC (RELENG_6_4, 6.4-RELEASE-p5) + 2009-06-10 10:31:11 UTC (RELENG_6_3, 6.3-RELEASE-p11) +CVE Name: CVE-2009-1252 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +Autokey is a security model for authenticating Network Time Protocol +(NTP) servers to clients, using public key cryptography. + +II. Problem Description + +The ntpd(8) daemon is prone to a stack-based buffer-overflow when it is +configured to use the 'autokey' security model. + +III. Impact + +This issue could be exploited to execute arbitrary code in the context of +the service daemon, or crash the service daemon, causing denial-of-service +conditions. + +IV. Workaround + +Use IP based restrictions in ntpd(8) itself or in IP firewalls to +restrict which systems can send NTP packets to ntpd(8). + +Note that systems will only be affected if they have the "autokey" option +set in /etc/ntp.conf; FreeBSD does not ship with a default ntp.conf file, +so will not be affected unless this option has been explicitly enabled by +the system administrator. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, and 7.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.3] +# fetch http://security.FreeBSD.org/patches/SA-09:11/ntpd63.patch +# fetch http://security.FreeBSD.org/patches/SA-09:11/ntpd63.patch.asc + +[FreeBSD 6.4 and 7.x] +# fetch http://security.FreeBSD.org/patches/SA-09:11/ntpd.patch +# fetch http://security.FreeBSD.org/patches/SA-09:11/ntpd.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/ntp/ntpd +# make obj && make depend && make && make install +# /etc/rc.d/ntpd restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.8.3 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.9 + src/sys/conf/newvers.sh 1.69.2.18.2.11 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.8.1.2.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.16 + src/sys/conf/newvers.sh 1.69.2.15.2.15 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.20.2 +RELENG_7 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.18.3 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.4 + src/sys/conf/newvers.sh 1.72.2.11.2.5 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.18.2.2.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.9 + src/sys/conf/newvers.sh 1.72.2.9.2.10 + src/contrib/ntp/ntpd/ntp_crypto.c 1.1.1.3.18.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r193893 +releng/6.4/ r193893 +releng/6.3/ r193893 +stable/7/ r193893 +releng/7.2/ r193893 +releng/7.1/ r193893 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:11.ntpd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iEYEARECAAYFAkovjOwACgkQFdaIBMps37KRpwCfaQF9q8KhElv6LqgFv3DX2h9c +hbEAn2Q0X8Qv8r5OySnhlAw2pMxlxkXK +=Mh2u +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:12.bind.asc b/share/security/advisories/FreeBSD-SA-09:12.bind.asc new file mode 100644 index 0000000000..82ea67adab --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:12.bind.asc @@ -0,0 +1,153 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:12.bind Security Advisory + The FreeBSD Project + +Topic: BIND named(8) dynamic update message remote DoS + +Category: contrib +Module: bind +Announced: 2009-07-29 +Credits: Matthias Urlichs +Affects: All supported versions of FreeBSD +Corrected: 2009-07-28 23:59:22 UTC (RELENG_7, 7.2-STABLE) + 2009-07-29 00:14:14 UTC (RELENG_7_2, 7.2-RELEASE-p3) + 2009-07-29 00:14:14 UTC (RELENG_7_1, 7.1-RELEASE-p7) + 2009-07-29 00:13:47 UTC (RELENG_6, 6.4-STABLE) + 2009-07-29 00:14:14 UTC (RELENG_6_4, 6.4-RELEASE-p6) + 2009-07-29 00:14:14 UTC (RELENG_6_3, 6.3-RELEASE-p12) +CVE Name: CVE-2009-0696 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +NOTE: Due to this issue being accidentally disclosed early, updated +binaries are yet not available via freebsd-update at the time this +advisory is being published. Email will be sent to the freebsd-security +mailing list when the binaries are available via freebsd-update. + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +Dynamic update messages may be used to update records in a master zone +on a nameserver. + +II. Problem Description + +When named(8) receives a specially crafted dynamic update message an +internal assertion check is triggered which causes named(8) to exit. + +To trigger the problem, the dynamic update message must contains a +record of type "ANY" and at least one resource record set (RRset) for +this fully qualified domain name (FQDN) must exist on the server. + +III. Impact + +An attacker which can send DNS requests to a nameserver can cause it to +exit, thus creating a Denial of Service situation. + +IV. Workaround + +No generally applicable workaround is available, but some firewalls +may be able to prevent nsupdate DNS packets from reaching the +nameserver. + +NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT +sufficient to protect it from this vulnerability. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, and 7.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:12/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-09:12/bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install +# /etc/rc.d/named restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/bind9/bin/named/update.c 1.1.1.2.2.5 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.10 + src/sys/conf/newvers.sh 1.69.2.18.2.12 + src/contrib/bind9/bin/named/update.c 1.1.1.2.2.3.2.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.17 + src/sys/conf/newvers.sh 1.69.2.15.2.16 + src/contrib/bind9/bin/named/update.c 1.1.1.2.2.2.2.1 +RELENG_7 + src/contrib/bind9/bin/named/update.c 1.1.1.5.2.3 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.6 + src/sys/conf/newvers.sh 1.72.2.11.2.7 + src/contrib/bind9/bin/named/update.c 1.1.1.5.2.2.2.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.10 + src/sys/conf/newvers.sh 1.72.2.9.2.11 + src/contrib/bind9/bin/named/update.c 1.1.1.5.2.1.4.1 +HEAD + src/contrib/bind9/bin/named/update.c 1.4 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +head/ r195936 +stable/6/ r195934 +releng/6.4/ r195935 +releng/6.3/ r195935 +stable/7/ r195933 +releng/7.2/ r195935 +releng/7.1/ r195935 +- ------------------------------------------------------------------------- + +VII. References + +https://www.isc.org/node/474 +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:12.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (FreeBSD) + +iD8DBQFKb5koFdaIBMps37IRAglLAKCFGXI+MAsksnK5TZB/8L3UFhPS1gCgl7q5 +6fCpOeBcf7f83dVfKRDVF0I= +=akJW +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:13.pipe.asc b/share/security/advisories/FreeBSD-SA-09:13.pipe.asc new file mode 100644 index 0000000000..feab3dca5d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:13.pipe.asc @@ -0,0 +1,131 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:13.pipe Security Advisory + The FreeBSD Project + +Topic: kqueue pipe race conditions +Category: core +Module: kern +Announced: 2009-10-02 +Credits: Przemyslaw Frasunek +Affects: FreeBSD 6.x +Corrected: 2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE) + 2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7) + 2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +Pipes are a form of inter-process communication (IPC) provided by the +FreeBSD kernel. kqueue is an event management API that applications can +use to monitor pipes and other kernel services. + +II. Problem Description + +A race condition exists in the pipe close() code relating to kqueues, +causing use-after-free for kernel memory, which may lead to an +exploitable NULL pointer vulnerability in the kernel, kernel memory +corruption, and other unpredictable results. + +III. Impact + +Successful exploitation of the race condition can lead to local kernel +privilege escalation, kernel data corruption and/or crash. + +To exploit this vulnerability, an attacker must be able to run code on +the target system. + +IV. Workaround + +An errata notice, FreeBSD-EN-09:05.null has been released simultaneously to +this advisory, and contains a kernel patch implementing a workaround for a +more broad class of vulnerabilities. However, prior to those changes, no +workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or to the RELENG_6_4, or +RELENG_6_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3 and 6.4. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:13/pipe.patch +# fetch http://security.FreeBSD.org/patches/SA-09:13/pipe.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/kern/kern_event.c 1.93.2.7 + src/sys/kern/kern_fork.c 1.252.2.8 + src/sys/kern/sys_pipe.c 1.184.2.6 + src/sys/sys/event.h 1.32.2.1 + src/sys/sys/pipe.h 1.29.2.1 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.11 + src/sys/conf/newvers.sh 1.69.2.18.2.13 + src/sys/kern/kern_event.c 1.93.2.6.6.2 + src/sys/kern/kern_fork.c 1.252.2.7.4.2 + src/sys/kern/sys_pipe.c 1.184.2.4.2.3 + src/sys/sys/event.h 1.32.12.2 + src/sys/sys/pipe.h 1.29.16.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.18 + src/sys/conf/newvers.sh 1.69.2.15.2.17 + src/sys/kern/kern_event.c 1.93.2.6.4.1 + src/sys/kern/kern_fork.c 1.252.2.7.2.1 + src/sys/kern/sys_pipe.c 1.184.2.2.6.3 + src/sys/sys/event.h 1.32.10.1 + src/sys/sys/pipe.h 1.29.12.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r197715 +releng/6.4/ r197715 +releng/6.3/ r197715 +- ------------------------------------------------------------------------- + +VII. References + +http://svn.freebsd.org/viewvc/base?view=revision&revision=179243 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:13.pipe.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iD8DBQFKxlthFdaIBMps37IRAlk2AJ9mUrNPd1RMztbzO4w7g+AxosqJzgCgmr5l +FKxrbF0G4v9P6SyyfAdVOFY= +=TWhC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:14.devfs.asc b/share/security/advisories/FreeBSD-SA-09:14.devfs.asc new file mode 100644 index 0000000000..79d0a7f02e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:14.devfs.asc @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:14.devfs Security Advisory + The FreeBSD Project + +Topic: Devfs / VFS NULL pointer race condition + +Category: core +Module: kern +Announced: 2009-10-02 +Credits: Przemyslaw Frasunek +Affects: FreeBSD 6.x and 7.x +Corrected: 2009-05-18 10:41:59 UTC (RELENG_7, 7.2-STABLE) + 2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4) + 2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8) + 2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE) + 2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7) + 2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The device file system (devfs) provides access to system devices, such as +storage devices and serial ports, via the file system namespace. + +VFS is the Virtual File System, which abstracts file system operations in +the kernel from the actual underlying file system. + +II. Problem Description + +Due to the interaction between devfs and VFS, a race condition exists +where the kernel might dereference a NULL pointer. + +III. Impact + +Successful exploitation of the race condition can lead to local kernel +privilege escalation, kernel data corruption and/or crash. + +To exploit this vulnerability, an attacker must be able to run code with user +privileges on the target system. + +IV. Workaround + +An errata note, FreeBSD-EN-09:05.null has been released simultaneously to +this advisory, and contains a kernel patch implementing a workaround for a +more broad class of vulnerabilities. However, prior to those changes, no +workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the +RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch +dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, and 7.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.x] +# fetch http://security.FreeBSD.org/patches/SA-09:14/devfs6.patch +# fetch http://security.FreeBSD.org/patches/SA-09:14/devfs6.patch.asc + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-09:14/devfs7.patch +# fetch http://security.FreeBSD.org/patches/SA-09:14/devfs7.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/sys/fs/devfs/devfs_vnops.c 1.114.2.17 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.11 + src/sys/conf/newvers.sh 1.69.2.18.2.13 + src/sys/fs/devfs/devfs_vnops.c 1.114.2.16.2.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.18 + src/sys/conf/newvers.sh 1.69.2.15.2.17 + src/sys/fs/devfs/devfs_vnops.c 1.114.2.15.2.1 +RELENG_7 + src/sys/fs/devfs/devfs_vnops.c 1.149.2.9 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.7 + src/sys/conf/newvers.sh 1.72.2.11.2.8 + src/sys/fs/devfs/devfs_vnops.c 1.149.2.8.2.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.11 + src/sys/conf/newvers.sh 1.72.2.9.2.12 + src/sys/fs/devfs/devfs_vnops.c 1.149.2.4.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r197715 +releng/6.4/ r197715 +releng/6.3/ r197715 +stable/7/ r192301 +releng/7.2/ r197715 +releng/7.1/ r197715 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:14.devfs.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iD8DBQFKxltlFdaIBMps37IRAp4zAJwJEwIySGqxH4EXwc0wjkDXlcTb1wCfTltO +Syds53GSM0YbsMNUVMGsLaU= +=exPZ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:15.ssl.asc b/share/security/advisories/FreeBSD-SA-09:15.ssl.asc new file mode 100644 index 0000000000..561fdbf67f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:15.ssl.asc @@ -0,0 +1,184 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:15.ssl Security Advisory + The FreeBSD Project + +Topic: SSL protocol flaw + +Category: contrib +Module: openssl +Announced: 2009-12-03 +Credits: Marsh Ray, Steve Dispensa +Affects: All supported versions of FreeBSD. +Corrected: 2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE) + 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) + 2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE) + 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) + 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) + 2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE) + 2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8) + 2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14) +CVE Name: CVE-2009-3555 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +0. Revision History + +v1.0 2009-12-03 Initial release. +v1.1 2009-12-03 Corrected instructions in section V.2)b). + +I. Background + +The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols +provide a secure communications layer over which other protocols can be +utilized. The most widespread use of SSL/TLS is to add security to the +HTTP protocol, thus producing HTTPS. + +FreeBSD includes software from the OpenSSL Project which implements SSL +and TLS. + +II. Problem Description + +The SSL version 3 and TLS protocols support session renegotiation without +cryptographically tying the new session parameters to the old parameters. + +III. Impact + +An attacker who can intercept a TCP connection being used for SSL or TLS +can cause the initial session negotiation to take the place of a session +renegotiation. This can be exploited in several ways, including: + * Causing a server to interpret incoming messages as having been sent +under the auspices of a client SSL key when in fact they were not; + * Causing a client request to be appended to an attacker-supplied +request, potentially revealing to the attacker the contents of the client +request (including any authentication parameters); and + * Causing a client to receive a response to an attacker-supplied request +instead of a response to the request sent by the client. + +IV. Workaround + +No workaround is available. + +V. Solution + +NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate +SSL / TLS session parameters. As a result, connections in which the other +party attempts to renegotiate session parameters will break. In practice, +however, session renegotiation is a rarely-used feature, so disabling this +functionality is unlikely to cause problems for most systems. + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE, or 8-STABLE, or to +the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security +branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, 7.2, and 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch +# fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libssl +# make obj && make depend && make includes && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.3 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.2.1 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.12 + src/sys/conf/newvers.sh 1.69.2.18.2.14 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.12.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.6.2 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.12.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.19 + src/sys/conf/newvers.sh 1.69.2.15.2.18 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.10.10.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.14.2.1.4.2 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.10.10.1 +RELENG_7 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.2 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.2.1 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.8 + src/sys/conf/newvers.sh 1.72.2.11.2.9 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.8.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.1.2.1 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.8.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.12 + src/sys/conf/newvers.sh 1.72.2.9.2.13 + src/crypto/openssl/ssl/s3_pkt.c 1.1.1.12.6.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.6.2 + src/crypto/openssl/ssl/s3_lib.c 1.1.1.13.6.1 +RELENG_8 + src/crypto/openssl/ssl/s3_pkt.c 1.2.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.3.2.1 + src/crypto/openssl/ssl/s3_lib.c 1.2.2.1 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.4 + src/sys/conf/newvers.sh 1.83.2.6.2.4 + src/crypto/openssl/ssl/s3_pkt.c 1.2.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.3.4.1 + src/crypto/openssl/ssl/s3_lib.c 1.2.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r200054 +releng/6.4/ r200054 +releng/6.3/ r200054 +stable/7/ r200054 +releng/7.2/ r200054 +releng/7.1/ r200054 +- ------------------------------------------------------------------------- + +VII. References + +http://extendedsubset.com/Renegotiating_TLS.pdf + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:15.ssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAksYIm4ACgkQFdaIBMps37J5jwCZAQurPSu2CyGz2thi8ljb+MlF +LcwAnjSLYWT1nV5G9a46n9zcrpEqydJ3 +=XuZD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:16.rtld.asc b/share/security/advisories/FreeBSD-SA-09:16.rtld.asc new file mode 100644 index 0000000000..fa05c27e71 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:16.rtld.asc @@ -0,0 +1,145 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:16.rtld Security Advisory + The FreeBSD Project + +Topic: Improper environment sanitization in rtld(1) + +Category: core +Module: rtld +Announced: 2009-12-03 +Affects: FreeBSD 7.0 and later. +Corrected: 2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE) + 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) + 2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE) + 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) + 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) +CVE Name: CVE-2009-4146, CVE-2009-4147 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The run-time link-editor, rtld, links dynamic executable with their +needed libraries at run-time. It also allows users to explicitly +load libraries via various LD_ environmental variables. + +II. Problem Description + +When running setuid programs rtld will normally remove potentially +dangerous environment variables. Due to recent changes in FreeBSD +environment variable handling code, a corrupt environment may +result in attempts to unset environment variables failing. + +III. Impact + +An unprivileged user who can execute programs on a system can gain +the privileges of any setuid program which he can run. On most +systems configurations, this will allow a local attacker to execute +code as the root user. + +IV. Workaround + +No workaround is available, but systems without untrusted local users, +where all the untrusted local users are jailed superusers, and/or where +untrusted users cannot execute arbitrary code (e.g., due to use of read +only and noexec mount options) are not affected. + +Note that "untrusted local users" include users with the ability to +upload and execute web scripts (CGI, PHP, Python, Perl etc.), as they +may be able to exploit this issue. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, +or to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated +after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.1, 7.2, +and 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch +# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc + +[FreeBSD 8.0] +# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch +# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/libexec/rtld-elf +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +ld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld). On +amd64 systems where the i386 rtld are installed, the operating system +should instead be recompiled as described in + + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/libexec/rtld-elf/rtld.c 1.124.2.7 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.8 + src/sys/conf/newvers.sh 1.72.2.11.2.9 + src/libexec/rtld-elf/rtld.c 1.124.2.4.2.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.12 + src/sys/conf/newvers.sh 1.72.2.9.2.13 + src/libexec/rtld-elf/rtld.c 1.124.2.3.2.2 +RELENG_8 + src/libexec/rtld-elf/rtld.c 1.139.2.4 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.4 + src/sys/conf/newvers.sh 1.83.2.6.2.4 + src/libexec/rtld-elf/rtld.c 1.139.2.2.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r199981 +releng/7.2/ r200054 +releng/7.1/ r200054 +stable/8/ r199980 +releng/8.0/ r200054 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4146 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4147 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:16.rtld.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEUEARECAAYFAksXg/IACgkQFdaIBMps37KrLwCdH4JsCrvdS1RGoGj7MlNgV3+/ +nhYAliVcz9tL8Ll6pYKpIalR740sZ5s= +=jK/a +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-09:17.freebsd-update.asc b/share/security/advisories/FreeBSD-SA-09:17.freebsd-update.asc new file mode 100644 index 0000000000..786e62e16a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-09:17.freebsd-update.asc @@ -0,0 +1,162 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-09:17.freebsd-update Security Advisory + The FreeBSD Project + +Topic: Inappropriate directory permissions in freebsd-update(8) + +Category: core +Module: usr.sbin +Announced: 2009-12-03 +Credits: KAMADA Ken'ichi +Affects: All supported versions of FreeBSD. +Corrected: 2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE) + 2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1) + 2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE) + 2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5) + 2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9) + 2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE) + 2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8) + 2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The freebsd-update(8) utility is used to fetch, install, and rollback +updates to the FreeBSD base system, and also to upgrade from one FreeBSD +release to another. + +II. Problem Description + +When downloading updates to FreeBSD via 'freebsd-update fetch' or +'freebsd-update upgrade', the freebsd-update(8) utility copies currently +installed files into its working directory (/var/db/freebsd-update by +default) both for the purpose of merging changes to configuration files +and in order to be able to roll back installed updates. + +The default working directory used by freebsd-update(8) is normally +created during the installation of FreeBSD with permissions which allow +all local users to see its contents, and freebsd-update(8) does not take +any steps to restrict access to files stored in said directory. + +III. Impact + +A local user can read files which have been updated by freebsd-update(8), +even if those files have permissions which would normally not allow users +to read them. In particular, on systems which have been upgraded using +'freebsd-update upgrade', local users can read freebsd-update's backed-up +copy of the master password file. + +IV. Workaround + +Set the permissions on the freebsd-update(8) working directory to not +allow unprivileged users to read said directory: + +# chmod 0700 /var/db/freebsd-update + +Note that if freebsd-update(8) is run using the '-d workdir' option, the +directory which should have its permissions adjusted will be different. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, +or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or +RELENG_6_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patch has been verified to apply to FreeBSD 6.3, 6.4, +7.1, 7.2, and 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch +# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/freebsd-update +# make obj && make depend && make && make install +# chmod 0700 /var/db/freebsd-update + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.11 + src/etc/mtree/BSD.var.dist 1.71.2.4 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.12 + src/sys/conf/newvers.sh 1.69.2.18.2.14 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.10.2.2 + src/etc/mtree/BSD.var.dist 1.71.2.3.6.2 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.19 + src/sys/conf/newvers.sh 1.69.2.15.2.18 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.2.2.8.2.1 + src/etc/mtree/BSD.var.dist 1.71.2.3.4.1 +RELENG_7 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.5 + src/etc/mtree/BSD.var.dist 1.75.2.1 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.8 + src/sys/conf/newvers.sh 1.72.2.11.2.9 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.4.4.2 + src/etc/mtree/BSD.var.dist 1.75.8.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.12 + src/sys/conf/newvers.sh 1.72.2.9.2.13 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.8.2.4.2.2 + src/etc/mtree/BSD.var.dist 1.75.6.2 +RELENG_8 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.16.2.3 + src/etc/mtree/BSD.var.dist 1.75.10.2 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.4 + src/sys/conf/newvers.sh 1.83.2.6.2.4 + src/usr.sbin/freebsd-update/freebsd-update.sh 1.16.2.2.2.2 + src/etc/mtree/BSD.var.dist 1.75.10.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r200054 +releng/6.4/ r200054 +releng/6.3/ r200054 +stable/7/ r200054 +releng/7.2/ r200054 +releng/7.1/ r200054 +stable/8/ r200054 +releng/8.0/ r200054 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAksXhA0ACgkQFdaIBMps37Lg+wCfSK5sMXpsxTW9jpgwwcqx+24z +zzwAniR50V8K8/vI0qshCUaKwryEYDuK +=/lsC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:01.bind.asc b/share/security/advisories/FreeBSD-SA-10:01.bind.asc new file mode 100644 index 0000000000..6152d4c578 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:01.bind.asc @@ -0,0 +1,212 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:01.bind Security Advisory + The FreeBSD Project + +Topic: BIND named(8) cache poisoning with DNSSEC validation + +Category: contrib +Module: bind +Announced: 2010-01-06 +Credits: Michael Sinatra +Affects: All supported versions of FreeBSD. +Corrected: 2009-12-11 01:23:58 UTC (RELENG_8, 8.0-STABLE) + 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) + 2009-12-11 02:23:04 UTC (RELENG_7, 7.2-STABLE) + 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) + 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) + 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE) + 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9) + 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15) +CVE Name: CVE-2009-4022 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +DNS Security Extensions (DNSSEC) provides data integrity, origin +authentication and authenticated denial of existence to resolvers. + +II. Problem Description + +If a client requests DNSSEC records with the Checking Disabled (CD) flag +set, BIND may cache the unvalidated responses. These responses may later +be returned to another client that has not set the CD flag. + +III. Impact + +If a client can send such queries to a server, it can exploit this +problem to mount a cache poisoning attack, seeding the cache with +unvalidated information. + +IV. Workaround + +Disabling DNSSEC validation will prevent BIND from caching unvalidated +records, but also prevent DNSSEC authentication of records. Systems not +using DNSSEC validation are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, +or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or +RELENG_6_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, 7.2, and 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 6.3] +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-63.patch +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-63.patch.asc + +[FreeBSD 6.4] +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-64.patch +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-64.patch.asc + +[FreeBSD 7.1] +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-71.patch +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-71.patch.asc + +[FreeBSD 7.2] +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-72.patch +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-72.patch.asc + +[FreeBSD 8.0] +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-80.patch +# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-80.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install +# /etc/rc.d/named restart + +NOTE WELL: Users running FreeBSD 6 and using DNSSEC are advised to get +a more recent BIND version with more complete DNSSEC support. This +can be done either by upgrading to FreeBSD 7.x or later, or installing +BIND for the FreeBSD Ports Collection. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.1.4.4 + src/contrib/bind9/lib/dns/include/dns/types.h 1.1.1.1.4.2 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.11 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.3 + src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.6 + src/contrib/bind9/bin/named/query.c 1.1.1.1.4.7 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.13 + src/sys/conf/newvers.sh 1.69.2.18.2.15 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.1.4.3.2.1 + src/contrib/bind9/lib/dns/include/dns/types.h 1.1.1.1.4.1.4.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.9.2.1 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.1.4.1 + src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.4.2.1 + src/contrib/bind9/bin/named/query.c 1.1.1.1.4.5.2.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.20 + src/sys/conf/newvers.sh 1.69.2.15.2.19 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.1.4.2.2.1 + src/contrib/bind9/lib/dns/include/dns/types.h 1.1.1.1.4.1.2.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.2.2.6.2.2 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.1.4.1.2.1 + src/contrib/bind9/lib/dns/validator.c 1.1.1.2.2.3.2.1 + src/contrib/bind9/bin/named/query.c 1.1.1.1.4.4.2.1 +RELENG_7 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.4 + src/contrib/bind9/lib/dns/include/dns/types.h 1.1.1.3.2.2 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.6 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.2.3 + src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.5 + src/contrib/bind9/bin/named/query.c 1.1.1.6.2.4 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.9 + src/sys/conf/newvers.sh 1.72.2.11.2.10 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.2.2.1 + src/contrib/bind9/lib/dns/include/dns/types.h 1.1.1.3.8.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.4.2.1 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.2.1.2.1 + src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.3.2.1 + src/contrib/bind9/bin/named/query.c 1.1.1.6.2.2.2.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.13 + src/sys/conf/newvers.sh 1.72.2.9.2.14 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.1.4.1 + src/contrib/bind9/lib/dns/include/dns/types.h 1.1.1.3.6.1 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.3.2.1 + src/contrib/bind9/lib/dns/masterdump.c 1.1.1.3.6.1 + src/contrib/bind9/lib/dns/validator.c 1.1.1.6.2.1.4.1 + src/contrib/bind9/bin/named/query.c 1.1.1.6.2.1.4.1 +RELENG_8 + src/contrib/bind9/lib/dns/rbtdb.c 1.3.2.2 + src/contrib/bind9/lib/dns/include/dns/types.h 1.2.2.2 + src/contrib/bind9/lib/dns/resolver.c 1.6.2.2 + src/contrib/bind9/lib/dns/masterdump.c 1.3.2.2 + src/contrib/bind9/lib/dns/validator.c 1.4.2.2 + src/contrib/bind9/bin/named/query.c 1.3.2.2 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.5 + src/sys/conf/newvers.sh 1.83.2.6.2.5 + src/contrib/bind9/lib/dns/rbtdb.c 1.3.4.1 + src/contrib/bind9/lib/dns/include/dns/types.h 1.2.4.1 + src/contrib/bind9/lib/dns/resolver.c 1.6.4.1 + src/contrib/bind9/lib/dns/masterdump.c 1.3.4.1 + src/contrib/bind9/lib/dns/validator.c 1.4.4.1 + src/contrib/bind9/bin/named/query.c 1.3.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r200394 +releng/6.4/ r201679 +releng/6.3/ r201679 +stable/7/ r200393 +releng/7.2/ r201679 +releng/7.1/ r201679 +stable/8/ r200383 +releng/8.0/ r201679 +head/ r199958 +- ------------------------------------------------------------------------- + +VII. References + +https://www.isc.org/node/504 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:01.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iD8DBQFLRQ9dFdaIBMps37IRAip+AJ0S55AYqLsrwrLLMo8Qi6fGxoH7EQCfU/6K +RUb5Kn+O1qc/FUzEQ12AmrA= +=Pfoo +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:02.ntpd.asc b/share/security/advisories/FreeBSD-SA-10:02.ntpd.asc new file mode 100644 index 0000000000..9dadde3c2f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:02.ntpd.asc @@ -0,0 +1,148 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:02.ntpd Security Advisory + The FreeBSD Project + +Topic: ntpd mode 7 denial of service + +Category: contrib +Module: ntpd +Announced: 2010-01-06 +Affects: All supported versions of FreeBSD. +Corrected: 2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE) + 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) + 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE) + 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) + 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) + 2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE) + 2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9) + 2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15) +CVE Name: CVE-2009-3563 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP) +used to synchronize the time of a computer system to a reference time +source. + +II. Problem Description + +If ntpd receives a mode 7 (MODE_PRIVATE) request or error response +from a source address not listed in either a 'restrict ... noquery' +or a 'restrict ... ignore' section it will log the even and send +a mode 7 error response. + +III. Impact + +If an attacker can spoof such a packet from a source IP of an affected +ntpd to the same or a different affected ntpd, the host(s) will endlessly +send error responses to each other and log each event, consuming network +bandwidth, CPU and possibly disk space. + +IV. Workaround + +Proper filtering of mode 7 NTP packets by a firewall can limit the +number of systems used to attack your resources. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, +or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or +RELENG_6_3 security branch dated after the correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 6.3, 6.4, +7.1, 7.2, and 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch +# fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/ntp/ntpd +# make obj && make depend && make && make install +# /etc/rc.d/ntpd restart + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.2 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.13 + src/sys/conf/newvers.sh 1.69.2.18.2.15 + src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.8.1.2.1 +RELENG_6_3 + src/UPDATING 1.416.2.37.2.20 + src/sys/conf/newvers.sh 1.69.2.15.2.19 + src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.20.1 +RELENG_7 + src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.2 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.9 + src/sys/conf/newvers.sh 1.72.2.11.2.10 + src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.4.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.13 + src/sys/conf/newvers.sh 1.72.2.9.2.14 + src/contrib/ntp/ntpd/ntp_request.c 1.1.1.4.18.1.2.1 +RELENG_8 + src/contrib/ntp/ntpd/ntp_request.c 1.2.2.1 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.5 + src/sys/conf/newvers.sh 1.83.2.6.2.5 + src/contrib/ntp/ntpd/ntp_request.c 1.2.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r201679 +releng/6.4/ r201679 +releng/6.3/ r201679 +stable/7/ r201679 +releng/7.2/ r201679 +releng/7.1/ r201679 +stable/8/ r201679 +releng/8.0/ r201679 +head/ r200576 +- ------------------------------------------------------------------------- + +VII. References + +http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode +https://support.ntp.org/bugs/show_bug.cgi?id=1331 +http://www.kb.cert.org/vuls/id/568372 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:02.ntpd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iD8DBQFLRQ9gFdaIBMps37IRAuH1AJ9eOII8McK5332jhuBHEMxAUbWKNQCghYfs +y66+ElAr2uZrrXwerlVETPc= +=yJm1 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:03.zfs.asc b/share/security/advisories/FreeBSD-SA-10:03.zfs.asc new file mode 100644 index 0000000000..4e4c37cf98 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:03.zfs.asc @@ -0,0 +1,152 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:03.zfs Security Advisory + The FreeBSD Project + +Topic: ZFS ZIL playback with insecure permissions + +Category: contrib +Module: zfs +Announced: 2010-01-06 +Credits: Pawel Jakub Dawidek +Affects: FreeBSD 7.0 and later. +Corrected: 2009-11-14 11:59:59 UTC (RELENG_8, 8.0-STABLE) + 2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2) + 2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE) + 2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6) + 2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +ZFS is a file-system originally developed by Sun Microsystems. + +The ZFS Intent Log ("ZIL") is a mechanism that gathers together in memory +transactions of writes, and is flushed onto disk when synchronous +semantics is necessary. In the event of crash or power failure, the +log is examined and the uncommitted transaction would be replayed to +maintain the synchronous semantics. + +II. Problem Description + +When replaying setattr transaction, the replay code would set the +attributes with certain insecure defaults, when the logged +transaction did not touch these attributes. + +III. Impact + +A system crash or power fail would leave some file with mode set +to 07777. This could leak sensitive information or cause privilege +escalation. + +IV. Workaround + +No workaround is available, but systems not using ZFS are not +vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated after the +correction date. + +2) To patch your present system: + +The following patches have been verified to apply to FreeBSD 7.1, 7.2, +and 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-10:03/zfs712.patch +# fetch http://security.FreeBSD.org/patches/SA-10:03/zfs712.patch.asc + +[FreeBSD 8.0] +# fetch http://security.FreeBSD.org/patches/SA-10:03/zfs.patch +# fetch http://security.FreeBSD.org/patches/SA-10:03/zfs.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) Examine the system and look for affected files. + +These files can be identified with the following command: + +# find / -perm -7777 -print0 | xargs -0 ls -ld + +The system administrator will have to correct these problems if there +is any files with such permission modes. For example: + +# find / -perm -7777 -print0 | xargs -0 chmod u=rwx,go= + +Will reset access mode bits to be readable, writable and executable +by the owner only. The system administrator should determine the +appropriate mode bits wisely. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.6.2.3 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.9 + src/sys/conf/newvers.sh 1.72.2.11.2.10 + src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c + 1.6.2.1.4.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.13 + src/sys/conf/newvers.sh 1.72.2.9.2.14 + src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c + 1.6.2.1.2.1 +RELENG_8 + src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.8.2.2 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.5 + src/sys/conf/newvers.sh 1.83.2.6.2.5 + src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.8.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r201679 +releng/7.2/ r201679 +releng/7.1/ r201679 +stable/8/ r199266 +releng/8.0/ r201679 +head/ r199157 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:03.zfs.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iD8DBQFLRRILFdaIBMps37IRAnI3AJ9ioK1Bbg++DpPYW/RX9wnujAeJxACff+Ph +oEIfaiJ5y/DoGhklcAJdXTU= +=JPje +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:04.jail.asc b/share/security/advisories/FreeBSD-SA-10:04.jail.asc new file mode 100644 index 0000000000..505a74791d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:04.jail.asc @@ -0,0 +1,137 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:04.jail Security Advisory + The FreeBSD Project + +Topic: Insufficient environment sanitization in jail(8) + +Category: core +Module: jail +Announced: 2010-05-27 +Credits: Aaron D. Gifford +Affects: FreeBSD 8.0 +Corrected: 2010-05-27 03:15:04 UTC (RELENG_8, 8.1-PRERELEASE) + 2010-05-27 03:15:04 UTC (RELENG_8_0, 8.0-RELEASE-p3) +CVE Name: CVE-2010-2022 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The jail(2) system call allows a system administrator to lock a process +and all of its descendants inside an environment with a very limited +ability to affect the system outside that environment, even for +processes with superuser privileges. It is an extension of, but +far more powerful than, the traditional UNIX chroot(2) system call. + +By design, neither the chroot(2) nor the jail(2) system call modify +existing open file descriptors of the calling process, in order to +allow programmers to make fine grained access control and privilege +separation. + +The jail(8) utility creates a new jail or modifies an existing jail, +optionally imprisoning the current process (and future descendants) +inside it. + +II. Problem Description + +The jail(8) utility does not change the current working directory while +imprisoning. The current working directory can be accessed by its +descendants. + +III. Impact + +Access to arbitrary files may be possible if an attacker managed to obtain +the descriptor of the current working directory before the jail call. +Such descriptor would be inherited by all descendants of the first process +that starts the jail, unless an intermediate process changes the current +working directory inside the jail. + +By default, the FreeBSD /etc/rc.d/jail script, which can be enabled +using the jail_* rc.conf(5) variables, is not affected by this issue. +This is due to the default jail flags ("-l -U root") used to start a +jail as these flags will result in jail(8) performing a chdir(2) call. +If the rc.conf(5) variables jail_flags or jail__flags has been +set, and do not include '-l -U root', the jails are affected by the +vulnerability. + +IV. Workaround + +Include the "-l -U root" arguments to the jail(8) command when +starting the jail. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 8-STABLE, or to the RELENG_8_0 +security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-10:04/jail.patch +# fetch http://security.FreeBSD.org/patches/SA-10:04/jail.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/jail +# make obj && make depend && make && make install + +3) To update your vulnerable system via a binary patch: + +Systems running 8.0-RELEASE on the i386 or amd64 platforms can be +updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_8 + src/usr.sbin/jail/jail.c 1.33.2.2 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.6 + src/sys/conf/newvers.sh 1.83.2.6.2.6 + src/usr.sbin/jail/jail.c 1.33.2.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/8/ r208586 +releng/8.0/ r208586 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2022 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAkv95RAACgkQFdaIBMps37ImPgCfRS7pcslVSb89JluACMlg8ZBa +PmAAn0jq693qHOXK+Z2ljpQdc+EpTTja +=9o7h +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:05.opie.asc b/share/security/advisories/FreeBSD-SA-10:05.opie.asc new file mode 100644 index 0000000000..97eb90e0c0 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:05.opie.asc @@ -0,0 +1,166 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:05.opie Security Advisory + The FreeBSD Project + +Topic: OPIE off-by-one stack overflow + +Category: contrib +Module: contrib_opie +Announced: 2010-05-27 +Credits: Maksymilian Arciemowicz and Adam Zabrocki +Affects: All supported versions of FreeBSD +Corrected: 2010-05-27 03:15:04 UTC (RELENG_8, 8.1-PRERELEASE) + 2010-05-27 03:15:04 UTC (RELENG_8_0, 8.0-RELEASE-p3) + 2010-05-27 03:15:04 UTC (RELENG_7, 7.3-STABLE) + 2010-05-27 03:15:04 UTC (RELENG_7_3, 7.3-RELEASE-p1) + 2010-05-27 03:15:04 UTC (RELENG_7_2, 7.2-RELEASE-p8) + 2010-05-27 03:15:04 UTC (RELENG_7_1, 7.1-RELEASE-p12) + 2010-05-27 03:15:04 UTC (RELENG_6, 6.4-STABLE) + 2010-05-27 03:15:04 UTC (RELENG_6_4, 6.4-RELEASE-p10) +CVE Name: CVE-2010-1938 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +OPIE is a one-time password system designed to help to secure a system +against replay attacks. It does so using a secure hash function and a +challenge/response system. + +OPIE is enabled by default on FreeBSD. + +II. Problem Description + +A programming error in the OPIE library could allow an off-by-one buffer +overflow to write a single zero byte beyond the end of an on-stack buffer. + +III. Impact + +An attacker can remotely crash a service process which uses OPIE when +stack protector is enabled. + +Note that this can happen even if OPIE is not enabled on the system, +for instance the base system ftpd(8) is affected by this. Depending +on the design and usage of OPIE, this may either affect only the +process that handles the user authentication, or cause a Denial of +Service condition. + +It is possible but very unlikely that an attacker could exploit this to +gain access to a system. + +IV. Workaround + +No workaround is available, but systems without OPIE capable services +running are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, +or to the RELENG_8_0, RELENG_7_3, RELENG_7_2, RELENG_7_1, RELENG_6_4 +security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 6.4, +7.1, 7.2, 7.3, and 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-10:05/opie.patch +# fetch http://security.FreeBSD.org/patches/SA-10:05/opie.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libopie +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +3) To update your vulnerable system via a binary patch: + +Systems running 6.4-RELEASE, 7.1-RELEASE, 7.2-RELEASE, 7.3-RELEASE or +8.0-RELEASE on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/opie/libopie/readrec.c 1.1.1.4.14.1 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.14 + src/sys/conf/newvers.sh 1.69.2.18.2.16 + src/contrib/opie/libopie/readrec.c 1.1.1.4.26.1 +RELENG_7 + src/contrib/opie/libopie/readrec.c 1.2.2.1 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.3 + src/sys/conf/newvers.sh 1.72.2.16.2.5 + src/contrib/opie/libopie/readrec.c 1.2.12.2 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.11 + src/sys/conf/newvers.sh 1.72.2.11.2.12 + src/contrib/opie/libopie/readrec.c 1.2.8.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.15 + src/sys/conf/newvers.sh 1.72.2.9.2.16 + src/contrib/opie/libopie/readrec.c 1.2.6.2 +RELENG_8 + src/contrib/opie/libopie/readrec.c 1.2.10.2 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.6 + src/sys/conf/newvers.sh 1.83.2.6.2.6 + src/contrib/opie/libopie/readrec.c 1.2.10.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r208586 +releng/6.4/ r208586 +stable/7/ r208586 +releng/7.3/ r208586 +releng/7.2/ r208586 +releng/7.1/ r208586 +stable/8/ r208586 +releng/8.0/ r208586 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAkv+sTQACgkQFdaIBMps37IDOACfReDDYdDp06vHNNxoovTPeVv2 +ZBwAniPhGUNiWSa1hYFcW8RTIkJZNVcE +=UFal +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:06.nfsclient.asc b/share/security/advisories/FreeBSD-SA-10:06.nfsclient.asc new file mode 100644 index 0000000000..e4fe21311a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:06.nfsclient.asc @@ -0,0 +1,159 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:06.nfsclient Security Advisory + The FreeBSD Project + +Topic: Unvalidated input in nfsclient + +Category: core +Module: nfsclient +Announced: 2010-05-27 +Credits: Patroklos Argyroudis +Affects: FreeBSD 7.2 and later. +Corrected: 2010-05-27 03:15:04 UTC (RELENG_8, 8.1-PRERELEASE) + 2010-05-27 03:15:04 UTC (RELENG_8_0, 8.0-RELEASE-p3) + 2010-05-27 03:15:04 UTC (RELENG_7, 7.3-STABLE) + 2010-05-27 03:15:04 UTC (RELENG_7_3, 7.3-RELEASE-p1) + 2010-05-27 03:15:04 UTC (RELENG_7_2, 7.2-RELEASE-p8) +CVE Name: CVE-2010-2020 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The Network File System (NFS) allows a host to export some or all of its +file systems so that other hosts can access them over the network and mount +them as if they were on local disks. FreeBSD includes server and client +implementations of NFS. + +II. Problem Description + +The NFS client subsystem fails to correctly validate the length of a +parameter provided by the user when a filesystem is mounted. + +III. Impact + +A user who can mount filesystems can execute arbitrary code in the kernel. +On systems where the non-default vfs.usermount feature has been enabled, +unprivileged users may be able to gain superuser ("root") privileges. + +IV. Workaround + +Do not allow untrusted users to mount filesystems. To prevent unprivileged +users from mounting filesystems, set the vfs.usermount sysctl variable to +zero: + +# sysctl vfs.usermount=0 + +Note that the default value of this variable is zero, i.e., FreeBSD is not +affected by this vulnerability in its default configuration, and FreeBSD +system administrators are strongly encouraged not to change this setting. + +V. Solution + +NOTE WELL: Even with this fix allowing users to mount arbitrary media +should not be considered safe. Most of the file systems in FreeBSD were +not built to protect safeguard against malicious devices. While such bugs +in file systems are fixed when found, a complete audit has not been +perfomed on the file system code. + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_8_0, RELENG_7_3, or RELENG_7_2 security branch dated after the +correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.2, 7.3 +and 8.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-10:06/nfsclient.patch +# fetch http://security.FreeBSD.org/patches/SA-10:06/nfsclient.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 7.2-RELEASE, 7.3-RELEASE, or 8.0-RELEASE on the i386 or +amd64 platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/nfsclient/nfs_vfsops.c 1.193.2.7 + src/lib/libc/sys/mount.2 1.45.2.1 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.3 + src/sys/conf/newvers.sh 1.72.2.16.2.5 + src/sys/nfsclient/nfs_vfsops.c 1.193.2.5.4.2 + src/lib/libc/sys/mount.2 1.45.12.2 +RELENG_7_2 + src/UPDATING 1.507.2.23.2.11 + src/sys/conf/newvers.sh 1.72.2.11.2.12 + src/sys/nfsclient/nfs_vfsops.c 1.193.2.5.2.2 + src/lib/libc/sys/mount.2 1.45.8.2 +RELENG_8 + src/sys/nfsclient/nfs_vfsops.c 1.226.2.7 + src/lib/libc/sys/mount.2 1.45.10.2 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.6 + src/sys/conf/newvers.sh 1.83.2.6.2.6 + src/sys/nfsclient/nfs_vfsops.c 1.226.2.2.2.2 + src/lib/libc/sys/mount.2 1.45.10.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r208586 +releng/6.4/ r208586 +stable/7/ r208586 +releng/7.3/ r208586 +releng/7.2/ r208586 +releng/7.1/ r208586 +stable/8/ r208586 +releng/8.0/ r208586 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2020 + +http://census-labs.com/news/2010/05/26/freebsd-kernel-nfsclient/ + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAkv95SUACgkQFdaIBMps37Km5gCdG4RNPkwuDsx05w3CfwLd/aM1 +NusAn0dzFUcuGlMgNb9V43yUFVFa+NbX +=zMAI +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc b/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc new file mode 100644 index 0000000000..ed29c55bbe --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc @@ -0,0 +1,156 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:07.mbuf Security Advisory + The FreeBSD Project + +Topic: Lost mbuf flag resulting in data corruption + +Category: core +Module: kern +Announced: 2010-07-13 +Credits: Ming Fu +Affects: FreeBSD 7.x and later. +Corrected: 2010-07-13 02:45:17 UTC (RELENG_8, 8.1-PRERELEASE) + 2010-07-13 02:45:17 UTC (RELENG_8_1, 8.1-RELEASE) + 2010-07-13 02:45:17 UTC (RELENG_8_0, 8.0-RELEASE-p4) + 2010-07-13 02:45:17 UTC (RELENG_7, 7.3-STABLE) + 2010-07-13 02:45:17 UTC (RELENG_7_3, 7.3-RELEASE-p2) + 2010-07-13 02:45:17 UTC (RELENG_7_1, 7.1-RELEASE-p13) +CVE Name: CVE-2010-2693 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +An mbuf is a basic unit of memory management in the FreeBSD kernel +inter-process communication and networking subsystem. Network packets +and socket buffers are dependent on mbufs for their storage. + +Data can be embedded directly in mbufs, or mbufs can instead reference +external buffers. The sendfile(2) system call uses external mbuf storage +to directly map the contents of a file into a chain of mbufs for +transmission purposes. The mbuf object supports a read-only flag that +must be honored to prevent modification or writes to buffer data in +cases like these. + +II. Problem Description + +The read-only flag is not correctly copied when a mbuf buffer reference +is duplicated. When the sendfile(2) system call is used to transmit +data over the loopback interface, this can result in the backing pages +for the transmitted file being modified, causing data corruption. + +III. Impact + +This data corruption can be exploited by an local attacker to escalate +their privilege by carefully controlling the corruption of system files. +It should be noted that the attacker can corrupt any file they have read +access to. + +NOTE: While systems without untrusted local users are not affected by +the security aspects of this issue, the potential for data corruption +implies that this should still be treated as a critical erratum. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch dated +after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.1, 7.3, +8.0 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-10:07/mbuf.patch +# fetch http://security.FreeBSD.org/patches/SA-10:07/mbuf.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 7.1-RELEASE, 7.3-RELEASE, or 8.0-RELEASE on the i386 or +amd64 platforms can be updated via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +Now reboot the system. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/kern/uipc_mbuf.c 1.174.2.4 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.4 + src/sys/conf/newvers.sh 1.72.2.16.2.6 + src/sys/kern/uipc_mbuf.c 1.174.2.3.4.2 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.16 + src/sys/conf/newvers.sh 1.72.2.9.2.17 + src/sys/kern/uipc_mbuf.c 1.174.2.2.2.2 +RELENG_8 + src/sys/kern/uipc_mbuf.c 1.185.2.3 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.2 + src/sys/conf/newvers.sh 1.83.2.10.2.4 + src/sys/kern/uipc_mbuf.c 1.185.2.2.2.2 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.7 + src/sys/conf/newvers.sh 1.83.2.6.2.7 + src/sys/kern/uipc_mbuf.c 1.185.2.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r209964 +releng/7.3/ r209964 +releng/7.1/ r209964 +stable/8/ r209964 +releng/8.0/ r209964 +releng/8.1/ r209964 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2693 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:07.mbuf.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAkw71A0ACgkQFdaIBMps37JOOACff8w8qvsgopj11FFAPQdwyPLB +JEQAniRHbomY2hJVw5FmrdQv3SP+ZziI +=Reds +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:08.bzip2.asc b/share/security/advisories/FreeBSD-SA-10:08.bzip2.asc new file mode 100644 index 0000000000..cfc8ede202 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:08.bzip2.asc @@ -0,0 +1,162 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:08.bzip2 Security Advisory + The FreeBSD Project + +Topic: Integer overflow in bzip2 decompression + +Category: contrib +Module: bzip2 +Announced: 2010-09-20 +Credits: Mikolaj Izdebski +Affects: All supported versions of FreeBSD. +Corrected: 2010-09-20 14:58:08 UTC (RELENG_8, 8.1-STABLE) + 2010-09-20 14:58:08 UTC (RELENG_8_1, 8.1-RELEASE-p1) + 2010-09-20 14:58:08 UTC (RELENG_8_0, 8.0-RELEASE-p5) + 2010-09-20 14:58:08 UTC (RELENG_7, 7.3-STABLE) + 2010-09-20 14:58:08 UTC (RELENG_7_3, 7.3-RELEASE-p3) + 2010-09-20 14:58:08 UTC (RELENG_7_1, 7.1-RELEASE-p14) + 2010-09-20 14:58:08 UTC (RELENG_6, 6.4-STABLE) + 2010-09-20 14:58:08 UTC (RELENG_6_4, 6.4-RELEASE-p11) +CVE Name: CVE-2010-0405 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The bzip2/bunzip2 utilities and the libbz2 library compress and decompress +files using an algorithm based on the Burrows-Wheeler transform. They are +generally slower than Lempel-Ziv compressors such as gzip, but usually +provide a greater compression ratio. + +II. Problem Description + +When decompressing data, the run-length encoded values are not adequately +sanity-checked, allowing for an integer overflow. + +III. Impact + +An attacker who can cause maliciously chosen inputs to be decompressed can +cause the decompressor to crash. It is suspected that such an attacker +can cause arbitrary code to be executed, but this is not known for certain. + +Note that some utilities, including the tar archiver and the bspatch +binary patching utility (used in portsnap and freebsd-update) decompress +bzip2-compressed data internally; system administrators should assume that +their systems will at some point decompress bzip2-compressed data even if +they never explicitly invoke the bunzip2 utility. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE, +or to the RELENG_8_1, RELENG_8_0, RELENG_7_3, RELENG_7_1, or +RELENG_6_4 security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 6.4, 7.1, +7.3, 8.0 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch +# fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libbz2 +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +3) To update your vulnerable system via a binary patch: + +Systems running 6.4-RELEASE, 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or +8.1-RELEASE on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_6 + src/contrib/bzip2/decompress.c 1.1.1.3.2.3 +RELENG_6_4 + src/UPDATING 1.416.2.40.2.15 + src/sys/conf/newvers.sh 1.69.2.18.2.17 + src/contrib/bzip2/decompress.c 1.1.1.3.2.2.2.1 +RELENG_7 + src/contrib/bzip2/decompress.c 1.1.1.4.2.2 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.5 + src/sys/conf/newvers.sh 1.72.2.16.2.7 + src/contrib/bzip2/decompress.c 1.1.1.4.2.1.6.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.17 + src/sys/conf/newvers.sh 1.72.2.9.2.18 + src/contrib/bzip2/decompress.c 1.1.1.4.2.1.2.1 +RELENG_8 + src/contrib/bzip2/decompress.c 1.1.1.5.2.1 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.4 + src/sys/conf/newvers.sh 1.83.2.10.2.5 + src/contrib/bzip2/decompress.c 1.1.1.5.6.1 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.8 + src/sys/conf/newvers.sh 1.83.2.6.2.8 + src/contrib/bzip2/decompress.c 1.1.1.5.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/6/ r212901 +releng/6.4/ r212901 +stable/7/ r212901 +releng/7.3/ r212901 +releng/7.1/ r212901 +stable/8/ r212901 +releng/8.0/ r212901 +releng/8.1/ r212901 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:08.bzip2.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAkyXd3QACgkQFdaIBMps37JekgCfcYbIYtG1ZXKsfrFC8RKNl8uV +PhsAniSinLogV/Nfj67AcPnoKoyhrXY2 +=Qop+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:09.pseudofs.asc b/share/security/advisories/FreeBSD-SA-10:09.pseudofs.asc new file mode 100644 index 0000000000..55fa79fa45 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:09.pseudofs.asc @@ -0,0 +1,134 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:09.pseudofs Security Advisory + The FreeBSD Project + +Topic: Spurious mutex unlock + +Category: core +Module: pseudofs +Announced: 2010-11-10 +Credits: Przemyslaw Frasunek +Affects: FreeBSD 7.x prior to 7.3-RELEASE, 8.x prior to 8.0-RC1 +Corrected: 2009-09-05 13:10:54 UTC (RELENG_8, 8.0-RC1) + 2009-09-05 13:31:16 UTC (RELENG_7, 7.2-STABLE) + 2010-11-10 23:36:13 UTC (RELENG_7_1, 7.1-RELEASE-p15) +CVE Name: CVE-2010-4210 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +pseudofs offers an abstract API for pseudo file systems which is utilized by +procfs(5) and linprocfs(5). It provides generic file system services such +as ACLs, extended attributes which interface with VFS and which are otherwise +onerous to implement. This enables pseudo file system authors to add this +functionality to their file systems with minimal effort. + +II. Problem Description + +The pfs_getextattr(9) function, used by pseudofs for handling extended +attributes, attempts to unlock a mutex which was not previously locked. + +III. Impact + +On systems where a pseudofs-using filesystem is mounted and NULL page +mapping is allowed, an attacker can overwrite arbitrary memory locations +in the kernel with zero, and in certain cases execute arbitrary code in +the context of the kernel. + +On systems which do not allow NULL page mapping, an attacker can cause the +FreeBSD kernel to panic. + +IV. Workaround + +Exploiting this vulnerability requires that the adversary can open a file +on a file system which uses pseudofs. This includes procfs(5) or +linprocfs(5). Un-mounting these file systems will mitigate the risk +associated with this vulnerability. + +Providing that the patch associated with the FreeBSD-EN-09:05.null errata +notice has been applied, setting the security.bsd.map_at_zero sysctl to 0 +will prevent arbitrary code execution (but a kernel panic will still be +possible). + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_7_1 security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patch has been verified to apply to FreeBSD 7.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-10:09/pseudofs.patch +# fetch http://security.FreeBSD.org/patches/SA-10:09/pseudofs.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 7.1-RELEASE on the i386 or amd64 platforms can be updated +via the freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/fs/pseudofs/pseudofs_vnops.c 1.65.2.6 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.17 + src/sys/conf/newvers.sh 1.72.2.9.2.18 + src/sys/fs/pseudofs/pseudofs_vnops.c 1.65.6.2 +RELENG_8 + src/sys/fs/pseudofs/pseudofs_vnops.c 1.79.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r196860 +releng/7.1/ r205103 +stable/8/ r196859 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4210 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:09.pseudofs.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.10 (FreeBSD) + +iEYEARECAAYFAkzbLQ0ACgkQFdaIBMps37JDAgCeMM8ohrCVs0bfTOIMAnK4Hlxc +o90An3z5EH6uYuF7Bbt7BUIVQaPgxnhR +=+88k +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-10:10.openssl.asc b/share/security/advisories/FreeBSD-SA-10:10.openssl.asc new file mode 100644 index 0000000000..f4ddb04168 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-10:10.openssl.asc @@ -0,0 +1,168 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-10:10.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL multiple vulnerabilities + +Category: contrib +Module: openssl +Announced: 2010-11-29 +Credits: Georgi Guninski, Rob Hulswit +Affects: FreeBSD 7.0 and later +Corrected: 2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE) + 2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2) + 2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6) + 2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE) + 2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4) + 2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16) +CVE Name: CVE-2010-2939, CVE-2010-3864 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +A race condition exists in the OpenSSL TLS server extension code +parsing when used in a multi-threaded application, which uses +OpenSSL's internal caching mechanism. The race condition can lead to +a buffer overflow. [CVE-2010-3864] + +A double free exists in the SSL client ECDH handling code, when +processing specially crafted public keys with invalid prime +numbers. [CVE-2010-2939] + +III. Impact + +For affected server applications, an attacker may be able to utilize +the buffer overflow to crash the application or potentially run +arbitrary code with the privileges of the application. [CVE-2010-3864]. + +It may be possible to cause a DoS or potentially execute arbitrary in +the context of the user connection to a malicious SSL server. +[CVE-2010-2939] + +IV. Workaround + +No workaround is available, but CVE-2010-3864 only affects FreeBSD 8.0 +and later. + +It should also be noted that CVE-2010-3864 affects neither the Apache +HTTP server nor Stunnel. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch +dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.1, 7.3, +8.0 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.x] +# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch +# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch.asc + +[FreeBSD 8.x] +# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch +# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/secure/lib/libssl +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +3) To update your vulnerable system via a binary patch: + +Systems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE +on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7_3 + src/UPDATING 1.507.2.34.2.6 + src/sys/conf/newvers.sh 1.72.2.16.2.8 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.2.1.4.1 +RELENG_7_1 + src/UPDATING 1.507.2.13.2.19 + src/sys/conf/newvers.sh 1.72.2.9.2.20 + src/crypto/openssl/ssl/s3_clnt.c 1.1.1.14.6.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.5 + src/sys/conf/newvers.sh 1.83.2.10.2.6 + src/crypto/openssl/ssl/s3_clnt.c 1.3.2.1.2.1 + src/crypto/openssl/ssl/t1_lib.c 1.2.2.1.2.1 +RELENG_8_0 + src/UPDATING 1.632.2.7.2.9 + src/sys/conf/newvers.sh 1.83.2.6.2.9 + src/crypto/openssl/ssl/s3_clnt.c 1.3.4.1 + src/crypto/openssl/ssl/t1_lib.c 1.2.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r215997 +releng/7.3/ r216063 +releng/7.1/ r216063 +stable/8/ r215912 +releng/8.0/ r216063 +releng/8.1/ r216063 +- ------------------------------------------------------------------------- + +VII. References + +https://bugzilla.redhat.com/show_bug.cgi?id=649304 +http://www.openssl.org/news/secadv_20101116.txt +http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 + +iEYEARECAAYFAkz0FdsACgkQFdaIBMps37JjAgCcC7NSDXR7P4d2y4XFF/Ce9sG1 +Bs8An36Pjplsfovx6Im/NCnVgHtVgj5x +=xU/h +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:01.mountd.asc b/share/security/advisories/FreeBSD-SA-11:01.mountd.asc new file mode 100644 index 0000000000..d4ca759c0e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:01.mountd.asc @@ -0,0 +1,150 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:01.mountd Security Advisory + The FreeBSD Project + +Topic: Network ACL mishandling in mountd(8) + +Category: core +Module: mountd +Announced: 2011-04-20 +Credits: Ruslan Ermilov +Affects: All supported versions of FreeBSD +Corrected: 2011-04-20 21:00:24 UTC (RELENG_7, 7.4-STABLE) + 2011-04-20 21:00:24 UTC (RELENG_7_3, 7.3-RELEASE-p5) + 2011-04-20 21:00:24 UTC (RELENG_7_4, 7.4-RELEASE-p1) + 2011-04-20 21:00:24 UTC (RELENG_8, 8.2-STABLE) + 2011-04-20 21:00:24 UTC (RELENG_8_1, 8.1-RELEASE-p3) + 2011-04-20 21:00:24 UTC (RELENG_8_2, 8.2-RELEASE-p1) +CVE Name: CVE-2011-1739 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The mountd(8) daemon services NFS mount requests from other client +machines. When mountd is started, it loads the export host addresses +and options into the kernel using the mount(2) system call. + +II. Problem Description + +While parsing the exports(5) table, a network mask in the form of +"-network=netname/prefixlength" results in an incorrect network mask +being computed if the prefix length is not a multiple of 8. + +For example, specifying the ACL for an export as "-network 192.0.2.0/23" +would result in a netmask of 255.255.127.0 being used instead of the +correct netmask of 255.255.254.0. + +III. Impact + +When using a prefix length which is not multiple of 8, access would be +granted to the wrong client systems. + +IV. Workaround + +For IPv4-only systems, using the -netmask option instead of CIDR notion +for -network circumvents this bug. + +A firewall such as pf(4) can (and probably should) be used to restrict +access to the NFS server. + +Systems not providing NFS service, or using a prefix length which is a +multiple of 8 in all ACLs, are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_8_2, RELENG_8_1, RELENG_7_4, RELENG_7_3 security branch dated +after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.3, 7.4, +8.1 and 8.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-11:01/mountd.patch +# fetch http://security.FreeBSD.org/patches/SA-11:01/mountd.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.sbin/mountd +# make obj && make depend && make && make install + +3) To update your vulnerable system via a binary patch: + +Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE or 8.2-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/usr.sbin/mountd/mountd.c 1.94.2.3 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.3 + src/sys/conf/newvers.sh 1.72.2.18.2.6 + src/usr.sbin/mountd/mountd.c 1.94.2.2.8.2 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.7 + src/sys/conf/newvers.sh 1.72.2.16.2.9 + src/usr.sbin/mountd/mountd.c 1.94.2.2.6.2 +RELENG_8 + src/usr.sbin/mountd/mountd.c 1.105.2.3 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.3 + src/sys/conf/newvers.sh 1.83.2.12.2.6 + src/usr.sbin/mountd/mountd.c 1.105.2.2.4.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.6 + src/sys/conf/newvers.sh 1.83.2.10.2.7 + src/usr.sbin/mountd/mountd.c 1.105.2.2.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r220901 +releng/7.3/ r220901 +releng/7.4/ r220901 +stable/8/ r220901 +releng/8.1/ r220901 +releng/8.2/ r220901 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1739 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.11 (FreeBSD) + +iEYEARECAAYFAk2vSjwACgkQFdaIBMps37J91ACfbj6PbStDVBISUx/jC8/3n0uS ++oUAnj9TdPvwezLnrej/XMahWlHQHK1N +=Hv1Y +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:02.bind.asc b/share/security/advisories/FreeBSD-SA-11:02.bind.asc new file mode 100644 index 0000000000..8c0c97e31d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:02.bind.asc @@ -0,0 +1,152 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:02.bind Security Advisory + The FreeBSD Project + +Topic: BIND remote DoS with large RRSIG RRsets and negative caching + +Category: contrib +Module: bind +Announced: 2011-05-28 +Credits: Frank Kloeker, Michael Sinatra. +Affects: All supported versions of FreeBSD. +Corrected: 2011-05-28 00:58:19 UTC (RELENG_7, 7.4-STABLE) + 2011-05-28 08:44:39 UTC (RELENG_7_3, 7.3-RELEASE-p6) + 2011-05-28 08:44:39 UTC (RELENG_7_4, 7.4-RELEASE-p2) + 2011-05-28 00:33:06 UTC (RELENG_8, 8.2-STABLE) + 2011-05-28 08:44:39 UTC (RELENG_8_1, 8.1-RELEASE-p4) + 2011-05-28 08:44:39 UTC (RELENG_8_2, 8.2-RELEASE-p2) +CVE Name: CVE-2011-1910 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +DNS Security Extensions (DNSSEC) provides data integrity, origin +authentication and authenticated denial of existence to resolvers. + +II. Problem Description + +Very large RRSIG RRsets included in a negative response can trigger +an assertion failure that will crash named(8) due to an off-by-one error +in a buffer size check. + +III. Impact + +If named(8) is being used as a recursive resolver, an attacker who +controls a DNS zone being resolved can cause named(8) to crash, +resulting in a denial of (DNS resolving) service. + +DNSSEC does not need to be enabled on the resolver for it to be +vulnerable. + +IV. Workaround + +No workaround is available, but systems not running the BIND DNS server +or using it exclusively as an authoritative name server (i.e., not as a +caching resolver) are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, +or to the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 +security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD +7.3, 7.4, 8.1 and 8.2 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-11:02/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-11:02/bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install +# /etc/rc.d/named restart + +3) To update your vulnerable system via a binary patch: + +Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE, or 8.2-RELEASE +on the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/contrib/bind9/lib/dns/ncache.c 1.1.1.2.2.3 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.4 + src/sys/conf/newvers.sh 1.72.2.18.2.7 + src/contrib/bind9/lib/dns/ncache.c 1.1.1.2.2.2.2.1 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.8 + src/sys/conf/newvers.sh 1.72.2.16.2.10 + src/contrib/bind9/lib/dns/ncache.c 1.1.1.2.10.1 +RELENG_8 + src/contrib/bind9/lib/dns/ncache.c 1.2.2.4 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.4 + src/sys/conf/newvers.sh 1.83.2.12.2.7 + src/contrib/bind9/lib/dns/ncache.c 1.2.2.2.2.1 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.7 + src/sys/conf/newvers.sh 1.83.2.10.2.8 + src/contrib/bind9/lib/dns/ncache.c 1.2.2.1.2.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r222399 +releng/7.4/ r222416 +releng/7.3/ r222416 +stable/8/ r222396 +releng/8.2/ r222416 +releng/8.1/ r222416 +head/ r222395 +- ------------------------------------------------------------------------- + +VII. References + +http://www.isc.org/software/bind/advisories/cve-2011-1910 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:02.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 + +iEYEARECAAYFAk3gvuQACgkQFdaIBMps37L2iACgizZK4QS3rOaY0x7evMuyWIop +OaoAn3Pku/9HCSUULC2xurSnGU3AtJcz +=aG4/ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:03.bind.asc b/share/security/advisories/FreeBSD-SA-11:03.bind.asc new file mode 100644 index 0000000000..7042b4dbb2 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:03.bind.asc @@ -0,0 +1,86 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:03.bind Security Advisory + The FreeBSD Project + +Topic: Remote packet Denial of Service against named(8) servers + +Category: contrib +Module: bind +Announced: 2011-09-28 +Credits: Roy Arends +Affects: 8.2-STABLE after 2011-05-28 and prior to the correction date +Corrected: 2011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE) +CVE Name: CVE-2011-2464 + +Note: This advisory concerns a vulnerability which existed only in +the FreeBSD 8-STABLE branch and was fixed over two months prior to the +date of this advisory. + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +II. Problem Description + +A logic error in the BIND code causes the BIND daemon to accept bogus +data, which could cause the daemon to crash. + +III. Impact + +An attacker able to send traffic to the BIND daemon can cause it to +crash, resulting in a denial of service. + +IV. Workaround + +No workaround is available, but systems not running the BIND name server +are not affected. + +V. Solution + +Upgrade your vulnerable system to 8-STABLE dated after the correction +date. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_8 + src/contrib/bind9/lib/dns/message.c 1.3.2.3 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path +Revision +- ------------------------------------------------------------------------- +stable/8/ r223815 +- ------------------------------------------------------------------------- + +VII. References + +http://www.isc.org/software/bind/advisories/cve-2011-2464 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG +9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK +=aUvD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:04.compress.asc b/share/security/advisories/FreeBSD-SA-11:04.compress.asc new file mode 100644 index 0000000000..6763fd223e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:04.compress.asc @@ -0,0 +1,158 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:04.compress Security Advisory + The FreeBSD Project + +Topic: Errors handling corrupt compress file in compress(1) + and gzip(1) + +Category: core +Module: compress +Announced: 2011-09-28 +Credits: Tomas Hoger, Joerg Sonnenberger +Affects: All supported versions of FreeBSD. +Corrected: 2011-09-28 08:47:17 UTC (RELENG_7, 7.4-STABLE) + 2011-09-28 08:47:17 UTC (RELENG_7_4, 7.4-RELEASE-p3) + 2011-09-28 08:47:17 UTC (RELENG_7_3, 7.3-RELEASE-p7) + 2011-09-28 08:47:17 UTC (RELENG_8, 8.2-STABLE) + 2011-09-28 08:47:17 UTC (RELENG_8_2, 8.2-RELEASE-p3) + 2011-09-28 08:47:17 UTC (RELENG_8_1, 8.1-RELEASE-p5) + 2011-09-28 08:47:17 UTC (RELENG_9, 9.0-RC1) +CVE Name: CVE-2011-2895 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The compress utility reduces the size of files using adaptive Lempel-Ziv +coding, or LZW coding, a lossless data compression algorithm. + +Both compress(1) and gzip(1) uses code derived from 4.3BSD compress(1). + +II. Problem Description + +The code used to decompress a file created by compress(1) does not do +sufficient boundary checks on compressed code words, allowing reference +beyond the decompression table, which may result in a stack overflow or +an infinite loop when the decompressor encounters a corrupted file. + +III. Impact + +An attacker who can cause a corrupt archive of his choice to be parsed +by uncompress(1) or gunzip(1), can cause these utilities to enter an +infinite loop, to core dump, or possibly to execute arbitrary code +provided by the attacker. + +IV. Workaround + +No workaround is available, but systems not handling adaptive Lempel-Ziv +compressed files (.Z) from untrusted source are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to +the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security +branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, 7.3, +8.2 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-11:04/compress.patch +# fetch http://security.FreeBSD.org/patches/SA-11:04/compress.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/usr.bin/compress +# make obj && make depend && make && make install +# cd /usr/src/usr.bin/gzip +# make obj && make depend && make && make install + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/usr.bin/compress/zopen.c 1.12.10.1 + src/usr.bin/gzip/zuncompress.c 1.1.4.3 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.5 + src/sys/conf/newvers.sh 1.72.2.18.2.8 + src/usr.bin/compress/zopen.c 1.12.26.2 + src/usr.bin/gzip/zuncompress.c 1.1.4.1.4.2 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.9 + src/sys/conf/newvers.sh 1.72.2.16.2.11 + src/usr.bin/compress/zopen.c 1.12.24.2 + src/usr.bin/gzip/zuncompress.c 1.1.4.1.2.2 +RELENG_8 + src/usr.bin/compress/zopen.c 1.12.22.2 + src/usr.bin/gzip/zuncompress.c 1.2.2.3 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.5 + src/sys/conf/newvers.sh 1.83.2.12.2.8 + src/usr.bin/compress/zopen.c 1.12.22.1.6.2 + src/usr.bin/gzip/zuncompress.c 1.2.2.1.6.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.8 + src/sys/conf/newvers.sh 1.83.2.10.2.9 + src/usr.bin/compress/zopen.c 1.12.22.1.4.2 + src/usr.bin/gzip/zuncompress.c 1.2.2.1.4.2 +RELENG_9 + src/usr.bin/compress/zopen.c 1.16.2.2 + src/usr.bin/gzip/zuncompress.c 1.4.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r225827 +releng/7.4/ r225827 +releng/7.3/ r225827 +stable/8/ r225827 +releng/8.2/ r225827 +releng/8.1/ r225827 +stable/9/ r225827 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:04.compress.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk6C4nIACgkQFdaIBMps37LymQCgmW2YYsSqvjxhiuHXt0bCcCgd +K5YAnA0/Z8++C6TKtUJ5Bzogd80a9OEd +=I+0k +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:05.unix.asc b/share/security/advisories/FreeBSD-SA-11:05.unix.asc new file mode 100644 index 0000000000..17567fad68 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:05.unix.asc @@ -0,0 +1,182 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:05.unix Security Advisory + The FreeBSD Project + +Topic: Buffer overflow in handling of UNIX socket addresses + +Category: core +Module: kern +Announced: 2011-09-28 +Credits: Mateusz Guzik +Affects: All supported versions of FreeBSD. +Corrected: 2011-10-04 19:07:38 UTC (RELENG_7, 7.4-STABLE) + 2011-10-04 19:07:38 UTC (RELENG_7_4, 7.4-RELEASE-p4) + 2011-10-04 19:07:38 UTC (RELENG_7_3, 7.3-RELEASE-p8) + 2011-10-04 19:07:38 UTC (RELENG_8, 8.2-STABLE) + 2011-10-04 19:07:38 UTC (RELENG_8_2, 8.2-RELEASE-p4) + 2011-10-04 19:07:38 UTC (RELENG_8_1, 8.1-RELEASE-p6) + 2011-10-04 19:07:38 UTC (RELENG_9, 9.0-RC1) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +0. Revision History + +v1.0 2011-09-28 Initial release. +v1.1 2011-10-04 Updated patch to add linux emulation bug fix. + +I. Background + +UNIX-domain sockets, also known as "local" sockets, are a mechanism for +interprocess communication. They are similar to Internet sockets (and +utilize the same system calls) but instead of relying on IP addresses +and port numbers, UNIX-domain sockets have addresses in the local file +system address space. + +FreeBSD contains "linux emulation" support via system call translation +in order to make it possible to use certain linux applications without +recompilation. + +II. Problem Description + +When a UNIX-domain socket is attached to a location using the bind(2) +system call, the length of the provided path is not validated. Later, +when this address was returned via other system calls, it is copied into +a fixed-length buffer. + +Linux uses a larger socket address structure for UNIX-domain sockets +than FreeBSD, and the FreeBSD's linux emulation code did not translate +UNIX-domain socket addresses into the correct size of structure. + +III. Impact + +A local user can cause the FreeBSD kernel to panic. It may also be +possible to execute code with elevated privileges ("gain root"), escape +from a jail, or to bypass security mechanisms in other ways. + +The patch provided with the initial version of this advisory exposed +the pre-existing bug in FreeBSD's linux emulation code, resulting in +attempts to use UNIX sockets from linux applications failing. The most +common instance where UNIX sockets were used by linux applications is +in the context of the X windowing system, including the widely used +linux "flash" web browser plugin. + +IV. Workaround + +No workaround is available, but systems without untrusted local users +are not vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to +the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security +branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patch has been verified to apply to FreeBSD 7.4, 7.3, +8.2 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-11:05/unix2.patch +# fetch http://security.FreeBSD.org/patches/SA-11:05/unix2.patch.asc + +NOTE: The patch distributed at the time of the original advisory fixed +the security vulnerability but exposed the pre-existing bug in the linux +emulation subsystem. Systems to which the original patch was applied +should be patched with the following corrective patch, which contains +only the additional changes required to fix the newly-exposed linux +emulation bug: + +# fetch http://security.FreeBSD.org/patches/SA-11:05/unix-linux.patch +# fetch http://security.FreeBSD.org/patches/SA-11:05/unix-linux.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/kern/uipc_usrreq.c 1.206.2.13 + src/sys/compat/linux/linux_socket.c 1.74.2.15 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.5 + src/sys/conf/newvers.sh 1.72.2.18.2.8 + src/sys/kern/uipc_usrreq.c 1.206.2.11.4.2 + src/sys/compat/linux/linux_socket.c 1.74.2.13.2.2 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.9 + src/sys/conf/newvers.sh 1.72.2.16.2.11 + src/sys/kern/uipc_usrreq.c 1.206.2.11.2.2 + src/sys/compat/linux/linux_socket.c 1.74.2.12.2.2 +RELENG_8 + src/sys/kern/uipc_usrreq.c 1.233.2.6 + src/sys/compat/linux/linux_socket.c 1.101.2.5 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.5 + src/sys/conf/newvers.sh 1.83.2.12.2.8 + src/sys/kern/uipc_usrreq.c 1.233.2.2.2.2 + src/sys/compat/linux/linux_socket.c 1.101.2.3.4.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.8 + src/sys/conf/newvers.sh 1.83.2.10.2.9 + src/sys/kern/uipc_usrreq.c 1.233.2.1.4.2 + src/sys/compat/linux/linux_socket.c 1.101.2.3.2.2 +RELENG_9 + src/sys/kern/uipc_usrreq.c 1.244.2.2 + src/sys/compat/linux/linux_socket.c 1.108.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r226023 +releng/7.4/ r226023 +releng/7.3/ r226023 +stable/8/ r226023 +releng/8.2/ r226023 +releng/8.1/ r226023 +stable/9/ r226023 +- ------------------------------------------------------------------------- + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:05.unix.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk6LWp4ACgkQFdaIBMps37LlGQCgl5uCTA/QydDSsIuBR/TOxTRD +Bg0AnjL43sOhR5yIp8xNAkMZxwfl3YiE +=Df+l +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:06.bind.asc b/share/security/advisories/FreeBSD-SA-11:06.bind.asc new file mode 100644 index 0000000000..a998899222 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:06.bind.asc @@ -0,0 +1,181 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:06.bind Security Advisory + The FreeBSD Project + +Topic: Remote packet Denial of Service against named(8) servers + +Category: contrib +Module: bind +Announced: 2011-12-23 +Affects: All supported versions of FreeBSD. +Corrected: 2011-11-17 01:10:16 UTC (RELENG_7, 7.4-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9) + 2011-11-17 00:36:10 UTC (RELENG_8, 8.2-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7) + 2011-12-01 21:13:41 UTC (RELENG_9, 9.0-STABLE) + 2011-12-01 21:17:59 UTC (RELENG_9_0, 9.0-RC3) + 2011-11-16 23:41:13 UTC (ports tree) +CVE Name: CVE-2011-4313 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +II. Problem Description + +A remote attacker could cause the BIND resolver to cache an invalid +record, which could cause the BIND daemon to crash when that record +is being queried. + +III. Impact + +An attacker that is able to send an specifically crafted response to the +BIND daemon can cause it to crash, resulting in a denial of service. + +Note that due to the nature of this vulnerability, the attacker does +not necessarily have to have query access to the victim server. The +vulnerability can be triggered by tricking legitimate clients, for +instance spam filtering systems or an end user browser, which can be +made to the query on their behalf. + +IV. Workaround + +No workaround is available, but systems not running the BIND resolving +name server are not affected. + +Servers that are running in authoritative-only mode appear not to be +affected by this vulnerability. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security branch dated +after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, 7.3, +8.2 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.3-RELEASE and 7.4-RELEASE] +# fetch http://security.FreeBSD.org/patches/SA-11:06/bind7.patch +# fetch http://security.FreeBSD.org/patches/SA-11:06/bind7.patch.asc + +[FreeBSD 8.1-RELEASE and 8.2-RELEASE] +# fetch http://security.FreeBSD.org/patches/SA-11:06/bind8.patch +# fetch http://security.FreeBSD.org/patches/SA-11:06/bind8.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind/ +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +4) Install and run BIND from the Ports Collection after the correction +date. The following versions and newer versions of BIND installed from +the Ports Collection already have the mitigation measure: + + bind96-9.6.3.1.ESV.R5.1 + bind97-9.7.4.1 + bind98-9.8.1.1 + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.9 + src/contrib/bind9/bin/named/query.c 1.1.1.6.2.8 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.7 + src/sys/conf/newvers.sh 1.72.2.18.2.10 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.6.2.1 + src/contrib/bind9/bin/named/query.c 1.1.1.6.2.6.2.1 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.11 + src/sys/conf/newvers.sh 1.72.2.16.2.13 + src/contrib/bind9/lib/dns/rbtdb.c 1.1.1.4.2.3.2.2 + src/contrib/bind9/bin/named/query.c 1.1.1.6.2.3.2.2 +RELENG_8 + src/contrib/bind9/lib/dns/rbtdb.c 1.3.2.9 + src/contrib/bind9/bin/named/query.c 1.3.2.8 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.7 + src/sys/conf/newvers.sh 1.83.2.12.2.10 + src/contrib/bind9/lib/dns/rbtdb.c 1.3.2.5.2.1 + src/contrib/bind9/bin/named/query.c 1.3.2.5.2.1 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.10 + src/sys/conf/newvers.sh 1.83.2.10.2.11 + src/contrib/bind9/lib/dns/rbtdb.c 1.3.2.3.2.1 + src/contrib/bind9/bin/named/query.c 1.3.2.3.2.1 +RELENG_9 + src/contrib/bind9/lib/dns/rbtdb.c 1.13.2.1 + src/contrib/bind9/bin/named/query.c 1.11.2.1 +RELENG_9_0 + src/contrib/bind9/lib/dns/rbtdb.c 1.13.4.1 + src/contrib/bind9/bin/named/query.c 1.11.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r227603 +releng/7.4/ r228843 +releng/7.3/ r228843 +stable/8/ r227599 +releng/8.2/ r228843 +releng/8.1/ r228843 +stable/9/ r228189 +releng/9.0/ r228190 +- ------------------------------------------------------------------------- + +VII. References + +https://www.isc.org/software/bind/advisories/cve-2011-4313 + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:06.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk70nOoACgkQFdaIBMps37K18wCeLYPkREXJsMXYdzt+guRFcPZR +VY4AoII3kmCzRX/gYRmPW7lwGqWIgwlM +=wMSJ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:07.chroot.asc b/share/security/advisories/FreeBSD-SA-11:07.chroot.asc new file mode 100644 index 0000000000..30f775710b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:07.chroot.asc @@ -0,0 +1,232 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:07.chroot Security Advisory + The FreeBSD Project + +Topic: Code execution via chrooted ftpd + +Category: core +Module: libc +Announced: 2011-12-23 +Affects: All supported versions of FreeBSD. +Corrected: 2011-12-23 15:00:37 UTC (RELENG_7, 7.4-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9) + 2011-12-23 15:00:37 UTC (RELENG_8, 8.2-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7) + 2011-12-23 15:00:37 UTC (RELENG_9, 9.0-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_9_0, 9.0-RELEASE) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +Chroot is an operation that changes the apparent root directory for the +current process and its children. The chroot(2) system call is widely +used in many applications as a measure of limiting a process's access to +the file system, as part of implementing privilege separation. + +The nsdispatch(3) API implementation has a feature to reload its +configuration on demand. This feature may also load shared libraries +and run code provided by the library when requested by the configuration +file. + +II. Problem Description + +The nsdispatch(3) API has no mechanism to alert it to whether it is +operating within a chroot environment in which the standard paths for +configuration files and shared libraries may be untrustworthy. + +The FreeBSD ftpd(8) daemon can be configured to use chroot(2), and +also uses the nsdispatch(3) API. + +III. Impact + +If ftpd is configured to place a user in a chroot environment, then an +attacker who can log in as that user may be able to run arbitrary code +with elevated ("root") privileges. + +IV. Workaround + +Don't use ftpd with the chroot option. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to +the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security +branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, 7.3, +8.2 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.3 and 7.4] +# fetch http://security.FreeBSD.org/patches/SA-11:07/chroot7.patch +# fetch http://security.FreeBSD.org/patches/SA-11:07/chroot7.patch.asc + +[FreeBSD 8.1 and 8.2] +# fetch http://security.FreeBSD.org/patches/SA-11:07/chroot8.patch +# fetch http://security.FreeBSD.org/patches/SA-11:07/chroot8.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +4) This update adds a new API, __FreeBSD_libc_enter_restricted_mode() +to the C library, which completely disables loading of shared libraries +upon return. Applications doing chroot(2) jails need to be updated +to call this API explicitly right after the chroot(2) operation as a +safety measure. + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/include/unistd.h 1.80.2.4 + src/lib/libc/include/libc_private.h 1.17.2.4 + src/lib/libc/Versions.def 1.3.2.3 + src/lib/libc/net/nsdispatch.c 1.14.2.3 + src/lib/libc/gen/Symbol.map 1.6.2.7 + src/lib/libc/gen/Makefile.inc 1.128.2.6 + src/lib/libc/gen/libc_dlopen.c 1.2.2.2 + src/libexec/ftpd/popen.c 1.26.10.2 + src/libexec/ftpd/ftpd.c 1.212.2.2 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.7 + src/sys/conf/newvers.sh 1.72.2.18.2.10 + src/include/unistd.h 1.80.2.3.4.2 + src/lib/libc/include/libc_private.h 1.17.2.3.4.2 + src/lib/libc/Versions.def 1.3.2.2.4.2 + src/lib/libc/net/nsdispatch.c 1.14.2.2.2.2 + src/lib/libc/gen/Symbol.map 1.6.2.6.4.2 + src/lib/libc/gen/Makefile.inc 1.128.2.5.4.2 + src/lib/libc/gen/libc_dlopen.c 1.2.4.2 + src/libexec/ftpd/popen.c 1.26.10.1.2.2 + src/libexec/ftpd/ftpd.c 1.212.2.1.6.2 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.11 + src/sys/conf/newvers.sh 1.72.2.16.2.13 + src/include/unistd.h 1.80.2.3.2.2 + src/lib/libc/include/libc_private.h 1.17.2.3.2.2 + src/lib/libc/Versions.def 1.3.2.2.2.2 + src/lib/libc/net/nsdispatch.c 1.14.2.1.6.2 + src/lib/libc/gen/Symbol.map 1.6.2.6.2.2 + src/lib/libc/gen/Makefile.inc 1.128.2.5.2.2 + src/lib/libc/gen/libc_dlopen.c 1.1.2.1 + src/libexec/ftpd/popen.c 1.26.24.2 + src/libexec/ftpd/ftpd.c 1.212.2.1.4.2 +RELENG_8 + src/include/unistd.h 1.95.2.2 + src/lib/libc/include/libc_private.h 1.20.2.3 + src/lib/libc/Versions.def 1.8.2.3 + src/lib/libc/net/nsdispatch.c 1.18.2.3 + src/lib/libc/gen/Symbol.map 1.21.2.6 + src/lib/libc/gen/Makefile.inc 1.144.2.7 + src/lib/libc/gen/libc_dlopen.c 1.1.4.2 + src/libexec/ftpd/popen.c 1.26.22.3 + src/libexec/ftpd/ftpd.c 1.214.2.3 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.7 + src/sys/conf/newvers.sh 1.83.2.12.2.10 + src/include/unistd.h 1.95.2.1.6.2 + src/lib/libc/include/libc_private.h 1.20.2.2.4.2 + src/lib/libc/Versions.def 1.8.2.2.4.2 + src/lib/libc/net/nsdispatch.c 1.18.2.2.2.2 + src/lib/libc/gen/Symbol.map 1.21.2.5.2.2 + src/lib/libc/gen/Makefile.inc 1.144.2.6.2.2 + src/lib/libc/gen/libc_dlopen.c 1.2.8.2 + src/libexec/ftpd/popen.c 1.26.22.2.4.2 + src/libexec/ftpd/ftpd.c 1.214.2.1.6.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.10 + src/sys/conf/newvers.sh 1.83.2.10.2.11 + src/include/unistd.h 1.95.2.1.4.2 + src/lib/libc/include/libc_private.h 1.20.2.2.2.2 + src/lib/libc/Versions.def 1.8.2.2.2.2 + src/lib/libc/net/nsdispatch.c 1.18.2.1.4.2 + src/lib/libc/gen/Symbol.map 1.21.2.3.2.2 + src/lib/libc/gen/Makefile.inc 1.144.2.4.2.2 + src/lib/libc/gen/libc_dlopen.c 1.2.10.2 + src/libexec/ftpd/popen.c 1.26.22.2.2.2 + src/libexec/ftpd/ftpd.c 1.214.2.1.4.2 +RELENG_9 + src/include/unistd.h 1.101.2.2 + src/lib/libc/include/libc_private.h 1.26.2.2 + src/lib/libc/Versions.def 1.9.2.2 + src/lib/libc/net/nsdispatch.c 1.19.2.2 + src/lib/libc/gen/Symbol.map 1.38.2.2 + src/lib/libc/gen/Makefile.inc 1.159.2.2 + src/lib/libc/gen/libc_dlopen.c 1.1.6.2 + src/lib/libc/iconv/citrus_module.c 1.1.2.2 + src/libexec/ftpd/popen.c 1.27.2.2 + src/libexec/ftpd/ftpd.c 1.220.2.2 +RELENG_9_0 + src/include/unistd.h 1.101.2.1.2.2 + src/lib/libc/include/libc_private.h 1.26.2.1.2.2 + src/lib/libc/Versions.def 1.9.2.1.2.2 + src/lib/libc/net/nsdispatch.c 1.19.2.1.2.2 + src/lib/libc/gen/Symbol.map 1.38.2.1.2.2 + src/lib/libc/gen/Makefile.inc 1.159.2.1.2.2 + src/lib/libc/gen/libc_dlopen.c 1.2.6.2 + src/lib/libc/iconv/citrus_module.c 1.1.2.1.2.2 + src/libexec/ftpd/popen.c 1.27.2.1.2.2 + src/libexec/ftpd/ftpd.c 1.220.2.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r228843 +releng/7.4/ r228843 +releng/7.3/ r228843 +stable/8/ r228843 +releng/8.2/ r228843 +releng/8.1/ r228843 +stable/9/ r228843 +releng/9.0/ r228843 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:07.chroot.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk70nOoACgkQFdaIBMps37ILmgCgjVxRH+NsPpnXOVdwWmuxlSDp +h9wAniE0tokORcqQlFJim5Pc1Z65ybwl +=45yE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:08.telnetd.asc b/share/security/advisories/FreeBSD-SA-11:08.telnetd.asc new file mode 100644 index 0000000000..e5c837feca --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:08.telnetd.asc @@ -0,0 +1,173 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:08.telnetd Security Advisory + The FreeBSD Project + +Topic: telnetd code execution vulnerability + +Category: core +Module: contrib +Announced: 2011-12-23 +Affects: All supported versions of FreeBSD. +Corrected: 2011-12-23 15:00:37 UTC (RELENG_7, 7.4-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9) + 2011-12-23 15:00:37 UTC (RELENG_8, 8.2-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7) + 2011-12-23 15:00:37 UTC (RELENG_9, 9.0-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_9_0, 9.0-RELEASE) +CVE Name: CVE-2011-4862 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The FreeBSD telnet daemon, telnetd(8), implements the server side of the +TELNET virtual terminal protocol. It has been disabled by default in +FreeBSD since August 2001, and due to the lack of cryptographic security +in the TELNET protocol, it is strongly recommended that the SSH protocol +be used instead. The FreeBSD telnet daemon can be enabled via the +/etc/inetd.conf configuration file and the inetd(8) daemon. + +The TELNET protocol has a mechanism for encryption of the data stream +(but it is not cryptographically strong and should not be relied upon +in any security-critical applications). + +II. Problem Description + +When an encryption key is supplied via the TELNET protocol, its length +is not validated before the key is copied into a fixed-size buffer. + +III. Impact + +An attacker who can connect to the telnetd daemon can execute arbitrary +code with the privileges of the daemon (which is usually the "root" +superuser). + +IV. Workaround + +No workaround is available, but systems not running the telnet daemon +are not vulnerable. + +Note that the telnet daemon is usually run via inetd, and consequently +will not show up in a process listing unless a connection is currently +active; to determine if it is enabled, run + +$ ps ax | grep telnetd | grep -v grep +$ grep telnetd /etc/inetd.conf | grep -vE '^#' + +If any output is produced, your system may be vulnerable. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the +RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security branch dated +after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, 7.3, +8.2, and 8.1 systems. + +a) Download the patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-11:08/telnetd.patch +# fetch http://security.FreeBSD.org/patches/SA-11:08/telnetd.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libtelnet +# make obj && make depend && make && make install +# cd /usr/src/libexec/telnetd +# make obj && make depend && make && make install + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.2.24.1 + src/contrib/telnet/libtelnet/encrypt.c 1.9.24.1 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.7 + src/sys/conf/newvers.sh 1.72.2.18.2.10 + src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.2.38.1 + src/contrib/telnet/libtelnet/encrypt.c 1.9.40.2 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.11 + src/sys/conf/newvers.sh 1.72.2.16.2.13 + src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.2.36.1 + src/contrib/telnet/libtelnet/encrypt.c 1.9.38.2 +RELENG_8 + src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.2.1 + src/contrib/telnet/libtelnet/encrypt.c 1.9.36.2 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.7 + src/sys/conf/newvers.sh 1.83.2.12.2.10 + src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.8.1 + src/contrib/telnet/libtelnet/encrypt.c 1.9.36.1.6.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.10 + src/sys/conf/newvers.sh 1.83.2.10.2.11 + src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.6.1 + src/contrib/telnet/libtelnet/encrypt.c 1.9.36.1.4.2 +RELENG_9 + src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.10.1 + src/contrib/telnet/libtelnet/encrypt.c 1.9.42.2 +RELENG_9_0 + src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c 1.1.1.3.12.1 + src/contrib/telnet/libtelnet/encrypt.c 1.9.42.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r228843 +releng/7.4/ r228843 +releng/7.3/ r228843 +stable/8/ r228843 +releng/8.2/ r228843 +releng/8.1/ r228843 +stable/9/ r228843 +releng/9.0/ r228843 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk70nOoACgkQFdaIBMps37IYcwCfXn5aQTfQDe/AnS31JBg+BB1m +HJMAmgOE5pUKTlFqLw5UBouMNFfUmu2u +=dcyj +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:09.pam_ssh.asc b/share/security/advisories/FreeBSD-SA-11:09.pam_ssh.asc new file mode 100644 index 0000000000..e093a80793 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:09.pam_ssh.asc @@ -0,0 +1,185 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:09.pam_ssh Security Advisory + The FreeBSD Project + +Topic: pam_ssh improperly grants access when user account has + unencrypted SSH private keys + +Category: contrib +Module: pam +Announced: 2011-12-23 +Credits: Guy Helmer, Dag-Erling Smorgrav +Affects: All supported versions of FreeBSD. +Corrected: 2011-12-11 20:40:23 UTC (RELENG_7, 7.4-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9) + 2011-12-11 20:38:36 UTC (RELENG_8, 8.2-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7) + 2011-12-11 16:57:27 UTC (RELENG_9, 9.0-STABLE) + 2011-12-11 17:32:37 UTC (RELENG_9_0, 9.0-RELEASE) + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The PAM (Pluggable Authentication Modules) library provides a flexible +framework for user authentication and session setup / teardown. It is +used not only in the base system, but also by a large number of +third-party applications. + +Various authentication methods (UNIX, LDAP, Kerberos etc.) are +implemented in modules which are loaded and executed according to +predefined, named policies. These policies are defined in +/etc/pam.conf, /etc/pam.d/, /usr/local/etc/pam.conf or +/usr/local/etc/pam.d/. + +The base system includes a module named pam_ssh which, if enabled, +allows users to authenticate themselves by typing in the passphrase of +one of the SSH private keys which are stored in encrypted form in the +their .ssh directory. Authentication is considered successful if at +least one of these keys could be decrypted using the provided +passphrase. + +By default, the pam_ssh module rejects SSH private keys with no +passphrase. A "nullok" option exists to allow these keys. + +II. Problem Description + +The OpenSSL library call used to decrypt private keys ignores the +passphrase argument if the key is not encrypted. Because the pam_ssh +module only checks whether the passphrase provided by the user is +null, users with unencrypted SSH private keys may successfully +authenticate themselves by providing a dummy passphrase. + +III. Impact + +If the pam_ssh module is enabled, attackers may be able to gain access +to user accounts which have unencrypted SSH private keys. + +IV. Workaround + +No workaround is available, but systems that do not have the pam_ssh module +enabled are not vulnerable. The pam_ssh module is not enabled in any +of the default policies provided in the base system. + +The system administrator can use the following procedure to inspect all +PAM policy files to determine whether the pam_ssh module is enabled. +If the following command produces any output, the system may be +vulnerable: + +# egrep -r '^[^#].*\' /etc/pam.* /usr/local/etc/pam.* + +The following command will disable the pam_ssh module in all PAM +policies present in the system: + +# sed -i '' -e '/^[^#].*pam_ssh/s/^/#/' /etc/pam.conf /etc/pam.d/* \ + /usr/local/etc/pam.conf /usr/local/etc/pam.d/* + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to +the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security +branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, 7.3, +8.2 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-11:09/pam_ssh.patch +# fetch http://security.FreeBSD.org/patches/SA-11:09/pam_ssh.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libpam/modules/pam_ssh +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/lib/libpam/modules/pam_ssh/pam_ssh.c 1.44.2.2 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.7 + src/sys/conf/newvers.sh 1.72.2.18.2.10 + src/lib/libpam/modules/pam_ssh/pam_ssh.c 1.44.2.1.8.2 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.11 + src/sys/conf/newvers.sh 1.72.2.16.2.13 + src/lib/libpam/modules/pam_ssh/pam_ssh.c 1.44.2.1.6.2 +RELENG_8 + src/lib/libpam/modules/pam_ssh/pam_ssh.c 1.45.2.3 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.7 + src/sys/conf/newvers.sh 1.83.2.12.2.10 + src/lib/libpam/modules/pam_ssh/pam_ssh.c 1.45.2.2.4.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.10 + src/sys/conf/newvers.sh 1.83.2.10.2.11 + src/lib/libpam/modules/pam_ssh/pam_ssh.c 1.45.2.2.2.2 +RELENG_9 + src/lib/libpam/modules/pam_ssh/pam_ssh.c 1.47.2.2 +RELENG_9_0 + src/lib/libpam/modules/pam_ssh/pam_ssh.c 1.47.2.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r228421 +releng/7.4/ r228843 +releng/7.3/ r228843 +stable/8/ r228420 +releng/8.2/ r228843 +releng/8.1/ r228843 +stable/9/ r228410 +releng/9.0/ r228414 +- ------------------------------------------------------------------------- + +VII. References + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:09.pam_ssh.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk70nOoACgkQFdaIBMps37JTSwCfS+bmWBxv5hote7Hrcl7VZjjk +vKMAn116aLADxmdYsyZ5WdSrfFTRt3Xm +=Y+ar +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-11:10.pam.asc b/share/security/advisories/FreeBSD-SA-11:10.pam.asc new file mode 100644 index 0000000000..f4b16e796d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-11:10.pam.asc @@ -0,0 +1,186 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-11:10.pam Security Advisory + The FreeBSD Project + +Topic: pam_start() does not validate service names + +Category: contrib +Module: pam +Announced: 2011-12-23 +Credits: Matthias Drochner +Affects: All supported versions of FreeBSD. +Corrected: 2011-12-13 13:03:11 UTC (RELENG_7, 7.4-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9) + 2011-12-13 13:02:52 UTC (RELENG_8, 8.2-STABLE) + 2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5) + 2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7) + 2011-12-13 12:59:39 UTC (RELENG_9, 9.0-STABLE) + 2011-12-13 13:02:31 UTC (RELENG_9_0, 9.0-RELEASE) +CVE Name: CVE-2011-4122 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The PAM (Pluggable Authentication Modules) library provides a flexible +framework for user authentication and session setup / teardown. It is +used not only in the base system, but also by a large number of +third-party applications. + +Various authentication methods (UNIX, LDAP, Kerberos etc.) are +implemented in modules which are loaded and executed according to +predefined, named policies. These policies are defined in +/etc/pam.conf, /etc/pam.d/, /usr/local/etc/pam.conf or +/usr/local/etc/pam.d/. + +The PAM API is a de facto industry standard which has been implemented +by several parties. FreeBSD uses the OpenPAM implementation. + +II. Problem Description + +Some third-party applications, including KDE's kcheckpass command, +allow the user to specify the name of the policy on the command line. +Since OpenPAM treats the policy name as a path relative to /etc/pam.d +or /usr/local/etc/pam.d, users who are permitted to run such an +application can craft their own policies and cause the application +to load and execute their own modules. + +III. Impact + +If an application that runs with root privileges allows the user to +specify the name of the PAM policy to load, users who are permitted to +run that application will be able to execute arbitrary code with root +privileges. + +There are no vulnerable applications in the base system. + +IV. Workaround + +No workaround is available, but systems without untrusted users are +not vulnerable. + +Inspect any third-party setuid / setgid binaries which use the PAM +library and ascertain whether they allow the user to specify the +policy name, then either change the binary's permissions to prevent +its use or remove it altogether. + +The following command will output a non-zero number if a dynamically +linked binary uses libpam: + +# ldd /usr/local/bin/suspicious_binary | grep -c libpam + +The following command will output a non-zero number if a statically +linked binary uses libpam: + +# grep -acF "/etc/pam.d/" /usr/local/bin/suspicious_binary + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to +the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security +branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, 7.3, +8.2 and 8.1 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-11:10/pam.patch +# fetch http://security.FreeBSD.org/patches/SA-11:10/pam.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libpam +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on +the i386 or amd64 platforms can be updated via the freebsd-update(8) +utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/contrib/openpam/lib/openpam_configure.c 1.1.1.7.20.2 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.7 + src/sys/conf/newvers.sh 1.72.2.18.2.10 + src/contrib/openpam/lib/openpam_configure.c 1.1.1.7.20.1.8.1 +RELENG_7_3 + src/UPDATING 1.507.2.34.2.11 + src/sys/conf/newvers.sh 1.72.2.16.2.13 + src/contrib/openpam/lib/openpam_configure.c 1.1.1.7.20.1.6.1 +RELENG_8 + src/contrib/openpam/lib/openpam_configure.c 1.1.1.8.2.1 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.7 + src/sys/conf/newvers.sh 1.83.2.12.2.10 + src/contrib/openpam/lib/openpam_configure.c 1.1.1.8.8.1 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.10 + src/sys/conf/newvers.sh 1.83.2.10.2.11 + src/contrib/openpam/lib/openpam_configure.c 1.1.1.8.6.1 +RELENG_9 + src/contrib/openpam/lib/openpam_configure.c 1.1.1.8.10.1 +RELENG_9_0 + src/contrib/openpam/lib/openpam_configure.c 1.1.1.8.12.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r228467 +releng/7.4/ r228843 +releng/7.3/ r228843 +stable/8/ r228466 +releng/8.2/ r228843 +releng/8.1/ r228843 +stable/9/ r228464 +releng/9.0/ r228465 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4122 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-11:10.pam.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2.0.18 (FreeBSD) + +iEYEARECAAYFAk70nOoACgkQFdaIBMps37KEWgCgiD/7EymFrnFueD7yyLiI3hLV +lU4An2FUTQRJ0GakViobm9ejHdfmf2Vb +=9COS +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-12:01.openssl.asc b/share/security/advisories/FreeBSD-SA-12:01.openssl.asc new file mode 100644 index 0000000000..a6f6f32eda --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-12:01.openssl.asc @@ -0,0 +1,320 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-12:01.openssl Security Advisory + The FreeBSD Project + +Topic: OpenSSL multiple vulnerabilities + +Category: contrib +Module: openssl +Announced: 2012-05-03 +Credits: Adam Langley, George Kadianakis, Ben Laurie, + Ivan Nestlerode, Tavis Ormandy +Affects: All supported versions of FreeBSD. +Corrected: 2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE) + 2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8) + 2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE) + 2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2) + 2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8) + 2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10) + 2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE) + 2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2) +CVE Name: CVE-2011-4576, CVE-2011-4619, CVE-2011-4109, + CVE-2012-0884, CVE-2012-2110 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +0. Revision History + +v1.0 2012-05-02 Initial release. +v1.1 2012-05-30 Updated patch to add SGC and BUF_MEM_grow_clean(3) bug + fixes. + +I. Background + +FreeBSD includes software from the OpenSSL Project. The OpenSSL Project is +a collaborative effort to develop a robust, commercial-grade, full-featured +Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) +and Transport Layer Security (TLS v1) protocols as well as a full-strength +general purpose cryptography library. + +II. Problem Description + +OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0 +records when operating as a client or a server that accept SSL 3.0 +handshakes. As a result, in each record, up to 15 bytes of uninitialized +memory may be sent, encrypted, to the SSL peer. This could include +sensitive contents of previously freed memory. [CVE-2011-4576] + +OpenSSL support for handshake restarts for server gated cryptography (SGC) +can be used in a denial-of-service attack. [CVE-2011-4619] + +If an application uses OpenSSL's certificate policy checking when +verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK +flag, a policy check failure can lead to a double-free. [CVE-2011-4109] + +A weakness in the OpenSSL PKCS #7 code can be exploited using +Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the +million message attack (MMA). [CVE-2012-0884] + +The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp +functions, in OpenSSL contains multiple integer errors that can cause +memory corruption when parsing encoded ASN.1 data. This error can occur +on systems that parse untrusted ASN.1 data, such as X.509 certificates +or RSA public keys. [CVE-2012-2110] + +III. Impact + +Sensitive contents of the previously freed memory can be exposed +when communicating with a SSL 3.0 peer. However, FreeBSD OpenSSL +version does not support SSL_MODE_RELEASE_BUFFERS SSL mode and +therefore have a single write buffer per connection. That write buffer +is partially filled with non-sensitive, handshake data at the beginning +of the connection and, thereafter, only records which are longer than +any previously sent record leak any non-encrypted data. This, combined +with the small number of bytes leaked per record, serves to limit to +severity of this issue. [CVE-2011-4576] + +Denial of service can be caused in the OpenSSL server application +supporting server gated cryptography by performing multiple handshake +restarts. [CVE-2011-4619] + +The double-free, when an application performs X509 certificate policy +checking, can lead to denial of service in that application. +[CVE-2011-4109] + +A weakness in the OpenSSL PKCS #7 code can lead to a successful +Bleichenbacher attack. Only users of PKCS #7 decryption operations are +affected. A successful attack needs on average 2^20 messages. In +practice only automated systems will be affected as humans will not be +willing to process this many messages. SSL/TLS applications are not +affected. [CVE-2012-0884] + +The vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead +to a potentially exploitable attack via buffer overflow. The SSL/TLS +code in OpenSSL is not affected by this issue, nor are applications +using the memory based ASN.1 functions. There are no applications in +FreeBSD base system affected by this issue, though some 3rd party +consumers of these functions might be vulnerable when processing +untrusted ASN.1 data. [CVE-2012-2110] + +The patch provided with the initial version of this advisory introduced +bug to the Server Gated Cryptography (SGC) handshake code, that could +cause SGC handshake to fail for a legitimate client. The updated patch +also fixes the return error code in the BUF_MEM_grow_clean(3) function in the +buffer size check code introduced by the CVE-2012-2110 fix. + +IV. Workaround + +No workaround is available. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE, +or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0 +security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, 8.3, +8.2, 8.1, and 9.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl2.patch +# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl2.patch.asc + +NOTE: The patch distributed at the time of the original advisory fixed +the security vulnerability, but introduced a bug to the SGC handshake +code that can cause the SGC handshake to fail for a legitimate client. +Systems to which the original patch was applied should be patched with +the following corrective patch, which contains only the additional +changes required to fix the newly-introduced SGC handshake bug. The +updated patch also corrects an error code for an error check introduced +in the original patch. + +# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl-sgc-fix.patch +# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl-sgc-fix.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile the operating system as described in + and reboot the +system. + +NOTE: Any third-party applications, including those installed from the +FreeBSD ports collection, which are statically linked to libcrypto(3) +should be recompiled in order to use the corrected code. + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or +9.0-RELEASE on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.3 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.2 + src/crypto/openssl/crypto/mem.c 1.1.1.8.2.2 + src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.2 + src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.2 + src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.2.1 + src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.3 + src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.3 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.2 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.8 + src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.2 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.10 + src/sys/conf/newvers.sh 1.72.2.18.2.13 + src/crypto/openssl/crypto/buffer/buffer.c 1.1.1.4.2.1.2.2 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.2.1.2.1 + src/crypto/openssl/crypto/mem.c 1.1.1.8.2.1.2.1 + src/crypto/openssl/crypto/x509v3/pcy_map.c 1.1.1.1.2.1.2.1 + src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.1.1.2.2.1.2.1 + src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.20.1 + src/crypto/openssl/ssl/ssl.h 1.1.1.16.2.2.2.1 + src/crypto/openssl/ssl/ssl_err.c 1.1.1.11.2.2.2.1 + src/crypto/openssl/ssl/s3_enc.c 1.1.1.13.2.1.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.1.1.17.2.5.2.2 + src/crypto/openssl/ssl/ssl3.h 1.1.1.6.2.1.2.1 +RELENG_8 + src/crypto/openssl/crypto/buffer/buffer.c 1.2.2.2 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.2 + src/crypto/openssl/crypto/mem.c 1.2.2.1 + src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.2.1 + src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.2 + src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.10.1 + src/crypto/openssl/ssl/ssl.h 1.2.2.2 + src/crypto/openssl/ssl/ssl_err.c 1.2.2.2 + src/crypto/openssl/ssl/s3_enc.c 1.2.2.2 + src/crypto/openssl/ssl/s3_srvr.c 1.3.2.6 + src/crypto/openssl/ssl/ssl3.h 1.2.2.2 +RELENG_8_3 + src/UPDATING 1.632.2.26.2.4 + src/sys/conf/newvers.sh 1.83.2.15.2.6 + src/crypto/openssl/crypto/buffer/buffer.c 1.2.14.2 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.4.1 + src/crypto/openssl/crypto/mem.c 1.2.14.1 + src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.14.1 + src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.6.1 + src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.26.1 + src/crypto/openssl/ssl/ssl.h 1.2.2.1.6.1 + src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.6.1 + src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.3.2.4.2.2 + src/crypto/openssl/ssl/ssl3.h 1.2.2.1.6.1 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.10 + src/sys/conf/newvers.sh 1.83.2.12.2.13 + src/crypto/openssl/crypto/buffer/buffer.c 1.2.8.2 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.10.1.2.1 + src/crypto/openssl/crypto/mem.c 1.2.8.1 + src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.8.1 + src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.4.1 + src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.18.1 + src/crypto/openssl/ssl/ssl.h 1.2.2.1.4.1 + src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.4.1 + src/crypto/openssl/ssl/s3_enc.c 1.2.2.1.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.3.2.3.2.2 + src/crypto/openssl/ssl/ssl3.h 1.2.2.1.4.1 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.13 + src/sys/conf/newvers.sh 1.83.2.10.2.14 + src/crypto/openssl/crypto/buffer/buffer.c 1.2.6.2 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.1.1.13.16.1 + src/crypto/openssl/crypto/mem.c 1.2.6.1 + src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.6.1 + src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.2.2.1.2.1 + src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.16.1 + src/crypto/openssl/ssl/ssl.h 1.2.2.1.2.1 + src/crypto/openssl/ssl/ssl_err.c 1.2.2.1.2.1 + src/crypto/openssl/ssl/s3_enc.c 1.2.6.1 + src/crypto/openssl/ssl/s3_srvr.c 1.3.2.2.2.2 + src/crypto/openssl/ssl/ssl3.h 1.2.2.1.2.1 +RELENG_9 + src/crypto/openssl/crypto/buffer/buffer.c 1.2.10.2 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.2.1 + src/crypto/openssl/crypto/mem.c 1.2.10.1 + src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.10.1 + src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.2.1 + src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.22.1 + src/crypto/openssl/ssl/ssl.h 1.3.2.1 + src/crypto/openssl/ssl/ssl_err.c 1.3.2.1 + src/crypto/openssl/ssl/s3_enc.c 1.3.2.1 + src/crypto/openssl/ssl/s3_srvr.c 1.7.2.2 + src/crypto/openssl/ssl/ssl3.h 1.3.2.1 +RELENG_9_0 + src/UPDATING 1.702.2.4.2.4 + src/sys/conf/newvers.sh 1.95.2.4.2.6 + src/crypto/openssl/crypto/buffer/buffer.c 1.2.12.2 + src/crypto/openssl/crypto/pkcs7/pk7_doit.c 1.2.4.1 + src/crypto/openssl/crypto/mem.c 1.2.12.1 + src/crypto/openssl/crypto/x509v3/pcy_map.c 1.2.12.1 + src/crypto/openssl/crypto/x509v3/pcy_tree.c 1.3.4.1 + src/crypto/openssl/crypto/asn1/a_d2i_fp.c 1.1.1.3.24.1 + src/crypto/openssl/ssl/ssl.h 1.3.4.1 + src/crypto/openssl/ssl/ssl_err.c 1.3.4.1 + src/crypto/openssl/ssl/s3_enc.c 1.3.4.1 + src/crypto/openssl/ssl/s3_srvr.c 1.7.4.2 + src/crypto/openssl/ssl/ssl3.h 1.3.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r236304 +releng/7.4/ r236304 +stable/8/ r236304 +releng/8.3/ r236304 +releng/8.2/ r236304 +releng/8.1/ r236304 +stable/9/ r236304 +releng/9.0/ r236304 +- ------------------------------------------------------------------------- + +VII. References + +http://www.openssl.org/news/secadv_20120419.txt +http://www.openssl.org/news/secadv_20120312.txt +http://www.openssl.org/news/secadv_20120104.txt +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884 +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110 +http://lists.openwall.net/full-disclosure/2012/04/19/4 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-12:01.openssl.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (FreeBSD) + +iEYEARECAAYFAk/GEsMACgkQFdaIBMps37IOkwCgj6lSWidx+sk/C/seNNBmQfN8 +36sAn2OQg0TEYq9xPf8yd0hrPICuDyGK +=T8ip +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-12:02.crypt.asc b/share/security/advisories/FreeBSD-SA-12:02.crypt.asc new file mode 100644 index 0000000000..8ef7f56745 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-12:02.crypt.asc @@ -0,0 +1,155 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-12:02.crypt Security Advisory + The FreeBSD Project + +Topic: Incorrect crypt() hashing + +Category: core +Module: libcrypt +Announced: 2012-05-30 +Credits: Rubin Xu, Joseph Bonneau, Donting Yu +Affects: All supported versions of FreeBSD. +Corrected: 2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE) + 2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8) + 2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE) + 2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2) + 2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8) + 2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10) + 2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE) + 2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2) +CVE Name: CVE-2012-2143 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +The crypt(3) function performs password hashing with additional code added +to deter key search attempts. + +II. Problem Description + +There is a programming error in the DES implementation used in crypt() +when handling input which contains characters that can not be represented +with 7-bit ASCII. + +III. Impact + +When the input contains characters with only the most significant bit set +(0x80), that character and all characters after it will be ignored. + +IV. Workaround + +No workaround is available, but systems not using crypt(), or which only +use it to handle 7-bit ASCII are not vulnerable. Note that, because +DES does not have the computational complexity to defeat brute force +search on modern computers, it is not recommended for new applications. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, +or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 +security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, +8.3, 8.2, 8.1 and 9.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-12:02/crypt.patch +# fetch http://security.FreeBSD.org/patches/SA-12:02/crypt.patch.asc + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/libcrypt +# make obj && make depend && make && make install + +NOTE: On the amd64 platform, the above procedure will not update the +lib32 (i386 compatibility) libraries. On amd64 systems where the i386 +compatibility libraries are used, the operating system should instead +be recompiled as described in + + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, +or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/secure/lib/libcrypt/crypt-des.c 1.16.24.1 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.10 + src/sys/conf/newvers.sh 1.72.2.18.2.13 + src/secure/lib/libcrypt/crypt-des.c 1.16.40.2 +RELENG_8 + src/secure/lib/libcrypt/crypt-des.c 1.16.36.2 +RELENG_8_3 + src/UPDATING 1.632.2.26.2.4 + src/sys/conf/newvers.sh 1.83.2.15.2.6 + src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.8.2 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.10 + src/sys/conf/newvers.sh 1.83.2.12.2.13 + src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.6.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.13 + src/sys/conf/newvers.sh 1.83.2.10.2.14 + src/secure/lib/libcrypt/crypt-des.c 1.16.36.1.4.2 +RELENG_9 + src/secure/lib/libcrypt/crypt-des.c 1.16.42.2 +RELENG_9_0 + src/UPDATING 1.702.2.4.2.4 + src/sys/conf/newvers.sh 1.95.2.4.2.6 + src/secure/lib/libcrypt/crypt-des.c 1.16.42.1.2.2 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r236304 +releng/7.4/ r236304 +stable/8/ r236304 +releng/8.3/ r236304 +releng/8.2/ r236304 +releng/8.1/ r236304 +stable/9/ r236304 +releng/9.0/ r236304 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-12:02.crypt.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (FreeBSD) + +iEYEARECAAYFAk/GEsoACgkQFdaIBMps37JSYQCfZGZceQY4D53qgR9JbI79ZNht +/GIAnjnhxlCnF27cWOhqxkkTWM6f45IM +=7CVu +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-12:03.bind.asc b/share/security/advisories/FreeBSD-SA-12:03.bind.asc new file mode 100644 index 0000000000..fbef9f5ec3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-12:03.bind.asc @@ -0,0 +1,176 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-12:03.bind Security Advisory + The FreeBSD Project + +Topic: Incorrect handling of zero-length RDATA fields in named(8) + +Category: contrib +Module: bind +Announced: 2012-06-12 +Credits: Dan Luther, Jeffrey A. Spain +Affects: All supported versions of FreeBSD +Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE) + 2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9) + 2012-06-04 22:21:55 UTC (RELENG_8, 8.3-STABLE) + 2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3) + 2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9) + 2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11) + 2012-06-04 22:14:33 UTC (RELENG_9, 9.0-STABLE) + 2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3) +CVE Name: CVE-2012-1667 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +II. Problem Description + +The named(8) server does not properly handle DNS resource records where +the RDATA field is zero length, which may cause various issues for the +servers handling them. + +III. Impact + +Resolving servers may crash or disclose some portion of memory to the +client. Authoritative servers may crash on restart after transferring a +zone containing records with zero-length RDATA fields. These would +result in a denial of service, or leak of sensitive information. + +IV. Workaround + +No workaround is available, but systems not running the BIND name +server are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, +or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 +security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, +8.3, 8.2, 8.1 and 9.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[FreeBSD 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, and 8.1-RELEASE] +# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch.asc + +[FreeBSD 9.0-RELEASE] +# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch +# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind/ +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, +or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +4) Install and run BIND from the Ports Collection after the correction +date. The following versions and newer versions of BIND installed from +the Ports Collection are not affected by this vulnerability: + + bind96-9.6.3.1.ESV.R7.1 + bind97-9.7.6.1 + bind98-9.8.3.1 + bind99-9.9.1.1 + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/contrib/bind9/lib/dns/rdata.c 1.1.1.5.2.4 + src/contrib/bind9/lib/dns/rdataslab.c 1.1.1.2.2.5 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.11 + src/sys/conf/newvers.sh 1.72.2.18.2.14 + src/contrib/bind9/lib/dns/rdata.c 1.1.1.5.2.1.2.1 + src/contrib/bind9/lib/dns/rdataslab.c 1.1.1.2.2.3.2.1 +RELENG_8 + src/contrib/bind9/lib/dns/rdata.c 1.2.2.4 + src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.5 +RELENG_8_3 + src/UPDATING 1.632.2.26.2.5 + src/sys/conf/newvers.sh 1.83.2.15.2.7 + src/contrib/bind9/lib/dns/rdata.c 1.2.2.2.2.1 + src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.3.2.1 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.11 + src/sys/conf/newvers.sh 1.83.2.12.2.14 + src/contrib/bind9/lib/dns/rdata.c 1.2.8.1 + src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.2.2.1 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.14 + src/sys/conf/newvers.sh 1.83.2.10.2.15 + src/contrib/bind9/lib/dns/rdata.c 1.2.6.1 + src/contrib/bind9/lib/dns/rdataslab.c 1.2.2.1.2.1 +RELENG_9 + src/contrib/bind9/lib/dns/rdata.c 1.5.2.2 + src/contrib/bind9/lib/dns/rdataslab.c 1.7.2.2 +RELENG_9_0 + src/UPDATING 1.702.2.4.2.5 + src/sys/conf/newvers.sh 1.95.2.4.2.7 + src/contrib/bind9/lib/dns/rdata.c 1.5.4.1 + src/contrib/bind9/lib/dns/rdataslab.c 1.7.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r236953 +releng/7.4/ r236953 +stable/8/ r236590 +releng/8.3/ r236953 +releng/8.2/ r236953 +releng/8.1/ r236953 +stable/9/ r236587 +releng/9.0/ r236953 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667 +http://www.isc.org/software/bind/advisories/cve-2012-1667 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-12:03.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.12 (FreeBSD) + +iEYEARECAAYFAk/XQGEACgkQFdaIBMps37LU+gCfcP1MdQy8s5gjNWJfW+BiP6oI +CWkAnRZzIRxAKWgD2spPAuBu04S9ZQkA +=aI2g +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-12:04.sysret.asc b/share/security/advisories/FreeBSD-SA-12:04.sysret.asc new file mode 100644 index 0000000000..14a4d1263c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-12:04.sysret.asc @@ -0,0 +1,177 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-12:04.sysret Security Advisory + The FreeBSD Project + +Topic: Privilege escalation when returning from kernel + +Category: core +Module: sys_amd64 +Announced: 2012-06-12 +Credits: Rafal Wojtczuk, John Baldwin +Affects: All supported versions of FreeBSD +Corrected: 2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE) + 2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9) + 2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE) + 2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3) + 2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9) + 2012-06-18 21:00:54 UTC (RELENG_8_1, 8.1-RELEASE-p12) + 2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE) + 2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3) +CVE Name: CVE-2012-0217 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +0. Revision History + +v1.0 2012-06-12 Initial release. +v1.1 2012-06-19 Corrected patch FreeBSD 8.1. + +I. Background + +The FreeBSD operating system implements a rings model of security, where +privileged operations are done in the kernel, and most applications +request access to these operations by making a system call, which puts +the CPU into the required privilege level and passes control to the +kernel. + +II. Problem Description + +FreeBSD/amd64 runs on CPUs from different vendors. Due to varying +behaviour of CPUs in 64 bit mode a sanity check of the kernel may be +insufficient when returning from a system call. + +III. Impact + +Successful exploitation of the problem can lead to local kernel privilege +escalation, kernel data corruption and/or crash. + +To exploit this vulnerability, an attacker must be able to run code with user +privileges on the target system. + +IV. Workaround + +No workaround is available. + +However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this +particular problem. + +Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386 +kernel are not vulnerable, nor are systems running on different +processor architectures. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, +or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 +security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, +8.3, 8.2, 8.1 and 9.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +[7.4, 8.3, 8.2, 9.0] +# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch +# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc + +[8.1] +# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch +# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch.asc + +[8.1 if original sysret.patch has been applied] +# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch +# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch.asc + +b) Apply the patch. + +# cd /usr/src +# patch < /path/to/patch + +c) Recompile your kernel as described in + and reboot the +system. + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, +or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/sys/amd64/amd64/trap.c 1.319.2.14 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.11 + src/sys/conf/newvers.sh 1.72.2.18.2.14 + src/sys/amd64/amd64/trap.c 1.319.2.12.2.2 +RELENG_8 + src/sys/amd64/amd64/trap.c 1.332.2.24 +RELENG_8_3 + src/UPDATING 1.632.2.26.2.5 + src/sys/conf/newvers.sh 1.83.2.15.2.7 + src/sys/amd64/amd64/trap.c 1.332.2.21.2.2 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.11 + src/sys/conf/newvers.sh 1.83.2.12.2.14 + src/sys/amd64/amd64/trap.c 1.332.2.14.2.2 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.15 + src/sys/conf/newvers.sh 1.83.2.10.2.16 + src/sys/amd64/amd64/trap.c 1.332.2.10.2.3 +RELENG_9 + src/sys/amd64/amd64/trap.c 1.357.2.9 +RELENG_9_0 + src/UPDATING 1.702.2.4.2.5 + src/sys/conf/newvers.sh 1.95.2.4.2.7 + src/sys/amd64/amd64/trap.c 1.357.2.2.2.3 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r236953 +releng/7.4/ r236953 +stable/8/ r236953 +releng/8.3/ r236953 +releng/8.2/ r236953 +releng/8.1/ r237242 +stable/9/ r236953 +releng/9.0/ r236953 +- ------------------------------------------------------------------------- + +VII. References + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 + +iEYEARECAAYFAk/gjHQACgkQFdaIBMps37KutQCgkcp+lqFuJ3/fQKUemn80suW5 +u/wAn2VLxY5LoUPNsN2eUHYB4GMz0AHl +=tQOk +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-12:05.bind.asc b/share/security/advisories/FreeBSD-SA-12:05.bind.asc new file mode 100644 index 0000000000..7d23439592 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-12:05.bind.asc @@ -0,0 +1,176 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SA-12:05.bind Security Advisory + The FreeBSD Project + +Topic: named(8) DNSSEC validation Denial of Service + +Category: contrib +Module: bind +Announced: 2012-08-06 +Credits: Einar Lonn of IIS.se +Affects: All supported versions of FreeBSD +Corrected: 2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE) + 2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10) + 2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE) + 2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4) + 2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10) + 2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13) + 2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE) + 2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4) +CVE Name: CVE-2012-3817 + +For general information regarding FreeBSD Security Advisories, +including descriptions of the fields above, security branches, and the +following sections, please visit . + +I. Background + +BIND 9 is an implementation of the Domain Name System (DNS) protocols. +The named(8) daemon is an Internet Domain Name Server. + +DNS Security Extensions (DNSSEC) provides data integrity, origin +authentication and authenticated denial of existence to resolvers. + +II. Problem Description + +BIND 9 stores a cache of query names that are known to be failing due +to misconfigured name servers or a broken chain of trust. Under high +query loads, when DNSSEC validation is active, it is possible for a +condition to arise in which data from this cache of failing queries +could be used before it was fully initialized, triggering an assertion +failure. + +III. Impact + +A remote attacker that is able to generate high volume of DNSSEC +validation enabled queries can trigger the assertion failure that causes +it to crash, resulting in a denial of service. + +IV. Workaround + +No workaround is available, but systems not running the BIND resolving +name server with dnssec-validation enabled are not affected. + +V. Solution + +Perform one of the following: + +1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE, +or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 +security branch dated after the correction date. + +2) To update your vulnerable system via a source code patch: + +The following patches have been verified to apply to FreeBSD 7.4, +8.3, 8.2, 8.1 and 9.0 systems. + +a) Download the relevant patch from the location below, and verify the +detached PGP signature using your PGP utility. + +# fetch http://security.FreeBSD.org/patches/SA-12:05/bind.patch +# fetch http://security.FreeBSD.org/patches/SA-12:05/bind.patch.asc + +b) Execute the following commands as root: + +# cd /usr/src +# patch < /path/to/patch +# cd /usr/src/lib/bind/dns +# make obj && make depend && make && make install +# cd /usr/src/usr.sbin/named +# make obj && make depend && make && make install + +3) To update your vulnerable system via a binary patch: + +Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, +or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the +freebsd-update(8) utility: + +# freebsd-update fetch +# freebsd-update install + +4) Install and run BIND from the Ports Collection after the correction +date. The following versions and newer versions of BIND installed from +the Ports Collection are not affected by this vulnerability: + + bind96-9.6.3.1.ESV.R7.2 + bind97-9.7.6.2 + bind98-9.8.3.2 + bind99-9.9.1.2 + +VI. Correction details + +The following list contains the revision numbers of each file that was +corrected in FreeBSD. + +CVS: + +Branch Revision + Path +- ------------------------------------------------------------------------- +RELENG_7 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.11 +RELENG_7_4 + src/UPDATING 1.507.2.36.2.12 + src/sys/conf/newvers.sh 1.72.2.18.2.15 + src/contrib/bind9/lib/dns/resolver.c 1.1.1.9.2.8.2.1 +RELENG_8 + src/contrib/bind9/CHANGES 1.9.2.15 + src/contrib/bind9/lib/dns/resolver.c 1.3.2.6 + src/contrib/bind9/lib/dns/zone.c 1.6.2.10 + src/contrib/bind9/lib/isc/random.c 1.2.2.4 + src/contrib/bind9/version 1.9.2.15 +RELENG_8_3 + src/UPDATING 1.632.2.26.2.6 + src/sys/conf/newvers.sh 1.83.2.15.2.8 + src/contrib/bind9/lib/dns/resolver.c 1.6.2.7.2.1 +RELENG_8_2 + src/UPDATING 1.632.2.19.2.12 + src/sys/conf/newvers.sh 1.83.2.12.2.15 + src/contrib/bind9/lib/dns/resolver.c 1.6.2.4.2.1 +RELENG_8_1 + src/UPDATING 1.632.2.14.2.16 + src/sys/conf/newvers.sh 1.83.2.10.2.17 + src/contrib/bind9/lib/dns/resolver.c 1.6.2.3.2.1 +RELENG_9 + src/contrib/bind9/CHANGES 1.21.2.5 + src/contrib/bind9/lib/dns/resolver.c 1.15.2.3 + src/contrib/bind9/lib/dns/zone.c 1.7.2.3 + src/contrib/bind9/version 1.21.2.5 +RELENG_9_0 + src/UPDATING 1.702.2.4.2.6 + src/sys/conf/newvers.sh 1.95.2.4.2.8 + src/contrib/bind9/lib/dns/resolver.c 1.15.4.1 +- ------------------------------------------------------------------------- + +Subversion: + +Branch/path Revision +- ------------------------------------------------------------------------- +stable/7/ r239108 +releng/7.4/ r239108 +stable/8/ r238749 +releng/8.3/ r239108 +releng/8.2/ r239108 +releng/8.1/ r239108 +stable/9/ r238756 +releng/9.0/ r239108 +- ------------------------------------------------------------------------- + +VII. References + +https://kb.isc.org/article/AA-00729 + +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817 + +The latest revision of this advisory is available at +http://security.FreeBSD.org/advisories/FreeBSD-SA-12:05.bind.asc +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 + +iEYEARECAAYFAlAgP6kACgkQFdaIBMps37KLuQCfdF1xHFsD5vgeWKeTfPo1z0UG +XN8AnRZQy5itaoFPFALXoDy3ZnZ5qA1t +=hvTi +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:01.sliplogin.asc b/share/security/advisories/FreeBSD-SA-96:01.sliplogin.asc new file mode 100644 index 0000000000..d4b6031a8f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:01.sliplogin.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:01 Security Advisory +Revised: Wed May 22 00:18:51 PDT 1996 FreeBSD, Inc. + +Topic: sliplogin unauthorized access vulnerability + +Category: core +Module: sliplogin +Announced: 1996-04-21 +Affects: FreeBSD 2.0.5 and 2.1.0 systems where sliplogin may + be invoked as a user shell (in /etc/passwd entries). +Corrected: 1996-04-21 -stable and -current sources +Source: Generic BSD bug +FreeBSD only: no + +Reference: AUSCERT Advisory correspondence + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:01/ + +============================================================================= + +I. Background + + A bug was found in the sliplogin program. The program did + not properly restrict the environment used when invoking + child processes. This problem is present in all source code + and binary distributions of FreeBSD version 2.0.5 and 2.1 + released before 1996-04-21. + + +II. Problem Description + + The sliplogin program is used to allow a remote user to dial + into a FreeBSD system and start a SLIP connection. The sliplogin + program is typically used as replacement user "shell" in this + application. The sliplogin program invokes a child process that + may be compromised through the passing of certain environment + variables. + + +III. Impact + + The problem could allow local users to gain unauthorized access + to a system or provide unauthorized access to remote users. + This problem is only exploitable on systems where the sliplogin + program has been configured to be invoked at login time (e.g. as + a user shell in /etc/passwd entries). + +IV. Solution(s) + + The following patch to sliplogin.c eliminates this vulnerability. + + *** sliplogin.c 1996/01/06 07:19:55 1.3.4.1 + --- sliplogin.c 1996/04/24 20:20:00 1.3.4.2 + *************** + *** 88,93 **** + --- 88,100 ---- + #include + #include "pathnames.h" + + + extern char **environ; + + + + static char *restricted_environ[] = { + + "PATH=" _PATH_STDPATH, + + NULL + + }; + + + int unit; + int slip_mode; + speed_t speed; + *************** + *** 123,128 **** + --- 130,137 ---- + char user[16]; + char buf[128]; + int i, j, n; + + + + environ = restricted_environ; /* minimal protection for system() */ + + (void)strcpy(loginname, name); + if ((fp = fopen(_PATH_ACCESS, "r")) == NULL) { + + +V. Workaround + + This vulnerability can quickly and easily be limited by disabling + any account that has sliplogin as the user shell in /etc/passwd or + by disabling access to the sliplogin command. + + As root, execute the command: + + # chmod 000 /usr/sbin/mount_union + + then verify that all access permission to the file has been + disabled. The permissions array should read "----------" as + shown here: + + # ls -l /usr/sbin/sliplogin + ---------- 1 root bin 16384 Apr 26 04:47 /usr/sbin/sliplogin + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMaLAiVUuHi5z0oilAQFjMQQAlBJ/nnV0+FpmAdxkn1e3wr97oXPoGLfz +hKbTHbQACcsYAJBZXItC8gGxwbDze0H06PidR81anVOch8pkthRbam6rYNWUsAwZ +2PyWy7Q8pmeBz0vVhUYKQgLFWFzSdibvPJQjNA53uUvKymJHvEUeDj8MigQdxcvh +2MkW1XGtVyQ= +=8oT/ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:02.apache.asc b/share/security/advisories/FreeBSD-SA-96:02.apache.asc new file mode 100644 index 0000000000..9b59c7780a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:02.apache.asc @@ -0,0 +1,93 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:02 Security Advisory + FreeBSD, Inc. + +Topic: apache httpd meta-character escaping + +Category: port +Module: apache +Announced: 1996-04-22 +Affects: FreeBSD 2.0.5 and 2.1.0 ports/packages distributions + with apache http daemon installed an enabled +Corrected: 1996-04-21 ports source code +Source: Generic apache distribution bug +FreeBSD only: no + +Reference: CERT Advisory CA-96.06.cgi_example_code + (warning: CERT's advisory is incomplete) + +Patches: no patches available, see below for update + +============================================================================= + +I. Background + + A bug was found in the apache daemon that may allow remote + users to obtain unauthorized access to a machine running + apache httpd. + + +II. Problem Description + + Versions of the apache http daemon before release 1.05 do + not properly restrict shell meta-characters transmitted to + the daemon via form input (via GET or POST). + + +III. Impact + + The problem could allow remote users to gain unauthorized access + to a system. This problem is only exploitable on systems where + the apache http daemon has been installed and is enabled. + + The apache http daemon is not installed or enabled by default + but is a common package that many FreeBSD users may have chosen + to install. + +IV. Solution(s) + + The Apache Group released version 1.05 of the daemon which fixes + this vulnerability. The FreeBSD Project updated the ports and + packages system to use this new daemon. + + Interested parties may obtain an updated pre-compiled FreeBSD + package from: + + ftp://ftp.freebsd.org/pub/FreeBSD/packages-current/www/apache-1.0.5.tgz + + and an updated "automatic port" from the directory hierarchy: + + ftp://ftp.freebsd.org/pub/FreeBSD/ports-current/www/apache.tar.gz + +V. Workaround + + This vulnerability can only be eliminated by updating to a more recent + version of apache or by disabling apache httpd. + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMaLAi1UuHi5z0oilAQHqiQP/VKL3RhyNc3jmYyH6ydteiQUQ1+t7boqr +304LP9g3ifq/cdxDwjbR4joiVjTNsqvOE1LQryI0qHq6nFPqGBsnHZI+thYGNYdI +rjKOMRPF2VbzFx0W7mdvnQLxfCcU8Ma3A0zlub5hhqvN2gg3RVTXNYnF2FHIFL77 +cVdx+nVibo8= +=tNpA +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:03.sendmail-suggestion.asc b/share/security/advisories/FreeBSD-SA-96:03.sendmail-suggestion.asc new file mode 100644 index 0000000000..e1fcc266d9 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:03.sendmail-suggestion.asc @@ -0,0 +1,113 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:03 Security Advisory + FreeBSD, Inc. + +Topic: *suggested action only* sendmail smrsh now available + +Category: core +Module: sendmail +Announced: 1996-04-20 +Affects: FreeBSD 2.1.0 and earlier distributions +Corrected: 1996-04-21 2.2-current and 2.1-stable sources +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:03/ + +============================================================================= + +I. Background + + The sendmail mail transfer agent has a rather poor reputation + for security related problems. FreeBSD ships a version of + sendmail that has all known security problems fixed, but this + doesn't mean there won't be more found in the future. + + The author of sendmail recognized this posibility and has + included a new utility called "smrsh". The FreeBSD Project + would like to encourage system administrators to use this + utility as a hedge against future possible security holes. + + +II. Problem Description + + Sendmail has the ability to deliver mail to a program on the + local system via a pipe. This feature is often used to + support automatic mail filtering and vacation programs. + + This provides a very flexible way to deliver information to + an automated task running on a mailserver. Unfortunately, + this allows unprivileged users to write tasks that may not + properly check for common attacks via the program delivery + system. + + The next release of FreeBSD will now install the sendmail + restricted shell utility, smrsh in /usr/libexec and create + the directory /usr/libexec/sm.bin to hold programs that + may be executed by sendmail to deliver mail to pipes. + + +III. Impact + + There is no known security impact on FreeBSD systems at the + of this document's publication. There is no direct requirement + to install the smrsh utility. + + The FreeBSD Project suggests using smrsh in conjunction with + sendmail in environments where the local system administrator + believes there is a need to protect against as-of-yet undiscovered + security holes in sendmail. + + Use of this utility is /not/ enabled by default in standard + sendmail configuration files distributed by FreeBSD to retain + backwards compatibility with previous sendmail operation. Use + of this utility may break functionality that users expect. + Please read the smrsh(8) manual page and/or the README file in + /usr/src/usr.sbin/sendmail/smrsh BEFORE attempting to use smrsh. + + +IV. Solution(s) + + This program is available in the 2.1-stable and 2.2-current + source code distributions. It is not compiled, installed, + or enabled in FreeBSD 2.1.0 by default. + + The Apache Group released version 1.05 of the daemon which fixes + this vulnerability. The FreeBSD Project updated the ports and + packages system to use this new daemon. + + Interested parties may obtain an updated pre-compiled FreeBSD + package from: + + ftp://ftp.freebsd.org/pub/FreeBSD/packages-current/www/apache-1.0.5.tgz + + and an updated "automatic port" from the directory hierarchy: + + ftp://ftp.freebsd.org/pub/FreeBSD/ports-current/www/apache.tar.gz + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMaLAjlUuHi5z0oilAQFXzAP/ZV0BgEsoyM2xylQgTPWWTh4pZl6kMtqn +lFaxkgkcO7d8nAVfLNcmhkIGtEU471uR1qb13MST7QQQ2oNBq63955aomMcNbphY +LqXx0IpLbYZWjR5A3bbFRmxKZGkNQOzOpZCAF1GA5+ElTw4fpJ2kWRmRiZLAdPWe +btD3OFRGXIM= +=yYqF +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:08.syslog.asc b/share/security/advisories/FreeBSD-SA-96:08.syslog.asc new file mode 100644 index 0000000000..64dc9a4e7a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:08.syslog.asc @@ -0,0 +1,77 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:08 Security Advisory + FreeBSD, Inc. + +Topic: syslog vulnerability + +Category: core +Module: libc +Announced: 1996-04-21 +Affects: FreeBSD 2.0 and 2.0.5 +Corrected: 1995-10-15 2.2-current and 2.1.0-release sources +Source: Generic BSD bug +FreeBSD only: no + +Reference: CERT CA-95:13.syslog.vul + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:08/ + +============================================================================= + +I. Background + + A problem was found in the syslog(3) library call that affects + FreeBSD 2.0 and FreeBSD 2.0.5 releases. This problem was + fixed prior to the release of FreeBSD 2.1. + + The FreeBSD project is not aware of active exploits of this + vulnerability. + + All FreeBSD users are encouraged to upgrade to a version of + FreeBSD with this vulnerability fixed. + + +II. Problem Description + + Bounds checking for syslog error messages was not being + performed properly. + + +III. Impact + + The problem could be exploited to gain unauthorized access to + a system running sendmail. + + +IV. Solution(s) + + Update operating system sources and binaries to FreeBSD 2.1 or + a later release or apply the patches available at the URL + listed at the top of this bulletin and re-install the C library. + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMaLAkFUuHi5z0oilAQFxEwP/aKhjlldITj2TRdejyyVTyrbLLc8EG3Ws +e8VLwYYfaciMGf9jihZop2MxdVB/wlIR+iy2i04ULV5TUar3aiq0fmRsIxspT4vt +/HcjtrsYX52rzAqkibTTMLRPn3vU9LES1gBZZDPteA4vk43Yo+brJk/bTuxloQTY +PGw0ifIAHHM= +=KBgt +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:09.vfsload.asc b/share/security/advisories/FreeBSD-SA-96:09.vfsload.asc new file mode 100644 index 0000000000..f65fac7a7e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:09.vfsload.asc @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:09 Security Advisory +Revised: Wed May 22 00:20:09 PDT 1996 FreeBSD, Inc. + +Topic: unauthorized access via mount_union / mount_msdos (vfsload) + +Category: core +Module: libc +Announced: 1996-05-17 +Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current +Corrected: 1996-05-17 2.1-stable and 2.2-current sources +Source: FreeBSD native bug +FreeBSD only: yes + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:09/ + +============================================================================= + +I. Background + + A bug was found in the vfsload(3) library call that affects all + versions of FreeBSD from 2.0 through 2.2-CURRENT that caused a + system vulnerability. This problem is present in all source + code and binary distributions of FreeBSD version 2.x released + before 1996-05-18. + + The FreeBSD project is aware of active exploits of this + vulnerability. + + All FreeBSD users are encouraged to use the workaround provided + until they can update their operating system to a version with + this vulnerability fixed. + + +II. Problem Description + + The mount_union and mount_msdos programs invoke another system + utility in an insecure fashion while setuid root. + + +III. Impact + + The problem could allow local users to gain unauthorized + permissions. + + This vulnerability can only be exploited by users with a valid + account on the local system. + + +IV. Solution(s) + + Update operating system sources and binaries to FreeBSD 2.1-stable + or FreeBSD 2.2-current as distributed later than 1996-05-18 or + if you are currently running 2.1 or later, you may apply the + solution patches available at the URL listed at the top of this + message. + + The OS updates fix the actual problem in the vfsload(3) library + routine. Once the vfsload() library routine is fixed, the + workaround listed below is not necessary to solve this problem. + However, an additional stability problem has come to light + (ref. FreeBSD SA-96:10) so the FreeBSD project suggests + using both the setuid workaround and the solution for best results. + +V. Workaround + + This vulnerability can quickly and easily be limited by removing + the setuid permission bit from the mount_union and mount_msdos + program. This workaround will work for all versions of FreeBSD + affected by this problem. + + As root, execute the command: + + # chmod u-s /sbin/mount_union /sbin/mount_msdos + + then verify that the setuid permissions of the files have been + removed. The permissions array should read "-r-xr-xr-x" as + shown here: + + # ls -l /sbin/mount_union /sbin/mount_msdos + -r-xr-xr-x 1 root bin 151552 Apr 26 04:41 /sbin/mount_msdos + -r-xr-xr-x 1 root bin 53248 Apr 26 04:40 /sbin/mount_union + + In addition to changing the permissions on the executable files, + if you have the source code installed, we suggest patching the + sources so that mount_union will not be installed with the + setuid bit set: + + *** /usr/src/sbin/mount_union/Makefile Sun Nov 20 14:47:52 1994 + --- /usr/src/sbin/mount_union/Makefile Fri May 17 10:36:09 1996 + *************** + *** 8,14 **** + CFLAGS+= -I${.CURDIR}/../../sys -I${MOUNT} + .PATH: ${MOUNT} + + - BINOWN= root + - BINMODE=4555 + - + .include + --- 8,11 ---- + *** /usr/src/sbin/i386/mount_msdos/Makefile Sun Dec 4 00:01:24 1994 + --- /usr/src/sbin/i386/mount_msdos/Makefile Fri May 17 11:31:57 1996 + *************** + *** 6,14 **** + SRCS= mount_msdos.c getmntopts.c + MAN8= mount_msdos.8 + + - BINOWN= root + - BINMODE= 4555 + - + MOUNT= ${.CURDIR}/../../mount + CFLAGS+= -I${MOUNT} + .PATH: ${MOUNT} + --- 6,11 ---- + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMaLAklUuHi5z0oilAQG+WgQAnuOvfxwqZOD4fXqGNHiON6klobB6c1mR +8b09G2Thj7BrXgQjHYp+pbOBIbwIXvfbL8rG3FahqtrJpPLZmtQAqVn3LWZ8YAUz +4ne5LDW8domwukynGSKRzjYxEIcYbfIYIBCT+UVYlHdwUBu9xFEWHpheNOanXLsS ++t3DoHXTHtA= +=H0Cg +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:10.mount_union.asc b/share/security/advisories/FreeBSD-SA-96:10.mount_union.asc new file mode 100644 index 0000000000..250714e1bc --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:10.mount_union.asc @@ -0,0 +1,121 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:10 Security Advisory +Revised: Wed May 22 00:20:23 PDT 1996 FreeBSD, Inc. + +Topic: system stability compromise via mount_union program + +Category: core +Module: unionfs +Announced: 1996-05-17 +Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current +Corrected: (workaround) 2.1-stable and 2.2-current as of 1996-05-17 +Source: 4.4BSD (lite) +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:10/ + +============================================================================= + +I. Background + + A bug was found in the union file system code which can allow + an unprivileged local user to compromise system stability. + This problem is present in all source code and binary + distributions of FreeBSD version 2.x released before 1996-05-18. + + All FreeBSD users are encouraged to use the workaround provided + until the FreeBSD Project distributes a full solution. + + +II. Problem Description + + The union filesystem code had problems with certain mount ordering + problems. By executing a certain sequence of mount_union commands, + an unprivileged local user may cause a system reload. + + NOTE: This is a different problem than the one discussed in + FreeBSD SA-96:09. The workaround for this vulnerability is + similar to the one discussed in 96:09, but the proper solution + for the unauthorized access problem in 96:09 does not address + this vulnerability. + + +III. Impact + + The problem could allow local users to compromise system stability. + + This vulnerability can only be exploited by users with a valid + account on the local system. + + +IV. Solution(s) + + The FreeBSD project is currently developing a solution to this + problem, however the proper solution will not be available until + a future FreeBSD release. We do not anticipate releasing patches + for previous versions of FreeBSD due to the extensive nature of this + fix. This security advisory will be updated as new information is + made available. + +V. Workaround + + This vulnerability can quickly and easily be limited by removing + the setuid permission bit from the mount_union program. This + workaround will work for all versions of FreeBSD affected by + this problem. + + As root, execute the command: + + % chmod u-s /sbin/mount_union + + then verify that the setuid permissions of the files have been + removed. The permissions array should read "-r-xr-xr-x" as + shown here: + + % ls -l /sbin/mount_union + -r-xr-xr-x 1 root bin 53248 Apr 26 04:40 /sbin/mount_union + + In addition to changing the permissions on the executable files, + if you have the source code installed, we suggest patching the + sources so that mount_union will not be installed with the + setuid bit set: + + *** /usr/src/sbin/mount_union/Makefile Sun Nov 20 14:47:52 1994 + --- /usr/src/sbin/mount_union/Makefile Fri May 17 10:36:09 1996 + *************** + *** 8,14 **** + CFLAGS+= -I${.CURDIR}/../../sys -I${MOUNT} + .PATH: ${MOUNT} + + - BINOWN= root + - BINMODE=4555 + - + .include + --- 8,11 ---- + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMaLAlFUuHi5z0oilAQEuBAP/ZEUqmnMnEybcJTdwLxheDbOyM7hK6Bvn +Ygc1P1qfrta1vbqZhJX/IxrvEi/igoyvCWOx+8CA6qkDnOVGkzMwhDdy1vmEcRnb +T6Ws6w1nSF2DmDnD+otkIgGVDHgYmJ0V/2g5scPk8EqSdzFTuaUgRIwaqfIS+X7m +aA1Nk+kKso8= +=LE03 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:11.man.asc b/share/security/advisories/FreeBSD-SA-96:11.man.asc new file mode 100644 index 0000000000..1b6a26b13b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:11.man.asc @@ -0,0 +1,118 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:11 Security Advisory +Revised: Wed May 22 00:11:46 PDT 1996 FreeBSD, Inc. + +Topic: security compromise from man page utility + +Category: core +Module: man +Announced: 1996-05-21 +Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current +Corrected: 2.1-stable and 2.2-current as of 1996-05-21 +FreeBSD only: yes + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:11/ + +============================================================================= + +I. Background + + FreeBSD replaced the standard BSD manual page reader with + code developed by a third party to support compressed manual + pages. A bug was found in the manual page reader which can + allow an unprivileged local user to compromise system security + in a limited fashion. This problem is present in all source + code and binary distributions of FreeBSD version 2.x released + before 1996-05-21. + + +II. Problem Description + + The man program is setuid to the "man" user. By executing a + particular sequence of commands, an unprivileged local user + may gain the access privileges of the "man" user. However, + root access could be obtained with further work. + + +III. Impact + + The "man" user has no particular special privileges, it is + the owner of the /usr/share/man/cat[0-9] directory hierarchy. + Unformatted system manual pages are owned by the "bin" user. + However, further exploits once "man" is obtained could + possibly allow a local user to obtain unlimited access via + a trojan horse. + + This vulnerability can only be exploited by users with a valid + account on the local system. + + +IV. Workaround + + One may simply disable the setuid bit on the /usr/bin/man file. + This will disable caching of formatted manual pages, no system + functionality will be lost. This workaround will suffice for + all versions of FreeBSD affected by this problem. + + As root, execute the command: + + # chmod u-s /usr/bin/man + + then verify that the setuid permissions of the files have been + removed. The permissions array should read "-r-xr-xr-x" as + shown here: + + # ls -l /usr/bin/man + -r-xr-xr-x 1 man bin 28672 May 19 20:38 /usr/bin/man + + We also suggest applying the following patch to the source + distribution so that the man program will not be installed + setuid man should you rebuild from sources: + + *** /usr/src/gnu/usr.bin/man/man/Makefile Sun Feb 25 13:39:52 1996 + --- /usr/src/gnu/usr.bin/man/man/Makefile Wed May 22 00:13:05 1996 + *************** + *** 1,7 **** + PROG= man + SRCS= man.c manpath.c glob.c + - BINMODE=4555 + - BINOWN= man + + .if exists(${.CURDIR}/../lib/obj) + LDADD= -L${.CURDIR}/../lib/obj -lman + --- 1,5 ---- + +V. Solution + + The FreeBSD team is in the process of rewriting portions of + the manual program to avoid this and similar vulnerabilities. + This security advisory will be updated when a complete solution + is available. + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMaLAllUuHi5z0oilAQFblwP/atY+PmOBakOsKhWywcPu5LvjaAAH5m8B +3KGrtM/CBGEeFvk4qth8aeoTxLfhNtwrsvvnAAKFvqWbdHNU8CnlRgPKbzpyq+cs +JB5NAaUYiCI9/87qRajpbjNLxJuDiCOUKcuvU/lgKLvr4oZ86ZVSu5uPieVXaJ8L +RVKCjkRnUw8= +=IMYL +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:12.perl.asc b/share/security/advisories/FreeBSD-SA-96:12.perl.asc new file mode 100644 index 0000000000..7688f8a8f3 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:12.perl.asc @@ -0,0 +1,144 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:12 Security Advisory + FreeBSD, Inc. + +Topic: security compromise from perl (suidperl) utility + +Category: core and ports +Module: perl +Announced: 1996-06-28 +Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current +Corrected: 2.1-stable and 2.2-current as of 1996-06-03 +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:12/ + +============================================================================= + +I. Background + + FreeBSD ships perl version 4 as part of the base level system, + in addition, a port for perl version 5 is also provided with + a similar vulnerability. The vulnerability is specific to the + suidperl flavors of perl installed on the system. + + This problem is present in all source code and binary + distributions of FreeBSD version 2.0.5 and later released + before 1996-05-21. This problem is not present in FreeBSD + 2.0 and earlier versions of FreeBSD. + +II. Problem Description + + The authors of perl provide a "suidperl" program for proper + processing of setuid perl scripts on systems where race + conditions where setuid scripts could be exploited to gain + unauthorized access. FreeBSD installs this suidperl program + (and a link) as part of the standard installation. However, + privilege processing done by this program does not take into + account recent functionality extensions in the seteuid/setegid + system calls. + + +III. Impact + + This vulnerability can only be exploited by users with a valid + account on the local system to easily obtain superuser access. + + This vulnerability is present on all systems with the + _POSIX_SAVED_IDS functionality extension where suidperl + has been installed. + + +IV. Workaround + + One may simply disable the setuid bit on all copies of the setuid + version of perl. This will close the vulnerability but render + inoperable setuid perl scripts. No software currently shipping + as part of FreeBSD relies on this functionality so the impact is + only to third party software. + + As root, execute the commands: + + # chmod 111 /usr/bin/suidperl + # chmod 111 /usr/bin/sperl4.036 + + In addition, if you have installed the perl5 port: + # chmod 111 /usr/local/bin/suidperl + # chmod 111 /usr/local/bin/sperl5.001 + + then verify that the setuid permissions of the files have been + removed. The permissions array should read "-r-xr-xr-x" as + shown here: + + # ls -l /usr/bin/s*perl* + ---x--x--x 2 root bin 307200 Jun 1 17:16 /usr/bin/sperl4.036 + ---x--x--x 2 root bin 307200 Jun 1 17:16 /usr/bin/suidperl + + and for the perl5 port: + + # ls -l /usr/local/bin/s*perl* + ---x--x--x 2 root bin 397312 Jan 22 15:15 /usr/local/bin/sperl5.001 + ---x--x--x 2 root bin 397312 Jan 22 15:15 /usr/local/bin/suidperl + + +V. Solution + + *NOTE* A patch for perl is available directly from Larry Wall + (the author of perl) which solves this vulnerability in a + different fashion than the FreeBSD patches. You may apply + either the FreeBSD patches, or Larry's patches, or both. + The patches solve the problem via two different mechanisms. + + Patches are available which eliminate this vulnerability. + The following patch should be applied to the system sources and + suidperl should be rebuilt and reinstalled. + + Apply the patch, then: + # cd /usr/src/gnu/usr.bin/perl/sperl + # make depend + # make all + # make install + + A similar patch is also available for the perl5 port. + Apply the following patch by moving it into the patch + directory for the port distribution and rebuilding and + installing perl5: + + # cd /usr/ports/lang/perl5 + # cp /patch-a[ab] patches + # make all + # make install + + NOTE: These patches do NOT solve the vulnerability for FreeBSD 2.0 + or 2.0.5. These only solve the problem for 2.1 and later. + Patches specific to FreeBSD 2.0 and 2.0.5 are available at + the URL listed at the top of this file. + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBMdOTfFUuHi5z0oilAQEVkAP/cVHgqsW4GNpShs4RDQYvAphA31vTNiE8 +vrfyjpA1GQET/KycQe0xdQWaQ7FF6FwG5ieahHFypqFN2Ze8VW10EuWN/EFhfjh5 +vFnCqOW5r84DraP3ttkdR6WKyQXDwt61QBGiO7FYa03Kz29v3n9TO7W0LS+pAhB1 +cZZwEwUN318= +=M6FK +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:13.comsat.asc b/share/security/advisories/FreeBSD-SA-96:13.comsat.asc new file mode 100644 index 0000000000..73699a140d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:13.comsat.asc @@ -0,0 +1,141 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:13 Security Advisory + FreeBSD, Inc. + +Topic: unauthorized mail reading via comsat + +Category: core +Module: comsat +Announced: 1996-06-05 +Affects: All FreeBSD versions +Corrected: 2.1-stable and 2.2-current as of 1996-06-04 +FreeBSD only: yes + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:13/ + +============================================================================= + +I. Background + + FreeBSD made an extension to the comsat daemon to support + e-mail in alternate locations. A bug was found in this + extension which allows an unprivileged local user to read + portions of other users' mail. + + This problem is present in all source code and binary + distributions of FreeBSD released before 1996-06-03. + + +II. Problem Description + + The comsat daemon does not properly set privileges before + attempting to read mail files for display on a user terminal. + + +III. Impact + + The comsat daemon may be used to read portions of files + in /var/mail that would not normally be accessible to a + particular user. This ability is limited to the /var/mail + directory hierarchy. + + This vulnerability can only be exploited by users with a valid + account on the local system. + + +IV. Workaround + + One may simply disable the comsat daemon in /etc/inetd.conf. + This will disable asynchronous notification of received mail + (biff messages). This workaround will suffice for + all versions of FreeBSD affected by this problem. + + As root, edit the file /etc/inetd.conf and change the line + + comsat dgram udp wait root /usr/libexec/comsat comsat + + to read + + #comsat dgram udp wait root /usr/libexec/comsat comsat + + and then reboot the system or restart the inetd daemon and kill + off any active comsat daemons. + +V. Solution + + The following patch fixes the permissions problem. It should + apply cleanly to all FreeBSD 2.x systems. It has not been tested + with FreeBSD 1.x but this change, if applied by hand, should work. + + --- comsat.c Mon Jun 3 09:07:49 1996 + +++ comsat.c Mon Jun 3 09:17:11 1996 + @@ -73,7 +73,7 @@ + time_t lastmsgtime; + int nutmp, uf; + + -void jkfprintf __P((FILE *, char[], off_t)); + +void jkfprintf __P((FILE *, char[], char[], off_t)); + void mailfor __P((char *)); + void notify __P((struct utmp *, char[], off_t, int)); + void onalrm __P((int)); + @@ -238,15 +238,16 @@ + cr, name, (int)sizeof(hostname), hostname, + folder ? cr : "", folder ? "to " : "", folder ? file : "", + cr, cr); + - jkfprintf(tp, file, offset); + + jkfprintf(tp, name, file, offset); + (void)fclose(tp); + _exit(0); + } + + void + -jkfprintf(tp, name, offset) + +jkfprintf(tp, user, file, offset) + register FILE *tp; + - char name[]; + + char user[]; + + char file[]; + off_t offset; + { + register char *cp, ch; + @@ -256,10 +257,10 @@ + char line[BUFSIZ]; + + /* Set effective uid to user in case mail drop is on nfs */ + - if ((p = getpwnam(name)) != NULL) + + if ((p = getpwnam(user)) != NULL) + (void) setuid(p->pw_uid); + + - if ((fi = fopen(name, "r")) == NULL) + + if ((fi = fopen(file, "r")) == NULL) + return; + + (void)fseek(fi, offset, L_SET); + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMeXtDFUuHi5z0oilAQG7zAP/ZfgIUqi+yBcLTBhoRh0bAeB9GJNlppF/ +rqLtJUdBpDTELjjdE21b+510Uv3j1n9/xKiXgcFRcyV0BuUTyJGA+KbOHAuy5EjZ +3AyoIHC3bAhydQIvDYl9N3RbaH/xbmG4MZoXtIxI7peo+FbMWwRCsDCjjMggk8x1 +s69nLC+n2iw= +=xA6e +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:14.ipfw.asc b/share/security/advisories/FreeBSD-SA-96:14.ipfw.asc new file mode 100644 index 0000000000..c7b15dfeb1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:14.ipfw.asc @@ -0,0 +1,246 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:14 Security Advisory + FreeBSD, Inc. + +Topic: Firewall filter leak with user level ipfw + +Category: core +Module: ipfw +Announced: 1996-06-24 +Affects: FreeBSD -current Feb 24 1996 and later (ipfw.c rev 1.20) + FreeBSD -stable Feb 26 1996 and later (ipfw.c rev 1.15.4.2) +Corrected: Both FreeBSD -current and -stable as of Jun 23 1996 +FreeBSD only: yes + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:14/ + +============================================================================= + +I. Background + + FreeBSD is shipped with packet filtering code. This is implemented + by kernel level modules and user level programs. The user level + program ipfw, used to control the packet filtering code in the + kernel, has a bug in the way packet filter rules are interpreted. + + +II. Problem Description + + A potential problem exists when users specify mask addresses to + ipfw(8) using the address:mask syntax. Specifically, whenever the ':' + syntax is used, the resulting mask is always 0xffffffff. + + +III. Impact + + Whenever the address:mask syntax is used, the actual packet filtering + will differ from the expected filtering thus allowing or denying + more packets through the filter than intended. + + +IV. Workaround + + There is a simple workaround for this problem: Do not use the + address:mask syntax. In stead, use the address/mask syntax. The + implementation of the latter way of specifying masks does not suffer + from the mentioned bug. + +V. Solution + + Apply one of the patches below, depending on your version of + FreeBSD. The patch is against /usr/src/sbin/ipfw/ipfw.c + + The following patch applies to -stable: + + +Index: ipfw.c +=================================================================== +RCS file: /home/ncvs/src/sbin/ipfw/ipfw.c,v +retrieving revision 1.15.4.4 +retrieving revision 1.15.4.5 +diff -u -r1.15.4.4 -r1.15.4.5 +- --- ipfw.c 1996/06/18 02:03:29 1.15.4.4 ++++ ipfw.c 1996/06/23 20:51:37 1.15.4.5 +@@ -15,7 +15,7 @@ + * + * NEW command line interface for IP firewall facility + * +- - * $Id: FreeBSD-SA-96:14.ipfw.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ ++ * $Id: FreeBSD-SA-96:14.ipfw.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + * + */ + +@@ -200,7 +200,7 @@ + } + + if (chain->fw_flg & IP_FW_F_FRAG) +- - printf("frag "); ++ printf(" frag "); + + if (chain->fw_ipopt || chain->fw_ipnopt) { + int _opt_printed = 0; +@@ -321,12 +321,22 @@ + + if (!inet_aton(*av,ipno)) + show_usage("ip number\n"); +- - if (md == ':' && !inet_aton(p,mask)) +- - show_usage("ip number\n"); +- - else if (md == '/') +- - mask->s_addr = htonl(0xffffffff << (32 - atoi(p))); +- - else +- - mask->s_addr = htonl(0xffffffff); ++ switch (md) { ++ case ':': ++ if (!inet_aton(p,mask)) ++ show_usage("ip number\n"); ++ break; ++ case '/': ++ if (atoi(p) == 0) { ++ mask->s_addr = 0; ++ } else { ++ mask->s_addr = htonl(0xffffffff << (32 - atoi(p))); ++ } ++ break; ++ default: ++ mask->s_addr = htonl(0xffffffff); ++ break; ++ } + av++; + ac--; + } +@@ -611,10 +621,9 @@ + break; + case 'N': + do_resolv=1; +- - break; +- - case '?': +- - default: +- - show_usage(NULL); ++ break; ++ default: ++ show_usage(NULL); + } + + ac -= optind; +@@ -645,7 +654,7 @@ + } else { + show_usage(NULL); + } +- - return 0; ++ return 0; + } + + int + + + This one applies to -current: + + +Index: ipfw.c +=================================================================== +RCS file: /home/ncvs/src/sbin/ipfw/ipfw.c,v +retrieving revision 1.26 +retrieving revision 1.27 +diff -u -r1.26 -r1.27 +- --- ipfw.c 1996/06/18 01:46:34 1.26 ++++ ipfw.c 1996/06/23 20:47:51 1.27 +@@ -16,7 +16,7 @@ + * + * NEW command line interface for IP firewall facility + * +- - * $Id: FreeBSD-SA-96:14.ipfw.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ ++ * $Id: FreeBSD-SA-96:14.ipfw.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + * + */ + +@@ -256,7 +256,7 @@ + } + + if (chain->fw_flg & IP_FW_F_FRAG) +- - printf("frag "); ++ printf(" frag "); + + if (chain->fw_ipopt || chain->fw_ipnopt) { + int _opt_printed = 0; +@@ -408,12 +408,23 @@ + + if (lookup_host(*av,ipno) != 0) + show_usage("ip number\n"); +- - if (md == ':' && !inet_aton(p,mask)) +- - show_usage("ip number\n"); +- - else if (md == '/') +- - mask->s_addr = htonl(0xffffffff << (32 - atoi(p))); +- - else +- - mask->s_addr = htonl(0xffffffff); ++ switch (md) { ++ case ':': ++ if (!inet_aton(p,mask)) ++ show_usage("ip number\n"); ++ break; ++ case '/': ++ if (atoi(p) == 0) { ++ mask->s_addr = 0; ++ } else { ++ mask->s_addr = htonl(0xffffffff << (32 - atoi(p))); ++ } ++ break; ++ default: ++ mask->s_addr = htonl(0xffffffff); ++ break; ++ } ++ ipno->s_addr &= mask->s_addr; + av++; + ac--; + } +@@ -788,10 +799,9 @@ + break; + case 'N': + do_resolv=1; +- - break; +- - case '?': +- - default: +- - show_usage("Unrecognised switch"); ++ break; ++ default: ++ show_usage("Unrecognised switch"); + } + + ac -= optind; +@@ -818,7 +828,7 @@ + } else { + show_usage("Bad arguments"); + } +- - return 0; ++ return 0; + } + + int +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBMc22kFUuHi5z0oilAQEOBwP/WCVQZdHqv3ITppwCee3qNbe49nbNM4gc ++s3DX4qMe4olAvpd2izhNzPJH3mrOXzKKJTrZOeouZFDUm099lS67xQnc7F343v8 +iAJMtIZVlA58BmcQcSlmjqh9eqTgNyRIYpgYoefDKkgKE6eukWylariorUo+ppKe +Tnpol2BUTXo= +=Ut0+ +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:15.ppp.asc b/share/security/advisories/FreeBSD-SA-96:15.ppp.asc new file mode 100644 index 0000000000..dd82e38282 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:15.ppp.asc @@ -0,0 +1,235 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:15 Security Advisory + FreeBSD, Inc. + +Topic: security compromise from ppp + +Category: core +Module: ppp +Announced: 1996-07-04 +Affects: FreeBSD 2.0.5, 2.1, 2.1-stable, and 2.2-current +Corrected: 2.1-stable and 2.2-current as of 1996-06-10 +FreeBSD only: unknown + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:15/ + +============================================================================= + +I. Background + + FreeBSD ships a userland ppp program that can be used by users + to set up ppp connections. + This program is also known as ijppp. + The ppp program has a vulnerability that allows any user to run + commands under root privileges. + +II. Problem Description + + The ppp program does not properly manage user privileges, allowing + users to run any program with root privileges. + +III. Impact + + This vulnerability can only be exploited by users with a valid + account on the local system to easily obtain superuser access. + +IV. Workaround + + One may simply disable the setuid bit on all copies of the ppp + program. This will close the vulnerability but will only allow + the superuser to set up ppp connections. + + As root, execute the commands: + + # chmod 555 /usr/sbin/ppp + + then verify that the setuid permissions of the files have been + removed. The permissions array should read "-r-xr-xr-x" as + shown here: + + # ls -l /usr/sbin/ppp + -r-xr-xr-x 1 root bin 86016 Nov 16 1995 /usr/sbin/ppp + +V. Solution + + Patches are available which eliminate this vulnerability. + The following patch should be applied to the system sources and + ppp should be rebuilt and reinstalled. The first patch is against + the FreeBSD 2.1 and FreeBSD-stable source tree. The second patch + is for FreeBSD-current (version before 1996-06-10). + + Apply the patch, then (being superuser): + # cd /usr/src/usr.sbin/ppp + # make depend + # make all + # make install + + Index: command.c + =================================================================== + RCS file: /home/ncvs/src/usr.sbin/ppp/command.c,v + retrieving revision 1.5.4.3 + retrieving revision 1.5.4.4 + diff -u -r1.5.4.3 -r1.5.4.4 + --- command.c 1996/02/05 17:02:52 1.5.4.3 + +++ command.c 1996/06/10 09:41:49 1.5.4.4 + @@ -17,7 +17,7 @@ + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + - * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + * + */ + #include + @@ -187,9 +187,14 @@ + * We are running setuid, we should change to + * real user for avoiding security problems. + */ + - setgid( getgid() ); + - setuid( getuid() ); + - + + if (setgid(getgid()) < 0) { + + perror("setgid"); + + exit(1); + + } + + if (setuid(getuid()) < 0) { + + perror("setuid"); + + exit(1); + + } + TtyOldMode(); + if(argc > 0) + execvp(argv[0], argv); + Index: chat.c + =================================================================== + RCS file: /home/ncvs/src/usr.sbin/ppp/chat.c,v + retrieving revision 1.4.4.1 + retrieving revision 1.4.4.2 + diff -u -r1.4.4.1 -r1.4.4.2 + --- chat.c 1995/10/06 11:24:31 1.4.4.1 + +++ chat.c 1996/06/10 09:41:45 1.4.4.2 + @@ -18,7 +18,7 @@ + * Columbus, OH 43221 + * (614)451-1883 + * + - * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + * + * TODO: + * o Support more UUCP compatible control sequences. + @@ -331,6 +331,15 @@ + nb = open("/dev/tty", O_RDWR); + dup2(nb, 0); + LogPrintf(LOG_CHAT, "exec: %s\n", command); + + /* switch back to original privileges */ + + if (setgid(getgid()) < 0) { + + LogPrintf(LOG_CHAT, "setgid: %s\n", strerror(errno)); + + exit(1); + + } + + if (setuid(getuid()) < 0) { + + LogPrintf(LOG_CHAT, "setuid: %s\n", strerror(errno)); + + exit(1); + + } + pid = execvp(command, vector); + LogPrintf(LOG_CHAT, "execvp failed for (%d/%d): %s\n", pid, errno, command); + exit(127); + + + Patch for FreeBSd-current before 1996-06-10: + + + Index: command.c + =================================================================== + RCS file: /home/ncvs/src/usr.sbin/ppp/command.c,v + retrieving revision 1.17 + retrieving revision 1.18 + diff -u -r1.17 -r1.18 + --- command.c 1996/05/11 20:48:22 1.17 + +++ command.c 1996/06/09 20:40:58 1.18 + @@ -17,7 +17,7 @@ + * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED + * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + - * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + * + */ + #include + @@ -190,9 +190,14 @@ + * We are running setuid, we should change to + * real user for avoiding security problems. + */ + - setgid( getgid() ); + - setuid( getuid() ); + - + + if (setgid(getgid()) < 0) { + + perror("setgid"); + + exit(1); + + } + + if (setuid(getuid()) < 0) { + + perror("setuid"); + + exit(1); + + } + TtyOldMode(); + if(argc > 0) + execvp(argv[0], argv); + Index: chat.c + =================================================================== + RCS file: /home/ncvs/src/usr.sbin/ppp/chat.c,v + retrieving revision 1.10 + retrieving revision 1.11 + diff -u -r1.10 -r1.11 + --- chat.c 1996/05/11 20:48:20 1.10 + +++ chat.c 1996/06/09 20:40:56 1.11 + @@ -18,7 +18,7 @@ + * Columbus, OH 43221 + * (614)451-1883 + * + - * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + * + * TODO: + * o Support more UUCP compatible control sequences. + @@ -393,6 +393,15 @@ + nb = open("/dev/tty", O_RDWR); + dup2(nb, 0); + LogPrintf(LOG_CHAT_BIT, "exec: %s\n", command); + + /* switch back to original privileges */ + + if (setgid(getgid()) < 0) { + + LogPrintf(LOG_CHAT_BIT, "setgid: %s\n", strerror(errno)); + + exit(1); + + } + + if (setuid(getuid()) < 0) { + + LogPrintf(LOG_CHAT_BIT, "setuid: %s\n", strerror(errno)); + + exit(1); + + } + pid = execvp(command, vector); + LogPrintf(LOG_CHAT_BIT, "execvp failed for (%d/%d): %s\n", pid, errno, command); + exit(127); + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBMdwL31UuHi5z0oilAQEqsQP7BgWUN3uwGk9bSTO0dE/SKUtPDVk+ZVyc +yKF1NadOm8CaM93i2zAsMhEMPHKUS3RWaNhyyBJe0OC9eQthm+OrA6wHvs2mdJ36 +e0bG8j2FwqKyThc+NWlvQJWOnbAOrveCPeEv4ZvZ95rukICRCy4DeaQHL2qg5xv2 +k75uFnuSVBs= +=t+pA +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:16.rdist.asc b/share/security/advisories/FreeBSD-SA-96:16.rdist.asc new file mode 100644 index 0000000000..39a5c76691 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:16.rdist.asc @@ -0,0 +1,118 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:16 Security Advisory +Revised: Fri Jul 12 09:32:53 PDT 1996 FreeBSD, Inc. + +Topic: security vulnerability in rdist + +Category: core +Module: rdist +Announced: 1996-07-12 +Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current +Corrected: 2.1-stable and 2.2-current as of 1996-07-11 +Source: 4.4BSD (lite) +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:16/ +Reference: [8lgm]-Advisory-26.UNIX.rdist.20-3-1996 + +============================================================================= + +I. Background + + A bug was found in the BSD rdist utility which can allow + an unprivileged local user to gain unauthorized access. + This problem is present in all source code and binary + distributions of FreeBSD version 2.x released before 1996-07-12. + + rdist has been the subject of security vulnerabilities in the past. + This is a newly discovered vulnerability not related to previous + race conditions fixed in rdist. + + +II. Problem Description + + rdist creates an error message based on a user provided string, + without checking bounds on the buffer used. This buffer is + on the stack, and can therefore be used to execute arbitrary + instructions. + + +III. Impact + + This vulnerability can allow a local user to obtain superuser + privileges. It may only be exploited by users with a valid + account on the local system. It is present in almost all BSD + derived operating systems with a "setuid" rdist program. + + +IV. Workaround + + The rdist program must be setuid root to function properly. + This vulnerability can be eliminated by making rdist not + executable by unprivileged users. Since this limits the + usefulness of the program, a software update is advised. + + This workaround will work for all versions of FreeBSD affected + by this problem. + + As root, execute the commands: + + # chflags noschg /usr/bin/rdist + # chmod u-s,go-rx /usr/bin/rdist + + then verify that the setuid permissions of the files have been + removed. The permissions array should read "-r-x------" as + shown here: + + # ls -l /usr/bin/rdist + -r-x------ 1 root bin 49152 Jun 16 10:46 rdist + + +V. Solution(s) + + Apply the available via FTP from the patch directory noted + at the top of this message. Recompile, and reinstall the + rdist program. This patch is known to apply to all + FreeBSD 2.x systems, it has not been tested with FreeBSD 1.x. + + The [8lgm] organization correctly points out that this program + does not have a particularly good security "history." While + the patch for this vulnerability does solve this particular + problem, it's not clear if other security issues involving rdist + will appear in the future. + + Administrators should consider whether it is appropriate to + remove the standard rdist program and upgrade to rdist + version 6, which is available as a FreeBSD port. + + FreeBSD, Inc. has not replaced the standard BSD rdist with + the newer code because the new rdist is not protocol-compatible + with the original version. + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMeaC1FUuHi5z0oilAQHtzQP/U1f9y0R+upwCs5IFeBCUBVkFWUeJ/Wwb +CJPFmsBr54quI6Aie/LXa/Qw8EdrL54GIiNDZYkAzb9XvWOehOsmtoYN4oj0JAbJ +lesq746xOEfNMtpL866T8dxJRTsK98VMSaZK5IU8fVpVYUURcVDv+y+bqfL72Mst +3ajof2ieNxE= +=j2z5 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:17.rzsz.asc b/share/security/advisories/FreeBSD-SA-96:17.rzsz.asc new file mode 100644 index 0000000000..b21d44b12b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:17.rzsz.asc @@ -0,0 +1,139 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:17 Security Advisory +Revised: Tue Jul 16 21:44:54 PDT 1996 FreeBSD, Inc. + +Topic: "Trojan Horse" vulnerability via rz program + +Category: ports +Module: rzsz +Announced: 1996-07-16 +Affects: All FreeBSD ports collections released before 2.1.5-RELEASE +Corrected: ports collection as of 1996-07-06 +Source: rzsz shareware package +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:17/ + +============================================================================= + +I. Background + + All existing versions of the rz program (a program for receiving + files over serial lines using the Z-Modem protocol) are equipped + with a feature that allows the sender of a file to request the + execution of arbitrary commands on the receiver's side. The user + using rz does not have any control over this feature. + + The workaround is to have rz never execute any command, and + always pretend a successful execution. + + All FreeBSD users are encouraged to use the workaround provided. + Since the intent of the Z-Modem protocol is to provide a reliable + connection between systems of a vastly different architecture, + the execution of local commands at request of the sending side + cannot even be considered a useful feature at all. + + +II. Problem Description + + The Z-Modem protocol specifies a mechanism which allows the + transmitter of a file to execute an arbitrary command string + as part of the file transfer. This is typically used to rename + files or eliminate temporary files. A malicious "trusted" sender + could send down a command that could damage a user's environment. + + +III. Impact + + The rzsz package is an optional port that made be installed on + some FreeBSD systems. This program is not installed by default. + Systems without this program are not vulnerable. + + rz allows "Trojan Horse" type attacks against unsuspecting users. + Since the rz executable does not run with special privileges, + the vulnerability is limited to changes in the operating environment + that the user could willingly perform. + + This vulnerability is a fundamental flaw in the Z-Modem protocol. + Other operating systems and other implementations of the Z-Modem + protocol may also suffer similar vulnerabilities. + +IV. Workaround + + Disable the rz program. If it has been installed, it would + typically be found in /usr/local/bin. + + # chmod 000 /usr/local/bin/rz + # ls -l /usr/local/bin/rz + ---------- 1 root wheel 23203 Mar 4 23:12 /usr/local/bin/rz + + +V. Solution(s) + + This feature is a relatively unknown part of the Z-Modem protocol. + It is not critical to file transfers in general. The safest + approach is to disable this feature in the receiving program. + + Any rzsz port that is obtained from the official ports collection + after 1996-07-06 includes the following patch to disable this feature. + This patch applies to rzsz v3.42, if you have an earlier version + of the rzsz sources, please upgrade to the latest version first. + + *** rz.c.orig Sat Jul 6 17:34:26 1996 + --- rz.c Sat Jul 6 17:44:52 1996 + *************** + *** 1020,1039 **** + --- 1020,1045 ---- + case ZCOMMAND: + cmdzack1flg = Rxhdr[ZF0]; + if (zrdata(secbuf, 1024) == GOTCRCW) { + + #ifdef BIG_SECURITY_HOLE + void exec2(); + + if (cmdzack1flg & ZCACK1) + stohdr(0L); + else + stohdr((long)sys2(secbuf)); + + #else + + stohdr(0L); + + #endif + purgeline(); /* dump impatient questions */ + do { + zshhdr(4,ZCOMPL, Txhdr); + } + while (++errors<20 && zgethdr(Rxhdr) != ZFIN); + ackbibi(); + + #ifdef BIG_SECURITY_HOLE + if (cmdzack1flg & ZCACK1) + exec2(secbuf); + + #endif + return ZCOMPL; + } + zshhdr(4,ZNAK, Txhdr); goto again; + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMexwFlUuHi5z0oilAQFY8wQAmIkv2scipc+ABrQCfHpSWapM+v2J7s8S +7pqt4ZIdkt5jwBatY4NnsScDAIIYO/chP29hn3sNiHohv/4j1DXoXE57fLCeBkrh +SbcY20X5YqpuUqScVTEsJBm40GNf7k98GNtgmLwd/NojRgchIdbx4zJSVo/3H1yK +oJdvhrzsGpE= +=mZ88 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:18.lpr.asc b/share/security/advisories/FreeBSD-SA-96:18.lpr.asc new file mode 100644 index 0000000000..0b864cbd3d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:18.lpr.asc @@ -0,0 +1,89 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:18 Security Advisory + FreeBSD, Inc. + +Topic: Buffer overflow in lpr (revised) + +Category: core +Module: lpr +Announced: 1996-11-25 +Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5 +Corrected: FreeBSD-current as of 1996/10/27 + FreeBSD-stable as of 1996/11/01 + FreeBSD 2.2 and 2.1.6 releases +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:18/ + +============================================================================= + +I. Background + + The lpr program is used to print files. It is standard software + in the FreeBSD operating system. + + This advisory is based on AUSCERT's advisory AA-96.12. The FreeBSD + security-officers would like to thank AUSCERT for their efforts. + + This is a revised advisory, issued to state clearly exactly which + versions of FreeBSD are vulnerable. + +II. Problem Description + + Due to its nature, the lpr program is setuid root. Unfortunately, + the program does not do sufficient bounds checking on arguments which + are supplied by users. As a result it is possible to overwrite the + internal stack space of the program while it's executing. This can + allow an intruder to execute arbitrary code by crafting a carefully + designed argument to lpr. As lpr runs as root this allows intruders + to run arbitrary commands as root. + + +III. Impact + Local users can gain root privileges. + + +IV. Workaround + + AUSCERT has developed a wrapper to help prevent lpr being exploited + using this vulnerability. This wrapper, including installation + instructions, can be found in + ftp://ftp.auscert.org.au/pub/auscert/advisory/ + AA-96.12.lpr.buffer.overrun.vul + +V. Solution + + Apply one of the following patches. Patches are provided for + FreeBSD-current (before 1996/10/27) (SA-96:18-solution.current) + FreeBSD-2.0.5, FreeBSD-2.1.0, FreeBSD-2.1.5 and + FreeBSd-stable (before 1996/11/01) (SA-96:18-solution.2xx) + + Patches can be found on ftp://freebsd.org/pub/CERT/patches/SA-96:18 + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMptSe1UuHi5z0oilAQEWJwP5AZbCK/p+LJLDTOp68CARC18JB8+VF4DI +2qeGrMRxtWRJXD+MWV2llWbQBvX0iE53zzb7su0KYuq38zmVyoN6GM5KaRgRbHJC +tjEYrQ5AQK0an3C8ACOEy5Tt4PU10BPZlssWHWotTOpPeVIzjj7RZqSJLywSwoIh +wGzvSrEpYSk= +=r1Lc +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:19.modstat.asc b/share/security/advisories/FreeBSD-SA-96:19.modstat.asc new file mode 100644 index 0000000000..2dfe0ea91e --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:19.modstat.asc @@ -0,0 +1,109 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:19 Security Advisory + FreeBSD, Inc. + +Topic: Buffer overflow in modstat + +Category: core +Module: modstat +Announced: 1996-12-10 +Affects: FreeBSD 2.0, 2.0.5, 2.1, 2.1.5, 2.1.6, 2.1.6.1 +Corrected: FreeBSD-current as of 1996/08/08 +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:19/ + +============================================================================= + +I. Background + + The modstat program is used to display status of loaded kernel modules. + It is standard software in the FreeBSD operating system. + +II. Problem Description + + The modstat program has always been installed setuid kmem. Within + the program, a buffer overflow can occur. + + +III. Impact + Local users can gain kmem privileges. + + +IV. Workaround + + Modstat does not need to be setuid kmem. It is thus sufficient to + do the following: + su + cd /usr/bin + chmod 555 modstat + This effectively clears the setuid bit on the modstat program. + +V. Solution + + Apply the following patch: + (This patch can also be found on + ftp://freebsd.org/pub/CERT/patches/SA-96:19) + +Index: Makefile +=================================================================== +RCS file: /home/freebsd/CVS/src/usr.bin/modstat/Makefile,v +retrieving revision 1.1 +retrieving revision 1.2 +diff -u -r1.1 -r1.2 +- --- Makefile 1994/08/19 12:14:02 1.1 ++++ Makefile 1996/05/30 02:19:03 1.2 +@@ -38,7 +38,5 @@ + + PROG= modstat + MAN8= modstat.8 +- -BINGRP= kmem +- -BINMODE=2555 + + .include +Index: modstat.c +=================================================================== +RCS file: /home/freebsd/CVS/src/usr.bin/modstat/modstat.c,v +retrieving revision 1.3 +retrieving revision 1.4 +diff -u -r1.3 -r1.4 +- --- modstat.c 1995/04/20 05:08:53 1.3 ++++ modstat.c 1996/08/08 07:58:07 1.4 +@@ -72,8 +72,9 @@ + { + struct lmc_stat sbuf; + ++ sbuf.name[MAXLKMNAME - 1] = '\0'; /* In case strncpy limits the string. */ + if (modname != NULL) +- - strcpy(sbuf.name, modname); ++ strncpy(sbuf.name, modname, MAXLKMNAME - 1); + + sbuf.id = modnum; + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMq2381UuHi5z0oilAQE99wP+NktTxugo1lrVDm0FVcmqd8c3zu6s95Wt +WCvM9GLECCVB+sFbssbikQc35SvgzEjnE4lZ3J4VBrAoThG3tLOmO5si0csM8dwE +QPGMyR/fdU7DpYXEK/XKuDxre1TDJ0uOwU9DfBewgy0o5OiybRR5dxj3nsJIznnd +F5O6NNppKb0= +=qcrF +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:20.stack-overflow.asc b/share/security/advisories/FreeBSD-SA-96:20.stack-overflow.asc new file mode 100644 index 0000000000..ed57375e0a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:20.stack-overflow.asc @@ -0,0 +1,272 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:20 Security Advisory + FreeBSD, Inc. + +Topic: unauthorized access via buffer overruns + cron, crontab, ppp + +Category: core +Module: cron, crontab, ppp +Announced: 1996-12-16 +Affects: 1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1 +Corrected: 2.2-current as of various dates (see below) + 2.1-stable as of various dates (see below) +FreeBSD only: yes + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:20/ + +============================================================================= + +I. Background + + Buffer overrun (aka stack overflow) exploits in system + supplied and locally installed utilities are commonly + used by individuals wishing to obtain unauthorized access to + computer systems. The FreeBSD team has been reviewing and + fixing the source code pool to eliminate potential exploits + based on this technique. We've found several such exploits + (and more have been reported by other sources) and strongly + suggest that all operators of FreeBSD machines upgrade to + the latest version of FreeBSD (2.1.6.1 at the time of this + advisory) if there is a possibility for untrustworthy users + to have standard user level access to the system. + + Most of these problems were fixed with the release of + FreeBSD 2.1.6.1, however the following were not: + + In August of 1996, exploits were discovered in the + cron and crontab utilities in FreeBSD. These were fixed + in the -current source code pool in August of 1996, but + due to a clerical error, were not repaired in the older + -stable source code pool used to generate the FreeBSD + 2.1.X distributions until 16-Dec-1996. + Recently, yet another buffer overrun was discovered + in the cron and crontab utilities in FreeBSD. The problem + was corrected on 16-Dec-1996 in both -current and -stable. + + Also recently, a similar overrun has been discovered in the + ppp utility. This was fixed in both -current and + -stable source code pools on 16-Dec-1996. + + +II. Problem Description + + The programs in question store user-supplied information + in internal buffers. There is no range checking on length + of the data copied into these buffers. A malicious user + may be able to overflow these buffers through the use of + command line options or via enviornment variables and + insert and execute their own code fragment which could + be used to obtain unauthorized access to the system + + +III. Impact + + The programs in question may be subverted to allow an + unprivileged user to gain root access to the system. + + These vulnerability can only be exploited by individuals + with access to the local system. + + +IV. Workaround + + Setuid programs invoked by the user may have their setuid + permissions removed, or their protection attributes modified + so unprivileged users may not operate them at all. + This may reduce or eliminate some functionality provided by + these programs to normal users. + + To remove setuid privileges: + + crontab: # chmod ug-s /usr/bin/crontab + ppp: # chmod ug-s /usr/bin/ppp + + The cron program is started by the system on every boot. + This auto-start may be temporarily disabled, and the running + cron program stopped. However, cron is a valuable system + utility, so we suggest this as a temporary workaround only. + + To stop cron from executing on system boot, edit the /etc/rc + file and change the line: + echo -n ' cron'; cron + so it reads: + # echo -n ' cron'; cron. + + To turn off a running cron, use the ps program to determine + the PID of the currently running cron (use "ps") and type: + + # kill + +V. Solution + + The following patches fixes the vulnerabilities. It should + apply cleanly to all FreeBSD 2.1.x systems. It has not been + tested with FreeBSD 1.x. + + After applying these patches, recompile and re-install the + affected utilities. + + + *** usr.sbin/cron/cron/database.c 1994/08/27 13:43:03 1.1.1.1 + --- usr.sbin/cron/cron/database.c 1996/09/10 03:38:20 1.3 + *************** + *** 112,119 **** + if (dp->d_name[0] == '.') + continue; + + ! (void) strcpy(fname, dp->d_name); + ! sprintf(tabname, CRON_TAB(fname)); + + process_crontab(fname, fname, tabname, + &statbuf, &new_db, old_db); + --- 112,119 ---- + if (dp->d_name[0] == '.') + continue; + + ! (void)snprintf(fname, sizeof fname, "%s", dp->d_name); + ! (void)snprintf(tabname, sizeof tabname, CRON_TAB(fname)); + + process_crontab(fname, fname, tabname, + &statbuf, &new_db, old_db); + + *** usr.sbin/cron/crontab/crontab.c 1996/04/09 21:23:11 1.3.4.1 + --- usr.sbin/cron/crontab/crontab.c 1996/08/05 00:50:02 1.6 + *************** + *** 167,173 **** + ProgramName, optarg); + exit(ERROR_EXIT); + } + ! (void) strcpy(User, optarg); + break; + case 'l': + if (Option != opt_unknown) + --- 165,171 ---- + ProgramName, optarg); + exit(ERROR_EXIT); + } + ! (void) snprintf(User, sizeof(user), "%s", optarg); + break; + case 'l': + if (Option != opt_unknown) + *************** + *** 198,204 **** + } else { + if (argv[optind] != NULL) { + Option = opt_replace; + ! (void) strcpy (Filename, argv[optind]); + } else { + usage("file name must be specified for replace"); + } + --- 196,203 ---- + } else { + if (argv[optind] != NULL) { + Option = opt_replace; + ! (void) snprintf(Filename, sizeof(Filename), "%s", + ! argv[optind]); + } else { + usage("file name must be specified for replace"); + } + *************** + *** 480,486 **** + ProgramName, Filename); + goto done; + default: + ! fprintf(stderr, "%s: panic: bad switch() in replace_cmd()\n"); + goto fatal; + } + remove: + --- 479,486 ---- + ProgramName, Filename); + goto done; + default: + ! fprintf(stderr, "%s: panic: bad switch() in replace_cmd()\n", + ! ProgramName); + goto fatal; + } + remove: + + --- usr.sbin/cron/lib/env.c 1994/08/27 13:43:02 1.1.1.1 + +++ usr.sbin/cron/lib/env.c 1996/12/16 18:11:57 + @@ -115,7 +115,7 @@ + { + long filepos; + int fileline; + - char name[MAX_TEMPSTR], val[MAX_ENVSTR]; + + char name[MAX_ENVSTR], val[MAX_ENVSTR]; + int fields; + + filepos = ftell(f); + + + --- usr.sbin/ppp/chat.c 1996/06/10 09:41:45 1.4.4.2 + +++ usr.sbin/ppp/chat.c 1996/12/15 20:40:26 + @@ -315,7 +315,7 @@ + } + cp--; + } + - sprintf(tmp, "%s %s", command, cp); + + snprintf(tmp, sizeof tmp, "%s %s", command, cp); + (void) MakeArgs(tmp, &vector); + + pipe(fids); + + --- usr.sbin/ppp/systems.c 1995/05/30 03:50:58 1.5 + +++ usr.sbin/ppp/systems.c 1996/12/15 20:40:26 + @@ -75,12 +75,12 @@ + cp = getenv("HOME"); + if (cp) { + SetUserId(); + - sprintf(line, "%s/.%s", cp, file); + + snprintf(line, sizeof line, "%s/.%s", cp, file); + fp = fopen(line, "r"); + } + if (fp == NULL) { + SetPppId(); + - sprintf(line, "%s/%s",_PATH_PPP, file); + + snprintf(line, sizeof line, "%s/%s", _PATH_PPP, file); + fp = fopen(line, "r"); + } + if (fp == NULL) { + @@ -115,12 +115,12 @@ + cp = getenv("HOME"); + if (cp) { + SetUserId(); + - sprintf(line, "%s/.%s", cp, file); + + snprintf(line, sizeof line, "%s/.%s", cp, file); + fp = fopen(line, "r"); + } + if (fp == NULL) { + SetPppId(); /* fix from pdp@ark.jr3uom.iijnet.or.jp */ + - sprintf(line, "%s/%s",_PATH_PPP, file); + + snprintf(line, sizeof line, "%s/%s", _PATH_PPP, file); + fp = fopen(line, "r"); + } + if (fp == NULL) { + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMrb4FlUuHi5z0oilAQGCjQP/TcKygSf3CLwfJcPSnsQnc0k5fkF3QZvk +Lp4K7FTua7M0AHHMn4gjpZEqB0+eqxMEGuZ+VXISSoESWyaOSz+hVLmLU2UZDLO0 +WWZWw3MM3UeWAzLLXwRPTLN0tQlpQJyqPNH1okb4c/Lx9IugN1wcGfbiTnOF3NaC +d8lhtqcQoi4= +=zAKC +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-96:21.talkd.asc b/share/security/advisories/FreeBSD-SA-96:21.talkd.asc new file mode 100644 index 0000000000..36e9cfea6b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-96:21.talkd.asc @@ -0,0 +1,357 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-96:21 Security Advisory + FreeBSD, Inc. + +Topic: unauthorized access via buffer overrun in talkd + +Category: core +Module: talkd +Announced: 1997-01-18 +Affects: 1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1 +Corrected: 2.2-current as of 1997-01-18 + 2.1-stable as of 1197-01-18 +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-96:21/ +References: AUSCERT AA-97.01 (Australian CERT organization), + SEI CERT VU#5942 (internal tracking reference only) + +============================================================================= + +I. Background + + Buffer overrun (aka stack overflow) exploits in system + supplied and locally installed utilities are commonly + used by individuals wishing to obtain unauthorized access to + computer systems. The FreeBSD team has been reviewing and + fixing the source code pool to eliminate potential exploits + based on this technique. + + Recently, the Australian CERT organization received information + of a buffer-overrun vulnerability in the talkd daemon shipped in + most modern BSD based systems. + + +II. Problem Description + + To quote AUSCERT: + + talk is a communication program which copies text from one + users terminal to that of another, possibly remote, user. + talkd is the daemon that notifies a user that someone else wishes + to initiate a conversation. + + As part of the talk connection, talkd does a DNS lookup + for the hostname of the host where the connection is being + initiating from. Due to insufficient bounds checking on + the buffer where the hostname is stored, it is possible to + overwrite the internal stack space of talkd. By carefully + manipulating the hostname information, it is possible to + force talkd to execute arbitrary commands. As talkd runs + with root privileges, this may allow intruders to remotely + execute arbitrary commands with these privileges. + + This attack requires an intruder to be able to make a + network connection to a vulnerable talkd program and provide + corrupt DNS information to that host. + + This type of attack is a particular instance of the problem + described in CERT advisory CA-96.04 "Corrupt Information + from Network Servers". This advisory is available from: + + ftp://info.cert.org/pub/cert_advisories/ + + Recent versions of FreeBSD 2.2 -current may not be affected + with this vulnerability due to improved security in + new versions of BIND, which sanity-check the results of + reverse name lookups performed by the DNS system. + + +III. Impact + + + Intruders may be able to remotely execute arbitrary commands + with root privileges. + + Access to a valid user account on the local system is not + required. + + +IV. Workaround + + Disable the ntalkd program found in /etc/inetd.conf by + commenting the appropriate line out and reconfiguring inetd. + + # grep -i ntalk /etc/inetd.conf + ntalk dgram udp wait root /usr/libexec/ntalkd ntalkd + + After editing /etc/inetd.conf, reconfigure inetd by sending + it a HUP signal. + + # kill -HUP `cat /var/run/inetd.pid` + +V. Solution + + The patches found at the following URL fix this vulnerability. + Patches are available for FreeBSD 2.1.x (-stable) and -current. + + Acknowledgment: + + These patches were based off of published work provided by + BSDI, Inc. + + After applying these patches, recompile and re-install the + affected utilities. + + For FreeBSD -current (2.2 prerelease and 3.0 prerelease) + systems: + + Index: announce.c + =================================================================== + RCS file: /cvs/freebsd/src/libexec/talkd/announce.c,v + retrieving revision 1.6 + diff -u -r1.6 announce.c + --- announce.c 1997/01/14 06:20:58 1.6 + +++ announce.c 1997/01/18 08:27:04 + @@ -34,7 +34,7 @@ + */ + + #ifndef lint + -static char sccsid[] = "@(#)announce.c 8.2 (Berkeley) 1/7/94"; + +static char sccsid[] = "@(#)announce.c 8.3 (Berkeley) 4/28/95"; + #endif /* not lint */ + + #include + @@ -43,13 +43,17 @@ + #include + #include + #include + + + #include + + + #include + -#include + -#include + +#include + #include + +#include + #include + -#include + +#include + +#include + +#include + + extern char hostname[]; + + @@ -78,7 +82,7 @@ + + #define max(a,b) ( (a) > (b) ? (a) : (b) ) + #define N_LINES 5 + -#define N_CHARS 120 + +#define N_CHARS 256 + + /* + * Build a block of characters containing the message. + @@ -100,33 +104,37 @@ + char line_buf[N_LINES][N_CHARS]; + int sizes[N_LINES]; + char big_buf[N_LINES*N_CHARS]; + - char *bptr, *lptr, *ttymsg(); + + char *bptr, *lptr, *vis_user; + int i, j, max_size; + + i = 0; + max_size = 0; + gettimeofday(&clock, &zone); + localclock = localtime( &clock.tv_sec ); + - (void)sprintf(line_buf[i], " "); + + (void)snprintf(line_buf[i], N_CHARS, " "); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + - (void)sprintf(line_buf[i], "Message from Talk_Daemon@%s at %d:%02d ...", + - hostname, localclock->tm_hour , localclock->tm_min ); + + (void)snprintf(line_buf[i], N_CHARS, + + "Message from Talk_Daemon@%s at %d:%02d ...", + + hostname, localclock->tm_hour , localclock->tm_min ); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + - (void)sprintf(line_buf[i], "talk: connection requested by %s@%s", + - request->l_name, remote_machine); + + + + vis_user = malloc(strlen(request->l_name) * 4 + 1); + + strvis(vis_user, request->l_name, VIS_CSTYLE); + + (void)snprintf(line_buf[i], N_CHARS, + + "talk: connection requested by %s@%s", vis_user, remote_machine); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + - (void)sprintf(line_buf[i], "talk: respond with: talk %s@%s", + - request->l_name, remote_machine); + + (void)snprintf(line_buf[i], N_CHARS, "talk: respond with: talk %s@%s", + + vis_user, remote_machine); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + - (void)sprintf(line_buf[i], " "); + + (void)snprintf(line_buf[i], N_CHARS, " "); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + Index: talkd.c + =================================================================== + RCS file: /cvs/freebsd/src/libexec/talkd/talkd.c,v + retrieving revision 1.5 + diff -u -r1.5 talkd.c + --- talkd.c 1997/01/14 06:21:01 1.5 + +++ talkd.c 1997/01/18 08:26:44 + @@ -71,7 +71,7 @@ + void timeout(); + long lastmsgtime; + + -char hostname[MAXHOSTNAMELEN]; + +char hostname[MAXHOSTNAMELEN + 1]; + + #define TIMEOUT 30 + #define MAXIDLE 120 + + For FreeBSD 2.1 based systems: + + --- announce.c 1995/05/30 05:46:38 1.3 + +++ announce.c 1997/01/18 08:33:55 1.3.4.1 + @@ -32,7 +32,7 @@ + */ + + #ifndef lint + -static char sccsid[] = "@(#)announce.c 8.2 (Berkeley) 1/7/94"; + +static char sccsid[] = "@(#)announce.c 8.3 (Berkeley) 4/28/95"; + #endif /* not lint */ + + #include + @@ -41,15 +41,18 @@ + #include + #include + #include + + + #include + -#include + + + #include + -#include + -#include + +#include + #include + +#include + #include + -#include + - + +#include + +#include + +#include + + + extern char hostname[]; + + /* + @@ -77,7 +80,7 @@ + + #define max(a,b) ( (a) > (b) ? (a) : (b) ) + #define N_LINES 5 + -#define N_CHARS 120 + +#define N_CHARS 256 + + /* + * Build a block of characters containing the message. + @@ -99,33 +102,37 @@ + char line_buf[N_LINES][N_CHARS]; + int sizes[N_LINES]; + char big_buf[N_LINES*N_CHARS]; + - char *bptr, *lptr, *ttymsg(); + + char *bptr, *lptr, *vis_user; + int i, j, max_size; + + i = 0; + max_size = 0; + gettimeofday(&clock, &zone); + localclock = localtime( &clock.tv_sec ); + - (void)sprintf(line_buf[i], " "); + + (void)snprintf(line_buf[i], N_CHARS, " "); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + - (void)sprintf(line_buf[i], "Message from Talk_Daemon@%s at %d:%02d ...", + - hostname, localclock->tm_hour , localclock->tm_min ); + + (void)snprintf(line_buf[i], N_CHARS, + + "Message from Talk_Daemon@%s at %d:%02d ...", + + hostname, localclock->tm_hour , localclock->tm_min ); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + - (void)sprintf(line_buf[i], "talk: connection requested by %s@%s", + - request->l_name, remote_machine); + + + + vis_user = malloc(strlen(request->l_name) * 4 + 1); + + strvis(vis_user, request->l_name, VIS_CSTYLE); + + (void)snprintf(line_buf[i], N_CHARS, + + "talk: connection requested by %s@%s", vis_user, remote_machine); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + - (void)sprintf(line_buf[i], "talk: respond with: talk %s@%s", + - request->l_name, remote_machine); + + (void)snprintf(line_buf[i], N_CHARS, "talk: respond with: talk %s@%s", + + vis_user, remote_machine); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + - (void)sprintf(line_buf[i], " "); + + (void)snprintf(line_buf[i], N_CHARS, " "); + sizes[i] = strlen(line_buf[i]); + max_size = max(max_size, sizes[i]); + i++; + Index: talkd.c + =================================================================== + RCS file: /home/ncvs/src/libexec/talkd/talkd.c,v + retrieving revision 1.3 + retrieving revision 1.3.4.1 + diff -u -r1.3 -r1.3.4.1 + --- talkd.c 1995/05/30 05:46:44 1.3 + +++ talkd.c 1997/01/18 08:33:56 1.3.4.1 + @@ -69,7 +69,7 @@ + void timeout(); + long lastmsgtime; + + -char hostname[MAXHOSTNAMELEN]; + +char hostname[MAXHOSTNAMELEN + 1]; + + #define TIMEOUT 30 + #define MAXIDLE 120 + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBMuCVAVUuHi5z0oilAQGx7gQAiiptKNx7xoeHec1jmBFLsoGBrxO9H3TC +0FHl4n3p/MQEO3OEfChepC5coTAe00SjOEpnAZIinHbtVzNaodPs0hyMbQ7UnpPq +wIRlxsPhxVuS+rbrY62pvn1Iagr4SaMAaseGK18f+Tq2Lbwc6//1bTOBn+Ms980F +VaXsIaKYinQ= +=yj1H +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-97:01.setlocale.asc b/share/security/advisories/FreeBSD-SA-97:01.setlocale.asc new file mode 100644 index 0000000000..fb9383c407 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-97:01.setlocale.asc @@ -0,0 +1,208 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-97:01 Security Advisory +Revised: Wed Feb 05 09:58:56 PDT 1997 FreeBSD, Inc. + +Topic: setlocale() bug in all released versions of FreeBSD + +Category: core +Module: libc +Announced: 1997-02-05 +Affects: FreeBSD 2.1.6 and earlier systems suffer from this + vulnerability for all binaries due to setlocale() being + called from crt0.o. + +Corrected: 1997-02-05 -stable, 1996-11-27 -current and RELENG_2_2 sources +Source: FreeBSD specific bug +FreeBSD only: unknown + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-97:01/ + +============================================================================= + +I. Background + + The setlocale() call contains a number of potential exploits through + string overflows during environment variable expansion. Because + the 2.1.6 and earlier versions of FreeBSD called setlocale() in + the C runtime code, the problem is especially acute there in that it + essentially effects all binaries on the system. + + In FreeBSD 2.2 BETA and later releases, the setlocale() call was + removed from crt0.c and the exploit closed through additional checks. + + There has also been some confusion over the implications of loading + locale data by privileged programs. The facility for a user to supply + their own (possibly corrupt or abused) locale data to non-privileged + processes was removed in all releases on 1997-02-04. This was + originally a debugging facility that got little use and the user can now + only direct system binaries to load system administrator sanctioned + locale files. + + This problem is present in all source code and binary distributions of + FreeBSD released on or before 1996-11-27. + + +II. Problem Description + + The setlocale() library function looks for the environment variable + "PATH_LOCALE" in the current process's environment, and if it exists, + later copies the contents of this variable to a stack buffer without + doing proper bounds checking. If the environment variable was specially + initialized with the proper amount and type of data prior to running a + setuid program, it is possible to cause the program to overflow its stack + and execute arbitrary code which could allow the user to become root. + + +III. Impact + + Any binary linked on a system with setlocale() built into crt0.c (see + list of affected releases in section I above) or which calls setlocale() + directly has the buffer overrun vulnerability. + + If this binary has the setuid or setgid bits set, or is called by + another setuid/setgid binary (even if that other setuid/setgid binary + does not have this vulnerability), unauthorized access may be allowed. + + +IV. Solution(s) + + Recompiling libc with the following patches and then recompiling all + staticly linked binaries (all in /sbin and /bin as well as chflags, + gunzip, gzcat, gzip, ld, tar and zcat in /usr/bin) eliminates this + vulnerability in FreeBSD 2.1.6 and earlier releases: + + However, a full solution may require a re-link of all setuid/setgid + local binaries or all local binaries likely to be called from another + setuid/setgid program that were originally linked statically under + one of the affected OSs. Dynamically linked executables will benefit + directly from this patch once libc is rebuilt and reinstalled and + do not need to be relinked. + + Because of the severity of this security hole, a full update release for + FreeBSD 2.1.6 will also be released very shortly, that release being + provisionally assigned the version number of 2.1.7. + + Index: lib/libc/locale/collate.c + =================================================================== + RCS file: /home/ncvs/src/lib/libc/locale/collate.c,v + retrieving revision 1.4.4.2 + diff -c -r1.4.4.2 collate.c + *** collate.c 1996/06/05 02:47:55 1.4.4.2 + --- collate.c 1997/02/05 10:21:59 + *************** + *** 64,70 **** + __collate_load_error = 1; + if (!encoding) + return -1; + ! if (!path_locale && !(path_locale = getenv("PATH_LOCALE"))) + path_locale = _PATH_LOCALE; + strcpy(buf, path_locale); + strcat(buf, "/"); + --- 64,70 ---- + __collate_load_error = 1; + if (!encoding) + return -1; + ! if (!path_locale) + path_locale = _PATH_LOCALE; + strcpy(buf, path_locale); + strcat(buf, "/"); + Index: lib/libc/locale/rune.c + =================================================================== + RCS file: /home/ncvs/src/lib/libc/locale/rune.c,v + retrieving revision 1.2.6.3 + diff -c -r1.2.6.3 rune.c + *** rune.c 1996/06/05 02:47:59 1.2.6.3 + --- rune.c 1997/02/05 10:22:00 + *************** + *** 71,77 **** + return(0); + } + + ! if (!PathLocale && !(PathLocale = getenv("PATH_LOCALE"))) + PathLocale = _PATH_LOCALE; + + (void) strcpy(name, PathLocale); + --- 71,77 ---- + return(0); + } + + ! if (!PathLocale) + PathLocale = _PATH_LOCALE; + + (void) strcpy(name, PathLocale); + Index: lib/libc/locale/setlocale.c + =================================================================== + RCS file: /home/ncvs/src/lib/libc/locale/setlocale.c,v + retrieving revision 1.3.4.2.2.1 + diff -c -r1.3.4.2.2.1 setlocale.c + *** setlocale.c 1996/06/05 02:48:03 1.3.4.2.2.1 + --- setlocale.c 1997/02/05 10:22:00 + *************** + *** 58,64 **** + int found, i, len; + char *env, *r; + + ! if (!PathLocale && !(PathLocale = getenv("PATH_LOCALE"))) + PathLocale = _PATH_LOCALE; + + if (category < 0 || category >= _LC_LAST) + --- 58,64 ---- + int found, i, len; + char *env, *r; + + ! if (!PathLocale) + PathLocale = _PATH_LOCALE; + + if (category < 0 || category >= _LC_LAST) + Index: lib/libc/locale/startup_setlocale.c + =================================================================== + RCS file: /home/ncvs/src/lib/libc/locale/Attic/startup_setlocale.c,v + retrieving revision 1.2.4.2 + diff -c -r1.2.4.2 startup_setlocale.c + *** startup_setlocale.c 1995/08/28 05:06:50 1.2.4.2 + --- startup_setlocale.c 1997/02/05 10:22:00 + *************** + *** 23,29 **** + int found, i, len; + char *env, *r; + + ! if (!PathLocale && !(PathLocale = getenv("PATH_LOCALE"))) + PathLocale = _PATH_LOCALE; + + if (category < 0 || category >= _LC_LAST) + --- 23,29 ---- + int found, i, len; + char *env, *r; + + ! if (!PathLocale) + PathLocale = _PATH_LOCALE; + + if (category < 0 || category >= _LC_LAST) + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBMvmSjFUuHi5z0oilAQEqfQP/dDbKxFn2i1jr2mfd2RNoqhi+v7iu8+Gx +Tt9rKtPebjA+/I3qWkt9nLs7W/2pnOJ1Wb7O8zvbvN0zdvqkKkCoV5j6U41TmSde +oLKdUu9LyUSOQRlDVDtgVB0SskyIRxGdES4tTaT5qRBaZ7XPOtKWsz+jhch8zYyu +iHaVnXN8u9I= +=XSmz +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-97:02.lpd.asc b/share/security/advisories/FreeBSD-SA-97:02.lpd.asc new file mode 100644 index 0000000000..91a8bc84ff --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-97:02.lpd.asc @@ -0,0 +1,99 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-97:02 Security Advisory + FreeBSD, Inc. + +Topic: Buffer overflow in lpd + +Category: core +Module: lpd +Announced: 1997-03-26 +Affects: FreeBSD 2.1.7 and earlier and FreeBSD 2.2 snapshots + before 1997/02/25 suffer from this problem. +Corrected: FreeBSD-current as of 1997/02/25 + FreeBSD 2.2 as of 1997/02/25 + FreeBSD 2.1.x as of 1997/02/25 +FreeBSD only: yes + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-97:02/ + +============================================================================= + +I. Background + + The lpd program is used to print local and remote print jobs. It + is standard software in the FreeBSD operating system. + +II. Problem Description + + The lpd program runs as root. A remote attacker can exploit a + buffer overflow to obtain root privs. + +III. Impact + + Remote users can gain root privs. + +IV. Workaround + + The only workaround is to disable lpd, which will have the effect + of removing the printing functionality from the system. Since + the buffer overflow happens before the connection is authenticated, + using lpd's authentication methods will not affect the system + vulnerability. + +V. Solution + + Apply the following patch, rebuild and install libc: + + (This patch can also be found on + ftp://freebsd.org/pub/CERT/patches/SA-97:02/) + + Index: rcmd.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/net/rcmd.c,v + retrieving revision 1.3.4.4 + retrieving revision 1.3.4.5 + diff -u -r1.3.4.4 -r1.3.4.5 + --- rcmd.c 1997/02/09 06:57:54 1.3.4.4 + +++ rcmd.c 1997/02/26 06:14:11 1.3.4.5 + @@ -377,7 +377,8 @@ + if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long), + AF_INET)) == NULL) + return (-1); + - strcpy(hname, hp->h_name); + + strncpy(hname, hp->h_name, sizeof(hname)); + + hname[sizeof(hname) - 1] = '\0'; + + while (fgets(buf, sizeof(buf), hostf)) { + p = buf; + +VI. Thanks + + This problem was brought to light by Oliver Friedrichs + . + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBMznCN1UuHi5z0oilAQFZ4QQAjlb006zWQrHqeihPP6Z9Dt+d3GmMIOzC +E/JHqxblF+GJuhmAmlJ4SCLvi7lKP8jiL9VdKOjK2dKW1XSDGuzH9BvCXtRaAaMJ +pO9icPi1D71qYEwRrhDG2/p2WxcXAXzSgfEPBAHMdfA6Ivg1v50t4mBcDemryrw1 +721tD7zYq68= +=iXDD +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-97:03.sysinstall.asc b/share/security/advisories/FreeBSD-SA-97:03.sysinstall.asc new file mode 100644 index 0000000000..122cc9bdfe --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-97:03.sysinstall.asc @@ -0,0 +1,106 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-97:03 Security Advisory + FreeBSD, Inc. + +Topic: sysinstall bug + +Category: core +Module: sysinstall +Announced: 1997-04-07 +Affects: FreeBSD 2.1, FreeBSD 2.1.5, FreeBSD 2.1.6 and FreeBSD 2.1.7 + FreeBSD 2.2 and FreeBSD 2.2.1. + +Corrected: all versions as of 1997-04-01. This includes the installation floppies for FreeBSD 2.2.1 found on: + ftp://ftp.FreeBSD.org/pub/FreeBSD/2.2.1-RELEASE/floppies/newer/ + Also the CDROM of FreeBSD 2.2.1 has this problem corrected. +Source: FreeBSD +FreeBSD only: yes + +Patches: + +============================================================================= + +I. Background + + Sysinstall is used both for fresh installations of FreeBSD as + well as post installation updates, like installing packages + from CDROM or ftp sites. + +II. Problem Description + + One of the port installation options in sysinstall is to install + an anonymous ftp setup on the system. In such a setup, an extra + user needs to be created on the system, with username 'ftp'. + This user is created with the shell equal to '/bin/date' and an + empty password. + +III. Impact + + Under some circumstances, this will allow unauthorized access + of system resources. + +IV. Solution(s) + + Change the entry of the ftp user such that is has an invalid password + and an invalid shell. This can be done by becoming the superuser, + and use the vipw command. Go to the line that starts with ftp:: + and change ftp:: to ftp:*: + Also change, on the same line, the shell from /bin/date to /nonexistent. + + If you have not yet used sysinstall to create an anonymous ftp setup, + but are planning to, please apply one of the following patches: + + Patch for FreeBSD 2.1.5, 2.1.6, 2.2 and 2.2.1: + + --- anonFTP.c 1996/04/28 03:26:42 1.14 + +++ anonFTP.c 1997/04/07 17:20:16 + @@ -195,7 +195,7 @@ + return (DITEM_SUCCESS); /* succeeds if already exists */ + } + + - sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); + + sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); + + fptr = fopen(_PATH_MASTERPASSWD,"a"); + if (! fptr) { + + Patch for FreeBSD 2.1: + + --- anonFTP.c 1995/11/12 07:27:55 1.6 + +++ anonFTP.c 1997/04/03 19:29:21 + @@ -201,7 +201,7 @@ + return (RET_SUCCESS); /* succeeds if already exists */ + } + + - sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); + + sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir); + + fptr = fopen(_PATH_MASTERPASSWD,"a"); + if (! fptr) { + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBM0kvaFUuHi5z0oilAQHzVgP/TwmyRgBAF1Hs/jSihpAzFTRfHXdX/8+r +7mO7OHtM8vBTX1SPaYOr+DdSI2PkcSU4Y8O2OsdR3O4asV52LT5d/qWqJVQbN8bM +majL9ufeH3WotZHEJAo6nHf0/Cw+Aml2MytnaBiOHhvtiiY9aAEiYQve5TEwVbhE +92/GUaLo3uY= +=VjRL +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-97:04.procfs.asc b/share/security/advisories/FreeBSD-SA-97:04.procfs.asc new file mode 100644 index 0000000000..41cb1f8438 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-97:04.procfs.asc @@ -0,0 +1,445 @@ +-----BEGIN PGP SIGNED MESSAGE----- + + +============================================================================= +FreeBSD-SA-97:04 Security Advisory + FreeBSD, Inc. + +Topic: security compromise via procfs + +Category: core +Module: procfs +Announced: 1997-08-19 +Affects: FreeBSD 2.1.*, FreeBSD 2.2.*, + FreeBSD-stable and FreeBSD-current + before 1997/08/12 suffer from this problem. +Corrected: FreeBSD-current as of 1997/08/12 + FreeBSD-stable as of 1997/08/12 + FreeBSD 2.1-stable as of 1997/08/25 +FreeBSD only: no (also other BSD systems may be affected) + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-97:04/ + +============================================================================= + +I. Background + + Procfs provides a filesystem interface to processes on a system. + Among others it is used by ps(1) and gdb(1). + +II. Problem Description + + A problem exists in the procfs kernel code that allows processes + to write memory of other processes where it should have been prohibited. + +III. Impact + + The hole can be used by any user on the system to gain root privileges. + +IV. Workaround + + A workaround is to disable the mounting of procfs. To achieve this, + edit the file /etc/fstab and put a '#' in front of the line + proc /proc procfs rw 0 0 + Note that when you do that, some utilities may either not work anymore + or have a limited functionality. + +V. Solution + + Apply one of the following patches in /usr/src/sys/miscfs/procfs, + rebuild your kernel, install it and reboot your system. + + For 2.1 and 2.2 systems: + + Index: procfs_regs.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_regs.c,v + retrieving revision 1.3 + retrieving revision 1.3.4.1 + diff -u -r1.3 -r1.3.4.1 + --- procfs_regs.c 1996/01/24 18:41:25 1.3 + +++ procfs_regs.c 1997/08/12 04:45:25 1.3.4.1 + @@ -36,7 +36,7 @@ + * + * @(#)procfs_regs.c 8.3 (Berkeley) 1/27/94 + * + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + #include + @@ -62,6 +62,8 @@ + char *kv; + int kl; + + + if (!CHECKIO(curp, p)) + + return EPERM; + kl = sizeof(r); + kv = (char *) &r; + + Index: procfs.h + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs.h,v + retrieving revision 1.12 + retrieving revision 1.12.2.1 + diff -u -r1.12 -r1.12.2.1 + --- procfs.h 1996/07/02 13:38:07 1.12 + +++ procfs.h 1997/08/12 04:45:20 1.12.2.1 + @@ -36,7 +36,7 @@ + * + * @(#)procfs.h 8.6 (Berkeley) 2/3/94 + * + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + /* + @@ -83,6 +83,18 @@ + (bcmp((s), (cnp)->cn_nameptr, (len)) == 0)) + + #define KMEM_GROUP 2 + + + +/* + + * Check to see whether access to target process is allowed + + * Evaluates to 1 if access is allowed. + + */ + +#define CHECKIO(p1, p2) \ + + ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \ + + ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \ + + ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \ + + ((p2)->p_flag & P_SUGID) == 0) || \ + + (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0)) + + + /* + * Format of a directory entry in /proc, ... + * This must map onto struct dirent (see ) + Index: procfs_mem.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_mem.c,v + retrieving revision 1.20 + retrieving revision 1.20.2.1 + diff -u -r1.20 -r1.20.2.1 + --- procfs_mem.c 1996/10/24 02:47:05 1.20 + +++ procfs_mem.c 1997/08/12 04:45:23 1.20.2.1 + @@ -37,7 +37,7 @@ + * + * @(#)procfs_mem.c 8.4 (Berkeley) 1/21/94 + * + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + /* + @@ -300,6 +300,23 @@ + if (uio->uio_resid == 0) + return (0); + + + /* + + * XXX + + * We need to check for KMEM_GROUP because ps is sgid kmem; + + * not allowing it here causes ps to not work properly. Arguably, + + * this is a bug with what ps does. We only need to do this + + * for Pmem nodes, and only if it's reading. This is still not + + * good, as it may still be possible to grab illicit data if + + * a process somehow gets to be KMEM_GROUP. Note that this also + + * means that KMEM_GROUP can't change without editing procfs.h! + + * All in all, quite yucky. + + */ + + + + if (!CHECKIO(curp, p) && + + !(curp->p_cred->pc_ucred->cr_gid == KMEM_GROUP && + + uio->uio_rw == UIO_READ)) + + return EPERM; + + + error = procfs_rwmem(p, uio); + + return (error); + Index: procfs_vnops.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_vnops.c,v + retrieving revision 1.24 + retrieving revision 1.24.2.1 + diff -u -r1.24 -r1.24.2.1 + --- procfs_vnops.c 1996/09/03 14:23:10 1.24 + +++ procfs_vnops.c 1997/08/12 04:45:27 1.24.2.1 + @@ -36,7 +36,7 @@ + * + * @(#)procfs_vnops.c 8.6 (Berkeley) 2/7/94 + * + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + /* + @@ -120,16 +120,21 @@ + struct vop_open_args *ap; + { + struct pfsnode *pfs = VTOPFS(ap->a_vp); + + struct proc *p1 = ap->a_p, *p2 = PFIND(pfs->pfs_pid); + + + + if (p2 == NULL) + + return ENOENT; + + switch (pfs->pfs_type) { + case Pmem: + - if (PFIND(pfs->pfs_pid) == 0) + - return (ENOENT); /* was ESRCH, jsp */ + - + if (((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL)) || + ((pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE))) + return (EBUSY); + + + if (!CHECKIO(p1, p2) && + + (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP)) + + return EPERM; + + + + if (ap->a_mode & FWRITE) + pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL); + @@ -176,7 +181,6 @@ + procfs_ioctl(ap) + struct vop_ioctl_args *ap; + { + - + return (ENOTTY); + } + + Index: procfs_fpregs.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_fpregs.c,v + retrieving revision 1.3 + retrieving revision 1.3.4.1 + diff -u -r1.3 -r1.3.4.1 + --- procfs_fpregs.c 1996/01/24 18:40:56 1.3 + +++ procfs_fpregs.c 1997/08/12 05:24:20 1.3.4.1 + @@ -36,7 +36,7 @@ + * + * @(#)procfs_fpregs.c 8.1 (Berkeley) 1/27/94 + * + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + #include + @@ -62,6 +62,8 @@ + char *kv; + int kl; + + + if (!CHECKIO(curp, p)) + + return EPERM; + kl = sizeof(r); + kv = (char *) &r; + + For FreeBSd-current systems: + + Index: procfs_regs.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_regs.c,v + retrieving revision 1.7 + retrieving revision 1.8 + diff -u -r1.7 -r1.8 + --- procfs_regs.c 1997/08/02 14:32:16 1.7 + +++ procfs_regs.c 1997/08/12 04:34:29 1.8 + @@ -37,7 +37,7 @@ + * @(#)procfs_regs.c 8.4 (Berkeley) 6/15/94 + * + * From: + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + #include + @@ -60,6 +60,8 @@ + char *kv; + int kl; + + + if (!CHECKIO(curp, p)) + + return EPERM; + kl = sizeof(r); + kv = (char *) &r; + + Index: procfs.h + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs.h,v + retrieving revision 1.15 + retrieving revision 1.16 + diff -u -r1.15 -r1.16 + --- procfs.h 1997/02/22 09:40:26 1.15 + +++ procfs.h 1997/08/12 04:34:27 1.16 + @@ -37,7 +37,7 @@ + * @(#)procfs.h 8.9 (Berkeley) 5/14/95 + * + * From: + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + /* + @@ -85,6 +85,18 @@ + (bcmp((s), (cnp)->cn_nameptr, (len)) == 0)) + + #define KMEM_GROUP 2 + + + +/* + + * Check to see whether access to target process is allowed + + * Evaluates to 1 if access is allowed. + + */ + +#define CHECKIO(p1, p2) \ + + ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \ + + ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \ + + ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \ + + ((p2)->p_flag & P_SUGID) == 0) || \ + + (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0)) + + + /* + * Format of a directory entry in /proc, ... + * This must map onto struct dirent (see ) + Index: procfs_mem.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_mem.c,v + retrieving revision 1.26 + retrieving revision 1.27 + diff -u -r1.26 -r1.27 + --- procfs_mem.c 1997/08/02 14:32:14 1.26 + +++ procfs_mem.c 1997/08/12 04:34:28 1.27 + @@ -37,7 +37,7 @@ + * + * @(#)procfs_mem.c 8.5 (Berkeley) 6/15/94 + * + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + /* + @@ -276,6 +276,23 @@ + + if (uio->uio_resid == 0) + return (0); + + + + /* + + * XXX + + * We need to check for KMEM_GROUP because ps is sgid kmem; + + * not allowing it here causes ps to not work properly. Arguably, + + * this is a bug with what ps does. We only need to do this + + * for Pmem nodes, and only if it's reading. This is still not + + * good, as it may still be possible to grab illicit data if + + * a process somehow gets to be KMEM_GROUP. Note that this also + + * means that KMEM_GROUP can't change without editing procfs.h! + + * All in all, quite yucky. + + */ + + + + if (!CHECKIO(curp, p) && + + !(curp->p_cred->pc_ucred->cr_gid == KMEM_GROUP && + + uio->uio_rw == UIO_READ)) + + return EPERM; + + return (procfs_rwmem(p, uio)); + } + Index: procfs_vnops.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_vnops.c,v + retrieving revision 1.30 + retrieving revision 1.31 + diff -u -r1.30 -r1.31 + --- procfs_vnops.c 1997/08/02 14:32:20 1.30 + +++ procfs_vnops.c 1997/08/12 04:34:30 1.31 + @@ -36,7 +36,7 @@ + * + * @(#)procfs_vnops.c 8.18 (Berkeley) 5/21/95 + * + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + /* + @@ -127,16 +127,21 @@ + } */ *ap; + { + struct pfsnode *pfs = VTOPFS(ap->a_vp); + + struct proc *p1 = ap->a_p, *p2 = PFIND(pfs->pfs_pid); + + + + if (p2 == NULL) + + return ENOENT; + + switch (pfs->pfs_type) { + case Pmem: + - if (PFIND(pfs->pfs_pid) == 0) + - return (ENOENT); /* was ESRCH, jsp */ + - + if ((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL) || + (pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE)) + return (EBUSY); + + + if (!CHECKIO(p1, p2) && + + (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP)) + + return EPERM; + + + if (ap->a_mode & FWRITE) + pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL); + + @@ -194,7 +199,6 @@ + struct proc *a_p; + } */ *ap; + { + - + return (ENOTTY); + } + + Index: procfs_fpregs.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_fpregs.c,v + retrieving revision 1.7 + retrieving revision 1.8 + diff -u -r1.7 -r1.8 + --- procfs_fpregs.c 1997/08/02 14:32:11 1.7 + +++ procfs_fpregs.c 1997/08/12 05:23:51 1.8 + @@ -37,7 +37,7 @@ + * @(#)procfs_fpregs.c 8.2 (Berkeley) 6/15/94 + * + * From: + - * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + + * $Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $ + */ + + #include + @@ -60,6 +60,8 @@ + char *kv; + int kl; + + + if (!CHECKIO(curp, p)) + + return EPERM; + kl = sizeof(r); + kv = (char *) &r; + + (These patches can also be found on + ftp://freebsd.org/pub/CERT/patches/SA-97:04/) + +VI. Thanks + + This problem was brought to light by Brian Mitchell + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBNAMWLFUuHi5z0oilAQHmrQQAoXR/BUliLCJgtDx/tG4lSNMpY2+wYWtw +PNiPjLfHHbA2yOXoJxv5ANw0Z6zeovCP1rHTKbG0vGNQe45d34kC+qY1hSKhYxjV +BGeEKzCUyfGn0ovrfWjmW6FL3n2Kq76yJbhR5tiev5vaM9+kvWKs8aK5c1maAEOv +PxYm/nzJg04= +=aC0v +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-97:05.open.asc b/share/security/advisories/FreeBSD-SA-97:05.open.asc new file mode 100644 index 0000000000..1bfecfc74b --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-97:05.open.asc @@ -0,0 +1,168 @@ +-----BEGIN PGP SIGNED MESSAGE----- + + +============================================================================= +FreeBSD-SA-97:05 Security Advisory + FreeBSD, Inc. + +Topic: security compromise via open() + +Category: core +Module: kern +Announced: 1997-10-29 +Affects: FreeBSD 2.1.*, FreeBSD 2.2.*, + FreeBSD-stable and FreeBSD-current +Corrected: FreeBSD-current as of 1997/10/23 (partly even on 1997/04/14) + FreeBSD-stable as of 1997/10/24 + FreeBSD 2.1-stable as of 1997/10/29 +FreeBSD only: yes + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-97:05/ + +============================================================================= + +I. Background + + In FreeBSD, the open() system call is used in normal file operations. + When calling open(), the caller should specify if the file is + to be opened for reading, for writing or for both. + The right to reading from and/or writing to a file is controlled + by the file's mode bits in the filesystem. + In FreeBSD, open() is also used to obtain the right to do + privileged io instructions. + + +II. Problem Description + + A problem exists in the open() syscall that allows processes + to obtain a valid file descriptor without having read or write + permissions on the file being opened. This is normally not a + problem. The FreeBSD way of obtaining the right to do io + instructions however, is based on the right to open a specific + file (/dev/io). + +III. Impact + + The problem can be used by any user on the system to do unauthorised + io instructions. + + +IV. Workaround + + No workaround is available. + +V. Solution + + Apply the following patches. The first one in /usr/src/sys/kern, + and the second one in /usr/src/sys/i386/i386, + Rebuild your kernel, install it and reboot your system. + + patch 1: + For FreeBSD-current before 1997/10/23: + + Index: vfs_syscalls.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/kern/vfs_syscalls.c,v + retrieving revision 1.76 + retrieving revision 1.77 + diff -u -r1.76 -r1.77 + --- vfs_syscalls.c 1997/10/12 20:24:27 1.76 + +++ vfs_syscalls.c 1997/10/22 07:28:51 1.77 + @@ -863,11 +863,13 @@ + struct flock lf; + struct nameidata nd; + + + flags = FFLAGS(SCARG(uap, flags)); + + if ((flags & FREAD + FWRITE) == 0) + + return (EINVAL); + error = falloc(p, &nfp, &indx); + if (error) + return (error); + fp = nfp; + - flags = FFLAGS(SCARG(uap, flags)); + cmode = ((SCARG(uap, mode) &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT; + NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p); + p->p_dupfd = -indx - 1; /* XXX check for fdopen */ + + + For FreeBSD 2.1.* and 2.2.*: + + Index: vfs_syscalls.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/kern/vfs_syscalls.c,v + retrieving revision 1.51.2.5 + diff -u -r1.51.2.5 vfs_syscalls.c + --- vfs_syscalls.c 1997/10/01 06:23:48 1.51.2.5 + +++ vfs_syscalls.c 1997/10/28 22:04:43 + @@ -688,11 +688,13 @@ + struct flock lf; + struct nameidata nd; + + + flags = FFLAGS(uap->flags); + + if ((flags & FREAD + FWRITE) == 0) + + return (EINVAL); + error = falloc(p, &nfp, &indx); + if (error) + return (error); + fp = nfp; + - flags = FFLAGS(uap->flags); + cmode = ((uap->mode &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT; + NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p); + p->p_dupfd = -indx - 1; /* XXX check for fdopen */ + + patch 2: + For FreeBSD 2.1.* and 2.2.* and For FreeBSD-current before 1997/04/14: + + Index: mem.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/i386/i386/mem.c,v + retrieving revision 1.38 + retrieving revision 1.38.2.1 + diff -u -r1.38 -r1.38.2.1 + --- mem.c 1996/09/27 13:25:06 1.38 + +++ mem.c 1997/10/23 22:14:24 1.38.2.1 + @@ -169,6 +169,7 @@ + int fmt; + struct proc *p; + { + + int error; + struct trapframe *fp; + + switch (minor(dev)) { + @@ -179,6 +180,11 @@ + return ENODEV; + #endif + case 14: + + error = suser(p->p_ucred, &p->p_acflag); + + if (error != 0) + + return (error); + + if (securelevel > 0) + + return (EPERM); + fp = (struct trapframe *)curproc->p_md.md_regs; + fp->tf_eflags |= PSL_IOPL; + break; + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBNFeHI1UuHi5z0oilAQEtvAQAgMrMQvRpBOiV1nWzPzDSsnQOz4bBppcT +SMEssoeRrr0cQQACZ4su3vlb71XJzgXi3bakEvvZgsMSSKb3sNxEl0RHR93cDNlE +L9x3sDjbY7l1q2W4BldTly7W4WDjnJt5KEVbi7DKhXb+SuxgaSN0lsow5Cgd54jX +skpX4qluhBM= +=47P3 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-97:06.f00f.asc b/share/security/advisories/FreeBSD-SA-97:06.f00f.asc new file mode 100644 index 0000000000..74c95f0e44 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-97:06.f00f.asc @@ -0,0 +1,234 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-97:06 Security Advisory + FreeBSD, Inc. + +Topic: Pentium processors have flaw allowing unpriviledged crashes + +Category: core +Module: kern +Announced: 1997-12-09 +Affects: FreeBSD 2.1.*, FreeBSD 2.2.*, + FreeBSD-stable and FreeBSD-current +Corrected: FreeBSD-current as of 1997-12-04 + FreeBSD-stable as of 1997-12-04 +FreeBSD only: no + +Patches: ftp://freebsd.org/pub/CERT/patches/SA-97:06/ + +============================================================================= + +I. Background + + Intel processors have instruction combiniations that, when + executed, produce illegal instruction traps. This is a normal + part of every cpu manufactured and is how new instructions are + generally emulated on older hardware. + +II. Problem Description + + A specific sequence of instructions, starting with the byte codes + F0 0F (hex) cause Pentium processors to lock up. This lockup + wedges the entire system, requiring a hard reset to correct. + Systems that allow users to run arbitrary code are vulnerable to + this attack. + +III. Impact + + An unpriviledged user can crash your system. + +IV. Workaround + + None is available. + +V. Solution + + The following patch corrects the problem for FreeBSD-current + systems before 1997-12-04, for FreeBSD 2.2-stable before + 1997-12-04 and for FreeBSD 2.2.5. + + We urge users of FreeBSD 2.1.* to upgrade to the more stable and + more powerfull FreeBSD 2.2.5 release. + + + Index: identcpu.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/i386/i386/identcpu.c,v + retrieving revision 1.33 + retrieving revision 1.35 + diff -u -r1.33 -r1.35 + --- identcpu.c 1997/11/07 08:52:27 1.33 + +++ identcpu.c 1997/12/04 14:35:38 1.35 + @@ -107,6 +107,10 @@ + ); + } + + +#if defined(I586_CPU) && !defined(NO_F00F_HACK) + +int has_f00f_bug = 0; + +#endif + + + void + printcpuinfo(void) + { + @@ -136,6 +140,14 @@ + break; + case 0x500: + strcat(cpu_model, "Pentium"); /* nb no space */ + +#if defined(I586_CPU) && !defined(NO_F00F_HACK) + + /* + + * XXX - If/when Intel fixes the bug, this + + * should also check the version of the + + * CPU, not just that it's a Pentium. + + */ + + has_f00f_bug = 1; + +#endif + break; + case 0x600: + strcat(cpu_model, "Pentium Pro"); + Index: machdep.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/i386/i386/machdep.c,v + retrieving revision 1.274 + retrieving revision 1.278 + diff -u -r1.274 -r1.278 + --- machdep.c 1997/11/24 18:35:11 1.274 + +++ machdep.c 1997/12/04 21:21:24 1.278 + @@ -866,6 +867,11 @@ + #endif /* VM86 */ + #endif + + +#if defined(I586_CPU) && !defined(NO_F00F_HACK) + +struct gate_descriptor *t_idt; + +extern int has_f00f_bug; + +#endif + + + static struct i386tss dblfault_tss; + static char dblfault_stack[PAGE_SIZE]; + + @@ -1533,6 +1539,40 @@ + proc0.p_addr->u_pcb.pcb_mpnest = 1; + proc0.p_addr->u_pcb.pcb_ext = 0; + } + + + +#if defined(I586_CPU) && !defined(NO_F00F_HACK) + +void f00f_hack(void); + +SYSINIT(f00f_hack, SI_SUB_INTRINSIC, SI_ORDER_FIRST, f00f_hack, NULL); + + + +void + +f00f_hack(void) { + + struct region_descriptor r_idt; + + unsigned char *tmp; + + int i; + + + + if (!has_f00f_bug) + + return; + + + + printf("Intel Pentium F00F detected, installing workaround\n"); + + + + r_idt.rd_limit = sizeof(idt) - 1; + + + + tmp = kmem_alloc(kernel_map, PAGE_SIZE * 2); + + if (tmp == 0) + + panic("kmem_alloc returned 0"); + + if (((unsigned int)tmp & (PAGE_SIZE-1)) != 0) + + panic("kmem_alloc returned non-page-aligned memory"); + + /* Put the first seven entries in the lower page */ + + t_idt = (struct gate_descriptor*)(tmp + PAGE_SIZE - (7*8)); + + bcopy(idt, t_idt, sizeof(idt)); + + r_idt.rd_base = (int)t_idt; + + lidt(&r_idt); + + if (vm_map_protect(kernel_map, tmp, tmp + PAGE_SIZE, + + VM_PROT_READ, FALSE) != KERN_SUCCESS) + + panic("vm_map_protect failed"); + + return; + +} + +#endif /* defined(I586_CPU) && !NO_F00F_HACK */ + + int + ptrace_set_pc(p, addr) + Index: trap.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/i386/i386/trap.c,v + retrieving revision 1.115 + retrieving revision 1.118 + diff -u -r1.115 -r1.118 + --- trap.c 1997/11/24 13:25:37 1.115 + +++ trap.c 1997/12/04 21:21:26 1.118 + @@ -142,6 +143,11 @@ + static void userret __P((struct proc *p, struct trapframe *frame, + u_quad_t oticks)); + + +#if defined(I586_CPU) && !defined(NO_F00F_HACK) + +extern struct gate_descriptor *t_idt; + +extern int has_f00f_bug; + +#endif + + + static inline void + userret(p, frame, oticks) + struct proc *p; + @@ -211,6 +217,9 @@ + u_long eva; + #endif + + +#if defined(I586_CPU) && !defined(NO_F00F_HACK) + +restart: + +#endif + type = frame.tf_trapno; + code = frame.tf_err; + + @@ -276,6 +285,10 @@ + i = trap_pfault(&frame, TRUE); + if (i == -1) + return; + +#if defined(I586_CPU) && !defined(NO_F00F_HACK) + + if (i == -2) + + goto restart; + +#endif + if (i == 0) + goto out; + + @@ -642,7 +655,18 @@ + if (va >= KERNBASE) { + /* + * Don't allow user-mode faults in kernel address space. + + * An exception: if the faulting address is the invalid + + * instruction entry in the IDT, then the Intel Pentium + + * F00F bug workaround was triggered, and we need to + + * treat it is as an illegal instruction, and not a page + + * fault. + */ + +#if defined(I586_CPU) && !defined(NO_F00F_HACK) + + if ((eva == (unsigned int)&t_idt[6]) && has_f00f_bug) { + + frame->tf_trapno = T_PRIVINFLT; + + return -2; + + } + +#endif + if (usermode) + goto nogo; + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBNI2g9VUuHi5z0oilAQGFnAP/R4bArrM7+NZKbrJEK+9UpNYBPhsakAF6 +4/U1wJJdbBJPl5j4udZki8ZUEPJvM2mSnrs9UevQMYGSoirl92h/0SEgVgjIfhcJ +tcyY97Js6biHAZzib4i/TKoN47wBNjgRLF6SfafuIxfVQYk6RMFB5EUdYBdseVz/ +5RgYqQz4m/k= +=xvTs +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-98:01.land.asc b/share/security/advisories/FreeBSD-SA-98:01.land.asc new file mode 100644 index 0000000000..a6c29b2e3d --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-98:01.land.asc @@ -0,0 +1,219 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-98:01 Security Advisory + FreeBSD, Inc. + +Topic: LAND attack can cause harm to running FreeBSD systems + +Category: core +Module: kern +Announced: 1997-12-01 +Affects: FreeBSD 2.1.*, FreeBSD 2.2.0R, 2.2.1R, 2.2.5R + FreeBSD-stable and FreeBSD-current +Doesn't Affect: FreeBSD 2.2.2R +Corrected: FreeBSD 2.2.6R, FreeBSD-current as of Jan 21, 1998 + FreeBSD-stable as of Jan 30, 1998 +FreeBSD only: no + +Patches: ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:01/ + +============================================================================= +IMPORTANT MESSAGE: The FreeBSD advisory archive has moved from +ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/CERT +============================================================================= + +I. Background + + In most TCP stacks state is kept based on the source and + destination address of a packet received. + +II. Problem Description + + A problem exists in most FreeBSD derived stacks that allows a + malicious user to send a packet that causes the sytsem to lock + up, thus producing a denial of service attack. + +III. Impact + + Any person on the Internet who can send a FreeBSD machine a + packet can cause it to lock up and be taken out of service. + +IV. Workaround + + A firewall can be used to filter packets from the Internet that + appear to be from your local network. This will not eliminate + the threat, but will eliminate external attacks. + +V. Solution + + Apply the enclosed patch. There are two patches, one for FreeBSD + -current, and another for FreeBSD 2.2-stable. + + patch for -current prior to Jan 21, 1998. Found in land-current. + + Index: tcp_input.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/sys/netinet/tcp_input.c,v + retrieving revision 1.67 + retrieving revision 1.68 + diff -u -r1.67 -r1.68 + --- tcp_input.c 1997/12/19 23:46:15 1.67 + +++ tcp_input.c 1998/01/21 02:05:59 1.68 + @@ -626,6 +613,7 @@ + * If the state is LISTEN then ignore segment if it contains an RST. + * If the segment contains an ACK then it is bad and send a RST. + * If it does not contain a SYN then it is not interesting; drop it. + + * If it is from this socket, drop it, it must be forged. + * Don't bother responding if the destination was a broadcast. + * Otherwise initialize tp->rcv_nxt, and tp->irs, select an initial + * tp->iss, and send a segment: + @@ -644,6 +632,9 @@ + goto dropwithreset; + if ((tiflags & TH_SYN) == 0) + goto drop; + + if ((ti->ti_dport == ti->ti_sport) && + + (ti->ti_dst.s_addr == ti->ti_src.s_addr)) + + goto drop; + /* + * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN + * in_broadcast() should never return true on a received + @@ -762,6 +753,23 @@ + } + + /* + + * If the state is SYN_RECEIVED: + + * if seg contains SYN/ACK, send a RST. + + * if seg contains an ACK, but not for our SYN/ACK, send a RST. + + */ + + case TCPS_SYN_RECEIVED: + + if (tiflags & TH_ACK) { + + if (tiflags & TH_SYN) { + + tcpstat.tcps_badsyn++; + + goto dropwithreset; + + } + + if (SEQ_LEQ(ti->ti_ack, tp->snd_una) || + + SEQ_GT(ti->ti_ack, tp->snd_max)) + + goto dropwithreset; + + } + + break; + + + + /* + * If the state is SYN_SENT: + * if seg contains an ACK, but not for our SYN, drop the input. + * if seg contains a RST, then drop the connection. + @@ -1176,14 +1184,11 @@ + switch (tp->t_state) { + + /* + - * In SYN_RECEIVED state if the ack ACKs our SYN then enter + - * ESTABLISHED state and continue processing, otherwise + - * send an RST. + + * In SYN_RECEIVED state, the ack ACKs our SYN, so enter + + * ESTABLISHED state and continue processing. + + * The ACK was checked above. + */ + case TCPS_SYN_RECEIVED: + - if (SEQ_GT(tp->snd_una, ti->ti_ack) || + - SEQ_GT(ti->ti_ack, tp->snd_max)) + - goto dropwithreset; + + tcpstat.tcps_connects++; + soisconnected(so); + + patch for 2.2.5 and 2.2.5-stable before Jan 30, 1998 found in land-22 + + Index: tcp_input.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/sys/netinet/tcp_input.c,v + retrieving revision 1.54.2.6 + retrieving revision 1.54.2.7 + diff -u -r1.54.2.6 -r1.54.2.7 + --- tcp_input.c 1997/11/20 21:45:34 1.54.2.6 + +++ tcp_input.c 1998/01/30 19:13:55 1.54.2.7 + @@ -627,6 +614,7 @@ + * If the state is LISTEN then ignore segment if it contains an RST. + * If the segment contains an ACK then it is bad and send a RST. + * If it does not contain a SYN then it is not interesting; drop it. + + * If it is from this socket, drop it, it must be forged. + * Don't bother responding if the destination was a broadcast. + * Otherwise initialize tp->rcv_nxt, and tp->irs, select an initial + * tp->iss, and send a segment: + @@ -646,6 +634,9 @@ + goto dropwithreset; + if ((tiflags & TH_SYN) == 0) + goto drop; + + if ((ti->ti_dport == ti->ti_sport) && + + (ti->ti_dst.s_addr == ti->ti_src.s_addr)) + + goto drop; + /* + * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN + * in_broadcast() should never return true on a received + @@ -765,6 +756,23 @@ + } + + /* + + * If the state is SYN_RECEIVED: + + * if seg contains SYN/ACK, send a RST. + + * if seg contains an ACK, but not for our SYN/ACK, send a RST. + + */ + + case TCPS_SYN_RECEIVED: + + if (tiflags & TH_ACK) { + + if (tiflags & TH_SYN) { + + tcpstat.tcps_badsyn++; + + goto dropwithreset; + + } + + if (SEQ_LEQ(ti->ti_ack, tp->snd_una) || + + SEQ_GT(ti->ti_ack, tp->snd_max)) + + goto dropwithreset; + + } + + break; + + + + /* + * If the state is SYN_SENT: + * if seg contains an ACK, but not for our SYN, drop the input. + * if seg contains a RST, then drop the connection. + @@ -1179,14 +1187,11 @@ + switch (tp->t_state) { + + /* + - * In SYN_RECEIVED state if the ack ACKs our SYN then enter + - * ESTABLISHED state and continue processing, otherwise + - * send an RST. + + * In SYN_RECEIVED state, the ack ACKs our SYN, so enter + + * ESTABLISHED state and continue processing. + + * The ACK was checked above. + */ + case TCPS_SYN_RECEIVED: + - if (SEQ_GT(tp->snd_una, ti->ti_ack) || + - SEQ_GT(ti->ti_ack, tp->snd_max)) + - goto dropwithreset; + + tcpstat.tcps_connects++; + soisconnected(so); + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBNQg21FUuHi5z0oilAQFsYAP/TSdBmRb90H9/JqCvM/7pn1FOngoJgLPV +GzEBEKe1cbeY5tOY/rCLPVX3g+JjRjPFkMICaTYk0JdFEO29CLhw5qoX/OAm4M+M +erMJvXUJ3SPaEAEgK7zh5c73t9I4573Rbp1IxU3uZiqVSc3myJxCtFa4ZW2O6zkm +G57fsHlGRKo= +=4fC3 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-98:02.mmap.asc b/share/security/advisories/FreeBSD-SA-98:02.mmap.asc new file mode 100644 index 0000000000..4f2d258632 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-98:02.mmap.asc @@ -0,0 +1,239 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-98:02 Security Advisory + FreeBSD, Inc. + +Topic: security compromise via mmap + +Category: core +Module: kernel +Announced: 1998-03-12 +Affects: FreeBSD 2.2.*, FreeBSD-stable and FreeBSD-current + before 1998/03/11 suffer from this problem. +Corrected: FreeBSD-current as of 1998/03/11 + FreeBSD-stable as of 1998/03/11 +FreeBSD only: no (also other 4.4BSD based systems may be affected) + +Patches: ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:02/ + +============================================================================= +IMPORTANT MESSAGE: The FreeBSD advisory archive has moved from +ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/CERT +============================================================================= + +I. Background + + The 4.4BSD VM system allows files to be "memory mapped", which + causes the specified contents of a file to be made available + to a process via its address space. Manipulations of that file + can then be performed simply by manipulating memory, rather + than using filesystem I/O calls. This technique is used to + simplify code, speed up access to files, and provide interprocess + communication. + +II. Problem Description + + Due to a 4.4BSD VM system problem, it is possible to memory-map + a read-only descriptor to a character device in read-write + mode. + +III. Impact + + The hole can be used by members of group kmem to gain superuser + privileges. It also allows the superuser to lower the system + securelevel. + +IV. Workaround + + No workaround is known. + +V. Solution + + + Apply one of the following patches, rebuild your kernel, + install it and reboot your system. + + The patches below can be found on + ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:02/ + + + Patch for 3.0-current systems: + + Index: vm_mmap.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v + retrieving revision 1.74 + diff -u -r1.74 vm_mmap.c + --- vm_mmap.c 1998/03/07 21:37:01 1.74 + +++ vm_mmap.c 1998/03/10 21:51:30 + @@ -162,6 +162,7 @@ + vm_prot_t prot, maxprot; + void *handle; + int flags, error; + + int disablexworkaround; + off_t pos; + + addr = (vm_offset_t) uap->addr; + @@ -252,6 +253,26 @@ + pos = 0; + } else { + /* + + * cdevs does not provide private mappings of any kind. + + */ + + /* + + * However, for XIG X server to continue to work, + + * we should allow the superuser to do it anyway. + + * We only allow it at securelevel < 1. + + * (Because the XIG X server writes directly to video + + * memory via /dev/mem, it should never work at any + + * other securelevel. + + * XXX this will have to go + + */ + + if (securelevel >= 1) + + disablexworkaround = 1; + + else + + disablexworkaround = suser(p->p_ucred, + + &p->p_acflag); + + if (vp->v_type == VCHR && disablexworkaround && + + (flags & (MAP_PRIVATE|MAP_COPY))) + + return (EINVAL); + + /* + * Ensure that file and memory protections are + * compatible. Note that we only worry about + * writability if mapping is shared; in this case, + @@ -265,12 +286,20 @@ + maxprot |= VM_PROT_READ; + else if (prot & PROT_READ) + return (EACCES); + - if (flags & MAP_SHARED) { + - if (fp->f_flag & FWRITE) + - maxprot |= VM_PROT_WRITE; + - else if (prot & PROT_WRITE) + - return (EACCES); + - } else + + /* + + * If we are sharing potential changes (either via + + * MAP_SHARED or via the implicit sharing of character + + * device mappings), and we are trying to get write + + * permission although we opened it without asking + + * for it, bail out. Check for superuser, only if + + * we're at securelevel < 1, to allow the XIG X server + + * to continue to work. + + */ + + if (((flags & MAP_SHARED) != 0 || + + (vp->v_type == VCHR && disablexworkaround)) && + + (fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0) + + return (EACCES); + + else + maxprot |= VM_PROT_WRITE; + handle = (void *)vp; + } + + Patch for 2.2 systems: + + Index: vm_mmap.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v + retrieving revision 1.53.2.2 + diff -u -r1.53.2.2 vm_mmap.c + --- vm_mmap.c 1997/03/25 04:54:29 1.53.2.2 + +++ vm_mmap.c 1998/03/10 21:50:46 + @@ -157,6 +157,9 @@ + vm_prot_t prot, maxprot; + caddr_t handle; + int flags, error; + + int disablexworkaround; + + + + addr = (vm_offset_t) uap->addr; + + prot = uap->prot & VM_PROT_ALL; + flags = uap->flags; + @@ -230,6 +233,26 @@ + flags |= MAP_ANON; + } else { + /* + + * cdevs does not provide private mappings of any kind. + + */ + + /* + + * However, for XIG X server to continue to work, + + * we should allow the superuser to do it anyway. + + * We only allow it at securelevel < 1. + + * (Because the XIG X server writes directly to video + + * memory via /dev/mem, it should never work at any + + * other securelevel. + + * XXX this will have to go + + */ + + if (securelevel >= 1) + + disablexworkaround = 1; + + else + + disablexworkaround = suser(p->p_ucred, + + &p->p_acflag); + + if (vp->v_type == VCHR && disablexworkaround && + + (flags & (MAP_PRIVATE|MAP_COPY))) + + return (EINVAL); + + /* + * Ensure that file and memory protections are + * compatible. Note that we only worry about + * writability if mapping is shared; in this case, + @@ -243,12 +266,20 @@ + maxprot |= VM_PROT_READ; + else if (prot & PROT_READ) + return (EACCES); + - if (flags & MAP_SHARED) { + - if (fp->f_flag & FWRITE) + - maxprot |= VM_PROT_WRITE; + - else if (prot & PROT_WRITE) + - return (EACCES); + - } else + + /* + + * If we are sharing potential changes (either via + + * MAP_SHARED or via the implicit sharing of character + + * device mappings), and we are trying to get write + + * permission although we opened it without asking + + * for it, bail out. Check for superuser, only if + + * we're at securelevel < 1, to allow the XIG X server + + * to continue to work. + + */ + + if (((flags & MAP_SHARED) != 0 || + + (vp->v_type == VCHR && disablexworkaround)) && + + (fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0) + + return (EACCES); + + else + maxprot |= VM_PROT_WRITE; + handle = (caddr_t) vp; + } + +VI. Thanks + + This advisory is based on the OpenBSD Security Advisory, dated + February 20 2, 1998. Thanks to "Thomas H. Ptacek" + for allowing this. + + Thanks to "Cy Schubert" for porting the + OpenBSD patch to FreeBSD. + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/CERT/public_key.asc +Security notifications: security-notifications@freebsd.org +Security public discussion: security@freebsd.org + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.2 + +iQCVAwUBNQg5QlUuHi5z0oilAQGxJQP/YRbQ4Ox0R7zELYIfiYY4ZTec53DlkNTm ++NWLqqMJWFAQQ2BfTLmcxJdcaUlPkZmKU21ZUFVxKFuCjjp1MSiFApLJRcXuX6u6 +ZYgwvrrLB5ppU2L/uWG+mlJKrf/j6R28B/NQ7b/OB9hcRlNdOFyu7K44M+yKxaPb +SRJ4LR1rQKk= +=qDrb +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-98:03.ttcp.asc b/share/security/advisories/FreeBSD-SA-98:03.ttcp.asc new file mode 100644 index 0000000000..4e9e4ab61f --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-98:03.ttcp.asc @@ -0,0 +1,114 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-98:03 Security Advisory + FreeBSD, Inc. + +Topic: Problems with TTCP + +Category: core +Module: kernel +Announced: 1998-05-14, revised at 1998-05-18 +Affects: FreeBSD 2.1.* + FreeBSD 2.2.*, + FreeBSD-2.2-stable before 1998/05/14 and + FreeBSD-3.0-current before 1998/05/05 suffer from this problem. +Corrected: FreeBSD-3.0-current as of 1998/05/14 + FreeBSD-2.2-stable as of 1998/05/05 + FreeBSD-2.1-stable as of 1998/05/18 +FreeBSD only: No. Any other system incorporating TTCP extentions may be + affected. + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:03/ + +I. Background + + + RFC 1644 provides an extension to TCP called TCP Extensions for + Transactions, or shortly T/TCP. It provides a way of bypassing + the standard three-way handshake found in TCP, thus speeding up + transactions. + T/TCP has been incorporated in FreeBSD since FreeBSD 2.0.5. + +II. Problem Description + + An accelerated open is initiated by a client by sending a new + TCP option, called CC, to the server. The kernel keeps a + special cache for each host it communicated with, among others + containing the value of the last CC option used by the client. + A new accelerated open is allowed when the CC sent is larger + than the one in the per-host cache. Thus one can spoof complete + connections. + +III. Impact + + The hole can be used to obtain unauthorized acces to the system + by spoofing connections to the r*-services. This can only be + done in the case where an .rhost file and/or a host.equiv file + is used as the sole method of authentication. + +IV. Workaround + + Disable all r-* services. Note that setting the kernel variable + net.inet.tcp.rfc1644 to 0 does not solve the problem. This + variable controls whether the system will initiate rfc1644 + based connections and does not affect the ability to receive + such connections. + +V. Solution + + + Apply the following patch, rebuild your kernel, install it + and reboot your system. The patch is valid for 2.1.* systems, + for 2.1-stable, for 2.2.* systems, for 2.2-stable and for 3.0-current. + + The patch below can be found on + ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:03/ + + + Index: tcp_input.c + =================================================================== + RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v + retrieving revision 1.74 + retrieving revision 1.77 + diff -u -r1.74 -r1.77 + --- tcp_input.c 1998/04/24 10:08:57 1.74 + +++ tcp_input.c 1998/05/18 17:11:24 1.77 + @@ -680,7 +680,9 @@ + * - otherwise do a normal 3-way handshake. + */ + if ((to.to_flag & TOF_CC) != 0) { + - if (taop->tao_cc != 0 && CC_GT(to.to_cc, taop->tao_cc)) { + + if (((tp->t_flags & TF_NOPUSH) != 0) && + + taop->tao_cc != 0 && CC_GT(to.to_cc, taop->tao_cc)) { + + + taop->tao_cc = to.to_cc; + tp->t_state = TCPS_ESTABLISHED; + + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +========================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBNWBuSFUuHi5z0oilAQG0WwP+KUCgtui/1BAz4DbtAcm5sodoTVpzhQyG +NOfhKKgoopaMtbFFVTtCaC3+QL8xqsQX3GfcF1QRn16KDojLmG2em0yrA6Ad4Mwn +Jup5U4Vur5CQSOuhyZAnRIBeTdC2nCraWee/tGxoiamximqI/bZKpjn/4HwB0XVh +ZwvupaQ4y9c= +=n3/i +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-98:04.mmap.asc b/share/security/advisories/FreeBSD-SA-98:04.mmap.asc new file mode 100644 index 0000000000..00754df03a --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-98:04.mmap.asc @@ -0,0 +1,201 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-98:04 Security Advisory + FreeBSD, Inc. + +Topic: security compromise via mmap + +Category: core +Module: kernel +Announced: 1998-06-02 +Affects: FreeBSD 2.2.*, FreeBSD-stable before 1998/05/24 + and FreeBSD-current before 1998/05/19 suffer from + this problem. +Corrected: FreeBSD-current as of 1998/05/19 + FreeBSD-stable as of 1998/05/24 +FreeBSD only: no (also other 4.4BSD based systems may be affected) + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:04/ + +============================================================================= +IMPORTANT MESSAGE: The FreeBSD security officer now uses the policy +ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/FreeBSD/POLICY +for sending out advisories. +============================================================================= + +I. Background + + The 4.4BSD VM system allows files to be "memory mapped", which + causes the specified contents of a file to be made available + to a process via its address space. Manipulations of that file + can then be performed simply by manipulating memory, rather + than using filesystem I/O calls. This technique is used to + simplify code, speed up access to files, and provide interprocess + communication. + + In 4.4BSD, 4 new FFS flags were added that give the possibility + to mark files as append-only or immutable. + +II. Problem Description + + It is possible for a process to open an append-only file + according to the limitations of the flags, and then mmap the + file shared with write permission even when the file is marked + as append-only or immutable. This circumvents the concept of + the the append-only flag. + +III. Impact + + It is possible to change the contents of append-only files. + +IV. Workaround + + No workaround is known. + +V. Solution + + + Apply one of the following patches, rebuild your kernel, + install it and reboot your system. + + The patches below can be found on + ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:04/ + + NOTE: Users of FreeBSD 2.2.5 or FreeBSD-current or FreeBSD-stable + dated before 1998/03/12 will need to apply the patch mentioned in + FreeBSD advisory SA-98:02. + + + Patch for 3.0-current systems: + + Index: vm_mmap.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v + retrieving revision 1.75 + retrieving revision 1.77 + diff -u -r1.75 -r1.77 + --- vm_mmap.c 1998/03/12 19:36:18 1.75 + +++ vm_mmap.c 1998/05/19 07:13:21 1.77 + @@ -58,6 +58,7 @@ + #include + #include + #include + +#include + #include + + #include + @@ -295,12 +296,25 @@ + * we're at securelevel < 1, to allow the XIG X server + * to continue to work. + */ + - if (((flags & MAP_SHARED) != 0 || + - (vp->v_type == VCHR && disablexworkaround)) && + - (fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0) + - return (EACCES); + - else + + + + if ((flags & MAP_SHARED) != 0 || + + (vp->v_type == VCHR && disablexworkaround)) { + + if ((fp->f_flag & FWRITE) != 0) { + + struct vattr va; + + if ((error = + + VOP_GETATTR(vp, &va, + + p->p_ucred, p))) + + return (error); + + if ((va.va_flags & + + (IMMUTABLE|APPEND)) == 0) + + maxprot |= VM_PROT_WRITE; + + else if (prot & PROT_WRITE) + + return (EPERM); + + } else if ((prot & PROT_WRITE) != 0) + + return (EACCES); + + } else + maxprot |= VM_PROT_WRITE; + + + handle = (void *)vp; + } + } + + Patch for 2.2 systems: + + Index: vm_mmap.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v + retrieving revision 1.53.2.3 + retrieving revision 1.53.2.4 + diff -u -r1.53.2.3 -r1.53.2.4 + --- vm_mmap.c 1998/03/12 19:36:50 1.53.2.3 + +++ vm_mmap.c 1998/05/24 19:47:02 1.53.2.4 + @@ -57,6 +57,7 @@ + #include + #include + #include + +#include + #include + + #include + @@ -275,12 +276,26 @@ + * we're at securelevel < 1, to allow the XIG X server + * to continue to work. + */ + - if (((flags & MAP_SHARED) != 0 || + - (vp->v_type == VCHR && disablexworkaround)) && + - (fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0) + - return (EACCES); + - else + + + + if ((flags & MAP_SHARED) != 0 || + + (vp->v_type == VCHR && disablexworkaround)) { + + if ((fp->f_flag & FWRITE) != 0) { + + struct vattr va; + + + + if ((error = + + VOP_GETATTR(vp, &va, + + p->p_ucred, p))) + + return (error); + + if ((va.va_flags & + + (IMMUTABLE|APPEND)) == 0) + + maxprot |= VM_PROT_WRITE; + + else if (prot & PROT_WRITE) + + return (EPERM); + + } else if ((prot & PROT_WRITE) != 0) + + return (EACCES); + + } else + maxprot |= VM_PROT_WRITE; + + + handle = (caddr_t) vp; + } + } + +VI. Thanks + + This advisory is based on NetBSD Security Advisory 1998-003. + In porting the NetBSD patch, we accidentally mentioned that we + obtained the patch from OpenBSD, which was evidently wrong. + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBNXWJC1UuHi5z0oilAQG3nAP9GjmOtlc1WxPJjcbRwvXmKzhRInCfuVTL +f5k7dAyFmUmo6wnyQwsBoQUsa7d/kS0YCnfTIkFYrGkFvBa8hnw/i9VVdMFaUFFV +kTo6YLQfgG35znTxftACAs4uzjeRbh/6dr1YsERYxWNW0PabKbYfjMQapmY5GUVm +px3WF/jRI5k= +=Umgx +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-98:05.nfs.asc b/share/security/advisories/FreeBSD-SA-98:05.nfs.asc new file mode 100644 index 0000000000..f2e77fdd68 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-98:05.nfs.asc @@ -0,0 +1,127 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-98:05 Security Advisory + FreeBSD, Inc. + +Topic: system crash with NFS + +Category: core +Module: kernel +Announced: 1998-06-04 +Affects: FreeBSD 2.2.* and FreeBSD-stable before 1998/05/31 + this problem. +Corrected: FreeBSD-current as of 1998/05/31 +FreeBSD only: no (also other 4.4BSD based systems may be affected) + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:05/ + +============================================================================= +IMPORTANT MESSAGE: The FreeBSD security officer now uses the policy +ftp://ftp.freebsd.org/pub/FreeBSD/POLICY.asc for sending out advisories. +============================================================================= + +I. Background + + NFS can be used to mount remote file systems. Apart from being + remote, it acts like a normal UFS file system. Among others, + This means that creating hard links can be done in NFS + file systems + +II. Problem Description + + When creating hard links on file systems, the kernel checks that + both the original file and the link to it are located on the same + file system. Unfortunately, there is an error in the NFS kernel code + in FreeBSD 2.2.* systems that performs this check. + +III. Impact + + It is possible to crash a FreeBSD 2.2.* system by hard linking + a device special files to a file on an NFS mounted file system. + + FreeBSD-current is not vulnerable. + +IV. Workaround + + No real work around is known (except for unmounting your NFS + file systems). + +V. Solution + + Apply one of the following patches, rebuild your kernel, + install it and reboot your system. + + The patches below can be found on + ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:05/ + + + Patch for 2.2.5 and 2.2.6 systems: + + + Index: nfs_vnops.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/nfs/nfs_vnops.c,v + retrieving revision 1.36.2.6 + retrieving revision 1.36.2.7 + diff -u -r1.36.2.6 -r1.36.2.7 + --- nfs_vnops.c 1998/05/13 05:48:45 1.36.2.6 + +++ nfs_vnops.c 1998/05/31 00:07:29 1.36.2.7 + @@ -1755,17 +1755,8 @@ + struct componentname *a_cnp; + } */ *ap; + { + -#if defined(__NetBSD__) + - /* + - * Since the args are reversed in the VOP_LINK() calls, + - * switch them back. Argh! + - */ + - register struct vnode *vp = ap->a_tdvp; + - register struct vnode *tdvp = ap->a_vp; + -#else + register struct vnode *vp = ap->a_vp; + register struct vnode *tdvp = ap->a_tdvp; + -#endif + register struct componentname *cnp = ap->a_cnp; + register u_long *tl; + register caddr_t cp; + @@ -1776,11 +1767,8 @@ + int v3 = NFS_ISV3(vp); + + if (vp->v_mount != tdvp->v_mount) { + - VOP_ABORTOP(vp, cnp); + - if (tdvp == vp) + - vrele(tdvp); + - else + - vput(tdvp); + + VOP_ABORTOP(tdvp, cnp); + + vput(tdvp); + return (EXDEV); + } + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBNXbehFUuHi5z0oilAQHS8gQAgIgUrioo3hT+mJLyxUp//ASoFPSf2+vw +fmq2D9qEYyV5Od/HLBnzgb3jz5xyqWDLBx6pNV3QIPAimw3+S0oHOUYG+UCn96yD +58kEx6mc8KanEHs0lzdgoqFi6ioVkPzCplxzqy+QfQvDCJPE+w7BbFkwVXhJHNof +4JvVbewoA9c= +=ILgB +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-98:06.icmp.asc b/share/security/advisories/FreeBSD-SA-98:06.icmp.asc new file mode 100644 index 0000000000..bf90e234bd --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-98:06.icmp.asc @@ -0,0 +1,128 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-98:06 Security Advisory + FreeBSD, Inc. + +Topic: smurf attack + +Category: core +Module: kernel +Announced: 1998-06-10 +Affects: FreeBSD 2.2.*, FreeBSD-stable and FreeBSD-current + before 1998/05/26 suffer from this problem. +Corrected: FreeBSD-current as of 1998/05/26 + FreeBSD-stable as of 1998/05/26 +FreeBSD only: yes + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:06/ + +============================================================================= +IMPORTANT MESSAGE: The FreeBSD security officer now uses the policy +ftp://ftp.freebsd.org/pub/FreeBSD/POLICY.asc for sending out +advisories. +============================================================================= + +I. Background + + As can be read in CERT advisory CA-98.01.smurf, there exists + a denial of service attack called "smurfing". This attack sends + ICMP echo requests to the broadcast address of a network. This + results in the source address of the ICMP packets being flooded + with ICMP echo replies. Of course, the source address is + spoofed. + + +II. Problem Description + + A solution at the intermediate network being abused to generate + the ICMP echo replies is to either block ICMP echo requests + directed to a broadcast address or to configure the hosts on + that network not to respond to such an ICMP request. In the + CERT advisory, the following was reported: + + In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond + to ICMP echo requests destined for broadcast and multicast + addresses by default. This behavior can be changed via the + sysctl command via mib net.inet.icmp.bmcastecho. + + Unfortunately, an error was made with the implementation of + this functionality and, despite the text in the CERT + advisory, the net.inet.icmp.bmcastecho sysctl variable default + is to respond to ICMP packets sent to the networks broadcast + address. You should explicitly run the command + sysctl -w net.inet.icmp.bmcastecho=0 + to disable this. + +III. Impact + + Your network can suffer performance degradation when a + large amount of spoofed ICMP is sent to your broadcast address. + +IV. Workaround + + Block ICMP echo requests to broadcast addresses in your kernel + using ipfw(8). See CERT advisory CA-98.01.smurf for more + workarounds. + +V. Solution + + Apply the following patch: + + Patch for 3.0-current, 2.2-stable, 2.2.5 and 2.2.6 systems: + + Index: ip_icmp.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/ip_icmp.c,v + retrieving revision 1.29 + retrieving revision 1.30 + diff -u -r1.29 -r1.30 + --- ip_icmp.c 1997/08/25 16:29:27 1.29 + +++ ip_icmp.c 1998/05/26 11:34:30 1.30 + @@ -375,8 +375,7 @@ + + case ICMP_ECHO: + if (!icmpbmcastecho + - && (m->m_flags & (M_MCAST | M_BCAST)) != 0 + - && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { + + && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { + icmpstat.icps_bmcastecho++; + break; + } + @@ -385,8 +384,7 @@ + + case ICMP_TSTAMP: + if (!icmpbmcastecho + - && (m->m_flags & (M_MCAST | M_BCAST)) != 0 + - && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) { + + && (m->m_flags & (M_MCAST | M_BCAST)) != 0) { + icmpstat.icps_bmcasttstamp++; + break; + } + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBNX7QUlUuHi5z0oilAQEBMQP6Avlv1dEMtH7thC510f17to9UNcDAobz4 +83Fd5qVfwjBy5G0AxSLOLYb4/9ZI137aNtsLRcvx3J4CRGPBCpA7UXptID/QuTHO +6Z0sqix21OAigcrdX0Aegx2JBvY+NLgBSK4NrWbpp5sAjjW1i4OS/wzGQmhXFDjU +JGoIZMmYKXU= +=VFXs +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-98:07.rst.asc b/share/security/advisories/FreeBSD-SA-98:07.rst.asc new file mode 100644 index 0000000000..e4dc9cfc75 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-98:07.rst.asc @@ -0,0 +1,508 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-98:07 Security Advisory + FreeBSD, Inc. + +Topic: TCP RST denial of sevice + +Category: core +Module: kernel +Announced: 1998-10-13 +Affects: FreeBSD 2.2.* (before 2.2.8R), FreeBSD-stable and + FreeBSD-current before the correction date. +Corrected: FreeBSD-current as of 1998/09/11 + FreeBSD-stable as of 1998/09/16 +FreeBSD only: Yes + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:07/ + +Vulnerable: + + +I. Background + +TCP/IP connections are controlled through a series of packets that are +receieved by the two computers involved in the connection. Old, stale +connections are reset with a packet called a RST packet. The RST +packets have a sequence number in them that must be valid according to +certain rules in the standards. + + +II. Problem Description + +A denail of service attack can be launched against FreeBSD systems +running without one of the patches supplied later in this message. +Using a flaw in the interpreation of sequence numbers in the RST +packet, malicious users can terminate connections of other users at +will. + + +III. Impact + +Some TCP connections will be broken. This can range from a minor +inconvenience to a major problem depending on the nature of the +attackers and what they attack. This attack requires knowledge of the +TCP connection 4-tuple (source IP, source port, destination IP and +destination port). If even one of these items is unknown, then the +attack will not succeed. Users without priviledge of the destination +machine, however, can find the source IP and source port numbers with +the netstat command and can effect this attack. Also, intruders that +are able to capture raw network traffic on the network the target +machine resides will also have enough information to launch this +attack. It is also possible for an attacker to send a huge flood of +packets, hoping that they will get lucky just once (which is all they +need to attack a specific connection). + +This vulnerability has been discussed in the security list called +BUGTRAQ and exploit programs are circulating to take advantage of this +flaw. + +This attack has been reported most often as being used against people +connected to irc servers. + +IV. Workaround + +None. + +V. Solution + +Here is the patch that will apply to 2.2-stable systems from before +September 16, 1998. -stable systems after that date do not suffer +from this problem. It will also apply to FreeBSD 2.2.6 and 2.2.7. + + + Index: tcp_input.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/tcp_input.c,v + retrieving revision 1.54.2.10 + retrieving revision 1.54.2.11 + diff -u -r1.54.2.10 -r1.54.2.11 + --- tcp_input.c 1998/05/18 17:12:44 1.54.2.10 + +++ tcp_input.c 1998/09/16 17:35:17 1.54.2.11 + @@ -972,17 +972,99 @@ + + /* + * States other than LISTEN or SYN_SENT. + - * First check timestamp, if present. + + * First check the RST flag and sequence number since reset segments + + * are exempt from the timestamp and connection count tests. This + + * fixes a bug introduced by the Stevens, vol. 2, p. 960 bugfix + + * below which allowed reset segments in half the sequence space + + * to fall though and be processed (which gives forged reset + + * segments with a random sequence number a 50 percent chance of + + * killing a connection). + + * Then check timestamp, if present. + * Then check the connection count, if present. + * Then check that at least some bytes of segment are within + * receive window. If segment begins before rcv_nxt, + * drop leading data (and SYN); if nothing left, just ack. + * + + * + + * If the RST bit is set, check the sequence number to see + + * if this is a valid reset segment. + + * RFC 793 page 37: + + * In all states except SYN-SENT, all reset (RST) segments + + * are validated by checking their SEQ-fields. A reset is + + * valid if its sequence number is in the window. + + * Note: this does not take into account delayed ACKs, so + + * we should test against last_ack_sent instead of rcv_nxt. + + * Also, it does not make sense to allow reset segments with + + * sequence numbers greater than last_ack_sent to be processed + + * since these sequence numbers are just the acknowledgement + + * numbers in our outgoing packets being echoed back at us, + + * and these acknowledgement numbers are monotonically + + * increasing. + + * If we have multiple segments in flight, the intial reset + + * segment sequence numbers will be to the left of last_ack_sent, + + * but they will eventually catch up. + + * In any case, it never made sense to trim reset segments to + + * fit the receive window since RFC 1122 says: + + * 4.2.2.12 RST Segment: RFC-793 Section 3.4 + + * + + * A TCP SHOULD allow a received RST segment to include data. + + * + + * DISCUSSION + + * It has been suggested that a RST segment could contain + + * ASCII text that encoded and explained the cause of the + + * RST. No standard has yet been established for such + + * data. + + * + + * If the reset segment passes the sequence number test examine + + * the state: + + * SYN_RECEIVED STATE: + + * If passive open, return to LISTEN state. + + * If active open, inform user that connection was refused. + + * ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES: + + * Inform user that connection was reset, and close tcb. + + * CLOSING, LAST_ACK, TIME_WAIT STATES + + * Close the tcb. + + * TIME_WAIT state: + + * Drop the segment - see Stevens, vol. 2, p. 964 and + + * RFC 1337. + + */ + + if (tiflags & TH_RST) { + + if (tp->last_ack_sent == ti->ti_seq) { + + switch (tp->t_state) { + + + + case TCPS_SYN_RECEIVED: + + so->so_error = ECONNREFUSED; + + goto close; + + + + case TCPS_ESTABLISHED: + + case TCPS_FIN_WAIT_1: + + case TCPS_FIN_WAIT_2: + + case TCPS_CLOSE_WAIT: + + so->so_error = ECONNRESET; + + close: + + tp->t_state = TCPS_CLOSED; + + tcpstat.tcps_drops++; + + tp = tcp_close(tp); + + break; + + + + case TCPS_CLOSING: + + case TCPS_LAST_ACK: + + tp = tcp_close(tp); + + break; + + + + case TCPS_TIME_WAIT: + + break; + + } + + } + + goto drop; + + } + + + + /* + * RFC 1323 PAWS: If we have a timestamp reply on this segment + * and it's less than ts_recent, drop it. + */ + - if ((to.to_flag & TOF_TS) != 0 && (tiflags & TH_RST) == 0 && + - tp->ts_recent && TSTMP_LT(to.to_tsval, tp->ts_recent)) { + + if ((to.to_flag & TOF_TS) != 0 && tp->ts_recent && + + TSTMP_LT(to.to_tsval, tp->ts_recent)) { + + /* Check to see if ts_recent is over 24 days old. */ + if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) { + @@ -1013,10 +1095,19 @@ + * RST segments do not have to comply with this. + */ + if ((tp->t_flags & (TF_REQ_CC|TF_RCVD_CC)) == (TF_REQ_CC|TF_RCVD_CC) && + - ((to.to_flag & TOF_CC) == 0 || tp->cc_recv != to.to_cc) && + - (tiflags & TH_RST) == 0) + + ((to.to_flag & TOF_CC) == 0 || tp->cc_recv != to.to_cc)) + goto dropafterack; + + + /* + + * In the SYN-RECEIVED state, validate that the packet belongs to + + * this connection before trimming the data to fit the receive + + * window. Check the sequence number versus IRS since we know + + * the sequence numbers haven't wrapped. This is a partial fix + + * for the "LAND" DoS attack. + + */ + + if (tp->t_state == TCPS_SYN_RECEIVED && SEQ_LT(ti->ti_seq, tp->irs)) + + goto dropwithreset; + + + todrop = tp->rcv_nxt - ti->ti_seq; + if (todrop > 0) { + if (tiflags & TH_SYN) { + @@ -1128,40 +1219,6 @@ + } + + /* + - * If the RST bit is set examine the state: + - * SYN_RECEIVED STATE: + - * If passive open, return to LISTEN state. + - * If active open, inform user that connection was refused. + - * ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES: + - * Inform user that connection was reset, and close tcb. + - * CLOSING, LAST_ACK, TIME_WAIT STATES + - * Close the tcb. + - */ + - if (tiflags&TH_RST) switch (tp->t_state) { + - + - case TCPS_SYN_RECEIVED: + - so->so_error = ECONNREFUSED; + - goto close; + - + - case TCPS_ESTABLISHED: + - case TCPS_FIN_WAIT_1: + - case TCPS_FIN_WAIT_2: + - case TCPS_CLOSE_WAIT: + - so->so_error = ECONNRESET; + - close: + - tp->t_state = TCPS_CLOSED; + - tcpstat.tcps_drops++; + - tp = tcp_close(tp); + - goto drop; + - + - case TCPS_CLOSING: + - case TCPS_LAST_ACK: + - case TCPS_TIME_WAIT: + - tp = tcp_close(tp); + - goto drop; + - } + - + - /* + * If a SYN is in the window, then this is an + * error and we send an RST and drop the connection. + */ + @@ -1667,9 +1724,22 @@ + /* + * Generate an ACK dropping incoming segment if it occupies + * sequence space, where the ACK reflects our state. + - */ + - if (tiflags & TH_RST) + - goto drop; + + * + + * We can now skip the test for the RST flag since all + + * paths to this code happen after packets containing + + * RST have been dropped. + + * + + * In the SYN-RECEIVED state, don't send an ACK unless the + + * segment we received passes the SYN-RECEIVED ACK test. + + * If it fails send a RST. This breaks the loop in the + + * "LAND" DoS attack, and also prevents an ACK storm + + * between two listening ports that have been sent forged + + * SYN segments, each with the source address of the other. + + */ + + if (tp->t_state == TCPS_SYN_RECEIVED && (tiflags & TH_ACK) && + + (SEQ_GT(tp->snd_una, ti->ti_ack) || + + SEQ_GT(ti->ti_ack, tp->snd_max)) ) + + goto dropwithreset; + #ifdef TCPDEBUG + if (so->so_options & SO_DEBUG) + tcp_trace(TA_DROP, ostate, tp, &tcp_saveti, 0); + +Here is the patch to apply to 3.0-current systems from before +September 11, 1998. This patch is known to apply to systems just +before this date, but as you move farther back in the 3.0-current +branch, it may become more difficult for this patch to apply. + + + Index: tcp_input.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/tcp_input.c,v + retrieving revision 1.80 + retrieving revision 1.81 + diff -u -r1.80 -r1.81 + --- tcp_input.c 1998/08/24 07:47:39 1.80 + +++ tcp_input.c 1998/09/11 16:04:03 1.81 + @@ -979,17 +979,99 @@ + + /* + * States other than LISTEN or SYN_SENT. + - * First check timestamp, if present. + + * First check the RST flag and sequence number since reset segments + + * are exempt from the timestamp and connection count tests. This + + * fixes a bug introduced by the Stevens, vol. 2, p. 960 bugfix + + * below which allowed reset segments in half the sequence space + + * to fall though and be processed (which gives forged reset + + * segments with a random sequence number a 50 percent chance of + + * killing a connection). + + * Then check timestamp, if present. + * Then check the connection count, if present. + * Then check that at least some bytes of segment are within + * receive window. If segment begins before rcv_nxt, + * drop leading data (and SYN); if nothing left, just ack. + * + + * + + * If the RST bit is set, check the sequence number to see + + * if this is a valid reset segment. + + * RFC 793 page 37: + + * In all states except SYN-SENT, all reset (RST) segments + + * are validated by checking their SEQ-fields. A reset is + + * valid if its sequence number is in the window. + + * Note: this does not take into account delayed ACKs, so + + * we should test against last_ack_sent instead of rcv_nxt. + + * Also, it does not make sense to allow reset segments with + + * sequence numbers greater than last_ack_sent to be processed + + * since these sequence numbers are just the acknowledgement + + * numbers in our outgoing packets being echoed back at us, + + * and these acknowledgement numbers are monotonically + + * increasing. + + * If we have multiple segments in flight, the intial reset + + * segment sequence numbers will be to the left of last_ack_sent, + + * but they will eventually catch up. + + * In any case, it never made sense to trim reset segments to + + * fit the receive window since RFC 1122 says: + + * 4.2.2.12 RST Segment: RFC-793 Section 3.4 + + * + + * A TCP SHOULD allow a received RST segment to include data. + + * + + * DISCUSSION + + * It has been suggested that a RST segment could contain + + * ASCII text that encoded and explained the cause of the + + * RST. No standard has yet been established for such + + * data. + + * + + * If the reset segment passes the sequence number test examine + + * the state: + + * SYN_RECEIVED STATE: + + * If passive open, return to LISTEN state. + + * If active open, inform user that connection was refused. + + * ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES: + + * Inform user that connection was reset, and close tcb. + + * CLOSING, LAST_ACK, TIME_WAIT STATES + + * Close the tcb. + + * TIME_WAIT state: + + * Drop the segment - see Stevens, vol. 2, p. 964 and + + * RFC 1337. + + */ + + if (tiflags & TH_RST) { + + if (tp->last_ack_sent == ti->ti_seq) { + + switch (tp->t_state) { + + + + case TCPS_SYN_RECEIVED: + + so->so_error = ECONNREFUSED; + + goto close; + + + + case TCPS_ESTABLISHED: + + case TCPS_FIN_WAIT_1: + + case TCPS_FIN_WAIT_2: + + case TCPS_CLOSE_WAIT: + + so->so_error = ECONNRESET; + + close: + + tp->t_state = TCPS_CLOSED; + + tcpstat.tcps_drops++; + + tp = tcp_close(tp); + + break; + + + + case TCPS_CLOSING: + + case TCPS_LAST_ACK: + + tp = tcp_close(tp); + + break; + + + + case TCPS_TIME_WAIT: + + break; + + } + + } + + goto drop; + + } + + + + /* + * RFC 1323 PAWS: If we have a timestamp reply on this segment + * and it's less than ts_recent, drop it. + */ + - if ((to.to_flag & TOF_TS) != 0 && (tiflags & TH_RST) == 0 && + - tp->ts_recent && TSTMP_LT(to.to_tsval, tp->ts_recent)) { + + if ((to.to_flag & TOF_TS) != 0 && tp->ts_recent && + + TSTMP_LT(to.to_tsval, tp->ts_recent)) { + + /* Check to see if ts_recent is over 24 days old. */ + if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) { + @@ -1020,10 +1102,19 @@ + * RST segments do not have to comply with this. + */ + if ((tp->t_flags & (TF_REQ_CC|TF_RCVD_CC)) == (TF_REQ_CC|TF_RCVD_CC) && + - ((to.to_flag & TOF_CC) == 0 || tp->cc_recv != to.to_cc) && + - (tiflags & TH_RST) == 0) + + ((to.to_flag & TOF_CC) == 0 || tp->cc_recv != to.to_cc)) + goto dropafterack; + + + /* + + * In the SYN-RECEIVED state, validate that the packet belongs to + + * this connection before trimming the data to fit the receive + + * window. Check the sequence number versus IRS since we know + + * the sequence numbers haven't wrapped. This is a partial fix + + * for the "LAND" DoS attack. + + */ + + if (tp->t_state == TCPS_SYN_RECEIVED && SEQ_LT(ti->ti_seq, tp->irs)) + + goto dropwithreset; + + + todrop = tp->rcv_nxt - ti->ti_seq; + if (todrop > 0) { + if (tiflags & TH_SYN) { + @@ -1135,40 +1226,6 @@ + } + + /* + - * If the RST bit is set examine the state: + - * SYN_RECEIVED STATE: + - * If passive open, return to LISTEN state. + - * If active open, inform user that connection was refused. + - * ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES: + - * Inform user that connection was reset, and close tcb. + - * CLOSING, LAST_ACK, TIME_WAIT STATES + - * Close the tcb. + - */ + - if (tiflags&TH_RST) switch (tp->t_state) { + - + - case TCPS_SYN_RECEIVED: + - so->so_error = ECONNREFUSED; + - goto close; + - + - case TCPS_ESTABLISHED: + - case TCPS_FIN_WAIT_1: + - case TCPS_FIN_WAIT_2: + - case TCPS_CLOSE_WAIT: + - so->so_error = ECONNRESET; + - close: + - tp->t_state = TCPS_CLOSED; + - tcpstat.tcps_drops++; + - tp = tcp_close(tp); + - goto drop; + - + - case TCPS_CLOSING: + - case TCPS_LAST_ACK: + - case TCPS_TIME_WAIT: + - tp = tcp_close(tp); + - goto drop; + - } + - + - /* + * If a SYN is in the window, then this is an + * error and we send an RST and drop the connection. + */ + @@ -1673,9 +1730,22 @@ + /* + * Generate an ACK dropping incoming segment if it occupies + * sequence space, where the ACK reflects our state. + - */ + - if (tiflags & TH_RST) + - goto drop; + + * + + * We can now skip the test for the RST flag since all + + * paths to this code happen after packets containing + + * RST have been dropped. + + * + + * In the SYN-RECEIVED state, don't send an ACK unless the + + * segment we received passes the SYN-RECEIVED ACK test. + + * If it fails send a RST. This breaks the loop in the + + * "LAND" DoS attack, and also prevents an ACK storm + + * between two listening ports that have been sent forged + + * SYN segments, each with the source address of the other. + + */ + + if (tp->t_state == TCPS_SYN_RECEIVED && (tiflags & TH_ACK) && + + (SEQ_GT(tp->snd_una, ti->ti_ack) || + + SEQ_GT(ti->ti_ack, tp->snd_max)) ) + + goto dropwithreset; + #ifdef TCPDEBUG + if (so->so_options & SO_DEBUG) + tcp_trace(TA_DROP, ostate, tp, &tcp_saveti, 0); + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBNiOat1UuHi5z0oilAQHd+gP/ejply8nSa1eZ4Fntvs7AI0J4+A00INa6 +taew67WuQt2a6vMfjtqjYMjt09BCaxWgrKftWfb/sn9vF3WNIZ313xOf0NBpdLAm +mTctCLssy/1fw1wmeNBrrA2XyhsmiobZ6KPDOzqKR+xHF9gLQh7ygDc8dBsXUQMp +3kejs4imNb4= +=cP5N +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-98:08.fragment.asc b/share/security/advisories/FreeBSD-SA-98:08.fragment.asc new file mode 100644 index 0000000000..c2af44052c --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-98:08.fragment.asc @@ -0,0 +1,96 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-98:08 Security Advisory + FreeBSD, Inc. + +Topic: IP fragmentation denial of service + +Category: core +Module: kernel +Announced: 1998-11-04 +Affects: FreeBSD 3.0 and + FreeBSD-current before the correction date. +Corrected: FreeBSD-3.0 and FreeBSD-current as of 1998/10/27 +FreeBSD only: Yes + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:08/ + +I. Background + +IP connections are controlled through a series of packets that are +received by the two computers involved in the connection. +When packets are too large to be sent in a single IP packet (due to +interface hardware limitations for example), they can be fragmented +(unless prohibited by the Don't Fragment flag). +The final destination will reassemble all the fragments of an IP packet +and pass it to higher protocol layers (like TCP or UDP). + +II. Problem Description + +There is a bug in the IP fragment reassembly code that might lead +to a kernel panic. An attacker can create and send a pair of +malformed IP packets which are then reassembled into an invalid +UDP datagram. Such an UDP datagram would then cause a server to +panic and crash. + + +III. Impact + +When this bug is exploited the operating system will panic. This results +in a reboot of the system. +This vulnerability has been discussed in public security forums and +exploit programs are circulating to take advantage of this bug. + + +IV. Workaround + +None. + +V. Solution + + + Index: ip_input.c + =================================================================== + RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/ip_input.c,v + retrieving revision 1.102 + retrieving revision 1.103 + diff -u -u -r1.102 -r1.103 + --- ip_input.c 1998/10/16 03:55:01 1.102 + +++ ip_input.c 1998/10/27 09:11:41 1.103 + @@ -750,7 +750,7 @@ + * if they are completely covered, dequeue them. + */ + for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off; + - p = q, q = nq) { + + q = nq) { + i = (ip->ip_off + ip->ip_len) - + GETIP(q)->ip_off; + if (i < GETIP(q)->ip_len) { + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv + +iQCVAwUBNkCrf1UuHi5z0oilAQE0GgQAga3x91fd4QU8/vXKkPp8h2hUmHifhdIc +K4PynSKtqP8IQFzMzGApMU5MLCV2s6cXLj2cznAuCcHiF6xWsTIf1JoqgtaYZaTS +pBtW9Dxp+5OYlVnGHfijUbO8sop2PpAqaBpVv2CnxYvFz3sMbM8z1H7wkWEHvL7Z +MHXYAJ2Apfk= +=fOyn +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-99:01.chflags.asc b/share/security/advisories/FreeBSD-SA-99:01.chflags.asc new file mode 100644 index 0000000000..020df03294 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-99:01.chflags.asc @@ -0,0 +1,183 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-99:01 Security Advisory + FreeBSD, Inc. + +Topic: BSD File Flags and Programming Techniques + +Category: core +Module: kernel +Announced: 1999-09-04 +Affects: FreeBSD 3.2 (and earlier) + FreeBSD-current before the correction date. +Corrected: FreeBSD-3.3 RELEASE + FreeBSD-current as of 1999/08/02 + FreeBSD-3.2-stable as of 1999/08/02 + FreeBSD-2.2.8-stable as of 1999/08/04 +FreeBSD only: NO + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:01/ + +I. Background + +BSD 4.4 added various flags to files in the file system. These flags +control various aspects of which operations are permitted on those +files. Historically, root has been been able to do all of these +operations so many programs that knew they were running as root didn't +check to make sure that these operations succeeded. + +II. Problem Description + +A user can set flags and mode on the device which they logged into. +Since a bug in login and other similar programs causes the normal +chown to fail, this first user will own the terminal of any login. + +III. Impact + +Local users can execute a man-in-the-middle attack against any other +user (including root) when the other users logs in. This give them +the ability to snoop and alter all text that the user writes. Results +of this include the ability to execute commands as the user, and +stealing the user's password (and anything else the users writes over +the connection, including passwords for other machines). + +IV. Workaround + +None. + +V. Solution + + FreeBSD-current + + Index: kern/vfs_syscalls.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/vfs_syscalls.c,v + retrieving revision 1.125 + retrieving revision 1.128 + diff -u -r1.125 -r1.128 + --- vfs_syscalls.c 1999/07/29 17:02:56 1.125 + +++ vfs_syscalls.c 1999/08/04 04:52:18 1.128 + @@ -1892,13 +1892,23 @@ + int error; + struct vattr vattr; + + + /* + + * Prevent non-root users from setting flags on devices. When + + * a device is reused, users can retain ownership of the device + + * if they are allowed to set flags and programs assume that + + * chown can't fail when done as root. + + */ + + if ((vp->v_type == VCHR || vp->v_type == VBLK) && + + ((error = suser_xxx(p->p_ucred, p, PRISON_ROOT)) != 0)) + + return (error); + + + VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE); + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); + VATTR_NULL(&vattr); + vattr.va_flags = flags; + error = VOP_SETATTR(vp, &vattr, p->p_ucred, p); + VOP_UNLOCK(vp, 0, p); + - return error; + + return (error); + } + + /* + + FreeBSD-3.2-stable + + Index: kern/vfs_syscalls.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/vfs_syscalls.c,v + retrieving revision 1.112.2.3 + retrieving revision 1.112.2.5 + diff -u -r1.112.2.3 -r1.112.2.5 + --- vfs_syscalls.c 1999/07/30 01:07:23 1.112.2.3 + +++ vfs_syscalls.c 1999/08/11 21:39:50 1.112.2.5 + @@ -1839,13 +1839,23 @@ + int error; + struct vattr vattr; + + + /* + + * Prevent non-root users from setting flags on devices. When + + * a device is reused, users can retain ownership of the device + + * if they are allowed to set flags and programs assume that + + * chown can't fail when done as root. + + */ + + if ((vp->v_type == VCHR || vp->v_type == VBLK) && + + ((error = suser(p->p_ucred, &p->p_acflag)) != 0)) + + return (error); + + + VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE); + vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); + VATTR_NULL(&vattr); + vattr.va_flags = flags; + error = VOP_SETATTR(vp, &vattr, p->p_ucred, p); + VOP_UNLOCK(vp, 0, p); + - return error; + + return (error); + } + + /* + + FreeBSD 2.2.8-stable: + + Index: kern/vfs_syscalls.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/vfs_syscalls.c,v + retrieving revision 1.51.2.7 + retrieving revision 1.51.2.8 + diff -u -r1.51.2.7 -r1.51.2.8 + --- vfs_syscalls.c 1998/07/03 03:50:31 1.51.2.7 + +++ vfs_syscalls.c 1999/08/04 18:58:56 1.51.2.8 + @@ -1439,6 +1439,17 @@ + if (error) + return (error); + vp = nd.ni_vp; + + if ((error = VOP_GETATTR(vp, &vattr, p->p_ucred, p))) + + return (error); + + /* + + * Prevent non-root users from setting flags on devices. When + + * a device is reused, users can retain ownership of the device + + * if they are allowed to set flags and programs assume that + + * chown can't fail when done as root. + + */ + + if ((vp->v_type == VCHR || vp->v_type == VBLK) && + + ((error = suser(p->p_ucred, &p->p_acflag)) != 0)) + + return (error); + LEASE_CHECK(vp, p, p->p_ucred, LEASE_WRITE); + VOP_LOCK(vp); + VATTR_NULL(&vattr); + +VI. Credits + +Theo de Raadt came up with the firewalling solution presented here. + +lumpy@blue.9mm.com brought this problem to light. + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv +Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface + +iQCVAwUBN9CAHFUuHi5z0oilAQEJPwP/XhzCOs4ipJkZIPWlSDvsvPLcJWXzb3HK +Fs8gLV3CPnW7YdSpveosI3hBY9WNCVAFx9WkM5+n+FBSRfbRzFJkkblN85ZCz7pI ++RXg6Sv5vuzy6SRxMRK2vu1FXuwZevVQaMq4ANUXpdo5MyUE8rMGb9PLWdxOxdf5 +s6zlG0oFyvI= +=CqoX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-99:02.profil.asc b/share/security/advisories/FreeBSD-SA-99:02.profil.asc new file mode 100644 index 0000000000..9188813f47 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-99:02.profil.asc @@ -0,0 +1,94 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-99:02 Security Advisory + FreeBSD, Inc. + +Topic: Profiling Across Exec Calls + +Category: core +Module: kernel +Announced: 1999-09-04 +Affects: FreeBSD 3.2 (and earlier) + FreeBSD-current before the correction date. +Corrected: FreeBSD-3.3 RELEASE + FreeBSD-current as of August 11, 1999 + FreeBSD-3.2-stable as of August 22, 1999 +FreeBSD only: No + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:02/ + +I. Background + +FreeBSD provides a mechanism to profile a running executable to aid in +performance tuning. This can be accomplished via a kernel mechanism +to statistically sample the program counter of the program under +profile. + +II. Problem Description + +A flaw exists in the implementation which allows an attacker to cause +arbitrary locations in program executed by the attacker. + +III. Impact + +No attacks against using this vulnerability this are known at this +time. An attacker could theoretically gain root access from a +carefully crafted attack. + +IV. Workaround + +Since profiling is done in the kernel via the profil(2) system call, +one must patch the kernel so no workaround is possible. + +V. Solution + +Apply the following patch. It will apply to both FreeBSD-current before +the resolution date and to 3.2-stable before the resolution date. + + Index: kern_exec.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/kern_exec.c,v + retrieving revision 1.99 + retrieving revision 1.100 + diff -u -r1.99 -r1.100 + --- kern_exec.c 1999/04/27 11:15:55 1.99 + +++ kern_exec.c 1999/08/11 20:35:38 1.100 + @@ -228,6 +228,9 @@ + fdfree(p); + p->p_fd = tmp; + } + + + + /* Stop profiling */ + + stopprofclock(p); + + /* close files on exec */ + fdcloseexec(p); + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv +Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface + +iQCVAwUBN9P1W1UuHi5z0oilAQFlZAQAmlNRAyLLiS1u22U/2+KeljeXqlkOtKUy +iao/qY4Gp8cnzU3cTt0kEoBKi3htfo8LbW0xJwfdAn62+j9m7av8vv35QpayQnVN +Z8RuLFHiSgF9ZSWUHY63hzKgGyImYyaTadg8Y0yURuULOUt6K0C8e5iLW6jFAXbn +aNvXOImEY5Q= +=IxuE +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-99:03.ftpd.asc b/share/security/advisories/FreeBSD-SA-99:03.ftpd.asc new file mode 100644 index 0000000000..8695a54ab0 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-99:03.ftpd.asc @@ -0,0 +1,110 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-99:03 Security Advisory + FreeBSD, Inc. + +Topic: Three ftp daemons in ports vulnerable to attack. + +Category: ports +Module: wu-ftpd and proftpd +Announced: 1999-09-05 +Reissued: 1999-09-15 +Affects: FreeBSD 3.2 (and earlier) + FreeBSD-current and -stable before the correction date. +Corrected: FreeBSD-3.3 RELEASE + FreeBSD as of 1999/08/30 for wuftpd only + (Note: there is only one ports tree which is shared with + all FreeBSD branches, so if you are running a -stable + version of FreeBSD you will also be impacted.) +FreeBSD only: NO +Bugtraq Id: proftpd: 612 + +Patches: NONE + +I. Background + +wuftpd, beroftpd and proftpd are all optional portions of the system +designed to replace the stock ftpd on a FreeBSD system. They are +written and maintained by third parties and are included in the +FreeBSD ports collection. + +II. Problem Description + +There are different security problems which can lead to remote root +access in these ports or packages. + +The standard ftp daemon which ships with FreeBSD is not impacted by +either of these problems. + +III. Impact + +Remote users can gain root. + +IV. Workaround + +Disable the ftp daemon until you can upgrade your system, or use the +stock ftpd that comes with FreeBSD. + +V. Solution + +Upgrade your wu-ftpd port to the version in the cvs repository after +August 30, 1999. If you are not using the wu-ftpd port, then you +should visit their web site and follow instructions there to patch +your existing version. + +beroftpd, which was listed in the original wu-ftpd group's advisory as +having a similar problem, has not been corrected as of September 15, +1999. It will not be in the 3.3 release. The port has been marked +forbidden and will remain so until the security problems have been +corrected. If you are running beroftpd you are encouraged to find if +patches are available for it which corrects these problems before +enabling it on your system. + +proftpd, which had different security problems, has not been updated +to a safe version as of September 15, 1999. It will not be in the 3.3 +release. It will not be in the 3.3 release. The port has been marked +forbidden and will remain so until the security problems have been +corrected. If you are running proftpd, you are encouraged to find out +if there are patches which correct these problems before reenabling it +on your system. + +The previous advisory suggested that any FreeBSD ports version of +proftpd after August 30 had the security problems corrected. This has +proven to not be the case and was the primary reason for reissuing +this advisory. While reissuing the advisory, we added beroftpd since +it shares a code history with wu-ftpd. The original advisory +mistakenly asserted that proftpd also shared a code history with +wuftpd, which is not the case. + +VI. Credits and Pointers + +The wu-ftpd advisory can be found at + ftp://ftp.wu-ftpd.org/pub/wu-ftpd/2.5.0.Security.Update.asc + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv +Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface + +iQCVAwUBN+BmhFUuHi5z0oilAQFlOAQAiU3kAPurRruiFGfG33OsM3ni86HFpKPZ +Hb9pINkP9Fu8qdKD/JKYYSxCLRhJLoqojSHXXpVvhJUOQx+1RVaiVCVNvZhV0ypx +0M/+VEg1IpusbxkTRbNFE6cUrMwAiHvbZepYp41slTiA2MwDV7cqX1yvv1InGU1z +HSfQSOB/Kfs= +=NPAs +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-99:04.core.asc b/share/security/advisories/FreeBSD-SA-99:04.core.asc new file mode 100644 index 0000000000..20e9a582ea --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-99:04.core.asc @@ -0,0 +1,284 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-99:04 Security Advisory + FreeBSD, Inc. + +Topic: Coredumps and symbolic links + +Category: core +Module: kernel +Announced: 1999-09-15 +Affects: FreeBSD 3.2 (and earlier) + FreeBSD-current before the correction date. + FreeBSD 3.2-stable before the correction date. + FreeBSD 2.2.8-stable before the correction date. +Corrected: FreeBSD-3.3 RELEASE + FreeBSD-current as of 1999/08/26 + FreeBSD-3.2-stable as of 1999/08/26 + FreeBSD-2.2.8-stable as of 1999/08/29 + The FreeBSD-3.3-RC series of releases are not affected. +FreeBSD only: NO + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:04/ + +I. Background + +As a diagnostic aid to help programmers find bugs in their programs, +the system creates core files when an illegal instruction or other +fatal error happens. A flaw in the kernel allowed it to follow +symbolic links when creating core files. + +II. Problem Description + +The fts library functions had a flaw in them where which would lead to +a core dump when periodic ran the security checking scripts (or other +scripts which traverse trees that can be controlled by users). +periodic(3) should limit core size to zero to disable core dumps while +it is executing commands, but does not do so. In addition, the kernel +should not follow symbolic links. + +All three of these problems caused a situation where it was possible +for an attacker could create or overwrite an arbitrary file on the +system with a moderate degree of controll of its contents to cause a +problem. + +III. Impact + +Local users could gain root access. + +IV. Workaround + +One can workaround this problem by preventing core dumps for periodic. +This solution is less than completely satisfying, since it only plugs +the known exploit hole. None the less, this may provide a short term +stopgap solution until a new kernel and/or userland can be installed. + + # mv /usr/sbin/periodic /usr/sbin/periodic.bin + # cat > /usr/sbin/periodic + #!/bin/sh + ulimit -c 0 + /usr/sbin/periodic.bin $* + ^D + # chmod 555 /usr/sbin/periodic + +Another alternative would be to update the fts routines to a version +newer than 1999/09/02 (for -current or 3.3-stable) or 1999/09/04 (for +2.2.8-stable). However, this requires that you rebuild via "make +world" to take effect. + +V. Solution + +Please note: there is a separate advisory describing the fts problem +and solution. Please see FreeBSD-SA-99:05.fts.asc in the advisories +directory for additional information about the fts patch. + +Apply the following patches to your kernel. They will disallow +following symbolic links when creating core files. This will stop +this attack, and all similar such attacks. + +Here's the patch for freebsd-current: + + *** kern/imgact_elf.c 1999/07/09 19:10:14 1.61 + --- kern/imgact_elf.c 1999/08/26 17:32:48 1.62 + *************** + *** 722,729 **** + if (name == NULL) + return (EFAULT); /* XXX -- not the best error */ + + ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); + ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); + free(name, M_TEMP); + if (error) + return (error); + --- 722,729 ---- + if (name == NULL) + return (EFAULT); /* XXX -- not the best error */ + + ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); + ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); + free(name, M_TEMP); + if (error) + return (error); + *** kern/imgact_aout.c 1999/05/17 00:53:36 1.52 + --- kern/imgact_aout.c 1999/08/26 17:32:48 1.53 + *************** + *** 264,271 **** + name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); + if (name == NULL) + return (EFAULT); /* XXX -- not the best error */ + ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); + ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); + free(name, M_TEMP); + if (error) + return (error); + --- 264,271 ---- + name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); + if (name == NULL) + return (EFAULT); /* XXX -- not the best error */ + ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); + ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); + free(name, M_TEMP); + if (error) + return (error); + +Here's the patch for freebsd-3.2-stable: + + *** kern/imgact_elf.c 1999/07/15 13:01:54 1.44.2.4 + --- kern/imgact_elf.c 1999/08/26 17:35:03 1.44.2.5 + *************** + *** 699,706 **** + if (name == NULL) + return (EFAULT); /* XXX -- not the best error */ + + ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); + ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); + free(name, M_TEMP); + if (error) + return (error); + --- 699,706 ---- + if (name == NULL) + return (EFAULT); /* XXX -- not the best error */ + + ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); + ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); + free(name, M_TEMP); + if (error) + return (error); + *** kern/imgact_aout.c 1999/04/14 04:55:22 1.44.2.1 + --- kern/imgact_aout.c 1999/08/26 17:35:02 1.44.2.2 + *************** + *** 259,266 **** + name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); + if (name == NULL) + return (EFAULT); /* XXX -- not the best error */ + ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); + ! error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR); + free(name, M_TEMP); + if (error) + return (error); + --- 259,266 ---- + name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid); + if (name == NULL) + return (EFAULT); /* XXX -- not the best error */ + ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); + ! error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR); + free(name, M_TEMP); + if (error) + return (error); + +Here's the patch for FreeBSD-2.2.8-stable + + *** sys/LINK/fcntl.h Wed Dec 18 05:08:08 1996 + --- sys/fcntl.h Fri Aug 27 14:39:26 1999 + *************** + *** 84,89 **** + --- 84,90 ---- + #define O_EXLOCK 0x0020 /* open with exclusive file lock */ + #define O_ASYNC 0x0040 /* signal pgrp when data ready */ + #define O_FSYNC 0x0080 /* synchronous writes */ + + #define O_NOFOLLOW 0x0100 /* don't follow symlinks */ + #endif + #define O_CREAT 0x0200 /* create if nonexistent */ + #define O_TRUNC 0x0400 /* truncate to zero length */ + *** kern/LINK/kern_sig.c Sat Dec 21 10:57:24 1996 + --- kern/kern_sig.c Fri Aug 27 14:38:25 1999 + *************** + *** 1241,1249 **** + p->p_rlimit[RLIMIT_CORE].rlim_cur) + return (EFAULT); + sprintf(name, "%s.core", p->p_comm); + ! NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p); + if ((error = vn_open(&nd, + ! O_CREAT | FWRITE, S_IRUSR | S_IWUSR))) + return (error); + vp = nd.ni_vp; + + --- 1241,1249 ---- + p->p_rlimit[RLIMIT_CORE].rlim_cur) + return (EFAULT); + sprintf(name, "%s.core", p->p_comm); + ! NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p); + if ((error = vn_open(&nd, + ! O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR))) + return (error); + vp = nd.ni_vp; + + *** kern/LINK/vfs_vnops.c Sat Mar 8 07:16:18 1997 + --- kern/vfs_vnops.c Fri Aug 27 14:37:01 1999 + *************** + *** 87,93 **** + if (fmode & O_CREAT) { + ndp->ni_cnd.cn_nameiop = CREATE; + ndp->ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF; + ! if ((fmode & O_EXCL) == 0) + ndp->ni_cnd.cn_flags |= FOLLOW; + error = namei(ndp); + if (error) + --- 87,93 ---- + if (fmode & O_CREAT) { + ndp->ni_cnd.cn_nameiop = CREATE; + ndp->ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF; + ! if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0) + ndp->ni_cnd.cn_flags |= FOLLOW; + error = namei(ndp); + if (error) + *************** + *** 119,125 **** + } + } else { + ndp->ni_cnd.cn_nameiop = LOOKUP; + ! ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF; + error = namei(ndp); + if (error) + return (error); + --- 119,126 ---- + } + } else { + ndp->ni_cnd.cn_nameiop = LOOKUP; + ! ndp->ni_cnd.cn_flags = + ! ((fmode & O_NOFOLLOW) ? NOFOLLOW : FOLLOW) | LOCKLEAF; + error = namei(ndp); + if (error) + return (error); + *** kern/LINK/vfs_syscalls.c Wed Aug 4 12:44:30 1999 + --- kern/vfs_syscalls.c Sat Aug 28 10:48:51 1999 + *************** + *** 694,699 **** + --- 694,701 ---- + flags = FFLAGS(uap->flags); + if ((flags & FREAD + FWRITE) == 0) + return (EINVAL); + + if (flags & O_NOFOLLOW) + + flags &= ~O_NOFOLLOW; + error = falloc(p, &nfp, &indx); + if (error) + return (error); + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv +Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface + +iQCVAwUBN+B44VUuHi5z0oilAQHkwwP9HeLkRJY/iXIYXUx8/A38EAxM/TAqxoiI +ym7ZyktNtuCbum8ovCIfmkpnafaFyXmVSDhCX77LbIy+1clEBnelyueJ9TbKpBgU +KWjTWmfj/7QsU2Ya/f7FK80ee8y7GjTTYxilnxxzTmM8ihHzFXrPHudoO4lTR7Op +2VII3pQVxOM= +=bJXX +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-99:05.fts.asc b/share/security/advisories/FreeBSD-SA-99:05.fts.asc new file mode 100644 index 0000000000..277ff934d5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-99:05.fts.asc @@ -0,0 +1,152 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-99:05 Security Advisory + FreeBSD, Inc. + +Topic: fts library routine vulnerability + +Category: core +Module: kernel +Announced: 1999-09-15 +Affects: FreeBSD 3.2 (and earlier) + FreeBSD-current before the correction date. + FreeBSD 3.2-stable before the correction date. +Corrected: FreeBSD-3.3 RELEASE + FreeBSD-current as of 1999/08/26 + FreeBSD-3.2-stable as of 1999/08/26 + The FreeBSD-3.3-RC series of releases are not affected. +FreeBSD only: NO + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:05/ + +I. Background + +The fts library routines provide a convenient way for a program to +walk a hierarchy of files. + +II. Problem Description + +The fts library functions had a buffer overflow in them where which +would lead to a core dump when periodic ran the security checking +scripts (or other scripts which traverse trees that can be controlled +by users). periodic(3) should limit core size to zero to disable core +dumps while it is executing commands, but does not do so. In +addition, the kernel should not follow symbolic links. + +All three of these problems caused a situation where it was possible +for an attacker could create or overwrite an arbitrary file on the +system with a moderate degree of controll of its contents to cause a +problem. + +III. Impact + +Local users could gain root access. + +IV. Workaround + +One can workaround this problem by preventing core dumps for periodic. +This solution is less than completely satisfying, since it only plugs +the known exploit hole. None the less, this may provide a short term +stopgap solution until a new kernel and userland can be installed. + + # mv /usr/sbin/periodic /usr/sbin/periodic.bin + # cat > /usr/sbin/periodic + #!/bin/sh + ulimit -c 0 + /usr/sbin/periodic.bin $* + ^D + # chmod 555 /usr/sbin/periodic + +V. Solution + +Apply the following patches to libc and do a make world. Please also +see the companion advisory FreeBSD-SA-99:04.core.asc in the advisories +directory of our ftp site for details on the kernel portions of this +fix. + + Index: lib/libc/gen/fts.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/gen/fts.c,v + retrieving revision 1.10 + retrieving revision 1.11 + diff -u -r1.10 -r1.11 + --- fts.c 1999/08/15 19:21:29 1.10 + +++ fts.c 1999/09/02 07:45:07 1.11 + @@ -963,6 +963,24 @@ + return (sp->fts_path == NULL); + } + + +static void + +ADJUST(p, addr) + + FTSENT *p; + + void *addr; + +{ + + if ((p)->fts_accpath >= (p)->fts_path && + + (p)->fts_accpath < (p)->fts_path + (p)->fts_pathlen) { + + if (p->fts_accpath != p->fts_path) + + errx(1, "fts ADJUST: accpath %p path %p", + + p->fts_accpath, p->fts_path); + + if (p->fts_level != 0) + + errx(1, "fts ADJUST: level %d not 0", p->fts_level); + + (p)->fts_accpath = + + (char *)addr + ((p)->fts_accpath - (p)->fts_path); + + } + + (p)->fts_path = addr; + +} + + + /* + * When the path is realloc'd, have to fix all of the pointers in structures + * already returned. + @@ -974,18 +992,18 @@ + { + FTSENT *p; + + -#define ADJUST(p) { \ + - (p)->fts_accpath = \ + - (char *)addr + ((p)->fts_accpath - (p)->fts_path); \ + +#define ADJUST1(p) { \ + + if ((p)->fts_accpath == (p)->fts_path) \ + + (p)->fts_accpath = (addr); \ + (p)->fts_path = addr; \ + } + /* Adjust the current set of children. */ + for (p = sp->fts_child; p; p = p->fts_link) + - ADJUST(p); + + ADJUST(p, addr); + + /* Adjust the rest of the tree. */ + for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) { + - ADJUST(p); + + ADJUST(p, addr); + p = p->fts_link ? p->fts_link : p->fts_parent; + } + } + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv +Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface + +iQCVAwUBN+B9rFUuHi5z0oilAQHGYgP+IwrmdUBtCw1r8J/lt/wBrxH5wug70K1V +t2graun2wIWvtkh+kmwKJP4tonzlxi/YhyqqATh4pFIZb5CUEtCR2/gcpHPwB4NX +oNuIGGBtKftrrFnPf9aArFu/XFjrxyUPetYoXtfgGc5y6VlI6mupDnwt9oj34EeY +VIb92qSfH+c= +=tPng +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SA-99:06.amd.asc b/share/security/advisories/FreeBSD-SA-99:06.amd.asc new file mode 100644 index 0000000000..498a14a197 --- /dev/null +++ b/share/security/advisories/FreeBSD-SA-99:06.amd.asc @@ -0,0 +1,187 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SA-99:06 Security Advisory + FreeBSD, Inc. + +Topic: remote amd attack + +Category: core +Module: kernel +Announced: 1999-09-16 +Affects: FreeBSD 3.2 (and earlier) + FreeBSD-current before the correction date. + FreeBSD 3.2-stable before the correction date. +Corrected: FreeBSD-3.3 RELEASE + FreeBSD-current as of September 7, 1999 + FreeBSD-3.2-stable as of August 25, 1999 + The FreeBSD-3.3-RC series of releases are not affected. +FreeBSD only: NO +Bugtraq Id: 614 (variation) +CERT ID: CA-99.12 + +Patches: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:06/ + +I. Background + +The amd program allows for a very flexible array of remote and local +file systems to be mounted automatically on an as needed basis. Amd +is an optional untility that system administrators must explicitly +enable. If amd is not enabled on your system, then your system is not +vulnerable. + +II. Problem Description + +There are two buffer overflow vulnerabilities in the the amd daemon. + +III. Impact + +Remote users could execute arbitrary code as root in the amd daemon +context. + +IV. Workaround + +The only way to avoid these problems are to upgrade or not run the amd +daemon. That leaves disabling the amd deamon as your only workaround. + +V. Solution + +Upgrade your system to one that is listed above as having the problem +resolved, or you may patch your present systems. + +To patch your present system apply the following patches to amd, +rebuild, install and restart amd (or reboot). + +Patches for 3.2-stable and -current systems before the resolution date: + + Index: xutil.c + =================================================================== + RCS file: /home/ncvs/src/contrib/amd/libamu/xutil.c,v + retrieving revision 1.1.1.3 + retrieving revision 1.1.1.3.2.1 + diff -u -r1.1.1.3 -r1.1.1.3.2.1 + --- xutil.c 1999/01/13 19:20:33 1.1.1.3 + +++ xutil.c 1999/08/25 18:59:39 1.1.1.3.2.1 + @@ -272,16 +272,18 @@ + + /* + * Take a log format string and expand occurrences of %m + - * with the current error code taken from errno. + + * with the current error code taken from errno. Make sure + + * 'e' never gets longer than maxlen characters. + */ + static void + -expand_error(char *f, char *e) + +expand_error(char *f, char *e, int maxlen) + { + extern int sys_nerr; + - char *p; + + char *p, *q; + int error = errno; + + int len = 0; + + - for (p = f; (*e = *p); e++, p++) { + + for (p = f, q = e; (*q = *p) && len < maxlen; len++, q++, p++) { + if (p[0] == '%' && p[1] == 'm') { + const char *errstr; + if (error < 0 || error >= sys_nerr) + @@ -289,13 +291,15 @@ + else + errstr = sys_errlist[error]; + if (errstr) + - strcpy(e, errstr); + + strcpy(q, errstr); + else + - sprintf(e, "Error %d", error); + - e += strlen(e) - 1; + + sprintf(q, "Error %d", error); + + len += strlen(q) - 1; + + q += strlen(q) - 1; + p++; + } + } + + e[maxlen-1] = '\0'; /* null terminate, to be sure */ + } + + + @@ -401,9 +405,15 @@ + checkup_mem(); + #endif /* DEBUG_MEM */ + + - expand_error(fmt, efmt); + + expand_error(fmt, efmt, 1024); + + + /* + + * XXX: ptr is 1024 bytes long. It is possible to write into it + + * more than 1024 bytes, if efmt is already large, and vargs expand + + * as well. + + */ + vsprintf(ptr, efmt, vargs); + + msg[1023] = '\0'; /* null terminate, to be sure */ + + ptr += strlen(ptr); + if (ptr[-1] == '\n') + Index: amq_subr.c + =================================================================== + RCS file: /home/imp/FreeBSD/CVS/src/contrib/amd/amd/amq_subr.c,v + retrieving revision 1.3 + retrieving revision 1.4 + diff -u -r1.3 -r1.4 + --- amq_subr.c 1999/01/13 20:03:54 1.3 + +++ amq_subr.c 1999/09/07 23:07:03 1.4 + @@ -204,11 +204,24 @@ + int * + amqproc_mount_1_svc(voidp argp, struct svc_req *rqstp) + { + - static int rc; + - char *s = *(amq_string *) argp; + + static int rc = EINVAL; + + char s[AMQ_STRLEN]; + char *cp; + + char dq[20]; + + struct sockaddr_in *sin; + + + + if ((sin = amu_svc_getcaller(rqstp->rq_xprt)) == NULL) { + + plog(XLOG_ERROR, "amu_svc_getcaller returned NULL"); + + return &rc; + + } + + + + strncpy(s, *(amq_string *) argp, AMQ_STRLEN-1); + + s[AMQ_STRLEN-1] = '\0'; /* null terminate, to be sure */ + + plog(XLOG_ERROR, + + "amq requested mount of %s from %s.%d", + + s, inet_dquad(dq, sin->sin_addr.s_addr), + + ntohs(sin->sin_port)); + + - plog(XLOG_INFO, "amq requested mount of %s", s); + /* + * Minimalist security check. + */ + + +============================================================================= +FreeBSD, Inc. + +Web Site: http://www.freebsd.org/ +Confidential contacts: security-officer@freebsd.org +Security notifications: security-notifications@freebsd.org +Security public discussion: freebsd-security@freebsd.org +PGP Key: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc + +Notice: Any patches in this document may not apply cleanly due to + modifications caused by digital signature or mailer software. + Please reference the URL listed at the top of this document + for original copies of all patches if necessary. +============================================================================= + +-----BEGIN PGP SIGNATURE----- +Version: 2.6.3ia +Charset: noconv +Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface + +iQCVAwUBN+aDyFUuHi5z0oilAQHyLQP/fohJFzI6h9g8ApbdjQJNu+sunEd7cehd +IWuvFWuiTzRRqfj7tc9+Y7FEleFKv66WM98k9zBHzU8ZVzCQ5jlf1CcM1DegEqKc +i8j71gpoKFQyrxsW3AdR2UESnUxYw8bDvimuVHyCVSvjrpvZ+5b5wXMqbvDNMo5I +UgTaLUhzQEg= +=0ohw +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SN-02:01.asc b/share/security/advisories/FreeBSD-SN-02:01.asc new file mode 100644 index 0000000000..f56ecf192f --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-02:01.asc @@ -0,0 +1,157 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SN-02:01 Security Notice + FreeBSD, Inc. + +Topic: security issues in ports +Announced: 2002-03-30 + +I. Introduction + +Several ports in the FreeBSD Ports Collection are affected by security +issues. These are listed below with references and affected versions. +All versions given refer to the FreeBSD port/package version numbers. + +These ports are not installed by default, nor are they ``part of +FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See + for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: acroread, acroread-chsfont, acroread-chtfont, + acroread-commfont, acroread4, linux-mozilla, + linux-netscape6, linux_base, linux_base-7 +Affected: versions < linux_base-6.1_1 (linux_base port) + versions < linux_base-7.1_2 (linux_base-7 port) + versions < linux_mozilla-0.9.9_1 + all versions of all acroread ports + all versions of linux-netscape6 +Status: Fixed: linux_base, linux_base-7, linux-mozilla. + Not fixed: acroread, acroread-chsfont, acroread-chtfont, + acroread-commfont, acroread4, linux-netscape6. +These Linux binaries utilize versions of zlib which may contain an +exploitable double-free bug. + + + + + + ++------------------------------------------------------------------------+ +Port name: apache13-ssl, apache13-modssl +Affected: all versions of apache+ssl + versions < apache+mod_ssl-1.3.24+2.8.8 +Status: Fixed: apache13-modssl. + Not fixed: apache13-ssl. +Buffer overflows in SSL session cache handling. + + ++------------------------------------------------------------------------+ +Port name: bulk_mailer +Affected: all versions +Status: Not yet fixed. +Buffer overflows, temporary file race. + ++------------------------------------------------------------------------+ +Port name: cups, cups-base, cups-lpr +Affected: versions < cups-1.1.14 + versions < cups-base-1.1.14 + versions < cups-lpr-1.1.14 +Status: Fixed. +Buffer overflows in IPP code. + + ++------------------------------------------------------------------------+ +Port name: fileutils +Affected: all versions +Status: Not yet fixed. +Race condition in directory removal. + ++------------------------------------------------------------------------+ +Port name: imlib +Affected: versions < imlib-1.9.13 +Status: Fixed. +Heap corruption in image handling. + ++------------------------------------------------------------------------+ +Port name: listar, ecartis +Affected: versions < ecartis-1.0.0b + all versions of listar +Status: Fixed: ecartis. + Not fixed: listar. +Local and remote buffer overflows, incorrect privilege handling. + + + ++------------------------------------------------------------------------+ +Port name: mod_php3, mod_php4 +Affected: versions < mod_php3-3.0.18_3 + versions < mod_php4-4.1.2 +Status: Fixed. +Vulnerabilities in file upload handling. + ++------------------------------------------------------------------------+ +Port name: ntop +Affected: all versions +Status: Not yet fixed. +Remote format string vulnerability. + + ++------------------------------------------------------------------------+ +Port name: rsync +Affected: versions < rsync-2.5.4 +Status: Fixed. +Incorrect group privilege handling, zlib double-free bug. + + ++------------------------------------------------------------------------+ +Port name: xchat, xchat-devel +Affected: all versions +Status: Not yet fixed. +Malicious server may cause xchat to execute arbitrary commands. + ++------------------------------------------------------------------------+ + +III. Upgrading Ports/Packages + +Do one of the following: + +1) Upgrade your Ports Collection and rebuild and reinstall the port. +Several tools are available in the Ports Collection to make this +easier. See: + /usr/ports/devel/portcheckout + /usr/ports/misc/porteasy + /usr/ports/sysutils/portupgrade + +2) Deinstall the old package and install a new package obtained from + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ + +Packages are not automatically generated for other architectures at +this time. + + ++------------------------------------------------------------------------+ +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at . +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.6 (FreeBSD) +Comment: For info see http://www.gnupg.org + +iQCVAwUBPK28lVUuHi5z0oilAQGUuQP/aBo4NQLKF4qiFxvy6+Z0FyMGChECbZYr +3TR2OLdPks0xuoIgbpPAstrTeFbCRe7m59zCibdbRCpUd167QAUEF72nICmcQmYa ++ZEFGUHcMxNg09LUd7MxDg1LbczBX7L1SFKFaZOCGuzPa6SrsbvPFbXO7hUu+nSI +nH5M1Y1F9rk= +=hHhx +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SN-02:02.asc b/share/security/advisories/FreeBSD-SN-02:02.asc new file mode 100644 index 0000000000..57c2a2efee --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-02:02.asc @@ -0,0 +1,182 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SN-02:02 Security Notice + The FreeBSD Project + +Topic: security issues in ports +Announced: 2002-05-13 + +I. Introduction + +Several ports in the FreeBSD Ports Collection are affected by security +issues. These are listed below with references and affected versions. +All versions given refer to the FreeBSD port/package version numbers. +The listed vulnerabilities are not specific to FreeBSD unless +otherwise noted. + +These ports are not installed by default, nor are they ``part of +FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See + for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: analog +Affected: versions < analog-5.22 +Status: Fixed +Cross-site scripting attack. + ++------------------------------------------------------------------------+ +Port name: ascend-radius, freeradius-devel, icradius, radius-basic, + radiusclient, radiusd-cistron, xtradius +Affected: versions < radiusd-cistron-1.6.6 + all versions of ascend-radius, freeradius-devel, icradius, + radius-basic, radiusclient +Status: Fixed: radiusd-cistron + Not fixed: all others +Digest Calculation buffer overflow and/or insufficient validation of +attribute lengths. + ++------------------------------------------------------------------------+ +Port name: dnews +Affected: versions < dnews-5.5h2 +Status: Fixed +``Security fault.'' + ++------------------------------------------------------------------------+ +Port name: ethereal +Affected: versions < ethereal-0.9.3 +Status: Fixed +SNMP vulnerability: malformed SNMP packets may cause ethereal to crash. + ++------------------------------------------------------------------------+ +Port name: icecast +Affected: versions < icecast-1.3.12 +Status: Fixed +Directory traversal vulnerability. +Remote attackers may cause a denial of service via a URL that ends in +. (dot), / (forward slash), or \ (backward slash). +Buffer overflows may allow remote attackers to execute arbitrary code or +cause a denial of service. + + + + + ++------------------------------------------------------------------------+ +Port name: isc-dhcp3 +Affected: versions < dhcp-3.0.1.r8_1 +Status: Fixed +Format string vulnerability when logging DNS-update request transactions. + + ++------------------------------------------------------------------------+ +Port name: jdk, jdk12-beta +Affected: all versions +Status: Not fixed +``A vulnerability in the Java(TM) Runtime Environment may allow an +untrusted applet to monitor requests to and responses from an HTTP +proxy server when a persistent connection is used between a client and +an HTTP proxy server.'' + (Bulletin 216) ++------------------------------------------------------------------------+ +Port name: linux-mozilla, mozilla +Affected: versions < linux-mozilla-0.9.9.2002050810 + versions < mozilla-1.0.rc1_3,1 +Status: Fixed +Buffer overflow in Chatzilla. XMLHttpRequest allows reading of local +files. + ++------------------------------------------------------------------------+ +Port name: mod_python +Affected: versions < mod_python-2.7.8 +Status: Fixed +A publisher may access an indirectly imported module allowing a remote +attacker to call functions from that module. + ++------------------------------------------------------------------------+ +Port name: ntop +Affected: all versions +Status: Not fixed +``Preauthentication Remote Root Hole in NTOP'' + + ++------------------------------------------------------------------------+ +Port name: p5-SOAP-Lite +Affected: versions < p5-SOAP-Lite-0.55 +Status: Fixed +Client may call any procedure on server. + + + ++------------------------------------------------------------------------+ +Port name: puf +Affected: versions < puf-0.93.1 +Status: Fixed +Format string vulnerability in error output. + ++------------------------------------------------------------------------+ +Port name: sudo +Affected: versions < sudo-1.6.6 +Status: Fixed +Heap overflow may allow local users to gain root access. + ++------------------------------------------------------------------------+ +Port name: webalizer +Affected: versions < webalizer-2.1.10 +Status: Fixed +Buffer overflow in the DNS resolver code. + + + ++------------------------------------------------------------------------+ +Port name: xpilot +Affected: versions < xpilot-4.5.2 +Status: Fixed +Stack buffer overflow in server. + ++------------------------------------------------------------------------+ + +III. Upgrading Ports/Packages + +To upgrade a fixed port/packages, perform one of the following: + +1) Upgrade your Ports Collection and rebuild and reinstall the port. +Several tools are available in the Ports Collection to make this +easier. See: + /usr/ports/devel/portcheckout + /usr/ports/misc/porteasy + /usr/ports/sysutils/portupgrade + +2) Deinstall the old package and install a new package obtained from + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ + +Packages are not automatically generated for other architectures at +this time. + + ++------------------------------------------------------------------------+ +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at . + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBPN/CwlUuHi5z0oilAQERywP/dSqt97FPlLlDJE7tYpA5625FSjqbrWod +KsoKIBHM2ZIHAjnhAyF82tUT4ivMvJwepk1NE+W9YX77K7n5LHkfqY4kzCaVZJrY +gkaR63Dw+M5gqJ5FjO0RkSDxsltsKjSa6ZzKxWdAeRwDPbE7CwsjTI2AoS/kzaLw +ex+PhdbYjbc= +=fK1t +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SN-02:03.asc b/share/security/advisories/FreeBSD-SN-02:03.asc new file mode 100644 index 0000000000..e4f5e0ab59 --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-02:03.asc @@ -0,0 +1,146 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SN-02:03 Security Notice + The FreeBSD Project + +Topic: security issues in ports +Announced: 2002-05-28 + +I. Introduction + +Several ports in the FreeBSD Ports Collection are affected by security +issues. These are listed below with references and affected versions. +All versions given refer to the FreeBSD port/package version numbers. +The listed vulnerabilities are not specific to FreeBSD unless +otherwise noted. + +These ports are not installed by default, nor are they ``part of +FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See + for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: amanda +Affected: versions <= amanda-2.3.0.4 +Status: Port removed +Obsolete versions of Amanda contain multiple buffer overflows. + ++------------------------------------------------------------------------+ +Port name: fetchmail +Affected: versions < fetchmail-5.9.11 +Status: Fixed + + ++------------------------------------------------------------------------+ +Port name: gaim +Affected: versions < gaim-0.58 +Status: Fixed +World-readable temp files allow access to gaim users' hotmail +accounts. + ++------------------------------------------------------------------------+ +Port name: gnokii +Affected: versions < gnokii-0.4.0.p20,1 +Status: Fixed +Write access to any file in the filesystem. + ++------------------------------------------------------------------------+ +Port name: horde +Affected: versions < horde-1.2.8 +Status: Fixed +Cross-site scripting attacks. ++------------------------------------------------------------------------+ +Port name: imap-uw +Affected: all versions +Status: Not fixed +Only when compiled with RFC 1730 support (make -DWITH_RFC1730): +Remote buffer overflow yielding non-privileged shell access. + + ++------------------------------------------------------------------------+ +Port name: imp +Affected: versions < imp-2.2.8 +Status: Fixed +Cross-site scripting attacks. ++------------------------------------------------------------------------+ +Port name: linux-netscape6 +Affected: versions < 6.2.3 +Status: Fixed +XMLHttpRequest allows reading of local files. + ++------------------------------------------------------------------------+ +Port name: mnogosearch +Affected: versions < mnogosearch-3.1.19_2 +Status: Fixed +Long query can be abused to execute code with webserver privileges. + ++------------------------------------------------------------------------+ +Port name: mpg321 +Affected: versions < mpg321-0.2.9 +Status: Fixed +Buffer overflow may allow remote attackers to execute arbitrary code via +streaming data. + ++------------------------------------------------------------------------+ +Port name: ssh2 +Affected: all versions +Status: Not fixed +Password authentication may be used even if password authentication +is disabled. + ++------------------------------------------------------------------------+ +Port name: tinyproxy +Affected: versions < tinyproxy-1.5.0 +Status: Fixed +Invalid query could allow execution of arbitrary code. + ++------------------------------------------------------------------------+ +Port name: webmin +Affected: versions < webmin-0.970 +Status: Fixed +Remote attacker can login to Webmin as any user. + ++------------------------------------------------------------------------+ + +III. Upgrading Ports/Packages + +To upgrade a fixed port/package, perform one of the following: + +1) Upgrade your Ports Collection and rebuild and reinstall the port. +Several tools are available in the Ports Collection to make this +easier. See: + /usr/ports/devel/portcheckout + /usr/ports/misc/porteasy + /usr/ports/sysutils/portupgrade + +2) Deinstall the old package and install a new package obtained from + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ + +Packages are not automatically generated for other architectures at +this time. + + ++------------------------------------------------------------------------+ +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at . +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPPPEdFUuHi5z0oilAQFW8wP8CXG3dQyI5VPLp0m6frS4BtNtlkjOpq87 +R/8FrDizVNGQ88+NzdPPPYWh8joAPGJZSXrWrSWKSge2dqEDK4CTpJ5BFzpQsxUZ +kexaZ43DRxrUMQN1AWDyarE+/y8uCk3BnJTWhNLOf2HeOYNekOn/BHQ53ucpoaKs +QQEX171+Jnk= +=Z1i5 +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SN-02:04.asc b/share/security/advisories/FreeBSD-SN-02:04.asc new file mode 100644 index 0000000000..ee0212fc3f --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-02:04.asc @@ -0,0 +1,166 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SN-02:04 Security Notice + The FreeBSD Project + +Topic: security issues in ports +Announced: 2002-06-19 + +I. Introduction + +Several ports in the FreeBSD Ports Collection are affected by security +issues. These are listed below with references and affected versions. +All versions given refer to the FreeBSD port/package version numbers. +The listed vulnerabilities are not specific to FreeBSD unless +otherwise noted. + +These ports are not installed by default, nor are they ``part of +FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See + for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: apache13, apache13-modssl, apache13-ssl, + apache13+ipv6, apache13-fp, apache2 +Affected: versions < apache-2.0.39 (apache2) + versions < apache-1.3.26 (apache13) + versions < apache+mod_ssl-1.3.26+2.8.9 (apache13-modssl) + All versions (others) +Status: Fixed (apache2, apache13, apache13-modssl) + Not fixed (others) +Denial-of-service involving chunked encoding. + + + ++------------------------------------------------------------------------+ +Port name: bind9 +Affected: versions < bind9-9.2.1 +Status: Fixed +Denial-of-service vulnerability in named. + ++------------------------------------------------------------------------+ +Port name: courier-imap +Affected: versions < courier-imap-1.4.3_1 +Status: Fixed +Remote denial-of-service attack (CPU utilization). + ++------------------------------------------------------------------------+ +Port name: ethereal +Affected: versions < ethereal-0.9.4 +Status: Fixed +Buffer overflows in SMB, X11, DNS, and GIOP dissectors. + ++------------------------------------------------------------------------+ +Port name: fakebo +Affected: versions < fakebo-0.4.1_1 +Status: Fixed +Format string vulnerability. + + ++------------------------------------------------------------------------+ +Port name: fragroute +Affected: versions < fragroute-1.2_1 +Status: Fixed +The distribution file with MD5 checksum 65edbfc51f8070517f14ceeb8f721075 +was trojaned. + ++------------------------------------------------------------------------+ +Port name: ghostscript-gnu +Affected: versions < ghostscript-6.53 +Status: Fixed +A PostScript file can cause arbitrary commands to be executed as +the user running ghostscript. + ++------------------------------------------------------------------------+ +Port name: icmpmonitor +Affected: versions < icmpmonitor-1.11_1 +Status: Fixed +Format string vulnerability (syslog). + ++------------------------------------------------------------------------+ +Port name: imap-uw +Affected: All versions +Status: Not fixed +Locally exploitable stack buffer overflow when compiled with +WITH_RFC1730 (which is not the default). + + ++------------------------------------------------------------------------+ +Port name: mnews +Affected: All versions +Status: Not fixed +Remotely exploitable buffer overflows. + + ++------------------------------------------------------------------------+ +Port name: nn +Affected: versions < nn-6.6.2_1 +Status: Fixed +Remotely exploitable format string vulnerability. +Reproduce using netcat: + perl -e 'printf("100 %s\n", "%x" x 800);' | nc -l -p 119 + env NNTPSERVER="localhost" nn ++------------------------------------------------------------------------+ +Port name: sharity-light +Affected: versions < sharity-light-1.2_1 +Status: Fixed +Stack buffer overflow when copying the username and password from the +environment (variables USER, LOGNAME, and PASSWD). Reported by +Niels Heinen . ++------------------------------------------------------------------------+ +Port name: slurp +Affected: versions < slurp-1.10_1 +Status: Fixed +Remotely exploitable format string vulnerability. + ++------------------------------------------------------------------------+ +Port name: xchat +Affected: versions < xchat-1.8.9 +Status: Fixed +An IRC server may execute arbitrary commands with the privileges +of the user running xchat. + ++------------------------------------------------------------------------+ + +III. Upgrading Ports/Packages + +To upgrade a fixed port/package, perform one of the following: + +1) Upgrade your Ports Collection and rebuild and reinstall the port. +Several tools are available in the Ports Collection to make this +easier. See: + /usr/ports/devel/portcheckout + /usr/ports/misc/porteasy + /usr/ports/sysutils/portupgrade + +2) Deinstall the old package and install a new package obtained from + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ + +Packages are not automatically generated for other architectures at +this time. + + ++------------------------------------------------------------------------+ +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at . +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPRD6MlUuHi5z0oilAQFmSwP9Hs95CGjDL8PF95Z9bAxana0X9JTUYvaN +qxPWiovTzED5Ityt46TySpoOcwdQkzO0ugu3/Q7zCppEDdIjXBUxARv8qvnLG7Oz +f5SPItOW//5P7hmq6c9XGQrfq4XLYnv61JbgK9Cm0tGU8iVhOwm+ztpZS2FG5x+3 +F4W/AphEyi8= +=W9sm +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SN-02:05.asc b/share/security/advisories/FreeBSD-SN-02:05.asc new file mode 100644 index 0000000000..e8e3fd597a --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-02:05.asc @@ -0,0 +1,271 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SN-02:05 Security Notice + The FreeBSD Project + +Topic: security issues in ports +Announced: 2002-08-28 + +I. Introduction + +Several ports in the FreeBSD Ports Collection are affected by security +issues. These are listed below with references and affected versions. +All versions given refer to the FreeBSD port/package version numbers. +The listed vulnerabilities are not specific to FreeBSD unless +otherwise noted. + +These ports are not installed by default, nor are they ``part of +FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See + for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: acroread5 +Affected: versions < acroread-5.06 +Status: Fixed +Insecure temporary file handling. The acrobatviewer, acroread4, +ghostscript, gv, mgv and xpdf ports can also display PDF files. + + ++------------------------------------------------------------------------+ +Port name: aide +Affected: versions < aide-0.7_1 +Status: Fixed +The default aide.conf silently fails to check subdirectories, even +though it appears to be configured to do so. ++------------------------------------------------------------------------+ +Port name: apache+mod_ssl +Affected: versions < 1.3.26+2.8.10 +Status: Fixed +A child process of the Apache server can crash if it receives a +request for the contents of a directory in which a maliciously +constructed .htaccess file has been placed. In the default +configuration, another child will be spawned, and the crash will +be logged. Therefore the bug should be insignificant for most +users. + ++------------------------------------------------------------------------+ +Port name: bugzilla +Affected: versions < bugzilla-2.14.2 +Status: Fixed +"Various security issues of varying importance." + ++------------------------------------------------------------------------+ +Port name: Canna +Affected: versions < ja-Canna-3.5b2_3 +Status: Fixed +A remotely exploitable buffer overflow exists in the cannaserver +daemon. Although previously corrected, the patch containing the +correction was inadvertently removed from the port skeleton. + + + ++------------------------------------------------------------------------+ +Port name: ethereal +Affected: versions < ethereal-0.9.6 +Status: Fixed +Buffer overflows in BGP, IS-IS, and WCP dissectors. + + ++------------------------------------------------------------------------+ +Port name: fam +Affected: versions < fam-2.6.8 +Status: Fixed +"Unprivileged users can potentially learn names of files that only +users in root's group should be able to view." + + ++------------------------------------------------------------------------+ +Port name: isakmpd +Affected: versions < isakmpd-20020403_1 +Status: Fixed +``Receiving IKE payloads out of sequence can cause isakmpd(8) to +crash.'' + + ++------------------------------------------------------------------------+ +Port name: irssi +Affected: versions < irssi-0.8.5 +Status: Fixed +Maliciously long topic can crash program remotely. + ++------------------------------------------------------------------------+ +Port name: kdelibs2 and kdelibs3 +Affected: versions < kdelibs2-2.2.2_1 + versions < kdelibs3-3.0.2_4 +Status: Fixed +A man-in-the-middle attack is possible against Konqueror and other +KDE applications which use SSL. + ++------------------------------------------------------------------------+ +Port name: krb5 +Affected: versions < krb5-1.2.5_2 +Status: Fixed +Contains an overflow in Sun RPC XDR decoder. + + + ++------------------------------------------------------------------------+ +Port name: linux-netscape6, netscape7, linux-mozilla, and mozilla +Affected: versions < mozilla-1.0_1,1 (mozilla) + versions < linux-mozilla-1.1 (linux-mozilla) + All versions (others) +Status: Fixed (linux-mozilla and mozilla) + Not fixed (others) +Malicious Web pages or files can cause loss of X session. +When the X server receives a request to display an enormously large +scalable font, the server exits abruptly, killing all its clients. +This has been confirmed only with XFree86 4.2.0, but there is +evidence that XFree86 3.3.6, the X font server, and Xvnc behave the +same way. Unpatched Netscape (major version 6 or 7) and Mozilla +browsers do not limit the size of fonts which Web pages or files +can specify, thus triggering the bug. +Scalable fonts may be disabled as a workaround. + ++------------------------------------------------------------------------+ +Port name: mm +Affected: versions < mm-1.2.0 +Status: Fixed +May allow the local Apache user to gain privileges via temporary files. + ++------------------------------------------------------------------------+ +Port name: mpack +Affected: versions < mpack-1.5_2 +Status: Fixed +Buffer overflow which might be triggered when mpack is used to process +data from a remote source (email, news, and so on). + ++------------------------------------------------------------------------+ +Port name: mozilla, linux-mozilla +Affected: versions < mozilla-1.0.rc1_2,1 (mozilla) + versions < linux-mozilla-1.0_1 (linux-mozilla) +Status: Not fixed +An overflow exists in the Chatzilla IRC client. It can cause Mozilla +to crash even if the demonstration page does not cause the crash. +According to Robert Ginda, the bug does not allow execution of +malicious code. + + + ++------------------------------------------------------------------------+ +Port name: newsx +Affected: versions < newsx-1.4.8 +Status: Fixed +Format string bug reported by Niels Heinen . ++------------------------------------------------------------------------+ +Port name: openssh, openssh-portable +Affected: versions < openssh-3.4 (openssh) + versions < openssh-3.4p1 (openssh-portable) +Status: Fixed +Buffer overflow can lead to denial of service or root compromise. + ++------------------------------------------------------------------------+ +Port name: php +Affected: versions mod_php4-4.2.0 and mod_php4-4.2.1 + versions php4-4.2.0 and php4-4.2.1 +Status: Fixed +On i386 architecture, may be remotely crashed; on other architectures, +may allow execution of arbitrary code with the privileges of the +Web server by anyone who can send HTTP POST requests. + + ++------------------------------------------------------------------------+ +Port name: linux-png and png +Affected: versions < linux-png-1.0.14 + versions < png-1.2.4 +Status: Fixed +Malformed images (for example, in Web pages) can cause applications +to crash. Execution of malicious code may be possible. + + + + + + ++------------------------------------------------------------------------+ +Port name: postgresql7 +Affected: versions < postgresql7-7.2.2 +Status: Fixed +Multiple buffer overruns may allow execution of malicious code. +Remote attack is possible only when the server is configured to +accept TCP/IP connections, which is not the default. + + + + ++------------------------------------------------------------------------+ +Port name: samba +Affected: versions < samba-2.2.5 +Status: Fixed +Possible buffer overflow. + ++------------------------------------------------------------------------+ +Port name: squid24 +Affected: versions < squid-2.4_10 +Status: Fixed +Buffer overflows may allow remote execution of code. + ++------------------------------------------------------------------------+ +Port name: super +Affected: versions < super-3.20.0 +Status: Fixed +Local root exploit. + ++------------------------------------------------------------------------+ +Port name: webmin +Affected: versions < webmin-0.990_3 +Status: Fixed +"If a webmin user is able to view print jobs, he can execute any +command as root." + ++------------------------------------------------------------------------+ +Port name: zmailer +Affected: versions < zmailer-2.99.51_1 +Status: Fixed +When using IPv6, a remote buffer overflow during the processing of +the HELO command is possible. +Reported by 3APA3A <3APA3A@SECURITY.NNOV.RU>. ++------------------------------------------------------------------------+ + +III. Upgrading Ports/Packages + +To upgrade a fixed port/package, perform one of the following: + +1) Upgrade your Ports Collection and rebuild and reinstall the port. +Several tools are available in the Ports Collection to make this +easier. See: + /usr/ports/devel/portcheckout + /usr/ports/misc/porteasy + /usr/ports/sysutils/portupgrade + +2) Deinstall the old package and install a new package obtained from + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ + +Packages are not automatically generated for other architectures at +this time. + + ++------------------------------------------------------------------------+ +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at . +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) + +iQCVAwUBPWz8glUuHi5z0oilAQGD3wP/XLvIayMoXfSUuuw4VVr84c3vqVk0t0rL +qZmLe+GaQ6Z5Fu/DfEta3HXhAPrlZx6dMWQfAbhjSyLfW8RpVkBlhbKR2ZImiddz +t2vz9LaADnWIdyRkI+4zpd9xIgpzB3MQwrkh6ZnnE3pqQ12S4TwfAKqwGm7DSShg +Ymz4mxfkiug= +=J67P +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SN-02:06.asc b/share/security/advisories/FreeBSD-SN-02:06.asc new file mode 100644 index 0000000000..617a4ccd5a --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-02:06.asc @@ -0,0 +1,225 @@ +-----BEGIN PGP SIGNED MESSAGE----- + +============================================================================= +FreeBSD-SN-02:06 Security Notice + The FreeBSD Project + +Topic: security issues in ports +Announced: 2002-10-10 + +I. Introduction + +Several ports in the FreeBSD Ports Collection are affected by security +issues. These are listed below with references and affected versions. +All versions given refer to the FreeBSD port/package version numbers. +The listed vulnerabilities are not specific to FreeBSD unless +otherwise noted. + +These ports are not installed by default, nor are they ``part of +FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See + for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: apache13, apache13+ipv6, apache13-fp, apache13-modssl and + apache13-ssl +Status: Fixed (apache13, apache13+ipv6, apache13-fp and apache13-modssl) + Not fixed (apache13-ssl) +Affected: versions < apache+ipv6-1.3.27 + versions < apache+mod_ssl-1.3.27+2.8.11 + versions < apache-1.3.27 + versions < apache_fp-1.3.27 + versions < ru-apache-1.3.27.30.16 +Attackers can cause httpd to spawn new processes, or can kill other +processes, resulting in denial of service. + + ++------------------------------------------------------------------------+ +Port name: gaim +Affected: versions < gaim-0.59.1 +Status: Fixed +The URL handler in the manual browser option for Gaim before 0.59.1 +fails to escape shell metacharacters in links. + ++------------------------------------------------------------------------+ +Port name: gallery +Affected: versions < gallery-1.3.1 +Status: Fixed +Remotely exploitable. + + + ++------------------------------------------------------------------------+ +Port name: gtar +Affected: versions < gtar-1.13.25_5 +Status: Fixed +Directory traversal bug allows files to be overwritten unexpectedly +when an archive is extracted. + + ++------------------------------------------------------------------------+ +Port name: hylafax +Affected: versions < hylafax-4.1.3 +Status: Fixed +Format string vulnerability and buffer overflow resulting in potential +denial of service attack, arbitrary code execution as root, and elevation +of privilege. + ++------------------------------------------------------------------------+ +Port name: linux_base-6 +Affected: versions < linux_base-6.1_2 +Status: Fixed +multiple vulnerabilities in Xlib + ++------------------------------------------------------------------------+ +Port name: linux_base and linux_base-6 +Affected: versions < linux_base-7.1_1 (linux_base) + versions < linux_base-6.1_2 (linux_base-6) +Status: Fixed +XDR RPC and resolver buffer overflows in glibc + + + + ++------------------------------------------------------------------------+ +Port name: linux-flashplugin +Affected: versions < linux-flashplugin-5.0r50 +Status: Fixed +A buffer overflow allowed execution of arbitrary code. Another bug +allowed the contents of users' files to be sent to a malicious Web +server. + + ++------------------------------------------------------------------------+ +Port name: mozilla, mozilla-devel +Affected: versions < mozilla-1.0.1_1,2 (mozilla) + versions < linux-mozilla-1.0_1 (mozilla-devel) +Status: Not fixed +An overflow exists in the Chatzilla IRC client. It can cause Mozilla +to crash even if the demonstration page does not cause the crash. +According to Robert Ginda, the bug does not allow execution of +malicious code. Chatzilla had been disabled in the affected ports, +but it was inadvertently enabled again. The presence of Chatzilla +is indicated by an icon in the status bar, by an item in the Window +menu, and by the existence of the chatzilla.jar file. As a workaround, +remove chatzilla.jar. + + + ++------------------------------------------------------------------------+ +Port name: opera +Affected: versions < opera-6.03.20020813 +Status: Fixed +Buffer overflows in OpenSSL may allow execution of arbitrary code. + + ++------------------------------------------------------------------------+ +Port name: php +Affected: versions mod_php4-4.0.5 to mod_php4-4.2.2 + versions >= php4-4.0.5 to php4-4.2.2 +Status: Fixed +possible execution of arbitrary code via mail() function + + + + ++------------------------------------------------------------------------+ +Port name: pkzip +Affected: all versions +Status: Not Fixed +If the -rec option is used when extracting an archive, files with +"/" as the first character in the path, or with "../" may be +extracted. + + ++------------------------------------------------------------------------+ +Port name: qmailadmin +Affected: versions < qmailadmin-1.0.6 +Status: Fixed +Installs setuid with exploitable buffer overflow leading to +privileges of `vpopmail' user. + ++------------------------------------------------------------------------+ +Port name: unzip +Affected: versions < unzip-5.50 +Status: Fixed +Files with "/" as the first character in the path, or with "../" +in the path may be extracted from an archive. + + + + + + ++------------------------------------------------------------------------+ +Port name: webmin +Affected: versions < webmin-1.020 +Status: Fixed +A prepackaged SSL key was identical for every installation, allowing +sessions to be hijacked. + ++------------------------------------------------------------------------+ +Port name: XFree86-4, XFree86-4-Server, XFree86-4-NestServer, + XFree86-4-VirtualFramebufferServer, XFree86-4-libraries, + XFree86-4-clients +Affected: versions < XFree86-Server-4.2.1_1 + versions < XFree86-libraries-4.2.1_1 + versions < XFree86-clients-4.2.1_1 + versions < XFree86-NestServer-4.2.1 + versions < XFree86-VirtualFramebufferServer-4.2.1 +Status: Fixed +Arbitrary code execution in privileged clients; overwriting restricted +shared memory segments; others. + ++------------------------------------------------------------------------+ +Port name: xinetd +Affected: versions < xinetd-2.3.7 +Status: Fixed +A file descriptor leak in xinetd could give an unprivileged process +the ability to terminate the master xinetd process. + ++------------------------------------------------------------------------+ + +III. Upgrading Ports/Packages + +To upgrade a fixed port/package, perform one of the following: + +1) Upgrade your Ports Collection and rebuild and reinstall the port. +Several tools are available in the Ports Collection to make this +easier. See: + /usr/ports/devel/portcheckout + /usr/ports/misc/porteasy + /usr/ports/sysutils/portupgrade + +2) Deinstall the old package and install a new package obtained from + +[i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ + +Packages are not automatically generated for other architectures at +this time. + + ++------------------------------------------------------------------------+ +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at . + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.0.7 (FreeBSD) +Comment: FreeBSD: The Power To Serve + +iQCVAwUBPaTD11UuHi5z0oilAQEXHgP9HR2gmVgRwAvKCqmlQVAEA6N3TwLFu1g/ +QXOlOZB0asu4XCFzj7effNVrCMob93ZOMSjDo4+SdKdp11TX3SaOrP3mPUcaimbs +owHZD77Rqb4fhajWVPjezYzXpJX0C7qb4HS7SnCzNde98PG+acVcvyGyqmY/9Yuy +pVMUC9fjkFY= +=ybhF +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SN-03:01.asc b/share/security/advisories/FreeBSD-SN-03:01.asc new file mode 100644 index 0000000000..d00e375cc1 --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-03:01.asc @@ -0,0 +1,111 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SN-03:01 Security Notice + The FreeBSD Project + +Topic: security issue in samba ports +Announced: 2003-04-07 + +I. Introduction + +Several ports in the FreeBSD Ports Collection are affected by security +issues. These are listed below with references and affected versions. +All versions given refer to the FreeBSD port/package version numbers. +The listed vulnerabilities are not specific to FreeBSD unless +otherwise noted. + +These ports are not installed by default, nor are they ``part of +FreeBSD'' as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See + for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: net/samba +Affected: versions < samba-2.2.8_2, samba-2.2.8a +Status: Fixed + +Two vulnerabilities recently: + +(1) Sebastian Krahmer of the SuSE Security Team identified +vulnerabilities that could lead to arbitrary code execution as root, +as well as a race condition that could allow overwriting of system +files. (This vulnerability was previously fixed in Samba 2.2.8.) + +(2) Digital Defense, Inc. reports: ``This vulnerability, if exploited +correctly, leads to an anonymous user gaining root access on a Samba +serving system. All versions of Samba up to and including Samba 2.2.8 +are vulnerable. Alpha versions of Samba 3.0 and above are *NOT* +vulnerable.'' + + + + + + ++------------------------------------------------------------------------+ +Port name: net/samba-tng +Affected: all versions +Status: Not fixed + +Some or all of the vulnerabilities affecting Samba may also affect +Samba-TNG. No confirmation or official patches are available at the +time of this security notice. ++------------------------------------------------------------------------+ + +III. Upgrading Ports/Packages + +To upgrade a fixed port/package, perform one of the following: + +1) Upgrade your Ports Collection and rebuild and reinstall the port. +Several tools are available in the Ports Collection to make this +easier. See: + /usr/ports/devel/portcheckout + /usr/ports/misc/porteasy + /usr/ports/sysutils/portupgrade + +2) Deinstall the old package and install a new package obtained from + +[FreeBSD 4.x, i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/ + +[FreeBSD 5.x, i386] +ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ + +Packages are not automatically generated for other architectures at +this time. + +Note that new, official packages may not be available on all mirrors +immediately. In the interim, Security Officer-generated packages (and +detached digital signatures) are available for the i386 architecture +at: + +[FreeBSD 4.x, i386] +ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz +ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz.asc + +[FreeBSD 5.x] +ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz +ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz.asc + + ++------------------------------------------------------------------------+ +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at . +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+kX+vFdaIBMps37IRAtkmAJ4ruhx4WQLeSPSPgfmzrVW4uYvVJACfRxem +4q3eO8IxTujzRR2QwH4eyK4= +=/4KW +-----END PGP SIGNATURE----- diff --git a/share/security/advisories/FreeBSD-SN-03:02.asc b/share/security/advisories/FreeBSD-SN-03:02.asc new file mode 100644 index 0000000000..cd59d479d5 --- /dev/null +++ b/share/security/advisories/FreeBSD-SN-03:02.asc @@ -0,0 +1,60 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA1 + +============================================================================= +FreeBSD-SN-03:02 Security Notice + The FreeBSD Project + +Topic: security issue in SETI@home client +Announced: 2003-04-08 + +I. Introduction + +A port in the FreeBSD Ports Collection is affected by a security +issue. Summary information is given below with references and +affected versions. All versions given refer to the FreeBSD +port/package version numbers. The listed vulnerabilities are not +specific to FreeBSD unless otherwise noted. + +This port is not installed by default, nor is it ``part of FreeBSD'' +as such. The FreeBSD Ports Collection contains thousands of +third-party applications in a ready-to-install format. FreeBSD makes +no claim about the security of these third-party applications. See + for more information about the +FreeBSD Ports Collection. + +II. Ports + ++------------------------------------------------------------------------+ +Port name: astro/setiathome +Affected: All versions +Status: Not fixed + +Excerpt from Berend-Jan Wever a.k.a. SkyLined's advisory: +``There is a bufferoverflow in the server responds handler. Sending +an overly large string followed by a newline ('\n') character to the +client will trigger this overflow. This has been tested with various +versions of the client. All versions are presumed to have this flaw in +some form.'' +Example exploits for FreeBSD and other systems exist. +A new version of SETI@home for FreeBSD is not available at the time +of this security notice. + + + ++------------------------------------------------------------------------+ + +FreeBSD Security Notices are communications from the Security Officer +intended to inform the user community about potential security issues, +such as bugs in the third-party applications found in the Ports +Collection, which will not be addressed in a FreeBSD Security +Advisory. + +Feedback on Security Notices is welcome at . +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.1 (FreeBSD) + +iD8DBQE+kruuFdaIBMps37IRAksIAKCXua4QQz3P3Y4qysYW8/ftjQhozQCfVnNw +PZAo0yzuFpYydTgYrodW+4Q= +=DQki +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-04:01/twe.patch b/share/security/patches/EN-04:01/twe.patch new file mode 100644 index 0000000000..b154bb4b8f --- /dev/null +++ b/share/security/patches/EN-04:01/twe.patch @@ -0,0 +1,195 @@ +Index: sys/dev/twe/twe.c +=================================================================== +RCS file: /home/ncvs/src/sys/dev/twe/twe.c,v +retrieving revision 1.1.2.8.2.1 +retrieving revision 1.1.2.8.2.2 +diff -u -r1.1.2.8.2.1 -r1.1.2.8.2.2 +--- sys/dev/twe/twe.c 12 May 2004 03:37:43 -0000 1.1.2.8.2.1 ++++ sys/dev/twe/twe.c 26 Jun 2004 02:22:24 -0000 1.1.2.8.2.2 +@@ -26,7 +26,7 @@ + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * +- * $FreeBSD: src/sys/dev/twe/twe.c,v 1.1.2.8.2.1 2004/05/12 03:37:43 vkashyap Exp $ ++ * $FreeBSD: src/sys/dev/twe/twe.c,v 1.1.2.8.2.2 2004/06/26 02:22:24 kensmith Exp $ + */ + + /* +@@ -382,7 +382,7 @@ + + debug_called(4); + +- if (sc->twe_state & TWE_STATE_FRZN) ++ if (sc->twe_state & (TWE_STATE_CTLR_BUSY | TWE_STATE_FRZN)) + return; + + /* spin until something prevents us from doing any work */ +@@ -433,6 +433,8 @@ + error = twe_map_request(tr); + + if (error != 0) { ++ if (error == EBUSY) ++ break; + tr->tr_status = TWE_CMD_ERROR; + if (tr->tr_private != NULL) { + bp = (twe_bio *)(tr->tr_private); +@@ -758,7 +760,7 @@ + } else { + tr->tr_complete = func; + error = twe_map_request(tr); +- if (error == 0) ++ if ((error == 0) || (error == EBUSY)) + return(func); + } + +@@ -924,8 +926,10 @@ + + debug_called(4); + ++ tr->tr_status = TWE_CMD_BUSY; + if ((error = twe_map_request(tr)) != 0) +- return(error); ++ if (error != EBUSY) ++ return(error); + while (tr->tr_status == TWE_CMD_BUSY){ + twe_done(tr->tr_sc); + } +@@ -1117,6 +1121,7 @@ + /* move to completed queue */ + twe_remove_busy(tr); + twe_enqueue_complete(tr); ++ sc->twe_state &= ~TWE_STATE_CTLR_BUSY; + } else { + break; /* no response ready */ + } +Index: sys/dev/twe/twe_freebsd.c +=================================================================== +RCS file: /home/ncvs/src/sys/dev/twe/twe_freebsd.c,v +retrieving revision 1.2.2.8 +retrieving revision 1.2.2.8.2.1 +diff -u -r1.2.2.8 -r1.2.2.8.2.1 +--- sys/dev/twe/twe_freebsd.c 7 Apr 2004 22:18:00 -0000 1.2.2.8 ++++ sys/dev/twe/twe_freebsd.c 26 Jun 2004 02:22:24 -0000 1.2.2.8.2.1 +@@ -26,7 +26,7 @@ + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * +- * $FreeBSD: src/sys/dev/twe/twe_freebsd.c,v 1.2.2.8 2004/04/07 22:18:00 vkashyap Exp $ ++ * $FreeBSD: src/sys/dev/twe/twe_freebsd.c,v 1.2.2.8.2.1 2004/06/26 02:22:24 kensmith Exp $ + */ + + /* +@@ -999,8 +999,10 @@ + bcopy(tr->tr_realdata, tr->tr_data, tr->tr_length); + bus_dmamap_sync(tr->tr_sc->twe_buffer_dmat, tr->tr_dmamap, BUS_DMASYNC_PREWRITE); + } +- if (twe_start(tr) == EBUSY) ++ if (twe_start(tr) == EBUSY) { ++ tr->tr_sc->twe_state |= TWE_STATE_CTLR_BUSY; + twe_requeue_ready(tr); ++ } + } + + static void +@@ -1022,8 +1024,10 @@ + + debug_called(4); + +- if (sc->twe_state & TWE_STATE_FRZN) ++ if (sc->twe_state & (TWE_STATE_CTLR_BUSY | TWE_STATE_FRZN)) { ++ twe_requeue_ready(tr); + return (EBUSY); ++ } + + /* + * Map the command into bus space. +@@ -1061,8 +1065,8 @@ + } + } else { + if ((error = twe_start(tr)) == EBUSY) { ++ sc->twe_state |= TWE_STATE_CTLR_BUSY; + twe_requeue_ready(tr); +- error = 0; + } + } + +Index: sys/dev/twe/twevar.h +=================================================================== +RCS file: /home/ncvs/src/sys/dev/twe/twevar.h,v +retrieving revision 1.1.2.6.2.1 +retrieving revision 1.1.2.6.2.2 +diff -u -r1.1.2.6.2.1 -r1.1.2.6.2.2 +--- sys/dev/twe/twevar.h 12 May 2004 03:37:43 -0000 1.1.2.6.2.1 ++++ sys/dev/twe/twevar.h 26 Jun 2004 02:22:24 -0000 1.1.2.6.2.2 +@@ -26,10 +26,10 @@ + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * +- * $FreeBSD: src/sys/dev/twe/twevar.h,v 1.1.2.6.2.1 2004/05/12 03:37:43 vkashyap Exp $ ++ * $FreeBSD: src/sys/dev/twe/twevar.h,v 1.1.2.6.2.2 2004/06/26 02:22:24 kensmith Exp $ + */ + +-#define TWE_DRIVER_VERSION_STRING "1.40.01.001" ++#define TWE_DRIVER_VERSION_STRING "1.40.01.002" + #define TWE_CDEV_MAJOR 146 + #define TWED_CDEV_MAJOR 147 + +@@ -149,7 +149,8 @@ + #define TWE_STATE_SHUTDOWN (1<<1) /* controller is shut down */ + #define TWE_STATE_OPEN (1<<2) /* control device is open */ + #define TWE_STATE_SUSPEND (1<<3) /* controller is suspended */ +-#define TWE_STATE_FRZN (1<<4) ++#define TWE_STATE_FRZN (1<<4) /* got EINPROGRESS */ ++#define TWE_STATE_CTLR_BUSY (1<<5) /* controller cmd queue full */ + int twe_host_id; + struct twe_qstat twe_qstat[TWEQ_COUNT]; /* queue statistics */ + +Index: sys/conf/newvers.sh +=================================================================== +RCS file: /home/ncvs/src/sys/conf/newvers.sh,v +retrieving revision 1.44.2.34.2.2 +retrieving revision 1.44.2.34.2.3 +diff -u -r1.44.2.34.2.2 -r1.44.2.34.2.3 +--- sys/conf/newvers.sh 25 May 2004 05:30:47 -0000 1.44.2.34.2.2 ++++ sys/conf/newvers.sh 26 Jun 2004 02:22:24 -0000 1.44.2.34.2.3 +@@ -32,11 +32,11 @@ + # SUCH DAMAGE. + # + # @(#)newvers.sh 8.1 (Berkeley) 4/20/94 +-# $FreeBSD: src/sys/conf/newvers.sh,v 1.44.2.34.2.2 2004/05/25 05:30:47 scottl Exp $ ++# $FreeBSD: src/sys/conf/newvers.sh,v 1.44.2.34.2.3 2004/06/26 02:22:24 kensmith Exp $ + + TYPE="FreeBSD" + REVISION="4.10" +-BRANCH="RELEASE" ++BRANCH="RELEASE-p1" + RELEASE="${REVISION}-${BRANCH}" + VERSION="${TYPE} ${RELEASE}" + +Index: UPDATING +=================================================================== +RCS file: /home/ncvs/src/UPDATING,v +retrieving revision 1.73.2.90 +retrieving revision 1.73.2.90.2.2 +diff -u -r1.73.2.90 -r1.73.2.90.2.2 +--- UPDATING 31 Oct 2003 16:40:39 -0000 1.73.2.90 ++++ UPDATING 26 Jun 2004 04:39:46 -0000 1.73.2.90.2.2 +@@ -8,6 +8,12 @@ + the common items quick how-tos, followed by entries for versions of + -current prior to 4.0 Release. + ++20040626: p1 FreeBSD-EN-04:01.twe ++ Fix a bug in twe(4) that could cause kernel lockups. ++ ++20040527: ++ FreeBSD 4.10-RELEASE. ++ + 20031028: + FreeBSD 4.9-RELEASE. + +@@ -1185,4 +1191,4 @@ + If you find this document useful, and you want to, you may buy the + author a beer. + +-$FreeBSD: src/UPDATING,v 1.73.2.90 2003/10/31 16:40:39 simon Exp $ ++$FreeBSD: src/UPDATING,v 1.73.2.90.2.2 2004/06/26 04:39:46 kensmith Exp $ diff --git a/share/security/patches/EN-04:01/twe.patch.asc b/share/security/patches/EN-04:01/twe.patch.asc new file mode 100644 index 0000000000..cee96bd11f --- /dev/null +++ b/share/security/patches/EN-04:01/twe.patch.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.2.4 (FreeBSD) + +iD8DBQBA3ZP5/G14VSmup/YRAuN6AJ9G+6K9TDb5MKs/UDPbMx5GMrCFigCdFe7r +KQQazp5kZ+tOF3fvj+zOK6k= +=qczL +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-06:02/net.patch b/share/security/patches/EN-06:02/net.patch new file mode 100644 index 0000000000..32cc9ba746 --- /dev/null +++ b/share/security/patches/EN-06:02/net.patch @@ -0,0 +1,141 @@ +Index: sys/netinet/ip_output.c +=================================================================== +RCS file: /home/cvs/src/sys/netinet/ip_output.c,v +retrieving revision 1.242.2.8 +diff -u -r1.242.2.8 ip_output.c +--- sys/netinet/ip_output.c 31 Jan 2006 16:06:05 -0000 1.242.2.8 ++++ sys/netinet/ip_output.c 25 Aug 2006 15:07:44 -0000 +@@ -1162,6 +1162,9 @@ + return (EINVAL); + } + ++ if (inp == NULL) ++ return (EINVAL); ++ + switch (sopt->sopt_dir) { + case SOPT_SET: + switch (sopt->sopt_name) { +Index: sys/netinet6/in6.c +=================================================================== +RCS file: /home/cvs/src/sys/netinet6/in6.c,v +retrieving revision 1.51.2.8 +diff -u -r1.51.2.8 in6.c +--- sys/netinet6/in6.c 9 Mar 2006 11:59:03 -0000 1.51.2.8 ++++ sys/netinet6/in6.c 25 Aug 2006 15:07:56 -0000 +@@ -1720,20 +1720,55 @@ + + /* we could do in(6)_socktrim here, but just omit it at this moment. */ + ++ if (newhost && nd6_need_cache(ifp) != 0) { ++ /* set the rtrequest function to create llinfo */ ++ ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; ++ } ++ + /* + * Special case: + * If a new destination address is specified for a point-to-point + * interface, install a route to the destination as an interface +- * direct route. ++ * direct route. In addition, if the link is expected to have neighbor ++ * cache entries, specify RTF_LLINFO so that a cache entry for the ++ * destination address will be created. ++ * created + * XXX: the logic below rejects assigning multiple addresses on a p2p +- * interface that share a same destination. ++ * interface that share the same destination. + */ + plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */ + if (!(ia->ia_flags & IFA_ROUTE) && plen == 128 && + ia->ia_dstaddr.sin6_family == AF_INET6) { +- if ((error = rtinit(&(ia->ia_ifa), (int)RTM_ADD, +- RTF_UP | RTF_HOST)) != 0) ++ int rtflags = RTF_UP | RTF_HOST; ++ struct rtentry *rt = NULL, **rtp = NULL; ++ ++ if (nd6_need_cache(ifp) != 0) { ++ rtflags |= RTF_LLINFO; ++ rtp = &rt; ++ } ++ ++ error = rtrequest(RTM_ADD, (struct sockaddr *)&ia->ia_dstaddr, ++ (struct sockaddr *)&ia->ia_addr, ++ (struct sockaddr *)&ia->ia_prefixmask, ++ ia->ia_flags | rtflags, rtp); ++ if (error != 0) + return (error); ++ if (rt != NULL) { ++ struct llinfo_nd6 *ln; ++ ++ RT_LOCK(rt); ++ ln = (struct llinfo_nd6 *)rt->rt_llinfo; ++ if (ln != NULL) { ++ /* ++ * Set the state to STALE because we don't ++ * have to perform address resolution on this ++ * link. ++ */ ++ ln->ln_state = ND6_LLINFO_STALE; ++ } ++ RT_REMREF(rt); ++ RT_UNLOCK(rt); ++ } + ia->ia_flags |= IFA_ROUTE; + } + if (plen < 128) { +@@ -1744,11 +1779,8 @@ + } + + /* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */ +- if (newhost) { +- /* set the rtrequest function to create llinfo */ +- ia->ia_ifa.ifa_rtrequest = nd6_rtrequest; ++ if (newhost) + in6_ifaddloop(&(ia->ia_ifa)); +- } + + return (error); + } +Index: sys/netinet6/nd6.c +=================================================================== +RCS file: /home/cvs/src/sys/netinet6/nd6.c,v +retrieving revision 1.48.2.12 +diff -u -r1.48.2.12 nd6.c +--- sys/netinet6/nd6.c 29 Mar 2006 21:05:11 -0000 1.48.2.12 ++++ sys/netinet6/nd6.c 25 Aug 2006 15:08:02 -0000 +@@ -512,6 +512,19 @@ + ln->ln_asked++; + nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000); + nd6_ns_output(ifp, dst, dst, ln, 0); ++ } else if (rt->rt_ifa != NULL && ++ rt->rt_ifa->ifa_addr->sa_family == AF_INET6 && ++ (((struct in6_ifaddr *)rt->rt_ifa)->ia_flags & IFA_ROUTE)) { ++ /* ++ * This is an unreachable neighbor whose address is ++ * specified as the destination of a p2p interface ++ * (see in6_ifinit()). We should not free the entry ++ * since this is sort of a "static" entry generated ++ * via interface address configuration. ++ */ ++ ln->ln_asked = 0; ++ ln->ln_expire = 0; /* make it permanent */ ++ ln->ln_state = ND6_LLINFO_STALE; + } else { + (void)nd6_free(rt, 0); + ln = NULL; +Index: sys/vm/uma_core.c +=================================================================== +RCS file: /home/cvs/src/sys/vm/uma_core.c,v +retrieving revision 1.119.2.15 +diff -u -r1.119.2.15 uma_core.c +--- sys/vm/uma_core.c 14 Feb 2006 03:37:58 -0000 1.119.2.15 ++++ sys/vm/uma_core.c 25 Aug 2006 15:08:12 -0000 +@@ -2417,8 +2417,7 @@ + * If nothing else caught this, we'll just do an internal free. + */ + zfree_internal: +- uma_zfree_internal(zone, item, udata, SKIP_DTOR, ZFREE_STATFAIL | +- ZFREE_STATFREE); ++ uma_zfree_internal(zone, item, udata, SKIP_DTOR, ZFREE_STATFREE); + + return; + } diff --git a/share/security/patches/EN-06:02/net.patch.asc b/share/security/patches/EN-06:02/net.patch.asc new file mode 100644 index 0000000000..c194b28af0 --- /dev/null +++ b/share/security/patches/EN-06:02/net.patch.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.3 (FreeBSD) + +iD8DBQBE8prKFdaIBMps37IRAuHyAKCBRw+mApcAzb52n1tdrhPOZcMofACeO+o+ +/CTfpmIx85OL7CCSG9WQ9Yw= +=wRb+ +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-07:01/nfs60.patch b/share/security/patches/EN-07:01/nfs60.patch new file mode 100644 index 0000000000..6a6294c55e --- /dev/null +++ b/share/security/patches/EN-07:01/nfs60.patch @@ -0,0 +1,421 @@ +Index: sys/nfsserver/nfs_serv.c +=================================================================== +RCS file: /home/ncvs/src/sys/nfsserver/nfs_serv.c,v +retrieving revision 1.156 +diff -u -r1.156 nfs_serv.c +--- sys/nfsserver/nfs_serv.c 17 Apr 2005 16:25:36 -0000 1.156 ++++ sys/nfsserver/nfs_serv.c 13 Feb 2007 20:43:09 -0000 +@@ -569,6 +569,10 @@ + + error = lookup(&ind); + ind.ni_dvp = NULL; ++ if (ind.ni_cnd.cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ ind.ni_cnd.cn_flags &= ~GIANTHELD; ++ } + + if (error == 0) { + /* +@@ -599,15 +603,9 @@ + } + } + +- if (dirp) { +- vrele(dirp); +- dirp = NULL; +- } +- + /* + * Resources at this point: + * ndp->ni_vp may not be NULL +- * + */ + + if (error) { +@@ -621,15 +619,6 @@ + } + + /* +- * Clear out some resources prior to potentially blocking. This +- * is not as critical as ni_dvp resources in other routines, but +- * it helps. +- */ +- vrele(ndp->ni_startdir); +- ndp->ni_startdir = NULL; +- NDFREE(&nd, NDF_ONLY_PNBUF); +- +- /* + * Get underlying attribute, then release remaining resources ( for + * the same potential blocking reason ) and reply. + */ +@@ -641,8 +630,12 @@ + error = VOP_GETATTR(vp, vap, cred, td); + + vput(vp); +- mtx_unlock(&Giant); /* VFS */ ++ vrele(ndp->ni_startdir); ++ vrele(dirp); + ndp->ni_vp = NULL; ++ ndp->ni_startdir = NULL; ++ dirp = NULL; ++ mtx_unlock(&Giant); /* VFS */ + NFSD_LOCK(); + nfsm_reply(NFSX_SRVFH(v3) + NFSX_POSTOPORFATTR(v3) + NFSX_POSTOPATTR(v3)); + if (error) { +@@ -662,17 +655,19 @@ + + nfsmout: + NFSD_LOCK_ASSERT(); +- NFSD_UNLOCK(); +- mtx_lock(&Giant); /* VFS */ +- if (dirp) +- vrele(dirp); ++ if (ndp->ni_vp || dirp || ndp->ni_startdir) { ++ NFSD_UNLOCK(); ++ mtx_lock(&Giant); /* VFS */ ++ if (ndp->ni_vp) ++ vput(ndp->ni_vp); ++ if (dirp) ++ vrele(dirp); ++ if (ndp->ni_startdir) ++ vrele(ndp->ni_startdir); ++ mtx_unlock(&Giant); /* VFS */ ++ NFSD_LOCK(); ++ } + NDFREE(&nd, NDF_ONLY_PNBUF); +- if (ndp->ni_startdir) +- vrele(ndp->ni_startdir); +- if (ndp->ni_vp) +- vput(ndp->ni_vp); +- mtx_unlock(&Giant); /* VFS */ +- NFSD_LOCK(); + return (error); + } + +@@ -1924,6 +1919,10 @@ + + error = lookup(&nd); + nd.ni_dvp = NULL; ++ if (nd.ni_cnd.cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ nd.ni_cnd.cn_flags &= ~GIANTHELD; ++ } + if (error) + goto ereply; + +@@ -2004,13 +2003,6 @@ + NFSD_LOCK_ASSERT(); + NFSD_UNLOCK(); + mtx_lock(&Giant); /* VFS */ +- if (nd.ni_startdir) { +- vrele(nd.ni_startdir); +- nd.ni_startdir = NULL; +- } +- if (dirp) +- vrele(dirp); +- NDFREE(&nd, NDF_ONLY_PNBUF); + if (nd.ni_dvp) { + if (nd.ni_dvp == nd.ni_vp) + vrele(nd.ni_dvp); +@@ -2019,6 +2011,13 @@ + } + if (nd.ni_vp) + vput(nd.ni_vp); ++ if (nd.ni_startdir) { ++ vrele(nd.ni_startdir); ++ nd.ni_startdir = NULL; ++ } ++ if (dirp) ++ vrele(dirp); ++ NDFREE(&nd, NDF_ONLY_PNBUF); + vn_finished_write(mp); + mtx_unlock(&Giant); /* VFS */ + NFSD_LOCK(); +@@ -2092,6 +2091,8 @@ + tl = nfsm_dissect_nonblock(u_int32_t *, NFSX_UNSIGNED); + vtyp = nfsv3tov_type(*tl); + if (vtyp != VCHR && vtyp != VBLK && vtyp != VSOCK && vtyp != VFIFO) { ++ NFSD_UNLOCK(); ++ mtx_lock(&Giant); /* VFS */ + error = NFSERR_BADTYPE; + goto out; + } +@@ -2108,6 +2109,8 @@ + * Iff doesn't exist, create it. + */ + if (nd.ni_vp) { ++ NFSD_UNLOCK(); ++ mtx_lock(&Giant); /* VFS */ + error = EEXIST; + goto out; + } +@@ -2146,6 +2149,10 @@ + + error = lookup(&nd); + nd.ni_dvp = NULL; ++ if (nd.ni_cnd.cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ nd.ni_cnd.cn_flags &= ~GIANTHELD; ++ } + + if (error) + goto out; +@@ -2158,18 +2165,6 @@ + */ + out: + NFSD_UNLOCK_ASSERT(); +- if (nd.ni_startdir) { +- vrele(nd.ni_startdir); +- nd.ni_startdir = NULL; +- } +- NDFREE(&nd, NDF_ONLY_PNBUF); +- if (nd.ni_dvp) { +- if (nd.ni_dvp == nd.ni_vp) +- vrele(nd.ni_dvp); +- else +- vput(nd.ni_dvp); +- nd.ni_dvp = NULL; +- } + vp = nd.ni_vp; + if (!error) { + bzero((caddr_t)fhp, sizeof(nfh)); +@@ -2178,11 +2173,23 @@ + if (!error) + error = VOP_GETATTR(vp, vap, cred, td); + } ++ if (nd.ni_dvp) { ++ if (nd.ni_dvp == nd.ni_vp) ++ vrele(nd.ni_dvp); ++ else ++ vput(nd.ni_dvp); ++ nd.ni_dvp = NULL; ++ } + if (vp) { + vput(vp); + vp = NULL; + nd.ni_vp = NULL; + } ++ if (nd.ni_startdir) { ++ vrele(nd.ni_startdir); ++ nd.ni_startdir = NULL; ++ } ++ NDFREE(&nd, NDF_ONLY_PNBUF); + if (dirp) { + vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td); + diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td); +@@ -2210,11 +2217,6 @@ + NFSD_LOCK_ASSERT(); + NFSD_UNLOCK(); + mtx_lock(&Giant); /* VFS */ +- if (dirp) +- vrele(dirp); +- if (nd.ni_startdir) +- vrele(nd.ni_startdir); +- NDFREE(&nd, NDF_ONLY_PNBUF); + if (nd.ni_dvp) { + if (nd.ni_dvp == nd.ni_vp) + vrele(nd.ni_dvp); +@@ -2223,6 +2225,11 @@ + } + if (nd.ni_vp) + vput(nd.ni_vp); ++ if (dirp) ++ vrele(dirp); ++ if (nd.ni_startdir) ++ vrele(nd.ni_startdir); ++ NDFREE(&nd, NDF_ONLY_PNBUF); + vn_finished_write(mp); + mtx_unlock(&Giant); /* VFS */ + NFSD_LOCK(); +@@ -2519,8 +2526,8 @@ + tond.ni_dvp = NULL; + tond.ni_vp = NULL; + if (error) { +- fromnd.ni_cnd.cn_flags &= ~HASBUF; +- tond.ni_cnd.cn_flags &= ~HASBUF; ++ NDFREE(&fromnd, NDF_ONLY_PNBUF); ++ NDFREE(&tond, NDF_ONLY_PNBUF); + } + } else { + if (error == -1) +@@ -2573,11 +2580,6 @@ + NFSD_LOCK_ASSERT(); + NFSD_UNLOCK(); + mtx_lock(&Giant); /* VFS */ +- if (tdirp) +- vrele(tdirp); +- if (tond.ni_startdir) +- vrele(tond.ni_startdir); +- NDFREE(&tond, NDF_ONLY_PNBUF); + if (tond.ni_dvp) { + if (tond.ni_dvp == tond.ni_vp) + vrele(tond.ni_dvp); +@@ -2586,7 +2588,11 @@ + } + if (tond.ni_vp) + vput(tond.ni_vp); +- ++ if (tdirp) ++ vrele(tdirp); ++ if (tond.ni_startdir) ++ vrele(tond.ni_startdir); ++ NDFREE(&tond, NDF_ONLY_PNBUF); + /* + * Clear out fromnd related fields + */ +@@ -2747,8 +2753,6 @@ + NFSD_UNLOCK(); + mtx_lock(&Giant); /* VFS */ + NDFREE(&nd, NDF_ONLY_PNBUF); +- if (dirp) +- vrele(dirp); + if (vp) + vput(vp); + if (nd.ni_dvp) { +@@ -2757,6 +2761,8 @@ + else + vput(nd.ni_dvp); + } ++ if (dirp) ++ vrele(dirp); + if (nd.ni_vp) + vrele(nd.ni_vp); + vn_finished_write(mp); +@@ -2815,6 +2821,12 @@ + nd.ni_cnd.cn_flags = LOCKPARENT | SAVESTART; + error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos, + &dirp, v3, &dirfor, &dirfor_ret, td, FALSE); ++ if (error == 0) { ++ VATTR_NULL(vap); ++ if (v3) ++ nfsm_srvsattr(vap); ++ nfsm_srvpathsiz(len2); ++ } + NFSD_UNLOCK(); + mtx_lock(&Giant); /* VFS */ + if (dirp && !v3) { +@@ -2824,10 +2836,6 @@ + if (error) + goto out; + +- VATTR_NULL(vap); +- if (v3) +- nfsm_srvsattr(vap); +- nfsm_srvpathsiz(len2); + MALLOC(pathcp, caddr_t, len2 + 1, M_TEMP, M_WAITOK); + iv.iov_base = pathcp; + iv.iov_len = len2; +@@ -2884,6 +2892,10 @@ + + error = lookup(&nd); + nd.ni_dvp = NULL; ++ if (nd.ni_cnd.cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ nd.ni_cnd.cn_flags &= ~GIANTHELD; ++ } + + if (error == 0) { + bzero((caddr_t)fhp, sizeof(nfh)); +@@ -3113,8 +3125,6 @@ + NFSD_LOCK_ASSERT(); + NFSD_UNLOCK(); + mtx_lock(&Giant); /* VFS */ +- if (dirp) +- vrele(dirp); + if (nd.ni_dvp) { + NDFREE(&nd, NDF_ONLY_PNBUF); + if (nd.ni_dvp == nd.ni_vp && vpexcl) +@@ -3128,6 +3138,8 @@ + else + vrele(nd.ni_vp); + } ++ if (dirp) ++ vrele(dirp); + vn_finished_write(mp); + mtx_unlock(&Giant); /* VFS */ + NFSD_LOCK(); +@@ -3255,8 +3267,6 @@ + NFSD_UNLOCK(); + mtx_lock(&Giant); /* VFS */ + NDFREE(&nd, NDF_ONLY_PNBUF); +- if (dirp) +- vrele(dirp); + if (nd.ni_dvp) { + if (nd.ni_dvp == nd.ni_vp) + vrele(nd.ni_dvp); +@@ -3265,6 +3275,8 @@ + } + if (nd.ni_vp) + vput(nd.ni_vp); ++ if (dirp) ++ vrele(dirp); + + vn_finished_write(mp); + mtx_unlock(&Giant); /* VFS */ +Index: sys/nfsserver/nfs_srvsubs.c +=================================================================== +RCS file: /home/ncvs/src/sys/nfsserver/nfs_srvsubs.c,v +retrieving revision 1.136 +diff -u -r1.136 nfs_srvsubs.c +--- sys/nfsserver/nfs_srvsubs.c 28 Mar 2005 18:51:58 -0000 1.136 ++++ sys/nfsserver/nfs_srvsubs.c 13 Feb 2007 20:43:09 -0000 +@@ -875,6 +875,10 @@ + } + if (!lockleaf) + cnp->cn_flags &= ~LOCKLEAF; ++ if (cnp->cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ cnp->cn_flags &= ~GIANTHELD; ++ } + + /* + * nfs_namei() guarentees that fields will not contain garbage +@@ -1331,6 +1335,24 @@ + return 0; + } + ++int ++nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos) ++{ ++ u_int32_t *tl; ++ ++ NFSD_LOCK_DONTCARE(); ++ ++ tl = nfsm_dissect_xx_nonblock(NFSX_UNSIGNED, md, dpos); ++ if (tl == NULL) ++ return EBADRPC; ++ *s = fxdr_unsigned(int32_t, *tl); ++ if (*s > m) ++ return NFSERR_NAMETOL; ++ if (*s < 0) ++ return EBADRPC; ++ return 0; ++} ++ + void + nfsm_clget_xx(u_int32_t **tl, struct mbuf *mb, struct mbuf **mp, + char **bp, char **be, caddr_t bpos, int droplock) +Index: sys/nfsserver/nfsm_subs.h +=================================================================== +RCS file: /home/ncvs/src/sys/nfsserver/nfsm_subs.h,v +retrieving revision 1.37 +diff -u -r1.37 nfsm_subs.h +--- sys/nfsserver/nfsm_subs.h 7 Jan 2005 01:45:51 -0000 1.37 ++++ sys/nfsserver/nfsm_subs.h 13 Feb 2007 20:43:09 -0000 +@@ -74,6 +74,7 @@ + + int nfsm_srvstrsiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos); + int nfsm_srvnamesiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos); ++int nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos); + int nfsm_srvmtofh_xx(fhandle_t *f, struct nfsrv_descript *nfsd, + struct mbuf **md, caddr_t *dpos); + int nfsm_srvsattr_xx(struct vattr *a, struct mbuf **md, caddr_t *dpos); +@@ -101,7 +102,7 @@ + #define nfsm_srvpathsiz(s) \ + do { \ + int t1; \ +- t1 = nfsm_srvnamesiz_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \ ++ t1 = nfsm_srvnamesiz0_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \ + if (t1) { \ + error = t1; \ + nfsm_reply(0); \ diff --git a/share/security/patches/EN-07:01/nfs60.patch.asc b/share/security/patches/EN-07:01/nfs60.patch.asc new file mode 100644 index 0000000000..d621987e63 --- /dev/null +++ b/share/security/patches/EN-07:01/nfs60.patch.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQBF043pFdaIBMps37IRAmCuAJ4l0MHSa2YR4IjsHNBWh9Vb/2RZkwCgmlGn +ddJ3A3AU0f92UYhLv2QffEk= +=Fp8p +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-07:01/nfs61.patch b/share/security/patches/EN-07:01/nfs61.patch new file mode 100644 index 0000000000..643fb3f534 --- /dev/null +++ b/share/security/patches/EN-07:01/nfs61.patch @@ -0,0 +1,153 @@ +Index: sys/nfsserver/nfs_serv.c +=================================================================== +RCS file: /home/ncvs/src/sys/nfsserver/nfs_serv.c,v +retrieving revision 1.156.2.2 +diff -u -r1.156.2.2 nfs_serv.c +--- sys/nfsserver/nfs_serv.c 13 Mar 2006 03:06:49 -0000 1.156.2.2 ++++ sys/nfsserver/nfs_serv.c 3 Jan 2007 17:14:55 -0000 +@@ -569,6 +569,10 @@ + + error = lookup(&ind); + ind.ni_dvp = NULL; ++ if (ind.ni_cnd.cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ ind.ni_cnd.cn_flags &= ~GIANTHELD; ++ } + + if (error == 0) { + /* +@@ -1915,6 +1919,10 @@ + + error = lookup(&nd); + nd.ni_dvp = NULL; ++ if (nd.ni_cnd.cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ nd.ni_cnd.cn_flags &= ~GIANTHELD; ++ } + if (error) + goto ereply; + +@@ -2141,6 +2149,10 @@ + + error = lookup(&nd); + nd.ni_dvp = NULL; ++ if (nd.ni_cnd.cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ nd.ni_cnd.cn_flags &= ~GIANTHELD; ++ } + + if (error) + goto out; +@@ -2514,8 +2526,8 @@ + tond.ni_dvp = NULL; + tond.ni_vp = NULL; + if (error) { +- fromnd.ni_cnd.cn_flags &= ~HASBUF; +- tond.ni_cnd.cn_flags &= ~HASBUF; ++ NDFREE(&fromnd, NDF_ONLY_PNBUF); ++ NDFREE(&tond, NDF_ONLY_PNBUF); + } + } else { + if (error == -1) +@@ -2809,6 +2821,12 @@ + nd.ni_cnd.cn_flags = LOCKPARENT | SAVESTART; + error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos, + &dirp, v3, &dirfor, &dirfor_ret, td, FALSE); ++ if (error == 0) { ++ VATTR_NULL(vap); ++ if (v3) ++ nfsm_srvsattr(vap); ++ nfsm_srvpathsiz(len2); ++ } + NFSD_UNLOCK(); + mtx_lock(&Giant); /* VFS */ + if (dirp && !v3) { +@@ -2818,10 +2836,6 @@ + if (error) + goto out; + +- VATTR_NULL(vap); +- if (v3) +- nfsm_srvsattr(vap); +- nfsm_srvpathsiz(len2); + MALLOC(pathcp, caddr_t, len2 + 1, M_TEMP, M_WAITOK); + iv.iov_base = pathcp; + iv.iov_len = len2; +@@ -2878,6 +2892,10 @@ + + error = lookup(&nd); + nd.ni_dvp = NULL; ++ if (nd.ni_cnd.cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ nd.ni_cnd.cn_flags &= ~GIANTHELD; ++ } + + if (error == 0) { + bzero((caddr_t)fhp, sizeof(nfh)); +Index: sys/nfsserver/nfs_srvsubs.c +=================================================================== +RCS file: /home/ncvs/src/sys/nfsserver/nfs_srvsubs.c,v +retrieving revision 1.136.2.2 +diff -u -r1.136.2.2 nfs_srvsubs.c +--- sys/nfsserver/nfs_srvsubs.c 4 Apr 2006 15:29:51 -0000 1.136.2.2 ++++ sys/nfsserver/nfs_srvsubs.c 2 Jan 2007 19:20:02 -0000 +@@ -875,6 +875,10 @@ + } + if (!lockleaf) + cnp->cn_flags &= ~LOCKLEAF; ++ if (cnp->cn_flags & GIANTHELD) { ++ mtx_unlock(&Giant); ++ cnp->cn_flags &= ~GIANTHELD; ++ } + + /* + * nfs_namei() guarentees that fields will not contain garbage +@@ -1331,6 +1335,24 @@ + return 0; + } + ++int ++nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos) ++{ ++ u_int32_t *tl; ++ ++ NFSD_LOCK_DONTCARE(); ++ ++ tl = nfsm_dissect_xx_nonblock(NFSX_UNSIGNED, md, dpos); ++ if (tl == NULL) ++ return EBADRPC; ++ *s = fxdr_unsigned(int32_t, *tl); ++ if (*s > m) ++ return NFSERR_NAMETOL; ++ if (*s < 0) ++ return EBADRPC; ++ return 0; ++} ++ + void + nfsm_clget_xx(u_int32_t **tl, struct mbuf *mb, struct mbuf **mp, + char **bp, char **be, caddr_t bpos, int droplock) +Index: sys/nfsserver/nfsm_subs.h +=================================================================== +RCS file: /home/ncvs/src/sys/nfsserver/nfsm_subs.h,v +retrieving revision 1.37 +diff -u -r1.37 nfsm_subs.h +--- sys/nfsserver/nfsm_subs.h 7 Jan 2005 01:45:51 -0000 1.37 ++++ sys/nfsserver/nfsm_subs.h 2 Jan 2007 19:16:30 -0000 +@@ -74,6 +74,7 @@ + + int nfsm_srvstrsiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos); + int nfsm_srvnamesiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos); ++int nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos); + int nfsm_srvmtofh_xx(fhandle_t *f, struct nfsrv_descript *nfsd, + struct mbuf **md, caddr_t *dpos); + int nfsm_srvsattr_xx(struct vattr *a, struct mbuf **md, caddr_t *dpos); +@@ -101,7 +102,7 @@ + #define nfsm_srvpathsiz(s) \ + do { \ + int t1; \ +- t1 = nfsm_srvnamesiz_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \ ++ t1 = nfsm_srvnamesiz0_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \ + if (t1) { \ + error = t1; \ + nfsm_reply(0); \ diff --git a/share/security/patches/EN-07:01/nfs61.patch.asc b/share/security/patches/EN-07:01/nfs61.patch.asc new file mode 100644 index 0000000000..22a5d23972 --- /dev/null +++ b/share/security/patches/EN-07:01/nfs61.patch.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQBF043yFdaIBMps37IRAiHmAKCehp94osYf1bZpf1zI+UOGGj5JXgCfb2yt +rkB/cWlWmQ4jAc/rnD8xlX0= +=FwJj +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-07:02/net.patch b/share/security/patches/EN-07:02/net.patch new file mode 100644 index 0000000000..23cb15651b --- /dev/null +++ b/share/security/patches/EN-07:02/net.patch @@ -0,0 +1,16 @@ +Index: sys/netinet6/nd6.c +=================================================================== +RCS file: /home/ncvs/src/sys/netinet6/nd6.c,v +retrieving revision 1.48.2.15 +diff -u -r1.48.2.15 nd6.c +--- sys/netinet6/nd6.c 7 Oct 2006 18:31:27 -0000 1.48.2.15 ++++ sys/netinet6/nd6.c 15 Feb 2007 02:34:00 -0000 +@@ -1315,7 +1315,7 @@ + callout_init(&ln->ln_timer_ch, 0); + + /* this is required for "ndp" command. - shin */ +- if (req == RTM_ADD && (rt->rt_flags & RTF_STATIC)) { ++ if (req == RTM_ADD) { + /* + * gate should have some valid AF_LINK entry, + * and ln->ln_expire should have some lifetime diff --git a/share/security/patches/EN-07:02/net.patch.asc b/share/security/patches/EN-07:02/net.patch.asc new file mode 100644 index 0000000000..1c920f5366 --- /dev/null +++ b/share/security/patches/EN-07:02/net.patch.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQBF5cumFdaIBMps37IRAjg8AJ9YpbkjiTVndRYBqVOvl2Vxr1eesQCfWOWv +hifkdl6HGlzOui2NubF3Py8= +=GOWU +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-07:03/rc.d_jail.patch b/share/security/patches/EN-07:03/rc.d_jail.patch new file mode 100644 index 0000000000..aa477efabf --- /dev/null +++ b/share/security/patches/EN-07:03/rc.d_jail.patch @@ -0,0 +1,18 @@ +Index: etc/rc.d/jail +=================================================================== +RCS file: /home/ncvs/src/etc/rc.d/jail,v +retrieving revision 1.23.2.7.2.1 +diff -u -d -r1.23.2.7.2.1 jail +--- etc/rc.d/jail 11 Jan 2007 18:17:24 -0000 1.23.2.7.2.1 ++++ etc/rc.d/jail 27 Feb 2007 20:47:59 -0000 +@@ -331,8 +331,8 @@ + echo ${_jail_id} > /var/run/jail_${_jail}.id + else + jail_umount_fs +- if [ -n "${jail_interface}" ]; then +- ifconfig ${jail_interface} -alias ${jail_ip} ++ if [ -n "${_interface}" ]; then ++ ifconfig ${_interface} -alias ${_ip} + fi + echo " cannot start jail \"${_jail}\": " + tail +2 ${_tmp_jail} diff --git a/share/security/patches/EN-07:03/rc.d_jail.patch.asc b/share/security/patches/EN-07:03/rc.d_jail.patch.asc new file mode 100644 index 0000000000..117a62ebb0 --- /dev/null +++ b/share/security/patches/EN-07:03/rc.d_jail.patch.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.6 (FreeBSD) + +iD8DBQBF5cusFdaIBMps37IRAl/RAJ4nLd+NpcuyhaGHeLqz4ZOenBcLmwCfYMa/ +EaHn/GLTNlJPBlQq1bEpDi4= +=Ygy7 +-----END PGP SIGNATURE----- diff --git a/share/security/patches/EN-07:04/zoneinfo.patch b/share/security/patches/EN-07:04/zoneinfo.patch new file mode 100644 index 0000000000..8e8085f3ec --- /dev/null +++ b/share/security/patches/EN-07:04/zoneinfo.patch @@ -0,0 +1,3705 @@ +Index: share/misc/iso3166 +=================================================================== +RCS file: /home/ncvs/src/share/misc/iso3166,v +retrieving revision 1.13 +diff -u -r1.13 iso3166 +--- share/misc/iso3166 14 Jun 2004 02:38:55 -0000 1.13 ++++ share/misc/iso3166 27 Feb 2007 12:36:01 -0000 +@@ -106,6 +106,7 @@ + GP GLP 312 Guadeloupe + GU GUM 316 Guam + GT GTM 320 Guatemala ++GG GGY 831 Guernsey + GN GIN 324 Guinea + GW GNB 624 Guinea-Bissau + GY GUY 328 Guyana +@@ -120,10 +121,12 @@ + IR IRN 364 Iran + IQ IRQ 368 Iraq + IE IRL 372 Ireland ++IM IMN 833 Isle of Man + IL ISR 376 Israel + IT ITA 380 Italy + JM JAM 388 Jamaica + JP JPN 392 Japan ++JE JEY 832 Jersey + JO JOR 400 Jordan + KZ KAZ 398 Kazakhstan + KE KEN 404 Kenya +@@ -159,6 +162,7 @@ + MD MDA 498 Moldova + MC MCO 492 Monaco + MN MNG 496 Mongolia ++ME MNE 499 Montenegro + MS MSR 500 Montserrat + MA MAR 504 Morocco + MZ MOZ 508 Mozambique +@@ -203,7 +207,7 @@ + ST STP 678 Sao Tome and Principe + SA SAU 682 Saudi Arabia + SN SEN 686 Senegal +-CS SCG 891 Serbia and Montenegro ++RS SRB 688 Serbia + SC SYC 690 Seychelles + SL SLE 694 Sierra Leone + SG SGP 702 Singapore +@@ -494,7 +498,7 @@ + # ALAND ISLANDS (AX) added as a new entry. In the official newsletter, + # this territory is shown with the correct (Swedish) orthography. As this + # file is restricted to the ASCII character set, we have substituted the +-# letter `A' for the Swedish letter \xc5. (The Finnish name for this ++# letter `A' for the Swedish letter U+00C5. (The Finnish name for this + # semi-autonomous territory is Ahvenanmaa, but the official place-names + # in the territory are Swedish-only.) Note that the standard collation + # order for Swedish in Finland would sort this letter after Z. +@@ -502,3 +506,10 @@ + # Newsletter V-10 2004-04-26 + # Name changes not relevant to this file. + # ++# Newsletter V-11 2006-03-29 ++# GUERNSEY (GG), ISLE OF MAN (IM), and JERSEY (JE) added as new entries. ++# These territories were previously included as a part of the UNITED ++# KINGDOM (GB). ++# ++# Newsletter V-12 2006-09-26 ++# Removed SERBIA AND MONTENEGRO (CS). Added SERBIA (RS) and MONTENEGRO (ME). +Index: share/zoneinfo/Makefile +=================================================================== +RCS file: /home/ncvs/src/share/zoneinfo/Makefile,v +retrieving revision 1.20 +diff -u -r1.20 Makefile +--- share/zoneinfo/Makefile 19 Oct 2004 20:38:49 -0000 1.20 ++++ share/zoneinfo/Makefile 25 Feb 2007 03:26:56 -0000 +@@ -9,11 +9,11 @@ + .endif + + TZFILES= africa antarctica asia australasia etcetera europe \ +- factory northamerica southamerica systemv ++ factory northamerica southamerica + POSIXRULES= America/New_York + + .if defined(OLDTIMEZONES) +-TZFILES+= backward ++TZFILES+= backward systemv + .endif + + all: yearistype +Index: share/zoneinfo/africa +=================================================================== +RCS file: /home/ncvs/src/share/zoneinfo/africa,v +retrieving revision 1.14.14.2 +diff -u -r1.14.14.2 africa +--- share/zoneinfo/africa 27 Dec 2005 19:56:24 -0000 1.14.14.2 ++++ share/zoneinfo/africa 25 Feb 2007 03:26:56 -0000 +@@ -1,15 +1,15 @@ +-# @(#)africa 7.40 ++# @(#)africa 8.5 + # 
+ 
+ # This data is by no means authoritative; if you think you know better,
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-03-22):
++# From Paul Eggert (2006-03-22):
+ #
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -17,8 +17,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Another source occasionally used is Edward W. Whitman, World Time Differences,
+ # Whitman Publishing Co, 2 Niagara Av, Ealing, London (undated), which
+@@ -65,7 +65,7 @@
+ # Algeria
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Algeria	1916	only	-	Jun	14	23:00s	1:00	S
+-Rule	Algeria	1916	1919	-	Oct	Sun<=7	23:00s	0	-
++Rule	Algeria	1916	1919	-	Oct	Sun>=1	23:00s	0	-
+ Rule	Algeria	1917	only	-	Mar	24	23:00s	1:00	S
+ Rule	Algeria	1918	only	-	Mar	 9	23:00s	1:00	S
+ Rule	Algeria	1919	only	-	Mar	 1	23:00s	1:00	S
+@@ -75,7 +75,7 @@
+ Rule	Algeria	1921	only	-	Jun	21	23:00s	0	-
+ Rule	Algeria	1939	only	-	Sep	11	23:00s	1:00	S
+ Rule	Algeria	1939	only	-	Nov	19	 1:00	0	-
+-Rule	Algeria	1944	1945	-	Apr	Mon<=7	 2:00	1:00	S
++Rule	Algeria	1944	1945	-	Apr	Mon>=1	 2:00	1:00	S
+ Rule	Algeria	1944	only	-	Oct	 8	 2:00	0	-
+ Rule	Algeria	1945	only	-	Sep	16	 1:00	0	-
+ Rule	Algeria	1971	only	-	Apr	25	23:00s	1:00	S
+@@ -86,7 +86,8 @@
+ Rule	Algeria	1978	only	-	Sep	22	 3:00	0	-
+ Rule	Algeria	1980	only	-	Apr	25	 0:00	1:00	S
+ Rule	Algeria	1980	only	-	Oct	31	 2:00	0	-
+-# Shanks gives 0:09 for Paris Mean Time; go with Howse's more precise 0:09:21.
++# Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's
++# more precise 0:09:21.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Algiers	0:12:12 -	LMT	1891 Mar 15 0:01
+ 			0:09:21	-	PMT	1911 Mar 11    # Paris Mean Time
+@@ -106,7 +107,8 @@
+ 			1:00	-	WAT
+ 
+ # Benin
+-# Whitman says they switched to 1:00 in 1946, not 1934; go with Shanks.
++# Whitman says they switched to 1:00 in 1946, not 1934;
++# go with Shanks & Pottenger.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Africa/Porto-Novo	0:10:28	-	LMT	1912
+ 			0:00	-	GMT	1934 Feb 26
+@@ -130,7 +132,7 @@
+ 			2:00	-	CAT
+ 
+ # Cameroon
+-# Whitman says they switched to 1:00 in 1920; go with Shanks.
++# Whitman says they switched to 1:00 in 1920; go with Shanks & Pottenger.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Douala	0:38:48	-	LMT	1912
+ 			1:00	-	WAT
+@@ -209,7 +211,14 @@
+ # IATA (after 1990) says transitions are at 0:00.
+ # Go with IATA starting in 1995, except correct 1995 entry from 09-30 to 09-29.
+ Rule	Egypt	1995	max	-	Apr	lastFri	 0:00s	1:00	S
+-Rule	Egypt	1995	max	-	Sep	lastThu	23:00s	0	-
++Rule	Egypt	1995	2005	-	Sep	lastThu	23:00s	0	-
++# From Steffen Thorsen (2006-09-19):
++# The Egyptian Gazette, issue 41,090 (2006-09-18), page 1, reports:
++# Egypt will turn back clocks by one hour at the midnight of Thursday
++# after observing the daylight saving time since May.
++# http://news.gom.com.eg/gazette/pdf/2006/09/18/01.pdf
++Rule	Egypt	2006	only	-	Sep	21	23:00s	0	-
++Rule	Egypt	2007	max	-	Sep	lastThu	23:00s	0	-
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Cairo	2:05:00 -	LMT	1900 Oct
+@@ -229,9 +238,9 @@
+ 			3:00	-	EAT
+ 
+ # Ethiopia
+-# From Paul Eggert (1997-10-05):
+-# Shanks writes that Ethiopia had six narrowly-spaced time zones between
+-# 1870 and 1890, and that they merged to 38E50 (2:35:20) in 1890.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that Ethiopia had six narrowly-spaced time zones
++# between 1870 and 1890, and that they merged to 38E50 (2:35:20) in 1890.
+ # We'll guess that 38E50 is for Adis Dera.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Africa/Addis_Ababa	2:34:48 -	LMT	1870
+@@ -252,7 +261,8 @@
+ 
+ # Ghana
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# Whitman says DST was observed from 1931 to ``the present''; go with Shanks.
++# Whitman says DST was observed from 1931 to ``the present'';
++# go with Shanks & Pottenger.
+ Rule	Ghana	1936	1942	-	Sep	 1	0:00	0:20	GHST
+ Rule	Ghana	1936	1942	-	Dec	31	0:00	0	GMT
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -288,13 +298,14 @@
+ 			2:00	-	SAST
+ 
+ # Liberia
+-# From Paul Eggert (2001-07-17):
++# From Paul Eggert (2006-03-22):
+ # In 1972 Liberia was the last country to switch
+ # from a UTC offset that was not a multiple of 15 or 20 minutes.
+ # Howse reports that it was in honor of their president's birthday.
+-# Shanks reports the date as May 1, whereas Howse reports Jan; go with Shanks.
+-# For Liberia before 1972, Shanks reports -0:44, whereas Howse and Whitman
+-# each report -0:44:30; go with the more precise figure.
++# Shank & Pottenger report the date as May 1, whereas Howse reports Jan;
++# go with Shanks & Pottenger.
++# For Liberia before 1972, Shanks & Pottenger report -0:44, whereas Howse and
++# Whitman each report -0:44:30; go with the more precise figure.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Monrovia	-0:43:08 -	LMT	1882
+ 			-0:43:08 -	MMT	1919 Mar # Monrovia Mean Time
+@@ -324,7 +335,7 @@
+ 			1:00	Libya	CE%sT	1959
+ 			2:00	-	EET	1982
+ 			1:00	Libya	CE%sT	1990 May  4
+-# The following entries are all from Shanks;
++# The following entries are from Shanks & Pottenger;
+ # the IATA SSIM data contain some obvious errors.
+ 			2:00	-	EET	1996 Sep 30
+ 			1:00	-	CET	1997 Apr  4
+@@ -403,8 +414,8 @@
+ 			2:00	-	CAT
+ 
+ # Namibia
+-# The 1994-04-03 transition is from Shanks.
+-# Shanks reports no DST after 1998-04; go with IATA.
++# The 1994-04-03 transition is from Shanks & Pottenger.
++# Shanks & Pottenger report no DST after 1998-04; go with IATA.
+ # RULE	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Namibia	1994	max	-	Sep	Sun>=1	2:00	1:00	S
+ Rule	Namibia	1995	max	-	Apr	Sun>=1	2:00	0	-
+@@ -488,7 +499,7 @@
+ 
+ # Sierra Leone
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# Whitman gives Mar 31 - Aug 31 for 1931 on; go with Shanks.
++# Whitman gives Mar 31 - Aug 31 for 1931 on; go with Shanks & Pottenger.
+ Rule	SL	1935	1942	-	Jun	 1	0:00	0:40	SLST
+ Rule	SL	1935	1942	-	Oct	 1	0:00	0	WAT
+ Rule	SL	1957	1962	-	Jun	 1	0:00	1:00	SLST
+@@ -557,7 +568,6 @@
+ # Tunisia
+ 
+ # From Gwillim Law (2005-04-30):
+-#
+ # My correspondent, Risto Nykanen, has alerted me to another adoption of DST,
+ # this time in Tunisia.  According to Yahoo France News
+ # , in a story attributed to AP
+@@ -571,6 +581,12 @@
+ # 
+ # ... DST for 2005: on: Sun May 1 0h standard time, off: Fri Sept. 30,
+ # 1h standard time.
++#
++# From Atef Loukil (2006-03-28):
++# The daylight saving time will be the same each year:
++# Beginning      : the last Sunday of March at 02:00
++# Ending         : the last Sunday of October at 03:00 ...
++# http://www.tap.info.tn/en/index.php?option=com_content&task=view&id=1188&Itemid=50
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Tunisia	1939	only	-	Apr	15	23:00s	1:00	S
+@@ -596,8 +612,11 @@
+ Rule	Tunisia	1990	only	-	May	 1	 0:00s	1:00	S
+ Rule	Tunisia	2005	only	-	May	 1	 0:00s	1:00	S
+ Rule	Tunisia	2005	only	-	Sep	30	 1:00s	0	-
+-# Shanks gives 0:09 for Paris Mean Time; go with Howse's more precise 0:09:21.
+-# Shanks says the 1911 switch occurred on Mar 9; go with Howse's Mar 11.
++Rule	Tunisia	2006	max	-	Mar	lastSun	 2:00s	1:00	S
++Rule	Tunisia	2006	max	-	Oct	lastSun	 2:00s	0	-
++# Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's
++# more precise 0:09:21.
++# Shanks & Pottenger say the 1911 switch was on Mar 9; go with Howse's Mar 11.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Tunis	0:40:44 -	LMT	1881 May 12
+ 			0:09:21	-	PMT	1911 Mar 11    # Paris Mean Time
+Index: share/zoneinfo/antarctica
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/antarctica,v
+retrieving revision 1.1.2.10.12.2
+diff -u -r1.1.2.10.12.2 antarctica
+--- share/zoneinfo/antarctica	27 Dec 2005 19:56:24 -0000	1.1.2.10.12.2
++++ share/zoneinfo/antarctica	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)antarctica	7.30
++# @(#)antarctica	8.2
+ # 
+ 
+ # From Paul Eggert (1999-11-15):
+@@ -34,12 +34,12 @@
+ Rule	ArgAQ	1964	1966	-	Mar	 1	0:00	0	-
+ Rule	ArgAQ	1964	1966	-	Oct	15	0:00	1:00	S
+ Rule	ArgAQ	1967	only	-	Apr	 1	0:00	0	-
+-Rule	ArgAQ	1967	1968	-	Oct	Sun<=7	0:00	1:00	S
+-Rule	ArgAQ	1968	1969	-	Apr	Sun<=7	0:00	0	-
++Rule	ArgAQ	1967	1968	-	Oct	Sun>=1	0:00	1:00	S
++Rule	ArgAQ	1968	1969	-	Apr	Sun>=1	0:00	0	-
+ Rule	ArgAQ	1974	only	-	Jan	23	0:00	1:00	S
+ Rule	ArgAQ	1974	only	-	May	 1	0:00	0	-
+-Rule	ArgAQ	1974	1976	-	Oct	Sun<=7	0:00	1:00	S
+-Rule	ArgAQ	1975	1977	-	Apr	Sun<=7	0:00	0	-
++Rule	ArgAQ	1974	1976	-	Oct	Sun>=1	0:00	1:00	S
++Rule	ArgAQ	1975	1977	-	Apr	Sun>=1	0:00	0	-
+ Rule	ChileAQ	1966	1997	-	Oct	Sun>=9	0:00	1:00	S
+ Rule	ChileAQ	1967	1998	-	Mar	Sun>=9	0:00	0	-
+ Rule	ChileAQ	1998	only	-	Sep	27	0:00	1:00	S
+Index: share/zoneinfo/asia
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/asia,v
+retrieving revision 1.25.2.2
+diff -u -r1.25.2.2 asia
+--- share/zoneinfo/asia	27 Dec 2005 19:56:24 -0000	1.25.2.2
++++ share/zoneinfo/asia	25 Feb 2007 03:26:56 -0000
+@@ -1,15 +1,15 @@
+-# @(#)asia	7.90
++# %W%
+ # 
+ 
+ # This data is by no means authoritative; if you think you know better,
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-03-22):
++# From Paul Eggert (2006-03-22):
+ #
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -17,8 +17,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Another source occasionally used is Edward W. Whitman, World Time Differences,
+ # Whitman Publishing Co, 2 Niagara Av, Ealing, London (undated), which
+@@ -61,6 +61,7 @@
+ # These rules are stolen from the `europe' file.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	EUAsia	1981	max	-	Mar	lastSun	 1:00u	1:00	S
++Rule	EUAsia	1979	1995	-	Sep	lastSun	 1:00u	0	-
+ Rule	EUAsia	1996	max	-	Oct	lastSun	 1:00u	0	-
+ Rule E-EurAsia	1981	max	-	Mar	lastSun	 0:00	1:00	S
+ Rule E-EurAsia	1979	1995	-	Sep	lastSun	 0:00	0	-
+@@ -82,10 +83,11 @@
+ 			4:30	-	AFT
+ 
+ # Armenia
+-# From Paul Eggert (1999-10-29):
+-# Shanks has Yerevan switching to 3:00 (with Russian DST) in spring 1991,
+-# then to 4:00 with no DST in fall 1995, then readopting Russian DST in 1997.
+-# Go with Shanks, even when he disagrees with others.  Edgar Der-Danieliantz
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger have Yerevan switching to 3:00 (with Russian DST)
++# in spring 1991, then to 4:00 with no DST in fall 1995, then
++# readopting Russian DST in 1997.  Go with Shanks & Pottenger, even
++# when they disagree with others.  Edgar Der-Danieliantz
+ # reported (1996-05-04) that Yerevan probably wouldn't use DST
+ # in 1996, though it did use DST in 1995.  IATA SSIM (1991/1998) reports that
+ # Armenia switched from 3:00 to 4:00 in 1998 and observed DST after 1991,
+@@ -194,13 +196,15 @@
+ # CHINA               8 H  AHEAD OF UTC  ALL OF CHINA, INCL TAIWAN
+ # CHINA               9 H  AHEAD OF UTC  APR 17 - SEP 10
+ 
+-# From Paul Eggert (1995-12-19):
+-# Shanks writes that China has had a single time zone since 1980 May 1,
+-# observing summer DST from 1986 through 1991; this contradicts Devine's
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that China (except for Hong Kong and Macau)
++# has had a single time zone since 1980 May 1, observing summer DST
++# from 1986 through 1991; this contradicts Devine's
+ # note about Time magazine, though apparently _something_ happened in 1986.
+-# Go with Shanks for now.  I made up names for the other pre-1980 time zones.
++# Go with Shanks & Pottenger for now.  I made up names for the other
++# pre-1980 time zones.
+ 
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Shang	1940	only	-	Jun	 3	0:00	1:00	D
+ Rule	Shang	1940	1941	-	Oct	 1	0:00	0	S
+@@ -208,14 +212,27 @@
+ Rule	PRC	1986	only	-	May	 4	0:00	1:00	D
+ Rule	PRC	1986	1991	-	Sep	Sun>=11	0:00	0	S
+ Rule	PRC	1987	1991	-	Apr	Sun>=10	0:00	1:00	D
+-#
+-# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-#
++
+ # From Anthony Fok (2001-12-20):
+ # BTW, I did some research on-line and found some info regarding these five
+ # historic timezones from some Taiwan websites.  And yes, there are official
+-# Chinese names for these locales (before 1949):
++# Chinese names for these locales (before 1949).
++# 
++# From Jesper Norgaard Welen (2006-07-14):
++# I have investigated the timezones around 1970 on the
++# http://www.astro.com/atlas site [with provinces and county
++# boundaries summarized below]....  A few other exceptions were two
++# counties on the Sichuan side of the Xizang-Sichuan border,
++# counties Dege and Baiyu which lies on the Sichuan side and are
++# therefore supposed to be GMT+7, Xizang region being GMT+6, but Dege
++# county is GMT+8 according to astro.com while Baiyu county is GMT+6
++# (could be true), for the moment I am assuming that those two
++# counties are mistakes in the astro.com data.
++
++
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ # Changbai Time ("Long-white Time", Long-white = Heilongjiang area)
++# Heilongjiang (except Mohe county), Jilin
+ Zone	Asia/Harbin	8:26:44	-	LMT	1928 # or Haerbin
+ 			8:30	-	CHAT	1932 Mar # Changbai Time
+ 			8:00	-	CST	1940
+@@ -223,18 +240,35 @@
+ 			8:30	-	CHAT	1980 May
+ 			8:00	PRC	C%sT
+ # Zhongyuan Time ("Central plain Time")
++# most of China
+ Zone	Asia/Shanghai	8:05:52	-	LMT	1928
+ 			8:00	Shang	C%sT	1949
+ 			8:00	PRC	C%sT
+ # Long-shu Time (probably due to Long and Shu being two names of that area)
++# Guangxi, Guizhou, Hainan, Ningxia, Sichuan, Shaanxi, and Yunnan;
++# most of Gansu; west Inner Mongolia; west Qinghai; and the Guangdong
++# counties Deqing, Enping, Kaiping, Luoding, Taishan, Xinxing,
++# Yangchun, Yangjiang, Yu'nan, and Yunfu.
+ Zone	Asia/Chongqing	7:06:20	-	LMT	1928 # or Chungking
+ 			7:00	-	LONT	1980 May # Long-shu Time
+ 			8:00	PRC	C%sT
+ # Xin-zang Time ("Xinjiang-Tibet Time")
++# The Gansu counties Aksay, Anxi, Dunhuang, Subei; west Qinghai;
++# the Guangdong counties  Xuwen, Haikang, Suixi, Lianjiang,
++# Zhanjiang, Wuchuan, Huazhou, Gaozhou, Maoming, Dianbai, and Xinyi;
++# east Tibet, including Lhasa, Chamdo, Shigaise, Jimsar, Shawan and Hutubi;
++# east Xinjiang, including Urumqi, Turpan, Karamay, Korla, Minfeng, Jinghe,
++# Wusu, Qiemo, Xinyan, Wulanwusu, Jinghe, Yumin, Tacheng, Tuoli, Emin,
++# Shihezi, Changji, Yanqi, Heshuo, Tuokexun, Tulufan, Shanshan, Hami,
++# Fukang, Kuitun, Kumukuli, Miquan, Qitai, and Turfan.
+ Zone	Asia/Urumqi	5:50:20	-	LMT	1928 # or Urumchi
+ 			6:00	-	URUT	1980 May # Urumqi Time
+ 			8:00	PRC	C%sT
+ # Kunlun Time
++# West Tibet, including Pulan, Aheqi, Shufu, Shule;
++# West Xinjiang, including Aksu, Atushi, Yining, Hetian, Cele, Luopu, Nileke,
++# Zhaosu, Tekesi, Gongliu, Chabuchaer, Huocheng, Bole, Pishan, Suiding,
++# and Yarkand.
+ Zone	Asia/Kashgar	5:03:56	-	LMT	1928 # or Kashi or Kaxgar
+ 			5:30	-	KAST	1940	 # Kashgar Time
+ 			5:00	-	KAST	1980 May
+@@ -266,7 +300,7 @@
+ 
+ # Taiwan
+ 
+-# Shanks writes that Taiwan observed DST during 1945, when it
++# Shanks & Pottenger write that Taiwan observed DST during 1945, when it
+ # was still controlled by Japan.  This is hard to believe, but we don't
+ # have any other information.
+ 
+@@ -423,7 +457,7 @@
+ 
+ # Indonesia
+ #
+-# From Gwillim Law (2001-05-28), overriding Shanks:
++# From Gwillim Law (2001-05-28), overriding Shanks & Pottenger:
+ # 
+ # says that Indonesia's time zones changed on 1988-01-01.  Looking at some
+ # time zone maps, I think that must refer to Western Borneo (Kalimantan Barat
+@@ -431,7 +465,7 @@
+ #
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Asia/Jakarta	7:07:12 -	LMT	1867 Aug 10
+-# Shanks says the next transition was at 1924 Jan 1 0:13,
++# Shanks & Pottenger say the next transition was at 1924 Jan 1 0:13,
+ # but this must be a typo.
+ 			7:07:12	-	JMT	1923 Dec 31 23:47:12 # Jakarta
+ 			7:20	-	JAVT	1932 Nov	 # Java Time
+@@ -498,8 +532,8 @@
+ # leap year calculation involved.  There has never been any serious
+ # plan to change that law....
+ #
+-# From Paul Eggert (2005-04-05):
+-# Go with Shanks before September 1991, and with Pournader thereafter.
++# From Paul Eggert (2006-03-22):
++# Go with Shanks & Pottenger before Sept. 1991, and with Pournader thereafter.
+ # I used Ed Reingold's cal-persia in GNU Emacs 21.2 to check Persian dates,
+ # stopping after 2037 when 32-bit time_t's overflow.
+ # That cal-persia used Birashk's approximation, which disagrees with the solar
+@@ -519,6 +553,14 @@
+ # Reingold's/Dershowitz' calculator gives correctly the Gregorian date
+ # 2058-03-21 for 1 Farvardin 1437 (astronomical).
+ #
++# From Paul Eggert (2006-03-22):
++# The above comments about post-2006 transitions may become relevant again,
++# if Iran ever resuscitates DST, so we'll leave the comments in.
++#
++# From Steffen Thorsen (2006-03-22):
++# Several of my users have reported that Iran will not observe DST anymore:
++# http://www.irna.ir/en/news/view/line-17/0603193812164948.htm
++#
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Iran	1978	1980	-	Mar	21	0:00	1:00	D
+ Rule	Iran	1978	only	-	Oct	21	0:00	0	S
+@@ -537,38 +579,8 @@
+ Rule	Iran	2001	2003	-	Sep	22	0:00	0	S
+ Rule	Iran	2004	only	-	Mar	21	0:00	1:00	D
+ Rule	Iran	2004	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2005	2007	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2005	2007	-	Sep	22	0:00	0	S
+-Rule	Iran	2008	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2008	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2009	2011	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2009	2011	-	Sep	22	0:00	0	S
+-Rule	Iran	2012	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2012	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2013	2015	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2013	2015	-	Sep	22	0:00	0	S
+-Rule	Iran	2016	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2016	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2017	2019	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2017	2019	-	Sep	22	0:00	0	S
+-Rule	Iran	2020	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2020	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2021	2023	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2021	2023	-	Sep	22	0:00	0	S
+-Rule	Iran	2024	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2024	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2025	2027	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2025	2027	-	Sep	22	0:00	0	S
+-Rule	Iran	2028	2029	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2028	2029	-	Sep	21	0:00	0	S
+-Rule	Iran	2030	2031	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2030	2031	-	Sep	22	0:00	0	S
+-Rule	Iran	2032	2033	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2032	2033	-	Sep	21	0:00	0	S
+-Rule	Iran	2034	2035	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2034	2035	-	Sep	22	0:00	0	S
+-Rule	Iran	2036	2037	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2036	2037	-	Sep	21	0:00	0	S
++Rule	Iran	2005	only	-	Mar	22	0:00	1:00	D
++Rule	Iran	2005	only	-	Sep	22	0:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Tehran	3:25:44	-	LMT	1916
+ 			3:25:44	-	TMT	1946	# Tehran Mean Time
+@@ -601,7 +613,8 @@
+ Rule	Iraq	1985	1990	-	Sep	lastSun	1:00s	0	S
+ Rule	Iraq	1986	1990	-	Mar	lastSun	1:00s	1:00	D
+ # IATA SSIM (1991/1996) says Apr 1 12:01am UTC; guess the `:01' is a typo.
+-# Shanks says Iraq did not observe DST 1992/1997 or 1999 on; ignore this.
++# Shanks & Pottenger say Iraq did not observe DST 1992/1997; ignore this.
++# 
+ Rule	Iraq	1991	max	-	Apr	 1	3:00s	1:00	D
+ Rule	Iraq	1991	max	-	Oct	 1	3:00s	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -635,7 +648,7 @@
+ # high on my favorite-country list (and not only because my wife's
+ # family is from India).
+ 
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Zion	1940	only	-	Jun	 1	0:00	1:00	D
+ Rule	Zion	1942	1944	-	Nov	 1	0:00	0	S
+@@ -874,14 +887,15 @@
+ # of the Japanese wanted to scrap daylight-saving time, as opposed to 30% who
+ # wanted to keep it.)
+ 
+-# Shanks writes that daylight saving in Japan during those years was as follows:
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that DST in Japan during those years was as follows:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Japan	1948	only	-	May	Sun>=1	2:00	1:00	D
+ Rule	Japan	1948	1951	-	Sep	Sat>=8	2:00	0	S
+ Rule	Japan	1949	only	-	Apr	Sun>=1	2:00	1:00	D
+ Rule	Japan	1950	1951	-	May	Sun>=1	2:00	1:00	D
+ # but the only locations using it (for birth certificates, presumably, since
+-# Shanks's audience is astrologers) were US military bases.  For now, assume
++# their audience is astrologers) were US military bases.  For now, assume
+ # that for most purposes daylight-saving time was observed; otherwise, what
+ # would have been the point of the 1951 poll?
+ 
+@@ -906,8 +920,9 @@
+ # I wrote "ordinance" above, but I don't know how to translate.
+ # In Japanese it's "chokurei", which means ordinance from emperor.
+ 
+-# Shanks claims JST in use since 1896, and that a few places (e.g. Ishigaki)
+-# use +0800; go with Suzuki.  Guess that all ordinances took effect on Jan 1.
++# Shanks & Pottenger claim JST in use since 1896, and that a few
++# places (e.g. Ishigaki) use +0800; go with Suzuki.  Guess that all
++# ordinances took effect on Jan 1.
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Tokyo	9:18:59	-	LMT	1887 Dec 31 15:00u
+@@ -934,6 +949,14 @@
+ # From Paul Eggert (2005-11-22):
+ # Starting 2003 transitions are from Steffen Thorsen's web site timeanddate.com.
+ #
++# From Steffen Thorsen (2005-11-23):
++# For Jordan I have received multiple independent user reports every year
++# about DST end dates, as the end-rule is different every year.
++#
++# From Steffen Thorsen (2006-10-01), after a heads-up from Hilal Malawi:
++# http://www.petranews.gov.jo/nepras/2006/Sep/05/4000.htm
++# "Jordan will switch to winter time on Friday, October 27".
++#
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Jordan	1973	only	-	Jun	6	0:00	1:00	S
+ Rule	Jordan	1973	1975	-	Oct	1	0:00	0	-
+@@ -960,7 +983,8 @@
+ Rule	Jordan	2000	max	-	Mar	lastThu	0:00s	1:00	S
+ Rule	Jordan	2003	only	-	Oct	24	0:00s	0	-
+ Rule	Jordan	2004	only	-	Oct	15	0:00s	0	-
+-Rule	Jordan	2005	max	-	Sep	lastFri	0:00s	0	-
++Rule	Jordan	2005	only	-	Sep	lastFri	0:00s	0	-
++Rule	Jordan	2006	max	-	Oct	lastFri	0:00s	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Amman	2:23:44 -	LMT	1931
+ 			2:00	Jordan	EE%sT
+@@ -975,11 +999,11 @@
+ # Guess that Aqtau and Aqtobe diverged in 1995, since that's the first time
+ # IATA SSIM mentions a third time zone in Kazakhstan.
+ 
+-# From Paul Eggert (2001-10-18):
++# From Paul Eggert (2006-03-22):
+ # German Iofis, ELSI, Almaty (2001-10-09) reports that Kazakhstan uses
+ # RussiaAsia rules, instead of switching at 00:00 as the IATA has it.
+-# Go with Shanks, who has them always using RussiaAsia rules.
+-# Also go with the following claims of Shanks:
++# Go with Shanks & Pottenger, who have them always using RussiaAsia rules.
++# Also go with the following claims of Shanks & Pottenger:
+ #
+ # - Kazakhstan did not observe DST in 1991.
+ # - Qyzylorda switched from +5:00 to +6:00 on 1992-01-19 02:00.
+@@ -1059,7 +1083,7 @@
+ 			5:00	-	ORAT
+ 
+ # Kyrgyzstan (Kirgizstan)
+-# Transitions through 1991 are from Shanks.
++# Transitions through 1991 are from Shanks & Pottenger.
+ 
+ # From Paul Eggert (2005-08-15):
+ # According to an article dated today in the Kyrgyzstan Development Gateway
+@@ -1087,17 +1111,19 @@
+ 
+ # Korea (North and South)
+ 
+-# From Guy Harris:
+-# According to someone at the Korean Times in San Francisco,
+-# Daylight Savings Time was not observed until 1987.  He did not know
+-# at what time of day DST starts or ends.
++# From Annie I. Bang (2006-07-10) in
++# :
++# The Ministry of Commerce, Industry and Energy has already
++# commissioned a research project [to reintroduce DST] and has said
++# the system may begin as early as 2008....  Korea ran a daylight
++# saving program from 1949-61 but stopped it during the 1950-53 Korean War.
+ 
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	ROK	1960	only	-	May	15	0:00	1:00	D
+ Rule	ROK	1960	only	-	Sep	13	0:00	0	S
+-Rule	ROK	1987	1988	-	May	Sun<=14	0:00	1:00	D
+-Rule	ROK	1987	1988	-	Oct	Sun<=14	0:00	0	S
++Rule	ROK	1987	1988	-	May	Sun>=8	0:00	1:00	D
++Rule	ROK	1987	1988	-	Oct	Sun>=8	0:00	0	S
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Seoul	8:27:52	-	LMT	1890
+@@ -1180,8 +1206,8 @@
+ 			7:30	-	MALT	1982 Jan  1
+ 			8:00	-	MYT	# Malaysia Time
+ # Sabah & Sarawak
+-# From Paul Eggert (2003-11-01):
+-# The data here are mostly from Shanks, but the 1942, 1945 and 1982
++# From Paul Eggert (2006-03-22):
++# The data here are mostly from Shanks & Pottenger, but the 1942, 1945 and 1982
+ # transition dates are from Mok Ly Yng.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Asia/Kuching	7:21:20	-	LMT	1926 Mar
+@@ -1199,8 +1225,8 @@
+ 
+ # Mongolia
+ 
+-# Shanks says that Mongolia has three time zones, but usno1995 and the CIA map
+-# Standard Time Zones of the World (1997-01)
++# Shanks & Pottenger say that Mongolia has three time zones, but
++# usno1995 and the CIA map Standard Time Zones of the World (2005-03)
+ # both say that it has just one.
+ 
+ # From Oscar van Vlijmen (1999-12-11):
+@@ -1270,11 +1296,19 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Mongol	1983	1984	-	Apr	1	0:00	1:00	S
+ Rule	Mongol	1983	only	-	Oct	1	0:00	0	-
+-# IATA SSIM says 1990s switches occurred at 00:00, but Shanks (1995) lists
+-# them at 02:00s, and McDow says the 2001 switches also occurred at 02:00.
+-# Also, IATA SSIM (1996-09) says 1996-10-25.  Go with Shanks through 1998.
+-Rule	Mongol	1985	1998	-	Mar	lastSun	2:00s	1:00	S
+-Rule	Mongol	1984	1998	-	Sep	lastSun	2:00s	0	-
++# Shanks & Pottenger and IATA SSIM say 1990s switches occurred at 00:00,
++# but McDow says the 2001 switches occurred at 02:00.  Also, IATA SSIM
++# (1996-09) says 1996-10-25.  Go with Shanks & Pottenger through 1998.
++#
++# Shanks & Pottenger say that the Sept. 1984 through Sept. 1990 switches
++# in Choibalsan (more precisely, in Dornod and Sukhbaatar) took place
++# at 02:00 standard time, not at 00:00 local time as in the rest of
++# the country.  That would be odd, and possibly is a result of their
++# correction of 02:00 (in the previous edition) not being done correctly
++# in the latest edition; so ignore it for now.
++
++Rule	Mongol	1985	1998	-	Mar	lastSun	0:00	1:00	S
++Rule	Mongol	1984	1998	-	Sep	lastSun	0:00	0	-
+ # IATA SSIM (1999-09) says Mongolia no longer observes DST.
+ Rule	Mongol	2001	only	-	Apr	lastSat	2:00	1:00	S
+ Rule	Mongol	2001	max	-	Sep	lastSat	2:00	0	-
+@@ -1400,8 +1434,8 @@
+ # I guess more info may be available from the PA's web page (if/when they
+ # have one).
+ 
+-# From Paul Eggert (1998-02-25):
+-# Shanks writes that Gaza did not observe DST until 1957, but we'll go
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that Gaza did not observe DST until 1957, but go
+ # with Shapir and assume that it observed DST from 1940 through 1947,
+ # and that it used Jordanian rules starting in 1996.
+ # We don't yet need a separate entry for the West Bank, since
+@@ -1433,6 +1467,29 @@
+ # From Paul Eggert (2005-11-22):
+ # Starting 2004 transitions are from Steffen Thorsen's web site timeanddate.com.
+ 
++# From Steffen Thorsen (2005-11-23):
++# A user from Gaza reported that Gaza made the change early because of
++# the Ramadan.  Next year Ramadan will be even earlier, so I think
++# there is a good chance next year's end date will be around two weeks
++# earlier--the same goes for Jordan.
++
++# From Steffen Thorsen (2006-08-17):
++# I was informed by a user in Bethlehem that in Bethlehem it started the
++# same day as Israel, and after checking with other users in the area, I
++# was informed that they started DST one day after Israel.  I was not
++# able to find any authoritative sources at the time, nor details if
++# Gaza changed as well, but presumed Gaza to follow the same rules as
++# the West Bank.
++
++# From Steffen Thorsen (2006-09-26):
++# according to the Palestine News Network (2006-09-19):
++# http://english.pnn.ps/index.php?option=com_content&task=view&id=596&Itemid=5
++# > The Council of Ministers announced that this year its winter schedule
++# > will begin early, as of midnight Thursday.  It is also time to turn
++# > back the clocks for winter.  Friday will begin an hour late this week.
++# I guess it is likely that next year's date will be moved as well,
++# because of the Ramadan.
++
+ # The rules for Egypt are stolen from the `africa' file.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule EgyptAsia	1957	only	-	May	10	0:00	1:00	S
+@@ -1442,10 +1499,13 @@
+ Rule EgyptAsia	1959	1965	-	Sep	30	3:00	0	-
+ Rule EgyptAsia	1966	only	-	Oct	 1	3:00	0	-
+ 
+-Rule Palestine	1999	max	-	Apr	Fri>=15	0:00	1:00	S
++Rule Palestine	1999	2005	-	Apr	Fri>=15	0:00	1:00	S
+ Rule Palestine	1999	2003	-	Oct	Fri>=15	0:00	0	-
+ Rule Palestine	2004	only	-	Oct	 1	1:00	0	-
+-Rule Palestine	2005	max	-	Oct	 4	1:00	0	-
++Rule Palestine	2005	only	-	Oct	 4	2:00	0	-
++Rule Palestine	2006	max	-	Apr	 1	0:00	1:00	S
++Rule Palestine	2006	only	-	Sep	22	0:00	0	-
++Rule Palestine	2007	max	-	Oct	Fri>=15	0:00	0	-
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Gaza	2:17:52	-	LMT	1900 Oct
+@@ -1463,7 +1523,21 @@
+ # Philippines, issued a proclamation announcing that 1844-12-30 was to
+ # be immediately followed by 1845-01-01.  Robert H. van Gent has a
+ # transcript of the decree in .
+-# The rest of this data is from Shanks.
++# The rest of the data are from Shanks & Pottenger.
++
++# From Paul Eggert (2006-04-25):
++# Tomorrow's Manila Standard reports that the Philippines Department of
++# Trade and Industry is considering adopting DST this June when the
++# rainy season begins.  See
++# .
++# For now, we'll ignore this, since it's not definite and we lack details.
++#
++# From Jesper Norgaard Welen (2006-04-26):
++# ... claims that Philippines had DST last time in 1990:
++# http://story.philippinetimes.com/p.x/ct/9/id/145be20cc6b121c0/cid/3e5bbccc730d258c/
++# [a story dated 2006-04-25 by Cris Larano of Dow Jones Newswires,
++# but no details]
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Phil	1936	only	-	Nov	1	0:00	1:00	S
+ Rule	Phil	1937	only	-	Feb	1	0:00	0	-
+@@ -1523,6 +1597,49 @@
+ # With effect from 12.30 a.m. on 26th October 1996
+ # Sri Lanka will be six (06) hours ahead of GMT.
+ 
++# From Jesper Norgaard Welen (2006-04-14), quoting Sri Lanka News Online
++#  (2006-04-13):
++# 0030 hrs on April 15, 2006 (midnight of April 14, 2006 +30 minutes)
++# at present, become 2400 hours of April 14, 2006 (midnight of April 14, 2006).
++
++# From Peter Apps and Ranga Sirila of Reuters (2006-04-12) in:
++# 
++# [The Tamil Tigers] never accepted the original 1996 time change and simply
++# kept their clocks set five and a half hours ahead of Greenwich Mean
++# Time (GMT), in line with neighbor India.
++# From Paul Eggert (2006-04-18):
++# People who live in regions under Tamil control can use TZ='Asia/Calcutta',
++# as that zone has agreed with the Tamil areas since our cutoff date of 1970.
++
++# From K Sethu (2006-04-25):
++# I think the abbreviation LKT originated from the world of computers at
++# the time of or subsequent to the time zone changes by SL Government
++# twice in 1996 and probably SL Government or its standardization
++# agencies never declared an abbreviation as a national standard.
++#
++# I recollect before the recent change the government annoucemments
++# mentioning it as simply changing Sri Lanka Standard Time or Sri Lanka
++# Time and no mention was made about the abbreviation.
++#
++# If we look at Sri Lanka Department of Government's "Official News
++# Website of Sri Lanka" ... http://www.news.lk/ we can see that they
++# use SLT as abbreviation in time stamp at the beginning of each news
++# item....
++#
++# Within Sri Lanka I think LKT is well known among computer users and
++# adminsitrators.  In my opinion SLT may not be a good choice because the
++# nation's largest telcom / internet operator Sri Lanka Telcom is well
++# known by that abbreviation - simply as SLT (there IP domains are
++# slt.lk and sltnet.lk).
++#
++# But if indeed our government has adopted SLT as standard abbreviation
++# (that we have not known so far) then  it is better that it be used for
++# all computers.
++
++# From Paul Eggert (2006-04-25):
++# One possibility is that we wait for a bit for the dust to settle down
++# and then see what people actually say in practice.
++
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Colombo	5:19:24 -	LMT	1880
+ 			5:19:32	-	MMT	1906	# Moratuwa Mean Time
+@@ -1531,7 +1648,8 @@
+ 			5:30	1:00	IST	1945 Oct 16 2:00
+ 			5:30	-	IST	1996 May 25 0:00
+ 			6:30	-	LKT	1996 Oct 26 0:30
+-			6:00	-	LKT
++			6:00	-	LKT	2006 Apr 15 0:30
++			5:30	-	IST
+ 
+ # Syria
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+@@ -1566,17 +1684,24 @@
+ # IATA SSIM (1998-02) says 1998-04-02;
+ # (1998-09) says 1999-03-29 and 1999-09-29; (1999-02) says 1999-04-02,
+ # 2000-04-02, and 2001-04-02; (1999-09) says 2000-03-31 and 2001-03-31;
+-# ignore all these claims and go with Shanks.
++# (2006) says 2006-03-31 and 2006-09-22;
++# for now ignore all these claims and go with Shanks & Pottenger,
++# except for the 2006-09-22 claim (which seems right for Ramadan).
+ Rule	Syria	1994	1996	-	Apr	 1	0:00	1:00	S
+-Rule	Syria	1994	max	-	Oct	 1	0:00	0	-
++Rule	Syria	1994	2005	-	Oct	 1	0:00	0	-
+ Rule	Syria	1997	1998	-	Mar	lastMon	0:00	1:00	S
+ Rule	Syria	1999	max	-	Apr	 1	0:00	1:00	S
++# From Stephen Colebourne (2006-09-18):
++# According to IATA data, Syria will change DST on 21st September [21:00 UTC]
++# this year [only]....  This is probably related to Ramadan, like Egypt.
++Rule	Syria	2006	only	-	Sep	22	0:00	0	-
++Rule	Syria	2007	max	-	Oct	 1	0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Damascus	2:25:12 -	LMT	1920	# Dimashq
+ 			2:00	Syria	EE%sT
+ 
+ # Tajikistan
+-# From Shanks.
++# From Shanks & Pottenger.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Dushanbe	4:35:12 -	LMT	1924 May  2
+ 			5:00	-	DUST	1930 Jun 21 # Dushanbe Time
+@@ -1591,13 +1716,13 @@
+ 			7:00	-	ICT
+ 
+ # Turkmenistan
+-# From Shanks.
++# From Shanks & Pottenger.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Ashgabat	3:53:32 -	LMT	1924 May  2 # or Ashkhabad
+ 			4:00	-	ASHT	1930 Jun 21 # Ashkhabad Time
+ 			5:00 RussiaAsia	ASH%sT	1991 Mar 31 2:00
+ 			4:00 RussiaAsia	ASH%sT	1991 Oct 27 # independence
+-			4:00 RussiaAsia TM%sT	1992 Jan 19 2:00
++			4:00 RussiaAsia	TM%sT	1992 Jan 19 2:00
+ 			5:00	-	TMT
+ 
+ # United Arab Emirates
+@@ -1611,24 +1736,24 @@
+ 			4:00	-	SAMT	1930 Jun 21 # Samarkand Time
+ 			5:00	-	SAMT	1981 Apr  1
+ 			5:00	1:00	SAMST	1981 Oct  1
+-			6:00 RussiaAsia TAS%sT	1991 Mar 31 2:00 # Tashkent Time
+-			5:00 RussiaAsia	TAS%sT	1991 Sep  1 # independence
++			6:00	-	TAST	1982 Apr  1 # Tashkent Time
++			5:00 RussiaAsia	SAM%sT	1991 Sep  1 # independence
+ 			5:00 RussiaAsia	UZ%sT	1992
+-			5:00 RussiaAsia	UZ%sT	1993
+ 			5:00	-	UZT
+ Zone	Asia/Tashkent	4:37:12 -	LMT	1924 May  2
+ 			5:00	-	TAST	1930 Jun 21 # Tashkent Time
+-			6:00 RussiaAsia TAS%sT	1991 Mar 31 2:00s
++			6:00 RussiaAsia	TAS%sT	1991 Mar 31 2:00
+ 			5:00 RussiaAsia	TAS%sT	1991 Sep  1 # independence
+ 			5:00 RussiaAsia	UZ%sT	1992
+-			5:00 RussiaAsia	UZ%sT	1993
+ 			5:00	-	UZT
+ 
+ # Vietnam
++
+ # From Paul Eggert (1993-11-18):
+ # Saigon's official name is Thanh-Pho Ho Chi Minh, but it's too long.
+ # We'll stick with the traditional name for now.
+-# From Shanks:
++
++# From Shanks & Pottenger:
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Saigon	7:06:40 -	LMT	1906 Jun  9
+ 			7:06:20	-	SMT	1911 Mar 11 0:01 # Saigon MT?
+Index: share/zoneinfo/australasia
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/australasia,v
+retrieving revision 1.25.10.2
+diff -u -r1.25.10.2 australasia
+--- share/zoneinfo/australasia	27 Dec 2005 19:56:24 -0000	1.25.10.2
++++ share/zoneinfo/australasia	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)australasia	7.78
++# @(#)australasia	8.3
+ # 
+ 
+ # This file also includes Pacific islands.
+@@ -210,7 +210,7 @@
+ 			7:00	-	CXT	# Christmas Island Time
+ 
+ # Cook Is
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Cook	1978	only	-	Nov	12	0:00	0:30	HS
+ Rule	Cook	1979	1991	-	Mar	Sun>=1	0:00	0	-
+@@ -308,7 +308,7 @@
+ Rule	NC	1977	1978	-	Dec	Sun>=1	0:00	1:00	S
+ Rule	NC	1978	1979	-	Feb	27	0:00	0	-
+ Rule	NC	1996	only	-	Dec	 1	2:00s	1:00	S
+-# Shanks says the following was at 2:00; go with IATA.
++# Shanks & Pottenger say the following was at 2:00; go with IATA.
+ Rule	NC	1997	only	-	Mar	 2	2:00s	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Pacific/Noumea	11:05:48 -	LMT	1912 Jan 13
+@@ -507,10 +507,10 @@
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-10-29):
++# From Paul Eggert (2006-03-22):
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -518,8 +518,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Another source occasionally used is Edward W. Whitman, World Time Differences,
+ # Whitman Publishing Co, 2 Niagara Av, Ealing, London (undated), which
+@@ -587,6 +587,12 @@
+ #	WST	for any place operating at a GMTOFF of 8:00
+ #	EST	for any place operating at a GMTOFF of 10:00
+ 
++# From Chuck Soper (2006-06-01):
++# I recently found this Australian government web page on time zones:
++# 
++# And this government web page lists time zone names and abbreviations:
++# 
++
+ # From Paul Eggert (2001-04-05), summarizing a long discussion about "EST"
+ # versus "AEST" etc.:
+ #
+@@ -669,7 +675,7 @@
+ #   understood in Australia.
+ 
+ # From Paul Eggert (1995-12-19):
+-# Shanks reports 2:00 for all autumn changes in Australia and New Zealand.
++# Shanks & Pottenger report 2:00 for all autumn changes in Australia and NZ.
+ # Mark Prior writes that his newspaper
+ # reports that NSW's fall 1995 change will occur at 2:00,
+ # but Robert Elz says it's been 3:00 in Victoria since 1970
+@@ -842,14 +848,14 @@
+ # current DST ending dates, no worries.
+ #
+ # Rule	Oz	1971	1985	-	Oct	lastSun	2:00	1:00	-
+-# Rule	Oz	1986	max	-	Oct	Sun<=24	2:00	1:00	-
++# Rule	Oz	1986	max	-	Oct	Sun>=18	2:00	1:00	-
+ # Rule	Oz	1972	only	-	Feb	27	3:00	0	-
+ # Rule	Oz	1973	1986	-	Mar	Sun>=1	3:00	0	-
+-# Rule	Oz	1987	max	-	Mar	Sun<=21	3:00	0	-
++# Rule	Oz	1987	max	-	Mar	Sun>=15	3:00	0	-
+ # Zone	Australia/Tasmania	10:00	Oz	EST
+ # Zone	Australia/South		9:30	Oz	CST
+ # Zone	Australia/Victoria	10:00	Oz	EST	1985 Oct lastSun 2:00
+-#				10:00	1:00	EST	1986 Mar Sun<=21 3:00
++#				10:00	1:00	EST	1986 Mar Sun>=15 3:00
+ #				10:00	Oz	EST
+ 
+ # From Robert Elz (1991-03-06):
+@@ -875,7 +881,7 @@
+ # ...
+ # Rule	 AS	1971	max	-	Oct	lastSun	2:00	1:00	D
+ # Rule	 AS	1972	1985	-	Mar	Sun>=1	3:00	0	C
+-# Rule	 AS	1986	1990	-	Mar	Sun<=21	3:00	0	C
++# Rule	 AS	1986	1990	-	Mar	Sun>=15	3:00	0	C
+ # Rule	 AS	1991	max	-	Mar	Sun>=1	3:00	0	C
+ 
+ # From Bradley White (1992-03-11):
+@@ -1068,9 +1074,9 @@
+ # shown on clocks on LHI. I guess this means that for 30 minutes at the start
+ # of DST, LHI is actually 1 hour ahead of the rest of NSW.
+ 
+-# From Paul Eggert (2001-02-09):
+-# For Lord Howe dates we use Shanks through 1989, and Lonergan thereafter.
+-# For times we use Lonergan.
++# From Paul Eggert (2006-03-22):
++# For Lord Howe dates we use Shanks & Pottenger through 1989, and
++# Lonergan thereafter.  For times we use Lonergan.
+ 
+ ###############################################################################
+ 
+@@ -1101,16 +1107,16 @@
+ # rather than the October 1 value.
+ 
+ # From Paul Eggert (1995-12-19);
+-# Shanks reports 2:00 for all autumn changes in Australia and New Zealand.
++# Shank & Pottenger report 2:00 for all autumn changes in Australia and NZ.
+ # Robert Uzgalis writes that the New Zealand Daylight
+ # Savings Time Order in Council dated 1990-06-18 specifies 2:00 standard
+ # time on both the first Sunday in October and the third Sunday in March.
+ # As with Australia, we'll assume the tradition is 2:00s, not 2:00.
+ #
+-# From Paul Eggert (2003-05-26):
++# From Paul Eggert (2006-03-22):
+ # The Department of Internal Affairs (DIA) maintains a brief history,
+ # as does Carol Squires; see tz-link.htm for the full references.
+-# Use these sources in preference to Shanks.
++# Use these sources in preference to Shanks & Pottenger.
+ #
+ # For Chatham, IATA SSIM (1991/1999) gives the NZ rules but with
+ # transitions at 2:45 local standard time; this confirms that Chatham
+@@ -1185,8 +1191,8 @@
+ # ``I am certain, having lived there for the past decade, that "Truk"
+ # (now properly known as Chuuk) ... is in the time zone GMT+10.''
+ #
+-# Shanks writes that Truk switched from UTC+10 to UTC+11 on 1978-10-01;
+-# ignore this for now.
++# Shanks & Pottenger write that Truk switched from UTC+10 to UTC+11
++# on 1978-10-01; ignore this for now.
+ 
+ # From Paul Eggert (1999-10-29):
+ # The Federated States of Micronesia Visitors Board writes in
+@@ -1279,8 +1285,8 @@
+ # on the World Day of Prayer, you would be the first people on Earth
+ # to say your prayers in the morning."
+ 
+-# From Paul Eggert (1999-08-12):
+-# Shanks says the transition was on 1968-10-01; go with Mundell.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say the transition was on 1968-10-01; go with Mundell.
+ 
+ # From Eric Ulevik (1999-05-03):
+ # Tonga's director of tourism, who is also secretary of the National Millenium
+Index: share/zoneinfo/backward
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/backward,v
+retrieving revision 1.1.2.11.2.2
+diff -u -r1.1.2.11.2.2 backward
+--- share/zoneinfo/backward	27 Dec 2005 19:56:24 -0000	1.1.2.11.2.2
++++ share/zoneinfo/backward	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)backward	7.30
++# @(#)backward	8.2
+ 
+ # This file provides links between current names for time zones
+ # and their old names.  Many names changed in late 1993.
+@@ -8,6 +8,7 @@
+ Link	America/Adak		America/Atka
+ Link	America/Argentina/Buenos_Aires	America/Buenos_Aires
+ Link	America/Argentina/Catamarca	America/Catamarca
++Link	America/Atikokan	America/Coral_Harbour
+ Link	America/Argentina/Cordoba	America/Cordoba
+ Link	America/Tijuana		America/Ensenada
+ Link	America/Indiana/Indianapolis	America/Fort_Wayne
+Index: share/zoneinfo/etcetera
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/etcetera,v
+retrieving revision 1.1.2.5.14.1
+diff -u -r1.1.2.5.14.1 etcetera
+--- share/zoneinfo/etcetera	22 Dec 2005 23:47:26 -0000	1.1.2.5.14.1
++++ share/zoneinfo/etcetera	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)etcetera	7.12
++# @(#)etcetera	8.1
+ 
+ # These entries are mostly present for historical reasons, so that
+ # people in areas not otherwise covered by the tz files could "zic -l"
+Index: share/zoneinfo/europe
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/europe,v
+retrieving revision 1.29.2.2
+diff -u -r1.29.2.2 europe
+--- share/zoneinfo/europe	27 Dec 2005 19:56:24 -0000	1.29.2.2
++++ share/zoneinfo/europe	25 Feb 2007 03:26:56 -0000
+@@ -1,14 +1,14 @@
+-# @(#)europe	7.96
++# @(#)europe	8.6
+ # 
+ 
+ # This data is by no means authoritative; if you think you know better,
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-10-29):
++# From Paul Eggert (2006-03-22):
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -16,8 +16,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1991,
+-# and IATA SSIM is the source for entries afterwards.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1991, and IATA SSIM is the source for entries afterwards.
+ #
+ # Other sources occasionally used include:
+ #
+@@ -221,11 +221,12 @@
+ # (Lords Hansard 11 June 1997 columns 964 to 976)
+ # .
+ 
+-# From Paul Eggert (2001-07-18):
++# From Paul Eggert (2006-03-22):
+ #
+-# For lack of other data, we'll follow Shanks for Eire in 1940-1948.
++# For lack of other data, follow Shanks & Pottenger for Eire in 1940-1948.
+ #
+-# Given Ilieve and Myers's data, the following claims by Shanks are incorrect:
++# Given Ilieve and Myers's data, the following claims by Shanks & Pottenger
++# are incorrect:
+ #     * Wales did not switch from GMT to daylight saving time until
+ #	1921 Apr 3, when they began to conform with the rest of Great Britain.
+ # Actually, Wales was identical after 1880.
+@@ -237,18 +238,19 @@
+ # Actually, that date saw the usual switch to summer time.
+ # Standard time was not changed until 1968-10-27 (the clocks didn't change).
+ #
+-# Here is another incorrect claim by Shanks:
++# Here is another incorrect claim by Shanks & Pottenger:
+ #     * Jersey, Guernsey, and the Isle of Man did not switch from GMT
+ #	to daylight saving time until 1921 Apr 3, when they began to
+ #	conform with Great Britain.
+ # S.R.&O. 1916, No. 382 and HO 45/10811/312364 (quoted above) say otherwise.
+ #
+-# The following claim by Shanks is possible though doubtful;
++# The following claim by Shanks & Pottenger is possible though doubtful;
+ # we'll ignore it for now.
+ #     * Dublin's 1971-10-31 switch was at 02:00, even though London's was 03:00.
+ #
+ #
+-# Whitman says Dublin Mean Time was -0:25:21, which is more precise than Shanks.
++# Whitman says Dublin Mean Time was -0:25:21, which is more precise than
++# Shanks & Pottenger.
+ # Perhaps this was Dunsink Observatory Time, as Dunsink Observatory
+ # (8 km NW of Dublin's center) seemingly was to Dublin as Greenwich was
+ # to London.  For example:
+@@ -418,11 +420,14 @@
+ # See EU for rules starting in 1996.
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone	Europe/London	-0:01:15 -	LMT	1847 Dec  1
++Zone	Europe/London	-0:01:15 -	LMT	1847 Dec  1 0:00s
+ 			 0:00	GB-Eire	%s	1968 Oct 27
+ 			 1:00	-	BST	1971 Oct 31 2:00u
+ 			 0:00	GB-Eire	%s	1996
+ 			 0:00	EU	GMT/BST
++Link	Europe/London	Europe/Jersey
++Link	Europe/London	Europe/Guernsey
++Link	Europe/London	Europe/Isle_of_Man
+ Zone	Europe/Dublin	-0:25:00 -	LMT	1880 Aug  2
+ 			-0:25:21 -	DMT	1916 May 21 2:00
+ 			-0:25:21 1:00	IST	1916 Oct  1 2:00s
+@@ -476,7 +481,7 @@
+ Rule	C-Eur	1943	only	-	Mar	29	 2:00s	1:00	S
+ Rule	C-Eur	1943	only	-	Oct	 4	 2:00s	0	-
+ Rule	C-Eur	1944	only	-	Apr	 3	 2:00s	1:00	S
+-# Whitman gives 1944 Oct 7; go with Shanks.
++# Whitman gives 1944 Oct 7; go with Shanks & Pottenger.
+ Rule	C-Eur	1944	only	-	Oct	 2	 2:00s	0	-
+ Rule	C-Eur	1977	1980	-	Apr	Sun>=1	 2:00s	1:00	S
+ Rule	C-Eur	1977	only	-	Sep	lastSun	 2:00s	0	-
+@@ -596,12 +601,12 @@
+ 
+ # Austria
+ 
+-# From Paul Eggert (2003-02-28): Shanks gives 1918-06-16 and
++# From Paul Eggert (2006-03-22): Shanks & Pottenger give 1918-06-16 and
+ # 1945-11-18, but the Austrian Federal Office of Metrology and
+ # Surveying (BEV) gives 1918-09-16 and for Vienna gives the "alleged"
+ # date of 1945-04-12 with no time.  For the 1980-04-06 transition
+-# Shanks gives 02:00, the BEV 00:00.  Go with the BEV, and guess 02:00
+-# for 1945-04-12.
++# Shanks & Pottenger give 02:00, the BEV 00:00.  Go with the BEV,
++# and guess 02:00 for 1945-04-12.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Austria	1920	only	-	Apr	 5	2:00s	1:00	S
+@@ -701,7 +706,7 @@
+ 			1:00	EU	CE%sT
+ 
+ # Bosnia and Herzegovina
+-# see Serbia and Montenegro
++# see Serbia
+ 
+ # Bulgaria
+ #
+@@ -713,7 +718,7 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Bulg	1979	only	-	Mar	31	23:00	1:00	S
+ Rule	Bulg	1979	only	-	Oct	 1	 1:00	0	-
+-Rule	Bulg	1980	1982	-	Apr	Sat<=7	23:00	1:00	S
++Rule	Bulg	1980	1982	-	Apr	Sat>=1	23:00	1:00	S
+ Rule	Bulg	1980	only	-	Sep	29	 1:00	0	-
+ Rule	Bulg	1981	only	-	Sep	27	 2:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -728,7 +733,7 @@
+ 			2:00	EU	EE%sT
+ 
+ # Croatia
+-# see Serbia and Montenegro
++# see Serbia
+ 
+ # Cyprus
+ # Please see the `asia' file for Asia/Nicosia.
+@@ -813,10 +818,10 @@
+ # East Greenland and Franz Josef Land, but we don't know their time zones.
+ # My source for this is Wilhelm Dege's book mentioned under Svalbard.
+ #
+-# From Paul Eggert (1996-11-22):
++# From Paul Eggert (2006-03-22):
+ # Greenland joined the EU as part of Denmark, obtained home rule on 1979-05-01,
+ # and left the EU on 1985-02-01.  It therefore should have been using EU
+-# rules at least through 1984.  Shanks says Scoresbysund and Godthab
++# rules at least through 1984.  Shanks & Pottenger say Scoresbysund and Godthab
+ # used C-Eur rules after 1980, but IATA SSIM (1991/1996) says they use EU
+ # rules since at least 1991.  Assume EU rules since 1980.
+ 
+@@ -871,24 +876,28 @@
+ # I heard back from someone stationed at Thule; the time change took place
+ # there at 2:00 AM.
+ 
+-# From Paul Eggert (2001-11-19):
+-# The 1997 CIA map shows Danmarkshavn on GMT; the 1995 map as like Godthab.
++# From Paul Eggert (2006-03-22):
++# From 1997 on the CIA map shows Danmarkshavn on GMT;
++# the 1995 map as like Godthab.
+ # For lack of better info, assume they were like Godthab before 1996.
+ # startkart.no says Thule does not observe DST, but this is clearly an error,
+-# so go with Shanks for all Thule transitions.
++# so go with Shanks & Pottenger for Thule transitions until this year.
++# For 2007 on assume Thule will stay in sync with US DST rules.
+ #
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Thule	1991	1992	-	Mar	lastSun	2:00	1:00	D
+ Rule	Thule	1991	1992	-	Sep	lastSun	2:00	0	S
+-Rule	Thule	1993	max	-	Apr	Sun>=1	2:00	1:00	D
+-Rule	Thule	1993	max	-	Oct	lastSun	2:00	0	S
++Rule	Thule	1993	2006	-	Apr	Sun>=1	2:00	1:00	D
++Rule	Thule	1993	2006	-	Oct	lastSun	2:00	0	S
++Rule	Thule	2007	max	-	Mar	Sun>=8	2:00	1:00	D
++Rule	Thule	2007	max	-	Nov	Sun>=1	2:00	0	S
+ #
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Danmarkshavn -1:14:40 -	LMT	1916 Jul 28
+ 			-3:00	-	WGT	1980 Apr  6 2:00
+ 			-3:00	EU	WG%sT	1996
+ 			0:00	-	GMT
+-Zone America/Scoresbysund -1:29:00 -	LMT	1916 Jul 28 # Ittoqqortoormiit
++Zone America/Scoresbysund -1:27:52 -	LMT	1916 Jul 28 # Ittoqqortoormiit
+ 			-2:00	-	CGT	1980 Apr  6 2:00
+ 			-2:00	C-Eur	CG%sT	1981 Mar 29
+ 			-1:00	EU	EG%sT
+@@ -963,13 +972,13 @@
+ 
+ # Finland
+ #
+-# From Hannu Strang (25 Sep 1994 06:03:37 UTC):
++# From Hannu Strang (1994-09-25 06:03:37 UTC):
+ # Well, here in Helsinki we're just changing from summer time to regular one,
+ # and it's supposed to change at 4am...
+ #
+-# From Paul Eggert (25 Sep 1994):
+-# Shanks says Finland has switched at 02:00 standard time since 1981.
+-# Go with Strang instead.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say Finland has switched at 02:00 standard time
++# since 1981.  Go with Strang instead.
+ #
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Finland	1942	only	-	Apr	3	0:00	1:00	S
+@@ -999,7 +1008,7 @@
+ 
+ 
+ #
+-# Shanks seems to use `24:00' ambiguously; we resolve it with Whitman.
++# Shank & Pottenger seem to use `24:00' ambiguously; resolve it with Whitman.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	France	1916	only	-	Jun	14	23:00s	1:00	S
+ Rule	France	1916	1919	-	Oct	Sun>=1	23:00s	0	-
+@@ -1013,7 +1022,7 @@
+ Rule	France	1922	only	-	Mar	25	23:00s	1:00	S
+ # DSH writes that a law of 1923-05-24 specified 3rd Sat in Apr at 23:00 to 1st
+ # Sat in Oct at 24:00; and that in 1930, because of Easter, the transitions
+-# were Apr 12 and Oct 5.  Go with Shanks.
++# were Apr 12 and Oct 5.  Go with Shanks & Pottenger.
+ Rule	France	1922	1938	-	Oct	Sat>=1	23:00s	0	-
+ Rule	France	1923	only	-	May	26	23:00s	1:00	S
+ Rule	France	1924	only	-	Mar	29	23:00s	1:00	S
+@@ -1034,8 +1043,8 @@
+ Rule	France	1939	only	-	Apr	15	23:00s	1:00	S
+ Rule	France	1939	only	-	Nov	18	23:00s	0	-
+ Rule	France	1940	only	-	Feb	25	 2:00	1:00	S
+-# The French rules for 1941-1944 were not used in Paris, but Shanks writes
+-# that they were used in Monaco and in many French locations.
++# The French rules for 1941-1944 were not used in Paris, but Shanks & Pottenger
++# write that they were used in Monaco and in many French locations.
+ # Le Corre writes that the upper limit of the free zone was Arneguy, Orthez,
+ # Mont-de-Marsan, Bazas, Langon, Lamotte-Montravel, Marouil, La
+ # Rochefoucault, Champagne-Mouton, La Roche-Posay, La Haye-Decartes,
+@@ -1043,7 +1052,7 @@
+ # Paray-le-Monial, Montceau-les-Mines, Chalons-sur-Saone, Arbois,
+ # Dole, Morez, St-Claude, and Collognes (Haute-Savioe).
+ Rule	France	1941	only	-	May	 5	 0:00	2:00	M # Midsummer
+-# Shanks says this transition occurred at Oct 6 1:00,
++# Shanks & Pottenger say this transition occurred at Oct 6 1:00,
+ # but go with Denis Excoffier (1997-12-12),
+ # who quotes the Ephemerides Astronomiques for 1998 from Bureau des Longitudes
+ # as saying 5/10/41 22hUT.
+@@ -1056,21 +1065,21 @@
+ Rule	France	1944	only	-	Oct	 8	 1:00	1:00	S
+ Rule	France	1945	only	-	Apr	 2	 2:00	2:00	M
+ Rule	France	1945	only	-	Sep	16	 3:00	0	-
+-# Shanks gives Mar 28 2:00 and Sep 26 3:00;
++# Shanks & Pottenger give Mar 28 2:00 and Sep 26 3:00;
+ # go with Excoffier's 28/3/76 0hUT and 25/9/76 23hUT.
+ Rule	France	1976	only	-	Mar	28	 1:00	1:00	S
+ Rule	France	1976	only	-	Sep	26	 1:00	0	-
+-# Shanks gives 0:09 for Paris Mean Time, and Whitman gives 0:09:05,
++# Shanks & Pottenger give 0:09:20 for Paris Mean Time, and Whitman 0:09:05,
+ # but Howse quotes the actual French legislation as saying 0:09:21.
+ # Go with Howse.  Howse writes that the time in France was officially based
+ # on PMT-0:09:21 until 1978-08-09, when the time base finally switched to UTC.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Europe/Paris	0:09:21 -	LMT	1891 Mar 15  0:01
+ 			0:09:21	-	PMT	1911 Mar 11  0:01  # Paris MT
+-# Shanks gives 1940 Jun 14 0:00; go with Excoffier and Le Corre.
++# Shanks & Pottenger give 1940 Jun 14 0:00; go with Excoffier and Le Corre.
+ 			0:00	France	WE%sT	1940 Jun 14 23:00
+ # Le Corre says Paris stuck with occupied-France time after the liberation;
+-# go with Shanks.
++# go with Shanks & Pottenger.
+ 			1:00	C-Eur	CE%sT	1944 Aug 25
+ 			0:00	France	WE%sT	1945 Sep 16  3:00
+ 			1:00	France	CE%sT	1977
+@@ -1121,23 +1130,23 @@
+ 
+ # Gibraltar
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone Europe/Gibraltar	-0:21:24 -	LMT	1880 Aug  2
++Zone Europe/Gibraltar	-0:21:24 -	LMT	1880 Aug  2 0:00s
+ 			0:00	GB-Eire	%s	1957 Apr 14 2:00
+ 			1:00	-	CET	1982
+ 			1:00	EU	CE%sT
+ 
+ # Greece
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# Whitman gives 1932 Jul 5 - Nov 1; go with Shanks.
++# Whitman gives 1932 Jul 5 - Nov 1; go with Shanks & Pottenger.
+ Rule	Greece	1932	only	-	Jul	 7	0:00	1:00	S
+ Rule	Greece	1932	only	-	Sep	 1	0:00	0	-
+-# Whitman gives 1941 Apr 25 - ?; go with Shanks.
++# Whitman gives 1941 Apr 25 - ?; go with Shanks & Pottenger.
+ Rule	Greece	1941	only	-	Apr	 7	0:00	1:00	S
+-# Whitman gives 1942 Feb 2 - ?; go with Shanks.
++# Whitman gives 1942 Feb 2 - ?; go with Shanks & Pottenger.
+ Rule	Greece	1942	only	-	Nov	 2	3:00	0	-
+ Rule	Greece	1943	only	-	Mar	30	0:00	1:00	S
+ Rule	Greece	1943	only	-	Oct	 4	0:00	0	-
+-# Whitman gives 1944 Oct 3 - Oct 31; go with Shanks.
++# Whitman gives 1944 Oct 3 - Oct 31; go with Shanks & Pottenger.
+ Rule	Greece	1952	only	-	Jul	 1	0:00	1:00	S
+ Rule	Greece	1952	only	-	Nov	 2	0:00	0	-
+ Rule	Greece	1975	only	-	Apr	12	0:00s	1:00	S
+@@ -1157,7 +1166,7 @@
+ 			2:00	Greece	EE%sT	1941 Apr 30
+ 			1:00	Greece	CE%sT	1944 Apr  4
+ 			2:00	Greece	EE%sT	1981
+-			# Shanks says they switched to C-Eur in 1981;
++			# Shanks & Pottenger say it switched to C-Eur in 1981;
+ 			# go with EU instead, since Greece joined it on Jan 1.
+ 			2:00	EU	EE%sT
+ 
+@@ -1220,10 +1229,10 @@
+ # might be a reference to the Julian calendar as opposed to Gregorian, or it
+ # might mean something else (???).
+ #
+-# From Paul Eggert (1999-10-29):
+-# The Iceland Almanak, Shanks and Whitman disagree on many points.
+-# We go with the Almanak, except for one claim from Shanks, namely that
+-# Reykavik was 21W57 from 1837 to 1908, local mean time before that.
++# From Paul Eggert (2006-03-22):
++# The Iceland Almanak, Shanks & Pottenger, and Whitman disagree on many points.
++# We go with the Almanak, except for one claim from Shanks & Pottenger, namely
++# that Reykavik was 21W57 from 1837 to 1908, local mean time before that.
+ #
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Iceland	1917	1918	-	Feb	19	23:00	1:00	S
+@@ -1261,15 +1270,16 @@
+ # But these events all occurred before the 1970 cutoff,
+ # so record only the time in Rome.
+ #
+-# From Paul Eggert (1996-05-06):
+-# For Italian DST we have three sources: Shanks, Whitman, and F. Pollastri
++# From Paul Eggert (2006-03-22):
++# For Italian DST we have three sources: Shanks & Pottenger, Whitman, and
++# F. Pollastri
+ # 
+-# Day-light Saving Time in Italy (1996-03-14)
++# Day-light Saving Time in Italy (2006-02-03)
+ # 
+ # (`FP' below), taken from an Italian National Electrotechnical Institute
+ # publication. When the three sources disagree, guess who's right, as follows:
+ #
+-# year	FP	Shanks (S)	Whitman (W)	Go with:
++# year	FP	Shanks&P. (S)	Whitman (W)	Go with:
+ # 1916	06-03	06-03 24:00	06-03 00:00	FP & W
+ #	09-30	09-30 24:00	09-30 01:00	FP; guess 24:00s
+ # 1917	04-01	03-31 24:00	03-31 00:00	FP & S
+@@ -1325,7 +1335,7 @@
+ Rule	Italy	1979	only	-	Sep	30	0:00s	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Europe/Rome	0:49:56 -	LMT	1866 Sep 22
+-			0:49:56	-	RMT	1893 Nov	# Rome Mean Time
++			0:49:56	-	RMT	1893 Nov  1 0:00s # Rome Mean
+ 			1:00	Italy	CE%sT	1942 Nov  2 2:00s
+ 			1:00	C-Eur	CE%sT	1944 Jul
+ 			1:00	Italy	CE%sT	1980
+@@ -1467,7 +1477,8 @@
+ 			2:00	EU	EE%sT
+ 
+ # Luxembourg
+-# Whitman disagrees with most of these dates in minor ways; go with Shanks.
++# Whitman disagrees with most of these dates in minor ways;
++# go with Shanks & Pottenger.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Lux	1916	only	-	May	14	23:00	1:00	S
+ Rule	Lux	1916	only	-	Oct	 1	 1:00	0	-
+@@ -1502,7 +1513,7 @@
+ 			1:00	EU	CE%sT
+ 
+ # Macedonia
+-# see Serbia and Montenegro
++# see Serbia
+ 
+ # Malta
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+@@ -1514,7 +1525,7 @@
+ Rule	Malta	1975	1980	-	Sep	Sun>=15	2:00	0	-
+ Rule	Malta	1980	only	-	Mar	31	2:00	1:00	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone	Europe/Malta	0:58:04 -	LMT	1893 Nov  2	# Valletta
++Zone	Europe/Malta	0:58:04 -	LMT	1893 Nov  2 0:00s # Valletta
+ 			1:00	Italy	CE%sT	1942 Nov  2 2:00s
+ 			1:00	C-Eur	CE%sT	1945 Apr  2 2:00s
+ 			1:00	Italy	CE%sT	1973 Mar 31
+@@ -1523,9 +1534,9 @@
+ 
+ # Moldova
+ 
+-# From Paul Eggert (2001-02-11):
+-# A previous version of this database followed Shanks, who writes that
+-# Tiraspol switched to Moscow time on 1992-01-19 at 02:00.
++# From Paul Eggert (2006-03-22):
++# A previous version of this database followed Shanks & Pottenger, who write
++# that Tiraspol switched to Moscow time on 1992-01-19 at 02:00.
+ # However, this is most likely an error, as Moldova declared independence
+ # on 1991-08-27 (the 1992-01-19 date is that of a Russian decree).
+ # In early 1992 there was large-scale interethnic violence in the area
+@@ -1550,7 +1561,8 @@
+ 			2:00	EU	EE%sT
+ 
+ # Monaco
+-# Shanks gives 0:09 for Paris Mean Time; go with Howse's more precise 0:09:21.
++# Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's
++# more precise 0:09:21.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Europe/Monaco	0:29:32 -	LMT	1891 Mar 15
+ 			0:09:21	-	PMT	1911 Mar 11    # Paris Mean Time
+@@ -1558,6 +1570,9 @@
+ 			1:00	France	CE%sT	1977
+ 			1:00	EU	CE%sT
+ 
++# Montenegro
++# see Serbia
++
+ # Netherlands
+ 
+ # Howse writes that the Netherlands' railways used GMT between 1892 and 1940,
+@@ -1633,7 +1648,8 @@
+ 			1:00	EU	CE%sT
+ 
+ # Norway
+-# http://met.no/met/met_lex/q_u/sommertid.html (2004-01) agrees with Shanks.
++# http://met.no/met/met_lex/q_u/sommertid.html (2004-01) agrees with Shanks &
++# Pottenger.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Norway	1916	only	-	May	22	1:00	1:00	S
+ Rule	Norway	1916	only	-	Sep	30	0:00	0	-
+@@ -1704,9 +1720,10 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Poland	1918	1919	-	Sep	16	2:00s	0	-
+ Rule	Poland	1919	only	-	Apr	15	2:00s	1:00	S
+-# Whitman gives 1944 Nov 30; go with Shanks.
++Rule	Poland	1944	only	-	Apr	 3	2:00s	1:00	S
++# Whitman gives 1944 Nov 30; go with Shanks & Pottenger.
+ Rule	Poland	1944	only	-	Oct	 4	2:00	0	-
+-# For 1944-1948 Whitman gives the previous day; go with Shanks.
++# For 1944-1948 Whitman gives the previous day; go with Shanks & Pottenger.
+ Rule	Poland	1945	only	-	Apr	29	0:00	1:00	S
+ Rule	Poland	1945	only	-	Nov	 1	0:00	0	-
+ # For 1946 on the source is Kazimierz Borkowski,
+@@ -1762,9 +1779,9 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ # DSH writes that despite Decree 1,469 (1915), the change to the clocks was not
+ # done every year, depending on what Spain did, because of railroad schedules.
+-# Go with Shanks.
++# Go with Shanks & Pottenger.
+ Rule	Port	1916	only	-	Jun	17	23:00	1:00	S
+-# Whitman gives 1916 Oct 31; go with Shanks.
++# Whitman gives 1916 Oct 31; go with Shanks & Pottenger.
+ Rule	Port	1916	only	-	Nov	 1	 1:00	0	-
+ Rule	Port	1917	only	-	Feb	28	23:00s	1:00	S
+ Rule	Port	1917	1921	-	Oct	14	23:00s	0	-
+@@ -1780,24 +1797,23 @@
+ Rule	Port	1928	only	-	Apr	14	23:00s	1:00	S
+ Rule	Port	1929	only	-	Apr	20	23:00s	1:00	S
+ Rule	Port	1931	only	-	Apr	18	23:00s	1:00	S
+-# Whitman gives 1931 Oct 8; go with Shanks.
++# Whitman gives 1931 Oct 8; go with Shanks & Pottenger.
+ Rule	Port	1931	1932	-	Oct	Sat>=1	23:00s	0	-
+ Rule	Port	1932	only	-	Apr	 2	23:00s	1:00	S
+-# Shanks gives 1934 Apr 4; go with Whitman.
+ Rule	Port	1934	only	-	Apr	 7	23:00s	1:00	S
+-# Whitman gives 1934 Oct 5; go with Shanks.
++# Whitman gives 1934 Oct 5; go with Shanks & Pottenger.
+ Rule	Port	1934	1938	-	Oct	Sat>=1	23:00s	0	-
+-# Shanks gives 1935 Apr 30; go with Whitman.
++# Shanks & Pottenger give 1935 Apr 30; go with Whitman.
+ Rule	Port	1935	only	-	Mar	30	23:00s	1:00	S
+ Rule	Port	1936	only	-	Apr	18	23:00s	1:00	S
+-# Whitman gives 1937 Apr 2; go with Shanks.
++# Whitman gives 1937 Apr 2; go with Shanks & Pottenger.
+ Rule	Port	1937	only	-	Apr	 3	23:00s	1:00	S
+ Rule	Port	1938	only	-	Mar	26	23:00s	1:00	S
+ Rule	Port	1939	only	-	Apr	15	23:00s	1:00	S
+-# Whitman gives 1939 Oct 7; go with Shanks.
++# Whitman gives 1939 Oct 7; go with Shanks & Pottenger.
+ Rule	Port	1939	only	-	Nov	18	23:00s	0	-
+ Rule	Port	1940	only	-	Feb	24	23:00s	1:00	S
+-# Shanks gives 1940 Oct 7; go with Whitman.
++# Shanks & Pottenger give 1940 Oct 7; go with Whitman.
+ Rule	Port	1940	1941	-	Oct	 5	23:00s	0	-
+ Rule	Port	1941	only	-	Apr	 5	23:00s	1:00	S
+ Rule	Port	1942	1945	-	Mar	Sat>=8	23:00s	1:00	S
+@@ -1811,8 +1827,8 @@
+ Rule	Port	1946	only	-	Oct	Sat>=1	23:00s	0	-
+ Rule	Port	1947	1949	-	Apr	Sun>=1	 2:00s	1:00	S
+ Rule	Port	1947	1949	-	Oct	Sun>=1	 2:00s	0	-
+-# Shanks says DST was observed in 1950; go with Whitman.
+-# Whitman gives Oct lastSun for 1952 on; go with Shanks.
++# Shanks & Pottenger say DST was observed in 1950; go with Whitman.
++# Whitman gives Oct lastSun for 1952 on; go with Shanks & Pottenger.
+ Rule	Port	1951	1965	-	Apr	Sun>=1	 2:00s	1:00	S
+ Rule	Port	1951	1965	-	Oct	Sun>=1	 2:00s	0	-
+ Rule	Port	1977	only	-	Mar	27	 0:00s	1:00	S
+@@ -1824,7 +1840,7 @@
+ Rule	Port	1981	1982	-	Mar	lastSun	 1:00s	1:00	S
+ Rule	Port	1983	only	-	Mar	lastSun	 2:00s	1:00	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-# Shanks says that the transition from LMT to WET occurred 1911-05-24;
++# Shanks & Pottenger say the transition from LMT to WET occurred 1911-05-24;
+ # Willett says 1912-01-01.  Go with Willett.
+ Zone	Europe/Lisbon	-0:36:32 -	LMT	1884
+ 			-0:36:32 -	LMT	1912 Jan  1  # Lisbon Mean Time
+@@ -1877,11 +1893,12 @@
+ 
+ # Russia
+ 
+-# From Paul Eggert (1999-11-12):
++# From Paul Eggert (2006-03-22):
+ # Except for Moscow after 1919-07-01, I invented the time zone abbreviations.
+ # Moscow time zone abbreviations after 1919-07-01, and Moscow rules after 1991,
+-# are from Andrey A. Chernov.  The rest is from Shanks, except we follow
+-# Chernov's report that 1992 DST transitions were Sat 23:00, not Sun 02:00s.
++# are from Andrey A. Chernov.  The rest is from Shanks & Pottenger,
++# except we follow Chernov's report that 1992 DST transitions were Sat
++# 23:00, not Sun 02:00s.
+ #
+ # From Stanislaw A. Kuzikowski (1994-06-29):
+ # But now it is some months since Novosibirsk is 3 hours ahead of Moscow!
+@@ -1926,20 +1943,20 @@
+ 			 2:00	Russia	EE%sT
+ #
+ # From Oscar van Vlijmen (2001-08-25): [This region consists of]
+-# Respublika Adygeya, Arkhangel'skaya oblast', Astrakhanskaya oblast',
++# Respublika Adygeya, Arkhangel'skaya oblast',
+ # Belgorodskaya oblast', Bryanskaya oblast', Vladimirskaya oblast',
+-# Volgogradskaya oblast', Vologodskaya oblast', Voronezhskaya oblast',
++# Vologodskaya oblast', Voronezhskaya oblast',
+ # Respublika Dagestan, Ivanovskaya oblast', Respublika Ingushetiya,
+ # Kabarbino-Balkarskaya Respublika, Respublika Kalmykiya,
+ # Kalyzhskaya oblast', Respublika Karachaevo-Cherkessiya,
+-# Respublika Kareliya, Kirovskaya oblast', Respublika Komi,
++# Respublika Kareliya, Respublika Komi,
+ # Kostromskaya oblast', Krasnodarskij kraj, Kurskaya oblast',
+ # Leningradskaya oblast', Lipetskaya oblast', Respublika Marij El,
+ # Respublika Mordoviya, Moskva, Moskovskaya oblast',
+ # Murmanskaya oblast', Nenetskij avtonomnyj okrug,
+ # Nizhegorodskaya oblast', Novgorodskaya oblast', Orlovskaya oblast',
+ # Penzenskaya oblast', Pskovskaya oblast', Rostovskaya oblast',
+-# Ryazanskaya oblast', Sankt-Peterburg, Saratovskaya oblast',
++# Ryazanskaya oblast', Sankt-Peterburg,
+ # Respublika Severnaya Osetiya, Smolenskaya oblast',
+ # Stavropol'skij kraj, Tambovskaya oblast', Respublika Tatarstan,
+ # Tverskaya oblast', Tyl'skaya oblast', Ul'yanovskaya oblast',
+@@ -1954,11 +1971,25 @@
+ 			 2:00	Russia	EE%sT	1992 Jan 19 2:00s
+ 			 3:00	Russia	MSK/MSD
+ #
++# Astrakhanskaya oblast', Kirovskaya oblast', Saratovskaya oblast',
++# Volgogradskaya oblast'.  Shanks & Pottenger say Kirov is still at +0400
++# but Wikipedia (2006-05-09) says +0300.  Perhaps it switched after the
++# others?  But we have no data.
++Zone Europe/Volgograd	 2:57:40 -	LMT	1920 Jan  3
++			 3:00	-	TSAT	1925 Apr  6 # Tsaritsyn Time
++			 3:00	-	STAT	1930 Jun 21 # Stalingrad Time
++			 4:00	-	STAT	1961 Nov 11
++			 4:00	Russia	VOL%sT	1989 Mar 26 2:00s # Volgograd T
++			 3:00	Russia	VOL%sT	1991 Mar 31 2:00s
++			 4:00	-	VOLT	1992 Mar 29 2:00s
++			 3:00	Russia	VOL%sT
++#
+ # From Oscar van Vlijmen (2001-08-25): [This region consists of]
+ # Samarskaya oblast', Udmyrtskaya respublika
+ Zone Europe/Samara	 3:20:36 -	LMT	1919 Jul  1 2:00
+-			 3:00	-	KUYT	1930 Jun 21 # Kuybyshev
+-			 4:00	Russia	KUY%sT	1989 Mar 26 2:00s
++			 3:00	-	SAMT	1930 Jun 21
++			 4:00	-	SAMT	1935 Jan 27
++			 4:00	Russia	KUY%sT	1989 Mar 26 2:00s # Kuybyshev
+ 			 3:00	Russia	KUY%sT	1991 Mar 31 2:00s
+ 			 2:00	Russia	KUY%sT	1991 Sep 29 2:00s
+ 			 3:00	-	KUYT	1991 Oct 20 3:00
+@@ -1984,17 +2015,19 @@
+ 			 5:00	Russia	OMS%sT	1992 Jan 19 2:00s
+ 			 6:00	Russia	OMS%sT
+ #
+-# Novosibirskaya oblast'.
++# From Paul Eggert (2006-08-19): I'm guessing about Tomsk here; it's
++# not clear when it switched from +7 to +6.
++# Novosibirskaya oblast', Tomskaya oblast'.
+ Zone Asia/Novosibirsk	 5:31:40 -	LMT	1919 Dec 14 6:00
+ 			 6:00	-	NOVT	1930 Jun 21 # Novosibirsk Time
+ 			 7:00	Russia	NOV%sT	1991 Mar 31 2:00s
+ 			 6:00	Russia	NOV%sT	1992 Jan 19 2:00s
+-			 7:00	Russia	NOV%sT	1993 May 23 # says Shanks
++			 7:00	Russia	NOV%sT	1993 May 23 # say Shanks & P.
+ 			 6:00	Russia	NOV%sT
+ #
+ # From Oscar van Vlijmen (2001-08-25): [This region consists of]
+ # Kemerovskaya oblast', Krasnoyarskij kraj,
+-# Tajmyrskij (Dolgano-Nenetskij) avtonomnyj okrug, Tomskaya oblast',
++# Tajmyrskij (Dolgano-Nenetskij) avtonomnyj okrug,
+ # Respublika Tuva, Respublika Khakasiya, Evenkijskij avtonomnyj okrug.
+ Zone Asia/Krasnoyarsk	 6:11:20 -	LMT	1920 Jan  6
+ 			 6:00	-	KRAT	1930 Jun 21 # Krasnoyarsk Time
+@@ -2077,7 +2110,7 @@
+ 			11:00	Russia	ANA%sT	1992 Jan 19 2:00s
+ 			12:00	Russia	ANA%sT
+ 
+-# Serbia and Montenegro
++# Serbia
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Europe/Belgrade	1:22:00	-	LMT	1884
+ 			1:00	-	CET	1941 Apr 18 23:00
+@@ -2085,10 +2118,11 @@
+ 			1:00	1:00	CEST	1945 Sep 16  2:00s
+ # Metod Kozelj reports that the legal date of
+ # transition to EU rules was 1982-11-27, for all of Yugoslavia at the time.
+-# Shanks doesn't give as much detail, so go with Kozelj.
++# Shanks & Pottenger don't give as much detail, so go with Kozelj.
+ 			1:00	-	CET	1982 Nov 27
+ 			1:00	EU	CE%sT
+ Link Europe/Belgrade Europe/Ljubljana	# Slovenia
++Link Europe/Belgrade Europe/Podgorica	# Montenegro
+ Link Europe/Belgrade Europe/Sarajevo	# Bosnia and Herzegovina
+ Link Europe/Belgrade Europe/Skopje	# Macedonia
+ Link Europe/Belgrade Europe/Zagreb	# Croatia
+@@ -2097,32 +2131,34 @@
+ Link Europe/Prague Europe/Bratislava
+ 
+ # Slovenia
+-# see Serbia and Montenegro
++# see Serbia
+ 
+ # Spain
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# For 1917-1919 Whitman gives Apr Sat>=1 - Oct Sat>=1; go with Shanks.
++# For 1917-1919 Whitman gives Apr Sat>=1 - Oct Sat>=1;
++# go with Shanks & Pottenger.
+ Rule	Spain	1917	only	-	May	 5	23:00s	1:00	S
+ Rule	Spain	1917	1919	-	Oct	 6	23:00s	0	-
+ Rule	Spain	1918	only	-	Apr	15	23:00s	1:00	S
+ Rule	Spain	1919	only	-	Apr	 5	23:00s	1:00	S
+-# Whitman gives 1921 Feb 28 - Oct 14; go with Shanks.
++# Whitman gives 1921 Feb 28 - Oct 14; go with Shanks & Pottenger.
+ Rule	Spain	1924	only	-	Apr	16	23:00s	1:00	S
+-# Whitman gives 1924 Oct 14; go with Shanks.
++# Whitman gives 1924 Oct 14; go with Shanks & Pottenger.
+ Rule	Spain	1924	only	-	Oct	 4	23:00s	0	-
+ Rule	Spain	1926	only	-	Apr	17	23:00s	1:00	S
+-# Whitman says no DST in 1929; go with Shanks.
++# Whitman says no DST in 1929; go with Shanks & Pottenger.
+ Rule	Spain	1926	1929	-	Oct	Sat>=1	23:00s	0	-
+ Rule	Spain	1927	only	-	Apr	 9	23:00s	1:00	S
+ Rule	Spain	1928	only	-	Apr	14	23:00s	1:00	S
+ Rule	Spain	1929	only	-	Apr	20	23:00s	1:00	S
+-# Whitman gives 1937 Jun 16, 1938 Apr 16, 1940 Apr 13; go with Shanks.
++# Whitman gives 1937 Jun 16, 1938 Apr 16, 1940 Apr 13;
++# go with Shanks & Pottenger.
+ Rule	Spain	1937	only	-	May	22	23:00s	1:00	S
+ Rule	Spain	1937	1939	-	Oct	Sat>=1	23:00s	0	-
+ Rule	Spain	1938	only	-	Mar	22	23:00s	1:00	S
+ Rule	Spain	1939	only	-	Apr	15	23:00s	1:00	S
+ Rule	Spain	1940	only	-	Mar	16	23:00s	1:00	S
+-# Whitman says no DST 1942-1945; go with Shanks.
++# Whitman says no DST 1942-1945; go with Shanks & Pottenger.
+ Rule	Spain	1942	only	-	May	 2	22:00s	2:00	M # Midsummer
+ Rule	Spain	1942	only	-	Sep	 1	22:00s	1:00	S
+ Rule	Spain	1943	1946	-	Apr	Sat>=13	22:00s	2:00	M
+@@ -2149,7 +2185,7 @@
+ Rule SpainAfrica 1978	only	-	Jun	 1	 0:00	1:00	S
+ Rule SpainAfrica 1978	only	-	Aug	 4	 0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone	Europe/Madrid	-0:14:44 -	LMT	1901
++Zone	Europe/Madrid	-0:14:44 -	LMT	1901 Jan  1  0:00s
+ 			 0:00	Spain	WE%sT	1946 Sep 30
+ 			 1:00	Spain	CE%sT	1979
+ 			 1:00	EU	CE%sT
+@@ -2171,7 +2207,7 @@
+ 
+ # Sweden
+ 
+-# From Ivan Nilsson (2001-04-13), superseding Shanks:
++# From Ivan Nilsson (2001-04-13), superseding Shanks & Pottenger:
+ #
+ # The law "Svensk forfattningssamling 1878, no 14" about standard time in 1879:
+ # From the beginning of 1879 (that is 01-01 00:00) the time for all
+@@ -2232,7 +2268,7 @@
+ # From Whitman (who writes ``Midnight?''):
+ Rule	Swiss	1940	only	-	Nov	 2	0:00	1:00	S
+ Rule	Swiss	1940	only	-	Dec	31	0:00	0	-
+-# From Shanks:
++# From Shanks & Pottenger:
+ Rule	Swiss	1941	1942	-	May	Sun>=1	2:00	1:00	S
+ Rule	Swiss	1941	1942	-	Oct	Sun>=1	0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -2251,7 +2287,8 @@
+ Rule	Turkey	1921	only	-	Oct	 3	0:00	0	-
+ Rule	Turkey	1922	only	-	Mar	26	0:00	1:00	S
+ Rule	Turkey	1922	only	-	Oct	 8	0:00	0	-
+-# Whitman gives 1923 Apr 28 - Sep 16 and no DST in 1924-1925; go with Shanks.
++# Whitman gives 1923 Apr 28 - Sep 16 and no DST in 1924-1925;
++# go with Shanks & Pottenger.
+ Rule	Turkey	1924	only	-	May	13	0:00	1:00	S
+ Rule	Turkey	1924	1925	-	Oct	 1	0:00	0	-
+ Rule	Turkey	1925	only	-	May	 1	0:00	1:00	S
+@@ -2260,7 +2297,8 @@
+ Rule	Turkey	1940	only	-	Dec	 1	0:00	1:00	S
+ Rule	Turkey	1941	only	-	Sep	21	0:00	0	-
+ Rule	Turkey	1942	only	-	Apr	 1	0:00	1:00	S
+-# Whitman omits the next two transition and gives 1945 Oct 1; go with Shanks.
++# Whitman omits the next two transition and gives 1945 Oct 1;
++# go with Shanks & Pottenger.
+ Rule	Turkey	1942	only	-	Nov	 1	0:00	0	-
+ Rule	Turkey	1945	only	-	Apr	 2	0:00	1:00	S
+ Rule	Turkey	1945	only	-	Oct	 8	0:00	0	-
+@@ -2357,11 +2395,13 @@
+ 			3:00	Russia	MSK/MSD	1990
+ 			3:00	-	MSK	1990 Jul  1 2:00
+ 			2:00	-	EET	1992
+-# From Paul Eggert (1999-11-12):
++# From Paul Eggert (2006-03-22):
+ # The _Economist_ (1994-05-28, p 45) reports that central Crimea switched
+ # from Kiev to Moscow time sometime after the January 1994 elections.
+-# Shanks says ``date of change uncertain'', but implies that it happened
+-# sometime between the 1994 DST switches.  For now, guess it changed in May.
++# Shanks (1999) says ``date of change uncertain'', but implies that it happened
++# sometime between the 1994 DST switches.  Shanks & Pottenger simply say
++# 1994-09-25 03:00, but that can't be right.  For now, guess it
++# changed in May.
+ 			2:00	E-Eur	EE%sT	1994 May
+ # From IATA SSIM (1994/1997), which also says that Kerch is still like Kiev.
+ 			3:00	E-Eur	MSK/MSD	1996 Mar 31 3:00s
+Index: share/zoneinfo/factory
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/factory,v
+retrieving revision 1.5
+diff -u -r1.5 factory
+--- share/zoneinfo/factory	21 Jan 1999 21:55:55 -0000	1.5
++++ share/zoneinfo/factory	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)factory	7.3
++# @(#)factory	8.1
+ 
+ # For companies who don't want to put time zone specification in
+ # their installation procedures.  When users run date, they'll get the message.
+Index: share/zoneinfo/leapseconds
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/leapseconds,v
+retrieving revision 1.13.2.1
+diff -u -r1.13.2.1 leapseconds
+--- share/zoneinfo/leapseconds	22 Dec 2005 23:47:26 -0000	1.13.2.1
++++ share/zoneinfo/leapseconds	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)leapseconds	7.20
++# @(#)leapseconds	8.1
+ 
+ # Allowance for leapseconds added to each timezone file.
+ 
+@@ -50,7 +50,7 @@
+ # SERVICE INTERNATIONAL DE LA ROTATION TERRESTRE ET DES SYSTEMES DE REFERENCE
+ #
+ # SERVICE DE LA ROTATION TERRESTRE
+-# OBSERVATOIRE DE PARIS                                   
++# OBSERVATOIRE DE PARIS
+ # 61, Av. de l'Observatoire 75014 PARIS (France)
+ # Tel.      : 33 (0) 1 40 51 22 26
+ # FAX       : 33 (0) 1 40 51 22 91
+Index: share/zoneinfo/northamerica
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/northamerica,v
+retrieving revision 1.25.2.2
+diff -u -r1.25.2.2 northamerica
+--- share/zoneinfo/northamerica	27 Dec 2005 19:56:24 -0000	1.25.2.2
++++ share/zoneinfo/northamerica	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)northamerica	7.87
++# @(#)northamerica	8.9
+ # 
+ 
+ # also includes Central America and the Caribbean
+@@ -30,12 +30,12 @@
+ # That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
+ # See p 46 of David Prerau, Seize the daylight, Thunder's Mouth Press (2005).
+ 
+-# From Paul Eggert (1995-12-19):
++# From Paul Eggert (2006-03-22):
+ # A good source for time zone historical data in the US is
+ # Thomas G. Shanks, The American Atlas (5th edition),
+ # San Diego: ACS Publications, Inc. (1991).
+ # Make sure you have the errata sheet; the book is somewhat useless without it.
+-# It is the source for most of the pre-1991 US and Puerto Rico entries below.
++# It is the source for most of the pre-1991 US entries below.
+ 
+ # From Paul Eggert (2001-03-06):
+ # Daylight Saving Time was first suggested as a joke by Benjamin Franklin
+@@ -229,7 +229,7 @@
+ # Public law 106-564 (2000-12-23) introduced the abbreviation
+ # "Chamorro Standard Time" for time in Guam and the Northern Marianas.
+ # See the file "australasia".
+- 
++
+ # From Arthur David Olson, 2005-08-09
+ # The following was signed into law on 2005-08-08.
+ #
+@@ -274,7 +274,7 @@
+ # set their watches and clocks on Eastern time."  It quotes H.H. "Bubba"
+ # Roberts, city administrator in Phenix City. as saying "We are in the Central
+ # time zone, but we do go by the Eastern time zone because so many people work
+-# in Columbus." 
++# in Columbus."
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule	NYC	1920	only	-	Mar	lastSun	2:00	1:00	D
+@@ -301,6 +301,13 @@
+ # Nebraska, eastern North Dakota, Oklahoma, eastern South Dakota,
+ # western Tennessee, most of Texas, Wisconsin
+ 
++# From Larry M. Smith (2006-04-26) re Wisconsin:
++# http://www.legis.state.wi.us/statutes/Stat0175.pdf ...
++# is currently enforced at the 01:00 time of change.  Because the local
++# "bar time" in the state corresponds to 02:00, a number of citations
++# are issued for the "sale of class 'B' alcohol after prohibited
++# hours" within the deviated hour of this change every year....
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule	Chicago	1920	only	-	Jun	13	2:00	1:00	D
+ Rule	Chicago	1920	1921	-	Oct	lastSun	2:00	0	S
+@@ -321,6 +328,16 @@
+ Zone America/North_Dakota/Center -6:45:12 - LMT	1883 Nov 18 12:14:48
+ 			-7:00	US	M%sT	1992 Oct 25 02:00
+ 			-6:00	US	C%sT
++# Morton County, ND, switched from mountain to central time on
++# 2003-10-26, except for the area around Mandan which was already central time.
++# See .
++# Officially this switch also included part of Sioux County, and
++# Jones, Mellette, and Todd Counties in South Dakota;
++# but in practice these other counties were already observing central time.
++# See .
++Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21
++			-7:00	US	M%sT	2003 Oct 26 02:00
++			-6:00	US	C%sT
+ 
+ # US mountain time, represented by Denver
+ #
+@@ -399,7 +416,8 @@
+ Zone America/Anchorage	 14:00:24 -	LMT	1867 Oct 18
+ 			 -9:59:36 -	LMT	1900 Aug 20 12:00
+ 			-10:00	-	CAT	1942
+-			-10:00	US	CAT/CAWT 1946
++			-10:00	US	CAT/CAWT 1945 Aug 14 23:00u
++			-10:00	US	CAT/CAPT 1946 # Peace
+ 			-10:00	-	CAT	1967 Apr
+ 			-10:00	-	AHST	1969
+ 			-10:00	US	AH%sT	1983 Oct 30 2:00
+@@ -519,9 +537,9 @@
+ # For a map of Indiana's time zone regions, see:
+ # 
+ # What time is it in Indiana?
+-#  (2005-05-03)
++#  (2006-03-01)
+ #
+-# From Paul Eggert (2005-08-22):
++# From Paul Eggert (2006-03-22):
+ # Since 1970, most of Indiana has been like America/Indiana/Indianapolis,
+ # with the following exceptions:
+ #
+@@ -533,11 +551,15 @@
+ # - Clark, Floyd, and Harrison counties have been like
+ #   America/Kentucky/Louisville.
+ #
+-# - Crawford, Starke, and Switzerland counties have their own time zone
++# - Daviess, Dubois, Knox, Martin, Perry, and Pulaski counties
++#   have been like America/Indiana/Vincennes.
++#
++# - Crawford, Pike, Starke, and Switzerland counties have their own time zone
+ #   histories as noted below.
+ #
+-# Shanks partitions Indiana into 345 regions, each with its own time history,
+-# and writes ``Even newspaper reports present contradictory information.''
++# Shanks partitioned Indiana into 345 regions, each with its own time history,
++# and wrote ``Even newspaper reports present contradictory information.''
++# Those Hoosiers!  Such a flighty and changeable people!
+ # Fortunately, most of the complexity occurred before our cutoff date of 1970.
+ #
+ # Other than Indianapolis, the Indiana place names are so nondescript
+@@ -545,11 +567,21 @@
+ # So we reluctantly put them all in a subdirectory `America/Indiana'.
+ 
+ # From Paul Eggert (2005-08-16):
+-# http://www.mccsc.edu/time.html says that Indiana will use DST starting 2006,
+-# and that many counties may switch either to Central or to Eastern time.
+-# The county-by-county decisions have not been made yet, so for now assume
+-# that no counties will switch: this assumption is most likely wrong,
+-# but it's the best we can do for now.
++# http://www.mccsc.edu/time.html says that Indiana will use DST starting 2006.
++
++# From Nathan Stratton Treadway (2006-03-30):
++# http://www.dot.gov/affairs/dot0406.htm [3705 B]
++# From Deborah Goldsmith (2006-01-18):
++# http://dmses.dot.gov/docimages/pdf95/382329_web.pdf [2.9 MB]
++# From Paul Eggert (2006-01-20):
++# It says "DOT is relocating the time zone boundary in Indiana to move Starke,
++# Pulaski, Knox, Daviess, Martin, Pike, Dubois, and Perry Counties from the
++# Eastern Time Zone to the Central Time Zone.... The effective date of
++# this rule is 2:OO a.m. EST Sunday, April 2, 2006, which is the
++# changeover date from standard time to Daylight Saving Time."
++# Strictly speaking, this means the affected counties will change their
++# clocks twice that night, but this obviously is in error.  The intent
++# is that 01:59:59 EST be followed by 02:00:00 CDT.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule Indianapolis 1941	only	-	Jun	22	2:00	1:00	D
+@@ -568,8 +600,8 @@
+ 			-5:00	-	EST	2006
+ 			-5:00	US	E%sT
+ #
+-# Part of Crawford County, Indiana, last observed DST in 1975,
+-# and left its clocks alone in 1974.
++# Eastern Crawford County, Indiana, left its clocks alone in 1974,
++# as well as from 1976 through 2005.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule	Marengo	1951	only	-	Apr	lastSun	2:00	1:00	D
+ Rule	Marengo	1951	only	-	Sep	lastSun	2:00	0	S
+@@ -586,7 +618,45 @@
+ 			-5:00	-	EST	2006
+ 			-5:00	US	E%sT
+ #
+-# Starke County, Indiana
++# Daviess, Dubois, Knox, Martin, Perry, and Pulaski Counties, Indiana,
++# switched from eastern to central time in April 2006.
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
++Rule Vincennes	1946	only	-	Apr	lastSun	2:00	1:00	D
++Rule Vincennes	1946	only	-	Sep	lastSun	2:00	0	S
++Rule Vincennes	1953	1954	-	Apr	lastSun	2:00	1:00	D
++Rule Vincennes	1953	1959	-	Sep	lastSun	2:00	0	S
++Rule Vincennes	1955	only	-	May	 1	0:00	1:00	D
++Rule Vincennes	1956	1963	-	Apr	lastSun	2:00	1:00	D
++Rule Vincennes	1960	only	-	Oct	lastSun	2:00	0	S
++Rule Vincennes	1961	only	-	Sep	lastSun	2:00	0	S
++Rule Vincennes	1962	1963	-	Oct	lastSun	2:00	0	S
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
++Zone America/Indiana/Vincennes -5:50:07 - LMT	1883 Nov 18 12:09:53
++			-6:00	US	C%sT	1946
++			-6:00 Vincennes	C%sT	1964 Apr 26 2:00
++			-5:00	-	EST	1969
++			-5:00	US	E%sT	1971
++			-5:00	-	EST	2006 Apr  2 2:00
++			-6:00	US	C%sT
++#
++# Pike County, Indiana moved from central to eastern time in 1977,
++# then switched back in 2006.
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
++Rule	Pike	1955	only	-	May	 1	0:00	1:00	D
++Rule	Pike	1955	1960	-	Sep	lastSun	2:00	0	S
++Rule	Pike	1956	1964	-	Apr	lastSun	2:00	1:00	D
++Rule	Pike	1961	1964	-	Oct	lastSun	2:00	0	S
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
++Zone America/Indiana/Petersburg -5:49:07 - LMT	1883 Nov 18 12:10:53
++			-6:00	US	C%sT	1955
++			-6:00	Pike	C%sT	1965 Apr 25 2:00
++			-5:00	-	EST	1966 Oct 30 2:00
++			-6:00	US	C%sT	1977 Oct 30 2:00
++			-5:00	-	EST	2006 Apr  2 2:00
++			-6:00	US	C%sT
++#
++# Starke County, Indiana moved from central to eastern time in 1991,
++# then switched back in 2006.
+ # From Arthur David Olson (1991-10-28):
+ # An article on page A3 of the Sunday, 1991-10-27 Washington Post
+ # notes that Starke County switched from Central time to Eastern time as of
+@@ -603,10 +673,10 @@
+ 			-6:00	Starke	C%sT	1962 Apr 29 2:00
+ 			-5:00	-	EST	1963 Oct 27 2:00
+ 			-6:00	US	C%sT	1991 Oct 27 2:00
+-			-5:00	-	EST	2006
+-			-5:00	US	E%sT
++			-5:00	-	EST	2006 Apr  2 2:00
++			-6:00	US	C%sT
+ #
+-# Switzerland County, Indiana, last observed DST in 1972.
++# Switzerland County, Indiana, did not observe DST from 1973 through 2005.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Indiana/Vevay -5:40:16 -	LMT	1883 Nov 18 12:19:44
+ 			-6:00	US	C%sT	1954 Apr 25 2:00
+@@ -636,7 +706,7 @@
+ 			-6:00	1:00	CDT	1974 Oct 27 2:00
+ 			-5:00	US	E%sT
+ #
+-# Wayne, Clinton, and Russell Counties, Kentucky
++# Wayne County, Kentucky
+ #
+ # From
+ # 
+@@ -733,7 +803,8 @@
+ 			-5:00	-	EST	1975 Apr 27 2:00
+ 			-5:00	US	E%sT
+ #
+-# The Michigan border with Wisconsin switched from EST to CST/CDT in 1973.
++# Dickinson, Gogebic, Iron, and Menominee Counties, Michigan,
++# switched from EST to CST/CDT in 1973.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule Menominee	1946	only	-	Apr	lastSun	2:00	1:00	D
+ Rule Menominee	1946	only	-	Sep	lastSun	2:00	0	S
+@@ -760,10 +831,10 @@
+ ################################################################################
+ 
+ 
+-# From Paul Eggert (1999-10-29):
+-# A good source for time zone historical data outside the US is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# From Paul Eggert (2006-03-22):
++# A good source for time zone historical data outside the U.S. is
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -771,8 +842,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Other sources occasionally used include:
+ #
+@@ -820,9 +891,51 @@
+ # From Paul Eggert (1994-11-22):
+ # Alas, this sort of thing must be handled by localization software.
+ 
+-# Unless otherwise specified, the data for Canada are all from Shanks.
++# Unless otherwise specified, the data for Canada are all from Shanks
++# & Pottenger.
+ 
+-# From Paul Eggert (2005-12-21):
++# From Chris Walton (2006-04-01):
++# The British Columbia government announced yesterday that it will
++# adjust daylight savings next year to align with changes in the
++# U.S. and the rest of Canada....
++# http://www2.news.gov.bc.ca/news_releases_2005-2009/2006AG0014-000330.htm
++
++# From Chris Walton (2006-04-25):
++# Daylight saving time will be extended by four weeks starting in 2007....
++# Here is a news release which was issued today by the Nova Scotia government:
++# http://www.gov.ns.ca/news/details.asp?id=20060425004
++
++# From Chris Walton (2006-06-26):
++# [For New Brunswick] the new legislation dictates that the time change is to
++# be done at 02:00 instead of 00:01.
++# http://www.gnb.ca/0062/acts/BBA-2006/Chap-19.pdf
++# ...
++# Manitoba has traditionally changed the clock every fall at 03:00.
++# As of 2006, the transition is to take place one hour earlier at 02:00.
++# http://web2.gov.mb.ca/laws/statutes/ccsm/o030e.php
++# ...
++# [Alberta, Ontario, Quebec] will follow US rules.
++# http://www.qp.gov.ab.ca/documents/Acts/2006CH03_UNPR.cfm?frm_isbn=0779744934
++# http://www.e-laws.gov.on.ca/DBLaws/Source/Regs/English/2006/R06111_e.htm
++# http://www.assnat.qc.ca/eng/37legislature2/Projets-loi/Publics/06-a002.htm
++# ...
++# P.E.I. will follow US rules.  The new legislation is not law yet.
++# It passed first reading on April 20....
++# http://www.assembly.pe.ca/bills/pdf_first/62/3/bill-101.pdf
++# ...
++# Province of Newfoundland and Labrador.... The change is being considered.
++# http://www.releases.gov.nl.ca/releases/2006/mpa/0331n01.htm
++# ...
++# N.W.T. will follow US rules.  Whoever maintains the government web site
++# does not seem to believe in bookmarks.  To see the news release, click the
++# following link and search for "Daylight Savings Time Change".  Press the
++# "Daylight Savings Time Change" link; it will fire off a popup using
++# JavaScript.
++# http://www.exec.gov.nt.ca/currentnews/currentPR.asp?mode=archive
++
++
++
++# From Paul Eggert (2006-04-25):
+ # H. David Matthews and Mary Vincent's map
+ # 
+ # "It's about TIME", _Canadian Geographic_ (September-October 1998)
+@@ -834,25 +947,10 @@
+ # information about standard and daylight saving time zones in Canada.
+ #  (updated periodically).
+ # Its unofficial information is often taken from Matthews and Vincent.
+-#
+-# CBC News reported that Ontario and Manitoba have announced plans to
+-# follow the US change, and that Nova Scotia is considering it; see
+-#  (2005-10-21).
+-# CBC news also reported that Prince Edward Island is the first
+-# province in Atlantic Canada to follow the US change, and that Quebec
+-# had agreed; see 
+-# (2005-12-07).
+-#
+-# To reflect all this, the Canada and Winn rules have been adjusted to
+-# agree with the 2007 US change.  This means we assume most of Canada
+-# will fall into line.  However, Alberta, British Columbia,
+-# Newfoundland, Northwest Territories, and Yukon already have separate
+-# rules in our database, so for now we'll leave them alone, which
+-# means that we currently assume these regions will not change their
+-# rules and will disagree with the US starting in 2007.  This
+-# assumption is probably incorrect, with the possible exception of
+-# Newfoundland.  We plan to adjust the Edm, Vanc, StJohns, and NT_YK
+-# rules as the corresponding provinces make their announcements.
++
++# From Paul Eggert (2006-06-27):
++# For now, assume all of DST-observing Canada will fall into line with the
++# new US DST rules,
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Canada	1918	only	-	Apr	14	2:00	1:00	D
+@@ -867,7 +965,7 @@
+ Rule	Canada	2007	max	-	Nov	Sun>=1	2:00	0	S
+ 
+ 
+-# Newfoundland (and far southeast Labrador)
++# Newfoundland and Labrador
+ 
+ # From Paul Eggert (2000-10-02):
+ # Matthews and Vincent (1998) write that Labrador should use NST/NDT,
+@@ -878,20 +976,21 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	StJohns	1917	only	-	Apr	 8	2:00	1:00	D
+ Rule	StJohns	1917	only	-	Sep	17	2:00	0	S
+-# Whitman gives 1919 Apr 5 and 1920 Apr 5; go with Shanks.
++# Whitman gives 1919 Apr 5 and 1920 Apr 5; go with Shanks & Pottenger.
+ Rule	StJohns	1919	only	-	May	 5	23:00	1:00	D
+ Rule	StJohns	1919	only	-	Aug	12	23:00	0	S
+-# For 1931-1935 Whitman gives Apr same date; go with Shanks.
++# For 1931-1935 Whitman gives Apr same date; go with Shanks & Pottenger.
+ Rule	StJohns	1920	1935	-	May	Sun>=1	23:00	1:00	D
+ Rule	StJohns	1920	1935	-	Oct	lastSun	23:00	0	S
+-# For 1936-1941 Whitman gives May Sun>=8 and Oct Sun>=1; go with Shanks.
++# For 1936-1941 Whitman gives May Sun>=8 and Oct Sun>=1; go with Shanks &
++# Pottenger.
+ Rule	StJohns	1936	1941	-	May	Mon>=9	0:00	1:00	D
+ Rule	StJohns	1936	1941	-	Oct	Mon>=2	0:00	0	S
+ # Whitman gives the following transitions:
+ # 1942 03-01/12-31, 1943 05-30/09-05, 1944 07-10/09-02, 1945 01-01/10-07
+-# but go with Shanks and assume they used Canadian rules.
++# but go with Shanks & Pottenger and assume they used Canadian rules.
+ # For 1946-9 Whitman gives May 5,4,9,1 - Oct 1,5,3,2, and for 1950 he gives
+-# Apr 30 - Sep 24; go with Shanks.
++# Apr 30 - Sep 24; go with Shanks & Pottenger.
+ Rule	StJohns	1946	1950	-	May	Sun>=8	2:00	1:00	D
+ Rule	StJohns	1946	1950	-	Oct	Sun>=2	2:00	0	S
+ Rule	StJohns	1951	1986	-	Apr	lastSun	2:00	1:00	D
+@@ -901,9 +1000,12 @@
+ # INMS (2000-09-12) says that, since 1988 at least, Newfoundland switches
+ # at 00:01 local time.  For now, assume it started in 1987.
+ Rule	StJohns	1987	only	-	Apr	Sun>=1	0:01	1:00	D
+-Rule	StJohns	1987	max	-	Oct	lastSun	0:01	0	S
++Rule	StJohns	1987	2006	-	Oct	lastSun	0:01	0	S
+ Rule	StJohns	1988	only	-	Apr	Sun>=1	0:01	2:00	DD
+-Rule	StJohns	1989	max	-	Apr	Sun>=1	0:01	1:00	D
++Rule	StJohns	1989	2006	-	Apr	Sun>=1	0:01	1:00	D
++Rule	StJohns	2007	max	-	Mar	Sun>=8	0:01	1:00	D
++Rule	StJohns	2007	max	-	Nov	Sun>=1	0:01	0	S
++#
+ # St John's has an apostrophe, but Posix file names can't have apostrophes.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/St_Johns	-3:30:52 -	LMT	1884
+@@ -929,62 +1031,58 @@
+ 			-4:00	StJohns	A%sT
+ 
+ 
+-# west Labrador, New Brunswick, Nova Scotia, Prince Edward I
++# west Labrador, Nova Scotia, Prince Edward I
+ 
+-# From Paul Eggert (1996-06-12):
+-# Shanks writes that since 1970 most of this region has been like Halifax.
+-# Many locales did not observe peacetime DST until 1972;
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that since 1970 most of this region has been like
++# Halifax.  Many locales did not observe peacetime DST until 1972;
+ # Glace Bay, NS is the largest that we know of.
+-# Shanks also writes that Liverpool, NS was the only town in Canada to observe
+-# DST in 1971 but not 1970; for now we'll assume this is a typo.
+-
+-# From Paul Eggert (2000-10-02):
+-# INMS (2000-09-12) says that, since 1988 at least, New Brunswick switches
+-# at 00:01 local time.  FIXME: verify and create a new Zone for this.
+-
+-
+-# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-Rule Halifax	1916	only	-	Apr	 1	0:00	1:00	D
+-Rule Halifax	1916	only	-	Oct	 1	0:00	0	S
+-Rule Halifax	1920	only	-	May	 9	0:00	1:00	D
+-Rule Halifax	1920	only	-	Aug	29	0:00	0	S
+-Rule Halifax	1921	only	-	May	 6	0:00	1:00	D
+-Rule Halifax	1921	1922	-	Sep	 5	0:00	0	S
+-Rule Halifax	1922	only	-	Apr	30	0:00	1:00	D
+-Rule Halifax	1923	1925	-	May	Sun>=1	0:00	1:00	D
+-Rule Halifax	1923	only	-	Sep	 4	0:00	0	S
+-Rule Halifax	1924	only	-	Sep	15	0:00	0	S
+-Rule Halifax	1925	only	-	Sep	28	0:00	0	S
+-Rule Halifax	1926	only	-	May	16	0:00	1:00	D
+-Rule Halifax	1926	only	-	Sep	13	0:00	0	S
+-Rule Halifax	1927	only	-	May	 1	0:00	1:00	D
+-Rule Halifax	1927	only	-	Sep	26	0:00	0	S
+-Rule Halifax	1928	1931	-	May	Sun>=8	0:00	1:00	D
+-Rule Halifax	1928	only	-	Sep	 9	0:00	0	S
+-Rule Halifax	1929	only	-	Sep	 3	0:00	0	S
+-Rule Halifax	1930	only	-	Sep	15	0:00	0	S
+-Rule Halifax	1931	1932	-	Sep	Mon>=24	0:00	0	S
+-Rule Halifax	1932	only	-	May	 1	0:00	1:00	D
+-Rule Halifax	1933	only	-	Apr	30	0:00	1:00	D
+-Rule Halifax	1933	only	-	Oct	 2	0:00	0	S
+-Rule Halifax	1934	only	-	May	20	0:00	1:00	D
+-Rule Halifax	1934	only	-	Sep	16	0:00	0	S
+-Rule Halifax	1935	only	-	Jun	 2	0:00	1:00	D
+-Rule Halifax	1935	only	-	Sep	30	0:00	0	S
+-Rule Halifax	1936	only	-	Jun	 1	0:00	1:00	D
+-Rule Halifax	1936	only	-	Sep	14	0:00	0	S
+-Rule Halifax	1937	1938	-	May	Sun>=1	0:00	1:00	D
+-Rule Halifax	1937	1941	-	Sep	Mon>=24	0:00	0	S
+-Rule Halifax	1939	only	-	May	28	0:00	1:00	D
+-Rule Halifax	1940	1941	-	May	Sun>=1	0:00	1:00	D
+-Rule Halifax	1946	1949	-	Sep	lastSun	2:00	0	S
+-Rule Halifax	1946	1949	-	Apr	lastSun	2:00	1:00	D
+-Rule Halifax	1951	1954	-	Sep	lastSun	2:00	0	S
+-Rule Halifax	1951	1954	-	Apr	lastSun	2:00	1:00	D
+-Rule Halifax	1956	1959	-	Sep	lastSun	2:00	0	S
+-Rule Halifax	1956	1959	-	Apr	lastSun	2:00	1:00	D
+-Rule Halifax	1962	1973	-	Apr	lastSun	2:00	1:00	D
+-Rule Halifax	1962	1973	-	Oct	lastSun	2:00	0	S
++# Shanks & Pottenger also write that Liverpool, NS was the only town
++# in Canada to observe DST in 1971 but not 1970; for now we'll assume
++# this is a typo.
++
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
++Rule	Halifax	1916	only	-	Apr	 1	0:00	1:00	D
++Rule	Halifax	1916	only	-	Oct	 1	0:00	0	S
++Rule	Halifax	1920	only	-	May	 9	0:00	1:00	D
++Rule	Halifax	1920	only	-	Aug	29	0:00	0	S
++Rule	Halifax	1921	only	-	May	 6	0:00	1:00	D
++Rule	Halifax	1921	1922	-	Sep	 5	0:00	0	S
++Rule	Halifax	1922	only	-	Apr	30	0:00	1:00	D
++Rule	Halifax	1923	1925	-	May	Sun>=1	0:00	1:00	D
++Rule	Halifax	1923	only	-	Sep	 4	0:00	0	S
++Rule	Halifax	1924	only	-	Sep	15	0:00	0	S
++Rule	Halifax	1925	only	-	Sep	28	0:00	0	S
++Rule	Halifax	1926	only	-	May	16	0:00	1:00	D
++Rule	Halifax	1926	only	-	Sep	13	0:00	0	S
++Rule	Halifax	1927	only	-	May	 1	0:00	1:00	D
++Rule	Halifax	1927	only	-	Sep	26	0:00	0	S
++Rule	Halifax	1928	1931	-	May	Sun>=8	0:00	1:00	D
++Rule	Halifax	1928	only	-	Sep	 9	0:00	0	S
++Rule	Halifax	1929	only	-	Sep	 3	0:00	0	S
++Rule	Halifax	1930	only	-	Sep	15	0:00	0	S
++Rule	Halifax	1931	1932	-	Sep	Mon>=24	0:00	0	S
++Rule	Halifax	1932	only	-	May	 1	0:00	1:00	D
++Rule	Halifax	1933	only	-	Apr	30	0:00	1:00	D
++Rule	Halifax	1933	only	-	Oct	 2	0:00	0	S
++Rule	Halifax	1934	only	-	May	20	0:00	1:00	D
++Rule	Halifax	1934	only	-	Sep	16	0:00	0	S
++Rule	Halifax	1935	only	-	Jun	 2	0:00	1:00	D
++Rule	Halifax	1935	only	-	Sep	30	0:00	0	S
++Rule	Halifax	1936	only	-	Jun	 1	0:00	1:00	D
++Rule	Halifax	1936	only	-	Sep	14	0:00	0	S
++Rule	Halifax	1937	1938	-	May	Sun>=1	0:00	1:00	D
++Rule	Halifax	1937	1941	-	Sep	Mon>=24	0:00	0	S
++Rule	Halifax	1939	only	-	May	28	0:00	1:00	D
++Rule	Halifax	1940	1941	-	May	Sun>=1	0:00	1:00	D
++Rule	Halifax	1946	1949	-	Apr	lastSun	2:00	1:00	D
++Rule	Halifax	1946	1949	-	Sep	lastSun	2:00	0	S
++Rule	Halifax	1951	1954	-	Apr	lastSun	2:00	1:00	D
++Rule	Halifax	1951	1954	-	Sep	lastSun	2:00	0	S
++Rule	Halifax	1956	1959	-	Apr	lastSun	2:00	1:00	D
++Rule	Halifax	1956	1959	-	Sep	lastSun	2:00	0	S
++Rule	Halifax	1962	1973	-	Apr	lastSun	2:00	1:00	D
++Rule	Halifax	1962	1973	-	Oct	lastSun	2:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Halifax	-4:14:24 -	LMT	1902 Jun 15
+ 			-4:00	Halifax	A%sT	1918
+@@ -1000,12 +1098,110 @@
+ 			-4:00	Halifax	A%sT	1974
+ 			-4:00	Canada	A%sT
+ 
++# New Brunswick
+ 
+-# Ontario, Quebec
++# From Paul Eggert (2006-01-20):
++# New Brunswick's Time Definition Act
++#  says they change at 00:01, and
++#  makes it
++# clear that this has been the case since at least 1993.
++# For now, assume it started in 1993.
++
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
++Rule	Moncton	1933	1935	-	Jun	Sun>=8	1:00	1:00	D
++Rule	Moncton	1933	1935	-	Sep	Sun>=8	1:00	0	S
++Rule	Moncton	1936	1938	-	Jun	Sun>=1	1:00	1:00	D
++Rule	Moncton	1936	1938	-	Sep	Sun>=1	1:00	0	S
++Rule	Moncton	1939	only	-	May	27	1:00	1:00	D
++Rule	Moncton	1939	1941	-	Sep	Sat>=21	1:00	0	S
++Rule	Moncton	1940	only	-	May	19	1:00	1:00	D
++Rule	Moncton	1941	only	-	May	 4	1:00	1:00	D
++Rule	Moncton	1946	1972	-	Apr	lastSun	2:00	1:00	D
++Rule	Moncton	1946	1956	-	Sep	lastSun	2:00	0	S
++Rule	Moncton	1957	1972	-	Oct	lastSun	2:00	0	S
++Rule	Moncton	1993	2006	-	Apr	Sun>=1	0:01	1:00	D
++Rule	Moncton	1993	2006	-	Oct	lastSun	0:01	0	S
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
++Zone America/Moncton	-4:19:08 -	LMT	1883 Dec  9
++			-5:00	-	EST	1902 Jun 15
++			-4:00	Canada	A%sT	1933
++			-4:00	Moncton	A%sT	1942
++			-4:00	Canada	A%sT	1946
++			-4:00	Moncton	A%sT	1973
++			-4:00	Canada	A%sT	1993
++			-4:00	Moncton	A%sT	2007
++			-4:00	Canada	A%sT
+ 
+-# From Paul Eggert (1996-06-12):
+-# Shanks writes that since 1970 most of Ontario has been like Toronto,
+-# and most of Quebec has been like Montreal.
++# Quebec
++
++# From Paul Eggert (2006-07-09):
++# Shanks & Pottenger write that since 1970 most of Quebec has been
++# like Montreal.
++
++# From Paul Eggert (2006-06-27):
++# Matthews and Vincent (1998) also write that Quebec east of the -63
++# meridian is supposed to observe AST, but residents as far east as
++# Natashquan use EST/EDT, and residents east of Natashquan use AST.
++# In "Official time in Quebec" the Quebec department of justice writes in
++# http://www.justice.gouv.qc.ca/english/publications/generale/temps-regl-1-a.htm
++# that "The residents of the Municipality of the
++# Cote-Nord-du-Golfe-Saint-Laurent and the municipalities of Saint-Augustin,
++# Bonne-Esperance and Blanc-Sablon apply the Official Time Act as it is
++# written and use Atlantic standard time all year round. The same applies to
++# the residents of the Native facilities along the lower North Shore."
++# 
++# says this common practice was codified into law as of 2007.
++# For lack of better info, guess this practice began around 1970, contra to
++# Shanks & Pottenger who have this region observing AST/ADT.
++
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
++Rule	Mont	1917	only	-	Mar	25	2:00	1:00	D
++Rule	Mont	1917	only	-	Apr	24	0:00	0	S
++Rule	Mont	1919	only	-	Mar	31	2:30	1:00	D
++Rule	Mont	1919	only	-	Oct	25	2:30	0	S
++Rule	Mont	1920	only	-	May	 2	2:30	1:00	D
++Rule	Mont	1920	1922	-	Oct	Sun>=1	2:30	0	S
++Rule	Mont	1921	only	-	May	 1	2:00	1:00	D
++Rule	Mont	1922	only	-	Apr	30	2:00	1:00	D
++Rule	Mont	1924	only	-	May	17	2:00	1:00	D
++Rule	Mont	1924	1926	-	Sep	lastSun	2:30	0	S
++Rule	Mont	1925	1926	-	May	Sun>=1	2:00	1:00	D
++# The 1927-to-1937 rules can be expressed more simply as
++# Rule	Mont	1927	1937	-	Apr	lastSat	24:00	1:00	D
++# Rule	Mont	1927	1937	-	Sep	lastSat	24:00	0	S
++# The rules below avoid use of 24:00
++# (which pre-1998 versions of zic cannot handle).
++Rule	Mont	1927	only	-	May	1	0:00	1:00	D
++Rule	Mont	1927	1932	-	Sep	lastSun	0:00	0	S
++Rule	Mont	1928	1931	-	Apr	lastSun	0:00	1:00	D
++Rule	Mont	1932	only	-	May	1	0:00	1:00	D
++Rule	Mont	1933	1940	-	Apr	lastSun	0:00	1:00	D
++Rule	Mont	1933	only	-	Oct	1	0:00	0	S
++Rule	Mont	1934	1939	-	Sep	lastSun	0:00	0	S
++Rule	Mont	1946	1973	-	Apr	lastSun	2:00	1:00	D
++Rule	Mont	1945	1948	-	Sep	lastSun	2:00	0	S
++Rule	Mont	1949	1950	-	Oct	lastSun	2:00	0	S
++Rule	Mont	1951	1956	-	Sep	lastSun	2:00	0	S
++Rule	Mont	1957	1973	-	Oct	lastSun	2:00	0	S
++
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
++Zone America/Blanc-Sablon -3:48:28 -	LMT	1884
++			-4:00	Canada	A%sT	1970
++			-4:00	-	AST
++Zone America/Montreal	-4:54:16 -	LMT	1884
++			-5:00	Mont	E%sT	1918
++			-5:00	Canada	E%sT	1919
++			-5:00	Mont	E%sT	1942 Feb  9 2:00s
++			-5:00	Canada	E%sT	1946
++			-5:00	Mont	E%sT	1974
++			-5:00	Canada	E%sT
++
++
++# Ontario
++
++# From Paul Eggert (2006-07-09):
++# Shanks & Pottenger write that since 1970 most of Ontario has been like
++# Toronto.
+ # Thunder Bay skipped DST in 1973.
+ # Many smaller locales did not observe peacetime DST until 1974;
+ # Nipigon (EST) and Rainy River (CST) are the largest that we know of.
+@@ -1035,50 +1231,46 @@
+ # says that Ontario east of 90W uses EST/EDT, and west of 90W uses CST/CDT.
+ # Officially Atikokan is therefore on CST/CDT, and most likely this report
+ # concerns a non-official time observed as a matter of local practice.
+-# For what it's worth, Shanks says that Atikokan has agreed with
+-# Rainy River ever since standard time was introduced.
+-
++#
+ # From Paul Eggert (2000-10-02):
+ # Matthews and Vincent (1998) write that Atikokan, Pickle Lake, and
+ # New Osnaburgh observe CST all year, that Big Trout Lake observes
+ # CST/CDT, and that Upsala and Shebandowan observe EST/EDT, all in
+ # violation of the official Ontario rules.
+-# They also write that Quebec east of the -63 meridian is supposed to
+-# observe AST, but residents as far east as Natashquan use EST/EDT,
+-# and residents east of Natashquan use AST.
+-# We probably need Zones for far east Quebec and for Atikokan,
+-# but we don't know when their practices started.
++#
++# From Paul Eggert (2006-07-09):
++# Chris Walton (2006-07-06) mentioned an article by Stephanie MacLellan in the
++# 2005-07-21 Chronicle-Journal, which said:
++#
++#	The clocks in Atikokan stay set on standard time year-round.
++#	This means they spend about half the time on central time and
++#	the other half on eastern time.
++#
++#	For the most part, the system works, Mayor Dennis Brown said.
++#
++#	"The majority of businesses in Atikokan deal more with Eastern
++#	Canada, but there are some that deal with Western Canada," he
++#	said.  "I don't see any changes happening here."
++#
++# Walton also writes "Supposedly Pickle Lake and Mishkeegogamang
++# [New Osnaburgh] follow the same practice."
++
++# From Garry McKinnon (2006-07-14) via Chris Walton:
++# I chatted with a member of my board who has an outstanding memory
++# and a long history in Atikokan (and in the telecom industry) and he
++# can say for certain that Atikokan has been practicing the current
++# time keeping since 1952, at least.
++
++# From Paul Eggert (2006-07-17):
++# Shanks & Pottenger say that Atikokan has agreed with Rainy River
++# ever since standard time was introduced, but the information from
++# McKinnon sounds more authoritative.  For now, assume that Atikokan
++# switched to EST immediately after WWII era daylight saving time
++# ended.  This matches the old (less-populous) America/Coral_Harbour
++# entry since our cutoff date of 1970, so we can move
++# America/Coral_Harbour to the 'backward' file.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-Rule	Mont	1917	only	-	Mar	25	2:00	1:00	D
+-Rule	Mont	1917	only	-	Apr	24	0:00	0	S
+-Rule	Mont	1919	only	-	Mar	31	2:30	1:00	D
+-Rule	Mont	1919	only	-	Oct	25	2:30	0	S
+-Rule	Mont	1920	only	-	May	 2	2:30	1:00	D
+-Rule	Mont	1920	1922	-	Oct	Sun>=1	2:30	0	S
+-Rule	Mont	1921	only	-	May	 1	2:00	1:00	D
+-Rule	Mont	1922	only	-	Apr	30	2:00	1:00	D
+-Rule	Mont	1924	only	-	May	17	2:00	1:00	D
+-Rule	Mont	1924	1926	-	Sep	lastSun	2:30	0	S
+-Rule	Mont	1925	1926	-	May	Sun>=1	2:00	1:00	D
+-# The 1927-to-1937 rules can be expressed more simply as
+-# Rule	Mont	1927	1937	-	Apr	lastSat	24:00	1:00	D
+-# Rule	Mont	1927	1937	-	Sep	lastSat	24:00	0	S
+-# The rules below avoid use of 24:00
+-# (which pre-1998 versions of zic cannot handle).
+-Rule	Mont	1927	only	-	May	1	0:00	1:00	D
+-Rule	Mont	1927	1932	-	Sep	lastSun	0:00	0	S
+-Rule	Mont	1928	1931	-	Apr	lastSun	0:00	1:00	D
+-Rule	Mont	1932	only	-	May	1	0:00	1:00	D
+-Rule	Mont	1933	1940	-	Apr	lastSun	0:00	1:00	D
+-Rule	Mont	1933	only	-	Oct	1	0:00	0	S
+-Rule	Mont	1934	1939	-	Sep	lastSun	0:00	0	S
+-Rule	Mont	1946	1973	-	Apr	lastSun	2:00	1:00	D
+-Rule	Mont	1945	1948	-	Sep	lastSun	2:00	0	S
+-Rule	Mont	1949	1950	-	Oct	lastSun	2:00	0	S
+-Rule	Mont	1951	1956	-	Sep	lastSun	2:00	0	S
+-Rule	Mont	1957	1973	-	Oct	lastSun	2:00	0	S
+-
+ Rule	Toronto	1919	only	-	Mar	30	23:30	1:00	D
+ Rule	Toronto	1919	only	-	Oct	26	0:00	0	S
+ Rule	Toronto	1920	only	-	May	 2	2:00	1:00	D
+@@ -1086,7 +1278,8 @@
+ Rule	Toronto	1921	only	-	May	15	2:00	1:00	D
+ Rule	Toronto	1921	only	-	Sep	15	2:00	0	S
+ Rule	Toronto	1922	1923	-	May	Sun>=8	2:00	1:00	D
+-# Shanks says 1923-09-19; assume it's a typo and that "-16" was meant.
++# Shanks & Pottenger say 1923-09-19; assume it's a typo and that "-16"
++# was meant.
+ Rule	Toronto	1922	1926	-	Sep	Sun>=15	2:00	0	S
+ Rule	Toronto	1924	1927	-	May	Sun>=1	2:00	1:00	D
+ # The 1927-to-1939 rules can be expressed more simply as
+@@ -1110,9 +1303,10 @@
+ Rule	Toronto	1950	1973	-	Apr	lastSun	2:00	1:00	D
+ Rule	Toronto	1950	only	-	Nov	lastSun	2:00	0	S
+ Rule	Toronto	1951	1956	-	Sep	lastSun	2:00	0	S
+-# Shanks says Toronto ended DST a week early in 1971, namely on 1971-10-24,
+-# but Mark Brader wrote (2003-05-31) that he checked the 1971-10-30 issue
+-# of the Toronto Star, and it said that DST ended 1971-10-31 as usual.
++# Shanks & Pottenger say Toronto ended DST a week early in 1971,
++# namely on 1971-10-24, but Mark Brader wrote (2003-05-31) that this
++# is wrong, and that he had confirmed it by checking the 1971-10-30
++# Toronto Star, which said that DST was ending 1971-10-31 as usual.
+ Rule	Toronto	1957	1973	-	Oct	lastSun	2:00	0	S
+ 
+ # From Paul Eggert (2003-07-27):
+@@ -1134,13 +1328,6 @@
+ # months for the remainder of the war years.
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone America/Montreal	-4:54:16 -	LMT	1884
+-			-5:00	Mont	E%sT	1918
+-			-5:00	Canada	E%sT	1919
+-			-5:00	Mont	E%sT	1942 Feb  9 2:00s
+-			-5:00	Canada	E%sT	1946
+-			-5:00	Mont	E%sT	1974
+-			-5:00	Canada	E%sT
+ Zone America/Toronto	-5:17:32 -	LMT	1895
+ 			-5:00	Canada	E%sT	1919
+ 			-5:00	Toronto	E%sT	1942 Feb  9 2:00s
+@@ -1158,14 +1345,38 @@
+ 			-5:00	Canada	E%sT	1940 Sep 29
+ 			-5:00	1:00	EDT	1942 Feb  9 2:00s
+ 			-5:00	Canada	E%sT
+-Zone America/Rainy_River -6:17:56 -	LMT	1895
++Zone America/Rainy_River -6:18:16 -	LMT	1895
+ 			-6:00	Canada	C%sT	1940 Sep 29
+ 			-6:00	1:00	CDT	1942 Feb  9 2:00s
+ 			-6:00	Canada	C%sT
++Zone America/Atikokan	-6:06:28 -	LMT	1895
++			-6:00	Canada	C%sT	1940 Sep 29
++			-6:00	1:00	CDT	1942 Feb  9 2:00s
++			-6:00	Canada	C%sT	1945 Sep 30 2:00
++			-5:00	-	EST
+ 
+ 
+ # Manitoba
+ 
++# From Rob Douglas (2006-04-06):
++# the old Manitoba Time Act - as amended by Bill 2, assented to
++# March 27, 1987 ... said ...
++# "between two o'clock Central Standard Time in the morning of
++# the first Sunday of April of each year and two o'clock Central
++# Standard Time in the morning of the last Sunday of October next
++# following, one hour in advance of Central Standard Time."...
++# I believe that the English legislation [of the old time act] had =
++# been assented to (March 22, 1967)....
++# Also, as far as I can tell, there was no order-in-council varying
++# the time of Daylight Saving Time for 2005 and so the provisions of
++# the 1987 version would apply - the changeover was at 2:00 Central
++# Standard Time (i.e. not until 3:00 Central Daylight Time).
++
++# From Paul Eggert (2006-04-10):
++# Shanks & Pottenger say Manitoba switched at 02:00 (not 02:00s)
++# starting 1966.  Since 02:00s is clearly correct for 1967 on, assume
++# it was also 02:00s in 1966.
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Winn	1916	only	-	Apr	23	0:00	1:00	D
+ Rule	Winn	1916	only	-	Sep	17	0:00	0	S
+@@ -1188,18 +1399,13 @@
+ Rule	Winn	1960	only	-	Sep	lastSun	2:00	0	S
+ Rule	Winn	1963	only	-	Apr	lastSun	2:00	1:00	D
+ Rule	Winn	1963	only	-	Sep	22	2:00	0	S
+-Rule	Winn	1966	1986	-	Apr	lastSun	2:00	1:00	D
+-Rule	Winn	1966	1986	-	Oct	lastSun	2:00	0	S
+-Rule	Winn	1987	2006	-	Apr	Sun>=1	2:00s	1:00	D
+-# From Paul Eggert (2000-10-02):
+-# INMS (2000-09-12) says that, since 1988 at least, Manitoba switches from
+-# DST at 03:00 local time.  For now, assume it started in 1987.
+-Rule	Winn	1987	2006	-	Oct	lastSun	2:00s	0	S
+-Rule	Winn	2007	max	-	Mar	Sun>=8	2:00s	1:00	D
+-Rule	Winn	2007	max	-	Nov	Sun>=1	2:00s	0	S
++Rule	Winn	1966	1986	-	Apr	lastSun	2:00s	1:00	D
++Rule	Winn	1966	2005	-	Oct	lastSun	2:00s	0	S
++Rule	Winn	1987	2005	-	Apr	Sun>=1	2:00s	1:00	D
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Winnipeg	-6:28:36 -	LMT	1887 Jul 16
+-			-6:00	Winn	C%sT
++			-6:00	Winn	C%sT	2006
++			-6:00	Canada	C%sT
+ 
+ 
+ # Saskatchewan
+@@ -1218,8 +1424,8 @@
+ # Willett (1914-03) notes that DST "has been in operation ... in the
+ # City of Moose Jaw, Saskatchewan, for one year."
+ 
+-# From Paul Eggert (2000-10-02):
+-# Shanks writes that since 1970 most of this region has been like Regina.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say that since 1970 this region has mostly been as Regina.
+ # Some western towns (e.g. Swift Current) switched from MST/MDT to CST in 1972.
+ # Other western towns (e.g. Lloydminster) are like Edmonton.
+ # Matthews and Vincent (1998) write that Denare Beach and Creighton
+@@ -1251,6 +1457,11 @@
+ # rules any more; all other districts appear to have used CST year round
+ # since sometime in the 1960s.
+ 
++# From Chris Walton (2006-06-26):
++# The Saskatchewan time act which was last updated in 1996 is about 30 pages
++# long and rather painful to read.
++# http://www.qp.gov.sk.ca/documents/English/Statutes/Statutes/T14.pdf
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Regina	1918	only	-	Apr	14	2:00	1:00	D
+ Rule	Regina	1918	only	-	Oct	31	2:00	0	S
+@@ -1305,17 +1516,18 @@
+ Rule	Edm	1969	only	-	Apr	lastSun	2:00	1:00	D
+ Rule	Edm	1969	only	-	Oct	lastSun	2:00	0	S
+ Rule	Edm	1972	1986	-	Apr	lastSun	2:00	1:00	D
+-Rule	Edm	1972	max	-	Oct	lastSun	2:00	0	S
+-Rule	Edm	1987	max	-	Apr	Sun>=1	2:00	1:00	D
++Rule	Edm	1972	2006	-	Oct	lastSun	2:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Edmonton	-7:33:52 -	LMT	1906 Sep
+-			-7:00	Edm	M%sT
++			-7:00	Edm	M%sT	1987
++			-7:00	Canada	M%sT
+ 
+ 
+ # British Columbia
+ 
+-# From Paul Eggert (2000-10-02):
+-# Shanks writes that since 1970 most of this region has been like Vancouver.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that since 1970 most of this region has
++# been like Vancouver.
+ # Dawson Creek uses MST.  Much of east BC is like Edmonton.
+ # Matthews and Vincent (1998) write that Creston is like Dawson Creek.
+ 
+@@ -1328,11 +1540,11 @@
+ Rule	Vanc	1946	1986	-	Apr	lastSun	2:00	1:00	D
+ Rule	Vanc	1946	only	-	Oct	13	2:00	0	S
+ Rule	Vanc	1947	1961	-	Sep	lastSun	2:00	0	S
+-Rule	Vanc	1962	max	-	Oct	lastSun	2:00	0	S
+-Rule	Vanc	1987	max	-	Apr	Sun>=1	2:00	1:00	D
++Rule	Vanc	1962	2006	-	Oct	lastSun	2:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Vancouver	-8:12:28 -	LMT	1884
+-			-8:00	Vanc	P%sT
++			-8:00	Vanc	P%sT	1987
++			-8:00	Canada	P%sT
+ Zone America/Dawson_Creek -8:00:56 -	LMT	1884
+ 			-8:00	Canada	P%sT	1947
+ 			-8:00	Vanc	P%sT	1972 Aug 30 2:00
+@@ -1341,7 +1553,7 @@
+ 
+ # Northwest Territories, Nunavut, Yukon
+ 
+-# From Paul Eggert (1999-10-29):
++# From Paul Eggert (2006-03-22):
+ # Dawson switched to PST in 1973.  Inuvik switched to MST in 1979.
+ # Mathew Englander (1996-10-07) gives the following refs:
+ #	* 1967. Paragraph 28(34)(g) of the Interpretation Act, S.C. 1967-68,
+@@ -1350,7 +1562,12 @@
+ #	* C.O. 1973/214 switched Yukon to PST on 1973-10-28 00:00.
+ #	* O.I.C. 1980/02 established DST.
+ #	* O.I.C. 1987/056 changed DST to Apr firstSun 2:00 to Oct lastSun 2:00.
+-# Shanks says Yukon's 1973-10-28 switch was at 2:00; go with Englander.
++# Shanks & Pottenger say Yukon's 1973-10-28 switch was at 2:00; go
++# with Englander.
++# From Chris Walton (2006-06-26):
++# Here is a link to the old daylight saving portion of the interpretation
++# act which was last updated in 1987:
++# http://www.gov.yk.ca/legislation/regs/oic1987_056.pdf
+ 
+ # From Rives McDow (1999-09-04):
+ # Nunavut ... moved ... to incorporate the whole territory into one time zone.
+@@ -1459,6 +1676,10 @@
+ # For lack of better information, assume that Southampton Island observed
+ # daylight saving only during wartime.
+ 
++# From Chris Walton (2006-07-19):
++# The government of Yukon Territory ... recently announced it will extend
++# daylight saving in 2007....  http://www.gov.yk.ca/news/2006/06-164.html
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	NT_YK	1918	only	-	Apr	14	2:00	1:00	D
+ Rule	NT_YK	1918	only	-	Oct	27	2:00	0	S
+@@ -1470,8 +1691,8 @@
+ Rule	NT_YK	1965	only	-	Apr	lastSun	0:00	2:00	DD
+ Rule	NT_YK	1965	only	-	Oct	lastSun	2:00	0	S
+ Rule	NT_YK	1980	1986	-	Apr	lastSun	2:00	1:00	D
+-Rule	NT_YK	1980	max	-	Oct	lastSun	2:00	0	S
+-Rule	NT_YK	1987	max	-	Apr	Sun>=1	2:00	1:00	D
++Rule	NT_YK	1980	2006	-	Oct	lastSun	2:00	0	S
++Rule	NT_YK	1987	2006	-	Apr	Sun>=1	2:00	1:00	D
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Pangnirtung -4:22:56 -	LMT	1884
+ 			-4:00	NT_YK	A%sT	1995 Apr Sun>=1 2:00
+@@ -1482,10 +1703,11 @@
+ 			-5:00	NT_YK	E%sT	1999 Oct 31 2:00
+ 			-6:00	Canada	C%sT	2000 Oct 29 2:00
+ 			-5:00	Canada	E%sT
+-Zone America/Coral_Harbour -5:32:40 -	LMT	1884
+-			-5:00	NT_YK	E%sT	1946
+-			-5:00	-	EST
+-Zone America/Rankin_Inlet -6:08:40 -	LMT	1884
++# Now subsumed by America/Atikokan.
++#Zone America/Coral_Harbour -5:32:40 -	LMT	1884
++#			-5:00	NT_YK	E%sT	1946
++#			-5:00	-	EST
++Zone America/Rankin_Inlet -6:08:20 -	LMT	1884
+ 			-6:00	NT_YK	C%sT	2000 Oct 29 2:00
+ 			-5:00	-	EST	2001 Apr  1 3:00
+ 			-6:00	Canada	C%sT
+@@ -1496,16 +1718,20 @@
+ 			-6:00	-	CST	2001 Apr  1 3:00
+ 			-7:00	Canada	M%sT
+ Zone America/Yellowknife -7:37:24 -	LMT	1884
+-			-7:00	NT_YK	M%sT
+-Zone America/Inuvik	-8:54:00 -	LMT	1884
++			-7:00	NT_YK	M%sT	1980
++			-7:00	Canada	M%sT
++Zone America/Inuvik	-8:54:52 -	LMT	1884
+ 			-8:00	NT_YK	P%sT	1979 Apr lastSun 2:00
+-			-7:00	NT_YK	M%sT
++			-7:00	NT_YK	M%sT	1980
++			-7:00	Canada	M%sT
+ Zone America/Whitehorse	-9:00:12 -	LMT	1900 Aug 20
+ 			-9:00	NT_YK	Y%sT	1966 Jul 1 2:00
+-			-8:00	NT_YK	P%sT
++			-8:00	NT_YK	P%sT	1980
++			-8:00	Canada	P%sT
+ Zone America/Dawson	-9:17:40 -	LMT	1900 Aug 20
+ 			-9:00	NT_YK	Y%sT	1973 Oct 28 0:00
+-			-8:00	NT_YK	P%sT
++			-8:00	NT_YK	P%sT	1980
++			-8:00	Canada	P%sT
+ 
+ 
+ ###############################################################################
+@@ -1519,16 +1745,12 @@
+ # history of Mexican local time (in Spanish)
+ # .
+ #
+-# Here are the discrepancies between Shanks and the MLoC.
++# Here are the discrepancies between Shanks & Pottenger (S&P) and the MLoC.
+ # (In all cases we go with the MLoC.)
+-# Shanks reports that Baja was at -8:00 in 1922/1923.
+-# Shanks says the 1930 transition in Baja was 1930-11-16.
+-# Shanks reports no DST during summer 1931.
+-# Shanks reports a transition at 1932-03-30 23:00, not 1932-04-01.
+-# Shanks does not report transitions for Baja in 1945 or 1948.
+-# Shanks reports southern Mexico transitions on 1981-12-01, not 12-23.
+-# Shanks says Quintana Roo switched to -6:00 on 1982-12-02, and to -5:00
+-# on 1997-10-26 at 02:00.
++# S&P report that Baja was at -8:00 in 1922/1923.
++# S&P say the 1930 transition in Baja was 1930-11-16.
++# S&P report no DST during summer 1931.
++# S&P report a transition at 1932-03-30 23:00, not 1932-04-01.
+ 
+ # From Gwillim Law (2001-02-20):
+ # There are some other discrepancies between the Decrees page and the
+@@ -1536,10 +1758,6 @@
+ # the researchers who prepared the Decrees page failed to find some of
+ # the relevant documents.
+ 
+-# From Paul Eggert (2000-07-26):
+-# Shanks gives 1942-04-01 instead of 1942-04-24, and omits the 1981
+-# and 1988 DST experiments.  Go with spin.com.mx.
+-
+ # From Alan Perry (1996-02-15):
+ # A guy from our Mexico subsidiary finally found the Presidential Decree
+ # outlining the timezone changes in Mexico.
+@@ -1739,7 +1957,8 @@
+ 			-8:00	-	PST	1931 Apr  1
+ 			-8:00	1:00	PDT	1931 Sep 30
+ 			-8:00	-	PST	1942 Apr 24
+-			-8:00	1:00	PWT	1945 Nov 12
++			-8:00	1:00	PWT	1945 Aug 14 23:00u
++			-8:00	1:00	PPT	1945 Nov 12 # Peace
+ 			-8:00	-	PST	1948 Apr  5
+ 			-8:00	1:00	PDT	1949 Jan 14
+ 			-8:00	-	PST	1954
+@@ -1749,12 +1968,13 @@
+ 			-8:00	Mexico	P%sT	2001
+ 			-8:00	US	P%sT	2002 Feb 20
+ 			-8:00	Mexico	P%sT
+-# From Paul Eggert (2001-03-05):
++# From Paul Eggert (2006-03-22):
+ # Formerly there was an America/Ensenada zone, which differed from
+ # America/Tijuana only in that it did not observe DST from 1976
+-# through 1995.  This was as per Shanks.  However, Guy Harris reports
++# through 1995.  This was as per Shanks (1999).  But Shanks & Pottenger say
++# Ensenada did not observe DST from 1948 through 1975.  Guy Harris reports
+ # that the 1987 OAG says "Only Ensenada, Mexicale, San Felipe and
+-# Tijuana observe DST," which contradicts Shanks but does imply that
++# Tijuana observe DST," which agrees with Shanks & Pottenger but implies that
+ # DST-observance was a town-by-town matter back then.  This concerns
+ # data after 1970 so most likely there should be at least one Zone
+ # other than America/Tijuana for Baja, but it's not clear yet what its
+@@ -1798,7 +2018,7 @@
+ 			-4:00	Barb	A%sT
+ 
+ # Belize
+-# Whitman entirely disagrees with Shanks; go with Shanks.
++# Whitman entirely disagrees with Shanks; go with Shanks & Pottenger.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Belize	1918	1942	-	Oct	Sun>=2	0:00	0:30	HD
+ Rule	Belize	1919	1943	-	Feb	Sun>=9	0:00	0	S
+@@ -1811,10 +2031,20 @@
+ 			-6:00	Belize	C%sT
+ 
+ # Bermuda
++
++# From Dan Jones, reporting in The Royal Gazette (2006-06-26):
++
++# Next year, however, clocks in the US will go forward on the second Sunday
++# in March, until the first Sunday in November.  And, after the Time Zone
++# (Seasonal Variation) Bill 2006 was passed in the House of Assembly on
++# Friday, the same thing will happen in Bermuda.
++# http://www.theroyalgazette.com/apps/pbcs.dll/article?AID=/20060529/NEWS/105290135
++
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Atlantic/Bermuda	-4:19:04 -	LMT	1930 Jan  1 2:00    # Hamilton
+ 			-4:00	-	AST	1974 Apr 28 2:00
+-			-4:00	Bahamas	A%sT
++			-4:00	Bahamas	A%sT	1976
++			-4:00	US	A%sT
+ 
+ # Cayman Is
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -1827,7 +2057,8 @@
+ Rule	CR	1979	1980	-	Feb	lastSun	0:00	1:00	D
+ Rule	CR	1979	1980	-	Jun	Sun>=1	0:00	0	S
+ Rule	CR	1991	1992	-	Jan	Sat>=15	0:00	1:00	D
+-# IATA SSIM (1991-09) says the following was at 1:00; go with Shanks.
++# IATA SSIM (1991-09) says the following was at 1:00;
++# go with Shanks & Pottenger.
+ Rule	CR	1991	only	-	Jul	 1	0:00	0	S
+ Rule	CR	1992	only	-	Mar	15	0:00	0	S
+ # There are too many San Joses elsewhere, so we'll use `Costa Rica'.
+@@ -1853,18 +2084,23 @@
+ 
+ # From Evert van der Veer via Steffen Thorsen (2004-10-28):
+ # Cuba is not going back to standard time this year.
+-# From Paul Eggert (2004-10-28):
++# From Paul Eggert (2006-03-22):
+ # http://www.granma.cu/ingles/2004/septiembre/juev30/41medid-i.html
+ # says that it's due to a problem at the Antonio Guiteras
+ # thermoelectric plant, and says "This October there will be no return
+ # to normal hours (after daylight saving time)".
+-# For now, let's assume that it's a one-year temporary measure.
++# For now, let's assume that it's a temporary measure.
+ 
+ # From Carlos A. Carnero Delgado (2005-11-12):
+ # This year (just like in 2004-2005) there's no change in time zone
+ # adjustment in Cuba.  We will stay in daylight saving time:
+ # http://www.granma.cu/espanol/2005/noviembre/mier9/horario.html
+ 
++# From Steffen Thorsen (2006-08-17):
++# It is likely that they are not reverting back to standard time this
++# year either, based on the number of responses I have got from users
++# (when my site claimed Cuba will end DST on lastSun/October)
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Cuba	1928	only	-	Jun	10	0:00	1:00	D
+ Rule	Cuba	1928	only	-	Oct	10	0:00	0	S
+@@ -1895,7 +2131,7 @@
+ Rule	Cuba	1998	1999	-	Mar	lastSun	0:00s	1:00	D
+ Rule	Cuba	1998	2003	-	Oct	lastSun	0:00s	0	S
+ Rule	Cuba	2000	max	-	Apr	Sun>=1	0:00s	1:00	D
+-Rule	Cuba	2006	max	-	Oct	lastSun	0:00s	0	S
++Rule	Cuba	2007	max	-	Oct	lastSun	0:00s	0	S
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Havana	-5:29:28 -	LMT	1890
+@@ -1943,6 +2179,7 @@
+ 			-4:00	-	AST
+ 
+ # El Salvador
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Salv	1987	1988	-	May	Sun>=1	0:00	1:00	D
+ Rule	Salv	1987	1988	-	Sep	lastSun	0:00	0	S
+@@ -1963,6 +2200,19 @@
+ 			-4:00	-	AST
+ 
+ # Guatemala
++#
++# From Gwillim Law (2006-04-22), after a heads-up from Oscar van Vlijmen:
++# Diario Co Latino, at
++# http://www.diariocolatino.com/internacionales/detalles.asp?NewsID=8079,
++# says in an article dated 2006-04-19 that the Guatemalan government had
++# decided on that date to advance official time by 60 minutes, to lessen the
++# impact of the elevated cost of oil....  Daylight saving time will last from
++# 2006-04-29 24:00 (Guatemalan standard time) to 2006-09-30 (time unspecified).
++# From Paul Eggert (2006-06-22):
++# The Ministry of Energy and Mines, press release CP-15/2006
++# (2006-04-19), says DST ends at 24:00.  See
++# .
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Guat	1973	only	-	Nov	25	0:00	1:00	D
+ Rule	Guat	1974	only	-	Feb	24	0:00	0	S
+@@ -1970,6 +2220,8 @@
+ Rule	Guat	1983	only	-	Sep	22	0:00	0	S
+ Rule	Guat	1991	only	-	Mar	23	0:00	1:00	D
+ Rule	Guat	1991	only	-	Sep	 7	0:00	0	S
++Rule	Guat	2006	only	-	Apr	30	0:00	1:00	D
++Rule	Guat	2006	only	-	Oct	 1	0:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Guatemala	-6:02:04 -	LMT	1918 Oct 5
+ 			-6:00	Guat	C%sT
+@@ -1994,26 +2246,67 @@
+ #   October 2005.
+ #
+ #  "Port-au-Prince, March 31, 2005"
++#
++# From Steffen Thorsen (2006-04-04):
++# I have been informed by users that Haiti observes DST this year like
++# last year, so the current "only" rule for 2005 might be changed to a
++# "max" rule or to last until 2006. (Who knows if they will observe DST
++# next year or if they will extend their DST like US/Canada next year).
++#
++# I have found this article about it (in French):
++# http://www.haitipressnetwork.com/news.cfm?articleID=7612
++#
++# The reason seems to be an energy crisis.
++
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Haiti	1983	only	-	May	8	0:00	1:00	D
+ Rule	Haiti	1984	1987	-	Apr	lastSun	0:00	1:00	D
+ Rule	Haiti	1983	1987	-	Oct	lastSun	0:00	0	S
+-# Shanks says AT is 2:00, but IATA SSIM (1991/1997) says 1:00s.  Go with IATA.
++# Shanks & Pottenger say AT is 2:00, but IATA SSIM (1991/1997) says 1:00s.
++# Go with IATA.
+ Rule	Haiti	1988	1997	-	Apr	Sun>=1	1:00s	1:00	D
+ Rule	Haiti	1988	1997	-	Oct	lastSun	1:00s	0	S
+-Rule	Haiti	2005	only	-	Apr	Sun>=1	0:00	1:00	D
+-Rule	Haiti	2005	only	-	Oct	lastSun	0:00	0	S
++Rule	Haiti	2005	max	-	Apr	Sun>=1	0:00	1:00	D
++Rule	Haiti	2005	max	-	Oct	lastSun	0:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Port-au-Prince -4:49:20 -	LMT	1890
+ 			-4:49	-	PPMT	1917 Jan 24 12:00 # P-a-P MT
+ 			-5:00	Haiti	E%sT
+ 
+ # Honduras
+-# Shanks says 1921 Jan 1; go with Whitman's more precise Apr 1.
++# Shanks & Pottenger say 1921 Jan 1; go with Whitman's more precise Apr 1.
++
++# From Paul Eggert (2006-05-05):
++# worldtimezone.com reports a 2006-05-02 Spanish-language AP article
++# saying Honduras will start using DST midnight Saturday, effective 4
++# months until September.  La Tribuna reported today
++#  that Manuel Zelaya, the president
++# of Honduras, refused to back down on this.
++
++# From Jesper Norgaard Welen (2006-08-08):
++# It seems that Honduras has returned from DST to standard time this Monday at
++# 00:00 hours (prolonging Sunday to 25 hours duration).
++# http://www.worldtimezone.com/dst_news/dst_news_honduras04.html
++
++# From Paul Eggert (2006-08-08):
++# Also see Diario El Heraldo, The country returns to standard time (2006-08-08)
++# .
++# It mentions executive decree 18-2006.
++
++# From Steffen Thorsen (2006-08-17):
++# Honduras will observe DST from 2007 to 2009, exact dates are not
++# published, I have located this authoritative source:
++# http://www.presidencia.gob.hn/noticia.aspx?nId=47
++
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
++Rule	Hond	1987	1988	-	May	Sun>=1	0:00	1:00	D
++Rule	Hond	1987	1988	-	Sep	lastSun	0:00	0	S
++Rule	Hond	2006	2009	-	May	Sun>=1	0:00	1:00	D
++Rule	Hond	2006	2009	-	Aug	Mon>=1	0:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Tegucigalpa -5:48:52 -	LMT	1921 Apr
+-			-6:00	Salv	C%sT
++			-6:00	Hond	C%sT
+ #
+ # Great Swan I ceded by US to Honduras in 1972
+ 
+@@ -2025,7 +2318,7 @@
+ # From U. S. Naval Observatory (1989-01-19):
+ # JAMAICA             5 H  BEHIND UTC
+ 
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Jamaica	-5:07:12 -	LMT	1890		# Kingston
+ 			-5:07:12 -	KMT	1912 Feb    # Kingston Mean Time
+@@ -2042,18 +2335,16 @@
+ 			-4:00	-	AST
+ 
+ # Montserrat
+-# From Paul Eggert (1997-08-31):
+-# Recent volcanic eruptions have forced evacuation of Plymouth, the capital.
+-# Luckily, Olveston, the current de facto capital, has the same longitude.
++# From Paul Eggert (2006-03-22):
++# In 1995 volcanic eruptions forced evacuation of Plymouth, the capital.
++# world.gazetteer.com says Cork Hill is the most populous location now.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone America/Montserrat	-4:08:52 -	LMT	1911 Jul 1 0:01   # Olveston
++Zone America/Montserrat	-4:08:52 -	LMT	1911 Jul 1 0:01   # Cork Hill
+ 			-4:00	-	AST
+ 
+ # Nicaragua
+ #
+-# From Steffen Thorsen (1998-12-29):
+-# Nicaragua seems to be back at -6:00 but I have not been able to find when
+-# they changed from -5:00.
++# This uses Shanks & Pottenger for times before 2005.
+ #
+ # From Steffen Thorsen (2005-04-12):
+ # I've got reports from 8 different people that Nicaragua just started
+@@ -2067,8 +2358,7 @@
+ #
+ # From Paul Eggert (2005-05-01):
+ # The decree doesn't say anything about daylight saving, but for now let's
+-# assume that it is daylight saving and that they'll switch back on the
+-# 3rd Sunday in September.
++# assume that it is daylight saving....
+ #
+ # From Gwillim Law (2005-04-21):
+ # The Associated Press story on the time change, which can be found at
+@@ -2086,20 +2376,35 @@
+ # http://www.presidencia.gob.ni/presidencia/files_index/secretaria/comunicados/2005/septiembre/26septiembre-cambio-hora.htm
+ # (2005-09-26)
+ #
++# From Jesper Norgaard Welen (2006-05-05):
++# http://www.elnuevodiario.com.ni/2006/05/01/nacionales/18410
++# (my informal translation)
++# By order of the president of the republic, Enrique Bolanos, Nicaragua
++# advanced by sixty minutes their official time, yesterday at 2 in the
++# morning, and will stay that way until 30.th. of september.
++#
++# From Jesper Norgaard Welen (2006-09-30):
++# http://www.presidencia.gob.ni/buscador_gaceta/BD/DECRETOS/2006/D-063-2006P-PRN-Cambio-Hora.pdf
++# My informal translation runs:
++# The natural sun time is restored in all the national territory, in that the
++# time is returned one hour at 01:00 am of October 1 of 2006.
++#
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Nic	1979	1980	-	Mar	Sun>=16	0:00	1:00	D
+ Rule	Nic	1979	1980	-	Jun	Mon>=23	0:00	0	S
+-Rule	Nic	1992	only	-	Jan	 1	4:00	1:00	D
+-Rule	Nic	1992	only	-	Sep	24	0:00	0	S
+ Rule	Nic	2005	only	-	Apr	10	0:00	1:00	D
+-Rule	Nic	2005	only	-	Oct	 2	0:00	0	S
++Rule	Nic	2005	only	-	Oct	Sun>=1	0:00	0	S
++Rule	Nic	2006	only	-	Apr	30	2:00	1:00	D
++Rule	Nic	2006	only	-	Oct	Sun>=1	1:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Managua	-5:45:08 -	LMT	1890
+ 			-5:45:12 -	MMT	1934 Jun 23 # Managua Mean Time?
+ 			-6:00	-	CST	1973 May
+ 			-5:00	-	EST	1975 Feb 16
+-			-6:00	Nic	C%sT	1993 Jan 1 4:00
+-			-5:00	-	EST	1998 Dec
++			-6:00	Nic	C%sT	1992 Jan  1 4:00
++			-5:00	-	EST	1992 Sep 24
++			-6:00	-	CST	1993
++			-5:00	-	EST	1997
+ 			-6:00	Nic	C%sT
+ 
+ # Panama
+@@ -2113,7 +2418,7 @@
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Puerto_Rico -4:24:25 -	LMT	1899 Mar 28 12:00    # San Juan
+ 			-4:00	-	AST	1942 May  3
+-			-4:00	1:00	AWT	1945 Sep 30  2:00
++			-4:00	US	A%sT	1946
+ 			-4:00	-	AST
+ 
+ # St Kitts-Nevis
+@@ -2142,8 +2447,8 @@
+ 			-4:00	-	AST
+ 
+ # Turks and Caicos
+-# From Paul Eggert (1998-08-06):
+-# Shanks says they use US DST rules, but IATA SSIM (1991/1998)
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say they use US DST rules, but IATA SSIM (1991/1998)
+ # says they switch at midnight.  Go with IATA SSIM.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	TC	1979	1986	-	Apr	lastSun	0:00	1:00	D
+Index: share/zoneinfo/southamerica
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/southamerica,v
+retrieving revision 1.24.2.2
+diff -u -r1.24.2.2 southamerica
+--- share/zoneinfo/southamerica	27 Dec 2005 19:56:24 -0000	1.24.2.2
++++ share/zoneinfo/southamerica	25 Feb 2007 03:26:56 -0000
+@@ -1,14 +1,14 @@
+-# @(#)southamerica	7.66
++# %W%
+ # 
+ 
+ # This data is by no means authoritative; if you think you know better,
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-07-07):
++# From Paul Eggert (2006-03-22):
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -16,8 +16,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Earlier editions of these tables used the North American style (e.g. ARST and
+ # ARDT for Argentine Standard and Daylight Time), but the following quote
+@@ -92,8 +92,6 @@
+ # obtaining the data from the:
+ # Talleres de Hidrografia Naval Argentina
+ # (Argentine Naval Hydrography Institute)
+-#
+-# Shanks stops after 1992-03-01; go with Otero.
+ Rule	Arg	1989	1993	-	Mar	Sun>=1	0:00	0	-
+ Rule	Arg	1989	1992	-	Oct	Sun>=15	0:00	1:00	S
+ #
+@@ -150,12 +148,12 @@
+ # It's Law No. 7,210.  This change is due to a public power emergency, so for
+ # now we'll assume it's for this year only.
+ #
+-# From Paul Eggert (2002-01-22):
++# From Paul Eggert (2006-03-22):
+ # 
+-# Hora de verano para la Republica Argentina (2000-10-01)
++# Hora de verano para la Republica Argentina (2003-06-08)
+ #  says that standard time in Argentina from 1894-10-31
+ # to 1920-05-01 was -4:16:48.25.  Go with this more-precise value
+-# over Shanks.
++# over Shanks & Pottenger.
+ #
+ # From Mariano Absatz (2004-06-05):
+ # These media articles from a major newspaper mostly cover the current state:
+@@ -202,8 +200,8 @@
+ # http://www.sanjuan.gov.ar/prensa/archivo/000426.html
+ # http://www.sanjuan.gov.ar/prensa/archivo/000441.html
+ 
+-# Unless otherwise specified, data are from Shanks through 1992, from
+-# the IATA otherwise.  As noted below, Shanks says that
++# Unless otherwise specified, data are from Shanks & Pottenger through 1992,
++# from the IATA otherwise.  As noted below, Shanks & Pottenger say that
+ # America/Cordoba split into 6 subregions during 1991/1992, but we
+ # haven't verified this yet so for now we'll keep it a single region.
+ #
+@@ -222,7 +220,7 @@
+ # Formosa (FM), Salta (SA), Santiago del Estero (SE), Cordoba (CB),
+ # San Luis (SL), La Pampa (LP), Neuquen (NQ), Rio Negro (RN)
+ #
+-# Shanks also makes the following claims, which we haven't verified:
++# Shanks & Pottenger also make the following claims, which we haven't verified:
+ # - Formosa switched to -3:00 on 1991-01-07.
+ # - Misiones switched to -3:00 on 1990-12-29.
+ # - Chaco switched to -3:00 on 1991-01-04.
+@@ -430,11 +428,7 @@
+ # The official decrees referenced below are mostly taken from
+ # 
+ # Decretos sobre o Horario de Verao no Brasil
+-#  (2001-09-20, in Portuguese).
+-# The official site for all decrees, including those not related to time, is
+-# 
+-# Presidencia da Republica, Subchefia para Assuntos Juridicos, Decretos
+-#  (in Portuguese).
++# .
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ # Decree 20,466 (1931-10-01)
+@@ -550,7 +544,7 @@
+ # Decree 3,916
+ # (2001-09-13) reestablishes DST in AL, CE, MA, PB, PE, PI, RN, SE.
+ Rule	Brazil	2000	2001	-	Oct	Sun>=8	 0:00	1:00	S
+-Rule	Brazil	2001	max	-	Feb	Sun>=15	 0:00	0	-
++Rule	Brazil	2001	2006	-	Feb	Sun>=15	 0:00	0	-
+ # Decree 4,399 (2002-10-01) repeals DST in AL, CE, MA, PB, PE, PI, RN, SE.
+ # 
+ Rule	Brazil	2002	only	-	Nov	 3	 0:00	1:00	S
+@@ -562,10 +556,14 @@
+ Rule	Brazil	2004	only	-	Nov	 2	 0:00	1:00	S
+ # Decree 5,539 (2005-09-19),
+ # adopted by the same states as before.
+-Rule	Brazil	2005	max	-	Oct	Sun>=15	 0:00	1:00	S
++Rule	Brazil	2005	only	-	Oct	16	 0:00	1:00	S
++# Decree 5,920
++# (2006-10-03), adopted by the same states as before.
++Rule	Brazil	2006	max	-	Nov	Sun>=1	 0:00	1:00	S
++Rule	Brazil	2007	max	-	Feb	lastSun	 0:00	0	-
+ # The latest ruleset listed above says that the following states observe DST:
+ # DF, ES, GO, MG, MS, MT, PR, RJ, RS, SC, SP.
+-# For dates after mid-2006, the above rules with TO="max" are guesses
++# For dates after mid-2007, the above rules with TO="max" are guesses
+ # and are quite possibly wrong, but are more likely than no DST at all.
+ 
+ 
+@@ -712,7 +710,7 @@
+ # It clearly confirms my earlier suggestion, that DST begins at 22:00
+ # on Easter Island....  But it also seems to be saying that the
+ # observance of DST in Chile began in 1966, rather than 1969 as
+-# ... [Shanks] has it....
++# ... [Shanks & Pottenger have] it....
+ #
+ # My translation:
+ #
+@@ -724,8 +722,8 @@
+ # to Easter Island and Sala y Gomez Island, will be set forward at
+ # midnight and at 22:00, respectively, by 20 minutes."
+ 
+-# From Paul Eggert (2001-05-04):
+-# Go with this article in preference to Shanks's 1969 date for modern DST.
++# From Paul Eggert (2006-03-22):
++# Go with Law in preference to Shanks & Pottenger's 1969 date for modern DST.
+ # Assume this rule has been used since DST was introduced in the islands.
+ 
+ # From Paul Eggert (2002-10-24):
+@@ -752,7 +750,7 @@
+ 			-4:00	Chile	CL%sT
+ Zone Pacific/Easter	-7:17:28 -	LMT	1890	    # Mataveri
+ 			-7:17:28 -	MMT	1932 Sep    # Mataveri Mean Time
+-			-7:00	Chile	EAS%sT	1982 Mar 14 # Easter I Time
++			-7:00	Chile	EAS%sT	1982 Mar 13 21:00 # Easter I Time
+ 			-6:00	Chile	EAS%sT
+ #
+ # Sala y Gomez Island is like Pacific/Easter.
+@@ -760,11 +758,9 @@
+ # San Felix, and Antarctic bases, are like America/Santiago.
+ 
+ # Colombia
+-# Shanks specifies 24:00 for 1992 transition times; go with IATA,
+-# as it seems implausible to change clocks at midnight New Year's Eve.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-Rule	CO	1992	only	-	May	 2	0:00	1:00	S
+-Rule	CO	1992	only	-	Dec	31	0:00	0	-
++Rule	CO	1992	only	-	May	 3	0:00	1:00	S
++Rule	CO	1993	only	-	Apr	 4	0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Bogota	-4:56:20 -	LMT	1884 Mar 13
+ 			-4:56:20 -	BMT	1914 Nov 23 # Bogota Mean Time
+@@ -773,10 +769,21 @@
+ # no information; probably like America/Bogota
+ 
+ # Curacao
+-# Shanks says that Bottom and Oranjestad have been at -4:00 since
+-# standard time was introduced on 1912-03-02; and that Kralendijk and Rincon
+-# used Kralendijk Mean Time (-4:33:08) from 1912-02-02 to 1965-01-01.
+-# This all predates our 1970 cutoff, though.
++#
++# From Paul Eggert (2006-03-22): 
++# Shanks & Pottenger say that The Bottom and Philipsburg have been at
++# -4:00 since standard time was introduced on 1912-03-02; and that
++# Kralendijk and Rincon used Kralendijk Mean Time (-4:33:08) from
++# 1912-02-02 to 1965-01-01.  The former is dubious, since S&P also say
++# Saba Island has been like Curacao.
++# This all predates our 1970 cutoff, though.  
++#
++# By July 2007 Curacao and St Maarten are planned to become
++# associated states within the Netherlands, much like Aruba;
++# Bonaire, Saba and St Eustatius would become directly part of the
++# Netherlands as Kingdom Islands.  This won't affect their time zones
++# though, as far as we know.
++# 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Curacao	-4:35:44 -	LMT	1912 Feb 12	# Willemstad
+ 			-4:30	-	ANT	1965 # Netherlands Antilles Time
+@@ -793,9 +800,9 @@
+ 
+ # Falklands
+ 
+-# From Paul Eggert (2001-03-05):
+-# Between 1990 and 2000 inclusive, Shanks and the IATA agree except
+-# the IATA gives 1996-09-08.  Go with Shanks.
++# From Paul Eggert (2006-03-22):
++# Between 1990 and 2000 inclusive, Shanks & Pottenger and the IATA agree except
++# the IATA gives 1996-09-08.  Go with Shanks & Pottenger.
+ 
+ # From Falkland Islands Government Office, London (2001-01-22)
+ # via Jesper Norgaard:
+@@ -878,9 +885,9 @@
+ 			-4:00	-	GYT
+ 
+ # Paraguay
+-# From Paul Eggert (1999-10-29):
+-# Shanks (1999) says that spring transitions are from 01:00 -> 02:00,
+-# and autumn transitions are from 00:00 -> 23:00.  Go with earlier
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say that spring transitions are from 01:00 -> 02:00,
++# and autumn transitions are from 00:00 -> 23:00.  Go with pre-1999
+ # editions of Shanks, and with the IATA, who say transitions occur at 00:00.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Para	1975	1988	-	Oct	 1	0:00	1:00	S
+@@ -915,9 +922,9 @@
+ # http://gateway.abc.com.py:8000/pub/pag04.mbr/artic?FHA=2001-03-03-02.24.52.900592
+ #
+ Rule	Para	1996	2001	-	Oct	Sun>=1	0:00	1:00	S
+-# IATA SSIM (1997-09) says Mar 1; go with Shanks.
++# IATA SSIM (1997-09) says Mar 1; go with Shanks & Pottenger.
+ Rule	Para	1997	only	-	Feb	lastSun	0:00	0	-
+-# Shanks says 1999-02-28; IATA SSIM (1999-02) says 1999-02-27, but
++# Shanks & Pottenger say 1999-02-28; IATA SSIM (1999-02) says 1999-02-27, but
+ # (1999-09) reports no date; go with above sources and Gerd Knops (2001-02-27).
+ Rule	Para	1998	2001	-	Mar	Sun>=1	0:00	0	-
+ # From Rives McDow (2002-02-28):
+@@ -949,8 +956,8 @@
+ # When we were in Peru in 1985-1986, they apparently switched over
+ # sometime between December 29 and January 3 while we were on the Amazon.
+ #
+-# From Paul Eggert (2003-11-02):
+-# Shanks doesn't have this transition.  Assume 1986 was like 1987.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger don't have this transition.  Assume 1986 was like 1987.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Peru	1938	only	-	Jan	 1	0:00	1:00	S
+@@ -961,7 +968,7 @@
+ Rule	Peru	1986	1987	-	Apr	 1	0:00	0	-
+ Rule	Peru	1990	only	-	Jan	 1	0:00	1:00	S
+ Rule	Peru	1990	only	-	Apr	 1	0:00	0	-
+-# IATA is ambiguous for 1993/1995; go with Shanks.
++# IATA is ambiguous for 1993/1995; go with Shanks & Pottenger.
+ Rule	Peru	1994	only	-	Jan	 1	0:00	1:00	S
+ Rule	Peru	1994	only	-	Apr	 1	0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -994,23 +1001,23 @@
+ # Uruguay
+ # From Paul Eggert (1993-11-18):
+ # Uruguay wins the prize for the strangest peacetime manipulation of the rules.
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# Whitman gives 1923 Oct 1; go with Shanks.
++# Whitman gives 1923 Oct 1; go with Shanks & Pottenger.
+ Rule	Uruguay	1923	only	-	Oct	 2	 0:00	0:30	HS
+ Rule	Uruguay	1924	1926	-	Apr	 1	 0:00	0	-
+ Rule	Uruguay	1924	1925	-	Oct	 1	 0:00	0:30	HS
+ Rule	Uruguay	1933	1935	-	Oct	lastSun	 0:00	0:30	HS
+-# Shanks gives 1935 Apr 1 0:00 and 1936 Mar 30 0:00; go with Whitman.
++# Shanks & Pottenger give 1935 Apr 1 0:00 & 1936 Mar 30 0:00; go with Whitman.
+ Rule	Uruguay	1934	1936	-	Mar	Sat>=25	23:30s	0	-
+ Rule	Uruguay	1936	only	-	Nov	 1	 0:00	0:30	HS
+ Rule	Uruguay	1937	1941	-	Mar	lastSun	 0:00	0	-
+-# Whitman gives 1937 Oct 3; go with Shanks.
++# Whitman gives 1937 Oct 3; go with Shanks & Pottenger.
+ Rule	Uruguay	1937	1940	-	Oct	lastSun	 0:00	0:30	HS
+ # Whitman gives 1941 Oct 24 - 1942 Mar 27, 1942 Dec 14 - 1943 Apr 13,
+-# and 1943 Apr 13 ``to present time''; go with Shanks.
+-Rule	Uruguay	1941	only	-	Aug	 1	 0:00	0	-
+-Rule	Uruguay	1942	only	-	Jan	 1	 0:00	0:30	HS
++# and 1943 Apr 13 ``to present time''; go with Shanks & Pottenger.
++Rule	Uruguay	1941	only	-	Aug	 1	 0:00	0:30	HS
++Rule	Uruguay	1942	only	-	Jan	 1	 0:00	0	-
+ Rule	Uruguay	1942	only	-	Dec	14	 0:00	1:00	S
+ Rule	Uruguay	1943	only	-	Mar	14	 0:00	0	-
+ Rule	Uruguay	1959	only	-	May	24	 0:00	1:00	S
+@@ -1036,7 +1043,7 @@
+ Rule	Uruguay	1988	only	-	Dec	11	 0:00	1:00	S
+ Rule	Uruguay	1989	only	-	Mar	12	 0:00	0	-
+ Rule	Uruguay	1989	only	-	Oct	29	 0:00	1:00	S
+-# Shanks says no DST was observed in 1990/1 and 1991/2,
++# Shanks & Pottenger say no DST was observed in 1990/1 and 1991/2,
+ # and that 1992/3's DST was from 10-25 to 03-01.  Go with IATA.
+ Rule	Uruguay	1990	1992	-	Mar	Sun>=1	 0:00	0	-
+ Rule	Uruguay	1990	1991	-	Oct	Sun>=21	 0:00	1:00	S
+@@ -1057,6 +1064,10 @@
+ # 02:00 local time, official time in Uruguay will be at GMT -2.
+ Rule	Uruguay	2005	only	-	Oct	 9	 2:00	1:00	S
+ Rule	Uruguay	2006	only	-	Mar	12	 2:00	0	-
++# From Jesper Norgaard Welen (2006-09-06):
++# http://www.presidencia.gub.uy/_web/decretos/2006/09/CM%20210_08%2006%202006_00001.PDF
++Rule	Uruguay	2006	max	-	Oct	Sun>=1	 2:00	1:00	S
++Rule	Uruguay	2007	max	-	Mar	Sun>=8	 2:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Montevideo	-3:44:44 -	LMT	1898 Jun 28
+ 			-3:44:44 -	MMT	1920 May  1	# Montevideo MT
+Index: share/zoneinfo/systemv
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/systemv,v
+retrieving revision 1.1.2.2.14.1
+diff -u -r1.1.2.2.14.1 systemv
+--- share/zoneinfo/systemv	22 Dec 2005 23:47:26 -0000	1.1.2.2.14.1
++++ share/zoneinfo/systemv	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)systemv	7.5
++# @(#)systemv	8.1
+ 
+ # Old rules, should the need arise.
+ # No attempt is made to handle Newfoundland, since it cannot be expressed
+Index: share/zoneinfo/yearistype.sh
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/yearistype.sh,v
+retrieving revision 1.1.2.5.14.1
+diff -u -r1.1.2.5.14.1 yearistype.sh
+--- share/zoneinfo/yearistype.sh	22 Dec 2005 23:47:26 -0000	1.1.2.5.14.1
++++ share/zoneinfo/yearistype.sh	25 Feb 2007 03:26:56 -0000
+@@ -1,6 +1,9 @@
+ #! /bin/sh
+ 
+-: '@(#)yearistype.sh	7.8'
++: 'This file is in the public domain, so clarified as of'
++: '2006-07-17 by Arthur David Olson.'
++
++: '@(#)yearistype.sh	8.2'
+ 
+ case $#-$1 in
+ 	2-|2-0*|2-*[!0-9]*)
+Index: share/zoneinfo/zone.tab
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/zone.tab,v
+retrieving revision 1.17.2.1
+diff -u -r1.17.2.1 zone.tab
+--- share/zoneinfo/zone.tab	22 Dec 2005 23:47:26 -0000	1.17.2.1
++++ share/zoneinfo/zone.tab	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)zone.tab	1.32
++# @(#)zone.tab	8.5
+ #
+ # TZ zone descriptions
+ #
+@@ -44,7 +44,7 @@
+ AR	-3436-05827	America/Argentina/Buenos_Aires	Buenos Aires (BA, CF)
+ AR	-3124-06411	America/Argentina/Cordoba	most locations (CB, CC, CN, ER, FM, LP, MN, NQ, RN, SA, SE, SF, SL)
+ AR	-2411-06518	America/Argentina/Jujuy	Jujuy (JY)
+-AR	-3124-06411	America/Argentina/Tucuman	Tucuman (TM)
++AR	-2649-06513	America/Argentina/Tucuman	Tucuman (TM)
+ AR	-2828-06547	America/Argentina/Catamarca	Catamarca (CT), Chubut (CH)
+ AR	-2926-06651	America/Argentina/La_Rioja	La Rioja (LR)
+ AR	-3132-06831	America/Argentina/San_Juan	San Juan (SJ)
+@@ -99,26 +99,28 @@
+ BW	-2545+02555	Africa/Gaborone
+ BY	+5354+02734	Europe/Minsk
+ BZ	+1730-08812	America/Belize
+-CA	+4734-05243	America/St_Johns	Newfoundland Island
+-CA	+4439-06336	America/Halifax	Atlantic Time - Nova Scotia (most places), NB, W Labrador, E Quebec & PEI
++CA	+4734-05243	America/St_Johns	Newfoundland Time, including SE Labrador
++CA	+4439-06336	America/Halifax	Atlantic Time - Nova Scotia (most places), PEI
+ CA	+4612-05957	America/Glace_Bay	Atlantic Time - Nova Scotia - places that did not observe DST 1966-1971
+-CA	+5320-06025	America/Goose_Bay	Atlantic Time - E Labrador
++CA	+4606-06447	America/Moncton	Atlantic Time - New Brunswick
++CA	+5320-06025	America/Goose_Bay	Atlantic Time - Labrador - most locations
++CA	+5125-05707	America/Blanc-Sablon	Atlantic Standard Time - Quebec - Lower North Shore
+ CA	+4531-07334	America/Montreal	Eastern Time - Quebec - most locations
+ CA	+4339-07923	America/Toronto	Eastern Time - Ontario - most locations
+ CA	+4901-08816	America/Nipigon	Eastern Time - Ontario & Quebec - places that did not observe DST 1967-1973
+ CA	+4823-08915	America/Thunder_Bay	Eastern Time - Thunder Bay, Ontario
+ CA	+6608-06544	America/Pangnirtung	Eastern Time - Pangnirtung, Nunavut
+ CA	+6344-06828	America/Iqaluit	Eastern Time - east Nunavut
+-CA	+6408-08310	America/Coral_Harbour	Eastern Standard Time - Southampton Island
+-CA	+6245-09210	America/Rankin_Inlet	Central Time - central Nunavut
++CA	+484531-0913718	America/Atikokan	Eastern Standard Time - Atikokan, Ontario and Southampton I, Nunavut
++CA	+624900-0920459	America/Rankin_Inlet	Central Time - central Nunavut
+ CA	+4953-09709	America/Winnipeg	Central Time - Manitoba & west Ontario
+-CA	+4843-09429	America/Rainy_River	Central Time - Rainy River & Fort Frances, Ontario
++CA	+4843-09434	America/Rainy_River	Central Time - Rainy River & Fort Frances, Ontario
+ CA	+6903-10505	America/Cambridge_Bay	Central Time - west Nunavut
+ CA	+5024-10439	America/Regina	Central Standard Time - Saskatchewan - most locations
+ CA	+5017-10750	America/Swift_Current	Central Standard Time - Saskatchewan - midwest
+ CA	+5333-11328	America/Edmonton	Mountain Time - Alberta, east British Columbia & west Saskatchewan
+ CA	+6227-11421	America/Yellowknife	Mountain Time - central Northwest Territories
+-CA	+6825-11330	America/Inuvik	Mountain Time - west Northwest Territories
++CA	+682059-1334300	America/Inuvik	Mountain Time - west Northwest Territories
+ CA	+5946-12014	America/Dawson_Creek	Mountain Standard Time - Dawson Creek & Fort Saint John, British Columbia
+ CA	+4916-12307	America/Vancouver	Pacific Time - west British Columbia
+ CA	+6043-13503	America/Whitehorse	Pacific Time - south Yukon
+@@ -135,13 +137,12 @@
+ CL	-2710-10927	Pacific/Easter	Easter Island & Sala y Gomez
+ CM	+0403+00942	Africa/Douala
+ CN	+3114+12128	Asia/Shanghai	east China - Beijing, Guangdong, Shanghai, etc.
+-CN	+4545+12641	Asia/Harbin	Heilongjiang
+-CN	+2934+10635	Asia/Chongqing	central China - Gansu, Guizhou, Sichuan, Yunnan, etc.
+-CN	+4348+08735	Asia/Urumqi	Tibet & most of Xinjiang Uyghur
+-CN	+3929+07559	Asia/Kashgar	southwest Xinjiang Uyghur
++CN	+4545+12641	Asia/Harbin	Heilongjiang (except Mohe), Jilin
++CN	+2934+10635	Asia/Chongqing	central China - Sichuan, Yunnan, Guangxi, Shaanxi, Guizhou, etc.
++CN	+4348+08735	Asia/Urumqi	most of Tibet & Xinjiang
++CN	+3929+07559	Asia/Kashgar	west Tibet & Xinjiang
+ CO	+0436-07405	America/Bogota
+ CR	+0956-08405	America/Costa_Rica
+-CS	+4450+02030	Europe/Belgrade
+ CU	+2308-08222	America/Havana
+ CV	+1455-02331	Atlantic/Cape_Verde
+ CX	-1025+10543	Indian/Christmas
+@@ -176,11 +177,12 @@
+ GD	+1203-06145	America/Grenada
+ GE	+4143+04449	Asia/Tbilisi
+ GF	+0456-05220	America/Cayenne
++GG	+4927-00232	Europe/Guernsey
+ GH	+0533-00013	Africa/Accra
+ GI	+3608-00521	Europe/Gibraltar
+ GL	+6411-05144	America/Godthab	most locations
+ GL	+7646-01840	America/Danmarkshavn	east coast, north of Scoresbysund
+-GL	+7030-02215	America/Scoresbysund	Scoresbysund / Ittoqqortoormiit
++GL	+7029-02158	America/Scoresbysund	Scoresbysund / Ittoqqortoormiit
+ GL	+7634-06847	America/Thule	Thule / Pituffik
+ GM	+1328-01639	Africa/Banjul
+ GN	+0931-01343	Africa/Conakry
+@@ -203,12 +205,14 @@
+ ID	-0232+14042	Asia/Jayapura	Irian Jaya & the Moluccas
+ IE	+5320-00615	Europe/Dublin
+ IL	+3146+03514	Asia/Jerusalem
++IM	+5409-00428	Europe/Isle_of_Man
+ IN	+2232+08822	Asia/Calcutta
+ IO	-0720+07225	Indian/Chagos
+ IQ	+3321+04425	Asia/Baghdad
+ IR	+3540+05126	Asia/Tehran
+ IS	+6409-02151	Atlantic/Reykjavik
+ IT	+4154+01229	Europe/Rome
++JE	+4912-00237	Europe/Jersey
+ JM	+1800-07648	America/Jamaica
+ JO	+3157+03556	Asia/Amman
+ JP	+353916+1394441	Asia/Tokyo
+@@ -243,6 +247,7 @@
+ MA	+3339-00735	Africa/Casablanca
+ MC	+4342+00723	Europe/Monaco
+ MD	+4700+02850	Europe/Chisinau
++ME	+4247+01928	Europe/Podgorica
+ MG	-1855+04731	Indian/Antananarivo
+ MH	+0709+17112	Pacific/Majuro	most locations
+ MH	+0905+16720	Pacific/Kwajalein	Kwajalein
+@@ -256,7 +261,7 @@
+ MP	+1512+14545	Pacific/Saipan
+ MQ	+1436-06105	America/Martinique
+ MR	+1806-01557	Africa/Nouakchott
+-MS	+1644-06213	America/Montserrat
++MS	+1643-06213	America/Montserrat
+ MT	+3554+01431	Europe/Malta
+ MU	-2010+05730	Indian/Mauritius
+ MV	+0410+07330	Indian/Maldives
+@@ -307,9 +312,11 @@
+ QA	+2517+05132	Asia/Qatar
+ RE	-2052+05528	Indian/Reunion
+ RO	+4426+02606	Europe/Bucharest
++RS	+4450+02030	Europe/Belgrade
+ RU	+5443+02030	Europe/Kaliningrad	Moscow-01 - Kaliningrad
+ RU	+5545+03735	Europe/Moscow	Moscow+00 - west Russia
+-RU	+5312+05009	Europe/Samara	Moscow+01 - Caspian Sea
++RU	+4844+04425	Europe/Volgograd	Moscow+00 - Caspian Sea
++RU	+5312+05009	Europe/Samara	Moscow+01 - Samara, Udmurtia
+ RU	+5651+06036	Asia/Yekaterinburg	Moscow+02 - Urals
+ RU	+5500+07324	Asia/Omsk	Moscow+03 - west Siberia
+ RU	+5502+08255	Asia/Novosibirsk	Moscow+03 - Novosibirsk
+@@ -370,13 +377,16 @@
+ US	+421953-0830245	America/Detroit	Eastern Time - Michigan - most locations
+ US	+381515-0854534	America/Kentucky/Louisville	Eastern Time - Kentucky - Louisville area
+ US	+364947-0845057	America/Kentucky/Monticello	Eastern Time - Kentucky - Wayne County
+-US	+394606-0860929	America/Indiana/Indianapolis	Eastern Standard Time - Indiana - most locations
+-US	+382232-0862041	America/Indiana/Marengo	Eastern Standard Time - Indiana - Crawford County
+-US	+411745-0863730	America/Indiana/Knox	Eastern Standard Time - Indiana - Starke County
+-US	+384452-0850402	America/Indiana/Vevay	Eastern Standard Time - Indiana - Switzerland County
++US	+394606-0860929	America/Indiana/Indianapolis	Eastern Time - Indiana - most locations
++US	+382232-0862041	America/Indiana/Marengo	Eastern Time - Indiana - Crawford County
++US	+411745-0863730	America/Indiana/Knox	Eastern Time - Indiana - Starke County
++US	+384452-0850402	America/Indiana/Vevay	Eastern Time - Indiana - Switzerland County
+ US	+415100-0873900	America/Chicago	Central Time
+-US	+450628-0873651	America/Menominee	Central Time - Michigan - Wisconsin border
++US	+384038-0873143	America/Indiana/Vincennes	Central Time - Indiana - Daviess, Dubois, Knox, Martin, Perry & Pulaski Counties
++US	+382931-0871643	America/Indiana/Petersburg	Central Time - Indiana - Pike County
++US	+450628-0873651	America/Menominee	Central Time - Michigan - Dickinson, Gogebic, Iron & Menominee Counties
+ US	+470659-1011757	America/North_Dakota/Center	Central Time - North Dakota - Oliver County
++US	+465042-1012439	America/North_Dakota/New_Salem	Central Time - North Dakota - Morton County (except Mandan area)
+ US	+394421-1045903	America/Denver	Mountain Time
+ US	+433649-1161209	America/Boise	Mountain Time - south Idaho & east Oregon
+ US	+364708-1084111	America/Shiprock	Mountain Time - Navajo
diff --git a/share/security/patches/EN-07:04/zoneinfo.patch.asc b/share/security/patches/EN-07:04/zoneinfo.patch.asc
new file mode 100644
index 0000000000..519ec9b3b7
--- /dev/null
+++ b/share/security/patches/EN-07:04/zoneinfo.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBF5cuwFdaIBMps37IRAl89AJ9pDcJKyAjgRv2/UDLKy/edOCdYDwCeO/pc
+z5kWfxOzLr9x7nAkGNWqJHY=
+=cD/F
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-07:05/freebsd-update.patch b/share/security/patches/EN-07:05/freebsd-update.patch
new file mode 100644
index 0000000000..05c98945f2
--- /dev/null
+++ b/share/security/patches/EN-07:05/freebsd-update.patch
@@ -0,0 +1,43 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/freebsd-update/freebsd-update.sh,v
+retrieving revision 1.2.2.2.2.1
+diff -u -I__FBSDID -I$FreeBSD -r1.2.2.2.2.1 freebsd-update.sh
+--- usr.sbin/freebsd-update/freebsd-update.sh	27 Nov 2006 21:27:33 -0000	1.2.2.2.2.1
++++ usr.sbin/freebsd-update/freebsd-update.sh	13 Mar 2007 12:56:06 -0000
+@@ -499,6 +499,24 @@
+ 		exit 1
+ 	fi
+ 
++	# Figure out what kernel configuration is running.  We start with
++	# the output of `uname -i`, and then make the following adjustments:
++	# 1. Replace "SMP-GENERIC" with "SMP".  Why the SMP kernel config
++	# file says "ident SMP-GENERIC", I don't know...
++	# 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64"
++	# _and_ `sysctl kern.version` contains a line which ends "/SMP", then
++	# we're running an SMP kernel.  This mis-identification is a bug
++	# which was fixed in 6.2-STABLE.
++	KERNCONF=`uname -i`
++	if [ ${KERNCONF} = "SMP-GENERIC" ]; then
++		KERNCONF=SMP
++	fi
++	if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then
++		if sysctl kern.version | grep -qE '/SMP$'; then
++			KERNCONF=SMP
++		fi
++	fi
++
+ 	# Define some paths
+ 	BSPATCH=/usr/bin/bspatch
+ 	SHA256=/sbin/sha256
+@@ -1084,8 +1102,8 @@
+ # /boot/kernel
+ # (or more generally, `sysctl -n kern.bootfile` minus the trailing "/kernel").
+ fetch_filter_kernel_names () {
+-	grep ^/boot/`uname -i` $1 |
+-	    sed -e "s,/boot/`uname -i`,${KERNELDIR}," |
++	grep ^/boot/${KERNCONF} $1 |
++	    sed -e "s,/boot/${KERNCONF},${KERNELDIR},g" |
+ 	    sort - $1 > $1.tmp
+ 	mv $1.tmp $1
+ }
diff --git a/share/security/patches/EN-07:05/freebsd-update.patch.asc b/share/security/patches/EN-07:05/freebsd-update.patch.asc
new file mode 100644
index 0000000000..b156050002
--- /dev/null
+++ b/share/security/patches/EN-07:05/freebsd-update.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBF+P8ZFdaIBMps37IRAqxzAKCTDjO7OwfOeeJWmJcRQRFa8JKdcgCbBpOh
+PZdqv11rfmEwbRItUd5PKhc=
+=VO6K
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-08:01/libpthread.patch b/share/security/patches/EN-08:01/libpthread.patch
new file mode 100644
index 0000000000..1aca263f83
--- /dev/null
+++ b/share/security/patches/EN-08:01/libpthread.patch
@@ -0,0 +1,85 @@
+Index: lib/libpthread/sys/lock.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libpthread/sys/Attic/lock.c,v
+retrieving revision 1.9.2.1
+diff -u -r1.9.2.1 lock.c
+--- lib/libpthread/sys/lock.c	5 Aug 2005 19:43:56 -0000	1.9.2.1
++++ lib/libpthread/sys/lock.c	12 Mar 2008 19:18:47 -0000
+@@ -117,14 +117,23 @@
+ {
+ 	if (lu == NULL)
+ 		return (-1);
+-	/*
+-	 * All lockusers keep their watch request and drop their
+-	 * own (lu_myreq) request.  Their own request is either
+-	 * some other lockuser's watch request or is the head of
+-	 * the lock.
+-	 */
+-	lu->lu_myreq = lu->lu_watchreq;
+-	if (lu->lu_myreq == NULL)
++
++	if (lu->lu_watchreq != NULL) {
++		/*
++		 * In this case the lock is active.  All lockusers
++		 * keep their watch request and drop their own
++		 * (lu_myreq) request.  Their own request is either
++		 * some other lockuser's watch request or is the
++		 * head of the lock.
++		 */
++		lu->lu_myreq = lu->lu_watchreq;
++		lu->lu_watchreq = NULL;
++       }
++       if (lu->lu_myreq == NULL)
++		/*
++		 * Oops, something isn't quite right.  Try to
++		 * allocate one.
++		 */
+ 		return (_lockuser_init(lu, priv));
+ 	else {
+ 		lu->lu_myreq->lr_locked = 1;
+Index: lib/libpthread/thread/thr_kern.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libpthread/thread/Attic/thr_kern.c,v
+retrieving revision 1.116.2.1
+diff -u -r1.116.2.1 thr_kern.c
+--- lib/libpthread/thread/thr_kern.c	16 Mar 2006 23:29:07 -0000	1.116.2.1
++++ lib/libpthread/thread/thr_kern.c	12 Mar 2008 19:19:05 -0000
+@@ -345,6 +345,17 @@
+ 		_LCK_SET_PRIVATE2(&curthread->kse->k_lockusers[i], NULL);
+ 	}
+ 	curthread->kse->k_locklevel = 0;
++
++	/*
++	 * Reinitialize the thread and signal locks so that
++	 * sigaction() will work after a fork().
++	 */
++	_lock_reinit(&curthread->lock, LCK_ADAPTIVE, _thr_lock_wait,
++	    _thr_lock_wakeup);
++	_lock_reinit(&_thread_signal_lock, LCK_ADAPTIVE, _kse_lock_wait,
++	    _kse_lock_wakeup);
++
++ 
+ 	_thr_spinlock_init();
+ 	if (__isthreaded) {
+ 		_thr_rtld_fini();
+@@ -354,6 +365,20 @@
+ 	curthread->kse->k_kcb->kcb_kmbx.km_curthread = NULL;
+ 	curthread->attr.flags |= PTHREAD_SCOPE_SYSTEM;
+ 
++	/*
++	 * After a fork, it is possible that an upcall occurs in
++	 * the parent KSE that fork()'d before the child process
++	 * is fully created and before its vm space is copied.
++	 * During the upcall, the tcb is set to null or to another
++	 * thread, and this is what gets copied in the child process
++	 * when the vm space is cloned sometime after the upcall
++	 * occurs.  Note that we shouldn't have to set the kcb, but
++	 * we do it for completeness.
++	 */
++	_kcb_set(curthread->kse->k_kcb);
++	_tcb_set(curthread->kse->k_kcb, curthread->tcb);
++ 
++
+ 	/* After a fork(), there child should have no pending signals. */
+ 	sigemptyset(&curthread->sigpend);
+ 
diff --git a/share/security/patches/EN-08:01/libpthread.patch.asc b/share/security/patches/EN-08:01/libpthread.patch.asc
new file mode 100644
index 0000000000..306968cf55
--- /dev/null
+++ b/share/security/patches/EN-08:01/libpthread.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBIBpWwFdaIBMps37IRAjY3AJ9Y1FnKdbOSG4mG29vgCQoaO91XWgCfTkHI
+YcunTDmJ4bJK2WJybC3JLiY=
+=kgMF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-08:02/tcp.patch b/share/security/patches/EN-08:02/tcp.patch
new file mode 100644
index 0000000000..b976841b0e
--- /dev/null
+++ b/share/security/patches/EN-08:02/tcp.patch
@@ -0,0 +1,94 @@
+Index: sys/netinet/tcp.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp.h,v
+retrieving revision 1.40
+diff -p -u -I__FBSDID -I$FreeBSD -r1.40 tcp.h
+--- sys/netinet/tcp.h	25 May 2007 21:28:49 -0000	1.40
++++ sys/netinet/tcp.h	18 Jun 2008 05:36:20 -0000
+@@ -78,6 +78,8 @@ struct tcphdr {
+ 
+ #define	TCPOPT_EOL		0
+ #define	   TCPOLEN_EOL			1
++#define	TCPOPT_PAD		0		/* padding after EOL */
++#define	   TCPOLEN_PAD			1
+ #define	TCPOPT_NOP		1
+ #define	   TCPOLEN_NOP			1
+ #define	TCPOPT_MAXSEG		2
+Index: sys/netinet/tcp_output.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_output.c,v
+retrieving revision 1.141.2.3
+diff -p -u -I__FBSDID -I$FreeBSD -r1.141.2.3 tcp_output.c
+--- sys/netinet/tcp_output.c	5 Dec 2007 10:37:17 -0000	1.141.2.3
++++ sys/netinet/tcp_output.c	18 Jun 2008 05:36:21 -0000
+@@ -1280,12 +1280,16 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 	for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) {
+ 		if ((to->to_flags & mask) != mask)
+ 			continue;
++		if (optlen == TCP_MAXOLEN)
++			break;
+ 		switch (to->to_flags & mask) {
+ 		case TOF_MSS:
+ 			while (optlen % 4) {
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
++			if (TCP_MAXOLEN - optlen < TCPOLEN_MAXSEG)
++				continue;
+ 			optlen += TCPOLEN_MAXSEG;
+ 			*optp++ = TCPOPT_MAXSEG;
+ 			*optp++ = TCPOLEN_MAXSEG;
+@@ -1298,6 +1302,8 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
++			if (TCP_MAXOLEN - optlen < TCPOLEN_WINDOW)
++				continue;
+ 			optlen += TCPOLEN_WINDOW;
+ 			*optp++ = TCPOPT_WINDOW;
+ 			*optp++ = TCPOLEN_WINDOW;
+@@ -1308,6 +1314,8 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
++			if (TCP_MAXOLEN - optlen < TCPOLEN_SACK_PERMITTED)
++				continue;
+ 			optlen += TCPOLEN_SACK_PERMITTED;
+ 			*optp++ = TCPOPT_SACK_PERMITTED;
+ 			*optp++ = TCPOLEN_SACK_PERMITTED;
+@@ -1317,6 +1325,8 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
++			if (TCP_MAXOLEN - optlen < TCPOLEN_TIMESTAMP)
++				continue;
+ 			optlen += TCPOLEN_TIMESTAMP;
+ 			*optp++ = TCPOPT_TIMESTAMP;
+ 			*optp++ = TCPOLEN_TIMESTAMP;
+@@ -1355,7 +1365,7 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
+-			if (TCP_MAXOLEN - optlen < 2 + TCPOLEN_SACK)
++			if (TCP_MAXOLEN - optlen < TCPOLEN_SACKHDR + TCPOLEN_SACK)
+ 				continue;
+ 			optlen += TCPOLEN_SACKHDR;
+ 			*optp++ = TCPOPT_SACK;
+@@ -1386,9 +1396,15 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 		optlen += TCPOLEN_EOL;
+ 		*optp++ = TCPOPT_EOL;
+ 	}
++	/*
++	 * According to RFC 793 (STD0007):
++	 *   "The content of the header beyond the End-of-Option option
++	 *    must be header padding (i.e., zero)."
++	 *   and later: "The padding is composed of zeros."
++	 */
+ 	while (optlen % 4) {
+-		optlen += TCPOLEN_NOP;
+-		*optp++ = TCPOPT_NOP;
++		optlen += TCPOLEN_PAD;
++		*optp++ = TCPOPT_PAD;
+ 	}
+ 
+ 	KASSERT(optlen <= TCP_MAXOLEN, ("%s: TCP options too long", __func__));
diff --git a/share/security/patches/EN-08:02/tcp.patch.asc b/share/security/patches/EN-08:02/tcp.patch.asc
new file mode 100644
index 0000000000..98fccc70fe
--- /dev/null
+++ b/share/security/patches/EN-08:02/tcp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkhaAbEACgkQFdaIBMps37JfRwCaApLyCI5mJehBgAF8wRO+lksS
+nTsAnjGpywM73zz5w03V+5ZyCDCfCLdf
+=InBN
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:01/kenv.patch b/share/security/patches/EN-09:01/kenv.patch
new file mode 100644
index 0000000000..91b01fbd9e
--- /dev/null
+++ b/share/security/patches/EN-09:01/kenv.patch
@@ -0,0 +1,33 @@
+Index: sys/kern/kern_environment.c
+===================================================================
+--- sys/kern/kern_environment.c	(revision 190221)
++++ sys/kern/kern_environment.c	(working copy)
+@@ -87,7 +87,7 @@
+ 	} */ *uap;
+ {
+ 	char *name, *value, *buffer = NULL;
+-	size_t len, done, needed;
++	size_t len, done, needed, buflen;
+ 	int error, i;
+ 
+ 	KASSERT(dynamic_kenv, ("kenv: dynamic_kenv = 0"));
+@@ -100,13 +100,17 @@
+ 			return (error);
+ #endif
+ 		done = needed = 0;
++		buflen = uap->len;
++		if (buflen > KENV_SIZE * (KENV_MNAMELEN + KENV_MVALLEN + 2))
++			buflen = KENV_SIZE * (KENV_MNAMELEN +
++			    KENV_MVALLEN + 2);
+ 		if (uap->len > 0 && uap->value != NULL)
+-			buffer = malloc(uap->len, M_TEMP, M_WAITOK|M_ZERO);
++			buffer = malloc(buflen, M_TEMP, M_WAITOK|M_ZERO);
+ 		mtx_lock(&kenv_lock);
+ 		for (i = 0; kenvp[i] != NULL; i++) {
+ 			len = strlen(kenvp[i]) + 1;
+ 			needed += len;
+-			len = min(len, uap->len - done);
++			len = min(len, buflen - done);
+ 			/*
+ 			 * If called with a NULL or insufficiently large
+ 			 * buffer, just keep computing the required size.
diff --git a/share/security/patches/EN-09:01/kenv.patch.asc b/share/security/patches/EN-09:01/kenv.patch.asc
new file mode 100644
index 0000000000..5c06a5c717
--- /dev/null
+++ b/share/security/patches/EN-09:01/kenv.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAknG0QcACgkQFdaIBMps37IpIgCeNjioYnV6CA50+R69NGzBdxaW
+MLYAn3aaBz6RvftdoueVrTbpipov6qF8
+=T1gU
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:02/bce.patch b/share/security/patches/EN-09:02/bce.patch
new file mode 100644
index 0000000000..8e8b889e90
--- /dev/null
+++ b/share/security/patches/EN-09:02/bce.patch
@@ -0,0 +1,18 @@
+Index: sys/dev/bce/if_bce.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/bce/if_bce.c,v
+retrieving revision 1.34.2.7
+retrieving revision 1.34.2.8
+diff -p -I __FBSDID -I $FreeBSD -u -u -r1.34.2.7 -r1.34.2.8
+--- sys/dev/bce/if_bce.c	31 Mar 2009 01:01:01 -0000	1.34.2.7
++++ sys/dev/bce/if_bce.c	20 May 2009 21:13:49 -0000	1.34.2.8
+@@ -5895,6 +5895,9 @@ bce_rx_intr(struct bce_softc *sc)
+ 			/* Set the total packet length. */
+ 			m0->m_pkthdr.len = m0->m_len = pkt_len;
+ 		}
++#else
++        /* Set the total packet length. */
++		m0->m_pkthdr.len = m0->m_len = pkt_len;
+ #endif
+ 
+ 		/* Remove the trailing Ethernet FCS. */
diff --git a/share/security/patches/EN-09:02/bce.patch.asc b/share/security/patches/EN-09:02/bce.patch.asc
new file mode 100644
index 0000000000..9b5af6e125
--- /dev/null
+++ b/share/security/patches/EN-09:02/bce.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkpBvDIACgkQFdaIBMps37IJYgCfSNVhNC3Q3VntDhACkNQVzXIk
+xwYAoJ09ggqZb3RMUtkTaTvuw1tBfYBn
+=2/ty
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:03/fxp.patch b/share/security/patches/EN-09:03/fxp.patch
new file mode 100644
index 0000000000..78a6dcc062
--- /dev/null
+++ b/share/security/patches/EN-09:03/fxp.patch
@@ -0,0 +1,18 @@
+Index: sys/dev/fxp/if_fxp.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/fxp/if_fxp.c,v
+retrieving revision 1.266.2.14
+retrieving revision 1.266.2.15
+diff -p -I __FBSDID -I $FreeBSD -u -u -r1.266.2.14 -r1.266.2.15
+--- sys/dev/fxp/if_fxp.c	9 Feb 2009 04:02:53 -0000	1.266.2.14
++++ sys/dev/fxp/if_fxp.c	7 May 2009 01:14:59 -0000	1.266.2.15
+@@ -1486,7 +1486,8 @@ fxp_encap(struct fxp_softc *sc, struct m
+ 		 * checksum in the first frame driver should compute it.
+ 		 */
+ 		ip->ip_sum = 0;
+-		ip->ip_len = htons(ifp->if_mtu);
++		ip->ip_len = htons(m->m_pkthdr.tso_segsz + (ip->ip_hl << 2) +
++		    (tcp->th_off << 2));
+ 		tcp->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
+ 		    htons(IPPROTO_TCP + (tcp->th_off << 2) +
+ 		    m->m_pkthdr.tso_segsz));
diff --git a/share/security/patches/EN-09:03/fxp.patch.asc b/share/security/patches/EN-09:03/fxp.patch.asc
new file mode 100644
index 0000000000..7d655029ee
--- /dev/null
+++ b/share/security/patches/EN-09:03/fxp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkpBvEYACgkQFdaIBMps37JrcwCglYooOKhztZsZ5K4ZUcJa5thi
+SfAAoJYhVrpC0XNYWj7IBTtH2ra9Ty0U
+=Gqnr
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:04/fork.patch b/share/security/patches/EN-09:04/fork.patch
new file mode 100644
index 0000000000..5253074ce8
--- /dev/null
+++ b/share/security/patches/EN-09:04/fork.patch
@@ -0,0 +1,82 @@
+Index: lib/libc/stdlib/malloc.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/stdlib/malloc.c,v
+retrieving revision 1.147.2.6.2.1
+retrieving revision 1.147.2.7
+diff -p -I __FBSDID -I $FreeBSD -u -r1.147.2.6.2.1 -r1.147.2.7
+--- lib/libc/stdlib/malloc.c	15 Apr 2009 03:14:26 -0000	1.147.2.6.2.1
++++ lib/libc/stdlib/malloc.c	3 May 2009 17:51:38 -0000	1.147.2.7
+@@ -4715,16 +4715,41 @@ _malloc_thread_cleanup(void)
+ void
+ _malloc_prefork(void)
+ {
+-	unsigned i;
++	bool again;
++	unsigned i, j;
++	arena_t *larenas[narenas], *tarenas[narenas];
+ 
+ 	/* Acquire all mutexes in a safe order. */
+ 
+-	malloc_spin_lock(&arenas_lock);
+-	for (i = 0; i < narenas; i++) {
+-		if (arenas[i] != NULL)
+-			malloc_spin_lock(&arenas[i]->lock);
+-	}
+-	malloc_spin_unlock(&arenas_lock);
++	/*
++	 * arenas_lock must be acquired after all of the arena mutexes, in
++	 * order to avoid potential deadlock with arena_lock_balance[_hard]().
++	 * Since arenas_lock protects the arenas array, the following code has
++	 * to race with arenas_extend() callers until it succeeds in locking
++	 * all arenas before locking arenas_lock.
++	 */
++	memset(larenas, 0, sizeof(arena_t *) * narenas);
++	do {
++		again = false;
++
++		malloc_spin_lock(&arenas_lock);
++		for (i = 0; i < narenas; i++) {
++			if (arenas[i] != larenas[i]) {
++				memcpy(tarenas, arenas, sizeof(arena_t *) *
++				    narenas);
++				malloc_spin_unlock(&arenas_lock);
++				for (j = 0; j < narenas; j++) {
++					if (larenas[j] != tarenas[j]) {
++						larenas[j] = tarenas[j];
++						malloc_spin_lock(
++						    &larenas[j]->lock);
++					}
++				}
++				again = true;
++				break;
++			}
++		}
++	} while (again);
+ 
+ 	malloc_mutex_lock(&base_mtx);
+ 
+@@ -4739,6 +4764,7 @@ void
+ _malloc_postfork(void)
+ {
+ 	unsigned i;
++	arena_t *larenas[narenas];
+ 
+ 	/* Release all mutexes, now that fork() has completed. */
+ 
+@@ -4750,12 +4776,12 @@ _malloc_postfork(void)
+ 
+ 	malloc_mutex_unlock(&base_mtx);
+ 
+-	malloc_spin_lock(&arenas_lock);
++	memcpy(larenas, arenas, sizeof(arena_t *) * narenas);
++	malloc_spin_unlock(&arenas_lock);
+ 	for (i = 0; i < narenas; i++) {
+-		if (arenas[i] != NULL)
+-			malloc_spin_unlock(&arenas[i]->lock);
++		if (larenas[i] != NULL)
++			malloc_spin_unlock(&larenas[i]->lock);
+ 	}
+-	malloc_spin_unlock(&arenas_lock);
+ }
+ 
+ /*
diff --git a/share/security/patches/EN-09:04/fork.patch.asc b/share/security/patches/EN-09:04/fork.patch.asc
new file mode 100644
index 0000000000..e37065933f
--- /dev/null
+++ b/share/security/patches/EN-09:04/fork.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkpBvE4ACgkQFdaIBMps37L/TACeIZGhYlLc66lcKfiN1nz7h45D
+o4oAn35f0hR6fA5xceu2R719qMqyoO6e
+=tsCf
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:05/null.patch b/share/security/patches/EN-09:05/null.patch
new file mode 100644
index 0000000000..765f536298
--- /dev/null
+++ b/share/security/patches/EN-09:05/null.patch
@@ -0,0 +1,45 @@
+Index: sys/kern/kern_exec.c
+===================================================================
+--- sys/kern/kern_exec.c	(revision 197682)
++++ sys/kern/kern_exec.c	(working copy)
+@@ -122,6 +122,11 @@
+ SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
+     &ps_arg_cache_limit, 0, "");
+ 
++static int map_at_zero = 1;
++TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero);
++SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0,
++    "Permit processes to map an object at virtual address 0.");
++
+ static int
+ sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
+ {
+@@ -939,7 +944,7 @@
+ 	int error;
+ 	struct proc *p = imgp->proc;
+ 	struct vmspace *vmspace = p->p_vmspace;
+-	vm_offset_t stack_addr;
++	vm_offset_t sv_minuser, stack_addr;
+ 	vm_map_t map;
+ 	u_long ssiz;
+ 
+@@ -955,13 +960,17 @@
+ 	 * not disrupted
+ 	 */
+ 	map = &vmspace->vm_map;
+-	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
++	if (map_at_zero)
++		sv_minuser = sv->sv_minuser;
++	else
++		sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
++	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser &&
+ 	    vm_map_max(map) == sv->sv_maxuser) {
+ 		shmexit(vmspace);
+ 		pmap_remove_pages(vmspace_pmap(vmspace));
+ 		vm_map_remove(map, vm_map_min(map), vm_map_max(map));
+ 	} else {
+-		error = vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
++		error = vmspace_exec(p, sv_minuser, sv->sv_maxuser);
+ 		if (error)
+ 			return (error);
+ 		vmspace = p->p_vmspace;
diff --git a/share/security/patches/EN-09:05/null.patch.asc b/share/security/patches/EN-09:05/null.patch.asc
new file mode 100644
index 0000000000..3894755d92
--- /dev/null
+++ b/share/security/patches/EN-09:05/null.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBKxlu9FdaIBMps37IRAuOyAJ4j6HtxtoDHpdG69OA3T3Wc2xK7ogCfVdJf
+cL3WVf03oVhNc1I5k1eXKXM=
+=CsiD
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:05/null6.patch b/share/security/patches/EN-09:05/null6.patch
new file mode 100644
index 0000000000..95c0b0cbbe
--- /dev/null
+++ b/share/security/patches/EN-09:05/null6.patch
@@ -0,0 +1,48 @@
+Index: sys/kern/kern_exec.c
+===================================================================
+--- sys/kern/kern_exec.c	(revision 197682)
++++ sys/kern/kern_exec.c	(working copy)
+@@ -104,6 +104,13 @@
+ SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
+     &ps_arg_cache_limit, 0, "");
+ 
++SYSCTL_DECL(_security_bsd);
++
++static int map_at_zero = 1;
++TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero);
++SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0,
++    "Permit processes to map an object at virtual address 0.");
++
+ static int
+ sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
+ {
+@@ -914,7 +921,7 @@
+ 	int error;
+ 	struct proc *p = imgp->proc;
+ 	struct vmspace *vmspace = p->p_vmspace;
+-	vm_offset_t stack_addr;
++	vm_offset_t sv_minuser, stack_addr;
+ 	vm_map_t map;
+ 
+ 	imgp->vmspace_destroyed = 1;
+@@ -928,14 +935,18 @@
+ 	 * not disrupted
+ 	 */
+ 	map = &vmspace->vm_map;
+-	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
++	if (map_at_zero)
++		sv_minuser = sv->sv_minuser;
++	else
++		sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
++	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser &&
+ 	    vm_map_max(map) == sv->sv_maxuser) {
+ 		shmexit(vmspace);
+ 		pmap_remove_pages(vmspace_pmap(vmspace), vm_map_min(map),
+ 		    vm_map_max(map));
+ 		vm_map_remove(map, vm_map_min(map), vm_map_max(map));
+ 	} else {
+-		vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
++		vmspace_exec(p, sv_minuser, sv->sv_maxuser);
+ 		vmspace = p->p_vmspace;
+ 		map = &vmspace->vm_map;
+ 	}
diff --git a/share/security/patches/EN-09:05/null6.patch.asc b/share/security/patches/EN-09:05/null6.patch.asc
new file mode 100644
index 0000000000..26285f1aeb
--- /dev/null
+++ b/share/security/patches/EN-09:05/null6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBKxlvAFdaIBMps37IRAnuCAJ9VpkLz06gqrjlIdfoYwo1yW+iBggCeNyEL
+e/REZLpRe7LVWJA/V2lxUWA=
+=/hWS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/mcinit.patch b/share/security/patches/EN-10:01/mcinit.patch
new file mode 100644
index 0000000000..d559e080fd
--- /dev/null
+++ b/share/security/patches/EN-10:01/mcinit.patch
@@ -0,0 +1,20 @@
+Index: sys/netinet/ip_mroute.c
+===================================================================
+--- sys/netinet/ip_mroute.c	(revision 201431)
++++ sys/netinet/ip_mroute.c	(working copy)
+@@ -1384,6 +1384,15 @@ fail:
+ 	    rt->mfc_rp.s_addr = INADDR_ANY;
+ 	    rt->mfc_bw_meter = NULL;
+ 
++	    /* initialize pkt counters per src-grp */
++	    rt->mfc_pkt_cnt = 0;
++	    rt->mfc_byte_cnt = 0;
++	    rt->mfc_wrong_if = 0;
++	    timevalclear(&rt->mfc_last_assert);
++
++	    TAILQ_INIT(&rt->mfc_stall);
++	    rt->mfc_nstall = 0;
++
+ 	    /* link into table */
+ 	    LIST_INSERT_HEAD(&mfchashtbl[hash], rt, mfc_hash);
+ 	    TAILQ_INSERT_HEAD(&rt->mfc_stall, rte, rte_link);
diff --git a/share/security/patches/EN-10:01/mcinit.patch.asc b/share/security/patches/EN-10:01/mcinit.patch.asc
new file mode 100644
index 0000000000..7aef3ada9a
--- /dev/null
+++ b/share/security/patches/EN-10:01/mcinit.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ97FdaIBMps37IRAiZJAJ9Py2iMOvav27vV5asuH/0hBYRVogCePJ/r
+K03edeiH7Tql3ZHfeRo8yko=
+=aa1V
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/multicast.patch b/share/security/patches/EN-10:01/multicast.patch
new file mode 100644
index 0000000000..1ca1de6c52
--- /dev/null
+++ b/share/security/patches/EN-10:01/multicast.patch
@@ -0,0 +1,100 @@
+Index: sys/netinet/raw_ip.c
+===================================================================
+--- sys/netinet/raw_ip.c	(revision 200583)
++++ sys/netinet/raw_ip.c	(working copy)
+@@ -343,17 +343,35 @@ rip_input(struct mbuf *m, int off)
+ 		 */
+ 		if (inp->inp_moptions != NULL &&
+ 		    IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
+-			struct sockaddr_in group;
++			/*
++			 * If the incoming datagram is for IGMP, allow it
++			 * through unconditionally to the raw socket.
++			 *
++			 * In the case of IGMPv2, we may not have explicitly
++			 * joined the group, and may have set IFF_ALLMULTI
++			 * on the interface. imo_multi_filter() may discard
++			 * control traffic we actually need to see.
++			 *
++			 * Userland multicast routing daemons should continue
++			 * filter the control traffic appropriately.
++			 */
+ 			int blocked;
+ 
+-			bzero(&group, sizeof(struct sockaddr_in));
+-			group.sin_len = sizeof(struct sockaddr_in);
+-			group.sin_family = AF_INET;
+-			group.sin_addr = ip->ip_dst;
++			blocked = MCAST_PASS;
++			if (proto != IPPROTO_IGMP) {
++				struct sockaddr_in group;
+ 
+-			blocked = imo_multi_filter(inp->inp_moptions, ifp,
+-			    (struct sockaddr *)&group,
+-			    (struct sockaddr *)&ripsrc);
++				bzero(&group, sizeof(struct sockaddr_in));
++				group.sin_len = sizeof(struct sockaddr_in);
++				group.sin_family = AF_INET;
++				group.sin_addr = ip->ip_dst;
++
++				blocked = imo_multi_filter(inp->inp_moptions,
++				    ifp,
++				    (struct sockaddr *)&group,
++				    (struct sockaddr *)&ripsrc);
++			}
++
+ 			if (blocked != MCAST_PASS) {
+ 				IPSTAT_INC(ips_notmember);
+ 				continue;
+Index: sys/netinet6/raw_ip6.c
+===================================================================
+--- sys/netinet6/raw_ip6.c	(revision 200583)
++++ sys/netinet6/raw_ip6.c	(working copy)
+@@ -213,17 +213,39 @@ rip6_input(struct mbuf **mp, int *offp, int proto)
+ 		 */
+ 		if (in6p->in6p_moptions &&
+ 		    IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
+-			struct sockaddr_in6 mcaddr;
++			/*
++			 * If the incoming datagram is for MLD, allow it
++			 * through unconditionally to the raw socket.
++			 *
++			 * Use the M_RTALERT_MLD flag to check for MLD
++			 * traffic without having to inspect the mbuf chain
++			 * more deeply, as all MLDv1/v2 host messages MUST
++			 * contain the Router Alert option.
++			 *
++			 * In the case of MLDv1, we may not have explicitly
++			 * joined the group, and may have set IFF_ALLMULTI
++			 * on the interface. im6o_mc_filter() may discard
++			 * control traffic we actually need to see.
++			 *
++			 * Userland multicast routing daemons should continue
++			 * filter the control traffic appropriately.
++			 */
+ 			int blocked;
+ 
+-			bzero(&mcaddr, sizeof(struct sockaddr_in6));
+-			mcaddr.sin6_len = sizeof(struct sockaddr_in6);
+-			mcaddr.sin6_family = AF_INET6;
+-			mcaddr.sin6_addr = ip6->ip6_dst;
++			blocked = MCAST_PASS;
++			if ((m->m_flags & M_RTALERT_MLD) == 0) {
++				struct sockaddr_in6 mcaddr;
+ 
+-			blocked = im6o_mc_filter(in6p->in6p_moptions, ifp,
+-			    (struct sockaddr *)&mcaddr,
+-			    (struct sockaddr *)&fromsa);
++				bzero(&mcaddr, sizeof(struct sockaddr_in6));
++				mcaddr.sin6_len = sizeof(struct sockaddr_in6);
++				mcaddr.sin6_family = AF_INET6;
++				mcaddr.sin6_addr = ip6->ip6_dst;
++
++				blocked = im6o_mc_filter(in6p->in6p_moptions,
++				    ifp,
++				    (struct sockaddr *)&mcaddr,
++				    (struct sockaddr *)&fromsa);
++			}
+ 			if (blocked != MCAST_PASS) {
+ 				IP6STAT_INC(ip6s_notmember);
+ 				continue;
diff --git a/share/security/patches/EN-10:01/multicast.patch.asc b/share/security/patches/EN-10:01/multicast.patch.asc
new file mode 100644
index 0000000000..5c465c38e2
--- /dev/null
+++ b/share/security/patches/EN-10:01/multicast.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ9/FdaIBMps37IRAuT6AJ49tONO/rrRaYM2zCY309CdPW3GNwCgnxls
+mSkLO892pvQKqaFTgjFof0w=
+=e/N4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/nfsreconnect.patch b/share/security/patches/EN-10:01/nfsreconnect.patch
new file mode 100644
index 0000000000..61dfbb2cfb
--- /dev/null
+++ b/share/security/patches/EN-10:01/nfsreconnect.patch
@@ -0,0 +1,27 @@
+Index: sys/rpc/clnt_vc.c
+===================================================================
+--- sys/rpc/clnt_vc.c	(revision 200583)
++++ sys/rpc/clnt_vc.c	(working copy)
+@@ -413,6 +413,22 @@ call_again:
+ 
+ 	cr->cr_xid = xid;
+ 	mtx_lock(&ct->ct_lock);
++	/*
++	 * Check to see if the other end has already started to close down
++	 * the connection. The upcall will have set ct_error.re_status
++	 * to RPC_CANTRECV if this is the case.
++	 * If the other end starts to close down the connection after this
++	 * point, it will be detected later when cr_error is checked,
++	 * since the request is in the ct_pending queue.
++	 */
++	if (ct->ct_error.re_status == RPC_CANTRECV) {
++		if (errp != &ct->ct_error) {
++			errp->re_errno = ct->ct_error.re_errno;
++			errp->re_status = RPC_CANTRECV;
++		}
++		stat = RPC_CANTRECV;
++		goto out;
++	}
+ 	TAILQ_INSERT_TAIL(&ct->ct_pending, cr, cr_link);
+ 	mtx_unlock(&ct->ct_lock);
+ 
diff --git a/share/security/patches/EN-10:01/nfsreconnect.patch.asc b/share/security/patches/EN-10:01/nfsreconnect.patch.asc
new file mode 100644
index 0000000000..66509664a5
--- /dev/null
+++ b/share/security/patches/EN-10:01/nfsreconnect.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+CFdaIBMps37IRAgxzAJ9whBL/OL5Iz3q5VxVFYSYtPh8INgCfVup2
+Vcul/i1E5SPCyfjeu11LWSI=
+=T7Kh
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/rename.patch b/share/security/patches/EN-10:01/rename.patch
new file mode 100644
index 0000000000..ef70801f8b
--- /dev/null
+++ b/share/security/patches/EN-10:01/rename.patch
@@ -0,0 +1,17 @@
+Index: sys/kern/vfs_lookup.c
+===================================================================
+--- sys/kern/vfs_lookup.c	(revision 200583)
++++ sys/kern/vfs_lookup.c	(working copy)
+@@ -552,6 +552,12 @@ dirloop:
+ 	else
+ 		cnp->cn_flags &= ~ISLASTCN;
+ 
++	if ((cnp->cn_flags & ISLASTCN) != 0 &&
++	    cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.' &&
++	    (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
++		error = EINVAL;
++		goto bad;
++	}
+ 
+ 	/*
+ 	 * Check for degenerate name (e.g. / or "")
diff --git a/share/security/patches/EN-10:01/rename.patch.asc b/share/security/patches/EN-10:01/rename.patch.asc
new file mode 100644
index 0000000000..f7bf8d9e29
--- /dev/null
+++ b/share/security/patches/EN-10:01/rename.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+GFdaIBMps37IRAsHrAJ9g66jI3fSGB4fINVFNE0snEzke8ACcDN0B
+181UsnOfrdrQVLHJiytzX2E=
+=LxDa
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/sctp.patch b/share/security/patches/EN-10:01/sctp.patch
new file mode 100644
index 0000000000..7543c42d2b
--- /dev/null
+++ b/share/security/patches/EN-10:01/sctp.patch
@@ -0,0 +1,14 @@
+Index: sys/netinet/sctp_input.c
+===================================================================
+--- sys/netinet/sctp_input.c	(revision 200583)
++++ sys/netinet/sctp_input.c	(working copy)
+@@ -834,6 +834,9 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *c
+ 		return;
+ 	} else {
+ 		sctp_update_acked(stcb, cp, net, abort_flag);
++		if (*abort_flag) {
++			return;
++		}
+ 	}
+ 	if (asoc->control_pdapi) {
+ 		/*
diff --git a/share/security/patches/EN-10:01/sctp.patch.asc b/share/security/patches/EN-10:01/sctp.patch.asc
new file mode 100644
index 0000000000..3ea667c7fa
--- /dev/null
+++ b/share/security/patches/EN-10:01/sctp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+KFdaIBMps37IRAucUAJ9tjhRHdgEPJCzgo+RqqbByqdnHBQCeIMX0
+ASUbaYhkffhO7sAJONHEg68=
+=GJHF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/zfsmac.patch b/share/security/patches/EN-10:01/zfsmac.patch
new file mode 100644
index 0000000000..286e3959fe
--- /dev/null
+++ b/share/security/patches/EN-10:01/zfsmac.patch
@@ -0,0 +1,78 @@
+Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c
+===================================================================
+--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c	(revision 200583)
++++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c	(working copy)
+@@ -143,16 +143,19 @@ zfs_znode_cache_constructor(void *buf, void *arg,
+ 
+ 	POINTER_INVALIDATE(&zp->z_zfsvfs);
+ 	ASSERT(!POINTER_IS_VALID(zp->z_zfsvfs));
+-	ASSERT(vfsp != NULL);
+ 
+-	error = getnewvnode("zfs", vfsp, &zfs_vnodeops, &vp);
+-	if (error != 0 && (kmflags & KM_NOSLEEP))
+-		return (-1);
+-	ASSERT(error == 0);
+-	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
+-	zp->z_vnode = vp;
+-	vp->v_data = (caddr_t)zp;
+-	VN_LOCK_AREC(vp);
++	if (vfsp != NULL) {
++		error = getnewvnode("zfs", vfsp, &zfs_vnodeops, &vp);
++		if (error != 0 && (kmflags & KM_NOSLEEP))
++			return (-1);
++		ASSERT(error == 0);
++		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
++		zp->z_vnode = vp;
++		vp->v_data = (caddr_t)zp;
++		VN_LOCK_AREC(vp);
++	} else {
++		zp->z_vnode = NULL;
++	}
+ 
+ 	list_link_init(&zp->z_link_node);
+ 
+@@ -1435,7 +1438,7 @@ zfs_create_fs(objset_t *os, cred_t *cr, nvlist_t *
+ 	nvpair_t	*elem;
+ 	int		error;
+ 	znode_t		*rootzp = NULL;
+-	vnode_t		*vp;
++	vnode_t		vnode;
+ 	vattr_t		vattr;
+ 	znode_t		*zp;
+ 
+@@ -1504,13 +1507,13 @@ zfs_create_fs(objset_t *os, cred_t *cr, nvlist_t *
+ 	vattr.va_gid = crgetgid(cr);
+ 
+ 	rootzp = kmem_cache_alloc(znode_cache, KM_SLEEP);
+-	zfs_znode_cache_constructor(rootzp, &zfsvfs, 0);
++	zfs_znode_cache_constructor(rootzp, NULL, 0);
+ 	rootzp->z_unlinked = 0;
+ 	rootzp->z_atime_dirty = 0;
+ 
+-	vp = ZTOV(rootzp);
+-	vp->v_type = VDIR;
+-	VN_LOCK_ASHARE(vp);
++	vnode.v_type = VDIR;
++	vnode.v_data = rootzp;
++	rootzp->z_vnode = &vnode;
+ 
+ 	bzero(&zfsvfs, sizeof (zfsvfs_t));
+ 
+@@ -1539,16 +1542,10 @@ zfs_create_fs(objset_t *os, cred_t *cr, nvlist_t *
+ 	ASSERT(error == 0);
+ 	POINTER_INVALIDATE(&rootzp->z_zfsvfs);
+ 
+-	VI_LOCK(vp);
+-	ZTOV(rootzp)->v_data = NULL;
+-	ZTOV(rootzp)->v_count = 0;
+-	ZTOV(rootzp)->v_holdcnt = 0;
+-	rootzp->z_vnode = NULL;
+-	VOP_UNLOCK(vp, 0);
+-	vdestroy(vp);
+ 	dmu_buf_rele(rootzp->z_dbuf, NULL);
+ 	rootzp->z_dbuf = NULL;
+ 	mutex_destroy(&zfsvfs.z_znodes_lock);
++	rootzp->z_vnode = NULL;
+ 	kmem_cache_free(znode_cache, rootzp);
+ }
+ 
diff --git a/share/security/patches/EN-10:01/zfsmac.patch.asc b/share/security/patches/EN-10:01/zfsmac.patch.asc
new file mode 100644
index 0000000000..ff2d98cb29
--- /dev/null
+++ b/share/security/patches/EN-10:01/zfsmac.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+OFdaIBMps37IRAoKrAJ96Nx1lSfC0pQG6vXgBP15kl13VOwCfVnT4
+GDh8Jy+GHTH56I82n4SgoaA=
+=DMKc
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/zfsvaccess.patch b/share/security/patches/EN-10:01/zfsvaccess.patch
new file mode 100644
index 0000000000..4a47391171
--- /dev/null
+++ b/share/security/patches/EN-10:01/zfsvaccess.patch
@@ -0,0 +1,72 @@
+Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
+===================================================================
+--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	(revision 200583)
++++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	(working copy)
+@@ -3981,21 +3981,33 @@ zfs_freebsd_access(ap)
+ 		struct thread *a_td;
+ 	} */ *ap;
+ {
++	accmode_t accmode;
++	int error = 0;
+ 
+ 	/*
+-	 * ZFS itself only knowns about VREAD, VWRITE and VEXEC, the rest
+-	 * we have to handle by calling vaccess().
++	 * ZFS itself only knowns about VREAD, VWRITE, VEXEC and VAPPEND,
+ 	 */
+-	if ((ap->a_accmode & ~(VREAD|VWRITE|VEXEC)) != 0) {
+-		vnode_t *vp = ap->a_vp;
+-		znode_t *zp = VTOZ(vp);
+-		znode_phys_t *zphys = zp->z_phys;
++	accmode = ap->a_accmode & (VREAD|VWRITE|VEXEC|VAPPEND);
++	if (accmode != 0)
++		error = zfs_access(ap->a_vp, accmode, 0, ap->a_cred, NULL);
+ 
+-		return (vaccess(vp->v_type, zphys->zp_mode, zphys->zp_uid,
+-		    zphys->zp_gid, ap->a_accmode, ap->a_cred, NULL));
++	/*
++	 * VADMIN has to be handled by vaccess().
++	 */
++	if (error == 0) {
++		accmode = ap->a_accmode & ~(VREAD|VWRITE|VEXEC|VAPPEND);
++		if (accmode != 0) {
++			vnode_t *vp = ap->a_vp;
++			znode_t *zp = VTOZ(vp);
++			znode_phys_t *zphys = zp->z_phys;
++
++			error = vaccess(vp->v_type, zphys->zp_mode,
++			    zphys->zp_uid, zphys->zp_gid, accmode, ap->a_cred,
++			    NULL);
++		}
+ 	}
+ 
+-	return (zfs_access(ap->a_vp, ap->a_accmode, 0, ap->a_cred, NULL));
++	return (error);
+ }
+ 
+ static int
+Index: sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h
+===================================================================
+--- sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h	(revision 200583)
++++ sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h	(working copy)
+@@ -304,7 +304,6 @@ typedef struct xvattr {
+  * VOP_ACCESS flags
+  */
+ #define	V_ACE_MASK	0x1	/* mask represents  NFSv4 ACE permissions */
+-#define	V_APPEND	0x2	/* want to do append only check */
+ 
+ /*
+  * Flags for vnode operations.
+Index: sys/cddl/compat/opensolaris/sys/vnode.h
+===================================================================
+--- sys/cddl/compat/opensolaris/sys/vnode.h	(revision 200583)
++++ sys/cddl/compat/opensolaris/sys/vnode.h	(working copy)
+@@ -57,6 +57,8 @@ typedef	struct vop_vector	vnodeops_t;
+ 
+ #define	v_count	v_usecount
+ 
++#define	V_APPEND	VAPPEND
++
+ static __inline int
+ vn_is_readonly(vnode_t *vp)
+ {
diff --git a/share/security/patches/EN-10:01/zfsvaccess.patch.asc b/share/security/patches/EN-10:01/zfsvaccess.patch.asc
new file mode 100644
index 0000000000..3d295b1d99
--- /dev/null
+++ b/share/security/patches/EN-10:01/zfsvaccess.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+RFdaIBMps37IRAutJAJ9kWtj/5fk1Ng6qmDRdb2qbX00/RwCgg631
++1Gsl+PGrFamz+iU2fTcfFA=
+=IAmh
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:02/sched_ule.patch b/share/security/patches/EN-10:02/sched_ule.patch
new file mode 100644
index 0000000000..0ec8e23fe1
--- /dev/null
+++ b/share/security/patches/EN-10:02/sched_ule.patch
@@ -0,0 +1,38 @@
+Index: sys/kern/sched_ule.c
+===================================================================
+--- sys/kern/sched_ule.c	(revision 202744)
++++ sys/kern/sched_ule.c	(working copy)
+@@ -1822,18 +1822,24 @@
+ 	 */
+ 	spinlock_enter();
+ 	thread_block_switch(td);	/* This releases the lock on tdq. */
+-	TDQ_LOCK(tdn);
+-	tdq_add(tdn, td, flags);
+-	tdq_notify(td->td_sched);
++
+ 	/*
+-	 * After we unlock tdn the new cpu still can't switch into this
+-	 * thread until we've unblocked it in cpu_switch().  The lock
+-	 * pointers may match in the case of HTT cores.  Don't unlock here
+-	 * or we can deadlock when the other CPU runs the IPI handler.
++	 * Acquire both run-queue locks before placing the thread on the new
++	 * run-queue to avoid deadlocks created by placing a thread with a
++	 * blocked lock on the run-queue of a remote processor.  The deadlock
++	 * occurs when a third processor attempts to lock the two queues in
++	 * question while the target processor is spinning with its own
++	 * run-queue lock held while waiting for the blocked lock to clear.
+ 	 */
+-	if (TDQ_LOCKPTR(tdn) != TDQ_LOCKPTR(tdq)) {
++	if (TDQ_LOCKPTR(tdn) == TDQ_LOCKPTR(tdq)) {
++		TDQ_LOCK(tdq);
++		tdq_add(tdn, td, flags);
++		tdq_notify(td->td_sched);
++	} else {
++		tdq_lock_pair(tdn, tdq);
++		tdq_add(tdn, td, flags);
++		tdq_notify(td->td_sched);
+ 		TDQ_UNLOCK(tdn);
+-		TDQ_LOCK(tdq);
+ 	}
+ 	spinlock_exit();
+ #endif
diff --git a/share/security/patches/EN-10:02/sched_ule.patch.asc b/share/security/patches/EN-10:02/sched_ule.patch.asc
new file mode 100644
index 0000000000..fd5acbd170
--- /dev/null
+++ b/share/security/patches/EN-10:02/sched_ule.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAkuI+2cACgkQFdaIBMps37I9nACfb7RXdJIvRAFy0ElvUKGQsLl5
+yA8Ani0yxIBPwQiwJdq8rNR3UbMMuPxG
+=rF8H
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-12:01/freebsd-update.patch b/share/security/patches/EN-12:01/freebsd-update.patch
new file mode 100644
index 0000000000..981e7d964b
--- /dev/null
+++ b/share/security/patches/EN-12:01/freebsd-update.patch
@@ -0,0 +1,13 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh	(revision 226649)
++++ usr.sbin/freebsd-update/freebsd-update.sh	(revision 226650)
+@@ -1200,7 +1200,7 @@
+ 	# Some aliases to save space later: ${P} is a character which can
+ 	# appear in a path; ${M} is the four numeric metadata fields; and
+ 	# ${H} is a sha256 hash.
+-	P="[-+./:=_[[:alnum:]]"
++	P="[-+./:=%@_[[:alnum:]]"
+ 	M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+"
+ 	H="[0-9a-f]{64}"
+ 
diff --git a/share/security/patches/EN-12:01/freebsd-update.patch.asc b/share/security/patches/EN-12:01/freebsd-update.patch.asc
new file mode 100644
index 0000000000..ff0a4db7c4
--- /dev/null
+++ b/share/security/patches/EN-12:01/freebsd-update.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk8E5YoACgkQFdaIBMps37KtdACfZ9/XDtViOAhdW6xNeAsBoNmN
+d6UAnRzpcJ8Ld4kRuasQ6iO25WOXS4hB
+=+OUY
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-12:02/ipv6refcount-83.patch b/share/security/patches/EN-12:02/ipv6refcount-83.patch
new file mode 100644
index 0000000000..66d07c61bf
--- /dev/null
+++ b/share/security/patches/EN-12:02/ipv6refcount-83.patch
@@ -0,0 +1,110 @@
+Index: sys/netinet6/in6.c
+===================================================================
+--- sys/netinet6/in6.c.orig
++++ sys/netinet6/in6.c
+@@ -1667,14 +1667,19 @@ in6_lifaddr_ioctl(struct socket *so, u_long cmd, c
+ 			hostid = IFA_IN6(ifa);
+ 
+ 			/* prefixlen must be <= 64. */
+-			if (64 < iflr->prefixlen)
++			if (64 < iflr->prefixlen) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
++			}
+ 			prefixlen = iflr->prefixlen;
+ 
+ 			/* hostid part must be zero. */
+ 			sin6 = (struct sockaddr_in6 *)&iflr->addr;
+ 			if (sin6->sin6_addr.s6_addr32[2] != 0 ||
+ 			    sin6->sin6_addr.s6_addr32[3] != 0) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
+ 			}
+ 		} else
+@@ -2265,14 +2265,20 @@ in6_ifawithifp(struct ifnet *ifp, struct in6_addr
+ 		IF_ADDR_UNLOCK(ifp);
+ 		return (struct in6_ifaddr *)ifa;
+ 	}
+-	IF_ADDR_UNLOCK(ifp);
+ 
+ 	/* use the last-resort values, that are, deprecated addresses */
+-	if (dep[0])
++	if (dep[0]) {
++		ifa_ref((struct ifaddr *)dep[0]);
++		IF_ADDR_UNLOCK(ifp);
+ 		return dep[0];
+-	if (dep[1])
++	}
++	if (dep[1]) {
++		ifa_ref((struct ifaddr *)dep[1]);
++		IF_ADDR_UNLOCK(ifp);
+ 		return dep[1];
++	}
+ 
++	IF_ADDR_UNLOCK(ifp);
+ 	return NULL;
+ }
+ 
+Index: sys/netinet6/ip6_input.c
+===================================================================
+--- sys/netinet6/ip6_input.c.orig
++++ sys/netinet6/ip6_input.c
+@@ -879,19 +879,23 @@ passin:
+ 	 * as our interface address (e.g. multicast addresses, addresses
+ 	 * within FAITH prefixes and such).
+ 	 */
+-	if (deliverifp && !ip6_getdstifaddr(m)) {
++	if (deliverifp) {
+ 		struct in6_ifaddr *ia6;
+ 
+-		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
+-		if (ia6) {
+-			if (!ip6_setdstifaddr(m, ia6)) {
+-				/*
+-				 * XXX maybe we should drop the packet here,
+-				 * as we could not provide enough information
+-				 * to the upper layers.
+-				 */
++ 		if ((ia6 = ip6_getdstifaddr(m)) != NULL) {
++			ifa_free(&ia6->ia_ifa);
++		} else {
++			ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
++			if (ia6) {
++				if (!ip6_setdstifaddr(m, ia6)) {
++					/*
++					 * XXX maybe we should drop the packet here,
++					 * as we could not provide enough information
++					 * to the upper layers.
++					 */
++				}
++				ifa_free(&ia6->ia_ifa);
+ 			}
+-			ifa_free(&ia6->ia_ifa);
+ 		}
+ 	}
+ 
+Index: sys/netinet/tcp_input.c
+===================================================================
+--- sys/netinet/tcp_input.c.orig
++++ sys/netinet/tcp_input.c
+@@ -512,6 +512,8 @@ tcp6_input(struct mbuf **mp, int *offp, int proto)
+ 			    (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
+ 		return IPPROTO_DONE;
+ 	}
++	if (ia6)
++		ifa_free(&ia6->ia_ifa);
+ 
+ 	tcp_input(m, *offp);
+ 	return IPPROTO_DONE;
+@@ -1240,7 +1242,8 @@ relocked:
+ 				rstreason = BANDLIM_RST_OPENPORT;
+ 				goto dropwithreset;
+ 			}
+-			ifa_free(&ia6->ia_ifa);
++			if (ia6)
++				ifa_free(&ia6->ia_ifa);
+ 		}
+ #endif /* INET6 */
+ 		/*
diff --git a/share/security/patches/EN-12:02/ipv6refcount-83.patch.asc b/share/security/patches/EN-12:02/ipv6refcount-83.patch.asc
new file mode 100644
index 0000000000..a982cc54bb
--- /dev/null
+++ b/share/security/patches/EN-12:02/ipv6refcount-83.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/XKOMACgkQFdaIBMps37LfUQCfbv+dBpZkOEKahx6U5Yz1+EW+
+4FUAoJOh8xtmVU+03ym+Jryyi/zTz8//
+=s9mN
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-12:02/ipv6refcount.patch b/share/security/patches/EN-12:02/ipv6refcount.patch
new file mode 100644
index 0000000000..f0984f6776
--- /dev/null
+++ b/share/security/patches/EN-12:02/ipv6refcount.patch
@@ -0,0 +1,128 @@
+Index: sys/netinet6/in6.c
+===================================================================
+--- sys/netinet6/in6.c.orig
++++ sys/netinet6/in6.c
+@@ -1369,6 +1369,8 @@ in6_purgeaddr(struct ifaddr *ifa)
+ 	}
+ 
+ cleanup:
++	if (ifa0 != NULL)
++		ifa_free(ifa0);
+ 
+ 	plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
+ 	if ((ia->ia_flags & IFA_ROUTE) && plen == 128) {
+@@ -1393,8 +1395,6 @@ cleanup:
+ 			return;
+ 		ia->ia_flags &= ~IFA_ROUTE;
+ 	}
+-	if (ifa0 != NULL)
+-		ifa_free(ifa0);
+ 
+ 	in6_unlink_ifa(ia, ifp);
+ }
+@@ -1667,14 +1667,19 @@ in6_lifaddr_ioctl(struct socket *so, u_long cmd, c
+ 			hostid = IFA_IN6(ifa);
+ 
+ 			/* prefixlen must be <= 64. */
+-			if (64 < iflr->prefixlen)
++			if (64 < iflr->prefixlen) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
++			}
+ 			prefixlen = iflr->prefixlen;
+ 
+ 			/* hostid part must be zero. */
+ 			sin6 = (struct sockaddr_in6 *)&iflr->addr;
+ 			if (sin6->sin6_addr.s6_addr32[2] != 0 ||
+ 			    sin6->sin6_addr.s6_addr32[3] != 0) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
+ 			}
+ 		} else
+@@ -2265,14 +2265,20 @@ in6_ifawithifp(struct ifnet *ifp, struct in6_addr
+ 		IN6_IFADDR_RUNLOCK();
+ 		return (struct in6_ifaddr *)ifa;
+ 	}
+-	IN6_IFADDR_RUNLOCK();
+ 
+ 	/* use the last-resort values, that are, deprecated addresses */
+-	if (dep[0])
++	if (dep[0]) {
++		ifa_ref((struct ifaddr *)dep[0]);
++		IN6_IFADDR_RUNLOCK();
+ 		return dep[0];
+-	if (dep[1])
++	}
++	if (dep[1]) {
++		ifa_ref((struct ifaddr *)dep[1]);
++		IN6_IFADDR_RUNLOCK();
+ 		return dep[1];
++	}
+ 
++	IN6_IFADDR_RUNLOCK();
+ 	return NULL;
+ }
+ 
+Index: sys/netinet6/ip6_input.c
+===================================================================
+--- sys/netinet6/ip6_input.c.orig
++++ sys/netinet6/ip6_input.c
+@@ -879,19 +879,23 @@ passin:
+ 	 * as our interface address (e.g. multicast addresses, addresses
+ 	 * within FAITH prefixes and such).
+ 	 */
+-	if (deliverifp && !ip6_getdstifaddr(m)) {
++	if (deliverifp) {
+ 		struct in6_ifaddr *ia6;
+ 
+-		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
+-		if (ia6) {
+-			if (!ip6_setdstifaddr(m, ia6)) {
+-				/*
+-				 * XXX maybe we should drop the packet here,
+-				 * as we could not provide enough information
+-				 * to the upper layers.
+-				 */
++ 		if ((ia6 = ip6_getdstifaddr(m)) != NULL) {
++			ifa_free(&ia6->ia_ifa);
++		} else {
++			ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
++			if (ia6) {
++				if (!ip6_setdstifaddr(m, ia6)) {
++					/*
++					 * XXX maybe we should drop the packet here,
++					 * as we could not provide enough information
++					 * to the upper layers.
++					 */
++				}
++				ifa_free(&ia6->ia_ifa);
+ 			}
+-			ifa_free(&ia6->ia_ifa);
+ 		}
+ 	}
+ 
+Index: sys/netinet/tcp_input.c
+===================================================================
+--- sys/netinet/tcp_input.c.orig
++++ sys/netinet/tcp_input.c
+@@ -512,6 +512,8 @@ tcp6_input(struct mbuf **mp, int *offp, int proto)
+ 			    (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
+ 		return IPPROTO_DONE;
+ 	}
++	if (ia6)
++		ifa_free(&ia6->ia_ifa);
+ 
+ 	tcp_input(m, *offp);
+ 	return IPPROTO_DONE;
+@@ -1240,7 +1242,8 @@ relocked:
+ 				rstreason = BANDLIM_RST_OPENPORT;
+ 				goto dropwithreset;
+ 			}
+-			ifa_free(&ia6->ia_ifa);
++			if (ia6)
++				ifa_free(&ia6->ia_ifa);
+ 		}
+ #endif /* INET6 */
+ 		/*
diff --git a/share/security/patches/EN-12:02/ipv6refcount.patch.asc b/share/security/patches/EN-12:02/ipv6refcount.patch.asc
new file mode 100644
index 0000000000..1cecb8a73d
--- /dev/null
+++ b/share/security/patches/EN-12:02/ipv6refcount.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/XKOYACgkQFdaIBMps37L1xgCghv0nKCAbvnsZ1y1Ng79Vkehw
+lZoAn31zYDwpQv2cNI7Qnm3wIhri3g0l
+=nLtR
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:01/make.patch b/share/security/patches/SA-00:01/make.patch
new file mode 100644
index 0000000000..d10c7ecb94
--- /dev/null
+++ b/share/security/patches/SA-00:01/make.patch
@@ -0,0 +1,146 @@
+    Index: job.c
+    ===================================================================
+    RCS file: /home/ncvs/src/usr.bin/make/job.c,v
+    retrieving revision 1.16
+    diff -u -r1.16 job.c
+    --- job.c	1999/09/11 13:08:01	1.16
+    +++ job.c	2000/01/17 01:42:57
+    @@ -163,14 +163,6 @@
+     #define JOB_STOPPED	3   	/* The job is stopped */
+     
+     /*
+    - * tfile is the name of a file into which all shell commands are put. It is
+    - * used over by removing it before the child shell is executed. The XXXXXXXXXX
+    - * in the string are replaced by mkstemp(3).
+    - */
+    -static char     tfile[sizeof(TMPPAT)];
+    -
+    -
+    -/*
+      * Descriptions for various shells.
+      */
+     static Shell    shells[] = {
+    @@ -993,7 +985,7 @@
+     	/*
+     	 * If we are aborting and the job table is now empty, we finish.
+     	 */
+    -	(void) eunlink(tfile);
+    +	(void) eunlink(job->tfile);
+     	Finish(errors);
+         }
+     }
+    @@ -1668,6 +1660,7 @@
+         Boolean	  cmdsOK;     /* true if the nodes commands were all right */
+         Boolean 	  local;      /* Set true if the job was run locally */
+         Boolean 	  noExec;     /* Set true if we decide not to run the job */
+    +    int		  tfd;	      /* File descriptor for temp file */
+     
+         if (previous != NULL) {
+     	previous->flags &= ~(JOB_FIRST|JOB_IGNERR|JOB_SILENT|JOB_REMOTE);
+    @@ -1697,6 +1690,12 @@
+         }
+         job->flags |= flags;
+     
+    +    (void) strcpy(job->tfile, TMPPAT);
+    +    if ((tfd = mkstemp(job->tfile)) == -1)
+    +	Punt("cannot create temp file: %s", strerror(errno));
+    +    else
+    +	(void) close(tfd);
+    +
+         /*
+          * Check the commands now so any attributes from .DEFAULT have a chance
+          * to migrate to the node
+    @@ -1722,9 +1721,9 @@
+     	    DieHorribly();
+     	}
+     
+    -	job->cmdFILE = fopen(tfile, "w+");
+    +	job->cmdFILE = fopen(job->tfile, "w+");
+     	if (job->cmdFILE == NULL) {
+    -	    Punt("Could not open %s", tfile);
+    +	    Punt("Could not open %s", job->tfile);
+     	}
+     	(void) fcntl(FILENO(job->cmdFILE), F_SETFD, 1);
+     	/*
+    @@ -1830,7 +1829,7 @@
+     	 * Unlink and close the command file if we opened one
+     	 */
+     	if (job->cmdFILE != stdout) {
+    -	    (void) eunlink(tfile);
+    +	    (void) eunlink(job->tfile);
+     	    if (job->cmdFILE != NULL)
+     		(void) fclose(job->cmdFILE);
+     	} else {
+    @@ -1859,7 +1858,7 @@
+     	}
+         } else {
+     	(void) fflush(job->cmdFILE);
+    -	(void) eunlink(tfile);
+    +	(void) eunlink(job->tfile);
+         }
+     
+         /*
+    @@ -2403,13 +2402,6 @@
+     			     * be running at once. */
+     {
+         GNode         *begin;     /* node for commands to do at the very start */
+    -    int	          tfd;
+    -
+    -    (void) strcpy(tfile, TMPPAT);
+    -    if ((tfd = mkstemp(tfile)) == -1)
+    -	Punt("cannot create temp file: %s", strerror(errno));
+    -    else
+    -	(void) close(tfd);
+     
+         jobs =  	  Lst_Init(FALSE);
+         stoppedJobs = Lst_Init(FALSE);
+    @@ -2914,7 +2906,7 @@
+     	    }
+     	}
+         }
+    -    (void) eunlink(tfile);
+    +    (void) eunlink(job->tfile);
+     }
+     
+     /*
+    @@ -2948,7 +2940,6 @@
+     	    }
+     	}
+         }
+    -    (void) eunlink(tfile);
+         return(errors);
+     }
+     
+    @@ -3024,6 +3015,7 @@
+     	    KILL(job->pid, SIGINT);
+     	    KILL(job->pid, SIGKILL);
+     #endif /* RMT_WANTS_SIGNALS */
+    +	    (void) eunlink(job->tfile);
+     	}
+         }
+     
+    @@ -3032,7 +3024,6 @@
+          */
+         while (waitpid((pid_t) -1, &foo, WNOHANG) > 0)
+     	continue;
+    -    (void) eunlink(tfile);
+     }
+     
+     #ifdef REMOTE
+    Index: job.h
+    ===================================================================
+    RCS file: /home/ncvs/src/usr.bin/make/job.h,v
+    retrieving revision 1.10
+    diff -u -r1.10 job.h
+    --- job.h	1999/08/28 01:03:31	1.10
+    +++ job.h	2000/01/17 01:42:31
+    @@ -93,6 +93,8 @@
+     #define JOB_BUFSIZE	1024
+     typedef struct Job {
+         int       	pid;	    /* The child's process ID */
+    +    char	tfile[sizeof(TMPPAT)];
+    +			    /* Temporary file to use for job */
+         GNode    	*node;      /* The target the child is making */
+         LstNode 	tailCmds;   /* The node of the first command to be
+     			     * saved when the job has been run */
+    
diff --git a/share/security/patches/SA-00:01/make.patch.asc b/share/security/patches/SA-00:01/make.patch.asc
new file mode 100644
index 0000000000..d1d1d90edf
--- /dev/null
+++ b/share/security/patches/SA-00:01/make.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.3ia
+
+iQCVAwUAOIVvN1UuHi5z0oilAQG8iAQAndtRYoXTIegxqIMf4kBXENyzCf6J1m6D
+7jSr54VhPhPW4nEu8jDXGvSn9EahkDEKy7LNZqx5QyNPvHJa+KrHp6V1tISrKA6k
+9XDXqfwEELFRMQ74MYfyLWt16QzjcWW2fJWZ0O55+F0ed5p1rej0DwFfSN0Qb8OF
+DTLhIMGRXI8=
+=7AWu
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:02/procfs.patch b/share/security/patches/SA-00:02/procfs.patch
new file mode 100644
index 0000000000..ae725eaea4
--- /dev/null
+++ b/share/security/patches/SA-00:02/procfs.patch
@@ -0,0 +1,100 @@
+Index: sys/filedesc.h
+===================================================================
+RCS file: /base/FreeBSD-CVS/src/sys/sys/filedesc.h,v
+retrieving revision 1.15.2.1
+diff -u -r1.15.2.1 filedesc.h
+--- filedesc.h	1999/08/29 16:32:22	1.15.2.1
++++ filedesc.h	2000/01/20 21:39:29
+@@ -139,6 +139,7 @@
+ int	fsetown __P((pid_t, struct sigio **));
+ void	funsetown __P((struct sigio *));
+ void	funsetownlst __P((struct sigiolst *));
++void	setugidsafety __P((struct proc *p));
+ #endif
+ 
+ #endif
+Index: kern/kern_descrip.c
+===================================================================
+RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_descrip.c,v
+retrieving revision 1.58.2.3
+diff -u -r1.58.2.3 kern_descrip.c
+--- kern_descrip.c	1999/11/18 08:09:08	1.58.2.3
++++ kern_descrip.c	2000/01/20 21:40:00
+@@ -984,6 +984,62 @@
+ }
+ 
+ /*
++ * For setuid/setgid programs we don't want to people to use that setuidness
++ * to generate error messages which write to a file which otherwise would
++ * otherwise be off limits to the proces.
++ *
++ * This is a gross hack to plug the hole.  A better solution would involve
++ * a special vop or other form of generalized access control mechanism.  We
++ * go ahead and just reject all procfs file systems accesses as dangerous.
++ *
++ * Since setugidsafety calls this only for fd 0, 1 and 2, this check is
++ * sufficient.  We also don't for setugidness since we know we are.
++ */
++static int
++is_unsafe(struct file *fp)
++{
++	if (fp->f_type == DTYPE_VNODE && 
++	    ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS)
++		return (1);
++	return (0);
++}
++
++/*
++ * Make this setguid thing safe, if at all possible.
++ */
++void
++setugidsafety(p)
++	struct proc *p;
++{
++	struct filedesc *fdp = p->p_fd;
++	struct file **fpp;
++	char *fdfp;
++	register int i;
++
++	/* Certain daemons might not have file descriptors. */
++	if (fdp == NULL)
++		return;
++
++	fpp = fdp->fd_ofiles;
++	fdfp = fdp->fd_ofileflags;
++	for (i = 0; i <= fdp->fd_lastfile; i++, fpp++, fdfp++) {
++		if (i > 2)
++			break;
++		if (*fpp != NULL && is_unsafe(*fpp)) {
++			if (*fdfp & UF_MAPPED)
++				(void) munmapfd(p, i);
++			(void) closef(*fpp, p);
++			*fpp = NULL;
++			*fdfp = 0;
++			if (i < fdp->fd_freefile)
++				fdp->fd_freefile = i;
++		}
++	}
++	while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL)
++		fdp->fd_lastfile--;
++}
++
++/*
+  * Close any files on exec?
+  */
+ void
+Index: kern/kern_exec.c
+===================================================================
+RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_exec.c,v
+retrieving revision 1.93.2.3
+diff -u -r1.93.2.3 kern_exec.c
+--- kern_exec.c	1999/08/29 16:25:58	1.93.2.3
++++ kern_exec.c	2000/01/20 21:39:29
+@@ -281,6 +281,7 @@
+ 		if (attr.va_mode & VSGID)
+ 			p->p_ucred->cr_gid = attr.va_gid;
+ 		setsugid(p);
++		setugidsafety(p);
+ 	} else {
+ 		if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
+ 		    p->p_ucred->cr_gid == p->p_cred->p_rgid)
diff --git a/share/security/patches/SA-00:02/procfs.patch.asc b/share/security/patches/SA-00:02/procfs.patch.asc
new file mode 100644
index 0000000000..a4c821015d
--- /dev/null
+++ b/share/security/patches/SA-00:02/procfs.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.3ia
+
+iQCVAwUAOIeGS1UuHi5z0oilAQH9fQP9FZux7s1+AG5B/iULG2gA5ZU6G9dGX77n
+BlNuuiIru24NdDYS4D+ckr6DZHBfsEUAcYi40fjI+GDryuaYZw7zHvuiauNgafQM
+BGjP5nA2d2Uwzjy0KtwlHeosJ43rN7YBHUeiG54iDtakaRajT7hp+oabLRXHta6z
+Cs/4Sg2k1RE=
+=MpfY
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:17/libmytinfo.patch b/share/security/patches/SA-00:17/libmytinfo.patch
new file mode 100644
index 0000000000..fcca8080d4
--- /dev/null
+++ b/share/security/patches/SA-00:17/libmytinfo.patch
@@ -0,0 +1,25 @@
+Index: findterm.c
+===================================================================
+RCS file: /usr/cvs/src/lib/libmytinfo/Attic/findterm.c,v
+retrieving revision 1.3
+diff -u -r1.3 findterm.c
+--- findterm.c	1997/08/13 01:21:36	1.3
++++ findterm.c	2000/04/25 16:58:19
+@@ -242,7 +242,7 @@
+ 			} else {
+ 				s = path->file;
+ 				d = buf;
+-				while(*s != '\0' && *s != ':')
++				while(*s != '\0' && *s != ':' && d - buf < MAX_LINE - 1)
+ 					*d++ = *s++;
+ 				*d = '\0';
+ 				if (_tmatch(buf, name)) {
+@@ -259,7 +259,7 @@
+ 			} else {
+ 				s = path->file;
+ 				d = buf;
+-				while(*s != '\0' && *s != ',')
++				while(*s != '\0' && *s != ',' && d - buf < MAX_LINE - 1)
+ 					*d++ = *s++;
+ 				*d = '\0';
+ 				if (_tmatch(buf, name)) {
diff --git a/share/security/patches/SA-00:17/libmytinfo.patch.asc b/share/security/patches/SA-00:17/libmytinfo.patch.asc
new file mode 100644
index 0000000000..0b59297d43
--- /dev/null
+++ b/share/security/patches/SA-00:17/libmytinfo.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.3ia
+
+iQCVAwUAORd4FFUuHi5z0oilAQFzoAP8C5qyJYm8BNHhN94f9R9pS2uK0xFHd7bq
+M9ywC64FaJRKtlWxt4R8SvewuTM4rOFw1VwbXT6g8bL1tA2etYmKh5fY/GAmrlAx
+WCUw2Y8O1i5lBLSaJtinOOGzx9/uR+Ig63zFyg4eZBeVSE/9drC+t3ERwmwCewEo
+98LRakEsV7I=
+=pN1t
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:19/semconfig.patch b/share/security/patches/SA-00:19/semconfig.patch
new file mode 100644
index 0000000000..5b9d59d1cf
--- /dev/null
+++ b/share/security/patches/SA-00:19/semconfig.patch
@@ -0,0 +1,285 @@
+--- sys/kern/syscalls.master	2000/01/19 06:01:07	1.72
++++ sys/kern/syscalls.master	2000/05/01 11:15:10	1.72.2.1
+@@ -342,7 +342,7 @@
+ 221	STD	BSD	{ int semget(key_t key, int nsems, int semflg); }
+ 222	STD	BSD	{ int semop(int semid, struct sembuf *sops, \
+ 			    u_int nsops); }
+-223	STD	BSD	{ int semconfig(int flag); }
++223	UNIMPL	NOHIDE	semconfig
+ 224	STD	BSD	{ int msgctl(int msqid, int cmd, \
+ 			    struct msqid_ds *buf); }
+ 225	STD	BSD	{ int msgget(key_t key, int msgflg); }
+--- sys/kern/init_sysent.c	2000/01/19 06:02:29	1.79
++++ sys/kern/init_sysent.c	2000/05/01 11:15:56	1.79.2.1
+@@ -243,7 +243,7 @@
+ 	{ 4, (sy_call_t *)__semctl },			/* 220 = __semctl */
+ 	{ 3, (sy_call_t *)semget },			/* 221 = semget */
+ 	{ 3, (sy_call_t *)semop },			/* 222 = semop */
+-	{ 1, (sy_call_t *)semconfig },			/* 223 = semconfig */
++	{ 0, (sy_call_t *)nosys },			/* 223 = semconfig */
+ 	{ 3, (sy_call_t *)msgctl },			/* 224 = msgctl */
+ 	{ 2, (sy_call_t *)msgget },			/* 225 = msgget */
+ 	{ 4, (sy_call_t *)msgsnd },			/* 226 = msgsnd */
+--- sys/kern/syscalls.c	2000/01/19 06:02:29	1.71
++++ sys/kern/syscalls.c	2000/05/01 11:15:56	1.71.2.1
+@@ -230,7 +230,7 @@
+ 	"__semctl",			/* 220 = __semctl */
+ 	"semget",			/* 221 = semget */
+ 	"semop",			/* 222 = semop */
+-	"semconfig",			/* 223 = semconfig */
++	"#223",			/* 223 = semconfig */
+ 	"msgctl",			/* 224 = msgctl */
+ 	"msgget",			/* 225 = msgget */
+ 	"msgsnd",			/* 226 = msgsnd */
+--- sys/kern/sysv_ipc.c	2000/02/29 22:58:59	1.13
++++ sys/kern/sysv_ipc.c	2000/05/01 11:15:56	1.13.2.1
+@@ -107,15 +107,6 @@
+ semsys(p, uap)
+ 	struct proc *p;
+ 	struct semsys_args *uap;
+-{
+-	sysv_nosys(p, "SYSVSEM");
+-	return nosys(p, (struct nosys_args *)uap);
+-};
+-
+-int
+-semconfig(p, uap)
+-	struct proc *p;
+-	struct semconfig_args *uap;
+ {
+ 	sysv_nosys(p, "SYSVSEM");
+ 	return nosys(p, (struct nosys_args *)uap);
+--- sys/kern/sysv_sem.c	2000/04/02 08:47:08	1.24.2.1
++++ sys/kern/sysv_sem.c	2000/05/01 11:15:56	1.24.2.2
+@@ -26,8 +26,6 @@
+ int semget __P((struct proc *p, struct semget_args *uap));
+ struct semop_args;
+ int semop __P((struct proc *p, struct semop_args *uap));
+-struct semconfig_args;
+-int semconfig __P((struct proc *p, struct semconfig_args *uap));
+ #endif
+ 
+ static struct sem_undo *semu_alloc __P((struct proc *p));
+@@ -38,7 +36,7 @@
+ /* XXX casting to (sy_call_t *) is bogus, as usual. */
+ static sy_call_t *semcalls[] = {
+ 	(sy_call_t *)__semctl, (sy_call_t *)semget,
+-	(sy_call_t *)semop, (sy_call_t *)semconfig
++	(sy_call_t *)semop
+ };
+ 
+ static int	semtot = 0;
+@@ -47,8 +45,6 @@
+ static struct sem_undo *semu_list; 	/* list of active undo structures */
+ int	*semu;			/* undo structure pool */
+ 
+-static struct proc *semlock_holder = NULL;
+-
+ void
+ seminit(dummy)
+ 	void *dummy;
+@@ -87,64 +83,12 @@
+ 	} */ *uap;
+ {
+ 
+-	while (semlock_holder != NULL && semlock_holder != p)
+-		(void) tsleep((caddr_t)&semlock_holder, (PZERO - 4), "semsys", 0);
+-
+ 	if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0]))
+ 		return (EINVAL);
+ 	return ((*semcalls[uap->which])(p, &uap->a2));
+ }
+ 
+ /*
+- * Lock or unlock the entire semaphore facility.
+- *
+- * This will probably eventually evolve into a general purpose semaphore
+- * facility status enquiry mechanism (I don't like the "read /dev/kmem"
+- * approach currently taken by ipcs and the amount of info that we want
+- * to be able to extract for ipcs is probably beyond what the capability
+- * of the getkerninfo facility.
+- *
+- * At the time that the current version of semconfig was written, ipcs is
+- * the only user of the semconfig facility.  It uses it to ensure that the
+- * semaphore facility data structures remain static while it fishes around
+- * in /dev/kmem.
+- */
+-
+-#ifndef _SYS_SYSPROTO_H_
+-struct semconfig_args {
+-	semconfig_ctl_t	flag;
+-};
+-#endif
+-
+-int
+-semconfig(p, uap)
+-	struct proc *p;
+-	struct semconfig_args *uap;
+-{
+-	int eval = 0;
+-
+-	switch (uap->flag) {
+-	case SEM_CONFIG_FREEZE:
+-		semlock_holder = p;
+-		break;
+-
+-	case SEM_CONFIG_THAW:
+-		semlock_holder = NULL;
+-		wakeup((caddr_t)&semlock_holder);
+-		break;
+-
+-	default:
+-		printf("semconfig: unknown flag parameter value (%d) - ignored\n",
+-		    uap->flag);
+-		eval = EINVAL;
+-		break;
+-	}
+-
+-	p->p_retval[0] = 0;
+-	return(eval);
+-}
+-
+-/*
+  * Allocate a new sem_undo structure for a process
+  * (returns ptr to structure or NULL if no more room)
+  */
+@@ -873,17 +817,6 @@
+ 	register struct sem_undo **supptr;
+ 	int did_something;
+ 
+-	/*
+-	 * If somebody else is holding the global semaphore facility lock
+-	 * then sleep until it is released.
+-	 */
+-	while (semlock_holder != NULL && semlock_holder != p) {
+-#ifdef SEM_DEBUG
+-		printf("semaphore facility locked - sleeping ...\n");
+-#endif
+-		(void) tsleep((caddr_t)&semlock_holder, (PZERO - 4), "semext", 0);
+-	}
+-
+ 	did_something = 0;
+ 
+ 	/*
+@@ -898,7 +831,7 @@
+ 	}
+ 
+ 	if (suptr == NULL)
+-		goto unlock;
++		return;
+ 
+ #ifdef SEM_DEBUG
+ 	printf("proc @%08x has undo structure with %d entries\n", p,
+@@ -955,14 +888,4 @@
+ #endif
+ 	suptr->un_proc = NULL;
+ 	*supptr = suptr->un_next;
+-
+-unlock:
+-	/*
+-	 * If the exiting process is holding the global semaphore facility
+-	 * lock then release it.
+-	 */
+-	if (semlock_holder == p) {
+-		semlock_holder = NULL;
+-		wakeup((caddr_t)&semlock_holder);
+-	}
+ }
+
+--- sys/sys/sem.h	1999/12/29 04:24:46	1.20
++++ sys/sys/sem.h	2000/05/01 11:15:58	1.20.2.1
+@@ -163,13 +163,5 @@
+  * Process sem_undo vectors at proc exit.
+  */
+ void	semexit __P((struct proc *p));
+-
+-/*
+- * Parameters to the semconfig system call
+- */
+-typedef enum {
+-	SEM_CONFIG_FREEZE,	/* Freeze the semaphore facility. */
+-	SEM_CONFIG_THAW		/* Thaw the semaphore facility. */
+-} semconfig_ctl_t;
+ #endif /* _KERNEL */
+ 
+--- sys/sys/syscall-hide.h	2000/01/19 06:02:31	1.65
++++ sys/sys/syscall-hide.h	2000/05/01 11:15:58	1.65.2.1
+@@ -191,7 +191,6 @@
+ HIDE_BSD(__semctl)
+ HIDE_BSD(semget)
+ HIDE_BSD(semop)
+-HIDE_BSD(semconfig)
+ HIDE_BSD(msgctl)
+ HIDE_BSD(msgget)
+ HIDE_BSD(msgsnd)
+--- sys/sys/syscall.h	2000/01/19 06:02:31	1.69
++++ sys/sys/syscall.h	2000/05/01 11:15:59	1.69.2.1
+@@ -196,7 +196,6 @@
+ #define	SYS___semctl	220
+ #define	SYS_semget	221
+ #define	SYS_semop	222
+-#define	SYS_semconfig	223
+ #define	SYS_msgctl	224
+ #define	SYS_msgget	225
+ #define	SYS_msgsnd	226
+--- sys/sys/syscall.mk	2000/01/19 06:07:34	1.23
++++ sys/sys/syscall.mk	2000/05/01 11:15:59	1.23.2.1
+@@ -148,7 +148,6 @@
+ 	__semctl.o \
+ 	semget.o \
+ 	semop.o \
+-	semconfig.o \
+ 	msgctl.o \
+ 	msgget.o \
+ 	msgsnd.o \
+--- sys/sys/sysproto.h	2000/01/19 06:02:31	1.59
++++ sys/sys/sysproto.h	2000/05/01 11:16:00	1.59.2.1
+@@ -662,9 +662,6 @@
+ 	struct sembuf *	sops;	char sops_[PAD_(struct sembuf *)];
+ 	u_int	nsops;	char nsops_[PAD_(u_int)];
+ };
+-struct	semconfig_args {
+-	int	flag;	char flag_[PAD_(int)];
+-};
+ struct	msgctl_args {
+ 	int	msqid;	char msqid_[PAD_(int)];
+ 	int	cmd;	char cmd_[PAD_(int)];
+@@ -1158,7 +1155,6 @@
+ int	__semctl __P((struct proc *, struct __semctl_args *));
+ int	semget __P((struct proc *, struct semget_args *));
+ int	semop __P((struct proc *, struct semop_args *));
+-int	semconfig __P((struct proc *, struct semconfig_args *));
+ int	msgctl __P((struct proc *, struct msgctl_args *));
+ int	msgget __P((struct proc *, struct msgget_args *));
+ int	msgsnd __P((struct proc *, struct msgsnd_args *));
+--- usr.bin/ipcs/ipcs.c	1999/12/29 05:05:32	1.12
++++ usr.bin/ipcs/ipcs.c	2000/05/01 10:51:37	1.12.2.1
+@@ -56,7 +56,6 @@
+ struct shminfo	shminfo;
+ struct shmid_ds	*shmsegs;
+ 
+-int	semconfig __P((int,...));
+ void	usage __P((void));
+ 
+ static struct nlist symbols[] = {
+@@ -420,11 +419,6 @@
+ 			    seminfo.semaem);
+ 		}
+ 		if (display & SEMINFO) {
+-			if (semconfig(SEM_CONFIG_FREEZE) != 0) {
+-				perror("semconfig");
+-				fprintf(stderr,
+-				    "Can't lock semaphore facility - winging it...\n");
+-			}
+ 			kvm_read(kd, symbols[X_SEMA].n_value, &sema, sizeof(sema));
+ 			xsema = malloc(sizeof(struct semid_ds) * seminfo.semmni);
+ 			kvm_read(kd, (u_long) sema, xsema, sizeof(struct semid_ds) * seminfo.semmni);
+@@ -470,8 +464,6 @@
+ 					printf("\n");
+ 				}
+ 			}
+-
+-			(void) semconfig(SEM_CONFIG_THAW);
+ 
+ 			printf("\n");
+ 		}
diff --git a/share/security/patches/SA-00:19/semconfig.patch.asc b/share/security/patches/SA-00:19/semconfig.patch.asc
new file mode 100644
index 0000000000..2f7f89f730
--- /dev/null
+++ b/share/security/patches/SA-00:19/semconfig.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUAOSrRUFUuHi5z0oilAQGgYQQAn9T3+cF/21pNGoGBruTws7QRopIomccF
+z4aZiJZEwJLvLWDFuIeIgVUJtT9Xj/MWJVEgjaLEF8MOZgKqkPlouxkgNwwH15bs
+PtpMt38kzVwtcVChbP7PoF0ufgEY12IFpMrllcI3sWg4Dvyuw+bIicVulnrR5U4L
+JG8tNGgy4Xw=
+=9TbQ
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:23/ip-options.diff b/share/security/patches/SA-00:23/ip-options.diff
new file mode 100644
index 0000000000..8e781fd7dc
--- /dev/null
+++ b/share/security/patches/SA-00:23/ip-options.diff
@@ -0,0 +1,71 @@
+Index: ip_icmp.c
+===================================================================
+RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v
+retrieving revision 1.39
+diff -u -r1.39 ip_icmp.c
+--- ip_icmp.c	2000/01/28 06:13:09	1.39
++++ ip_icmp.c	2000/06/08 15:26:39
+@@ -662,8 +662,11 @@
+ 			    if (opt == IPOPT_NOP)
+ 				    len = 1;
+ 			    else {
++				    if (cnt < IPOPT_OLEN + sizeof(*cp))
++					    break;
+ 				    len = cp[IPOPT_OLEN];
+-				    if (len <= 0 || len > cnt)
++				    if (len < IPOPT_OLEN + sizeof(*cp) ||
++				        len > cnt)
+ 					    break;
+ 			    }
+ 			    /*
+Index: ip_input.c
+===================================================================
+RCS file: /ncvs/src/sys/netinet/ip_input.c,v
+retrieving revision 1.130
+diff -u -r1.130 ip_input.c
+--- ip_input.c	2000/02/23 20:11:57	1.130
++++ ip_input.c	2000/06/08 15:25:46
+@@ -1067,8 +1067,12 @@
+ 		if (opt == IPOPT_NOP)
+ 			optlen = 1;
+ 		else {
++			if (cnt < IPOPT_OLEN + sizeof(*cp)) {
++				code = &cp[IPOPT_OLEN] - (u_char *)ip;
++				goto bad;
++			}
+ 			optlen = cp[IPOPT_OLEN];
+-			if (optlen <= 0 || optlen > cnt) {
++			if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) {
+ 				code = &cp[IPOPT_OLEN] - (u_char *)ip;
+ 				goto bad;
+ 			}
+@@ -1174,6 +1178,10 @@
+ 			break;
+ 
+ 		case IPOPT_RR:
++			if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
++				code = &cp[IPOPT_OFFSET] - (u_char *)ip;
++				goto bad;
++			}
+ 			if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
+ 				code = &cp[IPOPT_OFFSET] - (u_char *)ip;
+ 				goto bad;
+Index: ip_output.c
+===================================================================
+RCS file: /ncvs/src/sys/netinet/ip_output.c,v
+retrieving revision 1.99
+diff -u -r1.99 ip_output.c
+--- ip_output.c	2000/03/09 14:57:15	1.99
++++ ip_output.c	2000/06/08 15:27:08
+@@ -1302,8 +1302,10 @@
+ 		if (opt == IPOPT_NOP)
+ 			optlen = 1;
+ 		else {
++			if (cnt < IPOPT_OLEN + sizeof(*cp))
++				goto bad;
+ 			optlen = cp[IPOPT_OLEN];
+-			if (optlen <= IPOPT_OLEN || optlen > cnt)
++			if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
+ 				goto bad;
+ 		}
+ 		switch (opt) {
diff --git a/share/security/patches/SA-00:23/ip-options.diff.asc b/share/security/patches/SA-00:23/ip-options.diff.asc
new file mode 100644
index 0000000000..4df8da30ce
--- /dev/null
+++ b/share/security/patches/SA-00:23/ip-options.diff.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUAOUneq1UuHi5z0oilAQHwgwQAov+zPJolPt2+SXJ5L7jzQqFjyOtaqi+m
+1Ml+C+8eLptWfZtu2+Jdm3hON+PY57T5AEKyJzLaTBwZshv2yYAiqLmukBmJEFdy
+lsDyA/Zl77v+jzMtV4k/FvfdxH0S6NKMAKdxtzrqh5KzKYmrXdnVbNmjcdJ6c34K
+/734lHAJaEw=
+=+RZn
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:24/libedit.patch b/share/security/patches/SA-00:24/libedit.patch
new file mode 100644
index 0000000000..e154405bd6
--- /dev/null
+++ b/share/security/patches/SA-00:24/libedit.patch
@@ -0,0 +1,20 @@
+--- el.c	1999/08/20 01:17:12	1.6
++++ el.c	2000/05/22 06:01:31	1.8
+@@ -290,13 +294,10 @@
+     char *ptr, path[MAXPATHLEN];
+ 
+     if (fname == NULL) {
+-	fname = &elpath[1];
+-	if ((fp = fopen(fname, "r")) == NULL) {
+-	    if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL)
+-		return -1;
+-	    (void)snprintf(path, sizeof(path), "%s%s", ptr, elpath);
+-	    fname = path;
+-	}
++	if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL)
++	    return -1;
++	(void) snprintf(path, sizeof(path), "%s%s", ptr, elpath);
++	fname = path;
+     }
+ 
+     if ((fp = fopen(fname, "r")) == NULL)
diff --git a/share/security/patches/SA-00:24/libedit.patch.asc b/share/security/patches/SA-00:24/libedit.patch.asc
new file mode 100644
index 0000000000..7e54701059
--- /dev/null
+++ b/share/security/patches/SA-00:24/libedit.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOWGnSFUuHi5z0oilAQFE5AP9HQuDGMTki2errGwWys5iBPcuXieIEw4d
+u1HX3HE2/T1a2FkJsknO9V3UuRQZ4EkZhYc6z7I+9OEh8iTIzMqAByfMSBoc57A3
+h30bOQQBKm/tXUqvNmlBsA7CTK10B4UZXL/cnmCm9ckVIqQIwgJ/T3VGTaaksCan
+rE4cjCSNikY=
+=GktL
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:25/kernel.gz b/share/security/patches/SA-00:25/kernel.gz
new file mode 100644
index 0000000000000000000000000000000000000000..1c2542cd339ca0710995633592fce455c0ddd149
GIT binary patch
literal 1586756
zcmWJsi9ZwmA1-Gos}#vGQmGV`B!-2g603assT}*3Bq?$Zv&~T{aw`?vi1IDR5+%nr
zl3dx`w{0;t=f*a>x1Yb@^Lc&V@7Mczp7-;7fN5K{?ETlwMnN$+AUq`C;ie_D+M5wi
zvAhfc5fkDkbe0$YoN^ziwYXmp{qD5)hiey7UtGE9)VJ@W@`1cVE+<|;cY1v&)$w`G
z_Wt+8x8y~s9T@?2_{f&XiHj)dT*Dc(7>t^DockuP#hx5aIXP@Q*XT9p;G
z!N*=T?n7m*6iYm5p_^DY1sR)giDuY>aB{1)4N;2NCGc{p``1AXcNqfkPPE(nG-Re9
zzKSWN&kb6
zF?E~#9ETUsU#oD=b~$N&VOEFU@GNqFWP>L`eeLKIvh`?X>7we|S!-bQne)QXLTpB<
zj|&Z$g-r1!sD^6Hx~__^(-&>U7&0rr3lQEI-NJHBpw7_=dJXCNQ#IGnz!Bfhv@xY6&p>=baz3@D)saOi-+B
z4}rQ0%9Nz-^|~0Sh|6M;+tJgb0s7&R1tj?I?=)O7UpbnnVq^B6p}D|Hm`f|wD&}Yk
zGOx*ed$1QYIAR=~xDPzox%#Ar9JvJAC3HB8RUY(Om7pq6>g@4eZ%Dmr2RX}Ul(Umv
z*BV$lH^M|HA+gE)8t<~}&aBVI$e1_bUY?mcXYkbCA0Bb0F{{09s>CM)Fw=0nro@|0
zEUazf#Y6+wkV+Emg&O;{Q_;~53X+?hkb0KW0(`HieTJxb
zs7|{9_Jj)vNVIk#VAY|L2C@a7Oh#|YnGvrL)@5De_9?
z-ex0B?8#$~6hshZ`7Q4JW}@5V4=;V9xc?jOb8mXq?`+w^(v4jW-)bFPWFfSka~OPc
znj%;gIdYb-fRw+b7MOV1aL=S0uoQ?k!o*%w`dUg0_ycl}0N)X-4sPfgGcGHzs4bq%
zC$WG%EEH6fDhwYD%sdxvzTZuzl8is=PYV4A(7k+XVxA8Fnjnc_Cp?A$sr(U
zB#cg+6wTOZTfoQ4C)U94u1OZ_TMC#R`{^I`y(ya45Z*i|l7
z_qi3SSctFCKLpJ)Kzfc2@ozJ)Z*s6M#da#=ZwT<2KKM^Wi{ctxhnbH2rz`jAjW4+;
zx(uFCF1OkD)nI}{(~9|zR=}+MgP*6$k=dLGua&qFO{6o?HxEwY%>ayH$LP|n4U5jx
z*EoZr*^o8>rcaa{Z^pxp9tMWzIa5|gBld;cZUWOPus#+oW(FWyp%OD`JP7GujM7f%fJ
zSf~Dodw!mzchT!k+3={pStKJD!}#5Jjr~@$=|qfs@c@RZnzjB!zNH7!Ta#M?uP;w|
zmKVBB`aVxQ&NCbHK^h75E(A7G-JI((=h8aR3HBZh>%B?w%Iw^tkzSsTvy%kBPjKwN
zeB}&efFLs}-0+uScMF!e^i3ny;VJ7%PqMH0=x>&Cv9*Ded;pvxxmQ_NEZ#{RDT+7l
zFR=2cm&wBfNJV@Si5&WjVjtqyrx>Rvz(;oc$W|iW;wpl3<}~K>Gnv3Vkec-41J_#?
z{v+2qs780~EjJ7PN5`Wj7I{S7SVBI!dL)F2JYTQsD}GqYi+V19_+GL#9VKXe$UOR9
za)p-rrM)Z_cm_O06ObQs`WA~LN`4z~gK2cLi^x4|yH$zDgyJu)A4-F(A&7K65@6*o
z-#Z((UFg+;J4?R1zzLw$HN*B0sUKrY)`x0W95bO=f!k*}C9GU}+J(^m{gpG#@OKhJ
z`h>^$CQzU$S`nK)TDMa~NYxh>dtO~VHxdFm%ilR-74AvCQ_rifTfKJpmiX%3XdAV%T
z11awp-nJ1C)TVACiNiQgU$G%mB99edR3#_6kc`$bby934vPAw)x)aIOrDJB6K`7^t3_>*
z#dbuL=wUG*(b|vK92C%?Vo!DH=S2P)N!($>m%bsJVf^0JH(Vv3LJJw&j(B0ZB?53^2{`dZUL@6s6q(P4*{*sYZ*;xz2W#sbtN7SBS|qYa<<+0+uZqScd}
zS*mmgWdpR?+m-RwJIjIDud^^Tdk9h|61NZU7#7`wlE}8s0-9mRxcp#Bih=D}T<$Qo
zSNK%IOLeoU_jeu+M57G=4OE?0i{YNSjJsn0IBx@dT2}ds0c$5&!ni>UZ#UT#Kh85X
z_y%|e_5BaAqhGrtc8}EJS4Lfstn|ztE~~{4f05ctc%qj{D3Js=b4*;_m-!|PFNvSJ
zlwvA(?r8d|5NX&a=^2`E>Fr6MRLq`%FRkl}JhXsIC~!~!bDP(s!(A%PnpQK(ia6|b
zeHFfzo(%)WO%+F&cZe}1)ZarW7#&!|I}?3q6J?0~i6(h?G;aAEsgMqiM#2i{##2?C
z9Y}k%rWX=r5JesTtO`Zk7V8ixI{}CZY|9klKal>~NV?JBJkP=bp?JRlI4ElF6FMy`
zfd%T4I|8?Wwws5np$s#9^lPR!Q2eqFsT=8Mgd$AGje|!dH#nykRt=cM5<%mDnLz`T
z=K5j~evC;xYuhz6V#~y9QpqiF&sDP?)CJ-|oK30pz>y56aR+)lbz6ub_oQTDA5{rS
zRYGG(Kxn%mESS1SYI4h>UM94oKmW_e3heWPU8(-WJM1ZC>DLbacarygV0O6uP$nC0
zE%>8q(Kroaelq|QF0S{>%q8Tg^}SmuC+JnhXUyXd+Q2hZi}M=K#SMTQ&!YN~=A*IWGZLEz-iZkYxHiee_)(R}Ei!@Iewvj7g3d)3{n9(
z@|&x%fvmqBtJ?)$!D!X^51iK7ywHpGJ__-bq{9kC1$>n%#eG>3?z8(^=5jGsi;!uH
z7`bnd-qc>~`D+Z9IcGDvs>8jx)eqI5)Df{IHvfsh{{#bK;QSj4s3n96pvkCTV>M;n
zuxQR|aIM8QJSA1@YE>y|>hMa@>J(1TS1kECR-UQ{{@P8T%_glx()H+cQk5WkK>Vn!
zz1G6L-tAk)LA;IwtQ&A4a6aBH(r**aoO|htd|QIGD`AV!P9QCz9ed&zO^^RI_SdRE
ztoNpd%rlR8{H`qSRkBWi`Mo{8&f;pw=iiEzs)xZ>
z8DD9hHyK`s_^(R5MurwQ3o?JnT-W5Wa`FCIoDo9L=D{?I=oo4*ydePg+Fob;%wiz~
z_U~mn!puduF7wnc0_=!kS(N=cRAcJWEkHw@g%MbhxLdLyj;Wjm(56_Tvaok4p7IIb
z#$d)$V=oGlNa%@N!PeT(-YXudH0B+55}U9Q9vsNphp8s3-SQY6dsNa&AdOlU)fhaI
z-xBzB5r<5sXwx66qNhA4fj;$*2E9X;S=R`aB)H%Vv1US}*J7SKv32TgDlmzkP2$W;
zv_(@defU?Z0PznTVPDo4JAu>ug4JZd4!rZKSKCxadlqVBo~RjXnBo_WhB>Yj9I{U0
zdZJUFc^q4FDdObSz;>f2Hc=o9ft74c-Q*
z#*b)bZI!1KqWvP*f3(m0Zj%AeGL*krGHZK9HfaEiMLV$36Z@*j^H(KUo9Uy#H8hf+
z7VMy@_6DAgBN<7RY^eS9;a&2}Nb~57VdQH
zzZrfE*QYAxJ?T*b|MU26wzUBf;3JRL5Yz6XWZ=u)4!5
zBw;~Wn0uK2i8G@=dO}CEWVEa^ZQ91gSFEFJv5vO4sMsv<6Mc#Xtx^I#T60xD5170a18iToW6C@kj?4+?M+U({$kY5JRQAfW+*Rb0wfu)Y-D383S)SojPu?l7Cw7!YX^VDE^Xo`i
zlt1!fWaDuq%;RUgPXTK$AIdGc^J436;-y+JMPnm1jrqmQ!GD5qu!D6sCIMf)TIi>ejS(@hSKnCw81B|1CfC>;*w!jwo0v7Jf*uJpVwW8*h}Em
z6p7yrz)K{et-^Tvh*pN5>o-06D2ZhuaRJAttr-|#12QO=(bjg(4thR>7bU3Ok+wMp
z7bTCjY=~utd~TcEc=4k|1{ym`f48o~$luYm&FE3L!dF5`zM??6R4*&gr$d}T8%d!vz?g?d^{G)s@nbL5S
zJr^ufrcTqnZJP>7=9Mj(-ATwa%Ubz_xxBa=2X@92`|a=Ae0@W$kH5%n2gRnObU;ac
zp>u2GCxWYn>DI>K?kOb9b|J&I0cO*rv<8v4AuA~0L6kkuTHF_BJPYm!yEhBAb8b?8
zS0+F<&xV@X&oV#mW4M(n|A&>V6uMSh<}oyxJ|5$3W4ATAHBWmdSZjSZ*@$Lb4e1K$
zR0&Jp^vf{9MP>?WdeawrG!5)}eyE$4JoIyOu;@R>&-qD%y
zA9=T)BUU2V1_bI(1FtFt$?r3gg(}MTGa@TV{6wGc?mPV54a7W28a=lYkQh2q7muMh>HRiKT0PmZ$82+4vy
zlX*@2<*60R2X*@!?SD}Ko4|jW*nK$vz+h)V9ZAR+C7w2(9r(%&{NI__Yr9oDoG^Yj
z2M07Hl#Wc6@vOFu;6Rmwx)J#*3Y;_S>_Hhx1Zw{EQWNx)Dm%01o{SpngxgJbrT??n
zDYPP2o+Xx&^igC0vQ%Q=fXRCbbx0m3D%6
zIiV6t#6H?0#0Ez%_If7Cv*ad+Wk5510vWEMAmMM5_D7?iju27m@w!2#G>|0DW%W=X
zwgBw|&cbYxhxEJo)c-S8(9McMH>Eo-!4VgvfBItfiQ-iJ8V6F!yHJZY+>A?3ocNr6RcChyPcVxQq&BPl{2i_0tOOV3msg2L2+Iz
zJkx=_JIG0P_HkYYrA`6oA~K8SEkK
ztCAFymI)ELCEh>hi9U-;{TdhZf3kA7!x7Ko{RhEaeyJ8uxq4-%C}+Ls5qHW6d2okP
z$xLtPseiVM5i?7k-uw)k7;oBC7HpSLt8^d|TDv0TFM_7ZUb!^>
zP-$v(qDv2_#gb;ssk+3fJ$D%QO(CFuX`D6rRe4^U*fGF~s|Uc7;^bFYb5EG{)V_Kn
zKDAulltFP9TtDzll@VBHi-#u2gPWlvAY$I4lgNDj-qgf7MEU{Z)O^^EaC^oA?<9?J
zre1q9mQL3ziPNl>|HEXI$kr0;Qcqpv81%PaD6?^R%9DPX@k~0^Ht%JmfjXv$3}Tx{
zMG{{lhQN!6^6lV?m8BtXj+T674_DO8x@H<^m9E8G
zUQwn{5Bm5LvyS{;YL&n`Je9V$KSaGTjO)ZD?jW=$TKq|Z9tf;!>|L}MXg(tc&|XFG
z8i)G|SX559u#Ef#PmYdm+$jq+A$J`W<>os{)@}QJjX8hYxemA*ZymgI5#N?8vn5(9
z$v)>UnoQ}vu)`&KJwNpxeyJGjC{Nh6u$I7A+eth-QUnch{`3@TpG^I3kI4<-&YxG|^
z>lO*Hg`&aka`?$cYY*3JDfWgQIw}^rqGpGX^^!((weujo5QqpJ!f&%ft;deSVgvMR+@QqCfV4qYI-=9@-d|l)?
z%O&02BJX)erVE4Dbc!dh^?zzm)s^MjG{Aiu$LE>b)Pi7qGtJ_Nsf-ZR8ty9gLv?En
z2?>e{Nv1-Lr;4Okm|Xso5H{mjFj0YoI?jC|)LYXNLMr@F1kSmU@!8ap(Z
zq!*Weg(dEk^^U3dZ5W5aQw3?hpM$BcER<7Vb`9*?c4DS#XniYrc10&nss49T-FAEa
zvs#uaFC_3eimU3U(}4Ly_MjN1roE>YR5gR%xt`^piiDfAyEaGMM?mT~XLwv+17>+V
z4iC@>f-P^TP6Vp7vdB_FXg(l~eg|B%-^QdQ6?*!DuGGcp%u>UN)XTzrbo^{F>W}cY
z`_e$?JhqhgcKRo~-k0?z0qV<2Jk!9~WZ@>tDwkjLARt!w#vZufzwpi6^A{jpJ?ng-
zvHWa11B8$87}s*(2oP35nq5+*sg&N(7b}islB+$zP89S_gMRbRKV%F_)&`~u(9b-q
z0~z8zj`p&m4QQ_OPGRHT`jl*xicLtEXmW-=!D3?060}oiaznDHPe*T`yFmQXHO9!u
zTK}Jq__6KCqF~aA@YT$Euh8_`%E#@(TbtzilDXzaP%K6jXAu2BW9l_?^{`+j5&&X<
zi^J`#`2x(44Ad3rtF+fO1Y)9*}=@c*js5N1bjl
zGv2e@tXHot{?&)LBzBKu>A_jfgy=Zz*f+6TA+kFPP?OAxj4S&=C2k2qakwk_oW;LY
zsD>vJf60vi^olZ^p1-GA=e{+`7ld8qc47|nV*iEx@7oOjcy#(dNK$8nQoaL2=S
z|8Pv`f*WC$U2Pok(>O9F{!)kJ^zRnbApC~$%t$~LC2nDAC*FUWiB_L4YhU!WL83Bi
zOIB2er8A?Sw#_21P9FG$gf)tM4Zjk5Z%`l2V^A!eQK>;cqZgO^+l3Btl-=|qeCehx
zNbVR2`8@LwZN7lq>VQ34XCesx(hl$K)R1h$2Tm_69zanJK4G<`vhEP?(0p|dV&|ND
zQ8&fFcQ_-c8UtW2lxj}FJl<7BSBURgc{mYIhQETzzV{Bnbfy;FgywPW*H{MrSU;M3
zZ{tmp2V)VTw6w8PWDFT|KHK#I&yBOUk`ah$X`8r=)Dut*7MsLFhklg8k)7lL2V0?r
zkMti^V!`?cF7n(3`D0aHtU-L{o%~Lc!`SY+C<$dCR)J?02UC^&ts-c&u=Mbt9oGO1
z8!=*0K=N!d5STHgUxUH0BEFu7Jg9?L91N*D%X$Qa49T9i61^A|S#@BZcV{Q@#NBwi
zXFkV@#V<*a&BV(yb?eH#q2_Ck29R~Rbx$c)&sYTws6CQ>w=#`FO^{^9#&RV-i_*9s
z@69q_K;H|by2RC8W1Y-$c;Q1$AS%ZIMv#UdkkQ60ctbvBZPDrXCxcXKE=v*n%>$=X
zT-V=HmWbNT{-^(*2l1|e^$W?mlWExN>nd|aLILRS#^Gg8Ysn+UHHz?;VKT3+4KL`b
zt*kq)xM!4tW|Dm(?1TL}jh|Tzwhz;=t%L_BxXfS_jdv7QpT(Sl8(cAwJY75fRY0i{9ZwDV0FR|ZN
z@aKyn4CV()-EJ2GB(BxYnlz2UjKmQW=p~lrQ#R{E*lx*tdUxacEf1=030d0}cOW`#
zL~MAAm_>?OF2>i4EcZ65#PSoNTWxM76B8ue63Vc!wJc;3bfoc0NCm}aSmMkYyN_>X
z0YJ8@yIsSV=g#*7E&$I}rN#xiuzDOV>L?L^lc?vGQ8}8k{J!4u&-{i{6sFIm4!i%%
zh~ky?Ahv2F@btVr44oMr>6$hCaqn9$U+FLC2^AW_
zW&QF?b6UWEr7TB^%DMoDz;2A8+RRj6ewLwLcsqt!6%1on*4elUzlicDP)dO@{
ziLkY?(6wGy&>r6J*-_Ar=vdWUfA_>Eg=e@i+R%81K2TvC){AvJ+;%L=Kz
zFKyaiPG0QbSseRQ
zAG7kGv{8KTrxn4x^OuFex3Kvymw)_OJ09-|;gX&NBVMhNVAXll*^0iST2--PGg=ue
zREsua4N7!XX$$-rg&Oi|_FQ@JPHhCgMBJPy`u6Bxd<_B8q1~+Y{nx#pWxM431|w(L
zKK@OiSpqO>f3Ft{I@qZ_8t7vZT=$aIe{#u^kKY8o$#Lm>@#vM>NIjR6SZ1yNMs0*2
zr=upjoPdkClHbf9CEPV(yrP-P^>fum?EfC_s9B!bpA6QL3=SBa{A&xY-XhAqq{K}t
z8of4Fd7TE1Lxn#&h{XKIbkI=|qy{Ho`;UJ~UU@}1f*)29Er_4LJag+K_+c<`P)9IN
zb5&R6c}u}0-N5mhi}JIwhw_ZNfN^6lTr;F7H!SqVGlOY|>gYoS_Rg}CS3!#zr;vVD
z@PAX9YM#9j_583l^Tb_DlryK^#n6Is73G7lOS=3+_n5C_kDI-yW-zj$VB&{3MOT#E
zlDT(JFkL^*uJ6FJdq0OVp(ccp{VLIdO!(cCi~O3ihErHrBP~}EzTkjSEke;6(_Z=o
zKP5V_wWf$)lw$_n5GVg0D5|+GP!t9HG)*LG#5g(8zzwDgT75RV1eKIn`%QNB&`pr5
zV1OMW#E3|!>xn^~9zYGNL=WKi>oVL=_W0p6mzwd2X6A@8BhYD$;%GV$uhskvN69C%aArN8?JaQ6x|
zdU~zDTGPr|UGG~U&mpIzw?XWII92Jzq-mR<#M8|7NYtg@pi$juOxWn~%njy#)WrDU
z$SK;VSXI?!7nZ&=IO=LIp_UkjjkAG8^p
zV`7nUoc&VzYoG4&V))H$+SKGa_Lv{r)JDJOL|@~VEZnN@rHJS
zwm9h>t2~3S{PO#*EkGS3A46P`}H@cE*SjH-989Z?QXRl?CNzU;uUtoJ~~`tk#X=
z=JV7bv->{2WZk!v99IYDAx;tsNL;y(wu5`T8UOT5n?CKZn{7cHGzauwz99+grG|p!
ztWNN9!1jAwAJllnY_^q7#fzsV6Hyrmh*l<&;aktVj-EkIeDHbF2`gMTI<
zoid1$^aTZY_>HP9^w(S2m!oX%sO&fD0lh^I)S$nW0>zKt@-W&0XXPoD67pxQ!+9!(
zR_3#ZYw5b%R0$J(y_XOPY=7Kmu|tr&a)9U*`C2({-moTE32X3DM-*bG9J9trv}=Ig
z&k#i4e=zsAJ0PV5-4nyzA9uhKLJ|VSNpA(b@jY^?CUOvf=sAPg!636!&UaUUu4Xrt@vQo=w5ri>n~XRalnZ5;@H}ImOs!NheRl!xxbWc;Y1$)rqmR@7}cI4l)hHZ-N>PXu+7E$DN
zmNe^6+~jsa**c!pp;rMDHS#=u6I`F!dm-kuHsxD?tJ;pOgk}re*)G{*8H+
zP-fRVTwC&zQ>(j1mc~ArhuoUg5S)K~>cnD_NAE=A)~_I3bcq6fR&&-+w?)iaoKur{Xg7ywYhP9_O!39TR<71
zPi0-d{w;LBu76qNFwo8AKwq$)n$mhXO0;Y_~|a=t<9QqS!l%za^4@{
zC@R&PHMj|E>}`~}{^*?oWPUq01zjDX*9TD_M-#jk4okKrPDN&}Zl`^+=2=QR_t3JR
z>=^+1p|MdtJ0~)yj0m4jeDs}EN9yX-#oiEjDiVU;0T_UB*69%>G^-G;)zidJm((tv
zeza8zxm#z_5>uvuCn#Vh&EH^|vfPr6x6@o(70L5lu)pF_PnjqY%!DWZY#yKjBtER1
zfM1!Gvy;F;=BXVHoXf)7@Ro>)XoO?pS~DGplwqkTCr6TU|rwiy^9Iu?H+I0PFJO-TdfxJD7_co=-29?SwICld_j6y
zx)W))xnGz)+rTjt}GgkUi=Z#Tz6n1ZXSSs^0xAiZNPIT
zc%X&rHKUBeWxjCxlYnF#7$$L^fJ-yyA%^C=1hEYJXoETx2^XmH1{tKmZC|eC*6G}l
zu|#!Tr$j8y_s#^X?ma51_9jcd&jwqww(HQJGtT3NJ-V*4UBB6vvX%UT{e-mf0%7yzKHyG44aK>s?)d75^N5}pzL7x9
za;YI^n;@wDmafqH63O6~e>TH~t#!loKOo#!@IkZ}!M`L6RFv$iO(Q3oTFeK|9ZLyF
zv8@o(3OM?rPQUNiqg&%6ycgvGq+$xxxatG^FuBFSM)Wr3UpvA4kX8@D8Akh*yd3i`
zGGngw#62mz&xYH|_eTBLEurhW_r$}i1t059%`7=Hck@yo=|DC^=jZA|Q)PJx1kwl8
zR%BNs$PkfekTWHkRb`%=_P;Cj;E&$oAoPUx6E^xDq^TO-fP)u|FL<#A>Tk1!ZQ`y^EqMqz(>HJ3c#
zoeq;hvneT%a&`2t4z)@`b%rW%H=a{GIx#S(_QYB}(->MXuP~G}~S!(z-5~Bh}{M$>JVWRxB
z?Z{^>TQ}+FR1#YTorTu*(_Hv{cF_!uXIpZF01Yp<7+|voW
z)2hiUqTD!|sZXEXsP$o;<^n~C-}tXus^(9!HoNCj#Dlgs?WezTQa9%?1ZQi2CoZqy
zf*;LAI3g$mh;ohj~P~^wI7&}MZ9BP
zUhto`wA_!n6zoq1WpUmV$f*ZxO}zIa@^=F^x}pGPe?*iVS0Met+o(0CTBijPG)aCr
z0^FQwOUy6kq|@IT`cLP&RtF|6G9q4|#SkizBMCY&^fbqNcAx)Iu;u^KYaBY7D5;X3
zRsmODfB9Bkt4-Z;I-_sf1`TMcgQ?A_C079bj@pKfMR9L*lH(!bIpIk%Cmto*_&#xO
zDo;UbNE{ElZ5Y|#trWh1Xb@kz4;@15ZN|iVcses|TKLGfxBWHK9TBHX@Kk-?+C
zvfm|P{XS*RlP6x&C!d1I5t{{{3X%oOTc+F;?dshtURe7bl)QD6f8xKv?TANiC-&o)
ztS`x;j{UL8vSAkVmgT?bw%;!?i`xKV1;m7o?n6nuR^&B}QR%exesYweyARBoUAxm!
zy5O5F?dRXm2`X!U0xhe10cIR=0e>+kRb-~VQeTpM_0~CeDF}F)w2{b*apDjTVzgAH
zcSR|?$1@X1KUD
z*A%kt#G2P;@V6KvBIQN!|7?3kLX58|0Vt%Tu$5CDa>#b5mE$^Ga
zkv4;uh5w?f_&2l_A;c#9O{~LKyZ%EIE+e=I^@}HObgLm88Yi=*du=;YZoLuqTjUV0
z^_t6ges^_;i6Ms9er!cf4W~k
zfBf%w2D2%?VJX%HK7cZOjX*vMAel;@*nM&?Nw+gqrc%4uJ-(VCyS%%@Gs@k4U}|gp
zOGIi;v!}KtstEh(y7?D~9~i3yj&=MOn|nNCGYSI&jA=@^Cdq$fw;-LCNA5#KhVgHh
zC~g1WW99o9#g6xyJPxOTt!t5IG(hJ(tWGS>x=e$N`U-UrHw1-^1My22x#M$7y)R-P
zhF7}mRxS(>kU0j?wN}!L|HLx&pIfj0@y0~mQJg@!
zC19h2p_aJ+_Qj}zEFN8R*pu(tD4o=#xf(7$l6>13!+&ktL-f6p7_lpKJnVroJDs)dgj6y!Esp(H6~AE_vfu0($e^fV;x2Ay%xfk`
zZUmNwGe%rLurd>+QDh%dYASRG<8FK>z;4Y6#lc@zqkY<)ydmIF*AvUW7!C@nV*392
z)Qa#`yA^F%{zS1l4S(b$E}9y!-)qoj==D89*f#c)2I*z}pzmy=`$Y(0RmvxMtw;a9{g}5eIK#?2#F=ugV+V)r+*l8VZtEg4kHvC%nHq!m2`_
zeQd2JJ-AKL!gG8@^;?R^&%`1>F6o8^TMvEdG}kqi)z;#Wv4S`7ejB?*9P*Alc}P?N
z+fRPfJYbk%EutI%*=aYM+`@Kgj<^*3m^>*s_}Js37_)dT5K%jpKbhn=f&8}m7fmZ`
zZ+jct?b@8{#y>%wHFy$wsU-29o$ZD;952E`{E<193g|P#?#%0_b{5uU+Wt$P$X5k_
zcCX#|T|k?MC-eG{1lG$8T3rbCKNI$o)8A2gThJGVkoS;hE`}4@Y*1XZ;cb1`;^gd4
zqGd1tD&GHy2-a3`=8ww!tI59je0~n?#d;xUaR;gO)c55T1be`IuJITic!&U5KOu&;
z7i+oLL1%7JjtCe<_Xo&%pOe7A>ge(tPa^_C90myLt4e%y5QJGa4ESw;z}jyZ7rqZA
zxA(K%;NytStL)_^0qF^n{7+0>FD$=1KPN)Pwe?92ldJS?rdLo&V7$-M&y)OCewVm~-6!uIR
zdXM+n=Q>qw-I7Py6!UXQDMDtc9W(AX0jSfFnl>s+Psj28yHwbYrW&f)J^J(%s)^3~
z9QKj8*USdIb?GB)uc>ojiFc-tg;3SnibJlyzDnkc-^328ccR>zUd&X!CU~m8`!W6T
zv#mAe?p&h9^;vx}U>ScV4
z6f6oX$e_KE*Hm~XW(LvyFnH}4^anJ)eM5!*dB9D5X++92IQ`t?
z^z=j=%bC6JJBnf+8@+ylVZEMeL9M?}Wn8dAl)b($TK0TTZTPlIo*arYj4Hax&{oB;
z{c~QpUjOVN>8bQyygq{bVDCDvA2Xi+M=uJsF;DL|0{RtWE~RO%H+e?=b|(;DV_&{5
zq$;f~PIY|hc-tlTFF5U6^kI9d&C>zubGe7*m6U`(7!t1
zShvX6Do7a)en=U0Y`oB9JX11nzLHm?f^2l?6x{x_m)VA_8h0_FWtT7WPaaD!)p_7Q
zZK!7T9M}-{JtDoxz&&#D9VfxGk)@n-j+kPf54yD0^pMEH93q@p2mKhcN(%dediC#A
zUIjd&D3@SQdTCMq;67#I=bzBJO_|}V&1kDr=BF$fdSDma$;KsFpChw$IrRh*Q~8k)
zyb?h2%By&L0xQ{=LBff7`5VaaIgIM~n{_`8+fSi9tL28+o@Pxmvy4;H>)ve74CPh&
zBc<;RBmba=C>4BF#mu8Gti{15!E5%7AZVO{VBTNRwjngsoc$zYb9~^%_1WT@pKXc2
zbFzO(c&1&me@?{X_p9<#s{wZXaVQYCPRP>wpfiIW*1#r#$9q%>n<-TnejTR~ceQ>^|sd)Ii29N22vlUOC()@O#^l--;vr|4lLY1J)S6M{REdUP{K^3Ql-S_S%e*-BleR4=Q7tJ}19O`@YF=
z$ey(1SzFn|AE`p1O>Mp3Y*@6BomgC^4Fs;c#)y*H6`z*oh>;N|Bd>ksS#tW{_Lo04
zn*qSmSf5@Wlo1sO!M;Ah{*Ta*ElXhE#Vcc+pPP^u7|i{UYcIzDQ)Z3F)R%60uWoLc
zSrSS2uxk%5|7o&@8q7@ymtwqj3Qq75=f2sF-mbRC_HK%ypDWZ=E!Yfke{L0q`DOdZ
z+Xq~@l{(nxybWC)^&I|~oVo5=r6c7hBau5f>E6wdV^bp)8rq7PKj3=|E1f6%(?JC-
zkj!d^5SneUFosCsFEaH*YhSc3Ia7CpI0z5K!~Zc1T31FUc!cNKn__WQ>)kv5)T4Js
zeItYf%_)9cJYt@GSM*`-eXikXp!qUB%2!hC{I###QgC<>M^K$VECNhK4??&&$f>Zo
z+fh+6;3KSxZKlDOLRmp|Zt<`RI1wfx7Y
znj(T+O$*+fSx%l7t5Bzo%c>MHg%4(q1?4ab&kX=Vb}6**#lVh9r~a$4U=Cd}s(
zw4~1xiIx9S*7Vr_kXnuyUavJ2-%oio*?7x-f&VP}pke<8nRvEG%X;MogukmzR}Kco
z+*(1-#ov?1B|_1WVa2O7Q%Fdlh#W+-4wo*6vpw%D3;UyJWftL#Cw;K*oK{$(PBC?u
zz$yFMS`&?r{o+Rh51_HwigwsEE93agy(-b9`0x1DVv%5C;fyo!CGA9u!&LVYdH6p_
zAtw)wI=vZ;xKi=L4W@vJ_jDV8`YNGcdHd*pbKuDTPtlnNGX4K?yqsMuRFq>$(n%#D
zZ215Vq}W74t|U3PDRPAoIWmS}&fT`z`Sbhx^WW$5dB2Xw
z^Zk0h+RvGTNn3;pg+s6NFyG>L3SjGSZwS>7hs-|?jjr`hE|rjXqfo?+h%okO*~(7H
zSk!y{KZ{j&tBA5ML?S%Ne0kBFg-!XoBC``72)MIMaQte%czrp2_Tg#qPvAdAGgaH=
ze$aj5m6F&Vz$jv~@2*}lD<{8|-J{0B49TH;h)D{ktiyq?=CJCm9t3=tE-NFR{fR&^
zvWD|5xaIfq%nipW4b__>MPGKz+IB=wba=8=MU(Ekw$jNDN5?L)wBEI3F%LvI8r0B~LR>MD&;iOGyj8i{e`@uQA{1Sp{>7z5h*rIpBGda&FL-f|}PfbQasDBL~
z7^*Huxi9S1wv#ItzaDEc5S^V2QjZwuh)nipgDgU>;A7|AlkdjmTSuDS809E
z%w($K4DfgP)S>6F-!Yf$dQ^$KPnpCa(ocTh8>C`u0gHjgF~|7ldn`q7#ixi`)F7l;
z6Pl9vtjpIMoL;5D@#_68JTvduk}^8Nz4})-1pn3s+NURZ(mDvx`hb6v$=zO$uh(F|
zx%YiM{R1$H+*;t|(o>%}E2|H1kZU7+7&|7ZTbEqE)3ZCqnv4=W--XW{pEzKq%E#`*
zRb6M1|Gg7VCQaEC7kf|%@%lcpo_~`r9aR=REpqI7hEQPqX5a1pL|)S_{@
zQ1@r?ZgOJbk%y(+@gI%#cIx%#IT`BzDi|Blnj$9(lIGBdF>L*|I27ZgZ*Xe@=xkPF
z3R)-KQ*l#7?Fh07Y@D-X0c?ZVT+2SewjWBI19d!cTRJthJQR;Vb?irrALBuum1lA+bu%@JLHWno
zXWtMsI~%_ELF@JLUWyxA;j!ylDOa*QQ3%}9T6~oSH^N{n0TeS)g96HE0vId12`4+I
zewwR3G@dLjh&4%G4xBFCWQz*#1uRNw4<@dtPHmx{%)_T3G=4BQ*oGe0!M>Q2)_f{$
zfc)bc8a3e7`m7Xfsmf-8ce~cm($>&)LklrD3A8M=Ho8
z$x%dcIVse9sp@mZDr3cKV&k&!Mdaa6Swt-uOf=f_6SmE_b;gI45?ej@VdXov>=f;R$~Yy6@rvYFEZa^TMnJ)Vv|T
zv~=!^T|i9GCxk@wPP~J2LKS_@&9^44yI7kJ{`+nbM?R|s58Pt=+1FF7Z^zok*ghou
zON{E3Q!>fpNm`U&*?vWewkySF`wcwTK~{-R>)gw{U1oI|HjA5Y<_%RSCd;=d;-V|nMYob`YR3zv2zq|rMDKY>?|-xQdP
za!bHxRab_K=5Ep4Nu5EyO9bSq@0T-+5&MYl#~lUX!Rpyz?`M36frdVXE1}^mqce4a
zjSUtmIM>$ks#hUuS7uSsW+S!t#5#7mO
ziW-L;4-uzNAyC9W27n=k@A3@;039NzJk&T3eFTr}OnUm!PiTOmI%8-xyLjI8+`0_3O{hAj)Z>rce
zPnfr2Tnk&8TgHs6cNE692>wf$m7@;@VuoQbfoSEv?Ey+s&-*W^+xgH%VI+$9Yg{
zO}}1Y!F9D{z_;p8N#2>QXy&L?&Z38Y=Z1BSxty%CkbX!4cRiG1hU-OES--2neMzq8
z)IF^)6suq9;17?CjAV_Bh>?%yw)H){%B`h*$>@>tSD%xZJ+exnbUXi?uORO_fe
zjbG9K6tIHg4Dn64*&rE7AoJOOfI1oVr$(BzFoF)5$9l@U?HQ-g;Tdi78q#DwE(aFi
z)KUwyI~PqNpl81V_Oy8yh5yBw5Nb~I2?ZG@7Vb;w7SmysxPZk(s_sh=2#>H&@O`Zp
z^<2SZTi|j*jPP%!E6!n_V?g-nhc|=h%3c796KE&pSA?d}{{R7Mm|6QyXvV?t@=I}`
zU%j3$fZUs}4lp0s#n^~de?c=;D6yy3eS=j=t(X&lj|QEmfel_A_qn{FcE!(mV1&N#Q!!xXnIi1|N5*kMtRFWylT<^hOJ?lklwMk~j@`}z=4xY7+gaBC4(8n9!KO!x<+pI8$Ku1c=zE3mk_Qj2oH1Y)M41wXhs
z@{aR4iFt98Z_;+S>Sf3yZ0nHPI#g)JV8AZDFQlO&$TtjywQlxr#y-0E0q3C~wNSGZ
zu1e{=jQIss_znW-2r@i+oA>1R{88wsajS1}Y1}b^@VLR_8?aaS^*4WrHm?6yu>ETf
zJdKDt*E3R4L{>oHsmWmrTX_@0^wu$pbn*h|j(fJD?7PU%^ml6`V+h%NX~c@DqWv7#
z5DW5{$rL>GJdJN`KSHnG%nNB$J%%%U+YKt)8H!~7eBFuRDhdR}g;pn!&IolduD%E0(vc+09vLCSn6&ZE|E8s%h=p
ziETQmJ+qi~i-lR#5@pWyn3}F1@R1BtzT{pD*XygyX7^5AfZd?SAKP
z3|@;?XN0th5r(VC*|adsI#!FahM%q8wzZm(3o>~+<29VwENRJI(gmM}X`F$9(`Cyq
z8_jCAe1%>5Ou@Lt*gOl!8D-cDM}h`WhmUN)0Zb(eL}9}|?cH4amJ8+Jhz
zHKn#f?oz;YZE_y(*Xsm;0aRyg4NHz4wWT&7>>H>FVLzPU=+%2N6>->`6T`nlTy2$6
zx5#wmp9P(mD*(r_y?&;%i16}8x5Am909O7#2clO?)udOx{#!uwA=FFZ`tv`)=)m$8
z`B{7Xqhpt4g@Se9yOjRI7|4?G3f;Clq+!0HgW|O&YTg4QHFznG&T)#=-PJsxc#
zAq=iuww@k-S$rYz_fxw@`$aYM#%Q|mQO9qax4$K&k4M_jdA5qK1wNOPY(3?Jrqzf3
z&D;iO#i3Pin7Av#DR`rBrv?qu=n+BYe(i@fb>`DK$V#
zxO9>;7I7L)FFLWxfUbw^LOH5)8YFkcs(ZcwQ^Sakxc`!n!l$PmdfAsClM&~{JG@`R
z7NcmHB7=-H0OD30bn0~dthw2R#k7^(ge#EUIaZwbNZI}MSWJ###4SVCaKpVjTXz#&S1{7QT8g=LfX*EGa<_r_
z62eP&ZHo4~%|63dHfXTk8%a{YVGSzV_9%ZJPxJi7ydAin8s*Ia>;DX~o9E~=r)xJG
zX#y=$X^!6jzdtHu2RwsHk8wPf)5FCV)-UVOb`a_KL8^A|HiaMI%4
zu=S$&ih;-&)I|S-X@J4A>^DO)=zye6-O+oEQ+t*?BpC+aCpX6@PYs%DdiQ{NFPN{b%wP+GJ65twNd@oVTK$@DON=wVk$
z)ER;>-IL#JvvjPw?H^AO4?8oZz3>maqO^oEOJ$;U=iRq;%72~_fpZOZPyH7!4ThQz
zVl?KoMnpJGLn7h7sfJz8YeEyH!Io_~xPxn{MM2=VVDr2mDA9RF3NoLu)_7gJn3ExQ|4RlJVT@oi0i1`0
z(lH{q0$;Q=N}6mqp(~qqNt)31FA(r9Iou$-Kd_s|IefGHIpx>BKTh6X5b?-IL!vX6
zk0L^YHMocKG*xeG2Bp6Cmt$2>p|ID};MN$E`}aEJsOVRA)a{OA!V!lh^4t#ar0taZ
z)piiyGF6=DE;?5B32l(riLTY)reum+%y`Okz7@q%%oCxDhoh2dBkat_&d`FK$zwu*WUqY4wD!>iFqK1J>`xSp_Wp;|qfwv84P88DwZ1
zEk{AN9tUTp%NGr-F*Pv|P5wr1K0K77vHdFv^($&+Fl_b4v8m!@@jtVP^f@0>X5W$X
zyCGJ)L!j;o@b5{Rq$y3bzZz^4$|X^=L8YqbO_QADvZ%gl&je@fqdS0DN(-NG0{lz#
zTTfp9x#(eeGE*NSQe8oxC{PkVnuD7
zwL592QltxQnj+)8JDIrkQY&A1W9b0MZ;0_nka@_Z60eJbHN5!`;9@i-SiIILi1s8W
z#rUnmPD-ZW2TXs}!ItFkG_=o~;go#C!v3Ok{?X|RI_zn;A11NH1fC068Px5l$N8__
z&0omPe6t5O@Lb^OVkcR817b2Wk2C%mNyEUcwbx5_vCSXlkNbROTD%{nd9~Jt{rgO)
z1oBeh)nT3veDvRb{te6-Me*OBhVJ;-iLOqFymFRfBy&do_f!Z;b(OjK
zgXNoRG3FfVZP>TN&Ei*;xC%2`1J+4`u8AK%K4m9b&!jU)|@B*b?=6WBk0$ziJqA9
z8gHE;Yd6}u^laEci9ClzXfk1!5)AZiJ^q}`zI3}oyY`cw=&X++xm)*lC1e*
zdK$}Kq=hCU2qNm|4${8;A!4q02dL%bH7%abeR+eSTPN?{N
zYrMo|YUkj!iLve?@RxL??DwH4e?&|h^BO|@;HfwHWw=h{7TNjL{C{R$8b1+5lbH{+
z?&#}Qn^yn~!M`IdofSa~Ccn5bnd5nM#73dbnR|cW)d%m60uHzjw4*3{P+P;vw-UA}
zGXMo0bthG5m&^wPxA53D$M21S4DQI1q!^}}d^E{$IAQM0dD6_H9{m2ZZ1JI^3^j2$
zW##Qq5Dg`F>j_9FkTEJz{8#eh%juCi)PQ(40ll#@=reR7U#2d)_6+<5W!$=aXOX1H
zn^!WBZ)dwKRa{L({Taqfb8A#~wAn2Dz>K{PnK5Q6hHIYb)UFp34*Ms3cTDiqYNC9djtLqIT_;ybsfhHngMQGkgwRN
zfEZ6luLnkL7962tnAh~`aoP8c!n(6qc^HGd+vh`wGT9!Gcwz-`SQ+)`8*~9&p+e}d
z1rh+FY3X`4B*+Bx!Iht-IE}wIx{<&dkKR(t6>nja@lOoWfB}RV^MU4DH7%8olP54&
z?vUuMm$i!!N+HSi-tMvuG@nONuB@@7J>Nzx%yLitgsbu574tQkq(AgL5@^R5*J;wn
zr&yWE(lC(F>I(IlJl}l}i>`MC)7SZ&fadF<&;x)6O)NAxC9iFPIh|
zUxY7t?;+oq(h3w8nkz*=7nUNe3qP&LW`68I;y?dHB(Mon(_vR`a4fZB$Lk_;g{tE*
z<5Nt8G3NI6Irp6ssv@Yr{mjT2yKm}=;KHnEV(x{dN%M)Y_I8^9-Cy;~P*eVR^_6xQ
z57HRROaF@W=1k)D?NK`t-x0o3#Hj&t_@oG9L#N<2A*Yf5}m0CYWhv
zm^bRYHQeD>MQDtK{6PO7ZJK1}DFOJk`&AI|W(l@sCCl89f7-7@VS(-`+ySdhSb3`~
z%B
zu~qXzv2WEVp#k2RznY|B-@voS=WZv5_*694_AK(`wXZ_=fL?^`8g0kCUx+fB(R*_c
z{Vc!Nlascq%=dDmYflrsBfG`=sVRQS_UaWY34j6cry>%)UXRUu}>iOlVm9JjSjXU7!q0aRZJ
z@7PR5-#$W%J3ieQ;Fe^i=1W@GK!FV_S`Pe^3vL|h<`Sw04dCS=rU>gGfN=Q(nR1h#
z@KkN#=4ao=C!P|Q_yc|)_(nRHkRE3lAGCI3UR_}ZMe7f86-UyXPQK?LFB>z1DsY)j
zLJX_%$d
z??^ZYK5!77Mtg}_H1h}7d^<|zhgm_%~ri)cr&`Sq4`9w3CX=-(PKhA
zUpB0;@ZssKujwb-*1D=UT(u(11ga+>83ihTivI2jYuB1SMR5W--1~~drW?rNIB{UY
zEu!}$JJ_u?GqOa}@8~-^HLAg?3mSduj{&g;FYzumCyzb}m-EINH$^UOT)S#K0n@M)
z1z`2!q}{A^TU#Y`ByIedHZuDS{}txm25uaI1NQz;#P{iN_ufe1I894K>}JjaM}fP0
z)fWQupbW9N-7nXLUl2b){_=$aP31Ot&Adi1lvken9-BICTHIFmGTn&psya1H)v^3r
zV8F=->IrHLn)Kb4S8NqHJY@rUw~_e9eLL|#;ohDj=S12T===>F*vSQlftTo7&%w2c
z)v(ut#&54;;Yu`+c+Z@)_;p%Ey(W*AEJnvkY99J5v^Av{DUwmX;1D4@vcmd;-QxjJ
zV|P>8ia{M*;)4~~7-2bSDy)&h@Ou^hw+QcIT44B#v{RYx_bANhIM5s3Z#X2Ni8%D*
zP{@Y$9QdG)^zNDmxivan2;6mI#Z$6)R_sbfL_~TK~aKokTpC)
z&4H@ajE{QGfpum`x!YK0>-bL_kvbBzezkg___mI=RP`Y|T*aUyzQ$E=w$b
zr_G{#k%N0~8_ty>T#b7sFHUiD{bZyf)q$$1Rn7rk@P`ixds&ICGKt-4E^$A(pBiH`
z`^iN=W=D$9bYy*pAM6aJ$UXQ7>umVk0X?I&09QG3@*%^sZf+Aq33bc;av*N#XTce@@7L84My
zvS5#<>!5}!TLdTapnxKpLG;pKVP1DnqM+347DxA@U><)Vw{&izbNQ@FapWw%Ysj)!kfJy%iI*rs;y
zytAUh*8_X{p3UDmdsa!evM=`z`5}f%&tm47%hBPBMDaNDh+qt^olIujWjigrju+oT
zW%C3KJ(2VMMBLFWkrRZwQI?NqChW$#z^6g!=>9^x7wh{Uv+9h!C9i_;m+ZR#wMF~J
zJWC_)_F6cb{JtkT_#N09eTpnSx9X!6BPMljv*EYQM-G{f&v4H{GY_wP?EK^_@9L}X
zP|FD0yzo6nzH5RHnYu?g>DF^DMLRNSIRennbdVh7yuW=Ka*4W=~&gyZkqEM=a>_#LIARybBnTFy{@?
z0v0nb>h8zfO(vS>ja_P$vDBww=B<;#rc!6u7K1;XA?=Ub3A8X4__pwXG@aKD{eiCj
z-3)(%iV;kWa)hb#8G>4$mWKNs4a27=zOP9(zQ!{j%@Uc*%@=Dxab<2!^lTck)Y(8|`r7OF9wE1P=*AMKc+
zna>6q&;0*dB<8wi0%q58-l$Jh73EO*4wEiYwMqv)H
z3+=SLxd@h=W|e8s6t8;%KOLix9DiG&voU(~#|3M+qxMm=H$C!=%I)U91GF9`eAAiF
zz)LE4E$ShB)*}IKjd1&KI@&X`U`AMvjKeNAV9Z$$9f@t02gnao-Vc*QM(?+{#bAxP
zZWh{a>2*jRb@0W>wITtu2KeD8q>%QNhU)54xtH3i!j*P8-I%uVLjK^}1QQcy*
zdaP5Cw2v5oH*JwVElAcRPuA|KM3FpYq<)wmZvk``4wb>bo
z%%dIBPz(Iu^s1NG_Ahd6@=pOLx+UoP`lwSn(L#;~ufgCDr*NdSUURgP9EQa0lRDjW
zuiq)LBz8-ZDS~&x$o=EyxtJh^=R;zvxdyMsw~8c
z{nA3+TR3LVWCX2PY9!-wvlA<)z(?N;uLWRgyM!C2h8%B-brzH?TxIMl#{uvC`l&`<
z{DS2SV0d>V0F}U_HQ&X^VmQDrgW(3eRcwqHmYRWl;CFz&F_WTAG{g(c9eN_db_1r`
zBT1XHn(P0l_l1cx1&*DKs0ZrQr?<_X+P-QULuB8nx$rh#*gF%=fb5m;&zxIzYxhf^
zjWU(IhCn<$s|WRO990$hm5bJ!?!!zQ&%%pU3?97LF4G;Zz&}gUzcs4YGOr`ZH2R3&
zWy);yYo}@)pdp{~60<_VgiE3t3&7tp2OU)*Ekw>#u|2x`+R{c;j4E6GC!$-?p%n6N
zkNCD#F!SZrI&9kx59!$5xf-qgkirv_;JWs&@_t+wGwqDE!0{YNuFx5UsqZ33H3beG
z!}kTNjY>>8yvs92%UC
zfy$nZ3Efx%ySIBHWSeuTfz#0X>v!kVGr`>F7#H!K0Lj^1g&HW(kk9|`PqREr@F~i8(1ydb9TY5(*(UgxC+ZT)_u@_8wZYWH+bwVQ
zNRJq^`s3GTP+v#nLa#j|!nYzDElW=|MzQd=JrVAO9k!BhN}|zq-C&G5??;8#8q~fB
zDk|&w;_YQ`QqDo962v
z%X|(@O%wL+_#QAEE_i($*61YJxMskT^u{|#Ynl|p7U+s3+rKACTn1p6J@`L|E43mH
zy;Wl8W9cWdCX7XVgf@RGEmun($imxnK441^T!q
zk8f!)9;FZr|1?w7lRG^&L^Dq(5mna`{@N>UBRnz{TNpbqUTMwkAB**;t$vnBr#ds3*@?-`4>D`V~Us@GwcFLMOnouKs
zc`%4F#%95Zscws^6Kj_l%YTG3rnvt<<*$azh64C3lrfW<-b
z?%q+zLy5c9ocYlnWX;95WPw%p`<-kLDd7>*>*FC2F%VcYT6l6)|4o@}vI%oh$i)nf
z6|b%x%#8b}3Jcz$eRz2KFH?aUYohoFf%Ob9WNx@b>`Bi!Vz
zvdwSF9z!&iGOOQl>;_S_uD86Q#sUm)#$|1wG#LFi?soin=C5`^w{L?Z0n1U2bUHdU
zaqx#pWMBs6_w_S911rr>G3Im2^gq8Yebth9rXWT%{*XSfzu5D&*+v5hvr4GvRjgFK
zmU;P8mz=*j3qNRxPS%fAeKem39aE+-FZ3b5HwD_PjBDGAOn69V1qLx_{^5)j)4&Av
zwg84qM$c@maF8kC-e+)=Hn2-dy`HZm2{(*4=$?i#_4bLY@U&p~yE*IbCG9Dsw57GT7zE%VXp*R|N7Xn15?UTD|lvn`%
zP&CnPBq;2O&~Q2q^SaXXMU3F&Qo`D}%}&9LMU$m2|C@GSMYkhz%Cy~Ae3N-kY)}0?
z48vZLxf?ljIsZn~|bLmNqBB1qNCpr`m
zY{sGdN#*Tkoi3{e``t2dbUzB)vY@(NZZtp2%dt#Z&KuX0hV65|!5zV#n$HP7eW~O$
z<;jQ49Whu;{7l<%9dK7!lU-kt8!3(!Jai*b(f@N(v?a$KwpVUx^s8dYm_>Rw^}0U&
z$VciflZZa)1aq-~&(ELmwd9a;{=)!vaajthczqN8pGAp}mj0a~=}u(C&WN#|q%Wq)
zf?D~FCkVnTcsX^?pjvWTl*L_*B{250)Nk9|nCD>>?clCpE#^zph-XS1Gw1DyStSP?5L1wYZ7wMC8wX^?g>*q~b4JyBrzLdZNYInnE8vFb;pD2b;JQ|3s2BaOS%$d_
z6&h6W#30;DKqtQLZAeDyOAj6k@*Mz}Z>d#_)?a>vT_+e1=)i2Hho53KX=Kh3(%a?m
zUE0}-QE{!Oj@)iwXK^mMdpzu>Yqe{)gw>U6u4aM;;j3WxDOtc0*X*UdbVH>XL0yy^
zLe%?w7e@}R^vzz+;QMv1hAT@q>HS5?ROV1FdU*+>JK`bQ)dAri$>L&m(74|*e$CiT
zv)$W}jn7DVT9LtJPDB@lQ45Ktd2hMkdJYU5J3iQB7>xi0Q?FISGGnmRS|>A)WXYvg
zyGjG3#A8qfeX&x#Lt1UN(r(9aV2wP=7Q^Dk#n(#bvQ&3NUf(9KW-o)vnLR^4Fx8c2
zV@f_k?ZBF5O_5*fOT+`f#1FdzU(3bo1%cs-;I3TbL1};y1KKFCJ`FSHvCdA!KJHe`
zR-*(A1RnPIDcFaCdwx}-O3evS%hR}9Z(5~+UJ8i$vW_%nfwDvz=H}3|ZY~fy7Y$aY
zz)xP{#OL^8fGKYp1EFcMN~MvC@-wm$gV)sW+i2+-yV*3urucy4E#x1UL^^ibj_U-w
z_@j3xzB}oqnME(SW{X>G&35CrZ`8!r1s@o+;2iD6T~>^SC!JYBA4;t8r---@;JKBi
z5noAVHw%S!Q`_5362W?VFpwA1W73z><+AVslGi3_VaWo(y@S4bqR#1?ea~KBed$j&
z>4@vnf8Lq)J?5qz`F}Ro26`qh;Ze?12PsD7a6ArL$i2It6-yctSzMY@I}iLF0dagm
z*#Bzzd(ulp$l&oowT_H%_Q3I3-;G+UNihgZ57FelWQ=jh^u0Y&^CqeIM0teKsPtaO
z+?9%TfYaD}#GJK;3p&Ojl7O_M-7FZ`LH7PHgku|0u^m>cr6?LZzC@;71^^)u~-HO@kvD7hifYfYEopDO#jz8{`kDB=r=3nK3c}fi8
zyCZ_HaxZn#10-Dcls{+MZA$c`jVl{U{ULvj6ndWEt5`B1~{ni=E`PKBF#zfzt&}naAspv0pCRw}R
zDl@$)Fut`@7Mx1EoM@}7Q&aLtaG=|qf>xeF`MAmJeGWDGCAjd@K}`hk{X`Ido$wo>
zg6^?8MT#O3J@>k`n$-M9c8Sy{&VKfh?XDTh1m7&
zk^5%&70sr1_%>*N8$WLyOa**N$S1j!lp*r8qUx<6{?7P!2SSL8&jD`o*uXh=fG-KP
zhAQ)p)(ykOdZwJ%U%kF&x$o3j{Qw;&ng)t!
z6AXRowzLW#_<|1lG;AVP1We(6AsAnFQAn*O?P$%7l$5Y+k-Yg4{OYGU-G@zt<@A{b
zNV$DuatITrBJ&wGE`pJjg3QM=4_T?V>E&UsRgIZvX=Ya9q|)oOJ(jOXo-64?BNgiY
zU`(M(h*FW!1@N~uCA#8ocyvan>~4;Y&AbUj#`HJ%0y_%IOo_}}l%!g&^~gu6g+7k5
zzd_Zx%#SN(jJ5yC*h9EwT@dxdD)GNq)$A|2G}K^9#F*Pe<^~xc9yGkoc+vPZXZqI*
zT()OY*x+-ULn@4ugT6+>$i+J?2G#1d6~F%E|2t}LIrMe>L49LVb+BH!bpc~^{APAl
z!d22Km8eJ0Y~8IvlN!h6n7bGg4;olUR`@y|-4*{Pe5eJ@0lm<8N!{Bu7AW*zw$jqw0=Cf#?)5(}R9fMalb&>{903
z5p?H9%vA>X{o)Px9%D3abaBpdt#;*tQsXTzEUA<|s!eYiv&(z)0(Ltf*2UDDG?NH`!etApu+^9`B
z_5C>!dvYohq+iSQU2NFWQop|}!JBa;hrIcm-2QW;;-Kt2b?nXU7W>jq5|_sWVWPW-
z^!(4pXysZvQ`a7Wpw|q%5E(jdFk#j9EK$bQXfy9zaMu+;cmeO&Xn27E^TRWJrZ~EF
z%{i>`c<^$f%R(++Vt9t8-4fe|qX9k?k)?O)*rIc3CUqx}Y2E(lw0mFWGcFoh5G%+!E{}@$hFYkq%oboc~
z(F<|`JeOCs@%4_g?^oIhvJuB&m>OwNJJzIn2r*dFjQa!Sq?)
zt?O!j^faMnH8>mSFjRgVfMMy;>lf!-GAn*~DveEikwzxMmBqU`7Kcet3DqKYRo)
zWFQkYrZIR?|2~D9vN&Q2Gwtgp`c1!XzvJPr*SHV$8fj*J8mzH$CS?4zEAF)^JISYZ
z)2gl-N#NhBnk)DU#mc}T)#NW@p4CC(l9D-kG5RbbRtz;TjVJ?HtCQ!^k*PGv*Kt2m
ztfW7gIbOFh0-X;9oVY?-d5!~aqR=}sklOKmP^T0evuEGzhm;KVYQ?@`vKk_C$J`jy
zQv%5y)B7`YNP6R&ZVUQ%#O5DuvVZcg;ZpXMtIkAr6^^vk^$JQGO2NUCwQNacILj!!}Q!yvQ!WBNR|IkatT6f?#8`-__0@Gu4M)1tfmk-UK{{$S>TTpm<(R
z*?jW{{fzIhT@S=l142v~UB>tqL>m=!1yR;ZfP^mT@MM#jRkOGUtJ)ZJxT2(@W(vJr
zVtBZG@p~RPj#GY6QKC=)ZG}Ccd_=ZYVi&OM!G!~>9v3CK0ILyt;m!H%Jxq-~Izn<;
zDB;8$;8#WJH`g5ehtf+ug)hmPGYI&m$CvU!8)sn1gw^l+rL|^W$;?k_g7A?$$>LKO
zIEHrTv#0S4MGYgo)U=pEOlaO9(_jXGchGhi&=)-wk!2B9B?y+wgti`ys)0E+_?sq$
zGE{TkV572;j5`PLlp~Gmr*%_Ce~I^1>^X%e-=f!Eq|b3{;X%j7Naqmc_8^SM7P)=m
zW`eRLD4v;_zPCo^HX;>2+*R}K$xJ?ONJT2SwRKTztSW`E;y;3F1Ap(64qWA<8WSg~
zR#Cl8CmYYW_h@J|Ar6VmD^o=N+bgZo?0NFS=c~Tz6C>~UnS)pDn;NJG?$O(v9ul=7
zevfzbA=|jJi9jV1>BXw|`+sx#2?Oa$`@ZB%NY4)w{*<50W@d;aW?J%w>DusI`AJs8
z<|tw>Juno^zdCLsSr^53Cz@#=-Z)A4W+dP;Z{m$#a_2sD;my`HuA@5Tt=X)oOMB*Q
zK$}>n21fRQOt$76^uZcCKHjk#{XFt&8Y{qMxFPNS&zb@WR7q0vgjAHhYF!rN$NYR>
zusI;H$J3$<7#Y2hGrV1nwCqr2e%PPN{-fCmekBevMBf7cke_<;*IaHkMc1i#4}URN
z_&Wm_mm43-NAab^LD0io^i3qkFOJW(4pA{J<1!yQHD_Ja^&n
z?U0F?Ch&&=)ISyU>;dLw8R`I$c}?OoyLE2p+IedvU{%iu&zSI=;
zdw&p_dAs7qKEc?zd(^SomdPvyt
z`TLA3XmbWq`1f})?07{9DSj4lPpv`FbtH4~Pl1q}5DR7XUHuM$+@d_~tfj{EtT&c@
zDqBZ%r56ru`rPdGlc74y`as_YyqnX(N{7A^P=#uy<^^olL4
zQ;$segNN@(NfOsEdgJ~1KDP{hycV~Bx9SgYKiYD)x5$V6afNDib?0sG0{WQ$TF`=qj?pXArh(noLq4^cp_zbu|pO>{={K8Ysr6XS8GIfVZ{_s8ZD{L`r{j`#aj
z$e&mAcKIsYgPb;5zEC^pJ^ib(*|2oEv4-sSJ^FUTU#U-6f&%ECU}A^qM9asPftR?atm*ktjLV!%(oW-@;@k|n>l
zjMdG!D~tC6N?frzOZ~?y*}D$|@N9fCJ0Hcfls8z(`U0ehPMr5|dJOQKK7yUUeoJyt
z;$3Y-r}uOo7bQBwhOs(PIfCzwuy@C=g8oj$k2(zemJj54>O~Cv8PORp_jL!oZ=!YC
zB=^xE`1xnER9{HmBkzPibJ1$LhpJ}ZyFP&D_V9bsYXC2}i|3OMB0Bz1=I2ZVJc2xP
zTKC%3^v-JttEU|UyaoA4wBKg|u8re;XXenj(|JDL0>WQg#qyL|S4%nXRq7SD(|n7j
zvb?M=;!}C2@CxBmUN_ZUS&h0kKnd-HSUDVmo#gymoLSOb1W
z$n)TfFc6mlo~tQi_VB7T(w@W>dopMZ)r;VD;7f`AJ-lDQxHS|H8P58ESFfRSD9?M0
z6a0JRiQ)U$yaxH1ieL9I@$)W!ueX@S{iuw+?^v^j`g~P0|M`z=uuqTaY`yjnKg)Q3
z@Rx{Af8K9;-x|bEuB&GLZTA|g8-Tv#nAb_*=Ws3~d45a$kK}n}KhSy=7PI%lm#n3H
zjLGc1c0Yp0rn39cpRa}fbnv+P?S$|1_;A@;yrWUhI}-r!tDO6yps!uQ>uxozm2!^E
z)Y&=o*K6fDq7eP0=zBVUE!`jSz8i}Oj{5)S>RPX*eiL$CIv}6b1jl{%xp&7Hw_CYi
z*a`gHfGO;K>kEKqQIDF=1#b}iD9`IS3V6!`ssE!ocedkR<{2KpEpDfL<7q6A*J5As~1*riX1|Jo5OzwTRFN0-+dJWKSC
zazE>VE=V;zL8!tS-xN4I@p==Y3$x)DCp!|-Vfz&;CJ`p{gh1_
zcRbFsuw(8z6~@C?tty?g`iBVOS5!q)-5^RL{V
z-?0I5C@W+BZ8_kPE71q!Qmhx?-N$Q~Juv{!wMu_Af`JnoFkigSCA)n;(XZ!mC$GJT}OLBXe*B|K9
z0r<_lufbIvlFpI)4CYt#??AofccuN0zz`I5(D{_d4Tg45{vm%)T?u%>&12ZPY&_tR
zH+em@8N}yfQlI0LCrorcFJbwLb2_NcU=hpbUqJjQeN>kd9rRZsJHM%e@(Jl26Yo)Z801o%1V;RC?`7V9$T3;v$#EX}u_&+F2S
zkXv;HgI~K5`Nrq-^Y!%`rTyU@A8jIhyyrca
z&ja}!Q0mg`*@$yN=`mjLfp?jPR6vM~}E-CE+)q&jk$47#dgcHzonU1${&4
zJ7R98erm(mI?f_E`oGin?m^;5sb92cGvcxT$@Op};9ZK}^2}zc7g5UMKhJN5KdWHy!Z`toxOK*WEjm>D6t37yO*h_ZNWY
zZsmEHrJbmQt(-%vI;sDA2|IU;2R!?DIqOd}o#Cbzx{8(3r5?qVti2_oa9d&3Anj^GmmbpKK+sC!8bvA4W6(`E|f^-}3j%M+p9GC96aGA@Pa4
zUy4_p#JB~&;(aQ=27dNH6?<3PV;l9;EMxsNe@yW1Nvw~<)dU|@#@^}N0(iDY`i-YS
zrx@^D$7B|7sQ|ot;s{n}X%gTq5#A?a#
z<7TF_b;;6v=aw+}cW$HijKwU^@EOAY^%OSl^V?t_j&XankNAIF>QxKkx`($>e>7fq
z@dKJy2JdmOj-L@f*G*>kL4PAUmBlQMcX1cwKSk<8HSn+PlIPi$cT9Hgb`$XHuCHPD
ziMIis{YeSCzZl#_b%SeIyzy?pBTWO@ewj}AV{u=J{bd4P&=FzxCNA+)!SjFSbjkas
z4&}b-5u)=VucN+z_@621^n~87BtCmovwPn4T~wE2D9a1&0z8L0hZNt)b-|xk>Wc60
zLjHrIho2Fj
zn)!zt2!61XY
zrSwAwJc2$xbe^3Fc*}69SGyrMdxzxzgc1+;fSy{mrDu0
zOTv%B?rqqCdqXAf^l6&c`O;rK-iI!RjcDWTlO0VTSv$V`?lF~`K5^27%BqnyldAM_
zW5$myzpF~GF0U9@rEB_K<0e#;kJBfN8a279`W)0snc}y=njMHgOd~KfU9b0j-46^e
z(ENs^;p*Y9sAn00rKOCNlXe3;X=!dUNb9cW)C*|L&lH7!kJ_e|a8eETC0#9=u#A-M
zXACWq)MG|E5$I9JZ5AU2UbE&$eOvckBPs}qpNsjr*Q8~{A4VeKM8#0L-<*nOQjTc>
zSNt>XIVpRNrALiu+|mrs^(@~>WGt;Q<9c=~h~;VNbDWf=MdNnD)IBRmdnqmEq*JCI
zvpql1?U-OPT)Ox8+iLC_par2V)if6g@;1XaOYquyWz
zc@Y>1H*V<3dd;+Ao|6tNPfs{bW7^g1loj|*LY77}q5D=K#!grQI@mBxPd8G{TGUPJ
zaU&598%-HOAf}|*?%KbunyG4~zz|;u;A(
zsJAsYVFWS9OKPqVsMp|&DW){j_8WCOl`#^w8Lnk0PDhL%cu}`mO9~MM30q9m59g?b
zqD^~IOV7jXlpSby>*dwu6UPWPV+p5;R3eiKSqtPUS)S*J`9%ZUNog6!4S5xl^K{el
zqgu)wtf$hZ9v5pBYDJSFs2a&3B_)O8??E(fIt@anJu@$6Aw9p@j|K_N5fbzgcGAWu
zVqjA!fzTd1Xx0L`_IiGje!9UH|L1s?nHEa;cd;~i$*ARPf}fb5=ht?1&(FAe#*WG9
zMUCVvu}&#lETX4BR94%?vdeSm&v2YDq(5QPxQ#2~X
zXr>dE;819iZwZl289!lURbCV+$8{2kypmh9^TePmR{h{XuFy0wVkjxwH|j%Wi3uIj
z#MTkYnADnWD`9Gx21A#+qNhWagQz~Ru&^-vO}Cx!$Hn$*2t^xet0$1cy_?ruu}n>#
z9azzLqtHXK3xt-Z>$OH-Y$Y>Xru<(7?_RhOGC_R^i-sF285#iBGV`4KfhlZ7xTN92
z)JKJk#b{3beO6Q`WjLB=B^|LP!?iZWGD)??B8Qtz(}m=d*e-eP7OQ)oq!V%~n4Xok
z(w10-j4kvp)OO#A30{JrsmW-xgv4CewVjXw;P~-$U^-1Hsb=Bk7UaX-9Sd1@EdkNp
z{9K}`{Iuxj1nvBfm{wH3Q%KT~s^B}0l-B>5T+}fV0#)$kBn>;2GK2x}=LqeH=4}*l
zkP>vYP<``+@*3~!f}2p6q-X@TBbW&1>I-WYDq?6htp=f`p)#h@$xuz9@N%BQ!ixV3
z_ilYUM%)WqqDwR9c%~&ZUd!{Gp+z;Vyj3Cl8g3fTYVftjdNcpCre|lu<+dB-r1P6i
z7^RdcG+0Q_PBnxBdl^01XxaiXZPzykd4ru4_QyzuD;HXogi&uv9>u?+PAVnjrKM)Y
z;&H=|2lWZfZwjqe%JS@}W(%DeEDeQ#8?Km)p11S)H4?%QRESSN
zgh_I|&^Sr?h4Pgjtf4MN=@vEFGZ-VLddR9t1RrCP#ZyW
zj^zo%q36ZsD(O#Clv-vS@yS>^pqGC;zm4Q;5XwM-ILxm6QN
zE4nSrB%w(twBb@0SM6kyNywCBW|)}-a7_zZSKRf2yIt+>*Gq!A)Z1>_hQh98r5AUx
zR*S`T`PQydO>1eXq6UgAb34zu{?B=0@oltc`BBKT
zaO18pzgdN^6>nHf2=O*Nhc9W%7Qubv&^16SOn0cs~%A57YdKY-sFIeZ_gkGN5)MOHxgQ4aycKo~0e5
zE=Dup@x1+07;r~Am1^Ejt3x+Lo0DKn9WE;+iPhO;iGg0nq}be&p|?5>gOx$`$`X0R
zFIZ!s-n1|S0PCm4;W=S`Zkd~^chuWdhI-OLQ)5UFg`@2e5Jd+|PTG$|{?Ho2G;}bI
z=AAC%2orI{SqluOI%3M2i1zGzXbqYoQPzU!rQ0f&uS9Q>O^rfb%BDbFP)9pSgH%q^
z8H+k=M=YnEb{aj=!Bo@^MwMv?S4_8I&qF6n3l~qOI#_#YCa#>wq&t#HX3XtdQ=W|n
zMUJK^4OvM2Zzdkx&RVgEnlJ>EBTubzYMR@iG^CqJh&O@)9j&&BbXuC_=H_NhdM9q!
z5Z*+}LQ~2r&NPA!liZq0f;$qM6c&N$WtD;Ep{4bsCZ0*^j-aKbSCP&N27-oY7Mh4=
z!%al=q-3rS-&nV94N-4`T46f4W;tEF`NmDvbsI_DC)w0aOJq{K^x#`e=wZ8Muzr{?
zJZjfU=I@${MqF%a*=p4v()-#XssPdRM8z~rQXHA1cJhA1U#vHSMWp#_W7{@bmKI^*
zETfozv`13g(k70DPh+vu(gTlPCdzM=czY8oM^=x3gwG^s(J{%H7!iGYvUL|do`PUx
z?qZ3Db{BKC4$OU8gj7PdkX1s^Dz1~@jlj&ngt5@2-H=?K^y~=BQ8CG^N3)SbE85fn
zjjxlWU?;0fs@kc312L7^$#NGvF}9WNrW<1klB&d;q3wZIwad#LYHg3~6jlghpd}f}
zwBm7LOW@loeQ57GdysU-FpLl4I>c6-EtqL)9r-Opua|1;j-0)(^K*hqJi}
zl=Mhzld$;Cb~e_+WL0dla!3?WnjziCv>}+JlbKXR-;r!0p%U9lD?nVljRwX{sGZC?
z5@MvAK!6diAd%`YXX<<`oidqpTXQoh@T9!ycGj6q$J&!^u@-AcGNIRoHr0y8+1wV{
zRl}ztd(W0oxY+oMm>NW?u^9RxM|savCfE^WSOQUZx5>wcaXLmk2=4Fv1^E3
zHmB0GItHo~n=CK|Z>p@O4%#PUX;MRC&8{@)Y-hVLjX&I}+LeZ>9ZN*gG?Cz6OiV;P
zx?z}r&@hd{w%S2d8p99TIJ2)N@jZwggpt|R$(>w7G}lDryOk9i`nxR>Ygakl8cT`^
z0EJSV9af%ig$0`}j$?7s{7GMBEmc)|G3;1Lf%4c+`ibmw(HbDB8bSMNJ2884j3H5L
z$sC5&O-w>|c2X<{FeEIthp%6^0;VbPjA*B*Rh=~OT~Iu+La}74*Sv?><58@!lljH8
zW_49-!kcPu-CTXkpWSS%$AZ=JSc}^7w1Lu42xyA%Q1ecD88p&#Ts1K)GgRj6DI!j<
zQ`DSkg{H--54}#Nm26JZ99mjv_sL>(CbrS2<6h?75lw=38Sc8uU3$5iO4nfz?;!34
z@|I=Kxcf+^)cHzGJGIO11&4jcpkg%dT&@N-+sG|ZQ@1G;uD`h+9<<6e#$iXqsMtD;
z>`X$Fy5<^U{Ha(34vw@wOe73t(vZ|{ioWl<>&k^%i5;?mBmOAr=k|_7CIVi`>Q^hP
zW3myf;SYthkyMsep=`0JQHu;!P>3a5sO!~Zo3&j#L}Q*Av@QV;+TKb)=p+$Ev=bECwf6DeOrfBV6Ck!
z=C^oVk_lF|sWEkaGFKuqAjM8MUPfk!YU;sPk<6&egJmF@y*r8Ii9Mtn$%=we4E0#0
zvIu~VY!8Skf_6Gsw-CJ!TZ~CWJq<0S{L@Usfq@tE?1(Z6&C>WE?f8VECJ8S}Z2A!90!z2oUj5
zxefr)O|8YMraw3USa%DXaABGd(@4^S)@7^(lk^%eESY5%VsVmkq;~L*jnm2#YYB_y
z2M!As!HOz4mEBv(oL0st6!b%;*()WRdFQehRJDm17D635U@Bx=B)O4owAor{=aSk*
zOULwSmyt|XD^l>4SO!n|`tYCMvc9rz4J`r4#w$K(TQU~_eeP&&ra?8rE3sV+8e&^!
ztePe}wKb7$7H@Q;*ow{ZPG;pK@1x@9XKs;+vJ;euT{J+51Qw34D%l4u*5LZOI*`Vn
zZLHh8X5*R~&*l<_7~c+~iHSMg1_2AAuvWBKR50M^uc)Yq8$VFJW>XbUS-Xl5)6&#R
zbd@8*xP6iku~fL7=G!z07vX&D`3&H*z@l0gdt((bi&Grehe}P2I)@UPpQP+p->eq*=
zt2Z)d$My=hb;QH$se(=iCeX6WayH((6Yc?r_(3~xc3H)UmV|C>w#u5Jp0&r)X;$ds
zVU~%YGrRUo@7vXL0?z>tFA|L;!MC!UBgqU{0GKIUW6iwN(v8s+=CnEExbU)WfL3J{
zP?vAg9bix#Mhdgzd`A=mao&M$>N*pVrJL<5TyxMWh0U3^NHo>rr3c=n#F*L*U*&JsiV!p
zFyZlTPQw-?yI;kyJh5fV7Pur>3@Wc^w~8(8byiJCbSraYvp3VGy@N1T4{;mMB>RNJ
z;>Lz!tYs@(q@6G|Na1(sBi7!?ULK*OEH6)HJcTXH3|hL$TE04OAO?Bm#iz_(IARcX
z^&E-C)+kvnoz1MIc~uaJ^|4c%xw8|h!(Jdop&c*4exU8mH$Yp5W&oCn#p`Tmryac#
zvz2Byl@SI`I&4#$_(?^^@XEs*&Dxy0gPeF)XBylF>S8-=6Cts>o9i|U&%Gur&KwfA
zE7URD5@nLWW`Ole-Dpkh$Rvb@T;b48##Ks1`OfxChwNiM$NVvZ%=
z;h5L2vYm)|j19n6A_R~~aUL7lu$wl+tJ;*@#iA>gpvjO3uh73^1=B?uyjtRDo45d(
z5y~*(J0ww(*bz4*6yoe4Y!NYru6e};QEns?X0NFY;)oZ8n@YAgu4UKlE^AKQkfx&D
zx`ekPXep7QG#gLiqXk*Y66dPlQ6@g#WZNBMlpbnHdnwJ~Xg08TEdq;Ujgw}KQyf=W
zs*@81bA7)puD?0amTqp|W;-GxF4LJwkln;$S=@097a)Q}oF7_kGQ)}~dz0Ar2Hqyi
z9ac3@9HEZ89Gg5jR`o<^iAW;j1`8&6svUSCa&b2B7MUnNhZ@yEFO!yT{KpXl`+V~ac3l*xI9ge=*H|lAU2q4>VyZEra9q;Q6n+3Xh=_L
zZeyD*+T7T&HOp-@*1VMIhigc<27@{z_^VvQ@rri9^GUpCTc(v4i#IrW7E5gxD^w_?
zJ=w;*E5>d$-iIA=_Tkv6BlV1Izh*aVsfHCBT11|WDY}Sg7K?jpII^PDnxI?gW#HHF
zT0jk@=^({4M(-mE6B6>sDKuc%FDinbcVQdZlkBnr`3Qg@Cg>PuWX(iCkqq(brjC@O
z-dJ`VX^%H&a-bu;g3zJV(S$!6u|d7MSS%TX(FU1f=TJ@bF$$yjEu5`q-D4e%ux~Tr
zmEITuxVk4wAdCT|kcM$UoI-aM>|+i(z~{$?Mk>V{GzI~LC>pI#gc)%ophW4guvJ82
z!{UXt3#iHt$@K^^lBUjfc!nITh?+?4O(|Dp&O}n&R8%OAR~;KF0%vhccn7ibt#%qb
zesTnF)hbGR(Hr%fF~}XU_`2r!jj^3TOR!&4>6Si8yqpR4jV5N->JojK!J1P
zsnL$)a#l&28za${tliL&Ch?WPdy^TDPq^H4unz}QnaXSzFajJ};)8U&w-JDJSQ*9$
zdH>-LlBD9a1S&4I3o#{ni(?5!pkFz_DfTgRWK^G{DTddSR*^^pI=Tbt+ulKo4DTTs
z5b)Wk$AyWQZ3R^;*`Lv>T4l=hpJ!18JO5K`HJSD{^j)Ge%?Z_Kuun*pVU>)TIWKG4
zapXhH;pOo7i(biOA?uKUwrRB;j~5%n&GLX%i$sgZ4--pNc;EoU0@)TIT1~?ei3{XR
zR?hJX3#;}hRS34EHHgn1D&BhHje|DkSZ2!c#FAq64YP!4pX~M>#81YBV9;_TlS!*#
zs0TWQX^7Cy+VxQZoxlKK_cy$0DT#QJ;=^hK&kPKRcmjc9gaQ=()~Fn^vnj`YAD-kj0m}l2CWobn#}2YVEv#mi
z1kXZZcs5ij3Jxv-4kGVZN_Q5~9}~tS^jTpNeg5bpoJ>
z2*d9=4(|s$A(btowo+CM4~{}?hj=uVXaoY#iZ;t=I$7956tZc?vnXQDxfO2%_%)Ic
zG*j04dMsUcjXnDo+(4<*f#jhjV&3i0Xj+M1)1bTnoK7d)KfMf6W020by^tOq{wfozGc&mo7UgFIY%{7ID~i0z^}clowxA%@aD}Q+++m$bse`R
z0GYII4saRBbAjEB<7XgszXRc~T-yQuDrbf|#Pnr{21^Y_X(b|!Fk?HnM!fUUp|b&f
z0`$l_h1KYQ1GYRw6rOemm}V7qP%_CfpbbQ`jd!%QjpP1icuAJ~8=I9QRqX#(Uldz+
zENMt-3tMm|h;*Bn?rLH}<+h3ercj_PZEfQDXxUCSe;YMKmh*Nfs_c@{tx~;)w~C4p
zbqq0RCakgb4!nc3L8Xzqa7uxBotT&qeaZbYhy9HlHPW}gSj={3>mkR_ChS}hI=@a
zn+@qC8OUM`I2|Brnk0;w>}X`BZSgK%o=rps4&R;|=@UOuJk!`F`X`xi0yA(3#EYg?
zvk8ODWD*>=VQr-)ifCfSMN)}!M(jq`##K)uf^tDrfn~ab&GBRokj@fI0k$oAJP?))
zpoe&jceFEzqIoC$1{_g^Jfn_AS>0uI)X{4-LL1vkmbXB1Qtco->-FM62~ywc+hgr7
z&sK?$vJ`7clC&4pZS;25oW=dy8iV^coW;0f$u=u)xo7LcH*etBAB#;(!Iq`7r-wZr
zr1E0}DG04K=A!W3*fX2SEMz!5DsV54!XijmZWc-yCW@ZX5DxFDF>nH&3Pwv?+@Hlz
zDSQc?Ym5n~Ny0OnK!BVP<$Mmf54~jh+%CLHCpq1gROboN2+b(w6ILZpD8wx+pr&m+
zubp5kZKh3Jjbw0x12I?3^Q};M=`d9=_#n)_
z6k_Ks?Kw-I*%ppN2O?@AE=;>wVj-#}w(&e`Itcsy6n`Uv*9EEQ1z=lg{@Sy=;O-7|
zBAU%RiPNN6zNKUB>MUX}FEy!ikcy>ACnsi^gxpIe8R2K+3+W8Qh;NNY1Un#X8j#(z
zY_xbYXC3I}_f?mXf#Uz})
zhN}Ea^sv2&%&ZnDByEYUDs9O|$Pbg2Ad&%O7
z>N1auK!A#hWt;vMCe>?_gxW(c07L
zanvw=k+a7|K}>d}wl>=cO$Ml40np^)t2f*CqDf#pD;Un%fzDf{iGwBZ;5D_9OvWs(
z57%%0AUmFjGmu6kIAMM@Ev((gsb+;FWq6W_(ZTc3q>c;phIvqy3Jr$TWHEpqV~9c0
zaIV>u2W8Gl>kNSBPZiqrk)5!CG0Bc&OjTG(v_m*f0xHl_Z1h#3C&V9ItIdWTA--V|
zaXWxbF^n~y&v2ybzV!C|@_c#W1g^8|Ru5Ty{ZZFfbBX2z(x%B~B?Dc$rg}R6jsXe`wjS0mUy5K@J`YV{EMG|l}jhm5|V;UgY
zNE~twEE#A#z~1f9)MOKd#qq^u%=0xAOfp2IpGOBCtO9?h$bwjrZKy}h37VJ
zQ`x`_-bB=#<`P2{b)1G8>IM_${K<%eHDP7ix;T(-my#SR;vY;fIyZe>SP-M
z2nP{Cw!VZ6-bsIPt?FnaTh;BXjC(Vj~GIMV~e>D^=nW#mmMmMK^oMsu(ZHC8Wj78S8Tl1!uorPG;h&Msj`9A{#7Fs!>J
zD}#~q&IE}IPt|t$Xe0d-$|#~0(9FnymCWEA9K#0FnBKwLnT#l64yBdWW1bp
z*|TGg_YF5no3a@(V)j*xNz72bqevOi3znNqYL_^nS;1KmP<7CIE?E-pI
zh@qN*8tej_*b!#!mUyu(uE72bT44))SEiC~ZRc?PM+Nw45^3rvv+iUV{;gz0P!B}Rx*Dq+uF;r`^pcf09!N&CXz(-+Ux}quaoq}QCZ$yYBe9mz
z)Nt$1f>*S;iIj6>Bxced)v&X*AQ!$+O0
ze^D#7lLC(bHbOkt$=KGdyRv{+qGtfG0%{QLM}4zUM*-!I@-Bk=eVdEP)I1|`dy+!N
z2*q%MG@NF2JHlF4k>4gxG2(f&!IDVs;S4PSqo#KdBfL&hH@$vYvV_B29|nYxA=QEb
zUas2Xz_i149|&zk)MV3|nhnM#ohKAMXLTg*5Ua;D>Cn+6VN~)XX!w%#z`{DC(u+(0
zdVymFS+ZgrYg|1Q0%xFEiK8Ticre0%QA)sGZC9K62fQm>FU`&r@$)bm+2ZwpZ#&}F
zgV<(s(H!$3!r?S4U6mEF|Ea_4=JLF)1>u(U;kr$?+_;GggEXa(odSKIG)`m(rI8dG
zizhf+(gA%TO2DpK_8=l%MpOJ_SU0vSlbJ*dd-u1SSPKgpa0Kx$TPPC1SDZK%QKJ@;
z2z;H_AQjolf)t7^Df{V2OLJzIql7m(9<^NOyXe=7LQ;8RMEtRhA@Y`a6V}!02AXlk
za?df9Fs-8CA@`-x;!bJBVWiVe01ss2%z;HLcQ&*Wp2%p?tPFln(qdJTvGh@-Ev@pJ53IR)b8YD6>UC>2I`K-!
zgmChGn0t-U3oEWuCp^?{PJvRA%>}5j9mrfA8EmNSRCUYEH`djJt3vD6Rfei=vMvxU
zR>Ry>Sb+85IQ2<5F^&-w4iJ^0dYaE6GnXMvhBIqIS{Bl&*
ziCrot1fsbOGv4H&yBW)Poq`!rokilnLXzTJ5|u4tq1B4q;ha789noq51M9ldEpv&c
zIsEBCFrzoD=C`zJSVUXW0KC^L!I3=3l)@=49g-LJ(u@Uj9(qu`67P0vxV8F`j
zdm%??#Z5aYdUTfrV`znGFdmtoa4OYUxWE{CV_=jzkC8{TY0aihb+_D%C!$R5ToS}7
z4?wD<6mv;7apo`QlJm;4c8%$hO(n1j1mcR_-84Z_7}{;Q1{P(mTI0nOg$4QISWQ`hxxCsTPh?6_nk9&19Z
zzzMC8A>s-&jS)wja!i^yJw_!NALp8#H0g$R*+b14CZZR~6f*dVYu%(%);oz1R4n5O
zt#KsMvpeGnv8J~MniL|mGW!ths);Atd~XKzPyG`DUU)HX57np(HTwp*uF
zqMggvHA;+8;VhgCWOHpCS2;6$xaehrJ867P4E+zcB;u%9Bpho@wS{)%XuBpPt%Ns=
z#MawVOC=tmb>MPTqz%ZPqPx7vS731gH3y}8C7=ZW0r4A&I{{I~`a|2yG8CL}856cs
z3Xm8cie}Icq#d@q@rr0VCKU@Ig5YkFwj^R8+D5j5=Qd__Jh$wYY0tLwCP@f`-s32z
z9Au>7SqO_p@Y~xPMIHnDA~m^aMd57a#6?IQ1XYr;#B!GA#6vpa7_oV>oMJ^Xj2=VE
zEJQ{$W3yd1ZHC*vh9*D~js(TU?b-M-01yJyhXP~qE|P+{l~W5-;6;`uV>XGO+TqeI
zE+8V^N>=s`b&CLJgMej*=D^~FVT?LqZ-$TxyhM`L5Ncx_uA?X-{g9R(D-y}rx%HV>NF
zVJy}ZR)C%KmLp0clT1QHazs2)EX*`JCD~%+@MdHu1GIo)$npZWdJ>U1XM>oG>=@yO
zY^`ZQla{Q_z;%+qsg*m~6{p_vXgIMSHDR~0cghXnTGRYG(IcrF&8ZZ)JZI{-*|aSV
zuO&gzmXLI!SQPuqsVC)Pd9wUrv1F4MMT+(4utLN$1WAU@$y?r_X0j8V*I+v7^GWJ~
zB{d
z*YF4FRXZ4oBQOHuXHGzn0b{bmGHhK%Sc;&qM6SadK8$9|`&c||jX;U84pH=qRC`id
zq1|*|BdA3P(O4oUqGe|cjvtvVaQe39_;RLHOs|t$D2^Q<9B2{4EnFfD88I|siJFR*
z$Tv6dOq$F`nbW$tpXp|OS=gtZ?&hB4ivRMQ`c6NIr
z86g3#VjqYl=up|LOA;ES+KWsx+fA7^2T#H!d`S&v{?Ms-YVqPSILO)P5FKd_rdb2a
z)(Xlh-e~LPNI^DR%1=T03AfG|9zltyctTvX>%%v4iD#}H)7dO#xHM1N`hU#7;o~6Hcn@v<@dJqUG$i*rm80YM=SPKm17<8`AOx$Zl
zs>jhrFOgxXP#tVcPa$Z`eG9gZ!(d<#@G9j5n^4!OjoV$nAI8Kvk4S%GvazeN<
z_NQc52U*Uz%ve-H=PqX0i;Z)_sbUw20n*eS^}xP4%{J-DmSxqJIVx}9EU-1K7OhRh
zE=A21)7L}LDQ?f3u7)9D`Kk3dTtQOW!Y#zgc~daRnXJ9tAJ5p1Sw9jxfi~8CV9iFP
zQm?6Yf_#z+PAdwg!k$R}=H#St-5aM-4X7ilKto!H*o$ZYHMzUo)+hIvK>2ZQnOws)66N_D@thE2zE${2NHkE
z3QMtXj75+diXd?-ylIEH00D`R2)9Ct4NU+_*FxLm0+?E?DwE>a4adh2>}F_6oB=-A
zf~G~PLTNxN(e64x4L}A+5szMHl8zbc!~h+vR(J=iG7^JxyDoq`ug(T)km_O(PKt4|
z!cW*U+=16s==szP9IE&pu^=}L){h&rM21r~I3J#DY9@0)T9x~ero`Yztv?)(a`|5N
zA0nLqP^K)$-E}L*CPO$GpyF7_1`N7B!zdY9o>FGE7OV%22D>ZOoNU`A^DA>ZLG3)P
z5V^kk+Ioaw5>6TruofECcj^~ID!8;Z?VqsyCz2
zIcXzwW3>d|xpUc>o}wW_NpWJHh()$&Y>ky&8(kHl(BZ1`GPz0DX<;j1vqF+dwcDth
zAZh8j7VE0=bW}K^Tk=EE({$gawnV0i3p@$B)mbnFi=fz-2M`Y)LgbPG{GgmY?{
zH!>Z1C96|sME53$)r4I(?66>o9~%qx@f?ieVvQNqyxqDQiG#JY@EEv`0044{4yiC0
zXERKX13_$%^L&6`6=zS2bdSAij^*P_mMZz@IAFjWqq7uAZ
zpb?E0ZPH0f-L59&L93E224kzDs%XpR=++LW+adz#v&mJp+Z
zCE)L9?#M>A+gnUc(p=daL>r79HBqgei-Rt>BzcoP5hQGdk<^(%Bu}ehsjml1<1KV5
zzDObr=q0u`F)5*1WJJq+ijCG}&v1dLVY-pXHJrt+E!NTzN2be;I2pL6#g-1Vh3r_D
zcMUxfXxIw0t?+9y-R?S8oMaQR{H2~1cM|1pbp7YRnqk0ac$qL18=OSEgEUAgDqNGg-
zpqXsOD(G=#IRy#0KTfpXY6#ofqC^;OsaEz>L(#5Tv)M&WU{{ccdEd3jbI2qZV}sOB
z_Bs>q^c1Iu7u)qxizVsx$kPUlr4pn~#j_*QHWCgTSuXO5;qtIv#Hrkv+Lo1w;W;7%
zuFP}>t_uzlq%zynq*$yAeQ<)*DjVPw52cvqSqg>2$=c%rD%69`*g3)BMSDJ(MYcKq
zIg>_(4LV)1k?;v>~;@w5o8&}NFa
zH!6=zTTM{Yrv$+SbQt$rs$6UBL@w0T>;dXO0-x%ofr4yEgEkWE8YTEjofJ*%IIShS_xLrNVj&bciN4Aycljl>t_ASG}89C4vK
zk^?wgkt$-+a=|9==}cC|u^AgVCwP!1ZwuNB29CYHsQ9fV-kiGYsPl`{CqyX1z-E=k
z7RdMdh#m704p)nI;Xtq3!_6p&DurrvAqXq?Yq5$HuM2}#xN&?kx^v%}Wr#CF83MB~u0b*_ufU=vzU
z1!aAh*b;LJRKpY>ZF?4~mP2u|v?Cc(d?*OVY1^G3-bcj+#V869b_&ov$ibt2eK6wutN;J(r$5@
zIe89%88N;H*j}e>xdZnQi=mZS68NCCj^<>
zs9g_U1MVu^?vyU#VK%yc;^weKl_h77IS**iz=Y7_xJH7AI`CWGL~
z;GZ4i#%K6|lkqDu&(Y&^&$z=XE15Tix5by2NA#>d>(aIcm>{~ETt}(v819I(YuFwn
z(;;ODqql>ZWyu5iktSYbz67Z*6D{=H|
zmV^?t9v}N@izy~FS6s^?#FCyjGPp>9+Db5qpVxdm`-T&aGWT6LA+3G79kDwLRM
z_05kYcxi5`PSmw)Bf<3dYVvMho^!g33PoPj-)~SDIyz&dDHFQ?_?xHQjHu*;y{UMU>
zlw{p&RbaNA<<9KG@Q-|qpl_Neh2RMPcbx?8JNhKAyfKY}S#-CakUxVhoWW*E%J_(4
z(&UeGL*tin`V-OK-3D*{9x%)<_y19F|uFj_e9~c(&fjc&5PvRE<
zGZss!C&~9c>AyNZQg?ktK(O>TOWUQX3Vbs>=b2@r%Rl*Ek3#3(H(kbf`)-HM!spU{
zcjB;Is@fs3?ta7H3cfzzNnt!HZjlx4SN%f9MLig&XI}AVf1mv%J-~|QOD}_yvqn@|
zsUgd3(L?V+*~d|4>yswz1WB59FG~3ujNZx(T6HL`GX9OqE3}%HYVK^LJBX~8s6{=a
zX;_hd$+^UT(`mg%YxHvK?AoUs^EvE_lTJ0e#oqH8yKS;P@q8`9ALPuFw&Tm8G$cBu
z5J6HOt-R(5eJ)yXz1bZtX$LlKdbnVu@<2~kL9KtFcwoqETvTzppK~wMch>&k`;AovEHXx`%3v`^PK~0|<59{^j^lGGJ$i7O0oYt0P6!Ps+kRbPxlp9{=+*{h{*DQc%UQLSVjcETYt)y|>lnV7;u4!AmP^-33+fy7is%mu
zBfC<&Xj>aEQ6j=Yfh>uXN_OdkOIMq&vG2MWc6{(2rsl7@R0{l$gtuoO6T~X&4ZLZ-
z0CCh(J=)Z#jW3ANO?lbbj+Y50}|)2l}c=
zbu*%#G`qbkb~@UkKY3wk5>HYjE5|>n{cIHaOfmK6>+obT>rIir_;-im~
zT-#Br$)N-?V5LSJ5d1suzZtb!eq$r!W|im7uL&fIQVZ3%xHQPF|6Nb=#C89PoPm`&
ztingX4p54xc2*WE44+lr6=pIeJiLE4F-xVno`V`*thAPw{3kNwq<2&0>?JTx++o4|*FdL3^cjxWJs%Yss
WlSOk&s%aEnV
zA*AH_W}18ZrPL=^lee@fdZ
zndhz@duy60V_Z`V*&gI(>NrFb21N1~yZ#K(ORGq`XH5UQh{~rSp0`;psQi@VkXfxu
zHPDrt+(gKvotwY(?{Bk>DpL{|^+-cR`J2x8Q0RDqD1A%(>~T#MD^X`(reA%h1)p9M
z|7kVk@kg!iKCz)hYD@K#z7y_0i~8L^@9_7ksJPjXwvG+Gj_Md`eIkA;U76-HAQomA>o?-}>`n`WUR)z#n$Db;6EyEE-
zOJzNp0TCZ+7cG|dR#~4cPbJP9M`~tk=?m3`-E*_fV<03Rrqm8F1bhqe>0eRRuVbUt
z_%FqTS!YhCcIpGIeQ~8iGF7L2u}TWl(uvtCa$-ylTV8a?t=@ap|E#%t-aau2w|bf)
z9Gj89wAVe|Kkz>1&66Ots_q`p&pHOq$${t3+dh(Nrn@eGX8mVduAk*|_&o4I*!vgt
znmuWgZFGO*B3Z{w=)2e4|2z$2#wKr>yOsTroDPHFSxjrSDe~vO-xTm$ktF)_{_ZB4
z=PMQ9VU-nTDgRIAD}`o@SK64qj;-FdQ)17K@wd#mw}MVy=XUz@#Rg)bugv{Mh-Cs`
z8DBc(SjYLMj^xrcBJBJj6T(*)jkZbrwu8b+(i@t2_F5|!r{a<&Q|jh&Tani#F8@?0
zseiNTg(-)G%CZswHBkv6-^=|lXUUTZ(IT)96I|CuZ)i_!)Qet3{mQsg>ZpWu-yW#kfO
z8G7@8Pie;G#VXh{K*9HU$il+v4<+>OSM_u5s*zH%|9oW)?hlYY9{P}C3EgVs3~5Q2
z7_xgU#WCk4ZjtPg60qoQ_zO^@BJ;NY0jKq8jYMM2s1t*e4qu3vRn;i--Uq-%u$D?x
z&vA$_)2DajYQhPBSU5ir^k|+;5v5bI>
zwr=uZJVWKBdvseUjc)4^A5)zmxnZWHnaD2tbB|#um&_Kj4liYin&W~Wf^Jl@Z-vu+
z)+f@gy@(XuH(AY2!E;4J5@mURlm7z#3(I<|w#3!i(hA0|fX}z#PE6I+#n&r5b`bWO
ztUVpdkxHYX4+$^nL7VlyU02WU|Gh_f<~aW@$<*Aa{IjD~!Kze3rO8ZeVkEz#pg4Gy
zo{P%JP0e!9q<6~4#jHV1;-{G%D?ix!rO;l1Ftv3|my&hri`tnt-*it`!`Tzu6B^lL
znH^Wl7RhAHHwVUIq`id=Wj1`{WQplW#m(HGht!GhXY$2dL1JDkZ2tsm6ZyY*Lb>HO
zDx{?S=({ojT>Cl7X{^T)iH>uHtJBe(Gj+s+@h+I(p*myerM|$bD&W?L?if@)e^q!<6
z&Amr^u7v!*#v7lL@qeS_Ug9gQZM-e4Gi;t*&syerYp1ir{E&I+Q&b}7{f^byR{o#8
zdgIh8MwEK&vCA)lIz$|L)#rl4zxXG=ji#J-6pkdzf|vNL+PXw9i2qB0Ai0Ku_-IA9Kg*DW
z=NCe1c@EDJde44P^?&@gGn>DAT-ieWbh}`$hf%GMpTxdSOFUic6U}e++amM$*)&Q=
z<2+*~foVpU6=f36kAh@0xtJgsr*hX?ls3Jlx^YcvI_JEzr}${9HdjiL@;B;7r>&2&
ztUa`6IqwoG$%FEt-85Z=#7c=BHYe@h))KTA7UH(6GkG$#(>vPKDU*Bww$$s|CXnqd*RipvKTG(C5^&V1rL~m2f8}}U
zYFzxRP+6}?47W2H<~^Jz)?ixr=4~7r9F0Cp@hSfZct25D-#K5?7OdrC7OBJIpu_=q
z=4F(nyDbm@EGkJiE&E1lt=pF?n^B!!>4ggCjfzYgc)0nO3rX>igtJT@p`NpowQBC?
zKMO8;#${iZw=;SP8WLVW-j)$=zJO%eBwR<@S3bA?%__#v2cDFS7G!5sZ=jh?+!cNh
zNjWI_?YT%HU1kOm9{!PJYfO5dJI`o*inHH-3qsEs-6_|%X7sxt%}(l4f-gvdcP&*}
zxiN|4^n-s^E=IIg7y@o^Iygp{TFk}_dKGrYkOOs_+d$U
zD$CUNUkM3KCv2!^AA$P)`WIT@CSbSh_oAfc*L)urZaACGrv7zm%V#)x*gEBtSmzHm
z9tv@mGOMTE&(qVM-Ry3RIcQ*1)05u%$ZN$`GrIF<%&iRW{20jj%$eJ~z<~Jhs9CwX
zef>YVn9TG@u*a?80i)6fpDH7*8o_J?{{BsVN}I2e
zuf9w`>ysQcawNlul08&C!}Z-Kf3!xiNElzwCcx5TUTWRdp_|_ioT18(B~Px6yVE2U
zi2F4QUiUM3gmT#oY#Q^g6R^EdeJv6&cK+4n{Pk{zCfl-%ifO=aysAm2%3F0Urz`$H
z)3M{}6q0%mDkQ=tx`~A4Sm?>JTGJ`*(=r%LR-(jIn!LEE7aW^rh-I^)ABjmAz?#2~
z(Z&*!(s^ns8`?axjqeAN0;e;$(JoYWY59{SGsEk(6W#9Di
z`jE$tQnT;`F>cL*U;B*Y>`c4y3Z_EFmUF+*s#dH=--^GgCBTl3KFOB8U-LLNZ!X;P
zFQlLLeiQ0$#<1jWnvgPL$!p2#R$ms!f9O=sAE+)Xsls&{V6a8y(@8f|Wai*(qHWlh
zLTDc+zpxWZt`a=MBD<2|=cNA5G$nWGJ!fracyB-xC2?aF^HA4c2SZ^;Ya2n5s6|x
z=xL&dOYL|5DkILm{76AhE%GD6uTNNb%^O?!DW9C%S|{#DDt$IFX7iWdZ=o*$CJqS&m)pg%B(9FBq1wjKWvgczr|5}{?zxO;MpP_XS!tJ
zk|ba5^Nd({#i-1f&LErAb-{}U-j=;@ry--WCeAYhy?WdP`q+uV`p|>EIa?Wm;qU|5
zJLHPsceJXq@u!H-0?FMWrX^HA^R~{vggh&e{T8)l-`uaEf5-;pEo|=SAq4HJwgw&om&_7*2
z{u{--hKYg}}%UUMn)SXRvJI(UUXU@fa-PCW3*iDE}qT={_m$>`F>2EHtc3bT=
zb^yJ!B9fJV>>^YdEIO4EBN?7lKE!i-)6r?2O6&V
z!^JAn5%#%wi|LabubN|JtpwIeR{<%l4;tk>%AexsrJ`zu&|F3X(;P;R-NV_$tJWus
zfAq4>A5b{Wz9lryI^@q2>|*Z{HA|6IVku?UCE+Qf&L%Nb%^U
zw2R4kMe7KsaIWNT%s$v6aOW=H5H~)a2Un%3ib{cP=V+Yjn0p7h*BI9a28JWq&NtyE
z1>+*eG^Kh;`B{N)f<1pQaWh^}z}BaS)8D(TEN?yjY^oYCZcmZT?F406YIg~X9VCOE
z{nUDUmF8II|M;(m;}DB+;*Xy0vvC*IWXBU#@tk|bQl9k>6dW(D)elr9zkKS}k5P{E
zZ9O$H06dHP10Lh{QCR&vkk(TqzSdeAJT^A>noHmFC1($j&3&WkI-}<2UB3+5*~!c|
zJ5$(78OmNwq4mep#vTURGRWDUrOndN+UF4wHTQaLr3~4r5bn#;wU;{FSgKlz8U{Bn
z=P{@yz6)CYyvSPj;xR3HzEr1wx$@RIpY(p8u>k6KKDkvVJ;aX6IV54
z$bJ|>Pw(qc;1w79u`(6z{rckQHs|Ra3wz;}Ed05Eai(~9q|diMB6mLuC~;<)^7HU3
z_J1Y#%(kQSK_M=FSdGx5gFp5lWiRy$;|RG)X>1_Zw~w6VR+4}7;c%BSNv)nxJ#^N}
z*!ZJouO^-<4z@H4la3*(OTDIgGME~@@P!gx=yRSp_6WT&F>-w==RWxyyl~IAL<-WCv4ymJk
z)3`$>@y%~{Td!yc)JW{}(JR_<%*;!piJWwwzukQFmnCn;7}SdC>$#CmzNLjCY+|2X
z{q==4iktsauxB{h=)Hc|F4*^H+A8Usw$PZiCZHg&HG(IPL2~eK-?@kYCIz@3PT2BU
zU}4tD)X%y(sxmM=K*tj`|6lC;x6Ga=RSKR-vE~B1{N9_ko>Bv818X@usAFpPjc=@M
z$Omg`hRLzX(FPL&#JpJw1e{lprUP1koh!wabsOA{8S7b(9VZn3E4Z$$1n-Oi
zB3LCZQueMf6EH8>Hz5N#W9=uw^F#w+Rva$RoO6=$!m>3}P06R&ic-f$q+33LNJ
z5=z_sI-J@iEaid`EOq#GPh>BIcWmN>G^72-S?d6JS#;jPUv$>-5P5cEJcheT+>N^N
z&B$JBTG?KME+nr*CqA!(;+)!{D?zt7;=2LFW0YtnVfi+EzXSLSgZf`az+KOsPjLqjj6wa6p^|+%0ku5B$Aan~
zLiuxajDMrIgK>D=ua>t{zRj8o$c#80B6|VHtAU1Hnklu
z1mBJ|S=^kd^~;B$n*5hNu(O#S&`aH<79<|kbVgU7EJvy-AH+R?Bx*NCO2-;7$n_aF7hY|j6S*K@$
zPvdg%8@3lr>D^bXjM!}r(2wBrLbZOTbW{1XqM+UmkCUGYJLf+w?Ghg2rqh1f#by3n
z1_zLYLg~z8H}e5!Cd}Afq(=!~i}*89j`|}t$};SEyW{C&%&NTL%Tct1el`On>BNFz
zpSzu-d2e_lRwA?WG-9lYpnQz*z6anMCnDDPC$WVjRJK}>R6yc;0{DiOhh~a%NqdAx
z3+UD>VF*X2>eJ~4194AuowApZ`3i34Q_`hOb|deLDjKH@^fLFzr+|73dmg?BBo(AQ
zP-l+~Z7+icKmM%a4_hlb7oNDC5j(V?xLsAaGTp6zYy
zE>r79ViqiRNgKPOjaXN)ff=-cjJe(>?Z;$G-v}g1e77?uN$!lW=fc`qnkb#=&{T8RK)t-x@#tYdd1_9}!oBYlS
zDTSb;&LFRW@84SRoh-;|;@xMYV;A_=qWE3wMtqZ4-7Tw_GRG_viKuu%-*zD>J-#zcYJ!SgIJvoEWHZ)adn7vo5oGWZJ!L)1h!z?7ZFGJ(|U`~
z?aj599aY~4JZ7=@1nyJ$31k}Vea47Q_A%`v_awj3V%Q$o=)`I{Bo*mu@Rpqxzl-c^rG?Ho#q-hA2=Y`jZS?3^I_wq4m#Tk@Dv=hyeQ)$1I5H)Z
zS%Z)7k|sb$KB6UcUF6UDR#lJTbpx`85gUsErlZ>a^-LoU*2Q^O#fx<_8LGSu
zR8g&5JB}$21xrhli_#~n5TzkAq=h7dmE|ou%$8*?m=7GjKW=|9iwj!*g;$);#&0EE
z5Am8a><8!BGW!E3>OVy8da=pxEmL|Q*9GD=@ueAobW4(&1va#5Tw~Bv{#GS+*rJ1P!y+2BYj(LQ;EM*q^$uc)Tm9~*&POR#yR6_KnU7L
zZj)y-kYU#F>Nol9h+!vaWPej1--*PF!9*JVI!+z
zOS)oVMUHE0MWdBTUIPm#)xHExi1^A_OrKTcz)pk=&ip&du#YAiBs_Q9V&{D(@(UZ-
z@+Vw{n$T7n{Hda#^7w_xXRyu5wdgOySv;c_e|FHG|t@~cwhc#1TZA$i4?UKk9?aTy%`Icb~%{l
zt9!kuU~`!{064kEkpcq(K~`TMPa!tV2kQy8;KkyY37KWF(+Q@TOMG3A-QIsRF&p6P
z#qy$meJqK}VVIz610}yuS2ML%ggAo(BHJn}U(9hu2h(X^XZt2wjwxT~Vhs(So4b&F
z>u4Up7Kg!0VC3p`ZPhUuS{r?@j{!$r(_XSZixJVKSifvQ`?xf8gvU3cO0;c4dnR~n
zI32%=({sY#f^k~n4rv~z=JIFe|A^xvI)qv?u6i~*-~$I+aR*KCeJStPNl@pKtUWg!
z7`-$6U0nr2_9C+h6zxb}6?F0tj3kF=H3e^cF?x*nGnT8|OZNojP3nE%aVLXSFRALa
zpnwPuPAWz|!J>pRChoieksVCJ7QjcxG|$|K9m#0-jax=N5G)wRIRx?mzz_7;@f$S0
z_F*iI?U3AA%f-Jm1Nwp=XZ;yA&bVC(R3oMnFfe*!c9{ZfViYhbSO}WO`|)mvRxs?g
z@3X-DOwoYL$`i~E05xJV)qyuiI*XIYG3_MzYy0$}r^_`m(nlAq(2T%lUw8UMQn9IiD*vb7!
zy$`WNV=M;L6cDQK!K&jXjQH1QgH}5(4VhiU_{t{>Dk?pNsY#jwMWBr?iw@-zBUSW;
zsY^(FH8ML?+pqQ^61OA$8+U-tbXp%~kRJ&PRle|$!%A;X-Je?M^g>_eSEFyUtG+i$
zj39N~q)hdzZc+Ah_&k@C>~YTP7jJzD$8JKVmE&NO2$6r&K+ufX>EmOVS>_vwFhvoC
zJ#|W^nU02O4}I-T25$?H!u44N`2l7GiH%Uzf02Hki%~QqpMFPKAkZMg+Wyy+P8N;Ym+$4YyQ?i#qq4W#!|PiZhQi
z|JyJb-_vGQ3!=01^gf2%r~ycFKM+uo_r9ND@@sa9ys5Zj%3)gSbXw{KO4DQ%#peG8
z$dqwBSls|I51zH;aSB$y#!0A(Zy+8nGhIlE{=UW}jxX$D)OKC6TF#gKkOxLy?{2-2
zPQj7BQ35BgA-Ldac$nO7yt{=qW>U$Ek_}t=Z9XvJ@uh$$6AU_d1heRcX|#69@6N#D
znP=m2k@Eg3c$T^X=%A=DKYoW{81In_%z^#`UL9*=`4ypK5_Op9pD^Qq2@4<6&jrc2
zgFrY%dXl6lCvvQDy%=aW0!HZ(F-jCR{Jn3EYDcD3N3Fyh0IJ*j4r8k4zY)J92I9xg
zGjn0P6xnMI`ZcR`MLOkP^9SwnAmqQ=wz0AkunS=q>+HN5X2pQ1M(Vv`Cn!0~@PipX7PP->YK1?wK{5X)ac6JqFSt^#N|u7sQ11Pc;K!j@uEx
zPTmKSqpd7*XhlDH3VZ_eug;qZ=O=r2&2@dkFlLy)iW%i14KGT4@K1;2`e4Rl7^G74
zd(z`v_C018%*0;-$pUBE(3&r6qTNt1vmt!dqFKPSNHuRz`s>|G&p!*r^GpJ5Kl{T`
z5+9`xUL_1`&CFcH$zd-J;!a@)P6xvmPp`pX>eAa4Cgp`;1P1XleAuO^FtlYs+kd%Z
zb=4@UQKj`W?&FFt!+I6`R399j*h)H^dMu*OBcWNH1G+dU)&V`nLx9H0JE&LZz?=HS
zVZmF+f6K8KH~-=PyY^H5d;YRPdZD7q^u&Zw%I(CG7MsuraAjDA#O}%&V#%BlPaC39
zz{{?~_s7ITEC2H4pD_l1&TeyH@TSiVWyP#)VO9qACEAO>ZJYGPBsN6U16RFN5lgjX
z=bGTAEpYB}m!NnF;d1hap2p>OkdFMq@Hl4wa6WtL8ny?dTI@Z!{7~j2N??%{x#@43-tEU8Fbd~INy&d?Suv$u#n;}dvY)hSauKLqwaXr
zk~TsvQEE|w;Yej-5l{$?OIZ{yuZ^&aS1Z78V(B@`iMr}h#Tiwlu@}E=C|u)U*_-mM
zlcwy=8sQ=Io4hyk!DjP-!RKyxU8K+b7LSC>i5Z|r9r~E$Et(1rB#}i^E!{XClU#P>
zwP~?0QS~Bw3cpwTk{&G=;^L%EMMbP{NMKxNM+rtdq`Ba3)TD%pf%KLG)buNR9PAms
zEsbnr5Z@~Aj+ImO%F=0Moj)d&g84$`W9!UMDKAawo{kp;higtApm`=*u}mUnRVsxCY?
zss+WE_xMUa`ltNM41k{+yX~i_mOAf|HS{GksK8|-C9VvgAHML_KhH3D))
zjK%_HbeLJtveU4Z1D_PB?pn(BI>2bP;9gCKIh0V^?BhiFN)YmNqqSCm$sLM1?OijB%TfiXXFxJWp_+BJ
zhRm!4gY+!@&qfxmJV@;I?*P|{)G0(X02s_PHEW#c#JqRIQcFjjK77LKRmET6g1j`Q
zuwXSeIr8$ayf$9wj%TKd2dGq)Xq1XN}8t~5r`g!3V=14@8?DXxG
zyE6mck4qIU5`y#VSr66e6bWwkC_;9y$2;8KK|V#%H%{^$4?qqbD8-I
zF~9SW0YQ7HYpLh)-bhr6cA7VuW#%p+ogoQgy>&-6uZ16uw5+-88%tISnyoB+Acf+E
zyh!8RsF4s)2Un4-8nYgoObPpr#-z3HjXYV6PZ}y;t?Cms?JP8&8wytJqtiPjV~~ur
zd&~@5N~oK0^)q=hKAf<|jv@2$2&KI&Jh!eHQeH}~VJA-&<}d%J*rhf*SgI>Hu)$vP
zxLCtq9?Rw;?-Ou>&yf_~!Ft<`2Or|T9YS+^>_oifiJY<(J18Je1JG1el#r)Our7Ec
zBk@Gq;(b%zV#I(qel4Q`FSnKi!5`kS0^}%vjvDr3O*OEiNQ3a8Q<98q*&nd8wMI(I
zwc5{U)5t1V@6F%NrHI@Q{AZO*=MYd8NU@~E-@wuRt5e~b+S9zcPgskt9=nN~6kkR1
zx(VuQbN@j&Z0MNj=uPV$g;D6IdD6cg2HXtbH$sULqy;p$VwXP5VZSb`~2ti$9ljy$eJIF?}~wJ5)enzohbmX%C5;aCT10EKY%NJ^@>Q6U`!PKEdO3h_sIubawHxrhARfvr(E%#jjhDQ9
zH0B{Og&)dSUzqeeqL14_2+OC&{zF6uK*4NM%ve+*Fvp@TlYBEJiom&MsK?r_hqkal-)?t*E1MM$`|xbZtTIU@k#$(mbzpcm+Yetczm|H
zj8{f~?Gvvvr4DxD@yr$Sm%BcT78>3l{(slz684}q?HiYU0ggv=6(r-MPUKLD=^HwS&qQ=iI38^7
z-4=%ihk)G~fc+uB6HzWk(neBzCAT!-5@jGtQ9bDAPlS>l(q3M;0!BGl2>PHd<@Zhf
zpdLpZ)WP5}s9%T2Cf4nkZYv4fqKn>S1!JA6v0F?n@)OlrksW;w--I+pcC&hkfTG&S
zL>KuK^v-4-qp8!GQRj!)KESQLcUMc)uC3{fUkL7cu@OUhdDgT#z;fszcS#9sPsY6c
zh<}1hz46flPl_Lq}eEIlH
z$0#W7E_0K?X3BBkUf-TA#EfM5TiBoBU0_F;ln?kIZ0aO^<1Y~qpc)JN1O2^VKVqPG
zo`jW+tWJvIWg=y2LVmEVIuLy0B!PG8dvTtv9|M%%e8*;>GWj2GLrunVr=cedgm|$I
z^=e1M4m+UV*Fhr>5YXT!h-^dvG;W<7_MOHCh|7pN%aXylnBuh)T22Rpyyo)n*ByR5
zUFY9`^yz%Y&V;>zQ*8A)AkJjS*9r$KXz39Q=)Lxyf1rz?4f3Un)aup&WJm4EbIP}r
zqIzsP8i44Z+192?oj*{5!m&3lW1J|M2&;el->Z_|wS7N2KaO@>pX^Zx4u);vK$Is2GPrs&x@I#%VG&ezXfXRCMi9SmzXA
zKtw9g!Aa=2VgJF_8Qh%pA51dTIVD4{c*on>-&D>*w=nt1YNcqnV#kt=zgYa
zUBFJlne}LD;<#b8;V8K7cNgN`)^(uWscfe|nDikuF%Hr7`c_(&p=$#uhv{G)MD5TZ
zLwjVK9)^+}EE8TY-4^UAyt%Rn@J4i5{*@DaBh!i0x89~ew3hhD?^M?A(VEuOMnNDG^_S5yLR>N>fzlZ>k
zBl*^lW^vbT+KWtZfW$+c&71FZq4K#CzCfK^IXpx5DhUviE}>3{f0zBSbL$`+X79D_$79?bPIdEc2aiZGJa}xOEHN~jK;Wf|Fe?hV*zP<~?$rrl8!*-)g2R>j
zu77()-(3NOb36U<0IyA
z{1rCPPl{g4aXfYG;ssr=Ih}{NDO-{h6iQtn3#RprIpMfwy;Z?S)
z@u)R3LV1YV3G~MKl&$MpE8Oq8W|Jh(pbZ&%7Nj?zo73?$uaM%<1Pz97OgzbYRbAcI
zP>rk(XQ-7rMPHDO_JMiToz>*u4k3nB_^DB4)xPCt?Z?=(dvum{j
zZU?98(ZUTkQxlHd1?<18^L=#eb8z#mEyK0yPFDFO1^1}&oB@1&|Dm`0+0FY?G4NH;
zLT9#9R(oK2%wsfD;a+wL`RsZoCm_FuWl&NIy<1rbJ4DHwGu=^XPlal8i;}eGk4-)W
zzKSL77@-Bi20ziJ5=R7Rfc@lE0yz&s6lf@4Io=$!?42Q>p3m6$6(MZ5_O}o{%{g_n
z;f@K4mlL_T_QBjf1rn^ZPV*H&4AwNncPBq)Ot6YVPo+s~V$J5G{V$jy)vFa&*|zrw
zlxU`ojy?#xVJ%@!5QPBJsx~9v!~?6{8D(-
zK*u8Z?E54it#lBfh$KQGh%t26nNuzz=xz3<CYls
zWGk$U_vO~}GQxi1t>4XV9JX75e<9Eov$JdsK5hSloC%p{_kPjT$Ql>Zlrs55j5fMk
z`fWG_*on#rPaH8)XdNHj6m_bE0Q)z|nS0j~pYb0NNO>DEd_7Mi`xUm%(7THRIr&81WQJ~UYe(V2mo_SvTn?Im{z
zSVpHJ$Wp*7x+^YQW!Jfu%r_J8Kvt0xYfY*fI$nZz=EdlTA<$Q5vaUgX4^N-|6}npa
z1>3G93+iSn6;G`q+kS_6euW4G4DieOG`3R5$4>L?6Go2ik2mjRq8L9)=3zCpDhI`e#2kl#rwqB|;i?
zw_dgY6h9|zmJU+JasI3W%al>gg2Ckk%d5a>=mvZH)>5w+EoR(O-VHDb(My<*Vxp~9
zccybS`nL(!XEWE#+0TpUZ`pC;G1XiQ%hoAVFW*CYIzG*l?z~N$9!YdZdX)v@i=xGBa3~^Q-OvozNeTs%naq!tH|GJJ(qu>6F+D?2Ua7{1F2)mSC%R&22!-4UZ{W}B
zxx)sCM`vTQoOw)eaCyKZ9jqD(2k7pacm$0Y&371o&k;0J$Cz|B?!NiBcS~EY#}iVK
zg4!A~Z+!^6qMnZ1od#pKk2bzW6aOh(h?CPq#a7J;A1i-a<(kjT&HQ&x*DUkrnq!aj+_O3oaA7YzUT#8lXT<7`a^&bk|ZajiNLwt8W
zEOZvvACJwVMmoBgPtdyxVnDKUe-u&K-trlj`-n8y6eI}qYm&)c@e8*27O$g%+74o`idj+^s9|KEvZS{e1knDAz(!I805^E)sLHEYi
z9qxt(CSEGp(L=mJ3E7XJzbyD_f!1v5#k17bEzr!_#B}rutW)(^1RmJQ`y|qUPdN4h
zTz#oklu1DMm(DZJpA|^9UI?1m+n{Gy7`Y}#J*YwBxE6mntz3H*!!u#4qjj%ycxA#>jDRrV(Vg
zV)36_0BlI=lQ!tdJ{V@fC?l7IQ4DHa@!K_{w6N03zasiv8;Kn}*E+jN*>^DvVyj=)Yyon1Rb^JxT6TO4U^JTT$
zbH$%aFU{{=iy3=ezPxTl{d;IegDH^hu#NXpo~;^R*aOhKmXCDHm#a81aT*INP8PN&
za%oFNYF3eriBWYa+5*h0ugd3%IzLWAyfo6Q`B;n$bTIn&hddXzyrMM}do9qZ&QH0T
zz;s7vPQw6!M)PtX$bVJmyGcam$sIQs-qF4@wTPg`E*iZ}
z!r@Yd-xEu7$R3{=*f+Yk{&ZZ74rYQ&(lH7Ugvae>$~krLJ`|d;m@?eIG-wfOjJjJul7QA%T)e(J!#FG6V5H}W2cyw7Iemp`wRM$0m;m(
z-R?pKR331G0RukwiyRkA@3<`3G{PcIHwL2QlfB4%8TPp3D_Y>3)%Dji)$=dX(|Y88
znIB-}Jog+L1N_iI84+vs&??Iei_P3?b|s`nc2(N1sldx%7zUpeq{ZIMyh{^~vJbfZ-!B@%-IM_~iu&Y|P
zC-B%B^9ffo^2wtp0tH=j2k%>awJG_AoO*3z7tHwOd}&oEma7QAZ?YzYH6sJb
zA}eM~G
z?nD=_9&t;eUEGC4n|bUCEPokx4aQl=p2+~o^m+eG?OBGSM)~G7Qfd$jC-P@_0pt}(
z{#6JbO-a)|uty2nyyn1uVH`u-)^Gm7%N#fDPr8E;bGXKF^e{^-+=)Bxs2RF1);GqM45`-c)mWuUbJH@={eKI9F5^?liI
z3s()XLr1?|F0eXgX9H&=U$;O8%@{?-1Fv_wQw#+VU7hU9i3ba>IazER6qdg3uW(fTl@DV9Ni5ukyR-fc&Q9WC70W`o(~K0U2PWefhJW#T{hAK56K>*v1;Z;N(y3n;BdPm9NM_NvaW
z2=}I6-jTAh)u1$qGJh9vR)MGf9YU8^o=h&6xvI%S?VKHT8+66^P;>{PE#H
zkk_GQf_2(gY;_5ir8OKH1%i0H8=v~$2WCGx;d8;q&EVqH29VQE+2@-+sY8s}hc{Lx
zFVZmU1mn7o?z750fAgC@`mb2rv*>T6kEE@A#{(b19>unRyuI(M-#*>Dk5)top0|Uh
z9w1Ss+aNcr|RbGa)Y1Hy$mwIARfb
zHE_j?Am8Fc8(17KF8idMffY}U?j}yy&RR&sy*?nz!k143Rj3C2MB(&-d-8Aulfe7&
zqs?{6?rH$tzTbu)wQvV}Hv*#qY05&3o%tQyU@pK*%9AYx>pGB&DA?C*Trg((2se9(
z1QkQ&y|_1b&V%BE%jfpw%b_6Iz3bnYTh2@Lgehiszv(y7Hr
zc#IQ$h)0-XtzTi|U0jS>zFf|Rx5(#(LVxd`_k^^`lS0SaxvzY1Zuz^QiS!JMJvdZF
z#@ZQ|=^z$i*+*}%zKCOOG|;qB2p)08T+~5Km)DRT3X={ePi2hgb9@{v@f%&R2+m8S
zW-G34pvU7+sgZ4pjA?d$k4)(qxXnJAEU8*bv%iaT{D|C9wuDk>44*ybKV)^=ILVg_
zg!Hx}{9+MT5(n<1
zK?cN+O%h9>mDG~RR$H2>MlxF0LqPM^nw0p?j}+hs#d|sv*&=zZhL;Llap3!RM^s9p
zU>Pk^adPV!9T-HzWpvU|rH)EZs6)i(o_fJY8da-Y5^Ly8eDIKs6(^$6UX5ms>E7b`_D-CsTtKB-$p!W
z5JEV|->A?F3@Yh>mb%ObXvV|}oR+AYKJhGxJud~T>G&Q+gJ|RVSDVSc9%QY3EWf5h(9%2nI_16Ob?i`4T~&5pe33~?brIW
zq6x~P{NBEiIpGOs(KF+SEU!A(d>cfQ$xBw)QK%VlLzJ3YLz+Ju#juSwdlzaPqaZ8^
ze4bJQIT>CX{Y0TQhgP4;%5M6?LM2QaK6}Uf&w+Bm9DT}XCimi$#dmfV{&vN4?3|&G
z_Nb3rz-a(=fJy0Qj_kw#iJJGjH9u@uKb1)F=Y>Aqh$27Zf_*)Tm;=2F!S~qaH#QZI
z&FWI_lIOUMxVkH@JHJcMFkm-F_^5V{l)b!LphG$cFKv1Zj_i|WK5SRHJv1>lJwY0|
z3jSFp6wP)RWh?b>u-{DA#%FhCzj@@+yliPa#|lc4oSXq73WL?x>lkez%#quAkbXD4
zsYCpw536B3qTGeDv9nvzrX?
z7}Up?Jav65L?<^O+s`HO^Bds%s49=NQ}_&R^UlR5M6J>v0h?7e*Q~X(VJvPd5E`-0
zDuxM7A;R|*O%U4?sy?G-Hj^f2`4pvriW}f3!Aji$m6yn2;YteSOt206X}pu~VH|n%
znK&W*qdwLMR!5`RY}Iz}MA9urnndmrAzZ+DOK4xZtj=|q9FkRYcGo+`B3aX=JQN>;
zXDvU;VkAAn!;iW=z(|-~yM&&P0mYVoD{#&RDgrf@
zc*JXimQ?n$1lbA12;FE3>*y#XqV7x`J{thnT6STP&AAKe)o47p3y+{B?x61vwB53a
zI=t4QT|PH%Q3B-pClk+5OJRPIL7q)TO8kD!a63QcC;C!sPe4EH&jPE(E2N?|SHJO;
zvZfG(?OEqq8iqWiwa#D4E}NTB{bPnK%OmJe-&+?);Mut98#cQV9U1JReq4n5ENx@p
zB1HT^V3X#cDt>prgBlbl#@^BPVAczK)uK&aeyPFUijE)=JC{C98q1EUSvVhea6^{x
zzegWTHA&WR?f$A%g9j)v6-!98QKAmX0BKmF^B?r->WXmyuXbsW7-bk%is3$ht%dv$
z%fQZ9TYEtqQS_{NhIt{SRR)jJ-)Vd~g;VusR?@YspH>*`f!KupHU2Tt+|Rg^5PVjY
zmGvwS+~h$+yYFbxd}_ejf9`Mvs3ge@_>E7O|JGuv22LYh%)_~VkQy1R}H8Zfp*+AC|C=lfRm)irRh
z7QR~RBIZbC@L#Q}v~>g$zD($y0=}&Z6{x-){B0qPBR~3Gl(r^k}25{3K
z$Pup*(M8V_Z!|*@8*Nscy%QVMHHzUvZJq;VTas3Q+0v1L-`7I33nABnp8fgY60MFV
zj<#~G;l2aNU6My!!l}!_u`LBXfOjv1R&c*Y+4>kMq0Q8zcP=F0_9^q+Na}~2l(wlRM<;}cxJb#TG8&P)ohmeZV-fK#Uhx{rjAh$TY
zcrCqatYzMI*I1F&hVqCfp)L?$z5B3UZDKDByGp8F(gtnvIIM{LgXnyVh&1exV
zQ4%yS22J@QdGa=~zyZzpti`XZgS@3jxrB)ex;deepMaO;inGC%_>hirv_=n;{PPeX
zNtXNW4+9^q&O4j4pE0fM4*`o!=>?D<_@rzTlBrIeOgpLRqf3!xG|C57{~s~aVCTPw
zV#rX;ot?$=yJd1D0mWraPM@Q;q#5X`@N$jnJ#XUhbrDij5cy1`FiaFI9JO-g`z|e=E(PcZ~BC
zsuq9#$cJk4rmqHObU1kcDIO+l&4Uu$Xn0+{
z4mi(H=?fUq-*4Cnv8L*HR%}DFK=}l=BSbyU4Ntc@4%U%9{E=bP
zW^8&T=imr?^(p?r@}G0Nz(wPwkx^w|Sh3E)5S8nGazSq}lO|V`<<{3KlIc(Fkz~ce5HQ?K04ocQLW9f*3fac#sIu~rB
z+w`Gv^RO+F{aIAxq5b6{CfLXA%;1}rS4W1%=?4?(jR&AdBu=X);ReNKNE{aS0>|Wr
zQLO0hhM=-rU{}cNRg5+JlQqt0Vxtb5G0<ZSL$4zjv#*w!y#@`52q4C=)X`h`=zd
zIHgV4K_|A5^
zqy|1aW&ij1_qvRk^JmwMut!b4*=HngBf`q5tQ56|SVw|n6iIo2Bxv>i8guPM`|Fax
z_DEPIsA=Yjl#N@?3uj>fcRXLePQ@~tQe=D{LbQ!L)T!KmCelzV=pK~*rjUtQUdS!!D{ZaS9-K)T~Abe
zPW$?N-mgt-s0n$g##QnYxwP0${M|%gE)2Ia8cwO*ys;LY@(GK5{}cOM0lssNEGvr+
z8DFn2oJJ@%I;cEd=9=FffpscG5z!V-$p`VJIIbw}HKO)5TBN%pTbn96uDjfKwBO99
z4cv35PVsxL$4{A&KY1i-YCa_5N$(Dzk-FiU@{H|L(EY_$0
zPXPqI#9I=WG6sN&oG|jN15qXlF?9BGTe9$mJ^2HMs+;gaurW
z{aR%&yROWXT~{~<=BDXc8cJdioNL;k8T;Ln@KN^9W`R2a$*1}_^LWdk#iI^}>L%1ZsegCchGtZgq&dieJyVYZ|*Umh=Zk!dP*3juF?{pL8(0zP!%G+K&$=
zNc5Rr#VZO+L2o2USBYoIz^!5^WdzmHvXt*!vYdo^;nQb29cz9&kR<|R=`s%OgHRgi
zKl|lP?Rj&y#im8k0TYH%ZMJh<^#1##k{8Q2Y5f&;K>JBg~MYbqQkRNu5&=q#F0sYAO1hDHYW?7Rw?_tU-
z-~u^De_)~Orhdo0(L37;uoe5QX6`BRcQ;ukk@Y8v+7s48d6Y5Af;@Ll4pCb`m;1o`
zD3xLQ&yhJke)2FraY@wX811cL?m(~OK;1K^-}5~}5A9KUODA&84aYlTvBH9|lQvkl
zb1rXG?^XwOG@@RAt!H%$t{~b8&FROH~1x~r&q^o&fN>E3wnJovkU1K&ZINV
z&nB*8>qC5B{Ro0!z*)&K#OC{5Hc~=?=h=CXYGP0eXn2zKm5SZcvE9&s&ijMk)@gVY1z|}lwk7%E&
z8woyN)IeKPir52_JHU5WcHdTzBZcC(_+48Zf_Wm@*>sEAO|O@xj0kpUk4=b)7a*v1*whtEW?y^lfky?%DRv~R*
z7?yaM`=eaHaiXYNNI6w7D0T$%m4kAT$UNVyPJv$QI0r(hnS2I?|
zIxa{q%T`<;9G;DiS{Xr{$Jj+(+r2i~Oo_`TNlb5lHyb8ojr0bIMW(FS9sf((<~spn
zC7i>nN-(r9&cj$&z~l-d^~W(lF)GTX4c2)S1-R%nFw_2KPnTaahA2Bw^!VuK8)?T7
zn`2UmvZ@H3YvthLrQgqiv_6C0f>OMgEwvGkzT6{@gq`pM8;yb@-6
z(Z)T724z-82X)g2ddOK?#-Wr&iV)xXx$J`^g|JNSv4
z3V2y72(XjX!BJ_*MfmUb7e9#Yqe$m@#Aw$Mq
zF-x}xtnPsob7@PEpxIs*FJdeiyMTYfC1oWclzHy5VXSbWJc6YHzoL$13_Oz9w@&Bn2%;u!CLuO~nx6BW)gS18yjNxcsdH)aDknQP!56CLG(s
zG7ipP;7>#notc;1nSZlU=p$j!z#ZOwV?3KLok8%X+3liVx0-T^b|0E=#>~mF*(K{`
z*4z@{qQIktUIUH5$C!HP@8CY>$sRWYWN@8B~ew**s#=$hO
z{y^F4a@E9g=C62bas)SPy=J=!*6O^IW=%j1Z!+-7U9g9e1Yl-cD2xLDXnPgE>3R-U
z{zd6$TjzWV?LD_^u1aAV%@3#!iSX%|k%pFLk0!w`Pw1tu!XjrW%)*b$komrUlpfj_
zC^1*M8cr6mISh({LRaFgE0Zw?A)rBZ_2rnxx^I{%JfW=3>`_Rf8L=#dgpGN@h)v=8
zFb44XxbHanq;G=u*Kz?iSl(Ea6^pp_W=17;GrBi)?1(#V*`;C8q(9*Brc~W?PwJsJp_Fa
zn8eJRJF5o=bPt6(n6_FPn*^$4IM8~Hwh0NqfA56S9wV3CtLZ`x%ksSfc_tjYac-0`KeV(VDKd*8**!XyTkgug_1Uv`v
zM1a1!@0?(KWG_dB2Mm)zdGPm0pf2N1>^N!H_Paku$O-fN><(}Wq}a84YL)$kl#F--b9*ZMp{my_v$axnZeo162PAu#>5_i_Vw;^$bzkggF**gKR{eU0(TnR
zdepE#uQUf{qORY`uqii`(>W{T=(^fRkybl_+B+}01gTi`QDF#Wi5N!uyFWMemCykd
zA0@tb)$d6+SLy^N5ANql774A7>jCIuQ>Ru!;+R{rtLyP8elcif<^*age;yAv;C?-e{1Z)`1+KKx#~79lZj^Z~?M9Sq+X!ig{8+)oPx4Up+v%#sYa
z#p4aXY|@JqU-YrQ%*A-uvzzRgt|_r+&5jrkOtdYgJ&<%q`jEtLN#`3Duitx$m&w$?
z1HpzE^wi;JNX*k1kY=Vp*+uB;wPa+TUOnsY!zi|yTGbaDTqrSdS~jw?{Q%}%yaCw&%4;Db10;fh)fSdglMOdHk)%
zqIp)!wa@e$k#hv0GX7&J8vS8b`wm%(DBgF2!#LXhV1V=4bsyse+_0m@ewfi;MNhrl~z)
zEr;H)oH0piiJIm4(~?J_dKv5;t0*Zkr~8hhm8(hNfBt8nwXOnb-RFC9C7TX*fo
z|Lq^~V0Kq1hhm$DXYx9y3#9Y?B08$xf{vwFx?7=IcW{sy7XuE?EbHZ&dEiETj
zTfhx*HZ;0`e2Z^?1J^1#q4NO7*P2{{z9!uBmwn`_=ZW{UxJc_Zmso3yEWrH+>nnhy}SIF6A
ze)*>kV>-we2G;V?64gY@9O5iwe-SF>!j{O=Mwha_e*O(${lc$t#hmE~_cbh4x~BF*
z66q!blZE=KO}+Ro(P&zHY39x$@kiM-%D9q@SPkyh9t7M`E)UQ5MlI>Ew+Aq;C3c3$
zs9So#KiN4uH{r5(1j6>~k;})nW`3}YpDsX$lh{BY?8mbS*HyI7liLMeSdD?Pu9ATB
z8&*CKzYi1H%H*5|4>eEZh}xZPg}cqSZ#J<1O13#nAM6Aqfk$l^<>pzVJRrSl7i_
z$!u?FI`AOV&9mgK*)lSCqN1gz3x+x+bIWJPrWq(eM-jSrS7v&|8t9X1D{SL4Rs!EU
z(uZG%Pk-B3t=(PMxkj|FOhOn>lcbHKi}csCifx{B5|F}%U@WP?SX;@TWl)RQT>|*9
zQ&GfLnT`SGPa4rU3dBBkapO_51rqd^#@%O;pY%#$bT;M!SY#((k=S%K(C}YI-Ln*g
zfhTIbryXayC$hjZi9j!23#|59VJ}@A>3kx~b~_|_1>g?x{Dot&z%dftyc_d{d2r*fu%Qzs`qMedl9_`#G6F1XS(dwD~5;Jefj#OR6
zA)-sgvmM2Nh=(iA#tfZL{G1Lt+RaT`!s&3M&Jh0&34N4<*u2i3(PN~@45DHQW4siQ
zVrsoP2gfv)WXWKj9X7
zhUD=v`ikV((YvV#m~XAw*od=&n2|ScGI;C`%X9;U+AT{6-!&OwzAve7m@s{1GN(tk
zmz+Q~r`x#i1HLre*6JVAYwRE6_liEHBXKKGtZuBB5oWK$_~}9SNkZ&n*B;Cee5e?#
zSaz+sm!Qa&K5EV0YD=JiMfqh-1wW5m%_gz~zzSGG!eXa^5Tw=z3+M=M_|Grh$A1Og
z6GRYZ^q{vysp)%fKvrBgL?CscQMo8k07%i0U{LyRx)VWKsA;a#huR7{O2QV
zxW)m(HdblDq-iOOJ{PXYuV}C|+3lIjm0zaLF-*uri>$ej;^QsBCklF}0YHOb1fV)R
z*eGa4chv6vEVdicc#3beq3=Mu68loNJ5oT1-PY)IHXd7>@p<8U$JhTNr!6==^2b|x
zJ6;;FY&!d>S*KCTjT>IZ_+{^#5{+rC1!aCH-@84xcv6l<)$
z)MQZ-xt&e9n~h#pyez=pOReqrW@uWGU;O1W(eqHH4d+X^g~V+65-wr9GY<`0=OIHK
zyRLm$Mn9%zWgLUa!kJWNlP)_&-F>!u>SsbeqzAXP?`s;v8^#_w)yDf*2s`92^c5d)>w^Zjfm)kuc5
zsFlu2@I`hJarO{{rK`<3I8+iH&4{(0F|=jW_us*DOY7+Hij6WxeSV&LO>B0v!7cJk$u_)oy@@KCv1TWvufbajp*
ziunq>n#0czzAPfBL$c?!I_f2YUpE8xt~rW1bZot*1KFz!6%RYx2dHuH>%%2Z;^G+F
zgN&G=>JQjjT_Pl^)at&^E!j)y?2PH
zEBHdB@l7N^Ul9Lq>-1Q$P#OUCv|R7EE+cq1LFYZE_#X-FnC0q>1mDLM(5hgc5Q2ax
z1W5B2HLH80pLyTwSb)UN-p9xZsO!!o*kW~R?&WvIVKeb|+JTkB1yx+}H8XVqL+U8^(ZWhce%Gvab10)A$)ozFd
z@N=K~^Lm5(eGH;hRhcMy-*q(VYKj^}KF{7E0=3kp=idKpaPOIqewhxtTA1)DI2**y
zWE@(;SUr-fIoqT>f_32t{luZ%qNVg>(~a0
zq*dgP;dPFQ+0mx5pfO8grGqtWM>+Gkhe;*kZwAGrR6{MZo2(N}E77yqpV9e=$*Q7C
zG<>GF1d0Q$uJTk@qQ$BgwUs)5gnum16WSaSCSDGkg0nNKvbT4>PlWqe;NqJi)+mGX
zw&d6^+h1@T8DGr1P>o?mvHqCs*6h51D@?;-`;d1{qmHeQI0wS`
zvYzhs*72Pupu2*fv84{R2yCa{h+>n8TOOQr3-vFP>hG~Ai6eG+1jzL{ayAE%062sT
zD$FFZX~r)raTZhliUfbyr+|c}qBAJ2yUMv=X=58lny$CtzTH(7oR+C*pbSw!gl)60
zy|bxUjPop>Zfze8mvwZ9r&i*`e=>rszLphUH&gpatbTxK6bY|!9yHZPCj=7CVH;ym
zTq4L&%U?qmGJRrjwX4KxI%D%UsjesDz|@4&XCWeX-2dJT;3s7US1%vz;0|599vybj
zqNS89pqV_4_-ORz-0A`(q`Yhf5xU(=ITB)t?U@+TQ;<9*?Ujfhm;sjlsGRvZ>SaO`
zb|^jjFZgw9a;l!@-_1p$iPeik-y}D5MV;g_3G{qL*7|`q>y!T8AtM5$>YoyS_RLd{
zm#(i2h^xn2FZ7Z1Lq~C+bX1Qj+#3K=Wlp&2?JANwC2V0wrEB{$L$o4$#rJ~0W
zgs>(}8&AcoS8#xK(+S(j8jIv^g|C<=JL`7@Sr
zx>?BkPr;q@!Dm!E(I0|lCT8X%6%Hn&*FRJCex5hV7;C>yHld%~es{S^sbR}_ljLXm{n5d%xH4+iX07}_
zLi(Ry7F7CnI1huua+_$WZUAneZdd1o=2r=+CWZy`{|R3?GOc<2M4x93INCwHWhoRK
zu_jspi5>Ry<4`s5w1)}69zpZ?tcsz|Nn2kZwmh>-0zXvg1V?`K!{kda?E
zLQ`v{vV*j8;NNNd&zeyT@GA8)S3aJ9o-C0n2L9M|eUo$2hSpxpIcNM$4(e!bU^jTe
z`go}vV7;V!c^yjr`fyU2!>D}zH>od6+KepHSEMhVTV0Ej&}(9kb0D=sD7wanA7YA5
z+uXK3uesbR4=N5alVZLJJ1I5l&yBXRzDf=B^6byMTdNrTS-`=kA>RTs%gAa+A4G0f
zGX7tN+#FbIg;Ss>=7-{YkI%|GQ=9YsE4PRi{k2a%_@z7Rki2&JnL-qa`{)YDd6rP7
zuKEn
zd;XLd7+FBn5ZXM~9k|4~U0!uip&~uzmhXu!b7VyiHfyB(DqMXueC)V{DJ$v#=Bk)k
zTAvx{r#>{B;y2sY{Dm9+LS?LSQl^@{YDI1U`ly0%!_*X4CTBxIt7YK7OTYP`Mx?+y
z1kSGole4l1UGo~OwxoTFx1nUpN@nq!$1X9msQNz!Rs31g;VR%$$T+cN9OfqX<}JS8
z^(ic%y*p$z93K<@ER`Ygw{mqtd~3pHzmJ6fwY`g9TYg2ur6^kC+>#fk)H52gW7!UW
z+%X%i4O1&2>uC>9YU#bVw0qJNB=6b_6#tkW9LP4L}|Y0g7htTm#krxKcZ
zQgqw}#}9nJo!rPNrU`uum6;;>!b|;EUouvHt84p64ZUN{5%U~+SEnk>acLA!g;#M~
zAAi}QBv7V%2N5^Cn$t@$-ytMrSpcD#V0bJaGgVhhh2_YsTDxF$k%g+Y-ONmaK1Jdi
zgD}s^d3=Y$^7BOph?(B0sR=e?%{8vkZVz0{?A`5uJ*R`HjSG^VQk&~4JN;yf{to5g
z=~u0eneh;`1}W;p=UHp6XhgB?Kgvh~0DzVW(s>4el3YYn>WjHZGC|ONfMZZ!agS-P
zPGMH?UiU149Sa2Ow30yM1fhd@x$6hCv%Nv+NUl$6)-R{2(j$-BSC{MmkzWGX-)E9=
zU49#BrsfgQyzJUi9Z0Y3LC2G>lkvBKOPkAylqQ7V8cNEFbL3lDwV#6x=M>vu
z;_Hna#UsZmU`{aRulv6MEASaS-aRWL)V1v=m*G)kws5ewB&<-l-<}xDP3n1hy=Ny=NUb_a7Sj^IrEw3yu)ykL9c-
zwRS}fzjX{YI9JyehXgY74g+k>xtTX`QX@~oAn>YlS<8PmZaM@kL$3BqoW
zRjf*(@Bw8A6|{WB`#GyJ#4j}*^hblOxtS+sBV;%7@0z%;3-
zjyJ&Mtv^@!sQvX%vlLXE`+cKCUydt@v)eb0
zKb2XFD$F#yO1aPZ)WKI+NPmNPH+oX?$f&V@hZum-_nDYym5l-Ap
zYyB{E#lFKUcRqFQVS!4dyZE-qVnS!kvq@s{uNfF4=^UXiwjTi4Zzk7~VXtwyzfj@N
zwguF)G6e}JlBD2vl21-Qf-ZY#>%
z^QMf|S6EnpFj3I&HnEg%Z~Ny}A}V~(-L2{6a%b>d^)B&JVJzIm3ZlbVT<=;M9D&nI
z#q!fPq?$q9MB<+HUk%hRj~&K0EJUNM?}Ku)`*V-4rKk6g2JP@hhqn?FKB%DhDaf0H
z(br#W?QTpnzk@WQ0}L(^ywmx+@m5b(9`cc0f|9Z7`2WD}+B~kt#bq2op}3#{gS5`z
z!S!ClAfv*$o#q3J4O#qPs;xth#k**K*rl&qV@mA8lS{!RHx4}FgG>Qtl;x2rqXq*LaGyLz2dJ0?PIz2s3XwshCF%;QJiBs`VYt#4wul^W(;_#q0
z&dMXFe=t9F7s6_sEiA51^|g=_X-HYP?9i)!@6l8c{N)7j5syob+Xp(Gli8MC7NA@H
zd+`(|5>khLCXcRE+15ijlUQGtwrWRY!=QGV#NO*xfpQ!_%Mr@~_c|eUMq>ge$rX+(`kM~#*lz{J67FNn+!I&lVq(t1o-Gakhg8Y{cO`y%Al}I1RTsbX$4(LZ
znhzG!#NRQ-Q@7DS=(hH7itG~wFl1Ke+E|31y)QBjDvCU)&N;wA^yngUh<8T6kin;H
z#Sv@6*~R}5Q@P#jy(owIlUR30%vmP-pidhFJu{KyiHJFfR1RXCYk9OJ-AL78X3esV
zux;C)Uo#Galr}L^Zj=(Jd?ZAew>6lV8P`#}Zz~g3e7u7!I-K{h-d3gCscH%~@(jNF
z*~o3f`!HzKSR)c2=(S6Vk-{vATwYgooPf~N_sU0@IMUFOikmGNhT4wo3WI}E0tN^U
z_Be&}ogu|Eu+@4D5Tx`UC`#b_#owON#^za%s$_-j0!KR-K?#IljmhYykdBAM-h8Et
z(q$(q>g=li@MFTkC(L_oDUXtAqQRO^ObnYF&P-)Gn?i*`gucj$&jy6;vix9tPhp#i
z85EgvEh(NoK9XF<#&~~%Y(%y?Sg!o-Z_N>i^fhhSMF-^$!|TgGYwxao)K>3<7gu4L
zYWwqSg2W5?mJR!IC~mLVMaQ$GkL^o%7yCeiSH7(}Cc-|;C@IiSNE*`R22G;L5B)OC
z0DB^ZDa*p4!N{%_n}XvuJd7%r`!Shp!jIiDdfDX=!3(GBKTyt+SNVl)_}mwL<^%cs
z(pCY5OFsWyEA;s@`D@tVN~cV+67;@E`$FD@Z^aSss4ARjpxJ%c+OgUdgSMS*^g(z}
zIHVua{GoT|Ze7(7Ro7838ddG%)F&}`l2oVQ*rh8DNUDDuE!UDg=Z(s4MkeZ!EY>3?
z9e6X!_J9YxQ9Na9T==t?mcg1C2aW3p(af-mdt5s+ndaSrd+jTCYvKW8x=7=wvHdII
zwB7!IF1@Q6$GNk8a
zR_%Qi)+#N#rtt2|FQiL0C=wN#GE9Sepp&zOw`N7vaE7bUjkl;zsifv}I|%n_QMCz?
zZ`p#qkv|Sc?(d5La8ep&vd7y||K6pCJv5B{&Z%n!m<08>Ci#Pg2MJ2lEXRAea|t3Y
z)sO-?(G`8c_Gro4XM;~2IPdvE;)KCYzV7x>_CR^?8g%>aya
zw@26PIgb4ejr>3%wLhB_!n*3yDzAAx-i;mGl#o_$9Q5A|2h9_Z|HaOQ0}C^MP;wmX
zZ6ihfS==xq_(chHYOO{+-5Z`@c&+hnH;L^q_o^}j+K|wdUhh<
z*BZ{y#L_-Mz2JNQ?#FArXQHIIlo?}6$usui-*T8o^c*Oga*4$AY9ZXexud(?ZgS!p
zHf88;VIgd+b9F;@fM};#I@7!reo1IsW(JX4XB2wZ>4at8FjURegLD_or2_m!f1v@B
zv=pwD=bn~~c|CcOk3n@GRdM|TcT<>K_MW`hsC%Pl->Bt|lRsV1^(WvywAS?-j>|H*
zGj*<8ktz%hJs49I`eB?utkU7C{0Ewv0^(a)ydg3^#d%<}d@Mzk2^Z=K`RJaOt(ZC@
ze~&@lu?h_M59W|h^rgB-HMcQlUacGVc6_Z7Oba}q>PK{Bgx8z=m+iZ|OQTZIYhqPT
z%-Ok!WJf-yN#h}5j)^ew{7)j3)Vl{Ki3E|??6n6Oc`fB?EO@~ggv|84&vdTl#YhwD
zg6IjSt$#t~Qy24vAnBnz9@9F=@o7)YtzVZc+D(JoT^)oa7zohJ4INz#ZfQ=
zL_c|MuLsV5`gNECM~hpo16_-)d(;hX=y;sXgKqqcNO=GcD0@IqKDn@E@@!CpphMf*?B`Z3K|7PZDD?Xi@{QDhzHioPQ
z9RFoiXj54oq*&l3f+c%Sw>0=$t3ymrSR(&u)o*Z^a@(9i`7DWao_fov1kFlPOmhRw|8?59s0x
zE}b8oE!SAB|J(m=7ay70OprM}g@=4-_Z4SjaPm@}PW4i`nv
z?{m|~O((^flo@r#tT687o%G%sJy_fFP{p@GhHN-qJ1iPpP+stl6m=ph?E15B1y=SB
z=hlN$i`f2{i(%t}sR*h5SgRA>&4SBxK~!g7j#8rEpUzi^mpW^LB4qY0a84ib$p>&t
z>K$<>RM&@1m^5_f*jm1Tw!+S3Uf+6a9T^mz7&DyDPc$WB{4#GwSJaROr=7~4{LQ~+ta
zEWiY^*I;qozrO=H=s(*1CRIEK+E;LVRotyw!jbQn8T@jf{@zX}8rOf>MPJenWP)fI
z|L@takL|^G+9SVZIzu&yH+O_bb}z(lNcPWuZnWXj8p+=eFURC;-5e~6AGdN^(*=F#
zZcrXo;r9W)s^+x$(GswC-5=!o+t)ujn6CMV?T_ZzdNc4@-lKZRgJsyQ{lN(s)o3B-
zrEpKnX5I;=&HgF=E>tyBcfwPCr$U}-W%`v}afP^;Fa0xeeaM)htay66XQ&lbqZ3)e
zc>E~22JU5^CHKY7yKDSc*0#=x@=Lhp3r>iiKBKKb+h!=AF9GtvW>?4QMZ`3bY-`tD
z1jn>E&P_b+?OyoZv*nn$>lgHm+2+6h`nphlfskQ5qriER$h{AIypun|ocEBPU0R?j
z30WJMUycfJb8M=-L@S;LbY9$hNR1}1Ux>6bGm6`|aM9MMVgA|=4#dS(Fcjzi*tfl(
z-5^hgx_tSae1fym$@zu=JZ)LbGybcd)p9i_+?#%9S~WWHOqm^jU-g@n>jtt%Sm3jl
zsGedtzO4=bi-w@yfFFJA;5-%8%GGo$f`R8FHU7I?n{(I`!u*eKGu->k`zZ&obL@GX
zXdvuVkjTMh3)Q8gMz~J_&RCTHili2Ql+R@uRqL{qL1)w7yVwNmhV@nY+orOI(Uc${
z7Vlq0HkU85v6gx@82I$#t4sehiMb>k+>W8*UmA?kmavUK>j`)q@4?sg+Ef@?&w)Gj
zK~ZSl;^dCsacC9?m~eT?(czpB%JPGv`g@?7*kiSz)$A9a%09Q%Hu6$H#bJ<9)zFMK
zfnsK#7+3+natihXfb`#U_j>^Sk|g?XK{8pFn?juZQK^{4%O
zzhC?`<34%D{(_>cH&a26j?+|O1GPuu4TdC}ILoeE@a4d!{5}Ni>o}imk{Yn+5|mgh
zPahR`l}dr3A}s`}aO$bff5-K1&%20V*{!u6Un<21{hwZq{!k|RSuqiC91J)aO5J#|
zjM1DgH-~cINYYFA65yGRw5;UH>?|3p7C
z_wA>vp&rh=_zLOX@AFRr+0rNX#ZE7a;7tPWP2w-K`>*;yj%6ox>7w3;kv9)|_bsvb
zfL3r+{Pe?trjVKyI2HEsZtJxFOL09W^*h2RSm#QoMzi9_ivD7&J1H>yzUsctc~@2%
zeY3v2L{?y5K06R}dCQX22~2ZGYXqqwz4
zXyp(3`RT7KHD8FCH|^2Q#2uKkot?EyySf`z2>dSd)<&Vc^OdZefP1dI%)RIa;UgFS
zGcH|Z`H6F-$aQp#G_q#iEcK@hC_+mAatMO>fVRxvJ=BhsRaO}e)Pi@}EZ5yg
zaEUWCXHAhNlNM{ACK+-VLSY;WUq-pM8-4-fj22FJBX#-o&qUch7o%}1|8-wgcy$iN
zTPZ4QA4$%;=5)L1#q8~m#ID$-UYsqTR1cV|>jN~dUQahI(xsT&?GlHHdP@V(TOH0n
z*~i|v4JoT@1k{zfp1-4h<;%}%H9nt?SS7yuoAtdXMb8&If0Nz`u$Y!rsLFWt_{ON$
zp5{R4L6vpNhl9in=f8o~_mp$`xFAkdCBGx)m(ot|L$}}Z=9TgO75!>_CFuJgJm<=4
z#i_N5YvNWnGMoi6k@oLQAAX&*KI3Z^C?8a=w;LMSbYeUuyJ_nac}h0Ew|Rn7!Y}S&
z8THJD(;;8)No3?4EnVg04~?M#+mkTRrXUBK+Vl-CO*J!9*wk@I6BLwL3YK;Quimn*
zt1v}Q1!Tal+kcfMenxJffPz
zaV<09M|oEtpmtdJi^m^vNwen~+u1qPAXlGg6Wo4&kM5#yYf*%sb=
z)*-Gp)?KL7*P-P4p12U8dnN@*Ox5fWM*46di%$Rv96(cU=m6FJR1%Ue4w?7|@oO2%
z6p!BY<%li*S#fbWKco9;I4Bv~jk~MDboT!Ucb|uf?CW}53CdVEUCo$29t@Zs)!%-%
zNl}4o?wN*-6aU3ao|mj?CQ1K@d?54ZjYT|lD0!`RsmyMu91`!$&uJUI-00ng6z
zSl&R)iMyD_6V%|TQgYrvZLAd~74}&w9@cO;$ipfgij~w&W<|xry}UfoqT<1+q;^{s
z6%Tjv@}ZWQ;vxP`^qBmFV@eAof>o6qBOAAia-kkZ1w>uOPBlANLMllXfFyx*B_
zsR#%wB?B>+wmnK*WK!oeh|Jy->wf(Zt1Cj?>W@P?ODcyv19^>n{vTqo=!`&r`Q-L~
zjFn{+R$2m3=NNDQ?n5jl$PvKS}gsr`(rgH>{-y|k6Ieq
zJp&&;&f2{M?OJ(08R=v8%~Y&wDpe}GJp*$eVf8j`WcXBl2~Xe6&p$Tec^Jbn-WC2@
zkGZTuc>{mK>*a04{OE1xU4o6;uVx60XCJNS@NdL3T$c9(^F50ggTgdY;?UR*Ox?xj
z|3PLu&_!(rMyTyTBFE$VP*w?Zl4|<2M9=emyj;x6{7_a$%RVbnbAjyTW!+GABg|Vi
zd^ba2HoJECZQ{Qj{P*yklFPhVa^=xyw-@z)wSEFozMl_!BMF`hpq#D)qnYMkQ|GJ@
z@Dm`xTn!WW%^hfS`mF2>z~3a4I}z>BUu?Oa(G@wbvNls22Cch**Xe~^Zwv5J)z%wn;0exOj&ES&lX$-5q36(N
z)SRi0Nee6=bUx7TW=;!T8`Rja%s)?{bg-7v!R?&RnxPK*fhJI2QdutG{(89oh~;DF
zh~s0I7sJO+jPS8TduzP^%)iF_(gLWThxRjXNz~>JVH$yTlkzC%e@)C5g2mHIrg!!a
zavrlA$^sZW{5K2t1Dw6{CRfut@4`|Je-nfMYJRZo9A5=ZA^+oX{*CM=hl#8@T=-<7*<&$a17(KF+(EIsG@XSjmwz5zh{guK&i^
z=O3t#_K;Qm>Uyu@-)(3Nr-M8A`^v`n@~wx=-j8)lc-_oKjeNr#7O>VIU(fZQMn)gk
z6Zvz@QyMQ136nz>^gjyB)PMf(Z)e}=YY533wAXJ1eBVgpi~WxB@rEAHK%j=zZEcvj
zfBtj4e`kX><`Sb-jC=4uKjiQ?uvnI$3-_sh7x4RF2RwJdUz8!2Iz0okJe>a5$Fg&n
z8Gk#n{%YqxEH^36&wp?oVaNLLIsTZxZ(ct$UT5HQS+JhXWg_QwH^lHKQFWJY{tf;5
zVE&BrEEnNc1!K%gAA9!a|AS}Xmn#2X7aAkd#X;VFWF6AL>GGMJ$I$f;_3JKwhCY3V
zU4WlTz)v;crw;Jb!1X&8KR2*kKIR!{;xfGs+IbTV@*k!bPpEk6x{9zY|_{m3gYUn$~P6vF+n+Jqv@4x!f4A#AZ+`juxO
zc@yiy3w``A$Q1PP?+_NfGQBv%nn4zqbO=SS;Jt3mJzqC1BZsqEpw`NJlw>l2p#}|tnLEiOnLL0Ig9e3UK)MAVD{fKK*3`tqIffd~
z!5S^6)iQ~b1Xp$)mqFMrRIRK3tXn>3zK1=hQl>^LGhnls5Y3yBPkhlli{~0Ow`HnjjwB4D&`D
zs9Qu5*cB^Q2teuhmRA{S=@6d6k-GDQFJ6ig3e!}!0&&B^?
zOW$Tc)BjL*0Btro-olN5gDxGFc1y39^Zhrrc~Qo*#&Hl&t$mF5e_e9CTffrSJp^Mx
z-zaW+iO1}}AK}z2b+chTQEq6Fazpep8iqaWz8=;kN7$C4FZ3xG>-m@L6oYCrkJAq0
z;9lD@3N(0zas3oifd>2VP@bw(5SF6MO}nBkc2&5jW8&Ymr7t*ds6RQU3k0
zJxWQd7}hqKeSL2)C+7u>>U@ntB-cVRq$<40q*n(y+wpA4WZ&0r7J
zj^F6%{>O~vWtO8dr{r?6ysRVw_lNO!8m{Fv3^vI%#25syX1j3xV67wl&|i;9
z@CdKprY59W3oy13(4qz5(P*+s6l>JzACcJ$ZU3Z-f>2k6Qig3^!WDx5Be`6bMSl1$
z%7KUR(x5zou*xD%?=mO(Tg1k>BwRrY@R=^*r+kGtMoB`xLOE_hqy*aFdu7ZnnVS*i
zSSS}#f&XuZx~;+$k+h%-Wx)oz%oRaeEX1&9edGST57@6Vo#N=69aX+DmDjJhF-8yi
zk5V4T5c-H9k2}OMJrUN+JLC!J@M1`mg@(B8TBpUEX{x@3se$9G3|LRyw=4*LQ
zi=k{U&*_|p;s0vMx9C2DcXL}y!d$PGzCFH5`fsL+f1uO0nWk?^o|$)XO?B6dwJ5V3
z?wYw)lkqX*gAE*bOxd|L%+D
zQ^?+(@;RKY3h!>|dxQD4P4}T6Lb7kK|0?9`CHKkrD5>NtxIe+8l(Y5AZSc&3`y?{r
zePSD#XBxU!($oMOE^OsByNB28$h}BY%u?G^F33=#Yi<)P!rBOc+kiriz2zw@jI;{*FyrnL>~-r#Yj
z1D~G8W2cH2e;<#x&Nv>x43uxpX1c-$b-&{AB;NOUB;I!z@V>`mCcN*6!~15&`xB!2
zvRMC1!om2yhVi{41-^GMzOMdBQ~hBji`$?!Y{^-wgMX_|Hoe+o3day;AUMyU6NWc+pln0JNZc
zh2*bu??xK)sdB&}0DBygH-$c<@};oeCgzWSTh@A(yb}o`_!Wt!y0cE&63KE?EZJ;tSu^>3ffu+Xpvl1Ckg>XvS2U6@vnx}~#w6y6Jc-oNB|tMwE|
zDkWdG(O_S9>8|~G!Exd{HHa&egC?8c(9)hsuofEuZls|PNBVzJaK#`u9O<}Vxx
z{DlMHjAIo3!omE-nH2nmBZ0qgTm^sONZ>CJ&ea&;&6y~Fkue5;(ZToEy!`6E3IZrubmcx0sDmAKE
ztnI$#;+mRl%=-i1KHaotX|{N}+bp`fb^R&A3=_ozc6$*Q=(<#j+hjdd?gv=X46x*d
zm)6#xUr`sI`^(Gr=Na{b0a5BqgZ6041iu&ScW^q~!S{uBSSc3TE|}vpKu3fV&_5jJ&{aLb=E)IFnqO(Ot1q_n?d5aSuoP)pxrZBJ
z4~5v!i}(QdaUSnuF|@J6J14?>aL-WQcZ&5Gxl3dIW;!gaX1sKH39Ru^)I~Zef8lk^
zD-13{UR$;;<+lA$7SQ>BZntjkf8M**8%eg~z%7Rwz#^K2$z3Vt0C`
z+I?*^=lCY*=N-PU1ZeEL_Txli--G<#&CsVr1bU)Qzr_i{pRmr2Z|L|3zHw0vbrWK(x_T)jLn(XUgfPm!XV6
z*Y!WkHUxvU(iX-@kHpE$hngyo9tr|AX59HRy%a?I~GD!YZ(F1VOX6jVSl6=Y|
zYFUy``4PR$5PxAs>vzB;p#?SG*CLD3i_eDPO0*?>4GFQ-U9#NmPgRKDNh8efF7U(LTm=**^|{yRAC;en>f_jdHiWJo_nCEU-v3lv8U``=8&*$ju2nX{~DBDfO=kGC3YO0Rm^C3~t^Tmk!
z!dSBR9+nXu@}-s`j%oknOSbQG!S`eC#mC|M2VQ8hWr&)aB)wN1Lb+SpH8$VFLLD%}
z?*~cO^?qEO-z{}4|MW>+SJ0sAGP5jWG#%H^f5`ejpOlrLj_YCOyU$h0*f6?|OJf}u
z`U6-{Psgzq(H`fVXml!_pOqVRUj1pM;qzF2L@$>(_6U@Ji?qe2&&!SWIG3=k^+dVR
z9_M&kV|-i2um6K>i)C9Qe*F~M!}u|K9QY>0fBB3*bE}N@I8uJRh40bjN>~HdZ*4Z{
zw^p(q<grxVf_uX_kVX=iodUVO7jlEQS4N<@oWHFb2>Rfaj>c
z{~7DXv`XCu;A<-1%;ou5ZYizU@(Z=P^_n!F7@FwKBK^N?_hW7+DrFv2EPIU0&Q+w&
zA%;4$z$dy5#u>5~-O(uf?5$wCNfEd(o;~JCww>KvVYH8#r9K>$M?c$xa9_9Cn8Wj`
zuaI^gQ-Kdp<9DQzAN?nfKie?=3Il!_Z+`#I{Rh4A@&L4N9bU`w53jUuHB*kovqXm!
z@jQ2WW!~q7(R_MxeQ)6U4ybQ^E8RC4D*H`!A&TAiT^_+z_&=hLcdf4f^h*8eO;LTV
z6Juix08dP@*71L|_s$^Oj3%2oNj`lxnuFo{~MG;sZ(pf<}T_*e#j}M41Z8Sg3!80Ij
zWp5z5G3c2^F-d|LzjYAp!`%t<=~@x=+|IdIrcKih>tpS)YKP6LTb*Khx1uzT9*288
z4f8RI!9%9jirW(9CERB|ms4zNQRpqA*obm&4u0Rrh}(|%(F@}NG9A>ve~SM7@U5-<
z{a>)I^|BVzDVn(5DJW~^cE`Bg5iNP0vMHXs?0bRrusfmM#$z{7o&k(K>}I;RQ$gCiIuR2skXq>$P2cw;Im@j@R~<&6frDSRZqM$83PU>v=xAcs^d958E*h>+3w(
zD%Tv(j#>AA)Z}@>Gj@{g!A+X9ZT|nbzkA)O`JXJZ@5~~*%+FX))!~+R;YGkOdfg{n
zx6v){n_k|}
zL_1DL_$4F1g5$uxO&(>OIXq5hsWBI{90%>FQuX;e?h`QdX%`QKo)m#WqS5^--Nz23
zg^M*AUqzIAFz~?D{y5n~abUM`Sy!fq{B}Bs4wv~p_3?{%{0>4SScN+yAoMA+%WDcOwm<>khJ5
zzSX)oMwc4mYa3*l4%E|xwh9NuUPn3Nb?h(VU3_)+y2Sr3mhq=ta6e1nerj+(eQ-bh
zfL|K`zXkxmt`}E!Pi6T&=5c5hSN7l?{DyJTkwrSL{f2PcX)fQlXf#|a+v)U0=OQT+
z!m>YdSu2z!;@;`3LtnQD^J=60={tmbf0L%uhjV-MaSrl0C5t3XSqBZw4>zeMt!#Ez
z#?zhvvjI|I6_Ib!jQu8}{ogw23Q&_u_e(i0}2taej?)l@t0Mg?=U&J8}QN
zf^r4Q%!ab}k#|+}c#vO5?@%tUb90G2za_9UiuEIk<@KggK=~Jx&X3A1lz;LM<*2uP
z8Ol*_n~ye#uxC#JObIE~_OPEG
z(P<_r)2m~D;#{^dZN3d*S)uez8&=kI2s1Lw7V_$q0^RtAXi}{KE!ePWaLvFyKvEQ=|zw-^hord2o_#J}ZW`0`v
znaj`X`KiJ)U@8cD;kgc;J{|+*ZuIR2`I->5VYHclOhJC^YoLeZdL3drHs7s4$D44>
zqVRfCrX6Wbm1E2uX8HMSXw!jpogwmT#kxaWXNJ0c(7zt~zf5glq==efVabMJt52LXoY`-AtvB%bRM
zq9|yad9$w#{wQALJ!RU*sM|XhAD?h~LVQB0D?3N>nBPv-4$n~%`CnO&e8F2#KTAo}
z7rkx6HdV|UBfQo19)e|J$BThhVw&YJ>+ud0OMgnTkAriarReq~u$S{yE$&-xE7MTd
z=}Pz(3w(=HIafZJVw%hT_`gx#iT|5mj=H@{I{eNy#HYLlc>c3OyRcW;(1qVIgTLcX
zR8|lyRMvQ~e7^Fm2W0?%ouVC{5XXO=uQF#M&v3q~cZ%$b-*w_d3=Zs7PVf3SD$kJX
z`6}>+X(TT=U$xDWy5E0r{g4^?NVaj|@v!`7hWCva`pI{UR5_qN0^gzke{+s({|4#~
zXgnLWe?8%Qkj|PWwtIB>9LhcW7$ydxFW$!;0LMbgmN#cn90Hk39mgtMfc)jN6)1zx
z*7IR@1O3Xp;i2#C&r=r&ZL5+Q?oc+onV4?_?Wcg24R0m+v!shr$AROcexNl4d{pj~
z@9tzci(_>17)TFKV7eG%l;YS%`@9Z*59&;C9DK(QjPabm+m5zP!+1{C@P0(|f(>o2
z(ATF4)~A8^5t5}3>F^ir5T`@m<%az?Me~Zm`U)KXZTm9l@8j{MeDv$8GPrN$BKbbj
z{y_chP`^l|y05bTze4>jWAy(gs4q;YN4QDrVZnGFP3qJ2GS?@-m#~fVjUudZ;k{fS
z$|xV?3PJh$-U7H3-7`2_h$nG9r^ng%==CtZ)kgJ`63$-^tO?Gq=p`af5)|HPjg
zSpVsY(%5LoF5rECdS3n&P%W_
z%DW2tqPztAqC9waxxv2Z1EY+`-Oj-r@-QHeOcYb^fd1ltj8DvI$hy5E7yXP^P<
za{1hT%f4&gqOtuB;`YDj>hdFJ(|LFZ&ck~0NeHm~?6`A(o>`gH+q|u%?Bg^kPkvWqzO?z>U9z^=`;|^D9oBA-ARXh08XrmN;xYunsI?2
zyEvO!Q?&~QM`y#x?q+KvX0|BljsfCGS?!uY#v=xDp4J%@RpdARZ
z!k%;Px&2;ux|8f!^J9Nd9qxPYew=gfx##;pTQj%)C$}ARVXT{M8{)QB7t(>-Aa8x?
z$kje@7~1O*`{#~1b)MQB!=ve6cu+3J?|#MK)w?j?$iGF}L)^aBg|a!;jZdZax4GSL
zaSiz0ZqFCD%fm|6b_*B9Rn#zzm@GyesEqqM&3k_o+Oint2N>pq#nQg7;wl8=r>{71
zj`W%8B$NKXSo$xZ|6v~0Pp!uqDWiUIFU3fpU({0a6}y*WBJdo_n20TKKK2|h9A0|F
z82-~Exx+UJxug*4GJabZ}__g=OCoiZL_
z&J=!kton>DdF~MVJLbZ>7;kc_-k|){L2V=DI@sxD)FXU>w2^IX3NBk*u-48SrsOOdP^V)?Kw0
zQEZxwLlCZD0sMBu94HkK?P?w|T$yiXqTA}=!s<{8uu<&6yY9|^qz
z_v2R9{}$rePseXMWBZ*=e`mPAzvuq;7b4xD{`}dZ$h&$`ULD%V9WNU-3Fla9the?#
z$bB|*pKA+|?#Mnf8RldU_a%s&hEKgx=z$F+_Z;_<3^ye1g0XwD|4efvCFn%0wOEF1@6
zGTX8Gcq|u>m2wZ#(S4rWnZ{_C{TM+WV*!uRwH#^kK98ZL_RKHw0}b|jfoozq}UZBMVN>6*{^8obL*Un}&Rdx7bKYq^X;naQWk
z&@BGncgy&b>GZ=HRNq(neq)ZYO_~u-#NVW&J`wn;jp9L$J6RctJ6Q~Ti1b%q(X&~s
z1fBzb-{82Dl|jrmfHW+Tef~rC%kbW9jW_v#eExcx+5QX97HcZr#F$9pKI8Ep?{a_P
z0;|3M68W9AG95kx&yqEzZ*uxWnv_)=Wqb+AW$+uc*(;cbb8tLLk%fnIa6C#;6c3le
zJe(PiVtzjnZ3zk8$&vCxZloV^Ds
zC^lsY;Kx$`0{A`D`8mlaDT#8Sm~9w`A?s7fws~Y5cOC}#PT=!$m0t$nqca|+tLOa#
z#z$lRRD2XLK5Fvi-bbGEWA>FSg*MFhITH?&pdcV_9kQg$a1$;9_!Ma{_nxr0bc*}R*`xX<9cdqqz%uVhraR8R^~_5SCV*8I;`(A
zeX+y4-ONMeDgUoL$}KkSdArVj0z(cfKBP~3GsC_Qo;}3hw~8HsEPD;bKJ~F~u)~3O
zb5U0o*DkYTZp@*4;5z^&*VffM@wD_s3~HEXdf$=u1JBjbep>_lNr~ZAwJrSA2gWX;
zepULrp)P#nti$*V;V391KUJB}D`lAd-bz~5BQID8a&{B@e5JsAc8NE=Ilh@fVB*tW_ZWUzmQn=
z-<3eVS!>M3e@6NOXTZ6^_?kH!Klm=}{a;z*5y+Oiu108E3zCR8ME(AT!^j6%;}q!3
zSbTjK>1J%s3GBPq?|Dchj!jHw8@%aHA>&{FzsbYX#oGiq4x(e3HQr|W^R}4xRO2#p
zzoiNPd1VJ~7Qc8i)<(QKDn4c<$H(Bi7vIAF%NUvHZ^-U_fNVnJI@b$Vx>>YOppAR6
zvKIlZT1d32)}KtY%1N|pG0>{m_|UGH7{q1Ol2)}Zl`)9axBh@z*`L%{@C$U&PkLQ-
zzsme)^Wyqjdf4}{Y$?hcg;ehkV{h{LOcgAZF}jF{2N@4pOQ+_$$+GVt-r+Folg5_B
z#tTRv^cUDC<2OsDmv!Co@;@z^o&7z7^bZdnR(?I3WnFOc%RkI^@r_G3H)jl;GcbqI
zKfjwdNAxZqe0lfLZ5)fSWQp|gTstgtPbN{$y&Ce#-^D&NlZ&OC*&tR}^3KhV3-{0X
zoA=?Hz(*};?;fT3k}e*7$EKgx13a(i7bl)q9gpFQnU`mpdG#y*ANXdC1%IWa-#6!1
zl0cvQZkqI)>rHBzP;Hd|li@ye*X-bKru#yzlY0
zBpKmMc#ggrnV(`_Qt3yAK4t>ikk3xxdos&%Pv-JHiFSa98lxij$^
z&M{n0-Z}d>Zh4cKhMYYf0$2++W)!z
z`Ok=!31LL%g+0S}_!)SfNj_yG6RHN|4bBU35}tK1U-cW#LC~Em=ZSRV8I}Ju7h|vv
zIVQE(`pQm<1AiQKQh+n`ca(DGt=`%4IGDdo@i-5#pH)F_Vp#o%VI^`gK5u3?{Wrfq
zxCm%p49>I!IQxR=*Ws!pBRD4;QqzF+R34K5`eC
z_*lUB(4p-mz=av#bV=rOh^*xbt)&}yx#OJ6WH2Z3T9)#>j^)gLEp2N3Ip+Mn9;m}*
z>oMQyz;`14EzSh~EzUUpEp>T8ZD-yw?PqyC+As3nPm;9yZmng4&d;FXeUM_5ROaw^ZkQ;P#>OSl78`cz0J4
zeIx7JU%6c##{QEq4(7fJcRu+;S5SVvz|Y;7t34d(ccZ;O9Jt}3=hk}1fsedyjQSMhyi||R$>%v@pKL(;q%$az%8hP-?R?Uo#(A#G
z=P2KzJc)l3+}aI#uKcJMz&Me$eI)Bl20oGgrGedU_dLoE;~us0%Yh$n#@HOoyp&zk
z8En^NTbCyNoddQ!isR|v_CRu;JDYfR_ozC@uQJVTT+pB2I*fjv&dzqNuCq(qNxq(c
z#WAg3c#dnqJ=Lz(1AHp-BVF8ox3<$ywJw2gcThfpo$#JJjPUBxB-}dGJ2uJN<2&m9
zhk19Z^NM@pfX(!+SMz;_=i75fe|`(h7y6}n*77_LLi^uD*^iwRb9pz<^8xrpe00IN
zGi}=@oxpLMdE8tW7j4IBR(MBz3!Fjd$KQ`N$az1!4KjzC=O&(KI?Sh;>7&7OoXqae
zSN46xRSx0U$vzRzpyNI_)|2<*c=HHfTixgrae;Z_zHH?akru=?WyIu%+z)eUgZ0fP
z|6!-a$3eCOjUxY9{FOcq&Y;pi?T6=9A2yrfH|7!Oh
zK58lKqZSo!itlBaKK(uL{XF)`Oo@Ywg^Y{280P_Za}VX9Z<&yDl04>IF>>A-|9n5g
zzAa1YTa?}db$*Td#kYL$FGy!(3&`E&1sc(0+|$VCRbY;oux9u0S&iji<-PGZkKxKv
zIvwdpk(%QE5dHjT>r)Un|5>J4e+%Ve8`)s;h;NZ~7@h@Mo<}qU&k*n$MxU1F52WUk
ze>nWzxmtVLjj()puKPo)|B9gBEl0Da8Gm!8)KAZ3zr`52da>^KX0hcs?t6^4&SbdQ
zGtuAOIE?;gSm)iWJ0as1-IPbX&ZP~Vh{_G%r99$JS5i}7BsaiZRU_Q~OUeykT@S`1
z)=)n2#Pz{r;}$w-?sOUZmD4xqMLN^q=0t~M|o7bQ3CcmNLPP93%)>cwH$kPnFGI)--
z8WqJsoa^E#`Dk8zQx~;>J2&lJoHNDC*z4KnIr{y0>&5e~^i+8NSanv(KquvRkPE3&*O4h}fb^i;3OrIR*3?KL-eV=+*CRo(r%Q;>-hwmXo`-x0
ztUW#JIS=YLt#b5Swpq5NN;#VBr>JlL7dXG1tEwp#ePXUur-BTz_Yq%h8|=&X?ohsa
zsQy*G8EbWrghv93(4DmEEK+qXhQJ_t`(do*GXc9w6E64PN(n3dr(eS)6y5txuPBn$4vHnFGYb&LNq!V+U_;WudI
z8H&{YhyD*)-p5${xm>pdW8D9e^`NEj-XPk)=&q8qejU*?i8tgk9l(Plzle3;UD?l3
zZLe&&Ka_vBm-BdBNS3-&oqe}gGL8n5alhU=F%vG565wKtb+fI>iE*)kanYDOdtAK3
z-;~fd>$?5{)}1MQ=ky+9svJ9HOqFB9Mnp!1^MN}5pqBMS71BAqG)^B4ar$U7`)Hwa
zkq>=rt4f}7FRYYuxf-Y5S4DiOD1tGHYMSM@Q|tLF_lLNJ0d(vh{wpDlHUn^B;;5bIJY5sNjew%pwzjv50cJBv;TV~
zo?WbEhWf=e%yCgVP<02$TnpNNTS;fw{=3SjZfzwSALj2wKiySHK<|Mc0vPvbZJ{c(
zu`K}_2e|7A!E@_;Uf}ucx8Z%g4Cus2bqMZ7q%S$_N4Sfg?KzyGxLVHviyazIu=hwQUYJl=`T#Vp0n{m6uhBT`V_Cg);`W5iIO>^?Tcb4gK{Krd$
zaej^nokLo3H|6Oy`KMjt9Y57J1==#J+NMK>CvI(1pgFO%O||+E(F@ekRft+T+uM?N
z@LY?^P_7PYE~)QZBlD*`3-Gr^*>5-cG&Y-M6sD0eLRzj3xnI
zklx^W0t+kL$Km%Q?g!5;(x
zxPGL)B&vQS+?8ej6*J!u_4Nq!6{?8t>wf6#uc5C{Mf|?*FYAUit${lhbsIAF?_34O
zciP%R6$RJM)%`T*Cp9MRJsqLFf0y$d-~n^T;h0$0_8jk({IVBv_SVRpb?RAw=aXNi
z>({Go_$;iR?WJcncxJPos!;dBQ!p0RDiz|itP5Lussi!x=h~+=$@)1M=QG%o(B2^1
z%{}=ltQqs-$#zvo)+T;ZwqM2H!P!~j|XVAW_
zCW+e3TD3{gZi6#eAsz+ToM6}#l=-z|@(crvmeUzNo!|_=C(kgzYiga?Q?gEM!>Nk6
zbz+;MVQGW&jkz*(+P8Z^Zt{gQ@Gc+n(Aj{$%g}C#dm3ZL)E?@bgZ!Qw-u1#B*h@8c
z@%wGswi?t0We|&CNskAfkb59^#VU`__(E90L+Rlw83y`_~y#Ic}@4x@8ychAVe23eD(6%6^-Xq?>dD#_iyd&Bl4b{r~8SjTJ
zT_`tL?UTquO55a>Xnvl3c*aleKKdp5S9*DT#X|y5a>QLL-pXhw$55rvt{PuZmSEvf*z*LNtx@Gd?cvq#hZ}a@I?*)_}nt)EH
zPqF{}VfO*j;bfx2(f4L0*OeQ+Df2J7#j0Q;IQtmReK%1CT4mwWbo%
zLgrxPw(nVTFgiId+V_o&7xVuV?<8e&y%>Eq#-EMkVI1YNQTUCN-xSVtlCKI0XJ2#Q
z`Zvl>>9pW2EiT@kV!RFBKwq|&iMeVmAWO!J_m0#T#oAziRXaC6XWIqUOwNeLPtaR{l4H0`U<+GG<3@{u|
zPRe{Uk#9Bg+u6W2lVRI5DRGAI+R5ZnoGALl?S(VL+{-Ypxi0B?JYU7x!2DmiA93A;`Fw`?*fsR8@lQCO_IZeh
zTSNN(Q7haRTJ4{3j?*kU&Sdqs?uzI;Q={r>AUx|Pp!R{xIPWW
zAI;~yE~$j$O%WVtF^(rE)E;IV)I!q+g?b*rcXW!SPCyptgpI~O>UzGY9(ZB*(W`75
zJUD^pYN~Auzm3MR^rQHI=hQeM^UaXHK7!BqzJTi(pC#~3=R(6nIl{P>j!u4_o4U{*
zg>Z)7NM6}C&Kootmi0F!j-7yG)6NEeTlCmY#;Y@kb~~&AIZd2JB)*~p`u9(B{!%S@
zcQC)4!cRBXyVx9-_|e%{XddS~Q?O{cz4b$c6|S9X3H3T6>#qmiQJr1nuTm_zd`-NK
zfqXwu*^TxWmH+T-3*M4u#@pkJw_{&Ryv4)$Y;YOD|JUd*YD~Dv_B%kfU%V&r%;bo2
zhn?}`6?t_a?pjCbEx@{Shbwa)nTcPs{v7pn^ahd*K*8ebs}H%L4<
z6&{KypLR43w-XM>c-#wD6%IGV;IKHTa`&fBle_;h#-aZz(pQ;pyO(2g_CuRIXP6JA
zIG6~&Zp-=Ed{x3PmcB*Z|D2!KbyeP1S|k^)#sBe_4&!XZ|M6m6n*sVi{+fNTM#e2X
zfotab=^(?ed;Gic1ZfOE-?(`{{gC0eaUAbclP8Fmf5OTiOr=j#`Gd(T@!_lThbtIA
z&oCaiBG)&Cu3%g|j2Tb=-*;^H(X;G(*LuYQ*CZ=kP1<6!@T}_@uJuZ<;{x!&tWQjd~_y1CN
z?cq^XN&a;DcFYUtKqGOK@uoX4q!Xoeq8mR0+)f(OdFQwGQCI@6SBnOm5`&_A&0KazO8^TT|G
zj4dlLupj11dEH78Tj_@11x>Skh1`Ccy{S;OpD;FJKfbS!U4`&h^+g)k`~t8MN3f0r
zsDt~2^W-p}FqYvyp^9!LE}zi4ZbjE8w5?l-^a+_@JP85u9DWyU!aH@AEz1P29Kb6N
z-bn&pd4N~FJ3zPi+n6KJ$;NjKF%R*pQo}C?@XNz-0WyJK+}~<&w8e%0dQRB4SBlR<
z`~$G(cDdO-yFBc{UCGh}*u58uYk`Mewzsi{ooU3g(Mp(y8`$N>6iXdHqgG|*35w-%
zpF`Uad1?n*+JTm(M9b2GtI$`+@GeAYt}(AJ!pCMWNaFWFR#V&*@N8Q+&m>;P7ha}9
zuS|D%nY`#S-6(&YA34B}GT_HzKVr?f*@J#JTN9{fW82%&H1h**gfARyu`9)n#A}~^{)t$>;^80O0iO=`szUsm0sQl@=c9O)sosD5
z1pSB)$#@1Q&fZoB&)&FS70;(RpYZ&mI>@JJ+P%8n%?`KMv#n7yOOWo+rI+#*>E+R(
z7h`8Yw_Ns_K%b;@nVSbPHxFcPDaqVY&?ECe2h8RE{&j|jOD)poWd`=M#kX8+ER`ze
z7Q);wz4F|jTc|(xMZN0{O{KG?#$_<~7n`uXfOrnSHMEMH_v4_W$AMPkKr082`A;1G
z(1m9~^LKsd7Bt&WbKeo6t7~_t_V?h~_~-WwkPijsw_7v6YiNG+9855`Yhj*8%F8bZ
zM``U@^bzXM?IbQQFy}yC^!2Tn-=d8E+{H4WlS`xuB|bm>Iz``45A!}!Cr8Wd*mj)r
zZk7Xc{cx1r;(Sh!igaby{Wa&hZvLB*ugAYM;NLXhpO=ZeAILk@(V(xR_&1OE_iw+)
zyfnD(%4e^R!N(b#M|N0y73Tq@c$aaQ@dw>OHe$0!c00@}DH-g!|G$Gp&)JJEDKtfA|xaqC_8|AXEQ^Z$Po
zJHJ*c&=720-vahL*sBl87Pe1guddSAtB-*$d>QQ3m%&~Q&vRtmRpn+WQ`@a6+-@B$
zP9eUmQuCh;ciHk{@C9W&Id72@?b$VkRVArX^-|!$qIht-!^S@>_BVR+mBKNlgdD*h
z$(Ijw=mt6n8rXpbtAPe~pg}3n;BlbADDZF;cxa!326muP^RM8l5DO4xm&JlZ(;n&{EM4Qq;+2Byo>umAHNtwA2$hoyv^&3
zK8tS@XYm2AQ}-->K*XQ?&~SjqK^WPg0zH`w;e3VX=NUW`jj#9|`PlZrJM&-&UvYR)
zoS~Oc-082+#D}kV3t?leJu@}FVycS&ekK}UvG-&&zTzCh=&+m#$5;G_>bZ0}gs(U_
z7{XV)hWbBr`pWo>BYt1IC
zouN~R4Jhy!Rs6Odc-BjD{&N-o`BZ#(jJolUr()+1LHSYJ|24JmhVnhs{*S5syi@vl
zt2nkjjdw1O!4|orzrn{_;`iXaC6CNwLwY#A=*O@=7q)EJUDxU*Oo+h`x@>A$e&_B^
z8EheI8$QdzXSc{o7X8ob+orxxZn;fT`qlRDqBfK0nSU=2+txtizaKf0BvkLg(k5l|1i-Er54blh}%Ydft-6bzQZ;
z5@ZEwQ`K8GvBlx=#<`eu4Al7cu;BvpgvIfTmpqueftjp^jrnAsc~GxI4~;dhY!N>++E-?BMg9qQ5$M&{!7PLPSVlZ#qj
zI=Q^Xce1Xfb1;OFIiD~;$4`bZG97pqn0WCF@uC;r+at~!^4V&C%$$wP7R19vJ*l9K
zfu7WUUkh?3^0%Wr6#D-(Sv8@T6GzP-T7FWC!-Vk%W5qM2^To4(mx$f@E5dlnI;o%6
z)uVU*@gB(1l<^TFkLyc=h}*g8tZxu;JC(DtDIB-6T*ZHQPxzOUnD;^h(Qqlz@QL>X
zZs(H*6;FGtST+fJYJg&)YTiSi(2N8r!L`@}_$7t>;Ur*3Ll3>T4e>VJT{N9%P!sR>_7xOVx_s$PK?Ferq_;#wK%}WO>Ajao
z?*v486Odj)QBXl5y%T!qp?3%!qy-2iq(1)sGtY}XXJ_s=J3F&;?|sg>uFo^shir*+Ux}4X^&zVze2>1ZtXa3UAL+ikpLH3Ii!At6ACjvFN~7xHx3T!
zovR%B78KuDf>nq_KQQ+BXaMQ%j-^EZeX;Bqi=hdk`gr6Xd23#vdYQ3Tfx~c&>c90>
zncsF5dE>AYX{+#leTi^SLnm^fv8d&LCJj`Rf7Y*CW?|*c`|K~S9jv?si~M_YY@{2F
z4yXMU5L5}(R2qsYl`}cCu1VxOIKk6Anpnl?*gg|oFRU;Vsg~!Ws$lcE7xm34Cv}=R
zkug7qn&A_L@T=zPl(=d2I^kg_S`2Oi0u1>`HG`92BK>zTb1ppiRmFYl1W=;%DRfyk
zw5=7`l5+LV{9c>w<9rU8wcJ~Tp@<-lJCad-2Qi2VrdPHXx=bcB!#>YS1AY;gcu4Ga?rp`=Yk|IR_0;?^xPiR5NY&bFE2ph
zUIzwvb(5(tfTps*(=hpQXMTKNcFQ9_kMgX71F>+gGF3l$bqyR^yV82l`h98D
zt}~}sQFe#3ci3>@Zm{)D^9GP7+i;&*y;(m!f>+Sn=!*p1MDconpk>*R3VBlK=IKem
zlJH=@+&vyXGor=!Q+qDDELg3N?z1D=A>Y?KHWy0iSim%g2sl*V$RGLzIHCR!JP&`Z
z=pbdZb!)|YVKN~&hm*-aeK%W-!K27iqz`s(bI7x!M~^xd6C}hQunRLsv6Y>WF5>b3
z93=Eud7_)mrir0JPZgnuj^}MGg+OVz$#b_4yaKf&-}AzTmfe>3-p~Cf#RAC~I}d^P
z%FD*=ZV0<3XBaWtKjE4cj`OP3iK4?Q4P70}GZz9c-!Yr$&L|qvOrsKQd6OwlKUIAt
zUHJV1Z#n%S)>}RVyU~WCfb0c8KmO4Q5%nl7E=XJ0OC?a)LniM(H`*DQO=I5Q?*E*#
zDI3e$>UbTT8hK&qY&P`HlQuDs3;fD=m%HymavEtj%!O~0>UrQZ>k;psmK+~)TX8py
z9Xjl-wR_83D`kr7pv!;a@lIfG0GpXEjpUdTs^l0gJ0(&cpSGrO>0*8$>I~W6M0HT1
zqT@%-kDY_A1lzpHkt{D-xefP)t@xW*(uBq7?%^*}Q^ww={{4h>-+cd*4pqI;v2^lv
zgFWle9Yc^FJnemvma+8igW6%LyF2TF
z<**p3BHJkSYPWO;xPH(~dvFA^*#gUQjv_y^+IC8bLyYrge7pMHh1Mm$s3rpX1y7V3
zwGQeMuPm-5)`7}Axvf8|>hl6tPjsA+p(5#UrOz2@UC!19r&0pEp_G0_!-=mIZ|-Y8
zzkW`iF2{iG=?UWzAM~VYP6+{=DKte}Rqak>V_nkDv~=5k!yrilu+ZHlEHUq#RZcmV4c)4{K>!3({j}X+-|25
z1lh&CRdM3UrSp>;Dp{~|&+C#-qV5T^{y6NV!_t2*?=#81F5q!%vm)^A+~P~(&?@(|
z@spdYD8-2^STR7KF|_v1E*tU8Z{!!0f90mT>Czud2g9wrwx`Gb*8i9Th~W)IjdkJ+
zg+ZnbR%7K|W_ff@`)zxn7`vgF$d>vqOZj_H({CH3^E(8x?WNiu+=mG{UKu%2`6dkL
zy66x`2yDiF_(q^!bpo)g{ZdR3UR_2J`o6T!!*D3{4T3@Y@-3SPO7U}F2K%{c60`96
ziXry+-I2e)OGjkrQ=&A3IrJOd@q_EpU||3_(F5P}Pb&xYyhr$AS0h!bwXS%JAhz+)
zjWuW3vmsYBm~40rpPwA;nVvL!8@~;Jp?=w4hs4wysXrbkeJ1|3sZwz7_`a7B2tHR{XwMqobz7iqJq_*JK2EG
zC%+JOEHboi8;CwQXzWs{Mj)Br;=}H(6lWx3)1pBa*68+
zF77M;vaSr_`w#5VyQFEZ_lF}`h_<3!!&h~1|Yai
zZZ7TXd4UnAKJI=Bq>a{hu867UYqp%sIFPvKAd~r=5NH&DeJ^(;cIM7NN
z^&C&7oWK<4WA@YdlZaLI%-xlBCix1qnmo9P(yjzvhX>V1*N&D
z#}%=gVV8b>pW=gnVxBf36IQyRL8VlBHqedYIINv@t8x|j9(*Tnt(C^DuIGi~d-&P}W(P%uS%)l560N(Q?)AAGWyUKL_qq08)YxK0vU_51k?
zXqjuRYI^@4%Ugi!Fu)ws{3X->z6dnZF^)nz?9s5CBS&Rz;_pGFfmwRBoKBT{aKT7N
zrqw%%&m-)=t+GkU+TC_e@7=lm&E0})SprIXoMS|JrKKluNFy?-{s&nJ4nH&=F{SBQ6@$~Uq2rG@u${nlTuc%aK%m`EA)?5A5Qt0q>
zhtTt`h9^dWer_|P-)?x2_nRw!EoEp=#X!U2)Wg~AM?E&j{;voZH%`ar{@Gt{ht;V(
zSJ?3^psNwH7HfQ1IQY32@tN;*#o`M~tu|l3J3^iT7HhlDpa%NRARfd(^>;xmakVum
zb|OJml}0(yf)TzKRg<|}a^lzCAN=b2ZtvI04Ky!>Uj2RJF#fMF3hb6tSnbbhbD`dB
z*1ZI%=Vj8+)5PY0uv8xG_=mLYzgmt4Z@#Z{SKt#`X1UXbqs=$)?1AMsP^_jipAK%G
zdE7nq;QHFkfJmXa+A?Hk9<~XQHnMH4G^2BWq=FmJ>rY+qOezzFqXMbLnB92t%ojhe)2m3@hWx^M
zx@&E+N_MM-r0)B@gN-8yT=F2Vx|l=!+cx{VjRs)N;O@H10X(2&Rp8&*GeTC(IEeux
zdea&SkLP)3Meyyx=5=posJ77^Pd)#EePS+fMObGt|xypMdeDpX5R_yH0Hw||0C8fMd6u5n0*o(X8G)zB1Y*e0G7Ii-9TMtd!
zA$SDvTvB6W0x&-rF7V{jp)`t`(~1>QpbB2B?dRt^$8U3NV=c==DK0hxgLxG-r@op(
z9_W5mF)xcn4Tnn)OA>S`Om|xDR1OXMl!Z(1$GgEYHGE*E(;FSh`3v(Qe&o1J7Ptr7-9m@>y@2oxt`qnfICx$pnK-Z|>*i
z2=s8*Kk{b|v9()h&h)Ke#0BQtXI)m~mI;T!$2T)~0aTagJV_6O%J#?6OeN*ZW&2E=
zC^;R()MN1-ol-Ar`8r$90sOtX;b(6TYHmCGKYQJ(SqJ|&hGgCV_yMWrWL>gm&131m
z6iTEKhcFq?R8kW5k|y8hXc#9Lryl(>vWW#wPLB3-3(fA(`D8&?hqUhLsF
z04PNJTn_!Dn9pbi0CvxB&povpjeNUC>E?p=0Ag=nEWCYv%rlzT#UoN
zWaltd>W%_nma;TQD#v<7mNI#5la>F$n0(EZ;mST~BBi$=N20Z`N1Q-vJht>j{Wfjn
zzN&C=Rem`1yl~WMiRuh;Nf&W>+o!4wKY#iYdL?))KCY9e;lbhzgNJHCUDY*aHIz7i1VnwbW&v>=7E0s6aDh8p6$i7Q;)s%2(B-zc|%I)b}<CbgkfVHaonb
z=L3_zssbo>eoWSHMXRlpn&7;+&4{NJZi9@hvOYcWY(xKaM^c6sg9xShB+mQdunzaq
zpYG&GCGMn3Q_-%|;X}vENp55R*4{sZ8^KGHkgfF)Cd4`$z8k(Q+U6|Y?~VJ4p|
zk%gX<_=E}v*Nb1&oRgz&a9yH&SRuL0fHIx#rd({x-fq1(Hc+GrL0$G9lB*fu(b?yqOj5vbAD$Hh&u}phwiw4CYCsn>-T*&_7d|U%Uw!ah8s!jsvItu=JhHL#!a*j6Bq8u={<~P1)=_q`n
z^&*#>Z}b+oOxA;0nQ{$PcDO#dw$Pl!xcuKo+}gJ$ouXn@_PErKFu%
zXi=&|i3TdYX*p58z-|&(Z}wO%*EPbSR)gEYcz~e31dJZu@J#CqeLy9=w9!T$@K2yx
zepa5_GmI)a(~S9I|I~Ptt%N8uOhDa1!eTlsZy^1PAfG^+Sk5qSGU71<>{P+{oJ)e_
z8b?|v`$%l0CsD6VFdY^6WCBJq8NsBQ}=2T~zsD3Qb4rPi?QgP_KmL}Zp`pXJDbkQcVI@|dG<$d!{T
z|ChUzy||QhW1)8V8BaGTrYhvI9#VUv9dNc>43`0`~04uXb_u}0c
z+E*5h_MCItl?#^>3t28j?FGB@7?UHi#^=9N7r8+DrgC+2yTvFqq-zKLqAO8gG4dlP
z{fD%m>#-=*BR#^q4$xbq5=nB*+{muLPS{D53TvD^RhRX>Pi@g6^O^MIQA$S5h>mHg
zL^m<}|6l!6kwG&T2mJcG`Q@i(Rt{gF?k_CUa5A3aUJldNmno~|C7US&-r%zlr2Jn}
zVYdXhqhUM;#%cL3vL+cx^85V9%cU^BZjRmqVy}A_msk&jyl67}S04`e6Y!sDH-bX=
zo9(jE5^436x%c%Gr8taY)L$~bM-`=?419jL`Nza?9l2Sd<>f#0d7Hbf);fM9F?fq{
z{`HtcUvp;)9_uNQOKRo7t1a@itXQA(SMUv<*4^akeS!c20z>xKqsGW+sJ8wJ%1Y&k
z$;60vz}0QL??RjO9y5vq+W1a8a+LY{;jaT&QtUZ3e`+y`GSVR&)w>>5ds_-)Z(>&K
zu$tYD8kLK$Cap<~WF(o{urKoYXiHscU2rT(G50(s;MotDda;Lw_(jYIrHU8e))!zz
zIPuL3FnuQ=fXXgM5UUDgUKdjQD
z!Pa_($hM^zNG)`q=lm5buc!TW+n3Qri2()ZX*Z8)GE!YNF8%Xcg7KsygY%S=xN};&
zO1tsW@4+9bgF)owF$uYJbB;uGBC23$r_sHdiyvfiwk+SAi7utE2IUe3YDv!*!h5d+
z@3^hqneR0F6Y7167u@r_P{pF8xYc~-Wzk9ZNQHO4?w
z#z|dpn_)QzBEnV$ClkjJhy5Ta7-GVEURyaV&{hR^Z4V%6kX->;UJ}bAwhSro2_*wZ
zLCM=JtlWP3_7CL!^lcwJ_tSTLK&>z&&-wznnRFO@GBW6JW?XL(m}0~`pGRqP-iR4@y9;VEtRU+;}lmHA(_
zpM+LN?_8b@sFw2J^z6R%kyVFgA11)JuIJQKbVZVF%6W-0$#jOSJZ>Q(FBPG0_uB>=
z7I`_Aa%9LL=|{f}bK6VZv{m`$*V|+PBo@S+plGoAlFom9)pKWR8))UzkoL1+(T(C{
zyBNnlwC_!8-Pr3EE#v-!|9GtP*?cGVNSE}_hOK(WTV`#U*zuM<<3vQI>GZA?ST&Rw
zdwzYvJ#rdfsoTE#4d7n%e@Q(YaDh$5-Xd)Mz2LiGqr*xblpRr(dX%Ml3|-=#PmT5q
z=TDXASink3ZR)#YLOgPS`bY8H=V$3bv6M>L+y1Q@VeMZbso2+t)u98|sGjvJm7-K%-H*Q2fa#b;{md>;GS{Erf(ZY9?Bf$`
zn5y(SZyU4(+o61+q%Vq(=w-%pxR|Q6S9A4T!0a!0!T%AA7VYQEdT-?SRuesTK7gGX
z*=LbEyGL&!n2t8-*~X@$H=v?XWVtoL{{C3;Z;Kvm587dSI$Gc-jU&&iU=%PeI|#-*
zl08LtPpjPxO~^V~=C&p%#@RB0Ee;P9_F{q6{ki&&8NFUhvI&DkhG`m;ULbwQXWE
z63xm`EMIu(AhF}Zr?y%x^&jcDvlhiaI)Ik(D|c)w4IINnWbKIYBQvy{!<@W{fQUdx
z)e(iIb-CC;ne;K|IdATq(J8U3|4`GmIf^plcisC>ZEq#=NDXyK>LO1Yj>#h~L63;L
zv>vSm_si9>wX$iJm$d5$`tn`Lyo;xcs-mkP@|G`6N}E4`i+)aiTyVq^RsKW8bXaBx
zh~#JHf6o%gBX$4|uEg&ku2%;(E+qdkTd^iXo&U)kM=9#mT!2`x5T_vxY1@&tf~uxn
zyWQP7n@#cdmyY6`OGyFm!b+|V>Cd$TH;BuRHnLu#m|)N!&h2{IT_G9PTR@-+(siLM
zl+M2C#hL2~lX)pRm?!O6D8hn2kCb(Pk+c+z5vg8kjOoZK#jW1LSX4bj8W-YF#Y*KE
zcc0^%*sZsCnfs)|-|XPs#?BrSoox=^?RVff&e|Qm|=<{ANUKZ)v+C=S`fZHTkn%67?
zmHO7p{(bNnap2q}v?J&);->tYfRfV_kGO}H<|j#Cp~O!kB&hg?vXz#lN@!yR#jeM5
z%l2!MT}Keq{y&5fMD!HtLhpUkoxijvAMpgOZvSjsCd$7mH)4~-JOa&~VAr&$*r8g?
z6j2LYpV!ks?KiH;ZY!3%VD`|
zzUuDp%x`*=ZI>EUF)AV`y9w*n_fC(K!dXkZxSN6aoIxHF&g-$YVG|-EBy8v6rMS)I
z^y=|hqV-sq+@*G@wEj(m87nS4dRLIxC0vMGyOwR}HRwLy<$35(6CaFRFvyaK69bB&
z$WD#JjGhdYQGQ11>@@G01R}>?1efTJiu=V<}>M7y;KkaBqA%ne>$bb(I
z2r)1gRLi=#bkYLoeL;#LpGW8YIe*_xQMkezBGhaP;6Ei}ph=-pf`SQE!@WLS$1Q#A_z9`YLvL$)uZ<%>Vx0KblefZd%oIZsO;i_?_oVV%pCTPIw+Y-jXo)0tfzQ)#nAQim?c|*5sz#V6q8JqmCK0)qtooXbTv#s~M)=u-k$3>9{5SopYG#G-Pl-
z=~I6o_$l%MaTAOD&zvONko5^9+n9zWJ)YJCk{)mPrjTFXwv557YG1-7sY%du##
zW#6{j-a=-gvPvU<1?-4vW~vHrl~*HhlYHQZ+EACN{@`g%BQ)ixXMSD6`*d*CuX`{s
zday!swO$z?3y|*GB3Z9a85*)UAz^Q(fsI3)61jL_+tp2y+Zu!lZ!iv}JU6|E6^SGs
z*`mCajA}q(#<%}<+>lPa=C|0M39wzdP20sbYu+1sXRU>7%*B$_sy$+Bpy4ekMJ-6@
zxN!Bg0N2a;{zius?>42S35@i4sHK9QGoBLA_+kFRjz$rxDx&2@Fz`K=MqjCY$h}ZNNtngNyPC`%@eY`xqCq&IdScvyp5wj!mGQi7@{8Mfs^Vmw6>ry
zRf}t6rC`p6=cMANoAYbL(yT4@JotSFdT%wOr*2WiO%PZ
zwD(-3&Mm~}hPQDl@k4hm$k~;EbmNJini3HL*3?9%h1Y)k{qc$LpDR`h+>^F0
z{6j(UwfD|ryne5&ogGHYKCKKTN7Eb~Sh9ToX8;7%Wf|wENxVBK+_x_JX8d&eAoQx`
z&Jj6#BysL^Sz}CCg!uYl~c0Qjqb%-;(S#}lVR)scQnq4Feh)VaG7Dyw=I>Ik-ahs?llsL1EI|M1ST
z9GQ>|9g)5S!*m+S`BviO0a*EK!UT57O@*KsHVRCR+u|W;>dWjo)Vc8xX3>AHJw2k3
z&;M@v{9JUeNnZ_)(s_CDkX;F;Q}nlAUP^XFf?nqH#sNWr>?mdV>Xa+e7tHt5Wn?9r3|=HU&juRWFW;{KO0gcEP~12F}|iKZL7d&TaFuwJYyh
zwSIxt0>%r~sx?O0OJM*Nq_8DlKibZTGAltTX|vt*!_{{}h{bVGvMtvCWk}nX4Wtw=
z#b;J1mra{t?5WAa{>TsL7s9;(0U&2ru|+({*A5@t`n&+@eue?d^^q#&ODC`_{T^29J&V^Teq%0&KbP}v@@wdkdw%yB-Tz*UWyI$vy_CC
zT7GRmeu+oJ?T?0Y?`db2`grH|l9`Zxta-DaDDbbzoULS|dHWk%sih&N)@Q&I3lQoj
zhHK?&Zt}`l)y`a6Z)6GfW|<+N7J=Y~^-h#W-+a?ns}QHyXfT
zN1aWYA$*x6Kj{4f{#5)`oxx&LG$t_a$uaLw(kn_L*JsD?sq`*wgtWV=ZEdubhyf52c`b1+KRlf!7H=JMu?gL9C
zdV%jSeR-JCgl^H*UeVCoN$dD9rs&
zj`B>`Gp=Dz!^Uq)q@>44=rJFG-2CIK5_v8+u|wQrHe8naDd}-wa3-DQYI+u(2uk>B
zZ=3MGsjZ6``B<)?MO^?C1kKVNR_Zz6A@wYx)zyvduQ~=lKcb(z`#4SMU`Xq}c>1mE
z7rjLHu}*+-e1HJ-S|Py=o6eLW5DQR~@4V@J7J?
zYzhef=6~Vv-~vZV=KMFT{l^B(yy9Ji->iIiy-QrhM>?|eu1nAq;KoK$4gph(&5>IW
z_z{j=cYcXnkla2^>1d76-yGozdOVVZN`rA@zn$pR+T
zPem2WBjYjN%Kl1tNl%hwh)Vel^cwX|%lxzJNUXL*hxcbdUXi8ZE%4Gc@)-~tSL{x?
znHLuC+aywfoU<{a6i2N-_dC{0D&OeX(;S0?VF_DE-}Y_FZEp{dA8+saE`}cTpbNF
zx?LXbmU)wORc(-(oR|{IC1~3tE0$^GwHz&Ovui=gHoFApjyekwy@WgX2Q&R(9In5q
z*q5J?r6wHxC$!AvEbN{BS{RcR@ZzX(jf}LvHMD$`#8OZUyEm>ja30
z%VMq)bin+0ivnI78P;J)xgc50<2e>SEi<4QE5{vgN5@Bf;ynp9JxhEN@4~n||M)(D
z6J8-nhIz*_#fpL%(9dW8ts>pS!5ky&?#fGl_Tgb=WFt^3bD>M!igAj#W}|9ui)F1W_@66EaT2^rb5&N*S`R(5G
z*On11-i>!GwfWrFADe@8ULhTR@a?dUbt$3{R@xi+eQnEr-vtjBKQNfpYVmWp`ku?i
zwit_9gqT6@Zwl=_rAMyzHHq#vR~~jpVSpW>5jajrUOYg?6F=FMEVRQo&DM`?B6^zf
z4EtekC(SS<0fa+wA2#Q)mmO+~t-pE**-K9@(tr6hC{H=w*$pBe+fhpgkZ)7q)Txmb
z42cpOn5x$plSGWy=>K9><;xKE-_YAW*8#;h5uLwoo!y;IKjr#*(tdPTbaI=EucP4=
zMo}%~A{Ie}6uJI+$XP05l_(iXaY@IL%-^+FE_;BEI&JlVE`{au3oh&&oLPdFLn-^{sW0#0EE9jzGa
z<{lL|lPdp`PPk?-d6zuOE$u5xnt<2qZTZxpwcT^tn0q&?EV}13Fq|g^-_dQH5$v7h
zHSg+Zow_8P`0+Gn?|mmAx^RdZ{EbvlMy_*u=wNTyooto^48o
z69eA=92Q_x1I_Ar_Hcf$T`=-LG@AKpO+HuPH3v3jR(Z(@+DEj66B=1q`w_ZFQsjj%
zo$)*L#PN2gE2faAj{+3dd%TBJo^$Rvj2+WC;oEaigc98x$>{mayhZG#di%A`&)+<6
zO;t_^LB}b)`=l@XkWZ+vwcGnQn>(pu;#kt}0M7V08*huR*zk8c5%s0N6x4MHa~r54
zP2GY2ekDs_Yj*}v>p7FlueW^)sI|mKWz@n-P85Dk9Hu#SSd?6otz?y{ASd~A5tA)E
zRj5&jn>d8wQs!3huR_=$Ln$O@53D&w+Hcmq*^wt{H=`c7Ov?D!cw;2v>LTpI2?tgx
z6!4E?(3KDV0x4jtuB{z(B2_iYr{pDGf_~_!c%KF@2#^_u?iT?hz&Zg`S^-Jk25at(E=)#_u?RK4<03I`&@dFQvTf~?2*f++UQ9f@qO&K_=UAR2l>ciaQ84}
zc^j|GVF@M6hTWuR(J=ROe~qtl{{a_$*;=2;XI6n^NvP(AtBa~gK#9&f4Sy-}fU$ow
z!t-<<@RN@VQj30U=x55{A+{Zh`&XisywJoooe$j)xspAnA_%CTn#*8s&#_Z5XjwTx{UBpBJ&bD
zzT#%O=yJlf7Mb>9%sA0e<0yn4^_8-A++t*qSMauf0kE|O^BN37_N
z*Sk2ghRYXVuDdvn-&~ep|LJ=;{#D)e&}j(k2JV+Nl)mMAUNs~Yti?N^>AM;
z4N^o9;ni;+>#OUDW=5?IAd+gSyu}&nyR(6N3-wJ5vFpKc4yg0Lc>k(Pq58&Ai
ziknLT03qdCqg1M%nkI}9Ax7|D;#+6dmUNq$-^H(B!^%I5f9?*dX}@kBHO
z;}`*Z(G83_QOMj6V-(cYd8$Xga~1QLRwl86kgl25$YWg62skTwSxJ9SN&yr({HS!ZUg8Gq_S+bU%zDl(iho1V0XcItODd!tn?K1qLq=
z4Qa$+mO^a>YB2=E$c?WBnO1&`T68fB9^nfrVu%+D;kRm&tQx$te^X>1-I}7dC)^)V
z`*hbc+mC#N@0K2gedzrW@>||h=B&Vp%Tz;>a#9#(m2U<#z6Vva9Ni^Pe`MM#loTeI
z@J8(6zaz9%Oj_YyT6nwp6hELxD=%n%*5E9g<;{
zNcybHj{(8>@V7pZAn{u#cs!j&EAec?X>;vXzuE}slj9PsDoE`eB~%qGM4~<7(VZk#
zyE*|GNRw3&;JjaU*FT@S^#pK-A@!LFiLlUTHXNLB8>C-V1;obmaUhEQ8d-a?xCEBd
zzzLJ?;B^Iv;6T1p9?Y*5ZC=az)7Q5k$|sh~`J9DQJg*B$Z-&Xm-<9xO4MhAa-jXeH
zUo%~I#buW~=o6oz6f1L5zGcr4;z;J5S|})dZo2*EK1w8k6Exrd&V|p^h0i=*DObZi
z5hH&2x^Ch$Hh`|ihi1o2a)|D`b}WzY$lv?GGWa4+!9{dqZYe$VV6|kv=jbg!-ejGf
z%NI!&tkjo(hg0FMdivd%%MOM@E)-*7AQ2Pb8QAe-bDXCNla_*f#SRn!FFaz0J>GXr
z(M?H8g`>{ZT1e<5F#fT47ZS0v*4E?yE1n;~q7GN7$mv){y|#Qf;omZu+aWeFrzaPN
zeID0=rXmKMXBh3{c9rAReMyO1kT(ptR5w!FMiLSxS@?iw4EpFAUV(m?j$VJX+at80
zGM#X3&HT!(DY{T!dCWiAhjZr=|8Pr#7N$$@X#ipz8}*b0_jx|!%@;0i`y#SOUAin~
zR!#4WTd_AnnPH0ZK2^s}^vU>4Yst}Be18Zq_
z1M3PLSsvx5vjc;(`4Sr@Pn6vMqC*Y5Q>BidV{I1*Dn@K%t>%#-;Lp4$%)X
zK+iTSxvv>07g?)hk~eiJ2pj!D2_8ZP&bL0-o;xth7H}K1Ofl?*!{t8h|IlDjkVXty
znoOtTn*6!@i%UehxQs{J_}>`c1v>_Thu{FZolCI`plg6;_>wJGeJ5o*SPHFm`9YBG
z%{D*Ur}a+ERi)U;gDGmdZ3-;vzXn{gCeyE^5am*){RbTqkFg!OS6oQF;DX=LMBKE$
z8i)GE=7r1j;A4xU4vBYdg+E;XfLEQZk>b}>75>QxOIa4@cp>7T6DVc0k$RbqfDQ51
z9}4AaQ7Hr^zi9>${1XWtk=8_H>IYz_L^Q0rrsATL+X?YgKju_t*{?bkSy61ZrXOFj
z(+FBKWkssO&G?rvN`VXrXsYP-jnh+}J8Xy7IsV!G;0Jbpb}h5199h;HP6Nhhmci60
z-kN}_)5o2SrtOFuFpeDvEor!!w=vlekW_Ept&o&%hlWc5ZW3->V`taHAK85G
zWT>#*1x<;3SDkJtviOboH^}$n=-zbk=?+zO9eBAgB#ckn52tRh7qdjC_@)}1NX!+w
z`X_?Fu!0)jIZvtCH5Yj4{vfh)-5#XOMoc*ifl+|7NAXCRC53T0W&eVPRXu&bl0cbwEUo
z25VqPLNK;+NA%oa=5Vs?&DY{g_mWcxAKvc#I_~I9e>9?%Hf}2)81*9rG
z?*+(zJ0%gwd`})Nv8l=9te2%0r8@A#PO6jD>t`fRbE59L8liDG&dk*J&8{@?#iK+7A__hCy-h4M>FO8|H}+(e&BqBd2l6(R!p
zZUnS#^{lA9E{_OE>zcP00qP5F$6#NzlA39*-hOpdP5xnr)gZX1g}!!PKwaNJzc$>W
z$#>tYL{2PT&?H4s?kgL=>hHUNE%jfD{&zjsXOSo#G8f7Hqh>ex)~t)}&BO+BN-}IM$)}+gw!d>4-!)2kb(^fA_KdJID37*(%<6W2e&RpSc1`
z>kl4nlerc~1_2pNo-*W>ZkG`_&a&8_WZ1KB5-yzumz0w6;?3EvY&*_M_;UkR@3ykZ
z+F(T7ve`?RvVBOW%*8g>D4|Wb8Tw*RHmG1q
z;ydweb7CpwkVLWQY1`7iQm=31{+|kcl7}VpC^sS%dU*b
zNknuom@t$>l19co_t8J4Jpcu{)>06c%^kho`pz6;kz|wpOki1?&d9B2YYK(&?0R&b5S*s;}-DwZGvMSunRp
zs#b$7$*YI)UME$*|MKs{8{CNTUKu=0ITjnr5>RxZcmHB+|LZFR?i9%>sP(^`qIl;5
zpzG{YJo1H+1!~oxyT9wCY0Zm^`bJ_o%NOs-1#dGCof=Re6W$o09K}Flx_5>Gpdm}L
z0dGyz8HN}qcjMA2i{R%3BdP~Xs1D9GSnpCQXffOzT2^nFz>R_
z*En^;?e}Xco5ul<+WLrtOS+Qe)`3s)>t&kF_Z~l9dpBIydkvu`LZ?2HJ|-IwBY(_g
zldN(x!2f$6epDN^*QX)5o&S%c^A2jN`TDquf>Kqamxu_6Nbfb$L^_Jni%1DYdapr2
zij;tWfRxAs2uklDCG-xVcL)$5^w2{{dwG8|ch2t4+}S;U?A*Jv=bZ1ydlwm6H>!^(
z<@jfZ=}M2-y&^?cUDlu(<84okD)fB+d<96TP2CIp%Lqyt{rS>Za8tJ3waXmO;S{Jq
zYg&%}dd2bQ+t1iz6$6T04cp_bdH%l-~m_O(IZqw1ieR*C)C)MBkbZO
z2U|n4r9$d3aMS1Jl`Eyp6sbDOlBy2-eKVuV;Lt_zY}%%hVnl_b+Kj~yD_YJu!@I4R
zg3VzWwQV*!%;*@Z2yao4T{PbLP(w{T*{%^4p>w5abOIaM7$Ja4FcRg};-
zCoR{ISlX*Z&Qh`|J8S)Vz;N-v1;33D<;1P*;O&S#-0ydO@xkX~!shCDv~tX1y|!;(
zG=IMbGZKK*oGL(H(!vjvO1h1r5GOBZ!G+x`3BKIQ!#P15P=7k4d}UfdMN*WnhT1aI
zTVoQy-Wc#`I&BlZN9Xu!oZRd{?V+`_9fNWMy{PImYakt)lhSt){^7UHEbZMoe+Gst
zn~el(*zg%z&IwiZ{fT>(?@f!cBtBGUe(LjiV#vmqWal5B2`ugTSta(9$FR7#xa=ln
z!Zoi09lDHeJEYj4+m%GG_#;{|%fX{fD5U=*c_%jC&L+miE>D^cZ|0&zv|kcBS_Jh2
z<6(bal-iNK_#Io1tYo9Q
zb!GZq&uoc5-H{U|&Zj$ol{vVG^L^WbdoD(R3G?7DD-Oo3-&L$@O0sX|@|Uw!xs9nv?^mAF98PtiUbs>2Zn=~7V^6TK#1ryicX78LzsN&7*M
z(NslYxkEEr!kgV!TCbW{R4Bg5I|=Y62!lv)RnEeZq}EIxz&h67G89BJVosl*FkVJI
zR&|RDEb8n4eNHs~yzlNwk@jMdHzUjJms9l>|MX@T+OqnJ<$9y4wcV0i%UWRddELw}
zBrzcy?|-6qK*gwgP(rg9=eRF0k#F-0ybbdFmU_FcQH`$mM&r-F2X;rd&WadMi4RZI
z?(P^${pmhdC%%eqijw0ip`EQ)S|e4&?2$U?)%BeNK+@3CTwaYQv?l@?U9R?zrTQQ3
zsRTW%yjN~s_M)#+`}vB&4MJsdoy5w$nah3&tZp|?>n*r~Fn4(r+14W*V>p7EzJNJ5
z*pW;r0xz)m+erI3bo!x%DariFa}Mb}unKse$;wS(&?lmi~$&~
zkZBKwdT%0vp8>XIk3E-Y`Cn(iwVsD%TR%7k0>+Smv8U2TF;cb5$swz<1NCMl^aS+7
zMb>8$XE5zg70pQ#`PI+gvMoKI_L6@;KL%8J*imYH;sRC7MIAFij3p2=^Gj#mj3J_MB-zkDSm^Fc5nIbqz>YeVsDgi{&+
zm)>KYA6rUA)o;5
zf{~5Nf4uwnB3DCh0<+dS6DTT*fBW-t7WY|6I9y3iHdGC`z;2oN;ZJDgKf3KT{~~b3
zur}#wEnE7~-)W#pLN)Wk`>uG`V|g4h`Z$$l`qbBuPuB(?_!H?0gDA(=XQ{nh(8;pkC)|5oTs(@VWC>95H}iY
z{0#n|i@$|Qv)ddhlggx7h(8UUZ;_YIcej7NajUdG^XJsLL&e8E8gBqY&uX*9({|gX
z>*pTlDd7<(lAJRoB`G>Ny_Ly}OxQc?NKE=jtb^E0Jt{2z2YZiD348tl%wGxnQVBa!
zh-egJ?fsoe!?DQ;Ir~8E`f22?Cg3W?nEmkfPrs($xWvwFcbzwzB&^#@{TZ*kPTqk??t$5Fuy3Pm
zvAm_0Pg)nmhdlprh|D;3f5e?swIx=BjrE-{hU~ilJ5IeqT5u@oWgt%A{(|17ei9d;(P^du*-}c
zA^lH_iuMrlIN;0)K+q=R-nDQ!Y;+8GOMsj?f$THGVtYFQ>i
zlu`~XD$aWJFNyy7<&0RCeMvEGl*^aNaDu@PD(_#4r))%>W;WD^?7<}&3NpOnhzB@9
zirCFAeb;+w2$eTHvL%x~T9q<-OowG}rap+SMO(Ljg1Y?#?@sZiyM=)}7ZnXfX7QYw
z!)V|MHsMhvc6!E}QPFn)^2TP8)7yt^ToqyAVm|C)dpo$h6%m-e0FF}hXMt1mtDsT5
z`#GM_b7uf=+kIV*InNRk3n`HI`E_
z-;I3Y$Q>^PC)#Dxt6k$ie6Uh4T1hq4wvdDn#Jw0+5Cy7FLsB+{&ZB(GE
z3k5IqtAK8AjhNR1y?x;h+b13}le<)mxe#Pw3-;7g0%a58_A`Xt(~}b)=x{~lsl*-_
z!?FDLKiWfU+LRAB#{v>)i#O7hrjFM_-glr?H%o3cf_~g^728#0TIbVrpzwv7$e)T
z)|-cM&$||UwMtY+St{^1lKTwz*T_p(E_xiW@2D?fah{6u&maX@FrCi@>D!Qoy}?#$
zc?&G7Ap%X&WboPLtjL3I=!2p$6YtS>57C5L={Ab7uy3-C`4sTt<3$U7N?F$xNOu#;qdZz;2^KfrayN#=T>aZzr6QLvh}vK
z@h!GgrhcO?5OMm>^(1~X;W2?`QM*`?%4v|_M8H)Jkl>{>dN5i*nB$HOdxt*FI1Nu3
z_+&Jtt+MQ_1Q)2o_q?o7csTSPbGrfBoUPOQHlVzfGI2*LNA;A;@FVgT`GF?k~YF1e`B(|5`;zW^}+YoUzlVj+fB}
z?n2=Ao}3L~t7F(S=Ma)7XYl(U`6!&R3*#4rL{5$p=}vFhcxy<;W*POQJ54Cr&-JX6
z8QMDWQoE`7s9A~_hIE8OY
z#c|L4@=~@YEC%|T1@_e5h^I%Rk1X0oliegjM>5hnzuixBu{c8FS-8IOH^+w{G
z-XATwSs^G~C{8IR*}IMuDOb(&fS)+~{M&1E*qnBL3PN3Rj`EprHvW1KzhtE}TT)CUll2ZnYa?AT&mDyCKgduh&(_B}E%vbh7JwAyR?
z;l6c}nH`HVIRjUpk(ZKyJ`InGFL08w5=mptN|q$`)d+bh0v(v`JKp_LGT&yc<4Sd&
z2QMa`-*N8p%$O^CE|x&-`>%B{W#Hp$i4ZSAaI9$9(_B$7z8@|2{o*-tL9T1oh}$W)
znC1Cd-W|tO*1cN`-^A`(F%77f05qidh56uYb5g^&nQJWqtIF`_PNCfX*+(#l$Q38OD%4vrzCIl74gG|7=u6
zK+~3QoY+!cFo~HzA@V@gnZfCt^TzzLmXnv$T_?$f{hjL?6`Np_WleitRVB6v{a#sf
zIovN9FqxDP=}SoTaWgOi^OlV+oA1aU(yC|rF7I}@#uy$U^(Plfp;Grs!O%=<`r(;S
za0;sMdBVSe)vw(RM*$@xC(&3}sv*Eur4s^q=K)&o`A5q{laZqowU(iq#SJvhmey*@H>ZfhDD7!SOkzByIPp4d$7YH;FiIcvp+A
z)}ZG@6b~!933@7UXZKPT-PC(3oYv8*_|_}TgJ5tqxVW9vje+-ElfVZHYW-RIr}wJO
zS~D7cZc14vglXhwq&H=zp7TEjX~=AKzWIWS(kWdJ#Q_9KqBe38pK6R)Gp}LP{RIV>
z!B3k{k#Sadt9&uA-jMZDX>j7Pt`WRzuXSh->wCT`99fn346gX3s;MFzO+pFxwWch?399D5NkzocK!Xx5TNDMLa>v3=&^*YGN2uOkF3{<=lF!_{q
zYnwamj#zUp8uass06*M0&wN5q3KG@?TUqZ)ZeoJbg7FAxg!Tyz%rjWIV&$J|QHUtD
z>Km%j4fry&A4*OX@spk>wOpQrw<(5_D9}F}_{Lz(r>D`D{v%k`n!~_6Ao-r_^-Y5=h3z_EN
zg_y0cIQ!}Kh1@Q@Sr8n@-;3saf4H*`-2yf4EcQbOZtn__D@)Cwg%#+u$`hu)>;6}(
z%x0Y{1m&BEy=M9fy>EKE-TX8JO=zfFs#ypyWz%did{UaTwHS5EkxF$zT0FgkE$3Rp
z(p6n$3hh-3BrXSSrYxt@H8)+SW{1AOvKFSe&Thsr-KqAk`}1&GCRWQtZYoiCHo?6n8pM1OEk@%O_D@pk_L}$8QXtH
zA!@&?rd?jr3dOC?-@(GAPMm$@=O0W10X#1%1TFH(HUyt7-m_iMv>mXVa`yun05sTm
zc*gg=)W4!{oEuTtE|3(I@amV=?%>{Prh!dN-Brvnhf?`7y0svY?h%=Os8!5KhV@Ro
z4&wbMX7~SE2DFE$Mh2HlE8J>MRQCgmOaonk+$=9i;L1N1
z-`@`#__DJ)6&S}}eX_q%{)S-I9%7yWf2y^ThYf%q9$e$X|9$VDT59|hM6m6f>O4XG
z%6V`)oSpT`n&uVE+ehm505eI(o{`kQOL+`Qc}#x^c^5qk%(F<{h&{sO8Z1f7$o^8$
zBGEmg<;1nHk*uu?W!C;p2-O3uV5Us~q~whBGrqNdPYUr)_PyT@6h{_=wM@T}D%{_$
zgu5tf5nylK<||v&og!TlmznhqS+@fIr0iTeui0Ile*ZOBV?hb9b<+M}EEI+1T?Kb1xBFuF;XJq#weJ*J^WuxVj1KV9jIpCQ
znghw1*b|6puz`LOxXlL7U8oqb9C*Z*azTB8ax0d8g<7XPmHkrhM08hT;xK5V^tB5C
zRQy-%Uubc2mS$oa6IVFlI2eRp$bN|4BlX&~o?d?ohupXE(b&s5X~@i7BwLgHZ&LAt
zbD)8~m-#KT+%4*|RzG#q^ciB|GlqLaV}RG|!q^t>OkO3lZiCMrd=+iw8J7dA_1ik}
z_h0#mK!ol)c)4zEpLDX>rc>nQe$>Vg*bLXx>6DkxYs*E!J`o});T0Venr{IRAw7T9
zt>};Y*NA#W9ZVZq?NMfV$pru^n17%rWcL0_um~XcUjGGHRKDz5QY?DOsI^mJlMwPq
zpAQndmoM*D4W-7lDz;S;I3t5VJ2Dl=_`k-^9@*NLZ9!R(_lc7VKt(!Xb5o5_&$VxU
z-^5+gY!vj@TN`{%{mrEP?}V&`bu7wxBh|(kTz;ZK84!QBVITnK?h!941FG0CSt0r4
z%>S-)_Xr0^zvO7qyzGO8PP9Tkw(N|8XXk^?k|tu%
zbY6nHIn{rbehdQN9?_K-o<c(s
zSK5oujtXjrI4V}leIb0}T~TVF3#G1HsX59$$nf@6@p3OZ{~7zWcT69E-gigJWGy4N
z0a!oboAY6jrFkKTDX+F_#8o&U{{bX=C!*8e3m_Q-C4#I{^My^nAEV}?A?0Fx0GhAudTWZa=zt_$!w8wmh54$D*QTDZTK@j)*{=Nlo-W+D@JO6^|x|+I>yOOYNlQv1IT`8JMC&tNsjGem6^_jVs
zj8L{*qF`@WaT8Ax0Dj=*bh+uG
z4o!!khDu!OFPp!u;U0Bi?j51&=aN*cKe!8!%kFL1+Y)aYY0Qz*Jx3}M<3k2E+T8xT
z@WmU0z_bW@VO8urp?K&`aIKtva?#)CA9DyrVS}62E3c%JKY|@J%k^CWO6v@mH8Mue
z>)V})V}Wtu)5AIZ@i?eY=hDBKi|9T)j2O62qBvLaAz76VpnQn8`#^!7FZhFb2#P&Q
z6n*i;+>c=6%<~5AePPi(_w+eLO}gGAU$!fp92%{WK5;g?idzUB=!en}E7EnY_JYhD
zi;ll%ww*h9;teW>#trr(Rsj3gia0|naXMSu&wE0Aj9oZeC*+o5WW|+*f?k7=!%}PK
zgX%Q_hRKLvp(n!SkYB@_1hT6)@6=B||4;?|Q8dff4P_a;4qEbT-K?StpxS)ib+E*!NC_q{*J}J0lR?}&#S=&Nlr{02yO^i^=WSZng>0$*96OPem%$FMW7%atHGjC}
zkL9*^NG%)kylbWqs2^9CR~V{+-Z_dT~(5)ISP3dFVIb{9K^iG%3(17bC^(PcIfeA_cD|I
z(G_kyP&L5e-Gi@KMQg@JfZpZx??6tvA#WGx#(;rzH0!!xTMLg(0kjp0;fk8S#L<9
z-tf+D*A`sv966rH9ET8gS{Ja+NznpdmvneLeJN3HA|j9hm~vxzXOs5&iM!g=jAL8)
zagNkpg;o6Q%V=K@t4xMtTPfMh8)AS-wi6*>^p#FN|)1yyMpghr_
z$s-oHK0jCRlA}JR3#~IeEioyb^I$5mZKtIl8^5TrcaLD?0v2=u2c}LIA&!0EM^_=i4yKC$%Bn?wM`Oa|;fH!Ix}j0dl@(~VVu&vgj_IsR
zY)behAOil@z5u+m_l^H1nxQp=^JK4&^SpcRy>H~k$12#Ip>Io}dqGtgI|}`?9V|Yw
z^~vvoZ3eQV(B@S>Bra=3H$G-fk6sEMwF*n#haN4d@mlj7f{HX7EP_Tm+n(m8>;j-Q
z#dIGQxOba2F1tqbn-pRjRmS&!Avyw7>!53VNs7c+9a@`z&YvkZXuG8sMDl*<@vbF5
zLVXoWRbMB*8TM!XrNWu_9Yj($%~I{f0fj!74t})
zc&0AajwOhW3E&>C!_Ke`XDAR1YvFXyJvh5pIPA#=%sP>
z>p6|m+0)*jDKxuEx5E*3YZUwxJwpfD!jDXw&v_;V7DtIKgZx)0`OQHcF#O1jpIs9ofXeuyjNLVmY
zO(CC`;v*m5;4|S)d3PD|W`=Yy5n+BTU>!U4V^F*|px|L35$=JtsrvXen(wrASR9Gt
zE6?7#dd-nJF1kWo@D0KfrbB+tejI77`in;(ektpcYk~rQ6K}xT1|erN+(H?$ob2V%
zQy&xq1DbR5%>=#P8QZi39=do$>G_2j{!W4~S^OSw92&E`p8`}kJ-Z|x2|ztU^bYBY
zeh`nypmVq`>5f*plXor>&EG#-g^JEl=a#*l;%d=q`a2!Q%rkvR=x4IVOonW)o)z!{RC7WuQZOf+@D@
z|B~s~Z?=aW@(g{c=ve7)4N=}`1N;9SLf)4p?SJCQC;q84E~1ehg@4Qd1beA+vJNqv
zioHMDzVE5g_HWI|Jr4C?2c7W!yy-I6owtV-@(V1K1RJxi3Vp4I_Wi
z>K;{MTPo;5(#x=BGR@p$4XB~K)TnZbp{F9QaG!26w7$Z{
z3`0tSWJy!-iM@ZJiEC)K4U$z!NP@;D5o5M(%&YjZxKAdG7iUa2TM;j(wn77zo#iqT
z#ZOom1;3i*GD*<*&K4j`C8~CQk%tGfby;Go_s3AvRapeHGM2+x&WazZP~#)`cY+iXv=OvrKfERe^>0KFG*PzV#>=
zFC&ZfybL%wL4HOehakzwfdL3jA6SOdVfB*vq5|ny#KDFx9M2$y4*w(mVVQlN^Fn;}
z4@d3MO}PFo{R5{c!>FqJ^!>>cZ{^>Sl)Q>>iMmOGrB9OIRX4Qov`)a0
z$h5Cdh@0Hrt+CxdOOb1I#-S2Y#L=gpV~tBgn(FR`WdK?7TR*eEcy_Rpxigf~yZ{#mLg89FMo<7%C1v|fFY&U^)yUWivY!aCXd@C?|9O-pBs1n*|PpW8d
zHwn4zVoL3Yx{LoB;s8$Rd$RnWU`n1~@0I)(?hgrGA4Y2ULINC~oW<5(#MJwB*2%Kw
z%673^-S4R3M9NJ>TGAanha&zaj))z1aVnQ+kC_E!OeffQZ-mRry>gCtCJ*l3N=LHn
zp_bvB_=+ySi*o4DiLioyqjj8gbMHQz?1r_u2SU&M@dlI*+cs@C-KezlH}xDrSGG~6
zWlAC#q!^>eH{S>J_QQ=s9EWGiQV#$gbeQ_ikkLlIebI~;d%%zk6NEOBfi+h;%g>YedyZ|WFs>GB^=l0GUT
zy#DtHK;8cN#wb%lP5@YYL53XltfWp{BfDfdeM9t919R5}?BNOGvk;tCG1p=}nN2Mo
z5zHHu^sb~9CY>SNmdF@hNKan26_ETEPg8s@LZ>pd
zY_hf1@Wh&M(Xjh)Tc#yz=fA=CNDX}Z`bi9|x?X3$3BNC8j^ph}OBIj~HPyCoJJR)m
z3tZ?3`vErK!h6dp+BRF@QsShWsv+~^pL~0p*O@aL{8r^e_Y!^*O4d19vp!Y<#dKXn
zC!oxGLwN9idJYWreOP&OY7GGkvse;(5(`ciYf0eEp9uF|?@e*;~9^c#d+gj}I;8gkb&jcciQ|)L?4-Hda0Z)ZkfGU&g@n+Tihj>E-9ld+vId9V
z{`Wl#+T46?k}Y4O3-2a2P%P}eKY8C1D-$MpXUERlMR;3lyGY&gd78vGY}}Y8tpFGt
zxpFvm)aLe{G&~%`EM@CHBhtOc-P@EVr3yAX?nG+c(h~qDwA35>u&(>-p1=MpmvG$78@e==_(e~E
zFg8WfYa-FRE=V+XjfM#{RCsHgw21e#%lr2b6dx?OMl-pZA*lT0VQsDQjje7B>oSl2
zeAZNw6j{M1d}@Hg+76I#>pnkRkl4tgAYS*kFRb&j&8gMcm9&PxV$BmR&6(>Q<;bCU
z(hIt`+x!IruaSe;C`9W7>~0Em%+IVZ7^Pm`>DNr`BobIVBU+
zn2GKf|7p^_gra?;u!x3MHLisqyMcV)JVnVuMCTn_RWQ!abiS>#T})?qpyFu
zu<&Dl4{MpbGfV|grY>m-)AuQWGZ#taQr&rzV)FQNjRb_h{y_dX*nlO`g0lW*uJ&iN
zjnD^)O{E}bpOqK}rQj}i*)Vj#@httFF!WQDv_12wHN_Ri&It4AM~71V4bdCaVSjCb
zbNXomAB89>^^$I_N{gG8JGQ(!LEij!T$n)cO56<{?BV$t2B|+h1itGN2^)M-@#dF5
zQwzk0<^-K|3*r4piW0#z2xF#Ff*-tnctG(Q{6oc-#e;4~oupRy=dn1q?hg(5=(U=J
zUvB1T_;WiBz+eQ@KjOVSi4Z^E{hH`{_acaIryTX4Gyd_+Zdr*
zoLk5*oV4gV1zB{ql=%v#+4;xS<qHstbd
zdHb3y_~pf{^Bt}g{fHw5{Do)-X<=Mw^dR*${Q`|^z~92ovUxt#AK$Skf0`??nUq*a
z$CI?fvEEhBG&g!%kK4U3YYslLfnKuJgZ@qzS?|i!=
zc3-KJo-DL%DRx)031$h+e60fe{s)HLhesih%yTR%ddoZ^28}{iw`8a1{Iel1TM*M@
z=pwmFy~IGgWOFsj%lC!-aMOfqwW0`Yd_M+kJ+q33CXTXc@n}=A7qMm@T#8=8p1a8t
zi_dUW+p1sd6gp>5=!c`t3`A&V>JL>3F<65vp0+=f^y^?wyA)JeuiuTb2j&{#J)Ap<4(=-bhJQqe``A*W`l_I8LW)=$=z_H={luF
zeXSlhpH|(8w8eZ2W+QpHtk^?ObmF8??P#;#G!-GYQM=xB0J4_0r;y&ZHpztq7YVXa
zHCKhW)XW1bc8Xyr=Nqyk>5n6gHrWlw8R}Zb_J2;3t=C)b|B|$Np-c!k7e=g|OZRqx
zW_ObzX^6_BoTqpo`WLCl;)Jy15R+CjWX-(t-GbP;CRhxVBinmaT7rMM_qLndgW=A9
z^Hx`YZ(kL5%$|mV&KV6`D3{VVfQ?}JTE#5tuq+wQ6IQ{MkCL1xSHtuFAroF0o@LzN
z0DC9j0~@;OBNkg`RK5^|YWrC$LO(@d-Txg}W5#uh&*d**T4
z?Zu~CeNwY1{wg;_oaz3CyrV|Wt|yR-O5h|mN}C)wa_nFyhH~>AMo+pG%~-2Q=IXB|9PpjS5~wc
zMEsGhfnVpfy>5XP4Vtq|!K&~2^vlwn#&rEIBr~lNlXKxOg`ZBcg$*SlhR$eV_A%OQ
zJnhkOwJ>DW-F@a%QfiCG;MPkGZ7p
z94tGgBLpX15+}Pd+Rm>oC1ndT+JfYRjx7|AqY
zL2^8y7|OP{_hA_X-X-YN4}7Q#F7Mm?sq^KW@M>t`0ZPpRnxbv{qHiBF1svX$vjm-d
zc>O_FK&8#{R(0V+%;bM~9$?Wx{bZiCp!da99_%qL5}Co^^h=<*zqN_$2UKJbj|se0
zfj%N1MqD$*U#r@YcikmiT^f24kuKS!6fZVy*WIvLr)Mo2-G<;1q+7;HGwf_^
z{`ecvayn}d`{GihlEC0=Cp}5VN_;y9l!^zyO@T&uI63YLq)v`EW-`5TCSb-f=0BW|
z`MyLejIZcKwC~Bw=#A7>JG||v{Pg#Blp{zx9mL;1LCZ__UesD&LjLs|{~*_|tOf(6
z^*aBB9d@z`RVZL)G?O)E=Dq}m)-3SG1P4PDF*D?z?w)b`5gPKZ0HzB+*Gui|fu)8{
ziKcgz*%A>RC5EOnP|Bq9Arrm)TmS5MGUsW5$>Zoib~$22S?rpAlis(>LK63t#G``~
z1^7C;GV!Z)xFplNx0T0kCi$Ty%~HWR9`Z_X|WsbrDl1*
z*3iB*bO}-~_kIfZ=h1PJ?}JnXQ~gOc-{#Hu>3uG(ukI9o`fr-9P|fCa)5#^}-wy1I
zkj68_n40si^Rzrz6230}9yqD8;BIcRcF4dnd_1fu1$e`Fx}|-}8+zeeRZaQ!>MprU
zju+PJvfr+5!Vv+lFr-q{KV=JqeG}Ui;p<*Pb)Qz0KHL_325Q-B`qYD{NL_(Tv_OSc
zc%pE#vzahRmBtmpb}v#$)P|ApAo-N0s!Tyx1x%FQvm>Yl_s;!}@~sB9Fa7@O>jjQK
z;AcGOkfVDx`-;NoYH`(~vOM%haZ&XpM!H$yTm-BX5BZGE7Xd40!0sRQJzs^`$N=^t
z3CDhOwltM}7nJ5Y|B3^nBn35D`$SanI}&2Tbf+KItmKunEh;aV4<$dQEHB&y8FC&@
z^S^}Ofi1_ahP+z}lr6?}NirOWnev1Qzzb>1KN~)@_*mjTOk5K`fMEbzFVOn
zUhAi+T+|PZj8`)6J^Vg@_|h=W+;PSKBq}pY^iBLUU7s!?M`%dcPlSLteENEddXx0q3_A%RoCtVo}R>BbPwuan1>
zFndiHC3q{G;?Vl7|4_T2Mfw=sLHO4X|7G=sM1sD|4K3A%B#*a!po@Y1-rG!1HM(O(
zoSLG_ofz=Tu!h5)sF=Nb#+YC)d?W0opm=mTcGtVFRh!2C6&E~Y7Gh^X@~70zEjJlz
zk6^pRGPMg!%_RSjE&>-BEP=@{7!``1Fp&yjx&Z^+es$C>ou^S;6;jqW_q8AV172#^XOt?wlZ`&9`#$*
z2!nM9p@-jsv?Kkr4Eo+I=(|=;)uT&)%>D~&F8;{KC=p=4BoaT0@&0FDo!w2px^n$5Y%GmB%
zYRyMFl%me)8jF7ah=F(jS7`J8Vs1nDAKz5yZ+;KTf0#PI%kqc+KdICd8$D7I#+?TD
zCx|!x_=fTEDH0;na;fbd!VHXV8n!9t=&m<9FTb(UdUs+>Lnzmrd-z#2i(<=_#nxOZ`&9kkgquEJTzCq=mfc}oD}VX7ZG(vL
zJ)WD1fxjrrCetS(Bw&Ncpn2pa`Io+j~!z9z_i
z_#*|L@*w)ZJU5PVwKU?A(Rw7OKN`!AtFCNQLgFMZJFl*?=iQa*h~b*Ty!AjDMGq6f
z(JcbwUZ(YTIck{_jCm=DT`#V}1DHF`Xk$UkJp0!K7Zz{Jm3XgQ1Q9`VHA{|oiNw`j
z_y&Prf-e4C%}NU_;1_~=X|TR10PY%n42hqa%6P&XL+nP(yT`Bi5
zAIn;E+wf`lp>%d8HAk4K)3canI#Re#GPx_M>J#D?VP=p?@_*%dk>sI9oP
z$W^+#Cb3)+M;611N9<4c*37I#@1QlJFu&!6r;u#78~Z7%9>O<|m*#&QBRZrUg$qxM
zi(gE3lWWaGD|FGozU$4GTi&J@8rtJ??#sGBI`c&H77GtPIQ<2l&)qfh`;J03^Qwis
z%`E~Q24K~fK=LFPv)q&cwE7&-wn$V+s-IoadTQty)t``C3xCOPY)SO?<`$>xJGhtK
zCq8>_#q}hZcTrWFkDDucuk0ijkewGqU&&D+Yj`rx3DJ_K(L!2kQNh^6(htKj$&
zTfU$b?VsCW^MVv2VN^~G+$xbLC9-zd-T&fT!ujrmEo}a7`-A%BzQfuu+Hl4mKBUe*
zLQQef{va>s_om7MT!%<8Z)WE$)&FkgY2)aM^fHFdmt{lui;L@X!l96ZOV7GYS|nvd
z9G7pah3>UDna$D@EjY-HAF>;;RHRUCP1(dJY)n~@G+`~(+Lz9|C7(~Zz*75tcIoO;
z+XRMtvFE?@Cvy+8YdCDoJQHgt&JwrWAqKDy7Cofx=N@yf70z5P%vrEhA(hvs%z?zt
zgf9fH8YeJEO+Y`1Y%|E+T^)bYe|@uanZHTjgF@cQg=i|a
zeHoP?ph~9@qyxvy|Y>u~Oi%_ngTPU_&G777gWjy}X4mFsg>)JLyp46Ed{9{=A!
z<9}->9O`L+gF<4LceeE*6}Am`fT(u`)MV)QFnJnapG}>Nw!itYH)S37!~m(e>{6Dz
zXp$7tdCPh(9zD%hiqFe9_BCINd(O)el*OP#TO?1a>YObMkN;44-RWENK>;}!FCTtO
zbvYwV*nEa`?ciZ1Yiv>t7%qX3uC0q1lQr$1$Jo*%o{>xT9|vU;Yt3hk?}G(&FQYgc
zoGVzYix}E$#M{UPLNvwOrj0JYJA?=gU1cH{LryZ@6Rr`FdO(NwK=C%z|7Q3J=&H&1
z7&KdN#SJLHpHFFKlAEP+YNINmJ9Zb`-&=!nnh3y#V&Uk?Iugo=&@{djCJ@4|H+yX@
z9YU_B|2KR|DY(ZZ(G%ZXKlC?D*|4S2yScP?F&=IIKMyR8E??|Ju9Z{eamcsfC11dN
zjj%^I?a=aTi*^-mF*YFwZ%R(>L-Ffx!r!1zYnn>K91Gl@nsb)`2MAFu_-CgaM>{J{m&=`|)`*w^ooclf%gJ2w^+KsJ=OuJ5b>{1t=}qbY{+*TM|FE{^3`)6^#YJ_20%<|4gBbhI*BuR7}{CYf!0#?71_
z>}CO(lb$eh`)J%Cd`ZkNlOtF$C*|I1Y>+r!2pXj*XuZb2hc7UkvEO^0^=UnFmyZpN
z7iFB$Bq}1tpI_LeYM(x^Hj-5YW5O=P?~#^Y&cSrPfy&;I1<+-aDxEIOtPS
z&Y}GcP09+GFbHGAKHRRCSy65ikF0dJ^p0zI*=8s$5&nH-kF6ZoR1Gn|II(+N~mci+x-~d*LsfgcRlAK
zP5%7WN1z|M9Oj0l*L+1>6qFz=iUBKeGO56%H+U4Yv20p6iwk^y;L
z@RdY{OAA_bsv>(9p7#fE#b>HjFyQ0srIK@`W0(*d4`MpX>F2eZh=HlOlDhcuwvo$R
ze0sIi8#7gBmUQ`TuVY^!x=Y&qKj!i0E?YSw$TSxE{~62m|KmO+<9mKEihh<*Z2aR9
zgYWg_`&}WH8Mca1Si$OCq-X2Lg$#J)Bi_5FEKJ1!ktxA%kw?QZS7JzzUjQwI?<)@8
z@f@D$sY?%M1<&0@%B>ea(3ve3fkPVugVeM0UZvVW=J~-Ha{his4|ux(?#8wINg^uL?Yl|n}Cxc5DVHv;Yh7bxz%
z1j*FjMO$s$Yxs_0+i+%{1+?0;ygk`zZRvB08q0y9q*tud0dD_%J#No*
zc>8b+W5w!d7mAh4-PZm3>AOTxE=<877pC>kXrexoCikAJEqO3Y6lq4=m)qr&(S_X$
zLSNv->-MDFh+`WpySL+oXp3!MM)YL@M&~Y)ocU}=0h)S;^|ie__xuFgW8r|&G)Den
z>65YGZ7K-{V-X#xUgtmyWrq@fVny||DqFkEG~i($`-UXuap9@oIL}$kE1Y~}SB-58
z;3kW5wFXw`Vv3`%TO~YmB(f15DMLcV~c0BG$A0c!7_6i?lv{ePcZ*FsU@s787
z@>*z$B7^l<WErf5F*Pf%KJ&wqwoh
zvbx@CZOL9H%M+Lf;FBu+989lC!Dr(4IR-xn@T}h7lwUZ;&w!{}V*H!LgLuv*PUA)m|KyIfFwISlHdYZ
zhgXV|%9x|nE#W@7%O)!`@d!wtUf9p=Pe+tE*^&^#^$PHC;|HM)QK*mVW02l+b=L#T
z@&u-xx(dAk#uJ?a$fQBi2q$$X5F>Y;v}=^TK42lFDV3t(L{!MfZOR)BelzCcyF
zu;F(N`$oFLd3%x+hF}g@@-?4@*|@&(U}{{Kz_`XJZZ^IjpuIDUZyffT7%BM`^vSZ@
zCf)1CK<2w?!{<#ta&%cII*-ufWQI@`-aQ-tdyPHqg5va&*)i)xyrO%s`}BBUiS{S?sRyFhbs
zV*k}*$B(M7^tBAEp5C`Wy3f;!^c5sPK|>qn`10EZU0>bzSHRcKgso(e_hM)T>Iza
z-m4c`EOC_M4+Yu(arm#cE2^oFx@TytnZHZgG2Bi?Y57>Q|-ST&ANm<%xPYp;PgXYaYEHAQ{~rG
zdJ*0kPGCDu;+?mP(OBeuwY|#|MZ_1o2G8-lGLfL4S=ViH@*>9ltMib5Z5jAYIU9re
z2Vjg{-P?Ny#u1Zjm(#?|S$iTl9ERL2|r>r(mW0d^;&j;EUb
zXP!QO|MhJyPRzo8vk&cG0at8>^8<`slIutY3&@^6GPS}3vh(B>;)8LB@cqFzJr3sm
z!AJXl4#+Af{|$Dv4E&VSws=3&lfeH4oh<_o@&DQIAMv{ZzteT59DS>!47dPbwR?(l
zv~Fak`Al`_X-wx&DSw{DT72|wA@I6-NnrLdi
zryG}gi}AqzFNj{>{usvq&u^S$TVDq$>6=gLKj?XIb0CYJJ80z88YZV^P1~1O8{(z2
z*e2fvdAtH(>fq@<5UaF1+yO#u8dk*eARXVc;T>dmm=D!`J$7#(oAPxlfL|+4V44G-
zb6m1K-{lEl`c>3xhkO_Z+X4BuQCkXTcT9B+YS7lk$L(oysIARkxIFIqr{i8#){?00
zyD#n{a?I8(fjlGYaIK>C*aqod*lU>15xnbQ{vKeC!S~<6nuT$BFh*Q4ywCN=Vdxv$cbP#|-{3I)vr4zXTe0y*QC$
z(m(OV9pv(1eCF||lRi7+cA!T)@ZLgmn}oUzs$PQ~_-=c$Rar&0C1#QVkS>JeG8zjq
z3&z>lt|)KU!Jnksb^gs%yGHL~={q4kA~2rvUcp%Z&bZ2(pg-HW)bB)!ml-8n;;4JQ
z7~4_$sFcnRx(GZv%8Yhu$5a^?Tn#eXcZp=n5!jR9y<`aEs?#_f&<7Y-9ot7v1?V@@
zd>22T)Se~Z2=%cMX`*96nF#5L(T)vqgd=DdOgz;HcSojMdLT>YHc>LSiIVAi$|efm
zHHrdYHI-kcHeY-t#osU#UCqDm=DiXxh!rOr@5}10~<{DRW}E;
zebKSyxVJ9lZ%aqJS!rmuW{XyzSWmC3w#<%Rom;L?ub(ug=v7y@s7UQ=*!}kwUEPi~
z8t4sLXcccrKlaUyT6)xvcWvWWi;seN3LCBCqfq__(lWRVf4%ea9p7bn&fS~h
zKW4JMHrfYL{_ozD|K$SW?7ws#&-PNjlCQ@<*51qfC#UBhlfgOMFBSpbC6D?-DvnLT
zUcUnR>=MX~1xULfqnz?Hxu5{#0<_s(0(*A*JD$*DJX1;5DLsqW*{c)w1ds*#^Wop$
z==2{AvE0t_SZ*Y@ANMpbU$5go#{T-0o_7|!Q8)5a-p_zDmaD-B_2|X2=DRk?P}bVf
zr&F%kaQh-dcT_Af83Lzr*CNb;~3iD-azj^$Hy)*Uw8LC!1*7@
zgJ)PbIX-d^+HFJn4{3UGn5W;t
z)5jW)dx3U(5jT|EfA$Wk3i)^67wEG~J-_}~cgDXI($ewg;WYgD&W7~%>3KXh1okh=
zHswFy@*m{Mr83BeRJN($|9uU(C$ayD-j;zN|L=nTMMR3-Xp~E!{%GHIwkD+D9sLxS
zVJ>D!mhG^b-^Vu3JU_Mf!v!E;)MI=UoNE`#q#bw`2Jg&I(Yp8?her~Dev_xx(6|C!
zds_y!b3QV>naOiaKyP7;kM8nN8%wm8L>tSSxU5u!a5NUhhe5;>eXC{Qd<{#>gS0y}
z^i~V>3~R#>JdfZ!LAqqxn-OuH5~t$O*ju;?8_$0`&N@FH^yVE
zr@U|(Z4>&}Oz9821pK92_LE}Z-99>ucK(!JT#D@PZyEU3?R@|s2jMB)k4?*=~7c7J9y6o~u3K%BPGKr>R
zkYuL~8Ix9-Au)g0W*4tycZQj)TLqJ;F%RPyH=Y_>B&CBh23xdHa4jYR6Wd|?edpY}
z_nf=;?#fO6V8q^g?s=c@e9zy9Wn|!W;coFJ%c&gT1{thonEhY*`Q)-!6=zwUQdkyJ
z%7O2WlC3^l*+Cg`&LqD}ZiT;_Bu@x!j8SN7ivP62kNc?eJq2|!XF*QW>1B2uLf8Vg
zL7@Metnu?PCi(hvD=AGV##nQ5|6elVOG`TCR}H+IV-pu&s=nv%$kC{o|6`}%kA&r3
zkDB>Eb_)JTl>alUZ+B*WJI(6bompQX%5d~9+Irm?_AIJvxDlLQ_IB$sBGXvlG-hGh
zFI#~}94YqqDNesjL43VET2%QjVvgq$o*;kF5SbXh+7ygmS966GIer(s^4v+_85a!3?emmM=o_5p
zSjx`yi6Gl47&}tz_&6xe@BhNz?fUv}L`-rrj(!OJ>(TGZ7myr^0%tdg&)hRBL;XLU
z8*)GA3OOBa#i);U0u96V9cugdJ+^&~uEzqPNky^P!Q+F1%NuS}Fuy-i&#K$?=151nttIIjNhdPBA`cOd?`BL58a^p`~}P#gI;-H)m8
z4W7#Y+Gbv>3_bgsxgk8SAvmuxoK@Vz50L1!n!B6YwfQYAdq>^B=Uac6ij2r)e=I(E
zyNu^q)-W>dHFCeBBjA>*2A(Gg*%j-*yM^kZrLo=s%tbtsH)<)J;)refAgdbd{~=bmgB!|l~KP{MWSN?
zYAb4Xxj*+(UKM^Pwfw`tJ6^*v*x}AZ+m`$Dwow0F*k3c<)GxyQS|HT_8~p7FvDn}>
z>9YL~D4~>e#D#G)TKWDZEg|;X!+x)CMOqKPz4Z6f-v#+^ObK|Fw!-ht(3kx%_J@E@
z%uhIBZ5<@yE~@v*Ge8cp!~Yu&o*Yc2j<`9z58wNwI^@J0f}~dgnPpWu*_A#&PyNM7
zZ_Q#^iRX1H)JE>k)9;9(+tZqX-gpB$_T>TY>`i=6=36MPK*
zLCf1-NAtG7a#_bJ_@1W!*%1=I7%%qc@c?@=Q*wh
z@mXd*@-{9X`6eMBIr7)B%b5S$P1iQ0>3`On#glhh$NO^m%BlWmy+yn)m#>_Te|_$J
z<#hb(aZfh4?WrT7!;~MZqc|HCn*Q@q#HOf?IaJ#!>i0FdpXL$09Sqp^DpdAoeC4N9
z_HHVW)A-oaf$zJZ=7gU{PAMp(VHWO?GIdDIn)Pp`D2j7aGdY-s^?!T*M+`N5;F
zFN%$ZIxl>_8Sbuahyw+8*EagRo7m_*b?>!(FV9x{aOe>&r{K+C#jVK54+-!8cO$rz
z`ukC4e+ux@O9Kn5d`7F?eab#8jp`f+_S&x3debei?o
zNdMO{`X81u>3@|ZkIv`({fz66_TJqpPc*Pg9sk;s-n4%`oUvIPc6dIQ!=3MEVl9uy
zq6qyvuokf*N~pgeu7APXAR}JZV@bZ)uj)V7vOP0)E;3S+-mlLN@tA)+c00qWL>v2O
zK@IP(T9QY;Aml4;@4fH`+-F?w$1+bw?ng@dT$&xQHkqkU5ZB~H*l3>;*W++l!vn#-
z*Qfig`PYg4uBZL}8@oI*7v%QL_?<4H?Z$BS{JZr0hZ#N;%dus^hbq}CoQGQvo7J~h
zI1lF^=FS%NSJLN&uPgSjRXp)Jp}wAn&9E+aWW~BP=BKpEOG)RI%Sky%P_L=e^B<@>
zz43=mdZX%Deq7yuSK!$>JU^!Pvl`WYwnMd_)lR^ER>RrPIDS{KpY4}RGw9oXVZK5S
ziFh}BJ^2`OO~*rI5x|T1G)YCjDSKBdv
z3;NI0Qr>F^@EENWR~7O4(QlXXAdWL_UBnAKNJmZ{zDjdr3iKHF!zHXcTChCUz)=nf3KaVCt^K1J#h->@mxDkPn<%1
zue7s#y}5KJyC-V@h59ZS&IjsnW29y}*b;{29;NPUBG}a>V7L@`z`6Dj&b4K6erCFrM845*_8|$3c8M!-vskpp?-b}tnFmS?|?6Q5op{S$NNZA40FO{
z+9$+2#~-xjHw5`N$mB)DXE*W;rND!+{6C*kTPUEn4A0NOolo5WgLtXzirZ>g!n2aqAl{mt(
z*?jJp#Mz`svoehwQF?7GS9meSzSsHflCaqK&Nc%cRaor5uZ_(u&g(Itky4iRh5bcy
zCmlw67`4NRc)CZOAGbDBf2w^M`b5lQpyOBT?H>!6;aBVL4+iwLDKJ@^oyPAC>(d!v
zxSSe_Aq4xW62&
z-2Dab1pmL5lU_LQiClbK-$ec2TPDWe6~S~j
zapeD?FW2;#(i_3YfVQ9?md0Nd1HH>e-*(E`>077F)(-B&L^*sv!*Ji^s=qi#{kNKR
z`Z)mf6Zc11dVhe72Isrb;!Gu*t?pm(d>v@Uxjm))srbW&=4|-~ZU?zsMXT~HbQR-G
z;{F!&e@!O-n_*E;J378OUSG-O>w&$j=R2E8Wr<9C#Y~a^U&+f8dObS5$`|%c&q^b`
z$`|VE#{R(f6Uk>_>i@7ZbARx;_6j-ML&~6U{;<&uFKvT>=R?=O(Io$INl4fu1C3Va
zBP8sXZH-#K>DhX|Y1mVIzXFZoe&hR6)o79*-9XPBjn?%1`U-3x{foKwOA18!Zw3E-
zfw=xFL|Gu)I#K<{icI;AzaO2de{V7M?=|EDG>pr)!hC-V_umSJS<2@yvpO#yF3){l
zPAtz&9}X?IrVl;KnZ9Kr^r3V4#OOoiaz-DNR0Qb55v7jHRf764Cnv)Q`rlx~w!dZu?A-S*uDo#mq5Pj4^22NVx7nIiEz8u$
z3;yrRxEwMt7lquK@%3D3u)>=Z&)bOxo?d=xc|Q&`OzeK#hV_}|Z%N;eg8s0fLHDo6
z^TX4&BF;Xu+d$h$gGKy`T9)tA#ib_kD+7xBnW4^OOU>+atQ=q8_m}E(rqBPh7GsRf
z6K3_P<@oyQm+~}6oS*WgR`lPPuf9b%vsac_`CGJz{O=NtUVl@km;M%EFCALK>%&__
z`^OS}F4FYFaGtuBSf8hcB|Lutd$3;C=^2z2?*Anw=i6}Jt}n(MHM2e8f2WfA-2P6t7U}*@7~9}H6&X2=eoM#QAv?tdyGe7GuYMykqP3;tA+`!@7h7Z%
zZ`dl{e~Z}uRY=73x|$!&&M>IjTHx8!^;Lmwn4d7OReqB4xvbsNa-}VwYg>qaT4bJo
zg3|v*)CLsCI@0+o4Et_$p?F^T{+?fm^SD~fe_=T9iG|kZ{lG%4{i31t_lEPnb)ofn
z57G9EhDyVe0{r*F_zm9++6ZUy3=A_->ow_kB0eu1&lxe>jXW`jFP0b-wr3SuR3GsgzG+>)_yUTBiv7OeBNftM_X%mwx`uFmvhp`*k{ChL=nC
z{{qaRz|MUaoO_p4%jK^^pNQ3zZe`0~Mg5-^WY1qk&;J5kpVcvJgVt%0zl!p|3$o|0
zqWs?i#L|VnuXl&$(0pTTPSX71g|M*q?#(yQ*9&1`|6Q6-_YXT8V^af#Ts?yRW4@LC
zKP;aA`OF4`dGw~J`f1z~sZ_IP8_mypI~|Ah>hGEDf##-vG(@qf?va~=Hnp8G_&?n{
z1Fit-2B(sb-2Z^MCQxq$&65ysx0QWM#X0I9oDTaiGyklQ%RhUQ>Qz&zh$p4ypDl67
zBii$yIK=$3sPn=$;`#ICQTUCqhfEL5a>hQ_uJS+gFvmFBk*1@O;U
zM#JLR@MdI0kB6BrU*pE+g+9mgz4AqP)&uv@BoZCPdj9QSBO}!rcngN}XYh+S=*#WD
zwav%-?`k|kQC9zmdY`rbZn^LOug}hR{0{ym6B7A5pS?aNpCQkL{{E*f)wh@3&G^hd
z<_a9mTPOeX47r6k)&=GeGI})ceX48KayG{E7Rkh+1ZL59pTN7TA??{WsExp%2xAOM
zNmC%cIL7cmFjfx6{0%Y(+J8y*-0kl`-%L$zi9Z@^DOAfLZfrjFU-T!ioI`TQG@OQ`
zcOuY^Ctw_3qcjln-t7-nNlBO8@scc&k6d~#!#C6ZMvnSE8OkQHES9sw*iCKpw46Ul
zeI*@n>H~q;8sC=AgeE!8LYXs-QkQv|J(9bl)ZtkL=b#BOIkYl)w9Fi6Yfk8|rM8Y~
z4h71zH8~EkJ~c@Gm^AE?;cqf?d`TEz9L6^Q<9mkUd7AY*57rjSCb2A*vssQW#`V1)
z=AqZ6^?!@BiN=V)eupvY@
zF2!E@R_yHVXlV0VIdmo*rLiyAzc>9+Xlpab0dst|vN*McdFr5E;*WVHj|_6bttxUM
z!Pl=$`nK$#{yZ=ie^mC=$?_Me$XDfv=gj!faokU%q@QBml#tzttFS+$`lnRP6qe8B
zD(n$xm)?=^H_6MNhpU);kR5+#Ea)P;1~Ha&3yEIS`iHobebis^nL!P|2KBL9$?AB4
zR2!e3L4Ukyzc`E&)$m*$(!ALFrufVAD83%**S3;{asK-e{2tCf)*;{|jYU@>PSPP2
zC+U}OMMgR~?7cd;Qx*apWqF+#=3Z%uy9H^1t!&VMXQ_1Xc$RjG2kVR3#+oR;sbee>
zfc*n|>R@s=hxdwjcOee%j^W?-2W+>GaG0aMB<|s}u!j-bg~tUeC!I+|YFt!!#nnzN-cdnDu*D%L*0a;^d9~+))txr8Xm)Xadjd@;%jrk4L#?01_
zwPR&p?wp(5Ugn#Nyb7zs%wASJH@m&;)*RKB{?2Uq$JCd8o@&o`CxA{vUtF))5A4USru*@|ue~3gbU$+QN&Rp2`Fg$5EMK(#
z{`pFr&sl*U!`_W@d)G$!ASp!3+yQ<4X9o(>xvjbNH)&5;e{2t96G^qNfb2?OY}_RD
zquc#Gp&m!28m|P;`R{Le@%vpdJI#^hQVPhA66jy+B+>Dbf#-xePJ2!C2~dWw?|CT0
z{0rt~_!k6Hk@56+DW0ggKDXPOU7y?FHIE9n2^f&iB*7k=&swWg<)2#57lAej-
zD;@Cg`Wox_w5TVyzNXQm>uZp{XnFTmb2fb|{S5I;Oh0qUt@*EO@f7YhEB(MRcW(W_
z0k>H^lq~dZtDCo%$Rhrco5gSGz6DK|{i&Ehf9|<*_vfO^x<4me%zlG*|7#~BBib4~
z#I1qTVhx^hnfFi7f4C+-|2|jl@fNsv|NUE>{X>k6xiZ_z{vpQ4oS4nk2WwGi(YJxw
z*85GcfAIAQ_8GB%@&x-=p02NOsEE^B8}%Y%vn=c(YFWO{bF<9zryA>gewKOuRAYU6
z&FZ@l&b0rT)u)yd?0>T`zPH(}@fD`=u*9RV`Z@alpuxXTEyL6F^H2t5<@j%Fm75f&
zAd~hA{+|!#vhOn6E@CoFc8o*2&a}_hKdS!qT@NA_()QRH;PGu^y#e&yLH*cS_>Hmp
zHIgFZ`9!=V8}NUKU+)3A&q8dZ$^A|HLh`+>`RCpW?#0Lw<^X>>Mg3
z5e4-YmtNZU@;hp~A6A_7#%Cx>H9gBt8cXnnid%8I0{hfXv1~R0&rn+LRTy5v9v|ZA
zZ_aCxr*(Ou&K7vK(APj?4fcdSAPZ@1>*+nJ{;PuFJlXs%naARXx|0+qXNH^QM!g*g
zXnn=`(fazL+E>5YAH=xAwryptFjkL3$YvkIZh5*Lv0Di7G-AxIR4>b|WE0{((&xa7
zG}`cam-akPpWEO$)=Tkwp^u2)yQR)WWj$DvB(90pNB8kwbw0D(E(QDlH;wko+d-TU
z)DvlIiLsapjR*LrL^Fwv;+o@}OJ!c!;czP@)JNJ4XSI5`#BuHaIJ^4jsERCKue|Q1=;R9~IC#wL0C}A>rW0{aHbyq9d~~xt3d-5R5i-m=fdtuIzh;NsMGxn!
zVt4EioW*n6V^DTAe5tc4%nUmdJ?^R`K+qrvVQl$YFne#+ef_FmUN;H+)8tjXdbjSq
zb?erxs{5;zb3}$g?zleqF+aO}YcyBV?-qKd@cfZ&+&4jt9gNH3`chzhG(>GISg!DV
z*#Vz?jvwmAb7w=n1e^_&C6?nk=^2z)`PrMsCTrAr>?`Uy;zH~jt{ND*&zbxm-~YU6
zbooEb_e&JEytw9xw-@gw;2z<@2E6a_R0Pj_
zPR_jB%kRsxAlUAo8vDP~$p3`rKI!@DX(E@Ol;45p-z#8s5d)vr$k#V-niW2+Q9d2Y
z5r-M+JkY4}d>>y8FCWm`#dD|W@pcV51`2fgus!4X;Q|rI96Y)-V&}PG=q`BHv6^4=
z92GAn*jw9NKa9Z+k6sVsw{!8{MrK)@UpgIn|9H+gDThFFf#Lt^<#Nu0$^vu#!{q$R
zE=bL`<``EVJlYz;*aXHh!&za^I-dKbBs6P|sy)p@r*u8S
zc%3`r9>lqbz#JCO?Vn7CGLq;}-W1`#TItWF{L$;r;r!J6+?9W0{9K!F&CezIW7D7V
z{M7oBoj*4H`7AGWf8Wl#vHot(v+nQeJlq@7WxgF`-fk)LS#v_3^~3uvW4zGG_PKO@
z8I3*3%u8)g26IQR4{ztD=FbbcH^!e}t~Gxa!E?p&d(Z3^)u*?i>iJ$xZK$~x>t|DY
zS91h?b0zu|@C_%<-M=uI-lbdUU3ZQ=pGo#FXKebmIwv(h7vDr;^Tf5q+ozLLegR*`CKXL7i`4N$)!<6@>8|q~89@6c9wm5T%v=6<|+7+h$
zT^-+3I9u+YNzOkdI(o;CPR@^$oFn6Loh#&A33A3<+Zn(_&cPyTPy5amNC%#;)_ekUQ{;lgTnd=8n)7n#dtSs@
z!oL%FxhTrs!#t0hi-w1nt9NEp7jgVRhx>n%tg4wtDEpKy5Yr2JEH0KRK*qUN+@7%I5dW&(zu}7PV$;YgaDi
z3Xf#<6hhr{kFC`ANXEl;;~jy8Ic(K@JK?lq|8p(y<33$S{$G}nPeYD(I{Rnrn4GuC
zgZK3?hIVc>oqx$nxd)Vb|0gpsKYjC|)-Kmy)A-L6?K)HBSKX6oeZD-I+%Z45M!18R
z*HQx=uy65u@tJK+75|lELmI1#<}&{PKF2*xC+Me2F~DtItzEZJJhB4lSc&r_=tlUj
zRLofy%jEoWdyrQV;#FoQ&W#$sr+D4`|0Ivz4D0;=>S*#`W{fU>rK-~LcK
z=7X2Mcb|&*(=l;&^Nc0l;rEF@-RTB@>IqY;neugF9Q$+K|ATrChoR4-v5PqO>9z>*
z1m%9EgPoT9Ri2J{;f?m?x|wau-3n{GO|E}6O+TAz-M@=#N&aaP-W<^!{<+HU&oZuK
z)t&~*p)-#3ER-fNmpG>PN7dRq!sW*M#)#dW%`v{K1-|xkn&!2uv3E@P$B6y?7l_Th
zyINy5HTIUNT*vReY%}n-5##$c_&W-9G2aKae-?iC!|%V_&G-Oin3tMkKtP}Sbv(3x
zqk8>>Z3n;68`ZUK4&hg*ds@5Rq5Bk@9l}46Wt)8+*)}-P$4I3Adh(s_NG;!uB;T0b
zkZ<@7)iWRSsLWSA$j|%1j|{}m+o_1>9)q#y0eWK(nCRh{Nw(#2%%sI8eru@TV8bwn
zTwIUHR$b~7dW1Uki$}=+0lM%V8_YNOn`js7qeDk$@Vlik1^kun)~+Av{=Z$|Z|M1Q
zXX*aG-5Pg$Cef+Whc;Gze}*3avZ0Mlq>G!q)GVcgY+#t_mY#g(cRzoBG2D4i@sZKGxd+-v6V%?wCQ-b<98q~!~x3pa#cb9
zQ4KYLKNp1e8sN8yEepA)VqWMf4dsZ>Qt7^v``@7Vc^}rG50FDShC_^wh?`mMlROVn@Oemr9{@G*71rlM801G~Au`J2vWnB!4ai%C`u%#aoIOOt)ZdmOVg
z_(ll##5`MFn!^$HIC|USIL-MIPP4#I4wfIZ1${EUcn$n5u$pVUneqFU0?&DP<3`oS
zM&daq$7dGru}pyzV}36y-oC(o9=^B{=tzS93^eCU_{<6ItD|hcFKPQ6yBU28w7{H2%HcC~
z4d-jpA$UKV@DZ~)K4N{sdZdYM2qmsbN=<8$k$%i*#@nZay%W4P54z?DXrqOyg4?S8b2e{>N1uS1i=bZs`tyW9)ILFs4*KrckG=
z!7oTPc1Q3m&tu6mzK1hLo}mqs*H>>*&R8$dJQ{xfBk?ous=-ghoyYS5)sB0#JlyZ!
zTCM%g7Vu>=cc>lKuoFR-CSg9Im`9s9f`7)lIsB}E@h<8izU$<(F0AzD7BowT_>C>h>Hdk`NQ_fe29JK3q%cCim$)A6fQ%};j{|9Y>C#9KCx*U9nmx(deYQa)Z4
z*5~2llI`{VAqDZ-!Px@&aA#-;4WVwJZ;2RM%>Fi^llLR?3L^h
z?rVRa-kWDb3NlE{QW_2L4m&j&xJqMylI($&mF%
z;-fCZ$CKe}bL{J~C}OM&OzW})JJ^bMa$+v8;y7O0Z7M^bwi*6Tj8&D!V^!$y>G7iQ
z1h+PmZB*YOjBI^;O(L9Z|9mDe3zkrr~)6tRfL$=cuoef
z-4%|}T@t-b&qv6fj@##gzoYXH7X@}1<{guLo<)vw?%#0C@!NIG@wzxot~oA^eDndX
zhfbk~GM>CnZ-}2+D(ChO=hAmg_}tMx1B3f`km7$A1U~mpsq9lKi(Jt0xo5@8da3Nm
z3y9A>%MzbEmtu>-3)cADs`a9OHW{(|=-kpoJ~q8j{!|p>DH;4;cLUznh$(rS
zM&Nlj@z^5fmoJIp|A((FS2^YYb0>V`W{!dA^G+ko6s+GYof~YYF*Y6h#$M@AhW6cs
zw8-`v&sm1zHnk3H>Z%T)vm+nsqHX=;Av*sY6KlCUV7}pNx+7JVYdU#t+eEopCt0j>
zw@K^8ee{jBFz}0e
z{ssPz?}q8!tKW!y0o1Lv6zd=SW{mj{pnm^%M++-Je=0$LG|(R(+pxQVZQtEY`Fre+
z^R;+x3S-^jH#O}t$fB(;5jTplf9ar7c=rAng&4$5963y^N1{JM*8c
z;5sS#i@8w?lv~_l55?1w%a(hFhhK8z9*Y0xbpH1nv4?{DGsSd<^QraJ|3CK>uJ02u
z1Y9S6Y|_U-T0MNf9Q-8krMJ4ZcfprN|B@*SB!8uypU-e83wT@{e!*vH=lK%&Gw@mP
z8N3rpgL0
zF019foD>Lgoy7|MX(e81@k@plhA`&E2B^t13v>AU#Nbo%C&^B9Zre_hE+
zc0eC46vOXE)7ie`?=xcDryr#F&w0KF7RO6^m3;l|
z^Ej5lW;LmnarS0t>+Xd4yCf2i(Kk?xK05Xo{T*bFo*fz)qi>Mte~ai3LOmZmFCO84
z*MYy%*bzu;toBT~757W=Y)0hoVO(jjMy!M}wb>Siwcv^l2iw%)gukCy9Prtlf8#}*
zbkvJH&?%0Y0KZPeO@!Y9zOU*IsqkAt^yCh0yo<4yd3@Rfpg(s-aW~ehfyw8PsqQP!-f!%<4YZ=U28#=*mfDf>@Q&mQp|L@$${6{{J
zo93@_gCCL*L(PV|ScW#wDpq^utW_SN)cgB;&Wik=qsecK^C;#rmgD}oPL$6LLs@kH
zulfFGXr*aQxDw_WcospNrE;bYVf>f(vm&vdMQ6oY9(_c#Ke%2N*pMIAESj$U3I2vP
z+J`j**k7dyAL7TWQ>4&n#
zY(u%yi|qw`?v`b~z`dd`P?yt-I2-WWohnYg=4+IVDCd1rP4RCi4+5_aG-%x4#JrT1
zr#|n*^TxQJfa|evzL$@wKEex`W6EEBJC7~?xZFN>zemQDP}uBwe}s2*-x1GYJ9!-L
z;YbC1V8a~ti-pkt)=Noii^dfJww3EvfeEA@)
zlTfbw%)@=+{C6>Y6X*0eJ$JaUe*-E!m+xo9%h$QI0w{ByS{nI1w5Rj2MFT#{`hN!W
zdj{s5P`ox+E3quGe}dR^;R#~@gk5zbZuWo=$MBF_y^C^7GKb#RlBm1}7P{&Rh3BhU
zJ=)`b{9BE4Lw=e?tE6X|%ycJ~w^8AXU3_E!t(&?%z_o70_w*~oTvd0wG)
zk{{ar`Ud6MXVJbcPksHyp#6_VDbGWaJUQkx$@34?R`*~};X!B%>_w+8FU(PwkpFWK
z@9`;K*BsTu_e8-D#`VzPpy3DG!4J-2C*u3*{e#AS4}R};`kois`eg9)&LG((8`-5G
zx3}V1F+8g<_3w!Ejy=gcg_3=FU#buNDKg`$@0ZHcpnQ@UUsEcFwQNy_sXQu`XIRi9
z+uLL|t@6vB!nP@jFAo|_CO@1Lb`BbArvUNs>K7unkFK-n7WrIo4T`Zt#Pro^Q2mKC
zbbldYOMGtrSmk*0Sd91eh9o-gBs!aPI^()uX2~P-{rhbu{VAmO
z9MGPhefQ>ctNwnM*xyFhUT$wH)ehL6@MZBe^lw538$v!jD~V^b@VUEXpD*y2V$RoP
zRSf)bF#ngxulV`blW6yhy{
zoum#sIdZ+i#QVXi4g^M0V;)7CYKf)>T(9SqYKOp=<@4!omFImJzs0{0
z$~%od8h7c3j$_`{@m{^`_7=>0VU!<%as}RZi*IzwGMC%giS0BouUu|!Yx8m5*G^d{
zKggT+;m^L&#GluIF2dqD13Bp`XWKE%%Is=h%omX%akn^(fl$>LR>1iZPTXEZZu|&h0hIa-nQ7mi3A<
z+yl_daEv!|J|7bAopm9mQtW>I9r3KQ)2Pqy3jl3xK-+%;Z9!$E{%On=u~RIz{Q~qE
z=1QE45YymZKDHi?_%O#(-YV@dj9&+9`&MIxk#ro>y()i(IpWG#+err-c1?i(j)#8H
z{v?;J;OB`tI=?axzgy4u!%JWuL!8$V4P{+zy9escipyEh=ZPqe5)b0}att%5kG%8P
z%0OT4_KA4+GSbBpwd*Zpw)(V0PoY3#P~7#7HcHmLR~@j|8pKI;A6=H@HwY3Q+u?
z`lj=oVj*$aWl>wiN8T2m|M2s+ig;TeQ(H$q>nV(ma=n1D`sTr&NCT`n8rk;Q4(Lx4
z+dCWWhdkDBZ`c?2(azT582DGmt=?YS=K7CpFZ1ueLEmrqO!A$a3pg%wviZ6Q>as1&
zJAtu*RKBJr>B9^3oxx9g3UwJYn_@l9JPx#>T-iD@)&q5;*f+F;OVBrce!1^}O~`Kv
zl;QaR%%|oDn(=%Zo&!xr8^*GsjSfG1x}%b4{9~h5|AUsc`rgJi&X+YrZza$>GsW1_
zW&KZ6M~)e^Llw}z?g#2NK4|K95aVu1XwBmLJCi9k9{E1hk_9ve1+_2l0KmGhKCfir>yv2D7&hvFs+AuOmCh@qFPv&9yN`rqT
z0h2S7(G27M&JP>&nKEj(!A@!a{YC2d4#cySHSL`NG@K4k)D80nzN)Tem9hR8FwRfD
zpxcR2w<<2S>O#lQP)=V~2&n`}Dpf9|uCVvN?D2wlX^u7xAP-w$V
zzONDQhoL;qD|eZP=1vXSZa)Osdffl3Qe{*oS$*8ld(d8(1AI{o@_q@-1DWQ*amzda
zT=33Z!&l5h^ZU3(hI>FRVtyFCjF0AmwTzEsC&%UAQ{Y1OL%?NBjOQKG;Dd6Yp;T6!
zg$)4}{yPeN0o=<@g-jL9L-%5DDJVjrT4=jChB>RM8Zo%C#8TXD9
zxT9_cJQvMj>!V{jj$<7w@Z1J*s}Q)&0o?TQSUd%ek{w4A-6cDYDd@W-1&$v8UXPGY
z$m0-y#lD!#c!QzbOOJCOTPCN&c>rWhf2l`Hhd09KliqHH%?DTo_2XsIhv0X873sVD
zxysb%PfJqI#|zN!ML_e7lw)X_2LI#cKHzzXjQs3KkN?hT@Zb4I!2gvL_@n-F{&MnM
zZ&!!Ve?}ADcANgwE&2!l(F3}Pa~1Xl^wl~!Kr!nXC`Y~Y4YoI%;P+{`kI$3dZPaP;L<(A9aSdR?Ezf3D{bp`)1;hAwKsbI)!7@n
ze{d$Pm-oET$`-^hHo7x&af2!?R^Yz^d)Qb5?1$k0kb?06pxZfJD+2I4E=m8>=)Kmb
zwXv5lSFho(Kr}b$hYGA?MXr`=6rT
zu`>zpl}YxC1r~nHCOkzyALMspu#b7HCEmr?2IZ~(b&rI-n?jT;D}!xO^tjAde((38
zUy~k-8O>G|{C#J(+ZW08l1$X&G8H_R1zI)0zHlkqB6ntV>h!FiUpCy-3i!CMMYK$5
zI1mzJv${A;ZH8EHyaB$?UxnYdz+5;;-!{Ov7~2^D*o*;$H3O`gU;%(}I=07}B(wo=
zIpjpWp-j~ZS!K;E;NxMoh{~^kI`Yn89mzP+6(nP>HsW~4T{zyjFURrrYfO1oj%50j
zdfZPwzMbfSb9*T}0)5+K^sRyR=PeraA$)9h2b1FQ|IHtpIhl}&0
zMEJqJKsf^Vl`CAGRa{i<_x43ZRO&%eDG>#c4#|NLK~O?Oq)Vi`VTc(@N@7%`Q;?GG
zW1fu&OU9G*}%_aC0u(Jx*P0s>Vf+)PHG{vTg?7jpF6I0FLqTg-q>;+
z@tHY>oa`YXnQ|B3-QP>o_z
zojISwV{I8ZHortV9&l~Q&)nK?EK8rY%RWUXER7`@-m#941ID8P>rf4`Q-rA-=k`pf&9#fafJww8)4>
z%LxQkkioPv!rfDt6e(B5I|tnuyk8QQSTH?SuB@kP8R35D_eRBbvn~&>MDh;=3zz0N
z|7DV3tb6++hqJZ}75c_--Z}m9Xms7*uXh?~W}f#<+!J^*=j*~8pX0M+M}Oe4D$mX)
zP!{q@+g`%Kw5%%a7B28mKsC73s#hi0X|cEPSbLTajGsEw;39d0r}}|rq|@t^+W%6z
zT%@3Npa8pfM8Hw(ID0mT8T|KpHi~Am3fgg2GShDG^iUqjV6HzG6mocr^G~i~ipeLY
zn~{>GkJF9U^lot7011KR5jRVjMDgdoS2Oou95xl+1s*Tv$I`8e$*U4wxwbX(5IHA^
z8*HENQB`-?xKfr1MxAL^P_*MUjl7!P&E=^cZ8*K;*g3Zw`qOP|!uT_$TkgtK0dE=j
zx`KgNP@6PiJkv3L7Z#O8W3Ai|8s%tVkMes)RZvMqs!S1+rmooKv)7^o+-&^CrFk1D
z5Ttj(6qUQQ$iUD*u#KN{o9TqqKGlRL6Kpkt@}H5DHU>@k{U|akrkg*+iTAAtyjDzN
z42bX~$5rYxLv1=yF+%Vm28Km&R$3|3i&E2)Pma_Ze5<7YR^;!$1^hAX$0a(S{en#T
z0@@*Y2#@&7#EF?*VUy)e*5bQpvGOpnEgV_RZp^W~E_2;Db^n8YhW?YS$LtzQr8#J5
zr}=V;drr;$+Tc|kXxvpS-8LMR02=o@%`?G@kgv!YMPk2LI0Sw30T~BR*1D}Zu93V2
z*UlDB*Ax@8)=(Y1W5Lj0Zs>AxXz-gWbrLPgqQ&`4DEMQLE+qob45GNKGWqH8l53pS
zLU5>p-o`8Uz^2O}4*dq$U`^tz?(5IxJmkmR&MMUpV|RkuiET}ajy$N7PQ|uH)FC*I
z{m8YbVi0Q795dvn-rQM~s?lRfHt`SpoPV|Xq>RpbKEGpPl&k
z4#+^~g0M8_>j#tOHa{%+KFy?`J|qTVJ=y;)!UU!>bFH_{dyyWQIIac=4s&nzRw
z)~lVG7w>uoS0vC*twGoo&nf@60)W=hOYK$v>|LW!Wb^hlfX(!CLQVwoac!_X04}L8
zjCLMVt2_VO)+L*Q;$#o3wnO-KS>T|&ZB8Pq1lm04IM6HjUeSRzJhvXG5I#dZr8dS*
zN!TC$e~HuzV0j)83H=ltaGR4
zQAU5U&AxV0K)dJqC@49D_PW{)|NBSD}!?&S{xb;-GO`{^K0L`
z#yc(Fph^_>O7Kn#FO&Z2H$7U=lpj&Y{EG&C^^`r4Ub#_L=p=#zFWV3222a1iKH+8N
zUmW){{Mlc_ljn?p%W@H?H(?l`nv}L}V4vIzw|VJ$*h>goz$n!Jw})A0d$9Z^-41GK
z*Nn1*Z5DC4V-~&L&3`Qtkq`mLPFnM@!E}
zH1vj_;Z-{W`4)7aTQR^rE%dW%8$63?aI2HMiv{5Ly@1gVu(idWCI$7sb2c?y+4-`g
z&eaxiFM2VCJKaDbu;~`kG-`S%CSgKz6&QJJT*xkf2He7{29AWMYJ3;c{ide>gWB{z
zt9cH^4w9khm!L2H2E4rbIB%j%F*1F?_>uP;;O@7QJ@zQMYFbRtGz`0OS#nzZVE|BV
zF_nq!xdM9dxLFK*J1;JS;=J`%!R~c_$F#pH@emU*PU}o|wY4BbS6)|`(;66wT};}N
z5i#&vYM~{XVlb
z-DI973au?yB7Y4SmppN(i9R|hwamVN%&?i$v@`(s=|l1Xkg4l~g^yJ(q6u{TWHXgM
zvg4dFa!s%mQwxfH@jmKHvh1j;oaUDnxusvR$=j{xC8APCF)>lY<)=IGzBWWXWo7-?
z$uy&q+cCo0e*kU;@{u)lcXqs#PIW9a81mfM%zHZK`)u(}HbJv94
zR78Dudyq1Wqu@G_KJF3@*$Bk9-?lHG8omo2N10`5*jX~fYlKpIXI)cYBM)T%k;S0HVyeQAujC?I^3UEy3*T`Jp{)z}F4bGlLP^kmkv7d~^n
z?5knut{mf_q=-Ck^1O|=fAAx8y6LS3P@r`@^1ou*awF+lIZdX@NDEU!mCFPmpS0)L%)J-
zX;a0as4l1bf1JeV99@=xW7eftVYQc+Y_T~#m_a>fC00y&7YW4G8UUg+X`apIxxaCx
zZLWUx*6d2+JBfTDE%sc80oXx)7T=lfdS0p=7-Y?frvDj>x0gNiN6_0v_r8~&iG|y(
z`IF=QTJAr;s)BUt|Gn@Q0^D=SU;5iXQm#`F?OAkvG&%W-C=bE<8%8w?x&WUvDMpZ
zB)Sxdqf9)^r#VL%GQ7bLVfd2qJf*jCa{`edv3g1mq%^ntcpQtliWVqo1K6`K@WpYU(PG)n>uk?yZLg8dp
z9$TNU)%?*8RxoBd(pXsaACzQoQH;5L^(EWqDm)oq8P#MVdKLCLyV2F8O#-c+c|q+B
z^$zltB$7t$_8k*sXX$fxJ1zo0(ILMO*e5xx^hhEXrS~qJfanyK3o5udhx5(z1d%CBm=V$Ddp4+mp3q^tuvs7+#RGp2IF(5r{^Hp}vcFxQ7+LhppuULL
zDnIX$VEB=II8qP)03|E2p+g2TwKm9E48fM{$pJR}`o;Ry<%UNKG5G@V_FTmg2tV;a
zh!O7U(NXM`6xQIc+xJ<_cVY6k=Cg$FPt$o4*Eo4BK8P}ZZWpT&AcybxtGl=1q?_wA
za?Rw4PkHfn8R-60n;>LIHzlC%wPIwmrZZtM6dN5I?ymDhPl|u5z2(=47
zfW_09>)n}CQ^IPqZ%eaN!h>gzA>FN(zsiPbgTO~iNyk<+EN$@b`0(2lUvG?TNsI`UE>@_rr!3usBGONdKR>@3s>;iA)i?np5sV5
zK0rd29iBaM`Rd0O4}60V9+#vmJhkc9mK87M-$uVFHpD#*74pwKVic?81-rEmV4jmC
zW}Dx`U&=G>fgg^r#PxRqSOCJSjvLOoR$^u3$V@_)Y?**RX*cvs>c*2nH=0Ltt{l_H##0Htm1zA(MgQA5(o!{6(n?AZSB}c66JRG3agxz)>
zCv;iT{l@2wEo58BJY^eg(P`)$+De1iBbOrSn(fpw17*@
z&-$6xZ0BFr4;0CE0N2{*L$OhwIM2vowql!h4}xZ0!b!aT!;?WRxqzn!NyqP;q?cWe
z=BKYkM;0)a+7u+FDRF=L&Xm>Zu`?~^i58O5>}B-_Jf3#jG!X)^8zbq&y0az%beARU
zvsXDjS4H{>kijKVovsBnwCYx3^RS<|u52_HTqBz-@91m8speYZvfu7e*9OJV4qHG+
zwPeG=ZO}^4V1Rz3*?2&I#}}-CDiONatq0ns#axw$L-lWi_FXc-5l#~ZO`0yA7TvAt
z|2hwU4`-rH;GL+F{-qHgZ(iGoe-9Mle0c3^)?ek(ZByxA@w1(m`Kp8^v{EQGO^M*z
zAfjrpv;p|FKlMm^SaTzVkI>*DrMu$yL$gBC`b6_bIU`6IC_-2{~8WOSZM5F%gwK6a8MPQp>wvgicug5`5
zyQ?hNmlP+QfDQmxnEQ(uFboOExy8In{wBt0!1k^@nT~!
z^hNxNCOzS@_m+o8kq!x2Cnq<(XnXsuZKy9y#p*-PfRFboL$81#)uM<>%LW>unk_4p
zpp?Q+Y-wJHU*4b$0WhB~vTFac|8xyE|5C%t86xNyTYzflgStp}VRScN88Xyw5AJvm
zZLo!y2mgJADvHghjBvX`cz!eM(-aw@{OEN09a-)XO9V5&1!-uVj=eZRLgt!QO5(;=
zWwivc;E&g@HzWUlKE1z$N8kf6Qe~gT_7f`(-Lq;D@ibMD`E8aR@S1*1Wmk)vW9hW(
zrsZJmMDFdqOq=!nk9F`+@%L)e1X!Iyu=~%~$qI>YH6MLpy?uvoNR#&tcesj({hrhh
zw;y-Y@b2+WJ=3nuZy%K^z2^bG(pS2Fiz4nTD|bs?T1k~>tLyT|v?ci*=Lj|L%d6P37q2%!ac7U*KEC+dF}wox%d
zkNZNke}_N@R1?cot@0zZy*=cEZ&1=dCg@ns`
z%9>|fdz~5go2Y?|sVn8CWlPKM`P^B^wfcfnDn+B(6VVcPxi)BIcaFHvOa3d{xGT+5LYo0e0^Sh$fW3-pI3?a=oPo-`@gqrMyG
zYV$eO@Df5jr#tf$m_;vJG7<2ZW|Fn>_FBiei)^UTc*2>W*(T{xP8o*sA_&1&yU`5h
z*$!ClGqSGnSVu7~8lfDjXHL#H6y|hJ^YzBws2Rm`Lnq<^=D>loKN;9|sG-&!oU3~R
zOmb@eptUU!=2j^&3w1)X?6kF=-{>2l=oq^R#7D{!W@ST7LOHR+Hp{-c%chiN8>$9!
zCz2zm$ipY==g0@^=NgKKJ$9S^^Qw9bo7NeCiQ=IbK
zS%(@L#g|}87kA2frBTebRPhlLgrG{&v(FGc$~s1cTy080v=s`G?obz%2fCE5+&Gj0
zJzbD;wyuP#hV1UtF7A)qy+eT>zYS24ob{x+!k&<+Nh7a=ve)Nxh>r-|3-<9K*vH(W
z4=FHj;XHOZZqT+ydp_^TSlqy89LDe2f{VR
z)KcA**e5DIce~L6OU3O?xD6)C_^tg;|UE8L5z-9R>y*UweT8v{vo2l;$h9&%J2o(w&sa%LEv0M53%)H;hSDC-L{*Ms|9oQmV&s*zZrwrb(Yp
zmu3DT>*4UiNDc8UHN$m+2L)Hf8oNWfk-=d(!BXq8w@@#c&EWz&;8UaTR5UOL-4-6yXgozTFp0{&si)>?IC3)OKj$#@@BY;eFOH1QSkEM`4OTDQ+W{U!1RuypbE
zHW=GkJA*rt;d9GvV(?^lzA@j^UL-Q)o{cRK#8{d>n;stgNqGY!^xC+XgbgtpK{1FI=bwqt9
zuatkK^d|{5J0D;v*X*18~%ypTfJ0Ym(cTvQ6l}O
zFx0yK?+V%!GoH~M9PVrl;kHgWaoUl8-Q*VxhrD=K3I7;H_%%XjZw5u4EZu|$i?6jN
zdBXY6a!SSz$>mZ`@D?FhU{BFYe*_h1HX}RA*_H%^G`313#VuApA5bXR&FLIL-Ra_C
z^>7t{n)C4`)nTFHE@hj!tVl>Zv}M0GV;9fz3HNr4v(sN^t&uW2*rp3nW|g;0Pd9n^
zTl|x$CqYKVhMnR9EXpZ&gBV}4;v9vHVj`BK+w}ZhLy?q8NLA2^H8-^TiMCmzVP$PI
zAWBts``;@V-hVSCN3+@-v)1^r9^UV1I_wTLN>h9Fk#Z&;2lK;Pj(k?=E8r7Eh?zJn
z$(wjO2(F0rNf+x~Tmxp5wfBS046Edz$CxmYzI!y!PBUUUwsvE-YMv(bVeq91MOP9|
zMe$Dm^gc#zIMBmh&$Y75`XNm_v3rY7OBP~S#NiEiMwV{cwtJFx#96vy_}r&Vrru5F
zz;7CFj~?dY^p{B#Z6upSC=1ejqL6=Nqn=LMk(Dw}Y;X)Y#+dw3aG`p{-R({`js~^G
z@z~_o$aFZy_i)Y}?hkcx{TJnEiG4ksl9{UVB^tRAb
z6!9r(&muSmeDJ|K8Zs}s8Rl!&D|j+&ZV!H{-CE6oAblV~nmQ^evwqOnP^_Oz1Is}S
z?jm38YL*yo5=gRH;Bv6|`f(Ef*j9P5kh-uCa_lkPB~taCf0J4vjPJHnVA;1!pbF|J{f$BOe}fKpTJaqhKjEwdssi*`{exZsvKv
zm&2lBL1jFg@jv=Kc%Xvozl_iWyqsD+Ru!AaKC}qCB!F|z20nkz&Q$Sj&fC+*{|IV#
zqOc`*C>5Y`j&3wr!DI*eQvrs1?&BIddf3sTR2j3E-S>AoMz8(jbmB62c5E5Umh(O7
zX5_mR>u0SEdJ!9AA(x**myLsS_$(?Vpeg|5JELKcz#!<9-mFg~S{OfoP*pvp#CP#x
zn*FV$X1&uHY?}LvmmWX!6AW#mdSi~{VWn#8@#(WY2Vx(NS!9hH2{hF%MRSJDk_X*d^-Eg~v?h>2s8?xt
zFW!aOkq7;^+L*D*aSPbU;e0m);T+b;aD5y3jY`ojle>yH(4w6hnrP-Q><#>Xoo=FC
zY&Hb4l|c2m=I3qZGhC|*H!MDd%?@3W2hnvR(^kohfx85$5H6gS^K`9timwpOdz2%&TXRg{!XUaHwzCLwNro0m=V9TCk%O)C&
ze$nYBYhy~1%DykgS9QSrT%HYmGO}^kdE~+Mg?jd`cSmZ3}%=qDa;>7Cc
z!0jl~-&wxdoL)i|OMebrNBCs!qNpZTu3)7+Z8d1jNiHXLwl%Q7UkGNvmgH5&v(B$R
zZjMSkBzQ(uw{vbl!U6)zADb`A3s<)jy>}0{ifVM_iBgAp{be}p<7a$aa9D#Xfa2~#
zX|4LI^KEt?*awcBrP(ii5D*GMG4v>gNb_V67qt3(+wj-0}QpfI8GIQgS%D@Qi!eLUuxds52#}z%@&vGeV+9
z!(KGwoGg-Z5JfUNzi^_Py+OA{IptSyKaVTDNulZ|TxgEWzjd%G-4+o`=D|RaMo;bB
zMM+kFLKU_cYa{l>B33Ib*)lw&OH7N|~
z8*G0cb+7R~^}jiPn`}>WBL}(45h@FNh>0`e`zQ-D$@*TeNNS%$X}j9NztB|+^$Tzt
zTa$JNr&VG#ew}Tu-*vA@w{pG;gN;s(eDYa*MB8GWtVU)PufMH
z9Q}SeoR|+L;!MfDEV6TEx85ZD(4pfdt!k$D_Q)D1oWy1Q^w=x)=K{RvUpTI%mXarvRJ%Hb@6a(>g(`4;1D?W
zg1X=u=(uSCinJy@Z|7F)TWX8i#44uFRno5Q((#@TZ=3}`T5o}Qvj>|`n{VA^GDNycCs0Fi$7;72aaEuM>?F-wdz@IbrcnIN!U0NEkd;>G~
z&UYqG>~yJ-ok%IBgBgdVd0r$nw{PyW(-5M`fat0Y;n>^4a>AA^-h#1L7
z5vEHC1Gv4FoAjni_ojN-FVaj$Q51^!oCaib;K*#4;Dh^&)P-NG6vFM-8t1@=#l^$Y
z=`*3&IxU}O?dD*2?lT7m*u@oN1KYmUNw{n*_9|fxL*A8UUI9gOjxd5!^!PyU)&P~{
z%gy3_Ufv92{+H(RtE>JKKdCk|z6NE5x&5I)WM#OM*e>KK5Fh_o-E(7^IO1paDWhm%
zypAR`&&#)6#UTQ}t9i7ta;r_oGaZz-PRcEvb`
z4RwR(FymgiQ6;Q{9`~Fraf>LOwAiRq8D%t!`h7AM2ajFHTW*P16_${vuS&!rv{lo>
z9x-HZtY&`CA9)}R;n|LhS&;GB=xI3`iHt_dX6z?Ev7rU+;v%_?`v3cPEV@dQhEL*~
z0!REg%DDb{m)zF6dW`rj@;m$eVmC}_=MJulRry3vI$TSr;bcQ8eT3$f+FWbAL$D^t^LsO!M-vJ|N~)~oQx-hEpKQFn`|g2z>A3r0nXl~n$dEYU_$C`M@=
zdi7J(X&+t1y5&^+T<<1Nq>+T+EFCrVbpCrq@vAW!o8ZsjG!K
z4nl|pmr8Q=4aMvcjTA?r)xe*2BR=hsX@o9snYhDRi6kTkdg;GL^MCN^#!n;ERXqPd
z5X(eD@SQ`=Em;{%G)l3JbPrW@f+KR_!r;^PepX<*X?O4gQ{#$35N+3@>!dze8S-}<
z-AOf?WcCh0Qmi8Vy9mEKc5K&wl!NNKoOTK)hWU-@q7_fvqt>#$?hUtFlYTtL5Xxdt
zV-4-|`diybof~F%TWzH3dI1F;fyEqF*w@+*F&;jhwE@5q!f!~2g|Z81$6SGn#mcF|
zL2n^opd+%fG3ZO{rTGDpg}GK_;;L@P+ykiJ&XufccXFawdRP{Ppy>_te1T+(oW5w?
zBa9^{N)uZm9hAl2jrxFcD&8#>b+uRIuuoAqE~Vu+U|Ms
znJ0=C2@#no-!so1+0hQ9aoCZr4Pzrxy()2sHTz=774)Lb>~X5ATfgVgzYhx2fIzOK
zDLhO+GyisOoMdFRi4Veb^fSrkQ+Yk9e2FVnHBfBf?RSBj!*Z`|T+CygT6@JZ0_1X}
zS+JJGaK^-PJ*uYHLHO7+n^X{Ed2jQ(F~m&WyH5W1_Tegl5Sl$pr9{WP2WH^}P&V(H
zt|q$MNz|>1R(dhA{f0%fO;~~&iMd&LMb*adnN5bvq-{tuqrdcht08pbp#@6T-A1IV+AzC{x%8i*onFQEF
z7m0S~+T{;T58={2P4mp2>3g;fm17O8`?d}9kz`|_Wl`cGNpB=XPVQHNL`eb)N3k+2
zlt=rzntd>*|6B-Lr&+u&M5ufZn{G7RXNhYR+?ZPTUj{RFS0-<9#clBlnvQree3fZd
z8(tw*SPt}}-f+b)e>d+!QEcs3YiUP=YEL>&75^+&w>H6@1%WdcP4a%urHj2TXS0%Z
z{drb=aSc~DZBMaZdtbLtlye}(ww^Qe|AAgo>7SGM%4%3Y?egKdoJ%|dn>&fpk(BG3CL=n=5A)>JSk{62hUK1O;2Vnga6L3^nV=hM6q^tvbyx2-Ap9
zlYuLM!I-hCXh`B0U@Gl>P#L+iKz*EUVJ1L0_Oh11La*%>b`dPz(f-hDRc6KCrj=Ie
zY31=H`=zn2XNUd<+R@O0Gygu(>ZsEDNcWkwKbzM{Ry6bw?eQRnZN(=J)=}R9#a8#7i=V
z*R6@`f}2K-T7knWjGs!L3LiMB9crkrD9l1j^G(MgiG$j
zqDh4B)WBVZLdw0)zYQyY=u9G@)-2bsalIWUVz|$F`PzSlZKK�l5;58!4=iJj(V+V7Ij>Tnl!A(=nIC+d_Ya=u1#sUb>M24Dw
zY+64mVs7j(oQXXis;1jl1pMRW${w_W3|yFrGhcX~hfCXlstyo`!PEz-Ow{j7?Aai9dYG&_o?vowWUX7z}V5VsD{(1FOdU~^Xl;&D+q_cxVl_Zxf%-#~;|e|F@@hGG#mQ1cw$V_IE-0o~UBtRUI#Llra>
zE`oBPS7o!?HAC;EOh(~8KtZO%Gjpq+DJzLG=xdJmMC(d@nyWjge#N^rR*H8T)g3b77t@-4uK(6DY`@G&fKS0mV>5p!AD)jN#_}ab9
zB)dtQAYmeuY&J@`bI@oHNt>eb>U%1yPqu7gBZYiL1CJ2X=j^*&^9}@6goP0Jvv|AR
z6)RB&tKi9Qz8>&oe+k&!^*=1mr8{7`KsfC$oNDGvc1K6Gso(JN`|o-KhkQR7pe=-wuYP5*V5UYu;%zdq(L#edgb
z!d%PX8{Prcfeo!SKT&t7AD-V*zswF{r86*&i;5qwV0CI`@5|=eNb`vWB)rq74R~Qa
zS&E6Jr(83-Q%RN9afV;t8n7}%rzXgd;4A+q)%0vGapr!HxXI)vUz$d=9no^VedzE=
zefs5!hTL1f3(-&357?iQl`G*>ooPPXzWDLTB*H>hCb4UJrD0hz6_3$@zF=j$wKFH~)rYLH8T=GZ`yN{0T=PNfZXLyrk#?MO%trWKnVIOab6
zI9O~{fwI38$*iaiM}M=sUh>v
zcTW9z>M?2+!t~~BD_8!jzo6eQFTg9L%m+C&TX`z>v1>H!X3T#_CQmpeexuhAyyoUy-itFb_A@k#;Hq*xkb*JYEzbCpcINQd?h;|!>_(~Xw2t~NbS)GJ>C+6)D
z9~3?jlsuvT9wZTYTs8K*!L6?hlGH@k=T%ZWF8HwD0<3*O{}LYwx#{klxhYL~nu278
zFgw+8Ia22nzJ-^NXLFP<`QGvIV#X?EfV|3r8MGTy_>pHph-p4`uGKJh6E52Dpx{c>
zJa8_A$a#;4JcI*Hz};X2$iy$&Gxc4{TB~WG5H7hGD9sLCsZwi-0>|+uFo@8;2b=4A
z%Cs?n1%5-FCY>UqbT1SU2V5-MKPbVMnjBt4hh!41daTr25asyLd7$+`N&!s7kJ&Mx
z^(nG76%@~V-B{JG9+m+9(nIE{H_e}v6?kWB=HNO38W
z(5%gCbRHdrE4lBY%pP2G!t!7*ZCd^+F$uSdZIi@s2PE?CE^=V@F{(w^ib9M{WK*Ro
zsjtuTCasq&+w5PQu5D#mliZQFJmQ|P
zUHTy}kf;_e>bUQG2W~^{HND9$O`Ir&UIKBrPFj7s=;)akwA+znJAiq-2PBlPEU;!sk_J8h=*3hLz!h&@EF^hpPK$A=orBjL|9;rzi=ZuTyTvC4^`
zINI9Z-F>(pWmnO6#UFX4@ak;1x^8#je!-A6$ye<;Tz?2d+*WDY9^_hO!|1!0lwG7l7QxaU6c=f9)t^I=cmyxP@p-##w)*9g-`+s+T#Q3%r?S?57AcgmJcAHKRo5LM41Oi=2
zV3mmK0J#sMlgysm#OFKSM`0cQa>-r#SJ2u&;}u}XJI59D;g(B`3d>L0=oA-o+wX!z
z605qCdubTe98H|XC!?x4jRzX7?5?q$N&OV?Tc+O!Id7Cj`#4hjs~xS0(L_`p
z3pi|EdTToO`1Z-|NL@sed61%y{d81c+XaepE{8l|Xz`#Wp{LUKBDN7dTC*rCK<;ZElD$krHARd%V>6E_K$AH!XuQMHQzmE@C8StL#3N
zxdRqnwa^(L68LrmD}MCXW(-cbF>l;|e~F(T!kc|?C9CAZb4V|od`YHb#h9J>UDrTmzTzg
zxi9V??!O4r?;jRGZn-=${!Fs~XY`2-X#hnH_)$*0`%mk2_WmswrU}|I`om6C0rG=l
zbC?Q(XD1|w3BaKK<^FK1H;(#67x)?W){d#ogRPQTOc}EJJ&3a>Kj4buXGiKJ%g!!#
zzR2JiSh0Z1Tx-{Ft_YrgI(2ql*(dQZ*x=e8=~P%9m^Rs1$!sS9%6@+sWb7m7N6tA<
zM^enUr3S`8R>|B(nLM9`*e(5AKX9y;i3&rA@h9v)BmjIDsc3#VMGhrRr`bK#4i8$n
zrI_%m?@^y$?UBQo_gL*f>5Uo2tL+@hK=j5RG4n66dMOWV?pz7V-*$Q~H{6e9e4GsR
zfGbvN9#qC&$iDj!*|xJ5XjMu*NcP}IH@x5FBqXjTQ9kX7pJ%EF@0k48m&waWzZt(j
zNhj^x7p>H1&#oquKSBBHi&k#r(v4bui+uZ+OPd0}yz}f$w*MnwYg<#H-*TLX@U#kV
z`MfnA&OAvHz=5&HS8dd1mu!&2Ft?;s-Jdp)Qb{GFeSah6kqz8UA-QxpL5NFrXwhG(?Z6F^K_mGhoNr;Ek#35{_Y;@@XsSx2|bLQ%D7)*
z$V*}UO?U|S-VmRno0(0n7gzLZS^^K&qe6PkPt()Du_mzGcci&g9c4jq9zQbuhU5$)ZIhfO)btd
z1YZUuAE~xP?ZlTr6sf=-GfQ@pqCsp@SZJqoFFWFz3Dx2K*`g&}^xeLuL&1;S?PpzX
z+WNl|l<*}RSz#O^^ecB?5tFLR1E?RTBCowiXTMbK|HWu#*49hf@%+OJ|HfQ`vlpmh
z7-@?i1(d#PT+K3xS$RKt_(cn3$3GFKBC*Z^oM8TMG}>?bzEG6CYMVrqy|Uht`P>&j
zTlz!6i8xUI>$;BT6SM*=gHHm~m@b2O+jJc}<;kd4F89RbNdGYZt?)k$qOV%biv8K4
zq7Ca-Y)`OI{Czt1JXGye!o!S9_PX%?Ftzl%y==OU5w23VnfY!#QJqS$B<^l=>iU+7
zd1&*W!5r`>{_*b?_xe|thYST7>X5V6Yj(wm3|6`ncjz)$ORhuwq&#DIgG1eC`@FDq
zY64YO@jBS^ETfq=1g6!JH9KolQaL;VWb0G^6lE~dqM6PrAH+bEL5fen+&$xIXEcj^
z7G8R-eTYb~Fu$xljt$@YmMJoGGK)EhT506BC^*UZ6~v>R20A&eItjnbYJiJZz5-+8
zyAeK27hIfCFi)lnk}ErLPj3~N_XW*9GepX;Ed0ziQinFNES%c-RG30aA0tgO+Fl_A
zc2Pg4V^)AE!BIIK-P)wUi`}0TKmrzemn7KOuT6UG?bECPxr*KyI;pdX;V>OyscinUa7Q|
z(jEYX9szzEqNgD0z@Ur=K%=Ssi(R{)#2y#KeIN&s7Dx#0(iTpq0yp9jt3|(T14y33
zeiys)c<(dxlxn&`OhzRwWUoni__^*Sb&1e>_M;tEa1
zRylxvL6a2O%vrb!2tf3ZRc};Pg?;}QyHkHw?33K$Y$J?i1@mnk&X?)J5lsEcbF)Y8
zHI?0Mqn5fBv+IplRV9@MCt`Oqt^%0268{%q{x6{UzrYP?b^qP@i#kluNMTk~aaO51
zn&V@+h2!jwA{{ZoX%GisS$jcHgj0ar?iH4>IMmEfK^$6>&#yBVf-F-hAJM0>UkZE{
zE7@~fL5LXtuMKV{Gg4o^aIBM8!$R8LbuPTCNs=E6JC&k5jIJi6Z(nSTJ!&lXxB_M7
zX%1|-I{{W$g0;I&QgmPp
ze^|toOCbibZ6_g$!-kS&bEXsf{vcq7OmS1oKaD90yN16qlzs4Maa%%o|JQgDC
zb__aX!Ob|^2PSyQ%o81^i8?1DzEb0;*r$uYHz<-~MVb;AT`6ym=U(2D6jLB~IO0nu
z{|nJYSZt*3oV}cn3Mdb^Ir{`AzC62odtCUqWK7{eS|NW@YX~lp|BqgOE~4eIGxx|#
zL?^!n7YOOloSXL1;gH~Vqx?-Hs%?;V5Tm*7ahuYqQ0z=IQmbu}cJSi%!Zrbu2SKb%
z#B3zKt9P0GxKiQjI2#^YWd>JjCC-djM6{XFuT*H4n9)65JQJ-KsJgRQ|E;ltW@W0tUyw#!i8e$@E9AM(gcU@c@A5JQm71T(F`PNh+hRnR}w8JURjmd!;*b%BbpnSL)X?_qpi
zOXNMA5xL
zfBJ8{Bky3r2OWQS!>~%&i|3(>(7VYM7hX*L?4Xya8OkP>G3kEpQUgim|`LF
z(6{-8Ug%kHYEa^#Sv0Dg+4nG%r1n(HVfgg+VzU3Ml)1fu+rHX>zlw*dIG;F5#0{7S
zBBEiwNxP?|eb}m?a_7UU{0USE_Bp*+d0pxNT+>+Ud%rL6*;f^qpg~0NAD87m(EMLw
z*|WXhzH1p>&NUQTW23Fj9H;J-Bhtlg+UhGYtvh~P+&Cc2p6+T*4Y431eujU-Njlv~
z#|GE57433-L%gUXVe|3Coj0uoKz|}Qgz`}^@7Ab~d70%2uSg$ZQ3bnl_KgdiZc4rp
zCdQ{$K)5&4zlOhc%Db?=K|C2W{u-;B%wYd7PuI^Y@Sj@zv80R}cZ$aB<`;RBpB!U2(FNSdTsu?q~
z8^w_gXQ_w0nw>9Pb|fLD`m9SOC;TM-rtgIAwAy~Ls=f#XK8%O8Ryf$w_mlSIZ~WA
zhF=Bdz8MHrG&<_?tjgvq&Mx|T3#w=&&zPuC>GCq?wWyjCA5+P}R|};;2`4r>ofSLo
zO3JJI+n)d_{o&3RVS|_EnnjIU`i>gpzk4rQWo%hBbaEJAMS(Bs?;xiel;?neNWlRB
zuf?fkr<+I_PmD{LPu=5$eM-2vd%3r*{a$>2#_jVOZRm~@qs{6>Vy=@zmie=udc4DE
zft_)HpQ6eYT}M2hHljmZo%l&Vq)pz>JrCrorHaG8`ju0DWd%?GnS~b{7+D4=G)c#E
z;^Bv1NcVgcihYWl*sd7eo24BGD9?J3rMq}1C0HdRddRywsP8n8_gf0A@UlKoN!?u0
z_9whkcjs#!D^YRuYc7d#oQdtlF9E=BfqOJ9f4et!lm1HQR}4Hh6Pw=zO7?Et7kC1u
z=LPH7=ZoBXYw@M^W}C&-F4Y7j!)~ll01jES5G=6wu#;3Q@O7|pp&g^s!0b6MmjQzc
zZhGF|$TIzGloe`o|KJcKkT7I#BB0lqiaoGg<21b$z(>U~hUH5j;-!Jhk%W+i@u)$*dS;Fi@b
zf2$uj{X@w*mTm2&-Z735D`dhmG|+189fhb|1z*Zy{^0}DmF~?f^Rz?k?K!p;s(#}D
zz6nllsTADV{)kVClObQv0QV)o+pWH9G)Su*x7N$Cuav2t(Mp6k@ON4+w^aFaaH8u}
z<==-Wwq@_z2#1tGM`~+RR>aein)~w4OQYTm4mri~(+4RtuGgr<#v`Gf=fu)SOcr;C
z`^AH0pW~^M2g50oUTobkM!Qt|1Kv%@V`v8ulrFxp=v^8jk%X~Q^*fPjh$(j@}Yq)CxZBA}wuRJv5@NR!?|LQy~|LFrNgqVN~#ARR&n
zX`y!rJ@gPlNl5$nW_ISC-J7|&otwG6*?pep7er(p!`R$xT5uY}0C0ia{y_+msRNaX
z;EM<2GkQg|<|LmG=R`JN-f~m7d7e>zrzdFZgN_%91|9b3p#2pL0)9EOk~be-|&b3Lt(uU_&q_Dle2KokRlXGu#tMm2u0T4uy`gj
zJlFeZXe8#d@En!+F;`8c5y!kcw82^|SKDYR!p{a=*
z@8tzJe6wE%_%CkUmf<3?=f&ANlvVKkysnjH!f`
z#_ER3iLJu&mCx!Ar@3L0T_%1%Fq^bgnxph3P9=UXc|i*g@ptXF;}^j%vRhv2GOa2f
z2!sqo1v~az7z7&x-z*yXyzR#@YPyX9sKvrIyNp~c)SHgp@|DEpuMLD&+^Cmwc*{}B
z_s#IYFjc8GSa&%~zY*bixLgnIK=HQ&+lUlY-7#hB#vJvs2R9}eiEmb#Lycu=k^i>1iHsC^$wJjy^6+46aX10iweK4!NtiP`L7GM{HL8wr$I;Um~c
z{tVH%U529g0NNzbb9sIOwnrxK0mAx5%qYkK_wgFiJeYc$mC=7yjcH^=zes2
zG;A#S~ulUl7?exiesSv@=1o0uWE?nx~x79J68dLA?$N|wbL
zKPixloHH%hp#8BAnC!Ckl>FhHfYe7J?pF6g;W0j5#rfq{?7=dcUY~cJ46j+T15^GT
zfIjZxMN90h6x5!h>YDkuv0Wmt3sZ+`u-?L;AKYQ9=A_N0&q*Hp1*4y}E5@l`e?
z*V%C=ZL{{}PT*0tFj)VLHiILdMc&nikk@ByW0(dt{cYj$jst@hXmcwHO{1RskEu!f
z*#P3X2&+38Vd-T9Oe26MtinDR8K)s&ewye3zvtoqc?a{qPWBtgdo8CgUoOKBxW{uR
zZ7=QG=+md&Ts;w)6Kq`H%nKFDlvwYiF8cHz7(LXzzELYQ;G|PEP$DPDEUIz&iiYdG
zh@>mAH?#9H9WV`N3lK~zq`XP40=fra+YZF2V-}D&RdlYe_3f~t+1!kNyB8a0Fe#wGO^U=y&f9~q{24C+~+W_2Jy*-uLx
zIpFsn;k@xTEnOPHFU5
zUYnN8I#*b$jCd>e-`?gu>pcwWT>0ceZMfx2BP4xj`Eyq}t*puK9m@~D1cKA=vggFh
zl~FsfRc7L}^I-;Zos*@K)Zvr;>4Wj&xH`p}v%I_Za=$>HuB~#n(1&cbELQzKt>s0(u;vmbVGvnK6%ISK8D+2wjV?p#2auLoQQ&5sK%RXZu
zFHpEwa8=)$Ki5ZTo__nhuWNy^jYr)u`m;TGPrlcF^%ZY><0MP*Dg
zrS}1f;ljr4(T-ZyYZi9sh?dd1DH)d5&uG>442DphUtz;N=dEUreCw+XLx=NEp-B0h
zGxLwoYE#nb2uds(rFUE>1E}~h_$J|$&9Pr%atlOD>{dcO@IcjQ{VpWYdlo>mHm;j%
z^?!E~om}?a5cs8>q&g2qyipabqS7p&8tD0E#*Xa`j34}ZbXJNee`%F02iW5U=ja;A
z*DBVqw8rA$V}3Ud$uH^CWKde
z3D{{HOu1mkJys0&g9$ED{C*Pu7QO$@IdE*@A5yH3k^EVwZdEiLbsQkrGW6WQJNOt_
zv>PTYm9qr8*K&tG#Ok@1>ewG$7)2^$5n8y5uL=s^RhQzn1v{eZy?`6QH#|661*OuEE*iU5+BNSFV_e>TH&z~6$;1dq*G1agJbd-M
z_Z_!6P}&2}wMjJ83EqE}dtT)4#E}g45+2|{pN`25*_=($dOQfzmg>%Z)#F}s&2+sT
zr912p>47cX+nMNoSVs%?ynDVNyt1HRu;$~8XSu$=i>0^^$y*IGD;p!&PM~koZcx~s
z{Avuz1>i68Q-7+}2_m14FGHI9#VhEL$X^Nn(Jpx5Oe|GjjNe0+j#|sV(r~TSENfcT
zyS`ua6}~hvym!rAm3BVhmk-~C9u*KgpZOkME;vW}b@Kc49BX9B5@+a0#s>z$4Zjud
z_S!44H~c1*4ZWCVp0+xgw;c4;BM!70BqR4{-W^-JlA8q394~rE0{TZC?5J#c^-3S4g1-ov^K$Kj*{`lxzx5mK26zdM(>~o^lao>7=|p
zzT2lP9D|JOFF#@)Zu#E>$n~v@DFuF3R$q+-@goX2!JiX<58<4p_U;0avr-e_oIo9=g6C$V`MX&BR^?4CTpU8MUBdlJL0u
zwd@!V7m<2)H$z(>>x_BdLs>BD(`f-S$~b-_66SXV7Ei(S9L2Ns>A}v^hJw;ovmb+W
zmYbpqz3W*HIa;;$knBHE-cchu8%ItOsKNfpBRuqO%G2Fq8#6!&VF|
zV+sUD4Mm*9CKFXO7lj+s9-UiyZ=|4*ALO9vw86SPfgU>Fh&SUlD$QDN^)q6$##_vd
z4e1QF&G*zdF=7fseZ^nw{fk??{YY1JMgelcLr44HHs;QD+n{X)V%;e*jVJHj_O#|w>`JeJ8F}|0hK|Zo_eB0iEp`vT
zslG-syxW%L|Kyk7BMdSXb=vR=hhGxgdEZxE)YZ9aPft>+O*(!V?mk4v4*}QyqI8041
z2w-o+uIfk{|A@0#oxmdXOR{#Ghw;ukR2EY8_5IBT!_GB0wI{@3=cE@TEx2E+CBUWD2Ez`}r;YIPOAN}oN?RsfpoW?SC8q
zcu85|o!Z(Hz)iR#=YE{(6J@l{qh+~6t4MEy+xxfR%0lFvwMyUu51nDhnv6IJSZuad
zt(hXD&a^By8H%+_82W|yba$ML#euQ;h*L)bI$;kBA@yL&M0KArQdRd~@h
z2K)uOz(#GuBlGbhDAWuiUIe}hM~hPaX_JyMF(IUEKSNToR~smbACCr%B7Ck#gnBE^
zl-K%+23sTEOw!|Pg4Sp~q^32m54Ty`Q*W4GLf;}!SI#>oL~>jUSpToUZYZ?|GCmq)SB62SJhpeNdXm>W4K~Y|D};T
z%Ze7#vA19X<@RggxBdvlb85@1zV8arfp=11IBayF;afI(Q
ziy$b58Gr5guo_x}2&_0cu(^Z4I~@J(@{B{GkSEvAlO8rf>zcB_
z%nRiZm&}m&)9Y;Xm{`nV%t1Qg`v9I?Ez@cmPv$t0*J>%PS?YrS9t5DP_`mkkFS{{y
zo3#GrCVKu?u3>+4`NNC95l|F=!p1WxQ@^k)r*^LK0VCyy;C>$7x%L|yLV!b+RC()L
zp;LWs!<=AglWdl_`;=_^<)|_vP2$8vN7WVD>ua+&@l$1pIQg~N5sh7sS1)~U-!(|l
z0>v1nRb!m58#rt{=F{r?q+fVAv+_h(i
z-J)RmqjPha_Xx-X?Sgs4j*A~L@Yo=!uGQ#nRyeMI$cM!(!_6q$ijorC{+Hc(ZhVt`
zO+GKj+n|?c*hmnzyVV5cmWASkDDPc!0Cu3qHl6}skwo}SDY?gRtIlI{!XEWfL^TLb
z*tlOY!)RU?M(=N7!f>SIwK}6uibiN{bZffaXt9}3plZ4TcU{%To{H8YqOi=tMf|y1
zzxf?MK-fFZd@O3J=C@I~Nq8CeY7~XqC?^npqI9E
zC%Cacgg;tV6MAZuxBxG$xdDbTR3IU=dPUcV&Ifoc=12d~g*-Yg;WzBJP3V#d%Yk)=
zyMmsqg2b38MCpHx>e(>^*T@y~7>ds5{+ZKTujzuHRom8|HXNmX_%754GVe_Gu2^P2*S{@k^1{cq{@dO4J|{|bnhd4
ziwXFu21P`oFhN?A)+=i(o!E+$cT43zI(bfP7=ulQ*3J1}6I%t3dM74Q8PHj$|41!7
zzq(%m87b*c+o85fDiqadM@qtRd{x<}De(kNzH;8F{lEFU=2I_TMwd=im%toGRP^NR
zj!&NU$~;@o>h+e(b*w!{c8i_>-m*;92EpU5s@mmJr9UHnw{TJ**L+wa_wT3o0^fvq
z1~?_k=~{jYGHSA$EUIMw+FOo}OoS~<*w)A8GV9aot*Lpn*aDFbYUAKbhcn_k&<-NT{J8nwgqMGZI~v)Aj4OEQO6
z@WCgwMiUHv34w&kP|GH5^Xz$6k#G3n5r>t-
zT}r8?vfkB5290FP}MmWDW~wbH`HGzT^aivSOEI?QHpJ+vmWR9Gl(zpX&vf$3hDINqE~^A
z3_mYjGg$Uq{n$qxm3H5t9Rv~|Y(|+)BloKh-35Ubvn*$l!CQfEga|nw;OWhINM>q4
zk^dqk&isAx?^aB|J1NmJuY>wVi`a`F{#u<4v!YdNJp(;NbYQCw!ya^y-nRuV9ay=8
zMqB-t7m+NLC@*;GnfL_OJ}1?zh*A=EO(2=-EJ*B?zgHSrT?HKs0p~(YPGOmGWIol4
zVKvxEDDp$7$_(A@nV{N5e;TuS3kzhOE=0yoKZDPgJCtd)i9Y6Hs!>M@1t
zTyHZ}rpP@P+I^8IKT+<)wG?yh$GJS;-=c!7m?555W^h&>OiQqsQ4FSjj|UQo$#Hh%v;H#?MElIIwU%@8i}Ecf
z=A;Gm8N;;479)FKZO6l>M}|5B;8
zRs$K1YaMh@&}b;Xxyw&-{qwNw1TXdu{xuWk?T@?h28}aRn-8G7eV|Q?
zA2PwK7Co5GurrrAx8pO@dZb$)at`daTZ7xP6nog$LZ{IXNPh&3Bl={iEZ7*G!VJBw
zV0?<_aXbDW5nC;G?IWCQg>hImWeDkjQ7n6MfaT`
zE3NLP#Sv(Lc_cZB>BNZUmc#b(=o99kRrpV$#_q{T>@H))W7^KkM`}}YP}4;i^T8Ep
z*TEGAP`IjSy{V2JB&iv-S_0+@b|YHim5+|{C|*bVmavm)u;)IJz$#%wQa&Ra)nlBw
z7Fg0=1KBUYF=e;T6;)$+Vgo+Z=2IUc7Z4j4B5T~~{b3$LHab_fyd2Sa)b@HeIP6yN
zoPSEW^a{L*HH=Wlw?S#BGi-Ssf2XU(>6>z^?xvPvFAFA8EnV$^@+q&ZG5i;wpFYPYkB6^wD^2sr21i?NAerBJ4
zUUm0nmK-xH0{B+pf|kOuB=Trq)ZLjW=#w-C3mNpkO~I+7Ji3in@F40KUTnFT4@C)vA+i~-cymOyprR}LgF^VnR#^B!dNA)!!976J^f9rKTI
zAZ5p%nDRCTkQPYR$JiHND~`)=`5x>}t)*Dj)2lRU?TcaSot6%6{4J`dS2mIA2{S}_
zco=x!@M&(MJt_Ep(07^w;5SfiW37d9%r`aqH}7dsdTv;Uk^*`)LP;d{Q}1yNE)Ymy
zlbV+ZSF~G9Whj@13@ZigV|9>rmbbg4$vPSMU(>EFwTOoh*Sm9krVw@@WcyJ`(P)VD
z(^#AH2!79C;j$r-N_9ef7*9k_Or^_w1kOL2jd~A<=d2}@FYV$BSw>l!_8+g~3!T)&
zcUjEl1K(q<{xX#8t3EQb1}{^ETUBYd&-~1LWg04)3*3CLi-r}b1S=o#_ygXi)Qf6J
zmOjB3ezN+ymUZ-1`tR;}m*UA@U82`Z+t$~}e1jC8upgpjvI*mW(VmGaR0uECaGkp3
zbqBTn%tkb)%q$M#ZrY6Eyy!w%>JT68PKw;uvKFH8!isTTZ{x9g-PfjZfuHe(iicK2
zpkpv3%I#^FVoT)4JTR3gx|#*yKY~KvU)-$+FI-1et;OmwXCMulpOVhp&2S;q%~atwFqy!TUzb@p!3-Cn9G}(tVQxz;6$&dt#+$=
zdw7wqOgXInTuputs_fC$PvP%|e*hoP&}o5hPb%-NCV#m_-D5w469tyxVPCOGj^}Rk
zKrU+b%`+6yfrNVixp-d}{k=OEzQwY;RCxvM9?(xn!^_GTxP8j3M*N#tPNAoG=-%I2
z^oBrB5S?#?=RD6+ZXL~ZJN;XO?pjc1?Vq#A0}h}ysVPX>-043a#-_yx56e)0Qb8;c
zp+0?yx>wl?(&;8)zG4lEFE)f!DCVLhn^Q|?Qnd*90t6Zzn(Ky>{Eho5vtZcUie7Fi
z8phoulmB}M40GF6i_4H0Qs|p4&dV;fMQ!12rg9%C74J6tV#;zkD|>eD?QkxJg$p$+
z{rP;g->9vjiMjFHqL~9*R_4u_J3IG2$Qi4C{7>(bkOu3lkmM`6feBb@{a8P2#?9?h
zm&I+CfrR9*7JJ2VL6IJNk#v7Eu4Zk|{D%rWXqapI)Aa4|(B3%^xu#l<0hi-)Fq|6z
zoDb}FGpt%Zf`LO0z9+tDrdOn@)L&_3XLc!PWXgyc`tN3luTcP`$CG$LHaBDm}vqKxa
zRq6o!`hE5LLGGJ*t)h=-044s-
z7ra|3dXO+3qEEXs{A&ucpNE>ShrrW*qUt2m|NDfi4vUZ*!4l*+Ef^h~?-uN(Q|G9vKgn@tKozDK&K?$SHI5j6-+-w)IUbz{(Z=RqX
z^11f|;Oy&9Vm*uoK@>v3c2~~4nPLs36zOAHg-OAAIut81ZPvAb}&a
zrb+12+~RF3Q~WoSP^ns!vmaKq=b!BHBTq$ac6-CnC17rj-x+>~&H8O8(#zJNhQpU8h@7qwp!sr1;SFn3Ix9#HMZLew0sH*Hvm+-3g*YV!?;O+C*l07TZ
zLDvZHFSN~;Ss(An#r%!zd?4HQMyZ7RhWOd>glcOLdlY8JwjrT;VJ6RMKyC>$6dE}I
zO44ph9;Sps=tBpj4y2=wnEQJhJ-X=Y&r=VmS3gh^I~!ml10Eux
zRK=IG(oqJl`LmRK(#SI-6vaJCIMH4orZHt4CzoBmn~2!sX^_BglH-U(p4StIo
zouK%h2@%|Q$Y_PbbEcTt-i=|v76!q4as6q-jfb!^B;+`Yh)m$k>?Q!b(365M&``CO
zjpt(o04(c>Mf=+@HHfeyC`_5QoLcBXNANXNQ>J%S53;EzKq*1sbWsk6N%Qsdh+!(R
zFqZ>TN(3Ee;%#u=p~oi}ofYWN#&~-0VAyZ3OE^=+gX?T4?}0h4;2H!i8wa2?~0@)WmhI0_x^-v
zqrT~5odBVhitrg20|v+!b7~Nlp~uMdS#NP1$)vYjR+l3>?(U;c7g}usE|cRjiDxr-
z(sB17xf*wZ?JYb*mdUkwsb4vX_zi@SFTvzOmIM
zdu8Rj*pUxZxiq|WiYqC~Q;Ue8(C<@K{E0|^$Br{oE-JkU+@mn2wI0(RnY&j(DT?B(EZwT}Pf
zqxL(QCM(tYmM-aK{Xm7xW@TF2?Xq1Zu=TyDqxAe+C)X*4KSO;_AboxMb|(WjVCIWpjMzbj)NT}9R(kGVzXrT0Dp!PhE!Ri5<~+|{TmwKp^S
z#iXE}cc))7Y*GijBANn-tRgs6&oNXyaly>5M(s)5>=k3D+wS@}E{ODfkig9MYA%GY
zP4U|=;ifJ-y+94JUj|jQttYT=MRkgyqFdnQ3eS3^NJr=;sbd2=f?abW4sNon=;7=5
zjEW`q&@bygnK0*^s>KP#QBGJTj)uKkH=I6
z{4+>iRys7_G*~>YHxdqU&0|KdFWtK%n-hVEIi)c*I(~$-^}ZKSZ1`cVrF*azcx{85
zWuRYkg1OR5^*-JHfdtUt*8>CHK0cJ1`K1M8o=~lq
z_AD`6$Z&yGam39g8?DA*9-0n0Sg>vOwA;?ckZ>Bc^}Vh7wX_Ra<TX3Hd&KMht706SM08$SBcW8YLL^vA|2hx=Z4
zFJGn{j<0^6TpI!SGq!bjD<&U_Zce|0yuFkAIh-|uCZZImcTL0nm{Jo|;h}^$Kg=IC0Xdmg#SEpd*p-2qp7^YDA
zZvRzOIxTMYE?%eJ`e7|+tK%O`%ij^yK$y5OU5^F-!j8H0!cObelgM}*r4GXS>pO%p
z0STYm_9VF}n8!YfEMSzlyGsLE%3(ix;b847*H`?v;~84LyZvtfrxvRHJT|pgq=i&f
zYoe5{1OqMOlt{8W)3*yI@rhN>nbK)sJ4UAy+WH^sDMZ;FZPSG)Et%
z?{4_S%Cp-bbA)#Z726>uG-@6so=ot^<9o^V-#&2nuF+&uGFJTfdR>V+)vD=Sth##u
ztMOjNoK7TY^DWg#<+6`nl9I|o9`oJ+KI_6d_&m?8z^cs?ga**x^#Ij{$@{sgcq!z=
zgFY(+E|RVlHR^=YvRy>+ohgmIpiQx&lhrpjyKn546cB5|mvKW)Sz%G>_h*W?
z+_(Qw*AmM1?(OMm=aW}QQ*+1#pzS@{FlSYSp&Hw$yMmK*f8iCzTrMawIO
zo#0Lvz$)5;M}RZ*M`a0?=7{C9K%&+K+$EizoEnYy>f+ccZ@jtH%G$q1=?IeE#aiCo
zsgaqJw7Q&0fwfilXL-SORp{6V`zGZ~+$96S*|Smh1Q5
zk#fZL0Pcf6+H_lqN}KG!O>R+;{M+&}Z65w(^~o8=LroA*9en$GWLRZ<&7BXlAKr=Y
z37N7avY<7g;#DUEJVAV0*OBE>qUrdH=J4sO^MAH!WeTW|ZDI%%nnn8MsmMX=sn_0S
z<6o1!)`Hb@2?_B>fn@7q82HfFle*JZ*96*qdVcS#@xwIZJkY|96nzl4hp4@qM>QPF
zpUuZ*I6$Bwv;Rm
zFga!lMNnS4n!1HKWMGO^QoG$Ty0oo}Ay=ki*4`!kf=;Pk#><>`^bgO0CbTU{`d*K_
zvBHRgoK;G-ia&K_e(H9^WL#iaV`wC>vTv1jj~$iwsAftOlMhyl47w_-oS*eGejS$?
zt@kb0#-GLbNzxr#>mTVs+;e&>ffM>$92!-32qv7E@^{xnDr51-wXe$jSWQFUJc<5cZ5dw&ZFp
zIN*kQBxZ_zG#u9^Oy~W?mi%PCys|{jy4EqeD)d*7d6WB_fZy5)LAeg5REMre!|
zBXKZY>XnsCwTmB?aDtN!#YVm?DG$=SMtfa98pH=Au4J`g_cb}mo(ciLuEYI{)YOm;
z*`?__76JE{7wy8+J#3`r?JOL?Hg7{pfwDj5sU1Q38a*DV`Tv>&{i&cn`|VTAKn8G|
z%F}Ze^Dl@)>{Y>IT=a7dch0Rw52BN3Q)KEs+A&TUELxz+HB!f9M}EbQ^6G8q<8SAw
z?H8Wv0VgeT&#h8oY+9~1M^8u9+KreDGM$Ihul>%Lu80oBbKhvmIQO)Wy(`qk?7MDE
zc|eOAc&kVE=8}>w*z3}bIDFGL{89{xoz#+pr!Ye-uz}3jgf@&k>8@ZaH5%o0`pSmB
z#7(6zN2K+giGn#GQ#9;&^R`&RbDLW}Evm_u&hkEj(sg`C#pAp+Dg|E~;jXV1TodF=
zx3u0@Lf-6DdlnkILUwe{D!s^S_%|lJdA>|03}DL|?@t!9CmT-BX(uNdKSoR3c;K1t
zVqYjXg0Jtg?Vq~A{nA2r!;gVD1=1f0&b}8HYXSgIjTGLwG^6PDyE^F&=qF+P&wp#!
zn^F5)j-deCc7`B6N-sqIv@x|%n*0|27|z6KIFHK4f(~aj$qsVY9o?hPrSJijUM(!G
zejqnM??n>++fuzl<;RQD@S;iACf9ppuKoEh@Tq?&;E}`~_wCkNXSG2QnUr@p*RYc}
zvr?~%!jHBZMTc8xLM}i;JkveKqJ+()Wye!WRcb}BaJcwz==kqM&^_N*Jj)4x9zI88
z1RXhbkf+f@_^i!&ce+`$;c~-pn6FqL>${cnop7aEvG5uu{PT$^fq$ZaFdD~)DDR-Z
zwRPRA^_)!P81jIBBVfO1evjmp(Qj#jM-V{u9kdO{1cn*4v
z9vK{h?THd_wxFs#{k#FXFExS&jHR8yY4^O0*&Ofv6nS39UfuM^aJ%@|?ckE`aRZ6R
zYgT->PBZk^DzD!fe|s!1qEl`AR@cB+?7NK-Ul#S>Nd?n{9#iL==sa8NVqd?7-p^`1
zBf!}rrZ(qi&)e)PsXQm2Awmw`-Vn4@Wo_)MI_@14Ei1)|J7Lc#_wD9_y{j-8PVF_`
z|F6%U=Z8dm{4vF@b6YKr@&9drEr{b%?uY=5+N@kGiL=KkjuDuhg`aUq3bS>WL<+_4
z-;S4L-MkT|zM@);`IA0oS*dwOllG!;2^(F?<&yv;=1I}2(16P2^|$kd_s_34
z9$Y^Two@1{Ns9M*biNLWasPI8kB;k9BlT5}!*$L6msMZx2lGvwSd;Svv)T{aLV{9i
z=`QWGtJ0gA7R!#q?!Fss{04js3=tT$aY|m(h=NFVP#LaKnaB82zQ(8ogHEWo%?q6(
z4|42nUL;@*n~~s=h`<>OR55IQ7X$dasto39;aQVRW{i=FA*l}P={rWbgKex=cY{Cn
zs-Z@T3E?uzBjTg(d2x7~`z!+)Q$W)~{mp@M#9m7dVGDZsd{_k%P2D%C8It&Vk@=ZQ;;qMjff;ZnMHAr6q?5K_`
z#o+UfI0J?l;_-(+I_pi-TKPwnM_3lUI(xA18YmR>rLLIBD_~J!gWu1m>AT-2{qFw_
zXw^!i*;C~x$!WUc=-Z+n8m)_7Tl6`0ZJ57=i$80x)h|mn6peZGVA;+1p<^j~M%P-n
zPmaoxzb_!@L{XxUZS3*v0Lhyh*na-+yr2@0>2T_8z`6>jJS%{`DpE|(LE1>S%zJ)P
zwqmFf9wXJpED3sS+&&hu@%zX)B4F`#@=VH{A;^4+aSij)|HD#~Vslz99XSi`YU$oC
zlTwKTt!3)5PsA*(H4aUZ
zA4~TNDUaVQ?{%_Su3jOZMxA_p4e9Z70_`~G!KxJ=g|=BSR-_wr0RO$iY*fhIK9~ny
zI{&V-F9I1sSmr?q_KY7q5+4U&UceZ1?5}=^yL9k&$tH|%W+pD1(HHh9%C_C!KACuOEIX96=(ej5Ds6R+yna{f&uM~AN^O>xY4=M=acv
z*yZtg_YTYMws!R6Y
z_Yn%!$(`~`tzB*K_jT(ZpbjB|OK2GfX75wg<43C;WDleMr>u(xB*b^BuD7AtFoNTJ
zQ^?HZJC!$52$$Jetr+ht6%t)h(%Dm;?Xu+CRIhe~=?4XTgWBz8UJqlfUH7T4Fpz??
zQa}$YNtZ~rx-0>yhMl2zQa+C-mhSb_sC+s*vQQ4t=V^O!%Wg)tq-T40#ET=CwnqIW
zD}ho8lbL2NbA_0h71kO^L6!&ClQY5AwiFFG=c2v;-tGcew7K<*=+NqtY4eGc_Q6
z+JRwXgYcyv-9zfwbEG_OjO+1;X)tt`Y%56dzv3h@$@@lRFDB&fut1TC{E&I3WQkQ!
zj5x;2rjTgC(JOS&!h+UN9cv9l2gv4wAX`nypCGIDK#kHf{=4e0J!6zr
z;)ZKy@Ks*{>^fU~kNf?!^R3-Ir&gODBJc+f2g@t&g6wTN8F4m?JaN+RIsOEMJ{dY_
zdYnj`E1SI$RO!CHbzat8VpFVFMGaXd*WN$QXREqTlD(U`JwTN=zl?3!Bq9%L6N
zSo4(`@yU#dgnH9f{Y#vUlc&!NO?{>$UY*vUvp=v=YBNYMb*&XB-uA+J*46*E;
zE#8yED4aFCoWNtt=)^!cBfa&N?)$
zEVnL<9{-NUQ^jB9&SZWwJ|B_YzdeJ-h-F9J%Y`=Ic4<$&pPbr;f4LHx<)vJ@
zP+sJn398eK=#<^D8skEvSyR%MmNowl^!4;7O(6+si_yIA{aBQ4(hR{zu^m6B4`dq&}F2
zV=$vdNeza#DI&M$kF2@_Fmr5kKW)5laJ$2Y6qE8;Z}ECSxiyK2S4HKATNvnC6v!FBbJa@Bi)oWB3VT%6B@myJ+}c
zh|vDe;mEMdHPYdYM(f?O9_h5mWvJK2{SfP?3oF-tmIy&J+jy7Ld1?PdOg-ya+pXMc
z7NEl1=uRR7zQBaAcY<5nnk|=2lP-eUO*xYE#ITX!UiGFg-<3~@1?%b@nJ66sQ;)~7
zyD2Zd1#0POy{yaci29#PRI5u*q$)+K)U2<`F1K7gTz3DQ*UHmNc(9yzGo3x{t<=e+
zIijy|Mo4^E-pS*FOPAwZ3+w~fU&FTAD13r+s146cx_GT%EcLMwDCs&Y)72{1r*RK+
z=}Te;E`bM?`=U6p!?qJ#*Hg;UTrg
zIs!-A%sTjjfA(|R*_}Iw*1yeYan_I5O2eJMv2=t=#aFAe4%xZ*(&OGq!mX}4e^p5_
z{kap<^OC|yYFl|AgU}*d8@fpLw(Gimt?ds2QOdh$a&J@Au2turnI|r`{N_T3E&sY}=a-HJj>R#A>#GTF#_WdvTD-NobR$TS
zxhDz(8p1TKgt@>_s+s|>Ty%V2x|G{zMT6lR^}4-P93^wR|43SN|JblNR)ryLU?TO#
za_2MTeahiKAJsjo-wZX=Pe1X}bACF<%Zg1ru_ng*FPC3EjZ_W)J=Dc
z7JrLd0H)DXshMVH#|psK63rlvzw$l$=1Bal3^!MR>AzENX#8C73h~B)_~ENL-PNzK
zR6tObm|t%~6}Vo^B=_ZpcK;}aa}8-r;CThP6VI}LWaj}p;Qsz&vG@B3yGBO0OtpF3i
zSYY(eClf_gLjYQH*78+bf3D#Z&DL{Y>Wonb8mM(BecS;&o_;p<^ES%?Vs$=w9RB1S
zn6n*9+b1pO!jhOe-8nliI$~hwXTZ}}URqJ>aoBQ~LOx_Ub~Y%jZ-aM)mdt#+&qq8h
z94WQ=widkU_N_3-OXJ+9rWs?Qm#@<*Ixv?vhzri;NYe@Hbo=S`oLu$M@C4-3
z%pY!Spu*r>bQjM6>hl(p=)E8omh4gh&Gu|jr;hq9i$)YHsX7fpz|&U}Ckk&b{BWV4
zoVH9x(OvDq%5RjV8II~WgpR6<6kNo`v>U)nSA83vOx&36Y?kk6o?zuG-SLcpHk*2}
zBN;fDs1HvOTyv!&ycUy-U(Q+siUNUcF9X?;ofBDdWdQ~^wXHy%#Af;-giT=ePz$Fxn%-yK4&RIFWx#gQ9NUHS2+!y@
z#Y0pIT`pKByg$yVl6~3)eX^}XJ+VpueT%A((|>O_o|$y>5#yO`+hN%fwykp}z;Y&m
z?9LE9T&(aiX`1J=KeJ@l=H&)`*XhL7%vo#Czt&tdylP+yNZMvj#ujYNNnUo(9iz8QEE<;0$3@=l^W
zI8Oe#d1Com<|qF<*=Rm=o2yb0>brP1l}
z!nw>An}az1M)ISqi4?%Ejodp{5*1N8%Ek$2p^h11v$LYB#xm~(vivEo>B#-ZuPW`Gxe$@eU1@swXvH)z5
z=UnjbB>ONc>6rA9K<6Cp
zJHVSXo|BO;CC2E8?|=W7&P;!n&N>dfUk15icZO{k#&$3C>zPjUleYh&DfBGUv%9Iy
zvm#dm58n64%HT{mOR|XefV=~AYvkUhP!IDJ)nAh5u#MuNo!GNRiJf0V@E-bx8T?)W
z>kHgp!uYl_-qsM??mSl~%hJ9i<Jz$ahGI+npN(%m-TMO`<37K?&N
zm3X?lTD-Co-yLXe3LW6F^g!L~fo3^R@2hZ&wf>e=moHtE0DlK(XS!3*pg5oskN*03
z9zVQOeN6hv+2i7=6#8d~^Sv3%g23x;&{d4@GsA^;1yLBkWf&U3s3P6h1|4-@$5zYd
zxnD$ks0FG5^91}(M^TZpv}jsU#dv;4-sk?1bs$4q1^p5wzw%3#
z$9nM@j{)0%mD}I3Mf!lh1LKl+!_HuaEdab&KFAvRa6Sj3oIPtp4&3c&L0}`
zAHo$k06%v_rAFi4N&Y;q!*6W=8Dsog&-<1^`}phfv}d}b3*g4}X{BxRir@K%E?yBgpv
zEVSODC)i=Yv+a6<9R@s$=z5|pPPF%tM
z{LQk6j>`Ho$*!P~e9dr9V!md-q`CV%&t1a}Xj2z2Usu8U89K8nQPZWcJ-@+!t+>I6
zK^iMZyR;&fCC*K;eKR)~_@Bhv5I5@*t|IN7mPXrrY
zZUWj+;NLe(^@$sg&x6sE_~Mhzp-aHUx!3NNAEA2LW3-?`k)UE%UVD3nMU3-)Y%H=S1~q#M!xVD
zME+C#e!r*!I7QNa!GZTLMZj;m{BX90{m@>TD2kZlAtnCN`B%R;CryMwPHO;O?k?zK
zGujRhr%@~uXuWGfv19V+^?D&kK1
zjrP*mCi-(&9Sz=mv;2m1f3GcK{C?7L`E{#mTIQ^uX_4_^rWjAN)Q5zx&{K75uJ---qD626zu+
zVPOnS{Ja3~R%g}5(Ffs|-w~G=lmEy9SMI(T|MKCLtpB-Q<_KP(&NSdf
zYQ?Gu%0cxY`!qx>6Cp)LaWdT6T_>eSM>P{%9B)(D@i;(X#uo0ItAC(;@J
z1pK><|5gWkt19^4pD$5un$vCA`<=~uHQqj~3eL+MKgMc{(VdC&(-8j)V`(<|N2rwl
zV=Lg*6Tr7V5B%MqyMa%Dxt+foW31Ul7;x;@Fb0pm1S|*5aE5JYz1!K6QH=
zpiNb5@#iRYKnE`+dXaOw&KIzjX&JV^mj4oPxgB7+Qry}f#x@)a%qZ3GvtjJ9Edj-&
zl~xf>T!67y{4KxB!T4Q6*cRDpO+(*fJlD?;cBJdt`9OQJ#Sc1a;S9+J`ha6b9}&gz
z3eX6^8{3I;s0)1ZQR0*P08ei6vi@V^-W;>P80xqJD=D7)@I>v+g7yGk{p-l~ZFG;h
zoh;N9h&y!T4IJBlS*C~=T>el~=&H@E|K5nUT;}^E(>uh|zCt|hKUt@6?ncRvRl_;j
z2J4A9kMtquv|iC+&EdJ!y$_9*oKk?sppLHrZ6$0T4f$&1FB`wx6ngj$KL6`t@NliC
z@mfdf&<9;Tg=^K3{%%=dj;5o|3}e%NeQX28Qi=Jg)WE*j3j5*-IDg4!yc6)Rvv~sf
ztGX_^{jnWnEws6^!MOG{s6LBBDV4EsT!rW(gZ?BoQ3Yih`X^}0O)AAyQ0z`k(n3$z
zW331xea;r8eq0-j@#wSW1<{wG%9`f~dH5sEdUzMw)!>%1RJ%V+d%T*0N
z!vL?N=r*+yV0Pi0`FPISYf0uFF1A*5pQ&6QH~!k><9Ar{{4c?{vn_cpjCB}TSxfe?
zXIm;%v%gYD_hMM*cR^;>4x;~b)-tseZM5Mm@c$OxhcTbdQqoMQ(jrwmPiXH4
zQp!rvzZ>sQW?aqdzhQ6AT#(6)x@l~0nWp5qR2cWeV;f#y0%OH;^o54cFt%f^i}F%7
z)V&Y=vZ1a`$hvqoIV=_9)@v55*DPD5grO{+v5
z%Ir#(e>ce3$5=NT>cYDnSQpzi>ZWnsk(!D1EhPWf$n*J3=qKu3>gnvM3O0zENHy6u
zjg`03{p#qReo+ei=Jx^rzvyokTO-xh`19}6EPrpRk^3xDsQ|jW*^g_DzUS~6Mt?qd
z9?rR~)`w>|-nDtG_ePL@Cdm`w
zoFaZI9%*L?{GI+Lz_2VUi;I1j#&!`|Koe0vnagrp&$YmNS<)$XD)v1Z@6dLEW(U~V
zZ^gDx$G)CxSwgZR*`HfBlg$V2-&sKK<@s`);vYW6_953^i}Ks5LK~Ftv$!Yh`+r6E
z*3t5Hrupb6|3keH{nPu8H3iYfQ=e|gwmF4;#~u&9B-}_t{N^|=uG=>FuDiUJd=;}T
zn_*vWhJ9H}J_8vP$I=@Y#}es|>-1J1@Y-&)fyRE}ov``6%p~vObG%=scP%CE#QbXt
zt%3C41ehJ?S{~@gg*lWyoL>Dm4Qge!rNV{hWn_7Cso}%`{vYye37t*u3Vs3HBg4Q>=ezX&I0^`XL!dQ45WKWE+gC&
z8@-ndH&u?M*|G(s3SvB_L!8B+C`-Of0MxSv`u|KzS
zKelBzudapmbA>xNo8lfdA8bST%*(d(p3eR+$ur=13>r~otpNFaEAUSn@y%P
z)t{R<{*UCJoj_A7DAw4ymVDY@(tc=x+Lpk7R%87B)6Pma$SV(}IxAy$p&6_jtYqEb
zFNlu{8T!BKy*XughQqvoyaRGTz8`rT;G=wg=tHKhPQ%y(`$Qq|db)=Es%pe!oTh8b
zf#*9{6!;B%M?W}_(K|np(7*N{NSi&BwH?5_ApOGnRh>Le^Z9QaPbc!1)
z$QI58bMGR!@EI;<9`NgI%M`vEd4mP&g{J*u)M?^6+pfmEAhL~Y(tFetD$t)7DgJwb
zAN|g=DcA3ffRAVw`*Was$jg-lk=|q6OIa3s4`V<&DJE0)Nb<%3vtKE=R;y1%iw
zD$&*vd9!zJXZyd;?#-EMoXO-m&BPz{d^Y+0fSqE*Z3g_juCo>OI5)`{e(0xyeAR(t
zGFQNEmf;%!PLH_P9|3+SkkXT_)je5%w_FwP&ujE=J@;?z
zRmtP`)lNb`vagEW|Maq*?K{kyf3z+JZ^HYZb*Ni`y#;(R>DoTfDBf33g03xFyn7?l
zBa}OX=USXZi&DuCttvPMd{kBvd43^0pB}Y;g#BzQiOT)-+ft%hO}~*JGxA#`>Wk+l
z#9N~AuQU12k{$`^i?b_R=pE;Zx{mB0Hih=q@cLgFe-}pMzjE^TRngLw_G(k;qguZI
zxN`EC_lf$^#w(?N(^UL*74X-psOp5bg8QmeU&oss4ec=kbEJI+=Oo7b4`lD%$GW6!
zfZtmseEv7>S{2=W=KEb3U*_S@5ni7fb*Xujw|10riU_qtZEXK?{
z-^q4%b35TH_U5R!3E!zvp{4^ZHOha;DmaIGVU6wM{8uE*Z!^pl+-Bh6vq}GYYE)Gzhn#wcinfi|PrQ#FTi`^U
zS)^sR)92jdB%Kc0>{cWHV)Y_VH;g%e7291}z^W6@jx9i4-A1p>shv+TNAZ3bW#J!0
z^Lb#tol2t3RU~Va!Co&72Bwi-et0I}V@F(km;9j6Hn_1ooqRC!gDAhCA11z!biNqg
zH(+4fnE>Mqq$1Z+u3=!1&j4{_fLL6Xq}Cu9tVq+8zX5H%e_w16ugUm0%)vT#!D0Ka4xNd8+Ze6u;&*mgCh#=
z9k09-S|{&>kX}y3hc+a!ALzeK`v0kzpM>Jk)^uY$S`Fxv59m`m+pwsVPr0r$47{jE
z$;WoJTt)5;+;f5SrG(G8C%gtdx8zY=i~h5UTw#l}19_M4aciMnqr7!ik*odtO`&tx
zM#p=Z5o6&P`F0G!o(Qs?dM=a|0)5F><+Z5_x`?`Tk_vRp-^1v8edvu@Z-QW_lu2|$@xMK^x;u;$$QJueY
z`euu|OLCR_x|Z!}shp^-r75MQvaRjWw!Xn_-Et|#bq&G%!kW~;nqW-cCtyvUpVWVu
z>|ZX8k6$f)Oz><}-vd6gbSBy4$obv@@>c18^Zoaw(S31ni1~s)HnIMHt>m$__NLHn
zT)%IvtPi}~!9!gC*IYlcR^ohOJZ!rETZ^`9cc{6?*AtIvAzEwMjeY@EPpuaCnDlmo
zxyM%qOH)yfa0UN~zTHqKFsDvKdfV(!y%XC1B)|`(cnDsacy~`?en6wW)P(l%oe}ak
zdv{M_n^WB{^sL#NQ~R9cp=XdT-QH!C!#<4m2mNv_S{(YbayTeVfDSwM6Bm@%+(9CCKHI
z>~Fxo?rQR1JXsF1?{4&6oM}5%-p+pK4a^Vph%369Ma^!s>lFhV)J*a2YQ^>spqVZ&
z+ENFmy`_vEI&N{963_nEHH1yQK0|Ffd1dBH;CuEkp7=wz3&?p
z(w@j@E0LZr=eC}KdY=`wr)az>FX>i}5%)D7C!RlO(>nvsdmP&gC9oRDn`wJj&lD}I
z({1nTIBq%SLVa=cycs{fY;Lo-BKi2zqP7#p*(S$koNYZkwh`atV;g1L-ae>j6}1PE
z$2Rh{eOmaVYjQ2G$quMj)w(`tjMYkG-QZHVU(me?`+4bWkP+@
zh4(%~K&$pJyk5Qq{UL
zh&+k(3;cVzP_J;czt$AGm2Jb0m1Dh{U<&flz_-jul0Q(wM;zJOh4*3g(9Yxk#p_S+
z&ks&Q%R6B&b+(!4VEn9=t7Q{<36?>feOIVtvrsJ7`cWqhvd3DqD+)|=
zYx4Yj!HK^8s<BAg|!U
zoSOqSI7hLL4s~oW52*JyY&qhdx2aLv4}4w$&+X#gF3AHT?E%@#GQSJ(vkT_BD@|;M
zy)vxlil@3Z@tkGDoV5a8O{2VWct`M#-VE!3bg|ijIaBJq@EK`^dBj+c@EJirq}cd$
z{T1L7urBNgXm=yoIv|_|i_DP{7UyHGGKvq{7itQ9n)Tu~FXI3CAXBLC#rDVs*9h>K
z`MgI4%4jc>9vJP$-Pg+J2g;DwIX)#X-Da7XZ!@32jR3FV!>RW_+Q6vdna*0<=pM>N
z2A>V^-w6NB@ZV}fdVjop_~Q+)W9)Rh5l5Ew!N}8Gr^N416=Rgf;ocGx?p-<#_s$~R
zTcBRfaHa##_nZm8@poUs@4>iuO>2V~I~MU3_Ycalt9VTsO84fR1$gmEW#AN+p)C71
z-nZ*Ykq0US8srRC+W-#$UU4)|?mJ~SGoBkbihG!JRkv!|WoVc6RgLWA(2o!A6zZ5h
z1m4uN|AOD^jeK7KHxAEfPi#oKCoJor#}*7?
zUjrX&7%yhHV@|E!YU7-Gtb0SdmW+h`oe00xHXqhq!uK=$Mu1(>u3tYKo1i1F(;-zLu^yq#}u!e*uN-~V{q&c
zYdXE6!0*G{l)|OybMY=|Ey-CL>fZSNJl)~cr^EVI-`5m6#5_;`3aM+sGKI_D;j-se
zAYINUdt5UN3)g##>uoo|z}W0q*2iUyrZOwP_cE7VYbs0Q_g>^O%~WRN_nzf4x2ep|
z??t#Q%~Y1c@BM(wj(s{-md)>Vaao_KES2ATlFK5dGL_$JH~il}Z61Ss?;$R`-Bjk`
z_wM7eT2om%zjqgxc}-=-{NC*b|7$9n#_!!~_&=G-a{0Y4aoNzPVr3{ZV%ZlA|Nl=J
z`ZoEz&RG9Xp+D#J=$-qsyq|*f{OBIsr=B?&7c_G>;9m#6dj-GS{HdvPsgwTWQ__BO
zD*Xh;?*X}DH`>GjZ%4d$Eyx+pxvPA5myr&#Wg6P59>@KExV%GXuQ!l?$SP@10evA^
z+3~9~!zYMhE+|-U70`qV(q#s$`NU759&=R!y=!3m1B1RyW1af;PfEGN3Op~$s~)p_
zLb`_&sK@R=`xn$bJPUn8U&sYQJC*ME5z3krqdn0c7WsaT>;H?TALgO44F}D(!Cqe51I6-=bSfFQ
zSxn9U3UL$q5YYXMafYK$fz%b`V0>-Nafo;OWOI=%{tEr~ki9V8dFR4274N-)CVSx1
zCjPo>h47%w{Q$-tv;hqKjXax`{Rxo%MxVEto-dQnu}zil+sVHHek+c}Krf3TiQ_@v
z2&8@J7h&#Knz%gr{#5k4@#4wzJE8si49>9_77d+gqM$R7QUG*D9rn?Av#--CHaPR=
zc`J%hjuPj411b619E#7L=SQCu;2nlAcbpw_W5O9^V}7|FJnuAY;5@)%eS!5;5h!c7JmEySrIGy&{oI#!DqFP^
z<9+%;hW(?G@7!UT?~=ZM8(iY)rqBZ{=WKzxKjE?}F8ex{RW0ZEIzTfJek;Q-#^+YN
zkA?ls{!Df&@I^2$NKfWKpB7-;E2aag6=@mf7)M%AL$mk9N*<9MW;GRZAZTt!|oA
zyEOHD*n3ZR%R9WIExy(XkXs`Q%Yhyy0mCBC5`n}+~2FlPz
zDL-Y2W~NQ>EK(+#52o9`34BZ*?Oz!{Ctx3umwgNWev`%G{yrPH5wQfv?EHi|c>1I-J-x}cx^I{-t6
zb$MrxO}w+q1D{CyFy_xJiYHJ2xU)2Zcg-WmR(Aa+A%^U~>R(3tf9cfmMGZc72K!87
zoY8dL`+(n=TjT-0D=q|BVwr&c&JTNG@B2i}PP7Z8`1#QPEZakRCi|No*vk6vA{m!m
z*^V(n3nExw6Ez(&w{wfW^t4X)($8`I14ZN;Otx*xu&OC1k)L0~_F3|MFTMYM-22b)
z`>pW4car!2m3WlI{}=s>_kZjgDT-qEf5pf7{*PtGL67PFkL&k&V)uU@uK#PUAMqr=
z|5L?K(6Vko8;#1Bi+q3jvlH{v#o199$2gw77Up*1G^V;Jjbftf3#GIp0m-DqY4oxz(!~
zaZdgL=VGdDupHY|pv{zo{w9Sp$E$TL*U87?19;!MF0(XX{W|$JV%-#wcg^*);^Mcs
z3ttp&ALUaKIlhfbET4+acCg&KtX4xEX)hY}
zkHOqF@GK6Nmu*MA4ELuL$K6Bm+Ny*nV)i?u``;!1+Wy&DfpWyn-mP~yAp1mY_d=Hd&ntvqY&|%&J3#<+5Cs5B6y|3_yQj3Fp
zih>`(JWNkmFMn9xdkf|%6YE3ZwBsPZhr}
zZAA;%2H0DOG<)CzE5%cj3FaKWHo3{G;`q{%})g+dYqW#?K$ZbFt5^%qvClp@jwbo{iCa
zw{`ir-YDBheg$<-k`_(x3Z!JBpVqK3$KT;OR`aE9N}j1l_Us-Td&%hIJDBf{aq5xl
zSpSi?Hzyf?(w`UG-&wG4a^IJG&(3?VCvWojDeZX^uV3q~$2$+a))ZR4mid3E+x&P_
zD4oyMYvK2S$C^T4e;AI#PgHNS^$1wr0;lBa7ft_X?QJ$
z;PYJxIl)&Hr59Zz%y(gbHM>D
z;I~@3r43qP#AYc`t3+XV9s0F0-wWTv{YoMEbHOL_uTGNpErsDW%dtJ}mTlcC%<&(U
zLRT8|YU|lveQhqt%G92|Q-$`6zX9?Q$9(bR8Zly(i2STW-9e!R_9o`n+H7@Iq}!aU
z;n~VGXr~9@_yC3nV1;2ExiH?=`=v|>GK5?DjOTbg!WC8=<+!&&cDx488CS$Xxf@*J
z9RQ;kVBj5UD$pMP@x8&(u_x8LFKYJTd^u0o`J9icaE32}^K&7Edvx#l@3Z?0>ei$0@ydoOaMtzcwytVC_ONcHW2?-)}&C^qeEKfa#g^Y%Q{6#6^+
zy9_Mao0B)^v#{9;yM?lOr=kBtI=%Gj)s=m)cfQGZ8Cit-zKZUK?@L;oZ7Gao&(u{9
z%&AYT4en5!IA5e=LmhHG?4O=Btp8mkZFmrG|DE_%#f#$4x7J-N;hprZuwr*Lz~1>f
z%jot+7{B)Lo`xsS>(cIN3VGPJb7Udxsh8IWtDlu~PQE;j7t6H!V)iF*EJPdlRsL*{
zd+cc*ZxzVKVU7vXvry_r4`BRJj)fas7>mUH85dL8X|_FT$icXmmj%%_
z#;2g|!e!*^;DPS~>gL|x6k5Z6@Ls5!2{77@%lQ&EsU!H1ancRtZ9tpGta{;?wN6Do
z8osY+JN|el=3lki-YqxFPv2qwzykcd@f_{*GbMkooB8{|Rg1NMl7DD(+`Zwwn5))y
zth{56DrGUKXUJli
z>@8w>e}xNq#If?R7vSufRk_fxcdOnDxb;7L{|R*tJiv6F{aEvtYm@`#D|kNwbyslR
zV@|0zgf>qZb(V0Q3%Sk#sFPS$$YswsQO|#*Jb$@gH}}QO<=dbjD28$Zim0iN9Lb_yEZNjB|ZZ=N!Pfz*U0$mZwx
z_}h^DqbAQkXyY7ife+9YRUNJ;+A~PBCyV>=_JRa@de=&d&yIHNo`C$0{BkY5dxYM#
z@VkC^*ZF9(PkVno-LqbV9U2nez+OQyf-rvSa(FadEYL`6%ldQdh%PfV?4YUW3tp2_)f>MfavRRHPf8mv#-)e^ApA=
zwC*%9um{_*lAT9hCw~8!WZ?7&+JB-B+OXU8JSF!P_O*By$Y*?qADoY8;#m1|T7`-8
zP15-{KVE+JJSr-+_gBK4;l1JJ=($rhU*0`{e03^O&Yd*=%lwJ+rv^SK!}S}kGOgdY
zcy0#HgSnygc9zE0+gVEaPIw-_!F40&$$4}>s#TondY7hRj5f3nFCu$EgpWMtlDPFw
z@5%%D(HhI&MD<^?<$2S|7cIT(|Hc-ac2T=HXS$XlYGK{1U8u9byEDWGl#AAt@%{IC
znB&UG@0v&OGH9*S`5lz)JS5{8@2=)|Up<%B0A+o~K^#K`;hv3g!8cJlg^nI)YI6KqHUg$8z-PdFu-D-`~;F6#8$&{sEr(-$$FJ0>HgBz^9@;&=ERI
zidpYf{fT68ZDaba;!jLGe@NerF>W*LKX8n2jw6{jJVh#Gx?4ze72lB*z2dzXKyLxH%B=!FWmh8deU7o&`kuY;Vj
zo5l`v;^j8#&&EAg5Nv>VT7bVTrr5g$6no6>$RisPy8mOHLGjr#CT;8c(*Gq*`f!tO
z34OU!g?1|Z3zG9YF@8+E|HXkRcsW{-LPb6HmkpW%u8
zSK6~<`v>a-{rsqnaqD8nty{7s{mf-OEWrag_Y)LT5`BKPVL3jePpGFr`cy@9M}_ax
zr7uj-O8z$<(nnayKDsKHO)+U)5%e7o#aJby9m|9Q#vrv@Fc109Iz
zuhVJ2q5a(s=3Cn5$-J+qpG_T~kFE3XNFyeRzf%qG%eItY8u{!4kCc;bA_c&`
z82SyezrW+*h3rcnli6&rm(W(}{J3}$8AK0@7`LBu0N!|n7Wkx1!?LXHs;)vizqP4e
z^uJlaZEbg8+zT;mcdXX4w!87(*@flvxcnA}jK5*u4&{!8(eksne4T^jUFs|Lkzx@!
zDxmHnJ&o(yxNfckWjHb1sG$8>Jl*mnnctDwN0MJFWWh_1sAD8+8=Bw92-F_2~
z(`WiV5&g=ZJ$d~3>1d>#$5eb|m!s4J_0
zHa0^W_jb$vI*Fe|I)%Su{H@a{?K)`$n@SeOY$qF
za2}>RbhIrEmf$@_`}q3_=~G%L?OTO~^3Wl_HNd{FJy|kNd+v$zx>PvJXR$1t#=4mH
zEVO5q_YOztocNuKZRc8n7#2Gbo1?%kl9`*+6U
zx6=3rryjqAe@5fCPc;5``LzG6*!Z$dW2@(}^_(U3d3IR$9j`QnHuBw#|Ex2UFB&I+
zU&ZjNP4Jt45`(XuA^hyK&MZHCCg(>(9|O!yc<3&Z{qIbQdmd5bee58{mgbn#euJO&
zQatTrWRLR{$2)oq-m`BP8qyVmUoK@knC6+%CN@L(fv#+DE`#?wDG%)YuIVx#EXAgnVA9Vh=zpZNSsH=XYnAm8tA3N7V171QN<<9u1xX>q#z
zjAfW>O&!jFc8&fe`kyy)|9UcH41UD3rx|uIL-K`ohdmD0${5$~&WOf-A$>tJ^AN9d
zT$D{2GT)K3nLNA;^N`vd9^ft0cO%}Qyxhob6+_(vEMMoEMfqv+^=gV^
zjo%AFzRim?0Dsbmc}?M2AIr|!CfOO~;55GXj`F_~tkrU!i)Yd&!m;G{m_+~6r^*jB
zHsKn~<93&&ldXfF?I#9nMSiD)=T_X^6ndEN&ok4FyeNmu`y)-Euk!QZG#Ps_Q#7A4
zbToD@>rcbAI$C~=bXoZ%pTj4~=OA|kN-!*0h1@9U{}
z<||ztaK@y2F#mKu51OjG4c!g8D}M4vV8wN4+RKi)2RQF;xcR@&}00pb<~x
zBeKDBG4G4^5g22uGGfrBA>Ip((=bj`M%N&mAC1r+#Y8ooHPzGP{xaTsm*3N-$=H%p
z`OjoeOMX5Wv_S*;(XhiZ@6~E!{Zl2Kfb}8%-x-%LIIkniqn2X-E}yHG;vRmN<5Kuj
zF^5Ka7s%}IX`-S7_w5yPwNkX_IL!BVw{sn1Y)|vpHqrBnZh-ICQ}Y4e>gYS}ZTJjN
zrjr`S|D;aN|4irjMKU-0Sb3u;2x6Y(xcsLnXpe`n5(-G?>O-F$$Ir{sOm)Igr&!Dn
zehunraE331{g**FSU@;9o${m?u+CiJI2FLJ03Ln`-a-FNSy$JQA2rSn)udlSzl%>0
zU5>%cVz@G&tdVbMjUVfi&u4n6o)*`(tcUS#jP{K9uSTDCL7ytfhdi(IUD)@lfsd&Y
z1)Z6cgUKAfKb^*bXZ118k+s9NH)lENsigjU#w~t*#!dd!25;!%*zCcAE*Hw|jvU<%XNBDshOy(Bag5H4qufWE
zjq*iwQ7q%{#NxLcvr1iRwVcmx`0S47U($n#`9db*;i}Hm|HV47|Br#2Qr}b%@qJz1
zr@(q0Q%rhlb3S6sYyC3ohR?OiIs7EZ?uof3YI&YVEOLL7zb*2lwwS)dxX*pVBH=9H
zyy*rnv4H0@V!_-!sN+0R9ydSBfCqs0u9h(g2D3zob7n$5=q%VrZ+*0Z^0MQ-y9ao1
z8_N~&8TJVDvvvA${047l=x?878nw(a@wux_W&fch>i15T8}n@Cd3NzUET2e^tp9(bRec0$?-rW)~&6~ws(>RG1oQ|$NUI8GVc_+x;BJg|*v9X>bD
zrzI}m+nM24wlbM~5W}rR{OISqx_)8cNBTJYC}aGH2#Fu|1pIiEW4>$`@(k;<3GW*p
zk-l^=mvmzVk@)eII1|@+5wCHT`1kntY>_;Ffb^v=@*}-uT1$7{64&zJydHST(9fO~
zy${Oj_y}32(`{8VM9
z+(R+_?o+%b>KL9!QfE5wp;N^>*u?n6C~F~I-OKBAY*g~?xW<7Qvow;$wrjef&wZL<
z?}vI$JRe{^Y_@!tp|Aa(VgCW;XOq5np`Kv*Hnln-qRWHQV8!hIM*iLUyy!;
z`3A>paXgbB;QbwBcB4*x5}xUHsB;+V6a$S%zdqFY)KadZm&@#;piAX-pTYC7miw5`
z{g~>#F&>+P-%E^dV(?gVn6H^^JbfQZoSbYt&p@3&j4c>Mz6s@}`_`$eQ#t3ZLC^lq
zbhY`ziFH5?=KH@7r`F#g-}*(;za6Lhy(&0&1fR{>9~v^>ak5pwvVZb^|LFgW{1mmP
z1e{li{!PP5GWy>RMGd;zCC|Nog>e}#0vgzc4wN6@Yz
zUN6|s_i6njQ9qo6hV3Bo(%JlO&&cHZsdj{Y2KwijtWy&r(24v*_0Fcy3AV3VH^TP8
zw)e|l1=-~0D7`yc{$&$A?tTC9&O<#PN7pk0)<;2mSFTTbtz}wr`_o(F?N6~SoTJn1
zbJX_%oOvm0bzxJq#JPHa=jxdc1n`9Tj2~k`m8R;N-SG$5Te16*fzxPjxg>~r%&|?%%?r4C
z0ATMl@}EPUrTi3gXgDBp}Y9(@IswF^088YHxa`|AFng=AD@!;G*E}^|G!H9
z>=nSTmZ-gBPPg+>m(L?y5oZd<2y{i}LSNd&8j2ra<^D8qfBJ_p?kCFgc$cOIJ>7Fj|%TCq<(9iSjT3n^GUAr(LYFr8$>%1A&&S{fKDsJ1LTu!
zwFR_*)v9$^Zy?`S2ie%%<;T0nRNG(6mEmTtR~J_gA^cp^cMn}bbw{VCO)gT{6oewors@IdjIne%&XHD%o2Z5(?k$``+{GN-hVC(
zx~@{Sz@Ad=3-GM>M10PMjS2Zt(U&hxtY%+y%*(h5eZqp-!W%)KFIBiBWvO*qEJa(mwi6xstq(@zl>vQXhS@<|e7%2KDW6?d6a!CHh#;A6Nfp{*L7@N?V&#y-{16
z;jse*Xvtw_Fx&_vqB$(=;Ku_2KQjR_XcRIRt)ZfxeNN?c{Y5aA6GHO_;&*z
z?DqFy9C)??qx1h{y#Hbkrz0b
zkZ0kE@@+r|z81aDJrdLjvZNLlT-dtJ#h@fqtWH=lMXJ^NEfRjY=8M(A@+r8vV}X--q~j8vlL_
z>Zi$g(?GlPfp&kU+n{GyUi)}csKPk^-=A17XFlV#$?{(TjJDCK;{)X?^LKlcRl6k*
z=?oStt0MKv=$=~mZ@#Z7bS>X4q`e=rXF^@dJd620L&iT2Q#^BcU(~>UTh$G)g1sbP
zz8c4WP2+p<$Z@$I=Cv^HN86$7V+Ga;-ZgkLy^7^uC=+Tt4*ehd71u(Urp%8V2AtHC
z=R4Eb*Q{8n395Xrlt%H4{#<6K9JMuM^WIAF#EzE>730~&V)<-gd!#h(E5_~|607`q
zimv&gf0`omkD%Sn9ji;!wU@|v@@RL2_6(0w%-2hUuDO@^TA(k^i`_n>dk*b)Q?Xf^dOJf)I;G;H`8zW~a;`siFgz^b*-?e03Xo70
z(?`1B*M`<|ZC6S^9>^%q7{C%yPTgBh(?b{h(CVi)exYjWjgGJlYUM8AQ*|hldYdag
z!OKk2^2yd{Ic<)SHR+&|%u)2AK>l3UFm3AXe$|s-DKFE@9dZVgpE%vyh8L`dJxgDze<%LhYb>{D754V}
zDMnYWQh$oz1aw)u*!t359MgGy^yYs{jO`b6t;R{b%h?9>A!2bS7nx%r{UI6UuwahO
zdfPD-aP)1;mc;l1;|M6Bs3G#-he&UFO)HDfef(6!atg_0_kraXuT`|SMlT^G4}wI%
zAU9#gSH$jOfzNW@u$R{<^+(ygI@01P8E*ZkHCtj737qOO0jt(qRp#}EWE?h=;gt}j
zc&XFOiSNNQKIi#uC~AvdMGLo4n7Vf^-xqRXLV|)rr$SO-bth{P=lWrJxK{=WexCN>
zonFXDnKc72-Z0^K^^G&Cg34SQ<(9>aMnzj+Hi_d57lWFIP|74-jX|eOI9B@^bB@R9
z)f}#Q=F;oe7_xlaD4ZP^zQ{EN=>#reB=e%VbD*E<=s0qZ`3^i4*5Gulka~*FS^|dnP!-0Tw07J
z==CyHps9&8^SJysI;AZ~#p9m3*P-V2Lp@e>LG|
z<`-zUKv#(SU&u4mp@JPA68}`iZxEv|
zpEEKbDNJ(=jMLC>z>LQ}W~O58+yigVUdE$b;!p3bj{InT*QE6;vE-I*$36=mVA(Y1
zQQrHdq-70^gL%?TByennCBwry^Ksqv>;`-HOubhIt!*5}x>bRZj*q()1KR~sDRctx
ziZ_Xav-h|j3l0FR+^b*ZiCjMgINtPo3Jz3npRH+hyMhC&9c4`_=9kQLnAApaa09KT
z{NisLrtAMEbZ1%7tcK+Q)=ljHHA*0zCFd+w&v!&LGD&hd6+S&zwgP(0|6{vH=h(ja
zBcPwYyfe^8y_x;|2D7sC$;+m9+>hIQE*%^~wK2!)*_yzz?$GqQzrsNoe%C6-A25X6w+J1fI@XhIe@5v_Dv`TjTC7e5>!_r{abu)hB*B}%Pj{x
zLNnPoelR&-^-YwV*O@p(lVq(vN*DU9W4AES@1E9oBj~rL-tdwS3&)1>VS1Z6u%@p>
zso2%bE)m36o(zOk7Q%Hr;&q0PKzI}N;Dp7)7EXz-F>|;!|MvRrxZ+k;e9D6rRQhYu
z-CCDdeGX~(xqF@e-gh9JjzYxBrd0m%{wj*7^VZLHr!X|@X*JnBJu2WpDwVLVn>Fft
zzjhEDYLMQ1#7NqNSo?&af`hf)5?f?$cz|{oqHuaEEbFUnKW?LA(I3QTmZOhF7FtG2
z{(0lU^ABjBO$VwxKr4waigqK{PXeYOR~0iRfg2Bz={t7RpX*<_;F&r}g1^@rX%E`3
z$i?P+aLiEq$ZW=rS#Y3BI9Kw~Sv@}xfw^dLI%L`mYRuy25atH*SA>t#$yJQb)K?c*Q_|m#7-x81{A=;=sH`
z+uiiTJo0E!i!3Ddb4uph%zryg7b6{zB23aT*jI{l_hPG0a(}P(tK~8KGQH2S)}x6?
zuMhh?f^M=EP(qT3hy3!B>`lB%PtA<~(@0BefC~3_z36H_lQ@}oqjk|Xs};ve03nPu
z&|>9jE29lqo_bm3ncr~>*m1JSEmbeqA!ZtL&!fWXZ?&Oy%X*SMhtHl+;wpX?aKs?K
z--)s=?n@2RGx+siQ0bQH3hy~!@Ztv8a)$p3CG87v@%a&SXa7^vVTrsp%|Drug#-s@
zq+ZtZIF3BJl~V&T!6jxtNy^ZCJ)rzWp4hd(Rp8oK5}$qg
zx%G*V+JZ{Fv89LU9y02jLoY25^mqKF*s_3gXV0k7EuXNm?;*p?$caeBFNo1YiI+k9
z(k;#a=bLV}_~?rZU`mtS})Xih!JYN+_{coof~C%sIJZwy{bYT3(x9J3pL9LTPE29!TE0z4TlO#hQU#D@e7V7S$;b<%wGzMW1bn#EqHl?!7huNgBm_eY|I()_hL=
zQwc%To!4XUX;VGV;9AYCh4{RgWq;bAp{y*x-~NS~KqEmgoAHTJJFfU#;u}7?7fvk2m5+FQ2;=#61gFOEE9iU2c
z%zv1`XP-LJI{(D@i{9^;6X9MY
zY*5>T@hnZ1bi>kTVJ*mvMar1F3h}P1fO<+LXDk|8smX+Qx)26Z(K!_Mn7EEPQ528mfHj2y=6tG
z*OniC4pREFLw5GnYn$bA`g;6PQwakUQ-^5;8J64sO=4xP4yh)e67S9&Z#UMt0u3m1
zfgoO;L+JN^=l3?+=KxD`jIBW7m8Chm^&Bmq%Q{DUPr4O#lixds@9M9Lp~b0l;(4xw
zZW|b3HHvlXgOD{^$IS!dV;yi-#hf#tkpmnn9
zgq#;8ASn?|;UI)8kK@odSffWPxN|n7=>au%)o3~+HH#ZCEq!Kw2G
z>2EmL{gCTTpOd5^aV`%84I)si!ca@Fyhf5J#fH!WBO_)!R4R~Fp#IbByhY&UB^irULnO%3NDIfy#
z5vA@j4kH{ycCFBfha~BIh4deYhgi}Cy*SnepWr?tB*w=cQwYxc;QXLpLbKP2StkdY
zEwCI<67~}JHzyWMKY7XIG8yWq`6MU@pGZE=#fD7bUP3$~U60LMK0rZ$zwOZ%M{PA4
zuQDrG0{>LJJQpPx{@CLV&|w8QY^27JiWo?*%SV}lUjX~qY1DcSPYOqxUiTNZTsUj&
z?!BF!{O&7nki+Yg0m*Z-TL2~dBw&d*VGrI;cX)E?cslEN8gZTj-gu5!
z%d<=5*jIFK>0Eg8iF$y`giffSZi&Wrtvw2|2dBFZGw_}Rj=&gS?+o_wIN;J6_;*oP
z6CE#7Ovjp&ohSl-+62!z@aERDS6?`;SrW&o5pt(V1uEu#vJ<%aRX~vY*4+
zMvsuTO%Ej0XLzoF8d9B`hZPQy=Xd*B>v#P_2C%H-AV&J`#vAL$t;F
zW9#gr!tSq^Kzv=*bO{&Eh;}yQ
z8a(mCQHxWV8!u?wbCDJIjQdXY%~->!VtD=OnVCL;lD>{cmA*&?RfV)^d-C#H#zL1Q
zSd&;r9vGTk-=x)TvMMjcyaA+R-WYJujTgAtf*OE;xPruxY@D4I`cg3TYlWLJ-#bW?
z4U9Q|ac4aeIN;yB$Mi6cJvfTYO!r@sDzo3dDP}#riqV{Pp~H!bLX_r#WtR5`Y|f&N
zW*bOX(P102n09fm)|sO~InvrtuQr|%hsT%}`fBfdVDKi~nulE(?#$5cGcYdj_`P(X
zp+f%ZnS4Mf2+4YmI9i%4fL?0*Z=?V-H&6N599h?{hkjxbC*wUGK{CcqG@y@fV%S@RY
z6rq)wtHg^NE4ED0+8pg+SMmJfk8nx<9p&b71a!V?@;>IbBjk}KQ@Tg4!+G77(#$6S|
z-yO0M4Yw3~2O~I@aQh(m8E>(-46%dEh&yo=pcLW#f{*zqrj^ZVH`MpA
z<60laW8ds{k)URyUr2AWgRJHI?euzn$&hb!p7|y+`_7pyPQy}(C2vm9ksM?mo|NiL
z1(+FzK84`0V!jp2ACjeEkIS}|+WPO7+zXV~Mod6l25h#N^Z=6+98|D
zm^iegxH3cV_Tpa>-e5>)@B0T6r()Wf!C_yg!vMKyhqtb%3*ajlk
zWuP8065@6l%P2-ba+lW;c=%}X?eb&U2!?>h&?tBX9UpGb5w!I9X3Lo1B$ZSUVl>Di
zW1Sc4QC+Aei(_wSPl
zz7E#6x!W9*mX1H|s<+sRucT=GJ$5mD^zE!j<+`~=*j*P^FUbaXq$piB>?y<66p3tWuNv#QQ`{U^lL9<
zGyljYcxdOYTGNi@F?Wu9((P4>&-y9zEIbBp-zxrf^&KBET@&LbNqE79;j3!BZR@IZ
zmYyrX9hL)Yt)v0Nw^Wn1kgA(RR6@~xfJ)q6mM+4fGxV5mTXz-w<`FbBGpM7lrXS0h
z6GQ%unZukU5yqw-$0~Ab(DZo9dWMRvH=c>C1!@GWWq3mqO5(0=Kj@E^HB{#W40MkF
zto&^A_k(L%okaAD2}Uj<*MSdyd5l2OEWICE0$B9n`OXF=AgD|UGIHUP|NB07KTNAI
zsKGBwQgfw
zxOZWdupv@GL+)pkUoMn#?Z`}f>Gn(LCcrJ>7Dz(NQfd9pNL=b+WUGqy7k!7AIo%5&oP7`8i(pOZo>Qrke_-0PPrSPs3vVm^pw__1NY^i!T-94wf$yt5i`f$PJ!
zFn-4YL8^>K$f`@GmXMJE`oZ|Zds_Yf!|6ahAOhccTjnUSb2>a3LixdM-#IrsM
zX;Ap-mDx)}+y8^w#>*A|x|Y|K_49Etdl$AspcZ;{Q&uM}q<}bhW7FudxVwLIGObna
z++&|?sE)y7%CJmeno}uG;a7lY$LmPcR9h8_y#tHL!bdyRr))OF6+crI#|g(CwuNs&
zB=@o2-v(hYj!NrFgH0#zfgQYi>hJTIb5%{qQ;#E7IlH{E(-2ghYp_XJgbkvY%~<
zA90@#eIYSDy@Gma6H27&V=(lJH
zLUy#_LGU8St1EV|gZCGpY>8zoH!^RD9(>h#23G7&p367>*_x)N+8NxLVoqvag~GJ?NKi;
zm-Y>Q^6kk9{fVdXsaD<6(_d8NQ^D0F_&Q0w`&GYIL7C*deFDP)V`8k}l>RrQElx2Y
zN=R=P9`LqZ%}dHs>!6Ec0Py|WqG`x+tC+k?OK4%CZI%
zlm(%6(a`_kH8-rDLzz|;;AeqdhCgv1u_1)>wijU^PkkKOV0
z3`Lw)9X#r!o2tE_Pm+GNmwYACZTUU9RiDlneaOl%qvPHem(OQ=*UYrTL*i{A8&}P-
z1mJ&Ai&eWIO-E8!)oE4dJbsj!dF!dPVugZ4g+1?V@7`iBxsnGKwutvqwpY#zz`5F(
zG|t#V2Y%@lMdjrXWRk%KrUI|+fzB7|Mg)$*0GY=qiPo-;
z!6)kUt;1N>e9JlO!#hS#9CX-Lz6c7P0#q7ww|>})Qj}YyM^8uNFcxfJ*d&x2@1(`4d1Z^
z{OGO9MDz>=sLJA@fZmJkRUkR@pmHI9NC9C=RU3Hfn;|~4(;VCUU0+Af&)M(ULh|97
z;3VcgAQAl5Br4vyWmH}LG0dYgbi%t;f{vuV*H1^g$rVI-RsF@d
z_c^ka1@5}R^uo+>C+Qv6dmi1TyjvBEGOCs3LCFwdGD&)UCjfvz-cg*uex_mdkr&U1
z4!X0-fEv(rb4T;dpK0+mDN+l9WC1Pn2KJ2(AO5tN5(w>e9DJdJ$vo
znm)8z?_fR&L2wwHsG1dQthkHC`sr~u;b;eVpM`8?u9d71=ou-vFE|t@0eM1RDB`e9
zJMalg%Cq6Vutg%XZAUAmV^pun)OlB*Q)j6-H96$z3%TZL3$(y4&8gmmoNl~yY*ED<
zmOtShX_6CfapAHJ(rUfRgRdLT|+hl3il9l-EWz2&ib%9Ny3EKi(t025KA9usE~GI&Yr?(OXsivyC$S6{idcEg$VpJCu#(HfPV$yhyP99ubgs
zKsuhQXL)C#wP(Nrcawv^P%t3;UMuNEBh>Wlxm2YFakJ@l=cJ44QrNQ=VG727cUad7uJnDSn%PNUn(Ukz()jGP=B?u0e8zMTpOFBu8(+TeRD#8r!mhr+)9Bg)Yf&?mPcsb}v`2
zvQM9!IFv+n+8Op7cON81y0C9qo&Gth=3aAaMgE3n@v5p$lU=u7_Hz%)`j%M3&v#$6Kb%?7_^XKWABjtxFkvP%1|GhN
z;~_Y?&m76O<&Kk+9h)1~jWu+%io7HCb{?*041j$fHp-P)-@I_{E&!@$JYH&
z8tK9F#nWefK5x27;^2Qd(zbl=M1xHzKP`!Qq{h9(d3PXCfqidYG*)poL<-24`}96v
zt_7=q<1A&S1BDP?$2952tf}vaz=dUuKck)~Jw|jRgd9_XcvkNEzn=(Q+Md6H^((d+
zL9WvB_z+l=c2ixdejjO6^*acSuLM}%f)2m^#;YBbX{vXNV&Ff+D99U{akhJAj6?p=hTuO
zH8+h&Z*(2jh~p_7uLzVGHb+pMz8~TJOzy3zhv`Qt>bLZ_FOl0gJihp~XjYjc@7fEpB
zKSCZMxtGLoQ$3*O1DhuEH6fglcE(p&Jwt>1c$3vk3;;VSNS@8^L
ziOxlQW+J=s`bF)K&%5}tz3@cGHA3Z#bc=+nw=A3)(H4bOl^~)!cq*v5Tw5KAa1wm)
z9*r4oWLNTd;dJrvK%;FrfJsF%Os==46MMpa<3z~wkLIyK+}Bmyla=hY%V&`md2FzdrL3fRvU~6`I+4ZpocPXjy^T
z29?D#2f2vQG7WtD^vC(>w?DKcAGCO|wG=vAzQC(E)YUQ$TSBMOv!do|h4Kpn*falKV
zPSF0E!^X6#Q;n7&JETI_G>1pEy)5jSjAAw;JE_;(y#u7cBEN|Qd?2~m{1;sjZXslo
z|F_I9oo+d0zLsX1iX>3Q|Gr-T1aq_!AOlIwN3wLKoOkEuK!n@=TvT1+BInZTaFYFT
za(Um6Pj9xzEnsFd2WPq|z_b^t@seSYf#T1OUj@&=zne)0h32op1z-@(_QSB36fgMP5~c-RY1h|UE>=00%ShhtDXCz*48jPcaiQ`x-uxn5W6mT+@N
z=}2F_I=C6zWQ9n4?GrtXFDA3Oj_6W-_qxb%5Hk9BYRTP;q>E6uOJNS&`k@rK7(fuQ
z?_+T)J~DMkI8eRcI@ahlcP;v;ry@48V`6baWsdLmTIS1Y66VG-pbjZH_nsIR^lA7!
zleL4tp_0JJ+a*uNEg1APsBtpbYFh9;%T4?T54Z)W;0$d|^x7-ygxo}g$Jv}WL`=Au
z7+vxG+wrjFrPAZ?7XCGsb*l@F9t
z6tK)W@w&YY;hz;?}h3El-9+YB1Us-V}69%Hs3n_O&0TAU+j_?@Bke8ojn7jh`BRHUc$d6-C~XH5E8Gx#y$n`O2=ipKM|{3{r^FqVez
zSVq`1b2P-UQ1M<2v~J-MBG-Bs!n~JoEFXOmd!X;Zx*pI=5VTY0rEqR1eF|7UV0qf&
zqoIy^f1!M0@cVO>`7{5isxu$8kI62_iS39p&I-0&r^=B?8=dcmHp@7Wjfinpi-~Tp
z&rbP|D|me9T8K8ymgd!%gp9YAEML%
zv*}NY(_cFdf@S1+#l#~@GUJ|EUS+!p9eU_(N#lEBPiEE+^C|@@2P?2Xq*yKk&ms$A%v1P|1NScegsJy!FY^~7KI&tNRK?dz#8
zab!L{S5T9Ylf>=QVv
z+z2qBQ{LZtc__?5d64AV=^Z1Ol|dOU#^u-vXT6e{)sQ4^k{)6@mu_I`@$YY^!kjlh
zOepCC<0=rFOM$2ux1bjZAkTKbFU4QyBc7=@ix!^W+nrq%VbJRqc45hZ@iPmgz@9t?
z_;4*DdJl~^Ey`M9vK#-j<>}sWtZ?kv;<3r0fk}(Tw{0n^_=^7MDdt2NWPmMiYY*f{=+_yr_@Hej^FV8be{xj|zUk-Nuj|Ils^L}7CR(b`gTkROQh2=a
zpH826(>QzNYPIEKmp0I$p@yp`H!+gVuRhV6mt@Hbf12SSvUbmWfbK(>-HhG&RTg*>
zilkrld$js+Zyq?P+4)Zj|F@?3C9d^-BNg4jzgJig@Y`ZLH9|pnpyw@4J3cAK=VCf|
z8sa9sb@I4hw1>yz@J}e{?pzc$Yb+A$LxV_yaF6^B^%qiIsAoh;7Y$|%dV|4(vaQ)e
zB_>Yt>36f>uQMt_IaP^&#MX@e8~TG)o(Q7#;kmAC`HLU%8Ex}MJQVpY#7tK_N_y-!
zGDNcDOK@P`+FY!IkyVrd<%->p(#h6FpS|085$%NA9?}m!l-_i6SOG7_plDA@_F|h#
z6R}?R5n4y!cxmO_wXIbZsWdikQ{jJ2;$KOF5$!rjgMfCSub3X5LXjKDES7qO58+^d
z7(!TIlJDZ>F~{p0L#YVMjcxA$7~Pzw#Z3;)@#d2GgD)VNhHKDU8$40{&c>cM@OB0ouHkw?xM
zk>?2ynO18^#GwEXL-f%(mbmBxokVkcE^xY^g|QqhI(Wj|+4FvtKaKP)%d-N^Gpg)Q
z9xWQm`(y106{O|g>(Z!LasP|2X%#zfx|A1=z$>kvsyn?fcGAsTU5%2!njy1P<3_!W
z%#)k?AGO*(L$SGbNbNvv;_dRWhIqX339*l_hEY9U&rNcN?lAs1IWzC0N>{<&&fxpD
zTR|3!+0q}5m>eW3+f5<#_&!Qfod;D?P3iP9(r$dqNKsThJL2s}fr8;OiO8Epqy7S!
zGAZ%|((v28T&XOu-!u}nej3oajy-Kvm2W&45t(EC^mX6y}6DbLS6rFIh&FY~c%CJi+k
zR~{@tibKBuz?Qi5-8af(d+kQkq}0EDs;4gn4lV4eNtBo6p-1p26;QlD{j1iY+!LaL
zVTN)@_2S8yq;pC1g=j@j*1x2PK%7XMp_T3}9Jn^RoyPK@6u{U(-P5v?Gu8k?wxeqwxr1uZ@eofDJ}Em9mwB&
zpRwFT>&>cyeankTot9)Z>9tyR*_!7sY7Y{VKR3VbkV}vCAtD7-0i6?zf?ssnjLJ07
z-@)q*Bb=5_tp&lpj?{n_$=O9)LC7ho9y)bQ%~L$2jr`9x(l
z_(T7)?v);;w&RgU$BA*vYARiK{;;10|FDdlR64CJcNqNLV7e=s92~;ed+uvcIJrh|
zDIY=4_+b>Ru@GLeCkaD3-#CitZaOM{Ba+%BPO@V+ZmI>!7w(kgyj!iy)80
zhTIJE^b`eSNmY=H9I&H`wi`Wn<|rcxI;)T_b!ufiYy2x%`bHNu5&oXmJ@}UH#NLB$Ue94!@*@Pr
zXQICWVn-^nbO_*S#;uhlKSKtqE<|ozc)V5_5xhpGz3`$@saj08$wNKKWyZ3OQTZHJ
zY5_k~pjr=VGR;Bs#!n!T&C)tr^`Wv0mLE&ac{7P(MU3=L!>*G|jumYF`#7}|#iYE1
zq=|D$So|R68c5+ujaSf5aQXz>P!C%NdQ!a`lA9L>p1Fha*gYG?UiI_+HDhw{#PDgi
z3*XZ1ACyW(#l_c@+lDMY;@;8Q(oG3qrES$$l$IUUR#Uiufmm+Q(_>g+jM>7|(8JK{
z%}4*Sx|(TEqL(VTnsD?_y~I!Hc#}bO50hEOHDD+O&>#A{9VPokUK@H^hbP|@Ya;OZ
z?-{%l??Y}Q^v}GOl1TS+h3icYmOT=q=YLApjb)UZ2FD)xX2(0B9sE-nIevn}f)>?C
zLVjMMf?+nfA@y1;*w4*}KG3lPv3!5t(nzdrpxYk<;DU}2>|iMI+rjEzB8R1!0Iehf
zx{S1{($XMs|0X$Hy$Fh{r8LwY%^@Lu&dGgt1jhlMdO%fKZ8{70*~w9?UE4}b*_
z?y705NrTT6ZKi5!Q2s|-}3L)(_le>-_K|R`vP8Lw7-@}Pm7+y?C8H-h-+ECb>oM`?t-!REpSzI!-N=q
z#{1oL#J@wJ2FWkSxyU2|GMd+$tom!csR68zh0mNk)iy;06vk|hyECTx{r+=tvCMoe
z&pY@t>}lx|_l@2+aU1S`AOGEZ!l!PS#;k4f6#gC1bnB|xMc%#*?@vW5d1q6&wa72~
zkfB6}!kF{%I8rLEg&_MX8q@L}a4Wl9?jlcLGZ
zUfLFb6-_*o(vR!D`wuHD2HH=j7Sq!=o~V{BC}U`zk+a47fKMP-$h^)_gnV_E2P>9O
z+i%-}hWVb{O0xA*gJfW=RW;F{w7*^Am-wWcEQhkwOOn0?H{TyfkwIC7MOCFA<-(Jr
zF8gX<=+EzyYAs7{C7=;o7Y1|B=MBW_T>`&bv2C2QXGn<;!@gP>KGd^J<-X@j
zYE{1DYUkz38sV(%^yU^cUHNWZ2LI{tBe8=N=D~A4KSkH6s`PTND#o^HVV9=DuIZsl
z=SR)l^-D61W=jej{Eeg?Ba-`OWu)E{+AmjCKoqL7oT
zp!~`
zDfCm&VAxkcDVB1N{Pkzs;Pc4O)IQhAbn9c?4!gc2?BQTlQYB2O2x;1#HVis!3kaqt
zE#AL!cO~gcbVHs^&Ti1(0pYoZ)7-99#
zlu381k=^iB^P7}>R{Wn2o26cVg^wtGTa39{zQvi~g+uWZ%GV9|Zj#eK53a5xSH8Y6
z+m7hZ>4h=uk?DF%5sNqGp#~ElI#ad$Lcz+&U_F0mpETl_Cjo2hYk5GvD8)0D3Vq~u
zqaRo*?*Z=I8ni1;t5FV20;+C#wPrtx5FLoaOxc94uXBc3x5w9^K!q`|>*n-_V_#j
z=*LDSehR}njJ-(jaF)iY5t8!GH|HES=5ljC=qX*ikf}15cRKh|Vc@FjY4PZoe4^2yt+2Rx{{onjaQyyw
zueU`Y30mSNew8}?wTL1hmsdLyb#q*awm+aUT_Nrar)3Yp9#R4XHZ6vx+2Q#M@3t};S(hpFcpzt`*0Ax
z$fI2#wPO#umg|$>Di%&p&nWY^vVU4~h`}#ka3PQQr!t
zK5f&%GyErKb3Yh>mFDS72Oh8gt*#toR%&*3Mj+03pHi!xnuA`pEenR>vIDHrInwcC
zh{_Xbf2AXo3ci#1`Omp~62UB+BMny@VK2@Fe-Jkp{=s@@1FqtTjx30Zbd*={$VEyj
z`G#WEbHW1SS5$<
z^mzv645=ts$T;zx!Ind(ytbU<5;FRs-km{xl~4zjkI}H)2C0k^QeP(R!UmJQ!l0m`
zE3?Tx1$jv(*hc0q*9e#PcnM#gmx!6-iOJn6aP)due1VR1fZ-mDeCl@bL+3B5DP?=&
z<7dimJzYLzhoE`n)MN(0&xNK4-SZ|7v?UyRUUI1hLKQ-95NN|ni
z31zaRRz+qij0Qoe?_X!(OgoQAS`@}jskRuOQQSTfI4P1o@$#@$^`GlWA^5OuMRCL`
zatJ5wGu`g6vRPJ1Lcg-wW1GEjpQv|w$S&=gZh{w8S}QWSc${a2@RB}l_=IcKZ}?#a
zvOf!oU2XNy=Ln#WhXlHC(HeA`=wRV^h)a~JfwKlBw&zd)U!|UyEgTZMR5s^ro<_bT
zCmbwPCB-;|wi|kK~V!~Ck@Mo*u4kCTl$y#R+zrfETS?mxt{VNRD#d0${)^tOiT2@CVm0|Imx
z>BJh;k&b*6YI7r%cQPc{N^I|txnw=yn5atC(l$Uf?;+Uv8kZ~{_6!iPA*(?7Wy!n>
z-!{l3HELK@C*=9f$La@C+HiG=AJsHOkp~8*jZ2Z|wEKRwGt2Y;B=?HID}%GY
zMi&iEV$Or0)9359r7>78)yXFps=E%-!yX9SS5>xLwPC?pMjqeTU8({Kw1bO{@ocs=
z2Xwu0>C!lLb|+kw1jlfb^TNeRx&^=$|4$tU3E6%vyc8}SbA(Onv0^E8CBZC4*=!${dev(}FnZg{A5IPp}w+K~4OXR1%yaU;+SZ!)ux&m6b
znW%0k|FZSqQ^v6r<9!7`P=z6)@{4Ioy~~1)0b-hPV~pZ;e!o+vdr@KW8Fod5gW+9fzm^zcVyEMj
z-lsmYG;+(Iv_V*4Vt-nkSUU5bDcMzj7k-IMx$OjtnBV_)ru0jsQx=`~Uc8Lty?wR4
zV2A%~&{!ksR?;nxlLQA^**}cbvTSomb(hJaQUjGEEnSqeTMTX-FB{huDxTz_kq?&w
z9*wp6f;mUDNh&-6jkJotRX>(89jkYKFh>8g^{
zx?-kNv=~vmP!t1=OO$+xK6}zzCuxAI)VBhuA%f#e!T+I|S4d(bRMGfS#Rf^MwYwR_
zO@Yytp`e&%-A`t}C+9*~4q0VX@Zl#IsZ=NAW<%8Nkd7=puJ(663S{oF9Nvpoo;&l6
zn*!ah6^8;V&x;*xQgVuLNSV{~>0kp*p#N`aB`X50N`Ax$+pPC$Id@~*OPeXwfJd>M
z{fP03Ma*Qj4*78!#XScIG)TrbghOa`c%PQW@HM>}3Hg(VHTw0FW6UW1xMdKN6v#BX
zlZ}Z`k4gn`dTbj`Q3E7uRc?A`-`f(#>*W-W?hLO2!_{>pPu3-u%hiKoR_AA^KM-Lm
zWMx2qnuXgYk6y$GU?qL&>wfkvioQng{<0WF5#RMvq@w+PI)yDqskMCxV`MmT!h5Ev
zG$mS<`(943j*!mjCWhxa-JCiHRHf4dlv>@feKC|BRJwP~73stb*se6JE-OvPc2Rze
zhyjy}KbvuTgqOcL$X551*zGv0>>K7bnsrb~Ef}Tu@Uplel9Z1=LN*L8
zx%V(;0YX#oYVJv%IlvT4L*;ExvA+kkhD=xGECOOlgQpz_ooYFovwt+IjkPWhK$UT)
z5}K+93VL*y*Bah4mDza>T%5s>4GnGJ>Ld3
zY7bteSu4?isxx5(ix3-m@ETJ30|oq5mH9^XeV>Xl#+{rPH!*~tTD|Jut;VORp@N##
z%fC1gThE1z6J=Mag(n*Ie>9&>kpJ#f{tr$-vA;FCpl3(?Q)BGnAaKAx!QM2DQxodv
z;+J3U9!mdlSJ}m;eGRo!W1;u776S*)tT~ady2gscXF4~&%@WK5KGFuA3l_dy$^HJ$
z)?H=)apnS|Wg|b{rVi~ebxb&~E)d>mYpdpO%(JEYL0$eiDaYCJnDBxft+?aTXR-m=|2(KL>V%DlGfaYuS(9ILg5<^{N&0-OKS*d)3v%i!7+^$%$9ms}{UK
zya<(hQ;1VOoAaahx{3PtQj#4;j;-R{dypNXawmW1b%=!szYZ74_anmxkLlRt4&_SW
z-pFtooLkS#El|Sxj%@$uT>X5hrGMlGJSg()xkNMaSl?iM-^=kw7O*d(hL?lN5M$NG
z@tM5HSC(>czD+OV@rd}_{P1d_f7e2{rsLEX5dVD`v0J8y^UU(^wUgWDnK=MWI)O9j
zBJlY+v;i?^i>>))a$=1j-%Kgdv~7mN13hAAiRSHI7GCDmde93i&GDpWoB!oKk&jaA
zGxs-alOZ(eL4nEE^^^G^%}zhix_)B*AK=kK;(PY=MiUPRj(OMfIXXss5uMp?qAiuF
zE+cbiGnt(q>wnfwY=0%Suew$&HT$^HwEtN*yFRk^|0L~0&tbN`R@&}d$9tdK&S!oH
zaL&!=GTtzod0G1}ozVXu8@$K$I)aA;{|LUY^~ce~$ArJw_px1N=h0YjrvSZ%L*iFn
z@kE=;hP&0doUe$+dQ)SIj}YYQY40O3$M;ygzSInuqlsM^4Jsk~1}X
zPQ3mfn?Apn8J}?;@u6oCA8N-Lqx$Q`9-ev3@7d&j#nE4Xk>m%~_QUTqR6I}eubiDn
zuh~`B{k6Wv60zsl{l#cviRc#gT$63HbWqB7UZZW6jGkCMe2-?bf%>?-*Ok-W8&cjO
z?J4!{@FrVsyrOFORQK(9d{un!cEl+P#*pvQv%>H1pI3(%v;i|_8quyX`qTV~F$h0HrwYgV<}rW2FHGa?5q`4uYHeGf&;PK*
z!1ku_4%($pl7qZ4odXp%_ir~KzC!m4eT}f+>9JMEdu%nS9@`g&dg*&FeK+lGdu&IC
zdu>~WHrtNwfPH4g@l^v7Z`=RVfcJ1bc;qibTy(r|;*zoTPUI|0x)`tDqJCG!UB{y$SJ!cD
zfpxS-a|!O>lCdC1Z{&yC{(CLa`-V-CZcKyD*u@@hq0|{@XRaW*_Td^UM6uUyd40)Q*RL!=4{GY;`+j{&(qjE6H|f
z%gn2&=TgS|gL97axXO}xJasvBbxv)wF2)PkX#H6`^)r2am((Y@b>PMEwi9#I$e5wV
zUCNqI4ov6zK!KrS1f)c+J9yQuvZPT=
z0!fvpL;T!#32*v3J?pX^9<~$hhAx+5R9bYz$zMbh9?{>$u7dn_fd{;RsUyx48=S}Z
zSy9TxaZ5%TT++|CrJq}_(!O}GMJr`{zUmocu@%^w;&Vl&Gvi}G2d#{@a#Q#0uxXv1
zwNCf1`Wgd7Cqk+@9#TyyuRQZ|e2r@2i<*fqswKY2&Aed~@7COPwoQ
zV2`0~@X>zR4E)-oVzXm!$?$87Ea$f`XT82I^LnEhV<{q;Rj-#B|KM^NM~a{8_0n*|
z9N!x5Uew=+oJ&h2zm(QnRDId)vMrQ`jhsc+siFu~|XA|^uMJdxC#YcO>
zM|&bJdm_$zsv3JrY)_kF+E%zJ3B4EcI63rvp^o1gcIo_5>-@a`RM(nvL-p0?@pHmO
zr{0&He3n+F@;K*cGvV|{0vidZ>HCo3{1kn!N*RuA{GQe~x5oj`JepsZx}9XVGLqf&
z`@O1;-oKjl$n>4wzt7)8&wAD2VV}_)>;6?8>x+FxQxdkpep-ioS%+`mDEwce)<^E7
zIqU=-Gwz7lyb*uiu}wi^v@Hmq!-!Fx^ek>*pP+t@kE`u+akri?JeK2|(Zn2)0eTv>
z9WZ2LlkfVd$bI+Iv(n=kUo@-zf?3~sPZey`_f+q*F1u(jNjQXD+RZ|H${S&K+r)ma
zu>CMtzg?9y@iNAEsnU3vrs3-}4d*xt!_mYhu{D1qw5u!^my)vgcZM>!6e0M!i5IgS
zBN&ZRdqj5tr_BA{5x%SQ9na_y-W7hVGX#5L+_`CgDy2R$G@YFr>?>x9&(8dRXma`6
zaXce`KV#azHDt@*rN{s0@^^1Tw*0Nv`R^xxV;+z--xOL^(J-_8o#p?tc5?d@Q@0Jf
z`XRxK*Vk&EJqW*k#5It7jEHOe1-Yl)CUvf$I>^^*6Bz_|{|@5<5A=~HeO)7Pzkh8e
zW{*S8<2_=R-MW@-QU@1o^#_RVc(89^4;Gg@JD>DdO8xn$KReOa3X&la3z_l9`C6Uo
zjwZ_GE~Y^0m+%}cxt?v!Lqgl+ysT#bRcroZjL+1kcA5SU^*Vm|Ut@QYrT?g(I{y-U
z*NRA{gPzweu}0jM@#JyLilW%ujQ?D}>)X-9)k0U!tJk(M^GKGpQ(bPyaC1KGqr}VU
z-$sAvpQDMD^3K5^$E-;1OFwr@4nBi*oESqF=Odaqj}Y(w;LP)bO)>g{tZkDy=`%>r
z=X@DkOHj`TV_`e}P1+V5vA1&P2bfsr_ZP9XEs*)mcKmzmvgrrn5d6sN3iYjbvA?-#
zi_h|z%{yRM3wX?<(qAvVZ#Q(zSQo?4#j#^{JFPIBTo=Uhf89j-Rbbj%tHwb(7Y18<
zq6w#*4Hb2;?^gRFB=1rSoZAHU9B+zmOhH}7o@1ssTs;5UsqO!fbH__~Ml{{!lbkz<
z*I7tw+N&OZA*P;v0eN>i=zAx9*ZFt;*syuWs<@Z<1ki@0q3w%W#qQ*J8E1t0-Mr)c
z!IiA*dX05OKale%NY5^(J#AxK^wq4(NBqMu$u4%Asbeoo>fAm7#3<%i^7Kh%&&DIh
zEj1CN-1U-b55e}Ljy~IsKuDkKwcm?VaV7LhXLohL)Ld^K-*>eB!>{{{ua7M
z_L(`{a5m9+C&}d7z8X!GeNOoQ0NW07Zjyy0L!F{?aHYrw9Rbjj$FX9AhSQ9
zGhKn4O2~U6Hbf^yW_JWK>z<|m^Jm^ao7N8V?7qw$f)0oT4UTOFc+&S|h;w+~baq>pM~U&F$kZpnH?pfBH2n%=>`J+V}Y<
zr!TO53K>%#IJB@6K3z
zN10xy%ky6|HT}~%?)Cx59UaFr=i+BX4|&5H)3#09DpWq;YAm$7>*@D)hcg%e&-d>l
zJ9w#XE1h2jMEibA^6P@FfxrThQ|8HCP01R-bLyC3lj8sC+1WqSetrSI=f#Bk^9jd4
zvamg%=hrvjGnU7cOYbB4o`h}T_s4bqErn)^o?4-HUH-H0+f@(DgiL
zAOIVxzQQAQMLG6-fjJ*d$J}6>N!V2tHgo<^uWBLM{rYx|cSjq}&GY|~@1BHz+9JLV
z2Ulrd0<-)HDc`dS_BdDZo>e1y&(iPY|JeR_)y(icOX3Xyw)3FB)_3y+*BT34Ym%^8
zy@lXv!VUBf`v$xa;D^uZ#kU~Glay6+nL+fmK=n~yRVfGizd;6gmt~JVwrn`n3OsgS
z33#;Rz@ueac!Vdr|G9Gd_;lbA^n3#}-zv*|X)hpeqr@QquLnQ;BB6J#D{;;jCcSFI
zkm-;A4A13IdM@*2E@M|sBkeScij
z*Eg>!@T9#eh&%!~e=a%cZUq1SO|dOH_+fnyQ*7T5s4^M@CC*0z$Hv=Ed)4>oynid8
z)I~{+L+>^;GCbc+!}AA%yYUZepKr5#NXoZ-7Be$
zqjxGigP!0cXEdI9)x+CYs%L4AKdJMw4F%>1o4a=y$6hwFaqKdgV~=n4IEFd;XDL7V
zd{gHau&%!uv#mt)%`xbr<{5!tfvSuZce;Y$?M4X)&!Xq^k@GGG27Mol1lF*fc%{Uc
zI5VtcOsr1Ds88g`$uqQ{bO+&Om+<4gm+vZ@&-pk;_D?qdZ(HR{YQyvc-f7Ia@Lh=M3;R9V4<8_;
z>(3%Nw3Ehmn8xN#kB7!Ve15x(;pq=*T?71S^Jv_qIqgq3p6}0cJRO$td}-zG`a;#U
z-&|{3&RW+AjO`zs0vC~|bOxGZ=CVkie=DcUzjMq&V_RZfpcO9NU;jB_|3xHQ<T%bmsV@R=%K!&ZW0#jCPIdAOCR|;cs7lRUn`3!z$zOSHiP*ezl(Y1wyMZ}!}&Vv
zQ~Y$cz^<@`_zJ}EjHuNw_-KtfIIhv^q>sv4nf|Yc6)M+Jo9JJ>YDK)0>Y#k1d>YPW
z{t)}%9ASE3Q!AE2FA>@jO?*^zsAFE-H&(?9oqOu?#20VlPS}pGPHm>K+UczCQO~A&
zsoz*SZ%4B}cUbqCId`^ETO|bRgO>N{yxh^7KCdQ!uhWY-|6TjRdv!9-A8i=vjwXI0
z{w861Zr<0=lXz`@1HMPqus5gk1@}9Lcd#5ld(vm_e=qw=42&V3+AQ*Hote+LI%eXc
z*s!Ggu}e-cYy7ZG?CHt>?9f@M6+!fYcg+}JS^A%gX2!ol(d&VCHXM)CvpqTNMAUM=
z-*Zsgx6`<|%w7}hUQ`BK;!$l2`cA{|L?*>}BeZr?-46pt(FXh=(e_%{p?~Lh10{~f
z>h*f)yDX}cED<}E67Zg?l6{-Myx7xJsu~AfYC}KtHrI)rsq-RzUf><@Lx4TvWQ>g0
zmg{+Vq|HM+@-6U1ec0IOKK%QkZ|6JJw7&hK^nKV-iFvbaxixRu;f8Wcd-G|3+oTPx
zv(LQ$ro7)_dH*VctJCVwNPMfIt_toNU&H!*v@>0NiC3jf=kl3zspa0OrS(5G)5muJ
zKYeC=liN^{1Fh=5zOs|9r1Ss%mvhdz@ZvHD+3Q_mbr9`E-`j(G+@m)AsZZ5O}8ZPgZkNwp#7S$tav@oDYqNospd
zx!vB)G6#J2(Qet-HW6LekR1OrYy`@=U+@~`vd5PaoW^B-fNS@nK#1TmQXqSIA@Aii
zuF-LKxyEyiA1Y7Z(dSFtLg+cG#UIaJjr-$6J06-~U#|B%#&sXZE7o(?KH!zG7x>F=
zneS`jzp%3^GhcH|3xqxZ$3|f*e^SS?o@!kAGOjzT^tkMq{CVl|7>-)DbwIn_i`=1R
zqA%RvD#Um|ImvX!CThDb_z#>Lua5gO_XMr$(pS#tJ%PI8XNb-cylf1w#^md&>x8n?
z8VG$UR~xpQ>pTqmH<|ZSGVk4$u!XIRd9hz;J|hHwt3TEr@t^9Ydgat#e}1$746RdN
zetX(R5q=$pqY3nMEGg~ZEA2<IXZZklpA(aq#+Lk6u006BsK|uHT-cXtel?%(
zk-z2s>I8X0@MTV$=V5`(Q%d8Dl6w>@3~~SJP}eNI&kD!W*>HSl8aUo+fuqm#f2pwI
zi>`Me$J5@>-|ed~*}NAvQGjVX?Un
z|E%|%6}Q}sca_Ntv+Q>p*?u7x&gWV2?`yS)3H3MOU$g9q$Cl}RK4%*I<9+^uC$v;(
z9p1k}-VZJVzm~yI_Ma5EzAbtK*Ro8^`^!n5DB+x@vbMp@+NRe>;*w*&rrg=Xe&X)6
zX!mt#_qCiZSQ3&4p&3r=_iC+v(9I__+una6$15EBf8bHmZEm2mzAOlP(3#=@PX!e1RI>Q9}PKXdDjZeZEwMUvR0;=QU1vlez6F)|Gh~CrcQHt^-sr)~c?K
znfB#~>o7M>uP<=fE$}Izy1Q4Jac3vXui}Wg7S9QF(Ld@cW%zUX)7J9I?!O!R3zYxB
zX4;>ns&Wu944#v?q7_vCtTet>a-7B@&NtE6f63ytO0d
z@af%+R1eR-CeQYiP0U-x`j4`i`De)ZXVG4CsV@#VRZZ-X#h%dZ%73tL73WtUL%wy$
z)wfQ_-+bqQJuAL^4f4s>UaumD3h4V>&OzKBsQMuC_%(Bk;&qn#bpE=D$3*;+u~M}>
z)_0DZ`@^haa@)TdouN@C}dFV-?^oMK#j@@^~rxVYfiH!g-rK
zi)$rzePhz4eoFH`H0+~)l0O4}&R=$wu50nRM%_|1ufOkvs)Zh+@3gAreDmv7E%Mvu
z#omlz7qYb|{bWCmhJ}CN~9B
z-%HPD%4_bQF8;fF>ivPe>{3q-l&ei{W#&WqH0(p*M?q!A8dtHsz5bp|zHYXUD-=G%
z9P5oT)*83=X{a=;^(%tq65j{kA-mc+o?uga8t2tbGKfkJnuA
zN4UV{pgvwxH^=9x$i6)sli@t)$rx5!@HLbTpXdqAm{0fW~+qu+&H;@Qrh)H$86)@`Qxu+{Xb)p4&1
z46qH+u=4*4*7T2%pNuKxr$Lety=))j9@6huruwqzNhSwR0mpG%GHBbXYR{zOVJ%JX
z$IEQ~U;5Ouu(jdXk2V#o$y?WzWruE4i!A1SlszBV-N5Hq%W2u`<>PzGLk%w)82ggJe40c16!R~i
zX8y?ebduUwl0$ENZ1>Yn`=BnaTOJzgZ?YrZ^my!u<>E`(x&ZPn94516n&F^m7C3y+2;p2+=nXnEEtWTY{
ztE^r0oz`~cJ7SE*5vx!88hO(Fp{?x%6ZCtvylJ%{K@0|cE3K`SWT;3Ts!3~m<#7qG$#^nMB08v+3ljzY6xVM#MElb3^K^Z#x@AFmW45>=XdV?R^P53mXqlp
zJG=Yc=XW3Ho^$Rwzcck^>OQimeMIGBC6@6kv5cQk<2QK4fub9e@mK#2_PO+_=k@x(
zG;dz#$IOF&m)ezeA&#ey>O%iEBW@3mx!`Bt?ePo$KC_Kal-7!p_y+L>uo122+u-Ht{Mi?^A2{(8+)8m|*+SVMHr+k^hsr^*k^S4f>3
zeis|>(4K;Ae0T0T>iZ5Y>UzX5^(lOwpdX$f>y@Lf8vcfi@;$bPN4rt@YmS*^UCF-J
z@SH|HJNcPI$%d)&IhFTZ#j>qzXPs)NmfzQ@u>EH8Q$Ic3v-;`betLVNxz1`?-of#c
zfK{AhDL<}c`ZLPLZ$o}6PR^b=ZTr*gKl0~~e*^j0%|5k~UNN3pl3tY4oZPp+JY|2D
zGrpAaha8)sMaWwY+7`Fs@1@HVHR`VC(Umj4zt{^+%1-fPrLW(%QpUnFX@FIZnB6AM
z%(DIRyldEhDRMIJ{}r?4%Szh+c?#D$L~|(lL4WdWpTPt1$IvHyhZK&4UyKj1{_jD>
z|E+*eRcY*WioNKJ{MfQ$aq;Q1l#jO|Hurm+XXf>>TMA5dlFy_r@=WdUuGZeiO#4r2
zOL(iaXl8)pcR;?tZ|sL?ekhR1-@$-Oe5n8Ouog_mYmDYMQXWdn(}RAbIc0gq7qioE
zM;Yyn5B1+})Pp$Rgj+t##tBp#Y%YD3}?6Q4=)N+tZo
zakh49uuY49JN=w)6T7bBXMQc%$akxwe+Ij?Wm0C4aoI8}nD(dZYC}qX!TqZtZf6;!
z>#5e>n-s?4gUjLjbQ|AI-zG+n;T{`t6co6s)kZ%o8A)r@hXUc`&vliw6Ee%*HF2
zPfjYa^qqdwxZfYsY0Q>6qk-#OWppN%_q)>Slh1wqcA^8(%-a>d>ejfMF?2C!4OGty
z`vlu}EIb}|>Qf5e;#$q;Uz>XGM)lq!-Wh!_^}7P)fI9?zRg22IPUU^kn|eOkId*v)
z$1W$HJ0*6xIR>ERcz^49bj$U~v>#`V#AhmxYf6sLSf3<+m++YYjF{3GeA;asr=Tvr
znDwQ*Ym*=togEvgZ9$URRgedp!p(x%+2eytRi49qyCkxwe#=N5Pj2LxS!^3FU?m2
z(;CTBZIzfPuziL8U+G>RULxb|U=7fByg*dMBxV|7iVYouZSftJ`NO$~wj9*&*X%{?
zyAz=AtqvJCliq19{NpvTi`p(`JTd$SuZi_~k6N!!t1-Wjo4Q_Qe6bBNU?Dgd!?1$a
z7=6b})NlIc{pRCwXo%aK-Sn>aQ+q|~U29U_^|y+~cjl(PtC0Fz;t5{d@1~C+9w%d#
z{ne$lVj`6pWUbvz9W
zldPUQ^R&R|BdxtZQF6P;!Q5xZkw$y2N1NExvt~fAYb3c_H`jkQjiWrzm_Bs~qr#E5
z%%~Pb%WaaDcL;5*gK=wL)us!lwStLfW8MjgBcf;SWqKCPy@uso{YV&beG$Jnj(Ify
z-%R<0R#>!3RMmv`we~Kpk$5V9osB*=4al=R2X;f;aYNXMKD*U8wxBQ4
z!t&!()(rn!Nj&VysVeOUH%MJ9$y13YwP)V_E2aO{#{Lr>|ac^S7K?;>=(}SkjnQ@Dxb)LjNxZ`Y^by+
zRoa+G(gm|`z!`(i-93?tcP>~jWa6Fs)p_h!__pH%Ui!@Ccb$U&?Xk-5YhrG@9wUBa
ztZlCxs|-HR)^HoPGV#bB%nV(9^XDopK4!b?}^~rmyrbGGaN0e-OA>%-illbu~ZEc9{6wOeW=UhJi<9vyPWbR`HN>If8ny&?%5i(b*o^DNn;BdmHe#Kj7Rc)AuWn{j^MGInI4YP
z{_@;Pe9S;`2=s7tbCotVP3ay^A4B@N*JL{O9RBP1+Yk#oPO=%}f%MU{5bK=jnOEm$
z&(pKUtMGTrZO}JQzH`++jvRZ{y}mLN4wP8ZSR+{`Ji*Z!#3NW0M8qp-s4
zK5Kd4P!FqpLE|{3yN=eh=NE_Yoi3jsA8b{zf8gt2mLu9ZRZRIG&3`mh>>8^XSI_Mk
z?He9B_jt&(r@@T7hR$Dr?h4Lt8Sm;H_LNA~XFy|7!U?b`|t%dl`{s8gl
z#%QN{X4UU?F0%iy`_@iYY2!A%81~&RW&3$Ce9Bt2&+{A>d`hAN#8>uoD4f`S#fy*I
z^XJ)>c{#=cDO~^So`pO}qMdn_I@AaAK
zsuLq>4WS--7DHV~8>YO6CcyXOE;Pt@J$OE9?m?cvAjw;e@kQN#2$H|4&m)Mn`A%Wc
zGq)66L-p((?Q8A*^$y8L=LwvpTL*>}T_087i^6}OK2T)7_tUiQ#ouhv-n+7z&M9jrKki);gKCVO>bJH2
z@Ig-7Yv#GxrPtg-ef(&8$Eox-pUG@)V1Fd%Lw`Q1_N9$6AMrjCt8n^N`99$BqTf{2
ztm5@o6WRGQBgA@P&&@{r^+piqZsi_PkNNt(ny+o&9w@pce_O+EsO@Ktgd5EHn6E8i
zNP9-KHHb6#U^1pca$UL8=)V@-Lc9p(QQmu)=KVWH*4La
zo3{`jLv?#3Zlp=4&H7C~r`sdr`C9oL=2;Zq%k=M?+4mFBD-8Zv;U9g&F)CxWWhFs_
zbp`X^cg`vQU09s|`jVtCK5%6^FBwCHPM%p9Dz7T+uLm#4^Qq;H)?S~wBMM)TcSI3-
zH=MOC;^Zsvi)s?9BeqdpBfjJU^dSZBw)VcSFy1Suj5~29WArtNJJ`0bN8!nMF94&Y
zs+h|6!M_)Nfl<%Vntn?>FX+B~dq(T*d>`P8y+CQ#(tnFSm*p{o=x3gQy?5$*Fqj|I
zi!l#f;_dxYG~b7mPTl5=atz{#<-eQG{0>paI?f@ESxCI2tu&5z>}Fl20l&0(1a{Vi
zI70)$4ykK4`oz7FXl@bn(H-L6IB@vIXpx5e$b&d3RA+4GO|VJcVwkjNrIbD5xECH2
zb$#EVcUsBs1nmAQ<|8A*(?jLEVHfcGjYe?zUt4=C6n4#_^S~Aqi6yF@yVLAvHIiZe
zTjl-LdBiF4^bEh#+B>FXu#WT6F1b>KlfGXM(zE$u1OvYt>l?T+H0R^O{+w=Y&kG;d
z#Ef0n4^_-h?Y!C-q5^nwRG-B3UPyoTwZb4C`)Y9kkMRlj!
zw!ZT(MSVfy)}EI5rk=q!TYGn_*ju3~#_x)6e{a*A`5PaT`8!np0+qicq4FneGXEZ#
zUrWgR53Bqq&dK}+(UCs8^ykOga*5}BQ$%-vXyTuoGvi6v;&aD+Q}&w-q#vg+6pEMfN@Jj{4pfhW9;8O98rq2Fp^OJLt`EkxMKOPzv8q2db)*Fj4j6Y)Y
zUYB;BT%po1kMtd1&NfFH?wk{t8;50Xq`k@9^Ya5WKRIXR{FrXx*4GA)dI+`x82{gpA(XZq{rzDgVY0{)#E
zLo0*nsiz0)8+0;Toi}5jOCHs$=%-6PfA{m*K0p_Z|MU66{?lgsxB_wCKH|A!<2D=P
zdo1O?`5E6p`d+mit5A5g6$;<9LdBNAf4q;K*XgHhf7>NW_g#^O&oi#DLzY|W_Oj1V
zYWz2eErRy^sy%;S2Dj%|?fJPqj?+tRA&%6E>8i7r>c_|P|5@t%Bj&Z)@05N$r7^Yw
z(wD1rGd>4mN}X1B`X!&qxm&KDA6L)4pJ6YS?)#GZX~w_6|KlnBo^9Vea%O)10JhF7
z%Qz)w@m__m6FY--axcyC-_u#$#uyH65hVF)8?E6-VGob>7}rQ{D-pklOMHL5ht}h9
zZ{F2`4J!WRGYYeK;~Csror13p)pZTkRZDgJi0XPgritEIiTKZ$UwpzcALPkSs<(^k
zjfj7VKQG>n_lcA7jgT?aSau`Mccl@;T$?tjhzHjv8uoc0C*|EFW2W0=KOR#3c=z;y
zq7y`u4%uMyD6!7n?2}P0`)>F6hE$mcRGF^Rh#y(bSg)|%9(I&6R=kgWobHnt(iaNiZ|NhXU=u?xpFN!Exr;9
zF8zyC*OiFj#P^zS)l@oD(|1ui&0(T@MOz@cA{zt1pkII=TUHuB
z>>`?ke6LdjV^gEL^hvv0fe;`S|5CohiABypL(sI`N~f*&RAAJ_*+Z#0Z6n8(QK
zzFT2dJxa96@>c?IOF!A7Uh8A0o~h@?zhX^Ip_rrLc)0I)J^nO6|q9Ck_|?U644I*&=*wyiMx6
za+5Najqw!x&$jj^R6K_h$63F}d+Lr^{$yoLM`z?Ui46i-tcK$gl(D^s*DmRsQ{34t
zW54Uw*G~rOOT>N2wb@4Pg8X?8LuX}9v3H;yBY>8XKA_zC3cM%T+y
z?t;x&A=~a}^?37a)hK7mE=B4-)OlRWE~dOv$(Wv{Do(u~s1)@*AxmEmACrA`h_t&7IxnOXI%6lc5Lb@8?hXqbGMcc=(H)Vz*Xfu}j1C~{0!zJqvS~mD%+S-LaGAW7O6(9|~~;$jXeUC?Ih_2oPLE-3e~JztA>1w|cs6g&4@q_6#CK-lNykRSh`q)`2?
zNV>By?iI
zx5X0nWyZ10B>xp|t7VUsNghY6-B?f6u0lpYU(QxZQI*2;(ivfELqy
zEx~3R-_aBBDDXZu-=5%aYln5m_miA>Jiwxu{hGDQG+&DOyZ#L7bU}XWddY2Om0j~}
ziiS1<&ryu?gJ%SPK)c&A%}vVv=S(X9p=_VVV}#{*;Q0jg>xkXCm2lP+z9-Q`VZ7y-GFix
z@jr>KXHE+_qsOQUKjRCz>03K|%b_(;5z{x+1xrB&iZiR5uLazPCJTRb|MK^ET;YDi
zWJO<^e6Dv8`=mJAy6{{QHB&5d923NYFN)!F6m*C<;u6PKz%jp@=o#!6a$mHq#@aS9
zmCJV>9|7v?;25_s{@>N{|NFDWHy!2v-=7`-TVds$unq#i!*v`Vhw$>I5f-n$b_uf}
zitjeKCnJxv?)8NxkS(vZAN{acbb3NPE!qS=Uiq>3-o=DP)qhH0Y3lJGEtG!X6u)Q0
z%8%pa>t4h&SbvW%G=uh0|0#|oLa|e{Iz4u~#gKO@<$d%N$13kaygp-oyoV3N9p}f?
zhX#=k?i6aQjtNvp#i`73BeLp$PG;tRxR<6KdkgP}E6uon92@tYI{pFFUyL|9S^9Su
z_3z=6#{PZG`*)JQ%{iH=f1|{I9b^BjhW->1Z&}jvR=kgG)W^sN7*~y-{Zi)J%I913
zWh?b%5uvUL-}$}e|aD<
z(V>~>jy6@qFX}@2e@=OyJTBfAVL!jb^%LBmKuYipgRz=b9NVAEx)7h=jP|?h?e2Lt
z)s6PMVX|qMbzIn4Gqwcee|5QJYa!n>d!4AuIZGcW3yqWc_}JwHpa0*EO+K61Bb*OV
z$6=gzquh{_H9
ziWn!2-&^%|JGlH(Nq*JwZ!&9vZ!P>A+A~?$;;`PvDr#e}@9OrCoqc2Bk4Jz%P)@X@
z@P{>tKWr)dp{3;yOA>#KP5#9B!%F-ye5}VgoAZa3mOm_M_#;4NcONs#BijFIJpIRT
z&Jz1ukU*!tKP--wb?W#xNo9@mZK3(LrkQUW&9^0KzHNs2F3|m-j*ULweEq+dT|Y)x
zEHKCGxD2qe7h#^4C-l28Y5nFWt>4@Fd?fr4tk>3x0S(Es}mWD4ZW8kkVttS(IS(Et7
zHs|6QTW
zgEiCzWBwtY(X8v4ThI6Rl&}At9w+Ket$JPS<8>{jJiFham`gm?2IAg+TH7l>RD&@p
z#~lCQov+eAcZ?pPLQzDXdh)KZu<%ov|}VDV!_tJLCG=M-1oC
zc%B=09#2s85p`5mu@)IT<`$qui<9_mK2MH+ll$0Yiwwt?#P?m{w;=)%s95#N3~;#pSs~q
zqknIO-&v`s;*GnR{14}Zo$x!CHAlT8lvu3t9E?Y5RXLJ$?V0fu03KPxHai#(Zq;mmDri;H-fgJoD(Q@RCEbIS`RQ!*Em~BXWKOef>
zbl6FH4)pmgV)0nk7b$kY!%$b?QXYR>L>)r1zsa>wUc8aCz*>3LU&>DUr?Jcaa(1$#
zf-NY=m~5{x&0ETz4NqhH!sYC2xPt9_X(n@)o7Vr0sxgOmp|rw_F$iX|AI&n3Wx6;v
z=&!*fJ)UkwxK$GITR}DrE|Lbj$Ks#8;Ws_b)lqz#JJT)0zxL?uJf8WosIdK>#2n>0
z>#I4A2mGE@0(lbr|9+D>zUz33H5}d~-XpC%o_ai{%p@q={8!AIZ&om7svqPh$hop`
z<1XH|-^Fz+OZ<*JXB}eD+9jvDW}LmwB-eRhFH{-XS4o36^Vp-~pnenU9gw2Us)^%C
zL7hkJ@ZIS_J-hViL7vyjwgfeK3im^l&7~gc(bsvpNYnf#v&SPv_ZiY!{5j_PJ<`lQ
zhP35S_D7JfH>GTiydQo~@k?g(W2}OGbERq@TJBvwt7D<-vcV%XN~=1Y`Whmord(&
zUc@>=zXylZ0{g^6VTm;lJEgPL5>tmA(wS<+WZ4HiEXikUm*1jzMV%wH<5+Woz08kp
zY39C6UyigzIlssb&M&wJF>8~8Z_5(5jjIpi_rT{I>oM92dwt`6UuYL$y#!w$+j|H<
z|GgfUPsPB~tD&w%un)Mo98SNlC&>TT)5iyA2D=;E>xgwx*I|EJt#5|9S92e!O4xgw
z+|#I?jP`H;F}i=4HbHUY8pmv#525B$D-qDtAd!Cs1SvX;)TQf64~r48^qKLxM8
ztP5i_&Xp^*1Hbl#ZYFzz$bL9GSRGp6%bT?!IK!!I0iA`!`m;+bwb9m|OlvO@KmQMR
z{dumUkAF<^#rr4TzlJ~Y{^2^s^@{7XhA<8+d*OU_{r#GiH7R@L>98N1sm+J-m>2QS
zis5{THl=&W7W2fO9_Msvu~sN=)&?)PT@rPQyTK;H+S<7XW&J7bO5$E8$p1Z~%h#Cv
zhEI%8`UUJ#)
zuO>fl-JQuk;bLt8gc>mOax>&q!RV{;WH8FmxB!9{a9J9pCig>*0Z8X21yu#l?2l^z%Z=X2D
zyJq54@3#}=sVF}v6$Hmod9)$xq4K|i^1@%41Gq9s(){Km#Q_?V{_Ew@{Wl9JF1^t0*Yi1@L~|~0O^|+3dZaHq7KaPAx^!9Hw
zw2wCUgV27m0AoO$zrFv2r1)ewpS|)^HCOs>nV|pMk#2noy_CW+;e}0dDbRflYac*+
zWheZ$u;u|HpK~0m+!Z1oSnmC*9`Dy~&q>JZ7&Ftxo=KDsbR?m;TQ67|{^j*5mw3p0_+USL69ymGikWXP7G!
z%~c`c{o=SUp>g+b!#G(euUs5Iq=L;ZH$ndqI~(cK=l6z$_)@dWb08058{05G-1k+{
z#?Mvmr#S=bm``#5Gw;?0GW~Ml1+2WV=MKbHR&7{jV
z)0`I2cm^Z9@378i`w?Ta6#f?5_CvlI5i8&CTpcC*e4+2^_%D$}eVJ<9|041A#kl@n
z;4fldN>lI*alMH*Li^K-S73=bI8G_|SDmQ{-~0BeQYrUzt(C`8Pc4IM)Rv(Prdw@$
ztIj{z6XQkD+GVT
z=`$w}yVfqNT%qE6wbFY1AKKf#cmaJd
zQstxZ{kRYEtQ})~mN{(p_C~f~`#0pzYBS;FTH)TINEbS%Nn1KAq%w{XYG!OG`R>q2
zvY_#W_}#%Gf2uXJ1+W%ZXlRciv46KqsGE_NbjE%1G_4Z%Be-j+KlX)|l8=TJ>S^8R
z3#uHSwmKH?$ID~vRR?vfx?;n4v~Ii|@-N`^B32#x=V6*ZiWqQqkbhd2%Kov-%YMmi
z9quGtpWyTO-q63Vbt7W)VoWp#@LP*2+IDly$82i`@vp|q4`^noK4^t8$_JTT!vET}
zK+a-q#n6NNyn=QX8=@j6bR(Prk4sA&NQaB)nDji_xO`MwBLCf8*UO*Ou3h5`nH~}t
zgABfzk)gT-Fm#or~PzlM0+n`;b=R3{p)!_AV
zr-pRBM|8~rx*#vK^*}Yg58oi4txfiimgMiHw1suvmis_;yifHJsAmV{i>!?b9588|
zr(yZM4(}Xjm$504Y;$Ahwir_)(zu1+!7`1UKOCc!X{knB4h!o&2jzHMjNLR^8EEIG
z$Y}Uut)uyW{3`wV9Pe4uOqIthMf+KdyN7p)Vw*!lIcXYcI-GL9XBEMG+YD95{X=YY)Bb3;iwG`p10t8EJ8to?sT6j~M>@
zmbm;!IXP|U_O3&O2Z;MtW7rq^A^D42wg_2@c@9vXm3MD+V4j7P=lte)p5CN9-=jRQ
z8S?C;Jm)FTJj&zWoEcX?LI1xwHGU%ABO2*_p>eaoTSV--P9Fc(c;6Y_{;0%IzxoT|
z^PSJwhbF>D`6c1m4Q|3SXCl8N2IFdI)7YLh$$oL?rlk3Yv+;o!e4$>t2W{AdKKjBI
zZXegqnL(xm3cK)_M7&)rWDDphIJE4>x-Dfjq%f$f9~{_
zKz)^x-HmlVPjyyo!aYZn&4)5;CY09YGq^8Lbkt!PSFT-a$#rQ0AK9hCZ;p@b;C8eN
z;H=*U=bmOBm*C<>yK*DO$)Wo8cURe;U6(}5V|Gr9)j-QniI!j}11*o)J$-2J92NNbN8uiVc1DAj1iwus+HFwB>TWzI
zjMSEF^@TR;_RpPY-wJ%V`-4twA9Zl8YegF^xwIGUza|5r`a;!oKVI1>Y;SW&kF4YJC!Yb2kxZQ589xI8e_(vF
zFR<-)g)pP9tKf1Ubzev$#(ak}iFRzHYT(aU`?>R%uYf8KE&aJ2FEtOZ8W~oXH&*EnmoSObF48DlM?Ow`{1|2
z@y<1l?j{E@dL_lf%HusaSZTgIHTN6_wT_D*mqY=c9^KH
zX;fDqr2o_9ro#tl{m#3a?EgE)wthEs#MiGrhkpJR!(wkSW(l!`VLf9EixInm=WTth
zbN>TqyK$8-bd=)rc%aS#jHf&#X!<76RF3IH6WnFarK87epl5{QR%i8p4H)dht@b;B
z4?fiS{2Ch92;}Ldv;s==L)uPC%cZm@A??66U+8+mntcNPpUq?{Vqx^Q`$E%6&%Q8_
z-R?Kx{VS0E{cGI>d%c4xXTm_kHMrLU9cSke{t1-%7glBWuWGWJSpAfdkv2Qp_qr+-
zZ9G#x#j_dmK!|LkkNAPl_W43NME7fc#PAreel{{WigUk-`uPUcAM}fUo}x3~djHkq
z12p>Mq@#)?}oD1;(G|CPp9IE!f&PYZS_WhPuFO~zlJmk_yF&g
z;|zNGTYo|EvfzB6ND|!F|DU?2jgF$q@>O@m1PstZBN<1b`XiVRbepe{b-a0eed0S-~D7KO_+}Lirm9^R}tS|
zouS_yXa4t|%=ttAm?wGvKZ%^67~jM4-;=FhH0v*Q33(H9HvP=Z|I&l^m6@s9
zN3x~%(N=L^x~qrI@mb6bR7CfgnF-`mZF)yvLiD5dARdS6x-$G1o3i3-N^J8hIwxxJ
zh+LwW_nPzwVsBj~_SVqe!@h^@`Kx#iV0|-uZ{i8oE%;-2#x;IXf)xt^gdfQ;b<6ervGoH+e6=gB3F6TvYV&ThYhKJ%@dDV&3iI-Mix5oAA!_1jvb~
zW4kk`VlJd*mOZ$4
zEcKVg`+qR!zX$V#rr(Ff`(CsD*B-8yO34@E{a*3@qvtR-(xTrb+@B(z+bzC1`doGn
z&@t`5@O_)@d`Rv$YZTJ^RV!tz%4h-kxRq5MY-3Fa+u5drQPy*?lf8T}0KYGS-?8R%
z7=CYn-y7j~%Hbq6drV%A`k;y3s%Ec8Al`#4j=$li!Cs@&|R#
zV|<+0_a}Fwj9}Ki9~
z{C<2!o*~Kat4!8(S&r#Na$GN#J$fm)2w(4Ls;iW
zN4Xi>I7zoZU#DD~FrKxoa`Cpq)V4djZD71@-QKLW>bTpMQQP>_JRT9(26K~Pj>7ae
zp42y&S-!zMP5ix|-ajR&C*lh|!Nfvu5Ovo)H}$+EuIpoxayFlAJe$_{cxpY1*;3ub
z?$h1uNxg*qT!-~FWO;>AB*%mK{??x;%=!sh3&!J1&sWbD)I!v*k!45J!?rJP;eJaPhpK4Jey|UsR=%qRy
zyk8IVz_wO6k*21{)C7#!&L5TwFg6c)35OHmG3Pr;;N0xT;SQ?y`4Y^ct;@2WR@kxK
zc=j9a89%MvzVzDNps0!IQKHRQf6e3-4T4uV;5j|7t*LpX_n|MVo}Lx9hH;(+gw3v}
zdiPEt|2|=@Q=dQXJ465fM1K2qvGD&WVwdlq;C{VkhnwAmb=xKP8#U-V`-ZHAU=M$Y
zGO!|iRIU)P40fR`%_#RUW0eUmPo5^5%fEfu{C0dgQ)6zGYOkV99viuM8&vORO)BW!$U!30v+3(onhkdhQ
zo^52iF7JPcRiWR4f$@XRZjWZ|UxRao^$;^*PHf~QF&
z4`98As(u&1fxeE#EMOGF-y-;n_%r<%{#C%X`0?EMi(2E~AIH1{uPEyIFM$pnSFG@Q
z7wUjBjc~^EDKrC}x>lUEq1R0MgmgW=A))ef+Lgq1PWYCe`MXqX$M>{fb)2aQc?)07
z;PnLoU5#IpRDTEfu*>i5Ke>4RmoVU^jKzD=*C8ye^`z->MbZiM%8`M8k3JV`@Q5||
zGmZ&obs53Vzc=Gjg0c_maOu~e4{bov;vI@c-&4J(Y8Ait(_A?%K-y@h1rpE#Phl)#
zr2`m?i#VN@qW}9+^nXf5zE(#haN0!vBB5Upv3}X2yE#
z9LIWWiCEVo^ZRv{?<+IDcSv56{XBDZpp)0(-X2I;;K4egZ%Gx#QR(!+Ap8rn`V9U!
zp8PKDk7nv;3MhWH<%A)XCJ#xglUuGt8av;R;ocIv@~&_ZyC2TPe2OjlK2uNRlbhqW
zD?uOnMtxri7I2@?Ao_FNWc8=rpajuBUQ79B%_I33@5v}5kB&Bj3>*|P@KTVoN9zo!
zz-zV-x}&O7b_5-AFi3SMaSsR_%Yi8Dzo?4wOciE4m94!-?IqwjT9E63YEpa1+WxAG
zz-K(`+$}_spIecQmp}aHGU~QY{*&u(bXP1@A;OXHE->-
z@}5)Us`Enk|DE~mgZcT-(JcOB(&c+^7y7TA`T5Vf(cJvUq@O<$eO%a)n|?M}{l9i(
z(kIltr0GqQiZsDW^O1gFjDkzlcV}#FVygSqnrZG|)ga9e0c_|O%kx2}^{Rn9@!^d-
z(&r-#ho4#e*y_YQ7VOBa9|=o=oO!1+^uL{7oxk4rHTdhOu+6r2^4zH=f3@<}T>R8Q
zywOWMwHRqlBkBfn^Vh%szw|zsV&ktSU!@qVEBqnsr`X14KNT>(^T^nIc1-=>BWeAV
z6Yz;NAT2NSr1p<_-f{n6T+iqT&#Q&B$GnT<8OME0v*cBN*+!3*7bZA!&``VDofsd^rKGrRj8@r?k
z@v%M98bgO?%)l`uwrPx=u=`ihN|IrTz=9J-ZO3vySt`HV6}r^4XoF%P-v_nHq7Kd(>1N8uk2L|%Z@WnN`dmgejd}ho^yPa|#6I|A
zC>xdc9v`hfH_syPV!aQH=euo{kbk1-8Uz(o@8j|$#`cv8e-0D=Spv71`w4we`{ZNJ4jZ7`4M1JT;?)|sRIA04}X8^&kFXHY&tl4-&j_p=F!
z3dTOc7_^Vzj#h^Ie>0CklSK^L;tc;^ULz85pseTL@7hc`x+xAUzJYRL4r2~4J08q<
zu(FJJ%<@D5(iMS|`5Nytw3)}`U6U3679pSJ0;*@P4o|VYNBFSMsZ@7%v$uGR_xx@U
zNtnOQlRmFOn!DI$ZyzgQipO=rH_Ck-&auQ!b$Fc+Ii=V6gv1
zo3j09i^V>FMy#286U9>vqrU+8c%y9eIM45h@6UGRuIq^XAL|$^zWnpL$yk$)1$u%0
zeCUKdY}T;4EL9)s543i_5@U6C@cn!?XT8MCdE)qu9pkGX8D?vMFR$vQbGp$J?uK*f
zU#M!Pu0nFJRJksf>n?qy%T3$%I!XVtkMsbBw8pE+^MxLWzmHO^VFc@ek`El#1ziL@
z5p#<%h1-b|(?crOa^rf{N>!CG50$px&Gu=>UhL?5s)6HR+e3$aUr3RpXRfN@cf1bO
zX^>YV-f1Amt869tD&V(`@GX~RPbsruK1_a5$-IAmkg{E2?4CnTC6i!NM&ZtK>zXhBqT#vrbrbjO&J-W4DO}pY3h~I`tE(1`fjOI==6iy
zH^{CKGw)wndL^sAZnEg#2QZoX=ke;E(`)knfIa@YL&IZhtU${Dam0je4#w;X^(z!pBpgUFUgTPrUbs{I@v|X4Vr&{kv(4Dav7sk+b4w
zxZck^Lr%(b$j>w0A1;IUb298fk)&xyNaK~;lzk>%P20I7c<4b-cm(=QpS6gRUPJzE
z0ofmpD|UMVUsG;#!nU|?a;~MYV>_Ua?QSJ>Oj@IRXRHoynNb&xPajlcSF1#y3Yb1*
z&eZ`hc{Xki9|KuSawSPd3&Z)g-#_qq#P)o~_BOS}_UrvyTY?f+%zXiYF
zpz?V9r&ToofA6ua2g-Dkt09DS9b+4{@J7JlmI0k`d}OK`szsg-^Irq+TiGD3Kc3Hf
zZFXwF)3|M&t&WK9{b_U9vr(z%Ie^QJD4Vb!?`5WMf`jsIS9{AvtFvV{lB>WtOJMlt+bLq3{ko15Og8w%b3cMjMrrK=8mokpe
zhJPGyCgxfuyaq@wj`KZ)@h7)%nozP4?_k3JI~618(J-FAA&&F_{Tsao%0kCrA4+GM
zL-9LjlP{+9S#wBQHamo80{iXyNk`v}-{$=eZa~=?W!BSq{mXwZ_+9q~i>~1k@`n)r
z-*EBx3d;9ebR3Ax3m$8GymL38ev4g?{w8Nzr3%^~61Vjzm&+g2g+Uf=km@lmv_H(6
zgx=@{C9N+yQsZ>Ds*)U6c`UClWf!pOi)b7dx1D1CuCGHkFu$17eYD15!-r|#nUKT2
z;}UgXe{Hj`|F6YfVcJ`Mw4ATYh5Na^g)yvoJ@gumIl-czGVMd3!5CKi5RQX!2e6N|
zOXV-cz+cRDFm=-yi#3&1Yi-evzWP=UTg&}e^BL_=ie|MpWy)_s-N9-?q$gR_QX2z$
zI?*D>Y4UXzTh*;9eJ|C(+G$2R;04w!=_(R24h7e%L8McTdXv6HIDM%wum&>Hlj$QM
z`xkBYSoKR7A2ztXqwgJY-k!gY`vZ19+0i#e%%%H2e$V84u`=|TxnE#k-Z5G|?1ed+
z_NcJ5Q^{q+LK~*HFcG%er2sa)e4`Ss9j*S*+K0Wp4DJ1e$#B~5!Dl$&J(ue$NLDj_
z6L3Gy1^BqlQA0mGkcUj)4W3)16k~W{Z5uHMEZmPPiOxrBze%)+&ucd2(WwAl=b@ZB
zk}Fp0!84cxzlg7I0Ui<0x#;-7m(7IZ9}66Z?mg^7pBc%urM8%KFsJHD=y_Xh5#7}}
z45+7%3b|?cCf>FP+Ty-V%Y~0wXz#6gY41lP7%Oq{99>!Wzqa)KY#G**N50UFe1Yo-
zM?dBJ4|Rl5=Gxy1cjws69M3hzKDD^G=c%~P@#Li-fng&J<*#w$$leR!T{o0|
z?_=eEA@?!6eDNPb7FqDOY55`m`@9|KmScemcXX{kDPg_O3UwOg0#b&bm)0bnmre~N
zrBg3`0qe+1_IN
zoh*7nX59%>|2jIl&+CLe+J1fs>Ii~Ev5vksLW2LT=W#L<;4J*`LUxYo)cIe}^&!`omxLQmsn5Qy!Q?RotA)?
zO>{TZE;`TGV+Q#Tj&HtjU#M+^v0Be}Bwv+%u*OaOcurdc4yIqxP>Xoz6nJP{$MJw`
zbTZk|w?*gx)pck$h54`J{$1AjmjV3?0R3A8@*%9(fiN4PI`%EB>R>BtIv6Fa>vsK1N8esCr}glD3g&QwZ_sY+STLyF
zXRVhazp3HA9!=FiM*Xv2{hrVvOYk0bQ=_T+$9UhZCw?8jrk?JF@dF{s=MjH5qN2a>
zjT!m>>Q%T;oHg$&PQdxZfT}s=Raz;W&Dtz^?mIyDc;4MZAji1mwHnWZ`Dq>2vUpMO
z>+Ure&vaU|+sj?FYIHaJHW#;^L^0%2RPeC#=akkTBUGS`Ky;3{7UUls$l(MbM|pj`S9=K{_kX*zjfMIebsL+$%FrqLJO4
zaErPp$cMVv$iOc6hk29X&T~KqxG`^!!&&W(O3mI@IF~;VYua!(w>yvxRGh2h;><3%
z8|!7OA7Wn5jaGXE^mTl++S~GaM_=*>LjHqqTLGt?Y!3N5Pe++wn(39?|5c;LfG$Z*
z{cTbY;4#o2m0mv3DQ!A{yt0hllH_u5nn(QdZ;(gKqWIN!Sd|`|!E@Uoz9zF~&k`Fx
zCc+pf>jqw5vVWJT_ws>|_1d7XGk}X$smcSgxl;7P5`d+OU}*;!I4n&Du7?Q=_peFA
zGY9%;+nsLbVvz&sIplA5b~WI{aWk*6M784!!nm*cZ4)Cl6U+A9*Qi8z1p)9shyVyjCB{eLz2^VJ<;fvpa>1xD4J8%JpOA
zsqF2Na?9T(tJC}$?w;P{pPS#lm|ex%{@7g?&mV{O2MzY0AMPDjG3BEYxI1BcBJqBmMWP{P!1Y
zelhgLngqDM9Boc8zbWvK-)&;aRV)g355FE|n?Yvxg{HvWRsz`qelwP5@bAjrA{L2H
zVCp%^?bXb>DVReK{u;O0&a3CV7Qq^S$lrF#*M+Xe8Y_sGg(}uh1X)}i#+wg%n+FGip?#{dSzI)HT=X1~ZEx&H)i1K#$^
z`ccsyt<|yCOr3Dk-Kv@O+!pIcOWG})o^V2t}HFZ-}my!R>x`OTh4VZUuv^to1
z!JSQf&7|KRr_nv1blaIV~YkJk|PP?FX*Z
zep0wPcKwD9$qJ?*4w
z`TQk#Zebe{(y(a#O(WBnhwn{pA4*hTkLdrs5{9jTqxy!<-Fn8Gem!(vUIclT>OOo3
zYcJ}Szh_4MwuOEZ-2dX%KIb?clK*~a%CBm12Ck!;lD(8)wNG&dlz~dmPw!T}#Vd4Q(}QoAIV>tM&Nxi1=;RFBn{~h!HA4Z;UpHc_(ZH>3+DoLAsiWBY^
z0|1Lzy7cRuh51VkW{C8I@#JOFf87&?5A+Yb-lTdFPDbrbw6hn#7$DfB5o~trMW*!?
z-pk+(%iqkK2pC3r~D_S$3!vZT~Zzv
zT62ctX#CsQxd;YS_0SLd_D!Tohzh24uzm=);
zm(u!ICcb|R{43+OwMav|_xWe#Z`>o9bEPPdZT+y?@R@!*>i*t`cWvOS@YzLvIgemH
zrAiORY9nkv;OFq!HE_8>??wM_KF?^^L0=d6TNk#&KE4#bKiHq--RC!B{;&QcIKIGK
z;_}=c5t)1Ht%Yv-Um)Ct;#&7KvCVZJ&i;j!^6c-u6LmrN;#gfr#D)Dm&_`sH+6u+4
z+oy?2H@5w6Zo3uQ_K1!9Nv_!E@BEtez4yW2(Pv8;*amC8PD5L=*>`2S^vBkVZY=gH
z4_10ghB;?F+()LO90vW4Iep$I@7BC6z?<7Bw
z_4EB_1nj~>yq$9yKS_EnWw59de5$r*J^5np=5!2WBZ=oPhFfalHG
zRUmwSGQJm)ehF|c!>vZ@pPpDc4QLeZ`C8ud*5wFG-=EB5VgEspxnO?#@ftQZgGqBxxqmha=shs#jD56Oo;bw_Q1G3Lk5fjet1>94*B+2w^&sZJCv82^3_
z?dn>DUEQl;je4}9E3B)pINR?j
zznE9qs3!97I)JvJDF3cPBL)R%I-He(Wd33M;`EobM=n&?|BJuV{wUMG+av2gpp1fi
zAQxy_^j`d?isL_^PsqP_kOQ;lm^v+!ArM{nO@AD@}GhtD6v%rePIejF`#ySy`mdUo_{%(?BNJuMd6
zP%^wj+H2t5MW)RsmL9d)Kz4g9j(^+SsPlbuMEp_s+|`LS9a~=UcfP@TktP^(6`Z%5
zVLpk@+4pt6-usT{>#Y>$YsVve|GzE%`I-*rYpgK;Cx&_5ZRih3F{k85V)%~a6WETFYvK*bXnQn%o?st>
z5_sPv!e6A9PZPZiSl)VBx9ofQN@%344<~Ugk$><1Fdyo!iH#*r1g~iSnJqPA^Y2C8
z84oTKBH$8>kBg)5vBvZ}m*F@?!MnHiWx!GsR7CTay5;F$2Iia&@rX;rBlfV~?u1v`
zU$Su=;NMxowWQ97eM-SAV&l=jJ3hbu9r5{a3Vh!EFzbJ-WAQng_=PWqU#NT@cU8yo
zi%BMaA?uBzU+~%EW8oEF8U8=jsd+`32%JM7n?&cglF#qptyjV?d}HPpjm+0}-YWUU
z3s=l9nj_>Cxt{(QiCQZRUE00gIjNQt{5Qm(TGQ58j95IZY*BKgWE@;|ZVFfaSveR5Z6P
z34a=K$B#ctrY9hp868{nh^iU>yBH_ZW#GR%oFCSp4b#|uu+@#SHpQ%~M$CG$`}Cd0
z`rTuTC!zbVJAD65OR}y!T9-}FC!3U8w~}7cMtaH25WTYLEmswJWBI2WYZ`RpC+a6L
zSMW*k$3yY%SH--B=Bmgw5sYyGk|U2(UC>f_>fM>p0hl(p+{-4_l;
zpNlE1t3n-=h4KEsU=ApoMDqsXq1#o@X^N3R{0ZkXzB>eY()p*940{$f?_}jiC{3pkO|Koop
z{8v-_yS=>+;GV{CPsCq;WbnVrvB5iT{8wdS`I&u7+7s0p%%R#SZ%`e;ha1`duTs_l
zbeie_qTEtpsso5NnnJ4Ix0v#081?@q%ld!qSumzLO!>4s0QMbD@niV>ImMaOJ}%!A
zxP|I$P^^HlPto=itPfaWst@SAg8G0$nWM|k2fA0H|Ai?Z#Vo4Z`3rro@Pul22Gd=X
z#{$~x!SU-TCr75Wzq)W(>V=eXYpE_B)gDbVYL#BB&Kq9bA)fMgdYDI_T#We~40?XC
zx{&K=onjmM-o?1?8l7re0?cqflx~fD7Dk?ntUZ9RbaLJ+34ePxj(PU5zw-$5)cVB|
zj_G`EaW56#%SG_a_ts*){uR>y21tL$XEGlDIL>2Q7bicDni>BWT{(X=;~(kM4{0*r
z!*FD+fHbPPYO+TTOM7J*$BnIC6lt%-^)LOl@k}C|HRNxkIdxk&{&Nw^7m}x@qK{87
zeENS7hEFuz*!-2G8x;Gyo#LnmGejlO2v>+k-1#lm&XDwP%a@V)GSuk%-wz_~>xSJJ
z^~pV=j_RI2`KadYQte_45*lYdGL2YSIssL%!gw6T-q_hI?h=8W`*hfz0dkPt62AN)bo=BFCCW@8b}%g7fq3EG?MwYJjy
zngTMX`+ewZr%Rb^9?;+w-Ntxwp3BLeoB^LGyT!{7NcdkN;e)bmE6hXoFCKIMT@{J>
zmyur({gJG2#|gqcr5M$rW)ln!M9r*ZG%dAGtd_&Z=*?
zQyCx|WN`a$U>^A0sJoVkz7^h>IRBFnw*@oF|Lha@IPyQ6TX5y$AG?C_>lcLS+sJFvJ5G(JrppoQUywL|5x~EFBk;zs|02%yqC1oQ63-5E
z{U6S+a;hB8Jk5KK3+UTm-!RsRbhMSgd8Ybb+)jsfqIuiQ0#O@C6K;>tWK8U7Xs?32
z^dBoXc`z6F?+0r=RR4$jZ7xTDItS^|PV&1C^0T^ftU2xg{!rw>T%;sdyr^mOplxrI
zT%oXB(ZgdH`C)Q+dx#2`H}hPcWlyk
z@bjnn`AhSqFRbx=7e8;|=UeB?nybe1?fm>Pe!hA>`aajT|8lf(=&z}tM*BZMe0~ZK
zOI!LARNE^u1|(tp$Gp_~>1^v4A=@sVp~Axr?W;xL+-#u@VGL3h?0M^O1JJz9ZS}4G
zP8Z8&Tjyatr#V#P3+3MCVHuBDA|43mf0`%h?2SlgVJwUn-0}A;|IU+fhLhm$`OwDP
zPvw4aj~tp?7I5Y4Yr2*uxB~*7T`P`0_$#+bIca*@L
z73Dpg-$tI_OJzJi(qBf-ubKN=(B}o7<2f?sX`J)m0_o?6XI9?H-fp)>?I
zEbC|0`sk}e_^vH+=2=h{pTCSnKi21z`=2bnRN8L70A4-_ynLv-4#oxA_cGA$_Jy#%
zko->mIi(=S%{`DKw95r3C-ORH(>m??ELtb#4g1{zL&tb^NFLY-{qF!iv`#}gA(*?4
z{JYHKOyO}RFPxm}+5eLH(y^UAcU$+!mq%PCIH)eE>n^_O9cjA;Eez!}#G
z_qO(vqm@Gn`K%|7U#yFxpWAYS^q(-`i~e~^!8>jNatz`t=8Y~Wc-yUrSBrN`U$VhE
zv8K(apSPkwt1998mSq3B0ez0;JT0dA_!8*XMy?-w{Luu)@rf`;#Bob`v&$UQ`6I%W
zON0Y^A7cII^?1&kU3Sc4Qm#g{556}`lXZ~nr7mIj!sj9(KHZ-QV_-a8CbU@^<5L-oWL38d;Hw4bm4=&KMOQu8P$q3_=y>hRmS5Pblz&)aW1&N9Lo0~
z+kfBdO(VKCHxTp}X(!MI5tZ*WRh$vwe`$RG9<1+JFTOogA^A0pT@?i{d^VaEzTZ?r
z8?$|<0(fvgr(5~{fPcsLVf^ew_SYGlbJPa(U`XQCCnmfKzwh)MjH!;zmuZak4f|f~
zor5;>3o-VHMEJL5PON?vVVeiIHVJSoALb%!*?&@f5@ds7)=_BCZ#w4zb$`ooq18L3*&MT%)!^pncFD
za40Stl
zw(|bZMtPWG3|%Vff>DP&MV0hFeUrJhqJEA8C%a9Iy}{bm;Y{BZ57sgYhkJKiLA~H^FsbZoLWTD>4Tp2m-)#7Q&BFVe)P-hH
ze1<*nXW+vdhQoOWQP&FV>c|(PuF0?l%rAp{3f>>UIG^#9Q*1^D%$@QwcfH~7v@_pY
z1mkZYJIug-t8ijmO1~ApqaSsbq5p<9ZBtY_JHh9RTzHo7Ed}OP*zB?X&iC%rfC7`XU(kiLuC^@|iznJ8H{;y)onH
zILygKHls~0%)e*gCd#jZ;*OKY`lfp_2u
z)>7c}^szjgGXF(U{PP*ff3RloHdlVZ>s05b0Pq9rr!NH_gmsq-(B{YM8%OIaCV6cN
zyx(n_AMPjm^OXRe6$n?LD%qA)SN_9chx_NPOM>
z@&&O$A)$oib@wCb1ZF2FgYiQQ2`VmHqT?r1Wilql@jr#LF0v)#q)8`{*|CgeOV}Nw
zNJ2oS#$`t*W_H}#2nc8~Gnp#rv>#_ndpqJ@?#u&xia6
zs`oArd#ZWeilb!n;~W_gci5j_%l8;g*c)J5h3*~7LWNY99@Yt}XH*t4&Y*1UAG>qd
z^W6&oKmW1jo@)*I#d{Lz;dIc$c*kMIJpWYNh}YXVE^w#?Sc&ol@jQ<}XHOy3i>d=X
z+Y+roH0}8xz}sfIzK$kXU&lb7M?hbh*VnH^UYhrE`T9B!*4Md|n-KR-zatu`{)eF9
zm0X^?2=8HACf$$Vnw%>9Y;ldV0POK!H}}}YKCl*HVLy&*b_V&0{k5_Q+DW3_9MR65
z%X5rk-hjJ}`t`KF1AStBcmF@F?;df!_uir_ukWe$KltMJFF1}o_fe;PzY;__Xe;Ftv-)jb%GjpLsQ?=oOt5wN9;(9dsrTOn7Bk8RQPwnCSPhd6f)+6tPG
zQBPDxF?NheWu%*?wHKr^x(_th%O!h3s-rs{%uRJAn_(3q;f{?Y7mBR%`Rc$Q2$SUWW^IX?ZeQ^EM4e&hZrnZL^;
z;OKniqElG~-yv-Cty3w(XRkRG=?;xIsY83yStgaVh
z8DWfibKu!l_-5=f%+bqzlKuBWuYet5KjxbQJjb&rNxUxu^Z%Ou{+@V0z8l|JE8cnM
z4DZA}@YPe!Gx_`G!8iI!Sj6A>JjL|4Vdop|=SKTa+!xMiE4#nj#$F`d_-ByqZSanI
zkjFQKPBHQaZ@aqRRSVAzUGuS#|BRlm>8c;!+?5XV1K<=5^L^l%``c@}t*y;HKYl>$
z|E}iyTio;hOgyu}GX{IzR5?|1Bro~}#e@r|(zR-YIJO(^7
z`aj0uZxL;SCir{Avz;dRB7nEpR(Pyz37zX>4OY}oXty{`^T)}b(;P$nzm3&};1ehc
zd#Z5k0KOY@|KWO}3w=-s{agcjFp#~%gZsDTnLomQx^YZ1?JK;v-eLPv(LR#HV>_|G
z>p*v!@2~N!8T)UNu7kbk5?zl{9JC$c*Cm*rT`)gQ`TC~*o0a{WGu`>4
z$p>kY-&;EQy$$+y?1A+`#Npd=(6%The>AL7Xr(nA{jK+^m!h83ns81roCyo0;hTIW;FZg5OW2OTP<~4}G`lT5Dd0=0|I(%xT
z_%NT~mz*8*Z$dk=-0)vSSzAMQPDBeo-!2XnivDjA{SRjKyCSr9Rtq1HYVHHVs>vs#
zM)+jZ2%n4^@&POk#`*GPDH`Ux#4+iGd9I5bq1&=Bewy>~;CtwQn7h}UE6<-r@w2mv
z$4n9Q+OuNx79NB>kk~(8T#z`vsos44w_tMq1YB#1I`H1eWgN9x2reCGnp(fEJJf3RS3{n5Wy9{p8wPmPF!C|$s7t07L;k}q0nH|B9L>dfVd
z{%s4;H=mtPBK&;8iI2*a*KTsCds94GCddueOH@c!vA$hnP$3!g1f@9*>z^9G*Kc7B
zI_@i5#}&UL8S~w{LklOkA9XxEX8(@(+NKHj|MuAUVjaLNI>T1PecLiRgR}{G!ZoG$
z4Ur4t*tM?LZptaJGe;-JSEsJ!@zsU!zMH~Z)^R@UfH8~JOZ`sVtIKx2&zQ~rc4U5H
z{gW#8f9Nl29!m?@N=U;i#OtDthe2mph%ZIK2ay&S-=l9e_cRHaX_}9^v#f*ic))yD
zsP@62kNeca{$BQ=e|;$0M}`M$EaChlyA#{9m3Jw34|-Mf*XREDu8{B#@8JHo_mSUP
z&J}oCO8g)4b^N@!r%=RYj$GC68biMgsoZIcpbb1qHt>@|7aX{X?`_g>|ATiFK$}O<
zwg-L-JgRyy?>*jEJ@<;DUk!5?amN}F*mpd=#X*cyM|!PHi%^~16@tcNcLDwJG~(|t
zwvj@xITWz1xc*%%^zULir!v>S(@4haI*ht=U^fSGPm6jN|DLQ*qU}?;en*+ijlW+B
zqHaq9J!a_q8WU}38zEiTk3m-&&{ZSos+oqaSbdo?;$JOm3GSSjnt#83HuXT4%q0vl=fZr1ovb74sOV|RNTL%
zG385ZbiX^~Gv=mU^t;U#zu%oq^W^)=%7*
zgf_W!S63G-_hP;Tu4|HnuE~!2$E9|s&^r!A_u$6f&Nh$V_c0!$4&yT5+jr@%PXxW>
zb9JyAbNkeF*jWqtlFMvMuX%k;l%Mdx_Y&XlA&otP##f+CgQ$aQmbDgv+avJ%?cy$T
zCcl52tC&0K>^RqB=>LJVIFe8J0;yYQ|J(Z}w*e3a{iI>fq9qyrUG$r$BS$`2xlle)
zne$O|Pl?Xgjj;@#mt(ZIxyS9}&pwA|Npiyv@%?SqE&6o!CdN+H_lSHJY)gp!is#o!
z6#sNW(EMaZ%qBs-hc%e2QT^=v!BgV}RZ;zXtCRGzu|Cf0=Fs}%HT$GZkA^9!H5g%Xw?gM>
zbs;xv36-+k{SvD`zZ7*1tS8F9H}~uk>rl;H^xZ21d%7-KHxy$g{4xD~eu_P4wCDO8
z+F$N-!^g-Qi~0x8W6&NC3Vn7qJ(l;}4R|8ncy{RM~JeR}*^=ydf}O4Aej=f(7UG4Uve&e}2m
zr}Cw-=TXEw+#~utm)7rUf_Z48y-ION7QSzIciIB_`yu%4L4=2KI~Z*488`A@r=e}j
zPN5uZi#yLQqx~)N3D-}tPWPoo$A6IC^QCeAo5poNzGoA(pH7}qNuG*3ZonElY%$$|
zMBp3ezkAOj$`jqe)=_?mrNUprmd54BBJkmB1GjblBJ|X`RA?jM(O(Z^-cJj;I1ayc
zu=J22mt(^IK9Gv*374be|JK}N5$!ut$*v>&0%SW_%3cqSf=zOktqYB@?V$*JA!M5(
zuj_(HSDd`jJ6hl!ufsdu4}$!KK>k7?f1y%oZ^$C}nMmG_2)^1=XU-P+&%D2{^JLoZ
z^x&9x8TsF#U){^0{Uhdyt-5H
zYFkQ-SMw*=Ul99V{OthQgE9E^0>01$|JI~@zSEt*&dC2csE2BT?2B?GoXqVGp0lt9
zV}#Ed_DCSZLpAeo?xvgk_fu%^vjgmlddeM$>o59m^1Hv9gmELW{8?_$-ODtd>(NcQ
zb>LaYGRfh^xr4uB-NqU)@P=N?7w7Fd>6$tY!K%jTv4{zo9JtItv3&PA}PNIX`2sJ@7|0p*nj?<02
z?cXPy>cM{AcDnra2jtoLkK*0%OtI(gK_iZl=cL4WdOx1K4PNSs$?x^T=kj_y1J_0e
zjNGBuQT#A_p_$I((rJ9R2RDJtl}3Kq<=*$-UEF`u1@FC1TS#;^26_I67qxZt_x&NT
zox_YRjn1jZMa<`?NwGOK6AkbVx&tqX%0I?ltq&!eV(H`kw_UVPwbI?TkIvE*=7YKE
zg1LFJuMqGB*&D@kcKCm9{Rb33N@t9WHH79&x&L)_NG~foww+9i5x;6R(SmyN`*<%S
zblEw}^!e0~J{~W0fAGzTpPo;|uU99^VZ4ziUnGqEcL^NYEi=cTUMcT=oc&{&>K}o5
z4(1F0$(iC*>p$Q&JLvxlT7<`*{^B;V|CRb({C5w>F7e+NMXyPHgXRApZiGI@VpB13mX1!41Hv#
zw;%chzMry0{JOIL3g%M2(*C%KUD^L9P57PTz4UZ+W2}4Oq&Q%twM@`zgMOZ0t*y;r
z_q|K)KE-)b)T^+4?_#Y2T$e0zHR$vz%B43tfU%Tn2i0l7JhP-*TtVlnR6|VTv1gcv
z9_ORuT^`$@QyvwZ%SN0e=8~Fieug{5cyFDU)%=)U{LjSf^M4d#Zk(MO)s2)kXrxE-
z!QWe~ENVnixan^6c`9L@t@~=ZZVWx5b_L=a(kO5GPpwF7fpb@24%~Z{j5Ty;S%a
zV130j_`cC}KWc*y+L0EDA8F{e+mBFu2l|ZsLY#xuU*dOaSJZ!(xP5NEA5RnebBXRq
zdH*_m<9MJ=ioO%*`}0GQpOn_pUD5fh+j7D!SN0p>w=ufQ0k3b*0X#CT=ZReA`Xs=>T
zja}l5edBlN1HqWz>q`+35s|L`sMnVfw;
z+v55;Df$V1Yn=CCKk3na8bm+s@VomZj33hC;(_)qP$T&Tgj4ckP+Lvh9M-tfUMn9Qx`_Hc`Ddq;&^oa?_(hc(*)h}lkR3ok>0@smm
z`d!y!y+?cx_3eW9xZ?5sQ9%^nuP5$0&;89g&3WQIJHO%a8gooO6|*1b9dYCQoEYcT
z-|+KlKF;%_<7_qRzkI{b`x4#F*Uxf(jzp%;zin-cC|=}xQ8O
z-Yk%PSU2H$Z!~{(l9SHFDfSHZO7Pvg7}~b&Z>*wc&>o**UbiA?nYKLas0t)K>`^f9
zLfBEAX?J;fo`MY?^!L9kYDXLo^O&GayU%m!FL`O?>u(_*Fntbr}(cLE6@Yu6%(SauTUM?-C
zSQmd}P4~+am@5U(Qu(`Hnuz6knQeS_(}hIx&DU>y_i>{S7+0IX_g@6Qt1oarqgr9N
zJSFl?sTXD!M@06|dG22~o&04`9)s%wGJ7CkWiJKhvL6H}HjU~9b9^2Z`1}Umwf(cA
zyry80qaeJcN)5MGS=cEZ>xM~EfsT18-K?e4BHsZvW0mF_*GOjDR{H!&a)X}48a+qP
zR_AT%t9ImtxA-O2qs!9MI@WBz5q&=8WuQ-rHT6}8pYr?fa{6VtRhQXTO;KOW`}2+$
z9r@u_fIFP91cE+i-omm?|-;G@2?+k2YfvMcUn)DdUUKI
zy_%H;B)JIS7HfH*3AjxTf3h3^`*^MP#Dzxnt$B^g%5VVSj#SK%h5;^L*H|v#=>|9#
z(5G;?l`hO#1@v`l&sMgp#Y62%3DFm>NRh?~Po32P+;V_Z6Vm5?!>i7(@G1pF-?*M7
z9jTDymAaq34sbUDoKwp;(Kko_P@ltord3|*Ql)?H0z5w?JhP=Rz?JChqvMj7fWE_8
z>wS&t$nHkKGZ2SoO%yIMeQRH6SKk_MSDZxOt$^nt!gC{Q0X%P*mcEIJA@%J$h6H^l
z^la%2;aSVx2e=ggm!FWn&ChkI?|;?>cp`mgDlF2iI{F;l$zJc27jOI6^%=2Ww!JU;kh*m
zr)mWz`cmXC^c2>k{iJ(H{kd;QafQDCxS#0R$tNpwpkGNY)wi)+fK{fU@w67I8qRlE
zhn-HM(WmDmpQv02eM|Bx{eD&kbglx}m6~dzlaK45mK*L;8}g9~HhNs=Fj
z&qJ_I+^yyH)%#t*tEV1o1R6Vm#-}yU!85A%&Kcspg`KF#VIvh5xfbT{MwqvinybXa
z=WW<4=541|mp`O#xE=XNat(YB6W=)x@~H*^$IU6`UW3;6RlEA@Bkf8)&Arcn=O|+(
z@VQCIiJ)hfL65FoKis8mwsCq;o>QbF#5X>7K$iOi&mJ>)_Ozy38r56ujeuK#=J*_G
zr~>CImn)Ft5`kOT8I|L`BVM)jv^P3WfgYXHvx?6(6Fr&JGJiziS42E=nP|dsurQyN4RE)wZCC$dZ&xgA6Yw>w(jsp{
zJ+Rjz-wg7g16^J&54$`-R~yiE%6n>Gmzw+)=aVz+SciCm>{nZ)2EuhK%LTbDB^vWh
zG#c}I?BZ=|q|>Y9(O7osNzy-S-?ZJD;^Z#TShq;3D4DsDh
zd|MyYBPE~@VsvtS5Y~!cYFD3M-wyK=^}*e+4y>hhpgyW!RV~lNKSLjU3wq1DYDiI$
z7uKhAi`9d=Jb-6O7FMCNC2Zr;VTZWyaJFE@5Y;6VHE>?mJX)@cTt;}xo58nJF&@xE0dUn@O+;4kQe&%7T5hgALRAsFv3047K{p$(EG-v@Zz
z19S*Iv8xg27(l(`{hxJb)P4VP2FDEWx|{GqpDB*lGeAqLA8Y`B`~Ehd%wZ!N^+Cg^_FIJm)agE$oc@4Yh4San@{k8yk(Yj8ut|c1WppRww
zNur_DL_>}&gU;UV``f3(`A@r%AJRJH2hy+_*0*H&9in5Epktw&2YPy;?^$^~KY7u(
zGY{v1wUcndm<>Efw6I$f@T0`{$3N{USap1lE1&2%{J*qadvugllD|p1LpllA3{42L
zE_5D15&||1U_9>N_jMw9fZDnOaRriKTtPi+&g{x&_e_`sVMW%RVOEaAo>jLK(;YlA
zGYRB1jzD;bh$!+9Gm1{Y0EVZF2}zbmZ&ls;y1#xV==&Jgc^M;q4mQRo4>?cH*-xHLo^s|tlGDikLG!1@4586RGuHkvb-pGN9w34V5@k|FG}<3
z!l}6@CeNAuksa^#MH^FrPs>4e3xP+AlqrkZ=A5v@cu&K4UsN`|?MiP*b6IgN#Tave
zM`^H*Dx_WO=XEq^Ioq`}%BCCp)9-Pj4X)MElO^qL8?WtEn%#9Pk3YFKeeYvyt-v20
zJ&#JA_ZiQnMY*i=_9-KObuRti57AuG(ew9mT`y*OPH5};Mde$ME4`}MC4B-fJu{@<
z?`It~CzW;08D;Id{pm-R?gx5mb@UWUJ=4Z>XqD>KGh3cpoBq)1wdDK7828ST^q`(8
z2l{#bEP4Xye}U*9XXwtKcI#Yv*IATV4b!xHp48J*l+?vc(+O!;4B$VHhj*ghbfsHz
zQQy=QBpF|Yaj&BJE$8Z!$`qX}>K?f`r_ot>2AAkp-8x-Aonxm6Vl3@?b^;YHH9gn5YzKZsIcag!^Jtik}
z&f#&!yMeaFv~DGB_bX{SIZ5B?1%F>!3d^QrM
zFYozcd5>*77k)on5g~p(aMnM*T*
zqnz)*pQZZ*R*BjBEwr(;UY_09`0NJjdq%fvwW1`>tB3CIYH{R9_^It@BGVV+PhW2_
zpEFi+URx!+ug62g{BZ}Jt!VW(Q|X*uFgBuNK-NiXXN=sOGvUuDDE@IKbbJBtY#_fZ
zj7JQgjgJN69Z`Nn#Q^4oW;JiDmFK1LT&K?}OoY#g_(>NTlXy!v#p3YJv8&&6UmxP^
zVXQE{l=ENUxp|gR`KC$Ylp*HN4nDJawp->Lj}+Fv>Osk;>016@w~Wo;ovS#J)neg$
zm+;v*mFd>{GI3vbb~DZi^oMKZ-d}M155C_h&##Gfwr)}
zx*0R9c8o(loRn%ux$oe5hl!_22az0Pt&U7*t?5)QVh&Ucyj~wgXYplDUp?+3(7iRX
z?wu)@>QPIXs{^~+JmpgohnFQoHMjUTXH
zdaYu9%kALfE}!q2?*czbhO*k31Wj
zAe1xfrJZmk2GsYoQvLVy`KUimF5~<+Xm7Sof6SzuxASzDatyD(ye`xsBm8v8R>p73
z=#o0b06Ijg(d#?!k?m;s={NqY>4y=dAAZ8~q#M7tOrf<;I88M^`VPRe3|Kcd(X)LP
z{4>MfQNT~s7nnD&-fLfcxdHImBI~(?!c7@s{r}mw{;>vP{q5qv>fXnA`=;A`zw@ie
z@=X>KQ}uEvVmUa!^5R?eC4wHwVm$O@_FFo+wrJ&75(6}v@%As?Li!S@-s4K5b!7|c
zDbT@SgOJB5Em4*f;CEJYhL}n=06rV(>;TVyU_FmweS~Up>GnhmP`cu|K-s6Z=;x3IIhZQGE26tx
zXm@bUY5L_STK>~XTtidIexdBperfVQbj#;=4OK&p^xw(Q=YwWpbBzwrH&Xvbd3DY%
zo(H{O$Q%M(pGH45B>M_>qNwIt
zT0zY$F)xPhAlq=B+O_)Q!TEnSobPrRW4-tMOGn=Yy00m^F&1Q7Q`PVs-$CyE9DQWO
zEAsbuY5jj5`Ft`#cRq=0Fox#nRIgpl5dT_l6Z4(Yo|Y4aJ?8%6x+DC2({idO>qxSy
z8M}RYB!|z3i$9mPAJzrwkqH6%{9$+x^~pZQP|Nrn^^QLsqr7w^)cMutB6?Kv(ZL?8
zm~Z5xt3v6gy~+a6-P4+en3EypYZGSYkoj+a8Xo?Y5D(O1?gOrCoWGSI%LI_+iVnGN
zK|5bDi1^x>Zp3=RJWEFSgY3z_yPsvB-HCd|M7mznIZ14f%=By}
z=;N1~fS1FPC(ZxQBG*4M5td~F?K>_k;rthPC$Ui|c#f{;!wXve%V&t$VroXb8sx(y
z=0gFE{bD|j$;@La{!GKT&QPECNKBZ~uoe(^F+X<^<9P`+_idErIp5+fRf)zpfo?RcmG`_s^g^H)xl#
z2>(jbUZl|u-)GYOty1>wn;vBR^ArB{U;N)Y)mF~=o;Y7U9?W&iY|H`L_2YV#$7SYm
z%@Re)DY1
zb1WP_AmaxczRNEG9vav$(c{aM3&okbs-&RoVWm*=-P)K8ds2P;Y82@Fa@gPQc32D0
zHekI96U7*Ck7EUYT+!la@EP44?}zWz)n=vIU)E-;^u6HI)Ew$QQds&saK>dSd^`#?7R
ze5b4Vh}=hNI_IBQ&%bsg_`YpW{ih@0#&?zQWjEd^IW~fQHl+2RK`+GM|Am$GX%zc{
z;r!F&Bfj~SBWB2b7Wkbpgcmsj#+Ty0>t^UWQDpx<3GH7aw)Z&7vzzJN*XNMWUkGhR
zxq(*{7d*@BX5%MV>jH7rGhKb`QwQSd}|ccdKwc}RLZ`9Bub
zXOKT5D4v+@*UxpH@B2QM{lIggZ<1F3^KPQV*f<*|Kr=+za)cCg|$z~KEYl9b>K};Nznep{CAxH_>uqqBq_}PdWR;@g8@zt^GPAGrUB$e)~H@UQcbUVqrUc(c)@Kg{k2Z-kF06%5h7GQ|GK
zF~s|&!`NRX9|~m{3-M|tg`jLkmJ?`CT>Sb}N5_=ZCiw%l&~wetht{6|d9=G%;)ZvH?Yzb(0~_-(1M
zZHqL&D~4DfD~5O;1u|VBY^~wwSTe-=Di;oC)T}_?-Iw1^&u4^xPX5n<;Pb5|TyvA~
z9M~>r^L?L!1HSW~V)$JQ`7b`Gn`;J=-9&3<03J8`*lBnM4r7hg#g(dAC$+x^`W^IJ
z^+1(N#+M3P#(_;itmq6n_m$^snl6iemhpe+JyUZmVQ%AlJ#9EXldga4(~M`&;6J>~
zcf|_c3yoPAZvT}0UWED;qR@pg1LT2$ecYe=?GH1Z(}lH5`i(vLlQ<@kB1-$v=HR|E
zhRzT8`3-qjq2QIO1{>o!Zr&$jeg=3)TMuboe4WhtWR|#3$4mHrf2ge*xxhV6??G;ks$qHky>+V@0`kD_nA
zWt}|ZH`|20!f3WTl7wCFOaJs4&i~jW_bT&YKUukf-f_nRFXa0q$BRERrYJaWEk1l=
zIp;sYyIa;RbqNt)M}5Sa?Alr54(78i*hHb$nr(_2O0Mre
z&HKL&SvMm_RQDmR4`}%80d1LqpI9rk#vz87DND&iYuQj)I6xTPzSdpf8
zaQqc8j>-)(=WDs~WwkI#QOpLy+H+13)^7ytg%vTEVqTd%#@BYpni`cGBz8nJ{XW$R
zdpg2R7*D)Obs_H);d|`ILjCM;l|diKYyb0W4l
zum2Km%$Gup`M@yiA36f-fBiA={^)o4V=Q}epY}-XOlSw=#ZKuzraA@s`+WZY&@k|w
zE5o$^2(+K5YhSDHVCI~|Q1!Nk>Mx}JeG%B+bWAw?(*B3Y^i!=s
zrae@=dwc}?N7Gt)-L++1l}oOV1)!TVReApD%VQbIYb6_KIq#X+EypyK+PFH5F-463
zwWD7}zL+!Q_}ewRl~OPLt|+_UxC6yMLOhS-xB|()eR%qLB-fwC`ZS7I4Z8Y`R@}S9
z2k5bJ%rhUqz(#|fi8f%)W3<;^budQtK%1stvc38XbERPJ^rC(NpOW%~QLkJ8Ufw}_
zAB@>w&R1{BSe#KPgE@E}D3-hWJsz(-efG47?RlBYY*xiy4-K@1ttF*P1K+w$rd8Oup+x*h$Q6QccS@rzV!
zf2GWk@zbHPQirwtU+J&*mf-%Qxc@@ve+u=F*x)IoLot4i{iM)*nOh&|4?ew;@qb!;
zHAEJ&>=(2I`>>av;{6XklkGKY?T+AmB>JV<+(ulBj2{HbGaP?An}@eP4AqAhm*
zo$8W)G3HID)M6bdT+8si8|x)mEC+Hg-J<%~-EkDhzYKc*QvMi@<=68*AP&Z}kmU|~
z1TotguOy`qG1IV~xX`^HC!VOodT!XpE8NDu?K{%)pbdIwwt_Xsd-2SucA-M=&-S)I
z7ksH_RC_GqirJlJ@Z;zBg9J=f`Qzhf;tBjUVWzYjfow%bFuNSF}FNy17!zZJgXDYw&9H3=I4w#T+mmdVupp+qe1Rp$WE96=j?YGDg|?
zbX%GFGW%q;reCR5es_R|)+0XzUoLrDaC}D4{Rzagx6$2%Z~0EnD?Fy|CYg7{`TFGV
zXmP(a%>NGhjmdr4Gx1t*K7%hlvbkyK{k8tAB@y(;NJB5!y1x9)ja3cPwfv7JtuC*B
ze$VB<<@Mi0=j*-S@K{QDEXhs!`$ae&%-JwueTAk(QQBk{U2VSeR4ehLi`#gJ+c@4R
z`H?KDfo>#*SUAzyu2=?hxz6HkZ*ih9lpT|=UeWr4L
z8OBY}4rQ}!fd74;F#n%o{?GcYaRbNg$?mu&uH_%
zeGuncrt3yf`@{7A-u7>wV(1Hf=Shiv_|P`j2;F$G|8EE784A*HJq!&I>%YGpd3yvptK{3CHv(~3uQ1+Jhj48Uw!6h5!^e>z-uHQD#Dxblxfqt`D(
zvwk?f@5!(G$wOj%gGufahyO$I^iLvsr;Fh{X7cyW3-*fZ;{B{^0Dac=*w?uSD^glZoGK>WKe-jdU#Hna@bqygzs>A7L~@b3XCCPS_<~u>WyD
zoTDM!`x`i)Z9%aW+1|##+wx7oN
zOG6;^t}A$z+RY9|?<3#;KxBM{>;Vt9q1qS4`YTq)o53F7W5zr9E^0dzh#vFE`~%~U
z5AU5_>iG|h9$#&O`fXuXa1qrniBsQ{pnk?NSMYAC-{&7)zuO;KAN0MQ3b3Pxdp-^B
z`J3RL#~5S=mcrv>G4{@zNV81Vf6D!YPu2Ir-Fgn_mCrc6@(tmUZT`r6>UjIi=kM3*
zhxgl4xKEz1q1|un26`V=b-$)UpST`_)K8ut-&kVf^Tq7H@5b84_0rLLz3offe%lSU
zkMNL5?JrNF{Ze0Kf3)rEq5U-2AM7KC_D0)}5%wk*_6E;gj=KK`NB5U#e>xA2p5IjN
zt5cP~h(7TgPNjaf9TfW?JD<4we=s@!=vvzIj;kt-cY({gQLjSK&6n&w??mqB@7fdl
z&`e1GwBPvnCXX||jF4vk{|4hTjWIs$xGr6ZGaln#DsqkQSKxTgsrSEE(8Us)?$hc+
zj1{k*!@oCi{~smj|9$FzDfM4?1O1!4iS;{QkJEpH7x+8s_lzgrJ|rQZiQ(ttzW;b4
z=cj}CmU*OSzT6XS{}uQC)6`F8(q}+>mt%a7AEUokXs`B5oZGP7!)dBv`@XM%e%i+0
zGs0~Hi+nXq3a=lyA9zKJ4|qr58|ARjQ<6d+P74j&{~g+pJ{EPf^e43wn0tM+ub7ej
zKM+lSh&pEAQO%qeh^2>HuW9J@Bg{v&{IC;CPguDIjuQx
z=}VzMhVLpxBXtx7{dLcTzfB|ZHl48lhw_DFH*_nE3;X)9rZ3gbf2{s)>5uf66VqQN
z{5{_MdR`Ipi?16NkN+M0kMI90$=Ro9-#T*uPfi3pIZ1!jF0=jKM*vPdgW`<~`TMp(
zHO7iL9OZ9jP`uxhKbx>e{OwWw+q4b7;zK=Ee1{PJoi0Ed1>~cm;K&`Z?~}~to6qFl
znb)>diN7E8by0i+Z@O2W3T^0_v$u<6=$OXk=k!LL%6)$q9Er4Nfq6&ZOWPKY`3qz5
zreSN6~1VBXgS63
zu#!B~Lg&vC7Jl0+!U_HV{C+flg)$w~jpq8$#@iK)#a2MNS#Bt=)zMBQU#d(acD<(bd;t;^Tg79U&R$nEtYM+R?TpUJu6pjhLVO3uf
z?h+-7$`(@DLdch?EPTV-cmm$XBjv4B-U?+LR35%j_eTw-!#CW?sy$nOB0Es-kz$o?
zx51h7J}#G|`~zbe;GU)!mn!8qm6vPb0OyA9PaT@r_MxcQ_W!70yt+Q}hnDdY`nLI*
zf_FW}&igM)?{7PnAFGdD%T~7oejMt+bJeOSd91n}&((jZ^nY7?IM@2;Xlv8PpZN;#
zS-x+}&1MJ2b4g{JE$LD3UHLvZdj&XOd_#S4nPhVVZfRlp?J}zf?EZO0^*r4?c}k7E
zcta9)6rBEP8=F4O0+>ye2(6WoQRI-ygk>L;GsgZA@T?MM%;|FbLDPxfq`d+?pQ$A0QVSMVam
zn)mHN{eIQ2%op~R7-zKE75tpuPq#sSH(#%!@G1Brte$``%Imw}TMFM!_|_5(5Bw3}
zm)dqfU9DbsKforO!@v~M9WN%>l%QM>%waNHQ#o&%rCQhjP^EG+`W^-N(pzkk_2$Jg
zw^v1Z#-<~DtjnauNF%B-Zq5%L3v}&w1^;&g(f_|YmhWVZ07KbfJ$vnN23vY$oOgxf
z^q+p0to>?42N(4doot7H63}fXR>EVM!k5G9sa>w1LVJ@3Z8uI!aj^bWn=_rs(q87s
z)JsY!TjfW6e6+umwe}h>aeDS(A)9@$^ex?zJFc0Rv}|_;kE{^!kWaQEoId(Sw_nh(
zK!2Stx>mmg<7lXTTc~djmhERY?33x8N-LB2U4JOYj4*!nX3~L(Js;S{WNKr1tI!8m
z(D{|g_qj|uJB;y7bby!33YcDJJ`k7ogGzeMR9A)S52Y-|~`aokAleM0%msh*P+`_Z2p
z!fRa={Ziyf(Vw*gjnmWZKITV15{&zfxL`NH+3y*=KLGIBj($j&5njmHEp*YBvPPi)
zt2|#1*Yz_&kMO!Cw7K!Qf(`Wc-TeZ_gJxIoo<-SVEx=7J_v2XPQ}wK-0RI4M3VlWV
zq5NQ1AN!QcP)HxfpH1H6PN9Jw23k1D@J31
z($VD#rjp+-8?~*DwUWkK@&d+U5%Jt($CjZPoBjpi2hoCYFy`T!RfTjlvJLU6ZcStj
z(a-39(giuyf_g)J_8Zp!YDwh(B*OFHed4R7pS)rnXj=WDPAuA`)~8u{zKZ>5fas!YH_F~_=gB0kcVt5D8s%9*HK8+>R^n-%-s)2Uqv(;}npqzP~jQrCT
zvaWejL_q=TGXF%#XomCU$qbZoXWO
zdfs_Z7xkd9o{rsV3qu`j59Jg(rc|Pw?kJ?~NWZtrgudUcW_f3N{gN3P`X`Uw?Qx?G
zE#PsC?_&A@XoQCZyht$i1I&5d1apOU4|W1wxta3xkmtiZR;M@s#vUUW>vQAT_|~qr
z*AoKTu3qGwa^oHPt^Fo$!#8ZsVE6d4p>3_dlTOy>O=CUhx?!E$-f;!%$VR%=jrWdN
z+aJ-|Ho7(ZLF*Km=^GUW_X^S^0H2<0rYPQ=W-d>WVU9eO5|jE@vN@jPR*A#-bT~ha
zn*MeAB?`tI1is{oH?3Sr=lfFRYax3TSImCQPOFxG!>T)AA`bu!
zg#A}@S=t<*1HLO+G)`$Id-m{i0;kAq74R6V!zZ{8sp9Y{PL~vi&AL7X_X^K9`mMFH
z509i8SHeBHDm(yu?g`|BS=EuJ_dMvB!<_xyP%jty8;RBH60v&qnpnNvtjgC&a-c@;
z>w9!8Tsz@3<8zT%xE_QTRvi$rU{S{z<0fsk+><7ATZV~DKBu0Y&4jOLc^MCg#BZ~~jbg#2CiGh_SbLU{fa$$Uf4#K#rLZ>u!mFRARdX9Vn{
zPb71?aT!27ST&X!1i8PtnPgFaDzb|s`4H0_}Lwh7w#bxi%ALi^8Z+CK!iRpskc
zx@8LSXV#~MUB^?J@~=R7#=gL{<+%4K`FGbp9gBN=lnj=|apc1~tvq&mAe+^+W9-e}
zrr%qB+g`bv`$sa`xIOlD(iaVH6@4$)MW1Ky0;hs_YbxM{`yfwO(^$DsC-uhCW{b!d
z!z0knB+l2);r=)ce4auMd6M+p9b1t;Q{z2M45({?<2g;^DcFj%*&H9fKcSq%sQQBd
z+@1~R3*Y`^vI(kBH_He=7@x(>EF~$%pUKCW#ep_ZY8lkQPUUxr#dF*sIkNR7HXNJq
z71d`yztt5ipg1QTTf|*3gUMGr*<264S$??8g1(NfE`+~DT&cu(cAI`fA{$%gvf
zZphQay?gv#$)Ub&rnY{qMEQf>>#2f!N>*bCU>iGH^KCg+k8=FpMyTgit_lB)=Wu-L
zIlhnXsq8JdPhZ%-9Ofy(!=4XYFIRecrO>}1n>BjT*f=$nn}rJa2%7OsNid(hY@;ELP2!2CLx
zIiQ}Oa)6mxDF50lY+`V3K=WD*Olhy-`sPp`{eLQ=+=^j^X^L{IeBT8svu_jG8KLYY
z&YJ#|)^sf|$F4N}Lt_=f@(05Qu8y_eZ}K}TvhMq7-L0GOUF$@}Lh>JvZ`rs8fPXEf
zE%W{kV+sq|P#?Dy`{y5o?dDuKmw*?%A6TU-^$ehGO(~rLz$1Z$%er(C&wq;9FacsiZ094;@3%xfjhtJW0_PpDI_
z`a}9Y3EF17IN!5S|8HY_{u$^|KhUziR0GnfMZR~x2bzjmYye+CpuZRw66scyf1Kd{
zjf#Ch=Z3cc?TT-DTh`S(3_zy?P3A#5TuX0S`8&;RGQO|;DMjYK=sSlZ`o>4A#GF@b
z6#gaEwU|k3v2>%biA1@Psa&L$ZjA4P59gN-G;yw$KY+EHqWL?O+Z!ke$vJG`j{@>Plxk%)iA^=*49v45NfIQQ1QtlD7ImuvCY
z6aOUUxa=tba~bT5H?rC4!v^>kvJ#Jo4`+5@JZ}rPEmdq7p8@4Oz-NTAV&Kupvf8C~
zSMZJpM7!T@IF>IhU_dWrg|NLmsFP{5DQjRnxX$zTO4WGxULx2(3FQ}3zw0?qHNKB<
zKK~7g;+se0ZWHuZ_&ee!Yeav`Hz4dwBesobpNHu-NDmFU0-k9pa>fw)yf3qK4Ba0%
zt(SF433Kmw2vZf6P9}kyQu!kM+UD&>$QP>vT=MlCAdc`&!)=X!8O(};m^}5;I
z&l+R17wXvTl9c&QMFDyMelIiv4#xg)EDbc4&L@E$fwWA$LB{melQsp`>{Ntw)C+4uzGd=Aq~m9=bo7;#e}&_=^Lfg>h!UIXYd
z;N>pUUC^=~eK(@dN~OJx&OFkUcR{I^?o_2O98~rZ`JD^@%
zpM|9BRLEwBQ`oy^%tu*=Rv!oNKJztil{b~kFna6LUmxLZvi0?f0rdio%t!pwo5B8Y
z7=0E<&|U_7v0co!Lf-!-RTZCAw0mAcr0($Ihan!2?roQhvU839?vNHBf39)
zS8dOgWqw{3ct&h-nwZS*V5AfF&{++wi-sK!rMIoq%7!C!M-Sz%Ul&bxY^8MPx@fwi
ziP9bGqUG4;Y3-xvj}NG99+aI(W2)u*dWn1koT&I8y8p#n+a-SI-wAgTuHC~!!q!d;
zH%Rxo32r76+`RpGw0O(>36<)B*&$)v8>O~zl)R{EmGp~=+4|pG5W-{6V
zT~Tc(^Kjp;DGszrZ^UuvKecxOufTnu5**}`OlbYkqJW@ndh9)0T*1M`H2=qiPLI}K
zCB{p@^O*|u8mJ!D>7zR5*NQt&4pP98T)w(_+3C?PvLKH4k_P
z_#0u{0WWx(g9Sb%5J$)EmE)*F$Uj&Hphm|16ll3i}^X-crb$0P|t&5nm2-_5yrVX=!8hCtd&l)IDu*R8^Mub-yN^
z4@iIn;<)1LBnpAxbR<9=V)9;husea#pi%LQbWjuq{G1t0m4yI>A{urvLPTzj-
z-gC}9_uO;u`O0ZdIzylivn^*8@RT}6ePVp2=yT!;KHunX%apdV*#vulY*?iKKSB9M
z#`X6uJSz166z@4r?}eVgwXr2)hNqTE5!CryF9qNnE2%q~6f(=d%gs|m``;7k>jSjs
zREn_|;@Ep&eVx(y8uOzQ{*QBAll#8MeBS|H&DKtV;}1Qao&QCinCpC@>oBptb$bfU
zp+i%##?EtTenbA>2>Qalcs$_8WP7=4J;$XAU{NkgevE?-z;nN`tk>L~PioUxXta>N
zSJC}hVm#&fzB0$(yeeBaC<{3hc6?U_c`-g6&bw>>Zqy+;CgjD?V>^)Qj~(mc
zz<8U*c(tZ}BcfmDV|ag5MR~e#-<%`rBTvVm-H+
zm^ao0^HT!m)<@CzuAbuZbeh}^G=M!z@nb9=wQ)IIN3=TUD-t;oFNuAp=uylMVXfCx
z8Nxd*^ofGMqbQ@XHl%@DSbGP~IzWeicd~+h-5;#_p2;7~X9ws1;Ssb+Zr+FVtOLCQ
z-$T0}d`5NNd{T_x^9b4n7g_9r`B}-;mQ3sa5yO89BTVVp7R8a#~x0uuY&!bcsMb>i?KC(ob1Itv*lJ#5%mjw
zE)96FuYA#0?V-EJ;v5g?W|-sV0O+R|G3TCsFR8c7RFA|R3OigLiE8?_
z9GL3-Io0p__;}vMn8qEf9nL$|s+X!7>S
z7Sco8tJP-QQ@6+SSf~Go^k2K>^5e@U{vP)a9cPn9ti%N9QMk{ezdW~3aK9b)3g~BI
z-#WXQ>!U958=mPt6Zcd{H)BqnY3kT+Bmc?^w+sDOya$`%Xes97Exs1?b)$ahQPIbC
zc#cgPwS#S<4@dnlnI<_(2&%P2m?$;w5IpTHpg&1?MF2kmiret+ab
ztP5jl#iF$zDWQU?lSvVb*{{^itdqo8{&1D+@>^4#S9
z&7r>1NuH0fkewX0(R`fq@x66%-1ffl`{MljkYRf-2m0KfFrSM;Qn3r~n#hl4uGCPr
zVDi2_s7s^IYQMNkYJG^GV++}E+VNJ4@fMiI^I7I66%w;wdd
z;B%>kY%?{$LyMMzE>Ovo^Ed{M=aS0QO77F~g^c5h@7#V@CGrHhntDM8%9T(1{zujt
zuK;-XT)83zEU(vnQEJ9Kg+;LM%w!E3+T1!oX1^w6cFlvFKKX3;GaS<o+rh&2%rgX%?t
zCglIV;46Z)SPHU!LY&KMH(>tC?B?&S)%+cKgE4=Z{IW>@c_2~#@-^%VVQycT`@W)`
zinjJYJNv&B@C-b_eT(s)!6|Y-W8H+gq`Sv_Ylk}f&vl9WPk0vlV4|)J`Y3RkNPE!t
zxJ%r#wCa7%bdhgzw)r;@{?Z3h&CdnjGY=-%@;w2Nc?oSfE)Uu%yB=&)WR?5_JoCAK
z0O>PN
z{R?h2@kctILw_M5`^cVMz&!DFn96VH2EiwPUT^RT;QWQoud?7%jQe10;ohZjePAKR
zrvhJyxYM2JQ(qQctlR7L_7{2k{G|KSyxxR-Ng!KrkMO_Q*`2>*KIg*=cm_%6r>
zY0RtdPfv?`p9**e%ZN!J|=m*xE@0k
zly-wW=P^V_9~SywyY-wgh5p-~-oNL_UOpdqc0^z9k|cUo#{CnyZ>^@G&LD~P_ho?R
z6F?b&beH)$RHbo6l|IFL_6Cs2nwCd8MP&%{-{LdpvaFL%`+p$4{$60h;c9>p^TeTz
zJQw#u!iAsldjW?(%FT^o<#O>ZmVvC19{^^!5apD8$8iYJkcb0;-A)W{)Y3B3(r^Y6ss$3
zOdWNQZd(~m%^&Srek%U>8u_z{|L-&S193p#k5bcopbaSeW1crQ{6kgEM;Zswj~Mom
z9F20W+x72s2Tn2d5j=y#=U}Qiv&-G847wEde}-@<4`KZTtGpro|6X%_voRmq1%ejqg~0cTc>b=(@k+>x`2-}aV5o0DBXh`Fg;bL#zAS5InH8u3#F
zJo3=qLphjE`~1Pqevg;q!~{+~8P<0Tu0eodI>F!u7_rr1!JpD|AhU!}%-vb$d*{Rf_HNwdDB;$vR7s6ztnXzPHs0+GW`W?e4SGhS!v@qE-n;q04BbCgSa
z;qYK*|5f5%?D@NCJ%V1+<-**7ZniE`8=uP~UMIVCe+Bvc@VUhMX-TeVR4EVWd7m+#
zr{eSZuJ8kK-_7q|f-iOUujv%)|86`_rmhzq&GLMC;x2=~W#aE$M6c4zsM~1fS0|fw
zAQi9TorZzmNF2Xk2>e>^O6FHO|3Z5p#r#Ue?_Ul*{jw&ja(Vklml-MsZq`+;_z~M;inV&#&ckaI|*BW}Le*P$?cp78;S;hYaw7qc9Eoh5;jWM0X-vC=G-f0kUjo*o}XNrcr^X4VQ_r`?)#l@uK24y=Ys?W86meo}`j(*;b=yc7P=oE3489
z%lzGQ=lcsS_IL^4jK!quS_-A+%B70dGdHIh`~AOZ>Tx@~AB&a4yXEvQ>I3y++>fUj
zHmoWAzwXG)KTg3vkAcii#Xox8oMavv%g967^3MC>eyimUy?#CC9XuCX`6XZQOT``E
z4!`UZu)KY{!7s}MzeI1JnqN}N|J#%4FB9!|eQnyW<##e+ykpCV?;yuFmE7qNxSnX`
zbRX!|&wk1{;yv-Su>ZmDV!XXp{6ksnPaUnv`k$V|&x{9`ofi%!$j(9QK5xvGU%+3Q
z2L2-g{)yYt!=H_QH*{P2^BH5+VJBPDr;m+mz&*h25m*QJ@GNDeBi_b;$1_lFtFm(2
za-|9L!07dI(XVQ{evSkFuif3*KVSHf)c_3BfYqU|58VUziJU%~CXqZjbx`V2R@&q5
z#(bw8>hbCHEZ4Wt$4B?A(tQY9@a#FB}p
zS)TF@{H(J-Pse`^pR3?h^1mgKewrW=Sq@)Zc~Q2Ju-J
z;DNp)7jx}7gvA`LZqX=MH63xp0_m=G8
zyGOwHz%ALqcZ-0p<{Q8_aWm|dS^1BC>U$aZF9iIDIfC-!&wOXurGo?TKMMcR{`$w_
zlPfzwZXA}2Zt4NK>{=7>(0#)XD^y%h+ge?XA>aeU9@(Xw1b!ce_wnxPH90scfu5gB
zaZcx9y!t&?%763e@@MtUJod-9Z&+33VXG2+cJpfj+F981&|e!q2YUoB9tB=RUV`s~
z;r-8HJ;9M77#D3pN8s}q{67Kz@y-PO!X4;?E#5`{zXCXmxgG~RL?3i+|GZiC$jZoL
zfU`z+dRNFM->BXwpW4j*&AXIOO!p&bQ#%H9IVbE765FkuN%*}@IRbrusQ(T$unAg>
zk*;ju`#F4{%>v_6k)|Py7tUGNlqX}{aGNH{mFh&y6&i-I-i$9$@_)d)E)`>G7tg#F
z+UnsqMb-7)=Rs$6&HNWFyxgUJN_P~25r_O&U$2QC!@z&L%=F2C>j3HlX@5W5C)Est
zzN}q$YoXRW1LPORioiR2{%x+Wnfxy=wH+@Yy*!wtmtQILavSO6yuAn7tCj|}X)r%l
zK8>ux{n$KT`OS&^33PI+z@O^|?J%BMkH`C(0pQ=-Sl7sQc4?mt;AR$h?!vezw%cU`
zc=h(5Li-GO&Q%@KTshrMcy};>zCEy?-$4Es^`R=zzk7DhZ_G^r^H_6o{*5^NIac_M
z^;Mb>fBjdy#~h{FtCs$IGWDOde(NKWTY>)T2WJ5OV(zLug&N@L^M|jB(E8oZcI`Fi
z-$PoN=gxY+KLh5^PJJ2l4qsKFeu4Lt)DCjCP@(n#mVfBFzzfe;kK0qo
zpPWVhr=UGO|4F^h6f}RPDV;n^Pw(Gd%4R);`!cPCVO)!_2D*zqjVL2955X`$|ERwL
zd<}ROgX~-E@BW42$2|-7WL2Uy%;%y9<{~Bk`={c6V}A89q%l|Hg2DU97tK0GDt=Y{
znfNI^{ifH1G{hh8VhiL?e8@BUeXNbvqOrbnQjB}VXZX=&v%U+UPjkP>TX>&5jOViI
z0MLCa&^@3=pl!vaM0q>}aN^x|2DulB0u6P$Pd*zS&Gf7_9%xE=3j0$Yd&Bjlh{v!)
z|1(5v9pA4$a4j?O;}GDK2XcHWc;{pZZ~kS#i|qq+U-5>kNx++_?*Y0Sd&4y>_D0;7
zS6JegaX%h{IsED?J}=qgSC%Dyb1nGgvtXvaLtlp;A@+LTv?=LvxNjrqFfYi5R|0-i
zV+#G=mUoEz|3<9oe6?C^8Gky}_Zy{HWn4$r`ljel8qV#bn0K4}Ck=H2^E&vP)&ZR7
zrNtzF(3ckUpUB~2wGr2+b&Y%nYm>2E@p`VfK2NfFd#r1;qR}dUe$tdq{*XRYt*WRG
z#bRAb*x^;r!G5q9_E8CB1&$eu?RM$=i&;M4ew$MMd9#;)I8NB{s&*E}L|DSPr+@}q
zVc%|VT>e$Vhz^?sv|9q-5&u~14Od3|yEGK;8FjfAvXmORT$5CjGKYIRWdg%yG&aMIUp}
zm!l$vYIgDedYiv&J6>cNe;`921EP-sQy(*-5A@pt*-QCuke+z=6a|>3p&Ux;zaHjH
z83~t!(O;i*TGSPEyLz~!SLA7c_EyZTR3AM7ecGW<{aI|o_0?NKas_06K-KTP%EWW!
zQaj0&Tx-!#9^dC*T>Z1;3bK%;m|^#h`my$Ej;bqd(?Y^=U&NIR-d4!+hgf
zLRv*Rea2TpKX~r&!f#05QoNUhu~DCQrx<&K3``n(g_&Pd-K&h(eY5@Ir;~iYxJK~HH7RJ{Q+GN1V$gp!$jmK*
zKenXkx3(@D{xIM#68B3<=ie2VbDl8x?dC~C|2@m*MW*s69kbXEJ7C=266T>8+x?P9
zmqpiNJ>ky^JrztD4{%@bkSp#V8ICyFKZ8u~_7|}Y5j*9C@dB(~fYmNwEw7Vnf+{>0
zt$^obb`9+T5qq~PvEaCqjqWR88$x9l+x<@Q8~UAM451BVT>)Du{AaI;`_D=sCko)b
z1pDXrQv0tLu!Z4SN&evrBe);&^BuQq>Nd^SV{ON6Zp_W!rds`WcYr>KxvI>5%jaWl
zBU8ock^jT@lJED`U3ku{*2+sT?a2DUvoY>}yWZWPOk=JJ5oFKOR5)jbo#KE4R@|7|S#M8sHw7
zG-6Zy@VD-3NjYSaY9tu`JGD0?;%BG2jMX8`bB=Lwdc8BOD~;{b2$$2oq2Ggkf3H~o
zwTH?v@4XxF4N964x7+@j+ie{t-{m4!jXp4g*cZ-4DZy7waN-?3#!O)U(LZ(ee<1R9
z?5xFj6z-#Jjt{chZ(k8My9a8`{>kal1vdrp~Os#Y59c;`z#viKauD`IU2e^6?SyV$&hXUVU@UzbT9lHLr41M1j<$*wcepc{X#j<2OWvW^U
zWdB$?ReqM3PhoAYaPBI~MVXk7OKr*n+@+cz#TlcG0H6B;_G|^#%=Sqmmy0ZX*|#q>
z@*OB5M)T*liTIbL2=}JFGHcrF#JVz=qY-rYS!}n4HM#n1>T$9evD_&7bhpf59`hI<
z`vm?=c|BzGE0tMguM_i#!}~wS_tW@8xzq5^iJBDgS1flAj*C8N^}^>OTEpYP_4ZoP
z{&G!n4ebQ`XHDw-Lm1P?f>&3}0l9%bnBkHN@`WrCer1@q;31|SPl%5&{U)^QqaB@i|tk<_FRRIZ`sAe|4-c207q42>H9jb^WRAaIt14d`X@q2C!vGE
znQ_Vw_NC#4T-Kb8lVwoN|qqH
zg*Bs6Gmf&3yCxc3M+x8<&>0}T=ezg5?w3wNn%$b6uIhT-@7=$5@44rkd+#~l2|}mA
znFYqm&Q@xX%!Xhl&8v-H5AkP_OkWWEW+eXTh`?;PKFC-r$Ipb#Bx8FuPeLCI(0#AG
z|AcmJiauhLG;$vg;4)vYEa36hIi^zP^+E7{td9-HsRqpZIlOHhK^r^Th!|C$z@ApU
zOXKMRVa;%C*07)Dp?6eKAJJ|)=dYdB>Bs*lkXT81>KDz0>PYjpodYfKxv+D)>>ut8
zjniMtqlVqDL2rBvmK
zS)?yBrF=Y7S;t;R-yHUwZaC(1%w2KcLv{PKGqgT1_Z!SMR8t$ceJxKHAo`5xXbUiA
zuvaK>X-_vlNOWeM-$-vh13#;&j_Q4&MLEAqxE(=xbb-Bs^twg+RE}ZYUT-+OSi4gn
zE!t;2uQJ<-z5oW8;dl)7k34%(#33wPDfd6;3!Ik%_JD4_=LvphN&TBs!F4Rp!Z4Lp
z&c{7npE5rF^OO9w=$!9c@p!u%x~MPfwjk)zV_%?olxl55rcN|@C(VmTVH?c#cGv`=
zzoN3eA4#09QrTWk|J;ru(C6l7Sb@G&|IDwd(vKfv(jVf_zy`&ko^Ouq3@-}ua~ywk
zHt+w(NPa!G*RXHbXK_E$b`LNHu4US3V7Z{LXL1b5UEN&^!y0HVIUb9t4+r;Soq^x5
z`wH?szjBT0>oy#XJa(5zC+O?9L|C&Df?@rQuNn$nor+Q-q5dMagK}q_qc34C3WHF;g$3(6vs2Pf8G^!_G4zk{)lbNHFV
zrwzCBcR1qlQ=WuAmh~L*myRYbi-ASNDs=e97ml`bykp}_pWc;Iu4CT7UbcQ5zw}3M
z1|OjHn-kZZ7S4~%_>hq0moB&evL=DQawdV{bb;cdZwF=qwbgJKdc>tQ
zmE!DC(uT(pFBA2_52Q8odEG4chUx(waV3iB_Z}Maas_EbJ;a|+O`P`A=6{L<-wHTi
z6`Tgd*mv>zRX&HFPw>9MtDu2#<6l0t{4%j`3Z(49n$9TR#AU?|^bRWfbU&kSAf^9o
zmS=yrGu*OmXFr!8rL2Eg^w)j7zn~{8yf4amUo0TG0G!YN;ChN%_bd15IJ?SYq2Yw2^08foUd$?X6+|1Uf2TQfTK{B=mobKnPtl-ieYJ~&_cRL07H4K`a_
zrHme2L*GvNhUvS7zSjCeim<0TCT+3kf9!EvXsE0BZp~BOp&2{f8tmIVH19{^9}MIC
z4gON5Ex?A7=3rNGqh{I+c&a^#JfFndhdPyA-O$D88mp@A*B#U!A5u9PHPNv)AEd7{
zwzT3EwlwIi*0rvknufLJSsKT8EcQmmfx9*M8v!o~>%fWH@7a5|#%;kKS)@IWGfRst
zn5y2a^{}A?-&}0#A9nJ#1gI?m(H4?nOKt8U(cW{-or>72q-$({ihWkTE7J5|miFb>
zgqz;8`roN_?tC@U^edS!|EX}(FD%b>^(?o^DpY;i{Nj)GpQV&fx`n&*ndRME=)H1D
z9}H7JuC?N&^5-|x^V%53_ra9;fah(mi2T_y|2--B+g=g*b6Gn*UlChj-H%s9`$f8c
zrgXyBCQRv6GpK
zGfJ~Y_B~x=iZjx5J9PXV;ijT1o;h}O^SxJFLlE@Wk+Cso?!Pvq^lu&u4_@i~uanc4
z9$P5$Mec~S5PuuEa-Ln3ClV{8JZY5OH_Ji~y-NSE;@s54^)#YOHO;v;jpirvTWJ;a
z`y`d;P=}gTPUEFSn?oEA3+K(}r5%j%7a?suo;@7WfZu;M#Xe?x
z%|H{zsfgPbkW9&VOWGQoq4n?!`h!aUDXV>=O}$mCQr@C@_M*;t1#9HIqGJmC2-vex
zANBwn9XRvfl)eKm`wsh(ov-mVVvHbVziQ{$z}zP71H
z8*HwimTE5nc?tf;c?I?H{DlKL>_b0~e{i`*2@m}#eXFeYc$3rY9y`grta0ku4wEi1QM(^OJb|e5tZhpGIw@XB9g02a#r#q#?S-
zK%+LcLAxZ|W$mx8$^KH=k;HmI@O7Gdg$)zZEAShQ3`2uGNv5^$NG_mF3iaI?>N_!Z
z5l+W}tLQ(KeK2OdEa<+G+S6!hkLbf>dyew<^=_LpwjAc3S(*L*pd+OQ&|P
zAes}hkFGH*AM;x5vrv}t#Yg(~w|$L;H3NFTP4GiaS?_5BmJM&e7~hSs&;9F_Lbe@j
z(OPjnpJL~{n0+`#p9u3gg|j8WvlUmJhVmmfMp}RkUU#|9y};7Hb)$7|E4?DWP2HsR
zQ9Z!P8%@yKoFK|WdheL@uw(R0n%=n1qj`yMARp+NK2tJrc<6pTjsuu+MbIScWr6i65`lC(m7vCHjx=2VUOI_XBM#Is%OK8Xh01
z&OKL|t0nR0?Uwu>CGw;0SIssZ*bMxR5##V?E+0?FcMqBPx5k0TG|29268j$_AMSVM
zZ059N<2EEmV8nI|<)Q6n{q{gq8{3BDI~Y0Ly#02f!(U5%1i!8Nwi`d_8`f&Y>tV?3C6h8s$}LF}>R^F1cC&BRMh
zw$06+>nWhNrQ$bSmqz;zT{G6daeRCO5nB}JGhwzq8lrW(;`(_*HjBK(eQ+iAf=26j
z>|-nT!Db^XQg6niUu@~GAltRCm5uISLfsnrE`bJubF5s*qlaxRIW5W}kLX}2!<5b5!y+$R-#ct~4ekLVM<
zgHi0(@f)_4nv&aN;)qXoz1iSmyY*tKuXEqJ-r0{x|5s{5r}D!Clbvls9!$FbQF7SF
z(%8Q&knttY5p9>T0;0Q0PIq(Uc^l%XgZ83h&Lb;1zKdt4CeDUSbZrKoU(`2Q0?P$s
z{G=HV^+Ke@eZ&&~L-zl&64C#KutBkuKZCVoXw
zdX+mh_XmdtF`~c1Q-vqc4CZtlTngyqz@8^QbL2KQ23(
zeE+YT?@#SI$7aPu+?)Zv*NJu5yXN@Q^ES52NRP&kH^AS^#j*dAG=8qwO5rDEeCV2extK{)G
z+sTx1S{$s-d+ynFy|#Pg`PVd#X?|5Q0Q@#p2JCuR;{QxbUj~ff|3&HXe}_E(1b;0f
z{>fMsr^}wpB8~`+3FrU&EaT}yOy_Z9QQqfdRSCI}C*^|6A{TI82stx@?e=W9+RI(&
z7$YCfN}RKrA~ANvXAY<-@&M%sc~HgW0qBcpr%%X)f3wJh0x1(ZxJ)RKy!E8>un&H*
z_p`7?CR9a>Qe?tJ^5CtsCO6?UH|%Iw23%8;CnL
z*%-Ka{Ps^R@?dz(d>AM+=Yzo3$9(vnjI;1+A>yiFK7^$_@LT3XgyuuoG9Nba`H(Nq
zyu^GMPRxf|X=AXa5N)oF`e{vEMEpIM`dd>3opHLS_jIvG6S899A!+|y2)nDZ&8Dn)
zPudx}3o#$=KVWVDV%dJR5b~u~U^S2oGUdq6WZt0y$dTP?%aJSMA5d9=G~-h_IM08O
z*7QrcJ#JY_Y!l!e!`@cU^a2xqPX@4nV9T-wHi#n5-Wy}^y0`67?h&+waRJVR&GKKw
zp{$I;Zqdf~weGAq%I*v*C+ZqACBE{wXEp9dfl=WNniv&WFTF_VJ&$Z^d3^1hAY!H)
zSx0fsJ_1b9XQkW$&OqS8(H5h`Sr3fIlNQ^(OA@nemE*AQIO#eAWU6Ve#@V`Fh@BYH_Ho-N(GiTAM|SOk5z3VaZnlTT@l_Hp*%bpHvh
z(K=UYeEX-<-oUHHOp}Y8#5C60R1ltj>}K&^s3?NIaBch9wX9qvH^3=X-=zks>Vo8z~DkDrzpzbrX^
zG%h``k3A}7;@4!k$1QXHq_odGA$jRnxszk$S?BtR$!&=v-{yzC+E>th
zZc6dDEn^RWuA*hIXK@JIb?^XT&*P6OBXhZ(vGV!c#%*g6hZix2{M~}T{#bX?Z|rv|
z^gEwbXfsp(<9v~HFCDV0kmgdVzn!Lx9-L#<$LPOxzq*zF*N&0Lk(LvdIh-fwaCeT7
zPq{RfXdnE!swwRg|KMJ9TV{E^rqsUFrmQ%y;DXVTtNyv3&GLFMe{YiGc6W{#x7TRQ
z$IcIb_j@U21*xo%r7Wi`YpyJ7rYvh8m4*IzGbMj3%<_6r2J+67dEd_#dH+SW
z!$bKpWo*AEZgdC1FYb|c&3)O3dyv;Ni?NT_D79XvwDq>jvUbR_c2HSslv&>X?sdKQ
zn)IK|<5djJV0E4?WA^uFdEGx<*ZcHsa{WW;kT*=_pZLkT-d+>`o$f3A{C4zUl)eMp
z=OSXXlAfZt${Oj~2U{KLcQ5t3m$B7d|H=do-+k1cPNk~*JHYT(YP$pUerCOo$a>$-
zqBVfrhX$@Kk7q*vv3ISeoJa69IbQ7!N`vxtD7CR2R36TlvRNR8w$I$Wu6K)Udnc8>
zgYtxL6Bw^u4!%z}a&n8n)$g#^Ylyo7nb$#ed%gsQP#yPqM7hz&*Y)0ft6cw4Sy5$H
z>`J(Myic5E+&^%Y;p^QX$MV(8q<==YWj~mgT_pNDu=Tng
z#O^+Kad}TvS>JO`Lc+#BfA)fegn=*^jGvqaCAxoO?$}~gv!@k#5);Lq9S!GG{9hs(I
zrm+zpG3+1enKEAa3CUkOB`^4qJw5)~r%cRW+w50ff13Q&iUnApenEOvpquo`Scr6v
z!o>P=1?f&7>hLSNh5A_d@1JQ{OurlG{wlV9OuUxJJJA-p*PYb4B75>kmo#!-&?ByJ
z6J+~wekM4mV=apKo_gk>-pTDj2j*9@@L-$3P@?-CI&?OhTqglDehn|%*OiW*uCet!
zGc7VxQO$Tbu$djfn!~!53Yqwa
zHW51m{Ih^)nQ{LB*qjb?o$_fJ^W}t1^!Lk%i$rz6Zm^E)U`wKUCU}&Wc$DB%x=L5o
zD|wbj@Gn*HugJTl!3|$F1QCCL_;C#RGgv#Ny^GTMWEnnLhL8VFmVw_sUdF~R?+SYC
zW;*$u;nuu%U8`5?liwK{@xXQs=cU=KH3qr!y3~CxDFTlea_0xIx0QVVcaopJPtTFB
zRmz(@xjuST5%NZp_HKfY4jQdIo=X|`-!k_RX{@?-N?CJ1mo@(G)ifUT?%ma}`;~RR
zFY8=IWmA3Knv^w=w{7%4NdHsy
z4aHOCO|qU;d6UiKgkdkag5w%MMhwbW70<*)z2-a=GU7~Pt$tR{!H44M$%wErf&XJX
zJ^O2i)V~YW-x3dbV^2OmCm20w9M5xg5YL~l{e<{@
zr?Tz9)x;`H?0;NN`gd#|6@F6*KiVI@h{g}Uq`Lp2x8UOPV_MmdQ@J$y{NN_^_MDw}W5l4&rC8$(XjMFCsRxHQv%k&4*rG*IOyu
z^z(~iPbA5I8i=M&y3GC5kB=@k}qt!Xz_2J#J4*U|K(zO@!c`M%h>Q9
z=OrFb2{<_;otLibIVs~VP3N|AyS-mgAJ3EVeJ=f;_i>E!aG!K13q)P4m9M?gKdpP#
z^`4PwPy8MjP^t0tTDe{YIpdUZ3+UQ66MjeB&nM6a?7}>Gu7LQkC%_Z3+ua!V6OfY=
z)NPk_za{Hl_IsSaA^v50_2o()@Q=K{a!Y;Xeb9r7T(37E-hf79f6HIW^N-&N-qAq(
zoaTPCQ>lyvp%b#*9_Rm%_AJm%m1+JrO=${6)1IL91vg2VZPJ3_rO}n)CQWV9*0nH<
zcHLD1dUgQa9bDh*1d1|yfc32Cag>>zUD6s_eC(dEn_A8uU8ti@Rc5v-Dk?}(P$&
wN@IO)CjfB)bAz5eeZYN{2-GA(EcgqIeqjYz$c`#StyhTj(F
zek-GIK%2$VPW(Ol-F`Sr-JP=Uw=#WS$$j6;eWUEs1Z|GgU(+c4HBo825<&(L2rz$A4D9Pd50EcuHt!C+JDq#nG-_c0Uu7f(2
z&>rRn^}&BX^=ZZ@W5oYGJ+}YO1uT1LV&+zq8TX+7GMqQ~P4-ew{h_qrJbUl}#E(?{5##S5B56T_r;oN~sGPwieY`=2$6wpb4
zi^oOu6y8%=to4BVA{6_iM9)7}pvzadzS4gj^9SKKnG;Fw_hfNH;9&!OsD!aqLU|A1
zGhC;&H#x&Uf;AdxyqGuCCyLwcR-a}Z>wP@dMjq=OFjnjf*TDzyVgcC-epAq20_7k0
zP5mXbiG8NO1KcNEnSDSS``ld&|AVi%Z#0aT_Q2j0YDC*ndyw?XN@*~s?r*s6E~pz6
z@$adRbJAzkLj6RNYp=pwhH78>`vt@L-pKV^1~Ep#Ov)38_}(qnIIB$f3ERf}m_`_i
z8er(aa@PM1%5|9o>tck*(({1F-Q3oZZ!tzxE<9qJ&<4{G59O?$1U$yY&>!yOPr1zb
ztV5XB;lXb)hDG$0-7%Z+!Eabji^6+6XGr7toF$xB{Wz?A{pTU{rzl~VQc8c6)9!3;
zSN&Gzz%%EATRdfnig&XUsXp#^{(V-toxR`ST_?;R%A(AUFq>9n8^Bk|bpjr!hCVK4iz>pN
zE@vb?4Ph`)i*k=b`Qg>UV%GnmAIC(;@__X9SK4t5l{;e{MGOOb27rd5|7`Khz-fT>
z3&b=P@y3RioZ4tWJps=%Y9ziv=Agj*kO)tG8)F?Wvn;+I+ES>mZq!2p
z$*6atjXSR6PRcd^_I5${i_S!Pn#5f`QI*2IKwVcQ{7tqjFn;6@V87agI?ILQMxG+t
z8tb@*bFy4MKz9-;+YrWSa>s@0guQDZTLgGc;(bLajKwb++LFM3Jj;B~p|6lH_*>HJ
zxhSrUJK-!up4gqj_fVJbglpjW28?-x_e_I|BZ&Sdsd6zRj{de-2mS^+5eVC%9QJF6
z@8gjpqvOqg{8j$^BWRbTiiz!)z&Y~^Z(Gx2+4)(aj!nu5@s_l+0@m_4$kpwt=;NtSm8PUZDK9_Rc|=8w;UwATmYRGFS)zHId0Mmv!=`5t2E1nLAZ)(+D3$o72n
za+@jEi8(*+juRutXDMdBDMOQh{!ayZa3;OR$^JzWZ;FN-+}piUj_$U>u|H=&gSFF{Ux^94p
z^QHHVyr%1q;hK(2GoNRjVDwm)X0BkG`7;yEe1>fV=0aJF{W98~R&)QhG5X)g{rB~c
zO|u{1{!{%j_7lQJ*s!J#@R~l=FJYsAU_-*=Qvi=fUagFHwJoq$Yn<790*xc?SCrfK
z_oGfm=hqtY@@qQpU4XVL(AKvAZ|Kv5e<#n4yqBdT?Bz!+yS#ifH=ZcQ3De8;a+%FX
zk)P?W`=R+mn~#o9zpL9%Nxklsi5}tH3iCazpG7OhIhv+^Z16`#IwdsVLCn)Jiqz&WTpl*=rnP|@puHSeB@pV?V2D(zA%hqBjSI20Ui%|yj6F&T5
z^1*9tr`Pl4_~e5UkPjw_mcuc_db`CI=T(XkUbZ-AD@J|e(Yn-k=Z{W|lZm?bYdN3FpG3>4GrBx)UE@5HUgFG=H{r~dNgqX~h4ndeJI8Wa(-&DBqZ#()
zHr^K>d_R_+c1V|1ybAGN6w6Gbn7QuITMjkUCbSdj1=7xT3&VIWJV+cg4F8zmLF0aR
z95%v3!>I7k1#6+>KlF!1A5xS(bpG8aXQ7TjmrF`@S>6N_iujAr^FU+s!9!6Jfz96d^5K$`$_@ej#ZNLO<{+j|d5JskEiOIaDv+rOIIU(D^h
zVf`p)v$aaYI|Db#Z?Im_M{B`SZ8F8DT#500G--dh6z@+5ecaz=+@F>E!?IS2!H0UE
z2EZF8y-$%GZzb2C#PwhMT-G0HPl6-tNdxc6I;ejQ?8#{KTH~_KpQD~cp2@GyEf`ha
z{uh=RD?T5acCTk!iL;*#=kZDb)>Q+n|C04jyFZirP)Kkr>B=8rOnAN9!wV%ArbjKQm(*7@Jhq+Eh_zy#-0)&DirgL~r69K%0Nx2<3Vj#
zPpsoW6XU-FGIqFLe<|1hExcEiz8a{Pd=L6WTk!MM&o>_!J^rWkJ;Hc=O?0Q*rJ~nw5wlGlsWUQl>{SWW@6wjEKY-sSV
z4%^R`okeA@<+9qRI^L>e8awKF8!>*}+5P$N*Ks`&$2`b)E-$h!vu8ij`$!z`&xIXu
zyfpy$z>_Qy-e;SI2l&-za*4PjB-bRc<$%R_vhjdP58D}zCAyo
z3LmsN(1mzx(@x-T+5YIrKFMcI#JIV6Vs8(-|Js*7{`*5D%h#Lmsu%F;Lc*&9>|gZY
zKHl?9WV;D?RqCvacy&MD3pPU8vYh+*exd>Qu`F1vx8<12cfI{2Hn+|N}@%~mX>+t2!tO$?y7oVW7$I&i~i$8_VpjXOc
zaK5Z0k4c#ZX)4Mzy3B<7xg2?k?nu2EdFddJ_3}?p-ty*=x9Ufgx8C9U`#uI(ki0+X
zI01*GY$6DIEafaa#kE{p>eTj6N%t2FmYZvv@G)F~+PogzZq=nrA{?z&7vWW
zHX>b$I@pBr?)`Y*s1Bg)ql!CW-ZD3UP4`9OxRg{DWQHQrDIBZo*%IrxlkHRzA4z@3
zE=4;P{zoZOUoO<+*k3E`Bv1AL?%L0H%q1V8PuQ_8$BdpK2Pxa;COV~
z3HUpSV`>(d8_ttl5B=o-9)RzWB#wPTMjkv?SH2ziZ|3LM?Zvw(jB!|Ei5A!T4m2z{-hiYMv1xK74anx~OZSQDScLhj2Ba>H|MqkZ{a
z7o1c$$#F%H?{UOVs
zqPl$t;F2P4C&lfc{xYfnt(>K4mak#V0}Dd9HaPD23ffQR|3+iH&x!K)AzZ_4z-Kg*
zoum>(nFi0oZl-(T56NbAP?P6AA=kH$*7tY1{qu)NUqCkbQtDB0Z?=h}|23MO=3?aC
zb^EAa$#}@+qA|YQ0`H$*5O&=!a}O`KL
zeSmr!X?rC(RSelal
z)=N~sxGjnMiTaMPSeYnUb1vqX~H^w?@cn_?515F1-kx=zDxYsKk8j(?mzPXcxSl%Se$vaB8s0bbHMCPl8*tDac1(T`=z`*xQq2u
zx3gV-#XC|z@Tm3c%a1N@c)
zpSm}BEAfHA8>J*a=*L^=6k{S7s?nUu%=#ECr=9aWhn2}WG)SFXW=mWSud?2{B}wm
z@QM`L8rW!k-Bj1YbuDE7>gMw95pB_Zru*sg|IKHgUEJPUSRDK_vY*S2$1i+w>EA8=
zvxKlyIn0kOaYu1G#t&`3`eI$#N5D{5}}BCp96j{jiU6N8#S0
zPsH$g}zI
z%iceX&%UUH;)8r!hw->EhB(=xHnm)ju{9iGOYp*lE!PXtxHShqiu$dsg^dBXg75^e
zQZP&V6TwnrV5)-lIsJ8&6iZ{a)WuP*nukO|+TfeCL1K=_r
z-d|g12Ic!!ZLPI7Lpge4?1v9l@5V~o9AY6XX-S}!+a*+X1j{SZfTEqLPQTEz0l9#UomZ7w;O5K3!RGfKLT?A
zKl#L+FDY~TxcwhP`)K2H49?^~b<+F`W@vuO6NzgvN1F%ZHTV4@_g%SL()K5r-^`qU
z?%M|6edsd|bF2h;)<-s%-W1|WzwjoTMSmCC!9>NzPV}{N()jQ!dno3CO;mMCxU8ml
zj5cvsXF=9p6<~2`r_8%k#q#n>`a4^`(NG?J`2z60p|cI%Rni_bkk5jh=Btkr`>#S=
z4drnR+5Uy0e;bW)DU@5$`Onne4f*`Em4)OGq`1Z5DM)9uJp7u>BaC3pkeS+q#I4Rfj$)?{Gr7I-%A?L6Mw#8O2Y)m|7z9?tOU1H5to(bG-I#elaVdG&w`9Q=F7DMuq2#
zIIpluIR^s?yob(~cg2+^m2}Pp^llN*f?y_hD&7I3{bC{I7M`Y>`4vCrOn2cGvZ=_4Wu*pEZybpA1CX9RH%@koptwo-k2MF{iI
z_{o2{f^g+X*z
zQ&~;VKD2Qf@IgJKCHfo-iEiRNys5&R{)f-+Q@}UI`APoSYv7-~qwvpO?Om!roKNm!
z+id^uUU6Tk$AgA>OyqgkXxyHhal`o>G@dt{=cPPPz^?<6cKR~qi%j`0^*Lw9JAA$q
zP5WuIk0V%{r4l`}N&bTN1K~Eq|MR?}ubTPw;da3!|G#R;pT_uiPTJ&WJHkIY|J~X8
zWpwXnZ!d?njslG>Wxq)W{KvR!n+(3jySimw9s3ygeRH=wzxHA62VkvdC(xJ8+|PQk
zEYnYOH_G7o=?Klgd$@gogYJVjC5rFK-u-XlyZ?(!HUWRf?`AU&fAMf{LdF%tswhIfn6aml@6+ety#Sf#{vU^z{Y2`qOGJoh{92R!K^e7oN4$GcG%PItN88m$M^$9`
zdfl%>!iOf;7A||uFJaffy&Ng_vjilDkwNn!z`|Z-g|G|*Zp31l8JxpADqzd
z)vLO7>sHmRdvE=&^lb#zJQ9xFsS(~A)Y;rFLa4@pkFxVDSyI
zj=fyRDJVCS&U^CvV*dWf(Nuf`(l#x_{!?H^|KJZRWm-sZ99*HTy^b=iDt7%;UHbTY
zIL}>QW&81Ud(Tv}{2#@;pt4>nzi1l8dF6`&nxm=j5|w4P`KcY1cZQwz&e;{xcG*`s
zxefG}MV$YyEi*@L^8DYHnqT&{;aOW-Ep5)Vz%l>Zh8JJZz*t8sv95Ns#Y)>`-Bl>B
z{t(_t%oiox=TFE6yUIpGS(`KG@o?`?Ts$&>eF!m5DMkR}4s!OWc!%WJy1iT2cK8~6
zqtji2!SAjo{l7;B(_dsRK#lgbNE7-`ujM%36-O{1Ibsc$n1mPcXM^Se`ggxY_bp3I
z>-RMntFqlk`9;uPtl8vi^TQfEAK7^F4pD`AvbK5M-uJEeuOlcQqEDo~|1W;u{i^h{
zMWK!yFY1+_$kY8%Y;KKYYv+Mf+n9ev>PV#+c`)G(S%E<9+8ZDtkAs+k4M<*#8S{
zo#>b6fiBJ!eeu_+^8nW26~0ELzFZqEv~%rH7QbJ_-~R^69_H^)@b`yp-*4L@?}DK(
zwwcQv<#OAg9Ad|E8+1W1GI9cWvxeMQoZ`^`S4
zdmGc;^-8LL7X71{e!O2&`^q|~t1T|q&tN>_*+kem*>K)hpg(64z81VMRtL{3ve3u=
zek;;9S`-p}7%$uf^jI{Y&eU}{MUTn!JjnEf2cX9TvZ69gXoK!L{4UcoH*Nr*BAx=G
zX%^5lQW&M~8lR3lgZ~q+RHo%i_FdTR^IeBi@+sha9D7)!_4)+ywA{pc^Sqc(BDEI9
z4@-Qct2y2+cZm3_wYK^Z(*flk=Trr>apqE6y!+C-@nn9_aUqQDJF{}fk~rq8@QMn;
zszG^smigpoK52(>Z(C(<99I{%}Z@Bu0VZx&T{bD)j7tlrs+HPLCV^`d_
zrWW3Xh)#-+hdt4!M07j;NeaKTjMjX_w8#|;p*}s_31foKqvQODJxk}SZQR$7=kooZ
zR_X8Ql5&n`1&}${q2cJK7Y_}N&pVoY1*_pK@e?ywls5&SFMCAo8I(CGZxOOfcO6~=
za<-hXxzMInMY2{B-$`ejDih_T^A0`S0ldWcnWy1Q8oRz;|69uYR?p|D`kr)sGPbB*
zUjt<}C-beIBW!Y!yUgGI(z?C(S@_q7q+RfbbRWB<331;fKj)bkw=fxKLA$oJ_m;3t
zRGvG~2DS{&3w?>%7qA@i_ead%Cz-#e4od!(@%wsy{}{h-IcWLYK54aL(oWvZ_CI*H
zWDxpiGW`!7l=Oca?}1}Hhxhg1vy7j4J=+={EG2pNZ#PKhp$wea9yi5h)MYCQ
zTw(*9<8Cn%pmU>L4dWmSw(sUT3P4{eX_j=BwA6OUIFFU^Y`nui$NW$vKfdG`%M~q>
z{;|Xlsp}v=5L;^`^F!w{S&n=d6E%+`UZnQITIF2pVD`w9!-${kdU;^|WmIx*ylHA=
z>yO2A$Sze&xgSz<@RzSE1{*wPhfvyIU%$`^rZUm?PMSRhinBE+XZ~X?>k_PLhLUrE6-_uitWwkyJVC3KAD_TK2yf!o_#q4|H9Ib{Blax
zifb@KH=;X39M*_fZtH^-5mlJ1z7#t~b+oA!)SmZhno<1@6-WQ@O3
zJB(RkKCN{d;aRtJr*Vv7;O{Q^JC6UK1oB;?bYHO7V)qUz@^h=9Zs9!DSa&K_C_7^Y?
zK1JU`e&5OOO?nS<;*v4)>3x^FN@J76dhoX-63YsFYuXv>YHIU*p`Sv2q%5$!m-k2xK7i7OK^Z?GU2kiex
z?4R=Pm;Ij!{h#J}!@w8=MJ>^B9kj;C1!II~PFIbd%p;0&@w>!(7ZCFk?W6fjkA=T=
ze0?v&@dVT?t
z&rg&3?o12+^%v5A`X%D*=g!u0LT?s}`4ytQFXmZ6^EsR8xsmDl!9FKF`Qp=7
z^zY>*{aGty{1|^Xg})2&cbfS37Q6nR1@qobSPNB6Clkwnclw3snvQul3auCQ-t_(Y
z_m=&4Z(Cr75Pd_9sS0C?^Yd|Ad(R}6eTX?nYV25sFXi{SP1624YiFjtP#j9x3(1}qtxw{_QLD|?1fgHmQ57z
zL4+S|i_hA*Ex$@n&~Iq(K%1zveFo@zJP-Ev%edyj{3na!gU3H$eD|6Dn>ijz
z>p}lB#_qziCM*7TteEZBFWc__)v*0PF5^pG{9Pa28=FG*O
zz~=vb4)3%$=gZZO`@Me|$BOKq&kc-UHImAdlYbLqxN$zD-;d|MAI#3KQY-vwdQOg4wcyBh01F6RQ(bC
zQ;?^tMRy;z+e_o;ieF*NaZLVX(G9Yu(U}9|$o_1@lXt-y@rCX8C{f!t#(rOk=hSAt
zgK;G0T#rVSb?dR4yY&vVqYop_hsHlP6n>bDeIKoU3G&c~aoh2$V4sq6Mu}(MZx@u)
z8TlCVl<8lSOy{&9p4DBjzdxNo+#}I9f%8t{J9mRimpT0;k8qsIIPOEmdFq*>7t-&b
z868&<#<)=*;d|&8e4ty7aQKgdFrF2L!*7ju^$B~sD0~CizctfeuIYCDI9KS+zHxKq
zxeeBZQp!hCuhX;ELa0a4y}~f_VVu1p*qje_2B2MBOWfXwZqH$j-@gg`zm{|+`Fz$+
z=`YAfe*xRaaIRjJ;UCt`WSb3s-3{%gW6+}+*$Bi_c-utCqFu_;K74eDQr!?V}ptDtol#(6xAM>ouyLh=*DJmr{AvIoD*khhK8q9jl#_MPXuPr%)vF^z#Yu7#Am~PQz)$LO6=});NSlo_Qhf5R~F)>
zShgsS<%-qN{!f5^({OKSn!3iE7gx-)IM>N1niDfj#5Fp!1oo=~2JTm=mye<~q}oKR
zq-PbaJKaY0l%n_S6PH^N(=#^H(4T}lCSP{meRYZVA4us-pHY0JWv{R1nBLcR$r$s;
z6wGIE8|Ei-*dc|eZpP{r7`Pjq)JqVVWBriAUMHX$k7?aqJ5|(=IQe
z|AUOpkKUz)(GM+X@AMfM$J4t>?%S#PcW=DTQ*2bIL0zL<2WZps8JIr>bEm-mWupBy
zoBW=2K;s5jQ~k||#VBY`_ZfH}K8M$BOGlVs=?Jc4+N_5UVA{*L%==X4(@GQc
z;95REv|0XtF7qEEji21!Q`}z94q5K^P}l21J8O*@j!h?x=@gbT%**L7MSIe6!qaos
zx1Q^3;QC&L`hJyG-wRYt}n#(fiiaC=V|rrNTUz^{x=QM
z-@CZJzJHeWJv9J-t=NZ?T;_4iUxl&ZP$$Z)y=^#;_h7r2OHWaY4IG1ogqc;2If!U1
zzRUI1bA6w|8FKX?^i8+MpUXY~ZP%sscWGLGN8)(Y7<#A6AKnLN$?pyzUzUB|%JJLx
ztgQb|sJ|+${<##J<>W~&_u&YCHwV5$8kPeMK{cYAFh>ToT~fUI*~;Ry{#x{WY2`oX
zdZ!OC9-p&bt8j4@>~{2MsK3S7zj+|Tzh?GCZ-~r$T4>#%pPoh?x;8KV_oJ9Gh*-wS%szrcF+XsNp<27K5^zSqQh87mut-?DrG=n;iU8Z?s2
z6`cRXApKjT_9w-&)DFEseDrc^e=P!?N{%s{1shj+aw~BB7OF}`zQ{U6c%fwF->IEN7hRcb-BlVEg=@s5#zK9z*gtm3(=K
zXOk@!n4Fu@p+CFXuDx2Z;)&6oeLlHH7se&6#u
z%o_>wNg;h~ta?WUuE}fJk9s%PgYi5y@a?rw#~ltl)rs1ziqqa%W&6Drc#w{-F`6;&
z4Ohv5BiJgtA}{$=?N+krC+%>VnDz6fFr
z>CSWfl;%uY9*G|(S{`Y^+-b3#9~&>={bl%Di#Y{|*XM$W`H2S9gNt_Rh7U>)$wvw>Qu<9Y(~s}$Q4u#R-XnuBX}D&{kgjQNzYC-aSu
z&?af46Y-S(Au+o*oj2rI6jKdptibwB0CmNNg3
zY4>?h-rXSYO2dhuLgz!t>*#i0crnoIQjgO(xf)V-@dlvlc2WP40`C;>WIR(&qjkXh
z8<@X;s(jlOshXkm1*^W6_YpyV{II0F-tY_kYy`%Cu=etYXfN+Cv^V{0^m&S&T(-}}
zto#o@cG~CAPY(0ieATxay?GqV9Ttacf6!Z40a<|HKEa-y~P0l-8eQim9RmIh{z+b$79i_Nqw>JoK2j`Y61K~$O?p&uTl5+SM{9fVNq!+Z-hcRX)
zSB=7+S!Tt*^a_?e7t5Zx1@9`B@mVBB_WO(M$NY-@zCYOFl+RJ3`(nOW2zzrA$QsJg
zaTxF8VZZWm5Pf18A7{XCk|)C3DuZ)hlP=G>bx^hrA6J`<~MvaQC
zk_7RVha%R9D8?lCijUtdR;skMIurBY*0y(A!{gIiYEbl2OMj&eKc%nR)CL7ajT(?v
z$lUead!LyzCzD6}`y-i|bM|BHwfA0o?e&BV&eg%VEQ7ADX~J%Topq_`3$*vOYgsk!
z9X#Kd$uFF*|HtFUzg)lyxNqsvU3ABk`huq(7cr^ohlQ`>ozgz1k)FeLIEz&W!r2~m
z^Ketg*4=uHY;fbSB^IQ#*){B|U~l^``Tw+y?wN)+)
zMXc`&|BcSW`g2J#CxJueatMU$`qm7ie#1}3^B0Xf{>P&FD+i4^1piyb)ir~u@7d+L
zHS||W7Wkom%5=It(J~F(<}3+u1WHvIixP1Pyxcy6*6To|Y(fLqj|ajc7lm1WX!gHY
z@tBC8Y2;5Vq4`-r^P>@c^%H%qA^v}b%>Ox=!(UABH*{WvTxh|CooUE}^PExJYpU=mb%=HT|s&>My>p9|$9EG$mT0=JCgM{8z=kbnYKf4&4+&(KT
zV*T4$%V~_^(TM%-@&If~utr)wajA^U1U}?BU%o|a7I%hCGAHUrf@L#fLpF(X#1b*^
zp22Zi$Z?v?{WEV30LE13DjjeIlPe_N3kk2e+#f1BCpz~J$s)MwE%S$*d*SSAp3{r&
zZIucOyO5I({0Qy!K|B3c2>vxZ-{f*SzqA3xi8B}W5L9kA&;Qqt`kCBbba{u&v*q0<
za>MtS^@qUO0!8O#!tiM&-V}BRD98Hi2);!fxced|+X6b*KtDpSH+4TEbF=h%n(Z_dY#`T;<6p8a5_%bqss2PFlw?apCy-e>lEEVccyVZm$Ce&XxT6U`?b
z2wtxuUeJKyM_|ZSk4pM<_Mv?_^SK`&{MZp6VQq&>_|Ky`DWQ8!7LN{=jY#lMj{`r3z(gO3fQS@o5COdt44h;K@hYb5U>_$?awHb&CJdJBHfZXF-Lb1eA1
z)pY*|UZHXS#Na}W^CuqKBWL9OBY3^WX`U7L_etD8uoX5lOvcJA?9$}8pO)jkncfos
z1HOp7Shi#M|HyVqsoWy8!}GZvsL-Tr_uphY&aGmObGc5ZDqzihojXFOQ$^?N<1sp&
zyfJk;`6iuCKKF5n2k%u9-iKQe#~SdS*n?Q&%n{E<8gL07Es@*kp70$zkF!qLrJx-6
zfU)M7^FOU)%a2pIjlpL=>lvRU^OW$sOd0Xv15CMe4{kH@@Bff~+kuvSIW3J2uNq??
zTo4d)ToDh-F6Fov#`s5_@BvqY8>Rnu3-UrR;!O+MiN?Q&{TNJ#?pw%nNBUFLoBSz?
zdj1u?yzzM%{C}D!=3f!bk-KuYp|?I9Z0dk5u0x)ib}o;}fjn9>;Qx&Y{*A=P91h;X
z*HM!6ZG>GQR>5;>
zqd(B!S4{m0zR89Bv}f%W9{s`yk3Le~P3Q5T!LzsgOz4FTekhpCZ9TcX+x1R;99j2F
z?`e5HCrLgC_lp*JfBNa>udTlf_rC|hoBS=tze}wBRY9JIh}OP&&8F}*Tfk{9ORH0b
z&wMpvD-%sG=rQCx;byUiV|{!ILWl!q=8>|#D&RQUBxI0i+gMwv4#eNib|Y>Fa@9;?
z&2Gf*D0!r*`-wVHFVG}&s~<_#m|E`M`&Lu;t5xFN!{S{Rz4IVGebQ@9-9MD?)->TR
zP_WCv<^=5APEU*}mv~`^qm^jW6Coy_Mg5`Hh0>@z?y$L=UZ8PloG!tS557<$=0yeg
zbQU*C-4k|EqDwHTF{FO`_kYsI7Fu5%O9j
zDGJveAa)0Gat_qU^?yI|pcm2m;I0IIFDZ<~3J8b);%@ob`Hn>H&k1^8O!Q+umnS80
zzZl%*XYo5d`08A?waC8R8__M9bxOI+U6xQ1(9)gldK!-v5ajlQA~G7GhudE*_A2ynmvs=G
z(o$G%k*&5>gHDpZb6h8}Ssc$F!taxxJ%4>=qx{?~Kh5^gfN#a-k^9po_hux1U6Y7k
z=P<>uYhhJAZ9Jcc7dCrCcBj|d#@2=og5PSv9nF=C^Aj;;ZLB<3Av)Ryo@V<(-H72h
zXSKlTk$Z*QX3aN=zF#Ar_1=qE*CJk>5m(U~&;IMO?Dl)jG4JB%a2bt0t++S7eeh11
zx8;USqK}e$IgdLkK1y~98+pVjQ8*2IcMry7M@;LMrta19{5igfV0F&a1HClA@=GR?Pa2(C6Ap5qCuI@zXxSSm?6{v^vll
z`(Bmr>9gnPivqv$OzY`oZw2YRrF-(aK%Ro!OBI^yE>%PBMA$Q+PaBU})68X&2kA_0
zo$rP`VX*av{T!Y)RQ!BV=YuKNu+A4Bp=|5h
zLf^(~eS;++KSJ||_B>8=T4KYxS`^yJBp24rCXnk!mmk;P7`c-WGuTNpO7ukl;
z-zwf;Ht%m0?{5b1d#1e#upfdPn0Q>|=Ej)mcW9Cg_HZYCHaU-*|94i^2%H<*kaFNX!h0AV&3*%14`_kxpm+3unz_|&h
zh*R(SJcr*&kTcP|=9WoVpZZ1=)~!>3Lut=!r{Xs8T`R5-Hsfe}L|58(T`fYOlHv-T79M3;X*ZRsV_8rCUT;W_t$Rm-{US}Z(w60F8pekRAF-6>@E!3$P%elU1NgD&)8<*s1D
zTKyP5GerG5Q~e*v`pl?LW&Z&A9ktU=ZGb*phImThTRN1%=1OsA(~I^q-9LrSBIuiv
zS+H_Pcwc9#H9jO$kBK_PkvcfPf(di9OiqggJXe|Ec~ru)af5(IDXrIcQ`vTc2QjEI
zE+hW*`{BCCm~ehPC-GlOb^n84Nd$h6MDd#%OUF2V6Xm)84}#%&3;a_#J=q$mf1#U2#4`DrSi@rjgH~K(q7|QRk@x>Q_T{wBf2ryr?t6ODmqqWMxmw=;>0J}=J4&k+
zIyVX4Q?0xAS8YN(1$tMiRC5{7H>jUUaveU;w7w0-em&i+r}6dwMkV6J;ohf&dMksw
zc$}yq^BKHU;wtHmD6PZu#q#;!?fY_8(0vwrJXykg{J)65ly~mKw@2$uqrI?fK)#4^VERV=$T5tId8CA@CM<(MEQX^60eI1uT(Z@jPVbg
zJ}jkiEj7`&r4bsZWCSaDjx1{5rQ~bvH=)0B*DoD7XVeeHeNMDJhuY4ctLk5b%g=)^
zK;Aey2m0ZgoWyf%-d>~--F}@l_|t(WewMiXFC{c+4-7XC#N!9hPIy?zQjN2u_l>6R
zulfXj)b(TP=ecY|8^^wb-~ZQ*o?i$2^Z|nH0;Ub}bK;EK|6RUz5W}ik$NKtlgMeon
zwX>12q0qCjJoHA%L(^x^lUDoW!Sc%B6)qk68)cj3#d&au`03V74Lm13aIXv^k5rwS
zujpFqnN|KAdOq4cD3$I(+ro&8c)~Z8;7fY4se8Gx{@3oy$yZc80-wXJN8od~biikq
zc?U+jzkIMvwAHaTdVk?CI`TF848c~RrPNh2Ayp2?~IA(8AJafw39CsgEB}AHSe+H#FAKGsJ23=$$-Hvxl#j
zl~k4v`qyuxPqV-3H|V!wf^`SgiFrnS<36~>1WO0~zTX5(fa*M9+y^aVe;7Q4>Ddtr
z|Cvnh5>4edQ~8)@)F1K71Dh=EA_ny)3r;~>Z?u$KP32aZp7mJzf6!8X1@co{+U5DF
zP0wC3;jh{B{QLC$>-0Ox)Sj2xi+M)vf&a|3jQcB8F4Hn@(1;Y%vqz}?drZGu>GuWn
zyU5f|9<>wmOv3LpJ-gck|8z@z#GSj)w0{PbqK+cki+{GO1A|Ih*K`x#a^OBG|5+{0
z`Hk%hyS}88uM@w@X5
z9t)&_$Aw2e1@K{h?x*4ksJM?ZH_sOxQi{L_dEZ8CJ6iWinppSODq`K=%=c7uKlIqd
z^UL_&iax(zmQS7#kSot5n;%Kc{4`x3R&D(l^5dY)@nhqhSS
z`%V`tww;&hq|lQ-5A13jYm_
z(Rzys&TC}7dri+XsQeO3dsf;v#Ws@m%^nfYUDsPjmI_@Ff6gJ9Q#`)wQSs%mk+
z>VKVozeXi~vM|(SYdPI)i(L<6wFjE9&<>t?a%fP}Wzd94bSDSh$zm=}AC}laABs4C
z<Kbb72SJ
z8+JP)Z>3$tS4*UQc2$i3ULlVQda}
zIlf|F&U(Zcve0rni_-EWQ_S(%vR;VlDcn~xTYZa-JzoZH0|#&Ez+BOJJ^L`5Ty4ei
z&D7?f&rcLTOCma!!{^JTjzx@J=vdZA?O&+f|E6}u7pNun%%g{0Nol!S@~V6VI~feCK!~o{Bz0kH*ADn%sW)kceRbI3BohU(Q%~#=Ynw
z!sjNrz982T<+TVrHt0iTtnVExwPzih82<;nKqmc>T%&_GMAtLQte|$R>v^6md*FuX
zdR}g}@7&(R`4Plw$RgVRYOP%VRNl+;xy&vCPq9Cd_>C#cx$WK7>AC(>G*5%HZVCRb
z8KygFwzO@iy#etVq5l+X?rABLD!W1KSGt3oKH3IYmj}44iRnwXfo?kQ&~a9M=#~2)
za68xWXUFBUv)Av-xkTa@ZERzyFHsvW`8%7se{}s9>n>w^W*xa6^mfB5)8g7|o%Btm
zF;62}vxd%kx0C?}u8+oDi|V(s)rsaux5{Wolg}==emwi5PkiZ)Pkqp(*Rzt&M8p^k
z`74>z=B;EC=kJvge`Ti3F<8O0K09OQ+F;N2teeMw#`{!9LuHaB9&M&`zMl21rtU-6
z3%s<|5}nwlal3&U*w!mm+&)#@Me;e%Z0EXs(RL!YH_)i>Zh#hx!KVFUT3DyW9BX$VSl&xx{>*l4gvPvIq)IrPqJx!c`P}=pAr3rydUxG
z8B?@=mfWrkW-ksVD;(eZOIUS_Q}tT&Dvc$dUvS-6@#91sLG!$(nC8`Le;B;StH0Hw
zdJ7`?%d!cs=9x1h`p6T$vutgIj{f{w*zf1#9yx^hQnsnyi}^fO5f8S+o5gJl3_ecS
zi)T8Eb;y-AhMT&!vB%pXS6V3fv)iu~F^4*Ra@U&GHp0+A9Lpkw^N`F`@u{!fA4g>hiE9Lyu
zN;siQp3LoWw8}|w#`QhfXKsz)ukT{8!=ZYad3}hT`lV2-lECAk6sOW
zBJ@7v(UbMEPRG@z^)!xtV)NCe{FP3dXWQ^4T?Q`zc0h^0oh|QJwO7Z_FUR-4seXnt
z%X4Z(?#r?L8_q5tNxwMGoC0UP(%+Ks-v1|}SD;bQfkK{pn7(Hc4xuONkvQDBTEY$^^XktUrY?pY>cnsz&e;LOPV@Y5G=K0!&xfpK@$d(`
zSlye=@B8AMok92`TJawCX+P~n=*P`;;Z0gs)t2>-c2w4!3!b||+BNaJwZlwH!ZEa@
zZ7KX4WIHrQ%!57C#cgw8$1|716lUB
zKxYScHg&IQ6#Zo_6?+=^`;o-oMG<*Ie!%8*@pd40u*b+91pMF?Z;|(=LrX+kpiLQu
z{9{R!X3Ue%I+nn`-mIG(-M)VFlGyWG@DC&DWt$l%4l#DK&tevPoIV%zWU-Y!DtoXe
zkG(*j!jAd8yl
z45>c@tvjwf*b!24xaw)(P^KM1%TT^E?{T(5mY^x5x6
zpC55O;6=o*tug5Ve=E*e@q?mAkh>;A`K^T3uBDb&~N4EA00y|i6_i@v82|HgPs`U(wtpC2&o
z+%2--TP^d4oL9O7v0-@cr)
zgquWGPxtv3)w9YAJ(EVncb*eqwv`=*KVPr%VCO;Qh0Y|~%3bg^>QxqXxDpCAD-6b;
z>mAj9kjCszSgOIUuOLC!QTHCi;bR{MX@BjyJVstIC$NF$!hrQ53G0Ey0@g_;Sk17w
zB;5ZhJef>8Kau@9Mb2;O;#hxy&rJ7u?n_BHBbvFCK6|DxPcA;oJsuUG^-^wcOT_yZ
zIv)D`F}k-kc-;xQw)IAj-w}R@|(B9xOLg#Bb_R2Ge
z$6;I4;bi3+_Dh1?FHcp9{W9VGFJ%<9mC^AH629o3#^?X%!*v79@vd)=YzK65k4c_5
z-u`%1wm;;Jwoi1x)gt#P@BsU6`t3sf!?aJcn72Kce7T-?
ziv#()bG+>|7a24cOnFg-zaV7CS++$zSIhCGvO9`wjX`O@=^9}VoQEM~!D22$
zKY??u>+I`I-IJuvMWbwQCdbKxI7b3*ig{nc
z=8|Y-X+YXnx}?n|J*$mAb8wr>2CkDNxVRk>@Q%5}dB5ZadH#8XT`QLMg>rRh#
z27>0}UM75gX9x0VZ@`|lNLkM1I>HCxBj4on;AO{Nj~C1JxY}c0@0WIrCnHmBqw`l;
zp3&{UlBMrrsj@bRxFfn_rKUJ9)8L23BS2?0!Id#kBj7B;c-
z<|^6Wz#=oh^rGwcG4U);`al;KnCRj%c@F=O>ZM8j_C)&2mi;xF`uhcIIsIdK4va@H
zrpWrGrut&PG!S3=5Yf?G;>W8wu3qB&cm=mh3-B|bpaZ$nzfWtC+rGZdZI}CjvmM+<
zEholC?HO*PCiv@Z^u369d%;h?=z2PG{@P<~>OQ_x>OU3=`*q_?DIwggr8-zITTSy9
z@zJ6_`Z*7eH75AI7M@G1|1{QH@HW{jlOOX~1UPHgO1;U9g8{^*PE3J!1FF?Uday
zHr-Rfs}PL;PVjmy@T#UYzFnS82d@%1b<#R@Sojt5I1()5fK2+OaQHmhznl8PK8Bxl
zd-BH>ke9R&ea_-K_&LO@6o;7Ol&>L9yr0!ncPtuX?i2RoiEOQ!e6tj!(a4$@aE?C6;~}V??|XgO=f3>1~8xek?r`=Zo}}qdCXCWO3cW
z6I^#NTh2?#SH!&7BwR^x^p|!+|80UNc+bN+=xBiU$Tkapve<{OOhiZ5JBEB`$Ct+WODFevi28pB`y}B5Vk27iDANYu_mWHHJ|E6kxy_2O
zKN^Dn#Ax>Uw}UUU*ym5O*ykI*lHX)nUkl;$kn~4xl76M|&upW2_eJ(+K>)sa@L6)m
zG68zuDBq8zU(8b01-Z{`M$~84>a(g+``FhRte}&4;bXQ^m1vL=FL#!|gm|o&_02AA
z2VHuf34b#|H{Pr`_-a#kucRAiuN1s4^1qMjXY+B?&&DQoO7Yg$dR@x@u8j5nC{*BA
zSIB8n@XHPQlTMenaBjU`$m&nT+G7cSp`6d^`tbgXaP!~Yru|@^%iqylCK9t;;%CTpAap<9W5TETFiUAaypeI*{wzJi
z{38A&{Hw;|xnkD;{P^)P5x*gAggu&ohwI1mZuZ=`-EM0X;{4>Fwd^%ZY4b$3delBM&c
z9<)Z~v62u2B#E*20<5a*rx$3R3yB_2U7#&qvA3yv+uc(CF%LE`Zf^5ZDE-(S^Cqs}
zI(qp?`1TSE$rk$!0q>O@-uooH&tDFBt7!co&a2QVou&Cp<-8GZ1OCeDS*dU0Iu~a#
zhm}cKSMWC022xplzqvo?f0eoQvQ7c7^O?MB=3YLr@i7^vHJ!)dsZ)9Uq=XVa76;1=
zSnYR29HqHDhaBQj8?lGSn%^CBN8%6qbLJ>_Gh3Z|@ViajcgVOWw^P{?C7XrZSgDtm{vGfUi=*cc^4vPML(yX@O7WHn$V+
zU(0A#v#t3o|B3o)QnPA}uT}O>jGyVv>el&cH4D2{n(uSLOT5}^&RnnJc-I$+pQ)6q
z3kWB`M=-s@gEbfYe5vPm&SEO}sn0P&e)BhaPb)3p6Qxa
zs#Fo3t<%(`I+fbgrc!^ubL4oZX58e#IyP{AT*kv%F=ymjj?w?miO*lcpAouOjqVHk
zU^n=(pyd(yyHh2e+r{VaAs&bJZ$8~YcuRC^m*42}U!I_QF5jb7Pjz@a*WxeH!+&3%
z;PHHGkGFd3=M{c@zs_+j{oU=k&ROrl*>QGwVb?t6Zmo@I&>VSp+&+6>4(ur>$(RI#
zR0i*7$@h)){uyq+Sjh8#ayw&L=2BUvhRQr)!8gihFjpth5uWp`U)IT#b!N;Ke)i`4
zAGD8-#l}xP;iF@{?=45NcO%R1{0E(je^jd7E7-dBTEw}d^A=|=;>ZI2!|aK!qr(e3
zwmVuETj&4q@b|j_$3Y3l$5IEqy%@5u0&bgBV8o)Oa~ZrS;$~`ewyu_O1J_X5Jh~J0
zir9>u(-NzeZvEUx{6v*^UP6QCnR^?m(Z^ouLuD(w<|VB1psypcue@UD*B5n6OUz%|
z`uQw>GRvoWYa{hSRIh~BYvA?Xl=TLSh%bm^-?&qb<>#{8K`PfvXRC+Siuup|oaSc^
zkBa@bbrXCAF=YM^zXe|Rugbvp=q|kIxpm-
zK|5sDb?R$Q)muxn9{eux1zy~#pm#@1Ti7}TZ_%_V_`HXI4(w&uaN4sMG5;Zdouq4X
z2=2XTpFf`)c|MPx!=4qfa}jH!7IlnuwoB#xZ#DWiKbQSqB>T7X+`yWa&1L=69>D^A
z&7UMJe=@-`o%;Nfgyl~rSQ6=Z4V6+zQ7(Kq?SoUiXdFgyN;%y90MBb44pq&4LD1VAG`eI9bn{>(B{qkdx
z-wog22o2dNq<0fhUmOpyDvUqVDWB9-P`24S?R0T5#KO#o=XTE8UAs%1X
zEoFOJKJrhqA;eoljs}dgH^z2!{QS*a{+&0HKbc1Kv_{Ex_dgSj;dsQ5f8~k$1MpL$
z2>X)T;z{jCN0nolaG7bRZ^2EdeKsnrllBk_~EYH6Ox~|0LyHU6-Krix4
z(fyBK=<^2`y17p|-EU6}u$1;tcwyIf!gYOt1XZW`8QRHZe2^J|ZpG5G0S38YVMwWM
z8PO)>)kG`*4&TRjjr{Vm{niP#f1JlRDh%1!(jxTn8q@t5h+TeWk$=@)Mn38##1GT^
zM)BT>_q)setLBRLPI~_o&vl~v?MGU4BR@~;^vn2rdKWU{;J<8x|8ea6Lk|jn=^xQK
z2fx0TP3tqkxk}_zV)=C6sw}cQZ`D1l!r!16c?xHiDaa*8IEU;s8D&ai%Oq2oNM1K8
zlZGtc`^caa_&#NJW{(*fOb9#*B|d
zlsOXHXCjp`<6{cS48^uHg~~+oxKSAg%50Bq$AP%ACY(&>eZ{sjnaUI!_c>Y{=GY%t
z8!5Cd`1<0pgAs4v9a&d1;^<$tD_WoWtm1zPJS$@GI}|FL5<=U}mbNGHcyyvoh02Yz
z=MwMGzoMYeg2-ClMr+v|=Yz50o^f;$@#UW`kv}FL{R9uThAr9++KDsOMs(B?^F^Dj
z5Fcovi8B%Np|M$YXt(AD6DqW19&4gPOO>$_WDEj0tTT{5VbYY$~;pDBIY^
zL>r)wN!Y)#&b9PBU)t+6nx6L{9-t+Dpq1_y#i9FCE83JKnc$Yv$98H5BB)k3q3XL
z7d&ICtr{hzotU~+U
zPWxGBIYevheC^X7FB>2_j61+&c68<6dsKM&bw0hKB6*DEP}
zPcW8JX3%x6cVg8{wNnMTzDcYYaTxkO8I{h(v^?W%=#C4}WZsu(2ejDU6I&*M$}BX+v-C29eioYOXKIM}K&_Q%
zA&of{5H^{CIoJI_^Y6>1~MH$@7WS|
zKBhR^ESs4EQB0-{S-N#*LYr>aM5bjM3T%_DOS3b4NRAwbo!ufD=Y!cXI3LqyS+!w|-hKDod+xdCo_p>&zk}yn2ZWzq
z@J6(eaC{5IKJHnkBQ}4+XOpjCcJ%o(Fp
z=AvUgWIKq+9AlC4^(~^D&_Q-ZQ&FFGuTw*muU)By_SIr6*Gv%`p0bsjQ5o+8_RsWn
zr#{QxP|xqkk8z4gqMy5lDJ~H6_tEc;DE)ScIvgxIBFQFA;&ji!%-{R@vmXAt=ewN7
zOy|F`k0r@~dNc~M`Vc>VcR(B5Y=ds{D$4mI;yf04wM6jhp6m1Pf1iUfW^60y&AVaW
zgn8Vjqmt(Y*;gdCLk)ZuP+cq*TxRBn^}-nM{(jI2^Jq}n6GRrdXAT;Qg8Lxx&NS&w7pqZ$x@Ku@9rbF999zF>w#=P$QP#
z!)yb5M_enf&fm8~cPh0x-UrvKYWaIux-NNngku~pOux^pLvF@?d>D*X`}vs?UH1k#
zM(C|nc0mds9m~~moK;ayn;mUuDyJ2el{4fCwg+iDJVG>;O`7uhlAovP+4H;OnD2Lr
z%9WU7V#}BKX}Ub{4XlN`6TmkK;G0CQ{Xgfg-N0Ydz+YQ|zg~~ZyZ<@Z^WZVcpXgi{
z4qE54b8Q&z9jE#4Yz_zQ`#I-wxPR9%eqY&?eZOi`u;&Hwys|mR{mn2ANQ<5nEo6pg
z?`e9-AU}{6GSQ+ZMGNF<-v3&9hRcIve2&X~oIeFt4d-*9>Eh!Y@AWM{kL>z4@xPwt
ze>?-!H(ZXSWPZ#VG5H1NV!;Dy%{rmcqb|LXbje@(YRpS75)v_&C|;efXP
zWOph*ZbwnQ(NR>^auRgBc7f@zO4tF1l_B3xWOvZ*SB=MyrXCpyhm!mypZ@FwB0@QJ#qe}WXDO{W3uOse^k=zYwRYe
zCH+oM3%=9r8@@9j-Z{1?cf76ra}k^W{P+L+{VS>5xw-%7{C{CS`+c(Q!>1{SSAVJE
zMSI#fV~-6iAS|kh6b{uMc)nfav3rVgn(LDoPu-6CpP7HS!l2x`WwcH&=#{S#*D^X
zWi8~3Zj0L;t1`=Be$)Bmw~th%`HMee#BYXu{|d(S0*uwrnPcCnx4Q@SiWr$6RUvjY
z8}qY=fqp95z6U={A}!UyI)=7ze(e%^xDpWJ7{807CZ681P}
zI{)$Hmp^E)UBMpiXY402j-!%nTYtQJV5^9WdC0@h8k(7U$!t5u2m4`=s`**)Y;|}-xfN$V`)4qDxi(vhri;N$F=dZKL
zuSG0!$s9)yVFP`!`X3YZ!y0wzWyjm+PF&@FB
znUgU0M4X#Aufy}lG*21*bavn0Jm~Gg^mPxz
zT!zSNz9w#`Xchb6)_cONJ|4zAwXk-4QM_|H|Ejn)eal3g5Yo01Xlv5VZ=owbsm5)#lzL|x`_OLUDqwv4PCclvO_X^stsmL6YyT$e93O**}
z2f;GmWxm^tp)G@F%{lHAykO$!`)TYhP=01Ub{}Vq-8<#;W6J0B|18g+U%U+HnTtnV
zqFoE^{uL?uYW);P2lDG{rvHDriK&NjUvt@)@84YMweh3Mp`R7N_hs@-s=tdY{q^L)$n~Uf
zQMGu5z_CQ^u0DYw9Vx{%i_P#dqlb}JN&)nESKvJ9rB-@O0BlkZL5QPAD61`jP*d;S7Vv?
z@0Seuw1bi!S*Hc<`o)ow!s;)!)vsFW-&T?z-)4PDwts@DXDJpvtBUkEbsT+pi%7q5
z?5kh_ZyoDQ>whJtUdP*jwwgLC{$p`rexn)qFU9%Vr%|ji$lOa)Tn3Xb5#~Fc5;h||
z_f4-Q8wWry{)5>rvrX%Z(a%F2H|sESrWWeITVrY82-&BSq-UY;R785ktFxhf!!LIa
z)QYv_T+xv49JNmxobT-4+#eh%;_D~y<>4CWzY6oC4(5j+tyV{!FniDFTHBuSZroDi5#Q6zlWf|QPJOXX8ebX>m!?`XAj!z!aBk^
z>ewUd_(0S#2z7KxWuPO6q2G@mEK?pe!tgx|-?2~V4-*u7%bidbXf*(|f;s#M$RhNU
ze;M?XH*>C^>s|B9=Q82{P!950eWQEeFNHi&U0hd)eH0*BZ0ZsX;y%Os&8k89uz;r9
zLGS*7xHl#v-j_dkS%wq`VEYaVU3^%
zt?u6`;!qZeJccXwb`NxXn?JuDo_90`)M1K02&gCE^Q22tG2Z9Skfxr5&&dC1>N)rv
zga3v0c-IHDcAnFTV?&k--*Z*w{!!bd`gn?y
z4`aqXS#_UNPV_@>ApBy=4Y(^B!dU8Z(0?=iNqKziE|!iRd|LQyJ?G?Og8o%zUAXU^
zPQEg}AKq=YBaL5sK12UnBc6AXzbntL$0Yr|e0zy&t#h>gJF?d|#EIMvdvd{Xu>DPi$ju_+;eoF@pl?%@Qx|bL
zkiWh|c&(2K93CF`d$)*Fz?g~VRNU`I@(J>=SC(1n(GGhFl*=yCg0HA7J52_C6F@`rx$m
z;k{%4bg%|m`!Gi*-a~wwfHhuQ2@xhq#PZHj@y^SPzw@=^j&a0&!MbAis^r&-ahix>
zjd4nd4RJ!mc%Niu4!w(Qh+*;IW`X|;*Z-JYI#Rx#s)P}>`bkQRX+#U5GRrH#`bQc@=u%l
zKPvB|@-?FTk*oQ2Q|kZKeERbg`Rn;%%rSpAt|>qJy1@Uq%6V+!3a%*)w4cH?r8et)
zx1k?#KyQNk>p>@g?}Htv4@&ieru^DzkzaP1e)$SwQ`V<2(cyc-4|A@>(HP$@c|rd<
zeE`QodjaEJK<5&E&Q?6%YuN|)T*=fAt+LhHHp0oXv@Lvv$4+7XYMc|F3fwz9Q}u|L
zSQDep%(ME*7UBO4&(5)l!?~~mv*iEfAzyeN`HOasFzbT3u`O
zWV5NK_3Q?k*BpnD=Rg=GdjiUe)!!2K&&z!6_%_ooDFWBiP4>K|zS#GcwP0S0-M!0#
zxUWMzgFC+|*1yXb*IG|=!$Z7KPd?~X;+=?1S!sLcZQ`9C@y-tMPV_N^Pa4zJg0C(D6J9%j(wiG8P?2d28ahc$CLM)&{)W*~9x#S44m9Lt;#Jea_$i
ztK^39+f)8%*#6~o#)JOjW}79^=7+>HHEc~ZR;?R7H|j*+O^o9)!S%j7W{p)b=N-no
zy-h*Hwysis-MWx%XhBS---xps<#Wt?fS63bCQK%iuD=&~S!X`We$TmNV8+bha7CPD
zzw=rCvlx`G(OmYQ&+PJVBhKepndYJ|DkhQ4SW
zwnyaYhWaN#S0Ox}VeIo_jpzG@`Vns%bexbY^&X94JtU=*a%y`(Pr>%^93_)&RlPdl
zaK9^JFrssa^Q~I$8+89|aX&JLe)Z9D#PH4+Z~P0vckAZ9JU(~LTw(Y=Wdhp=^-8pz
zqu&kU{P;m9NU)m^nR}Rj#GH)m5xy6P->Zn;4bh#XGc^iKj|sx`Xrj6LdoAgFi{|TM
z(A#U+YKppW)QbD9)0&}Me5_wnFfr&sThJA>$_Q%<-plRSnS`i%4S6Oj)!`00@E
zdDz>SZR(~R-Ri|udC<8K8|4=!{^6&5-%!HTEA}=zMf)AV4<950lX#!-Q&?ld4fSxj
zG(ovy|6RzF6SL`jtiSCN`rjRK95FCQy?t+%fM+WG!vzd-pr1MQrfM2yhR8PpfmcsqNT_BLbVulblI-q8P%QQIm|cVVC-xi^YlrSUjpkX{}s~e
zAIP`3iTt`udE8~nX3)zkMgC@~N(+{y)-P*$Ex0LF-Ykju^HM?Q_os(^$SY7^
zpSic6dr0hmrjehUqOpTMeJjW_%FT0^ul;Y6fhjY`%Fl(2d=AQPwv1Oen_tJUt||);
zxk(2A8K$(`bRo_YxTo21dBc0D{7-Pt%u_;b`L33sYZOx7--!Cs`=Z9gSE1cz-k$BL
zeai(QlP7WB?^7`Um_;VOI0Z5ha{|G>UD`HmsHvRv>1WWVwp!SW9v9_fuKzNsE%OfP
z;g}AD*b|)J(D$R9>4evz0L`&K-a{MOH!fFK+WWEs`cfw3@Aa@2n>2aALX$OFKKhz*
zUyiwPT~_RXW;AET4sh&GGj_mwp1Z^L>@pFbV8$2N`5yPRifw*WX62jJ47960VY^mI
zyq-B9?eh=igndpG!XIZo-|(J{cwNNn8m(s)>^n`4!BLLA`h-_6w_vZLEv+2y_lo;>
za{o8;K4J);P}HD99)osnfic-kSf`k4iP|#ta7J4kh|>UjK#bYuF=DF{Qq|^^oWwRF
z{+!*u-&bSK5tfiTqf6L)Y<Uk{P5V-Z)&6lYz5l`Uh`C>O54<7HK>r@@
zg~hc&ac%QOuIv8GpX_-Ya-YAfu+%>cYw8{3!|qMo0eca*&1RI-{yTYX`zyEAB->){
z^Q~w@9r@Wu{RuYIf8^Ph`mOavD6SgjI><;o-}#M+|1in*&k8&XgZ`p_^sv}_Zijp3
zbLP3w8{)Z##B&N;89myix8pkMoqeQz<5t2F2;%;|XV%B<{|c@r{OrgOI9xYQQl31}
z)$0f0^B~GrNkLt%DN*JR8!`75<6YS29%15aO>VHAt>yP|NS*&($c=9W`_i*jQ%x-r
z)6XuPTGJxUG_{;#nYbV&z+2J`+!Mdcfj8?V!qS;QT^i#!%QEu!!Q5azLlzioe9zec
z&-iq|G|^fC<6X`;{vmuO3c<&kJAdu`K{3$RZ=ik8OEBhX|4`7CFs6ET1je)-_Q}VE
z{VskU>5ljP(BCGY{nTNGdVMw0zA=GubJo|8`p%jsL{_^h+jpX!Gac
zt&g^nZ`sOt>GT6=|84qD=56;@x9VQkDqWh<^`j*%gwG=@h9MKy@1`bWv8p3R`Ej7|w}8)tL+LO$z6H0}EhGJuu%;#%Vh}1mdd8XB
zUrZeKz(3j`((}wn&9iTbb$;+1>=F2w!G8n1v*qBCXT_YN`Q}X^&GGzO#ymW@r-OD0
zoWPl3mU*^aX#TFBihXADxog`8^2JBa{h_e^jn%&nWWd3EV~Vz+c6Re%Uv-%LoMY9|
z6xP_+DIT;jx)$jD8r)y7VkDHgK9%h&pI&f(sj|zUIBCfs+kkgAwi0av@NBGpR$GZS
zfL!D5)l9-PdE
zRT9v_Z9+y-mo1uN}l(wS3&al2;CpFCwnbH0DhShoHqV7-wk5IAYXaOCCHcc)xaRzWiHX
zEWhH1XVU9O5sYEJ@$(>tDO(=Djdb1RQH64tuvvQ>J4G8KXVPsvC3K=6JSxt=;2!!+
zMQ!~}aNprL$j2FT%{?oy+5BhBIaf=*5)cR{X#evSKGnJrI9%3f^mpa=dL
zn?7(iybIg!n!X+M;@g9Nfi{Hd1dP+#DE24jHV9L;M0|HrtTOLgMV`LiD*D=cIunm)
zifbL#|2j?=)<0Qb`e7d#+dF9XvuE+q_NBnDHEeBMgSAz2Ez_NZediNv
zYfQ(rm9M*@)VeE8tCR}_7vlCdlVMRqo*!QTu1c%
zGre2NemB<5Sm*yy_bkv&R%zZp`BT#JsuHGAt0qkb8`|2mr%HB5=$|y2wCEC7&#`Ac
z(iS}{$j%;SSB0}@>a;}%6+GZukAoy7Z4n#|kd~@cDWIbGK#R|Hw2sA<0t!ocDUkiX
zd+(q8`Sa?7aa_;w{3Xe~|GnS+-uHVHSAk8{AZ(}W!}woKg#`P*J}lQdgl8z(S#4d&
z?|=IfYZ;}pAG-U8$Nwhr7;3CFfU(*ilBPrH?oW)M!<155vSEDxX_4O*q^tk5obSP^
z*uySPTS4w)(8G6|IQ}tw!~3ZED88M~@vZ+W8Q&}%-@Zw}w;ZhZN9hT8nW4%FYYsD=
zYyV~qJ#QQE>r(eJ&}X)hGi~^9q^&~OmvyQS^!RG*!A0q5Jf$u6w}$sYLO=CAeBbx-
z{xghLN<;G6vlMIphWl8pUoky)IO`W#4+qMR0lzxseHf8XPqj<34q`dpT-~a*fJ~`!
z)B7LLIp8<#=#NLeV~G2!*L{h;b0!}u@h*wZ_kiCjG)p>hx%BHYzoZ#zlD6ybb+;@A
zS|N3kU@*gcPN#OrFYVB`xtA`k_hRlOex3!NW8Flnu0_(LuTHQ^5mIMr9_RFmV82)W
zsvhWRt)xX;-VT4m=lFL(m*vW%GQ|fpinT%VYxF0uZXbf&_E{@yKM@kE!?#V)E+5Z#@N5wZNy`D%+%4%4D19#9o+ZQz%+r6Yp{}
z
zVQ;tcy_vb)<)(YH=o+N$z<*oDRl(jQy0-~p^VK*%`lK}m3!HaRFfgt_vQgWvi1Gn3
z!M|UFcT@m(n{+x-IUoQ&;Ce7VA(>xeJjXxxe=GHC#H)fa>DPn|GW(p}VFs~|GQuL&
zI`;Fp-L0RW+jYqH#c=6iGN*@%&xcJ9iTOXDjjq2g>U+6xc33+G`8eg>6P;LpaX^pp
zZ}9g;^z3ax_#N`oppibA4$XQ%qmO3)X5_&l{4G+sLB7TLFHK_4^l={R{w%iNsS0_R
zOs>Dd$K-yd)WQBhYgpqQruPi1`~Kcf`0V%ib>pQ|kxK_s$2F61>w(p55pJn8fev
zjktZ~eiDO6Z0y<1-UN8WkNfoF7(8?-dM(wbi+}w1=Yh|kID87>eM`DW4xhsxjSfED
zAB_z@OFoLxkB?MP80aVrDr6W0WqFCQPatn-4^JC>))2dYbs>G>-KIqWuiq)YpP-mi
z5B~>r71Gg2avr2HZl5pwu`~V#o@9&4le$^
zsDq;Ho!j9{xBtB{`@u)b75gve`)`QuUrTcW>jzAvoaXS()>sF
z-CC41%{`159bIsc69Py5EEc5QGNFU|L*V}
zHQsXkhtKW1S-zc~`mdGxYk}M^VaNe|;HOC4kjz8y`$D1tURnUSA2RC`R6KPTT&ThVI33^v;k|H``&*S~
zuGY|agu_)hr!Uy3k|!2gtA-G5mGB@SLLJ3dZNy2zFVTPbRZW)8nMQy5#18rFZ62Wc?G*k
zs)A>Owjg@X0P6wx^luRiBG$nT=c7EldluF=31M!@Dq=dO#`iTm2I$UR4Bzip*Ne;0
z|8*rFU$IN6hq1ib+~*oQmT_7%!1scq{%XXLv32hXCIk+DBMjf1B~qbmxUKSB6$!LlvpYU~S#b*auHl`iZJhrISJt|y${
z*<*1Uux?PL1a=PPktPl|6Y^+P{TdCA1;c(fs~%b%#5KnAUn}RoVweDcjeMQ(3^QI_
zP5VFKd-S{?uRehntLk6vOys}odS|u~es6_$DU9dtr##o8;JKgh7;VE&CC{~So{RAZ
zb>>X`mFW>m`XBT>3iyfphkXXYP#Z8l#_r-QI<2(y?gsCYCz&0h5vv$Y6He3gZZ<~K
z2nQp;0oP-sG7w1&Z-)%fse*X61)8AyipNj3N=`WLhf3i2d{~y$d
zW1kSIZ@fxQhzb}*^Bq#ii#2C{dGgql1ixP4@h1b@6#RY!__cwL4=TpzP}@8aC-gMm
zhT+c%jz5X~Cp9mP>i^p^pWp3cJipR2zg&5LNs@D{=I4l1^GnxrcewU!NTjafO)5Vt@X7n`T|o;)E?E++V70E?*~}n`jXes$y{H!`;~Klep3|ZcjeE1
zeyRBl!YNB}j?*&uGcM!j@z~3wJI_2m{>GOR&$C5!o-(gCjNm+}{D0}(pWoV_&V{@<
zxAbQxQi7a#joUm!-7)z7Y6R!=A|D^_PCTFWXJY4r_6V9PEy
z@;(~QKU@5(Cm&<6^RDr>oVeOcR?ZBv`!04?c*g3p$_E>y_n%GP%dk#9>>KaZ1|okr
z;UH^+Ff#MCY{TE%QzxO+%|5lH+lH4YH^;EZZ2&4l4+!(!cM$
zh1>Cztv=r|kEnZ7mz2t^xg8=6vTIrmYyxYCGq&@*R
zFxHFVMNt$lvQ+1EmfO&K!su&$APyfKWH#*MI*JD_cs6KDI3FuYi3jTWzvc5U3gbOM
z`tyI3+lcOP?EFRXpy%<(nxRqGzuP>#{*oA{l27{-PxC$i|0{7rr;-cu{Nt0#hl8Gr
zemocQ!K9E6wlT|xVp5+VA7*fP@7FhX`%T9SU=rs*D
zu-JUWV-wf|7~f+jcYyt33m1~=u$?S`u{AJO@?v~U{1}YeL;hIZiT>ljiEdgCfyFkI
zNEo-D3-e*WYmEJi<jj8+hDdX!APrYPT7v`ts()#a5JhkNPmTb~=
zOoj{Kg}au_3X9SFzUlsAq1lOXs9Mr=2>%_(Zg!rcv8cPMeDGTd=J<&C5A6lo#29|E
z@=ROn)NRgsGBnE)3wQiPHp}0nX9+d(fR~;XBNU
zKNq-7-mWw~^Bar}3pgjz8bCI`7v{&<9QZqgdywg^63*uf1-*UF>8+4Fw-Is7Nb49C
zODs5-KaPR^geB^;J!i~~-g__Q7A!YnTF3fKv)vdWA=4aa4
zvGy9~K6G+j=J`K^j8wo?L*uD!{t_YJoIvNOX@m3Z6o8)Wk-B3NoGr$?P+Zn99Sxqa
zwo7O~1bDXZ0XxlDeR-0Po4|;
z*QB8L6=RZr6DXY}()(h5XS;X9=;Yt+eEee@)b`Oq&%7UF_E8C~BaC%Y4tjnh{(XX>
z1MsUP34LFuqVEzFeU|`zUkCL4+c46kkrYSiuY%KGE-9w8XQZ@;Jajs(Nq}^Zby1c)
z$!ZitZI~3aHz~>=4ti$5dA_gU5ASmRkc=MhU!RN~ivj1a1$z89SlbHN_q8eLu{e~i
zqDRrtew(
zKC=t;!>LqX#2N){-Z|3>W?LC%a;Q{AF
zalMn(zFpXMAhPDnNc&qm+EeEj#McjJ`Z4OW7YP1+h2&5G>pRMNZkEu$1N0xTZ%ZhT
zSgzs`!@n;Y^sGJp%kuwWjqIzE+!MXV@pCAcO1`DPFM5%W4+oX}f%Pw6e-inFMCIEB
zwC_;ArxW-M>O2?II-<8@jf*hCJ6^`kR>`;`kZ~m-CdlHKL6I(_$;s&*TVjQSBAv|{d#bV
zgV$(ByB7KSb~rn%zl*pw?*@tXFdl!a$qyF
zZ5ld#K(AOARV)70)0$l)U8<;WiTTGyQWCHUmpifcNg|(_2t2o_Jy+ZVeB^hMTnA;(
zzi|B@_BM%J?o`&oEEV?Soc@5W*U56N|J*i-*6Up8Z_U0#Qr2wwGEz5m>TKi;;_ZpE
zl>?}o=P3GF&j&pY_4IFl933C8&)}b`4J7)n<-2V{Y_ykD%wKE6xR~IXNaaug=svQa
zSx-!d(GI~HL+Fz*VhuES5~13J^?+!7UoY9<;ER>uFApX)us|q{^V!kC9mXfr%{c9{)yJ
zWF+5gCgfIXAK_qS}lnb8W^JtvXk*a1xz59EB1->Jn*L1!T@UK93y;MlY
zqOEHQmGOO-2}i1oWGUvX1X-;At=NYF=mm3sEy15)F1n`dGV})zDc_%uHT_}!OJM#&
z_!~cmXXru&Jz9l_rF)G{ZsmG(^!H0cTD~95lgIbw08H4stTcWV))h*u4~pwUcvym`
z;Wx?TqjAmf`p3xhc?s6TMZd5Za1voQ#g7YE?sPDZo&)LtB`i+^@c;d|{JaBHj-%d(
zHt*6D@q4$(`D|QXUUsam?-
z9Io-JeV!nDK@QIbIlK_$@N|&FH6VxY2&2qS?k6n@#o?YJ3
z)xt9J+Ia8`8F?)%ln1DXVs834o~w^>iKv@oCE)J?&q2^@P?u@VK2(MA?XsNM19C!3
z{Gh+y(Mk9n2J*rFlbBb1z%%z0lMfP?4^n3NFueSSXNKp$nGAFeGOP=9+^&f5JlIbQz$=@{J_Xna=s`>#Ge&i!fy3hzE82JnwvR
zbnzE5f2(*h5g%%f#qgnxv?Kbsu~`CF)}=8kLVR(Z4^w-AjsEeTtsmjwi6c_<_x4;7?fVklnf2
z!Z?BEdhK+=-5$~!GY{}41ZAAW;ryd{P{hgOw
z(lwd)@$->qshT_ih^TeR}5xIPtCUnBK^U&cDzv{RoFDnLH2Lgb%70|U&+C#8_O*`Ge`LhZKgs9A
zt$P2FzkkBnKcD~TuekrH$fB=D$LmUw{tDbpFx0C>t*OmCzKy*HI@!Hfz(8R>XCO<|
zp=Z2bk|sL}!#Qln%L><5cLd6a7ShQUN8AH`rtxgA^K#S2k#qA09~ZUYgnlFLnM-Tq
z{(spYcGu(RYw(V11WEie$^CwmvH(u_cKiijx@H*_5a65R)2A<
z%xBG%J?t|`|IZ>g{eW}~txt8KQb(|w>0|;&eT1L3Ig_qj0=j*IKCdR7VlF@Lyq4Dl
zY@4t^^<}SgZ{N#*t%
zk1cI*YWCY7WslkNp8|ewJ7K4#vpOeg(PN!sS@UtMb##KY77%|(rL|f?CkfX1{=nXE
z0Rt^J#>D+F1>Cox@O+5Bd--DP>KWw!WAXmGJXRKf56>KPe!;=dOCoNzxXsM!+Vhm>
zdF{%6S&wDeW5U-~pg5iI^_?Bmw-!C$pOawz+D>t9+w#0ObeZh2)w@&F+8;0XyhHY3
zUMK5^bq(A>359mwGQ0~
zy@k>V@6d6Nyz32}UnlF|?u_okNIxm!(T;=O(C_3unL9Lb$
z^F(WV6!MzH`SjcMTD{PTey4dp`@u^CBF7wkc(0}3=SJ#@00z^X4uZja{{M7RaPz}y
z$ji~ibkcZU&P>kpbCf!QVaW{0YmrA8mDj|V77#7G%GWCO`tc+`%({9;^LL1MGBK5C
zVb-gVds=^}%t7?`OxZWG3bg-&OdCAr>~?TYV4%*+OD>s2eq9{
zAC>C+%&*-p-X%rS;IQ@oB!8W^{SwaqZHqsDn~2U^$$m&>mJ>Nje$d2}wmB(Zlr$gq
zhCY*L5Ibm`u0ifOF7Me%_v9$)?G?{?L*Gc6Y}|&}a5~@j&A;)6?v=fQJlo=X(I@o(
zY#X}&0C@g5+B<{cBSY5O75F$+>ek`o{T9(1eH`sK?flMA=c8Vd{5sfTtjB1N
zD0)rX!WFE9KM!494~q(B?}(*;)C%@JZFgIlrMFeq0y*)ZuG(vV2eXBjEEwX3ya=JEJ{~u@j=+j$>cmE^la?q~FPMt^YkR
z^(*9lOq2IT>+?AFp*~9)a}bW=>)qpfmGsmyRz~=8NPI0x0OJCJalL@?=ZRqKAQ<-^
zz}jl$+L|90Yx{uKhMbtW^zP{Y0>9`qdM{r?G4DSL+V=dy8(N^%|9V*Tyq-+94u`{6
zBHuZUEeTqYe|-Oyyq6hzWKCdd-?5hO@6+{XpC)yVV_U_1y#t$$W1VR{22>#V#V4inb^PM*>E0bC&!SA3??dbF
zZkBYqK;o}uYxKNFrj}nFC!Y#<4ADw7mLzM$CEDMQmrMS?^%DAjY)Kqn)p(-5cHlc(
zH2I`*zrd&j@vT1epdCa8B|QI`VE*JG_67KLCfO?zzP*hSzC91f`j=bu@D;p8nG*|N
zdxvkoo%bI{jRt|sj|s-nckSLR^uZKEeGUulpDzxex8+FW!E}kAU7PjzIdwtuxnlG1
z@(nf(>hFRl%p`s6DtfP>;V0taN|y!oN_v3n@r=xia+`WM$>~;Fc^y*j=f>W4A6ox&-{A1N;QmLxOViKt^z`3+
zVftA}zR#}ai`UO8nlEhq0>3s+3#6a-UPrhZ7tx35`vwtnpGM!0j>~t5zPBphdm8c|
zHwior=Z{}=i?~0yX=L<14f~(&t-pZ$wK7(@A3atp*q;3!_S$~P$Yh?oGSfiA1e0Ec
z>?K9ilCm_jrZDntMsa#~`s-O`TznHgl015!dbTiJ&zgwWdrqdwd^m0sU2Q@AnH~?@
z6I9GTe(v@%R%Jbw6s=DS-4#iGJ4I{A`4|4E?VA%-O$mwvt}bexrc7qp8zAc9497J#u|aS?*Wn
zsV=?jrm;H`o%f5~6PfZ|Pz&8c?|hQS^Mx;|O3v$H%l*~{)r}sC8HlISJRUZ)<3IVm
zs27v#FE{jayNBqs#(jl^5A4xgR+S6=;oN{V7k&-jidE1jdl73UoCOb~*Ex-U9j)Ov
zx-~51@v}X_4A$Hi3v2K*+`qjq*EL5se;3Vvgx<@pRIA;z_G9$FO>wG$^b&O}$%B6d
zd`z<~!0F>j)vjiVt1cQJYYC)^J}|frq*gmqd2QJ$Ye2WI9Nm2N^n8+OhuW6@krRG3
z)Wy`|=PK#S7$3b~PGY?D54r9iNI&hoj_XD<{fFx8z>Pg46!rT;npc|kLg`akk{m+pDQh-zuS&Q3W^Fs(%G
z)4qCk{s7;H=4#jdO7#7)zaQkja$f)Sg5nROboEeB1M%b0%wI?
zgT^9oRyZ1mDA48Elzb<#BN2}h*GTvF$JA5$QeGcnf3)VY)2~?A=>w~D^;Rll@~1G~Q8`{7
zjd!aSe@}qt!SbhK@mnv)JJuM*Z(+h%)APaMV}k|XNgfs8`C5W~|Cq$fj7DQjaJc=r
zNj}$if8zRq_unJsKm8sYn9A|FlkA{w!V7p=VA8YdIvESfjH#hD*nZODL8El}YN#9f
z&{{E9EzPCHhNeeiL)M@*#dkrm^PyrxDZ1E@-Jri4;d8Bo&(VgF?ib^Jn=YT<)nLpo
zK1g!AMZRxi1I}M$gb{D~F5*KOJU#^cEDYMv(>VDC6*0Wcrdh5)at*K7@HW8+atS()
z?W<}xaw1+xcB;AjzG}K}v%D{t%e*YY19<0XE{|sM9?9aYZ@xV18;u?5^^e&pr}#OD
zajXcuxxMjc-q2>3c<<()2$=z$EJx~GIjr#ITH@h^*H@9NlgE3~=A+(H$30|o){ThJ;pi4omtmL1rQcUmh}R+(7fAoSq*f}
zEf;oTwk^gVH?w1CJ7GEL%QZo)C5JWl`Y!W9_vs$bY%`L|i)k%3H~QK_#$&&bosoY#p}iQ3+{u@uL=FjdSJifw_^F5<-Xzl`G{e)4q<=6
zJ~?(T@&6H?57qJu%XIb$d_~O!pWXbN@XdZd>HI{;`!!zz*00d|(VxsC?GxBkW5!wI
z`XwPp|9W=lLo=6aMYi2tY>v8k_?eqsGb~`~AuxXBy49hYJ+62yiFP~XU&!n27^j^#NDr(t(bO1gz
z-wN)t=@#p>^O`EgcLZHV-)}OFcZia_Ti?X=gbQ8CmDkN=vQ%`e7`Y|qvvybTc
zjtUt
z@m*@Qx|Z9E`N6xue>S0Gp!diTR%+y+-s$6eRN%vKdu=VI9@5?>J~BzXV}Sp
zcalvg?Du+JAFwXi!kWSwF5!=Pn&9dey_-Z%1??%wzn3RkRCS9t^joPftX>Cx2RWD&
z2A}N;etuJr)za74SSm`XruH5M%>R%Wk$Lteu51@%@v}^T@3!PL=L4
z)O{ags5KayzY?tng?0Yw9%DTy5wke;|DqlgleBVdt-c;qVX#A<6%aLm3NNrG6!fE-
zNG+h$m^nXQBJsag)U|(fU~hc>pR~EvwNaYHUOhs4o7X1Nd{w`{s{5(JD)9&_$XrYFXpqE
zgVJv7ewiode6cRNU!F-ozaK4^`hT5~et~EB()_$nnKMW<6P_>xO)ncL>KhGtOEe9+
z)xv43F08+QH|brFYtT8y%saHGmBwzQztxK750~+`ad~m^HzB`$fqJ5G=wyxZ>_8yZ
z$Nh5kymk;j@8@rY9hG8N(aSZE<)if>E?%XQUL3rV-&;vCLhXTHeW-ZR&m?SC*XrvJ
zr?+E#v#DN%t?ZU|l*1|RonI^V$#D9~6H0e~Y79Sj^L=UaTT^C$7j|gxVpZ&FAjRk0
zOXC2Zz7<64MB8Js4=)0|Q=~isJYO;NU(6?&2RrWK_yqL5FL`5L?e~uAJBZ
z!%q7%1Fy&Lf2nsj|IoPqt+bc5Jv>D_KSi`QitEUTh4`HG8P@w>Krb15UkN#e_#^t#
zL5}rG|4I(cBj_hN%+L17`b)gOGpGCf4neCkIIY%`zMhR5Q#3dH9oCd(w0{c1WBHzz
z{31J^U%)@vDA(D@<3|O-MxNj5R9A9+|L~&Qp8>gtTj=iJ
zN6v%PS0_nWmai6j+|Ig>Uy4q=#x3<<8V`PyWN9}K7SFq1;_B!sWB$+4{5NA>px8~5!X2PBop05zNQGlR|fVhzsY2s_$O@6!gELHfNG=P3Yf5iR8D
za6XN2ekpkEFO~k^8sN1um?C8j@KtnfU{HB8Aa&fn>L`A%(%tWoG{W=6O@|kuXW^x+
z^S5%HTdT27A@5;(4Mu-|kn1b2*3;kT!}@eOq)!L_o1E&w>l^2=x_ucAOEJmj50T?F
zLE^B-16oiQCG#`h1Er~v_+}x`b!gP#`=H0zYfN8%74z@*41WFzKBIK(b+(<>z1Xj0
zyA80LPrQluo~AkBvnZ7N*F|HF;{M{rasCQCGgR$((CqG3Z|J1N#Wz*(Kj+8cl*S$u
zrJ)Prpg&e1&3UGivznJz*9nt@`poRUM?BlnC4t9!U$lL9*uWXp?->{qQ374_g
z$Ts*O>|y6g_J6S7%w?y@yEa#faVx6O4@=Z(8ZO^rsic?OD!u+RgU78?d5+kOAo5d8
zWP4PwDeW2#`zqlhc&h|)51#)g;rxDOBHZqYoIe154^~F=Ba=*D5>1u0zmj|l(Uj)|
z`qAp;RUoyv7`o$lp7&d}-@+Wh41VU++>U(zk0rlfjd|&rSbs3?JJ#k6)k|G_L8Y;0
zWg`D&PG#c!axHhr#FqL828t{Sv*sdaj`XiS+86ZBp8s;Njl5r?2B&xK?6iNSd!GVU
zW&OgS|1BlnU8bU*Ti}W^74;GV6P>D)Upx8v^1#)q`h8sgt*ZVteZHrM&qSAc4ZqjL
z<41vs#p+zT{+)zFV4_={Mb~f3>vNymEF>e&v0j_Sh0ml-mOx60It^oFmGIa+8?aeO
zx9Is5o;hc;pg;L9<@5hT&+n(_Ht6b^jLZIYNgAuNrI9_nP4;^^$khH^w$Ps$$-j-}
zkz45d6z;o|Ilb8q*Z1Ujk?+PiT-iK+iShrX#6;tpX#5Rwd_Rq!N8_aOan|@F&zY)S
zqYUuX{ifLCa)-AjIIpjt?^ZeARyiNR=N$4^nj`C7>Q6Qc7*3WjM4S$AMo+x8G2<(^
zH@!r?i{~^K`U7MGC1uZXBA3?jgg4kq>!Nwu#`7GYRqb6wL7u@^2p}rM=x_cTsFunKoPWwM+-Jwn-dM6$goIv*$6&G2?(!M}1d-QzL
zdQ>_fyG+hyt^bJHZBs%RtGmM+s*z&_Z%0qojq1RrA`5)G@b_BjJ!AU?0N#Hh*n)mQ
zi|7xeKflEkQP0#msYb>|jP*DVG2`!thz62l_Gdc1JN9#`+|Mbz|Eb8=i}1hO630r0
zJKw|k-)+YHaO7^9d7Vu7mF(QUL(QDFUwmHj<7KyrI{CxpT^sn{ZPENm6X$oX1pKZ(A-{XSqSOA80iIJWA;W%j
z`8A$XF87N~@~tw?$BMZ>6})a4uAf)A&I%srrt7C-=mEU4n7)5Z$L|*Maomz0y436G
z`r*j$Wh(p&;BoWl_f0Y5ndDx+Nv>@IeC$8*sQ6Be?(ZJ(#a#MaAM^ZqqDh*s=Ue(*
zK%YN~`90OFyLETFVgh~y6ZHSOZ(Sq;q{{whd(x6cZlxaOzX$|;2k-vO4azz
zd$$T+(YT`1ZedLa@cqHv^u6RE9{L{q1^Uh9tolYFmo^;0`-8vP=-p%IE0BHU9D4nC
z#mMRds%*-B||B%mx%j5fhAb%#bTIPS0qZcew4`*B8&)~Ig&8(TnX}wB({XXO~
zY4EF{XU|6Rqdqb8n+r^O-`T+PZ_bn=UWDFLFA?5`%2|ldzd6nGZ=PEv<~w=IUo!v3
z2;aZ?U+%6xII1ek-XZbF9jRJ}>BLTVR&lr01lU<&kkMUqtX;G$m#uPE*iBqyab%pp;Eqf7
zoO93Xe*L;T$sm7B4OLWEz;~UanEa{G*1@qi7c;;;pJY!!n@x)Z{F{T;t7H~iB-@x&oo!R!Y
z#QvQ+_QH*{r-fLZv4(~aizeO6H)X)bc$f7{wKMt7%cqEs@sHegBw)r{_=5KH>&!E6
z1@!%_tt{aEY=`~qmv+V|#x#Wa-R}*^cmH?-FZv7G--EoKTjBdJO!1HB4Ey`OtF*r(
zEKjU~O#Ayvuopt;%jf-Fc}4qsJ+Jq7Z@aSneH*u5d|Uedj`MuWZ@aqt`}^aKr!wtZ
z3*qf#-md|}ew{P^$%Su^YZ3?4^M}W45Z?BT;cw)8G%S-5;oTIp%|Gt~gztvJNSJUhjvLD3HL_PlH
zm2Cf8jd}cSVSIjN9{SL}GbAzWjB$i*1BG&|{e8I)XeY-TN2bHyTR7iqGu!tYRvY{q
zljOE$TE9yjQ^AM+RSWJx#EZan%wxNt*EHYy3~TEKTK)Uv`W6soE8csq<@Mdtk-omW
zczwG%B4W4sBD>s}t$
z8|{ZHugzFTK65>nOzXe3Jw3m8v&fH56XH{wXmpffOxGdMPrfIg>2F6{-4bv2+i<>e
zzR}|L^jz`8{jYuE_p4*cBK~*b1aV#%8=!dn6hE<3xFUn1mENzFax+|d+|_x^@kYCG
z5d9VpQGC+~wkx!3SgG`CE9X(Z$i3m?@V(4CafMG}9G2qH`txP0)dq{&MiDPqW_5KPvLh8jIB^KYM4{2Z0TM}@)6@q
zVV%pL3&pPEb$+iEU2%L?vRxy!yN28Cfp%!iFt)jD~8
zYbs`>{D=2VlJA|~6!}i}vpwdVP*2<}Zz=xMpE*BP6|Dn$Uiq(oo1XJb&+SS*SBgYy
zd6^1()q@|Fda*T=QWe(6&rmU$*(Y!t_5_Iq`floe$kBQ}-X?2HB7K
z)SrZ6{~BcZ4>X6AP{bxygau+iD2UnINcd$l=)6V!s}jz<6&Qau6j$zy3=*b>@*>dr
z&J2WNOFO0AO`X=`;9r8_#Z=vU>cQdw758^6gYz_S1s5EJhUu^N?
zT?1`)k1f&sh)LE-{4?It`?FB&S&nZH_@sW+MwqUx!&d0W%C#7EpQRP#t5uIp?o7v4
z!T60LQyY}YiFoD=I6>u9E66p3`
z2ZUG)cigpn$6X6|+mkwhuChAzcWQ}bSh_nu&vK{2Fy*1AN%Z}hx_sv`tlh2vS#i}
zKgV!Q%;#9LetBD1@uXvo%z}AjJCB~@by2f%DFqcNk509o3ER)b_r;ve}w*XB4qh5GUox
zU-J3in7RMGjp^qT#T!^ow_J<4YDRw|+?#T`(&G?vZ2o3^KE@opZ}&9|cs|B?;q&+L
z^F58U55_Pi;`8zK=d;B|q}~xHzn`33k*@zy+y=-soBam5hlDtfYX1t3r6{RLkEQ74
zSc=`=^jHeuJLJ<`=F?3pkWUfgr;_595CaJBLuH2hQ1?T;|M{7U&DlJi_kvBSjw^ZO(Hzw>&l8L7j^KZ}~*^!@q3t>?V8C0Q!W{4?Gi|i+*4a
zk83NmzaHfm=n4`;BuTT7X}W;M1~h|+(@b`)MiqU(XZUZl$DHB6PvG5Yx;*#b9yMf)
zqcCDT1-b7_%cOm7qB`0W&VSkD_5*ppl=yvHqHIrpxWa!)k+yVYnxg}4>wVL`-V%xd
zsEN4pyxzXz&wP*CcdW$E%9TZgsfK3&Vyg9Wu1Lc&l=Jyo1Drv<&~La{0Ubo@EOXM%
zBfXE$sEW8FS*D`LkX{*o(d#FksbbMWBza2{FV|5Wi+NdDcDluvVo`e~I2
zL}v-@Q>&<_IKNbXiYjJ>GCq8{(Fm2Kl@cnJ&dhNcnD|DD(X_|-@xBd{OtdzUP?Xa!U3}P2;mvBA%2(Q
zRc#_LgyT-eVAs<-mUbb}P!9Fmc>wLDuoj@Z)JKK*@}LbqpC{IaF+U9Pv*--kZN^2f
zkI&Q3r#UwOqKNC4UITIn
z@pFWzb-yKQVa%sS=ZPE1#)NoU=h?n$`%}(;T9Ukf!Hv6w9u5UT6$NzlG?C<)V{9V84;rMU(UdI~m=UO^@$JdYQ@2i~Zfv>5R_|MhR
z55yX(k@fei&+PdY;(=i9>1V^n_#}tV_7?uvXpz8&VU
zC5$;3a$k91UjIap~}-%67lyeo1Zo?j(;5pN0B
z)yeDoL)U)FeSHH5^!1&peCxhxV*ge?`DVT({E<7;@|zjwu2*d?vbeDxces%7
zjuAJTbxDe;z*=!$vPkik(k!`iJIAGwz2+Ok9rH%iEZWjan*6j_wD>%YKHXO`e!&My18E3
zLd^cQT-ra?!#Rm~%9`P{zOc>*z2o)?_E61G0p&sQ9X;(l!~I@8AjH{&QP^iQU_Gt0
zPD~GLZKg-t_9@sGi07?5%=X{9%<~8i)x$9ExiZfx
zgktkp)>-TDF5zOF1y=<00pMfeg%QLd`EtCGKDQ8-m*f$dr>c&eP%!7o6|EAjQN$<5
zXRqRC$35vjD7yc8rglE-e#R>COayT?a(G{1-Dc~qUkqR!=WQAC-yTlM|8|Dm3g#y^
z;=88&yTm&m*WbC*@Xnoy{5yQ-ljqM_qR=Lp|9#`(%9~C3bNQAL;G5<|{+zL{bLQMR
zIUXnF&W(U>vMDxt6>{fn8FOcAId85ukvC_~Uwe%038!lDeYOtFV|$^j`Ll*fe^-Y5xH)`g25XaNvIS&Rx!Cb}q1Z8o=Oy}|k2CK_
zImXOWiJ@hwvM@#E@Lek}L{;Kw%R
z7g3G;_*Yk*AM3gQunYNd;`rH5LLC3)GVP0n9M?1!4cb>1s3
zZfI4;RKhM(><$g@oAU@K_Ik$*##K70-~Xy4mX;mo0y>Y)?(oVw6#vt5a#tw!z$1MA
z1D!G!q`EMAzo^S8_KjGpByJIZ`>IvE^D5?9==#}YabT0>Um(`=AM*DYpWlss6U4j9
z;(uvanAturL_zIqv(%;&qM*&zzdYLeTqt%IW6xO@O8wbN_l34v-4_0VXd~TR;dlD+
z4d#54bo}B&H)Qt@42nio$oeP4R*Jt$%^w53GHxYor=(BO#{NjViPp~kOCv4N#BJ=K
zggZ$DG3PFiJKWxD9Fzm0vj5UbIPMi;C;8o~!&RoftJoiB>>Fs}J&18(qICmpkBJs&
z;)qe@G5JqiqTj1Zbeh(r
z4&-6Lv?iT#BOlWHcP8&AM?oj+{?YR2mcIk}aWBXJItep<3_g!wOhNaLDE2md>9~}I
z$KxnhH-`I*H_)BEzu2igff#w>$$08LIsG5;zcc&&Lcbrw**Z{S|7TyR{hxf=v!U4g
ztTTRHDP>zN)y~Q9FR>r@S!L~|emlyypMieC_nQ+;TL5yp)Lyl9k9mxBDt_1Y@*qnYkw>yHXQWOWk_2UTaGc#L<@HqwG?T)
zQfW(p7N5UW0X-xOzMoP5D6hiNm^<%2wq4^?CR#_QGG1b&chh`d$H`@l*T<#wWIBs1Jj&hwD<#r(JM9QN25OpQU?_lU#b4^D8!8FXuWJ
z=8AKIzK3WHMQcQ{w|ez@LioEzwZ>Y9vDR3Cu*O<5#Ei)JHq=j_X4{j1XFSDo)$=Wz
zNv_lm6|uc9b1fUJ1Aq1)#wZsE@u~k!*0m~UW*
zcdv=duj3x`!0#5G>qPidzh&Kh=($ev
zfmH-S1|Rp?fCgm*()gLCfoZUhJd7D<`P$9+q~+IP993`>-))e_?Ms|nem=KC%y;MJ
z;aQ!1|Gv)8d~4p6m&r6NJ+kaWsm722u&(I!YK3@18+h3ZS{r;rio2o<+
z$ljWM)E`jxe#Ln=Z_JhF+C7+uCHZ>*>o9o{8~To99VV0?3qa2GnC+LKlUPL!oU840
zuKo@8yNUY^;Mq$xmhenH*Angv#cp9f*O+Dr&}4e16`t8(IB!4XI07rQbHZ4b!dNEq
z3rhK3P5%92s=Xnxnh39h>qP|(a{7@682@LE9M}2r#!=v#3)s#D?PUIObv%cCa+&yR
zF7wx>IZ6I1(sPt{n`6n_;>P*C!1Jquw#s7F3v*GAT3pSUc++@)zBGH{{NREF544>X&|LmVF=l*?|x1@b1jkbwtcQEaPKwAWSpvy9R&v+J8>G`j-
zlRO4|fY=N1fI+X6?S7tUH;3D)-0n7LhuDICYU3TkJ{ChCh$js)IePs0Q0xNhY3Isi
zo2A54HQ~N*tCZh?azbO;vrK!GX={NtAdW=3Nx$7r`mI9xEz0%{3H{b47Pxcl{hBw&
z;lC?)qd(WO0Y1Nb8Oq3RgWOlCKA!9^2l_+#uXLsMhw{G^`|C>WuN3-29Gi03Q&yIf
zm$!2KS2^aHr|!SSq{pvL$ir@yhf8@4KQ235=`qm+n8w32hsyA5n;&iXX(;C7dqt#7
z;&tO^EBLeCvdns}E-Qms^vmutiN6i>2g`v!RjMDm4fM)=pjRFl2403URqB^}#fk&y
z3k-{G2L|DMtP(S#rS=mfv)hZ#}AFj|ahR_XnZLuSX
zVFB`W>{_hnq?qOF2R>*IcapaL8DhI*C)`QSa!!rlXI=*WHTM?<+1U&4s7U;@0<
zqCO~|VnO_-3|Ig^;r(*To|M6J6Zyjv+cRJ0wh_BAp5j~r58%Zv*8lB@-zCP3`Th}J
zpUrmMbLwcW<#WQJM1LyQKf=0*g@ixnid4*6sA25|tksOTG_w-;MG_w%kxxvtPNuD-
z7#pMhH(dn3CYroOnvRL6SQZf`qLu5dU@SB>-@*FNOvyX*_%4-8btq+9
zv?T%W4EIWWx3ML_mv{5{@H3n6QoRSvo6vDsEbu$-J1hL0ZWtflwbmK_M!eAmWlh+I
zb~UxaNoW16Cao0s74~nR>v^>`Uo?7g+*NNbkD@+>cE7vz_-`2ZpqM{|GOPq^Jp&!u
z`||isaIO@wBG>ip;CnIJiDV7L{}|qhItZLkc;5GlebKNu65VNt!;hEBH37YQ6y-u+
zUNxQ_V>rjYyb5psU#ni^W2))&pc64-M-U^YZ-w9785|)1%IsBvz#qGWkRUhlUmfYi#7JRFo`djc4fDtOh|gRQBbt0KU(%+H6ql2
zL<0mwO(0gt?7jE9FY{(HGX(vEGvvMRy?4KR?|1M0?!Di=q9KCxcfsFopm8bfTk
G6eWwl^xl?rHnGC)H&t@%(8o>K=sQea;^r&6O}9Kj}JP
z4cSMvohZ9>yB}@1uZ_vR-wM39HPhpfJt9wg5fW5^?vZ%jt2qhjF(t=gPQ?
z+yCWEu7Bb*&M(0jSg!dqZzJ$G+821{8U2LU*#1m*lHQ-EKf7mMHrC-%f?y}DgtdWo
zQgIOQ9LD*9ZL}9;WheR}YT|69VzQBBU(x>w8rNfu!CtCid#NLdy;PzsODf}iX=MBm
z#}ZxH(jOpcb!J?~?_hao$)>vYL22U|<-7;%?_$jc_To&i(XIjcfUi245$*xJ
zixmbN!?~h=z-s$bCDujJeLMfh+H%)r}#}f0u*~O|D?@_J8RpH)fYJVKf-x9M=blb#4wn?qQHd(~B$)X^_
z?xt~zf~7>;MP#3#tO_KtPwbYf*ROpncaBb#dhPZ}=-1LT`t@Osr|+0LQNLP6A>a)C
z>=pSaFVXf$WwSiba8)r}vsm9+#JwFxeS58KUB$Q9R;fYRJj+47r?TYPst&8|b&&Bl
zSLpJllixcuMZPzcj((YS%)u#>w{Kdeq{ct$=j;?T_yNOIGbK3??g9L!1A0b!1bmcqC^80V8Umb4S!!(D-l)@Mn&rj+O>DNGc(`fKv
z3@Lh^f{f>65burcoum7^4ECbKU@sz1Wr2O+o`ih}dacb(@xFp_`|wVN_dX@IkFvsi
z@GOyz=M_B0$79?HcFP);X)YzXTu@Whe-ZKVx2L057eDJ3@$t7ESNZ%FkuHBn*3OVT
zfU@)t!~?UL2TFy+#R?f4q4=9#%fe)qv1`=NOJH48Qaxp)K!@YG)Pk*Ws%a2xo;P5jX~piY86fXCWY;*Y{{{&3jm7iF&a0$v%UC>rJam=M*Nmk<
zU!KkTdXyE@U|*kiVO@3W^=oKP(>lxJX}f-a5_R$Vw~I~Bq3#Dc3ba{QjXd;i#(Nl^nL&HC#sU4jQk~xa_%has!*?v~
zM3}CnoS!VzG9>m@%!$PRQJF2hs`h2RRga5C9d+QXL_W*n7QXEqO*Vid)
zt7Q!pxJI_$mpgv|TR^10K6)uNes%j8V@jpUnA%K;w?4gPlIFWs(soom!-m)H)X
zUfQQ9F{46NN
zF%@uqol?#C!D~gGsqz%k;RkHZWiG6#jrE2yJgS*`bGbFo6lVqIsb^6Ap}CG}IzF&Z
z&h>ddjGM~yyx*bv3%Y$dKOx_j7%=iLz^fWvl+J<>Li@F@ku-C{4
z`@Dw!275|^Z2|ePuz$sMKs&eTvQ}d1(Wa2xFrL@EO`F%%h_P4I*|puL(77wGCeQJq
z&-!MnJ0-;TBIx51Vm`cgyZQ;&5134SvYNl8U;pWH-XtEK?P!lXOg-%wznf-0?v25J
z|8vO0*nhglkjqfbw$IVe5nl!EBhm5!`7RIDtAO9gWb%nV`d426pU2{1GR~8_){b$_
z()>S<$xooKCTZ=|+?h&6^FG+y0Idb}Vp1wB@;t(@-z3jQ)p5Ma_PIP4i1+b)1pJ26
z)wPO~|D(z4n;2nn0xaA2IepG9tld?iWtq_zxB&Zk4Eq?CQii2zGQ~*0@GKx7
zUAe4nlIPzM2#xaD>zYwKuUOrFrJg=m7sT~qAasQ5WjWxvDz*i(X@6Ki{oAdpeID$w
z)BRc?^j+S!3|~b0oc5jv+W(5{s`g*R*i-uR;}0->BNvVRc20H0c%?dmHK80PSuai2
z(>SrW1aN}&ZoCZZ=8KX(scNvK&3}St4~<>f|D6l6d{mU}bBPDE^Vnlj8S7F&wqrjJ
ztZ(AtGtMaI(AR0AdwIcFzL--xgnlK`U4(=4Sz@>ICPTmCLlob1N*M@rEudPTly|BL
zr7VKIu1bC%2>p@kl5f3$HTD{`ZgIC}Q5qsb*`+m!s$ko#s*1hQwl7wzW)tmlJ4Wd|
zmJ@8iBb85$)g4A%8#OhK$oH>n$9$FXK56jn=~NfAkm9pgmvjlh`k5)-KQPMvOSyO2
z?L0H#KGqM<=$J!3xYuFdBke|iJ?DRoNS%KS;J_Rf^wE#XGl)S|`f(y_Vc+B@AKS-d
zOLqS_5IW9r@~!;*oACS=cc7LRnT^I3on%_1M}*J=y#teK>O#kuJBuue|4`GoggQ}FBz@w4E8
z`bNw@?mr~%4fX~HI)=r{u%NC}4Z7|z#@qQ%Db}7)Z(PbP
zUEY0z`TpRi@%l`+Z}2=zJ?M7)PX8l;P&v9(|vp%-99%GGA*Ho>r6Xy~-`@D{h2!)(5f;
z{(rMY{SCiltX#blCP&H@b%;T%)#?9zW(LC
zy#Ik~SXW|@eAZGIU*vl`d3+W3!&$C?T>y5p^SWDnK1F^Huivg9FUuY_6$teWen}Yc|QvUtRc>Nohe}(x)JNUeW1;*<6IGZll9nOLEKS=VhIARw$
z9W!mmD$#BZ_XI+_`3&S+ALD)o^S^d~>3%SC`1?&C$Li^P{Y%%=DdKuMJFcRh&Qz|a
zqf*Z-plQBBwf-Gp+^dD7bt8%E{hPcd-#VA7KS5$XSOD$)@#k;h=Xah<><=^KJ^ypy
zC+=6c8Sd|l&OJ%>O~=Xy>|j6Pxdtoz`YA7~n9j!u2lgVsGkwLH9oB|o-cEU2dY)Kf
z{n9x!_BYSD;9n|viZmlTVZ45LA;~D0Za@4|);B}_lNg`Gu|?y#&4pCQ5MzbMxu@#W
zXHixaPUtNOdO2lpNz~6mnVyGh>qX}8)$kt6Sd2dZ$Z%Xqe-4V}R7d?zo(rz;`P@$v
z;p}2KhljozoKG;Edxr4*faD38-yP2n&v0$lhlY&je|9?`9j{OLL+blGo8`uuA!#2y
z8Qndg!~6)ttbRq9H!{qlXL{y6cNuYu^@;PxVco*8_MM5rdUs+yK~czl!ZTc(_7wGB
zw!yzypi4Fy{D#eEVFX=PKB>TiG^qox;6jR%9}DUdjJAXoTNQ{_H}NdRX?0iHA3-|9>!k{s`X}{QPy3
zcz#R5_c0fgYo>OzW~hg+gujv`&u;`<&A~n``yk3B$@j^gAN^<|{eEPUv@<8khe>?C
zJIV9Q&69hc@r`wt#_4UGZ>n?uar^&|((_Mt0{>W;e-KWcch0h&9{Mmf@1%_Xe3;xn
zgfUL5xCirYMi7pr)DN*BR-Y2~_~;*My;H@0xhLHj(ogg}=Yg;N5c9yNcN9|}6nFa?
z&|fWL8Pz`N$8(To{9O=ffp@~aa1GpV;`@jA{vos-lm%K1=*1?ArD5IFRVvm^6&x=c
z9l$(bJpX{QOV;n7nNaV)hxd$c4B%NhL%t2e{4m43XCR@zf71FE3HhG`ldoS1@^T;M
zFZx8ozHIZbH_JTY&82$i_qCe|&r#>g3H54#zxo%#^&YsMDS`vkp9JRi3y@E_AXmFY
z|A<8t#nEL6)8#+7k9{`CPdDhg3_61vbv`lf{~z-D=xo|4?>>`!-(&E;jPZDBp;m~r
z#lGRf+3ttmpb7obj*~OZ$Gy|AS1#?%&w<`N>uq`^5Sqrif9*;1bBL1@`eR_M253^l
zG$}b5^C#xOZ??hT{!M@tRe@*FXbyRUqtoz&j*q(bUb7s9jM;(IhgxduVY^zw1?-t5yrl06V&%u
zA7lM(AY@~G>iYoKMWMDvIAJ|hlaHle6!E$!inzh%YXO|C5qV)8R|Dgkc-$c#2fwf`
zR%o&N7|%Ds+E_$uV+qG$j-J48E!W^atdG2Ks{R%udj7|Wc>YIv7}txP@$x&y%hrVP
z7(YeZLe}vf@(%tX5c)p9+kZmlfL;O`w#^E9OeJbn>#Tl{QsSt>JV&YH&w2&C{{WvW
znsWksr%Rqk+wlwT8*ZlS`v>sM0bU>B>qE!UCivKURrN2Aqkp;{Ju-KhzI+
zTNO6;Wkug4={PYDWi(Vhi$i8FvJFNHHaFI=&x-Lvy
z{{QiK{eZF*=r@44&DH(i{fOIB-u4Wsw-WVbDm_5+?@y+Gte7`>0iT~9cV0eT@7%%m
z?&kih(>rncuRnSHnM0z0bZayG=23s{c->=W8Hek2CeOD8_M6RsZ(V*h!QYMWx6F@p
zb_h{HJu0>{-hTgnygslpe=E%2Pro0}-`MZFU&iV>fDS<$@CTk9$5^HxY?f=8Z#VFJ
zEy7PVr!2BIDaA_QH*DuPjveDTVAt~5If_-6$JGly1$&V4JdE*O;=C~nyt_~Gl*arN
zSqpmdkSV^WONlrI_DprBw8flgXXCjgu;a0wPeF{I?{uiW@T?i&*l!AGFG;@x)ybMp
z`G)ahA2jDzDdrClpXkr;jIS>~@x2-J-v5O6QthwK#4#_!b&J>p_$la2)VGs~pNt-x
zSYK0syfo7uMdr%J;H$=Yk-sJ#4rM*CJj%10N<4VH%Pz7yaR2cO&Pi)LChN7kxwa0E+J2eAbx)>K
z?cXA@OF_OB9T1Cr1*;q??1wL-oOlZR3n^tz(krVS6__(1o(+Wlfos0{;X5XCfd}(z
zJR;ABzAdZmUG&vCETY`u7yd{Mtdm2cHrxwvxRi!Y@n|5_!8r%kqcSI98>|!9JGRe3
zUpGAeezZJq?W=*%QT9a*zK8qOGOaapfjX7xf^^Ggy7j(?XBVY>7{wSsTOf2l-`n$^
zl%qJ_&evMrLmfKTv5xfltCj9omv*#Z9O>~uXdc@zo9Uh94$KpBflhW~k2~9Z>TwrU
z>KuyVsalNZ8w`7GJj0EB2x?5VPTXHp-8`|)VfnA6aIGw|*0d|K(bUjcZ>o)KF*Ssd
zFI=LEVtG=Y#e5UPN8}#e1bb+^(%|U+-`G2>Vp+s4?unQH_AMri6QzF7o+FqmI9D~|
z^(TziX8MN2my>a`6|UXD^srL@2K4n6b)vr3b;PS2L+~HLx*jtk=o^=?m33}3jqR<6
zIZBwSlfq;_BKrX0el%Uoz0s6hzxBNfG#$HA{?VsiBTr{CPyZlc|CeR!t4!qY$L`|(
zH}6j5?<#@0^mPt-R;esf0=(^}v!ybB82S4g$DrNsO8)*QI`7}mj`wvM+{`qX@hk~3akD6F{~FaE|2EZ%v>56^<9Y1`@a+W?{Amj(^mm*s>z0$9p2faP>1!LJ
zUR^h_9CY{Tx!mf=Qh4_@l<$Xfu>kBfCC=_x#5{HB9ptGjs=co7i_mv4Q?GydPArcJ
z`S#y9@9^L|>2t5oD~9@??YVrx=;)NdU1$Ab~Y_RsKlexwY0Y~pUv|JyY8e4Hc}>?jdN@Iykq&#e!z{J^flrd;{E#eM3
zyF1-kR++P8N!6W$iX-k;WzOM|l-q~kBiQtTQmhrmDy&vPr@QMc#lcZfcQ}et=P+b{
zzu)(}$xWI*+?hXm(%jtp-S7K--|zkUh+%Q~J*4F*7fBv`jIYPu%iMo8$LiJdsCI#u
zWv82U*^_RrGT>BvR&j%>*{k5s1%Jh=c44Wih$~43Z%OF0SCR~k^L-qyjmWsP
zHe);m=#xru+}gn7n_)a(%IJ
zzryz~J0fwi(D_#N8h|DKb}|35*(Qkp
zd)I7V4d~W-Ev3e1=`T>z=>cvN_oC6Ry4Dd^d9+N0R^F$=rVlW6r4N(NmTF
zMfWLng@8}+{l%l_S02HdB=czBY5_lzdcwEW4;<8EJyjmRm*Lj%&eZZa$~qgL3U=Je
z_Q&#fzJ33)vEk|2AN}I;9;pjPVC>;GfjN{|V|sS6`pEr?U-HjWHCx^Q{=ogzwhqg@
zn_TChCh_W2b*`yj6X^V)Q=jb3b-FaPAIdX%ul5b~B$%sIq|wLxmRB|NSZG`9v;MKo
z+z)_c1305=UJG`_nNK-~sovuW!TjrD_932oJG~!kZadDURNRR9hGC3ll(BD?9@Nz{
z^&NInEag?ar&mSgbLG+emXKzw=RY~#RdZGW{a8q~05N}ds`|%fThoO0kGGTfF%(^*
zk6~;f#>@z<)$m1*Z3FtlvP;g}#<{Y@Fqi8z$7deBf%TualJ?XAjzb>e&rJOd``(&<
ze}~dU9_Q}19C2m16<|hoynj+u!;W_W$Ut_G8O^!MGbrx*Mv7A`LjOGXf3;EFpSen&
zB~hO*jAJcA|9(qETP7BT^Tm~*CoMu-L)b1#=zok+%;*0F`CeS%oWyr+9F1wcxL9p=
zR{0!Q_dKP3aY+<=-k@xT@zNi|duOyfpc?S2a)wo#eNZ*tgFcCTs{P`QW_iPa!zD>u
zMs7s?63)r{X8#YYhj8pkm->s_6+f;ii_ZT4R{tf*J}Y#rBjSd8T8_Dfy%T&X(g^35-1l
zV+U?gC?3eq@UP&WDwxCV5I?4x?Py!ZURFqte+J{@7!ITNO5CNmvKlq~{iiSoV@&i<
zWV8OC2Rt}`k{Vz`Fh|MvQW^iaiF`JuQ0<
zTJ4&Qn-Ls01D}nSWZX>7
z21V)_NCWAM_F_%Uip>r%r)>#r*(OolXYem@jJNv&(vd2RKpq~7i*_Mxv37+m{0>yq}L2=xfA@er)BljX?+
zus0iDB0kg_xKLEB``4r%u$T4oJBMVR5YmJMJb^}Bgmvp3uK-LR)}63M*F}Fry75fl
z6U`T`f;DNX!~qY$d!A3`4wZH1IW;Zc8`7K^YUE;ldF*X*3g(FK@GJ^pFVd5#=QWS)
z_6AI55KN@JiMH0)?%@2V*FheJcX<{m+86Q4Z;bKsGmMAwig*e5Gv}VIF+F=0o<-XO
z!Uko--*Q}w5AKQbIh(3~RMG26`2b@xnqWUJp#7L;{>QH-&%ZJ3yX7MEkriVt;WHlJ
z0O#$lk~t{r8vN}&mpYgDN-@>(n?rr2tN=T2IFjYYGk5~+94ODvCfVAXB46e@tyPBH
zH7Rl``rNP$NB1I6RQeWRO}>&E@Ar`1~72Tr~ZpNaIVbU)r}zy@Wx?;-uz*WWg}
zXT-Qv04faYw+lVI?Kju=lP;cgwy{F;N
z&pje6F$H*Xr61#2hb$+1`{3OUXBp5YlHJ=4**)|?u;Ve-_iuO&YnYzwT_(yw?(@X(
zQ}&!M0a>@4dRd{Km__)pV4Qyqu65^#d%AJm$+c?Q8?gS@N^>+-L*Jf!0L
zaV`;<1IWK;vh2UDY1oQ${&`rg@9yw}*8;y2cSkK^hx*Vpir?Ma2;Z*=H^MrMci6-R
z72mV7pi%uIz5!tM^Jv3X#_Iu>0y5A!p-Oxjg0)FlHHU35W@ENoV`H|PK8w%t`ewk|
zZcnbw8dGU~0{|z)E7;R$AD!>!XcX4$7#xqMxaLSuVVM`-?~Zm#oan+_Q1lzaxhlr|
z&k)-QDqih(hiy`y^B-KUqa5P8cAj6@E$~ij`x8ADzmfZL0s9*4@J!Le@|m%JU#_ob
zdbU2r$2WBzG3kE;m;IB^L#eI7*kD<1m@>cC%)XcKqqIy9u|AuQUt%ql$;$+tr
z8}?EPge{IL>dkH`tny($C5$8e7xrHU1~T^-tQeS_zTkW&(kBY2FG6j&{66g2_*o4g
z?TN^f3h7M}?pins@`XIB8t8|$I_jd>7ZLQXSl+mLGaiZ^cRj86k?tU^LBCXv&|>(h
zux-eo0f_sfyJd`Yi2GmSp3mcPCyQA}TCrwRu;Y2w5xlQRSt&KXI8~phHtheenDciw
zXptq-hPEb4+5+C;{JanLr^n}b^pGO!Dnw>`soqU)JQ>&m`iqHv;bLHS9nA(rzh4ZMO<~lf_Zu`wrG~
z;Ft$H*%dW?8QbxeQQfRE-62*|t)}>|B`n|?(0A-Jq@2P26asYOboml!Z}by!Z?}=F
z+IcY8QNuOG*1|l*!6j6ar2^)S^;o2zP4<`}U!Td(=IfXFs!fl9K4$cP@5g#zrXMmqWZYPx_k6Tl;!~9gEq1)(OwnVT~mIO^BOX
z&9J$IVH0}UsMFygxKt2ah!#u$7r4*9&;%2dDLm7F$ur%C&lF*@i(w+*{c;}~^*qsV
zVlBn^RZ|^D#OKwP>T!KcR$JWB^YKb$E$W)UYp^D!gy;1D&#ExySYvLQgl950t>q<*
zx0Cgh*X<8>e3yGutcUB^lfve0P~kI%Hq)6cqnd>EDzyXTk|y{aaEjtL@w{Kh=UsgX
zYZYG}gFk&Lojx>K{QKUC=|>*L+?MH>+YWFZ#kuG4+z0l`xB{!i9B=zbWHQ^8!&yf(
zTVtQ~`n?iA40}>~KgM)=d4&6{`1YpKZ;TUcVA{Qkdq^mIv3KLdIrDz(?QmbQe<7@k
zXy0bVhc?B@`ZIL#`w#S`_DioA40hbf_NdN23736T53ejd7*PCHXBEl1t8SJy9KWcG
zI_hgR2i9H4O6H<|%KG!_KCG!P=LctTG{9?Hz-#mMNxp>dUIV!I8>9cb@!W02{u)|W
z9jr_B`B0{C_$jW`&tnzwSYy3Odv{3WwKnL${}@L<=#@Ac20b$@%GyJst{rV)S94#R
zeenAT>F_6O*1Qh$=NfK0T#vy#Vt^-o@Yx5S0|4Uz?9~Hu#SnZFKDU(m;>VKsJY*pr
zaw5>W1mugxjx5pevC*5)z$Je#uCXrsY5-&wr^{D--%5Yu%@RM+j)!|GR2b7P`4aJo
zH-jDJocEH`i#+dS4Z4_eKVdGPr?ow%^Sn8z4#Gp-O--0%kMRD#)e!3!-U6!(TBx4!k&?|5Wff9Ar8Zeo^i*@=hae3vuQ;
zrqv<%{k!A(xu2|2_JDlA=k87(18V@|8HtI9k(L4-XjU=yV?^AeTbwdX}YTlND
z4B-{qqrmffrEGG(7wdCN+^=TbKahg^V|!$L#pQV_?d6b)4fNUFzVR^V$432Q7-!g)YMYdEZX}x>+Vm!yug>%RB${q#oTC0;biDqr
zV*VA)8Fl#p?cIp*(0p&<`G%s&`5L+++Ja;ascM2R#!e+{0|8aq25wdpwt@S3&Wodb
zP6{P0nJVuwMgDssNq;d`%+jL37+#ofK(Bay3H53yg0rNE%X?CJ$Y9DjioPJ>=1s4E
zn=*btC%aCL!Dj>C`aOPn5BBFuzH8F_j~B+rx5#rL?OD^Z*%@{%OSNj8f2;7Rn7e>A
znNKf+g;`3i=MpZO!j%lzSFGEB%1TSMa(h#s0Err`3F7%%vcoGT(!1JaK;I
z5tY|T&peZ?6>mivL%oQVbHu}xq#TKILN?0@jtsIy^jXRGEDkT}5q~Ofhj@>d@wh9`
zCwXXdj~i>LlJd3iq?7fV?Z+;}$QO&skb{eyeXcX=((%XT!
zgqwsV>U?hhCV(-@U)YBm{eAhAw-~P}0vUJ<*Wc^gEqfUmYqwF(q|{yh5#~5TwM4Iv
zf$jh@?26cc*wuzSX}}_TX*HVSp;Swmg1y~jtVUy-qkc`IR+;x!#{b=DyOptJk*r1y
zV_jf;y-yr(LmlH6y)HlK<85+$mxg`aRm&qT8NXPr;kf4K9R#1>1N`35u#VDCZ{zxB
zyAu6Yzba+keu(+ufn8Gn;_b_lNz)>u4XscXgh
zDm7daW$iAxA7W$jEanUKM0{>#aiQ3=6n!b*u`E)hU7)H8b&7w3a~T3%Y(Cqxy}PKd
z1-wU7utt?dM3%z)vCl?KD9^dD4p0GHL-<;~s)~KjSAqxQ1odz%zz?CT#_o
z!Ub$>?$5R+=;gR
zvTz>b1Nppwx8gHM%l)t~+2iczWeMLH-sh)2>nhvRfqnpQ5)?;W7DMW2w<*GqWgeqn6l;9~r~B8G6mepL$hA67snG1n&`xG~H}H=zu!p)WE4Gn)x!
ze=d04o08uSbozZ4^(RfNWwBff_9({rVGI|}r-M02J|9J;t=j_NR>S3Lh?&tOyE4$jpjwSFy6^n5_j0X2xZ6z
zqXRUrc~VBr<-X2OgnT$A&IjLp2fusYPV5m=rl-u+p|KBBOU(5~zJJqB*#|rI{_#Ff
zjqks6=fpN#qK^M?(U$}49j
zA4FRq#+ll=hR$U5ZWr))dh4|Oc`3c2C#?V7I2Nc`yC3L|>Q=8vO%A>%_1%
z+edC=|MPHUYWv8itdHuE%=~xEF6Zzwp2PY`x_`BnWc$Jt+1``z7fagaiDC>$lD2u6
zw#hgUq-~ca_=ksN(gLDc9usXzj#0s5RG7v<+9L7aW5WOBGo}1Ysp%P_AtqmT5)b8?
zEzJ5kG;knFE#uq|5lz
z^08FQ0!5qAOgU2+b7lA;u{LBA!+hO#vfWVZ@nWjO;-NZqpx2!7@%4r9e_nkl)rv9n
zq0iV4SV7M(Apcbf)|GoGMC~o9lr{8{DJkX
z(QVSl?&bFl^YcS^9p+-p<4wLE-6rjbSeG)Fb*Qay4dYEEe44eFG3J%|UP$~HaKuf#
zFJ$mS{yw@p^}A8SWUBLUh;`7xMvJBZE>z!l~@0W*|<$mx=fyC(sY8rKmIzMcrfy4#i^#(QZyLnC5
z=-zJlF_7Gj`}oepf*!M8%KiJz-_ZF%4pvRxTOACfWRZNoI@p@B)&xA1@!I%!ZG3WV
zs$I>rS6FNOkB%3`daVu?YRil}dA(+ia=j{fy}F+r{dyf``}U*HMz7Z;yk4lMhDKfG1h8W*elSds@Ew*I%}|GqUczj?Oxh_|lM
zHokm1JM&^}eEFUA;uPEXUNX~ebw%0u4lyiF+X`Qk(fL!X;qeYWWA|q`ReItybfo!g
z3&`(UOzY>AJ}5`y?(b4-{RwY)@LjtymmX`wbg{zUL?Hs<}QQqo0srgmAGtojVRiU+PKJ})(~S$s*jP^>SLZG
z*H<&i>&N7MJx$oH*cq^q89?0AXuofz^yeCi|5w(~PLJ%g|P0WEt7n?=O0;rpkQUjuYy@b5at
zb4cSkeEd{weDLt`-VuFPwoRX<524S}chUP@K2_VW-{Og3yEwr<1hr3rN99-njuBA$
zFW6C!@9Cnw?WRBY6CI%I2KwDX|C{NrM?3ynKVA3HAL0s%LT{ZJPp}nx4sH?tZ{=DK
zR`*u&z5}+)L&c|w_de|;*i02`^gibcZI+(aLH!)2>#=knIpPk|Z`9PWY=Q*$Cx^4y
zO<-Tw=FNMvwmOhg?NeD_L~|~f4g8^r1+$T-8Z>C!7Vvg`)6)pHkmrT?sCL-$7O@|W
zXESmr2$tyzh+oL{3=&j+?+xl?A1zIH9wq$pR_4s-8av+Q
zJW_d^kk6(lxP!*iDUR=?|3N?O;i$1iv}CHR%XvG|kkv#(UL+dwCh7vVd56)%$oQw0
zk>tZKN=c4y>v6o$23zj9EeUh%@ykL~NZdR@o{4NfXsTta#s2m
z1sVOLiO-tZGIajg#RQYUQQgk#+Xr4(xX*RNw#=%|#*X9c-~RoR5g*t};?pg^WBT1`
z;a|VRzaor(YY27^H!FCD%^a{>g?oGka9!z8aTxf0(9zgN&t?43Vil*+UO+H$ko|BQ
zXbdeJLeRz*$(g$4SP-
zcOMI>{OQvE|3tj{dWcVh9YAlpmw1YCGM*}09|#-u64u{=PTfho58{Al621Cc^9do=
z(Hz>S_=J)CIbUX(A-M5e{$K~=!hhtv%f5|@KS=#j`OxkDy1Ex~OMwj^f_`7Y^t*uQ
zcNWoarPD(_AcenWoFvopyp6~wC;DBSztM`*vGRH1dZx5nL}GEE(?ra?(t+mKbf7uP
zM>k#J_X3gAHg*VqwSn){xIqu8&$i7(KZnaJUoeD!NW+G6@mE3|otuH3
zr{6E-{Yc+n(+|ev;&F|je>uE<==!`v<@Z2tvwtT!`WnJ9F4hHgbKYpgBSQCr`~skR
z(`mfj;zXNpeWIhS4?Opn{jyfnM4F$vrw1oE^?8WR3^QDw?+fY(W*XQ+diCi3S@7R9m-(LziA
zw{CCNAE=LU&N9;)OTb~8pGqBsJumLivY9d3{AcTi#}8Oj=;t1hymPMfNm&EGb}bkA
zSlg-yj#1A@|N06q=z_+-t(+--I&<*j9a!7g(a-TIW7ok?BAec$_4s;@7km+N3}#+b
z>b3lrI72@l*4u?KqqMcbfDy*%02JvZM+VG1~SzKC8JuU$e~l
z+wS^xW5*A9&6m+V#HOnLO!IS&%eDGXmHp=iZ$OT~L)pgu1k;OrF+JJ_zo9L4$#~vm
zkBmn%lV(Bh9M$&gP<6k)$1EfIX!JmTnW5(4PHZypjhsT4FXH
zxPFdWTG8(hr896ynd35gzo>oo8PFo+kovrI;r~_lLhtno;n%+^jg9e5zk+de{bN@C
z%HiX0dRd0@JQht~3**#_8^>d8c3v;X2VG#omW3FX-<}hO#@z`&vU(bCWUTI}v3|$r
z^qoho`pB{MpQ6Xx!QFr`0{mgey!$Lt@T!~aFN
z!hTnSTDm7Jf1Meq?rlbHzQjBuTk2G^CC-Geq?G$on#>=_`--oU^*DXX=S=z3WOrqp
zGoD#;Jm5tf^4((hePR15jfdY?{=8*flWgx>V@V40Dkr6!{{{0a53gmv<Nlr&TxS?eD^wZV7ht8_?>>?SuoBn!4*{*PYSlYkkoR8s+Cg8s^nSa#M2}S2K
zkLZV#4a;AqIj5gv!>W`vtOBV!N>I5^Sa(#gYph7#4gDOC)oqP6QTi{H$yfo=7qK1N
z;p`_2Bk4_u4IX*@e$6szzt3);&JKpoMB;QtqnEC?$>&>rL(AvmM~F{R`xW9`zb8sb
z#=2r2!^^j!;?JCnd*aRKaV!4U7h8Ysgj}CVv_5X=|JSHOJ?GbL6i&iAZ!nOu-TVXUUpju;)+c$NazFMEI-V@#IZQ2f1yXc#UwVxvgZ0B$
z11mSypZ`gX(V#KX`q21tkuQMOY_5!**Mx;5a=WZ`(wx~USCPo!-#NCt6LZ6Qn%~Fp
zTc~*n{@dCk;_v%tj&1Z#z*?Wb)n52`FRC7fkHXOFAIg|_4s7{p{i%Q6gPTewJ6|<_
zmuU1hXzC2nnA?$i9eH$1Z{qX+kkUn1u$IiQ_A%YBi;C|ic-FGQFrPv&kN8x{+v_Fr
z9%|@eJwX$p^Rm-V)W@CVJQ7|{_~+L1nHzjSeRJ_c5&vAS-_-9@GW4L_Ul|JrxKwB8
zHhRwTky)&{`X>;5Gqm^E-~SiV_r{jL!&Wm``Pt-*z&j504s1E_fw5`~pYf`(|7w+5
zN9Z3HJ0meTE6dgMjjQ7OM_qEWYFE2z`1-;hkW8rN741(npW$WNs%W2^H>o|rL=gV}
zfRTbdN6Jz~MhSdjQk|7Xp*Fn)J~8tf)%(XDls+yyPtrFD4+SNDOfijPwEpmK=@$Fi
z&^PK=1(K%|yt(?ndFlnJ-vt~rk-V4eEHprC!7o5B@k49=4=Q|qwJ=Uw&#l}%?zz1G
z+-3suV>dN+Bvq*Um2zCUbcT+Y$DY91ofST}58L9EQFj^jNAb?3^iJ}vUK8tN)v$h%
z_ewk{<7y&xeyNRB=l5xD^Kpanfx>xwp8Gt|!2VWg3J!0J_Q#g6LcDihJUVB!n<(oG
zd&6+Fl)qcc-vu1i*x=}BnR@PN06#Obzs2KxzSA3qho^j&I}fjya-qx(%D&2o3GpNE
zq=#byGBwj^UFk6<5}s}l%lsQf9`VNuj1{87-$K6$zKpD|7I=}TcDrMtA$Dp^l18yn(f&}U`&a*o@fa5*-rfX
z9MBBlv&dMqb}hBmGhW6+WtXH;o5{pyK!3KmQjOn#KkA8#K|8D@qrQc!S_dD2_Z_zJ
z^vQENzFpSq7TO&8z1z@oGkdhTGFIrihnfCUzjj@UU*(tefEHOgGWZtwh_-^ZWhS;F
zM#+!-w8-Jq>}a&z&ysbwaE2^;sPe+j>a_6dNObB$KA)W{L8o5cWk{c|rCp=Z5mt`i
zzXATTYUN+%|ID~Mm_U2q^!GY+Ed!}y+vOzph4piqsE~DBr5-*e7spsWYll}v>OX|r
z+0NuyhT+Z?zzZZ-i@BcTB;SvQKi|f%vSLNFKWx)&rnJY0zKi%k)4W`h&d~>ue1E?V
z`CRIhW8;Y$L^8=(8HTS5`XUuGJDl!pxb;7L-_Y^(L&a~79J`ql6bX^Is-_Ed39DGA
z`@ewCQBiQBhW$8Fny#t%6s|u#fHs{kHFhklVgBzvD~8c4{kyd^Z#c&DfT)xD0koSc
z+ua`ghJClrM%h;)F`cpbAte64SH)i9Oua8-A#;L=+v*kp!Z+*N#t8rEO6FhQS*hOH
zac_iwX(s&HLb&rv4R}b!nx=6qlgc|{>2GqnCP_W7iiz|~J#V?ID#l;0lJhW`NuNr-
zM&+>63191`OV+7C9Vk_MV$+_cGSJ>4hR@V{mClOb{dDTBzcN7&g`fE8IqLbqa*kh>
zxGJaXA=IOad~26IhOtT%wOcWa7e2)BzZ^aZ*%CiP=bNkL8G)3$%?-{gJ=Q*I1uhTb
z5BH_3covfDPpR0|lcmzYd`4Rg>1S?_<#Te(Xv08tIKC9uo-eC=lWf=M?|Sa9LiSh0
zeo{w9)CZK_$n(Ev^zk?~Hhd`Y-`ykI|CDY+(cU{Ho&cZR)Rtni-P|b8^m|eKhMDxr
zIp_F?kY|YRfK3lE5NXc*5}f0TQl|fRt8+~B;k1k4sBMLMmUnlwzJmMTW%q$cJynaR
z_|Yns|Ly{OYz)K4so9MG=zeV6!3X@T2k+S6wUh7fxGN64Qa={FzQOGq?ux+c+bk#4
z(!G=dKg%!ya~HwmeAJu`!(yHd7B_@pv4i_`%RW!aK40NJQ}2rFgFmFbQttnin`aO>FX9rPUe+@e3u)-};t~
zoM%MxKg-Tfzh=SVvtc;YCC%y)FSoUQQ{8KiSNVrH@hXk
ztxF>^@l+e%)X8|GVJYW3(L5krNhfJ@R7I6zo_p6+8P_DL%h5m3Vot$;)Ba0
z=ViT|yPf__=6M{fQ*vL^hgpcX9Y7po>aBUOEoC0~O=Cy81^;!Cb0M}jcKo+T-EXOj
zA9r&p^P7w7RD6vUck^d{zp_r@z9fz>K}`bK5kND45~6*jHK^ctzd+)ZQlDw%oP_=p
zb5nT_N@V;o@Vz}RfPKyO(wY&^`#{V@dooHB$W+z<0xv`2KZ~9E4fk
zDFkCZBBy=4jaQmz<#*_NOE;62LDp#(u0mI`$oHt)+9ygU(fUBwfV}AHy#?l=%#j`6
zzfPY2#UtbY6q#pL*^Uiq56bdp$+719Ejewx$fdKhQ08*T)-sJyMy_k$*rl_fFBvC_
zjf;fuRF9S~?f&UTbYNNZC#2k|iam<8VaLYHA^%Yr4c#=>H*u`mtt
z_h5y{%1hX?gzgc4NqZhh%$NRqelejPImypfGybP}7}~~Q1!~}JS*L2?IrF1x;8h6s
zb<1t?fnVgcDZV^U!dji&mpobX4bMrgEE_+ddxWb@(u8p|Pd}{z%}vn+N4fD^l649b
z%gm5=lWRZC3Gph@Pi0J|7ygI(m|QRPs79FAUO;19%X4}pJf~}EPS!QypTXF*(Ama{
zIq%~+UwY@>EPFlffFsAei05!a(h>UB-6O7P6OAuP%3sGzMS{xn{;%Bs8+Xw8Psr9~
zy#ea`gv=vS6r3&ler&|G79ugqH)hW)rvKD0@Du7%^4gn0_`<}{hh~x2ihVBpN-xK_
z*7CUA^nQytx#zE;e>hw_I{2SN@E^)}HH=R~8HJf7>&@|t8-vihW+rBqJhI#LP7u`w
za7DmzmwB_4**?*)yyo39J#nWgbxa~sZ_oSg^}#eJYVK+6n|ABvmag<8rZv~qDqfJ_
z;qMo|W6R7?FghEmEv7vLb^qnUc?ae|=V+F@OFPsA3h)mk6
zvd&mOu!8rhdy%S3KT~A4FW%DFF^>5y|00~X=@vh+%Zf$CyVvu(4=++QaVY+92DkZt
z(yj+Os_M+&7bcSgh^81Z-7RGDM@%LInP8BpfbV6Z`9p-LsA-qNB+!;3-O}y0%bq<0
z!M3MZ>5-n=o@{k-CQdSG8{1I^l4HvnR@PE$*KE}z-QC*Q#x6y$={DG$wq*AEefN8r
zmq`dgb5738+;{K0|L^_2d%y4ZYu%QT5AE~9x^3VWc%TS-7TOW=;h^!z(^uNx=-=`7
zx%F=@_it4(Z0SFsitk7k{$J76>Q}di;U`7wR#9eAE&6W(&*ivpRL;W1b5r#-|ceeBkgU+Khvh;!;kkm(K%jiLwg^TdH#s?Q<>*fhxpw0
z|LK3c|F^w2{_#Av{WC|vFCb${&Uf%U+rWZbYN_Qd-{YbZg9Ewn^k8$oBWhN>hT8(gX~{MGVaePyx>97U&R)pWy|rBx08iqB=26Z>v|>=z6qYu;moP+
z({Nbh-r%=~ZEuqG@I$rJ;XL&;rMYg}crOQE?#R##?{ogH;c>j2`*igbejz;ua2|VV
zhIi!2?>rgf2Fc|p+cGJ~U|O2@I=^7kj%V3|(~<4K>ByF{WJ^BT8e1MZ<}lhPL+l4I
zCo*Qg!?>({Gv;UK=GpO$ZN0&sn>{=icF{ZwPMZtY@jPpe0-xz|;edu;bjGIXaiL#k
zso-1VYUfdmUuAd`k4&2nO-Ge+w*R3?zT<^GdHFfDSbJ=Hi*L#u;?UpN*w4SMZ%|qe
zyy2tzS%RK<(&p$w;O3=;Wz#&sUQgpbobmgubvO?ed!x8p-#0VPAm;P9T2JNnQn@Q=
zynT}P;YRxR@m(I$7a!Z&&{h>}u+wLb?yGZCnO!`8ntO6pnCA0J-}7oE_?>*Us;;5U
z*e<*PrEBJK{O8TG
zjTjogHH!WjSLHN!e%n7A-#gd8b$0&-j5p=hJjdX^XmmqwEW#PU82qc#`FX*co%-EE
z?eFJ14D2bek?&(0?z8pd$-;NbuPw5$_uze_?3?u-?*HzeoBjMk=8S%c-n)zbAEq()
zc0}`IzC-DnyN$dzZ{I<>%>m#y&>VL$7h|F42afT&|J^qm!SCo{%+R7R?1SJpQ$+D2
ztM$6Dl+t`}(*Ag>2i&V2{Z4L^E%8=$7}z6;OL3gA{Chv{bqmdJ;XaJz<9GP12*c2~d-=PguzZbhBnLDj4Ig6|LVJP;h+)MV}hjlVp4`1B<$KGsQ
z2EXb7yL@}8d=p1nC-D!~&setY_h}hCgK?J5*ALQKyItPjaGzd>yRP+EJDhgHq+^zW
z|M6X&C(31~Z#Wo=Jt}8K*^+(<^N~!=W4+`ta<7efu`WvaqvfRc
zTSV<$z?dE$+F#tj_jnmi9Tb
zN!LA}<*b9WRyWgp-xVGFzMaS61h7+EC&yRajCq7NX`E`O{o9q;4o{x{Z<@`2Qp*qV
zG`Xo)WC^tIH8geyl+6!K`|E1W?*-oIXVTWgY~eOmuB{%d{|4&`>*LvKL6`qsqY2#h
zwp?&X?$!qG(e_%Lw#s87eU1yhL*+h8mDAo^zNU=i3fRo&sW`QzpZY#xu7i)ukL-J|
z2yi9GD%CGNQ`fueao$bq!S&IPu)Y?FmOI*WoWivpa68M-mAp@WDSET&AUUZtI<9oM
z#b@EA;S+vOLkX4fDiu8A+H}B-WO}VTDBto`G`?M5fPDrI&k{8NFUMOD!
zec%tted9=Tv!qGI`|)Hv_>zsQ?#X((((3slt;1`8mqG8jk;=8qdES`TkC+c=bGH8#
zTakvlkC$NG3{bkxS>ks}{DQk-bExI?L$ky`DDltS#p|M{0`k}_@jE2`z+JdYFZ94~
z1Z`4D^|$-J-DqUr8fvFC9hrKM(|*bp%m1A}3dOdF{lMS>M}@mqcB>-iuq0mcVJ;!Ti24_tL-yN8g3CTB*rxxwQ68k`4ElgNN%OIhWjH4--PpadYq4yXI5Glleb-rtO{a&k417nWj*X#
zUYD2ulR(C!F9yKX(aM}^ZyepB4nGa$PWwrjY9aZ^=IhvCbAnIqDa{-7o-&}8
zCO)LpSPP9m%*_u{eK*nf>*OpMAm!6Iy_WXDKPr=b
zsXNsCm_2qYWqh8#6Z88qD^u`-^CtVto51-iWF49V(L0&%n(@0#+#v#s%m5CTtFjsG
z7s)Cy!9&IEkpHvy)ed!crrM#B+hK2)Q5~%H(fbdnEn(oB(|C^-xGK$>RVrZD=}&j-
zI=Sw|y~w^mm@(A01-{_AmHISbUQ6=!YgD&G)P~ut-%a$Vw^tvvRSx@1Lw=fhF1CF}
z>|dHw9Ct3rs(H1O{!8dP@M5i`v8-{NOXQv<#gCX2oA^!5+Kwi5m*!1m9BN=0=>70S
zfg>u_2R29429aleGDV&lTAylj+fOx}qi-Y0%mdW!xq@}{=VXds%l6Fz2hKl!LeBr`
zowaHHhDKf;+w<9JZTm-?ljfG4V*f{JZ=A^Nq7EMe$EBg3sWn{tH$<|kn2!Yh#*pz^wXVf;9hg0atF0Mv{z$S-2gS)@
zzxX%nom`<9vx}$o*V3K_np?05TtsV>a}FJnHNUk{?`JkY>0yKI(wRplFE7Q{HlVyu
za~${x;=E?KsFZyw*9J}Cac7}jPcG>hdOQ?+TKvTR(g6E6=EJ%GT!=3l>HbV!hn;n^
z*jf7$b;vtdREj(8jy~|&`6z$i)36CiD4%fM`4T4E9-gc3ptZ*(J~am@Prq@l-*5Ol
zHHMGYxpVy;^gn2vJA!uDukVM2cXQp*9c=SS>r~FK1677+sf+x#!$eKgHh1`rRy?JG0?}KP=^N)z8g;VzuP|>K&>4owg?$kHH&l2JXS5
zPCSOMgiT|ohwsaBwhJD^HpWPB#swY&zbmuNdY0lGpmEb8*q6t64V~J58Xs%llzH-k
z^r!z0d!95!naj|l*InS#elEFn%vtV5Gn6~mQEsO^GuQHOrnwJ{Oq@-3P&xPK2ifij
zHpEyv`K&@PP1z3IAxGdh?~kf>GHigxn8y0Fc8Axt~%RrIk(~2BGY)O2sn#|dg^-1{b_AK=CJ>=
z^_xR=G&dOwWMQpsGxlY9_V;!0b@2f+ZUmoLV=eazQ|pZ7>_3li2|J4K+7HGTPuYAe
z=e9)|oOWJLo2S>=SH>4TfOBV8v3UUN7ya&#-}F7PL-=9nGokSifMMHag2P9zLjm^F
z@8Q1R6$ZaNFr%<`B@2ruvF7Hv+SsNA_fUOC5uYnOnbl_g*Tg;>=}e7Ay4|mHk{%@^$UU1Dpco@I*S+W1Hv<`kgS@m1o2ym&xj1}k^>!p3D
zkNy+%ALmbR7=Bv4@cs3B%rMp{#s~6@>|gz6V_fYFYs}>m6SzUo(mIIqXXx_4qCV3d
zimhzXdc#ZR@seAsf&rQb^xmD}ZM44h(mK@#|2Rr}l^;0Q%c$N4AhI{$i}`3f+V3sgn8?YbhlqPIC!+wCUF8EiO49Jwo<98YBqA!sy+HcJx
z86Em4);Q=vVd|IN>TrAykFPDHkM2$!n$$;|rs<=Jb@o}W;ym;nH}RsN#iF@<0#&cCJ&LEjXf}qak7xc34YIK+s0HnJCB2sM;Ya@
zQr?4l^r^3K9JK2ZxrcO79Gs)}F-LO~-|LR)J=Zt>8hQ|0zeV@a9
ze-E#@D~)?5`yTzi#6JIDtLu+)8Py$J{;VnTtj_l#$#?Tw`1k|Q(;K(j>~d>xJYD};
zJGc8Qt^ce$M*G;Yt4Id|=l%ZGMNN>!ac@r{FBTE?te7sdJs|FRWTgO*D;
z84%~cjhWx~33=b6j`s~2Q}vgj7ecY0Zqe~}-Ku@ik`BJ$49RCEfBB8_{_0zu{*zu{
zyRi;9kt{03JUqZ$-d-Nx3)$X|^g@y)BdZ3j{naLLkXSd|b21eBH@VjszD48O|CI_}
zptRv2>*kgT-UH^vpgH$_8K;R`fIGW4I?o@3jLz-zO#|mcx_v%lIQX`0KRl)Eq%7lE0Md0k~NxZ
zy&|r;*DFL1tw@A%c2ubS|6$V)ojJ^S84u8YLb`%kR7&z1^yp}YLwA_xYNxOVM8~ZV
zefDkEXIt)<^Z%QHr#I0b$$2NRn)Fluw=Z@()-T5Mp6k2`$hpw=oAtc;G|!uz(FZ+L
zb}AEmZh(W~EMo`zf9P|7Co|j4c5WwcbW~~Euq~IFXE|3e&zy72|24?i?L5ye$T;k)
zvCk7yy5-dUwsLaphAr`bsd3J=C#;n`Ug2k|^+3qSkjYzF4i7XB0I!7BYv@O)-vZVd
zn!@ni!1#p!wTEP8Tjqu@KI~GvvMlokl5H->?O^N7qC;{0j!XSsTAkw4(!R#2`s|YW
z^sY|T=eFc?7o2gnNt`b_;(SL!W7@A16UT2?@q-RAU)FduX5^$
zugUr3uA8Roh!gUxAti}4wlRhum
zpQojdT34m|^Zo1f6{6QyIQ068M62k$t&BI9TE|J2HUDGcwlOEZ(M$`xzW9y#{qJOTDHUB`hQ~#_WnWiG{+*^j#+ebzy4Er?pn8ni8E!9|O_eNJ3&s)E^
z_{)nywKO_cTY}l_6UT3y+xakT4X$$izP^`q=04TT{ARhd2j%(0R?FhdTFB+LZNNiv
z@AmkOTJ9)Nzdd5)UvI&djnYP-??!UY2Y|h^=buyih4yznTYo@p=;AZ3{Fehm&xT^R
z%X-jE?}Lq}ccbJ>Nx=ZwBQHT|(?p
z9C>eXp5wR=3_4Avd+UHI94AU((CIDV556#Y5?Ff2+faqO7lFE$JzHI28NEE}8#T
zn9IZUB@{oO;&*&?Z8vnjLi(LYzq9H4hv<8*qbyR!u?Y&#LYyo;pLWREUrkkNKFt-^
zdCK_rUmD*6_IbcuSgf8Xg1yWT$lmW_vC`n8PIkoNpL^4#OsbI)mqqm-Avd+ED(O&)_^$
zw$9mt-?D+mFmOGG>D_qe4tZw*z4OcyAsS~3dW>pSi}hiMWN;0F`f?G~E_^cBu8
z;<85WSpoiZJwEJb-!I+|
zZjD)t_9&J1$fj_cACv3ESXw1)Hy`}!N23~lGZ59!*RgFq!duvuq&T6&EdJ~@jINrl
zP^??Z(zjgSZK6DOIq$RkfBB`)P=mAhpSDuE;7s_L)h7c((%0wZe$+>CPf6Gr2`iwm
zK?(b{gt;heK*HXTuu&iF-4gb53Hu)k>y@xqCF~T1<>j9YG|_sLOjgi1tl)9zV!oF`
z(lb)y*ZDkh;Re?E!}7jCdEXu%=5b2?#aP<&d??l`4V*n8nMHh
zCA^HnJ1GxSc{raQ$tTaJ_q52xt=3z#HXo959JcFUalGWaf}=aRA5%RCCbquv|IA%|
za8p-yzfY1aA=@B>42JOW^Z~If1A@ZDodDLe4VJ;1IvKKcJ4_I1Hsb`Ey1U&Swp|62
zvO8{u>3Z5^m+6F!@XlAWy6WisrhoqF4D;$$HcCnRf#ov;a@o^$Sb
zdQY;jo!x)-4~?YvaX-#I_uO;OJ?D2)xmDyZQ#^L@Ip`P1f~E0KrQQ4eg6BtuV(EY2
z__QdzH*aD=YhSs6#r`#JYb)GK40*IwXnQ*A(a>KYQN#aNcqrcj$|m%O*=UY`z2Bq3
zIz73T`9JY>zqS(JiTTMNDKX@w|9U=;L`@yxB`2oVQ*NtO)Anv_261euHdb%O4X@9X$5yW#y|dUt0-v)CEg
zXRmLUd;a<@&P`$MB$qoIUTewqFEF?K22%e+{6@@O(BuurW9hf}j6NGcokfJ5Fu(u9
zrnFX4tmoJ(*f#XlLOQ(!bn;ZM2`BFIpg;YkL|F&<{~mAu={bb$M?S*A-Xb2}h
zRcX&uT;_VX=d``kR(u_?0LPRjFJcc=+t%&au*ADlnfSBq+F~_aZS(A?wq4y$v=&Xx
zNb3O8`k6a%?WOn*ia{&JGmr8-i7~AX!1G@ux5Qd_b|(IwH_QE{v)o@i%YE$AtnzP-
z5uYM4uC@3?O6t_O_b}@U2i6o~!qECx^nNGkm=0W9fo|)WZkynl2WwC**meh>|2u>
zVHJAf7TeZvrFdt5E$CypLrto#XXAfiX;ST`|A@U{HT}=Y98Sca#qpc7jX&XE`wjXk
zKwHp_fKCg6j^bUH@C+<;cQx0t9qj|gSUuuLK8Lz^O?Azr|JLdB@Gs?G6`QGFx?CE6ty@O&TmOjh-k_$e>v^2*v%-nvLaK*(f^tDr3
zMaI#p(0Q(;X&(Q@RKJyCh(O=JrDLXGT(5Ny^9H*_%fK+SWg}yWhJCoND#}MBtZ~ur
zXq^pLsbKx{8udea2S;CyrT_3xS^x7E&c~AD@4Y>~yF=^({thNaM1688>W34a?TINF
ze}S~SyQuwju$RjmHuiFN@%hbesAEJpvo4BDY4XnC%OuZ^DR^J8R&`QhaD2+!Q+$EZ4eevA~&k138*
zd_nzU^JBLD&31pb_3wAR|GU=z``-S!wr{5Rk>QoM_wVVo8~J?3czymij&19O_YT@+
z-b1v9_Q+@RX9oxE$CL8?my+^cBCeG`tjSniPh7^R`r{UHh;kMxv~PbXBW;#nA$+Ui
za?xM0*M2s6&>n*_G4J4NvT4fLQ*WGNl_+Vf%JT_#`y}f|OcO6_mocgNhz1(9zn=rG@W5&hKaF`dXlAJ@o1D5dF3VFb+vY
z+;K^JZKx|hervh^Ycq)TJlKJr&YzuRV;S2O2|*Y#99ACYsL;_)Yo%ioV@
zEcRcfdSD!S?Kfd8)`8we<;SB!y#eK4&+xd{@whkEn$JHf20|OA^Jt3qmzA|fyu%4D
zXEB#Ev4qA|zF)+DPxJd1mgxC-!c%d6zntICz&$JCeA+(17*5)+VLulT&3*|qJDWtG
zU054HrfMW#iGDWp3D@GtBf9L9@9sl99FTRp1~zU8Hw&?VY%4lH*D^mgQoHqM=F_=?
z&a(^n88S|2k~1(WZp<7TT=z|78h^yFA9@+Rrwe(Heul^!1?>k5w{{
zoT!n0Qw|ZG>gTdzT-MQ=;`L!`s+-n`ojiW?==@9{<7f5ww;H*g>*KVK$7u^)e`E;r
z`p7Y=&pdN;cA3#>-v7D{{k{)nzD@eS;Qq=Yp7mabJ;QO`{~4Y=_CsmU>V7(w{t?HA
zWZ`lCby>d#a`gQ(kqosZwFKTX_Omda&<3nO$@TXwlGy8nan>J8Z{soU
zf$LCz+{L-k#|C3*yFUJl5Pv<8`T%naV@w&$@h;Pu`KCp9wv=o8tZ1MSauJB5P1XhXR?YMY%f#?YSC9!LEJ_W~$Cu&ti~&4}+dMP&}G66ZMT
zO!%+WCi^2|IM}YC{_$>Nvr7IgX8u4ue|K*08+m*p_E5Zi#FbQ(aroJ#+Kcx7%?%r5>BR|*UGU2+5j%hf17SZH+&8@aBgRz!<(|`sCk`mL&2km(f+U#ZD
zb8qHuW$cx?Jh##0f4U9oSZ4YkfqCtMcN>+KxWnXgIZz|>D~A;;^(XvypkJ~b`NRU8
z$B55YpH&IJ3dbjyLjFda94GtN_AWqK3VOQjEsud$)dAz!k)4JyIJKJn(#PA5{c9|(
za2Z<`pub#4(kjm^!o~iU$n$lgf%2N;SjybzC9u_?eB3WXoAd1)W32Jf`DlNxC;ZY7
z$oOkKN6*if;|2S%DF?LS@Z#pkA0YN%t&A3_bT^}i}9Lw{5-AK+b=r?r}}$|bhne8Ql6G>Moy7^8~u`n}@TsXmyaxTi9F
zs$MVfsp_x7ya4r-j|ck?zq13MwuB$d?UiNUr6Rr^(5$Lp&X)6>J<2$Akt#g**70oS
zHeXR6Q7GQzK&l^Pi{k!yiv#wO=%aKRPV&*Zb!rd%mNB<)o~(m@*236|q|sNK
zd!(gT{2<#$xmj-C-*~0OmjZfS*8A7OJR$iZi2N{AFlS4|e*~15v_@!$V)JP^tHk9&
z{O817Q5?@1%WH!9Y+kP$VayYEh0zCQGK{ub+ant4S=;%X`AP-qQ#11{+#AyQmgJPJ
z9oLlxO?V^ly`_<`^E{fIYtBK$bNUL;rK1&?Bc?u8#{1p5$fppLfpgx*Wkf1)&dYND
zh_7v;Yww?#i@#jFC_d!6bMF3+749ct{rPDMv5qV*UuzHW0LG*vw$T%Ae``1Sk9H(+
zUgBH@o}oO#ICm-656Dd9Er-|@$8#x^r3c}ikhp@^lDV6ne11px4|M2&eq1@D<8)cX
zhBXUq9}!+voNXtKPQsv_+SH5+X+Jp&s8cp-fEuhS8Z1E
zr!vl=5$}tzwm>H8SX)!My_0o_!&c_eLcnKcMQ
zhR`-+p?1B~rpsI%F9z$!ccg4?$QJu{l@ZNy9>kS5^H_14v90I_rtB{CM@vAT2eAJ(
zZ|fz(EN&P=I*V|VYPBJa_fM-c0sZgh97X7#kUNL6bssz%gmDUzT&*TKx<6S8chgDd
z>eH{==qxLk&#`MIJl0?`_m+;qi}4lH*Zp#d!BvoFyDTsNcF}pKnP(95thkJ|GNyoV
z_bi0Fch1v8F)2av_o{*a2jG7X=a&eH4qESU9bCya)r)poYlpDSO23CN=ndSp2N-wl
z%^717kJ?d>4<-+P&l3qL>evMD52yIN?SQ>-e@M@s_Cz)cb<6^7w1^+BUTl(QQK(lX
zT~Gs^a3#rvo!nm4E;0154sVpJOhkEv=i{YlV`bXd$_?5Ka@!}$49r2ZocRvZ=VBS2a}@e7
zDZAs^n?N7*g+{#Yl`uyCW9omYxuuBphzme-;qW)Sm@jz($Myox2jq?Cpg)8~D=JT8
z8)MwY4rs$b!Fsj}bfoZ=I*MPwm`JzZ9y9CY&YN*>2JnALd$
z^C#Vh`Kf{4yMYFFF?P8SkMo@8o&r3c(z^0eDgUw+)6TDh6xV^{V3zBpWD=Hx_B|YD
zT;D61M%~u4zFnMu{vgXEGX|)IFhI|F{3d=WFXET092>kG%7Qf-^V8?+xyJW|Rmviz
zU;V9Q*?Ei9msc0)%R$nYDSu0e@xgpph~I3gD_dAsbIH1PTTpM3?SGluAGXN(iu_f@
zv}>@SjJ^VT(1%|jZeV8n$fz=R{8x+*nPVwm!?
z8~NENJZr2E*oHTUy7JgkrQ6T|?;s{$jR;>>c89gE5pIgim$wr7`xhnpi*3D!@M5pf
zdf;XL8q48+t=Ql7u~d}tosj1GoYc#2x=s0Irt+O!es2!_cTh%Np*?-2p8q+AYh3g)
zj#a6BZ#nOKZM^R-&Mz)~h5`k9UgRtEcdHfcwCBCbd&wKO$gcQXkNJzYqzq8=`WW!K
zuBV}$q)daoTKJMt?hlH}?I?}^drRi8L%O`m`BXY@$(RhB@6}AJEm*(!=!_sg>bc^|
z7U5ssoNoUVeaDldCu7O$|F|{T4SQUSA${V@uw|!w!Fa~u&kQ>Z9PiG!>9=#mV69@<
z(976{et~6FAJms|NE`YI$JSJ%gU*Nt(6%3UNZjvVa2)WSo6-j$?%-IUP143cS357A
z|J^j~mk)_h{P1EQ`m>HHF7FO2V>|2l2k^eI$aNEbXVBLw;xuyBS=r9};~Ubax3<{c
zgz=ophBX!ueiwfG(KpuRwl||s6#4%#&dQM+$amsW*eU1y<}TKMZxqUhx%dY*-Z1*N
z2;?u;r^oPOov(A9t{c+v6-OZ*y_(E0C!w%**{H$r0k49xu@!PxsKH=-htL45q>hzkRJwH(hrV9Z`n
z0vSAqc#-b!jOTJq>dA{9KgLqa^(zpUu}Fc8%YC!w$y47>KDe@kjYg}n-Rs!BOcplr2cH)0xfAXHs==^+0(43KcwTS#=&GL6ay-@xkzlR(KzR5!JrI+iC9c1~Mf_M^n
z-^1e-eM!nG=vT%8yrmZVry_y~G^;RIX7NyRTj@x4qpade6Z+
zo$?PmV#(a0XVqWlj`%~OJ%w?4nBNBNmt`gL<2b|`%6}8$JX5F#DPnai`jrhkBwltX
zpC6<-skql@jTGlT_6q)X2p_!TgFZbnZU2OF3hqPQn5)CbxjOWBXud#Qe$bcY8YSqt
zKpge25U(Wz9BZ$B0{XI}5WgGq>Ajk3no=cyCy}4)9BkXLdI@Jw<^LG(R0p(?`8m)(
z!$&zmEOgeKYioqIOC7+I+6*+U#C*)8$C&%mp3>V_$L;%TZeQ=zS>G_w&(5%Dp7(Qy^7sPl=^U4^g7f2B+}|=&f05rBIscKl&-%EV^NF1R
z8G4E_2yByxt2BP555^`@<00$_X~+1mt@nGe^mD9p{@=$aKgQ3T5aXvZ@Oc3~S@`tB
zwMzJ2U(|or>q?&AEN7jy@8d6iexvIIwX74&V;|BjP!{H4(fju|+&}-vm}h7F%zN-r
z+*`E?pksg0T#)gtc)wojg8NbW-Jo^D?>^|;MKOL7@oVZBdl)flf+GAzl;U84hd_q_
z-p-7|du8JMWyFG>Exy~wYyFXHMtrv_)+Tk@!#tz?$!mPBvFF-!zlJY@^Pq|l?bSd=
zlYK4%|0AY+dLXxxVfH(PXHPqY`ff;Uz-uJGLgHSKUykMo(<>yZPs7}S|DmkzKQnyQ
z&_A&r)R#ma^SSf?iM#sfsLC_{PME+blug
z%s@Fk;MbY$2Tgk#oM?B=u5CA-1*EmxPO_7P-R^0F3`r~m`926(qCrnq5rYH`A!^h>
zqaw4<^SsZUd+%f>2}gJPM^2Kt@4WZ@e7>LG6X_Q=!YK^GdvJf@H`X&6&t!VAf&GsG
z=m*=(CfTDp+;E>4bGrwkpG$u##_`(hwlb^(`2x$~%RibrKO^&_>HBxq0e`_dd9%%*
zR0hPaJL|-r&Tk3FJCk9eAb#fc>~qDs8S>ud!&sZVXiv{r>Z-7TyjmwVwxJI3G1Ic(
zsFZa-jFz5DWek*ENzTvjRrvzmaVxw_Z9mm{dy4TQ?W1~(p;||OyIvoCa3}E84u8z{
zoLDFA{ZRTd(Z}{RljGu4YXYBL#_{6)xA0zn&b17G@*&4Z^E{H_k^L=?|K1O^@lW>N
zSK`(KW1@~@U%z{+RptksZ=DPaDs2K56w-yNI4r1~jsVaH8_4j%^joq64_MyS3m?2Uu4<}C^I0c?K_w|`^=
z@sV=EvgSw$Vk}?`D%?qDLY$iABN9h5zQ0eIe=i!5c=sYy>hQAfFy$G=fW^OsV`)Y&
z;QoJDxeVlmM
z`QcBZrI#ne^Shtdd+h~ny}PlFH}DVDPlM-Sp2tz)0Xe0Mb6uBSK)(vnoG~0b%A2EB
zNpnuK-e|ipJzg4&vyb!-PftHV{Ms7OORhJMRc4xhScY{cu;#?7A4%-kreRrgVx8F7
zr9Zc6x^p{g!uc4cHJA~LA6u;W#f=e@h~7m0HE35Y3R)imxzY2?TQH~ftr3vv2y5Hw
zR@T6JTnl?L**)oQl5)}1wC2WGJWktr#J8xusE+9r)$fq^rGW3t$PnKbpg~HK`*M_Jv%N!@!&~dH3jaBu
z$fFw8zlfFsoyrR%7WWpa?~48)PsP7ctpA0|XW?%7|4jRJobQ%pX!`s01KzKb@BRPn
zR|}8R5AQ71?N>mzU;DW3_44-+j(F+TlUucLl`n{L=qCXu~+fsqnveUDgij<&F1&uavYkHP*M^qt-tf
z{BnAs!TxzRS$@GsRJ-+_#i_
zl?vyEQs0`p6|(d0t5$rb-qH%!hFah1yQR$PLs=Dc>Kc(tbyjO+-sVoMlM8=GW(#pi
zUAI}hZr|W_%Rg)MpTuO$B>p0r|2q@sk2YYKYwP55stVEg1C9#J&Djrs&#Tys=MQ-APo6R6?mKk(Gu>y5
z_zjb-8QKsVI$fmK2ShooPaS-wj=K&%3$Wd+h<$#pzu{VD*Eq|t23`jIovHc*&4o&c
z>^fzLiCd8&N|kLE6kZN1cXb)-((X2Xt{{mq?l-L~_(
z?He*A{(3GQa%n4x@f(
zT$hJ=UBYkc*QKC!Eygw-`l2;O{KlCgetJ`XyVS=eK4%H~#Jdpt72`V+#=pER@%6Jf
zZ-{EH!Q3%E{)CQR)bY63~M;vM!aw{NR{@AB>*vach41
z686(?WFC@}kcaGs?@YGF$S)9^mvZ-@kGU~BYqT=+POuj>FbC-kM&z|{8Bq>vc|&wAU6eCZfMH}zSyhdi+`ckKY+f!34Iv+KW`cFiDK*7
zBiD1L4qsE=5mVa{;Ry#?R?$0gu1!C$Z?`k%e)e0_$J>07YsrnB($=RD?gXwgwtM2z
z&7AjN9%{JV;cKyC{SIYJ#j;Y@NzIuH#{F-a0_TY4e<~iI=_BAh)=rddgt<0WFA#a|
z4z?3ioRT~@zVC$g&r=idb;u@sgwER8N=1~@S+lG4U*FW|OTReV1<$2T_p)l!EstCc
zzRuP+jrb{8f3)E~H}Zhdy)=e*D)IeeY=>B9c)zQ2%J_#jlgBSuxjr(;{1>~e5^HP?
ztLwa*f&!swW6z#rUNTwkI6raqfL1`Q1;ClMkHm4F8_NcC0jezJl_A
z{5w}cS;4H66*PP*loxWREib^iX=_fMU54>e$iJWBcvSlvD7&5SQgxM9tj}kE1ap~*
zA72l95sSByxeJ4~Z9r?{?oabQm}BJ_YkpRtc>5;!{yK?oGU(Y~9FE7+>EA>5s0I1d
zr7vpxVq;(GNFeK^g%RI3!u~=#(4L4;LU7-P5Z}bcvCbI3A^G{rFv^7b^}_#gy`bGr
zjQ0q@eXP*wx7as~f80hsK`CEabn+#B7r%46YR_XiqnYAZNx!4H6c#$luwKCeJ`0h4
zw8M!(pKy>~nSt?cLV>YXMKDiJ9cR41P<Tv8X+%kW!d-Z|#x%kO1%
z2%sI<-W=B+^NFu!JWip{H{|niuOo?0kjFYfo=zvogZ;jf)i)@|cEBYW$~3cseshVR)L@AZNF
zH-K@_CW>)F+EePesu@R0jp@Mmw9iudFh(^Q-ddtubU9xS&)3tDl>hfl#5bZCu4iO?B95=QSmrnA
z=d+aZ2XctE=g64huVk)|z+CY+#<80yj(wQcH=^Pnyh^ySV;xVT{9O{shB13$wU<@>
z=b%ylc@_18fdfr^R{xW2FUwzzix<_cr7~UogIA`ve(7=RhxsL_FX`scQ3T&zWXOk*
z>+Adq*Vhi~do^p9`HGf*-^lCtcf5X=d%yhpb@v+S-()rrs-5K-%qn0AgebK|4FQWjGwsr@x$0I2YD@L@>+JBz*t2$$MDFx
z8TZ)Dd+g>tE>E(@XDgqZsq{^!KJQ=ie3zb>-h30D|34m
zz8UdO;&~kA!=e6F$LH-KwwWj|kj2IM
z9Vo9wugH8g_&d_DjAPNhP-D^LcQF=iKF1(*98FvsH#mj-TzAw+e=Wk+M)7a+v6i@A
zUi6T>xK1Z8)-tZv(xaI71@eLLzJ%A!Q@chwT*IStHLvNvBmLtG>PJiGY$FenBS-MHAB}I+AXR>
ziQ|*$enqvKad^kFC&cIC_p~@@eQbSdTx`9nS6~|%+wF>QZ2C?a_dU^vqj0Xy_+d?U
zu&};7m0qdYW2%7`DT9TVoGYdN>Y|#9&8f~Z8UO#y2;Kp+ZhtRDYqgvj%zqLdIs-_v
zVB8@gObWKU4DF^PzZ4zT&VMG*jug22=cBcK)5Vt`KV;<3CieZJeXoY>vuEHw$@(kv
zm`)!&gf)v`f2~?=mUMo$4W3zGALwqtS|H!>S#O|vKo(Kek}lS_*u+0mTz~X__J16b
zc`leQ1;2^!V@@~b!zk9`Hh)Wf`(>^<;5#JwzNy+#F_UUI?=LUnHlJ{tEVWIO*2cqa
zhPjR4HYi`H@5<&jXSmI&gWP7B*2ckY`qlcUYMcACHksV!1h?4~YvYQwv2mNj+$Ny5
z*`T$taGM@(bC=qtQ+t=-HW6-<4Q(=(?k|r<3-i5m3soGI!EuYUf4A_Oi-R(@0_B-e
ze)b$c8$5vfF>qjrKi|xsABWE^KbKfYh<60Mz#t#!WrNTGjUNUlqyGoA^XuO1C^LJM
zGLV5U-3sz)ejGhAW4%XR&1sAkcNy}rf{LsM_DN;Up5it$=Gp0=e?Q3hCyO1|5uTpp
zH!A(j7KLrVFW$`*g&<4F+LE7PED(H#eR`n3Z1G)9{@HKDdoPINcO?JrpQvA?L0>9%
z-$ET;BJQn&*7i_2VhdUt>f1N+zEO5ScccjDE=wv8`37U?@QU=RgsAQcJE8>e_=hT4fgZh*@PQt+)w2f(&vr&
ziHHk^a@lRLf9ZsMiuMB++q<2u%!`+xy(;ixefwUvYZdL2_9_?E8It_W!aOH6K|VU>
z2U&;@$^5MWIO7?ZBLe6AO~#=a+}q=BzOIb$Q2Y4~oaARm_M%)X`|Y*JI(GQ{I6vRE
z7xOJ8uR1XWRyUphy;I|JTNzsc^(4fV^^4rlBFgR02_bDl{RsKYvvKoHH-CV2e?oqd
z-(lPIQ_5An3(iRYzt*=`u-rQSVvl>R$PYQUl#*Wt{_enjMT%N;FNZKAgU~m=*JNL&
z1jNdaRe(N#zG#b<$NMzpLuK&UYEvH9z0O+><7u(O8N+ASm{)t(
zQQz-ZV!y52uZ{byq<$ZTejoJ(bo~aX-$$X}0`9k9xk=oakM{SMgx6=XzwTABp0SpP
z=a|f)E1$p2tJ04m;M-|%{sh$o%~3uly?;&nr_smXvzZTgeZtkE-p$}1kdJkJqONkg
zD0MD2=<634tLO~qq$8C!9eq{y;29N4C^hI6MWVuFc2vwIIWX~lA7Q_zWzWR@R%Ln6
z&z!htxTmOlJ;gT5lRX%3HaWJMl0-h=+A~o;H^Es(T?FV?8_vz4uYcMjb#ZkJ-{vt?
z_r%A%P0zlQ*^`_;A--$6eSVqRe&tN`iRQM>VcXOAEIixiD}7>pYqN`U}Nty(81W>8Ja@JGuX0Hs5*NQ;aXZj{IA2=R4iLbi&k##_)^$FW0x<
z#$(Ldjq&hRl)Eklq>K&!Q%&LBARA&I(aREd%rE22LZ~Y(fIb^K%eimqGeTPt_Pt1*
z|1PvI2%BwaE{)G6)yOPsK!h}VdD3psen=!XMC$xs-
z?(;hkd$<;4;p}~KpH4Duvg|?}8T2I%9H`kWeW9sTm&irHhM$<9@q=5@XF&JxdnP%
z)w*^8Zg(5ETliURU!BMgV~u2CTI|AksC2fF{fx`uJ2ji@;SSD@)QR*q^pQmwTL7_T
zpJRWLo%_B9`X<~urdKnT`jvQmC)9Bfn`sb={9m3hd)TXXw1Fz-o7bIO!
z^+sGzhbY?_!?;coqpIln-wTQ3FVS~~Si>`j-@%y&IUVTkz&zMflknuHEEQ$@gv*y=
zzt1aWPg$cF^%ala{{I5v(qsKqKiSv!1sp!q9kAagfo7V8e=NrD;65BM=T-=+mp3uq
zF`@mxd;0iDHKL?5RYaZAZk*p*ifb!M!oNlP*rA?QT(^cz{uO@GfhZrU)xmjBAH#mc
z?42-9#66maaV_u}))jpKkI!zVSm`~w*t&wGv328J(uTJX?rS&c_m05_g*V@H
zGEdo;;`QOW&trOkKCM}zaEU6{?HjM{OQ-Ky4LLe~v9Tqvx4wNb$46}HLR-+=PV8gt
zr?q{UUws7R(G;=w+%1Iz-d)k?7t_bDiPL|fZ`&m6pT=|)@k`Q~USjOsI*yGQ?*x4b
z<^Xy;VWB0$97<)(p&5)hq~0GB`OY1r&#%IKc;Fqk!X3kY5QAT}3t{}9(oh^e09M(RhEga<+H5)T4A
ze1C}@pxU=qM-W#a7LOv%c3~UTnCvkHZfw&64;lp#)@zR)cTwoWL%Wpl+}@L%5r6bOt6%5eX^gIax&uD
z>%Z?@u*4UHANK~~qt8t43Vp6H_LV5UrGL9NzQP4dRz3kgc2gi^5^JbW^jkZ(JnnN5
zW(@Y@fic-!H9%u;=P_;Co;XjR=CAADZmJGB7u?~SMSa%#^nGP0k^#2gppiQ5r3ZAHXKF?3nsCn=`btzbMc{14|y`CrbSK04~^
z%J&O_OtJ}#aV%-o@S6m6OoAOeaU1tQm|+t00qEFLH?0_k9^4aH+5N0_TWd{vKm(CL5SPz3O4Q1Wbb|VzM0=lCLi_>&XC{l
zef-{i_uY5D@09`*#keVdV|sT>h-$IT4Y^?s2gNx^odx?R9|k!6!A&_g+B1Gz(|&3l
z#hT6yQhm`Iv0el4lGlkXu66oTq^P=K7l-
z(;YhI{Ge}a@#4Hd=P|C)T!;6-V9EZ$m1ky4`5?!iY_=6?*V#Zm$O)?Z;AelqZzXJtqC<#u)qf>yhg}5^I07xAw5k
zYc}WVdH)F6WfQUH<&K*6AFxj41oq{&sob{X$kgTZSbx0H(K)&%ZD{5|xc>2x@#E7Z
zpJnKOBjwVS^%if$JWs%@8SPbyU#jDJo!2_ij)6ITscqUA`y91@jN6~?M7dh`qx^uj
zX7t6GC1o9wZD)+h2Z;H6K0g*))7lt6i
zGauWJ{vXK+nA=8kJBn}MaWFq^y3FmeM%I$Sx@9w^Uac$;@#pe|?7-s{$QlR8~vEiRs+V71RGeeGrK>8nUfK0hAMw@c#xYbUeqBU6*#(qKvMJtINYe^}D$
z5$`sy7MGf3{|B;4Qz%x^Z|r}8`|o*`YJZy&)cv~5pN2fA)KBGbUd5as!NVHp7UeSc
zXd=KF&p75&oeB4)g5`Y-qx@HCjY(2(M|1Y_oEh-$vZnHLTr%W_9F+OKzhYg+P{+ya
z(?AOlC%sx>s8;iJ)oUZi8W5g_9I#$3Gs}pR-O%rPO~E5io=ueX8et4Sj4=)5?GDWs
z3Tl<1?wGL}W5!z7K{s50mj>$)^YIRwiI1c6`-O6!JqFv=9)vuQB4961>sEFItVK57`pS8IdK;}TUCxd9`6-SMeuF()W}D|=P5T`7pS;o<$u0b6)^QHNGyJBT
zHRFC@9(u~zkFh^0w=(t{RP~>5Ea*3j>q|JoJ{-BB*u1Z!92dC0m27x;K2_e=2F}}2
zf#X?9WZu{Mn7pq^EN|tvk}e_kY>%>@)Y3|JbF+-4%IUg^eGG4sc{OkMpO7@CEKaW1
z2u(6u9&{RU*28e_4q)8r+Aeio@tk&tbIIlezb-wg3LyOEAwMVSDB5Un{uyk4!{@8v
zSH%Xx|AQW})?WwTZvVD*?liFq+OG{FZS}#kk8wS}p!G~k{1Lw+-r6MQwPlE9ApiW%
zWs$m+$af4JCfvn2@m|Q6ci3f_liJFAec~|MlHmOV+48=X-#eea*TcDUzZ_Nehw|WR
zex_mx;qPFA<{#32y0(atn8%{JDmBaH}m~}Sk*{V_@5$qQv9ZCtk<#~
zrdmKs7Qng;U5p2*@UAMxz829x4NCpfyUafiw9uJA|HOw?{YQ9KDD8(!Bro0*=EawU
z8pM(=wEv*(m+aO#tbcI=PrX>i6FnpxXTB~zRJ0(^sqRyPM;XIoK}&4DgUFh_yylD+
zS-*^I6Oz9e1o#>Bzs&^GEWSGtmaj4_&%(Q#qUiD1b!Uk3z)ehB;5TUehQH@;c%hlj
zC!T$@A3VxBzRk@Mx^tH2tZJUz)`tm~W{x9EW!i}F{64R3k6-34Zo@qIrTok*
zpB2iu#*8?9@8NcCL*Kjk*#hp1F>z*5-umh2%B$jE7Rs9I7zc{E@Nta0xP7W&3>!Zi
zK15@nkDbnSVjfrfe`u^vYpnd-4Q(6~=-(CJTqNbBWr12Ta=c#p7mpl6AMFNcC;f_n
zXWhj2!RkYVlXt^etAKg&z2aN{nQ`ACzk6+KgjZZLhEJMh;FC`AnoNhnbrvtE`WXxP
z-Cz^p-i_gWi@E-~53Q(=91=v622>wA_vvmT90pq2f@ceTQ@+W#bD)Xhc8uo}`&zm0
z<|g8&$HVoWDd-;xnx>Y&9sO@slRcL24a^C6n=^^ylt?#oS>}v)vM=A+gGhVG-kcQ2
z-ux2R1_~XF_|JF1`tRm^?gzMkT3E+Jc4Bb^_$%i5ya$n9Cx_|y?w_#!pZm^4x(Bi%
z=5|nX5Knu##BRvNU_YqxAvrG8ZP;3tEagA0-NX4JjQ$gX+usW9ah@c3@7ykR2iOPc
z>>r+B{`Uahb8Jr^Rd-iekaEE{7ke0%JLACeznNcckYk{~PBz!WAph~5tT(AXfVg+5
zG4Uj*P@?Xl5^-~1<(&_*^th?GEhK?ir{*K|NACUfHK%1TZth*dQo1H;B
z`TL#sGA)~};ve?YJ%VeP5oZl2mH*%V_-pt+uc324;en#_e`Gz;3;QR{S2V7EykdWR
z{|Kbtl-J(cI-l#`s@(tT+mQ$KF^_BBPjWQCv^6_?zHj$q?0ZTKekL#;?_&IZ{}sGL
z(ZAVqfpUyE+fcqqm-TR|eJnouUm^U}5}n25V^P+sd?fI0Y~b(mzJm0K@=gCW{t*Sx
z-#tP6uqh!|#^+bDzJlry&e74n=a4iRa|DeX_ewp?$T1ygaxL_ix|gRT@eO@1W3GB3
z`~Nc5jLDRBiW(nf|A&_mc61JbCu)IvswG3LZL?r*8>9cj%VY1F
z;8f@zjz2QKei~^Xt#fIdyT=#4d(N_d)Wyb=+24V6R`5DgEO$7K_fI;nwFlZ&@LC_@
zwRSc}){1_CNONq)`ge_ZXOUkF=G{Nqw^+upxTXA&J4Od|8=vLnjhHiAoKLp&yNJI6
z`lPMQ!rGk=aP1H~v`GYhQoz3yJO`4$&uhbWw!Od~b30RG{5X{%Exvud|D}`J4U@pv
z2E3CHc`Y8TGOMNb0oRYE!24MEgt*sRrdCti%MUm@w8m?!s&
z@bq$tg6|53Z~cpO?^=Z8s$F};Iy1k=89RO%kH6wYqK$9MT>Q9}dmXrzG`z#KrJ>X~
z@j7aZ0;T_a5%+VY^wIQcr@N+-H_vU*5BI+?v40Qlt4(yanq~g>`7P;|e|6y*DBv^D
z_yVo>AJ9il;5on?UzcSqtP;*ey#58^A!B9H+n5hq4)2wIE`e*8eM{Ce&O`kQkd#${
z+T$v2&xdh)LCS&H6jQ${I)3lkUaA+C6wY5vve@JNU1#^=9p;1k)p4~!tc_acd^-*{k$Ck$rlP`&Pp{kY6r*1LlgvE&4caapHC4??t+sCTa1X
zS#PAvXa6YoJ9d3eUf;FniRT&*AEuH&vHSVx`t_Q`2WxAQ+?PiK9=LO`E^r2{!wh>u
zu@mpO&`<42;W&f7l=!#0U!Gvz+4DSpf3jTDuX#;NpT}CiBr6*6*gsMJi|5D62V_4R
zh40MqHz%KS-N5yL)!mW~cRS+nF4lXz{~YBf(*@CStVxczNd8cBbY=HSw(CwB(@OrY
zF=x#l&;I{heEvoGZAqD0${m-0_g|TXG=CNE-va1+2j0~wk$jLS&*LxFY|W5-vNeFR
zV1kqdKbQWmR_H_W=#n_RPo?C2a6T*SkE{V|;C0e@e|j1yo>Jcbyg!`{$p4T$u5)Zn
zsr30wmUStYaJ%gd@%iCk9Qaf;#J^t@e2{lJ!aA$GhKLU-*5WeM7zLWK$a+Hzz0^rR
z8>Sy*i>u^Z4!)3MjE`50{qI?_S0o!`>9xE@|FaZBWSlQz@54FJ-Z%01E1r$73o_E@
z0%#MQ#D13=#--D(SbH1qKlD>T{6+cuJ^s!#yTgI{0*6+Zm2UY@m*W|b&)81Z_YA@I
zR{&dwhPZrh%bgn>Drw|qiI`o%qi$#yy_5Sm-EOxf|a3e_@0ZR&~MewxlmWu
zDe{8Sw_mvKsY3r9mZ7S69-Uzt1Uc;k{)VOSuKBSnXUhk=6J>bR6LpHEEh)lr3G0u*
z_$}ANm=>%v6{>0fROSETF`vUc1^K%3qNwx>@#Dba8SuH{zm6xe?O{*Meszk$W4I=T
z``=@E=+x7g-`3aa5No>)ykx!!I-}fM$TdBKGFASKq!cc|=c%)T!*|f@F
zf~6ODO0=&Q9*r6!Mqk^pht34vmD=*f&XG~;9rw?&mgC*?-0WM+Geo)M-Fg9@b2zqZ
z{T|Yf;$Hud_u8`uYsg{kuX{PR?wqV|pFN5G`db`_q~n-kciuG1V&~fl+e(Fl{3eUw
z|Es2D1MKG_>=%4p81+6y-{sZvLX+`QZf)}W)B9B9egggp?zX~^NzC^Hod{|((0`*a
zcpco2Gk|X6T(SDc0_a~mGBJOaBK?0c#wEuuhR`o!@!SNEDa1gQjy^iVpQW3m-iLIB
zZ*b0mv%4vGj4_`u@-6BfdW+kIcGLNK6KF&AlQr$<*d}{mH`=Z~c2TV$q_b-SZlDQR
zC#?_YLNCx*8{6v_a2$FSkJSld4FNnczxQ>3%L_68Im$J^S=iRdF+FFv21WjE#M|Be
z(OD~DJzI-xSieE6%F`^jI^IrLRjO&uqI^7C2H(Maj2i@a_~92}BZeq|3eVV7&VSc_VY7GASJjPQ49~V?{?}_|(
zii$trzZL(WiMOoAcuI^vxL1&WM1@vp9TrW}zMcTI#Pr%id=~O(O`$4)VKtmhujUI9
z?iLa5%DW?iyQxo}%uW~n3ph@ORtev_MX%l)83%LLRZlWTZ#|uFgh2(IeH<$R&Ir&7
z-F(P6mK%7!>Ja*Rdo|_PQZyz`*308fm-|in_m|l|zoMS-N73Ie8Lx`!vF;VMeTLiG
z;aO&^JY?v5p8J|)-$H3;NHW+N@_3w!yC}9B`>Qz~<9DZbp)JG{wiC_a=b>E_+iYsJ
z3H)Do#n&$={szxe8h`uJT?mhl4Cm>Q@OkQi^VALJ3HDWcio{@X?8>Bj)y0a$mY
zj0gWH43{PzduS)pwam5w2^(#(iESsp=e%frJ4u%x#m_K&<}n;PcVgW!(h2o*zs8*y
zUoc0%SDxQfQRnwFmJ!$Q#F)}WI?_DkPex}^?h&+u#-8K3G3R)$y!UbfrEoqj#+(m$
z7IFhFRsc*qfP+<&;P&7SgaP97S(l0NS&e~bBSWkKd_Lu>ioxgDaRNIcI6c5HI?wQ^
z-$8q*;9tn_uiioM$F?7H+Z8+F>sO27x|Q5nbRc{`Syz)CIl?{PsM>Z)2Q@b@kZ#zMGH_)7&Tm6KCE3-e@0(p?`!0*yw_}^s82}FTxw?P55c`Mlp6i1#
zfcJ^^?~CcXZX4l^5yrpZJ#))(GutX+&gTfnU)r~gJ)a)Nr(%Xz>Ne!FzL2zQi2Dt1
zotSnFO_u)>`nxCKKa`G?{5GR&BPMZe#1EK{ShqFW|7oiA5z_!igpB|DqC_Mb;{RBF
zw`?Um+RXgP8|=Svt?p!Y3iBs~m+OF@<^Vk{H}EGuS@Qw$GMxXTj>fB!cUEEGW_gcX
zDp7k@#(Q?4j_#=;-m@g$v*#H0o9if+UaeQ%Hy`u+74UwD>FIWUR$50mUlxZSdY0Ea
zw+?NJxj;LeOgo*WqZl_g4j+Va@c6uiFD`FU5ySTfYk?1q;RnR)3j?(y|E~ukb{;
zADo1L&qn;;0<>Zr`%^O0-J9Xtvr+%I1@jjoo-NW7flm}-O`sa+Qbhmai?Tg!e31Gr
z-$MBI0Q%}t-n=VV*A8Q%v(P?l(9gWabLr5>4e%(9p%?$VmfnjkW9fyP;dl2V)aI;@
z>{-e-{TcT?<)b_O&N%v%WXp#xH_$)ArIkp313_3H@+Lj7Hlo9oN2BRrQhled%s%lJ^Ie)Mx9fFO=VXEw(6WJozjOcBYaFX@#7Ac
zK0xm;Zbn^ujzPb<$Qr4?mJ@g~J*y~N$|P#9o8o*=Q)uk>6vf>y@8-x}+gpvef^aMg
zO|;hwHjmxwOAKpWj*GaT<49)uj5vI!!vD?V1a&2nU&YL&MJb(7O$>RWrY
z+_-v|c;^-2pYcSLe#LK=GRAz$GX#IzSiiC_j(!FE_dgEbJq7#bOy+ZRafi(5lL&Im
zFu*8PTy8eW_@vw*zB9xBQ{n%o*e2fq{CA_QxiWGLU=s4fcrr#EXuuzT!1Vudq5&9N
zT?O}&N#yzGqCHdUbn^TdTO#YzXysPvAB!n-$EZqv6L2TW_K~kykC?I)z!3r
z=esoi6)%lH3&ux1cprREKdfy4Xf4KP0}sf1%RH~;Kce5?Od=O}d$JY(yPMvv*chE(D;}I`C-4K6_zz=LPvXBIfN$H*_~>RB
znWQg8CGdbg38Uo1vIDOzkzE;8M8w@A+1_h_QFr0QVoboqNyytkf%!YCJI0149(gdUKUWogH
zi6CDjiupmz^=T6KNAb%h`P}WdZYV6x+UJygpbg-$9nN)h+f-<4R&8f5mTjR;5al0p
z%)DlJUdr{uCGAghIz~oOpD62=gUmEv$~_tIYlB}K{1(7(0sO*#`Agv!^Ybo+-xcud
zhF=f-E{ETV@MCyA(8meS&zbP~xyUvhKb)UNI6uRJ&dQ6}c^*%>@Qir>pSSCQj;hS=?%(kdA
zf!!vAKNAf)D4D#;OvoPs4v=6F7$*EPAj(**o3)ZnT-OGrmiB0uc4?g9OafgwJ;OSY
zY!|bf%68)}yUkhDrfLygXz7ABt$~xCWl8V7-+lAmym>Q;rLE`WjJ!YJ`@Z}A?)|=d
zzx#*hK9}d-^%U-@cz(Q0egZ4~hFuxSv{Iz?>hH
z1WlZX|0KL4c60gvF`o+l8*z;Iwi2EN7Hy10z$C1te)ubcee5dubAsOKhrhD83;qol
zg|*%fe`T=7t%5%%=-6d(z-qJ^ei6Gt#_U$cY%Bb>VvQ@fAA;XD_%-8SlK;PNZhuhm
z3-Y)~#cwOiHap0+Legmke(&VDyYgfr7T{{3PHr{vyqtmiib4M0!t)v9cNLcZmmX#L
z57(y|}(A|f=1+`?K5^<$cR6VN=^kt*1SZ)XTtJ1VS<-8XAQ}_h$O<9M_
zVwy@%;Q27N9|${Sj61^fT=RXXJp;b_AJ1%mS9uWgFLhzwL0!ClKIL6geL62E&Q*7C
zA2&QMc&Q5bM(Ep^V@T7rMLr_5OSj`*J$@;nYd4tc%LUk1%as(}e+A31E4%P)BH5<+
z%nEUDXcyMp8|YK*523%*zMoC`oZ92uhrUdG=-MTG?zDVL-G+Qh=I{A;W%gAYNvHqq
z%IqIL86WUh**0?KG2Xiv`F}U_|6{_B5ir}EE7c$V#yIBsI$xvugx|KE_rH&s^K;C^
ze$f0_I{!8F=gIGtq>{s`zuJejqW!s#QOp+ks}b%w_jD8Mxas`S%zVe!aWHh*`G*v*zy|+L0c!Ba^f*Ht)E3{9bHg{@-Da-#Zz
zmTkQLw@x0v2U|1uA8m@F?>A0}zPpq9{wDX`-zxe(!_fE7pWyj##kIHou-bq0Opy*-r=N0#&Yza4#a+mA1m29DdQwqz#03uNS<4ck%YG2^?;@6Fwg^Lu&1
zwSx4&Z8y(f(-@=2wwYtJnlZY6TQYxHrJaYn3>bZJEAM}|WyWY?|G(|#`0HGw_}<7?
z^S;mGz7K6p?fW`I-`8{BqgyA>Uu|0_&tG$xzkFLo-XbG^S*0C^%hT{!TK#`Z^7rw(
zGbHI6`lN>r?LBgh_hLg^M2!ZCawfQ=9*aXs{LP~JK5>y_p@j0QW8NjSE8CGjVBh&R
z^GDYf%qxL5@XT$&*g)Sdi4~jN*X;Spe(+8c`W9|UFF(}%e;&w=e3BjWqp5PE9eA$W
zAUBq$V%Q{WQv>RlM!Jkv-b3x~SEkZxgWK28Dn9T2;YDw=mp_eZQTg=aYRQWxP
z=O9;lsfY5#L*LgkUpasm^KCy(_*92UH$(q~8*gA8tr)zo`X*dqyK8Zaj*oRd379{S
z&i`73Js#-UI}^V3#_b)Ruk-iXn2&dC;q$LxX5WzWlUTnF2GfsU^-ao^c2Z0bj(s-w
z#ZGx9=FymiFFB6c4P)-^Lz<}L{u>^*GiW|;^k2jK)}YXRv~dSLOAO;K<#Auwlz!aj
z4f3~tlX-l?)I=Q_jO`NjDK6gFMDZ>nUJ&KlAj!4Qs(JsrNys&Ye^X}v;Dn76cqv=5kKviylj?aK@Rk}oTF7=I;TIDizZj(dO7;9Bz`20P
zHv@APXuccY<~i6OK)#z!Ls=JM$zX*e4gDb4>&q>@gQ2?0x4k()za{{rRRI8@EdKOKP0!
zOxroaZ6)J2zCqA&J^Mph$?vF${EqM}GKXwHciYz(?0F*;PvuGRY0&a48}-I|({-nO
zgE=PdU`*IHXqd=iOkmv{6%SW=4Z5;kjKggHTs(h+>$UkCp;#yV+7n2lSDN?x+4aV?
zXX4z_wEtP3etso`eYkMFX?y{lf8+jS>_+Ojcar||Nc!`0d_Odv`Tc{Bq?eBZPZ%@$
z4&mu_AD@3bBJ5rsNg;nHh3nrK=l3e!uN-&?qW>_)+_fCZk%Iq9_A7qx
zm33k~$@PNu@n7cO+px~ue&E;bFI?-=+y7PnglRe-;Ad3-mvzDy$!ZmG83&+Wc%~=(
z5ZdEm+*`08!h39gInylo;|lp9boXT2KJa1;!!axRw7m#CF$eZ0-Z)|yeL|e_Kwm56
z5Ek*07(-DkyAyToiqRH~z69`%ll+ZV{szVmMf!?77ODd~pWa71^1gVHPw!{&IgiH)
z?}d0BU(zD3&2AQJK3*&5Yq@ak4fT9QZtocbn$Doy_u?CQ^u5ITL2-k#)%wZ&49YX3
zJi$6!k(`%2@4Q>&i{!lM!J4Nbjx)eGwNp}{*DvG0J>-kmkG^@bySMN;kUy-0?RxmF
zIe7lN&m#La(3-R$8kD;o!k77D@?{RnZeA+~`a~YBbL@}2+*B7Xd>HA1b$6F5m{Sbf
z#P&oxfp}^=Ri^C>twlcu<)V0Blhx2p9NOXj1Te2xlB^CI*6%K8rwguuP6~VcKs4L-
zORpq%N5`ars9ip1&;8qqXcx43K)w+_CU2{+cA8QJVj?sXi!=
zGB#{$QSbO5alM7FUvGMAPN_b=N%w9uKQr8v{O)SLehRKfa&~%d(fO8Py%ExXn?z0A
zME*~{zP~BipX_74{#28O-52>bK^e`ET1l}>)<`Wj*9qWB-ac4z{E}{}HIqYe(Upz|
zjOWj=@5`dRS|a8IWnt!clYt52O^E+jpAS8~7#GqVZ6;Yd>vKrn3J#Y+<)Z9wgpW@T}dI2S~iLMC;iFs3u?T{U-SJ#e#A+~
zMT#j$|3AL|ynk{rCuIMIXGbPDzb=*vU>{iu`^XPyANiFkUjO}K&fkMMA2R4Au&)@&
zedxvfWVoM1ziF4`K5llNjd2P_
z8`%}sL0TWe8r<%v3;IEMab&7RPX4m!SKz0)9w7Ueh#f$`@ovEX0Py-hBNpS&!gtj^
zVSlXB)Wgnea=pHWR*-e0v6Z|x1-cTAY-hdMl((cangeUI{oux^@bz*>!!*_q+F(F;
zjiF3GF-Y~5s={MbTfq^nx&>=PY);_o;7Wlnz#`i6s1C{9s9%BHY?IvKGTEb8EUP@(
zfXhhsR%Hg&444!CyAb*wRn~4^CH&)xt_5JuyfMeq3e|JXwzMc;80zEX0L`(DDV#eM
z?L2MY-Fu|x89x77$>(2iPp#$kGTSCcR)C!APaf-0n70_&0jt95*pNQ@@%67DS$Glg
z{9uYdw#dm?i)WIYlksbka^cbssCLbfe9{xp=J&A|=+m2se^?>?uB5+?j>HRzuQ8_fN0%=!0S;@=Vv>pu+w
zo3DVr6;8vyf2`x*F!OIe`P`)P?{g;ndo+oE-_!Fi`J|ZfZ@&ruUT6Ej(dBQ=3G4V5
zWikFc&-Qc71r)UaZy`^$Qcesv*|%lHsW_JbzS7*ZkKg*5ov!_PWo?$^^Py~Wf?P|~L^q!Q
z)|v0W(SCyaHDRA!70qS)tk`D
zlIp+ZqWw;3BEP@bXQI99w6|GqkMn*t$!=9^(Eaw;inZXYY;P6$!aW@GqG2wNauto&
z=zXH*vaG7D72~k6oqq_{vd4MQhf`7@c3RZ%rh1^l
zpY)%+e!cx`S+XzbZ7TmSL){MgL3xMg_s(YC{}$U1=Pt_}4{%<8{$HK>d<5-hi5iL^
zyNjit_8>h&+?W1pfyZ{)eiid+7dT-~Lmky<7wWvPvkvtIoX4lB9>CPz8MZ<1Y(5iq
zbAO-WHXfJJ?mXzVzrOd#5c}jcR|{W~Wzfbp*|@*31KrL8-QMwr9`F_>fQZp$z&k)fNJpbbKO#t~}M!QhgiclARX~$s$%1&s#X>P~0xJA4lJ0r>y#U
zcvEr>(fa4(TqMwb=i1IXAL?eHR|74mwvK2oK>psviMFatb>I;%;uHImtdom2V81K!
zAVHrp>*PnF9i)TNcV?7r2VGuq{;IbtIJ~_6Q6D}#p{EO;EogKZ=rg5@p$~Jtf-YxC
z&T4Hn|3KeX_oQe%TqW8%B?%l&C;OJ*QMnx7cJ6?7`VFyMbu8ac@-zKx_bKImM%}nRr^al3m;3mA#JX)eQ=~gt5t;baS?q)9#^a_)L~d(
zPr>txpq&nxYMN7CXQaWeIc`5(kv?Tl<${{;}j7>NrN+M_y;&o7SZ%`ONMWCsituJE&gRs090~$P^F7>!Y5vNoUV+UUSshf27&$_OOk?_n_DpPow&v+VlCg
zb6$}*p)@>*`2(S^=i&Dw=;I}_Dc?9@MY#d*-2-jo82^gLIP!q#YbEp*&u=YQCmh#icSWrBQ$b!*s*c@X^jD&V?1-j+3x$Qg4Wt2=%$OZCUA
zPFcIk9}sKTFzb+@Pu5|*HOy&<=c$n#hv)FCB4;S-vynfT>%sVV%mIw=%#%GH2fTx}
zfm@{TMckhu-O)by0?*~p65+e3;?>W1?O&344G3pVApe(44xdJBF5-D}EfMqfCzzLY
z64?BdF(mPOooTQ+TZc`|7oi{f3?BPQm#E(oQtNLU@cI*uM|s7i;WgKg-*AlqzsQGr
z3}ao#O!)mwJ^yvxJbpj?U%>C!J6|5ZPu>52hu`;kzODBs<2TIvqp|yL4!`~IzWqjq
z`WsR{>>b|ss<`b`*T4I;eTr`qYe+edqn6+M9kwCGU>&ceGf;}9B>548eO^E3oEn6E
z`4H$k!wK6|>fU#Bv6e?hrB5@{XLxa%TrY`rGW~yK|6ZK_{7RocWGdH*!dR-HbQ$Qs
zi0or{{xjV+=MFn(F}lJc9Oy(FVSTXQdtN?^3u}?9q{i
zzhZv0EasZ1GUmxHjn>h5$>&Kr>9gPD@t5OX4d-WJ%p$Givuvdfv1oy7oli&Vu=ZV-
zv@k3;+I{dF%d>sxb%GpHb!c&piT-dm`q0;7MC!(TyRl6Aco4qplwN{)-R8-*?ez5j
zP;I9h<3{2mQaiM9t}l}=KD%6>pZjvcC-@Vl&Gmcn8&i8PsPYT`pYs23Jora&fBZLC
z7dcX00?*)mq?bOQ)?NH;?A}y=1GT+v{LFs(-sKa;(()daZkWsMEq-tOx8hs3^1uD?
zZ0D><9p=)1?$0oH^rtmAzv_JM=J_nYSIp-L%6q;%5qq1>ww|7Z|I$3N_2jUv=QTrr
z5o5n6*+&WzcArS~^kjc1viba}!JoEA^?$ub^kX0Nqri3mFc~I$Pl2VgdWO_-5p6t-
zg+7qy$0fNvD(3Nq!Qb)2BtN*ud&E5Mkkk8vZQ#(!$+i^JmmtD0-qy0wBr8NV_4t*zGdn4QC
zk2%Hs=aKCuT#fG+h#H;>{L&f6bVL4bl_#&W4ZqbXXpDUG9kv}eIww~X(Q5EBL0dff
zACnJM;~bya`O4U$RR2`ez2UuOYX33sB=*0pTc5w*{e71dcvF$u-%OXopU%G*X+GL0
zFJ|(XIu@ml$!`|_yU1MsGOMqX&vE8?mM?0iTSjYcwOp-jamCsOOw}p7r!B%Z4AC_w?R<_v@T{?m6e4kCrgTiLKReEJn;Y+4o=;
zaUowH0C7N$znK6w8D%MpM!aoFibuh{C`X-QXyN+$7
zI-y>CuZVqKa~X_TueiK~D`oJG{xj}4-Ft4A?<3@MfoE%Wwox}?!a4VM-fkueVAe$Nfmw3LO
z_eC^(wyk+73VlK%K^b51kPuV%!@BAg=SO?s=MoRX9^Vz4i7Qr4F(s#jcpy_zBz|iK
z+K_&!m}@%-Jbx(Ze;Bp{+y^(R8u1JNqiI_Jmkw2J)uVQ__wpuf_N~A#yj!q7M50k$
zYmQ&1HL7Lyu9l64{e7qWzs~rt%Kt&*e^TaCP~aK%0sBY(7XK~%EgYgPDXw9eXiH&?
zHtavfn+YZ{?y(J?nPaWNcNxmfbF8p_r`6umCHrH*!ruwjKU=z<;D?8pS>h(Yh}uS{zDt
zKwYaW{1eKno?ph(dzlBTTZ{I~VgmEi?}fR-Zw3Ho5cWO7cF=cO*)~|_(-hikD}UC3
zb5y%qMg0fmxKL4s3}#S2-$8g3O75aDglFlb|B3zHvuiL`lK?t%e%M}M4;o5h?$2Hr
zSKnrDtli?TJYPHv;(yl69iPqY-(t{KC(u?++(j~w8DE1iwxk7L0~UPU_svGtu2KGu
zsAncNk6e!izg-5j<{a?al4pOkB)|Ra&62md2l(Mm;Atz(dT3G9apkPW~#MesUM@|2Lz(u1fYsD6ivO|DG9Npnczp
zJ7Pb8pB!74e(1zj(lI#5F8}!vkMa)Y{K?cQkK$Q(!T5ybjO=JYj<0KPqbgL{=U=$h
z+cBToq*4!f?j_p}jKO<4*Ep4brp)*&+|9l(Jy2KveU$u~(KhThe%~ILpI_6IBKm*$
z?$`|dZr7)u*-Ace9)KV4@;?J!{%~Z5hc{x^zFq*w|MW}RifwCF|6hOU{Fjv`zI^<|
zbE#ZzpEs9#=w>OO1a-`R3G+3nD2)Nkl^cQY8lWE7?=msk=e8#?FSE2geY3#!bPM+j
z&r}fB*Uz$759-1u&rvbIxja*8^bJ&D{>)tK@xP3xf6TG5Cw;hg*Q!Aha=+F*nDaD4
zFdHYBc^PI~yy*J_WtYmbgWs`Z{ALaWo-fc
z(GfKd|1yBd0bALSp)VM)xhOYx2gRAZCy8>!XSv1+cy<~62Hlqa_1k1#2e@W-qFvpJ
zwXr_@k2{RWHl`wHVu1`hpqpuOmN|aKU}JVK|=tL&o8qwa9npTCr^_oYWHQi0EH!9zOj}
ztp5y*)0<70?t4x5J*N9^)4iwq#-RbgL&LXL5&z(u1{f@7T+ZAy=8sW%CF_E+ks@WC
zT=s`hR^ze`D0{3(S;1vHplkz|6;M_yQr7UF3`5xnmz{RrI3(<|%U&eY(_%`?B-$|2G!LuY@hA
z--`J$owM_zlyhE`r+5x_-iT-Z$j>e;ABqj=M8byrWb;1X7*1MyMdz;n)W7OzArp4gChwkszdf~p4?zd~*WHXQVcW7vXo}l}7
zt)J${WN(jcIq#$P&>nrTQs#hhIPXgd=hoC%x%ReBwsu3!$;BDh{)|GIj1{2;Ua
zYXImY%EFU?53!fx>6NT!6ss{#)sIpM+aJSz)|PUJ&P(UG%u+6MdKK=k=6p9GhXXBI
zOuS)`rOs*SlU&&PPhVo$$PkFCMgHFkN%^sPheisc8&BF)j}J`
zvQ_!H0X(QrD)*?s$JA%g2Lb8-r{7`vzjDk^uo+Rc_3WpH@nz9=ythJo8)ag8|6eNQ
zH#p97_qRNEQ#Z(Yo}u?~N$>4U?_H?B1zHaDdcs4ooqSo`Z)9Ae`Yh(zMVl2t&&65%
z26JCo>G^x#WBPYPo}T}ai9Zjpo(JbMCLVxq+w{dCt7AN*I^oaOSl~hB?^U%L%3n~EUPyevh81(uKf`}EVOy74qNwkqA1R*EqJF0nXs(0xzN_J?
zBF%-pr<&GUkYa2JqGulx|9K4PnGg>iM0(c8JkHVOWB!kFwG(yXWqmIAqb@H2FxdgH
z>V=vmV;H0_|v)_jQ){rQqBN
zV_ZpdkjFCve~y^;!%sL?^ds&u|G($bq
zj!>&U(b}Kg+@HPIo9WsE`YO>mQRf^3n)8^BzOc)PUip)#AF2=upjCdLRe@RfkIx%O
zm)MN^g)aHi+nHA3y4aI7)2cH2MC;kyKITCUnuhTUeFZcvVf%2jgx;m(`PhN$^704L
zC$yEVL4R4^Z;U<4CiS(@??}OZg*qR@55LqNBV`zGDgbqt+0V@63rg5%TrlU7-(1Oi
zrQOuFu^-9*{(|<4?MI)m+BVFI(#-MrOJUh)nBXnfBN0i;!51
zc`>Z}_rm1cYKjkaaRlkF-Nlp)TtY&Kal
z=I`gd9PlNTVsC}Pk*1~T6+!V2mN?d+88QB
z(=W%<7dZ~XxoVVA>3P<$L9~lA!}7jQm$7}&kE*Z0H_9ObTV$Cim63j0AGdah4F^#U
z>ju2NlXav&tVX@%j-;?*3>|L(&*b1gl}DKLF-&$<7w-QtvTq6}L1rE=1!ITUPV^n=
zlZ$yQxqpXsgrSUyu^r*eH2&gfLO!Q+Yq<~hjTo>dJliPo%*L>GkbEa)SOdNfF?@BW
ziKgSX_sDPm%}Sr#;iyJ-+Ha*$9}4nRCPuNkUXOYKKQm$nthe<#thuaEqDk8(O@k}V
z)A&FS2bBLhKbxq+
z@=LNYSo;avw^=_@Piqja(8nK*pq`@(ctZ!v^bSLp;P#Pj!^7oKmq2<>wgW@`gCXl<
ze6=c&^&LfJ{ErA1uCc7q4t**G^JUNm>W-8iwFPPBQr3A?W6ndM!!@j>{J6Z}e6NkO7jpyT$MTL9LBFmmrF^gXGMGg98-ha&dU@3fUW_Z~bS?E){+H&Yx
z;}q(;aZXTPJ4Et+7s>m7!Lg%HRE+tbzg9a@YJQjx2RQ`wqG5eAt?O`d6WVK7^}oOu
ztcUkslwQxh-xiK{5s%khksq&CAnPEl|3QJQ<8T)0C2>AbpL9--r~Mp%?2U4{FB$6t
z>+QIfn>FA6%jb0a%k%BueJw99lK)S6{(PW+_{O0gJl}A?-hA>vJiU*7YIj1JWkO6L
z59R_s@MP82A@p;d2H31&JN*ch>2%8X%b|{>34Y5Me$`OM7$1&T>RrED~@J*bcpu^!SE6A$dU~H|<)|ft*a?dPlw+?N{F5vyN`NjCY_RzkJE7
z<#M&^G~mc(vUgYybgDAlBfKx1Iv!6y6}|GHUyQEZWJkZk&QFoP*~IPu+OnXYcd`oR
z!*bq$bSYtbDzzGL(k-^rGpYLyCa>jy7ZK`3Z1XqJUY)ow9ERU&xxO^GX4=JzDTKQn
zWF~wD*9^k8_lJUT11Cw2gKKPn+~7YC4`i&*e_rO7FQ5@!&|EawqU)7e;%Se{zsc
z6xUXCMCwK_jCRAi^}zFPY2OC>OH;I)_-5QILm8ZVkkx0-1Pt87IV+@Rh5YmqUSFGR
z`So=G#*8*G$2l&!$0luJ8${=fOlO~GT)n`Dl#%YSUhjL@8~ZBIt_~4O9ROT#xz|RK
z9(2IIQOo;GRvGi-H_zhP%Ko)cxIc*RSMdA&3hsLnhv1qCupfq>^f_`4ROC5`cS8PX
z8`8t69>QI-d=z4R{x;M-^ZqUM*D$}jRiB8@aGpW_MSEW^e_^zj;n8b?2izCg?+fR9
znEA~&M4`^Y(0kxIk>@+%jIl=KS&rQ*u7JwS5lzum&-=
z{u^z=K!#4u1#3LV2Y%@?>SobCZH-VTm-CrC#{4y&tMFXd_IZiEvOUHD6MY@yT=FmF
z$iI04zf(j##=4raaec+`cQ?=H-duh@1EN-4KC_->J!f)_#7p5>$Di@q)N**Had8xL
zKvO>-Mw@JPyjQdhN}qE%&yVsvyK-~qqKcHF|JP=pU(5IexmLw}L({9}-X`Fs&nhCP
z3Z=b>jy;kw=#ve~924zD^z9K?>pl8cMdw7X^S63lfA)etApF3up8;9}b0++H!qx})
zo&;Xr4{PD(0({433DO@nqrQ{zy_wgCzsUOV11%1~`e=srVdzWWgK@55J>VLY&Efh@
zsOP=Wmv7nC7fGRa=Z`eD`5_>|B@f_>n@Xi(nVvgr!hIWzYgjzo-Oz(Z;I?!7w4n#
zv)t+j8e2AmyyuIY&qqL?jDDQ4oU=>3SeX9t$km1M2e8Hu<9Y<%{qSP@?^;=gNiAkw
zFw(p3S@dr9`Q;7feDFo|OcktW(l~CF=PKHh8~WXa>6cK>K;MKg{9NwGqq$t859#>}
zd~Wf^6{vIn<57d2;k##z{FhhI&-SlpzIle94_uLQ%upAX(L9$iH;_&Sm=JSh8^>a%lwW`B@k{jU(m
zF1cW?D}|iTCY}@RGqOEZv!?NNBfZ>2vj5bVov*#n-k%u$mq_mcmhf%}+x8pq|GzxE
zzUX=HDT(~%`NA!&Pvi@O;MejeX$m((*t#0
zhkE0koO@+JZMn^8_ZeU8Rw!e%*FbXl`OyS?gY%l8J-=q^lxdq2o
zN%;&~fM2!lap+))EwKa6kZ`*Vhop<2`;G9Ls<6C$Y4R1!Mx}6d^9rWGH^`EQS
znj)PO>~A>E@hY_2?D~J|u0Fb{GR?m?wAhcdq!QMQI5tVE_Hzu1W7omvYXT<76vbatJc}T@)gy$XU{Qe(|VppLL?dhr?
zUurn0r_XsnSEu3|@0tol(%WQndR*u;p}$qC
zo#y~A<9-iP@G4fwb>CYETlC(uJSSqrmj-<)HC=fb%LwMPVqX5YRKDbFB22Go@?VZ5
zm!I(+lAUoQ#kAwudrp&oM|jMtD&-V7wYU@b-dP|O1?q7Qqz3}CiJr8>dwE$6kB5T)
z!!N>}tG6FvJ1El{xJ+B*!~40Gtx(OJp5&1&Di1NP;OtgLY&;D8xte9C=0_$sQ8KrU`3-};E42%sVa=bic^ZF8w7I0}Y%a0#CFZfrn`Cck
z;j(BU_f6AiIQ-wKjh&DCE-`MD2XKxT(Hy&Ayb*f??J2Yy#J^ve7XR{DGzY_U^#40_
zcMX23w+|%O7ii}rS^SRhkvq1@oa7wMp27L5`!v>n2Nk7_=ULE0lRp3FnZ)D&
zCA5>_63(=e0P#ap2dFgbP@GC+2=BW9vI*wk;-4RD3*N%CLx=iKD+SI!n6idr!yuKP2@3Iz4s#gOQglR1F}P
zW31s^SZmZ}O6=D*CNAH3Fo`_6ppDH_=y_ldDI&v!A@|@VE#U%m*sbPJ?r4WzPotcX>iG;lQ*E3IDP*j!|{03fn{6
zwkGl=se|9W?DQtYsA>bg6MfD_o4=pbW-+yyPi@YDHrqg+DckM|y-2#qv>{;=*ZR4W
z`WZPX`svf%UtU(u?KxhCn7ie{rhq3@L%#MsCq*B?FCX_(A5T#q>PgHaAfBzJXWo;s
z{W_@M7V7sE?q7Xs6WS-di2q`!u%1LaH(Re}v-?X7ht_~hyWAz2^PQFO**MG2Xnb1xi+TIi)c)h5eN_qzpOtH=k9>}4b2wmtGiqQzyGC0N8TMin*93i`
z?(`uZnTQSUjfoAmV%yN4MXInj>(22ni8ir6YJQEVZyc`Du&nw>CK))JA!u>&u)NA6#u0L;IW&G|FIQ~jL{wCe{m(%#=6N$(F
z0*&8#0&`Pgo*^-Qq{HS(`FZZ}S=d7=;yPj8ar8@VX7yo_Q)xU7Z(~o)9ny1rX81wA
zY54D!v^M}bdM-zoO?>bQA~#ix1t4|q?l?h-!5Xg{qE
z>gUn~w0w-{W*w9@PMS-R|Mn>H>kI!7KbJ*Q%wLf!1box~;8C@-`|o{6lI(qBEiG6ZcHwzmHAEZxXr_!sTi%iy05koeJaO
z{(~HEps)kS1iWd``?4o=j>hCWCUP@j8z~aV!p!cR6Zc-&PDYY;2B@97V@PM@+pw+p
zGcXhUBFiy7f7q;ITocE_=e#rKn;PF(5Wz~TOpJdq5ana_d>zI?87LkLWm_wKH}RM*
zJMiQV)H}f)d2FKtWG9Ko6^(4vavgE{H!wB-n#R@wzx5!VOcY
ze8&^|m~t2u3~>B#zK_yHOsh&Ut-L&9MYMZ8p_5d8>?q=PmT;W1EBIJ5Ip0!y5BdKe
z)o7V`UPI4&jz;evji>oD+4I$-$kPmO!uz2orRFxx-ttxB{5b!6G|K;aVLsg;Bbb;C
z&Vj;Zja3wj;5a&2*5K=Zbh7+eM{-I7)g3*8bC4c9KGATnmVS%i-yVs!8!va7(B}G{
zjCz+*|6zd_sbNXtUF*Lfqkd~NClc>jt4=&oVZBWE9r?Ujy6=&=dgwD=K8w$Xgt?b6
zrx-r(>AWT(zN6(x^!;5VUp-Hl|6d+PIy^Q0NdMu)`aKQ13-Nm4ot1@XcZPk3IxCr3
zM-W%34t2_@cFHH3YaNe!A6FD_bGVLlIR=ionQJ`{WwAY$CiG|#ERg>I`Hsh+@NBb7ac01$wE$FlN1y5)T(Ur$Pjvc@M
z2eN|xqJEFe^L}IhxPM-vcKpxDN(YT+DSZAau6?cl-(W6w#I^cd&|RE67vgmQ?+>40
z9PKo?`*$Zh+6-FvU*v!fzYc&_>?=XVLaG
zJ>A_TC;On>kK)GXmR9%-4!1n(>=RCDq``^ufg8qSzoN?ZB>Z*2*+IQ~E%{IjUw*OX
zkIeYOR%Y&Z+;j#M~t&tTj4a9pk^{n6&g0do|;p7WtU
zZ9TcYKP^^2fc;v5A8*(3x#?U7ObKCFo20chL9IU>>g8uhZuD>7sEbuG{zZBS?9dC>aU;J;y
z?eCVjHoi}7tb;b-1qPQPMucv@uHgHjh_AJo(~ly));XMqlzmNxBA*_&ugOru^^!nC#2y^C&jmMyiV1aQZ5_KKT$9~rC4fIEEtoLwH)LBMl(}Bsrou}
z;sNrBwSIv3Lhe7|y>nT_zjuh|j2VD(ZjJwWzdLU}oCATGahl6@m@~JZWVwF$eJ=cN
zB`iYJc_i5Pqe$=56VQ9?Z>-M~T1x%3y`P*`q3$OUf0PV|s+O62tv5?9R>qvn!JP5B
zM1KFjpBz6>zkZ$MCwcO{Db`QY)^A7U|JM3_K|G}Uz2xiH@|-8sOMAWSy~OL+MC)gH
z@9VGMW{@?vYWm+pf5G}mfBE{=L4UQder{O5CRo2_SicrnKg?;{#Js>rh-Jr2RM`9SyDb^H#}1&WIfhS`lkmv$&T
zm$bQ0kqCFH9rnr=(%)@8huyfeOsr4t?w*jN8oRzZYdM13h=a^IA6EX)+(GWWWdbfDbUSl^{F)G&m1qQ`&)PrKKw3IXajQyO-bsi9RDV(DVX>4Tx%VQjg
zKXsMzDAY-|r)KN+R6gygrUOE+2>U$*`yFKb`T*?r0PObw?01ac4zwdKximfhFq88&
zwqM`}B+`$S!TAz8Tg*>#4))ggrZ8Kew(xmf;9K*W%>`#{qy_c$lHCXQ`Ip&n-nP-c
z&Snj^kZynAcWk3W_d9;CV^;^=tUOo?{Mi?z_i)3w+T-~P>WBLvN%n9n$M7un{TH0A
z4B&OvEF8EEu>{(l7k(x5MK`{4K
zGR*J2uCFqU>#*LfjMO#nsWhASR?ai;tL*9Vgbop})C6sGK^slbPczJkwHNqLicehn
zJF(9Y1Am8k;I?lf4kE|mw{hH+m*)YE(EGRY9N;z;@!DY@shHEKnd`YlohHh`t@ZP;
z7XQ01+KGwZjmOBJjc+nAndiKEVxr-_hP)y)j^Ca-A6bc;k_chB9UGd&Jpr30apV2g_ga^{kJlSKhf*^uZ+R}5wbn<
zFHaLcT(B2$6&U7N_01-}qGz`!bQQ_mX?sO{ouuO{;@d+W;)`*C)0#+TiTIOCCUrXf
zWBZ;-_%Gb=A9FV5(wHCFBk-efOlIBt8F)@U$|+f0QZQ(>@N6!5%3h8f2pRqziKzeq4rc}njhe?Dy>=QtMFOX+>}qN
z%&<=LV17q7dqU5V|KM;hmUk<)6cav|>(B29JX)zL@B>a)H9>hS_aK#X
zQ8_o1!+EoiEybT&B5QT(s7?dbG3)9W7Rrk!ChR5396Rm5Yh=!kLA_e4cNf+B_#NGR
zz&V*u*pjtUx!o<*bKeVjqbGEM^5MSn4#wn_sPG%mxcbf}_yqo!=j(Do+hIuwZk8H@
zwbJ@vowSYj^=<9_-$6Y~{Qf^(CDWKnwD+em^mZdWpg!<76a99WelyZ<$d@eux`}zAG4_9fWLpfMY9`QCJS!IN7k!s}
zKwvYCYx$qCO{fz@`sO8_`R2FK-Zb@{-zp`y@3g!%eg2pXvNdG!`>8ZSU;a6MzZeQt
z^j{xojo|5x3LEnfzhfTrkpBNIoJXM9P~K>^fh=hAXG0qmaqan2ixlJ`K9bhLy;EV!
z=05-W_>KyjB<0!*c0_%k`p8e!_hxrqHk^GU(3(v68`z#}XP29<#dv=!#lMXcO@HJ~
z!P{NN3wD#Jt-G#VfSzN*f4h?FC*%Fs
z^f@v#JTGsSh{L=Z=FWbxu{u^?SsgH=T`KikTtAC;RUW@Z`Jt>_cUvm(W675R@0Xqz
zJfRlyKW^XIop%D{8OD}&;W_%Xe*dt-z=?^93vF2(AH|o6`7ODxJH`xG*f(cI_4fDE
z8FoQ?zb89D8y`EzMRFo8cNvS_i`UU!H18C5RohFqsz&skgEd0@jJZI|$JTm6FHxNS
z@DAXedAx^@%QxCu{g~Ej5B$D7X8cP7{j8`9V{goC_p2th;#HV4nERnk4mPyWf3q9U
z&!AN6=5cS6@LU%5D7If=TvV})IbeYPR{KA1T>RHiC!B@3N*Whyxk^gdCo3(in&;nq
zNUE?(DT>p=3VAG58!HM6yJ=D94RQWJs6WrA95_%voJ!>j1iml-{UP1&T6_i_
zj_!Lae9zQ<$6N&#p8sYN-q57}C2AkbZpae$m76HH>w`V9_7!iIhz}I8fjHlb`S(ja
zUfJHI?HdD+1*#3Bf7VchvzpO?
z*sW;G?4dnv*)H}z`e(OoyfuLN?UAPs^ZY)-=8RZbnk^b==&+S=2a$$mLD@hgf5q(z
zVjuW)=W;daz{1;*_bKvSgtZa0#ipWt)xq(`;jaG$<>L8~BCo~VsadhPco^(&VPhI1
z-?HJV0+_3Rf1Kq1ZQ?y1o0R`3T3&{|)IsH~RQ?~QD8Cu*po?Vl9qAV3|9*<{uDzbn
zqg1|!%Kz;YcmT0ZOK|>PU%DFYU@1-N|{8+Y59p98m`PWdco<)8d#hSgGmH1Kjg8XR;&%u>z&5y-b
z@$26S@BIw&5Awayo%apou|Os@q^tlQ1Y{17)8KOv)wI0{
z3E`UP`LlGhUBS9%C+T4l>yr}NzY~nFjye2-Z&85$$%7e$_iIKhxzs{gdAU3U=^4_oG<@&#NJel`8Bz{
z33J}f1^#wS$_VBFjdn9ra1P?9!alf<_Q8WB34ic~l9tmd~Xk!MA@|3$J>xS&jS
zM4lez`{)j;U$RBZH9K6Tulp?3HEuya$)T$MVej3;qpa?I@%7Fn7m`50K~WLjnF&ZB
z-~@waw_M(LG9i-?H7MA$3Yj3bptOzMmeQUECrDeov<;eC>ZURiCkeJzrzHeVPiX^Q
zO5Jw<*jsAzJEy0{Hc(KisRqo}YR>obUF)4&5}@sQe$Veb&-o+IOlIBJ`mXP7eJ^&B
zbL_598xuqWVh9jCd4ub;3Vvf3qGB=Ui6+rsA|LUIV+GQ#tzDIggA#{a
zn~|?h6iRz5`W}yHh*|VTRpFuLuI$4{+v=slcx60XV4TOkaJXkQe*^w`=VnihCiFibc9<1U=wPI|>m7^!^}xPW
z48h0IIs>OVgW$KCyZV*A#jc+5?Fae%Q^vP)^%#WfkE(lH-;?gsGs^#|XEc7WKg4UVl*ReiHxn~j?}`=
z%XO>q6(q^IbQ
z>-UfEUyOKQeWH>0zP$Dv#rIk9QS|-5$r<^z_FWaDdIK&QZ|e8C1Cm`hJppkND9j|Cx<3t!bG)0zZJw&ma2YS4AVUlet&Gwy`#LH0WKTh4B>@?AC>bYX{nmy%B*i^_CW7ND}zRJ*Wqbsl
ze4?`FgDu}ZDz?{RngjYk9zN_>6U`U*=pH4LPLH48_VU913!{A&M*06f`;Yrq-23d<
z{uPY>pH25a@88$l_5UgvZt=4h&Obfv*-ZTACR*0mUO18c2-;o3Y`=DMs74np%pZM9
z$uIrSjK)Ek{W~whe}C6A=hsgr=~xS$577tc9`-y+%Ab+3
zR;7NUxx*nsCv=PNrnOr1>?tZQfZY{z;V&-f+yxyp$+t(;JICOUK!fJSb|ms&*CPLQ
zn*FImR1-{;aO?);*9LzvNAVO}=nw668WTCR*@xaW*EAk%?&?r7`ollse4Vj+y2l2`
z@Tu;0IQ~!t9;946fSAz{){%Ti*=s#&K<_#fz0BmeG<8Ie;loX`SU=4rQvH$irAYGI
zvOHUr-#12XY?;%$I^x;9Hb{3DIcNE|9JOyU-oHDNBjb(m|M{FR5bvvMe(#w^Eo7{T
z={lU7GV&?&{%u}L<1`f6cJQWPo#)d}8e{MQ@Nb7r4%$m3*wk|7$uvEsPV%u}%|zE5|BRW996H-9-BO;8$q1nfA-(u1_l2
z^LJf`ysOjb&!hzXIi=o&4tAxFznsSJD_GK@;%+cc2ELdkzTIe-}<*VcRjA+
zD(GF7f8uF|gELBRkkcjYB;rolbo98-O(O)3-2JjgRh_!^<)&@n6q@w|`G=8{==q&jCHr>$f(F2+bd4#=j
zi}wm@xc8qU{@}(~JIO+bq1tlJ8*C{v;AcG4U$7)L&GAQ?pZm%F2S`S~OUAgb>wwM(
zG45|?gNc}@>EB2*RqYWKhXhO*bl0L$_4^`-K}sy
zfd(1Y)}F0keZKYn8M9E%{Upc4iE!J^%Yy4xCfiD#`TX`NbZ?+bwJG1zFtwRPd$~{apSAAxG_gSCVY`9%
z2s!C--)+Rh{cNORXm7^-0zVu28SBA2qJ($G+F!uO<3w*Yns=SHG%X)XWy5>ph@nu-_mnQv|&
zdbO-5GoFWCjmLFxFS9NFc3vFx31?^N?T)IkhNIAv$v!8DWPQlS(cGs^*f#ifHpe8t
zRnt+$z82n5unzmH0$;>Lo3rW-ROTU+_hMp7-8}X~mwlx3b2S~;Q2(j@zCW^TpkC!p
zVq1Y#I>T$dsA(^x^@xc}IsuQcb9z$wj1=*j=9s45^KJy4Z0h?G`4$UnIU&RUd`s_%<0O+4fjJPGtxanTC+<@{zv7lQx
z-oD_wdq^7_Ki5an^;@ZWtvRs!BljD?y0kpgVBfz`8f%f}eQvIospWBAk<|3kHLJRy0N%>L(4y&Tp5F;%zk
z`?7!7mqnMD<`MW^(Y}%PyRyh;5e1GgW
zHS2B|wy|x$682x;9~~cU+K#c~qvd};U0=lf&+ZH7f5e^B#jiSG57sIk?9kO)Ir3eq
z{O@f4jl3&&DP2cox75qnMCb(gJ_pB%nyG(7q{gE!Vfhn!2>KqkY{-xgs8{K@>UZ-y
zI_n34120u}XqJ6)E9W?Iv&~IN%Cj7M05RMxn--eunUs1%*6+~Q%kgLGjZ{Ab|GifE
z#)14Q#JeE}Tz5)*9~Ham_xsc0A!fw)iT#W8Z$V5K_>REdT8O)o@qhkB+L>X!$(TNG
zaZH~#ls+m%bv`a4XRSF+=Jl0yAf}tpiem+8&!@fI-1QwLuar=m$V9{e?XQ9^?=vdb
zri*^>dx+Mo6?doZ@n_T?4?QmZFPhYOK!-x#<00kGczMcLUr}TAQX5;DNS8mqSj6#d
z(T>(NOB2Nb_!sV?IT<7yPEqqR)x5s?IAk#z!%-Xvfd{*Qeb!jt33%?&>ku
zeSDXE^TxWrV7>qDvSNV|To5lZEoI%YU6!xb=~3%msMa0cb$+|oik|*qXL9}n-%ZEK=gW_F@Vgf`evuk~$9EIsx9c?ioRo1l
zUF5iF>;LY>=U>SYtsN3p)%{nvdgw73KMU}8knTll%;yOyF`q~Ki^<$~@2YpX0?q+n
z+i^efiN2>kq&2+MF-6>`pD)Kc;r`hNTP3~PK)5y}YFIbzQoK0qFq+r~tj3(|xF@h>
z-t
ztqG&-Nt5$GuHM~(-$~9Na5U}t=B@yKK!Lv-)Lcub?D3IboK0=_qH0%|((W7TycjlL
zB>7(H2+y?PyKs0UZNW)p=)tIL8d|tva
zKT2Yg*)D3CJAJ(+G0+0!Wh`{Hnut%dBjxS!k4kn9&^YJ=@n_GMAMP7!&aSrca;#rC
zzJA}M|M>e}+oR*Z?`?T>Z2J|wg>hc5$2`za4jv_%4}P|;ongPr!FrL?3B8E#QM_N(
zbfnVv&#QBBQQ1tQ?~(^XoOyB5>YM2G;Jq@&Jo`Z%L(Defv*@!sGoSiVRYsrP;L)vi
z@ZT%fWEp)X@;ms{Z}i!{OXPB1zCS2`+3+J$51E>mZ_^{=+ro^C{~j58|L_*qN^8ZK
zFQ_r|9|6CiM_O+61ZU8_g}rnr*4(vP#k4)MQ{oWpjnJ(4^?19HebE|vVB>O--@@ib
z+}9)L+A^b;>bU6t9k3;$@t#uS?cOm)O)oq
zybL46&t4rC?ymlLbJvG=NPS-+_2Y1SP?e0y*Ah?0yqeEIdT&m}bfTFGC~
zT8}-_-1UI6J>N}jBddimnd5jvZ$dD4sXOQbmCri$(nWHtEoN?8s0qK-P}Uu;S`?zD@ra5efz@i?-v#SE@gZJ
z@?jz`gRdL560?=8KKQNCc6NOJ^n3Us_zMdb>cvL~rjZ;mGSjUi?m&p&xk{M6`{-}s
z0pwFGiA`~s{_x1MqLy=>U^LtGb1m1KH52H*
zS@wv)ao4H$2j92guM8Yl9BU#OnE7d1E9L^70AfIToPVf*o*8#m#y*gFTfe4!YR`OA
z%B&Ibubi8f=G_?*YdhnIn!Bc}_)bT^i5wTp^g@-hwQi!!*=p&ZbQz~NHYo1yK1F}o
zB7~e2C5LSlLCvQde)?>*du1*p;ayDiVi&4&P^|cIH~r;^eD-4t)4ld7oqYK>5z}BP
z=afZ0S;W#FesoQ&TGC3&Fn@>4vjYykofr{-&t_J>)V
zCuBuC;lq>lVr>uJD4f!NpY~*4WCQUa^EJ}|JVbM&rnEUKX)kpA+AP)P`=R^3R=rsc
zJcRz=s^Yj6B(wZR#fEyBes3c9h99IIx_9Iu&;3KiX3IZG_v(`Xp9J4#)?wt0BN|>E
zIefDbL{1d&wT-vPw+f;w@o2%H**}c+hMV;u>`PPqC8D{XW&YcO_l4S%ra^o77nO5j
z@k4<5Wc^xknsXH+#>`@l0l77nMX*)N_8vwM<7fo8c!QrqbfcE-C-mSfeorpuJYv{K
zj9355=C1b?zjgdU@TkC-r>h3rn!8?Cy0M?p?-N$dF~M^n{>DMVrCG{0EAk-DSN2)V
zeM(&i>U>zM
zAaoc@yRmM(t6S^Ng6)CY&(>!Ne<<7b!3Pd`C;EC#yW?$ju1Cy=h`(&2J>)@Lu_~TSGB$kRHs%v
z&>o_Cbgw&G#R`&BH?@~-4%eXGJF1>R_3F8=KUYl`we5(B91>4(U#C@_=?^61bz|Ni
zD4$oy1JL)3mAfgO4-Sj*b&r<*@!*a_-ri1mPaBE{O>b|b%ytm_`0_&;M`yDk*eCrLjKEvvn@oKU@pO{0Dv&ASn5Dre8By*A3vnp!ue=J0G?l8t7dBaT@Cl>H~+HyizSY~rEVQKA@33hvw~53Be!>yg$}7g1`!L(e1cqnp;9rl}?hM+5X_)l6j_OJukjlk5ghz+v+Dneu;BT~$`ddhK
zZdP?}UOYvFPQw2ZYuWxtNr2^}#Cff&z5l(>P~YnU$nn(jo+s#b!k)8*=5}p~DXtB!
z({53H-Lm*p+E}GDRw<3OQkAb@JoH@{v
zA>Vk;xofn+iU441JHe7;@Ed{k&h19Pfj^q}u*9EukKMM}3^r!_dC!@@_^uvwP#y2N
zXtm#QhvCnvFx;OogIK$)<0ZJHzbr5RkG*K=DI(Y_G8UY32m2>-u21Fxir@$AEHcXI
zoFp%BN43QZh>s9+)=zWT7T9*388ov9-U;7S)0}h5bhG7FBbe)Oo32w2i++1N591HPD449q;JgsSfS|OcEp@p=80af`%!Lll=^Ls8pHFQ
zB-~*PZSamtcd5?rPx!x&&aly0Y&K@o{mUvg=)2*5PY?b-Q`|+O)6H?6`z9)%ZO0LF
z6yCtw%|5_^KO*0XO5%U(e#(C2{dYT~rk}pAqkHbX%p_Q<;O~A1-TU{9ptMV??LP1O
z%LU}mgZG1P{(VeieCjJXEPTP}ex2X9>~ufw6stZna!Q0bor`1{~B1cNPp+9xVAgO=W{m-nu&2ydR|gH15ZwKJlhIhA&u|@M~fZuMOky`lc2c^9e3`
zCw>@n(s)*X#K)er*5b%mi;VFt_eXPFZCGnVpBTfM{{#^kaH_f6Q|1nS?qcREe8O-L
zE{uK{Hl*LU++WQ3w}eMwlj+uqNQTh-iSweef1>p)V1GEmJ%VtLmc%`n7x&BSOy7rj
zybp(BQwsgdFMj>A&a-~w@o9beA~TlKYUo}`{KkI{AQNXz9<4Z%yIk2
zJB!HmA^$ft%Re{Sb{g}1bT+h?xD(vpYT4gp?(aV8ZzaubCC%*~H8jBV<
zp^=6G57k2-3ri!$<-&L)KJoi$_8)m7e3EGZ?Vp7Yj?i}-!GO)t?#~*fAFe3ja*l&0
zaY3#|ct_3a&5?%p0kheVS7=`ru8bH{XxwCbIcL<5(!BAG8~sfs+n;WC+#krq7r%6D
zXTAk}4^rQ^iT(i_@g>)3-(dK3I|q&Hw5TzKV+FmYM|00rtf0Oc#4@igW_oRocX*yh
zXr4KuKLbCtRAi2~HwE6UyFz>rw{s-gMg3O(fOtlIf?31vnC*A49nNUDWd2LcB09e(
z0D5cVn5e=CuhIi(XPt%R+h`}amwk9wSbf;Ip4@xb&gH6lcE`!8*`>WSzBlDg*jJ?9
zi7a2Q5zW2T-@fKB!|4IKAJKyU@Q3f!16MEVHwrWM?*$BA5eS#
zPH;C&-?Pj54a8%O+Oz$z*WWwws;&m{nnxGE&?UU}pO5}jjD|N0f0d`5iBp}4J>^UQ
z51Hq2{J}wt+4EDix!26e{8H-NAiiEc@^S$
zm~S!Z)6bvyecR>$@i~5JE2K3N&4<0v`jQHzD>5J^$^}D8k6QhZi?E!X5c*t
z=bg}D!UvdmGn)fEO#gFwsW3c?z{9Si^{h**hriRE0ex~W3i;O&KMEdEqx}P)pldc>
z$4t66BSiC3@oy#^1DDPs{60MLi(!(HsQhLs|AKC)V=zDI;Obvf}5srPzn
z+P#MC%=Tp^&)du(;C{SyY`e5&%>6D9N&0()?(BGcqn-0;%d*tH`3>!j{kZ9ODm;|1
zC!_hV`#)v=Z50GlqvyZy|B(4#hIbHxufqhNnrlu#!s)_b5>7EjdfU|h&)3#^OY-3T
zV>5JQ?-D=o`%WP~ia?KWSWw-I#yw8W7#V5M!!(9gCX7iM
zcw5!i;MI_44cy!10=9fv{!(qWpZb3b^E^WH+x9B-g3E{}DK!pHk@*WpMrP_CrqEL-
z-=o*`gA+gO#Q(7EoGA47Ek40n7D0ZHA?yFQsE@Z&-n%tdYhYSRf10Q)(Wni0b1Ny!g^ZQNO{8HAT@L?6rLvy`uI2~?(
z7OmeQM)dH=YaUI!I$IOV>HK?B&VM$wpUvm5iTh+ex3ja1ogAMTbD2f>e-_|mF|8$X
zxXB2*OTmL)ZNT56@gB<$r!@X7)d#$}(%@}#0PjtgunlkMq$5M$AmM9O8hpKV5%47l
zj{TyNXwaRC2F+TGyO6c2*SNa0-*{nUWH{@%M))YXb~&GmTmQ=Qt^Xc<%=Lf%|I_u$
zd99=MTl#yfKbn2O_yXPz)IL0ieQ2{29!cMa<^7nKQ6I27J2M{U|4-oM5bcx14~X%4UxMFnxlRN7&4Z<_K}dw+K9CQt$VlEaTL%jDz@$)|(#YH@qo5{!{s+
zB^`qO2ekHHAf#^(&?MDrt{zn&0RmPkZbtaCg{F%yT^;~#OvQQzWos1
zXYy0x%t;%HDBGwarud}K%W+m=97mqf(qmK$hi3RDNm~n=W1w7pH?lN>1HEIK&`;o<
zSretR>p72HqbY6Y@!dp>V8p$r?=2i7cnf`po}gUhcEUy(v1@;IryTcpcOUZp4zX(y
zGmZ9mjwtRRdUy5$HiYTxzk76itvcAk(fWS-IXTX~RHuB>ni%Gb^m0_@@6J*7V?N=Fp&y_0AL&k=f8Sj)Kg`A0
z|KxFu>UXM|#MYi1QNnp*ged8-Y-7TRcP46MutN}q@;yE}HN^gn8qFglHg#;_{3z&#t?eX23j5pIyumszXr$e&*=tgP3jrhb(lh!2i
zHix%0cX?OJIy38eS~Na!{WjHu!q<}<08%n
z&Hy$M))~y_y)WUrGFRE72pxX+QFAuihOFf`aIFk65jO|yT!7iUG%x_QcrNVsEJ2l2mV+?5HbINZzEK;
zb(HKU7Cwg^ahc)N!#R0@0Myvs&y}4_vy6c0V
zfo+e33!HzH^RE&tx>gdNkUpayua$M5{|w@|tc~S~btSfYO~cxc=Y)JeXcKqE>!`1M
zy!ExYnVx!k?hCFf1s_;JZwTVoSNMTz}*qp?fK
zJcvhZQoi4%+83g|%VQk2p?%V}XqRd~1?^X@Gj?aR->uqTiuT7xx8Kd}VY5x^b5$4-
z)&4n~Twg@3?+UDMmDhOAW(N0)ySnk)bme!9^F?mQqryys3z>I>{jf`HZGHoE+kKgb
z?P$R(?B%;MqjSs8o4c-2_;J;z4|#cy3q1jk75hRo=sScN-^(#~Wc&jfhw(ng5p?})
z1@7e_-J4m8UgdvUoi`*&g@+@5<|7H344|?1_QPZu9{7yqm=s|pj?dxT`4R=~_
zXzsrlTlLoS;CbNhX?KqH56M-zL(7TI=$wb#9eD{hv#u8^nrOe=Y7M_zf5^Ka)qfs7
zcytDranAA=DmbsGirE<4-Q4xTW`+N#9nF(q^ZAM+wide28|j{hg6jN-xF1(hfIhoD
zkKGrvQ@z8s`xWdJ$K^Qgz-()rRo9wRT-TbH9A9W+oY&Pji)ozHzB1zt21RvDYc*I_
z(_8_rBj;UaPB~8fsd@ie^>^kDz*%(!byIW8v~kpeawp&}W_ql-TcWG1B$NMT@O+#2m>-owoEk`Kfj4^k4z%bf?!TP<3`u
zorx$v-jZgIIx(gE@Xd&!Ky_T((&`kdI&_wiDJWl+UOpwI9DQ8M)iqbz&6G2K4A?gIW>xSv}ZFP#6Qob&I={0*>eo#c48
zDkPrhX%q7z6KQQ>v7)0~#i}Cyw*RQ8NyE9hbm!^`m(`1ToguM;ZGHOva?Zn{LtfaA
z{{-)KoLjPl`Zu-CLh7>>G(@yi77(pjA|fa9MDGdQwbIqHEzwnu|5}>uu4$tGb%9vT
zZolPsFZ*w)POZoLL}L-Z($2gf@gc{E4%90gx~n0%7K^TZd6O*rYJ=o8Z&CdR3GYXQ
z)`>M0I^t%jQ`#jLtd;d^8<01cdmPe<(pTL50LgdH)VZsv2j1syEaMh
ztUQc={BW$?fusFo82{ZqT0XY+4f)J({cFQ3=y$?chvPr
z`@$Tyhbu-t#DSpV=}tY>+;yMg{fBOo^47=ISbKLhckNYpt?xF_-3gse#A>HI;aMkt
z@8#d$NRuHyxLNT(w~dw8W3-J!adfwpmtWfJI
zqCR(E50U$K|6;^UVE%*f`d<;dAtdvB3|e;Z7EHM4e&0^#j2x-*Ty;KI?kgcX700c1
z8|j>rzT|6_FZtGt*a%5qa?EYVr_$$^ot8W3&8j})dEAN@zWr0U&u7NG&vh5DO}F%0
z)2NSWbcf@@*VXz!bC>Pb5AO0H{uTXxQ21h3IvQ^}D4HU5!bdp$<3?uASI8xhR}p{k
z6zb4tov1@D)!KUbX;2>(nlMfZ@r45#+jRbOceV(hw8rft+&7@c-SJ8A2=^Ya;CIU>
zFV4Tp%HPyP^dC6~kdFbSUp_yG^wh5fq-odDhQXzPp(@O{pLo%X!$e@(#$
zkXxi&m87Na?3QZybVKG*a!p+0m>_Q+_}$2!lO#(@U8>9qSi@kI1j`Q+AqkW
zerZc9^9r-S)Kcby*3eqcj*PgkIrnG!W6-xt
zXr5MXTJQ{;6b%o40=S-oOFNEozODsq
z7qx+T4aj~nFR&FaEcJa#)-hwqvzD+oCV4%`dOV`bgKpiyv|fK5ybJs@f^w`Fcu>%4
zS+^!;b9&(CrOTLa94~7KzGv8L>^pcl?D-EymJOxuYbM?IWbDgqwJ*L~AwR8+5&as#
z_|R_wu67Z8d9(@xGJX^NFLNNXJ}Zt`0YQdI$#)zS^Lg&Q^tp)OZG+<13e*@cua^AU
zqy+qhz&~>P)H!LY{_fRM4+uJal=?g-=I_t`8~kppJnGr5%lrg?`s{OugK6=fz8fZ4
z<#hwTE$z-v8`1204BYi>zUz?zA!dQUz`M;5*L7WQI31dw-$#~&jkobuqUs5;user8
zuTAKG3u#>Vxyjg8@*FbWTj`#Z@>vQ|*KPNO2;bZM(Ip|aKfI9snepGMi^>1-PSr7j
ziQ8#ipoh>aEuil$J$m(^cra!ut%Vb8k#=fu<$MpR`Ib-}qi;-d&*k>%CY^ujTHX#;L7pg7rd+^AwS6YRrJ{nADlr^9b4hj4Vz<~
zX&<~Fe1<+Z8@5$MhqSrSv&Ze~J!6VvpbB|ru&}`Hjt^F#^oe=2PQ;Nzz8>U0v@_p1mt`D>isRpr
z0zc`ra?1@Ct^D3Cl2+bcmr5%oO^1&EA>um$bA(&lg9#e=uY6~|qIgHWF8SV5ukOsh
zD4E<*C-L~U40tLMk=HYIC!i?h;Makb&<-Ign#6`?$b4KM^V&SVU%zVjS55B&wF&4
zuRPOUM6LsIBvHToBIoNAq1PRQEdin#)v5XfF)01t9HJ$F^+1>6aI^$uKaJ4M#O#hn
zgY6kvmv(r0m$DQz21PlKcqQoP2A5dVnqxw
zaP!su*pZ>X!Ce2W@KNmz5^nEP=lB)6&uQ^oMV`7(^XNX+C+^b=H_Q8!e}kpJ!+m;@
z?$a;nJ{_$%@K@ZYyiURm?d6I4B=uOGcgV4i)yn(y-$$069hvl+XJllA_Wn;rV(>MB
zgBOc1{z{t9gfhb{Srj&%bPiv0e6#W>tuGaB=PJ0BIWli$|3fS9aMW345S3J8vR@KrBk;ovjBdNGq{6n2U~QYSkM}H2UnSCdZa<#A{jBdImA;kuRKJ*hesY
zkZ|1tBYVzD7@pUCF)`xO-hWn%ogc`aVt27ccw^gp^x(FhP<7tm9hHOhzs&2PwKI>D
zJuiq{ONAs06TLZEC}#S>-(0Qq9o;pDyv3!$D0a>>Q}<7&In!@O)IOJCUWf+svb6kw
zMJ8m`Xm)^e2%{csGE&DsH!?FZUY;5+K;yyI1#vmi270MpjvF=8_*?QovHq|6eEA{&
zLUK0pB@fa4JzE8sE?T6+p5z2Q_$Rj?bnzsDeY?u%6rPO}YG1U%VCU?Uw-IE`qr
zPtjr@@jwGr@bf^vbLedlqyBBeQ%=sM1NnBvevR*S$^HxFc4Ylm^~Jv*5S;Y@4+X{6
zo;vYFPrdkg4|E8`Z=Kvs@@I&6w5UCw?!_=sA9%a7`qL_`x4kAy!7NTk8LI^*>+&
z?*s%xodiRj1Vf$IjEt@C9ZTmvO8#3uHvgQLc%x<=m;389{&@7QV5Nk)lI5xN?Rlba
zFH}I58hIb|Z7Ii@x{~>zrJcl^o-9;3;TshFqdM(#67=tvO#e>O95w&+8^U!SJH+L;_Zb590h`z!m4Cm*DeYFKE%nO#Uv@pQ~Ka
zBi|VG^FiW2K`&GDwN4=1l;rWu%5uf8`NrVuEPgH3o_wtFUZU|#o6J{RaN+qy=AJ`-
zBifhmdWq(km5_suio0VIL`9{|Sy5^6$?eQ18$%Nu6_wzrq^yB^Ynopq*iSuUo#6H4
z2MuH9$22ZLANndT9A6c>$9$z@(CGfbcCUc(MMIi@&>)qYBriig%P$L?sr94w78CZW
zVdM)Id)!iPYB3uW-VudAnw2gu?MlG^4Rs3sD*&S(R88aeo4KraUasy&VFhAaeNY9v
zr|4ASZz&5^&g3{wk{@2BbPcEcmdtfJ$s^MI7rZZJu5=#pDBqE*)E#-+pUk&vs5`P$
z_1o%~cce50UZg&9KIiU6H(hbLswtt8oVM{@p+3{j<&md;cVzhqaD;wT`3a`Q?SWO#4ss!t%34pC>B&
zNxbiaKI2^!=(QzoN$R|=B-s}I
zBY(`6jJE^an{<0B`A&cQKh@jsSslFE(Bo*k(qOZ4T9`|{!J=a(Rc$-Rc$#WmdIsA!a5%Am#oQLWD_bXlOHQmU2
zg1)o4@1-&D&G{T#v6IH+W1
z{HETkW2=SUe^c7~uRODt|&jIjRqsBP_@rXe@lTSV_aPj^<@ky5*utfrFesZ9!~0
z!O9%5DQ2T{&&=V)`7A_jEV{_xSWVH@2Isf7tqP5q?~CLzy^rRETn)RJUm|*;|7cdd
zmZ>kTZ66j7wQGgjmkY?9j(IxmXZIY$6~tQ<&b@Hka>MyU&xU84yG9h;9bbIN8(k!f
z>6ptB!G7-f9Fsr2|LAJLxlQ2jo|EvINzbQow=E?b*k`K^{3(8}+W63h>QkK#Iw#t@kkS6dkfF&u3UmYTt9f00pyi9M)U1uxF{|;EQ*8Gc%xKw=W|N`
zQb%JqWb7yRQ&3|(=+Xmu)Yf*d+hkv|vu@;#9Kcy$C&KSo=iO^hp106|TTfTfd^&OF
zy|y2EdWn~qa*rIZ|6{}l(0-=oOU$D+X*`A*gni~EEK8iOI!1TBOr68tkIDRhg&OUJ
zQ#U3euNln~cE5!LW8f?DRF1d1dP2!sP=2ZW=
z!Wi$Jy>LC@;H};AJfi0JiEdl_H$&}TA&qeqc-#jZ4*K$T)ltwF*UQA?yi(z6d$|HO
zXjdrNw*Q~xS$}0@*$L3PI>c2G##w?x_c4N{Ub@pc8o^n?U5pRi+Fcxnsuy=&cnp+h
z!r`?kaOmTBmDlh)R#+fT>84nrcsLe5uq1}qq$Drx-y+t=!?dm);t3UB`bK3_@#{33
ziZaZV_WWv1KTB{#?LVKkXYj=kIWq1meeaI5ZFy)2wj0T@KH4`-a|BP
z#)B_U066Um{I<$#zQnxVicGu40TT!v_DzR3V8PRami^E5plQG%^J2{B7b3T{$7r8wm@>vJ
ze2!KSE}}b1_`83y}nZVxsRK3!FUw6nW&*<=eyOwD$_9oGjrJd5h;&??J;oJAsn_lmA@_xKW<3(71
z=_cCA@9GR+gMTM{ZJ>T%SN9(eGIo&D5~VXmh!7@&Rnd;04u
zlRA~mb!}1WI#?#xmCx~e-%8~B7*=^DuTy>#tz}aFyF1N(aBJ*R5lWmT(Ubmux@YLa
zYCl`GuPaOHU*!I2?7#CZ1;;)r|5HYO_~brsMb5_V%=fYJ&NMgWp3G4FAGRUME%SvAUD%JUEihn-wiJVi;!V|>v4O(Z`Pi0MXR`T4o#={=-8+b+a^=PP~R2C=pWZ^&VBSH}iX(-{{vv8dhepA8y2
zHDJtlnk3thoJc$tVmm`lz~>IJf^CTFmFzf~WQa^#*DJrO-hUU$v&mzaeFM6Z&ZG_G
zNR|F*bJw(c75tY#yrSNSjiGar1iN>b;jubCOne-c>^0xHye5;&&MyR|y
zy}W?RcTxF7lpUwCG=C9UCVfSy+~qOTeMO2F@22u8C|i|YHbs?59})DOUVbT+N2q)n
z_vcu?1(MI}&U?0-QBVJ=MWcAg`j|Y73W@WD(
zzXtYaGl;id!1i`N@m5q5uchTTL0iBpea6A3R0#c4>KP)IWJuY))UT2K)?XvfeC^1x
zvw*SEsYQPJ>;cTB!5iR3!P`c4ho`HyH&NU1U~7Sbt-%GdZcPHVYGSRdpD_uxyqv!^
zGyhNV)FKn}cTX*XO=vgroFRtxu=rtnuWgWp8WFLM(n`~wv}cPiiDr>T7CqmeX!{R`pG@CEeG
z_4Chf9~Tx6cI2h#-`F1(dRvBv7a1N-C|s65A3V1hh@2J14Ty)va`e*nvWz#6r*2dH
zPYK8Uhb}#aT$Lo-c9fBfr8$a?sNHSOQgUz79&jVcuNyfQ-et7UneyTk`VHm9DyDt!
zq$Qn}ELc{f_`ecq>xS}!Ddi=qJV@n}RX%LI!(cuUWrvM9{hoFI@?7>Px!px=^2$Qy
zfeik@s`njL@60?&^DKKXlzmH;9h--k$Ya}X8t1VO*){L{@u^`uT}X}kwb7JJ;EOM8Er(YaSN#WoU86&6h$nfGEX`()4KSmq%*
zi%*Tx&+Ku3D&swe#*BJb>n8BcE~2p<+atR%*d*q)>#S?M$B0;Vf68w0as@xT=OV{+
ze^sRjpYhE@l~)oVQr{0HmIGyjtNu>Z6R#`wFyKRbl>W3^_21<-ob{
zCr-+N4tHfP;TqVu0YzaWXu}IsTiPqpx^;Ux_&q-;DYGIy~q6@i}tY?*KLs?^YE!h6o2#w-fF?r#T)W
zn5br+YnON+;?V+ZW4%FCvpo~+{oL7sV5`irO?Q78d_B&=_v3!{p{q{7Qiy$X`k(W%
zA6{`JwXBK$pDY>;UF3FJJ}Q8*@Tb)K{~YPJl*9Rj^7xFRYA>hHfiCLJ1A^l<^goxy
z`saB>*Q$xGZL0)4%6G>bx-TZC$C&nCS10|KG}^06h=+Bty{Fb$FWj9WVRm+@_wmB9
z{C}<Vx`>^TmkcHS`R)?q{O3~J2hY?V*%cuhz01Ky51O8
zc|>zqw}`weW+mV#kLug*Z8R*s;aduSf(~D=?(y;2k`6B+I&AgxPu$N6+DCt7`&7e-
zLhqsEr-gK)mJM1aJ#wnEuAQBHU$k)dY<1SY
z*^*CpW#B_=t)LNhq7j+vg}v1Vj(uU8Kcw&IbF%95ceBQS>oYDQz6#_2S<*h|Lh=vs
z5h%G
z-K`eJ82qWU=l%L8mHe;jE}**gDg4N)6nwa=
zmFt@<8r-=V_G+*pU6sLeoFKTdY>c-l-Zesf;63i=BMm3O6BE&S&Z_feRp+Z-nFBRH
zh2QvsDhqj&e&&hym9vJ4-@=Z$feZ1KO&1BD!=4NCm$3WKW8Qdd{_+NOo=;O>OKIQ6
z<0~&wXSv-Y_5HY?3r5+GG{z*4={1o1Gl|Rf%m-KS4O{-(#41#O}t09;RUaJ&t^
zc7w|U!+5JDnUy}{mb_Hhc8l3-EA|LY>IS}{><5PQL*CuC37%d@u_vtb24Pj!M`hFP
z6Fi19S@vaB_A?zm8^xT14so@1Yt)B5S?}|zUK{$L{*9FWH>k2L+z0Upt%i&rUS{x|
zy|l-}Vq-*W3I%jJyQ4(2Gvf31&6qq59#s_5L-bA2!Cq;(ay!a=<8
zVz!f5(2<@u`c2Lo9aDO&;0*Xb&WrWif9?)zu&-)l-G0A)Y4<7n(*1+>weey5R^sQj
zrsuTgxByArs8DO5`^@n!pl40?LHlDrfBW964tZb6ke@EpN56fBC$*2SUIo~{F(Sgt
zieP^_VAhZRZDXw2tm`EB?h*Nto%RyD>+UaGbr@MwWR(FE)2gS9+jR(`9}&IzJEcEB;>b
zfXAjIwuBh6a&(52E%w3b$@hlTvs?t6tnG1!IOc{vnD1&e$2!*q>Rg+q%X3BUsPyxE
z;>W}GwWH26b1!|NUD{dbTH+59T`zRhnWfHB6ZSgqs`zFD
zSHN#|MyFq!>q+h7m#UBFuaJHCwaK2;_J36EV^=5}Lf4HZ_U1CX!M2w*Fh#5RD|SW&4W%*088Ep^lJP%Li-ur%@_v^gp<9E~=n{ob}iO%mP)?cmm
zv;ONc)E6%eslpw?bcmBdIED82NarvS@g27M+s3n;tBTu$b5zFZ+`gw0_Hry^NmOUI
zXi&UP;{PFUsSV}0vjU1o_3k8{$l$i!#BJ-(!n1Iliu$bsb5$>5nW0X5$q8XGvlQx+7=`dR(kOY!ma(g<^#I8+J}m1@oaROxQv*YC2iMy_S>7#hK6WNb
zyhjhuUD{Zf%b0ivZ5zqoC|7I>Cy6=`7dhGLE5)DWrSnLO$2(dLPDi^+EYL@H;rMQ*W4C
z@3q0%-gQgBCls|e_<6B*5%w(C>VWS8`YL>WrS`vM!1w6wIAOb=@Ii+BaFs;^0Nk7KYQJ3b>YCkv~0A0{?T5Q?4C1jkhaZpCv{|B
zKDVkgnEVyAhr_+rB^*+Ab_L7s9gyamgY4n%B3wGezqp_j6kbpks$CR&L+$?pp1D%P>~92$sE^aL-XrL%%U@AJFCmq_-1)oF5SCvK-0h=ZBvWoyT2p
zCs)Kw?^DpmT<+fh@JT3>dmP@m;aPz_2W3gfk2L|`hjjh{*bSmQn8TX_I8PGc{Sxuxh}DO7Ebx3T?jM|=k*-R_Ex2M4
z#zCuv=jlkxNDk2w>p24N&<_;WO<;eehBQGr9h5C~u2rHULTd$Rfi_nIic7^giaIEX
zGg1-J*j66O56w$dN-wj2REBeAy_fM{oN~_8iM!gde8hO^g#2hbj`&sm=&zexT}ttJ
z;Wv(10*@K&qjU!};_2cyn`J!V_p_ZMtu2cG!Syyy=*aG6nx@*TZ>kgdt-*x666E>%
z5X)yS;-X2+$$vBOk0B4na;)R_8Mqs{OoM90rBS?VN3n`HmZ+OXdhCPW!Zyu~{zgS?
zN0Bl?`p#_?X%W}8UF88tgL9z?{su%^Gp3!*Y5zE0rfr0@gr7?I3Oexd%McTk^bj^)
zZ}o_$!uMsJ@A=!tqfIc{TIPp}39l?3_khmXINSrdzo)WH`_}Ptf3Fd^zmxue?gl3^
z=C|5eX4A@;Vjf644bJCYCDq+y`o5jNJK#IUJh=ehyG`Gp;O~8z9oZT9Jt6-45BU3$
zOv(SAQRF=CrZpVDpCCSiK?A`w*qSM6P$$w_9sLO_y@cCY;61ETR1zKz`Kzom5Sa;_U^TfD++3}81
z5l)E81EpVdK)GqpR%mzQPPiX)yL%jn6_){L{;W_IoY@gED~$CChqP0I-(lpVR*GZf
zr#+H>iYi#tH3s
zA7gPHV$7|n2LJDnJSU#-_&$r@XTke`@^SlcvKcdP86HAD-<>hM|Hc^Bjo>&wy4qa<
z_nh}^#4n$Y-kGncWd1Kh@)&c3b{1tis>lm90UrtUYbW`K>5h!_LRz66yeeu!b=wV$
zt+lYPEe-pCW|dICIN-bZ3G6S76;wNRu#8C^g?wq=*wNvKjbr>Uw699D
ze+IPqs0Cx$?}YU|miCXE;^rXQYad}BkFT<9;Bb08zPLxsY`H>u96Rguve
zlX;vXna3yp&hnozDD$`}6zj**$l!k98ZQ}gPb?ZUxF1+v?C!NR66?$G<@BeK?NVs8
zxKwfa&$RgUr?AgFuJIJ%YIP76zg*v^8OLHn8rgUZTHp3T@qA9UTi5)c`JXm;{TpqN
z^W4)al-cg_u$S&@@VB}7PA}5vJnyX%YCxcjd`mjqWAmvUhCFzz#ooiZ9=k;)w0$<+
zwG=1fLCl8p4ELMakt*76W=D)zXv5(X)}>1SB)tYiv9gEJogdrKLY3WA@-rcSQ@p2VUb5?IN}Zk;O`XJ
zO8{v=mcP($HAR`~MojT^_IGcDI`g=_XwzlrCNP~)7P!rL;(umai^VDE+p|63hC9Yf
zVr>*l9Qd1lDg)Ywbs?5G-b1jRFF_k+`7Un`m!G-#ozn5ncSUa3tJbZ2}fie?mt-$%CEQR$_LNPjq)JrQv;D02?>=RUq?;(9_(YGv_
zearCv`ll4_ZL56lTLa79Hpict#OuL~zq&6eUVoJWb>Mu3wI2x1SJCgG-{Cw!xbmBs
z7uo=M3JEVo;>l+b&ijGVOxP#P{=gtS`Rll>ZHa#$p1gT%JtOFGQ$!eOeM6{T
zya&9=5!i1$fgIppwut3{d*RMMpcJcYFUC^(u}g)PMIjis>{L
z(B3`xO-;t!-J_9zpDLykPAuwl(4WE!bg+vn@VQ@*uWZkO1lqH2B;At($~XLq@xHG(
z8p#Jn!?@cD@{Q~1Il;c1>PI|{1ZS-`-yDAt_uegCS_;(TntX*1ee2LS*$HLOgR+yM
zOaXnGBpSSzK^b^okT`rwX$r;v?twBfes|{w3C*3Xk{$Kp&tTQyui
zuU&Hec%tj)wGr0O>x0(M8m?=n?QdN_uMb*3HC)!Mw!d%vV0CX
zD?OHMhigJP!f#n(
zQv~~RudlX&>EUPti_;$FTJD_|x_rp&3n+|_bUJJZA-0ksuez;bg+8w6Y
z9VoL&ZHDn__N*2azr97RkambZy$bFY?Z)^ksAnu7SpnKpY=baCbYNt2$VT{wOa93rB*S)SwZOx`?{9|%KBsU(FnJ-0`98$aDS?ZAcmccb+ifi
z+EeXY*j51d5bO`i>#E>A`g7!x+^SsKoMY@|Mfb{hMKj(k*`g+sD`!pD=2#wl>MJA0@~$1_brJRI%yuQo6YDW1pPsLF9TB{nAo5_
z2=vXuc|KRu){~5`CWJ94*TMT*mVsh?^ZP0G81Qk4rCMDyKABtlSHk9%SdrJzZ>clF
zz4)9^`|RSYyx-1@?zb3I1@+UanANJly|Q+{zpb0&hGY$NWIGknZx=HH$y~PU373!X
zWME$(tC;bArH#eFfGbDJA++8ZkjAbU{E&>70p~-{7MQzA-#^9S$Iv@RiI?#02CdnG
zFvT2j%9sNw+{Xo$K6XGKQ^dxg`&>i08LL7edjBApF3RDXKIofMd@YE5#PiIc4dUWp
zJaHG4g|x*p5A!-rw96pcogzChb)&!SADM1FU+^8pLf7^Dy%WB_4BxSx=CMHE18W_L
z92?-pLHIzD2H8x5MmW!iHv^swbr5(aqx>0pHGIyn`rGfJ@BN0qH2NX_C=S0lM%Oz@
zUyWEe2ChH$>ycLUb$XX^jLux>$leHj^5C8e^EZL;Gx7pRyRXvSBUawmhnb6C9%3$D
z%`|%m%AW{#E|dv;2j)HJw=2>bU^xJSLbr;2^ta)o#3`|kyL|GgF3
zY|tOy?>%o4y-8
zoAz_s&cEW>v@md~d2R<svHLsx(_%BOovjFySaW93`MceHE$UDg>FLYpqL&>{n|
zL}}mkkbM=k`N%Sghe^Lt&NxE*jhG)RVc)--F>nt4@6foom%{rR694&sN9P}yM)m_o
zTDryaus7ce^)|I276+Uq=W%U4jsCY7TW-<*DS=%Ut)Hp0j|TZkUX?;R_<@i;)4m!%_=gM7HS}&auE^xa(D-{i28b62pi!
z9-Oafi2ug^g8@T_5{9#_IYHMlVb8$4x5~U^11k`>)Oolxg>?5H$#`a4epRZ7SKNU%
zf188(!Fhi{Ij>=V@KM=NK3;oRK9&9#DTD49Sa#MS?t!xw_!P0ii|6ljIFqu(qChaA
zS=(=)?lsys9r#@r%)tcliWW?suBF=FFM9*#$zt(x0R6<8L^h-eB4&TNjnizTczp@2
z4to>ytyo9j(z>VpZKXVaHk_C3Fveq#VgCZ}FBjTbY)5nId!@mNYSgBDBJKZ+LfEDt
z(G2e|1%U>jCF&6Z0|Uni|6deqR(sa~LOU+!i^Sef
zCb`{ATAK||WaE75^Fh5B?-2e*Q1<f5g!9WO)DvijYUg{QYRaD>s(SI81NkAlTbn0Jq23bm4?e#q#YybL
z7(OfOOc3?QgO5L;KM!>Nsp$FS5b^SozNj;mSj#%$Mj3IBFy^@QVXi>?-cUm_`Y|K6
zNVfJ=9Dgm>%So1{6`jR1$Yf6jXAQ=<8Yl2>Q4^rJjmpeH@iZ|071on!59$UjlgJ0Q
zU@xvojQLf^I^gbp)L(9*ad;rv>&q1DP*;pT72a!UpUn%{V0;?j8@4xr=NGQgSsbgu
zibeG;wkcfGPj+U63lHADg8{
z{69$Jw8q00zt#ij|DH(eh4Oe{&i$6x*C
z9&jdpt|5+)Tl)^IuPI`OYdX*i+HwqOi*dNdLz~UM@i%k7UiuVuTIIODLKqhY%X2|n
zac_b77oH*p3gP~#9``)=MT=aI
zZ?udT>(t@$jDbARk1O^yNt?ozv?n9KxYXz5`##(YfrmJ`+u_WIxpkknZuf1iGM;iZ
z#RQ(jcuk&9F(>uHruNndClMEV%xZv`p};^K=hSkk`-}`1TVM{zWSA
zFE0)hpRETz4$pUCFLuT2g9>5qM4acsh{M^WXJQOyhm65|=zIRQ|K@W(2g=1VK7;ve
zv=8@S&vP<oCSMPw@7b&0rq~JV?SlgpTi$tn(rNi|M+oC{_YT!
zp>E-Bl`?Xr)!@++`7UntuWwrKZ#&21Tgi2s<9g%W{8IYiEUf?HrRO*LdE$Mvlh4R7
z>N;T0KO_)uEst>VJivD#&K9hB=>IQU&I6As6vRN1cbS0V3Z*Cu;H+H$&pKk7!QX83
zt)o8fq?o}dTXxYq^btqh@lJ}lvy|Q?(fWRm^s29OY>>qtp$??yKqvcUWR~&%_Yq>U
zOl^I_CO*LTWB7dzynocza{$W?^In2ujy_Diad;~dYX&hUQ7^lh{g`?`M6A@FvOf&0
zJ9`NF&@J9?36l>=LyLhwFjLw$hJtX8-=+ZH?fL*hf0P
zb?OmXCk?>Q1>x>~8`%V7TN~kflUN(x3itSccsUZ^-Xn4CU2_KU6wp@qZ||#i2Jzgm
zA8wjw-N0K)|M(IbZ=oy=t;cxf%F@Uo7-yVMSMhwZpFw%(+EDYvD$O=egEaB@KX56HC7q(pU9P
zg!DgF5bx^aGN`{5_o>57gPo^j+nb^72HmDJ-5xrHeU`phM+kfG5b2|@<~{Bn&imJk
z>(1g@Q64S!DqCD$w1q=D!kX!;Vmj_*I?g*4JD+gO$3cJ4{-KKIIpUbCHO(ipz0~12
zSyJCgoKH9&zb{2Q4IGaFw$nIz5^doYgtAGlBvVNNIBqs`$qr}<^Ivplvw$sR1WJ_9FY-^UWZ!h$`A2K75H
z)^Exi>-UNi7(er3d+VThsgf2tx37rPr8*zg$HJZ8?9Yp~S2uB-T_>bN*`XO1$;aQ$
z|G6Xk1mjHh5ysX{VPkFMT@Uu?R@BEY;(OkqKg&5fh4`!w%gkk7#bt*6jD24l+K<>~
zJno11u5BLocBvY)<0qJ^dq(;@Gi}`{t>I}(WLu)QjfG*H|}6Q=F7K!Alu@kwk!zw
z+1Kvxp~)gB>)tqh9LfLsas2S?!ge*mo{Mc#L^bfvh2-~A`J}&X1@mwzAK=(52xa^q
z+HvqWo*xU~{7{EHKfXb@+J&u%cTve}ZVk)08jr{JD~vnMv~rd{4I}X9>0}4Cs|9iU3|Svyo2QU$r2zQbg=7n6CtI*$*L6xf
z9(yL?n=Nx280uNdb~pN(b#4RxfaN6p?@62Td__HrcEpAa*~e^`e)K);^U^(N(}mb(
zD%*5D$^3Q%zN2ksoyndH(>N^lT;F9m;)eGSTUgq29k$qW)v+B`oyDH(uvieTGud;g
zWY6`7((%qelukI>P4-;>#O3F_hjD3QZ;_Zn(bd|w^VR~*yWzPo$ojV*)x7f_KX*Jo;Gs1DOfk`X&#GBW11zNM3y4sN%TM&+00XT|1><-24P((
zG5KEBpDrDL!y%5q{#pxVgrTg5Te`*9;D132VS~aw>dVa69e!70MxY-P-qZ0uRswtO
zoT&ay`hz1c*2w(g)^}xp^O)9nzsfZ5U*TKKR(mbmog01~3y0Ks``$I;v!LzWGIy4^
zx77(e4$4tavkoPP>m+CDA
z{lek@?#O=1biURCpO!1KLlem6XGXx*@6sAl+}?&KRo_-y@p~C47h~jC#8NcR>+(h5K#gP*xu0wZZc|$1|Y=BFASf
z7u$XN%~d|MOI;$?QeV1iH6NVonsT4&bw9Dpm+5e6nRfS$Q2vWuk`Ks-)hqX(jgZb7
zuK?pa81V`Y5Kd*q5IB{C;}s;pe24pSzcu|BUfbEUE@Ql;#6`@fm~6N%VeT$M9lj#g
zsb+mywk6h3e7^1Qcg3Pgp7X}~HR}@__Ewdf*LR9(eH-}4*Dy9;`1jHlYbVG3$bzv?
z7v(dREiU~np;w$2KW?@;OKYf@-iS8%BOVz4A8lwz9;&EU<
z&?eqk&ktN&)(`KRaXq8WtFfjZH~imzC+GFQU!2yT3~O0|buGlqh+NNWL)o*dU_Gym
z+;?%^89S}{?GeO`!}X763F4P2a*h*jTp3~y@)^_5yxGd%p$>FLz&=oXp%!SF3-@ru
zxu85nsxrWnD@y&I#^FOBL3amL*w6}oekO>Dp8}h39)!u*v|Fb&ic2dz7~C&>qPkr
zsDm|PKxk+e59{OnW`EnCzRCK(wRY@XRoNc;o=JScLXwSb
zMgNjl=fk)nj^t9b_qWJT4#vlScuVR44E`3|^fPYLOK%O0i>8_M>s#L%?4M`&2;~9|
zcfwtEi70Qa5;cUKaXp_mRge$u_|Lca+x+ayw&*QMGkkyKVSn5A`TbmYuR>W8i>ZgO
z6LPtnthc29o8v)$+ue8b{RiGRsW(p%)y-MY!~KDI=fg+h
z*B15v68Tlp(3*1C-!_-$Q{xfq`W*fr;h!HFy?usHEZvJS*3pJ2_@t`@&*Sq%dsm4;
z`^4@VjW7_#c-!es#hy`R&8yhkVI#{B!*G
zbSPii9~=w15~E{odH(;VBl}zY
zeTb=eUJLvma&amS6>U*=c$n>tn2CZSW%UAa#j!j84
zUVWEfy29UTB}UhjM{a|8<|a((EZjfn9y&cTPi%@LGF`B3X8UFEZVX)EDBt{Zp>HIGTpU`j{u`
zVtL87U&iZ~ZBAWJA(=xS#fcOo_j98@z5fK~eUbB4QC>HtJxljLH_dYy!ziD4MGx>y
zS@3QioN*o#R)G2Jz9j$mhV)-H%cs!yKE-ww*;}ApmLcCmd!Lz%&58WSoqXSoykW@O
zPL-*!SKi0(x4nUVm>LNXZ*npkkEmYR;qGyCw03Uyx4p(Xl-f7Y&UTu+@=#1(^f}8N
z7e~uKS=Pw9nMU^EpZ5m(cINNd>X2(I7shBZ`QGOd78TkL8s|S^6`FbY(css19~wMA
z418jbSlChv^P%Y#e_Mogemf6Q%#dNv7Z1f|mhm2{2Qa>@+#`mv&wG;n1r{GN@4u(Y
zzMiPP?SVCmzmZ;uS2KlWn7N0B!)zZW{=w@b$3GZLn7p4tUp*~&FUy5Bf%huprT!h-
zIb2^6d*>>vJ+EUu+23c2b%ZO9{r-|t?Cy5l);dqrG@}jUj}83q*V&Hd@hTl<0>Q*;
z9rrerA>0gi2JHJct^Q#Dx&q~G=$A;gDk|{*ml59}(~q&Fx6=D7Oz+;;V)RB@790B$
zl#BLkun&-KV4JR|I>eST!^^)@2f-4
zFOR5f;kD481aqkb=RaW#RYM)Kqy7{{W_lqu9n44Iubam^Uo8zg{H;#7uU*UWuxC>Y
zg$03?s1r_>_#nAZb^-VIRyZ%w4k+w+CNzzBS1<6c^>Ml_MdTEXNK>Fku2|3-X1m)I
z7o@jqGW{fYAK~=>VtT(1-al{Ahpf9JR$im2
zJ*!Rm{sr>ge@ENE7!i*;Rsew*OiZpH7E#aql1<@`SaPbeBWA?^@p70q<6FJJwk0FNSYx
zEcH|WEM?4qbciMDx8yH?_cxpLL-%6;P2Yb7G>>}+<)eIV^{V)C@}QhMEqQN+yw_Xk
zcL%ns)6{-Q6ZekWe-FG4NZ(
zN96aPW&Q1jPSbi9n_tLKV*Hh&NV{s}>l_rr@pPH0nDn2JcP!qsAP?%v1}yvIC&X9Y
z9cXfNgk0yUeQ-|-xX(5CjQub{?0|dGX2MSmettXkOGS(lad$XZ+!a0}toAdf%RU#{
z+gRsu%YHTzeK7Ak7ni*a_tUd36aV2iDZO(~G>&M4kWen7xIuoC{-;cxXIyt0LXC8WD8_AS5J&|6l7
zzZsR!;5=JcSYlh~t4_F^&RZz2$R-L3ZHudP-RAb)p0M19`XHOQyQth!KAzvDrtyKi
zf#5`y><-~uc)le)V%1-3Ne}PB249NLE8uxn^m$Bkx>^1YyuEL~zwM_iXFdE9(rpaI
z<}lKGl)h5LdG7=oUe4)4FUfJb%+emCydQD8HIPnKdP=cOshe0B2!39wNxb}5T&Y%l
z1<=wShi@RqLr`pnk$JRX&;MVH9G?&6i(@$!iza?ecx;)p$K(g_4)6{5J<@vC#E0!@
zCwvrmv{})$Y0&Skps*3nuwDZB$|qInsiIiVJLf9LbmqI@Dvs^s`-Sv#OQC!C8S*v6
z*dRY)o08mLAif&nR-7rz6zlXRxGPR%c|!Ux&?Z#$j@;gd_h5T>eu3CuBk$+4*rqn}
zbF=)Wlj1-d_p-fg_tW%qc`r+i+h5N_)9vDPD}RnYEJMdxG-MuT{ldJT4}U*JUO9J%
zzwHLTo2LJq@Fe@c!u^>8^;~Ca&rW%VZn+BjE#>Dm2a!T
zIJpq5|MubL5BBlXvUzaFNP#)wgf{pXuLUutG`N=nh+Sa9qy7xC}QYaq(ZzXC1jwcK4>>-w;^{@;ot376K
zo&|eW-nr^>!V*bv=^J4_J52is+LPMYR;*_)?)4Qd>Gq9!L1K-5Vqo3bq1NQ3_Sda@
zho&#?r}KoP6?GCeppC>}a0kYSY8~Z*7Y3H~rwC8Wmw@iE^DK|>=Mb-QJYmXO$Ae?B
zKzbaHcUWfb+-n^VnXb|COsj*()vz`)N@5eAUJltj&Z5cHb*6%P}RnKqQd=rGkD^i=yXS<*ERQK#g+mF=9
z1URFuX;yI>-)@w(r$#V-9?I5Gu4U*DAaAR2o^~^qcGhl;8)V-9E&Jb#gWH#au~uOm
zjIv(kvJSr}ecTdF-(Kc#;TNgxao^hc+m;s*!y*1#n7`G%X!fZdV*h(_==~#=c{1Ds
zRhFBhp99h=k7+gKMS0$L@}BrK^Fj6(rCtK{idjO1GPM_Wk{u%I7}SUmHi`e;ze1SCn_EwD6VX0R-bLWuV&k2Q-X#cop|Yx8>lBJl*b}^H
z`&BXMK2#ejAq<%80LJ=2y}T=NHq~9kbvr~t>+HlAwBXfhiNvc>OEPJX$FjVI`-Ru%
zo?Hs|cu!%M@KBqO4^!YdVXi2_n2*>dY3J!ER2GX8Y|}JLe(YBQ^(#ACMyyO1mkIgj
z%KRCl$d7bMSZus=ahZ<7PT>HW*oY>H7JFGC=7bGQ=)vQcP2=aH@vG(W%N}CL5sw?oN+%vwJ*!?VwD(Q&ro4$R-CTaE6QA<}?$xR>{rj>4tcG9Fw}&rQA$w8s{L|d+%4Yv(irM&C&vj(@c2kfgYgw
zFD&vlEX!`M)|J|N?_!|+orCb&MyLH`a
zJEYGNcL$P(oG%+fk1F-B##RJmUbOplYv-eL#v3whBRgUJ{@7HX5U=R1rss5cZjNhD
zO(0V|pu5OcSoSHE`c$f;?J)6?$ubtFnXZ`To+w>^Q~JA$lCE_?*GOWLa5$>|37
zx1l_~zl(IF>yZ7uR`%Bu9oOHKroyTYA%#-hTR?8u;|0nSL9C
zAH_Y({3Z4Un$3BmhHHj|dqeQu5x*Uy
z;k>#WXeU^=`X!)U+;4*R-1wem`i}S_c4<#f-x6Z-0kWU2g!bS*{p`g7
z%YLUwAAw{V+uqAX&(Pmt{Lt2Z!f@XiQ*X>5e5?8!uv`^pgGgWnND4!>Vz`Hr&HnHSCb`!p>-j$S+TE6mR$
z;3^M=XP5+kgQ=gC&f~c2HzXZ_b^C3&t5$h~dsM{M>$Q10HN~-(;;jc$Z`Ke$+^x7v
z>|#32Tl59t`O`nuYR>@aFQc*_3}h#|OE7MnO{~*`scsE@uDWXLefZl!X>NdeH80{R
zC6GVYt={0oLc*iNx`Lm(2wO;Cy~s~Ieg)z7;I~B9wWnL^PlC1wQ-7^Jrh>^y^tah5PTn@%{JNj_j4Y
zrM)HI|9pGrht$m5sLhB~gmV$&T}0PkCf9FwQT_TP74hCQj7d&1-Okwkehus5Rz4fE
z^+Gun+Io#;T#rRm|1&MH&$XrlACI!)A6}!CqukEP`nB9=as1O;v246&|DJ6u9I>|V
zQJKyowPy*pr@MJ@drq=!_9ghXvvKJ5^s%ku*5>&3yvXgTr@XQ~zP*T-H!HBSQQEF@
zOxZn}*xZc%ubL=!S7xF<@$RTT(ZfDM^O~hTWSpZx#~5XJhA5&-Z*IRr>pFU)7wub>
ze$_kH1Apy5)fGp+mPh?P8Q0$_+}{&H>0|IMUNhJy?DH<}^C9@2>a5Vw&#*+4`>K`a
z%B3DJuV_5k)L<;v3O(MYCa;L_XPgTO3m56Llj&0zMEN$xmc=|egz>c%3SQt`8MFg=n
z6sH%~lsjV9*U5JU5lFX3t~qSW=&%}xjeiz^y=sL01?8?IVK(9z@7v;UD`H#j6FX2=
zCH-%ahIZoN3_2cb$2E^@XRJ`q$ak&~?#aHre!N2maK53hl?~Pv+!M~AUA3O1Q@YQ|
zUM|0-8TR#bm=9x|zbuWHmz0OW*pi+14J%7c1?
zg(+|@Wr&8tq(0UAYEsZwnxXq1aCUn4C+R+KMuTqy{7$q#>$Tav-kZdN!rpO^pD^Nx>9{P$p74(@p@&kX{hsOT5y(9Z(@;N9EU1O!w
z*=0n2)`ZXNICiZA?_lsp@gVETpq>A$fejH
z<%F3~1UzFZ`+x0g^|!5OY){uD*e~a_?JVjU+
z{b-MA%p(=}$^U{m;}CbZ97TQLCG4!J|4$9CzckZ81sYIWpK$vwhqfXuF2j8i`fH*G
z;!YzywEZX>0D5$ZLc05=L%)z8hQ0U$D@~r^KBYf}c(t-mI8U)Zr?@{o!}e$Uu=b}U
z|NPOV?MI}J7H#n5_`M0^H+He62fwjjNBcjUxT~){Dj3))`@d5$*$Ab
zPNA`tx(FQKE*M|yxF)XZ(d?@-k}|Zd4Xg8
zJnH>NVdFon{{Qij>@%c}68%SlS6As*Ks)Q<+|7Y8%mO;Pf#&E>1sB^7Ru4!U{x9R5
zAKn!S58|}<lGD&u3I#pqRjT9-)8mK<=xvW@+poo-mgF8
z*yi_a!Fag&&<1ILl|=hm{2tbvxLi*nn<;EVUh9${#PDMaDSuweCorZ}N}9VyXm1mS
z)HZ*cm+{O~wp>~-8)yIY*eLsFAHIKkxPK2lHv0Y{Ph#}%3&z%6^jNHaM!&{!zdVmg
zT&VDNf7^AeKc4c~@O_Qy|9@!m-zF^VfwIk{2aEABBaZ(N`FH;f`Rjf-bo_3CbRyfs
z*nWrhKVVv~+nq(z2ge=R;kk&0Y%QUmnI7lep$`m6|p?pNqzttA7;vv%Hp%{s#Hn+iY9leKf`o
zqm6S)=9kGQ6ZY2Tc@clx&sdf*<c7@&t_h#LGyM}VK1h`j^RM$tCAIcFPRm+36kqpOqu+*?`t6-c(
z0sXPr-zc>?y>YlP#`sEq$-EXgTaKeW43^Qi*WdOc@5P;ubYy=%Fpc7)VT>sB&-)Dh
zREO|i(ni={>K++Pf24gJfA$SG$*vQDPqanw-E#C}?hQ_MYeqa))CVQP8J!B>9Zp@x
z_P!;`E3nUFxzFj3psXpMaFlHJu0efA?2k3Pc8&IHmpcD`Fgp9U3_c6d{w>x1S(&q@
zSan2wPjnsUNRH)QGTV)zpY`)L?d>94{QOCW_h>_W6SR2@`BPVst?L|4ml@~ZqU-lV
z9dYlHbsb~Vu{$LRWHirOFd4$@(a)htW8-=O`SB^|{tu%x>WZC{n11G6pf2jKlJ
zW`7&Y_iSj#HA9p?*OIOSbplY%b(Z%N6zMZ$lz**-9%JD9wHA7y&gLphy6d3)t1RhI
z{yo`}4zZ!9n(DiHi0_k3-{--1kLh~?v?uNz_xE~BIe)>Jc2Le&;Qj0avG*Ut`->+2
z2=6od3GcKp4)e_+7KL|0{#y7B-@+}?_?GfH$j>BC_E7%tHbwgD9@^n=`^1ocZMnBTqIL-h^pS2>`NDyy*-)j
zp1&ORzby>l-Pp@m1~4ZtSxy#|Gg|xUukb$6yD4_Qc*W+xfm`Z*|MCOGovHR>8y>z-
z#;{QA)!v-d+nMLdfitfltSWc6jiVPVtbJf08ITo)a$pR^cdJY@KPa~ZRt3{@!zts{SE82`*XI=9*fu~0G~ZW8>dJlbNQTGweMq>wk>V
zKj(TKV=bI$_qRR8HtJ#{##tNeZ-r^M0?%2`^6>7)j_gbm{u8!$wlV)3WqW@wB&~Bs
zpl1`OeceRQkD0Gs1>d^pyq#HSbM7ZR9Qa*?WoC>}W)b9Tx2$(Oi+zOoJc}?Q5To>Y
zZvR-ZOrK<-(KSdz%N~pP)#EJb3L)J%OFGmor^7oNmp{Rh2mLAMo7$H##D17z*;jGD
z8*51icfx-3;T~^!kL6Fayqg-eoy7g(9+)dtzA2;+U*|;~IO@~gd)N7@XIDwx6yy5h
z9yi`4|F;_tDP0o^Uvw!NdGGG;ruu{b`xM6oiK+yCV6t*
z_vF0Ds96U6K;PnK9qm7ZW1H#xH)s(|3{ni83{!pMP2cP$THtdct@}mLf6Ygje|FhN
zWA8+~7bQjaX2X8E0_}&x{H{APRN4Aj;_uEVP!{eRnkM}eF#e>LWjgFuHAJ$>6
zdNAJq-Iz}!*<*~>{ygi!!ThC+^`w5_Mf;jt$RDQjl!~UNa)o4
zkys_TpPj)z=SSsFvaW%P^1KoJ8WY>~0)l-3lRhhj^i{#@PfZ`;K&2^*n~e-fg9AIGDDzmWjN=(>q)%!Jrjm?CNl
zGelltVxM}$!K978l8hSCGag8)@#z_Pz6RDaqE4|=Y>zAvYa^(4hq+2vtU`RPu*CK?
zUvt~re
z_c4Fl9Y*}02I=#f=Je{WsC`{I)K~6vO+-0%wLTrzkMUffz}@!q+jSLXa$Kf^%e^i`DLkt^`}OBh@4pK%q(TUt>s{WFTiE3VH?_OLq%qstvYUktJZ8rkoc_Q%c<_D2`WKh}-pUoucO
zQtZYtC^J{&9tnSGk95%d!nP
z(kjep#&Vineu+tBv>W|CvE3+x*>$r_)96RJUk&X03kaJ?6&v@UZCftM>rb|45a!>>
zvXzK0Rw?r=_79J#g**t*4aPMul0bOZh3K!kN5*R^+@m;m=!nBK8vLbS+#>7iU1Qd_
z&!Dz`Lzdl=5a&;lM{-aHoV`NKDRdB4&H@;#IX)b#Vjin4P+tE4VkWD{&Eut6_zf%V
z+rP#AUn6Oc?SQid=&!`l|EHX;aE+utobA!}$T67X!!cOMV_;t+$G}Yc{~z?do$0&b
z{uq5n<}J^Z%^tMY?}@JUqWf{~4(}gc#`QVxkM|EBHg1MxJ>&ZA{*U4HTgKYOd7;o)
z=C!1eZe#Geed#uy|4`mpm<#CtV*{RZlZjr0t#++O`=je>jpj&0oW3}=HUhji&HE3E
zLEJLZJ}v$qb=Mx;R(0mjl_keYoJ0;HxW$RDBqvyw9m~NBo~i9z$#NtcJJ`Vq?rw?%41s0+JUlLCcAY@W}De9-Ox!=@+xlD
zu$eZ+`+etpSGrez#9{bjH#3=Q-E;1_=YHq)J%1nh(`0c>GJ7IrPe30UC-+I2&3^gc
zG=JWCQjbrDa}j+TpQ3#r_N1^&sP`YI`+MPjBaD}pUUk#ZD@62aeNxbC6<<4(>7&Ij
zxDgF9G&D&6ew=G7XP9fFUFZ)YXfz!j#1Dx+v977U9OrLt*VOimaZKx53S(*?gH@C@4JQErpmg}%PODCF~DCC7TK
zPS_1+H2IV-`n~V~S3s!0Js}ulI9JCImqWGDUF#1IF7(p*{{-o}xUY}=i3em2%*VRW
zkdD9N_eSGmgJ0K9F*Dkp+EJ$3x4G}nE&*iz5G2F;oHmu+J0Q|
z(D*-rIx=&@%=s7Whxn!|q&MU5v)B+D>1>?VbZ|t>L5v|leLcPsZlE6x;d>pg84$>8(ZPL
zxdmuzwf?N;R`@<85+3Yr72nkRIO+o!x6zzP)Bmw7^gGkq^C!1A`gVBmlSa{21GF_4
z+Um*?*ySJl#r^Wf#rpU`TKgY-Bi}AD%ktq7I14t2x>=7SuDXzg=S^JTn_5!yAL8U`V4W4wW$f7{T(+irk1QUCWD+4Y(*@5GC3f$qi2
zxg3YNC>H7R-8c5*nBD?o8shN~B|IMDeRgL6=`%?5v33qQN@*_rrDi^0-iSTWS6Fuk
z7O)9h5ayi3cH1QOnhqn|q}fZg^qo5cUbeiA#{V%DFS|eHVo{7gxe2`NWrUYq?1R7K
z2IJmY;ANkKedgRT$r@8EY*~W00Wt(We>d><>3eoH@t9*@OYPaJz2Qc9nWgk>;%n*n
z*q8m5*J1zOLHr+-OBKP|5i9d$a(_30YmGSN%ZW}QsDrpW8OD$Od2r65t>iY?L%Q$s
za{nXrAF|zghhj51l|FMR&uMVmB>nY8-iIp`rzoB&pl2LB9#?z5&tbvqypE|9{gV>8
zJpQUwL5zqj!e_-iu!t*AaWXvk*rT-n?-KiE9@>8If^`A?E2L-fOy0x!RNIkOkzafK
zZrV?OlGa}=N348YkJ-3ZdTd^;pMN$hLqF_j1A8@!>j>A=x$Iqm&8A%ePj*?r3+qZU
zF7u&`3FR>M&6P%6vpupGvBWwuo(&j{-LU4KuiQfUqZMe&$KHw}A0GjEx>tHO`ij&a
zHACCD=A~1z_k4DDpu^N1@Me1gHO6*Wx2t^_#tt9Usf0R}bMYN5HvWzWGx`H2V;}4b
zhbpNE~gyI34|#&A%9Jt0XUc*1WnvyPIA8Dl
zD?#6m(2!#Z$FRDBXW{_rju)`q_Q<>8!Ic4$|3YHV)8~U-D*PbcYqP)nm9@)ZE!#(<
zARo}UWruK{V$R+(er=mesLjid&Wv3gl1ieTQX`M^f%9#=3x4x_yi!TrNH(?^`G4YB
zpL;a5UhbxSshs1bV4mg=k8P1kIHnZ-4oW4-yzE<~#+ayM$2}_s^%5cK16<>r{_7oF
zpNrpVk#;8eH_M~Qzs-#2^%d&h*+)|Si?foLbjqfL7|;Ku!0&{1JV#(WyYI3EfNwf8
zjCG+ea7|?L?^!xvWb8cp>>xff=l`MYAX^%{k=|zCEc`2xzp8j-CjYEI_|4o$tBCVU
z4?`ahB2Er`5AxFZJqLLVimP~pxp2QZ!-ke{Tqku-ep{9QcM5$&o~qlCcFXDh^?7M}
zA3Y|0T|AHU?JPs+vvEBhC)^&mCbFR)mY#OcsKFfwB*KH+RQ`9T@V&{*YLoj+24xAi
zj~IAtBfBQcJpLT|^1(NRy|B+DDKgoN((R48FNX*FIz_wJcL-hVo?{fJ)`PL9_ITE-
z;lV5(lNfUxF{RN9%TU&b>k$jJ2iN#)?K=;zq4RJ1Oz{gd%P+0lC*$)V4i>lDosxZs
zH3@SS=xg`!TzCsaUJS&2|FwzZz$bz^Rk2pd3G#!J+e9NTu9Ek|Jn7=NSVAb+zIB^!C(Q9X{dkrh-1DW*G<=Q`DwXF|D&6|9gF
z5#<-mR-a?Fd4sI3zgIE?Z}7bG%O-{E&3@A$-rclK$c7Bg;pfAo|JXJeJ7|*pw{0f<
z?p1#Vjw94BNBd($U>jHQ^=0?YA^R@cbP*qS9*@1%;5j7ijW%x~l%@N(`G}7}Y*xK*
zs58!R-D~|mxjcfg8Rmf|jXt+^tN3n|Lz})E9yHJyscgkFGF^VvKbyA|F|bno<+N?t
zq-0X=;BOLb$G4zdf%bPtwBV068P>z)#lQ!ruLmsWvfq^c(o@sFcgxKCGlMaZm|Tqh
zd_pes^7Y&IfS2!YD5s%a;w<9zf;{#F{QV*I%Y@G*7?1ywtTx4DloZwfdl&avzr=GN
z{X5kcawX$fAX%g{y!P;r1MOl9VIJFFas(KYd~@*cV~#)+_R%(um#NoFKHnmqee+@D
z7usY7{qQh3ut`z~14yA*Pz5oH((u*gN{lZwU|9=O^l_as@K?KGJt@Uf4?c(SpzXAt
zaI@;ct6jvm|h1Gg+{54&EOZ_vg@a7%!pHNaB5727O)zeXgZG
z*H%h!&rlv!L_VTrl^YrQHq=5tqq=V}KpA2cpdX4fRto1B)algM$x!RS`Zr>EPc&_R
z5apYgR$qa*rcRE3-1iB$2alJreEA_7zw~h^rEw^K=>O+9+{y8PYm2?C7TSN1Y?aG&
z|Tgc@{rE>$uOK?KW>6RBLiKeK-b58g#Gwj0Xkx)smAO|)H^X-u^Lxczg})bxqJ_rQU|A6Fef43?0|rZgEX
z-jGT1HZ5k}u@k8^xQ1+q@lC4jYugcgW*0ouY%KG_)r&fT=EbrXY4{&x6N+p?J0*|d
z;Q8|U%pca2qR&obl`Waykki_N8ea}{b;VQkcEz!8NaGfw@ki~#w@*vs54IEk17)YB?KY${(1y1m`tI>yJW)K^
zUl-T8Ow~^o5&YTb?Pn47Q<zd2E~TLApNK2Puyg#Z@0F1^A6#sW?^*b2tju
zN|XVB-(JXbNV#A?4{~3Aw^SW>!#5fk<|Tu_rD|D8=EHrr=JYqigJsme4e7Y3BYkbu|5r9*jA*{x%kf4&Je&c%R4;uG&qF$$
z9g_0Ma`^|^82xN&{$0grMxO9J%PBaWj7xK5i5dYFuIlG-v@>qed~hUzp(Fx%^b5^l~++NHn7*^`RaTJSvC)Tr^~Y+
zP+NPUE&nX-by|6L{xtIJKU2Hq&~72w=2mFh|Ge_;o@3z{@`(01z5wIcogCwX%kK7j
z#5;#K3^^jCyNC!(g6KiY6^}ZV+1OKGs~2r`ZkS#^c1ttM#}ylH9Dj}WwFNxR7UM;(
z`WM3Ut3h^CG&xar0F89_=GeThNwFL@uOEH8b$-A$+%J=IqFS#?O8E<`{){Wr>Xc84
zGZFb(R6p*#wDBrWd;U)7vt47)@TcW-!FUMWJ<2zO-`S+aJ;QKR|7z&$mF@^Y6p+S9SLNP?Y`2A+y`tWHnz4o+p=7{U>`Q@jG38ck~4J
zg;x|K?R(4N+DP@YtzPdutIwOo77W1IJdi;;z5VNG|NpAM1Hk-hn9l?LM^Uev0qw`%
zGe+<_QcThPkdF4KHhw>@M$Y`?_L!Wqm
zdTOCRt|;o~vf;XvpS7+i`e<9>iuOih^8M|)_urCye;>VnC&u8x`)gnwqix?F&E)Oc
zdHyg9Tn)Tkd$b4p=Z-+XHbcL@u8cvy@}OVZcw#4;uzg3TFPP6Un^o+l8uBN3r*#N6
z1$|j1l^tvq=d2c6>8E5T+S@uAOKLsYB}4qV%YKn3@gk4aYa_jU3zYRrB}dZR{YPrI
ze2R7zYB#r4<&#qF)=|6H@5k>bIpSk$NKaFkrl(mEpESx6H
zzxA`{KO5HT`OmCHg8wX`^5XS3&wpN9H@$o~{94t4ERYeC`n5$u=EHmiC<6%HX?4Jk
z@j1ZLgDe7xV}~^2dc8)3X<=d)=ifE5MQ0o|8=-NoVH)hDEm$0|Jrgh
z=jR{b>=f~vd1!08%Z~BQW7o)kw}xyyu@>RK>mc8gEQ{cs^LZ@K70$c#J}l~XLERAB
zI?(-Md;J_}OWGG)?SV0jbT0Qz^3UPdd}W!G;;(Sc?9k=EzQpay`!><~hxS#!jSIp*
zH1<2(N1^}HHJf~v$=5L_wt?-o%_cwdWPATbZtpLk_Z__Ni^z}dqWsv~zp(t+i7E19
zucCc$d~Is~`O;0~Z!V?h6KnPPS#b<7KlV!{(o!#@8rY2MEhi{`Saz&{!eZ>`MCHK=T)y5BtmLTfuGO6aGTh
z*l%Im2f7Z12SX%Foo+(RiINzU#oTOXOlB_N_3ufz+4cmkA)XhT*7WyDZjLo!Ou!}o
z{3+rKvEF{F_cYWSBOSt<&xm_lno#ClK{D?O{*E|XLo)9Q`0i3T*UoTR+SV*9cH|}R
zuTd}_`J*&!_zd>j?RxpQ6y(`6o-^=HlxOk1uhM(R?iIcP*uPz>{C_X{4drX(x!(hw
zuE4qYvB=~6Zg_A3ojvh;r^Zm3>fF=mKkl7g|AGFsW|DE|@jX}go1lIFH0`dIZtOpTIfuGfS!@fO7g1K0V8gs(Q@(|{6DmK9ys_2}fH{-1;J=ZL9cIk^MlNeQDzng0^}D(MfBj_t
z1N7-$!1IVS#SC2TbaS7iEcgxW2!4m;!lUE^v9Dg_4!Sy#|LJu3ex~$)sGmOmK&ukJBb0)EId6C#N_tRc+y-x6{DSd)+$jX9;a#`ev*f-^bfyW6-
z2~loNNLD*yUnFLOm&NU0bu-6Ls5(qD$5OvogJ*g2`D19)aPc@0%=v9)p8j0cKJXL7
z3PTJ|bCC!23peW*ujBs%ljR?kt_=3-qnP^^{g>hI+(k=7jy2O&Kkjuuf13C|Xv0FZ
z^%8BP0g13KNRc)H7nYj?w(e+GCeJ+4VRUkiF{k#_E%
z@z^APhUUH`Rv~=fQ}C^*4?+wX)E`S@HMMj3zU+*ucr+M4f&NuIp8~YAS*LH^dceqD
z?-TjC>JA~lkjqm37<>H!t9l)aoP)Y>hQ5Ait>$?V>+6h(*md0Z^!){%Ubb-F4fB#Y
z;e5cHZWj*=z64`4Q}2@fXpft~m=d7--2TOwd&|nag(E5bNt^2bv0B7%!rVKDx#CdQ
zggQ;Hai_<^a~dG-y7Rz1caZ0J7IoS^{{wUHB9ML)e97X?Wc>kVQN&m&*E4A7Y}sSda01q51N+
zXkIAn@A?t531hzt7h&x8wq)%0N3=F`YxS|;IKNjx8-D|Bn5`#kgx%>K9tZB|BL7d{
zki!jQ5CZ-VeJ8sY+XJ2Ox5fH?O^&s}(+m6S>F4fXkaP5L?
z1fL<@+bG5jv+c?G8Sx?h)){{tQ^wuQ74s*tN>0{b-GHWU3)O9ex|q|rmu)Q0fxdWI
zbD%v(@MyiPx)RIK2Vy^zXOv@kis#+0mN&_P?_qh1zWjS?c}NbtjOCsB@|U4}3&>hg
z;B`ZAJ;>v6ig=v9MMIMnM3ZO@<|nL<0zKkDhbYh^o;QU&)C6mxmDLYuY12_7zSlss
z5%_7pol>4spV!i>fS#8SFLMh1$gQ!jUGv_A{nxA4za1z2TjNut|MY$i`>%Iqd{l8p
zPWVI5RUNQI{>iqIwI%g&@uWWPk{|b;sq}G^eKDd*eOyxiHg5OXKCKQgqwu3d-;0Vx
zLRU9@ROsqDrMg4ehPp$=@c*)ed%MujttLHI+#~pXGpt2bKlgKz*?XXjWjJl`Pwc*O
zJMbv(MO6d2-wF?YOgi&UkI;Q*y%ZjNkNhKoo*CuIOvJE9|410qQ__XQWjg)zg~Owg$ghcX
zM!Jql&iJr&;aI?6w&xO#zys^){8M0GS(8tFefq*n*!$U!~{J1
zbtos_f+i>r87>@)z<=z2(6CiT*-bm2JVw|GS$7=2<2rn21=OuDIAz7){9op-Jvgc=
z&7XU_Lw6oPlLrJ1a&M=>JUStPAkhJGJ84ZPAVx&Y&N`%nStmZ$VjOfbjz|Y^WmcRC
ziWW7#x-*@CD^=T;4Y)f?5yf${C9_fkqx`Xqag3HAj<`!OvxW42-#OpyzJ1f($yob`
ze{|j3_nvd^d3@)b?|hHn7uEg5cFErP0&ANmLT(i|TP&va`^j_7YdTNA-&BY%AwXb|JUj!0)Y&;A+V2f#J*
z74X!!A7cJS%CA8FaYO!b%Fkqx-!6;%a81g;nDURTg!8zJn8_l4u`Kc{l)sGfmr?#{
z+@8874E-I&auh0OFO*Xc<%~lboF92M?W8`AFy4bO-k%~p;2!@f>6W`zA}yRfJeBdO
zUzr(yP+)JP{N!SD>*fx{t_d68hy;78&Dn_hliT3Am7YJ%#B=1s*KBT3m?G?Z55V)S
zcQ-&f@n3`gM@{etHam)Gz5-!=u~RppHfIRVCOYm~In6HvB@E5urH-k*TIemRr}*C1lR_QDVQVVN{>
z|Hki~(fyz4d)4s0KDi=XDJi3w`k_zG8H95Cah=>uc1~qb#=E-z8+ydoUrGqLYEg~`UotIFPcyHZ`t=GeSbgY
z`GzTDwQQwZu6w76W0)>ewCB-&J|E)+xj8N$UTc8Y!gbjKWxWOb7UGvb#Qlgd9#>^>
zG0WTsn`99)x?9Fr*PV&;&keYLy2J21idT%Eg0fq?AdW@yqpr)s>ieT(Zq3eSC$TG5lSuu&c58Dx-cJx3yG(#QR
zuNUp;F}0)KkfsjO1k$u4XlTdB#NS(|(vA-k?Z~2bOy=+MD$zi=J{iyKk+?lZuLs-E
z3w(uM&)HN@po8jK_EbORrq+{eW9uo_+gb$e$M*a)wWqEg
z<)0(Rrt|ZkI~ZE(;`(mnMgP{oub}L}yr$v$=ZAI7%Bmu_u+;N&jC=)-FB7zV6Z)nX
z20Xy;c&zN^Ag&31S&heGTmgJ{rm;5W^~;_Jd^;F=NYTz*Y2fSFc3I$-N2Gh>W84Pc
z{(~vLU#4#ee#aBs32jreQ2ywS?1Fn|7RE1K9ntNxF#W7F`lw|zo~N!e>Z20<`Ay7x
z{!WiA(w4^lwCB3a{J({8)&;IuFU*Znj`7%;rD_-hcGHd@gmbJ;4bK4C@XHkI3CG`T
zgY_VrXoEF(0{)}g=$(N7s5V**c3-GNFx!eDzGJQF*?M^P3iY?y=4#ahoL#a1o9({J
zA>CCb`!%#5dd5V*k3brqp?s7d{LJ)hB|LjPj-^uZs
z5;#q5koQhz#-peRLY~O_xWBqGwg}2v8<&5V6IQAM^;+OH;~QodZsfMD^>j{ILbmLq
zOOBNKO0dY_HG3R>7PpkMz#&^4Zxvkvx9C1D^jpQV93BU)Lc$!2Btu
z|0u&Nq5DF(SLhz&O}Xg41n$e|UV(cz-MiqvhVBvnqmJvuGS}Zi^>;1d`x@u1abKKe
zz})2P{}R4m4BBbGnYE|X(`|S^x)^n6Bgf`KU&<7#DHXoZB1#`!Y+UcpPZ~=jY5p&s
z8h-e6gDzA<+Y{3okcWCC$sJw|b@RfyigerpdkfOB741q4I?N`Z`4Syl^23B(cNfsP
z)wn6nxb6`*BG~XYT!Cgm2Fl1^6`+aW9@xT^;Ph127F8r_?XT(
zKC;jwIt}wj#&4|CJnz9bEO@_Jd=JaEvU}aq9?gSspD<1|;Znt6kQ;Tl5f$`t;=Nfw{+-ck9GrrqCyR${dxYvEDAbnE4PHAJj
zJdOdeN9e`TPFUu#qJ(_Am^p(p*+(9f(_W5s01x91_O5sOvN;b^)xXogYwe`|-n&T1
zh2DpAZ||kf7FeS$=(32NvO7}Gs=~Ug8|Nvv|0h|&or}`r5#SyldT5B_1#7aK<4vIc
zRw`6I@ITtX$B+Ec74+ltc>U7fE5))~ImR*26Z&P9+twuJ$2`QkH|U$E%KuevCH}8E
zu^#LtoiALYcgk*FCR`&p=1V5%m%p9<8D(b?16Gv_zh8KS%U#yfS;kR~b|qD0S5g(_
zxCYjbJcws7)%N`l>Gt2QO4dKyO!odC5l++#Rq1dOQ)Bq1)PGi`*3Z?;Eh@@YZiO{G
zF<($0yAjtEO?gij=XUe=XuK~=$9n83VRx|7kx<65Fh(GN*7w9X%$=t
zhC1GgD9V9KNQa%Ev3r2V$|ulRp2>#6=m&DATuyXR9=SS6pLW4O50*oz=|MVVhj&JL
z$cfuChc%M@!H8Pen_*!iKB~5NQIMui@N&5fFWci>aL%h*!F1u(F
za)=A63;PTHbNdOjn_%`1m(h0O--+JVRpR+(a(t0hl-^aD%AX>Q|5wH2`!B|^DwbCb
zWHap(JH~mGD@hjkIghzhCRdUyure}(X=8pVk=8GXwB3?OyGash;To|(TAV*`(|EK)
zIXH%JjW}2Z`X0J}hj_Mx?fajwH_GfDpl`*Kpzm^^Z-uX0d7Qp?@K_?>1avHnUe5~h
z+usY{miiPg{2%R;E5qN@@OEs9igHb+u<9g}wv(?&Nz-&FCoR>pZ6ja@m6HgDKph<_pW!x4Pv7`zN~
zs2lQivnTsE$+?5G3Wqt)YGGfXvCP0*?kvOjx+}v)RKDb>;dpMk@7U91x9{iaHVk0@
z=xsa>ZL}rfe_b<(c^;=c?lQE4UKQN7O!I}tj(XnA*SyGs^us8-ia~xez^NNV`
zI+^^yq03lVm3KDujbExj|CWoza8}6Y;|A}nRa`b?W9$;+v8crwR6+9~xG>o!*eJ``
z0q^o)9L;&Jro3GXjqBIc>U&zM7_jqLP32*@CtV4~1Uq~9GpT}fB@^p=h4kbX78o&*
zm3ZuLP0~(&MDoH9((jQHOGfXk8E4bcF6Z-$b
zqfCMIW_Q?{#Q)ZYt(+I#-S1#O8qBgj(05qg;me#~)MsT}Mh^nt&%F;%uU=I_C>M@MzD%cYE@a
zZQAQMd508BXZHtPw
z!5Yrv)`zk^To*Er4PD#>ywC&uyxS7SxB$E^?C8Q-&|iypYmFEi0OKtev8CQ(wlPkN
zd-K09a@5%$AYyZHeXd@G1awjLjScu|F?PFTn-`nq#Wwk`<%xIXV;N#8RJG9#|E`K1HQD_o&l|6T4v_%#S3#
zi}SzEiTc+~q&LL&7-jx$r>-Lw@3HPiS$dumJJfoX!fU$7)cgM%#93P9d
zG!{eGOtub)zL9y~tciq{YTSMj{o~M1MD&+={aO=`c_s5SYa%lA5BI@JA%C1neOq@;
zqHl|m*0ULd*}Q+N`Fb{uuV60HAv@!puSTFRgK_0yL*)9A2o91j_-sJrk`&wT|Q`6Rak5K#P
z8EI?4b4EfQ4d$N1<-NwDT=d|J%h{T3dp<*}#(&OEidmBz)pM?3+x)mc<{
zys7V*>^|tfCQZ$90uSs$-#2crS-43QNvI5CMZ$S_bMkrE!rvWL+t`MFKVtR58npP5hvPhU
zkuJZxSm2Wj8GL1g
zr#SW!pNow3NA-Cse!>gdIr~VdA>IO%QyE1)
z1+K%WAG81RMOe4H+;ZU)TBGz>7JfdtDe%v)
z(D+>_O15z@;)%!Ync0&E^SI6R${^Au(h=_eOLh79*nnp-OYFT3lGuA!Na^?9O@_U<
zlK7dfBBUiYuJ5~5Qexk2H|UtYBrLExNbjQfv{>KGDfZvvWNU1Pw0fKaoQs*}YG}@1
zFm~~%PEQX2J*C>S)8XT1+P~YWK0Srs&Hej8iv9b?L@RF>e7pVoF3P{7Aoc$JF7Y&7
z1&RIp7qoxR3#`7-(lDp*ZdiA{a2`dP0Df)659d5P&nv#K
zQoa`;-_Mic`?$%^*d1}8UXc44C)RUZ$FU5=s2nvCal-k=ZLo<={~d(aN=jQX%t^&Fyljyn?d#BmKk8Nx@mG`b(}tsi;d
zigB1V)Thd1V=@H!^109MpPS#19*Cc%_B(`ZSFE3c9$wV#|KZ(E^6iIfw2kBgaE&D7
zKN|+h&_{*6G*B;MQVsah;K6hGHSH7hHO97s=54C$T@qT!*l;aSU)^&5l6DgZCn$9+gxs`^J{u~
z>4NH=EWNcZpkW@YLn!Nz_NQ3GDC7RJ%II!sr4q7rqI`BVk=L@y8sBg9XCJpFf8Q}U
z9Gid125nu*ac@iA9#-nxC^Zr8Z4;#v&oQ45WxmiqNN=4)Z(u?99wVA=%SD^KOnA#_;-BTF
zvLE@XS&!3;_L)b>NB?}zk<#yDd@1yIewN#IaUbW~shx-wVf0tNkpF`L^u>y|U#bY-
z#AVv(pP_o2$S>oLSjWi=vH7D8spTM~IrtgQJ2;#5z!@3mfCc72AdtY1>dHZRc7xKx
z{ihaqbotqZUv1gfPk0hq4(^q$gZb9AjrnyqH#!O{JhNCwV?MME)9s~n#W@MwEWM1~
z^zL$Y=6Ekycf@!5E%749v(a`$@OY{0AwQ?F3TG$V2kHB?rnIWgT1`6`>lmMA8q0L}
zyzSZP@$>b58zZ`Oo7!VDv`5$joNMkdj337tEo}7!hqmmCQlETgKT_I*KIKxyKs&Vc
zvQ*A_yUWtq*N3^@@N6@aTLyc6vt{20WFH>2qpz7rHxB8BD4m_s{f^S@vWu}m|2aSP
zX^$QK+{!t(#LIA7M5=s3hb}p%ikaZSG@io3FIiuX*9xDZ!d#
zb@6qmbj}ZbvzR||t{q>P@mxF2bjCbH*nbh*k3
zvOP;hPj^t>b+*ayPBP%1+op!^HWPIP(k%m-?C0AJesV7IlgrWl)5y;)Un1W$`u{1U
zn@e)y+e|)dAH%!bO#W`zzip;;sK2&D8S6~XUq!!G$!HIv`=2e2r{Vv&
zZ^o~fcJV^~mI1{0)RdRiz0!wjBLAuh=^tU*=o_#;_n-}tGT(`K1iJ6)OdbCsORV)X
zc}&yv_R=3y+?^d+iSf*Xb>K^b{h+{Ig!32hGtZN5eqEN1VRl2L@4ZdmC&AUJW&
zjw9*rbW9U@1QsO@U>eJEg80a~KByU6fuUxZ9bBWOJM4@zblOfjvszQ_(2?wxSpz|h
z;3EPxqA(gX(Ih;K8X!s_`+etpxBK?(N7~09QbpbLz2|k$`R+O2^Y``YMLh+3p@M7z
zZ|E`BRpe4Ka@?>%{w?24{x{F_=LO31AsiR(pAXRU9r|egP$@fsw{?=Y^)to)N00kL
zK3@kZ6ZeMv;8E#Dug++9A}@@;QD+S_+Zufi3`U&;GYB)ti0`D!2%oDh^sXam?UwBD
z{=6{{_Xy9}qa%7+$7J@@ducsGX=>fkZ26be9zO?7V(fKr@91`{ztYS7CYXK6h*TBC
z*r6#vW4tWLu~@c)a8}^CuQUYnui#%oKk2%R&`s+08)WAS7>`mXU022T+7JR?%ZvsWqYX~s9I9p5U^Mi=!pO5?jy;s15O7s2?7)Z?p`omRv_qB@Mm
z=b}2BbTqydqU~9l@r}axU_8(EH+cdLwhMRWu{~Egu^)Ed?yMO8PpnxY{x6NzORtNp
z7sfD63&)Qnum2^{%zi1ge9DP%-=g9lq(u3NKCiUFd4q8d=JPVjCpPoDHW%=y{tWnA
zVk^56T%P#bMbV7%W6^|1VQjDz?`uImVw{Uep#0c8=}vzF%9E!`=j
zUq8nfdC|h{9f)Df{VlH%{HM~!4r;>%ZInP8%Xk~2tYkzRX_efmPaZd{*5%AhfT?yL
z_0uype!k;-i5@~@YJc~9@@viyA-_E5d%$CFlQNpCVGSf6w_-b-s=sGU4dleIwG$fv2q1XSPd8p?B`tTu!D1C%@ho!uS4db~@UFAGK
zREg|_-#_K{u#&FwX_Qm!J{rGwlyYrC`QnL>_@^6hvkm>u6EKr}ycwRi{Z`EB+;e#{
z(8Q>sFMNW^tc5Z?>hnNDFQ|tK(z;?CM+fRFOb6^kt)769&i!0y<0V|<$1gUaFAVCM
zC+YL-jcEmTo&H2+xeEUT_W&cDbt?N5_uVy=$o9tU8l=DB#s}7LdBl2+Y}bCj*ya~w
zWxy8~+c8&M{)A%WMeNgIOzFS%1a{Mywq0nq%mq1H#Gu%D3<}njkyfDWF|w23dwf9n
znAI1!O=wv0dE#Sw;5yrJ%!w7c&Z(3?MCIiRJYOaEtL}N$6L_BFyYvf)Q7*>K`(GvI
z&IkR!JXRYOw>(Mpy`^*ecC@|nrLVt#d!-a*uWa;x7r8D=E!UB~GM6nNnQlQ?rZZ?{
zIy>nhj(-)656IYtCbg}ylr1l0k9+)kb>&>grOqK%$`&NFQ)>I0tLXnV{f(#3dYitr
zlCM?QMm7=Zw#)X
zf4>ybXQ{tEb!^oZic=q#FPfMF{^Q8_@+-!MP6dAHyZ9585cW*}`5&e|vKVAb?fNfQ
z*8lvsvqzRu{o!-*?U4b(+&gkEVvodm!|@oIo1b-0N8#Z{?9IhApF5%Mmti~-VV@qN
z-;L*w+J6!DJ=&EL{(2%j@It~eoOkYrh?y{dWFG?^69$XJhfeOX+<}&wjsn
z;29*hcmJ0suz>RP9vK$;?#pBFGYkAIJx}fe-lst{?fj_V5>)`4?>qn(4td9$4d;jy#HIjRR>2cozQqO~pUu=`{|XAFOqa
zqYIuNhxa`OeA|=2KVS?V{ytH&vShY=@KySz4U_k`&B5@0nZT&
zsX#K@8rNaIGkF;45$C5HWEjMmRQSYxI`cMt0qZAK;Tje4xE13fXJfX@aSeXo#_Ahz
zPBudw)WbApFLR{xw(gAZt3%cpewDA&e+qdL`sI7lbXMyy>h3h74{j#$zN4RuoP|#@
z_i5ZWovg~c^>5`a><8n${sZUm;_dbwFqU}jjM4rXqIR}IJ5KuMm@(G(AKDM%d}Q%=
z$Zxi0n;neDg;`zbV~1Ft3(w{`lsVc(bF}Jnm9EZsn;rS+YO>jshM%3RyyjBvVLgn)
z4f~!tHV_fW%W4tM7ZywFNIouHfrSO?bP3P#P6WLySRNv^!E()
zw;lTXQ8+%gcTd|3>kvDd=eq}fE;JzupB?SBdFay+66LmrjFk5euEBWzA79g+A`eCK
z-QzpVildKxl*$f&7TI6b`I0+;&bshBOk2xqcT*p77eTK(wwp+Ih!LY;!(_+Ai(MUq2QwYysqxyK
z&t=u}1i7*;K_$*<0V~Uk&OaX8-*1L1oR^33D9k*cbvDYD%;BqJH9yW@As+G(Rf&?#+mc=KOGzYgtoR^
z=!4tM8e}KR6K#^!zmrLDz6z|3Ao@d)ZMdR#QD|Rq{U5WKWxmFZ5Vs&%eL{jW8@7=l<`-~&bi}Yyafp>
z0CQdn8NZ6l_&J0PT5?M4fg>yuV=AAD=ex@UzQIa5Z);GoeU8$6
zxoN)IPNL3RHD4>V^OZOUFW3K`{08~2PDa~L`pLiMZps5uc=B81zZ#76?}GM5{sQMC
z?bXKzg?~`8`fY=P|I)^X;re$!<_Y{s!T%o=F-y1~%OG#H(EUxkk69t?8)Y#E(5{m`
zYThjEGWTS)H+R6Eev$alC4=IeZIfo3ZCMc<^CGg77KZy6gfapX>Hlc%jJ%(GA)l?n
z^CCZJFxl-$A2^-2xTb`ldF)+l%vjp{~^)}>RC6FTo&ZVsITESA`
zE5miVHsXv!wsBelQ2_Pj+b1;kuL8w|du
z4$dF^E)U^317ny$7}yP;Aa1|4>C9N!SSWOL0cp1^7){s-5QfVLF{jblTq+OQ*^5d$je%|Na|~%xEtcY1Exsb*C2Di=F4ST-V(wkIcVi0qbxY#p=hb3J{)Ef9J)PIV{e_)T^?Na=
zEXOx7IqW-M^8`Lp@XtO5Iy33u+qT);;4ISvO%Anr0#_3qx<3|lSggr+bvx|W3SG@4
zx(WhaO=BYdW3B4BiJrH>^UFBCBIX0KhLq=%>A6=!m$wjI9{))2jgkDGF9W~3na3f-
z`#uXO7n%PfHNSg0Wjw&R`#-eRa49u>K$o=W#c7KmwjgR1_IA9V9JrcxV0Xu~B5Jem`PY5&X#f3ELdTc|1+yJ=LSkgPF%K1u>U1l&^uggliLn
zw%=k4T(>g$Eb7^{I$LeLXhvLp`$-Z1L-vJDJ&L~F=PzJh*mLH71AY5k(zh2n;qRbM
zzas^GdmqqI-yX^2hk2VD;%xx0hxM#=`&jw4#q!<24#AT<5OlCoW^|QC?=ke2&4$u@Uw2IW}TC?Khb)9tGR+Iie%~
z2f`mt$>EnqIsC9LVx86q8f!(`oXYX#66>8dq0JZg4Y&sP5HHnE?}halTRz{&3KKR-G4kjJwHcshW~hCdj4;kr_INI`1E|9@^c?KmYkm5Dteyv4d{71`_F2c
z?^Vat{zXOPUsS~Xi?&DE-xd@aVeju|#V*%#p1{jW{Od71o0PLg3Qh^@_akQo@`{)7
zGfA9b#q{n+-xoP6?}0kW-V6O@?w6Kw-SCyrj`}^7Hm{&Ix4oYlUQLej{_m^!eU&X5
z-`}OGkMD?B$w9W1^2HY6cMd%5i9K~v5y#uX-{|Xud`+FS)GwZ!c{wN(s;6<+r?5Vs
z(LNJ;FET#09lVKPR
zYv|FG+pY0m|Cy%0N_hUYioV^N=c^H$FOL8Gt(tNhpjVj=MnJj0!?{ZuFV5q8De4xFsm7ycbHZinnFV-EC&(8T9wWD}TG+hmSb2~^IgBSg
zsM)`vj$h9fd)40rVyr_QIK#?Zx2+IuK$+lX#J_@P|Euc1Gz-sJk)JSx_HW|Xv0RY%
zW%Xu|O;u-_=NSr*qv*m>WrMX^|I#M}?^DC~Kud6S%=oONH-LFGRXZod
zJjeO1j?p1jjAMU9U(Y(p;>SHSQ-1>58rZG$m&;aog&hfX?hBj09xFQ+!D|@Ut>8x$
z#?$}Tk^FZ!vVWVS*3aOZtorSh(wbfSJb?|QD}L!P>XZ$^>~MbuU$HaD
z#8#88;>aO<&%461ab}Ecd?U%m1yQnbCDniGkdTAV#?V8dSC=_Y^9?NtCeuq!HJU4m
z|J>dr{C5kQ3@PYruLd69$U6GcRJujce^HngMk$Y9|2q*{u)vtRqUd1>(6uW@&y4zz
z9I4E_Icr@rV&r!H+7l>slmF8@`0lepM#g%R^?#iDuT%BkqM5JGv9i8o`q6{b#vD}}
zaOU>qvgKYId&J+E?Y3>1X>)EvU*X69*u)-hZ;JLuUI5?IVxG?i&x2>v?6$4?_0CLI
zYkP>}lNy>4dt%ccJb`MmEw*)w_fxOgl&CdR?blG>#jIif(TBS+UNJfzF$2yXlm`_5
zQJsG2IKHD+zGu$iST_TeHnt(qmlD=Za^F#7T;I_`@*OQq7!UYY(g%6p=JuwhnPhXq
zoV}%N3B1Qr@)cbQ?@>guU!lrZ6!Sbe!oH%~_J2?9+uj~OKB1E6!Sr^79k-R;9R
zr&F69Zz3+qZ26X`{Aq)PqY;b0b4tO#hI-1miv6Q5LSkhxeygeL9|pMoVH>qS@68{c
z|0>GPZE<2_cilnyuQw9;uO`<=JWlmX-cai!2EzWU=gB|7^ako9WUi0+JSAhFqCM&aH?mOHI
zrx2#Y^9S24HPS5jeiy)bJ5Y)BL1sAheXQ?fT3^?}$odvUt?%`)zIIrrCA79nV4Vv2
z+M+LODc>vOt?!Z)*H=&LE0cantn2(ZIwmWv%QFX}{a(jg&nu|j?FVAl6ZK13w4Tlb
zk@cL&@h#9F8S}`Lab2~73!zhef6Dx&A5i-v4@UVT_W(U09q5S;9vv$ih4%bYxE_2~
zvmSU!-2VnhhxO9y(Renn_WqkR`Up4I+uOMwUS@k+5ohTNjB!@!B@H}2=M35}no%GB
z0=2*Pb&SnX=L;&6lk4=)gmwB}Y9sgcXdUP*t^=LbjM)8+56L!>-@eT3Zt(>EmGrm0
zUEG!tl0<%32v8HdU$a31PAJ%L*CAz#&%G#7G|4kIT1y=(mVfebiXrV?*#0N!{~
z5<4Wu!E5chZjJryHx$GC%xgfW#jXl7l&hCE_@*)U8ExGfP2FE8@y}Ful74-KLeJW|
z)tb5+sqUQD@cTJa*&-F1bD#7C?k0cN$#9=F*eWpBqoj9NOoBZuS-kqSq>noCs@k5H
zns2t^-?a19i2g{@4*`F+#Ww`wz8vUeBnxxauMg*}zmD`-w_}~GEB$KUBNpc$mw#04
z*L7XlTxyEo0Uab>$@FS`KPK+~^h#p;bVe8_WlIzC_~=V>AH~9VKt23EwkOf|B0swc
z^NO^}+u)f))=l#T3fxAf>lOcPv#UAloiJ9P%LOgZK5AzflOl*7C=
zJ27{*yKIghu5D1ZMOxe{o38f2U4B9O_UG`+RJo?Qq!7!Iap~
zVSw^Tt%W}OSw3OKK)X_YEAH6}?#Uja_mcgX@2SErk?$k=YUUEwPwsxiiCOGxkXD)z
z>qPC(IgQE;cPc*A5sa90dUmuE`MlKPZ8y^V`#Z;v4=+wJzfetQV*Hn+vCgV_Qt%lj
zcZzvJyq8jXzma`-Phi0OnC|uNi(tS^LLIm?xJS^e-LAxBU(PT`=|E)*>@Te(>ps5^
z_xi+mCKj5XZTnJ-N9OOpFTQ_GG95vO&cJi&;#qx(cm^Z1gLK%XdZzG)!+YB;obEC2
z!OeL*Zh)DDzo%Cc7&bF07N=`3=9sa1$1X&2984g-W<2`%nD(P>d*k8n$M>J9*&CZ*
zszoaIC$q&En60;tl`AwK<-@#^Y(i{r#6La}KlcCBU43v|)pft`?OW^HT8ovfgcRQH
zNzzhFB|`Z+RLsIMiuJAXy}190N83MCPO36{`IvJ(@NS>{wXtzweQ_~-~BlE+;h%7
z=XVB0f8RfvTE2i}^xJtfHT;=O5yR(@9%Oz%NEc55EzLE~ioGv)=Q_NrjPLbHWsF9V
zuNr(8<-;5?&b%4;k7Z#mivcQS_jbHea-luPkb-k^t~0<`&8f!0XR2n1&w@o7;&BIyVFH3uW4apBO>oty2$$l
z|3*@|&+{1ce>mQU3>ahFUR%QWO#zSX9!EV3^sO$87ehVkpuorT9p>Zy490EbjZ(y3
zEv!E<`C~Pk$h!Vy{faqA&RkAX^cj
zH-kq1cD=y=cqdMy1@ZjCmi-*Bw^7vVd&jK1M*a7bTY6A;y<6nw+XnAL`GhiDb2vX1
zig;Q=9vtwHz{LiU)2u;YrmcMkDk
zOGSUD-;Vbe^}OQ=co5rAsb#JyFjmi`AVA|9Q4}T`J`0EpI1_*F~Fc$Nv#e
za{hQ-^L$(qGWVIcX0E$6UN_nLpBMG}O!d=5tnO+t)*Wy0SY0`W|Ngba>oTnSn@9`r
zj%I4cu&%ctj8K-bUejJ~G5(
zEVAKDFle>gz<(NIx;~@T3O2@N!Qw=G{R2op2H!b%rFxQ*TY|1b)tK`bb0CBrMCw`8
zI8vjC7|3-(wrm(e?3hHK#|DzEDU6
z_8hCMIIpBxOzwLE9*QJ$X(
zen-Oi?Eufmg}Sg2kAZC#%_2{KENJ=hfjE7AGhse5n7z{I#~#s-#sO{zjAQwo^V6-Z
zy+;iHp8-D3HI{Wd=4@Lj3w`Z%nVy_2H+#ig_)q;PPfhp>E2&qiYGZjXE1Za*eMIe8
zEa`+)0#B~grF4*cC#rpt;-WE3Y+2Juy2rPuO7&t+iIDxL^iR?1adZ6A7HEHGiuvFB
zq@`gU@?5A)7I-qTPQ=|dQZT-mPpII4t7R;%3{S~uEKfF
zQi|9^&x$dnA4H!6Rl8mq(-ta6H8uwdpMzjV23<+Wqz`!HT(*T)_#5Yb5$KjUUjqVX
zZ2y~xEkwre06C^&FV9(*pLpJupCHS0>{kZ#%Tb`LGVo@?qK*6COvI;&;UB~E8rCk4
z`8M{{Lb0bR-b{?)=I6Ebew6pgs2dggYw|$6E}M@=J|7FKj%wFej%m+DqnAVZV;ac#
z{m-&>DG%?&a}v%OMhoZ*U_a$ofc`rUwdtMmQnf~DrqV?y{
zC+m3LU#W!2tB9wSQ8iK{6+G^XK9M`QAxkw^H6c%3R$Gxza$
zg{r60$86EZr2T+4t$pM<43mHV(K*_gi_S7(enYlehKt3=m$~c&$*eQe-eN&F6_H`j
zRX{hGchH9Q(rUCkhA9x|XGnJrpgW|iGh#nXzcK77T|qUO)$wXmu#XJ<{md$=;rCBP
zt0z;jzqSZ^3cnGjCzP$yNMIb>cfpz6D6eMzN=RS$E)(N0$!`WQM@PpD|K@Z4ADO=Q
zzs)D~tv3?!xw8Hr;B%##PiU?1Ke_33b3UQk?!;U|i8`efqs!1KQ_UyzSK^z;U*kAk
zzlc6IjU@DB*SX2#??3-WT?X*egkDjp$q##vHwCHYzMkigG^^K4+%l|2c(IMcN5
zX%>3Hb0Gjaym7yY>#c)K+(hWf0MLFe%LBYLNEEz}EKG$RW
zhk+U7^kaERDe-kOf9SdWP4eLpq(?ZcwZ@qMY=Z#(xTw_iJ?+U{xcKrhVcA7c5x_Mwhb
z5)8GLQ_NewjnoFW-ssik3hE2xQI
zLqj5u)7rkT$3BF(kK8tNeS&Rhfyp*hIKw|RJ|COKe2nydHT%%rqW-qtnf9T75M$lg
z`}Ns}WZ>zBjcAdP4^awfOJ>3A^9g!B(=+UO%3?qKx%iFkpBYsf^_e*eI)Gl$3RK!g+Xuh}T`dxV?5Ep}#lEY!GF3Iz>)o(&R*n*DvT8vSJ_x3L(5J-}0azD+Xh
z1;yvv#&D@WX7|!Wisy^>!FTS1?_hhOX>AbdjR76F
z;e6N*@-O#!D2q(PGbn!^%VU0ktD$_SR1eRpRoB0JbhP=T5jy$jgkBhv>tPR4eQ1K`
zi^d!gOX1zz=Vg76sMR8;b$!HW7vn+}!&F=
z{T1{%D-%9vW&I6;uHoM#`Lye~-HLL%6@L5MVoot0A~Z}j#NK*eqNfcSPZ#}Yb0+5f
zZWP}i>6$xd&TM^SYpcfBHl_GKvA&I6@%7zn^0z%9*K_+XxA{jTQjM6!lOu9HocE<+
zd>^vAsa@!Sh@Xwm@!2KN^Wgn}wGFI`&yaVF$YpR=d^8C2)&=WVlt*e;#qw~#-rw|I
zYwwhhxgsI-3xM&0T>Z^C@T?4aVCym#Uzb$onPYy4W;c?&pv*_a{
z=wqqn`_NW68huPfTPo&V-XJyWHf24?GtJ+@eTCn$k-6VvU!(>~%`q$3p8~@2c>v9q
zMvOUSv3{@*x_;ai!)aS6_%+VwE26LW$9The#v4`(?4A98KkRwIM865`-p=BNK#plU
zHOlu_IpWBpYzFcS^tGP%wPI#pjXf%C0*U?ou}aaN<|J)@H2V1y(N8{q+OjpdTHP~C
z{B_HhXmx?u+5L=$eZNNZed6VKUfg*9;S7lNClKq8XUV<#2`S!(4)`sBzVS*kXtuyBqg>oRjlmtVcyO{q6
z@ZvA=H?(n{l9Dc6togKD+XZd8sqU(DF
z+58mp@TQBkDtIALf5rRiFND5zY4@-PeIEWYhDUpLF#b)A;nK=XcJQ)XE%A3QflI3m
zxY-ynM#jy4qwUj-QJbu9r|uB(Z@c4t<87D0cu-b0?D6G6BgPQ1ZEM7se7m`QC)>iW
zGAdLpGzkAkt0#@I9u{MD?B+NQbJL{dKh&*=8nl5?AN=Oi0+OAHv6BZUVqJ@5TG7>G}MxjPJ|h`%7kgKL~wW=~a}E{O>lj;r#{l
zfy?WNV`fwAUh8uio@3t-zm@lgLVs52=ackDf$tOIgStN5uC!B`#U59{?+X1oNu!P`
z;>A6Pc{yG7Ub+C@|1A5oFJ$`}#XAeUFO5c<%WHC*;f%Ns^mgKnM&aDcb;G%Foi0hu
zKE#<)SUF$0H`k|cUE&vWOygi%;S>)`*d$*A7
zr*sO+x~5L)?NiW}ld$u=$e!j6+3a47r?&RV0c}j<9W9K>x_-fYLTBLLJwJQ?S;Sw@
z6gb5>46Cj*j6T{0MC;n}YHRNi;p4RVdBg)DEH>}zg!4}AHstMXJ6e0|4gD9&cR^oJ
zMhWGs%r1&+n+p_hc9H9g%5Sxl~4T?-WQO4A-u0WPL}BoQWoO@d9VlL>r)SVvx_F*|1I4!_kRn_
zb4zUhtE4_GGyF(5dw2!Z;K62~F51xJMR3dv;~q
zp9gye>*IVlnBB^wdl+s{OSdbwKA-sSPFSBJnC~LY{|IAQ4zh7SLzwyRRqoG~R8NgDjb7
zzpP98eHW9%Gs8ue^(hcOHeI%M?U-__F9>=o84DJuhBqIw|5&POGFOjIt=|(rIF!
z6_b+gO!lrejJgo6$CuHjal6SU0b?f1U~EAcTRO;_A4HojQuKMSuh-tgc}W4U#)u~-
z&Q<8|5ajp)D#K*AO{lBdKo4zC^T4wvz4Kcowv=^+u{!
zR;u31z=txRe_6_Z`8`vvx>!6bi-AR)tY!`6dBlu$V7z{V%J`R!oy8^HhP@l{VI3yi
z8SazTOfLXkIM}`Ox}L2-J1Pl;nXVz)J;vIt3nJzW>a1w*QAuXMmH!mOvviUH|5I24
z)l#1()GsFLjQo7XB+w6M#{fYaYN|9kkAL}=r&Hz6fAnVqeV`vyE~~$^{5`T%C;2?@
zNGNAL^WDsXvuH^ZVhA)b{qg$WkKCBBt9#RNp`IlPE=NGH*>RRL|_oDo7jIC9S
zEgR}*IB(T*5cglq1@h$OQ_Z!wmK|a($9I5E3h!B*AdHRs)1LMJ_6i>(`s_Mb4##WV
zYx8gJ83R4zLxFAGw}Z!?V*fFB@D0K~x)YvPTh=E}*$3-*M9l!2LV29!w6iTodKfqI
z+~Ix37noDez8w94Cfmqkstn~&)-~i-kYlH#(L&&Rg$d_hZpE0^abo~z$`AXx*@yPd
zFQKgy&Q`Ps0B_Wwj>dVV^08)>C6GV4R!}eAvm?FPpJQi?PG(TjVKc$gWe2L9`1LaMWGYuchE*9%SnS95w5I4d5P4V~8XUt!C
z44&B(iOG@KCi%(Q9`1eQ0od+YIH$2Z>I+C$hWt3XefIdnEZ|9Joc!(^cW>wVtvbUW>Jz^ampUS_n{L{UewL*{
zV!;t345y(E3}s?M>73j
z=!s!ZFa`dN*h|^UXCT{Ma|n4ki*bXwLcdV-Swo(F6*(&8q^KWtq@Tck!#F2939`L@
zaYp{F)l7GN8qP`yWKiSWL_fs>^4o6o{b4c}+rQ`izq^d`!x)oQaSwZ0Zqjppo8j+<
zcflZ2<^c~wSvF+H;;X-g<+>5MYIHeEZ1=&5_-O*vsx;qW#XJpV*cN1XFTBnHX__sTZf5XnsoJDOJN>RJo
zc6*eu`+eWNFL_DRADCUv;k@R(`|kVhz2E)*?)S4mM&Gw=fD3*HL2kW(vUJq;s{a_z
z69y6HvMUYmqYj6EV_O&S>Hg6hdVFbHY-pcNCHdeo^pAFOv~$jnTN{v-J9X?>K*xR_
z(XnQjzfy{kMtxRd4@QtanBj`BXHh=$^JjQ}7QdOz51Zi~9rSJHGI)=UHAbo_KArA*lW;%B&7UMY<;Nv+Kz<#j}$Ri`@CuU|H
zy)k?&#r(KEN*g}sH_DucmiqbJe@6I{H_BymkQXBwV}b2mZ9$cpy%_j>^p``kqW0Y^
zKjxvz#2VMoHa#)E0N#WB8%U$P|HX0N96`E(dxBj)xd!nRXzjIAHnq0A5d&Z4|lD*}igO1JH+nFKwmm-^iZ!
zIoTl|`=;UjY=P(a`&s0P@LQR?X#~p_(sB3G+^wRy^JT4)|C9Q`{0Sw&W8b2kJ~KR7
zJ_Y0n?g{+!%b%Khd~Fulvla!ACg{H5v>=}y1RcXt@*cBPX9Fylx26>Kzb|b$)u92M
zFlf*&=Q1DMLwTk~_*}p8WS6NB#-1&5NN6ZG>1Ai#pExdFN3onQ1Qhy$v?VV}TT03P
zf`8vl{Jt)z1sZuLlP@UiM0JbVB4|6G_Dw$MYtZLqTsv8;-K!$ci1kU%Gt$-hnBZNs
zF`$l$wjlL;o#MTb1KdZJ}MTY8BpUs;=M)aUwXpd+Bp0@
znzcdprQI0C+hM?4;6p(pjMJCqpnRP=fD?UBGZN$bj5fQDtqJNyTbwW6wlK{3F4~+I
zVZN{v&}JCNS1!iaBF2}00Qn=I&y%A|2NYXK82$!&33!(6uL7FjOM3`w77HF;6Oo8s
z%@_2_68SFCD@!C_osS0gfSzoQ%KF;<8Klz{(z^(6I{luHx$DDt)zNru;dJspyP?o3
z;9V}@ZQ2hquJHkzfod(9st*7T=#6u2R(iMAkLP3g>=3N$G3fJcnm2$K^z|*k^A3W3
z_5yt8tuVHg2o4LyC&J&6vHDHt~8uC|k=lAY8LjNywRi0>fp0NQ&|3p6|aeS6&d
ze;j>c5PfeAjQhPFhX3iTwJ!!g_Q#)H8C^QE1Z(!H&x@dc9kcq8Z<;}u#q+rw!c!~J
z2+W5NFModu-*R=tY>E49PlKMLV;)#%6TOf0V&C^Gs|QDyp2xn;RFjUwFfHNyCK0|2
zIy2~_vjQ`-1{63zXB!~<7tkB@U6U~X;a;qT#s+;VD049Ke?Fi6FrSyB
z^Et4m%cL7;KJlHi@cpUQMN-e-kv$XZk4Wdz$R~;Ca#z1Ukf1;Q^IaTP#~!XfE*9tY
z141XP+{B+3?V;S8k@Ha-M?dI5CAOVkgN|Y>x0zWh&>j{>J7Uz%o36I=nn*Wc>0Ce1
zr1d-1x+OgCZ_)UPf8fzTF)kU!=`miQRJ-_kv(PZxQ_?<@1o9f7~2TY8ew0e*h%CGlHlFyJDRX*
zc{GMNo0crrvgI+#p^WP>n4dc*Sbf|ZdihcQZ2e_}tMQnuS0MGlGhZ
z>-CNN9W%V6%SB#T(}B39r8uMm;SnRx6`o4x_Zz~#)B~um^k5vT`h3pDimEqg{K8(~
zsNm;n2S|n=pjeqvXC3HT2(LlF`;>t9_z&aZO&)&{`-kh(^23Su2gpIFj}0j~_|*M3
z!Q8rY@AVtVu2c{NIWTzYAHAXfSjpkJ9{SEfI6xI!QK3wiWYTVz_I&)@L%+e$Pa6mWk&kS))Rq8^q!
z&m7VJN4rdX9zH&qtp8JwPEG&HB%9BdpkICE%%-&+b@F~~0T+{dxqQ*wU
zo{RwF&A7kDwEZmF_5;!O;_fb!1=^Y^){EPs*xL<-f4_LmTn&4o@N9=Sbk`2v_Lbe7
z4$nb4Y}{eP{&HZQF!w^+zj{MIS;gD^csJ)QO8(&Qc=-K2a6emJZy9tGP5UiW&z8>p
zq0b}T-q0Ub@b=4h$L}xD1p?@^_VQ@M(Dev!6o${EFzgmE7~tJ$LT^VHMz-_&BfD^q
zi2Qis``HQK?-JjCcNg{%e_o4y^@_fZ@0vVMr8@7>WamSOU-i4j+du4r=a4tF>n2LZNl6Yus@Z2Ml%xV
z6XsdNd<=iFg@60-BNQJ#sN^xI_JRJsSM2{s;^$79!ueUA@N>A<=QzHRoof1Epc*SJ
zzwn063b@Yg96MjiT+#mDnS6b;j16P^S#kC-E7|jK-Oh>rTXx3Qs7|cWM)A!={pZ$6
z)+;Ih9|Irq6hjog8FBC#f*@00Ks%0nz#IDG8V=6~4|5)kFsbtu+&TsPIr4CF{+2?r
z>6btUzXEs)LAREM@>oMbQC$9K=}XXOF66T^@|`P%=hw%@GrN29IsWyO!?WBm{tR0p
z>GAeR^5?r1+M=xmAj>vL&Ren{ir
z5zl|n-gEI+-jH>iUFjKiCD%W~)b7F9w&K9>=+dF7?sFQyCpLcb8E>f8EA&6O
zFFiLWIF^4W;J@m9KCWrJL*Ss+YsHmB@dD8(t|!hsI$(4b6qmZW^pDkqEiO=m?FGw`g%_-19b
z&~Xnn3j7Cns$s4%mlfvx=CJoW<-@@L1s}QoLCnWBetzd)3O!+PTMR$irclqJUCsZt
zjpcv1zWE8YqV4GzpIaF8sZ|7i`8RJBBGmihkyY4B_hcn{khRfyH_zexJK?Li|F?1t+O>HO1u2?C!9aQtuN~@U
z#Z)^K^`O5Ic8T*_aLjD5m2B#zm>&RS+@BWc66AktC+PoTE|0@I@0RHt3s~z=mhgkr
z3jbD$f4GI$SoFYsjZ1cz(C*bPJFuP-T&pnWL&jQr6~<+^VIDi^zn$$38i6+DVqGDi
zNB^YQKezClR&BZ7fTF)3{%edy4iBCs868!v@XWw{@Tjk9*z-s2{C&0seXis2-A3b+
zdVRUAwj=C5|30Ja5cU8%)4;y8c+SjPdykNfrLrVhUKR9@!g-oTzEE}0rcSh}gEsR;
zoB0)Ly0+HM;c9Ba_}1Gf&zB2u1MtCL&+ZGi0FIoDno0G{$yw;Y+#g^rWnlqYqwoJ*@!2;e;xxkqgc)vjC
zM2JgYKFsgCH>1ux*8c_HEf()qY!>z%xQ~0|9&x`2?q|~dSWfdi*bktO^)xX_&>kt=
z${5Hj-0yxSeMC{{#qWGT7F#@(1$ExZ^!c%J81H~U_=31kZCxg{{J6(y-<9k$n4
zCGaA&34Q`Na=us7E>-=zQF2h;wRJM)*BSKPD^orY-_5eT8-6SKcd5-Tn|v4MJ=EZS
z_>AhsVofZGZI9xOe-oD#Qki=QW4)UImsetYaSn@o3H`D<1ufns)_mKh1p5a1gTT7Y
zQTgY1K;GP+r{sj`j?y!3Gx@@)*gslwy+k)$D!4MCf1Socb@Vc{9|Iq<5MSyg+0r8L
z!V-@8@Af-&noB1=7`L%d0=i-WoH-QG!Tz_hZ6xcbsAQ+;_&0W$6kaLvFLc(6+{PG7
zHC>~~Ll(bIBVFM#ktK}dz5J(!_fw?OGxK!}FI&-?jKX0H>b(
z%n)}!CS3VKBfp<1==))q|AkS1p%n|T9lQhlaRvGNel6&2_l7Q01;(e9p*&Cmve2Oj
z)<&1h70zF;=2U%Gxzf=oL?_MpAk*5zev=LM&9LSH9?7O
z33}MUqsRxpf<1vUAL8zNgu5|0F}}X&_;4@*M@}3+?{hAP@hfrQFT>w?arL96Ugf)k
zNxpj>j7g`-fc0h6%FQm;WWtz^M(5b&jAd^+if$AH`zU+4$48XW|`0jZ)5YLo{F)-An%>e*VKlU
z`%NNe3d*KdSWonurh3DaubTF6&_(ll$%!;Tna@r)=z&Nl+9gL8`QLLoV+4M!V}lV{
z=ql(JEwS352k4WUHhJ6}Htzdtiy&=K=mO?N*OJcn$%Oe4o)&sfkvpc(G)+ODX`M*_
zZ-~hUxPJMRn|&eW-=jHvwh+(i2RN=426M=7bpzn)e!|siz}3X_JGFhMMb-Z_ioyDg
zU&m&K@-_3&zYo4KkG=t89Kd_Nw7KLTfqAU4zxe#hK^W_%k~3^mbw2x%Ux^hvsyE4b
z+E1MyX>AUP%?-}h_CWh`(9uqJ`1Bvi2I0SyqP<{G)y}mm@mLr)`5H4-r)q;hQymT^
zjuOu$&W|?qq+7dXeE+{uuc7hJ6XV|ug)L5Au&&Wuw5_x3`5+&Q90z
z+&aDwCHXtte{I2QtgaU0GETEnnxk2Sv;E?nrH=HA$AnJRdN0r)I+G~|8X;Z4`Aej8
zzaUzCgY>9?6Q27q#!-uY5F*!Ax_V4ySP$Sd)xSVHsc-f^`Mc!9cMx#@*ETgT!uWsE
z|JHL}q$OT-gS0*lpK2nR3G`75bh4`8a_?2
z1>0%_{a=r@a9ewoxXwkxAJg-V;(610+`E^f^lz@#@A|U{E2!x_EjZp`cZug
z=v_9^I}RJtJEUVeRu+~4pX(XcS}TTitr0XYreEy2XKMA?-4oEK@_S|2wfv-Zp~IJ|wa<);
zFHqhW@spTWhPg`Y%vIf}u?oGybR&%3w|o(3`??wx~U{F_Te{Bj?~Pd+n>KDY2U-Q#*$=hs~BF$&p2!DDWB
zu*lg|0|fWWW#`$y^M-1hg#HiTMi_5`?{=4&9nJ9VrvRT<#?{+BbhK=DYpoK)iT;BI
z)(m>VUoOkVe79G)53subMWX-n^<5^Mi=!YPEA|q==RkHemXqfpN1s6R&%B}I%lLag
ztLOGO;8#}^TPM|^g)!z!b#+@R^caswZ`z;1oXZG{;m*tP2k#T
zWzE#TCQ1Lt@8q#h(H!k;ZxH8ZlbD;scjA7Z*bmXAI+vmIk2|j}|0$jsxSz(@txue4
zTZZ9IrT)SA=LL%e4eq&P{Q3v#^8m7c+%dj?9PU5moFt3RiY=til>^TH6@DLJMxPFx
zL*z+|UE=)n4(?ZwD*Rp!sQ8UliT}Ar*njUBKOb2p=Jscn2%it0yAtD%4XSw=S;zGN
z^s|}G+`TDcFC?3vuY{k|>+9m{lPZ2Gj|-maU&q&Z-5CGXV#?p>`%sq6XlM9?jPt5fJcn!Nv?R|n#dElJ
z4&*LDyM7q&t8<*-+_wK5=115T{cF*7RhzWVpAPnrLT@I^xBC+@-)q-SUQbW#pE3L)
zf9%V>K`={mhYllyLZf%_ce3b$|?Nz{cZp~QuNX}s6*Pz23
z%w;?d;Qs~RmGhVJ@ExB|gzr?dYyy18=ZNnLp5t%Cb3X5%I?Gk_erh$RRZ9JjiS*M?
zox=XJT0Q@L6V8AA>TAajSxx^}PmUk|BH-(BT?PGjT|0bgS=i&69KOF5@HwsmzWhG}
zz9#klUp0mOFW~d9x{Ce3>e}IJQSbjLz*i~Y(_RI9=T=@je61?@+E-2v-*p1MjVq@P
zU-`%v?uMc%4r)(u&vnI7Ee*>sh62JNoebLI@aORb4m+%DYa^8(blhDdyF>TuTTr(
z@psO*!z@Q!%9w}1n?yYMd6JjMEtCIE{0ui-lF<)Gsh=NGKMCB$_J%)+-0(W6aY$rn9
z=~VY7S3Di!X@TcL{5$MI7TYvulv^i>mxdk^xFWgF{zT7^murSn$3)i~1oo39K9ieP
zY5Mu}(6XbgA}cF(`GQ}m%U7OXYejs1BQnJwV2ldrPpZVn$)b8c9GV0D3Fll?64wo^
z^&oIV-m$EU3|hzOOAUVJ~;zgXLw&og2tw^F&ehIPzT#l2Jf%W2-OjC_&iZL7LH0lnuAx*HkiRE1K`Zxz68
z1YSO#0dJ6>t^(!6`d=vR&Ot4{i5aKCQvSwKAOM!`Fz&y*WK5_YgC
z>v7lf8a<)bM;i)&EqEQ>o2`QjX}$mK&Rw$Rb_`Md#E5{$y`6=U{wb*_JTS|m(SJ2(
z>-Rq;J~-{oIP>5I+o04KTEqcR3EYDG)KwXRoY%j
zd&W8jeFNfn+5Z1Iv41q{ee;hhcCsDo)?zk-4!3BV+n}=s8)**&=L
zaSrkEW$Jj(Oj?I_sfYU0SZ}>F!TABbfkybG!&ZEe(8e!H{n+XZjqz@xb25FC@IS-)+qhrMu_OfO({1$fu9&XOTmA1KAlAx|IvIEqcMK>v4UaxZ8|?B
zk7*f9=W>Dn;n!}}?>)W(dw2*wILs$^{W=)+)7@6_G~$*5G3Z9&zg!@^uCs?7|M*8&
zX#EF#Wlf34*+IY6NI$l5e#ZcvTT9M}zRz$*aG#mq@92Bxld}FRvd>9E-Vt4)^Hx_#
zo*%@o0Q(Gfs@JAHnD#ki%qrE0c!@0E6pt#e$9rF!wxsvOv}=3&r*-t6pnY<;_%Xb;
z9DXsG_Kih4MrJ%Yg>(H&44<(=$4}SN9dLfi@Ok)q1%0pJ?_U01L*Hxod*KSLAE`~$
z@pm78x9Gct?=6bI`{=umzI&8{W5>`P_KNA_QJeE2#4q`!?W
zNUc}-%tu83*GTg~EB;=m
z)lL1xdHAj1*Nn%HmHmGj#uvXcS@08ZUSU7z-__AKB)*ub22ES8A(|4n=M|gzkNYhP
z_ms-vKRhn}!>`r_O0w`K)&<=0B|GW6d%Qd7dwj-6k@IKpwD>9i8by9&~h(Sl4&O?o`--yIc0BKW^Ivz(8y3ou*okX{E>@IGh5ALlFH
z=a*w`()7dMCF^4_|D0K$RkA*-lCZBFP%T;OGc~w@q@n?Uqd+u8zbYr9MIbnjZ=
zIhv{e^V93}DyWlOl!3qEC7>ud(he0oFDiP@F`53qj9=o@uK;H?OxQ2m>-8`
ze@J2+wp*a(Z)NdK`^6_=6Q1e#PipHsk4Zcc`zIlvSybJg>P_b}!@WWK=GJwzS9H8C
zV+he+!F=fb6m#vHxBj^l9eB=FfN9Jf>^n}O1ae1M#
zlVz&wF~p^o(%-nNFdjp#r27g!b|c?c`EI-oRURB&WmMDe`?gV0P*GAqr4$qt1f+&a
zDJdll3eqvUw~2fyDd}cN_oOApM7lP*VMq-aFkpj?ZESyj|978rpUc)FzxhboN}sjBBVN5!c~x37+LF5>=-dBx!|E-?7rTjbMNd
z331VmK&~2@oxe*ay*ECNy%MP-;q)f6UGClp*q;ddvw6r61+}on-2xvgc9oR*JlXp<
zeKwwxFHh}pRVDm(#&$IQ?xp6%$h3Kr(&tgX+Dp=Q7#m{76`T9kq4K(ftG3(rTR!x=
z^VfKpf+02EyI^_=+)wK&C7KE?O?dR3_1z%T+~N^go2LieIo^Ko+WX=`RN>vAXewtN
zDHs&dvv0GF`c|JEDsiFtsz+@Ofg@CrsR0yK`9=cPq17c}uI_wmz$7%hPzC#q{aCh=
z8K(63+H8l$S$b)UShNJF!vt~0zw+0K6+2$ceSB1r(%$qdrkHXo6=3k2yga-Wnnr$&
zi%Cdl8J7zAaHs8a1|gLE6vO9x7o63TKLa_-f0x+_)=YutZ*L*1x9V4?edo~DE)_Lf
z%AR*=pK&UDP~K%L8$`Nj%Ppjgn#3381<%_KpNjh04BL>pxi&Krj&K>)qyBIEMB
zqXfkcqWb9nY~iMoQ#rP2(f)v3ZB*~=1E2YQzh&F`?)YRIe+&WLP2cocEV*lFflh+5ic0AT+!w{${B9dCva#~|HhI0ALw
zO0vJ>y8CFFcE+H1Iixh&qd$liLK=4o*k56%Za-ZaH116RnsFIhnsf&wzIGNY0_`2i
zmn@B^|2LBJX~$^5+)CTa^|qC`_%L()YdlVSoGK+mtJ20kZ
zV|XF{go!Ozy;nhlQI}+Lsm$e=T8~ZlP33YqZSoY}j|i$DOwe=#(1OhGYkjZ46TMkQ>K&
zWuQqIvBszlGT`kUMH*h&z`h~}
zhcBXq0r%!vl|ISrFn6E-6
zJ>D1C0ZLtpHA_zJCN`glwVPzq*hwbn1*I?NHtPWI7Mxh=ejNCHLyfmF!1WCnL2o9j6SkqUlwQBj#rD$VFZksra+y8bY1s^b6HqFa__jx{
zO#6XaV$E)w>ROuaws`(%2z##C0Otf4?RqT-cd7lo^wFQ`c`+I{;RHg+8Q;n|pkniw
zmus5wq;n+O5xH>Ks%C=81KHjJ^jvn2Yyl|75H@
zFZ$0s0np$19SxO!uGrFsHl*D;-D~sXg9RwL41!pR9bSLkE-ek}-0(Vg0&<@M&9_E<
zbp561r85$4;S##j^nDKW(;}SHd+zW9D6zSU1ZZ^DgB!g-b|vq=!AcO7pH9Hlw|QW*
zY}-EDdrZm|91t&0;y;mz0f+JeU|4cct?In&g@)qc;7(xbL)tk%=b4X&y5veR!HlT{
z*MzL<;j6#Q-A3x3jb9wro;~VOKX_qbV%0WR%UE~7)OkD5CrejA9PZYXb1dY!JZ4}1
zSOenAfs)=}X17FULozW^5=@Ag)y1&D`|0s|wuR8N0X%vXuijZN0+h^BD!DLR?8F_3
zsJlTNW?*+V^RBO9y*UrHiScXT0X~fF3@$9d35-G~ihA9H@;|H})L9MGnGjsgA1Qio
zzxMh{=J^fuN^WPq;T0@ys`S~d9{aT-&%YUO)+VlUUbbyZl(866PAYaCMYsy
z)A)KiJ5ei#JDHaQX)lP{bTk9J@QB@tevv**!yxIqQSuP3GcM=dp8Vax#-q=h^InA3
zXmhfKfH%S*#hbSf9wtGRpTA}0`WHZniNU9yP~L7l;k#~ncToCiOUxB$A;8djq270&
zEnN%uRu0JnN18w;B-Niy#II*HLf1O)G|VbnftpFkYO;~~>G)?0#jmGYu3dPo#&PYB
zgPN6WdoN*`GZtPI)lCag^y^q3ylxhbCb06;lA-`z4L=;aqjUi-Zzh){GT3!b09j*-Mw!^nnN3ju#do
z&ZMVOT})HPx_zzt{pYwdmHc?yc?)qZHx~IEbI%QT9Im7Wb}LL`u*%OA*X1w6j=F>vZ^
z^d&!@-4vh51}tQ+`AmkYyDH`f@-vGGw0k@|h~+qq|97g91YN7J?qGS_E*MYWx^fwm
zN4n|&$u-I>K7q{r+TDt4S5FYBF1rMdkiFTAbBRM6T4A1A@@twy73BO!tu?$Wyzi%I;xlyCa3BCF$odm(UsK$U{$3lQt?!vwSYYBt#H
zE!?Hbhe{YtF@v-oc_7Srh;NqV#4SO3;+g$~CR2LR(nTrEy(-DN!wA;$%kMRi_U=U4
zWpJix_$N&iJE>}ry8ke+Xm*C@ArJMZa`4;cN#FzEdLU!4%k-omzA*{TSamA}E5uPG
z2Rn}u=0q`?%ougiZ?d}L@}u8)J}-T^RA(rT&cS>}g*U{`w*FY+)&2{;L4g92?hH0F
zzEmkQ;_c+|@9FD?POWQku&e-c^?y1X?0#S*F=h5Nqr3yintL0K<$oDA
zcdXs~{u+JXNC7oEB5Og7Z2TU%u}x``JO(1`3+9;bLg9!l&A`j#g9)Jg?hsI~t)A{fp?-^PaB58{+?SbyCrkmD(<&QS5lYGT;KF7|BheeqAkjy_SX2%
z=2|!JG(*lS{c-|BbqkMBen=IlmK+%#*Y0yT?^~^(NKl_WBPff#o5ifdk$5S4s@D-W
zcCWX0J);}-fHCEB;25fp%C3w_S%)q-50`JBLyBQ@H%kSo``1
z$5BVY^5G^guSi3@;@V1Lmb{8P~^zT4itQNt@3
z&$Zjq3m!V4^Ax#uc^Urhc^Qg=EwLbyT1H3Stv<2L>$R!$?g>35vXredZ=FW8Q_S($
z`qSiOIi4>!eqD|*JWwahJ7OSxc>B;6?oKu<0BTZahu0oQdp*$eZ54-s>tQw?cnh>Z
z{|tG~1%JqeaTYR;j|sa=@R}4pDc0~F|#fjrKlF%Gy{G0hvQRD
zGL>K#PEuG&vhlTL3eod*MQ|3u<1er5by5WtydzH5{m7cyUv4zg3LGIkI?rWwyIm7?
zs>0HU^K{9V-s0}UOZN+j=dI4Qt+0~2C_-cCTxwHh_VJWenPY-gl{zOOSCY)6A#>_l
zRC5kudK+Q-kMK29b(0jnh~~fJ){eE2G|hiAaM%AOmB+9dt1gh1H-3)
zj>cuS%_sG7?&j+wwMlVe=!}&z&P!}la=q(Tis4Jiy^29ksXNMo?saeT3WoKM`pr*UU2H+v^KkI{Z8e415XvF;97ar7pN*)!=yn?y+gy#hMibBq61;&xKEL;d
z#F6l~fVTAttv$laBi7CHBEhLKa`hF^$Q(2lIq{9uYH)Iz8TtNA*o
zV-$OLgnIWAqU{G9cHIHNKbaMj9Z;+=W%j$O0N66q?2KGuGyQ`IpNmo>=*Hxt&2Xxi
z%I;Y6Xr!Oa(Q2D&eA8_dc1tD}=r*IVe!Y?R*Ol*zx8b5V7Ts2V%af=u~qJdmHYRmDbc*T%d_~3
z6-HdndxAPz_r<;kh1W7M??f}qb1z8*ZtL)QV-)K^Xbn9kMY%a&|Oot2Pd$}lvotREC17LO;(6P6E9BrAOHYR
z>TSrjd7w6%6=XU|O^^68PqLnG$=Gn@8J4Wlul+`&xU-$GnGiAti0xwr5=yw5Ycn>N
z>w5*U3LoDERYp2~egN;i?hvo_L*Y2${aJm4Crde~@{lV;-C|mBlo%Ac9K&89TD=`jqRdy9SLO
zUv~<+`2T;MJrx5Q&vSMsn|K;38@9tdzWFx@jqPS3go{i
z&SkTyOw4|-$`NmNqrq5G>Ol?4gGn27
zF<#&UubAHoq}Z|f@3Da{{d+TnUu05*LnA3!B>PH^wP8BRXI_CdaX4Ky;62a4yxaQ1
zmf-}{)(((cR0~}nmmplj89%_iBh~N_;@E1@x?gEAUZ}P4mb4Md^@s5%u0i#u?`<7$
zXk)AIMAxPh5HAY5pv0e;2QARSk6(giCbIi8mCiXqgTsau&
zn974Sq463XmdilinT*JQoXZr0R*oDE>Ka24HxfYW`~|u{FxR_$-T|H8uJGZ0NkbH7
z1QtKe^B0VPy9!!R?~@ts<4m`C4aBbZ^|1QxVVa
z%_Uh9lfoGdD&6Wmqr}GD_+(RRsBqwzy4X3oM<1k@6Z$hBM
zGp!cC0Xz8_M%s+@MPuPpEwwg_!KNU-!44532@<6$+>s&5xPS?;FE
zzr_?$xz)$>L)yMpp6vo_=6c_4aNI>_-v*93)qs0}%E3#%j4e2;
zQLlYo>G#>QY@m_Wp%-k-gVP@}H<%k`NYen)H$cmo-6Lz&`5yM{JD;BF>4(kgJXxwDvV4)-;IT)MA|;{r9?mbIAyYf$_SwSkQeL4v!z@PR%pWzytAXHv)t|W+f4(|
ztt`YaJKJ>$P^i~gL@z*aMiE{fO{l!-fZClLcjej8eU?>IZRf5q6hAZRX-
zAIDT-(7?33C{&DnL0-=>6LJEx1yQBr=+dWGa>PeVf5mT3eb&*syV|VVQy2JXBOtCw
zTcqx_dk*U3RKh>fNXz2IvAw6&MmZ!xByD#UA0Jd^(5sgIr?>djM2S)tcU+=EWTetV
zM&aQkthQuOQ<*kF^Fr!{{W-%Rose=SN@SeuYV(I4yo!@oL}pH=@=NdQDg8k|hXI>K
zK@jW5rpn&%7_cG(f&$Z^GXb8f27lUlxYPvqM#ev!dXbCxvD)vB=$}m^@6vPU$x2xvPy`PjL)~|H%T
zwa+rX?@@kA|7$!Q^PvBVhW;k;b4JA5hIT(nj2J9ibyW$SLptX*b)
zuK9a)8^n<`TMA^y59=B`&^D`a)>Mc|H0@E>Gm*qrj8Jhi8E#32Bd)e@w^*r@eIhAG
zs(}E;N#e1?LiArL5}25xVl1pP+{}ep*pLLm8Upq
zS9>0szV)iTM^JqD=#sv$cJO>bYT8=gTUjfC;C6A0_WUK_Bl47;qE?$puCNfzO^Fm=
z6gzr!65EANVWGE%_&hL;dvaF4cwn&Jg_aD*H}zI2-c?jN+|t)=P5)vN&o@~8z_K)(
z)T%lfQkjom$|$I~I!%e96J5}MsdA?lX!X^X#>Y&?(j#*|xzx8Jv*MFrZaUpM{*
zOU8<9&hj7mI3QyF&gVoi@Col8^A
z@68MCF#e3aXn;=FL%-6KV<@|ciVE-1KH|Lw%}l$x*4b-kc^$8L;T=Yrkze&gIDI?yF=X~igh
zvfBvh=V15!&((`9=Gz+Zv{j3`>09AgnDj%yT|()c>P_1Io=b0S!kU(XuzPf
zDRQ&C=X-l0@#$Li3-MQ@qZig9{2%KUUpd~%YyK{_1Z)_STd2QQ&s7h6*vqvA2ZRs<
zS$2=`UtmTNCF7Qm0k6;AoV%2=?TXJfM}dhFu5&nkXmXF*;MZ9rz%iA#-gq8hZfFT7o~s
z0a8OW%68kcPucloEtR|%I)-O$9XRJz{r(f6+JD`m;BNws=SN#&L~AOB1{eg1rn{Jx
zQLyO#zpv(VajnUllxNCl$!d5HpNe*A>wi3_$ch(luNywq>J+*bF6zz~UT8kR=n^vv
zUsh~
zT;BGQ_#X>A*A>@6|2fJG1Wj`DH$~*J)Z`LeqUHqN1nL+SNC;gl0*%IFh|L?9$lL3k
z8*43XW+p^sKP7l4Y+VA;n7t&K)*HYSTXn;R5A0fBqni;ZtRGKyUrD|}qf~5-nl?6@)k$t1gchhZr^k~j^tXNQ
z{1gVb(fDuCIH!y7eKD5m$EM$Y;9U{8o?L8KhIE9Da1dyyc`%R)d>(Z~DUv!~idavWhzLHUQNlz;vWTy<
ziLc3f1h=@V|Q+U*6tYtl|HxIUw_w5<}6St+Bq^r-5Ji!qp{q+B+PJaC=*E+gA_
z(MY9|eX-MT6pYQao9mOf0?!G}IG-_EGL$r*tbQ)KK5pQz@3mZnExb<=_poF?dpYhU
zFI{%kTO6T&lf!|yd)H!f#^t9WcD=2u(Xddl_Z6Q+G!J=z>YR+PN{~!8
zZ*+!8`pmyrSH{V%YfR>UJ%a^$2STbr>AQHwaWtDmPbJ4^`P3k#+kHUE9i8K(uRZLQ
zQQbgB)4r2cHtxwsHRs!prAeMc+8p()7_P2Xry*fvR(ts79m=06<5BT0```0HCE4>8
zKaMpWfe{t(*{$PS(xssJxc5)r$feACLWQ>5I=!qd_%>%a8>CEJnMT
z$@^Y#K01Y2k`%^ZuoC*=SeiSc_4}&3Mv$4^)2(3^cqedeF_eBev*1b^d!Juc6vkgQ
z7x5Z}hL~jZMff$A$E9dMoNh*cp>hS?^f|xz?!T=*_`{01PdQ43A97OMoa5^o4Ck(M
zI*lluX0GH5MY7;p#QqBwKD9K}A#Eie$dzv{T(WMa!5^w(=FlrYe_$vIW{S|(
z|EZGYwhoqD$1R*+v`<|Q4?t=U^_QSn%
zJj+cOT
z9u(?uzjK?ADSWlp|Fd`BDrD*ML6l{edG%q(u+DblrU_Ij^>=+hnINU>k5F?L-+zAl*{1mPy;>tz7_SxO4KbyiKsnn
zf29>7ozy`j@g<6!&n9wB1V~Q-^2PJvXB?
zGU#6a97f=?L+Q+Jxg+(QTTQA94Myp@S;vmS2l~hNQ!~ET?j@>5InT=c7JC`G7sah=
zJD1kapn1at_h=*P`^lahDvHiI5get*!ew((#CkZ>ZGN;!%V5(35g3SFU$#*WxD4cK
zcgm848B$vKTJ*d~{5Ut;Io#?-(4i+OH~;oYj&wTOWOt1&`)^+^x9f7uH3#rHaPM7k
z3FnMs7jEGt6SxGrQ3NG%iybZ(ojL0I4Xp|CWSys5^;Gu0`fIc1_xnAyg9U=zmng0X
z&aIc=R3yA8L;ORzf!|@O&MSHs?aRhOt|)$4-&X>PD|&|w6}-32reRT{ErZe{7+#)U
zg&UbGv*63UhEHIrM|oc7b06)QklOf~IH=%vJvxn8pC$a8oxZ2^Q%8TW|6*#wNP7Gp
z$yMUEkfrnWUTkR>njH<&b{~$3fsjsCl&nv$*>^2ST0E18O1;HAM)#-O*sY88DLhT$
z)BzL5foEgLyF{_krA6IDUCHWsRFD+1??B85c>Faj;EIgSQr*s-C3*%`F7GnpUT$O3
zlG%>}Ug!$rOx-0Be&!RNHzLtav+Xxc&&!_N8-VH>QpA1rW~luW(a?ZuPAZ0u_9Pbev$ggQ6Sk0Q+t%?cuf_S+pwos4|{f!)3MI9odizru+;Q(xDV4?|s^T
z{Ab8TxjoD*bhOvOEt}X;tT@@gfD{7v3Q^akETQi%G(OlBlTf?@5spD|JA=JsX`Wyg
zVH?o1I(N*CYdthZVBBsmREMhVmc{#1O2=igZ8mLlL1c2livi?|^oI$piiO?>GA`FC
z<0@k=H={BEf72WVdnbo6HFr-BKcLpO7sqaV2EP#8
zJCam~qVKBe@5;b_fEDd^ot45`{&{d0)IB#*rYv)AtpX!bbEu_55hT+>{Hm*7ib8iE
zO5`*gacLA$!a?pM!T7BpK&vF9!HgCX%^gHRRmKm$Z(mlDWddL(L
z0pmA@?=f!Ae&7w1j!?X;h>9B3c0t_ZZn$=ov7h79M}J2yaH2L=aBaNB_wg0yX+z04JP(7$Y=GwSVFiW&BmG0a%Zc&;qw+2#u<9_c~^evq@
z`hJzTBXglx
zzx{|B1cMyq&n?LO>}AkL?&ZucmPcAT5~#xQQ8-j%!K}?;Y#rUXG*|W_
zWTmSyIgozALjO-vXGDB4?Rex(kpaT(XIQd%D>x{iuDEfd-nc^<+{h?
zIpRcG$j}1nWjzE)ACk1rf*ffZA&RD
z*NfCC`(x1q?v8%8CMi101m5kj2)o~^mqMtp8?{2TWqTa@iA9q`eyaP$rTL2~t_p}w
zBBD^w{9DHFU=5EMNIZsi-9D74@G-eN9YNFM_hFg`@D_zWVtJZ>^Qsa*Z?>_TR~3dz
zxL
z{YC8P1tmHoWPBLQsvCQ^$yIuEn9|_bk(XC@yejXu>Lz`CjBWz^f;R{tRQrRuM(cd+
z+;x-)3DhH2BzJGq-w26_T(9;Jzqh)C+k}Vj+LGqlD(|;BvQ-sW10uGKWDLm&X!RTtWBl|Z8x*Ax7#L1K0Lnx4Xx(DsB~Cej`3xD`L-
zwifAYc~p;%s13y@6?C=vjT`n08FLWGr%k(^Ty)HU|D<1t(f7>lY|2lz6kO`mZySE5^O|MF#HICo8QyLF=yHFBV@pEq~Ycq
zh-Wq5cTx55%c#iB$Qt&1n)j~T3L4?h<&H2XRy1`ZyY>Kyaf?TjrSIDMxB?=`4%yGs
zlya3#Y)0yt?|u}OUXtRvcyiwC=EIK?dhNCstiLOLHVezg#$JhPa4hA0#*8*5PRG&N
zp`81>T#-Bg6YT%{Fw@P$aw
zp&)r-o^}-19)C?SD^Hv`kPLm5HYbK1sAr~VP65XdUY-L#A(0yCVQA(rL?HR`shPlO
z#Sfa#2Rf~LQ-1ER6ysuVT`2-A42kHKJv7<2sv$CKNto}RIL2{vUOr){cMu;f7thx}
zpgtcA0q25LdHMVetja~K0XOQFCYqf``jLmV9rdfv-%q0?u!J60EAy7*2#|VkL(G*gSZ??ng+5anrb
z`7gLcEIJrOmk>3`>=ar0Kw~SmjH;29KC#&Oa-twC`gFPua!0PXT2AnusLV
zZHN-Jg#8*A&%(8-An<>9q7S)hmi>fk81GIKjCH5&CE_vF*o&4~FOCDAa{QBjG!11z
zeKWr^KQYi{;t9x6_@#~uQI5$?VZ!TNQ{}Qi!A(wb%3pyK9UdG^q!lCkx1jovgo^h4
zo+sr=d9v5Y3Mz;a&D9M+J{;1;t>nz|QqCDOnR~rbIXG%n#F)+nXFHT3{?$Y7ZcRX#
zX?FGTbVlFjD;XiW-|%Xl1|!jJjP-QZY8J{gEX3wJ{^#HWK}oBDp(OE$vLW8dtE&mr
zroL+Y%VSm`|k*?Z23k)9xYv8%MvkcJ6HlA+}m11Tk&+fB^fO+xpF(f%cc-5}LTe
z03E;?`+Zc7g`i!JZHKr|cb7EOA|6o@jOMO7M}G4^n#cmo<#kg63s9IYSB~z%la1D*
zZ%bUo#JxPC{A*m%QL*1r`lZ}WwA}GUBZSQuPD|{|IQ_kev1unhw3-@Z0x3_6Hu^?+
zi)N4wZ~lh=GRFOIT{tqnBj>}L!_&ypCy!_h-k$MHWL}!skTq7@!
zgs7<9($TW*O<;scO4Fxd4zM^Sgh3ZsfMmzyiL4{lYqvVd^hW@$Gd6!UQcfTZmv3dQ_)u-)Vd8DcDU{R!LX;w~f)U$0
zK7rMhkf4s~f!2%H<n(fEe-O@ZGnB%!M*5+x!7l(EH
zR$H-g4}8P-_Vd;kOeSE!zr0AgUML^FI-wmXdxKiFwJ)*QZT}l
zQ{xqq72>sejAKBssrfYkS5YLL;exX*x0EmIHTrlghy!;_-e
zgk}NrD9X|m>`S=Kh5omevJ{FV&n?ABVxHK@Vs@TFLdnFFeH-VZGq2`m&~;C3bV@x>
z+PJ)xy&T?L6yJ8hwx2RukNEH8QZhWz3m|7}uRcq*Iu}3QU{$JFvPu`ho2l9c&%u%ZM7UP4_&LHJNj
z<6fi*u7)Xg8iB7@tunwZn4F~dbF_PhmozO1Bh6TlIXdWhz8fr%7p!hYKP{PD3{$$!
zHuWcZq`ZLl8&3_Sd(Oo+mpdV#_nE9rEwCh*_=j7|p
zLV;lGR3(la`(T+h+hc`np2)YNgPnEgP5WPOuAm*4U+MRq$==&vPdsDZ2O^l1r$4lE
zIa+$aM$u8RREzms$g@LF3W^xUW2n-9!3bp0nBlelGgdMiCDz`iGS`W&Vvm5-tA=$N&)bKm*}uj`Cw5Zt@28$U
z0;6SCRf2mYYS@2Ezp?U;`6zIpol^FGo+#EkJ7O#iS*iP%R9Cab0hiw70rcB{8Qqt-
zuo&*8=#p_eO4jecdB|?`81A|gOl4S`yjg9d=$S8I)DL(Hx>EBJ7?Y)DO~Ij58=-uv
zPyB^Pc1Xoiy^
zgu{U<-wK_Va}iRm>?s((<-81O>4-9G*K_&E#qKq1?;yJPkZ1Ir#0{WEs`GmW(57beyKq=)~sD51YlLa*RLYnK%B5IPx|
z!qNAaD+SYfJ;N8iG(p>qYZr^ID%mLcLtt-3++?DueS}!?9>~W`Bfj9qJ8>l@^?SwT
zI1cBA>+G}pR{
zxPQlY1R=)U%Qw8owk*J&NRT8T#p*x5?110fe
z0ShsdAv5vAjs{;EdP*P=>330ZG}Z5);&<6*d`*?cGy^y1oq4_Bx5YW9@pf|uEpr~n
zIGS2-HE>DV7ld!G!QvJreNW-7J=Kall$|&s)nkNcf?T2MJz^%aFQKUG%I||~T98u3
zN@-|PDBG&UONA%Nr^duf?hfTMn1yfPg>%r6whF_=UxWPu=7I!eNE1uA;+HIM!8MsQ
z37I{8%JgK7&fBBvgrjRRClKbic*QWL4k3VW)pnAC^MqN+OmfZ|FwL~X$UPNcZG$S%`d5H>&^{Z%6ti1$l`1GUsi1-3{RF+%P5Taf
zIms_a1_;q+b0)N3q=dEkH*7}bc>KX}+C-Jlv*`R1>)I_#pM%^5G(;9HJOGuINQED!
zX4G8U;eGFQkzW2V4%!Ky0{<$&In~sWn3lmGF0yQaAoj0l)j4X63jZ#xd}JC69&J$ghoDibHQEhCnZoH0j!%&bcnfmQ!iw|N6&8xSe
zdp716qYaPIl%0fxJ$UQZO`_#5(l`#$1*G_T5sl|Sd(CT2tI+k%E=Un5>
zwGhs^q|_ETo5x!G%iQZ2*IeXi7KEej=yDC|ev;7kvRdR?z@Gp--qgyrT+{K9KM&1VdcmuT2(yOq5
zf`37$^DDiU+Mvx9%JXsG9gXTnBi{9F$b5@9im139xTomUE3`0lTqe9~C%4P2WdFN-
zsupIr;rs`1IXCGz$T`k3&FBd`R(gVWf8kcFPN^L&la6GJM!oYgwozPsAT#<^?&kqx
zh*-_XDW^_=5N-jQ<B}&b@`RHiG=qk+6o~
zesQ{lK3qf_nY^%*Qnb&&=2_s1
zMc{hQUH-lY_L+X08O|%u;9?z4A6FLJC_#Rb=EMi@EXsM(Iv*i#7NEKf5=Yr?RLRwT
zAeCEs;qr8v24?3~5x63B)2Oi+8+uV}1o+~h
z;V0_LO-yw_K^eY;8}z<;aC(R532RRnq%MeX&;cD`FyGmWf#`j3`Q_BK8DRc9Af8^(
zM{o5G#=Rqi?RBj=1m5hfk?4j?q{v=AO^TlrLNnfR(p1^{FgAXbK?(-c^
z3nm@}{%tZ9sQ~VpbD+n$n-hH|8~%*Mzp8OfJIn^KS`}HVT|~sF8OH}_Ir<>jqhFmZ
z-I>o>o#O!0V+5jLw{{oatxB{VTs>qu54|TzP+9aNX4z7O7Bl}T~LLM%owy|Ho6?*7-XA;~$I47aG8yUa2XLd*4
z3~-!$pTSr5F4y^FSiJFyY5plEYCC4n4cd^{>qxq}Ti(nCke^!QhepAR_Fs%(2L9{J
za=g(rV40{8q~)Uolw0g%3ZFlH+iLahZSnZA)`+*#ehD~vsCamnZ^p=vUoDbeEC;aK
zi%`5Ks2z0YG!TR`J|4Nf%A06|$8=kV_UUI`OsU7&v!FseUdM|Yx+gLqnB`=>Klf$m
zrTn^nV=hbhMHmveTUNa>M0*+XUWGCqbFY@xpM3gpaOQQrqOH|OQ#Nr_`5nl^3IjHiiUVyz|bPb8lbaBy}R*3C)Tz*TGVd#-V97&$tdenox&R&g)jaL1RZ`i!O~&&
zNS&3g=}xdh6o{@PWinxTugWNWGa0roGRQ%<+NeyJD-3Xxx_)sm_HEMX^Xrq{E<%O`
z$9tCoPK)u>OPNX~OfTiI|3}if$20x@|Nm2xO7SkCoK~q+P9f*RN+dZ|az0EXw0aa>oyN~19SvGiEC(5#R;s?miR
zfdz(@0R8fTYI;RAh(A%x+ee(|4-OXx{IjMuE6X2EguOX}omiS(f}X`58IEk8dT@KV
z?Sq}}W-7s&cq946t3_&Sd4+O7NJ(-FGQI~nsFuj0k9<4i7!Fe`ZsK}?GM@X7EAuoE
z9(0ei9FfKU19LAGGd}iY{*{fwUX)NoNB3Y_#dk$eYGdR7f~Iv-8K{>HTO(WKx`fGG
zm7Jv(Gslxi*{&hIJXZsyu$iPSZ{XpE>x=&{2+8kl5zy7ge0&
zD+4c72VRIityM7;tx>;VRzU9O_hpT~r8K?Ts#yObdvl5Vb!gGZVuB^>aA%k9a)I7(
zN_X{a^-z};l;$$RpvKJt_J1a9M@uZL4#ECd2{K^XM+U909py)31o~1e6tvqlXo(Zv
z&?%>RRq*9>`%OqCIGsgf(=ffP&w@V^@b+ys7
z>&wZrQcCrLN0tE9_r3yk(Bv4zDc%~B-Au8cz7~z-Z+q69|5O~KVgmM^?a|I30|Jh$
zQgapl`b?=`uIw4)OV=UPeVd7@8Uh4&vATj@>>{Assd4Rfxqij#qwog=$<2I)tcVZ7
zovM)7fJcw*WXP%e#ufF*Fho|L2E>ne-dR*(?C^JVjEYK!sa>d(
z48~H5VOwfJ-(ETHt*nDxDt2TUKe7cw{avT8u_n|y`oH5qUtVn;-{<>N&=3Y*9~|>IW!x
z6BWNv-(>%f9@~yG*}hQ$wMwnmbQe1ht%||%KT~Zgkq^G4eYdB)oS>o88p1I|4|qU?
zoD@VyxDr1asLhJ-EY=$ayeIi!CPALs)-48H15_#VU_EysjViD
zr%*la{k1@v{0P?5#1*kyb;RaeXLp~v|L^iZG{19dsItjtsY^!hWi}4)B*7m|LIrx<
zUum0Y4Tm@Y4m@QJ%C29`uQ4~LT-%H4X_nY+67Ev?DKtvvo;Cgs%kQnP55lgsdl|>+
zV4sX3wB)N9W!rSHQp7ktesUO*2=B}|?6(cR-})$b&LA;nEtr!DkmTV}TjlE|c302G
zy5ZT)de_p|8^aY=*#cLG=}({7M~!P
zwPK9|)yf#Y)icfUQ8Lnfw{tV4KpL_{-7n?m1lV2oH5INbb@-&Xy>lz
zUlGsR`L7J}
zs_y4x$b60*V|;xs4%G(L8XBRYBIU_kB5Z{HoAPULnq|!F#g>)KZC;XwNcyiagCM}*z@onpI?*v>OUrJ*eSRqTK_BS@&>pVVJs|Bw0eJYB{
z@|ZFvbam+2-3b5%IjCqApACIgywt6CLI1FeW19A>skW@!88yBCdyTx5md>w&50F<*
zGG=UYOdm=l^(vU=18T%n$c)QRr}^+=F!*Oz`+t5q`^4LmBBFe-hkIDGh*_TqzXZnv
zy-2ecA#hg8cjjV)szuG9$@njFVo$K5n9@a#m>-|t`$UeLIh4-6{LeZX>Q`JX9vm5_
z?<=~L`isv<^3ygO%v)G-6C3#0LOaxyTJf$lNzYAV4GNu3czx7URO;>_@a2tyG%92D
zN6Fic8~1B=i4J@ts+SBW>=vj?45-rf$^koNb46k^_+sSPt?KN
z*WG88j0deQ;>|i(U2$S-Hu8ja#E9wx$zS#!xv!0!u!EaMP`9nGj|=W>{wng?dW1gG
z_n%N6DZ~P^qvU25czt{v#dmSHE91HLIjn)y>xl<`+3^EOOPEO!?lJ3R;g(PR5|KE)
zonX8MZMasSJ%i%R%$ZW$Gwkkq@d>S7^Q6CYQC7+2eRPv`{%3A^^**Hd
z??D^qmH&2Vlk`Yre3kcNwqQSIgxh&v^(yl}Z*h#!2{4;WQkT^RP+4~(rvnautpSfi
z2PQ0abjd*B>cPd(cT*taH-?OETJ5g;ozakj&JTPcN9`lbGe6i(vQW4RP=*PXrNjQn
ztku20rIJZvJ#UvEF=lYWh{$|3E~$XWgEv&K+1F+{y<9xplvdN@7(RPR_S?hqS;gWE
zme+D!@Xd-L`Tv~yjjqnRUxr=M28R}?v)=WvWLw3*E9twwOq;jZ}5@QngZVU1RrCpI(_+v
zrX4sAQpguanym9?OmAn#!q*<_i{+W90h7wfruu}!e*y4$3AiKgauJYcNY(7+=(`?#
z3yw8+MfFpU5WZkLkKRKcThZhhV&5LMCL!}kq2VwX&h>LUY9|W)^L5tj9p~}?=wx1d
zt$d`>GXf@+uZsooKjc-X3F5~>DlsEkfoMaa(W|P~e<{||ls^(hj2rLBhEN|VCdrjf
zYFPx}j)oM7Jp*rmGDmMI@K6SmwB4h)aiAHn4}8Y9nWCI)>G*pSFxy4?AAhl`S?5u}
zY_K&buDLhqe|G=v-JqqSY_2ZNN+byDV>QwekBk=xbG?TTS5on`Y3OF$@`y;RA|lMx
zvn$>8{{#e
zsLc4K-R6J$?3?i%Jv>)dvQ4$jGEZi`Wr$xCK6>U?kSvN$)_C<9N4i9;h}yR2PU^@G>jhNZ&FH(>-?$aeZ2Fgn2~AFe{@d5$u$?|Wpuaw^l=6?M3oD0&wC?jbqAbm
zV~735q4>}xw4IyHmX2l1!oN*S`g`F{@~fv}cgV(CDjOU#!;Nfm;wQ+7vT??%yP4dc
z>4!DlY(d1}62zT>sBHkvx;zN4M7r1(>1+xtv!E4@FD@#35p1mF$a+Vj$O1bGp<>d0fS
zP4SDH#tt2WH(5R0Gk~bzR)bRM?h>m_ed=RBhA8$(ASg1U`dM3uX>`R<)=I9);XA)<
zDMhl=q*mk*s-8}u?QlW5zAFzQcq
zhuwWuvgTDO6~1%2GqUlIvw7I`
zQNb@{knPf>@~Vd+8cWNlqm8M+F|%hEcBIuC1bypMf_iA>=Jb;r2IbNuSckGPT$lXZ
z%+bJqtEkdBYaoc7+Fp>)3!;6dWn<1
z4qgGdL4x&NXK(koyi6}TJ5T6p4{|(3cbpa-jx7It7UQT&tJoxSn15`SP#48H!tm)|
zd`NFc?blqH{+Q1it<-W@&WW7kr(%97AFO~S9*HnGhfw=Q(j>UdMex8}mHlByhMK_h
zAWbQi=7pPEgG+AU#9BRM5n{ki7LF~U@YIj51;z@VoUJD|#kG%qz#RND@1_6r#~t6N
z{Wgf-sS@wSCrF>?hMIqHW~85_cq%KM+`(KqDEywK9%L)G$}iCMwdUp%=+G-N6x7m?
zS7E-B?!Gn$8fAf_E6zzTz{`1jfq-Mlr}rh#cUv$&OAUjLrzrY|O9aR6Uovx5DWBu=
zKw)9avZ@u1r`JPCP7LyppD`
z#xA7&uL0jA`%0HEqFTt@qYE9iU1D9?qk~rf
z_24l9CN4L7G@o$q9Oy-Wqp?$LTINgt2E0OB&Y^|0Ir*DV$+QUr-8TAos8^UaV)g;S
zT!H0y{&VU2^H<$^oB#2^X%=KX#R)ZMO>qF{QkfVAqhU)uL#|jxutAOll%E&!f0Zp`X^;Wf-`MS4C9$IpvzNn)~_@J1>
zPl<~VIKv?7r#)7W8p_MaU(b@zTF4P=CM;l&8E>JO`dJ!5HWq_&zBEw7o-yr*zSbHz
z^`jwzdMbLtXbX3k7uSA?RH0^19$_^;`L!AbC2fP28#5mj@0hS&i-0WufwLz_VdW`=0W-o2S*&t&pd4#cGTvt2<|0YiD|Ct0
zXI?_b#U`V_8PgAo1KV9HCx6*jP?C!3&_HM9a0|QJRROZIC+w44;~V<_sNajdC#>ap
z%f9R7BCp`fInF+-UQ8lduNYB?Szh+6xFj3mMm?nJ+|VLY
zx9`>(KhTqu(<|(f6>o9|ojF+GR@vWqJDMjXG#4D;Qe==gRWU4y)UA~R`G#E!T(h^r
zq&H-wf*X9%ptO@mGl&g
zACm5|{by)PVyXyCpxc&!GWh2e)3Rql3->Y&I!dq)rXlS0Px2!GRhl_y>m)4XvHzBd
za-(0gaT2X~LdIc!aFwQ|7vD*Fw1_yFfNg3w7_F{_M=cL{h+?K1WlGsQgKPLuR``W&
zUjKcV<>CTj@~qna^TpbBj!Rh|%FQ6HeiCzup0T?n)73q3r^&+dEKz^n`fnm)K|T5S
zmZ-?j`Rq|TpG3YW=#g-ppJsz;B3P%sEzf*nnV@T}AuX`=##BcZVpNFZbz0yZe{prH
zPi-KBQTXIktBJ&%>X%7`jWAiP9@4g=!8TD7ezl5vw$_?!n_Zs-Gc8z|opc?g)LZ2m
zI08OKd$F~O)4d?MVWCSLPh!2e8SsMki^4B>&oK$B3zSGB=b46cTEe8{C
z*uW7kE{k_VsL{4(&c|9}VMf-|^RTm*wu6p2I;TAR`a6I>97buS9Zct_5w{v8H&m8a
z@u(;=2!2W}VKOR?%tY-uDGzlV;oD{Xqxy4Tys>^mD3?(1u(245%o|T6_?-5*)im=p
z@vPH(B5yzMg(10xfzkEIHa~yF$SmRqQnA5hRSyrS7}nsNYH*A~^ZTZXg|z1pxs}(o
zEN07@x|Eom#T=s}2!P3h)tweanQYx`*LoE(wo*we4#CJh?
zZF-U3G+~2F{Qi;S*TDK&Cp2dsPKy#>q#vKmjAs4iyJMQyJa6%fnjemhf%)BFl4`^m7nJffawNEQVCn!$=}Wuvl}kiJWi?osfH7d4QEVk*@;
zjzUkqo+VY}DU$TZon!NDAUI;V2Uku8lkh*wZKn;qMq!f7lZ+9U!t=2eori<_ZC0t;
zS|1e?h(brYUoN(4?tSfuFszeAC2qy}3BXwDkp1`fO5>O#liqYC#?2n6w
zEXJv~n*$Nsem5g$i*qBQqM;9$b_~RN$AZP8^U{
zueF9!(vq^B@{f_)rku7_~jw
zv3MiwzB+eMyo}N1DwOp@dP!U3?6VQOm3b|r`DO#Y8Y_XbRZ@#uT(?Izmf1t
z^)lPO2~`=k7KDM+{o=GraLZ>A%9u_L5@9tn6C_Mo->x-z{2CLucuS+h)jg}mg1oVL
zyxUotv9EnyOb#wfqV15F5Mjce*dUAx{ik9@6sOSYG!{$vB>Sij
z!J-Zfyyh-#f%yA{hM86Cw&y2xm$WR!A%c#e&y5IAMk`%+^h4$as>oi8pjyzk7KJ0l
zeV5pMmkaT*K-o7$Cw4aB!Qu25vHOqXeQrml!4truhniG&j!xLS{I*Fq(fl^${lxRD
z2YF+Jmu6z*j5E8LPPF9eiZlz)Gs0MPw~BgQ&4@rJQglK0l;Lisr00nG!Ed(W@6fLQ
z&AFRM{dnkZ{m?1qdFqweVAak0bV0FwhW}5KxxfDB$XXHjqRCGG6|V>xyaXzx1s;j#
zUfq75Ca8Iafml4ij7~|7MK)0YZm}2nrnQN)N(xKLJV@^@mdG{dT_?<a
z@Cvg3f=k_3U!8sIw`LWqYHL#Mts+Ut)=Qdn0`WTlTOZPs(Atwb4{Ni#Ju(U?yg_54
zuLM!x1(DY7vx!UiDnS1m;IK=vSr~#QH}Xq1f@~l3u^<145bb)I^fh)LVq<^jvj}(1
z_-sfU?=KVCHLcgSJ6inDk$dCt0!2>45<{G9CEl9X|Ep9fNo`Fbf}R)QV-$WjeUd(7
z-$t|tH|NfWy7TqT@bJFC)J77WC;Zey`_0|rwVG^??5`x7SkMu`u#Eqzk(dV!KMDg=
zC64l;?>xcZjtqk~Zm6GR(jOh9UJM}0jkKw2^jG}KxP@
z_uQ430Q!a5LaYuI@T+>Aqi1z*@B7WM!@7wn#XqsrE{<2QXauW8~A6GrKa
zS9%71#Uv```bl0F3+WjZg~`sA(xJa#pkMzSN;|~12QC@&7w^ja+{tCXUKDHztQ#Dp
zTV5kQp`}(#Hh^A-be3=+5EOg89STErRJ<6S~g`V?L^25}qOMpdGQ9gMDB{
zh-{Tuc$3;3Y>^Ye;8GdRlG(TAWi4q5{_KWS-D;D3|^a%b7KdE}SJly=q;J`F>
z;MZWtJtr%Z_pC)@D^I!D_gkA|MGt0N(b-%XvZ0>8cT9S4ZMajc?LNd9x#0ldKtR3G
zfpXNP46beYdR`>E0i^Q}%L)!zk#>aPA3VdM*%?rK@6~r>7S(IqxI_a`ElZ!e{b(Ia
zGTG*a_5Q@)Svn{+er@mWh8`xKJ>H}K21p*%S)Q0vHu-1wp=t2{Fk#sU>mj6E`H_+hsD;UA3^ik%D~U~M_G?~=VF5m4TOSt5d9%(_pB>6?ABz_fuzD^
z2I3qkJnGnpfV+{^hCJH0-O_)DdIC%72Bxfef1&%nU!K~Du0N0`UHvWTL*WdC*Dy+a
zDLN3=&k0W*KT=DiT;D!1aqJOx+5mCY8gdCPZD$dgtIQFeF!Ph@k}3OGy7C{b%3o06
zEO4Pd`k~;Fe(pHH51XROs``ljmk!;x-vF!W)Gh&md4z0M;unSCaLxFpA3qetG$G)p
zbIOf7!Y?gg$8zGk8>s${Wl#NR7#1f?8mFqRF~NLM+ZAbsZ(jBwG6#~pshByMix&<
z#Ep8%%Lg}hgpW8|sZM)1S==e8_N^_+-uF(lti%jb<1^uZ5S{w^D}
zK1l6!rOxU!6Fyr_?$gD}KqoOx?}O2P4(Zq0{caOi;>02+ZFM1m-K+<*?71G+`=sMB
z5#g~*Kj6((all@LaO9WO9reeXab4t2icOb=z@+7|;@~zN=!%}$58NMznPc?lVuz`J
z!pU@ypmp_oD1JuGG+2)>~D_wotF*os(vd4OGE#G{JM2*Mz2w!@W
z>;R&{cr`B$Hf=sV#7Xv?7qr(Se}J9TxUz`gdgiX?=CyN*t=Y&H%jHE1un3>3w(l-o
z#Ty7yBh-32Ko2blrhQp2n>Up&5iS3aLQ=YB#%JEFQ@pT7yd2b1W#;$DFFG}h{ckc9
z_~Yz7f9T~Y;0J_&eQ!Kmlzt74>1I;M8w^)TQUxj3psZY%p5kOTDeT2aOW`0vCAW|r
z^;8E=0y`S{U>iI_)pnF5nD1mURHg@G238O-w*63;;U;CuGTy?3&Pe+thB
z4J9snX@qL_6#C5ZnyN~caVc`GMge&$%{h)+(o1|EH0Xs1{nSex>9<2>nExZ8UG#$s
zFZ5Q#l?E$qMoR=9v&vYbvTKlv0*E;J@;>V8S}$(|S2;?o{c7`8e7?uugL&E2Q;7-z
zQrGttqa<`#))VXz@(uCF0KEh^_Xr$ghmWpZ;117IP!G|-RZR8bv-Dbr`Ro(yZp+J#
zsXVe1p%hmnl+L^ZNPEWEr{D!*zt4<30Sl6-1Hx@M_2-{xO%)SPJO&ZKlLf2#O^IHt
zQ$29rMaaBcmV_Vbh_4br1umE+wisOK{TG#D+e=M�=9^jdzW{!CG>4v+#cm7euvm
zV7rNEvX^T<;b6ZNm*@4V)e-P~Gpxo_@fe`8&?~tRf}EOFpIn2W_DNL%>bC-lNelj=
za0>hgGSAgQ>1x|Ok=c~5N0i&fzSpE!xiA2etmpP-V@%0K&f`iLyRZim6N6I0)6yI-xP;_#~#yW~=ybGAvt^1r6(_ImR5UlWuMCsZ@RqDmCc@?bHa+
z0f>8cDAmC1zm8v=Y4krP+&&h_`9^HrgUA$;D!=AsIuEBa=7%sPLd%fMg*x3eWwffK
z=S4i%@eYE7B1`)WCbzjWxn^${#i(AuHOtHdHl=pc!%<^-jxIC7nP^~m6~OgTs*Es1
zv9EtYa@;y0EXytEA5`yweAV@h11~obVsqR9e7Gyy=kCZ@UC~S8Wb}@eTk}x`QC8hb
zCp7Uf=$xgCMvEXTP+?ulY;C$SMBE5fCW`=ceUQanH+?OwouIz9`%DSG6_ep>%%`YwNnDCZDDUk
zjtj6f*z&2th>~?MnDc*9P$zYp!bVS-vBdnvT=R?!ht`5DJ
z9Iw3kf!(@L^L-CJw2N&UIpa!=cX&2W4e#SwXaM@y2)5aOx8_L;td1Q
zvnfB?HBYxI2i8%wxf?B?+4WM^xQTOsu(sKfhhrBs
zclCT|#rGCV3OqnyVXSyy>bo5+e5JS+*sO~*e)n75e!0`3xIk|t(A3#ifSF06kDx5>
zBke^8Xy?o%fUco}73>+(LZUX%x#(xhMbrB)ymhY^VtjqWquL7J!wh4lL0+j-4+P7`
zgGfz`FXF^DNca?@$QBjTegcY(j-Lvxn*vsFvR@@RSx6b*pbSQnGw-w-L@yteK$eZv
zDi9I`^(WhdeX1B&@u-#_{uujT=C>blJxdkf3^|w0ad|e7_E>G-^~8v{k?a@Tr4*Cl
zk}h(*PWlu|-Uw+PtBuT7?`#t^Zg%_53|?TD_YMDg8P@=#NACu_{5Y*jp8@I%q;?Ra|?a*LN}^mO{XGHChVR*g44H4}ME#
zPF}g3u36c-U}K-xV{~ePq7!OeGQQFvlB8#lsDW6TMf_D)s2rdch@cMnkiw75mr>6hEsOTrZ3Q
z_GBqp{WYE_Lg!g>ueD0L5_bfw%2%AeTE&y$Udc>b6I6uXjC&GgO+hhbMjLgXLW?{%
zoz<4ObnT13$Va{7UBGJlq*J=oQa41_SG!;A{uKnOM35NW2X!oG^xNM9>hIn!{HhUW
zi&=2LVDddQ@J>ASzW*LyR1wy%Z=a-~KH^THU>$FxH_gWxA7ZtXHkiNGce-!9t-X7gw
zS#~e4i`&mDzUUmKchwtrL&1O-JgmT*bWp0~IrVv+cyyMg^%P$O*oVMQw4<_7$IPfh
zTGl^2Srzhr=eiGBRF}Fz}$kL8n>tSHIalEvr}_2p-;oQFD#3^POo>ys{F3`(uLTe
zotZ=U7)53VK41|_;?+I#1A^C;_JR9;rStGJ!tmf~Cz9K%U`>
z)IUU6*hbdUOguW|cg2c7vOK&=?SU!%mi@Jm`0kQN+@Q(ejcA@u6kd{0vG}e5!QMP#
zq3kK_@jSw%D`xBfvrmY>P~2B$GrL%U-jwNf3L~W-
zOYHHYx5O+Rcg1h6deM-|qRe)>TLt*mp;vkc0(1KaWzE=KQ_$b^^|;qp&2PVXCMm*B
zxjyMlXCUd3Q&Xj8JtMT&cq2z=Qco>U49)acC#3n3ANKxi_|_jZ{^`n_C(ds67-{7Y
zGgZ38A0WB1@cO&4Us2c{PM}d_ilm+N5oVmOEv!f4>lCfm->Ed(Rn61nU~Q)&E*&9O
zyjh-k11O9`i|XQ6-l?)J*~b4h3UX|JY4M;mR9D1wGiUE;>6eRWgg-NS)
z8WpQmPnFA*17ENT6$w?c`HPY19OXC=RR
zm)m~V4!`{7TUSiLe*?u&-qUVfs`g#HDzsoQe6KxxzU@6*?O13aYrEr+^fnZwWLJdT
zZVUBb&OiPlOn>f}T+^UABhl5?;BtceoHF7+9&$POe?G?N+}diY!nMEl{os9k9{h5P
zWB!Ew5$jS~O@dd0>{RJM6+7h;(d%YTMTgZLe@g!iS{vuL__bf7Je29DP02A`R7ohW
zhN1i3^LOv;Kf&`bKmF?qe^2V|Ss2~0KMj{pK)n8+YU!`@gj;hutwv#+s(XBMM((+E
z4+)c!7Cu7UqKSELVDYDmn3Q;oAf;!D*6D0F*eYJ8==g)8-w@s?_2$+wvrcmA0_0bK_?!er9fj3#u)adHK^DYV8ZQ
zFC1yOf!+)r_krk_a^<#jD?qHXb`pjGVh4?rPSQh8_g5EYU;ln`;Wjqb+e3WxJVspB
zE=LCU>kkZjd`T!l?SYliFQ91X_CMJ5PUyFYfcC$Z{2T)RbL7yv>B7>opkH?u4e*WS
zsAx1tuTOR%CUW~!QUtW~b@7vUO)7>zS8~oMr-WuhSGXQv$>q
zv?kQf3URg|yQL;J+24B=U%%^2-Mq((rvLk>ca?k3JpCr`N}2y^km~Npn)=Q&`Z+sl
z*S+D-*rL!V=G?4Sj#!dKyz0I8z;*7c$Z_&duV))-TK+rDoVF0@kpl-6aGmG%g7>Ud
z%H=x9!*QLk=}+YIzypLp^Gx%(`s~?*$<0%U0E7PVzLuCKyr&gWrU24{DSC83z+X4e>t8^88+>|#YhJIP`3ec_9}H%gaK<}#MK
zIY(B#Ex&2GLfALS^6T&xmC)aQRm(-KKl&}W5f(=BZ-9MQn9%d=Q?!_ZMpl{ov6J3%
z=NGSiZE{euEfxidm;ze7^`
zrB|QuVB^I(=Z&PEH4O>vPo8)m8+U)FIMn9wan#*4-Wse*Q<=1Ls~Wlr8_=xjH{6Wo
z^5%6Qo*ISx&*Mare($}bLH~$H!kYISJ3$RCQDjRVZFX#pmAn+P03DDsICR@1Ylmho
z8(XA1v_mQ4s~3-K9l60WF-pKlNeUF)neOwWp7!+(P;VZV)*i4)|H>P^q6uwSfVS*rtzOroOS30*bq?O@*>Yge(ZFnaLA4?k@EfoJlJ
zC&Eqlw*9Y6dWoFVk!%VX<@iS9`o3g=Gat_7^k~J;yTgA)wFM!Sz}*WMAq;MmEM~G)jr}VrHs^fne{X-+)0vPNA#Z%AC@^?$~M=Cc%Eu^)`Ie__EIWg(eIa*Q7#
zxf{%^<);)(H?JeYx&>Q^+X+MXrxwRbH*$rjZjZYE;!yIH`jCQ$h?)$O%LWI44YSbGQHCQy76k&-!$
z^1HD=i`D#ggW^}Jzsc1}y{1*H5X<|r+?vY)G(c0XxBhEvA2crFsQ^z#*Vxzg)`ne|
zza23wMW(bOmEm~muEq!O>t
z7~!6{gYfpmo@2+=zB*o2W*Dzb{|VrNVN-A^sT(0H3WY1e^$d9TLcK$;^gXXU`%t-k
z=t^8XCk$=dDe_PQZ_e?fYF~Insq1_~yk-Rp
zJW4*)#;|+1vI+J%gxlm09#M8f&QRwX4f2Ml`5c+ksW1g9J-D;#{osh{S=5lDl>$eN
zFVl_n@X9O3?xmA^<0nu}jO#i0v2Ok4MM=5pMT_?a=^8PvoIzI-Kp}-8?3vnvmb?mG
z$1M}kDOO!A^fUXN@DyuTmRYgSWBEqu
zpUa+Le;F|k?|wi8K5n;$9F8ARC42`!P?wEM
zG{udCFHJx0A3?qP`w2I?Ck)4b+eCD1k}kHSO{|G^bBMHSp^{XB$;A1X53@vfr(I>~
zfW!0~aR->=yyQhxzvER3jsDo=&5?RMo@r7l+e7uOFPU$!`7|BAtML>wa2PCuv*F+F
z*{s>US>raMwlNSbV%uLNgZPqP{Ooc}dFnC=C+`dqg#XMV@=u2!0C0lMQj+$Yw5%9E
zJk>22?|E_a@z{jBDp4JO(4M)tbUASM@D#Y^Po36^>L&K!x`JBIfe2(zb%#j&F>
z_!~D$vm6*K5+5q8$UyR;Tvu0>e~Ui9zr{Q;T=rzfMxP4*tuZG{Uas)l69j-~N{T~-
z_e#ZgEy{#CEBsrjlQ`bYRN#-Bjl-3P!AWYTn|5xEP(6d%J0E`fZ=)^6R_Tjsg~{?Vayf;l^HX{IV%=_YUh>B7q(J_#
zxCMr(=g@q^XI(E-z)6&1)uiOqtMFVC*tYh(@maVWNkW8dD1XNPf1j-N8IjIFZkCgN
z;hdd+O{{{g0h9D=$ed9lEwmIsTG>q%Juc3TmOCQL4&`VGdBAaM?aTsH&9kuVOx^ff
ze?@m-V)0R~jg$@HBND&KKRAyEC(|T0gu54nYduy2>TNE5S=S8~Dc|0{dS-#_=E
z@4+i5gr7gXm@L3pYh3-s)`VkZ(!ev+~!`Q~d1qj28+6c-_XsrU9R
zkgh@m{V-%Z>w%g{`IGWTg1r7Y{Z
zP6azQBY>C*Wj5oULeVnW9v?moi|Mb0RwmML!
zq8N6$X$@4lC{2tue*Rfz*((B3gr$vse|Q4DoSUJro~Uq$AZy47Eord4U8kc6B%gbe
z+6=>-klV?`_^BUG4gz(*uujHs&3VB^d)>j%*51`w)xZwlIN@O@97dg36=R+f_-7;4Om>uvh|DMU)(R#^z=xFScf^K^X^9{!ud-
z;`AGl(q;*mfW9DHu}SNKhuaSukhdKgAA#b@5v!9E6GgIE}JAMBMyTU37bZUJw;jXo<-)uU4JL9{p+pRCxO_P3y
zUT6c{m$;8qs1nq;z8BbbFVLez$hXr5dbtN2H;Al{7uO>ACt(o{w**knmfZeU)J=mV
z+ox7TWhcEu3q0+jTx3tC^t=g$JWlONC{|j{J4C4vLPt{7o`{^n^E%fS7A$K(ys;u7
zTwfH^CQr=Q-tDV80=a=oCr->aU60(p%;vjL_bPIA^*g?)A&PL|jyN~k1I=MaYagut
zKvEJZIoLrh|2v6#2)Zk5U>EL`cad%naZdM148hFbhr%X|1hb66Hi*2u3%?^-TdTy!bQ$Oc&we@*4Koxu>IKw$!
z?^m#s97LGBM~QfUJ+p|f(nstHLYI;)4c*n_ciAoc#4wc$f$Q}G`L3p{$r|0lp_C4v
z@+>kgVM@8-^jyhRRV5Pa!$M=R_P|3xj?Yj6YejDLnVFRRD`|@R{7h?~O4>jdpi}lB
z?KSYFS%&1lswCl|MYcb#S1F{yj`_Xog+?%rtENP-X=?)^3o$1IcQVs6+B@MkcUC4c
zl&fKOMc&jfA-`LpS05?Zrv-ZvW!Kdi%i#aAd2ezwIN
z^IbiHacaCr(Ya%3Tq!pPYcSgfR|h_HQT^4c%nJcG549It1ct)Vxpx$$;;(O^$lWgN
zzgl0anN)Yp-{qBKbm%#Zy*72d_)6%ngT}3_y5Cd5$5M>#7?uXr_`ug8H3aT;o88+#
z_0IV~+*sXYPc!V3T><$`0ojq(Wqe}m&z+rflQl0V71Fb$m!PZCT7sr+2rplBms=Ir
z*w8q9CPsBqUvUn>t@5PW%#1fC;sdA|?F9YxsDim^6i^Ead4rBmA#&FhC)gtq&pvkJ
zxM7Vyy@+$qHebrfg+=x+IGy=&TGVEQF4qB+iaamZ0=c(uvkx_d<2zO|8PM@I`uNK0
zPLSa1_BYtbDU(P{8%n9#389A%A)&x46da!8e7<~LwF_amIZ<%L*5j36&(6)XRzt>z
z`3i;hs`kH5Z6h5(A*G3ie@-x_UoQLXb<~$*jJMA0O{Wm~{2rl%D!45i@g0ubZpP~g
z5%)7l=tNR|IU>wK-!YHYJnB-M$vTEumIhLw02kX#I*T_>79|=B
zY0v_owmLL>wJvIv(Y;;+W;o?K1zi~@u;_Oxf>%6@?jC8SPP|_p5JMg5&s#fZNv+UB
z{pJl>k>Ye^5f|uGPRScKmnhT{l573<^!GISiLKXuf5pt_o+2bPap~Q!d5<%_{{Ha`
zCjZF-mH&EHYI=C>opioX6Cs-DS0jCYmbh!kI*r@wH8*1(u1
z=`B~Uyj1FPH{Y5e^1a$@vAqol`jB)NeRe$)Bexn6rxmfJ9htU~wY`=uPCpVb9j%;I
z@gE!aS>uLSEtdQmyHGW}GjtO;_tk&LfwuqmD>V1-mp!}Gp9nW&>kpg9*1Jp>nXakx
zFN#h3k*+QB>sM`ij(_%$fYbekt_MirJ9-|s*Dj!!yHSGdLRGqUCBO1D_?}mm
zy3s_W#P|oDvt&|lWXl7e-Om%Q5nUmF1f1zM(u~u{Ft22C*@bO*lkIf;wVzlYe|obAWevvin9k#F6e<+a|M#X2zLpVb)79~
z$Hhz$Hb2(ie#=Jop?XND8oxtqnwabeVDK;XrUXadl~9*=!GCL4M~P=wCuQURf^0hu
zrI%2koR!oPsct+63P5b^I*EJ9uqk;jD;G3zANuOn=mWrJ`@{CoD;@@1*m*Gd@o_GaQES_jI`*119M
z7dzkJOr6(sg6MP(J>1c^$?<=lsqdx_6W?;EcS)k-lO26e%KnL#Iq~$m9_9k)yj-4Fl?Y&g!RInMp{
z(v0Ewp0EA5qpwwD?7cH|AAii4jKk&69j^MN#216Vp|SSALFIGtMLsP09(VmUGltJE
z{Nak2E>?yQs7lVs40|Z#7+bNIdS=s*4np9|JS6Kx{dsVi;_cG?FD?_S<@8~oqH*7^wn
z3z+PY=~2s6m!vR1eOdX(<|lyFhCHBSVW*>gOTE&AcZ`IM{w;|Kzs8@TYbNKCUz&=l
zhaPL8{+{@%-YcBP1o{z@F-^L2D%2-4@y~v(_q(0wP|NgAyW&8`uOcQsBd5pcv!M4V>dhxUW0SEoxOZnq-$ao!k5AQkGhy>SWMt3f;i-BqF(!?;6kO
zdB~XlPZ^*7(BU(Hp<$`pcTZ*=VmQ%CV@7_SZWTL9a$>Okp(VZGo3ICm#6EP(6rJzB
zM75r5z4O|{36Z(zGv&yE&x)=yIz`i^x0wcndx*9lbuh7j&z|RfwF#Ju6O{SxWWLWU
zNnXm72^b-Z_`~CMs-J#a$iMm2WsJv-`c+i7R#|T$cX_0TdMC-2Mo8z}GD5(*
zh!q+-j
zNepF>kD^T7#dsvOMg!!>KcSEDqCn(V8nc_`)HZ+
zXHHHC{n<1bJl`8lbe>LH9Lop1{qOBUKYXehd7(~fto7;?z~
zi@2P|7ecOpwq4ox=RY7n!mg+a$KoBP^+_H}xaX#!WwJjsUdb&k+_?=y>(cb*7RG{a
z=Dl(Y=Ub>G-og$WsepAr+0l|307wtS1Z!5rDCs9+Ox?G6G@q2HOWsWM-!
zlQMR)H2yI3EB;!#dn$W<-_Q8(ESi)(x8IVvoi$0%?S%CHA3nZkhSm*EQJqIERmwP^
zG1U?_{Qd~W1N@L;#tHEC60JH09ekAf_%p$A|ItJ(H)Q&^7W$GH^t?JI<5i+tms`;D
zKI+*2CT95G4;+s&lKeAqB>wwtx-;N!>PsL#U@`Rte*0a&*8E7BvSO^G+8(qJYX*H2
zeed=G3uap|0^3=;oUfNk_l4Rx&Y*uG+JN47$_Q<&f?eaw*Cq}ZNzSGs;4k*G{`x_Y
zZ|brB+nKb@$8E-8f_WCOQ&j9ChOMkZ$?q@ZU1H4A?dz`*s>x{o7
z+djZ+a%&Ltc>-mz28iD|@oYz*DKv8p)p6|RxpPx8Oh41l@^&7}<(q?rcXagamV4hv
z?HES3FY9>lJ6|fM`|tfT<3~*rysy*h{XNQfe@`L(hn~NTK27>xLH}#$zeWFjY60K*
zoaYL9(icrDY5*hSS-Ru3Z`xt8wXUJ}x8Av==aA%Tq|X$UP0Zpr%1aZLu{PyZo^+1D
z2L*r8q(U3;CGGm{6{{_g+5=fme@&e`w1_S);cf+6@c=g3+(@%!p>
z;B#_v=MlA+U|j1RDyDlD`MkzO*(&qb+
z=Rm%FT`)8RyR)29&bNm6KWOuyv`NqSHFSa3hh|HCqaX+=|
zQ{Sa`d#Sx|S*P9^3}qWH#^GP6=xhT9o+aMhEAjQW3w~>!gtJ#bynue+>BK*p1iOcV
z81fr9xjeg__QnqN4z_Y6?;5nD}&1YQkNZ7c7W5OzRd#A~G
zX+rKESleG)_q;
z+VH7WolYASMEmcSHkvav?cYMQf8`097rF-a0><9xiOL?#@&BsYGF~LQ=SeGeYozCY
zM5bkBIx!G+PKdb@Q*jo(&+#9iI-r#TT<1-xlb=@SG^sP}-BS!14Ej34v9LUxQ{uE$
z6934XTF;5!_?TDsb%f)7WpJGnq>i0dCtvDpqW5~9A@<9HUKctIlVeP!-e*Sr0OAJ@
z=Fzy6Yi~;&{tx{lM-7bu-<>;PhQt4RA!{a{>jW)pg}sBH@c%TbgPa)O6Wl$Vfq2;H
zJK0B`v~eIq_u+2eE8iZ=0R8vDBj{r_`k--gA2c4P59fYpqp}sUzrV=QdaCnt%|XoZ
zyj*j*F9-SbHh29rr{z`9=X2#7;^E~JUjlo^VS1080>P|M7`e48jVt1A`CPulDyXFM
z7B;p;{iC9-oGP*CIyVE2(
z>NVjfd}znjev8yQV(cmYE!CrM@mX}vCROwjZ}?)|ry9CIXTW}x)&lm{_6)=eq;)lk
zFDy|T?F)!Mv((~Pjk+opR-0q#`opD?a{)A?t!CSv*!&cEJoF##_g;qOop{
zp>6oTh1DB7o%X?N-kr7|nEwf^%UeS*w47k5sw6|Ls9`%JZ!w-R_-ewY#SK#(qC2@y
zjSo{{fvIMdjMrMx9_jh3#AECUeC;=T
zf&tqv#IZC7RulcCj5-_gAirTAhAh!1v%pVsSN&a|}VGVlK
z)%3fO_~yDqjKoTUwa#h1mZ#FHL3{5bh7J7ZGoP^DqraC)*`+RC`){0=cb?6*S?I%P
zggyBC&bnnA<#CQhMNiOvo7oonVtWbNFhbTV$~?SO{vM!u?bKfzV%pLAzW}=jQeo6pJ#z~Z@4YeGgD*><^KT9bUNCIIkewii38;O
z2lUrk&QUOioFiN09Ftsfjyoil(*F0goMXutd#dAi=67d56zN$h@Em;~^x43Zh<^Y(
z7ioVO<@#vOtM5#nfe%Cm+Vno~Gw}~by8PtdS$?ui@OAk8r2GVDx=$5HugNwChq7Sr
zaWRi?iEDhHX4j3@s$y!eyW36*!t+QNfJy+Ix_1}~8
z!yftw4?x}-cjUi+$2#qe=J+4BG<`*72%qLV`cMA;VzifdzNCHSYs}|i9dl(J6_qo8
zuHkT77M=aOp!3l=n~=g9D0X#K(S3d_HY
zwt)qI&eHV6^>`9}^m-O#ou_kLHrNqh&;7LLpnvj+{;_DSeEtWmLVt(lgIr`oq~{*V
zsq_AOdy0RTr3Rfm!r+yC>LP}reDKTyL%+U9C
z7VuW`cX6V9cWHT`?C$D?O69_LDNwqrc%hw{V|_nM4QoEa%k}<4
z>RD0`Q14pzi!q>BOOvD)?i?~u^EcG4{dwKW@&d|Ps9P@cgHOKb@|CFtYiS}4&^B$<1
zY`^NVVH=;X))23DOU$nxiec|`?$KZ(pB2$nHqli!(N#nTZMNatvqW7HTdHn|EmPb0
zJ7N`E^eo_*#j}xPZOYBAyLl9?=ETd{wDa=rqFs@mjS@fp
z;JciIj&s#hf6)!cmxP_Vt;eql>-w`}bH$z!YX_P0`(lf+o$5ROV!pJsy;0V7;G^OBg~iS%riyC#ZvDnFjb
zw$q1eKPt3%hR7i{(s#%M|2}DSe4Vy$M0x@uZ&>z@*6+cNB-h_x4ZDtfnQx!uGpv;U
z)9EEomi1f(!JUVA=(TD`40bM+KhgMZE#YqZyQ^Yjr01s+Yi{W6J;g1*Ho~AAy+k*{
zhtQ)`i8`pvmQSlN%bC512Zx+q$ZJ^_qju~DYK!i}7-$6CyPz|OPKpt}i-AUJQ~ToP
z(-Dq&@8Mh#)v*BQ_96U5Wf8;O$)93AEjcBPa;iViCORzU&}Yk(rt@0w3WWcIXb|M9
zTdFk8272gI3b`~F#T?pVH{n*V(9I5>M|@(x8h8u$l*uv%jlXJLD?iCkBV1
zdr`yFN7*Ojb^5kOdL9;7du*8Pj-ndY7~9g43R+;dLAs(D5yFM>upl
zaPWgfli{8Kt&RHwcWX11gFM(LvRbw?CcX~#AI}M|T|)h}-8(kT{j%g|Qo|Ysv!xw+
z#wU%6C-wSH9^+h-$Cn}NIbPd8m$svS(`|!>bISwkRbKQ>L;U>+`ixMo>y=D%xH&Tw
z-bNnR_jjF!Bjib7-hiG7I0^|Iz3`TXTf$M@a|DPl704CE0}AtT>;UpQSbpBSs`mG?Qx6nY@pZY7>BAsulEVexBmq(
zP{B9Miy3qDx&kj$2yaKvc%|@m^o*k)7vXeDru14?h)okBF}>
zWPdZ_b3YYeJydcH>p1rK_8qKmun`MB=Ea)h%xV7gc)}lVIq^*COrOd&Jr~h4am6wpPTq;HS~AP9lsy^
zSp(54{C)qa^u2^=t;0L9UPXdO=^207^t__
zIj5i_0GG(O4VkRicMgx`yN=ki4!vO%4s!j{IcA9Axge->W@iRNK6*|eTET%?_gSX3
z=or058iuhx4nM{CRb(&pB>YN$dxIf*#(hMaWvZDWdd9WQPASj9t@BIFr=T=BANuB=
zkK5kfnUACI!Cb)$gO|hoLTfe<=J=7zO~{AR@oXOK2N1vaYeXLlEqmY%9d`orwPe2Z
zjK7?LeAHLtToaGlh&w8Q-%E)XuBCl~{GdYQ2lR~d8s`Kh5jqz#KW!NWWP=Bxi)N{F9=8`XSsd`WQa{-TiEyEo4irmC)
z7qcnD8g%bD<{y^%hZ#=|Jc)O1+~vl9n?wfO{yKEl$vrjZ{88gTdIvm?dHUqcjwcJm
z`eaKSymN)77?Swgm9OhL-9Y;RJekXUpgv1)80Ik3%%2W~4;tpsOBw0*M0GZDPQ%`~
z<4czHlA+@s{DEkyi+Fxx(+B4{`maO(JbmEMVy_9!-E>IPVz4VyLOTGLBX{*!cVPB7
zcVIz^z4pZS-znnfI($&?5oFJqbmp~>;RyTb!9V=*w_&TEyqC0$QSaFb+B4K8{$v>P
z-%0~M&pJK?;G-6A@J*+Lu9GdAml%cH=}d|wehJ&R?_UQFb+s{>t_o?y+4|Wkx{AHcf#!vHu4xuCCeCysNW(|F}PgIQ`
zKmVP^#kN|z%b`uqmh~9?6Z95`cVeF4>-Nd`AQ#5kRN9fA7V)FoO=a;Na%aN%btq@k
zJqtX5^2?Y;4uq@>^DzDW@H|((q!f8|LCBhKSi{M_l5IGBu9QA&sL%2Y$U6`3Jj)oT
zy&U!}9EObCmb@>>O+xL)vt@2eRpQ(o#$GLzy`pD)lLz$MS~@$8VL!pz$lsTn*ej1(
zL2y==Lce-^bv2#S>X6s$nBo6eW!?XxygoXSync@NpO@DMy;@$ME)UOj$-^HI8OfGc
z0e|aF)3_n-?(bOS$*>^eGvK>+m$n^NPXqwA5rTq!2LyE(r`cH
zRm9y}Sv^d1`Ek7!cI(72-ePK_GegU0v4)_(`cw_t4CTvt2E7Qr%;&$y>Qg11&^P2b
z_K$;nt^!Wp@*2SwC7@rSzJa2Jaj4NI1-7zf$|Hfg&xLG=ezvOb*
zi5f|})X5w};AQsrStWdU-zzkit_!0Tf=?T47ymEvz33~DscGE1$kjj51h3}Gd%%(P
z^+?YLA`@$R1#WHYJr+rC4egF^3|
zG3(wdbq8P8x^m3>RGD}G%cK1xr*gg=O=HxEJaIdf%M|+jX#K61{?<{QwT8aGD`Xiw=e%aq
zdDZ2&QTbN(qXIr^5`5Ie{2BDTJD5&&?!VRaJP3VfRtMwNgY?}{FVPu)F>d$<7lhe9
z@oLURw!oq7E({P)t@G00tZkyR1{~kiE%sk>mIK$`z_hDF&;DCNo_ssC*AfQZ30`EA
z;HZ-cN8!DGR~~cdM$8dsa+6xX{owv?QZwUOY*Qlk8~#}}ZhAUj&5U91ZKAO*m0UFY
z2lf;LhZt?kQ|uL(juF|7=7)o9H-@tfo5LrXOvo69wEjuwgZ3FWbZ_=p&%tg5qxbfsE
zzY}}eftMzhr=;rwS%yXT-joWn26Vq$H;6eMki1LK4SraA^V21cQQb?a_z?QH9RHjY
zJz%br|K=sFPj&3kPjvLDq6f?t8urMGupM#5JI6lxU#y0mM(A(LpPPcXuC96Kq{Qpg
zI_8-Yt7r$cK4YQTC?hMciwt
z@}+e`k6(g|Ki`6Svx#{Xm!OII${O|NTOV%eHci$m0p7N?dUmV*T0ZDPlwKZNOU{P==%*R`7cfh
z+TV)w%n^Uc3+VfmN*#opYBk4nNY&A0=$HN_P0{z`rku8t8=Eh^|R-Q&D<2GMZeSO
z<(%W1pZ6j52AxryPsG6r-y7*UN#ewoQ+v}?s(c;toFR#k2>u)Ra!76K^pDr3T4GI;
zcC)12{l9}gV_Wn@#E2xgnzbd;6BE95_wRI{WBDhHj%TFz|0B-+bGwiO*@#SA_}jd4
z4}IhOT~oDPK9#@V4mW*!O-pFAtG`XuUma}q=#Hmn%!8Qg)c=nWzx}z8wPAmt<_PTn
zT=8;_sKv1_JN^!zY7JedeaEq<&`HPj_@Q^!F*ioPw98DGmL#4FF#-PCgSDi
zsD?qr{?Cxu{~?M0#uaK-^y6v5{ikZA#ak(1AEkMw-ciU0oViQ@s)PvBp_
z^w;U}7vNtn@yEPpTP1T$%PBuwwH!pusg8mY=p=`c@1@XtC*3_2(R$UGh&?bYdDI){
zXqq=YP6mCC6{&@tXJyt@oi)d*^364?&Uz=b2y6O7pivjSaj7o9U&`;7@`X}9
zot~gOY*A-ciS>lHrlya|rpMz6>@pXjj}Xy6XscHZ?L0vLUr|4Ym&cV7=?G+F~A>xZ?DCtw%<#tipi-c&zG^}&~buj^AyG52_esPCit
zzdd(s{@=NrKXBfod329h>RVklpA9oSnfQSVh+eqG{}ZB*dO4P3Ust53Qsmdo&n5W`
zeA~1w(o-nkmOZCs+c~P`?e;q^j2f!)$N3+$3IlVP{szYW0U}@@TEIMPC=Zwqc=;
zr&b;7S7r9UQ``N-zgz_v`5W3+l?9djA^j^L90at*ZIv6xCW%Zz{cI*)!%{(_55m?HL?2{-UCR?1v$UQQeHfh2XlC?0qu9#v
zzE_(KSlrUZc0X5(?c3pg*a)j(zz618sS4QM=MmA9@9Wn&=^Yr3(~ETVe}Mmc6g>+!_<65cGmGZ11Me^cu-)Ih+T#CCqJvcHzH
zg@KUDo^N&(1fa7VR!3O2xd8q3s`73s^G?4yv%4dsv^YNx`))_-CQ-%G2AED3xUI=kmp%>|=`(Us5JH?)b9-!>u-O_g(
z`pzn?@-P3y@KDXVRt-6Xa5$+{^dW5*wSjS
z|9;?sfhXI)t@n}E?c#P-7AM}6eGEO`(omnsQ`ioR;BkYu5xL0XI9t7P9_ShWSN+$U
z|9iCmdIsatjBZ<15KKch5)1>E<}fZ@9=O#%6Z*hcfk$7HyR+iIL4T(1FWLY;-6Li4
z|69i%(|FJnJZRWTonk?r(5%epYWfYI;jv>yjgAkp`xiv39&>)#yzU0Nn~}raRv+xz
zPXA-{KYgCaXVp(-ma4^~ADf+!ZS|@v;>Cn>lfEX4SZzZ2E)i>qWe0y54o~5jHJg;0=(>_ewg1;p*oDMT`eZK`C!*F
zdXI5}UTCK=w$bl)8MkB0_hW*gHsr8B;qqvheTaaYLgmjAJqfzE_1XZR?J08y7Vz&+
z%kL!v3+m}N=Se19K=di+h3-=&(RQ^r+L6IB*ug1t1{Q!WX`{89#Qq0)tcST!{3G&d
zZU@vGJCQ@ZPX(iBtCMJlCs_Znjn=Wm+Jv~5R1dn@^#V8hf3EFyvy}OE4r1ycPoUVz
zIq`dAR0jNZkoA+ZX)PAB45UDrho@XJumIznImf28*~_`C*{6W|g6<7#0be+x04)eQA=F7Jk6qs?MDDzC|1fp8YD$u@=+!+Vp}
zqTn~8eZfA)u{vklbu7bQ9Bn<<((}q_?hpPF20C6p;Ec}w`-K1g$o#%9SW_f$=$t>mi?&tM=Vmd%SdnY5YctJZ_ug02Z@`7K
z|8>s(_w6aZAXDRo$%Gd!pgkvC6}`znvt~E#J;sPUgKGtz^mqa_XYoBQxfPa3ell+|
z#}LO|B%blh;&0MG{Zw45!iZ;3Br!Pa=v}kOWt`Xq&FbVB%W7Qy-4?y`s+R&-Kf_nU
zc5yf-oXgG^W;zve56J#h#wo!J!*?q3x*`}6xf@b;?#zJFy6?ysU;fHHk7RQv;`7iV7
zZg^4R$7=uUDr+r0e>+Owp>fJ{G#A7B=i12?y`fBca;#mNSB8HzoskDj#2v0u)!|0t
z#zeefl+B>BGwCdNyg%VJR79hO=#E=uYzTY3tyFFUm-A9N=%O>dPgZC8w_6$BS8MYK
z&rv&6zBs(Xs1~1xYA#>$PAm2Q6!$-AoN|6zuY1$&rT-tE1K`BT`vm(kx--nyb)gy$
z@f!c?+*YyvL+{U36YkIaKyq%y3*B?`%G@$&ZYVomIkf2>*F<~cZjZ+A>bpA8re9!r
zy1??fr}SA%jM@82;;cFI@}|veys>7;SUogW_kOK0f^-%G3+VTSD9J;Ysa7nM%*j
zj>dF+Ov2p(+q~1XQscLd)S}N#e9v{zU1KnBx*hiq_{svdnHk328_4_|{D>`mpU#Ve
zZtA0_lgoZL?r#<1?<#w_37!;n+eK#8Co=rqKX%1)rFs3E(Lnbp(W2)xSgn4G{SU!2
zY!~}odd6qUyxjLH-B(8-$7&Nf7Cqzb^f&Hek9PynO`-VoG4h2WKA@9#*U1ln`1d}!
zM~Y~CD_!=eEz&+ciLOBVd#U|SqQydS=XxI42{870H9v9!I;ofAdMR)wz45fYl
z#>-FeJ*gk>b;oK%4x7WZLwC~ocI3bG-Kew{JmFV0ca6*+#(4fq*{_ZTYaP?iv#zGK
z&Go)nYozT(Mq1u<>_^+}W8{Y*nqj-M|I~Ne?R%)qP0`b!zuKb92QphN@Egr{Ygvhh
z^*FT7O4ga4jYe{vv+vM0=vv+jzPE(x&5T#7TS3FW>cC>LJ05DEs^#t74@P?8GT&K`BeraA++g|5>$@sdSu~$*QOe@TnFK#sg8v%OODjI9
zbv`rHBBG&Q-&IflAyYw&-x*@pk<0cQIuFTg@dT%1-b2CqL!S#DV
z?-URYP>KA=UzIplbLrdfM@F6m9KpBFr>^b>Ej>j1KiUHhIZi!bP4%8_HE)mf{6J{g
z_xC`K2p?n0VJH@R&ioil&uoIET-J;4l4uT+or?zcw2-vjf0yw%|A0h2M;!
zfdvl!bLUYwDVYx^LBIRO1~Vq*=oz0n4!&DG2EN-b_r@%m)A9tqyF9vE+N0;cgx}Um
z`+bl7e-pp$9s|F9)ye<$*guEgu9N!ve>66Jdr8h*{6|Ur_D#WWA02u8)qaAj$;uua
z3(xft%?Tc}nBcW@`j;%w?!a$>%o{D^E%+l0Jn7U+Jx@2#dAgeT^f!0;h#tT`waK0Q
zisXte`H|KmfwnlFaGpji;aV2~u!g&cD`uRHwxNKcE<<3*1mj?@)VokJIUnIXB3Jc#MQbOLmo&%r;;x8fpY%r~cc
z8!uu#tvajwIRD40rmFQ-u(g6+)KFWbr`7TQc|^y0Ncdl<+wH_&6Wo+ccVq-Np|5BM
z-E*F~ODx3hgdFTiqA@ePjRaSpiD6#b5lh*B4*P?bJo`3GgHRN5
zoF>{c*i5$5llFDUOKpS3Q`UMDeiv>!&#M;5oHcBZHRo8`oRQb*O|iGz7e}rbHQ4d?
zB=#${7~hZ7nzXNnlzp%|3drD(fLFAVJpHq;)SduzVoAq
zIa-=>e{GUG{m(+H)>AtzPhTEAKy@9RZlMZ%%+VoNYkBe_=JPXx@Rv#Gmm4#o2M$=(
zeluA{Y$Dw2S*X@qh{N6VRh;KTI{uH~#QyK&yq4M>kpS~y_#5kfV9cC7N&Q&+_fz$I
zPTY-y;vd-jeJ#f{pJqQV6Y*lt%eJ0tzU%&|9)E|OLHt0-yV63eQ_Q0=6VGBR_?ti&
zcViXZ6DzW+tqqsfgl~LzWf-z{rD`}%L$%+wyxs?`Rhc*Of2CSuy^miWZOrPj0=sa&
zX7UsL7IlHH-4M%u7|&n~_OZp8pRuZ`?+p5{RAa2=W}V-(=+4WdCc)eQ?GtihHGMbI
zbK=F~|M9TSpMsb!$Q_oXm#(k_=UA53-u2Zk~gv+DIr^REt
z6EQDN?sVr;eO7!&=02=*sV2YcT&h2l@BW9Axm5cBR~e&osYXSQbugxLsW#orYhZU=
zcN)_h7s%c?G^w%WGz+{s=+8cZ)oOv&XiU?eqw-yirT>kM*8f_nz6*KYkjn@>2+{h%
z_Mb+2b_x$t6O;9&cK+Rke=)`);s=ON=(6b^##uU*?f(|qpwVWzXf%$$I7I*bHR?(`tZtQfMhmIWH8H=sC00(~E9m=N`d&%j
zwQbl!qSx2NO6dEEDfaV+5;30rqK{ksJuD|Layy51rssun=P%p+U4oZm
z%&&{M^i#Zlt4zsT+v?y?PX_91~jEE3`7+;cUie
zOt9BN`-cAv3$oD@N6BOLx83v&_V9UB-thmtx{vLu|H!ewvA6e&{_3{x=$rA?SYv|ZSFM$41
zu90#(xZHZvrnS~Fu<|*l!~H^w-L?aG;V|*7<&R+8C(;;^yL$$~p-JbZgw9I~;k}LO
z3gYi>h~1{P#j+Wm7t!3VwEcXZAe&l5=jlp1Pq)S(H`*j|y0V$)TEua>s63sSvKZ!>
zu&*N;HXk$q-TV1O4`41GnTJ9;H|LqQN;@Np@3xPp#9vh$i>uTQP7j8)4XQ5Zqq%Gc
zpVGF$a`=hY#TRGGw}G$9(sFI)#y
zGh*n|>${2C*akj4S_GeI#FU|RZdWIFgRk8q?d0<~a$;@rewVx-{ubMA)0z-I`8DB3
ze;Mm%X&<92<}`#g@47ISMQ3jqa=|8(&rMraEAx;}JPA58(F$5SjQ!ivcKf%$Q`X3l}g?XNj-#(r*E#O4E2Ms?RxuZ91O?-F-ApFUN#0?)C^@
z0Qo2TPZ2K=5!;shZ^=HS@BzfA$p|QuUKznkGw^>Y^WB-E0CurDO9BbRC&vLeub8M2c>07a^7v~;Oh;=qn
z>*h-?6JMVa>RaO>Z6^U6^`$iS)0KK{wW^4ATxeQPaqgF@=xUK^(=(2Bbjz=?9+PA}
z`nT^XK5-Pj&|}%{8VmS^KMLJ(AJqY$3_RD7xq*3ZQM@`B&oc1B>QtFjm
zN29y@C!jBiwvV455;>b}Ro-#Sx#q&03Ufgo;@BB=0pQI_L+|q$vd{fJ@PVQ;#df%6
z!VVWUxUj`t>d6ZhsoX~g2p_Hy7`Tt>Y@+w3yk9BrH`4pv^nRASzg*t0rS}KveTBTg
zRNgP4_eB|b!Ag05iM+o6?Fe7!VH?r;W*vq2S#C&>h>M6Rb8xJ)jcv^
z-mQu;_@n0T(exkoCr5m8EaHnARAW~dyvOA_o_LsW2mHiN5g)C&-LQdAjS=L;Co$z6
zX!VY*wIS^fRSF-|!Cbnd8z9$UoNuunxq)LP9%7&7DWbpH-!+#1!m;I#Z0{N${_F65oo?{1QJrbrzf4AE2F&_1KVYmM^UFMqtU{+S|26)f!c(qhTokRQAX{w#fc
z4F62xV;k%Gc#mOo*2r_9->fg}lksnt@zay(+N3|q!l;Mivmmz@;yjJccNP>|W4kjo
zCs$nTmp66dER}T~9-05PkKht9<9%Q+TZ=6n-}sGM``$>;lM+v$q!Tu*h|l^4=Yieh-2a^#Ps|dWFbjIzapXD`$9TSX
zcZ`j{whIo1eHiiXk~gxkYldog)u~^v7Iz)5od48Ll~2{HCc?KBgl~)4Z+;TzRG(GVdCjR+z>jCZUToT|s&dA|
z#T?_lfaO8@?_8GE6+^~6*pQ^B7irvD8gt8QsoeK{`)7w%-yiAOD0{rx2CZAlKI>VM
zo3_wDCj_7M%Oq}PjVWqJ^JgL(pPii8bi{vfM6uUaYJcgXim_rr%q
z@~ays2OTFxaZN@S?Y?;3bn0MsSkD`*Hev}*ZHeY
zSc~SW8#vDscrxU9nkV;R+r8TNra_sU-`eAfo0QOJ&^L^$$Ov@T@%kmlRWIZ6NRIlk
z@WEo)kCJK`@l>RQMxz3(wm0O`Mx~DRB^{b1a~F@cS4>Y|klab?=tC
zbE)pyw7OpLU3SNZM6U4~*YAn;7x^2O(H>i_J#LacUXr%QKao3m$35_$bL%rx>lbd>
zSB?5p{ZCgr^^s5PO_9B?y(bAHUV#yJKJba)qvD>U!^e|?gS_`l3?GQI&~mKwPrIgn
z06)`+pULq4wbnl2{%FTmy9&IP`Oy7QC(n7uBX$+;&%iG`s@T@yI?mxf+_9^(3Ud0@
z4_yvh%qrN|!WT;0btLCM@C@2wIgcIko0idbS`BDerCMo?x5Zm-KB@axw66JTW#`;$
zTNatOCF7_0Xq@Tt&i)&*KDyp<{I0PRG7Qw4<;1_gTgRaoli$Pq>3h@2`1vv6_hp~3
zr^`@t$~|*U_VEJUdN<#B+8-UizX3XHEBoxyn(gUA&d-iV8bW%#8bhh;wIT!_tG^5D
zwIbwRuhx|H+S4^jS+6N|R#&$A1mV@McevxPBMw_G|2>Cb%6=WU<5)Ap-}
z?IQI{o9=@c!EvlXeGprvZiuZ`+hS|g-dK}*G3J2`ZfK;YCUIS%~BQRK7V#qzo&xbg%1e*y814T3!Ne_Y+xS`{SmTZ(BI6j?D!wMJalqFE
zKK!078$!^r<~ejH@hOmnPbEAE`@#;v`S)#w9ImfABO!k-jT+w8kcQX2j{xop{Xee;
z%ue+`TMd|G{hmm-mjCHGmpSo&wvHb=rOgG$^{PHf
zcRcZzL5VpTjHlnP2eypO-_#S2(4d;SAfK_>Zegy4xFQ?QwZgd-R?Vl0pCNvoeKaFZ
z{_ic?*F9k`PGkPGd~4dGai2{%4mmuuoXv9iyO+kc(|;?4e=u#x>TRW>h?{EOnU!J>
zZx&`UTxy>zBjJ;!*eAJEe4`B3g_lvE+gX2B8l9t({&pGo``sG$pMuQDywk8y#>h`A
zBR+XtrqHmoZ?a(}eUlCDw_nYUc4U}bu3zQRymB}W{Q-%SOwV|)I<#{Mjc*zB3Itz}
zb*&P;Q1~0;%c91Ve|{s){=h%Es!92xSnDQQYvdlTR28<4H6;05Jg$5${;C?{Lt`kD
zFXQnMPrhAp((e8`>z<>dZ2(06_4SGSKZ*J;r?w$Ws-UNrWgZnQOG2O1cwC|no#D!n
zvZa{yqNrP;>g~B?on=%L-v59N5RurIkdPRPg0zS<3>6iXQt6z4gi-?1V
z3P^WvAf2NdMvopaU>mEyzt{hB?tOFbJ@?f;=ho->Jb(Ji3|&ibC*yvx6B#qi-rBY;
z(*u6hqBpRnN5BJ}1T>e0NZW**a8z_=0Q}RDs=AEuvj!~N+4ehi`E`kY7(3~@YEZ(4
zLDm7dNqw%Uisyke}sCXrfXqxJ7AqILu1~P
z&ZW~@)6#m~%)>>W>t#z59-AhF8ED*A20xHVRt*WF8QtoLT3Y#0F4AAmLc|N??}v%E
zX@EGl({K5Xep9V*KesAtsXhoMn;-|0eK&kRGT($2tXqu=xItu_Xu@FaeINqQF&k;}
z$JVuA!lA15_^7`RKo1N1&^zU_#$FwfQ>pS}{F6()ZJkWblY?jat8lPQ%jT9z1|lL2
z$}w-JpK@ACoHN~3RR}UpRzMbMrGvv&RPCXUc*iA2#>rCe0;MaRpf{T&hBy88!=(fJ
z)6Rb;q|c`eR$d?)vh~DeXGHNb&Ho{?(gK@>%gKDZ0!!?3UbFiR9Nsj$Q5-5}Xk=kN
z(L=qv&0WiFoY19<+|;Rfres&mZy|3k+{?hX;Q~=$0S>=mGFT2-Q)6NtksDUYj(Q(1
zB**Fho@@ToLkvgMW@woydqvLS=f8(HbA}W`3^72F0oyDxtE@OUYu4%Ju)oDlWBq@8
zg@&FgCEpQwb|*#Qi@Ot2+1eADgYYBuyqC?1IGMswXlwsG_^Cn$Gea*$aLH_NK
z&YpJ^zKPBw5IE%(4xslmYRR3NaWV0?8Y>%%zS-qbRvn`}+|kZ)()h`?HXj<&N#5sZ
z)q;O*Izz=;+n}Y2$m;!Vid2zk?)o(@0Y}8r)B0B7x)s;@hX@ZR%#-5sd4}??Wtz{h=}&h5`KJ^m~(W~Xzs@*&GEreYGb!?Y>0wGA+0_qi3fOKh_XmIqtQcD4lo=rCq7Z
zJTEaB2^>}yvdeWO)1Q8^I@Z(jgUmSTwmlmd|GIVYoHg(b!?W|OMu%imByT#LtGejH
z9S4IeJuc=P+PpBjbEoB+tb-F%~Xj_%ieQrg5oV_I6S-0se~l#NjW<;V9SA4d**e5%Ot0`|n<8;TZHrwthnJ%+3d|Vs*U7aH6t~MUe)nWQ
zI$vfYJlpqJ>ZoNnh&{=Ysc|`ZR=TS+=a)L*H@)chz>il8$U@fl4iv3GcHO{?-{9sy
zEiv@g&6Cf04u#ZJ)A-&@wyFQ=@c{KuWvVS;0?a1jURRG}yogk>TAX)_{yLWDY+TL)Gp+M}-q^nK
z{ucFK$%%Y#7Su?><~o
zNItWJN5RbXDcQ^vd;tEu<#k}mac$B~8kmME*FT7~gzNYFIZqXoq0*yI-@hyYxUAhQ
zKR!X}tLmRdf0r=Ss8}$fqE82a(LM{J-`@5PLiv`ugA(f{JrenQDC@`S$6XSi
zC{FKI18*A~e0@!w7|9mKPJRDAvIBk+FicK!b7xFsAZCIcEkBw?{I(Gp6Qut%9&u2F~AQ=7F~G!9@i_T(`hq${z!RdGyBJyrKC*$t{I!5e@}{(EK2_x*b&{`QGwg%PO}bRS#Ql4b|iuQ-A74YliDHD
zz6kDs$NKh#Rh}qIiS?O`HUywzt-vQHib49n%=b0;!WzXIR?2NsVjt=9?tl1=Uu_PR
z1>N+^QIN-{4VeCByg1%7TT7GjvZk!NvW!4Q;uDn76$^WbZbPldG=+t9jNbL8h7
zqW1o$rnQz^aE~Q=mR;qUOzYABv@xjjM9MyWueX;hvW$|GDu?zjJavCm*4ns
zX(o3gPwf5ylYOZVUpN$a(lm=M3(Iz@6LsbYryt!_))SK51NjR!%Zo3
z>SmCRMzSo+gI~k`tV6%7YpbB*nq+93;w>sKBxIT6B{nj`h;jb8pP8bX#;bL6Fhmow
zV;ca-d>BSK#dJb;aIYbnOEZ=KqHAUmSIN|hKb7$g5>gB{FI-CeUB3Bq%ExOJ3tDOP
z6KKc>R3Hi=WAZNTySQ)zq)-ALRH&WKfLbNYMt%@b?wWn<>;6*#zM70)E
z-cm0wNg=@zH0C1~!$yk42hozLPXUG<81
zjPf&I(=WHET9zB)4S!iPaUcQNwK8{1tSE(+-m`HSaV3O{i02$cYOLDyEx8EQE)6_C
zG#DgVk(jcQ+k=MefK~Sfh6eUup5;qp8XhF*yBwPD%WY}y(V0j7`V?XPwX*!2|7`En
zoP+p_PHSo{yFVV&-{cAt85{Si9YMm!kFFxKe3lXlpVp-wCO&F;(^D2q-^}G(;
zxLlk9env~J&~TFOX@c#TFD|v$9+={T#3~QUKO|EM?r)B(Oyx&n-Ux){+|?eil$x0n
z>h=hL$l%_WcAWCX+D3T+i1$`;|3L&!*!kCgrr^iaLm@)ZJpI-SwXrh^PHLp?E7OhL
zL@D#Y6I>=%1?is!a6ci2GrQnm{p9jF19EC7QGF2eFBAGt$AXdDug|HX=hj>9%#Sd^
za*&I)MPBL2Rq+-qe*R~9;u|xX2K8B7FY85%O%y*hqnhR&T2{QOXcN;fJckPgl;N8y
zm>z+REKJj||Mx7M_Gd6;rQa}6HwzzWuv(g2r3>0L6!Pj%Qr@^K*aqbouBtXF&epeU
z2tJ#A<7_Lx!!={xy^P5z=b8t3r|g?#?t2E9JhI<>lm1dX?354S?#Gstu$*A`XH?Ch
z@nf{62Depu=N$?Ap%#-5mf!9KI?>d|yfP2}W0-cb^c28^kzqiX4l5JY0=IJ1^PYB-
zjLsM(*d_f!3Ybw~46x2}wsXf*0%5J{N+ZpfMq_~S6ZQz_waj1D!=~Y;WoEkMZ27F4
zxNn9F$Yv9(jl*&RiEjRa4(LJilH*X#a3dyZ##+RIe4F^Ytlrkixe6
zCZyg8Iry}SMk}(vjPILKvBET4(>EvgD)P+$CTiU5X18wfDbsIi>s=hKhbD9#wQH;l
zn>3{0SeS*e0RoBoyDeYfBgIn;sXosFsFHZoq&U0m4}Pi^8$LcRMn=6RqaMgVWBbM8
zH89JUAm99JO0`0jpn;(lPRf$!xT}61WI(r`B1YyGpHNdBU%4F4Kz?`2`u6ddWDSdO
zCsszVOFupb1+WL5Ii5fyGXUqk&lYsNFZVoH6g_{kZicI%P%>s3C(e#O1idYDhS;Ap
z-?9ejP6zdC9I&CpB3@>RW!oeBW9RI_M%br-MlU
z(zS%wWkEv8*X2VX5Ae9Zar!1{>NyJV=Q9obYkJvqV*q~*h4?Tzx~@OZ-qfEzihWuv
zl7I|OGkp3-(&M|&h}lj7T5wq2Fk&XABc)j;&VfeuJZt@N|FdIpldpU1NeTCyG{RH=
z=qV(%#oFSND8vykDJaCRdQ0tu>l_3?M|Y>`INMzQ-Th@A;JHvK5ge<0Fe8Lc?4w`;
zyn4RjfqzPA?|))mG@@S`|Ft${@!FfzH(hD@hua*n8sJ(|yQ=)atd&@D#fUV6Ndt~e
z(3VD2+;Cf{zl6Bkq}!nyXc*X_*eXVDYa51jA#+Y)65Vy~;|f3Wq&w57x_oA^l9>QsY;a$
zFx@Y3NgscQfjFvG+Pu_SgeOHIdY_wVjPU)ET@|e*Z{Pkc(`7xq3|T`b*H-eKaeAeD
zU2>rgbmyP$hPo5Z8)qIHcY4Jso{*>_|n(
zaXc3aVPs~%(+0WyCGiChr>x=QB}K-;FM#Lw-bw;_UjxAFcW
zBgfTutADh6dkdbWIjjlbaP&-yHbMZSgAI2{)0W(e+nygf06*O;HB
zGVRa3rPan*wHf@nI3XXpNldmA#F`pNYs?3&loX8
zM^tNd*wV@YaZ)^x<;)#1RwzJtVS!dS0PkM01Sn?Fdw(=`yO^EJ@hLR*a;|1@R^!EY
z!>&SJAikqmxK{Tg+WjRKr%0V}gz|%>YFYlSj=juU_lJB>TP;F7_!ZuR;xzBuuKbQ|
zx;kWF@++djN=8lq+9HTYve#d6B@OX@!n$YmnlHHbAL`PnGxgYSc$kSjv)Fu~(WfxN
zoeMQ^0m+F;FH7ejhfjrj=)ZtMy`Q{SYAr6sUS5*P$X#+hJjmijU2siq0HnWsi~Zx1
znK?K4(jdh>fA$WJC$^<4{XwKZTMaJd6vQ#tSk3b3vdMCBJD2KGbZ0d`Ld$bhkAc?V
z_~bZliX{K{Ry0nd`@U7A@&K>q7#;4t+h1bIk7hTwm>!uQt-Yaj*2BEfX?8?TU$Fs^
zhi1R?T(~y!3mJ2z3lbTyPMd9BN$-*5xHDUinl9o=eDUU1qYyP3mAB)4U&}^^b|oY0
z!(yRT`Em|Z6Civ3sQEHiQnHOsvSPt+Ja?FsklkD~ATDj1mOf?;{Z8JRq3Sr%knD#a
zceHg^qsN%jI85czI_`{8>m4F&O4PAwJI*Dx+NkE=TF#tDD7~7Y#lm^o)Ju@L#Dt6w
zQp7&@@z(s4&ZOW|yf7*#m7?K%I+J+OU1ekzHJ3)4{!uPbe3B*>=Gg_S$XL^;a2-*;
z-_~L?Y)W}`Hwq)Zw6;~QdgP!Qe
z!PjCo|1O2q+#K{wcwKP%Q5o_Ks5c_2@HsefrNmER#KTCwBuHS6fw7#;4|EB~RT-oA
z_l&7!W~v_U`bPI~DKMNcqoO%Hss1jNIOu#OM{%vyqC01vk<`ao_j(Q~Z8yNNI$ItL
zQ@9)iy3}IUj*pg|et6%?2Kq90{5D`V2xbOZ
zU+iGj`PBC!5+zwkR{2{Q1Adm`{oHreJ_IZmbv(=Yh>bQ({y_#z#wA1v(w^u`gb
zKgP!W1Fn`S>-nY8-V$~E{)z>=S2}I!q5Q#AhvKOA@qW*?0|zxNUMwA%w0Sm6tW
z+oPn0{4fDrC)!!vX!trhGb0j-V#YW!7YqF&qqEGRPg<>d99yB;5Y%ku5wrL^$TP(?
zSbvuC_uC|nIleJvR_4l3MTM8jGmq~Fve@XT6qt17JWXHHQ_2fZ=Kk9~)8fxan2q)n
z>Vqi)++k@C{g|9!U(%WczW}>m*85*+YR%ZHYpH)YcNf(cgcZh0gh}-<5kMDL=@WHO
z?)TK;Hv>S%UAst;^c>mEQ(+lUQ9xFP{?jS935n=Ct3b8^}opD}xsWNg!->
z$$)@ae3f<9GkqNP>tutX$QXY8CPDh?3Uu@;#K5=+7vCvE;+HKG|LPv_z5k3{Y_N#a
zn+SYCwNf|KIE+<&o9NxBTPO9$!Snn;R@J#mD#8A6o*j9Ye=IWYC+O2hAapS~3Lfqq
zKDNb`tHZiayY+`;VyQUt;BTve9ofX-7Bq_fUwVH)r~-W1Ks}|5lOS|gONVV=G<;^%
zPIbDnq^~M}>~_Y2LB`xldf+0ER+u%s-kazcftD>jwvU-#Rzplj5(EX8EToq>drXwh
zme0RbCUnxxa(2*pcx1yG#n?FB-KKaess-*Hr>w+=9DHL3yNvrqnk(xWNR%Ik=ve6!
zY&En)Wa@l5A+jzoNrJ87A%b@BM?(-Cw+Af#*@Am_4N`e$ufWyndJlJ?)4x%BG54TrBuuMcHzgF_ZzZq9?6Vp6B44M$xPKLk;*T#cxCD07p
z9S@e0_-Ml0%XV!HyRcpT4u;(|;+7i^FEDNjX>%7eW0?SW|AB`Ol-Bd$0aT*E<`bl1
zKng-F=l?h2jFw`O0Ekd|bRU#f#v!?`{>ysbuND;%DR}F|F77Oj##Z{&74El);t^N+G_yO|_Em@k`&7n5vX?h~M>u$r25c
z61LtgGjq(Ja+s`4(ekKW!b;1Ie)kT_?$R+4sZ?9cef?M1UAQU1|aoh8J!5VNR4&>
zH!Hl$?FMOBMH5NUK+Y{8j0%_Wc~!5&YaUOX%wmFKW^+d&W&C7upP
zPo04^73sfUrV4se=OGno8mc6c-MnV5Q3SPnoEkdTPNi0m-9-~o-<;AVk>0f`-z28V)daD
zupN%$L?Jg+p3z?|TwfEFvpcTGG;~jzd&5Gt(}NQ0d=F9cWj`QvuD9J%0?!D{*?k6n
z$(q=;5boP-pKalOY(SN|c@RaHE3;if5;)sZ_`C6y`(BP0+Gn_H<5u>68;~^tFO6QS
zCa5?6`fAaX`zt-EJ>MtEp9^NroYKI%!G5>m2n3UA77TUcoAgI`W?yA7&-5q2JZ0*U
z@}BF*sVS{5T!T7H9Y@nLW@p0|f?!%FX}$WYCc(&!_RYNzcx$q8PGyXuh<-(x6Tk70
z+W^_t@JJX6JZGThpo)Ef-7<;)6)?6$BMPoBOkY875$+}KuHjj@^_2~gh%JF74W+NP
zVNd{OEjt-}smH)3x&D!eN)-bo)RCPWik_svmqzWw86Ql^S$}!o@hQu=aSDGe(FbTrePQVZ=r1+@N%%Eh_3#^m?k!tgOg;jOWyY=3cAAyQ}
zOyME-3CNF}K{}{>*=ndq_p%ruN1J38HZ-{woJ+F3Kina(oI3rewNTP}hr+$%mIsFSpVf`FmcZWgCLKRn39cK$Y(|QSO8|
zP{*!4WLWr!?y=c-R$aC`ZsVaB77IqpJPSFV()a&&Gc^xxyyaN8;SoO}h#;8l*1)1n6=Yh7c6&5l$_)No9HsL*XG@hTb+q2RY6w}EwQp08oX#$OQOAd5HS0%RJtSh<9r|%5?Bcfs#cv8`=zIdR
z_ts?#S;KqpR}SwY-&q98w`)WvXM(WMw0H%PVVo+iKl~Uyu%e@
zDHZh*BR%8SyvJTE)}@PAyOui}j~I9fUN~QCws+*tm$J+{`Eu~<^C`boFynWv-C
zo2QXyC%&t*bFA>OdhFHOzcW%Jf;;KBLJfE*zs1UvK%C(Kwq+X-3K>EaX)9jZ57i?e
zUWCgB3I*?Ow3MsYS!4fVSqW~I<@LHprvc;Z1)f2=2@lQ4|63&c>!)*!xHB&UHS~g@
zpn=56#;>20mXKq3j)kBtf$6b
zXSfGbK$hS-Pw+jh8V{(bg}&34*K5fW-lzZa_vHy7Zifasgl%mNT?m@zY{pK{^63N`
zHfJ0tyd8d&+6n#7`(|7u(X(Rp=cLc`fdlB>?tl15b`zJtCyLw0Gk=LgD<8aY?Ic
zx%=5KNX0k#@ZCQma?nQspAtE$5CMfl&!k+Xk{Wdq#qK}j+4-#a7pMG#WBA)}Ycy^z
zfh(%%!saTc#Re#}QF=TCEoVck_)E13qjaz!{hwI93z=aT<
znS~Nq_BGRRJg6`2vFzB(@0LES*B`a$X}LY54U{-V{D%=3*K@8CJbrKVusbb8aFHib
zR_=I@K7noVqN`Gs{(GONuSbn*dFR4>E{%s%?8qnix(lJEt1*8te^?xpZQ@^l7h}8`
zzjN}(^mgkFBDD$3;?#>L&9d5r;ptOCrWFnLhS+B$6#ty7bNvi=`I#-@q}aQUs5{Kv
z_2^22+iDhO&COkcR6Ql#So!TzUmxrGx`jIo&UpOg?v*9WOaGABp+?{oSC3VMGV#Db
z)>ya8@>I#E6C?g#m(b?^juMTBOTy~
zQ;+t>H}shPu#aVGz>6wZF9^{6$y;F9Q0C+|xn8O1FPOY$#szGCX@~B#!y*OkjOs>}
z(2o)Ikj?o0X&%6@UcbAlBiW+|(LP!lYM3lUv=d!_$TRIex5V8rg=YlT6B2K)e&E?^
z(1V%Fk0)!+Jgr4vTQe&=M#`RjlZ_}{)e{G5ZPZ?rtdURj60&k9Z>FPxsv>Ulr&
zH|?=&^95^Szk3fn3A5BP1+;2}$8fkFRh}&^pP4tdR`K44LdEwOc>>R_3>2|29qPGM
zsTuQIU-|U*H%ZOY?QltxA8hI-VhBLan`xO&6RQ_CN0>cL?csnZE86
zeU8?w8q!bXJFnRtMxq`un7LH8uDE`%fSC{k_ZhP
zm$~tZTbhwhPS0sOAnRV1Nfg7EFanPYK*hgw(7^Q$oH(C5K81fv1lDBgN3=gb+kpHhMknOMh3oBdV^Npm9oGkK
zhI_ZghI_>#J?L!3G#=-Z=)w
zgq;nmu9VzeuU;L#yPE5F2x7^;-qi+vdf0k}uq(S<&TWu&{b?Imz73ps5!RZvTB4+R
z^v^4hziM^_3?L7*_<>$#C0h7_4&aeKxz*NtG+7l*&=D6K0K&c&GQL;so~D@0@T}P+
zNmz|kVhbuM6^(%_KMujpl2$iZOu24Z{3AqA`4GX$fy_MUCAaGg)f%HVu2i?ew~=vrW=4TZ@A4*sIw_~9*_Awz7{bo0mErAmZr#YRJNyTBZ;
zDMxZEKyC8baeZ>5Rb_La!ShXNY^?@f$DO9_+R7mbyfdTqW$CA+^;K8Lh}}HbkSdm1
z15Rg5Z2R{af4fk1W}--nI!y_SoV-(Xlw>fwr&W!%`~;{?96J_R7TOp;;V-@$
zpFCc21}u3?85F<1!d$j#*)D{p2s+UnU9m4)XCF?n{M-0V`x5;23R})^l412*vO5Oj4}zCpa&u$%JidaL-92=+6FUZesIV=)kmBP<~9!;q=EV
zfe9jW%*gb0IM4@_v8TDY#+H*vAAUsqn4kchVBIl2OPY_!1V9}G)o|H{xb_V%gPDg(
z^Bqb(XF>!7xD$4+b>1pX|z^(GgbRcQcL)sy`_S?zEE1b)zDvzVtG0Y5U%SXK`xN!Nlb&)m}~Nmstv?fQ1<
z`H=%RQE#qG88&<5U{VSHZ8MzGlNpa`s#7jn8@i%=whf^k9yx%I)C2}-1Br^o_DzEW
zK<$>;&!SXvvv}viO&&<&0AmhiM7~mt+lxft;
zc_GGOCcwrTC+0KAfI)6AoYCwLw%79il(opn5i?%=rDJ%mecS#1#mC>ODt~1d>nsU}
z@q&Kl#Ui^>SRO4Z(0>@ep0WrG$vrVKe3u`e0k^lgBFYG@(c8US;{2enG`DvwG^W|~
z@@*@_FTos9G3n}1}{lYMP{kchy%Z`r*!ds1?R
z;M&=2{1Z@*b{{_~FS)CM_gYGF{21wfD~NFZK^W@&{mjB586FE7V>x&L(~aFnDu7J1
z<|&x#-p~yG;mVv#AdSWPa?7*T86?U(te^q;bFJw2u*CD!>mQ>VxH(LNfD?GfGm{}7
zr9{u5)cEejJ@)f5Y9V4b>4xZb%l*Dc55|c{h}T&+yRX9YHnuyCk}mr4)n9)~S%eHX
zlRvWl@`Oije-sS~v`_jWd2wzjtLzZHu9$g=Kq{&EK#$G7L7SMe;5*vC#DU1xf@FFF
zrbP{1;glgoiJm{k;n7UHtGbAd_;`VVUDgSVRk+aM|aFRgjR=r^!ZO<096`E
zQp~Ic=^pH_D6Lvl3^-oo=T$}Ax_kgAEjrrW9$U%OB5blD(u4K$S>Y}O#2fq~E1FMQ
z7;#Rz^H)aKS+ET+aB>8GS~sm)*2({ozJgZwPcusTbBbL-{#N|SVzSEjCVM5&PraB9
zp&&q5xCEAMUNq@eAl+E5Pbra}>7BY_Qd#VVN{Yx0#K`QmcUOb1ziD|BT{R_zY%}S%am$7E^6`lh0k7Lr+&9yE(eKaQN
z)nncf-^)~=?2@cHTWg>6y^HH#k~93M*8Rk<@1gH9fHd!+o#F}&-vR|#vQc2-IpXwq
z)kKGI-I)+npN<3y#-gkx^v|rUt4dm7byyfN3Nqzk_7Yw^-d7
zM6-h?W+S6kkve;x&QQA40P^(*)N40rLq$WEd$r8{VPDUuaH8|be6qZv
zGUCAW`FzA<*AD*x;@0g%wrScc1B~IfAl8jM$i(1A{>Ilo_g23>YSelq=q9SX!&~TU
zTrYUXF@ERmoqK{utcuCfpWYMI&a?)nrD;`wnSkn6+UYo$&XMCgqiCFp;hsv-2^%cJc{MAWmu!!03N&U4#I(qtkol-ag
z?S!;EYU_eQzc)?As7QODj?kuMoSxL1hkx!Xi;6Q3M`O2!qmLWBehjW>Io)o#$ME51
zGlUFUaw~MDqga-mipeKpB)NT%h44uiX#E?tAKyJ>l`(>>J#MP6p;VPKwZZjXSNk6il$@w&#W&
z#8pZZvC01@@rQ~MSmQy4jJRS(x!D!m>75PO-|Ahw`7(HeP|fYBJqE|ypP
z4TfY994nu0%dJ|?_bvT1&87LO>up^7`$_M0>1_*_T%HSEhk*{eoVDai3DvnJr=6CZ
z^-B!o1Z1?IsJi^jv`kTXh2~+qLXAeuu?zmLpTcHnc|>
zlqoapwe@U(QL@Rcpu~dP#{-j{GAnXFXAkoQ2Ol+6U)v%HRLKMh|MFi(iKQlj{kF-+
zW5iRs<*=rFQG@jgAFi(5o>l)y-5%BMFCgF1v>E>s+n3*P&wDh=i1(FgY1ECbqr?|t
z(U?)w6AfqA9Z15-en^(Iukb|k#7X&`^J#WUu`rs
zDR`KN#|g~r{%_ifXr>B)of3Ni++&|hv;FbE;=#DBp-p*y9&kbn`A!p(cm|t)Izl^m
zJwiK+{RvyVdQ$G!Tr^%4Glgs&h{tbh>(T;#z|==+)<0-L;3R6niz^!MVn=ECv8`r@sb3F^VReefa|r@bjQz5dx@mYP~xU^-Ob|=
zuy-%E21smYw>h+a$V@&8{8stw-=jRT97g;KY7DS2GRc-1mw$3o@s#sjs)L!^|
zeDhR(;cxxTQ|sF?^LIZ)9`pqMyuPLHz6uGGyF{J6e@;$vLf<9NT2_xRJcuP-c=?)^
z@7sq!UkgeIX|-wxeG+qVa=aE>n5MPr#)!W41e9nyqeXvop2BzC{uaVyq3G4pqg7zs#5%tx%J(~FY;_lm#8d;H&Ve{GLQf1kRG4UPk?h17pk9~!>W*CsfY+Fd@drrlKMCn
z=^NE`!VS>+^EYb1Y-&MNc{H(7@+Z-%=Mz0{?GwHIqmy`P2gSDZ^YIJBqjsn@@3Fog
zm?Ar8#HyEywmYWh%K|Hv=LezQ`;WW@`6_xJM~6k=*y^Yd)GZ0}t)9JA
z@rmupRFB+q1u(3fsIfa&PxfI!jJ`VjwjgSKE&F=OXEf!ro>u4mh~`)=
zAd?1sh(-KWJr~t9qF0RGs~d9yR)VAP&9($hm{1y)RoBEjXZ1y7#Nm=DSB0vmgee2X
zjDO1WPAcXxr?>u_#du9Wa3}6c0|$)6iHn6|nAnH;ejnmTRnzZtfXelIv4;Jw70Yr_
z9_cmJtDqQ}G(ZIe!<6jO{nva}-LN~?1%RACn^+D~01wbkjZ#U?qkh-z_Z37p?PJ@E
z-U8JNPEX}_Bu=i+xu+Zk3hc@pUWH3p+>?7C|0l9Je#eb0{u(f?S7XL#KihPgJJg@2pwuBC~_Z{9Jcr>1^XN;YXWAKYl&*$2iZb1i}
zT>IEpH7x%-l21AkRZRq#F_5=)nz{X0H`SM_1*hwgK^KXxH<90FS@w;RBZDg&FEZ|D
zESHsT+(+D)y4FqTQ8t6s@?rBRck$~gn5RL1tky-p0vcR%+SM4I47Um{ZCce&3k-4J
zS-N8uu2es=)VCsOgjXAxn0-zZVuj6aoN1sAEm=v;JgC`-UH0XO@+fdQ_Bo{0VfP#i
zOP$XwqfrazokwA?_WhI#^(Ds+Mh;%{;CM-a=l_u3Yk0=Xz4yT8feR+=7KwFTAGwLT
zB(JX~S6W=&2+b}`W^}sWAg`{j1%|2}KTbGx(Y>}S_@7rpv%s3a(6EnVUMQ4J@Av1@
z1ufJ*y?+yMdS;RF4DNkVqW8aYPuQ%t5Q7mwHI*|*%aG**mRI9aQ?8YRdNEU;s|b`8
zr|8Hu=N?+iv7OLx+b6(Ngr@GnBGrbwGBt8>rdk0ZO-HkhF=d!$LI;{W`|B^)BAD}n
z6>}NVdNO7~Oh9Q_%WMdjq<-59$fe3XS*qId?YH2fNHY-v9eV{&A|E5YY5qq3H*i-j
zfzG{r<+`+eAqkaq0}ytSYGN{CicQb(iVNAx)*byA`8Cpy{3V(NYaIVezX$8ohQPJGEKa
zsiBVby$>4Tp}fFbJPVG0
zhC*qS<`J-%5xw~Efx;l=TKJ=Vi68r-nxxawv*seo_kSViso{WX<%_DC^W*S#e^YFV
z`GR1>wD@sK{!EpY4|&f?9^3kkE*o|kj^hj4vS3m59&l>L}y
z@XO-Q!LswbK-6(5Yp
zOK*4W(d`6$Ov4d1s(YR%p=%|vFZR+w*aQty7-*DRvo?NaBqhG55kV{X3q
zR>2~`S|ZE`IslUA`*%RdbQRyUYF8+o*p&WYz~p*R(YYI@eF?qZ)XH8qUyW-Hh(@`m
zKO;WW=$=i
zGn9eJ;J-ETphcdb^PV$h0
z(MIPIcfBJ6Xh2I8HmRg;Qzv!acC;t;?)HDjcumOu+rjYCn`&M%W4$3s%bE(t#?egQdOE==AKA*Wc
z*@;$PN8CCK1`r%ZE|a^MARj@8UCeg}LRHM6n`#O&QFXqrG_Ib8WuTdJo^DO6J!$lj
zg_|gh7&z3ihNq+|XYp3wgY$Pc-Th(upYyrwndNo`&zS$9;FBeRZ7!hD
zv>A8SQ;P{10uliZ*Zrr+AdUx7{2K{-yzTx|OOilpYf1mxYPI(~-W4T{+i{F+_UpFgpOWVDEPtohLvKlMh
z`DZ_Woz%FXS~l2bBAsuhRG~uR&x#2Y`YNYs={B_xiaDq+9CbdhI_ffY;3j5
z=!)RI5M=uWs)_(v-s8|Dvkm>|(Dwp)-uuubtqnPJf%-;(e8=OEJF^YIP8Mnd=Z0yZ
z=ny>@ped}>K_$Xr1H#Sa4R;q=_Ay_e(
z7Q;%__BixSC+@P5nS*H-0^|bSWd`PD_wjZ#I|Fivj(YJ2?cxGWg#buvL%+QM%Vwo!
zC=rTvmw_ULNDtcXa{0XwSms6YFBO9J>avVN2wL+n@Z-OBlw1f_HW>UXOhb+p8qP@O
zprg?pzy!!|I0#R#95Q`6#H}r3(%Z121WE(VOmeAcmQ*1EXwd{MN|2sm#|7eH4B<
zTxBP4tTU^E=WikI_G^&(1Y5V1kg9;@)ag*N0sM(uG#2}G2RkA=foH~+3!WQ%!*f5I
zy*AwmG3Ve*WJKcYqNly-I8Ju&s7=Z4JQ8TCn|?h{>^aPKCHlCa|57#sKd>rHp`OBt
z>6}ajJUfH8sF~YpYJ;>h^L*#yha+Md-YNDtWT)I69{()~-*Q(9>KLB1p
zp}!nLenH>cF4}X?92I(v$xP|PoU55mm%?RBo?}hOmj6aHZHBs~l*1awXr(bW9Mx?3
zu-zv$V?i#O5LtQ<$GkBvHfDt4bIdr(bF6Zo+*=s>Mjx4+c{fj
z5a!b;C~TlLh;y-p=3)ob-yTQL=V^Uxg0f%h=!vmy(|`v_ixj0nstoDhseUkC#@~1h
zhI-7gT?_K_43{FEkv$TtQv5tlwH&qqKH9l^2kA+RJ`^#Pp`Cwktvsi6VUHTcAL`yq
z_}5PqIft%*F*|`?<7g~Dp|KqK3;Lj7|H22QL8|M(80z=2ZH3Q|^Qo&_n>x=?jVi5B6Nw}AN*hJ!DLH(EcqhiV_n!5
zjPm5_OzvX~HdmZc1s|mBgGPP}`=alP`bXZk+JhbAd!OvV%>0e7zEAdG3bzM)kaDzO
zJmVZ4y*WG9$cMbbdpm~5_*$wz=?5oI`CCW~T@)nF~3H`RdRTK7(XS>_|
z&r9G#yn__d>DS_3L-CNg4|b&-ApKH~S0(*Pzr5bVUO8a5kCiNO)V2tk)QJA>GUK0_
z_MqZ-4v*vg=mtZ!U8FljJpJofO##vM{L>3VEMe+2igZ)wOti2{sn4c&
z*Nb<#csCg5e__&B->{V`etVl_#FrcDeK6V9b)v0~gVYb%9W^H3
zT_fH_4-!2le&bID4f95lFcSn!!$HAEdY?_cGxLkr;ho#NLA_SQwJj<
z@G1&mh#pa#7l+f3v$L;#GUY?6Wh^Q&8N38DY+i0M^3{NdA91i6tnK(Bm5mQAmdZIk
zF;+gklII5S8+=BktPqbO#pNWwv6|x7vt>ojDI3%>R)@NQ5ZUWUsOxt6R2O5#Qj974
znN;ENN@RabxYX=%dX%A68`J}pN(IgFn9yf7yxZ>2cNM95>;}CM|3`CMsQl0!Og;&G
zjZTmjD>+{%vq@i-$L4B;V{Wc@9K>^9)4e%M_*G1Km(IE4J4u&R$n_T!DKAXiT9@oB
zs&N->1JBbquqHpW1?Q*G!^Qt-nc#pI2RNTFhqJ8?2&0~Zq$e|J(qN7_*P{K#gK?(MY!$Hur&QD>Ddf;
zmhj0w*CLhRNMGO^9_DT2yD0V+9~Xb7@nt2)N3kmk6k3Bk@l0_ns65BxQ+$}8_|0Po
zWefh}9-;3#(M9VpUf9jZfz|ga<<`8Az!M#J8r8?YTQS-x##-OLBTwX9px@c-j(%h5
zIe1+02SVBGYK-yXU~$%8Fvef1-3!O_OSL-*bHIJq5{LgAVPo6VNq5a6TO59}vz#P!
zW0OELa+5NIgs8W%llJxJDV-VR3*21ay4Jk^cG4P8vgynQ>jsZ)*NN@nIoub@{zm?6_Bij#-%!6~m8V(#Q)-=tJPm(im)Oo5vYVuJB-+4)e|X*jioI^+M5pq<
z2p)zV`0K<^Y2fqin2^sP`w(U>J4?WKr{Ey1-
z;YJ?1apK%>0$lAb=06<{Eq2|kEOvpGUZ#eKo-WGrD_pk?{8{AkCx6p(_y^-cq(@bqr2Fps-*-?B
z6-Z&F0PTiG)ki&K+sOILvX}$&AR7{=GmJB2b!=AYEcp`9mFVEGlEoTu9{EM=LVqk9
z&tD{b1s&}^8P74(t~yifbK_qL=+r8ia^pzM--k|R^Yd!Z+
z+sqpB9I15wni(yo9OiWqr!w|7(Ms@;tUPM^s}X+D*aq10H`;TxUMN0&_1l^4L){|p
zF4@R=yssv0Kwl9ttz^{80sXYf8(tLeoOmanNB$?XnR)@n6c<_fjufzHC^!B&DE8pzjf5OZ!t*~?3
zDNj-QI_3w~VjPXccb3R}pElxm6Mpx1S6fA~9Qk^v8}7#)!_n}JPhxAw=CNC&4(~GM
zTq3_ny(B*rzHA(L{-Qv{RmAOxtI=*XtI(wE{J<9ai?(k?TMJOWK$PpEypG>PCTg{!
zJSNH)qPz~}b)vjYlvneZ$`gU(i+H|CkN34QkJz_w3H{8xz3qNS!pO@;yxQZ!Z)OV0
zOGpN2;nhmm81R98ZNz>m>M*m8g%6`TQ?Sm2mlU7*4guTs2Hnxe=)b1D7M~TEj(r@N
zs;S(*5#!8b6I#dzvKC|gQrt;2)baQ6XVSPm5#UK*zoAclb>QO=k|}`pN*FipZ>6Ts
z!daeMkZ|<1G80E{G3WmV(fBLl9-fC;?kz!m(Bn^g961ZPn;QkbdoF@MT5qdQd#3DL)UQVU0>+LJuSvW^#9hMe>&Q1X
zj}6f1dzs5+3xxsA$9Y8j4oNOZgm+}}`euHzZ}T~m-+?-fz2Pd2S{7SG4w
z2TqO+IGjg#4hOPpqu_iJS@Z
z`8b@;QuFL2SbXm|@rv|*sO`PvDG6{Hk@J&a1AAFc%A-nZmB=@>BKEV<@9L~)DUV)&
z+EW}qQSAJ|+1E1Dcf;1%*ngi1eapVr3^`W#%vI$M@NVH3t_o4^i|~D*J?_J0bWSBO
zp70AnUcTl&BM(S&e9lT0JXKLCD+?`>o(&nfzx>lZC9E{!c9x#O7^Rc)Y_jhpSSc>6
zyRyg6rn|P!(b-sLMW_`5|ac(Qm}S=J(z?*DU8wz44wM|tk-`2|9@ww$*7*>_7ly~aKBIL)JF
z#iRAD#UiH0$yeL`V{P$!hhV(lv$a`_Hos>ZAK~W>D4W)if*T9Cv@*canK=(-MJOY`
z@ayqx^>?hmZ_Uyd{}eudn)}Qava?^hroQ!a
zad$eoyWQVwiw}GY+N-s!IpyC>E5mr`{#=JL#R7K);Qm3BS^HmRYwuFPEwi;p^IK|z
zbMv#YXZI3nvm9voEbYxFCmCgs9Brk0Sf4i(-*$w4sC)?s&o2|mn
zg^Z-|m3Du&$om#?$z&_e@42@-DIZJ<{wD(d>@EY|$_HdKw@$e>=+5ZkcGN~b>4-~J
zPVjt@N4Fcf6Q5OAJPG1kU^&Q%;=(-;muw`szfG@(1feS2eA}SaT;}uElqbTm300
zj)6GCrVG3B><+TEufRDpAtrg}1K;p>T@{acn8)_+Fz*R;FTnjE>axVYq5A@rQGU-o
ztbB*dHb22r3wcb$VqPYB11g?l0pL>jUVcA5nH@3m`H9>Iy8S!T`QY?!
zRR@WF{Fvip%<;tmW_*X9Q*@`^DSn?#)bu*Nt1+iK;O?Rj<@n_}=76_ZOo^x0F4s<=F6*kLEDJ?+7@=JrUNF%HfwEcul5o&(Bu8#)1
z%(mzSY@c4pPUu6#yvg61;Bv(8U!ME8*YK?hM{`&M=FSYyQ4!eK3LAUomX0)dc%vY!`+G){nhwA=$eQT+(bvgNByZ?x-
z{+$?~A-hf=pH;qnzVUe^V|-)8_?poEzVnQ4T4Uewc_d?emy7XLqW(*c%-=7V;rl5h
zV`U3tWK&U1IU`t66yFnfqUE4VYc;^f03QQ<4DfmrzG;8wu3wzHBW&mH^TK~q|Mzx(
zlkj<>bN4dtZ#*+fI#tpwVhnxy9C^;3e=gPTuSC1mqFw9x+{AKpS-PFazoK&(v?O0{
zm^^OsX56QcH}~10bF#6ZGESq-x`P9BjIjO=LDT64&a@WaA$jc
z>&HUY75g_jQ;f63!}Ai%%6AEvcLhunVCLD{??U_C*iVPB_C3a)OWQ+=4c_>Mxh<MAowio?q!ky(=)5
zZorRnSkKqb4SOfxEcs?xqkahJW7K?yp06HE7!wd>kIIGFgDG}!U3|~1x*G0n?U)c1C*DA$OVuW37rkqE)l4+5+~LR?9xqa6aH$
zR_Mled|1c%fN!`L-|(1D@ia_&RnFv|B8p`pWR|mS{gsRU7N9?ZD?xu#(Ec>^IURi}
z=re#mv4{1w=&uRwuS1{f(dVzxr-nXLwCr#nT2{zuSx;z`jg~zi*5k;IbXqprpk?TD
zp%!8fVE#{&tvBZX5$1o+GLBm@j)yUh%^1gCjN_Qz^R+d9W~#57MPDm-WTtPlULMOD
z4dyz*T9xw3O3v{Cw`I+S;oih^PGkS&i?x$?7_`sYMlKm+LQq;7y9izv2+>iWHApN%?kASTPY$M(k5N^h21=b233dJ)R<~_h=u1|37+V!DKGN9BP%7u=lyVCDe;`uqf`03$QRVjKDmwfE2+vD
zvuQUZW1mkIeipgg+x@f8t?KoxyGiZFoExy#CD;^%L-OwW)=`3XAK6ChNIKBN!LU;a
z&^lg=v)Z~xYfDA^SHNb%BZcBpcsr9a{6j*Y(zq=he?Bo?x0NMxV6%E
zlJD;!zXPHbuJOu$V-ED&CFpX!QdjLc6WGJ7qp@ST+k4VOA?C6!HV(KqG3HQ>Wef*tLvPa_IOg`;yv^h}ZGi__B
zZ=EmVyDZQzE;d<5Kl;Hu{o?$CE^(d=<~qL!l5DqDdisSy&M$+8e@^XeTE7t1ifqPm
zgxzMx@7n$8^0KfxypOyroIzd|CcRO-L9)xs!sVkYU$6-?Pb#EJA%iv`8-HAs%Hd^srs!U<9Un6
zg){tWjIkCfZ)2=pHaFt%-VDAbU)!6Q75CyVeY4kX@j(cV?Dtm+nzU2s&*EE!?LOHH
z2wTh!Vf)g(m10!PZT6u3q29e^!%o)Bq4#a#ecM*DeUN)ehDiQhx%gX$zgY8Tta%03
z(|GSvhpu}oS$C7Dd%vab{h}_;MZNJnwh4`N_TkJU8vOWIHJ!9}iB+@YM8a6RDCc|s
zD|k8XLo3bu5a#p|GyS0srk&~cne*R5u|?9qLm~eTM}t`B=KIiBj<-&Adp{^Mb8wjJ
zbg!6;jyAeMliMhk70y;X<9wW{y(E6)Stmb@4)Gh$`VstoRs24ZJl9ixK35AFUlrP}
z0=*q>qbGL!BK-oz&@kf&c`)Aw%r!`Bh4Bxi@r!YX#JJBsNBWtUeH1%xs=zM~&OM3r
z>{Ddr6{d!opD5$LqD3N3VG@7IKa9=@%X)lAw5vTw`qtEX;91{iS&w~WFJf5_JnLPS
z_2@F!LyVc$AaDA&OO*2u`=vcaske*1+7aZ;Cbon@wMv)Vg_0R}=$q;6rM-AQ|B+ns
z*8v|>&B}2fUWWVdLw)32jC}`p^zUog>>ssU_Be2B8+eriS|0lncee3*6)VTxei`ob
z58;l!34Gxj;O~#>vUFRkpUabu2XoWpNk^0NqsnL(
zA9gtu#)NT~$1tB5=A-{0J${;zzxkA^kiIwajcUY`{G-Bc1MU1@geM=@8XN&!NI>fxlSN(t3yZY$1iYq@)AGYM!v69M;0VjEq9b(18
zu~P%44aw6-u@?I21?-hB_gK4bk3vXP)#VOSZGSr`ta^=j2%L&CGrCacAbAg~Tr1Sl9G+T42nqFi*>1o|eO$klD^btZNnU0w`Qdk-Jpqh5xzAL
z?0-|lMYBZE?|ka|-y`Zj_N=!4A7tej{|xO*_B@*lUtzqliZw;2;v2+u3xkeTD%S4d
zp9T9r741=;Mc(;vAA_|J^+^-WmGpQSCbGxnx+2MaFuv_?2K#?4&I8W$q8)5OAL7pK
z`9ZK>FKCbTqFl=RYO3{ZspzkGucp7w!46VpmPpbztCQPiY1b>*93!*I=h7cJlh{6%
zX{+@a$T+!dwZw3lOY9hU9N(*>e$=-@;Bsjx>%*~IYV17ulOF%k65|W<=2C3%*#|jnTm7x2G2i}Z%ow(7U)A`ZAb}!
z5mKH89kude%*$zDp0aYBTT;jmlNsY^$oOoKlxgu#o|$alk3L+pVXO@B7v%=jFAIdd
zHO8v{mB6AuvllT}9ptAbpOWaToBP-~ro}fzy8~NR`-ec}eC7up+Zk%bxoPV1KF2(y
z)65lhx*ng&R+zt6>*yEn4>
zm{q)G9pN#zDCgsxC~2iL|1VFn&uvQLG?%I62&Y-$^4Sdvm(MO%sQe`R-$6>Bn4df^
zTPR>I*Mfjz5g~aF3jQj{X8VyJRc${~Nv67pAgUW*&?8KnuuJz`pO1=^#UVQqAk%E}VS
z<>qqfaf)Gv{dk_r|4$87SfL*!!v>I515OiSQ5&0;11tb@cPG4)oWo4=-IsrpuQOlg
z3mN^2InDojpKQ+01s{L&Pt@$@O^O@awAnzt0+T`mE
z0k4ey-1BPb91-hKTh4J|upW1dddN>q@D`iDams+}$Nn?>|non&*N
z{c_km?kNyV871K-%Ewb{+qKdnEU
zUVp?nU4-_^pc@!K_dq;?MB*9SEb^N^yU$0l3C`}5LEdtL?xw|0&OGO_10Np(SyX1q
zxO7PIF2HruLbwa?*G+duzBjoXG>`5NZyYR1>MI50NAm93w%>$|!>(eGU5Y@ClIlCj
z7Sdw9)rIkr98gEZXHoOxyGnQ$E-FMBkmBpi!aEt(9Q_@|gYX|^6#FCFdTWcqx_Z?2
zW-yAeD_+5G|5j3F!M6{=dSw>v$QSJ}igr}de69{j9G`v=ZQDLhtURgGED
z&msLmHZ6UNhJK5NzQPuuOgDjXD{u`%dEPAazD#^Hl$EsdV9PWy2D0gIWqW28p9Jdl
z!ffK96OG@6HWm{Py==pnB*;evglj_a=c3gl19JT|JO4Dzn12coBPPi|X5xpdiGM}~
z|8xTXgarR!Y=;w#PeOVT@sC;X&xyvKv&cV1#6Or;2y{_i{T=i<#(lv!B2|;(Z}9e5
z`B+D?wP%)SPp)yEP2*fa<2*}z^CS4C1pJHZlLUN=V>@i9_D(mx)9L5hSSCsNXLt7f
z0rv*<3(OPi-HYPx&a@lP3oy=1briC@XzXo{CC}&3-e&#l!Tvm<^VdE;RFNsK
zEQPhs$d)+Gam6*l96k%;k-^$Lhx&!f6xRw}aJ&comDre(HP^hwnwsZY`M#;A@2w&G
z0{q^G!oO*_hx;09zxO5jUUQ9}zUOI%HQuGGcPWXaKiOhD^BH>!(p37!4Ek>g`u-l=
zzs^37<1}}Q`DP~mbc7JIBTwkbbF9Dc;Jx=|p`TiNP|xM-PbPoWPNRPvd2Fb{n2c5A
ziXhgrY1h9;xc!}-&a_|-j4SLWZX3uR5E$EJ4;bQiWsB%+3)8h}iy+Oy+>wtGZ4){c
z8aqPRIN`XKzgr)hte@h3SD^9FF$&&xKBmEMu-dszl#bg(A$9|vvmlm`ZMRMA-FVJ|
zXD^OeHl38(ziSHrAPt7qn7FGM*rmmgNVm(%RRqcN1ty0rO^H@3C8S;Y8uSm
zM*fe+|IwN4Uxgw*6W&|nIXbR!DECw`XRpLwcZJP1(*4`TJ$9?`PdeQ_RFSgJJI-;p
z*xN3&p;#);01rbRe>v_C`dB{5f6|0sal`ym*k0iEE*i&tkOL7{W<=+JIqq^zhXaD=
z*NI|G4|t_7Y%-5SuvoQKbcQ_m)Rw%U@<1ynxuTu9|p&$Fp~
z>e)i&?aAk||3;nX(l=8ytn|&)b18jO`wjeNMe_N4DxZ2Tr}C-i1ynxu?C0k|PW4#_
zzx8VsWkgpY`V5|XQqOsaDR@{>)cj%dF;ADZbCrqg2%MpCQ8nrF_`6yPfPDW*^puLv
z#GDbcA>hKaWm2^gF8YRhm!Za6BfSN5KJ|>ul~=7ne~?W|)5sd7sQ~sb+wQg|JjYBV
zmQ)th%81XMVu)Y0Ld1qm@ek((`TvX;{@mkg
zwpO~9&GEWlO0<1G*Wz){Wy**Dlm0-Qo@H}f?h{1M!JdsGW*-cvf2%uvSbhNyLJlk8+Np^i`v!mL+48vXxdLYc#?Q$YBwc%nC9r#;5x7-Qxc1L9}yU5SKuX`xhS5kK(?gADkkvX6@H1
zzVeLqz`>pY`g>FKKdU7ARf7Hng8mK-{gE{KQZJs*zawPC>mlF0yLCSGn<@?)k6}1^
zz$fC1uM$2H&Ib__aG`v=u)i}}f92W2UV{3pfbn_T=4bLr^e@Q7=*$&gxnPQT+3$MkGg1v_^3yLkB;t>tP#b+7R8CirWHOce<@QYVWQ@V
z7)zE1Qg@W|lku@RzGANX;Lk+7vcvah#>YP1X!&ul|6^f~6u&{gUmEYa#7%gC7R0_OS*+NM4kc`^Amk
zCD0!xSZ^+%`>BgU=aK*WMR=Y!VTHeF2iyvEy^FBBZ9v-vv;#o93uxOwA8i61bOYKo
zfDY=2sr-mE^8`(Ups5oyzeVRx7Xh8G1D%aP=ldZXN8lx(vjOPrjAi=!AolofVXtht
zZ>ZvHlk7ikjL;dz3%pHg%v8j^qPdQ7A?pu%4#IdAit#*nFJcfbsL?~(A*OGxeL~la
zx?)7tfA1Cgzd0@Dg8jw)Y=-xWR%kuIF;
z3+19o{Jem$vIe9p?MaMB_>UNmw_PXjkGrPFCG6DfuMJ%@J0B<}`?^n|9xW8V6609n
z*>>zTe%@d8Pb$97J06$7so5i$`x>B+LehrFCCopTX=7SPcaG`jqfYWG;_I6Oc&cl+
zhj@$oQrw&z>jp8_TRJi3IhzPcO=!PD_tb^(*F^kpr}=>P+y*+=MtkJc`iAw(q-z&+
zA8YRO
zVvKH>|1fT&sX4E>{jUZ4mu}%@4sSyYrqKg17i~me$Tdh`UGK*P{ef+q{=y9UR+WCw
zK~Lz#V1K8ey=5DZd9TLH(e|s__eG-bS8wAs#@hW5@5j+5uod=$KQ;1vm5^^Haba6>
z;xh7o^YQ#IIDLHTS?c{GtBxZ6y@~_O^c^ca2v<3N0}iPJ9+
z@^}SvU_5Go_Zh6ycV5BM7^PKE{-YxQ@vSPBhJ)fp$ZS^M!Jh>CzrT^Ezp)kVgcsT$
z!uw{Ri};0VJRiJ!{=JXqi)`ig**JE4@8Ivc;oVv(Gv14^U$|6OIG&Yy-;ikhD&)oe
z>pc%I-?Ej*7EUh@>rA^svL){6sTh{9r;p6YD#Y
zjAO#_Eh5@=KN;_Y(%#vJv_LPvP#z5Sf9~e>8NO$zf~VUeSK;`=7n3}T1%QO4A{c6I)DW`kQ4Iz*S#vMwy0~_rPYcntT_L>H90@7sZH%X&+^Sv%ZlwY*xycX%59&FcZ_(SGypoAiWUFi
z&0_t7a^c_lx%^TRaJ9hSwv75>IqV1ZuKDNJ^Rhdj>{_zxUEw>%
zWS383O-_Bi?BaGuTyK+@W4R9VtmS!hm}hNz9v$RKfbOWrw2t&NJ*1t5Gy|sfq^H6D
zv0RU|J2-74=8320F+v^#=IP;i@-WZg^gMZx$B232JWoF6nMlu*4|!Dk54FEcqQ7nz
z{k8Uc$O~*NCGQ+-r1(Eq^7Q)eq5eC10R1`B?J2U^p{4FOY5Y5eD%!K$Z`M9Bzi-bk
zgZ-Cy`8N)AU@WkO3ffe(3SRiO;DvYx$`Y@5O#c|{|B8^UL*iZS6Cf+FHrK$O`|gIn0m-4>
zEicdPgYL}sf0y4M%h3KRXurRc>i~$6%kTVcQ8%ms(Guo1Hh?&@gP$2|GG)GAh_Pmhjl9t-yi1h&!hdqk@WR33tu0-@bxhYd_DB*LA&1YpqJz&
zBhrX-8j{tf%rOL%JiMO;x^Izx|zo&j2p=%K{QlZBb~WWaxC
zC}tX)@OR!2k?7pT9#i`S&r{Kt@G^}*2g-*=Avzf7inNZh-Y&0sX}X`U~hlgRR1TKs_UPAMYuy8Fe)wUv}OQ
zMVpN)a6Z6TKYWW=|Jz~T5dDn(`i9Ue2HKGa=J$OFd~_M=HXx^9xviqyL+yVVJaS|T
z9(hu<<=<|fnn(EjSQ7KH)syfq3Yn5@`{knTj{vob-_D>Z1uTB)Tbp&eSRtGQx9p-Us>z(rl^l4qdwiD
zKBqTQS*j1>x@qf!I8~*vo+pOihOvFM@@yx!70kK5r`ZQy=+zmHrr8JnREK-Sj>spl
z2IGD$v*Y_D>kf=ZMSfeE7?+=2BliD|YTVspNj%GkMB5uSBKFuVF2<_klJyRk3IFzV
zfZkXgFJpf*D6?Z|0|fh0HGCs5C|TFh_qd&JI9k9$M-Q@#B6`9I`AHOib9~Eck{V)Xmpnj)9pNR5GT4Bkh?u1HkuiyX(;
zL(pF1{COAmqpK7Bw$qo}4Bz*D9mkAu{0Ymy@C{%4dh{cSx!=NiP@
zm;uKLrAI|yRMcHbomW-ll6Wk-6we)wPO{}i*?8XdZEtyS&&4=OEm}RssYDx5g|N)3
zV*4-R596Bh7UVC3{H?IYmYC!{Tz98KxrW>{jd|a(3o$Gv-o8R^-y{S7+t2qu9XN*;
zg8a46x1Hi!t@O41K$^36}
z{@=m-qrFb@+Iw)5%y<5NBewbF*xKvjww|~j*Iw!8t~eH<%?+%*)wTK))wo9d$*TGko6+`O=L+
z3%tJvzW2lT+u?gTUtN(I&<9DgKLYPm>t=e*W_q2yk1-(9_}9nrNK@sY!@x&V2}|yi
z*jWFT&w4+)PvXF(>q9S$>6fpj_F*r)-w$Iw0AoEURwiIWp5k)L?#qr1slJw4Zacj1
zgmSx}+y|gs^B%Ihh1b6w7-u^XcdT8^WnC%8hVIZ2??X}I^!sHG-~a5uGw&O9g%lt8
z1NKMzxDoN|Fuoh+>4ZGUkHx@`U+%ea8{_p>%6d)Xc9iQa+F_ih-%au>fKHH
zG+65loANHE<@xQ2cx_9W79;Tf;2e~>TyEXs^7(V}IhI}i3N!6ooPPkzVVf=8QUduU
z{Vb5*DlW(N)ft@Mza8&9@*}v<6abImJx&4L)i@LGPatiDyl;d40d28=Pjmm~KpE$s
zLOHlJ)GpSM+^mqkq%NvaY*EAp#y+ee>|K=mPwB2%yJv#+8Cb(P2LIoSWByU2?MV0Vi;uDVb1%*bcM6su
zo;4y#Sb|oTcg~_bMtFj-r^n91Tf=aE48!>`?33|g!f<{JUrA%1kLS;WZJGTyjrc~Y
zcq+UZeUxB*O!n_sk2aialWl|b1=kde5sxx8zC&Ardfcm^zctW5#J!o~cv3g++l{zX
z=YGWc&o-&^?GkF(b<_McPr#oY)_2s+Gi$Rh{ujQ@
z_o(`3eu3@vzG-|S>|e{4?DjqAw^{*vBVq$NmzHZ7hmbJv
zD9$MQDV2~d0`UGt=p(HqsPh_SI}3P5ziqO=7~%Kuj4ny>7u||<3b~*REVu99$oK8y
z$l=PYLbE-7D0IrA`|9$xYp=l5n@9fNu^5?iP3t53pN0(mAL{FZUzAe3W8351
zqzm-s)oEru9>>a{wUXLvpHP*wRYEN2M3$m=M13Y#ENqA>QJ21B9
z#PPl3wxfT={T|ya@x7H8zPF3)myZ58rk^4HjWGYhGujLFA$DbId-}qMMBM&sG0R)M
zo738V(f)7~VFn}Ka7nCfoyPdXcZCrjsu9@Qo)$tGi`veTDubvD57+I)Ctsn&HJXn3#EMp!iYqGJW}!yM5R
zP=N=_#J&K^Ob)RY_@o15<0m5=6NPNUDj(+lZ!&DdT0^K0@4`6RXVrSVe?)!wZuspd
znZhm4g0t#?U$n7au_ts^l%aj_MNK>g`&}K`8Y>QGJ^Gcm-YM^;=7`b==EE`xs{+QR
zNc4x7o8*tPPfD2%=eJ>}Hks;fh4J=}`BAsy=#;vhS+|lt9?L1P{+_Tjj97cddS&@qH?BlPXj~e-n=z)@14I0J##cy*cJ`Tw|
zHXb+JpPxyPPalKt_5={4(~0*Dj&dzHsSjswuf>xmd~wxF&f
z(;ekrl=CV;rdy;qy=Vijck=z`M!CKkYbnMfG1eHn#1iTwfOnUaTk6YLM2@H?CRA*P${597b}kU33bp27Yj
z=E3;aE*0$-B9ZQ}EgG|18Kd~!g}RP-@p7D;Ak%Cm8*03RE9&18vRF%WBgSr9u2b_`
zb&9Z%nQN-7Hu&d)rmW#ZUE~XgY~y6g&yhU&08jaKE%vX5VHYz2Ki8*?Syk6`HP22
zO?1Tb{B&!RPJIH}As`9{MWN0JNWs{~Y-ssn5+}S@g`d{oG
zp38IjO4G^GDMDNVp8Y4_-51i~ktOpP#sI&OkBOG$o(JdG?xu<3yG&(!+-Wes098P$
zzY48a8}p$bJ;ML7**_g^BN2ZR&u_t6jqbe=BME(!5PuT)uHfbtJnyI2>ndWKv)$}(
zUhCH%A=$}=IJY|488)jL`m%4u^1A){pHcdng)-f{Hn>?O`y<39v=!G5{RZBlZ^$OT
zf8V!IC*MWXXA~dW*CQ^96|tQj
zQV}PY?m_nQIuFn2%uVGw>R+sUU%Ev3z87t~?_}Gj!-Wy>0QFN?O&D(+*=nqH-J==s)4eb0E$b>!1qV)u7R?HEkojz!##uYAb!CVwj6
zZ#&OlJJ}$7MC<53@E!jd$UhODH}4+@eR2E9ndE=S*r9~C>eEpE3>N#ycNwwf%y__v
z$2ytuSTPoORSLg)+yc&YBSQ66vV5|a+rO9E|0(qyc?|pg8Qa@gp-si<@{2`uzh%f{
z)9CJFQGzcQ#rI4q_X3xDtWm~Mh}-LbO7z>p^xNMUr=NYI_rHxd_CGV*>KDS=;CWj5
z22G`y^x}PtM}M0Ahir{99=$?%04_N1z!__klkPhD?sC$;f;x57OT5H(4(C>*uHp>E
z^1?okkN1=);?L&?UhW>=%Dfa=jdNsj^w(BV-;Q<(18V(bKF8vBh+*pzJtg?fM*ikU
zN#FF%F7Yj-`tQ}vv3M@9&(ylrxHfE!VfR`YgI6J5@(?~#EFH#gl95gry(*pGG}hmv
zkMkrEcuy4zC_a{Pe~ow676YG`@I$voQ2s+d%9*AL3>j;*KVBc
z^rGxE+f?>{F+a{pD%&Hr(cM)omAin}u-Bp73USye_sa#Ld~2Ux@_Fl;;Ioa|61>w&
zvV~h{@^|?b#(og4g=oubw8fC+Zi4nqPMNRi^A?%f{%dZ#zdqjf;Dh(+HadI9_aWWk
z)F!2tA5RClsX(|1XXka;6GurVn24{8IbNwf6r5G=Mg9=ygyu^2KZGanU|@u3*rNvX
zf1u4H+S-R?dY2YFkW2Ra!3XnbUz%#h54N|$8e_sY5@pc-UM+L~OzF_S98pRb;v=HW
zhjsrRb(7YyMnkVl`oFr&_?Wn680SrlA3cfmUzLI20XN+j7K(Z5mSlfh$LYG=uXPVs
zuzv5jSIU-m3YC1NRk3o&f2Mo5i1nTaIlT$ev25qlZfSe)h48KdS{*M=v^}tx_)DIB
zR}S5zXm4Q|)yej9f89NNmoDq^a6MHC@dNPwKpFaizb{L{^Oxzv7MVULL;5(UJ2IsI
z#46JZGNivPWO{1+pH)tk&t>P@SpLxwKRPw$geQZ2MU5WcUr`n?#xs(ucyomK9LI1<
z3}0eVAo$<{S{HF|+6(d#%0IRzyNA#4z1$^Do(m_sKONWN_3wIcm0B_4EDJ*2xE6Q7
z@8~J((*CDqwjV(p%51TM{G;6=l!rJiFlOgXcu?%W3>qBENV7WgrW;6vwd%gE@WDU$VG6)SBB*n5T#<
zZn3s%DxCFfqB)BHSHS;v{@(-t7s3BI@PCac4XMIIZ87sla{V<_zx_z?HbMB7d&vew
z`Da0Eb0U4xeg9>x*?-4F_91=n7krS;5o6GvkY$rs`#OeU3u&8grS%cxcP&Z4+fm;y
z!Z|j}NwNvblVpD)@%gV-LjGG#`H%is@{^PBtSm43M~jDqP2R^3ux_md+IQ(yc+WOo
zPx5;W-pjte^Za?~zi>o(K=c08rmt3ur9H(@zpJf9dx{sBzY5@+-I6}hboBA0nSbY3
zoGcC8Abw`1IXD&OAlj28^2IxKZpjzneYNw;$GiM$GuLujWhKZQ
zw-P=&t^+@#Hp=(LU2iXp*}6Q`RpR+x9mDzXbb>yi!)-x-UrU=Wm;JI{f&Y#BtQ?_T
z&4X|Hg`t0`rBljzo2GVaBwv8D7)z^P06e-5L
z5a^jE}Zjl&vuOq=|ZWj$^OpwbVhnw3XF3{S^!PT$jT*mcuwU
z@HjTC@b#Yzmz(-qFV?5nbK{z~4%(Dy&gYYF$H(N??)ypi@ci$y{acOnVY0A|R62i-
zpRp{ry~fNRA2xbm&&pPx1^Sc&v=nF``sucMiq}K7gYHO?IQ9biSyjNF2mWf{FPGbJ
zqy6)T+@5o{#oNb;s2{{;G2W^UC^H^MTB8J-iYHE
zWek|nWk`$5jqR*AexLPU_Oke)ly8hvTowzNqgcpq3jowEk4;K9zVyj%cWfA=3R_{7(Ao|5t=+S)X+yxGL^W)sVsO)PIVvAo&D@@7+tyjk##<;^(0
zRqHxF|1UMmo7-dQ-{bVJsuSf+j2QuAks@z?i|ftAGt+=)(60#XuhAE;8
zPJGx$SWS;&d<~#o3;K<}S{o_^{)@*u>BIL!2HmDG-A*q#Sqcnubu!X)uwOUFEVgi-
z0OV2C2{z$0D{RErM-b70+6VeHC8XQTr1y2Y`GN1TaNi;p7z
z({c90y4wzaUGTSCeDu5!>p`AdFL6QP*{b|Eb5|c7RdwypotY#P5@3KK1`IHhNhBW=
z2*@hDWi^pPk&g6sVtL-0I7v|o3&beowv%k*Xzg@z6yQHi|
z)U=K!{4lBSfDN||@ox6m)nlapz_&U%*J0N5c>U++9AE93F7=;tp#QW$pPR&ktsDBb
z^sE*8daUa}gEfG(PbWW@x!%pnxP7%@F4KP+#o%-k?M?e?HQx`z{X)3^P17KLj{QMd
z>rdvd%XyB^Uq?FNyc~piDTjTJc`rDRMh(zEurKa-De9{oRU_dUu*GPp3%uC;s=Gk2Al*br4T`ExZZ(hc&R%!QVBIJh_{{@4(b}c>=PbEt_KU7lKSj
zU(M!LkPUeD*9x*Bp)OI}`QOy!^{p^27;I#it45fs7MPdoA_Zb$q*Sbk%mRA`OMHC-k@QeRs
zKYUlo;PqiYeNl
zTI^4V&V6*QGBc2F!kF5$Z+Y8)u`kwNB5}RV_&?4#|EDTLT
z{oTUrFHmg8qdo`g;A2`hJ&Jm4u_-?s`^n~h;0io8p1;=_`R_%0d{{HgE`mL8^BCTx
zeE4&eLnr>HF87IRZobOEt@{q+knS#$It#|w8nGmHvKtC1M<9*Ysgc9*4*R&*@Ov3_
zW^gvT7k99{Sq%3hJdT%5>-X!>dj!xM`IVOXD*0F>eU}1#Vb23?&2s(`j$K2lH8%YtZ6z-pi$hSdRtG4~{d;^`~8qdr6&xrqCUcKn1dg2>SalJ16
zQ3~NUsGuir>8(5F7venfk4+O~y-xjZ#($X%JQMawJ@1oxiW`W{VJgqdk;$<+`~lD5
z?#c0Uc!6mho{TXrat;U5C+e8L-!nO0U%K1SmmasqW1Oxsa*LhwS^vfHgZ`7OhCJw7
zy0K?mKr=Vc4D2YN*Ib~}QlQrcJ*S^{K^G$|;T)=kc?akj55QkB=nr#2_gV_N*9JXR
zlzW;GGvpw~PVUzTw_h-BKU^D>7;ZoM4reh|%c3#J;}JVxt{&TysEf@djG7j)V<*-Y
z#`R)z-=*RH!Z;i8_)~H9tnIKiLQmCWepdG^SQ9dKI4_QVKVzD>u8Ps`OOAEFn7_w2
zg6SmB_Hx5EH^y6f!x&F5#8!}ZXLn&dm{XkHIT(LF%`ryd{Gt0d%`sw0{Xh9bix2Bh
zRtk`nm@kI5Zj4Sc#ual`aQ^4f{Qt1^Tj+Ow{8B60LYae#4hn
zwu!J&N+RYxH<8;b&6602=J5=7-%a23M&JECBf$O+UHX%@7wC#{xO6__cz?kCc^}jB
zxGzS}!OmL#h3(Iv&ve!@#CWNs^!E)-|H@N2D$@SRfTI~Y%i=YsfexJImPz0glvJECWCi2Z_btA2`GZ3X=R_mEYN1(>HU
z$;CPa0-pDn^a)S2z69p#8~Vg=_zYx5F5zf*x}^Vz>{wVo_rVZOuPE5@2L;YgOgynGE;&F;f|7dpu$e)`*{yfTi*H@NK
zSbq&F=D#ggR#iJ3E5R0DZOVV!06NkR*xNqX$CaQztp@$-XLk^xD&wzc_WL&xK@mRmgW7MzergI3e&F@QyKa`j_Sl4P6
z&u2Tl`$nm(uY{YmWS%z2@ShuJ@-$DiBr__%pyv|4}*|bt`&){_!
z7>`(ySdT>3nHkP?w6IQ<;-0J-{z$}GgT8~gDVll+`ps2vpT*|ykf`&7hR;*woSdzC
z3-Q5#cfP>>jd#aMKSetEDf(y(rwsh7aae23GC%HC4eMi-0xxuezLP0x;M?y6IsagS
zjCYCkVbl-syxMk;N_-Xmuj5&+H|2e;h0Z;1hk5hWtOR)_^$1T?kFeT?F&*J#)nC4<
zJLbS#78sW~9^Go^&J>8b;0(
z#;6)GXP*DzLWAPez2MJLJ#C(8)9M%RbJ{pG-O8kHc#(ge^J~8e(W1~lNh;*t6`9020s)l>bZ`-SH1U4JGv{oBIW4IRVSuKb(hb!i&+
zM{|&$;C9x)y?oBUF|Tz`0^Sg`@6t5PneJx$u-c8WXfb;tF}}pM4c7d&0y-b>t7`uB
z^0s`&BFl8+z6KseHIWb>^jwv`cX``9_UE1%GkD!7bImB?fACI6@8J3k^1ybn@FmRM
z8{z1#+9&qDggQ@$=-t%?f0(=Ma=%eo!2UfKpCvDV_Wd$XWgG0f4;66}=1^1|722Ge
zv$P7A`*)S2MO{T!s(P#gc-Dt0qPw8qXWyh}Gx*te;MvlCpFKj)3V!xT3gQ#@_v~Br
zY)^`O_8>fqc3&g#9);{`ZwPBf+T_23>B6fuTmG-O@)656vd;2*?%0mX&{&VOv9V4v
z>=!5KN~Fiae5oU4pBOLG2K_DpT45d|$X%eBKd3kg!EW^Hg`@IS@6Wumvk0F%_I|19
z{l_ftBRx=_zQS|xFx+>r4->As)qXC$*E1XOQ|{!r>nBH{-4l;b?GPEd<9I#g<>9xE
zqdE?1kC-TN^X_7Qem%Uqj_|hpq@S*%nwx&Qx_~E>eKtQiR-FTVx}YzVv5tvjMOuu9
zzEVwn-O7D+yX3iHBe#t?CHqBQavVIkr_sHcRp_XJCS
z*KmJpxWA?$^j9V@=2Z5%ND1)ofwCq`-%Z?i6ZDO1>)X(GnyK#`Bmd16!y{}SLjT46
z^xsUhk$pFF-_6kXG$B3&nbvB>L}>wAd81gUZxSo?C&gwxTE80XH;g6Cf_^&0!pN``
z^LbYx=#aBPhx`HPkn4lcCi?5aPG71+n>ym<9c@(SVBK(8FU+e=e@vZ&Idd+K1N
z>v7_FEZQ{Q$54m#YArDSO=5F+bylF-IKx?$wWeC0<7hg@TV*hIR61ivrBN+Li8tjC
z9iNnl`(ey0qPS~jtSZzWO2B^Y5St@btf#jeF+7}QjJ4f30&8X_=36h|_prWHyVwiz
zKG==9!R^2+(0^<2%LB~A3!oj~v*9k7%M{?7rD9%Kakpt*Vnz5hpj|tRw;jIQ;a;hp
zfU&hx9npN+hmEpMS%=HLRWLFThQig+a7Re~R2j^i}S&A>Xq
z-s&mPS3nd6SKgaj4f=DJiaBZ+rX4#wrry`qxiDCX)D
z6hq&;ll*^uy)u_su~#JV1N!x06gRRD+P*PqdqUjUihDlzQv;(q@tJfX=Q_z_;#=tbzU|-_cfyCiJsMuSl{-N1OKONXs707~&o^_NTEf$Jyn6J1>g9mcROA_RZF&CHkw8
zf7oe{PNACGMm=7{kO1Dh4SmhGaxAhtP1e{oazoMQfoq0%KH+4`GZMs@TE%)pN9rEm
zUu{y~Mctv(=85u2pjStSP1a{!!RuIu=Y1CWy${yE0<;FXxU&n^ILePu%32k%B-26u
zf?gHAl44Zz!!g;r3S{rmN@EV5H|k%dQl03|E{p7a4`gpw64@*3=}7t8#d2!`eQyl&
zZWqV?b*E6Br+#863U$!kU>&Xqugc1+HtNE!%vxM6Yr_}nUFgRExq3U}4TYh-E|$Ba
z$?qa%it|yq?i$j(s^*|`(x5T+pvZ0YVP15aPa94?*uPY5lDQIHaBruR@X-2irx4yX
z=;MKRE*E>!PPyL_>(NQEAD92Wffbp}_J&XLe$aPn7^APig3(7Yy*m@^Nwm#sJr&b$
zQY*%|k5{@k9RDBwW5N}SJP{lsQ7ZoFidI-KR>Mw%6*TdTMrsQefQC@ZAC!Rp)
zQiqmL|a8E
z_f0&mnM^a|_qhr6sOJV>o3BEfD#SS?WP6Fz~@!s;itm=pI50t
ztknWz1eyhTFL-pyy|B%zmbq&4;GJ0R#ZbplW<`IZyIs?M`F8%X2R+h&WN855hdw
zMAE_bLR@NGW5}B`2`6<2*!8~!yB_l!e!JBpPH)W<8Be3kae$0*f_%vo>w!-^19Ikd
z;K?V!{(t>Nk2v{ao=E?dJWKP#+C)F>nW{s;$HusSUwOM-`m4%8XMo?rrOJNI^@+H_
zsL67GI?jwFbRavHHn)BD;yKQ2v-(DM3
zU$w2S7K)532*AH(&S@UBlV1ir4D8QNt#p*5!WhHTJcg!Tc&fKCUu+
z%hzzOVF2FA?3>gn&$2tJ4#C=)!M^1JxOWJ~r8qv&uqJ8&^ZxCmi^y7icxDd&F58Yg
zAJ!21%(qK9OtmL~H-#INSgs+ir6$%do1*$Mig7CdN^ZxX#A@;d4Ws`1#6Kr+9yt&c6LH$2Dxfh?u6$A4q>tO;`th
z>xB7-Jqi8PcgM?I)Xx@^%stGqeaS^Bb5pn;8@BzBf&T{gU{AK5?Ay`jKt=iI)ecKc-MyYYAHs
z+e$aJ^)bbW2BPz0)<5AJ!jmlRHS%12hrj1PE+EdT{H>OMTXF$wV#(jW&A-)NKwq%@
zZ4UpYUXV3@@VD#vH$VLL3h=I&y)p3Fu16WXe(Z^_E+79>oG^O5YN&Rx~yvHeu_t?khC)r=cs?`RO5@*pQoh
z`^ppK<{$Zd>dr4?au0Ks29uX>@_RGBG{<+GqWBKiGt1k4W7L2A65~5mitpG;dA=Q0
zOJR?OuGp<%yeHO9vd(jV`bx_~*7-hN)d>9jFw<}Q`8~dthcI?>ZFsV1?#$jOpZBJ$
zR9D{Xt!{cu@+2GOTJ|3=?tED0uHb&kCVMUqZMeuR@jxWS6ienCAb$5JJU{O9@$))V
zedIoV|M(ZN_c4E`{psaxC-{5Yzrg(5VU#a4OPtz;@rh(xh@uF_>7oDAHbb@eKIiBv
zJUbu$gtOdJEsAvXm7<<8jN@YwC5hg9mgoDqp3B?6f8zJ<=}EqS|G;akwkNiKah|9aFswsd6YrSTvzeb7^OxOY
zj?X$77oX)M{jnJI%i>l8J5TCHg=J2$Z0EBH^(>aPV$1-p(@exH;hG<_#9WH+$_CvQ
zb9-%$O4XZ^tA;LlsJ_;6ZU_AXE`C<@c|G2g1`VJ25$%`Lur7CmjP?)pm3Iw;Z&AdS
z0r`I-KRQGFXuHAxyZ>?c(d|s{HJ|<8_|Yx=e&91RKWZj^6yfhJ`0W3SA4xj=TVFZF
zSHl{K@|Q1JSKIw5=A{;g(;Xquwf~p7>w%7{I`j8UCYnhCOkj|R$h=9QGLt_JHVUrT
zyhnnWAgk26HSJNExa`&-wWw6-ZX-c$rIzl&ZB%w^%Op+`wRCrsKvHZZs8uXjVu6bP
zvn6Qwr%?lCJuBJo`|kH<-h1;WK|Onxb2yWE@6LVq-TU3|et&;oi=LCjpO79(D6gLU
zQXr2PQtrrV74y<%K6-T%zF-K*@5*TuT?Ge
zAsx`K6YgcNAjWnJSmP|Rqb_X2
zzp;Kd=53)Z4EWX1INGZL-m43FuToA}Vz2&HC9GX@J!y%P$W;Uf8Ob<+89gHiwWL;LxWIUoIM{$0g~_W0gobbiz@Pw;%0i0?)DPhwH3bbjPm
z@@qLZm-6JxFu!8USg?yS=?@z|NR4k`mmliH^sV`@7ch3h1+uAA>~0ZaQw!*jErsG(
ziz@Ql?fL(wxYlGF$0C=0V9kHm#OckH+YSG-83*|uw)qPj*JPo!T>N`|rb8WAr$i35
zTpZDh;cwrAnyd#ur%Ia&--ph(V&G2Y`lvF7=w-q~9bnu4Uh5n?KaSMvP0YJG}Q;YPZ0wx5B2MxDYBM1Vj?46rxSQXU29{(ZR|&t1imU_AtMbVUqIUp;#mEK>ebvG89;x?oi~PjQ*NUDFaUHB
zfopFnT0i
rd-`wkdqQ8WX(@c3{=spvTS}!LWDV!;-9fP=Z+j%K{@Fjp-%0R(
z$u9k8)GsgO`sH_js`}-r{GDbn&DWP)xWCh6ZacpuwZGGN-Y?dY;r>o$o}a;mSeF6)
zoz9HG-)Z(g$=_+V&fjTvlE2fLn7`9aOuH)L_60RLOarHLc2&k<}00=L-|TIJ;_}f
z{{5oVlblZCFOzgS&??OTXH3M7&BnM-Ljzr(;ecnwd>UGe(mtKZ{t8RsIT*LrVw8GN
zP5=2O^)|edM2DLGbDL4x;2!1J
z;{Dg8_GcKaFIf*V-q!=%*ZOM`^`BWhueV;K=|62r`p^8B{u5)cHGe4^@XG?UhYy=)
z&7WZc)eF?-S=OkG&+~4!(MP`^b?-ykN$?Axq{v&lb(hCzhPseWAK~)&MWR=
z{`Un*x8q@+mL$Y~;rm^HO=icQhri?V#w9%uF-DlyUbe-tqb>Uztb3kVoaDcZ
zab)MwZSFUYZa>+3wX~m%rM}xCQPMrx^w+W;v7>vE>4P$~lPH$D#V$J6mjs$DrIf>G
zAMlxYL>qgQ!PxQ0=3;i0|&tp08%sIOFXKHJSxBc5N{!&OW^*@4n
z+5c;adq92~s1k)inP<%&%%D80rM4}iBwP>c0Bg7>fLP6X(6jRw{?2*q?NBq!Lc-|$ht66uyHh-`FZRKGD+~*XSS2CZl2J)cQn*Im+=@X~+
z^kB`-G>2;()xdhE4Az=*c4;(NGgR7(-f-RN8GZ(#Xv-oBh(kZanX6)NT=YfDp9
zTAxKLm{VLx*oXj5$x4&~cd%|0DOiGlVgh=nt<_(zB
z7_;f*d>fTPBRxmPY+_CT{O(i=BQo!iyl>k9=~LUnJ^+JrWlodm(993BJM=kxu-&SJ
z96r4u8@JsL@(--neyh!UKEK-jvBdwu^AC-3eoTnvu-O#axt(G|12S)rl+iJ6S&NMZ
ztglKxav67ubl}QR&NXQTN|t?;^;}&QtEK(;t|3RF#SXS(of&zeGl*u^=-8$^r2+Ahxz;`#~O^7
z|3>%zc^E&P2YyKzRE|+Qy#P81?c7LCE>ffDWS9hUWAo44%eqhsST{P<#07PL*qi{C|qZ=HEYIn1BC^fRhW^
zzrT?E`wPjx-_ZJiE38yUwqbk`$l3dKzWxoA&tJ;Jqxtx+AH~PNoc%Wz6roNp?su;F
zT4!f^Y4EF`4a5%J|N4d3b9~9!7cjfb!4r?|+Z&%0~+JUh9VZxIc8NK1{5$Ox4E~+{gTU^oNeq%K?s+n4T~7Dh+`D
z;{MQE$shWDjJe_(!l;{RRvH~GFpqsO-kaH`cQkKb&fU6tFtnb$em{WUsTL|fGsw@}
z32p3JJu2Rhv&-547p|er@t`szG68NtUvmLi5_m;NvC`O%KJBP0zjU2?_#oz}nX7tV
zHYwhN#7ky$G-JMw8!-QNseNm!9e!^NDq@Y7Wxiqkq-*^sHz^YNp(7iPbFQRDx)sr^O1%QEnm+za*Bm+N9^
zRbic7>>q6-|LB8C++W1VGF@)2v_s;)GJ!0Kdut2pSIxOHH}j|Qn@-UGLnxMCnMpfIA%g#FxmRHN8UmavyNS!_IUyW;u{?!_OLi+)Je>P@6
zcrRu@*uwU`JUi;fM#ec>t+F`IITOPqqy_#IyR-$KTb@M4zrW7O3KwhN_uyEO3zy3s_YW?+!*v7(Vzn#z?EDUugW4tZ}H(2h~Sz
zsZf*SMU)mF&_hmGyASnMTC5f7i{j?eNLs=F%AFkC62G->m-dc$9#tBUK1w1sgXCR#hX1ARX@jGx
zvb^uT4m2S^6B{OI#FsQKEyNfdD0+7!c}dzy#E(t6SjI)02AP`7uDY>g-Bhg!VPtkv
z0!4JN%vua~unD;9Xgf9}Ta&DDWHs)xJ5d+b2bMN^!^T5Ga4A)WMaXG5sU3XJHtKkKL560>js+c#ZAuTM7;WESe
zKEVntNYvRx=&swcKlR8STV%I=3mQY3FvDQx(Aa70oGD@90hBFRLg|
zcOK{aSdUuA-0W%kyEaXKH&B0(?{vAIwe%Cj|HGG|@8|50
z#D_+|_g^OTlpZ!ayuzGs6#1jGl=H(u;D`J>@y8zdot_6Q&l@e@{g&^B<-2bA&Me=5
zKbrWx)ABu6@^c!G2k*PiH%ej;cUQvnsq*nw$&8tJV5y;I{?O=F2VZ7_7!Hb@T?temk6#%@?mGSqh
z+o->+xnkZ$&`;j{V*Cs%HrIbc{x`|_1N>j|`6t=~XUX~FoE~A7=$nGMPXif>
zF_YH?7w>8GUjLlb=X%kC)};8RiTHvo^Ytt{eex*kpFoaLQUCM;*FSm4AJj8T
z+_C-WTc9iid^Q9X=dp5Q^S!}7#TSlXzG_wkFpGmjsGow*3kv2h&yUqzGV7rRvII}6
zg?*2>M_=+LfZ00FZ%A2e2FhYeaiB=`1*Gpn70AvW)yMr2Fo%2g;!SzqgLT6>pnM!8
z{bUosN14;Qo`~a#$a1(IaxFfleCx}ygd8Veq^1kRQ?K(nZ!%a%3D&^O#C3g;*0mRY
z-^!A&>yF`)=oZZP$_j(%D~A3pK>Mioh#Jr*)}+Hc=FvCYV+SD*Zyi+`)!%=wRe&{
zd@1YyL%IH$7hiwWWu{yI)pGr3B(DEi(#!SEkh#Uium2oa|3>Kd3g+)O-$$@-#>YQc
zQHydn+Hh3iTcAU~MK9IwTS$7NT7W!;o9n>kr)7QHv6i?qx
zwu?S{T>q)7sqCX}ZXdlA{pV`xug3oE*MB}F^FL3Yoc{AZYPV&2a{cET@?Y67J+A-M
zRiXcc&zSxbf5STx&==6RuT58F{wOz(*@WM@9uuF7c(}6_sK>m5Xvj8Q=rM7BO8w=H
zq<0vYhWg8k=ap(!C#Jt_0eDrz7mvT5N&3qgP1;Ada{FkJChViNny`<0G~r)Xr}@HI
zkD*a(2>Z3scA`DKS&RFawZQ+qicb%~yFF~Qy@g@{8kx{*HbL9J#(H^{cp;A|F6$Bg
zd||%F6qjXCywE|e*(+o~w0s#>$!
zcZ6=!t?k}ZNikLVRQpxWNN#US2McXnW>|9w)=^txe3q0SJ8d#PD`2s?Js-2D&f@SB
z{n5tbJJBCa;#>NoNqpZz`1V4-8c>B=
zsMU726~UMwl=ImycB30b}!P;_L=~5k!A(2J2P>XE)xV8SoCfChpKUrX1u$
z@TqI5@6bU-+=H66g)r8IyoTydl2M!B8S*P!$IA#W(w;k6{4XZ_FH=O`+EndZ08hQn
zTfC{@%p*91EHSU@OLR9m%CPoaz+%gNp5J|@kCjB1lfT4j*xQ(&Mc!%40GHKI-Mbg#
zc(|?v?yB5RAJ(UtYz6Ddeo_m4v@jp95z7F#cEGzs8-1k))+R?wym#XInDM=gp$~m#
zTg#jE`!cESjn2>yVqqBjMxTi~^rOK#3d+KRp3eGxZd#8EVgR(DUFJ=1UoEhxzIlLySDI5!S%X@`Hd6
zE)VEDenI$-Q>OQPFj{sY3_!%cjolEzY}33~pmvfCT=`)-o;ulRF})6d(Bd{5Sp
zdP>?qN3cHhHB>(;F97!wj9Uv~Ei9eK|K$b6{#j?3>qspd5xgv$1kb$Cf5&YPW!yy{MSnZr51EEU`q7)!Hly*C-`;{-c*IFVldk?z+v_}!U;UXF~E
zL}&3FjiSC5+$Y;=R9}9T){tMV34hhOQ5m5ADt<=UrjRq-$TUzzf6(;
zkM0hKzKqLfh;x+B;4>zlRcS&#tJXNZ?v?AJI=$R~6@KIOzVNxM_qCeNo|-R(?<(>K
zbG@%!wIu(;^XAxkPbHt8Yhv<0t#{vr3DDQbrPJ4H>aXU)pMd;Nbkh07B;|iA(+~+4iucWWK6nfoH=VHgX
zZ$G{M2d#V7xyjLMJGDC+O-`>b(HRtuPKI86ae5_v6{lDDAD<(w1vKGz_jjZdTpbnq
zD)U|3AQ{?&V>8{gPSF{!N9A2ii?#VKwXsFzJxqz|zaFJ$1Aj#Q*O`ioWLHJ~B;mhzZP1~j{;R#zucH3za5?(s$+{fqv*%Gq+tH6V
zApQ5?uTt^pEvhe}zLMQyYjvoJ@dI{sVZOs;*UlkZ>nXC4c7NXGTBEXPjyk@+(#sS>
zyzBGH*H@DIdpGIti`2xrB8KW~L!DQrvU`tCy89o<`X8TL{rQAFAssBV0hnRkL9im9
zp-v<6AoK4>EQ;@Xy;h|15*gby^|iP%li&KhfUuB-6+7&%Y;|@8M75d@zUePyIt&
zgH-(UhtzK8r)K^+RdU1%pAf&z+moD6
zuhs9Xq4OyRU^j2?f_HurT+AB#b9UnU>w>O~$Bf4wSyx&2w8$61&qq9W7@a%txlW0n
zJGdU0w+ZXc!Dm?1O}#qoVULG12oE?Wms$U5!H0|RvE^(WALja87sKae)ZS}qKaDk>
z>j0j!k>=}$XC9UrR#4x|PPJn##MT&s#20_g9J&ot+HgP$ST*Kod`IaV@=ac2Q)SF2)8
z?eY-nH0n4XLtVtlSJ2jy3;&}&pd(E!vljC6@Q|N}fj$i6=h03)b>pD$^C+>@G85;4
z560n}6c0a6z7e^D$^E;nuY)9@qk=v>(jVXe_Xmj1$MX?>+j>;@x_G?KZCroVN%+=d{vtvT?omaJ
zFw|WcfNS9|@(ZrJdVz8X*iWPH9N-lAayO5k^o4P)dzA+6chYCE@poI|lzL7HUx5hx
z?%}>B?{Z%g;V%&PHMu~(CK!K^N*DR)DPiOAke|R6l(&DwDI6o}RUdeHzNzjQ(nBY=
z@lT8<fYnXKk^*(WW=rs8YSYg?uzrfC=-efQ<31-J9iF6UmfAdLdy7*!Q{RMo%
z%eed{?7!JqGuuQTb#yjVe}Xvje|Ty{hAL4Q@RPfCBapX_UO
z195rHt)`E^z7%=wM(WQ#@a>n^?k2nIJs(d_Ub}_bE&4dQyjD(YZ2LGauer&;z-{s`
zaFc%l`h~*ZUU$sDK%>(Ar>jOGc*U$Zekqf&gZPw^d$C@6mw
z1_zLb!DkDP(S8x+zQSOD=eK#UbVxyYs*v*~9sOS^*A4L9u+8~?Iq+WKgQM-4JO`|J
z4}IHPEV0A^Q{47H@aGEw(Q&zJKgAMnBc56LVVCQ-87vCFgDjB6<*hpj?*$*Gj-Of?
zleZpxS&j$!X+#-qV{G(b2gQDNC&ZAR1)Kwe&sA&UK+LAl#H`xDRCh$7^zbg+g+Ye4bAzD1sRg44$i;(@FAv(fe}&QA-+$z0P&=Gv2ycpsASRO4};7*8c}
zF5{^r&aWe!A3X^&Q4Hs1`D>7J+lqLq?~cVikzOGEOuMSdQL&v*ZV>Z!OT%RHOtEc`B9~ZV$H}t2Xj{@zZ
zxjcVlVQ@OyXS?%tDIb{ef$<`&QTUy=&ML)x{r%Q_T`ZEX!+AFBR!7@bu*hig{d(~|
zX5Ft>(jLn?Zr!iq9yOW$nn|#_Be*9UV86!s`Ew+L1tVg=PD`<0onvdGH8Gi?FiDOA
zk&_herujokLt8J;!*iwrWrlwto?t|T%3qD2bbP9gJyR0E&DyP0A;Q6}Ck54KL{`2eFj-q)2C29NiS-LH2C?ZCrr?3fO;
z66khOt;K2iw_*-X+t6a~`iw0`z_pU+-32)-JT`VLA9Ei9E`v@Bzgh?HmQA}FbE9HT
z(n0)0{Sf9#RhBgx2oK*W=kK@zRWM!$yNl=HRnSfjccnkOzT0Tcc$fRpNqBH?4z^}2
zHa>>caz5F234*JYEVtV58Fyh9}9t#_scep~+SYy-%|2z5rmiT}89mn8gD?)I#
z1vSzyIAPp?vtfj3m-x=uY|P|inb
zD*2tDMIp;hl&+s9f0pR`qUH+FMo`(<$ZHj0UpkCIWs#2@%>@SP(;SW^hUh278N{wC
zOV&?4^|S5$@pruWB$L#>FU|}xhx%@>
zLRoM(yP)hokhSyi(ycJYjw#iLznFbm(9iv}o=xvffPO~YmrOs5`pbFm+fP4N5*^(C
z?&Roa4z*kMZgTpWPW0n^ce3;&{dI2U{yLm~oY!#r5%khj3g>W}vN2MIymAikN{2dn
zpk0ZaWpF-s@L0Iwa3-9as_oN?51BD2{M(lByz}!oT`dWC*xv-PzElqU?_jGqed)?N
zBRf`K=ro_xg9-F>iqlgc+3P&N?Q;Eqo}1yYu{<5*pVGYZ$8UCljI>8{8Jlh8UJb@-
zWB$SGl#`_l_5VeF10zemVxhGG^SABe8{@by%
z#O?OMGfNV<^k);~a(f88fzis!H*v)D&QtFT!{nTS%jew@RgM=7w%&6Z^~8@d@>sH!}Me_{FO7oO#RxjF3(iK2|y
z<^Q1l8`76QN=CI!7fZ&(ejRWhXc`qa_k$*j^|fL%9xi+B?QXxAh|6&m7kUaRy4`LP
zJqz+|tDL=1YkPShu{B!jp~NYLC%~A8)A0L-HEiYvmvU}_aHC+7==Ro?_*sUQQqCLD
zbVnB!%Ss=3b-9@I&^M)_RQ8kyzaL66*k1YeOJyzVM&9fVCU%b!)t}>cAGyB1VqqF5
zEX*%){
zy6tfl>#5*S@vHq01k3s5AAWywPh^}P;T6ghAG4K_ZVq=HLQL+v{%RU3@#}7&^O+RS
z=;`Y}E^Ly>do4V735`{eXF~)l?_M7277n48x_`tT{7SLt4n)>=)!!%iEMnzyGW=z*
z6*MiVUMwUqYh%Xz&7ME7b76b3FIK@o^AJHdw=Gfe2GX?#Q(-@`55zhA1J%B}Pfb@;
z29=Lc_}%RH0p){>An`Y+b|>B<-tF_D4NTLIuF&jfX-sn48grxWSG5BQMICs)4M$6u
zeeKwhuV&lePwBh-JjjmY(S04L(VoqzOIyAkC^6~m4ghK^A%4r9)^RuM_
zDbt_YYPtnmMu;ra%=*}%f$N+cCtS9vpF31Xa5CTM!#=X+KCjKPD*`SSCGiC1{#n@)
zsm6{!i^z3Mmm9qRJDL!#urgpbG71U9w)8$>*-f4X2}
zti)80WG2GOlTVa9Gv_V>KQQ!D1nck#+jxlUuUI(K$!VSdS5(L!4XM*$#j=gz{^adyU2c&Tldfk;Z{E|s
zv&lwaaO5}2?FuYIb7_-OUIty1E6-%3^IN=K@8l4gaB}sGV0O_I3Nf+%BX73S{N^UZ
zO_(C<=nU|I{+G3tEB1*!?|r;0){AwPqu0&RQPeBXtlr%rvNt!fz*Lud>;RL>-63s}
zqr7O#Cx=b!p&Y}w=JuDY*6f?lQ{A#hIr;a73C;U_=D$mu#IDt9M+|+imO-6N2Opm#
zo{2CMt(T?y`9h4>0TBw}%b(-4M^j16K5vxKr`><{9~Cr*dM3fwzU1Dag4)Hh=6boxGgg;W<6Wm&RTUJtHh!17%xW
zBH?9sk=K*M+UoC}dcE+BhJ}+yfGqeM(@D)ke0J~Yx1pA#tlfj_^mFl
z-Y=K*?^3_l87}4w?><0rt-PPO#}#h2Q|1~^@(ZoJ8fvjJm?^a3vfvm@8)(ebUC>fU
zJ`QF2hdJch-aetE*P+}+F95#WURr*Ago%=G%Ci7$r6XSQc-MZMBC5u2k+&iQ6VPW9
zb5IqEQx3phssSC2iSvS;KHiqj3003nE9-3BKP?{PIlMKPlb`=2AHxgmFRQaYN~1j3
z86tNoBm|`GZQMerkqoBVS4j+V*?@J9LkQb!YFL2#6=K!($r|fhhw=AW+gK+5*?77?
z^UE4~?e7q!9qU)P4~Y0E2uFP|c8OLlyd5|$m()knIa~S=
z(4Z>84R=}$%fs@p@l+U$({fD5X~;*)Q=amI?OxP_ZQ8SKg&fQFJMGd@|r{(x<9oykC*Vlwah$|c1o?;!j
zguGztLchs#h21{MxOypy90^Wg^e_<1*Do>qoE3Y*@r(4)_<0ViCJF4Y{lb>_>v5(C
zlfG-b@7^2vWZq8Ob>9&-9N5(*wAgjw>+P`knYkvZ&DS}i>p4eHXfG`l`i~_CX)&OW
z?KVI>!>Zat(%Xr@ug(9m#=bvwy*qO9J~o;#%<~Z&33|xctM0ohJA~hi>~Q~D{8w0u
zyug?cl-+jXe_GJU(9EQ3~B@PEe8-7
zObdAD5N4D7Tr%Hzl5`FHe0_uZ{JlE6;7QIwTG0*Qx=suAp|aky@;LRea8qZ#9*qdg
zh-%M$CiERYSb}ZSNjtaS@*6*JSjf-zdEtXEqY)FdwlUnDgo8VSF>!BV;?`A7BjY4L
z?Emb<4A5tMMwb;c?V!IZ46!mGw2vpNi_$cHK?J5y#SuTYQSv{*%uDKu#Zmc;{v4>t
zh2rhJa_=v{w@J@{*1{=C!Fqdi3P?tgK*&MEJ-JO*)#k7O4DZ@g$Df&;%zIp=i<~0A
zFpu;}E@&hL}CCotp;5lik{ld=`kld~1dlu+RAC{?R3IX$i)8@w{oO
zmR7A+LCJkk!|W`4ohnT{$13Oy9NB7N5ykQoSD+wcaKZM7{Eaw%n{+ad&mIHDDFW;Xn
z5ZmHIP0|&0qJ3X*7&5jJT3T|cLHK|*dwG9!4HYQ=Rd0E&%g4?`kU5}O1;>Wxb6Z_N
zdUV&FnMA^s-u`zf<5ED|i7?*eH2iJOTz;?+imtRFMO8^CSBiPhxHkB4sz!$U0h1Dg
zn%$U6f!_#-w*xNsr;Fg8Riq64GAEET9CnqWN`ywT`gC!=G@bPVDl$mZ1+^G11#`NS
zSq|Jo@A)th8mrV>@;CO~*!CugE>kJOK?zuph1n5Y<2
z{OY2y{yWymPJ#eiev9up9DPe=2uaqqq19#|v4yr=dEm^UNl+g5lr`2x^}SGUTd-i`
z(VqdZDvGLiT+5gH60ypW<<|S*Cz;xM5e{EAce#~)7AAEPL~|RYK4$z(auVuanZjug
zfFFs*Dw^sflKr|hn6|I`=ww=$26IhD$)V)Q{|`^O3aZ-?)Sb@$lj=rZRI|RA$pC%*UiM3;U>tov
z`+>ZYm7K*NKC>0wTUea{%j@Cy2peJ#f|T?8UMy>8UTh`1R+sjOp!I-BJH~d}tTvfj
z!$`YwkN>W>9xoM#$M{_&J3F`4w_kA3;UFc+zb34%g-1C>C?B1)KZ>bk1q?g6
z)jc_(Z!&3a4tah=)D-ztLVK2)$-S{`k)L!n@V2IZub;9l2W__2sP8go;V<;8
z?4N95-}nFmKO~bUjF0hlrUVE2#izYNPAxpq_loScHnQqIugR3|Gs0I!6=5goL#%hsK1d5|nj^yvAUr#*z5X3*iw(I*ggx70o!6Wc!saiCY3B8N{YUThOMOEX
zB?@{ZBu)h*T^^96z-RyAHB#yDFU_Ua6>?qjMN2}e<9r#KwA-B(qhzXHm<2)6Lfpw?e>
zg@)POR&;muKg*tCup@ZV6oAv%AH}3v%ywNvOe>
zmYhP{<6eAy(dP98*snrJR*gf*UWcf_bXnHv<2s#oKi`7r-hlMtAM(Et@|M9}U(Wn0
z`{<0>K=Wo8QWKkGEib_-{%!;8&Y7TkleE8d?CBBJG4?4xGq~=j)Az06CNcU@D?Q-!
zF=t5~X&{LP*b3p!lhGsXZO}W56ydx_9^Qcvp(Vzqo89?fFSifzq6HozNxVWZ`R2L5g2?TaIT(
zX&jF0jD~88nN!nzK9*u?C7iMELRvVO=yE5Kcz3YhTd41xWkMdf%m1o_a=5CR9!M1Y
z9ugU$Br7Vc`G-tHBO9T1)bDIztPamuA{5x9Kd|)?ns0I(P5m+9XH^s|#Xn2h?D6`h
zM$5JlpSdimDCPgTFXa@847lR~coUjaA>FGr1(kdbZ6`H6<#=}kd)#1CU4qG`nTxF6
zc^guns|2{A_$9-c6?H`?X>HNga)8tyPsfhfk)JmdwxknJ=_g;Aqd_Oeo4gAi?8VL1
zVR%b!A+mqCXk2OgiKT%)C2^-Fe-=~G`Eock$4vR8816~5UEbzBF|RORkeM1fLnf_vg{
z4?iHVpF!cBL8s3g60l;hYR4go6~mVubp}rkF|I@3UO`15oxmafFRFo)PeprkXOh#_
zj#!E)3v~CG!^!k>vl_}a@vs=5YTb-C{fjdF^GwoTOWyhY2Cs>V^5*208Wkx&{N)`X
zr*G-3Q2@or7|f83JcpCdp*r;`&MoyUl+L(pvP&`?AN-gbIU=S`8b~{GuLs{d658eM
zQ-r5U~dA#{Rr
zR^UEQ)uY}p53kgqU#AYMf5i%l)dO7M37-S0C7lR+-)>7}3ffpr@Yn~e?&0MyOeW|YTzJww8
zn-B4-Yx@YQ2Q^!9*JrIc`Po`74#-^AGM-wek?HkQ+r@L{8M3#jc&6MM;X$k@s7hMR
zP3|-ieVNNVJ>a;CBa0ceMz0ZP?0|Zoo3@AUAYlGVb1cvGe}^G6;&DB>tacM{4$|Om5t_Fu?%J{|t-^*s)#f^7*P5S(xeUttHuR$E~tv
zSH*(sd7YU;5tXBQrq|IvVFMEuTgHEdtW*>`SayD-X_C@TNA3B*Y)2+uPq})jfZp7{
zR(AFt4=1g9f#ut$7R-BS`CphGPEu-N&`g8eY9J*Oc+UU_>F`~K$hDJ#m67#cB=jK9;TZ+5JR
zVEs{EWywCT_nK_{t4z{qo#J1L3KLV!iF-@ONemwe(fxs=r1dwQ;T4-)N*j$FoiX9A
z!m+}C5YAB3QVRV~G6AdF6fxp04P>~
zxmY?b3r~ip>Gh9rgrX^|eqkZx~l(B-GdB}r6bF;mn=
zrxap?%;eEQ-5`0s`W~@?r;KQtyvH^Tt6Z`beFi7Kre(iJ#XGUV%_UO@KhT}_pu6d(?1R9|kaI;*3Iw@(B_!_<^y
zJ}6B$Y-0@x++&DKUc>S!b4vA#&_boH3$|C-K!jIIp$)fOg&0!f>7N|xS*z?xN_n5v
zTRg8Zklj-BK{vu-@f}{hiw1uf;OrSP(GZkzx!Lf!{?_Eguw(V?e)Yf&G;e-g
ze(>?9_|KZkyi)JP@9*m-UJYH#&XRy^Ou90VHr}mJ-2U6Is{6z!dRe)Rop3K1Kf37$Ycx69Vf`W=Nllgh2j_-$AfFb;jB%oRlh
z*;HBgaH{?7ILlp1^pDfHmTmt&%E~du>{>{2P3VZ~Wz6T$6@e`hL-&Kw{LRCWl6T&B
z{1Ob_%BW316PCgJCqIPBq;4oG`Dz``fIYPm^EchZ`|J6FCVrT#Qobz0CUrs=(w{Jb
za0VlTVh^ZfStTUx9v-nmyf@UHk#Lp!8>6oDx!D--`$Ir2Vfb^F#(v+`*EAiRTz4(a
z_G|O5ke9umTVq!Im-JFyE0(?I`{wqY!zST#gQ%Y!Zw-(&p+#iQN9L24PtHY};@y+-
z%KodC0M#RoSaDgMVLq17$jogGz#qOWtOY?~_#=4m$RYERM>qb_TPw3Ieue83XRll&Blehf`3O;dj&b^KI?lTR
zQQ!zop0EV1<9L*nBHp+K?4gQ^;CTjPXTh$aivou{(O@)KRJ`D-xkUdqk_RD}+3Dg`#SBlqr7`
z7_=+dxF{pVzU_i~lL-Hxkb^|sJg2v3kHXR}Y(&#P<3zv-8qT7Ja(MvmUm)q@G!o$O
z+$}xp74Bv-Yd;Cx*8PMF>b=ZCd+!
zib6(v($K#3m~ZaxJ>P%7kAVxm>z3)tQKJ8j4t)1{gIhR5N#CYIIF8T4c&4NP^b|@k
z6YWj;qF&E2KBr*xtM~IsWM)kCdysYaG10e2K8R}@3s0j`X<4mjE59m)Xe~&$+lddd
zw$u~e^V=kTQZc)jaH;09%3bAX;A|?}1L93K;{CPwM-h9DDtRVJ^Q}qcu`YK0i{jNP
zEk-}*be-zzrr!7axSGW^{Iq3f5z~*YO6KuFgy4fn;r_79D^ouJdgle7u(5V@e%L=*ZM(f7*`WBa3%D~1?Kh*~itomND&|wA`BQ$V_qMXE48pw`;e(_~vSoC@+O;IN
zuh}+B{8(5s!ff&x9oZ5D`Q`FtA0g=927p?lNJk$K&puB#hN>3?)aEleQv_`1OkCA7_STtU#w{r6ylj2H-Uo0w{Hv7%{M@vy>YUn}Kk-qD7EArk+`>OpSr8q+41$>D&
zzBTSnkaeqRXK4IKhpZi@?3qX_(P4+Bt&>{LX*dVw3i(wOt;4nQD9TRaD`vg$9Zu_7
zcu$Mv2M+ZkX639_DT{7-eq_L4a|)5xR6$swIk2J
z5vVA)d)`XkGDoUA5&z4~`mZ|C%pxVyy;FVJkQ{8tLCAS=n4`K~a~$S=N6pa*RG@KmXA?kY$y(@ggFJEh;0{?QpT!B-(`Kk`3m&&%8_9l)&0Wq
zQcwvP(fZG}o?dvLZeQ$*%#KzGNSww)fK}J@qn%cX2|tc;A$4siLYrws&;T-+r=cBM
zM`2iqp!0xH8j*>6GH~=L3_Kr!enYuU5rd-v)%}E^=HU$;%hTLTk@DNTh0euuyo9`Dscs(>Te(~rS
zJ+8|)c_b{UjZ$39Uu-PK$&!{Fzd#KRZ-B6F(n4ZYNNn@SpkG
z0Qf-z-HFMBU#QSF-&SB%P$HpHDK)o?O0Pds+xf_G@I~X|^Bp_rLraVRLG%sw*(#fR
zyYRJE*Jx)6igsa<$OJan_d#5ILURg=f2(JZs~oj5i}}$1uT3>M8XF}};*cCMq%c%#
z+V=L$c^y32EDnv6qMlvJ7hOtIrVimsug_hKP%3*U(;u`v%;r9)qqeZiHI6E;0&f*J
z85^aphBXqGE5l8xdUc`>ir#@9tYjPR9-hX;AgC9sayk1(73_NHMA$Wv(XskIGN#dw)7L^=noX+j8YQ$^!!y|rGFqeJiAIX_D@CpB
zG|->O2`T4l`N0)e`8gcv*P?AjhSio{>05l5p*1BC?Kv0mzyIM+J#4G}BgFbBW4+Sz
zHKVe4-I51>IBSd;?YQF|m|}=h{@9c6VD9**F}*&-QzV*Ho{|b
z>M3OvFBC;yP?Q7_9P8bda+i5JsDZPfob!WL7#Xw4tB(jhJ(aBgI@oIa@ZIs)&z5Up
zP}OA?_xrf^U&0+Sz(<>)x?c$oQDMDdAvV2uYH~QOmoLppj%^`=xqr6XI_zNf}Cb?taNfF|6
za>PXsScmFyp9qAOh=*hUoHfBZk7lrU0?2fSUQM@FkR8bwBvWO+%2`u0)w0{1IH49A
z4q8Q~hJFUM4hxbOMvtM5w1lsoUUrxeTgqA3mMLWBz*?{pDoD|Ie9UTSQhmyEBiPNa
zSs65CRM$3V1OdFO_mut*?WM9*Db-{{gL)3bJ{`B-ch&f{8
z!Wj!lo(4`iZyn5UwER+I#YuA~7HRj8WIj@VPyUAvit9UZ9{CeNXX3Twd1C1K34E}%
zSE~#f-~274GYwhTteJ+`fdU0ms;KU7?Y0palFB@iB2U}uv!nX^39pxKt`3h`T%e!>
zt1};Ob^2}pyYzJQmj-$cILDP$M(6t^MX1
zV^@bx&EZgC&MIxrnNWv6O%-0sk?=gV|9SL**rQwq=*t!0K;#29FBoC234+?_b@Zb2t-$2LPuAM=COT3~e_hhN9fT~H1
zhsN)i@`mZ+qw0YP$1(S-{&QSi{9A@{WR#Gs_d=o)R%}awJ?sw#2D`crl*hA
z+qM4%N22xi?R<9Q3Qykm%+D4k^{8ZID+bYtR%@P>i9TiT`OE7h25!gnDxUsR9Fp6O
zZO=F1-~2MO1nz{loe~(PbMD^k2O!%KCmv?p1-gb44<(|6+5FIdK|b!K;rRrvj0
z$ri%|D_!%D4{EOVI|>OXUA@{%aY7vy~Ac9#7$*%D^FKY1$I6224PapH
zrM12OLaZp=wCGrLMB3hO;2;)7AX;^cDQAqEz}R>M4{9RBl&4F4$mG(mpP;pd{bNbM
zhANda!6MjA9&{&|Rc>$UyuK%%NDZAb_PuNds<$h8@K+11t0zaI0D6a^1aPZ
z^F&6+)dIJ$8fab6SCVEE-)ZLET}wH)`9s*TK>N~c(lf@MmtT
zKW0;K7TgKW1%;7t$6qa(n5zK4k=G1=JwYt`zCv4wftgOsjcX`t?(p)XU!9Y6#x;VK
zO?hnczn)#EA^-ml_#HoiqSI8$XXT$gSB2`7*Lp?IleqNX^M^7|;g5n#PWdWnhT6CQ
z1<-X`*N092o168a-}3<1Hl-9Q6*~{1wTJM3DSv22H>k4kNPyMhwJ;YCxTJ$)ed2WR
zr~dQ;+#AYz_lSih;F0`Jtwaz1S;k)a*&spkY|!Z~rMPou_S<+&gg8@Zcj})5LkB`k
z#N9)j(tJJiA5dx_T&pNtia?XL1q`KqrCPo-=Czv
zl@|Upin<=o9oHdko%5M6^G*!x+4izF?X+o4kKaW26N}kkSgsh@PYm4kU0ehp(+8DY
z&zRF5lBj!8V~t
zGuxzBqI<}C{NG_WJIj_q48YdIn0Zk{vHb9CaN~exoS)Ff9n8IV7%JurA{&uHInU-r
zu2sgGS7F31w*TCmj@&rGDj`$aIyn5NucPgCO#{1T^*;x|aZ&U8#-w96N6tW{yh_%m?O)x
z6X|dOT3XCNG=C>a>TJ9IJW?}F8dT2{bT`;zsnxZXTP*tTYl>Nz>;)>5^bYzhhr|M0
zdb6%2#T3X&hRD>V$g@iC2*#;})u3a;$M&GFNh3LOfjhJpEU}d`BpfF{Tju5dnmcGp
zUEYG%Y;%6UNhJEa$!D}Bs2?;Eua*GFX`oKu*P3nHGqZDxJALQ&ayy2iaBe4bJAqCA
zUZctd>8`#f%x`Dn!$~YN`3OOWcHZ8gnn_xS(mW=J9#m^`6cDfP5H|~t3H_7a^OO^7
zrxcAi#)S&XCY=Nx^VKXz)h~-{y^ss^FMaX*LS59yL#x0Wr&pUHxMgvZrPuo^IvF1+
z%)3I9q4)m8mKMFqI{CzI?fIY1p*`8Jxh}$2E+u+K5#shBIluN+=o)z=dQyJ~7e40e
z*8Zl^*pzRGt^4Q?b6DoT`2#itr0WPZEE}{CFDw+fe%Y;du8o`Ij|eiN&PI_#NJIL2R0m*FiaB3^10`2?nH8EE<)$m_d$Xhs}iOZ
z#y!bSRz3qI&4Xf&Husc2Gl&ivpDbA%g;3-dn!krGoR0ziR_)ulI+w?)EE4MY^EBrV
z4Qp@9@hn$^a;+YBgm?~)qd2(YEj5_DJOgE+)LShxW-1`16Y~|2cV?OtgNZZ7rcbmRPIVgN^Upid
zK4IIp)Kvi+at@SwD=G2~GR+^CB5SJ`o)ls&{C-(yZ#JkGmP>dN+abf;*7`M^mFz=D
zKo#}@Zh_X{k%Dk@NAS;|{xh}N06X@+La|&vg3IJ%V*#6y{UtGzkPLwKQ)1C2a+>Ap
z2+x_F6`{YMq=!`a>
z8u;k=mI>^?<)&ws3Mq{D5+q=*=qtsNWeQtkSY_ca`a@zoG)Xqh$fCQ3Zbv_SV(oZsuSK{b-Q{8bN)id`
zO#*8iy1B?LjrYw?$}_UN0P%@?&`q;D;*MpH9GeikI#11>#5Zyiu1VZ!t)yF)-TGI3
z?tP~-nie9P=W3_Vb?AMwAU$R?sX66$L(TA8nB$rCdw=MMlv#(*Lr$=m{Je)2kFkGc
z8~Zj!vc;{p<}7!%j6%4drv6|?tpv#`gE2?PJf^?kqR8+aUGkF3IwQCtsjMbP
z*CW9;upUS0qnXnKLHYm%U+l!xtV4=`Z6=dpuL!ej-Q3R~c3?>QzI`t@D#(_Wllh?a
z{jbB+6n($kd6}Yc3SKaQ5KBDuj?qpl2If6$tY&`PnS@=kAD422(k
z|4dw)e{d0-jhG`h$IDFS_N8U^dGk7T(S>hZa%>tpod(u6Me&#&Z9HJSZ4^7uV5ygc
z%VgA!xXu}!{^+j8Melpx%{SoC^)u0+44%x1zh}o1j%(CLf8QrptPOvCE4K%4#?TGPjhh
zn>pNu>y3;5^XjQrH|r#E>_<}kq76aY{d1NwCc8Z^ddwJ1l^K8dKF}S4K-UI4!>`-Ves}7%G{Cp
z$JO6Jb+6wSMtg5ec4SrEpqZsT_iB!}e|Lvu$FsVolaCKR%jYFb4TYt)ipWn5xdh7U_!^(7`8o71u5$Mor1)$vXgC|TT
zAEwM39^rnESgN}Y|A8N6AaY=f8u0;*NSg(0!Cn*c)VzkWNj5n;pGC^)S-%905Nnzz
zsCoO<9NrO?lZtUFnCo4^<~2JPP%q(2lauF9VicRhmwQUgyP9iveP6dPBqHu2ZDz8P
zSR;@R$=W=})<~Z&7ELa0OAI-1*%v{juAp=|!k5oUc`TD(=tw8BH17^$mKF^;_p0s5
z-jG=R1LzNQCQ(#kMN|yA+Va3jzTU+ho9ww~Km-SX7kez1*I4iVoKCAQ^AAlj*B-ZS
zYNGXVhiVf5s2cx=qLChb=e~9!p^tzI!ZQsU&|;sg?Yt@~DkBE#(#h5NDr$5mFZ>i?XGRGm)`+moLF|!
z@jmo`#E~%9NULe5a%=bX@xW~IbIml4d0x_|$%Q)-9zmX#v
z8CeLft?{}y*B_GSkKNRkGX050dj}AQNg0gdG;o3TI<;>`?R+H@M}D0)pqW=5qjSW0
z?JY#o*9-nV^ptc$UJ#iA?AQGVSpM`woGvkWaUtPK(jH?r@`2e+s_45a5N76DHRv~(
z=Ro7GyD2RL6Mi+J)Zw*te$&l~pw=zqmny19nlPflsiL5vSogMbT9$xwv2))Uk@<9C
zAS@Qv7wVcfgh`lYSZ)61-1n!*sn8FaEwFCOSEXC7@3y5gXHcl0{mR`-ti|y>v^I*oot|a8KHLw31Lr95GKN~j1w>}JNQ
zU9faHeG)xP{as0WF*lHz!fP$rZAVa|Rm
z^Y&xq^ep?)%%{u4ZgJq_$6If!(tG971Jfars?5aN>>uZ$dUQgs+g0W~*{R6cI2)dw
znR$P=`FFO<4t;RVbaZ+yhW;BWC-<#7RiKG-=`>Dy@P{UeJs;Bc!yySr=2Zk?Tr<2H
zdh2Yyf_R>6Ab$^pd$ospqt!3Dkjtc|qzRX&gT9H2Rm^bj0VZ}oU~3#YL&5z^$(|?N
z9EChm7XM|?7|qT?U%GWA{bx*hal$QH)kWozC53{~7mPGJcX*O)JzihBOwy4dR8l7;
zs_?S(_1vnm^jteijafTNV=A{wf`00^Yxn?)D)F
z`I70JMAt9;0A51f2Y{NJ4o`mnVn=x%>r@%#iGShVwR7X=*x)zpFXeTx3aRpjE%(xN
z(9~D2?3-?~9|P{0oiy>yb_*YqL#5iOjfSX};qntEW8Tx+=y~yW>*K#O%{gd2nLqb1
zHJ?6eb^ahK@9?J5<(~@9AA;6D=wLBbd{
zhiWl7?wuE&ucvIcwWaX|4K`NZ`ff7WQSW*yF}!Buw*PDEe%D)4dFr2kpo=EoyV<>x
zxnrGeLz=yw_vk^dz`K}dA6_y&eyv4h_phnhgp(o=#Qb(Zpp3ipMO)g(jKwen6icMa
zBmFucmjghh7U95N`WTxzWoTc(lbiXL5-CBLw$)W$?&3zHS4yql+@isRyA5+nO?@Y?
zzTuR#QEoX3iojl^uDRg{o$tOL2TX#$M(;Tv0e&W9%_TehvNs7{%1VH5a=wIkKrz+e
zRo+$Ivvl>nP?
zbblvUUz+qn^ez`q4l_5c-HweAANFhX)~}%7oZ%6Wy9DdHQ5=$gI|S{nL?xYE$02#{
zga>v7)m0qZLs!YvfZ3C1X{y^Hgx{uW&H8$V~n;oe0Uj`IQZi;`Y?qdgx0s)~T2_
z^{Air%i{Zk^RrKB|NRDM&ZrVED%Ay(5nf%xliVdl2n&~}*Wx)eR2D`KoP6|09JGgMKv=B$)H}FJh
zr4cDlwzC>!ZhuA|Nwb>oF9?*78sC{}=SCniW???BD1FAnj;afzPLs)O1g9(e3x|4P
z%@XPWn&L~~A8LQ$xrc>*^G^=mBZTi7B$p$uSTulIcphQ9qe_os#&WGgxDd&pg+9BD
z9*!Rk`8us1xxMALYLP=3vHt3Tl+D9B#kVK(t*Dv$hFsxBFBl*yw$pI3WgkZD=KMP#
zVi)J>kl;P|8p%Es;_%%1or&Y90chfQ_Vl@#M`#4*AG9wOA(wU_r*JPE6ov9@l)CAz
zoo(Z{sq2Yhc5TvQ+R_zxKbyOEE2sq&cbQt!3G-|QX|!9|3^{S#Dmz+L@s{T)sk?hO
z*-dWM-|WbADFzy-7_dc5ePm1#!s;C7
zw(I`cE^t#I?S;Zs<>U~+&*;^j+}j)Naw^E1BV#;CWW@7Jb#=Wm^gefABDGY*o3vNn
zWn6I|qg?%7pwLplW#UwK>U!^}CEW)2U^*f7xx8ap0N~X}fbtt$97;Qt;+zM6>obPR
zj2X4qSU-}TCBL;HF>SWA{HnGn3sEBa{m@{^r-{9zPC^Q3%DtEMwIz*EmUu;&*w&SB
z$6ojwn^V_|J-yjCv0v%B1TEk0NiU7Boe78Yzoln0av5W(c_#-cK5yj%@J?@u4CNgz
z-?{Ny(zgRrLpBn?{*AQzUivIRneM>ooRC2k4Xm7KPY>y^j=RWecbRy@oZqifFE;w;
z7RfP9?ClZoZyc*|zOK9}{E6DK--E+LKBiOW%0toMO_4QrlKmK{Ep-bh6bYHwx7bTC
z$jscCmm3@bl@0L!hTK!4dEV`L*e9p2kV3Za^qw5fZO+s;V
zr{5N!5Nuerl~ue2E8GmBtDxUYu{1(*VG@2CbHW;ZCmzikrLkbDx!n9Q6o`);)EW7JI5SB!MPaIOr;
zR!2KKv)owqGNcQ0(Y$uf1W{*zD7@jg+tS>NYUT6Zl^M5oN?Fr~tuJB>5`2#8E8uR;Y2tYxL8XSjGW?
zznYvRx3+K48`+(dWIdO1or(MpB}2eqNCvKWX|Lw|2hacbr($dHt&qruuqwTO7JT%%
z2_a10d?L0&kGb4!L#v}?nOQUJ1v#Bw(f(>VmBgsW
zeXf`3TAyNH5>kQS;?yakPxq*pZBif|YaG2N4`=7qV|W@OkBt+bS#ks#}u3
z+F7RDN33+%Of=|ijiTrjw3{RrucVHCfi3iNH{IpxzuAe`(H>Sl+OLC|61?L
zG1~0D9hZsRTF4l1fqX0o2aL7?m@w-=nZC{-XV_I(p-}&0OgGiDC`>)^ZZj88rQ$@}
z5|LS_I5a}%e*b<#H8^ZUEQjMF`{
z;kS}_#Z!3h<8*$}=jWV$Duvh6eY=L3S}~(nx|W1)`l_wuI)frA`PNek>TTdhNx#~~
zNn7Cm2V+2-zvusy_Of@`h8EAipUPF)BFFRZqPWXSn;y?cnqxd4enatme1<-ngzIOe
zqEXC?;#>^#?Dk8Tr{x6w4evXpnVWFGa~I_^IBcj-$NM|z`AhV?TVejAAN|FrL-QTa
zexn-Geq$!hcexS^f2qUfuU(|y9m?qEuVW9<`5$>`{I!qDWyq2FYY(m0?Q*>QqF
z8so3}*Tnw%e81Rhx5NL9_VXKrp|M`#_ES7xNYB^8^GA9I_LPBcF2-}-_Md2_=u4B2
z;Rm0h!L~xfdt9FfTQXZx&q=_CiEQp&^}7pIZ^PjGkJe{bPq;(N@<$eh~VFyyI&~
zoU3)h-_UnF^91GZV|rl7rI|(sJ8D9
zbO%Vr0LPu;_O1l%oyP7W!?j+DBrjG(d`DX29;&^2n%ZdXH`}`mvQbU_XzzHgkOljf
z*}L8^(ca~Oy;GywyFZKbZ~gJwJ9WtR&My4FzH6h8YK8yPH~RHaGu_?W);lzPw1vuT
z?2W9CULYH=ws++8k+63X`Ru8^W_$M!^4FzaZtslz(Ic1m3PCp{*-tHzl#<37Qda%$
z@2cKp#&cQ3bIXY5mH}U^3h^A$0M~9WjnVzdR49`|-%A5&z&q>Q$#%Efs3*1)hy<0^RD<65MVa6CYcaU+niI=3_Me
z9y^<;4-N57Xh{u<@nJmW1
z<4M3{zm`ZLNt_!hVZ*W)@g|PCslI!&@RF+tfw=e-0VQE^mHJB=z#rm
z8ShWF&|?eHV`Gm_k7nEEFmAYoo
z2aTu~P!CwoCZb*JgubJUb{J$dA&QI+M?QNfX4~_5H2LKAXSB$tlX$`VdHnKeqdM%L
zN0!eoiKjX*kGy<}^BL8bM~{5ILVK9OV0`kqjmigt;qsY6m!d_X+O2PJAQc_4|QqmyoStt`9#Vm$m!-jzL3>x;ooM`
zcy?a=YS>Q?@rL7K{PKDW)$!Ve$nrX$c+7WUq$
z23bywBFo16o#K_}92#%e*}>y6*F&B+fILgm!VurwL4335tj;%17LVcl<_MiX)XR9N
zjN@!%*f@y?@ioCz7mwPv9T?jmxTtuU<=eJ+y?@|ImjTi@a`#QC?;H?e2!e
zuWMuN7eJ2G;9U8C-ClMk^-SnY)uWW>+uDWa4{viXkl%!FIKJYmNxQ!V{|`(WIN7HF
zjmk0ZH1>4CSc=QTIycKL&GW+VqH#HzTglcm{!M|_Gmsxdc|UcH`SQu)9~;r6?b##{T*
z^|9aW;{L0ThG)MqCiO9s-?Q7VrGG8%?<(&6YWUZy1pdM4_~r91s$=Ep$ntq7@s#KE
z$jj&5qz}7JjUM@&M)W8;6`y=2QhDd8aQQ3~`v1f0BcENAV^{v+@Z{5PSPvHvMpwp%
zMjyMxhx^ui54^%>v#-!_j~(~c{p5ecuW1ilv7cTd_QAzIcJUYaz2fZF3c7b>R|h}4
zg*xH*RgRA>BYJr|Mq15|3&2vy&qW~R}&8f-XD2+EGK4J$jyW
zOwZp#JHDFka1S13c`ZIwD%p}L}8^d$X~g7pNZR5uS^RXSI;G{!QTD{gvmC?zPqV#)59aKI{2=
zPlfXL@VTJd{5=QZGuIpNnOkXZC>6>^?Qfr=Ej9Ev)xs0osK18}x43d5^jGl5!^9t351aG%
zR@3v1hk5>9w=J(3bNKLFn`~D-c;}-rmrtAzUwK&1)L^%s@Bve?VRk%Bh>ca_TsrCb68lMm!Zpf9L&--mRz;S$^Ff
z_a6HKPY3Y*1XwpzDM;N2UyNTr>~%azizekbv>$QK`~?6lLp6h{y8J658}AJ4ao
zT*oU^$Hs$rR#un4ACMpa*g+g?p6@vY&;2ep<%T??bnL0Y`&3|D-IPaPqm%?{DUZGk
z#@VFQAr7COnsLc-Ifo^+up8w8ioOchX#?(wNHV-eIKsB>0MY{7GJt()iTB+EC-(im4AE#;uv8`LdCt}~gd}UC7s^8V;3-#nwc20O<
zDBlO^7t34;8vlrBoc*qDCk4MotE<>DXQHk84jXz^0jI|*M~e;Zh2U)+y{M_hluyY=WXtmOVU+aMS3P-F>WRQJrn9sSt%gqFzMGfI4rZc>|OdHRS!}n_yo)-`l=fC&y*y$R2eu191@6+?+
zqUAh!4e~AYckMp2+S<2YNt1*q!S%_(kj+7W;)?7W=KS
z={ZpNPUJwHwd6p3GLRp{I6^n-%ES!qH2e+y_lfcfl}~_vf$!PeVLQ?Io&EtmzJS=q
zlDrxG8Q&VH1M1pT2)<#iG5`Cm7FT_9f>s2)?z}l)Mg1#u-Yc|b%Xv%Jy@JlQMCa7E
z%=CYbo=b1(de^8QW6^KXbY%hIYWv>g7;Z!LKW?G&E8jHh$G1thEqfFDEOM)shvioN
zx;MIhTuCu|2h{OQFXy{L^37U^j_3A*ZUH)$NiV27fiJq?AL`>uX(9O2s>z=oDs6fR
zySsX??oUUn<0$%{5$ZTA@W1z(>GKPsPu5;Or->|wT&EAxOwefAAT+v>Xw>;exD82-
zG4Cu^ywo!C8_M5^#eNJw-%R)ijyFcX{rDPTjokhE(Co)}DwpwkWcy*Gc$fY4c|U<89#u9aKM)+)@vWSP8Nc1_*j8evqn#Kc6@
zB$5bZl0_viMMIQTLIxZjYSf94FlsOp`<;{Fl?++j|E>?mQnnF4!FJ{G^Gq0Xv_87Pg1WPFSlApMgR1J!S$MZ@
z8rhm+C_}!J{6qQtH$3ZLGyT}Y$I?B8@b6$lErYxdwOqE|qxa{+`vvg6e0~b$SKj{t
z89gieKYcW2c;BAr`Keuyo_H3|XQ7tpk3Vl$oY3u{?)$F{UAoX%=Mk0{U9gFclW{3_k)~K
zVm}D%`iTC0sGom7NBYUA{_zJRjrXX3wut(9wsceM&#L9%Dw2bH-x_UyR;|;MDc{_;
z!t3KDBtwR`&b&VANguuK=kvUjnvZ|FlkiXbSoKlO&o?Q5?}1Q#ypr16dEjj6;|Aj&
zxITU!Rv&9EM#`5R|mA5+NQCB1RsjE`T?{%h6i6B{2tq5Ml;57oysYH!->=VyHM(*CN~
zJMr-m&rB34@a!}?pI+b%_2-jy_2LM+dfNU!)SkY!pN78XkZh#2OZApbkvzSGlJ*`F_o
z&Q^O{1G-v7Ys$qi5B{F{zB-rlQ5&@{sr9F!zYda>;+Bc)@2`o*+?MeAn@uujXgTxx
zn
zZxii7^mqdPeW1^7NxRw75qoGJ>UK2w_xYkm_wV!J-cYoS`}dWzPZK1=2U*2Dj-~ML
zJy-ML8;O59&uIR=yWHpgyt3Lh+)8q|?A6ic!)p0oNcj?94Q~&!NQSkqo_Tw)i0p6k
zD;JJExPV
zi)R7}-_l1f1H^}?b?ia$~e`;^V3unt->^7Ejd(j&n|I@yl?uD_~
z3)~ak7-BCX`5T=JeOyHKw>SR;{QpP}YMRFB|3~=>nj-lBkqp_I&Vv6R*}J~R3&{VE
z__3sMg8qM$-_RJw|Bu=`*l?cw|7dJ0ZW#Oc9XuC5pc&cUNY=|p{ziEIRz5@1DzAUJ
z1Lr)$>9X>SRR*26XmzX4Sp9;Y*SN(QaoOMK7Ww{rH$US)s=pD_s{M_EKhggv4QLgO
zA$}OfXHC?&o^Lk~Y1n{XlSlEAVz}?dXXN*??D^6B
zjXq6qvJX`8HSHQ)Ppxe=Qarn)pqO|VPY3;t4DdUiV%hDaI3OqM)$uj$6dP|OS{Nrt
zNoy0)a@F%Va>w{tE0C`%NxmxJ`D7k{)fW_B^RPeu>LHCf{%Rw6uYRVeZG_{R66c6h#_2mH<@CnMF2YsoO!zo-2@oxOQammhi6f>p3
zCC&)iDZXPc4IQ_m;c5JXXc%31Mlc|MCGz^G3+2)m6qoTZkIQJ*7zdIRF&G_mH+><-
z12cS@WuzF4dkKpi*xhcvOr!9RLV2mO`sE{);vZp*!X7EFRSUHGq}o=zhoN7>I~Z!+
zgHo-^AE7%q{?Tr6e#xPk+1fvRT_T?SO$GV#GN~~Z>}np%Ns*3B%EXxN8!t<+0|x7v
z0`-|H;!B%~e5Fl4l5bTk&`Q-{?CpGGcavPNGN@0j8|&3C<$3VFh(V~Us8d$hI(5_v
zU$d^D^-8Q4p7(M>UW_Md0t_ZG(>xrb;uy>`CDXj&S=_g5UKBlJJsHMm_#F>A2zi<+
zH-mk=`-kOMu(oTK)nW{v4H)CLO>VP3Oq(Y`n}=sDHce&unZvVgFg~TT{_4s73G<(7
zvo4T%aDaHA1DcWWC-S)%_`HR=z7p-3+2{lraKV_iOpbrLOX%DhuuB$}?3VPYwg-U5
zR2U~B(VYZzL6>HGD+Tr{WXY`#Hs57hn`bw$j6?}Ag@Yw~irDcMz2REx6z%=C;+ESR
zQ=i23jJq1EcY*y}M)-G^hzqP`j$^2!F(cro_sE_Zb_MVc^t~11XqZN*Z_I@2i|Z!^
zyuSSu`@Om*a8?&--!MXbpQHK~)CB4~Tjh^&JiF`N(k6-Y??!l!_ra4!0P)GK-RvHB
z+A9IM?vpUSVBl<^kmJDFz<)mnSl2Ap-lVxkz_TV#g_+}97hpd4ZS~;&`E}9tct&90
zI;q}@u`Qxf9Ttqc{Lt{hAB#bEE&`mahk4heV0{RV|3mF7e=g8ItP|HsurKKQ)D60a
zbw?k+T#)&GDP3VF!u$BmeNNa2j60V~G4br=^Bw;j>ikd}+UFTG=Aw-@a2q}T@qG)$
z`S3m4Zk`s@-bgmzIfA`jOZ1AKRoiPl&2@60jcl*m*x2m#Ji^+sK3J7v^N#6QS5
zF8`o@ip5j?N5%PW&DlHOT~6gC{qe#--(5#>ic6};cfNZE<+D|XKi|ET;=LwTE6#Uo
z=zO(y)z}^7!FG-j~pPv=Gwe`y(%fHl`}#E#E@ENH(Ma
zdNkVnsZulg{AuuMpf$$$%W>LoF&_Q?OZoi`%X$3eYK@4$+)eS9F}`wC)lzE@#&H5H
z*{4bO$6oH&V0>+L?B(BK{OKUP>{865*7Ee3CYNF!)l7K#J=%kw3vDm}UT%hbYP_uH
zxOY48KKAL+=2N?2KDA}9GX5Zg_It^m`9k6^eU&ZGr95QMGJiw!pPixplB3Z=Uuz|;
z>xtHqooEBac#pDjSRVi2IogaE<~*j3y}X&vr7-3b#%KOcQqQMC`K_K$$^4e*Q!>9-
z5WhRB+Ra`ml;6tO%SGfTUR@=8p)ei$Rnn$noC`jmlB!rHe&6X|{|Lli&LJP=+$xNx
zI(ppRPMD|k@VLESWp~p&WjE=Rp$g+v_he@PpT^t2!F}>R#isJ@7+e1a;_-&kY9m^!
zci`9;=-=N^|1R4h;%=+sXl>?W-{xTvle3S;Jg=tA$Fh=u}k^AgQ=(B#{TQtTVjnH@NsqY*>M?bv#)LgdPh;1mZ
zGTFSE3B+TJ+lcWPdq<1M*dhDBRtE5jHxga}nt)dZP6w~#QhCLd7d~EDL$>ULC&q_Y
z?xuWIPlU%S`Gnb4KM}wyUcxJ01zzzIUIF<88O>|(5?<-2SYJ}*YzwacN|nOD8RbPQ
z_EX(b)oe=?)ld93;ofU2=KVF~jc3<4=-Bn{Xl=sc${C6C5v%N_bG%0%7g$BlGWeOV
zm*{!NZeMyv#saF{KS|Z#SnvS}LR^2ifyjj?aXC
zpCrBPg!gC3_rX|%-`4Mm)}HNxUpguypPpB37yOE+=eN@HlI?;=MtXjW-2Uw{kHquE
za{IRnzH}-u;a_OoF%`=OTQ%yMdX&I~e*Cv>?D+3e!hdn&#D5&~0Z*d<_krB`@!--?
zu-}6tU_U$EC6@;E{~sn}5rOxn5WlY6HW9q{)(B(I*M#@J@s9`ZQVc`S)^K=WWLjcu
z3D9aGS_NCxcyBSu-lDBz!+VF%5Z?Rd9@_uk!uK0P@LsXWX`W9#1l-V3GmOQKc2S&bb&
zqJ6P@H%|=jt)y`zWwRRZDecz*DnkeFSV=yVSTIdWHw9zCqZRFDiSpG>}I!SiPbVRY)Y|CHrY4Mm~F@V
z@t7q)fjKuMNNmN`TeNd*SP#Sw>2xMq{|M?_v?qq;Td_@;_H#-bC`Wt}?O_^$Xa19(
zA1z0G677*`&7tQV<%m!4xuA13J>OG~_#{AQmVEzRIpVg!`?CWbilDxjQh2yIVN#LtKN#LtWN#HBoKg2O{5Po|l
z^_tqPAfFYIdd#ns0=Q}oPoHT5T7FzrEr~JzpR`BZv#H&Dm&69DAz$!%+UvyA1Di&@
z4;Ap$@{skGW{NfLks`0BxhUTFDvAM^vnl*~%Sg1Qf!r!--A1&un}pq#@7g^@dnG3~
zB5pu@h&}=tkXtCztP|CoAqN{KkLRAkr%Vdbl@y
z1D;6(I$EI933SFoBaLVz5RFUle&lh|7$_4o^h84kG`h!0!$UMcZa6-4puLg=J}d$n
zAWQCI`0RmCr=-S*4#oKbq*YKR@Zq2|6KtEnhlUj*&0dCU&xj9~13q*F;luIC-qMBC
z{!&?|Lh~1mAaB`}zqM2?Z=aF8)Rab+x37jG%iFplk$)NFM_crdA)(KcIGz_}bW#~<
z@J=)74bT|>`rwZyTpt`5ZGG^-y`sF%k^p{emLlOt6UUFS6T*)tMf@KsFSq2v$B!$2
zE9$!E;ql?ee9E`_VI_V%>Bo;tSBdl`4+rog@*MFaeERVtKEtsGWESPNp;?mgqnYDJ
zc;?3MnC_Fry;R=Y1?|E00vC4D^VjHk&w7CgyXpBJdfvHSV8SkX-bl|q>jfs1&!FmA
zvj6@f1AIq4ma$gCa8^8uix6
z=EGQ(tgshl`z6ESEI$4j-p>ly3mm7v%${!O%tAe1ynyWgI$`17}p}uRS9$q
z<;=;h1^a3YvagZa`z5sZxWBy;wYR2tto%~v|8_pvzhX7Nwi3T=#mFyXkX=pY{5s6}
zb$m?xLjDXsg!?Ri2OY=*y-(k#2mZtZe~f_7lK`JbQ`~|W?LV_8X$JtKpURf>mGfZ!
z-5bRm|1z>emPL6XWN6F%}#CmZcm&6CV=eXFOvA&b9!JZdSW@
zEctuaiu`r^B+EvFYu?4&W-oxYSz#PW=i^EJMOKT?U;&$%*93fP0KPQ<-x`2#4ZydC
zem}n>{~`a2p)BJF{7;23ISuAVlW6_9qUA@h2`Ac$*wzM##r{X!T&J~*#Vwd(SYdUr
zh4lq&MLn+JbiY&DboYAE9>ZF3W^c1(JeA89LOmC_HC36aIdmbLo%ntY=M#=An6=h5PMJoL*wRNAy~naC4Qd2kFf&d}JIR)TkDdc@i1<6r~6
z$!=~hZQ4e>>RT=9kq-4xw)I}BL+5I2>rhL$wqiTOwQ(1V1s5!f%`Ly*qlbJqpPm8>ERO6f1)!T=tRO6u^_*(IEVXhll_;Vn-2Jn
zzKLm|lP^#AS>w`N^SUdzZ%h3&?Sq;6BMYtZ&{j|4?TypehRn`KOPk)ai}H>ud+RxlvbM+SGNk$XorOsH*|&RV?Tb`iS6pMLbJ+$1O&V
zRe-jqhdD!V#nK!a{~r|ipgVYfis}@lsMGty8NCiDCt>7Mt(
zl#xzl^gkfVIH>Zk5tud-ez~6VwmuNRFT7t-Gg{&%K*tVrc>ez~qJ1A|PQ0qozNfTl(;C4O
z*ZsJ*b*+0Uv!+N(Ag{)1M;XU)Bihi#^;_1hop*{n_d=fGVPS8|L7#9QRso-q;iIfd
zKKIQqR?}R)8J^2Jj5^j~6Eu>jTr6{F*qV|#*=pZ5<5%{&kDS)&yzGxvWv`{O`-|Gm
ztuQ{|*>Eq|63OttSw1Qg#}62LROK~Od0w7xj;mV5yTI?M@Eh}aYfGD27KuFNMM5X8
zX2w%KkX6ZGx0ygjQGQV$M1O}q$G%6I(z$RxAUzLw{ds#sX;ap+AC_Ov+OA0fy0=~C
z$lAtMv{b-93QY*&t?lc#`{nwk8^Bw%~1Y_8sPVd;aLN|
zzlbx8IvC4RnaN#uQ8L~e-fQFYg(Mq%deA?Aa5#T}@p6LO9Kcc7KJTh_bHAc}xh%B-
zu+Xtw*58KZW9$j%k-T=^aoeAo4bHMw6855@&j%J+)>8y
zh88eiwDvoc(_=QAH-P@ea9iKY@#q&T$^Naxxza3SQSkY1z<0Uqj)pkqIK}gG{w90m
z{GU+%)hkiHhGFbb=jVB*h&)KE5Nxk99#1@57=mN4j{ncx(?&;Cp84M7h9r{6C=-pR
zD0e>4d}1gc#;?r1GXoh2!Vm+*50Z&rM8J}EvF7X=OoZ;Tm0hVPX>na~W}Hc~Tis4^
zLTGCgtYUId^W${j_OnuF0&P5>Kpge)|$YD+0Q{bHTTJgS<
zkE`v{UzsDY9&Zv&xexl#*IS(FjVAQ1Pizm@0o&L~ZD9RhQGF}a_jjpWCyn&fm!-w@
z(jaFI`yX}+eRY8|_WljzWqE$1h91BJ!1D&!+naH3rmXf6*g8=rgSE-#xcG6k
z``_AnoK(JOy}-o{z(ZlXI{sm~4}lI~Tc<~D$Mkv&sNTrB0ZW6FjDINm6*K~Yjmm_>Cce2t*4fB7T$HJmn!FR74QtUoG3REqx
zvVEc6-zN6T&&5761qA;GYXLkjt_AL&g3h<#+>Xmt+aDCL^gV3VK-O>yx+`G$6pR_)
ze+@inbbD#~jwd_std4WZ5s!FTwxHQClh{Y0prz0DY-Wivel`>_Sa4C4;rT8)lAXG*_5pQK!$4bAcOL43e-?-N{?tTOEs
zJnLv(YGGYk*e>ABI$ZT^GsvY)E?<^eoeFC-etov6)7f*XKJMK#Zq_W;$Cjv{IBHYQ
zW|^!oj}Xp7hrJH>>~Zq@?7&Ru6L_=$$^e@HZ_>`!__iZ?zK^aI^WDaTZVb-7`2&oGa=^1dJNIsHeqw
z#%*^>j25Dt3;R}ca~b&3ZX8#cuK#@i&+1S5eFave|FqtMp0{vXd?H5ASJPT|K7eQb
z$JI#J-XWcN`vZFHs={g0o^xWK|NHs)KA%Q=w+_mdvp7A=0(zDYG;Z!Vd8m}<(np;N
z>YlgDbDXN(rc7hwVJh}-GQ3V*5I+yzAIHzE1eiR3Uclrez$AHnQBS3>;qS6EG?(EoHy&^-B07xkz6IkgB$^#RV@)yq`E;~#7}o>NnW!$?BVDU!>tU@e
zWf{f|a5$SmCbir$JAr;2C!9`xJ%367kLFND@p#pZ@}ULIJ&v7wkd$+
z;rAFDEYO9(T*;yO&Ux%7KqfXA-*8-JeAAHwG}LH3=s^1``af{{&%FbdFByw^7{;$9
z?(ciN?LWOWATvAHeWC2D>%L|HjYL@&<4-|;jBpDpw|Wis
zB+^3_cqM(T1Kbvm>r>3vNr5M?Oj5qUkCV{Vcf3)t?)Kwo75#!%xWF9fw^Al
zs4Yz{Q?V?kH8A&NeWhN`!OK~^zBLNJLx{0^y_WeNRbr2+8O9b(!}}?q9jQf8J60>M
zO#c3RnnS(^-aB}%3AD|0EKpq26X^5UaWtiFa|G%=lD^Fxn2#66jye~R0Rdme&kt=$
ziESFwmib<+4DeX;BA5KMe6x8K0lpS$teG_
zWnRpmCq9gyd<}A#awhYJpJkG(FZ*rgxWakY^jl>GCD`YbrC=WkYFXZ7F
z&==0}TXK^l0CF&_m4hjbiZ3750$>oF(#oI)AJ~MV-XL0bRQQMhZIAg4|*Q^P9?Gds=MH^AS2l94SIhSb)
zS$P0?iDuI2kTMx@(`{Bb$gVZM0YHk?{k9!tMlQqb>KXmjZN?=2NTzbk=$t3bb9
zK)>U<)Zh0t1N|Ok*X$W$ReO%GhCL{gM%b=B$Jr};(64$Lvne?e&_d~aeqD8y%L9Gr1-gndMuvQp
z=!@Blcb}ks;H%NbXfJCBGih^pC-BO-d``2y9ji>P`G7CEz+)R=T-)IcMET8N9CBok
z%>F*v3?FS6uoOxSu-3@ye*$wtTlgWzbl{bYP=7mn#c%jkThG;xkp3IW&jUItb-wLj
zoPQtUwj`{JeuojDz0;vS=e6Jr8|-Q8S@nJ5{~IvxNTk}zV~kH$@XnSQ-=CPfD#Fk|!op=^ok6
zu0`#T9Zs#&tfGDo*3G|-?efD~c^S`dQPnrZ(C=+CtS{1Soal%Q|*t;lir@6}T-2<>f-KCe){ogtisUZyT4z7W{lF#k-
z&yBI$%L%%5eSWF!_ouo2-g6)6zwg%V_x?aB^TJs$YZCVRS!BO2bHeXXhP-_O_WNVN
z2OaB|i~(5dSz+D=x8KhS&1LF1{r6_FRgT;h*J11T=UvQxzme*O?@F}apXPid+V9ss
zKXsL^lSAWMrdo(_El
zo+18i>z#<7!e@aoDI|WEhJiQts&M8Y9l`VQQFtcC>)p@oOr@cvK;!G-?}+8r0PKN)
z#&e09psaEV`*m_#9_ouu0)Kz9pS`vwFhdeK9^e_02#*c?zU-6z``%iE`xO34K`v|(pyMxGg3$*V0CKurSh!=hb;Jo(bn$?@&TPz<8V`r0b
z<|E<>+wX|uOf%F+9(fAckx)+BMz*K=I|SXTV39Mhr@6j`z0qiX=H}XKb)Cx@f>Rlk
ztp{17h0P`%%gO4&FB=bGeZ7w?>I3Dge(EDyk2ZtI87H^N6*>?=)X4FOvgn=3!I2?a~}`y>(5uKObeB
zC*TZ6o(}!4O9Ol1i8-x)MtU-l4@%SUy%E+Wlq7@fWxCI;q(-?6@-E0A?>Y3mPe$Vr
zE{7D*dAMQqfaQl0i|%70?^7Yqzp`YE?14E2kf*Nzo}TR<{~f<&!MAdlXsa|%U%}7k
zt6^`222}`<@jyi}Aj^3jMvO@-x#)?|R|gpXpvx
zH;iF*f_#?`|KBbp`h#5J$NA`Y**{-L`rlQ;uUOA_^(?(#x(f9f_#Wo5+T{8dkUtMx
zt~jsaGWM>%7!Lt*(_T9wQ$B<4P`n#_%e>{v~*ybo4^)zjA^0*HZi8x&g}v
zY1+S&=Nz=D2**-_<|u--F6L`}iTqKuZVz)O*u&l>-Ho9RdG``8mOnFUiw?orVUXfy2et{k
z?NWG#eIKf71Mu`He?gh>UF3i1`|WYA_W@qKyLV?>&vTn;{fRhVMu1jHW9cLnc
zDz0mV)WGQ$tZAT9oReYwY?S1q3xRi6pNXC4V%{rg-giU0oeA_d5g%vh_-VAq@Rg6@
z3X|&|+}{^~>FEo=^z*yO|F3qyvX)?)2+tZm|0+0lO@R@vM-zKAOuS`pt$=OX{?AG3
z+X?*}lKOv#`u9LP)#LgfOD}#xea@>D`RtOvKS|$>@cj$ePZ>;A;ThJ?c3-~6bNc9W
z*h1xpSB%Z8*GBITu88N=Ls~P!Y0al_&YrIRg6--qkd=jlzijLI1)Zz^4CRkAk-IY;
zF6i|0F!74bEAR}9%O?+zkA-`Muo2Ekz=vrG{=lzO{URurorF&V^eqp*l>!ac`|PLp
zQTNzB7gL`fxUtVqf%jqL3z}$9XH5o
zohkANuO?f5-SV%O|F)Xy8<&sICp_{aaepI+|1yzJ7{}oT_~z}{qV0QHv?Z|)4S56K
zl{cyzVNEZA`g#AOe8Zx
zn%O?XwFWk{kjMW~UmofU$6AQ`mM(rTVyL7`)v72ztl)p+ZDml*pG0lUNEk1EE6zxY
zm+c-~U)*nA)9rkCT~?yAC5Xm{4>92a-km9+>fwvs`e>P_3}a!Dd)TQL4P{m{l#b_$d}8zbD8=_g_U`;
z(SBL0I4?8)Ksy3wij{Z*SIvOs^ytjtULM*H$@?yqjrux;ca^Hao>?-o1Eo@g#3jJ?r9R
zeUykN`8Az^^5S?r3CPubQ+XW8$(La5gSlv@MY*^WbKzkgaZU5E1~29@*Kuba;n#J9
zJ7Jf=ohjq&<0oFi^7_-a@_=?J`oym}py8M?kK=CmzmMwq9zMWr%D%1xS}#0*med}?
zvog_MNI0BD<0zwX=(v03L~!?Tf>2mJ{B+uxN7lI+N;cT9i8e=}N-ax*weWzzKYa0Ai*g%_iz
ze;NF2rvCOizxnw21M-K-b50IFAEA1O9jWniBb{Mk$3*C`;-yx$-23=XRF|({AJ>_Gpf`3)m%5zqfYcx2Gxv`l63oEi)0`-mF*?F!gm36aA~Q*x|MWdf
z-(B2)CWC)d=-W#tmq+=~i8;6Qtxk?eW!3{A%OVqE;^tpk>Q6VOj>d+Ebqx>z&Rcj~@be`dxOjxSmjCnSnf3bSmWEwl#f>T
z!kA%yokE>_FWRK$sH&aod$_;JQd|dLzD4z8oE7Tufyc(Ziob<_c?tJZLR%jCNiT)p
zFF-r!=ad8g=dhA)56k7YJ(qP&_fMy&heRxamHRtkc^6yE?YFqk6{(E33(pYhQ2vvt
zhqmx|uM*w<%lp7G@C+c|A2;r>c^AJjNMWo|DfzjfeCniKq958ovGqf*srVe7h6
z)$!hh_XDtDe;4ePn2)HW>ihV5jFEm=R?E@Piu`Cx;5Ww9Ax(s5=-P4dFv3^uDzxd&
zQDd-6hC@aI90It8fVc1z-_P0j-enTTfR%)LSsCF_StvJE{0+BzqfcB3*~3dh^~l$=
z;$Zfu?aZL1Egsd-R1=o#u))oh&(03-?mynKr{|C_({fx9{8-&eu)bql!tUOk%}UoXM4IPpF!>DvLf
zR2vXJRt;ep^Eykr75%$rYzKO@-yz99Rp`oqPDz>*{R-uZcHl|c)w83vDAsea-GPag
zcS*Hoyf0akYk4`0PeI$FuT53Igx_cn6gX4m&DI(fiDA6oOa*;3@oY1&3*^7JLBy}6
zJHIH-FaW%pinbKgqvgZ7?_oa-a{3JG$D~GOs{B#)6Gp{p9xKl(iTAG{&y<*7yMo96
ze9Ys2I!7B1{b_V&6mtZzj7BSu*Mxm@S@@oXJPwiB>?*g*p5}Jh7K;6AT_AEi;MhdG
zFpNnysrj&1v8|3PEUsgtwh`X06mRz;XFgvqp8sM&JU$U|&j9Nnqc176i*&V;{P#LZ
z20K1K?!SllH9Fd;0Ipgy820N9bu4hWa`3((pl9s7$tp2~cSWfA*|wfT6rUcLFX9=~
z!EKEH=lt~W6R=wcu=A*SypClYykvOSvC86_1!L0T;bBXL@Y7Vp;^$*Wl8%h72NW4xWSlyr^8LYINU1I@Mrb&(!g((fL{^8
z&#K!$=cRz(SN~1j)kj5nUis%824w_vG^3Kn=zO5%W5m(LhD|lRFOX$WOlfNq&K{$K
z)-5({L%YUxw-C{KTGN`uv~)vGl4gbsYJ1G?>^h)54O>ZUYtr4+ZL+QH>7JSfJ!rsS
zL_>_o-g}?>GVi?1AgIl;e{hDG_v87x&;5Ar@7`-zzb%IK8;oDS4ZMEce>MK~I}GSniKGQbFdH5j5f(E%|J>JOp;jitDypGC>aR
zp*W>QBeE-t^@!>v@xHkD^Ec^_OB
ze=d&AN7e-9Gs@2&^TnQ@%(YZ!@>mb}q;FHNUvne%RI^0iL32Jp3(qgw`z=hrMLxtA
z#QQsS|0m|y6k>PV!r>P#&K1E^Cr$fqI_$Uj^VL3z;mHz}t#(nj*ZFUa`xY>+?f4?(
zh2Ef_a3q@QN9;Si`+az~+`kH8D%SHkS#S}?qvLrJ#eedJ`sRtBy|`vZ_wPtG!V=-SMl^oDodUal+*E>Hgn>PESdS
z7yuic>y_GC@k~g^+Z<#(bQtd2DKa7_LP*;caTr6qAN`$9p$_10s2|1
z<>ae-b|d}d20d^c>4atg(^kN9&4&7rh@-^44WCiz7mJ_24LpBe
zTqyG|xj!pZ>=WvTp%gbfw>JFZOpJ^1kR90ihyZ&kP}b#8DL=$YxNmD*d-9A0{rc#K
z4m~2zEikXhR?U!=<-CnR&VEqv1WD$aN&|g|`{=JmnDs)#VVW4q5l;i493E3)G
zTW%8hEr5^ST7%{D2zXRX45teHTzen(ULLY3S+J5iC{1Cl0yEM69
zlGB^AIiMM_o;JhY(XpO_F=H+Hh{qD$bub6|b7+TdWqjvW$}yRQt{WBg_XfJoFwym7
zrt3mzW3?ql*CYI_`Dv|^V{WeK{x7)qWvl^>^1IMk_HqI`=wdweAM!dqM}Q8@*MH2{
zUxw?)_&V)>{ym(>b31#zhHKp{^!11NwN|Lt+Rr8S8ZBhAs22=lp8@)=aqP#~=UW7A
z&E&BoPHct<^kq7p(a4`Xq)|MVx&M!GKdHn@u^xUbEVdgan?gM
z^t{Cv(2nw)xwlA}byQSF%<?X##mL%>0ojE4=7q|34@C{%hteOi@^Gu8!;9ux*O&iV-Bjt+SYWTo|E%-
ztn@aRyZ#?F?)xt1^*Zv&PR~Coz#9$om0Ugv^$!MGPBZP}nM})d@Xqy0Y#&R^PGY$<
zS;%$3`TSo#8}h>Q&gmAIAJOgPTmXN!nf*VXMC^RA^F3jnANM%qs}d()?WX>pV%~CK
zL8oVl60aX%|6bz$?Oq`BPS~J-S=_&SxPSEvWdD9)^!LD6L8l2HR$Npo8}nfQ{_FC7
zbpf79Vm_?3;i%${kPL9-kPNV+j@RrggU`s%4DSogtReh~o!g$rZ4b=v^vIlA@$_$`
zpE-0*j_03vJTK2j9RECZtaU#(#=1Yv^R^k@(=A5x@A0nx7xeXq_c)(YX#LZ8jHmyB
z*MGj8--pfX&+=}}^>2({f3qCgsIPx^r{_Ol9Qyk`z&kYS2FA~M=r0~WSE`mwDviU>
zxfG4?rY(f~lewmwgsUwN-eoo8AuzrdY?eayLxfWE@I0+MASxM0mutY$%_kh)=h$y2
zps()@&+E=3o2Rc_=Vcb2%afi?&qBs|>(@SFJnd1qRsh#99-)C^q9Pp1
zTt)g&D0LP36S{YaT==bk^q~fE<{;)&%S619V}UjuWONVM8N1nTsP$leMKAd#kd|l0
z;Zur1ZFXfh!SA=j|D-R$wJ#dwE8!Sr{siOqW%4`d9JH*pDzTN|F*#9EI{^xny?dGvroisMYEX<`oByabPG1~nFw_E7O`Vyn}kKX>{
z+v<#CKG;j-g9LjiDk!EJ^Z`SC*51Em`_~o2*Bh^Q^Y#6%@#Tt(
zj5B|4wJTZvxbx-d*7wUN330j}>&J48dX7uRE|5NhXUEtV&XI-jfN8G*|KfYEIAt!j
ztd7QgYxuVwr;IZgEALy}`Ij?3KbzS;&7is#m^=4;c|bfAd{zWbR)ZW)LtRPF8@AMm
zj^1v+SQ!p24Qkujo>7_uW#|Xmp`S;*UhI7K)2?ik+fA@`0r&))oPAQg<!n6
zI6fC`LKz>Q%e4M7{C2xhUPC`HujEfIuY0o=+DsFh`x{?%e*?_pP)_-^f85KC7;%h=4_8^B(4>GW!u^B
zHD|6duVDN>Y#QhOJ8|c=&v*6Oc$t*LFORT?=*JuM$g}B2#)<8|Gd_O=-3zutfbxBu
zTvP|&?`MA~;#3a8|3xAXF$DB|8l3~%_M$#&Wqs&h_^jS{Ct}BP!-%ucW4k40J~uK~
zk7tMH?BX%F=U8bdr3PzAb*IAr#(Wug9iP1dd{>BUZ}Kj?uBPt
zWe(2a@+Hd363i=we)-3E|1{ju>6ry%Or>+kj41ZU7%zZl(nu37B_HOug5x!Equ3{R
z>PnU7JJn6|T_?UAy2CVH<9v8vK0a@{j?br9Yc#}c=<_m(uu*5q)8RLy2kes&y@ycu
z${<`%ZZI9jh}WP^(0ev$U9iqDC+)P>srj_lIG^cb^ao|kBJ=sKW2J_*j;zE>kseF%
zyq5SWo}sUg35^22p+
zrU8G#wqv|1k9k#Id#s-D*+a7o^z;u-{mFK8j`oDb({
z;4WCxzc%`}MSa-fu$7<;f_tLKAFD)FG#0PF0s87`vs>RO$GJoPejm$#{w%CPq|d3$
z7xP;k|B)r-hzfJzhrfXMa=V@Kk>*7umZ=Y8^xR*#9LwjZ*RRy&NFlegD@*2r)7vlL
z-|Mra-jo`LpRQ~_uB>VwkFPgr{e!HS|Ih+_Ismre0>n^72KgJ>d(^f@{iR
zv>kmQYkla~>F#Gfp3Y}AM`ueuzL|Xq@Co-;MbU@&IX(aLY>AmM)uZ2gdU)O?>;vLT
z0$8he--u5F{X7w)-;wmc+41>xd$O0e9m}S^x9*BA-+MCq!M%rn*0`^d^KRx)-)zwn
zbkE!Hj4Nu+ts94bo0YgegkGO4o$Hbz4T7uFTpM!^b2?f+JVPcqaC;ac+ASZXbb*|eMkc{(Jm2i
ze?<_-^xAN7Kdy&)Twsfbr^0*F2&aR&C@Rn&K>kwX87H#!JR-SK{6zi%pCkMO`=j(1
zQ?AB-_FHdZyRRPlpkGIQ80C{!k@zLkjd!V*k;H7ldwv?LZ`JF-bC7keJGmWt{}z{j`l$EY66PU!llg4efi##A
z#djI=&-nNq@EM`8VjTmRXPjFL+>5`x0_$ZtzK&`etY0k8T47xx+drjIJ{+RCNO3}%
z!~OR)KGShxA28=_T>M>b+gFB*FCu=li1DNF89AQ)AnYlmyF8*jwB=DZQZe^wG{z6V
z$3D=bw@Dd;ZK`~}p3S(f{kKt`fw1&3=0%aFu&;K2HrMXV~u&c^hE3Y3RT-xZ*5
zs{=^mF?piz1H1?Kf)>?jCY5po*+~B0`2g#`GbD{~{|)8MIq8Gzx_mgG=Rc==xUcnz
z_F(dTrqh&#XsRNz6Kn(E6%oukiP#yOUp;>hy&v>S^ZOA``{gm<>w!~8ve7Rq=cCl2s*1Hn=DQ?6tE>fu{+Gir*Y>96Vg0&}
z_eOoG3GTzZU|qf@Kb~>8J6`Zl<@ySVp
zWunh5UOsF=`7i-|+TqN^=W{x5_W=#2bN)o&k!{FpQw_W}-X0spZ%1?uw14IQ`PbyP
zU7TlaPG)j`Tg9?$FhiaJqMXCuSMcvAGf>8zE&nyl$8pvrlb;DDukX~75t|>Z#elg`
z&$GX)0oxXH!zu`$M1RiT3V#-2YpjZjZ95a?Kh78*{w|aAiy$vi#iI%HiX_5!CCew0
z!#mMJlnp
zho6)2SF4oZDW_OS`C#?@P=3XE5@Qxlh`*=)^Fb1%jk^@ytAh(CX%4Oc7Z
zXQ%I0s-Pb}?nh1;wq+&1|M_yuNW3cI+55|%62Vgwimx7;czksOkMG#zk176NkN=(g
z7ZCr?bbVmb1mpktxy_T3#Q*c2SUqWC@&9)5Qw?KKx3Nv(m=ud&JtC%3eCk%dHkc}}
z{kh{)dl@&fEA``vPi^A%vQlq-`gxvh_B!jt=;uj(uF#s8e!j&r+F_k|e5%TEs92x&
zM)12WDP#Lbb^T--pR=iAZ3pH*^NSyJREhuWXp%KmqAg-=Fo3wF%}pgbh7j?+H!DBd
z0LOs!SZ=-iXc-(IU|#=e`ubb0PaY4m%{rhY&X4vbrk}SItf48oGsu_vXjrjtRP~%_
zUm;zmcT}uEvUrSS@d8(Pzt$?Zj=pn<=jSbPee=7IpKlgMeMiO&q_KS4Dn{!&3$H`p
zahmd>?O}S(g7-gV(np@)@90yuIOeN(&PMC`L6M5SWvn}JOssPvPRVj!EyLIwoNv3R
z#QeVod(j(K982MMZ&dR0-h;K6hgQ_J%@JObC9_DDcv+TI60b)eS!l?UKz^J_AV1`I
z*6?`z!$$ex1^H2FkRRJMd@st68?|rxx%SS9tGAYY(*gFVna(nq&b(JAX5S3+Il#bB
zV*BO;-ji<)N%@gZ@}sUj19No4TH`uTq5lc51^dh!Nq3ZK&iTvR5Yvk1{Jx!y`(E0}
z=buAT*Kp2nr1MA%oe`HtT$ePA>mN`GRjOeD&y#-#^_2TK$86P*%$bf@Wg(`JoRaYs
zE~?Rj-(?&_?ECgvp$eeqlNHVL+^NF80N-~vzfVwKDKECh7mDqjT
zKNYG#n#7uddS0akd|$+LALehz_!m3urBq#CZ(1J4+#?#D8Oia@;^*rP&)dZxNq?Kh
z*H#;@Njyn0qrH}1-K3~kZ9FMO$0AFh{T*JO?e<0vr`0t39kv7Wxd|$ocKGgg3lwjY~=C?Ite>H1?
zrtcd+KUZXU&gOFheJ#{5zx5}8_WhurT9qSx7)y%J>$E@f8nll%km&|`-KZkSghnG_NPAgL5yx426|5vU#a6SYd=U#>#KG757(b(S`W?somRtVZJF1t
zfA*37xrX^k&!w9auZsL9OL$oS^o&dYjEn!}`KZ2heetSk{Cw6WW4vmRbk9vZ)+-lp
zUc9QAmt@TdJWZWlirAD2UWdFF8?Hc-FJeRinLn)=|4wzdT$kQsS
z1A>11Gv$Z@{671TyccDRD%k79yQ&E9ovT)now!LWP+rrnUj5?`@wd$?)fy;J-0C!O
zq|ZipwsWO61D*|RWv?dk{qVUgy)Yp8i>*NW5crF1r-0hg$2of(GBrNmW^#EN6Jn|~S>si!)YsjlQo{#nb1`^%J9yG-)x4A;GHI2SLkcCozLWs+CbCV7>0gYqiP;6Fls^a$g3dix|lvVxw!
zhiq+cG{CW;^=uQ=!uK4s(ZxH5f?VgNR?H1w>x{T534UN}-}vfdVE!1y!hr1Vs1lEM
z)QYQzgopsYya4SjgmqX&{qrh|RG2F|BX%iE)Bw!oI-#DEc&&WI5BFj%E%c?`A?7(Z
z$I&y^+tNZpbhSy_w?umd_zui}6zl6O7HY4t|7oJ>V!S=|QrrC^c*-vNpihs7J{o@E
zRLEATrC58*UxoK5)^|WQ6|3lHL5yQM#caqtxH@gDXW9t#Vr-?^KNq_<=X+rPGv>7r
z?#)vwG_UfQHqClQn`(Vcv%^>vs|!D)c)pJ{@$h{A*Td_Eu*MkT#>iHj>>)fD&W($3
zm-!LJQ3AXoKROz}yOQweSX)@)UhrI1zRQ*BQ4yzs`B9NxF|Qx|A8j2jzEVXsVBTq$
zK7~*_))}4&a~ZPjz`hb&z|Q-QKn;jbDCkj2NSYHA`0Gwa~^G0_4|Z7I`@
z-3hv*K1_EKBtZmRWyK*1J7z}I1QJ9MH_jxOT^X|H+5A%C$oV3Ngd{2A(J;mS?^QGk24MWSFX!jDcc-zj|X#vc9$oZ@~zKf
zeB@)e=hN};PySx(z5RJ{=BTeX2Z_%H&rQ5uh4e{btFFJ}WqL>8Ty!0vQO|!3_rZS^IpOPyf;03y%>X^yoTMdZsa=fUPZ|J1;g@Qyf3>!$nr&sF86yV?|J3f
zklc?}wsUuNX~|?%cre+{?jv|{jT5(5sO+M{}>p5+^_KYG@L0g
z4Ev{9LEp4uEU2Zxb4rrkqlz-mse@eS%=Ym6V%f&&Q^dMf1Jk0+uZxM?a0>C{WMW#^
zOd>vE+8N>BGa3CdneK&8S}{u!95P`kk)Bq=KH8#@_L!uw3|mVPJ6R<6gd|
z8xE-k9?Nv0Pwx{xJ4r`rjLj`GK?*p1}}xWB6_kOFHG@C?*h#M=~Y|Csmj
zqfL{NXhV>t)83EAwC;okFhq^}Da9$-a2YN4W1cYQ`OI)eZaF%$;Ucf0wY!
zvTDgtf8@FM`;_;33DnPxdtSx;P^^3($kGP`!}YmtVAT>~e<880X3#$a>^IANGuD`u
z-Ltw1U~M1vr}<{*eM3V3r(7|6KD;vLeU)O};BtfUSgfnLyvT>&^4JCBhreK4d4cvy
zPerktdY$;^(y2(@eoG3YQl{pwlmJKzZ>Wdj3Pedtrmi&rF!r@naaPM1KC)
zM(2Ou-d;+V&v~c*e&>H9$7dsrkMDzTW-oOY)nEU?XnUzP>aX*IE2IC3@7Tp0AZs&f8M5h2puJf%io_
z1@G6B?QhkeLcEV>bRuR&jwXZfKv}?J@*2D<)-`PLsD}H^D={{&*YG^*89mbdo|TfE
z4RhPw6gNtq=6DlORt(FH&$!$;N->EBuhpRI1(PqA1WP$#WH#OdD?yobl@
zK;Q9>R_>?Mq~|ePL1S!!^1?Pq()2UWJi-ljw%ddq5yn6i^%fEC6yQXj&k!z)a0dY=
za(sr~X(OBua3Z&62sf8-+W{x?c81+d^GgQ#Q$+GTKj&w^A}&O
zW5|UoYXhjsM3&dpu9J`!+xQtdHA=%yz^6dp?vs-6F~9$P+EGcDLfKu2674
z!eH;bfqVnm`$ERpebtTEQLNI>{{Zv-i|WR1x{Ejk|L=K5oN>T@x4(1$GGE@&d&tHt
zpXYF?d4b!b^5@b=LeFT&c24Ag4PXp{!EMX@Oqyq9Pc3WcdRxRSm`A?vTmB$o7Kj`=
zB4z=$t!rm><7|rS?t(JP{AYdfFNpT^`6GNi;W<5kaQxrR+oT5a=2!a;w(&C-o@2=M
z_A<`9c7SjH)jdAVV8xsr8pc(FXDtKZtp-uH=9kOxIgkP0OF1Ou^tOxFzQRa(h
z>;v{IFYJHpk6rxl5q%Lj?1SFMsPP|8PVW8zWIF5zJ3z)Q@OdPQ$afO6!i>3G+&mWc
zB9KGnyD^5_HF7!VtcyM9t20ynbD@KkS>M}H?6^TH&o`OgD!A)X*$J=2`a!<>ab3U|
zIvK~%X41&x16hcN?uNFZexS$(80#9ZO!#XFzZCEbA7IXOf?q@MbbzDokU{Vyf+wC7
zd&rr9>#VPCETen1{u83SgUU-({?rK(uach!&0dbb0gPRTzfLN9k!(*jDvLR^ox}HY
zqRa&<^C*;w@Nt~Y6ul1SE=ijo8iOvXQ+gu$7<3Xo?}Qiw%f;Fv^u5*3*;t>5jU=(|
zm6&&BGxBX14C6)!KCSi6rFR~tclNv|#$yS=+X;T`J>0u}N6Vvl8%V3Vzx0uzvK|+|
zlM1bG&+V*Htrsmt;pJjkh2vPi+tJBh@^8npIe=TC?RbZe_R!ne<9jV%)~Fb}X3uW~
z4QH?g0bcfgv#`6rN%-(r9tq(wPUB3rLOu9jKp*78I+wS1xu*;EcnPLPHIF^EcPP2c
zEaN^AbnF;*dL`;dGU!K}S=L^hX9e^q7mo*+6+l|ofS*9O((sPuN8BG*j7b%ZN$b1l
zL!8BRZu6WNCzB<3UxJoM<^F}r)j_#@~olEa96Z{r}%Ol=V1@F*lHJ{3Kb%@x!X`pK^
zCEPy|?nnp5IYjGxX85i?KmCN;
zb6kvD2H^B@zo6T{63%>+
zP`$L{V%#xyl|Elbb^rI@i+;G_do_SJvkg8oTjle{RVe>J`NvS6%)VmlhN0Iv%-DfQ>0v9nzV}F&Dvr8hP`%xxA{gJ$D0A4
zL3jo5PR!5s4f6&@`2W8X-Txo&>N}a;pJ2LPHDk^zsh0ADm4iIW^kANNjE#%>o+?|E
z^0>(OxcRVOt(ab*Z2N(O>wq??K*9JF81o^C&qpSo50I06M_4-Sk;?h`{}Hy{qvz>)
zi#a^Tu=xqEbByZXdFU~ygY(z{<-JK23g(@{yN=Mj6!AQDUW1M2$HVwJGR3}vUk&4Z
z+=$;iBy^S-?#G~Nf}V;vJgM!F8`ctI=YhiT*;CYd&l_xBKg%t!H8G
z^M{74Icl=iSv%)?q_rO4`vLF3d`_Q9tjsbX>Gn^Ha}Ke^PR25GRF>(ikc#+u1!F}^
zQ{g>^C1&-8Mecl_OU>|WD$2s|QfNE&qgmRb@VNI`QkIg)lnY+NhJ3Vdk>uM|
z2D-uYVS9nk$$sRs!utO!<1txJNXmd@danR;!kuHgVC;6m*j)~G@H2y_?91!GTE9f7Cbk5*sUA@uhAfD*pA@XCk!#9#f$k)lzLn7A^RslVH
zUKl=qiOf8RbM!jQk$0Az=P!tZeu(y{J`sB<2ljW{g8SgxIA>TNWk)y-{D|miXvhXI
z8;5y=>B=3LTVYKkz1)njEs-$XAEd%sAmiB?(1gU>sOID+tIln63Z35TN_f5%%RsS`
z940?Tmvi#mkd}d)xlhtaTD8pju3~u_W9)PnN^3@cBbL|Q0KY1?K^a}f$>pPE;9g#4
zWIjpTtb3J_{lzF+m{Fdv(_(-WdwrsW!*Sch$^Kzr_TXWo%G(S2u1YSpQ+vk$HT4%vEU4lvI=_1ITZ^Veww`$fj^8w#@9EF7g|#fHJ4(
z{2O$M2JcNuKHgu0t_|zQ!z$_{x$8*(KaBeQ>Ir#Ew-4ZaBNr**b_RMIkmvM%tfGG8
z9LBzl&2L6di()+b$OeD#5Zcff8vx#nJan4iU59YLkmysG
z)Qd}$ip_!gD3-@~j$_4@13k+R
zdX~R0Oka-$ohywM@VvZn6rUY+9n9Z`u&=p|h7I^*5%)>KXG`27y#LW|V#*hI-imq=
z+J9K%ZYRCy&jt1|>_3E_@}z?H#@9nXtkP}Dwlu|o?XbX}#t(HP?I4
z{AQV=>tfb8p^K$5&xGGI@chg+k5$6Ht@E85+S)IVx(_+igt)%~ZrJ|w;NMCDbJ8D@tfaRt@uKM*~B
z%1yLZoIDU7KP4-ez~iTU)&%qEH*g<r`={Cg=lW
zGNrR5?$dk?+4HY&qc{l!Pa=3p8_$uZ8B7)sasoGvaCWNWBse2@T38(y;r^G_u1otx
zol=7Th2TB=MIDf9L6C1K`x-DWsEe&_z!?4}`F{$}!9FmV^pe2-vGYufXD`I>fA>!=
ze&GztqmnHDrBLCvdAEYxUE+TzOzzH^q}&bpUyjXB3ek7xtA87Ldy@2y%2%&`e)_VU
z_W%2)#!qLc-Y@q>=cf-yhOOT>7C&YAQ~7g9-Xi~mPR6Ju68s^8+ndoA)TmWqOk>!CZ^5&LCwWYFicKuyX8erG
zvu0s;g!e;3$@8qR&vhXFCxq_`;u>Jo(&;;!2>w1lNLmAEo`A;BJD~
z1AH!Tmw^9};57g@1AH^UJ07WS43NK9Wf1!@kNZjAN@dpoES<`lcT_iesqE6QvJNVn
z5#;+@Er-Xq6W?4$xWpjt>5SSEz@-uHM#A+4(5}n~`(**Q6TCBkF@%j;9>KE+elUQ!
zdyJYw@N|Oj0k{L;PJ(}j;B^7Ki#2L4f~OI@3g9IGFC}=YKK}vSlN+^$FnP2+h;&@+
z5&42+#QLw#e?ZJ9zhf8>`4ikg_cF$^en4@i0R4|Vk8{5ndY`x_G&_a;it5mP)xRJc
z>5e8r5Bj{HBY10*poa{CpC-7cNzjAdo+Z#8ytA9jvNb)AgOhADQl_aT+rBDv;<=MO
zPRg(QiWS@AV)8NXAih(#?=EQ)^H(&*`t4Ldu}RGF$|=@=k?J3NMa;QM^*2+W{e=JB
zE5o$jPJyI&EstkdKp1a|;DhtnjiHLwqU
z5%#}0wsxM2Ei}J6ZC303hk8pmZHjs?Q@uQ@r_<*BRQ}XnLHngtzKO~!RDP^`p$Pf6
zcXIaG80&sBTi%TFFcEaTB-meXXCHa%*mAG^32qk!`ri4LuA|kB50lJZx)<+MS&xyK
zdrNl;8IN@D+N4;tCQUPfnBzMqo)pN4#T
zz9kOYz!a8V9LC==%kji=f7s%;qnm^G?$dH8(myH2m6
zy8zE!r|qa!eni}|5~fyIn
z{HZdh<$)SupAFx~c4189I36Q#g}FxD(G2I4tl?{CcN3$t!s(`n9g;&+bL)5qTzfB{C(K}Fh2&q|9NTr
z{0|tfz4j?fu@U6)6Bn;9eqxDxC5->sl=;{B3P;HE>_u+XE@k;a)(-q5tLaUV=2>h0
zEtJ2-Mz)0VOO(HbecA-&F^5k8bufI62i+$uUriAH%$R3n9(*hN%XOId%xB*Y2(+kw3^B5IN5D*ehy+=
zy&tYqKgL|BXais<=W*_0(f>Yd{-h;t74Vw!RE5f9vpP{8gHC4mnWgTQ6sfz(1b_d}
z+}D6NS)L0&Z<<021p-9rCc>MfU<*aUhORq<_DvIPT7ImG+6`y}c3KczJ)-NTfmCrT
zidwZGn?IyAP4H*e2_Gr#wTYI^BfukR*#eZ*OJ$(}8Ca^tK|l(%NbW^UKRU%~w0AUqvkQplul1p8v;S)p4Ywe>FJs1k%eg
z_vAZg?e9A7Z=0dN&q8OD|Iag+yUIy4uY+>wI)hHMk!v>Q4XEt
z54F;#nc%+>4vwX~#Zn%g1Rp0X&^|`Euu>GC9#rzRNs2cxZH#w{(O%;=wal1bulemc
z#bZckEaMgkp!bdPeF1kE&MAyd&F>VdcPRNt#nTD<*)%viq+`ECC4Dc#6pPVb?7_uh
zv_nlNTN1KS4IA?*PNC<5@ZN3yNR;IpC!dnC8_N*utcX9V&6&T}Y%K40nUA1Nb1dJjn-B
z&bd6|fz0sC09rVM%aCR^k?ysW?94NeK4v^?p}e6sm$}K69G}pN_UFwopL$I&zD1m(
ze=G6qTACm9)3RXN>@o|q^B_D!gH>-B@50$~i|F}93ibj`dU|B|G?8O#kGH<L?vr;FZOY&`=daGAJbk!Efrl;(XJhW3S&7^|FL0ifSVXQV+>d@C
z<^|E8#!N8b!;*{)?TwvrdzX2Xf58QPWQYmjI;GHFAgb)>)Bdy7%>VJ29)K}p<9A@pcrNM>*vWp5=0$lJRKnpmaJed~a*#eU
zQw-*dLr8bRI>Ov4?Lus7$q@I2&x3Wye!(Bvzlz}>^ixi2GLPU^9@)T52v4^D!JW
  • L_THa7oG*bZJ=Z|?*04qA*zL-oxK~U=Ps#uoTzSr<(Gcc2KZwR4dgsux=JuLe
z{!@GjK<+Xge&UPXyvZr7G3sL=)_DG-dE~wr8$j!>>At+ujrBCE&LM%N)tp|h!j(yP
zD8ZqaO_fWBR4(WT?`yUgk`n%vUBdDsNjhs)&+-Q}rW;Tn85R$9H!Rde2Z}uF%ayh{
zb9D4dmp6#3)~2z2p=@Vz+P&HZIJE?MRXP77AbNL1-1RGlw;z-`v?+hj$*7tFjV?25
z0FDePlbZ}_I1e8TId0(nXst>S%0D;zFHYk`^%p}6qrhFtg73YNQSnw?$&u9<~d)TC6Xz@7k9qlN9t+3R^>f@&${B`
z2}JcO3t*wKtGSNI=E266|C4JfD}j;Tua-9$!X
zZE#kloK-!`_`g2xOw{2gbDc52fH--U>CZihNuKw(+Vhi)!f(%P&T*_FuCd^JlayCi
zqiDo?|8I`FGslJ(PlT0w{fv}$RgHbyYvPx%`~G_arh@|JfCe30{e4g$pyr_(01%~o
zi+o&sO59>5%dNNZ_(es1sAoBkPJO}c;Mgs*!Jlp~4u&j;R
zP1duOYGw9@ab@<@uLnAKP{}*#W5V%gi}q`9Ph?$8`!ep5-EjM~Y9IhMS=)^`^#oxKb12hCcBEm#sme<9xeT!Wh{2dhJ>
zh`(e_r;jY@cN$(Z_WJ*+`^!=P6SgRgB_3*WNmkZ~)C89JAkR9y`Q3Owe`^mJjU+}{>ftO(_KHZoP@79&5ZvV2a%YLgw0Q|w-FA&!AclxFWjnNXLJUA#(;G3$9!iI(R~x${VD62-|e&t!HE>lP5tIi
zfR0Zk8B0#z#ESj{dDv8DiYKRN!)B?HXxOMq=ImLBXO#qWsXUoTvSSv@|5aPgKpT?d
z+^&lIA`livt(Pa*75=uQ1DoN}yCU{;j#tIO5a&Ctw|@l5X_qHZy3t=Jpd1tWcZ`_i
z(PwiK3$4QgFSZ@D)&y$nfc6$n5#!JbyB7DBZ}GUVvWeU9unWmSGVH5$PI9i#l2WH9
zJfCASD>RgAW#L0|P4@y!7nHW1cdV
z_Q$sQM1&|<`+gPHn`}
zhpv(a`WbHWK4Z0OYYxJg8U9)Phc|ek-Dg<;>zPE9VihnO`mAye<~+H;(pNZe8e3r9
zCQ#kcHq}>9fYg33suzuN_+;-Ugm((&cB>#8sXJc#1V{hUy^K$)OH$#)5xhB328D?2
zgISvjHWEz1V2zX|^Nn&Zw&k=E)BTFQf90bbx7(D9+~&a}JlwezVd_F%E4?zxQS)Ll
z#R$Y42?WDWh^#O$cOT#|0O>m!wK$ZLJ%yLe3!s{;Gq-fpv^Zgf1e9@fJvC>7Y)X_*
zu&fgLWS`z3q{oMDFhdHZ^zXvMz>hVr@^hZmbE$BC3dnEid7<1fPfToX$gE)-7tsVV
zKHcq{e)!_FpqEHZf6y&J?@Pb+_KLaNOBuAUPJ0*5L
z#g!5vd=m@0j3$mJARW6gFAmRWJ~&-vPfA$tu03E=w<{kEf+fC95YlD(1eX3%78w(;
ze_Gk?*;x4TsMqX|@;hc=sR>vba=NSN_0L+rQrQeUhUhQUuh$#E?+N010Mi}#HK6=j
zElU_r0p5R0v+dvmL{T`g;0`{ZHs&}f=9*F3Fkhv%l0E76ac?9yDtDM(U_&-uV3`;0
z^nI)TIT0<3ep`byui028ugtGezJ@Dqh%x-TEM?NIRX}(c
z-ntG@vQ17)6ZeQca2vb_qiCx`!UB?*)})_7TFpxc^M{YuA84AyCvCGlnU09;svQ=w
ze>y3xpic^zjAQ9K_6}t{5kcggp(3(*-Gjzk{~M7479tL)^W8eL(|seM9&t^qwqUt3
zfYS2j#k_Wb>*<8S0)DkAgl8{`|97p)^yf-0fRpT2V5E~HJsbJ^uqXFD)QE2=YlX5x
zQJo8b3XtA&jyN&DEKR?Xr6Gr%yn*Il?#S9={}JWb33{(g2X~O%FZkb5f~CCsl+=7&
zFw(?Q5ZT$q!=6!=IpuZg3!P5!cHh5q!*dv`C`eSzJSJ6Xc<~+#cL5}bdv|;axS0(D
z(g{1T(OMi_MGpDhOQyPViFVLx=`JG3w|^&gxOSUF>uqGWxr)FA%l7fD`sdkI+k&`E
zP5I4C|E0J+Z~9eZ|0w+R6RLh+0ngPcV>PIZUd%Gy_wHcv7P;Zh$XytREz{zKOeYjl
zM7Qbv99;M9$E81ndixNNg+7z1a|e+cQJI38_#${S^ozVAD!d`DjwExDC1_5{(j%Xj
zq2G+abnK5eSMgSaamdlnM-+c^M`Ic;b)oFY$+Y)k7>tD+ox}%?4nr;f_O&B}<>+55
z+u-w`m;2-piz6<6>u~i~^&!8);mdfbZ!MwBY^aJ<6|tb`RO46o@B8zQpN=WFT@5tY
z_?Qw&7oZ<)-
z{{EB*%nIj
zuc?1NcsQIGl*ywNcvl`emGoeIitDm^%!aG;i}$nN&QRG{jpLg&c^pT^KWLZ%Ds$jM
zaf&)20tXmS8ijqM5UW3R5vzM00&(^s4l4HK;-zkSWh#8JXf3K~x@6R*)lpyoY2?jp
zac)2deX6$sWxGOhdDF|uraw_-f2oI~4aKOaJI?+_V*EoBIj0Yrq){k~q@5i2!#gD?
zXM_m}^zGLkDE>8Nc_(}(Z@(dH$<9el=2c}vS8K-oz*`KvC?q*tY?Ws2q%
zLb>X1s@lcXz=qGlUoPyt$uwkM+O=xq87+T}jM_7$t4Fzge*Ey@RZyPEMRC@*W+}N9
zF4}zxUGxfdYO?EQ<&g2jxmfn}gwv>gJ6=k{LHvIvK)17lG46KPn5-`PkI(NU7jhV_#Yb347dgwCA@9>G2CgMiS2o%Gue
z)y3FVE3cjd61pSbp5DA2TM)3#P=P3qCw)g*9?dN&U+kVIU=XjKVhH5xYv$p0Zq!Ee
z@nVq=bFGlbTb}SA$ZWLhGEGk#v95KgcbWDD-Yqf9AkirFVC?qQ1_=hh#tGKIL#?>#
zG}tqD?)b&=+iLYnpDi=S>JKhbXgW1oeHe|HiI`>
zUD`qP%~)D?B$Sy%pJ+dfKqGx0Jt4IW7Qcr}b!eGh&L^s!&l^^9zp-BBGJN&w`
zg2xq?4T%(!M>}VF#=BHXyZOIhC%R@z!i1uXA@{A-Fm4GGxxQscjG#DvR{(|_U8NO$
zMGO6emlo&J7z0?!A#yDP@)zRN!iJ~z|&D^Dv
zG9-kIoyPP+1;^UGi6c~9ebD)A69o~)Sz#DIDm!vd8}rU7y%9Zuf2U%M>!#>1a3?*Hh
zD!bv|g5T`tHW{kL35x^G?gJ+@g@VE+Yg|s$B9NfBSekGW9{8MpLt9jvl^mj_cp#Yl
z)@hBU(COE5fdKtaRC!uZTMVMmdj?uH%p0ym`TP?AW8O#i?E@u~
zYrJ1gV+-2&qx|{vOj_v0=cSYz9}X5j7^-jFCe##61+FuS{Ks36e+>tB?W^rz61j?d
zvJy!y_^V9=K8JFUX)BQ+-$@9UXwb>sK$BL(V*QlvQUxd1!^i~fNG{!AT8=HT*@Wl$*A&*dZu?S%}Z44Qp`{#DMD;U*g1W;{);+(1XqZUU^w@?FgOvE1gu!oYv?8s>E6PHBW9d$2
zR$3?_-;;V!_b;%hK$9b1$KDU|ogS~j02d+jkSBU(N+~li8ed@9*Ipu^yej3(`Q>)KWqSx-axI~Z(t8q)NJ0iNj>FB8M!N9W
z&?*1iyoz3=t5sQ-67+SXE5ahuRpY{JZ^HYzv{W!6qOhFuncRC<4T60x)Gn8uaNQke
zDUWFqGT&@U3fKR=Ss-zW&ydPbFt(;`~c71E?0!Q*zgU!^rMaFKf`i#l0IYY
zqQPIL|0s2z9g)^d6N}9`)6E{-%0|^PyrewB*!@@eUBuFaAF~MGx7zlBNZ)4fPo6$S
z>EZAHbPzE>nZ87U5I-EUCen(JA`DpoFhDw{04!!gQJNeh52unp9zdoSfdGKX@@+2E4bAU@>OvIlIqc`tEy%
zIDgB0_n)4(X571F@TnA&a&yV+6CDrT0AXPSjUS@ZW}qD%%lkZ|D;A7y<_fuTI+%8o
z7E^`q-i8ztGSU7i)WB^$LEG~kq;+O}8X>)(aJBC}P)w@weUZz34;UJ*af;jjpihMXF$Mu-xczl>c^HDp7?{Aj
z=O`hi^xT$X%+DjHXx-Rp4VoUiFn4ujt3NHXU*enA&l;9)9C=Dw2GH)OGb?z`NxP>I
zFgpO-FJ;iRO*_Hf;FfzkqwBOZ^FVO($3?Uh~4+(@Uq&nMQF-ocei>iK<}vs%T-q+``qDl3LeC{iGCA40@|e{Q?C!IJc%Ih&P}
z1ls@Cg5i#po>`669Xp2HTf^XAX-X@M%{;q%m9j{UUf!R+-5jTjpA8CtGWm{j`;#b~
z-jQmat@zU3kD2AN$xB%%u&os7OLO6+DR-tflqYLkVVE{e
zd808HHT2i?3$<5USW*k%8l%6!opyB0K`&)Qgr?cyvnhR{Ts?<}doKIN@35!(GYlA%
zf_3DO(#ddFDo%Zvx?Z%WV4jxf^fQMgBjr-|xS5`2t6}Tev)TX9eZYa)dYW?gsYBF6
zV$trm0lKeVqPSiIOm+Y=1XElsciz2M%S`bc2w>`Uw4ZVIYrfxnaqbo7=?L}7L@uX|
z13u?DHc@?*CAC{dlY!Bh
z)wc7h+myTR@v}9+jr~8YuHZ;!)G028J)1C9b}ux}9!gP(^b%9svf<)dw?=X|m+SsK$fyuICTzD@n8K14viL^qCF3|YdaauIi(GN8pS
zThrcCR>&@=YqKjC9kw;?U4TLw1wz^*Yai6?U-ja?G{J1ng7(xVc)O3nAPS`zjgbWy3+XVXTfKewY8pq
z-S>$1IQ^8Ok}>UX*5-!MWZSHoFOLi
zCB}HQ(UT2w0uc9So!e%N=5uG3-ztuu1|cI%v#Zdc*tJh0F)hXLFFSx}^(%HPFO7wU
z&`Y13HQf+MGheF-asDH7538;+%zwv37XPVAt#3g?@s{(-+kS_~DJKSLRqh0Ivn-@D
zFBbu-jK_7dYhA<0jc7flC1ErZ<~M>&6v;=e)uXKmA6(UDI+XnTVoAhN`>}c_V6jJF
z?#|zKOfeKD-c?zN#~jyB(rarb0+=ORf-`jNUaSVI&`S+)LYecnKmitY3$kEy@drwi
z1pDdPGl0D(Bxs;g`*s(qM8N`WGnavJysU#1omT*2r0|+Aj2Kfb$>C<
ztiH1J-4>-`>P!o=CukVo_XY+Gw*#sBcLy-e3fuV(llYd9Flvq*lXi}qP7)O(<2elX
zF{Jb*B%aQBj2})&v|Z`@8vkS(qptoNmF>u^_7<8tF5Ue@rCl99%ACl{jT$++zx~As
za~K~&0R_y9qQrA{Guuf8?d7{u)PVVdiN;cEBn)_&;^FNTt^OS3p``~-5Eg0whZr5G
z)dGQ#mvpDd`^evc6Hi6Lv0bp(bd6fT|NI4}!CaWYnFYX4DBB6WRQ=T?4b!zu-q)hX
zuXmY#;S%AF=R$6s-(ODRio|xY`0<~qoYiDrKram5g8>SSpFDs)A@9EeyLgzb
zT}d9>m(D|^uwfp7>)*AQ4%tmi5eKvE00jC_vBjq<*H1e#&N3f3y?A$FhL9?fGoQhUyx
z>_?FguOr-9%@{T4-9&WYM~_nkF?(fa8hC1f7o{`{-obZfO{AzC+K
zaOlD}r!=iw#D9E!qHwGGN>+6!Gk_f(ANuf{okuBo4ok4{8P^&~ctWV(j{cH+1MN7a
z#Rv+#GM0ixF7}Zp1P`HK0LW-hqun>C(6PO|d09Q{6@R(p$nUjI2R0Fj1r)HK
z26r{uEAST$DB!Q_nL&ns+HLbp@D4QHeMw+y-a^2nXxH#^jX<>xCwo6uDO84g{;)pE
zk7aT^i*a;?J02LZiZ*(?7L=T6$&HU_{=mo_jCadgT?WqJEEajG4>?A$R>tKlxE8`y
zFlT(TP`+c`eWtrgz4+K-k4wwM9BAAyrW^$B!b&Cilo53x#_yqNZk#dUs*OXoZ9Swg
zGRm5r>B8ogo}zPbk!-ilH&7;ZF-dvgnQ(jGkimQrHE=1g+I7J9EDmEW#t27ldtke?xvtogv>@Tb>{GZ^TFYV8#c|Vo+Uo7WwYO22-2AeGPP|*ktSXex-3L+Rz
z>yP8yjb`IX|Je`VweN1eZeKn4*T*t`_2V7;HAOhr45JhAuviWasOIU_*TFVAR60gb
zZmhHBBy!>Onu1O7pM8>lMXQX5)%in?$`|yAMkYgxCET{VY_MGVPv_4I%aRetmo(K^
zUac(6+8wyWm!NH;AUgqYrVFe4*`>cA;K6Po;f4
zYd~m<&I5RA&itQa=!MB*{03P{C*M%Y$4ZD9?QpwT<~%dn`L^x#4+}iJKSgey@m{F0
z9!YBduUTsEu_d{|d4b2aK=dQC%V$!D_jG*pqb&x@M^pEV6zfzfygLP_D%svU^X=De
zY{A=zj+dPdr(fs@iihHUs)Wmr*8LRZ`DMkOs{S`W1*K5R#WG~g#C^>#
zK3YlIbn>@~WXmT(o=4r>>7PXl}vhfl3_;<$k`Q-(GmAB+D*l@MY(qR`fesLsY|(
zs-#7g3r^{OUuokSYH;D+?euz$2!ChlW~?e{HVb+?o9TM;W_k9IelaB71h
zE|Y!$EW9N~izS6{y}h>vSLr4^TD60@Be|Thb;$;W6-xf{Yw-7pwGyl+FGi;bK&uC9
z@Go7|fW~hW?rmr6mO(F7ZGfmM2=BV3nss0>+(Oq}=_Hk616S%KcZk%2Vw%
zpoI37t{!a<KT{*$!lN1
zd0mGmu=5#>3#qDiIrFoGLr*|fzMbEv^7cq(mWJj+d^#*0xy>hOkG8rMDAM#
zDhte)a>9Mxlp5aL*Wz+x*I?!uN^*@jF3|jx6$EU=qsSLK>i0RM)qQJw>;FVIJyKAL
z^tx~L7zbNV})hUSsJ7O!w}v?@vwgHoF#E|`c}rm
zmTzP`IU&n-Z~1bLk$J^z;WB}ySkTWWh}mj#mI#FxZ9+g1NZP9;qg7CofU7X6q95sg
zmcsLGpOW#tANl=2;m!)N;U*UJVxDH?0)|~arp5+#?zB@MW^;Y~JVuax)-YRPLwS*u
zgDALzSpT*IZ`v8JsH+J>-Q&_8{PD5T1^hw>z2q^!!+k9)NcRdBWcHW<@^XXR?|=iB
zg0dLKMYm5i@k&aNK5G_Rd}ykBqN;nGtpB*QjNbbR
z#fO6lFZROo^!6UNDyrSD)_S_UW?1cX&4_*l*T=
z1utJ}vdw9%EgwZ_jvy?A`E9mp`RpI{JHHm+r{x+bU>`S`yb1^wFZxq)AaU*bpx*3x
z_Z!KPL1A=OO(cH2Aqo$wE3m-`PFCdn~z3a%9{T
z1r^obwlBD5bMI`|eZj)6whK8<7YP@Th2(H=Ke$;tp)V4|2c+;OKcN3smfWXvKj@Nm
zFe`T?c9oey1A_Zx>GEM9zEE7*%0ElIEsyCJ2%nH^)EiZ3Q+KWKhhIA3*KGOdEa6j_
zD)!x=b=O?j@<~I@sjA_FqS)Y2x`#fugidBQ?&<@T>{k&W&udNJ1~8ke30d@kTh7X=
z+Z==UrYaq|{s^GMNlQVu=Q(O-{rL#2#Od-K*L`b;L?$nbZJ7alj9}?$eRz;~OB4;D
z!?B`Oe38o}0IV(-Fw3V7%2#>F`Hv=(a=YVo5Q@5-_==4a5a8Wy|RM3D*fIY_j`PKIncBc>jZMgcO{|HvJ1I
z#may>(ue^%M{1e&9W|fc@j^H9{TSN8&j`~tku^xR(Bxx%7hY74euwOad=g6{5ta~~
zR=K&`%&~tExv_tM3g16yb;o?AUr$Iwt?pe|UUNQ*pIlxOw?}Rtb_HEqT64N(qc!&O
zhT*ZU`Ij_Ud_1sYCo2JW5iW9ot$j{7V4bNJ!%^e*5BN>q2@Oh$nNR`-#6;3t`OvV(+8?WncqE)ptnK>#@|;iSpO5KsNA(2G?*1IhJ|je
zF!m761KDanUxn0rC{lz`HTt9%2jvFOFyK=%rJKI(Vh
zj3m1at{(xg`jS|B)Fq;6+;O6>L@qSTZtnw`$^+4E75Q>Y2`hKBI4amud9n^=FP;?m
z1T3rWfCtEgJpg>=MrRZIhMI+Rk>||!66ST)$iqvzKfz%uXI3`Hl4YK4ab1cZP)kra1Reic`mUZd<|8d<5nm!
zVSeQ9`r&Df^?aw52LngVHo_v@n4^|z4J|F`1%I3~C}c=y^h3szAJXrxv(6lI#`E^F
zIeOiHJ2idVk@4B4qgM6?OLb)daJXA{jB28QeE!BaF4vBv{iqL&2o#%hXF!72_um*x
zGq!K0AuH4l_Y}!6^CPkbCjhfMyuao?BXbSjnJ78)tI|9H2$!7Mc2J1(b`M|U`qTU>
zQ1(wO;r1uD)jd{bee=uRMrrhuD}$()LrECQfpOL;aK0m5o{i2*c&r+oE}KtNGOfKL
zTtyBFa&Gu>y#3ZUw!P9mjzDrXXM?`b;7}RA#uRkd8Qs?%uMCK*hZ;XZe*V`qO-A`P
z`oBIwZU6lCDCatjs|8H=3JFix4CXW@>rr1bPAE-%?R|6>UZ9#ip#1#`A^B<0y3*4r
zr_yjO`>gyEDPhCj-RbFPQ)pieZX~@uIKG;t!wd^jDq{R4G1MoI(qjpUN*{*rxd!oK
zpZps~r^@t3{(66{nft(HYT?|!%%|86%A3D_Xz*)#mrfjL4fBUX@}WF5<
z#bnAffQ;@0s1z0ljUA-fY%&G+_wBt}`deEe$^-YiQwtD5tFeFG8Sv!k0Zi8bSSMTX
z1ldxk?Dksmpr7=#OKdpo#*@Hxfa>Lhbhqz|PH5eyvzeycsd;_S9YR+0Imw%4sDxJr3gXrpI=5A{dgy3agCRyr<^
zsLfB#_x!l9l2!yY?LsU*Ex5Ipo7LF&*)7z~bVI|H7MYlhs_hqqTjt(e@fs?6NmUo;
z+celZ*01?d)}qy+!7m=vB=_z)@0z?FY3WSQzA#oHV<+Yo3utY#+%PGn9~+c?J2yc$
z;BNRp%Du{GO620E{SvSC91#5OB5z``?Bu5|#~#0DB*g5UB%z>YFFWj!RbZ;R
z$j2}RwM3q?ix;f^)k-uEm-|~8m9Eesz&n}bwI!*sWpy!~rJMYNyXFRoq9rRl>6J4-d+=<`c})UeyUJT0Q=ks9~u#Lli+bXB7
zfM4~c^7LXvmsr8{t$(L^8Sc5!(qNNo2MafWS9Tf350Q_Y48;AF?@J>)5lpY4@@=ps
z=S<&=%ANR!ADl3rM5amW!W>L9$UlspwwBHsfBQM@JJDWTmJ8){jmnb0&lKpLIPZTu
zBgtSBeg7VEuU35_JaPaX*8`Kixh;fanf*v$*?e#EXL0qjU+gc}U(R5D7Ut^;0rSbm
za{JqrHfy3#`)Eh1eC(;)SZLL%<|UkCy12|hA~7S<*2Qd2-W4!ij*ZNqT-xt)2q)Y9
zZTO<_A!an~HZGJM^cHf@q*=*(we4aT;T;s9cyxE0mPb!(qTLDsneTAKr{%YzRE$x3
zd#~I1{*R{f4r=0i!@Y`v2*Ov9UZSFa(nXpy5djqi0cldAbVLZfLqG&nn$mkH(wp>7
z=%I%mAVBD$2MCaaw9D_#y*sn#J!f`jcjwIhvHPCq{XD|NtGoP2J9VYCh3abf-gyYp
z?rU3JVBD@R@o(yUA+dLBZ}RN^ZaR3Uz8z&s$gK-95ZCaA8nNXEZHrUnFt{Cy9|u98
zK87^7@o7u1JMQ`m3YI~GP~J>}vUdfJ9W5wj{-)MWy|VZ-OVKJvgHU={LW`G!2QHRX
zD{q}@!nH!=vE+UrCcWv%-UrS+#nsKEf`RVljXH}@sg+{CNYH0hDq3f0fbX$FWnhJ#
z_BEj8jD;n&*!*_yIrKr-#lC=cvIU}VI}*>tY>(PHlul^R-E~B59XmQ2BdSS~jfUw2
zQ$0zU0^6#7mA^Pu7%FxbWw{yJz94rqjaoDN4O}Gtg!&$h-6W|6tpm>Kj~|!&TMW~f
z#+;RbDaV9}K?oI0$tmqrd5Va}p(5`eGN0be02l3k>r+|Rq~s+35wzcM?<1)pT_Fm%
zrjR3M@@@C+Uyv3*l3E*F1FrI+cYk{5xA0SZS-(mxl$#LI&O(UbqaGaNFD@M|Krvhg
zSYihVaW@3l0E2xBl|6Q!4@R7?-yo?yBPEBi;l&wzTO(fI3$X7dQNwiCsp3~Nt6T31
z>$Sd|>)Kj-I3bt%=eUOWC2t6RP$d1^?l+{ZLZ+Ftm-f+X(*tQsAD|NEwT$KzJ;aJ=
zfZv-q$)R*AGiI%mdGbDtLR@{kQws)l?rao()f4EO^znFfFVeXxA^8_Zrpu!4Nj9$VB=Lnhqjeq6{aA^1AXL_&Q3
z_l?C;u)*JxGaZF%r(Xq6pYpuZ4F=s0o4V%t7x^S$x_{*z#-J5rN9~9;WKz@fcgeq}nB5?9s$wNko=KLe
zUyc`~hYQR?QA{=wpXRoktC{o+`<{VAH&`o1wQ3}&iNdnqOQpDn9>k%0yp|Foy_?Nt
zd)`~5dzgL$94D~e(;m=cP1G`_cgB3|6Cjkvv?t-DOnF
zrXYHOmM{QJtQ~N42y)}Ibm;Nr@cPWNXqP4Gn)5%6YwAvUF}8_}Wi)XBgg9NTMy~6n
z=@ezRev)>ilZO0L&w7o$_AsFR3Iz5^`SX7e+$zq%K#B~w>*=>qR~qOh&=!A{*a2-o
zH!ir^ms;oU)-56hYSBJg3WKfrnzsI0syNg4IFb9MTBC1uVH51L;&CN&e9~+l{VfgK
z&yL9(>u>+nxqugC8#(4v8en=&{{}16Sj&j=rrTk;%f#xKGQKNxxPl;O|jA~k^93}39Lr1DA(-9Z?K4d>|Eki
z7Md3{5?OPkd40ximrHRUn^)mQXR0IT6ttM0n0}c^F&*=jDDXlkpAFZEX+V($dHdg*
z?lEM8YkcOqGbn22eLi!OihMKhA)O<)HgJtwSTbP$1xk&LJv}OjT9=_TxsdoVKxCq@
zcBlwI$-1p+LWu`;x=%2=CDJXjyaYuh1>`czV29tRx;Wn8O
zt(6Rns1Iv4Y9h;wg=}h>#;#Fi3SklLj@YAy(jGd*^>XjqUn3ALHKJH~i(`vyKHR@@EP;wo@+d
zNuKw3Q{499EFJKR?S|6(7Li{@?8EzaV;w4@PU#*e*Nsb04ZG!DZB*k__4HsW<2A|25QN
z&Bo4u2G2V*6S_vV*sIJA%{+;}DM+)vJfQLWS{oej9Rj
z&;)FDti?G}cJW!XE9B@da&=&eV;Y3oNqj|7K6zMnjTd1qWsBs>k_7gV**g}jJ01{+
zSFg!%9*TQy;eC0)|M;08KJSjycn6M{uj5U4pw|w_pHz!z9U{oI7pV~Lxc-1d4ycp|iyyoTxyY(R13;0#q5o5-&#J|S_nOf0YNEm*Rt?u3~OL!1+Y|Tg0M_s
z%Z<(cKMq(mgYdJ_Iu7ciTHLDhXA<^|sjF=-?sFY3iFqpI=kcH7Pwa0ssCg~r+u%>K
zh18Zl$+%nG{CmXWo~#fwwtk-zsBrN(r;NkRFQ;X
zUSEb9bO6@z(Jf=NO4q$!R2U_?k<%ymia*;47$&WdYs2r3oqVdjwW)DZ6XE#uxy*Ne
zDaFB7Zn^dog03mb&V60OoKjaMuO|Y!Gbmnrj~TpCADZbLj=r7?*b$K4%dGfJL&}ZxJAZI$3NEN(v%Z@4jSqMzKRwl(#EFM?
zf1@gRoJTvYlTcarsSSl4)ct3a|6nT3O6rutV4(OiWD}o{gbG|7>Zcl-iC@@;yk%(D
z{8&x~GLk^k1QjJ2bhYxQ8h~!wqtS*pj&6R7b0w3dnUh1~&jL{9T1!haPJaI6*0yLDkl%nq3JBbXMhb@$W}?`AkuRzD_{qG;VYHd6VkFtx
z-f`83jR-3)_e;ktJ28RY@#r%}2F<1hgZ9ADSAw`;IHz|R?&XK>am%rw@go(cYJYy0
z*or@-q5;go^$Eq8MvXWTF#-GPb}tWx8gTpuV6;G)9eyG|(V7DkNhY@$rB7)-@O^N}
z%Vq3L8~FZN;DGAp_t1JvKFG1cze1{a_K4x|n*J~T(j4u)^_we8LT3C=DV4i?8=xY^
zcTtN^BdImNP+u2^PoZq3_>r&`yrjF6)yQttW-oF0(zOwYO@xvQpD0ldOt=NBfo#yroyS>o8xOJ
zX!RJdgK!UM>|4Et+1Q13$5#8O?!{ia8(*c9TQ1GIbD^&g|4fviExBwT7Pxn1b5&S(
z>cv8OmQaEu-0;%rWL)+YggquuHJ{17^3eNyTcPp;U
zU>4KRIL4whl`YGuCQtDD#6I^<;)U9DnKBhieaJBXTimyMQBWxefA)DVv@s&gkMRI_
zbG%Nz(oSGjOBQ?D^z)4~6`Y*;=SCoKB-{=jG#>?ot%ztd7+Kt1}cbj6<
z7X{bJA(D8eVNI17qYm|qciXHtEREiFR+VVD290OI>~7IOBJA>PahHX6+RLw4JA^O~
z@+<2NuRjk((n0z2WWA~Ys6L`Fc
z7#z50&jx@>W~5X89$UjSz-We#+LMD1j*iS%c;bfE*4*`@Vr3`RP=uvuN2`*fBMl42
zL$vtSUOfK4=vep)%KtIGFftZwD-5JE9GjtBFho+;72Lrq4&YDhS}yMeo;D2z^LA;i
z5|BY%Yh(;|eAy)VxkIxl-01c{H=YE;devXWWW<*E%qR-v4fkD)<@HOZRnJ2=@;q09TSk0-y7-RxgwEoJb+MZi!O{EnH^seY-*IDl=DW8Ut-C%FN-rnT%RR)sb@2{=|KEL
zRS?xo9oXSUu5vHmfoUuR
z#q65FNWb4(z=z(C>YT--hXv#rQ~8R-yBFrJc=SDUiMF?qT4}lXvBuu0-H_;a4FAK;
zdIZ^2Cchez&Pa-wsrF3#?C^yezrgN$P24fO`t$Z$NX6B2*6?QbemNliV=#gV4?t`j
zDrSBi<1U6jREbS0Lu08QdGc!1>S;N*^f?CZsi++EWc)nC84OEDDZ{mw0DhA#)21P^
zQvHYdKc06dW`x@zKD8Lf^ad===sOylO17&Ak>T{?RBjBK1tfIc>0KyMHM{0zP(hb;
z$tnLZnD`jXewN2my^+G;QO~xG+Dc_%z_-vGW-XmS4Y&OOaNM)&?o(I9P+Hlo*L>c;
z_{J}x(e>m=<0$X|U|AtAzG=kN1peXfaJhf=TzQ>+)3`@&88nV(I*AwhwNbQhGJsIw
z3zG7told{;xk79m%d)lsYE-@zm@@t_9eWfQMD2~>bb2bkp8TEcn60{zp#CPURK02r
zeDh>SIfQ)g6-?T6D8lhhp9kRN(KM|U7tH%odoj+hZuL^z!%HX^x&Ta3`Stac45X
zWIdkiF^Fn{q&mF>?4~JaNY#=$@)pEJA}p7t;cfu%ODqk>F9Sm@50Yy5Gs)#J)ZUrb
z>X=5HY@C@Cc!+}(?5dRNn^IM&5!+%0yz%WQ*v!TgVx7w|ma?!-v!Q#p!d1TNg*4PqLMR1UXpg-PdbRDnh>Cs+jtKON=RE
zL6z(~w%ybz2rVA*Qy$m^z7Ykr5}SAflRtLNsi!pUj4bfJpzd96iQ4eWq^TAwr3xsw
zKk)%SGPRjf@sm@w+;rRpm;M9!_$R+mG86A1i99H0+hoXKRu!YQ28>KUQY4BxQQaRN
z#xz{67|$cgn&q9$@tN%=YBJHoZNE^M56g@JsFA&uc^BT@lGH3g3hm^sc({yhW@k&5c0cM)Ultuu&4jrA44s7gWPh#KIbd6
zO3bg)6}-wfP^e(Lo7K|v>s5WGQ9vK3T!*XJ>8RIX<08Ku_F2TiId%ECFY?jixR7?G
zqlf~<6KW{x&+|B}2_=gtEG>Ke42c*^?>$PM{KSWnNsTTf8okR>`6>tkd4x%3d1mxM
z%wu|MD%OJ{H4Vq`5%wjnE+44C&j+Z8^Sk{T&%mb@35kk3NYkmp-h_nXy5kI1zqdcP
zh^Q{IQ(y8L!AO0oPkifckYXtxMa5$59>RL~@WU-VM8wJSVY3)t+oo_|`FjGNWMMZ&
zVbXpw;x^ZPeSfr(oV(Ad$BkGmUtU+`FTu}_Z`W&xAGH_v9PW1gBvd0f_U<6uTve>2
zT`!o4G4AnUyq=#^@vY-Q&+4LfdL)&z85QkHcY76~KBI1*BlP%>H@|)`-HT{FdR#A1CEHDW+eP+UtUfk*MkL6s=||H;T_f^J}c*
zqw~HRsot9uczyGKsd{%~=juNn$Pe3{H^r|Xdw-oKQg6>t>#8+!_Ui;6f&rqVasIjV4+isR_LfZyG6%k=UP{
zLD%6mZ}(Iz1ON2hDgxte1@b8I#H&#JZ(DcmU?*L4>P`1S&c8aBHqG@8vTm`*Rw=YS
z&vXD<92M0rbZ2!-iF%dREXylmU-{R2r!l)K
z{R{XlZ1)<~STD5$mE#v}8;mtm&Jwiw#Zs)p1G4prsNz$C4wSdkIk6M9Bm+WO!K=hJ
zJr#NIDlE9hLdD339SyI0wr4j}?I(pXW#1{YIemQ)!BRX4OZh|jN^yU)>b-TcbpgGt
zG}ioUqL!&qV|n^y?5pxv)OmiW#p&}XThGtP95*=9vYn?;SHN~UwH(2@v0`7Y4A?o^
zGDy*!lTg-1eC*AuX}-USy;86y5t&yHn{VXUyR91}Dswu@cWi0p%
zANH%YjAgxD;a;l}n@Q=d5nNSwe0#X8uzD1evU22i-@-jwtng{8%u?kV;r++F*cQBB
zI0a}mrGFe&RWL4PFF7NI=X|%e%drjtg500M9B=Kg9ivS}vOuBe$cry6xhyt+73qph
zS~3i@1PB$_<@N&K53KXL)%yyS^MyaK*DoAXIU}j|ocL4C9g~I3*>%hma8iDsISY99
zZXWr(YWIcQ0pVG!$|mM^L@JOMeGxW-k2{bx!C9j%x@@B>Rf1NLBd4Ca%*ri3$D|(~
zR7Xh#xQ4*7ajT-oQujKBkupjXd9CSrVAY4Q7SE;zXV(A;GA3UTwV{BfD
    FaCS|`O
zcbqdKo?0ujQX3(=RAn>pIGp3f$Dni}wB(ZF-6`--1fX;seQ#K5{vejNk!okN;}su5
zO&q|k*{;mdRya?8d1v{|Jibw{E%1u_u30fqZrXSa(-+S5CB>b?>c==N0UukvO%udWy%!sq6M&2M5W4!j~5Czzf?{Sk)y2
z?)A$x6D}S*#ZXOqaVo;^+gsW0J7|iyU!?knIN8yFlR9j#D=^8pU2d)?c_TPYh-$+E
zPNHRncE74rWboT4)$rRe8H>E0lGX}Gd;Xl1qqBH_LI9RorBD-Iw%(4EQGU3bXk069
z|IO%2h%B%}xUR!JZP~_TIXYq2$ArzNaERrIhs_7h;KRhwDsx$UQulzK{yb*#FGgsC
z?Y!YN)m3-z{I`)M9y4)jS)d{$Fv}l#;`3kcRm|}HwsOcf-mkFMSFUTbhvX}KlAVsg
z@5FZ&UohR$n+!72KW`e>{}{jfkO=xC22ft{_eZepphC__3#Cnxfg_)DD>KbgqwdAtBP~EfmY0E{c08siq1}3!=c|4@9g~WxyN!b31@W-J`dUU
z8B&%LKQ3?3`{c9v^jxhR9;Em`hY8nIQ~6%?=!+a?-9Eg-(3(x3g}MT24@Ng|Q3ZT1
zGqnC8dbS2%TXHCxd|?|QULZRlm!(U2^i6EtCyJ<|s>JMTqCu6TugI&P`5k+4ON$Fq
znB0QV5o4Vq3a4#|e^|KF?diOuxvs{iPZAX
zq2#TAg?}1PKXL)Yj~YKK+5WrZzBEGl)%4j;v(L$*A@l3D=a^K5D|319fqaldcSf3N
z402#wYb!oke!y1+JQS!JkZ((LGO~O|v|0dBNA(s!LvILQeJ07VnCvC!-rsmdoSm|`
zo$~`$>bD8Zg9h;eY|Ui*Pn9FqEILbMEg^AUvJX^N
zRUAilx3^Qb|L?YRwsGtoSTF=FKcn=t^uxXcloH6AoN&~%N{fmbrNV&=zEnPnQF#+w
zSTkbOta1!$QaOIQ81Gk4p$;HUtHr3hP_y<5X!iM$-yEPRlE@E#4|d$8R+9dNRe~<#
zZnnH_4`Me(U${W#G7$WER_M+|n+1JNg@uI0+H638H_5Uj3PyPQ>?V5|g7u$;0fLny
z8Gn6AJXcgye^k>w0DUmKREr;7tg3T3%51ShPOd6=!+t$#uVFM|Z~>=CF1dT}Sp@se
z{;wmV^#2=1>^;wdUjKubKqb-toxvo8tlFxSpKgxg{UI80)Rh8fh@Cixs`t=F7B1>I
zz4k*@{=8cOnNSWAMkk7D`UgWJjvHP|giDjCBW`@+&$38M^_$8pn-3GB0#+jK`NxC!O75!bRP@D(fGJpmTh8RJd|M
zZkk{Tm|7CE7pL7<>cBC6W!_aLbB}8jKT6c0BYXOm=WRDRj&fF@;u
z{xFXd{<*hqzoiIs@CRBP39x!w1=!noUPZj4`U1@&&?G>8AN&R6ifk6_>B;oevNvzH
zT*YVSQgz@+{)y8^`cUOHnZ0S}Uh7H=_WBl#-rKXCrgTXPbNY9gIKKs*uW+u=$T`y5
z5!87!LB+fkWN{K=ICPt+a=Ws-p7~6aN<=Ekv0M-5_u8Kl#
zV0Cz7k#bM(EhWQud>{Q<$LeIpgBfD}SW~aaZ74?aSBUD^({n=JvJ3_56gb^~K&o}+
zyB2*p18UNMbWDR*{az$GS2|FbBE}%2+2z02RGS%7vVM~&JPv<0ReIc2f8nSeI%EG$
zz{DiX?A4NC-{EiJ0f*L!IQpdLeus^@~w8F=ed`or5a4@%@b-tXy0?twSDUa!&f!u_Y@e}IhG>t1{xVvFy`xm~JWn^=
zl|3~28Xo71H$4rZ@P3^_1UiI!0xCTJMIg(mA2XyvYF-W|ewX3nL`S6Wk)*F?M1cbI
zy?meidnD^SLE|!bD^xIJ{k65e^Knnj>z)O(Z)i5QvTiCA{tYQ40kmkh41i1!rsY6tr!J0F$RSX#=R6eemx#3{_zrKChoDMj76KutF
z3>DBM0Ie*#WBy-njOd=*kSCzfw!*V5TJon4$B915EE|npTAQYI3S+9}ElwgAj+~qr
zqU*u+=vO*Ub&^5gmup74nSmrdgQjTIT*<rw%!%J6
zX9tBy?|%af8xH6{GV>^Y2fwwy;w{SlU3QB){0`@9*>Dr^0!HfGLL(4!wC%nD5Ub4*
zUU8qX3sv3?O4HWSrS%i@yXjYexlcw2Te>p_D)*e45H92tDjNo~j?!`kTA!eUPqS#2
z_STwU>4AzY7Ix>Mx5==dLCgu|R`E5@R9JsQ65k@D3U(tmv6~TThm|jYzpu=;pmZ_c
zloam7c7nVucu`PS@C-5_Yo2E&N?zn2XJlwv8RQKaQ4I&a7#ahQY=JA6z(T}Mqj;xK
zhC*9U&i8wFX~YcY(V9=ose=pa2Gvhsr@%+$;9OsC8!unh;$c^^(T>$eMav|kH*X7M
z>pJNnx8t{!S~{~E;TAtJ7H!1Ub7w}
zw_O}DW2XW+u!zM{CFazc_t4UC{2LYCs8MB?r(zxsgXj1haqQy
zj;Jm#f{NnVF$?ki&Upf^TZ@dB-td-RdyRoP@4zJC$-6KO5xRM+#|dap>~XXnHH*^K
zKlvDLAVUm?#XCb_?NPeGO~c4`iMkZ@0f|0Qr(y=15;*1eCOY7EL2T&4Xifi_kr8s1
z;kx$bTxh8)l<|SSRxfwf)VGHDn?CB?z1@UJCkf;3+3;52kLvGx)T)oOdlM(=?tiYw
zlc9#lE!j&fNeJrWlT;x-lcbN_Kt*__m1OK5wf4<3c&BV?l2z%j_szK_SzJXm1afsm
z4gDBP>M2sJelr}a>7@1L#(YxlkkO+y0Q(#5N?R)2l}>Xw`F5N{ET
zSR2_oVbxQ)eLGqTb&s5EUsN?Fr;Yzo9C*U}k;$h_j{o*3STIA1^@?5HHMG`uY(N+}
z!;N5c^biA`7sUZtWzczELuB@ePIsZluHvyRMelg?+rFsuJ}xcKZg30i+^RfsTCY(Z
zHX6qMHOA4kiaY-9Tl3|LEoKd19!^7l$AQ(I&-CS?1Gj&dYMD!w`|vfis93QzO;mLS
zfcr#_{|1GnK-t;f!!7k+DQuc+K&UyZLnERjr>)4!w~vwW^k;?LH~b%bBRC5rL^Q>8
zudz0Ghnme=isUeV4t~+l*>Z-h9I{itx>D
zdH6T;#+yc!gO-v9SK~Q&qf&_160K^>&KajdlOvtNfY8zwu1Tf<=iq6y|hmeL^^%;a!cdh;L5qY6zPWAi$vn?#h#iuc}v+
zQejI(9$7Vm=5wiSw@~x@Y-rTF%Z)=L?L7g)6z&FU!6xZ?fhZcJXxcQ=OTr{!M_Gl9yGoaUIYB4ko!#kc`6-~>+!}S0&1kCt<z&
zk(FbvBVV?-mGW;@#9l`g*lzx-sSsy?vQB;%Mc*QjYF?7^SkD+g)QW;v0n<5&H%KEIvSarF@
z^|{6D`QZi8E?g8){of>+&W4<%JGi5#ecWq;5?w@^F5;J*PJ}uq{_sB
zc|YsA3JyH7Nph~E`=CZPz3l8Q
zuj>yxQ%S%}+Ih3jRGjk(-kfW9G2UTp&Hm;y#Q!eyuVGwlrc9n7sb-^Seg*K0-8ujJ
z;^g)|KMEhbh7<0-O?erC-NOM&RmKk#Yn|wkKNldkt36*jL~&z>cjtEWTgBjROZ9jb
zcxkwbWLC6u8uKBZlMl~I>7nEmmxpV+h;Qh~(VWKV7@dFkb+0;W%h#YTS-foKKJ`PS
zQr`cMQBDu*7k~+$sd&9Yrx!v(AT4EE`!2xfCf8HB8bqSwvCG)P_
z&}uxEs{k)I*549q_;!T3X@*z6?3(zWShnY1tbbr0W+D^*fJMHB;Q{4Q@elPX9qRWp
z`p7_$y*t$J`49kJIrGcvIm2G(K+d#96uFn+l!h;V!73Sq`im#+2h%}y-jMK8=Z5gc
z*ltueZe8KCXh=QqB3H!gl__4W1)L0;-56=!Z?dm-si*zvf9i(j~5t%1kl4XKhQa?
zRa|ym;<-X;WE})PAQ;_E3P<6YyX-Du_x{(twa)R%e0Sqx-Q8#yEJUvvxE7STcKRtXN!A~ks
z$BTVaVLGJO#Fwb!nZ5yN@EUYJw9lGu_&v(7f_W_BnM%AFccyifXuzT{;PZb_wSTXJ
z6H#c%vg>-+=E9BmR1Nep?;D4O^9cQR2&@
z3iU&qgTCp1GAHRpJ8R-4zkyQNalFT^Ht|{oL^!u#>ACw4cr?gf_6k{P@61*9@IQ*}
zaoB++ci++C-6azxttaP)H;0X)yniK|`db`uE2(?4U2sYtCFZ>as>tc(r4ww;txY!$9#pcS`B_%cH!HkuhLfg*j+NI?Vc7?6#1lyo^4#
zK0@2@T7?Gkq?x_wz#lPeRrL+V#p=0Rd>|P-$LI&OzyXU6I;62apO_@toNrDq(nzHE
zf2<_Bmmpn76a|FM*x7e0a+_Bi?`ty65KT)Ov`f%&eaHOsYiM*Z*w%P~Suq`Cs2mNudtE-{!(t16y_P))mUtHbCYTh@4weQx?fnOP{}BI0C?5kCb*cW)g05
zb-KQq!9{;KG@Gj=&}yD*z;Cr%1j9)Bd;yVp4a`o32`IpJSQX__XB}9eZ@w23=S|q$
zB3=(tkz&fKN$xX+|>d&(`Q9p=aP
zvK;fs(#Aj!Of&lN&I+(~+W3LT$y7^2v`_}F$7~81=%z5KO}KsW*!mu_i!Q8dACqFc
zuZ})_MXsDCf(@d$N4smQt*mcv9&>Wl5KN9no^5(h;+XCBVXe{akQCO|Q@#z~tIssJ
zR=yTlD*grFqT65M5;f(rw8|Z){)6T1`p0&q_`};-HS#G3T0mmSH1_EIG6tPi3+UvVWpEPd
zn4c@W+V|;Qr@WJ<261;Kbz!fv#qN;Dq0{aZoG~y?b)`KG{SU$H?ECFuQcJG4&lGRv
zZqP0D1@ZeHwMjmdB*FV;P>#POTNcQ#rqbXhQ|+n}*Mko!EjKb+&;j%hH=?_#zKZcu
z*Z}Q_#IujXuF|1SC|Y;Nv+nD>(+?I4W9R49oZ13zBDOXRX`K$rq2RxC)|%q|W14)0
z7dbd&_K&)qKZlAhd`eW_p$XV^S^bk@B{(1lGikKvOSzzq`-fFFs4MHV`BVElTu@uj
z7O5M*j9J3|3AhA=8~XW{3GYGEu@$&2q=bgmnSHlRaj&8yYeTZ@#-p0nVm4o29pg%_lB5j@}lNguGr`&MYXn}ek^@7AzG&+~c>
z->5qvJibFiPllGm0)so9?7Wi(h%J8gTtF;T86)S?qBVbJ?
zzBl1i4Kf$KN(@Lo0QU-2ntv{5NDz|!i%BmE+Ftd2?BP*i(NMX!e3qE`RJnLau(ael
zpr1Dg6Kr+$RI~4s(?MR9yuS&a^q1*kcIT9=seh~c;ZY>E*N@fYYp$+e_pbugCM@B3
zzJtu=TiK1@`KiKe=76|{@;SGz6D&
zR*g%)s2jUih_V}C0A_Uw_CaNSr_hJAgdl1F3LCm2#D7YLVEC0@k6{KVjj@CJzX0o=
z+{p-~r}df1QLcB6&+m!FI&S;Z1X4kp6?D%^9=D-nTOY8nxMbg&WRnHO1*eiien<{y
z-S-uLJN#goi@muTo&DOlg<;2eZ6>sq^<9~gUb*z5+x&@#e@4jbE|t%}>FHlR2o|0-
zXQdCz7P`!GojyxLHmC8*B&G#7+Df!odVBx0D5Kjq)tlN%M7Q9AP~K1sZks5rW#r>`
zUf7rvCuQVpf;_i;K-n&Aj1Y{S>uzvU=x^8h@iT<9_1;Xef>-hEV-%E5$12^Z+
zTSL?0cRu`A$WT=*L0d17cR1=?-Vx5V`|`j
z#R;drjDAwR!2Cd@gc*{0TA9pj=oQvI2ZzX^Z$`j{UIq#)=mCot%8~?>vu#JPYT)YM
zg_HKgb}j*u#0<$feu+SR7Rfq}7@&69un=8uB)AJ3XCs@n8Ce7S!XEpP?;
z_I&dXWBzw|JlG>9+-@N;K@&OVH4gEpqz4)cyVI|2hbi7R*&Dx&9&3vF)b%-|45O;d
z#gG}}T`rJsQ+!*I_qq5ipUJ4fMy;K}y@RI5eM-q;jp!e*lPyEUKc@LW=p&gh6bS3T
zt>58>J|`5%&R0CYm@;;AHIaSYGwuwM%_93yx^_-dGl3K{sC>BCQ|WHHj8N)ua!Imi
zlq5B~St##+lMY&B3aXFJKpgEBxR9DX^i+2KjVwu+Jy@U~HGTlS2>MIpbv@j_LGY1P
zUAo88zSw~X1{w8RRW`xF-iQ0)jhX7%)V{-g<@F7~0U#123&A0f)YDbuxKBZWuX3*|
zNe3s%^rT|JfB_QheUc-&6W^Uhwav?WaH%xhboDO2c(C_lf_rO3hvN>&7Z7P
zYO(ad6Z)3zZo7dxw4a3Hd%WWO?7SY6&Hwv7FlWxvdo|jdYHDnz?wkDGp7eL((wa0S
zZm~^O!6pSI-t{n$V!Cs<qT!4l{pLI!ij}zwVv9t
z_l1y^5cgC9m>d*UT!f?VrRrGC{B`A&$(8NlXe-w_CZgPZ1cUvX7-kw6h_X>co{4==
zi^4UYzRS|E2EM4iNb^zOlaQLIO_RNHRW9**usnjQ#ua75aCq6nLP|Bsk=`iwrH8@m
z7a20+hAw22Th!cz|5RLV{>|BU;HopXJbl0*`Mt-F4N`Zk1BJZ@GOarVd)DyuIlc|F
z=hn5K8Zh6k`v-dTbZ0FF_oVH^+{0R!&vdet|2B7QVK7-@IlWu%0&;WGH$j)geHgj_
zyK>AhdpYeN7hvG2vXb3%!&P)*3hWb=#`lSR7GCB}5(%D)r|dp@9?DlszSK^0+HkPC
z&>?aFrvb}ylbsZwi#G=nqNHrW+{|OYvVu;nH2j&kCP!F<&tGup(<0v81Ij7^YJ8qV
zKZu2`jxhM<+~iQ;$#R;_iVbG(5u7i~0nlZs{-ANB>nz(!fUa)MehE(zP+zii1hH!sK9Oclp50
z@FZ3=;dgAP-5BlhucvzDeE*XD4xI-dI+QeKmE08%npECQujA^I?F(%G>{rkrYxbnI
zRt{8{Ife6=gV?-VOYHo49)H1%{`{5r(p^z=++tj};lHg{uy4You`VF<@tt3IZ@?2^
zrs?0bpyHiE8@omwdvP>P!5_OV^Yd8W4Adkbs!rUx-und!&ioz!M;EDZnR-A|P`adK
zyeK+vmtz4osTyjynx(Z;JfK}t_?%i=@<I=sSzV=|y{C)WP!(n}IBjlM=J
z*fOrR?^qALQ`iPI%QajLoM$xcb)0ICnH;YIR4deWo3XdHM_4{Mx9uRUHUFHoS@Bbi
z%2qHewTJ?BkP5DnV0<;?lF1+7S+#v^?$eF`_Mncn57k))g>=}e
zAk_>-)$ZxinZf>jk<~igLkzgT)ATh$Fe^lo&Y?)vq
zXZ1IyvHpJ8{FN=-F+E8vXZhLcD#sAQy!0T6%W+Ubhb6fo?fufXT7w@LV*`Bw?6G(3
zKagm`wDW+jQ9bMW1m_{IBKtV)e-tLmbI9#Fg=0PxL7r;Lzd?7qad`8$hw>8-Qr|un
z!2>{n`QTlT-uM0Svd#%zi}sOEN+8P3!_7n>jEYyQ^50V~VVs`5k*CsZ>#r{zTMHqD
zH!hP!o*WW?3UG&o98?{@&z+;@D_BCPkb?gMVnCh0^I5OoK}vyt(8s8;+k$=|Poe1l
z-p&2mL55u+C3Ec5iuuV!iiY<2{%e|c9(e6CvLN3UI6eCQhmIfkDwgH+8xio96V;a<&R!?^dZZQa0inyT;(aX!udCF#e;&ZpVGWaRzMtQodEYLkw2
zVN98tA{HYu5>uw{ulW8Cd25POLh*D*Rl@ya)BEG=xAFesW=i9q0Udu{o`gCjkhc@%
z3+4AnzW#Jl;6r{Xoy_zlk+X2l{e4VcB+4RrJeG_1=yy+lpAsYf
z%+I)O%KG$(D9e*YV=+1xZ
z_tnRtPL$Ck^2)gLH&$PNiR$Y;d_P|I?srFDALh0XBk$apzW#rB`OrI}zP_I7>#KNw
zo8I}l^!0hVz8>ZRW#GeQeE#wKwmBP)3i{ju9-Aor9foCd4~{?mzr72)uHCsALWnP;}=Ev|q*=LVpj
zkOOFqVy(gcvIO|XTM<)_EQaxYBtY+}Ulev8>o@;
zLWtwAQW}Es{=B_TV!9r927eo_zI+IAU7*b}S!kGh_#L$J_q3VxU;}TDd(nHL~v%inx9FN5dH2K44AByh}FZ24|hx#11GfaVeewRLQ5balQ
zit15*`ZVAF4>I3HtMA)P`&Qtf@%uJ2{?9?Qr5%fJfOR)Xl|UyIl=nw{-21@yGkr?7
zmM&lys0Xd|DcPD=#6LL5@xD40Z6I7SG8T`r(kIC-4Y9obNcmzww}=p?xWiYxgL#jYy&XRJj|D2zbkFjzf#(5Og`3w4wF4TV@zQ6+Sd{Ui_zQ!|bl|j^v
z9{izd($~Kb)z`E6Z7^V?Z0a)Ok2M(ZQPy>#tfKdm**&oSM0EDaF>qHFcUj?Mnc{zR
z>DYGh@D54W#PJS~?;js8FSvhVczNqE-*AQ}xkxFC*tSf?cz$V46V{uKaW^fBnOAG*
z>-_zQwXBbaYqe65JT-PbNm0zWTEn=GydmP*7{Af;2J#m9)Q{w5Z0C9jP#Vq*Ugrp>h1&!d!M2qi}hn+7t`Arn?B6;F`-Vjme+oQ
zb#L+I*k1Vd?FCHsF^4muIhxfA3aZ^
zcecX(?-S0G=$);=|L(I`pBA!R>OO0J+AQDoz0TU39G%bH0I@eH-=w}{T>FpLCusli
zy7hdHvH#dRarx!Vy=;6AoU`Uf%zmHi_r}K)dtxv8Tjlx?6K|S86G#_F#jFGm~3KWVvjKWEFB
znAb4>9oGB7^G_S=yxML(ewfd2{th`^)ST1pL$8*8OER3c~u|&Gw77voYis#aQpdyG`+_$*Gv3#ay6UEewXJ{4_3_y;+HcmcTy2|}e&u)@8VGjU*jCNoW$@1X6
zQ0)?h-Zw%1;3R%;8SDPw47ZPYqD{X)(C;1xqj!(L;eG*&+wku3rqEZx?@ezr;%_m1
zcVRQeQ;@lg_bHEyaw&wqf-a?AmJk!yXB*D)_(xS0>B@giRnfoJ->FjEQvbiR_o6+5
zzfDskIt3`dp?0vkd$JJ^Nbrky`6h9j?u@HU#)*_$GH8zV5nKQ64#o2C#F)W)UnBDD
zYrL-{#Betzf`@s0SN!uUv}=64*v4HG!;4+H3o-d@-f6>54~u=C8_c|{RiYnqHS!rn
zMnB|AaxOY9Sv-HFE&6#!N<~>k-erv6VTk|n8rpx!o@})LBDpjsdX|pI6y@ErIlfxN
zpIM>)%oF?mbFanz{!0FRS@?cL{>9%)G)6m&i)lP(^6$^!@3Z;ubpCrf_i0@TYby8`
z{Qh$%#$w6yVZQnBOowMG&wo2FZx`^Wt_ZUH%@6ST-+ANsfopcgw|`3EG0bf8=TK%*
zbE4#LPw8)>AMKhIdI$4drf!Dc?NQvzYQ>-Knb>4%;23
z{D&a_d0~A!F}+JqzZKFA@1Q>1ABs%%pziQE)HBaiz8&cY-W3Y(UW0dUNA)2?jQi{CK&%53i(wUPoY}LJb8~7F`^~@w?82h`lLkLSAa1bhQIff+xOV^@!RL!Zp|;6&vpg!
zrN!VE$Jqb8%H|4ril_d7G3Hn~8j}KKIvbDU(@fNE`fhrr7y24Red6r~yoa&+yLA_;
zyGNt;6@%qz@cT3VThz0r{x#qKpe@sYc4eYoj_B}%Qe~!%wvYWrEUqhWt!;ccaoRY4gyU-FKlVSw`@c=}-@jNsQ9l-X|FO;b{Kb6>_p2uEHv-SlMB*c^
z+%|rEM9(&h^=HD5SGG+IKmN+r&Menz;zd1ehp@Ld{W+KaAU)ZUU6zElAdn|0fd8W#w|JW>yUq}4$^KOnm
zemR?UEbexW=aIJAy8n_%#=f-4y8n_%zJ7C4jPYD!tnb$`>cf17{>Q4%H0O(B)n}UT
zY{(a}->fNK)UxLFwXNGYevN$-x81e9=&Vhs)G8A5;oMG+`W5~1DNg^bxE?RIGrQaS
zw2^ShNRBO~1+l-;{y2w^ZAUAwZ_0~Kyc0Fo_YkkI(NJHtP@f};m+?ou&WBr3-uyZB
zz1aUHi^q_)`e`m(W_fT8PsHAu%73j!`47*U$N62~)fOGoX7>QILArFk+5*ei`XAl@
zTdd+=4pU6XTUT@XZ;4<+4svX2hI9Qg#{+tz1#zwy1d`>m<+x8`SvxPgOekv;aINck
zS$7NCtt|+wTB1~-EF#G+kS|NrCmqiy>NJKG{C$oUj6N;+zTUy!=kfOm^gZyN4u%a3
z{M86z{o=dn)7U#Vyt~h|-(X$D$?9?oc*Iz)o|nr+zcOA9-;+%Cz6jp`nZ^Bt!+kf!
z;qHy}zqvE(F5&*q&eMB%x*O69gml8wkMi{NW<4$zreB%I(vR@;D}m0e+l2ICp5DdN
zdjdKx7^V;K^bVfh0qK*4^j@AGV7TS+;+`7r|2IN@px;8EUpLUN
z3iRuR^Ro)h&t-6a){u|eR&x72Z0j-J)~=1ruiz-OXKLEJ3+uM8ZT$~!OBvY6{L$;k
z0$)SYY>p#0RDJ}<=2vT5zuP6TSp41vKZcBIBAxa7yM##zt^
z>=Y_ug~QJtsE7H!2;B>pH|rdQP#iBmMBd
z9&il6b1OVi9v=UfWZBT6j`zzveyl-_|65PZ`SKvUp@-+sV~cqVxbS_l0=h+N
zZj-zNY+a8Hf7@V>0(--)DKTX)mk+R#XkOcI$HjOxHIn?{Ugs&me+u*pj^9DHE@B^5
zfL0;V3jWo!hRCm?UPFuDzk+YNseK=(I#~lS%b;!5ae+ROKqnNQ?T|yaJ{W1g^}%Q>
zwu$)<<$KKzFZcgdrot@b3r&-*NXIaA_7w*M}Nj_}5H@1@fJCxdXvuyobSI?#x#m_@|kgW?j
zpe|K?i+fv)RTPic0Pb}?%;0ei^O$x5_p^k%Y8>tlIqorvE9{2y77gwo;m!cu?I1%Y
z$)L(+uoZeyK9$Z!qBC?*Pv;{}=K|3=1?8<8I&xkr9ShKDH%v}vHPH!wr!R(6IuYfw^&eA6v!mS6JzOMW2S2iD-E>v@D#~e{ot*5iJ*#$DqF(
zhih;xAcaj1c?kY)UM6{mG=1w!y3;fAhMxCx9N*8?{O3@9RLi?V@NNO#gTT8q1@9QI
z*FE}ag;uW{9wPk@c&pgVo=lkYkf#KuVertU8xy?Kta2;EmsJC}W&KYm$>urF`xrF4ra-i4Q2lZ5k_v1%Pe2%$g{EP!|
z$E-Z}N2wzSx@H#Wnd+8?t`F4sj|b2X(hMa*2H;VP2YrG
zLwW{ZW)a5V7vIjJZ+Ggx)y9^8h`#r~hB?}T7xAv?Wano&Kc)50Ya06%tSg4`zQQsY
z#%BqSPi=)~K8$+_$_%#uP!{pIE1rm{8ILzQZW*nuw3+`@J{$g)+n{~OPjBE=T>r8Q
z8>n8fPIIYF-+dLwZ&nn?cHp<5e`s7sUKR0j)c4!y{qyjClOZ{t>r-OSU#8geABa|`+0U^IKZ@U91KQVD+7jORBW_yt`RMVapSU=-j
zRsBBZPqg*j$Wo1<`-V+bym}P
zK%l#!>pij^ord=tVQy?%ZioIQdC|^q0X_VE62{ON!TI%g
zmBi!5XVE!9_ZtmeyVdyTui$(d{QB=Eunz>@Zs_`FiqCR~9{)B;zE+2Sjt2i0!f$>B
zc@Jvu49(@({hY){5iz{Sk{JnsC5ww&t)d|Tw6KZ?>XFgf}7EX
zwu;b2SaWgvoT{H^Qhi=|IaP0G(EGD5<9Rj4JY3gR%t|_Cwyx91p6RS&Z+2F*Ut)aI
z&JAp=lNlz6fAsRy@sH3?ArsdO_{|`ll`&-n>k~1;(O3J+c+DA%$(d(s;&Um!!#o8=
zn0HL`P1Anp2WGosSW_&I#g#%&j^b;cyAt|A%?cxP$la_U6l0Gj&tF(s%9+WPy%Xg#
zE=xHtIki`um*{yl)819^7OcoZ-X=Lqa%=OS@16eqJB#kcPghT!lho7a@c#SMQ?{m_
za-m~!_@%lMRcwI=s}d1>nSap*gMb%t@|l04W~Fu6wRNOQx}iidCJ5-xL!qW~za;*xnWDdu+ESQ`*f=?N&QMyOmPA-3aaW50m!q8LiXz
z@1Yk({}%dD@RA2Q?tbKDn*Kad`?S9}eSDit>fhK#sr`H6cA8D?^u?IAotjpt?UY9C
zq(2YVx0n5UwAbme$=hq@-=MwpU?%7F`h1sO+TJY%>S8%1>RQc
ziLok}zluVw%n_TayiHf0mMC{es+huI`sWImY5jlp^g3H7us^G@AA@XhB+Ve^bUfdv
zz&n1hkHa|%_bzBp_+Pr~UkJGBSr*?PSTy^Ui?qL=u}8!L_#^RK&+Q3zZckA2I}APF
z>#Sp09q#R{vT6?VXz83GIwt{Uh-LR=10ANJ^FGmuJkR-vR_gj6+9-}!!TQizg8p42
z_}gA&m%|STe+i^x()LF~%>w2xwI|jy@ExuZnV~?+WTi6h_3X$$zXLD!d1{`heD>yH
zvEO@&@Avvyb`jc9LZP%5q7L0ly{O;K>oW2F6215D7H#!UOl$usi3Bme
zA?6UZyfu~y6T8e3zxN`1J+8P
z4Qb?EOMDJJ*X#TV$&2)uY?oSqrl9x5FSK-8kdD;o2x#b35}nXhz_G8}$d
z2zwT7|5=K8cVJ9a;k|UfM>;iEnNT)(A7zF{#|DjTvq-j+yM%1>LAC*nY}so6-z9Wb
zf1)o8^1fiA@|{o)?cJ&E4;!i7H|$F750B9Ms$FP1zjOrqL}LDhdeE;)1N!sdUEk$?
z@>k{8!2E;0B1X_@F1G3I0ico1`u@V$lISTehr^SHIi+?a^B2F{((Aki#+{2TiJj*0
zIX8i>UDe6hridBaph%MOtYC^$Qwc58?43N@a#oA9}eirXdaV3>t`meV~Y1c
z{~?=>za<%mI-w5$KAqt4{14$v2;SX-Hrm}`jPLyjQwj}d3+3ZX;cX7{%LNlV27Equ
zNXrAB2hRYVWUzU?xUcyg`rx7e)-UWb=Jt3G_T5_e3=KT`h>gXC?0bk$QReeH_SN{r
zS+v7D1NOf5{e2bJz2hdm54u1?`+;lV8we2y~k&vp-I7V^kc_3J6a!hEAXCab0}57w+Z%K=>Oi4xk3)7
z-J}?bB`^9WeiW}6@g?TJRgrwQ2j;)J!sEs|pZ%QV3o=h6+w73>ZxLUq&R1)2Q5+xF
z9r++L1DQ`46`#bGBywDL173!FxrwjCHNM&+!51UjwoGT6?@^qj!e{Yp@UBD-J+#5|
zdp2t%_~ynKwrM!?N*TswL>X|eY_`=Z);5gwI(V~ZPDnPHo2lNMF{9b&v1saWsyf0P
zC~AF%&xhou>w+tcMCXfm>4grUtF5;lF5h1lf1a=Z|FPE@m?nR1c4Ccrna9!dF9&@C
zyo!EZjOXeXtZX$uyD-q%g_SLh{j08jX2IN71-Pq$j-RbNyn#J)80}Rerq(hq{Ep$7
z?nYJtxINx`pnjVUdwh2?Y1qt`YV^UX$d5oDsJ0&?W8WGycAul{(GJGXif2X{yD1uD
z6;WZI{RZalOI#PnXzniF+3O6yV&<_w5jKtMhndm7(+yoYq_1r|@%|}})y1(suFD?c
z`uZT{G#J@|>&L-gVLlgt31OTC7t4y7G&Yjr3H&D?r#z57JCgQ|n>6!v4Cd#0SbH4B
zm<1qruI&SuXNr16J|~gaGU5LRIOgl>8{4Squ)~Mz`J=#h#zf`!^E`FKF^yc0s`-C+
zB;~en{Z`R|w1KZE#%R^jA8zh-qU@OS4D-w5+=BW|_+2Y}eTH+-!j$}DcxTVa{b#NP
zIzd>6%-5HHEbd39Q@J+2);xNr-s@X~eR6oA7w?y3u)d4>_I#b@dT+Dv@zC#YjKJSi
zxxrc|@L#>!G~Ry|*WOEuWY5x3rE&GR@ap33o1>u|8GkAcgg-z2W!PMq}2=lHg8_pn7ieMT&36$CRh-Ehz6^F77Vn!8pdg_-i%)
zad2Xp*cAVG{)=EzJ|7Eo)E8eL%>uo@==KMrcn10J)Yshr2W1hh%zXV5O!a@mSS)k+
zeG2S9$0T;V)5YYt%gPQ)%)irRY5Bypj5SKEYQ2lGL$Ta8$)nh0c{mI6T`h!pq=>&`
z>?L}BNYBmuX>`kS_%Ai`Fxtw4r7jizYTTaqZLuwfy}aFnb}Q-j>!bO%-x;-nJipFv
zk=(ye04Zm^U!vc2KTkzY>#9iYU
z{ATk?T|MyJ3h$1>^WF3U2m0%qb{%uAHIjVu4!Tm;ABR$8QDs#2{YX}M=ki_emC=9E
z(vp;KE%BF-Q6qc4uI#j>AVq!)$^YLZ{|{C9p8@#+55Onn@3$o7KWj|Z&{e2W5mhr?)l3Y%_G?lp*g7h@IS%r;3WV4<(k
z_OgLxcUW1gg5z7gV~%|GJdJ$9`nNTx)!R@n4064S
zGWL;-_3*9ineWJ9)&=OZ{M^Ihz5i*9Bc@a|?{oUX`xUtwbnftNsdwLg%zmFz9|rSV
zn4|2_dAeU=WS`g>+XZuPlP?Fxv~&M@AKuesfn%<4+7INDHpy#-wTkfVa(eOI33z9;
zc)iAe?9HR|gipp&Wf{`RvWH}O>#0;(9w1rT;Jp)MX_~X%w-Dy?Zgyj&X`kKaf_eK|
zZQYt@c;a!;;qjsc?w6P+mn~kYt>?R+LK{PJ{%jicRKR-Fi)*?UmPuagxOktR*t0e8
zM)Mwp$0LZNeXiE~ZQK#l+FKCM37B_pD(X`V%leele9l*69@N4$j(O}*$m-t`!udG`W&vs@Vi0XKLiAvLU25X
zQpn-T7diEC^>?A>yiB5xx&eR&I&Zs9ZRzug%pAh|G*^^@Y`HLGO`fohxm?y#!O~zw$cqWg>W?z{akA!ed8^6N7
zQXjt}mzBzMb?pP~ISTJRsy$6RrUpQ!JXYgDxr#`xwe>=-)bVY9TRm_5CVnhMFKNe$
z1mB`QQu}f>=<9s_dXeK3`#bEnIlA&cYw)Xmo9jQ2Aw~Z^k<@<}D>H0zD6z59k?)%q
zQLEpp0e3t;U&6g>b@BO#w%mRs1ns$iw?{b5;K_l0X<^NUCYu8L?H#^wMiIB&TNoR%
zA7LLW9jN<9-`qI!uae;OqU1eg7_>>}4$t?VjpLnsb`{s>`uz&>P*waOk2}toAu`?l?jBYp?8WF)vK{vS_liBY
z5%vhUujl@Kcn2SS4g$i@qHeR~Gn<>eJ*+jB0sZZGRZ#e~Y(L1q&(YpjEs{LB!|>fX
zsj`Q;Lq@U}sCZ4S(n^lo>`d`z0N9vXKS#HT^Bw*ETb*x*b5eb}jn$&gg4^)k$YA-y
zCi!BZ80NKfJI-D2a3A~}Vb^$Zy?|Y_jr;f=!nw%CeT42(X4&pm`uiHX{y=Tu2AI_*
zhVhp=t65fuHGuc3A5HX8E0i0DukpsXZM4+)(7hslL5x+#IJ`9@1%7ZV!1vDsSw&0|
zwN83e_&_Rr4B_3g1^&?z-$R>q_yeXC_#lU89KZcA@KYq<6ZqZc6!0_X)G7`wgSE$fIEdSZhz%R0H?xiCzz@&
z=+nA5bRt0UqIGpFV(5x-nMr-(x-BBsn7B6@FUK+?m9Z_!z1-(xn0K5FRYN~?!WhMT
z0r{*9^u&7k1XFx5ot#K-9+oc?BfFNYiq^&j@RxD>)0@(%`!#W`h&f44Ydu)4fx-;HT-U!&tsz&X5WTDUd1h7@p#cd!;i
z-Z^}$oyRhOzq#!N?~Y#1m(RrLOajXg&PZ_$P!291=q0I0l6^3zC+u&~Mp6-zf#(R%
zmjwUq`z4GN3|
zM(WD?ZWHm|4e5@%n-5E(FKOBh`%*jEfx~m1{C<^Mub5Ah)0kH(;hG=;_k^9>>P36;
z`XABr;)8iet!K1LiuIbIt2Qma4C|&otyunvP2zR4jq2v~S|o5r&RrNRP9Sv9y{fN!G?NFylc82
zb3{plJ$Ux8M&_|vQ6@1@5zKN8OxwgT2CJL;|HQtaYJbN2{TYOd+vd?nQe&G>(A+2B
zlK5N`3!Ho+w?wrogo9{zS_6O8)8`RN+m{n(>C>Cu{OO;
zpTtXgiAJ3&A+$z$dw<_|=A1JOkoK)5Yq8Eb^Zozq{q4QK{X_E&tLAer(-Cg=nCV5#p#P7hvsbLxA%&)z-;<{*B3uweh+Z&P$%JR{(e{ECk!q<0F#g}^447QG~=<-`wm#_
zF6grheIliPvuu@~$7L0WGNVn=+fc=a6^`f7puilL|37UT#Zw2C`
zcWVMa=olCq=@?As{0G@h?KP)^y!=^SeySDtO;YGO_4AIwukB;Mz1hm_#5WS@e1JUF
zCvlqvR~xj`$;%#UMVq2@$V+Ifi`e%%26ywc$6A?fvWj0J
zAJy$R@=C|x6vv%St?0{0}1
z5uvZ=haH1ox|gMAvc3$U9&zm1j=|@6Kc>HewkAw}dqqiv%i6q(0j&k?l$=w
zCTTjHzfDFw9)8#-|GOE!AN9$o^Bw-K%)WDdax3I36pj54|Jo;i8O#61NAD-Y$9(cy
z$e+veg)jN!C*V7We+y}-Ls=!~a`_^j_pe`ZNq3l}$qzqqNk1}6lPRLMAIo_DT9YP^
z{9wi8`{R9j!EoBN`F!P
z_0EpLF;1H_eQCs8`A+fvjS9Pu*&VBu6KcmXc?jqYuAz!I^-&4vfrmBFF!F>6<9^vKhWaZ7gJjx_x
zvU8}F&zs3{P+@fVxyW8pANL)FXVGSqQ3>_5FEV*N63z|ET@KlQGtMRYr30GdW{g3g
z+aCqw-{742yO1UJoZmeY4mk5$XzV*zKE{!9$y8#`RK)<8_A#TX)4%{zPsWC1#o1u=MLmn)%P#%=mqHm4x
zdKuwuI()Y*&p`Q@@Mh8`r`4sFrOLnd1kr-qWG$e
z_Vk2!piK|7>E~_wH>>rzfp<5HCuOx?UlI-nEMge)9G+Jf?lm@sa!Ps~$^ZH=A%JHyq&u<^|8OGyHKAth5h|%ccjedBK
zYWivw@)uxjhRJPxc85oalC=YfA0mJsatWEemg5E%6YN6GHoJ^IIN_Z5a6x;XqxD?=
z71Yj$7j*W?dR;lh-`(WaP$8Gvp)5UoDnoxns3F&yZ
zTNGW5`c?3(AVtS8O>mUS9{5JOO@ikxz!|N?2wSaCcN5GX@|4azC$~o{iXvV^UdeTj
zmJj__o)Q$P4c_;X+84$Ir_@f^9rHeTijLnapBKH~3GJOFYbnls4BoMC#Du!IMN!nH
zIe@WGOnmM4Nq$0cM19D0Tn^~vCxqh`nh$tp#3g6RZ3dc^;-B8%D4!=k)5FJy`0*gT
z?;u5SdD;$o2JMW%IWg&iv7jvj(q}tJtwFbM2Q61iWh!%Arh;-v{5=T2BR>nzDB?>j
z=e&pUzPLZ|3~}Y(Pvjc
zDL%Oc=1NI%Qdts{&$;M(i^U0P?7Icdjjp#m0LxW)-yoYBWqC@djsEJ|N@@2;%+KW+
zp=c+O*+{^eu?sSXL{
zvOh8Y1O0uh*&zRFz*vIz6aH*n9Tv5YUfC}i^zY%fw)y2*e_ZqX1AUD5r*VP)M3?9f
z)DiEGLz&;7*v{nrfpH)XzG(Y)D9YvSuXsBtJX79Oe5VF}$Gj1tP4Zt0d9hp?)lYC!
z`W)|u50P&J4uW!Kg{}|2A7SO_I-(r(d3=XDkC6X3ius>c+iPR(nR$EIM@XaNQ`<|S
z?Nx=E$V!9Uw~188+eo2p@H{%)9?!$qJ<9XwaU15rHA!r*F`=%;B<;~WIzJeVN!n{n
z=r`s8UUw!Db|$%wNcR^t*bz9qOz?ey_KnH*yb1RFVsH{6e;;y?&Ixm4o!mfNA=DQY
zdOPRsw+Q0cXC!}wo_{Vn)@$iLL;T_NFHgL$chuARaJ-_LuUGP`{+Q?0$M?HhU()t-
zoHV}xG>@q~C}TY8Bk*m)??(3hJdNw+EQ54VjB=gzB=d+?oo6ka+&k#SaabBNF
z91qMd;-U~KISli5hWGG
zY~DomKhbs#_s<-UmqcawmFx_HG^%flaKz3UT^>ozk#3w+Hk$qvZxpI
z#I!_xWevgasi>a_&qH{&0e*Ou(s{+9EAX7m1lj^Vl)MrNBAr&oCTKlAhzjYfZ=&`#g#jhg@7=Xk#9
zyKpSE?5^dz%odT-nQ2BkQ%x_!{SS0u2Ia5VTn0!z)oTfmk|CMA6lh5897^KkTIWuY>&h`B&HW>wImWy_3#spG5T<Q@78f}6OkcJ_G3;OV=#{QFMaTaeGO+TTd+fG$%0^?R8z
zy=y?Y6gXV2xHCCis!zu7w$_Fs*D2gYnA{V?|P>UHeLx68XH!tF)BKwdy)DJ&X%A=DFtam{8RJ-dyFSrR1wkcPwo`o<;jv+|TU%=V~@3
z>2EpoYaR5}gZ%=2r5o>jfqzCkvWDXklm#>q=Yag2NRtQ1P1KY-qam68Se6HEWO
zgtUkW>KCS){@D6&TwguI=Q*CUA-16CZMF<|3!1btO~6k=T259a3L`~AJS
zxydT=Tk$d&D^{CZFD>`ZT=QfsyDr3R0y`;8LqD&|e=lAC+n4qqk|};v!|s?elHM^n
zZrARZZc_DsZpS;OjHGu=leZz>lpv3N@
z4+D={A2K-_a6Y2ydj1L4GnUQb6T>sw4!9EM6ZLDosC%ii@29$)_7oqa^%?H}Zo~V$
z`UvtQ)hW_&r{`B)TZ~V8ix%qj*Jf7yiBfXVa
zCVDICXO;9}8*em7b^o4?_cR%OhhU6v*rfp8ALck#Z_}4~jMsOF^2e2~vQ%fCy&=t4
z_J~y1pv%{ItF~5BLZ2#l+7PyFPepx3LmLG=o%XFQ)rV)bK7Dq(u6&!>hq@E`^fUVO
z260~bVSTz6(i@EFhj{uh&I8~g)TPU5lni~`$Me`@X}->c@inPw_B3BcLfYo-njV0r
zZ}%YdrM}OeMBnak2dDqGqrTmPN%igik>{DHM}L(i5sY~m-z(ErUpmJ10XWd>0}j=*
zJK3DELchL$&(<^eQ1@q**e|<}2LoouC!a;
zPH9A*6Yv#0qhjniKjvq!6_(!x*oybhZuR|x1%09G*1ulev#Gw0g!#Ktr|v6@ubaY~
zPX80q!oTiRQkmVK>l7)WdM(4l9fRli`TkPf(&y`;I!%ALfY=9yW|y{0Gw46pp?^~Q
z;IqUVG9!(6uhWO}kUs;>kf=`vbcqjnW7Jba`|R*{**EH?q0WgSmiaJ7c7a&29reH5
zWkK0Of>TP${Zv<9aY%C5EL0)B3Q(Qg7P(?Qse-gY)C2qY4#tmcts$a@#hd)MY<
z`pDUt-^rDSlitOaAFa#vj7^ju~|qM5xmi6Z}BGUZVC_8=3vl-!5bJN5AEK
z(%Ha>`xX8DyzsOBbTUfI5MHK(mpRSL9Dy>&_`0}e&eiTBYeOo(0(23zcbeV6%I@c7
zM|j!20kru!SF7hsQp6SoW0(lBC()jI8sX%Zcn4?yNp%xh71!-y`i&*r@0sM!g72>H
zg=$53$FkvENk-f2zT8gPR3ZD(r#|vEPrTS!YwD5lzJ}^rI?Fm`CB;p30Sm;Y?ZDI0
zwcp3r{!|UDJ=tF+z!dIBT4w+HLdT$cJLmtlVGQv?7p7eUc@Ss3$?3^%NQ?I;is$G>!#Ucz4dZdu
z8^#KJRFvj#!~E|X@>i(&b@PDvk#2|c;JgI;$wGOA_iK>GMS0~eI4_u8vqbNykpE;d
zyb!yuX8MP9>OBC`nX#m_x{=3E^#4ZjU-i|&Zzk7|NCWsy2l!>Mn>i151Jw+6GfB_@
zyT9eI^zMJ*@(;-OKN9fcsPG`bZ_oh0zvt!7@^VxD5%;$Z@LRGV{Jzc0{*sq{-aj9H
zMX^gUp&c>THGJR>neP9_xUM2Q=iD=o!#TJsin8oR;*X+kVppCUV0kObzt875oc=_6
zZ?xS&-Us-wOISbB7kYa(q|ve=9n&b^YFSJ9HmqBPtvdm>(!>uSkDv2v5{EAj_1%nm
zk!(N6wW?lZ*CQcncNYT~m?EDYy$JuQ2AC*`!^BR0XWCPx!bC|NCTtug_EjNFboA5p
zrZDkAjT*Heu3tX!-SUKqvi*Evj_T}E-H|J`wL^Xz5N&i
z4`BkwjN>!zkCFx8qlB-ORI9-Un-53>_;?WDWB*?TAML)S`P<+Lr14t9v%uf20sig^
zJj0d}IS6aFnE%i#*?V4?MxIb;QII}F{hirt7Uv%6gW2rlK0P2$6!W3J3i_r}WAUgu
zd5QOELkf%m`0urx?@pATtb%r@grZP5t3-CAe1Oa6lJVl1)aLZv8egn=JhnmQyO_-6
z<8N~PR|S3DGd|kGWmBjd9PS9xyIMRyDDQ05cxSyXiONTx`!kb6{2FlE)%Z_6TE*}G
zWKHH?P{Hi|alijc{BbqLEByiA*Uv&eVoM*=&z&BZJti}qwLC&57h1Ie4Snhyx-
zCrIZ}2W}z#gr|A`Jn~}tYxDW+#pus7l>keyKV|BFVC%64*q=?XKZCG8TVa2;0sd|W
z{B47M+DW#)*iCkFy30oCYFRhlgOx0Hg=P@ibBn|vX(
zRuJUb^h&9RY#nMRw?{%`=g`!Kj>sYMxWRu0*3-l5LAX7e&+5VZi5_0h*?d+{C$DFM
z*MstqZ0Ji5`RsTI{a$U@0>7gl>JMuUe~3D|Hw>|J+Q!cyo&D2RTsHyets91Dx>qoy
zN4BzY4y);H#`FVQ(GP2(Ow;TchP2kLG?ocViyGVAz7=JKJT1Y#&AS!l^*pUdgn8G=
zKWKk`a?A>AW{0&afHgcsc19$akJYe#Ug+l-z}gYAbs$Q14s?^pBg@Es8P+r6AeAtV
zpHR8-G7f*QZW(c#+D5CLGbd_$P#4YYmQOfj|8lCo_hHRlFn_3n7lQIA4-~|;NKb~+
zlgcZgzXXF=Y5Qas)PIV?{)M<7jp@JT=l>Sm+aK0!gf>PwexUllJbm>R)YYAQw#+{7-ZPlcm4K)5kXBnX+>bV4xph0P23c
zA7G##U;urN^#cs_kCG(x&*r7^JDz=6)E~Jug6GsS4qpE??5yMZ>P9#^y^+Ntz;!V
z-%HbP@TaTkF=P66Ufu-hg1xPJIbYjbK4=~f>2Se?c7Fe{LFKj5sch|uMEOqzvok;&
z94eb@Gy8ISjk38jkf$rJt5)JMP**@(hjeYd&fAJs=-P_kM{D);RA@5jXSlxpW4!%j
z^39!{`VHN|C%^i
zrGp2V!^74^;NhiPlEA|-@susFeg`2x0Y(G;)nhu^CcV*y^PW0y-h;O=o_zHE=J6ig
ze1C(_w+!jY;>QiW&(5AWd?oOYRw&o4o-J^OW1aW$IxpTl;$Ef0e}cVbKKw>i_`NTZ
zd<^$%^3R*mc0*rZ7stP>?EHPFl?~p^#@`9}F%1A`K$ySq;!pncm;1-Y^QYkE`Tn2c
zwikAjfj+yqo~`GYt!Mz{J29bb0O+beObBK44h#9AKhIT8rowMK$Q|r{%A(TPWl^L}
zGiT}D0=Ml*G17m${vJ{kaajbJI4UWkFx%J#1BN%U?W<&jPvkFXuex+(ypuIgwzXMvi
zBkMTr0dtFIkYM*9yl6CsT{OUBJLGrfJK^k*{4QaQJZDB(wc<~U>-Wqr$nu61!QLHzkJr^^#0RrC;h7=;?Lj65`=qYyl)h~L
zQs+eUCXTO@oHM;QG5#2Mo%8B_a1-j^&a}|j;TX4wi0{-OFKW@{QQ-~d?-JsIj*HFX
ztsEB?kUC1AuI0XByf?AfI!61CVye%Q!OzKupnOorQx}ju17o(QXgw=Etzh%6CQRpA=
z+~;3{{$(Wi(?>f?yO`laI$4kVdb|vVg8);GxP0+MZ8zByLE9>%Z&g0nLhZ1h>MyZi
zJXNj!PW+AXT*Z+RON&yH+oEKXw-t=hiSi3U+^dMBt1sPfpRD$W82UrJ7$3e+ZYBTp
zVjISbviqq0m2;-64)-3$halu!SOglq6<{CrTvBNpPooc_(7G8Zko^7`Y0NeQKiB((
z5%;i-kp2%)7oEp3*^lO-wyooH8IJ*4ER}Chk;y-y@LM#c)dH;B2Bq8oly??z6$M!
z05;G@}<0r25EuEgO3<)9jTC;%Ud&*XSQeie8CIu9|$
z&wLn!s|oQ$TM
zkDU?Px}Pn@{exqXQO`Thvmq_rE9hxyt;~^9jjqt=-(gCgzr7S={x0mZ6=;Y4&PC|E
ziqeJcZwV<{8-V@x1}S3q{}1!~&r<4pwe$oj3ZSmpa(c(z>4CaUZ8b7{Q|yjj7Uw6l^xbPh{_{Wwe7-2u_6C0cCADMT%KfV_U3>VB
zVtlf=oXc^lYFYWIs>;jM|7fWhzR@Nke3`|a!+Nq%MoB`KQmHL9%cHj?mC4S{s28e0
znyDPqTmg9BtjVa1^7pA#Bks`ML|)Hj6xv$q4vA?KX?WiJ)dk%>o2Q3
zGG7aGnQIx$xk7fX#XhRz7>9AJJ07fCCLXO;>-iP&)h&zd-{ye%*^p4rL0D5kFvgeH
z@0aUgzx<_bNYF-nPpLK$W(|G>vfpDCtLXi;Gyln2w7bK7cUCPUuJNCx`>;O5@-ukD
z{g}#qzv}1V4c+`D?(L5g@S}cz;vN&wE}G7g^`C9^*O}YU?~{
zPgq;@1^(J)CXZLgl1$dt4R!uv9z0*9<&Py<&u^3D>#6Rg;Th&*Mqkh2WNT*9*37)X
znkCM+x@IQbntjKh4^7xULf?
z_4yB|{$E^Fj?3>l%m$w6G^E)%|7<07z$fhK!+LM!^*#^jbq0G2W=n+g7C(DLZ5>u8
zoIQ5xSK2vHHLa~_#mCL#NEk+H*FRlDrwS&WS4}9n9_Un$R=5eb|9-Ga_9(6K*Lm%n<4WXPWQ4hHr@@ePg(!5QR
zb8*|EhNb8~=fd_4R6fP;+41fa^&|1jS5g!o_4h0|>HTE^ankvp6^i=J)E22Ia%HY^
zTBLHB_iAn@%;(7UJZ(AmW0C`NMRap@@*DjASHgH3GQ}T@=^K2X>lHOh#`vMj;`B1J
zd9v`jmhx}&B(G02)R!!#pC;ctQ<%*EEz_Hvtzh)z$Q1(fy9P7iWYE
z$CLSSr}{62SEt`^tL3-yFAE6O|Q2j_C9GC^t2Iz^*BTd1$&ZvhTB
zIT{qSk4@h#()Si_4+}GP5)89s&z{eIv#q#3M)qg-Hwebi1G9<}%
zU0+jleYMQ|ES0c^o{mhb@KgH7lm=b{wk((V1*~nft=!$Fjf}RjVh*d5P&&w
zV61EIH&dmZB=}967e!fEzN1tdd
zVSnPD9kZ20Vo(mA$B{sQc_lD9_p;}|zSRe~>p2+90gpBxzuiWp
z7RhOOMD9y1lDouOe_v_|JnQ}W;yGVB%oEDli_j)mtWmTm@Mrs_>)#@)6UZbiORjKH!U7`nh;MPn`=3)k)T;_2l6_
ztTDbT+Hh9-DkU3ndcs*6a9FuQ1fq3?~ir*e|b!&u(d+;(k|wXxNY&Y`F512b2S~739i>YoV&2E&SxP_KR&$YJX67VF~Zlj
zJs0;$p@cpdie|#}ZtE<}JKkHOJ=+-1Km9eX{|EVd$ew{y@Ow0WoeS?V&*uLPr3K&P
zc|5tOt5+zM%)@`p62`j0J14w%MH}l;sArhXS>H9}Z3;`j<@KC(jJPw(gVpGZ3Co4=
zW_H<8D03uUrkUOao#thZV422XHQE8F`9m~6`uTQ2{yEylD9_)H`Fn%a1o(xk^`T&p
z|2wE3(;0+$N5Xh*MEXO8#p^qCFR5=53#!!rGu^-|=25$@!_@zWpZotAPDpjBF
zGpKW^^J{q7(&v}n|E20@(GT=irlVD%_UpZSl-B|FvVm^cOhzxz-yD0CpP`*9AyX{R
zZsj%jMty~KWP;`CZB<6+n7$7y^Put)d}qbKcPqp2y;4}Kh$M7D60+n({YIzd|0o_o
zl1FWIkyEzfh#UPgQXkMQGJFrU@p~zF4grr&1=ukEJJv#c!bfxL2ZjiVjlg
zM12@lzU?3kxBN_vf0n~>OGCOr$Hbq5IvXO@11u_&P+#}c9Ihi#4*l!V_3sZ~<@V1x
zS{!wCd}@0?=Ivdy8}$VfZH-Ucd4JmG+igYFG#GnkqW*_n(+x?)k?r=yZAh0o-zw}&
z!yoPgv;)eZI-#mObbenh+ITlAl`eqvXqv^m-XX6@V`bE?$ML)sb
zpc2k1l0S^w7ANn|OWFGUU`z`wl6D~5Xt#~$VmIBhA5h(1+_x2c-!^6AxgI>y|H)b$zaUOuDCW+ySvuXb
zs4<32XBNi?=&Ovz3#p5SZwV@RA10uVu~QAJzZQ)Z}OAcb)40a^GE#Wir^eFM{8jGUv-Li`Elg8Xao{iZm
zZu6xK$Z`7#;=_JNvS{3Fx6Ibh6=CsqopelgV&0~&SMQI7&3hPqk3ilA7@P3oQuNzw
z+QRFf#_5L)@uQkYU|*rkE1k={5N1&BFc9G9U)p?q+Efxe*Hek`bun(kXW}r{nT9y)
z-I}HRCp4vL@Y6qM^qoM@zqI7>i&0LUIWN9^@!B^?ab0@3taMjueCF@>^7GF+;ufHv
zxKF0%Dz7Au*PF2Z*7@xVy!~{Tw@y0#b4>ov+c{uG`TK<$v>P0QF|}7R9_L?q`Y!9$
z#XqLwhrHojyU&hylh@mQDE|xRT4`+6ME_yo+yY-Z)stnvw^d#r(d#d^!nZzNPY}NK
z^l}q?C*qIcRBe5x#0CjRisEKB5(
z8ek3rm0Jen%KHYYv-Z0%4x$=guQ8SBb(0iczy0d!x278Fui*7>=k@=F*FT-Y>re2@
zLC?RGtK)Anxr`3|Ph_J#s4l*&O}tA9n{QWsN8z|QoZgE%QEOhv>J1@2ymXW0HW~xc
zi+iQ_X+@2zdJEqVjnD`5Vc79m^Z5HZc(=tWC3}p<>#S8}D<&dOUYUFU=zl;y_>IMn
zy{yQ7XnS>~F@9`iLi|`0*$?MQ9m=Ldg4N|mzo=-FsrFAw=%0=EZ^**r0(V3ITvT7Y
zDo{kEiCrnBA-t1VMWmP(ch%*;GPfoQhssGzN1upj$Af((Ru%&c(;d3>+$8B3>$Pjf
zRSWYM!?bheX36y%UjXYDOza(bd>qr$ivrWuDljbfR2wrZ4b!FLu?cvc&{^(}#6BX*|_c@i?%{
zb@3N`JPxb}-m4PvRmkN@QDe~ZxUXpMvtfaFtyY{bqR0!S2Y7nf0_hDry-4-vmin46
z#dsG~ong5Dnp`B-YuBQ&USXYNTax&wFjk*x-&|11;=I1kV?k^;8|^!A&2YWcbvg_%
zzfuPue=T2apnpvoe!B+XJEu3pXXp6(_6Pa?HzlXzDE+4^FF^TafFH09E7WlfKNq&}
zdiEyNL(e~5`Bb3!+64Q61)fdBPW2Y<;l5+M31#E*PhI)F#2dnRX#mr)M$!-x>;XTu
zt8@hXjl>(pI#qvzQSP7cj4;1m1O68lK7Sk0-{Z~B0Qyu${7X3gU7yYH@1uNO_X%uW
z8_9*EXS(l;^w5~J|Btn+502`(?)UA!UGxEB!HbcnOtK$>ASAb|L>PGj(tE2Xv=Z1^
zV~m-MK@x~oHgdhDGSwf!EQK_rCgY96U`^wgU3tN7O=s4%f|=F|(71{Cuq`8O%duk%
z3@I`qT_-}8TY-Acz4v|Yu8`aQq1n~mbI-f?+>dwex#yf;5ayz9HSTL`oL*_$3^};Q
zxd#5=Q-n`Zrr)JQbtZ2>yNKGZVHhvqv)voA(b&V``XABr%`naJxL3{pLNYPZP4;g?
z`_^*1mGJpDl)0k3axJ;H7x9iB_tShszOObXxA!=_GM)ouu~bI9
zM!bJIg*d#GcT@aK8@Weu!9GaO-AkKk&aLrkeAld!(WeR5NXH}G{tN9%SL72MEk6RZwy>bI@?8FE4(?Xc
zkV0B^KGx~KcavdgwQBiySS}cio?_DK^s8?&Oxjip#)Hn^Ouqo>UGo^dA*Y&7Z#U78
z+`u?c)^-vg6a%)6I&CY^
zwp(c1RoZ?tZPg8iMcZzXdAr&UYCAN<|Es*A&CL}=!0BD
z(3kc;Vs2B|ESuy6V($_qTYQO5uiHjDCKy(4HtddD?LSo$Oh3&Qe^|)RZ>`R<_^xFh
ziVNH3EHgjDxhjR_D*kK4S(X$3mC-T$SB=hq|Em24`WAc#zGe&~hCM53wiKZ0wxw%U
zLOWJ>I#>0ua&L)>kwkr{p!^44lLnAC`n)Zv@JLa9o?lWS$@xSY?sS$}@L+3YBOWYb
z$=Kj8qUG^neUA{ew*Fb0$&qG?6;oe`S1RVVZ@@mKz2dfSlc+BZO*OnlaXeM7mN0O90$ye
z?BU~p_piROClNQcWR~&#r`G#xFU_HX_3{k$M75rwjnQv!NUCFF#gRq%8F6Gk-NEFy
z=Sv+&7Tb5F+KeOH&gYS~mZ48L$JF12^EL2W867(ho(bTciMl@8O<*1+$>SJ9%H~lX
z%r~q@eJ}HM-^*`uUmBIquDck%YA0F6@m0O1-0q!(({1-rA1kC2++h>;1kyBv%)HyB
z5XQIU^E}y!XBShy99qYMQQJxVpliH1{tWAs<{uwD1>ZGZOFgtc<@JS^#?8?0%UJBF
zM)xkYB{RBZET=WL`S=9WD_VJ95l5GNXwP}8TILZ7Uok3V`$b$IL}Av98J}j<|x*|_gvzJEWe2u
z=wx*wfB#nbh_kS}KTH}CA2_iTwr8l{{eUD7Rc|;v2>b3ic%Ev1?uXy7{kOrGQ@I@t
zh6+$tE}3G83o%J?lY_qfYZ&zd5cT>8G=X%B8tJEB|X~fO(T(XlUpKAB1Bn&5#(u6&#
z{c_X>H27>RM~pAZZ#yf02G(uj0V%i~ZD<=LX764qQG54G8TpW<;CFGp6BUnZs2(xA
zMfkLfn}ZCSv9>%&YC|o;3$!nU_?IIM(u!hhFc&VPkxw>EMk5cDTP_}0AN$Af4Kr~N
z|H`nwGTWaWJJI-T+ces5pMno-|Dv3DlB@oY?Q>4iJ_qL`PT9VpdWX1$%XlHsECiZ5
zPE%)kmiip{H1&Tf`J2Zvw;YUPN#}dmqv&(Xugxtt=FOq+M~UXwb(4w|oQZxXkwr(d
z*&o*bUbo-ubw=X$wat=$dvj>Fo$AlhZnsB?Is*wEV+3kzRu1#$p(ftVZ
z^YNZ*G*_YT?(wDpm4^99=rqkh(?8?uzQDLS?~xTBr0QDk_;>BR4g8}Pe+M5D8RwkJ0ca1O%9*sZsJ<-cMp&aekLz6qN
z<6T5EwR@FOAHmnQ@cW+;c3-I8e}1L-_Ys5r8Dub%NM9-c{NUB;-G9yEHs9G$_ovWK
z*pDwW`Ol*MMCdCUHpoAE6@9IKc8Hd1xCeS%eDhV5=dA7sxl@k~b9q-9X_j*uJ>QyM
z=7F+4m}BuTaE{I5d6D#Ta+Ss1M}3O>kWEO37<=OpP_EV
zc%Uv723;bg=~6xgG3?#k2WdX9bAA|OG$y^;cxw6T^zlp$<9+^r)=&4&MT>tJo;v;u
zeNgs+4zvXJvKXB0Me$<2>_)8N3-#!GxxnO)(u&yGuNH(QdB?;O&*=poMa3NIxLq2U
zL31kN|3mc`|3sn~I!1qbiLSk^vg)hwekBNK3{$J78XJ1j+GguV!^c6*t3CAXi1(rvG$-$yPGLP);87zv>
zy8^s3=qm~UU7)8Q{tgzH*R*N+KA&5H5l6Gj1ZEaMN#Rf@4
z%n`(|nDu?>k8rNS@|i{6SN1v?o)3JcB=}8ncwdQ4(I?T;Cl;^v|J$D!v?B=p5$GNN
zg;()^#MrgdzB~+V@Iha8(!PvBUt+v3*nSDxzmNB6AGc)`VSEF}3Szd4OdtPam)U!I
z#jnS@4I}
zUsBJqe!RCG(rEkhGq8xtFJbOzt(M)nbF=k*I@5N+znc#F9}M?DlrO_iOk8K@Q_X(n
zvS;L4J>$Id)OEHQZ+4
z7j~9)$1n$kt2iTOY7ghB(Zn)onmOOO2A;X_mntu2$6s0izt1zw2WEryg9290O7
z@fo@RTU@YDf^LRo728S3_`J#s=-VH?-U|9&<@F}IcUbjo*98`zz{(0tHrUZ2yhAKj
zj#%!-j^Mq6!9Exi_b@yocNpIpatJYhKd%AV_)-C~DegbIGX$Th2)AQmehp?L@l(7#
z#CoeF7he?vQ7Lg_mvj~OV6=s=K)hvxEehZJRa_TAJ>=(``28=mGXQjC2;-$aqs7j`
zZsKzJ(61Qw@WbtnCSR&+$BPv_CS$=6i)Uc_pF6nPf^jwRiMqBk%Z9YFc^PGIKpD*4
zL)Q565cH)=@OrUbRnVTU8LU0CczgDJf_V@0`KZ$8&1SZ5_@w92aYtDkx@E}!)-pxB
zYKtLWwPl*|sx8L2OwfJr%bx%3W5b+b`7~r>`Rh-?zH9lA;
z&~!RoFGS#6{s!jsSSDk9=t|TVc0m7K26-hOlqsGUVt?U&mv}<9;C;y!ystGB?+Y;?
z=aQ<`Q1&|kewz#bqrHw4v%51g?k!mW^XZ#oawFd7>HfRXkrIjr^*1^`*bF&{_+U7P
zBhE;iVK(iSSj_4DGvQj^!^_jR~vn5bvhD0Z&(!`+4*Y
zjtGw*N(mK-Q(;d-gIFq;KI>`7cL(HrF+WJiP0-hGzNY4G!dyS|V2?kGI3Vy@h1e<7
zj?~O;u%#*g{7s=s@^I=O=Sgxwl~gxGHoh`QZoc{v$LHy%_&mQd;qz>NoZ}ySXvF9F
z6~*WI2A{|0Kg`Tgn4YHnpzA}1|CHT7fnhyGgdgXW!va!4bss{WKbl8=ag@p9D#+ur
z`gsA5vKQn5eUAGNw1le2591{Vc7-s8$1XmiY^w0UK3=Pc;@>Iko`l^MRg#7jvrm_%
z&<2k9UjG)5LL+3O1>37!lT$gDQ{Qh?IhAWTM!)Ug_W$2x&*f;v{V|>YpicVc)cK=T
zOuIsH6y$Zi-X&DWi-nE!ei84aBEmaU%%f^JFK+Cq=JTdf^D$vKZB_jL&G#`}Hs1j`
zgt8Rj3~LitDO)O{A&1zl*u||%D|{El-HJ`TR=;rU7l?rbGF_-tB9_nC^V|nP0iF#h
z#Iqg;dE$F;0_3UANg`}~1?OU#%J{SiKW%`=1h;-*#7{d-WxR*WIP}5P`7&LC#s3lL
z<6i+kP$CDL?RQ$i`n_wy?uLvZ5S=_%%Ni2&~KL@cR3U!}U!lXKh
zIT7sc7Iyczy_V|JV)|)Cg0gv-L*hU!y^q8`7xO+}<9)t#FVBDQzAi7(9aD_)4EFS6
zpsQ_6CZ3fg_N)l#WUHCqg<~P}v54SzKaKgK_hXI{=^
zT?z0iPf`BMR?@SODv#NCC#LFQIWPz#?`6jzT>qY~!vTMa31mHkRKCY_HCi4a8RtUx
zd-@qNkDnnaZESwVdFRTzz5c$Ut;xQkGEc(MLUZqvyyGQ(MNfI8n|`l42N6pSbH$=u
z7El~7kjL#_Di6$+f^wzuTE}#0pkY28WFhq*!+OSZ8P*|Wb28y*l`iLq#WLCvo2Q%q
z;obioe$}`m6Tj;0c^$th^E!4FEw^A-T^Z1^t7y3e
zyQ*)1<(Z&m7VN4c0}Q*0mRYc?Vgn4jit#j;bqp}o1CY}i##COsen6}xJD
zg%P`|I(ZxDw^3M!ZqlS-SG6|r{tslwu0ol|G1s$ruaxHe2$5-izXy2Tv*&vKS61M;
z>?%E%eTV0@T)#6N!L
z*7r|^?5WM+w?!{s-p{c%#2?np#C(8?@*%foyVSM?n19F2%V=%7PF96vs;_cnFPHu4W-#-TZ+LIwaiQ)%g
z`52TJXW$j7K3>1CUw5-_floTfy(A$U*rw@`()l8{LQQR3`~RES@G7U7
z|KiPC=RaZdA~R>w#98&7q~>KetpBr2AFF`9am#F$-_t+V(hzbsCIxrBguWLve|=?x
zl(4r*Vfe0=$Lv0jTAsk~P#)stVOl?EsK1KVN4zZ$uit0G`T{Gb^#!Sl;t%Yg{pi4a
zsiyg@=SEq47U#DShej`(c^2`gJeP}6Uo+rKW1cLK!;K4!ux(ChY}>Gj`{8P9M?
zmEGiIjgJTwi;Q-{=g#o906*kyEQ_AOyhWM#UFW~Zj&qeOKBwwTc6=-5i(%H^W}abp
z{vjvg>jb2@Ly(;GPI$Qf`yi`F>AW@PD@=WniTh-V|2m!d{1Yp5AC8q9xc+mR`EdL#
zJm>z&OrAO4f2XJ6-(s<6mq49DSFsXvi#EPr>1xQM*k5w=N)Cf8imvrYwS}P_=KoVI*X1g
z-fc;Sd#u1IrniPQ8jF)y5L?u5P2
z>rvw{H2)D8KcG3h(6as|ibE8p=fnRY?)syns_y)~GjApd2}39YW>w(5NmfY+I9Xsz
ztC9OMLuL}72Bn_t*`8(s>@H}}HmH%oGm{_P_H_Tq$(wiIz3;wz@ArGZ_xt1XWi1u2z+U4ev5vMx+7=42D47XIQb9;4vUQ@;KWi}gR1{BS5YTKkkG=dC*|F#ANA;wW2wSmb`Q_AsmLS|~H~w>84q
zaN&8i&fL?C>8wv+^N9R5=r7+0>uRI7BHs4brk()Xoac~RkNgUAg;@D*#50P6&!&DQ
zXt5OD)3$FtkNIeu)6DY*puNGx@znxh&9jh=xzV>X5O#CCo%#G88NMN0ND5iHeZ!e^
zHVp04Vg+-)@t9HG=X-?jF)hwd-=9TVPhCqYd6}?z%Jznx?Tx%Kwf4;YE_?sA_O;G8
zGWTCw{>wMSIT0~jOX2*9dwn8rJ;$f$$P+RH%G;V}J=11uY&n$M?fF=zLDoTk=WlpK
z9gnRJgYp6eW1-&Fq5q?uz?01Nn@3tl5oqBr;o`P1no!5qR#KIpZ^N?g|}k_8&S>iauksMXSXaGZ^oajr93M
zrhhz~_iAyiY=ko4&9yuSN{3oI6Zz>jwH9NZ8fc{kvQWGvPg67Ne@&J(LYa@OU^BPf
zT$}KyHF+}kl-W1C@56HFTLafyoYawa6s||x{8B!7_9bjDC^wQpXgeMzl?LJ=%J;-^zO^}e6k|Ral$9=vF}QC8
z&a)`K592-a$~i6zUQ1@o#86$`i{EOkzr{0q_31n>(@yxl
zR*Vbaw)4b0jMK-Lvh34hJeJt<@4-DT3*vg64}CT0YVOZM=oS_Az1HWB$Ygzc5c)!?2b5>&)*|*bR+M-gt;Xq$v0--zXlFY4L{ekpZGXN
z^`~&|8i@!Wbxk+%ceYjwo&BCULT7(LVn==Jps-U+1Df4x`tW!(eYNy)O?rBDkPW($
zo&?HPT`zjtbm70p<9-nbjQfsNo!9FBrx4C+AV1k{Fni_uek0$f$oHXL0ppqss-|_?
z^H7Hi^n|gl{66|*coxCA7SFkZqj*pBuafJ(TPRDdBY`xo0{vEL7=9Z^;C>HP)A$ZO
zl&OQhJ5vL`g&bo7%F-AUW}G-;wjpj9epij6>+;*UU!vWowV*+T>vHudT-(R%)v*;r
z6Sc85!&eo37gbuJx1GQg!AqV
zu;xvA81TW~=2^q@DWT6sK1sYX;H&5|ELIWB51hT@Z^HezV4Ybs?97|I?ltt6{Xy!_ldnNw^=KfwX`TRUyIqZfObk3{
zi=LR>%=48c<~DPG*2Gt1oIhS=uHV@kIX+Qh_TO>)*Ym)mOrItn-@8voR>SxwXE*Du
z)zzu{V4vQm=sb4s0f_~(=~YYKro~CAe-!ie#0=K=td0L0baN8R-foE1_qD|8$HsOA
z`mfkzgS6hkmjC-zlwZr^JE-uV(Aq@|o1fJ2n6nSH%|1FYW1=PXK)tmcl-f8UI$4j(@A|QG448eIr7Y3&&LLiTOz(t#Jw|o4jMNz_?EM|EFQ84{3+p8a|2t$~G3M0#2F#0M
zk00%T{<&lfC9fWV*sF>#{dxWV9pqTIZy}3
zw%gNOv)|KJbHq2S4)~6%J!1#ezdWCa;@(KmHto6H#$S8);d|};bus6!>(v(eaH@oq
zrt?gp%wy1y$m8evD~`3`Cgg&!moMQq%NbMjrOt1fHLU5~Fdxp9WonuP2rz^+Qx0S>zJqg}9$%
zWACcwdANjxQ+^mf-~%eoSwSYg8PALP4}7djNLfnvHgl}b&&HaD7LY)t%fFKKl0bA6
z_VH=TsYt?8t6zub4a5(KH(ThD0uFu95qRb>wdNns
z^EjrIkLmd1iP$K(51zM;>8EgwG04+Ne8lbpYx$hIvV7g6@ctiCyZ)sxOI|4JLV4lQ
z)SolI6Y7+zJX+0|K{3dutAVpRDqADwoZL-EAzg_Ht9-muaRxFx$7Q|K$Uv
z(}rm{bG={mJ!i{BpBOjZ$4wG4-X}4|@l9lnFM)Mo(mL|qi#`*lNeja@&j)qMC!gUy
z>1BqSX4qGNKY$$J;18&yz%`6K4Efg_8~@77c-AejC^d7v{2~0TK=~c;AXT3y^e3a(
zmrQ(KYy;&zontxcsZ9Sf+@BUmpZf)f_v#O>G{?cj=D_`&cwr2Y-eEjka$I_#t%>M$
z`Z)a0@^`Ah_^&kW4oljd2DF==i+#!X=FU99tp&h$yi*hZQF60_4S7iU}^yD3fo{(NnNLdj68~;cq
zraYy3}2CuA7gH)`lvUULVYOe;2LO^3Vdfo>9(1ChVtT&*MOuz7Yu
zjH6lpBcc0c4xlxd1Bg7E(2y=YiHD*Dl|8d^g$nPBUU$Q_rA3#Udd$!kOcvBMJ$WBw>d^_
zi9B8AuHU5{YeB5Ho>MoGTO=-|tqguohkBdLdhTYO^ExPdGhOe7B*+D|_Oe3wjXYFq
z*P`&>$m6*@PIFlTeRq)u`5?W#ajdBSIzt
z`2_0plZWcxA&L6$o-=i?1;Dq;Ip11n$Jdx*J9k4n9o}+h{(85C-ANt!>o@TH_3*s0
z!>prJgyGuolQoXKxiBY2+TH{W{|K(%MsoAM8GQY&P-7T-FwPoQQeq7kPq2mupTaeKgTQ5*
z4ZLtU3*(u{v>hA3mt*A0exF>^$K;xR6V6U=K^@dF7d0T>aGlT@<|X9%eOG%6e!EHh
z6vtfN7l8Ruhl`9|D`VvA{LG1V|C@-OvmUPlJl?E>?=@BRmi1>SG~1SEKHBE&g6Aek0DHXy+3l
zQ<-s+ux8&sn@yWv%(O@UAKU)-vpMM1YtgIXpx2O%USYp)*Wq4sovD8hT$QY|;;SC!
z_XREA!fDx^rsW$Zq~+t|$v+8P*QWkc#MoNj<)rH;&rXf5yW$haB%)2dWgP$2`{I+^
z56v7*lpNI3GNa*)y$QzcG(F8m)7CRZas2j$PMZFzMbr1f8bf~yH>c@}_|X=`Vy>5T
zq)8gtq8@EQ8i>Olvs%)qtqguwllbUH5*rcn{YO0a(=X9yN7}O%aeu;!N%?z+_YMQ=
zh;>sM73-z~?yZjRko8eN!0l7sdRQZ?GWh*M!#-ZFO#GLfLdHgUxpN#DdjOufF~i@@
zl*zRm{>$d~J~WIpk@1Z#>l@t;nkcO^zb$Uo;cL1g{Y@_CH>KtL)^XOPx)bBHa{D(;
zbUygt=aZk|9ro{^i}h>Yp9**`q;nC>tB!by=$CV?!0TiZuahC3-Zj~HooG)Ua?<68
zS#-G<#JAgHt}rXMLD?Z4DPIY5(Zl_3@0GSf;b&D~#d(_FGutnn;-7K0eyNM-eJxG?%``MH1&Pph<7*>
zQLC$;iF;QC{^b(#FF8IVV*K`IjL(bEo`oY+m{VWa@ucuO&!qrMK(xOveBepkkKmjA
zHDSzE_p>Rq7oDKJ%5-~r))+nl?Y{u+$K{+PMj2a$Jn1qMx-;NOs2_UVj<@pdF#9sx
z`@Z~ctjqb?GRe=X8IOM|z?>EwkA<=8@ct8`{QivbihJ)&E}7F@pYpDXH?L*USxR$_
zcDwkGILIbeA(yYn`Wo%?roL9k{8;7nFhAeP8BZq4&q4WJ6O^C4+|;*ug7UGkEddJe
zkLA+$8%}*&*H47(Vc{!^HvaWWQ(tYy`dWPo*VU?I3C7rZ7bd?j+{7`kA83&NKhV~f
z(*E{mBE@n&{{C~5rwZFF?!VXP+}{dw^4#K|2%cy5?ba)k>$*?0kFV?QY0nuCmG0ko
z`|H+rD^I5Rd{llDF?>2xzl^pvLRY8^&JHM7cKhnpZeK-8nhxZJqAJ>z3EI4PP6+8cCh{u(kcv3I
z?-2D=k*ptv`Yv97g<6^yh%P{16B6R}zsYmBhTuF|X50q-fb-HR)MfVGs$zV^5ZbKs
zrOmo=uCQ6xJSg!mw;w3Q{9ay}pV;ifIv2)?mZut_zVHPbuQ
zc`(|1o5=rwZ6j_w`hU-Z`Rb&L;);CVad;p4P4&<<>T%y4sUtGyS`S^6_J=(|7fE~L
zBEx`d^c~@`K`1+4b;x!;+`!L=@Qgv=9GaPL3EEW6wUy6(aMyI1>q_Lto|-OZJo+-|
zT7Le?#MeIr=OgqVE+*egIq9XA+uu1ZKb)NFClqxJhr-+z%jqx_r&Q;($H;ZS8?+jU8CDv9IUt8V2hOVsm=WW^Y`&O@@@q@HUHT`7<>HNUO
zn?%m)z3<`qf{frA`WxH$Z1vVT=D-{mXwR^0%+z6H_B#BUD9^cN*_UZ_YW__$Z1ZnQ
z;W@FBs$H0u2W6mcZ=EXEnx5*W4D&*FMd2H_^0`rs2Dom7YXz>8-tVjbANKG{csKgU
zcl$QOUwO*zBj4?->&kUrg72#r-&Y*ay+O=7<;YjuO$q!az<*R&KUF-RwtfDmgn$0{
zMETK&`F^P@RW&C4PgB}-58o>*p3e4fshD)XJec0sDjfUT0^7c3^5@~31b=RtC;0PI
zG8bssb%?Q31m2DEF8N>Pu0A}f>dc=znU4?yj4)`d;N1D(V+L9$kZO1m
z%)OIIW-?)I#3<>rViLqPVrsLBg4VzUP{4KjAf?JaYaeIAkfgh8_pSt+XCG1`(iOYi
zZQ3A4MHy|N(Tc_z16{1M?|aU=dZzLn@dp&j}j`g+V6`ng4x`jV&IPn_
zggXBd^#cXaZne;EK4Nzc^6-CyaO5v;2L8g$^YXqvnED2XJkk8mA&!dl`R}Nj9Q}@Q
zzIIuAV%@SbN88`M6Vj2cU+Libm5xd3S2`*(*Pnc7Kg4*#eINY_vwZ;lA9P@0t(=P2NkG%Pfv84
zs!OffBz}};lNi~CJ~NV3eyQ@mXk)$UnKJR8h{GM5+9)&Zq`Yw$Oo44Emn4BtllGyB
zuwBG$%w}FOhf)8gJ7rg;lm9=VVwtJ>N;>=(h?@>^dU{Yk)KkiI5o-9@=y?LinH|o!
ziI+WNFI7Rm#hanu&>j!Irz|(Js^mXR79bFK<+_c1rcLmL+2c4Lvgr`~a1mb4d
z#f6#n#jrO!U@SYwVpVvCM!o4Ml(VOl_Cxy&a+un6dw4msp`84pNClpqFdyFaV4j_j
zXSjG)iE562zg0I*l_}hhj1K={D`F>l
zqiwglLRS+pVIyS@#Noj)YlHPZ_Z`F=&*K;@DZHHMR>bl!1`M$NdkRH)G+Fi+Xv@!9
zbTl01G_2do>~pca(YIB93k*Xb(`P|wD_`$g2-O)&!~a*~6cwvK6=&U=!X?P`zc9Mx
z;xeX-t#3VBF5Q3XJZD%DxwL-0kA`(yIBgUoEfs!;8t$`zPq|K<)i
zuD_^{rL{vA8k#rj`!+qUW;4nS8%~c}?XF@=esuw{mtR9R$;10vJD+S|_|=OxBVOEv
zpl07g_1zOe{XD?=+*F$Kt*pBIVa5G#Q?JW8=BRq*-?`sy3-!M^Bt2K=zc|PKs<+Yevd~IA4BIe_^c^=F8_B5s&49w!cgvp5^#W
z8_eGB$>=#+ar|$bc>HZBY28Q2!ssj&R|m%33=IpI^
z=_E+Ef%+*Iq7%`I^c8H(em+7SOkt-;?W_L)dsv9`Dc|7zl4wQW2I9L&%PEMLc>D|=
z-`9$M@x%%Xm$9FKG{rp46rSceOk;IuY5oV&_;?zk_CHPI)Y2S|=+j^)^Opep8rA96#)r=Z;dT+_hBFA$bD74>c^K3YF8
zMDi6?ml@_!0&UeXE!B6a;r@bYS%jYdFn?6=M2G1A`v+8-uy3CeJnirt*60KJf57OA
zJ5NXzZrS=
z1X)h!HT6r)>CA^b3pIOLZfkYWN7uVNh;yfv$KzjP@iQTQb{c=jzB8YH+qd7L-_>p-
z_qK~LhJNdl!oRDL!ZSxU(L2Vw_;@n@fMEcn=o2;iux}C168rIc5qsCw`z;@#Yfq3Wu%Mj-#Gs^Jd%C=ROjB!eC{o$_aJ;cu<=E0MhmzM^mihY
zfv#T9zDcqcl<|%xhu+c5jpu3Ov4Y>vcy#wO4()zMK#X6C7vqU;
zg|(dBV>~WxL98%(k8!uuc9kn6jJN_!ZYzgG;zHYxfJofR5c%LhHroe!SESDWPjUX|
zQQU$A@utoB1PLp(sH3FzR}tE?dbPFVZ~v^?hJ6rx^X-YT8q?Ol^{M-hD=7y0l^rHR
z&eV{?XmZRUGQGZf=eM%>4W;|v`Y(qMi@1cppCmr)%3JvQzy9*@Vd?(2K0AM!2V=`f
zZ9%Kz$EJBSo9$!MekyAE>J$gT6-V38TzW64-xEia_bP0
zHB1k9R#@BCJ1Zdnm-*(;*Iir>55I44-IpKV*TP(x%=mu3hS9NZ-Q|z(;&qet&-+QR
zfYj`(A>X9)8fowtq=BT4zUjuZ(06BpwU7pF^DP{Qb1>4{*}RI;dhEeo*Pk@~cQ5pD
zd0HPA^FF?T_OXlh@e;(u%hH!u7-bpLm?(C|e`mQbtETI5lbV;V$1iE}LbN?-hWgu1
z_+gzDM_@iBhRJtOPPGVi)?>FZdrwtQXP8{i?VX*HjpBS&N84_fL(mo@Z4b-nrz3%N
zP33XOzoG7({*EF<7IMs&vvkaMova`D885$?+|~Z0bB$s6*7hb+-p+LK$|_OEX{N8C
za?Uw+hhXA&3Rp%Fl<_Q-@e@2>3O_xlhI=7QZ!fOeg&QfBd*A5=n_
z@iyRZ(9W(H`WUeSQJzU{@Zr6E7UC54X*h)_w_Y;VR+X|BMSb4^>6KF`FOSH2JRW>j
zjMz>d1^52hyk6%sDL*7oe-?iw)#Ln?V7g2nC5W{Y5zzmhM-j=6|6nwIOm)7O!Mx8S
z9xC*hTHj
z)$?`F{g=iU%Hj5o$RBJFJ~;3g{BYfxYOM>zX7#`X0UpbWIlXNhT4eosyJFOcqfo=zcK_B9hXtZ`0?=i4HL$F*m*US2}iQ#ZBA
zvH}e!5&vn081fXN3@Y(5%CQTG_&%)PRf2Jmq}B~QNk=Ye?5Kdc$CCE*>NzJ{{@jb?
z{{hbri`ejEf;ak)wqj@>h2k&8<|s0rw_~%q=sWf&oM)m|i$hfL;_&^v33=8s3G<`f
zxI;kxn#I?k?yuD$A%;Lc)$tE2c+cN2s66xs!8oib*bWxD9%r;ytxFq!lfgN_@v*15
z*R???gtc*r1pmqm?AeN7|{%y8~N*}Jzi87Z!?5^UKrs_yCIq%uA
z_riV2Q}doVaRkP162|Wz+*rQj+mhc%mImgU0{)og0JZlw89xoWO}F|5;~ptyxsk5z
z2J%b*`H(g^Zwh2SjQdq_^=y-Vuh*v2BWjGJeTx68KGae7FDH$P!T4@4MB3pShJs5>
zcl+lR_KljeB75b$)5FQc|FUMZwboB
zc+f9};a%o-1F_Hi(huQ%8GkRzL5$dPX(^U#DVJ`9{~1$QSOE`PEQmuNUvP@>K6HJC
z{lQeAcMU(!>G>kGv52F*r$*#w2d=lgd%ipq@^}PkAPzj5iTfU*aW;%Q8*~cjr^Smr
zCh$~M8Tt;M4&aB*G^ur(3sK)jOoma=-rPC9K^$799b9T>@;k*ufkC*a2SO%WQbM^k+pnVKH
z4X!sKE-yft7opgNu22`8!v%OY6g5z6qW$o0!1r4AuE0C`Cyc`XF9^1Uo6Y~H9f3Ga
zE50Y}7U?tMJ>yvh)1Yk!hDGVKD}ecbmWlrc?SuUqC5!f2iGBXkF-LVmY3)4zT_%ri
zZt8UvLtWPxF9b3Ce|dNmSEMqoe5T{_fbRpjiX(W9b
zQBC7gFdq5KH=sS^Bxmn6#_uji`S=*G_vAgjF7yXq@^C}-wZ_I^7rE=eBf9oR?4Br>
zOX3-I7v4_;54E}wc_=5e!E)yFtp?Aw;t=JhZSFLFI*Kw&f_Oz@Chm-&G4_)Jss%UJj$?Rx*;69P(h@aN=TTRVsNneo`)!CB2#BKO~vihG;K?Wb|e
zWGnfm7I%Wj?SwctojX`Bw4sOWwqD%
zFlhh0eqc7?_Eiw~qj%~DRM}{r&Yx2CZCw5dwB&Lb`*i_+{=YlrPwBx^svPM&4W3qxOEYu~su#$}W&i3&SKdX7}!*+5n-%Bhw7On1pe`^-QVm(p}KEZu&5#&kvL
z=>(n*{VjEoTcd<5hBL-uIAg5fXN(o4YWXigKD=`>QQ1|Qm|35Jyuj1#4KN|Z;2l9HH6G*c>FA`3FBHCLa`jCyUgm|l~yJp
z4?x-npd4$vVZ>g^dFD|+gf$8?!fLvU?axuNnBu%x=^D70_O+SXZ{7lB-$F6r)BOeT
z@cy!ZAO0JKLQYR%DJ#nvxKb_4>Y(F6%acVuro}1a%hT?^?iw#2K^YbLxx4;uHugtX
zr~KR@4)09c(emi8T01*8viRexQOD<|I6Xs;Ahs@(Sz#I1@iG)$89B6!U(zz3;brWE
z_ytgg7s^ocPUm^o>GI~%y#Gb>ZsU1tA>Idh(Js5Cq&JSfT8Vf{Y&6{^N#?n*XG#>a
zK4xM#1*n4_v$WCs2OAM#KFyR)e9GMUP(9PzYuy4^{*{^hS;V|O>x
zbEMNveN=85#rtSI#`Au2Sg9dT9z;FqroFA5*K(SM8hTxIBu~L`?5BNeSop6S)P7=X
z@-bnf6Z>fn@2C9`e@wVD-hlPM9)vb9SWg4gqn5Rcmle^Kg?--7%gWq^l!TK-`&)@u;Rs6hW8dnu<%E;4%;k&D4)PFi(vZ|ww
ztZlE`4&%3+(bHd#^s;Ygh9F`dpI;1z_MDE1F2lTCMtHl3yj=>+-tGnPOmY5SXY#E#-{NvE+p+TXMoD`v8f4+S
z&eabb60TFwhI{)?_RX=Wvfs@6Ymn1+GpDWp4j4Dn?9ToYw!XY@ynY~J&g%vSV+g~K
z@$mf+z7xVff^gIm@8jVem>#};7{d2h?9Lt@9)<8?NZ)L-I~5-G&k!a-Sh3j~KMCi?
zw;)f?G%wmtcK5*#ZRX(D-4DM(ct#%y3Haf6{rXS!1HXav!w?R??h*JkmCWgAfU;-3
zhIM^C_7oxLBk3Y_8#C%=^192fuLkO?qvIkRN4bGT!VWs@^`oQ)Z5LkYr~O`DwmNBbxoSFr?rCa0plBYt2JykmWN
z=vN2A(GJ$~sKdQI$EncwFUrK+#~f}&eJ3nE>IhkQ9&D>apE}&c$kO=W-3ZTE2eaK`
zzGay0mRDzECd(7yJ)_=t3h(){^u4Klhe%*9ayoK#bf8?#Xp`ly+WugHjvlLy9vh{{
z|CQ6@)6rAF>1l%J*_590ubiG@pa<8ZF22TW9)R&n^16@0ITL9^`EOD_kbIn5gIN#ubpOIu_)v?$}yN0riTrc59;*
zJ^9fZHAJ>g7dZe3*?t%{P#B*_X{eeUz?;wkM3E(LGZre{y^_aV}M*C*`>M(kUM@>%4g
zHdZ{u^;Y|uft{f1p8IQoy>b`os;L+k%nyipi!kp1CaPf2uHH$Q{~*lBU8rLwF&gKs
zjt3EQlrYZ##>m4w*hgFKjiB$`JGAR8>LlV@Up|x%zWwMd>Q>^Lb4DZRT=x$B?OD{T
zlHX3kw;#Z_BQw12#C_O|;-P-K!!P`s;M;HaAqY?SH^DXmdHBe<>hz3iu+OQxcW4Ww
z@frCKF_=gn-|D>x>32XF@>V4HVQv3xCT$mb&BC<)wld?glhr8a+cosw*Ub9fcLww;
zz7Lf7;v2!Hv;6HK|7M^MSoqd(R@l;`4a+(Bdo}!B=rhdzuY%_LAn#?YNTgwD^o&CI
zQY^bK3gP|c89p8^1)Vb+VSjw@P|ext`KRIbFYCnnwM_eO2furX2eBOtcJ=jaa$Lmy
z@;Zk4?A1fK*EMeI8p1aR$L%k9`i8oO?;!cux(@yC!g_>Q7?Jy
z@MSH5v5$33yK9(2Nc=|uP
zhL3+;#OZ@L$a(C7c<66#x4rtHS?;2iC?Z1YHIr!Xy_5B{z
zs}{bauWK8QmzTPRtJjL}cQLjuid;_oe)(<#?UcCB$YlAK$h(X2PSzIHM(#`D
zmFi@^5#*t;#N2@`dA<~X4qNitMtFQW|9&N}P25=^H-vI$@k*YL(9yj-8o50mh#ubo!1ag#3o{wI+BiTQU-I>xJ`P}zZvOP-o8va6%9eLl5
ze{aZO7n+{)w@U*22;L36!Ip-4k?Y2%2i*4en=H<%
zKnT)u?`Q~Zx=WmSg;-kx3+0IM_B@?#@0CoC?kL6~o@o2MdUovYG_1=#2|FGAVZ)lE
z6>2-$p&bLZrGB)rLSJlHree-38}MqiJ;uK=Gh~f*1UB4OpWuqAV++Wan>hEZW6dKn
ze(zyDWPvt9jC#(fV(?rZ&y}07-M5GQ!f%YQZw~QzYMUzYNcQ1dMp=cp2`sjMwlS8=
z{%F`8^QYhZUuqM_=HWTWtnEueJ~-=^yL-YoLWiv%N>-=ijYU
z@q>KEeIpdYx?qR(@Uger--a<}It726N&ImiqTMTuITP*6`yUnIvnSnmgrTj%&~`Ne
zp~KSOAhY@E-|O{&RsEaakAy=VS~cB|RM!c+*x~`?sCUMgA35q(+t|@Ct|9Y1ZEt1P
z6@1gYALt8bx4+gBzD?r6U(#Da!9{){h-b+!rG3M5-odnQR`_-xo?6C~_fI+USM&NQ
zrK^_dsVwQH+<%0!zyEUZx36D7KA#JIb%?h;p7aw~%Kf`^d%nlt{p(2|zOke~9lrjD
zgueijRfi&)1AVnZA3EyPbg&)nO-mcwYePKyI{-fa2dBqBjJ)^`s0+S*#xi1gKxRVD
zSb@LfbYn}1-ahm5?;!C|@^auC(@%njK0`Hq&#s4xpP%i(?)8n@&rtyINfMa3?)IrKL
z&PRp3K5=)deZwVwW-t2SVsJqm&#W4}R`_;;RUq$Nz^z>{aUEjpL73|vCWW5yckxH5*7&H{p7rZ+V1%zN%}0>-nybjkdiC`rM??YW;0;6S+u%yS>|@#g$*=+li?DfvQ^|bibnpMo
zZ2oU>?K>ar)Y{#6u2IT;7GDU~;u?kAdBlB*HvbQ44o@5G&C#x??D4MQZM1*eXrc}x
zu(&_+{LD1*oq(PE)|92`M|rGU$2VQ>cMa2yzPcRTU-ej$KlFZ6z75e>uTcs4a~lZ9
z1I88PSdx64_Fe<`xjmq-=6VOt>u=;<|0l0E&?kFS*PHDI_pRf(d`ewo*rYXPjge`M
z$!(usX5@ZfiFWCj_kW#Az8(BsTzNN|ri+|x%&d!COSw|kzs79(`{%G8=pU#$ZC*Bg
zID>vG+q=Z&X~D8?)2jJcgYONho|Ufme%v7XV$Z4MT=L@_`sI;^?E8;I8DjO(nS;`|!Xibzh1>T=CHMh5+QL;ckH#SBHa;Ie5+>J&5C0XO<(7y87fd=ABW
ztR`Io{SFELCinjoknC9~0-}CAP)QocDi+-im8B&c{2`+5v4laBju>
z_YzyRDdvP%P1F^ik0<8{e`0;}n&&gvk4>k(eEi>*TRt7Mhfer1;&S#-Le5q}{Oh=$
zn!gtv*^&;(NYXrdd+!P6_|_
z)#4l#eSH{YulFppN0Cwv!OfJ6vwJnJ$&??+pBlD(HQK;k%-ViNuKmyI?E4?N&n<@j
z>VYv3$rEUGppMTD+g7Mc_Kj@5U
zEqI2>nA3ZlIYWv0e^v7Q^di<5?*b+?ScgXOu4xSPmsmpo@EJz$3O)2yym6G-J_u$z
zH%%G;tAu?d$W2TC>&%bsb;Uq`8(0?MZ$l%08^}Ya&Q~t@+nVBkE%m*P&N`!7tUG|5
zP-U!b&@;OwWVJNv?v<6Cm%xg?pg-&8w*7jBb2wiAmATKqpiG|FiF)pjcK4pH;m7HY
zvS%go|BVJ8r+WzGIV<>wuHn-4wEtNt?EY|nfi}7NPr8PG=coP8O62dT;Wn1~4#wA(
zGFCK_jz30tm&EUA2zw3q(4mfgDY@vFdD@0
zawWY36uuY2tLJ#a`W!9fu<0g?HR=xLZg#SoSJTtnLvbQXnsb#jpQdmlEzS5$NYmzS
zc2Szxo-)lYic<`6u>P@l`vS%a0|itkkAi)eu%pWbHXd(uJ6ZJtW^)9J316w;zeV^F
z!ehFOa5pQsjfC4Jagd%3aEzaUCHcy(g@=yMf6FuLU*0si8>73dg5{!Jx6^&Pm*j5y
zU8MijioMosrR_U*fM*@b}33pG9)5OqRcr@bwD5Rq`Lo^cB2JzfQq7
z5Z)>AN_{2X80i|mB+q}mVsF==q_K#?PI*Nc)i#i2Y*g@W!tW=1Y8!+>=WY-5PUs;?!I-JBW8Ui?k4ZPif2F0*CWs0DVs?K7#`Mdzi~S`fbJdfZ^|vLTOm!$#JD&
z0W(q#-_}rh<+xwNzgKf#0PcH4e86z5%H5K{DcmiHJF<^+Q%A*~(KGU5W9r{Yev6CO
ztY4m6c(kIVjq^)>6nawFM`?mn^3Re7B%6LQRX9KYSeVHg1d5
z^NBp;`Hr%G?yy&z!j`zksA3h-`ynikzZq?fVq42M@VK|z2)ax**n
z2HK6_x%*lOn-pia5{GjNL7er;IQ~p=oRvII0r$6wevKfGYqN2}BH}F17^f-`hu;P8
ze3EghGRE=oIK@oxyH;YHy_*wdyGe;-;c-0t4Jzt-u#OFualSXfXCrY=j`Q*NsmO8Z
z+|K+ZF27lVWB=u@;nmw{{;N7#VI?0y(*9kZm+gx;^81Ua>?-*B59yq26n65MFSc>X?iC5VIOz1;3u@2#wYRiafwI%D9rmNCGRrK+mg&XA^#cj_hSCO
z)chUO$X|}7N&CNBj#fmbasPUKTcpLxA`{r|-zOdpYiFbGJnpW@D*BWTaySFI8=yZcVN4>o7Pg<{
zfrS0VxQkuD_XRr0-w5h;w=40nz4i2XR^iVA<5j_bjMJb=e%6Pg6%!qyP4@eZP5FMq
zZ)-B#bNE~gKmGit#pZ|qO~&Jg1Ay}zp685^>{m>`!!GRY@psJkAFUpv*S0ATGjNXe
z4{CXyHE2VIekyG2X((H7$b`8C=YtA}(*XV10qJ5I{q_oe?r5d@ZMQ#R)IQhK`mr&0
z2=D`??1158-5wV^!2NH0`3T*AE`UA0A@~YDr*Fmr)bB35hHY%2`WCQ4o(`_Vr(rA}
zBOTYZ0QbRc{2ZhK^9NvB2Yh@?77pMUVAUH*z4$$P?>bs3&W;g_>Ee0j(h0Nm+(6f`
z^D)~0Rtnwu1JIpq>_WeD()|>F|2Zb>i{(8{^*B!T*a>N19nL^pv^y??yqr)63)SJL
zREIXq3+iwZ;+H`koKP-I=a-a@uM&M(bi0qGoc{@VKpS>3hqzz3gXtfxVaGp|eH@1J
zEuMHIjCk}bp%WJi%GEORlLC9Ap?uB>3cAdkTaYhreB`OF;n#^z;$Q{tr`VX&wa_fV
z^LFCCnA1u7-wM2Q7J5?zbs9(y-&-G}_}d|T3+#cU%`&%5aaEaL1AV6y>WqGwIj4{H
z>jut0+d!U{Jg2v!elfa^bN*EJpkWt{8ig}@3u}Nnr0Q>g8DYe8
zquLcq>{hz>kh(NtLNJ{;5}cCdlYHg
z5LNBp^lbJEvEWXa4?ZOsJq@@*mxcQ;DEmd%@W*sceMHB7U}QKC@}9{e|5LzzID8%a
z#4{_9v4O<>kB)rm@@`}_7(198KieU!=G`BdnaiI0eqhxU<^K)k;RIZfQvM@U{wwpb
z{KgCXtOds8d-Q#jf9LN~2mA9i?t_3a%RyLEhV8t57kNDr_HXmWzUjCj-cvEkw{QMr
zUfFB057;n2)A{b_=$GrG{^hzK{Vgw|dDlm0960~uT>fo&{y$%w`C4Jj7Q_1QQO=Wm
zbiOfu2krmn;hE|}sCV_jD2(?4hFsUM{=?5Q7Cv;G&jH#H-pL>TP1o=Q*{Y1pOZxRq
ztk+^)6aIf5rt@#WE#mu!sn08U{pY2gPYNyzchrk^!!C;-_E-buFh)iouO&N-*0XmS
zoc|m1yoK^~&BML^g9AEyYM_$6H1Hx|OJdzEXMK^@x7#AEuGoQ=cRQmz&W#jjbS|D@
zg$JU5J<|s1`V1akO5w-n^8Iu_=x|}=qe70Y5~tVSX9)jUXFK&U;`0c8ZhLEuzyrkDgz@6>c8?8o7o4j)DDM7p>2o@n?u``IQ!ej!L^$X^ri{Oi
zFdNIo9oV~9+TUI{p@s1G-^1^q=etks5q_yh;qRHT`TY0G@cRt-y?@q8(;>Orc1KN_
z_y5w`Xe-A%7+a{&W;9nZ!K;P)r{0OCFz9EayA8oBjs5p5?PpHkgm)7)1801C>yj@k
zT6b~Gx@N@ugfOoFrU$+w4?By{_=j(@zhqv>&4hf~I|+Nao$fzw5`HVw@$N4xpsZ$d
z|Gpm6O7-fDx1(MESpTCvrsT+bMBF#?y_JsqaO{|8dH%0j|Btk%kB_Rl^35=rOg;(8
zghUHv@_~jBbx^=4A9({|W)g5WAZV(51f*_IyAA5v_*(`N1&wH1x`4(nOdw=vYc*=H
z__JsbL@IR67Fh%M5i3f72vL&|6=l!4_dMQtZ(ag)^Uvg*``)?d-H-Ei?>#qFd2@=}
zF~Ww=}s*15)cT`jr*Y^~tT5c5WtmuBgyT#tvH#4zcPW_DR|4aV4
z`>DkKCwRARfc
z0b3?$u!&^e-X$|ZMmjR4jq06T6jUa^g#I1IIBKT4oARB^Zv^x5
z^RX1ud$-#o=KK9WYWs1{3i;FaawwcjXXQNUVr{Nj%PZBgJrv$aYn%>Q);I+EryTle
z2JnpcgY(#<;0MP=LazD|j0^lOtMhB{Jx$_{pVL|DUW+|XW#_y9AuV$KtsHHL2SVWm
z#P94hX@nx^f+X&3wRwiU>6i~C7y3vjNUr99DR0}Zz4GRxHMjV)mJgb@!zzk*^EG%^sPTT!y85Uq)X^f2Rn}7~
zWXee)XD5=cR6Z2#MD2WM*_S2cFOH@1;7~jxtNQSMF`PS?(-X_{s62T~$cK;L$KeXGL_x)F43ys*_}*+?qe2W9D^&)P+wz4uG}YOA^w)I;cR91oPf
z7z$_8eNQzhcrT~S$xydB6uyb>yTj<+E$m(1Z|msYnq=8;T?NK|n@IeWC!<{*U$>(~5%+xWs8E8aD{-G*
z2fXt?0ORvsdOjbXZ!eJZdoT|>}rwyUFh
zGm7fdGJQV-KHCa#Pg;gg+mog!|A1#bbB#1Sd!U>ka;E(Xl&e-B=Ss(xD(Pa=WDc^_VZc!)#mks^dzhEkH&u8N@KTk
zu#qMO!zcHLN;t*D&tS!KY$))QOn8j#OWQ{+8YJ376?*{|&Qy!gR)F?t
zavI`g1Aotj?BB^BEYDwg;QMmm`@Had`7nM}kWWF-&tPM3Efx2l$hEXY5ug7iP^N5n
zHOA2ssDOGZmF4v)C$TN=rnYEL#5pv1s|)BQ0lg&9N7DZ96z9g=j#EJ6jmA3gU$);&
z_J1Pw-~2G}0sSx^Z2aXg=QeBxKG4?RTxvR3BkZ5V^PgXoXKAE;foK0v1|qKk;&p5y
z<{d`4|F=G8QVIcoQ@)QF+#X?(Z<0(VafAFr`
zk?WJZouIZmCj72c;1zBB-kV7NC-fI5I?w*Ugn{-y%W)nD{KYf=zNPtiCSGf|W8y4i
zZBr6Pmnp8^jV&F1xYrJp~c|6(oTi%P*1wBNNny(1~c
zw=Y)D(~IrrpuD4VNH0DgD{aRMJ*Ol3KenIt10F{A`id2$WV2>t3?e=XV|5!to9_5hwF&x!;Ah=niP@u$I~(+a+U`(Mna1;*&C^f#MV{mz1+(pnY6_o78|gqeb5F
zv7TvZCjDOadsaT%GtHb&uW21CUx#*=Mki66t3Mtn-w+BvM!AnWqA)IfJfOYz1-;iArN1|ray8?7%jvzQ
zsPoGkOZgYo|M^+0e>c@%5~a($5|(Samvo9Z3fEsie^tqQpl!;MX>PnvY`Pr(N62q>
ziSJu-&To5x=yy3H>0^u+W$F)9$3Dl!pTDhj417K&R-6;f74g>Uw5;HbEdGanbw*lY
zusZGXAl`#LO02=<)=R%r=Cxi<{CgdGUh8DBA6~Z43&eYpL*~TBx*mXfaPN8=+V=BQ
zc^}R=RgD8UhwpD+ugY^`TU8bJ9A!l8Zzz^|eH4#azs0>$=_0mu$7Y$kCbAskQKu>2
z9`b@Y%I%6;m_I$V**kqwL$u+(0KMD`<@r#)*WoL4f*qDK9sTDMA`bHl>f5|QxJEn0
zhxJycO%1--&lyZFU;nim$DfElQXJuS_!go6sg3v9b^R~$mAl^({@b&+lm5qY@ZWH+
z!b4RnJXa>)mW_7-O;hAuK)6Q>@v9sXKY{R30$<=+>Bz{&wWTWnAAoj1+{1*+1{}f-
z1cPqto^0w5q;0E^w7o<-mS|sFa_Rsg>CtUOnUa9{DHM$GRJO>h^$SDjrTa*iR~
z0q|&c7W%yB-)-BoyaUWX?B738+`m)N=TMaB-vgq5M^gXpgYqrPj$uL!6Hz=037gs<
z=kTR6Uz8XR&zZ{)sOo$yKd7pz@Z$+iEm4=j?^@II?Zw9V*H%2QfyYZ)i*a65=S3^N
zyj{-f;FQ6>pu_P%p-Wkq7Y8_-J44;+SQwm=;0q3NEGh(D+zdW&({HJsJwT89`z^(|
zhioIz%glS*xiRP)oEeOA)C0Xmc`<-HV;(rU?__FWzA_YD1ymGm7bXNgq!f^bRVk5{&Q%c*X;B(hT0}}fY6C<-
zrIhXzkX*W9k?y6WVd;itY1sPt&)GBQxijb7*>~r@J9p;3&wUWiMgA&nsB0b)g47A+
zGe|QR10{so?8quP1Z-$cHq}UfWqJ#2Pv$yw5b5LoKK139%Z0MeS4F34w9A+4Dz+B&
zNn+w3SpA8pA!4GEd>3^i=26d`_5y#SqKmN0sN`n+Rd`YR`I61ge~nAr*fkhzMGc%;?IvGzC2+?9T#|a`oB{kFz6Lxh#~$s*!>=&PLq=zd%U|*qMSgmE{OX4
zqbue{E31SXow1#lY$`M!bUf$#e1+3_iJ1@-7-U}1)98NT>>%|=glgb%0tI`c;gjBOvq;Qg4D-daMnd5tk!&L{o-S&R
zV>{J0#mRdg^0xa@rMc!3&5jS$xP!cSNWU)wRdt%jpW>ZrAY{E{YRf7nK96vs{}eE^
zbH}|Rb_`{#4Tu7CU>+oQG0I2}wRqlIJK|Cpc()GXKIxxiuZ^z`J4K!~$niOc3R?WS
zG@;JYyQJ-Kf6!vIyrW7vs>Dfx$k>!zm7)ew`N@T3QC;4f0Q-_ansvt!Njqx4rDB%?
zxsa{oVD^x`@6qH(As-n*de;kx8_LdMy~=gQf^rRrYQd*yELIKzjet2MF_Ve>^&6P
zeV;VYF2n3Rgxc#R8*VLA(9)BEg@I^#36y&Z!%>tnO0=Cguy&8+1Z$u|LUoD%PNKhY
zOutM<*-Vnzeqa&=cklp>9Z^C-;G20X*+9NLR)D)L&uTI@Hyf!65qpKTFHDXAE@+&)
z0}f{=4&tPne0iJ~w52U0!{Qcw{%J`o>J2uR--4XZxH+a!lt$7jL$3m`uXaFtIE`MPR5jL{h8@r`0Ldi
zmO)Q_9k}?nPn*wk%4`}qRT9_EmDjw$dOfS&)R5fF3ccflCd<|eze
zwY`SllVSxfiQ!6=ufi1lAQ
zkdPgduKE8^L#HmoMLG=I^SoK=+uAM7YP-P+$uykrSpU|Nz}^M4F>VY02Dz}~U6xy^
zbzsDVtE7@XSho_~5TVS>ztT(sop_!_{~$0oe#fW_q~2DWwPW-QDYTP7N{C^(K23dN
zrph{SH*;Wlt8`ZoqB^y%@APwtNB??4BY^#amzcVpUEUJ1GeBWrOwmx=?89|!_pjiJ
zJ1>d|AHE@Kq}LC&pkm<^c?6mj)kB8c0+Jo>dlG2H<>iBlq1@&w*{!-_I}qA
zc5=b;5Rmy^)+Y{tD~JQ%EE3xrs>1`PQZZPGzcka~$>U)w+$Ic16<}(32GE|n8;>-N
zs?IJQ+n@6|8GxlS`t9PeSJqe70{v$$PCG~P1+dqB$iH}ziRH%7KyNb~Q~SoJKolQ5
zR_A!YA=c!Fmh~A$)N!%!`*;)XXL&6j7&tcGT8ut|n}=u+U!?6l*d1)qa|tX8KVR+j
zeFCXeRclS`k7)j;(M#|_IfWY<+A!h
z8>yday*o);=)4>W%3czX#g}oU6Fvr=m|B-6I+}$qh`$Ev{c;j!=nIT{99(|eTX@;`
zNqr1STjsnbNzB&y-F6c%?0?I`jgVUsN$!u^lgy3~UoUTFSFQ3@{Ky_|<58U8J0(6T
zGlN&sA7ac0`K-AJn}G@EbaL!5oHDhh5#NY((IBuOm!e|J{Bzohr+
zouo3cX3?^(Ln?kdVK(Z7KWxc@4o65`QVa0^>K?iUsM8$r6@(PpPH!neV?x&7RNeU7
z7N2{hx=V&rIe!Uz@*@G|9FvY_FoMX)@)GCFx7C8OG|@T0Yxxxv6>ga2v_@vyN46Dc
zAT}L~!e!{98M@$tV8If=#{T2jY9a}auUQP1bsu-P9pq9>gl0QMB%U6d!tSGFV-e!*
zfqDB)xYo#ZciH9YeMkSsjx}wWW4ZVqJ5|WmqO6^=zw($c1@2v-J=m{+1rc`q-l*|C
zL$N!JOU(PrLu{Wu^!5>IJYcJ3olJj&pD_ma0H0%zNFW6du*?DxyjM%=$N10JJe(`N
zMy=MnS)brtz|J-RMvjRfC!0rv$8t9?9-(K4P$tVl4jbs?0Vz*h9HepFaUX#i{)N^h
z#kt6~5^K&psg^;NmrJzQ<$Oj&XV1{MNZ4eIY?VHm0_RoNNANOIs6#QaoJH|9Iq6(W
zMJ!=Cj$$MTCDfphJqDJu*5N6p%=?^p*Sbs(83UqoW1
z8^WHp|BVIt&0U2=S6MDx_3NNC!94rp9b_;0k(rzOO?cJIk*W?K=msHH&IQ^Fb
zyhqCf0VyvzE>#9@_5;^2(m}wLn+=0k;N4}0hSvX%pl;%1IG%b|(xt%z^&r&B`NMW4
ze`UINneII_M|)rux@F+WnRF0ng&@-|evGENj9EZX$`9dPg5*4jbHJ7rg+mZIPWl2)
z3jKnehT19D47*2$*Ih?pMpgcAb>CQSC!A|Jx;K`01d5HJ?Eh9R)DCPDg<=E!!Emn8
zyuGn<#@!>u-&{svLO&rS+YC14dRSlKdoG`UM=7=)dHskwQ2NLXz`qwefGK^9j5)sS
z_?TU>U@TLfv`%_6!<%Av2
zxpuv%*tJ5=cSqvUU^>LIJGWtOrkyS8S`FVdk#_gJm=zXgkXFCQ4@1=$;9
z-+A+~R!Og(x0R2hf*ZrF@qT>GuJ}3sJ?8Z1WM4IH{Z4hfSG*lpcuRbAdo#12J$vFh
zs^iiL#-@7}WxVp!fy)3tEM6a~_+~*aW}ULU&Rd<_0yV3kXVc+nqFHAZ|L(|7b&`aG*ut?7_z>ylYm;QP<^$8?D@E{3Nn
zkvo#cSq#$*qi1w1!zRtVoTC4%V@$_^xDSjf*YxI_Te#6!lq6ig$y&n2a9BGMs(R!_
zo7S!`l}?W1>vTJclPodBNTYJkx1&Y2@sRVpQe}+)cY_hUvU8jFbH9
zmXr=Y=;BRd={UAlV75qi*X6C=N_jn-(-%q8T>6!L*-6X{Mfc5sN6Jj5SH{bgwDlxg
zPZnsw{GD_+eO^BI
z(EZg=1H4Svl!=e7wHMDu`qGvRx*aq4hCj)_nt53Lp$(vJACr1gq-#)6^w&kKi%6W@
za351%=$x}-9T4J9&L;8>-3b2
z4wMGc$ODT=uT)#<9fFkVa)wIh|DA=iBj)P^b&n=0eM_cW7<$>(>P?ei-}>!(jn&aI
z@$*%)F0uM2S>AZzF>B6QyhFRVR14W9f0$Z3QquA^PCAM8D2|pYIP2XE88p%caFj>O
zN?7F(WCclE+)8GLx(p55Az9|2hu~2eZ9O^Crh%^E
z+luirNvCML6q_4m=70zJ5p&pD`?RE`$)EkJ6n#nS>_xq`m)FwP^&qy5-m2rb?Txf1
zECSb{>sl!tCrE|{(a5z5!Ci>zy$rRJJ>2^X3n2P&D85v9uvpZ3fHWTkbZwiE6iT%)
z$|vkGm7xCUM7l}?nf3zKjD!xTOqL1muanzIv+Nt*4D!adK81>Nu-CRXed&qa_us`I
z{PCBDl2D0ebv=_III#9#NM#9JQSov*#vux^yb#q`6%drj$Swowf&KWHEC?qydqFzE
z-%(yi<)OzA*Y%CiQ;5ib_|IwHS(=RtnPIInY8Bv>rYX~}QhJO36Zz2=b2Ur*
z8RGDC$KCwLcu1u=!=o^^;h1urRKOUt&ZPmYUvkysSH@~5oiUiA3OQqiYwZa#4B)Qb
z!gsofs5L+K=p_CfBlb%`_cok_=Pwp;WUxdGqLQ>EOCLGAdvj5EkJvXs$D}Z%$Fuu3
zfVL1(~BfspPtR=$rxdAatQs1xp359$s&9Rq~nYxyRn68Yk+OeoY3Fxa?+z40}!^P}{cf@n`
zoKOeUpdQFjV`EWNPeBd9M)qWE9A{7?P=S63-|y4Dki|v0NmzfpJVt9m7Gvutdh}nI
za8US@7Dm52oeu3gv~ZG}!*?Vu1e3_TV4tXO099}!aF%S7U=KJlSpd@9xVhQ}QjPgS
znXJhaun)GH|3N!Wn>Vl#J~o;J?TzayQGb}t_}Q@5rN?W3rn4I_H*@;X{Wk%LN8FrW
z1jlL(@PZxBo?$3!Rm-(k3wwJmk@()5LkrY5&JX?%9HpSLLwqnNU;8zkT9{O`L6k|}
z?R&7u2%5!`qHJ_nU-pu)G;Z)Y6%OZBa(sCyH>CJN^3#YidkjO3%B3o9@Xh
z+9$=Xzr9V+I3Z9CU35|gYaZQzweTxx;Jx0-fOU-B2b|ZjDQmVe(OMeNpxE4@hcOF{
zM~B+ZpKyHsCFuV
zoadOcmcA$8isnp>Jfm4!RWTp*UkStP;zxJ+!ka<-mJ=iEX#>pEPqXX1p4
zN!6#(+OI4AT)-bT_)!;K9@4M6&vJ&(D)8kkw-`dA_mQ5b-DM7&U80-<9fc!@#4(>!
zu9xL&R<%UU>9MfAXI7e9DeQ}G&6PcQYuGqT)Ho)0l`8$S!EyP-Rtf!k|6Y~WbysJ9
z_~gY6_tELSKOlI?fHuB7?0ANnySnBwXbzp?NAy@t$H4Y8
zhA|b%Gr{G={<){M{-l!1PqLirscYd>+tvMy(K(i8gy~kxCi=|&ZSn6wWXQz
zrN0AxHPs;WI-O@e>a)MI?#21l>fpL`mJ%??qBnu_(aFDW?xFkSAKQ*T
z`R}`MBU;b6Q((7bKXIw(Plh_h;&o|@efQZRy~qQz#~wsUyIDfLFXORHyAg}ut9vE^
z+FLp$_^yi9d|PK9?C$Xl+*@S({s1Z$rDQdP%}MtSK)@cSc=@|JTltr2*FV#b+l5sO
z7Ctc$?|xexP^`=XeZB`XI_BA1!ZL8C1`Nt+T2{ubo;mbg4p5OzIz4h4iW?!s2wZP2
z|1f{h^Ogar$o41Jvq9ZA+SJnGiIcf^zT^VU)zoX?U^utJ!8-8cE{vEBFG6G0nUuF1
zp8R93-}^50IPBCzId8Tw6GizdQ#gihN`Y62GeKEmT7IMFrnI>>-uRYh6zTD&65V#<
zbx8cU4^lnkyVChrVX>IZh+kNd)TG;;_DHDO^{_nX$A
zi>E=Wd4qm6T4z6GHY#oO2=kC))e|rVan66LKjx{eXzc3$@lU}?1Oz|-V3rtn$hunh
zAzWimYNJwHI_e7qvSz4-2cq!vgLb@Uc&k7x0^#ajg*P}ToZEVueNrUScRqs8X7;TRQ#>!1Gx5a@lWhY1S>*$=_RLO(1&ICo*hEr2}HGEFVTZhbjQmMPi&znqTlxU-b^A-#Y2|g`UKU
z7b9H^AQKMd{mom&rXtHydKVMm`I9~VXLhY-$y0*RgdZsn?Zt9;Rvu_g3$-oqx2_rv
z(+qB@LA1A0pAD=Dqjei)GZBFtJ?s2G;oRcCyy%snIhcOuUg^c?ohI%KObzi|_>b@U
z<1<8#WIdt@JD4;L!YP&J;nm)7Nx+KDH765$UA?QnPYJC>2AEhM^`jH}iT=(dW&RB?pX>2i|DF%R
z`ft2nAI`iiI3V_lR7M+{|A(+9vkO9SByoC07k;
z>TEiUlRCRZSoJ^9-(Q
z>nDr#p|c8w=F*9Rp{}Zb|zl0Ffru{O#OIJgWk=s
zPKA35waN?mG^m*Kq~+VC#OGwb+@yKpesBNXS<|UcwS$@D60EGUyP(R*XZCqKchdR8
zk0-Q&!^}#_b~^uYn$oQOhn0CY52yANL>Vbf8J>9Sv_-o9?v2qD{l$4tNLwcXtyrIV
zDk&0aUSIMr^R&!Kc7yyn#TpB}V*)L>lZi|L(uG83sGeJ>0OuG@P)`!GMW%Yk^)?v}
zTm^~0Po&>=iN6%LDkKi+%<>Jp{w-WK^*_pWV5;5;vy
z)#Z3xAS@)ze?fGi_8@s}>szb`!*!C-fQSBlbMdLKO5J;BD!D=*8ZxVTbf1(_{;G0r
z^i#D=I83e9*NOk!4mOw#K0-)u7Gx8tC_h#OjI4Kzu%-RsN?^|)EX{qgeeuuP*L;n(
zB#+{F|0}e=p~nnB0d`kI_~=D2#>>!+Ek2w-H61%DoofGfRy<^H<@j(Q@_CB<<|k=)
z=_=Jq3ru9jPu>lu?2~xp=N-zJgq=A+-w=m;{dTQm@FU~T3VU|WMkn0FX$w>F|Hj6$
z=jZx?sK^r_UoUIC;`;a38DgFyt6|ZDTfuGhKYCr#Dhp=w4m`Up28^de3U$~4jWR!%
zhwY54MF(mpc@Hv7+JK?^fmdmPU3-S;_1h5x)($hqC@1GQA!lzd5Ys$dy!3nOM8eeg*3cMKKM0M^3mpL?~C6aU(-2N
zgSKX0FVfEy9BCYoKIwh=raMyLs*Q(R;P~UJRK&5u{-c<(DOpTa*}C>Sv{(C{gk(>F
z;(N##iPDrX4}ZlS_sr_@yQ>^Z5$mKW<=(g~i}xQ>t6fL0f9hVfLXvsund@|2nfiyS
z84SwZi^6pcV|zUY0t>M=P3tQ^%u&I|rj^!v8U1$wKjYlYS*J*y(tJfnK*Z}E3f8pp28{b
zuLFB(#b!kRo%^*7<&iQ(fcB48YQ(45tqz)oxo5{`5L{lbV$n^fTF=Ia5R%+
zH^XPkLsv@n=qM}ooF+Ez3!ghNU$83M3nI`H$n=7&xa$+{Ipp*iW%on<8m8gkbX8cj
znAatpLp74si>t1#$CVGq`PSW19>zB8F2o|bahG%VnrX8UHL7TDl9v46ymE5^h1c=D
zN!F%G>|3?{ETL4D)7G$|q|>hk_$Lb1+C_b|`dzJbs|6JgTDq6qqq5iF<$YDRy*%_o
z*uRk)E#|lczfRXu>PeAwd7xlA{c0Nb(Rqawi9A(ueWQfgIFpJLrug({Wio+b%to
z2WFR6j*&ER)}y~Zb*#L+x_qy@WOY<>JoA{_J)h#DFa7s4O?s6~eLy&5W=%GX^Jp_6h#tl%Fww|%!#HS{lNE^R6N
zVTzGM%a>o}(YeyouzQWSAD6z|1eywtp*bEEmav(Djfppf!saKb#iUEbbyUw
zq)Ke#?f6ea4^sDtE0KaNw9>E##~m8^RHw>>XI1z`)00gtZr4`OqRBVxIW_ApyA{qr
z9F}y}s1~twaT0j37bs;LueOZM<&x~w$Nd~?8=H=vel7N^$hg2wUwv?=_4!=SmDYDY%QIWY
z5#Emim+1%ZTs$KX{y60gRlXl}eau
zR?=)u99)YSI4Vrm8i>u8o6C_~=h2GsPU$UqgLDsvWTyzcr;BIh5t--Hzvh3EA9>PY
z-Fc3+@+$jjO5dE$`NGQHy(05wkvI6ZvRrpG@xFt2p!?-TSku`3`{)UAuDkPmh+3E+{<~bN4o`1B~frL-Oly
z->th|2Y$D1fsDi}D88XD$f>Y+fO$9UQP~AdUFuXkXE-hB8982xBjDOH$O&6u&PF8v0wJ<+(6?1NJY9=uY#Z5{MYbpHdzeEs5-
zB@i2R=y!Y<@O&l
z3B$bu)+VF<<~p*&MzYF|Z_x@;D)+q{E2=m*|6+^BE#F4^1P^spOVTXMS&!9~RVcV9
zqzQ~PM02!p9d}y33X~OG?Omj3*REm6D`oijS2$NLq|BLB!B}hv#O>evNu3$ChLgZ$
zgsGU>tOL6oz{{Z5$P2*_v#;QD4H*|zjw=)Aoie2jqv3b{IArcUZ+)FKXlKF~krOip
zG{R|ET-cHmvvt;ojV($A9ATth-znXVHG}I={?g~>%EQF6vf~n7dY*nSin(cpFOqx6
zF_6-@yQhM5S(1LgvN+{jQ9DGpD?eE8(wcpxMGnbop!)gN4O5jESw`ztDMO_n<;GEw
zsHrf1#1rWx+&A*-l>3o&^htM|#x&Lwd@fp&q_2ZQx5-{hvoM|t?OTC{c-BIm=A9yY
zKBQ*@%oRZ)k~Lqk(m+iWQoP*55twME;NGjAQt@w6pnqG|K>
z6m!1SKd{e5qgI#1w&CRdRIWY|b-CP9Q>t>vf3l&jpBi#pBPm*1Mee*|_HCz{u2{Y6
zboGSoW+f>3JjpcQwJt`^GOkRbw{FIb)oTpMPwQnk!ql@Mq>@A8O%4W>YvsAasKI-k
zji;Dck{<14->O*Ap;H<Fx2PR+`aJ!`mRzSi1J2Ve>w?$r*I
zXWKQyyEx`A-0!TB(RPqRQA??N>jwGXTwi$q3SVe^GhO>lY|uOMO^2z`3QwjdS2ap(
z1Uy~qh{3@$lW2`!XQ1+AzdqT8rtOM3!fz9$2l|FfsEL_Mhhk*x&N5>Xpm)Q~?S<3r
zbsRpC-9+fn@Z}d=q#689T}~I9GIk&y_N|hsA^bA8qdw&X>7c~)Vqu3O^6%AVcu9Jo
zo8*PZ$jek)Fv%tzA(O#x`|id_Z%K08rNxL=SKfpK;R9E)#pLs~zS8Ek^sWm}J;xEX
z^-BE+Ui$o_zGN2~o`+bXS^TrDVst+KYCXkkOI^e{Fmt^+Lmen(Z=y6jwq5=DbD1=z
z_s4ZHqz}!Wgc2uEdmx!DK
zX-u_0k}liu4+2e{TS*iN0qq@w_)G4QMHSyZ^lny<7f_Xovsv{=)#%R<;|El&VlIg-
zH{3am(>o_L|q~gL3$=G{ZY<0p+cAvMVpW6J&FZ9
z&Cj*Fi|NR*Tc|aa-$pi-0qS0>N((x?$0a{5W!$q)|FVXZW0l81TBlNebwh*bBY@AzS
z9#j&QPDK3~jBpxxv1xr*#5P)-qtqpLlkgm5J#;wb$^^dH*^Yf+*!Hg|Z_$M{`O`>@
z|H6kgN4L!+5p*$J1o<$tY$%{ER3U7%C%p3h<@Md#v&p!sGO-PHD4QRG)GyfdbW7IB
zO46lRZhwMk$&W&VUk{`Q?ANP5L{VZJHjN`DNH23ZF<1@ZO!7ibd^0VU6{AkEC>bX!
zLN)C!^B-zP!Jq!oRnMzF6B&kGx>)yp&2{8(;3ttxIi@++(cccEUz<)YPZ#1fke`23
zE!9^aSnmEg6XJfG-&k}T|7N7OXpU2Hq&FpqP9A`~>sYJoxq#PI_F|p09Syw(_nF7$
z3JoKi6E5MmAxj%7-IjlaKAsrFj8ad%c)K~qE9-k_tseibd2{t2Y%Ha?Gb1RetAz8r
z32`ii2d0_2aTNgga#$fi=wT*&{`C_ksH$dmp~FH5(jkQu{&%3~$+MHDd1T!+WnmW{
znBs+c-crSe?PWp~Oeny0pSla#u%hF)rZ~6oQPFOn%4#w7TRHAr>$H|}g%!|Cx@mh-
zm+y5QD2tCP?-1s%6v3{{o~CaNE&vm2GO=$xbYFek(O*H4aZCuFzruC;8$Lf-JzDzM
zlA?)5FQrAxoouI_1y*AmWmTGe++~;64gI+?t%_Clv;G5$DjZG324}H|(h>n-n6-=Z
zVnTLx$6tsCoyCGZQzP7EAQ+R{ehEh0-e8CNcKPBg{-rjUEnVbf#*R~0h_{UK9QV(g
z!ByK-_^{j?0Sr+S%WG>{SMl0mFbBe3X8#5%8$UsEyqI~6+&}zK;m4#n^GN5C3CAwDZ(UFG6N-mJmjT%bB!esu+jCstC~Jq@#BqHHb@
z3AZv5*iVH~m1afKRhwUKcKjjkUIkIJ5u@+*yilga>K&{nn_PwV&cz2#2X!7+G^5mZ
zAS#FjFvaBczcza0j^%?*@<{*o*S@1wkGddU^1fzPikpe@uI2Z4OVkaVgt6G|(;;xb
zjpo~ZCLt8_upo}dX#7~Pcc2@rE|j&k=li3j_p@gkeIg`!gi7==FsHZFeFqRUJbn8#
zSI;xe&o}hs6N^gyXh5x7IcOlW>E;z*3bp>=yZz8mq>q4wm_3q?PdMDSACDK-qC92C
z5UuQvU!N17aO2;q1QpJ>vuwhB$+#btJeOGdrD>Fsrrm0CzUc0jghMsDl%kKb(E~;0
zNk!#}Ry)T6e5>h|sn3_~RCg4-bTDt5>ooLdTP2JgVc#2Pv`_#18RB;7&_{gD@;2TymB=516W{bwjJggqH3L&N-}We`_jpY2RWS6`
z$l>O*ej@rXvRJ$G58lNYKdslfCHzUaNkWj9Gw;WvI%5%7Yx#>|SeaGStnVE_3uyjWXEJ94h62vmcm8H@b{kw}-}CA;>e$
z-Vq$8%Dy+XMyEWyP(Npyih&^~aczd58)-Idj{emhDmfER_jpteKa(O)2IclBZ0U^3
z&nJIxA`CMdOVO{*I+dcE3!j(HVZA=C%ylKjjtYZvm=HV-SLh?sPOtAtWFFn*YL93}8Bp-0jrR0@
zmQ;jemJZJj$p1Oc%pnpJac&ZE1~BM3)Vc=UCIK9D5I^~{t|m^f6s_zZ-cmY-j8?iSaoBUl
ze8FkSR_(>yU!+L}2CJ6s1UU@FcS>IVH&mj3^FG>?ax-Ga+q&=aetjZ;ko()K4ozXK
zn$54rr&cnzMLz$#ziDiXs~F`!w{w0s@q&KWrla1~KsJx-jpdg4$l;GQg}rKL5#S5|
z)CYd(=NVjsTYao%#FtID$BtA_dlISHOJuc6Esp-%mFEO`LO6;rY^N69s@y$JOcp!<
zmaQ;`@0N_EXxU=-%kcO55Yqz#mLB93ggB}%L-<^jDk}b5Xt6HZd;Yt9PYrDf2L9Y}
zD7$5x4%oHuSa#;clVy(BX5kgpL(U1l)o?m9D7d*lCgxlcx|ie5+FlR(neNi`5(Jez
z$`7~iHC%Nf8vk^;ujC<;joe^w=bg;^{C8%&J*>YDq^)~xEOewcU1)Tuj~R4bM70DT
z1L{}J^h9J-mBVl$SaKh`wa)hCyNV1?{zGD&Ef=1x*^U`2h>0a;E{cD_2?T^G*%LVl
zuF55AK@fM>
zaMefI^lwc?O9oy$uHwtM9RtnV0KYH%spcjegaQ@cM-u643J1scoij4;d1tGrByN?
ze5)|5x})>-iU&4?1dOAo(vpasgg7RTIfOmJE5R^*FxdrbQ?5R~nOa;!)f3^PD{Wj_
zP#HU$3Abyx|9RQZOtUKAOKO0xYsi$vvG}XuO-YG8YgAR`g@g1{cGvsDKQ(jR+Myx(
z3H#-b%Gv#;Xp#ofuj3gz^6}p-aUJNNpp+Tb*Mi{?yA6HHi|Bk0cfIWsnTb(iy)*5_
zX4pn+LRyulc-9hw+pFGI@O1&$NcPZdd$v?}w&7yu_SJqz&q70?!!pmcWSd?~9HCQ&
zz%J18;Wr^G2h!VXO0ko0&+OWTX(t8#g-4QZ1Eq1o9@OYFIK@S1citwta9U*TzuORM
zz8|9yb`>+<6wy$c2dA5U>XaT{QC)_`n_nr$!8_9ov%_Y^5x
zjtY(wJ7vOns5b9z(}sqNJq17mMQahdn_O%7w%(^pV|afLqEB!r8-V+cg|{X4Xc8&en|EyTG3@&vMzJ4Aef5m*tu4IVf#mvqh~b`AQ{1|mVBukwz&Up*ya
zD>&wX6|H4hsXRQxU~&o5b@m!**LbQ3zWs>ZzQ<`CPvr)`={g@SXL9z$_s+Eb7l=e8
zBSro?HyvuOqVcSEI_~(0)9L$F$B%u_2Da
zv&F{Q!;!?7@PD@B^K9pqN?qBj8ufTZhQ4uSNTqfs982HZ$eo
z3paG@qvdsQAX7Jc7Y^pJdNyq&1ZT0kZNv@(oOID~+KWg1?V%bY-Z=)Qv6e4YioJ2_
zx@r~3V!BQUxFe|BCUE-JFX43sp1z$82hk(m>9g*oJ@yT?AGx;-pRXqX<{1CLu7i_I
zm->~Rp5l|Kx>9v*E_%K)tZ_)n;=;w)mukG1$LbD~$YNn*XT6Iwf7^r}Z7E*6{R&$+
zOG@5nG9v;kF06~^t9dT$ZF#jMW1v}%n%yDC+>~f#{S!yo;j|o|o%7n2^;%#NOaW488dyQ@{dCgT^2a^<9=kN
zU?aup^O)KP9Ks)2l&eXQ;JJVu;AHvTR(DLNR{@
zHY3pG7U`E!)fxyk@B%7FU&3Vg-dL8|tIK-heHyts6P;+7DKWqg
z?#{TE`P%@vdcBSc3%JH3L*rxXkBI
z35AEQ*Ih5qmBGjR-7VR_pvOrFFT`)`eyiPyFUiN$PnLosdI&N+el~yqQ?Kj^;e0<}
zMH@I+4*cPw!72grW_#}(bR1Ke_`?2`{5O9djBFuKwfL=}Df0RVJmBhnpB1-rw`Uk(
zBAI{4LCno+A=8|=qdPW&xeYNzuA{bnA9X<)J;#!H>a$MP@QR)+KPyMpLUy$sRZ7;H
z)&RfCe)@`Mx}UtaOgVEwSWbUviMYlz?pE(-F-VRQe`uK;AT-O3%4?7G#Yli$?F^k7
z$s=6kkkLcCQiUeQZR2b)t4^8J75ORBnWV==&-vEBvkgw|H|d1F$zYY-)7cbokSw6~
zsRDF3%B9{J@;+n6o!q<6{*D)QSE`9SqhE#rhabtb{>9kbBnbC3@t{F)-ukcaz+bUx
ziwz}E4Ucc{oZcQ$U`m+xpir_`{xfiUV<0z}wrQ8?Jq*X*w@>p>@7U1Ce*lhk$w2|<
z9}eo)yvm%tN#cC6gMvZ&II6_n{)0_+3MaK#^vf**tN`V)i7vjA+=#^4DF#NrEc+BfH
zoqSK0R?g{()ZQ7*BFUS4Z$5EtpV$}(IQmm81;Z`alTqJd^B6U~d#Lk8_xYEQ+@9P0
zt^Mx=?%X$@^k%jBVrm!Rx=<_I>~lY-231qr?2M>Ma}^rt>IYcV*s&8nnmoRQ|C#Br
zov*2td0!EfJx19j7K_FzY_&@H3Q%h;E^b|^05ij#1a3rfFETG$wr*&Jxby(T%E<@4
zG3jNqPYXu}jL0|TjLRvlNO%2~S=ikb*6W%hZ981*ng9Cjnnm%vedoj~*ZZG4ZmRij
zoY!6rZ((fxe#-y{l~1CP&%!@~N+R{q={o`W9YFw+war9iQ7!aY`M){gk)7v6i;lnL
znXuRBDJcE%$bPa0I=qX+9Eee662{%4=^#e^qP@G_$wS$ukIU-Ep|KSA#Xsi?#3<&ND^*IG&g_rZ$yR_D-Bh#Q6E8*%rQN3qRZZ>_DI6
z%nm3#l{vJf;=CB7qE(PJ@m~LZ*})9!=-}^GXP+cHWfxGfKM2Rkh`BshnM%KE`>sRv
zpf};DabWgmb_h$W6`g}FT^v>1SbbQ+KURjlFJTEwOYJB=^Qzyw9k7EPr5)mB@*_e
zI+2t1ISi*ybRyUa7PAb!T9V)ISqPnWw%)gY*h}?S{EK{r^@#oi?}^@|mePBseowTR
zA*9UMD-L@_+u5#<@Gqx+Mv&TvJPWr|+*~`sa9s~W3Pw<1f$1zQ6hi|u>PK=f*Oy;D
z?s_$gX$+FhO0T|0&UuwI!NBpQ5p5st}%w8`Gh@2b=Z%&48R^k`Cf$&d1`j~
zrtfm{4UjAADMQ7fv^m4c-a)I-DM!P@gN?q%XA&(5H|r4K%bD-f+NlO1mh7Jw=WTL9z6(uV(vivwhpoK5v^-x~&|-eNS7VwHM1`wG21x
zn$`uRQzHPNqNaTHJ}?)PIn<OFTznRd_MYGgZqw9~Rn*7|-0?z~GX0|tXJ7*hs;sfZD{0%?VUMfV
zRq6#8^)8Y};{6Pkg9gymI-4)A9`3oaKsl80Eu+kLWvlCU1w3TaGhLn&_!Q}JdC=&6
z%k(PX3z~=g9rDIWhHjBtEp49l9Ox7!&%$p6p7XUJTurDm>>`8us$X%CjmnO;cbHd6
zbYZAwWfRRtWsIU`AEzf`)|_~=w$ha{{{VeJg1_~^>mur_Dg<4IsuvJ456m!pTj;*^
zi-OSm=TXzcL+dMuA`c5_OpxxYfVjJ(htXm2!WQygtO0{XDHaU*}s%+%GUgN%+
z?oc+-8z$B*gS{)^Gm|B4CkfnpPU4=AanFB;q6?Ws7rcBP?_^q3bcce!kMZ1EH`}xN
z5Wnb^F`}m`Gl^g6Vtwi0I{0oPKUhI%HF7%=9H5^i`Dk!}^#g|(_6OJ5{pm_0fD_h+
zHSgdxN9dg!&eSbKKDis-4=i&!8Y-r{t~HyG>-t}VT}Rnw_5i&%iEz`JCwRCCQU{>U
z!6keSR;^Ps+B**X_cH$PW%{18?!tO}V+{R$Z{5D!hV$d`KYO>bMq9JHR@=Bcpl#m`
zy?!I{?Y-g~9VElje6N)CwlJ5XG)v#Tqa#i9eSkc#AE)2E8O4$C#3M5QBy=sF6#pyO
zcf-4MSzkpL^CI;m56ZsNrBCf(js|~b}p#L%YAEp0z&%!S+;nyXi@03ML`efd@jk^dQ
z5u$NKSJp%W;8!(8NAkrorXjB;(UAH8bntVGSwvr7*G87N2c9GPR-xW630QthLzT6}
zI|sCloi3IeYTAf@{d?wr0;pq=SfkaZ@BG@s2Q>>G8zL>l+lRA0Z}_DiN#$y6Z3%WQ
zT+8^s7I)rjZrbaJ)@t}PzwEZcO!0$|y#B?vhDTS74mRT7J1=69ltNf|)Y~W~q4NU87)j3&SiNbjvsurC(ca(=)2`zbCc
zu1Wn3`w#4N@(kW0bB+%hn#!5EKr1wzj+*#+3*WBhwC(nNxqvzJf5^f4kIb)Zk-v{`
zPbb*+^l&}jf43t~Q{U6pelF+zEV>K6(dy
zfRDdx!d;EO{q#55H(%%WHvoT$hD>)Is#rvHyXMhg*O%A^{mg2ax6+-dJ*W>2JsFQ*
zFLxPcy5p&ebXPs>-N>zQRYe2x$gM-l&XW@zmPlc{Yzc)Tg)G7dbA#!>l}%8^5O
zC*G?E4>zU4M81R3aP;xZ`%F8I7SX(#NS4l`{$#8^$u`#9t9kC3^p2C(G+pLhQ_q(0
zvy*?nFSkX5uBRv_bG>S%L{E_G6+HGg+YkOnuR3mt5u6$#?Sl)is#DA#D
zavZ4y9dr_Z3fqG~9SHdHYd`aJ2;*=Q!R={>pt)>}`DrbU&<&7m*eL04L8zJbM2NR{
zS~=+m2PH3U`5zqnyM4Kh)CcW<1in4=J!U%An3x03-@Vix`|}F#<6OIbQRpDki+fw7U5hNat8E~L{lQD`DEae=3Px~vgq$b4!z?tZ*C*c
zw}j?P_*#WITk}=;qwwqZgg?Ng3K2M_=7;#Mx^NlIFC45>Ip-G!3_Fdm^rEm&13sDY
z`%=ws2G4JX!z{=A=ATGLN3{8Dj&^dV
zJaenmnWHlm8Osl%RU6sAs;zckZp}FSp8{g`?s`$WJKOPIWrNtbyHRZ4-6Zpy_jI&~
z^Ls+{AF+Pj^a=Z9E8P_;CTy?*veSKHMW|I^ee0^}Glp1^M*2IPRbe7tq=Dv2a?q(9
z;(e)Y7wTK=zD4n?gSV0FDK=Gj#ftXk>&&HX)OSGUn<(!IpLZ30b<7C=C^jjsH&~GuiPa;ipry*Vd_P9RY^8uEz
zYi~>N+k3?~9=G_G?q`Etd;Xc_-`gM$EsKa}7e@@5yIkCfaYOlrhRwZPM70iS8+=?9E&;`A*2mV>x35P@Ct&Rrh(g@cVp#Hp=+Kw7u
zR?U&h8r62|t?*5p9RqxwL`xwvBmMxi_f57{G|)RWTSMl3Vt)IAYxMF3T5&nSCV
zyve1P<6eD{c{v}wtBb<8%#g*r8t%fcGvA}%ih50{{Nr1dxJR|SnE$zDUv9Th^pZYl
zFV1(+_@P4Fmn7Sy(cS^4G)KkqBF!`q`-qx`iTr>orM>KOf>$HG?-csU^|Z#TCSFw)
zVBIEYH2kMs;%Z~2>&1#iLu(Ir6U?5HW3GwSiqcRBcq{4*`iuoQp9x@vGhE7kZ8bF4
z5VdQ=yo86|T_fon=9eut$hrMN#);B?WV~Jpe=O)faR!=a1$?lJxSi4HCyGiP*%viS=n-)cF{+Btc68@d_%hlPsl+V_=
zPbSmTk?Mn7D1X*i{wtFHeKIkAfXDxU<@E=~7$5CxZS8Bh{c&!;XdLZxZ0&2f{qHRM
z&&^}E@4Y$E-p}oy=k`yGqkWsLy}|AO!&?71+Sl6JmvH+>to4theU7cYm)rllwf>vN
zvHqJ9?en?)*R1uAqkWsLz0U0|``ZKKXkTk9bHs^%s
z6%BMJRdm#duan%hz6vrU$)U2w58Wl@o{2u@eRC!6tN6jCHh-5~l0TQS{JE6n&!usH
z7v#jY>jcZz^Zmav;ZJSp1OqH9=B!ly)bQb&AexRsXGdcYtzNeTIq;QVY<0{l>1%Op
zJi0Rb{_I^r^1_c76R*?|auB^YCxE{;so$GqOz#2V@lSNP4b8Eje7e#D=nrQ-ZCpwB
zL(ldCH>so!u2ewJ$Pn?q@i
zH!H(ao;Hvhpu+JhBau&S?v3G$JXy;b@~HAN%O$z%DZ@Rn(+~eg_r$NtSnz~D8ROT;Y0vk|-sLv>Bx*va%RE!ndosA*lk~UDL%pZ(
z7&6}}Y9Z?~uK6mG-?XCrLi2}C&oOdS_?2m5lm6uyYi?}5&RB}tTv~&1ql~!_Yjrot
zQRxF^zUJGErIvmtZGfJ$@1A`2MPsQZ^OKk~27G1HeW8r>cz)*=K99Gst>9#J@_8Dq
zE?d(6SKHU$K5_(CXZ--CY
zvf=n~c?y2GB^^k{k0P0~3-Iw2nF4F^EV?pfewztCX%0{MH1UwWh2VmiEg9#aA
zpe<@UZ@x{vpTMI{y4}BY^B4KK#G|qOVN>DN$ndiCi`$l77+%u;v-G3GC!OFkBF>$D24eOIvv_%|Mmg(
z>=kgbr0*}cW@v7qKUx==>6#=bGC4O({#4ex9~ffm}6|w
z^uYjpsxB_~KLP(N?X!_gZDTA)e3|Z^iVn=b2RUFk)&>4gSi{GJ(ML4e(|muqU!!&t
z=sRp_utQ9eb}lu){N2H>^SlP9ANjq9%Y%4t?^l9dtJ%NkSfw?;G9BX$kZkjJa-P)x
ztsc}Wl>OI>`O=Qoq8W$rKHjUL_h5VeBHeB4<@>q*`{;dL6vt}@-ymhx6P0N+=QOe4
z3iRQBFxYjHed_BgA=?&5rn!Ds(WC*l>mp5i7Ry>iJ+$||Vh!x~v17FNO1@vJa83-w%6YN{La2H+VSa1JxR}*jsCiOW$qe!rzk4ne!ukJ8|Yh(oFCtl
zF$iAX*OD7m-7kVa?LqQSYjdSfAYiTX$h{@wL}>naC-YWd~JyE{<&aR
z@uyk;P4DE36;fw4-Swx6oM(ewZ{NxIPtP8f^{W%OxDb4iR^|>!8@4`>wo{nCj_qdh@?8hi@p9=6vj`Wx}B$fs=T%@-?s
zBz(V!jzq#4z}0_!l!?O|aEB!TWB0|A`9h
zNoi;~=P@eR=6Nb*jri9p>YIXH|5eWVuL}4&mD2O+bdeKXaWt3xAyi@xwoZ}9MRkX`r^K13EvOYhGYiB2)gfI>tAtMC^HJw)#fZA&XAJD6ezb@AnI){N+hHX0Gd*H{DEtN8
zn9KAE^8rnIp5@jD=>6G5lSW!gKCh+L0L{5FqT1u0GCRAs1iK8TsU?Q=LCZ^C!LA1JSF#8aK?mihh7h|o9bX^sk?p>(}+uEjjpYHE|8Q5eEJ
z>SfM`6O}in8;7?cZ}v5!Vxi2Vny7!Xk74U7RXKbnbN=;W_AB&?ABIb09DAJ^o>CT$!elk>c8g_+%SjzQV3T1x2
zkVx+&-08gPOt=cL=wevhw-|N^wbu9UVE<404Rf1}xn*rIUqLKg2Ii%otVv%Q!CFw;
zESzZgDhP5JmbQu8_+{MR-(zkl?lRlQx{iBo)Yym?eUnXxeD1L
zv^CgO#6D;(pWv8_G~+a$^?aN5g7IquJqs-s2I?>=S<_9psr+@EM5D~KRQ}cqYAJ(e@|PXK1`NIxc$nL48)*)Obw@$l^RYCehk(0x&
zE-JRuT(@6vuFmU0W7ZH&@}RD&uScHq;qzI_^XV%=ZMsc*5B2@@!X_W?O2iV^{>NhK
zqm*d-`CScSV>Cz9#G=wZmkcZW*jr2B=Q+n14&#k9?~NCncP+JjN;6Ia-)co&$aAL7
z-%WGcq2bZ
z-WXJORj!n?p+8Y_v#O1KEBglYTsz#J-e-HSn&0cbR^q6;kmgsNfi=*)>3#to9dI?t
zIGow^+(XYB(&l)2o=Er$+`w|?`fK5*ikPUr%7(Nu4`h-<%(MFCv(iXOTHP+l{dB_TF&1)t`L8eM{7=`Yd^~vsTY}|D5O*%>%GAZ{$_NqOHN~;RwBQzHxYaIH
zaKk(mFZ4O{WyuQ_gr?H^QJbeGJu9a8p@I~CsDSt(Ju0>e=7$R6{19*mbR?wZ#aik2
zsK|?MrOz0B;&1eUzhS$hd)v@|MDt(4`+qffW+8cL=e}T9kbmECHTctlP&f0ZptZuO
zYOM1ai(>zUSRX?T>P(RrbBg|5_t7{8eFvQV^oh0B&?nZE=GqdsXPFaF1M0{gSr=+?
z!2B;-2k4?2&y0cB-Yks67|ZDj8aSIn8sz?0D)#?8*!AQ_j(@%yJ{6@A=hjacg3g!I
z;U(GMEq!d><9o61D%=;_Y0i0}=HIxbt_wMRy0yHhH=`hebLUO-#AJ@+-&XiN*XRa*
z2aQ602X97I47fd81Z4d)=-V!my3=>SM|8qR4LAf{TL=5aZn#R}PnIx_qLw%C8NMSO
ze3q-}xhp9iCQ)n1y}Qhh^MjhjxbuHVasl|Fg|_$YeYSF+XBX_t1q|y6uE0Hq5N`ti
zoQ!|H3vdsX$$Rhs-GhzWlkSUXujKtoV^O)k8!vcIJh%X~XnSO;XzI@qj`&>e;kj&(
z&l7XJi+^9W0DD2_NjtJyOG5rtI-W+hO^KB7cl4aHJ?bqqX
zfrW;T{*G2>cxB!t+?mMnSCiq57SV5rmC2GhM#^;e`+0tEhL_e)?`9mSETQk!{N14M
z37b0WKfD*Nub|?4-m6TbcHg?+vy^b>b-KHCG`p+wseidUwul7Fc@m%yf$?I{vdYSKrbMuvc&-(pE{=I*`
zk~gg1pXJ{V(eEMcb_9G|qJ&(i%FzPtR~1soWb1
zcKwQVo5p;#rv-?Ir}ZZEM<=BIsEu`;IrEjTpi_K9>aAh7Lwt%(u+1m_&P!*RU`%_s
zhGFYt*glg4+n!mV^#Y#)c*X=l6c$l5!-Gp9=T@8SoImD{jXT%r?JCl66XvH
zX@$f~gd?jnmL&0y$nUnFBp**A`8cG_mvX~2$by7-jf5*bqMXipCFo7RMSD=UYcK5;{4}R;{bvKb^gnSf
zp4BvVl=tx@%aZ-ydysgq$Rhd;&%)o);k!Gi^mHd>9X;rDT5jR{uTb$i;ai092Jsv7?ecw>CC`=a
zs+V>w__J<&JRr}5N#~&;0=<{I2iL{V!E_>S!jQXd;-A4>O(wiTnc^%sIR
z9hY{4CwYzw3zcmF>sPTM$5lL-EjGki2zqgF^f@xFb^(
zM<7qvun%$O!@;g}_5t3KkF`&YofKlQZMn+7iCAy?-a+!BJK+ye^*Httw*Kzrw@V-V
zgI^7H9pUq_NcK|@LcY4ALqkuuEf02pM-gIP)T_<$l%y5M<)H}2x@P8co}G@xbQhow
zhO#MKM6f;kwP4rB*xuUradp4IeoprzZEl-HoXo!bAO`C&V|H}Kk>f^BEl}37n
zxeK2qqA->t?xDN&GvGl9&V__?Uw<6^G!j33oco?7=XZIhQ1+y=n0q15UD)Q1Is#U#
z^PVatXZBq&zF24E%!khN(WR^SuyaYW$jbO~jibrnYIk~P#)x+MJq=!B5CAR<0RdBY~2bm!G&l8n3
z2ZCM881J5$3z-1%(uJ(EEsXj(2h6WnR~MppYBn#9I1k<)QT`Qf+J|z9XSFW{yPB;0
zFLM*?gRK@i-ruca`ac)={kDv^@Bn`ZR)(0gyX1*rS0leuLhsDd3Ly&*dbb3-zRj^h
zI{n^st?-M5!kDE^irUvja{hoH`f``sN1su9JbVm%@%@Hh*9xNtZZ`bx`*nYwRw&yG
zF+cXV)H{;=e_q1BE2Md0JBm2Of>18q_u=aTGJkIo(XYL9H%eXrzo*y9dW<)UIZ6Ik
zy|kyBSuQj3RLy}9Z>ay}mHs^Gara_#x3$KZc+$Cn?PaAP;&_wF3w?Ep`)O=Pjn
zt02kdCHTDQxvEBIZ`$)6leu37^|30=@VChDt~iN4d;+@O1{x9WrQ-1hO@vUzTn-T?XnEB`a{6r&yXlIJaT
zem~=R_qd@mc`#C)Q58bG6LcIk89q8Y1@i2WoZ4TKv0itIhY7zn$+%A9kIi#K9%+-C
zw*dN@O&=l-)=;{Wh&LlIX2BuT28T~E99Fv(Ut^bV0gsp2-nPiC;4z*%zGj3xl+ymA
z6E8C~cK*psF+lx#Lz^%0_#0%t$zRe~(T+wLEB872UQFv*CiOp7{sKpe|5%PF4%O59
z(3#@gof{T^y;9l{_KFn|^p{7n%nZ?V4)%XZkH4Gie|M;iXxDt`DTsE>kD^vyq8^93
zAHod3S+urVlACw&I87=SQNNR9$>`I;t}8hXY;X?ng7`&x7jt|>=qE9U49Dx0mOnt}}ECM`5!mzYO)
z@FdikW!*Ju9XTCdW4c%?{h1oSPxmXwj_to(^)*{GodyrCIek9(R}k+XIjH4EvZYU0
zF7fk;czz2%KVbig2QE*}uT;xC!~y1SR$s307dYvVIQbZzi+ku?JZuDp9y*7yE)ju#
z`}i1p$_2*$J&!FeAMTH3jUVRmU!8@R&%~L@{86y$>r6}c(=&%?I;zgJ@*zO{s{O1g
zJ|l5fg^XLjaBiU16#wwrS>yAcYNGqGO~T3>LQJAl)Q}7kB^mge9ee34?InEA5C*N|
zb$Rx^ypFS%AvU!*D=zPJu2`((fA%}@
zUzU*nGx@pnLl*b6JH^-AbHoqZ@qQn_pJRI;`GK8cDUEF$ll~HP{w$j9kn>s-nZ+==
zSk`Nv)Y(Gxrk&sro+-*LU%Z+04%(wHRqw2Z)?O}Sn8AkK4t7mspN_2`Q#QB^
zjtRw@&$3@?BR#`iF^|@aKBKgEfK?0a7h=98j9UXfnX8Ftu@&U%Y8n1pwe!Ly6P&K$9{eTL(v@}W65dob>|_PCdRdyly^`Y*vQoo!ZUFNOXec!Sy|
zM=BqsbEdg|S+QTruE?caXv?L%l<3zy;qA-FS_ArVLBNN&VD#H0{R1i@Em2En
z@-wzsmqOnV3rV|WX>>pJ*C6fj(4!QOs7Dc(D*Z#Nm>p{%IUN0`#pi8G+D-cqgTAzl
z#%h%GvMz#r!HVW1m+ZVz@;S^4seBGabcZdAFujl1>AgqGH3(nKuMvG}WP0m#^q49a
z^9f07uj4qsRXNzB*|Bb>a~Qvo>8xV}T4&*mdQas}*}``~CiP{-8EN8q6ZxcYE@#E@
z%M2+yN3I{ZK2;cljcngd6PxlZ`!4#W^>qdw3wC{l<-#48B-^JNIp6Y8=GPv)MCI8^
zJRiAVI~dHO`KaXOV%lH
zqtSM6{9RMl`xMSHot}HpcN>lQEr;oA`d+Xr
zonhWTb2z;^#Cr6DGv(NkkK%7NqWm{=eEBgD-vj;2&>Xk^%{^}aEc))`Tu4GRcT~d<
zn&kE?WZc-1O5}>yY&B{iI{=QYKPLWz?Pup)(1j`4@SmyOELr2wG^esJw>bg1T-+Vb
zRr#htZTAvy@Gq=i*zZzu@4#1sT`w`OxC8y6Ml07-zB6UNGsTN^4_-lMy)>rNXOnP;
zy+kA2v>xR1(E18=lB3Q!9d8mHok#S0S^F&U+4dYdW3RA{-A`j2;(lo#x-LbolW4H(
zX`hmN^IgzaZ>m6!gZ)cb|3kkG&ACBG{gm(TsarOUo;!)3Omn?lk-qg{g~RoHMdQCO
zjwo9CCz5A=MzY|VSQ^nx(9wL+K>T+r`zhTx%)cpik)oyPs{XOGp%xJgE!fUvxqCeD
zy_Vq{xF`YNFED(oFG_~5HJ0M{iipRT@ks+EBD+&3Uhg)}+2^8mz=yhvbbqz9*9}!7
zm$`%P-G8#tBf3*Up6lxT?mb7UG?`o7H0XT9hUOIL2QmwmJV^UARoXM=u}y)-7e&=+
z;)p5N#x+mzeLm5EN$hVjgV#UWnm=Hkdc%ywnoD@iwKJ?WuP{;H0=_Zsj4P45DwHOw
ztFr}a!i3COT#qiC)oflWV@s=zNnYImti~GucRc>d>51`kEcs`80_GThmaNNHWK5yH
zi?zp0_nvUorII&5-v^NUNY+dMPHT?qjgZ(*_oh$sMoI?E4Jmy0g|62CU)-xI2M_Yj
zU>zQ9h0#LotUeEZH^_E{?J?zhSGscp$(n6(-?Utt-SUMb8$r%=g`4BenK4ZNc<7;#SwA=Et
z+{LnB5%o0#zV}UKdGN`APXaz$=`N`!S#PGS-KzAuGo)VkRHgSPBp>pbJ2@@+e(oi?
zAt2UaKcSzL{ENz~RuO8Rpz=DQe+TiRu-SlbXm<520Ufy(3YG!k3kQYt*`u@OxrTnq
zro9M=;ts?>!G>;!han0SuOteH-z(_&uc5Njc=ux(Y!JZT=SfbgiU{W>qU{yF85-)u
zRLJ*hWd0SSKL+0|O+Q9_$mxSxL1c!^D@Xl0J&+FvYue#gP}h|$0)MvbWEQTRoT}>a
z%J*Gr9v|4?F@t!)(bhGY)&G
z@}m}q!n98X(vDFOs+D`=;rJsp7t6m*WW&}|m6Cs`Dt4jy{iC)1$;tDBUd56xy6M@4
z&VHV4|2_&%e2;P7m<$_~!imw&M}NgD*-5a=z0{HAc)Rk?=gUslF#lXb
zGV!m^4<*6(YSDMJiD>Cmna8%wE$F-EDDWX~h|?7{U6A{2cG@rUy}ET0^hm`K{7
z3HT+?=Y5vzUdc+#$1az^c5IhRc4UoRhcu89-`|M7FQ9*)%yxCB%rP@qIYBg?_A@=Z
zi}!G0mZE2fw{PQk`;YV7bF!3uaktP9GS>bZG{5Q&yZ_k~DJu<+t+&U?f1CGc
zf2Qg;ME%-*>3};{>^po$-O|Td*$=`qjoFWBa%vmflaiSXmF-}h@G@bzpF
zo~U=l;tu4R7ov1`KEd0n-2wf$v0`86{_VtH^O=uPKO(J6ZxA~21`zL|N70se^K$x(
zeuz1Wvhv=xU{^V}X_}~NTfo13Kk=X&*zcfT{;q8O2c?g2VXQ~mwhCh^Uq5X9#UYZN
zWsU;aZ#9?C)Wr$npWMVZz@C3(j}9M1_(R6yhhLSkzrSI=R!o$23r36|ewY3IUY(E{
zKdkzAmiu^Og6bnRe)tHt-!{Qoqr#uYLn?mw2^qJ^ok7~Qzc!7Z$)b)psgrgub4jItGyR7i^?BkMhzfVsz-P8q_dSa<@%>=eIrfdO&p=$4
zqDQ0AHz(0IUCiq!BfL&`tv7Xv%HZ;tjQ!V`1Y-dBC*#!BcNj4NwNP#?OCxtD(6{knLA
z;403f($)~$&l?@dcN1{M3E7=}t!f=gCWG(Fm)K{*N5AbI8hU!N5O2<~=bxp|>r?(-
zlEg11&tVhKVK6;0hg-$|qu5(ZzJM;W;mKgvde#jcOovTI^!v5KNR75M?yu#bcca=5
zllXbl)nueQ4#<4Snj?(7SRu%2X&UNcS417&CLu8(d+i`F=O(_CPw({?Xd+8=<|jH=n4iCEUA{eG5;fDZdtbel#l=
zd+s%YOX3B{}OMcg~o@Bf&FRa
zd;T8Ay=pBbUru`yz_CSQ>Z?;u!5V&vjh(l8`
zGxR;C#&Sp6=sU^8B!}x!e7di5OZj_0{qCZ_Tj-Pd9yIISJ2vhG*@Nf~VI8&nAZFpIPs*a7e+^tN4bF3(4rvxnC}AI|&$O
zilve14v!(_*6(_xj@$|Va#7IPBC0y!2XoG<|8ZW~td)H#EB<_tpLd^E^!n^Kf?Yr6
z91UB~!}na-_i9CT+}<)=zE7slmoT5P>U`=QaYEh^*YRE~JU_b3g*99G-=-6vB-ePq
z;!ShJ0@{an_jtu|+M5Lt_?_dE=CDh1U18F9Sx*Fa&#Nqd9Q-h0PaSLie`Y>s>xYT?
zk4DdoQShhs!;$d^F#vnPyT|wNrpRQuhlP>mi`{;m*4H8m!$Wh*^fXbo#Gz`g8qkpz
zXl`?|qmJY?{gmjFb*Yz32aoJ}rXoiu|I`NdU+q1I_=%0g3zhE5Ao@-?7F9T_bxx=E
zyC0_W%l=tA&cPq~#Lk)V{6>W~e0q!UsgUqxX(!~9A;y=+a|u6$keDQSMZA;$e}i4q
z7=Ei{zmuYkv|d#wp)evcEgDf6!#xIkyNK~E@7!=XY$W*Rh#ILg1KkDhqVwOVnG2t-
zeB#sSK6;Z7Yv)LQf|CCK*XZ@#vn8$EK>Xse4pon*u;VJpv-#pYTbhk$`~M2RW}UIR
zp|yuC-fNbH|9{<=`_jM_Fd7{%i962YJBq$sS}|asFRNulM5}A%E%F
z5A6HbK=c#vaCg%9Z`Skp-{kQReULo9lkf#T`|8fvNceMpXMQ{mzGB3CqveCd{Ji6d
z|M?)<|CDf*@F}a)l4aMhf1>vT$XdtuB(Ht!{?DFG=0AGjBTVZiKBzsDWNN3VlY8|F
z`*IvSJDjJvVE*5;BlBM*7e{Jo9Kvzg{}WdJkF)Cj=%wF2&;0qSvr67an;LEdz8viy
z<96P&s`k}*__n0=zn@tD!S7y}KRWdOaQva|t)f
zJEsZbO{eg*d+8Z!8fJ>LcwK>f(cam#E7&!O#|pd;oo`A$Fvumgn&KG0gx)j8VLxdV
zvv-5%ZIk&s1}mpHPFMDd9)giq+G9i7kq%9SjtX&VC;Ue=DW|@^6Fwz7H0|M%GupBy
z;g)q1>VwLz`ox)ixi>5bRCJ4td$LLXIOO=p8#UK2D!$>UThc1!{u45%-bHjqQTKK-
z%XC}LD7pU}$^D3}XrMarAKH-~bPLa02Vi}_i-7sja>F~jB2mX-8&XY1zjaVt|Jr8Hp
z8K;Ie4Nh_#tqf
z@fgb%&OwE9j}4Wb2Ao3honSaMAm^O)aocZNww-GU|F0qZ!n?2|<1D7)lOe8*gwstk
zI|Zk3cZFcPRkd(J=Z1#klS5R8!!r$2?FY`A>ARG1>Jnj`vT(-kFFX={Wz)Mj7bA`B
zps`c&>TMbuIMKlMrmeF#S+1cdJW=dFZS8wcOR(!VEVK2z2iuM44`&pb_YRfy+i_E`gI%xl?@jN*?{QNF+M-{F_=lZVe~2%*%yH*RPsR;K
z4)uq&tzQdv9sUyMzoNDo)MvUkV1$DK$uosBe8y|ECWcXTtlakahx=afm~|28F_D+R
zAo&OK(PZf>?u|%U%5kL9E9=cJARe
zj#50fdpF5dv=`pkP2AsE;j{JU-96Q=FQPW-k{5Qz=V@;9;^u|6_`@Cx&sKrlk?N%;0)
zoDBL~j-~FHK}nw-Z&acU{K~=^pO!wBXGJc(6E=X4Uf~<(eDY{MUp27SvG|*ucSe^_
zz#n9>eQAp1L9(Sj=37?&zqb|N)g}se?Im72AGw&%xcwwo#vp?Yy{2foGwyp?D07hX
z5KTD7`ir)=ReWQK2qfZv`8Uw#8`;;q;ccboIJ;tB$Ktp=SlD5WsW}RaW9Qv^c%s`x
z9Mf$}Ho0%z{Mot5`Lhc+*F{~GRa0*Z|AxN-?|~JIBj0p{m&~Fu5dVDOX5AmY#4Y0(
zq~79Cu&avslvhs??Kz|Q5&wLQ<~2=>RFCp_Wsaue2!G5nNaU2NWt^HXDa++Ht@VW1
zciLK0kM!p%jA(kYT#Nhu6z7YmK85@K)P-p1F!?6u)NuYA`#+g;2*9o(;HPoM^xw9m
zOuu!r%8v!V!Ks9YTSj>{QTmB1cztNuKTj%nT}SXj?$Vo5)(;!3Ri6NN&LquT65j(p
zlkR^r{My#542Pr66b?7tVTK&vAvoWc@@J%TuYMQS@2Xx~Kk~#~&EsZ^Ku8wUs^
zQ*RG;-Nmw3>@B(*>74w0XwD$kgLuOh$S0c=Po`r2t#OA~58r=cU+&O{YxRMl@;r%?
zB7u*Y-NCMZx8k2qAUD&bPMr6X?AzXbV)%LAdLnV&m$Kh|(+S0o{k?5I7X7)G^+~Hw
zDEb5Vob3p9eTiv`kK4)|CDi9v`1d0EUA!xNVwLd8wTU@K9FFTFWdHj;&>dZYjG^hVU
z^yL`Q7vf#qqtO`4zxLR%k#m)dq(1>}B99QxulwJ0d2Z7jT6s7{|8(~{Oc61Z;(wgY@1jnbDaYR96bO0V-{|x-_P^jIqCPW
zUE-5Fv!2GV`g96Ir*lRNS5U-;erKkv(Jx+Kk?MbE8g7JeV3XV5d(h}ki1
zVaS{$_vBP%--^YZy(@0->}#g;!S=Lm^sfHp+fn0L(xU-_v$9S%2qTxwu0}{gT!$Rxa+$
zTzPxvUXp`f<=F9hIYw4&yz%2DM@P>O1iUS^@L%?;o1hh$E0xTQ`Z!MhZcNZf4iS;`
zBzi0&S#+0s&bX^;g&x0uKNwm|d#6X>%YH`6f;toq
zesiu2Mrvg&zsjXVcttQMmv^@yIj2I#EaXP=ML|r)$Ix$@Yp&@f8N+5zAbNXu%#VIt
zULSo%FNBAFk_9zq4fv#fZF&v8?~Ue*8fkyE%|Bcdh
zSJBuF9f;4a*{$qr&~apPZbp5jqE*Kp33g4k^53IR&SNo;-f6z19C=XB>7q*JzrBoP
zTbW0n{ht%QU2j#|W13z)qGEh|iC>`p+TGt>yEH0ueH3#1RbkYgbEsAnwqJF>v9#XS
zN81tTL<(i@rA#T~j-I1v1HB7-g39|=y2}vfclzUXT&qUR`BriSYb^}Hradv9$7x97
zEpm7Ng6(+DBe>U3j)<2v7s~(BH=Mp;Uq;%C9NS)Wb3L85KIrwTI{dUB%@><8pP%M3
zhruot7J)wIt9Ayv?quJn>ON%~=xz&k?Pq#f(g&Y`Nu5N4-h^M+C-|J|^7j*atTA9S
zDM@oH|39`XoO^8~o5`9a{<@dm5#!)b8pZ70PQvXTX$wM}!g3mOO)OK~6Y7(BA&W!D
zWL)y{$bifhb$-v#&};4j*J!8b
z?ecuNUaIih_P6Ozich;(=tqmwxqcn5Z>xAA?4h%Z7~pMUDfNFM+$duRJp`jfyd-^(
zAx0KDKE%krl0uKsA8Z@`?YF}gDs{uqsce;TiijIt8XD5d^`Y}5lgb>YCgO^rOO<)s
zXzn4z(sj!^(z(VHDf%Y0?g}Yi*4uK2YD|~6{Sms$v0-uF9~CVAElocSICISX;E)F2
z^yVeX=JA>v`(3YcMn|%UXL3L`pmPs7q5C`PJbsL8A*(prla;MM4|ZknnaKX5ijTp$
z!dx1N_o)59!LC2Dt@h-rB=_-{;2%AjX>8>9qMPnryM7z%Inbbw@LscleV8MRlWnS|
zxAc#)l%4b1C%ehKw;>xZgzX7PM)V^^_C+Y22UH7w|;J{Alxy78z$%
z5Gs^3T&*je)`fR}RipdUWIP>xr}@))10PX7hu+N>Q#!SUqI_t`EGnO7NV
zzclzM#M4hF*$p{oayAFM-nH`o{b673RN}3y@sI<;A*wE9muaICY9@o<`>6c7ecIhB8T8cnNM*bDaZcE@EGjfmwSF_
zj{c&S8n3%NviUbAe42f7zphdBm@uDArZYX#C*3V`P}F}V*p0;yh*s?tpNUwwp3P_LK+SM^0C_PyF&8o8{d31bKQxDF;Qf!W&nswO
zJ=4DJtm_^4Ezw4rgYB%v$4`&jS4Zu?obJk)eShjX-^#|Nod5l|@Ri>f+5CQ;U&3-`
zz&J3&Kzw>X@Wk3@I#*E(&;E}M|F_7y{J)3y*}qkI|Dn)NW6U8Mzk(2H)j}!R~@)`p#>ULdY+kfyi&AUzHJnj1^cv}4%+^3T}!Dpd1
z&kWZuDoX76kAI`?QEQw`_B*rkcn)xli*K=>^W3lZ<^GglA@lfM>-JxQ+6Ocbhsc%r
zU@oGy=~`i2Mw}*dhR*KnrSWym9oNgjzJt7dZ&~aAwaVl2ero+sf=Q3Eh0=N57yC^J2OstS8ubl4YX3sOI4F{9rPa~AB@Ae<*8C6P%`2}cy!kxAY9t(hyf>59
z`=6=xA%MHP>qgn{vDdl!l?(6pqF1c_R^yDe-!pl?v+4a(T7!KbBpqd6LPbY65hI$W1#?yHfco
zu4CPp{_^k~lq34T^(4m6ps``gPTYTUL(e7MfAlxqe-81Lkk-%ye-)Nd%o`yu)lr&7$`%wv9Jk=A(GC0y^<@SD0jqdy%)#7#i{vnbSOyAAftOtbe*!
zFAry3QT{$`6^_RZZK2z+^Y7BP0ycW0d1J+2wEc24{p@?t7ljZX=oL3bBtL$p)bF`O
z)vzW$AHTQH@EYa$VtS_~AHdiCQqC8)=$EoaoXqPA7?T`$5_j2CGjzWg;J9X)0|&f*
zncwqoM!fHdQeIItXqqps@I&6NyGhwS9Z7n>G2&l-F+Tr8H{T{-T@~lST4lW=kHVR)ZsQ#BFEa%47p>Wi*zY}3t}Bl7HL#Z%
zd@i=JOrH6Rg#SMLg)mk?m=VCzVdmwu2Wvi5%b25ZC;u
z7e9+O#OrU3TyL`VrG2^6WIg7-qdaD4^PY0aTesQnZ_N9fnlAGWArI77S&vpj?f;LK
z%AXati?jtYwsfy3-tC8;NAjP=QRH7m&atnujoSGV@)ng6{LBzyU=XhgzdVL%6mzoa
zgrsj6){psQ(b-fvy4;=0uXBNkdSSrD`#FzW^bpSE{CM8vJmgtQE6}aBkl$NS&n?Ss
zB2S@6dx&Job&+((-6RiG6lq%nMtPd)uS;)c9L!ymXupQ;WRGn7o~(HTdVNQGqnyhr
z;^&vQUwx)-DdAOT^ryt%S?B+diW^PbFZ1L1x~8cH6E-|NW3k>dZIj0Y_*Dm<`{lbYXZJ-xHv@y?R$Vf(#21Uyf7pyt^o
z19=Ut8fWV7;+VZ(;KvMCPsK%qzjl3-19PCeblNy@@q|d=;v1|>e&&UJx%~v!CP^FS
z+wP0P6nUvI>8wgzB0O-gZoWt>Fy_(cLR)^;8Swj{c9}AUr%?Jzc<$G$6x~`HCBC9+
zlEWk!x$o(0QDi2Me^tu(SH;K2y`sjxS&r?_C@`S=0NtA`)|qzP&EniJG@s6kNM3Y_
zGSj;~*fp8)>Y3+N3>0GWRc%wZ%yGPvbA&~nS2-n7Yw885qfz`&w#+H18<*23pT%~k
z%QT6$8^3BWr0(Y*I4&kYeOx32?Q4;Vwz5uVx{75hVVZUq>sS^(ui_HY=-pP9UliOd
zdS4NpDf5-XM|3mto%DOTk6XEqfrFqAXj>6dF>*~+d=8`7FOHkz-wNaVVEK6??;F9v
z4>;V*aM*S*nI=HK!dac+xY=ytyhlQ;i=X4GGR$)OIev)wtyKpR|D(=oIpd%~zs*dM
zH|*y-({{eE;WpU^f%ij|mYj>{2ft17fpz|WuFi#>juwi((+|?Q%a{7_V)*+apGbcT
z=bW_h^s;6{cM{(@G7Z@B^JF^nAe~c(SnHwtq_dmWZnr_z{v5cpF_Ou-=q&!eoB8uU
zS@91)2T%IW-|Sy|_Bq=3G4Ail94~A6UZ5^(^R4Ywm&iPUO255T6cMd?k!a1KBwEw<
zoZ{OzOW6^A&Zy7eiPp+GSY`SI;VVjirO7B475+LcSJM6oB5%=bSoX2?6mZ57;~H0LC@9~rEP684y3K~YhtcZL7#Q$
z9vQFips_Kog|i=%xkQbl&^_W#TrKNC5xyS^c3sE#8G9BvR8*Y{l^6Z(%Em3hu4(*y
zD?bM=ew%YsG|_L@r{M3DlyP9glsWhp=mzpA)qT>+*T}lSRZ7={y`cN7FYpoWqqEN_
z+5TdNw{?E9C5{(?zwWo@eh1I}8ML7}XQj+Pz~{;2^S137wI}v`l^3cN1srWi_5Xfm
zeEIRS+2>)Z%#-q$%4v>4lA$(qB->wrqX!9ho=?Kj!Kam#6zAm
z==@CpkMaufD1vwtEnKDWGiHeOdm_Vo)zhex4*Fd+3O*D>rOjUALt-A-$4N2=j_U6(YzJ~Yt@1vm
z?w_Cc?`0nM)u$9(lK1b#xO2@*`R6G`Uv$LB)BbsB|4L~84B9{Bubm|8zr9mb_011`|Wm|@UQ0@
zGZHzY`z@c^TAMCp8p#!^%@y%B89cu7`wL6IzYLaXC#CF9+}=k#l7dm4`BRzCVGhYI
zYr67f9QqpC1H`*-?;!Xlou?7y|NW!y&m>vX3c82|$SX`T&rQSD1pN-lAMQ`mTrZ~2
zn{50xY~0Ijf2WCu+*vZu{(?~W7Tvf}`rzB&FO9<<{9J(c%FfTpzXAVSbZJ9aj~Et$
z$FE*?>-d}aH1`5qf2+lsVe|dX(AvS(XeV{IMKU*7J?pc+#C2f$pG19E%te#>D0-jh
z#!E^1sQphW+V7~Q^uhPPLLbiV8lQhB
zbRg4MPCV6bZok8?1#FE@?O
zeVU^hxiN|kh;@F{_o<-II!)4Ro=h_i&mdYhAZyfmh@R>v@ric$ZI#NIds1`lFil6Zxk{cL
zQ}#7LJiDLZmd!Hp!JVkxa%D%h)c+o@1P^`>=V{)t6F$etDP3qFE<)Agz0&v#ea|AA
zdacVvjrX`I~+DfCZseUsKym{=3tC#h?~UXVP0)V$a*4e6t4
z&!>L3g!OEWn^Q1;Tf(@8VSM)SeYtN-7$fI-v4Prrn#>DnyiRBNnTkW2aX3rbuJqG7aznc&mc#y_i?tr)472DbBy|MUaqrHg)?EMMh|(kS?ah4h(EpAH%0R1hkm
zzgN-cBKph|rIN>Rvg{%2vZk+-^>`LBuOahGq}R##Q}7#_YZ=i=*y$2HMu}Jx_1gNX
zPU*`(YG2jE`dUPN>0)CjPprWjLPcVG$SZzE>-ZDR{XEV4Pwge*?&u=oYal=R#Mh#J
z@d&N;`Dl$ePHTJqCrY1Y`YoH8C_
z_z3XU?T
z5ynYbizg-D*RcA}>P}}FwUf^2o4Qya^KPf{I0uOiTk}SJ0_$!+%VYLFlDOM{$@lro
zbf13|d2_`3?~!Erv)dLQ+_Z9WXNcp2U*SCY{zp`NaGQ*AJtA|ykLKqm&;KLi^UvxQ
zvvCE_Vca
ze3d^)J)0zRWmZWaQI*r#6HAl%XI1{o9D3&D{Fgf0)F6M@ZECvA+n!6Ws0<~QhAA|T(m76t-^Pn&40xryps9a$4VppZim*_ZN8}~Giw+8P)N+*p}bJUiNzkF^^m#=TwMxv2&4VoII$UAMdQO{kzt|X^?E1LbCeIA=
z;(1VSGwR+GszRNo)$}|-@_D_iTl^-U5i?Tz?W(4pLzpXEB-
zk?uXZANr4KdJnNZwKDG84$m7cct#qDMj+0$h31@&eDgF$8_hiwr%g+lPV^+vi9?}%
zxyYyPNA35S0TX#pUyMn5I*fL-vP{|*V)(zSC)qH7pMc*Krdg`4p&f?yc^pcPe+q%;
z9bNaZ--f?Ap~U$E{}GaRqKSBqh>!LsoZf8YbACP{)<<*^=ue!7hh;6tJW&yP3Os@<
z&rmsmJw$K4#zm6n$d&NLeHmpO)fh*&J(NnaxHw^B9=l?}+alv4#Zac)Xze_fWEZA7|Am^E#r|z*9*+4JWtD9DGDCO67fO
zr+@kgbgr2AhB5O$Z%@F#rbg8#o4~Qw@B`cn|4gg?=k}56Wn7qlF4;a@e*|Ae#8+UQ
z4jD`IOwu|X+mTyY^g~~EX%c;v^%Ejdnj_93__tY_hwh-IAan%0+2Eh$SXRENDIA}Y8po03|FLZ(_zhI{5-%=&$_8}bRh*L@K4nEhA3&V|<43`+
zci8tdwhgw2!jSu3m3szvTBfZH{NV_e1L#k1ZI3ir&k1>E+|p;wuk=%W1hde7d8e0#
zp0WJeT9s^pX9xM&A^L2Dd`G-5eX5)_M1vgsUJt+biq*%vdP+W*4%az_R6`PzJKt8Vn9X-k3MPKS0Q@kO1)A9v=6yE|{2Y8;*-bKqxnx-@T*
ziza#?&EpqNnU6@)P1K*hgJU(;e_zp!vFuqA|G$6X{7Jg_I<@^wN8sl;dqpASJa&le
zcJKXSDQK*kYhfpB4>{s9okcX)tK?iKjX2i{Jl7JQ>)!7r;%Oj@^pdmuCiqFCscx%sv@-SKX?p>NmxL2k-IQ}PtYd~lemFa+Pg%zR?-vZMJ$xa0rs@qmO+48^1mor5?svAzJkTv1gAD(=@NI^QhudYa
zE;Co2E0TBmX4Bk0Y1Ol*w($3KX*Y(D8zarO9;~5im_OmiVGEP%DyL`ZGKW{C)K%%)
z6>*#Gl>bNE^+!ilU-|D#CN@Bj2@Y{QqRb>Y7Lq_?i+dqO)Df5Kn)l*
zAZSzq8T=KIYHX>dN7plnlZ5toy2ELZw5u4pTGOrFWvl0uv+Lh1f>^8CNS)1(r
z+_Z_K)Qp&da>_zTfx#aliL_@BQBUxhU^$ue3P##%>?4VY7#SXSz02;=3gr
zQ`cNs{-|r?1uE+{Gh(*?A!Kj(bdS&3?Q^LyuW}$ma>%UXd?$(VL~I{q
z4VUVyww{1^J;bRK&xsY%HHWUmza!0b9pE*ysDF@tm(uSy=!!fyLv)4h{B63@I_*au
zNYbBT?{bcwMg1O)dq*DM`Sf>)u4o_df`B3BwIufpcyIGBTcg}IjynWxR4|4|_#42y
zEMPo+!~D94%1_)6oxXk(@?SiA?)U_^3HD^04$jL5>?NN$)?-L^%>V3L!gunPF&*de
zx-N^Cp)GM5JU?0liwLh{`P#!hTDcKm-Kue}zQ1y%w}nD*YHsO_%{
zd)G+H`f3E$ChbqldCivan*9y!gD!KUuCe0y8k<2pQG9R^4_2SwOmfj38Vj`c`(gun
zk8~@SSsXzdvon@NA&+>djy%OoL7S={6Q2yybv~!>N9cLXt?hEYdl~z^)7spWU0*>8C@E6Q!e@g#RpYy#;j8XpvY7Ym
z?@7EzHMO@CF(fpOOgEU{r82*P)cfzseT>ESztq2DmvgaAwut1l;@C2}zTqgVd74OG
zE9O|0x9RE})703?=I=@$X--FH@IF)%fv$*k3cH=+QOC#8rF-ASN%7=G-KhJ@`+POx
z|M3aUozRWPDiQwV5;;cjYfe=`mdR3?`qVS2`Sqq3t1_kj^UT!wp=PP9pUZJot9x8}
zR%GLjDAqQgOW1VLVB3GG?k|(PgT2I~YXR~K_)+-khE1V0WNDhq;@*f|k{TBGhDe~m7&)VEY<2K=bp|z^Zr98rCEplSH4Eq&l8L>_%Td2?N
zSPj^fa1Mp>dROhOLr+5vH6ud9r{i<-xjsMeH1ax_kwR;8#AmIF(Dx5g+YUP8bI_h#
z`DQiRfbSuW+|T%*7-u16yceA-r^b}@nKupn{rFSqB=7Ub)>)Mw!4!QM5)VXwsbCTx{=sXuVjccjlvCNv8DJEpd~
zvEB7P#Cc;+SwMB&65r2PrP*J1`)}0eh)n}8Mr>Mal5?(!v119HJAh|nHzC*fuSdTQ&hu5&I^r@r_er1TQlI2pSMaNc4!8DwUDwR^eekI|#j(^J
zpU3;`c-6o^wf5bv?*z4;JQF(UjJcbBOkDbY{X+Zo>62nlw(XJC){6e1Rd=Y?8v9Ae
z`dyMevf8>l-?^vuQ`tD}Wjps5p}o5_XZpS;llPbSo|HtdvL}VKOzo5BqF2X$WTiR(
zrSiwdQt?}ZthacP%jGJ@vm5DJ&N9m|&hza28<44r=$Rd-iZMiN7VLh5^L>@qr26YI
zEv$%%-FZb4o=GA52dz>(lNr6ao;O$8cqS*+zTUL=wF3D30F&fG%^OAa#DouzSHX^V
z5zU)T8~?6$!=-x#%N*xV;QybG%X*;S{dQUUJI-T{>fZPH6F6&g;FAT#e*28ZRK52^
zs{PhsJF=!{pX{VMO2^K9{vNR|e+AgcokVvQ+ik-19e=cgerIqV$!?nC_j{0E?trzc
z-)#z_F?u#&jU67O|3mbj-X*?M9tHpDVq7lYFx40R8q3#yzL(GZsNRqJr2CX#pfm^U
z+&dLxdbk}j0sLD}u`k3Sz5h1d@3a!JXLi1m{&uY2(_F{5^+7CSE{QmH>e(;k|k1OqDDD6ZZ
zhb^kiM{~v4Quqciux4s~ZTelBvwW(zx8?EHzK!aez3Fk0$?SGzX_?jBF2RNcw&HD>
z$?Ff}Qrctlt|P>|>iW^EM1j5NHTOi_
z=4r-XY^3^{tt0&{R$Z)(>T0)a+^FlgzQ&aLY9F@O=J~b9OXX=EqtJh9O+vrPAeyWt
z*=dOC8nP0YKLeKJA}j?4ZAM@;%M6~hdFI!29^cpl-laK<%+0+E=~rw`%^mM;OU$n=4}^(sE`$uHY!;uF*ZYf8=q+ZJq}^{Wp|!n^o^`F4
zb68*u(c16ETCIMrweOO9wEw&0ysU!i_E6meG|w3(G~%J(ZcF4pxsV*?F5u|fS2DOxw*JaH*|mR*@haA>p!aAC0cR+
zptWz$-SVx_E}_3qOkfn>xs<+xx^lR0PRy0`^c1{7>hV%N7z=rSNvt#NzVQi{S*c})
zTcOXDq}lI;w*GsYy!UEr@_vW@6`Rm->Nl<+{x?MT;L`>g_&M2@%Sof@9Cwzr#GlP0_}FS%Gf?<
zgqLDXyt+l6eY8_#w*_?myjkj?3>h%l+7c@RLvGPbk04T*&3^@oRq&
zn58rL-U7Y1o$g^gV83D+FE?Lhyk!01rCa3v$_KGWm=Va0vaSAPA)rE
z)M)=75ZMv!9MwL){ea;9IrSTi!QblhmmipzgFc{sYKgE>v|+fBWl)~@`J?y*e&EsFJQ
z`9{IZj+^qHLaR7ZXcfi0W(n_GK1*%=BVy~1DORK9TFmDFoiv}&e@Qow*;ri|9L9rwBQ80_Oks%NgL))ZPK}qeITT1?W5I0@$&C-X!n8d!Md(k`;jg
z>!rN~cDp~{to^?aW0pLZ^Jr{Q56U^PUn}NtZkW@W4+8kFTc^N(y^=PyIQDA=;&VEu
zsn4NZ^Y4>+A$jX$#7bb}$++#JaZAR=OC6{8b_h?Kj=grIS;`#Pk&riSTC?#eBbMN>
zJ)`gL+>wk=?W9dN=P3K)ZCcumhl@eX`
zLI-$4-+6Dlj32F&QMb97ZEo;YT^v7O_+tEbs`WRldsyRk$ZN>AR>XOCQ_mEq;u-H~
z9fjKycD~0N<(_-{w-TYzxUknacbvj_-!_UhOvIY)JU87_UUw#e
zvrTkMyA1`j#-@w0Ieq)8o;{BDxRpGuO)w{MlPv-PbR+TL|r9ePO8`KR!l
z->M$BbgS(zdU{$hiT3z_zRxyGeDGBGjBZoJIB+ggULt<3<<%x4Iv)H-;Y%t$q<>%^
z(&sY+?;vmDwWe)!GCxw6>Jq)$hvsJV;fK`LnZ2EFwf1>e>ijoL%z@7==CdbYD$iy)
zelfqB>$#>JexTTo{^llK|INr%yZI2$%eyi!bNPHoaQVE{7ccRUY|h6g_YAWB-FcnA_CQ
z+#nCs-snQ}BaLON>zDYs7yCQRk$%MIHFA7jnU9{w9-;rFR~`cISa>uML;2-zsQ!1i
zoE>+v-{!t(hUeESz0|ivUta7NOn>ynwx?F6?aR
zU75F)BllgxAE}VBLkm75J%4L}F-yXE1=Tp;OypW9jKQDd)$y`n&T)^p16MfEmHBAk
z49PpV+IT#Ozi)ZIwQp;MwB_2n1g{#;&~N0n{Ps8HnU9_=r#6CKu0b3Fe9^9wGqP;`
z8}-IiXI;Bp<=-Z!KX*+OG~>@&96+q@64<6(?^k7ztN@(WuFO@ur`hk%Dh-vpGB$i7rmI
z5MM&>dOKH>oxA?*ldXN5pVwLLFvPLIuC=Ll#1zjz5dGb3wwWg$N5%LU}
zoL(=;`Ki%sL3RdkewVoFm&zUD_O8+#BPi^Dm
z__S`bit5|ah4ld)+uJTNa}uMMkgq(AupulWS`J5NnYLjnLo|9P_pN)L2{?17i4Cey
zePIh@Q~8JS`oH7c?L)lfRPEb-huuDZbT<2RjJ%xqbTc+dPnd{FdHsk6(F0H+-(3
znsbD=^j=8p;baP}dU
zKK5<;;`C9w2{AOK5!Sn~|NJ>1`BQ?+qvfvhfW+-Dr+xnYJG~|t9p7E%n-ljhrQakY
z&T{-Vt}@@3oWC>5e3_2l8kfp3Dy|fHHPv61*Z)T6_((iiuBS9GV9I+NNgn%5ZDbuA
zrSI+({?W2AJ^!EO`V)PlxCgn@rxRb(&X`0rKKBL~2cqjai9zTZ4e)s)u>KdCMXz8^
zj+>(H!GCP+yLqFuZDa%dSnzz+E3iGveaOojQB4u
zWUMWmW6?eAo6&}>je&A%8~?w+&;QX@#^uVZi@!^KOpCKnI!*dmM(v1=O%K2GLdCbq
zVPE?n_ZV~Luzgkue|C(QX_McxTn*PH=Ym3fOLBwYXpUFGzr9kQ4}~P|nB&;~C!J3^aub)NwbxgF
z0o!dT6wePoYWv~aehiDWE!T!1hkR014I3u=F`SC~G1TfiUaiNa^JC0ccx_+I_OZ$B
zj8l#0Pt`W@YW-^k)oN#K(zSG;etLGspfyeYSD)Z7hQ_X)WGvFnS@!-=Wx%EN$#ySi
zd2dR2@aVQ+`hDh9T{4ei{$Dq-e9I)|UrtlLGfnyCNy;~+DPQX-PjvUeN2+%mu;t&n
zgua^V+FCKb;L3d9q&;)kU*mhNwePX})c#vHk^i1+{4>rGAHn>8eWHDXB>R82O1>9a
zKk<91h|9X)hh>i}s*Ca5%vhnwt%X&%QeI-NfT3D}vHS2qWdR{ya_$4p3
z_AS=6kh30pXFT-brRyn@v)8O)+v%&Q}4m_}kU~esAA9a^0%P(D%z>PVq
zcAEXSf)>R7ZWx20DDo-wk?M-)!*cUDovHeCsI@PwHk@_03h$anyz75?d;X}X&MUtM
z1M)+3G$c#5t-cws0yD^{sI&^aH#5i(NHQpim^Csa=9H|qu^Ts~jiaF1UD~Eu8m-Ir
zBsyaTa1(oWJPhLQ*`(mQt!vUfcJ*XATho#RyJ|FIqA59v&ffcd_sx3@!;hTq**`dM
zc<=lD-S7VX?wx0POHF1Atr}dP{Y!#>D$~v`_jRz#{ZjTawG-%d3;Z_MiI_jF<6{04
z^O!%G6u&t9ul}BE)YjEUfDeFv_VimYR$(YOOXd8XhgC<$ya;Qfy`!`qsDs2fFZYnH
zI{e5C@m@Ut^TgM>)>Tl
zSbRQv9yb8i0{A|Ti>#5eOgV@3N23criRVo@{@Xac{YTT!&Y>J>?abb_KJ{Bp#+HX1
z?A|t>f43U%oM~`e
zx)EvMaFyeyy8NC;@0wt4s2jjI2%SKa)0i#NDRgChooriQ2G56k%{7noZdyJ7bA3L>
zHMgFCF~3OtoNW-cnbE%%`Jp)dgLgc3V*33m!t+W*TBFPze4XLFr;${E*A?&zbvVLy
zgfShjS8adI-{T-$(9(c@CNhs{of#hw>K}AiEA937>?0e!n~x=0wSr>cOb2sQ>c2MV
z@F&yy&!hFfupu#B)$h9~0COMpO3Vk(k9(yA@n}v)G^AIwsF~$+6e-ERMI9e61^M@>dr;xlOXkd~j30XQ^g%;BOyHws
z!mCFBXADQh??n3Bv4;}N=K-i^rZzh3UJjX03i(!oKKFjIn2)1v706>OFWdoROWLj|
z(hf!0lcu`&Y*666E8GtAHL*q+W68IQxrfL0m31}aJt)&UXa2gcbO-PrAZv7@Jyl|d
ztYd&v2T9Mi3C4Cw!~(@wgqCLV-)?(Y_F(QWygMUdye-Vv3-9+ljN>uDr)ewEv!-f{
zar+spQ%l{WUDfyaR6K7TztVN`7f4RMRF5#95kdUHZM}GZ?a#>m1>d&Ax>#2DR5pc9
zVI2I|Pp#j~Aie@~_Ej+DVso81^XMl6zq_K*-4>nRK6wnsjdWICr_I$Yf+{9B<;YvWgaY09}~&ZjvLkBuSCtS0=q6Y7ZhzT1muJyH8_Q~Tca
zdK^%#?P_Ry8k#$;esyf!MEFnVxw;ENXdgmajIk+BAJl2@+*tlp5&u(bPovkGex;rJ
zKrC^GaW61m1C&o=>Nwi%qu6}t$5tF?|3P~@#siMg6~CY>CZa2NFTzK@`EyWDecs0D
zRvO5wL%T@+TPNri!c2|l#9r}O-Fw|Cf@#3olbvzNdFRy6UVS9
z9dn+EzAy$weEYwl_O}??pDGVK*MHQFr!RO{aI$d-I{aQ0;+yXQ>?9M+Yk45!$J0;a
zIqyw0o*C*ty)%<96hr*sOb*`_i_rgIvboHGxoly>7mfXGV7^;2;7NAoTZsN{XOp!uWIrN+X$SYykLq`MgHf~!Llw!emZ#P)x1vFG7bm`&!<|OM<5L
zj{Zc%?&57_i96-KI(+wDZ#rvK#XPJk=A``LDqr)^WKyb74DfW1~Z?H9D*n=1Mi9fa?}lnf<<;w6iE!&L*R%DI%7
zeNvQ9g7Pmy`OFfZD*A3xM*x38IgSrLgMH(ETQ@4)=(m+ZdpI3_e2vams5UYFnu<4{
zRR2{wv-tEGl+OTl6S!WFqzNA+v0iPeh$rR)eDMMB=>zcmuoq!1*Ki)@!FM==F@7UB
zs}TMBx&3o#O0|mZx}jZ*^nDfe2FZ+#AnXTk%RE0C@Z-Q2*}_@SKDHx#@kPCrP!Dst
z$JhHLR&PmIii_7c6aTH!8Xf=Rz43g&cMfLh#y!3l`2zz_osj`K2j@26-IvM>KPEtS6f9U5-xjMG*oh}{UUKi(omWX4-T6Y6H=c;Q(d?k=kL_9Ai>S>7H
z;hj08cZ+F!+10{FAei!`IzNuq*$uSrH#-UcdvsdoGw{)t_;~ndFiw9i>9ukv(7en^
zXxWOcc7LFq6@?H+5H`?X
z=x|Ck#!?zN!HNP>nx*mxr=iXOzaIhPUe4nOh`molub!s$JXNLdx7dT-c^E@bs^
z7^Z^nEFmNCHOk_585eXjS;UV2l=O?AuYEnY17UI4BIB9LiQC_KEO2Y!74(t2?=a4B
zK69;|zhB{TUND~q@{wcR{+==#)6uoUj}_MUSUbDc4`(nGU_}w!2PRu&ct#M$QI8AH
z$lQ`))r&a@DlN+};xwJRA;W-9+fOYIt#~xRwgzA*=_v80SrS*8J67LU)v1##Onlb(e
zecxG${!IpdFN#%y`n^k?{+@48x%x_@-8?ZJ^-bcRmQy)>{6xg>NtB-rX=nr6bzDt-
z%E`F>3;m$fZs3!h$PbNiJ@tE4sN1O`-G9U_^kkF4Bl@8=vjrgQm4`I?ggEWnfNL?Q
zT?4>`9bn>a)_VB};0rxJ>EH4kGR8Vvpbm^LWJ%ekNK8_KDT6BB!;sPjDlzA}c9s!e
z*q64dA4U&-I@{5zHbCE54p|ANzow!tANx^L|8YY5wY>e!(Eef7B8m3X610!7mgNYj
z*xohDjT%h9>Y8uxhg4G^oS;uFe^#tnt4r6X`gfE4%cbd4Yq>r(1KoTj#gcMTJpsH~LBFLs9mdnn
zY<;cpmoL?X(*fTE(|^QiqaxMB_&=*;SDmT%DX!FFRg2TkSaP?yKF!IJgr4Dz?~(pT
zg|m!2U3!sv19>`_|A1r*BmUH6&{m+y&W*JHP(B_fAs!l#YGSwu>L2z2EatN$=ySFc
z;~Jj+rN8H&sLwUfhRD0n6v}{o-N9^u2Ik^1C-I)Z7ReQ`z_~Ko=eJ0?;XBa^8Onx-
zFbB=QX+F@KBi>k!QD;Km=eLx}X^wuzcR_o(fwq;o9vjEI`gz9l53sB3Asx+AG>;w7
zu7_-C=&L`(b)HR!*PEVpuFv*4eVo2Wt47hb#&$bVe=|&QU#g&C66V%
zUvW=|x3^Cx|3F`@GsNEj>&E~|K(@bOPRC&$$G5YC$1}NoVrghH{QY0#%X70_;O|YS
ziyy6Uqi?v0%aQNJbd5`rm2(JdLqB+w+wRdH9O0}P)^JaW>_&h51~|v9oTq9EU<}e=
zN|REI?VJ?rxQFY_t;(KNvL~4J7`H7ZLmzwB_}mSgw`&SdrMqgadmYOBRUlW|qO_Av
zHOZ6*KSxxL--ODs866+*v>~CYu}HCy>}73-G*M
z#0@$Zur}2w#8OjP+OlLG6dvAPjx~
zSf*ip$Lp_b33>TBG5ys^PRD~U2UH%vbXA}l*X)g`9-l~~ML6HtWV_4|F~4LXFJgR&
zz3O&&s@zVbhLQFoZbzR2n}qs}>s3ohzLZSAQl+%P3333&zG43^_E9no^88D7X^B!G
z9aUp{!d_5O-e@22_uL{|=F!!#24_T$3&~V~c|!O)j+13zEwc=3nQd6hXK5|Btk&hC
z*^{m36!K9P&@()j7~2omr-SJ9n`GlLtrm0|X|R$1Y^QRARPMspML9Q=Lpq%=eb65O
zJd5j$bhR$ENx?X~NZacvzQ7Tvqto#wpyOMCj&F@v`h(TDwm^3yKzAc2*qg_uqTAEa
z^?16vjbxhquj3sp0UNn-`m`2UlXO!poV5xSc}O*t!wA1e=D_=Fu%|aAc}mW9swjiO&y4bNHg;$S$3n
zZ<)(=LADUa<(b3eQP@w5@%|{4kv?I(tDp+c2=X(CUpC&UxH%o)(K=KA@0H{1`yrMj^j1Q~c0`cQ
z-c7o@qbn2m|E-*vejfdEQD=c`ihU$;-B?Ye?HQHJ?`HH@V5)lvaP`@`vhLG>t9}e+
zG~TX-{gCSs3+Wun*so;6{1(8|+kgiOc1;BXh}V$c_CD|L*+_S?FRT#oi|t_UiY}-V
zjs7kMANo1BbY*}{#`PjeLM}V?9nnVT3WSrI5Y7X5q2aazPS3sYtfl-9wd6ad$#ci4
zo)7BfW4|eFY9-xY(#rgd%B)$T%Y0XfAI^t&-yt~Seef7V1J$^mwXB-wH){YHqLs>z
zl|UOi3RKh?`a1kQyQuBq62X%XZkIieL;rcuCO;HrL?t|3s
zspTSu4bDGRn?JnM)|>CCVNDCP`7hVkbPm^5iScK~jeiA|-?UsG{~GGY1Md)r2$*bB
zHv=BImjx~&>;ew|y}ACVigF@@v8|?dvX^5_g`z;)+g9v%*ayGSW{$BY&F5c>=@R~g
z%8x7)afGnn1=R1^Wdz3nzv$nS)Shjdmf)v@>Q;<--9FJLZ5H{Y
zVSI8f|2qKo#@*MRnLiq1nGuv%WGMcKQI^fZ<;;2w^D*Ks)^&}!(xsWXTdo8NTU_`
z_F1GSyIE}D+qpk4^6h?-e_RvfpSuh^`wQe>9xm2-_RKi@Jv&nt5;Bk_A-|qOaXRp>
zvOf0UF>QZP*O)_hRk6%W{e3w67th>(H8XY&>@ht+GtB!NEO3pTx!q;D@pxqtJESJ1
z?EzR6XBY3BwQzYd7vNEy1|IDb;BgLz$0c1Jkk6%2Xn%jMs){==vAruxuy>s#+m|ju
zo}-xdt$2dmI*0Guqh088ZIrcS+PASHZQlxGcA3QTYjMK8OM)>=FlHy-MT7Ao?BtNI
zcMkUzso*(8xnyDIRVz2yU1i;iib-rikwop7})Q-Kg()k!-pHw(0zJ
ziW0&L=l^f-RnG#h!f~S9H9)?yAJZM8EjEhh!t+|k!%QK-j57{qYy>m5@LcnVim6`y
zK3Z}01hxAPwL9B3c|7|s0ypFQe+#FFAI-;e4#zEpG5BGv3-g{p86BQFt!tc=)=dvT
zg%jW>i^ES*R}J77K^t-jW~6|C8A)*?t@jR87Gl1mn9gmuN`o0c@uzPUOiw2SzCk^n
zEpWF1ZcGF>?FAa#pr1%$d@~)r!1a>O4pgG=MQlE;jd>_vPL6wuW`KJN367?uF)_H{
z`=6iKe>#Kc3DEN{bG@DO!pM^zAm7^7eB?{gGjR@?n1*a6U`ne8OJ#;ax68T5#MWl^^#?n~yh0yN-|T
zdo+|yumR6-vvj9l!TXa^c|?}V`F*oIcw!7CCM~ey9Zaa(ohI$FW@rD_b$9mfTmx`+
z4n9i$|6djU%O!9QgAd7Scd|UvfH6?FD?G<0&!-)iUjXIQw@D`PLVa`gf4gv>9*;Jj
zLq4*CzLmhYA>bn?8&@Wr&qSOf2Jqy-T###Q$E+^AQ^
zGMkvgp0q#HImoOYTw5H+7~2du?W3ysC5kirg1=|Dk>;N#@R3<655u})PSFuqM~&YA^pk*nM!VDHJB{bg0(>iU_L3=w
zFv`yb)A)ras>6N60XJy&#|LR`Z|3Sg;$DM~_%CVf=X241B>c9gvL9_FSvi!e%dZ~d
zP2m~l`v*8+BklK2DEGgtU4ML3)s??5nS>+|G9&{G7|EMSXp<0e5G>J(ycZ^95~7ZQ
z+N>YR4@5UAwpqoN?(W#Zb=T-(8(gfhYhi}I%)}PgK?7mCK!cVw6>HOv*3IXmyPvqG
z{eVIYIDrU(*>mnaZ|2P;6SD69kx!C0cka7C&ON{GIp0%iuzz5#nu6k1$8)ct@tF+c!+xBcUNS0hKWvh!`X4Le`AFMf>^s;UD1#Lr
z{1)}fY%a_tv4Z~6&uKM-(<-j#CBlW)?6}vDYqcEL^8w`zn2Yglbibs8UB_2x#k~Hx
zs7td?lEZzytD^regZBp$@XnFm?%^18OO!X@d?MCGJ)Bvo)yr}5kbd#r65EZSFBD`#
z0mq6%x^2*0(D&X{Re3m78R`eRo@#zM9IxqCEtlg!h(253`>BNEr_(sbK(&H=UqSM{
z%O>a?_wv0ftA`TDoGK|%zL!E{zJi!s#5YpShZ=I@IBORTrg)_
z+I9u&f#4mPe}P|pHjLPUc6eUIpO-C@75`1!)g2a_b0lF5dmmGj2Bw7lb6a@4Fuw0@
z)Kw&0r^jKPRL!5dN%_JGg!y(Smh0V{az$!a*aifbwP%J4i(
z4x1D2H*NFRx{Beqlb)mOKUUX-zA5fkl>ZIvd-CI1WZ|2`cJp}LB=u$fniKVW^yMMH
zLEqnBlU+DiAbfuglJjn&?Y;uiBY+PVkRH)ppw~+}RpkZQ(yZfu!}HP`6&2T^7w-tz
zJ{9+~KN=%{x+>4|_L^d8w|%Wi#CM84XwXtjcGaGC8}JRa8+bF<6F{DUe7%+H388z)
z{>AY~S6(lI^(&Sd{79F*FKmSUc5oh!aU6_elDxe};JkiXWi`Zfj4cxD5A;5&rZ=dP
zrBp%vx0bnqUNS2Z&n{w+;(2d>)f4LB_)K&Q{RdF?My3uIwGHKJUs$*);fO5y?XM9g^v9_#NtJyLsKVTF|{xcRd|<*INtv
z)ncLtToZlX^AqOnrFj(RPjBA$Q2ViKV)MS2<~?)`){|*CVBS!x>Ux;oz7IY-b~!@h
zc^vj`H;iYq@*4E-M!xP=oG;T^ZKAq69q1b+tb#g_S#DOSDRmp8F*LV{dhgmgjul)8
zviKpc3nA7X#(B4}BFqt2)}a0Zya0JNo(Z!ht0I@zk;L=X9O!^KJV!iFhHgns+}uKbb(^GwHMLg)#cBp?-Y4J<`ac0PI-+_0L0aW}l%m
z>s`pte&8fqbkL|nd`h?;O$){OKszL#?2vrKNigVNbXGdcfnSxgl0e51Pw-}-{#NQNmV0cci0e-39Q|b3j|3U8_S`fQ$no0Lf`rXXC)TVbqjBfr&bKbW=
z%n4;f2hmc;g6KJqvoqhPezq-`9=(RBz02_49(wPJ1sF@XQM1xI!S9fMP7}{>h7oUE
zYVb*+MrR7%bAYVC^9H(q2x;t5^c#>}gS6WOHirFtGp|Rph3iI(qIT&kdi8KrTvAJ}=u*E85kq!2yA8gv08(b>hC+Yk1U0MUDRoKq4
z{rN1qKlf7`*(&Z5ah)Efb(&?3?TnLt)Q_s&5w;WjmBD=FjhZ|b>Vo#u%Ea3%3x2??~1uw
zDI<-%hA`}Nh}(2-yt79cBlLDNow;lp$LV?4zlhN`zdy6WD~Zq3=<|2rbFRCZMO`di
zXT|$@?DKZCBi_&Cc0>;6&lwe1ZyWmvQ|xcsJoMQJey)!L+u(X!pf;Q5MePTQ!x2~o
zwX87I&-I(1X;>@s9@Y%JatXJ~)$}5+=Q!X8b*1=cF?}avp70|e-@Ee?+Lwz!*FpP7
zj2n3d;;Z4_&g6BMgsxLYI$ht~BZcLlhrl{8G=F3?{
zAaCS{Ym21adk3HO1Ro?k1n*p2OR(Epo1Dnc(GJLP2ig8
zeBl?gW)8z=KHAq8=rap{7uZSdUhb3V=Q{oxj%8qs^>M-a>b8lQY?E}Nm%(Q|!4qU_
z{>CD(DeyV2Pw}rk!EySm%M!yw#m~`)b06{K9Tq)aS=APDISBl!U3SjrKClXHE<9_2
zHOXd8p!rkyT~`8C#m$(#Cq
zI-C5cvrOlzx>z>%O}N39ZztJXo`*aWv8T(_g%k2e&u|O}v{?~f;xeoo>EnOG8j}K7
z`V8fYo~jyq4dgeSlfhh3%f?vmi^(N6e9tMc{ilQL%Hw}>zuNrjX@2#&SDzpH=~G~S
z$EPvBTpj=E|7m`Q=1lMYEIT^K)=r++k-AT{VNH;yFL$G*HZru`sdUoF)fX;OvTWUg?$z-kz~UNf7d3jK`c5$&3w
zJ>p&YQ)|`#rZ_a+9z{CA^&g|Y2h3N`J(}u%vBNz5{8C(>Vzykv98L#&G~i~BA4GgY
zGb_`UrP(TsxEN--(<+DlF^8y_y#sxn?zx4P`F`(^U1qkW6K(CLxcsVN_`biIV;TbQ
zev9T9&Jk-2^ups4UMAZ62%eua_~$TJZI0>ZD&mUqarDLN7ld*+E@IeGC+^%B`IkF#
zV)%6Bj79a-c3uC=p|~N?Q8C_hQ(jY4Pfd)Yx}Ic*GY5H=kP~xw3}JOZui=O?<_{FV
zmY*YZAP32VJo>&VNANS`%~y2$Z+3j_m4(_4%udc9XHuK)*)jf@OT6AU8)@tzAn{jh
zR?0Eo6S;a^Vp9S>SpDqj(GTL&Wx^SA5k8%p?LJt{UWI;t+=;PI{Lb+)ncLW~O|LHm
zx)6Sn>*D+*f?o)%$-G^CYl@BeFWCZ99cwcqfAA;BAJ`Lan>m?~<(U7-@9Ws`0nF`w
zKB2vnHTYbZTR^!Gn1iFhGk>;S#s3j&AI<_|h^naHZv%O`gKhF5_Rtnq;lnt9qVwCi
z&r+MQ9rP7%*bHa4n(_ql`FMv9@El9_3CE|}YB&$;nD^Z1Fb|H1e2VU0yj-DgwclRZdr=Z;x18&p5P`Lp8l-^5yoJ;AkDmM~v6{X2Ls
z+>Lb%GFRZ-%G3|wd-{BF4x-J+w5Ip&&s^bEu|4inmdOUcZ`1rUD)^dY!TuTL%f$Xm
z)f~bX(AVxcz5eA))RS2_agBaTYox&EpCN7`od4;csfqZKV_8>^kINouTr02`ZIzj(
zWoo3L#Fhzvx4npQHCX}2PERNLBBZD<;vw#f_%7Yg?aJbqQUQVghCawMRq}C9@cVUS
z|6~dNi*2x<^n`vkQa`oO&d0G5{ul92S<{oxSvo#2%r(VyJKE{8?c0l8h=GVa!=G9s
zFp&u}Lg<@EVEzvWLTq{GEK8}X*Q>>`>z8s!b@lmB0#f7C&+|CQALhAH|l&qz+cSq9xw
zGCxs?aeI>a$;u2~hqY8=l8s}SUp&Fh6f4*VpWRRU
zkA0={`p~6Xh%M<3u^Q-;VnZZ5$9jv;cPIh=T}}5*)p7St9RCk=k7ww7H^F231*P~
zG?p&vdL4Qi^n+%aKRmOhEa|k)E|DEDFBe+}_O@Na^>bie-;FZni-fmvfBX_2cVA07
zM^`$=CM?mqq)dA;lMcGz{l&}{Xr0w)AAmLfGwBCje8=oeyDSMzg7*mvs3je-F|z`)
zWVV;*l-S#;*5F6#B~a=syi(x!s5tSOjzH#=i$8TTwav&C+c}
zvi^6utq9hk8}=1svFbzYc%Jt+!>$}NZQ{9O*v{5tbGhj|m^-um8?vh&{-3n|Q`+SC
zYi^8t1>1Nz#{Eboz7&V77=1cTQgx`l*Ax7J_RNuH$Z<))-^Bay4X9(z|GH~C{9sH#
z8sP`E_IQGSPkH>OO-Bm(dw0oBH|7aS)jS`_=pTf!grn&R=z
z;`AU^sB8s2$as#@=^Py*IchZt9Ul8j=eexEE^0c=$Jv<=HkAotc8MpO=+&oHtf?>a_O+(%#P$r4r@o4-~x52(y$DUe5{h
ziB{tpL!Z*f^-li{kn}Bu6ZHsFUH-8eQw74;cy!Bj^4mAot8$QFXcY8QsTj-
zA+x1M%}tP>)#PIxm(W+mIA3Ik4fSs%)ISH`#P24`-kbIKPYLZk?`ST(|0Ck%`Z)H2
z&VY5w`8_mK-qZVkllp%WzMJD1RJDZtLmK%7&Zoc>`}}lALk(~%0u|R!XB9rZwUAR@`q$Rg`I%&M{#Z)4ET8h
zU-0YqzbwWVc`jIEtLt_j_juf{2
zc4Md9>*;hqwTkPsj4gqm>VV^yp5Sr4{&NKPAhSF4kDg$N;`9!|v$5ZJf-ey^Ko|U<
z@lQD4%m8BKcwh7cZ==t4M1&rUeTRVW7Lbo%D?IPm=?VS~=@^?MlkN4yxpMs{BJ^9V
z-xw*lQ)YvE>}KZB9PHNa8H5Y3*E!VdIpkUXeT{`}aAJMKk=H=KCfv5uS1?DMfs9|I
zVLlJ)y7E=(haI{yz4x0q-iN@bpKJ`b&=^{-U@V0gLt;EZ;&}M{uL%FZ)#4j5emzpK
zpJU2rGk>MHKYftrTp90AEA;r!%djU@UmAXgP)9PuzG1#I#%wf!?CsI(t>
zOi$?ZI_h)BW#J!gp?SISULWm@m5W`oO{(HLju*-Gq?Fl
zU@XI6ONFZ}rfzixtYbOoQEw2BkuM8h`()$Er16Z8Q+{shnKd`@+{TD4F5mX}Dh+Yx
zF&+f{U4I9o2H9@ddX1#g4=&LRG__sHBZpi>G+)|_${(?wp^N|{>7!_^;wPfO{8Es
zr){*$d2LY8+moJuUf=XoRrLH59iP5E?V1u`0Nn*Hh)XG_J=Pf
z<`XR8^+g#g>+S+R*Y(eyU<27A?a;O>%2#Ux9bj)%5ntSTG3I{_(K|x)j{1u+|Ea(o
z6W`B6IRmof1L7Nwi=r+~7k%GH-?tjR&$v9ESfABB1%Dg(Qs8Gzhrj6fwdQCXV>9AM
zhDVOY{ztpXM`QdxjdAOjVjUv|uSEG1@EVR`n2b+ZNrskxd38SZtX}^I+S;e!Q>oPF
z&=}CHVaym;-1V<99Ka6BY4|Lk54>rAXv#d!4BN;brUioNuN%d&lsc
z#rPlM^I;v?zTOxQtRnfiVJtZhgzp3rdEj=UtNgJTfBQD(N{kFvqV0>WasPtxr7n8>>vuttGeqJQi=ZcjzuKcc?P@VV4JSoxF4
z>LG7?j6aW^KT^1p-edHuT4-+v&Wk!JwW#C%q|w!!Cleko>C@#M{7nrfwd;rE)th#k5zovchQW8{$Uc^ENskuTuTq4d(@Y)pM+a
zMo{ckPUrA{U;yl<<3!(O=VSX_4*g8FpXg(~iFn%hXbe*w@3-^FmplZ|6Yq=rsm^oX
zXmUC97PZkvV{+(Svgz94**37PaE(NM(M}cbZDtVeKi=Eidq3%aqap??ME5qG)Nk!*
zOqTV*nkPHQb7;@=N2e#tTBqWFVWHn8^1n>3PuuA&&BTz8*H>^nI2Rl1vNI|r+%a|
zm(^7wzj=oAq~3Ee8lOuvzVBS}xo)9%wVg|D+f3^JIVb$PM*2g&Cl}_n?Xbwz1O8-R
zwsLU|>J&E+Mv8n+ob6T~Hd;FyMeTYfgCUly-lrOE3>O|a1V
zRe=!b>(=$2Ko;;9Gw6ArQ2iVez6aW7P}?qO>&BWw(AGF{y;#pSQ0UdcZ4$gIhbCU~foNQ%w@Nu1lhE(G$;mE!nIY!;{M)
zEBbnXzts`V4W3DUUT@Ov-!rIleM7bW$`jm0`E*@p^z})eXFD^v(5;fsQc}wbAB@U`8h>#N8j=TP4qBP}pbtK8ho25;gLlO!zuVRe`OTy~U-LfU2_Dn$
z|4&bTZy0y~^BLAU7r8S3L)*1SM_HcvcbFM-MFt6)wXDocqD^K(9FS_xF5>qkgOdc%
zv{g@f+Crcl7lGBB*7oFVO&hG;TD&anx?OwPYKG1v*wQ-IT&N{nT(v0RrC2Xrr~yJ(
z!lkG{X;s+g_q@+H^UW=Z?e1Th%zWQ_dEWPZ-sk#zfU}{`moLWnmqb%Lp2gX;b)AiM
zO{-s(%fIvR(bW8M^)pHOfxYc)4qkYHtYN9FVdGKA(-U7m;IF`*)+J}@cj7ZtN5`*E
zxt`jOx?2#NGJ?K1uiojaFJj!zlM(!ODd$|%_XV>Jj$c)u>O*V=u*3`1@)+KmlpHVe
z9U3?%-FoLQ&>f`R0(qbMyG)UedublxdwSP<8{0d8AYNE?J=c2efymu#UbojM$o}yMpEY9U-H!RbuT6q+g$VhuNi?
zrKSpSf}ZbR!1b#ii`#Vu_&M+l;t3g>o%s74xv$jQS{E;;b@8Y++7sJpA9OuYrMmkO
zlNC~JeO@&@IFIY)Elt+T13zlf`B-7!z;%t#YyFoj<9gQgY{F2(Pj(1aPY2^Dc>4>v
zZj84NcV?j~qValZj0TU*)
z2YromiN@1C2N!G{?Cdoy|NsAJeQ2WbK{@rmKje>}DVCVK5~-=}0S<$cW7kG-Z}9mj
z@bOu}xws}{fALvz^Y0_wY8`!E$N8w`sxn^4`II8Jk$$-E9AduJNQmZJu6)p8>F-b2
zM_{$*;yx?mPFK*3I)7|zaNcHMoq)YrsKR{aoXIm+VZ2A*uUG46U26J8?vJHv>jX*v
z@%W+NdX(dO?>FW50!KaWhSn!Ld*2fKRNvwJbRG|%tmE*+?29@kVE#a>@TbYdpDuKr
zjQGCVM**vU3Z0)W`feqCX1pA=FrKnU`heqZvq$T1LO?=dR$~!ls!2%#DrIe$02~O3r=s(zCcL4Asn-vorYI2bt$N
z`18X4^|t@lGxk4fW&ytjn0fxb4#7I=fUTRy80bU)A^MB^$3^!Kaxzq_*#8ge_$Kg?
zZ+^IRZ=uX_uH4_4o1SA6kG(cyj)CMH12RYbTxFg)UY0S(OaI0>Vjape=4Sa{<{e1Q
z?FO3LU!$L%9nP;`ln8%^f9ZBQ!&Nkv61_KiK>K7&{(z3j56ZY=)FzFW*5wG>>96}x
zpC5~#!+wBRurG*B{mx`cqZPX#Y6U!TsRMT*dZ^;{WW3W
zR*sy%j&$JaICLT{Lz4dE3>xpk4?}I$Qd_JO(SC9zV{Ns~@sBh|wC5xl?E=!tpf@a^
z-PHu0fnzJxnlS7P(1&!a<)aHAx6(U_c@`!u=|jMnfb4JCs}KuXCvl?ab6R3)*lw?w
zcG3tV_w?-c&fXfaPZj>R6+e3<@@Kvev*)xY>08RC?Y{_ZxBqTz-NKk)d_>3ZCKjJq
zD)ISN{mvq4!++*LQ}i0sKptJkr>~8fz~BV#r0ZJxdvG;ut9l;mvhDwt|MN}k^%~jh
zHHnMt_)hY!Bh&sT?{0Zh=ej2K587)_*z?WQBHHga7!T4~mhvW!A`#|jdrF-EgmAFeeD?2zh$HRFOCnD2nAGvMq8?v8)gWsaxi_f?HZtdqfk>{e$
zsO-&SvNuV8q&6)&2I;r<3_4yxbWCe+YF*f>8)Df7@SUTqDtu{<^OX8M6uv0ed7JAE
zm)hEM%m!~w{cqVbu&?p|`S*1#$U3&&>Ul(x`?$uok7pU%lKXgF);``T_v_i$hbkJ9
zc;NH7jjN>%)TKr{b42g3=vl>a@YS*VNblD62tQ*k6$6XOc>~*WP;Uy~0i!kGFwJtv
zjRlKY|Ma;R^Yi$Ax-yPeF%Adx`Oye+LEgTvvv;G|DOzcK(Jv31xO?UfnoS#3DWCr;
z&iOkUDN~Qu!;TNVzd>RrD_=+MkewdXw{x-a(irr(N9ghPYZJ2>v`jSq>9z6iCo6^t
zHQ=M4?`HdfOLhMl=cy^{JZ9fpH_O;-UdwfF@%=PX!nOh2S9kM$Rm%6(8uLC^O*mzz
zd#>T>za-^}IPar^W#-?>eP!|Ut7yNKL4VWdFFsZFk3M5-Gx-0p$Q>VQ{_pz=@%>MB
zH)&f@Q^I=YKR?LDhiim^8c$79ATBm$=fp;agqWjeh
zKMU`{yUj_AYj#lNho%hq;XdRL@>S)1)d`$motq5j=XhSOo$hk}N3ct_qkztorFSF^hvo=W27kO}Rw
zquv*%r7e~NRe)==K|~r=V%&q&_CO4xwJGv5otw
z;C{9+7T5mxHi;AEc@jO`>>u#+yFas?S8J}5*+#7WBo+<$-LgudQEGlaN_!vp8K3M1
zrcx#6Zkb`=@6W?J5Fehx>+ngwE9bb)dQaKq^;65PsQ>PO*}OT{**iseXxVR&lO%mk
z^>LrT5o+Yxdj6RBBYLpznR?q-#9#9AD`=g<#CBaG>pJ(9Y@eoX!$)H8@cwT
zrjZ^8_ph!@_MaJB_9rX;@8#6K(*2q}*jvEwg#F6$D`d9k%4qM9w724A$ocA2T1*P^
z-_%UwB8dUYjG=o~-mQ8$n-+|1Q1*Po!apzFd-eI5BdK^&ea5bNU#|(Df0a7_5jt1)
zw({Elr0-2HeYCri<=>aa=fA}^-aDCnQ|I&QaNm`&cwfqO7iRL`<~;m&G|7L@owf7d
z?0e`d(qH05&3`X(q{*l8X3}@`J<9juDf_*+jOdO#?_)OIqnvq6XOC5%rHIe?ZS>n}
z*1s*^S#q5U7?1K)`q;kIvzGmj*}Bar*NdLd-ygJn|CZ&`%Avn~oyKVhuC^h#+66Kf
zOBVzGeqUnFV|!9MR`*|0cl&d;{z#uZ^>hw@Tbn%NWZ5%le2(cc6u0P6!Tz`==80b6
ziBp*;YS~oVE1G)dxEsI^P2z{9#SeFhJ#(U3|v$aR!Crfv0`@!u=
zf3$sn=rQ!rx*)D>BXW5KOL8*ozj^lmfV7?1rE8;P;t}B;cg8!9$vb!LLcMI%yqX_}
zZZuhSpT->F3!N-9v-VfxW1YS4iJu|7OV`-EkT_Wwayf8j*&6)p3
z@3l=pzHL{R4Roma1Bl-*A|BhN9vQGO7PIt!8Pk^Mhbr3jeaCe`ftl-I+~g&F?d+cn
z)4n{&{B;WPSJWSj7Tjpu?Yc6opSg@{v0hZRyCL?crF*9dpGCbmPuVKNPKzra|ewL1v|_KXsACA4f*@=e=3~`+tb9(d5qxFmWNse%j%y{lYK;z#-NoLdJ@353__FBP
z?XdfoHD{fzYh`_QKRYq`uG=2}`fO%=<2z|G!wIpuw?B)#f?T<+W7}8ip3U~}S~mY|
zzhXfAih%@lZ`==lx(mA4ucTv8(*0;fjBocdq2calQgY3lGwJ?DZ;tWu{GXXv{8gz9
zzX@_@8@2D$@lrGgGhWR1|B|>zVoF?M7o948gcr|ZJb~DHRnr%BFJhUaTQ&Euv7Mi8
zI{zN{;+@sTt=iumqwo5@khI?fVyp)^O(SI|Mf(RMkb^zyC$!!##NlJ(+${PF8=%j<
zhtDEn#Hv&v4s24V?ftKlj*S?mDX!%vaw_fd0XuE+0wr=LwJq?E$#XFzzU)Q+HB>Rz
zHXqmm^%*+BJhVcdtEA@wboN_BmiRd13g6ZZd~}aj+fUW7&+CKyc=GFE;0#}8@dJ`G
zJ|q6YeNWqXoozhdmwvW9t+8vZdOiiV@gs)fjoqESw+K%8`lq2kgI677*~GHTH44TJ
z=(HGhJ!p+({Z4t3>)|&Z9v_o0Cw^G@)A{|k_8bYs%KU%C$<#_c`t>_<*~6BzK30-u
z536T+p_uitRi@<^eueZh@XDI=W5=RgB>j1Jj2(+Ind1$|j-MHnc)eG*r^lm=b;XiECwYXnYZHHH?
zSu|c<>jU@qhmt>Bvkh^TM+cz~RjFWKIrIKy{f@E~W;tRhUJWMWK4(ar{@JZV6~4g(
zP3>wi#}u^Fdn;A2|0db1u+`XgHT!z#T)PtupGw1XJ7yxsuI;mu|Fl)xo33YDY`|8N
zCBQXV0%M%3BCg|-{f@5V(wMB{vR~wenyvbNf?a9lr&BpyH_KQ`x56K+>6R=0>V3i7
z92rXOcjSOr@yibS?m5~&MT|>*Bw}Hf4@v)}m_-`J9>1^WZZk9lT`m1lXP!B1nf*UN_9hxH$p{q^t`opUff2j2QurH?ze+nc%>3IjynW#
znRP1IU8kD6xkfh0QJ>;-ALworTMhiV^VF&h+K(3?Ik35BT0;Bi8^k`d;#aV*1mZ!W
znbe#;mAq$(uUu%mt8bUwn9#5EU5vG~-|Q;G(rq8}lH)Uvjy|QTl{o+z2`9TEqA!dj3{roWlB+
zD(~rhF=!34=B{7rGfB_)>o_#MCsxbvBb#9#q_KE>Voz-5_Oy>>fjPD8`lL;9KyTy)5BZI)V=uiv0C(SizEDIAl
zw+s0|O*9rijm0OjtmVr;5;=Je_TOe+?{6XZo^+5dIyd?J@Eha~Y8!;Ec_K2AI*eoH
zzYIo`V*Xamy|0gM5CH&x%)V9m_kQ|y%*8P%xoY5;V8{!o&Eyg6
z0_e)Ea$fHiJd*BylB?YRY;ly`V)>|?96!@wAeQ1nssEG<=iqh0KAhX9?K06E
z`6WJgjRE@<;%$J-Sfs8qykbM}^SJQLECc^fOXiQRviT;({wICyd=h&OzR46$2mF#h
zWj#cAUV~hiT-a!B=H0
z&-@}c4OTG?nqxKYCIc81dL0)tJxb|r&%|#@oy}tr@NeYIm%Xd`aV4C5E15j6hPx_@2nZ
zp(nI_yosJmsD=HWvRh1G!Je_?-zTiv8yeHcEp!}S-`P7|@|cb##=@P;Q~x$2FMnt0-qJCA>_3wB7d@_hE4{XOMf7FaY^R9Nuu3(>8yV-^?6-VanQh)H
zZJz!4P{s3tbK>wUV?1N{l6Qx^jhXcw@qH=jASEZ;7C6+J1>o&P91~w1bF8lnNB^Ue
z<1-vBZ3{eX`_Q$5Qv5A@Znw%f+JCNNwcFF;TdTXH)4lBLf$t31Q}DezWsD^>mQt>N
zP|dPxjr3ieyfd1!cv!Ra_rJ7VeRNdinSXCGfrJkUFk(Dw&7Dbvgb6aSShHP)dovj`
zfha*n%=U;(0%uRQ(j~1Q#D#%Lpqf>LD2S<6m(_7`z}Ali%h|)Cu5RV1drC`C
zVzDYlo7n6gOZIu5_qj87CX*1`-9P5c%)Re@@B8_@&-YI}XV9>eeG_Te{bUQPBl|b|
z6s6hF|7R)tKR=spLm$o7do{nW>shqRrH|*7_+B^K+)GU3liA)Y`T2%tv$ywq)ZXm&
z`dZFqV0|`auOF?Q7JkpUXV3)|)%?Zp_G
z0g!7ZEkK;pr8@f8pglAV$M9B_@LYY;-wyc065Yv|PuR{L;Pue9i*b2|T{no>zDbM|
ziA{qxjz2Kgoc42rH$4yc-qPQH)F1nV<=0ZUhjkI1J$a`t3Z>5N9oCgt_*s;BpX0m=
z{XavyGy3;69n51LA?lCL^ZmE^et>kidg3nF%h=BbQ9|cifNUAabIjNL@H-R7v5jyX
zOJME0M(y+JQTlA)>(xUWTF7U>;G3j9=317)E9id4*eC5W9}>Ui5iYXJ^mDHJq5UJr
z@h3cvr}oQnyf$MT+j$&c-k%!B+j*S!@5gvGwGU%zRgjG*K%dHBePZ792^sXSg~r#}MYXko;b
z{PlS7-r{5BKZ=aczJxewS1Z9j(%tVa@i-K<7xQ^Eh?^)+OtGR4Xe{S68Tdbu^n6LJ
zuupc7pN3qI>p1VzKp1J8BZ%=XNZ;qN{^jT`nrF^M>@)ZrK0`WbSpOQ^H`>^5x;re_
zGOp7qlTD_d=dLY`=Z&Pd7sC_S$-I9}IAx#li6ud7=Sj-#>mXWO!14m=|GAHa@XWiJ
z`_;QPiSN6H+k0*w;)x-hbin#Q<9cF*ed9c=XPF0i2kRCS`_LZJTU#$G=uEsjiHCGv
zH_C41vYq=-pLk_Lq4G8=e>Lg%rQHWHsnW2hKt3Qo1KME5?bh~59WL%At4-DsmKeSjgpF3mXVdL`ub!~$%QeO#XDrYPivL0kvp1P{si5+AM9lU%eAgL%
z*OZ=2+}MwkcBc2a%(+ksH}*8Q{Ulr~@OGxv`39GNF@$wiWUcd8TxJ*5`6<wvRwUIM?d4Ep)Bh))i;
z!pB(KX#4wx(f<(Ih#V%{pTlJPyEAF~dyLDU3d+5U?fxmZ`#4|2y%l5IL;|mgA4GnC
zVe=s67AlnWY%%&D9KY=?GrwUYJe!xqrDzJz6u#ts^aAf?;7Uvu+NYtF8u<-}?$LVIP
zguULDcT}^jw|Nv1sz>Y(#Cqts7x5lkaf>scg;oYM#23rz|FAbD-}uP?qCJ=^_G-Fi
zwWd!ffp44El!xCXn*BZW2hg=@i%V;s=+Zi_tMP34(`xb&sJ2vVrAi0T-@ris)8C5z
z68Lh&h&w8&GC?|cAe@uB^r{LD2PP?Yi9uG(8$kV**kV#v^4wYp7H5VE`jq2
z^(K>mUL`RHG5;m|EO$XYLkA?b2+-#~$uBvGf5Ejf#Jo?-9&B5A1Z0dsIp^(>b`j{4
z`eNK?HqQp3_Ir`mGWG;wtcM=gv=x~1HzR)ayQcV6d>&(^zeQ`KBDppS=)7A@=ZNA|
zHN+flS}rkh1<2V~@_xgyJ|*fI>qFvV_vGr@ZLl{jqdaec=P$X)^R@7NKH7{k@Obm#
z+0mZ)E#%B!9?M*&-T)a`M~3
zeqLcJ3%}!~rn03O^{S?_so%Rl%_n+5_
zm_PO^^E?etUYv%uX3$X5f5LNbFMlem{hOo{xPF@RY(P(Rtr=)d$z{4H2k1@7W!3bJ
z*E`;=@wkBAxF$4fw%eLKHlRz%t5bj}IN0l-^j5aUPyICdts$89HOd4DlnynP?8Q1ZgG+)Oyh+gSG
zg1>PbfQRhGb8@0MZNq+T=J%;$8PTOOQJSPnm@5g#2mQ7sAFD^;+91dZ>LVlVbHVn@
zq>kcEpaH;}MLIcWKo49a{m5fd|BLuP$A(u8;C;L{g>okqM0@|$AG?QhELU_(JSU^A
z=DD~9?Q!?ZJpldr6!qwtc&D&NqR038WB+a7|2~d>=yk!K$22W;sYtdX2l|M5<{+H;
z7I+W#17wtbSVLi4GgCR|2=I6A3Bvb9wmK?sF4^A$^H&tX+^Lk`QV(nGH-yiDEZPt2
zIoEo^H3V{~Q0_=znS2F(-)%w6QHA4MX#K5AnB;=8$0bHB$ZP{If~*R%uR1|U{G@5f
zLn7vUgAZvo<*KYO`|se|YS3!X1~4@XzWOEJBW?@uw{I`U*adrVGMzK_pitHY+r(1D
zW2^5epfv!rxLCb(ME=e_u;*SqSO~NY)|MUh9?+hs6?0nvPkHd0EWNjb>K
zwSYJg|G@rTt-GXuYo>1j>HqopdMI_{1?y72H_iG?
zr|(9qGjL<)%l??3@ero)J3`m`D7Rqf1|Ruf7eJjTQ-u!t^gLL%XtzVUnhk&Io8(y_
z{(on7`zWkM9QUXkbDO(7&!*3?=!6YKI6;VmYPm+oSOpu!KWbm$`-{!?f4FZxA1;Ia
z9Vc7mHM%+85_JcNFZ-l{|Grb=Rhi2m4$-&y{@F*RKSgH$XJz%99^F1%CYg!FQ8l2Y#XicvAcIW7(G*A2sKPUKW*WwK6yp&TKh$`i*F(8@XPq
zt3$chXtQXI7DgpzN_92*Rk!T)$DAye3_U`0=4|LzK{35%e?&p&Na{b*M00*6V?4&n
zFWvn}_Vy!xy%Rp;>BFTNeefLf$M$oqan=8G``_;}_4l9EcK^yByMpz#$G1y={&L{y5NE0~?||-v
zx~IcDmx;+qj2$1_$-B2pJtfH8eXvGs^{gwLK=NZjR3v~tvz}<}cETS#t5~bum`jO#
z!oRX(S;CboI^mDa<+9p#!bd-gI>i9Xo4+yae{fH+>Qo1geJbV>;~7`W{9io&Ll4W`
zAhx_7is3>Zs!2@ud>DsoS*xKgv+)&w>>Acf9)o8B!^HzroB>^dPpE)wpkya0w3KTo
z!(sW^Tz(gnzZ=S%*MT|y^D1u3+J~k6&i+-Cr`y011sQGq@T#*@Fvq_7tPSVrCzQ|l
zPMUieC$%Ij=iQ}sBy$Fx7~yL%ncri1SYmHso@?~8Gy0twzb^Yzk?jAMyatYKd!uMG+?KtM3!#tM&i>!=a}C?Z7kk;78UM9ybpIrv$8ZK$MwkY>=jQ2p
zfyGAn_6C-oVyV*+d&t83-+cad9J1A+9KVs}YNX%l9w}q=5dF{wO5m9p$$ap@Dz({wXEY!<7$h
zFC_W%cL$~HxtL|o(`mBjGo4cQd=T*_fOZTQpP})YCeFBX;9Z?U`U0YSv<74wl>HI^
zLgY(19nRZ9^i#pyj?*ds`+4S1KPNfSqwI-dOkAbm|J^CiBGfO0?m42P%z5Obz2^JI
zeiMsqcpZ6sWtq=C8RRjgP|7%H2Pp8W?)H0|>fm>8fwk1#{+;GJDBCL(Si2URyGp_H
zR{GSzT#?UB{4sy5fNf+iKY;z6nn1nK6x0jB92w=Xy|9L&mtu~g*WvtR-n#Pv8RKur
z+vr#11o<`}Wc)(ZU(r1O0p<~NkbhQ-HuEaw)hOb0-o-KaH4h~5G6{zrZ80^h11W=h
zM%<+0Y<15hUMzk6AdNvD@-mJ+AGlxEmrr`tk!x)pueCRz9Lyi(qzv7lk}uNV4KM05
zaG654s^s$svLWW+Jv)UlJjUWbv*B^VzC?Ra1omY_Q%1+YBL46GZ1L}3z#96p7X956
z>ukM>@<`)vJHtMoFj)SW1nN=@k}`6u29ZEJx~
zD|}Sr`D>k8UsU+ti1{<2{?X#}DgWQr6n`)E
z>t|pbZHXeU{EhMIh2E90uJuEOgmJdWE($AW_YALk2V>Xsv)p?U?g@B)i1Ed`y*EUI
zVwJsrxj!lti5Yf;X@1+*(Q#-<{@a?u&k|k(gA{0!$Vu~qGUHi&!Dq!4TO|h7Sol*z
zTe6>TMqWzc9UY%+4#(yuwivefZ;nq^ki;kZgz^~F96j=cKh|O7|Al*h1RgNk+Demu
zJJR!CbP6ZzZ718do#fA3K)D#o!^$$XMo^scQ!V@J6S*LRq0
zBH72MsAKf`{k72g%;j%KeJqcWk+bS;T<6JnmAS!5(bV3A*P<-rG&jJ9tev;@%PbzVru}{TKTDY~a3x11X=MHgC%3
z=a0Ouwg%7_TKfE$^%a@^K9BP`>kXLwePlfNRTpjJTvHpDB-?1}jDmQE1zX68{a$yu1ndua9dhhgS`L6S*YC54<#|ZPVEC)hK7+
z8q4ST`=Cy~TicZGvxdI^e~rJ|8(i->e`@WvnASxNuZ!dU@%yX&{ucSnE`N4^wdCFe
zx^OxBtVti;CDHhHf9y~9$mhL&!yi+GPn6WZ0PpK{@g6f
zP4Od*ar8j@Kk|8{ui%O{d9Q!tDYNB9;Juru7Z&d@7R4&nojVveh?
zkv1X^3-vGL`n#b18ZL7=@!sh<6xQA
zLmcwQN>|By`#0bjK>k_-$g8FE0}kZffNw)zEeGvK!@sKLX6`>e?=|BLI-q=W8h+$>
zS(_{<~?G3oz!>4i#`N1CLmDNPCTW(f3qOJMgn5c}HEM{|*)N+~tv6@xfuy
zTdjsBy0ou{7s3Az4_|5dur?sxI{cSD+xb^K+l9}HrNH;v!-3&dYR6Za$3E*859xS;
z&ku;|Qu}o^9z09YPwXuveZ91bX;GZhI$lRG24SVuSCfiCnx8=1X`9#)wpiNnJE4i^
z!-XfG)Y
z)f9SLbdWu%p8Z@;<9$ePFn5Y0*uJ6!<>g+KkEc;SEV#DY?m^kJiuXVIT>g8#eD;d_
z(C4y6FXX+nm+Q3Lhd%muMm`+gJlF_*p?rG6=9d1T&qF(}f_5%V;Z7A7&-|TaCJ7%xz);f)GLs3)kbn~wB_74xn+(h(86hGlE`%gBLO_)8X{t~Y
zv^5}VPSwhGwa(B9lx=q%>m;ySbz$qCbys_iF0SS5w%e%D1xzuk!BPukpWpjFckaED
znaOaryMN@|$^Cdgp7(j5ulM<&?>mw_SNVA-J^x9({@8Sta4zOOT+jJkOH8?LN;1rk
zGx8gmAEzarA7={pJ^lfMx7C?=+Y?M12X+|wab)eyS#jDok74}g4r^{4vpx^I+++dc
zrwA{K2`^qE9Gap2Gx54s!vE`#!^_m>bZ&E-sm%?;!^ZiF;B^hI!g#!6b*N~EO1R*$
z;KB>T4I=k8aA9wqY}2^|xZtti!qY@6TxF`(PI$&X);$xv$F#9tRnuusc#Nh^5_6b%
zu!Znul6`}U^Ndo4(VN>1TM5PkUQRS=@OY~#&g=s?-=H-h{@#xqIeNRZZFAJw#9K0%
z&t}tn?&SH@Z67(Gbv&O=g144aEan57JmwP~bDL=%FGb26e8{%j&r$;s9uaf(9X+?m
zu-6Px-)cVNMXFefw|E}Ko2{`HVV=kM&EWf^O4~O|3ZOuGC9?nChlJm#H@73rnLZm
z9t-U{^eW?K=lzn8!ER31Xn^bD1USwU?HuNIR^1Q%F8x~Gs?VR^y<%QSllejqXd6@P
z({%aXlF_G=_oc6&igOau(L_vxo^KT}LEbidLf*C#5f?V>|E8!3pbV+3gKys^=dkfU
ztNpM=arS&e*mn9jr=yc|I@)5k0=o*^PU<|3HIdy%G@L<%SY8n44UMR0ZSt>gRGd-c
z{Bc&KRn)0IbA&K7Hd=lSvHv$_w*LXI7U6Gly?{|v*uk!cKcq_6XsUgph<$QRtVQ`r
zH{utc6nSc9cRxXJDOC1!qYl?B$DH_H`VQ@-Aj?y`h3tKl0sjeK9XgLwIV;9f}wU!ANi9-7qt
z$N2EZy43tLOXRhf)4db>(L`J3@fbSSfws&^pe<)Dv}F&EXVp4MTl5^*lD^CmIfO=|
zFS-#uA>Ti>*4USKaU1Wg)#;1OSp@ph!eczTR?-*H6`fZb^o4UA
zC800vYcr!SU*j>B~W;P4C>J(-&FS9`xld
zhC%Ee(3j8rwUe#>&swtEbG683Dy4WGc{eeoFepYz;&=xh{JTw<*?MpsENokuOiEt
z7w#|PI%jl^;(v4fwHBhKuroT9Am=M7O_8r87{N2yevsNP<@SRK?FSRu4@RiZ*p(tS
z>dX<;lcsUT3T3=c55{9F@M(pnu}Yb4D(cY#wX7kg7m)}
ztL`U)v5Fi{ma~RZdUvt{QUFMk(uW2Y0Sm+?Xl-Bc1wQJMEt}R@sKw}XrW#bB
zU*$~i&Nm6)>V7?+(FD_Zx|VajiH@C4O2>{iNji3NczVB$_{M*d-r?Z6j=KNZmb0zN
zEMMFT9~Y4?3Amn`^slvzDrWBcxw-#46)xaeVA
z6m>#+Bp#;LD@Nj++5R%%M;)WSJFLD)?_L~cdv|8F8_e?2ipI?Iql_2!h0pyH>|gj*
zTj=9vlHqS9*(E%sT{~XTw-A2w`OAJ9r>E;G`TVcpHFt?^K$HIU&LMo4wTG#t9g8nhd2K{4wH`DteVXMjAjhxQ?;p`wFxE|W&$V+20l$XYEzrS8>$V*<6ywsu7|J9I}RN;e|
zOkTQ<@%x$8spX|G?UyT*V;}1}+gP?I!1nzd%l6Awv+bMoSOG(&$OqpCb3S?D|F5zA
zYqj)UNCj^j!}~(LmMR(v_6&%gfv7hiU9zdv1-9AC~cKJ8nT9$)^F
z*SmRDYJ8cJ24BYM_Rm$B;mZ;p_t47p__Ceh{q{;LzSQ#fv6WVQS;+UFUuodWqufU4
zN?Eg@q^wbUX!zlCIz57{q>rb0Wo9)RO8EVGD~%cra~Ut4D=)v^K~nqIpQo>%Gu~AD
zpu}8nY`$K@@U-850X5P*5%~G-?bWIu?`^6cYu~HYagGIt;M1N6>a_@eaO(f-qCT%j
z*i!Q2b%h{%*9!mT2QM|8NM3vBjEHB19yOowu7Kt+iM|u<<+>_uvcKL`bzsc)?UQ#C
z&QgC}T`xoipWbEh=djIFX}lF`(GfL}W%nV*5xLLQ@Wm?iJmG0)*Mi9Tr|Tox1-GkS
zds8f{piZr`YcajOQ;F@h`Z&)5&hqGeuPWO51GR;3I=igzyQp8Aoluv3cE$Vk0r9>*
z{=&OW{=GDoW|GMSjGYxu`W;35O0%Mo%%G~+C*X6U{=jl+n_Rq!^`8|Z{d9%>Z$+l{
zy@vhB;{zFPg2;{Vc|0~Cm;N6lT7cL#obe4Frg`?g=&a272=W8R=@r9QI%b>KCtzNg
zQ-$0JB8LuSH2ryQU7u?6_Qmg?C0LAX|AmP3kH>q()K)*>4PWU{k*!G$=Pnd@NMnsT
z>>v7ZMvS}-XdCTh(RZjjhq0l3+(SH-Cho~P)?45=Dt)MX#*uD#jQzeR%6wc-&SmS|
z-P=)}japCH!Y8Hw*fLS`E+pf7D-lEFZC{~GXhU7;LaI6VC`dihe1jmBY9JU$@@k$x&_PZHh8CjC(PCFzG-ng891
zn7G$_hNt(rCMu^FBJWq3V^BjrpEE1@{Eyzr6?ix+6dvVMP3^%=DOjShB@IpSIa2@9J}}Qx~e^nBCW>m(PllT
zR?l&OW&qB$3}?jcY3dxuaqY?83%@nYGs^QkNzX&lC;w&al@{fLSK8=W(Hn(aPS+i7N<1_#;)glL`s4|xbt&yI8WB+i&
z5UqRUa_Y$?&>#ytz4m$g|hNA-%*bD
z0N%VQ;~P}?dvorTNWM}RgD*o=j~kIXRkTnUJW{Tdk>2Nx;fi-`1=*GKn_yYS`dV4E
znSaxj^f<3L{~m*L)b~m%+u1MRiig?$v($S2lqxR6GXJH?;}4MU=`NETOSEmUj^XmR
z440h={Uz3i`r_Lx|1V8lALk;{K@EiWo0Ur0`JnlDcm*d9stODeZa*1!gK>cZW<2KH0kSa3jR-Hjq-f6X`Wg3NrZde3~Kb;JwwR
z9F(4DI(=pxpG`lr#8f{qjl7w3{!4)ST{O=2z*U0&Is=_uBvTR{cYXgwqSIdD`*k8e
zWS+>kVdRID|GQ%{4#~@SStW2%ml+BfzvvoGhCe448}tqIqj(4M!?yQBuSDNPN7@6B
zbF)Rxy*h#4`ZydT;-M~YJU+w;fe+X^#JWrrys$p9QCSn}qHnU5CgOKRp?yjva9DMJ
z*(7ovLS7Q_JG2JhWuNW*#mVK@^S8;ka_e%
zm;A^p_C}7P47nU5?|%+EpsD@+x23Mn3;Vj{y&iQEwPR~7uGH5T_BFJZMg6!5m)|FR
zohZ&qoVuSq>Eq6bOXdn1@)`FDcl!kHKEQOafX2`-d|J}ei=_HraP<0Vu)R&7`5;dE
zv`ZE_l5HX_x4(=z2fV9f1t*&SFGSRPSU*}us_sj^^=tI$tZwEA`qBvXFvm`wx_y~Fo`?QaJi+sYj
z==3XQ8<r>JcR?;tG@>Psg!YLXu^p=Q*_b_Dk8IFik|
z_-HQo^IW3UI7dhipO4rE^k}uYp6=<4YP_Y|pXJro_{wy?;&Ol1N2EM2V+vu*i@r7O
zpwvmdQQ(le+_2r{uzdASK%Sji?3;%X-|G$K3R%g^YwV3e2J2${*-zgMK0WOqY=Y)?
z2N~zu0+*5ho8jjRB;%(kJR&b6>|k4A`Hx
zWyNCuf|jnZ%Wvo^V%`IG8SjoOeB9~U1HZ20bu@?ndgvhR8J%Q;};
zk3pjEgi8kqmug_wgUuQ7*-q-`UAjklpXhHI_cuPFzd|0*6n;KXWqn>k>%T&o6&WUZ
zFb}a~SNYA#x$cHvwX(+}!Q$=1Tcjy~*C7Cx=NY|qz>tbKj5l$9}
zbH<|3WI-F;k*WOM1aX%5(UH24%=1t#zej=?TH6BY36B)`PvK+gNmcqLB4V$lkhKuJdiN7JMFoJ((wRzaa;On{!aO
zdvso{e=}i3{!hH?i8GUg|
zhvhp`FPL_)jcDvXrB3Jq+e|so!NWy61rsaL&S`Gvf+pK>Fm8=TU%y~^`VB3eK4;Z0
z_G_0zWwsA_fm}N6q{rkq2C3$+slioXKs@)lde&nKhPWw
zTCybs=9@S6J}i~r#Ikc>^W%0632S3SP8F{y6$AecM8oD@WwN=utu}XB
zV_oLcpGzIv69b;;-|P8^bR06h+k^Gq$LmekXfpc#2Mc5b&x{^E
z#OKBRH)oDtM{iCozx_DD{)>E+gEpBfZ>+G5vm8x(G$(}|J%Qu}vz)pPu?zHD($9uK
z)9rFS1ERi{b$&V?Ihc>YN8%q??@(?w@GMK@s#}cwYeVCN53}y?_pr-MM*BqBr_N6W8!_q*-v&RjONh01
zEet!>qxQj2P?;6lJ>ON0J=T$11YR*%u8bu<^O1k9&8@Z38m;3sDxf|lDeEt)c`v
zidocdx8aZ#_%3?mWD8fOvE@lQE7EHWMd_4im|BL?F5W7Az5R{gi1`UIt_M%
znapH+7yL;j%;3*#Wm8VYon*3PXJ$o%4yH6qO~5jV!k%;QdEM`IH_*eP7rQ*D+^J!xNtFId)E;GR0*6w4xeg
zbSwdlSp4$~SdAe^TyKBmteP6%4zWa1H2?ISc^pr;n&J{IX@%Yl;3FLwc`Dk~C8er&
zg*i`MQL0w)wZ_WIv)I;hTpwpie>t+U&ynJ`sTTO#u^^B4gH46?i#_T1xbQyPvhjUz
z?p5Kb_~oBMKgBZxU#nb!B#F}5v|
zub;j`)G~4YZ#}zC!^}eLhA%YzucXg$FTV!ySr+y-!Ma3W8|H!6>w0i40o`l~(6kNa
zlyAPUPUHvK1B>B2&+m~RS26DfdxlCp@1_Ojsur891s0lqDSye66xoX6#K@wB*W
zTY`!1o5SO33pq}Orh7cLi|XIp_`Mf$-}rz|_qaej{vLM}uSUe*g}xn;|K#Vfx+l*k
zKErYP7Iuw~V=wJ3TsOrzX7C;^+v56IuP2;$>{a{-%Y$?GM|wOzPGfnQJ80kamtN#G
zbvJR`r;lQ7$iGlds6w=@jlr)FeRX{yi+rIXQQmdYH;}8HMYLthqk7#r9c^DA+72$m
zcvh@FXQc0PqHpiA$?3b3Xwt>$`*d(U((|Lo6zo$fXuLg+#$)4?(>N;ujni~Aev4xb
ziJrZf|VY>-5nktn-IG)pG1)WfR{ks?uTdsp#|l0UV3nM+$2x
zPJz9BCS^D5ZP@4SVxME*#^DLDMQr7^H9S{H*sGnZnnhmP_xD8lLSg;{_MJz+9{lzW
zjz{%XoQs&peS9A0;a!n8;rt}or{b~o=#OqY2>hxqq@Ujmn7hKNsNT_KuraYOR4g7}
zD`5`~6dUpQ_R;bFVi8+D_a*v(swn@&#q&PWBKSrwogbhWcuy7fgXzUzM)gW~P1FZb
zt>~}M;W)^`2hl|RP~kU>xEs~@F0X?9n~m41TvrtDg|S~(7_kZM*Y5>8$Q4%DXFUak
zUwHuZ_(b2d7ihVk_q+JKqOQZ=T|l)f14Vs~4AA>$$k!^eSzxST%KA>@`g)YsS9?)(
zeU%#5m*Lypg?7&`Z-pfGV|#Jw4=VB8Y&fS~UkTr{@HJZ{_N2DRg-VtzYCyq?>cTqD
z-;ZJJ$=`ft*{GYC<
z|5*aPEemwo*4Obp5Fh$N1%q#SkiO+CmoW#3>wksO=cmBER-2c
zm*~TMvEr4OIZfuD1$_~03kh`AI}+%ui)^+ulh-C;4FUNtA~|v556}N9Os@Wo<2P!!
ziKR|&%fpV_!cJ7!2glv44Zc%2@
zLwqyP5jrGx9+aRDj^4-mFX^$>cI)(sj-r-IJVX{#PB+b
z7+P2xu%@Ixf*-fWykDIU>uvzv<u61Dfw6OHa!B51U93L51Tjhs3f*>yDfIoZ)8`SCQG7ek|L9gQ-1
z9mD-Z4}qnJ^uYHpx$6`!VnXWP5qZiT@P1yl6zg%z&+^`h#ipy|$7*!@J10N+{WF{Dnc$s{*^f6@;{K6FVc){9I@hKoyO&_yAIF}PGYK~@
zm%d|V>JzYTEM1w6mU3S6b=cqiD%Bx0EEau_C&MWFi1ae=Vk1V`Pw0L(9OwMqvQxdp
zYekl!{uIjGP_35iYOch3*Ei`}8LmZKf9wm?V}3}T9J}Fjo-2#rI9q(*>ttf
z?>e!co_NRa!aJ(`{p`R$U`@z;j|6yc=HrUOvD!8odoyRVi$;F#4ygM6FdBB$Qu57J
zJB`>;vH0~GUR5R0D%Xj1EYZ1O&qAJm2Q<-Y?w%r=j5w0RK3GrJ_dBB42emZ6pW?B`
zLOym~o4>n=u5EYVJRinNA&xKxZm+w#qI2c$^4Hu
z@{+6Hnge?ygYS(k$H3M;7QsgXn*J}m)8{O3=?LuIHM~C=+O2uY6^<<}Q{}%XIaY?iK3A0^oZS#j>$NLS8k;DFj+u|E2
z?*)FtTFma>sg4kHVo&RQ;r+n-j<7jhs22^t3hRUT=S_Q`<88)!bCwQl{JUKD>`UFADQLTCSHPe(j*PE)SFKwa1R@LBw<<=8B8s
zXwSqo@o)6Z8n|a)T)j>7d5wsX2hUs0`Men01hNEs;hw?1H}X)0L-O%wZGW&1&TWHd
zJr+j10mR>ZuU7Ek6dqry^X5#0FB7JBIbk!#F@H$&4cI7`v^}~%_QJ8vy8S&>t^i||
zK?lgLd_%t|LB|K_+4s=1HCjDN&vx3P^zC?U3AeR4tsCNFX4B09?XhTnN?}ZXePPfm
zBR+Q}#;mwKBl6XXC||9J^3{rtT6D30GwIh`Nk4B~B>ZZcj&0T9!)o!tIfQSY=v#b?
z=uy1L_$?en59=b-6F#rNeg?SLaE}#Cl-;anKMQ3|{9^2OaTyHp&xKR_mqjnSDm5#n
z7hOH+9ZhimI>ts#yq?Y#>M*-hkrRddU-Xxs$@>=;c3D85-oQ$D&2TFJR&_&IAG3o!
z2>Jv1cWp!1qf+#hcOky(kQuHKvh34HFVxfHh`;9w#rA8_o|j6`1D)k^Ce;(;eMk9y
zVr=x29|0Sd+w*Bf$_P9woz;yU;V~GFTb#Gz;rpug1Hb8eg4X|nK8Hq+*xr0jqDTFL
z>Ejj#`)9$_^)UtPu@GXv&EhrL&8nID41`bnyPy19@_*z4zl+H=Z~c3+e{-kKHGhkE
zX*k!IYrco>-=AyDHGi6pH|Iuk&HHGKop4M)N9=30kLFmDJ2e*RWb!R1H#z@$E7*Je
z@U1THB>&f6^f`uKTl?41-{4eyOt4h9?8jzAl8223*6qc{V5nJ0k$
zAcxtfpub=?b11EF4c4dl%-a=Tnq5(4hmtqXj(iAy^Y|~Xe}&^MtDWAw>nAHw=7|~w
z;b)%{vtIja{Xvw4d#GN5QGWVild9~NeIBqiVLn@W1@`@x-Ug7n^&oTco>t&P=!3-m
z8RYK`eJUY;xLARc4j5m0Kb7DQ!T!Mve)yJgm
z0l&RJmSXdP(}xCZE;#mFo=d(uU5z(5Z6
zXN}EAiLam2a6Hm!jI+RFH_SRCK8U?Ov6m*s2A3v`4PL!dV0p~~ePjTxnZf&{VNKvQUT-Y(xTVVbpecj}e**4V
z#q08-x|&P)Nw^(?H4dn^Ee5{u|IZJN{@l}~hs$^B@dicDh(}-zw!(gq-OV7Y4)ty#
z`$psO>C{UMuf2y~EBGkJpw~qDr3n7HQpZ0_$nS(Qp)?7ZkgB6WeEsM*OOI!W9;4au
z^f1NH1J{7k>F<7uzI%T*;$Fu4AKJgtYWf5Q9NzOix@RxkgRvdERLEmHn?RQV`Em(k
zT_}gK-n5R(Yui=l`1xDd^Pm~#aMIfB$>g!$G8_8Zla>3XabtcI*1PRt&+>XVS#E)A
z9D!E0j_WFW>35mbf^rUYmi0;;NhhAxtQKFE}-=UM-?$oc^L^S3a_swQ{sXhHo%ozn$nFN-
zH;S@ZJ3fCJ-@@x;w?2|-v}d0r+ITXfxvQxLUz~7$DbL>%{)bg`d{(CDr8k}b
z;hUgmV*X>yPuxoWrp7r@{)0RrU1z5QJ+I0!d#!MyY|1>`gf-N_8&<&k9I3_Fu-K=J
z6?Z18IX6?ydGlNT?$x9}o|`RV4R-3Iq061u)u2c8vj~2|$Fx`4;Qm>0^+3e|sn{p|B6WeD+)KU`{_N3BJc5^6I(}
    G<|*E%~&-vF&s%sr?(DX^3VYcbEf
zlE>w-R&$_M*nKG*6quJ9ekn!y5U<0$WMS`lxV?w{-kZR#+YA4e!1lv^kqf*LOZe07_TvAyfttQ=KtZ|u6viq1A@6&$Ch&5#@_FPy^6Ka`H0^-S|@>w
znYYB7#cVe>fvmt>CB(AoxW%!u!2Vktn8|&-4vvqm>6PfG2{T7VwITnTgRu>7;SSNmqV_))ewa
z^Nl{tl+nM@;}u|SG|9}g7(0|v4qxkxK8IeGt|os_!wexyvu;C{{ul7USXugOU4A#$
zM{7jC$*JVcE#h%kEk=3sA^CznvP6B^owT<4;aEvrJu%H2*0zwBiYEo+CDuRSI|#qC
zBPqZ0WcJ>l<8MAq{sP%z^fy~LE?RWGe1D?s=5#$KBmUp?K8Kd~DENw0&SRr6_R1Lg
z;9jYRy};x$TSuA?bS`pGc20RL|{JCv4>onEQk
zhWjj>8aMuCpj(-(k^FK8kS|;Fl>Kn6$W_?JeRLyYKLw>!X?@FTkX>-hWZj|cWIMvR
ze=%mcd$qt;#OGjbQ-FEGJbyU0{wHm6{($oVyU})l<9O!|#$l{6)FJ&u_%@
zf}Tyc;ltd$+6nhL#hOUtzWGt$lVRH-Vbjm%b)KlF_-@ND3ipPaNdB2je50+zM^&q+$7)D$y=GhCdQPYBW#j&zJP+<`P+JL^`CZKDl1@<(^^p}sres62`yll03!XTH2nLF5FD&ah1
z_y*?M6^4c<%EmtA>nQpsC59iz{%ZMjlbuiDxhsEMhdQd6J!4bl4Tu99<~X{RZ!2FD
zj_zdlOH8@U*dKc&RtLXd^u#_dss86u;`nL*YimQ9Zxg>tEmW|F0mgtc-}Z-Q@SM-V
z<*B@n4(b8EZp<&!{FqJ{(_*!&4EC6s>f-l~ChUin1pYHiJin25#P`SipUg-O*M)WY
z=m$EmIi&RyvqkV8u*Zc{Ezs#R`2Td?L%;>Pbmh?#h`(lasaDL*VQQDw$Gmwr=(^e0ljA!bst^-ILwb3lnU+9`S?`q$DqB>i8BX-nWy|*=iYsN370J`r8X{8
zG7sZDj?R+OyejOQiM36b2b@ndJvY(k$l17-_g+K$SlK9QV^Y6E`+p+&xUJ#)Pel0x
zeDh#Us#K2Hcrw)~%`oIYh<V@%a4M
zfpPu)ez?De_mk4_l`;N}yvleiI_CcIsNJt1PATXlqW-+3Hx*=V6DtYhd)@dafA?YP
zQ@)<7@~h&%OE#?42E9+Rs6|xkXvCk;@nK2UWMA-d&pK
z&50fZUD(-s1pb0<>kPx*LE8q$P+-g^HqI`MA&VSzyQZ)}fDN*A}mpY`8iY
zuK~soc@i%ucWkizbyLsgE-g>uzsaAZ+{Bz(;WwB}UwBT-f4P|)9#%sB_x1Gk*)yiV
zJwZ&v)&su}Wp4C`B=!rtaeUpa%JECe>}
z7-Mh#tJcrEKzGmUbWbkab6KbV*eJeIz@98jTkoTLoj1uw-^y#rgxGXoc{Fg8F
zwGR^&HXT2{J$fSMFWT*DFC&aov?UTf`xAQhBVQWnmJvs{>G@;Mm(%0tPPKN2K_5dM
zaMOWkf8jGX`Wz^GM|9`T(77XU4rTKIysw6%d*TIucdpj|8_rK<2Z?>}ip!7s9j&GR
zlEW)f`@1{`Rtv4wC>W?*IlXl{#;d#{p&(iW)NwAZ%j
zR|gWVe{X0}Qi~G30yANfiPp!&OdxGR!%G3N4Psk-5(Jc|MhuUu!2E0Ny-w!LBVWSfs~}AyzNEkP6FiD7
zLihrEJ~v{XFXV(IlEsimpGPuN^F`ESVcwUCBqvM^qdkp?!Eu_~^m?`U*B8-$QS7Du
z;s-CF@z1;X&&LnWxY&RE*-k01QRTY)JaH!Ld?F}5Or#3-d=>CjV+k&GP&SRq#Ln^D
z$OL|l=Y|vG!Ph~#THyOop99|`ozkf-hooGN`>4ZJU_YSED#jy6pRVetH5+}8u}#hX
z`6|gHB^S13VOKWMv3F~+x*dJfhloc=^r;FQofPA4JBiAznuTfi0
z@&C`G?F_)cAm$_e4()jJBEn`c>UQ9s8-O3+=l}Vk^P`O9aXX^!`#}~)-UDFYhI2vu
zKsfNY*z0)?lO9bTN8CSA?+g8a_^1*-P7Ze-C(dA5GE=}mFH+k&9q`%8Zd3
zPXS(a59h5H*|!@O@i<{l_^dG6xDFEbz_f0*4C*-Hy_3H$g3k(LmWSfXO-m-+L|=^R
zurG8S#dqD+)0a=`&mNDvO@E4P{^0{`uhd1F4iJdek5>%8||@J_JVPVUG8nYPRBLidO@B
zaboX&K)FcPo%0(h9#sD4VsBvmbHE>rVgBQF{M_L&hJwS{54*}J{>eF{ufsdvZzUc#
za&B&&X+)vQB9q0Pmn<>m0FADWq?5p#fJ?wV+(D)U@&TdW>9*OZd^B%e-~d2BYecY3g$
zrEY>}o7!Q|KkgIvI`=@^Nv1E|65Fi=M%}^h+q88{q`}%ceuv;8L)}Lb?_2l!sGqD&
zoYR3fa%z}1sEa)HIj{AV6HThrih4vAj()H=Ud2Y
zcc#h!`?np+D+9#0-?I_q7lLOUlnb+)!f0Q2E9y_UzTF$FWLLLT@v&WPm0^6Ns|%HS@crQ^$n~%KLJyE_mE#k%S%vXpjBm@|of*4FM_;Is&b|HOyy6dZ<%3to&HwoES~H)H*i#
zfXDnsko&X#C)yxJIX{AWu}iCbp-S>?EjTOU&y3;GFS
zJeO~2{y%3hSFb&2WMwj*>7{?v>@XL$m9T~3Qnnmq{|$tT#e|D{;&AaEXajS~#$vo+
zU5xQEc)jd1=%3|3jy`e^>*z(p_;NKGeZ?9`dZRZFkcIoef8y@k=L>!NPNM&(kiDxS^cSjMhxPYzJPQPjvsLa7x_4V6+ZVeZvq{TT#_sp$Ua0WkomaqUQ&#~EH?pI1
z31=I|vVWNiV-@-|_7i0so1xZr_(E%`pBz3;yB~9EpiL2Dll*B+Rk6>Hqr;0&P^s5{
zo)rGWGSBZ+2>W$mTbPwJDpDSt?G-ZXDwBBB!QYzi2ss-tzelk4B`g`T0D=vz-9@0;0!IdH8>xeD?+TAQ{c71}J02%X8o
z5Wo)LyD-ilbpqYrumS#f{DTvN^VjL*muh0w=drKv>+tc=KB4OeI(A9B6VU7Zg?yeB
zP6OJ7cNGZVnh7?vaq2Pv4-UNJ&2jfVrrEI0LN-JhtxLy?Z>1Pn%^xHF0Zf_K^*O(D
z$%F4&tnR!>T7o|#k8PxD=UHl}{A09z%4;-IPEGU^fcCmmKqg0BLMPGtk0`&5<72c(
zmd{5sCjmXqwEb?2wOHQf3%y!O{vRI;`@MU}e;Pi+b?lk8TDGbU`r$D)ODNBC38x)-
z{Cf(<;KLZ`(K0z2Ey^}9oJVn_=9@9O{VK`r8f=iaF)tc23os^V6ll{k^PadZz<<-29LPW?#E94lV2Y)PL=Tc<~UD&-{=pw>w851j|)FH
zT(=J0x=qv8|M>9pH5?}0#)HRW{8~Bi#W>ElFjf>hwT1iTe>TGi+Yq?x&*^h&FP)z%p`8MuXEW`JFo`Wjjtz&lu(LT+=
z^OR=+?`qu?&Adb2o^pqK70@hqZ*$g;?zk>W0@GP6Egxv7(F}xF6;Y@@NlQXlv
z!e%&8#<=sBqHHOY9SyQaI(uVo)sxeCZp{)nKY<5mDF>Qo06MpX`?f7_tAe?SGu26F
z>fX3BHT{_I@0h~*&q9vhTE1Dd7yc@YS7NK?-XR546Y0DqmODo>-NE(VS(;uCo^ie2
zZL;c+?ocFCSVcO`VKR!_dG;WTFgGR2d}eOX2laT4sENJ$v=O|Iv`t@OhgF>OSeor`jn$bBb7dl>Iz?qZUEKExa=jOVw?+2RXD$$umNLqXf3nR&Ko7s&g6
zw|d4h>nyWrk~&4oE5dx9TPc=N%7?<1??jC+G=}_%dX8Z1!`W>f_S?2=)nBw9>3jdD
z_jlbvcbauaV*aiY*|$D)r0?BdANqHsfB6A*if}#^0X;h*1CMbt--iy|hk*=OGu(4s
zVPELVF9gn*kKldT3TMV%U+4?khnKrhSG~e1S@t`tp2WKfln-y(T)>uxk>8L&&Z7O+
zR?2;+Y<`S2D)!dyxV;tb5_`)CdrPLhg*;|7nkiqW#qYf6_SRhZ0mkc6F%}Z=1!%XW
zjMVm(Lk1qgEAL3jow;%g#z?ZwS^4uHcnqc@6@Q~18TU`(8dVOa|L%&*U)QVWh3^qO
zr+z?d(S5l8`}0GGhvz?xv=e=ZYgsqo%&kG;UzjO>7?4}6PT~0?~k0H&SrL8}_e-3R#bnrxa*L41{MTsNLA6X?bgQxaH+#TbX(%&@|$=l9xme8XhoD=Oa?`hAH_be)gRI5r&rhQHE1Z~pr+
z{-Ia*1-t?JA?%3A_{sH2hxScxazuQg|DpA{{2tD~5OwlB2s5C+HlCY~O>vC_oKRqV
z^NEk^gtFHqoY$%Gb!KXHyj17u_Yfx+2F)g~f;1oL@V{yK58xff&eG%RfB&4$KX~_N
z&p!i@p-q
z<_Ey{|GV3=$_Lp0nx4ynJ}~_JFXlW^67BuPefXP=R;?_?H{|7sUvMB_F52+hC6(uI
z!2Lao=3Vlx&@t3voJ-3AX9}wU+Ed7V`wQ5@u+}c(?;QAzG{plvlD5x~zQ|k`RLu8V
z=_}KD3{vEsOqN%jm25+#3hGn??#Jr~_s7wmJ@4R|k*SPj%6T{&{5GjZO=3#V1XgD4
zqDjCN4Hk#yvF)-g|m`gjGO!23u%8#X}
zvsMEPWO!yE+&?CD?Zn^6kEqFKG5!|7#maHCp7R!+x-;;DLC(NC`#l4dLjqnm06(b3
zARCzwFE5bvV-ANk&30r`Ix@EljM80t9YTA)2J?xyI~
zvV&oaK_KK4&Wqndw5t6dK&z&gJ7rdW5$D_7c5iSix2-PXcb7L%PL1J=@BV*seE)!Y
zwJ<&n&U2V*m)7PgI}9quT7a{_nvJoaG0v+t7Q7ow?0;@T|F~y(Acj}pNHs2JH@)^d4>%p;H
z$9?vf2kY2>Hq~RyuheNJjpU1OL%~QVs
zxM+DEt2q5zr6SF@aJzlHW3Y1gCHKx>YPxti2G=im%-%wOI+PpH=R7?H@H^$ka$zV3
zbl~_%*z@=s*UKg?Rg046DjHnTHcP)=b{Na8(n)wXDQ>S>K~BTmGxY#l$+S!nFn02@
z2iG6{!4ckhl1;($8grmne0>kZl9)jI=kLPc^Tn&
z#$B@77kY%&^|?328Kv==WrP=N-xP5o0soqiHhh=%7n2WK36~p@S4A8PjM}c^`4^3%
z&BFJx(O(hIe2ph~miT4m&A$G`$mi8DwLzSdQTJ5oyG6*4HWHth{$_kEs&^OC`XAVq
zh4d$v$MjkVvb540qcK?*zps^K`CSK4#~1T2Ur+jp=MKcj(ce6AQtzrgXUR!0Oj^re&l0c3R-d<&{N#^81K9p)(PXB)f3NflG?lRfZ%_d
zhspnj`{RE*2agY#&UJ>LyD>Kf@Uzv&gQr8AO
zzqA4PrRBgcEd+k)Wzsne%ri}cvB@n-a7M76I-2{lG$&0H4wKOl?D;^zVSc?CwzL#)yPV}9!z^LT!y;arRi~@k7l${d
zzhFKjjFWJ0a2nD2X*{QXBf`BkE#i$#uI$^zk#wzVZ#WXk8)zLim!vp%cN78
z<~Pum2G{r`=dt>(?~zskA1|$Mnm-W-_3_b5-x%7yOu!}3n9KcvV*TBN{-WJwJRXva
z@j-uHdq}4Y^L1s%~#W&|&@A6`Hcp&o|~ynVvn75V_c*!=uGv)yHBH;J@7tgBK%pxavR@?&Nx5B9c-_i6`%k9q318;
zupW@ZUk)IRmCQC5k5Aq6y&~zeELQ=y?>X6;5C0DMFJa!z8St5cd2AO5dtkH)*S^EN
zBbYaiw`B^+;gp>I)H`E@}HFdwXg&%>@bcy3r-ytCf-CtGoDtjj9Hd3OfuS>SnEKld|G
zj@yoX^iz_5_HE0uu%)dz(1wxuk56OIwDkIS@jaXy9^#&2@cX}g;{F}u^Jl>N%dq}A
zu>KBM{{mQl1!TvOWM_*umZRY;Lb_WHeAbEiB4&TxW4=%}={8gL2_AJEw|zd@%Fy13
z_yuuJoZ;uhcsO4xqGbmS=>H1uN6>kXZC3up7pkUMH0^uE8H@PFs}`8
zroN1JQ@wZI{rZ3H9XNj^o~t8aE+s5?a{=?dWQXy30B6krSHwvR&wqWA!+sk4BTn;s
zdN%t`et>*A-g`A(p2l1)g+K>$&=&~#2Bc4{
zI5^T|Q_`W#GFdohP_jz8LSiFq1CKoGisDv|RF`b`F
zUPYgEhV=uvTddwxHba$JUNF^U<+)A@n9P0l!o-UgyejxS^z%cU-=XFIgXcM9!;r&m
z7$%cH#^mrr7`vS3(Vi4ecT}rl+%-H$0hDd9^WWAYj4x6EGEoN0bb0_+rqR69Vcr^j
zH(Sz*xLw{JU+5boZv}T_-)vAj19OLVKAhq9I_BNJ&{49TTfAH7dN0iv_AAo>hFW}>
zWU?*5c5WO3e_tcH#IievBV+XO0G^DEp$pdF59DuhY?tW2yPy8G`&)$d4++*0D4)SL
zss${MpABU{5og2G@H`*a!1QeeKEv0s@{hkgrQDg$>Cl&b^kFGHClJOrSqAhd&p*;s
zq2l^rY#Tw3L|gC~#=Vcffj*pp@{P!kp)awS{M4|FDFHqxgEAQZaQ)7>{Ie5amtg-@
z0Q*PCDi~ApgSJsXr%_Liv2HRJ+}l)I>kHN1L-*fUAKul2{CIQ$=|6Ug`@6C5d>r0o
zv-^8_(G+IlC&mltCQL)fbxh>fpu1ORmAE-
z9zB-dauod_0Y#O9>05m;LlNikiz2?u8`B9d^sz$n_#Xg%Z55G
zUZs#9sMEfN)6va|@gMm7UlI3*
zgYmB(x?dSdJZv4i+A8!t7_)zdt&S~hC|&|j2Xs2D88iik^dWD7n+
z-6wnspRy~m@(Ie|z%Qa6IBcBg4;v?iv3>lGXZ648@-bn3^oKA2-G#joFtL?^6jl_#
z_S4ysfUQrw)7bdFalz`%zo2?cUj_bw?B$<+8P^BxQboCOmN%WK*NjFt+9dXht$nL6
zbPJWOe7V0lNfBt
z95*HEL)Kx8rvU07Td*J7I=nAz5N+RvF`{i@4JKGFg{dw2-vE=AqdNcUI{6PHX;uTY;yS`r;oxL;QnJG3M#F^y1$MsW1`&oQnYd
zVf&GO@DJ;2_*V`1_b}jJE#cql0q{>7pC13F&^T}08pA&-XG_GtU(Y1_pFj6ECn*AT
zt_lD8wjuEEgfuYzRRjKEKZ*EV7XerKmG633HZn1pD*AaNx(mZIl`$w{4){$
z{hnZP>`wv~T3gy$BL1C_hQ_~cNhkmPDMo+g24Cm~lAEjHxjcm_gPk8nhg=l6@;#pW
zMB;h#oF3~1sn`T^1?pW=`CW6F94lY0V0n~Ltxy)@5PcDyaV#)?v4VDJ)ut?0B7MH}
zM`2$#)c#2Cz5hPv#=GiN%j-_`kwiUz3DM^)!n+`}SpxePPY++l{w!n+^Pq`@+rdKn};ni@@@mad5pOz>G+E6Cc%;F&
zV*4XDzU#P-cB2jV$5LA7%kA3!5aq^M_VuC9FO%F~FF#cr%zsd;UTht{rsJ(diEwpJ$ke{cDJ!ykhVf3*F#c+0in&sM;h
zt%N^Yhrpla1pLVu0)Gts;LqCx%dMMZ_+uCVeyoqhf(M|ey!#IYeN})PUBZW
zUhK6eSX-oOa2*GA?!8iWa4ff
zmqt*JohjeI^{=PhVdUYVZVuHgz;<=;C?a^s5!Aul7lL*CSZkNZ6Vd$tX*@Y^_(Ff9
zw$8K;951-rIDq{()am$gaQ#3j`Bzl^$rt*QO6OlI_W!BdVJd`uv)|eEgfH}6vPWOs
ziu@nzS<(@U-`c!D+`asiWLu>baUtpk*_!WnjH91sc_R*=q3xiWT*GZp5RZOE^E9;z
z{VD1|HMsSV?&-u!2)CsKx6~#r4`;9aAG}AMjOe#U{Rr`1H%>o|(?jE|e<^;P<8}OA
zYN$+Tf@;M85{AeD_bTEAd;AEp>8be^cw9aOIY}zCE8oD#CVZI+)?!_|GzlA{IUwWY4aHJ??yP`eI@E6)3`45
ztn&^Yt3%`;M|`Lc`$8`g9Ok_!<~9*(c(ws<^LO{syE8A~-p>u9%@@i!)l~OxdcXe#T#wu)EHl<*Ey6aY+$I-c
znK@LZ`GuIhO2DU}ec>_83mizDtG?E649bD?mGb+)7Y4>Z&1YWQyG~l~>=!g#5V32j
zntY)fiSDMryOBH&824}I@c=FXuG~j=Whb5ox#WW6Nrru1Me`r8&Hs6;>#4ix{OcX7fI-1;d?6#j!1O%Qm2!1B@p}$E*I#_a
zbNp@+<2EAPk8AmFpTj-e<<13JJaEyf{t)jW7GTa_tE%PvHLwqR_mLLo2ywlK{Iixk
zhjvn|#|1cq?-6DfDSoiN{0S;w@EqbK>$$O?@~Bt&SjP_<>HSgN`_uir$M!p^{X>5c
z@fC95EW*3eZ|d}u3~19--EWjNUe~oJQG2gZf5=Pj)V(+8`ip4ur~WdizZ-Pzqb)B!
z8{ZobUiRzlHPYeth&caz*{_esVu9bNufR6&ZUp1!>fa~wKEsJ$+Wzd&_;Ih6{}sw=
zxPkd>90|B#Ovnd~{^8fh<@-@u#>LH7X^D?VptPjL%~xqjjiaDfm88;{TKj(-Mwt;b@zPeppqWkl|ia@w7LTXoTR!0kh@UNh*PWo?s?s}k>HCk$X0
zq{r{lrfY|fs^x!g66cXNKBTjn{~2o%_j^baw76jyTS?H}i4ly;C}_StGLTH@7zTZ;
zZycIFj;Hb7*BC$E&ff!nOXDqRjJH*lhj~Ah(Ks;t(1$o(H;&I~uOABv`gO>dY3tq*
z>KkG>oep?(on?p94`)st`Rr8Td!VaNqkjIan2q{y
z@O!BE{;}BD1IL%S6zG3{j3nPqjE5n!tF4+`=_p0pgI&&gkX?U4@&AGzFyPT_
z`Z5ntnYsX;4TXMj=0x4U%a>hfbAWc~-H-Z0`w1RP0^*$fFQ7%)&~J{e?;LD*t!THD
z+ARoROgPq)E#jM9*2>C!47+*Rxl}eC+lI1mK4A>SGg|CuT*L3ND~&(0K7RanQ2D3V$B+Np^!(xV@#8;yH8y^2T|BoTWL@3R$RN28$9ZmMV=Zu47>~ZY=&zWTj?>GYFruUt5Nzj=x4coJ6rCN
z>TY#m4k?2<2gG{Wt}@xPNK(jdOqsR=$`~pYmxMNA`5n&fEZbAFS@x&~Rgs{M#1y+R
zpDDtIP5ARkOrD12u`K3}#Bv5KH!r@N0m>PmT+%#j_hwJc6SBu-+3u7~H82(x>Z=|j
z)_X9%o{{Qd9jV*u(w8@3`L*%o;oO~O#C{%(^`ozogmohEb&{x#)`y9g&*pPV#`15)
zmrsWBBLIGe9;Tq}8hoEN9Qi!szx(Gu3RX{V9NV2a>z9U1TLxPii~sr5wya;KW!gBc
z*FEoi>Yw93>!0f1z8(9=zVR&7_p=21@8@|5JYUAjtoUvj+F9z}HDe6qyMZmZ2G8e)TeKmOd-DNW~*pGVK=zbFRD*E_d$x=TXBv(!!{^!Y|?W;w6
zt*Cn$$fumIAl>&mE&dm@0q_XoxFkNen2lTMleqt*uwL&sDy7>J@+*&OD6z02^Mh=b
znPnC+_CRkv8R|XLmZp5cGHoTOU!uNJp2T$=xZa6+;8X4%uk5ujmsYot>h6bkf$?2j
zz8qu9bp@`tx&PP7+pE1&%F3Biigl*-BH(`a3>WTi;P(_mkD~5KDW19V7r5sa0e`s?
zaC{}tJC}7)_F^n@7yPb}FfMsEk4w(=#aBE+Uo7Ot<0)(+(4h)-JK(-Q$*v5gM;>ne
zh)e5+w|=8w-A40!4$a5?6Q_du&DHn9x?JJwg6o&W*Kb)Y|IIo)0|cKf5j_8e;Q7!x
z!a1K^6+Rhb64oWwPRTm%Pt_H8T$HUW6}su(__y#r(H#kW2F1(dVE`!
zcS5iKotHMWDjH5z50&qe-
zCANocA#Hn#+QRSa@O!2BzLwhIG6J;|xKgg7eF4rbLUTj?=_pH`nm9jU&j`z7`VsVH
z=i^zy`?9MDqlc)?2#xI=w5#14X?3vgpK5jB`;WD8O#gv;fyU8JR*}D6K<&5FnD9PV_*Y~3(cHh{&fYPUtN%k|
z*h*u-JLP7h-Kv_F_V!&(eP>YL=DG)XztgClt-ARqY5EH&gZt$hy1p=8L(BLM)qyxx
zAkVU2MLUR08;(2oYJ6^pfqV%D&HwfL!Su@_cSQA09-FsU_RqT@74!AxazD=*a17)A
zV%}2BS#Cvp#3YsbPJ#UI58TFcOB@sXWW~%cukf6D4e2bk0rt?Wix}Txt&sgsf$Trj
zy-?iw_t>^9$1vl^gjwO{cD8Wy7*0cb+^9?LU{|;7fq&FP9cATb6Y_)GcQLysJ-=F=
zIHg>zxlrvvoinb>-+9iY`|LZ}eI5zQ8K4ZF4c6WtXD}5gNjVx97qfHagsC1K8
zohU6;rS3J{ANDo05yZQQ-`kZ{587Q^CvVxq{Qydy_k}v>&hOCgwq;?QM=HR&!@^!2HG>J+7@HslMvPxpdn>OhV`UnCBTzd7-K6Jg=g?mz2z9CaQW
zx*25J4z{qVgv(x^^vcQ6=n5O^GwR8QtRCu&0{I2z8BFG~Y;2xeXr2%DwrdUGd(c^;db`aMkjTGpUmqibh>Yrl}z
zzWY&Jr>J`j@i%gG#g*a2%I+M>|MAh`*+(FKK>G*<=!1tX-^|z=pn2a3FxDDKW6F7E
zD&z7v-nnQnzm;H~|EREwyMa|7H<(_4z51b>$1xd|r{wbZt}CqgJGqbj$3%G~>}kG#
z*)kRVP0?Q14Bz$r^!oolBINlb(tFE&?9tDVOn;WskQeDLe(fWOPiNfPebG-S55+@|
z;J8n^)1W`I=@AueKkflq>`xl4pgwUFdjn|lnl^>wiQ3}fpMe&x*Mz<&3?u$)$x!jX
zRu6A|H2!xC=ffuPIK1dn31bVp*wt3f7hCo^)7I{B#_qpSjyvrh2XqegoIaoxdHim_
z(C^{#8EuNlgQnW|f}C7)LH443r@336sjv5AsCOgOtNFR?4VfZlkUY)ZsQo&hwX0cV-cJci#(z~X>uo%iXGQW#b#5bOJ9E;)R&-sXLRFn0q;o>
zj1`Q2qb~k=Yk0UY=lK8I|I6O907q42d0+SIPb5Hud~j9hPA5^Y4GAWgUHRPC=_GBy
zng~IXQKS9s0EZ{!Q)|
z;|d&qjP94?TeQXSo7V~7_v8}*`s-o+h~sqkhyn6<8tnEy>ch&|^3D>rW$PG>IaP$`
za72CmUrS$B7hPHo&0kW_J9{_ucurWwd?jD{b9{dTp0(UpUJltC63>>K*N5%yJ4d5@xOJ@(nXFqS%56>xsD
zvj+YFwi97?N|?;`qCYEhPV2<}tjM`M7x!Q$2BiO^bufl=PHX4RX%X~crJo61EYB4l
zT!(EmHdjx7NT%Eq6~`?w
zR)BZ(OEN;$w40T!8tOIr8^iHyc(cY=E3RXGb$B*Jx4sHhdNriekIR?9#~6${k?Cq
zY8Y=;7vehc2TZG;l%rLjs1xU}Mya#>C?D%*%Jp9;Lvxxrc$W;vK3`PzLf_nI6?(hN
zy0IPSOnzGXTLkuL5!5{a#~~9C;Mx6L3jPf<
z;d8Hk{(DW2XMde>PK`@En%AIgO>>29t>kkI{key2Z4^HPaf$*?*;d{E)fd#30q4D)
z=%=Iijh3zgIfg8PdQi^nq_-2izXMzWZikw9KFbvV8Hew=MVug%b+Jz!m3tf~R*OD)
zK72D3Jrg87QGnZJq9gHh{^BaIHHo
zyN~&ADGvG$LjFgrl>AEleumWlRXrYBFPKxn?NU~@L%Vca68oPB$aCK2P(W2zX^FT3
zKDCK59Ris)!&?!4sen($AK~qgW+VLb>D^Nrm%)+%|WPdrH1^lM8r2YGEes%%xM4XP3`fD+{1~kBp>~SptIGw
z&VB%8u`NccpH!K7Z$aMI8oW>Dc_z&*-^xXv|48yYxYFRc&BXKB7DHal_#3uqf>$N`
zkw@RRfbND^dH1DY&2ZRGYON@X@42NMcwC;qV~Z?m!6f%BU#>C>kKU>*mU@YHr~qy^Un
z9tB(aD9~33?Gla4(J-~aKcW`;raRlUaN4VyY7za>2z3VZL$7LrU&p+UIP^!Zvp-0p&wZ|e))RiZ)a#Errn&W)Ie5+w`>R)Fe3DhI
zxTX+{uPLB!le7|-7K@GdY9q(T*A39FM;%+@_Zx@NdP5M}0M{GZQm!@N`W$>a*P`C!
zGp{vZ--vVWKS-W2z@gw0?Q@Gs-anW7kOx9&e~f-FS*J&-nr|>2_T)4K9PAaZdKT>z
z?k8?2v}9@k(^jqP%4qdI-#d_Z5YkF=TB}iy70}DKVSZp|uM{d^13qHm>e8HW^$Sv7
zQ0IgmMf_Rn9O{F&%end(z?;@#v)sH5+N^sBHVW~@zPEb_c1qA#?X}~+2de}c!EO<<@2@n{LSsqW~)IyH;{bpW32<^6KNh?78?O>CA9tOZgaghtT!U+
zO>Psc_e$CX>m3eoIT7U1lh7s;yxG(yljCqBL7pAdCRKq9$QNx=kkBSpwUJ|8d8HxH
zht&zXHk`)9qVD8+^*U44=Oo!T=uIO&YD8~xTOz%~h>xPJliSivZ#v-jFQ)P2;C!qm
zKBDbHK3a*7o&)pA<4u`{N$ZGp4?A$?YP23Z(B~1ILdQraG3(
zIx>Dt)kYX!{tomNd2$^~guCI3W9jUJm
zCg|(B0lKz^^sGSgD&t3no~6n0R7kFqKKHPIIrEfQ0}aY`mE^u6hx&>qNf)z;cZN(N
z?;J}x$vWzyop?7;Hd&HvqK@xln*$b;j0@csGOnhOapa4QbWh-8C*4cL$3eO$@Ntsv
zX+zRIo76pflI}SqUe3$vUgEeg9ma*-a$E?{ZYN7Up1Vc1!~M-Yo-<#+b+N`d4P#iJ
z)#p`*s|tJ`|#D*oDoK{`q8&r|%oF{z5UrmFc;m-@yFz5mEo4
zCqQ~(I@@_eJCsw@
z|0>7zrE6iF$JlMax7z}#d}rBjM~y8x!ctHYJUxT-%};!EV8?1k9;4_Uo&r`7B)1ixPf-*-ZtFs1?i<_FM!r3TMNr9$$zV#=8M
zk0E~z@N!K6`T91ikh~FmL7w^{?>=Qg0MEQJwgB+1@FEc#Q0;Z
zUi1MNhxX^dy9;$@lyxHhD*vaF~0~!nrrhO(uD>mU5q~{`$@v>!)^pz#a>H$bJ@xuXpTf>6#r7
zI)Ci(9uL5EAbpox!zKBD{L11xyjNfxU3-8mar!_^LF;h{GXkn|SU4;2GzNf=`ay*G!P4xxY@(w!-f=)lw
zk!!mNeS86pc+a9Sf^mF3kOp&0Ey%WXgr|nc@6PIF9PH0YxnAx^e~|E>7f~~D&9XdV
z&1~TLrS1Ge?5+N5llLRlqg8e&Yg0cF`d$)+c3$cAk6anh^_8&#(3t|znM$cMl~e2h
z-@0v%QH(beipl+`=mGLEnR|Vx7Z0$E-|leiP$?l
z;2i1C9I)Rru&x`I(EfA3*yl~mOJ5@VP9AWk`xWWW81HM;L3G+=-P;aD3$N%#Ic`r2S_>V|||3DlUHtF~etZQbIh`nv#|5?>lgg@@{`KT>w
zpdAWr4cu#Mgm(F)Dpfry)5S4U
z&>bttIGu+ldxHL&(I2FT>5Kg$>+
z|6>?K4e4}{ZM_3+D(xHN{k6h`{f8CWC>H&6^)eUO)X%D{(yki&kwdkwN5H;*20S_W
zo!Hmm>Z@9siZ*tF=A${&Njf`XmXTeL^muw==yY_=Dd&1K)GoHUM2)pshFZT-yx(vQ^`4GzXo}y+l`toBIzz*U30t
zL#OBDcS?^-xf$Af7~Z=*I|k-c*Qlo{uIU5yVohM*$^*>
z{Fn%Io6FCU~3gVjW;@c3I9R(Z?N45
zFm3^Flkk}??y@NuN4lSdrspZPBULyzmN-Td=t=e$3VnGj26OO{9-2pPh52Pvt?}Dr
z42kne_G+;C<>2YO7l0!|~76B`#ms>hU>f{ihi0X)(sK_UZS$6n2aMTx|L=
zm$HOo-5Gu3DlO`rK0SWYD436itv;VhX%g*J8~4`$1LixD)YB9K$k3Zz7pe~^zKy&w>-$t6J<++pkL)scRAIKchWznHKih;
zy(kciS-rWXK^|q6fJh4MLD@ICrVOW;e@1)i^ciJppiB*vX_94%
zrksndI2-?t;IB{TFRnu*uTda>UA7FKN>-3J*Cw1N6Lh(VrV!DTWghPke+*s={;Y&=
zt(5Yr0e|KnOKxMy=VOyfxexNs#n(mv|LYh(ZY5tc=Jp@B4u$6+kU#iM+~3B!hC|uJ
z{=rzQLpX%_6MRqS556CVcbyls{?XXuu>l@gR7XDWJwJdpacdUXgW?7r-t6Lt!-d%V
zv*8^NP#g?A>wr2De&PYzV>g!zXZd`sCA<>P;f1pnaE!~T(m3CctF2iR0q!QMR|UCL
zsC-_)R@)B!#Qa<<1b%Xx5ACJWjy9&;~7cid(`UcY0OpXR<{Z{>-szdu*
zy8curY;A8tk0%@KG}_;<=8ClUAN}c|FMeWi^$-a|0?{
z!NX~rXe~PT+>t=rx$;2R8s+jn>e;Z(PIo@S!=I=70I^uim3;nLVKEm|N6loam7CiD
z>3SdR*f7?6!A`sz=W?BQ1d{#BeSBaae()YX#w^XmJ9yud{7gQF``e+o4C(YH%Fj8HpG8uB+UKJm)D`8_|4aGV
zIR7tEex4gdezFIVpU@EHr*%m3Q+BVApX?#opTpm){Q>$tXkSnkj@~6?AvCYY;{aJe
znfX}C$0PG_O=m?p`DOXDl8-%7K6*{^;gIt23n?FmQ^?2R%i0$!i(Ww4NNoQ-ruIKD
zc>CWoRQvH3*^jL6*?tHaI7c$jAZ6eucN;QrkCcIhcc+$t62SQ{v;DJ&*#6-wZvVmd
z$F5}m>_WY_sszs)7HlUxB=paew$Z7|%*SY!2YPj1kkRGIqS_xt6Y`hvfMmDE|?BH~4%@*XcXu
z{x_s0$MQNT&oKn*jaXjI?;y;P-(D(S4bnHJ9^*E}s>;?I^@X0s{nQn%0L`g#BcZ3K
zc4+nn&S~#fiHfDx&K+0%70g1RnyCY-f)^*L-`EW
z&)eo05Pt)4o7W*?n`zs0JbtdPf6wjl)JeL~9~
z^8=~>EMKxp#u{JS!*G65>~Bzt0_F4@*FbW2V_(HM3u1eG1#{N~cx8z2te6i4-mMG)
z-Xih00=(r4;guo6BmP5xC;SJ2hxyue#2cQw%z6K-=P8%T1AH!(hu^+L-fQxEyHn;V
zm&sG9&Xjp>Tk1U0|2c{Jdm=P-+kVpf@sYBBZRz@Eu8`BdTD;Sm7O^pQmcQB3bz_}8
z|02`TCPtwg*u=;)@Eilrb@1fy46vg+n}3P1m~$h}9aB5%;5qPYKx+HjT$_j=-`&!+
z$0zr{YIWPHb?jofU_&%s#%}MxGuqS#J;C`{c;-vJexZKqHnwn_XMNh38<>n!J7tdO
zS2JqSZhl>b_t}=*E$Z)|-Qx+a5;pXLbzCmq_i{r2Ts%YS|7;P9a+lQUVbbRBn=RsE
z?hmzeWiJ=?S@QWF4LPJy#c%b=^G$WL4ZD}j
zQ?h@v4gO(#N#~B1uHVSM;=0+FkB>(E->iZ1k?})AK9))OI511d!6=Xqy}zr&INbes
zcQB(MgBAIE-<;anw5g@5RhD^iR-#P(Os21zWyqBCheD0|1L=b4Njq*ECpL5vlVlR7Lr$G(nn+ZZ$ux7ScI2gV
zLdKAsDKm#TAw!zdnVgmclL-lJoWyu&hlA$(?){$Mdy>30$3L!h-`(%G-+RBWRh79oY2g-Lt{s#v5
z2~l5pyT*r~>w#4MuE&qW^S*($mhK{gr?Ua_SF^l;$KynJYwm67UQXX%4jAv^jcrVdv!D8E-Z?&e26yV~
zmk;oEACu2dHa;Wge}?*n%pE?}B&m)!>8NwkZTxL7E3kl025rW3P4O<>$4>>M
zYK&_Zg0*_HN#buduMv&dara5r3UhqSur@B|Vujm!p^rG`pAN_>zS)vk6U-q5@{=OF
zMjloV9g@`fR#zp|`#H?5Imv>@dfFPF;6y|HU#Oa|AffHbzC9
zwgB3Y!*riBuE``B`9IZHN9$uOC%nf|9=2E%Q~iwk|Bg)l?S}kFN7Oo~?Pi+tTgs19zSd?Ka2oZBIQ-9H
z4RAV(-j3nBE~Gu~Izf9b60NyFwB{Vqnlq5jHtaXnDWp0BRHvWn#Hr2+qF-1xOf+pQ
zzkQtkSEtcmXx|cpez=dzZ+)BazgqYtMf&w+(sy2|Mqgq2_>lL0`YrJ-Ts<~zn?|%P
zAJSFE`DLJQXTKomTcBE}Z02xH)mb$@eQT~V#76|YJq37sJKAPSB{}lf
z5~oi{hh76Z6!}$%`*gxG=+kK_x6KH8qtTOm!+J)3!|wwOM@}~K^Yh5J8_~bPutwJ!
zIbCZ4S`kvSm{WF^%A7_Zjmxr@b6PShg+4*vaaJd2#eW85PM`jRc*M)9S>ELQPtB~K
zqu;zcr-8gmzUQ$1S5@xEQN(hyT73Au^ji#Qm|jLzC+~-n)Bh>-f7Q?Xcb3j5s-AC|
zPyI{P#{SRvr`CU`-w=QK$*oarb3TtH-KgLH^rQded}mK`@A=gA3;NCc3)WrGbl9^M
z1~|#Z{r$DWyMV(-NX2}`>hNB#74{A7+_7zmU(KOU<7aG{rTS7v$#GV%DXSA4$l^;e9JZxn9C_z-UNavc?a-uQwQX8MeNQ>!`L9vE$V
zJ(R(``ECaLsOK-Ed}CP~ZF
z6W_JO*o`vD!W;#_b1KptRhHYnF=;9q+*{^vdE>Y(!2*E#Czf_HrW)$h$Dex^6Vo>n|{E35DvE^?+6Gvvyb|C&@1Ls$coJJ`4UCmiT3I`vwU7f@_9Df>$uy%
zpP)bBWfGUQ*3%pQEPBJA&CmN}c^&3IE576SnhoRmI~vcRBF1BEuW*d^Zl(5?WoYja
zYVTNv_UzQ&bZQUZx!szwf7t#^YJVY=%YymNH{GAz>zHHs&DY(;uZxa1)#-Y~rSFjZ
zqX>V)+@BPlMe}!c`0nvVXS0DXy(5dbJg3=A)nX6$@VsY#9r{7qE93n9G{1x_=9e{u
zGDy*=o+R{PCp9k4f_8VNdK43G=LFp@W?t1km^aECK_;|PRPRNh!&iw
z6SDF^U1nWA6aBqVmae})M>5|lWmBUMA7r2pxdA~Rn#y$gP(^l%`m)UQA*Yh)Uzwl}
zdG&%mT-s0f|I2jx@CUMm*~`-DgS}p-5A_5aA8dp5tk>zomni=nHMj5oa=wv(5Ir1hY(kE
z-l9Y`-hyXv$?av*@fiyGlON>zux9_-O5+0^^Lm}oLB*ZYZ3(V-j_RY_mzyF=c#`CYO`uf`K7Vp^<8FIq&&n@QqZ>7~A-+tG>B^`g8
z4fy*$ooRM#G2^eD@Va@6j=xQWzjD36Ur)WjUw3_GUe4#A(toqT{<>_-)bLZSPsh*I
zHDv$Ytm9`R>HM#3&WxXq3bOxh7WlcJ@bmxvitN9eb^M%8_}R2M9X~?`{Ctr3yb9%l
z2K@ZG#{VHdV8G9d)K}i-3GBa{()l;yDC|d6%a-m(>8vWg5qWAu*Vjj57wGGDY@@Jo9n3-)(eodI{G42y58u{is#j0-
za)!z(4)X6;Oy9Q{+D-i?ZJbz7<@@h3;}6bh7tQG%&(!dzBLn`_?o8
z$&5d{d^CTLz@IaOKP3dyK97z+canb#wOwcb#;_sh|1O
z&pUUe+dtFf-@7u~7iMxDU&z0Y8RXv+^+G=YQ)n+h36XNDW*0yFr}iTQ$W0_}FG9R`Gda
zyq6M_td|3_9=lp4F?*SG6xJ7cSmE1DMOCYoZNDwCzrZ3j2345Bjx1
zzjIRH4S9i`e{&|#?#=E0)MosSlP+8@8?*3rvo(lyV-2b6Hg-Ijsji>6zv8IGyCxQX
zul3?1W3CpLLn{zrAmH
z><#ow!SZFq+xEXj-@Vei%Jl6DGvJ>G>Z2e3qjyTGh#OO`T$^P49?t(t$B%CxetdZh
zZF|8pE!`I4HLsVVojBi#ckqn<-0|$(F``sqoCYUf>lYo@e*iFgM8xfJ%s5(Q0rdkJ`dV{+^uJv+h5G#|^+9%a-ZF*y%_;Tm
zP(NoX^G~TSLH$48oWlHXH}4;=|CK4!?@y_Z>;Ic6)Nf9ykL&+$Q>gDrsgLXbi>b_i
zjk!Lq|4UPue@cB^|L1N_QimQO8Z4VrY4#9*-_^SHB2OQsyUrF$vqtYeGjnSavbPlB+O4m?2pVCrF-IQ*m)S9pVar?*WldkY2{Ntd^
zti`*L*~7hat;7C#)@%MI_G+Y+`|{tG2(X)d?Q9Ro1n>2QQsQsCOgeYrY7sBd%48m+
z;eONmykgL8ABQnK(8Dg4NzhL;i#7U^`THc$oe~yysv?=+=9Jjuy@l+<9`s@01~~xZ
zntLFX*+2ZO8U9z{e~c{?Xs^i}L`5b_`Q88k!T=j~zQ&HwcmVx3sYNmo+?_th14^f}c1
z_|7`p#m|?I_M+cYXSm4XP`Hl+&`%d<%jaL3BjG#rXxlMIMS$-|aoCdU_CXpCKwo&z
z9n0gsppXAPvQr)_Mw`IJ*V>^E#>#sFY(;cJpKX)0UwMkn^6?VJ-VZW2zvpg;{WspP
z0USwr@96H@jrV6Z;M%(5BEF9_td0LM8vk2GB3|of$@~#>Oq5BSe-@1upJ0f?I?4=u
z9qmqEK8!h-0@ouX4+M%t?2(lKV>p%|#SnZ{lmCl^O~0R6K<6z6I#wN9m|LU_Jl4{E
zncA2QW!xaw2eChZCrCl}DCxmD)uFzV0k(E#7}J~7-YbPDGtA=p1L9hBTDRdn
zG|qNjrv!EWK1^-Qk1Yb0S@=J6#38izH~otvm}9W(oJj5{Z&j(J`LWM`F<0|rqn{Z;*sQ<+)qqusO%73uxqzlK2I3dPrjscW<
zf2ey6}oe{Y!$*#
z+1lO!tLY80gS{d4bnkxl(_We10d%P7bJI2LR5=^kBSo_Jali4%E7?Uatbe(DgU1iP
z)VIQV3Ha(8eXZ={KAF|vnHYy77nTRU7+?pZvw<(Fkh)oU6n|$~_sPy_J237h(2p9x
zTalvA*JQp|!ZQ~94tWV37O}o7w!nJTztH-g|3p_y_n*qeTC^4*oYep?T?@QV0UkRK
zbcUOL3)xv_Tg>!GhPE_#+0OZ04ccVG+wpCrVa!2j&th$qJJ{MpB)d(KxgNGxa^72^
zcEZ?NlaCY}8QG_X*}=p>@^>qrdi!)$GWjnKCja9~_zrasEAS2YriNXDi<-7>V^o(=E?d$u-^Y54XLfkf@MA2VQR_+5b{GZ4oeuZ>0^-Wto-6wj`
zslRC}0Q&TOTJLPCtGydetv`?IuQ${Wu&2A4*iXA~&zoVtZS40TGk)BM`+vf)|8dy=
z6SUuP+Ha(z1Ie<2wztuDXlEun2*fZr#u0?1=kknS=fR8ngL$seolBWYIen0Ft
zj@8E2MA44gj$@qW<*|J+5AaEWG_fFMJ?7*dSDIlC+3t`GX~H?u$njLhIRQOF9y}Xl
z!s|~8dDLQ66!eQ`V_)l;ZGA#Pzemtl55kmVS_!Pp+Qi=jybAgv54Ja;9pOFx?k@2S
zvj0i^eXP_9{UOb0f_cC`$KZD?#187`9}>ouN%~hWS{XPqxbr;2klVu~5IluAbr}%$m
zrCm7TyfF`@YeOe
z$+Bxk{yUq?5k~ng2l%mG|1&y^j2h}sbpNV(g@`|=$qy2&Zz1qMH}F3X@IM*&-&}s4
z@(GU@s>ywb6G8s}yL~7_h7A7)4F4PZyN}72hfe>f3+ZXez4uoY@|b8>{hD06l+L{d
zmkU`tNc5+WWZ0kFP4++dp2wbowY%BJB)tvfTZ>?Jm!
zJCGQQ{)1cydgPV9An1fP?sv`6W63R0(AKT#iNc4lGp?rmp2^sVMw_P-Z9YM;)VWNT
zw>26)#~oIROJ(K7HWZ1;EQ!F$UbY@e4WpL;GsOkARN;ES$^c
zhh3I1jL8Rj!9Mv2zpqgcMxRuW#$|2XRu>;PzDtKXaS7^-iT_K-whzxFdj-a>1zkRj
z=XqBv(Tk&rK;myqEl+8p`KVc}U~q?VG>@M;Ekrt(n@pNbThr+6#*L
z6Af~rUIH}8n;7*sr`ZEGh<){>?6b|V&l(TDo%T6?tImV%>;SCM(H?{+8~1sr!BR2c
zK~8kC@rAkmb8BY(+0H%zdhto$SnD#2uZuR{QciDS3|@q1eLeVGdQ;)qld=w>hK4T2
zio2F_`%Vsj4~};3C4kdtqY3c!ET;9W?$O#0!2AOyd@APnWP4rrXC8RErMrdJ@T<3&
z^@nVb?J%a}Sn|&sL~qyMqObi_&Y8IVGf%*`k^YVcYXO3_LRgEL+^@ZnALwggrL{1A
z&jdd&&>WibjB~izr>(Puyp$b?dDzjI%wCEmZtOijnen{?yeCtChp9i7XM|Us{AlW0jM9_SEFB2zxys?MuA4_z6gtlO8ZQ{+-z36kZ
z4QT(~g2N+TH8R6#l1GvDXOKsyME{$4e~k%|TB4J>|G0Sk^D$w^`UGg;r@)^-^Y6#I
zKR?#jq*A;8zF6?oTLErBJ_7!Jpa=b%dstEYL<8RQDoP-KltFIVNOy4R7Yn-^%DCt+
zvH4$Hy1zl+Wca26jR~-qKz^+12|;^kS26lCnIL}gHaS~zX1M5sYH^J?o_B{Ji7ZueNgR#&8+-?#NTKz}bW>F?hMJXzPLR0}+DR4lM6
zl>s&w68>c>*3c{dEeL3A=;K#Z6%r-+Na43
z4ovLdhdTV!7A4VI)YMYrThc!}sTku=El~talkn|*&bc#}fq{wEuJyfDU0G+i=Wm~V
z&e?mPefHjGS#lqhr1xLTX6nawKI{u$!0o&4Tefigfo3Q()y~d`NbhK@u&XUV3nh;Y
zzTw>j5%K&QeWLYoMz?0z|1QIK(F;R1QE*ossiE=2t<+W&Qzqxk%m1?D_+@r8LKnsX
zT1wxQK2nBn&1$e$-qiiSpnTi2zL2T-NSQH4qr76hg1)K^{GH|ICw$>BkD;*->eT7vB8~T%y@j(vf
zMI6o@9L}#$_~J03UHE+ZrEhS14ZCeF`DkJI&rP$r#Jke3&k=8muK%S;{KsG~5UFlm
z8^D}N<8$U02&YOtyR)T=3{l<&e{X4fc1!2Xc=^l*5@QX)8P$m~4sAhS_~-mwx*htO
zm|h!2neh8F{IurwC!_w4N#KJu+_{^-`y$YOH+CRBz%#7gZ;g>a_HF
zD}tLPlTo|66w};Inc*q=+8-*O)bhD_~w)j*Dem%;9@4v&^OnqeDWrJVa?WG_~`p5CRnbhT=&x0TR5t6O{
zEFNEs_d^WvLumYVQBY7nXtJwH@aAik(>(TYO#aE5y*^6rW9O{^$k`Y-%nzwhBmo?G
zk=94Hgd8S;@-KzI1AZmPc|jI^^E!kwvAj7)YX%xt-?t?+hCBdd%_&Hke?xvq5`+kC
zcSjCwcdj)=<-bgW|E>X->|I@FNT^1*oRNM`vrM1o^Ph=2KUn{n^RK^5D%-u|9sZUt
ze2n}3T${<(7V5i@K3cdgVS6Ui?}B{u3e2zc%>?--#v6Q$H;8-DgywYKu7pzn`^~N=G5>Su0B?AsyvyG{U)eGq*ka
z@**79<8q>XFZ35^xk}c6pGEQQk)eaW@ZF!`^8X^d8ziG9qP&9g?OgOfowsjaWIXGw
zl`f6lFR;4F&exNCUA>SIuYYK$Ce#dYVO(>RA=&;%z8JU53uQ2x6?n!&!jJOvhXgQ;)UcT8gvzGpe-5JS-#VB6`xITT8~A#SK$+bZ
zqU=u3Q!(D($r={#Z)7HXUClrBg`eT@`Js-ENB9|gD|DNBcgWLw=s!u11w4Z1=u0=r4nn`8Ao#s}WhuC?W
zy#w-wm))oQ8F&SbcURp1Bc1JM;md^Dt0$Jvh5hsb_c>^Uva%&Z@fYJ8eGAMPj{`n$
z{G0UT=Z9qU0(EDtBtPI6>R=x`JsJG1laf8Y@aZpe{+Bl3+Q9WwALIK6>j?WKpc7~h
zlpo0Eb{VmFK|s@O_DZ!L_I@Gvac)l2&-hWV<9ojF_qlIneHy+!lplB-_yuiuFKbta
zV}!#|0_7|mj?4u5k+`4Dd_Rk6sp-q;`nSaCzj+><*(lD+0z#XD@li)xFdh$)#ss??
z;C9WaJN+Xc!QvpfF)D;^Yq%$xoFD+y#AA-fwnAwzjo1pKO&v@7|>rm4(BlN%&8yy
z!e8O%#T&%tTO4l9zg#$hjUOm9CpwnV&pBp{-76tFxKIW`ll*
z$br6o==*T7a*WCB=e$!rzHk#id$gMY*D%+275{Zc`5q{5Hk7}Xmv7|dZ%ZiuAe3JY
zWvd2!;UM?fzm%74PAGez7|%uVwm;3=&f?{7;N=Nf6VU)?Re-adfU|nQStH=A32@d7
zII{|CdTqkiUWZWI>nFGLwvq$AZRD}uetOoAdeL5^zSS2V;C?edG_m$~B*62(0Upr+
zPacQotGv7h<)i0Vd4$Q>*Szpi-`Ls+th)%%#t6{H2++nz2{{*0$eNyZ@=|Yroa;SA
z*7S9gt$l;!777m`^)xo-8DYTHPu6rnUe_S0?P_oLh4=9N5EWS5R--*@;{R0s6)^tv
zwAa)`%7fo=x)0kG&k9QS3IppVWKHC@Irs*<)$lvZ@Y`niE#DN-1}_iL_dr`#hP2xZ
z`b;zQv69q}I``LWW3c~F1}(Ih-NFBm+-7o6dQvR%2;!($rSWX50yJI%Q9bJ>RL!=J
zxaIFi?rhS4`muA^kAG!{cKyuvD*`zH$46rE&6p;Ttk<;T&R&9-Jra8+ol>-U;(_
z7}f#C?isvWUk_cV3sYw3zor*HU$FD-G(Ark?O`2o=3fdlIhc{}#<#ehhV^43nO%al
zdmHemD1EPrzX@yN`ehINohAC!#pGjZzEA;Y*XyZW5{-F{@-DYEIXPW7F5l#@IC8na
z0`YbDZhr-iWzWj5)6{vBq_wPcYFUssJ&kgPJ13aFN5yw*3oLt7VtLam-9)qxs=s%f
zi}N2lDW&mkWN7!urWxTPGvG2Q2$y6rDZ~&%S}l0q-f*d%sbV>Z?Ra}M|jK-KeU@?QjT#OKZ=w7
zI+Qow_TGJ!O8qhQ_%J)5tp2t=+9-C{v9|s%&o4fM^7XWL?7=Nm=lc;TGxlIjr>R)N
z_s6LWRF;;HzEd3-m+%upgBxvr-D#Boo4adz?LE#HtY0cWREP1&U0wLj&Az@C3d6m;
zkKw;UA63v^p`>DasDpeJ{mi=Kcex|aF<)kXKZ6zTj~5f^O?(TE}x0ih{`LCLg2y;T~^s&6L+gYBKe^=m}_BHk`3%;!;Zlp`wg&QRgmbX5|@*2O#
z<`=)U@qX>pwnA3$Tm4VsZP0epBxR(ZeM1=BP;Qq+h3|^e)aJvO7lAx{mx$uh)g8F+
zLXgi&0_2P=*#L)xI36Hp94-f0TPBiH7y6d}{1)b0UVM7M^{I)5%h2Z&(+=~elos({
z=(`ER4yKonwKphBOVNJ34dI722cb>TQO4VqE&v?=W}nl8?f;0k|H6B?mz;r*iVbCO
zu6x9G#20F6yC2`33z)tvDJ@o~r{!u%>zLf2wAeMEp>>jO|JDNXKlVTNQ(azm1=w3>
z@j0;lOwSWLnk+VVm1uJp_K`}PNZiA4HnecNqwVkEd$7{Gs84Q%eKWoGGKoY>op@)F
zO{zUnSg((A+h^%LcIN!jbm_Z+I;NZY7an&?e2?kV@thg7Y@|L9?Yzw8yi9ZoL=3SMnkBqKds3X`#}iB)6`|HrDet
z#wOvs*~;3;eT>^3uTr%kwwHo=H_H_n#Hmi>86jFq=Qo4M+nV?LI=^|7TtRhEwefrJ
zRxT5_Pck0~CND!7IOATx?c2W!dA31z=j7P8r3>L&jxjd?F2dp331!9(Gq_+31tu7m
zN}Spa!k&sOv1MB;@o%YroY}jfpR7(7(AID2cC>Z-qg?;EuhZW@(3v-(R_wMg9Sv}&
zE}K}WMt|fBZ{cg^%?X6Hfa-2?$jz^qeCD8YXSXl>uiSQj?A`hA
zYO9jym-^q0^Jf#tTEWROdjH%?-_)Qn%X;a1Par?}>*DsTgu~tp^;g1~crJfK%Kr`R
zXVdmw?s)qsJ09<&Z^c0S&73d3#&t=n=V*J@{pWZ*#)pkKLl~z5{V_@eC)(?RtSy9y
zU7$2wO!V(rK>vjI0#;HKTEg`}GMrmX^c@4}$5Ke`>#f8T()9tz3$YBob%1>Q9ps1l
zTX)IsKgQ$uLI3=ju@4S91+s6wqxQlsKgfPfbv3}>cXioGv1ccoTMzO%7=LHL1!Y2W
z#Wx;-ytV}S$7X-BtP$2y73}qqyL{my{?^A2-@zCF6b5P|)I=J(>gyOh%hMV@vy;jf
z&Mqs+9QRzci>~2Y_*^x;gX?d1sIi~PLmeQ4R6$*>&ex?ty?h#cF*13__xs=wa
zp!X4r67F{Jo~fJUhw@-Q-Lo=B3vQOxOzL;ORTbXrc4H2ycQ)Asgke|867
zuUmMT8=#C0zD0$6`h7G1zT@qgd$Y+H|LN`2>`N4~wRZ`%FL?*fLgQZjek}2h7tcsm
zK4(G8VYQsb74g4I$TvF|*;O@oiC^6U-!g%gPd!+}-*k3H(9RL<4#ptG7(r8zV$7hE
zc-Mq)WT}bQ2&tp>$0==}=<>3B69}8#){bwRm4{qtS*>|bg_6@3j
z=he>dUrJ5^&g|Dg-bJyzy*zLADU6Ml7n+7K7G7-uzFX)~zV8b^#Pu&{#s*v>wR6}^
z>!O{*!<=tLAum61zt;_P8ttp5Y6m(Iwvxjv9*Grsg>CJ6w7r0S0scaOKQDrP?&E#7
zj^R4MJ~zbr{0{H)hB3VV$GnSTdEe%FRdc}l4W3s#hBT}u1h7EA4eb8!>UEl#zWcH(
za;W!y*o&^vQX=P+x@Bps7UvE2Nt$ze%T?&>krT=NX$_VMpqxDw^o5%_yd!@BIf?{c
zIa!N);m@!a-tsPoxwngN(mnBQ9^a)K%60F@GSgo4rEWjOeChG`)OVR*JpRtT{lYFY
z|Lxe%{N3^Q(9sLKEc`e6a@(@ap6uBDEqz-m2xqnT@`TsQ65lpL{rT`Oec_+-xEnbD
z3jrC%34EUFOA_uQ#J|v3C7m`-7o#9kS;_7$q>2B`_gwTXv~k}ZHk0~SWAVS
zGJYF+2>Kub7~0Rh!xzrvcdMSam~0FC=@lu&XwHy^5H
z^l1g3v5XUUmX2U@P4M>(8g=Ljn&XbH=Gkh
zLwSsE(-dOzEzEfU{rBK^_s5}3;68Q^)BB^b_en*kmEOYx?MwfR+L8X6ih3#s_6hsC
zmfJXWzlrzVWISm8EVV_$v$#7gsLFjP*Eu6XVL*j5Ilbp|_8qT48>q!q0X1lT8u^H!
z{NV~6-uc^*V{K#=`c*a`E$RV~8L*xT^-wkf{D!W8_H|y_w#RWz5!z}
z%&n4ee|5-!<2GKWAL{Ied9PS0se-s$4L})K+qB(p@G|?L4Cb}hVtfde=jVCNJg*Jc
zIM4eJp7(j4*9v)sJnw(;JcZ}^Yca+d%e!9R|2(f5@)VwTEzh&QfqQ4S+Jt+S$3Uym
z$NxHv-+;>}0GB%6cJMMoP^RR&H6fQIz9s|e0i9G)F9Ulcre~2Y1t>E{lmk@P!oLe$I-R$P
zLOCI(UYwgk;0pqOzhX7OT9$U5it+U-sQw4(Nks_Xp=P#2FZU6DDaeRL>w}iPD*ARe
z0$!H!IbOxb{K9J(XK$^uz6^7P>1_Hwo{twr9Hxv2$QU75mzvIRby{f?
zt2{7A9fSYn3xAK-_rJz$RdgDKae)d=d6DQ=C+d)Q0jN?DWiIG
z8ZqYBy)wR)(k<`Zpy1i}$qjW9+Wxb5)tN2~&#oKiysMtumNU6A7*c+BmN7v`$d3^D#_zq(rbB_V<9P4wyzoHen
zZVA#{_*V%3N-)oEbq6OmxW}hUM}w1;zm6O07p;)pHoM@)yuU&jE0InZ-&0S7@AP!(
z#Ekoo6Tl~X^?fFMMkM5|*!}-kh#TblbMxB&zB1sF&Mtg@7%{Es#rQOMhFA(`h{CCeG>7bl51$+hL#*EQ;
zdt0f$N4EWFS<^$l@a^0mvJvXP^k}K{)(_-CK!>|*_H1{fu+?c5*m>yF{4JI&DC>Z-ZGs$XGHs1Co7Oln-qR)1b;nvw
z=la^<-w43g4tY^X1CXAC^bn-okk=3Y2I1e3>A*urP3ImOhTk^(P+2y`bDcBy9$)xR
zysyB^1Fpc{nov8O=P{m1^l{kB%V12vdjJm+t8hn;zII%&E(CI`($XhsN|sx~`&;wa
zHGEx^X-Kd2b%8RoO}MNF{WEOB8$AyAJ!0A#8iY2fZA=PuB5E?k|NYZ|tL@Cf>%Y;w
zrgt&-cU%%%|0=Bid>F&=&YVjEv9(>5b>0Czr(t2=xqPlmBm-U(?p-nSx*!)GL!*^9kK_xCP-E>(^*yD7wx
zzQ3Q~_Dwm*_5Gc1*x%PB+27YC?C*TOznQI-zQ6bJHP!MsLAA3kLzw{8!ccB?$v*Z3c+5@tV>VW)4Gw!j12#Z<2@E&V2
zr*=Qx{Ko-T{n?rR5rkxSq3=m6(3Fu5z%9qu_CI1AEi$@;b(0Nj{}
zGLAamixGa1NAY|c4z18
z{`{
zKRKER_^DB8ND-_qN4@u||LL#pvyFA7C;0WeRt;tqlES9I9^LNU8?DI~^lYgfzuxy?
zo^;l12Z`e;`&{2rSVJbxKjJ9+jwY4QxaB8KoKjxn7hpq|@cpsB0a=px97%6dEv)Po
z=@Ny+EDVLe@HN25@ps+-rXn^u&o_JUm5m71CTXkqbWYh-FqCi<5lA7`Y=iLuTS_!;
zR=ZjedftpJp14C%Ozw)Rqa9X7lrQzEiYBXu+QTSQOi6TRR^n;54sa9o5UO8u|p
zm1tY(GgF#lqDVPu559?YZIpcb+`X2}@8xItm~&q@eBMo(Gc{A4uC{Iz-Fl#)GU_>P
z+k;-T6jrlSpMc5i3z0ZJkKw_zdwB(=uh|$76!;5LQ6#A=5aNd|P=!jVIbe!LM>($O
zq=g|F`x%$vh~^Jl*cn7azev8eVD(8bR1`cVLpmtL=wl-cx`ozA5cw*=McX|ej_#Fn
zeLA@9^f^g5IE*7Psh(k<6yf}$_*~Vx42JLa6fiu4=s5zR#GECf=NoJHbhRLXqHIJi
z=iYY&8#)OdIF0Z6UT{l*4`QM#H`r<&@lw(z=}2DE2YgOjroD>-Oi~2-8c_X7j?TMX
z+$)7(acTT|6gGB=UJw!mbsm(c_^h*LtPZ(~r9xxmZ;Mi>H19n!aX1^5;f4pn^_(7v
z19l%l*z8$h&(-3uf_tVi{-Wrjow_(l5pqFKm75A|8YO?e&p}KaHD*p6$=MYYfB5?J
z-+%mBN$03Pyx5Fy-+XcVWz7!iI#a+^nfJ-t?0!7nUO*M{ctVj>)g_!#ZaJNw-rQpDMZr*?bGYBn!?qRrx@Skrqo0)b
z?4fuxBAs&C)^oO!S!jF^_v-=ug{Sph0lOl(PlIqs7AWii98V2nULp4g6^LiS!RTv=iGIVZREmHne~DQ
z&z8SlSL$*B#EPJMiH6<3RE6ivPnVfo6pP8R9@_rfw~C`v0%ld?4xa;x`%;*msZbo;
zDt`5xwlVbf>vgU_u&=hA5-AVA-Wx&d@B;qLm2rBpzHe;*F_=%YI=zUDt^*TA0?M*l31-%Q;75&3?>a$V`
z{t9x>N9(`1|5q0_LZ$YG68ffFQ-0kbiOhq{^HFZs|4jRTt!?h~>78QZGsSi4!K1I^
zLpFSp_d^S|?u0LpPf6I!5@4WTiTxKebMNBDUSbIsf9=aLd=o!OLun|Gj}`~KQRA(83xuC0O4Tc&}0
z&RHR`W524W8ag`UMmZ3#B={%zZeYG1m2$J>e@6eF34`0H3kV3z+*5;70OR%IE>y$F
zPaFo>CTqb%?gzt2`jw&AIFQX0e?j~h&5Yn-8D04A3w73Sz*j~`QrY|5AAvI*5no}T
zCIUCCEY;f1=Qik-tKE5*AHhTW9&p3n>w8L#a=HH3X3AsSIoOP7IIYlqX9jL@mf!au
zJkIF|WSk6CVb~L+lsJc`9cdiE^x5rB%0!j}$!dSlpK>8!XRA2Pp_1e+{ZZG?oYpx?
z)-Phc`H|`C&rkoNd_xN)S4WS&ycE%(&W7Ul?Ym`fyO(`$iLQSuomHLIIV)33K-DG^
z?aMmv?m2FHj^{D=Ezr*IRaho|+P01>$^xD@6A|bnj3wDXVlEvgNr3
zER)1@gXoD3Hl%6s5HN+c!rV0L20I>rjvqlc?lmOvH;XBecK`AW&e?Q`tPI5jF
zCjv*rl+byQ+OI=V*TXs;l3`z3Z0eujl8dx)1B<5blsTSlhLa4$6$gWE86N^D%MQt0(w4qlFLs{}vXc}^eaagC&RG1Wcr9hX0
zlu_OX*CEgkm0gYZo~29JD2;9ehLNFZmwMheoY)w_4x=DK3Zga{&AkR+#2ass+$hm*
z%}qNBEMtl>yC0dSp3EdTCZ&Xc8ubzfd}Y(AL6vasq%V$B*YB{A2mm6v>G@G<-EvuY
zI4}F^9@R+|%KB|76=~&wI$uSi_R+%WsZ}jw0ob$`xhmCy;@oI{C#0!=+R1)7A~*SP
z7KQR%IgA*NQ+QG<^AC(}qzx>Zd|s6+
z1iSAlr{H6fcRvi87md*4M#<}_26Yh1>)AGWpaQ?9xGn&uCX^?lY*8oon4w)FnX*`=
z7nnMy+G3v=sG7U8h`E?ks22M!He**<{)|UVSSe@N%bq%y8;!IcZij~
zVmll_d53;2GGc5!Ta&K{wZrm?D;>O@c6|Taqttyw22pnO%kmTLva*}cM`y`cuo`De
zpw>8lwSq0T81l;?fqJMBKuxrcKBcZUrgaf?}-
zu#Q*K#e2FglKa2wf&6nWVkW&SEV%zlI5+(uW6##wTtU~ITlrX*6%ff
zA9e8P@U8Ypn?=crg1qy2P(W74C00wT4!gzvn)#w3f5xZ?u$O<(RCDb%>6^mqNBhBi
z`On8UMM0KLPgg!H{k)$qsqZx3UOF*rm=-YY5Q8wD1^RjXK)-d6D(dh0y8I<9?eExI
zYtx+Pk^l}CH@=;Owv$4&HvWClnK~ow`VnZoRy?su%29~vkJV?$?=Rm*vi@UR#O+x8
z5|?eOSiKkViq?9w46oEWV039T7Ek*8VGdw*P=+mAH^FMoratyaRUeQ-jsXK6lbz*5>#0N1;ZscPe_*cTZ0-x`Ia$c`Ql&pIQ+pE
zy4}8icwID8y~;!7;UX*mh3=`ZH}H=)&`-m$X*bX_wAoUJd*h#ThuK9wIT^m}%6rM_
z@09+U>JlYmMe?7?H=wH`3H>25hu*SQ6C1c950eG!fRG6nE3HO}*ghBErq96_)i>9B
zLbz5fT0teci$+nePjyJk(u+KE3VJ^SZ5kgRYu;lTME?Q<4hW_pxwVHo=c?`~M`x2a
zj^}@$_3;nY3)emR#TO20XphGSLb1KQm*x0SC4OKQnRs&~Lprt3Yn5T$eZZ`br}>Vb
zN0KJ_qG+2h8&Z}c~uW33P$QnB9F);VRJI+DOIbD+t$*7~Br6@w%BpNd6=oR{+=
zRU(O@UK-(!`8owQVl{CgAhEeXXNLKWt_nwCVbG-O-)5M8z`(Bg=a3v$7$lDpNE@Cp
zG^DsYVW0v2w%aWQrozn)WhwiH?I06tE$?_D@#?nNo5$ynq1AenOO1X?d~M<_B~KFf
z?!ABB8svmp!x@t0nMTjmnDZIM=4orBsOhBM!I_(>VQ#|8Ll#pZfYi(savvVCSnyZH
zF;FrsHZr5}M*Wj_Y0upQnc7NJvv_}^%A=fpiykNWqd2Nx!-+i7Vl|8$;1eIgVuIP81XT#z4&k}(hHcpG_fQr}TcF?=Vm
zPvfQGmU$~D_yF-SEL`C8W%`!cv!O}nPh^c`4t$n2-*w>FNTS((9;|WUzhRfpCx4=Y
z#^soB_FW1Ul_3MJ97aJVUur|ToQ{(1+>jWkXI_Y0ga+I+tYTdG;GbW9rolGC?XOvc
ze;P`voJjhsL^7xC93$^Mib73v%ug9xCuhJDPcAQ!({kA}a;)F3Z|_hlaoEd=H$})y
z6&0*JG*JECU7M?WpnP18VD7CQ=EdvbZv{tdfZt%)hTV65cc4SNFId_O0Qfe7@9l`o
z!zx0j6vX@nA?FPG`tgrw$9uW{Gc2MlX`)+ItE-J~C7nb@oh!D6h}EsJyPPjHrW19b
zLqU^H%twS4gJP3reYf9@F*A1r#waw7i@dWW0;txhbxEB$h
zruvrH`N)B2DW?PU`AT4GGv1hjQlWiScBZPT8*eD7`68Tx*@2$qt8nsF`ge`85^o=G
z?gtnz?*}9%34M|5NHDB6$?WBQaL9aP-O2d{zR7@mLK#CpanA!87Cw8o_=v2O)jH8h
z0L2kp#W4jR+fZ}mD2t>4?-8&zPKfSo1c5WR$&h?4XhnZOaNy$7w_VA7NFnoE
z-+4Og&ZAL91+Aua0gV@z)D*!>(OBNDWQRzr_0I7x(k(!E9QuYkHIn*}}_6DN{hE`Q?Uwhkjx&e9O9Qhvws})QZOj>i~UXP|m2pZ(N{Z1j{5UEA({f
z4fDakU0`SWU7!@O!C?R`EDz>7XCJ-`JdfB=7mmIky7lq}0!oM*iIyl)nIb7SCLP?C
zG+Kmb&ElRO4EPxUr$&E6&@>UoL!O4W@iodMowh#4}85BJo3o=Gtb?G&2%1GPCX?Bl=mm!wP=L#lI
zN!YHlNB6oWy&^AX9UHrX@|$IMKdy}9Y4(alNTxs%sR{xL=RBIi3)Vm`kT$>zJTCG)
zBADSrn(^KA&T#9%P=#-6#;wr<9U*G6EIwMjYSt{emmXd#!K?OLZJX&Y^CuKL0D7hz
zbMR2+Zyh(ihPF4@Q{tqr-cl~K@a<2MXLEk2r-JuMHAf6GU=%UorV1Hxd$9+ICB#`3
z?(s8^gA*_rjI-?@2FB_O+j@zEtkV?0-ugu_>$SjED2@y+I8T=J`?r2w>ElRjyBxdk
z`Y{~pLjG#8{EbN{v-5IY7L3fo*NvU^VqZR0w(
zVU{7?%(V&k$m&sR!1Xs7ZiU~&O1TMhGCvFEn|yd`aKl~`Hj@w@5>yZmZ_wvMub*sj
zi$9-x<)f;7Sodm*fzec$I9g{$%BCYP9|?56Hu
zpj`+n0N!C(Z4^R$$F2lqW${N`dQwZe6{Fv)IAzVG2|FKK`cpMzB`wuhv82vSn4d*y
z4=}fi?rg0+J1n#89dlSr&KP5SG5wC!E4F!I@~zF>JFb&~cXEXQ$vju-U#ssuNOoZb
zlp7hdV{&cJUwatI&W6YCQTo=|*j;vdcX*fs=Xg5*^N}o7@V(unW&MmO;IhEa`_CUb
z^{)mxocUz%@Qy`?80|Er(?6FwVd?p~AxA$1~H
zy##mai0N&lZhGzgc~VdKRqS@5K(NCj4&y;2&;`XjiX*%MN7jvfVoMwo@=D-pTR7i7
z-wkP1
zc*DVWG@rIC`Y}v=-1cLI!QHAP*(z`GEqrL@ow4FWb|>0E-NdVX<{Oh#T|zgwf{GcK
zjN5i9HtBfZ%&CMJMe~FfXQ25H9_T$HT1$tfVx6-Kp!S3%?ynu=1Ft&|{y}KcdnB
zvVIcxDxpGS0U}HK;3GyD@@GFuz5m>N&>Mh-~ykZ3Jm|pHD
zgh?Ztyuf|p$|&hBRnQs_DBwQB&e0ySX3aQ^=rz!A52ZC>C8zzXGN?N%)p2%C|6P{y8PP9sPWFc+0S+L%i{&OXJd-tLD0c
zDy~W~tYEuCQQ($S3XNyoO=zKbhBvej=WP95mqV{aB6rPm{~6ChjNh7~-!HL!#yvf?
zns8hU->vYR66^<9=1U9Dsc8tI`;V1~)HWvnPh)eK;FJffsbGb2Qv6dLlSjODe73_9
zvt^-z2W8q2aZx3HwwId^IZ@E$m#)8{2mNe>qHP<`@}U|!7ARY!8M`sL{K%16DN%X1
zO}-=3&7Kic<nS?yvU!(@hUmA{R1ZW
z5z59sgU(6_W}g@Dsb)`t>u#2ril8M(OY4BuXa)LlH0ByT7?5M5{NCb_pD7O$>WRKE
zzD+Wm?_28F4q-Qgw^o^m965}Hd`IQ|3~{K30)|5z&8EJ+F)9lgsJDJHkF$L;CtLP!
zEd7#cG~|_;r}c7Zb``3y3f22$*=$XzW$0pWPnG8NdHVaE0G>_yV*|D@n;#NVh4O6Q
z<(lL)2CX4Kd2qB}m)?hK3~>m|^C_#oo#if|3wt77rpKm4+w9Dak=HS7sPMzQ9-Vk&
zbnyHeImBcvI1@Q98t_eW7bqJ-gP+v}eW7OyRzRG+C`UU5zX8={P|)NoV=GOCf=173
ze!i~>SkI#_m7f%Q#$h*`z<`Hj&A4y#o&l_XK#624F5Ti%CE0O9o1PaPtU+UhvJsk8
zxN`5_ZOq?K8t0@+1n|Z13zDLF5A&U+4h7LOvjh(K&H{bm0L{DUhKkC_KHFXQiW2nP
z$DTHiTuGk&j$10Ms#a}C!c!C7`1R!@K)AuwhLbXjfJ7OtG8fO=+V;A-wQ0sdrnb!V
zLwwE7#qX+dRxN!B49^tf_mDZs-vyBdfcsNXnZ&$qr2UZKk&4yBr)u^I?5MAvaDX_P
zED=5bpZ60OEvRyHKF(5)c3{>KXwpY}RpjEIuz$zBglIlU?w1`ph_i&~E
zd_~zTMeQ#V!^(}b(l09QIi`jV*UCQQ4SXca>Ohk!b4Q24*S|8FB&)`?U79kP!!KQA
z3SCZiC1az~3j>{0NZ<+_XW0d>^;2fA_?XGXDY{7i9yyB#GK4bFZQ%f=ZKTP(b6mp#
zF}5X0wP?J)FD;N0!I|ioMLow7ScvcBS=<36j(UDAoS^XJzuM^gMYOl>dR%E_v>@M~
z+a)4rBJHa^R{!Wii!;HupJV%c>hy+)4h<4*XH1DxKV1K8G0;LrdhiD}aeg|Gy@9wx
zoF3Ve#i4vp%dweRy0GJNY`}ciy)U?`%R+pv>L(q_4w}5uR)uF8djH0m*n)qXwhaa!
zV}Z8)rBP!NCX?{_mpoIg4+8H31LX@kqUjNdp{9U6FgpSeC^!d?KH+rNO>A-e;R#VzgrE>>B-
zGLr7rJuo~eB-S^YY1I_IV-0gCXdGwv9opM+J6^29kgVd-P7fyvg2Cw-D-7U@ZTw<}
z-1rM3f$P+0uT$pQ7k1K%gmH=!^LegKm_r531aE6}Tj}|laUiztN1l@(`mz9&l=m)d
zQ%j-GnsY5rrFV?h=4#)vtSTD4zq<}ZJ+x~`JE1*0zf(1vYVVD?@JbBA{%5VDw
zA?g;lUeZf51d)HRrWDI+k#i=(r?_wQXt@+A;$}!JeiQ+awKw>b#FHCdeoj6cPCp?r
zma_SE4;VOE1<|^_MTt#Vb-YW`o4uF(^ocK9Q}rVZX0GPlV%u%sC$m0>N|G-qk^9Yzai(LXtneLAXHkGD2iyo
zc=Otxhd$Ye=I8!%lwdoLSz3H`#!Ftp(2d-X_C8S#}Wo
zr9J-a&U%gW5M#ID?Tcb~dT7G=kBmkQEK`ejHc~Eo{+eJl355(#?fD*WEJO#7173~q
zwI(T`nG((-n-sxMB3j(Lv#qxvkBBF#&gO`
zi@a-UWcfGnjTgo5=4zNv@adLXnW0E!yqkTXmj@@7&t)_?e$ZMVsf(MhE;eJAJZ$o=
zl4qgv_|T9U;iZun!jEEQzvBl=C8&jXEz@#prd7)-n{*(oD0UFXx7v}0x6m3XP9eaWQewY~ZXKrO+&d_3P+t%X
z?AY&6D>dXzYk!US)_T=*HHQhUKNbWHD!h`^yKKxIQihqL%A4jq`JtZ9%$r%a8~%B-
z+7#hF+b2t?pD^m2vY-MyIb;+*KrA(8yR0t$aVA|GHc5;wmsd@n3S-)v0v%J~md7T7
zn+$Lo
zr{VYfGQoS(lMQPh|HWTlu!!-sw(D;Xb&Q1ItT`Vd_ps=0s2y{%RXW%uMhgd5Mwe!9
z`$AO}BmUm2i3ZW^d1vEex6cdSIx$(lXb>=YeXLWZ83s$Y9!6e?PH46QCC1DRV9rID
zmFHs@L`*Ul0m*uw@+`F}nkJ%>%D%VaPjkhSfTWLQO2?k2)izwN_iZrpZ@olbt>{fD
zJPe!sbouI2Nz7GOivjvky%_7<=vf@>4hnt1@6{v-
zJuU;oKa5fTCD|xqfjk!$!<1M={v0l8<@4i6#i+3VRDI{Ouhh#_>VH`B8&kEEom3$t
z8tu1(J(cbc#pb~R1OG(g3wvHfoi~EtT1xINRHh$qiFo7CS@n};Q(x+C;`TGA)JY7U
zM!$m$^85Zo|EK~Ua`j}3gCV|BEOeqU9}w
zvZ{M`DsGccGDgB*ZsCW+@94Z^2(~nxqKY8LuH|0_`PJ~+#u78tWeI4BZ*@XfEH}ZW
z-266grf$V;BbADUA2N9lY^6wAJ(IxB_67(toj({5%yAHa2XSMR))SKut*ROVdI>rn
zT_(w-vNDiPL~_&fkD$x>ff|h&O;y*e;3_r8>i+i2upe3O58@pLW&ue4!Jd*cnLC
z=fME=F3%}k!V1FFP876D;OE|wsQ)z|@-{|tP-zHh^+89FS=L7EwmpNBRp%WV#XshJ
zI4*7_n>jX*TE(!Ky}3iqv0>J>#SB5A%pU8U3sdTF8(RIH?V#w3ZcZcB5`NxO!+svg
zDs~6LT6|F7SrKRq3-T8U6C70>M#!(x+Mu;NM2*YceBkEcJR`g?O^DE_98Rk=!MKft
zgI=Il69;3Y9Vy#>IHrZtj5?5_;f;G0lo7iAbzywUjw^3nd6rD9PSts)>@kAJkk(O$
zT!FlDh>!97)iCpGpaCJ@$G_&tC=7osswWw3d!78%+vazEZ1!D!^LB3d(BVFfGVK}W
zVToC?OofT%k0UZ2?s>r)HBka-KHJ+f9R_rEb;Lv&D;RA`h?!l4WeXXi
z=rGd3YiBu^G7_z>uJ=x3lOJ`zDORFT`M4kZrOlmXzwGVdUJSc8$;2X7OiE(K4!|VW
zJ}>!Fd6I9SIh9(OcmpDO<*-w*jx}sgNeYHodNS)~|JQtzc(wiAI#rtRA((0;^v!6;
zk8O251pk9zP+F&sF0|;rXU@C93SH<6IZdeKh*RxSTD!+b-5FS{cs#Krg3&5~o`|ji
zwu|?V9=f9>-tcv&0-ugP_8dEI-FtXGl`e}!-VJngst(cDU951+#|c`PpVmp}HN$_4
zxN|3oL=dfnc!FZxB&7b*e>%v14NQlILWW|Tsy8FNGoT&Q2lb3D5=EX$hB>;&!5_`{
zOO+tHd1GNAPzL0|yK(^mH^cF=j&%HD&WuFfaw4V?g#7&BhmmK>`5Jg)7AHvwV^uSD
zj<#dX8ddP~&<0v@MOo8!Sh2?Ny6E2wc5?lwF{Q&c3~phnuYb?uGdBI}=*R)DIYq9+
zedW76LcN$Cu}Qb2>D_$V-M_m)PYYeYs;^luq=c`xo?UxN{-wSu
zx_fnX|EO76tHr|q7+Lo^PaTE4WbRTQ(nDfZw(W;(S6bJ~FcT~5y{Xtwp1na}^@okQ1U^#1C$7e&+;u^Qi9o6QWY>f*vRp~9|s5X#J
z@sr0$q+0W%o7N#2>Hr0KzlA+`a{r<-c4?`
zJqgIenpK@|et3NKPNV5EkTeJm)b
zZA-XPzrV7e=79gwmM(M(Y#29mn)-Ly2|gEZGlpoPq!%Fre-q{+1VVq&g?_CAF4p_T
zc%5Y@-41C-wzs_QkD%63^D=CHkvwWuTt!Y!rN`*@c~We3UlZcmYllf>HM7x
z_XloEdR3r$z}(9A4^bHECU~w!!xIfF0r3IfY%BgIuv*C&y~P*jk^n!3IXo|HYctnl
z1)SLzjAr~>bZkrEnGPx$Rsln8(->~HK@9|((U|fd&|wPvR&Fe5lMx`iQlB~+E>cz9
z9i;=NajNJy&(!jvHLN$BNitxbApgcB-9JWihyFY>9PFWFsmEnG~v
zvG!lGw%5kI_5iwK9lI|a8jI)Jvk+FFxC0B9*lYZ25RX39M#`?`+$L71)PYGcrtH^hI`$|P8jJrXpTWV{FRXoJ#s
zRv0S6L{6AH9XB+pHIoO543|jw@PCM$3ZY>$o>2Bbam9&nL9;PrBa^TEmHe#f-);WT
zvmu8Vy64G;SnGZe+L7Zxy_J4kjpp9y!(@K?M~|jdMe;rWX$Y$O@Prtzt4GKqs6VMMv;ZFlN
zxydlJgb;-kq3H-ll|Ql4_P>QTV7J#l(&DLIf7Lmm`M(I9DKo$$&nfRF>KDvifjXM3E%^4q#|2
zXOP#i26y1Ul6KGs^tJexZ$OPDlQC>2-fSo3)Pn>H#E2e)vbN;cAe!Mg+SDf!hf&go
z$(b)(pQql&5}*Ai%I?spnMf)A-4&iBs6O_boT)%Z!BGpqcd&1=rd>p^r%wdh$+g<5Z|>@5xBi}FC}45387kP2
zz1``czKOWgAuGJ>vxCYTNL$sxNO1o_}H8=cWX`PYX0B7L9Yy#%BLU;
zP6Hc(tYwJ82e1wMWN1CH_hh8ngr{J0>`uY!Z&qP?RX~;`@AS#Yh%fCAFVk)DvoGJE
zY$6sBrzIDGu+k<{_0%K@B=zuf*V%21+_K7#mo(`gi&GpPPV^9HzC#3EfVW}=k*`ab
zww{i^QiWc&Z@*)_IHL^Mt5)6c?dZbR7--mQe7m_7ZMn@lEW_MumSv^&XiwtR*Dtg7
z3rD{moPg?J$B1*i6wsJ+Xmpqw+uaPsUkr)oM_tjIga=@p&kF(P=QV?{o9Hds)OUTD
zz?UI$e$Gq>SJcCl2`0ASuuNoj&3o`veC@*{hk!KUiHI@=C3D@&d${K!jV+Gm$belj>s()%_cZ0N~p
zci8LH6`5*k%$&yIRY`->qy)2^!#A2YJ`Rnx?}EFJWS2GH{t#Jx;&7s($6=O7-XFgp
zuz5xDECl|d-0w+#8s?;CB6U*<@YJ;-Ri3gpKXUIkE!?bEo&Xdi!50
zWT8{d2a{VWc(0^qkmIKUbLl2_s=6tpg$aIGEiz7R8nmgjSp74R>xTJTGOxj)Z}l&p
z3N(Q%MzJ_$Tp(1q%mU*pOS61Iwz*
zPi5*y-gR?FoV;D(3H;;AO-P)F-)LWBz!c~X8(J7^u78Ikm-5ADhkAj1$!2=!gYsW(
zf;)y)@f7gWdy_rU!FxZXOss3Q{s`=I9m-Gyhe)I1m}AG8dmNw7{>zNJv+ZpY*S7rp
zLDIPIa&RcOV1R^fULuED$I5#%`Z%kSXK_y`g?<)
z+v#b%6vl+m@X;J;9ja07QL5v&lT&|68tWerp6A#R-e&&XjG792^(vqHRhU)lR4zbB
z!g76Y+aw}WM=-S}A+U&%&l$!jrOkZy{370xMrvQHi=FVZ8k@^?>``22(oH&2I&&{Xbm^
zJIeYqthAC|whV9+;>P)peu8Cr;1l?gy*NDHGv02N
zo~s6P5;$LI0@!^+SiW%)7Vm`SCq-OLK2fDJcGh`msHsZ5@H1(OD&(iut7+(EBIiYv
zo1+sdjwx50_aW^c>1U4Y92G=k{8GQY=#2=7o;sw6h9G*dbzc8Nil(^pPM8%l9ux7-i7SHRGtOm=PnK5yP|54K#ZM4C?YG3ZqLLxo2e_|HXFvscp=EOTXXJ3V5NRdx6v|dUjNW
zVTSgj{{i?(chb;hQevdszV|i^PL|KtK^h-%mBr0~)IBig5eo-}dtX@3K3jVnW$(u-
zHXG$!PNceT*wH(qRi=bL5b0k~coscBT}+(R6U+W|144K^$-o9mXmMyGanjsHbV1AE
z{){U}*;mjQ5m)KhJHRntPl|wR{D9&0<}7{1AOob+N-v?ZHZAZ^_7o1k~&_X
z|8Hb}3Urit3NTgAh^m|uq5pl-SFTQVQlZUevl$_(w@h$$@|qG^IpG`v`Itu@T~q@{
zZ2jxK$5TNv>8soUQvj{&_HIC_=lG7Xx=h9x8LTnJi`GqA@Yp!qx;
z-59q5;Jyr+e~b|LDUS8+-%P515D)%lMOXfdlu<`L^}z$RU?1?fN<8lc6xgk8FU!}r
zt8NNlDMQX_4#@3TQTq)36jD4?OOigseXl{N{csK!$VQCj7@vqy{;bWvVK!_y)J}B-
z(KQ~HtVCn$)rY*;Y0llAk^Usk>~
z$kx&IK+Xf9{lLBlrSB$ay;?tgV?0uk89lkln)OiNqVB)o*Q3uO!Va3HX=X-PyCI8V
zW!nBq>s{3im#`3vTu3gC{*!=Fwzd(z+7=z0_edDVDji3Yqc31)2vqo0mlEVTmt
zo0VK2ks`!3fGp#XXvAl~t1XoMr94zUNAx--1Jgsnq%`J9?AQm5NW&}sL;5|hj(H)Q
zKDDP8B-ysV&M@<=U!+>i@C|J!Bp{affD7B9jqL?a;*5auz9d!~0~n+bB8fNY1m4#q
zQJtyH5-sZS;lkHinbn~`SLWR{d^fU7_|KdVX(D+#SZWoVACxjKYxJ-P_RH5Bp>5w}
znbpB}+WWyTWG=)*%If?R)<4Eb=hAtX&ow`{WE|NdNV#+#$(R%oWRK#r_R}i$Yl^=(j;DBf5>Bx+OFwPu;cBk
zFkZj8waYQr4~m0FZ2$B;EX2KybW|m?pD%EA{NaUj$KM4x&!L9MqB%Sq_8xFdCY!SiTRD=rn2-lp$){pgC405qB>P@C2FZ@qXm*Qa;!zaf)jY&^sjg
z-64$p45sZ%`X5}gXYv;m+ix(blv&+*PcfTkt-aU%6wh)D^
zp5#iluNlO2RSYfH{uoH&$4%6S62GlJwzNe^3R)Z{d_6g}YTHjBBu`$!tLIn5XA*
zcUGaR(*V$TVBq4*57q1s>)7v`ESfH*UB1hZtW{L2RWvm?{{?2i?(s@-+wGNfLH!aI
zbZ9iNpzcJ+T%O~@R6eljqgVsr7Pn3l%DvjAdsmz7MnS;og3R!lI(Gtt3;(KLs&w9x
zSfsHt{uC1-hMF+SIa+Dxvh>Yz1>@IU;JYZ^IP6og}Fa>BxWuTm+Tvr
zW=jt3jFVeN$t#0Qt)?f9b_!2(xtm7XW1y^MwHzBH`$*dSouQAjTY7I}8xp~Zo`*#E
z^0?E|7tn*IgYy#SSmirwq_+20%4sejVyIyJY_7W4ODL+(Qz8Y3zYDpF!Y?ypSI+D>
zvXv}#N}0w!MAb-g%$L0fM{V#en@C}YBapM4f*~N~^XRHg3bO%bA5+O;F~Uy(L-b<>
z>6`XUz2EIV)!OF{b`$ciYt#_I+FE1x=4-UQqpSP3xzltRtL)^f?C7iP6stCFRc*MN_EDMkeFVoAe&G*{-|}4F%If2U
z$R*a+Ub9!=Fc=3I)Y4%Y-L7?TA6sZu3TKRc{BKlEZ_3oYkmKqireHfFEuMR~Or16i
zHUz;rVb_*2L8y%ms8kd}C=@=#WYVb*BWYEc2(#jT>V10(IN-O`iHf$mFSn?f%y5-v
z9BmPQn<-M?A?MyiyAiEji268*EoH>LksVtm%~>h6cW1b?_uFw7^%37INJc2xj#FbQ
zF|ojkc9~XTAfa(gpfJquZXDEXFx-AKgM9@GKI2<0RoUrnn4FY>0v=}HnfPG5AHI8}
z-Xhq7g^<)v0urSJ*3;rHd{{wp;gX%zexbB*0Ti;F4
zj??YiS6WhdM2q8N{Q$_S<8YB$xHT?+!`II8_H~%Xwv*AeQ@|EahwUdHG@-VWVBDRt
z{lCq$0Cd(?V)6g5be_?0wO=15T13Jlq6ZN~^xj*9AbN;iCW0V(uQMZ&5K$9EH(HeF
zCAt|Uh~A=?!RT#t)93G9>-}=Cv(8%g*K_t>``XtJ@*?X0Z+v#B79U~kSNJnELM+3<
zMl!&!$uM8+?j5B$S9XUze#tMF@&}ve_j1&jy2}StxvDYx-(T-KW!?z$bp`kd?vb+1
zy>YRw274nXbwzZrRUsj*^c=Nek?r@=Wg#{SxV{r2+_Ui0F%kVq|KQp$6WwX+?|4lF
z&ifrc1E41Ca5#-{p~iImv@Bzf>n{F7m#8LM)r8;a?}q3W+oYkYUEx)L+FsS}*0qC*
zkR~zQT>xOoWE*B!25yj^QO%zwf1e_t$`(F;8S&6ppwsbv8~N;tSU_*+?u0&rNFGT2
zgMZ7tZPmrsn(oE*Xt{Hcx9H2t-kVCQ3#d0$lXRpW;n{qu5cZ=sjBiU5%F@NMYlT}P
zok)^Uvye=4dp>D0A0^oZ!>;ABNq0w&8(20!ROO(T;DhB)=Z#t5B>}@VIa+|gx1EU|
zh@EQ%Q#hO)ndDFPEJh@E9e=iqt;5++k5K}-!ekTs$D-3}X11JsqQ1bS~{0W#YeDFKlA7rj7dRK(DUewk6hg997L
zAcewvB;*vO&9cMi8vMNMp}3vv#Y5k^42KZT>X6K%$*6w+6J;eTCXFLUTN|V+0F@p_
zP>PTJtsPWAS8x7(T}qO`+YU=Ug9(mUy#1Xhg=Q$qNiwqNA16C@JOuR+`LUtL>eWOu
zP#r$t1g~t}eZ?@xKR=}MG|v1sG-~*B+Rf6fI7>rFPlL#Ltlz*N9RSKpg+PiK!UGqn
zyJKqo1UHE~*eg`oFZXqz;gd}PeV<6nS7Vvf8O&@g^V{wBp3@+2!MgB_xe}ArnEMItV
zd*(r4!0ZEx2;*kPA!XNctMlZazW08tJa?WhsC)%Ca4XV_d{W)|PI-)U8&9*>=;Mr=
z4Rwn>zhU!O`gKpmBpraHRU`-d_LdfEQGu7jC!SzZ)fe+(2+S=^L;Lqb*u;3oXODFe
z`b>Z9?RM3PkmilHLXxe=P^kr#x{5k*()o8^%llex)Dxt(pfVHJ~|$^
zkA5=!>1wClA9GxE=|}n?(z65hR*a86+x>u
z)kmJMTVQKW`9gK0;0*kWM;xKH0x!AS%Lp+l-GFa&^LJduY(#0|3k~P&UqpGc92CW0
z*eSwy{2&c+6T60gu!qu4IE7`oFBMwz)$461lPZ$?yMYmJ3U9n#B;by3vuc~2Zu<}|
z>?bU-0Hb2Ool0*M0?#K1uZlz*mJSSn7;|~(ZEEO3gj3f4J4xT9Yvo+KFsMz6O&wtQ
zVMz#oZ69@JC$ZJs9abI#YYJ6e@nHUN;qYXw+UyrKFH+<=fb$`j>LBMM;;2T^;h2yA
zU1h3sAlqeAPI86Ah<-==X#(}$j(PsvD@sc^Z@@ey#ICBg^*s~xv_ZY#;Mi!QRb}4B
z`^8!Og_W(g1b-w3wfAHC6^5?|26k+B#;LU39rBF!^F~5I&^8l)1%O9izp8pKIfDkmCc}ntjCV$cxHN@ZLfq)50Jh(A;Xz2h583
z=M`+dqwUO87O7vm@nPP%!q>Eu!EwZI!VulZ5OiUzX}9so4yKFjT9WE)HHwHxhH!0-qw`LR_Tn8SWBk
z7l==N42=mSSiiYP*xHI)7?r!V%<_9>V#CzcrR$1R(k{vk+dIWomv
z)ZEuz;S74|k&gDzPyw;aDAr}N
z@yDH$v@T)o!B3FjxHn!d&%i98Fk@{WS=_za1}e&RZx+Hyo=!>lv6$9
znW1SXqp5ymjDHz=m_7NvugCc&&^W*b%ZT}3f=6UqG$xIHJ^2}spGWC!U+lVp+pK!aj#j#t2tQ)WQ6etltoQ
zuzFqDeerVnJl_pM5E4;8y#w!FhkXR|=6q(p#Ss%y|BJ8uQ>jxt#aG{CQloHcqju*0
z{ct0LB=oyl;vHtg3%aa(F8`jIhK`6INIOan==Mpd=sU7?Eb5CHj)5<1In+R$Q&9-4
zC58z;%;UOrM}Fgi?kM)$EPx0Q!DZU)J*<5jp$R)-H}4*bNB{)9#Z{_DWW%IO-n|s3
zU4uQRSY|p{F@Y2Z1?YycpIP7Ea~JNgp66S~y%k<{g!D~g^K27Mee4Byu89;>IgC@*
z%2I6OO15{1LtE57NeZ_gklN!%G!>8%mUQgXR3#W46PGG+}XX~Z3z>LA+lGAt{u6Xn7rqVNcMWnAyvxV@M`$Q7rlwY}{q7})
zMVr*7#|(j&w7&?UY^9+NIi$;6SO?`{=pDy)?Z85VEAjM!BDk}!kqT=soLx48<)B~B
zSD%vUOE8y#wR3ZF<(2&Cj8yWqc>Ih4QJrJ2@Ieb1_>TVo@KkrMY2}%(AD8qgGbPTG
z9QI+Yodn8FbIgr`f9fb-
zqu0h0rTG)9o`@2;*Q$6!@aIMAz}&Sel8}kglk}q91=kLl$(Eq8fqAvVMbyB^RVp4M=;dTxJWxGWNRqGI>gtB@sQG=Me01_IgRs>2Dz^Jg!_YOUJcOR^d
z(!Nk97W%~c>I}Malp}6)|T!Ee33nW;hqMiVv*B!+6ADUBnzdMF;!yP7q9U>j8
z60WY}+64NFWA;?GsTaNY(EO<)Y}b%mN>sbgKiS;&nU-Hx-$293vNrLjvV!@m_fm$a
zG#9?|sL!F4d+k3K4UXziRG6cHcSscbpVoIz9h)rv
z3oX5F==|2wX+jYrxB2romU<bm`Q?oIU@j1*!dPejY|)M2sxuDhUuPZhwEH
zZy8uu)3_-)?J8bm*6JWjF78w$Q!~$MIrYF~kHPMmPi&3ZMHr6rCC#TTaj9469D8lq
zDhBqdlywDqFkEVK9GS^r1^%o3x@*y}0C@U0XK#F*(iF%_x7GRfp3_yEn>VyLC2kbrSyLHs2b0YP<(U*|I*s8AKO1@!T~6eUgW3N
zt>-bG=%M1Lp;OCnUQOaL(>XUfzD2L@3aer~b_YInTZJW-d
zXhelwa0oW|RZ+X1Xsxx1n>U3$^DpR-Hk!J;)$~`@uceI4^NTg-8M#{F^)REwZHNpD
z9Z#-^iC;f5y}nd(VZ1;LhO8GyW_kpH|6!lYhF^C%Nzk9Hh_NE4tY+H2uzn^COlUVQ
z%2dPd4~!q#Ny1O^7V(G6v~NF{3zDJ_hfFJiMyu;b;Rk71?>piEGwZ1vEhasxr$iB
z&eOO%N!Jq>rj~S#PhMLx4F1--tMeNuTFN(iHu{ij=-RXu{%{@qPk;RBvu2li?*upk
zS^Cxg0#P>u>AyBp{RTRGnfrwpf5%y5IS|=$d`^xmx^DjQx-I2RuK88iN3+z`-Urs69~DF=dSX;MHr8b5YF{z37$&;oEo}i%M`m0k%K0XJ%5aS}P}Losu2vs^<p&Xc`d--@i%(p(c$afC6ymh9%BQlhd8wGSh*jGkR
z83yz*tGl1PO8cPtB8ke>eT3es7BDcEl(^Orw}jkTMebf_!}luIA{LfCozrQZ>PKs@m=>g*U8tsm<~_?yhiMm^RgS0=
zC*@_I6mVfjyF&=;G%4>uL|2yVV_ABb*QXP|vx8!y0!=@!r}wowtE}bEV)5|U^t7Vm
zjBO+1)*8*&gmSrvBmKT^I95ve@*Tc09u3QfUp((Q|ypD3K%0mWD6J3c&Yj6Bc
z;~Mj>RsEXZZhRa;-V|_eisG?-I8-39ijCp=wOw!E0F{LhYh@exZu@!fKcwM)@OtIn
z2tvM%i1!l!P2!*TRr4kl3RkUmQ0xn~t|{9}`NSGc?Jw9jiwJ5}eWZC*Y$P3@_6tD$
z7X~TOJZ*r!iB}huo4z1jlE{5%i#UA1F>d709&w=N`|dowe@DzafT^cm*d8t?3T5!qXa~=CFZRGZxxSq;M^5
zI+!FmJG%F`*(Qf=QOTTN@%KKj*)%CtBE>Hne48TEJldkZY?H3~(~{QPyZJY%mzwj%
zs*YF8jvtR2-4M0(UV$5$^Eb_l=Pl75@>_3BI1K--D2et@KVf`ocp16zKKhae^OVBa
zJbnjqZIQP&Qygr`PZMUowtfMkn~=Ft!_9@%4_>NRVn;>tBJo~gl}f2*%Xb|nq<}jIop4pf>!b~WC3ooUZ%9#l`lH?-%C3ZobS7oi1@*1pV8iL42~Z;
z@S8K4MQcG5Z!HHWT`xbYirsmEmnQ>RP8QQ&WV%A`6V-TeE_JS4b}4-;nT7?h_YX{;vd_MOA8<*ynyf*R{qPyOZSWGxa7TExE#gz1LG@qy6K!78R1_B{X)5#lfDqik<3A6c2PqR5s?c!nrKNnE0|T}
zhG8;rp_QN7w7`-cVh@^+ugG)%@l%|gt$B#NslZi<#i7hucxInk=xk}JAp^?_bLcKN
z#}L3fAzF}mt(7mzye4Yd``6F#@$#1+#%AK7i1xQM7r@Nanj#OD0iQ4Z6C{_6Is*+0
zPm`1_{Bys+J~+3R9b(46)qrXO1Uc5JPmNTQU~2z0&l|09bmh?-X?)%
z>|)O%<5uV0qpgXZk59n(IYe*kx3
z8qLaI>}|#IHE9@pIjvEK5>7aJf{I%%^Z6|e+I}WITgd~w7z?17)A4SKKI;%hfoV-w
zuho9}f#ViVlIolxRESx#Gd3x%g2KSW|RvX`iyzD
z0o7dkM%ZwY^?P(t%OApVbnQ=^KB!Gz`TLr1K```vlZZ3g1f7asm)`r-Al+j{a@Igc
z3ijM3b|JyNC^lmkk#PO>5FNKo1SND#P8D)#{|_i1T)MeNSc8tjDrDkQ20f`wvQPxS
z<=xr({5+0J>JLv|zp*Ry*qzEy0YDssWkfAEhN2^iUGB3?d?J~9E`RN9BEEgz`sr4)
zEFd=AFzOiHONJ>p%2C|U=c}@+vISd?_Nb`M6@nM;onyZKY}qV8
zyAS($>R
zJFkDfSyBP<4Jk*04#3QlblnQw#Ba|MiSu2L#zbQd%PG0N6S
zsy@7y7Q4OBz2_3?FCMFXR1TJHmurk(f>hq&vyRr?5r^066Y@{xpiv0#a{E6iA-hu>
zry;v)t*L!;?G$I@2`aMh`z}fSW1Y#)eO9W?JxJslj$f0EbF*)g9>u!JT4sZcWb&pp
zB$v_k&Q(vm|Mg#MG8|IV6Ni;HiOkK>bzzVOfvyJP?*}OJPxr9HHMtx%DxZ8LXcf;)
zbaU5eL=*PVV+x90RtJ8(O>R?n0)tOM(2Lz4C}-Jh+y+R3iU
zeo-&l%^hN;BbQ1P#;|t#s&eq6Aj9CLb@v?rkZHsw_y^5c{sb!Tw?J0bZj6+(+0*An
z4@JH9uEW&D}dgy?2L`=rgL~hn=LZIk#F6J-cvaqBAFQ$FZ8uOeJ@b68Z*lU)7
zp`Mi&AL73i|L&`umGYo)moh+(9E?-9w$<5B)C>gR0^hyH>PXE#!^()puSW*yDdOmY
z8N8X74k-!4%iCS>7ug}415E>aM40w8k)*VfZB0DI7D$)c-5CGl1>d_+>@_!#1hGHU
z*H0ybhM}?lFpREX`Gs(8wvo}BiSR)FJ@%8#LXMf3>zdE4p?Am1$L7RdbyP4wG{@-w
zbieNbAD|D0Bt<@l9i-2NDbDBdMiPeF
ziD_dm0LKnSCn;clA`+6X3hU~2y86JZqrLuTfB`6LR9*8Qg1C$Li`gYAOpGp5ZO9ek
z&A&zT4-r%{9$uXk-u#MPZ@0(+A3H;6pb7iCb_=pQ0
zj=njR`cN(tpptU@Y*9KKbTBE_GXvptH+OmtX1
zY<>|anA{1IOJ2sik|2c_>d8ZDW%K7I#asgANsq0Fs?D;xP;&miYWnzwAn#i&x(a>0
zBrVzTA-X$)O}AP9_Bt)~<>&owf4UZVR{xW2XfA+8!NRdQ4nuP>s8r@1dHETs(QdR@
zl*+4#BgIT0KO|ci+$UZ}v0i%X6cKV(KYU$Q<;IrW)ZJTlfV{T*o8S&my`Uqi!Oxogx3uX!x2i-{{v&p
zncVrJGVou_>wcmIusHQBh
zMzmK(CT@sX@?wiwz&o4^SWxC3kMsCzp^x5K?Zxe%;`HM`xDBa&K#LroM#T3zLt}c9
z!A^&DH-Z>&S%wo>=Gn@6V&OAglQc=m?U8!eu_pMJ>IGR6mdtJ45OxxN+?eluF3hz}
z6DA<^=X&7dd#IYETjwL?M2jho=kig&w~%`mDr_v*aK!}>Pl(hR5hPm=rNTaegUzks
zu%c^vv48A`aWG=ElJW;bSV0Acrzzy2l}3cebRJRa0RCSQK}8eK9>KiRx197g%6kjX
zQWbYh)sr`9pDj*A8sZ7T?o;Z4PKW7n>Cjd4**$P0$0BR`K*GNlSH`4p7x)#czuJ@7
z5KRG-KzbpriaDxLBe%%!C`0iCMWtpk>uW7QtTHAN}
zt)9kXo`Q4Fw>%`a1Pg3GmoLi-x+DlNhf}(~7F8*+JzO0x_8XMgdOIHZ4HoP7Bg3!G
zMO`h;@&DeCbEPiHH91a6Ih33-3KE%)ApRLn=w2sNGgR|mZ1D1>_b)Y$st*`-9R^|X
zLz_MoxM%ea@%8#yt9qdZROhO$Aovq)Z7ZHsupxEm5ajYWLHq~>&m;gJ0+k*-Q<8h7
zWQF{KGASei?YI~n{WjA-AD58g!M1WMz)
zKi19i5=>%(TJY+UP$X$per+JBDAmnkO>Th^t;0cV(_hzvd15htOZ0_tBJHIjlfMLEEwCDeA3;J?B?V!Kys(|wls=W32@_@2yT*az5^;`hjbex*j3
z=pwkoYaO})jAf!ej_E_kEWDlbyKwAyiSSkNsj?e~_b~4aheud*HMIM{woc|@jz1eb
zJhNEyJVGhpug*hTt8GQGO|`_oMr(oKweK1Gslq@Oo+oNW&wMc|U(Xp>gnH`dK?Qu4
zs(zqHs8JizZa)J{m%30RQ6k*c6<1866N8Cs7})BAKGLC
zbYX>K?D=!UPBi^W@9)G}j?LI9zuQsq3IlwqYxs#%<^Xk1J4D@ZctuH8X@h7W|Z_Wu*
zI~fKvq29k_J>BO$=91;V3q<&R<`O?LBO9OuO%gQ^fJsf+r>`hOM6zpksefQEALv07
zgK0-Z(&ubK^+SANYw|Y^%bZm{5wOJ7snziuB{Ds&F*@2Pw&hm{Z21|M@JE22U1kdM
z9(W>ooFM=Q8@`whR^8Cp7uqGL$;bdLLf-pf&mSCIyp{Kk`TGc)T1Rho{@+A2yVM_}k=6uMw=WwG8a_ON!nYg{6ZW>;2P;W1|61k+kIcW7
z)bNM0UvTd$>mvXf+dsygy}rwY8w~Mw9PW@!BGM}<+@Bzlk~9|j(eD?8IblwZVeCD)
zV;zt%*Q#V>@KuVt;bSA^1ias8G~T_-38LTF5B`2UIrO0%{c?;*tFO#u`Xvt~)2(nF
z_NltJ;Y>gm%rLcXALB2Oj^+Lp^BYmza5iyJ7jUyA$Zbo&hIL%2i5m3D=T5{>l~rNp
zUU}1QJzzKj9^fE2*-&0d9;7q^p7V9VO$_u5#b-#ZSMMf~$Sz
zFFk>MJfmhSy)0H|&)f1>t|nfwt;BRu@z-+PVXqw3ebdJW;o(RT-evh$=P)~C6{7mY
z^1Uu*%bUKckg93WdEH??Dayn!ow0gR6M=MZ<=&DZ`BHkDtR`pZB*Z17hGZ)a-xd
zcB9i+;vA1TN6|*Z%Z7~x>7<-pl$LGL1SZ}fJt(;|Eg4eijVPIFNT$1F$Za9Vq77WB
z&9dQ|e=b*d?mBGp=m938u)1wc(SiZjSK-|me`tL*^9~G?kJQ?1o!y2>l-!9?4hUdZN#@l$C_M`my2wh%*F$b3K2X9KnntW
zDD&bx=3U(p^!3#zZ`p7GwY^W(i16CBuDyCoHit^Jy9KL>hzObDnUhnS`L+qV?YS1F
zBCpYpvYgY8Ggmk~KweThF5X;j$YuqKGCn*{)N5cEdqRtp9
z8{+nBEjES?8dX%&Lc9D{iMOdN5V+-gm
zR~%HjaNaR!IHL-Y#Bl>h1848YiHUC$lO)dR0(s7foao#1=aBa!L@pP3A~++0@GV+m
z8&EHtEq=|)vu_=*UZy)Ny*cx6=d!+uJZ9Eapg%N5N*~)b#A(Wdz*^*DGl489y)y@M
z>LWypvHdrpv^~L?$+GK(oQM7Vj%LiIoCDGX@5IdAqN*1koLV1^ths-#d7SjnXP9F7
ziV9i~hPsCsejlm4X%@Dbe1FRbexC(4y@75Tn=g`YuH-m&KO|ChvxEVff
z!nLI`_QXgRyY(@s!eE9G#@~|hX49Xg$NXjeW}&`wPI{cS+}SBtLJ8fd&khR`uHCBq
z1vV`dEH$?^U)so-YYWX90`3&i@o7MAx!NmG9naTGerTvqvwdQ|Hmgl}_TV2~Oyfb7
z%?B+9GYn)?vN|2Bcee5kEWHQ|<*;$8xgGiu{_}V0*uXckV6Q})qYdJna3@9dVb^fV
z5}gwnu=T5J>BO*3Z`FD0o1}{1np>FO!JQR~opAnY{vXWIK)B2oTxBXVr-#TLr`|ct
z)6MSY`nspaB=Acg)i)8ZS{J^EWiju6n>uVEGyt;|pTjN#oK%mftq0TJaW_^BhLT=z
z$6nnQwd%MY(aOEAqYcop)CSy_y;GR?3lV*MFix-C9?aVtK6u=ukl-_Q2#U&pvy+?7}4{)cgiur6gU|!|Vb+28e+dFwI^)u!t
zev#qu5qOpd#_Z7tp2V2V!w
z1vsZ6nBPZy(cfkhP$js3w(7aPpVUId!=t22xWM+)Z`-@f$?$r!6FU1)yCp+(kf=~Z
z9;#y{8JRY{DCjW~i;QV`cY?1?_uxTB;tUl;I;0FU#nXJ%Gyh92@!Wfk1n4rUCjuIc3nO?W@zm03NPE%{b!)Pls#Ht#V`vOtgocxs%+^Mr&N*Vl%TI916ilVIVDyZ+4H@6v?|#P4CJ2K
zL8u8@pI|X-{ACXbT2C8N)`-z-bex&DiL#%-kJ$*G#uk69_Qkx?hL;{R^{PI7u?ecu
zHimu-mqoy&3u}wy3YoBeEAw3@-3vbReTYD`n2w-R5pSdubEOj*e8;Q5=r@7BpBL=-
zY~p%Q1-8tjS0!eNyDyOn4*^Em5O55CI{d|(7nq}uXOwnwT7(Sqhgw91rKle)uy`8o
z6@w6+$Z#Nf#k!Ssb_e+U$JNHqUlul7wy+GIv|)B$dwT(?bT!?rNtX+Vtme*V%wv35
z6z1}F+W6WP&m`jHc^;BjY3}@^A>*ae>qfCbtCB8d0hf5i!ICpZV9pak1+^yEr}iMy
z&F~$)YB7?x2@$0aR^EkiVeCY%FFhx0zl$jCcl5NZJ3^>))dN4Q{N}v$U&FC=j58>|
zsGll|5%Ofy!J!`vv)4zdT--la_5g%q*ML+_q#RmQU
zATd1}@-uI2z^y*4^JE$>sf%@WSLLZTW+(Rgby$R-Yk^Dni3(em0+6jDF~E51f10!EU8E
zU`5xb@ty=_&oBnnmiN~P3mO5&o=iggDX)9^*8={_x%CwO=3_&`n$z>PR(BTO2>
zA}rK$(Am8zXB@gJ?Q%I(TX74W=#0cG%kMJne@H|6h!U%5PQQtO<7!p;UxLH%Ikyr1
z0y5Hi)7v#lzOvL-o)7=o^Cw>`aT1t3TO7MOk~^OY)ABNi;y69cmaJx3Q|eZr`(0_N*lkiB_>(={v20a;21U27
ze?k52OH?Ldh~dd`>CCGZy;qfB4`YI(Np8F<6H0ZApKqhHaI{HsA0QutpkR&~Q_uhk
zM9UsL<(eH!_eW#<6@^v@S&wuZx~u=~76JF}?YGc>Bv1rT3n>z@fCG^WN`SDGHQL{Rb%KTH|E53GH3O*nAMIRqMJmP20JJJEJOr+A
z#}}%WT+(=|%VU{-$6-KCp|`7q(#-U@U?peJQ5p52c6_K*Pa>dR4Jfk>og;JHv%o>G
zu*1O_t9`j(vvlM#@0s(-64ezXxyFm?-C+mSnWuo0t%5ph_RD@rHH}FprKG`h)^-8G
zbmi}Q=!!O5aZZCQ?yDk8$c5s&Un!^W3x!3Du+QOBY(WG@yC1vWkw->UR$=pp)zb&S
z0vc=FlEq0x*uTz!M`|e!sYm&e6;^*+0EmU=k<35a@r&l`a
zt_=FOS5i8hFW3|!7Vs*YIAMPf6d_hGftsrft<5(;Nk1@L%=fUIUbDi=cN)w(_2@h~
zS$ec5sUFH)+mqjAA{Z}jPJZe2MSi}B-V+v!7mTl?3IGMCfQ_*dxo`^VQ*G1XiroD<
zmin_@$^|GimN?*8_!%y)<-M&RNfbV*U^_3LCkgb2~
zd+jaf&J(ravSgJv2P1F&@vdZ}ELAL#(n4b*fAni>Tb19j=E2i&ug$A)ghKCAQ#V=X
z&QMl0&#p1~hKMZfGnnsoCESAmlnn`4H1!dOh
zXIEaSv&M%zN7tQam0PQl`Y#ABJQ%dy?CHb=E(c$HWZxNjI7$Fp%_n5!(KMac^+JuM
za;vI7D^G%zVeM<2Xpu_D<~V`oulu{e`X*ZT@o6C|PX(;r=ffVLsSS7}@4?mTRvZdc
z20_L!ovQ4=fNI;()YFG^+sXE7zrkxQbSXcx`I)&S{JXo0*Q~pR^#u8sG>;M}F7wp=
zR5g9qfMS8C^PDoQo5#25OW(0#=Ecuak$V2LeA#XfKA{
zYfV)P8^+glyt!8)+6OT2ODFbyqY{j_hC)&S0cL`~UF^8RV4Tju+$4!HsO+?sd-$`p
ze?OB{Iz3Ai`ugrwASIk;7jqJM-
z!a6C2V=yiMHSDd2Z)p?w-?581SHB$E-{XogL7)R~Yv=DQ9LNOJF%#{W6(6>yAJmQ^}X#RPs
z-&xxj3DvCWH%W@~2I>VhFhBQ$0k3*Ds-BQBRk_>lCelsp`~CVC_bA&hOiLpAg9t7z
z{bNy+*Iy_+eBV%10<_ql%)ROT12N)}EsRMEa86A6zu)mBey!!;lY)!2q8ijO@^^_27n6+1CwKceuupM
zoTA|=Du)6&7Bwwv&FZ(>Z_i2>Tgf*}IyzkTRxQ0y{;x6WWYmLn^c5;0;M&3VmePP|
zZ!0yC_C_T5+5XY;`YiJ+=+9i&l(n3X@Y*P|-r(iIBQbuQZ1IXt_|JMjhp43xVfkIe
zw~q#cdq_S^P(GNe*Rm#knfS188oCL3GzRYK(QSL*0`%)v;jNm2t3jW+KQc8-m6{h<
zXYl`6Wx|fW@dBLm5Y<9g4RNXj95F%JQ}f2Lf_w<%ak#OIJRs8!wQr8As=a;@N)h3e
zcxj*LlJLkq*>P_4`}ClGTaHw|y}~Ycqxvh0lTK?*%Iv+86H1*L&G0*i^aus%O7<-s
zxFFDEF#1`I54(F|&>VAw!I{>PXr~yRD*s!+dTVwJBxyhNGI@tP`|hPV%^aZ3fRdQl
zsLnQ2VX#~vC{m(?+jUPQgrhuNu~O%XtVo~uD_9)<6Z|(Ow&ZR@(oTLC4+~)5=9)X7gbO{n=Zc7E
zRY)AW^>l|+kyfXfeV@oOl}m{colwFZhC?3)TUgwR5P7i@LnyklN_6Nj7BYR~iTj7|
zmJ39>dB5rmkKjHK3?rUOzx80-(1-#S_JAk?*{eHQg2%7AAJZkigz{5Z)8{iDY1{ig
zS9{lgA=glZ6m23u=!^&I)LN(p$|d~kjFBAP#8!;23>51w{k4G_OE`2gJ>&B4`q6{^
z%zBtSqnV*Sc;XM%05L?ZXmu3D9U~ba<()RoNykL3dH1XYse)_xN*n$Q^c~Z&Uc0#K
zhq^2m^IX$W@CL|JZ*U;L#b*8$!(|c|HD8fh`|#T9ScS{z{S3lzuT?P8G@4Gu|3*XLE8&bc6N6!e=p)Tzq*?-S#=?-FHB%q3Q=2?h%
zCHPsXbVn+}UzFPBW=7rRX-?=gv5|Qz&2JaJKM)6|*B^xohdHYF670X6T{m74l;oMf
zVw&i1lLqidcrFa~a>h%Nn%9WR}5@%mSV
zVElrdMcu*_kPUPFI{_%(uE{{%#15*C5({{$N0leHWrvW*&%nIh1E;ue+pb8k;&(I;
zUt(SH&6CNJ+`^}%zpB->_L;B!Gz1B6<8Lvnz{a;-rZCD-vj*a=w>fqnd`lK8Gr&bb
zM6Un5T?TqeiK!mgACafw!(olV3U06EW>Dct`|Woxhf|=#FB7#h{t*{y4(1x*q!8pG
z3o3#N$M6O0;tE(jRr3a{erv;95l&ChTC{w5Mwu<1r@xoRgw^j6?;$3*3D$>L0UPmY
zVF&#>!yW(vY?INzfOxuj&#War#1p@1gidH8Dm*waVhzck2vves0qEIFQA}S=b7D^U
z96W_c*f`G+!6XSL9i>t(0xa!^VH)B6XIrmT$%e*dQ^)mQtr~8PtHy$0A#|4aPvh;LAB5Jh#AIuK>
z`@wJC;;d-4JU*&DGy3C1$6K(YBCZN!U_yro?kF*B-E;j;#rD^
zrTBJ(f9S>0XYMO2mJ{?QLCWKu|3J#bhwujcH+&m`WAEy7eIp8nWf(6?$pa&kevgk=
z|0iJs>PMCefcn2u7kb1|AaGRB>L1Xp
z{C@H8+ETpCR{IqXZNgt|7*rq?_Vp}IlaT-O)$URh8)1-O2~>K9*G)RG(6WVq=G=Y5$HD-#2?gTrE-#o(^QpI)`v=QhhHbzUA7u9H}b+zx{=e
zbA*f$_iDXzcdpF=WaFB`3UP4euoz5wgP3`VE#asiWdUe+r;WnvgaCFH`F)6_&RGIb
zJBh#WL22VO3?5-fE6=mj*zdK63ScB%OIQl#lnvKc$i+WtU~7Q1*Ri
zLQ+{vMYd5wwkFw`F;d7b`#y=1?E5~G?EAhiV;>C07>wC}zUTMXbIx;~bDr(~aqoTK
z`+8Tu&goTTZT1>WTg-Zms!W8p+OC2#0Y4E_^=r@oj}c&Rfsvi
zf+$a<{*1$kujkMwzwtyp&*Kf&=Ts@6SK}kxAMDmURnwvfCI;&dayHnBlbnr>4-qmI|9N&Q!7kzansC_Sszk0Nx?Ws-
zq?@hBKVsaH-;vn;-D0Pc!0A^!UJ~0H{PFE1dDExFjA@T5`IPcDfS`*L^JiH*;Vp;%
znnF+()74?N=AXd+Cvet4Z}pL*c2#J^JKF_`H%V@L^bi)CsneFs(*>l(fm&|4)PsD!
zL)1gS3sFX#7Vh$_X8CCA*k-GGt}#0joWRJOz7R%~wno~d>_s2hUEamyL6n{#EJ&Q|ZS+i~b
z(IbKg0^Fv;qCq)Eo*Sd}d;xbpj3UkpLbtVp`nUtr5J6lM_r5mLiHXBl!GBzoI^zRb
z*)xpg3s8z4f{zV0e4N4;kZxFGQollCR!?E!pQL!)2U&gdLn+0{far6HDAqOGA7PHZ
zjyy-NefWY+nc#X~yKld_c=tuHpv3pPqAx?PI*x|xG>gihUWB3H%BRv9?lL8AlE50V
zDeizD=!otUqYKEZD7D~02W`_!IT6YOmuDnEqm~G8d_p@!6qLGF!8v{X(r3T;1mLbr
zzFe+?>aSIW5ffj7bN%Y>uxzQAUk^%*aRU6@}a{+`Ba{(0!d
zb@Vx6fKITI5K!v9%2poV2)f1r{^Nb8Ury{-{g+*9Y|BmB8RXU2rdSN&+;?ikoo%UR
zS;Qc}H7r`DMz5Og$CQ=n35s?zD782r{S;;>ociQ~=k0+3tLJ}*(QO_YqU&zQuKd>cpJ&*Q0C&
zju-#@9>o&8BO6S3G*+ZLmo}Jlgl~#jhe0Pz6#ppF=~I^EEB-gn=Z0px>7>2U%ofv0
zLkMaOui%kNTy!Is35PEwrtk=ax*nUx9qymlL;IUcE214&_
zb@GyY#pW_9<+RwAkUG3Uw^xIu8A<(lroN_^h`yF9C^4bIJ4Mo*!D)}B)j@tKYkpsY
z>jMXpE-jAIDm_W?J1|M|e5JxM`E7?J{K=XE_M^iK-$W?7=h}#bCe$`X4r3kL3gz%hKMe&-)8zxHD231W
zER@GjF?V1iRRW&=FAu1G?SyjB+B!`YLr@&g0wHC={*Po{1{w)}05zFVTZ~&3XS^Ui-LGczBk=@!w6L)BEv7LGP^(
zD?Qo9ux+PjL5|`S{GK{NAg^yD^Sz@SPPb;cy0Ld#6K9TL
zS<8gkI}~L-yIRNCsFo!k46ZX2RjJ84GiTj^nL-o{C;(XA0UK
zJu1JG2kiU!+v0(?uKvdNv``)y;qu32|8Rj#d%hNSSyx-8phU?L=L+jUo07W1OQe-J
z&4!+U12){>+E>}P%cGE>sA8bVr*g;NpzxPB-)TQqj8H!2vSY~f<0Fs}PMlQZk2C7U
zZcsdBR5le}`?xz$=~tEtQ!_A@a?w1eaOol9iL>D7usMTE;Q{3Bj5>a;b6}zH
zCh>KSOPJzFBt9clRjvmZ3HPv%LCsY6Ms_)u2i(EYK#%1uc38ZAetD~oxxtUDbo5FZ
zs2$i!zkW=Q+JVpC?fSySdJb)oT8AwN5Zz2i?0bV_K=AcH3Xl7gz#OzIaiedYgGjUj
zr~Gu_Lu%=YMI0^h1jy&$*$cYGkAB6cWOF#Ys8#{bPNmO3p<|(W0bleFJeU#iS6kiw
zmwkQrMA%U<$#rzDQ!t$Ja^p;ff%Z7P0nfy>ZZfx${#%6AEZ<$;4rb#(0vN9V5u5WlvVDWsaxpJ!^
zj3Y}M&aDfyQIEMKv#vL3ueE?2NwkIVbxbw11Ru{*wCne2oOt=TU*l77%2Q-aL&-%;
z@VhuS$?W{+^bIo#{`sMfyJ&|~oq(g^0YVvi`Q!nB>bwC#+rAXkD|JM|dCVrO%%yci`5e6)7UuL@Co}BR2-cBW_
zpgGb(BlKZf{I!3H`ymhRe~tSz^i^cntlCxWeO(u?x{=XHX_5X_QR~~xQx!^l_&GyxGbbav8fn7HV5zx;q2R_~X1
z@=9&<$te&F*LRbDtIr+_9Gw9Se;`H1ss8hNDCSzOa`Km>tyM?|7}>qA`D4hUG=S!o
zx@np!`?;>tRE~HHHDaWizklZ>#r}_CQgxWt;%<0TNg$bXB1KE@Bx&r|*yE!@yUL
zxIdEodbg2cPuvX9s+x*^WX?Ahsevt$77h3Qq-u;y9hrI
zXdHo03B9~*S-ivWrreax1j6L8^X8-LFU{KJSE5g~92ENc50m*(w7rTo3nBQvSZuFz
zsFk)JeAf6M7CfH#jnlDa=W)U)I{fWhG5Judf`HIR>&d1>&8H$_)lW=>;NNwK1$mH#
zyKwec#kdjhwGarz8x=}E!28X#%<9UdJT()^e|zSsh8iZ>q3)&)t5}G@TOO`q4C0J=
zZjRXj88P2zIcAL4r{d?CDe&s?jnCP|Hp)UW#hrFK8&i(>S6=*_?kuymf1}-Xp7(SK
zC&faj6FkYR<&!7d?e37eoa?6NA??H|cN+zzdwuyF8#r9tN-6g;tUqpLyPPRC`h^w6
z?>47(ORr~lKhA1??
zN_VN=uc$0_T26Jt1
zYyjPrS@x1)MY<(Go!PFf%Rt`6gRTb?Q|*%uRF|1Kg}d>_|3+UerDdw`w^J*0D0qe{pqn?UEPh
z=V^~lgRu_1o}E{y1j`mWd|M%iZ?3v7pht#6`yG&QKur9+1o*Td{xT{}10*sb2dGu*
z==vDo1<~r)IkTld&B`6DKv>itdn8X5i+O99D*Ehh9*QB)?H+;a@@Zo5X_iWjcC@l|
z>|{N36FiI8%BppH>pF&fg*sz-(M4k}+LSp!x!*fg=5Y6t2mhT5^4u4!D&Nz%LR{HQ
zEhEHo>KZ6~sXbAHOX3}w5c%wZOyy1dOPYDV$3?TT>Z6@Itbl(3W7XT~dYbaB0{eQ$
zi2={6>x(M*`-V%IT$iOa}jU454N
z;mr?J@RKNZ!v;jZ@?%W1*$n5437n=YH*4zG_YKi3r0$2FZUpZ*PG6r~)!B(k_Kj%}
zYu$Y;xH^nsKNIG@Zu7%cpG5qi^3+e9r3a{HiFS(uYIuc!Wzy4&IYyjfA8UJiM`_E$k{HM^s*)8_v
z6-BD5yvRYm?3g*vA?|91_J8hs%jKEsH0A(b^#Y%GOFCeYu7@LGuJ7a_g$C#K+$BfV
zA6qECw;y)ZB^`SYzKu7&O)~wL1e+F_bP=V?YJU_Yy#6Y2kXgJ=PwDt^_sdMe5@~f0
zH3`NhcRL)-A%CH?T_6u(yF;B5U60w|qkv|wZ{JP=9YC`71UyfyU3U05FlPt3f~Rv)
zPr^@uuaMAZG)(*=5B<3NeGEO&LFFI)EzU5Iws`-fLbf_fSk!5}!t0`%9B+kblgfzK
z6>A6i!hnD*c-PpId-RW$AKdW)MHzD-*w
z4-p;UGL-w8BDwo=9guzjT{0J3cHOe2_pRp(D<;;`R1Jxe)G*HM@()Wve0yB`!@q5M
zk47?%&8!W!BKVz7q_;k=wqGfQZse{Nuw?(d7#NpyghnP{BRB|2Ddf8&(+$Di+w-4~
zJYjzaAAwN$G1{*AFt+^RS2gXMP?LwCrWl0NcktH%IpGgdRHI{he!d|{X{>vAoL(6^
znkG_cnh0_W88dtDR%hw5XWU4EJOT+5eagrGnEF(T^X72z=0NE3x}Z4MU>e)DS6RLv
z_Bnpshr6VD;ntq!CvWO>-2Ul?7nnH?8YIQn{BghWiTy6R>|MN;6Wt~Phi`llw}!nM
zx_IXZ&DsFzBX0Z%EHjM1#2Nf{fv~&at8{upAJG0c{@|o&)nLK_a4qH}
z?)VYnS(6yzqQ|e}G}P+|9Vom$czs4q&QSJ6sLZN;;C=7QZ;&b33~a<=($3vYl_yjl
z<<0I8{=Tn7EgLQ;HFCk+9`Wg^UB9!Eiy8?z-2;8;_2cA7I1}C_+MWhs^*Tw^Mtm9W
ze2ebSot#bs4so2~bK$r`d!IM71LCjcr{^h=nHE>5$Q{yQq3lJP=4VP}$=F)Fyf2+P
zVr5Me5z+4KY59gP+yEa@R21U=>jEqKzcu`15dF=dHGT{Kb+CWp1HulUEf3R4vNZCCH?$9w=uiVWO0=BzQ!;%8GYl^|dj|DGF)M{^rI+M~!ns$`
zkTi=kh~s|3hlOiCE#H4J#9M!y?|s|Y&QO=s`>~MGy^!C~%kj+2Y=RS~<(DyQcAcBA
z*fVb6S*P4&z{@Wc9Dx3q&Tg9~+=k3Z#9i$UoZL4a?M*1JcK9(f&6T?=?Q{C{6CeVj
z(zn0+IdQj3RCOGI0tx!%a(-EpzU`O%21D2Re8{VAufjwI8|pvA|Bm^g?H1RnD_z)T
z){-65k)>k?z2$JYs!Y3MMIjZsOLTOP)T8y25~KHwSNqRcCFPH};PzEX>ro856VAoKXQwlz9uz?W&69^8o^`TWA04U{-UB2UN_`u)
zns+e_ZgKbiSaCBleqAd80{s*t#Lb-cR6FIHh9k9m{g!C5f$3c(=yaSMHaR+{MAIH&th<*OysA=8iUa730h7;ict8`D9{fP>yLVP1uH3k7`%+7jGNP89
z^tU@MuND?UxsNn^9rc^;-1tQ%PM-S+MqQu-RN$3Jc|25WbGcz_a~
z^6C5-e!FSvG_UoM9{w|1@YkAQZX;$VfwCmo2Pli%w04=-UsZv{J(j|UXKK~z)7!yt
z$7BPCcr*h{`iEWdiGn+G9zhuWRO7H`yE{8M8R(m)4cp~pgY9ZNP%16{gWY^ixj~DY
zA@oGIYyUvz4ITH3mRFb^R1h~AkTX;V?Ku_-YB!*
zK9C%#&SZX4!MK5S^eg@e5gwm!c0@L_!Yr1UXG*uaVk>lDp8G(Hm5jB8ym6*^?w&7MquxCYQKCgf7SKn*U74NGBIP^
zeeoBQTVC9`NwKTow}naw)zm%VvQbaN8b1f4Uz!~C}v>9wTzf%Wo
z;BG^(K?8i|A9RTPMen0u)=Ra|%svm$y1ongOBr%?MJ0k$rvwsZXfC=ls+eC1c5oI3Zj6Qa8$N3UK~}u
zj?mmcvyi#j)YMGyrn7@JNp|;1sb6pV)!V7itb^A^VZcHp#NQ9YNumo<$&=GbU77`z
zo4LhEYxs3~#ZgxQvOD%jMxe3zIP*xRQEnT&a&~BHK91aVxQ%PiZDuEPcfa2Kpm{7c
zMS9QGQB7=oUk?4dQID+|hkUO+%Qh&rtcv6|tfKROI}&=Wb<8h*$_I^3EPt%Fag&w-
zCpo=3=O@ytZ~G%2HMxxF$qHLei`@5%H$aZe1UkX8&R92%@llL
zoDR;gsI-F~AMV?YgE1V!U`2v-ndd(fRg7-X?;0btg=n6)F@=Z^Z>UG&t89O`d$AMs
zU8_%RfX87;m_o(mu!Pq
zKLiWR8w!-Y%c@T27M%jF$({J!#=w{EQ0QkC@soasJS*BUH{=B-idTsd@&byN&Zx_|
z@vY`jX?IrZM^Ejm$T%rKelNxFV{Es|QXUjY3!KYEVY|rj%ry=cQOC#-qG-^+Il`JX
z7f(Dmhsh9EdMTI=ZmVqt0JolZ)tlfNRWJFcm_lPlP>~hFh{=p65X>tCUG3+ov0r*8
znCn&!%Q`QzT=1%1$+l*!QfZs&o4@xuGmlm^dH<*mU*Lp2izV>K_12`01$|v3=I
z=`U+XiT}z^r`Pu%riH(vh+1{JuQ{=?JvA~6b2>F7Ni
zt@n{7FY=uZY(st^_M@+MG>CF-;{*rcLdxcsm?REc;{=EB^6t=U6
z9p2O22&P{dVnsu?b4g3G`1;|cNFs1kg1R>Wqeb?i?8J%lgYqC4h3c~jE@!SnG^4l4
z;35jT7h6~!S$9@86|YK@ZU%Bw9oBsoHNT!yK;Xz*+dYJxfIjk;H$6)X$4C^Ind
zz@I9HWyNM?RUrF2BQXwRc(A7?9ltXR+5TrEmD4$Z%y}U*cu{63EOm8-T%RY{qx)mN
z)Zdg%JMFi&SfB|S=}uAW5PWBQuSu+09rRwI7_W~B;!2XMp&5Cfu@hwyH^9;y=NY5J
z!aqA_|Dd;rY|($~9GULS+h*v!H8+@YEfW^ZI3=*G6V{%cLh~g>+0y%W_WSVn@XY~C
z({vjVYEmz4tVw<=_hG>GFGOAc>jmUt-N`@?>Z_3)Qv@8G07xRoSv-8}5bStuw)xrj
z`nLuXNQ)wSBbXUg6;5G5}-rTO!{hx)hJbmw?|d00sI}^m+Y+h}=DW
zv-)SPsIlYn9bjew{daaS12wIe6hUn-o&z36v31uoGCLk)GC-j-IwyBW6(YR8mTpuH
ze8~EEs9*6}bj-Kx^Y^4cfIijYcZmzYna=rStzQ%$Phbe#QrL9}%B#!%O_NDJDvT@v
zYe!ssJ#F1m?%t2?c)66rN|gHb<9#)!xX;frs)DsP0`cc@m7MN=gwhNuV-^P~I6=Ap
z4ECO?&P@FA=hxc`yI1D&p@cX-X9>3_sSd`y?;&;yS(9#mikwfzEHKyUrU;o1zfm<^
zcUvO){2xMTH?3>v($%o4x=n#bL0}6WeVSEWZ3z{VLExbf^!BShe5O
zMZ(f=(44doXR;*S4Fap(p*}oBuMdt5mFI>N$3zpg3dxtt%HKff2TeJVj
z!|Ww6f7UHDuQ>HT->9^MI51Xd2nfv}W_J{RRF=9X2Drx=nlehn^T0Kbi6c=eQli+J(Qx%Nlde
z^?HEgn!o^Xb9s$4wA{dPIBXgRi?Dk8xBHEJ*W*gLV5j;-AGsl3Zx@_g`mlRn1N!EBr;bq0+#sYPqJ1|gAjdBF!y)M65=akj~)k`c3JM-
zl>KYoic{;+=>F!HNSIAWcyTq4WiR#E-T&49?R>;~58nZ&fw_H#DZ0>LPEk&(*f+>EFw1V^l54-pJDN
z&LnzcfY*s^Ih6gnF1`=1cX-k@w<+;)^J+fzN3qNB$IW%X<5WL`ebo3WE8coh*`0XD
z?54R4Z1%GC*|PUmch&uh1FlqGIxP8J^H+uAwI9dc&w+^d{l@rz
zjnl4`FJ>5Bq09A**6bg@O{6}6oCV<7c72~$3ctlhRK^!
zko%_~z_syshe!~QYbH(k)2JM9HLySc&Ex6D6Ot4u*~BCk7r$vRSCRy9$#)7a;8>%Z
zm*>JHz8S0)cHyytkSV|Z9z6J$IQO{nIx5%t4aF_zn-KlkdmGx%2{dR)s&`L8O7I_4
zUkNbSQ=AllgS3Ry2=ws1ivVa+P`P(lgjgY+w1&1
zNAEU)8In05i9*5kl>WjX-m&OXINtnbijr-Gdve3KkaHu2tdgS@V{W~|>3-eeq
zn-Ufti{3f?9jExjHSEIMR|#M9p1rh7)B6!GEWYeOEwDC#NC-uw<_#{L%_-SH9{
zVisUn6R;tn`#0gj*PD73_m`H?yBdUbC$?4cH>E~&cI)sG+5rna(FT+X`vyuZ$ywhT
z^4NuiPSLMH(yqUIYPXDuEP{=5-JN>jFJozMuhga9d>Rxj^&Ii<6IKY=jSu=saq0tI
zCJxBkz9{iu8spqL!;E~Fe`P6FA~G7`b#quEj%|Ju4{P~~nz|H*O&St8p49s8qUu{;
zj+h5@XVYF{(9QMZb`lhrlBoLz-D`8r6r4Rd%;()c8&bAzcj3RBBA2f5
zfOAdOT*GWTvS1I_iaMm%ziOt+pDsXZbvC>EV&tsJKU8=Mg1u(K5U<_aObUDe@#elb
z)r~vqFjSU%OUm5bD$D*Y?Kz=E&g$zZ;%1c-;}&DG%q1!5Y4ly^GA~h=4m_&2eXZDZ
zmDq9_edcxmiqe?<>Qi6FRk?q~mL|dqZ2m>Q5Z=+OW3Y{TuU1ACJItwzck6A4Y5I^H
zw9`ljFZcn0bxCt4MV=@s#Zo=i%VVJj-7Vi8iFXKk$%pQ?%L|fP?Sj_h9XuZ2h65z>
zNtuZ;cn7XPhk-Oj3dOR67V$A}lGI4u_yK-XJqr9!-Zda;pZTw5H7JCPJcp2DYY}c^
z{j9V~W{8yH^%=cqL!W5*44zw?73(Z~SWJ}6Vu@7A+PkqtkDSSE)t?K7YTxxoRI_eq
zuC`kWZ%GWsq5q)*CgTa$z8t4amNN0Y_)O9`Rok}cY_!*jHe5Gweh2*=Ah6?Z%vVR3
z@hl*C1x0_9_+ms-I)=UxK4Fg$dj#OW5D<;0+hx+3R#_Z#;_uX0zowKz+W9ESZ##7E
zCdp;FT#;a;{rQ9x32tpMTmW&gfxQ^AhxuCKKY%YbG+d!wGJSN8kBiv<=el||y>Oi#
zA|Fz$Q^@-Eh1S@#sWXQb6Nzs)^w;&#_<)^xb8udA;X0y5ecMZJ-M4Qh3FIjJ1=7{@53{}YEDVVW}!fg`qK2H_*$X``v
zWnRddaz6#7bmIwe(3tKYX9%tvYbq+*hvds7zFEKP+CeQet|tH6&1od3zfL{Wu_%#G
zT0(}{LN&0AknpVwbqH20%O}+JRHAjvNhDG0l1B*vbbe?KQvzVW7am4E)I2r};6ILb
zfa&~k0O^nomzJ56(cvu*-bEM~?O6bx%XW~_NyGdl$1W;5(Ye1MktUYVg#6sPCc+39^)37d6eAt>=53c5V
zE^h+pntwKCa2trEY`7L9HL`hM
z<9)S7G2Y=ppuo@10;s1Kx4HBSU=OzMqVk^|J|BT5?2j#lA3csuwY-#ZEhb-5_iP<7y+t1zhQ|C}aMo68Ha4W|i=P7M5V#w%-YHuZ2Q2K2*rAADY
z1iOvIUO){SqC5{;AJ>7G&#=cq_Ja@TXT)=E1k5E+<_bv>YJRkP4`A0$NVPN&OMbJ59g;OaR587db(C|7&)}xXs?#l9+0>L4#P4UA1yb~
zZ^e?Wf5dnK+PkS_$O5*YS-8y7O8&Xa{<_{g_FT5~AC(LA;iLnVe+1h@5-S3mfT(XL
z5Po8&zoH1a+&b_+K1CYKEOK!S^s(7M5?4`AX7o3#HHiQk;$>f0jt
z4MbLW%&g?AMEGCaPtqmhyQa$;jdCUQLI`C6bh<2W=$^VU4a%~s9Mn$T42s|7p`AvQo~Mm1YH{sz={$PaC~s&
z$-bHpGF_^4d}WGlAw`El+G=bYeR+T8yQPfKz?INhv9^v!O%$Fs#V4}SOiq|(Gg3*3
zdh4b!_~2Dl^AyW!ZbNV8wfc}{!PMn9B2c>Eq>`W6R?x0F#Pk_cQJBx*pA)T9(8XpB
zZ{MB@)8=07MeaIN&MH%8mvY}>rJ6?eto?N|zA5_UKg++h_**~F%Szc2AL)MFDdri3
zBBR^Mjj>(k50P$ddMENDyu^&-(SD@~K%))Jes_MOPQG+_B&oj!hx)e97rD>>V_tb6
zcVAjugk*P%v|6^(T=>XBX+*?(SgRoDjd5U*TmeR%Z}r_apK3w-izeaG}q%k`A@1Qx;2;>6`E1?q0z
zWNu7NVUveQeRzQHja?h|5*uf!w!+6gw27+LVN1>Dl|uI|k|2LIG?${Y(B*`Tp6e
z*-!ZZycXoX%rg*Q6kv8KS_YZ)3-JGahdqixmB4O7ydQsM?SOzj^$VHlW+c}U6lNR@
zk274|4Ixr{Gau2ghWXvyqv4O&ov#EoNa2NJw=)en7$Urnf;@g6r6lA&sQZs}^Urx9
zc(BnSmW>1xb<0&^XJ~YH)gtXrjacW*YMOd&?MWzjLt@X3a*0X**>Ln
zGVCX}`$%`Rrhfozt9-a^+&KK1YNWWgZLnAz>+eT7UQ#LF0nF0c3C8CTjp?>)dzb5m
zqZdKGL6CX
z*MO;$*|-Wf@C)&PAv+OM=+K`5(|vPW&)ov{VY|j>QbfTDsFOMIf;duJe0UacQU3hY
z7l5?~-eW3S*4I=Wtk4YuaU2YN(Db(YZwHvwVTl}E`REA)bn>b^YkBvbl?=WauXOKP
zVQT*`Tq}J`rdn;^hiOq;>U(>sSi?)Eq4OW+XSIy|O?nItm`6~Tjxc-3lsT9}gvMyh
zN8z}6zrC6APyWHEPj|`uDNt1#-y*>9<7+97j92*0hA+H}c293EH={eAi`lo>peh=S
zpDtZc9#8vp!ap)`+N3f=@>->1Qm<08^)<4(pz{ZOt_(~3iP^7o&JrxE1%>Fkq5-`t
zX<~P?hPl-ma+*{GwyjLPC(qmPoe>RzNPR4P6xHYv;t5DqyS+p|=dU-7E8qM_X;X5L
zM@FAt^8|f1+F3h%$I=_QRBk2Tg(H6a)}R0637C8Z#quEF&eY^KiL3(3n9d@fY6fNu
z?VJh$cKwkTH=iyl!`&|B6!LbXBUM4{{WS{aB0(kl=LUVm)}5b`?FUqDPF*GxNc+9!
z7te)rhhn+Yn%NqI*%WPml5aSDacS!5?%BIR!C2A^#bF!$dBJU0@x*R5?P(5ec&!3Y
zd5_{ocVgUw41b<=?{l&DfXh_DWDn-55cGRmQ?SE|bm=B*ZRVE(bSkUpCHAlr0aMr
z?{i}7^1*y)Tk-Yydb_(j3#%-_wW;ec@LPeh;nG97E}1#$hjCzxN8*1Tp%6_Yh@xH0
zZiHG@%sNWHoi$0awp}+AbgwO1c}x1r-tncz%TJC2V;Elts8
z^jk)W+B6ZKql~hP={%tUO!n{jl;IaCFPfYK!fnK6*8A_A8p{n0@EL>vO%JrtK3PUb
zz1+#c>n&=*LZq4)Qq8s|)*PPI-QN_&mVVNkjsj}HsKkg9Q{m%?usK@|ncb{sz8-$^
z%M#}_R$TNo%s;CSoQ>R?O(3L7Fj8H);HAq*!5hWi^1BY{GXDxc+FO%8!s4XyGM&9Z~
zScp$6w%A18DdceLskoDgk5vB*{K6VU5G};opZ$c=|
z`*aL{M*LvTZT!k{zWcu(E~^+kbkg1+IUeu#BC!ua4=)u}*H$@WvhXl6)!XHX4#Jw>L&>e&R!VRtXY
zhd*`Rcw-9MwwEC*EjVwW!QV%D3Zq}?+oE(lp}ai@>@mEEOFX`~-!}9!Jdg-FuDhQ3^I(eYF@rKA|Dy#szmK=hCOZ
zRQ>FT^(v%NU)Lj5DA@lq@D`u_J}-ZLXc|wXw&Yr#yh~t)RsPl0ZK`Pncz$EU~z<@<(_BqytpDh3)ScV?0vLX&%YgE!jDtOr+LpW)3|*EkklN*@TaRIY0ZyDe1by*OlbSK-UNcZ%mwcD6yGAU~Q
zHrZ0++fgD-nQ_cbCQrN<2fC|th9#P)K{g{ve+UK_T1!TjFcI0%}qh_T?7oUhbzfF%|2L
zaRPKgU&eqQ1hO6bI8KXlv>$Gt)7=3Ez%I{xgI3=@1@pl$EHs%#Rz>ceF6zaS)W+!*
zD-Y%+HOJ!mp!>Pt7dp9oABTdkZfu!Bvi)M{NxQph;@)gKMGq5=Jq(Dsj1>YeD$#jd
z*zdOQOJH$P4R835*vo3+G@~{zlUBjsm~F-J
zVOksSelsDM(2PWosZFTkvbRwzb5EiaV3WfEx-SnO&tGx$J14^tUK<{u7n?gGX-mg7
zTQ>uf2+ffgR`RK_CGhWj&jG9<%<;mruUNPaCI8}qNrcx4`)ZPb^g}HDiCzZl(do3=
zuZswo5bPBR=H>JokS^q5Fu)wryKC^*>aQQ*_k^
ziR{O179Z8r51Ad@OSl9pc}!{`>K4RfE}P7Tok9nig^s=?Z96|>sX#obkWBhZ+R|D9
z^@jL809n>JX1TBYn^#*p*wdz38@`UB?J>&3B-r{ha7*0ldG9?HY6CQCXU|ul)q^HY
zVM#J#!c_Qpp&(yBVA9j@*T+dL(_FaMt<&Ah9ui@i?qZ+j9wN>Mx6f>z*0Ze6zYR3$
z5YX(8a~eUd%E!Ho1fU6v1l^^;6rQWLjf(E=;Lx;5E015diZ%zPlxA>;p3Qzj
zIktfbK;fz%5mOIV;W_PiP7ui=J=R}j^q
z1C2{UUJvc3v!i!k#2!c#s#p5oONWJa2v;qMFqbz`4zL;5)=DkMxng8b9~U0
zG<&)>=IoFexwzM*Vf?5$gj+CbS)d3A5!GHgKs%arp-^;WL6XPoz
zk`jwr7_0E59S0fDX&Se8KaUgrww$*-Du&Qj+A`+@@Yj2?BE&x_Cs)?yOzuu20#7no
zeY8Lua+ujzr#e*md;+7J+)`Vi{#Z|?4_3WZq~X2HNP0Hl`XRA55*J0-M%(xG;KRDS
zx;3tk;tOLa2G5s#wPXftoU>ayyINfP^ibb8?oH>sAqLw}V}7*%c9w3bXC%INK$M^v
zOl`Tu;5rDbw#@XcQ^A90Ef(b@)q<=e|8n5LpJJiCyd&ul=ZjV+f0&N{d$VxKRX_VO
ze|b(5bxq)C^!^;2SJ3_8Eao*GWKC;R0?;Z1`#u!9HX4sjl48Va5_fx)uv?H;)hzRe
zU03plkbWI!6S1lM7FQ^<_SDysH+bK9v$Q>mkVkDQK3bkORD4%WqcN_dc}Q!Zzc#-W
zaJCN8wxBm*TEs7T@mk^9@9(I#f^WAD9g)gBbL|yBku*4I%}ZSB249Lo7U&!!!~i+W
z{{fFcaKA7dXC1E8`)_FT+rT@ZefyhZWBn0+ROI2i2AH=nPJHdja2t6G{VrqWm5+-Q
z!#K1V#=)k`e{W5H?=f!@dkeS!L;d=g{cVy?7r;5*nF?c?4*US#jjd-79%^7eKGX>N
zx*7Jh0%;A>Wsok1H2R{La%Jvc#h5LK_j;ETjuN!tt&QCGzD(!v7pKuj#;89L^%hdS
zOOW4MyC%>A{cfiEXDxQlR}2u0p3_2~fj%wi?7;xiZ!un%i{@GWvq%AWiS!QcuG9QZ
zca*Pa%XIYb^hEiNA>B>{9t(JipO7BX3FTydHy_{UQ8awN4rN~+*J%QsabUS&JnJEyW=K~<+87VN
z64G}X(&dmgz9&!y>G_7V25DnFd>;z7^85qt8Rx*#2yK+hMYJmDSAYZCd5ftXxOpH#}+8J0P5j4NDtu~
zLn)BnjOFi0(@+jUdTowrAM;xKA3~
zK!4+u*&@4R{g-%ovT2!VZYJcDP0U1d6PwRtdO-hpoW?lxY4B8Ze078>u{LVAHAJq+m-LwX3(Mt*D%(#HFV
z)isNQ12t=cBR!tb-x9q_g8snwz*KR;qx%0weEX%-2@sbnf7Xe{-v!>fO5Ws&C2I+W+p&=%ea4dTDHn~9I4ejhIB$b-e(()
zh3i|e6yvXq#;%VUa4yZHw-ORjmv8;7AP3*=(&JaMp(_?kqRW)q2=LTw*KMly#2rNd
z&#f$lcF_MZ0bry!WmkfwAJ);*?BfjI-4S>_WGbMzx&^DTo!Iqn2H56YWdg23#vTLO
z;JspmkL4M2KpT#@Z6rFqiqG1voPoajtSelc##qi^tP?29-@;lwLI3^w)cUQ6ZtJt6
z@psES;@vU}y<6sFcZHF6!5BHnFGkkW!+z72O4rj#RqJfh$pX$d);th=`fn;rPW{9a
zT0(0&_jSP+;rz}dK1|r9Dho|gv1;XZDQj>q@LQhV;k|U7o*@mud#IR?
z@}dz2y(1m`ZA|%SAKa@&64Y-7o_2tII$KX5ZXa@c_cMR4I0t?8$9r?_S9H&(`o#3_
zGAhRRk4{XlUz`hbfWFI>Ko6KH-;wkSPbiPxhPu&@K6_}hd2V0Mg#DZx#J-{ZCYxlu
zQ~iS9S;piKX2r&1l(JNHhN_~U363AO*9-Kg68Mx|r1Niv`uh73Cg~m(=%>nK9DQj=
z`v|YoLv^-MolX7X4JXVCQ(gn*<@Hm%!!>As60tfEZ?pwf5YAFR+JY+8H^-KY+AN>I
zIIMwj5O);@p74ZfNgw~wapCj%Bi4J($?gvP5cM}To_*L)pb4sRpZz`L;h4qVXKe%6
z7*|Bz?+JAij(d)a_dGD)Ysi0@^0ypEe+7(FnjC!UYf3SW_rMQH|8ZQ5w*upx;#3O7
z7~7FQ3EYeOoR1+-^D$gSKGiutmrGFAO$Avu$8i6w)zJRGQv0KQ5&T*V`9G!n^L-QX
zYa{%6`UHNdaqycT2fw*w$3y&V(9Q_#C#wO!W<&dbr_VpMaXY@tyeE1NW&?liduEve
zbo7d_0g8FQOt>xTL)nBW7&p~BM^Q13QS3bK=CSKODf+*>qrmB3Z!~|7wniD~8pemw
zeFa`8yZx?SZg1rNU5yl{>NT=s*7ss8xaj?-+bv}#_Uw9!jp!C|f=bPrfQ>mj%iw(9
zLV4-EcwdEGX(0GPf^VZbdfXaY4ekG96YWe<@1GqL_iHBeFPTHJiz>~~=blKPo2k#O
z$AnHji8WqBc@ljGw0a?v>-LK+P-fI5-g~Vyi@w^ZKjp`8Z6Y0(VQsxgbhxRDu>)O6
zEc=zby2Zia6P{2f!Ai&WSTe{wyMP8|d#SG51Z%}2?NCgXCgj%wGnkrfIxj2zW>u4*
z9O}ywMz*;z?wrJG!m)MrddXOCk6k$q_0kS)(;muE;QTCrI;B)+oBSlN^Zs}pGpour
zZNj#yG}B0hJAqY|9(O8Q0(+>`7N;!>ueTlQEzLG>YE=5n4$ahSmytKIU$4>{*mkeu
zdXwf$aDcpr@r8GV@lJXYE2Z`ow;9`)G88dhRe?u;o`#c%lkWLKIb7k@X_|20|Z%T<7X&j-BnRq?)G
z#NX#6#Zoo;`OF|aYyDBaZb$XDQ9puyJ?n^ummTG?oQG2pUzSmdcw#y9DcTS4@gADq
z4#M~}PFsH6WXfVe~t(r`l;vB6f8&jt=s>O=;I^b4xPj_{Zf
zK|RJK=Uo5>@-9B|QM>dimYE8sJ@72wM=SWcGL59U@&4cGcl;@XdH!
zi!#j3yz}34%|HKLm$*Ag@&9O^KKhM-X=A1S6(Hxq-t4Q9kkNXGLODeRp`*F2IvfM1fHvzE?H?`5s+ocXo$ZIGUspZM=YQtV-jby8ettN($CZzb->3`YzB~x9m9Q|ke~Lh4CPZzrFJ+A
z{bG-g6*=oXL9On&pcmwgJd#gtbfX_eV;9i6W#vqMrOce%X{?hDbrh$lO(dY^NH?_A3%9NR{!ItBm
z&}Z~bfp6vX?PLA^D}1v_nW_!OVT8sZ6}};lkc{yHx;>%eM6X%5upuMQg8b0whiU!~
zP49OT#s3|es2_1M=e|5su^nZ;RFbzYk#AWu!Z)K{J2Nb?3~!%P*0Sk;j2qz;|L=wW
zi!M6l^)_Z5UsEl$VokXLMlO4#1M3`z`dH7*)Y3dw61Ks&)d1sG{FS->vuh&$_>OEV
z%LzD{y0002@x9&__Q&oUJ3XO)qI(6sUFe4$&96=--}Bf`QlVPi>IpgMo@Qegj`OS_
z`aHcwyk1Qg+KuE7gum%ff2@prj@}%0cg2^HMc1^S|=<+en6Uufe(m=tyJp%>v
zr85OL-t>enlE34n&ZB9+2A*UNldqvK{x4(tn+V^YHR#(=Z@W9no{#~wqj(a!bGZZg
zarFN_NV0fMC;FVP^`dOqaOAmtdHtR!`4Vl}Xm4$zwY0iZ*pnEnFNtEYU6OEMrlHP1Q-GTe-WI-9pBg+Yo
z&JG?!qiZ|ho`-iN<$QTHzbly)C-!xVmp^g*;+
zC>R3^V0i6`4h3OJWNUU&n@R`zE3Nf@2=&ljZe#YPCZ-nhIL>UXAK#K1fqnnf{kQ}3+9~gJyOGy;@Bg!TU6Sf58g;Y=*y#_}Sew*NyF*U%WA_(}*3j8)b3o?vTb}xnR3DS2}
znWY7MiFOs~gcI^14dgpc?|00MTCWip*tU(Og`KQ8kjNBX
zKM&tHFxrPW%(TutD1&YCH|zn1%nAUGkfmhyez(Ft>}G6zpp`iS8sLw=+^-$JnIuhZ
z<@Jp3uTJhC+!_}C3sc?C5H`KyeMq}ej(T#HT|>Gtn?0oXq2FzOad!)O>Qr{MTes5=
zHuJdW{*9K6u6gh$*CDTTwP+rzaOHJ+LjU+E>A%9Lzp=u(p5Yxc*|~4Yu2uMcOj9v4
zRmi@X4(=b546^4SUk90f)Mw&ac$R3zz{^PQGx=V%l5fo%ICtJ&A!|*yr@GppR&a-3u}@@>y_JhHX-bD#O}MDWvuP
z($Tb~FecJdxGs0J<9P(@*KZk@dv7DTSLm+h!x*KrVi=!?{gShBT@UR2$MpDTFA4b-
z;o*H;_zjaX&J=C$LU?o*V6kn3gd;?=Rel7lSo}
z^0aAO&Ycy+JC`Cx#K&A7T|x9kehK}W*p&gAPn^p%noA4heTU$q{mjZ`vROe}mnZaR
z>d(-@qiNrY!FQ^$MOfcp@`yf$>98jra#ctCystUVMrisie~4Q)3X
z+P;Rd{inDuQ#qCY_krp4|9N!(i?N;ito*IztZ^SkJoBBedqTgWc^`gJmzjhf26+LT
z$18N-@6?N89((H|dX9ggc|7oW|Ch
z!ULo;*n#D839ilQ4%ZzGwADQjT*`KOy>*^IE66G~w$q<`y{Tl+s-}`8w%*%9?e4ZL
zbDuLm32XHU7vfM!INaEeG(fcXKMKG^W8Csa;ne$RfSi&b!Dg
z1^y5FA5egvDp#88gbucl+S&zWjs6ZWz6PC;JV7V)C)&%K_UpPDjEOQ-G&Z))fwA#X
zSF?)zcb!nCk=o0k_7?3I6+n|06H*E$U0uUb1DmeG9U@ZWH5&`&OsF*XbUvtxcQ<
zm47V@a$o;{O(!?yluGxIe(1(%i7fdM^$C%`#K$xPNH-${8%#P
zbtfPsQG=pJ2hDq(7t#qqqZ1_ViX<2z@|$SJVH`pd1o;sqLKMWfrbCmUvtz{-kab};
zfR4`SZsC%$u*xaG!9RX>q8pIe)ykf8?|I$#^-nska#f5
zcS_}_@bZ(ou}>C#?+rYDGjA)H*Wh_P%z~sd=>8@z~6iEeG1i~1!E4SZGy2YyR+vH4PEu*
zgH_XsYpLW;Tx-8dn7!rjEY!a8Xul$_Q{Y~j`xrY38(Hlf+P%D3_=G2RM?e3;F(nb!
z3=^nM%`m4l_x$4mbCl%HNc;YYG@h*7jcu|7`i5tG_JA+x3QeAOT^~4$=YFP^zT*v=
zU*zsK_b#*j*zXUvcX^od{NOjox)^zW+tBq9<@vym{GwmudCQ(8_EE>p`>*g#8t4Vc
z#wTb;?)MsrW_^HWc)$016aU1I{YCg3Ar`*b1b=k@fFwRASiC#hzD){C*O32icKYp1
zRsv(}oiN7E>#U%);(yt6gOC4&h566Bu-_B-FB!c5O6GHmb>u&`d6!s2pwG-T@IID&
zZX@}W?}{#;CrCcI@J*SthOHrD23xUbcmz)H|J6z{42Fpz%PjHkt-{NwjueF7gf7QO-EgI$T|(Cnf8HEi{M#OcGa
z5dB;C(HNNG6TV`&pKr5!G~d`Bo!|Mk>(KYl*F^u*1A4ecH}~i?meYPF0d+Np`-Hg(
z=SgEJ9nNy*N#gk5XNzP%GJiYW^LD0K?%Z!~M@+~RekWi4z8;>Ve`+$ngK@qn71ne+
z>ckoOe&W3hzB!T*iocVuHUq!5v}bi2zlZ4dBgUs3yAt<%b`u6+O1tRqx)and*6eo`
z52R03oA(Pp6DQO9&9Yml?Cn%`@2g_39BHEdDWrb~;rS~G@_g2m-?Jn?*FFPejd4!K
zP)wQS+!wk4a#9r*Z|@|n1K_}m#M;>notWzH*V|N9~IZwLBU
z&7pWQMBj`jV`A-J8y~C>(sNUMnpTj@TOsshTzx0xljF;z*wp^6QQ`4q#!x(&CKjw8
zmXlg5^8F_~e`!=OUd~R6GgA-GWxW1esPC2#`o4xreKEgZbb;doo;3G=Uor6kFBFx7
z&e;fidNj@JTj9Mrew4Qf{@1c=_d5B#^BZB#s~Ct2ItO?(2q!5{I&(MmG19sFW!itt
zdqwE9?C-dt?oNMG9jpZ@|4Pv3ZFW~7>h$NtGlP7$G4-Ot8eQ25D~k2B&vhu|oitjm>vuCFsRTY?f};cNgV-w=Gy-uY|RIoW?7E8{+f>9mQcd>{*2Z(_GNlN;H~6
zXvmo6r-{ykZ30g`*`94=U#bew2<-p2S>=vcnRpg>!AAZ&cUJ26L3??IDO(@O_Oq9*
zvK`N5+tAqr@;wgn6t*3Vv6MhDmrR|mt$U@jrf#0U*N$tOQ%5TyZI)X>eavdAOYO@T
zHv`*4=!PfI9&Tt47qy26+CvYtM?U49{&M8@SV3}3dpUZ0+(0z?c1CWG`nX{KhU+sJ
zTl^i40u5zZ$^OajbKrej-IzEEv2X>=tBGctL{pRaDki>G?IcWg4RI+Q#=RW(OVCIp
z8WmA!MoC8w?~Z2rVktT^+GH7|OKZO)mN?|5CbsgoS`VvC%6iLVVW
zS?eR~eFpJX{SvlUP~YF9yrnN$>m=t*Gw;8_H|}BT`xkU3d47jg-_xV$yV;kH4v8@~
znEuC;{>%O#Ws*I3$sXRJx>f=&>*Mj8S`C;bDGRCp@n_-fqm41U5sV}
zu4L%P#62?gjB7mFOuptCkM;t;+fNmb=D(H2*hZ#YS5R5~+av4PtF%Vz-5%Y39wHju
z+oQMZ?}*N3{*B02M)_85kF2Lnl&6B1eVWS7wv?SuG^THltQWV&S;sG7zjuNC>SVvG
z!G1Hi{pQ36?RTo#|GgMlE)NiI2Vcbbce;jhcWqa_O$lJjH{+aGG1#A7>iBrXaO?S^
zc{}6#npeeJ`56rjIb2=6gLGAU(WSP^rp%d>uO`{?Y&fUglXgVcZEmPHjrAe@)a#V@RBPzi8r0{%(Y*LzYfzut
zDBm6_pB%&JBg(S@-aG1RKXO4YFT7sO;NG_9wQ*mi-h-_M50K?T`=FA{Wg%mecbM+ak+n
zE!D4PTey4*DR1ev=<;c${8P4B<#W4DKED?9rV+g#wnpZqifDbdH8kFo$nT>32e(G&
zr`E(jgm1>$X+8$?=PaJ_blC2aVX*I
zm0L$3@6#0H^5=Se@W%0v;=Y76D57$O=X_nBIcubj*YZ`F3~pE$M%qQ
z;!PNjb(r$qNb+5^#VX%aG2i0y#d6JZuuh2}cNVgK*k;ctY_;nK$N!}|PT7L@pTcE7
zo!%#IvC6)OWRG!8MgRE_^q=mq{xdUfc>QM?)p5sjBd?=3q>eY6`VTZ&TzDP-kIKw^
z&RWMcl75w#>tFb0R!IJHl>f}L*8I~b|L39cK|n|D7(xHwFx&sx*!Fd~HfUe}L-`EI
zHxb%6$^KV8$?4UVUHLABO`T-c<6r5!iI#eZy?Qf_nYq5YygA&?JY;8I+Ct}#(e*wE`!GtBz5
zQhoM36T3cNOZ8bz{MJIgSx_I}yi+>&*M@qDm@&ce8+|(+Em?u}OFreD{*1M*`J}J6
z4x_#~!>n%w)%U=r*!4Xn)z?EjH$lG9P+y#rmcknDPrXwOxzA3d?KYQJyn5gqT8@n=q#aSorsn5k30Z|*;0-!y{-
z*GH$R?guvpu-##Y(+BU@I@0i5jzY%}c8?5|6f8_pe
zn|A#DVd!(_Fz5Sz;`!_Kv3dSL;`uq^xqCg{F9`As`sY3jJkOTaCm2tz#t-vnv;SW&
z*3XPxJ7n2DNqlM{e5OR;vxoQuxpcNpXqt)qE+Br{dW;<``1z5ZoqrnjS@1sw_g>4%*5;$nigEj$RAzSs633VD2?sd$@&UlJj)zwmTrT
zT{`jBzfPD#Qrn#ehK2c;Mwow
zVd}+wB=7b$vGrnyq!%+t&NY}1^dhtlZmNSGK|lV(wEs23*N@4>Z(nn4{b-4xA6HV@
z-OYHOpk6e2+C$HGG>6Yk7*o0ttH&D8MU=6De8VpjUlkGapMEPAzI@XV<0o8hiiR)W
z$7B6XfNy`pwC|o|mEXm&%1d~z-vm59#_#u-_rzzLe0B2ktGScBie2|K4b0D6bIIeS
z``u@H2J$nTKXK#U>rB+wHT(4vyhFh>S0?Vq9&5SN?-?b|@z;#Y^t#{Hy#wjEpRCWs
zI|`RK3qJs$ZN$Uecp!bgYGa<6=x^gv+#GW;<5E>gM_h*1Y%ehE9EY*lI|g{US*iBi
zz$(8~*h%-TbKfgz8W_l2f9Z2?&%nvdr$0I39T;c?J|2c{Fh3&@Pj%Gz0>*sZ?kAeO
zc9=^}$Ylk-AJaL;jbgvw<4d@X-xsp6nKLndX*1MEVHr@5d47GA@Z%gxJzSh;SHWTX
z1N=PLZa-aw7~Ny+9^kvm^XGxaO9h;lU7Qy#-0>-4WN2;rrPTayzh;D
z*A(irkoM-)BG#J5k~$DG=;O4i04^lHU%DFaha^S3SAy?L;XUicxbkNyu6*!a?&@gw
z{i54}1NFZlT>m*1*>v1L&F#i`_ZrLf$uaJ+yq<>0G4Ao5zrl(ntVX#%gypYnh-`o8
z6O*^O0m?4+2{|kY&^H?Be$6o~H~2iKfnv5yQ+do56H{K!n~1#iF=HrlLjF#y3i_vt
zvB+r|i;(8tRY96E4mjrDu_{`8$!|GEa(vpm1<;q}9A<@HB`wqNz;Bf@iDOr(?5-JZ
zwmQdF{%*lxwgBEwF$&yl(!+hTbd8MQgzQwi1RwP$b;vOwY3}%%@Yj|jj=+(V{Se#
zTbb@M1V-1S847zO$3DGXJIt!RigSixt9L_PtAS^O<7*sd2Jk!s@)^K$Cg)j!d^X5u
zE602wpMIC|Yel}VN9A?jCCb~YMlY|`HKOw7MJlhB%BvrwytI*(r$;KUjLIt?q`Y2r
zMCDD2R9-HXH+?X9j;uV#Nafidp*+N+NXr?#Oy^w&(na5ffIe>*`dlOFa~#*_zeLt&
z;9IsO!QZ5uINu-l4zmK11>)3YM3u!K!u*lU_9pu&AH;srGDal-*H{Gk
zA0zqq4yMl|v)5-MmDfV$wf^+>TE|9cKO?l)IU|*4uPcf^=f&1%pnDtFou8t-DY44~
zxm_cd_jlQAX6*8&tCn%l2HzldFYdRz^Qah;)nAJB%q(ZAj`0K#JKfw{eUrZVp@zxNR*yL>+mAkfHVEh#4Zs5Lw_--@3s|oNV
zuwBf3qJuO)_123$Ro}%l4bSI%-=}G~U+&xI6hSIFshSLPBaeXPZmxkyU?
z3DOT!8q1&0Eb|Qu{}nO#f4xiadk@juMd?|T{spCr%=$q3kB}~)^fXH6%W2^M=TiDZ
z;P*Bujr`wC=`Kj$I0*k`G5G)V(|q-6C_kO(y$|VBNSppq+bM10g4R>o#8-S6(hf+Q
zxVQzF2L6+!bPDjBAf=soKFvRPu9@h1e_Fs#9KeI29{q{|Bzv2##ulnzL0JAM^qb~cc
zY$RK5s~x&eQk!Z2wL|ww>Y_Z;Igf*V@A6jy--l~ej={hJdqNkAcGM%LJK{$PJS>#U
zOC*=iR^U0r;66Hc6A#_+?P$inj>R|T(J9ZW6}X2djgS17{CrrtCj0rUdYt;d6|w7z
zZPYx@<+Z_h;=4uDuEu`yPEEtT$19l@@Gtc3(=g5&_vhQQv7zgDktpNL@$NIse|V4aP-5}x=$))3^-khgR4wC_5@%oB
z%mqBwqG+QQ-bUzWb~eyPxzt8^%Z2|R>OS}Xn@i*0a)IkA+N~Yh?HSV1s(pjRMz*Ze
z`TBQRB>Z`SYco{&kCo()_YEgX^1qt!KofC%^a|dqmx)*e_+0y_p(}nK?SCv2v0CJK
zYA2p==$b^fnzKy!shF~uOR`8?7762$_CJ;i|Hh&C&ui?i{SFwC03Y-sD
zyTT67M*Nha=)Y2{8cuBcRu{*VoB;VWc5P>Bny!z*7&yOc=qj2`{ofL9hhNmNv->b!
zcO}c(I~bNzB0F`_jN`F^>*hca#_=ei_VX`6zXgGzvWL0-D}mk~3x>+w`X25>m(1~>
zW>?ex*Ale5Q(wdr22?EnwR`TS{%?uozXrc1jsuSmg0V>9+iK!1aS8gz4UPV7M89`&
zkbWM^;`>pij{Tm-neN57|MpExf7`MU{ad*>XkU!wLc5j?*{;TuUE%yM1?(ym9~|v#
z3}Q*W(a?3~KC1uXV4RN$2Y~;F#PhyKgK?0|{2v@@=oLH88t5Au&-b%RD28LBA@--Ty36p~
z=w8(*;~1rzKvr4p_P`jt#o{wOk^2k_njK?Zns4kR4cFd@OzY>*=D@Q#;#n%lu8C!G
zA8?ExQpPrS1aVACJ0~IzB;mb$_iNh!tl@a1{bh95w2b4CW_94Vh#iX0n{N~2EuO>3
zm@VzlPsnF5?~#m`)(8yIruv_Cg1vGqhy8|lS5|{@v~vRS3{1S1=bohf-x_S6ERadb
z;QfL#$3Tqu2ce$puWEE5UWpa&M4|o7Wr6+8-bIHprjAeWZXADIap0Ri>o?ttc)#V}
zz%p`dX>}Un#aAjeiXRm>!%?diVqPnr!8F5RcNM;Niwp7AFPa!%#g&5QgFsV(u`PRA
zrG8={zyB&$`C}g6V=n<7Y?hc?y#HT>xOgeuD<%0YB>6cP;aF_dZ!>QPPG`?38>};~X{WPuZ%qW6
zi19KJ{(d?vzS6v)tXohL3;=f8T9=Ut5hnl8V=1R|_31Uw2>f75jdrYYTB7
zvfdhJq>9#wSidWI3_6U@OLTeLEC|q@P%YX<#WVE2^qKu}+VM(gr}2S!TF!~1`w$lF$=vR;)j3G?gbp>?(1>fFonZJqhzgM*5CkFWPN;VeAL9ag07?=Kl)v$4T{h9O}c^QfS)(Xxq9#+a^<+=CQc2zN2q}s7I;=pC@Qj
z$voEjxwqu_D&7E(7dVfzh(|xr65}1NCk0+dX~q9j_q0J#U0L3yKkPz@)ZN)Q-7JEWn53PcLv3_}
zA6rFI*&PzCUAHQmAvMmdCMHXEP^lU>>^b+I2lqWdP1Wv?{XsS7-g7_CdH0@s?z!iP
zyawJ5`i7Yw$`U>h2HKc`c0=$zq_V6glnH-Jd-Jk2{2a!8l%q}!{*NUX@G@Tr{gi-A
zr%b_EpzvExesLnO=5K~Iz)8MjBHXXRGumJb+%gUyC4V@P0e?7i)tyjogO$Hw{Mh$J
zP#^xr!5A=>i67;Vv=EPPodJ7kbYhUlug6wy8;#
zXg;B*hWo$05v2XEW@!9sqkI9B&$aN&6)KlngT8^kcn5uzq8*4FZzluy)4Ay1Cp(q`
z=|+87cHwh67v$5%6c?PwY(?Kdn$F&6;*A68vlNkR(^$pz1ATXrQBY68Y$EOx`ctg~
z*>23h{&BmqqPXV^4NW$*bCZeeWC
z%GSVL*#B_;e|#wa$5Z@b3bL#ErTIS5pYsv(^RlT}mKE@Fe@*2+SuM(4@2~prq;0~t
z+)pX5WA*Sh9@hRJT7CEWm9a1$TkP|k)7HMCDEGo|8=5}9NVYC}OBKs^e+BMoslGl0n9b?fe;fa!;{1a2RV4cETxpzP?$!PTbe(LvFShc}&~_80b_e~9UMn8X
z{wzUitJlOsXG}cA26*VJ0Up|K@c*L*59JK-&~W_2^=|U{=TU=)a*%%|9*RmlG)v;4
zS>K9>M&h5;NAD!xWZuF5nV3x$dB4Y{@&D2=Z#D{Z}{oFu~<59lt{W?
zo__*=#d#yME#A`KUXVHGLL0cBqTKr~=@dfCMJy}yd-iD+>A#kvK2G>OGvbL^^||Lr
z2kcmWcmB@!{l~J?=@?Hnnd@3v5cy*aV}DG=_t7U<5PflC?C2!;onYzzm96G@wcT6I
z@oFz^HOH&%+G>th+qu;ouXZ^8&RsT4eA0h?R6UP2uUpM}gZC`=%k5DAS*g7k!2ck@
zM*;qO3621KQi2Zw{A&qr1o$lpZUFdo39bXUMS^z%+$6^f2KcZXzZBrVk?q|9mg6m~
z1Xzx@P!8~qr0e((`6@bGMoC@$3`FsZOGqU~w
z;EnQn4)A(8-s_gM<~4G>SAZ+!c&`AjlKBVV6*B(-yj12NfEUaB18}JXcK|H=^KS<@
zDAOO{`7-?ho+r~EVA;Op5WsU}`U9LJ(;whWnf?Gzm+23%Po_V>Q)T)CEboWa0H?_G
z2Y9?pe}EHZ`U4y2%0z9`1hQ668g1+JZW+AzRF`
zp{@3<0cfv4<{y9`miY(Z2W9>N_&%9`0G91V+yH0E{IkUzU%Ri?9ACSq)*N5^O07A*
zc6Y5gzV@YBbA0WtTJw6`9ReP;@y^7U}^-8wiIP{2!e=w5%dJI3y^cQz*
zLp?Rdk5GEsLH_7_Yj^9tPtyMP2$#80SA+X;OvDlFFD|jE7tprj-&yq^(6705zw-n@
z-gr&XM$sLACY;@N*%$hz!r5(0vU&mUW^eRYUH35c514=HpwPd({|KFb7K^t4pHjX1
z?4z3kVaDSdpQHP~DiTtGSyA{YPEDH{(U1nF{A|9sV$e3)f4wJs83mE)D%vijFZ;P8LwCL|;f}m9Ykp
zv2ebPJM&v~7rkMTxHES%_4>{o;>>w{H|akh?>S36k_Ngze}V23XD&is5&8jcOOo8V
zU_8eYZ^H91PS(-gt!$^j?<>Pt2&^{&=fcQDA7g0u@sw
z*?uL71&;JNJS{s9?QVV6u>UFro^gt_jg;06X`OaYixXr$V_i5$_5kN0uLtVDIAi}p
z{f|+af!j{Fhf4X{)tn0Qxsi9A@^(R9Y+D+S4}`JFenGPA+EQW1V&ESk{Ib&F?O1L*
z{?gmMZ~MB~?KFRflj%F`E)n-tAn#sBI?N+`9JiC=|ImF#JK))peOeN`IwbxZ$onU7
zd>Eg#jK%Zw$y5P6de)Ts~SoQTz%Np^gGLrvG
z_*}P*=6dtNd0I{Llu;t|;$tlP0n(?F){C9g|2`dKj*&k-$5SVUx8WH1ezsj7`F=Km
z`$x}i>b4blq#$KlA;9BCjx#K?ObQKBs89{CC|fw_?JF?$LW@i!@FCb
zH}*eW#M@(iRZvgqw3SRf&fL#?H?!*FeGasp$c}iJKjfd}D?uA-Ek#lBUftBjGNn*%
zL!~y>QyV?SMod5TIM&OY32k^kl!5U8_#KIl-zg=r`V(#oU0x-+94i)gs=(`QZf^I+
z|8L3V>rWY9f9BCzQCEy-+M(aJYLUNI77s5!2>$IKc(3|G9G*Edn}wZ&jmLp(rTeqw
zV&plDpHs?p4sI44QMW(-;&gSw#c67ty|lUhK(RiVDLwTki}hsueV`cq|M%3V6zk{<
zb8omv5A1lYWhSiC`{T4wlJ$NH@?`lb6=2hS&JMFbNH@Sj2VWCmP-kCwFm`EAIIYEq
zS2}wa-TxGwPQMaP<8~^To<->yMYwNgHl10jls*J|3+jYX_q4<@J81lML%E;aQ21R{
z8kM_Nh_XRulNWIDy|T5;C8U
z(fVJA@{Z{9=n?uXx8FnMa-kgh@NKl0LLXG#@6K?3b4NJ8r5*7dHHC8^9n1Wl$~dSD
z;2i~yi#_xd;cN(rzHyufrt2QSF~)O<#>4l2WBi2Qfc%=G>5~Az{sB!-kjgbm<(jA*
z3yIi&CVMZ!Z;2;~y~N@09TO81$F%Pnz*JOZZy|UzPD!
zOvmqW0Dpsozn<`u0N=`+1;Crt5}j5P?&Y9Nrx_+XEhU_epiHM3Bhsme@Ec|P12aaP
zk9mY&E#se@G2(pW5Pm?$UopcpA1ft%pFw}XZvfmBz$=&LU^3-*Ya$-9}y$(umpnB_1`t-OSB^3RQumKK)&AKWEXX}~aiWd2N
zssJpXPg4Pw*ViO~<@MDKu)MzF{+GzqKjOFIW(E9BH_j1*IqKVvb0lQze8hl*_<z1QT}Yo&x3rwlyBy#AdgoVO$&1SV2npLb%;GqNQM2fH@AHDZPM)>LZuPm~{m{9H==iqZm*X7z7}@n#j0_ji#^zB?b!b(zih?!(Dy
za%^o195ic6(Uy3Eqb8UHXXe0m)Dae__sy>6dP0N0Kg`3jrEn&klRdso4PyN>0hh=B
z0=(}NUUQz{bF53*j^^NKhLleygPX$h2EkBpxiiU&yZVF
zNp2laa%%#~t*!yNwSvp7KLxqfh)b#LsIbVZ6&885!XmF$v<&uhO@!{TLWA;jeT!9&
zb+f5$sX)64Fn7rpe-NCAaYcZRyNHe(9v*rwsJ_klEBE2spKk*!^N5q;H(Tw|Y~|I3
z@mx3fdGV#AAV1SPlgsnq%#qJjwC_%Wa%qyk5XAEm-YLYppQ+<{+!lPRS>U^ss9s1A
zx=MbwwRKe&I=MfvtHo(<^@2Hmt*0fmb9Zau4qE@_iF5xKZlU|Q(>aunf1X*tfibPI
zkA1`!snkb1^%3=^7mPm67JW3gWzl~>1n1knk@dH5UOS=F{kwvtyf{s8Sqi
z5bE-2$rvYQluvsO>YN1WOcCkRZ6ZAv=`5x1bBc7l^ByCmKS$~K{y#zL>t;w_V2Ov4
zXvrUIfgiNsCrj=0FwqX~_YiY{R|1y-DBEboO-*53}?~v$`MDvc{*OOAYz0j|xBzPmhUs65sknT`L
zdYwb*T_?fWfcJY#dmA7>q0XCuHVlZf0B}rcqr6%vw7(YXk?9tw#kY4N77AUEj=+|MW>ooPtV<~?D#xUBF7KXIrg#TA-&3QkEx=d-%9@o~rJaPdSE-yG@{&3R^WFs-n$n;@Xb-a<$6r5)
zw+`AirH$h6IWBL2v?QsmO@Oz>Irx1)X{qNgF$d_
z-}?=Z|6{_>9tK}=)0#J1ta(NmE?>a^sc!R{Xtc44>YU^>`@iq}C8M
zY!&$+py)>VBX-mcE{>d8s_N03irNg{ApUQ|^C$f8yD`)c~XQ2%|2Y4}FolR3qT$QRPIaBlOS2WxH4;Do2UM(NK2?z5uDIj~kxRB0&
zvrnfx+7!)sQPEtzipILetI7?g+khUM{2<$H3ueSQd}VvXg?jzXblvB~GuYZ}^y5)u
z3vpi@jAi6$j-XmI%B!LeI1S`LEm=_&n@x>_dPJU&=hrwP&*c?34*K8t1Gs)ihQ9aa
z0+=tHt98)MI(?088uu5%SYck!;Z@f_AMnp-ivyhL*&3S;I7Qsg4r4`m{)t`~bG3$J
zKG$DxSxZp?RzN1niawMHTY&M
z(8@0H4eElw4Zrl;&HVCbYQvyC+8^w+&-Zc}PNM%(gZ=^3SzRp#oap=IN{QcAqLrj5
zoaP?KQ<_2Rc%n564AR>3|B}{zptT=xN{H4adAFnOxcw3I*TB~f56#)FoYU#QmEwDi
z;p@xB=qcAX@0^D}l~rZLEz?8H2Ip01qun(>hHpqZ;Me<;YVH#wdeEmfa#|U8&Iv7m
z=WDZ<`I6|)IiBvEpV&<2zZ|i)#_S!}PuUZiI_zapnbxTDz_^)6ufwJE{sqdIX;k3d
zyUjl>&fz!F=vS^i*}rnlR~E1upp(Yw1n~a}onD8wUUyY0=!<8K&Btj4u!&Y)pw%0$
z%Ir5>dlcE<)f>>KBvz&27}wDlpPpqNqX)+JQg~Vkj?E8y@0(E1n=rN@)1V%23D)x_
zADdqjWAj5F{r@Xtdke<)mSt>j4Kud4p-*pH#`ZS!3GWn-x~Bg6n5*(Q@IoZw5;hRN
z6)NY~h^sQzZqMfLx$!-bchWQ+(wfJ@SwDT!I^Awt5JI1l5!ar!b|`-~pz3=Mr~r6C
zhrhb-V4*%1b=U`|={8#pe;W;Tw_#n)uF8lnT%~&tD7+udz^7Q&dt<)tOVN0{fD?K7o4U*v4$zGPFUc(S0YY^qSeCAAlRPLtflARXYpw=?xd?YnG@3orrr4%HiAdGl4uMvc@IZ;gH+MF(dMMWn8b}9+SLt-oNbBX_MFvj+I73s*xfc62tv|L+G!-w?m09@
zO{2;FVIoOsPtGp8+OA36lW{X5#vknWd++x#?>z>BCx38;cfa5J``+*U-tYb1&(#xD
zwpn)Jm`S*
z&>!U_ge{f=s(-kh<2?Id+_eu2{8r7OCf#}aG%a&Kw`rj~h(^f%St8yIi)3yCc`nwk
zhlr*EtwhRJFJ?aNL%q^VcD}t0w=cIH~_P4|wiF*y#T{}srUCeRg|^piW9^eq|HYPF1in#$!S$U*#r
zHAF3WZ;85Nm-XELAIKlOZ&81sIBQK9Z8kH0B
z-5iqyb)jfR9hcqsxA<8_A2IrDU|AUF2$LHX^cjQs7BSDaz4`u#x!p&g-ESB&DWpXB
zyb>~quM;7~(JDx@E-d5|=nh%dIR<6$7iVqm!S_^g{hmjC@&xtCsfFUs
zCe*nnl(nJ<@8Y2xeSyxzyBBgCha}LtC3&$5zkPR0KiAwWqWxy{jhh(H@LBoADmwpM
zh&JJI{r9V0DSiKS!hDzehP2FqAuTI8q-C64qAeJXL4E%CrS-Q3QYWmPfBX{q+g8YD
zE3BIfNq?)c>2F=Yvk3IJMZi-_`de*fv+eyZH;#AM7v2Hm=~2+93PGQev&H@}DjmPl
z3~L^5j}Lq*-oI&qZ|HkHooN_QA^i0?#ti$)uRwTL@U@3GRl_t{_T=h)Zv
z0amUTvhnr^C%3;e`e%^+1Z@t}Z1$L3lYIs0DDRx~?SOBG2}gg2Q3f2ddd6^nA*F$eF;Q0fll_g*`C3&VVpc4Pj6qk
z^t`^Y^cbGwn9}nQKF!|{p1+hqwy7MEUdsgKb5nXFEvb6q``�^YsU|Qalf>5RACK+K@Tura1i#hDzf&r!uA;G4Z!6z`Gsyd<#uOjI
z;??xM2j(IA!gx6rg=ou4>SsLHHRvuAJ(wxzWhOel4U6>;vUK*dPimj1I7Mmj!v=A_
zNWvDdmd+Q8l>WeMd=H~xXcgXLbVJ&Rc|Yj%_%S^k-xv3`^&Ta^z2tnMV|Z-oL)r?|
zxvyCcDlYi7``6FLF@SF%PK-ZrSZB8mt67uazt10kewQOBY7eop?hw-s?}J|)9|zdw
zqa%Oc*87L;H2&u!Zj`k=$5>fxgq6iH&H+|7DTbLhuUdQjP+RZQWDiNqGtOisj!9O$
zj_@DnO&u?6vElzUFa7S~>PU@Vgonl3Fzj1>jJaR<$^E|77Z11fewFwW
zcj4O$klsPRUIOV!>^t1P^RRP!%s(9E??@p2kx%-LI*q?s;nNWl2FrN>>WAY4$LA6n
zpD{@9@p1B`G{#1JN-?a<_zvW6MjMq7TM=|ZdzkUTLu_;92RzfCCw#3Z_nSW--omoEA2i`YuC$>
z)?uZU18pgUOMMuQHks&Z3|}hpi(s1fW4r-ty!$E5Wk^d}Y0H3CfobNwEz-D4<D;`Di06y{5azw3j)>BjsW0-w2~Ec2eCw0@~9Sd00Ajwu1d9g;cd`W4-ETYSP@6QHuXl
zh;P0R8u^h=HMikL;%foE$?D&p?~6<{S0pI+L~SuGZCeQ37;{_nlgzqQfc6%~@5&i<
zxyR^#pnY{59#r<&ov~4}1-w{*cuS?0J7d5XH`jYMrTJapT`)<#A9j}dEajKab4+xX
ztuKE-$|srk85s2Izwf>kEpVLaBJb$3_?16Yg&TZUwm1tSs`_S8M
zy&VSrdp_a6eBzn--u5EzJ$~5zi3MP2+?F-zmgb}OX82RHxyZZ
z3HE&dskr1b@rRxJV}apzy;^=mtn0ZeFb>9{sDRMz4Q4D
z#Pb_EnZf2Oli+7e>HgT@Oo6{L(fy{g&gR$?tm)!uXFckN!8aX#{*FT@jE!%BeuVq!
zWf`dRolebv>dWs!+C8IHK9#Tcr&pTKbyS9DC{-}1HwUvjkX8q@QZC!VK(ptk1K+f~
zGr+eR_!e_M9r!G^R(==MiWi0Qqm9%CCtZ&H?b`mK6q-8bi!t1H5
zYA(tLPtQCkYvD_6z4e6OQJjlDs?T&|zc>?*gc%D%8-;c0a)6JkYWP3uETVIbqDtH+
zJ86H){V!zoT)O>S!vy$F$8u8mT!n-WZs2q&#$Di+#ln^=30p4OaUCQJfX8Heb@$jY
zy^MP2QN8sXVOvGsO%74_=~VY%PD-DfGX9rW+%L1^f1xiU>}CA9P@YPd=YN8Bc?zbvijtVvGf3{kOcJ0P_oEXLT7NTK1?=t2!
zext0!vjgBmyIl<5!|Ob%sXqkSGGxO8-A_0KGVq~33T1(`8x?lBn%_m>SaqU|eP;ht
zs0S|tyDVf0eD{Uico(xYjqv_HM8~fecC|?G*m4wib>O=a)8Y2T--)v~p5{=h@15Lcu{pSeJr|TE-pj%ck3YNcVFaJp3(*q>Ii$3ki3y!eiX07U8)Ru6WQs
z?2daW+(Y3m54MLpo=4%C6rPyYAAqoUA%!yvAB1oSv*^N>_m8Gc1>fT`=uX(?r7;KU
zNLOpsL6B2}HaT|AhNl90zHf%bzP#Hv&GzkL-|x&E!~5UuGv80ZJA4KPg0ZH5P8d*Z
z8e(-(KX>5yaQhdY4+DRE0~>#~8!g)t!L=1=@lA+zanPsx3!)Km_Ow0L{$P_Xc`IQ3
zjfTzR2YBOVedC<*{zZ0wAhfPY!@U*aP#hxszWQvF9s+t#(@dfNs%#$U4&U#}OFUoG
zcjfP@Q)6m6-B11R+L>&(mRGT-#+W-QjjItiVrt;rN%al-ADy-JO*8aOE$V5>(ee}~w_znW!4&cMLXP+O>=j{_^&7iV=kIH({)gM?&
z9%?JJ8{=Uxb;AwFEKWpOo?V-7C9>abb!?7%GPZwkA
zN&e1Gva?O)_Z#u;3baiJ?Dx?=P!WSLIoC9wz0gNF(5A+innV4hW{JCq*7KwkztOLE
z5WhET{C#JXFZT8_-?y~Ojz1Ib@~O=Jzzd*XHE*FRqKi?(2W<}*Ua152d
zEA}>7QNFkN2H%&|fm~2YE@qNc8^tnA{r{S(mSg|-i}y%6|3by{`ef%f#dw&D_g!I3
z%!jZQrt@$dH}jD1$EvEp?=qWzK<7HuPwu0cZ_2T7wJif`6`E2efrI+B%@2
zPnz#{ioPD`>uvP)F6)@PMt=5Zowq;c%z8{WVOZ~jblx$qH_xi-n~2%aGXDN|2FzuY
zdk&b-=ttImP|-agPXohI-FZ36{Ubdj8RMcpiwij_3EzSiJQ-zjrM0zRvS|XDpr<;%&fq9U>m;
z4KiE6&sFd&LHJiLh==%k3~~8-9N<2nX59|gY%y*E799`I`+dgxL;4JJiM8ZA62|^LXtz4+km{WD?cm=IZWI3s&7BU0I(l~8NN>roq+@!2N$IsPfz>+I^}5NG
zlFt=v{Q0?Iv&^~Pc+R-<`4m&nb`}CVer?7u4FSqQ|zG(mGy+g>P
z-3I>sE!-=a@TlzdpJe}d?ACaE`mu5i1h{>xh`w_YRW-N|#66&W-?O^FMZTviwVU{>8TZi>H`>fl>cS@~@aI{|$@7IOod>{Cxin
z;jiw^kK!IYX5P2Mo*iv0#(QHmWJ8JD%V@sKk$8m8KW|veHV*&(Myh;Hn3FTPeZg-3
zAUlIMHGaQLIdkRnmUeuL%IdL|mD@kAo7)fa!}|y=%fh30_XTaWARF0e%2qoS`v%nQ
zNIKg_x;}o6%C_UWy&dWO*X!2#uaJHAamRfBftORh$jyWwP<&nBC*XTxdaJ;Qc#Lev
zp6ddiaNC%_-^Y-S(AAQ3_IL5~$?@zC?Gku)hv*FB*yqCjf@%E#WL-9$KVsR?zxQ?W
z$vW`4$h*$s&lvdvJTj@rJCIqewl43%{g3i<(6334Qa?xBI+j#fm4Y(M#Ufn|gtd4`
za{DVH>7xEQZd|1@6{{tZXi
zc^%ogwDoSGFa}}RPKe?77`4l#krY;=(SJ46
ze`kSqXjclWF=X`rh$yqc{}tkojf}@?OzZy!e8+E%-(TT67m{urt$@FfWR+(bG&e)i
z=6JcZImYKG-BBx-R>Toc7th-nojEV3vF#ZVxK;+<;j~bb*7>t0erFojNn^f3e*Rn@
z-)f6ILfG=Bt_qCSPe&WCI6wzr@+aKi5%bK+TQqjh?q0g@)^Qcj)!qhLv8E8Mm}sq6
zh2NEwSOoh-1@Vk7=rA@7zk-j+r@jIBbY?yG1wPQ>++!HG|6$RoF~7-;Zv}lo7*`6}
z&PT4GEC_b#?3phAQ+w*d?By;g@kWh!O?P$sstSJZHS-^|sxk2{G
z$FE?2)OWqVUafPr3V+}q5q{ri#1p>4eV@BBnDQq^GX4_LimzZh)K3XJr#@w;9s)nen=b{u0K$jrhg&63!m}&b>kf^#9um2>HL#Xf1n?uupd%b9Kves?@jQroWeLdNq4ut
z_nColWbUWumH+4MYJj7vvh;mP1Dz0{g^10F=5;4J`J-&stQD(3UUx#$iE+)SgV`OC
zjI|g@c%m$TfWY(4v!C_^PA(r_`d?>i!LR{w~x#J_$o2K3H6tH9{%|xc=+jYc=+kW!?(uF
zkKZjHf7%#)e90sJg^d6GWpDOoQ~gHSvLKAlSJ$$%_D}9n@5K2t?+Gz~ZvPV3;HOFg
z?6uY=I4kLOKta-1{_e{tryjZLP`^IpzH6NCx!b_^)Yyabnw4}X^1EM?@h|x^@&iAB
zb~#5HEAW5B`C2BqwJN3!3y%3SUJuuu82MKo;kh;Gc(UrwSh~aWk)9_R(@fA3aBXlyf1zUaMFa
zYn%JCWGgs_e`18gpAF+ATQ^R!J7*JTzX`?|?g^UU8qT*7{=@mP?E_MIYz!C!s~ldm
zk4a=JFp0;XHQNW|g)r7C+6go(sZMDRu#CpXyz^0efc4~)F!y|7dw{s}-{2VdG33i7
z+&F{By^7+!PPjgk@LpVV{sw+eH_abtBQ4H{VLq43^{j-UA4Jpv#mAW^Gb5*HEdTq(
zgURp@vt#h#u`$uaoTJNf{TqmKjwA>30-cXT1Ih6a`T2j~yTgxnN&oi)vDli#*GA7J
z_OHLfFJkh5+z!|IMNFPbve(*v4*g9d-jvr-tYkTDzm8%*>qzJRyK{&)^p&SE-<9q4
z;=J%QVY&_H1RmC5if>#@`%0UPe~Hh@eAsPg7vkV?cXs*w0*~t~Bl$mvXN1XokNQyr
zkGoKg^+SB-5cxM_^!z3R9(QL_cwA5Y{I;R)HSIqoyPVFmz1amALxvS#Twqn`w+cGa
zV1CovBAlST&$DMmtP>aVOUa($D~onm@(nU5{{hN>ALYM|@}n)wY2@i1*;~>9b+Hh?
z{|{839Lj$U&%4AKwuqQ2+_pLM{gQ_#XooR2i;wU^Tjp~2rurye=pejsnv8#QhQ}XI
z5XYi`$C#+|8{=36l#R|ny@)aKA;sl*{tRM@K0_RfTxD`6mJvUGg|6(PX#5H+yP3-F
zrm|gBHkRpvGVxs+amoUmlQ~YQm(|b6o_eSs_oD?moRa_F7O0QL&UubxcW1xo-yn-0
zqejo4Xzq{2Cvz1MYvuseeI?{^(Y3vF&4OpFa^xgno47UoEMSczQnPOy{}LHsW@WJ2*TKS0ld1
z@=FmPVGY7I#0K+5HMif)_QL+Rk69L|k!!cnwG?p;J^}RKdY=v#{DOSO7DN5+GvR`e
zujAl7%!~Oxp?o%(Plxkiz8YPb`zde#>E7%bQ<*ioGIvtGw`4wDnV9bZU76b`ZxiHw
zz*Ob~gfmVs;jwRo7Yr+LZ8zfRzfO;BzcNLKF-}qtV|)yKjeRSO@rQIa+jk0OW)8;~
zo9gF>*1{NUs85VBP9ojTdbrPDkFq(3V+#shfASQ*lQ}IbAPsd#nD$3nLw%>PZ|Cs1
zB6anPL%#aOZNYn0t%mX*BA?-3QGVAc?B6*pm{tvWUc60|cb3v^yzX};g$uf=y(jy6
zv%U3ET=1~Ozx#~s`H-%^j``Ufj%Ng~2><=TKMVis8E~d6h~c{}68PW`e-sxV)M(A@
zqVlWyjQC(NrN2Sxg?&bR&_(I3l%CON#0PUJeFLRm{M?8SLR(r?$n%j)^yP14`#(qS
z>>M5&!cJv8PidPdO|j*mpN4)Lr9VsQYbhP~!+5`y(x0UCI+@-r(ix?%q;#)LpDBF9
zj}rd7oYHe;`fU`afzp>!x>cr=Z}|aAe}K{lK9ltm>3x)bAEob>=`V})-5Zc3jg+b`2^BkYyZi)8y{`XZ6uL+ORG{gLuTdIzQF$o50}Cc2hI
z*M>h8aRjXFg>mKvH_Q!Xk$K^6>Hq0dvCqTtg?`{+ZfIQ#^TRqzZ7Gg7OT;g{ahyFu
z_pgNe1APB*k>-&LFpmtD%XmjuYDxY-HO8DD&z_Crf1k$UbJ8Dtp4s08?3w?A#(v*P
zBOWJWCkTJ-pU^q;t&`Z-d0ZBS4V5?xy_%|V{>xm#Rh#9y3~hOr+R|{6+jkmpRn9?q
zQE*Ud{5WUB9(N2JlF$DqW7p?&jt%FxinU2apa1>5>?W13!SWmyOu>C%UZ{j@PtaCK
zq5lz2l6kRBFB4XL@P#$)gM>l8b%N`lhcM56XtV5#blw-jSN-
zHaBR@_{S$=?YE-#x0j(Gs$03v^RXprmGDjOxk>my_h6i<36Dj5jC)>z>l1aqH^Ogy
zyknjg^=IvAm-(aqx)JXcW$N<%7V?GAAIoC~-`k#Sxc={k^Uq*;747{Gl76!0zeVg*
z+&7?&ES|R%()rt1K8#V^Gv)L71p5*9OF3+COD=p0;p2i&CVcGhnGGKmK1J{;hR;0s
zXz=;D^smEX-@&u4yV=_aA8vDY)vetHZEErx`I%mJ`cV;cwJH$2*5_`Vt(7k4dSs)2
z8kC($DI!iQ#;LTh!T`pnY=L`F-bP@r^B_GR%4+!$)6UBKoTl-K_uk8K<*F8$=dYB@
zC3c-Z#KKhZtP1isVu3u@>C#c|zM#0VS{#2mrF8%8bbl&8bA`*xs13K8;*VnbE=n`|
z@0rP-a(v&EU!K8I=$SE^T`n6mJRe=
z#BlN13+dU<9~F4E;6mniB+{2mW?5QFW{F$ihT<$_XHJ;YPH%N_UXn9Z4E4ot7>`{_
z=FM&^*9AoNDWl}$*nSk->*Mi_$J3|$i8ulMAII0HnDuV_{ePUuf6)rae`l*7F+-j2
zhkqp>Nev&PZXloUqtJhk(O%KP?G@8a^-UkcS43*&!)~FMag$yqU#FLGlYgZAB>W?}
zNgtC>`j|@6$K=P+$K;bfrZVK>eIH*RvzDc|+gQP?s6Y8+rI68vBe>Uossv?wF1Hyr
z`t}e$dmP+{PGX-ujR}4B6mgF9`v#kO^w)z}59(N|31=8RjM(6#EgJh3$J(p?5^I03
zOT!|0%>v^A&cbYQ>?^M?H`&8HUA0_7R`aennzt40g#P3s}50Mv(`$*KyVXQ_4>WTH6
z8Z&>WXERtuK(V0@XINKW)JiP|K6@VdKFmwX{`eBD6P*WReG&{%{H5lDW7{A555~@)
zV&D3gt;NX2i`b~%T>9pl(E%?jqfDFK8Fto
z4y%k2pwRV`2hc77F{<+hj8i|pdk(~r|040e=3eLEykN(OyK?TT1(nX1RjBh1O7T6J
z2+EMN8m@#IVDg>K@{Mjn|Hvd|NiezzjTX~{|^)QfAfd2{0iw`BSywedODQtBAI5%!}Y5J&aeydT*}Wp
ztDIgZVni`Mu44PqLUpx%i2IHkVa#M{nb4od*Uk?~?t2cyOqxP$M^MS
z2VYWg|1gZ@%f26?7&bloqVdDcx`1T(UH*N^*te+P%DzRmc^9o`nfqd8XFJt@^nKC`7y%@-vmad!sr#e*UNHHE?~Pz8C6K*&^)u
zFP7gkQ}ZB)`WWe>iXe}D<9y1K#_@QWXFuh!?G^U8!TBoc@`tf3tRw1#ULe2b7x!SE
zw8-^e()A;IunyRNja~2@#0R^E`0sb#1lfnP#ierOHkr>8=ZKHEeoyo~5z$3J9xS7J
z^$jrQ9Q=&-Cz{We?lJGbVz9o}V)QGU#Q3s9S)=ufLqb>W?9k`8v!N|k=IXYv>dkOo
z*&NsYeRpF0N(Sk`hDf%8X{SoA#hAb1H~&nbb~5G;4Aid)>C5N(p0tPf*#!5g?ui(;
z#u56T@PgrJnYHd~;C+?Bc$&r-oF}5|lYEY6rq8YLJ+6E|4!-BLN{$%%{Nr=f@;6<|
z#jR^!oR8dihA&Vu^oLw>h=B)s5CI2_-vSls!4
z7s^z1Ad_hW(Kfj?8*g)UAkv13Sbry+n_S4BhP2Z#XSf3Pjf)}O6GH#=5)YO0Z3>L#
zao_*0`1l0ItJL?yH0TF8cCh_^+5Y$O{LKBXgeJxC_e7t34SkYKyw14u|NG<5Us%^E
zJhrA$)^fS5ZD>VX-v68sbR*xo0%IUq99)jBM_Y>3H$>W0LT$3VFZ?`Wewo+Glt{kY
zCI0aq&o?}gVSKnkcn5Bt*M`rZFo)yAxHpvjlJ3&nx_9h80dky3R^&L=#Fm7dM3ZOjeHg`nS_~zQ%q@)F(FR6PMx)3IFX298=8gRdD>x)wq9kNS_ds
zetIinzE;LY%xzgtZP~O#-+`OXPE@riZ|{ExUPBmU9xcX9q&2KgNBtKp}vep~zHX1E{yYW2|?
zpcH8ut_i^j)f)Pb?yK(&g~Je^t8mE!vw#=N891^t+I9M>|T
zLrbpx?~3_FZ+|5B-z7ZsVp_{F7$b-g+t@nTKit@fe&np&wgEZGcXVnnhZL`#-!=pK
z#mZjexJGWe`(QQ@9UOQR=;z1ETo|09-ENaeYxoT9l69xNmLcO?H%
zMlPjcSw1LhDU?+QWpMo;<*TA+6+>D$wMboWZ7kCuPdN3j)t9WnvTDBG-O-79uW+hc
z#eG}j{SGfaTcz?{Y+2j-`x`4?x^`&jK(A{>>
zy~W!_%w+DrWVO&UX7G2p4DMOSpVLZtGaxU6JSyoTH`4XtxAhpF$^Z4+LVgc|obImQ
zVA#LFzC%+irCcY3>o%?jie(|nW&m*&l;_|vpLT`Tfw<%U?XmeQ=`_!y|FA^!+7y`A
zzE@_{xp@_J*l=x5u@0Hd$y&z>;FXhL2Qq;Oy~oPl)fE*Ul!F3
zu7EttbiXlva)HUe41+T5RAvr63-QjM>hAjy_&tlt`7zwzL-*If^JbXJ
zx4?a>uFaF-Uc)tLGn|k6mz(-VfqctNeS`eo>rMHt!ZUwjx^@VzeNFQA4`oJu<^@R8
zUpr@-zwMCb)#d*j@*A#^{`6;XEtjqx)$Mm5f$JU7_`IIy;C{n3xPLElRZaO`glju_
zUGiZJ6?D8C(Km|U|D}uXfxq#(h4VLSVQ(({FBdH${>NJ|hFnYw&Pvg&+$S~q`w{+^
z@x1kqq~8y`g<~o|V25(-@I4#8XT!G&-zt3Pz;_OOqn%VPe4~w2A$+5Kl#Bg}pI03B
z-vnzxqt*~!lJoS4hx7Qcf3}Ag?{S`gk-6;IJXu_xC!KV34DCk68j0WFmd$j`UfcQ!ljxo!r@o3IVF(Y_h=>($6Fqjc{!;jf=DH3Z{^>ufEQ
z=NZbAvyJa5hw*$k)xhu8VEwP`mKX$%r6yPpp&Y)Zo}hD2e@`s_peFKv++*B-BR;kR
z_EYfuetf>&;9qQ6JMJ|bR?p{pTKRrg_VD`l=dwYr-<<*X;hL_m=UR@FQ`oo&`*Xh}HTgCf__5BLsVFz(<3h#I!?kC{6zSYt5FP`0M
zR!6ZGTw6uDJ5aNFLx}G`(jL+TzLJCZiYD=uXgRf79;^@YK4pbgiu@p3lcr(pV8p^C
zSNvYmkMHajb%g!Fm5c~CtnZc@-rn@Ksf?Ya@>+0xkXYOW!jzxw7BMp<&i01%e*xF2
zJzc)lI4?K@ApaWr*GKG1wpFyFwrf1QSpNRI&F|mAF&69-DTmnqRn-3jUA@^Ddsm?|
z*jRGF-+x!){ab@U-W=U^qEEU-Jx*;+=kIev>%>U^>CexQ?$Qv`;8;Qif7feTk(VFE
zIFz=LaMsx@kddKq)-a~Y>mEG!!~OUkQeX{}m_(W=CnWX##%DQs9+Zzn_@i0B($g6`
z{_)<1NMGk^;=G-uUT>O@<@><>r+G{&u(#EZ$?8t@U&)5$J-Akhv+7{vtXkM9e8R~7
zO-6q`x+PXVu)a74r6s7Zey!`-Vw@|?_Uf^~
zyKLVaou?*pzaWAy7LDhM>*TUXeVZWvByKOq*Y~#RkZ#qbuh<-)+d7_pzj*W5`1B^u
z8w-~Y>E_MZ#M5(I9(C7FD$wjtEDlw`{=?2H0*y00UbGvQ{`u`J5B9@LZbJJFv;)U?
zGVtu0_G0RXo;Trq$k+g41sD$(^CPYueO|5m42-AU|0d*H$n3?4%=+Pekyi=)pV|-i
ztK--|WRRRqwtQ2L_*F3Ne92VKZT*t#Tab@8)1o0)cbMxNU217?LIKBK+!G7={D9oW
zU|PQWGR_SN_CI~`@b3h9rDwT%%GuYBz{AAdCwdAtr=?Fv>?nz<_ZIm+p`R
z7(XUTHcM^60JAuYmZh*{N}X~_#)%_f&|pQxRmh%m?|uF5d;R)DYpV7~s`KtW_v_qy
z&pqedbI(D$O4MgDyUNkzlO?)+UcP)Zw{WIrS2zm4`wM1je5DP(ZxHwk%opDWpv*m9
z_{Q_|ES!sH8V`4V(D;|m`N?Ym^CJHWR)g?mu5UTo`)6R$=Gop=clAz;Ot=
zNK5_SYq9kk8PryLb5~jG16^rkH@#adBaejX!aOLS#qSjVr3+(`mQJV@^2=Uh_DfO(Z%z=GSE70_TSCJo`9Sr;5ZDziC(GTx%eq3*S$7i8n0)aLRr85#c1
zEi%~S(6lKNX?~phz^Lb2-mCigX2+OkKnwDSFPK!SK)pVoZ63PclPIn8^`L*&UK_?;
zXpxWED}64(zRW{hy%UKC={Qqd#byd_ujdL*$CeM3aq_*0+l(`S8|||`4-iN+)BlE?6+AZ>B$pv!uz=4VI
zmy^3i>EZsorttUY`(8Hl1F`j|4KGKh-v{{_G5}*d*r?y(<~6<4)dReCnbg8!Yo!zy
zp!|+8P)GBA$S>phyjf*$4KU^@%TM9?2hk>inP?vmzoynWSwx?Rfb3BsR-CpG};EnD1IH<2#~a%Mev96AeN(hT`DRl<1t_Vhu@idev9v!
zvF)Osp|I?LH0!TbJN5p--Z_5&@mMVt_pp7O-jQkA#{>IuAE$RXJfs5c$;G@AJTJ>s
zrYA<3w*5#?ii6H=GL4%Vx|PK@$9UPIe{IB>SMnI((&!sgpgEGq>45yR+>Uqy_a9fb
zALD$=pQ8R8{l|^rZ&p&9rgi%Ohi6AAryVda0m!F1mL|lF+PhC&PsqE}6;R$KRrL3b
zb?%U`IXm%@`=8_RXfJEFIH+&fX5<>JEYpcOs#)#c65)&
zIMSZL%=fOKzM#l3?o>(>76&ozKo8KPqc%U#qXoWk&_@~iA;T}dZ*A1?TmJ^_iY?G<|6pP*R$IAbNwG}QqO{RBIWl}NqU*0aUvZo@-o}*=74wtp&
z+0Kaezk8#fe;NE93eE(>*fsg%p$Pq1M#ng48_zS8r+yI;{};}zsS5SK7MiBedApe?
z1A`+Yj6b+XQ3@dMEdSm>GWN8R5=wKwTFhwf*>03Q@(a;l7^V;M^plXDWWQZ4n2NCs
z{K`*AOC{zH@cbUgUwi47vnBiOly<_NQp9f+_^fnDyG~eNK&z>*78|A6g}&C67?a(v
zNW+TqRI2Jrx~TZl;aj`ki3h)FrBdxAid&juS1=~Kah8hB+htw3Ew#>K#ldj2NlC#Vl2=`eT2
zbne#iIdFHOOsLOYGf&T@V}P>c*xWqQqH6h1@ciLU;IYW6i1!$Lf0C?|XRr^_^P(=HE&C2Xl(~
zb9sIp?_Zw%iz+O8u)TTjoJUw*8RTWdcrf+>u6OKzDk-NniFuCsv@V2KIDBd+>XN^!
zibng-?$PP^DNnFQ%zI~#HSO;e%H#|kF|42VJ(08@c*+3^f09&)_*x3EM*)YonCh?N
z>E^ZR)!H@HX>m!U5^3PD1iU<+?-b_V0-(?GkfzH>Ucv1jgH(TZ8T*O6F~Zsj
zi=BsMjXI2xunwa)Xsw5*^B;`jb8&EQR4^kUG#(Z}!pFYi8FI1bL=iDWj~mCV6A
zKpe}@xV}Be`-Z$L>M4Vbf9bqBazsX(71RgJPcBq2=0*mr`~P_{d^{tI!e;dd0r?*hSI+b_oZ;p5fx
z#W?1BVayrShb`(qU~MNC(ec`-4GxXht@x;nHw)%Zf!{*Jxl&HwT+f0wl>xDwWG_)N
zsjfv;evb1O1;)W)CIL)t6qsBNi}kao%c
zLOx@D#fJcXIQ;HN_QC)3E?tK&2AJtRF~>7X@AGYZT-bMM=s_QQM^;W_wWL7(SZB)6
z$G#N%F>E_{tQN*MbgLm&-Y}%U3FA)A-ABj$aA~kQ+1|m%S=%Dp?1eZc8ZUvkcf0I%
zmoJQu-bj47R_q2`;CP>6F%DkQ@nXB!;)Omz`YUyyKPke}}eqMHct|=c+({FBk*sx`fB8*({vvEQb(q;rrEt5cOp>pl?1ggkGJ&^EGVwhQjZ=QY$(
zXRITM*O6@I|19db+>ZAbP)EJ74jZo{#Zdn_jZJ-A4Or35T?!u19Z$
zZFuqibr@uxuT8w$Vdje=mH3@_Zx^~!iQmIAeB0=^s)CH{e7oQ2
z3w1sEro?W_#lJ&-#DDf2INdZi@d*0spA~*6{Dq@J});
z@Lm$}-_zc_cNNED^|t8v$FkvafPXCaC@<&OhWDtywZ#9Ct3Mw92e(GEe>2M`9*Sd4
zJ}E~0eG^a-UpI>HQB5>9ozhswm)T6`kr&!-Z=BYhV_&WkQtEy)Oiy)~ysb!Y(Qotl
zxbK^qH2)XRiT0k+ZOrKSpNoIL9Vx4o1kpdBw%)Wj0(c+&-$=*k{gGh*`W)WnjZ~Gj
z9_|`R+U?Z({}$zyeiepuKZkD>YSfBcg0i_=^btcyrI*@pWV!LZ-Y~YMpEG(}XSc+C
zdup`*+LD-lJDa~_7!7+c3-(}U#2&nf;zU~?7>78Fk0In+^gjBwFnom4KCdjIeES1k
zIzIF>WZV|S$6HbHVTK=k7UB0N41XM*cRbba`^S?agru@b3Z;?}nTM=o<&*4@y=V4W
zq)1lCUfJ1uk3;r6_U72fJ~%ke{`&p?x&OEy_rLGQ`?~MzdcK}N{<%j+p=$4*cfD$_
z;X7VFK41jyb10HCqflgVF)N~$XesP2nCL@f>V0FC2sLJ8$-GseAxHdBQvWi|(hQez
zclG*0GU(?Ud*1T;Wg++=pT@uAvRgW{pGC%aelo9SR6n|ee=nOMAk$~MX9_w=*{@H|
zi+1@o%5)DQ<)Rar-FKm`X;P$60#zHXcmyZ?^3F_^8=0JVQ~vxMxg1$vjJN)`shb=n
zVi_uV5)fR6Q};Ko=G)%N(3(L{wCwh^85CYHrj;ISl#ND*ubmq|pNn~;Vf!7o3slsl
z9j~9x^J_M*6tLd#QjT=?=i@Laax~>}ojNj$MEipHR%%3W%KQ7BGR!`q?{dF#!VR*u6ym@X3!*J5U#_M
z*;*@}dkSc!xR1Tgi@jYj?av_Bg|pn&kj}E)P?wDAQ;hz*T_t|4w2N7f$@kV5A%O1q-axUe@tK+`#x5P_Ko+^f;Ypf{?53cF1}h%7*HIX=hB%&MgB6JKj{0Y5-zw>{bVa;-kP
z>u9r*{@VU?dc8+-Mf{9ZbzXFN^XW0khZ!M(%m39#ln$X)#t+A2@Nva1he>_8(YvXw$H>V7w0vrolF
zVz9Icg$xcPqhS7~cRG3tV$xKHo}~>1a!IqSK#*_
zZb}t>ouAnc*m%Wwm=RhHwqldv5zAHUtvNjS2rBi_me$YH+HU8eW?d@DK1tYPNxy0x
z=)NImTDd;tuEo|#YjD(F?3vZJLff_s$0aG
z9pAPjJ6@>Fxk+uR0o^kPFl-AEkrHe62=?XZ?qiZQJ(~C}V1647c%OpjT@K*tos0uN
z5!!U(nB8(jc@1B#44)ht=WcKuhO;-ejk{8)emQjhB~RW{plo>3Oz+_NERV7NGcK3<
zZbq(N9`r>O0zMbn`n)ILJ_@kn_dPC2h-<*_(;s1nJwVWNm?ByuXN0_uz9_&e9FEWNK+s&T>y)+VSc88aK5c
z-qv2v9Ig&yh?6Y{6&vhI!S4U7P+M8*Xzv;j@&_`A3~dFVpzdE
z#!nU$xJ8B?$<%quwRp0cz5^kg=hAR*D>ATLN1Ap#bB5!TXS~}&PWe<;QL+xv9+2(RbMWUVSx%=)ri#OXf8rhwMzzP2KSUMoS!t)RY5w7rk*
z@1s*h%S~LA^meqMMCzN-Vg3y{@nv$nO}4;$69v&fa_
zv63<2=m{9SDAI(~A0Yqr_CscRcaZl!0wQjL6YsY!=a8}ma%U0b$02Yw+;>YbSKtIY
zb%u`d#-D`3c+;?$HC}{3q6sZlk`67ExcKioajO%=!i<$2MJr3dHN#pG^p>uHS)EVX
z)rYc_H)z?>HQDXX0pO+rT)MX=x(h5bAB1wxowcy}$|$kQWqE)O#F&A|l7u(7tI4}=
z{rRv9uxf);TKkYU}Kvrge<_g+#Oq9q0D358aQwu8faBYtA$
z-;|pP&4cSlez#{9YRvbZ<;%+Xd~5r{jCKlGIsGqRRa4kx0A$@iaj^RAkH9YLewrXl
zGV~(uPW$|lgRrWU=wGbr6zJD0Xj;fa#2(t$_hxVG(9R!E_E(`7X(PbGm9Ep3;8v?5
z)se?;=LbK??~|$fE_%+d_yf53(ailS#HH~XbmiwIM#$*QRC4_xqsMV>FZr7UiEix#
zYS!0B{^m(IIUAcJUkF%X08#tM8V9oTAF@j4?Hwo$jRM*EYj*AYd+9T@>n|h?NG+Pe
z75kF4clE0TqvgE7y$2R0M%k#SV^38Y+>izFgt8l(L}MM?;=a+HOGu3iWnEu
z0^>du9)tK+4l4a@Za|bwxv*bky^Q77t?4&C*Wr6%0C{Kn$P>b`=Y!u4$(uQbd~e6M
zgh9IuMIF*lqwA6^@2z
zbt}(cJ)=PtR_Y%TY1BnnQbra|zXC|e1NM`|%=t#-)kZ2?u!L2PkqYlA_4V(b#{z-pELR#^rCFk6U&hy3fM(XB=<
z(_Rl?ZTsh504?lrD3Vm;Lq=MBN+A}0N+lGo8IeAoO+UPhHR%9P=Kp8m+sq>+nFp|!
zMvOoZZa0!`3u*^`)$6zDh+^Y`Ka_FtU6^4B=A|w};VE96YnL}jjFkM;^?IHh=LOU!
zdXF8#cA=IaEG*um@n|ZvrC?*cVys+5bcJaf>N^f)2Y=@((K%fM&bD-&*HnvQ=yv~*
zgjoD!`g@OLt6})A64K-}717z{vPeOrEfkZz%Vodfu!2WvG!pQF=UK}&KXEZadycCo
zO%fgM{A8b%9)w~W8Coj`_MVzfaQ}DvG4Hr~@;lQ`0>9$Bw;hjfa6EYhOVJdKXA~EF
z|KaoX>!FNryTyfxCw$pnPEMX2ezA5spG2k9RSo<&o|H<-74%e;smUe$%=}LyriebV
z!eJ_C{ZS2O#Sbb5!@j5TAt%QZR%Wjl4$M&tY6WwY@0Y(}_a}JUK09NbcK+Uet*K=1
ziPN{!2hkDy;M?kivBJQ|Zs4(`QbDNg$&f%cpn&yES-y6Iz5*7H_dZxTzI=%zMvg);
zy%@5x#KTp#hbB-#OzsPB9hGIN7Dk`AzacQaCu_9|GND#InO{lKy`?tRFA-0{W|kq5W`LuBU#cDRLs(-DfSz?o@JX-c>R(jQ@4n&+BAAd
zo&Lew2h!s+Sg*lz#}HY?>NoKFP5W6m**&5H@ZMV5vHjzqi9P1^0R~5B=zjiBVppx%
z@HwzvvlN(k)UHeTE~aQ9XXu8IXoa#7Ng5j^d&;M%dSz4t_#fo$*78mIS&h<-SMGF}
z*$}^IJx_9t_DOfm+jNL|3tb`&FqAYL=pxjsrvj5}RZ~o1+Y}bov->QB70S81gT3HVrA)#6K9p_#a%H+3&nI`2c-lozyd7(N>p^
zBqxqx*){_H@JP0dXIm}$=6*7B{|9Sw+T|%b`Y(Rjvt)ej@<=>v!@@wy8A=GqZ;6`0
zJ~b%nTodFu#$_3g;Ig(2k#)C7vz(B2#pZ^Ca~#ZLNJ5&I2l?ottkK66aeHVeA>$$C
zwitAo0$XEwbPam=Ptw?UzFe)1L>+Kc{!Mg#eF1WYXuHGjjMr%;y)+Nm8u@GA>U$0G
zG5ZV;j8m~?!F^|?d&iT0ybLgzWE3d{aha<}&K}E6B(bh1SUvZ!;;^eK
zMZ6X9@Bq+s1O^n{4d5F^*%{ifCh&=G7$@8;aTcT@gnA|Z+|3jGa*V)ADfOuYx
z^6>G9>IV)5*1zL+guy{aybX?cVS3%O@gXO7!qgLo(~9GkVgjhLL3j5L?LLsJ
z0t74gR6#9PtAMQzXpkS5R|sh7)~P3Ln+5syOt5&tq>Kx)stGFVw&
zPXCGInQyAa)MY5Oh55;^$TUtaF5dWuKH4F+*b5zK9ag%XLvCGVR~uIu4UXUH64X0Y
zdBe>Ms6!JISY)fUMW+U09NZ-u{Ct_w{Zq$;=Z6HCI_}Z4boR`wQ7qgg4x*Fx=u|5m
z<`*xUWN865GP_u|y*Ff^z8;oX_i2QWSb2so8rV)V!c0`sSkJw)$T!XmLk|k->@C!`
zs*Vm7$POsgw%$+o^URftym#=2p5Z@MT7sTEgbl&`K@|~dU05e8(GtFoWt1uh#;$G(BXw+kS
zhHEg6SZuqS7?wX))H$F;_RH&^c>ME9cOTO5zK-+iNmw(n8>MQQzQxg7EX_@B2|LYP
zdb;t7MLQv2=nd-DW&+8ok^dve$vxHSWAn%N)8!eW_1%lAGFW-@Zd>4yT?_D-@ZJ6>
z#%u(3gY?h8R*~(`0598@4Zc~?_`rMClse2|})(LyzHNXoInGJNbK-JwWT1cM`3ip=BEr>F*Do8XIUUtc?$b6
z#Gj=px>o9KeGv93Q0WJBowWKH7eUXP(j}`%wBFA>_Y(wsX`N)+n}i~p*JP!ipZ}=?
z2jWeTfovw}Ghv-}QTHn@tmgzi0G4gv>%wkt_Di_;`*cCxMDD8sv>(KCQWNJ6)~lML
z`c&7dQkcKEm=_VaqqNSJe*W(KDR82rfQNnrVd;o3>&J{H#=<0ERlF6j%1k6+DncM@
zEdyF+&Ya#;Y&crv9tW&eKghwb8mI781QLNwn)1H`tQFowfsoJ~j8%(&TQuoprj*R^!?=ZV%ew}XLe;2>5GR7Gq?MAf-W^!N&U^;YmDU)7i3yw
zEn{7k)YAUBaM>2oJ)>2!WO{Zm9W=jh(Pf)DyJps5$O{7Y5C%0w_p&L^umK*L+55OPVS!N_eZSEv9
zcmNGshuEV}_KFg#UeMuqXl{68Z=PjxPnN}OO5K|PKQ1|>So|^ZUS2N57fz-dulo{7)Il{lZET08e1iQD%yS)I(_#pOIO{T%XRg;Ps=dUQQWlZ4Z%So_%5Xx#9
zvwUophhMpcz&2musd8$Vwv>Z_X8(J~avGSn?=BtLsIud-7=w2D_7RaCdMF+ocFHMv
zjfFzf$zD0|ta?%K1Tg*)dcm9@pGr|n@7CY$@x_JD9
zH=a?Jz(&Zorfg%@1gA}B4xh`FU^K_+ZB^&jr?(Lk#x&%&Q9n;iK^o3~+fiTB2>buo
z|8u^^lP=Jn&F;fiK>Vv(7F63$!iDPR5*beoN}#Pa94E`>C8JLk7oF;o7hLpo0g%nR
z_!tvlq4B%jl4;O8XvSpSg$FUaoxEQ45l1b|
z?eTmUHSf(xulCaSzg}?2q#N`Kt41QuTqT~ou#u^PhC+_d94AYC(_y}5GLnjHzx>X9
zpR_PeXe%r}{m^hMknJ4_6QiGqmYZuli4^VGUaEUdWA*pDz@T
zt7hbv#DHjBj~=v^V8f?rp!j900G1=+2lC9iEgt&v?@2vsW-L3hAEv$|vk?2+P_C>E
z0}s4g)fL(B`iBKmrvl`U*ZkfqymoAb;&U~`Uln2gt!A*;Q-*(yoi1gMpn10M6IRHt
zN>iTIsy(LUl#hw@IWk>{mnzV+jf3t^Jet~yzODl?`P~ffY`T6f!uAlz!A4R(#Zbt@
zp-@|Y0*tbmq`-sc*>=xaOP&q~yA_JhBW|bm#diUN*4TWG%X9Eq%@+ZY9-6fxqMnQK
z%l6B?hnS@YPCTQI`q}qPsi}{X3O!^_j+B;r&L#KuoNFz#kmt2-xq^G;={a$7Hyp_+
z3RzNxrudW#7_I+kc4oc@ZRX9%0o3UEF;s{^wt1Ltp%V)CW6kn&i|Vx(S>s!yENg~#
z977q7nc#Y%F=UH@<3+wz`-n+ufeClG&83k0G^~$}exYj-x_e&HVwCu_{q@;P`Ek-s
zQxM4{_LvBN1<^Sr|GWd89lbv&+)5(7mnT>JKruF}h@a(!Gcu&E*>~2gv5v}}_2D}^
zjgB>x0jA|40F}Q;wA41^NiIBt)!mg7lLES!J-?IX*G*eQ{&7a;Zh~<-kJT~a`@f9Y
zNp}RdU(o1YCzc&3t|Vys$&$7wR%>6Sk5bX}DV*wh<7L>-&YX8rb_leD3nj6vY~4b)
zZFH&BXuyRcw}pn16>@&)oKbxPs&NZi+li{*)CVNxON$Oo@7*>|%h#^!+iy5#E9Dx@
z)p{6v`8JOXdx8VG{_&+Ohf&F@A>)?Ue(&?W}AIx
zMeoQh$DGFlQW;j8nZCAwgLBkYYy1#zh2~${u1?5>7XV>;6#@o{_FQ;ac*yweXxiqt
z>t82w(JVP;XMu0oT>Sgc0|*NUmyg3VlLfuf!61m1VD&5`j$xCW$_nFU#v&
zv1ge}F^}hA`vOovYz|thG-`k$ROZ$>c@(YA5q~brA2U4^aKaul0OF39OON)p=qEZA
zCDn5(r8v#5mpXt=OQHb32i!82F){@)^76?|pH@C~04a0=up~g&_>9JbF(Pfp>#JRj
zHyvBO`!-VanHg(bVP~XQB>xVloj0Zl3_y6AEp0!qeZL>%+Gbs$LEyctr!?Sq(fEn@
zA3QkC-7_%W{oc*3t$yO}F11Z0ZPq{#MyxMug&CLm%tzVsL@JMbjwRw)Pru@#suj4F
z!{-LU|6TJ_>RK!Qt~q3vtTdTI>XohyR&UQPLm4EirI*r|p$j}dK^bbc&*27|+q9o4+b3V-bh-mU2K5w96H1$|s
zZty(fAvpO&dVY{t(TOn(?|B&GNcIqT!1I2C4q3~THP
znwn9Q__j^b8Xw^Ijq0>(|3+Tij$29KtC|Mr!0v_sdciaF}h_P0Z2I@o&IsY
zPVQ~3SFOYAyo}UctJ0?Cyo1zf0x*7o*0
z^ujJX-)=Jzr{@}m5Kv!*HikDJeF-0?Qe|#W+x?8NIhxq)QtfvS1EJ@B?@^hVe;}3h
z0vWh(F238i-0f$P@eKreX&kS#1kSjX>ebEdSx~ub%pgBC1o@;=o>v~~@50hnqH2}o
z=wUlJ{bJ!r_0d&)Me)u_nA~=2i;ttuiyqZy2P1a}n+kr&P=7uAEK|G_Jr(poNB0-v
z$C$r(RU1ec!R2c(@J8V4kxFLj80=QhnoPN#P9s@H>GVl2)nHH^==Cno-FO{ppYtlX
zKdIBNY=FtNyBP7UielouLY~mkSK{fTiy^_Eiitcj$y5M3!tilPkcAZCo5Mp6+qp}b
z4YWYsGS9^DH1i2JNaM)u{Ne%N+`j_s#DyE!t@;o2<_u%{7VklYPJTzsdG5ZWM0gQI
z=AhUOTk78Wn0p|iqPQ~E?d+{)`$N(bD7OHn1?7^=JHEVib{8coaWzO4p6<65{v@PP
zIls`l2bi@T{Gih0(OXNFdIT46s89Kg%j8Uy>m-zocZPRdQ_+KDeO&nitd-Rt||Zw{3L$(G}r(JBa4d^g@5
zA4#cD@|Fj;YJ5)waJxraV2?)^AfeSy+-#CDBvox>Xyu*MKP1A7f7yA?iG4PcrTG$|
zI()JHcenW>bM*o@y>r2xdto}YB5%x5J<4ZVc>grw{lWqNxGzQDQ&H}uCM6o@3iBSK
zyxM*Ge^}#(_DiqA$==oE;*(wbOeDoZ-Q}1){lA&x#ebJv4fI?06aNNf1uCv6g?Cpx
z-LVKeg3gb{Bzi4GwjQs(J&GPnO75%X+0Y={iwIc
zp{we2?lmIVhHM^c?ZX)LDcG%a+be@_Xw&e?iQ$^8q~BjlSJ|4|c=v88dme_luO2mx
zQEfx(lMgc?WuEh!M3!~?b|GXoDm&YQtj6VPd6~}(8G~{5PkG>fpjx9|sHAe<5`u!B
zt_);-+{%?H*D1C?YyR-8u?^vZe}=YiN)^Kp5BEoT<&|r{i@ICT
zj$gb8C4#?Eit>)uHBi<^RBip;!Fbn_Ul94xN;GLaI?fpKvm9g}lV%s>IuXM_eA*wkgFX3o*A+6HVgu=~g1y)#
zeDH_#OX-#5mPJ@rn4X>^)h^;LPn_$oJ#US8iP^Zf5R=b%bD4-q^U&!9{_DW=pV+fZ
zk^(-0E?+Yp^I29{&Q%@h2+#t6*Dr6zcK{$8l3|DdYtSVs2(&P8B3YZvNl5{UPhpi!
zB}?{Zkrx)N-tZVv2Ak=-GIUBIOTYQeyuNk(@`l$fi0~LCJfeNkFB>`Q|&
zIur(wqat{D(rywy=INwy-	yyza00hO`yl4kJx{fAgq(LGBfzrR9JXb>FjH^=~fw
z=;Ae)aEe`&bSjvt(N00C3>J$Sczjsrt7=x_bExNhcy0KLcdzWm`%Q2F*6(E@bf+OO
zsT|6^$Ab%LR~5gB_v6^e=V1m}B)un|{UNV1oykSHTBa?4dVK%;dKlS!&`dg<-J{f;
zhfUI)SDb`8;KPjWbzpNsH;;SHk4UcBbk7t?pzs9=ekhiKKGDfx%_g7M~O0N(vKY;hTQq
zEKENV<-d{i&tv9yFE_y6aeX7nEVU8(YBOGa9qded+!64WO(h`qAV&yM(Y*C6(o8l3
z&m2cVt#K@85$!ZS5D8uPbB;-Pn90g0tJmIk!&cRPs%dqEtb$*ge+2{uTV^jmzwYaT
zzV9|ke@?zz3ATM;&tSZY@ganUm66xU7C7$*YLiH&BMoOyad2wHYuvY?9w2|Vj!;92
z#q-^d47Ej<4|cvB;JOJy+Kdz1ks7=UvfOziUODu8A+_gsCfE)dxvkSe9X<{b9hx)G
z{w?FG&u2IAwPG)$Ec!|0M4UzTInQAFAFL<)cHeHu*43W@Ff%?uW1YyAm^NgRpZek)BYN=rhFParr8}!2wMl6{|A8BBdFY~OANyzI1L!mIM
zreSa4LB9>=wdwLMp|q1d(;$fq{DH+RKzrls021NN9)bxbQ9s%t$2waMSOS^OQMboo
znLE(X9dcnr9BIK=k-X@1)mzq65dZlER!~j&Svx`Sqraza@xs~iVB&{9V?2}`?l64;
z%`*dgoAe}P3CPVSTK80M%xS+po>Y_Pq%)A1FJJUI0mg9-gmZ8nQ)JaVk4>+AEVW!#
zbN<%Y#Y!M}@|x?%)URYii8#K+%EL85giC`tXT8GbE;qsFmyBOL-d+EeSESCh{)A=)
zXuqwF8i>p9;E|47NlO7DM>Aq%#4vtEr7!<8YMUQGLRsq9#tf6gabd?$>#pQy+pbeJU(YLA
zIl?6dr(hC}n}T1YW)!8?_+p@2q}QLMT8PDi(JRDvycMpd=CEJ{rTVFHx~jQ@nB$i9
z`c|8lSwhdopdOXcjn~zUCwvf+ML6D`#hn)5PI+^Qk#92*yJu_AhV|>i&+;~Atw!^uei+X
zdSG`zu|Q55*@g~OYOE+}{!X|t``O+#D=byH((H!f30r@v>QYI!jL_F?Gd+J))5+HMEoa%NkxlucYb$9gL
zpPa9ZvDlQQ0Y07|dpgh-;G0!>-;Hwm+I-rb*=@JmwalFd<*=a$Fy(prG>^E
zp->*R4X0ZTDBbV9)=%ll_Sx0w9cp;_(=*`l=+S6c6A^hM1Bb=Sj+pLklow!Wbi~$e
z3Pkr&o#=B4gPZEl!6ovD5S+0DsZak`93<5oZfp6@NYrT>vO$77`A?TEX8~}
z7ENc^t2eu@*qzcT^FhfJ@jl(+g*<&8BgeZC=H8&>w8og3_{0#Oyp2D5Iu>sO4PFQU
z8L0ZZc~iO>aPKrqLo_*^gLODSUytW+p!mO2Idc52iWPrncDzgpkJYC8J+EpUO{Ly9
zuJu8C5N$y{IL4&{h(b2MvMcA3KkE9%8f}%~C64P_|KYriaJhgUbTQN|{TR@~GfXJ8
zfuiel#oKwbWKXwzu*sv8Q~oX}nczZM
zNs{W@wB+`VFYXM_T~?Z4Y$Dn#UGbSGK~&}1lBVHYd5teAu}^$u?E!`E70M7HxCJ#9
zk%u)<;8wwM4!-k~|Gh_WdH)^&eYo=X-KNgnYCQ)RAmz?H@pcUTf-+B^lvVNX6QW$r
z61IzY?F_8E^v&r}REeMWlL_&^Jxc95RvQjXG?_zJbp(yPgw&HZ0Qt}p`dpRy%u+V(
zl>6$_`|XH{us(
z-wRI)GrHYAb`~z@Q0hv0i&txNo+hr_Y&N5RXR(KxW%YBv2=ug&|#Qes5
zHXZV~C|QK(9K!s4@nZ_MUB`!aBpHSb&O|hcznjOE4&f-Z;)PvBU>wS9THi^S{Jv%_wC>Y`)K98zHrapV>78p#N~_F
zcOXv5aHjr-8xRiaI@W>B2d$EW{u)T0i#teEhDsp0JFO{etii#KEH?Ueva?rJZK|O2
zgXnl;HGRE_{oKcB!4=(ZjK6)kcQ0P7PmfUJNl!A8l1*BrtbWg)bSLa6l0hTTn>WHX
zam4>q&(?jjzX`Kgal=Rg3H7#(XfqsS8TXvS6jS8&%1i36zx@tlnAb;4)L=N~ud)PZ
z4=(SNrRBo9on-bantYE0rQ5l@bj-=3&AdLsuA1!^YSo3WW^?7iyv{)Xyk2Ocy$B
zFKYpi1p?Yhsum~jD^*UZ@#g#7xGWwILW8L6M?No`V8vcP72uOd4OeompsuOtkc1mq
zu~|C0$b=EGbsXhy(cr-;(mj8fTL7K?66o%QTfBtcM_}q~fUJ(ry^|7`ut#Cb7Caks
zZviiC@sJlbJ%4_}e2;kB$#f_NryULlM2R<-q~3q&)CULzQoarFNBs75;qB1r7dg|`
zJvu_czNSnnJYRG4jkMcgsl}}={sFGyWo@_@A>ecAs@{*^vh>3fsBQ0uOX$dBT#1sS
zC=`-WhI{gOv3K8n>Ht%#DEH}k6XF=u@(>|W4=HGM`6p&9)>a{FG=eo6K)`OJmf`&r
zB@V|o2KEFCD!{6=f5_mfofAX#vXaId?Q3$!C4YG2Clpy14H*e>#WIjDF
zE_HgS6YG#=rvFetGk35!c4%+C)l#jhpgo1q2kqbY^Ec0dNPZ^%$C?GTgTpeBsC3Nq
z4CXT&qE|D$Hm|(2_M>N8QMUP^W4Lr?tUgCiS+$~z8p0tdyPMM0h4IdRz&GzobstgL
zp37VGUJCTEUWNPf90f`&%)TzIfgQqcWP?G&lD&^V5V#awetWugNzLvs48{UOL{~7_
zysIKNpX@G@2G9fP*2+A2WL7M&4LNgHy^WHtZh~dXB4FuO+bfDyMGEp^eU@@ZRB2T=
zX0jU*AA4M_>_yfQ1{YnNe(L;MMEQ3y(ywTDotQ5XY?oe++WSxRItXiN%78K+XxHB-BFZwpbpGbe)*9z^{yGY
z_@>mw-~sWYNH_A?Sd{RLVB#`^El^pdKt#bfTvM6y_lu^=VWvkt#9OzTgg8Y51TTck
zQ7#6iqNmPxJ}asGHI(=&_h*J4
zOn=Az*AaC@#oIQ?-u)OXzI41w-==)H7ES7hNWn%tO$zpEDWy~9;
zwMZ@0R9qvKSAI1n{&EVb``&g0c*ZpJYAEL|YrV9irR9kt#NFJ7Kd=
zN^g&gusB3@H6M#D*E|UCp>T<1e=6)V@r?4!_V)Lf~i9rP!92
zLHlbBx|o>(+9-jGmF3ftW3qCReCC{|mTc9EAD32s2W9L|VDtFTea7(>hnEf5Z!{)+
z>+f>l@2jKk^kqKBhBRnJK;@F~1yPIXc7I{PDAvUE{%-DcgQwp`XRwHg0Wq+MTkIubDE|MDywK7Q;V<
zNkhB5zP_#x&h+g{vog&M?zWk0GrE4NwLQVyB4j50NP5b2Y4Mi`UEWU5B?2tJY&(&4
zEVE__$l4tg6USlU&PN^9XL+;s2Rc=4=9*#kVuV8LQ{cj>s$oFDTv)bF`)x35@BJdl
z2L7M`h?a^96oWVbW7|VG!GH*4S=OFTs+!tD^<<*Gv-dFFj@U
z;a0@^4e+J8n@6gO#OSKLEU8^BEfdz~+1Y`p&^lSsM1g7$CI7YdL6Z6qh}d<-zM<;H`X8<
z(09EMgsKEeZ}RGKj)vG`roK;?{6)CfIp&Ev&TVnewzgbfMDs0We4Sz!2-Kf7qLq{N1>wwRuWl=UQ
zhcH?veV<3$skTvs8*@_nYYmiFQ&9x{wX2?ghsn!W`2Al5kIi{Ixa!2`#TPTUM-Rlx
z>G?};)-0);u957`M1h4JEhDsYl!tcvz?MoQrhdaX0xjw^Ljr`8EaU7vp!&pYgsWTl^kVv!Zt|mQjI)=$6F_w{x@S0i5@Wu
z9z9bR!YnVjpM4Y0OUq;ly;;RR`$S||4AKbP0Z5HFFhtN4Wa7EkSlM*ezhq+K{jvyRY&v;Nx=w!}l8(YGubJwpMK7lb;|yuWe$)4eJL|If$)E?q$bV4O`-Y(-$m8a?=-Np*o_9t8DD^4T~RQs9EnI
zxmg;C>^hsKuZGJz8)^tf}-(+tk=+fY9J(muT;Gv&XB>6p;h{EV%)lF$7+K&KC&(ZB6)x
z@&-B+SwZX9t|I*b+%#n`c`W0kpxc2>N$G&@g+iL0g*2wD
zvKWW0EH)P9SrQe!{P)%E!`Md&?}WNFl|K9VwiX*%+>F=E!$l-2h)
zon7&wQo8;#Vu0?u{46b^V7ygMsS4ZI(X*0MQvCwyx-*n!M#VDzAIHu|%eHp>E|__U
z90Pi7oSdL&0e#TB4(h+66KdE7Pb4_>2VaFg6A>~JuBi*soV~tyX=J=89<}l10p|0)
zM>khnGAE_ek4&{@Nt4Ee-g)@U0pt4;S6l9%VV<-zEF!GBy(E{B~{a=aXd=fjN^S^R=Pm4`U3pQaRBpJ6vm
z^!^bmTg?+bTt4|Xz4N)e|8FH~bNq%;%C{LL-3*L*Nw+Fj%EdVN
zNAmEGq+7A1z`MR|R;x0qU@8E0Z(B9rSMD!A_Q>Zc8y2^bwptu3w6e(9<#GIgYSLPU
zz~;t{g~b;G=9dgKzQ01c`~aRa8{o>1ue4`=ml+d>s`E>-{Xnkx3$J%h!J>v!$pt&=Rx6BXG>HY@99Dkfn@q5p8>f_IQAC&;JPW9d
zdMWpBB?=Pksuxb2YoXpVS7w*(+2lc`Q_If8Uii0JTYQ$y?Y{KC+uP9A`0`cQ-^_z2
zY1RW6C~l`Y_^3(yq7$E{6|;X^@kWNl(}BO_IeYZeP@H^#a8!nC63awWRK8ewcQQru
zCEpm&+mqHN^#J5?>kpQ1e(60|fp!Z`>W(Ud=%eJB_SX|>DAj54
z!wG@hQMF>)S7JqEl;i0-TPG_#jkCh%`BO40yuu9nHbrEqkR!L&
zepD>RWosW%5+1-G>S-tc*;*rVxR%Qs11K+usE|JN<0G|TYyB7+`1bpM{*8-oBXsJy8N2c|MLQ6zJcNed`~Mr!8kU8f76LG<3*BF5a&)
z)hmw20RFa(>`is&gaJtrdE%|@Gkqyrz%6mM?k-#p((O=xxNSZMYckM#^uW@u{Z)n8Tp2ZMY{f+
zEI709@Y7tN4JLSMKh``Gf(h0`52+EfJ2T;DzM2w1zgjXhkpwZjy>X-6nU27Eu%TQ1
zAX+k9rRJR?-ZN9
z|0&2>GSTAcput;gO8bZViDY!nhiM8y9mzyYc-8IOPx>ZI#hA-jCd)0YTIC*c1O%zd
zI&OVSSYHH2YqVd(DpD@g@(CaRyeu_|5x`nXoBu#r#+=)AH1T+TN8EoCqbUa0;GT<#
z@!s$+v+-{BjbNYs*vlyD8T*V{^OKbAYkSk`gwO_#A@{gLDcFhOrB=rOAN4RyN8~}sL6;=R
z5Js!D?=9?e1+
zso#Pt=k5<+#Pzpeue82EuDCn4yma>ZpFL&>bVmdkQG{O^nB9!
z-lTl83$)FFoSfeVjBFKo4QhY7YL-EZTJ^uQF+MK3e+aLx#r(s3s2})7lt?5ddrF^l
zH#9unN_!mXMPW_Wjcl_Y6ehogSnkfeUW+??EuXG%QCW@-pB=C7W2|i9M%HpLBOg77$=R5NF1z7T=Lo&8^nVR>?-LuJXQ*kZ+2d0F#(VBd;g}{4J`pt#o
z;La;egSMIh*DM_#rKH~cukIF_{favq&OX09PV`1b2`N7xUgZstn~7=R*7cQKZdHD
z2NM`(xl$dOLb~pBH=bW;AqS?m{y)csqsI#~D`AfIz?2VE)B4J%^w
z$dI!Bo)Iu+4>rpydDp%4l=av7F!R2S4#ARuem$#Iwk&F`o}b8vwOMVGZ;vO654tQU
zM%H~UGoi9h2!?#bUIEF`bgrkznkMfhU@3nU?)O2&dI%5t6K7Vje1MXH*Aw!eA`aL{EIW@Eh(ITyK(o
zP!Dpwf4LrPoid$5eA+vcEDK%R`iBrWRxE~fP!3KJ=!=zs=T|8*kvxL&8;sr$z&Cd~
z&lPg>hE5-usb-YCWN6;Tg+t$Fyyu7YMarQNbyt-9=I+D9%0u
z-^&bn5p&e88CDZ#;#bzJKcN+{LH*>i=A0hN#
z{*>ZT?`GHSn8;N;Xsi74tX*-5@0<7t=XfvScl(ZadTCvAaoMA=PK46)nq@zWJm=`K
zs4xot#GZpx2z>|pxAR#zL)QXe$#vQftH%C60E9q$zlTlTd?m%9sEf9Ltn0DUTMeaL
z3t*jp8fk4j<8xjBdlk%CM+U3ZoL?;0GG8^7GSKL
zMerRQmxUvhhaBYprVS!Z^dWyxvApb+I
zO3uUErz&YpU=G|u^wGSA=f}l-x%j=`0gTut9rH&Izb4>e-!UE!<-)i@5BL<99$Uo7
z9wl}WBYz?nV*}5d`KPaBl+QAD6GQ*c;a!&e(>R}HFwZ;1d&)fr&$*I6-T|2JY$-qQ
z&jD|I|ITNP`yR8v!*Z05kdC&TsvM%YXaKKWg1-*h{Zu@wy#5K?r`qg>x6SU<&>kGd
zCB6yjV0r8tmHM1Xa$=eL)(`)JaugqPn;7$1OdnpymUU*a(13%j?`*S|!FTR=nfbs_
zN888B;G565!h0iK_uMGv|82Aby}JW(XtM{P%~DPF^=q>iR4h5QhWN`e(Vx%8i8Wx}
zPoiJgbB>Z~8~lCNaanbkbVW^c7Qo*qr>>-TJZ=d7cEP)57LK=2tQ;Tk8KWM35qqV3
zsTBS9fwA&)6zEv?Q7?l!y)Z{l3H}=WMWpK$;afNFz*w8Z6#4J1gj0{ak_
zNXJRipP6Hv{vX+Yyea3$)dpgVG|clgjIqL-BWHJNKZ$fj)`3|vw0wBAT
zlW%x!yiBa6m#6Fdd@M8G3~R(Ea__=lx(iS#mS3f2!o#@OX1iUYT`C=>$Yb}>Ka*v)u_Fwd|a&Q@`r
ztNpRBI>~+rV|>LP*6Dnjg>~#MU4uI3sj23eZW0
zNgtb1>0`#{pbrN-+I?K$k%QldHqT`_130%T(M6@+p6S+~1G(^^8cNcKay!vSo){bU
zyM+6IYK<3D)P8S;R^5ze9B5afl<05SB>f;Oimk8EE@=T8G4p8Vu~Gx!o)k9zTl*63
z=acx2sb8wp`mz3ysJ|NO?^I2BtSCBz^3@91@E_~`LDa2>x<6Nw_&CJ;ZG*YV2i$Ym
zV){-=iRSOM;eA0-G?Q$l@r+Xxlh+gGK3YI>rbhSW4%q)TTgC%m8`V%}qj-;N1J(@L
zb@$>Jp}qjdyHqj!<*`WD&qQq7j(sSPBy~s#zgOsxWc#OHi~guLjsD2GJ}!cKhDq&H-9mL7RuS6;J=lOJ^+s_(={PRk}-6CM1Ewl_@m3Vw|KS`}?9ecU2s?^t~
zGe+?l?e8x#lKt(G%8_?*d`tAOpz~J+z7>CGe2Is`n1$K$sA&r=!=rbL@SP|ABfv3T
zeG}%L8QQQ}AN#Zx>LYzYn;7t^Q96S?o%Ue2eLeDj9ratZ7sKzcxwcs8rRH9Iqo5`I
zx8`2#yfoeZIbH0ZX1TSmd~fxRS!)XvJiGC-5=%U!zZL&xn7cQ{+_k>^<={WUlK3lW
z@Xvug_hrKUXzcEa)=L0Kq_L=r)>ETy>PNHSH?1Mni~WceD~6sa)-}&@a<74WceZ-0
z=ESB**VUq5TVJ9zF6umPV2tY7>W4M?>hT(+U6LJcnTt5+UgZuXWZTnfTz)Mk!b?bcHC+eByrBvQHDlc~1aK7uFc-+R<
zPZs6jl<9AB85ZfTLiE?MH@ysN@{7zA`|!^%zc!B2UtxVyn)&=9_~W`?Dew=z_~qii
zK*GOdOgup@&yA%)C(&Rg{BC2{kM4iyC%dm9REPaUdRijr>5kw0J?N=$3@v4dF*w(j
z+&|=cCan23&O^?!S^KvldV57EfPJ%lq+x7dJqCS5{ERsv-Rl3=G`C52!8$YL)mI(<
zz-cT+UM6|klt~?IVtG54IsGUrqs)80xEH_bg@pT0iYZSoZr@m;S4(F;lBLfUb-hsc
zkBa>L6;YH|u}>{AYl^4%9
zS7-tF8!s@Q@8{2&`CP`I&oZC$o%B3!^w~wvp-7}7Lvu5ZiM#qzh@zkLWjA
zSRuM67O-e6mcY9VwF$;zMZ8)OWSmQ?`EE|0P
zwg=%mLk7k+3D_<3gZD<$6pR6ItOnP2`G!c>olQdi|5d_0BGDV&Kis70e`U%0hxyX|
z!hHsv{vzP^0^{dx?EmvbpNpfz$bUbo4A_Pm(S{%}
z%sQ)T*a=*dXeKP(mbf1X2~3GdT9fdlFj9k7ohAF}Eb
z>HWQ00RG15Zl*yCOr!ZMCccF4&t@{c!24YOey%xw(BFLIkI+|6yY2w)F|HCFUx6DsL!~=>y<-M&T8Vg*OG>
zHP-@fj+krYF(yAi`kKkc?uS@^hPA%5PgIC~;-td&3H5X2q$B;;?u5H-ivB-Ac5#o+
zu6<%FJG=#b3>(qMa5%j`Xd^4AP}u^!Z#x)d*P{Qum+KIZ*I-=C(!VzDv-TJ2b&UG%
z+~h|8$b$;qX)XZ%a=aV9-+}xC{%+UV#bg_Vv7`FTc%S(%R5d`EEg$1OUAx@}-w(kv
zz=b|P4Kl)VfW16;CTrB%GYsANs#A|W=%o0389=L87JHrS1IQ1jmld|3cqG#Gwumk3
z-G%G5uw&L0U(wNar=pKu*uIzB8R+mXo|JoQrTejEWA5LveNy&K^+83L%>rgK*@#x^VF7O`=38QiyIVva
zBlsI{-(GEz!zlB;4~Q{TkNAa$S`7LirqN{=(8c$>WDM2b6EPHPTfp+I~NQ
zx>fnSBWTv{5`911jdWC85;b7mP`;e2XbrYMj&!~eb;+_gwY8jM@{lGXPa`4aMu-=3O0#!+|@|Cg<-t%Eh0
zF~SW$>Q!q~>^2RWfAikO#|ommeHde7A?Xx7W8#f0^zODT48}I`e7dNYbxQMB4(+qp
z<=%|@oBXnEMHX9Ffn{immW}1xQ_HiVyaLK+VOd{l*(_0pZBN7U;necepd9Tq(v8DZ
z;`^T1nW}%@%6wZuzOKW)EO*FR&G)gd2XvUbwGZlbDD&nG8P(jTtuzoIy>D&20{)i4
zU!*mI3El5FdfycN@6Pn`SGKa+EwT=1sff`W+(|q>8P5!86yurs;M|Py%xT>2q_Ij+UG9
zJeJG;s95HL`q&=ZIpG|{V6ReM2?bETRpz1XdnN20p?+mv4*k~VDnZOCH*Wl!UW@$!
ze9JEEB+y=VzRaJ<4qILinVp&WPUCdO2KKbW{udPcAHX~@a?Ziito(hP_I7N)Dbn>{
zqWx0Qelq%r0^UA0zo(qbJv~8oYfl6FY0p*c=^h5}p=}S$aS!m09^f54z&m%FJLK^Tcg({WVUMK7xzt!jXM<#~bjKucQ|zC1Om4rB
zC4ALqs(%7rT_45xgj~n5+@M%CV&5-Pmg^U=5b*rl$*%%sr+Y+Shk6q3Ss>4tIT;th
zo|~P&&PcVdM-J_KcK-5Qs|zH{zuHaoz=c=k{N
zcz&O)HdV9fXqTb{vgjfs%inNLEwje9VU)%jZ~hTDc`pNzKBB}
zz%lnLj90cvz{u)J^$VCR-zvqwcrrP^`Rbo*W-;wZ8wa?Bv40fWq-3eXHNV7tm28*K3wFTV;Qp^MrLz?F@Hpk^;(5s6H=Hp;11j2$3foYO
zy=uj89*m9Y1OMIsk1wMb}@?-}k}$Jb1ra>d!8CcbjE>lP}jQ
zSMX+x5uE0mBO{frJm`-MXEnfCF&giS=hHeVa@Am8>d4Nqa!h!DpQo!CjE!q`AqGP`69BZG{CBQtpRFlU?{T!Y8((Wrr8c1W`K
zR^8WKuai!iGn|vtysBHbZr!R|Rk!Nay_9E#JoRbjw%zC~Qp{?8C-S2T-`+S2@LUD;
zANEqv&b9z!VX|FLo}a?+cAW*f9>mA5nPB2VIJhltkHC=#IFdnMX7wSQSYHglt{3qP
z^06#_+vyweB>?SW4=U)l68)tIb)S*w8}h6R$F&#c+7imog?yFhgSL4;hP5H-I_ggp
z?{j#+B|yJ*;$E2ehL+2oh(tmA0>w*?`;WZB-^AwL1;5yA6scwZcHk^R$t(8U1;
z=B)YkEVi_sUtjR0v#EnxLt8}FlJg@
z`kA>6Y_Avn`i0H4APGV)A7sz_xFtDXFFr^-4&)x
z^4*a+%fx=InaoS!?@LXwoG_F-2IVquTnG404uLN-pZf!ef&H*4Bj^hR;|nP41Fb3H
zsP^CZ_K*4*b-%lmFS!2?93R~O2hDLk?~8U~+X9|j{d+upttRuIK)0^dV$Ch^cMjyd
zHb^J7T`@O`GvyeEdwtyfZhT94G$z9xquBG!=3S7N3E!FSb#ZsW9uH}onC*y}=w4zf
zptptvoYtnkqgofnMUeP>H}E-@^ZBAT=uZmxY)Y@x1mArj{NrqH-7ku+7a$+74@|%_
zEQ7GW0@$J6J0j1`0B26G2l%h}c>#}oz+bVC$JA3xDKNpp|UdjSdi6pZmax(Jx5xDdiQl?B*C6R#LWGM
zuPtW^Y5ecgW9ibq1m<9z4|^!TeP2k}ILQ~qj!
z%UdzlrlF4#^gorueF3n_BS9s;RHS!R;+&IEyVmk>Kh9PQD)&$2UO~c*K@Vn4s9)Byn
z_bqu>=ouJuRKJf1Kc5c2kBFl+Ed5<$Jiq59dQ~3t5aVvzTJfx*`V-J!C{Fd~?_fMA
z)*Eeo7wBDt@10P6*iVn?=ZDG^Uo72wef^xr?^;3rzX2ZYKmz#wF5Q_wP%C1Xh`m*D
z;3}KryUOiCKijX^T2>h`$(XbV0cr
z?N4yujrHJN(Hi<5OSUULtOj7`8tw`&vWx)2$#;bS6KDiE8&A9nyaf9rIzKw=k1l5T
zaPu60{||W7VdjSficOmWvL4S?3^Ny8a$&p{c`lgcM_&k_6TleT32h%PrYPuKDOhTEOkx%{~plmA0
zR5bBKZ>0JbwHoE=0ZCsB-e*F8%CVSHC%MYr0a@t=S?NBQ3v*93f7>$0yB2=yS@+=v
zNQboMbysdH#`u0~LHAjA#Z`>4!mtf5&s2-I&(w-1zvJ=mC0RYuqU&QqhQ1-$3bf$c
zAJL{r?{mK--`X2nWO>LUd9aZ@baQ#=q5Id;7L?B@^kTQDvUEn%OOQOx2mvAHS^e@OSGTFU~JGO+9u$~_=R~Y
zQ*D_|aTVH~@O`uXZK}{(VnBykSO(vs+^bY>Ec$AY%DoP7Oe(h(eLT#g?^vGSn<9PZ
znbh6|Ch0s%s-vFjz_oR>R7asn?MjjAZ~_hw*`=jP<*Tv0X^D0>UvF
zA^J`N{U3$V_bAjGPk2rdezYH1CY3t?<$gis7~r>RBK8=5-%=RzuaB@F0S-eNv=8Zx
z3xn$bxVSJlr2k<^YX|%dg#TuOxre@2hvC@(cvgquLHbvQ!6^V&4{fLlOMeB@*Gun>
z9)@oFNVHqpb?!sg&TB10F*f
zz@a|yNLYP;!MCGQeUAX{6lpz1c)5PGtv94m`yLL1>p-1?+Se|nKZ56}Qhj&8{EdDn
z!uLD4hJsAn&Dyj{cFDf(wqf9x6Z|+uj(3&NJc_aN@xSxiBIROjHgZ>b7)ev1(Zwk6#4{;gS&7)9m42#@ekWG8LhOyT^pW7(y
z2`9gadvY;85f9>gTG1|B01kcIRZ4$auYAJoEh`-Efx^o1Y>{M@Ul(at@e7|>m
zZh+o5r;{(O%GYUs33+bnt6QnB=D&{mXyiI7hvARq^~n7BhT-@)&c}ydC)53Z{H!D6
zD=O!TvhF)W_H?wjt#A}WAI}`7{A!fnI#GV&5asWN^0y6Bew8l&Mtj3x`6=9gi*`9u
zz8&(1lebj!ms|&yd3xkE<9mPPC*HOHL64V4<2z{}FF5AXdTR4gj~21o23%EtFFSoa
z41S>B2>j
zigsInBHx(Dc47Obl1?@?u!;PoMANqKA0Yd;U7~F$&#^@NNc#6eqCbC^tbd<(-4*Qb
z>*Gfr;p^QQ!ndG*K;rK_gT1gG_ZVZXJ6M)`iBd#o`bD$yIS-1mdy$6k^74PhL|!kO
z7cj`NKDNp3`oM4`X7zZ&`e9?y4D=zIrlGdjsv(oLu{n7?qL{R_%C`cxTDHg%P+@_0|^
z>&c7!8pVB;WVQ4T&k5z$o=LtT2-#Ym>A^$EZFdpRk7}a-m
zhq1o%JpP36LD+L0h-XCylG%y_3R`%uh3~<-537*Z
zbf40il!LRv#s${oeVKHSAca+ds;0nk?QqAUP_p}V%h1GUkCXyP?pDagElQOX*8E=v!eC$
z&gZ|E!^hWmL7I~U&AwFglZBvjI0TKMb^2NZ+ERw(DF)#9+#UmSyD2ocvqg9hJD7i|
z=4nnVv-p@oy|raLXn^0t+g!fy`0cYkoXxOcB^z%$0byCRh@ZHOG-GKuUx
z%s6*Zdr_wUI8b&P`$Y6jQFHx9kN*g*yYYZ8NwVig_)id?%e{ba+~Dzh3I5DWL)~?T
z)}Qv5qO;FSAzG8rhRodS;=bU3<~02s6s(EwVJslNSGefH^L{_4OT>#!Gyl#J0KWa-
zzmfbyy%PudgU#kRQze``5hu6L6F9f)IH4ZIX?@Y-?;xBPUqtzl<3Wfrn}Rq5&UImQ
zp}x>d{+ai@7@dt>Q2t*WnSY}t{v~snoWkGD;n~lftnN~1y)O2u+{ckaYf6}};aiX2
zn(g^!c01?G7~%`SG?xV1^bK$0d;?!ralZVN`108c9T}s!{l0*8Nc=!tvkm-M#rY8+
zel)&-^T4ByY-OuMWr=TF%}I07-=>u*b8ljK8p^_J%Y-bfegSQ{Rv!FhV0T|MJmm5Z
zWvsv(U9L70E|ue|Iyj>J_qIs#CB|wZj8%nAb68kO@LdYj<;_y2Y5F{a{!6d*hhz@*
zB$TP%E~Y4vN|RxR~KEK{kp84=VRhXzj6GWI^prp)Z4#RA3p+if4?kG7hU`M
z2ag|>#!u;2fVfC}Uj#54zi<_s%&UcD&`Dwv)zF6?(h9F=e2;?&mveZ*9f1wjQ9fhV-y1
zz%vT;%{aq&>?Rwm0oUz-CtMecW`49jH(38TaD(Qwx~GP
z*y?2^zB)luvza-X%cWSa$2N*{Po1Vbpb6-;^KbSa+7T_P?c?R}u0Y2U?a=ZE*wi4R;d^5`AYxD;4^9>yt
zy4(Wtt~~^gFbxFLz5&k^rZmGGeBKNBn74)U-hjMh%4?*&^^{i!d0r;oU^YOWg-r+j
ze*uU2cY=8kVCt#d8cK6xnlx5;>?7#wy4u;T@imKE#{zwp+jiSa10MhTWXG1i0d40(
z@knt!n7XU3DAhdGfxdwlo6}ZZgKhhQ&oy{HU8n4}SJ!s5cE08D-%58uC)ammgkqQ~
zZF1aFj1P)91{j_Phj3I8j%317znw4q-Q&r>f#mp$z1_tcejxl!ro@OG(g@_OfM(6c-
zrhcsw&HB4Uw5{7ovc-%mUL3It6NHEHyZ&~v`-1*(rxRC$!4*9U1Y!2
zhW+olQ2U71=KZlb&S^7k#VCh`v<_O
    D@o6C%iu>`%L^E@by(86mz?d!3QLr(jL7
zt)cN>Cu}yGF6Z&snR=fJe~LHSiA|U
z1J5n7jP8en_1YYr@mU3R1Tzx<;!yvo9e)2M;=umkIu7$ih`%b|7wSB|RQkZGI6VIX
zT*>^tqV6)TO;`^4TiBWBRz9=k=kPn`yZ6YBFN
z;`_R$BV#&yC|g-{d@lOR!59~|D|6gSo(RRah?$zFcJg=>dFnCv?JKsaC*b$D|7lY(
z?)jk!HuY=x?IK^$sp+|ny^3}kZPH-w(CSYt=CoiQ+Nmqxrxf!;5-TgNHE{VsW
z-0ksiUnStQ8h&owg=h5oed8X$tJfj$;~g5t*bU*2NBn%gp9gzE?J~mPm|gP|YQG29
zi;H}}s*K}4JKAu*LfhOh-zit!PyM^txyFmwcJS}j&0l0t2)opx00TWS(!N!n_i+5?dLo@)e&;G@B`w&t+0?dVfc0LUpyh$w)N$Jd
zTT7%nt5hC?pvb4e8jZGz=nGklf2SAc!{%7@>92JKeuHUW@E9G6r6iyG$xJQbwuZYWIEOnP<52eNaVRmr$hR0{VYbcVu`uEPv##Npw$gnVWPslz!7uuzP}>Nf
z2J;P@2!g*<*vJS%LX-M{qsZ*+*X
zHb@J81*kOetV^jH_9ew-YnO-h@J4bQ7DvldOgpEi
zKM8bbFz0$<%-}qbhW^2&zWjgIo;5nE>fC)MGsz4|Ac2VZs`H>Fk1-5s)Tn`+Gc%CM
zgET_afPo|gH3%x@=3=x=9=6M-zAn15EWNclnNAXIy}d&T%IY;0>SNJfukBi4DeZOj
zq8BLC$YVJww>)*n59uP0oIPd+%@W{e9p59#apEySBhyFrBYjNld-=
zA&U=rgV<26kLtfw0)DrP{`{w$b{Z4=g3~U;@A_H(AsPS=*&V0CNo9uTs#c;MN1xDl
z-$U$ftReOjGFcHp9{}i|0ONQ2q2JKqpA4(`sARgKEnDdyh^^LEZU?^qT5mp$eWtbN
zc?f+s>DxIw(;8bQz^}D;oqQGGys?eR?s1n`CJ*2?mN^V%)OW~q?LB8`@6H5ex(#L4
zCn(d@&EDWma96nDOh)+ynJKbA2s9_IZxr@F#)`vxV*A^{(Pgcy-qqbWCnb?6;LyzL
zy>=7v!MUSE)9LlA@l6(!WufE56D@?_Q}Anr-^1{$z8&NKIPl=5#%DiYJs0+fOnP2H
z+n+WP9S;2haix7UleGOMe*Znl=wqo%Rys5BzW=0};V#B$?-@bgtmpOyN26W*{uj!(
zBq?9-zKZB(&hxDpCEnP9Qbo7r`
zAf!+5@_7Da#r3is%6Uk)3g0%UAF~{Lqf$sa0A-d7-;Yc7*vE$W3HNtseRXmeP=DDg
z)LRAVKH>XaX!nn5ya8csV|>iT8TR83bZF&&2KE1gmnU(3W2bU~u=4ocE!S!3^En(y
zUuV{-dcqFn9q4y~@EwBhR}JG)g#1EiNAs2AP>w=>KR1+@c53||Gil?`?$GKz1@l%b
zd_M}`KjQ6Jh5F5Wtxz78wNoqK0O?Qi^7jCIR-WDs>EAcNb9bGn&+SkifHJzYEQeAH
z?fY=u8d$$&7S=EN^RsSkwHL2q>2C__c^9;?nD@IL+B9v2^-IY5Bb{CS4k|k8+RXT3A{~7%HPV%L)tC_{@CCygm&DAOr_LkSj>dC>d=72%kS=cy(iK7N<8Z}`7526gAtc7LOY{srbk9*$+m(yy2}4Y2<*gp^Y
zMV0%7c%3NYe%d7JpD_Q?NW0qzo2w|1!de_eX%+U>e}k!3f^}pvyM}0p>yzV}l`>s1
z`A0C<%{`1aZR|nbur!3eZd2hr@@bp1Jlnf
zMOaZMXNu&|Sd>?7J*vWr{bk1v#3iVv#6&si_Eyp!X0HYqfe@z$&n{=sobZY$}Xu=UqosWPOn~!nPAKRv1N|CejN=?S21p;&r)N^#ZAd>dD?RohKfnGW8Q)v!{5q{%
zNB{EGY(C4k;(Si-ZzfAaQvjPfertm9XVCF)h_IM&&Zvp6VuQ
ztCZuUK5_t_g&FDY69yBN{Tgrt->)Nl%s&(DWdKJIH}dHl9LrCo&z#NST`a(hc(st*
zEiNRj4#aWPugs%5^il`4Cd*d}@$?!w%uc@F5Ld3{xPt!W)%+`k{L2&I
z(o8nPrFpab>9YEB)cp*2mX!j}=0LqafB8C{hvTpgZc;LYvXKnn`90|0n>b~Bi&-z(
zX}m;-NdPHiEtxLMH}LUl`6>dsNhfVTlc=lSUPwKjmsT{h2
zZ}dYft_9h@5oZTYckisAN-o(*R0V0cUabVcVw~e
z9Tvs=%=`Y@{x4hs95d?RV!Sx?g?uA_2kHVC9sn55k@_%}5&b2X@-mH3=I$i(**1;#
zb92L4gq-aA_u!~)Eth{mo%h9fAowN=`4Z2c+C1+1y)Irz_Q>2M^7KS=_uA&!_D@n5
zkt?UshTzP;n+@=?^|brT;`n4wiccj1KK&Em$r5PGh(A}v@dx$sOQT<#zO;Dmx%6#t
zZg>Fp(^Fhdf39QPH4kOMDel96;BRhkc4+$@`LQ03uXE@-bqS5JeLcox8f;fQgp5=W
zJB_V$E*Km^pOk@TgQI(HDg_S0C`%4OCc%}0HQY^ra7vhzt^KG4DB`v`k0
zhrJxrNcLC`DcL)h#>%zNT0fc8jo_Q5_AYX}S6s_;o0zOL5AKpEanL<{8ekCD7wAF9
zifMNL_+hS7&96EaxqLjoP{+gH0uHF--=x{Sif;ysc|XO|GrIkVdWa$79%eRfbHkm_
z1xG(=XKlGRvAN7g+b7_4FqSd;{USdPj*j(m`R69|YyFn82=Zi}_b)tevK{r&&g^?)
zN{vsBywM@b3n8ymNWb5r-|&AWmhBbznbf?+WOY8Yg+4<*Iy){I#lo3~Bg{^xqHp-B{kv^gGOuw?oQy#@EaIgLupnliB1YWRsiw+OA=~
z_?(q^=MQ~RrNrP4X)yNx70-j0+Y+A#eO*rfen^kYH}ahR-E;%Nlpc_NgkWV}W#Nw`J=H+Ex;Y#XoQ0XI&n&xzI2^
z5uR-T5A73p{w?U!-hz7%<{n^c<@cvpzKz4*hw#s3@PCuTA8FKrh@eTJV=yP?fjE+(J<92NdN2j%?-
zRQNe;AJp*iLpu@P4(eE3t9#$Nj=m#x$KP*fzio)`N>dxy{>w&xSzWS{O=iD`6#g_g
zdS8&0e+SAtEZK5jxyz6CV1&L?rPcv%O!L0l4Q)22(Ld>fdGY}5PVM|)eb>-fK&vCB
z@_L;fQ+)~_Q21sx0QBhhB*t6d{Ui;_{sA~^a|-TNfR_ms62>>^>^}(Dwm@DbfA?U0%-IBJvxF*Drbr`lSK%-~Mb>0Dhy1^o#zl{txN<
z|DB2L8v;Goj97b@k2G>wKmnh}!aMPPd()Rc_@=M>cR)XK-X;&yq5N=w6uIXV6e)_S
zIM9|cCqT@SKR|4icJj6GVzMHPKA=90wN9XJRe;)p6~p+7botqzwN6;jX0&&CBmnnI
zMnRE`az*&R(%KswHZ^TgzKrALHv(6~{9|2Ws&ZgE`R1Zkznmja4D@V>*vSeir$U`p
zmUp@ub*lF8JFKxity;1lr2091dh-a$1-w2MrdoO?gUQcDgV}BTyK?)$9#RwOrvjUr(eqS+8JHU+DAF}&3v8Zb!bzw
z1@(PHZsOzorBC4XrI7)^PvrA4UfjtqTPHB4!XmDNhiNa8qOlCvL%0SgL)(el}bt-cAyQ27<>AGl+-{iOqKt=T+>7STIp27QoBbic*Y&`%-5t#+XIGk^|l
zjMyZvT|CRtFQ-lN>C!AzSK38m%AMnKfQma1m#{yoPfhuK)z62ThWa45$Bg=rbo{rc
zwx2>B^;Bz(x<_wuSYEze)oVpR63BBnh7lM33+D7f&+^DQ*zb8jgPIDwG*-|XK#LC9
zT=EsP&Gh~N7jS&>->%^cwt1l^2<2QMjCVoICTLrB<2*oG^dOM~zZCov<{|A$<%#M0
z`-0>Ak=wNXp4Yu^VSCaDqmP5bM3C`)1SU!HEQ6K9|ryb?&Y8+c~?uC_0ldhkE
zzk#wBdNz!RI$Q6og}vUhd>GQv{sMhN!QJOnP9qrh5*jwWHL*G+i48Qer`Og}(S<=s^dQalr*wzzY&lu`@
zTJe0!U+jn9XrnH#2+s?8S7p&}sz(psg)}CP%*u|eHp>%u=gGuH`#{@iQ~5R>4U91x
zOh>lr(yUb8R1-n|B}4Ot6I1n%mrCr+H`*0Z{l{CA>xU0rM!Y!{_%2LN;=E=V)=xbP
zKWF;x!_8C|xHy34-Feb?;^+XgNm9&Ss;`XkI@>My>y*phcLd5TC|C4)cVv0J&)ng!
zedG&Y;8c*=NR>%mZ^c+}^w*p(^Z=Y682V3kZfD~i4X`Yu=OEB23mpNVYmQa)Xm<$S
z7c~CyH7eUL}>*&QQ~Wylk4G$zcF0M=o+RUSZjb;17=ZY|-sb);e3
zRY}@TAiw3+>F3q}pH!P*UorpF>)_s3$CXdVvL%FZuI5r2y4Gm#bzI8p#4*RmX|xTf
z2RJTEFt)Ng*m%lbm22n2m~dQcGQIS>%mU+kF!A`#a@j;|HOl?i_)^gWpRVHk@9Nb2
zqh?dOEHq>*qc((i#|+upy|@qYjfK&~o=`Yf@%Ee7_zCKjLisS1Ib>c7-^-#>8vjF-
z{#~8keg*B{t>p2@MvS|6Byl{@jbw2p`i~-wjQ2o4!YI2%ecBCNfBc<#j3ZDN>cTfi
zqSWu9@sN9Ej5CNnhaK0q$&eP^4(VM`4*n10TZtNHv5niZ9pdtoU9>$`R*TP85*>tk
zaBu&unU~+s%h%UqOt+8sK|ZuyM{S?)1{gnp|C@L}R?X`3iLU^D-B^&Im@)fQnr
zKOiMTN1<-yP(aSG;J=RGBmBt7HCr{mld?Z)~eggQ3vw+;E@9lVac
zR*TCi`un4F#%{ZR9*a>u3@{C;c0w26Oep5Keym1~fpMDJhZgcUBy|7RF#mS_?i6HO5D+
z3mvBMz}ff@1HMb1HW|OI)V>IH0orN&mLUt9S2f=v^l_8={udZ`?ScJd#4VWPsPVio
z#_7cK;!^CB_5^10$4D=sAH!<_zG4ACkHPu;1l$=e?vG5$_s~02)T2^)XuRhRKgr*$
zbJ&@68Qz0juPWIcVhw2i0~lQ?jT{Ru2YOPXe#TUtu}1(7iOD!)RNtT5t9%vvb2|R&
z#Qp(1oYwMF+fzmZ;C%{o*hwq5r9%Ej$_x0Ze}}lQMP@7dFhM(J+X#-Y`?tZ-ceuWO
zA@p}0>Qw!snd)AtHfotb<075&CvLMupqy*g{y=($&AB=c>RtXh-sSu}zI7L;|5u?u
zQf>X3`CXqY&@HIjV&^uq2xpkX*|&=Mom1QYGsX<%eO_vOPI~`AJ2K<{BS(W9B6zmg
z;=Bjy{;6$dyn^ePp*s)L->*kkYWU0f5a`1bkN-N4=-=0yV4hF$c|iJ2hIKwl{r)+}
z67`=dehroXu1qbTu?fCGa?PKnl+_q*>@A!J!n3wTrGNe7t_!escBv?en-R9in81?7hd?
zo3l4(pM7WEzWe&+^B;U3kN4;EdcU4ev*!bZMf^SDKSznaYFf;c*=~Ga+iR(2(N|n|G
z=Ju;Rm0^Ain2h*(Q$xrnFUAY@uK|T#fxa4#VW-X6W6#liF7_}J{zCAGa
zVPV+ay6^otb7j*$?B^C(yzK@cn0PK0EtkLVqO1q{^9}sWJV>;m0~rwX?hWSZ{eMIq
zyHQZ(*9$U;wa=KC(Qbgs%_qqU?b-3y5b@iN;!Agz-kYfMp>D~q-KWTAhBR*@w5;!!
z$_Gi6;&bA>0>)p#w7(W;yK~2q%5|8Nub~A5nn3+6N^{Iyt_A0^vy6h&q^l_rxcdW^
zDtQV0J#cqErP%5`psDI)6?V-}7H>dN-xNJG>$|Pd7W}2?zxkgVz&E?aaqGm%guwLD
zD|PfoKfObIx>|sYG(+=(m9T?WNQ-D_U=J@5-W>cm&HjVw-nlZx{3Fam1i4e;C5(9_
z{Bs1V7XQh<*lv-3?r
z3%I|?eQsgm)MUV6WA|KVN_{lTR%qhW7vDzyCsMIYPRnAqOwx|!U|3gVhs+wad`jsj
zKPXmd0?h+E3xRF&1yOQk$^?HQu{B#5w#cpd3hN+UwK`p5q`dA0U9R65q2imus--qb
z(a0ak|1gMJ|EA3Gv23&L6qfgOb^6w`%GU%DKJ$;9n|b{XV?)xcUbo)@fr#e~%|v7C
zMgVqb_J&lueXk37w54m)RXq6>Vn>a)zkPd`vUzwWMjf?hh&p_twRq2Z
zJQ(ei>=tG=%uv#_DW0f|eP9c-R)L{lqYZ+aQH2zm0^63&cC=0Ec3Ko)t
z8e4YSqNy|B;i^t5kK|Xo8V4o1Psp3e%SC{aZIqY2laFD;Fh?G*$C;KueBb5$xgGV={(7^VIi$Pe=b7N6k)q}nK5@f#(^op
zpwdPl!|hvLPL$ggySo`QmW(HQAFEHUIMA^2T(SM>*X!1Q%oc!FsAl6o1$JTwzjq;0
zUz?@(p#)K>R^BUEmJ9Z#2e!8pMoO9pY6wsSiFfziXDydWLDac%E&j+2QDTpMMWo*I~OK4NuW5qR;TMm
z`jxzBTcr0bz(G5Ly)47@BjiyKRJV?GK_H>w5{j(OAnN%WG<`@OT!Z|wepJ{GN-F`S
zKx2W8&lCbwPL4LM;cpW{SmHwtvq?5>KYmz@L|IXU>QZz$MYO%`Qqu0q8qN;eA*O9F
z2n=L8Tky2HEm3+q2@HUOS_?r$WFMM!*3kmZj#q=u@2cpCB-lekMVJ4yXM|r;c&P?%
zv5|wrPWD?E6!%+)Of^wGZuQh-VmrMT-`h62-n83KpRki^L>u=u-+5PF86>l^eqz0;
zJXR)lOa7%hXVtdhuurqggW}T&&u?1cUAq{XY=~kO&)3c(r~d4=YBGHGZ6~L$U*LT_?1D?%XBaiCjUy9gk-|=K~LB8YHGwV?;7d6
z=svv@n2zCZo%T|_VqNebZNH^x{*Hy}I<=1C#e^q&Jma<#4rb}K47=KjaJ>Dd#7|UI
z_R%HZck3`1mLWHbX608aF?Fknszo?*Z7BqHjJ5!-SO
zV<=OjD6b3HwrxIWRD9b&73D)V_Sgm)i)PKNb{kANlpDayPiZ{Sa=py4Rt{C@@8nSUB&%O&B|M2gU?DK{!uI(O*Q
zM=JHVugMm@7b_|jx-_&@Z2a)$E#OVU0n^job|n(p$%AE#ZQafIm{lCgcw;)VSM9K}
z#!37KW}X*<>w?ph)N@F+a!P!DAJ+XPgVkJ!)+$ql92{#h@WY&29VbSfdNnGI|KWbC
zVE?b+5Bc&eg-ZsE_N0(uy^rT#xLBoDf>@KF6WQPslGM?wH5o6Hg=<$IcL=6dxG;k8F2@)uW}(2LrTKh#m9`
zP{gPri|8bc1MG&!FrJ@v(X`p|NqH&2BD>i<23E6DjmP=d^3;!>yo?%t|5C;Lw3!|)
zQ7jTesz2a?V;}gRMBiFa<{wnB7HBgyk`W-
zc6cbV-|^hxOwPZ|4zte+ccuz7H(zKHcl5if0?H}6Z>L8VNX5tS+=<*XhCS*Cs1(D
zMcZQ}q5qz7#y%ibaPI2$Pw3jSSUt``!s9jKT&(Qgpyk`vDc}85qc>7}$0aPS5nH>~
z_FOp}V#>9CI8<(j~Wmm9e=I4*cn$2;()tOMG#BPGn+_$RgUC!lo#{-ag9GK<`O7ZJd5x1=bVjhVL
z5J|1koMa%q;67!6e1I&*W3s9_5jFEe(z)Y?b^?sa|`xx_pfjdnK<(K6%;h+(IV)H$iGPm#-SX7Qoy&c84?vD#oJT}j*#{Z%XlI}1>~O57
zjKZvoU%P4V!Bh(epHiUuWZj~bNwHJVn<8Vp*#OwbQ5g9hO*_+(RaAE??*Si0mDK;8MK=uDdoYUi+L{>a_2ciWTS
zfvie_W8dYVsvH}v$q*Dk9o}dO;DVDa%B!yTXA~9oY1ZJ#tM`tqGhn1E8p_l-d-8G#
zOhUUlf9C0bg|zE3_UXutCE*ToVE080!jBvAUPb2VJ;?Hg5mmWY8=tD@PuH0OSVVsa
zJ9Fb$=ITDgK+WFdVB{*sQ~8M>iMwMsG3zG0BV;Zrgbva^I0CnHw^+SWq6-0p!I-*`
zY`B6yD!l%ew@gUgtPG}RHB&s(o6Xo
zDK8r?K9t|)KeErwUS$1{^SW0Q_J+qpny&pGkX5U95Y`R$i8p_SQIV54a(iWevTEic
z+2ecp880D{<9q=6IFu>oKm`|fdFp*1?hPcdr5#eX`2sk#9BVmXfz?t~KRtHqi)^4U
zmA=mES4=kyfOZ(F;IGoPv|EjTgF)N23{)8M#5s=5+tjjux>D|(3Q}goi)$Bt
zC457N3~>GOx<#K|oZDG*!-C!f^x`RH8tN$oH{9F`hJrh{guiT@@CJ4hB5
z4UL9lSc3ZIg$D6k@df;w^dilwANwAENBy+
zzkhbQ=4B|#;S&nmJdvGtoab(qSc87y^^aTU>U+OT+!6zZg-GTXC~(
zXW6tm{qhiih$ech#`_5u?|oeLsTG8Iuq)j|k}tr@#k|^SO$M7MPC^xsoP!r!_7+h?
zZehw>;QN8*4wa{T6N4xtJi$pMo6~<9_3Z+Ghe!w4QDll!vWu6qyQC&=$CqlwgXkE7
zo#SAdH8NAm+U#N&ewT3g%9BPzAI8H|gi_^^C6WAO|H_l@dS;b?;XBu(NuZ>n%mtJ|
zAXTonhRrgM%s;=avTj)Fgw0Ew%H#qsm>)oCI`ks#s|?R0u@NDjOCrySd1KV%Kqe2j
z`{Wr~dCnW^lc2s|AFLQg$`qa~knBA#9drE@8&WMQ!ysOXm
z^4&wdTH5+UVtq_XU{X2_SLT1ikF&S`Zr<(k77_O#aIR#$pl#XnYtZsv_Z*3C{Q6U6
zWetB;viA46V49x)@`z?@@)1k-M4#qWkaMdPAu}D@xiCtNh0yUj@x+Dk0pyeHwBITU
zH=w#bg;)GoBp2!HpL;^Ex)!0$v0p7fq*vr=R!xArS%j?Q!{(pwZ$AA#!h?w
zY$oyAXf&3NFwgiyS>B`Vd)_Y}Jh;EVzK?~}5YPcy
z5$gQwluJ6%N}=UdqA0f?e_Nrpis&4~I5q+-J6EHC_oDYfp^sQ}<4S_AF0`ZNKt8qf
z8{_CGX;eUY3q81!I5v5LN6R^v`2#H}F+4?0dDY9_I|tXI`4ylR9?9KPMWrXX{zr@J_zDgzf=;^;W`QfZ}O_LSuCY6D_Eea1m{|MzOVz~EvKSq1f
zm>PdWK&|+vK{QZ6>*7j$XS#n94qk}Hu3DLqv%`o#&#=%ycv|nL{OEaqw<)Rbt)crs
z?y(kHcc^N>>;{(mm&2Sv4EvRV0ZNH-`3st^@iTc2B~|;qDx`%r^9^6nn@^NlY+OjL
zJ=egIG%M=8eWG*5CT&GiUB$4JcW%3W3G*e=j2!rd
z{UFT;xA$(^S#2t|+H1E0x0I7peEpu=VO?#1;EK~e$fR20-`)fyoFy0HPnCNF>c3Y;@-*Kx(4V{M?e
zW0`*){hqgw%Vr~1LDE+^0HSi~+?i1^$mB9p8z#6fbnApkn1Jvn#jS|J9`|q5c2QkG
zkYAat-{~l33-W@g*H4JUo}GOVr&Tdnhd<#k>Uyn)?7I8R*+0Sek^+Neem@h`KIqxy
zm+JDW((@DAa$Ha_h%OzRG1mvQK49FeD;Vqi4nyyM8AQ3Bemk`&;+hK99&8{lGO{|j
zy{Z|lU+LQXOBt2)2Qm%dZ!!e5Vy({6x&!djP7dVVNxc12Q~^O|;T~vS>+;K!*Hx9@
z6#qE5VQXT1YfOOV5g2RbrSyzZU(ypIgeqVO>G{#a9{dI;I--&zkxh_pg20{Xb`F%M
zfklkgC9S8-=wdGv-p5!05)iM5ph`URBmDW4eHwE-=tzXwbei|J#q7W38ReBX-zGR2
z=zRwG6Sz(DrWVWRE=XrE=iOW_7C_N1MShEQ&iomp{|JE$1M&~nrlX}3%s1qd^8h9S
z(vGoEwyHRAuhi_lnqes*ilzHW#?L;Q+^iKs#cRBGBN~#y9d;a``l2|L@<-4z9R`8Wm
zRAljO{@i_}4rO%}9Te`WfE`bATsHNly*$p`6NUbxl^o-eKL$z#DUFVq>wskEJBuJx
zo?QcO7o80D9&#m;tJC0P5kh%<_CXDG7=x@?6&f^=P4T4iztNQ}eo64(hw+UgbXA<6
z9(WXc3`hM6_GkPp`N)WM&4yKzV(YJ@*i`&`?z9-wN3XBT8B#8N!R?Th@;qrg~pTvpza2TBx}
zvTF0bnBZ-L@H+R@#)HiZ)`}Qq7Uv(7&%Y=a@F|kU88J_5iuY0AOU=4g}3M#4`%~eRQ
ziZvuE|AvZ3U3UpR19K&6OTDl^rvA()zqY~-GaU$L@$|RMd<-23GE+Eh%0A8@
za+m=n`ZqBdalmjpxYjVCiU$*L%ESRuHI*QRQe#O&UfC?tRxzy>g;vkp2AMxI>-3Gc
z;PJlxnLJ;t_{=M~<Bj@3CeNvML3q}r~45XbEHnww|5g~0)u5=%l*Bu*`;z2y6ZnznMm}UcL_tIgyx8A
zHv2%KFdzJ%PI&h0ps!a7cTpq6v(#9*WN+zn!5`{-m!-|zd4YZ(l!_^vIH_gs=k$IO
z5TnbH#+>F%Zl~mRYn})s9{RrBKkN48e%7Q(Ox^)7&%n2yRsw<^|5KYgtvZbPg}*>J
z^NG-h!tFi_EJSRWe#$On9@zgZG*ZidV|?p#KX#%rE4YR5bIHd;Mj!Xb1@0)8+(9p~
zl-8vlUYfD^d_v(rH2&Q1GuaDz`D@tk9g<+4umd7;#~qP1o%DJL7kRjZwRRZ`y;hXT
z{X4cP$5A*l?0wpC^k{4jrkxLUw^PhWd?2_F76z7`-C@HgQ13;*O|Qp{In?s6p~2oh
zIP2L9(81@kbjE|-mGeA*Q-TCK>8JT`VZt(U!B_CIvxy846&U9`KPg#Ecabpy9If2#
znsG^La0`Yve-oiJl|C{>wm11eS-z^t!Ig*
z+o-`8_+mr`=X;(+2CqiLU#o-GCUC>P6TMavnG#@tm(rgS%D}Zr;
znmWTW*N)R
zHr)#sH0EJkRJsULF*tfmlD*!%$xA(udAnV+-Zw*&W*Nh=$&KlMlMm7eQ10+(?{%YU
z?f%Gkd7t))zJ1z{@8`nJGti}1@EiaX?B&WM%DUdU;?T*QTPbsDSxAN2-j{`+(ArRP3;NuH)xY6F-U@yIgISWFR_l
z?5E6Ng?@&Rpwe^MxhrNI2-N{!%
zdZ2KhXQwT*aBH!ibPB9CV<#xIE-kn%mk@tbKJ*8)1qZ}B(XcN8`QEjVpoK4;*p?dZ
zVvRUdJNS+awr!ja+8QQBvuosDnkOs>yCtXxzE*?FN?|$%;6*bsUvS*@0o}n$(v8FR
z7FF^eD>P%L$rPKCzbTMaYZf7zFu>7b_0If1KM_|6{Gf&qnL1DyM;mj1Pkrq_b(L_^<8KC#z$)>A4InM*iY8M-XU*bY_b4y?p$ywsq~YI
z-hrpyho_65YJ%c8hznm};vY?emu(ahwG}wAqMZc383^mveE%Dy4|#idS1)&{3L{Rc
zHms2nRTieg*Yvu=K@aKhT}oRA&68Tt?*GE`A^f7x^d(VEMe1p#kI2%oZ+E*ZO(u~;
zfB91n7ta`}?f}=jlcx%|0FJ()NVci7H5hc{#%dPGNa5_i2e7(=Mj%v8=p!&Sf+
zxVNF;tx+!qYvYTn{c$pRE?e^C(-c0REqbU{>s&l6>3VAP^&g4-rVEIA0z4917UuFL
z8&ZmytpQjRb_Q;w9Y<{MR3}}P*ct+MWm`TG`kzgB-KMP6V(zZ~kmdW8=_w!E-8317
z?atX=#GSaVtiQy$uC7{+uVOhC<=g`;blqJoDzBbRFwqHge;DPU9=Mlg9ChW%==k$e
zXJK*_9ePAm!jJ_1tT*1dTo+(Q$3+SqNG$8WVczuH}+TE#yCwdy@Y3#9sZ
zWYRy>>{xks4$Vs{mjPdQ+A(%v`KG=*zd}r|LrPQGCW;HSROs78+ix-fnI+HQTYi%B
z;BdY8(nhH&ZG9eS*EILzYIr)62o+_dBKN|yf*@|^OgM+!uWJF($aa<$-iS2clq2Lq
zi;q?2QDxg^^|zpT1?syWL|G^JAWT&C50@`ElI_e)_(eB@?btzX?IpJ2m_6JFug>-o
zzq9r`G7dQP<)esI$=E#~+|vPGF8^K)cmQph)~9tJ{Z*Zd5*$g|%D;AeIbtnQ4{!Q!
z^~G+yedHKK{lbBMgHwJ#`vj{4^!0_y92SlGMcbs?O#@aYzK2}!{V@IQ0GGV0BB7i+
z0*qRX_hE}>xn@l@s3}YQq28&P%%en0abBuJ5tV#xta^KFT3*!#Gn#6q
zuO<$PlpE#O5tiJ#EK#Y-=n$@QmHPV4XKWsRM++rx1<#
zm)G>*7ow%f9QCS-{?z
z7k353Ol$;klsod98+c?h-ni3b482mtb5+L1*1um<5
z+PT-i>|cnF=yI^{YW+==v|PD;KK$(*-noyISRTkfKC`QBP*{uxHXN+F(tA`qGC^LK
zczWbz;(ktyUw685|C@a0TKe}Y`n0%YEfkog(MlGvwy7fuO`1Uoa7AY6|-5
zmXUUCLUgQ@Ipfv-Zf`9T0#~dUF^NXAB}}p{YsZRNtWk5g%^V~p4B6d5j$aqQG*U|a
zMGumtQ|z^rxY2L+^eSa(xXAD-s*&~cvTp^B8`GbAv^-lA%Q158ZW_?4{`uV0zGAWs
zdJCzzTEnK0&$=tL;Klyh7kif>Vt-)a(;5GyxK@NFc7Ue_E`B8qQl)w=>gpu
zTdxg~Bq@nbM-Q_+Wv-%wU-Kif56wob!rctZ8K10GvpSU?5PCZ+7|-3br)6ej_9cwE
zLcF~)j*({OJ=?Sax~Atoie^&5TEeNDHFQdkx}hD#=8TT-N7@x
zr{Yg?n1dOk)*gR?Y6r>09zyv1#nTvdTF|NAm?F;SaPoP`W>1w4kP?a^w$tv1z%U1<
zp~GGtl&OxBS*Nz1byG`hCa?Pfn!Evl79^h@9`Y!{D&O@dflIMNUbKB;peA)tg5lxHGT(eAcy#`*`sA}USG#+c`!pMC
zZ$b_H!@W&9)~37-XQ0v7r~B6{zn(^qQf`L8V}m~Zr?FI`B;C|!F_K2lA9S|rh_3jz
zY9Xot-8AG+WPd93eTql;6n$_-Pk+5-zqyvU;v~A~z3}S!*_2k=U>;O0X7%*i`Qpo2%4?{pe#_)X
zq2pa$Lt9Jw<5;fRvoZ|F3H#RP8T((*TOsa~3`+yHH&`%GZvxQ`EwKIK5cMV_X}rqR&+pGZ>V
z^k~|keJlven!IgLR_mUU0BCRr-a~Hfdg$@EX7V#?TTS1Gxz@}Zxq~h;KI#u&J=@?A
zQTdUJ>(=5`rXo!25Rm_f37u{}M?~~nf&i3qFicFh9tA=uA5By>*+zC0mW^slu
zG|D&)I8Vj>GNl=Y_jBVvooQJTGNw+ACx}Gz9sFZ*CCr0i&-2`g83Ci$tNJluazlM}
zTj?jUfEb^&+3zM^{$`__yJ+5>%3(VAg}q0CM{W?f-q{qc
z2lbpnUh)XEe=v%coQxHpUIoHOYm){QMJ{lQehx_DzqnQ{m1UE32b=d_TJT9@SGH`4
z-7=cVy%#l$H8HWcTR`SsF
zlJ%xS+HazuGKc5IddpQaTRCNefW4QSzKd@?9*egu_!;Uqhg{p|!M)C~PeRPgZ-JYr
z{=*+x>kA%Pd)iR@)7O_YRv+tgo?)c34frYp_$K8BzkeefYysuonO0Ar@JblhlixgQ
z4)f=bl;1e7>MG?Yj|qUzg|2Mc)3S=ONbJZf?1
zV$L5q|_g4J6Oiqff@gOGK|5nYX
zknd3whu`$WJUQECu&=WxzuT^w?H+{q`zD#GDJ(e<3B^TkWh<5pG+i42ocq%W;gHa#4?K}
zEo)s&5Q}vcO7f(?erx`N%sYB@Wn#;G)ZEH2OU2Ich6+G(ZLspPEg3TDc2dIIH$@{W
zU0vtGZoPi@nEWU!H<0@SoPQ=od~XM>dyL7q*&pR>%Z3r#83rQH4&C35J>4p>RP67U
zWMohin^dcmVsJ2KyytWf$a3%sBP&ufEKfO9$T
zi$M*TLyxZAHxJeT)FQ63!Pa@IA+;+AH$^t77RKQ-lrZY&-71dnqcoq=T`4YCk3LwD=K^dwsRR
z{hfGcj^HR|pb)vGzqP9_ZW4ZFc~Q}$-ARdh%z=VLc7uQ7^{&s3uMOr0ldlb4TwLPy
zio#XSbtF-?f!M*s7jp48+{aYqU~PyLD!pEfI9ox^Rj*B@JwPn_!zD8KKTR@V#8s>N$vr)FNa_UE6M9^vj-$G=d@
z=gxALDvktRu`Q{nqP<&IEIynzMjc)e*>_#3D`Y7roEikrXEaKh+Vmk#VjB&Q3?Y)K
zEp_h@dvshcxMnhxp7_-y@&Y=N20!!!ydYkz#OL9AM>!s48%SnDxDSV@){t*+6Be!i
zWSgh2oYcLEP8@xvj-%a?u`cO&xYU1@ORrHczzhYxcDDfjo@A6}-lo>&(cn9FNlj0r
zB!hqUH#ss@u3+dNlg27Kt1}O9Y6j@6KUsc2X6j-C)FXzTU%pmDwjJU)aBnuN#z)?0
zcpp@OgsOVvIuTFMpx_5KmoR$F*+a9ah95XVdFlj*4NoMUy(zvzc0xUkD8%xm6eLwT?)xY_)jgLNb4
zzVUS1UPmG_N)|xxu6!0JSqnHFl$fRnfu3Iw1x_3b@>?sFSSfG4RR8lNKnUQckxkKU
zXC;>B#MCT7Hxcn;E+((U<^DkGqnGbq7z7BGi3%qD70hU7Rr&W(1s+G<4T<}j{OIoU
z_~+)!%MKjapKcUTzLFdrX
zoUV*MsO+?b%hnmKB_VYh$9{P7Tj~BN3Ct{mSa>;Mksrxoe*TZC}@Yz3}&YX(Aw(#3I_c&zdUMIX9N
z(ct->Vf))zQa%0E@3P^4oZd-|8FZaqih#|4n1|L)K2e)*n1-Ycsg%}v(m%)9KXD0F
zSl5D={K%sAFX{<#q~Z##LX#>A*)&LRPi{s6KF@BAY@W}6zr6~FlF+YOO8O@`RPQJ~
z508F44mQ|`uUUJhnRVcL-#c34Qf{YJ?Jt&Y0LcrrXOm07^f3Q7peQc$D#p8Y(ulnAUK4nBjD4lt#rkq1L+RoAQ57$0!)
z|1{^wq1s`+(Rw^9O|+cIdn=L&-w+#<2&vg8mMuXILvzw7r-yQv-cQR3JdTbeP+&>?AEb#46LHqd(Pl=xmU}*
zuE^sj09M$7?%=DUL(bfWz)(~nsPv&bxyJ*X1o=b6D%R+p4259Za
zJF*|Q(N)89JIGrspn^Lf!(KC2N4w$G%9a<{tNUx)@Cth!I@utZ5nA>^&~0y~ykbyc
zu8K2A?OQevd0^lT54Bnw_}n|Ln5aEXe0^!&CNnwq289n;1*p7izT%m`9;BEUJZJ%A
zFW|q+8NDgbN_;L@XYlpyHvwqeT=Z15LW|ns?a}svY2=O%^(f1hnKL(HY~P_JV69{H
zy9aOtVOGaN{027gd=TdE#-E;O)TJU63i1tbl8rxC@XX~x^Rss9ZYVHbw0HU4kMn?O
zX&DQdFZTp=X;_ajL|>$2qIR&KV5cqD6n+x2Y5d-W3aVGLXweml_h;-u0FGW#?@72;!Ue!%zV@H@+KQ~2llNdN;(
zUKgRZ5G!__
z7$A<6HYR&E~dT`9AFRYVw9tr$S=E*
z{&7mzHLquk6us?tR*i$G5aQJQgJ7oehQd2wJyNyx>S
zTe5M^Est@d4@Pe=E!4hYsT`qv*LX#|ag!O2emk;s|yEhG7XKgMiy+s_mg^0%Y0xvRxOAg+<{
zY*L1yQ3}LUV}mNDLv&u&;2pD&4Y`4)V8tCHWkshcoL*c)@
z^hiS7F^EROWiTW)qqq)3=UXe00zLhO*K_tUB3zyAC~;XcLJIn&v{DYCa0@n>)2Om`d)h2N%(
zjHgXrlb~k=)Ut}N(4;0l>cnL0TG3*{7KrZ@+ST@%ON7EgQ8lOl4i0;U;j(?(F#@+z
zQxZS~vZld{&ZB)!@+z~37&3WwAbX|Rj4&PCaBtC%YV4zQw5jmpqVg+q*VLSWMw)Qk
zyIS6XKX0v-Ec~*OBhUB`p7FCQp4!$xyM9_%`d1hDepOUCkg1I&NcwsbU5>YazaBRf
z*R`Bv%*ZltJQ4G&w>sX)Ny-j5B}pvq-6nVuZ5Y688=_RGG7`f3P|)2C^IIqZQi6JD
z&MgFt45zmuR!p-&gE%7Xq}o7|;4VnOR2w-|sJmS^D;=2Ym)S&-Sg1<^Al6*mAkrQv
zY`##TDlxEa`2K;G6&YdJk?JeNAlgGXT8#6*f-7+Nk6zRgpG4|BdYG=bZ>$AX@X-JIukb(z>jhD3HxVm4T{{u_sCh{
z7C|htMq;3O5}{`Y+Z85XiOnjE^3^TO?ty8zkMhgpNS|sqP;RG-D#J;>0
zB2e{t`8)n?IIuF($D8s>FIKzp);dzveESK5ZJ>j)0BU}FaGRZfqVD@*e>#`o1DWgT
zRqe3G@~9S78EPL}TmO2Cm%X$|U8drDU4mimRuRnBqaBouBbi;kflM--oAVv!eX>~T
zvk!wx#1)lJV!g(8(6@m~d`~0(2TJoH2kewp{@foYG5zHHgm+z|N5N8My8ch1=zv(W
zo~U^zAI?ELNl~FmyX&RA$V2(-)7Y^pwRln>cV3X)IJW2Do;T44>W?S(ctjq(A!oRc
z2uQ_zt`%*sqP~SCyHPLUmCDvYD*~9Xg9G|4364}DU
zk#hn^yv<~`zY)YntF$u)zc(4LyOvsqDXcs}!9Nv93%mpc&jN}8Fi^{t9X@D=cLVfX
z6Ds%;+P%Ox(z7q%W1M1Q=_-T{#(g(YhDml1z^HA4
zAECr0F{@?JNzzu-cIFH9$9SBsyA$&s*Km78zJ`*(u;i
zs)>K{uw6qAZsuJdR{2pw`nxUT^56@DscWA*VCfz>-DY~VK&|L;^99K75~u%@^=rsm
zm%jpKZIL(EHKqb!4ugsIqByr{H)Re3lnT6~lrGiUloLb9AT{pAMii?OzXk>Si
z+b1u#PHwW&KLz8#31(Xtb-yr~jhuLQW@Ce1LjoYakTkpSv$Hx`qO#_flG;0ta=#pw
zz*;*&FXZ3Rh7k!@Bm^gov-ST0Z$Oa0!JX#SI=H_kxauz4BM)e0l+O>NEXlFM!V7yr~
zmmA_P=|x9Fqqws-N_dotwpvlnbpn2G5{x`}J{9AxG~&MhXAa!EOrkj~LzxC=w-kVb
zc~}t6Yf|4)Y*U+K6|@Fi*b(5D9}~ZvfoJSNgMAvmzm(W2
zCl%}&#OV{_iC3Vml+$gkg7T*&ycd?(`aO#Gfc&?D+N^+jKbIIUZ^M`%0BN2dr!w
zoLPyjR*)q*EYXko6w+_-^?X>v@z**W2Vl&cgkui7pP$vZ2+v%=^E}D>9K4V6BZZ%Z
zd6p`CeNAFYzjnTdcT(cHJx=yH#qH4gmko1M@85>_XY(^i7`J;&&Pka2iJ{L=rhgKv
zHD$AK`k;JFhd$xG&$_^i+Y`@3jD8FBr2_hm
z<5J1{isyP|_WBL7(+&ThpJ{c*F{N)MK$c|
zI5B_wO7?`H-!mpB(7w;b*SoTy_09!t;(M6y1KTf!I*Zv8>Jrwdy4eo3f}Kz+*?^kM
z?)T?GdkSj=9^2t}vJ?IiHsHti_5DJ>h!Pq%%(WQDgsi#yZdr*BiZ7grGWY_P0dIO2
zAbnx%^2GDOG@g4Z)B6$dc^*91WbilFXfDBAz%vV+3v*~LB*7Tw>gH3ccK+?dwL;Ja
z@kO4*yuB`wAIq-K1>mCjq1k{3$akv5CuE;~4ki%X1b}PN!EGS8X+FHut;LTFo}=2F
zOtl;-(qwU}(av>&1d^?1w|C7p>E>k<&?rL(=P82Y-yT?R^y`|o-iY@%@7LnT
zB$H0^B%K-U_6Fh-qfT-!-G^=R3cE_gvsSKR-)gx(&0NZNW8pCi6Ade@({tn^2JKfh
z1n$7&xziicHnZF)?!fQsAhZY=kXG*Elc)@h5on4kYs9hWCMe<96LciTw%x9rh$w?WE{Ao3if
zlFtqE2)`x~t7nj6!}S(ALvj^tr8{G%R86lGaOwz7r;0IuPU>u}W4p(@|EWgazr%g=Pye0dKh&$cmpPMREe+TtgWM*$o%YC+sSkLLD14SI
z+?NFT@n!PwioqOm@c(!4U*C=k^sR3+|Ceoows^;IFY&&A8`=z+e9xc9x`Q>P0{%O>
zJkJE#o#}6YXRp9#HO~z=&|VFn8u&a5pE~%w2%k#BKzpen(VRkYsxH$xtqa<(Fkqan
zfFAr6?P=v~L;qm$4n8k~HwEzP
z)8SV|_|vc&&taXjxeusLe%bdw!@snDlB
zHpgu@u*dwBXlD$$aqh!mB9ZZL9fOk6KZMWCoBNti1~@JY0ysq*NFe6JVo*bu|_2ETzo=Sq3k^oWla!yQ8U#aGx=J=3tL)v{4C7h
zL-5{T4{`($kE46zNn!bTvd3g;0`1W?uMf!5*#Lh>aDI3dcsFd_#l3-SRFL&IgI^!nS|h&?;8!2IJ`mlebGaefObp7;5oqsyYOn40
z!E4=}mNRH&C6(m#ZwZx_!n@SP%hXJr${TLv9EZZ7hn{}sSD
zhS{uAdHIjBt^$xd^eRe^GUwEVh{6a9=$I{k0Vx8<^91bF)f#bFy-C-`dT
zX!$3R^gGRNwn)18Z|la7zmrJ*qIw-|GVN8pxGtchxo%QNJ4S1(a~;~elld7w?wRX#
z_FYsbeOf~?>55k!W!NFKhf;WngBgh
zs}>d^JvIN!&Naw4qmES_%&w=+YNAc^ns9p|==>kb>mt|(lgXb?llxh8#$#U-F83?Q
zPRv*%siIT?{CJ-blkaK1xWD*bu3=$tC6G)Um
z2qOfHZGj13%d2hLpDMkzI1?rjt^d8F49IQOf^u6_ZZG~&Z|;9>jW$|dV$^`C0{Pe4
zd!Nji$>h=Ad%v%LzAxXLv-dvxvG&?)uf6tq=rIoKJ(ZG7b@7%fuL`J(w_HK{JdE*d
z;OUzQOV>xla;{Pup}YX^2LA4Za(|AJhZCqLjn~u2>rbGuq6;M>|860C_aFQ_9maO%
z>0U@bBMcS~x=Q&~zj)A9%IJRapsSQc0xM_Gq`e5={wk{e$av9J%Fp1th_n&Z4!Uy$
zq{*7Pz7ORNLS0Ew-|vR>7GY@rd{n+q?K`rAnN+r#9kft8kL+MRmC+VD^zghgs=q_k
zmkIRILTY_hveTDOo~QMTq%@dFRt5EBSI|IS2s)wMVgY0OT{z_WE9!URUNKXq@qhhu
zWa^)9B#}GyT7Onc*nNU3Uqw3@tv=ESDqqUx@?`Xj!^VvEKW`2ZU%G&l1Y}YhaFU$?
z7mTfGoWsfV`Lcseo6~W1bE#DqQ6=HSB2D$4&(Hq
z{{uL;(0AB3dN6kQd1$8`<`MgbaXJ0}UMT;ix3H5wUoSv>>HY@#G&aIt0_1J7(DTQ&
zUgo1!3tyT)=Qf&uy_flDjn0SpyM%LGz}rRn-NVoi#K8jStG1u4Tm{7iERXjMxMxy*
zWNd4xMEm&;w-d*;f-s!T>xtv_yvg$sZ)a0oUS{7c;N2+D+BV|70&r-7@|WrT~^2>hITFCg9!`?yrkf1j@4rA~ex1A?
z_OCdhUwptzG5J`phX3fOJH;|F
zD<~MY7UBL5&%WdNkbb2wBEAt#w@S`r)Q>Z4FB+kiEn{Wlqv#RMb4kvTP#$&fSBfa-
zpBpTvvLtVj8V5d~(rI=FjCbfrQ=1<5mZ0wh!74eFagvPkF{H;<)$hnGMSc@~1@DNo
zXM9~_&xq}Re|)<0pVj+(!_FfA*etmSzB9#Nupdt>Eu!)DuFsNX!eG|)UX@d5HaWJA
zgWodAq3co{eo7yKFEl*j*m}S0YvcPcO40$A7$c#<@u7)1Mf4UffWoumA5w_J8YBb|>r;9px}y>i-gO1$FlE9eFz(
zy9@O#4NXPVmphMLKR*gyF2tK)B;H`G7scpRusyXeDqIksr&AoQ^_>9RFBeg_Kye_>
zi(-@GO_v*BT0!Nn=BH(6oVeW4w6V!abwIl^B=o=7w6O}`J4jbL&<^So$Oq^DjymXj
zwvZuv;5SF8f_+l{3)+`!*NXt>wd_1ui6`#Apsq!7zj)W~k8|?eimDfE;J!NzsP6!4
z+9TFR*mKhSJeCjVR_Tp2xv1&>6(xcp!=Z<*30ev9cHT7Ek%pCeqf!`}arOg6vdAg{lK
zyaUcxTq3N4vD`=LSU2-g3jKlccP9|v$EZhR`YPS21ANfZU!C};Vk^uS?z5=R65r<=
zQqqwOTUh*l>8&iayGPG4S3Q_vZ$=b6rU%z#HGtkqTP`U^PakQx()9g
zQ^h<*mCLC2(`UEh`5eYDDx2ySm5Iq_XrqP7arRDErVFK1_H%}p4{XIaVkJIoPe<&s
zkKMZmgajp~90$tMehXqcmHVJ9fXeq=GWE3)OU{RIOoRD+kKZd>w=&&WFPz)&iPX{et)sOssH)Cf!qA9
zgghOW+YV;im}*^FG>S-{>>y_Jw|XgATvXK0e;d8){HWLqZJ*-0g^5ils~MjCAe?^BmX7y-J-s~|0U`phTq%2q_Hab
zJByitytEF|{mY0Bb7Pco?vCZTa0n0}(z&3w0HP#++J>)&Jh<(l@>h#{ig=Lc%{a5g>HkSO~gwLP^h
ztiNY-?D17YI}ZR1eLvC5Be^~$%C>a8?Oi-hr;+M9s^hiDIu2{JFBs1F8aEGoKb}TB
ztti|5>I)W&lgac8%`>oHO9VNG-;aI<`TlrG@xghX6cC^h65h*pGn=g5;w@jIPZiRQ
zYs$If=dEG;sRh7WXXRqKcS%<1q%V=j&axaQSx#TPAfrAa^{FymL4S>`KFvLC?HBBx
zHi^e_L4HvNS_izRf_G
zEXtbsE7&x2e4{k7rj_zhFm^5cbufM%oO647%@!rajJ#d107jh{+kXHj7{OQG?3RoJQef;V&6nfv1RWI2#`
zolIp8@a`#a_?Hw=-+=}69r!V$BqNWer&atV&&XM^*3>kMt_?5
zFe@5I{uX*-pp4VueSAC(zaSGci{p9noJ~gE$OH7oWAdL|@T}g;oKdi2$U!d>4
z7_Z`aDli`yHx_mc!=}>q8yC
zJ%SY60sr~%Z-sw1{67r;iSRGNe>;)dCQ)7>&xgD+t{MF99LWoI!vEm@oK^0rXc3V12^6KJ4WF6EIfV+q_>LkK_F%%C%5uRn?Qc
z%wrM%&aTG2P2_r#Wex1RgOB4K=H!sb=dwq0KOh)(6pf>2fXh^G_F3Lm1AJrMGl||W
zq0Z+6PCov}S{ZpN2O(j7gfGz
z!)xi5B4+pd4(~@Nq|vtbvbIrgTl>uk$RC-Hd0YCma}e^*#j*Nc;q~o>G$)MRzLC9e
zhj%xbjAvX0^*rA-{;5b?M>Vz&b?c(~x?lqvb99^ekUmq-+WZIJrnG^LH@feMklu9v
z){-(fn!p=ncV@>$g14ckBOB!@(OX3uGjH8%}??S#|Z4b&c}1MwNxWoIo*cS5>!
zRd6Pf!VGMi`iy{enu+v@ucwR#)KlqrGl5i^3=#VUtLt4}*R}ODHm$j*H}AGoBF$rU
z722>aFR!b8J;jB9!Qyoo#52gqIb|3n}tqEMFE`eleEkb32C5
zEm_ZSa{mVQ-n9sKV?||-pKmPpnetSzh2J1@vUR^f0x(a
zybk@QFr3%c-Kf@`N96ml?z53~-;aHdvCiamh~LllThE#6*xJ#yVT81$0DE0G!rlyc
ztD|_k6!2E<_bJ}*bC0opm-BwN!+Twfejj@*-0uhI9K93K?+2jYZs1F+fgeZ`&~NtS
zwm!OS{5QKwmw&LH@Bfcc`=@T|
zTa0_h+w=JPe=KY-kfPahbo_e)`4ayg`q@%VHn*%K`&;VB>(n;kD6gm8!}J?Ctq4S(
zAKtR-jHPIQ06eSNnS<>#tLuA382>%EPgR=K{$yzS^T(BZ{7@!Mvj^_u?U#E{pCNX8
zD9bnOVLmGHo8A1I4EzS^(JT|j59m(Z!~EK9_4sJ_`mkG
z^jLc#@^xOZ)Dg>;p@5wkT7kD{Z63hBnx22xhWVp-;BT~Xf#~@k@|%ajzm${7M_d|S
zh4CqG_v2Ht`IyLBrY8dY9<|4rszd)XSw1(tyPMpGbMrW#o3r)Ie;uZyU5~<-=Q#j6_|gK@g9e(`2G*y8Oi0BnsvE{
zMY7Om-dO33<9^~qk{b+io*LzcY4E<1R0NtHmz_E*#(vI)d70~6{+R4!y2cBG<=Qo;
z;e}q}Fu1k`_{*`t6BiJN9=|_Q=vqNSyIFR<}$>^XP{mq4B`6PaS
zR+dlUFPz6u!*2()>DI-4fwhgnu{uKMenS;C~1FYvu9YTMH$%99`Brm#DM)`Xs{HmC4ybMX1EWwyuI
z{&A1y&nNN6`=2`|@dS6WaO6Q{7wA;YzM7hQ>_y(To{@c#KE3akzC*q~S<(Apr
z8m27;kguf+c*k^@}q
ziyL>%X*-DVo4K6w=t>p?L5<_HTqvRRlaP|x1oowayVO_+j0Ss!XUzw9GuzBZ*K+PR(q7WI|a*nMJoA20t9FYln`&kb09A1{9|FK?vfyCTZlNTu09wwQxZzL}S|^YWdK
zV)^a?%kSXjXYukOTE1t%@?Ks(hnL^}D9*=bn6r9HyYqEGmxa-0H|$O8>Nx-ZDB6UE
z_w&BJOtYt}Hkva%>>CSwvqLvJGy~QnmZ$zd9^v>8dHZy^CW109x@XUA+o4<7)&za@
z>_R)u%hXQu1&&u8k5IekzIsGn&&fw{Z;z})h^phKypCs}EXG{NIvRH~zu5o4>+wF)
zKi&|Q^YC)byj=Ms1KW#gc`VOB@}EbB=U*iS?eNIlBTllJ`ptB48B}`>qx(YYt3{(p
zp^P#-W~X$S+T?wgpBsWTjNVrW(#NRlf$RJs)S)%Ji1Dkb?6NLOpAh|pp98$OzL4*K
zPzR&|e~}WxyyZ~AyMNwlFs3ULghKPm-C?_lt9(5hYM7lTA^N_)
zFXesju7KMCsTT(}bw;
zsrh56z8%o!X4!ECdF_xy`{~y7^Azvr%4*)vC^%bqU!9O24}JY3;12c){fWE+G|fqv
z@5T$&{QLvuUIP664^8~~mB6#~pbuj7b0=hn%8?g>UoW|E7{`SEOZ7q)jn!=wYJF+K
zPTxe~d7mV_<;xJx`!a>MS}el(7ORkSAYaHjaExRJPmt2!NwO+B)el6?sEW;;k0@HQpD+tfloc0$|FLqFc~K|P_9q%?GztO~W0
zU7-&0Lg*aSqsA0L+I9!Ek5IV)`Y$0=U(4)F2HZLg-;bjFQ@D;}RY=?V
z$4kSqDN%Bwy;U?Gx339!WLU>th-;|V&oI!XalMsm)?1gI%Rk+**PDy;gzb=@1?xzQ
zD^p0AP9UH62Oh_w3&x?2iH+wo>N`q1o*i!0M+Cz~^cC>$fZHm48Nulb)8Q@gp8X
zW2(lbZYQ;^gV_=_k{miW=lbyNBGsAD&d<3D?#tBJNaw}_bA#_FXFHrE(>uHQgryNU
z*ByC+?|<;!nq-W}%4~RI-5}Ou&yqSDUygm;UpBb@%Q3RbKhXH_
z{t5N_QLdq<{^*&%6!;A`3y}Vl$qB!~SA`3Q@T`Zr{_nbEXKL51c_=%nS|pV+`&anZ
zH_eJ>Svshhzoy#Y(vhkUY%v#W1air(Jpo{XKg>
zrg14^;O~7LA5J_JE8cB?T%hy+P;CFBXxD{n{|LWl@I1uUzJ7qUf2or1e-AM~k5G=T
z8^jl+0f@`(gtRphD_!HK`5I^Ox+7_@_)uh=W@!-lWc!1$?HiN1-WHDGNj`=bA7o=d
zd9?ujPm17|&(nS7mwX)F2P4NJ@^NVGMLM=p*e>^3f~W@t*7(?*;0E
zPCH)XgR$aL4^#i)f!OwggV7|B`VezDZbJMA{A7GexIfz;Ksk!u;Tx-$F+N^9@Pw$x
zC;Uiqz;6)G1(_H>q=d_V9za|M-p?aDh0}!&E&qpm;<(88O+H1m(fxP&Qj>FfykeXF
zid;HIwAmKpe}av^Pmj0Re*B7~bn91kr*jvRp-&fVG#2L0CH(%c9M{9Z^!$gsf1&c&
z>p>dA|0$J!mxtxwB60bIu4Pf{-5N9)<7~K2AL6ncM>(5M!!YVkD<3*OH0tPNlDgJ*
zVrf-r7wWW~uMTjcHRR#
zWcgMWFWB4rzi+*r-Xoy>jm4KO%
z$6AZ$e2NS3c4gPEnHKH#kyUr4W+Kb=7i1#LLzi
zdpC!G7oyMb8^U&u!F(U$dI=})XLi~cD=-!Mbd19Z_k;J5hl067`i%16B)%W?-e5jJ
zQNQ;T9q;XqQ(TYtl?3?=z#`y}t5SXm=ff3+622q$N7!>v{@OPKY-bMc2%-?nFy%GAx_}6SXRpXSZHlELqnddh|uKOK1$cD_lDpk+tP*xk@*j5{24{(lvC6x7>;GeYMn_|8D%
z0ENH(P8mB3AU`1_<~X>oh0d<6l+Ls=ACVgUhcet>JVi%^WHa5@fY$2JUrxT{=mGk0
zi0e{il;OD%+e4gQ-uJz}jQcn0+E(-g7-r
z4=!DH0MBpm8_EDa=s56o2|QLajkyfG_Ye7c%)bxuGP@OHQ2XOd)E|4bE}NeJ;5T>&
z?+@~fNLO(`-3KsC#QT4)574z3_PJenznji|@ummMVa>nC+c>=#@vg*TBPGr%p_bcc
zWz8;wzUf3WtjXmTJ6R5STT3tw70?hG#~u207-I_&TZ*vX8O;9LH;TwzeXulUQdma&7ek&D
z=WsHIuV)eGcY!{Pr0p-KV-<`JYE#1GY1rR~`qhK>D;^cLknaELZn+NnUJf`h5z?4F
znJnJ|X>NGW5wc{{)v6M-3lZpD#410&m+MMt47YN?IlK!)nf|*Z%Zc-dYk|#4_+IK&
z*K6sfJhw6u_&mJ-`x4-t5@GMy|9hMZEuY>9b(C{l$9AF5htW!j4T^>Le1XO#iBE>n9U-23png7gz*EYWcAz<004
zpjqYjGCdRDOd_LxD4qwAUp{yPZFC2hO~}LGk9rm|{m7x{zlY2{g8Y6X*?c5L?52GG
z_c*-`Eo3rsc5ZpKNPBL1{b4TuTgYhdWH?{JzDCDz3#EG&pO?%H=?pIxJq~l|AM2p@
z-~O>q8W%zM?*u%5K4>Iw1=Gm+;6(D)%Mv;Nat28{lu5D<{WINr(N?(x>aK;lcS7CI
zL)~vd-RGh1x1jFxPK+Mo=NxJg
zRQvFYhn^K8?H3Zc{;1;tj{gf@OMglT+avGQlt=y=ctto5l>i@68)zpx10Ce~z&Yq6
z#zAzFija$J1{$zG;i&n4f-?UZk0@|BF+mkvw0S_|BEZ{-e`#I_>WL8k+
zZ9Dqpf9H!~UDMbFjnwb!XA%7F`=t!FLW8WB1*vM;=*M^HvuBlHxzFhs|Sw
zg1$W;1fC!3r92JseT;go&qb|QoX=ITMnzboxIVY>^*IT?`4*%TiKXAe({bNyg!M=y
zwr+tJ>wZG>ejmKQt)VC1*5u_w-h-Mo{|vnUI;uYpHE8|LC^E*Mi%1)xp#6Jid4uXV
zN0D2g%mbSDr{Mj0UTltv&E724wVt|meoG|CXQ4su!$>VTY_CSEmfR&4m7=jGMaQ*!T*GG`fiF(
zmz!S6aBll*1$|BfIM3oOP(sw?p^XsyrJdqTE3@QbG}WRH}v_o
zgX_fo0MF=9e;0rECw*vt64HPNZ0*_pTI;dxe~36QhGm<~&-Atj`Tb`RyPtWCNFTS8
zl2-IC?^8DrhUdkFXK1R{6D8CJ@|>B=Y`6a7i&_z+)k-+n0Uza;?m
z1kesny|;3FgZ8C6eYX&A2i`fp3Fn!(#43mRNTKtwJjt0Vn&(0K%e20+nY2FP^s~_3
zvk~pZ89a_;;_eLJ=iM&5(-rE_h^R)X!$id{3$TLr;vRO^to>*fk37~GJjsWfY
zD#M9;}7Frm!ZW<)-1W<c52pWXAD(`SOeO>0{W+Xjr_npgO!$Ro*yB@Le7okfrNLUu;p-*C
z&iL^W#CJZK_&&`b_re)aapE_so~8)!Mn6vL1Z_NsxdAWWGxGM$T#usN25`W;2o=}4
zz4}Sc?;W+Vv$ROu^e(bOQ{OSN+dq^JO9G80da>`0=$cOM^Jk-`sj5Gt8)gajV>SNC=qUSJfqY=n#y`=)dt3zl`@rNx
zeZZ%xsNURYgnz(%-iF
zN>DzQlXK_;?mFm>b_eJs*Il*vW!#ssYMqSU%
zfgNzxM!9kVy>pxo=Wb^d{m2PYnBQS@P63!>oOq)RAH1xe3S9HuHw9_rqagvJX^V#YHy5BwVTEZ^V38Des%O0
z({azMEr?kP-U;LTHP}O4=npNP$@C16
zXMj1v@gcq62Yb-d>iy?zw#UR#y`!+7*-VlhC?MG(sOKe=t5ZLPP)~+nrv4DE@H-p+
zolq_l^22=6h2pP!D$it+RfnDMFNn2@73wL2da8shMb{w7O^Iel(^BLWsuUUW2J$N#$-U->rhm4o~6&ZaaJ_QMX!mvt?r{;244
zKYEHjgR<#e)J^n`iuv8Sjq7)!tUjIT0tQZyq?Z1&`mBC;RDru#966Lh2`(?a2S;92
zMqV|}ET?Gd)@$o7^QwI4fOR|XV)}4if!!x2)3tS>81Ksu@q5sWyD$bj^9#LMLoX2D
zsxUSw_qm#bxL_<*e7Y<%5h~3xticDleSgQDu*U&li6|*vk`&rO&cD*k^(*Q5ipu7g
ze{l4{yb{J{;JON7dCrH$n06g-T`*1q{5FTQ`f7~;lXBqwz3}UXUo5kdp9KV?tKU3f
z|55)o7~TK4aR0M;|0V2y9P7Ui`hO7mAJp_e_*eITM!){=Ew*}r_ToBy
zhwDV1n8nwr#($H@*XY4nY>mn!tOq^^_ez&sgzG4gWVIZ(N~K9$cj*}5{ksOK)Zikv
z)V)#!zxVJgl(VooLwr-`uW#;}CDdDl^C^!7MbBL3Aceo@-hS|p)-xGPzO>a?Rz4?W57rQ#Tf
z^by9i5M0tcs{gZ>I5HsbG@Ne*gN~&cMTcN8@aIH$7U%K1e+l(^h33S0vuU2efqrdJ
zb|kn6y>mq#Txe#`IBsm0^D*82nX--f50-7rf3W-s>L~b^$hMmy{kA@PE2Lv0@Ouu*
z7p97)c?nVSI5j_2Togq|Gy2iGhi9S<`~cqzLw`SUW;jmDK>jg$^84feJ~-RT^h}NA
zl(rzOtydRt`wuAJ4)~_pVj{k&_Q6`Y$xLdK5UKlhH`ndk4s~Qwy(cMv`^*l!A2(#s
zeMV1Yde<%Cnjw`YJi9YHDT&ex^lj3<>*vruw=11=r;PC#2wCnMw*2kix%^E?mm~dS
zp{-3uP`$rL`{3}HOv*bz2gecl=}dW@lpBL45oh?Z9m)|SugG1
zNM3K}^l<-1M$IerEwh{H5Tr3r1Y{}Kv*k?{>u#fKdj0k*WeSVtvxjT>b
z`Bn|hHlttgD1OeZ%aRnTA63;t$cKkAu2z+fCEiZkI9c&P9*db%6^IkJ;cv(Z?XfuK
zTiaS@dSw~j3wFQOM#$z6##FNIW^to`g0>o{-_3mvR6~EL-=}4=@)5ux8aC8ky`MeQ
z0QOIL2#-a+j&#(~RdD@u3m)0wUn0rlseXe(b=`y@q#c%Irl+*Xw8X8AyxZnc5NWATA&B;k~`A9(WHj8v$#djetxP3*N1x
zK34{rPHj(@FJd;>8Dw#ADE_*@Ixv6j`);90N3w23TMgK~r~lWWt$dYC#wy0h{m
z8EU-eN^ANGHei@K^7iw@5ES|1-e
zqMyzD;GlkZxID>azH~gjm1mNu&z8c7`Z{h${bZ=GA+o+WT3;deM-(m}yq(pjt>c;7
zaqU?w3bDZVdip)#{n3_dxE*b1p{@MLwgfB-^g)&H9@@n5W=9xab|&cb{jh5g-V?7tyT^@*gFql7FdUxNDg
zM)qHX{vRhg>ML3Gz4UH_DMHrLXc@jfW6bq$8Qi`CeXt@7uL3{H#^vtkOR77E$yK#u
z>d3)B}zFetQ(ZZTfj@QoftxP*^|enH-$g>|9;GjBpRv1LfX@
zcdag!Cx^j3j$~U>8)OCh`7X(GM##T%sE(LL*egSx;xsh7mDC0)!lolL2iF1AQ3iEb
z``3|}6C2(G?H}#g!@HkA|7lLNr+=!@3BN%-^%rx!l}LqBIhh-pNK6^{tF1qC_au6E
zCZS!L@h$r~IAd*nh}(Z;<2YDcb-atugmV~`Z6Zy>@_SkNjl8@S%KsS3FQEP(r#pVA
z`dY>~qO|_EY57&WJc07xh4L=4**}nWicC{cdhRE+HVP__sQE|-lI+Yd{E9+wM7*c6_3dTFseeLc|T>g_8
zK7X_M$aeV0nyKE#M1U>M$x5JSh1|}wArs}PqeHALv&GZG9q(SyPCnYdCGzV|^b_+`
zrPH*L-RmLl_0axTy>ycPHoe5^wNhD8BF8zjG26m@;&o4jJ&1qP%)h}qKmYY6<$mC`
z{#vr{kcQfMGt9*sIWzz6m0Lf$>O#o!?}Eicq{8`t4O{X}E12=f`PhRd9~4RHhYLM;^E
zU~QWw0)LeT>rBPF@0D=*?`=qDQ0H??guU<%p03uR{kD;RTYVeiEU_`14S&0Ue@pvD
z_qlMMmF6v=I16;U1#$NL^~y6ka_nRDT@%ZG<%93=`M*_T54vqxU9-Du``u~a7Uj}8G`S}n10{2ik0qJCTWAYDn7Z9f9C+y5-qSBUr9eJT;t%hLa
z+2N9z`s?V3K5Lvcvpp=D{=%8Tq}IFtI_?kQ7@4u=Cyvk0cJtu=rCm^C*W;
zzWKiwKL2?wHhfN*UQ7SFcS;B4o1<)lf+nux$m@A<81VS@xB32O8Xi1i^1r6o@EOT%
z%O`Uf8BBj0jFJa{(T}e&|IHGG6@v%Ri6ZS;;u#6X#lIOx;W2o8$8U3ZR7(TP@1y+-
z7f7+kKb*Pu#u(SbeD0aNAZq@n3^M;yBIp1AUK@J;3)T6b@?V($DFe;_;5MoNpH}Vo
z3CW`LcH%YUYm-`D_=e3ZK1a{%iOFnU@f+VYq|d{%r;p>~-9C9Z^UM5mmrw3LzGUu0
z`U7t3pFdgkA$_4(PvaAuu%|t_>A9uchmR5R(J%Kc{O;GiXHJ_H_`g5%yRz;{Ob@`P
z@$cO+iOW$S9eo=*c>2jnT*m@nNT7U04WIu>cs7fUe-r7y-x}-wV^VDUV(iO!-e%dP
zu>Lgm#l+KR^L}Gr3^3j|d0#Rn4d1@IXJUAN!#2O>FzuMgVCsRif8oBEPECxoyQT6k
z&G+&iCSPraKKi&0-oB`B`t5%c`}+q^A=3G#J4~hU+ojftYYOAS-^}ZkdH>KK<pO?x$eSB=}Z(DUnFj-VV-hT_}DgPm|IP6dyAL(q<$&jYdpF(xZyDUb
zzj{xIZQ**Ch!jw5^rqsvpzn%;@hG(LDd*#8yoJgB@czV~bjdyeeI@OAjmy_Z^^N=e
zd-?tME#Yxj@^R0Oh)}UH$IPnR}
zp)bB0vFYEl+y`I&gh={VE^Ia<{Tt7H$r&NPTwrlpkS5LO)33Zxypq$x0AKg#(!#Xx
zD_;NEv`AVg@UpL_aasuU7Hx4mAkWP8LVf(3@kF{p@ARPnXh4_0zw3E@+j$!z_iZ(s
zY;KXs{+5G)=VpGMb@MWDyo?jdEZ}7(@G`U0@P6}r1RlGEDEsF$cK(XxKUbx*ukn6e
z8n5~$I#1Wv_xL!^j%RCB20TMQ#?anjEW>>4p6v6-Hx_=;AKxO*b3HR2&*V1_spaDa
zC||_O*NtcJL>M3BeJUTX+Vo$d_RfjWuh02V^N-Tk^6THjKw{#W11e)#R10e){K88A3w%9g+5altc0;AlO~z^2o@JE
zNEQ_(Su9cX90p0EU&)#Y^gOOaLH$P;wSC))@!2RWFkY%T&n>I)z}Tt%VUpbklV>oCZ-qx6|%6T^de2q}&%&Y!V>i?U!
zl>u$}p&j(Ipw_9*9|4^0*%NCHnN09oypE2Wu#S>`b%?Z%xre*<#2WJjT1PFftJJSsj0BBy8_e#}DZ{$D2z!ghDBan2NlQ6DR44WAQ9RsR(so(YJ-sc-HO)c<$l6
zy_45>L&&z=5K1L_pLaN$-r4p-TCbY6WTvdeUFxSo<17CdA487;bu|lN40A(Mqx^Tg
zE@bEaM#!G_J7L$f_k?82AB7ikKM{82UKUp6UKL7nuL~D)p^T*Kk{s_Qm`cl2O!N1_
zI{uFY)BO8Wn&v+R&+jKR%`Z+7oZo}zV+n$DUW&i;yYT$`1b=B!N>k~R@O(C*snn5D
zRk|IX&m>fp+EbL$ZSeem5|q-VDIblAA8LmEXdkQzo$-|YD9~Izjh*^Yv32{hfFNx#
zMfxk{{u6$ZjsC4^3?+oyX${=gakw2z!M%MN(B>SDf1ed60=_Kg^Xr5BLb63_C!0eP
zdHis^Q%E-26#pi#(g{5HQS^5UI48qgr$OCkRQ>N1yqh82T3U<#4o_MKnG64KaLs3PW{87J`V0VCt*K0Fe*ddE>_`l=nX6S(U)Z%sgzH{T0?u9
zZLqfBIi&43#&#7ko2IH*n^F#jZ-AGSxH81-6uK3Q=n2z3x5wy8S#4{hQ5|0t9<
zOfdruZfgf#ZW-_6o>5FbAA~ju@gF9_8j}`|DlGCiEFK;e38NgI?ilsg!Kjb^k76)7
z$nCUmqOjWE_FF;jgU?7~J%thaH%cIQR=zzb-&jri3G_c=y%>NOX*n#({wpRLCwVmR
z2SBrd|NKQ;BH0adPyyqt2q8Wt0vsbFgp1o?8KX?q=9?_rsn`
zC1r(ES@j@4u*{at>%v7top>pgBZ%{fGo-u0&yOC{w8L8H9>ZfpEj`
zzy6_u_G;EA!~1Uov~f%u|4WU32I-46_H^d}ewjq1d-@J;Gf*&+#o*XSesH)4@aibZ
z4W0uSWTHMW-79lpugul#mAN6b`NF;O16BVmnZ+5??v))p4fo19eD67xjB%9+UCT#f
z?3JszFPlJec(1&TkEI#X#zpNfK2jgJA*91TW{=v((qSL7_w8f1Qn}qFx&~DLkaDuR
zHduN!PtQyqXl-1I+E?GFYvYLO|0s#or|y>*QO{mOZ@c+f`XrR=0)XamG41k@{veIf;Ph)FxRb=^;V3i|KAzCytm-upDTJ%{7=r3BcY
zH1fN3BUUTZpO#C<7#-Bs5a?SQ(6_)Caj|?8t$%-80nly%coo!99cA_LJ=UjqfQECN
zdI@nV32+HvCs1EuO>G9^{X_sb3PuaStqS^yd*a*>&`H=UDneF)?G-834kZofD~_GF
z-v+d`?H_Jbp27C8E!;1V#)bEWTpFtp_l6rBriKLElLy}mB%!~2zCC_m`EMMRe|}Ls
zQv9-5l}#jzO}5!2k3Re3vgJ@*8H_pKf&5!Dh54T-%saTx=f-#z=l2$XJARi1-(|tM
z9MAdGZ&#d|`g2Qy{Y)Pv&(y;ic?Yj^`cCKl)mXAr6)Y3)HFWb
zX&!HLrjM_360r%+{&oiuWe0w%mc{tI1m;ki_P2hI_gN1T`4jbCiV&CO4dQYVk_S9>
zo-;LHvKjJ;4P_e(fL=|{lWhx$d|Bus^Dy47*d@)&C*IDy_zat4oEPx4P`Xvf02nL^
zq#8}O>8Xkhc%BPk{`WDOzBR$&G>xd?K6-#QV54Bu;atIY-My7xk1;5=>CiuA
zoNOCI3T6Bb^?sxg)1A^xBKwnGrv6``zX8*TTb%-}&lS-1jmH`g5*4&raiFa^DUckf
zlQvnCkA21Vjl6xe-#xtjG0;9Ch5)uf5(S41`htBhjW9cz-o4SaJ?IVKTL!5o=GOZVugL`7Wg&?`0)dA
z6YM79?miGd!Tz85Zb!Sg#W4xq1vu*Y^(EmU;#RC)#@9)Q_L^Gu&=;*FV@&3@_NMh;>8KYPhNcv&UU_z
z_(b-+_3DWEaYXJYi0`p)y*d@zmOJi@|BF5M?+g|hqrS2KOc!uO!vw}SAY8r}04`dX
zq>YG~_^f#vTE=l^GM
zfzt(w3&W=i)BX-&^k2b^>Y7KYHqiV_p>$RSmdRDY70_3P>5qcsgx4Grt)
z^LouQRLeepd|fTCzpkc=e_y+HMME8Z@~o|^RR6H8ue-Y6Kga@tE&4-z;jhFV_px|$VrRkdq4$X2it
z8|wQWm#h6+->?o~_UIFA1nX++8OS_U4J%iyt$&1psCr}g!>T%XR$IsC<#nt3z~`xY
zw1&NSHfUZRSyxljS8RD0iU{x(b$#&WkMIi<%iDt@HH{I|qP|wwY^+^T1ASh*yheSg
zt*)tWsD0!K^&JWVlBjRhHQKlJD>pP$uYJ6}?|s91z>aG5bzRN+4KO9kH>_u1sa&zL
zwyv7LLz9*DYu8jYKy{dc6H!^av1%QCqXP`T(hqs#HLQl}budxu0I=0O0iHAsP`F|b
z)^1q0g7tyUEzDG8YIRNQ^mR29K_e3Zb{h~)8d$d)YO2=Z_`@ksAo7bxqZ6v3UTs@s
z(Gq20*^+z6efKVWfGl;C6qhX^_bK<>w`5^4xvxkmR?3RVJtg+V_qvE(u`MVnTfC4I
zDfxNX#9p-=>RMM%?!2RXdN!F~v~XdO;{jrK<;}E0*##x8qQzv1b=F-(Ds$MS8FyH%
zq)b`puoW#XCPn48+Y6>!t=aIT*dBmJ?2g+POOj-FEV(nAzTA5czGM@Js|p!+)cvfiTQx
ze+FG8A=i3)3;6Fz{tM--SoqfJyQCFW^-~+9>a|k++WO_Vplj0KxS6eMXqO_sDwn4hJnwFqsbMPXR9u88(Qw7vETn=9)wj89|_0To^OlnwJ
zBdxAkS6@@7trKX9WM<2gerGjf*(U%Md0`1jR_&wGBeiuk^h3by+J?KZ1AKF!giZQ?
zv|LMb<4AI@qeH)7?eL@84mqR=y{2b99(U|`0wN&^+k6c{wz~Jy0TLjEZ4hAN(UN+@
zHy`{HCc=Al#QcQ$0Y1#l)@=^H`LYM!y*K&GtSSH`LAGLTPYjwsRaRA2R=%rBGYYCI3zcabMhvE>QBX2&(-4e~Fq|O}nI&m`HI7Kmh*xgIG?1iVPox}`{A_p!b}GH+w%jM0XE#X^
z;b$34VZo$Fka-H90*eNSlRcLQzYU{EP67%359cvxK2QQX4UX%w)=>LFjs5Rl)8TYumT0h`oqpeup
z(3fnr&X05%(It$F;1exq^rtnMCW|Fe>1iz%+B|FFOkq`1S_e=hNYf-;??JMj-c#y&
zr);l5fTg*lK6g{Amv^Jhm_L|3JUmj_4}bdbc<^WHx%=~n$Jc)Wm}d`UkKWG0
z*nj)J2-9~j443+$PqSl(ia6Y#!Z%Se^6VKK9+sL}5l^4WVa(=AB=^>PFub=R%o~uc
zfn)lIsB3+@G7@^f_CoHCgg8KJKjXpOmh0#VW<*=4%be`e1-#*Nx6Sl}GYg+nany@C
zjRXJ0RHEGrtuILTN91hYV-66*JV~)S5PPuYdu?=%jRMlWd1>n1KVuO1Zy(;9!Pek3
z1Qf##2nJD{Yk*+5f&~mbCYT1tC1)wiua}qAV;cNAn6kpy>|`9jgQAo)0T~4!g2<$i
zuk43Mf#<*4505u^=(}AkqmT!=hKluNTMeSPWly-g1f~8X#Yc0P1gw#LvMppTNy95u
zuNAO>d^2j=ZDIaWRs*=trb!X!@)z>#8B=N*Awa231o6}&SiC5G9>vO&Vg}QRDaCWJ
z%-LR3iy8q@B=@62PVVy{J0jhUKHwG2ncGviMNl&Bi_U0p^~QxYK5XnzYaxUb@YBJe
z%OisT^&Ms;X+?(alL-HdJE4_bM<~ud#L<(b5-}_M1B9`
ztolCC?Mz$Ko?y0p|9?Ke*Es&sRQ;N7^L#&F{a%08;n%;P`k3+8pPylTq2n6*Z)m&r
z@D-M$>$t6ccVG=|@v7e$cWv2!We+bp{cB+(`0NPlygwY-ZLmnUi|`OJ+u)7Vh2jPz
z*uDl1l9*%+T)KAK8F!^U9QKEz*B`O)yaC!RLJ#Pe8p+H>5oz0EAW?>=gV&#lLC1bQ
z0-&CoYmekXe>^%|DR6p+f|??rmA~nBTXK*lO9W#6KM0p7qnmW?)|J(B+^%#-)@bZ*
zfu-IC9qUa)Z$Nz9Yg@h68+keGj|aMALPF#04s1;BH_IJOsDHO*^)@?KGw8Y(8<_C`
zrt^kocE|2wY4pTYS=+wA%1K(rgU_E6me3KJY$NMZ=(RINrVFdx26MSh{SpIMV2(B;
z)N#7b$kkn2!`2lKCBbglSc14=vZO=FkOt)}>v8
zZ?)-Toibd
z%kXaW=vp%=IK;HDZ1s_aB)$Hivbz8BbnR^>rekc4u
zGy7S�uR}e;|nyPn$GOr+=x{uX>|dih(tD?NiJFN}*YB&JJtLUCyO#zpfX9Z&yUX
z%;XCH*h9mvZH!JF;*JOOt*O&*oesLzDTW&~lFuEVACs{4?2Z-`*8;Ly{-F09SSvD9
zs(8oLCs>8)U6~fL2el-4&lD(
zwXTN!p7SePmyq6J6{sbpuC@n#S0O(b+Q%36sCBiXZO+cqfQvnJ(x
zRw>`JCgp2ZP0_5aiKg{2@qr!?Yi2}<2tZkF*S23)B2#KvT~Liz4WgA6;lHAo&x~R|
zQyTjk%m(+y*h}&$hHdh2w7$_b=F6>`fTXY3#&tk9qu+-%bTb?!#hC5vjp(XXI+J8bW8YC1=YZm1R(MSWs{`IZbs{cJ`&VWz1b0s_E>@N;RqXRozr8
zLlVt~z}fBC*UTJx
z;~bBu6lvG8JFbdoux6IIHdLT64m9C36W
zBDnoXxsK_=KS2ehaROglI55KCI_Z8^ZVAChoTuJGB7{uRd+DJU3eaXn6p2AYU9qH)
z+a#F8Ah|`{20X%vPP8%W(nbt^FF}u`m(nz&drA9v
zc@Sfo2yQ%xT`-MDqzHETTHA
zsI-+B1}K>pQEf40GMyG_%9WEML?GT!;TN&*#nXG00OAd#+a%3`=Bi16rAdXG(=gK;
zFP;aS5-U4&s=R;~9Z?2{5-5za7{VDj(lZ!A@`?%dA%0sN)=A?jVCfWoXC0Qn!
zo)yTZyqJ_CuxL@{hUl5h8i{4`w$CDn^KB5E&=0oN+IM>HTk5-sPqMum2j6cjZ>?-|
zpfUK{TXLqj4xTl`8#!(#(}L#*LIX6QOnH&h-Z@kb1jIM>RD~5S;eQSNfcgq}9n#uX
zBcpJZL!az`m?pI02#{Avlv9FR9XD}w_HGI34RV=<9|Pe;Q833`IW@V
zI6n#0*5xeZ?MqHVF`+W_6bKvA0{W>O8Edha(}_W<^2)UyUEW!NluLMoAyJaVUP*Vq
zU@nGjDe3@F*=rWlY+`0>oqH-!$HR+B$cp{#Dm8&l5`)?!QG8lWS9RTLi2*DwQkx%K)-NJAy&PnR3?p0qqnmpk}sKr%8_Qs(yjV7YoVfjKH^K
zq=T$huM5c5Wp(u##!DEWF`Hqm44n{Q(=RTAIM7mEa(Zxw`PY~*4U|aH26u3r%#O*r
zLf|st-h(s?lL}|!tBcGrl8P-U_lwSM$V_JnC?sOeyc$$@b$(dv4;Tp4AIDMR(RTQ9
z6`1rk$}wNwf++PB41F5an02CmUL*S6jm*4D|K3U
zL7j+7d?PxUN&N#Cy(OM(0+lwHx63iPIoaUOroJY=V6sE2uZ|QucE_X|QZ?P27`ZexJX^CR$R(jSkHJh~xp7&N6O>pcF_{FA
za|l~w+Q1^fRM2i6alhVWub28;O3CqCDN>u1%ynRFIu@XT)mIZ-&FPt^NwF-O
zY*aM0)>~rwI9y0tm1Ufaw3)WvAX5iV*kK|waxd8{B3G(xqJHTx2C)^NEtqjI01oSh
z(=;J9$W0~z+-1{lq*k(ORw}1E_1&%>DAhjNrPh@g%EIE%cFZ7r+X^;T=T??P##
z+-%TIk{n(bnFMmkH>&ewS=J4pxl?ldgc}97<&uv`p_BF|jX_p)Mt%a(p
z!75s0j)6E0r4io(RL;Ey>XOBbDJpF6%Jibp=oClMVjPn*ch9Gnc2x6WI==xxxE>$j
zfpYNRCIqQw@?yD6nBj(SG05*J0mLwzOp=&l^mj)@svI(&mISn88jCz53S`xJ1bwWF
z0;7V^*afqrpCT@uT~_-VMe=YpC>^9=RngFTv*VRD*SpLnww;l|V83fESI|pHB~fk0
z3YE_wu%lVxcEQ1*v8rWwq-Z}gm1$bAIc`x58RsT?*S`H7>sbl`lw}wCRG{+1j;S;<
zu@gSEZS6Wsqh_)y)>jB7PUs;R*v}P??tQ4-{GM
zMam_LjTAj;s8ztVk(|xR)Q2)o&=d%zDirY0=M5bMHNFRXO=><$KtWl(_R#3dh=MD#
zRwmzMGC@jZZmVSb87qou%R#%W7?!0R6tOv$(`1Ap(oYJ!}?wWG!&Ji1Fe}W52p|A2W?Ay};Dg{uMt6W_j
z(v%!2P}XOY^#Q6p&w?}#n}<7oGZs-3xL*4<%&HIg6QinI9~31T)Y6KJ
zYN6*=Yf`cc9oi}abA+i@z6x(}0OzAylEV^^l=EgjY)8{p`@BrBl!n4Ul`E+Z9+e%d
z(9|49N>o-P<;c7y%q)=F`P2%Tro>j6DE^Fx9?p#u|+r
z_#!183UKl$%TdH-N(!*vy;AeA*J6-{3y&P^#@cpcsjCwaboiJZ^U@~kfM|vE+YP4D
zo*?*~5#)7htY2y*Hz3$~EzRjh+Zy#4Po|&UYQZeKPrt-^kiblbsqlW`55PZ6ld*k4Vdq4}6R=1c6
zO7a4}JkOW2LOH)ywd+Ib0*+B~%2`!4mNqG?J+Q~mL$cZ01!YW|ik8iKsa>O)%yP_-
zbBDIhDSAH9&~YIFF<;MFs~Hbkr?%BImD=m}%RM_Scs||sBsTWUJ{=VFaeZU2g%M0{
zE-kq}tz)^td3+0t=KZubwY6hI$XQMwcPvS{g@njhan(e;|IMb_ftWGu`1dQ2Js*Vn=MHlB3&3
zm_mgGx`4tp_VevKPFH_0k*U^;SW@*pRp}K9j91rR*DC?((K-h2q|y3R0FepqPPL~<
zy1puD5Ed6NBd->n(S0f2Tk{Lvvs9wc3|a19
zMfWAzelzUS;{B4LPXfRiMJ7t0H
zYl_nvG*(mfLD7`&K8fKwf;E@-Exb3sWKX@1*!{`SAF?ety97
zBc7l1J3af^3FQLRsS0QEGH3q||Lhdgb5J*fJdTT
z18q%DR`D~}B*k}k50Aga^B=Y62RuKmm6_+e+V8;!ruH!~fmF!%&;z`ucPI`J<3wQ`
z;H^BPRt0%RM4P7!wS;f!^J^Cici*J62Yuccp(1ItQk4kSS!2;^xdPPu#eOFF|G!s1e2wyWKdbH%
z>PyZltsmZ@3n30ZK0JPf=L*kjJa>3*@ca{=@9=z&=LbB$)6b81eyV-{Z=YArOQ&}!
zpMNIw+s~_mknJzN`uX2}CVF;DJpcT2fINTxIllFu#lXw+zxx}2UyOh0jNGyCJgx+2a6~E~!t*)zO&ffoK%8H-C`jEqsLhE&sh7
z-&1#5O_k)M9{Lt^T6Yi8KBAnuxfh+T-Gk@bp@bu2Qoksz5ye||S-Js1YP<9HcD*`A
zv=ik2!`_>KN0yz1p=WFsSr~gTBs9dpZI9)twzZVjQJ1HeYN<35qirO0w}xS;uH}}h
ztXgj0TP2kS=cNtAX<{dtfD<~wfk}X*pTqZM9$`_~-h7D(O>AKBGSlA23yD|)^YW2A
zeJ=#Pe>>-%TbtB_A;|~oK6UOn=RfD3d)EK_=U4xv_M~i48QI0hT%y(oKL%=sdXfkq!8rIfIOf
zT1pj`45DIELm`WtbOA2jgWweMXU-&-EMe?^Re&m#wIpewb(GX=rcwBBa+DONOiqqX
zrqo1)q^D&A^|36&lbhK>
zl~JQ(D1XsLnuIKiCdS|!c=>d^G`L(`CPV}kN;ppKXMRha6lsWoQ|>iAZ99z|^}
zt9$igt%_P(_z57U;-ha>D4c-o-~mkV_*-~>hbSa7BvR!KbuZ~_rq
zAstDaT9s}A^0fwC&qxbSU$I21OVbYl#aw>A>?w_lWF9le>6Qh
zx8#tNKJl^;b)(*|S8Ki`!g)bV&KbJPM$u}|<=eGgr{LF~a;rng^@zF=R_5jw7nW0l
z4s)a9S$Jt9wX$SL^?10(t3a+5ai$ITTNfUL5e_>JE%~zHnkykn44g`XxEJ6vD*9vs
z4S>2iP@=k1X;L@nF9K-E^F%DVMkWOqTCe5ii-lGMtqoQFNXMC1cv1J&2RD1xr;
z{DibZO`!MWT;GX%l(A|ab!LP&K_F;xO^&7CqVVsp8=gWt|zXk5S;BJDubBx<>
z3I8Ox+u(xZm-*mNxy+wrnGV{Q>DFbj;}RY8UZR70UZR6P^%Cu)@`GX25l2s|%AU&}
zr<&+tlY&oAxqeLuLbS@lSejedOwHC#P
zT&S=ewH|}8k*GbPIq6<~oen}s4m+o?Y2#x}W%LgjN(CHiD^xGWuxJR4E6X}|c5Mmvj)j%wRB8?J!%J&J52@v~8I{ZH^Tg_dynigC
zz6J;%NH`W_KPQNJQNjxfwiQ&+vzHbXC8Fm*(kq!}hg2w6mzO_wU1$OMGg%i*w0xhA
z&*i(Jb;m3ixqQzB!%jZgf??-)WebK~0;zR@@f0FigXYuqkVEE$tV>*t(DV&2T0*1!
zJ;)*3A9+jX60?47+pTshPOC!GdFy^7hcwilCFe_lsQNl7l%xg78`&tk2}}RY4({_z
zmuCjj(Vx-=5p6b5FZ(x
z92tv`v{pr_3D~)g;EjxVkOcp)i?R(RBfB
zs=jqgM`1comGa*9;voPIKu{aSydx
zhu>}MJjTwPFKre1kkAo`by^}{F2O@H9aA2PQ+F>8VKg@~LS8x%B-ODys0O1v#74ww
z7Wfv|nbm|A;UqHb+rE&#^F~&cU%O5`0glKDM+@nfVapPz(AZ0S1fct_wnPy`v=X`O
zE{W}RH=>Qq83FlrN&u2tTYG@BEF#SdqE}}YAd*KciV_)?QaL4%EFw(genktZMz=F%
zd{-kBpMupxhE)btr@Kv$+YTl(X;HV2;U3}Mj-2KM@fHkOg*dQ0PKrOKLi|$+j;REZ
zRDv@qK@Y{3tdku75Wp?3ET`!EuO`=)@zxWyaBB%GR&7o9;kimaSMkdAGyRXPT;5oP
zX?Tv-I#?p%STeJ)a_RDVq{S69q_lm=>yYz_vPhbBFF8wmI*8=Lo*NJv
zXg%jwJUZ==vK9>};z9-{EJAaC`pl#Nad`tZkEctyNLQ*492BZ=OlW8;*2i7Smt9N~
z>E@x5PKJkd9x5iRVUQ);L`LMeF@iqbE`}n)Jn;9`;Kqli)WmQc+=QA0e{%RCH8ni-
zkeY_TXdHjWA!&39p2jdZK911%G>tz|)xvbRJRR-|&@Fs3#mrq8jk_S;;ih3Mq=o0c
z!!cEK3*m?fa0r)Q_{h;TxHp391NX6yf8=N%-21`V18zuD19HWZ$D%=}9cRPeD>1vK
z(OHCdPRFUr3a*BGM)%QG98N0Amt@%Wl#=To#>b2uWYWiirq@GSFC!tiPSfBijd~
z4@lI$j;nLzyXZ}%_q@)x4MTe6)bzEG$$PO;HLA-d3bgrwGIP;*AVGSoIR
z61ezIDdnyyMA4+z;>Dx9l5aM+j(A%M88;SI92DH74n|FEK^Rb4aR=aT
zgS!I`x?muOb_;Nc6^SpLZUtf%7p#QFJlA{3DFs0TBXDV*O6i&pR
zs1tJ*v>FWZtZcJkO_oYTKZn_Z){0Pjbi-#Y8SPD=KRnPfjSM)@glt0FEopXfZAKu>
z%}ZjPxtN77HcxvcHi0NkXCw(`B0%!Z9ssb)Z~97&VaPa#slocP;}yM-tS5{V?Y({Gq
z(Ht|d-s1@djdhrtHstj~8z8#h=Vby_r8Mp>yL(i7Gr(t1Ao38-Nz3HZHF%r^iAJM81TZnob+I&O}+F
zg3?yWd_Df{fBi>~7QYSVsQ9gJ|F3qA|8l!t?V_ITB0^*
zW{f>pmCZID?L$~4P?<7MaC!l$(t2ufV@2i=>~lDeF3T*&n#0%_)|glOC{JEZE^Gk0fg_!!
zTh-mFp@ez~rIbY-y%i@i7X58ssF69mU9JmzUQ1k$w`Que<`e6Vxq+5ztzEG}p_Q8;
z;5jl!gHNIfA7fxd<9r1?oI<>dlrvj2wVEAXZ}w2Brasc>H-%$`RY?TSRan05=78DD
z6piT?{H8stjV(n=xO^No)l!fc5Yk$dpbD$5k4(*23~to|urRU`*#*p2#+ss#DARO?
zU^_*`5W93O^%$!0>~O}DZCSUAY;Dlk3(MVL^bpjA>NZB?0FEtHrpnB2tetMf7!8L!
z1TNXFYVWke!^8cin5$e&+mO@;Wm?znEW?_z*5V%f=+P#`|9DH<{$rd*ZtctKn#;U?
z4G^7$I;X?#U1hl}(iowybVJTqM=ui{uBhsW*a<3&JY_9bxHfk2jKvEgU`M=qF67VQ
ze7Y0~X?f{^+@PbbmH@F+>!dHiQ6UO47|Egr@+0yo#9J#5P*FZV%8BGssTLU2(@Y^T
zjA1kMFN`S4Mk*NZP9`Fr6_R*tOw<><$Pki*K_|JMf
zRCSfdQ#mfX&?xzGRP%`pV%|OplNqA8JgGTAL5M-8Z7W=%te8VIX`#GCW-C*w_A8k1
z0IJuOQi!Z;PAIAo5ej5+!E$g*!vR5b3L2S>@N8j3vicS3q@#J`;9J)5-k0}%z)&kF
zdcwqU!o8h2*=4xW%UWQNwE1
zC{TfRdZmSwOnsThe4v?t)<=E;#Q12T2!_t%MS7qfS=mVAxr!b(9@%hE8}vqcX7-Y!
zHs{u631Q~c^$h`AUtXug^vu%gBIMA#_fTe7e}@!4q?-lb5hb+_F4$>asYUsU4kdX~
zI!1q*TDDLSH9*H}GB$?|Y+4!jwB%xXHAyiJii1^2oE1gGg1}iRI9Lf5eT0M|)C7pf
zcM>Yfl|153R@jSb74a9UK8lu_S45+ozyGAJz?I{3`_>UsMF1&|91&ahuF&HfY(OX{!2e
zIVe@G_lH?*rV0UFdu%a@_8t(yeF|BBbOyAV3K&CM{8d2v9t?;(`T{QvnL4j(#Pv;r
zF~h?n@E;c05qK>+HoY6#$e|b0iLw^TK4DA5M4fU9a65K|%*@Kd(%HcHDBoiA%?lX3VX`T(Cxz|R8QLWMVSRASW
zzx0!Y--$T=@Z%-=o#CT^RUfH8F&Gfb1Tm)1uu6AW0L=|bh;j1G{iT&noCc4>i5w@K
zR@hf#%LsrUEw8LPMiVdU(f}`8Yr@e|*di!VjC>j)aFe=$seF$^FPs~>YS44d-kKq6
z0C}3fsK?LnCumg!m@(Kcc^-}ZkzG>)@t{g{<4Cc2>9?oT-T+JgnpGCSK+0%VYd}D96|3
zAjfD}7Q%#8L?a_}3u{Ycj*dyUdXvRt6-jp*1=H4rGL=GHD|C8t@|6t0Q$M+ZkyHNQ
zH-7Bs5M1mOtcT!=;BJDWy*Sd0sQYA(m7SCP6NlmKnAzi(MZqJK8#=jhHE^hPgl9qt
z>wc2`*hTS?!GZjlLGe3fM1C4P-;_%gXz3n+<`@$mx@Zi!tWJ(pPz0{nnAU<@5eQbJ
z-VUHOJ~G*1?y6I8NxeuA8Bh9}s$060f^ReWFj2u!xNeAaOl0J@q9HA8L(&Ae7wUEp
zib4>@Vmh^$9NzhZEp>vCjDwaD@&w%o6cA9$Ea4Rf-w!Qc0hDOSTz!V{qBY;KRKT#<
z5QC0Rg`lidQ}q1T(7Y~7=e5ETam~yc`Knk>Bk$7U$d1Ky?k#RKhs6;D!4Pg3{BGe*
zfcHM)%I0Fw5YYprzlaMYWT|7R1P|yG!p~7rYI%rCgjVM#HMhtKt3H`cAS{hn%939p
zy^(AO1=gdX^K=lvL|iH8S_U~ytl>$x9KCT65QNnvSB_%WLqW27&8q<(zUMqR5Ikts
zhdbv#c61lq0k}hOeHT7Q{BcH3Z3el
zKIfR}xm6-&d{`84z8k@J8r4O&Q(p*zO5frb6xE4Q^D(x1?tGVo4kZ}F!a*c{$k{HH
z%d8E%fa@%&W7#LQUcu{1`dL5O#@I_5a(Z=#M+A6mtl!*{ZCSG`d!q)3jF|tA1tx`6ZRM^G5
za?MHERo8TUYefbGEyMSvx!Se~$Gzw(p+7{IC>DW
zWX|EN*e$x%)&Z+|jg}Cl3s0p?0I?!>i+fnKe?eEICq(OLajEnC#oaNJ@JYTLTMs3sehp&~%Bf1zwH9}V-X)HSC
zhGtDrWj-<@XqrlLsr5cwG}7=(aiw6{XFBAs>_jpP0Kd5#7=0plFss=XKBV@v$T6)O
zklZV!_^Y}AwdrTjh#al*LEWZtA*$4nIgYGRNE;IrVPVy%{mN^oMMGP&lUBNowQ{BmlBjCYbP?(hxJdY8mHU)LAu
zW)!Ml*qHKn=m9=+9dI9TF>uA}ycV}iSTb-CovZ8S*rCZebjjRu+T#`1GAL*R4LYH~
ze=Fu%AjMRo{JPpwE?p9{l5_(cg|Ke{1K7*)eaNk66#rhlW-DX
zq2Qhfwi0a7#w14M(O+FmZKPysYuVdKp5>Z0_KDV{h3`q=O&_+3}joBWMy4q_gvZ~u15a~L{7qgmNLmS7()vuKi
zu?MJWo9-Yw1luoh3^pQMLqq|WJM~M+(9RZbpLw1Law|i7Z)k(T(TDE#fqHCFC?3nm
zoDV}CP5v;}X&sL3E$Z0vI%0?6`Ja$A%0`?4hD(((A!dJCSed!Rg3Y`TMXwAx;Y*$0
z%C8)Z-iw&MkOw~zA@E@B4sQ()woj(rk(yAfIK!D4l+btIUUHj{BhVbDG5x|}WZnFvd*dCnO!Sy`_X9{q)!0m&(3+@oysqcof
zJ-AJ9O>nos?Ss1u?hxFmcS8KT*iGXzxZB|Ff;$9Pgm>NocL46x-+*`D2;p1ZEl9fy
z?i4)Fzl--&d;c+b47R+5SBHAILj+yt3r`-cL@S+A=BYa96uhEoMiW_yo_p{}g;97a
zj#7^G3x#^z4zBUr2gZ7&jrT~KknIXBGKi$4jOW|${@Bst-+E>46gbR($_k^y
zatFU3#_r9J9eoho)8MATy##4L39gCx-UG1jg?#U2Uq3Heaf?0NN%CVoCjKt?;6D6!
zU~YiRgNuXvV@SUPE~jN7I$R6rTLE($Kr9GmZJ;GzE7LL8t}Xgp0~jB9l?Vp5mgWXAGiEk5J(`#
z%2Voo`HTUlk?gx$_{B~8e>l+#yXjVxzO6$;y0s7zh!6c1te4>W{t>$-JjebKubbWP
z1XzTn-@fFes}p8R2-y#a;7Jb_t3vC|z(CFwcEoO10&=7xihM_YfavX35^&Px)Fb@S
z`k+sD6r>mkVL`Mlp#y1f?BdFJE8d;|l_!=swU)BAF
ztH?02l}r|%f&>pt^EU@0+zBm3X%;;j#0b$ivv|cP;uB8G-x^&4&d{Y`FNp4Cpj=22
zu(CzEzH5bOKRmaWv6N}b+B55VB0my=V8SJdnyk|ur2W0!#??7ltti_fq6Xa{@Qp641V<~pVA^zCh+IJwOwe8#xLh}g$fs<>G
zb%CWWkWfMkcjLg@&=+j*ydo1Kk4*J6A@aiAX%PmZ$YdZb-iSuuNbYdQ~nI_@RIi&Jax
zWAYqb#ae<@l$J8LsOGy{Crz)3-D66lT|0B%*lD`2c+8F6zU1KHxHa`J`EdV&^Jl50
zS)AM3>ZN(s!*VD-#Ea%?rq5nm;P~c((SMoGyV=H;&~KlX_(~oU&`xh`AkcW32Rm|w
z_2p4)8RM)J(md{N?ZqJMFu)+Az-9c20;O40z6Y!>-=pba<@9_P*@$|+CS9ta98skZ
zr2Sg04l%fjt#VEjU%+JNVbZ2A3W|ws*y|V2C6?sJM#cFx{q5W?jY5zhKH^F~j+$>)
zCH~FAqYK!jpBoAG0tPCT&<*DXcbw7TDQEQT*|Q^~V;Vqz>YIsteYE}2|7FAbw{yqMTf
zgN}Y2nw#B(XAW3Tk@yLPmV{J~DmAvDLOm)o6{!qC>+fZcOVIbai`=e{xK-F(a?V03
zm2#%zW5eSOvdETU5?uie-L70-pcQ`##sS_`lqodP9ArL0T3lJNFXq#>r1_k1%=e^^
zY2oNc^(-$_X>T7G3}>CO(Zu9bB0lZxdVrQoQ3T!6J{%{1OWZ!m%0p*orXL!2P-jy-
z-qtp=OJ_&pquo-wHcOB1$miO=14i`dIDW^(WC9-S?;z-w@8CGmqbuKm*QsSFVsv8M
zS-zTl{G?UwUQf3f)^ozNH@3w?iTFc_v4uitAqsN)_RWT
z&c-Kabb}kP)%nL&NpxtiB6o-xB!Np({y=6ws;D=z76q{TeA=2t8QwKATKsY3Vy
z_^WjIj*9gi`z!n%^|D$j<>1ALvS)l}YU=FRJq(W??OqLfuLF~jDMQdL_2oGJduEmE
zJG(kPK0Oh?=Yib4o?bPq=V-VxPvH1~m3e$LGCl~prJfwee>WfFdaf=n%sA6yxzVZV
zduh%d^{kh>wI{AWiSc-(J?kC%zi#!vx5o9{DAF-`F}du>HqcgG<=8vM*vO^jnQ+&b
z97$eYfa-Uzw_onG-gTRQeusMdR=qdZx!!&mQNi+tyWM>X{wd}ey|UXp(=W!U##Kxs
zH<0gc=^!cWvciZ#=ZYpsZ$lmqmCK)D
z7FLZx+SN_A&vXF=ox&u#Ca1F%lWZecvztA=GPOePwRlA!7kl
z&x==iTyBcb=~c9;O@Gfx{N1ZsUp#iKQnxob3}Y)zr6HE82OKfiVZ@GyjDi+K?2M)t
z24Y~+*w{ieXJ$4YABA7EOEoZZ5!?*8lnkc?YpPo>xxSxq=E#s)ze!tzLe@%oz=~0I
zVwE-Z>%?!bl}m7>vr?d1^p%BTy|&{eoN~4*RwA99TDbwIY1Vj!)zUCIBnShd%@xk#
ztrUrfTOe7>B&i*rC-YpS_PARiPt*#9a|8JiR@eO`52RDKV61~X{2>_Yx7hXF3ZK!T
zR!5$1`iKFmndjydvdmxENK>B<;xbSOoSiE1!tDRck00F?w+ZeRxZB|N#l^pa`*&V^
z=LztajWhy(q+H4(v-n6kKLk03gWB+@G6IK6{S5$o)qVG=BvMRCe|Q=T&iZ&)fmY+b
zi^~NtCkxA&zD`GC6LAWWfWGUziE=>JH<76xpSXDH!~Lo?+C
z4~sQ^_dsA@ZK_v6U0w|izYE^d);ti`snsA__HX%)2TrS?=$6ZEkQCdg2ue_QzDu`z
z7N%*jwu^@)EH};ZchW{bs--86G!*Rxv?Z(;^@S7C+={S`oJO&BjVDX~U>D{6d^pH+
z_|&yXxn||yajH~Y(&t;?YW}vvCd6=-B^9ZnLzzu^-?hA~PXv=|(=3+pw;H5XfM&TO
z+J2gW>#SrB`w{@XdxQa^P#vXQiQ6kn@)eXZtirjTjJYm;@U+EF>NV)
z?G1@uOQLRV=Bp0-u)WYuX;!hSlPxy-oBwX1o7B*_LfVwVpK1mT+7l-TZJiBY+BuKF
zt#2$WE{1J&x(oEu%4~XZB{}QFNdAgQBHkIR&0DgW@=>#$R!P@{q~Np#OH#0!t5;j9
z&6&*){s~mz^|db?
zodP!xt_dy%ar59d!4JKWz^j!k=|d73l>8nH
z5LDGt-W#I!Hg<`0JLw(*41-z}J04GBuyEsMVmh!~t8F*DGy^4clj}@%mQ1zET~L`^
z4(3NAKuwKG-I0EySm~W8S&`7k@01?Y_OwHQ$~Ol(rk_MnXvO_cf6n}|^Z}pGx@7MnE+jV$ZzWcfFHFR_rwtdsz>ihJ3EoS^YilTA!
zMTv(~avB%W=OujbeYzav&`d+JEU|x+59*Sic=80G_zu`31B1S9a1A5jAjG|@CJ{Lz%oyFpIhV@SK*79Z1T
z{J&f9Zt+opA!2GzOZc|!BYutCj+6HbDToc@>?}Bv>-L)5v
zei8hAa0OhSk#j~tkLKN`C-`#gZ%KXfe$7jWnDE0+90oE~vG}))-7yTqEc4Mcwz}OC
zZ}37>-Uu{AP|ugD_=`&+c(DCz`pHdg7tO8il>Ay1kvF6VNj$z}2#`8c@b?RTDgL7J
zkeq>J6#|)-csN1;?w8xv*=|TYKtpM1GR>PNkzwwC=7
z{3{^6|C&DVRIQRNL61Ho`S!(!+26!>Iq#A4)_X!c7Dh3039(Iex-mjn7N2^g#`^De
z5%D&JmC7C=qo)-Djw;k8DBqc>BMJ@cl9YevJ!bx905RO*ROlax#{*BT;+6CQG5_AM
z-IeE=l06>})=Ir3>4)#t{q_#P44|F8=3_
z`&QfaBAf1Fv_SOq)?sH0YVc-U*|$Bl?csw`kCKj1_zo#o{aq=aj+VxlJzHRdcT{WC
zu$W5w1RIt|9=F_fWy@!*ADL;$)@rfMD(*_80p
zVSF_YISwU!|KFE&TzuR$Y2BCb?Z2a-wNePe02-8zC)Y-5QpDU
z%W7$9{$7a>;6#~Emy7|@8xoILvc_$woTb=?yBZ(3_~lXN_0Fa7x+zVKiRFgz`BKG1tEa>G0Jb!f;dv{buop?V|3~#WDwor{ZfUDn
z55m&mJ(3QXo1d=2>Me;+OFRle*znIwybriLoZC#w{m)qaKbAHFU^N;KUs)mq@#)rh
zSU{=#mUuW-q|w@pX|I18Nrx4oPFYtw#QTk^dO8}9iz95|Zozy{G(FgriroLtBJmAR
z`gK*}p^@E;-7gYfe~R!F6aT!#3z<^g|6>+Dgyl&X>F{*8(|G-lX?&+gfgrJKzr-e_&iFDySw
z-Qqe1O*es~~0RnC*@
zmvVlP0;tt0Q_lH~gs4ygG!F|P;fyjG9C4W}&zKbL@K`ZT7g;tGU|IkEPx+px=3q51
z@t3K32}eQUdHgBjPX&L1ev6vyyG%^($6t|J+z#Nti&~M988e~;WbQ&INR4WS$F8<4UGH5!B=Ln^N6W&M~7X3)&S_YY0_(k>-PsD=T1Eu&AE0{(lrNe3{|p)Bk7F33d1q#3195Bf#5;5BwX`Q
zJGYUQN7iIHS1!QGW(!XAeCk)~nGfjoWvc{dTvSa@gXN_UXnY4|xT>+|F)1M77?ME0
zj?+=qMkNcYXer<@q=)MQ>;rO)#CrwQh2#pMx&u&xhz+bA(7cX>8ju0rrSajy8BZk@
zhBZ!i`(K%LHdgTk7|m_;nuRt(0B}#P%0F+)zkl4s2_=lV_D?V@lY|$GmP?g(NbVjwhFRCQdXndT8fMtWNRaOht%)>pVsFExyI$|
z1EYV8ZG0;{=HfLerv|ObuysIF20_}K`H9+xBBzl%U5&Alx~Ne8zCok}TH(YJx+xIW
zb+=CU5X1;)>5Vt)4hfLR^#;shU$TK%c*|nf;KVc;YKOB-sSF?PWqhk}#8axY3G-`Y
zi%SqsV%}`DX_WO(Xd))=A&n~QA$N5ZG-RXN28(n=QWg+}M9QjuaU%L5x>-rPYve0n
z-WrQ@+ykr*-FNE^zv{9ADr^D*hxJ>lr9h07NwLNX9e-kYcTY5Ro=my$eFg7|Bj?x~;QbQOtj7a2@vCIfkSczFx;-SGwiw}D8;=RYu7`i4hcjAYq
z=}ie|KDD@d+6hD^54#z*$HCC(
z(y}f?ZT^ft*XbBO+THpYvyL|^m?ZVT`!o7JXA31Oh$2dSaz7iTi)~7ngo^MUL&ECk
z*q^~6ONZcv^+)Bqd|pBz2VLqc&?BrgND?~rb76Tw8K#X?Xj9^EiJz&!3R=qKRH2kZ
zi-9$0`g}lAzli%-r?zZ5Ti(X&21Ly1EqE!9lLFc99i8b+G&}ZtBm#;N3VPY7l0>#j
z5t|Ab3}XT5t%m3tFTUt(iDxN*bCnzT+7g*h#5KsYEwWQt
zi?fx<)|N|ihv4N%tCfKWJnyHLTq&JyN=?cVR*6a0?eSVHTl9a5nI#7~4F%HA>^dZ%
zCmPo1Pz9YugF(Xf8&3kyZ;Jp@V;L|EbuW})&s(6P3#?Ji@z{=l+vRYUT|eUmR%{*?
z6Ql&^_R7w~FbrE7BYZIoPpf50c+ZaO8>+d3b!?9=8cKXdrZ>^%oJ+9&6dVe0(nI|%
z_z;c`(e2d(0{%$Zzuc(Oee^!hyNlw(X-aM5kJf9uAMzjY7%6G(kug970edKyVKl|a
z2l(bs-96g;cXy9&i*LI-5O-7JZ-HNw=jnfa_h|kEuC=^w?#|Di9QMoU_OXue?%Vsl
z;imtM_&*OmJRg9I{XB;cf1cA~zhspw&-1^0_h|iUa+T<7|AzbJn)q4T1z|zSq0H(
zze60l!@DPQo$~&9yE~ugoqho6r&?eRpzhOF+#UIrQ=f!>hxkKqcO`CL;F=cvEiCgT
zh{HJ2HhDgU^1Hk2<=CsEmxaibo^(_sQ;TWG%J{@{ZCj2puvR+Y25QyHs?~YZ
zyLWx^a%FY!mQNhrI)UpG|BnX0{I2y~w68t*iKAaU!*2eqpE%k-!*26!00U|BgW^BP
zesSo_@4ge>u?gG$q9yIW$k$%U5Z?W=jE}xwlye%y6EA=&p+YL6maHu$m(!0V
zFF%r^Z0QVARny@?sABOYtx7qSU<Q>#QhPb7Tde1HMWY5F1=bRJCWBBRfZ|I
zyUqin9JZUqL>i#6PC#QyEXg!b;VSeeB9N%TRaAk~houW8Kd6tCQE^V#V)%w0iDSJI
z$6M+)-l=ZmnvVO6dR?t#%$R^c!wv*{0eVb*i>e+Eb!o8{8OA^?GqhM1qd*YLltm*F
zAOavZ-*hYs>p~9JfIO^GF3eYOx4|8PyHx-m+|8{|V0~#sfsd+~g(3k9WsQEQzDPnP
zuT-aZSHyU`UfuK2R2;UE!LLZZgel(6FA4vm_^ZF9?-?s-1`Ir$gM^Cl@zp*ALjHPv
zkM^`f$#?%Rvwz>a-gV!*?z`_@-}4o(e%DvNo1ZaG$KO!uhPr{j;KA?3=bpRx+(rE5
z_#5zyAsrv4U&Qq1R2Y8Fh5?7=z3bxt)AI
z6Fvuyx-fj}p~4zZ;%62g
zNo^#A+DhVQ&3@$nAfe)fQH!bM&Q$4pVhrOw@$>&y_?`cqeh;Qp8kzyDDDk(&_hf$E
z|3TqH{Gg5xlvf92?7APUKDM@w)g8zU0KR1WpypN4%WmOs37>QP%Oaf2&+{u%uJ}2!
zn1FKX{th4NvbB1ysB$4u6}BomlqH;{^zsTCDUS-i4Qk1}r8Fk4Jlb!K7jwvCZg$Jeg0Q${xOkM41(P!
z2J%np%YjDV`|kDNv_0;F8ZmLIgI_Un8JT7p#cE)u#{2MpZ}|3*a9^)+w3@f#G3urj
z7V9od57F^}7N;$|tM6Ae9k!AsGOT#>5?`%kk*gSWK=M8q#y60q^3Jb@{FlQeFE`wh
zq3=$6I%ah4==w18XBK)qrz&ZBfH8qpw8(UL_u{|8w-1y%EC99!vtX28TPd`P$+f-K&}A{jhE)
z0)~Eup^`3SkeEy7iVwGpmzDzJzb_Q!y8bSw4d9_JF}0hC6_K(5gN@4gm0dc0+$R8X)D$!l>}2?B48c7
zV1c!jfKn3GJc}svU;H=peOPYCj`x1Uw6h-4+|CmJ@^5H4l0q4oMRj`oH?`b~Hh`?~
zQR+9Q)(4vqhQSXG*F&AplYGxw`Oz{9Dl|b#G-twCmWIBxup%dM;op5;^iDi)-}97w
zKq;6pOy1L!^kONRxG(XLi!34Q_`~Nl9XJxLrhiM96OC{FmgWnj?H<=8YSsPUGVN*N
z2p=`&M55L7M}&?UiG}h%5|)!k##Oyfd_?o7muhx~!w{Y~zm@{0KWg5?>5|x#`0bqx
zG4Sgw`w|bRMAhAeT)2c{JGI7(ep}t{(;o}#hq@~?r%3Z-=KZuFWqr4zZ(}R99iCl6
zaxphav;e9s3EL!es&%t@;lc%#E!F(IfeGp*IR9Y)aWEZ=$6aItLRnJ>>Q$>kshQk1
zqjm&@al$?-!!4Wd`d(Ei2Z#-4(bP05u|b`B737sdW)&UF^kShRRS`9S{6z@RXHne+
z(#TN2ViTZRY*tZBIY(QzKjLiXv+;
z@9A=cD0LKsZ2`Ijs-^%apMlP$u{-_o7JgB~`RN5^*YyEl@HS}g)80*mdusUU3n(h6ave*D7mnnyk=4^R8LDxofxIXVJB{wgvFMLNTMt7GC
zp!DoY*u#}ZMOz99m*I4?lCCV76-^G)Sy%8?ZaS0-@wVty5Zd)Ajz%Y}|NJ>&6pcJ$
z<#^bM4>}$x$V{;5f?5Gy7jLp^=`(|D@r%<87#w7n#XG@TB+GQAD+TZoBHkpe3RRMr
zkUUprQ&&z5Oeh#7K?*g$4(!4Lk!PsRU(~O53W0F2q@~R0WZTJNSnX8OD6dAFu?Dni
z7uHlCv|!)JA#EN$}4
z3;I1Ae(42`Z*n&0MY-P+|Ctx9_t6T>e=ohL&k6Nn307a{t_kZXe*fJtKiySp{RUw?
zwxxP08h$DxjK{jXuQ
zWRxi&FmZ2_y7Ga6{1cg>r{Y6rpG;tY`Hh61PO<(Db2;Q&FG7bbCA+~klXT77K@EnPa!xZ{GBF5kX>ocQH8${l3Nf_O
zH(|Z%&RgH=>=0{`iWZfSXd|Pa(Q?Sc1c?lJRH>TBrj3MEwnrMhm2^iO2SivS0ui$A
z+HjgJ4M5<)-vy}i8;^nO{!(a_kgN8XqSSJ7DYc-ym-P7#^~)rj_2iWl88cR>iiqRb
z$D;>qp+n$MuUeDjSmtYTguN@}y!?`N{?vm3=~bWS_}vVylCG-Up!JNS55GE-szY5N_J7qk^><~4Q4gvZQf&*N~!jb}TJ2n`diS+H=PL??I
z6dsz4IJ3I;+uhDp$f}vAM<|FaoQRIC9nvk2Ivz=zT-k$n#fYC1Qc$7?S$H$JMOcF(
zb|%kC@0FL0MB{X+fg3L;J9sU)gKW^z#mJ%62s)rsG%KOO69WZvWj9krj`vKScL<3v)h2DUv~l?EPHo%8
zBi+sxk`b<4O3tb)a|?4T>dN}c%%kec;xhcq%&$SxB0SA5z|&gl5d|Z8nXO!T$jy&G
zqS0cIq%TFC#UP(a!yqoKI-uTpWo>0;1H6sYCVK0SuWzK5;9(Q5_tC$aT*ib;c+~;^
z?8?egY8D>m)>0|(RxW+}rOR_lY#EUr2S5;Bqn4R3x}+8UJonq0KF8=2iirls;FP*_
zdHr!@rbQHUr-luu>4yJN@c93z_21!W)mjc0x6?Dm}CJwZA?2z87;vLLf;uL>k$!(^_+CiPn_(e-irJi=RGfg1ZUs7P#Bs
z`tE-ECd)F(ep?)@FyPBksmbfxM=KO(QQtTLom>CS($?_nSg`7zR3
z>KWFdgYcdOQ;FF^$0*Cn3q-$aVydm1Yr
zQn~r7;61++zQ>O5`(2@@!#O@(E)`r6K%ckcMTm*Ym-sv4Cl^)}xK;d_xrD!q^aIgY
zH#*mgyg^64%y-nXZGaj-^@h%SSW%Lv2S6msv#?SDJTvBhCw@s+6MUDI_C2HDtdYR@$-A=0f-T<*X8j0i2Xwy{Jz{X{bwzg
zk;#)*Zl;_m3JU>~_e0j{3yaVoEp%F;F98BNQ1b*?Rk>|Il(qa;-ye#+-XCf_pil$c
zl)POv=-`8B-6`iuju$mnk(JGIo|iH|uwJhEDR1I59gtR5WEV1w*wN%UxmeKYXbeMbqtllt93_e&~hxP$?2izgJz71#_
zaGT(Y;BFn`at+qIclck0f9k)Zd17hrM|ybk0L9C(nd?vCmsiE%0zrY{`Rom$NXkLJOuox+I(!i9Vhqoo0lj6RO@uND_K|J|yYmILYvi
zpU{j`n&#e?y~^7J=f92>O2~+lTLBcF@l0XdQ{R7+|1|&LFI{@-w?F>A|NDh}Ef{N5
zOHCFyNA1d0Xl-UujBr8{eX?IIt9U`W3>qWF(xOgL7g*IY^xuM>)06v$f4Rj!&3PcT5
zXb5fKq5}y3@f)yw1hI5Cb3#j1`z?6=(P}vCQdn2QXQ%;@`cbbG77l4znW+?aA?yc3
zAC~riUVNQCm)zj<`=3ZZ{fXB14f*72@g+o`#FomIwgyoc6f4~dgp@WYaD2?7ms)pq
zOhUvVqd9gak#%z0vLFdnYb+o|Q%)?Tv?Jr!0k$&$QNRsIBncu!#5kIhOkbdVUK~Tv
zm!)dU;J5%=3hXQ9%RAa~kp2`By|gb+bttGcY-R(j*u3nKL1)X!<7Pzj?(9uSL`ELf)8_|5i(S5%S-@(!G8Mkayn7A6t*6--7%HcK(fM
zdLP!$%742h{pM!x_Bm{6ze8yIQ`Y-#ACv#oG3j@XNsqOp_u=OrlCkgP}!h@
zm~I%NWys^ZI+raKqfsw`!aWMVi1QMi{wujW9kEp^06Jbk7!K^};lzNnF3L>c@*u?X*YbFdxC~P0L
z9I)=R5F&#XlPvU7O+O23#lH$&Yq*>11=lGJ8uDB2
zk6Xh3Gu*y7d_Dlj{Y=K*Z1pL^jL*1@P7mBVU(%6k7wmXEtBml0#RAgfkM#Bex~Ri<
zzf$87rGjmk<kTB)S(Nl`e3hARp7%=gtu~HsJfuqHsR`Jrd;6cAm$-CXt
zh^dzutdX|?+!JDUxcTHD$!`cCE-$T$Dk#a(gIcOMlFNCFvWfs6HUgqFG%aES-rJz`
z^A7oXdaBJ&!QKq+eV<{6;Y};t&E5UFLM&yC4R~l*W*rL3udw@rGVE(#&HWC~L3yBT2DxEY;X5t!zIR=C
z>Gg-N{*xO3+@%kt{lD&WNAqv^+|eEJPl^9O(=Cd_=L4t@-FFBp^7GOT2VZUG6(qgF
zhOLME&8Papd5!UDk$IYyc!&~=9N7Rg#sIy5vJqxquCwm%e)XCafMKggs|&LhB7r+H
z4kgmQ!clMrfHM~F7#)%;^@bgUSMa>k5k`-t6CbGQNQ~&mMk6B7tY7m;%_h!7s~|dr
z>M)z}J8dPS41G(`xqfaS-x{~eIwomI(fa4%+w6rVVXSjyM&U!~`V
z>ax0l&8_m82+o(oWb9!0oU+ZWtUK>xun|NOS9}i;BN#dK4FjI$
z0Q0Nb;vDLDfn~qScB;q*MF~aLGtKn2yN6>r>+(F7Jlc1NLDVO%9q}Lv5P6Bv)-1Rx
zVMM}tB)O47)7>JYvjyA0Ze~xRJ~XTnTUmgDaPK`s92WS%D}Uc>d0nGcu4j#10#D*^
z+UbIMQ@)@6+|g}thvM$;hYrJj9mVWN)y-f0+!4Cl;BJXqR{S=j#1qHe*IMtv_rH$A
z#gBaMDE`sz?$Ao#|2Vv-CA_RkWGdn2>-4(r`G9t#;<+9C*t-%>_tRUhI`#T%Mo)g4
z7+UxudGqxKt}a*ld><|GjR4uWysS3K(|7+ht!KQsXS9C9IZ5I(zL&PT5Z4vyHzr=A
zGU5nCC5pX$&&3aX0PSw}eH8+tPKxr5+lCCF$Z?^jwb=!Thm-UA;7Epk}M
z5;ipCRMH-xEe%gzHq1a;$V=PRGJBM$xs45s&7Ns1PcqZF)8s&{gFbA~IaFzYm0MUf
zX#==IQl5dSSvFurJJwzsP(r|{JW?$+(jEjw9G`*6i9C=Jq~zv
z)cN70izN$>py7pK&3ee!0w?2oXjkN}j59ogrp0&H@z)12g+yxc$Bg@1lCJH~LBS#M1?9%y!08v?pyyrC$ilay@hLa0rCpV}Ch3~T
zz}Ppf<9?2u9N6b+QWwPMFvMF!y$$=O{BmuV6lKUh`UZVY-$lh4YWnMiJ|Q4Y2~#4L
zBjI9+Ar4KLA*R1U*Arz0!*k)?Q`ba(g4dasC0vq|TKtqX@
zf8KIe&ph@U&)i9!()?`rZ9~w59w1Ywx4)X-E#>P))(y@Y@Ep$z&)3k;kv=YdtBiB2
z&1v3Ayk0U7CCs{=G!~-N#c#W2$!VuslhsX0-*#Qk5JT~N`fX;t@P#3cNz59LcG}W$
z$b{p|G2<^X`ff@5eYj?8A!SPsgX~u@2Sgn&Pi&EVp?!`T>)KC1-~2D^Vtqiq@!LRS28ekiB|*6y$je?PW)rRK2>S{g^Exj*iRf9l`D9QpT9{|~l1
zjNkv2&JNRTcjs5aJm@#U-2%4{?f~2=NPq2}dvo)WrwRUTD7O!u5B`0-!?eR+?d&j*
z?Q|afd6HpA9;i
zsgz(36Wqoxp*%lv!AA58s5f2fsE^>HjxQO#0{AElf$M|KQdFzJ4S}x*?pFG`Yv{nw
zJ|N@b0X>glhqos3!2==Qf{O0bI~i1$q2h0r^&d^u6>H{z)RcIVX>jvtea?7J;%AIv
z2Ai2+FcSK1Gd4JBQvH_(Vc4z($gNXY#InvPoAC6zB|r*)|9Cehrvvx*HVi
z_X7rhE9QMo08&^TIV|HNocBFc@Ey>t73m(w?aNq+#CleOAYUl!@pB;M?o37F<8P7i
zS;&o!kBzIQ6`q=yP|v+Z*C&hO#ipWt56bwdrJ+J(OOxe}B_0NJ#J>E~5)Vl2Fk-gD
zkZag3)G)wp%v?gnKt*OmW=@|_pUq*2(^Xq;o&5V_
z9KRaV^96TWv+b#;W8wZ=%7^rX=k0ho>r=m<3FlF6JG67XD)E(oA)l6TrVK~1AdSVq
z`NXhKsk>*)xhA6NId|9iOO>e?&)=Ep;rg_)(*DWiIxkAJa&{5uDlX9&CGh7zPIVz+f59}E24
zITSg{2X*q{yq!N6-qROfg8k$3u>OA$=Es*{ZU1k7>Hea)zTbxNb@2J4Q@_J5_It2a
z{vnKo{|Eg40{$O?|6c(H;UVoVq{aR_yFM5*r@-9?cMIG;I9hiPA^iXS@8Phn-Rg_q
zc-*&Wm}<$)K5aG@=>%K#BI%XU=E{(zSOlHD@?O6RGF9YjMY>`F`H|1z1svNEj+MNr
zGY}>-guFcr50Aiqzzh&Om>QuuKb(se0-320FSCdDv2?R&mx24}8@_OK@bzCfDt-g_
z;NJhuf9d|BxZ+=dJ_lF)tKfqxek1tcil@K_SNtaM!O5N>TZU8LLhp>?ZOG8Q0()a;
z>mP3Z?M?+*?6X1vL4G^J==)EYyI3w&NQt*DW^8iuOk3sDxiy4r&h(b
zqj197dcdDoxk+%;unto_!xH*n0s+w?(($jd>1s;av6j%c$eg%(avU?W}PMTO0m|q*RO6o
z_tMLUfBYv$n30nqb&OdSdSsLH+dIB+bbGtEI}T?59Vd&^Zu5lYp48#H(CK+W=(}*M
z;@l(b;9=bQ-zLGgQ43hGB2tAMef`mU#i`C0i`onp6Xm0HXs6mFjy=tqqwT{H{pIEt
zj&A-h?Dqeh@{)0>h6e~5o=a1g7p5j)>5Gpw6UYCsX)0ulD&TA~<|p~aeP@cc!y&$w
z7V0Ty;VXAPQ_Vwfu`FFCc!e*ov+hT_>POirsK6k8etltOW_@8U
zIXk-+xoaeTruV@*1a1@D4RD9==3d;FyFBe^qoMnrDRbeY?|W{_
zKE^8+i97PnohiG19XDab_k}?U`J+e&bqM{AMkQMl{JaG^FyKhf{sm~;|4m%;nDmo;
z%lt2JyH^TRq%os!l-t=6|Mo9^;ph&y18{x641Eu79^6fEMR1{g*-`;D$fPS%1+wAo
z(8{-kKd8>e$!D9yL1r|hqULC~OuQw?XM~+zk>xW%x7royVZM@zFdB#Bf&i_Hs=hI)
zzxZvK6Py+EEPNJtWmGZ%1)zy0EwJEkIi%U!*bCvmpM1j?k8F4Ao4*KneY?B$jhtpX
zJJ0Pmu*2|tOL^$`ef<}YHo@Hlw-4?ozxm|u0N_u313%A$-voDC!gs-s{S|@xhG_ln
zoQgV(o9^IrTBp4Dynl)vhMO(rp-*&D@cX_A>Ip6e?zP|C+1=@oHVtv}62A$45nNNk
zH^ILx&$qDbZ-FwvZGJ1ngS&N_-{1Ejo39|eYP%D8z(eBVox
zAXeYFjH_{dpRJLrVHob&Qaz0_iy?vq;|O;&KPNUh2m9fKonvq(&)2tO+qP|E<816?
zW81cEn;Y9UH+J%kZQHo>d-s1{JylaZRj0b9rh96-PoMgn>u{CkAwTN-ln>nD($m|s
z`qreE+y`W(ftePEo|26~vr$6nV+BsagV7(Vuza~nQ`^S-ce!VnWBRjXseloRhu&%=
zSrFYb;*47KQHSdK3cU&x{B4_QA^F?%y!JvSS5?QLcY4ceIDI$u3UVO*+Ah4mL(oZ^H)ky?l%$
z(TR`ACuG)!-R-SiL(lwzvLvInAg_Pewtkly>H#f9AFZb}CjK@kLVas+;oH^Ctm)`v
ziLd%wZj8M<$7h(A)$`|0QRSg9M^4Yjjxc8XSHq&$sgfy;q{c9gvO3Vfq#QOjTiJ7o
zN?JnjCf4FwM@*c25yxMkYw;zBzYGx}o6_b+5SNC9bzt6zi2G1*IfUtmwo>Px=`F82
zC5yXFN0o-*r;WtlC?jk$nO@W&D}q*6iqzijYTLD9uO20+IjC~;u8G>isUg*Pl=
z(2!+<0?50^x91sr*l5|lUSeSJ_S6V
zbzPXLhA0tFU+0xnlUajcZ!bstT{i)$Y=@
zYWH1JoSaJ|T&;|!Om_;hzgBFIMLg6y4Hqy6+_mzI79#C5WLDqRyoVzNn|A4SFHfVM
zyhL;_kA|ncQ)hH8Ce2pUewy}7KJ2_h72ZPfu2pWg*m!!Mp_)b9J2@k)jxBpCDY|K4
z`JE>4F2ZDlJ{=sZuTKt-V9htbwJ9?CC$|#zI?qEyb0}V0PZ)Ed`E?_Q(
zDX5kC(qI+pre!Q&s%=S4j~kK&JZYCuU^M0=Gb5;(aH6Cx=5B0*B634P5H75?l9!W@
zxAwLg64!h}TJ@QPULHJk^f1Uixs?`kMrc+IhkHg=@Hc(NnD>9W(7
zjvg{({$12vNL&lho*tV9veE9c#0QxieF#H7tY=>8{(#iUTyoF>@}}yl&sTDaGSCD3LAE2f9wjxz0=D;ezU8As;74(125uX;!jHF;>F4!L@|{98GK^eg=%FT
z)H(SG5s=~RP5DX;3C`~dMV9JHdf&j@zzTMf{vh3Fmo}2wn&o-lO_(%n{pwoZ>&GR*
zTj7)KLC2Qmp6u6d%nYV>UJyWgdd;Iv5L!{_DU*uHs+xneh=U-{b#7JFjojsg8U}N0
z4%obBx!!0@j3ApsAW1_ry~;LddNUg+9|@}e6e*K=sQ&W?ena=>Nur2|1(1l_x{lPD
zPEhMPN$_Be7dItV@ErNp0HC0GbiO=ZPt*SQ5RscmQzW8=OB9D;KkH%eTuZP5i^48h
zmErL~{S4nTenS!)$KNH#?@i#WLm6h8x3)dcBYfupPv*IB-3qbt!2)tEBnf@Ukd0{i
zv_h3%Ru1$re-0n(d_O9MzUBvUApK3C__C40o1g
z11vnw~81Tc99OxoV|qX9?dFM
z9sheivDAs#jy*%mKgjp6x8(z7x`9`J_uL#O(O?gSNXzj0>^glh0^{K(iV@`x@g^>f
zN7u%t&;W=xyD)TPs|^|*ov1OCT5h7P8K~R{oh%A%y&{?qIZ833^JhQ8{K@khK}rj+
zzpu{VXPEPd-0bQT$(uySk-y7@1J1&l#QWgp?Zy2$d|c%gY`E1H%Jgzs@2S-*X`Xh>
zrPj>b#|)s(+J$jZ-9YjhV1xu<=4v%0;%=UZSdp))_`U}jjIFGJ8wp&bSS^jUV+w9`
zGNo)x?n>pKX+Hz&Eb*oKpNK<{mXtC;0R^`$-i!*)>te?>^vU(R1W(U@3xi!~3y@eg
zMRv$W3q9REW!bm&2X!^FpX()}
zmSVK?K!$|Rm7{JH53M|P9TENZXV@HYL&tbkq;Z)4IM7yk5OQ2dCm>KAEe`MQ#Dim_
z8qvm~n(z~s$lDSB%sV?}`{(Md2_=>*wUYVL24O}LlYiTKd3%~^mn%=0@*SQ2jqM3e
z6{&^_pBGCwF;OOq<}f8)dr{nO$%QV8dJyh9)-_xzaMAw>$9snNl
zS{u4z;+RB;@mGThatII{Rdf3YvnQw!KrMwjxr{i!rj$0t;ghI1CP9cA6h~PR`*OM_
zvl)a`DN1F5hSIhAZY+?E>A_p(Hu-zQ3+KWBA<0*@)rFv!>@%+}fv^`V_T~nbfZx<)
zZO(1eMI!r3nnE7I+3!*36U6B6SwEi02rJE*P=+{n+$_Ia$F{7aovaz&!s=&5j4rHO
z(%9eHUMcutyk~Nn>tl&z%egiEohi~%FZvKhVs+^d`ex;eg{7D7EJZ+%QTK23)Vl4+
z&J)E8f4LQpO0>83E08OA;Oc+l<)RLvs&Ht54oE05$mfw*9+7%3KBO+!1nI69{c^bq
zmu@IVf>f8BPc41xT#+%$T9brSvrC1wA~B2s^Xd;zqm4<1IrX;X;%wWGM#ys+*}Hv_
z^!7G(UW|~Z7}<*$qb>~$To9vNddTLiJgwh2S^Q(>;$bj?9TOKlvY)2UzrJ!1e2M@a
z#kyd`T3DEr-BgDpt22JEwr-H
zNh-R89DvD@b8z(Va57{LNOqSF7+Wpw=)5FLn~{@umHWfTyQ#EcZCVP3I-8-x!;3>G
z{UmjffDuba*&CAe8PaMi+kY5>{J<;y`b%Xjmdz`{*>!^WYN
ztOvSg!75++M0PgWG4)ppZ|>3ulLhV)pRX@^0UGPT0z17+1%^>s{3*+s)UrDaEhSEx
zs5w=kZZKKX)ynp*)44X{Z`KQ#3@A=pt)*fg=Y&qle^Y=Kyj3ZazMkv%KXxbEXxo_I
zokM;q9~QSBrUJ}3gn{Ml$@tK@Dp>5x1mMy#UfNbFc*|7bFhRFWl782(>mOU!=)DwQ
zEiYPoeqk?Gdoxjj6uvSacIdtGAKYDwSvGx5mII!sGXsXKt>tUE926>$qcKeQ7~>PL
zq-m*UDismgwizt>j=!T-u&}3OxRakul&BslUbY}dH*2?|c^vw4Fuv&zuGE=t2+96s
zs`Z}pf8fVO2-1Evy#(#??)e41`0VYcKPaXi1%#=*@R{(-YtEo9-?z=XEtwDCE@dWQ
z0fTo%$0>DJxzXLFd0i(Vb9elxb{FV(TP0sy_Pznne5;BG*ZIE*GH(~#JeV?p
zEfwJ$oqUVfw6|X8ZPv@AMls7kjYu#0;yjN=Th<`$3vy``brFqx;k(;IH
z-UY;t~gSckNg{Kf$Dk*WK
zIgtlNqd3kkNhB9UlIFBgVPE*Jaqz-For++apwK0iv!s4of^7pcwoZCn-(G<1)@z3)}Nfc>tSvk9ynC9=QL=ON-Amf#x$
zy!rx@W@r6dKA&!Jvl7n>fK{8oPU;?CwdJmk7r&+-8txMB>Nn124X5YeX}iaz*U#;`
z>(-}x*Ll6n?KyP8X?JakVgEA6;QRRcyWOsRUuF9%=~lk$@bsY6?dzoe@^WfYo}S
    gxQSjw04bk@^1as@XmX*-+Y5U0U#fb3rq%%wJ#P2BP`!LPdf`fg(Y<1C?
z51|(|$>9-yBF>IyyPmtJ{j}_nT#}DhK!BsOM+gx$&GgkEnxKSo
zlz2Sf^un+R=*ZvGlh##qB13m48Xv@$sB{7`prY}>5AzY}wFOx^qP@VSIe-3W$^w6Y
z^%xqvnD#4vvXTf#>Nn6b_xw&*+#=UG3v7h&e0C|)@vFHj&l~;@69jSJWo2sd#ruJJ
z-gZjV`%yc6hB^24$gUb-CGgp9)eg>x4Kgy5UP$A7wfps*3Rdj;`M*Ero!z`^&ih6E
zyJqF_?z<6W*u}laKi*2{_yBfBjOliAw#Ffumg{!1M)`9@{4zZ@$LyXS*^4@Dj_S!j
z8A;-@APFsok3>a@0Th};J6;fYvq9YF6lTr$4Cnuvp@eHY!O~^6NaUQ*B^8Z2(PTC+
zKuZ)u)^7lma+XMOha}koAe!}_Y@Tfa{!=WrSyR=8#>&k+b($bmU0YL4haDnnrV~CEt6Up#$FuSw0#+zfM{TTRv@Bnn(cDMyu1bu-~%L_|Vl)1@5p8JyTv=n_Q2i`@|imgK&T=WQ<6tvsbwi+omOKD7X48y;r{FSn#aaXo5DGaQX
zj?b`OuO`GRg#W@#efWV3?(HLk`2AClJt*H{(S9TX`x;!DRv$h(dwNUcUzI=Wp=_GF
zjh=zp-gS~Ei%tlHe8rfWh1zE(MSXB#~aD^LuNq
zAEz-2z$?C8nL=t>i6p41Q}
ziji54b-6YJR5x4348TW2hjT-_UX#}Dl6#?W-%Kmq!?r!wLCJ(OEWcQL7MLPqVyPg#
zcuCfbMSy@XAn%lFC^L)Nu5BIvE|l7cp4xYnfJornpvzDCs&YcnQ-5Iy(K#RFsdBxt
z*R2V$hT&(fLG9ht+qWaFdfgVmo_kzeId@+Gb6s)v-w(N(WrrQsYh-rWu+4BKXH#;O3=jg07e>{;~&OZ1)}9OK(6?VO#&X
zFkHddN5!Yjhc?e%PC!|9=>Y@JU@YAAj*#aux)t@NV`kpH@XQcjolJ{XcXN_+G%z(k
zyD*0(=ciiPXV+H_nZXpRwI=4#EtTf!0j#hvYRe(W#tchnL4VC1)Ys>Z-7xbzttY>=
zryexgTrY3mg7&%vUzuWZZj-`qmbBTP4jbKZ_B-Hi!Ioz`J!JbTnXf;bryG*uht%Bv
zjAEKs?uxq^tLT35EV&yqBy0CNV{PM<-Sf*~jeojVDW7tOOTO=A6}ijW3(B=p^aouB
z43Ivb7P*}(KT#N3X{^SSRj@VYNp(NszemV$D<)zges7WG^95C+7}y0?o;T65{FDOX
znbt`1ls8Ifd?1J}-btUzM-Aqu(Mlv8OkC)Qn^3a<=rc~Ac4NbbJ>h2K9_)^jod#F{
zxf1%hsK@n2*n_%5ar)0ifMt(g+;Z|Zg&&NpwlB^e7y@5=N0
zv4b)u=jhmIxwBJO4wg-|@ga#i7FIS6ff7s~G9H~RjTj2Kwf?!&TjZAvGKlC&7c=Y%
zZHBaPZEX5NQvXI~mLsBaWFm1>%M8YJ0vw*vRGHYggj!3p8%%q75
z0`A0w^6bo$Q*-V(bXjlbDoQGPvxo0%ejo1=3xYq5><`vw6XFMd$IzyH{q2K|xy%u`6l+VS(-QCb44VHs?UZEJ>M0mIPCnYo-~27sZsrre{n>97wUf-(`O8ihaN9lI
zn(fKB0(5-B-B~<))z}H@&)%e^bh$e9TZfXI@;UnhZr;Q1I=LH=omygJ`5<%nfhYJ(
zOK?FpFNEVn?rCda8xpNeWE7N;GRmvfraFpSWjl51?__&JeNUNpGhXXezWMlI|b5hhfNg!TMHREJ%p6ryoHl{}+5lNxk@d*rUt*N6J
zGjrUpENNKW|H|2jQcvU8Uh)3Kl2B2_I+!+1(-Qx_)p|gb*e+nl&maw7#s^K6>1=AR
ziy{k@F&`Nz_%}3+zK}Dk^)QD;vK5oOi4yuYq`HxVbatT?)89fQFYql!CsJoM;|ndD
zDxb4Hi2WrCNU@t=;86?*8qIO;}uFo}Sa
zuemVwuB0`79YQp&X>e^~;Cb_Q3unt=RP)T1Z1&;{PV)u
zd&E#M-*r{HNy&@shhti|p$n82YO0pXP>l!5+REJ^-~=~0GUNcnZ-o-pO6MxSu90(^
zJDN93YS%h6wr}a9UF_A{@i{d$O5Hv72J7bTW7U$qpvQ9CJr*A2q+_mUHm1I?@V7#;%G2N
zZ#oW+YOdMZ>CsYCAgE1w$K9H-ek=CQPiI(;#*BT-LszX{wRCb5DW%Xv!&`+_em+VJ
zik=sby`dpPHc6y69`2Y1v_yt`2x%U{kXgalET3gtjwu~LC-kT9?RTdVanM>$9S2=s
zq{-zHP7g6i{t!pOLkHU243WmJ8YsZjmv#B=G97m~?v{R(7dC2*;0^-(B}L^fR%?oM
zer8w^SYw5%aKv@Hss9El4m$30bmT0911USZ-Zr9IWS*=~u@aOCU~X9CM1wr5Q9yqt
zca|M{=gKuCQRT3GJB^2|fDJd_#L_cp;N-~H?ZM|z>4E1^xti3rbRoB4nH%o7bRpYr
zNgz*b6n~PxU0u-e9$@Mm5%3lCw5@T97*(9bD|69iZqp<_o;kl3l*OvPY`#JnjB5V%
zCCEkd0}6M8%)WQ=vv(%?DtMXlA{%F)pzKLW@YwoUxc_`DY>csa*{iVWVY|RxB7XMI
zJ)pFim{Z;$_7A77=3(@%hUg5cNXGv%8`b6IX}C_3GvLJHnTf87tFkU))X{Z2G1yOl
zm#8jH<(y}2Ov7vDZso|zm9-_~cJUGETTTN|GxIk#b+iS@RBhlY9MNgQPy|E6fROQQ
z(!IoLnh;~Tlp_}b%-S%1qoUA?SZsm&KFXhPu<{RAwmY?8b?s
zCPketkqvW2HCHR4uNK{TSt7@l`uB5dK&OzLX0f}O11}NN0V;x*j-_-Vq7=zIqFTYG
ztC*du^pIm*f56!+WW7;ArsEn|tHJfpSDK*=
z2B1K&pd<(Jqn-E&$luWMB~+>F+Msv;=&T!c9o4feG91%Y)eaaF4iA82uJV?lpK(uvR{p|iLH1-=I;ro+MP;`2lsPcI!uBr+
z;Xs-rU;)9CTKn7M;E8W-VHu&8*24J{Dl&A7jQpwJE5mD@%raj)7714E{5dB|RhYTn
zm^84Ddv3?%2#)^Cmqm-iWN2|g#=&_%h_Cr201wmvl99QGml}8=oCZ2d24D9
z8_}o--b#V#0ab7zUXD8rHs(q<`pCX_npp&D7i47CPwa$x&ADM!`Ia
z4*<9r`TDZ9ykzva(G-(67B;~_$C8rWy{tmOb-+`HEZi0+&_?@p7~~@a176Scz00Hf
zrqX2KPI2E?*BEbDr?G*C#$;RZkLZS2JJhJ5?dbs(?~62cI8a;0NDxYFq0B*iA`WlE
zj>FN{U5{|5?@Ix#ztYgcrU9S)N||3A%)IAAB)4WmCsnU~S0V5@|B6ZA-&Km}P<@V8
zs@i~E#$j*G%8Zn(tZ1zq%nY#A9-Bj!;JM^?J77rrrMadDL8tCNi8st4xn97I=V-^+
zrwCxF5G~UKD9i>3{!ITC2`g=^`v%@SNc9%QpMnZ*91)vp^S$x;`GwEyLJj2yC0PV2m@
zCre)DGKSrW8+%70KBlaTmO05_`QtMw8J%!h@IBb%d~)2TK$+LQp=UtK*0A&K8yP!A81ijA
zRBLzn|EhzM6&|(QYd$H?t>x!~HJ>5jhXVkK(ozWmV(GN3v{pZRY|QY#oQ#yi_7Dk%
z+G10K@vaeTf0MszeFfORxnIQ*n*G`ZPEl))HVhhbKi|S$uc04}d&`{qa;|_g14M~x
z!NRR6@W7E5XDC2=Q(Ew9LodO?68WuJT76?3Ck9|CgQZ$jV9_pu&9^*#NZWzGpcrP{
zyIMt$jruc$upkdvG6@1uHYjqPcFK^DO!t8pLRCmHr2(d#_FY`M$d@-G6yg*!_8gXf
z8r$KMb`F#rJ(e@18R$w(6J*3Nkuf3pB(qbZKm{=VYFb-Q988Xw{316&%Qc2O;!Bw@
zY0d@G;3Q^qCh(mfHi(r;a|a|g<|u~@Ie`+;<*$=BdERWE)za#24$;#5B0wv*PAWz@
z&+Y375)}PDbqE%Kq`lVn^zMit6mlm(KiJvwo9+kmk#9(`Q|SuM#yY}#y!rK&qr&l>
ztG?JG3SERZJc&RY?`-rdNHAU<%>W%CGUGCpH!$R|Jter2t5abA0>hzJOCvo6Z(iKl
zX%~VHQevDcqA$(nB(Wg%$GzH@AFvPd19cDG$4t#Y&>GF}BBIq@Q4nT>2Pd0)q2SGM
z@7O6AAT3m|{7a80I@dH+)+J4fL;k`iWbbL3#QUp|3#Wm*v>>CKRc;BFC+;(<`s%S#
zwW_Od8N;Dsa&P9%6OS_ZEbq@SGgBi^=+?y>%?N|t9-Tvt0uoA^DYR<{;TtCdz0$|H
zq2(){ZgVx68Q`Ws&q6AvB>dOEyu$j(N04uAYf3_Q`Jp`L={&a)iXGb5ef_vF_~im(
zaC|4^Fqq1jy;p4)w*smjH_OcLm7nyOKZ_uAI85O78~df01^ha{g!wE*%g`uzU0yu0
za2yS*xGthSvohSS%S>_%s1U~Zvm=cW8l*yDaGi=KqIj_Ctmwke&`^+qkua0Je+p-j
z1}yWaRSYm0+UV3_B@WzZH|r7zhBX2IVm3#oHEx-kKyQ6%e9V-{V2;nfWB_Sw`jYgd
zZtltTCQH$k_TjCXESS^HsL3hNFyM}+meO`N=Js(hz)%KYnlhHk5C;v_hhRMtDD@}c
z#F^JuZu586A-wlBeCkdIPLy!0NI-GR?0WzGX2+7R1~YhQwaj2?P5HBkPv(1lnq&AC
zBFM!9_IzRXwNnPg@bum2_Q)KoqyBm6x_%)u&#_wwL!;uBVrvQM^?7+qXYFb;<8FrI
zHG)5LA%|Ox>NmBf8FzUr;Tj4>ZSez(s8|b(Ckdb`64pdVmkNO)foby37bdTGgVdo>
ziKI#Rn!899C6QLrmSzczA6)Jh6UvCxr-cB~bYS
z(zbql&Od#qM686a0amH)1Hv4C4q`t;4?EG>gDw*=ck11)B~W1|w!R4Tb+ra$%X
z2r8;QDRLQqQ4M|o<)~F@HQ`g@Mx0Hg}P%a>Zp3FbcVSYnCyeVlUY#w{@kl!JQRvwu8LM7l0mrd-k+tY?8R?&8la`s8HNA+Zi1Rb!&sdtygC=jI+bP
zvXf@pWAUVoZ*+|K!FpfIal^!CoH
zrRq4QV|AKk8!15JgomeIt9+e=ud8Sk6}mkSUbl~t!}pQR?
zxc|i|?)_7RB@fHr-DQB&RAu}*0aBGiXN86yvqhk;zOBA(2a{9u_c3{`#MD{YHPtB|
z*xNYx4GoB;M*s|$uM=WouL#0qRikci^rjOnzR_S*vm9tiy|RyqDx5n$DG&d{okZ?T
z&I{*SdQruY>6p1Z!iVuR<6koP6z_0kNM=!2k8rv>Bwl}Fd+5HeJN7eu{K8w*OxHcA
z)+}?bazfeQVrx&aVt}fti%X6W!sPSEh?K>FTa1T_T-eQ4MkIM!3=lqD)Yb%W_xmSNHc-MqvZRbxTplX34dJfx*lzdewSu7WbK
zf=_^ypCFL9Mn0c8&D&J4QOw+!pt
zH-ptz?0cW41*f`J(p=C9*qO?uI(Hq@(i-Kkn?*WE#6b6VrL~kdW>2NzfzcqC7%!!s
z5>KpgD69xXnzkLE#vAdx1B@p*#fH+&_e87#Me4{Vb(^?pCj~>KMlBW8LhFE
z;dxz)B=Id^ZkwryQi9h$J;bOdaiJFem$^gKkU<4|-i>3TsEZI$8&9=m5G!ezl(1!~
zg%lhq=R~{ksT|jz13jr6ol~kCuf?;Gj;`xFjt(x;@4Qf#5`cP}aWr_qh&NxbD|Ji_
zn%d2P+H#r`Az!!+$013POGNp5b8YdpZgL-;-y1ur;23D3$AcvKD
z2K_t}6|uqOdM;kGWV6RAx48&atAU*ROA7V52>S(s#0g9ABCs5`gr?~{<|s;7n7sL&Dv2)+S9$|#K4DloC!T#3KJ
zNr+*HP#E^d{sdM)BMb5F?IK{pOjN!g7GVX{w6gM3$&0;UVk^o=O#dZi60lXQ{9oU&$q<>$1R{~E%WuDp4T
z2@_buI$zrs!Ug{Kyz@eg#|bW?X2;IEBm`^r2d;%?@RB~`3+Shmb6ew5aqC(teFOmt
zrxvXOoZQwLMr_LMJyQU+!}!Xolujxpu2H3nI~e^l@xE#N3DA7?1Xpx}%knV8Op)34
zF2}ql!3a_XwXY7=Q@zwY1}_n=0%RJ1|%N+?@Nub^za05Jva>{cz2)y1my>(bf??IqUq
zP2`57pFLuQsrbRtaSw;XUcqdt
zXI1FFTjw$!G@R}X1|6+Tv}ub?OiXLud9B(fWZ(trgzZ*mf{tpE&%bv~FUgt=sIWHMx)hM)>z{I$->970@1%llf8MWDz{RWiw*H!d+vRI?Ytv4Swz5G=Q&I7!l
zF~YxL$B=)?ThUz~CqX#*dJpK!eg6sK{?ucAsSXx29qz5HKlm3Ll7+#b^}m6?(HJKz<2Mz!0Jqk-&*IMRktgYOVjF4*0;BoTrRnEq?1MnQ0lSg3r2
zcm~K{Ni=F^Z?uP8)bmYp#xOVogXH2T+3|KoNNsi8p67m5Ju@JiEJK%BcMR>y(^8^D
zawRB7D7>f)L=3pVA*6_9)y_m)HC2_1Xv-}|a690E%ClAh=E?IXr@4krTVwf;+2M9)
zKR6==^Reji?drtWtL|dxo)*U7Q84zP#e$GO@?3-EvTcWG*B!w--uMOw2p
zkiLX!%#q~k^OM3w3CC_w!RBb4{zeqNi<4zKZcC1Ay7NT}6#}qzE!zy|o<~UMpGWrQ
zTOW9xP45&_is`L#6fGNLqr8@}yYE1J873s0(;LllG~fupbeS>^r&lo0rkeppIWGu+
zN;|B{$0sX@JkpQAetG1tPr%0I__g_)7FW+P+>z(Yc`bIg+=qP6(ek^xuG9Hvzz(dz
za*}Ke`hFD7_5>HDyU2t1tY;4-SnY4m>$w-&?5!E>Y>JNs2tnDGO9;P^8y%b|@9)=&
zk&S5`fX2aV%ZQ!HM;t_BuJ5Vp^Zi%#P7K||bKuC|e_x}sjlqI;Kh+IYV`gsOy>yK{
z1Vm;^HZ^jeTdN)f?fADFGZ{Qz3n83dJ?8heF|>KcZ%?0LS02CEze{dvwLZ?3UuG=6
zNHM;V?R+;8Rz3YN9!+lyasz&y3*T%k0wG2m#6k3h@Z1~d;~TAl(Suq-`~F!t`K@$-
z_B_MY^^qci{|lk!8hC{B#3S6U6CpRX(4N#%3TTg#|2RAqw0O7|cy(Y6pPZVwXOSmZ
z1%;Majkn0$z5z*G4kobaR;-)NwYDcFX=u@s!A+Rk(nM9UaX^QQ@&tmi`Z{`mr;-){
zY_J7{HKfrtnZ6$DgxnpC&xm2bs5X#SQm)_*8~8(xFGYJLdhbJ}BXU1xo?^R1{H*D2
zR&Vt2IZ}ohF$0zJ8y`v{4lsQXJD@i2~=hch%wZAk`
zdT4LEzf0hcaGwI3+Cv5-1B^)Qf|CSydykG5CN3vn`?l%KA
z-!2aU-H+?TUVnNpOHR_F^i1EH0qmwePv}AI{GM|=jHq8C{aJq*1uN_MzMX327vv@4
zKByiS-k6WRU(O*=KS@cw7p1=m)$(-EJZj8e4?maTOy9!TQlAyQKkeV*FNc;c+k!AQ
zKr1hodxApOL5YKVicPE4?B0cNtLj0xr%W-*dV$(^G?f#4u(|^8@jAVGVxZG1nyK>iT%UJ&gUBvSX?e(
zt@$2l!j}W-K(d9bI|{=hinyr
zDimgO--1v2%}I9F_UXFU`{GkPyycNLqU3wckv=hzC5T3Mcqj;lS=9YS8FOtS_%acw
zJ`gQvVxN8!#{N`K_*ge`eR%8gXK6>;wb7*ngkvT=ahWbT~Y;6!BXmg4<1gMIjG{ez{P}c5bj}L
zWQQxU#)?2PC2=^2&PA_qYWzg?LkRGr&xQ}f4X}rq?ze{t{5zmAldEgU+KD*JT>^EV|nb!JO2Fo2iC9T{;Is6
zmw6gS#B=l9M(KLxDt&&2XzcQ{Wh(vV4kC10wd3j8o^?KT^Iq1swG*&pI=)VV*uKWr
zQ(hSUnm=??$PyT&08S7?qCq28F%QYjVdni+{
zd;Q0OJiCbXxM=iJWumJE566#-rI_<7OqbuaF83{h;5C9EV{OJ5z2o-zuGou9`wOr1
zUM%K0Rr}J!xAsJev$yrsv*u%KzvhXn7hvBEco8cVDOMFq!^&D@+6RbWxp7xk$wCYgGeUM=P-10)K
zqQp7AauC!LzuDibowTBRBrCe5Y~K(xW}5Ju*Pj+NVLIOa@pV4D()u^H9rOAdFTSz8
zIsKm5UI+$Sua;l%f4biAwtpYlwtCk>F=*YT(7%qSdYef1G?449Ce~Vyska=^{*U<%
z?Nt{;yZ)e3<4%?Cl_u32UAiZdTyHqB)^JSyf6OV=cb}Cz736wLiM5tv>dgn0ns=)7
zuNA4@s?t6GYnDs6&fKXX*8?QhT8#mk56(63TFo$ywC7a33Y?Z(?muEeOZ9H9(Fum0?=M;~Kg^
zsE}b-u|bYU)vhMxZNAGk0Yq}>AhI*
z5X*EH^427=`wZ-l+V+lOk2Y%&v8N3{zfTfFvwsv`JkTD!cB*0@yGB)c5w5f=$y4n;
zu}a>niKB+FGmfOb5_Kuu(*&ozDoR&_F_C7T12b$S^p?a&%{e0+W-5%+bI4XdRSJU{
zN#xzSVA=oPqYy1SmgwBPHIYW^qbe!7@01DoN98x7`GaX}1{8a99a6TmXxBnN{8eFs
zJ&ASLd~g{jF$=w@v1j-SoA3q&of*ta!#@H|DBO^$HL4<|@^H=Zq1y?{L)VtMi#d+J6FW(z6f>QJGIc-B`kp!d9Mp$uchR1?voF!Gnx4Zra$t#YBd7G2dpp*S!
zt+u=2i-2LT#3{7R*K`S`jy^{SNPepOu}L%~N0!;LU}5I)Ig&6o`9~lQs?lc8@4Nhk
z=5~A136;N@Q2(r@Tzdf<%B$U?Bq+IZQL?jY`9z_EyQ7lDV8_ZdxK+`XJdL7_ttJsB
z2>Q&2oWC=s)?&4gV@5y!F;jTolo!_~vY0SSd9QSPbb(RN=EIz9EluaQ5yXTAZ)
zj^|?O6@zJk*lv{kAugjWWL8(O}xCyG0VirqHtD#eVy5^x~^(umHdbm+@+t!fG
zZ*tP{G^?kxw*CV!%pQLO2cfB;y#|Zb0T3Is;zTEdLr_C3h7U;lVK#s0{b^AfXT+9~fm4^Fs6e*)?7-=kzV#~%)>d5Q#1&gV*}6Hr=b?f%
z2|Xu&M$_q$&sbE$=|c%>5gQ-X{K+4*$y+ik$lO-Sz526%VCa=xs`gQVG^7dXaVyVh
znQ1s;+E5bo=m4W66uZ$;pPWj9c0xg~RI_FeT8-QgM`}y`-;7wQEEIgSS#^(x8D|ZJGeo!d%
zyL^6*t8Lnrw{9SYYduhXzvDtUd04YT@v!hAorwM=1u>f(ArmjO39&(
zV#pvFvwtQeKC*myjPb*9CN|w76x}wcVgvo)8(VRpqmKrG^p4@fB201YX{Q(ON5?9j
z8dk1#&u@LEPB3=m3tQiWd%5&&)%zXIsFVzEhTCVX>T;(F9Mm9bM51%evh`+GtaQ_=IK@1;FU76KpY-%En0ZL++DEz0VIvJ+&og+me5%aNTNkM&EutC7rm)_odhqE6s_NT(kV&O
zVV{Sy>!6DY2$H(h{i*KGy@M*QRE$ubK9$(;V}x#{Lt9pn<=mf0pw}I+G3*?htC$rz
zQ#^n)Wpd?*!T2VzE}hX_?1Wy%#Yfd!6uo+pL2Y=K-H9I^3cKRd8!p9s6i|F{k`fmB
z#I^(*K84~j1(6&rQSM64ZMe$XbA35SAHurR$F88(-I>mcq08EZi7iE31|15Rb4`v%
z6r*%!&DHQ)2Aj6Z-EOabKai4zaPC@I2?L)ybuq3w1~6f$sosn7SY(!*xK*FOz&AnI
zm$QMa{81(Sq${7>DhpY9%Uv6$GY7DfJXRzgFY(FqO)LkXm!h(1t4m5AOXj3b;)>MInM>VI#ZeHlcQ>CF&C(!YH}99
zqpqzY884W?gMtEfJGWOf6cVnSQeF_81L*deTiM52m2~jKSV)n
zG;io&)xDdO%h#Cn4^}Ve6VnW5bXADZveN~jAL&=H!8@y7qv0Fdw@1zaSyKq%ziiTT
z@i8gw*x;IK8|c}Z5MWh(NkL^&`PLyAwVDq`SMN2P*^?lU711&5oA^>L-S~IJnd-2>{W>3t5K=E*Rg)=Id%&{;^82Dv
zS)|X%*qov7vdLPDq^7Ey@xC>S@uBT?5o#}268*M9$8&&Z36qC`Y3Vg^c`0s+#%*&@
z2l@pLrNllx%MaZwnwF30O4+bO#;R`6W%^GMueD3;
zk(Vyu$`gkC<$|F@yB0vPpW+vBb+IY3g08KxEjN3Yt3LnDdjxA0(r!3t1=*KXhvj{u
zs8P@+9v2s^!%k6B`7X6@88|Cj3CYaw`F{X@K!LyCq?x{2U(3#=GBCj;V5>rDEhZ?k
zIh^T00ep_ND3A&U*tq(r`GwzzAR68$YFYG}1klx^_B;1J`_$oX=>h5Asyi}L{>(`H
z>_~hE;*D>iO?!|RW*MI?f`8|8;r)L6dcVxq^-1pqeZj8*^0%&{AF7pMUh?0mKjw1K
zZjDXpGdk4nr`4Jfzt7p%X){5dZ142tE;2@~4
zCYZG#F7vhd_OA
z_}!YoYo27Uv@Rq5D*~tcqfcAOX%B7n^||K$NX-M$WnAm~taXG`7XvGyu&S*-9%e}I$TYbqy`7M()veStxlqLu5Xo*d4TGxg>Ye~U
z^|})uD|X#HSZqV2Cx_xu@uWcpx`TGkNKp_@j*e%hMs%J;!?9vvNO0K2))aCeL-C9a
z&jv{%5yGQ$k?`(Yu2wuqB*Xa+Plx^PE|VN5(v&1a*r@y$Msm7#jGGjrj7WNbb&>lCf>%!3|6d~z~$=6=c4W$Dr32-MCp-AjKEQriUy
zd?FG)dgfB2>6k)`&%}J(IutLQT5S}CnR|!>iyz7%q~~&SabjxY0ab}g+sU=zqpfzv
z%10e#Wuk4Szma4njtK}v2|+kTn}HcBVRPLu0uAK||D8EguxK{P-_0AmzT6hSUuOaC
z)xQuq0E%d%MZ2!&^0(6ZzMw^a3sjnthKoOo!3Rad_63Ww9{kO(#rXBh%Hm}vZyTw=1$O{hg;~~{W!D=
z>n&N^s*8z47?x+OR3c2IP?ImsxXZ$hIcCjt+`V3?RPdNW{kWxK8CpKe(rwG=t@E|k
zx>k)#hh}*GC#Qo?jYLJUBJJ1aFNl>SSSx^PFIz3A0=xAv7+FtnLyUHVmw7Wy>r_zb
zSc+71AOVmjJQTBl!qJ~2&3LFL9nc{B6mWWrU_J7!fV^XB8y-`$;RFq>hf>D>o!8C$
zj0}+vtR8FUxa!kHsJ5JDdo0cDOM&LdJORg#{Egm^qQ$kEMf^}T%VG@Gvp~*jwTxzZ
zBy|xqP&uFQO=vl%*uFf>^;u*veia!V&CgI(*IYazc<833)pqMIi^@lMBS87@a5WzDfaA1
zJ0CV30fYg&2GZh-o92XI@*THXri}zs5H-Pa_o}XoChaB{c?dQer+`O+c090AO>SHB
z(6+I_Khih`jx=NvFkT-#-xp!@aJ_>WT0>O$-F15`qge!D#hw6XE~c?KhAXv1z$5Ww
z*+L$%FNpd%5u=jlboQq3*_$EV4;#==GOefeNP51|e8*|KBGJ>fjbufnzOiIfGd?LX
zx3iin#UKIva^uGe!D+xVg_H1QUN>erpx^YkC7aMOpea;1(U0-Q05CNd+eR)X^J*3a
zO_Y(m$6pAr9*_&ehJU(n|yb*JCzkxbVui{ML^NL=bkvkptRTFs;0de`4oUM28Q
zUnZO3)vZB0Z?%Ds90htPg#j&LfbGLaup=mbzZVrIV+mLxa~lMOd@dL|AZQ}hMUG9>
z)ZfWD3#L*T%X*)PAU0bJoa$mWzmY3up%iFs6+PJ1sW2C|8e@d7tp_Ed2$5CLM=1ao
zbn;uM!CO`++E({igHr|7fs7O)V}nN&bW|2vdztpblV7tK#R^SC^q?H2wxpXcyMIfWM9f`3biYNHwXW@W_z4YibAS
z%`NvDc(dAT)lzgG7^U}kx=ri<-^+X#|1#QU5Bg?ni-!%Y!My9@r(`6uqwet-q8iB-
zHxLeR+*6O>ga&$K@5K6tkv~W9+mS;bAd;U);B33{X)+prfhTSoNZgXMod5{csl5PU
zYjb1e^!e>VF}GDf?#sZyZrp
zXl(^+gQp7=vD+b3XQ(!^d36qctlVaC>p2yMN*i>v2!ukcq|C=3sIa^3(`rSlthUaA
zk(wpA3La&x9JE~5M><2b!@Qm4abFf);1PAk?q0*eVXCP+)9>EXZszgOMd9d{KJo6o
z2Dr1}ZbsZo;I4yv1>9@k0>9N8_H;8~)w#S(N~&@1hl>3j{Zv;R5i)rhp4TQn&_EkN
zV3*4a>k3mI#6d6{Mv!4C8^wiMVZFs|I!cH70H)bND{O>JXsF(u<|B;Z6_+NY=l94|
z5o|=dRamoLsCTbSL=l1}-axaL)^-#Qh?OK@1`e2EwVSkGJCOM#P&UDY>(4<9j>qp^
zG*OZ_a4p@3dFURqNvE$Cbv5c>6fR5M)E6~e*l?_MO69*8Ye(RsO#!S&;DuS-PdkHM
zrG0t7AnC7G-@SLM!tSoat}r`j(>#G81jg*5rT3{XG5#hV-}M5O|B`;s!wmbH#0PCD
zU*a%-s??7!>vjf1Jnzk$INCmi{9*cjfZ~B}=a<9r>_J1O{=wjRbr{sViE9om?J@AG
zH;g14#Nd3UPwo4PhF__BAX?>3+#|rXuY~P)d_DS5UJQ=Qq{t`#7=`=0fn>>#!X?W!
z10SF$Zz?#5!%YQKUyZ>{1^F>JXSw#(=r}qZ{o?Pyz;S~C^h#V2%D-jkt~Lb8tnYJ<
zd<0Gsjize@uhE;3gAkA6Q(rUBo8tMeMd`Y1Ud3ID!>f8LaUk%iugkhB{eWlVUYWQn~>
z2m1I`02>%4wVaHSh+xax4q9+TNDVe+{CH0NHUZ5NY4HvE;8#IHhJk`Di5JNjG@P0@r2U9g
zi3=1%QDPgky{d;y&I1Wh8Mza-$RSaRkVoP%pG=VEK@?YdL#m8Wd5u~&>pREYnnB>x
zXDN*=5kMD4QfH1u(pdt5Cq{=zgEr|))c7o1__#&b1A(W1j1;Tx&(PbN{8||;sBr`Z
zL^4h?k~j8VhBjQ2)6Gbaq-#kTXP2AkII@HI?AMdMXj
zcdZCkWMRvb8vv%QW7z1?85*C|5>nVyJiqgIyA_ao@Dm&SI19->wakybjY6mxk4TPU
zkZ?%f^AZ}ML@2}_#ip$x-l?9540PNZCfQ2~Jz`614v>c|2-cf=osB|)f4!;sg_aYX
z)-HYt(%|*&N&|3ATvoi#{4WA}!|dDs?M{w|uklJu+pB;|^~>EVVJbv9eFWrhMF6O~E)
z%5UrkP5ulW4*;b7|NUS5H-x=+zn)a=r&PspzU59KcaBE>2q35$*%=
zfIwEEk^w+7$of|6yP^^QL|}>!KoIkp-cz8Fx!^pN+QyDzLS?j
zz(Y_mj)?eS*!xC~AsW+AKr0dRP_Q?T7>KHYA2AZee=il@yY~vX*TCHZcL&^EaE}(>
zyLSZK4!8!mJ#a69y9w?VxI5tPf_r8AgSpqh-2`_F+#PV{GCBU>ZF0RX{F{DHL~k50
zd0vM}Z^|A0Jzpni(u+3gHvZ7wq)mpn+7!kCz|K?OL&Y)RgWL)O=JYOCD5^l{=uuVR
zD6H;EJ;{{4kY3E3SUTxcs<5c3aQq|3q+J&qU`T`PCMFaTU`U)ORqXZyeVvf02_+K!
zNf;+2pbITv`faxsCAA{WcQUV1CSAVB9QLRVeKCI?!?*rDd{0hSo_5KU7plsJr%$Gy
z%?<$)0u@25wH>4B=q%E9(oV`a)nexP!rd8AL5o4$|5A%~Zg4^WM~DSB-P^JWid9NfG$G`sve(;Bm
z{P2(b=#Tw4$A98u*3rj4{*%*>e}dyP$DVj{cJBCmQUp;=t;#}`Q6{U{`;e|3o^WL
zxz+A?VYVxZEYk76Qv3h=_Q(F{kw46;|6n@r)PrSw(YIW4lE_1n0xuNHtGUzVLNSxU
ziyR!wp3k4nmNs(b1>3-KrNvA+zmivsjyG9Gv28o8VR(@uOQ^Y(RK|d9fM?6u#bl(|
z^dc22@pOvQsL+)Q7tW=mluSB*e!GB45Y9yFA%t_Ab~2mQ;EnAu8y0;NFPrm!*E){+0|__
z50FrzErX?w(5dNS?tG4Yy_j
zC&;IOrhq>6Q=mwTRv&GU1pVMg5%{A(1vm&=ARkKGz)7pPYMX{VuetZ`p0
z-_-%r#Seu{ajf}%bC4H>{=WB$wC}L!J8Az>_P?(EVjplz
z`+tM|N$tPE{^?f+7$>p0xv3b;@STA$YG$YCOxuZ-7Eo$Hx};Jk#-m9QD+Vh~m&A}~
z|HS-?)2I7l&4%*Aqp?k=OFmPxR8T+uqne{C(#L2~H0Q$o4EN&s=3o?}cSRDC9uK+d
zzR@GI$izYFGeCdS9D#Jr{@(&$^sP>~1z}_0w&j`TccS_+Q{wz}UFI)xg#c@Mt(sYNKB`g$e_y}cXMDkjG=P3`Er&YqYJJtL+R!<1
zQRQ$|vHt&?mim<0cJb`vsZ)o0s8~P^_rPx0+y#Yqt?}XMu6;55_xy&mmslzN&5h3a
z?lJBEn8C8nx_4MIwSE5YevnXLZi=Rqa2<{x53(XW2h%b*=-)tb4T6
znU2EE&V>v9Y-gQ1BTsimb~NLBN2XthGzK>Q5_HRqQ`_p>PP&od&)abdCA$X0z#1FZ
z`hpuRuTZR-1>o6z-5A<1Yv_$ir_P$~PSvfDnUx?F>a)E6M0Qp7u2QluMVgJMy)zQd
zm=7)FwKTx9OWtu5*cbSKlMF``Fya=F>_)IQ6tWLE?rW$KL?Q|jOdi7Zcj^p0FN?em
z2^Qr0dL`T)#*6*ryo0zD&NBQ$!!AKp4_#-DMu#^m^&Q^k%ULLtZWu3^XnU7T!^Vq6
zG}%G2R?^)@A!1blGqr8=BkEy6dtPbTbl2v*?2^TYl|{@d?rd7zHnbWnzQ^e549&nclG
zSMRe){MW@roi)S~A4v{0!7+
zdyy`=L+!>6Y&XhJlof@qp@M&w-uA-9bw|6U{S8g?nu+~6}LL(~db*Rx-sM$@&Ysl*2
zHDsya-Q8AgAT&~4tvZ$6lm3Fn_6@d8STAWH^S-kd?Itgs0+=<%Vrb%KT;-fnf>*AaKr8$m^1XyBEl*GA|l3bu2gl|bLvH$y(^O#)fsDY`8ctv{HrqLJ)M
z%YZqSpE#~d#E3F%G**tbdAzgGjvFKD=+ODK^#?Ab)*noy){m@QN{wW)$wVrb1m-85
zyI^GE%P{V@7xWCL-kJTYe|-H1pGoM?gF+Oiwplk|k|Co%7=Yz1HO#6}bc&)k?Rh?G
z$4Rs?%J`%acE+(Is6a0R8|C;}V}9mL?D^x0r8=nOA7sQNiqIx3689BNMQ7T_4aH&8
zmQ7ERx6lxSuBeahi+ORkWxI}@t71noK|&1ImS$k3P~xz@jVg6W7{JwH5y^OXI^u5D
zSRwHUY6dwQ`DjLT$$Z_~ry%K8Q0;yL)OIW&m
zII_{m0E!qc!WgycB{JziAB#4BjL(l+pP%$;;qU$TkALy*xBl!0x*r^S=FY)>518)}
zzTPFQ9eTdjC(kI{ulKvn1}YWcrZZ|8G;J4mF>K)6UvYu4+ERBV+(bU3KqsjR
zo37Pr;FKU+Lv*i`Td-;Bvym6z10QJ9z!G}|?NJzAn=K($+QB)MGj|UD`~$#V2z1!B
z5R@hCgTAL1-1>mgq}b$4my}w5t}RiaToTg%q3Aocil?8zU3-P
zQL}dn+!I%h29O;D{s1%*<1tlmO#
zbljxc+Hsqduux@Mhq$vNgQCO(T|7)^kO5M%=mHOedYwq1$wa!Mo*
z^0{a&aF_MPFs2={N1%KyG{|J(k!pS*EtGB2RCl0?6BCAq;~pt?KDa=e?JMz2
zA-9xyA(PBzvgw4Bk>?6NE8}h#n*Qtz)xbi82r+IaZ8wNcVKBW)=VF*zcjY7jpC)4V
zMfN;``g&Bwvv}Bc+dM0)TR5c)tJbzzbG$O1O58TJYTu53j3!ic{;oW^@x}@+i+smf
zlQ280DjF(O9O#p7wcu_OdsC(p==gG78lJtvO0B|mY~qKOzR+1HK9GW!r~sh>JkO+3
zx4#YJ^E)sG0hYeQ&%^SJu=h5MO@JE!`v5lqNY6uyLzGEMbwH$A2C1$~rwmyPCT(*_
zffg|3^d5zTzLACGngnaRs;KlXvZb~f5ffkd3ZMrzO;pF1X`2tXN{vyo29e}2hVYtl
z)CnWaXG~$QX*~EVoN*TOR*a=-&eR2#(Me%CBUe@uxvW7Zo5Bcsy}R}fe1Cv8
zz-@qA@9_7(^?i5-Xbao`a2vL(Pb-MK5a>ypjS{h4%o_agpYI%eAK)JV{vP1(0R9Hx
zF9DF?!YxO#HsS?3h(n@J{h)}C@S@sBkjKFN2!JE92k{sHijN)#cmm)_ydNCk1m4Gp
zJT2begm*Cl;P(I10H4G=o&cUfo*dv)xYhuCn%B64N^w(FiX{LK06J-N6QBfuJYo~V
zDgal|EzlGEdQF5Y=oTz|g5RZ9r#xyo;?Ia*UsjYC|FGVVjNt!X#D6)Gz8Fbgj>K0Y
z@opr)?TG&mBI&P2(!UYG|4PKqb7koKVaHTW)4+m1@xmCBhlUQRyJuOhcN_X0z|DVQ
zxCPH+KZ3CWu>YeVd<>ur;Mxu1EYN_cKX)A`V^1Dg3gmNFTJ|%-6I^heRX9yZTgDGw
z2n{jd?JRkM$wPC3{CD?XfiC(t7|Q^60p@=U^#DL~0}fKj4Wqe(rV43>GeoFk5Fu;m
zi>{3^J$mt_ebj(Ft#x
z3>HLZO%wUt9#d)8d9>>!I=~Ft*%BLOkriO|!cUws9gd`L^YQb;$KN=5e%Nwb1-ng0
z3rrVfS>lFHB8WN#42_!Lq!civKzrB$p?c#^h!0V@lXyx*P7NyNO~N6-=lo3U+94NX
zHlZ_?f%S&v&~eco5T69b!r}G>dx-?3M}rfnBqzU18Bt>?e#9e({N&l8Fb}sw;ZH>EdE7HXG6{)7GJnqkU(?0U)U*`Z
znW3MlkZ>N?l>Zcah8AGK8sXGA));!|`VfWtIzPNs1QampucFNe3-}X<#Wph#6~!#_dysP>Ed^MgP9ZaDwB0n61h-GJrN>2xF2o=f$pC);GxW@uOd5z49WN9uv6=RL-s
z>_F@J?esAM`hLArMDxb}=YL;lA;Jvjp%V?hVvWA`j`~(te(F#7(-`Nbgqg%|=eC1r$mIJ0!nB
zA!Dd?8nIZfb-rF7X$`-)+42tI@R{lng~2`2)!iCRisRfNG`Z>SgdGPv>
zB6?s@_uKE&)#+I8j2QR8U*O&Nh!UWlZJAYML~LuuKD1pQi0(v4K>453_+x;pn}*nQ}Ix{~hdfc{>t&JR`Kq}?x5_>dny$k#=*!M`o{
zA9~L@aj%N29+7ZyuWDCudCm=WmOC~x1K*+7XU^=l9Z$uV6Y1;}{l>7Q(`;mlHfL!Q
zlY(r0p|xeYCf#u2kUaq0Ek3fgoLqfmaV@#}@Cy74orfPu=CeHXF3xm@=Hrc4>9>)!
z+W_taSho@7QfYi47?nTT{}QQqm)_@p9kut6?te4)?0=-z=$IY%>%RRkr#GN054{f;
z_4r6m6!-_}7l`)$`o$3Ee@@)1;$DxG2NfAk_x$cb%jt6OKkAR$)2HvzZkPt3quq`k
zF~v@dev!!eBs@+cZkUh7pHdq;sCV`W!KKylS`LW;blfc91TnQ3va0v6)!+b%Q>3bTsC37gyseDSt$g;QIQ|
z|HAwuZb*(GEg}8oaoykWeLee|E)|~E^0{7b*Z1fw-!|EewIE30j*F#(x1@05l&+~CZ^cR^AlkmIZzQA#K2dm0d
zAonHUiik5xrPi0Hk}n?$RXRyBx0sqrEheWT_qU>v0Zsh)1_z9zX6PQ}4|Y}WsZ)m|
zQ;8*vg1Mqw)b!zG-LBm2#0cHg-81e?@3_;PuCqkFuj>t8q}!R_FLh&Y91=Y{*QEsd
zD&j-02}N|K=ysKFCr0*VJW=y}qzuM!S!+=PwN%<=!6P0WMrIdhFWv&^aZ~Z&$$MQ+
zY>Y|ICw_Ch&z-|j%=0a;O7~sjyn?hr^vqpX1hEv-Bi27=H=@ws0!f#Y%v3mLWI3Z7
zg2apT!^e5ta7Zwo+^0;Do1u+r+@!&qmGDlTj(`n1FD^cm&3jvCN2giGl>4o?N7+SN8v?l&gQO2|-3gQr
zDelP1tC-uiI-g4CGO4rzn8u$O{E6YuDg2pLYtY+c>LUD}Iz`Uu)07CF=-8}UpMCG(
zZXYNEv;p=2t^wSL#NWP0`a$95hm_AR3;W{U0wB8&bI_Lo)&a@@Z2*{~3aQ2Aq@stF
zmE>Y7o@bxmy8<8e5Awzn`P8Lk=&^vSd#5*(qJV5NwVKL9CnKfpSX-5!g?9t&0bB#P
z0dNywAK(@M_TX|=O-xLjRK==!Qn^l@e(?Kah{8_|(JGF;s7kj0;XL+~KaZi(FAewl
zCfkF<9cbDt0Gg}5<&Swn6~iYuATTnJtOrvA^9wrvqS`5{_@Ys4pd3^UKP~)|xPiRa
zpR*VfW`cTyY<8JN90N3&faT(++*F?2^HVwf
zVzdg4vJ7ZE5`!0Qw^=smI<`ln1Tq>^Da|Un&
zQ}q9eUn7`0WH%FEgF70MvfG?R>iN{nyZQwkDupOYB!Qrg^{;#2O9e!v=tWmq`9QRB
zZ?|o$#k;dSLyq(*&|>zBePVgV5Ck;-DX&Q4MlX};!P{ARDw)luvuNb{*Kw`KX%UFh
zY(g!?vx|7`=Av55reI`;>>fcMs!+c|b3b&$Xev#_2}E%TWOB!M%LLD_#N2VouHa2;
zVlSvO1I8mOQo$O4I}fOP0E=X0H;lryE80yKyQA`3P&sK$zo8}!eFN*R=
zk+Cgn?nx>=D&RGoD%z*3*DBB{pew?tH>^e-^$A1P%}q4G4XZe$B1JV#1GHQNTX~i@
z8X!Mp50HM;o9)VLk$n-@eCWw)R2U$Q{jyQr`
z$0uXzVmv}5(fz6$WUYA`&b?nD`eAl9A+j#LuwnyY1$iNNA~j!GM5d^3p2!;AyC#ES
z0k46))BuRWUfsJgnsK^!^`<#a8V%fc6Af
z|0AG<0OtP~=%hD3e7JF+@*Nb`zrytB(wji{0gUYd9SAV|WuQ;r{P3ZDpYk0PZp-_1
zy~o~yZws&luntfLxN#q#eV_6j6!yfu_7>OsHn?{IhQIpW!7+d_fbxBS`TLabps*zF
z`d7K$H^99Kun%wx;5OF%Yac$`y-)cL3d7x1)2_vRbmkwptI
z!**~%bV(mcW+sf)G!Wdtm1d74%jcp|M~|;)X*Kxz4z#+*<#mC8#CsJr4IjZ|D&Ovd
ztm)N&?$yc#K=d;T9d_6ic@J}S^%|4HVa=WnG>Qc*MvtH^rdN}G?!E%CUWD8--7#16
z(Irh;J8pDQ0cSDO#J`YySmuMj_W+J9Y;_LbkW+0(l)`h6D5=_X-Vp5X(is661gjN
z^%qfEt7%$>BCnS8QY1}MyHwi;qbXYTsp*@52B;A?Og^4qJHO`nR|zqq_}jN7uST2=FZGHGiUz)&skX0s2tEzob=+P=Qiy8
zVcfaJm6Q(kVk((RQ9`Yh__@SUB7k&iKABusvy1WNYiUf^#p7C%@^N(q`AwgkI>|@`
zwXsZwPT_TA%=+5K-1^2^Qt;*|43yJqGMP|I$+>wT#Md`cx|kB?l|C&F_@Or{xp_!G
z@D=o#facfGCSb<&w}E+W-we1L$iux6@Y@gA4`4q899iziUBV+cvHVWWH_U;rcBe5g
z1e{P8ycpc)yZCLwJsWT7;pkOwej#hKzvdD5)YK8U+bNY|4*=K
z>JsHS)gQ|1bMOz(@jE)l@7UBYs#gGv%+k-TCFfQ!KqnKjlcknd)*b0pX-|4%NjuYa
z*0b@oq_!?BE+((W7mcKCMZGMB=5=(F)CnZ$2yS(4Wu3ZKZte2OK%pN^tgJa`u5$}l
z7UmS+293|6>7)5-)0taYT8g7TN7(U2b$w-VV=3tnlUJz!U0O&1VHLcXel3CMuPv`U
zyKLTb{U!1f&;aZM4giOMBfv4>1aJyy0tUX0`UwaDVt{!-CYw|7Id7X;H6E3D(-*V}
z|G+jTW;a>czU0@SRU<5ow@49^dEO$@bQpI`jEoprF-$OR6Ds1QZBH59;TR2-GGNZZ
z!vCHXkNA?9fvsnbK*+DmkOm&+W~GilgsVVTg*LGDOYwYN|zTrs`Y9icf(~}y~=&g
zJk0VxtpIa{T?%cE6C)8~~2K$$bHz1<<7~dgrL$3d$Lez79>LJ>s>B
zj;M5eaXwn9OzQ@Ekk|vQo;M0Dv?w3-EJT0sxEi&-0^lE@><8T
z?Vsu#Ra5g=H>&(qyXe9usbCGzK41xy-3%cYW7+-z3yb89}G!sk>Zx&jL&z@~%J4tuOk@n63;*7V4L-%(`!3q#f&IUM~}gZR%YZ@-1e46rt1dm
zHYUQWvekNaMn2In_)A};6MUAdOS@Pz6vXs20DI%
zx|6x#K0{J_gaH!Y*W%~oT$1fo6-9zGT<1u>#f^+|0a?HfRybdGq`Z!``HD81+B{jg
z$8Zcd0vrN(f9BKo&InFc;SM-h757c|-r0HZNVXkpKij-tApH59z+qOPp@IAwxz6#v
z3+)ig3FL1H%mbRc0;oGu!);CO<*jcF3z!?IB05QP)m(LG#6aINX1Hk!Yzey$WZS}nCb(!Wofu)kNSS1o_C{#8c9PEqV
zEo5>@x-F`jiORzD1Hb9+ZI$_HM1uQytq4Q=+B&pMIEG^UoVYgE{eY>?__*>`hVf_y
zBvNEM1?B25D@Goy9DM*rvSbu!vNIynBYkZ)K{wELt0bPCMh?!7AclTW+wK|P*z7@0
z80V5NBw9QY3-PPVE2(5BB0k>%KWRD>=!$?qyCTrE!7ftvbV6FAnXVw?Hd3g6-c&EW6pbpqX`R>C!FlBASPZNg~&N1K=FaY-u
zU>=aaEA@|G%JN!fPp@>SqbwJBmBjm=>{Kn^uC@9Zx%|J;%Wq|>FAL?(Gdk_2O
zuQtzyKGZyG08Yq++t7yvLJs^NZ(=5?*@mVw@0_xgYE=ro&SVUg~{riB+1ZzqUd>Ru*f
z+U0Vjzc*(PCg=_U>oI{Nd>?E3iRJ!(4X2mR2ZJ}%15N=0Pa!RU!>4q)z#Kr@Vl#gE
zw$%-|9|BG-|HjiuJ75Uk^OvRF<>SaBKohVz+dTUUpaD3T6@S_rpx-xi`!Oc%8}PkF
zZ8xT?-7loXZp>TSJ*Mr(d@*1i2h7(3W-VJS<*H*QI2B$O_uIAf6I!%kZj>i@wrx-?
zD4C9@E16Ouo5qA(zgyDu0~;oM^dmG~Bt7SaoLe@}&q>S=Z=sCSq_fMWmJ`}3m&zk%
zf6G`qZgojCd@zn7cFrp1rxXE@JB`AIzY<+tj4+?5N*wJaZM
zg^QiW+hVIjeD2eu^3ZeKkY1;IU+Z*1$x-^z&T4XP32S>=DXg!Idd>^W*W-)q
zPGYf>sT2#q@`Je&UrZ&fVAt0+Y-@b(8loRm^ls=@T~Vb;?^bfW3qdKUj9sQnjmY@R
zTu;*F?KF^FxAfR!gB{UDGcgE0>4XVG_SkrPqe@8rIpi$qQpfcDL*4Ckg!U%T_9Q9;^*EfkbFrANRq9E
zI}rk99Fi-K>58?&4JSjAB`J(DiLq)c#Y~p8kvoNLFRPu~8F~xgmIl3`GTGsMzPM%xs92Y
z=49_;YZ9|P&>Bh)+T}8;j3|?!-7t{@KB%rxLC}hts~~rGj@R9(f$w6>1e^knzt;{i
zxE})MzbF0w-@Sry;lG+^WZE$FA7bunzoGvWym#T91;KJBIC>Rxr&o2kzxvaMe~7x%
zd{ycjX7xMh%3K8_I3SsEi0kpQ<~=j*-^SOSYq|}|K3rBC7tQ|eYc@W@^z?*YSmwG|^V+623GR4xHyrzpn53=SYW<_xy?b
z!`dj{MJbkV+~BT>)XJBuBrIX2HR^U^n#VTp*IOv;*Xnsp||Jsftr*5VY6
z#R5)fY$eBFicFY^>9**QeSwgwd~XFQL25)Ec{*eC>E-tL1PE=0rf3MiP^yr~RW{`P
zyDx_|SD=UFByEM%hUokpRGK(|Ozrt&=)(Z}fPs&rUj&2z^MDxO5U`!A)vK6P-q@R=
zQ)A|)gko=qCKvN0Cp7#KR@sODBTDXyXv&uJd%A9cMG9%&+Z}bbjEo--Int(&#^YBBTBh0zx1Hi8m6=Dx>jD5DHeG`fvOfttxr%yTbO}e7+@Lc
z@8hd6MhnfuxoU3jz4e>nhw8V>X}VJRApJ|%+~NZr;u$vLx<27#cBsG7j)*6$h2V@B
z{!l1b@93_L{D-$RI`L8{-74nZm)R;+cZv^Vwt6$2-KiAo??r~Cv-#}Jhq#iYks>ho
zV7**P)4d}*x2`0p#f)86R}ypj%)*&Lm)rj5I5Yv%D83FgIRA##mlWusRfdF@-u_K=
zI-DRna9EvN<}d$#$0X_spb0pbYMy-yYx_;C)&KjGumd*XHUxVN>-JTw>5t%c2%J3i
zLvlq`G7K4#T91ek^|EKz$>$uoeFcLH4h@u+J@9@QwJM#hX5UNKNz?i@(StyxoJwz(
zau2i=?|Vw+bY@3gcwe?&Ev9#>H$D2>)pF?uh4@e{TS~jnKS+iNgOT=%M4bb<6Y{c;
z4tScMLfSP9JmbR<;5bfghwkktR(>jXbsW~XS*h(1%s9#A`0Qdbok(8qa0td2iG@@z
z6n^SLXI8*TqoZs`qg(SzKVM-I{WQz}hrWZPL}@Vr$rlq>N(40z0U6EG%zgh!opZ^f4~WC{xRBUEJ`I%2G3M#BR1sn3qoTD{0l^
zg8>X4^;`W~4t47!o3Q1Owaf9cP!G2p3R`EiruWU2`F3w7Y?{aD7JnX^6=-I+Va-h}
zBF<{b7)|dV9P=G(Iq>$5LA_`?owxfHX}JG0`ZlUA$L$)A2BH#cO|Fr03|1LSqY^Oj;rNczp~YbGJY}b
zm9ivlZbm{RD<(3v8R?u)jv@bt6(89&LLrWQinn5=Z9($U*MNKAHrXH=PqE9|)@?49(XGM6_`?nZ+WH<30
z{SL;m-^Tb2IBp0u@J;R~4KWX3Z(Y68=%)4RZ0Y-y|1Nr^2DSOxD`M8`dt>~l#%MY)
z>Jxk!tzG4Rqij9_l=2n)t-29apR$888tx%TfAFt=+Di_$*Nh(|{4;mC-
zN~Em5iy}F`z!Q0rhKs^xiHhux!TTc(kCq64LN8W6(y+n95Lt|-=AqvsjoXUW_#O(&
zHO69ZDy)#&NzeF{lEfP`?rayfy}FxIG;N!nhP&}s4k_@&^!=vmJ+F~f7%k5D7BcVT
z>&G`4QS$06(97V>wFGH!5LMc=^Pd}LqoBN_m+uI#zM
z4Yl|irh_lCQ5kRhO``M!FQ^|a@9`vt3~k+GJ&}z^Zk9RdF7|4tNz>~uaOWeFnDbHzG~g`
zcc_c=*>k))Ajy!Ft7EC4;-d1Cb>o>aQiVcaL()ELC0uNA503LVw>@!af5@|+`-->q
z%qP*i-zrEI^{)dT^Fc=nOU{Vyiobd?7WS$&RdLp9q4VJpPTs8rWK=G6tC^+=p*O%8
zJ$w+}?-R(0Q@2A?9Uq33DhkXB)+q|ryNuMEO@Dbk`?jaP!?Vxoi|k8Z{-4_MQ{s0#
zd8IWt1hS&z2X1w&U;Mx18Sy(_y#Hx%Jj{wN8MrmJe$m~RzfL>;|B&T8dH?@{7q8s^
zclhSX`~Mfbc)$I>L7fA~SfJO@7o3PV#YCN$K7TE
z-$RMz!Hq^CRY4c3$y_5S{=7igkQ5!sx&fY)rwd1K0=GOU=8}E|K%xVMngmpyQ1YdK
zj}xcE?HQ=EW^g1C;QwEY;r)iPq`=R71L_zXC@C|P5$>tWP%r_2t%Ni0CpIzW&qqr5)f>oK&&M^pF3RHax?I1
z1|PJxSZ0b>_noR3Cl(KCzjQK=_4m)Wb}E|}d>8b$ru~=XA~sXEnVN2~NwK?_ExbqU
z>he8BS<$5*`Zh2VS)lb3srH9EBxd44_z3VO0tO5)I)5v%k7DHMj>>ds-3Z@d9#Hl_
zUg1|WU?)J&8P`u_raDkCTa`$1mjeZNWDMl|A6a0^^zaeXIWu6M(Rupt-bFfzk_g<6
zfVEgs_}Df`Cs&X*fX~U(iySCf^kMW#9i9Wg0|e#&YAdUaNHW2(j{*gZjqQ_s9`1-r
zlgXLnUMIbiWGEfsf#;e4II)^)`hq603zXkroB-^@Hw6GvC>bb;1JL>*EdWO-Ij)hc
z`&%RcxWh;JcY{$GW-Qn=H^%{(ldA>r0k|VPs(>z~!ppaDv=4hz
z8D`Kw!a?)t*Q*t3nU!a_;e_CiSBiBO8)#~b(j%ab+M&55ueMMevM9zVrkde4!k149
zfGY@~xoD|q;8h%63O_u9hcn<;b;UNWy!S-dpp7?7?82P7JOI*%D)6ceAfC-`n$p}N+yNfhleD-!3S-u1e2SvKWPsGQVVuExSb~>$3kOs%hK*O
z&*qaP4N=gJ@PlUIHJfPN|NI>H3f?Q;oo!ZfGuoKs$)}~unBTef5vHFpB6N@M(tI4z
zr4TI>F1~4a&qn%1R4w~!*^z>b*CHhdY`e1$Xym4$G_`W1_f26z{E@(qQ6_Rh&-UME
zGk5Vp^3(|d+ME~nEZ9M14XTov+kfbwOT6!+MBvoNnSDE_&hg`Yj^7REYSHyea#oSy
zZG`{Qj=bbjoBugi1Fl-C$0RnbTTS<wI?2<
zgLfH{VlIx?n!!X<-}^d-f`1{0+Rt25&0JPL6{hWn=qco5FMcWaEwa*pZWBQ*XbHln
z#dq;(DyPzIow8D0TqIT+_=P(peSc6g{H4!px>k}jS<2@z`cjQ~PB
zS1Yj;Cqn<~jXJ;m#S~UffJdbR$xM8P)YuHOwKK|@`|=T$(I>3G??OzfS~Y=LAP5SG
z8FTUZ-!LXU@!inVddzFkQ*IHHk*aNd=5lc1sG2-#t4!Ny+w`JzY7g*G&MKItt-t}t
zip2;0`k-a=gYy80(0_%AThvQx0GJW%C|=2E!Z5F7qI|EM52!bkS&#P+%zVRu_9U{o
z8^x+8DOM}$bE(r((zGhLR3eIGgbfmz7W>!+m+$oMQ%@fWrqnumJYQ-mRJR1p*oU7G
z#M8vw#2zL^mh|DI|GY34O9@*%bWjS4&SUdo4U!?-ES{KlVwWfxX2*()SpG_ArK22O
znH>BhJ+v*WBOrv4Va7t%#=EYdZO@70}TrOOlj2;rsGNahx?R{=e$=UR2{k!(T3EYlzvT=2Q
ze-a2q*<=T`wLELN(-f|{Z_4t=P$1NM?;3isE2F%FPkA=}dggA2Rpv^3O(wNFP_ZZd
zro332b;s{Vc$W^SYViYx#(GOfUnccouzG)bD(FvbSu?xv=YVFYh+b3ecKCpUuKDwTkm`)&2QS`vdvG>0iQx5ZAO{
z`7tE)D#qDIoJ7rymMR6b$;^igjVhs|?aXtc;4}SI$W9)3g=76Nx#6Z04W=cOM4+#vm-Kka4a3)`(IW5h9hP%#`360BFdi}aDbh)VCq+_lBM!)4csAF%F2D=jm6Gcf0
zNM&~7j5{iC%D{l0Br-i$gg`x`x@_|=i5#3EfGT`VV;F@6T)S`>-kn6Lw@}A){cVaB
zIjTG1yTh}Hkk!cp3|id8VE$6F`Y+&4rhs%@&vhLdI{t0N+$8B(ro|n0NzfqaHotV$i6cSUKDiNwSzip;?NNa
zR_$!>G@-SaHiZbHP=Yp=%Osm+LD$d7fuwyac>-0jTnWhT#x<N&hP}
z>V0bl5SMWiXb{fC0gkZuB8T(nB+7Z^f)?BN{Ra`se2U8lOyu^Y{g&&j1x*c^zrh(x
z0FLWe@6<}&M>JnNH}^3uB1l)ubjjPDm+q>#P?<%hZ3w0%7
z2Tm&?A^fNlP1zIogV_n~{X=3+VJ)}xCi}3$9jeV?u*l=yBwBdpFr$Xe0k)u0K%eCz
z)1rSBMWDg)IK{;S-sKZQQ*`I{W7l^<7i!*VsHfn^3yS+eqp|BpC09F}{RW+I6!7La1KJcS!v
zIZ!7fyRaS|ZF(Sx%njEM?iikpXTf0$ce6W_7!4`~0GNP37F&;tL(eKp>W3}F9%hTI
zl{?)H4h$vh@g7XJW8X}nRIjU{Dh@KRUSohH2r9!+Nk`AdBi8nV#RwLz|_u)RrgU}+OgqJAsPO9z*{nnZzWlTk>qeU
zn9z^Mjy`ngpKM;d|G9xhPnf2q+KWPntYO$HqQbR-hF-xbZouDH`}#XI)NuS!95TFz#QWz6*-zQm
zhh8pi+S`%*b>~m$jp02_{aU9>MBR`L&H6IpKS`x!t>lBB=N_VbMMO`m+Nk4Ekx7|Xl0a=*H=Ru*#od8stY%?iwi7ATx)s_-RoqmWPD
zQENi0vJ$8ZS9I;+*Pz|s;JBCeW4Nq}gcIvYVLF(*T4wn#CXs95lSC-}_swcrq4%;A
zS%@(k-Nch+Zu!_~iNe=p{xnEa2Xn`9&GXxDOUZR)wZUj3K*eA{RPT!duqpklJ`@21fF#Bc$M^$&Ey
z_t0z4(1|(lo0G^+hSApHkJ)?l50!*F6yWOH@WgU(E5&s~BBfC~_leP3
zL&J{;JBs1`7!$UDJ?$=04-U>R{3t4zFiQ{++fqJ?CzbGvwx9Dqk19eAm4E
zLG4Pf`@zA3wf=M5kM&6!#gw5NLC~IxPKg<*uQwHcHi+6?B6UKhopb6`Xl^yj#616*^mc>wSg9lkrbW
ziHfJYoJHcA+pKd+?G>C>o3C*h~12JRvuZ87Tws2MzlwM&D;{8dYj92ut{vu+TiNwzZNB;YmNwaml#0)0shhs54vtH@6|y8ZEo{EOzfPL)
zEO17#u9Kr?9RKAUgeTilMm@@|k7n@M)=7o+9!Zq?Cto*YZ8@0MROrQbQ^jhLVU1k{
zY>FC$=_}@S6Wt;1b|W0W5yPL>(xlH?I;O4BNcWZ7W&SiL-?s
zIi+81kk{@iz2OiVQUCY5etOLeDhHODyp!kj!8*+&s6{QW|1VpT$N5b}_0hokMqk~L{w~Yw
zf_ll}RnbK?iV-H~8nprbZ3#E|hp$h4wg0SsE$CTyqxk8!r(Si?9v!`Mcg5pt+wob8%Ah~{D>1o>lk=^s!4)5$lr>1$
z9J1wXWm-pn8Ti*&h}M|cbnGMA7QUFp`&?sw?p0aOQmT1pyW!`PKZc`UHcu71C+$9f
zZ8nt|zCfP%Z7~XQn9<9u?7oh@o&MsjVMdMSJEV22CCn>AX#@P!;{fVWMV=LlsjqF@
z!g)TRAD;1An#w);E*p1V%thp&y}JPFUNJriZZvEA>J(U
z)iI@-P&wC`N4=|aW&Lv(sU0#@=Q1;^)n97s`J7|IIh>Wohejq0i@Nlt7`s&eUG3@h
z^GN&sH_@8d0~cwZO1n@-WI)bQPCw${PwEOy_IY&^WXKQsKR_))s23z;OZnb*L&ZCqvuR?uV6G*u;hV
z+iQVe++p%~vWDRmKg!!ee1BP7
zJM_Q(z4Det(V$&qvbURq)hE@e;F#+VU>&dbeO+!Wd{MF4G!%h9@-E$nf2Y8YQ&tV~
zA62dyKOI*p&EFRj!+SUtZKw18mKpL>yW#rYE!lY3u~5aELLBplbt2P3e}79|dHXPZ
z{?ED~+n!$9k`1+M)oSi-orPGW1rDUL;ZgiqQ8<0i=?3XK-T(IpG>dit&_gX0cbZ+T
z5I%<-Bzq7c-b40M;Fm|f+EOnX*8PUMG}zZp`@GjzD1XcPm9;3h>?O;bD#PGN2sR$e
zJnd=M9e3qOaB=Ks$|oh;LopJ2`sy)@GQ!{e`mlKG;02zpQ~k_4Z`*s-Tifks2IH9U
zocGc(RFQ1UF^AKOeM}R_5P@g{eCsdmQA92$dBr%Wmc~>pNIPu+u|(ck&0;17-?I!{
zrisMZyYj4~|LI9&kN8}=u$^j39`IWtK8s;^Mj^4w>hwsMWDoKLJ`!-5^qaGZkhnvCXjn0!YRZ@pJ2j;s;#J~LK{Jv&Zm~=4K}UNU)e@SH4_Qj
zP^*V5)o8^SMqdnr_Y;HN1fE(bb-!~nN8t;ugl~5C_3g^Isg*#BY({fmG&$T7&%z4U
zIbYn>@iI7v)#Bpui#J2LBoF+MRzLho4^EC4n?fwqQovZ=3)xpT17{XOKE)G^KM}7B
zK6{L@;fEF6_-o
zCQ~BS{{jijkq{R5@(pn4s4xNG-$-r(Ceob%Pp=i0q@E8~I8TDgn}qXZMfRtQe^{LB}(dHy7fUrhk`Sp*Fs6k_>rg%aYbI1z~B
z&jv8;OT_RMwV(&d^@Ak(H7x|w(p64WEMAop9EE3!0l1d7`S&8K*lxc$2P#%6JdZmF
z7+)lbHd{rL5+Og@sCZO)8&>PdL<~BRy|3~v3gE(}F<-Dpw9;ho*q7=-s;$h0m8YJv
z{^D^sy)Vq7(DmAfx0SaW`6ThUXe<_uV6VKlf%7f>hqE3A_Xm`oPdAQYz$$0(&06e(
zvTT#l9_^%+IbJV>P7u0QBh2!H^>XS(#y!Ow7}JZiDvdDo9Yv3D4AH@h%!q%!ZgZQ)
zn8E7{j;Gp{p`CWr`qEIMk^!$lv!8$MURuIVSbo
zuChHpR{ZaTtImI8rJcI4Gf;eIhE{bcU=jaBTZC=>j6*lRg8_6CP#wO+J
zy-C_na*0J;0O^?o$08)k(#RV(Q;n~qSF^>>SX>if5lp_%wd;@I>I(*|mgYPDw|}`v
zZB^L=dO>|FWLIAd9udIic$s_~QyJb=e6RU=>)39gA8VY7yGXBgEuHi&^8|VHyb@9v
zqscHAApe1?tXFmgf?tPOICl7IG1hWcvzc3WQocWL0q$vn;P{@$?FSr!9SyiK+*(%7
z^#toma%uUU@KJ;zNF!~dk1Y!X7w_7p8cBDYM9Z3@b8O1+N6|TMY8h9D$?2yQ6h<7d
z&!(VJB%<|s_ceJIm{99ngXkRB$=Xbg*8cC`V-Iu3*|89)J-?2d=ivtBr~XrL3&*y6
z&dmv26G^az9lH&E7C|{(Q+#~hiE7TKv)iypS2@4)y4NEJ^<(Ay3SGr@g1HtauQK{E
z_mh+8glfoFMSZuu*ihq|oz1KLDif-F8?}RfL%v1i`UX1b&$^0iPa6?emlJXcPc5~F
zb9475mtd=&p&?%eG$syS=8c~G3D`WPZ`@*W1a`~Xfe&_ua5+`w?mzt@ADX7GKkLT`
zJ|Ys=M7EF54+-p7<=PJ&y!g+}DfeftSMXEIBhiy$iW8|~P)p0DGs$q_A*9GHOK8i_
zToOx8b=VJiju7tzJah{Mm{9Q2RBKecT0u(U*H`7o3)_TkkaC;eh(2_)aP
zwh*yDOlbSrj_O3saNObNn)ux5JLv7*&FRy$*{~y`-{8%O1J%5hoajShWG-Af97HTB=C5HrJ&bMu@e*{#|jM(*oZ_FH`{Ve#^lsu@wtt(9Gyl+dTpZZ@Dk
zwy?e9XBFoNPIl8fbOqluy%_i86l_;b4cg>*zHri!BKZQvxyg1Bb!X(aR08AOMKI(Y
z!3lPGe~lTQyKGFy;BnhD3x@Fa@e7jP%JB=W7AP&Vq5Rlp!Mz`X5Z1W;2bB4}4be_s
zI{gaEkJdj;V5+ga6%36G;yiXcSt}olw^ao5Icnlx)M|NcJ?0B{^MLln1aMFYZV?u5
zO6FdMP)FtBm7;Mr3Gk8qhE`G%x%?wvOXwxKU9{C=sO4X;p-KbTrgk?U=Cr{5OW-gm
z;}H93+X$)2B7!eV_)-RY;4K~CJv(*rj}Yy~8O#}FZXb~_c)VAn-y#}S(guoHOLv^B
zD8{hupK9Se9Ln!IxVFfm5FG|0^RmveQ<(c3%vC|q(;1qrs^a2t*hKXyL&#T0p>}MW#Qnm=D
z`51m-NCteRBDZ+J4LPzfI~TrV5r$fqz;i&|Dfb+THE+}0IWzU2hk4wy_paIk{NR@c
zy7n{6Yy4Bg#1`7NJ(HOrRSURiWKv!OXV_}=b4D{0ihBuniMWtYfc`Fk()-@OKL;xa
zDhPENzOSu~v*T|;lvJR%5Aj7$EOMAkcZVvQxN!wBACFln2;JoEGQnk|ZuwISkc($Q
z(Xeh-)VXD7Nr~Nyy48wmcMX@}@tuy^T9Xy|U_HtDl795U(=`(MO21>c^|>u$nAOT_
zS6t!t7|JRdK01baEffux@9O%_%0=61n6cS{@Z|n^X_Aa`U;DH*?%sb!cFpwu_0lH_
zS4~_hm6Y6~V{BqU1G%D7GqY7y#A)gY@`0Asjq7sUHfFgl3H>EaLAk
z@MCXJpH*2&eKg=HywN4%Z_i(pw2ZjYyk5Y
zPpi#NjU%QlpZ*S6`*f}swYJvZs*2~)g98W?;1XW%$ipl24e--f>6p=R@cLEG?V0s|
zxWK7RBkG9W4t!HNP_(`Ot3uPl^ED&tcKp(|Y`F325K
z=T6O9b=XVoFH?h|LexgFQ6ZbuLG&)Nmy?mAgW$ou~B@e6f8uML#Rj
z;i`_%B+37vs#yYUux}du6a3P``RO)b`X5Gz8Q^NCu@u6@Zt82WQ;nB?+yp*`VN#CJ
z#h1eGxP7am0Vb4D)hSR1&Ih&`JlAqu{;VYY^l%5#^74^pW;ZIDj7#SXXEx>Ir`p9G
zC%RRI`#eDAGYCprIT$0_q(=wb3tg=MUlJ!YB>ZYB%AW#y4c{F1Hhf}4v@Xl-NOhE%
z09NnTR_1NGOh`V8!dhW!*i05Pd-t~1}V3QnSrMnK9B6%-vsY_XWs~WKii-@
znF|XEJ#l6DVJAT;`$He~k`wR^o9-AUD$18*(Ljtd^L&mPv)rIrUL$AgwZ;3-!;Y5;k)cYWcb!pL;e@IraG+HBtCxKm8O{X#Mg}
z_$d-Lj78FtQ>-Uwi!_C*vU!FOzARs_wEkcQA;_BsywwALEIVzdDM6i7$sQcY`OsIB
zQQI(ETtIO;FG$(uY(C78G9Jz1L;;xm>n3j-G9x;U6pB-h
zK3ep~z40iSAEngtnWCwF4Yo+q67D7lSI}j3Tqt=BqP%eF&riBp2FTIT$f!F%-96Ik`qX0r6hX2)QNpx
zl*$*d_=$NtAV4;iqZPrHF`^~_)tnd?1k)#q`B-K~D-$Kd=`huBjE>$eE)K;lDlV1P
z1fAar%T1l?iRbl{H<9Sv^(!&ao!mAIc`$l?fE7?F$ED6)zyE+{mPO-WX-Ql>kR$(<
zQ{pn>l;w2c%p6!4qRSVVNi5&>0LtMU1{VovCdjwbWPhS%sK<6yeZ$0Er_j-rHT{_s
zn^KOlwBp5Qh}nMvi(OLhe1Gb|dol*E)5NUF?IqgC#?jm_!
zgWz-u`GJ(#-btR9JAkHi{NbBj0dtZYh6zRHw6+M$eZ0N~AtwT3h}X^{zlp$D;KMZt
zhx^-?$u4r_F^d8&FJU{n08S1*_o?-Wlv;ib>fe)IDGn8_)m9SRF+>FzG^$&j;_>nNu6
z3CKJ6!^1lWbJ`LsxEAao1n&r@w3A0z;eS=&<6J;%`0q%!MUkmurwr3NhT$j4cB)@m
zPAA>iHiltIf+Wi^iU;z5?PNG7S#!2S%8V{m##SyzmR(D8*)mqRn!~zbT%;Iu0)GCw
zQYv{8kI7$CWNA73j&MlIe4z7YNa~S}zCj$Kevj`)EM*5~JBt~)-a-GVuP+z@7f!G|
zp8BO1YSt+;*R}emSdJFT)9G}Vo{5$NUJ21uvdA~($Wi9Br$RK>EON9N-qvfGPooW2
zm4H)g!&N6pxkaJHf5u5cqmZ6L;5Jr_lMu!w3Op(Y`|mUeDg=+uq)&H9xx2zO2=lH-
zZbI;k{}C)zYQS0K_JJLoP$=1TWz$(GY}gs86vM%o^o=B!S3%leT!iK9fz9#JwV{Wz
zJEPGLUj^8=nyfFGg4-A^JPyTeVa+6v>w6Gxgy7_W(!XP=JK6SYgyJued^{E+QU0ck
zpz~a-1%Z7bjSmF5_5YvNpL>szg@^9QGgM_ZQ3H1XuTHE(>?;k0&jO(ZAs|+t%r>2p
zVFu;kBT}rKAZ(6zl(51-YGlPEfqxisNeU`Wcf|SMYcpQf^;~Y(`R}9IvP%}ZidUiV
zBiZ|Znd!FCeX2}$pJ*b1+JxHg;yl84#&wtA?E+*-f
zjyprDc91^0c4X}%91VL3)J9Tz(>JPswoV%Jytk##%QLtV@qvlV+?w2;KUSZy13
zB~p{u`W$|2k~t;Txt(-esS^c`pi#4p#{xQOkPIZkijWl_mMlm9fEVw^W0fNgkz%w6
z9ri<}ohW41>i7ZagAMZf!6RYo$HyG!b=Y$w-5hdoO}_QZ+&+>V6Vq=$Ec<7Q7`MaB
za{5X!#=VbWq^qc!UR?Gkyym}4xmNKx);dX}_q)O^GKom*kj#iEAB)V0Tx+?=Q$=vC
z@DxGDorFJkjsX=m%S~ryt~QkUgXQY9u=iIm3tdF}M#qfwK`|@`Smd9CSz^$QDpF%6
z3Xog4LtRQGPMoMjHnY(kIWW;SAUmMsU`s*E}9R__P%dQam
zg9%b8`~yD}5L*V*^GFH;RuGcR0thCO{QtxXI%;`;!8Ls2yc(
zpqd3q;+~gk7VYb5W+wNU-u9Eb=Gu>We=v;GC}iqq(Gzm;zQou|{bd$y%k*VQ_rb1?
zKAHEiZkX`>=dN}zsQ6@W{{FcY-z1_o=W*uS`-ss!tH0rvN8@Y)H~}_ns%47r8F`=P
z&&*~A!~W;#&$y4L-OXEcPF`?u|M1uqDbTHn6zRo4A=<7yK6v>HC%MJur_>iSGHHB4
z*W!*A@N0CHCetzdg2Rl)-iO2|H~Z@aaK;G74gwqMoMT89PAnwh+)8#I_N?&Nr;-+o+@{>I;My><_xAqg
zYtvSLdhl>Nw}3!ilx7
zGvB>mTW-F~xa#Eo;d{aw3#Kc#B=gl*;seB270`pnkHap)T?c1aLW7U`#q+6j6b?Y*
zMh9lFw29}TxH^)3D3bo_+2kk6_@RAg@aR}Zll*d~(C*uE+Mt&!X^__rCg
zp6#aZS#vh2Y68O1DLg6lxDNo929^4{t;r3>iexb_;KgVOu9}j_jj-J0t+{Pc~LdkZ`9Ub9Z?@JZQK#Nz`(Ev
z=nw51$BVC3ea-Fv>WSQYQRRK-0IB}U{v-Z)W|1P-BN0;9xl+=qMIArUjB~U%Bfxa^WB>u(}~BpHjHog|P=j(+MJrSBXR$
zEKgwTWlASS)=gK|5N_V-W~5F$W;*(c3II@*2e!5*e*%pLkb({NTj5bn@VBXh+*Ud~DY}ggWIKJU}
zsg*iUN|SZ0xEqK=i==409QNh$xdJ^b$}d#KAE+PWCjMsGFV>6+uRTnvEJDG9M{4#Y
zqBDYWaw{@Te&hT@N-5kklmlP2$$=i1SKH)j#mVbP&8tS)XDmF96Do
z#QqYu@x5C3lKNo9>q_pF+u->T&>gkcp_w)GH(Pr3A=+Mmpms}(61MntixMnjJq4lu
zpm1CLGs`63o~>C_=)vBT_6|YoN{XMVt$6CTy+#Rcl|J%phDy2iCR{q?BjuDD46&%~
z?DifJRIOAc`p-rMpKQ_yG2n=hQz@{W47_?i2|RVX`ZKI$528_q@jzHF(3_d&V;4)6Gi@mNL44R<-uL
zaG1<&ok9UNp!_Yz3S&j$%)w-9Pg3x>^k;-nvL9%jd7!oLI)96Sl>N24Wa*s!Ntv(&
zi>9RAd&LYwH>lLV7vS&Fq;98zrIr+R2*I368|{4oG3b%2D5fP}zutyRG_{<4@U5Uf
z7BmE>()Ji&8>2Lupmd9TKZl(Cs8K?LF0E~Yv!j101x`%|&Ix2Pf_VNXMzew2J~5vKR|lU#yxHL<
z-DEBg;$BMhUp9(S8ct|f-k(fB-y*x`knLhLIX2r(IiZe=V%yNK%qMu2%h03)9PA*h
zWm~Nf{%w$mz0_na-@>#cn-e7VS9qgiR-omcd<*9+$|CG$J%H+ll}78$B6j&YDRJP9
z!$<}AJB%^OX}EmD4`2ROPJ*pmueiO@Qdij_Yl>~Yeb4S7BT13m~#y8nxv$wJJ{zT0}+>gJ9+fR!F~_nYB{
zIFY{*W~2FWwy7=94jdBRNDWPZN8@Z?U60&K(-BTePzGFA#*{i-C-3~$sa*M2c|#|@
z)6#3260#^`Edx5wF6H_se&2j30dXtnq5MJ={*y%*UrfVI`~rnzN%?C!@sZ@{VmKBN
zcYJ)0Z<}LXhQSpLnA=ZW(&9(Dvm-f`!j^$MN5Z88aW1HyD;UN6+=IS~aQj5PQ^yif
z!k{1fD<6h7gAr|Re!B6viX)-l-p4BHmLE^i{?j%1ZE%6z(U#NJaEke_EB{1oT=44A
z%n`R&vf7y?}aG~vu7hsf~PGgmxSWx@x8-!nUNDC&*`K$#mO2rpdq@7n|!>%4HZ$E*C6
z-|Cp<2boIQe?{Q6bqGeBVDn;zDgVMZA*eC=WeyoC&|>CBvAGylWO0nnJDNLN!3Q-8
z%8d-1;4Ox9*%Z!wgqY0S5+hLaC02*Ey37s#$Qgepu|BsvHBeT|vQk#trC)#VkiJ}_
zmRnn(hY#eZFWUc2^1Ubd1s?mY=hr>5W1g1v83u$R8NNUduBYNT8l3z${s
z?8c@+0}I7Gucz74Dss=@Xq;Jso#>p`L#DFjwMW8uH!KXm61NcPca4Tts^lX+uLSN1qcnn&hs~)Z;k5b#m-YA4e1X>}J8sNR!Y{Mz*tzh>f=l77nlL&S)3Bm8XjCgWlEe^ldr
z(593Zt0g7TbLPZRFdyY!`z8ZT7bnQmkt#8Jz~=&@R+>~S4N2W#SX?k71@?~m0pB88
zwC_QLMwIx53*jp#Lj}XWx+8I9?m3wm`U?SKV1o4wJ!hpU0B*cIdoUzvc!4t?93viM
z)0SIyQIE}0JLdkFayVn$c?R}5p_U%6G;&nH50B_yX{S0%Mu$rFa_1(dzNQNLK7?7|
zci;lS9SfYh29#g)@}DzDcWH{RnRlVna>GYm$pyQXw-^mkElyYLX>a!DVu)x%qCexj
z2(UVGWU?TC)RR0}-}SPpYmR&7D8shg3vn6r-gG(k?e94rZ`p<{-7Yq<K(~4_kr{b~1iyqm#wJOUJ^DG%7AZ$>OWtT9H(Rq%N`eZ6S?(x@*%)9!2-=
z8^)F0$Zmf7{U{w=icQ-!*MItEZ$C2!SvgPq_vy?w_J%$7k^8~qzO);8lX++#uZi!X
z^^TO!-hb2p)V7<1A31HIIRbDxD7UpbI*QKl7-(_%Zkk@~ZC8hX`6ea&@M~p@nfV$I
zY#@noYQS9aIXiou`+TRk_=raB3o5UpM7yrh+*y$|b@~qR_%m#C&BmUN_NcVXIqJ-U
zHq!_Hj2h9S=7y@V{VY`D+uv;S=JQw^hqtPuky(cySm1p
zff@g8P0zVPaXmjWTE@6fqU!@v>)D$vzqQO7Z0R6m$~Js+KdnrCl2#KU}>yi%x%Zgb@IOu^EB!XImM~V_xXx2#pZ(H3EEV}YXros&OJ;V$57WQ
zbxBW|3ltE>9&7gjOJBJ^qnx%2M$W6i4}^AsdkkiMfb;k^P2!SW9{qKy!Ljb!hu01z
z?)nTd&IG0!3>e>EqhEpB+TEgptBvxoSq5Md?GYsM2)cK6n
z*{v~RplFAtH~6_G`fzgZOY|Uck>HBn=2d{z=AND(Vq9$qOEm^*$6K;TBR*EF*8~aI
zve3teG?+Gcf*5&uztPWk?xIOSIyR-zH4MIgYuA1Wz7&&H+lA3=_0p|eRd?T(BA}}+
zJx|g5rXu?$dM%n?`V&99&v7p`77K)vp1oVGWD-SjAVF(_XCZ%EQ>~ug$G*Zel;n}K
z{)~n-GV7nZJ$w7qpptJo+;@@z-jH9W8x0)Kzlab%ADwe!q!UXXT|0ioM~0yUeadRz
z1hl68KWx2sR1@73Fsvd1q97neI-;V|M3fFu5dl$(NH3u&z1KjB6a_>K9hDLU>Ai!L
z(5n!o_s~NN0YV^wl$YoCzUTYv%Q<`J&fK|kW;fZJ*`1j?f6h!Hjs4D*4ZqJ%Ok8lI
zNtgJXTkiDyq}+It`sd#QZTrc-Q2Xh~u|61CvFKRfe!>vXuL*W
z-{eT5#w?S2`Nk*lshmbAA2i
z)aXKK!dVQRc(G8fO`js6MkE{m$UEa_e?H{09z%UbBfiwjqXd8NU}8~jst2b@_T0rl
zxwI=nbAo~`Hd=6GDOBylt*>X(P0vapCNbX!AaKONpi4)>=+PX-EB9>3$L
z;~7PRDkvNu6`Q>cnj+FB39Yz%9E*x^<#Cb!O#62ZZiL0@4BgYfp&+R@>3lBxv?4vU
z$L#Sj+B@rgU%x&5GM~vr?5T=P*P-{%jvd(ZK&v@%HJjIwPxE07DU_8=NDjAv)G!49
zr=)Pjf|Yhx_NM!SK&8y!te70yKzVVj6>!NDQ2D-rGSaK)`JIYC&|G2$n2xV((*yGP
zEv@c-tMdbAo#G&xEJZ=&kB+WlE&C$JGbQ692+4U){7{~3OY)HI4N0gjFK@_drQ<__WbeV2fBker!yqbw!GJ^H&O4ExCCEV_ncxA?}<#7iVe7C&T|nz0?=
zr0!fkgq{PHzjF*Swjt@*_oSmT|4Y0F&hmjAULy!e#Feu8t=kkpm`G}1XTX8H8g}q`9`pbs2y({i}o%Z%(spr9_6T3`eHb5
zw^otE&+Fm7DJa;ZMLR<>wT7J`_gqf8Kjc&gMnda@KsD||r~Bp9z2&TbAyrj4#W_zu
zxNLl*`vD^OKCKXpq4}RDm%iCTr{5A!9yi%$_~9f}`)oM&17&*oN)~h5g7Eb|-zps6
z@@@8KDgch1U%_F@?
zC)pFP=Yrzm8{`z@XKLK)YS&#c^$nK}TqQHmBT88E`s64{l1|cNFCCrBd+gS@>w53k
z3i1Pa<+y;Ha`+Q@dQhrOeVij}C)$T>$G;p9rfEY{4)>dZSq+?rF{Lep-b2vsRmjIB
z>Akyv4i0D4jt>Eul^7Ku9E|H$IHtb+1$4VV5ORVOq~TZIbh+p)
zkRt82Y16#uzS+ka%v3T7?$zDiqo3xdh_69n8P?oNCb_wK)wNxIwR$4X_O7Q%ZX`ZNh3~cpfq?8k9^k~83kEhN5yk?|^?~Fn<-aTwt7&b3}>^ePOw%^Jh(zM$X
z!N4zPIH{?G>v0{}%K#cQ&4<;=*@l0i_@p}rK*MGtEQ5zC)D^=UuzUzCel5BfB1J5}
z*9X(^>3)XAUtqrZSLM+_q@^@??i6_q(ag7M-x$4a@3?o*_Dr#H5GB
z#r;J2nQrfgy;iMhD_>s}Uj199WRJEoX~^GV_pUAbAmL9t@y*13Pg?2IGDoFcD9zW-
znrydVu0?s)h@L43Z(CG9K(g;^JM7u!4qgPa=fnw>CbG^cOY20z3(h)1(y78~?BRMB
z!u50(Ich>~sb)IvwG*EZp$;#Ic0&74|3bBp1wkLd^=unQIVDe_Jk5VN3+N<7Bqd9M
z03F^x43#~6;%)Hru=q&*5Bkrczub+26Kgsr{G>5xzX^{>ZL+`f3;f89FGo35vPF87
zO`p#fe|#)|L3}O{q`P7rU%96SGZ>mQcoJi@Ii?~V$kju4%~KhnJA|JJ?oin0SBX5H
z!#A_$yAI=Da*q^(tj{}nX#GwF5nc>;9v;7;TJfx*KMKNaXv2(z!k}_<1i!wS8cuIg
zj4uJvxkaQu8-p-7$>*{S^r@-lqO5?J-r^naUq3OSM|wZy|ptE_x*|<)&Jz{G*?M`AFi-S=FgvGP@)72-jzUWydF8TVxfn
zWdF|J8c-c2&Bw
zwhJ=Vq63
zk7y_Bb&|iXjgAGcZpZAIjhvW_*fV$N`c;8w(*HL7vpUCl{Wj`#xU^QHo{O2^o^kx^
zOitanf)LJldUloQGO{|=H2$6bMa%iZx?Q}jSBs6y5iyD2OScQA>faDhCZd!+;iEOK!wnrI%A?|;h=3P3@JHK+GH*%Pce8bK%LJzyRSB%^KbB!8#CeqvFDCB
z&f=^DRU0I|ZWEAeZrY|zI-t-1t;veW-
zS;5h_GXuoT1<@A~myYJ|n=EeL=Ge|y=7l`;adLYp5!wExmVbGF&oZ*~fk6}ChBL61
zN=??@g4L;0P?@{{e9w3^DOLI{9^MOkO#OL_%pgEyeMycPAdzNQ1u5G9hDC*J0LOfc
z@Z@OBWI8JVDJNBS{W#k7{ysD-H!(pk@MFW*Rq#Wmg}YvsN~qcN8B%Ss5UL!m{r|XI
zS=QhX^^#Pm?%J=dQKab*=E7M?>ZZ?0#ODUA4h!rAiVO>w%bOM^FP`^{wjLmiSB#m&
zbPOa8IG&$GN$Yw*h>D8SwX44lzSFpueFaiyi3y1=ldHFCh13osCT^+eNdOoQdI!U?
znBCk7kWS^Y%0edkqpRiu!_}qcAX_px9hUDFh8E@1`J-FaZ3~l2HKcjBo$j49M!FwEbev)nD@Y7fEVcv;nb4*?d8*mO8oh+6JiVHtiOVG39~|3
zl*#k+Xkq?F%OW&q-?8Td>V1F8;hk5&dlPVk=2TxPjz<|Jnxxh
zFL*}xhG!V20UhM~8d!_w5h)FZchht#Q?ydhv1?CgOcQzzxBEMfyUk!qdapx-m%V6&
z?8nQBD7j7WC0j9aEIai0*1kGBwCg;2*Rz`tZ=0xI6^VI$q>wb~6h8o(aZdnrxif7$
zyQS{w2<&AHt6!a7+R41{d=#yc4+uMaF&2~tPFsm25Q4-D}M
zFB1TsM=B??@2Gn6CNkX)EM^1C%n!PU-dyh2sGGB1lJCy(`pKE-+&zs454}(oM0k$m
z?Q`3{T+)82tWhw;|5MF_*;P)*OhSLPkpBINMAARY6rJwI4+cx1JL`8HWMnZzZ@M^V
z>_D6MIgvY?dv1lH-obpIGI(A*0CRQT{Y3k^q{#z~wl$E9c*k=|rkSmi<;t-Qk?WJ@
zgIj~b>9I@lGL|2f8V3*WwV;LlLY6^S3k^}OLCx!bQ&|+w0&49%_&y6UPA?`n1KdJwQqcm4z&7*o7>3tW8N(9)pp__M~5T0G9v9cs2u8s7{et
z*laTPK~`xmbGR5C+k+8%QCxollo!%z=CJI;MCgd#i8f#p
zL+f0rk=82X>Kzg@@AiKQE5-*$XEFf%bE9a+#X*89N#_v5hJw$)&}gFLh|0TLOtg2g
zBcMzfMQRMM1~vE759BChy@zjnIdJ)S{PJ-cgJ3adE1wY2xikn#l0HkwY1%1Z+m(lt
z8;l#!mb6KiC8$TX$>n2Th6&@#$B4w%fe3V9G*n-70Y+8cr{bLgV!ddM0l}qSG|Xi#ReG|5c0w0CUfp-k@#eZX$($uoZe|
zCgun~leD8gfh+-vkrLa@bHVRGW(RHLDwXWJaH^3DsHVhtFud0n)YTeqDp<*_Tc&c8
z_DB)rBwes36Lr92S(>6*UzQRnnVG??gq3e8jiD@N%5Anb){PyNk|(uJfh>LplnNc8
zR=ULu`c;q1p7l2J;r>izPl!q1-FFhb@sdQAOBfNb|9MM)P>p&7T9c>>J3sr5=EwxS
zxP&^G?YO?{^#P4X3>^SP+jZEWO0bE+>zR)26;c@@?Jy@3+=@Sq4g0R=Ay4Erxr6h9
zPZi`CY|yl<7P$*^Un(ju?Lv+q?Wchs)KixNHKEZfS371-&#?->g2o=jcpXlOx$oN`Ruf^def8K96uZLV(Vf^^zW_bA^Q_dM|KY5_tx-zbo#?k2~A)2$WVLN
z@e}Zs&7=~JHOsF)Ao6*G;oR*pp9vXi6b#DO4I{TFGa^un^NgrJD96@E^1`p)Z|)@K
zk24~2&Vzfxqh~WJb(8EJTJHAtz0T$*AdA!9HjSojMFeo08i~~@Ta~7oRLB4?VtzT90SB}vJzbyCt3+M?6cC^ylmxkS~
zq}IT$5x9d)$AqTEx8Th(iWK_YY-u7f3k@=y~X#A5}
zr+RCkw#iI#vVFblWMxgj*?7C$WLb8rP0UNR3xRX&#jf^sinC=3WbZYxiv4qZHI`5P
zS)hmICSOu)ItGXySP^0KbCzHQwDs1>6*v9u(HOrlzUPVz28d}kgW*`d
zF`wOqI8#J(b2#7F$rUYdHVgQL4Ad_#W;_Tl*tY#AusU~-GbG`#oO>dMvYj3L6!Gsi
zAxy1yTP$CXau{3*ffif4AsolV2Pb3JSfD~%+zRrQYMRLM2}hw3Cb#Qrb5SQ(aBORq
zRR)rnp4ezY|KMzkK`H8dv|c$K;%<*LK3oSy3h~ZV%h|bc8R5~+d?Vexo%0Hn*vmh`
zL;g$;OKpdndu`@lZ=DSbzd{YA$FS-*42LoEfZy{Y+N~pS2c6tQ0LYil#g`#{VM{%y
zlY%;K@PEo0Az!fUSeX&A>6Puo>R!`gCpepWjb_ekceqJby1o1dC@(X|Y>s!%j9~e5
zB|7=f0oggKWpm;){fn_K$~PKiDpd~-xaNP=^~QCHc_sePyS5^W7k_z=+99^Dyh>W-
zt@|3BfWlq)b50E!hQghL?nmER>F>>MC7?f_+(CRk`N}2#s*FZT9;1;{$7tZJiQ`<;
z@^Dky6Lv`CGZzT(tKUr#1JIoN
z+E*LOkHk5%EcZ9tXMQLqclI^@XAoXgl#j>suM}TeUf0R$n!v)Z2}jdq4&TKUB>i$D
z^ibCT5S&_on6k=-_IcE*Sir)d3|eSJ*S+7zT(v4O$4e&|uFA|y1F{u*=Crxx3TitM
zL;01u+zYK^x8)88RxS#MADiy^T*B4Zu!c{XRiw5jbEWq$lDJf2+eamdK9__*Upq}6
z5P=fJ`Zy&cenoiO@5R-b&2MA6y}1FwHBaYIC*d>0t(SRGB>(&zcbQ8s
zz~9zvqyIdF`C4N#uH1i5dQH}6qRNfd*p&?4#0PRv{=|?@
z?eO*7Fq3ac*}I-VGiHn)h$W3o!kG%rFAQ&N`5LIjrU?VfDuu%@R{!~%&c|2N`e^>E
z=Yglg$FARORX!X+m)1W`H#r$i&x)w!b9Xog+D|op=yx*bUbFqAtUM>-1|Rt=nPOxw
z5fHFw71yX~3JP2Z-ShkK6Wo>C;V%E6oYi~w+VG1xkAf!DUAwiu_k=yj?$aN|OZc>f
zDlQK?NeSBh5>L3nmm_sT^|`Oix~?6~PtwxsCNANd-$_X4kJ=_ZY4pjmES76?a2}WA
z3N|(;r_H_Mex_!)D`6ck&FW`)>9FKvjaMyi_Mw}6V~=5;+TDy=LH0inI=NUSUCaKh
z{PgpQbrNY29*VH?o>iE?^0*@YK?qz?M^Y@Owzp41(V%H4*Wc6Mvo|0IUuv}Dabws!
zG2lDHss=WMZA#5m910&de$+&X|H4A2eK;u!JKlbSNzKCtb%kt
z`~!rLwGh;_;vMnmX&T8lQXkMJ-gERk`}zWEb;|y_UAmbrRyYP9G5y+v1-7fztw@Y`Vp(!<`$BBU+I18&5-8EUL8NxzuY}5qyIA(#VEfJ|DWyn
z|A*Wm?aB7LkxE{xg!^;oDe#SMnkB!_aBTxgt48;iy?TXuI0|fxz2k71
z2yAWNZ&_{Aa}Lgo6YM;cK&CcRHB{zHwP30L(2|QtB@rvINB}P4&{71#t%pd{P_x}s
ze0K7hW29TWOFAP??X{M4;z;aid$;h(l4jh}tfTBl-ttza&n;W#1;LXo!W)jP4?bop
z9e=6jf|eg0%{7OaeK(sFo2c}Je_K-)=mp9;
zK+?Hz#Rr1@HK#X-9|ZelcEAO!>@mk?E8@f{)3pmN-cY}EkAQHLuHwl7@nKtP{w=z#
zQ61?<*&Ctczr6+F#~4f46Z9C()DD@HS9!Bt&G@Hk@NbK6YQ}VAPgS?fHf-WV&b1x9
zzT(u1ZS2Q)k>{oOR*sld%?)^#)OiucJl3HzkcF5^A1Y@)t(G&S`m#Mey@%!s*vLNDbgfAEuJbA@r?%c0!NW;fx^vfhqf
zLngTy#=bYg3IorJ92!JWMJQg4S7z6i&0{GJA$-FI2jOK6kkLzRi-7WlVQl5UcS5u~
z%ktX9D^x>%Sg8P7LbI_&Wr{WEKuaTnfW&6>+RQPbDhS1XDiohj1FR$5!}Z7V`}?5E
zV6X>nb#3F$VzuJ4)6dP8>&)2R2XPo%wYY^70bid8fqS%yDd)*Uw8o~6X8Z2n@HSyC;AV!88PswEK0k13U
zd_$$#sUec!<*Xpsdew-pO{RSw>Us}0Ku++@=+YW16Fw$-+vSy~`iayhF%-gbnH;@U
z`W^Bm>k46i-k1^P-o5Wqa$_fT+BN$zYbks{joIzUc@lBH!lPa@Bv}4S3~6nEI>ep%
zm6Xkh(XK#W!h=5crh7Iv)qc8_Yae+ZFn=kM6gK>LD
zLpGiDb_`cqQ^Wb;WuLrp%)YH_wxr&3h;5mA<*wz(o`MmTRcs}vgoK*qXFLxNZQ+K+
z_J_%cAf@GGrXWwa@I$3*DPV{9V&{6mt*DU=A-{oV)J%PSk`n!R(NII*Kep^
z$t}8E;{J;(I)30JDHekpv2gDd%$JD@rJCaE_r{mPo9l{kFlC6Ihkwy6yD1d)4gYZI
zDOw3Lr#b(-9Dkl^(guC}Jjl!=XqIrw;2b3#iBxzW_7F___LLD9HzI9wdbEG&Df&T=KHgtDZ;R=i>I`M5v|M6Crs0Qf
zQYV8lrx3p};5F!&&z_s~-lF7Q?IM<50in6bZHJTz;@Irg2#yk3pd%eE@yqPF0WgE@
z7K_u!m|&$e07LWn%o&qai_t_M<;A0IkEbW+6(sh+*5|MjQ2VjS`bely03E$|8mkAY4w=8?uS|XaJYDl%
z{^w`c2+ymI8N}Z>%mRd29I{S4V7pzX!m{+9RE?GnI9v#6k8>DGX1MLy>ucc
zD+(<=zwsJA6Z@UubaS)or>1RuNo1ozsb-|k$+F3<5pPoRGV~Pk60rD!dm5&~x8F@&
zyUeXZ=D(rL*g7mK2#tvK2=m;FVm*(HTuf70UV=^7a6WA9J{xh2z1AKW)YXYDVY@?Y
z&{QE`;|piX6j-^+3g~(fvG^DsL==&`%xHZa6)9ww6SwGkHal{PM`y2AaDQ*b!|5V=
zk&P9w+w(k3UUhk?cm8hn8tP2!T-_&Zc44@~v&n(>O6`FmU7heIgO_{p{R?~a
zZHSk98vm2BQ9};?Z^ZkKB=UcRBo1(fCRk(-Gjg!a2H+)LHiug6q5TdO*U)YUb6=>r
zUodtrX>U}Q0(=}gi{j9;9?*QHzQ)B=elY;xlG?b?<76Cn@j8e^2_bk_LAFk`7;uV%
zw>BR&{Nm_pYIhdu5i1+b5P6{~jd`i!0IR@I(!v9rESK-=SPq{{#eZ)>vAtjI>lf7&
zRCQhLi+`6m_`cLw`8RXUQ3^6D1ba?g>{((L
z`owry`a0vqFtc|3sh`ovof4Y|;z2_+pBvX-1_OtfKH?89X&gLmkydFDT1C$7?Ci`nH3(DjGh{->i
z0(mTZdffuRzR5k+8-j5n+XgeT9?g|5a3OiNQ-g&NKN=S%Ew+NCJFuw+Xl_jqgmiA@
z(&AP9Q*}YX>Zi0ALto|m33frfm=(1G7MMpzxrKaYNNF)p{$Z1xd)ew_=~3>tk#Y-;
zj*kFFY;?gYu6;(;;vmuvn=VOGk6vos!(_pFNG!yViXRF>Y}B_>KO{-M6-a#;Zpx{A
zCK{X<18!;63@wM4_4KMNuXG@L24!*q(Y(CWTpfjF`Nl3!pJ?MV$u~CR3szBDMD>>>*$xVe0gWYbu=E=l!ZeKKMkp~N;Pi&1v{zD5PLU~|31cCh)qyx
zjVSTg<5w!=L$TT$XtJY2O8Klt>+Yk|tGd@e-g|;$jHt?c#fDxyKf#gNo$j>-d^N^>
zx?gZeWp54wGPQo6}?TEX|?o2>rswDKkb_a
z8E)p9Q-!QN%}GGYbSBNhrz#El(WX~W+|-^wY1wBZc?GM|1Fgm$utSFIGaiasqiU5c
z;{8TBMWv_&HbfM3_kiD{ME^T@KBzf>oa#hNz?`9PPV)wE;VvO>P7gw+ViuPLvTz^>qy9<3Espod+
zNg!;nhVo`j1lL04ItXHHxO-!KJn2m@YC{8eTt+
z7cq|bZw-|Zvb%bRs00uC6KTr9)Y>j8cs3%_E+5imuh#WLcP~X#WnI1G&3{WL_nNL4
z(F0DD$YgjSJ0N)!T6yNlc?q=?l^rLZ+bi7X`)d{@WbtS4_`B@|5O1pCFmOkl$MVLJO+PPJ;jzryDe5l`L$4Qt^u&6}~@Nyc{!a+1FeNh>*
zY{96u8wPJ!v|u_b$kH0SDC&693DDfrP}}Ef-&WgCV`}XXYt2}+SKB}1SP*LsU*v-<
zqi+-6BZ#`@)U)y|dV@&4=GS{xYWqSQU}7(I&pT`qybKT{zCjSB%%PCwz-!=AJ+OQ`
zpW1$i6NwP*xJq$9>561*?G{sewTD&Pw?6gs2r8#&$~R9^i}_mPju7B2K+2gWq)yk1
zz*P=hEp7Xg^i84<0tNWG=n7eGIYQ3wS)Zc+o8>7_F1(0d&4&H7pwRTG9&XBmKpOH?
z2Bg|OdlBuOvH|}=Zo=P(p)&*=?ZJ26MtjSPL}t!OIo78hc&lu%X@Vu;y*TPA$*$St
zGw|dma-Tw4?wnpz=HKotvC#T$hUq)9!8p`m-u!o3u$Ozk^}wp_lP6t#|NRld3EmU)
z7tuR-((8+!q%Qeu%~%fPkHt>RNvAwJxRP0IM6dI)-NLW^xj*X1F4DT*wKK9`X$ix)Ir(M4{0*350Cf;XImlk@DT7We>0Oj
z4B_yJ|C+pycpsnZdg#n9XSe$s_tISeZvkj`>ZB(%8Ih_;`(0Ov*NZ3~u#Y1wm{3_V
zIm9t1&HmOs2X2p0Kcqi;D(gw10)&WMVUC>CJvc}6dRU;9o^?EliazqDEq|td4=gS2
zOGgR_72{1JVj$;d8k0v_&(VPgfEf9?UZV(zP$lB+%hOjou!5wc<1VSPq$BSe_&u;U
zE#ajzkh`ho%}lIc`l
z8Z4#6+~O^DYcyP19;uW=o8((&>Utl}i0O_vM_Owl7E06KYkodjfjI)
znp2hIJzmeHkqO?l)QxC={+zpFq@Mf)%zQyGbv@&J5PdkN9^NVa;*J
zlj(?!JLTP^4zFDwLcP#*1RM%Qou`eU*K`C9$NUTUmQRdI!)o}5RpAe^}R
zOj15pLzVvVQNe8T2WHQz`(>~=!)^Ok>f6(ckGeXi?+|{E<D%7TOGp^*%XwPp7UHZdUq*A-`9Z<#|lz+{XX{&kY
z&qe`@l?w?C-01a{$w5L(s3?p$eNvd!pfo{t?1=p4VJxJ7EQ)>UVpNCGrVrE8%lmlVMx-PzDu+@PS
zy4)r)xwFwKQVnfi`;HS@=%pAmpnbo-s6DjeQ?4=xNxdldWr)-5)&(CQ+xGTkY#lY)
zHBRAf!Q{uYo8L;MBGYC9i;!u***wH}wUvWhwk!qR6G{-O{b^ADAdh_$mH9WU?`~(+
zHF4>~On5_8M~=;12BvS%UH%ojorgpvpyvlej^LlE5%{L}jdM`_ldG!}bk3W(6uZzG
zjG?M}OJ`#6{Ub$Fsgv2Fy$AmQ@>td6GMMhnsl|r$Lb1p%j`k)!$Dnp)mR#hU)L8>S
zXTz{m!A)_AdnTI(iH7tjRy=vH5MMv8$+!co(s4k6B?ioj;>
zm9LAUi?tlZGD2Yi_UAE8ZQIOjLfFrs?=uUpY5<4okD~&DlV;F9
zlVSdAK;`PMksElaMn7uUM@Vh^?3X_{q;wyoce8ycdQfp}Kd);oJ@YIp%6#*SSsqL%
z$|ryigqV{`l`VZLxj4WE0^Oen+SS_5CZf%p|V_Z9a
zSEKpPB2}X<=lsI0r9v>3vmf(#`~Vbu=X;>c8i?CIr1lZcE|eQDRd)~7R8hMH_V_??
zJ@!520`1fX;7l;b{`J|J)u00fm4gscsSh;urr;3HJR<)j-nBRxBlJ7NwO6o&syl2E
z!hZ6YjWQ2i3k41MnaArwp6H6PD68r0I9(hIaC_QtDWvPkYkj`AA&kdQ{|9;gAH1ki
zK)Ad7I7g7ew>6}c)Y%)ifNx-R2{T6xu8ltfA1RESfBZyJ|LEdwc+Z6BLZTLuejgFm
z%=f|dqhQv=i$ysR@{K*zO{#AdxllJhhMdjcE0^d)e(B%id!ZK4k3HK5)|KH<(nmR~
zwsBE!VCu%jT#9}~jnG!m`9p*8wYq9Lp0R8t{{JOT4?!x0l)
z42ZR@6)1nAWNfON&lpf58sNrSjGe+Jv~DXg*ZX$%H5?Qr9~?iU3*yx)Vck}+wuUta
zD=BvfBD7;)=rWgwUc~8iHFMf_SPB%=i=*XNE!QbwJT}o6R9V*7W
zSLsE(>t7RB7DEUHQ|pwN7ovhQ(;s7cjEPb01?Ob0AJ+_MsB={h=R4
ze*x9BCI*#C*4u`4q~o?fKF)sO0edk?EaE<4d+c*6YwV6$;oG0TKv{-NDW;d#`9^Dr
z0qcD4?SOqmN!0$pvm+H-B2*{^u*)bQsl(R#{~Q}<{kb+2#P$;L
z<^E>0xbBXAU!T*#1tCC+89JNI1rpNn4=11+IoTw-UNCs0BP6-HQYBq=Xstmie8C*B
zB@nDsy)dIyyKvJ|Sol+m@ls!~vbVY}UD)B&*jeSuPtB8<@RxN66cBNFhiDwEUq1saq%
zNQF`PtFN;)Dc0?Lm|yU}$y1SbR`;tNhdpYUABm)LOg>KyHcv0gpDLt4REM1EpZu6#
zcwIkxyoL>FB6LdEMIE!c>Eng|0ZqT`-S&Ne4&CExlV+gY>+pOI+rnhYFHx~tj-1Q$
zp?l+txQl2;sz;x<&`2XU<#(Q<0xK8!=64s`K;eea)XEz4O}q~Ad8$|JC!m6+IX5su
z?J`(6e}Vu>JRrDJFGwAHx>V5I@s%?&3KA}L!1DH##Uv?Ggl?*p{(sn4{iMiHH+1~}
zMcyPu_MJ-!eB?wQFK;9`)s|4NZyusIMdW4`SgVL
zv}Q8~?R9PEg8()VWh!v#X+k|VV`QU@4gB~wS2jQf4Cb
zzLFxv+QMD7+rxj9M%A+|q3i_dlPJ8K;Z;@*tP3-@%en6bvurat?t!kYJcYu%^_c86
zZ^7yX;=6UV98!H>+Z+0)G_%tHm$}o_;%}Eb?{qzX>{I4k;;`G`J={H|t%-N#70>vS
zF!@L>C+cjxgvgW9oL7l#3?c_%>~?DGNsnVccFHeoSVpTb;+D@@8-v2PXHn9q{l(m|dKw
z_tQLYHRiNUkh#OFS^iHIbLYL!ki9Qze{MWW_mOq)u@m?U>PvP%@plQl@43v4*M1(y
z6O)5}GEF6lKYV>z=({y3Mpi~vR+LHfxT?`9&J!duOx_J;Fkfii>U4FH@SLDCxh_eN
zN?rTts*d0Im%?2(UVUF&QrglHVQ%FPT2jK)h^R|QTb9NO!q0fHn~xu#@%TGl5pV%5
znFB(m9t<*1GRa0%fHS_?EL=`0=ZGJCUS7`OVQCA>GwI*b`gb?ByTPY<P@Tzdfkq<>T|&?2bo2nf%3A1!VnR8Sv{XOFnShsi@TOUW^~zj>IX0
z(b+t(vC8}}dtdjsx}S2u(-eJ>@u%M#`LT%H*wG%&?)Jp5o>Q}a8s2@YH}bzev@+mV
zT8kKckydv1tn}Da1AOyy_GOdn;|HM(Yby1WIw2&7K`V&=#}EwU?Jg`*2%nKBlPCUJ
zG%wTd#B`KXC-_^a_~&~HOJ#+P>%5>HP6fP#w}uR#$#q{Z4H;IG>v(UCe_zBue{9G$
zjS&CbeFjFh%dG9{oJ*7fN*g95WeSC#4!xzO$)AleRJ$Y$Cu*Nfk?h
z?z3r`p0vSc6L|{cA72_Rc_?K!<#ISC=662
zTyS~4IE=n1%ZyXvEq%<}b~~er=bRC5+us;fyyC1W2s0{LlrX9==PWUxcPtL`efzZd
zzLO!nt5Lg>QH3>Udhz99LwanHaM9&q6MF7~u&YHjIrpc2U6y)F&s`YCVpL(qX<2gl
zLXmLE<&@$uS)=yLMip;3pTBLtU6f_OIaVBYC*LMP>Emx$P)e{?`2BC2*I&&&h8vEn
z>l)DK7luviwy!n45B?q8_pWHMNw;0_>hIpG8~5kO%ZfgW0Kd`Zm)Mu>>#wPD9?Z9~
z;Pt*Igl3ep{n5%Bh!(dqz_(g
zz$z{&>;rv6$Vr3BuKTy}*q6V@#@-!3o@6-e`e~~&VstLqTz}pXP1zIQ%9G
zk4_WDMTbvVQy>I61^D{>Scv@Qa`>y%+g4ei#qBMtzWsag93X=Sp6TV!|K0sT`^wD_
z9p54p<&_l`Rj_d_^@lvLnCCsUaMwbv31ya{e1A3YHdo*=RMuy_D)fj!3)?UVf_)7(
zpGJjN{A>B*e{<7Q-)%{)0whoIAFMh*`IOO8j~shANqpF=Cf6f5$bUK&B`{1Tj}2O@
zT2SVLb2lt3N+#!ZgVXA)Ng}psM>ZiGXDzPHQy9E9I*bknz6k0(gCEO9-A0XdG1uyx
zfxXEQ?njibl#sPq**(t5+=f4uLi!O$S`8g^y9`NSTQ95=!BsX^r~ERmN;-P{z0ro>
zkuzIB2%!{LZ8FtJHGJK$Lpsz)v?a8cBClJ$p;F0VVD^`4swJ@X;D3$Omy-zx+vN_a
zVA*X@5RgBpg-)-49L!MH>}l0&I~?#QmJwD;2)_^#DX{IfnbYwV^1wHOHofgZaz^lA
zwx?e=)k#UhtUQDf!?^<|MV7~DN!yvG=G5PgakJZxu5XS`s2}$%DPy_CJ$U$y5&~c&
zJ)e|D%P?vNqvr6_Q0T~4iA1@oR9Wn^k%^>V;|1!jgkewhxv8+Vk)w&TtkjU?U*p5exrDpUA^ECBCwdl7XEyWd-y1zl9uAl?&4bKSESUqpZ?ErS
z%%`APNB)r5|9f2h+ZvftQ{MDyCUmCWa;EPsh=$4gI9Sd%#xK>B`N}~l_~WT-IkbnP
zNnl&n=a%J3Rg3Oi+`{?psd$q
zncIyDD|PW?|4}Enbn;PDi3D2EdzDkAe&$GP^^+HZlFFrgoZD|Dv@0%c^l&rbCMAxY
zGO8Sm=Gm>LePIVJGAyZuRMuE}8#drtH||Lu=VegDjow$~m!s?Nu0SoO8Z+mIC{u>z
z)01X(n!O%eEU_i2qz&vGEvvLJnmN2v?V{vTIP
z5cT8Eo|<(^*n{;_-P7OB#fGf(bxMSRU!~$>6!q`l3QBxT-m>0!W3W~fU~)8MG=)~4
zL7U8=bw4M#y3yA2iy}_bO`G(}r9WS;FE(BBF*&Qod|96J9-5Y@ctX4HNRzhtKP-KD
zJe1x0|5GZJm{wAlCqg1Z_F*cOig?PCC0i0IvW6LEA*3Qx#1LlMRd&h}Gh^SGN*SVA
z48}fYGyBZX=lTBrdcV%Ouh;#$&wX9zbzkS)=X$>hpy%!)`6q-3%vQd;oQ-%(nObs6
z0iu~!2H9>Moe`o-Q)=8IJDOjX&T$^Km3Sx~s<Bz5^;7NyyrEl-6QCNrk{^grFjN
z9I20!MR)GtC1}iAx4j3X2bFyqv1-(u8ESF|`5wSb*dJZlff{{Y{VJ_0>Os$zl0f*I
z-5%Mbs+b1=2a3AG;4=hk^YCKugFhD=uWa))q~S^e(K*<49?es_8gUQc7ZWL_7rib4
z6COmyq@f#ZGN!+fq+e!$g^CYhtq>9ZEh`Z64`+M&)tR1c%;v1cihkR#V;2-#%9fDd
ze-mYD75xrdfrj*s_|lSRzy0xKhyKMwgyBzr#*lYsh+z)GwBN;yeY6%;1IE7Fi=mP*
z_u)nNnWjJ|$UoxC^;i5q-HqbxzHt{UKK2w9Sz%U{cayMrrbQAa9+%%<23rDy3mWE$
z>L#hE?a_ZMOW|=m%OqT4Y02|ae!!>R<)RkHXA@QpFXTgMRTK}IFru3Gh?^_3Y`+8d
z4KSBh|M|&S?EfWlBFqX^kM=jj&P1@A{4PWq4*9VY&_s$yA}X)9!mN%<$Z($aP?g19
zK@@36o|PqQGtVHf+HN{>o+ZO!a`W_`$G$!$GkzBxzVsqJv>S#E-uB*|a7dYy@m}zZ
z|1C;ZjtsH>&Ha-1gIF12HGEM#oD&GBWerNb7B^&Nls)qXe%x!K_M>q}Z_~lW)@x!2
zk-EY-x%|orli2pcqVxpuN9m=tOV_>~Z+?YuItAtysEgV!g>h|;74bgCiGBu!xL|FA
zUbq3)OVr(XLYT$ZdE;A=lt$wy+4~{J7gvW!cc+Qzy5GbS)0w4uUYMoJcvPFWyJa}}
zc-P*um)f3>9GJB;f!?hu==&y9AQ#lcW{oZ`sQ*>A6GYL>f!~3HDBHFIE(qJLpyM!
z3wi`6JVhVu)rf&1|5i`^{Uj%PU47DVS+74uh`n$Q>AL?M@>FA(uDCv0qS}vhGkf|x
zOLFcqG4*XZvZbi*T|?`|ffafB5&jdcyQ^0;kV2ixZM
z#z3lya!?{3)&rkZ@zHfG)7n42@^k~RK`!|4a*vXz%JlWC3btYg7n|yFLR~VS+7fLkEdb!+jokN
zX5#Ni_VH3)MX*!+=IV^H>h
z^BC{Qa<>0Zty15DH1#nB``hgFkEIWhFBY@>dG^k@z`yJlk?CuvDYKN9AZ`U8Fr7(O
zei`}ZxRMU@86eSGx`8KnnD`o{gN-6%zZ=g5gGJWcq;tWz^WalpwU-f#p#{mdqOUdE
z?YFvDH@~|7sQ1h6FDsEW|5iamp)bA(36=OE82-Xl)
z!VGLlRqwWE{Y^hX58!vaO-hrsHj=iEd=py>%~e7I)#!mb^gx>WLXY+S+MW)^5x@gX
zsej}Z3OMS|t2V)Sn?U`#Cy#j{MFlN&ya)vTJR!b#XG!rx4Z-_4%OMmcUUTqVLhcR5zCOXd
z4(PnD7=LPS^UHnBe{XXflRMzi=Bl{>3S~NQtKI7irnxPYGS(%=8_y1y4LZh|Mg|?>
z=mCR}T$htb((8;swWXBkrDq%ClZOSsph;BuIeH&1r{12cSvH$%GtO*3@l%$GP}p-^u~}9m
zsiB*F%hW_?;G6q^@g1NYfuy*0Bkm1G`b#upa_3T-ZM@$xV$J0OXqtGN-7sepLpkWU
zvc21Gz&g~8Mf)!`?sU0MoVnY)qQ0=9IZ#W4(a~DJ57*uewDdr8EaQS#^>UZm!*xuS
zsXh7+(Ery$Kgu|@G~!y2PWJqcI=&(HAGtm2e?Z&~SbsJi>0!pUf>hhJ7?lN|3;*kh
zTUyv!-i2RlIcs;4Wtq6;!12vpcHDzwn>pX)#>DR79{nxZ9z+tTynz+m|4o}#+*7S6%BETu+{bJiYyO{`%5=55
z1Gn69+6|x|SK71Zqas&xeeP|4e8CqurmS@Qc;RtksEppHsJH$sp*sP&)qhF#|3B>h
zuSGee^}lOw+W!Z7|A9hh$6oHw5ps33p0q4Qtdi*ZPBTy|o((EW_g~lVKHkQ;qmtPE
zT;YFy9GC}ydJ=u+8bJD6R&;l`|1;^d9%|bkA7=e8G!c&fHN=lHwz!;P{q1&Y0=q$sXJL9)#U#(#lv
zc^2?>-5cb01XGjitvh}e0Jok7b9kD^Z)boH?NF-Dgr;W`do!TP)`Mf5jTSkl)@RB7
zI)(xS11L8pM26mxHE{gD$y83!rT2j$Ds96y8=HS2WZ;GQ`@ajN(#A_V#C}ExYeEn$mr&1Q4b{NyJ=!LHJub)U|C+%Ezf;klg7>P58
zcyO@S;8V)g+4rkSU&XY4Kxc>Cm2TR9p4`p-
zEOBrOfW0AH7q%g>p{KxE8_p23lX#X^`|21Lpl^(+E;Xep;s_?e){ahEoiq*ugO6h
zR6DcfEu*olX5=XkW4;Ak2~BSr`*pJK7lWUtfG6ETEW8J?VM99Sfb{$^@FI=*Bk8r}
z3nXZtv^_GP<%?$MRZj>`!%blRi_hK;tF{$={pnqto=A`z3Kn0zKm
z_*w$b{3!x7<8|ApmG-xAQCSR_%ZF8YKG3t4;?ftZ*(xC_c1mScJCq8;Mj_JLW-1D*{?}
zbnVNvL~6VNReXT&!Ooo1lyIOy-vaQS5A3^f)__1*o%HPnSOW^zsIVHaJmXnUC}lzB
zGMC*eY^*;D9o{vu%@Kz4vHM`K-Y?u8P!rP2^D!z)Je=(kMS*gr^ermz3AYulF3ifI
zJjz_vQLC1VOrMxbN=6g(SjI*_A+JyOy?Q{z%{Sa>af|OTjtj_X)GDDh6}_djISe?j
z0(!jk4^nKq>V!ko~KLy}8sL;8Q4WS^r}QDfW3%PIdzzL~-aKTG8n->hF$qgRck
zgl$OdNlHujl>AnA+;cpm$AYklgA(1~=N|4k&9R%#{O&N0q;H?fTTZ$-B1PCu$()K6
z99-#2#5sAOikOO8wfk7HH-WD5A~coux}p=C(uqD>P7h*74(ri2SN%n>^-CFpjvWW2njYN1
z0F=Zx2mf&O20Svq!dY$gmrjlk@8W2n4*(%og`q3O#lS;7Dld9GxZUQGuY2I*uULmG
zh|`B~4cm~KlOKdzbnXR28IYJPeP{1bLD4NM#`(AROSg|xAkEVOcj2BD6)G>B38)z#
zL7nG4d8!B2ks#SJ@2CtR?3D6Urve`7up%nz>`EAaK1M%?$F~E$De_J{}8eTXk@O?&EDpR-0v>_(6xgC|Vh>Fl}$#O621F#MoJ~Gc&rvr+lNkosReI#``
zJkiyZbFb?3ik15C^-06l260;)_2El%Q9pFk%&Mxzs*Dvn*GHT|e#$PA=V(k?-3$m!
zS~XsqyI~Q@wwOVaVW=xDWU
zW>n5ok5Aex3*8E#ZHwyFn0_p4>=HF^k}r8WySmr-Fm$?0dPG@=BkgnvdFM(d!oG=r
z5W3_p9+GX3keKm4g)w=i`VfDed$q(^2T>YpeE!Qcldq7VmG9R`qMGn`q0sXV`tHP`
zmqgtcF22YOzL{9JoQ4Nhw>7VPOhrF!Xii8a$>Px|+;l!F3O!7yPKa*TVyDpsIL#p{B+1_DR{srL+>_9`g_*f)eX!H358bnTpC%oP?h5vM&rUFA
zUmUvW)(>vNm!LwuS~{h&L%Wzf)60p!&371!H6D;lkIfCcqxG
zYVm3!f+*cwftK%(bRLHj?nA$-?N-~L5Tycn7Q1IM@}2yb;7ybUB0^UnKQ&~yLF=w|
zz*c*SCCCku+=x&|9MpRCAns98u4i%1q~0Oo^e@#=(2@uJ!ar(Jq}+ggeEpT386G?N
z&Yvs&`V3#|(^9<}1a-S|ie~;$GsdER)G2&qnyq{$a}96%y|ynLQ)1O>wp;`X9>Ajd
zhYq;?LR0w}TXM0l2*+4RKF6jp^bxJl)5bF;`s=}OspQ9CU9L@cPz?i$qw;uA&!wYJ
z!sZsPv9yE~&*@*x-PlKt8zAkD%=-+UWPkGx@Hsbd8_=!0sv-?p^f;hg2T<^mDU4i%
zUx>nyDgx?aU)`9VXA}|cyWRZLGCtRFNSIn(CW-lX6V~b^ot-$-7COJMWbijZ%aO93
zoo2$0_=^eq1koJ&0jlrtNs6SSEq9`^Kj8y3ibwP@#)11JTxNmOA(omX=P;&+aO5z#
zmC%wx5nNe(cF|AojEXXG7oho8i8LwmA$@hR^KPU`W9<7L>$VLW;x7b*O46tO9)gMi
zT-==r)Nx0VM&#d^;=IW{p)`(cv%jrMWkES~Q|PKrtS%BD@mIjaZpqCUWRjLz-mj_;
znJW;cnpO{XXT;z=C3|BeFW@C(mn2F9BQ+U!r%ef?iTRQV$a#skinS^^@mKmJA(i6Y
zj{0H6W^g+C1g6%U-_~)g
z$K=F!;=J)W6SdojZKC~QwY@-5ioOz62ldLW=sO?De@oaQbRA8)@+1=S92)UWIx~yL
z=ureVLP_4VBf33c#B<5dKnR(q${vZx00uzYjc*h6CRJj-MF%P5k44R+o|6(s9-^hJ
zA`6fjVTQbonEL?xTI&i5c;Q4_!VDez;J7Pyu;ednjy60yaSpFlPuK)6y4@137ByAH
zC2yae_AesJ_QMI1!`8wWh%Y2}Q{%9BQ*nz)ru0nb1rE~iT`2P)^A;#!1B^Su)>j_$
zo^<9Xxu2-Cd{4RCTUR+k**Aua%5Pz5O$pqoRS6KHg+Q!2-KK(AJPN5X82fYc31R;v
z`c|6TM6aAhidXT8QscO`6Ma90S@1dq^*h)%*~|Xa#}R{}%CPf)IY1ABL`iI0wDs&R
zlTlN`2Fah@zA!gEQNJX6PHY^KQ4dq{3J(VXTNOY$q
zKq<1Uf^;0$BQ=Ot2dh>4pPIhR|Hj}w2q3p1?pQD%TIY_QL8f-uaJ$#?#6R8N;3Y_u
zB#{fIWYL4j{h6R4YtcZ$jDtK`N1cclp>3frB2hu>|%RC%JumA1+zV_=GGT
z<52Yye6*Gr^u(l306i33>9X#n)N6;TP38==+-W;_29Y)m)$9R^QNmgw!1
zyWfzs|F!US-&`SU>F2IV>8#14fz`~Fgig;6+yFHR+41#CgEDL>P<3(a*;h)ur1$bt
zLfzE6Am{{QDXFG=hS$R+?UuX!<8(|LwfbFWVKm;=AM!XB*#~U@cVXm#Q=4am&ot;C
ziknWh_-7_AgBn&2SmLwMMUNDRPcPLUgFua$@OjH<&oQ`8
zaZ#tc1QMoT>xWHC726b?BTEmUzHUN}X9_mRS4!IC#_uZq4U#^-G?{EjROW4s{1A2d
z06mKK2j@`km_Mr93fP1^4gQXbIx4K<*&psj^|S`Oy`dlUj__^_mjH%u>o!k8{lSb~
zI&}zfia&HZ!Uu4}>fpx#bh4Tk>beE{KK5}Xun(a)?S@z$QKWhF8z22WjxZ5CMz@)U
zQBky{G8#Hav`1SqZxq#llIf3=c1NaHjaBgT+ZzNOAH<-OF!b4d^NLGq~bLc1S
z+GS#kI-&M7(n(6ig@j3Ss7WM9Sq!({4nbb4(fBUi1@+Yt&1j^X9N7Z&hBs`TY}t=b
z+6no&Y8aRI@arQ&G9U2?`aT!jbYbdO+eS#>!htYBQKM$$rmA<;(vX)F4s|oB!!5VR
zso`}4A2P&7Haz6jCU$t@#t3>gd6;h&7c_e{-!V$RoOP>Z0p4(NW|DJb3K|6_NlTqF
zy97mvPD_70$FX_8r{dHAX|PAag+QJtOiy$Ycgm{1a|oi|pUD2<`EbwAgF5U?Dw_H+iFOHivNE7`v6^^z8a8}Ou#v5M=fCf
zt`1WT-N1t~ckjw~!Vi%-LpD=6v;B!Rf9Y=<$(VVK;&FLpkI{nY8A
zCyjWz@{p`Pr3HisCItmJ|D%i3I0qkc%X2V(g=Z$~EPMz(VWwh|+t}iYrl{%T%dOpVe4`<_KZ`-dI-xFXJC(
z{GO@tbqT)LPs;hfHV;iTflEL!7SMx|Z>hcZX`c5y0uxfdTd}#fjD!PE?C0FxRN6ga
zVZJBP^}od~RQl`1Kr<8R8@Ux17!{TX7hI?zs|1lVrz{d0Aqnot9;;Tv`%L${f5z9V
zRyzWi3Tm&{RqLh$71fcu{nI3*MLlqIXH-uURkYG6ROc!owu9L=yscBwx1Qo5gUE&F44N`)8eLK`9}PcutTK8(Y|!Ii>;n%!s%ZVbstLU8Fst$^=H46?gL+E
zFYG6tT-QW%_2-$-yLGQ?n{|Q_I*f?XFl!xeFf|
znREJ`g;Awt?66vX6EL@zt&I@5&Br1EvS+g5zd#x*l)d>COTUJTXl#t00Wz)YaRO;dkK2sk#u>~2#IK%BiUHwtj
zP~h;$V6s7@g`+H)IwQHdg{XNhKo?@N;37jlfFHA(XI|`RGI;Ys$eOzZnQ)!nqpwcP
znDlg+6z^%-9(OKOc@gBj=1=Hea7<)+Kwbv{7x4FnJulHT(w=gzOa|oYSPy2SR|!;}gtVj+{JJ)}btg}c&GANO=qwLWC6(
zq!<761lv?_3GB3(8zRLlVK1tu|G{OKJlR0H`xKuayYkOIskr%LUE=K}y3pJjSud-s
zwS72G+xFy5GX6Gy&nRCP<4E4~4ZYK*a{!?uEU}Z!U5N5Zfb==_9qbL7RGKFqGTGi|
z4#+J{T!zZ#FvXrH!HxlX<`4AMb0F6s>8I7ytJ6hjFECXP&O9!w
zzK?IXz7Z6nLWk~!VgcCkG`KrT>0>T>KML>BsDA-x4|@j?AODVeBFJ-Y4Oor&Vre3}
z9kxmeexM+72j0XsHKgEsRj;8oEnd3={}=EqQn}qtzM%#2*JRTJhq26uKwO{QklS*d
z^zUgmiKfbFtZjQ}ZDd~`E>+q+Rz|B1*iD=RC~3U{6bhK$uz+-YiXnXXd(`luh&r(8
z35RT+awhea>bHd3;!+1<#F{va23hFsE!}I+vNc#KKN!q7w5Oq`bx&lCb$6q+iLPKP
zdDU|Dw>4zpI~8-7N6uTF7X&g&SKBRzDed~Lo)F%ThP0W3JnE08UK?fEhbO#_Ubn*)
z5ncGq0yug&c5EBVysasC+i=;A?qtuH52Y|tuJpjFd*p3jU8*cus+t0R4v%PwRD$Wq
z%sypQ!M988?=s*|BP9&2b}*4r9mgPzgyja
zAy1r~+}?U{1B@8cks7>e@pJLMQsOuhC_`!i>oDKlAQaM%48&?s+p+OtQabz_a+Wv^
zRr{_;$%mXnW-DZ8jZriP)1A61Ct=*@Je9;+lhd4HBbyw7773=%9r5$+k?kS&s0PpzJ=sn3_ydX3s>4=5gyhNCqI{D`31t+%s
z?4Fr82FQxbm4EmuK3?`deFN3WcT3mbS%($-{1O#g6#g_bVJ=``XU=1%#XYy{3=UNfI~#
zzM6zVXn%M59Ggf)A(rp}&efR-f$jXF_)+hhS;K}C{=rGoyYi-L!V^XZ0aPl2GJU5Z
zyr2OicJbXQ*}@wF?2-IoKPrfjh_uA7c4K~6z?goYz~ja|cS8_ZZ8ItG+2Yqu{?GXV
z-wem;vYt)+&?jr;!81fRX^c)$>I`7j{?0u#<0Uh-YWqZKB#FQrrrJE65oo(8^IPH&
zjQXwbt*Zon%
z8e(0Iw}crzLTlX7zi&KSzlInmNAue~L^?>iEen3_W^v4z1shGzOJIW{OL~4s*ZaJj
zO!z1Xd9lpPi&VK<#d;_^fKIB~jtw9;YwzOSM`FZsnR7{_d-Iu(_cT6YuAkgFEVC&u
zb!R$Ub|APy>+9k#NCn!z4Q{xvuNmL?_43{4QM{zjB}>(~6~pDu-$HXGJL&pQ0lhz9
zR_42aN0R7*#m|vDtKQd>CZQLSs$Amk0S7#@|3&7lmPFcyGrS_2!i6)7fz2gsSAp~a
zTmHEkd#Xk(7`u+^U;R4q8Wi4iKr$4`THogDj}kL}tlEAj@R4$zI|o68%qJP&
zUn1SY>!NMjWrD7SONwD8msc(VcKk3kp!Cf#avj{HBmGoS#dbo*?{dj^NBb^Gwfq5p
zT>8t=f2GN8oy8%)sw(Es0fH|3zW5c6`Qo{Fr2qToegodG1$V_V@RDX{m6vVs=g?Aa
z)uSclA5af3u&jdr`52p)kV;+}>Irpq3p*
zZNC4R1)DOw5AodZhWnS$Uh7v`^civaRiyelmvi~`$5)M%&;Ww-(jp9PjgWfo0UJ^@
zM+0PU{}4Kp(22#}?5b`WALjhrL`CVxs~K9GXke0|8;GkD#}~#g8j~rne>>92?m->*
z>9;iV7k`UY4!3AMzQ0&1R2T8mXN>5pZ+ng^-T`DUgcdA|(?3-sGgy~y^w`RPzHX?#
zgcik6F5@9Vt6*7Xtg=`#ZD`RyZXi6_H%pc5gB>jBnVTnr@mz`Il3lk+zvpk{n~pD~
z{)SlKC-8u!9DNYj*@mCH@%Ok4#R6O6f~lfA8TJc
z1+}p8ii{aEiT)Iyeynl=+8;nmS_5MoE!L_^z~oa&$Vkewe~(~Qk2au$Pa_Srz63^%^m!0~
zUF;FCfBBI72f)I_NNtX>iv&0}Yexj~9t-C))#$cpUbB6gdC5e=CpyXeZD9-9Uj)+;X#u_s`>uB_rW@^elz!@l(=a24#?
zz8{%|A>lW^BI@U>W|F>;%?Ua3ZKdgS7r3_X9)xEwE-qi*y7uW<0)~D=qXwZta@v0qu2nx$js52>wb#|rt>b<4kZC9%`N6n}VR4}wX
zRzn!g$?N~b1`5_No>4JKIpI6f(YkvWR8%1xx=;z2<(yo}+=3YX0z;KG<+w$Ih@qwj
zH4-ilv|8vJsMVD}65W2kW;Lu8(B
zsDmYnDvW)T=Dl%!CxEjd%1q55X
zs4Yfc(er9wnxaB1cSPf&Hb%~D4(~=rY?C|())qUC<@rRaz+Olp8ps1nUuSk?HyNxN
z)2ypzE|)j>-u!wGb|%sOa0!!+`w?5qHOGAuga!YYdFqq847dCj(S1=R$N@F8WnP`$
zTt2m5wRTdr<&OalawN=2v65=uf>szWcB+Z^mwMEpucjqO2eO4kK7@g#d9n|=h91=F
zdhl!o5HXd}f~{Ir!1oGUGDw`g=k}Mp(G-Q!J@CK3LrxTji5x`+50-Z>w@?BWY=(T#
znV3_c-q^hX@r<+K-KmYd4Xl}su8de%VGvYJ(G&}GdsgY&Uei*b7z`pupp1C2qel|2F3Q`bk?F_`v0xt+P@5Ou%|iGLC7PaJ?8K%PGWh}tc#
z0hrA6Wz`rW3y+XtMX}!Yr-bN{@!V}>qKAZ`#Z-gk5@SF*Ya{-U9*B5`-jY1gZ9uF|
ztMKY93HpQfCH|6Fg+_xSZ*G|2Y?8${(CG>-sD^4o)GYs9b`f2j@e!1zoM6KY@&&@a
z2_P5r*7(wKM7Q%kSIv_Hd93-2)a5Mt`*}=IyN;k~J~C>@&?GuLb1i-k*@>8rqm0szs}G*@!}4SI
zRt4IfD@W@{D53TQ!7)Hz#KZ^suzU{vGwz;ZJMN0_rV;r(zoC_c)DVb*61%Cd0#8VS{JX5F*A@rZ{C<3qRTa}fB%3Ou}v0BrCxrk+{5;T(Y&-F!Uc-gO!;03AaNdiM-%8ki4a*q<k0=RgzY9vAK2n
zuc}84QC67VKeM5NT_zvc9xTeSQFOVju5*<4O_jO^z_)H287^A>Z5)M-o!=Acj=
zJbO(~u**;|>ch5MC(m)6y_8kg8Rs!LFtP&97sy_{w@MNc%4F{YaLa%L8b69X1YDQWdQ}V14Tn^{NX}b&azYa7_B~
z=#~#a9)+9geK%3qoQ-0R`+tlISi50o=~ek4pa}n>##Wk0CxZ-^o)V%$eLlO
zN$@^SfXb2xFUcOC6k=d07A`fQ;GHiYvxJGAd
zK#5*ofL9o1yT9*l508vv`zVD=ouO!-Mk%WIolhnj~(i`B>tLKU@|tS=^;dW1G%
zUOhYZWb5?p9q{Up@qjJjLuadB62@FX=)1x}n?d1Hii-n*7mI8?JLIO}e~fcx0}9@8S_
zANF5P+MNG-F1-|9g)cb^db&KGSM-+Q2`kF9Mj4Fab}uoU7YSWQwHn5wxA%O416f}e
z(|+YuE}BfsX^F5*b-lu^r6i&8oIb@=Iwukzs=oDTaS1FkM>2#xOTeF*?9J~X`jNBB
zOG6l=>joy*_3J~mIB
z>H}GxCnlb={OXYIBb##ASv9zcZj=S+@m7&D8O`Wsg@e)qMg%KgY>he|TaOLT7W?7b
z^duZBA<#2gHG^~doPh4ZybUWHv3X$?`&ZCXdn{DXjjqZn8gPQDC9$@5d;L3uoS4#7
z!(VJnKI^Na`9s!`TlpQ>($5Q*?pWO4Aah-Gl6`a4_8r(Vz^qKbvAy$SmSUEpko|;)
zrYetK6uhdqcJjKIIQ|OM=!Z+5$s7W9@0NuNnN8X9+0^3BXpNx>sFEW4-*e-Vb;7a$
zw%Uk$cGXW-R_)|T|Gxd1Pl&c%>sfkvA{%Ts;UdCMv6l=xVg5LS@w;*8o`=B=lBZ7JS927RxuI)7jJG_K{oT8&Pu
z_Y%R~V$COl5L+;{Q;ez`Ox!n%qWxl*@HUtV$dezi*`p;4iC|?+P`#XBU+sY<#eOW)_Qk%6)&#Qm8s`;?Cs#)e`
z)#K}&)TZchT4Hy`#k>Dxhfg7Hln9U2rmnV4MnkCQBB&(EV=Oy(n0BOl?0JC3tb`q{
zH&)^|{-7tOnLZqqLa(6t>OlaCwfaHjd9JrT%sYTy9r~ypqX&DmXH7GUP+NVw^w%?(
zV5bn4@}lSQUmcA*)P;*En*6;Vx*PhDi%V3{$uA0OO6;NR^hZ;ghsSa%3I~ofAIEx^
zD^)qsHqM$B+1Q+dt!W$-Sjn#+qfBqdx390QP@F(l+9q-zO`|<~kbYajDQE>YW*as=
zM8$4ohJfP(l`LmXoRaWtkKvp5t=Jd+2VFtwLycgU;HL$}&Pm_2?@KXQ!8cwmgzL3+2wked3W!ghGn*?S7$5&z;dd&17
zA)MBc@%zXkx#FUiEJLKWf;@d3Ud4;AE}4I0{h%SnIuoiCIeoo;_G4D9I%--ag6V@p!FC1*h<;?4ehxp#cK8=SavsayrLg%q$!d>R)JA8%(3&*eOH#4dhd$5Q?o$)UnbS>!jM`CwKKTFWD4~XH6iqN@KL0
zYKG;6++(S$@Z#2Hs1_;&$K&uX5ZzN(RS_Nf){ppXE!XL*OT9WxL$U?IHp4xi9r7W=dqMh_9m@1
z+_E2Oven84TUR*kr4m{K*{kHVUrxHzCj3ko`+Gi4w~Bgl9_n{}<<-hS>JyGOJ~Do5
zece-YuYPMHz_LsR#OwGX4ck7KVo}ABcPuZQz*sv=ao-iX7q!XO**b2+VAK&#F4X{N^U3{
zdWSU67zGx82^3gOOe{7wY!`#Qe#?)Ov_in;W^moy{3=U%EUPT=#V<)sU5qk1O10Ds
zZ7=lH=bM9Pb6sNo;uQAS3sXY3VTVV{t&sMH;}Ve2X>M0{wC(YSZWWN3t)a11^WN>d
z@_)NlEbkRk9Pz^29Czvc=ucA}S)Os3tg?cyecT)J&HHzceKQ&(f2KcSbR9Mv0>&e%
zu?~Zb2t;?6OYLZUe>Q-VS(G&b^oqI9>Xd-B`(0v%S;F!6=pz5%#7=JFL`Be0+Yhwz
zdy@YV`E?7vKeaKP)AWaH+l|@rqoN(LN8c7Wc?ZV2=27IYUp(}~@jkt9^hA_dS;6%m
zG23S2c%YCpyBpbJZGIVRe8D7MtKg=VdA^(f-u&29p2%+smufR8h)lR(t)-=dzCd#R
z1276Q^)YYnrXl?WZ;dt&-%UHHCETC+E
z6T-QgB_xEE89v|RMVDwKz2jQg&mghNvvPO^TfwRJSc2~!!GVlA&4z$wA@LJtSj~xj
z!!pDb)q4BS+lHtwtH)JsWZ#W~F|1aTKu6b|SO}0Q1f?U_*2o>#=!0j|oQpOu@(IIh
zHZLrULO)9NDm;fb)m1fM@%DyY(Y(MV!*5YsQ8icJxz0XDt}iNwpG(*xTa6dF0j^K>*u?MQAzTfN{D$uj*E*0Ue_G3pH%Gvd9Zqqe#MPLIZWS7
zys=@xYhNya{F?lrtl&oa%z)e~`wJ&3d(o}2XXpID5jt>FPi$s1mQyg0AATokJj*P@
zIU)|R{s|555WQk6=g00ap=}MRd*vmH)lI5XHWcgx%$iJzwG0bxY#SkLo;USu;dE7b
zUpOvr-bD@->~)5y0A{T^e%Y}t{RcHxn*E^9OjsWHR`Vt>LF+v(BNwu#nd6J;^lP~7
z8F(KKQRUl2s=qH%q<2IBmmO$2OFeHIL!R?*sqj$eEldTchR+2K1mfNx#!TbVB+cld1)wrp^+@|-cT{ukfA!s6Bq
zOMM&PcUpn7toBTKckj&&*C987SQqEx^4KZ|4>GMYuZ~vT+&n^q*5VLL!}~KO`r#f4
zL<85Lob_x#6Vt%)1Md0UY&vWlPCSB|a?7SCjmCV#VVEt+Lrr$CaMxeQl&z}DT1}c>
z?1MdZv`$VR)OsuXyK?fo{X<5U*f&9=dvUCAdF*iy>o1vgU)+$V*RYwM&3)YdAO}vt
zkkP1f)gX>0ZoMj_$K=Vc`OP55Q|A3s3YBg(-D_^uo@a+$k@d&8PTyJ!%o_IcWcn#GQ>N1vCQxqGgzvvxyfD8Sld22gqiK!yOGdDysGPl
z1063IRy(%tFc@JMH_>ivte`9pSw=Sn#={N$c13B{{f{j2ORI0?g`8d|xM7!uKbM&#
zCan%uNg2{=lrnOYl;s)44RdOWtIO1dRzcSSXPF)3RvVdtANNALTNHMEg8j>YHCadORxRx@3;@x%MYCcKh!&@iWP*RityIjNe_%zsVyymD_Xuf0NplgZqq;
zbgL{$iZV?cs;)Gl3$?9L>1Y3;`aj3~GeSO@RQp`1N|cx8MTdQrG-2|77kQ_6SbE>{
zL3gN1Wzn8uxpGA-l-02<=$abt4S$cVG0@guq!U|hh)-%a_m&K1j+q&~r>2E;_GZ^V
zGYWUz+jOVu;j#(QP2c=8v!N%d@7~NHiwqZdi>>Zd769wS{A<^c>^iyS!M#n#6Kijs
zCIhf6meg?U&ZD(|qKMPWsz#L%Jr(ihpwT?52g;4RqXSI|Gl${y++|0EN_eqpW+090
zWkEaP;k#^1jjuyhYs`Fj3wPab2{c-OHh395T8GIY>i)J1FK
z$M$=-flIKCzD7X+UUS4AzfOcP)=~
zb@&P2zVql#tnkBMz}B5vJNWfSBKsRDbD3+WseIt1kO(#DVY%^x253@j5a|_;5BJVT
zugmTznr=F6m0ijHLQgRY_^ncCcVM)TI|~(hJm!RMgx_|#){a(XdCvXjA*P_%ZTa%v
zKwb5{EtMfFR-`k3Mt1V={Uv`OX1zEo(atYx1Aq7L-7y!le}NU=AN{QS_9y9sKdtMJ}1O7T(nZV6JiHdxwPrY4zS(t1_$h9Ty+Q<@BApe
zXvozuxJoX$y0M$|8&6MCB9?CBRgeS@f&&*VrKUeF&@cKmYl&BcO|iGK^T#sjp@sok
zN--hTS&~`P(cpXMw3-fiw_K+0X7{{Fy|#?ZGoy#Vqt}OtP)3iTi>_DU>{?219(47d
zbI)#2oYHOnwAZvbzDjmj{&?={pgdt=PfeXe`G3z@#5Pr>&xCH%8T<#Ki`Wra9P`Ib
zg2w`tsb3u1bt4E*u(p8PV3mQHKeSjV&AU{+9|~dJW-&EFDK$F>j<^e0?)^njz617Q>RdP^X@+yNHVLb}L=z7yMUN0&>@=H0ee&;7H@tAbjg
z`1zvX7|HI`|5y%r7q0(&cf#>FNtbPZz1YIL4kR*Pmjt7xTZ
zw0f~A>zd|)F)3J%ruofnxHxyTaI`z(=_{8;r8&(sR8!BCo@0?@G2Ijs`pZD^s>J@-
z6W;Y}fVtk>Qh35Mf)-vDV_BB1Umk1g*ltl3)g7Y4yt!2Q-qPr*XV8`1WG)oCE%U?d
zbnPNEX@5ktUx1l@dAgCw1;}*=HA%NBHP9leROI2x62{)#sVr6vpS$*2Xpr66r@-ie@RxQY*`&
zG|Mth&ao#cz?rjgW=}Cj-_{Uw#azapY}=5!ndY*dEwYu!!hfuy1yohU#BZQ)VRLWVUk>)8CJ2N
zjww9_O>wH?mw~HHUpf38SuG6SJ{_JY=9+n>32Z~fdjX|3JS01-@KDHHeJwUvx1lOC
zu`jM5^kv|PG9rp!o@DPK4#=)U4wlo3?%JBiMfE42l84(!p_+PgWziy<>&T%N^|B|W
z;@#OT*C*Z}w+wk$R>ni4k2#!D~tEgT6k)+Bg(FVYl|IBFHT10
zQRh7!q!!c`n(P2&qPQwnExq2RqMUSdT|>LalJ4O2X!v`uYU}s$Ygj|j_xxh?a3NeTOlv?Z(I`NDLM#kB1qGz+uJy;@le}4@BogwyOl>xu;ojz9@N+Vj;ES@xkT9rz^47=1)^Mkc`
zj|WWe>zNXp;=CV(o<9`rlzhf|J2E5nC@~sMGvMjNGwxN5(dG%&efLkq#(l|d_+-?b
zZgSRgrJ7y}d(zTgl9Az9a~Ap(nZea_9W8%+yLyNu``zyfxkXte-G7
zE21j~Tjmedi5^_|(?Zq5i@sm6;hl!NVcSLJ?4zw0ok&-EwOGG+x4U5Hf0dBNIImLggjo74wn;RcaqI)jO
z-K%d;p(`(g+&iTKJKXGwhpzeWViiT)DNEC>iaE7}r<^r??^?ZH^*lS)r2SiuPSipv
zC1BgLKYug?N%Gw+x@*3ure6c=mAOGHy9DNqWmn((ue8T<#`CTkGHZWPV!6Y@g$6@saT2_6g`6D%p__eEfYgUi_$D?=)zhT0x{DH24N135{
zjq*V#m8aD?a(?69)(F?OrP1%9V#iSDFWH}_UOkv>h*Ry0RhgEqYcqGhw=f>zA#%yC
zXS|fIrf^n7WJm*+1Ul_`*1!&m{K55(^M{|1W4vPhrlng;16P>s^|E~r{~b7TxvPKIGZRDNLFU3X`Z#F6
z_U#^awoz1$-D&C~Z{gt0Lpj!P(Vb$#+tT-lXZ*;C@j19OB6zXKBd_2~*>e}T8yser
zx;)R)b?bmk;+SG*F1t|%KBE5FrYgX1gVU7!b9M9Aj3boHHbza@qj<1fj--?S!iS5EkAnL5fLx$*fej=QmU0iX1o=ggF#{ouxG
zz3Sja^e3HIXmj**w0^BHS>E<;6R?L>
zReJAtr`NCCVH{^+70uvAD
zsbI5(!{*l=YlQFpYi}|e)@ZI9*ifcw+G=dJOV#gqkAVYdP6is^u!v2W%05yiP`)$%6P)M4(JN3jN?e;zToLMj@{NACSo>;Ez)!P5_umiRCi0YsZD}1no^C)oN;04g^+Rse$~lOOWA~Ql{J3?
zd8z+WTJw0DSy=+v{};mWWcsf(8liM=(W6|`u-TiaYv;Z$u<#;vfxC$-=&*ZTypuci
zI}sE0AeJ|Fe8i(iuhVUE!lXW;hdml;O~0xe?0>-KgARFw)moa$HArGT*Z4DHYd2MF
zDYA?+@(2S=b7Co8+F<9tJTbj-jpn#>%kquIJBw-p&oG)=w`6idX}O{&0fNzE8;xlW
zd!P9$d9K>yi38T}cbe|auCrZ)yvLaNGa3f0sSRl+143*ROA2sUA6j$GC}>Q>DxPA?
zJLSuX>>;~pr#eB&hx;?FEkfeuKFyo1apy)|QYwcKE>?umnxzWcdF%lPXihcsTQ
zCk!u*A3NUcXn<(>X7eH@TqZr7D%
zWi{_W0~6${w8v=qoK#{<#onU_2O1g08JhAndLN7iidJcA-?HYMG~`5VG-*%qZtt`@
zbFHdvPsBa@pevSm`5EO+P1+uGU2WMWt~5(p$}V1_LULA|S4BS;qD$udPcKV7
zHt?W|&>P3g*iAQeJp%IM+ciT(o&IU{UhoguMPB-uWm
zw{-OtKi9?}0=uLelL&RIZN`O}TlR2;d9?BA(U8@i2P%awC7xafI28RjTiFI^EIfZ~
zwJ&!^O|7S6tBQqQLVTFKRJL*B+`)KHatXI6_cBAa3>tCHzxGRXk-l@$GAZLG{{EXN
zy0N!d#pvn^YWd*psB#sZ;d7dLp8~KAz11Vs%6M+!VVCCnRq@uL%V9_Up_b6BdQJ03
zIU$Qx_CE70-T)$oC7I!}ZS)cE)7R22bWLuZtqt;SxV}SJx__22$TE@{vPTRr2AH;S
zL9A@+p;{+{>xMS||6z>0nr=7k%g`%cODpWDLE{jy&PDNsns#HCwz!BCve5rf{k4>v
z+f|B5UYFI28w*0V8o50@>glTH%?iLQUd8crdNC&Do1aBOLx_cCv9b7Ex~MPfM84g}9NGJ_6rHo82=>)O
z$E_WT4Zf~6=wTds^W+eTvvR>rU;E2xdZ1d2hWq{bHm9bODaM`9OG?}E*SycBi~Ksy
z_%a=K8gfqW=w}?aN;K~ISPJ_-@w0ht>=ki^=<$lCvN$8r;zEyIOq1xNMtSOl1@T2R
z5)o>lmE^Ub?!m_I_$Vt3T{f1Dq&$yM^EDySd6DXETUg(GnoXx`kD&qY{H=JV?OCbM
zY}&7E4tx;S$?KX?STodab794XiRpeA
zbB#AaU!47`)qD4p4L{=lg;FhlZZ8~|W1lO-CC-}|wrin^O~L_|PG=myWZ)*YtyUia;T
zU-3+}$se?-nRBXNU>anl!K+w1L|s1K%}Y>M;@h*pql4J}_r=<|%G{dZH9h*-ZmXwS
zhM)Z*=6a*msgqJQMgx_9gq4|gEF!uo-iBmr)w}D~s$+Kl1NcGfT&a6iZ=4E;fB|pf
z2Gx}RB7#%8_k1Myxjy&R+c
zR1)Wz!m?R7MtVV?LkVPH(N**#2%jY*1amy}T+^y4%`Qarztm
zS-g}TE4Uk)R39FWFwI>~aoBz7!_wN#6|dDfmRYepI4(Qq_M!=?*Ss|4@}0oD!pnE*
zUF^#b1PSQM;o?;SnjodQ3S3d6`mGf*RlY`u9()mm4$NJq#!0)xVcTlhw)1TGrfDaC
z_MURoB2nc^cD$3FEKnAHB37LWl_~!-Z_^lNJ7NiMh8bIW?~nBIWgFT(+e_zHrNMe#
zWjkDJ1;{-i>A1KJ$*S=yE_A3|&9mfG>ayzCUa$FkM{ZaJqrb)WdWF!~-E7sV9URnt
zB+MGD<}8>@*`v#
zK3QJH{%bhvZs_aYN!7g+Ww-fa(&;0Ye;vQPHj-KEyfXAZkt?v7AzH+)!sIgF$j#J0
z_Y1LQ^U27Os%5>8%Ce*R7G;J_lJhR=oP(=+=Np^)==VbpZ0@zc6-PSK>#6=VaMoNq
zsPWNz(&^{?N|~S|WR^#{7a7g>DN~fyfL~G5FMfB1e^uB%H>xAJaLVEvB^Ym1eJo6^
zFqd<1N$(yRw&M#4TfU%OXg2cW0pGu@**|Xd;IF-~Rdm_5LZnfmSvDNYzh9Oe>!sB@
zTh_x-2s{(?>LdX@(K@??SWz_e-iESuqbDF2`K6}JJJF?70eXQbOocZ3u
z8G?Rb>{2veANh03X5ys%rwzR|Ww`jl`2L&K%X(RyutSBOoC-F>p0+&9pm5Pm$<0V@
zB$!l~$~j2tMQZMbM)9r7cKBPX^)}p`iRZ5{(use-?5z9Q-pQY~#GzlW_9kVXKFH@?@CK
zbi>4}Iln*j{Hry4ua+&z?UF3{V)MuB$B~LPy^D$d^J$WVxTrSV-c|@lu9Anju$%YC
z@%77mn3PuLE$fj
zX4ED4)J0ixSv*xuBw1BODr9jK28Ega)$4ns{0r(N$?U`0oG{fweg9`PFFzLwGw`;`
z(4t<_2vUk<4&JC{Cvc6M2XM(=Kppa_alwNQLc^w6d@#wL2STTkC}iq;N$0!=54;=knR#c4+V
z7xL(OdBQD2)%*)-p})KHpihfDcNLpiL~|oC55-4nDa{xBr#XH9|7C>V<0!JTr5gJf
zncqf2-ClnM+IzdioBa$If(8Yl(hZ@*bQ3UfYoTfrHF$DB<;airJxbHB&Z^m)jX;F(KqHDSSs69(dK>?0SM
zHuO;d&2SWa>0M*|AQ^X)G3TJNJJV0^RIHaD#lC}!lv>(t)DJuLq4rstz*E}=`)dNM
zmn&lAw}P9#=Rav@G@BS;hie?;!HWlb#H))YJS6HFhw9p&0|IeB#Ft@jJGuMcOmZYfr#pGdHt)A(SkE(yLisxnvn
zq#bUH^-DEezPu`<9a(u{eMoXTn?H7W_V(1%zvEHe{ST%N$3KeO^-rhOAH|Bq=zD*s
zI@-HLuA*iBC;e07snteIWSX0h*lBgFUX`Nvzv$;0q_-CQDBZn(bT~`kp;bs
zVCqo{+sf3gsBBKp}zdimTv4PZ9=yXPlAZ9Fa=4)zf0-KIOZTwwQJ4V95vQDx*ta3^G>VUB&C
z(yJq$LsI3vm4EAj1E}DYQzQk-jE2vw#k$e*W&wvL7uy|bCe9lK&gXp^rD=ww>%#T5
z`az=9*}eE_0~Pqk2;;*zd6Qb^Y!Rw~_O`1%7kEMb+?$BxLw0tl9~E#S&3e
zO{hHTD>iZ(KLF5crSepRpiG$hXaKcM`OKr!`S>e>cw^42uLgEXLZWA|Rd{xZfTGRy
z`%sP4v6%~){tFcQm$j7LCepbu{u*hQbZ>=ThrJqzL%O}CsEM5a23}+%PaT{0D~g3~
zCc)Zz;85$FW~9AhF|GeiaPR-Lqs-M1-7QH|l_QM6!@~A)U@wF)|Qq9dC*3LGi-YOj1Bj+4`fw~#U
zyO#jR0iot*F3Gb+pxHV5n=PJH2eky@D`_Hf$z^y6s4Kw}>!6MWxim&ZdfH@^04<9G
zXKeA8b&!rNRR$i3asxkuD@T&xiyOhl!|=zA+%%w*gGLXuA}#i~MFxC777D$Y1diLv
zN%W0ex~C<)63_WC49C>5Gx&IS4r=2pQYn6cGW!l8b#Rss`kI?4w8#{wLxbj>pG8>1
zvP4PX-2&{NIr{Y$`T<#LUo#YYWpr1Hl-wC7qI>Wm4K&wTl)DNyHIO$fPL%|{o{?#w
zo&(KBtMEV{F4Nu~7aMRrZ{A7*5w>!H(L)jC$!$0RgxMv57x|K2-?>t52E;rjH|iYo
zGnEYl#<6o>psBgcVXsImW<3--Z!+j3CVA5*M0D4o=+(7P(5w`k#>W34-Zw0PD?0}{O52^yT(
zlzO7$Ni7wK1>jgrkpH=m1into^`1a=89M>Zhr{#AL7^fEF|te_4&-1Xr@wbW^1NQ4
zP^ko3iG!kNfd2v|_y15`0=iQao~jeHg_F2d2bcD8!IBO=ounAT+q2+lnJq^!D6^F~
ztTn~!C7A*Fl)X$w>jCPFBeKTmswlWi;4qbftT>sDKAXeT-0kqw|A16exn&+|=qU=W
z7ux=NGl?>;5Jk~bx`{~QF!Hp8O-!E)-q_uCAZQ#HyhO9mwat{SSF!(I)VT2?WUzo*
zn+08P643X_)b0vdg`}k`@!xyJ4wWq=Q<#$4L^7LZpI@ysb87oc%ERBdjnmG<-;6~z
z2Z89D>O+y)s#r9kS+%0Fg??T27`}8y9nsT)U&W3Rq1CHsSCz(McCh
zZ{s)B{3lJSPa}t>RO)|ey8t~&2gXsbO`%fiHl?CiF80LI6?fW|W||Tk%acI}rXBo|
zy{MC_-V8rI>MI)14=QGh``J$=YU_myrN=??UXI?l8Q(_VK*G3zTySq8oxq%5JopMX
z{e{`L{X~9{r&um>O=N`^+$N%3-h}DJ(SvSx!yZ^>0ro5)pDwn*^ghDttO?3EdExpz
zeIK>$JL?2Lw@hJ?hYMyr;M|B~-~Tfju
z>X_=M518#8d$<(Qg{R7Pf=$lKtM*B7K3A$5tEl!bk&usJ!@oHz*>C8X*KYuoW7y#J
z0a=Va2zu{>(GvcX?ZHQ~w75{?Q^@@rW6M8syv80r&~O0u_(t#eaakVxKU^9U0#3XH
zwu963kn%yebr;wj0$O5`u<|L&KN?EUx8C4HMT{F>nq34hk7f5wP|zi%s9%MO8#vBJ
zQk~J3c8JIvtJYB3w6Yzt;TCsDS7mO2TsaDrBu|Hdi@-``x`AgpLrwQ3$nLhMlozt2tBR>F#SGJ8>OIMdKezZH
zj~6Jx98T~$xqCCh|By`?gI}ps6p)I+U)8#B#QOn-@PP^6rh*z>*(5mIz!iclzTb8d
zQ17P@PkP}XwZj{GvXi>TFQ|>aq$3vF9f#~ImK^?|NH8XDBEi3@gxK(;V>&TL`{^tW3SNi
z1~znL2UTwfI`oLfwwQ(2MnXE+Je&vTd1GO**tR(EZ<>r~yCF;E-P&HDt;cVz8*&_h
z{~xIr^10^!kzbUFU7MwB{#z65a+_Aq!!ES+8U2MnfBcDZT@w6klk#Wi
z%V;0k>1lY|*AhJXDj>P(L(NC!G_iqFPeYz~v_#DQOgAWzuwzl?vJ_!%l09&YR9+cI(D+hKkNiIQWR}w3OFl!Kkk9K6iVnWYq?OvMe5~^T&UXw&)Tcd
zbCi-z6{IY$bV!11;zF$Acd*?sG0WH@yu~>ORVSvyDwXMNZIaB2J*{w&rvtJH{k;`_
zRDegCKQ>}j!0(=eSP-)lxMyF+Tts<00XIcX2KRR&KH%fMI@mp1X4|PKP0c~y8Awv4
zCzIe)*>ZXyR^~k+1(>}Sm;Lt*sL3`5E$yFR?0$ikI!_6%yC;Fw
z11Nku2^h8sQVVG!xZ?n|n`i}%7{)bR@W2Os7oG$T4aiQ>c7oCmGFX#xtx=gEcPg5EeI=wn7m2a^a{6_@38gK@!`r0-{f{JRU>iLRQ(8I?
zL)Lcz{z7i{w1vKuuiAlD`rwVEhH-MhG}QVX*?#B|kc+8xLPQkO59Vdq-=nl>8
zP#$jJIYGID+3@$s)i%UplRu!`lJ|IZiP+4wT}ghS3=}*3g9IwcFL6~fSb7%l%Xn{)
zGGQte@%6v|hSqj=O;M=!ID6RHD
zSBo1gBIvl^fNGb_R>PFa4fjO*C!u32e`5N@$;x3+Gp8Xvz6j{#hM7j$X
z#MxbNb`JVv7TFy@2-J8UG9C)^WaRdTVD|F`*rjEFwN3fmo=W@y6i%gmq#}JCFpXz{
z*dzf1|8|)8mAeL`c*-%gWIObPIn@I!8<6GhLNpE7Y%BOBbM_M4CFg8HPWp=}8Gth%
z%&s4!T}Y8fKd;{d1P&%*%0WE29cAokr~bUA58kEAjXptMX>y|>_#)>3NPL!#BDb(0
z4-w$re@6ep48Zj&=j5-+6Rxa
zM2?t)F>6q{VDnf?zpgN2q2#3sviz0rLU1jYbx*<;E;mzJx=tPd=PtCPEGszk3fiu?
zGp$%;kGZK2<7--IVP?uGYs5x@RTeEoPvb+Ilnn!x5~Ss9DE{`s6Zm}rax6WOOQD&_q|rUNn32E-oxaINqnI$9GNpZAO>j7zFw
zhT~l@?zcWk%sQu-tM*QFRiq
zo5_=v@57zPHbN(OkLc?I@W2vm+d=SzM*lqJV6Jq(Z$~ZbVQ=4}%ngf|Pzw3X;C9My
z*_pVRgyDmCOHjr2N6x6xg|P$hqFGe&E8onA!xoyD0n?p<-Si3kPiLj&g^7*8ltU`v
z*<|uce`M2d%u?D9LFd+k!f_6KT5jqm7-x;S;LmFn8~9>gxxyz8e9E0Fy)Wd1lsn_K
z-`FKWeN+65z!ADS1V3vd9p~qkqj%oJ@#=2l(R=Z=xBL@{>B=nO33g0{%C~kwLuu%p
z^VI!&<%@2hJtM4HWM>N`djR$g_5kA}KbNw6Ku8d1O1lDT-eDO*?I29oSE#mt-pWG_
zI2^qfGPlJfsQ=nH`9}bkTqcHJEga59qdrq-$2P*JZr_ffzvt!J@=G@lP9sMa86ig(
zY*Y{6yE75O1rXFh|F)c^YB(mQcl;_}YZT~=oeGV%RTt
zr^_i<@Um#$Mc^BW2YqtJ_r39$4-UO5@x#1lc%898_Y-{36i=PUEQ$0ZUJ@@v?#UN*
z!`i;PAkO7M)QF+aflu&hD}k93J@HkhvB2NtEWgpmaP#5Nmk=v!_(iz9hg~^AeksX~
zSLk1EZ&r0zR5lt@({k~eCt`gcPV^y96>3uAe!;f=jv>@qudSfSs;tJw<)5q`kuY-fo#;|8tCb
zT*?XxYNNa^6H{LCm_0(dN->P2@=?`Uw72FjkZcJ)G4kOI4dC}-9(pRNLf3p(4fY(5
z{zm;-_gVD@`XQl+7-Ac8DH^2#O05x-{um-dUO60#=@)>>hCbx1@|BSrI4K2Ew`s}^
zv4^E+T;RFp6V&_^a4Ay
zSza04*9j5cnE|Pp%(L$Y;k_|%R7;WEYKuYBlj)leVu
z0(-W-8M=;>JV0r?)E|YUAz{#D+T`MJgl+7-p4jPRj^lqi#0q(pGo3w0()tY=o
zMl@_|G22##V#7ZvnPbhAABa8+cV3I|@ePKsK?Hsz8w-3PE^gJ3Z|$J_%Q>{`!rXnm
z;P55bnX?Jvw>Pq0Vm4kwW1e{jOJz#!cgT||BVX(|57s4222oC8CRi^R_ds+lixdtU
z!AxU5$pO)e0q^|
zq__~7BABE}Ona0REsXs#2h9rvijJ7kFk
zn9l^$&f7|}cjwpzo{@8Fa|3RB@JMn{WE
zgab>6TAQKSPJ)FjyzD!iCK*Wd5!2#`|DQZY&@MsW6AQqTNF>`1i+&I8JHhVGVDum4
zy`254*sMpc%0$U;@3GjA#y~uemnL@}kR`kWEeqg>EiruJd9u2MzLPgYwnwuCbVE&K
z`GoR>6x_tRU*VMfUhu~Az{M{edK@TWo|QW@`{-SAHMeP2^?C5LRSoEmqxC~U)W`eq
znVq0rMtJT9-vuPXley*1pxQ>dJfl6pman-4(8i7E5z5|G@`
z(&~>?wd4rYnf;V)4v`pN#F-@W`
zVP9)kY@ou$;FPMZQfDYR4r!hDv@WK;;*oB<^)SwZeS3xKqu8l`t)%DWpzi=)Ka1q;
z$%lK+IAh-%8!0bE$fHNdajbOM4n4XV5-^D@rP&f=q5A)@r`i)6VPh#Jws@X$RwrE+
z^9|qB)JO@4rJM$C`_$mI3v3$g>X^|#;7t)=Soh+{BBIbfK>b|}_U~XvoOi^C5t$C7
z{#`3!JZ)yQ4vEZ`F~tz^)!1c+;EPYdJp3Be`@W$By`?9|BOKW)Ef)Q_dXYqB@ptk-
zHhVm|NN$skxlE+Mb~iEodlJeo4iF*h#-==93A@8eWwg@VPDa84JlolabfK43Yw$l_
z!ePP%#%J8`8X*F)%YMyxav?&9$ja1CC|+P8cQ}LH@j(YJz!k0V0qU*}dZ2)E1yJ~y
zeillc80x%;>y_b0yJY%$An>!`;-C07OKSPiE+~qR=zXNCg-)@KNQkeNpl8=3Z~SA3
zm(Z_A*mkK@p=OHruuG_~;}bxaoa8o+>;s$J#(~WTv1$j-Dv{{jD8!FU!Tu7xv)I?#
zM(7@v*^ZmKiSp?#LYrbBc4QU8l^V!qo{*Xia$LnKr~t$2=x
ze&Qb5+OH&52yan#dW?#)le1<@^eh%^y
zHw&glf5XQ*1y6pECHY`m8{MKA{A!33{=4Kkk5FK(x9Fg@6HW9H*!c6cTIcZvzrf
z0(bC&G*Mdv`JyPWen8?iNB7V~j1{SLUp`C#4SlVuQNV6MP89U91hF`u7v_r%u!^4%
z3$VOILOAuN7N>}qc2``k^N~#$+oaYVjqea#p5(h39Gli6^??d3s5r|^0z)%
zg&R3_(re!!_+uZueFSNF3KhXgVB>(yJunH5;wp0qXSLtQ?+v-0)M+m)zWH$y)B9QWDy~QPL3Sp#MD#UlxSM06gYUYUdZG@<=6
z%Et)MxYZs{^+Aw2;AN|{G`4O9n$Ak>%TC~DU8yLq9f3QZvMmi-LAb44eG}^U;|F~S
z;olH5M?lmJ`fM#1IdnIy
zd9g%IH-&99+6V1!i6hKI^KAB&1*5km9neG`dwoCK1*{)cn2MQ|Gw5?s{Q~UBq6c{3
z$FbDqrHWMx=&nimt3kOt_x^W*vy>cXEVlUpe^_A(zf>UEdF(au^mN$keKK5~rdV|Y
zf2V#9**XIarxviE$o&X-!0c>fIzd2d=+4-&DiT4J0E2mlP64Z5^{g_t&mOrqdF`Wz!lQNG_NZU#%x=JwSf`t^#p-EPfoTo|^7wqryClDEX^BLz&
z*}Rf-PRC*i8qf(~LO2K#c|Bn70KR4jc~Ats#F+mKPOBD!iUKTQgeWVDc}LnX%U&6)
zxHDQp>?Q^Sv-DG%XiimiI8`qkKYfRnn@m6l<-F7$viU4!>Epp^GTR@VG-2Tz?9o1Z
zpfZTRqAlk`K9P99;vD#;MDIcs&>!P1AcZ$)p>0pucbH7S?HK3oKW55ZEO8s^z}iFA
zk`89G=h^uzfv8VbWPo$Z3!rYeC=PmM9fY;iARM{%YxL6$$!iw&nj2i8EzIGxEbu$w
z!D&{#hfd@Dc_wlW?-AR!(`ccMD~!s*%}RmO48h{KN*xqw~(x4&O
zq7pvyZYwBVKchf1wVlwXQeywV2a~dhga7%pkT1ye7DJJPV+;?h)Cc{Z4@zc8p3O9s
zuy8qgDMt40yIhxWWDDNDmyq5LiXaaF^KtiQT#;TbHr&4laBkl&hC6lm^@pa}_c-#e;q4%`2eIsd-%C`wBowX(lKWOBEBG6=
z6yn9l!G%gW>jqOyi|C{#%#!lmW~9|!$hRG^UJGfa89%&ul01NK&~`x1R|Sjw3fV^g
zYQYjMKK-s0k8xr;xP*GNf_l)HP2P-5)whxCai&mNp3Tk}?0-JMHV8X8le#SwJ^vIgE(Ndj1k@{**?4JPvlgrfx6ByMXZo**~5~Vtu16mD0EGFp=n_
zE19eCq*6W>rDGuQn}sypHDS{QdjA52tf^#rD{1LUM)QvzKLYY-?r&yz9+T_!{SYhx
z+nwd%AxZEDPhyLh|B)ncWq=2nJSG<>BY^~L-Zw#>I4W2DluY{9<}LcNvt5y%EJ0_E
z;qUf1;2k5SvyjIetLPJ;Jr>{zJ3hn=RRc=P=TN>ve3E^h@YtBTw(^K*@V4d7Xg6a-T>3)JDT4opUL6nSqJ4G$x*_;rw!e`Mpz!%&bt6%UNm=HK(x-*pKemVgs
zzZ#HA-wsWa13{q=c=5ca170~bC=z&Ji8Ht#%N|bW(f0L=f<33nd0;rPg?(a1uww@-
zO_)RX(TO`HN!3FXd=}hZO2E8vI^i@JY^xgf<)9o4{^Y8
zzL~-lr|rZ4o*U>fYF>q(NI@s$UM0NT46N6iub#LBnUUx1iefLI-#*sCZwk=;3Z&z`
z1dda{1LAXPOTcKQG5mWgGSLq?9tWe|!1+9MzP;Co5E>hNB`aKCWn$|Y<1>2p_bp~@5c;3>IcaRUCvb2_(OCSUS@Nc!@CCa$&b_qO-ewzijE
zsUk(2Dk>;wR8+L0bFB*^+EiQ+5u+j?3PeOfs?MofQCXtwh&ru^hzb!|BDhRl*q2n0
z9gGqnLI^R0ER)Qf^BwN@&xA8`&PCx7rK
zJh(KB63)0zd}?d)xI;`h>tpdq1$K2Ef`yh-^YM0-!|w|XNpH~9{y-x8_XUQeqp0C<
z1(`T3>=qYLx3p*fgNN6n_$Y=?%`+HqX#BmqLbaUcnsU6
zUHs7(f%ajrY4HdXfite!dZ@iR+2X#Fek~q5?5CeS(AsBki+{rnL*;*^rYppSc%C|i
zOT+w)k6bFz<{+_)W9yh}L>9njV1;1l3wHwWzxVc(f4?+cfE5us6Ausn)rKXET~g@Zfp`hc7j?u`4Y#@Up$TMeAw$gWvR=9c4+4#XUvMNU73tkc<~MdmlaVRnPUM-a0vIypM4aRJ=)S6k31~SQPwJnaDl`MRA2t^KC
zlx_6YdmyCj8Uuf_EZ$su5)7F06gn!=EIYbF$7Nf_nIE-lhD>S84fHp|$TM6e_?6tZ
z%mw12hExsS4+8TwG`pB!OvN}vD$pMCVVnIGt^Z
ziF%>L1${L`1+tjV6Kdew1~?H;ZKmRl269hAIr~GzdbM%iTbRpLV5wGl&9O8$Ele~r@n2si$gDkseszN+JO4$ChZ1BbkG*}ewRxBdK2
zD2(~*?KxY^wn3l|QhT>stoEqAGuWO62`-6FscDn^#QcX>F~$$DtLTs{M2D7QI)KjI
zg5z$>0>h!w`J_u?f$%)5-HZtW^++5z)QVp}LP23Yy~xFINSMKXRk3gksBAoq0m?y|
zSB0@mmGQqA?TnWTFxu(GEk9jNtyj{|30VudutB(Vj*7$8)GGS>P$v-2sup0R`WZ2^
z23*VI_I~6)Op&icspTcia{J#-oXKOCm;?_`ky+rc3BF9|sMXT)!cJl$rrtJ%sCoA2
zR9Q9`c!LOEmx{h|F-7(6Bq|u|ppFLAz8MyV_Q|g~qS6wrNWsSH#!^&DbcnWNZFZQ6
zXW?YU+7iY+3%=j?KhE5%?eIILx3jdE`Wn`TC}KXt$hnF?e~`$3P)v`!5?qZptJKQ|
zB~9Blva1df-a1D3npwR#Ogqkn^zS4VOjIbW64{7L%TbX8!=g82$g=@l#1s#!o1C~i
z!*q6()vlWbe{qhLXWQZCQFK%=3;w{89`oQ2LnyPS$I8|c5Ub^OMx3Po;PJpW%}DRx
zV|5Vy9*+Jv&}wlgvU!$WAMSE4GOH%;dO_+Huvahd2NqifIn~D78_Sku6I=e|!+81HIsq
ztkX?rAJSjLVSK0vBq>y|=_zr(Ps3j06>$OlSAA6JlJnUG9<4gjREx1thRck0o$&R5o6>uk8YLR6?(A)m
zEJCdrLi#3Gxd0~?GW4PPzEF@(tNJFPO~!y0$x-x3c3@<2j_
zlZLP>TrIVq3w?}2kLWmd-UF1WXRhx;C7;NMs(jw0YF;G_?Pr#kaL9TlrU|+c5B3`C
zg;IF7Q7@|(zK5q5MUhA4FIe$O?(C5PbW&-&IB2E2CU>ZjZ`bOimpM&|#kFZ$n6A|g
z{QWBmTq$sgtPWk|JHaOu`>h$PF_!2V1kk=5O}MySu24xRC(ou(LR51FvHA5Z0C
z)ltD?zub*tSz$gpe-!PlVz5mmuZI*DnZ|BmFi+El|27utzWkGWF(B9r%bogg#g_b;T(45r
zPSFP~FbXtVs1+4V3dI&TO%b5EGqA>PF$E<$z@wM4qo!F5Nz
zd`1+^8fBjh;{b9Bp<@*nP~QYpx0y&kgkol+4Y+jo!(}3%M4OZU1Wg~2+okIrnn8DW
z4-bbWSDpd;LU>N;@W9|HtYpQ9QFz$}iWmTPI?2&i&Z$sWd6Qf1XEGIhU_0{h{pSe0
zH2vtRC1!c&AU#~iURjBwL)7Yq4ocf;Oq)D(ai7!_dN*AP)-o|(u9j(j6}6I|dUz#z
z*=;x+G8@(FVh5d-qQB~iU~aD<5?1#_J)NT9KgD&9Tcq6XMJIk!NHIYtDVs~f6xWU7
zUIqV)RnRSTR5B=10Xs|DxSbuMV1G2S$Cn8j5|-pqU&V2iEu7^m_@B4KDm3RVjnl-$
zszS6TnQ%%|T1A-U6T=w)7GT{$<^CMUPV5kp@xE;BC@O2~kabUHoZ`S$P7tDM-Ne0q
z83`9H9P$2@JStcRH^{71)m6e^^l&Cn7mbW4A5CUqN>$
z)uPud@2@H(K4)ni=VFi^<*WjRM0?rBArx`~9@sNPKU@J8Q5?S-Pk=Pa|F)bu*fkvhKRI+M)~@TR@<6g+ze$!}m*
zk15uli!B9jB2laly~hr71o&+gxE{q>&oH{GqEsO|;fk(7;gfYM;nwx2?XymkH?IO!
zY1w7!C`vnq6A%ipo*6eE#vDc&?ewC@Am0`VCUNp6+9Qnf9_Z>`F`5&Vs_pF!Eu9OArL?nXa-KEhbzQdQwT
zjY*WxhGRflk&|E<*OXv(sBfpdP;T93v~|Rg^MUQaiufUZ{
z8p45ZoNH-2H886JeoLaGLp_P(YUqD%s8pG3@#jH7lU$pA(8Mm_A4-(%#uBQKJn@d*KU_RJpIe&+@z(!4J@WeG6QEeIU@P3QFY3J`kiJusOzOW8^gP~jg(5XSs
zn=N0ijrrrvCh(Apy``vRth`VuW`G3@3#Hv);?}Y}u!UT-qek*A4FjOJx6~AM^X*)C
z`M^7!a5~BxR|vDUIqNFGos@F%gx^uJA8_a(f=z<6bFn~x&H2+u!*ArR;|w32nc1&V
zAhP`DMgW@Wj-1}_K-cc~E9lOd41bt?D>gJ(3ia|vxH{T^F7*&y7EhT(T-qmm`s+%v
zd6o}&mdRy&(A)-zpLUH}EeAM@96~-1)0F&9I`=O#uam)4fp$S463_8PlA1iSD#DGZ
zb_2Qd4sjbAtd7>pv!`&%bN=j#az^$OJm=5tnJ!@cir^zo;j~|gqPx>Id<;`81AZec
znU%>+QDR+$Zv0gfdp(IwY5+e2PgTyPXvQI$j6|uwz!`^*b8`zQuj}1C?%JJ!&?X(^
z7ET5EAbk}2bq^Aa`jc?yQMlVR5PIrGpDKtAD)9I*BhJMqE4hQ$1-n1d8A~it^=z6R
zcDosX++8}il{>mxST`d@1de*In$d{1)cgh<=jNp=W7vtaZsYd
z|7#IwTJRQ3Y$yD>MwEf@PNCG&Ao))o?WT3{K=hh;Us$23tF&4xr|)%|11w4p6?&|N
zcvtw!OA}2g!9;t7tmo8Z%j3Vy_MN)cCuAHq_bI@?sniPkvjv7Ip%27Um-mYTv}x1u
zrrxM#`AQM}?JbmtQHHKjX)tJS0aqE-K}-QFI>r`UC=JkDe)odMr#DrLee+_D$-aFI-2qDB=B
z)F(!HX9G1>UR|)c+JdHYe(DeO(qXybVE3SRV{w=^icUxY|GG{D_|X$03PBz0E72di
z;m=(ip!Zkuq;^X0#WorUuX{9rs*r}7F)WbHeN0?}U1J5S~Qh~09UGlnRqMJ8dcCbyqB#S?uwl9m!}AUFZp?yhB<$N`t{^W|EcS=FJO$c-
zXID%G8<>r-8b3*^-*xw)<67y#e=+#mZ-u>ds~x
z#abA92i~>IqQAV49yAO8(TbM1qvBmM(GA|hzY~dfX3A3r6lVDbopc?0>QNrM$gE6g
zi-%{oum{d#5`aEN4|6uW1>dNJQE|NNyFO@J3&{W7D4eMsM^seuW*U}vg0*eL%n$D;
z5eqH6#XIt;8A@CY66s9%;TEt9P0VG7)cr&{N159z&?ERoJ~wWc#eL%PVLJ7O&{uT;
z)2K$GwCTREp^NahBm6Dm4Z4_X?3H1l9!#a9^3Vlk266rkCS6b;tduHZjWR|ptK$v8
z>IFEYx*?4EK|-%F`%f35Y0=2!EM?v2*XBX{x45VqjQ)y_gNY;(l=cx`vF)ZbmD%YI
z#Plxj8|KZgp-&}D3t`vYr9Bxo%OB14;e40*f@yXLg9?M+-Q4A(Kn*AC#Q4NRnRKS~mYmYCf+ZlN-?H5Z1@Qxi5f^7m>@ZYUSAmUl#@K
zsgU}2vBq1k(TU_xuCdMW86C>L_#62+N6bN|iPjl(4DJe72c!sqmrv=-m*T?Fh@&D78Yc%LpR$u8rn^e7J57`m9EmwoD;fJsG+G
zinz%r==@_Yc}YJ_9fGbShNL^_q-Z5MCz{l;lQ1?1_v}U&S>@{lgS(3mOe;hGT!|bW
z@*GOb_Gc&uu!4}QVO403wBc2^#=$j?v;BAzx?c5N^t(QrT4GGf*hf2sZ^AgNd
zC*hpOdvCxjB+1bTU*d~l);X7>bId$kY5ujWk5|V@OBmgL;W{+l()!OXW~LW%5kvkO
zw4;)ks!PjqU`|uX8>J7-o}D^l;x44E
zGq+D~C$`qBJt
z2j6V++*d5E=RsgB2DfrIW1!WXxs1B-g2Ek3<;gdUv;MmJTE!sw~^;sjSz
zJw%6gq96RKE9KWm1phLK3f08-OY;eFEz$hr4dm>HxoE;yrFw@IM4pQXTs|BxVGjy^c%KskG)CFh1w^WwG@m`kN0_6G_ton|Q975M|
zLZ4bA%Ma5Ex1f$;VSLp8nADp)bwSqo9DQP;c}qGnWSUIzz04+N+23B^*0}jvyS*%b
zLHb4cdbNDoMt0pJvIp0f;&Hm*-{boDPf+%Om3X-_*TW9$Kx20|D`=H#nX9u`YkTz
z%y)0$l~J%nr)<~TFIdGLEX(v||8gUmmyqxDds;9ABu|pc*K(^f)Ad{4F}5X2L8jh+
z#glGtFmI6BHHSjWbiBSN=%4|`;u;)?ngN`u&`gU~CoDpb2_F4zGx7EQetPUBfuEne
z>wHpuocz6tT-cWrindX))CQUC?mL}LzJ-{fbKTaU1dS6ckIzWy8SJWmxsYBKX(LYi
z@Av44>F6o`&I=Xv>V;4r#!y>t=oDWr8zVB`->zV!Ha@SwIg7w+bu{;S)@5Eld_Kfw
z1){%q+_XVi$p7yCR!gP1t%Kjx-6MOxHx4;BBbTloS+yA
zndoY2T4p-C1aJNt{@{(2+v3>77D--zUs@?CRqmvtbR(W4+!^=dOrM>GSNohIucZld
zfvsHPT*-pdX~Oyn-MyVJ1s~CkG~tcs@@r=alZ`!{%ucEj(9bT^Qyvxk4}PyI&ZuK!^2?QI#vm_I$&Rar>OZ`O
zL2n$0?9q!~q1dSRdhs22dz=K+u~8BECheZLuEN+u`(S~YWgIl-124Qkq*!_
znX@kroS9{`xgM?}MNATZvO&QD8!~*gu_Z+S+aw%-cUA
zXyn8W^BIQ$cG;C`BKkxQI(R0Qw`t;_vTMAL48m7H++zl>Ph@3IckLmm(fsuak1kJ$CxX12M>no#?#{}?Y
zV4>M_5^?P%R{of@oAKtIpmL$va}F^{XZ9>2e?A{CRKCriD?hZp9coy3BS~cOJ=A8xi^VlC}UJ~mfx1c%2Xx%q-toKJV#y?vxwhE`i
z8)4?<-LLxj`wgBV3=A7Z#_)SQk8u6HMzfR*)8dNI^})6rKEKG}reC
zt(iqk(d7is19S3t&i!g)Gq+)`2>SxKcW3C6?8)Rp^4Ueq$uKLI=3_B6^_2W%HTl`H
z8^q+gN`4(1kk9(;TZ%c@N@E=UQ6EJe>q+jyV5ROAnxS*3Y65Ha5e1z4IjyITozlrA
z^)uPqqI(5DRPnrhYlJ%XLc@)2rarg*33@Z<0dJ$FJQ8gm{1!jIiIi3%kx^3hD(cZ5
z6px}yQL+y!V{LYfc`-It-XCnZD3X?<%e*Jo-V|QUUas
zfSmkC1TS<^PmbXGE(7E~!#BnvgwYs>_gK)6KZ;=-lTywP`VwtYk!&iW;5m>i#c9*TEF(^3thJs)`oZNcYn<3?l;
z;<4<%Fr+W%IXI39&9&slC%iri2Y-u9;-Y#07uR5n2P`p(N1QDJXkP=4rgHPDc_&cZ
z2+yB^9%s=~PiUfVva!w-!Dt-OzD^6kGRNnMMCeB!o3Q3vE*w$!!e>C1G
z%KjC%wjxU$$Hy}kQ3WVl7o#E^WPbslfDFxhR>#FCGCL4y**YdY{&koKdkU7i%9Q31ZLBk
za4pE-8u9rZKg3&7bA-!a4t1Jyd-vcgQbYZT&wh#=2i(HDXx;z50oJ4Ag9QOs3-J`|
zNjzI+|9HajFA?!dHTJ$({5s+is2PlXpw|S7C
zgklyN=wvW!Y?ZOlEyo1zme)f;{ob+tkFLjuZ;|nF<2_93^};PP|93>cY9W`o)PPHB
zc7X{~o51e~l=T^n4dM}MuN``Z)wH*KG-}wy77nt}D>(PCT`Gk~`pW2h*7u77|l?+Pr;KH79Y3(&~yDT=X(@eXr
zWh4(UxXJd^xGB9&*Z~lop3-b5J;!b9>Sx;^8n+(Fd~iO&DDi7lH3uX|IFGu(yZsVmiea(fYm|
z*(>bypm==}dVfoIQ+Sok3L`dzm!T~ih`kNmNiNp)c9;eimaPa;7_U#}oTkzZSk>QxnirbA@6cx_V_mJBPb5i?8EuS^{G=zq;U)f$vqW
z=K0&<<;2z*=#i;-)UtexRT0o>D$WIWot5C)a>8?vIHC;l=yQ*9<)&($e-P!On(JVC
zG5W51G%B%4-pH=9&Z4u;g%?}pH`$9a+yTBfh&JFzJxqH@$9i^}Lkq#s9$$3qpFDa}
zynKBrx>kq=PshR3etxBk*>@2995^a1B0ug~2Rvm~nKd8q4WaoQH*_cu_v%2p?w-~_
zbhy*3e(-Kl8eT)ML)zdHh;HH+*yCE1HY`-IAQy(m(GI1i$6HbIN5k0*^qYF*s-i+<
zJR?>=NDsiR3k|D7_i9DHmgkblLY!Pitq9Qzu{Or0T7xU?^Lp9ion~r{&0A!nM(Tcy
z$0`+?>D=qHn5Uz+iI3xc$OEBAby%l{Wu%2z&U6euw!x$E^m%dI-#E{t3rbW{LW5%a
z<=BMbn+^bR`2oY1SHcXdPkuW_#Ub2XFoy>%O2xZ0+}n%3KX{M8z5-wQqL)>m?jhC>
z3|d)9cOmSwv9xkKv}4_OJ_CuJXr>!*eXd3m2E~sy6Gw{F>|%pps=tN%+Jct)T8tkY
zX*J{*qPl&)sQM%C=LgpbOhtoucF)al=Hpsm0u#XKzA$a&QCF$S|KanwaPnb&VI$|X
zi`|Sx>Ug;mbi8WSTzCeAu4r1bY%WMQbdSV5C&QT45eUoU|E`m__gh(K;g#BgIP}XN
z%(UTto?pEH9REgvk#+YZTeRvskWpu{^5R_L#l)qd%9mY(QFWZ6MOzsihkj5Ki^MpU
zRuE&$kwYu-C=Eg3zsI8@
zsLm^(t+)vX1J(bxl5}k3t?nKLXK>s6kDpPRO$$*>2e30ISK>132=3-(3Hk)9;0?7i
zTsi8ULAG)3eGnfC7rYy#i{PFg#{}}Cn6hT84E^#JF6-Y>O=xx)ihBbyG~0=9oe$R%
zX3wrsx}7k7<7)}{!kS3#5acY>t{&h70X;E|OvI1YM3*Piy0jInY6CNO*R=_@1aNj<
zDPc_Oq9DS7qDdbcPqh4DXL%H?*oZ2~WbNX4u=Mxu@5w)(a~KVM7reY$v`EtyBL0>$vAT(Cq4@A?-|7Wy(TP@y@mM}x1sx8db^9BC?D3^T!HUKyq7g-
z^hd7o23uVWBKZp}dZ9quyFg^_Vw7H%>$O4;y)es{yHwdu|3o&C4JBYpA`HN#c<=9M
zjjWBfg@3&h$ri)27|j1m=MZ8M-u~=yxv)*|q?Y$-wOg)mJ};EiT8s4Vn7U5*$dtPk
zhHJOrcaXJ)#<;g@S-Bu-1!KysBHP41bR%b#g(>2C%AnNArgO`G$E(cQ;bE#)JK25w
z(zyPYNs^&aeleQk1DfTDayR;A33R^T0#)u*GM&3i0UQwa%
zXcog|xJR+Db28d?5S&WY3N1exsK{br&3KhOKm~4LnO52@e^h(?3+(VRXtQC=Y=!ux
zXA%%3modCRRP?K_<#C*t#srCNVT@3$0<*89>v+%~)_6cKaHt@!G*AcevH~2$gU#F_
zyd0#X`W2d+Sot=THbq6`u-MfFEjEhd9&+&1RE36{qPD^Owp(&}5O$4$Q>)tem~3`o
z%n&B(vM<}sQwP$=u{BO2Lq5|+MSjjoLo73AUF3cLS112AvaWs3i|fPtH)nmZk@fq4
zUO7B2mnY${lg8TX%n+>j7MDCh6<|+
z?+aZr*Adxb
z*4sgIvLnhU(Y1c0WhL>zj#ch#pdVq0vC_vNna?V9b7|1=k>Yf*)hhP-y%JvCodM>`q3TaYWwr@pK_chGZfa6WHejz~pkC
zG#;&-fR$U3Fz2R8hJ8xJ>$IpK1#7IflrR(zd%u;8dAuxQ0P{Y>7BxB9?H4a?cHph?>iAIaw^w4w(frNZURDjD1vqVLTQi)QILG=Wb%K
zw2yi^eHL;)1;>_o^pQH^MBhf}a~G9DStIK)Hxr}|$amsx#k@lqY+(@yjH@SVdmQ}I
z*@$(}A&yQOjqIk|N>HH>5&9Ul-KT~`zC>eeHGydZv&O~|r8=8zx#VIsFGpJ>lJ!#A`r1#^@s4504@n@^0KTik>o_`QArmyfc)!G(jv{n;7P{sSdxt;~
z4|nRI?eXfZDDEAegw14GkB?GMC+r`QHFC9CV_V3CeIqh2%jrVumca?X=ycv)jBWWt
zcGF+Ynw0U1obvnJj94_$#nANSUi9x__8=B<*R%;5l~MQQ{z}1VxjYiyDrIotR53A?
z>0D#$0?gzQ)DZp+yL#@Ad8Z|H4_O_tWPf0TN&WpF
zyJr&F`m@;kEfjs+orpYIl`?;W77Of!qf+bvvs6XIF1ud0-H{a
zatGq^`})8%C8hsp2t%t|8LGh=e0vI1a{Sq`CjSQJWj)AcXNMP33YJYP7j2lLR(eTI
z_RG;N&S9y=cL%Np^JH&{d3WXcd;6(HXq##hCJu|RB9rtEgdP@Ui;GUM6E#=WVOG)Y
zwWxmkD)t^Wh?`LgGyipi*V42Q3<&lOiLhkjVga4aS^gb3Bnsx%Uc(KY@s|qNpoP!k
z+3F{t;|>u#?_rYgCWo0^gIyq2YGcFRSO~f+j1Kgx#9rRl4P*IS@`PTLG0yM&*Ky=lRsfON7B-RSu<^mt1=22i?W+u3)
z9CbQDE9_*m?y>sVuHH1^(01Z|+M{ZI6DUeRX{FVCJ8nQZ$lLN67_k~q0pdZSP
z=4%ff9p%|&XsJ1)#IFnRj0r<@XJ;N+J|v_<>2ZlV-O0CP+7r4R)$IgdMcxP^k-!uGn6gnuIAj>D`Z+;#}6_J0w
z2xWJvjhL-4Z$PU(lmizxnkW8@n!i-o1YmcRLJ+HGL=*9T?-K6^$7SnZ1%=76i%@y80nDMPQiOI(`T
zmva>5`ExM?U@I=Gmxn222}0psF7QgHsjrZl!8vTg-liy|tfd~sMqm{MJo;YkaFJbT
zamB(cj~-bdw=SsCbjt6BIp&%r%Dm7lk;KUtBWmQhWpgr`9a)PqIprK@jb__?Ea{{l
zT}q=9^){05Orjs2{jt{kFFGNE_z891m*17@<&UvYqX-3@%|ac2StQdfIXM5`ppu_(
z(aLgvVw!PQKX4E*-%AMWhF4O|OG;p@WChTnypPzW$DFK5r30GeEUqu*QMpyU2}7hy
z9K-8S1iV)S<2%u;B3_-22sP3fdK-Nz6e}O0daRA~Flt&BjCjXW{~<(99mO!XW;bz$
zJ$4hbrZYL466IZBTU8~Ti0g{d-a%^VwQ5`>w#kP}Dvh#W;;>%&!W7i?frqtTn+)ta
zRQ3KwA9TTirkd%i{xpki!O^E~yg}OQD&tS~x1$%DDtEpm_KwP?1U)9PY}jGPO3?U@
z+K-bf^Y!WkJ<+bDE{@XSaCIay&8;wt>T!{J9ryRN60Q4Lc_hjdjqGmy*RW9qK)bUQd1pYL=2)<;j
z8sYMp30is~c5b*ECzf9r402*j@l|l(mBs2N%fskHOKH8u+i%$VPNHi6F5r?|M%8
z{Ykj0h_ve-iMoinec^e$|MUrTZB|(Cwu4A_j4Y(R5|rq8f?@Sv?N)sWT8Civ@tM~=
zFN@^TYhJ!m-cm-<8L7QiBX7`pQ#*I>h3?bD1ifTn0>g&tod<>IIk|OogFJau^YI{N
zhp2g*U)BltqT}AkW#9neFxNm>K4Aj<&@Vl+kXQD7HmMISV;uB!Z5NxfX4xV99>bhP
zLt!cT9ag>5TNjIn*ap#^fT5sZ)}^9N)(APj$rhg)c}f9w-omS6BY-E|8dX8!nzX9?
zmHfO>Yz*wtG;(Pij@gR9hhK1rHbfjS^RhzJF;{R*caVtR-=lewz2RN@CEQrTpp2emT_g@5#d~OYFDg<6J
z%PQpY&^1QsLzj+#*$TFQ+1s!VG%cR)FOZLKCw5}x{gIRKuLa=B(K_KRH!QJU0;Y8n
zH-gah12Eaeko60AXtBDbq8sbUjmw6K`9`a@Vcrs%q_`Vg?r)H#c{i7
ztf*)cH?k3N1-xvT{JfM`ueauRa9nK9+OUx%wcN3es91)u59GBmyyTI2K`<9Mn};0t
zBj4+J+_w5kO=JLQ&9$_;jJO}9BNd$YW^U)FINum*UFV7xf2dZ1HPG6dc2d)e(q-tv
zTS_H=l-3}`%tzMEkXD7}M8#6(iDB4IdSEh=?CZt021oZPgb&UCsbs^;u3~RSbK&n-
zc-Z;?+e2TzA+Nhm|B%OfHz>%~w&stm5w^wS%_cwWpo;4wxNMBAK$JbgMtvpjc?v$;
z$a?N123)lK0p?$yrkm0hp#_&O0*_Yt53}IR6m%A^+KP@S`Rh5^bKJL#{C&Qb-wZbX
z4W<_m)@VWpU5zh%+EzF$dqv+eM7da_#6hbD@|!mPv1JC3yko?nrh6!6zXK-uNy2NX
z^5r_lyP9>ev>q)PgZM_Rk&E;_Ql0U%Sd#6w9#rQe*>F&MUy}=N5
z<#%t%q&K2}7Gvq&RWZB^gbe5!B2e>6ndX-^rM8WduF2v3#9CywzMYLj?N9j
z7ACOm-6SNA3Sw;r7`odQtvycO&n3p;2Xu2&J^13+(sHz7m<`B9Ety*3E$Azn1^L&B
zQ|Tsplr3BtrUeqdHHy*`x0DVM2HE#jz_P@UhD(zj!Y?X0-4F~OfUl3ZTAT*b(a%SF
z^qA)tHCIU3-vwf=S@4DycM@~sgz1cbC-h`ST&uxkxFtKAGri82Sw-X#o)b&UX+NW&
zv;yhkDV4F)PG6hP#I9IMT1-Z*Mu9YayzzI@y*57_^*jQt(@>@+=>I}a)=O&n2Oka#
zlVXJJ$}JB~$Jp!zhgdt^$9tN^4zcu9bmEs5lU2=2f{!cPK5VXY=f+NPeKa;0WS85=
zf^pE8>}(0&@I5SaL8$>+71NX$K$P^prx)o&+a>`glg<8i@%WLC!t0E&&zXD*9Ipfr
zvqnD3v~+;?Oa>BXX5WNC{PlpcIa$*j-
z9b#Uz6_P;@vf$kAwd~JRZ5GU{MXi0VzuKmp
zpyq#JPaFiTZ=7LzxV*;C?dARZrqmu$U75r@(0l6U%niNDwmMqzP!Z%~Y!0uw>xM5^
zdCm)yXKL3LqWG=D&YdR$|2_C*idHswUzE&;(HY8PRUzfX0?*-GD*vrRLeWL`ego^9
zRL+wno*2x@G+s=deuX#D&b)6D`j3xs8__-ORLMTg09Juo>fkH!iPgV{6GSy@37&*}e2m%1a53>}l`P`I^I#|o==N4s
zt&BDaYuFRZVo~FL%b@93+Km+j!lxW{tUye?af@IyujNU
zP)}WTW5=zsx~f&=`{;5OSfLQ{!9O-4iFXTYn;rwMNDEgwb^_aU{r48-dvE`!=t;Dp
zZ&qMEGyim!X7N7-U?w4O+q*O1O
zWY7q_A23)?>RnbXnL#7J+vx5NW@asKTWKHPtBY~RHl?V0&mj;MRmhvLqK!R&foR82
z$s5>-)}Vx%X3bqBj6`oD{ZX)QHFlQ|Fp4}T8wLH3z)fBf?U=d()CB2lZfZR(Va#~>
z=iC2XJW8*~LhlZDvU$&m7lkVMjb1bF*B4Ndz*%AKJa%LZ_$V$e64viig_pq0=fv|u
z70^U*R@o}~J1S&3_?=ux1omP5XHy7`9yo?|qWSaB^u=_L2s;?Lgm4tMGJ{vtD8xGa
zl9AeXls{JDRG+aA#l<2jC>kY)L)m6rtXsc*idtO)Pb0oL=ASIQerC`iR4rRmfC=+h
z%cGsDLZ7snZRe5O_He%+3lJviVSS_tjiDlv2iswJRo~k#kJi
z!Ag_&VwzlQ)C~3$w^g|My8;#4JSGF=wA7bvA3}T8ggH#*x&q%?p3j7rmIJ>kQHO*X
zlph(?{27NFdj(&mSj1QYi0PRHk(xFhp2y=`8#JMXxK-0VXoVph&tKusSgD*84?HNk
z<~98As)L73WYUQsBk-{BQ%VPj5^!gf{Up|uE3zggHqfItVyT*Els~)Z&XFdd{W;7m
zQ#1%t6To6@w9knT9=B{uCe(G6g0%*xD0qF8O~mj)(y;JD%?DyHyZr56ABbRdXWcAv
zPB(g!6i?NR3I$^g3?<<)D#^u*)CNW6sSHzY5v&gC$!Rp-gV^5WE{z#|Ti&ytI_;JW
zcFN!+V$(&`7quE2kp~MxuX^w-Qx+GTocE36qAKl{Q@hDV|&sr{|&F}
z)11cp>p)@Ct%;Nt!PHl;1lb0J>A3!Gk6}=_f>kT9*Y&95v#KTJzK{HpdhDg`u%iKC
zZ-&HBR`<6fn$T&=dybg`c+QTT=rAQkg_V*?>k8^^OAJjzW2IZh{VWRUG-W*p`Pp!j
zosy=4P9Xc6CI-&{GS#+^{;LI2cIEts#RPUv;g_Vy-SJ03JY~z)hROl?EnSDri7u7T
zlfI!mvf5iFjyXZmjgjnE*jQ^smF|eX(;#oo=Ur*vm;vB1D7g?%RgFm2;>XVIs0P+S#ifL*Gd8&QKTDwh-J
z9{K*$!e>G^E9Cv;02e&dREa0w7>G7Cla>1?(GVu#jn5#SAP06|FPDD>bA7ZD`;m|L
zxJ$A?EtU-zEkDMpw*Ky2k8BpAxAi^pD_Ka6qls*}U@Q`h*0~eObxeb9qwi
z!~O`KxjDgO{@+8=_AS`2q1Ql(@9PFrD_qO!K>G8tZ-Y(|uY@s^)N!D=_r0j<<8WFz
zJ%JrJQN3%N=ZN!**S2pzEi}2FMVD`0*GgPQKFX>-evbp2A5F@Mc#Pk*7_j+w;}d7n
zmkIxzoxcUP22_hrT3S<1QGS5_(P{WjU*&IZETzXaFOg%%fbjqmzVmw+wGhGda=P?D
zj{Ig{rERnc7r4JwmTbNdDn&
zlp2Jd?dNhH=?X86uN8I-6UXYQab0Z2&UCgUpN9oF_S=RW=?%R)hamRxD{NX`3UeD7
z?_q3pVHCA2&*ydOvbJ1LXG<5s#*5X|a+CaV0QY863wl`h8a~J;W*>{CX6Qym-}K2#
z%}M+In7i?A`e7i+2Dn3z323lOd
zpa>a^J!8?QfT%IxTx)&6O-x@s`FW<-!)urIZ`zv|k@YV(-60
z!{~vUn0VNtIj0pB!uCjX$p?ivA#Qhq!JEGlIx!>`Hht!a=B~V4Oz)S2KYZC4ldIZ<
zFWAi;?==2+J|c_J>@$M-uJFV%GWlay@3?!&@}-43to5D-F1sU+zCau{^5x6TXIBvA
zi%G{6s{AC}eiTipWWQF@Hg||nZrl>Mdk>s_0!4aVrWaerz3Hq#_quvC|4`E7Iqw$0
zf6H-%^%)bTHb>P93shrn>si}M6vBB%-VuWaSC{#($f9~7PEb!2JZ9g{(}F2VD=cKf
z4p%Gs@T3Q>PoT3S40-(jc>4CZn7Z$Ogi170q>@1qdWgp*y3CPO2!jxMGzcLX9?@-@
zBO>WC5<+UaAR&VyQk|4a$dptnb(-#1Gt)H9nVEC>?Rh@m*YA&+bJp2=uf5OS`|Qiw
zYrPk+NvnAaZ)^g-o7UD-3uX<#2`&YsK^GUYlqql|U*9v$Rq@Jh7&yFAwdlW{eF
z*RoLn)c9&rISD`t;07HpD)UDT`Q$KQj6Vba_b89DCi-iI;P4==PaO#UMWjIv+-d2~
z&Ec|N&xfn;y@F0&8TDA=1M4U~t`hLI`Ji5)e>HeMg9?*7(wv8fAfd+f*Qi)@XY`rx
zFTpv0J@Je0)>IC#X3nK_0f)7Q)o-cuC2dgC9?A^3m-<2ns*zvii7QpC#!>br6C4~U
z+PYGEn#m<+GvI+uDP78Yy@3Bc5DEqSa*l$EP%O>0K`KXZr6;x+6VgsfmAfz_!sr<-FRK
znbcNOmkn0mPe0z;SJRvx@z0Kh6++=sei2oJEK(|RjM
zHUXXcD*mL^+$Bj++$gURPUFu0vS@}Q{NcOd*lb?l5^!mce;f6f%$C2w&
zYSM4Yp#*rGNI?#c3SL&B_mtMncycf~ve%0$EMEdAzBq(KS;X(gDxkxduY`{gzdyc}
zCILYHZTavMJph%}ihkpppY)^Z|MUHn4IDvH%ytx@oM$chi~P_$%5Io6&@em#O&x;&
zI@F51Tc%{I$zyokTk7F^YC$M<>J6f
z6Wy@cUjy3hTfx(8R&UiWxI|`a_?z_9=sW@i%!GQ{l%s>lIH5S|Cy%NKqS_DeQOD|?
z+zG&q40ADZ-$czcrOZ2yQTKY#n3uQc<{!7zk_k;>Ll6)`RvDF()`>$Xlm6`&{6l7z
zncoOUWj!aXYSG%gYUX1k^VKMSkUR@A0{E@qKMn=fhgPxhHs3*TOw}1+s}?#S74@W^
zesp`JS3iq=>=uBuwO-@!1%8;#N-T%Xg48~0?Q*qe=Uuo8R~Zi>
zrlrr}L-_LZbAU;&%=du<*T@({-wr^*Q^5ndR>D2G%^-DHC2mwxmc!86+fnq}K>N1)
zkiV9{7y>q#o3Pr*VY%T=dD8u|PdwEmCC#_p?K(xD2p2NNG!)=&#m
zI`E8LS^rSox#%o)V!8ctpymku>3j?u{#H&ek^B9j58brl-d;f(o_mf)z3*ey!hMJQ
z08GhEoN(IIx8-0BTAi(mm&J96voE|RP%VrugsFDPaoyi@rx
znQoO!->L>(V@+#uIeJ8fgzp1}7^xqcRVx6HR5!CD7QkwTP_DLW+m?j?K7rraAbM}%oo4#lA=?U>9}cX%q1}sxz+nXI>+eo}MKa6c
zHU&-|B8AB;kAu|oX4Rn;RNV^T`==bSUp~xyM}5zwXRE1QD~5&Vsf#P&_O<2IETI5k
z#hb1fMUDvtU@u3!&8Ff52H|7?1X{`bqt-(q(JwghHgyl+-s30O4Fqxuz|>X(%&RV;
zO+pKpW{;)=1vO;`cRnAU5eo%!)4>_<*B*FMAM2z!HPj9;GY9hg2eh|RWpAmZeMk$s
z8m@^2uiC>802mN*(iN{18o--JjtsK;6a%Fdu*>iVIsj-%f$sDIP2Vec-`Fj9-rJX|
z$mMUPmz}oYp6|$M&H%e*7kA3hcAyM;bPWJ)DHn|Tv?Bl^ax!WDzMLHZP#)dY5O>`z
zG@o1D27RihW}0;JiWxua+V?BSSvZCycGHE1cA*Bm2uXZ3I
zH}jIdLpM`c-y5m*#O=lZM#B~FW%MgOJS+E>c63mgwYHyrZixT)fN!?Y=Fg`d{-i#*
zsq6yo_Y33w#obj}fw)LzV1%%#0=BanMRh+DpkEH>OQq}@?EJZC3V>)6j(IXe?WQl3
zH;9)^ff3Rsj09K&iLHpOMq?Z;{4Y(YOioW%h)Xp_1ZROgb>b+?iQkE1A#>1OrTM#L^c1?3b5zC^96YkL(XVLe3BWG5?34JRT)g$P)INtQ6}`oQR6Th+^+*l;
zd}WbCUqPr0u`xu>Il{X_xT!t_v*{ICVSQ-G?HuN0Zxtrw+ENlDupoJC^TmZSZP!9JuV!TsCJvax;rGji%
zlNQnZl`o}q0|ZTeMfbZRh24~WXNNuV;Z;m3dwqZ6DK)$7J#f%M6_*Jgjr!d4!3%!Z
zP~H8$4@Yf1p?&}SBF{Ht@BQ$FRTaD=q1jaGofhYUu2(pX(G?TD-Lw~0NXHaLS#E@dIyOeJj>B|J*eidD?
z%B~-%bPFqO`c#TpMB+SK>PjrA|H#9(%Gyjm8(k~CW7SKkli=nJ$L7o6NWRQLW
zFF6+tmz#IFeUal?hl9z5nbeN%1<=g`!ecxBV>Nm2MVrhmU3IPk+fm#I{lKPsLVrDn
z6|*|rfYt*2E9Q9^a^)T=N9x+pn**dp%dndi9Mx{@r(y%X(kEEl!{g6T=R%D55I{&B
zqIb~`X#m^mdzdB!-G3mmR-?De{a2Tnimy%=oV$3DN{7B$@7HZf7FO41M`<|c{2*H(Y2A={pC2dkd_-{Wzd!Og7UUD92z8wadZzGs5
zFey3W2>)(lcI~J5(Ze=C#dqm7V8(4v0rWb5F${_@>8qH(3;=iK(%X$)fTXq+I1h$n
z0qg|ZsEl|0ce|C;fq)Gs!as6;!Ast--l@E@h>ALNqguR2qO{1w63;8)%6UQEe@SV3L5qPOj%fa*F3$^3!)(>2fF--+N^0}KNq8vnsHq^@H^@o>B#$QKx*PDM1%Cs{q|$;sq6y&NBffSYm6`Rh^Ja)i
zl~X-weIXY}Mz!Cm_GN*6TMp9kC~nj?5lUo0zLahUQ~Gb7$}ESv;!mXZLCq=D;dI9DFGGlIPUG5ijcKG{B>yLR&h@KTa}_$$DPn_P)?9<9ZlXfejz`^C6_m4ry_K
zN<*lzf!y1<)GL8Ifn_MHX@Jjk#Q)TL-X6FKSNI$*lx{C%vyxjt0b9
zpcf6SyJvj^1VLHMRL?C%7wm7_FB(R6g%IzStI5Mjf7#cM%8vn2i{@w~zkn(lQ$VQ-$aZ|>B8ccos
z4c#BW={fM#^CV)O1TV$ZUFsd8(?i3?U!bOVn2Ex+a^5eC4#Br7GrJVT%?U>XI+3z?
zN*#x@E_9;ppOKI8lxP-yoxROqz3=N*teE7M*s~~qzB8)Bxm&Vg+@YCg
z&ihwZFKXMo=i8~4wVp;TH`9zcw?}(a9gj^-pU)^?@oSI8nrGJ=VkUYlGG+^4uq14(`p7s!RuUEDb
z>a|`4^(KMelKZfB4bP8TEjY=o7N6i&PcLhu^lA#7tk&_yCXaX23NRfxTt&^U=>g%^
zPUsZXv19H+lBPXl1FSSlo=~Ul_EmTHT
zG}XK+T1axYc34t3WnV)Bc_7tzDhhs7hLUm$2wQ|X@g^3Uj%=xJUdPwTAJ$5@`H80r
zYVcHB5ZP-L1x2;KP&y%6cA<_(1iT+HB3rlVhNmCO4Zc>NTQR&pQ+s-LXCAFUP?8kb
zetpldy*?+R#Or^zV>#Z86Q-LYaNm#afxXaaz$jk=KRx>!&NLPqbNC
zbJW}ZsaaxTch*egKM8$h=o#RCb(Zu>;aGzvX|6ZWxE#IQr$vJF#w*$DTmVOj@$47Jasj~Po%?hyMgz^D7*tdE#>
zF$%!z&0~;2Z4tGyoZ`=<#sqB*4#1~pm!lsNB#f>asb{V!H3qx(uPIm+
zC;t}(8UqTRZGYA!@5piS=@Q}2pk`3=&CtYR8_%H79g#$O@14m*VX=}6SJ;h}g5!^D
zwAzwN6lfHC5(mz3>E7(G^MKB((kfPipc0Dhj(CLC=Q}6eD{;uEb1{SE<6L{~F6byBMbyiFlD>*3YvHtYi90sKCCQh~aw57kIFqXx
zH4>Nxty@L@W#&b<(!Kr;IBYMvJiXO>(45!vUsoe;N}?vAI|q{|a6!xVVk;z&QBmQq
z+NF`2*rr&fQIU_;3(&OY4tmOmlD(U>HN+6)hE2L+EB-VcOdB*^(H8#|{6zrNpg7
zxLtwnXp)9$YK(vk$lxo!F-sjO4SCr-LZF8t-^`-qg`gq+wvpSG*gjR~-MIqLup4I<
z0pxuuS;AiE;4^ZZ7>$(>UkfZHV$g!!h2wBF=wMh|Y4n(4m*LHZzA7CM!D
zUXr&fxcMV>3iN1~rUZ%Y^rFHqq2^-6F^n`RFcwjJu(-vb%#=O~$+*SVem~WLO^Z;?
zW%y>X+4Rp?#Rkp-u`>zC-}twbX
zjuSZ=wf<8pqAvyotFW5J0F%oqbJbSOOHAMtlr*0#h{x2LW@&Yb0FzB(2)-f;?k@0tAN#1Z`ciIuFY_3_B_uB>!t*aZ7zH=OvUXh-gFVr{Wk|7U)~yY$=0
zV1+L9BCg$qKF$*a5Y9SOfO%PTz~=QehYIwu3FnP$euz_ht6Akl;B=eq;v|B6R;SiB
zfhWV%RlDoH$Abg3TA}6Us+V!?CP{A`V-yP7eB3Vx9^%1M#9$q-NYz~jUMBF#!dwoWeLKg$TZH|l1T-9BMa89`>=
zUKrOtf&8oF>tQ3CYO&z>beoM@0^W{-bwavJr1a8^5_QEw@5dExHH*D(jAtxxmA<|e
zmj?i9ZmfAA35sbysxn)=zf5muaoz9T(${tS`Q;$!?p7>n`Srx?@h<>7N%vIlo|yIt
zO{iz?b>oK@;iaz9OQ&xr_|ck7_y?+xx^mphAcM10rPGesxyr-rsUqIJcsSGxIc6=1!9THzZ$O{a0l(#
zzw1}?f#c+oy3q^9pZuUH${$y{(UWbqfNP>dvc&$w_JTc$wJnVkq)#73KvTgIt3nZ)
zs@F}IRDhuV)8;k<>!nZIwtS8R3rqWQ@q19v&04SphiZ?L%Uq4Gdrt5*AP-?=S!+TN
zNdsvXpVb!?=08=~j23By?$i`Pr%|L-4xH`F5`
zNc}XMI0Ts}4qTMNp3-XbCPre@K?D@^epL|+p7OGymWUC5QqNyHpJUz1PK(QHCw6|-
zMXxGCCreZPgOJYY5y-FGBf^0;&)oe~rL`{Q;klpkT1JsSrz>CAMHts5kTqmcdTEf{
zw8X6c1mQ
zr$C4Ym@M~z1DqwIo}VDq{P7wJth|rPbICWH?V60`5iAySfK^fYLf}@^9rDZgzo1`x
znFA;?b^uAKr*dBQ(4S<=#Vs2#W~l*`lv1MYub+2Xb+*B`n!>~EM<9jWf@-8#R20Vpo__hAR=)?;I2-gGWW7s)c~
zf&=gkH76bCi|62PPd{W@ze+L6uJ`C4h(KFnNBTBPtoLVUek!~sIG=&@Qh3+(<$bog
z)FIm+nfvJrH9=u}g_*huvl6fU<=cF6X5
zCf&fhb)Ax*Cs9l{@2{noBJ4S#+Y)uaGQa0^)c2m1-OU##-e)&!Pj#FaaM(Z@t-b07
zf{m3JhQnhhzY|(Y7T8A40Gq|HX2WXVljJdB&oi@KjGS-oL_~_heacEct3u7m8ml^F
zHds3GzA$MyI^Dcm#<%30)2iw*yJ&4UB7Eypw5poJoggo`zDL#=dPSmbcAVj-_N+-G
z)vLOFKs*Et$M=OKTZiHU9z(^`%~e(>O8D$lh0hW+W}Z}};G^5-EPKOMmw*fyH>7MY$sa=9T{vae+kKTEb1w68O*1hC{huBY@q
zBycy5S~}Du58uoGw5%q1ur$D?MA*Acxy2uTpdo|UB{qQkcC5`fz>SeZ6Zw7cV0bjU
zX)d(`ZkT62AbUcKegF<<`I6X{+uXnUs)c6%1v4=%uzv6RtnFA0fJ1uu1vxis9W4a`<$x1l^8}-i#a9XbYIGSRNrk7ING+MZ&|0e{Km!B0&#v
zZq$Bc-jR9yws7)QA97*A`&=LHLc4Fif7~#gD|vT9#3w^@wYyf-TIlefO5W}ip990j
z7vGc0+B8c0Chj-nG%N_#sj&)=v!{(VaZp=jk6zLvYZ=^d1ubqH?(60R2dc*Ddg)?Sc{7+=3VJok#UBAcr`*ELq|myMq8L_LP*d!L=KQUrz%I
zgn}*KN;oG#imo@B6kcs`~+mNW(
z;3!#S$?gxiS+H*+=P$|1-pfvizG`nZJDg!0U{AJoVWFj04Y;-vvv6oKXOYA<9Gy~-
zYb*-XqN93Bowm$zupV}x7#&B>lC1vxwS2)RwG(X&SlIy?RI1hLt~}e@1>f%QS0wFn
z_B>wmRn>fb#Yo!7?I-y_YE=8-k|gJT8`Kwc(y&svQgU>wCB&WpKJMA?
zZ%S-d#^d-@g=g+f{>R-BtcDH4GS}ar9~8d7DlyZrz|%DR-bAoZ&QoS}ID*!*YE!I=
z#|xa)tgRA$J=m2QRx-_*Ay0JW=NhJw84GUmTZ*ZS1sHQE0&3ha>>)s{0HeqCK4Gg|
zh)m=A2ie{;4$w=l*5b+ohW&36f8a_V!z%usHhJN4WI3dge}|x-oNJ#tLK3*KEGFsa1PbBQEB+a98gK31lw-L36@3TSO=
zIUqXrF~PI=aVa34bI*z&g*#aI91%PKsOC_3AXX`zDoR#WSusHwTMOkA<(|Ws@aT`!yB;(#zWSd!pz=kdT@lqS-rjBqzU+q$hlhf6csm==87HjOVN!(D+>&!e&f8M){p^Fc5EumE}daI$a
z+%V`f=$3%PBz*LLPnV_0pa?jVUdbfD)UL8BhJS#hpu#n`b^res9dsM^Xs`uK<(@H=
z8+4O@pP~~}#oFGY1pMc_^is@HGMiD!jJ4jc`I^$eZ5RwHqz}1>%QkUOa)A`KPmAC6
zUu0*cF207}nK_%~5~)1amZ|RKALoKTrz?r(+~nKwA0D3%B@}xqEur(AklW1R70Q(&
zTR_pZxCuNCnsWmN>|0P`09?eL5in|{%xX|5!fx_Uv_bMkXlB<}CLl;z1k~kG#8gKz
zmDhR-He%6}gboF7dEO(NxC^}J;em`wVYY+^_hc}LJP8k^utVj>pj--593?Fwzt^T#
zS3sfelSaa|_mUkD8C(PTw7t
z@3|$2c_r_5u*Y^-aC|p^ws^f}(oQ@-2u6~pOvQjM6f~wTbAWtzeUH2^Yhnp+_BwfA
zVmp4?<(X;(+gQT%z~WxVk%O9G>4^v%kD%uT7E}gcl@e#jO)g3LYG2N(dCF+vJ7F5B
zqxcC6SB-hfWR8PZa;SgBe|_V*X{R#6^hH9jgl#!JOuL3
zG@j;dx4jS!j>I*^VlJ6i5M2^@E0ozzYBH`&&=F?>iJEb7(H>2ynO2bariEN(d0>Onrq7MEm#8(
z#qWd2HyUyxmjbci88R8EA@lW6mdO9Mxw>|?IVjP`mI%lZWGyFOXKL>Z3sDV3Xyidh
z-SB}r5dBZsWl10q1Pwl+!M=0qGS#Rh&H`ej5O--9xeBC9K<5?6<~(IKC_^-#ox%`6
z)YoOwdCE*p{f9(Ic3ghKC^UjK4d6&vlym^{K!fwb{h%Y!EjWKbQrH~qcR{FfyvS;D
zx@x3Uv(~TAq-Y|(`38Ak2uD+8M5YeQ_F8|f;3F8-`fEL!rD57>40D+B0}NY2??|#W
zj0c38OA8z);ZI3d1!SY#)gaB~9$h94F!o)J`~bm@@eA-mr(OIP4dPG@NqUv+wph2D
z|KhBs?y10t2HIm)fH|ybN2V72@4KLO6uUJa7m=17p$X#q#z^Vy)jYQsncV@^2oVWA#
zuE*Nu)(|<@^#`mj@@B6mqrOwtcF*|>=W~8c9cJ!Hhi;{p5;-lp&?%idixXg;5s^~Y
z65g!!@{O5?!>sLMDEVCc-P~Qghl<2S`;}HILLSu0Q=S=~dY=Z3BTTA?W{QRS;jpes
z<~+=!+{!V*H=KMB6K2$=tUrvi!Y{v?(ZOGHQDSy=yW`y#4IjpKh-2q-w8{}9)p@OQ
z6uKq}T}C!>3$#1vd{-=ECRI8Inq7uj`5F|3=_n(cDB$>qsRjSsB;lQ^Ub74`*V-A-8WYD9Q;#S
zC%r%9w2L*hY%Hg7`!J0iLFAuW*zY8m(B`JzD0#jwGk=m$?D&lI
zF5g!Ri^~ofv1+AmE|IE%qb0Sa8-eOyt)}qBsHy9)hY-!X>I4_A$JC`@`7483=~qLV
zPy_GP4?2CPbb}WOQK5#dYi7xJ+7;Q)8kSA@ED&j?Z?I^_ISCT2t6<_MK{RqjaVAYO
zFZLLjkMe`fRA<*zGKW}TkH|7XEn>wVj;{gu$w$x!t7gg16eHs~t0bY}R{B=>(Y8%(
z;<2oW1t|9=a*>`(7Y!8)C$>(J9qQuVr7+?=MgS>sq(ogPRYT=s+e_ry-l!Y{n{qKC
znL`xXN)-FUJ$dWk#chRdQ@>X!d}Ect$Ga6hMwqzxA7XL4dLj6-$Z&~|+YN5R
zXbzAOZYglbvMipodR0V%J_(1z7sgjH4}i0p?Fbbw`RZ1U|CFD)t}pW~Zs4VYodA4Y
zUtvZ>Nji1z^X<3~dtWl9V|lJO!X6D6gLObCknqGC)Q}r_G3&x6Nvzzq7v`k^y`^=I
zC`$)EJ-#l~4}Wj)q$kwg4u*;qD)XX-og87FYiFWof9O#dfuD#oQ)mhsvrQ;dZG3$X
zYD3Hx9dJwcrUSWW*H?A5jYXfjFT~F!5)}&~cxIdAs{Q0byIdaSiv5h=B@iegt?h2v
z6!-8f)q8s=Ac3lYqvC||UKt&wu@z8^bYsk}VS5W3MkyC+)z}l|H`E
zeB?qkqqEG*A`J#_IZ5JLeLLd@3}5>L9p6PtcXcE>rc}hugKe;Dtv$DPtVB35iC|;(
zhL&^5PF;Q>QxuD^)*$-S<7gdLYI&g>9eP9LE=(MlCd
z%(kM6C2cLP&Wu@`Mh;fHpQW5#d+6fTJ_SM{PR_aw^=}ZLt33XbImR;ps8M^yK9-*T
z6tu|hH@o?s#LU&L!mB1NY^OWspYaN%kvt%jMK4R#uC+k}STrDNk|gw)1xj?vJ3v4e
zB^7Q7c!Qh{cA+eUPkJ}Ui0iINIj%gbUi4Ct!3ckym6PWnFT{f*;HoWPJ!isXCFq>?lk@*+3(@ZhZ7kVQ2S?|l%qYFjoZ%9>W
zWc~-zA_?LZWD4f~G{?0MBvzxD;ztVY#dgmlO=p^m--^wK4=#HDh7Sm5JP#<5_od+Z=EAId)LPFTX2CyL~uV_yrIV-Yh
zLqPKT9BQ^vIkuKy1urVj&8`uLdrwmNRQsozRivhvcAySd%OPEksU$nq%gG8JqvmWO
zrJfzhjwH+6S?0JZE`|EOd?jgzWc6<6^Q>@kc`rXxM)P@z9+@ZN#YDv+V24s`S;C*?
zEDN*jOah(k#i9sg`&e7ETQ??41##
z_@(s{*2V(bHdVV_J{@-V5Bz7WvcfBtJsR|Eb=t{-T93Z4UCkAz!cu$B6l5BZEn4Xv
z+2EEo7kAU%0J?`Lh-vlDn{1DcY&oa~b>FfQIBZO8-gnPMc0aW}GCEqwGXVv8haFl!
z2JM>dGNPSob!m@(T8VOUzD@6*n7otC>E$1$V3XUPInni0TED3r9~m#t6djcAX&${r
zZvB3-aQSLGAW1B@XC$0?Q?)fVk3n|=0*iBNL?^vAjDmK^4LoK@etosF)vo9fC|S?6
z7jGT2r1j+cbmvgt*&=wB`{;)kygdQ$pqIBLwDO%CFNNFAfL^%j8dnen#c&0dDrEyM>bUJNeg$GaDUlMz%~^(ugeSH)=oCex=V#-i4%yzUH8)W)1xwa
z!*=cSddt`z@Q%^#Q$UO92fIG?TH~o?l2!%^4p<8NmPb5$JxN}e%h(aHkQZlxv$S31
z0?6TRyw1BbDwHsC6KCWewp}v5r38E?k-d#gzl)A6?0nROnfsTQAuV
z_Z4bA$;qkkO14;Qb^CpL7=M-<896GPZvKLIB?56++63*b5vj(Ik!NejkJt4pLJi8#
z{gVs71a;8!PB)zx=?~7~BOwlDh8~#Ov7%NsfJK4k3fb`o5nwq~>p{8V(l-@lM38In
zLgRx>UMcGSU_F-Bal*m7T6$S}L&(2bC_LCfx;;~8t{_XYJ|W{34a!UN-@((c#&?J}
z-M53Rtkq#LQi>wKH!QZh<;h>bX$g8A8Gx*Ji5#6OnbHAJxf_Tv6+R??8)jRcQ1Ans
zl0=SH@5Br{HhK4vMqt=jOql%g>R9BRyIX8)!sGnj7lHhp((aPqI(S?9B##k!X8P)#
z(k(4Q|B9eb(ckC)^FDsD_d|6HIM0j5SC^PA*v{BkQEQYv>=c6AtB#(ae8!DT?9hK&;Yjc02l2OP2^JlG%
zRYCKHr`mPOF@Q(l1kq)yosLglRO|})1?yl~)Gpf70RkKwsFzyclBiqa+R^9fyNhhd
z2_?{~`2Ie*dJ!np1n&0@{Z#6}67c?EQPw(CiH1bL0KqLQX5ZgP&_}q5Nej{`=cF`#
zs?DEd9m;>~ulUoX
z%B2BJeIbKhI>^as+0X&OQ!x08_I!$7P@}5VEDNk9TS4-^km9Wg)s&xBy#jEyD+<;4
z713>j9&8wvAHZs%2N6Vio+0_oawNK%_{ZuH(%aOlh^9vdRa^ebYrwX6H+`EDKSouVr1&+gBn@As5{$gEGruSBp`C8J#%9Zr<#6uABuW?bs
zk^8)S#=e>~_+Q%*sfOV01!6hu{3mEZE$1g;Yh>PSBc6)~CS-ugR9}{eUUcAZk-eHC
zbE!E*4s%PW75BO`ULb_+*;P{<_XB?xds}
z=rp^DDo%B2F*RL6(;`<&jZkJ)
zg@-yv$`NjhZc+=|i2@_sx`6+JrPgY-8RI?6DlAJ01glVZU@SORC7*-sNO494Ek<)P
z3uM63yoywtj$D!jl+UVX|8~Vj)?`zMp76E@JmIBWDgx1%1Nf0y1JsEUW^4w1KG@Fy
zohXwMVRQznm%;*@)-S#y@uw5S0EvF>ctVXUTDlD!(K74HUQwfKKP3Xz{4#>g%YZ-1
zZV1lqr}9Z@(Hhl`B5(}ReuUP~{R@rGAP0_qTG76Xdenn5J9=3o*A58|aUBgKi?j%!
zZF{(gaEz04#)&TLhjYg{js@DOIZmD_*Hrq|jNY7e;$oB)sM9$`Lf2wz5qj0noTy17
z_57(+b7Uur#xom88wj}WX1Uy($gB-%Al85tv9Dkn9rr%Tw({ff
zIlaNDd419`#Ml(-L7$S(a%7Ln(3Q!mcqNjiMwcho=Zvz&#j?!W2-wfAeNn#mI3XW1
z$9wuL1-T55fM2}vnDB9J2xHv94$z|&6Gg(UneyiyQP=ewR!Bwy_6wV+?E$|~@zxTQ
zzinV&GdSp#g|Q7tDG17kl7T?r2ND%W^(P$X*qcuxq#mYdc;pZ4v=-M$;@ZZa$dLMV
zvIUTlaz9Q^#L4wI8HN$r5+T1rYy;{FDCSP7z8yG?SlYX$7YRRI6y3{n%5+MkPoy9x
zp-14%Vf&yIZsc4_morhax~*aidm>j?a-nVDV%`{PDL9IuW(JMJl8Oy8(`U~bS&eh+
zVsM#qfe(Yncj}q15_ga08Kn^F$Sf3nEmL^;0)O($V|t=|xc~fZ0XuXr>j?Jzo~rsd!aoH3xuozfIHoi-hX;M0eA6}`{^aVw
z9)~%uI9}M#tx&WDdlVzk<#yoJHm&zeVUZg)YGTB$1^cy9j##}{uwr5BV@2X(yMF}5
z)Zdre{hNw*2ONii@Aa4WjM#d1ri^veIPvO)5kXw$BD)c7us6DKZx{bjhY4tKr#9{H
zmhg5SIC>zbT%`Y<(C%*vbmeHK*p3xh==
zo2Sqx;Fs1Y!_R(U};TVU-w4>?b(Li~=U(;Xyc
z7h%boLGe9h1G?FVOP+fCn&w_;lp?-zZzc4G7%kb-SwU^W23DMK>1Z7NbymQ!tG
zs+lzC+!(QKba!T41=#EwKQ+lL51moP%oa~KAN5@{53k?15|Wb;SfN!!>r&-^-RI|{
zZ$LAiF%e~fpz~p;PtL$g|1DvqxX8}U$5<&>l>0Ve=&>67r?L>KDj}uYA}C+Lu?4_x
z<{am$>LNUI!7iC-GRp4GWH|>N(5qr5BcK}5X+gXh*NywJi(uxx_$ET(mll-v-4>MB
zcpSZEy;>^(@p6eIvJXelt2Gq0(&ZU3mg^{r%&jKJ6mo(5Aa5K)aAlM?K=^?nTAOna
zW9@~k@(vQGGUVsZ>J3h43mm6NnS<|WJJAMDXuU4q7qDh}`TspnvL9C8Y(JT)jD_X5oOBbEhcS69*w@SpT5g)ro(qk>I6DMQ-PSp-B|}Zw7M~4KM4*{cn24X_{m#GpZtLy0!hPI
z){3NdcNNDRtRlLWm9X!b#|F0kZKixEia=K-;qHYH@uIQU*71@={2c&-4p8FnuFwuJ
zw{ImM{Xs@c8!e&s3?N@vtxU}4V(%M!dG_}ufxZcFmI6WS&B#Z~=`#)&-ToHtsFQCG
z1V_uNH&uJAV^`o0?5!xAQ*oDV{5>t?#mW?g-nq|Y?J!VmAR4w{PuD&ajBrnbwJ91N
zfi8>ePP$_SJ|TKrQg=0{me>lu2f=bXyV+h+t^#NcrP3!BP8l&w^@KKwDZ5r=_}@-3
z@1nz)7FxhG1nSfIB)n)dp=jzz&pLLQm=%d42E#q^7Td)WR90@CdA@Z)zC6k%Zu{tZ
zS28YB0ZXqPC(^+T$OxC%#$EdpxnpJBIRlb3SV`uintABLG!dQd)FB|;!F(TkSx3yV
zY|P20r-E_xL4vM03{c?9-pjU|pz7WD+Bkr_r$!W_&5(k7yYICQ)6`S+7jVkskJ$8b
z8^I85FX@Pj`C|)4Xxh2OqD=ax(Mw#0OXNV9sVH%lNfq7NZm?k$!;U)rNx=%V?BDGK
z8w7Mwsc237UN&nTZWJ^bYjy)ZuKLx!!pM|!ySZuK^dtq&-9I>zH=LAbLiJoc_5DhE
zE@yYZUY1Ek(DzuC510TB)TW_5H{lGm7LbtH%-W2-I(LH6i-CcaBRdqqU!B-}InHh2
z{qG;<;sAVx9>8@5ZL=m?(seFFodLcO`Z%&o!zhkau)av}ZN7R(
zLteq(#zgZ)WL4r|MI7OGE}jkMwcw>gHg)RDt$aOdVo;64Yq}iY9uU-893K&wn1UzMmDAb?uQd8an{f;S%%nJP
z45E*%2g3$prs_=0?)BuMur9)%NG_E$I3e1q>DBa$t>f~sg(FslvHQ~2*t1p+UeA0R7Eyv+l5zr|sz~-sA
z?%fH6=|i?Ik;4X9pRCfmhWIhv{7XgIOQ5-4JeT_q9j$aO^km0Pq*?H
zbpIlr1d=PD4}pwfn_|SCE+5lGCi5`iv|orUL&~Rrcf++YrY1x1Uy4j5J2`_$gFH%h
zcDA0RNAp}gkdj1GV@4&cWWWjr%D6t1qa?690nQ#s13qubn&|X_Q2TC_)#FomnA~k1
zOBNN=983qMWAVj>*1D{*zttw$Ji)A3**K{>uMdfo%Zw!EsjTr}Wzw+DYPOY1mA%F(J0ETh7hWqbWgPUL`%_GtE^ht*4q7Ce$PJN
z-|zR&&YpAL&*hxwInVRF-|yG^bp~R^Sev=Ng=pl>UGNM9ubk?cO?q
z{u(6msoNrNA-cI;m7u&B-?_WuIF6;lohxK(v}s-k%?;b{(sb`Z=|^LGe+;h);#^VK
zI<4;9>@@f+sPo5IHsxFyNj`MwaR>7DD
zQX+eHnE7`H{BQ#GbzD99Ut_N8?l|Vx?u*iS_c<3@p>^|0^@r(GQ04GLv>uqyS+qEm
z@v_kwde0Mq@J`Oo
zpZbG(!LYrDc?qoVj~E`Z6HNf{1i
z+5i5(?hEbN8>p+T-bD2SkOCk(_{1&5K03C3VGTcCFmb3acWrwJG^&4wnA?X~^~b%J~Dly>cr<nokk4EQ-OPr<&Y*_uPzRL5eIAg`0
z7F1|ICw4<`#@|@M{;BuqvQ8so*G0~{7#LaACChh1KLUc8ND6?13+!~<3D@vOefXNK
z*i7{0`SC~t*q`lZ+35IA;JhXQpv*O`J!n|D5k99y&T7efuM^le;}Mu>S#uor^B3gj
z!qo7wB@kmSFng#sfel5(Si`z0f}EZOg17Ms+Po~S2nP!rYmDOUnihVpaq9fDI5xW@
zojfgeyEF>mHIeBZ^pFJBm@Z(N#)>W}Vkb-$WE;oMJ6rO>83`TROCMm&@$!K+c4dX+
zY1lKN{JUU;A*y67iSF0Q3rS#-stEZ+!e4AjIj?h9%;K%$xayXdx}OCd5v;>xN@HDI
zZk+Xfp4ou!2AEeRXIO?5OvFbiHYZPIG>_wqR9q@e5Bo!AY_HT0EMEe>k~S4OJySn4
zcub|dy!9)sIT5U|O?wllZ*To-N_zo7O}}Y`RaNZ5FYe*ASze#*Sq?}TNc@ES8~1a}
zbo>cTF|8?vOe
z{X;B~nCoAxsPAF@C5hcevX4%bFBCJs^2~VFEN6w#46$Qbo+OTU6|CS_$*Cy_Zv^Th
z9w@EbxS|-u0XPhbWY6UHFf5n10-<7NCCCqlEF9P=F}nRY&XCPTkqn#Xe!qRBF3TYc
zJ2u{hL*ym!A}wmSx*))?NsFhSv_R=Y-rFK|7|E|#J6kT@KU-JZmxhWfft-Jt;@W}a%DBghLEpru@>ELx7Lks
z2s(S^T!{6D;lK@OUyc;nLyRSgppBowIMUYRIJ9i@J$Y(sI`x54Uwx^^^O7FG6?w*4
z9i+^)2)!C;E*zrThD@FH0a@SJ!6^u@q4CE5Bys_~b;!L@o>paid~i~^w%WMS#|F!d
z<5?9uGR=J6+9{WcZNyv)`Uv#2*j$mcn!|oxH76F$nNj1qt`qw;Gt1}>24AQ9eTKtg
zPHSdRYG)@
zt2D}V+5#rA&%1wNG5njM3&U`DwZK-+H*y8>S}kuXO0&5}`atn(-0vga)g^RzNS%M)
z_fgLRSmDzgaCRv1H)7mxVf-Glg2P@ngiZl(-YoLC_G32P>1xh=lVTDw4H(hy!Z}*M
zc`G@9x5s+!1N4>2p#PcdbF3?S0TD1izSzRoZpe10eZbt0G4Cd5>=cU?lW+DPfC?AV
zUFoX^tB57OLXW_sg2jE<%E0@KIQVtK;O3Ik)QdA-AdsIxs}|rv>=rT#IGk
zTI47juOC+tj3g8XuTrh4=HoAiY37`iAG$+sg*HVVg)R7$+rN@IU{_?YVwTq~rbqhh
zXxxwXh+e64Onq}9b3HcdY~e+sG;LjbkLrX8SBJzyCl_5t#xW4#zqdgaBimvAPDjH_n&08-T0-yt7)J
zntPS?RkZ=Q--Z_tT<vulUU>{Kf#;utEQ`nK0!!1)`O6*Ev{LKL
zB>YNgaJ;cpI1Id4d<%vZ9xi@)rk`%w2U6q6mX!X*E%v3k_bwPMskY2HitVLTGu#&p
zcbX+P&mDCW2gYmB#r@vm0M;axy)HMdI-YOVZfE$b!JI=JLGhoZkOlBv2gMr|MBl~$
z5MG*9bS`9MtMyN-m}Ncw3a+m&Og#P-Q2{O6JCK{F*iyL|zT$JQ>wP^j+v_VaBY}6)
ztJckh9~AkR_=voO?Bua{@5Mwcsa>1Y^nj6HtxqW}G>6QXf9R4+>1KE=cmW3=H9)1Z
z^l6z^tUna?aWw1S>{P|p_#g_GIYF^Z!8cnZW&@B*;
z2BAOnk9bXif*nV)_pxI+Dt3qq&F$kD)`Ic6;L@#yW73%e>=*1Z%-+@2voL
z7$20G%(PJ`rK?D0JWC(V_A;_ry9Ih&oL5RR%QO?X05NVn*|NO_^mx#RC4Vr)z`(t9
zoWNE0vlKQjcGNus&zrCZ7O{i%=h&ms8r4ZiJSPq^Ljy|>uIri;R~>SeV%0vfc(CA>
zu+$owpta`w0iL=FAl3!WK&jxGaerQrn--c@)hS5aB&^n%)65vw_!@DPB{4xUP)fHJ
zjAqtKPZAqiV_s#iyJ&loXxq%QWKC1p
z#uZw?4oq7`Ks=DM1s&LOUXRUr1i2ac^S4RY9ZD(R@^5YceXU`qlndVYh`JF}<*HYn
z^pBk5z^1U$v4i)143@N?JKJlBe|!WyRCbhV4(z{s#6ck!IZ5K6$R5&le>HZd7&4w8
z!i8rA!-s6|%PsC%VP-vrE2vg6*1$IsazV+m?fhQstS?Hw%C(^Un)WsLBgIQSt>4Lv
zZ3kQe>1Q{d4H+G?1cd#yorHr=!sCByH~b)%%BfJ}d<}o^M68`pUyVKe_s!x=`QFt?
zFk}KEN4j(n??)(|SPbCvDLQklhO}K54^RtaI
zd^FIHaz8jwjyf9>&4VH*61^*RJti^j*2o^A=QzrKXYi#pdQjv$$WHgME(H0<%L)QvI`8YUq`*e@nPf(Pm!fg%(KVJGzDNwsWYsQuYTbzczGg~IMN2^hPFzm4XOCbRq)MNt
zGOBs|NHE;POGy@jF}jFSc~uPm!!Y&r`?8gMD~KOBg;z@L8`tF)N3vwuDhlF)+SlkV
zmlj$e7RAGL{CI{X9wdGiZ%jW>97lUM9t`f0io!U$Me*Q?7OiP+9HE#XhRj0rVLhsD
zz53oY&+mh|(aZ1gu1{K}Vto3it6YtjcelvR(1z~mP-MwX@WhRq%A|AM_1UMuIzLAo
zK;~9~n4c~s1EM@+?d5KWOgJdZ1};c@XY{O8}#;WU*ovW5zrA+4VdCH$Pu_<3M#65;<`bU
zOT;X%r`=ht%lI$(toS{U-eNr#Pw#$B-O>r|x)SrcHUY3Le9P`Nh#+#czN@ru$0px9
z%`^aRJgS_P5VdQi`e+RCHmh7!8?W675?-9_9tG>?IU6~Awy!bL_d?co-#gSBrr>;X
zZw&;zo&lDe(vjd6!L~H7ud(=80&R;al1C4=c&?+Fdpi2i>3eB!L1uJWhX;V>4%EwrEF10T>Wzp?>Xq{Ri`%!R8S2$-5eqo?6_b-kxM<
zbS8~+k>@pV=aAhn-PyPNm5?GZ%kwCDEDO##)j%DFP3WQTxrwyzFabs2q7*|xjuMsc
zM^Cd=u@i|dRvGofC?!iw+K-+ao)9(i&rH534fw$77VhMmUxwR}$4C2U>zM}u>xseV
ziJ9?Oy#1)7=;@O4U{iAG{EJ-6Nl-}$K*-k3oyIz_!r-qB+Y{>^NuGw+?8XAj1y
zlNrTx3On1l-(()VIR(8HH*~o^=nsecxU+5@5V}YAnpKK_0IU6ktAa*j$wu2v#E;pk
z(68FhxFFPecILh4mbCpe>n>WaVW``@Z)zOfr9t~`u)ohteL8mxhrL1;D3^W+f#~Ae
zI5f0`x9pO9@?C$Or^O(TbPm>xW+4@!BVg)%^v=z6ZKv_V<>}j5^FT@yutg_0CZ-L)
zPH&PKXR#0+fDlZ&O3l{FN|NN0sTqpGb4Q7vg-W)iSZ>`V?BNWTcNz`SF(IdxcNe5f
zfS3KZ^)a{N-~Si{AE0MI_tZouc<$MVrN1h{7TE61a^Ns0YG=HV=igU9?goA~
zPzR5`Qnndb`6G`aAkHZ$=xXsdyb$zykeDB`a&QMf2ux1D7qvtMHNzVW-T?ZC7gV8Rf_As_PaZ(v5VI9i=d5e*
z!xn(mDsaat((~!j&qTnot7gs^`uNvwZjA3NuYPW{BS^fGdmFm*S3{ZGU%)&51$B-F
zw%x#x(ZsPC-?d)U66Op8?|FPNeVwM{H$STNuNG}s2PyBNYO|ViU9}^Ns9lmkFTU0v
zJHXphJPxBZj};u4(I5K*sstsMgxSEyK{2~C>2I#}8;2>vg08Xo7;HKK%jb<7hY;!|
zz3Rq|9_Ur3V#AzT0Y9PS^|2WmKIgWA&!29@y&J6QplbHug#WS47!7SeN_%1kO9sk6
zjs4qvqXqsj)^Na73omDfg!OfL2krTEV@TT^)1kfSvLZL=U;SfJpQ<~kOn{6cj?NhH
z?7d(lVn7yrZvy<%)ObVy4xoWipk+vs5iSBJ=aIbnGNwTIhjIFK4UdAR@vNf1O8@%G
zu;5vu{$P`C)Q;hJD5m##uRz$OM(w#1n2VBn>hS*s#TwggM7HniI}yXndiDag>wMC)
zfCJfgY!B){%~KM=bQMMJPzQnO2FnNVlVp~|pk(&7s8$}Zv(ifJ4JwfE3V96X&?wuE
z?EGobxgy|%G(0ZKMmp!E2os(SiiD4~LRapSpv~+@+Ifc9fIa6q6Jp>oRc_|!(Ue3D
z!L4Er)0SseFnbI|X$xFy84jG8Reo(Ap$B~aEluC=^BUiILD?V_HA07NOXQAB#O0Pf
z{ljd6^&hE#JhRgG0^YEITZFD>_wcqi;*q8cakM>a
z4CD(jz$>U!2iWl5CJpgS){0IUbrox$V=wh5v>O<-!Y2O`f&6NYFVK$R%s99R$hi^+
zgFYf=9Lel|0k{RZ^z1&tvBTbgE6vp0yj3i0-Ph2(X_(VKv~|aRXmD!+#4#0!$W+e&
zTE%;)X?7Ch81(z;_J@Ro<|crX>a9gMKKj{OVt8p9`0Z8F^2<1Na(`*m9fXJbgv
zXg#|9BFU1lRGcqO-ce2&PWfkvrY+9ZGG-QsSb%c+gCC15+D8BcMxDa=Olb_xJm*{F
z1%sfPm+h{*H(;S9^i@dS72r~eyhXFb>%Lud?~MJ^>$xcQfzVzu^hzg
z@k^cZE>)F-nIljv&7T?#0AwKUw_24ze`$q1RO4Mst~!y&aoQ$bbBaNMeY>s{F1mmQ
z{j>)LFzUH<8{{oWc5R{EfhHFZn6;N!8zZ%baJLzkKTlLqOhF(tiu3Q0S;jCf;(
z2^3mzP%0KnJi}&@a@Eg3aGtvGMYZT!aRVL)hPl$arsz!zFK=Mrje<`16C4Qt8nWZ{
zHK$|ZOK+x=U;Ba}y%5elg>Cb-lIH`_z~eV4x1qne*>%3z9iY*s4M%f;*bvxVPqc^9
z6h+NjV5hwhTeQ2P99dP&nWv6zlxxMihhn2M6rfU2MzZN}mzk)Lih%4-Ii`Peh#V_F
zfaT4I-6ajC2PbpLP=fFKo05)TwVobU8?upbHk_RIy^dBEf|-sn?9)B5HQ7&}?YBSs
zd*lb@>1(udzCYVhanPjITjCaqFQtj*gq^~rly1Rs1BVQG08tipl{BoKHF_|ulsX(J
zt$W15amX-qxL9k6nERM4y+i{F&(wRLbTO2~xthoHK6~uBH=RzI6Mb_YB9UEZ)qmz|
zAMiz~zT2Lv)m|-rr4F)_nIr)pV6)Juvh;j6eU1nOKgN#GotKS)z8S-tr@AWayP80b
z$5LP{)cvroNzVgP!q6>|eU7qYu*ZV3ELpt!l-Ug0v`R)g(uDw2M%?XXytHjqO
zg9E3RkvpjhX>+RY!_Ki!PWOn63%feOwG$14r(6sfjxMVW;VzYykpfw|>;>{LK@rqE
zm12#9U)N3kx;9yZ{q|~W(F3}zLMvKh+*JZ!=?Z>zSHW#gWyyLNFYE?KGrzr=jx5eU
zIs-vRmKE&{9NZxD1hHy4Qd$7VT=f!pvzSyE?`m!s-r%s3hAyp#-YbwBp>9I=o+V4de9|m9$K_9f&6}gde;ZI=8Zxg$2&Fe3q22P?pvL{CGa4S_zA$N
z9q4dD-|jo`2LhPDu^+b;p7&#=c}2>
zz7ZW-G5a(HbuH%OMnklvk9?^Q!@DPFr8Qiw_Y`$&3EHCeQ25L@c;PR-UoWS#HI@4>
zrfOAE%17`THySp|JWPtyvaSu@dcpQ5DTtdg1&tUuB$UDY9)-~y
zE_T6OBdHh9d=*`uj#izyL$s1MMc!iku}1fEU@>6|8O^lDS9qfkidnZlko$MWzD^S~
z;aXv9BV2e}fxJ!g6Udg)kNfro$C2J=4(;^-D6#$QpXLd?Vvq`eGt>$qp8h&>=-zKy?$Jl`an|EF
z>X=v3)2!8v4+!cN#pRL07I_TxJnM!p?+>n$PSX^((~YGuL&0~}>bT9IIo%>|b2hL|
zMaXJ1MT64!>O;cVv=Puj-%9v2yK1s*EMbK!L6L7LDAV`5>dCn&RK9y`h%q~9ho+c%
zTk%o!420|vSw{~G-Q#FG-t`p@+XD=!u_HV3L|frUQR?UkA~)RkhGJ`e06YV5b5z1?
zvC|%!dY%`Y)w2Niy{uRw+KL9NOjkf;^7~8)0-}MFAon;V%J*Ag53`&t+R6?br*i{`
zOscuUB^Z2PR&zVVu|hQ6vKD
zreoqj$Mzk~O29w1`D2-%4ZO2s;D7vrB;9U6TJ|5$Wpz9q-_YvL=58jC3X{trF*iYCwKhoXs)OP_=Mlz$B(`qA^$38uhID7_F6kqvDrr2?L^SJ@mz
zIUr~&(QVdo=v(CQ|0u=GNm+_{H(Zn^{>Gktl#Z?7MqjyQW}EtC*&T)3ctQ3nH{!mD
zG|bFI1h+i^I$#o=u88>mv}ES6B=9dhD4O5H%r5hY9GqANKi0K9^{NUmJudH?iZ7s<
zr;CYSfLsi8j-@Hp!?!k(rH!lpNCA3G$hT9R8ey4Mh+?!3BcO@<_7bO?$j~UI1fT>2
zEN0!{yon4gS@66a-WmYFFn|#3{X_#`ySwK##50YkNxCtB4z2G+l&R0obv__Dwzoey
z$T1O#xo@1#$}B64?CWtdaopYWxuj?UH@Y_RHHCjp(xn5&#-`2x_0GLv_`LrJ
zHchu@1u%HvorD4JqYCBCM1TJGh5`<^&KYr{AK(p*NQ9pJC)iHw_;Sy?pK9t-UGGHd
z`NH4-4f(WE?zaDkJV6Hrk2D5@H}F6HKNmA9ts~eg>NCldW3gfmc#08;0AB{i$K92>
z(f^OCR73UCxpWvsXDYxKwGg;D(1KX0!@ZTH1UX%%4=ob_=ES#t046JdE|7E?p0kaG
zZx3=xoCQ!`x&IE?gSo9~y1E0cp#gPWs(#0CHZm?ZR
zxI`L*dz?;tNP0^HkQ5fRr}jQ3ALnap3L9CGi}(}C8LDdQZ9Y@HDJMI>yhc2t?Jf)V
zdTwO}@PrQmZ$X2<&d+mev0t?xz>0d;mm7+2OI&tSKmY>Q9FiSLl0Q_iO+kcSyp!??
zN%9^Yur)9x(tQXr&X)=l684YfjqmYa4a_Bf-ELtKa&vJciG@s?QN1pCSI#Hp2
zwf3qh$|GcruHkZ{E(cg}NY6$fkQ*DC2Ux4}qr{z_|Hi;M7SebiOc9NxoCcR%_&{AE
zj=Qs({gbSZvmXKjhqa>law85P_A0vU0oQYj&n6M=Zt+;DIcKas_40W8;<0K<=-(Bb
z!pSy_wzYclURulBv3h>SLU`#G4!y1*dFcT_eK*H*3kM#p?*K=i2IFk><7E&rKJX~a
za~f>VD)({W#9IfENu5U{cq|6Qs6jjQykrzHAgY8)X4&xtXo|S^@i&a
zVss}Kdx!&V%&JL7HVQq(Z;zG$z#_J?R9kdeqBgnye{erIYZ}7G^F{iVptlVm{P^bt
zU;b8roWEZ*#=dA?41P1qkInMz(uTjLI33rsC+7*pva3j8DytdrQJkcr1C2`BK6ImC
zG&XMmC-flt)*K$AJCj0eFYHc-j{6i;Yunp^OPhrhjh2R45}B?@>NanzDaT|A8zL{-q@J^#*9ep8MDdr5glf<3ZYzhWL8MArBT=GRGo
zh7}Y0Grpp;l@jeoq$^7$;RaXmxTuN<1wM&tEtf;K
z__TI9kAHGjJM|Q`V~!GUCGEVV)e1)I-(Bh=9sxJgEh=u;A!1C!_?_VZ4dKpCS7ahZ#{x`Vw#>m@TF_!*K?E+vC&(HScOGPr;=VfDu*^qCr%gZ1shuI0SS%$
zi7eLDc32~x*&l_wN(M6iBt68G0iZ0JIr8?>;7S*Lze$q)8QJjI`kN}sp_Ul0NcRMF
z>93m(T234j$$5-IvEa&dg?8y?%38qcoWeCeip9EX3Ec^*|47?UZQg?%Gvz2fh=ih-wz)z8=AC!)us?H2K
zn1PMCAjbbK{!Mj=imWM2gPjP+W~WRVf!$yVDpWNL#C1Sa;wntH5GXZ|vBI&!bf&pp
z-gXMVQV$_l3>(GvKR_r3L|C6lL}ODGBxIvujflW>XZr1#Hp+`_>);-2n-IuQ)guQt
z6b2YUgytRsu0l)h^@E@mILdqQBOH&muUFrLz9}2NwD5GnWzRgfQg+JSw?yu=$LF}U
z$LYVmb~X%5z3XHa(`z?W-I9XEl>&gZ6?*N9Uj1`Tl~xc{(5JoQ%tbyz$a*AL3N*xK
zH`t$f+=DHT@_x`B=3$VbHiJhzzB_oqFT*{$FgXYe9wj8c{z7F^$k|)9EH76}AbI|>
z`>ekjTl{K5nqMA%eCu@$W$oy{dfloF@57gjzqWMN&tpNyTa8DHj-@Vjd$9KBlh=(i
zQyy}(r$dBcpMQ30?{TSguGA<%l4pr*mXL9pz?3j<({S-=TiH4cQf7^ZpYCVY{AkZn)b6^CF-xI
zK9N4TZHG1G6EIu<`-S}5p@-j#{z)B$^S`atKXZk`myC^(_8%+}Yp;CO
z4(e600TTZ28Mx0iEP;)cuN^$6S?JmsyJjNov{J4v(mAlmFyX-BFGIhlJ~0y1I_;-f
z({QgXnhH^1Nrm>)4>CRznUidUYr%IQ*Pt2lHzV75a>scQw(mYvty~|XT&z6h)=gV{V1?(2>7BJtCBxm8WDcozjP(D+ySUwfkgwG{PzW`Wn&RG(
z49+PGuZ~XFUspJ~-JnZ4F-MSh^|NHY>l5{iOt~Otx?U2yMHW2Ds4QPAdCF)ql22^_O$X4TYVR
zeCP5QJ01iaF3?%s-h*EeBbv~=kJiEEZZ>|F;HDhYmA}Dx#*Fr_>`_u}<}AE}g<;Dj*;S9(2Ih&c6PuxXfyT+%Om20xEjZ`jQ2>6Mvsgzi
zPepFagNivxh8HJO_;T|Ce!Ly6jhYL=_q!v#HG
zS0VhRXJKvMedtw=lG{E!Zh%L$;O?AC#-usW0~gKrNJS{$QRtizllidsD#E;{^Emj8
z(8Wv#e17p-=Rgiw>**qyvEecO;C8qKzh#G8u<)H~Dg|B&%~ekpoS7>PXds@u1adkz
zNZ`xciB4HAG`Ws5J3WWPo2cf0vTmUcE$q1fpUV7c-BSMjZm2b5n0$mVn`5WHKV&$D
z6m@Ay>UhcW+djl~`ytGiXpMZqP<$u#7-RLf?bHRcur}-d!d3cPb_j7qS!NOmIp9@M
z&=E$tN^~Gdq=I^4EYV@fhIsH|m%$E(AykdD7j_wmLvmhPF_j>^<#K%|U!|%YE3r7!e2Mx^
z_p*BL1ga%;+h81AR$t%`pRW(FcL|EYD3Lq$Tv9b>^MIP=@h8M}|9l^HaH)`94!kV-
zq8b!F;&8WO8s@iYpQwg0>e#ymh7g|h5bd;2hCDZFzNms=@cCAk%0h17J^uHN`f9IB
zPMdK+H#U1d#ouDO&8*5Zjwe#*D4nxq3El5<@onlm7v7k3PheFPABc
z)2j=pUy^mC&TgKb)gV^tLKVH8TQQHO2kesR0#>nr&r1*UO5ue}prr&E2bm9hUyvrE
z)ym^^0X4CA4EOg`yosp~ZHMpJVWMXeqfQ{8N+<$`KTS!kuA{1OElt4KNLGF#JtYR!
z*K^8a+S-Q*keJ=h@Aa!HVst>9nwZ5rvi_?2s6s{gs;lkXpK}gs4k%V8K9PlQNW>V(
z1lZvBrCP6RjNHl9tU8X(d5HheO;t1Oq}YQ3O@yE?@h)Nwxnzze*$6K{!x^@Sh46e3
zZv}3ye$zbco9JUtQ-fvWX!q+OygWRozi{D4iKpWq`YF;?>4VH+>qWdr5+FhjDlWbe!|_6mKQ
z&1d?T@xqMzhJIyK(|&e0RGID2!nlNFfY1QSI3cgpaEimDnnR=7L(lf#0IS>jeVqMo
zbw!}8p9nL`LLGfYcgyCfuu`@c)D>FhzF`wvqt9LEu#;gy96eh#xt@CGzTuC1a|9>P
zO3VeW`#Oe6%oW`Z6>FKZ-7AuVv!+tqYCLmt%
z*v*NX{=Ro#e?Db~q-f?*&PQ!JvSg*o_IBMw0QKYqejjqO2B)XK-BOIM{z4wFjBQ#9
zk1>vn_1G+pjV=EA`V09GYaZwG>O7KAi(b0apKG|RQ&u(AIdVfcB&ugVQ%21^UUDfN
z?ma2cPEtn9e8u^p^|<|5J@Yn_E|zPB)yX&*!R;HhD%R}b1slhWtx!+eWRnB&$TmdA|J=-yg<
z?=+y4M5GW)RxKTgSK})jwhX9?hM#ebd{v?n930s~5)Q00*G$3@i|;a9XX1`sr_`k-
z86+nDh`dE=*}!_SLSryfS4Jwx+9W>tD%2~h+>ppRN3V=>s)2{VsL{kk^l57zu|92_
zMmd|`e`nAu8pJ@A7If@VJ(Oo|iz)u{iGL`XvZz)Q{8uZCsC{Vbw-8cQbG
z!OF@%N51=znGn%5)zyw*T{BRnJlZt)xAv?2hSJ6ugmVYq4sQ5Pi@G-G{Lec?c)if*
zK;7Eji0OFXZ=vx|c?z|%ZsU&VBHu+WpC*SyzxrhShbPZik4nvy!rG^>fS%I30H^-R
zF&r8^ECxHXo~yd|Y1`X>!x?re`=x#iWq0jt1|8bxbv?>iImi83FLg5D>Sr_>f&A?P;<*$J=NW{wOy7E=qsvUrk|Tx7gGPQgnMf}+MwZqg$|0p7Dm_auSi2~=j+zr;TJGP@=pB$&R
z<6yXK*1g~QO~4{HH%%4n-hf^M=QHK|y!u1;?DdHN8H~X>euAFOl3iQ3ioi>HnA(|L
zS&(}izh9%;p1TOzW4JSn_mAPpf)fWLnixG!-Tvq+fhDweN6*^0Z%$qUzyWTO><(rGE7k{G_!eCib
zO;<+cKFZ{UdsPq}4mnR?wLYwADju7pyMC;nu>xD@@~d#8199|DRfd4X?R^2SWGiVo
zF9Be-GwoPKb^SOZ5?mUtpyiIGE)QZ=zW%E6-m(55?kqSyNyC!{FS)GzrI#QZ(lEH8
z^IX#{C_jBS+^51ESj67~V!i;HSzHy_=cE}(=zYboZV25-kc=PK2j-ETHWp$Fu63U>
z$GRiGIWgop=irkMbfcTL(^;&8UU!3_u>+?+^xuwX`k1+QE~gsE(D@86U1)j(X=5mM
zPMg?N3;jL4{TPsu3h&tAzlT5RUY<4>b7%0APet^qra%U5hwF^G(80)VQuTZ2?x0d%
zzpOj$)Dvb$q<(8V;X?maNU$)KS)pSeXjkGUZ?8e}_(z?%^
zV*i1vA{Dv$WB7~wH0{-iU_LngNCzLOX^#aD`=o17_SeCA4_UN3@g-R-A#Zbxek0{M
ztF8Wp{^`in&(CzY#};9*hs&=pF-^Gki+rhzCy%(P@cNZH#T+tiByc1G##l4iH4|`2fq}rV|^U;{n>YvW8OXa
z*i6CS7y56g4tvxvj?c%xj8f;iQqdz;%9k0Ho}Z@>Hxb6Ic=*md!Ql)2-_|2Eww0!D
zhw`V#A-)g(HuggQcKX90{8ZDz95%b@UEnHDhS^czhLn7MtR&vb4kuWQ4e!xI){E_E3^>^h#x&XF9<$5a$eK2b-K0q!27+S{Fll7|1!yFk24Qro3
z84)s!x5!(~?vDiYC>1{jZg-nq76@ufUFCUQvWDyV=Xqp#M
z6V*S1Bl_c)XN#gce|bt``&ek7o$7SJSYGBi%ry~O0_3U>-utzHZY|6JjZ)o+2F=MP
zCBX|4^`kjN*&iD2-6^=?kM9g&KrGu%TDf6@oC-2w19-$Oq>v2w7`y6&S`C`
ztQMwXA*Dm|O*(p=c
zOZcDDd=>h`O;hRYR9#&36JssdxCZEMMZdD95GTAUNKVN#UZSr8jf+lk7c0T(qL+24h{xw@J~$~@D5#=QX6FhN*IU(D0JsuptWa!sVGzV8H0
z`ZDv(aLwZRv0_ztjvuOwQ2ur5yQPq^(4~2+W0L4%ZhkJ%%HESJXcy~Tbxg47k&1Jx
z58MBsFA3L7d3jA2zDHBqSpf8c*6k8e#bNub*I)|`l`vi;f^z84elK0bvr75pI@fn_
z4C5~L3Z8*Gr28ri>XUc%_410Ms>AlvbYXit?~-nhfo9K-y;@FC9Yf*%%aWg+;Fgg_
z-z(HYn^>oGYLE|aY$)WbYk7yhm*|t0;eW6;?or*VmsTu6Zd=lwMXX%ajZ7)br3IJO<^M=+8Ha&42(qq^$5
z$oYCd(JE=SEX$Y`rGggXe9o@#O|_%~o^FwHiDDFo@PHW=YWO7EDW7k&QBGxc(r)q3
zQGu!>EsrXvo|Tq+mQJ4UMCDMF>zL>CkJ_LD?Ti5^SwDgH*V3DL6?ADGZe;$5yqNxX
zHgt<@lq>z3_WQst&>>DAN0Q^maYdE-BzJxEtsFm}W9hmA)h?P$7W6Ak{wf%Kq<=*K
zyP3|dSjzei6_UWx@-7G+0B3)b@7QS|o-S79NFtT1N<4XLvavFtJ{{At;!;&gYoda8
zo99I==1@ALbzLBbD}2v~1S#Tl&-Krtc;Ouys=Tj5^+{ZADJg?WGSW38-*8POGsw4T
ztm3=6bk$*^1S0;S$c}X&LQt@j;85^=(aOu<0=s0eO5atqZ47Zt&=1S22b);UO|DY~
z3{xuVCBu{n`eJHLDh%%B+RV(iD>R6a1V-66w@U7=6@p}G!Q6em;fIwe!(S00(E1FF
zTQ+&_RV?a+S65N#WO9T4faOoYyeY_|r_3}Ug2y%;Ar2~nooaAz&u|UZ9FB?yb&>vV
z?T3z>R{j7Yl#trJQ;fW{`MAykJT5+$T#A?T-biV!u|j*+8FLNsr;^oqMBbsdJw!MJ
zBx`NuL=4$tdpprIHp?p_M;W675p@s47
zQFE2&3CQUM-P&Lu=@xnW{J*z*+?;N@GCX5<{!3}zbyV~6!1S1FnMBI@Co)T5|6GKY
zollA~Fq8i@Mdl}7W
ziteDTBkjxyFI}}lI$?HZ|BuLt~)l*7ob8p8@*&-pvl
zNTX-WRGG&{2j1&Vs>D-h^*UQ6S2&*c2BawMci&uPN_R<;Cw!t93>Vkf)>=
z8k?h1`wwn(P)d%pA-dgzU#8yzV#TsK|Ob>!+mC`5-x$Ip)8ifF|uot5qcGq1A3y(4{I
z6@lJWRg1YQ4r6{5@0Vfa9^P>JNTEM}RpAe$hz+eg|QL9}pX!lB3wc
z+Z>{B7Yhd=5+{eK^AqZx58)pT=dNMp)x2GJM`~)#XagQdO(Xg>wUM{%&p|3@r9*#4
z?-*M6Yys|}ws#eJxJcZ;R1|V@beH7PeO?t?850oIu0DNA&Kpi3sugxoV_6j-cA
zRd*YeUU^LgrjpH*l_LYcQs1!`yZkCY0p_kt5_bVLt9JqEOrq{dU>DWM%I$5S{yZrjPQj-a`zL_dDXBr=bKjjN>j(AxoI;C+Bk>?Krc)g=Sn
z=0KUwX&a{(erLgLHyfytWl(Sy{vf@Yd~*!7cW(RPOK7N;Uo^LaRW@Hjn+M916=m*T
z<@08;Cj3&p`@5_99CSt>>7UH8@`BaaIjOaJ*D4?NE~Pg8F{HpoBJ@>gSG3aJlu{Rw
z=1V$5YvnZDSs@)>zMA;!7AVrn^U_fy>^9`v_YS29fIv~ST1acq4Cao1xH
z+V=>wiB$etFI?`{1EtTVv*ws~!S2hmE4^C?r|aZ);^XV?Mc+Hy_aHI1^Le#u-*=qZ
zB73P};U4O3S@JuMn@HGY@Y_R@8jjcP;tvfs_RbTj3*O^by1VB5!=5jap2Ak-b0e_v
z`N$VFDFR!ckCdyAIld!CW;$iQUsX&dqKqRkx|N7pqrSYO&rtZDGfc$oH2CkK-jk_J
zNCdyo{+0DN6OsYcB>$-XYL{)e4SK8;!Ab5CLZ
zrXT(uUbQ-Oe4pWC2z_L2Xt!aE>qXN&NC->X+cE(aV^wfGXxL>=C_*{tr7WpZgE?a}Tdv&5vMD
zF!g!7sm~AYfiKGnKwo%vwMDQEo}kC*s?qXlbyNiVu8h=WNLlhhKoUt$f+0o!qKeCS7~k4<`lswWml-ew#lwTCp=;PMv6ZF#(B
zf>c4Iv+KY#CL{eawC^EigAvZAn%rN)cbq9AMmIPKbHQEE32(!}e7M6Kos-YdyCCOe
zu_v*K`J_tqseImNwR6~MjJt&FkkDW~bgF0Q>1@6V
zc87k)8myV~bOpc>XkJW-vHLJp1gY4)-Hh(NufUBo8NQ@2)M!9nr_Vv5b#S#IQC=a-
z+p5>*02hx2AaHcY?n&G;X<`3|r7sUiDr^6Lr>5~Or>v~3F=bkGNm-L
zvY@8S)Ql-LQI^~8mN8{!SxIGTYD#5hDRRp-HKlUFB|$;O9T3?s_x_IW@B0t;Ud}ns
zIhV^l=UG0V=eXR3wj%8j@w|z6-7BKpLiG|{FqpvQ4;w;*4Glf!j+f~yC2A+?hCf-9
zRey9SFDi5X6q1*O+LfjbIp*O@335XO=&;WI}sCZp`k0#
z7Gsn7wr7mtDE+LPDUWWV3Zw6=mQER(%Nf%gnljWzn?hu;2AQM7nu_#y-Z;=l_3Kk^
zsulX8|5cGl^8E;_W=QxH)e0`Bm7iwb^lp~WpGUtdv=})oWUfKJMr-j;h`1wUqVS?B
zIIc;(4!ozgBV$Eg&#Th+#u%pQgQixdBj&ySKn}d(sUcpfzCXK1{gJo(3{ms}gkg-k
z`8&3%KL8CKIjirS+N<8=Y}Xgo%~?8!a{(BA>0RVyb2zJryg#4P56ls}-A)xYx@}=^
zRfH9O9Je98lHh*;w1U}E^$vFmUe`|p_tGP&6k?ar
zk3t{hGIP5=gY-Pj>YU4XH54mRULE#R8FO&+v5`Q5)}js1-Nai)dH+8*6Q`r4Bx^#N7F<
zV)Dj&C~Jg~IV>sNZ(3WmlAGe314Yk+>caaKbw{%iB+)47RmJR$F`FFY;KKb9k=$o*
zj3&gy)4Q80+thcNf-PF+MYg|_8QYa6RPWz8#$3=`>2PkZ8+>xH&}O#{w?=J1$3g6N
zuO3P4DUaqem!MtWq*U4gvs#l6EaAQS8;Lnkn&PC3{%UosLj1xgM_+)+-FF+(wX+h(
z$JW|Ot&~fgv#~GBakb&CSl1?1>cb5Zg&Dl++{wJ6-R3NL3UGd1AByD);+QK0@W3l>
zbDUHj>WzJvf6nC*ejgQi<2guTfmr)jC~XnDetE;gOeP43s`sjFor47MydUA4XvRNO
z78`?zS@SeQmpzBEuv_}{hfPqlfmpoT9EcoM$v0+bxx&!DiCItejt{-nPbqB`QH@HG
z^J|PF_doj#Bao3!&z|zXCF0KQ#HJn6bTH;{?9BLb4fk6@rNdcoY(NrNwtP&6e~O+1
z7wXXU&flOilK45=s4kp1tpB!)`3+Q0BNv}ZG75K{RAoH;93$0vOx!*H0FnUi;xY6(
zj@epw1_uUbjF$62_rhLj2&gg694vg;PvXtQP9z!05Q^KlRsv<{-+87Av%zjK?P%tQa?kQQS_|`*T=rmwVV@}8ul=Rr(NPKSLP1~H
zGf@Jr@URJc51noA3zI5k8$&Rh&>8qn!%}0p?+?p8OQ0Z^N6ynpb@b@#yKF{j?F|oa
z1;%mVwsz?Ht}>Ib{*f~)T|c)fsj6Ha=GhU|xY;>Q!UqjaQAN(QmZ--4`eP3x#BYlv
zB^!tM19Tsi`!Hs?YL2{v@CMYXK9^};fPcB~haj!vr8;x{xmi%Teso&p5JS=mu4T&B
z(~q4;3>RP5yU<*2uO^-=Xn3gAILS7KiO2J#1wdp_k#OQLaK=N`JJFHcag7ADT#{D_
zw}B(e&Fl=m4(|(X5-QQT2_k3OL`Nq>DpKcpr&g%$gP0m-;YSw>1
z=jH?Tm-C)zS^6tjwIcs9AE%d&R78H2KZ^`APwz0KDXY7KoGKV)wxNGxPV`@pFuFbR
zALN2KOFKgel;rPjZerho~C7)JdcE`4}x{Yy1aqhzHHmCdCSipNbU_%RY$HOwTV1Pf+UTt
zGHpVDYP<09u%GcJo%^_!4BiRW#bEyIC@4kf{xXbLCM;E
z{4Z+~{Rmhqcm(_<>LTO+{;%1c|UOLfrOut!DC=>
z?7rrb4V0P%%h`=@zeCpB3mi|g-U6e$2
zf|iNLVp&0M&r`*VXyAdx{c(x_`^)Cy$NTF-lIKYswJXqJRn1%m2tiO4
zw@GsIh=_5BQ{u_&v^Rv=!-tAu3>`ck;;y#PmhNH0c8m@1?Ji8GHWMVrNfLbVRlS75
zB5^nmW=IqcszHXv%tSwh>)9P>n|fr^upxM~(7ZfJs}Gc_8BTD^b@_U`mfYbvGyuw)
zBEc8_B(!PsWYTzJtKa=i<8>Jp!?U?<9%g_+l}|Tch6R3_I=Kj#;bq(koi>MkY*bZR
z`h|w349-G#!kn}zJW~nX-8fXo4#ceTVO3;W%n(;*
zJem)s4B1`)b~yEmMsl7t;k}qd`4B627j0MU6m7G4D%|dVaThgqv`l?!-fi5?bGJql
z1(tT(NU>}FBHd`%LZTjsX4V*E?wEIQ7C$D>PcPN1_J+FEQ2?$QNq@P^e7(rMaS_Q1
z-E!M#$>o61YK_-S?vdxrUv(Uyj)SDypb7?jn!;QM!E`1yt?BEHrgBZ3N%mQb>was+}4h(
z;6i`HHsc4!r}VFhIDqRwF2jZb{X-=|KTg`Cb01-(ASjHUFuV>}GBphzW*gR{ti2Y{
z_|jnmTWfofA;3Yuun~5HFdcTX8*}oqCb3`vtN;PKo^4GwB-+FU=Wmx`8~P1>uSw+&
zc1|_xEd%2vuc#8qhk<{|^n3IKvk@I7gZShQeW^)fHk%clLgPXGHgN8Sj(ug5AYVjf
z9cxX}B<(`fLg}onqbki?C9OjAPkF4Bn5TcnvG_$12>+#THMe6Q
zhZL=#Lx;>3_(&5s+w|JcwFc*&HFAf-p?I2CnH&sd$~yEEyiae2?oqIpg5;M_IeM4$
zxLi%v`)IT5G}Ym)Fve7EhAt4D0dTa(@^O-pok$lfBS`)lPl4{S*)eY98o7Un(8d$R
zt{X8fdcdSqKVwS`i*00h^8*)(YnL#x+ZX%Hr7~L0xge&nUXMjvcmqIZtK37GGUK^e
z68<@*L=Rwqqkdzk=pXE746+2Ni&Z~X{~*cMsY+&)V8?z)APgRb>QCqt^uJ86Pmf__
zyM1P*<{;T%qOKG_HZhQ=t~w578LGY9#0+d)1T7?vU8-77oPa!3<3W~diRzV{d;Tvu
z_w?yOo#jfBFzd)?wJS!&NU~QLc1K|?)7j3*#n~blZWWOsd@KqIf|1XOMzik^iLkmf-Xz~(4L>lM
z(522{*w08l{8=v3WtOvh+oU6yw^^xA8rVlV5*umqP@fzHfos#Jaw-DOLD=a8d$_7e
z$B_w3RW^o4{V0??DtR1v$WVcpe#Emfm`u2N>Rs~7WwK`2d#L&>Ml3=L6xOc8Xx#|f
z0*zr3EcrK%KFt*PZk_~9K`imyksqWP*j0rL?Z7d)yFkFfqL)f1#sK_~cU_YlR}iDQ
zYH^tR+RwN>d|vS)7Yo*cXwB3?#gT=7l*0b(Ls5jtee&$(bTP%EjmjPS)2=o>Pyg}i
zDk~fbptm1%y!Nx`r3H9XfxDuyq{6|+o&%K8A$!MM;6i%`AkEWGGs=LWYB}z623`+&O&OojTJG?uYfzR
zeLo`DRtq)}r~q!XZ_5jbef!}HR=0)TWKC|zqA@rK!`m&!ox-W6=1YvZ;_TEcjXOhU-2`fz!XF=XE%wPe)7~;bBuq4JG&>S83
zhX!KQF}BYz`{Mh^Kr{7`DPSHgE7ufIMj{7?kciZiE^oQ{(vX`ehlGJHtw~SbLp_RY@b2Y7y{LPUGKJonolW1mHru$$g62lHb`V@OxwQh5~7Q
zq7G%S?hgD(iSpv-{hy#o(4TxvVwhodLq`_l&~Q4|Lr*p2WR;szR-$O-NR06=b*E+}
zZ&&nxT|n;3&K27<=Am^tinVmj8|edOLft*FedfZ0q>^PkTI%7Avst@^x(kP!$wHo!
zU6o~LrDR>&OHLXG02y)(QpE!DywOPj_(mS6p$p$@Xm>dSf2NIY<5#|Kb{|Xuo=+Z5
zHBa_VLPS$Rf&F&FZ+L{kN(8Tq#2Txm$C-cjv@p$};>4IjGkK`an-ue%bWMkuOf-D1
zaiG_aZ=a-4+e)%#vSyb4W}9XVcruRar3oaMxxgc7n+Waq(l~I90WK9X;!Nztqd|^n
zBIH;5vx;1sjq2%QKo794Ot}YoFc!XDsL8rSr*3Y>;S_nRvW(U-v~`p+QtJT#lCLYG
z!vm9t;c8v*xQ$$L&z-xJv5&_e-m;NDg{&x9dBU~&13En>a@7=BZAWe3B0jt%qd;M9T^@sR7
zr)VP6BmpkN5^SohZrY%NiP0Mm;ufnbg*i`*e>RI;5A0*b;-8Z?qzy|5q)*|8cyA9O
zJ7pIIivTKE=)YK8^?rm@Z32+<&YmXYJulXK-j%^^uH)(bzx88J8o%<=bDvoFttcfP
zHm^L)ty;<}Qa7$U*dK-ZZ_#EfF?E}ZCTRnvYx1rP`b=)eq|=(RBASY(4RWV3&0g2n
zy{ryo?%SfN5k<18TQn=fmT2KC!wDvv4#$1mjd6
z?y7Zj1E>_O`H*7{G2omv@5p{_Wp#SyHn3Y8v{76*_QzoXmUE`pf8%UPzC^@(p&c|>
zYaG1=q&O~hzt*&-Rurxz>*50s9$*PZKk-Tb#lfM
z%iMi|;4Z_NxvwQ1Rzuk9qQ+IV;wtjJ($z0lF#P|E54#2cbXBvY{@q2NZ0+uzi}Cu$
z4814XQvM^EhAm99%5(^mT$
z+)^@)z4Bw=Ka)32TKfF}jF=wIK$kK1r4FVjECAC4x-}D*1nQVdAI{J?dNOx{g6fl=
z7TA+`eO6Eol`Tje_{!$Y#+G|(LXvpU9v^eOXr|*nz<0L1>63{21kG`h{1cA+b4?Awpef}
zDbKpD!}|}D_gX5b@7|;Hgrcv+d3H7W>E^jEMSE|J6+KROJov2iah37@o?vom_XlM-
zox3Na$T@_%tfM0byqlJ_J7)8RMafNKglXCMwDj0&!G}BT4^54k<;V&qd0C+|#{rO(
z^iER9*PEeMUj^DHazr&Pxmk=5b^ssHm7$7U--C?0XKwdr$g`bhk>0&&e<*i-@J>6g
zW;W07@JPMf3ak#lkV@aQcaWRh8$V&S^Js?_U`i$WMsD
zK);OLKEyDiv(h9Zl}iZF%gLJ8If(l7OYUvb&{|Mjq+`?
z)sacOcufCXU!3zBW-^O>lS^xAtR)A1Wo|_d9XabzXd3o3r-~s!=``QAhbx#6Xe2k~
z)`}~-ZwJ3|7KqEkTe;F8)t=@i*v1fbwD}Zm9ru&HpQH7dGYdK4@<^n9Il)}P8o1zL
zr_;TVUuC;Z-xCm@#%`q3UMlxZDpl#@0a$v6Kpy~FM|ZF^oNeSZlc*^
z?Fm8~SJ!fPcaI`y#Hs)%T*{;Uwp;6WR}nJs8`$N;H1ymWVw0JF6%WTK
z{LZ=DRGgHSHwKW_^ne*lD`Tl@2Hrq|G-3EFTzQaWV9amEKGI$b(>G_0X|&G_61dx@
zW#}YYlK6kTI~?QgFm(1UidCeaBC*&2S}v-JrT%kQEKz>|3e`Y=lRV_m7GY%b{%FA;
z;p@Zi%0naXra5yJ68Veovh`a2N|SY)I&kSo`Jq~D1&c)Gu6-mIE_6V<_Xl`4EHVBo
z=akDAW+>!Ck3j@&3N9W`+#?a1?En>T)l6y>=zJjrmJsLa%zI>;+LNn$Z*#;~y!H{H
z{lvBU1@0;KI2>T#9lg&NWE)Z%`z0JNvmkSuVXqC`dnTE~6K$|VR0~?O(tU{nv?~0w
z-=o#&N5K8&0@#Gq@4U*LbI^PdY7390e&Q03nA162;Ji@0Z5p%P7RBEcRq>7XB+T{&
zveW)pG~?CS%EJ^#P9~A{(!_$^4kmHPf-L@pt`5#YhSE?wa@TJX`_kB$Zu4JJmBd+O
z*PXq+vi*%u`F#l@zz3}vDGhQ2G~cF^2PpP{o7|T^?;C~lOTv;Qc|3YxM~~B;kjI1uHa|pPJQfpRQ=^U8oIn-6_dBxI-1EWa@+I{`%KW6(^M*
z!FNHtGRjA~rDkX~(iY)imDGv_O!tAkW@D>BLmtG
z2WPebQwg#W^Omc?j1~R@ikVMtI>4+jEouBDSrJw^O!Z9k%N%0>^k@7VsVt<{p22W)c+Sfk(6J=u&0^_La1Ls&Fy-ZD8&fuIL8?=8AbUvvdbun)S_(HEFo!`S
zDL_6jUESMf8O0U`@q+%hC*vZW512QhhY%`#9^qsG@^D`Dy-~>_^NPdN(M<=ntJ0pz
zSzWD7Mu6RrIK*S7L(Mjv7(m?$(}z{B%oaPX!+(goBz&xh-%Y
znKq~{SLX=yY#adfj)bdPU+3W2lzRimc?~mhkuL{5Y!Dhy%B54JjkkPRD&$R2wKw&*
z1fknOO~xhTI^Cf@_xvYB`&{Gq+9BEN3LeiILqPX?+786Ggr0+cX>hZEYc0=h==M?-nfF>;*C9`
z|EoRVVOAgMJ4xbYpqs@zm=UWr!gE|d(PC=e?qJrQeUP&^G=y7OS{@NFP>Q9qxvWDh
z*T2jSQG0ccRDVsV^8{B=hx1^i>8}Sc@Z
z^K4~7a4y@#d_C|l72PzF{th7*6#*5e@S)zRuosFZ2muE%YAgS6=$H=^{@6Z_k>e#k
z{<4IhHI3o-73?GYZK2IHp~Ts4(3u|sPC0=953@%YPxALi1CMcvS`M1MwhwSXCk%d}
zd#E%SAFIpFGaehpH6JwJ609H=zmp~((_`NXec>f;6v6YO=7M*_A&&G9vRK|n&So#>@5Y}&_JIfe%<;_@IQr;-_G4O6
zkJ{>$oV*mq>u{gc4C3g2(@4{>f8{zP(<%z3L#hP?D2mFdP&;&4-txg@z@hh6_*1J;
z)Am^r|)j;}9t8SZ?{g_PqE&L3Z#Y5dy2|vZK
zBq4*JxeZZ%Fr0mBm?w0Vhx
zKBGpp)ys0`EW$x|8D)p&U%72y|(J
zA4v0tYGI88s5`URU$OXl>Lc0YJ$sJ+PpmLHG#{6QLYf#2s?3JkHpuf%hkC?iWAYR?N*Ulbo1
zWgTVipH3>Bl#|AHhA%X)FP>?3jCLyiGPTG5Kyv=ATVZe``8eBJJS}a%r*TcVP57GP
ze%d57dt{9k{WNtfW;Ru3_2?t=OkqKvBx`GyCXk=NC-|paDroHE{O~JATauy`
z%u&wqG}0Dx{iOD*zvK
zZUJVe3tWAT<`nOuY$jlPWsxd`*;#TOaCOBnjgy
z6SMQr)Eku8HQS+Eltjwaa}`)}{c-epF&$757wfMo-zlFe7wWzBd+Ev6m4WFYAOz*}
zE#aFyU9E@TISgXozgJ3b=xzun2z%w#AJ=<5WA;M|LY!)lZS@+ubLxW=uQP?1!7&Ajn%CT2zcoA|Hcx5g8K{zIz64%udk`veuZ+Q3pV=L-w&
z%XhNZsOA}6*1kN
zUZ+_OTHugUcsmp_L+mOMWz83hbn1@4{bI%Amt(ieNLK^Pp-WcRaADI%ZX27GbDDW;
zj!N`%1k@cW_pYG+6~_O-iUhA1j=N|pX7l)R8e`9Z?0l}(vZ3lSpSSj_)O%~?bDFJ$
zoOO0%{(z<1H>a5@tlnTZh-a!-zLAUy!OL25S)b<9Lo+IX8-1Rhn)R8@V5b2$shdCY
z*~gdkOA_gv%a=gsdA##E!;!PVS~XutS;-#E{!KyWe+Ow&uQ(HY(M%q1z1^_RsY&7E
zBvv8wCUP+pN}V6&sBS6bfK~i3--Z^IBlS$ffK$>(NO)=X;f}f`>wCX_w|dI(;ZipF
zYF1hkXAx%#=7{I9|C@F-pPf3sHy_q-=*xORK1O!@Klj_SthVUKJ^G9|vAnsl$Lgk>
z1=!h1%fLoO%?>&U{M>yzhX;b*IM*p{fK3thPXDEGK1p3Vaqgj-l2s$76SD{QagW6D
z2%ef6dEH(MM&l8t473nn0ER2++{x4h<&e{OV4UvftV!Xi$WQVZuam?R%(3!@gy9^DD&Vxt86S*vQQ}}0v
zzy^|s_eOI50f#EQF0RP+n9N2Z=>SHM7>~9N{06@#opBjXFMH5aOnaz5W20~wre0IERD_@RIinK4$5esTtBJ1PIgc4cI;Z;9TfPla60Xu
zUvx2~{|ayDt~lpxfo2FVD+uZ1=#O@v8f`??gL}e92+`{KJ@WDqP1*Wpil6AaIiFyS
zC722cKDv(SkbRn!Vmj@RKl2yn@5}{!OT<|}pWa+hVcC@^EE9aBT~^#6O{Wg)Vw?$H
z%y~>F<}y&{ccvqM=hddMw_~dgv;CaDM*o9{U;a{|LlEgNJ?r1u(3<~3|K-X7@zjCt
zHCYom5uh0&yTnGGeS$W~FtAqC&V}AwHkMoj23V|wxETF=a+?DV)H2LfI{)^W7=?h8
zl)U~G#1}sefkpHCCDk4W)$8e}xO~#Wj!PO!Ofzp%EhBicz`HiQtFVpJEXhxtG{qfCsd@Mz9HUqi$M<7rjKnNgMN^l
z>;}uzrPYtq(b^9KT_B{%-Nt^wBfG`W{R34y?bVYW=NsH*G=}(&5GvoC%GnkE
z4RH3;jl=5h)rbLS4VxA=2T~PmXCW?zRHkO|2WO>`R5X=bxE~}L>61sHU#hb?@)txC
zGaaZXqdQpyAdbW<3*Q7Ar>geK;O#uH$0yPtQ}|cGxNE1nyGrcGOvG~T*b&IjSyNQ?eJ-nX|bc%(rPrc^DG74>DuD|4UXaRd2x`$6i>)Q7KOh
z@q4S_%x%PmrK)!}pC#mKcIpgufKMFn=zn9wbPQuWJHK2s(D@y^}ON4=K^V26P#_(oCbHO+GYwS8H|l5Q)?
zR^~^YN69rq1U<#$6dobW0$v1Kv3@;hsb|}QRn~=XS~li~fY__SlP>Y-fm{`gsRmEw
z?UWV7E@scNFSLe_xZ>^FGPQdq^-Ae|qY&9`vR?)Z1GTKPkR6IS3dpkzYO0F0Ze9Wp
z-j4S45%Hro<=YFn4{g5*
zzJ-2^61^zB75n
zZ9ox@d`QozGE(qrH(+67fvVI*O({VFEJ&zhHT%NJLI)1eqS0=OG;yK1lJgJln)`r1{%5#otwAEdu}&H#)XFehN9xBqe9_vW
zhfq2e@&!#4V@{__|ASnw8iZJU^VXAEyx|y9SXFCt<}U->a^LK+F{>r(XH7bEvZ}zL
zTlmzLQq4SkvT6x%ss2GXW{gKFhwvH1GTi&OT
zQn`w1YL2nb6bR;!r(X)=@yBwE8*fZmZ|HKkugt5#%pCd0hZ^tfEzGx!W1QI5}nhOFF(7&$?aeIxM
zn6vr+MSFWQL^ip&WkVhrj&Ip6(HXUBs^4c~v&${>{ruy^CwcnaelG;?v9m5W!6qT+
zp^G_b3clkw)Ay_2v&L_$zfOPHZ{P|hL6$`8wCR%naz2p-cgC(16~7tR73n+=L(GhN
z_#UU?oJh^#dn*)Z5zxzveVAp*(U62%{#GlT$&JWpPmni0m@$&^SfAxrOJwjR;je^N
z@w{ShZQDrhz*p`&8w}lJaJ4)`1FI+d5VI~h7(c<%_`-8rERgSM3#5_(Cdm5Y9MV4-
z!vzZ3KV5tJwiU-_9b0A^Hq6beCk7IiQ)H{!w%K_Z8I=!S+d+<$$!6
z5J+`2b*VN359SptR>H^|zRI-#q?j!HK8Tmh`o{!lBOUlScb+d)oC@AgRY#W35RFz_
zq$_N4u8ouyGD-TK^yqm8FOkaJ@C2o}6Kur4q)k^$6<*`S=x$*D5#GREvMCc51NMwy
zVdwQB-1{^ncYO`-3IOCCqZ*mln>lyQA-p03eBpM5W21;&yJUpsGWvbKVaD
z`~5Rn0pf3Q2#d>GYiCSiOYu&(VJZ_1w{F3W+bBA>qwJe#ex$WD^lC-ShW+eUis}u|
zry2$n@tlxn8XA#pFS>?|f0E*yzM(;BR)+o7eWH`ngw!+G1{@b3{0vpAy4QjMnI;Yn0Pau_H+Ho%4QacEboqIAFoypa
zR!y&vogoGO_-H(&cT>(s41f<+)I#xYaNR|byp0?Ss2)O9w%*lsAhp6YZ1|V9jx{~%
z33E96u4H;JDGfXBaxe+w9$(V6rQ
ze`u35>KShcaGEwHIh7X-riZ>*QH{50cQuH5wM2fgA+7cpsRlE-vU*;u^A~TE3ONr@
zhyhRa0f&Q0qYCf@Nch?C8c=B@CMbmTjXc14)5K;HLS2S2{vo8{j}}gu;>$BLb2<9Y
zy>_yrgyWo`os31^L)LO^5LeJ{$X#XlZTbQ1+2NZGfYNH2%{lqzv%_WHb=q~@HR0KR
zUF;Lm@x`~%uARpu#+`$@HYx8@$S3zt>$@c%OP+|HhJ8T)BeMA@EREA!^9`OA9o_r&
zf9dzp`!-9dWtLs=k8x5%dYR(WrZooXAIwE>bkBRtXFdGiY3gCO^|ft!F_-{#>{U;$?}r7UH=wY5eg5g+@L9LXCAkaG`V8sZ)DZr#EDB_Spf0Brd>Aee
z`hoauD3A0K$`U+kUkIfc&!13#ABt&?xvPD|7X+O!>_RSdVyS&OxHK*>TT6H|Y2S{b
zJb55kJQj%aKeQLf(}5>is0~xd!^c
z5!JW)HbsSq=al7Ep5^R^jZ7q*_++!u&#W}z&)&iqkM*g2siZM9%rnfW7^;NMdI{br
zpvFh^NNW`}HJ3f7qp$QM&UM(x6z5Qs
zHc9;L{p0Eev*$z1c3^2*WPw&a&IHJF){k^)C#{8@M#OzLpVq2}{}Ag=kH`lM)vSqc
zr|MrlEaYZ!@HaYNnhCOFFL2%Fy15c48UWAq%C#zCnJLAQ0_zUbu?x3vR=>6a#XDMz
z=wuLDeyp&Tc7XDP4Km&Tjy*m5NfY&NMVe=eNl_5}f&Va&CU?ExuxId5Rz+i?%{|8k
z=RY4OH{H&vB(D{e96c|1F!1tu!)5AeLMih+zdZb)QKEg?N;VGfZk1>+5qz^DXhgP>!mwqx4poHPWkETlGv_+^oe9+Wm
zmu2e3IHoo%g-^woP{&SIP`+atIeYWCmH7kpd6xdO|9x1co=IE8R(_AbKI4WWTFqHM
z7DIRdfk#h{!t+h4wYo?EJcepdU@$VT*F8|%s1S+EqPGv~j-aHlOZr>>-apX>-9`vRcEQ2y-1%-8`G9u+M_P+d6WxQrOUSalB|ZWM(9*F|
zeEn&7#&}^rVK6ZMcM$y3MxPH~)vizg-Ljj2@t
zoR=1MMeot}(nhV{wGp-9JM`LQFr&TMo5Lzh0l84NxVEG#X%dzTiH&zWu6G8m2UMGd`BQ
zJI=aSU2>$$3U34DUl+u5_yZSX#C3hh>K+B1eINLnx@krK!ZOtcpk`rVs#!oL!e7z&
z2}fB;%)2g~D}cw|&ikU^&E|G&MPDhh))!4N{lr?023bnywmu~L|3hg$qAHsg@3&OX
zI$=3B)Y45Z1oG6>kRvk{{&>NM>xdo4CiL7VwjU{85&D#VU19U8=sNPa;-In4e=cwS
zF4l%n)N9;9wS?x&=l$~It-mV7Uja=!_fqB`^g$@)E19=$@YW;><6m{g!lj2U}r2y
z&lg46t`5NKR4kx6#->Um-!2t&nH-8vk-B6RxX^6vhh!toFJ4hv3O
zgYNVw6uwL2O77^lvQ%4EHxn8AA&?aB?`7~X|JN9Tmk~8p{Oh;M{
zK60N5=w+?jQrT5v
zUMoD4m^1PH{=Cl?XLhj8W~g#GRATTBR?rf``{Y3nM+vWVuHipL3B1r{j8Pe{FfW!Q
zStQ6vuHp&M3m%RQ@MT2^Xe6YLgj7b&iHyU2J0kPr0Ml3d$f$x5YA$)D>HNEvD2LmO
zag+6tI!vQ)o|^Xn$M-|VTZXH<4Mlm`)XmaF|2q2*q~k7Mti*V>M@ZWe39mUkHu9Y{
z^r{e<0#FtwN=e9vmX{V6pl431+ZL5nT0QbR0ArHR;q60KGkR12mBx;k$^GFH0llfo
zi{pH>DY^%DsYeq0ldSGL3NnEh9F-T82rK{9=eGcuUz#$%MQ>?WSy#B(;GXOx`l6}n9U`c_&N}lLYK|8ku`XuuQ
zpsdqMMmxx;DD%s#r+#Mc;rrOuTNRVev`d$q*N25}AoVM-qqYsMQK^cKkx=ygLGy7-JrXDzR_y)38xrXn*g;e);6I2s`>T+p@TwpGvB7~}+Od*E52G(cf9L;K
zY(e=i_8)P-cVAe0|-8EhDk$N_U#I(@Gz>~-^R#$C4`IQZoCv+vQv4*?6#(cVp
zI%~|`rQM<3Nx&!V-*v1jSs_K0L!-|GWntZkYiw}8a6XYP%ReQ6Vuv5~=I$bir=g4s
z1Z9<5142<^{_nUh`&z{oRe_=#Rce(+B?W-C$lVW=s{wGUld+Pd_tjm%94ookA}?Fr
zkbi=2$jhxh2A1J#POu1k&lzB7zi`Td$2xy;+JC6ic^7fOUHyThvPKr^_v-(oA7Q8}
zfh2=T71%qpSg`WSv>at&rpB7>XC)F2;e|fiK0qZ;_pzU`Y`}b_Ij%L7CpT8a1gM+
zq7x#aOX>pzG4>x+>8~%a`i#?}EdYf)a66bBcset`h!Y4tgrVGGG4VpgV6^FNu8*k0
zy(0^JS?m%~%F;Gx4~`54vmbM?jhoBBa9B@Bo5J89HRE1t`b*y
zs8MIJ0adAjf0DS0{g~a80X7xs*(!+SAi(zumQXV|3S!an4AqV&LzAz2U!#-yIuJwLgtXma|4)nwL5b
z{o_WCxj0M)+_{St7Vfc;LDlTqCR*cD^UX49NY>aNMC_>@iq2Od7ax)P3>G72NXpA2
z2hs$T29Tq6z9W%uH#C4Cd7yE19QkaP>bU{~3vG%`ELLQv?j^tgRz;pg{puy#jpMC8
z*w0H
zEil0k+9#_yD_swCbi>vvlT|RmV66rAn2uykQg1Ps(j+HbhGXCZ$Q=u?g##0ye2L-L
z^-fm7#HKpQTZ4%L@rm3E(+#_=?$EZgLUm6D16g!;fEO+356_2^heDo6b{5HvC#>$B
zBfVs&yi{1*zcstuk>u_Zx~e}l8PXqE-4Uv%YrD5J>mF1z&Le(C8gx=BaTjt8tXJmB
z<*NV3()S0nwEzEeUAp&%xFNr4mk`2`L~7&u(IpHaM7x9#x^B6x_T%`y5{3}chA0VB
zA+$EBwSLe_^ousFAM2;>wD$Y#oX>Ob@Asd*&hxyU&*$rP&USWQujh})v-tF5%}Y~3
z=Ui&`I+hv;`~tihe#Ybu`=}V}DHT9E%6e4?d$%ar?4-^rIyQ@Qn0YZWq!0kX+nL3*
zgF?#>tMK-4J)5k*=dY%kaH6-&slkK)CA1|(00!|s<8MwAlv>--NTJ5(lqQB|{Um|d
zhO0`=6~hf>(44D9w)~fMMxAL(o}r#l#ybHqfoEf9`>#OR=!)uIY@1cNkoin@2}}S!S3y1U8Xgj}!AW&>@GI
zEp@irRDRtu^w&r*z2ha4VtUVA^M!DKPW?%pAR^J&br&1PbJBM$WvLdS&90*aTCB0z
zHJ}A8Ug-c@<^c|%g}6q9g~LZQ@+Kj#Q>m_a_@@C`^_PeRNdCTM>#%G
zc@=oNkF5)_mcHJM{n+`^$!^j@)|+vmCQO;uYV5q6g(ZBb=(o;!V-o(LwOytE^UxIa
z1~R7cJ@U3s#7=|!N2Jj+mcVxQ8b`@LYpm)V$$g=u6|c^cD&<>j2Tn*(ijk+Bg72P#
z^98gkfkfRM3k`C~>SlEX^zTQdZ=SfkrvS!Z@s32{eGULh&g=?UKcOqH&Iw2S_3oS$
z)9@~?8tJ{uS@B~8aoy6~@{*oOS{##*%>GMX)Gh3+BARB0_D=fZBp@$z?UMPcJp77r
zts52j1tELst^0Om;m`5q7i5CZrWxJ$KFNyA5Q3w2+k~%~50%UIVpCzc+
zsTz+Z#7I!!Y=O}e8x9>E`JXamF2?u+?BcZ9LgsjvByEb*(8r@-J8Au$vWXd+N
zcdFpbO2febklRw6=YQv|TSIg`d5_3c$h{?Ox4N>%TIX#PmAj88&vBtk!coe$Xexd#z?S{ZAl-B!Cz(dX3yc&xPu8184M93@mo}R)cfcj
zwph^l52rCtOYyNkRZYUFiJ^`&>^6+G$Z@M
z9UjzbEOpuZ?<1ASDO+!KmS7Je4~X|E{5Y3unkzaQpi0s9Tzbf(J`pEBA&fDfIs0yP
z>shJ3k8#1D!~rPK7$OyPmU4Po_CQoto+-<93lZ?ofNKz_=Ak|sS61ymq$M$
z(xki}572<&a)>6Q?vJnQ1{3V&!PbTZi)1PGVf|y`Vkr%x{)qADs?^Oy*fl}t2Eurr
zUbh;(`ih0rObYGGVEpGH4cs64-jciiGvS!C0PlTZ5mXG^kp2`8_*a@A{mGO@QRW4D
zT%^v=PoUPVHn%vuCZbXo;HB_OkAU{|aC`^!?lG$d`5xqaZdnZtHnP*5@;Iqa#>RXf
zC$$H7DaHssgD8cQ@_Dr`?G{@a9+P9BKVz``^P#)IHcIVIm*b|?n@-DI?njY51X<4J
zZM0lsyN4m5+0sJ#qIZ3Re+npzX|trbwPEqoic?;T9qS}T`oTM?H@c%b$r9#^e*9C<
z^3}|2bYlp0>zv;;8GZG(M?KO*Jx}3PHhc_Kd*Be|3AkxpCx>R{_MBA%{--%v+nBnK
zd+PqHh#vS-(S)*o6f8=Ue)}08ej3DJR0QbPL}9!gBP(z
z!~{xC>Q&sbT^Enh)NBX;;&n^(w9tXPs}aFrZ&h~`6idt>$GO{5!pA&t!6mt4OinQ*t-r`?xd6a
z;)s3^|Eze{`yN;9Bz~@=R_JZ7DM{S{QS71#(YBafEXj~|Vg5CRB*Z$aA=G$08*egL
zKUuFaXB}tX1g8_R1-mKxETIN6=ed^1kn@86n~mL@A;I)Afo#Cu%j)Tu`xd$yG8&V2
z@Q1|;x=CS_(d@5bVt%Tvg`~69FP5~=Yv)#Ngiz3kj_Gml!XAG0@f2Kb^X{8hVHA!?
zaQ&nkGjVI^;A_EC{!OzCD$nwD!JNrzCCo$FmqU
z`#?eoaOKoXRmb0^Kg;lPEg6&?FR0yuZx{sOS@9k_XDA+J^`r>Y2YjF8eHbOl&g%L4
zw*?9Zh?}M;a-iocwWeA0CS4VC{5rLN5rj0FmN%&0>}qo|oBiMH+D@z6f!%u6$HlN~
z;cu_<7+h1NCq`
z>_WLeMiZ~IdP2?#>gulRqqU4DX&=bBI!q+J{{f5F)4fK=O`mnk2zZl?+cdFFLB1R
zo!>68tdAbrG}3>xZI`n$0Q_&e^(%Ix3Nf3_pCx}n3hBcR$^O-}Rl
zpJSuID*so@(0*D+VAYlVpSE{|RmY^!{*3w4XDO8{9&4NC>*znqRmNY>*lCC!Y6*%S
z7&jb(AoE
z=A%E`{IML5dZ9D^D5~G9BNXC>6djZfafcBq8nsl-`(YeshwvXD_*H0|(j68#Cekv+
z%+dzjq2IHRm{%E7>v-*!iT!({zpC}tsTgNouiEGlXrw=3Upq_=Xl;m{vzlm|&E}1d
zZRNqr-8`RB;P=ucPYKSsCtw+fJp{P1Zy{AafR0WBqBq_Fk`3pRB$_kkuI-W_pwEknYZa{
z#nG;!JAPddceKT=#Tv4R*E|EF)PDr^(0-8&rVQab%DGM_T;658k15J4bSZLrUz5{`
z@YBUb!r0r^B4U{GH^i0iBp9R|Mhq8E;C%LK?Y42TityKnqa}*ri_KuTm{u@`K!`I5
zcN9@Xjk(`Q9DQ!9?0qCRqv<^RWOyOBDF2=0r21V8pa5$xMI$R?MBrT;#?C4un(4nVw0fi2$+1*E)>Voem`U+|tf!Lc
zCkig)P|I~HQov|oAEQCGQME<;aHBM9f1mZ?#*(NcspQhk&^FX2Olz%MJ6bv73!}0w
zA~HTlIg1s(8GRhB+P)<1gN8MW^9QI4GjSa5kC#iw#FNldsx6@b>%KDP}xEEs-B2`4Xwhb2gOoqUQyTV_dyNh1IV?t46Dlv
z>YDy7XvY6sG<4l($41iB#vtsA7H^xJnB}G5EVHJyiaZs>;9lPR6vi^bE>Q9px*M!+
z0Xb~qrkx&zFJlmWQe7Ge@@)Gys=PoOnS$(D1!u2}^*bsGgc6`l4?dw
zfq}roYh62rK3XAR9rOEp3pk62B4<$Rq9G;yV&|Q=lEpOP2*F|guMc_Ix7xyO%Z`+s
zv%dk?yO4GF3y`xafO&oL;L?XtG#~!1dkk!kuV-eMw&h}sIVA;LMjwdtf_;9SJ#VOc
zeJfN)NC`d*L$yYY9V)7Q7CNoOk!VlPz3MwKavv+^tV(|ih{j&zm|rs9hP!m~G*>E@
ztM4gS#KbPM$*;NG;+-XW>WU)7#jzA^E!k{Y(8&cHzU1nS9O@;d?0bkU&NPqgrF4wc
z&G+Nl1l5D8g?E`c@J5RVh(8Lsb&Qp)aoDS1t+6V#+UpIV_+}_&*cj0mO8`I-3maXL
zhi^)JeEuV|Sz)%AGF)^#CedNy$b`yjqc}g`5=D~0eq(7=wolU+0aKjQIl}2CS@9G)
z}gOMLlcyGD5
zZ5-3fKa!zG`{&mCY8D`&^od@u3#8F)y{#YjKg5(0kx;Dq3g
zd+5bHa1F9_*BKw(#w!_=bKt7SLeLuKBdXEX3s@DLx&(UTa+?_{-`saVw=;6xy5wxz
zNeHkJy2v~4;op!*-yV`+1oE2O=gng6_x(UEBx&y9tc9?k?;%OHW7q#DA@%g{kmn^j
zbwHO7`e>kkX>yY%bkfp0comul88{^@6G|Avq!uJeuU2!
zk^TvA(yJGbQ%OLKGYPAM&M*%!Gr*lf2iMdJ!uhj8YZy7ir7F(45QM*-E(#S}qUgl#
zMvJa^oJy_Eq8iPCHTS60AnY+quXc0tI%12hY*1}C!~NhiywIz&qog6Nz^3zD8-ln|
zX_x`{j`)*i&~34++)-;Ed=IgC#J-?zRt4SnN&9(_*UqdaT1(mxZ`r
z#!FK_2v{-f6EusDNY(9G)EERg3Ipd6QuRmC1H6r!JK0x$1`l6N0nCyo8Ga0^+&$GbX$Z$+LFXlJ5hq6hV>g16C4Gu5(pq?k*bVY|+_Ssn{{H*knQCB_u&
zu$byBva7Z>p>PK$tnIH0eOUJveKN;h^^=IrXI!lNOpk+gbl(IG;M;o}WHL7}PF;*i
z^kJ>D?Hk>d-+7s2JHcp==pr`}UQcc0;uJ|b{;5R`_8RkDQ-Ls3(vLSr*YiAr{WRYC
zWHAEo7(v5E>v(*8ri@LCC^A
zpzWcAD1fnL_why0Qn}YWpx8KQ&FpM+1IFhl;_E2rl
zE8j;)mxKmG1;Au@8gA9lL@nJgHEQt-eR4IfB4UBh8j=1~a$)EQjrlFyG{L?`OU2Ka
z4RpVy;y7@74M{}$|JT)5Z70v2M^GS@O2|F_Lf>Dajj<2Fl0je8xn{ZO9{!0?g8s$s
z+F->7q*I65^V{$>%J=fR6Cn?cP(A$)#Xc3~6igWlf#
zuQutpn(5GZa&Yo{tA~bI(sD(MAC&5&mfKZL6a&~spZV9S-r*X-
z)*fP%Iz?1&4lPKiyUY92$i8SE(Z2^$9Ow9#Nmf$7CfZn4uJmw;Uv%w+Ph_*EdJyae
zysD4&9|Ax(TE{n^hZO}H3S(!`TOtBKx|+y4MoNuL8h7xS
zxt!96_)FeL*Aq`KFmiz?uz`tf!pwMOZ2&I(3dvfy`WMt{Ed}4Ku=5|qAEGG1XB!jp
zxy0ova{m=#$teIN=$`O6QSt=@gk(T|HRDt9qa?HBqTS~}3JqYbAhj2pQfu9;-qQs0lIbx_hs`!WrnKt3M-lfx
z&PYQ#iY!A+3VV+zKM&YH=%f|m*@Vw}(Yxq+r~6mnhtxtqR`{gQ&)cvwd2NJ+Ga8_P
zn3;^zK(sT&=C3A6a6BD*h0&F?+URY{r8f8(+_JEHzrNt&kCic^kN9)IFPznnRL$cM
zGbNJI}
zf`=m4wf9VG=r3hAWx4H?Jq@A!*+-;GO_repztnkI@NcrI6-30Ovz^cBQh$}B
zB?s|hEu$Njl#V3Qg^g*vaB*h^W0d$Q99t{CT5=S_@d&yqkD{yz?wyyL%DBa`i@)xC
zuIN~XuCaY~D*(K3bG<<&>klLLTS97T-NI6(JWYn7{w%nVTB>EmG$1-!*fqOt1F)+g
zK4``O@VZw!t8Rg~KLtWQVlI1d!l*9;c%=UYsuqXz*Dzkht0Ss;Xor_7&sf7)kZe^d
zc=|ybd)U;A0lGJY&9;rIy>D{2EpU4p=+}CM(^}V_NaPDj(tgOXd{Xzt(9uXXP;L?=
zo21Lu=2;HCg-KxYPvp%&!90CdNy=xWe~2;u@!4630)p
zv>@-k7EZV?Sf#$JT%o?ly$hARYQUwb`5?ajA|}OJp^#3O3!pJu=ruc#*`c55hDxF+
z`gx4jeMqSymJQ3#U_-k9@XG}{%@N-x5V;^y3}{#)P%d=s*+oLV97+|oVtbO@mpmzX
z{5#fYsOKfokCyB{(UU5O{M+{lUBmS!{lQdQ1z;Tyez(M~3D*4Ik)b2x6E44%1S$ro
zA_rxw2kq5}3i`*s!%MU{9Dni?d!N9P3RTNt1T#xnHSmeY*vXXrpq8q;Ypl!6dw=6z(zTB0Aw$T@##rNFp*)>Q*9`Y|mz8Q6QC|B&_
z7C>TtWUf{+q+H?pjtZH5O)`~i*tLQv;v3vBLA=0kgW>2<`wf^qf*NtRCsm`|1HeYP
ze_=T%b7I_(1xE~X`ex{3{(cOa+OrgYy^QHR?UWl+pLkmJ%pvjKLVoQ*|7ci(fC163dYCGB*wuo-?*hmh(tU*z
z@l%*;Ln-7*)=yHzfwU0ffP0$cs$PdO#b^s>%jxGa`Ne{XXAqf@{qKnGGNe#4u9#6_
z%o<;eGbIT|yL@kU-5))!A_4{>IT=XBtmRi2hc|R_wq`H8BXcAzf%(~V*`UdaDnV^5
zUevnmgPb%%;2&>}r8`mL&F0gp#35yhm;12i2QK&QTF|@yqsy>8;zD)eklmW^-F6}5
z6$g6Suc-2Y@ePp|F#_MU52X%y*qBd+GyArV6q@E3E?K}S@3YxOh(BweAi4;t+&V#e
zW07KcQ19-Ah6g|L>zDLrc3j{-lrIlYBM0QI%!|I{&+6FKP{e{XrLmUL(ND*!bH#yv
zj`(7~OZdow3G4x>hWO~VLQ^89%sd^K$K6kC>bpMVEB?%0C|t)c%;8ep0I4v^Z8l!|
zcf)cL57HB!r!y4)|5zu~7wa4<+$;=8v!qhCW2uFAlw}aVZP1QF(bM~!nj{c;T_Kq1
zMw-R!=pG6AqKw<7WP1nvvP<$a5+f%1#sZ;^AdUSH
z_sOd`Yv>jKerz)&0W)tfnkMCNIY`ZZrxvZ(xl*_Ne+vN|_IxE^tN&tN0|n6LD*S2K
zV_+&U7aYvx-f~G)E?QxzlGDA880O|)VN^`|AhE>NPP#)=Y{Py4A4Rg;_lZZrTC5rf
z+#0~0t0=f*@mgV+n~MJt`Ac`3&>1-x-*eCCKpr-Uo|#~puzatRKfUYXq*jv8L(Z_(
zFS(kbyG38uVy7o%s-0MK&tNSn@LzGo|AU9}K<$XyB*j$m-=IL_^BkJp>o1x5>?2_n
z+{?mffyoEd$*L&gag&*2nHyL|BN~<~=?9@HTERqJq0?s7jD3$qJTnQGFCe;fo|55{
z=$(_$9L+)ei`5INUjAy`&_fps4$-`x2YgY2(>3BA7>}2QM_;43>>@S&+%$$6SI2xp
zJ5BvrbEQZ%6=|aju+ivFwASji%Ki*@lK7Kp*gD
zZx#{%J1kkW2d}*RT*BU;zj01n+tBm4^VlCNUFuf#p4lOaf
zcrUGh3U-aCcN5^yCsyP?jd>feu5xbnWU8rP!7U=m$>3fg7KdUlL2AYnMPDQE
z7iYvv{9y#X5H-y0+rB^E$!!(x(YAyE5|eW?k)mtzs}(xl*mTy7>8x`50OGo9AfHe<
zlGqD8ehNbw$f;C;+!+FCMR+H$>}9P*>^hGpxUjvTy_GnYG%SdcXw2xgGg-MR^Q$YF
zw$7uLG}oe1VNbDTLv;T}i)Zve-(GgRq{>62>3;J?5UQo9z1|B?1^7nc!+m33@H1@I
z4|PS>La(Zps)ml&gj>N+u5H9C5j_q$WD76D`|F!u@h6)LrpukrWn7{`^x69Mp3-qs*d18}>^4=y}~kK(9*De=%Q2^b-u
zY{i;KcG3L#IxTdgJ5+?*J^XXaV#2M^jJ}i-UVqv;cZmoDM!#4$S~Cx3_qD>!J})a-
zA<>@R%p50Gi2P5Pyezw-ljnR&tC|N6uc2`xeO;L5re7K=zCbi$QwQBFo#0M^b-$p
z+}=Yt6v-shepgcFdn1L>rF6iO-~kIoas(m<);kO5t})C{0?Vl(ZSivK(Z&nZZIKXH
zMcz4uKW~j8XGm`oWXUWT6S-)O;S(%WMkvLbvD+K#178E!cl0er_r{#$qj1|9!$n2Y
z8v>QQM!@0uZ?T?zt>>YTrceSA3{EWCTnIDyE%1YZyw)Rhi>()~
z7F;k}ZfvZtm>^Y7n9A%_stY!@lD|!%#Emkqs6Snuc2l0eh4l$^=hY>x%Eq5OG(CYa
ze-QHVQd8P>(Vx
z_Vv#}l>ud;Z~Y1Os1_bm>Ylcb>`yO`j*nEwlNRqVe3F3+jACP}0(dtHJ`}lu*FUGg
zbPTwf6e$at<1|Z=xjPK=D_L2PJRr(7ZHFE<2Cyl4keC0@i=KUCgD2D+wcDpE0xDn}
zC?`ALK@t6;gmhG%a%mcWkRH?4Fk`D(AA*TfXLy(E=*}gXAoq&tact?3|MT9MUZKvT|PfWRab=YC?{Kbm6
zm2KYa3q5ZH+;HFGBuMz1zsm5fWpR3ud9wcjVc1@I)HsNRGhoM2VM!^UDUwFt6taR?
zwy_OSLiqED+he*kFGr2D(vK_nCL9haq43o&SN<-Xzt!-~>IrD3U-P6qk|#5C1)knH
zLV(akh1(i*jwoz;Y(iNgeZj&n1R&0PO^c_`0};u|&cEf&vrEePR@Pt=kL|{#0DG4dUPly=oh#Y*0mBxb9Csi{K^O
zRI3w}*~Th|sr+Q=o)MO<&gvk8>imM6-Z%6c
z=?P>vPv#Hwlr*d?AY``q(32kXd~VO3L~j9v9x|AE8ak#EF&`aTk;2Gx8Pqv!m$%J(8%`f3T|4UZ
z#FqTR!JYEl_SAFL{Rlm!g?iavi&sQHcTgtMY)cLAbSEKQ`)C0J8`LmJD1@EJ=?T(g
z_8-jeE&FN;-FhA%#8SguS62~O0;)oL3LSDB_~gC5cSxp06P@&r+Zmw|JHdL&z91_p
zb2G(Ffh~KhuwU4+*NMexims=Bk3kb<5BUJwX^L5?s^dYuaorPmd%U%&o|ZgpkGM75
zIt-t|_gZgw2gp^X7>D8|m+U;RVOBpbo1#FGAH5X*U#2HLMXMGy45DhD$rfSx3s4Gl
ziHILw!-;2CP5CXG)ZGeKuK%N1ls$KPP6~Xy_e``pZXPM{TW`4Qq7Ul>nP`+JD|4H2
z)5*%X)3dDPS5=^FB>g|)pNaS`fA|HKxiS2{XC1pEyFN)A3p(WLqi!-*6BI`PDTe58
zVo^_Fnd*8;g&PB_f=jzAW?V%3G@^^QhU2bSF&wgxK{bVvh(9>(40DWF4Cw*FCBfJ!
zI}--4kbjq>S+WX=4h0*zoA@s*9Xk9ZGRXIdO)x!eX;Yf*;e0IfCe#XSo)08%5kITr
z-t*M?p?K5$A4DmmHZYV7VA$pu4!^Ml1XiZROBRLVsdY*hkf`|ZyT(5hZF|{YS0Hny
zi`TKfGvK@AMA#emBhmm~FslIovRX#dFDWNc*dkShS1jJy(m?JAMPpkM$X0x+ouG87
zL7*F4uPqJq@5@lK%v0Q>Z>d0wlk3tA9%1R}7NI`d*ey#U*IhIXeEUm*%P!*Az9m(|
zssoU}@QJpHPErm&kTcNFiS6yn9@6bi*=rkxZ80tF-vGbX&Cx&Eetkt2E}ywc<0Y_2ws6S)z@!S9_zk~4ph3#b2WI%ovD$hES^RhJlFs5f0y66
z92fcmg0KADITb(agOBoHD_Lt{{o?uH$sB+`+V94qz$Unk(?BE
zJ#>LG@+UOJ6#r|N@W*}1rJL{K&LX&6Ot?3#Ic>#waYMab>Dc)2ZKU}pd#nk(pEvcng
zVNxq{Uv`(aG@$Q+d_~?$`k6UP!|ywH9FDdGeKNwHgXop0&2M$A?b^KN#o&wcJJ#3h
z0Z8#r@QgdO`5VzUKexR(a=-DkCKVXl0n6=NRxoA4Zn-h3ux
zr2h2MLCO0F@%bGdoUJDtPg{N9nRd}8{&v8LPouwM06x+2!B5Ed?M}@o_XClG4>|py
z-yGh%`vK$YPcONS4UvEv=Tvi$2OS%`ayy?RM1X47Z=c;*_^ZHy>ZEsq8GsYYN)P|7
z)amAIMeYFNqMN=@ms6pcpHDRlQ$%tt8)9AC|z)28aAR*9_`Hq|%f^^-X7r{~_Muq}D`I_rKtMQP%5>o{XY35ud)2Od+1$
z61Xge&dO!zJ$omljC5kDv5p%BbFI29QuT<~WwA1#m5<@RlHd{z<
zD8q&G#xXgGJqHWQKKK;LPXzF%NyaptCGwBXH$Sg$S&xaw)KLrd+c6?gdrn)|tf%i5
zk565A#`dK;L>X2vBW|8CW#OBC8~%Zl{6bAy_e!^~#yxxaOwHM(1i9IAv+Rk-33AE>
zWDsm)3MS8Pja+}j-)IhiNZ+>?7<+Ph-pIn?G1^vso>;Km@U8cy{av{-X`j4_I?uH|
zqaqP4
z@F6<>Gw)_VrF2&HC}@@WrQ#GT1Z{-RJ(`R0Zw4g8y!Z#bL8LF0H<;Fh>UhN_rWfrFbMLec*hB5-wOU3$Nd7AVXOu12zi%
z5wuSp)*k>*B6b+{$$+&4W=RPu6Zi*XO_@1rH#!pYxF`0>JyQoz9JfY$gX-Xa2UZZa
z!RgS*UoZ8eY%#EsWG(6C{P3NV#jM9AEiDBSK{>19VLdlM6~mePMk2
zN*Lgr`Wp@(+)S5wESus
zSF^y)XnG2dxW-%MLaSl;y|>CULYIkR3-Da
zfqY)+PKkoH+-T#bA0+PInTSfE`-(L;F~d$;r4oL+EzvJjr(e)ZAH`nEl0nw_5itwASY>B^XL+p$}CJ27VSJL8@Uck5yWu+e>?so+B
zJJq~IuBhcHz&T$q68ZP7fqZ+||C;lD9(Z{)OwU&12}~QOi3mHTYqn+NA|qKQJ7FGB
zWLIA5s7iv#O{NOsKEdfx$VOJ7y&La2)!8VSZn(;5wv#Ov-`h#WE>@GBL`BE#dKW+~
zcRQ(%v^S&J>##g69aK!XB#Qr5GU$
z7gb!5TC;B1y__j3^;ivi?=j+#y|cM)EO}85Lkv0Hn`GAbyoI5Ry;J0M&f{raAH?+z
zE&04z2GUyac#cwhVZ=S$V?Ah>vLsMR3dtrEY8(_SVhtHrmRm&hIM{^&Ud
z@JCo
zF!_?i?lUi4gYGDqfZJ#Nk|*#Ft-gWU7LyM8@#k%B(VrvDqt0J&TqI#^?qW!)O`lP=
z3wSIkPV8ZELoHjuXU*>T`E3eau4~h=I!XT`40iwAeif;ns&O~upN>2y^Z1LvH+HI>
zc8Kon#qRYznSUjHb=Yn5RNOdAN@5{fYbKEfa41Ux=2+EBX&~C27b|;%Ma~tF*
z`d}&TRqxJG9ELk#dkkB;FXUomf0EMxSP`5yB;?(G3bQ2AXXBT3SteU<5MX(QV3Q0f
zCgsxLFRvq9faG$qc~N|P)&HoGo_8Q5N%yX7b
z*QILD11~(~m1+4XPWwbD$&UgF%}!V5tLi>%#0tMALxIP4oY!pPS7uDb#J}QNrBuas
z_;-AGnxhG*oXw_G^&DSqWv}kDq%VFYNGjL7ed9~5mC@2)5*enaQOEgtvS6rXaBMqj
zZSV4nG%8^ud(4z(?@&j9U+H99v4EeYn_IxS3FbrXkEr8r=`z5UGNZq#2C2KSZFvI7
zid@9{yfc;5t*d}^P7l_PovG?xL->!KwT?Pms?NhnZ4qtTb6Aq0Z6T8uE2=ckQD3M>
zj}s*odG}5HH(exu(h;Y&2}}OOs&?vme9}MheINZciTeEXJTd)#=X1CFIi_Q}&(s?k
z2q372*Bqql>NQ+6rSl*0(qU*~`!O-!DAAP)p3dMerrFZ0T!>VhC~5$49BRPe=r(kT
zIuq$fPj^;P@jy`#bfo;RZj9`$YL~r7FW#lTLS>3fQMyrr7^3-2Y>zPRlqpLW9r{+I
zA-eo5GH0p7hnm>V!PKkl_G6(Ivnsb8RQfK6
zaI@NW{(*P;r6zOACH2CCK!2Npe}U1Dk|eifv7K5yTvVKO8K5@1
zB?AyfG5OQJmX67_q+{pfb*J*v4=k@;`Jt^*j(#hW;^*c`ghj?+Y^)#5!srRDhM-zR54*cSG
zHS#CI760x(g6-~mPCTLDx;4hU!bm7k@!?@SMfJ`MF
zxsO-0$iRG_mTBS%9uWZD*+Xa7P;)i^Nv;|Rn{%%K!uu-Zb+!To*5>q-bR21qE{=n5TU33s(8>nqMM+)(n)Nk)H@JlAH->ZcF~#>3ha3NTas{IR$A;
z4_A7gb2>xjhQF_vHI+1+gMIqcTd3i_l%*s$#@SjK&u%q-?G60m#uhQ$=8#JWf;{U1}6<$9f<3g|q#jMn$gHm|QNMi>-4bLuXn5y|bj!L6yUytlpiBsq=$auxV5W}%=^Gm{_qHTMh(Ut_(
z$&#;!(*K9Xk#b`@aiw3mqazjxO^4bH8^M$|ACvEUOm?HsceOZ~u2gvAsAa$J=j0G+
z1UZ;JBUB=}qjUNmJ}a1wq9+e#kT@_
zFCgD(c9!{&g%lDw8!rJCs5Uqp>Jpj4Z5h{N%KAuezE#paUCO=_9Vr
za_A51+=GJ+KjXvv912FdwpmKmcRU7Ci6{#Kb<+Q+Q(9v?4YDp~nT0T@$B_Q2jZ}~g
zZ@Q2(y6Nk<7OGb8l5CY+C8(7+b^EQBG`)2khLFo+h7bbXNt1^lOj+s#zayuhVk)uI
zw)>jB(p}6dB3C^jre62dQJ#!(yb|Emc~oLB=?W`cy38!>5P7yS@{=>ISLPwhTS{%{&pM3#!N9d1icEmFG++w-q&t53I`kX(4
zQ{(bK>EF!Zt(Vj4&Rm?z!<6x|TcR3)(uZQc7=|+21y@ty4YkzYIU;ZYb2UnQ7Fy!IK{K
z6H~mYm+eDDHa0RVSE1RSUld-MRbjz7f_G!kGN1}1DWa?TZ6Q+i6A)q)-MQZCS>z(z
zjA(S3iNU`+okg-Yp&R5}%buy`axPmVdM(!YiZy%sw?Cv(xl+vGsGK!QEDm~_dt;v_>DS7GFlw~!ok{;*8>
zIHzQJ)@G8+1`>cQ^hgqdw?D+Q$r5nM32rC|@s6GSy&WezE_KXKu>}
zp^gey#R!T6e;_fCKUiq=)`e+52+azu2jG04mdt4)ax}a8tU~jS773%_#`!wdQ;o)K
zuWVd(UX?G|&lz&mx7cxJf`-_kR6;TH(`;_AX%!suAdg**OO?sSEWyUym1|&$-iwI9T6|d+X1d>B{QqjY39RP$tsro7)$06@b
zE*>^L@`pf*kNfxr!8W0$0Rr|y{+1BH4G`uk13$jQ++DOHsgK7o>UIm!Qu`S57nDaIp!p;UUTtlo
zpN0ZMJ*!_aPQUDOVzY&ISluny{g*Qlq5z!X4d)?J!D?h8Z*TNPx^tR#T$gA(B7FO~
zd5JzDS$&c3h?G}-JmqR6e`}jY=MHPejyaaEAgx5&_%Dl>|9B|bm4$AMm2*P_{rV|r
zK;0o$YfElG-S18XbPRoYp3Crq<^$dD5B$T9i#*@o$?W~JyLC}g`nD`aygFa>{05_R
zxyl@|n3t@spjY5)T&2pLS&T;lwXJ1H4TB~u+sSO>yj+x)NX5$GK+|h{$!^$2D2N)fa_nIo*#eWz)e|bz0xraZ}v6UglUbi>3fnPCGszsM{x+{@g5C&!Gs;}
z%U~nv=I-Ytc>bmQdMY?sh*>tl`HKDeQV~Q&p)*YWAJ|W3lZ>~Qo
zcqI&@w5`Mnj^~iZP4Oed>kaOT08vj|1Fuj_l*bt&CQc9CSI{2BB7On1m9|}ISX~4K
zDyBu3%G@qc^Fqz_;?S?r^@z_jPGwwMia8EEN64$){iN>ek?mHfRchX^@p20hvJMMj
zgBqu8R^>gT?E+ZlCk~`Z98FwX81IBKpKpr^I3KeExTw5>nm9xFX=*OzIMEbdn@cxO
z?=b?Kl~4=Seh;fZEA{0v1EG=db=SVT*Lsq^*0u1q$?^QKVvnc6lvmd7q}n9jFhQ=u
zBL7!vz8nQCOa70hcMoW>|NqBtk`Rr$3DJb)l*uVnyPT8LZnr}vT6EJ*F^Nt)T&kNS
z3?WHd6ros&LbXXHMC+iU*tC^xty(*^?b@#E`o4O9e!qYAx}MkT`8sU7uGj1NdLAB6
zO@c8`d6QjnR%KRzzTDoY!Y{$por#uX6`G=@>&zv4diU5HQyM
z>b5^Z0kMWvCSn%w>2w}^c4RpH0@>PUB-15cX|Gr)`&L!v&?_DRSM#V_yeAxZt7lr`
zjeiMPQ%qL!jQxTSykvN^nEAL@%NzY&rt8*modyiQ+&xcnmRQ_lyOyXwf>X|l*s101
zgwK?Bnb=$7RM7;HHF;XFE#H{jgl<<7w+uQ?TrtO-x}k}q@d-b%+ft)F0QTUv5$dHY
zo>R+YZV|Jw;eum1h;3;)ct@v-j(|&$XLG&9R&*3xf_J?T{*a7Ec!#QXY0%*3hT_;2
zxH#FMH7Us$%Rxbl6@;PQdqgC1%HSt+9P90D5h-j5I$9+&udSD%OY)ki11z#Yzg*>b
zj@I!AYXA{%$(C><*Qtg0rUFR&z8Q0Z&!i#iae#WsIJ)kbsphdtzv3Dd^!m!%D+$e2-S{A61)u~jAFkN3j+S2Wd`d&tm^6e(%Yl0Xx5&
zwz}CfoFUbo1J=pq#8hs1AeO?50Y??)z^2S@Zoz#RU?IWe!;F`K*vD89NPvG^qQ3iO
zs`y3DT3~Pg=zj@bk=O4JR%6;P-ti;Q(Wyfo3SUZJq<_&+E|ynB9ARiHj5W5@p}5h$Hy7aS|xv7Hpq@7iMUOJ$%qAdol5Da?uoe$|8K$ptCtZ<=g9~
zH{2rbfn#zya)Ry=*He>O!?MoxpF45h85r;23-xQ^#QKf!`4g$wn5+~L5~}E{`(L&a
zxo>J-ddddRCye>WcbYZYI3OK-J)&+8`pQ34yO{XWn(qG}UV1Jzw^m!Sn1dw6iY8so
z12`cV&Qgb$K4O~Una%f@=seLWTeTIRrx-6VrK-_M-^(H_l;%p&aZ4DQaMSmrChlPB
zZ>J@7FaBoGQs4WMv3^DOuDzDypK7`I@lS5Wca3E?*tG4mTbR`c9c7ip@73GNJ?P
zbZPRI{m@lqGZe-e6Kq>C;Xt*%yYyy1A&@yY5L)!}p)q{Z#0v454uBP1@fsv8f0E0G
zgZjA@<6zbNpO6gxA@29rU_VQb`UK}b!32hqullhSui-z*hcbKehVZeZhGUYYC68GM
zb{Qnb*p`Py>_ShQX{$dcSEe7|h3Zf%kkvTq$|O8Gvt4xpu>nDN7)ebmeawmndw+pr
zzB|^jLeF*vE<%=x#t9vJpb8dntbep82+bK3qlFruV_q_cmPQr3gL8+-`Vp<6{0fWk
zH%*dBPt@X%7O*}>-{f_GZuyc}_2<6%Lnkd0XNHJT_NlE+2|Q=7#YeP}t
ze89xM57wY(pi^CI~DsGJT`DXb6rMEz{`
z!z7=B9^}aP%?jjRssDuxlh3q#>13f%y}mtnl#cg1H2Astpslnuo?XaK`6jubA;0k`
zv{m-)Kb%m1Z$@uoy90%flPa$(=rP{8Dy-dSC&^mh>OtY+Eur
zDUUZB9wC~p9rNtAg5o?4$>I^hB-vZrPM=QGz+`W9tJ-xSVPM=qL~M&sHL)|S
z59sCS00mPBScvazJL@_X`2c)|q@35O9|Q&&TjL31&VUFs?OUy8cb*#%cTO2-7o5a-
z1OD(qpBWa9*cFUr-nL|-$caw?sk6S4`w4<*qO!EpP}wY)qyoqsl!UOV(zl@lFQ~5}
z%O~nQ7&wBCC;t&Vifc!~&#T9P%nMC4fVa^?Giuwk7BE`Ez`lXNfps8J&-sBIScc`-
zWLkEZ-VqbSs*)?CesSN@0orHW06Z}gj%}X#$&q7Aq0SZbM-OUG3pbGJIXe{Mze!mPGa2nJye-VbzN0U{9ngqvpaB|-Adl>!^735&J
zpZRPINMBU@&Z#mT@GNi+!6zEO+q{A-F0po&?Xk$dUV=9PTk7q^>Y;vvW77nnDlnGJ
z7*#$Vb1nC@P+}1SLy+`2{jCc6fOb{^-E1o17Mb%Bd-V^#AG`X6G#mY1`xV~nm5Y6^
z1z3>ySjhBO4+3ORXKNlj_Y6yXTF&hZBOWRTLCF&L12rU{T=m|O7y$a`%SNm7?L0Vo
zQ|kJuw8P%>Sg6b8u%E;gAQC7}vYl|$TdDK{BC9;Fng$x(62d>?H%p(6u+#%~6Qd_9
z`GbnFul%RW<`8%Diw{;*b
zn`3;ab-5+6@4CU;dyt%CBRwN^)wlyGXt&Yf{njovu+U5~Nq$~V{{VdVdkpy!)nrO*
z7?B4YLH8Py-*2sU0Gd4Xj&Zp3BVt+74YG)YS1jVcfAy3&gzH#cS`FK&sB@Z9#|%Wp
z;!Ca>y(EY0Zj94+NRNWu$9Z;e-K#HDWBe&;w6mxTnA$<#V)2kCRxCRlto7M0O_sT8CNNA{=cH-H^?zO-6<$xRuxNa_JFfGPHH)vN8%C*kJ3
z0+4E_))v~$oPMioFV!)pHfNUffh@bZp{_Bs!Kq=D1p}EFkw4yyKk&NX^rSa-tDS!S
zfx<0tzG|NG_4PK-%R_)5t>)!^$BI=P2&lid=8ad)%|}$)G@!_vWa)hV1cwfC!6P8e
zkWkY1pfTouK+u%M-_inVnDbx&IwiCx2JF>~r3XNSsTJdNU<+Id;H$iuB}N_K5wU;;
zwSAf-@bDfSWuyq}o?v11uA-fwg&1ZA_CO5YP3oXn{i*^mME#yXaL+?jG8YgS#pK6+
zIdyo~Aox>y&BN8w%Z`>WK%Mz?lD%p^;4%FLEL4p%C0X6O@wQU{i5bp!l>`D}D2!Me
zx3wn7iP9b=i~%BU>AoHK5%02yNMOQkr9B%DF9Dzv$|~+y71x5VQ~Lv46!&^hrfWI;
zeKX@hEU?KRP8BZgC5oVr{wV|yK3)=w_jQ5|2Sk_85drj+h)9;%cZfbTFcB0Jd7k@$
zYr_87Qm5a$fC-=im;4WK-+n+`1#tE2DMp`i`1R)B$J8%0gIM=PB>)!0MwDNP>`+ZG
zA8rSk=EqeRgUxe6eeKfe^$y5d%OUBx?u*hr58XMpMhn`3hE5bC{A|o@P~9)R4*@eKz9MY8X74UZim%+{Fi`sI@-K(ZDIn3q
zS=rkK4^m`rX`7`eSi8Z&ywk(D4y0FdWX!RAoAnw_)IauZ5_KA?qJE*jt{ssOLGn{3
zz;0fB6D-dqTO@%4wVinpAp*#FqNi53vnMUCC4WqXYxY$W8XQ&;^0T~$#0%p
zTvfD9{*tC`G
zj6Ya{{e4EgWzVwU0n2C*bnkJ%a(lieJs2!*<^*T=;Jk|#kbV_BenRplOBbkNFs}ih
zv1jvGw|+tjqA6}WfEK^#ynuCPqG>B%oCKb2iNJ{M=^~j}&w+Y<_f|{&P^*dp#V=CJ
zB;nJU@WNo!1w!`2JqqzWu)6c{5$d4)V+@Hl<>7j|
z*P@r+J$Sa^b(-PhFOv!&{k|)!bh^jgD7$aIuWcaSZ@yE^$$j#P=UE=V{1ZX+>Q1bC
zKfdi{Q=RbB0$1w%xQgzouDiJgW#D%8IB+Phihr9{W8S?W(_R2#f!lT*L)n_;y)0K1
z{_H2T>i4z*JoL4|tO|V%OLq5eT>gD4mA53-9CmjR76%BistTyB?z-@c?z~SIIRg-p
z?hJ{*KMnqEngmS#OUk#Lu`FfLR#*E^y+EWMz%pb2-oSkBt<&CGD2J6{C#^d#32f=+
zzOGn2y|>#WF-)e2eslmN7T%d*gXM2}54)2=hDCn)w(^)WrZ5)&;?d&t#=08cz3CM?
zMgZ^$zPg|Wdi+fNfR}8_ebf5@7T|hR?9*$8Gb|N-vfHn=2ylLUj{)be7URd%Ut0Fy
z-rRqq&M*)Gb8PPBVeB5vb}&`)}?emmL+pY;NH!^;{xOt>Ydg8ozs84eEyvGj^V!w6UF
zPTKgVeVo0`e$CxA_VzPu{8o#w7B1}{CpjBs3&6@Ww18(pFyt$8G>=S)Iz8$LqT&4z%~=x
ziJH$MN9RM>!$mgC)36-gjj(Oh
z!g^2tBn$%;mlg%6k{}yh$6&H|**Vly0`9H2YlE~6CIfKw3Tg*Y6Y-1D06&L*XC9#%
z($L5FfjE7WN+Xd7J71PI76ER~n62-L!qc@L8_3pSj9G!bl
zJms!A#o73A;aOHcD8HLFRvyDS4_I?f=czJ$
zQbStsQ`zj%KNa+7^7cZ$z-I(9$sN9m-3nWaD~Th~%loi-7^~U|j7Phx3wmMMWieUY
zh413OpZBh{a)$>{JZ@5JoxNisEAJNmn9n~cD}EKc3Gvy7on;A&3xkiKwTSpDcOA>p
z6ZkcKE))%~XtUX@Vy=*t=8{~QUfn;>hecJK?ett~xx$SUaAU<>t!1J*p}N#w{7Kgz
z5})da+bOK7p%1U;48UjHBIu
zC9FEx-tz)=1H(b>SMBM*o5N4j7Y)ANPo2%Yq)WcQo9P_JEbn{m(3X4y+D{ap?i8N<
z)cAGDC+$z!A-Zh*{irXkGv57UXkn~8eHS}Pp}xQ=6P0o~@w^04WDnE0NK<3}i22G{H`
zyR!^Wb3o-Aj&V#+j?EhCOYNSNNDArw0TQ%Mit}=~oHD5ZB%{nQD0zdJe
z;&Q1UZ`xMX%!j2(oxG6v5^=0`b4TNxiqu1jiaQED?k2O{ChQG*78<{aooDC?h^G}=
zJS-izIZug#FPgSF6`s{i^wMtCoSyt`!rxw{0oaLSS)#H~1@n^Pc!*KB#3v2rzQjO}
z?3yO?bG6uO0@krj*y_kXZZXuiDwwNoiF{h&DOm8sFmor!u_XE)h*!AX!mPHz=CTR+
zy#R#Z!OWq68^8niAd+Hm!35L(JfNCTpjY$jo8Z~EFqVx6n)#Sm(*%8M61*9*<7T^>+NxX;Fu%MN9StWRmRGibQ
zlJYjxhmLC1O9;_>aVUj}HzYlPUYnLSbLl5v2yAbuRI`~b0-Ele1^Y@!;3FXg_~ZkH
zU-2%ZmcqQvD2e9Q!!oUxjk9XBz8!WdLc}n~;~jGf}bKd+bi5bt+b&f|D?n
zO(^_Do~XxGH$f*C54PDAnR5u|G3GEu2jM+(v9Xjm7A;$gWZ8sPe3QpGk44R^o8TeF
zOIT9UJy^UAN%~(E!TFN@rq^b;E2O~D3B8t7#6Lw+2)##`!#6oDR4yoE-c~A-LxzTO
z?CAQtzO2UB{eJQ!R*LijU()2YzEx$aNVChZk0Wj>{N&XnTsiv7X!ee##A=Ysg
zLjBBpKr>a`ud-aJ(a_B>(+F};?-dv{6j!hOWd)dlR1P<@f+ucExu
z86EZL-Ss(x)rotkra$F1>sR434;1#tSP0#9_Z|^CRO1VjZQPOQzSiU~ZqE)gx1nR@
zo<-zKEC*%iT^*&6yiI_PP=?wls9t|6ZRUur^D8W2uUT~YjStKZiF;VgD}8a`ntl&n
z{ii0}Mq!?QUT>9SyVrcSuW|6(v~c!OSt!E`S=`PYFPs(395(R0YK}9WTk)>X&{Wlc
zuV8SL#mVHBHn$1hS?2KHsU?dCGS#UeS*kP^e(;xP
z2X$hBWfL+hIYAuZv#(H8tKHLJfXT)$h#;f_&eY{_2&|=VLVmK1f4?B}l!at`>0WLW
zhh+A8#xzz~3)%IA5y0`mK{rvzZp{lRr>#XLrXOMt@cBsCm+Q}EBg@d8g`bLfo9d!M
zle@23eEY-W$;LPvLFwi0B6DMDkvA&-g`F($riI0=_+gFI266zFD={o?A+t{9wA
zU1SmI83m+X<0OMNgIb)2d1$?`E*|IXDSQO%BD)azB)cU
z#9z{)v;Iw+uizcV3h?q{lqlHz96$_wh_-aYzM0
zh9_XA$6wO}!O@T3srnn+cDbi6vBmkaPPOeEKVt9{SoWW(BE9d7VSblG8K3mWnuxcD
zt_j;}Vv7@Wc;*m+drm|&Lp$6`-Ql4}1yv=lGjsL4E+zYneRIr
z(!r|HXYhj*C*^fO&_gtYHIVk?x11?}*>MYEom|Bd%l|ip&Z>j#Bd05$6OUS!e`oYd
zCc{^p7in~lQ+$o$<#se~Q`DDe7DaArmLUP=&vuUIjW3faDL>p6#uhm-PPn1&$-aFz
zN06fL%XT!0&lqofh+AKonzfjpsSC2Rft(HuNFw8i7qt0R9{AEXziM_&5v1#Q)9hF)
zhKRrpKg3|i1uI+dfTVhtJ>eP)@B9^(V;j6M^R?k5Y8se#&CpA1)p%_~$i8Q}?)+ah
zRun()OkLHLKZZI#lo#Q=4oUq#LZZ%_ePt$E0~jwaiY;oUQ8yz^v)&59nia#UpM!S$
zZcDlA`Dgh`57$V0#m!j{H`F_g3GR*kcbFpGdD#DEgzmBryN=x%Y6M@t1#daDTtOor
z+S27yxk16v~xG%*MKyc0%X506IQYh>BRqhhdZK&4~(D^U3*7cy_Y>#Oc#pCb=^
zy&@Af;Uj|J%-@n^vq9e3h*|E>%9ER^QVaIc_f$m|ayF!e&8kLgW;H_F1>nD(qxcRk
zzi_q`_BcTI7%T13=6=GY0;G|$R)B2QQ8H;`TFp;c@3rH7@5AlLEAVPx!}>v!QjK?Z
z$V-{owQmCZuKjCqaN!kCLorTF!H#N^c+);=ujh)RX8-mq;l~TF-4*xdGV88=BQ9qe
z+kBfiY@HAL9rh^8e^S99iIB*8yR#53GG~rZ#%i5PWIOkBUBIJ8VN$k1Z-_{HK~6Sr
z`pe;FO5U`MW*bR&b@PR^YWf8Bc%dt6NJz$aFh;4%Qu6HK-bX2hvj6aR7UQ{`hjM1P
zm7trUpF5C~g*y~zx#CE)6A*o2WA>slLpF{*lA8`xKH;VD+ZuoQmZ`QDwuhn#%0}NL
zBK2QTG&?I@K6T_&vP-bp0eUWUO3*8Rgv|;tsY{F02LFF~dwh2Z>NQwO&Qa1fM4zkL
zh?v=&0KpApY@3R}K9BZC|5k}|?or$0UxxIl;QJL-jgP3swT=Z^mnOsNk@|4Wn!>@D
zCN4a-&*d{mHMv#Aea(#9dJd*vVukI=PyOlEI~o(s>3Re6lVklPl<+4073rh9Q|RVqT%Ra&iXr$#4}rUYm`I
z*T+S7c=S>!)@X5U2p#B-K{lg!cnB_M{?XFOTFEEy3pZIh^46PhX&9r_5n`6*+21ryEPh
zg%hvVZoeRAMVzi!KOn(2)FS`o@@|7I>)SjBP3C`K9c>MD5qd7hO0Qh*$45fm2oitkT-v<7#IzRG(*kiC=e*9qT@i_jrsj)t@*?ka2#BL0D-e<19APr62Y?}uZ{E5h|QW(KI-R@&*l*B&I_2CwcjTKRZg+LbEC$wgXHK%3{oBvyOmZ9+T!pTxt=(2$Yf
zROjic;p+lxBbiCM<)GESO8@XHRml73rsg5atXD`wXg(q^sM|Al!={e0do-TK$PsHikDde7>#^U+HZ}bwUwgw9(<^H!`1Z-
zQAU~>usXY;`L&&_;mrbm{4|x@ZEK`ri0oj$F{~6(7CY%6VzPO3fdDtH{6T4ez2!p2
zuzt72Z$g-abGoYFv*ytj{RPKgtimSu52C`@TGDH~g7vXnWlA=74{h46!l!7Xx<4-TML?K&w&|NjJOox8?D
zmvwc1;uyC+rJu?T?a1ZLKoz81CIBIhcM(1ngHy~$np$(Ril95&7&jV)i
zC?v*Dyau89aknCkr27?%724npW>%ApAJL8ZpDxG`k7=U0q5?nog5H$lxRbcwngOYU
zs|gcSTfGk>e~Jua%1aNjXt-jbikHBiEeigH-fzx;nzrVOwjFuT7aO_}?LCGk2+#v=ruqkLXQqHaF
zEjn@%+l;)M(un$1E@8O^4@aI)xeZM{P{_e&p+Ba8^V%8PR&;ce&5;l+Qs%mj6ZTzRB{!yAAY^IT*gyPrM{a
zxp4)2H$m+cIbY7pN>H1}_aqIK^qzI~q_7an3X}O3V13F&4asm7Mh=yrP$&BXy?kjQ
zw?!~Y!OXCna?+n8rBUtklCa~N)Q?J98Wr&qd(1kFph
zDnF5|vMGI)@ktfDSph;@!rw$?0zXVO#da@~WED>(=qe7Dl!kPtPpfTqmeYasXIRj+
z7Am$;j*Es%Lpsx|_cc&ktyo1WK|!*iXyO`@evPx84#&kLADn9pv*u=*py1
zbc~uo=k~NcYjFm_s3q-(F$SS+{nTkf`djWp-p|JMahs3>K8^aqviMidOGYAw_!+`&
zL?jq6ZN@!J&HWVc8O88v+x3AP%^zTCWP_<|@K6HKWv+*3!~4(xRJ0|ouy&g$@2xsQ
zkg=aQhkPlvhqj94Vaam61Qj3I;f-xJZ|IFX@+tmZv%S}CaYDvz)sE1(5lUm!Xn6}D
zL>pQ51$}3xbSt-gjycZUQP|#mjV0Yy;P#DPlK7xvB*4gO&A94TLY@;KmcLM9c+gnqbW8*u+(1MTT+dma7A{fbL0;kJ4r5cjrSf(D)6(vGa-
zY-75%rN+BZK0EI$Y6As{dpPBHq;yhON|vWXf#x6ET2*krTYKD(;CdppO8weV)3xFuDL_R+Jsa8#
zlJfrDnp!0IQ<`!vJ3cbF?UUeTy6g=G6!;5Qr1
zrEpy>IIyRBR<4F;qt$^!lk+R&=b2VCIBsQlQePOZkEpXm)_T1n&o~W8^F-@9i$|n`
z-1;7GlqhX{f$HdWR#C%GM&lrN5$BvqYV>*x4~;gcE&2S;64_I>7XG>LGqKMntqt6c
ztfjxkmf323!^JW65({w5O$I}XHe(hQDCeATfrpmhZOgISpsTO=NK{$87=EG8;0Xcq
ztZaN6So2Vy*AUa+U*}nwI(-MjUdOtpDods~mIo|W)SVL*CvzcC
z;XDI9ypCFw3_JS|97>Lf$Rp1>owu-^zCF>=tGu&0n|9k>s&`Jw+$_%SjuGS2WE;5qDUKg
ztux6&?4p1fmckjzMti*82h|UKFVR}W{+{Ybvw*!0RMrZ{Agk7iV@MElsP3eje9ApT
zZ#UO>Jos@Uo5H~tO{d~R-z-aac^$8}TNwn1ANcYT-Yu9!^?kjmPLR&y8ntdc5Y5{e
z5&BiDT>IUyx#~j_-gw>&46e>kf!8ve)v6TI4AwrP%6Fv`^6e{G9xBaGpl&XARJb{)
zwwGUx?O*ja%$_nUcw>2*qT+_pMdBiHK2MrJ{Gjs%rw;0|+nvQdeIL$J@%Csa}AyE^)1X@pp1*eFaLGqm5pEjDPAJn;JfztD)=3OzaO+6(hc6!u|HQbL~>$=6-swg
za5+h)@21nWHR2}?rNQ`U^UIO-^tSXb`
zXEy$?-EZwCym6Xb?0=Od2E`F7W2m6bLffLUVJ8@i2MxJbv0BilI||izqCMZ7tsa_Ly{Q?)lN`t^3F7-7l?OVs0IHbKkL;$iV0LdhNJp&
zwI?$bnWo+^VUMS|Vl%#Z;lfIfKZVz#a?)ET_|1phiCWs0SV4+OwXCIR~t
zw`->A+^Aa^wzY|NHyJx2OCPZn7W9`D;Bj)*ieTGT?Od@HD%CcKFH^1YHD!5qM)?*;!tOIg+*-Zx_*$+&8v*TF;P
z;qxf3&^*prZL?DV+)TM`AIIHQ_^gz{RkGben4jwxjBeH1=W^qRx7J<)ryJxOVGWhJ
z?lf~-;g#gvFv?rx_7@v#Wn3N`|tR*3xKW*LreG1WMS+em1KOr@vz
zFH*WGmj9I23k5%u1vk5i#wms*N;bN>4W7eAr-3Yy0ZUW_Z@H>V66m)
z#^LYFN+aLtr4F&sk1PM8;@~PoOxtlg7F9hDpnK~#tP=LW&w)P>4B|
z@IN9d@i-kl5HG<_la%mXoej984$M$OMP713F;?0^e^7w;(a-X0{T{(|cwHeU`KPUp
zNm++>V0T0M2)V@5_DGUCIYdF|@Pm-qa@et0U^@xr!L$b1-4Up;l{7+WUY!eY+jZW_
zAqU{YX5-+#X}EB8incCl713*SpLp_mct329ghC3H3v-ydcE_FDRFShZoy7UiOkA;8
zK!rwI4k;f{p^v@IYw$|HUyfx^pN(6jC3d9T!2M5MRqrK&?G34h!*mXyy2Mp(J6ZiU
zNOSO5RuS@Nfl{AKv>X!g>IZ>}TQ3}mK5|T>&LxacqTx1Y$!JYE{N;VEW3%XnZWn0b
zVR8@XyG$5?7C8FKY!mg~P6{j1dsa~+u;}?H&N(JgBPuokjbnMt4Pw75^fh=J{SQfM
zij%;KHBP;~i)|20wp??8EV`Os$=VCV8O}3A(tmyhWr)_gMfoJ@9=lOM@B?&BJKwF!
zIodMgMp*yHM)N<``Q%fJ<$0WG6_mY&pNLKA|97QncFE?_mvpfkhZq`OPggix7oWt6
z-K4B@kq@b>nu
z#`03jE+kLE%wzHK3PT!SMLdfO-%&?kD+gR1*s|{d%!P5IL6Bd0UGO{Y=Oa9|{io!r
zHA4REc>H$A4;unylducWyve)s>tza5Std&kwmt@J%AWB%0%HL6tL!
z(N|gfp{^u_SK=9;gHz?jhzsa;L*b`n=^B-)HuezE%d|M_th0H&wegAHy}-6rzCOpY
z^0LL_tI(X2;+wLdI^Dq&`(Qqh;yGT>BJZjt7_|I|CTKg-S52M8i5_iK^RX1uP9sUf
z(lY|Zr=&~k=)e_|(g8UX80stw|K3mvfl
zx=vn9v;fUOVhcG#m-^dRl?2p{y2m72gyAHNo4Fr`7bVcY|TZ^^{KY-?@Sdx@v9$
zWwt1OUOQbs&!M#R1?^RZCnwP`H~RCsxMyD0eaFo%iD$es#vxvmwe(E#{D5wPg6r)X
z53xh0Q?A&c&vrG49`eTA8Z1!-F`YkXe%5JzZnlh4_f-p5-5mV0+NU}w5YFR%QtL_C
zTndszz4|iePKIt`Q?A0-K1PlqfT8*E&gM0
z@)6pC0CSzXaZqs(-Q(E6zX>+Hr`2r^;?0&}RS{g?!e8{XT>PqTdbPk!WSGbh9PO;`
zo7Fer1b3<9I%*Fz#RSn@-uq|b;6ORHDb==-e1z*7(5C_iY2@6$MDzKOsYMnE5PGqq$ClJJEK8qdlVFed1%f+!OTWE+=cvlqT&B`Jy%4+{=jDS{j~
z8k|Pdv8tk*#6_dbS7v>z9K${-6cf&zSCsa0JEc_n37tbHzM5B8a>D~1slzIch8$4v+V^z
zqFB(ibCt;4;?X{tm5uz>GzmJ?S40!a>e3C%&5=517Q
z|18iX>1dphrh}^EOzpB~{+Cbs^nv1g+`Z;k!OO=Wc-AB)!GQ0O#>qy?%?saK-if&2
zb$7ay!1{3L10j4?5p>PhYux-EQ2j&dG2n(7t|1vp5PTT;8RsczKP
zUBT|ZO#x*>nuiIU*+AMqZ8`MF44y{T#N
z??wCD+<(V^J^a{r;YqK!b|NlC=t&nv8z4DFT%)&8-p
z#b%C|V-y<8eBraV*oR*`xH8k2S1lV4tpTS4e1hi%{P5^D;&+xXFmbSB14Dj2rDIn+
z=@fQmwBF!|!3fMMf6lh7y2FsnWOyP}uipTzN+t`E~5tej8u
z<8iNGAsS#H^=;yLPX{IgA&>_bD%!Yq=+7p{0`olHNVG36l-W8+021MkFTIpJt&gXY
zl9vO`E;);tnv1YQvZD~Zx{bP7U_Sl9H;DAgeEOM?KT>Djk<2*p)PqQKE*l)XN54^`07%m@|#@9@V#XrasHwx~=PnR>pexb9{ViNTg1Io1!
zI<_4CN0l_H)%^a%A3kv-MbMHrAwJy5S@M@lLnz0k=^;gV&apmn|Eyv3W56r9Kt;Wd
zy;*9+CMXhHICpfJ^>5?$XHtKh9@+cYM)U{rH0+o6vl@YZEFa#0_zTbay!@!-afZ=*
z9@DxkIxwpadXnKTpc6bJS@9$L!=9V^>X-gY*^Y2uS}1yxOc?f-6JMLTR;=AN58uT!
z+f*K+WKEVK+=fzeOB-)Qs*iqT6Wam#Qc3Shtl`AlDA2HXoOYe#5MS&9gX4evrG=%F
z77l)G1<8D7eoF7nxXb?Ad3pVR-fuFEH><1IGc1$N!xxO>s+;ZSy&y&s)b7<$zzc}s
z){NhKKtXmid5(wHl`FP<5XjttD4kNCS^$yGF{@T8WxWrs!Vd*NTu;TbE&H~h4P9-2
zKcki}-v@gxfgRl+FyJu*;TN2$rPWRsplu9N9p2MNsf?eZpw2;~C8{Y$OfckUdQje}
zAr^1@?Ma{W@HvCD|GXyCGO@rsAy;_dyapJAZ*g_jb@!E7z_2`{$$w#zrPMg&T2z{V
zJwLqD1oZi|&4QDGI(}H?6T&s}o3R?P1e|Y{`hsZ
z1l>|&q~f;V_u9L;;_@LTPg0J>4Na??fxF|}{qGIeM8gpOTWc}kcC|=~cqyQO_Xc(!
zUv&5eo{Jv?UAYAss?=eCM?p;7h#7!~
z3}_rq1^k{@u{+(3=E=du(={D4zuj;}F@!@C;XoG6Wb#a{E
zR@o~4aM{sb@4}E(l(bjYI$6QnxT#V~hqS!Egq3mc0d_faxUEll-djU9$
zJFC7z|MAb1uE7H;wabXZ(8P%=DWS4Z>$m`=qR_N#+z+tQxQ0AHFD;y|tEj&|q~O9w-_kDg!fbR_
z_3z@Q0=qIGt+)sAbfXV_gqa=I>HX!aFcBMmkN2$#76umH%~RmsGDo1;>8v9R{RBOI
z)1aZILHM8GH;7<7SD&$|6-3obnB#VxjjB#b*DxvrU--t(mpfhNI}I$arh8bFQ~1fc
zn5%pz1#t$GCSlt{)oP@;I%*1@dPz)S5Y#))fp>+2>X;$8#6^%
zB{e^}`9k~;%8xj_TL2`}&?egjImqRZ3X)~;8!}&O81tJ})BiRI$iM8MxC_vRa@E!x
z!?BG_1dyBlwr-JP!4)Sn;VY9>Cz;RJ2Yo}Kiym2dc)5!=1@EGt-}-lM<~
z{Mp4GPheX+t8>`9QSVgwhGpJ(11uSsE9Mr&wCnZ7Bk1cG5D&k*nh2{$UF%C
zzUx$pC1Rq^DH9&E*Zjq6jgXhf3PnkRi%K8r$e%&h==j!FtLGjV2JWee|Ep3
z-G7x}sIIGH4;Vow{)o2h*@^ysv!`5jRi_36jky6y^Nqo#wlyHG73^Q+@|cMR0)H6d
z3r6-Z;f;IBX+4?Ks6!MY1E1dq+@GoJh|;uf1ypAHOlrfe|8%c75ag
zH_A#0&m_!UxzO|Zs|Cz|ChDD<48h~j_x0i65PPHw&++N(kz4i_$~~pI!hq>n;xUuZ
zhj`fw-vGe$o>F;Vd!5=)*wWVQqC`W$|S@jx|7AC7xQ9u|TyjrrY;d3&QO
zF6)FIz|N(zCw>?pEVg{f#n0(FQt<8wkooQduS&=XV5O9gspEBrt!EJmS;6tqyIEjO
zKGu{hyz+@w`6if2iLm^GEjomi^jnu_#CoZnQfO`%NpciOGUF9oSEd*qhOJhQyoK}q
zK9Rb|rQ>g-jI0q_NHwjXt;00F5@AhNgxyWj#{*xMAI&Cax~5{KolMsKnR3WR|1p5I
zD2z4eik=T(oschqNbGJIaAGPqO#4v_-4vTuQTGk5xTkihKKTcs&{Bxw1Z^`u>lr&M
z2^}jXRlb4zkSkGz+=HhpSM$-yI-B}R>=sx=&oE{&xluWWd1G2lUJ5*Z(csbu9QZeh
z{UGTNIrAbo4w~JjiR)`v=P!#B&%mj=d|?fC>nR%?4b|L8xUVEnj=lQmTlq$yj{+XJ
ziv~*zMq4Yfl?tM_qd5qelFUJdCe~j-O9;GZ(a0tNV5$8=mTr}u!ge4r^)=Y5K3}G6
z|0S9etI{NX{f+2puH|y-^d07JWSN9K){Clr`+C2?6=lmLtm*l1B%A+q
z=L27sybQ{#>lodr7Lq7F8
zJ4U;z)ld|E-;gt=RsVr{N)W#ND>>v
ziVgIbq1icRoNfW@TY6DJ
z@%h0;xncq6>?3Y&%Z3O*FQC20yTg14JiWe;MljiW;6N<{%1x1ahTNA!V77pr+in#RX0
zkNEQgbS=|!X=K3EqWZ0kgL;T_X+qF^a1(7c5$W08B!(hFfmX!%b`ScAhsQu2^RQRkG
zwbq3lIICaTY_P72|8X9dGW7qe+g?~uJI?#F{)TO#a~SeGB#_;)1DWC&;!}^X0kPG4
z9TNqN8Rft)HF6HjpnuI<@7%g58}lva0LS|L6wkhKmUu}}irBAQHT6R+;lP?WKg4ab
zAj{Y>w7XahsdrM+Jt~-I4YT;BmU5czu!AylCap^2Xf9Y+`b>niS=(9@2hpX7D2YJVRA>c}MUS
zb?=yBUwD-mrq7p4Nwu-jGujB&`OM1xY=NQskuY=K_z_apsRn3J^Dh(Z9%GvX1E(&9
zMRx@ia@rWH0
z@78QHyZ?^wY2yZ)El1ibSJk7@7)dgGgxANtIzil!?1x-);kNbq8>It15-i^xKu>S9
zNCw6G35_fC2$B6<7JTDu36}F#%gjqB`M#Po9&U%+7VD*>(()V}Ex8PNHYq|XMk{t<;dQ~PY%%msR{IyvGCP-hJ@k_Pk3?g
zD(M2pWvb1N!u1!XfSWtwBJ0K!QOaT*vS|$PdhqMOkq&;Q*~*ZV_!n+DusLyRuGXN3
zlDWBa>Utu^^EExtcnaIGS(}DFvnV}K`(9ni!kv@YSeV+*WJl^A?HlN~5IXG$;`3jJ
z(mft7sMjbRvSH}<3US9CCKe7Oz@4=aoSM-Aw8rO7)x^`XG(|x%1J4wcaNL-^09n_owJPCzFm7jMAG?_s`l)9KDApcZg;=jq}6w7W%$N
zA<&&HNf5@xZR7s+rZrZ9hQlaZndN9TEbwURiBDi>yBWDFoO2lry=3$?85VI5o_N@X
zj#D@X*A(L}n|FCMH^4$BLlr@qko9bVeeVr?f)dt>=my!nWnG11{zq=7=!Um%I$Zl>>z)r0{1{)h{^o
zGwS=kC%i`G?+jG^S5?3~BA$ca7vT=kv;in+cKJ=;?ze=|2=lTv>ok~$2=%?RFa@2a
zoD1ivE^tj>LGQ7mC`#%J9(y7or0*Lt#nku0CU6f87Cs7i3w&apdhFMvc4((^ZY*DM
zAx8P%^z|TY``%RwPk{AQ`ConyQGa(NL|AD%in@1`GBPvYWBLcjlUhI?+zuZ_FDb-^
z5a?JF3}f${Sq33k;-?bXxgT!W%1kXmiaXc}mXY-G(n3q@W+5r>M^lBfhQQzvMXc+)E;3{y(Fc=aeF+ab$?hg4lYpK@ch3
z$pNd3x~H_>{=X=tL*F)TqfsB`X0E7JDAlOHGW5H`S(1iLpQ+;RuoDuYt{{+c7k&tJ
z1nf?yIT=HOMHX=1O(%YHEX!VCVxxFVM(qSb8NAW3kDk?HLV!WWk##T&R4OfaMj5%n
zOAMZ=hxzYZAorP0*l?TRecY!iCj2X4`Y8<1S(!r{qb3`)_tnlngtTnv0$3^MAOE|A
zFiaLi5T&Pt;~3mSn-3Xc%@)~Lu#c6e)6fSNEzjVeJD#R&s&S;}YONhL=Bw@bXLd20
zHb5}g2H4id|7?H(?VL^mKVHkJem?d5zw926-V4o_eZoV?u5;mC>HzzawT-2&vy(8w
zxm5N7X`F{y1Kj}mLXmVoiZ>+Ij0_?)fYZ-Oe<2tlg05r>0R=x`{TM%GGSLac?u_|c
zOR3M}FM&}d4DQnT^)aJ<{v+kho((APk#a|^)H#x?_GS+T=ci5FaTT*>`!D-BF6t%e
z#!hZs^wRQ;$SX*(M@0@J_}^noGZIY1`)gc`3o}O?|pszjZN?I9fIx1_Q!G
zmxxM+;?C~P8m?+O!RrKmgaN`c`DoyvB~W^3BWA-c5xP9;s(dFIXWPvj+x7+vkb<21
zQ_fS_&&Z8}-07O?2;_4bHU(|4D3OL%SsWCT>h@ZMPVxp3d&4C@X!n-HT_?%#w;`K0Pc5o!)
z(@1Fi_P*s5-thK0&6+Kqk0wBlIc=j#S6c5YUS3QvAvr$76Y)*wxWJ#-)i2?L_rDyu
zp=5TB@3@Vjyh&c%Uk5j5p#*7=v*bV!HhDQX!rxWKI3B(Z-yg!Ckk2FEZAFRbBlZ`w
zCbRM&cm8XN9cd96X6RmpzY_^h`f`*2o=_}~96uF%U*@5ONyK)FRoAj*d@|8M5__XD
zE<}$~l8ANVh(m<GK(fH%BIx_ZPE$
ziq7%9_i?y2Kisn_j(9n|2h9qTf_{D#fs~w`ll)nf2G52OT*&uYrv>brwL}9Pz
z8rv7}9_uVvXhvdv8YL4M%^FCvzaC!5<}mo*E}QTQ<2~Asxv?QzUeTG>S}E+M2wloG
zU?=xMuNygrZLH8OI&fSBxU!mM?>I{ih^@>5`p
zB1szzV4TBuZ)CkLFw$^_d9pJZFEx-t-yy1r#IxRfTq`|g_q?flu0#!cUst-pnSKdv
zaLtE*iK26Bj23je{t$GzpMNkHV)FX5T^seocQqeFUV*<)q>Ro~J5@tfxIa#|dnu5?
zov_QczfT8r301ctheQ1u!TyBvbYRwoyJ|o2Wjb)_zzWRMT!5z2os!kAoxj581i3D%dcS4juB4q$0`5t>~$5HRDma}hL`rD*pb
zmrMAV(nRLMQ*crR$y0Bc@y9^NaKQzFhAYf-Lx1bTFmT8GAn1A>%eBlRYdZ+BCZvIc
zkSb;eXGWtR2~vN8d}EY5tYPwQ9wBdg_u4PxaMssg
z)ND4$`rblZ&aMq|F$XlgC*DNgDZ|u8uBzKG$Td-DcR_Zr-ke3*3Q4te2lpxHXMSn?
zW;1VGU=dmLi2s6wv5NuAkYM#luaM+1Bzw@b>19GFiK04xNcv;d%q&|qc*MKg%sh_S
z+5$X;2|rA5zNMIlcLd_Lf#5rjU_a)P&K^4r(Z9jsTLEdNn{Tx_F|hmzxz$EA*lOYl
z^!2Pmhe&Yp4XEgit8(a<28;CPKA59&BDUSDS4p5h&u?>0w{3j7nAqRR1(
zJ%uLYs|_h3+SC3ajcC-}HQXQVpYR*phA#HfRoUYCrYn3W>FMemS?S_wy4@$_-4l*u
zs6A14u`G#x!mYLtAC86%(SJgSl~g2$^MNDEa_7+iA9Ck}W43XUQ?hj@JT5lF&%u9y1?GxBv=f(|k_y)KLVXc&3Eg|E7IZip3
z!~Z4u@s^z%_1Qnnj1q}sS4lJA0;JAl8|4PGR(np0XmuLC?$o2(*MC;$4%TRWFWH|5N
zYGBDrB!=YbwXy%k2|t6I7}d#acDH5|w~rr`TXmpJLHR_f&xq;qJk
zhro
z)(fz9v5izR{IkC?C8%FF@CW3&BM7{8%ASJ`0Z=Sm4shJBgyn<&t6K@5WM~DPs7y9@
z^!aQF^t|7is!uy`0&#&w4;<~*#Sn@0xgo;z!mt1?YtE1iJ|1?Gv-S{`;3I4)@A4ZVw+H44CDvwz#_`+P)?aO{xurRIk
z+i$-xpN*4LZRXUuaG@qxJi`fa3bur8sQe6g9o%(VV@`cX0qHboxegmY9nb6(8X%no
zQVE6-oDLSXp9TdeUKUt_rm%dOrP>P=4CWfjWN?3xxDF1+sO
z%Ycooo$XZiaGWG)+_{)SI)2
zwLU^X9KXcAIdzyKK+&MY3(X^4-w^g850@V2)RbRkS*VO+CQhm?mz1J|?V@=wAyoUy
zD(P%HchmSBe?@M%#fQMDbp7SAv6H*(x&T+h5n$~+Qx>%S-FztKL_4oic7Xsf<(E@<
z4A6@wNHZRG<=v-4ZAcJR?pOK(`~y^Um`6R;pX3NAa3sLcGZ^qFz05DC?`j^!{(1+MZ;X}jS5#iU~VUPvEi(vrSe_6-D
zg6j|IuPsR$mGHIeV{Yi4gCLTaHLJo&xLU^Za~Klnwi+xt%+z1xS1PT#Gsq&t8(}gF
z!MNDQO6p*6Ws}eqLei@HGy~<069<60eKnb@na1BXt{Dl_<{kdqr~pVimii*JL4$>k
zb814&)aPLX_R%bs$x%b-WZEEfigkM4D+*N15upvqn($AtO@Tv8z1goTdyDS|LT!y|
zi$e){m{IOJ$f9;n<{^Ui(LkwEypsb2zKd2OYci45I1#pQcKl}^VfOHk+Upoh_r)rr
z;Zu;@Uchqs-+1VKeO_ydvqa~v>@l6Gh{R25D^dlHVIKylkPr)w(iF-5)CqzZCYH(N
z>wIHhRJdQpM;vUD05maZ3hzxqGg+Uv%ZmA{g@-vYlU8B@9CMjPU8oRYjP;*W4l-o|
zb7FJ6R-*CMeEt0>{EEwH_b7@k>re2#R0Tu2qh@q+>tF?(N!C9dneYfAJe*in1(yk%
zG44!oCLkwk?RRs(&kV{8lK_k-;KaO74wK(W1w37-JpCOV-U=D{j<8Yds&VxV)t
zpNkp-rom;M_K2YsYo+>E4DHgLD6(0IQZFsm>;eBg%Ovxh<8R>ZfUX^mk`4e6v+Q5K
zG1|L<4HaEoh9%I`(sbS$^R6ukgK7{F$`m|yn!9Z`!WqN)s`^VLe^@
zerG++hLpIV5Zlq^6q~Z89YrRXzo`q{yAt-_c$ZiZoo$5QVM`F5a_-~);4k|*E}?si
zIp%j5GT#rKY-rqt44@jW^2M)W;%7Wb;c?LRy1RJJ8<~r~5-CO99uN#f)wbtvag&(le+E*JvPibUZcLZZXiFLzwm24tJ3P_(ul6`+wE&X^
z60Lmm2u=3jiOjcf#k$uUmYI*6(l*;bO&4B$rZUfED-d~{;swpFgJ0u|F*<4;)Yiv3
zA?w|2Xv=1;fjr>uK<}R;q2=4*)4|PQh_$^7q{c+@HeD3BPX41|5l<;NzC1`+v4bw1
zU_MsnfCPu_!i7NdmctJ*d77i=9PygT1qi>%}+~D7Fq?fc{1w@~>|s
zpHMvki>J*wzF<|*_chxh#QSCKU$9Psx&@<*#9LUx8**$m40EQhC?&V?Al;pP9n_6D
zgj${b2n94?cHD3@tc$fy8gxgg>TE};EO$>Kt5}CoW3yG(x?G;$D4^(ObiajUb3(gk
zjS!}+aGj2b_PJ?t{hR6Wwmi&?-w%%)71W+gf8)QBFXl5{jlT{f;o)ai696&EK&K<@
zNeL1&?Khf~jP9GYktm}^G3!@`VjyWmgjYegZtg-@
zN5R5fX-_%C64zok7p*eAMsF1e%3UE2n#N+EU@6g*i*sz@@2k0kJi9
z&j6u(-!gv#4RX%|u*Ds}`t)50gT47YCzauB$=aK_$X0Y=j|UnLI&llgf1Yt~H!Uvu^rvvVNtVJOhl!@CAT
z8C20;V(C|OAsv7TKrz?;@Y27b^6h}GHyiPq%GN9+J)9o`@t&-{NBE#EeJCxERc@X?
zhZ&JBv#1~glM*u^X8je`Ij0b#S;watdGChEL{ipJjk<4c%+%_1l;EmV}+G
zFQrdVshu6c4v}=eVgZJ>>$mznK6?T5h7fkpaE_65j2&ik3CJL`nuPnx;ye68Vj=`r
z)9`y((OVO(s6!fovT4%ah$S$3WRv+F^u_{Xk!>%^K2ih$CZ*n@Faqq`A*Hl7u5w8r
z(4^^%bz@YD$gm3{kWpJ3b7sR~E^CTINYez=OJy$Or5`RUSTE&8jkj;mK6o)Si#Eh-yjXv%1Q!~(ivDvVSSEx
z&K7fOwZP*)ybBbAxx2-&;_nW-weYfu!|i;xMNbo32-M~~;!$o6|Km=*LRY?I(PnWo
zoW#uoQ;(+%qzKP9QLRXIfFxFIMX2H9Kq8c^%-culX_b&9UE`!%KZcoc%%{fUBvg5;
z7-!f5Jh{eh7C4Hx5BG0psM*!fznYO;0FEzDq
zO6fzeJSB8FvUVToy3q}zRhPdENfOWVZ<0J-X4C&EX*-90U204$9)EBciz&N0ocRX5
zd7KfgZ-S|zPDKTxH$>=Z*KH6L)JA}HOKD~H^9?{PK*43!faN(00BRYb!J9ov7A!|=
z6O29^0ld8WvkPp;7`kd26pYw6Q0Umkz95GvE4>UmI7W76_teF2yoQ|P_I!zFu%)0!
zZtTS!nOL^ZO>*WaB6bi;zQoU~T*ZvvmFmlU&r?|zvvx)qQ=l4sJ=SlH%_jg3prA04
zS6eL-OaUray2Pj7Q@V+@2$4}yXofizAW0Nku9mXN8vuBZz1
zhjMi8hG!{11x6l9#};5sS!x4_>#Tofq5OSY6s&zoQkc}u8&gP0k{L%ztdDFAmNjNJ
zs{Y4u&>+F+G3$Hf&53*2`Q%73D;`RJLEYz4cvjO(V1BBgCg&C+?90}Wz}B73{^=-#
zDC?3MKs3m&x>EpWHdJRJ8XWzA1i5F=0qCDZ=BDWfr0-l9Ju(kBmPlXPHUI+5Z==r<
z-28tjkyCq&NM@{RFq5d`m#k%D;b<6Mp89yOqus#2iM6+%L;%tk(gHX8A^)-50(K&i
zSvR794%1zQ=Sr}G^<81UtiQqf{_ucf3vklGCc@Nwb||)MUmm>fOc-W0I=dbcc4Q&R
zyFKF11O(-#OJ<)vKr8fVj`*`SzgLS&p}3xdKM-3@@_{wP%*XJgX)3i}c`X|qJBzp-
zVkVfMGCw+2IWNdytv8N1_{{0-?x)Puoi<@qn|9$<`QX_zrdl*K<%%|GL#1BhDCvxq)oEs%eMHML_3eKV`^ZOl@F}WeJA2)+h28QDdo|*3ccg@xqj|(`@VZi|XN9*g_gDv(
zx(jg1+)GmjDSwdXd5HA`YrsCz0jWYB(hRVhj!sdZ5iS^=
zT;feQTV~yVK~E~_@=4x>iQq;d#-}7~H)ZNT;^nRUa!7#E0+b*$odQriAs50H!Ql@`
zQ7f*q_yVpD9L|A&u+E+NXf$0Fo*R^9i`7&8q)W9(25mAuf+7dvVz{58EU?{j)A7X}pW=
zL5$7?Bff70`vLWI#7@?4piIGrS6M9#8~6N7a~*VzB8(+D*#Mium|qS|%T
zSWg~u?0{lYjn6E%vVh>O*@qkD{jw^RKu$)uX|}5j%KA=#m7HC~{*I?RC-CD+8ZjGs
z>9t$mi1$m;j)|Yt%i|MDT$jh3k6!UnkG?pq3D-1II=Bd2A2f3r|{ym
zLcT(~$~30gP$@^@C2{O1CYOr*gM~eM)!_vni+!%Jqd`{CInr^KL?*K?UG0j-7eIl?q;uI$*K8?6^5{9AQMFI)@K)YY)*fnsWy%@0SH7E9;%IDO`zDP6~
ztfPd(YZ}{x^~jzh)jucW%6Y-Q)4V^{Cj4pr?+8skr1qy0#|s#!+B3LuVUS`~nGj^@
zmd0?Z>D!u*VF-dOf86s4z_FPn*Peknh%v(r7D2wHn*4Rr(L5p;nF7UQ*i
zYwKf-FV;_r(4O0|k=v1tYm0FD3+pEZ0yzlAb=cBP_?1-J7V&k%+P6M~f#Ii44_2SX
zx^5(5>tv{r;tWengAChWAHx4u{YJt&;e|x7rP4&8_G-2Ulw6;&Ol;+warRQMafR>e
z(Lsv;0s&bWpR%bjWgyviSVb+;|)KNY+Hmn?5PVUdUym%*{3#p4G3ucm*3ofkZMs
zvhLg;C#J!~@yGvTJdh%GY^Vfr_AvP~;u?geq(e4D5+88&1lXUq&#MEo$3YA5IXFW9
z*rvZg7&f#31Qwgc`$6485F&tpYE}FR0ki@8Omi2RkT6VsuEkGR=tKfvA34JV@2U2E
z6GAZWf|MprBhwk)+ardbTdGA6D4TK)k4_uMVV-82Umq8nrTYGdD#*!{Yz*5)5`ucDOK`(5av@<$`ND$FYx-+sQ${VpdbLATMTvy;C`kkZy9vmts;<#{vXt
zN!am&9PC18=h&d(6YkuJLGUM)Pa6DyHqa$tUJQ}3uFR&wZWgL*IhpkM1A(|4LNcCx
z>Gaa0pkwufD*7~meZ1+Dh3Tfp3FBUzM0@N-D=)XuI%A5Hf>x#HWv^QN!&_VqGgAbGNZnW-QV8=m
zhbJx=nH$}(SDUzDbRNY2%$|`C;iFE!!9EJDZQL{6qWpv8b@
zCf9k2e<-&mxC+Kwr#(P#ZIhYW_R7SbJS!zN4l@JITd4R<(hZ35XBmR%#TV9o}MD%cuO4#AFq4Sb|9
z5EY?i1wmBs`Zy7~!#vVT1q|QH3fa(g1>A{=1T1jz`<~JH9<40Ct_znhU(Vwv4$pFL
z7dMhT*pN03_s0x;jPC(vW@{l=vwm*ijDQ;UrDfMzR6f0&p7oOzGOe3Wf84#bA%aag
z7aaRd`7unVaBWb3`Zf?>Ih;tk^TtigLIrHi17$uARU^C1j#nYgCsq~Gg4yje0Jui&8jpX=74ZWA;Wu4gV?k-73L_{{Sd~+d{}AP+Lgt
znrunZSw_NeM=$psozk?m$>iD+J57mKQi*88;x?;L#uL5)O=ZA?LAj%
zd?Ne)pkj|&*Idy3XqRBo*S+pFy+L!|hix~*KQCr*jC(d*R(ch9I@QL=?Cw|3jWK=t
z*$*mTR_Im*4S(zXMKN#>*W&by=3Kd7a_}|}KN_INb9AjacHiIKU-gUSu=m|fw$Rydq(_D~GM&J0Ce>0I
z@axtUXRB9B)p&R;f$wgpjDfrPKLDk`19oSFH%6xg1;r7tHD9E9+6RYAeSXZ5Ggp7a
z<;>RVKEYf>gc)rR)GN#vg6u=yrBmZh=B^yj<%KRUK<>>s82!!_4j$^!$yw_x9gGR(
zAe+fwSU;rvbvTTHdWbfLtLM%Q$IO#o@}@uiNUI)$zr(_F-8)^IWN0?OdZtm_WpZ1g
zML{(|o%OoKHH+^%I|a}G!}bdN=m6>(oFRl45AT3LA99=ATBLkR<{>%lh_fHyRt?Mf
zKko*0=3-Wi7UCL%8WJ$ud7(x4x}1A<(Icrgbgq;+BW2ma_E56p-@|ilswruxUY^@Al8!u!F=8?5
z&TcGv5j4~Ww}Lb65=|{?^fuJDGw!e@&(?SimjmTB
z&4c&5hK{7&oq%Nor6$d@P)78gjsza3Z&;X@GCf4Hvj{03mcnXn$nzf&
z#^qW5v(Pq@*$pF^`C9CcaB7mZgPS!Z%x?{GT}_tvlUk-8<*;6!WHOPf;h(NPc;#`H2zuq91(wb?;0qQXp)Ga=LWYGr=LSUmU(>yJJK(N$I&!nAUQLHG3`0
zz@2!|pNMj{7-oM%w~$DyOM^+DVAKnr8CIdvEEU+#c4miVZV+V*
z9)z2TvmuRd;5yzVVsMm6th+c5(!EsPKw?P7r{tOlkf19no0Sa;kz+~
z6ow!NrHm=0*2WT=I5|Be7_S#4`Ql*`gIW>3a$peqi2W$ZJqI>2>=#@jzA_5uc`=f(
z4_rG)uBfTFJbzfO``2lA>N3V=Q`5&C5sGCVSSe>=~1%KZ~d|~8<(%J
z>PaA=OXlNlBEGO@NcWK#YhzdqvXNuFW)a$mnL|q;-D6}Zm1vE$)nXJ$YoEdI`ktf5p)n?Q
zEUIxsHZMnG4NdBNr#X7QTqKJozsA4w_T-x>()lwErS}WNMNc={ezr9WVZIGGlXgAi
zQ;K)#6vuPqzkYjx=$D=~sh{ts1w!q#ul;s8X8Z=~?lEIl?b&cA8}{Z(=!DJB_lZei
zuDKku!d-%wEBlY)7H-zxHrpfJ6@66s>h{jtQ-V~Bd-Uya`-@i{Yce|L!afvAnJxw(
zPdeyWt;cxZ4|6G)sYw1Yf6%?a{_32u_3P>pbH9RAt$9D4*M+V5
z{$Y2b6}9K0hMQ&2neUl{)#v|I-qzXw8m@cWacqB+jk(@kr(Olk_u2Wf-6}ozx-y6L
zW3}GL_dsm3I}K!;et#Q$?6mA=nPqkLG})?|`u
zE4%j#=SZeD!Vpu<&e$xrKaDZ*>pVlXK4us^n>r-6y_5I4SO96OM^s99p&f_Wo6a;t{4xUH-uwz^`4VUmDWcbZY7rt
ziOu8EyF?@GpFBt$oKh0AZR^9^=Ib!r->(AMMp=N05wvFXomhDi^cb1t8v
zcG}k;Gd{MMN~v&c6}vTLu`_A6wM@^Wh3TvEB3-IwFBIf*UhG?^TuAvSTe0sDLO|@7
z+0-SXqbz0p&G$%)6U*@#=7qv3mult$Bu(#Jx-hrHlrL)Z`QGkjeC)GnfjCo@ZHpn2
zs!P}iwSVWXUvAu`)91W0oA7q$w}VMPY}PK~FNQq}ajS5~rKS;6-LLM#ir8QEiU0cY
zpm|~AYeW~_wr}~{Z+CBpBkGce?sdyv4D>pDDt4#G1x|MA{-i6ZYC0NUOa6`S6)L#Y
z<0D$%C34ZU`ttVw8uxyh?y_(3
z!aefUejjf}VD4us3S3c_+Fet+R<@k=DXh7gdb2*m;vwOdU$W!q%Yr+&o%e2c`s64t
zww~|ob}!oQ$sE{QVXY}4E?p4+jNSs<&((m>#HR+W4`&|uM`!CDvgxIo>kDsh?F>Pl
z7TF&Vma<(Gd5ZjDUt4OCnV~S%UH;*^II)&J7a)cc=rTy!^;yW&~$
z*7}>7@f+JWyDw%Px^qOYM59AxLgUi!6B4e7)MjH7^sg()Ppx~0zL}QB38ZvL4&421
z7+7~L-~}yjBP&ppFsA{r6rc2h{(8{qY!GNkf2d*CWo3y!opGV6M{4uMw3OHU*A}`2
z(R1BdJ>rerhr`>Rl*()*o5wspdiKE6pH&5gvC8bDda2&V2}vblu*yBv?{(O}3}<0=
zzq92BdYZiEpi6>(7ANm?K3Beh&&(Mx{(!KIl-YmjElTt|^wqn+XOj<`+=)T|Eqg{O
zS2KDOXsJL-bd_RRwCU!6Xl9b8^MQV>~5cCj)-nJG3dcYkxz^9c64v
z?rbcjyZQJ@k6o@mM!&&)zghi|$#;Iuwf~avM1pzx^y_%{E7IQ|y?s;VT>LLt?exjp
z%n|Ey`BDwV!=_3DM=#u#Io$jzp-ac+l2SN}x)T3?iV
zfBTVQ+mN^6^b(1xaMb`WtIPj(+P7JY&ZW|{&dnj#tp~r1JOF1sCX7YCO
zjg+gA&vlO$*~=cXQ|QV_Sn@kyem9^m(NeOtWmw?krz=_Zo@pkx(fRDpPXl5y
zZ$Xa^s$JD2msB76c;u6`MDK?vLnEu$*ri9GV_rl%
zUL)SDm`(J5_p~v+6c}=hBUay6E8m+1-MLVqa<=B>uk?NXzH7J4?-H;5_WW?WW^?J$
zcz@vb)yAXpE=8qJ549|5n7v&YZ8(C_(>x0Ou@K!5a`(F|Rj=>!=TBl+{uHQ2e*FI7
z>E#=3aqkOn`tGx$&WKsf>`GOCEo+?{aVRETJOZmx8>09q0n$#bZ==?$IuyOQPR<$3
z{P?mvn)!CI$=@SuMatw&^Rt||G802r@8sT_JdX(dN6s;|M-u;88BU957U^Zc_;Pp?h%gCg~#m;qfL&s{M2@}pV|H~HFb+>Nl4RAgS5Bl
zJ(nFy(V7c%JT>>t(Ea4J;LgI=mqaSYZ)qM$>#QE}y!vbM+$|XlR`qq19<$CUK+gJn
z&3b{A&8m?+y!}G!+~|TKckYPV9!1>jWlD31C+%pzf1stc<
z{xgTUw~dNDmeOytKh#AXt!z!<#gz@1w#_n*3gnocm7V*(ZoGQ$TEO%xn(5NLSxFnsDW3GW~P*Uyq^}_l`HGJ@Z|EkJho%yH$3ZNqbZ8-|N3>
z{BhYga-QWlZRKa*3LEoFE%ccAgZ!JcKG^@qns8u4n_
zNB4?8MSM7OR=Z1jBb9ggDK+cFy&uC*yR!t+V)OToTK(t~KfE-XY9@OyTli|~-#@)a
zyQ|ZRJ*z}lez_WGCg0X*(K{d>loS7PT$i2NkiI|UAcXNsk?~5JvG6?nM`Adw)o8Bm
z-ygYLsTPWTyRLknt5L%BGl|Y~N%w_HujPEcb*)m+UAwVHhs+8qT?sGt4~q}|UOXTw
zQg->XNPTo%VV6c$fMM*ZSh2bP9$j+u5>Xs8G2{z$9+zg*`dwXs0-Ip
zADjR6kG{oSlBQ2ih5l5ic$j~?rF%1~`QBTLXB`hZQTYjc6TD<6-PWd-)
z_@Ncq??<(?TEbeEG!w_2G9RZ@+AN4mo3?+6P&@ck&`eeZUwVd`PMuRZv8ZR$CwsD)
zRZ_HH)1m2|g9bJ=^b=Kf=+q&>m#?5PgO^GiKYp|CTAQhDzoGx~<14ybYFhE`1ec_A
zGd;MlFMiq`)q0xwHuaQ=6|v?d{YqGAm}#O)zTfd@p%tg%!up8Y(YI9flilryZx((Q
zlvAi&Y_KwTWht8x9d=ykg_ii4;?*ULm6~a(;!Rb?c1@Oiwv2l7
z>|iB%bVY!6XXwPeI_nQYX_ged!NG8Sa#HG~h0|8CPe%Z<&
zl>iR;Tu*I{MO;>w
z%)BHmoLTYhnYR4q+YH7
z?`LE^#e9Bmv4&i-#0s2miD;x$;*o3okGg*nTq+Imu}}4
zzjRWl{rl_oevh(0WzYtBlb$~nI&*4!5)H2%E!4v$%KLd*_rG)Z%Ca|+35d6vG|YZ7
zR(|#2g({yI`9Sr{-9zRYU;e!r85|q@=I<-kH<5+v!8hrKhe@_AR?ht}uR9ug@AWsz
zw?_Ph$7QKOO)d1M#mXdXn#N17wP2k`2-3Fd_i0JJ`SJFF8bZsG
zk%N!pmv$*btn(Yf?)-2v-%z}seyCzl<8nGPz5=!MA#>JGyZlsrfQh8%RO_f~!jq+#
zwfx+btLO-o7|REHbS8>qavK_^?W;sq!h1;GhNzvjfn1Z(Wfkdtd=WRldOhXz
zW$pWJS3CR(w<$KSGH)voGVL-XT5O)Y=YyGfTakoSO7L~v
zySSGsUm?sMsqMBmKc{~d!ggGN*_gLj2tB4-{313ySd(IPo453IZF3qI_!`rJ
z4Eep(v#B=aZ?8IPMwu_H=)PIL7$q1G5}?1Fts&GMIjZ{Pm4);z2+J!$we2QKpbREZ
z410E7RB({w^3m^#XXzWOojI#ADler(W%|E-dK2g3Ht=yf*IoK+&oKcfX#pGQy>EBP
zU412UQoyy_M*_Loc6DEMIp|SD;v4ph*7E
zFM&T+I}$I1KR=&+;K9XY$x-!tJ5rp^ON0kl?T~8Ikh!^o<#n=j@8@j-Qtx9Pi3{91
zFMU2@``-lo`HzP2tDp0Ke=uBO7r$_6G>mt!?znK`n$l-e%ss_Nm4*T~iUL-O7d~zm
zDB9kBUOM@gyq6BHapPk;x=>^5xezg4cE$5xg+WzV*g&$+iZdZx>T3~q{?v=v3
zCB{gy{ldHDH3;|o$-9*RBqG=Ko!s4FbGT{)#H+GgNt*_@xGWCNKIFAYHB(~pZqe+cClZ-D_GNCoRChBg
z^?|HV6v{YE;9_kC%FXvp?5+o2(ciy~-YI$0EuTTPHnCZ=Y%zYb{&Z-M&VN)@XjG94
z%>D7>;r8QwzvcFe4cL|(h^jbrho&oZB#oYOW-e1HDDCG&82;j`EdM{=6>mDNsqZW5
zj_6i5N1frC-=V(!yf=OK{CQ)SGnR0R;REk}?y`x0*5|Y)
z(0^zu+{zw#Fi3Y(wI~B>TODw(a9O}7Dpq8?SkQcLT&sJxtk#N}m-e^VqYfUW*Nd;@
z$0mCl3;VozTd8X@VOad$VSBJV^zW%clQ%o{PVHBH?JWL2UuPvFjox_WM4%zXR#a@)
zo50;IWe-H}{nL1A@_w5VbhrD(BrcN{wtxA|AHTNReTku&nkvUB-qR#e*MR-i*YkQu
z-cRo=meCvu@ULG~fCl~el5pEXt}^gdX}8hCh%_6feSQ6R+H=`6bK@6N)DuSx&50Lt
zPoeRrXR1=&KHK9K6OFU2f+cyPf!&nQYR9`r6wtp}`;MGwyoG)DVh_>E_CGh@3c;T{
z#u2$Yuk2~qrj;*#^23CYzZ^rTH?!5{#_SDw{XC|HAd3pAQ>r96o$h=*pCg*tyJqH*XzNTdoRl5N$guLv;^`Q}&fLp3!>g
z^}Q0&w7qrLaRmf&k4TQzDdD#*s(z7|Di;4UDXOzSb0^8r`1|`^G0o|}wX!fjo|RmD
zvS(%3wpCKLK8}8fkVCnh@Wf3OdAcZwIoi0ZIC2|jNytqo;(&dQ`#blW;$>V1ms8ZhR4a+pugsk)H=Gx?T+*+zZhbn(twWSPoaEAlUCf7e^9}E7bWwLOsx%|hY`s97n4OizlB~hNw?1vVMZ+QO>{o8ruyk%Y2&FX=)
ze-$nVY?e|EdxTZlHgaxSoM)9>sm}e+wvKk>QoQHE)hJrP;n?Z7$BY}i&O9uB@X>Sl
z=#TnN!tlY;wEqL3KwrN+M#Ct=k&{Sw3j90hdqH4J-0{C-PZDcY-D`&>XVM$Z>%qTF
z-cx%E*|aFdsUj&n#0US&(kDBXn?P3*>=l^mvxk^r0kNNEIFN5p>f>CtDuz{o2Tn^7
zVk$p4rgNp3pX?sNhnDq3PV>u$K~4@_`MGpcFQ+x+b9pV1k^C^aH6|WFsx=gGq8655;xKY9wN1sPVvl+syVtA7y4$H
zzkP2eF_J3O*`V+Sd&Wa67w8!{-%Gh9;=_81_;tV{(Qw*OZb~ohB0u^^)~|Jv@8q=D
z2Flue5~NXB?3s%;Me1R<(?pp-(=$>BOcMz&fcM-n_0=qDJa8
zRSPdbPP>i3!2qJSj>v^Ul7jmM7z%?-R_&|QZTASduUj}}Ge9p2m6{3D3?RvHSo5(E
z{)I)MFo9pjiMjcwo{7I5O3UVu@aslSwhoU|G9n#itG-?=j%m@wAOr{KC6v-VwNX@O
zqBc@153h$>?bta7Us*E_qg0J9G;HuGwRe`IUUJWYd@7-Zq%nNJ&G{l2UUn
zKsHgScwEL)m&#@5z!Ym~a`lp>3r}5s_OjIrS4L5Xe9}Hfl-3R3OdJoaG3km2p`Q+AoK9}ksME{U$elal(Q6L>m#Jw-8fVOea(N}^Wa
zNA%r6xgkj$@+*ri^6UQf*2N)zdewm#b*AFN*DYcaF`Qmn9;4gICRHYuCKoI`r_=3_
z7D4IROYbe!bam33c7H_Pdc)bw^jWiKNhLsY
z5{Dj-k!VQ`f@YI-0c>qLVVcpEI6bB7wEJH9lgPR5Q%KISxeOE!&zsz$8
zzc|cT&grxQe@g`ZmO?HAlUnyXlFAo!4NahCG>5a!xr{d~JeJF(%at+rqr|*ash7%S
zwFZXr8FANytlyQ@Dda#tB3J0-bO6f1NZ1vFuCSceLE8P18u3kh2UD3`S$9lu>>L=9
z8*Vj}hf|9OCyKu`xoF9m3l}V0b!y1jAtSa49wKzZkP}1#v5Q=_%u(05X_=E%OHNy|
z+jtk$kmWDq^io?)EH=@JANi%(RH!z>Fuxg@vA;wnp`n|^iN&nr}B;|DGj+W`iA%X<*RiIN64heToM0v|FWWkvYv?u0m!7huQ_0^luQmY>9k{;lfYus$K1b#fdxqrqlM
zgCL|fh&ttii>@9qlRCW@R*OOAvK$o1a|*mHRW{QIme@+E=;Mpm;A{7p;s;?^A&T+oJ4j8eUE%j#NWy#tClb8
zRD!k&?0a`5L)%61i>rm0xJEQc1ZkMzvZuy!dIWqlo9Q5x*73AX*VcwbA(ovm6*)Lk
zNMD|9_n`_Nt~4e!d;&{^1WbYf)RK@Nk-d2NMoo_S(Kf*Wz92wnH7j4PN+$CNTFRHj
zQE_5UepP~EU%!qYhh#NZ;>-DYr-wLsDG(aI#7W7-#x>&^t5?oHb)oO*kSAIO_Px8|
ziMCO&`Gv*06mCAUD-y-GI8-&9siyKJ^~AP=tiQlIT%1_iV-y&Esd0m!zHT4n>@xX;
zE~eMasRyzR3!C$+QdMmRdt?CeOD%`vU$rHtISE)7PCd{$>O4gu-hNtPL-?IJ1kbKu;$xM
zvD(GZWr|bIUex)@NONG{yUW#))=`!wS1(+;qSH0b=AiWKYE`p!gr&(PEBcnN=-7z1
zRbbz{D;w2zQIxc7!HUjv)EwCN?lMQMqX@%KmXT-}H}hY)a3Oy>U2$j*O3$uV99l;h
ztUGl9C8^5|A?g|wLkV#}pBI;2r0Lc2X|vwQ4^Hmq*;mF%UZs3_DhK2Gy&;%E>bRc7||%u3E2oFtMT%=eK!;nZYx&OlMM
zxa^t9PX{`55V+ZYB(HaPc9;r7M+x$bLx*Wt(0IzVu}X&}(U2{Qm+5eGCkWiM#?{5b
zTI&Th@vUU5_0DEC(Fn0!@#>HxceHqI%
zLBqa!4ny{CCXMfh?gW8M_q{+xonjOh@#2(?`QA(yP
z2F9J{CKS3ko1OJwhK!5~$+XvrZC4~{)ORqQ6cr^oxd3Pi-bBgdi(RB+p_>S5T+u~B
zLHK5puJm@3RuCapd-81EXf{7IT=P0juPIKHoOKe}={R1k)AXVdqO^i^nGVzO!$!TU
z*<_|(=`@j0=qN#@dvAy1bgLLGiH`5`lkSJLh|q>6oBG|PCE;6>hEr9&G`5@M{5UPi
zIk~8=yA1kK+Ec6bQnv|8l$KPnr<79wxh_%+;Mu$tb)dvs5q{Mh!b!-XBo9uk2+*~2b)l$GsH
zeZ3&6V7hNq3LWVQ7PO_WtYLO)iWZNe`BQUMb?M!bDY@iM5YM)&+f@}DdW)A!rZXeD
z76CPtYBs0ehr&MWVwL4073Yw}RyjbWexz4*0aJcpzc)N2Zn2efPH#}vL)YAL&22SN
z(bEEzA^pkfD=S0QO2W+*+LOKR
zFpK)xYVy!6QQ1{FZRHC7bhsJ2O@(nT7T)=8)w>9|=W
zutC})NxJf5zf$Y^3+&;ij-M=lNzC%smOv2PV{8x6JVx^n&0{n#9Ia|0sz#F?Ro}(W
z&~M21%X_qyOlVTF&@BrHSgBNXrqO65DoF`1??5Ed`Z8p?inqL~YJZv5V_&-0C%18X
zA%~}FFHN4ha^V90bh^>i9F(42ZF9Ab5Hb>w^O`unEq9FR3O
zc5JXLcQMEO_1cwcU7p+w2)fe^9Cpi*CtN8{QwJD}(haT0CzO4H8us|#NA7spZ*^S+
zn;lu$59Q^n(d1ft2ha<-GXW*F$1qkSJM|QQY9@svq*2U!8
z5tUi69K-XgvR^`{+KRi1lGU@oQ?r9J-aNSxr4OeHAyi4Z@BzfVUUJ=Wy;xE6?>g>x
z%0;w^FxB}dkcvJo=@c{6yr1UU7Q)>>joZmWl!c9yd-BuqEdxu|v{EGN@_K>%7Uk(O
zDT-Qbm-WJh__jqdQ`Ta4w#ng#_Umub3oe@j#@5kT=bbFMg_VYCdi}Wwy$+&8^=)0wv94O(%
zwc)ZGL16yH0F&MW(G(7!m)9|;M<U{sb5^Wh_80;eSd?@7muRzai8U{%xs-}to|*`WeUO}@1igv;qFf82Z&o}HME
zGJ2un*udIeZU5xjw8GjVdO7_9lX&w8JuGitJj{*b)YTx(S|MO4|6Yf3Foy`;_7L(7
zZh#1k9>VuR1irpsXsX8_EV1bz8eaMfQ)7N%sbF4m!$HAo;j0ge^oBAWN~DFi^T`$c
zY}-pXrMOR_TpEgb*}J?E&vGRtZD)xWGB~Q?*MS_2pbvgx<}VT>Y)K*E!&q<72)BqR
zjJ^$xge;`=^(Mul*ve;g5p!vB)k{~My82At(dp_$tH8c@S8EgPq6AGcVV{qMidhhK
zWPH<#%aRd3>nMJ7oCa-#aSp=loQyGaM~N`37=DTT9rQ9zc<1@c^C$ix
zSXuZkC;4)$4j4F9%r#&Y;r@y+P!r7!1A0(h2alP7Gr@S}TqZSUNdnmFx?IMivpyly
z<;L-Xn`|~JVg?MqT)sh9CY#2}xf}Iljz*``3d|{Ci>ZbdZdPAUqL6Ybmm3EiK;CrF
z8+5u|=E9&JaM_4Ha*P`R_<}^ee|3wdt@kzPNAa$n
z^kv^%K<1_aASIvi{l&SiUaqBFu2QJH@aBF56*I@ny7u~Xq(D^eNx
zS(F#G)Hzn`Q)cCAF|lI)f(1*Kot6+KOE28!X=r)CE?6%-2ywy%%kI>ou
z+In2sf1iODWkYuRm)QE=JU$Q!79hRyh;KWXA8*}=du#fP%0vQ;oI>goEEzCRokz|6sGu|mZ@VugaY9dKt5_rq81_4tB$>4jGW!~JSG$2p)jE-pe}udJR={CFpqiUM^aTU93|qR
zQEKcI;*rH9!rC(Lg`vD^Z0>p~jMmljS-*B%g%8RJb;7(CB|D6-WI{e}bQ#G;iyLhw
zucR8hUa5q(eaf&7uDVkIG)o~A^MT4jdvVdE?qaLbiM||SBN#}<2X0{-EPBhz<
zi(xNa$B%l6CJ+l0sXX=K&TcHG9(;-VnGvzPP%xA&Wvh8UiW%`CCxpGo4q-2!CnBC)
zY6|=D!YMq)<;z67%r@?wb29{b2RRHRX*6MZDAV=Ch%cUnZt~_p%RI#j-CS6_IvUC61RgwL
z*yN3VhurCa=BJ?7zlIwYPq+oyQp_hh!b<|azyIWTB6#Z~9B^q;UeoAo&e$9he%;I#
zTZhM(tg4k+mXzv+f?ii=(phfihKQK-cBXhRtquQ~6an^1N~ro2bpE(W>%gjQ$^{#4
zpyMq<&ZQa*uB|p7-e?{5#I?TqdIML)jUtCiJMed9@i&SX#1CpVj)vv^Rei_TMla{N
z&ZlaJOGUnA@6$T$;tn=l@nj$DWP^l3Tl#itbPx{Sn&PslCF~+Gi_)4Js+BI%48>|4
zpo;?x@hD)pyr6bHRLT^TA}o=-TSIvCHFEa`^@v
zZhj<-H*)iUtVwDzbc!l%;llu(3?8E(>)X+@=FW5RjMmRx~7_l3!o+M(V0DAAXeo<^Onn|dzLRofO
z-Cu1v_X{3y4t-3wlIr*S0eoHp0+
zo76fqfQqbH5SK%^T#2<>t9h}l5k$fWe=GHxKGWoxzd5{;?^B9-C3E#sI&iUayRnk&n
ztaQdTasaiw>Z+zP`G&uVaqj#T{ONQzq&X-(yV?n99YHJ2OQ&=t)l-LSZv48$(rLMO
z&&xV#I(_Ec9t6kgaJF12Ikv4=Dv7KP-l`Rs#V|nmvQ!2~mde_*OJ!XBQ7WT5m&!$X
z2CoEz8bp;?&VhK6NzSZbVU??>-Iw$l_ctTFkX5Jr8A%}d3VuL^TmOzE@LA7wKY4E>
zTaYp)RM_aV&VnQd@&bwax*%?_k)`WGHJg?P+ntL-X=!rF@>5rzxqQW{kh9ZE16l_U
z5xTlKpnW7UU_NuWaTzwAxI8Hq|0V-f?Oz$(|rSAt!G_7ALq~TsqOQG(Ch2Tr$H|;(F1?Qu@Z8;I$*E
zL}@TTqy^LhqKQ7xv#N>P3|{S}w{mm0!r5N_I_UNT6)
zCHq&^kZ{B^3;@bOWN*744@@IDI-7C^oXBA2ixR!!I}zh=s&U+Sn(k#Lf#7RotlWyQL?jc1OKJ)Joq>aZ4OxQHnQU;GlKb!~R6rN8r&
zUHxHMa?xVqJQ-dJgSYCeqMNDx$#5~F1jh+w_oGGje`NL071*mWs6G+UB2}%SVN~^S
z5trZ%v#N%RHs~x~ioczXT}>h3*VU-iGQ8DoXU!K5Csl*ybG~V(_F#r2NFIlSOAG;^
zJUY!?l>XWnwENl^75my)zT`A!rPOP1p?`|5FWs|ND`_8gSj`CJH&>{8!{VYtE;%iG
z`c$u`Z4OwVI!C=^PAmvJuY#Wgc}JJ?Kwaf3rGi
za;|K8SbV5UIfw7^D%q^QC+3`4d6z@3{Fj331gf0IH7r$`=5W&Ds4(Y{+@X)^w?al~
z{u==+T!rlI9~_LN3ziwdoRa;8McVvnB1+>5{8>`Hc24abVh9$_yfuzbN9I
z@$0kgz=3>PZ2nykxy(OV>+qn0AJ6^z08!P;-_!`x-A7nVJs_L3QUbB)No2!0^7NBG
z`c$?!ijfoA(dz5SD%-DWeAPZubsb!^*y+79`#p;)K
zdKR@QB>cKMiP|!}%d>HzWG--aP`&X`QoppQPY3($X&s-qsS4nc9`i#$RrjLdB3|0P
z)+KA@GoebQD?W4Z73u%=_@ReKxz4=O7FBMpTM?i+NpDJNm()S
zr)}s@+X$8RhbVDTI@q8ujz9#c%$%H$XcKQZm7<=EJ9nUUEY9h|s)m|bjXh;@73xD
zWUP|1PWrTCBuwlPPN~;aLmyR>0(J6kXDmusW=nIo^Y-cg!Vca*nPdE}u
z#f);H?o_$Cn;XF>ixhS!w_;(#*LQ+8`8A&m*X+g1bvjMKg14Y#hN@kpgV0(-p|vBf
zjg-0F;+1j5RGG^O&LtzCbeysZNRRrri#b@X%5qXFoz7Oo;WW3BF3_8+SJH7hx9{)i
z%ZyHMPiMtc(s}qtfXh`3-=0(SMX4H-6K7(eUe>hfDfaT7Sg`xPBEO4t7X5fWLWJRz
z=N#qSpgt*6*1>maa@F!>^Otsd&2G!UzIRt^6z!roz3kLeI@JQ3Lc*^rEwE*H&-H+Y
zG+7HN63{vnBte7_-}Nfv`Fx>kO#zfe6^AlS^h`8}JXS*QH8~2oSB7W%B5ieIc
znYf25QpC&Er}R%3j)o-`?UGVAosbUrJOGFM9(H=mm)
zo5pgWRS(zn_V&n0RX1gGbG_b~N`t$%nI}8s#O5>i#W6gI*x|YR;#g~4#ERLuDq=C(
z5~Y^9OHS*xMd#BGIaS4zS65SR#!~IPyg4dnyvE^==UqiWZoJK^PIN01r^+#G`e
zs&dgFoEVB-fpNL6o}Qch=8SkS4+&vmGN-qo@&jHZ1C9$yY{|M;bplt<$vXrU08TU-
z+^}F*w>Gr8tUbe^m($m55Fw;6C?=CYvvc*RRi;S975OV$3S3^6PHR?w=t0y{#m}H~
z+NYfpSuIt9oCfY*1P=1X7jc|#dQfTZS1VH7!KWpXh<9;h8#o~&Mk<2QKhzN=45jUB
z6;ZV`MX_-ZM=@1h>*qzE(yfaSSMEYuW%-r$3s))Fy#^L`_i<(@N_RM*w^c$zak|r9
zLlN7D2{O=S;uGdv)m{;lk3w4xqO}dteWv5_S_H|Las|0!S6j5Im+f|(d?c=J{wqtl
z(Y9n9T`w7%$`X|_le*ew)_A+SB3i8W4cBeDv1sTkq939si!sHBn+^`@#g0yV`8Rc#
z;o6|cJ28Q9DqRuwUb;-De@lr$EY)cmsr1?*z5PP{)T(vR9y!hAtF
zQPjvA8I6XJE%Z_dOF8@qO7y+cg{pjbq^LXKNj0HlM0)80FT9o}Pg%13l(QH4j!w^$
zv2wan=6@-m{qG<9i+!FBYqCH}%#A_s+Uf0RT
zB1C9zv=V*=B?2Z-HxfKT@y8dKx5VJ&DaRtTrd6}LUm8l@_vzvbew?P}7Mn?&_3n&4
zg7DN0^tv{>ZRp=^|%WLZf^b+bsDLu^lM8vOBuMTCy
zZh5@QPtoEhbxUkC6E^^HX-UoSrxPm>KSn7##3h8L5CN&P6x%0NFFIO+KOH58pv}Ho
z9SPsjVOj{BDZAkS&RCEUxv;C#^!&ha|567p*hGRh)nLa7FleM3by9*LT(eiQqxNYE
z-kQ=?W`YRqXd=jbM^~vfi9paY<=Sw*Cbv!Ex6?E&d}~rD)kl%=1ZhiA#83&f09QBF
zfEcZb@;rOOe!ECi!?!1i@C!M+Ojx3{rdG;A)Et|$i?l6DTdKA|$k|=m6SSY}E0%9_
zcGuG;$hV_fzRlTP+8SkP@|;Dhx_RZbP4Ez*n+e?nk#ua~@FvQD7!Tz$(`U`d
z-6ub5;^b#1!tU;qpFKhHvYwO(ySq$Y<6y}}%_-EpPF*+x;sZUHHm2!UQLBd`AH<@Ln6iBEUE6h?VZP&UJa)bzs=3At_MSI}^(nhjDcl|#-@+NE-k
zw5+w(GFmqV>ZJ(uxyQN1=8F?Ahej&3a&9<8tNH=;PDZg9HR2d&fD%pY3F*$cS>i~=
zkm_OChL8P5(p-g+8{ks4T2*guK-J@YEp4eWfnpY~XDOW$vTXT+j@6$QVa>NI
z#ivaS6j!Uo^ULl=n=-V>5Df)ZVgSPNaJ^qOYrH*i(IP>x;48}yV#Dl2Qa-`e2)R{3
z9U2}MaM0uAB1oAy6!pmRORmOHStl=HZoAx0;z-xb|Aq&q+!Aq<|I
z%a^=jsU|lykI+nLM5UMRWXP@M*i4ZxRCLEjIwNjk$DL6
zdIV-iBixrM%f%HV<+WJ}pB_s~6ur|$|BC2w1EQR=7@^s_{MBa)aa)8nb@*0l8$N@<
zQTET+M%F9}hf}2?si3OXjQHsGPbn+MC^CUZB#4u3WfPLwTBYuIAw^Uf<-GAE_5Ax*}~QH7c5vAxH=RQtwRU?-H3|zaheysv?bGfu-Bt-f;`^Nv^R6b34)&1ZQQA=*TUR1qfJawfK$Lb=
z&-I?6aygS|<=54B{8$qO7)&*NNxZuLP%ItZv)nEQ$z6TLPf|s?n1!@>Wk-y$I(}Ct
z2pqFD%vU>3!w(zvmfLJPP9q2$WBIBZCTy?6ag1Ir81d?)-^3C@_37tI<#?`BjgC5G
zEU^Ayl)wm~SPftJIT?AKa$ii^^F4kmI?3w>_IyT7-=-hmGbiEe0-@JcBRtV6z~r3N
zDwZ4f*H$bqlb%eEhLUQ%usoR1)7+8Q1)$&P)jJ(+vLU37PI28o;^`~?5#LJdK%I
    tpM+|7H&M{Y){+wf;uiVgh6;nE$V7ad6C2W$HDVs~x0Ds=b
znO=^+atzzk6F<51uuC9ee|19bbhf&eO^!IPWKK>?tG65?FAeGaFbSNsRRtzdTt*78PCfK55P2
zL~dAHB{z(A9cEL9rq*=gu5&ThHIJdV2k+`oKY5(RSSr+E1MkT@cMz7ws>+wfSgOj7
z>d|UmK2&C}kDSJyFl;BsxhG6Ocjik@BhgtM&Uw3EU5rT&uN60r8#zZcGg{SOS?IJt
zI?s|SmpY?c^=dt7OYL2Lv2MfUf>*z4!;+kQ-no*zj>5S(&%^6ps`#r-q5GSZTX@Q)
z!k7XTCeESPT!@DbM7VudAYW`PsWos)?c!u@Rb;o3_2o?Grcs|b-ON*s3BgJ~XDceorT`PiIh
zI(RW#qoneBiG<1=IcjMI!vaEpoSfAQWqc0_j3>-6x0K*1>%Rp>1Amka^325Ql**3tW5nBf7W&@z3=%PdWwe17BT0INM
z%2zkkJ#lH}s|%H{PE@`+wIbnZOM;5DDbxks27#qjREr28ou+jwN@Yg0sgRPkpXE5x
zRuNCXty=na(pDWrY#F5Uw(2mt^dwnc)+Z?q_{U@wW_Zg=0ehROxroEau8$3QLF`N!
zK8E$wLewi)iARA?BudoFwQ)GSG=4uygH)|t$)mEU|F~&F1j#J8G=0|G*`fM~h_;xw
zFWlPrcOu?8irOYn=OV7-1gz2u`J(Pg2c1@Z68K5xGkPCqC7bqn#s?U^6e`HFFDM2=RM@{L}RxS|ug-(K;E
zfLzHBWX@5iJCqXc@2SIUmx&y8P74cPuU-__szSMTs%sJFJTqHblyB%J`_P!&f?LR@
zDsbSoudF&Ufh#qJUw!LEU1iUAdvaez#`Cl0XE#yrEhGxPb-$pFZ(W_}CByKDRD&2`
z;$q_bcbD^^rDQ%HhZJuK@EuO2%HAT)Jw(@>Ppg
ziH$@Qb!xKJHb#`zmHF0$@iJMnQ-#YfRZi~*b$@XeY$XkKGwmy}X`TbYtGq6tXO@4u
zCGI@1e3g^O1Le{<{p)1%P;D4)7*#M5fJCJSBDt}^$$K}#%h%B&Iy~ecCV11c%aus|
zOx}&PrLg&>bhcQjjrpbZjYgs#3GDJ`w9CkXqejY<@qCSF)VhY9#j^w%
zdAv`a&C1B4d48P>r>cnPB(9sxJKj&-S0zw+$zsJPL5$fEgyL|azmR){!U_0jX%F@nl4BJJBkRAoQwvOhL7tLQC0o`S{IYNZ=D6-o+TC}+V
zeU%SLG(L58rtq~4>VJlVx8Ke%QSmtoTRle9q16y|GJ~eT`P>x4ssI>(4&d`zg!9lJ
zf?g%6TR_7;il05v^L%14jBHOT{QWRpWmC`-s9Kl@Z%8y`^Wacnp)B|z>hwUTuen}d
z2v=lWpNRYWDn&a&C(PPe+;*WlXW`CM7_5jPv-_KrHg&RDoVWrdqi)=RqHfg{-7mPz
zIdDBfB?o5F_sEm#0ku)0%VwTA^6FAOQhaKzdG*71QAb=gJ+J777G9;PnX#j_iexO&
zPuNSSl12Zf+*4L`d=0>g7Iy%w=<))9mf%yc?3?#zgwSI8&yG_a=YNv^Z
zq6p-zz8SAJeb(`F)GMD;!wKi?;QrZoC~dHO0cR14$;POd(7E5?R3R54s?&cZFfR<5
z$CVs;<3(}tHXi4y*4#YMIZ`frqxssf-rW;GF_ez_l(Ldmsx0Mke2ja7MEJO*?8L51
zw_d82>zak6@6gRTp;hGXIv7Ygmw)|jK38W}^-CiC^6UWaW7Tp|E*8({R66CAos0EC
zEwAoO#&^3CnY$RvsGj@HrJOMD;7R(XkV}(G7Ik4P*fOy1-PPkf?V<>2X;)cV+9pp+
zA4R6x#mURd0@+k3`?<6<%-wN5TLqR9y9riGv!^ce2Y{w02HEB#kDi;`e+At<
zylfEFG7O}T&Fkm#gVX&@=X_3Y$!^Q`l2NCqb=g@g)?@*a`CKP^$CJfwACSfCGI_>w
zbyca5Z=54w8wbcW;?fDWbJ&%<&dH_UO2zYC^4A!@nmVa!E+c!i)kyaH>(!>JDs
z?+tqP+F*f?={SE>f>%JHT_S_Ea#7>K-vTDrX0xtlby>3@LPORog73oBanYKCx-V7q
zxe=Eh-Z*u^YW31|a|ESxfW>nzPW_wnK^kJN{o8K`LzpkFeX&F8!Kb;*{bBnMwv36|nS`9za`HMA?2;!omEPdC_
zCbR6Os{6S=PVmoC_Qk^w(oJRl9Q0c3+Egmsu_3*hb)2})hb}M0T3sL>4XN-6Oy{Wi
z9Xpryf(X`^6}bS~d4nEqwhqp%_hM^Lr&zEjU8O4vXXYfeLAlg5UmFvb$b@yec38|8
z#@s9!(gJ_=Ayj$&uf(Tu16Q&rZZTXaxk+`kWNUB|AXW1mzdBu29$ZbR;dTvi#l}tU
zbd?Kdu}7%_{_ORQ-!rPF~QRdUqc@F
zj#DM{)loiRSSnYGsX`L(Mmf*26hNQzTA!_!-SFPqGgHmS)@H}#@c?E|Ut?28wPfiP
z*ZNnfIwa9uimB0LTE;?gkTt}~S&lk`8$|^M*JKI`?uZoRU%e^-R^aN8=G8CRyB!)B
zSF^$ye7UZ7oT@AQ*?K5P^;nkb{-vwPMAj1UFF6IW`&G43B$qY+ntu4v$s>9EP3DJ6
z=AP*sx&-YMJpC2r2-c#`Y08Gp_t^Np{!|rX+Jz)ly50}e|!>`+#=QDyhL$&T;Q0X-f*W0SY
zukxCgjMlg*z9?)lTXTAbC#WG|)K&C`X7aaJfAgNF_aN6?mD1t*nS>8e(IDleXaU$C
z@D;r9C7-AWdGm7h{8P^Cbo-=bVBfo|mowW%K_z88b9q%aHm9_s(g*L~z>U7wGD=`yNL;YCS6JF;_dOpv6w@Y80p>GGegbu~Rj4EdOA!+I$T
zrzm)E;co8<;v$-?tc(=8|8gYugaOrxbSV2MK4CE@3^ZK!P}pP#7ML9*AZ_J7jJ0wn
z_+@sfw}=SA^_Iq%%o-=lcddhy0ux4^FjP2O-G3t-dy*z*X&()DFskf_iUD60Po^im
zOhFf+w7ckwU8SrpMQI2n$f^}rLf|mTPsEu{I7^z3d_~B$S|??Q
zMaT~oRsD58X6jeUIEj!qFa5kYFO=KwoS>=zI;C$U8^Zo0Vv2(0RYh))bJI>)^E++n
z3jTDude|J4o?WdQwvN!EW;DMw**O9nmT25usDNjML@LdWPzFj4+Sjq$LbamRq
zE7~j&uXq#-#BJkv^+DH4UP^AAXnMWLdIbY%TXgyuRQtG6gZ`4fph`Nle1>Rxse$hP
zGXQjGxK*=+({F6&Hf<6pq+Zg4J1sJa3!b6?^p#HpEtPBe+!z?j6UGx|q(W+R{|TBK(u)f#zySD|GUN@Y~_+nrZ?5NBetE5T?kU-fE_ChZ{d
zU)JT&Zl+1#0RVsWYWM
z8no%t9p<`A{T&Szyej}AtPQc{E5t1lL
z4nfW#&#C6iB@J4I-IeDi_A*3hq-vT2nlNoOUkL>dBwJFV_)|)kkT(+KOaYF8w3IrJ
zN>l}r@)b`X>jZ0fZHAX_S#IK9BU^*r%nWs*MJmB7*Q@C)YP9tnG8CYTnP(`LgLtoR
z(r@wA(MR{m7LlE=EX=A=PwOuRo(04eXa6WGbV6e_V(j0fPU?Tdw
zNB0FpZQYPME_BiG8ouOeMhCEANmzg@1U)g=udu@;t2OJ@LEkK^Bq-YEUeX78uT2CG
z#jtj3^)O-JNHs1cQ3_BlnNvfH7}RYV%fm=M7Zn&IYP(s=`X25B>8$UCby0{wTO+M-
zvpFQ9__VY*U5N)3TzzaTKY+S|0b5X|
zUMK{wpNmgJ4v%7MPhb&g$*;V3yEM6a)xy)x>eNoCMOgFg%2udN441KLwo$CfMNQst
z>s5m8L}Cy@^hGz19uYmKb+~YdE|L#N8!R|UFkCKV+k7IRckzMA64e_P-Nd%DZLyZo
z1p5*+0P55=;;Lt?Ddux}=bIeSk=YTt{7AMs)+T=~0(Ozjjz1&ntQtop@g`~q2PY%8^fzrS7gA=5p`GILTdOJEt(m&+{!QfTO?B%8GsQXC|LL|u5&o#60q?fR#hQtED
zR&7Y)4Dl9bl`|m_NPne-k!UX^v1Al+Qd3hRWHpzbIjeV8n{ODki!WG|Q2KqdXHSs6P`gZDq9`Aw
z2W63J0u~R4=;9;cXs!^>3!E2!8Ye{R=qa66NkzqkY=U)W{M{Uga)G@rH6%MDWuSG`XV+tWdG9ZEQgz@xY5
z6+%$Wa{?G1PT-@Xew$j8$WeV_@@n(rOhC?bHwyc4Ci-G$HbpHWwI8C>YdbXXX%(xT
zcr0`$O$&)sVKn9Rw2&cv%b-ocy7){}T&p2@%UoHdT$71bIhRxDo5&K_)WjgCCkAyU
zqU;|=3Z%I|w|plA8;
z8{dJn-qg}^lN2@}LhgKHHHg!i{3xb4@o23>bUm?&Mruv(YNi)N05`Nrv&%s}9Hlk2
z%RxOHr8TwNC5}j(*5s}`T{KcA>(%=7Zc6vdj+U#YhQv>QX(&jiPv%ww+}YAPx-!{y
zeppW)+5xC$ivjSp4n|SUZ)tK-H-_emS{s@#>fX?NQF}vk94$^4D}CH&WM#k^>^WM+
zl=5L0%=N|P)ymZ@F~V2#ek6K?wkrEV=9MI3cfv`X)KJ_nnhHH_@l$<6i=hbRCYiW?
z3|O{8Re%lFbJKfg_9XHpEpVwXYHR3n?8zwsIn`UYFAQs``Yb
zb12u$nvLq0@yU2c$Etc|Sdkez_eCw8`$DG9QjO#`UF+{lMtF~h#T`lOR%SBUdcJRV
zVkld3JYC8Vh69T@&gb&c6q1$RO2mVJ!@Ha$nLcyQoP-*nB@sP*-@v?{M4{m6=4W4M
zch-ah9lhe>25n!cgu`XoR`o(Yb~8IE>Q^tVEs6cUtm7(sMfO~EnkS4hG7R>!y)q}?
zbuOqGm`sYc2`tI``$GZ1{!kd})oxW8HME0Cmb{^)X!PPN=5u`tm*S+NGNI2k=OVh_Wgbn3OFz4tCHltvDuU7|8P=30SU5q!rFNHWD{
zSejgl14n_Y(+jQI9C=#$D9${!kE8DZoIqp0T<7G;s3ECXeY#KURB9QAlcL2>${}m%
z`XTriWcu)(H_2G)IH
z3+uk9iFF^}b?p8|Q<5zuCW@)*+L)i-BVJI#P@z1S
zDg^%Zl6w1CbHRbGfEQn?RUQ3Ax^nE}hs8(o!Vlx&uB;RAe2gQ=u|CLHDERU{RvWfAL7(k
z95g)NhY5d+UVaokeIysDjV1G`J}+FDK%a4yh}}Qg8}3`V(tbPMn{EzkzTNFhw~nzi
z>AZPJgsx7{k+uvS_;+=Zv~3*JDQv&(5Nx1zNcRdEclUK+2;Mh=C3s(_>$$DggrF=-Gbm|k)5Zaf!nNDceT9TrcS!ID{G3@CPbIEWU)wX=);}cD~2Mp
zp*hV@##|Z=c9m=_YMW3r{t|n^k*<=DL~IkLTO+Y}tTq9#sO2=hk&X{_wTRfRH8Rzb
zo4aBP-BmM&Ben^XNoA7VY<9(CwQCDEUsp@^LTWJEU6sV5w#z{_r-oi#^L8X+n=o#U
z*mb%VryUEWirM6dY*v*^-SJ*HVw*7X{9i_ff1LO2Ciz&@b`qw_6Y^b&C5zNn9H=6y
zYEgG$B#75;2!TxGPDxjTPbB8VfjWCrXu_y%Lv^!W9gWkLoUK-arMT`=jzn!6s+8&L
zmQ7;uCJfTa%e3v|O&Fx!#eD$9EdEjjFQ=9(d~u
zpLpvFA9?EwpLy#G9eV2voqFpNgCQOTBl0Q!A-G~8BWuj^!+Vs)1zRa>(TY+=&vGU1
zhgBPOa;-dDW@z3%pg_*w>*K=7VExu7VBslD8Xg>$D}41zFb&q?tUlKlyhKS0P_q21
z!`2f^87y(s>gvR@MGy`+;*(B^Ws5HM#!uG22h`kL;V>Aat+1?55A(_b2=7{G
z)k2%J7WVNsbo@p2g5UFFOF+K2R*C2NOG8dX;p%2_VPS-qgsGW(AMD)w0{iy9kb!$&
z)WW?lWYyjmGHdS(?ArTchV6a6WqV&T;vKea@8gQHgI!WIjCA(Mr^n9TwU&}O#YweeXb
zQb}F}(06uA;p_cN;j8@_M(;~3`HvVdyb7qn!dk^6`I4KBIl-(*FHDqoWc3{-I`|5W
zI)@==`MwPNWUHbSekrCDdPc^%gQw;R>`j&s^gpEO;zdUFT35)*tMl&j>%8iSWM4fT
z6tcRl1F6qQxf1i0Xs#2;{V_!OlD-Pn{X~>dPkfkTMUJCmJ
ziNI%Ra@ko+7cXD6I&gKkR@gdp;NQ(!Vf#2JgB-Q07g+|@F!-)IGRxlZ@GDzi>;Up2
z$i{aC{)=h>q|@&b<{nDvE#B%g>NFX0
zDwmCW$zZ^U*+4>83S)FpkA&~ANo^`pnvc0Wi&jSE&!W`9^M7%r$g!2ZhjdA2&GU
zv&^njd?;^mo+ct-v(>6Ry97`kyihE^!lS^b>y*`6Far6yStIX$M|xeB^Z{0e80ifX
z9GT_ZzF-CljcD-j;vT`c1{@OMio-));1eK!zyl1*0_=}U{CqHE8J&ZkrETLLaWN7-
z7zvsAri{gcM+Q51<~-wk!#2tRhX*>ADcpeS#Tr+0o@U+92+c~CQJljYk(Uk}n^uQf
z`HSubK6dRHVlR<1Vl0C0=K}Lb@2#OI7N{Z=IbNTt7)5xhP|0N7oDQiKDuJ9YR03&E
zAtX*clg?E0Xe(u_dd+A5Qa-)b$71&6dpPxM(W+JFoa#F|RS;VR_Px7O58Fj4)$`~5n|#5p*ME2UfU|hL`28J
z-KQv#q;{%QPO`adtI?VMoh8q}zK)kkx!w;2!hh>gMQT~kuTfnZ5i6#$>o#7*#|g8?Qv_`;R_~#L77R%S{#iq(iStmYABoCRwtVBun;eq;lHIg=cln;LU-3
z?=BgOyX|3?HU+%UtbZDfR3nU9@9!VBfpTOtp?8ivedYoWE*e$IB3{
zLI?icEkm@6qZwX2e^nRVutn&=zsss>6DKZ>JCoTh2fj}BS(}0fQr?`Vbm{9fqL6p=
zG);?u%>xakJRU*pbaaYFYEPGOKwmZPGF?C3#6ddP+ixGQeGqRnRe3bI_Tx<)x4%j?{>N|!9xMxibEbCje$^;7bn<_%2+xkS?Bc2iT%A#LL0&uAi(9UoW(!RFRk
zj{%*-L;!N+PlZC$8anf}5C}eCvl}}7Py+mXTmC|GsbHEF%$UN{A#;a|!ikZ2dHF(N
zER+MOo_viJ6wH9|YH%t1Vz7SSd~^O1AGU)yulHvecve^w3U&|FHK+-Am25iHz6z~*
z6!@_e`K_MI=gNLS1%5z9e!!95rl*LbzWzhRt-U*u;hn^69j0^H-f4V-k5UK#>iIx@6meNTDbQrm9u+A%>izHkq%1_u3G}%r0
z3+=5!b+|^~DylA^*fMyz#6H+cC1??>V|AiMT$=tn$*ND6X3}z4HccZY=g4N|-Qc8N
z9}&Pxy*4;j3;Vc{M4nVmR!aGFv$yz&#G$vqVm?n{=IWhTf`p*TM{~;pekfQqI}}MJ
zz=L%!7D9Yl1QO*cJskGY2SSw*oL{<{PNLA_8dR4&A)YVPlD#u$&Yl(aNM(w(?AnNr
zC&wOqOlLYbgu0N^W?Ii9xZ+@
zGGQnWBnVW49OoF7dd`%GkVaY4^odaL0BY4nPijvOLL(ALjD_Stp
zNf-30SU&(?Zv^W20ms(C$s~U6keMc5`DEZ3L7iowZE$^>TW$@h7xMlaiow=(#M@8<
zYy}iNjSDO~kz95aB0}j1`>2IXvFtKXu115(i=EMg^^iBbdS~{`?y(-_1Tde$jFFPz
z?7@F#&tOWbqFgGBbrYz?*HiWUU@1LuO3h)K5}Mh*7&F_XJF`U{IZ;&^9#h#QV{$&1
zPlrf)59qJV7`#A$xs~li`9B5J5;Xa@eC`zJ9Bo!&rddJX0=6Y%8vx^
zNoK|Nq%7B|wkn8(aO0KxR$H=HOwXG&tG6vZT^@3pL^4~P+0)ZD(E8F?Be}jYE0q6e
zkXHVlKQM(b-<7p`vJoa+ceQ%8l*0M$z>`Cd7xR)4BbHj=<;I0sy>#a@u9UI>o)K-!
zZ&}}4OW4BSRbMM_)>;b+o1+!QOO@PE-ZHgfB^&;{Ru$H8>7%1_F_jMSU-+Hvs1FZh
zMm=RXty}%+zMqVH*{c76fFVPjNXM>P)fZP`q_W7dKc7FC_70U@dq#2aldqFV(BOWtPs%$T2vPg$41)sJ#6e0s0b!y@u*uqmyO5Nky;
z0oIBZ5ninVgalVJ*)g*>;`=*kA=ly0>Y0roR)Zr>v(<*kda}kf-Q^{b$!5d?E*olh
z7)NBXPr?ekVcrJR(ZQ!K;GQMPcJ(${Ed4CX=k@QljxHIRl~X1FUQ42ebpLf0}(;
zKzdMEJeMB|t|#@sBY7`nV;b1lW-CXSN_V2Gw_BIt5xZ1v0B^BYHZ9~
znifqED6$rWnk-?*s%)F^j#8Bu?5l7io#q>3!NA97!NAK{5GjD|oIA_}At+2BP?Kpit?>)_TtxmJuB_=Z?f$`nRjF=lgc$yr|Cv(9^V-p{$h
zYh@v9k~QRIqE)=Y{46-mqJdYyqk*5#qvtTPcC%aPCm_^u^`?2$VjldAaIY3X
zd#KRB=Tb;?7v!c|V+|PZi?`46nwJq&lF#zu8L+&Rp#{rFy_MyWSitfOVk{5XIm@>W
z@3(%oCCdliVIHq#W3W4xueF*E)kF`jIdvwFUD3H=Ftaa=WVHuK8F_951wj=CVO=g{
zQ-dg7sD=<|K~zwIW5Y)+teBfmnD1*L#k>|$%xh7_ycSc;YfXxItywXzH7VxUYAWgq
zQb1Ha;ixnH)IW69S(WfvhJuAD{h4ssYc#EjxZARm%5~Dw%!6zw>>>
zzwUjc8fA9F)c}*(B|YV0I<%BE^QrkhqJWK5!ME-gd@9*eJ{_t0>4y0<1cgsW?1owA
z@cC5JC?hT7Q!U7dMle1VFP~4P?9F@{^%Z77IzFE=0QnTCV?J#iobBi5F2bjQZ-_HT
zVyG)VZ4T~oHYyi4jt<6!eBfhK1m_bL@(%i}ZEj(0x{YxOeXa!#vv%OqB9O7R^YK~R
zxqa4#TUcAOC#>xpxqJhQV$KaVcMh_-bCJ!RE5hc6s{tO=8z7v6{4O6+?xsVFUNfJX
z`6!=@hw#1Br1HDuRry^*-~(ZP4?*E~fy(dB;q$wuQAS$E?^>b}jbQvPUOvA|B{cJU
z)K{1a>G=H40OWU|j`_WHaBJtmR{S3LhB#cx6h>X~dvkEfnOwdy+6b0kotr$;@Oh-+
z^GG99&kf07X()&XSj#$vf&rpy)1!@OmuVOSaCgc5V%rFN+cCdtLw3L&9!fK6FxX3|
zQL;iq%dPum@Rp+HQw2GHq45wX;34C0m%B!$n3BC+{fs=Kr(AA#Uy38lpp7Vl>eUrm
zm&SIDFxxd+vR$Kz?HW3-oqi&M=
zaJlSdla2I9RUo;(;cL5%n6?|k$$34EQ+&^A5QtJza^PF|G;F22VJqF{@RNbuY*4Rl
z#Pr&R>9q~hYt6?`06U+CEH`1+ZA5k6hUvVGkj~qn&f5s-ybbESjX>vZgmvCVOP#mT
zr1LhSI&UMQ^ESHEc^ebyyp5JRZ=;pY+bBd)SF*J^c;3?u9=UzR3vVDBvOC}j<=tG@
zUkr{`BM{W&%$~VDu^@q;n50zsyn(^2C%a+>b7@cC~V
zbzak6op=TO<%Krtyl!^sS_dwr_0FYqH3>s==Wx}Uuhhh@q7cS%)pb%{2+&({gdlbS
zzSVx(CLQ9^FAvtMo_@f%0~9g-7eC&-lGfwA6}g{Cfm}Dh^h7^fud77s{8aIwGP5T4
z7N~i9T4zCF_h>$Y1bySzbX9LAl@$WMJ0f1$hFpqhSD+3`f1}Ud@sNOmwh56n|kbAawG+U=SKEH5)+N)%jUHB$V!O($XTJ@Za>_
zxpNcbx3wcFdHO}ZfyXb^yNAESJpl{i?*2@E#P!Ri;$2C|H^gei@%GsZ7M?l(rHQ5Z
zNkYzP;~3C+fVk4?-J6K|s)5j8ayZ)vV8Mr8+RGiH{ATezCw%(Iu#rPq9G65#xF%H_%Nk9cKEcndx3*Qnqkxd`YDa_MSDn8m|+
zY0YhFBx@?9G)4{AHcR+yMXu;;`FgS&eg(DLkC!0ex0co
zI($$LJ*FbmvCvm|jI8MQcukzWobIrHMXn?_P^+d&_*Sg{Bjs9krtd;AMZ6%l`k*fI
zn=jQYn2HE<*E8wBf3O$;S9iYK$q`t}pb>MT9eP3WP-c;Xp)xxelN^*=_vGueN6{LW
zJ1kt&dTTvDoFL2Y82Du*Rj7;6eFnXOC+CUeQ*~?zQ+=YUowGMPGihIel(c@o50k(~$c`on^d~&kypJYA9?Wj$EY-d2Gia
z-YioL$y;zoAX!bUGGAdg0uZ=SG{C5)hT|u6LcN|MRgAP3hqn;Z`CetD!ZB)Q7@#n6
zQJr!?z8va6P5^_9K{RmAG@f@oDxDb&A*XJqD6n)ON{-~KHNWNQR~dG4I!#Zc2yp^+
zJsI>QdSvj_HN>8ia%w~7Bm(NjR}&4{rWRpH@D{@~fj+G?QcYPQ^m4bjCxo1OuNo^3
z=F46)VRd$G%LqC%)5H?1dS{74ldm**3S_dv|KNSah0P
zB!P2f88Gazz!*j|K}sxZtXB9AC#;r55a*`P(Z`vK5e?WdHQ*@Z&Slh3_X<^XQUmsr
zB%xysxJ_XHd)X0c5?0}k+nokhoj&*Yc?nE@^t-8wn4Fqh57yAFw_?y;ReM6^@_Zvz
zO3N*M3CuTAnM!3aaHruO&Qv8W?WabQ*}u5;P_6bYJx&En%~Fnc9x?YiVOIlxH)!)?
zmKZZQm?fyS$-vMV=QT_jR(-TN134|n@kU#|p)bVC~qkW92{JbI!E;X355XKH}ax@7^G3?h1(vvIaYAK@Hf;?;1cXa3_JdBGBsJpX5dhf_HybCJjjCym^
z=7hVuoSj9JmMQqk*mz?}Mo4Y$&Db{7XiwX*%a$QrC7)Sy$4;}dR|u)hjY2DPT`1Sx
z>twCa)5|R=k7R$hXwQ6tI{HmJm~*!=YE;o5ypsz@)Q`OiX0p)H*|`A?1Ce5MQb>ZF
zpfU1#CUB^cCYHAgV5e(^Y)>w!2|(KJ#ZMt;c?(fmhBL|-JpsvjJFXuORuJ7ESq#Av_{yKBLZhcW-uTwauTQ}wH
z6Px<&6CL@qd)+D1W3e>tplP!KBi<;O=~yt#6XvHep8}&j&5K|ZH7RRkp(SZj)1=bP
zdYY7LWYJHUpN>OS6MmXkT82nBGDKeY*bw857ze+khiINKKaF{aqdg6jGLxvT^&A4{
z;#26i(KO)=GlBBE{$cFX7k-$ILpb{G-@ZF}VCU8y$?cc!+qL^5x_|P4-G_GShH51$
z99f?%6<|HBuIn&nNTU>~cC@#zOR66zO;&HMQm!=MJDA9)G65Xic*SbS5Xr0
zn1!xJeXaQk#jsS=aiJK%EY@+1aAR+c`oK{oq4nkzJ|D-JL$5YJg{-I$IFW6(oGOkP
z#hTu0ek95%JnXI1#*Vkn8_hrF$B>~o_HdvFirUkt!s$N8KD^+|f#+mTA15-zUu%AX
zOKFT1o;)2OI)w_6VD$&77RO4e{I|jn94EZd0Reki8-BbnV{bM;M6UESImZJ!_EvyK
z940aCcwoA(1U4{I{6nG~>xS3Q2X<>cf=n{@k=Yl5yEIu={}&w(K>wxi@6cH0ju)tX
zDe!xthxM(;1JiwHludO!@azk^Ni!A5r=5`Wu}ZY9b2vS;%v2y&>%-^F`iXec(Lzp1)8=P;K+u;4nhRxV=DfwWrXPkcIq>$c>)1BNGiHccczy8q<%!
zmTMFn$y4gL1}cQxSCJCQeO^6C`du1_xxxk6JaGec8Wl74AZ9Xkel%i@yOVt=Kck>Tzr_4NpLi%
z5?3Ar43EH!Go47E&&!u)QA^sz$`bg67+gu23}cY)o?4L+A8O=0mjL_@i
zceB|}g@~c^wV6HHdNq54ND^~H+HwRa0+wp;=v=QaH_O(Rq|tekyqPHxzSlP98LcbD
zEOL%QZ^$TIwy!t{nYZbr^E%fvbq1RbJz&emv*d=FvOWk9F`*
z_*&qB;~V-hUk1e+R>Z#V8tZzDi#b!6*sAD2XaUy^s0ExGG6=dhqoX@<3N`mQnw>`@d!yJVwIwd!b#OP*qC1yk++?FX?)-2(
z+w2KmD(Iq2bip4W{C2~|+J=L*4U^Sco^s|zv4{$dolD{|`E*b9p`5mD;G0}c-w4lX
z?)Ze(PnN26evLu`{M6v=&8eQ^aDlP7ewv2?@^GV4PpOYl3#z`J?h={azU*QCe}qJ+
zi^5_4f85eDm9qR*%%^&l-;10Jl(s$0Nkb2F-p|9pne1Vh?bRRoiBnkbP42kt@=Fit
zzhlId(6hSrcyMI2H|Sen432ckuPmC>s5R#B6+S}|MzVpG8zp|I;T}j0a||_fRTDG!
zaOY^~6RBajU9;Y(UWxrp$h>#op|S6y=7&x5aqgk;D^&8hbKNHX*s}fB0++09*c9yz
zlefL0kCuixBpNp1e8b5u-*B?a^K1y0jEI;422j%U(%C_jvKef*M#UN_g>GF)6^(aDHeFSI|I{a
zfYWAH!f7*05e=AEq01{&I55Jrrozq8`6bg0_)EqbSgOte>b@o+M(T2aE?MR0+^2#K(k16-8j!+*
zst@%TV;NacSgGpbOsNvplX(>FR9`?_QlXv{-cHt)^wJZVU(7{vKrwvwPO-DKcvIQG
zr*JxE@l6}}2so~!ifqiqFFnNuWDF&FDG5UzW)WFI68#a4yg!l>k$_RD(O)89#X<>L
zb_uSw44q*An#iQ#GCx49nB~ge_(8g*95k?
zvGZ7cb^cF%b?Rk6mKfwRmH;NXKK2xQPpNyXK9B(IjJ&`Pa#nZR$`wXR+r*bd0q81f
zq@DJXbIlMaVBNfvs(^#RHpr@u^gxkrE8I*a!|4pmFj$>r;
zSNvbOc+nWA%03)y9}BzUKJ2$+qvFs!p0#UwCoq#yu0L1Hjd|kbarYNSzn)`*&<}cG
z1!<4nzdY!jdt)gwsUK@{r*zm^->|qj1>Sq8yuHfnP>n}6=VMt
z^U7$yDv6?UhHox)&
zzmB0gUhthK__^8>{SU+Bx1RWc|7Ec9+Gq$2_2F@jR=@K^KOgT%%}Y=8`|(e#^V%_<
z_@4&+#B&Skh0yoo0ju8`P?fAxP-x~D+)=C^7P*H1z
zf6k7@&oc1FXuTabxat#us~0Aw*;F=pXH^CwhRDWXBDcUmN9#X?R)60Cm;sLC*VHO%cCENTw3pc>n8Ae
zSX4`1m#bC&2eKG^7pfku^JG0x?P#(V)ucXcl&<>rz
z3gk~dn<#1RVM!|rwf;~wWJotfdVTtTNMa>c^gEY&Xx=QqlmgX0|Ki^ra~k}|A@tLS
z9#dZ(e=gHsPe)mN;hOcEH)5P@?|~u3+_17()Vk87)xpkfXW|LpsO9pxTCSXN+xp95
z=<^>9HY$`-6YjV1>T6xBZZxXWj(Drpxk{^}3YM0rH2sZiH6by
zAElCW5i;=Qj$oFuxg!briR@gp6zi|Nz%pty
zg&wvbb$EAjqisHR=92t_X{0is<_S2j`nZs8WcqT>BYbbkGBsMeZtO89(N4BJkVD>>
zH5=MD>BrQ0Wl@s~T)Xo|ry2PgIt`YL$U<2ot$u{0~5Qk!mP%
zTT5ueuOd0>>1@I?1nWlkY;79Bv5({CS34cV?#3D$
zlj^>~!c7gSPuHy9v_4Ucav628!QJ;Dhg#hW6x9eshlzT4OQM*H5Ei>;{gzHkFOxWM
z?UBnKc&Ti&N1bWYUU#O!@v$>)*2&H^Y1cH}lSd(I>QKw8_43BYR^nrCrBTc#(>Za*Q9#P{lYtQTrH;27H|NoQ7|R@v?cLFy
z8vE>y9Rm4MlAB1mfTAvybS;-sLUz9vttfg`Z%XG*bLmct*;`JV-hyr$(l-zT>a^iF
zXnK&!vA7L_?p{-wvSpWw`6$qiI^J%pAtipJVqpuJ@Q;SBgx(1LsC5RA>eQTFhj}ii
z_;2F6bfr?~D-NwsT!&9DB$C%T3OadPZLO;>-M3TzjB%F+9+k%9*`1@ja2Z!pUa41bx~u&!6i!QMupXb}=Rh?hE1H%qJWNJo8TT&-RnY2+zKt
zPIAtixBK8$#X_9iPg$kx_Vc2dil?rlC=dQK;(
zl?VKMw6@JYV-tDe&dEMYUyH{ibxe+*mn4U(BWdt5&!V9x-Vo0`YX-^*Ni`73Hw$l#
zH2m^tv}K(Jv{CLWR|d+lJDGQVD@ktlCe_02*m=bm_jB-J(|kO8dem2FrW@rlQrF?y
zNzdtI=S(`;I!$&?uTfHPddWHY0sRYZ#+;lp__Ur(Jw`LRJWhSVAw_AVz;dHT5d==Ix0q!ZRuIp_{0_NFjfe>fv;*Z#O?Ui$eEyVfek+2M5~m
zJ^ZS(KIS1=B7HyRRT}LDwKHVazKr%EPL;nyN)PSqi##
zzByIPtcMo6Qc@4#CdqeEy-?$Of?|H5Jo@$}`v@l~%5p=wQBvfDp(n59KT*1JL>^D1
zGe`tR`gHwQ{Xa_l)GH}!k!#un9h){K4o93x`Y^}T>k&sX4ChY-)oo3~=8FVWe@Ns+
ze-lw(m2T9Zgc2Mwls}s<=ufFC_oXWRsUDSkgeKK%#ax;1)dl{P%?o9DqikL&%RBW-
zksH(n|2eGh5A&afd7vRrG|VH7!z{WfY+plqUxoCInl2=6@71APh2ULdE}&z+9(-1{%J>n#3UWZX_)K3}zg?1ttL8Op)~f%diq+nf{{MQVRLHDR
z_(d1g@n(I)ns{>y3TtknMq0^<8Ru!d+Og4p*WTl0duQHun$+v-I{nw}JzlqW=5?n@
zy}oh1|GK@$>-NsPu9~vBOfr}5*tnkbByz1I74@x}S($qMb6vC@ic8FtDGr&R-nhP6
zY(xeY-@4$W#X^idSg+aUzH(=KDkZ@9CjMg#ka?&X3^&3^8gFAQT~o7Y!>GNZy}exz
zgsv@gzV(NJHorgH;`C-4<9)@xKzA7fmvvlP`gZfxfP;X?OF*Y1$yM>{6lpg%2jq>9|->(_fZGpIxN?^
zc0Kj_*1l(2d~l{Yw$#+V!H2h@3EqYOGIOm=K>ihnZ^BVzeK3S@%qB>T()VZ2grwf{rwQ43Km!-5^44A7F
znMC;-;cj62_)dXREotX2!Iwn5K6x9FlmJycqtM^Cli!gKAni8m~@>`flLXz$kjW7M&Pp4F|#
zqhT5C4OFCtG*T%gi@E*|EDAkB)vL)ymWMWx%egAn8Rm>C5%G#T=O`x?J)2NOSj{$F
z(z|SvBP_#x21;*z38Ro)l5os7kfw9xe!eDx)2lXEn&oGtALCoK&Qwy8>-x$_bSpzu
zZEF}Nm(4;Om(5aFQV^?#G^5Dej4S&t6?nsiuE9s6u?3vy(>U3l^As1%;$LwNpnfEN
zGH=tx7{%qllY#SqY9SV)syY?SHCOj3XVwK?Fja2V3szXjE>PhNHzlfEY3Zb>o_hzV{2;17
z*%pLNqlKw%R4du)-4N%ryBIbXC5=!gZ6SiTE#ATavJvGTAU82?F`P`&Y1Fzh{is&6
zs4n%HigiiDYbwEYWh>AbMTMS({##N1S5rt@Q&hlQVa(V^bU{e2)}5+NS0O~PZ$|J+o~PO%Z>pZe)2aU9G!7om>7L`JaGf^<33F*W5%MGb*PWsGO;j598
zVfk&Sa2spN)+*KbQv(Gr1XH0JIx8I00OUOAwJ8!&q*djsV*{bbOpE@~Mmbe1^pw>(
z#`(gY7|v*KJ;4L{!ja
zIatFlxT~rO*fEzsM(L6+tvlw+`a!oX)t@R9$70{}pJl(2WYnM1mpOGQ=5TX`wrI_U
zj&=~*WW9pq;icS~4I4H#8*h<8L)RFo1d+nNo%F2_7>E
z=4fx_tI1rcfs}X1mtCdw@p(!Sf(
zFFk3ZsHCmv^h_Npv2h?pkw8>a7)&NoE3R9&F;U1V##3>+q)0{vK)R-@%l4)A(Z%k4
zyXf!LI}cpSFW^h)0^dRx_!{*oDD>RXxtZJWX>`FKr!Up#=}Yy2<}xRjm9pZ!>&b)3
zLw>`d!|uz;l!mH942IK<&_15qkl
zsLU~dLpise&@aPAsM!ZWO@6k^F0;YwSGMq-Hx0oXb?G*@x-fgud{V
zI~68cDt4Px6e(q2bRID|k1X2cjwt>$YWm{H9ZTA*EY;z2KNV*wxnzL}rIvbRmqoCq
zKsnG0`GRg>E|}VmI*<$O0qj0wSD2@hX|K~PjIhbF6xxLwUY7X@4kr|h~Tb+dCbjT%+NRSiA4veU16yI*J4qG$?pOLeOB4Hd>6
zNSUrNB!Alrqh4SEPu~Qnf2o>oD
z7H`}ZdPGDQ?;*b}V!_FIC!215N7|Z2bX}HMNlJ|Y6k}J%FRa>mzRUAn)F?=6)Zh)9
zSF(&+t~64!W3MUNM1K`^kt;Y|t4npn!0MZ(oy;lq;61%`K!_*@7oYSdb0;l{)v
z{tb(U7i3-F75MW`mCk#ZXJlbM-YiR5DyB
zObxS;u8~@a8+e+;&X=nL7~PPE0$!|F)bi4N(3M49D1Z52O=aNumE$Uqoe9l~%B}jK
zbS_sVt+QMw@PA;s1Ti!uH~AXZWoUk2EY%#E-$LLEHNXq0s5U}fVNL`zPiBrP4v1pk
z=!zThb0V8MdbF0{&){k1sbxRm?RzfWeo1oozTJo9@}iyk>flbN?cmPs2NU&7O5uol
zi!a1gRc>Ud7uV%}}hTi#W!beo{1HlwX+w)ji{TQx_XX?_$FfcCo?h0)NTaUbm}dS4u24#Y$a2
z>vtFI1&=3Tu|a*ty1UYLm6P7G>$Q!w^2)iZsvnSF_-?E#I?CgPir_3?XqWbii?ecP
zCd)kPc#?BdF$MFc`eF$!fgI!gM8;KGNe8Git8S||v(69t+PLdh+&#p1?Ygz@&vH{M
z`Q%po{bL_;eyxvjrbm6elo7h3XWVa)nU6Kf3dCC3zca9n_CsE6)KPvi
z?{sV&{Uz@=9Mqw9y$H5N=HE61R$#OrF~1HZy$Vf_`_CQEN*wDgUW;rlBTiDqoJ7Sq
zlb@wxFqx>PZ)#cRhVU0WX{xko%N96W@rCv_mpf+A?qB*#A(R2+s8`|~mawtfgO1R_(F>m@h%6aWkF5_%puseIVGe>h^
z=hhwO=E(kf?Ho~A(l9oWy^yMv{p)$C0xh7De13Q
zSLPFN$_c-0?zJ9P?$u$ONoCC~yMkoW-o3sdZG`;+xN7dyE&%j&BRWbK1?ZIN3jXY5
zoW&jF8VaN^pSEFrLj1Q9?Ce#ws6b2V+{Mo(8}Q~f#ZD!OE%O?h&LbQC)Z7$1iTscb
z52}BEoaasR3#n?3oi*_nx{K?e8id`%Z7P)0{_TK&TXb(Lje0tEKM=e3p2y6k;|&Ax
z2JaP`{&Z8zKvRqNRwm!m)R(jk1lr>7Hg~EU2SSbd^-MoPq{<3Y`JQx)q-3F6)-T$7
zc0RNA9j_Uf%lEv#J${2+G6wUt;I7>G1VoP~Mna@RN83RSF>QzQ!M%kl9bVL=z9dP$
zKe%g`M!gsKPIIq%dv4jHhY}Y8o120E0!6a}&O`Rsu?v8sKQFVHDVY7CuG8N1QiBaE
zbsGIorY0T8g==>vB$lhGnS9V}tA9I2$FxzO&lEuT)c+^b14n3s+v@@6x@fLxUpqGg
z?u~tnx0ri3;N96LWkY$l1OBajSW_k3vxO&>29c+G@AKaBrN)%=B5J=-xR`+HpJN(7SaWc1G+HLjT@*-knFED#lv|np%opOT1@)
zvSPH5mdQ{;eWzxWt_@AZjirbLCr%GTjY$gnaDD<^#GOMX^(|fS9>$ecD;7LH3AaAM
zGYBBm&VHlQpot%@H37i2?0gzR#ADUeZ~c}HG6nrSEi4wO%XV&$)5Lfq$O84D>7jW*
z|1x%3INH-RWkd(%D(%c*j0Tz}cLJK|pPdzl`Z}I59pnT0D?e$ziYGUoSOmnrl@Zmuy%vF
zck-m!TY6NqgUk@jUDJNDjo2kT6=u`uTe=YaL&j_xy7YMp?mfm)&;Vtd;974JniZ`v
z$e3-SF54MU9QWgmB=~0>+&2&CU&fC6qdiSuPPi{uX=fs0xNn-=uWG`5`>77@JBIm
zzLwB_-1L)OkP+Nz!1*D596H=rvWKXL9IKrDl|}4qE*bjONZh0RE(gRYzuNOcKY)?a
z(l}`WRFlaxX*LL2oeY$wosIv=JcU5$yL!c5^A%e&B7=AqTi`Y5G3@L6Gb$((L9Wx|;JoF3ENGOcP49mP>
zR5@PaKC)_zB)HGn;XD5u!8^3R5U2dn?YuN#ts^N^Q-$%^m&&@tJJmE&M5V_>0&NhOIDb6l*vRUSpIuQuWkob>31W
zc*;?&;*Jx3DUk;^IQ>c#2dD4sgLGb+L|>*wv|8qIYn?TZ#B^QK+^p@AA6$KxG{rPt
z+!{5~?(oc&GbG8(g-g{bNIen$)ll^^g0V@>p#q%J@
zh9aFLi;XhRF??(E4V2@Zk^YQArIWPfbYrdt%vFQ0$m^8eN>gITbiGz6CDK(m5YZsm
z;g}w_(SHado&Z$&HVw~^AZ
z?g$|Ur2H^uJ^d&Tn?2$TkvK*(MA`(ILVT35W<4I}Htk^bWAeM)j(NzVJn!t6*uc@`
zOs{~5&#>RD$1bh@?bv5G{5%Yg8#b+zjaAP3FdOt7yHvIc0zwRj+DALax@mVb@7W#4w`D_*qt1HN=a1BFq4^^lCGAGBQOY$t
z;^-SgWVOZ7{s4<3g`Bg)AMCfi)%v=P8}%Jfs9+Das(Tt$3l8yDH(bghQ_9M{=~!Lc
zrJ`GBwdmdweLRa24qy(BN(0UTuYoZ^-c0HKSb`Q9dfoXBk{MsB;pvkBL+r~PrCTDL
z`*)9>P&YlRTaS}i2jAd0$2FbnH_8G~(zjG5t0zB`)ia;rEP#CUsT;(}F|U!yQr_ZP
z0cUnb_ERRyVQ1<>JRma87R#8;g_j9cGFj%+>J=IQ#dpRD;5S@nVxzjASk$L66N_)pQAB`DY*d$tjp}w{qq?40yiD^L)jb@ww~V9eUgCcW#at;>
z>!T*xF4am@pb%UFOR1P~B}w^l8CwVX5jhq(M-KxUKq(?z=4vS!fS!w}ZWfFDwyD^>
zn#hBP#=2}xPjcIFEnDz;JxseH@@a%56o{0N5JgpfsHLP`lu*&2Aas_Ajl3aAEpTJg
zdC)DTVddBu+>!*C%BHINcUuI30I>&=e$joBP6Coo(;=7y(?XO|HxL%+7CQIT
zU-se?#9}a!zDO{L0(y%E^p$)(U*<~3ESwX641-u}ZYN`L1+}sU9iXJTq+j}R0sE*#uu@4pnEtk2W+$d2)x=@L13)a5G$?zdMD~7d@
zKWea{QRN6|K?6?aOM@{>iseA`RkD~X_tbmo9x*ya)U6@{f@~*6=*lrxQoGoXqN{@b
zkRB?*mFFiFYlp~7h`zXuWT2cdrBZh8%1BmRbRI>p7apNIq9f)m>P6jgb4Tf!QpH@o
zo@;98w6D95xDB0VXlV|oG%z^$!#r
z8+x{>r9>;-$Rj&zS)l^vJ^^(CMRFC9ub>8AiLMEEC{G}+Bu`C-XC_^!r;BwC-jo+domt8f5_QbYxVhh*)Yo?Ce9C
zo-sV{Jd_*D^Ug#4V|m_rh&EKe!9Mz4IxuUMfhdX44Yiq_PfzImNjX0;P!ej@-4+@v
z-*vXP^NPw{hj|UuQ(}vH)^u*zXzr1ywl7V57XG?qgBx7J!7Wy1!JR|+EdaSLI4^*rh@fjWpCK`u&jgi>35NgF(7dT6mr*w~!eO72k?7rAmY9LYNQAH0sVk>E|Tn
zKw(yy(g9T>{Fbey2Bf7>qU5d_olz#%S|~?wu2G;#fVa;{3-q(Lk#c{TAEMYV1UeD*
z6{>@7{6^X!qjeY~n9@0^_)o?2(p>?Kbz
zMSLGoQ>HkvPQE+Jck8&S-I~tzoeCbwzs#@NRVzq1KY>g%q7sTN6jN+n#L(O)0?_zpxyc<9TJDLVg}$As4Z#L)QXo|->_81Y31w(h@p_x6Lyy_fFT
zdCbobJw3`)_>VeYHTE8JWA8CHT95t5)notIdu)DG9&&r;Ev;|Ix~E5bp2<2GHe&Sn
zwo>CewWAAJMb4N|ldB|(gsBOE_ars
zOM@ZmG;AT>{dFeWNp+z~GhLfh>U=9lJzY~iaC@E7*OW5cx$Y$@%(s;Sr$o`Wk-pT#
zns1QlO0HAYs&FXOe=gUjuUW}1H~J%a%-~n;*Rabcrx!0%YO+*655f@uX+2n<5M>nO
zrY}8_P!Vnk%%=H-WlaBoval7oCb2Neu=N7RZ7Rz^^$Ezj%qXLmj#&!zMp<{8ktDV1
zLQcm_Sqv!j7|*dJWygi2WXEMT%~1JQet{LGgxs9PCIP(E>F&{Lo@i17>lU6i2nX~6
z-^zjDwCL^1w~VSfl~ueQrXKfQ5@Vf*IK_@SeJc&M25u)A5i-z7l|t-YKWC>zf-)dQ
zp{JZGDpY{1;oPM%hmmWGWe&U+Wi+$F{HPp|afZ}u7X5SlQIgyIHd#&+RWIxq=G}74
zY8aaN(+!f@9~TkZT_lqsv2?Qhlp&R58LLK-p#>X?xoniM3hRukA&xSRMjAgEWi@V$
zb{ey#`PX!=SWFPNpqWc#{?bgDPBEx&ql`|7%6rG^BlYAYIh|+^WmEyD#da4LpBiN!
z8`LE$n>iyAk{v0*ge@LApQ1b)&ql?XK=n1{LWYFEriQU)wQ71zJ`}2hq%JQQxjd!*
z6_;!$WD`-xmd(yA>G{)>#wcp;sDRB_>{0Qjq<6(%q5_y?c8A!!rgLLEU1X~2vO~mK
zF1)T9HluEcdT4WpGw;X)NNQ%%qr>w?k8sVpbz8UrpSWh-`gXok16Ma4gg@-su}(=Z
zWH{NZF4ys8$9i?WUamK)>kU{yBWiM@;7IZYM^X|Zk|Gh2@-t=4=vM8(7MP(eNw0_djWgB-QdBoLXTTePi*{ZeYtbp{~
z=$e0E&pD?(-Y`~Yy3yYdz|PlYTwQ&}EmZ1hUhTuKKQA>oG1lDRRPTk?&?Vb;jJ*i%
zD33co9G}b5s4wX$c2_OqEn6nwT^esTE0l5EO7-n=ELZS(a(u~Wk<@uW5rAxjG`v}L
zL7G%*Vx2bHK=P<5150TF?kJ_KrkMExOzh$a_w0b5=^;YA>Ta
z>oifUBVS3@d)2@w*|zl%B9K|0HI0CIi+%Y3>gAj9j^5C|!g&V+^T&gJ`O$EXkY>&L
zj`cL>W|Vf2$$X5a`As|$cZBq-H0Q@k&BD)CBPh}YyR{iW7b?*AJw}@;_}n8lgF@EP
zbgFN!Dh{cKEo@FZ@>fD>XI~6_Iw7t>i@1vj?Ls-+?0({2}%NQ|ZspATz0em2y$Ikm4MQZ!Lx%ml0-r*ZT6
z)ihPoDV|o?8ZapSFl}d4&u2jBz`aNAc-?ETVD&;#39~&6RezlNPN#z>lF*!={dpC&
zncqgrL%kgKdW>4c@WZ0G5>7hGX!Vd$1qpE@A^C{bMLC`hFdV`HYwmjVS1PusqPE~s
z-Dt(Ph&3*3^)rZN_=d>g2S}1Lu$v~RiJ6Ej`w$%m_Yi)ToSAe&KI^e3H#(gw-CX7yj5e1(s*DJjk2mKxOiAbJ^66s8dD!HmZ
ziF_VbmtakXOAO~b*1-IiE%YC5C`fXZ*psbL*7`j)s*V>yg|%l}
z8Z>FowxT-h5_`7tUABVaN_)0)qq?RGhGPKYu>vyj=X$nrQ_=KRY{*~Jp#IcyB^eK0
z$zRjJe~RXbqC8PF4e$rS6eJRBU}8wD;angnnvhsSY}=Yzh5ttKC#{ft4gRmG$Z9!N
zt~9D#C9_m-$d)VTqyA3f?G(?ei%_t76V=E}c6;(^;K~kBMqwa(+UwFA1Bw28WZXlj
z3Tc0t6_j{Z-S*Zh<-&D2E>oIF)vClR_vaFQ{SpF8ieD;2;#C*OqhO)bE-B;-S*Owl
zMH`4--nWp~>qoi7veZ0*BG;r7r719VoE7%e)R_Ys!nKqNWwk>G)C#0BeEcEiK(%h9
zngXfvQKyuoRqYq58;KSp*Z@^Gk5qMNg9!{q>?1q9l1`I2ex$YZYcT7SB#K#t|8_(i
z3k7Gmd9->F-L58}hWa8U(pB3F1Lh5=PN>$PH`RFGcSXH4?75m88sHURK+$xYfcZ7fmvV;@k6!NG)&UKjPDuCUfw8=2}PGESB_69;aO)WB_i}aNsdJfRhnh)o_KzwR
z37xbbm#L(R>QObW3fLZIzpqo+ks%tTM^MJG4D{ug4`6(RBq_ipo*MOZg>nJ($Y!od8&VIP*6P>3uDsVxx$`KeEfy)MkXy-feUGURFO&nHmB(e<@Rm}8J
z@fJ5hLKUf-0VRhrHxdVwM?J_IDKHWx1aYYsVZ^HDL8&1>s;>c+P@5a`r^G>Yn60Um
zPpGqmP0Si&**-<|LkxP5Un9$6*LoRA{DhXFo-=R2R@{E+?(uF*B
zXhoMFSKV;LA+#jzZmzE8qIzT*R_7$04aoW8Ypyi`Drw^#2!QCss#O`78e*2%aN7Pg
zd~hSG)pCc`>Zk`G7_+~>CZ+1c>d&}Yy$ZBKbp_RQOmR+?a*uc9DSE-#(iEr5aSddL
zE7F`0J=erd*gG}aT3wB#fv___3%44z+K&qTDXk8Y*{B7iIz(Em2S3iH_gbSMq)Fjk
zQx@>@M!3LGNmAr#OEY!}nF4l!Pwl5N@kB|yz`_XGHStD+un69AwK}rRC!!)1Q-#%7
z)VH+;aWAjRqPO*78w3mS=PPpwLIpvs4tL|}Tkc4e)S@4Ze*GF90TYH1ZH#j}Ed
zNQKCZ!db1^*_+(8d(TdVy%p69;la92)wplh!5zB~T)JzQI-5!nq9V%LHAakwjuuCY
zsa|&X>bj0J1+wRRH2b6YJ~*Bd0|b|sR9Z?Af}-}*e!~^<%^(pG-KL9uDDB52+>gPH
z640DwqJ&nxczhW%zgb1wGhVTSK=FZU@6jZjC~^FPx@hE4yNjq=19KnoAywfmq?r)(
zigtDIrXXfu!syUdyP?`yb#{cNsN`e@KAMCawW65@I6l~osjgR5SUcfwq(YqUzusRe
zR1odPfk?nr8FHt=R_Jty6hautS5x&~N=_20*{SznnL-qEU|$tkFnNjLk`s|CbF
z(biA)ssa1d1WbCWH^U^pzeK_smnD;Ph#65eL$Z(6h9H!7>ep8@>QE{4aLKVEA|WYD
zenE!_-~dy!B4L9F@CAhkna7H#tL5Z2mzj+Uu%zU*AW4XR@z#SEGsj8sOnRBfXTDxJ
z9Im5Q=qXi|U>ZS|tB~tIJhT#hg<_G4*}79o&Mm^hs87#w@*|mCLTg2nG9;u%q);tM
zt`Ehms$nyUQ)ft)&WyNalTQr>lTB;ZYj1ML&MOW%M>5+TdO&DTF+2yo?(a^5&Z4UZ|p3F0%8%AV_>C7WU)qX{bnIT@j54IWIsDH
zBlOUjs-qD^ZClVKB4kp?BO8Vg2py}h(7iSkmKN}Xblx1kg)h^q)0E&#;asL4H5|d%
zsOw^?P?B@nPr}$^3JM#~IPW+vlq*yimbg@5=~=KNCI!r6N%1GaU>1>`h`e~USG*Vw
zryep9q#jBDX6X7xc(eRX4khA!tW^qnj!ZNwfPP}B?P&C71HtICv`TMp5dyJd1Xi
z-b{~Ye?n<`ET+}~_vBFju~AigB;q&x`a4msNZJ??;`)l%eCN-QnOQG}e$D&*)OSkm!oqz@Fz+k5-=;fF$0
zO=@|<>QsyzNEMnv$MU`PN`KYpYK4=v6??4fHN2x02-TTrL5V!U&QIDmT2G>kBJ)9M
zQLXFBz&H$*{Cfo6BMJ@EN}PgpOriIDJo8D=@Kqt&!r>MNWd;v>&2gns+pq!@fF=Wg
zX?B{U1)(oyrZ>i)*drmICAM+fU52Dmnm=0?_b0$#Tgm@*ApSqrVyuWvZ?uLq{~vLZOV3
zM@JL1b<1ky;oQM2AV@7|enxpEMY8lJtHye1;w;n;^_+WL#_N}s3dokNH9Md#O30{E
zCw*$O<<%Be{1@sU0YCLJ4isv+K(X|_$*V8jyKVPQxbjeOX?u>SZON5o6@Cu%=F~@}
zp`JL*l8vHYiDrH+l<$-k6hzYz0?Z13q89ZmX+wQSZk&>wa#f)mi-mi4?*?j6U9JN=
zFLE{)Q^xXPNKb^!Q4uFCkV1>oELu_3^L&(LUh%*cJ9Zx2PE%Hrvm}wv^pZ`|JIknl
zbyO5;FdwE88Kxq%52L0iTC?a`=;hhUR#Re&5|v0LR90Z_O!%D>MKanRFvy>z
z1BFls%CC5ks?IU223RUY5ixjW4#Wq#X%rx|KP;M*ro2O*vZPuEB>+u@sw~Hj5$S9V
zQ=6+Bm7ezixGdw=X~<`ugLcTQlq5y^03~2BFfdG6ZiQ=6E|6^?R(8)p3)-x;vV`*B
z#D=##AqjEKYG5FJjdGQ&#x>N+Rx|F`?==cD%!d%e{6Ll!ff0D-91a!H%81ZjCH=A9
zCcs%b&PjzO3~@QjMl&~4RG9{^POTK>@gt;*j*(j*8t_~M*|3l|-of<7l~-N~6$PD!
zLNZF4(Tx(!s@QCRBnH=uGP);Ii2wY;JediBh~MbfE~WcqW&w7HxJ+x~1iU}L(&UQql(2>`Gk)Gp^V2#R~B_$Wm=
zv3UI@QsOC)6mURls|3?=l&dSU-jt6TUA~f;x_E)V{s=?|>|+VCic>+FNbkBND|ghX
zyIvHv`7EIXHUp$#HH_ZMK)u2^WY36_61Hk`q8};M8@!KM`6b61_@=Bvz)XR55fLud
z7JE6u4o8({nSgUsK`^4joW6|`q{S;PNZ~xjewY;`Iy{(@$Nl46ame$#Fi+f
zSwxEovV4f=D~W8zSxxqXkepmBACVnJ(TH+Ek&Q;(82hpn@^lqhU-8qI@7)=%n*zF8
zl%Ezt|_
zBr7v{LtuCHZ!ATTI!5Y=YBe&pc`WW>W?ad3MouS2y-_uG`Y6Sum%~dG8LVacq0v>-
zT(M@=6rB4|rMpO?oA!mWYNTcH_+lLs4vg=!crX#<*2MSJ?-m#-F!Hn?8}
zmN2ALEfVc2a7-rlVWUhs9X)l5OH(3X&YCerz9M-`p=Y|L8e!d{<6g^;HqD0uMrFtc
z3dD`7=}`P>LBUfP#wg^RQy(=LP;6REI(KI~9XU~d^e8ZpzTS)W27$Ei{|
zSC6@p&rGN(hzg&$<0qtn3xFz
zP$7bhpeTjxDu~HsgrMkH$Q!kqWdGwhIIK^K2yq&&MUi9!gJo8d0P6)5W=EatDMd&!
z{UvCMjPHm@N~KKAa?bTsjk?M*#<_V$G4=sP&U^GUIC^s!b456cTyKv3hwzaDh4P+U
zc~{{GyeCM{Dfq1fC_+9~M_E43p}qa$ulG)R?$sjSrx
zvvUIUTC9^a+FYA*7hg#G4;S!tCnYAl};*c
zRfM0ROix*6$%vTKvPKEFa1?;U0>FGFp#`r)1>C0Qb{wrXkeki}Vl66pM;%kBbU5w-
zu?#y(`eZi(S~;U7W>W1iRWQCpV$>%^6>U9M%7Gg*l9^CE34aFpri@d-eI>pRD0&if
z$xzEttyVRMAsXo#rXi(v*3s+O2?YWGsl%aEtFZ-CF+RjL(9A%9C|6)OhG{^&;nG4O
z`!g{u2D?hYzq5l-&oFu9?WOfB9&-o_ceUuy5a5L3{oG9XlqgxTKoP11O4$lJMI1Ru
z8@aHW-U%Kn0An^(Eei_H1`mbag_`UviR$xGQZ(lf&Jwemp+pEKXMd8Vn=&@OR>4+D
zvNmL${;xoywv|VPLEC!h(AMo2!=sh&0?^q?=qb|`0Sm2{zOk2Xzc`suL8QAna0%_1Lj=21X{Gi<8D-c8>6I+CuV
z)Uo>()IhM)xagrLMZ8PkXnKnX#mTr1IsL}`WLGm9sKU6e_L@3q4tK(LY8~eMZ_Xu~(K)rpmL|b@o^3b8H4kp+YY$Nr?4l|K#4p14K
z=c6ZIRLlp=VR6|3`YJO+4HkV#p+Tnxd2Lm=vRQvm%AJpf%m(-g;3M%AnxlhXu%;o*
z@RW?Bnr762$?7bF_W^UZ(1Me@iKhj}W+lrNsli1TMbaHt80)PiwX-IWw2wu1
z5i!AXYsLUm$gVBLB5OYKhn37qG6v
z$*`i18NE9BnfQjE0vM|jNGRz7mF%X(2-Qg%q2GlvGi|hF#x1^<(@OVzMAXt@P$7fx
zZ)!&|D+vbH_-xfF$BB`#h+Oe#8_;0(lqpB_5w#Zzk+u4eY1eo0RA(R^WANMIeA28W
zZKR24n-q=?%~nVT3SWvF{8&#^rd((u!m-UTJB*JwQI?gbkO&#@W(lB$T
z$PKTJWlvJ<_0pU<(}^U=B1tyfxS5ZK$0a$`<9IALO5{|LI|99d&XE^O24(nKG1L}%
zl;q7WI<*oIPiwvCqu6s_^V`kxm$Ow;idib;tLn68FWl_4#5uG2x3>WGZ_*>&g=*2u
z;Iucn?=mt0(y^&ASd(Nb@Y=A*A;ce;ht|t<#D$z}HpH
zU&+&g+Z|{Oo4F&3(nNH=MTL?mi%83>x|BJn6(YrxD`Hv2xmT@{$DgfDLT<&Ems3t!
zXL8|Zc*F_
z$y6?1?<9Wlvayf@7W}XBM(bV>Uq2R_XwoR=N&A?R4HV21=ANT^Qk+5>>_;G-uu-b{3CJA2I)nkinPmLd6*W{A0LCAfo6Apa^SlQKMxoUkC)>c#T^*?17g
zMQk&vv)IcL39#tUk`GM_lgq10#_(;sFWPl6+2r8#LzWWPCCRR>yhRx=D#TRUP$%tG
z&k;#g9XVw^Y{84?>Xj-dovP4FBHt;BR&oN#EgMFF%pPY3vD&EhP*Hg?oIALbQLL{6lG8x5&I1jXyjCseO$|lXHuOe
zSrIyD9x|f1z-WjDc`P&tQbzj(I>Hb+O+&e+Lm-4WSG6(#nm=J^_oj|O2F4^C#h9?L
z9C!zF92-<9F@soN#REmr2P?H{vm=ggNJQb>>HZg3cBhf7W%{$mN7*@4l5E1kUPzlm
zjVZRFhBOtK^kE@JWY!|Y5$AhIZU~+(>AD?QGlWiLa~u`MhaL8ZjeMgRX;I3v^2ZMkS;5Doz18Rc5dB4GvoL?F{OeP1%WvMFe8o|8gHdHnXCE?+O8vV7EbVhr?LnbuH6*va9
zFAQs!N>L9NwPHdfDS@-NygQq%{3CVWeP$n$acFGto@E+3}CNL82tVAdZ_{&wrqY)_t$Ss?d`I2x79!lysQgDc5
zvPPDzb40wvp_4en$fVaLKW6gDpm~!6nWY=@SrGHD6@qKN%LZ*C)ty8ggGn{&L??$i
zMOvne7Yec2TKR#%yc$PaMM&VP5Ju((mPEE6BAQ)EP4JY%;h`R{BIu^sY7D;&ixS3i
zuJ%M)iSl3)InXN7mJD(&>u1S;q7Kzr6Zq%7SVxLblkBNA#LUni)OrA$3Oj~QDaNK@-^1ZD6bPs7ti&ry`K)C7
zTx>SUlTIu1No7a-hB{T7G6(B%B3Pqc=#Kc%FvrlDsMn6NdYV|TG_>uICwppDb}&~G
zjz~4YC-FfP;ZV$AAQJ;g;(HY>)@c|>)1g*aJIM=CiF!+9$iI#~Llc!q4U|ZCH3`jE
zHO1#9=bI8lrDyxACeE)v1<54K6&u)T%XdxUa4Vc=a3NqtN5CyveWhJ-wc4!1P~s-N
zZ|p*pWtVKnA|Jw~Tsvh0qiQv+*ePl%V&XpSS6Gp}k4=u4U_PCV%)*PU7)m;cIM_kr
zEgd~O>rEh&$f@kmEOGNm<-s2CF>85QYse96O=PP#(}&cVzXnYs!xqa>9UIqc0V)y(
ztcp}F97L`)UC@{2GKy_S>|#B-P7Kmo#&-n^FTdL>^gavdlV_%DBu`V2$CUh
zhwDs!0A?#?knA`CuL;&^R|`EoM?IG;<}={R0&HOJN3^zJN8#(8rCkKYe4q8!l!zo&
zh$@DRd>3{3Hxlt7N6V34WObRMd1`}I5e7uDTr@BDvdiB><6U8CEX(8X(Sl{)iNZBvs$m@N$-C+QOGyAG-V6xU?a%5iLLTQ>1sPK#itQYyTl7Qgu}8ImbBN
zS&B?@7ZI>HgD-SAotQN8m&X5f;!m@Ks#RTy2bQAWo>*B**~}JB5M8?17m0=hTsYBW
z!A`7KztKT^ZhAenR65aD%(4d^pEMjF)X!v+HQ&1YEp|We)hs;i6D4w;C?#qQh%&~m
zCy}it<*^m>NCC(@lc^UeQrHCPm!@E{1(ZusN((F!DzcKj)>t*gTLedQ5i_1Ke&6Kf
zxKZ33k;jEC#BL1^X4z8O=~{exyxMv2j5@Z6f4PTU#c035vHhfT3O<*F>u
zx(qBE;+Y`Si%x7KZ<&GtBy#r}{z6CUCpftb+<&pIYK)ie+q!qBiCMLAgv>CMbYcfO
z$}C&sdQ5>v)$2!TW4lu#0vN_nS2CZLlS%o|Ps-su)ZMf^B%X^}$z5NO?$XF88`j81>3G+ofh2)k+
zS#hG8)=t7WRj4~gH?mPWyR%%85+3ddDAAAUx5i<69j=*ab3$z;I1!o!apKyUCT?a6
zQPQdJYE;G`E&X7`n38f5NF_CLx!qco{T>t+f`
zFVUH~L{cfE#407OQrrOVDfN`=6ALe0IH7ZCB6|XA*C6-;r^?1uN>KpdHa$VX7}5x_
zP0~O`@Q_|Z{h+wRlC@-HqXOqP#1TY!Ua2p(B`~+)GkCT$&EwewU5Sz}={-TH82BE;
zoRaxbeV%r15!-⋘-moUNM}#ORXrBtrXITQwQdjYN67pYb5nUF`@%$DfmjAVd}MB
z$}-(s%GPx_?7>4&+h3$6Kxf&8e;4(qEz59?U>ANcFxnG_gA;ow=&%M_q;ayK!~Io1
zl;p*_N<_U%${rB42t06L%B-t7&>qAPMvXz7oJ-m9gu~fjgd-1K!zdy!Q7yf$XuuhQ
zXz=XjqMbLg3Fuoon!JFJ456V;28D76em2KFj(H;P4R%ywEfun|S}ke4zo;#jEHtK%
z8u8O%0Yzx47~2-zQ*H{i(s`}eF?m|ABOm#qYr_{`Msj0BaE38_b0$7ktv1Re9^^=2
z%+eHAfRyx_B65fmPeO{LM;!YWW}1|eBr%fVGj)Vqx8U92X@Ps45G9J{P(()R!S(3)
z51slX?`;Oks02za)Jd;+AsegJ+(+6eYuweM`9|g=)i83k8dU>F43CYo%^O;)4vJ!h
z1C0t<>@Smf%6j>D`mjRP4H}k2y4v_=KY^pAV}Z?=iI{Bc_QBeF5;?<)CyqWK=7=+U
zNU}a!q*6`S$aTVM#0-Im8<18B(%_7qo|#ReZVWz?8c6c!i}^$GRRiRs!wv?Do*9E6
zxsve?tCMtxk0YsL&`!napBD
zU7tXPrq`R?7X)FvU>T2vr@^wu~Beo%B!K^(!_b
z8D2p$sd9x?w0o1g$mUHsX8LoSuuBZZp!lq9lE{!q!US}R7$6;qOeQgf1dJB)9N$Ey
zId+I6Yo+4Q+=@Q>uq!vzN6^XT@f7glLTZjww(QsK4%O%*Ym3c+4kgt_$=Iowa^r$U
zq_K$^vR;fZ#+hAK$U|T*famJ3mt84RG>+POiP%eV;=#srQbuF$^Vm9uz?dSNF=G=l
zKozMEk{Wx-rBo3`3Ps}x#fBuv5T|PG(3vtJvc!drk`-P}f#gS%Jd1Sj<*Pc@ilfJM
z@HnJNlshw#9c=JrEfS|y+X;57F%mb
zprT9s)an_w%7FkCdJ=h#Y6ZUn<&SG?k1CR3C&zgw#k)&uoRnNnGnOdp+|#)XI9{%C
z=tW#ZaaxVU{896wMW{2}?RkY&@k^(J<`=8QR&({E)C+(0U|N
z0v*_W#m)l=vfjDF82LCzT&*aG3TYzg&P1zGVw_k7c8WI;lNK!Yd^7-?Eb~IBX`)>@
zak%76AXh?8i@$&SZgS!gHLE7nQ4#^Yxh&BOBu8XxB~x4p+oRmvI30AFIVTNuv8b4h
zoEyKyct9pfTlAI%}yfRh1&$Fmy~RU^h48=&#kN)8Y!!!|fObausac{X4J
zrys-NBtB01@MH1}^&VbnuhN{?DA_V0m5boM7|dCXXk1ZW4mn=opSJUWQ-~Itp$w`{
z)%w&Ph`0(;opKOqO%X*lb4Eu>X-<9|!i`iYt4)cgp1d!TtRPCKvczzw0mPU{9EPvo
zjq6eSCgM4EwU6YPN@4y^PF}=!7>divMGTNLfkPZsG?TV6B}tG#AGMju&7GY^j0kD$
z$&y4zG-W_0eL9GNAlaGhUr+2gDZ(k>k`H-?L_szP3a?ihin%p^RQ_T9^hzeVs*$lvgq}p*fsgh59K@iJTiHQ*k*<
ziGE3ch(H4_J?SX!Hm+|DlQ6NNtXS|J2CdF8tAs2k*O|^5>v*F_?r04yTP5p>Neb#>`;Ry-&<1pSnQBH&A&SSoR&4Z7k4
zruEq*%#zLKt)4qrtkkzt>L>PYH47%rB1i+~xXOcuD0Ha<^Ek&pd(A3z
zvF=`EbX7-KQOds;m}^o}ATcCjjD)kXlR1MkY?CU;%|1&AV5}RU{1UX?%)IdlXR@BB
z2@l>B$(~T3GM3Rlu)t0#^lv}SgRTp1xqn^9Hqdf*jYw;6lYYh2
z9nBy@T9|AW7<a-|RkD{X
z#;6j;=|?0FD9dOWUF`)&4dD%2uAwZpvRJ-RMhwhAxkxo^C8?lJaYwwo74+1BhOMBs
z6@H}}rCPCK!cbW9=S){P&&d0R18cSWO(kQF63XSzY0cA;bjf(=D=t!Vt}Ja6<;3jb
zDWUXz{IXFExxA}eVwr0sU3nl>-`nroCQDTI(3C9M*Rp0>lr^$siA-cELP*G%Nm;T)
z_T5xMB73ATF_x@TA!Hd0CdAAb%y!LvZ@>57d*(dnoM-(!&vWKp%~2MYrgHGaNp}r9
zUq5ZJa!DS$n*vVPUSHIDPIsSaBsHaSXPck;U2+Z)cX+VJVbA(&^cm8@#jnjNDzfL2
z>|C9de>)$ukA8X~_pawiW2x)KTOUpp_1a_Qb4sRt->Tsj#iHbG=I&b(mhG)dUaV$T
zQ!VS_70%~;l=U)Ie82i+&)JMKu9K%@hde5H?i%*otkH{U_i#8BH?(A)@2mb>bluRi
zO|DjH^k{?Ez6Hru;mx{>*U#K55?+7!bK-K6|Hn~fv(LvPKK{r1F>#@+zx~Qhm(F<;
z5qhh1ScIusmA%zCtMvk3dF~GSL082JN=z}Ja*=ypP{qd-!uD7z_KfJs+|C#xKiFHt&C;niZ?+XY*HnwK-_j5f3*GIbD!jB{PLBFV4bdT{?#dzFv{0
zBkcA~!|7PZTj5)a=@tRrQVy^4GxniAA>Y@UT2vHH>s#e_|2Qg9cN3PFFH+blkm
zw2P*~{m{nyB~{kino@pCk2UjBr1f6sp}%*ie9NlWsW26?IlMUN8Rg$ctCekVJ*8Q0
z{K7op$*lvk~vDy!@Z4$)ewWI3j~M{RvgO_1$8T
zTieFMJRSTxS|}t{>2g-xo3ktgt}2U872jwH*4{5UUFs@vzZ_OY`sI!?X)Det&fP;`)lnO`AhQEU63
zZsvI+S{lyF3UeACyYSxmJCjvsZdWN2kZE?UY5=dT>+HUB^T;n&sAn0zOvu3Dmtu)I
z+(N7HXzVR5l{Ull%BW(_SWomi$!MI%|-*f%w!7V`Q
zj7LXH$A`!)5B~YGeV;FIiCTbz6nht*Q3eit?0nrv$kW4HRF
z$5-V1y>q-r4Hl$D%X;d3O(NN!JxzWuh&stDK3}-~+Utr?-p0_cmjI>?v!tR_VWxZ3
zZJDK#B->%91{E`*R~2i2zuHRXpNoC0ex<|O
z^nLQQ#b9~*`8T$n1vi^)hJ5neo}=<3cx4Tq|FC-a;4v&bLS``F$pvGHrxwX8*CYGK
z&F=*?!+u9~JB-5|e^4Is=aX+5Q
zUHOfy{?`Pl;)n*!cmB8p98TW1H?2Rqtwhv3CClc>3)X8+Yq;^dr7V>&CG9>2u6DvZgf=hpZ9<&@-!s%RZ=?{fHUag%iV
zxM`WwohCaV@ny&H0OKaqu?lPluKsM<&B~;4O{g;Law-o{^tzQTSaB^QaqX4%^sm)4
z#nObxGg`bGsAO&=Z9sD17v*W{Ejx{5w(K96?0J2XvF<0@^@h9M`HZ%{-KpjlSzBJF
z@6(5Oj~@9iMu}MepVjw(i%Og;yKgQ)pq}zG>hsoZsq{9#J#$*eY_u~+3x>Y96{;}b
zO~qVsJ^o_M+j950&*?7X8QAa19%D6kkH=be{T>UluMQa}niDtg^c$3GO+kC*j*FIQ5hb^uF63@k94yYS+A7}QJ(jME?Hl`+bY~m@zGT`Pq=y$SJ4*s
z>Akh`*S>sJ?v6Y*?E4o}n~SGfC-2|f+gPI5n0Y#T%Phse6M4-CjGb3o4!{$ZQ*3
z&1xAfmK^fBwaYQCQ9(mujhe%`(P)9R~vNhteR(KdIDyNUaPUnZ-%v{r>^>a>;4?fdUw_Th*{C;8iWZK
z^Q4a6_2TWPM|7Lcc;r`aIxc)_sjtbn^hVJ}_4>^t@@eswr~j&dX|{XL;}@o#Ve*;(
zLw8Wl{Q$KDTqqBgG^UgT`Rjce^G+|ab-eY(oymB!jw-m1&dAITAgF}iny6i(&~
z^d0CMHM3z2OwN}2q#Shn5p>{O^HYx$H3DY3jr{$;jD^G5oxVMx>R!u3frL>bGJSmyt2{l#_T{rmE_
zJlgBoS6|zf_n+#F5&Q9?$*tsSee8U#c7tQ7V63Jj7I`LDJIMXVlCc^I*y51-%do4hu8$i&Xxe(Iw6gEYEopzWs2icnq0wfY$M
z%r^T6uR81_Y%FN^j@pmfRhm(W`BpFUl}1Ksk0(Yjx=
zHZeg*c{OilOh=!#$T^t)Ro$uLOtH#J?!lHf0+x5*>2(x0teCes4n8xz{scF0%IR-n
znu5?^
z_>esA@IjJGD&%4IP`3Qv^7J1s<(8ihUtJV$Fk6{lN!y-XBA+UOW4bOVC74N@EV8)vKr>;o6Q`Yp<
z<*!V&Fqg!r{K-?td{3uroVC~oJlXF!UU>0)r0UCJYh+^TL&H)l1
z+b-qavbWDE{Hal4bpWfpq!#imAU&z`&!r<*b6>sUQ%u4A7!X=Gs@HUAAx6Q1OZ3Ad
z28#Qd!sYd+nXtlZ0{>}MoJLxmJe~aObzi%Xk1CJ*FXvj`rMK0lA3l6Ye!OTX>uxCL
zBEqnZ{d2DqCzo|JNj0XscwI{Egx8?Un?_Tyc79-Sb}O
zsIinZ#f%#@y4Odvf74E#;H@}5-5GE!^>iVRlt^FFj_YUtwc^FnFOQ;MnGbumyR)Q?JED2mLnC5X$XZ`TZbaF452vrJ4@eJYc?_iOzmhu?V=84YpTFRv$A;@g=-w~h
zQKa*A*q$1D;d;i)w72dKNq92nWP2wO+07fr
zK5$)!+19sHe|fhBbj$UHOx#thIe6l;!;WOA%+cH&bPkG;Qc{1~Jr`MBoM|vEp=N)C
zcR9YxR>@EL+Eb}OO{t&5mZE+Rw{+f@nV*Aha%5O!@pPB?&QGXbJt*s0r{)-HWwk&S
zK0w^>^ftaMVXU?I-2SV=RN(F9OFy|kneWdyK0FZ%eFdo~vE;)tkKBw*U)UuxX`U+S
zD-yb%$3mg2k|d~6Xl9_gsJm)ufK%cgD_0-v%A72*IO?*)s=h~9dgt*oC<#`-=z0X}
zopHI#{^XOUPv4*Y{m<;m35oDC#5-?(?3llB$!M}=-@fW`N-Lz}+0XW(^yzf&!V*Hc
zJ-X4$f5R8*hF6L>Rifw{({+(bHw@*$Ydk7qPd9%jm$Wxao?$kSO>
znjq{kQ0t2h_X#%2wnC&lCUvHHKsKKDh|ZT8!*
zItM4--7$+1SP#1E%NlcvS2z~??RRG5p6vbA^4}b8Y~Pmao$cf&It?Fw*DN$_YmAk?
z|6AHJyHQBS$#8wCNILyqedt{ugqm({3J>D&K`z@rZ##rb6J};DfTrV!6BWU%^fCR2
ziA134*=d@jVS-xRf1>VJU)^@S_+6LByig8v*HwG?xaP-$X)cWe3a%P?At=EBaNwtqc@dYVriO+
z-UWQI3%tYwCmsZx4(LWipD!D2n`s`;>`vl+
z`}e=;*dJotA@
zXNZY?CcXB}*P9VtM4*SGNwbCk*@_RmRg*TM`2$9tj+ZR_tW^VmyY
z`tn&XH2li#dT!#WRG}*s_iV2xT)vJjC-zDod(9HNo6LB*MbkZE6w>Yg@l;w2_v6RL
zyN;&v9{Ib^K|(sN
zxcRe{BF~nLrw5yR%9R$8vN<|tm-(%hJtwQr3|0Nvg0P&B)f!ixZJ`iisBkj&PF=+xRReFw^uGhr
zO@Z6IgM_8Tqvn14O^qB1X)mo$z0~0`(@L1`dvHo#n|s_%5@W1Bs
zTjcZb|Ibd_%=m`J+1>~rfy|$8)5&Vgm1NnRrYv`b|0JZZoA;ohD(0k+>XXvb<74}m
zB4ZU6{w~d##UxLrH(vee;3NA^ymR`@I6Ua+{SV2XY$No#yF+h@9(wj(+F*q>5oCQJ
znOC7Q7xmTpMDL3mR=xrcmiynYB4F?1mqy&ily!+Mwudz@WQKgsFCNSozPp(Co$=<=
zz7rLJRyZlwQ>gFu#Fb*LabndPdQC%)
zM?zv$Y48E2xUZG0=&wA*jU4N9VIOLbn$3%vUvoFSTd())*lof)Sqrnhf|`;!?D2{c
z<2M$_oPGB3GM9N=ORpsLCCIfrkd`C4Rv#%JE2zecH~1{T&;O
zbKmJ(qJ9DQZEx9X?;%9dtt$4%Snqw^v3Yqc+uwdn+_<|UeK=3H{f(DSWz@&(KS_=@
z{)gtCEnGMv_u#rp_(ypdt+LBUU1Q$ztz76mnbN7olbP#x?qoc2iJdFeqSWQw8~Wsv
zQD$TF<1y~c0ac`D#+wKeoS-sh?JMZ5f|!
zqz`}SrgQevBZad;0!0+nnSbB76Z$qE-e9neH530&rX=r_e296sMO9X)-PldL>|&WP
zi)=q>`#GQfNs7~jP&-!ivb}F;ky5Gc*cqoEOEPw*Qm5PpD>drPdAlBD+b&Xy2d
z;4TChhRa+=6l!fJ?Qig0+9S0f=UEhWm@|A%>Fy6If6`BxfV7?QflqIg0&=$<38u)n
zd}rb{%lHx@k&Hj-@4Nw<1gi|_t$CGpms1Y=$eu6ukoxlatZ7Gr@8w1{=c1qA-6QV}
ze<=HA`1GPb_th<&mjErl*d|dIYaAccFQk~WV(k>_p?TT%Jib-1eI`RhDMsVX$b-py
z&H0ZiatlPdyB_BU|MBu`G(4TsH*Ul$n8eH^I(mw3E
z7$ts*%)3NJZW9>tPtcv_F;&
z=;bpMG`mL~Aa}F$h|mZ(V5U)c;xLE7je`5U2lX*~IQOFs^bW$QW$M6`9Ao!(u}Jb>
z^m|rd3X3eWO~@1j(wbxDL4q+B^O;57+5?Dd>L`t&%gqq83^ET6quxg*g>D7_h=QsC
zSxx$g2j$DGU>v%i4~sDvMWgw@!mr)^_1`u@=MFn}4)IC#5LhOTg4f)0mrMpD>sSJq
zPj6!Blmrb1&IL!o=#7v`>neu5RCM#9jfd|Ej$Jz%AIQb(K!Z1X7uhD8j0rom9$C+d
z^1lxoVQF6#2k&Ds*$yXM07Bc-61?C1$0BhI7_AQUxMDHlJe;^afO`i!N9h#=?I!>Z
zOC1m`TBJ8z?m$RA0sW(yRFR(2$sh)X7YEKEu^1c=r(+L*fR=FjZ$^bZ5ld)$9Cd_K
z9gBivZcqdc%vt--H@KIwc9D7}=Ya?ZF^+RNYghSt!9(Xg9PJW%k
z0#K?FWZKz-0yo8G=XA?Lcs(fb9EhRB6%^btMPLLJ_(;jyEDTC6m+vL{{OCCes8wyT
zD-;Xmo!YD{9*)Cz90NeY`9K$?U6hgDY;o)c7RFs0n0n_EZ|@;A+Zj5J6yE2-
zA*10Ua`K&N!?9>IwZ!h&Wh@U4{5Oh);mJMVuI-=Sfjt@<%87UohNFDJ@38aqqsP@a
zWNQ^%GK)^8WJbM5wY66oi@MAnZo
z#Jm_-poQEN;|%=XMe&p*qs^64(a(~>Mh2@`JPz#P$6`9T-C62wS=4e1icbUp{5}!~
zE?Z$SE+*ojt2pQ;4kj{~!576iQfmNe)_@1dIKau;3vTIh{_^3#uE$smKDE9*$ty~$
zzTKw_PZ;Q=#OpA2f$&Uf%}eUIC!j>6fs5+EJ&9e^iGr`KegGlwLn|6{iXC=Cl5@kI
zp>&S5n~V`F!~5M7pQU+%#p1nSC5|Exu*J^POv6_&upfEaS%`%L!A6C`1ni_bFnkRK
zZ;;dUPX^cSE=5GHgd0iVQ;62k`7s5%s9%ZoZ
z#OO*)5osaTVjNM`EjDwjs}^aK&die|S(_jM3?B~DHbf>xCjbE>dgJ|?1An=ZO%HqK
z!IOO8$0-1HQ!bWHel-Vv=7u)Bu*QBM#_1_S!R4)Z2GsBYOHs|vjHK-#2KF$HPzPCX
zp_%(`AFm6Oyur;Eh7+47e1aYVW)5(%_*4`|X6=gxsvS7R2U>iAw7pnpSpe~~pB6m1
z-zZW?k21fc3pj~!E`QlY`DWz81N6&Xn6B@v=h{9_MkChEj1wXXo>95*48USe+g0s$XJqtJIjom!Fn=}*fNhZ#Oq@Fq?btpj@@i!Thir~h9
zm-@-1!**g=BDj-s=hJDy2+VroJbEg%lY%#e9B*(Yv*ocQCKb&8#{T<8H!56)5AD}O
zCKcFqZeF=Lhfz
zHN;8`#nytJ8fA^Ea>(CwXGKW^%my7JusnVqT*<3LmBnrc>bxLEQ5(&Y3)l-p!tppT
z!-u&mStw$JCLd$bewkUKRbSvijymx36~UU&SPN{UCb6)>F7_R?B>Ja2gB+eh!1I=A
z1PX%mz97Sm8fy>W^I$aiiKXKT1&Or~$f2I^2hjeKHEU#f4S%B}@n|10&H+4)ofmq^
z2}|dCjgiWTDCX}Wk)qrg^z(SK&m`oY0LMv$sO9o*=ou?GTqq9wQ2?Oyt#5P6%&boI
zJ`AOMW~-^Crh*dg4Egr2
zC`uDe$RM)mcz1>mp3|v+F4X3aRTC*
zI|Cb@L9o`25@ILKfeLow;1?okprDgN!cLM&O)KuK9WG}AZ}}#xY=IFHDaQFS`W@F
zRG;0;j}_No_0;WMZ!yl-brjsrJ7znB21O>U>oQyv28LbD0}TMw^57vN*e95)I<23D
zJq;_z!y%*TkV3(Wv^rU(OPU;dKO@qW@gms&kAOSl%j_yWgp;feqT~Lo!ws{x1={$L
zpJbbMHTXbyAf4S3d~nSze{qDn72B@LuAKWyKm~bBeH#pc92>fvfLGC)I41-)hwNRu
z1!`t(H;?O6=6j7skH*14Xi3#
zbx}qNd|)$qi!GjabQW8|-HIN!BJR2*j(`?83hdt^C0b%u03!9z_HaQD%{~Q>hm0a@
zW{FN~7I)`h9kL|_PbQJ=W=RM@e$)ypFcWKHjS0eA?9UW7dGX)PRSK;DxBo}m$*
z{4ldW?~$c0DJf05YJi;N;jGmwa#sc>)v?uK*!>+ln@kLXNZ4FbjNxzB!Zey
zH5KVC3C}5l#efxR5XwZKqg7MU+X+>KKYD4~68OYa@Qpg~I*_qjSpIyVaxdj|4%aS{
zlwb+xA~L{Xb-)1ihfbT5Tpn5gjZ{$wK;1Md7^ll2NW{UZr?8lz5R*FVYm2)Eq55Qk
zPcN0kc4w@e*kMn?bu2-w3`&$%u7%kwWB{NcA4rDpu=|F*X1oEyxK~upHPUw5k1_B9
zcK3@q5RGB&wgv_;km!eRD7zzhR&bs6c90K;p0S3^%SdMs#)*=qo!?%W#?w4lmDMYv
z`{(hDHUge51gOPtISNje(Y96$cSr^lT7_ksl5iY?Swg@|`342@PKL=*+q)NA_p%L#
zL8Lq%sDs{OPwK1vMKfHfO5xpnWg%)0m^2R!jm=7RAcM0=r;SF;Gtn&*MTE1@NMI~K
zvdit`E))ovsm$H2!8?=ZIOMF1+(716zHDp6;#ZTM^w(EJE!A>0*;8OvzqF7ViG0uJKd=z#IxYSa>Fj((jKG(!!GnWW)pV2jy(tdn}iN|yzZ
zG9C{d4GOFkG~7;_+9BY|UeGIu)uh3Pp2F^;vQzhhNqfN)Y3gJA(i;6RgL9S|oi=hFXx<$NnoE
z#8T%0y3hdX(F;vD;U#lYnMUi^<=p4Rkr}B3e7nsY+F}l)MnMR}v5(^C1$KMMq(q1`
z(;y>!wrOaQMjz8)5uzYuR|!(tD^gwnJd=u0B%-eYfWBB9m<+OZ?Md2ZWfu=0+c5+mB#a~X|
zM^9_!Vf}`cXJLUUxwC%nC(O#brR-eNt_#_e!BM$f1L10&%I-DN
zn+zNa?{m%ja|By?mMieZJpTI>j)IVJ`KS3
z27@yr9*4aNamdO@7Rf=~T*ii+!-J6vTRx6r9PEMWjq>%(S~S_mlcO`Z%tQwwIRf$X
z7-TRc?<*zAV1Xt_$rA|coi}l3L|WgYvL?gKC%|==g`5Xt_uWAH|EJXBhmbS)?eZ8Z
zNXm$q9>*_}Bhg3zVlttr7CK^?T_-EUWIr6ERY0Zf3u4qjInYC2XoV>&ZXyZc6-79+
z#_nJ+868ldQw@L)@mt}qge0ir&V#{X3WrGK_yr19Fpg0F7NXV_JI_Su#^QSk!^<=(
zj>=^ELkZ--%~q6^+qXJ-D%zqTDRlGS$1V
z_C<*gJ(dT}sc{i&g56S&#ecjO@(GM2(lFdOEafkx@mwNtyE!}7^Vso0_fIg`Y2epc
z==X3Jv1O3X%P|b)C*q@m7^Uh!(*E`hpUw(*0BcUc>c_L0#z;=3J42wxpUTP$_08oN
z-k^})&Ee&V?6uG8fZD^R@ZGBOXO#&{UF6l+kX*Pp6wzhf8N50l!*^Xn71wGCwu~2Y
zIKTB;jWE7%0^J!1A;xEnPGNuDIu$)`?cPqg6XMj)euxB7GJGJt05Ucsr0)cLk@>%P
zk1XqJmy82fLm*C`Fg%NFCm6;q^|(dXxsuJ7I8k5Yc8sDfdz(
z;z05c>*Z^Zc7yB=y{DOan=C7eFG>w}j&`6SE83A-|-5(RBLe?ZRhC_$4O$
zk|eqsg6$K-5X*kPp#alLw2g6kvU&gzzeay%eS0gl5>=`B;
z(%OCtXop5$&iqB}wka5HtdTb9Q3^&NWH@l^f3Be6Oce-hLzni-S_XZh^o9wjvwUcJ
zF|<%n5{|v5Q;(h1%o%4Y1#u|zHa%F#2z{sv6ee4A5&_E}V6RmM?e;|&Jf-;MKpcOl
zvOE!87IIf{3YzwdOL*<@6pX5=pBWVsNbZI1B~FubB?$G&O4cY_0$y>}+*L
zZhMrH6$ZwOgM~qS^XX4lkD5|JRi2lpa@da~(ZiGC*)?i`RF+<(nG-s^+rA8rH%efG
zP#$0id1_|XKP$*iegiA$C!*HOst`Z`5`A8W5A9zDNny-F*GQg2o_vad3jqLD7a+yY
zW6dB=qZ(!Y!q}1tk&hWN#pUE~`nZZaqvAef*w~zyT|qY)2Ka6cq!VdqC>@9lh8Ah~
zJ<&e(7Ml;beYBMa2jmLco!ZaN#V5edbt5VPlObOg!wQXQy=Fwlup)KS$
zJwQF9KSyk4M*vaqL~_lQFHb3vk0DKT`z^8zhszVmSycF_CxH+5znyK|=N%z&#Tdc;
zPK=P^iKIJ_+Gz1W8whKTT}leH^lDk|iLeB(E-*%<;y}OX8aDH$ORf=IhJl_k>;YlD
z^l=D{)5akM0N$!pA$Gg%i*x9Mg7Bxhz*^v28{Z2hk@m80du9?FSIY
zT(aY~NtDVs;L9B&Oa>NGn$-CD=Cl7)pfU4KN&fJUdzK)5*oOrU=%T#CxaO_(e?rkM
z%2^kM#xS;LbusJ+86!?k{Jga|6e}k`C*P4Eg2mDlf(!*M3~g}{!k5ZYrWl~lcT2wMUT9on;~wu>mjTZ%PYnST-d2lqQ}ti)6i11zavh~
zl3*C9oif#i`i~t4oNLE^4UJ#mLO@}5q{UDf)}bc;aHT6_(unbe0R%$U&8&nZ#LA8*
zTIXQCJ`5%H6}l|Y`GF+55)c7ZT(l5V5ZyYPxj;ci+E?%yFIHdU$9AkbFhKYYoz3ft
z82n3jAbTUj84cVmG#Z=`-4Q_BL1!3K(rs$&DhVvmDCM*&fi*&3d
zKL%hxoV(7tVeIZWM<^a-ssq-oA0fkFuFL}%f#Rg}?13zPt?EsW#!66jE`sY_N
zhUX?Q4D61eUiD65tR)r{iN{RAj9>)ld|KgGb+IF7kL9ptW0T9#scSxNP?e#M4&jJa
zaxw*=7kvvJ7#FEWQk+JZ!g28RS%~0@k}yW_IXr45;co`|XN4gheEtJp9q1;~1dDnD
zonuz9AZcn>CqkcyAH9+c2a`we+56l<9Y~QYKJc(HRmH<3)>0CbE;ts#^PsBhm^HNC
zbYtQjT)`q?MR|NnbzwRfd^9(1-Z%O!qmu%vLWoD;0}l;3MJkB
zBF~3r{Bw%qMdD3ZSDhmI*qtP&b}?81xB(fG8gLbopbwsJjfBuFBKh}uEMJ!InoC9M
z^MQu{tp8WuJdjcI@-5m&&HIyJ?;$XZ@DFj$LXYEXUVcg$djl^PdPdkTfEqSYkVh)t
zuBru@-yd?SlSCT;-4@vm@R9lW^F>Txz1iqeH4
z4o=uz{?`KI&pE-q7KY$uF-|QMN?b!6#6ZaT5RU9_H8KD-NU!L-&|v^)cc9gTLVMhS
z7lgVERsuK#;~Dgv)6mJPv;M|vzwnFR#Q1dFBO
z;JfjVtEv$@fHsmRk^MxqigJ%)z&3ZrxcNfB4E~l+>~AwDfi_J(Z%~CcxV(^3Z;@+_f$AyQm)+R|HUB(f=%d{B4{5FY
z)Ba#dz03^3P73B9VuznMXhrMbZ-?usqyeCc2K#Sr(8e{0>
zz90rKj$+NZl{9WWuv!b$`yZV0n*9{Bo>AUKEmz}114L*8)-FTA<{7Aa2k`@e*%W=X
zWIQ+z!M0-`+~8od{$JRHJcB9Ufwv=Wks{m~q>oLHcP(87m*E(VXY?`P+;WX*_X>@T
zqhQarkFEI-^B(}q7C!1ThUG7|C6b`VMTR<{FmkgERoo_bAM=>ZXGFmK=-IkshD4RQ
zofu9H^Qauhi;lu9sLK7bMw{9!7(<5eRih
z5NZ$`LdH{$5wxG-32GlTirhpn;7BJ0t5-6%MjHL-&Y>7+FM?W3yK?$4DV78*j~&7_Zycah=#x<-DRmTrV=77r}wJX{g7b@T}@)H2?axzJyV
z94-{^#X!*)yf(Lr>S>OrIjRYjo&T6QUwrl|gJ>PF&B_}+kqr~=2i|(2hEqnGp}u7f
zHowdRoP3|_qCD?*WSI+}3w8C;tODCdQq
zO+wG)DC`3$pF$(3zHnu)BYi}J2N>DUv5Cg2wzmhumVjf>>Mx+*sZwf08EZr$>;UH$
z^t+IaGZe=|0MrOR4D|%Wkd7P_zBJC0SfkWmKh9_Xpjqf*78t@Rck(nHJuAgz^H}A&cjuqv*bYgvWy08
zqtRAK6x0!huVp&aV9JyCg38fga5Ne+&lz_{Im9??Um=DMF94CHEl{8?1*ioPUAZT)
zmg6wMWE|In;ZtcC*dZLEu@+MBSLdNz=}^>(V=UxFWEA`xCG?itEw$#|QHZ+F#|A)9
z4?jovoCn+rywxAv6RU!fnr=#s=|$T^zGLIA0LgJ$HHe5o^pi+Cx>1a~Vw_!wDYRLe
zImov`r9=a$*9cXKqpv`U1oIQ1!N2%ux<&a_EHxb~xHG_D-%Mfmzhy$&}IGat-5oM*^
zIq$7^$O~SrXte}97>4^N-p`mUDR*Y248>ZI5xKx%wm}uTQs@LlQtoVC=npkT
zI)k1}R*#o50``1_1mQ?9{0cNwZqUhU4jcAtji6~}*9bt(4j9xsF=&IRg8H4TXnG%m
zoK1x#4w%$Fj^9)(`mwrAb28C2TF9tJV?QU;$xA^%-XKNCv}EUE`#-n7{II@oYHR`B
zE4m0o-4!P{D0!?IoS}3dF5DCpM6}dHk~fpbqr;LAD%}3hWlbY+1oFGLrdGE{#`;>gh+w-$27QK*Q-`(-ljJ~N6z2y?(P&ou
z7YIbk;RlLG!q;u7v@i(1v!|eu6B`h*dkwipTSYxvr`EsXZ)Civ#bLmMII>#SoQ
zb+s=kXyD$obx$(&D?%jtB{zLy(@SHcZS|S(DRq|0N9Lb$el%__3(D5`N2_jU`7-QV}`Xx
zgBY~02n`OuH5@((i^oD0uEh@!8{uxSWtfpx5}sg^O=B7yffJxw33~XS0aQqIQVpQK
zfu&OiBSdESUwRLlon75-@Vz`?v>BBL9#Hy(DG355kHlepe4q_8p$Q5C+)+-SpRV9S
zskEi1>cIahNf|oH>FCQn1XUvXaUpsQy86&x4J|Mj_W+fQ;NG3Ce@Z88Q<;5GuQ%8R
zB9wG4W}OXYwq6;py3JV-r!rS~aRfPtSv509ehC<=G6)S%*%987Q05H!{_~ZzxLVFz
zuX8x1>f1(toP#*El5yxi3(ykHfrm)ecZ-I$KGZ*5nYxVx#$)GeCT3Q*L%@Tx7%Eyz
zCh!}t7kcIh0fCo@MHy8<@*u_v1Zqu4tF^qFEQN4}f;f_a
zJq87nDGdf$1d34S_kx9DkUW5?100J57A}nfD1ZJ8opvL43998DCl0t
z?lm#gW(A}k&G#36yHL^O;vvp0f#PA#t>&&3Jkgz@bN-)O8!v!hD_5*hVQ?HJA&52k
z*y{-Ad>+L1UY%H?UHkchrRtI4IYzN#5B1-Dh&z+e5Np|Hv3C*~Fg84=i*@X#(tfK0
zp4AYsvjw=#A8(-&Y3m%{G7M^vf>4nx4GF1(!MS*5^GZlKVdn8c47?^`1P^5ZH7byY
zK;8+NKp%`qy8ttKe2_@~K&9ea75~B?`9rh%TsoO9FCAgXZo=>!ZT({q;CdpCaO3_q
zYvuQ`Vc6zdy;kgU)gm+UmL$9xx=3)tcbioa$W1Db${z$Hlw`4fQ0X*go}LN0so7T9
zL3B1r{ruxq^JU^J)QR>IVn`Ou>FL?V7xs27icYB0>Z(5%a(7%GV#
zlDkpr5QH4ME{X0zNW~zq5Q}_vTHJT>pIR)@Zmo$c_yVX7b4iSYF8*hetm#_x=EFYT
z5VqnhIuHt15L^GSAb$G|A08;TAZa3YOK%L4W>1i6^l_BHBTyjw*#e;`tr&&f4aK;~
zUa@&JQ5-rDlpk-wD5r9E35rmG|Ev+n1?9`1UXQJDdF5WBUR&GGf#A*50*xRQN8tR0
z7N{vSFpnB+LAG0-&%oz2_pabBh;gb&kaP@@0TWoioW)Rm=Y`6RWDHgZ0)Y?hD#r!-
zWunygfPEp(@QB&GDh$#D$pH=e0qiSC4@yX}+jjzAGMP^Y@diY8SifB-gV_l!6j&(Q
z15U}-jD!s@qBeXtYxr>p+CL-56pNM#1ZM1RmuN+x+mzbdLm;e+t%7J_NkQwa3~bnt
zS6fF7evz>Z6~5tmeCQ<==%nXK@l1T+&{7C>x?uuKKd-^`Vn7D1*7hEnnL!F!Z((4u
z!(RVK(Y41j+5X{5J6)u(`I{1rCvq7-jc+M$}5LC&)6XeiCR)5Y^hKw
z3zeKUat@nA>R4oCdZ|
zn?u%xrH;zGpES3}&vXsoU7xQ;9=i;?g4@^$1QfK0Ta;|>0HR4~
zKQgQv)lUt+%g{9wMT%)}46P3Sh?GTM(~sAU-2HwVmb8v;_wKStE#dH;3dz@PD$tsU
z0lT-aS4a=b6J#siB^_i|c`k>Ind5He>#=wuogUA1W!Ze-wWlJIHAkD3p(PH=j;dU5
zsJ6FaS4c04rSZmErbs6}?38J(I8;kJ&Ag7GcmDruxwMai(6!0S&{F>2hSf5q9UoM|
z5v};0cG}XLDtwNJ1>B)c*NM8Qx_fZ<=%io|Gqj|`8V?AEKDF`adTsfjs;cfcN$Yb%
zoVABkCkuW8W6uG8GzWUNVjb76KT)k@bb_!ANM
zeBRiZdD%*hF7&S7rYf6WM?GmrFk=w@e|c%V#!|*%?G$p?sz5DcU{a%yZX^S`DFqAP
zCIxsMZ%4XD+Esmdj1H8+A2qTLWsSpq#)3`9Il92vR(;$|>tQKFzqebX@?5E*>+IG8
z52-xXs<6Xh!kSBD(9>N_GN8x8VsqXqjd`N>fIe(8HQ$tpkm%qS{hQy9D}&SL$aX^r
zYPy8GhN8c@4(>-=)}uJ{ioObOcadh-eq}7H(DPNz`!yOH-c$qiSpJC|;g`g^^?CLa
zt9gD6_@-2&_~>g*;_jMk{7bjw0%NGb*J}TWRNlp(del~MT;FCR=AIugVQS+L
zBH?C1AtAAQ6~_5C@;E$lUn9<;eUErzrDU$B^lHJFqM<$Wu0u!3IOc5lx%0f_^FEtI
zI(F~)`skngUF-k;sZ6<=STpnq|59^A7X35g)W@4YT~2lT|J;&-w3(3{r>8qry*-&8
zUoJ!)pWD6QDcp6OXft@_d}-9d#-rd1IUB!NTwoc+th-=o^kv-zHWRg}-;qloq18Xv~4D-FaXhN_iL?}uf!Nx@^00WT
zMb$yE*4z~==9v#zi+jxjt;99v(m%zo%~SV_Gt7be#4+Y2d&Pd{_It#x=4}?@gXUiB
z(|4l`&A~e(rMswRkz>0&Od~sXv35jO>_Tpj%-f~i7I|+M0T>y&3$!)z(k}AmNcb-J
zCb4WM-6+y%7h*%CVyD0`lCu-PKC){kpo>!>A5TcD+ud$@S7p}Tm^kSjZZc|m=n&j|+``ZJP|JPg$q*ZMpb_VR!@tcB
z%!!*0<=js{F=x&;Fw(p4;N0A|i@E+#(ES}QAwV{HgGI8#-sbJQ%>Fn8xnFv0&VcPX
z7JT0U(Coj{Z^fbY_aT3UEK^Cx0|0QDfe&U_pVjnnh8k);7ifqGmjySKY{$`s=Tfu>
zF&J=Ky#du*_Vv4V^ZrC>8;)uf3)pUe_(zuT9c6^e5{6FTu4&rVyf!CSq#WA#q^_Y`DSyuyj6~$5rNCfDsti}wM<5$TxH_QVV&^hj>h$h4JK8NP2KUIIX
zS3who~tJzO7qaPa*#kGtLavBsg0#D^|~a|{bV
z!RH`TZK!+R?>uTpP?F7dg+DL45S1LZS0b;QlDpHWu$Sr|~UUqT1#Q
zIYG4_`-Q6@W|LF`JWReSpJlK4Qe6=FPSgDruIMbe0HFzX=!J*l@JsZsY8={(yJT3R
zo*yWBXBxQl&|TTZsMh@m^p)XnQg7umYIh$rQwGYObpL!*88`6SIwi0cA7%fAGg5zS
z?9NwaWgdeZIeg3>zl5L5NsWpgI4e4Ierz6XOVH?2vTqf=a`(^7wQtBc|dK3r{_
zzo+*7E1%`oH3E~{TG*F#z%JQGd!Yn+(vG`8~^3FqP78*ao<$$hz}XKG~3=LlYjYXQ#~9$uez^XrT(S9JB8AQ
z8j#6)AZVX@qy93d>e4*Mv4B)FuIk52Y&f7`3#Us^$E?**}O#Nny!9
z5FWkc29t7X$(Wd$(-YSmxRMoPj~A5s%&C$LV_0-KjWyS`gQosET}KhT#tk(ks(PJ<
zV5&p#2>_jT+WhV19-tw>Ai!83e(?9_7A
z+?Y`-sjUFLn(Bx#LuQ<(x
zM^~34YSCd2hHJ0zrc*26*{jU+>t@OSy!Jo
zl{&plrkuBoQo8!^DNVr^_7WM~P3Y4ls})S4m1TM$rQ+7m06c2S`0zJAc1R53aKL)p$sr
zE~8OJ#A*b46qT9NmHps}x~~Hgl=IDewM`edhh%>tAvV7N-yTeWb;(Q|g}VsroWIA6
zkzlkkiyP0z^`HQ{i&B%8!lZ4c7W%Y#$FHJHCX#QyQ#*6!V0XKEV_VQaHH{Im^*e22
z)Y;>BOujF;{kX4J`KYqr5Fh_I=bdcolZE+?m=>>w88h|@@QN6_(>{u8<(F#|*
zmi7q|e`!9|Q9N52>J>w`WIOw_syWu9di^~yPp1ceh+?5HW9-!w2CsernuOwOOzBZT
zBFT~2Rr#A^whbv-sp{>Sjl(;m>qb#yf=$#Z_2unIDzJh+7DgnMKsb$*VC4qtd9tl@W}-Ya4A(sLYZ%7y*k_)xmwq)sch&UZ#*M)GW0iO+W|*@&2ZwFG`x
zr36M!P2dj~$ct^^FCz&*s^#r*3C!zIt$lNxhAY}i-v#-ic4b%X9b9~cX0~$jQO
z?xuj6@VfcXa}ot#Y0A
z5wZYKt|E2n&bmW3dm7g>Ya)A`y2%3b2#S1F0OFk~+l*6g)i<0_HzI9u%tO6w%Y}o!
zAhsM&KLOEh?nfP!TmZfJZ@?(>mNZ>{RoQ$Z!DcMq6bqRMnOI_>
zV0)NQbH%yi5h%W+usQ=UYw0L9n$lXUe1Yy2N(0tWnLi9{L%cx`7V3?XCPY{5I*8zx
zSxpc$^GTMK?+WV%@0$j9cA+Q91#ZBlpDy4Luw5A
z>r?m2F`V{#D4gIVNt3_RJdrNsCsFO3gbjA{W8Sxid|u?3;d=1v8IJPelMP#j~M&Qb#yOoft2q*d3BEE3ba*$
z9ffIzh{oAP>$}Lww%LYhq~92W^MO0P%IvEFHYr@T&YuUTeVV1$xB^iaPCQb6Zs*o#`F-nHjtLp#r0ScrB#aD1~pz$>VX?pRn+FixipsQI>me?Y78=qo?4H&TgFfc|E=}=)Ui&J(I(k9
zEHDeCBgSpp&Q*pt1U@=@1L_#`ViH*h9=771W*pI)OluC)wJ(CQ4I9ktF)KK~w(7$s
zJ`{Q!cCNee!qhVQ$v_U8RaD|#m&}ZL)2>tu2Q6VrHb%Uv!qn)Nm65y~FcQ3*M7PVO
z13e_7LS_9~B;sgypNkHHd0?Xc8bmR1KAcRIj`q*hG`Tx2_~~ff>Ca8HDs2>|3_B#Z
z;XzYLoqSfza0g7Gdz7ig-nezKSzpz4Wc(}?0J+GXJZlNcyCogCK8(o#5IiauR>s!4
z-Y_l6zeY8HBaB5VutVebRJ)69lESiwe&9KvuVvwAQ0l{3!(Oj^)Lk+;?sKyc?A%zw
z@CDy=7|6di{pVaj6P&%ITC-%5hz;4-$zNY$N=NA&F*!SWG;e?HK;jP3C8Y(p!dar+
z-;5qwE-*F1(irZaWPe5WRK+1M6D!^Hui2Y*2vwL?WBA1EyeNYUcW9hP4UWdB%Mgx|
zlqfu}3iC*{xKfJ&#h38*@Z@Qi1PjnshR9O)g*XNmwMSSId7TkbRFv|aJ0wK6eqK{~
zPc|&qtixwa+s#z}r&>O0rr9cSW4M1-ZIe}{BROcwk3@hR<ITNNV@Q@0y)knW
zANm&;Dz+@nO0pc5-!t*T-WjL*=C?WtDVwZ`F4QA^^k~i|L(E+5
zxQ8%qz6AYA)wCkB6US>vG@WoChifN4H$8IR$H9-}+GkLGcpY8SOK91NbvoqyONdh|
zl0KO!I0z%VC`Z}K)lRW@xRSc*Y+?XRAJL|g&rfe=z80R9!pa2DHPh|6fVn)>CiTmgg!E6ab
zosQENY^iY??Q{M?j@%(21Kg`r(7EE!(l|4i<0#E`s*t~oBd;n^MvFN<)#~dd1wy%G
z9oLH{JA-h3q*QaG-RRc^rrtD(V?c^2TxFV4cD?S(ktUpARWm?>Du6YyEvF<#y%KW4
zbpHZHz^%FWz
z6MrnkGS1e{3%heMdq}_>hwy7VJmw}uh-2Y7Rgu3Xy92!yt69b4aItiWR)I0%344&nw8hE~e%r%O
zl})K}{Z6Bf?Nv+c1!lN}lvKjzAa=~4=
zxWP#{Dj*2HC6X}WJhZwRZ*S>-__*@{$}j@B^90*=UyspQusg3MG-O^ySJ
zdf3iSyaTaaUuRD*y`tU!zx3Zu^$TVObnqoA<{=uVo7%EW#`P6^&nW
zp5TS!sBT1dep6=-{VqGF6s_0QBsg(ag5oCQQV8F4@?qt0&jr|k`-=d&C+}pc&3J^l
z;T4XhiaLzzWF;(_)C$J>z4=pW%FRd5(#P|TM&BC;Jr5A+3sd#cqvRI>i#22YW}7rr
zhB23a0{@MbVQVJKhwa699cg3RVs@vHzAx~N-Kny=XWt3VbhKG~TB9LzfE-RN**L7+
zhG!maV*~uQ*JRSaByca+BuZ-Bcq;CHxV=M*HFw7`36Dm>k6njxv
    2L4f-5OV^qB
zqhtN0NG?6-fG1grv405gR?Df&$N5*wah+2pM$n~t(}URhuBkBsTbz2a~q2fdcl
zA+ClYj;La$eC)cv#2Fw)?8c=vQ^SH4R4FgmSab6|b{6yz->bnNBwls4FBbSVaIENG
zBx^|3Wd`3^n(A!w9oA{-x?&{wgi`M}`L)vZEFD=eJ9tJkydFwIMocZ23@!cJ+63WV
zfq^8B3m#^4{i!P&V@kA3ZL^=_z&uc8~bE3VEjOS99+5OYSfd-s&O}F%zaUvbaySG{Y+VxGNQ*AuJVjA
zX-LnH_)ZV|Z#zM<#nKV8vsE5lOh>{yXz;nIrYJO)CHR~Kn}xn4g^y*y^L`2xDgB15
zp+>2s28wy|1=V1$tTYFzmUbg-{!{LOYw1}ZM%GqW1nbecZ_r!uJE_qI*ypKBv2LJ^
zfI})Cpc{gLxrzl+5AuS-%z!v{wCuLg-_GHL()dgQ+3)D(8ziJx#M*
zZ>MGWk6(Alm&c2+0S{^4MGpaeY6RA=snT
z*FrRDFwz9#t8@|7-g^SFjKoJg#Pi)!L?6c0Vl`~Y{PzGFRN_rJISld9`
zF>SmX-s1@zj9QQT847-e{oKHIoO@0vn?l#pDCN?N0%N8dlDAx9ud)a*Au8?(=
z=|e^6I%N8FJ2fh^EJ5IG1jtd73&5BD~h(<778j2!EMm`8Q|8*YF`{MTn_94xk?h;&0=t1kgaNg*Qrh+{7MTT98L
zkV#mdQdiinHT*)bUpnWDxY?YT6qnvyDwiYjL!?KEAdEA90F)oWuH9?k9OT$S1JG*c
zebBh#0)M%&@Fe*u*1ipGR({cfa2Qm}+uUinbM?;NHs$OGPm@{zug~K-!kHd~KimP-QnfhaB5eR
zTfX2f=8c-qN_aqTGfZQOn@TR@^i)e@|E6fyl$gff=?*L>2?yLo>U*`+?_ATFZ?jR$
zBmPMu2w@7*{w2(AciOpO8#tB>OlE4Z(cv%xF!T~8uVzm7xbJ%ku-
zmgwVH#wJaX1!#Oplbjv)7yMuaNs0Y^JYCB}U7mXejvQ<78_J##)!i;^(YK<%6(L1))7Pn2%T^-g)R8O-ZCSFq#zllK6ABI)zxHRO~jbc)Wr!uBtPxgYt79!QjDkAEnV^WJSG
z9U@6F>C^luk43(N1$+`6m#YWTvG&&fK!;y_K67n_X1^tvW@F2x#R4h^2cK+k{cxE<
zLTjkl_eB8u9`%+gt?J)&WDn{K_QB)_mV2O{Fq-oteVf+JojNAn
z_)m_YrX`kS-WoMw3`Np?L%6vzNk5uZKbYvjeJP9~U!If10PbTV80_an&pH3MmLGK>
zoCleg#i9-lSfW_n3p13KSkQRgfd?j7ssuXmw3#5Q#eEv=i~8Wk2xAfmR$sYRa>i*a
zmFmb!9{gRH1l4Mb*O6o
z*R#CyM7~39_Ml`{M30L_5|xs9mx)B^bf^DjP{I{xU$qxg>6_rLMi
zgwu641K@J8sho75)EAX~S!MDjZaGe~#m&m>IHeY`fJ0toGX_r4I1)CN=3oS5Ig{kS
z2;g$A)q*yO--W>5Ol$FIuH7?#%SoHGXDfa~2@`8Zr_&2!f8=QYAaFh0FnDEiGE{>H
zmoKbWv}S@TFh}aU`}F5>?8-M4jNF>u(qZ%}5c0ZvX4e@wHDf?MVyE;KROur-2_3g7_dUmb*r~bY#z+6HxrGcsPfWX6Yh2*J7eiVlK&vm3voQgbuGm*zR$sWQXvvK$
z=uNYK(9)JLDx-dRZT4`~LscBtmWaRht|jVyI_2r2dz0Ho(?s!p%00Cnwfbk@dRclb
z=o(f)&%OdZW)&*+k=1HG{}d;B?sGpc-UqH^t#bOk=-)~=?)(7LmpQ6j(q4Ptk^*_*
zQhl58m=nsbH7Vq{vs2W7+ycA|vOXPlTX`7n7Z+|!m+a}Bt4Y$DC}4Dk=H_p}a!D+q
z-NGYc>>51Q*8(T&oRc0G99b}Jl{9sJU_N69>c_F12hcKc&qzZr$r)kdx<@pc5F-NNec
zOF62369||H#3vQSX_n6-531H_m8&niO{Lo
zqcU=S|I^cM?57@;(QD9wDWw@)x>GmX(LbM2u}<4kGPJnIspmTf|FGX3ZGMs}y`>M6
zltYQAf?HC9mZa19omiUGoK}>uqrXbuqf&NC^NTA%FZ2ZcMvi+=5PrnTI{W9Gj)Qv_
z16!M@`M0LG$+TgOq&5%9La*ENX8M#|M)HI-N5ZrKOCBA8sxgqRVW9lSfgXDp90%PA>I3&34JR
zD!=lr;1$=H8{#|h;-W5+O{i)%_~1R>W)LmlE)Me=+6bYfNzt75bZm^s=(RkMSG*+j?U88&
zetJ5awM=Vg&h5?fsKQv$UMnXt_=JfNc0gnG2Y~i^6b42ZX;y0;DJUn4*1^R>9Sc~+>
z_=KmBfNWejxT;`W3Nc4J4%5RIB6(gy)m>XF=aoeA2cc#Zl_DU+td@8s1=knl&*>-Z
z1^r^3Dfr_7Yn;yMjn&BSzch^7
z4`?;hl*te99U8T)Kb65lf3s+PSdc^>tUH()NDh42O1CKt`{i$RQ^}Pn35Dl}
zLbk4MMzgl_8P)HmXx!!r*%+X$`SAnT9{Ou<%y3EmG|#>v^|Y?8HE=lMJ0g10-A~#Q
zI4pO)s(txE@ZOg1cz-c80m2F7=Gqbe;OgW<#w2@E5I6L>N}D?$3hyTZn~`%9F?ADX
zJH4_%g5Vas_^g}9wJOt@$*5}S*;>$aT{gyaJvYH
zSi0S9_=YCUTG&qRoIY(qhl!H>TH{x9YacUa{4>eagkk}SwMRVaF^xXJvIZ)&h|hqk
zZ3?(~JZCyk9?v-eVWcx?6_JO;JrD1b28{!U&`BfCaclbdi-C?BoCAW{ff+8Vw1Tlt
zon1~AP%885)?Y?-;QMso-qoS6cXYDDo6|aR#VJiU_ZG)051@~5R$cTXb9J^>ZA|B8
zI+bnZMmocQCXw(G?^wi6@Q~2as-$k#Djm6-3QZHuSOgB$9cU=cEIEYLsJtmSSb4UH
zpIB+-mk8Rn5k8n&AQ~%z;KA`fEB$dAx_^ASYFHsx?hkv!4Wtb%C4ftyC+n!RaAKQg
zJF%VHJ6vgP+Js&}_8NpbG6oD{5N&ER2L_STL;7q$ETJ!nFhY}JTYF;YK>9*GyKQkT
z7kzd%eH8!+XS6lt9s8lCacC=FF`N)!gA
zOUu5--ACijiq~Oo#mv>=z;v$tC5HMmddrD0wdQs@_pwjvN|2cjhEimWgCscB!0l4O
zp89y={lOnbmy087d$bpW{c#!O00$tsTxB~6w-P(%`31=L@R0g=
zi>22`muerQf@RB#Q}zBMUqRa$i6nIIfayOczqqBVD6MIodN7PT`}yy|7=3CDf(>L+
zS_uf=%w}b#Uf>VQ{OE7@287_1da5I7avOoG$84PPp5)88h
zfC50_Q;F=m@HVB$z|f>`V651L(YGaoK;Hy_LGL1#^QHzWAbFKzVizP+P7-9
zYcFG5d10M8uMPdJNgU+0H^jF)&`EvVqwgq5DlmXp5jiH9e`OE7Vs*SjPsuh7pXQK8
zP&ktaf@npuY1H`%HUTw=UQM!<7_8H#>m(cxU5>Yz@ji*-Uj`8BT-mP+xQ$!@*&m}k
zm)hd-b3Jc95T+8C>e5C0LKpQ=en-JpLwRNWU*bvj)+HHoAGHE
z3n{Gu$>3)^TYHbH+KRHVLXa#o$3K)RsT>B=CQlefl6v5XDvN0Bl&wLkm0Kd+NX=z#GUwSUJyb0#aTWqSrcB#
z>;L^xx)|geS~t)5?Nd8p@<2L{Mg5BJBwb^LZbg4YVy)o(mD$qQi?PJaB-})-jy)$=
z#cz9HFNe^ZI)5u?7w@;DkbZ(rl*Pbd(*$jNIv~)~Opi#Sf2dMKJt4sM%h&$)sV0g|
zkIF_cH|kqJAq2lh61AnZKRXlSy~7G|0zDHek~<_MjUwKXb$dy+#Z
zTT&pd#AZr6XV%9u_ZePT_?2fjxVVa{<^{@Bqm{a9)Zsnxy`A`RW)it)2&f^cUaE#TZ9)GD{q$d+c
zzBIOJT~D%PL+dFN5iS!18X4;(j3T))+Q!uhWrcgYo|y}@m?W_DVgBBw=)n300Ngx6
zy~%!9p6FcVGv^RxKP
z!|MK#JzzeBAw+|OYW1``qyq@{cZ%Yia-)+=zFlaQA)Ia`kMK3X_UDC7YS4<*=e2y^R
zoU`DgVZt55cji2-E0~s3?T4}VqR_mgI**dD3hvHHxypjGYvj{HjY}E+FX3(ZUJ!Ys
zc1%4u-!Lw5V~5)hiJC}n+~(SKdc8rQ?H+oor(Mee5`5jE
zl}z~kT=_R@)nS%QaV{4Agu38r3>WAS=rO%lDOD`bm>(@jZFq`!hJ@t<7fnCj@tBCmge
zf(XBy54P@u-M~NUKZYz#hcXi4%*q%c+*G#1#=3d>P{?G&kKp>;#aHC;Ru44t9ZN}e
zWHXLlg0*tThI~|*H%%UF!SJV+N1IqjBaJwKKC|4q1A{=4za~nswNw8It61om`c;N;
z_jw^2f9Er&qa?R&r4;d?gyFDJ_)T?dXVoC~Z?tf)El62oolSgnJES
z$e1j|dKu
z)!G`LWE(Zs&B|}=$Zw97kv8|*^ihtHN6h3?*DwyXF10kVpH27o`EO+vqSAM{NfrfvvBO!|6
zh-2mzZsgDlxH^DcetADGPXK9?GUgPANJ${)He%-uOY9E1mP;#-ck64zrAj+<=;caa
z%$F46esndx90Msp92Mm_w6WpxJZ!;aGJ+H!U98%N+AZp!C7s>u;Ej6H3
z#u+F%qZRmZ8_qnd%+}kmyC9I7ejEEJ5cVdTxQU#K&Ab*b8a#
zo>Y5c;Pe`viw{Xyx=?Qi_CygyS_yYZVls;qQ6!T3VGn{WQ2H
zWqi(=wUjQvo?Qs?);DZLQ+c56T%~y6+!MHb6}L@H;y(8qjij^$PK<+8cV$CFldn7Di5-2ar
zrpNXYNo##N^aglcLwGFc%b{Yo&hc9lI)=;ctQTK
zvE(qdMtmINF57Z-{{lvxOu<(B(B35hHSn@BXWERTnr{Bjh3q}vj$70AOl12MR3AAP
z_3mA6@w?)w=z^fzx8F}Yoh!(lKHT4ZZ`8lz*k*s1c5D4zPrIF~3yO*^XC!RIDWQTA
zmQrqp=PfE0rlW`g33{Hy{f@c7*OAaFk>5`PvDs5u?Jw6_^+u`th+%wQZ@N5SyVNIG
zy(Zz%qZ0Iq-=KhZNuHddz-8Lf1S8TvsXGt^mhV7%^d3nh@>5(3JVC^40jJ{vCC}my
zJ=(>E2gSvedL1O@wzt${=5+DU%%iVbNEKox)*?^n+m?C;&PLr6{{;xFS*$v0+#@EB
z)KK)jp`QYu3#MKGZz~Rg&&K`BYOyvno~m!pV4VNh^5we?;Of-cT;_+hn{c_d&*GM=
zE`#=(KA;TZZFuh;&(=JVf5{9Tllpw0aGgZuX=6N|FHslJ_pfM}udgqmFI5K$Jn0bG
z7aV*oZe&aGsCn#_HuW8@i$39}^Ovuv4&;cV!X{{`4?Lf+$1t0>T8=*PKEZWsZM))~
zS;32+UP}p`Az>ZH>Uc)l9D`?O_xEV-S6H6eu>Kd&Wsx_um}k+oR*rt
zJ4U4pD*^=P&b>!{ay-u}{wM4|QfvC0+UD89PH}bWWc_KUD?3^HI~6-hE+B8i#_Jzj
z29_8h4=e5C?SI!+$K)F1iz)JfAR5s~_3w3O`-iyCveAo>aKw{Sstj$}svb_jsQmD2
zXzy~(zePSd-b|y{P49v*q>WA^0nrr)t$8IMs$g!N{dck1Y|C*(axa=5R$9WH2T8l4A5LC)Q)zZd
zxWRFw6lPZtZG%JnjTq_NtxxF6S`S~YEU_z)?vWDxqbs1!gM=fuv3i$^B=r}SpXZV&
zwK{8_eX+*@odfYu=jY^Ky>tB0Fy95YH%Z-xqJ@B8P$wY=Xz1SY+P!WiR5c}ZJUx4+
zoO*FJ{{R-{vrL_Ebv2)XdipKgox5(hDxP+{2R*QEz|vFYkfeRG?mPbV>NUdJ`ccP!
z$VOT{p0#}v+VzEfu-vhz!t9nd>+~8na?3nwlF;t@yUIFgfh-ZPUV%JnJZJG5KZt-G)ScDrWp5~H+_-)+AFQyNPU10l^-;ou=r^3woT(@yN?xJ_Ha?eEI3Bl
z04W(1F6B1mEflSBUJJz(j4OK2j1(^q*JK}y@2R7#Rn3d)*ATi)5!kI0gU0n8;66)e
z7?n|PkN3K@&$SEJ$us?&5U@tr$zx8q=Gs0-E}gn4cv)|R-=G987Hc+E=bUaqS)*pZ
z5A5H{t!5UG7p*P{(5^@}g8kUz1%^UJork4bfls%3nZ$#Cqt_yQMiI!q>YwVH#t13{
zGN=vDn{2}LLY@OQRZ`Btmx|R^*etfCOIZGsGk8xnz}I?y*x7a)YBVIC|Kse;(ehLa
zufHfowd%vQ&arE0^p4%wAM&)Oms0&|wNurAYC)8H3}RigHGbENGfo$j{B;fJj|}o6
z7SQP7{jB3#qHO=99Wd_Pt%DS!DyI+1!)LVrq;5G{uf4o?8vPtI5ZJ)A&3)>&k@YC7
zMG!{6VOq3go4a1UcxmtCds%Q=YB&{CEBNy#Zg?yQZ0oD3qkxucskc`18`_T#ZV6R}
zkiI#nDAVpF;bGwmY3ws(!0|D5!Tz*SS(W@>ot|dcSeWMH!ds
z7p&`IL*D)LwG-%@nR}lR%_RIqy68OtN!yg-)1*Pk$=2W?~F{KE;`mZ
z9~k6*8dR~A6?ZkrIFM}NP^x|h`0wa8IlWeJrEsz3GJf%E*i_F7ue4t#;S9X|v2
zeska*hjCLg2lPH85SNC8g=FVhyi+IZcFvI&sWPR~Pm8Z16!7%mhcYxlf!5Ld-5SC6BRAC3Fv8jx^fuoknFHoeqxvZ$8o
zSa(L_u>ikB&2@1&3V6RVlI&?XnNo*1VL$FG8!?$W$*UETc6x#7*Wv$^H+g1gnj9NZ
z{BJEoiiv|{K!lx)v&!)^`Ll;x@R;QjU0~+|ULJj!=z_M1-bPs++qq!!BdVSi`WPM+
z#S{F8ne&;DmW5Lf$m`PzA6wc_o@b?*q`NiEf2-~bF%7v{
zoyuP@cfwe{KZ-_<1cS`o{c<~1`X4=O4MklquJ%x0
zD@diIj(6$JhCRPldn03)!cE8U4mnF{QzYPDVbB~m^gcD^m9#;Fx6O%OMO`KobQjeP
zzrp@_t%Q%_BFYx$F6WH36ejdyhLgwIHi>zGX$Aei7R39}jq;D8+rj~3^t|)&*~$-P
z-F%(H(~(4Q{6w|9b9V
zu1hrrp#<_|a-3iE#w#D9;a4PGs&REjVKvo|E3HhkB(uuYoo
zL{RieI1ZVhi-;mApjoSXOsDP6PnQh(T-v9s&hlMV?aB)yOyzAwub?0H*y}C`C=Jlu
zp_I_?1-%LeG}AQqLs@UEYx=+1U&3-a1luECCojjoY<2}
zN8kcdjTZAB$1DwUk;M&&-{
z*bz&TGDoFcBTD5;$Tb@wS2pL|n|l~`ncdrOzyJ2f=dsT}pU>z0d_Aw1ny|zSvC4us
zi$RRCrcg%^hjb{+eBTD4TuCy9YTP<^qd^=%ifuC45%KIBXz5|{6as*yV#F_8)+68Z
zmekmKTCG@lnw-dU2pzezZch#N`;thXP#ySWKi15i$Qp&54A_t?is!)963Qm=vKV8W
zTKx7U+E;RyjQ=?wW3~ieh)Gz1OGs$W;W;hiZCYy~WP`|8jhiig_Dz>w!k>&{e-=#I
z59x2tmaIAh(=Zcmx*+9sW&HaXrY7C57)oluZ2kLe&A$P<{It_vF>q6M4l@cY1?OF{
zl*-9^df?#t@FSkks1JNxS0Y$Y$vrTNP?#I}2>nye9N-t;T5vI9--uD?nCqd1IvWos
z7PN?UB3tzF4+)q*&DxYX59sV(In;>i+YhuFBQ$e5GS!4UE+|2UVu+vvpamDu6KufK
zj$$>Ymv_yS|8ZgF>Y7H*Q?eFL@KxZ|NG|#*K|+`9SGze!r+BB)VFqHyhl*=d15V?z
zo;!LK%tXR|o4MoGZ*R@Urq|Z@_**~T#L%ZE4xa@TDNgbDTAD~}jPEAa-qXfoGZn5o
z@?d4qnoRmz{iaQ$0Cc0njVNdQZ~Pv(ze4@LTkpo7%;3tGBHo2(1u
zm@(BT>e~_U$rP>{;u!qQS|c&19KQIhm+&hVqt*k-QM7?ip6xPA#Lauyw2j3&u-%CE
z)YMo9*mPzo0ojr@Mp0`4Mg<;RtwL_09P4et#y0bYr){271hIoCOSPe8dCASQ{5>(h
z+E!YwZKi#BE3A|>(H3tvah|fR#P?xM@^PY)8J(X4ujRi1&KTFoM0gcGhn7a&)PfThQw<#Xj{qa)v~97ypz7cq
z)bA!?7fm6JImF5*>)5QNSf@hfTCGeGl_~I)jZV+)+=e}Az@l#xf5ia-Udut+8@Z(7
z6y|wqkJ%;(Org_0vpvLcLs>s8bm$C80h(-ZMDwyZNO*L@_12;JL?X}0PUHLEoO01?
zJv-p(dRD{h3ExfNk`TJ&9QE83YU27O7_6Gucwdxn+oiIq7bud`GT4F5Xfv+nkJ|oi
zK3#T7W@E!DzG~n!Fp%dYkRK&n6PPQu@oSWn-D^U8b7StEARK4fEG{pen{%nqvl?mW
z{Em!c7A|{~K%CtPH5T{%kZ~-SE%JHI%DL8}snXe#KLPTS{K+kdz$wJYL3nuwg?_Nf
zB4p>%&*F~r1>>E_H2x0H`|zHFUE@4=$rgBE7{!s~^=~1iY=0~FcSmec<&g1?&l)?U
zfdl+iVd%A=q@avOT41W^B$k%o9hZ$5h0(Iy$v&*_ll3DO(){wqj>|tP;WF#Jr(Ow-
z*t@chYjIh5cXOk@na~kecJUnNqE_^z4Y6~4*!G+(C=l1t7W%^3@eo0$XK^R&iP%4e
zW%c?$!nIX1r6}*4bIY1@LjNfRKafZwa(skqjJd6PJ(rsOAN7Gn`K!ne^?j{NDURKf
z7Twj(O5DYT!yANMjidKNxcJX`8YILw@YDY2e|%-@8+%qjJ5S+e=Re=o>eg93ONi01
zrd}`}7fb3zmZCM-wf!+=fK7-W_}U2j@nPrHN0QcR(sm{w%<2T(Qs=Uw=P2
ztBOPhe`NnA4VO|qt-BR8t<9y=V)rulqOw$^YAeClgq)yx&5omD!3)Y?tv~%}4(Xkq
zX|6IWw7EL5Y#$IrSFpHP6o((K6CLCH14T#v?B2Qyihquc>{`vRUOlf!uX}KUc7f&R
za!(IB2Y2ODUSKx~(G9drT?9vd1x?e?TF(jCGi8xS55oIlK%`KVfv#4o()ZuMw?2F1
z1gHNV*hIM1_5w`teCLsEPs~CE(+<>fKHrCDOvKch&0TRjIsbkn-D*`-Rd0R?^zVs{|E@!pb(R6JIG>?g?*qJG-$fQ2P*O@|i;iD#2Wm_u_FRFla
zW=znQ8|EzTkX^5cibL~C$ZTUJO`UF
zkiXN!PFIwnFil2aLe43OntZJMW}mI7c%#X41a!;pKOFa*{&2H#)|nU4_DlJosb~9a
zZNh)k%O{6lA94^K@z@NK?6bxAi3Zd2#;qpAmn|f29i4(O5X;+ioTsdlLw**16s5eK
zn16n3OCYV5JQO_ydQQge`y+S{=f;$-tu&<+*3+!HrKeufdu`-QY3w_2F?HHX$T1%^B$UL%$Njan`>{?yW9!NgANjS#SvazDANZNf3j@>jsa
zPJ)-Q&VX>rQ}2o)THyZ6BI%yxM94vBZ>=tIy+K&6;S|sJTd|9Z1#8zj+ttp2GR_wL
z#}qyncz1^SLe)aJ9rp_5I+K(>iT$k%7l#w-&*q}fyb03@2jsVX@UeOW{UKTpsKPQ@
zqyQL{oj+CZ?_TTw_Ya(0`Sj;rA-Zu4K_b~D?1C?;_YSR)_P3<1)2>YU=UahizNH#4
z8VwRE#1}-^q35BiC%T+tE63KEHZ5tSt5@JaQ^W7cBxXTws1yl)``K3hTY1(hbHn-Q
z)*Ou0n~*C4BQ2SRN8}UB1Gi>s+^w%>26H3bBR8#a7I&{n8g%Wqid7ubgcGj$_O?2O
zX5Wz=W(Z7{G$bAvsW62rc_E6cGVWog)J*S&(*jmokhBAH_+iMh9joYaTvSIeHT1?j
zo|oh)+0;=ys)LbklKHHf$7<6lv}3Cn?4r22*~Z+N*}k1x5R*QRE)tPeNsf!g1~7N*
zTH_i-8ZhuR#3O27NC!~hf?BI%T$KLFV&~DNHOJ-3!yhE{fbAle9A_U2)N}Vgq#|NV
zqcCPW8F2>OJvY?X;zxLekg!e62tk`>lXb$eX6iZFCf0Xq)PZt>@_l&g
zqwFNLt>VGyH#NQh@kWymdKzP&PjFMr8y8L+5$stfpA*uiSBhMVyY^D&Tb7Czqqh>D
zzHERVStTcvy{53Pf{L5A-p7N<4Hp)hXIjjZd?xNt{r!#lCtDnpE!CDBvst}CW2zo!
zzH8tF|AM5)#{<7mGZ2w;E6;jM}+R=UKXyoY5NjhiQhWK!a~IVEo&!wT*NlhywAjOzVY^v#SV)-*n$weWvoihy(cLGdxkHsJ&NTAqSLpglZ=K1AKM(V#%shBH2J4#B%nDwja=
zw20#rvz$?}LfmAtG3|MN@CQ^O{ilRrH~_J-Kf=zbRiQnlCFf1_0z*s=k%547mMeMD
z8UjQg%cBB&7qtGT?+d0}Wxk<)6F&X2zVkMGEh8r51~Z;6@I+R|`0d0a5A~v|?3k>u
z8LMF0=ofsTDz_9{J<_aAlc^{_$hr8Qi5>LrdZ|%%Oea^z_{+q?gNu$x*2&pw?&QLa
z8T%!FGkWL)eV$X`z0<;i>Mt0wYc*aWqV1v_#geTpO}V^FLsdx?^K8}={nZ4`C%DZ7
z^t&5`*ET;{a!rz3em?^re%=(lY6iiNy9X*ne>l;42yt%aLn@#G=kj7*H;UZqvf1{zF&Ew#OAOEq;jwoS<`CA7s#%0j#}{i*c;I
z+M0Q|LfFWmhU;|9ieggv#Y@V&!B;DwY0~QBiUi1*Mz;1v-9~9Q?fNME$db$QJC8S7
zPFnj56M_!R-5O4PVNcq1Bj5rwPjKl^0sEk9vsU*3hsZ+7MPIYITZ~JTq9n{2#6!%u
zvA9D_2m+tcMuuLP4ZVjue!zjJ&uVsgru65sTlr_`_}y>=PVx?7>G>yl8R#Htn$JF)
z&B9;dN9Lb*d}&3T%$ROTozq?&e!}8n_dCD`>+XsUw!<|Y8uj4;i_zR+`{euH-?+n!
zkQGqC9)`Zeuzx=%yz406>WP^V(tGXHYo>(}UGjM2hlg5&!C2=?`t`Y|s|juiBGIID
z9&}79PgZZUcE~5tjiwM|M@hrlV?L^3<0oFz4k!#pZiAPpU%+gK+a|<12S!jXA&`3p
zte)CmN53W|7L5wyuS184LiCfx_M(f|jS}H+?&M4v{36Zp-REp`X%RSs48Tda|vhCb&a~u5Z){JZgxR=?Tpor`(eGwW6$92*?mUI$GFnkxLXC%R~-DSYvEY(S78JTiqN5>qFgJEf(p}f+>rwoS2b)V}T*Klj(u0?Y;2ZTz{>J&IkWVvfQgS
zM*~B5EZI|fHJ`&V9XY5v(-HE69W+;F&V9%o#K)6^$T-UChZ?faj@8Yb=)_ykbLFVK
zvNgZT9!+&S;eWZDERctl?nj9VcApUYcn8gKeZi2$0qj#*=MC|Lpv!kOXj|L#*mpblol^Gd9sE=(<#~;<2C$9XS!3CSZr?^dY6mz34;i^bDqr}7
z{tsvqVJO9O6Jx>#m%q9_HCLZ2HN4Rgjtx_{HIZQ@>5>rme_@e5cZP8{*W-Al@oUgT
zs|%$dhfm|>;_@~XUDP8_N9uiVInnSNot#UPYw;W215@~nTDQ8!axWS&eC;LMrXkdj
z@s*bVu)|rO_`tj>Sg=8nVH49X%qZK&Lj<&zBdnD6UKERV{rfBMCDSW#kyE27beDu5
z!Al5tx_tU75vB+V#0}L4PI}gE^BZ7qnQ8$%eoyL_{3|oNBN4rcQaAg`=R2j5ZZI{?
z3~shAez$rXV3QoQ90T@P6wL&`OK?Z4%1V;e?S&Hu1;tHjL$h43G_*<$FCg^qNsvE=
z$g?dULTRHfv!j)fEO)u0jh>&Fi6JHBvRm00E
zvWnbsVq!RPz7<83h*i0ug6xftQ=liI;l{`HM2=op<^UfZb6uRQp=E;Dn$IC)gv)_)
zLB@~f-Hz%e}=
zT>hU;>-20ZuxM@D@*k4EGBLgyy3HIEMsZaT31tzytPo}nw>wp@nU?UD!n=VuP`8&n
z1h*#e?y!y=Dz{Ab@s7oyTG7oGl(%{|ixyw)%k}|QVs@%0iuTWT($bXE&DA*L2j2`K4a4D!u=hqPaYe0Gj=E{6!_5fvo5RX_;0
z4!j{zpicmEH_|p3ClL3LNHAH!5KNtB1bDw`k|<$0ql`K5Qjun-9PSx}+Xp;x8`1dG
zT6DjMuq16j=$JmYpg^mji5^3Hoi17I2n&gnp}CSATGZ^4tBVh!FHb)0dN=~2)P|SN
z!nX;>E91C*a2&t`6k6l0%bk#e<#?U5Ooh}aZ5V-S4=;K7$*k3s#6f@X9?v!#52?N*
zxPv2%>6L@9jMn|Ofh`h|hYZb;@*jA+Iqlos2@m##n2v-5gT?kljaQ93>NwA2XkWZV
zz(sP-8bq%c9YFh|x?VKrWj^m-={y0~Pe?*+$K`#A;~a$zw|E?sQ>qQ`3B_*Vg#6p~
zC-lRd>8&`i^QWDKlJf_!W~XCC52^!Sjuxw3J(#oDK#6&d8{XDm%7s};9;-Kyu21+CTF4iYGedz8e~Gw5xMIf`CNK(+Du&a6<&SkBQ6x>L6cKgf2s
zjfdoQ`6R5=?M%3IvqmvPbc{gWwzc)od56_y6
z8Jo$1e8uOxLYGvA7;dfYx33%_RT-cE!CnofJMO*44VzjG;510fT7JTRpqvUpUqtVS
z_arQ(z=Wh+clk!l!1Or*^kNf=Ru_5%E%{@<7(r{jD|t&?090SuLDaU7wj+sWu&yiV
zFNUtxe4mT1Tb7{*&QnJ7iY?y1tKpZ`sIK=e;&(}9MiR%>
zRhGxqdVtr$C$~gg7LiQ)&X6qd!fLW2C<`
zsx9Z}rUpEMWzB1fVs88_hd%@0CH`rZ=y<098FF>bzwp(JryI*l=}2~%{`fOe`$H+&
zsy&xA88Sat2xpq2tYSifv>?JQN##xvG}LEfc&mku1EnxbHdoI{7ijMX)0qO7P{&=lT*3PFVyglr&s8118_qz{~U;nt2aF`tZ(euFd_eV04w}7wwI7~VcP&u$H
zv-h?PEx4hRa_d&Jx!uIf9OtIY?A*!jr_r6TjE+yey3!$Adb`u51F;iMwX}Y|VY)K<
zmd?D3NI{@{I~CEEtSI`gZZJZA)vl+YlGBr3)QcioW>^I|)#$Ic&qK7W3`u9=!wiDk
zMvjf7^IRfvltfH5wDPmQ(7V&jLsHrE^rJ2GvhY~&clKxy-50l}9*jTCX|SX%Y!$9u
zb@_&BO@1qNPFhMy=!8C9`V!LRlJZ#1=t3e0*w&-gJL9#OqxSV$`FGso&?Dp!Y8yXS
z$sCkxTX!r-D^t3_=3O2<@PX)ra@K*Bgik-=VtZ#DQWaWa*vngT*^fxEPB)~ggiH?}
z1QxtRuYa#9*ai}mqF~~|Lg0qzp7UPm)w-R6hR)cIoBdfGZ_jVzoO$#k3&O*Jl22Gc
z*9P-6wdxhQo+sXi8AU@2I(ZAo20uw82$e<
zrm1DhuN8^k{0v3YoW&DvNn{ua+m&)_s+~47?2OMW@*k#!5KMR>QmT$w#!beBxYQLQdU^?Zl(`rq_<<7Gcn|nM2s&ou>Dixle
zpJVD1dO(o0oZX`qYz#8T_<5m*Qmf0pigbf6LgL6)w^Tr%+;PtZmUf&0^y`0{Mc~_4
zBj<8#gr~7))tQXLJW^!(yx>+k>3r__@-4!GVqWfN#<%L{KF~AsX)9#h9-(=qr8(pv
za5JvqXJ+t@QuS(VtK%fZZ*oyFFM;|a5zy)KR=7nJl2HQg;68c3)SghB&ZnbHtuUGE
z+ELvMt)_83CFR#Oo)g`ip+c4E46e#l15yd?XG{1Xb&Fe04`a){O3FelmoCrHx5vm?
zz$~XzAt{TS>DSF5$#Yp3@HJ6K2OJVY@a~m?p+$Q0h~Ki=7Y6k8ba2#b)^*V66Jh{@
zxG?Udhg-B-`t&^XZ&-gmF;TcF`WxD*PA_WL^dxtZTI51{{1oKfJsVE<1^f`~RBQCN
zWH0G{ac-)+XGwDz|
zPeuT)l_hCV#|bLOjd>et0WZCunjo21SLTS2Sd`_z|2AY^i?&()9C%X*KQ(YJfzlJi
z`tP)|N=Qk9M}~DaSK&ju6>?phmTQKQGY@@SD<;GxJKZtPX%?tj6;=1NmwZee|Ek{cl>nfqdD%20l9_mPVp;6SPT_OEp>Va8u}jFuEftX7O@1uC0`C
z`+h6W>TwEuPIyh08%@|ja#V{2ZH*NCojx~*5MG$dXJ6SUQss|67PobpAmNWNnsg}R
z%Cc331TrQrPTL?qi!$Vyq%&h7O+XEcbk0!*t5^BexN~+VBqe=4?NE&m{s{1k@mlJI
z+H(Gsp&}iWY?!b!2v+P175#LqI05pt4XY6e1cDIji?Z&%V}oUTt=%@a!d(V
zGH2-~3v_XJjy79Kzj!lYd@Y+553fI~bYuda%1VTpN;8n)!;;FVOfvq+fog(8PO<_9s4ygJi&Ol^hXIk_%Mvl(7;a&`MCCexe_+UhWb3Ub`C4~SO
zx<-1E9dr=S!@Pw42t5`v6@x3j2m3S<-s6^+K-MIQ4Nrvs#_;Q!qtpLr|Ac3I3|sc5
z_IBqi>~>;!c;H@%4%J9TB%(FlN(4Sfy$UfCycqvJmQJyYztS&(S8P!M+l(6&@Dugu+kwatlMLEbX7XsWu$HzUOV-~|+6>V2
zc8qZr_FU4$Qs>;eR7&mPY8wQ<>K9<9ZC1wS+|VaT7{N9$HlSgc+3@%EmDARo62%#d
z5B|Z!?r@sh7+^OOQ$?KjQb3eeV)q6}bbf)h;yk>%Emks(`?m0IyLQKbzlCPslQV*l
zb%Ni&U{gHjr`|5cz;;OS1WnN(>=KWT5%zN}0=;*F#{C0UR9UZ_zw0SNw!t=X+ar@(E3}o*0#yHLOMC9l
zJv80Oz(3GR?PW!0aZdVs_W~0$HHS_Z-;vAU?&UPJ=8)as4-~N+V${3h*Hi?OwgwUC
zl+|_%f9WmguveqDkp+LP@$Uy9fMNjeUrssWMGV7>Y;K)|d5wJ`u$-c6b5u3u>iQmI
zsi5x_rcF^R&}IG3f@Cj6*m?%f$oZByT4hes#@Y{wz9{H_4*nAjq$2--nw-?F(UIJn
z8{i!=4mvwf8`b@m3&xPSo;d
zHL8Ynzut+qWtTOyb2O1JQw)HTVC5ya!0=QniX8hU_vRF$rln{E#G}|5(>?)8ijve~
z%dpwBnZPs;gf;gOPO6byC_N76QiXTLPv(v-k~glChMx_gYTKQzcWurwc_jK^cfB9A
zF7>3iLWeE-ri4jZJ)lPGF7hpL<_=+@{eJWyCZn<>!0fVhMu#}Ow*B={*6VpuMIZP6
zlha%ya^E_B!uJ|&PTiW_mxsfUX8daE!k1L4Ny{o`7t={OrDe-YM`!i!gLCdOBVtY;
z4b)biX&}AsciL&S3`@en=IF-3r9(AmfzVlcUVYG>MHc1gs!mV0Xa^JHuen5*O$B{2
zHO3}Gk26TG*mX9=$sspZD!3sX6opB6PmzB-x#!!g;MDS~e1Kpm6&!{y=*cn&rgUTK
zKK3{mmupKmliv!6Semn(0gFaGQrk}zB=cQolzFB_*fOKNd+eww9b#4Wrm|P1@=UVsLlK!&qOgG&
ze;mezd-XSL$h|6pEzyk`RhPEU(VH#%QFDF%ziZc~+09t~+YPPZd>~gV<3z(cLE=Gp
z(|`>fZYl@WUi-Ge_B6k2nBQ{k{E*ZSt+*bku2hjLqB-CYqT#XOaN=V`DnR!fyCh
z-pj`Q$c-do_XgUDCzkQ9Hos(}m+x^JEo)}ZP-zrAO*_(jFO-ql!aB=)V<6qVdB-{C
z3YBXZP}x3xb=LH@^Lk}V)}YBnf4pO{Y=05AuID%Ifn5;dHJfT)&^*N0PP)Npq?qo6
z!`jUn*1BZd?GHOU)nIaDnW;n{|91W>*}tN78^$H!+KBAmhAMOs!|&EsLBW&8Cwt+L
zT!B&Q1FKSSZ<_3|>owt?EVQ8J
zo`nYbY$XrqNRDf4%|@GJIw$J6N=-c2*7?GX43Gb?A5hls+K+DBs#PSS+|NcH0g}f^
zJt&WqLA7pDxik1|0zYkxsRun83#=m1(5(2hz=O^N`yS3M&8hGGIHCa*lp30V(y3kf7l(H;ruVI*|
zc}~keVD?*lYZm@}N0SZS<5FD_2dge-|B7!#weH_-cb!wy)vOIaU-Eul-S`OlGN@)m
zqu43}R}5P%aaz3~S48{{+r$%Y*!EZA(W?of7&WHW8Prqr#ku16DptIc`|C}T=J;j{
z7z4Tjda`RCwcMUnLXaH(W8x}`UW~6)tBd*?2S_4&&l6?P`cX}klnXDw^tztK%KNF^
zl3jey`w{rVW2}B3!)LI4do3cXj3)}rCHxD6PnX8zHbr8Ccd=j1<%d_3Cx0I804I9o
zvGn%tLZ^{Gerw^IN=51C^YY`Qz4R*gE9Uc!#ta~Lp4&DEzM3hNk<7en8&numCXy5hLDUdDUo|hC
zrKW<%?xxwuZV0~wc<}=v{(r^mg(CgHDd9w$&?wPLM|?L}Rt~pMeAGv>~{!35vm&qv!rW8E|$#+m1G_wyiSB_So3>O-c
zG}YlsVf!F-1>7W$;qnyJI0kr0)%8%!VrE>HF*8)zM3Jg)mS=EV)ws
zdqy>ARWpwecd@_d@4&OH4Eg>_9uan9-o9BMK_Cd!F-vrWnR_K*4YR`?&<=d%HFV35MR!Maweods6>iLl!xs`fmsU)#(=#>>x
z!)a-LM){a2Vp;e#4-5cmhOloyk{5I`CAocb%tP^Dc!IP!`aCv8Wb-fA&|iKmeO}kK
z-AqPsDBoz;I<4|3*YnNHa5&ICB(TO#y0
z3|x%g+GsQR&eK>H$9=C$8s2;6@K5Y`Gp}}I|4ZQnm3|PUQUQMiTCx=E0Q*K2`hTE9
z!bzg7c?m8b{%h>ZP1JY}4(0F0x24oJ!($Lj3-~_FT6ZvB5*)rdeH%3@nLCyK^-$t&
zEvtC#D}FoW)ju7@T`XL>I9{td{VME$oz?K{1dY=T?Zo9%YJ8}Y5H(7I1>ALg#r6UKnV
zhRSp2maZ&oFByA1gI4Pg^dzb@rrZmaHF2w)m%^
zHXGfaCy(-N0>U3AJYrxLpX?rrUf$)_9KHNvX>`!=k9PELf>3$(SDdJ&Dh!!e0jaR!>Np9t?G|>VHGf_hU6N>fZj0^C+n5$JlFN*-!Z#?p)_;>`p
zyqEhQN#SY$q7$(1A#>v-#3-ksW?N)TSB_(^THV&LsJ2o^aLHn9UibJ~LwiTvO5=uu
zw9HPc$5;li7D6}P^V3k;P-xh7E2qdpmMZty1?4+Ql;=7qbw|Js$cUvw-SyEzL1PGb
zB`5rbDLc8VMn9$4=OGL03ph3~OL=4>IX6GPG$Q%+Y$mj>qXL$1zwjs>R4u6-jaB$1
zMTM_;IsrY8McmV8jvZ?6uS^86eXu)VnbUX!-l0^;X6JjqsrJVx)xh+gHIBm2_cv_(
zvxUl~x{XTn+7{&8cF%{QFVLMz_&|9#QnzCOqOOPm$cK1CsJm&e+`*ZeO6WKVVO5jw
z74b9o=tku{!_wLjDBT!cu9eaf`C++1d-Q)lAvj?M~1UqS2oE@L^g&qCe
z$IrMgxZ82&kTUn=~l9
z_fwO^t*!*r&+W4w=~SERcgj6N@!A5+&T=%D0cHIoU=Ety0eyTdBGGyjH)2p)GL5%0
z9fde!N~SODUr1-dSWyS_x<{xVB?+KUOeAv_PJ!K56VglJ7Q<}-8RcCa(`upmDt#j#ybN54CNz+WzkVu3}F=!au(+~JGD!2
zf^WGPl7$2dk5!y8r!lQ_T?JI^s~FK)Ep|E4%|r8iu=h`;!yB9E*D@#zN4lbA@k5#I
zk!bp@MduCDJGLXD8&cfEfZ}tWW$q$BO?xmw9G)Pm~pfLu`USL
zqd?Sbr%Yi$l#}?QAuFLQ52X(0E(BIa7!?U*l!zY=Xlt`N6BKSPHLuxNpqW=GdjPSt
z+)o5S8SE{#*~&KrIFG_0{{-5>@tu0)*TO3%4UBr>RLqeOg|*=x-W*_c_#qD@{*
z*qsotG5%P}fN$TbC>d9X~#FdB%AFIf0-m7g_wu8;hqb#r>88uX5ZuupNTKSUR+h2
zLIfY0FC;ZQ=poEvi#cNpX?v{9!}09$I
zD!=`%jpuocANuv-6-3l7DUs6qVt)Fc{(X>K{%}+H2R*kvD+aqW<+y`5h`*V3(Tb_MUfzP25F{6xLv=AOcsA30BbgM*wdchM>cer;vow-Xtk
zej@Pt5wPV#+BMU4!MmBMC>6gv*Va|-kY7E*X~)+{F`e$Sx90eQ&3jDyZ)+h?Z;7)#
zy{659tY{-I{(e+fiU8IDdBz7O#AEis#}{jVeT+U&jcT|jU5|Bze_12+!{|`p9=X-!
zD#8>;@a-d0a;wy2i*eDUj+K*!1Y^&u1-
zN%nb1$J`)~=#O(p=mb}tX6ucS<0Ck*KF$E@5x`$d>CeNCKM*;*%m@KAhYl_T
zqYQPtT7eEVm~xlP$S81yYqP}XUA^_m9NboGXM_2=Lb7Y?f)-w12jSE&L_j%XH)g;K
zi*F}o`K0RyphboM{t9MtZ)6zf^S+qVkYAd4|K+!F1F8j$BMH}wK~Ii-f!@YV_)ZlO
zrtOD308?+Qtey8*uw>R(Lcgq|FTvdh`4z6b~Fn)bF&xLxMI241d-sc$&F&&S#G
ztsw2jMX@Ugacl!{`WwXF4?6RH68XlTC2zuWG9esIqDl81$`=tQ840`N
zeNpHr3Y_tuX#a4EAGHotYKkc=dP7rK8b~{(C@9gNh28vJ+s!=M#Z8WJp_(`8Wpy7-
z7(xYaqYHnJgQ+T|Aj$7jV-h#MxDA3c)J7+fweK;ir9sG;)Z(oid`2q!KS9^mOt=Ns
z`Wu*3uMnx_p#`nEX#9(JYQBna2JXXW%!H62eW>6ph-pnWO`B19p@gteDqlpcgdJKB
zjJ6=_n><86D-I14_}a8Rn<}l!jvT0G#y27CEO@-D)to6;C?;F1!Z2yq^&nlaptS|9
zKHbIzAJap78VVn8@C5Vc1lCX3*TyFy87pt^J3?{U(9f_{>`Uy(Ed47R1(@*^8CdUqtB>nWtxlX}CwGqUEB7G!MZbTt
zhs@Gv(eA*l)(Xd70q(Wa-*ZL%^8FWPP{@cGZ(|6(!+P;uLX+|*)i)+TB*!!(E_ut4
zW!y7P%hNL&Xs^-M(39NC{5a?rVVy=8FG0{qcmBidA>QnT6S)~|Jz-IqiSxnW&B8CV
zTi3)-wFGWNwc%CcaGi=_sSi@MkY*SgYA^-3)){4KDOohIVxhHQwT0ohtg37Hv;gu_BXZ-_HR$ogKrb
zu_eWYIR{1VpbD(B`Y|Nz^{IbiM0ay&BEDO85>)(94+ZbA!I7@PL#gpxUY~7y(I8%IfyplwxJD6
z4x?X9?moi{LV2k1=`K$t($P~CmT;x
zS?*`F_O#cLN)9*v^}~!W2Tw$`fzt0W;%GnOMC-C1pyKACX87$s|K4Hy+XLvYqAxw*
zckVr~RxPJz?TsI=UFCOW&n&8#56?ZBxk`DCk&QZ2nF)iP0S_~K0=_NOokscYf+H$D
zTqQ;G45RN~8xMsg?$`n<`Sukv1Xn5!qG^?VwcZ1YnDN9E6i;r;f7
zafou+b~q%RM@}x=&L=Z_0wdxCjrglp3L$r)imOJe)r+|YZE2GNk
z2S7Mi`Q&H<*+p+NclzZ4Gw=;c>ZtWVW}XDo!~gl{NU2^4?)Ia%#Xh_0mH&!+)*6`j
z*LSQLyKK~Et+rDsyuv>N65RURt8G96@fut{+iyWR3a7iMoQR2o0g1FU^enM_>Zx4O
zVg|59VjO^0bRYarDEaz<+?8?Flv75i&>p7RgVniw$-F8eW-hd8xvxqhMK1GJbw6Ok2oqg(Kq@v11#2OUBl
zipng1AgXikx)+6eb}A-3siktF!Du$YE5J*@!6G4?^6Gan%r)uiZ;YrcIg-d_n>K+k
z$sre6+m;RCuI>CV7&wc(lx;ayGe*dl6NWz0q6#Ok)3
zq=V&aWd)i>W2X0_+$`i#EGyVHt~zy}rBA&yNVXALI3tcD{Z|Bq>%P3SOY&NfUa1p<7E`A{DtB
zyQN=T@X-L#2*GxVGn0$rKHkFc3`gc96NMN26xO)A
zk>{A?1&;~qze3AY^!^1}wDsO~h>mP?*()n<_!?y!eOg_~Y1NEm$z2rWVQj-OO)9=%>0)zluiH;EsZ-QF;w2#z9P77
zhm>XQVigVTOPKf;7WBi*rhUP1G3rxBR{wt%k~=o@&!<=xR98$H@H?1cK0$pejUKzY
z=lsD<)OUQToexK>P7PvjJkI!fIwepC!7Zkg7<+EzftRCNkeeij6w6TAM95Z9i~1$|
zoTOkS60$)0tEWL~AX{9QovHI&E9gvTsmC#o{Mr(R`xOgU{%+tflD$Tq0QS2cHyvHM
zA?JKE(J!PrmTPfGFfe9KmgS3%z^^}x@UpYJfg6AXp)A!uqKaT;5hI@YvRyi<%F~Lb
z8FjHt@CyBna(+44{}PjW`;*N;lW^Nx?V_=XM%gaKQh-LR2p3A}=g!X7LgY>}J;(G0
zNRR9ebOsj0C#N5DwR>AgJGzS6Yy*dCGc3-rP9AJ`@(&C4PaPjdg7oUbbJTrVcZ|cy
zHeSTQcABLB62<}anX*HoZ~#fmxu+XAppFz(xhTna{ZdbqOAVZkY6>k$jRam;*`K91
zG>^6Nn6)>jU6#XPs47GW;_Wziwhn?cl9F0r7{Co9kb!t7Li7x=KkNE>*gLJ!+aiI_
z3N;4!=2Ux8U4I)dmMlYpKM7+iFya4XB{cGRTs_gb@jtlv&qRu<6nd+zFI>Osz@}BF
zs7raPwKRzaZy(p9GLiZ4*9u5oc;b5^W%p^={V*X~*A-{TrlF8Vp%W0wQ|!r=jbhF0
z8)#K`1t53@Yrr{L(N4;e=H8L$J7iqi*SnMCWe09RjR)Wd&3G|YFYA(Vsl+`gMpRP*(PGL}sfP6We|7RORX5|E(
zm$i`R`I;aLPzv}ev7dK1u&DY(7kFlkWi)lgUpIRU=c~tEUVq%>QK4S27qH!|frFhW
z-?|HsO}c^!|AvzZ%bxrvG>bz29k`3~8n_|=3vBOzGp(|g^fDlju*@E{r(ZqOguK`V
z%6DHSew1t`Y+NdSG2+E9YfNjfZUR@k^3s5XMi(4a`wn>#8&mpcJCHm>loL|O7d5w8
zV`%hVeVCUazP8cAT<+eNMmx!*22{ETjWn6NP$+KM5RcX9aK-L^p&yh3x8vQCM>XaK
z_x{lrx$3z$j_V(9j;=}RxrfP%4?dfya-jsjE??vPqeF6GD!tevlBC|I97wCqa*qpt
z6>}xP*x#Xxqvaz?b@%kn9?|;>aP)}dpL`az!ahFdlQ^tlaUjw+6z3Wfb9Bmc)VA(;
z)cO6g6#j?18b`1@A|u;!T$!91M2k&yQQLfJXHHclnfReF+9#`=-`IlMsHp<71T`Um
zRg(!ttYy`E-f`qD)C0+^M;)$}Dpx88$45|im%EA1%#q#^3!_d`Y?FJQeDOLaQf;wo
zrkMR^Vs0pZ9FaB8s3#|(ExfnHoEeZZThx>x%7>~O-hPcu;0i>#nAE2Ib!+ae(s$$i
z_GZ82snkhv_44|bM(-zzOv1q!j=!TNZA<#rmAYrYT4a4fp+2&Up>-k
zgm`l=V>)8_YK3EqX-27Z9u5BITmruO9tmDhzxd&g_o`o!rhzzNu`zPE+^8`!oxa7Moj1@Y|YFT&J&IqEvx|tFrYV&01Cs$Y^`v?rC60
zOVVV$G_ZsEBQ}{3e3@}ok9@PK{v)n1&BBZ^WdSl-UBlWv1BT>nwc;vimbI0eCe$PO
zjM~os&Gj7fX8aF`cA$O5cUZU
z`f4(wS4dd@vxv`=R89yF`P7EzDBKmlUCIgYMoqCE^-?d_l+i@$LA1T$X-2kWAkrsz
zxApZb^$=G*p35xFlwetu&bdCb
z8r{eVkFg8DJ#}h075c>R{Bp;OwfQO5AEOyC*V?j=FK-!n@d;*=kab0E>5ew#e~f+k
zKa}tHf07hsO_F6^El5J8!eFM7Bt@lHDlwHxMaDjsSqRz6RFs67N~KrsZoICTmgdwI->-6UA*nA&x@~{CHz-mBipWPPx^zn
zx?`TP(|bko_89%1dn4r4lBN1Ev>(gui>gb1t+?!u?0Etb5$M3Jk_a$KuHn88g1}Z>
z=I8sP-hPe+`Oio+iLR5Qwoc9Yb+TYbNAt3+Vd+s1r
z|EBHgp$?vwlo{3{wd2OM%sfM~JCf78$NrRVHLNoTM^7?7>bYJ=7Y2BWurE;7ZZCz(
zj9;KqQy6hun{UN${lQ{TdRjPA
zp$YpSPlWLCbE9>I37McT{Tos+oVlCG3zIUMxLhb)%j#&ux4L$-r<{+np8$8_dmG+n
zPX?7zrElsSUchx4^cPu~fy(bQ@7>K-yHK2w|6xQ&=gDpIKxx=mFzQI+PiQkd$Of3~
zr(IQex@aSp1MI{n7mpwHJ=_6H5a;wKd~@FBvvx&Uq#TJ(6&p!@`27M5SM{7lrFyXb
z_N;-*pozht%{PlVO58g&*qJl5^M5>EwVqpDVDx*msLSw_dtFW`?*{u-`O(+qNe@0v
zMSp#RsQT`9Z_4-MlkW%5SbBc3c(;A<;mDrTAs&Nz)cxOLTOz4b1=2)Hmpt2nz?LD}
z*(b**M
z{$aqA_ui7$77Tb;tIjvD4px3Jfg{A7okbM(!9Q?1=vC!kf4C>BcU2g!bdXU$Yn1N-
z@8d(>L2G3TKkC(Q?r9aiu9GcyNS#PJS%9+&`lTFO=}^@#RIL`${-H(14H@uUpWSlp
zNNn?|k+B%JpubZShUT7fb^k`)4&3U?wzCrm$Sd;moXjc}IzBAN`J%_ej~nCY8Af=o
zkB}P!Yg;=Wl1&$g16;uEz1;FVK=`-E3ddKqJeMWub-m(G8yf3rdF
zg6}rL*Kh0ZZBIyOZ&ePrnQ-89wjGLDYtm^Z2cm$P_wO?}S2QX;y
z@0kn#z1uwf%<%3<@u%m+f<%a-*mUu{I$7Cu2p@20(go4TQum*es1{hx+Tr>w{IL7Li2kh8%D1Jc|D6abjHZ4!v9@)LjdGy>71>5K`
zNoQ8`+KakJ=m$)C%QO76bEib@EdpM;#964;j8@|eZHIdsV)3)Trvd$+Mr+0`42%N&m+?5Pk{(bi?
zXeeHi|3?-<*(0PypQV6LlKng>c(`o?F_AB=e2U}N{N2&ekiArzxAa9Oo(q#;0zE;Q
z!uK9Dk6GW^6L9n)mo*4}7gR=D-t%^__5^hAv1!740(RZ(0aWz5Dill_pT}vcasks2
z!NpQSBH{xZQZ-U*paI(&{ILb`Na~N-FzK)YyUM+pOa1uCf
zIN^8x@ce3EzWg+Q?9sv=)K$8TV#o^RYyGhhyDzkwY!+TO(|<&9`ci)b)S*Fdr0nu8eZ4s*~98*h$XTCRKQA(r_5R2NG;f2vC*(4QqJ`P0dLro4+V
z=+5{e0_KSeZ4iC}@-`*m;F6(yHUAoE#X9~zA>bsWURADZ%6me-x{XF!?joPZ{Z`@r
zfGn?GxMz496Qk}TT)p7j2Xw2Afn`y~$Jqc)n~vb6z9S@L4rTe&(`q^fm7e<3Tea7?qY^fzF;pRFazU
zS5aw$6{KeRHM#v$&`netv7FSLn06G#bZc6!diBWg}Q`)$o!Tk@qM=1AP_XHYHQrtGWucSD4E&#CK;xaCiexe~`&K$G!T15hH?
z%oyGWr9elr-@+*Dpm2vci0IM^JuUKB68b(`nKxFfL(^Pw{sA%Wy#FC^vh=m+PI7}W
zrBk{$w|<5HGDmDig{k2_@l1F}!vmqVt9;IiuJiV!(bwR<%n(*#&(9b0V1*~}i83=8
zF7WnXesD(Q=(^(g-`7a%!R?y~aW07B!sR+7yIiUvJ1ICBrWuyx
zvzn|ss!D5|Sj|e@LhoONhE_MgAIu29-*+ZIi5O}^k8pq;j`PZP@qx##ZLArwE
zR{rii_td2N?k;9BtsaCfi$%Xw$?x
z!RyxGsD=eMIZm~R{ga~HJL*eqg8LKC&W`L2m!23G-6lM5c6m~rBHb9ST5o{Vs77CU
z@PQT8RQ$75+51Lj$lj?d%WmK;T{P#H}|igmgeEH(NgBqEYzWb~$i
zJHe{bp;H7m(6%8DW}xH+ujTkh=kVPv*166GX2aSF>J7PxN*HB(;7|G5YGdS{dBSRk
zy`;~Y>}i<}T{=$nVIVC#6JlK1DWx${idoXRIr<;%iN((w_66pp)HRj3)jAPyHp}p2
ze2>`Zx(QNeH0nzz%!e0c^BC#eVMO=$)gN)ih*0;(aCrKj1=vD*e9+MLeUv+E?9^By
zkeWkd0BSEq9dEcTrdi?!Jvz5xEsSEKxws}=xNAHC(J9wntg%hYQ3uDlKRTpaZ*{h(
zg)oN|!QD{DYp#sprz>*QBF*Ydz+W;WNdZ5>yi%2g>o(ODo-1%fva>@cT5;q%2JF_=
zVHQM6i*symDwX&q!vCFqM7;(lcu3ojq#Oat?Ypq}_nouRwEGPc?q3Px{QL4@xB3E>
zQPy|jPSIS!3BH;QM3Kyf
z>9tODN_kkbfJBkmZBcL1u7q~*P}E&?ea4F2KJ+#^!3hTof~*C|Zlj|ago+8^c<4p(+aFX}1h&lb0j?_2vljt%KFB$&P^)C0~MpbbVOM
z#8#>O)3}ok)F(kj?s=V?Tg5u#UGlz8hTwQ-?9$eJ!{}<$gBxDOPF~qgJ!>Dm+oLl!
z`uT)QX0+ZJOizS~g_rzsaz;x`t3!}%PBpA+CvAgtCV30?u^pwOJsGboBIex+CvhJ;
z>qw9Oiu#gk+E~P0gl9ms(9vJk~Debw?KMPH8}!4+l@g!>`Hjw6?_Keo_v$
zY?n~)4*awTTwh$;SQUSp{6hOrxp$`fH)lhZf2gh!xTPy!m#c!Itq~qBT`N{(PVoH4
z;|xB;=EXaWt18T;HO<>O3svFqUyhml_QqT-{-!qsSv^zY_*UHyTU_tv2^yebH(EFQV
zUgy>oAT0Z$AMK}1Wl~eR%ouUqTw$AdUFR=#`J^){M@}xD2eA@we2y|6S1yz3au({X
z#R|rhFUV*KzGBN`U7IPoQ7pB&PA^d#Z8$Q(0yQnLZ#K+Dj(t1(Jc!Wbm_Hn(%YGRb
zPHeVQ8C*FD$&A^Av)>XiWGzP|g=~D9f23phpO}FPxqqJmqcrZ+#&?u8z!E7azoHCA2-Hzy~4
ze-jXdtSMN49foQvjfx`6eZB$^j85UjqgBel+((Vp-
zV+xwa7)Z+NRih=mXN-}=b1Yk>gYuUVn+8?qtYS&^2w#CLdEGp@S-TR@fVL^DC9EMp
zwU6XuBJ&gJgiBS7()Tg6+R&@3^^2&TU5;H2jqy-c!ZhfWBE_(S@1z@HNntluVQ-TC
z3_KRTtzGzL$F=WZLb?w8XX(xBmlMa%d3Ays4m8!u`xe#xV!A+;
zS?F61?4lj=iXXyNiwDtPGX!Z9H4yKW#49@3!^{(-C?d==EVaP~rkvXSZ)
z(5cZR1)*_lU+ZA&b(rSpSr6nk$cHFbHrBjsV>@KG;OB)3Zi2e9RK|oL8Q8EA{PN$T
z6z(dA#_Y2>+zR=gPcK*|L5aKyo}gpfOmO6vH?AvYS*(D=Na#{f<0JRh;w^)HP0Q~t
zRL~0A>oekP=YqAW<(neZmk6M&1ZAk>wNyoGghM>yn}4cli!-0S9aY*LSRU*@zxb0~lJihh%|0YnWf
z3G6e{EM{Njo}V{N_On7-MVm<9_1G}lkBq0e)(&G)Bj`jI>XF0^V{b-P=MM+(kO^;e
z#z>y)I%4D8%lfq&N&i*=t5^QbLM@%hn>cj`Gkao`cz!-xebNpcix*(epe)VN)IQeNTR3Bile)sviLhu*$zY?
zkqM4vxiNb*tql|DD-**XTJ86*U%r;}kd?8ML@%_GGQOe9!_SSc9EhuIhWWg4e7o?JA9@YY{{h_Y`h;0M
zsAu1XPRw7}{!uQ<=RDdvL$FpaXl=_h&xore=zJ}U)wA&kx
z7VMb7s|P9%lPB9*d-6nnO(cj%yZ9{6A`O7=Z*K}PyntW!y5Zt;lzb_ZN_WyKXDxgE
zaA)M-$`brmVXQ>#4{Nb)c7*t~Z&RxeFMCLR#(0+{zn{G;EY>_Mt=wVym+13qf}e2r&;
zfeE~y?Tvf*gewpeOtzf^(RPcewSbVdhy!X?VEM7+Vpg`hYY`2yQcPW
z+fnN5xrm2Zmm7DbWt^vG84WhauF~DP+iN!Cd4^k!pY@olhoCNM8kNI3tU&eHQ5uAD
z4uV`)dXV02yUiX4)^wd3W<_2LnXU*r)MNTPXrJ^-*6)dC%ga%a6S&SzqO2E>FdD8l
zlEr}<$JW4K1jrza&*pzd{%nu3pB-oqbwTKYSQ9vSN;d1+AsoFXZl#>>QoE4_QXdu-
z<#0BB(QcC*xJ@#DXvs_PFu0aN=;){3o)B-CeXl+oM;dDH
zwx>!irJF4j_WL5av9E&5zVl^Ufa95zBTJ1}jVbs4kse>`57C)K7PVHYB9Y~f{5QE;
zC3rrL4GKc@Pi>Ga#~o5uXg&>VQxZ=dnPdJ#)$(&jmCMmzJbbjP_((P2b8E0>LX(a$
zWoD#AjGHk{YzbwkDb(`hlB_22n4$z-U!wi+&wR8tk;i+
z{q(~=r#2P{HeFh3d|0G71X2HusyuoNc*eax&FqYlTt}c)Tz$hjsgmo9DUi(QmYGcI
z(dnXqeF)*f7>8ow|(>a
z6O1ssYcCmi-Nk-N!4{zxcG-IaDz5Rx0SHJa3YQOS*f@GmtWV|Rv?{q1X$!aW75yY^
z3S*+#=K)+#5g~fWvul#VDrEV*OH3cq&JLmusl&V#MC;Do1ZzgbNBk&)Sw~1zV_ls2
zdPGtvdtuMgjN3MQxIM^~7yhHmZ;zYMh6uqrVxoyddnU
zV|?+<-!~Y~(ffMDsF7UETuLDYuIy!$*RNfJx;{fXDRH+nyH>YU{RQ5@i>NKcn~dTd
zKmV9DpR`oL$8WzekXG6ljMFHPZ>S8Y`OobZ=%{-l5n{Zb6~>8@%sswDh+pH%kM{QI
z12FA;%7ZS6;0FB;vzC;JQ_}uia_)qX%e%IfANe5DesM~Dj&*B-@
z!*9zAr`R$*v$0rW}6Xjpbt4cH4iPuzD;5xEk^{dhX7*B;0Xwj5ojri
zT%_j(D^wHjDd^FBqnm6WSB1jiGjON)CuLV5o*wf)z(Db`r^~JE+e99-Sj<6&l3_PR
z4jBN5hs_3pL~r>qwdb>9cuj+&ngQfeHUfpp__{`bpL4ckd
zC_4X9Y&(CH;DKOCSI!2)nx6}ufB9QXxpE`tfYNPIig(LXpEWal@;eJUHske>`$g4q
zZ(p9(CcKmAd=}-TXgkw^fmd{`_`%vrPa+{H*h7y&xQRiLB@bcv)+|zT(H~wIb8T$$
zkqbRrl?*}qHFy}}oR^0YsY2C1pl=X)?OsT2H=4XQ<{E7Hh%?$`IE_WyvY(Y?Q7!xY
zUAp~!vn6A!;dqoMapsV;o?{+%8a_QtxcznNzc%u58PO2{voY&P-lFMk1Nsh^NU#i)
zsU8tu8iM{vIlbcSY|-js$&a8{?O%$_^w(=Rx>pTe$KzqL+#+Gl
zl4QuMbK}%kqDau%$V_yO2f3MB5S4!fyK>`uckob&9N9T-uR_269YwZqa=l3>sEKyA
z1vju(EED6q?L|E+=;a1q`M-<$KEvV`;R%O`z#JdFbUTK=71c+YK0%G2MqaNh_xD@u
zYH(XkELcaK^O#%^1(MjSUBw#$ut786u&Hlu`$%??*ZT{
zXLiVV|3_y!yXL#uN(xpJTItMseSwNXARd=xV?%_THnJ|Dv1B0nlTF#Z!A9iBO-I2Cllz)UJ0&P
z@Clo1bD7km(0p=~iw2Z%eCha7LNDg1(56bVzF`*o?~o)s5I$}FecB0M{)dD`CDg^(
z`qN&&E&N;_QFyBM;8RXZgO%S+w461wzYzcLTeknMg;lcyp0(->|8*E7sC`FsBImk2Z)%v@lFJ=rCnE^5cz(N``G7j=b3$vJV)g};dh%MNT46k@ZF`gOQ><@I$ob9c2
z50ekBKmm2q?TT&+-_PFri7dMI^7zJg;GNhu;j8p!@+K^N+Rp`${TGCDZ+9x8txfU6l~m(%;l
z4ngvn6VZOQ*yxfOn>+9l`B<%|H+1C$MeV>)wE7Cmx%$rlz??~bw-W#CjitF_Nu_#tW?VsxK^^W(pEzFJG6E7Q4V)cy9?TaT+od
zJ41rIR6?Qm%|tytZYz-xI?I8ZC#JQN<5n#swFZx_B1xS?k
z%;jO5EK}*Lxv*PeIqzmO9@ZuF7R9zLsVk-m5??qQ_5-?jM@a9@6_iO@pp~MZ@0m&2
z!TZ}h*zC6sh~LMO&Zr-c=WgxQ_YVbl9!vXsv6&TQza`&Z{}WI_Ik&g>n!v2;;XYiz
zEixj%b&DO@Qfkjc2`{5JA&YrY%#voiG>Qg!ty1%4^ENhfBgBRZO{IK&OphtJmB`K`
z-&CD#l)~1)m?~e8)mWMeTMgQzF#4a1+LGAJjS>U7Q{-ejJ;i*}BuvD(O7mrAGku$}
z_kA>=+K?TxNRbB9p-IZgS8PFEjstWS?U3wk53|!iYw&t#7vyo#N##_3m3}UwQK~pS
zXN*i~$Ltatk|xfOd@prklYQ31w7763Vum6Jh5FL=ae
zZa0L4A(6P|2C?TQrf`*K8iHEdR&4zay1Re
z_`IXVPZKzRJS8GB*{Q;fmOwMnq$lpQD4FM<2GXSOM4Hz_?}?xB6xw^p`pU_OydzA1
z`e8*HH(piH)$Ef(-z_^Qs#Y>Wj=hX__}?A!9%Go!c|2sAT^eB%L`|uK!J;qC@D!yI
z66sC?`#NEc_gU659VM4?8HK4B9pxLuC~sf`=*liIF{#=bAQMjoh=}AqL3*U(RY3YA
zJ*BI?0r`%X$kYc-J17AP238U&ChqYd;)GE1H!&N%FJUFZ88A6cFqH3JTHA|(JYVjN
zQ*Px%xE}A(Ia)!<2g*5`2UFAU1X-7KQbh2mfFEnuRRXlSL#>(`#^2x{;Wo>O>wm?Z
z94Z2>SFU6Fz9!@k4QJe3F2mVcjDLt(4GeeLk7i-+dZ8y?N%})k7n8{SiJ)2JSiwNB
z(bRtzuXPmuJEQcQ`}2rb^KIapNoPd_hP)Z(_%goJau3L;TXG5u~p$Qxbn-PBe3EZi2G^;3>T!$KZS3
z;bQ}bMsoo~DIRo4dN0SUC9!vRXb%;aVdjotwe>_u(wtEHmSyAnIEu&R!-OrSEm84(
z-&Nh(e`}qH|9?UV6m4ZXG#k3y6bl(4Y0z7H*z20{&d<58cqpcIDo6!yfZnFuh}dSO
z%{C&v8d;Por34K!QSN{RM_T__JSRKs9yOiKBYgPI?OnGNTJ?qK>q$&|E8UAM;Za)D
z7rTOM)4N&06OIlQZMYQCX4kqlPNMKpFsSp8lvK1Imyk`a1HKy|S4`{3wb_Cr2-ZvK
z8;5n6p;*YR&V$H$DW#g!hopb)
zXEN7ctAvGB3JPv3t1NAM^uJJ47B7A48^{d`dkf({;VT|}&Mo^U$MYVw-a9qqA|!c(
zJkX*efbnq0*M>hbdaF*~BW~3!?Qm_7`B=rw%{M;Bd``+(O#CJw7#K|hL35=9<
ze@CJ9fvuTTby0pcu?Krc+SjEsnCekY{aJp*Y({NJd`C~RdmF|BoeCxMZs
zT)K{-dUBrWH~5xEMUx6*hJyEGfOwBtzY-*hy-0ev*giO-pxVs*4Y?=(_>YziF!9LOVtvhm)40va
zEsrhkhHKDfJ%@##Fc9&k{k4yjUbTcr5h_(P&syf0zbV85bPoQK4l
z5!jH{`6xC@Q#v|wd>(udiQ0R8q+*}Q5E4A$v>uY?qX!JnkYWddw?WSG#kqoHgmC|t
zSV)>~KX)t@H@jsY5K?dK+UsA|Abv
zZmun{ti6ohTTAfwh9&`yOSiEZ!|Ac=33GGG+|~|1U~f>GG72S
z)Kr|&(|&|9O(|9kdfv}!;^I$|kIpfDe2pv*{XlXL^c*?$ZTY|c1AXoYd1_$42m%T2
zIJj@Aoi*=z)m$X9aPNwX1tYIEjA|xxG6N4jTK-HC6k%V6(%FN2>=z<;Eay&_re~ep
zN@Ay94-gcX6xyzZ1%7`4LJ!{$(vE&=
z4$B+6bq)%D^djOIzJQ}>&oIIml&EtuUZ6XdXEKL%1;De3UN%#eGrDwYy#C0*zMsL_
zcA*ehI#v^~LcZqN1fTUu)$YFTI+g7*=<2&tGwPUK{kl$`+yA>nc&rPxsWLbMcau=8
zj>86KaLQO$=47CUFCu0lmo_CVVyv76GrK;8W*eRiI&*Ao`mR^z-?r+S6F_dK9^Fm3
z6KbH2tWdMMgSYeE_|5l4wrAf_`;@cqSL?R?v*uy+k=2`g5t~vSlOhgl=sa}P(V5BE
z#l=bj2EmC9#G~@M!9Xc4k;5BHveT1MkdG~-pE&@dLU@93h%!f88>
zDY|=vY$QK1O7d62w$-&D_^D%Qw%9kz0@_hSk6#DH=gGUH<8`CDF?T|mO0q-A|CI#B
z|LGK$HvJ>SnEP|mQZj-vpwtcHW5dEbq|S>^X%eUU=0$i5?#3ubGa+g4gfopbXFy~>
zPG4ICj844-I$WnkH*2Qr8M8;0fW<5N1hf4=mCQGexv&BGZL*djf6m)RZ
z&Hq@#-FKwr9w_MjENkpJ`F)BI9ozmIjw!aCspG
z{t&-7r@skga-;esl&kY6I6$!>`$Jp)xv3?5AN^{k==<{ohD>dfUxC7--l<^>$LC|7Ch6OlVcws||ZPZu#MG$+e;WLurFNJZV}B&b8-L
z2DG@3n-lNDG|fmqgL@8sZE7$@P0Op`Tet^TM&#}eqKfB`++c2)$R`t!Hev(k?YUpf
zRE1ZPk;)|mVrMBs|LQ!S;ZE@;D(
zESvoCQ#Jn89tr5|vEujm#LJ4~vVLEgfEk`oXb)aIi+MnQGfs^12oHo^6W|USJy~RJ
zk+zY0dodzkNF}X|2t53z5bHR9
z+C5(_T{Bwetpt0;*ZU4Y^W8Hw*OPA0+OqaHmDY)P>Cc>j_H)WwBN3&q-0(u^Uaf1^x=)MrT+B
z&D=F~XIk*$3%Qxg{%vV+XlJ~IQ}_2o?vqv)pW4P5)vxy+xjA%VJa-(>6Lk;xD~>A%
zLD!n8B7_&c>k_(shA%a>_TJ8;`iQ&G-#@ktO1fM>oZ?M_@ju}PxQ`D99lXUf$Kb;3#cbv
zA@zUmDIPB9D7%Q_
z{yPi@>CBfLOb&e}w4>+0(~&U50anj`keShGm(vpe!hNlG9H>eRqkZ!ZY4o5|Co$PG
zbj`pW6Z=*NT8sJ_5lwhdi;R~Wkd9r2O_uU0(b2ojNnq{zlk5Np4=Gan4j=@{9w>s{uXXF!Al6>@MGJ;3DT|=yRD<&@imj8FrRKnAjx0<$r^W
zMSqzgYe2n3pBRJdF;E$AvvUr~n7u+q=hA1_#8p?&ze(*F>%$Sy*S*=iLeXh*!#bD9
zOB&jh_->>wCd+k!(P6t(2+WT%c<<5rboS)0h9B^8B08MgW;IHweN))t|CR>^|0-sb
z1&r4Bc0TiJ7zNKU4Fiyka7D@)hNxR^fjiX5^czte+5|m7-7S6}cq2gK^^#@bH;k^*
zknicG&&;O-Y)sxRVrgFDrefZOIt4K6-UGUcEOy9=Jwor+{?hSIRGNnQG6B2CVkUI-
zVn!s>IZ?p2Dmm*=I^ra=yPSn(RP=1dta9mXgDbE)5pjNGCm7nq<>`b2A7FJn={O~W
zhM5TWQr^bX9XkdPPLhA$kZHpOAq&X#NWt6D9XVK1_KxC+WerKUyj_sZ^KZmoP%y)P
zj9@%$W9%hu-2N&A&eo|2*^Xc=LI$6)uBEjHnSrQvq7nR3uTY0%XlbE
z5P6SGooSf{RYA9tcj8rLU?yg@lCXo}AXwUm@KE*}`4Thm^N+f+=OxJ1nE*%YmZkaR1)(Ut}4sLl1N0{Jc~Kj$G8ML-99K9dM6EKT-jWMk
z!Pj~}67iwm(RFvXqp7#ZSO@P(h)*Ay3r-2%xgd^n;GJU9RcV)bkUW3uP!z;I
zsE=NW{pp-V@>}xi{i$2*^V{ejuq9Kt2|ciLrMH=TC^O23NnS<1Ac|rdt_S)(k#zE6
zq2tiC=&$rjIm;vZWRE9d%=O^+F+x$7%N~iTr9E&!^99f-v54Xx{k5PDO?a`qC7y^|
zD6&sP*ex*g2#xcy&
z*3-pYWIP?-Nhd2
zUBE|7!E{fs>U8mPe1CyDS{+nx9``1yu}HtF*n9M=SL0|MXB~7sdQ{#K3|_EBb6ktL
zx7^s2k36q5*jlK+h+Z8D*Lo3$HjQ(1xXPJ2^dcFw`j4iEgF1Hfmt&iv%g73<{Vev5
zX5g+k_0s;a9?RmUAcid|B6|X%`Bq4i#X4&XUmOAGcP0vi$?2aaUE4McsE$+enJi6=
zflNgiK_Hj^`abAnpQ)aOx!g7Bav~ZH&6U^99Q$phU#ytP%kbV%4DS7S*wPkE{q332
zb0<2IMg-?K6!m@7DGmv|h0`q#w3`6+8YOujjebz#YYpz~&CKpOBr+mb$nea;^+4bF
z`I`PJs9~j@PBE@c#8my{o78i(H-2rgNpI$B-(BEOy#;%~#=mE+!0F1NIV^*owqvDy
z>!qmP*(D8yZn5)ktIfrMGsoP6cY>Wjmy5T6_w`;%^F9@=^}o@q`d>BWGY2rwxbJ61
zCA*dMw3$%D;*Q>rdd1hH=Z=+bD7JZ1X;i$m*D1%l$Kyij)Se!@Xp`{JN)^&6anT2!Y4hi~y(KO{L(zC@y51P`**O)$yJ6zv?~c;je#
z=mB-WPU~$9c2`9!I^Pc8f_fJ4)Gu5sA_+A>37F=&g6R^0ZnOpWE1Or^lb|B&07&>?2(}3vR$Iu`*Txq
zjZ*X4rQpqF4N7kpssi;8(c&MLV9hCWF5|Lh%sTWj5v7T1B}-G%`7|n3-&v6-6SieX
z*gp#Lfp*F1=rHVA!rf2(+QsEFF3H~KqXXS7w}T_17mo$ogWKLj=@q}2`Bp?Bc}9
    YSCo^%-+~u9%+;^ilXEtSd>lJ6r6dftO7;PI@j4GH(4J;*RDys}CNq@yE#d^I3
z+1}@(2VVPb2P<>+b&B!5e6;O^G9&qP@6XGvaY|d0&BM-YIHKG|6Td&+dm3osd?jp9
zbt=zTI?CxM-XBEU0))4tw+u%j?c!1dB-f{dQyWQGCEG~|th{G)Qt-kP!Jg=^?!i;W
zpP>%#=KlTRnyd6Rz*iTq{7obYJ}y%{hV=6jOxtlUhNAAQXDv2UY+r*k$ROEE*A>W0
z6r%uk0*%v~%P!`iM@}t$a>uC3c)?bR8{-Y!6if2D7s%D>jX|Eq>4XTd^q$LqwCdkS
z*p%Eq)`bb~z3|!>38oq^64mZ)w%6uX@nyD*%!WwY`WNWFQ!7~Br!?|hL>Wu0y
z&)2IvhqU(S@|0hAHI-*GL^EZ`GXCB3MHC$_kKa)I@cCB-ti5_DSO_z1ns|d@?H}-Z
zqn`$|1Wz=%N~h$eV5c_%U0FE~YZC;kp|5<3qTc{*0|(G1M`6(%jQu--f3FxGt>Ip}
zr8srw^ASt0XquZ+{yhOXAgvR$A5&JvT5tMqIz{a5jn`AgC!`I=N>nRJW$(w$#k)n7
z?w0EVw}WG5{$%wWw4Nb03kk2t0ij|wUKA-0P$tG|0H;ODpf|$(7aYx}nkh8|>&-cd
zApfb*Ov#IYlf#s(9=z8jKQ56y7u;BRb9AFRMIUJqcaf*YI4GS@tavsw>vVg8u7Qg<
zvlx06lQ~3BFc&Tm*1fD(A1sSzeYbMypBfJIB!h3W-f?(A4voRC;o7nc9_Z3fQElsp
zeVDm4;ZBD#ocE#+eqV8FNmF|Sp(0>dF5aI8n!Om7tx)6g(z*R1l)z5Lv9+U#h~K05`E_Or!mAp~;dq0E#1DkbiRC2Ftmy&P|8aEfaV`D-
zpHGOW5Rz&kB+-y0?II*ZLkOwKEsAdIvRj*!LYJYEs7)7!C`r2Q(mj+`y6Lt{tG2G&
z+G_Xhx9{(t^VrULpYu5HbI$wqe!gDs*X#Mrpk{lL-a0pH9gu4VNB@|!WyboaRiR5q
zn~eG*JJK&SY%Rbyu`>bRrmInFxnQrhH*9YM`jF3O?IV_8*KpxC0MdZsDdg3Fm7Oit
zrnm-Nb0WPFGV{z5?#6aZ9MQV`BU#UfV3MNnd+#v&rt8|UOc
zTP{g)TeViUH`Lbi$-8dEK(^eOsr6h!Xgkg6^rbcLmChtA!wT~ppGV9Z9DXS^J`%t?d@pgMc!{)md{c)ayc(c^5
z2xFcLSsS_gi}v~!y3zYGq68NpC*NVc`i^ND(8Z$InGZ9U;w)u*YpWk-8sJ=zS!`)+
z^J4r8%3+~tjmbmUBGzV|JCX61lu7%e3ay-G2G1lRf-B@}&UJytV)R7j^
zkIPy(rb~5h$4QQpOkZ@96Rpvo$M4c!h==b~Efb34>1%Kwh0;3UYFyj_mJ5g1Py&}x
z*}Y5g7OLd>m-Ll1oPe3;5AZksXVOtaSZ&g_YGv59z3
z&Z87B**@XX{4+ZMqqG+GbMZM@#Bbk;h%1j;W4@LZ4Q|_13Q*c0C3$NA?*@%6w6o7H
z_fChY><-_h20STSmL=B?lqCcEsRo!0>0YeD!(&7I#YWPEQ#uCbmLW{Zv&)%&hBI!>
zjTeHq^EBr36;T2M;)3XDTvC1U51A$3y@Z_hhEtxyR#u9w|ef&mpKRb>V#%=4IExjPSJYH|PdTSJs-n
zs3nRx_mHo+_3_|kp;Fqt6&2EL12btBMyxN0u?Ox&##va%*7V8yK?Bs!b!vj`BWUA+
zD}pJ?o=2ut%ED9@b3za`KX_-lk2eu{|K|u--6SeKJVtFjp}H)kP8*-@+2fb`Q!S5d
z02jn8XJa1eK;*XzXi@#o(?5oy-;&~J191EbzZJ}6xlN_cdvy)W_cXlE?HZ%n(4>>a%GG;X9vA|paCX~rWPN=9A&g@VIEE+=*cF{tBxX%&pw
zH$~B?*u%Gn{u+P=?QSyR<@!?4%DrJPvgf9(Q|BE8rd4qPfKqugI+kadhR_#2W;2Qd
zKz>-_Rq)3GYD1
z%pw%`*@NziX)j?tp(J&9sQsDY4BlsxI2A`J)qZ^TeI2UJGW4Kh*a@ipw_2_j7bT7{1Ue*>lrDd;Hj&
zW&L5Ve2qV!X7g${rG*4|)D0yTz&VT@Hb6F$GY3e7X4YAM$E0-T4z8H-Ax0o`rx}J$
zdE$FNTa8U)6F-JzqkWA4kF-I!CBlDa2DBmJ3cO(!NbJmBHWh}dsdCXcY)XUki7B$m
zw)sNsLg1%T^~k%FDFNjN>0W|v;nZK|&wQbjiEDX064UMVaf&7C+j%^f+Pj
zkIkE={0RpCey-d1(`eNZ*=-6Vs9U-2!UES3MS|dNQPq2cE0Xj+rLb|mDIzEjwbW3ZvD
zOVB^n+iG$Bu-8&ty`VpxL}Pum`b@Ql=5y>;Xg6akIrN0$gYR18S0sZ6y$Bo=CrFlu
zEiXY(nl3+752d7IM`CUPG|ME%9jBM76Y+T%qiVFPL(g3Mkur6+bEmYCcOI`EauR)<
zEN-if*`>JKL{2A_@j1s*17YRMNh2RbQ?c(P0qvvJ*K}$${y8%?9^x`7HaoBUz9da(I$b{@<380~Ef^%&vhFY1NVlMHh-d2ek
zBkY#Ov)pPzBXlhht35Y-cl?7Ar`crOG0ryQ-LuE!%Ct5=2Nm;cf3%lF+jQ2k@Q5lTvP%=sy!K7@(L{E|(nfk2v{Yjx;Ld(x!05Hp_5j4
z->JPWo-2MWE4}yvk{_Y@0Y3p9S&bGG^G=0Tc8ShQ&=
zzH=8nT1BU_Z)|d4$#i6C9`H(1ucxS!ciSLrk_Xl
zk&C6cK%x>4av}#kWT+28rIslBD#_&7?4Yi=Q;^glPN8KX>$VY_f(`(W&|r7@$f%d8
z4v~g(A+c*jVR>=i&JukJm1pOQ^mG1>Q%rufkVKK(TcO{n`h#nx|PXugIGjLQQbhBqICpk5050fT(|EyMD
z^_K1r9oj!O_feJOaWL^jKvwzX$A12^L0jdK!o4~0W_IBU(hs7Bz)^n5jIoAXDAIf*
zs#n{NNh|zjdgnfBCPHN^>P^LiD&iRE0M_$qFnsJS?>(P27mhvL#M^=mdkWCs8nO{T
zpzK0A8-i2q#ZPrnq>RGM)$Nb?CAcEU?aRE$#KiqS
zr4O(ZE_8gF^tbe*T=lh}-mnOAWIpD^LDq4Uwc5r2`dIalv`rITt++V0HejjM?8mv^
z&M)Y3zTk|9bCt3c;*Y3|@Qz~fN8H@Hj$-LY^B+GM?59q&@s~PQ3
zqts!7P73(!?_=24iCrkhMPbQiUwHSx4Cu4CeEOI|OPx6*o|sdB@?!c;0w7_;UA#+9
zvoWE_KI0z!|2>HBddT8-E@UmN_E_6xFQQiFxe!7ufs`?(aoElLloQ(K$A~is2VIaN
zS!>00l-Q0{hUCF^D^8(`zrs?ukPIohpWHtgjy;*oxXo!+c43G7I^gpkBRSTxqscJp
zbXVa)tDqC4|Nim_0$|AX>>vrc<=2*JQpuBWU5$Wro}b$r6G;2sylpo6DGVmDTs
z&*r|>mKa-rL2gQ8cPTBGYkQbL$(@WX$%A!kw$A!_MLHKd#k?Pvpici?=-Z_1bSi;o
zs_t*o6->CjA8cDo>Vr6H>FdD>_LBm;4lrU)iSwY53nrrIfhLn=s!4WlPBF{rz619%
zm*wxEoKMmI5pGSeGK61~MYF9xqH&mY=#L$|+~#DBGurJ_k<-ij+gQ9wG}01{jGalm
z=O#VoNH+)HmK@>dYWX;~FCeMIA178F0@{mSQWgEYXFzu<(-JIs)T0dc&-OU@^Wbcx
zkl088nuQLmn>WuKSA-Tcl(v#*z_^t|w!L#qZeFqQqekU5OPj<7s^$#PSSl>X80|r<
zei8+5a}xPA-mQXH-CRDMZ|kkk$=Ch45;t={S1C`iv*qoIsJ!p>3wtGxp8to|Fn{D?
z5N?4e{d>E>F%VPf=XCD|AJ;usVz+o#j}+oZN<+Py5A6gRH6p>(!~^*HO+Fm^Q4|Bkd2
z2`Sky2rn*ijq^E6611Akn9)q`v_hVQLi-v*Yll1@<}~C#chU$u7v3Dx!mN^
zncC(g*s&u#k7~XO9cn&WJL0_u9c7oJG5I0FIF0{U&)lPm7J986Tn|1m7*|GK3V+>xhAV-cNXuL#?|tOh4Obozj~*q
zovhth@`1^#3C6X$$<;`AGp0hv1lD3`yO3$wz`7#Vi)s(vpc%IuQBG^(+fKV5({SVSCM|hw);i*Vxg~cxh#G7b(zE}i=;{$bJ6@1vPj#Rx|eLa1r7fjhKG&-r?D+-~f1j@5(WDn%sGZcRC%-_@JFmdB;qJ8oUcgUl0)U^c2oh1q|wp`&=Q2d
z+iO9|8@2DYHXPsURMk+~8;#0wjCeuz`_vGGmPpKbhZm4IX(8D8I+p}k{}J_Vnce(u
zU^C`dv=tV!z1&!NL5=7H%rm@zzf{xLWHM`1nPq0bySQJv3iSCxI_}7At6`95R
z-NH7pP4+;|YE0%)H8^igtXm#gHB>@C5A2z?RkbdURKVPUj*var@MOj+*@k+u<|y>H
zFb0dZ2N*%#H3e8yhExBXg#z207o^_pPWj(S)^@xCxmx8l7DO!sH*zI^8G
zJe6LD&m>yL4V;+%c$>LE8(6FvidiVg8k=?dygV~E(Hd7~RIv^$0ccv&bT$^p_ZClM
z9y|13Asitr)jo&+$?vHn#AVJYM%0qdvEB6A}2pvehsXeS-w@(ZbrgBK}3@6nfd?Y&+
z9-|++3N3pKj|o7Tq4^)+^5P?e^uk>wh&*9=O5YvoSGQx%g_fu!U
zoQa`3`oIH+VuJp1p6aC+UVA8oW_QUiJjUO}_!^Pw@DD}Wm9#-2s|L156(&PseCb=Q
z3YbB~timDJi2yEQIW|gv8exO>)SotKA`i-T#sl|4;JK#eBuiOC3PYaA2bw{oE5*AL
z@cfmdDH1D2T=QEDX31c<8x2YT&^N!GIg8R8>Ky16n=4$X+uqK`Y!hJ)R*4X;KT8*Y
z%kn)*;Sx!zBF0!mbJmk6=MS911j;rgn)R;7?Z7q&?KnyLTPom+VnvJ(AeUmM1-Rc~
zrD#KC*`BYp`q&JPX`N~0-|>qHe)q6Z9IqQ#`vWJngR+Rj1Tzx*Y}+2+pfPlLz!xDjlKS1%h&5j$$v=t}Qize*K$LEL^M&b~U8^q@hkow8j_w>qS)o0hEb+fXzQ5U~Da7Yf9aK5O
z3-W*&g4-X24cEj0vRo*-8bEVjCa63wJ{_2qs7qnE(qx)B5%$}$tU!zX9oL%H^;@&u
zn~|qtB>}I
zdj6_7@U~67{|i@21HGkn`i9WMP#a5>Jr{!@)Ksj%zpbo$4`9#u{-rus%edBiJq~TD
zguSwPj_C>z(L@5hKw5;WrP8B(ahH4)*kPFubT>AOaX|m$&&{-`UC9hjrqkae+8HAc
zm91+u^GUdmkB#*8l5VV9T4#FUOV`MdCON+Z;Y)pN@J@WUXVq~hW3;ho+~T~Hr|;RK
z)^jb>To5SzEYAzFut%}?3F1Rx@n$?7d|Fwj{E2dgfBV5CV@f?#b){_UoJ)?Muu359~
zkyh|pSv)N?Ml)EW-p?F8*hWAG?{jBN+8=^do@y?AjXZoL5=5`X7~);6GlBb5hACGe
zOM%jip{I}NZ-$CV1B?VU$YcYfH*vv4N;%z@8UerntY54@1t^{`Gg{%T7jIwWNpEE606ElORC7_g(3IZ
z(dx}Hv#Teqm>=bpBR7I!IU21iaL;(<{wL_$uRaE_trMVvofBsDaLl^7H>jCEeA~<*
z5=LaZA5yII&UK|y_hi(7=WPXX5|&Y3bHeCHgxQG{TjN~N1;VYjm;~NOF?pyX=XrlX
zjaH(aPIJvfoGO2!9YO_KgcZvOzrB=D(n>WE6v+(Sj9%nB*7rWi?-hBTakQh}c;q8u
z-z`3KGc(B`hT0&%Lp)flutu-&RlMt7&Eujz!M*K7Z#}eMPLjmeF}1HDW_PhkTX#HCO#TK-^YQ{Ox@v(;J2P=3}%R5$TLQkQIL5aAtiu
zJ1Be(`C|?4A;*q`DE_NjD0|Ftc+*bUi!I(}uY;Z(9rPqTBA99PbZ`Z~4DK(R*!CS>
zz_b4g{b(!bc2`E+nNXZJBMoqp47H0W0R>|oocsj%Vp6coO9zQVNW-&z33P`?GUe+?
zGi0-nRBvjIv(up!pPbXG1p4f~OyFMC5nW5IDfS7+yO!toMORn1s=hqrnC@^nlwpRA^gyX^(*7w_GMIWc5dr5R5+Q3T1ZHV)a27eU;iDrVWrd
z!&sv8Dkyx;8WyR@A!-gvB8fON#cddUZA?BH`k40i?*I>Ms0FLHlAU9^I)QHR)m~~3
zz6VI{#GeGkNDq^N#h^BELiB`m^xNU#ErYZ6V>S8G^s-m_%=JOe#voJOhVtp#C`kBI
z_EKE4ys11}pZM{f?#LdRZs)9M7caJ0ICT|pruc9sLA3H`kuUrYhJcp>*B6Or
z(gyZg9Sz|H43xiP;(k@|8*XF+RVUSgjvjd*=3x&H1uDN&;RGA09EZOA1wOlMY7MMC
zk~l7OHIYz8?oFAZN590DOJ%43eUwaDL_*4ZTQE)s
zRVsC-h)1_D-Wgoe8Ty7E;i!I+>U5@vCcOHlA{%C<&mavW*ZCPSve#wKW!t5cM^c`n
z&}Ds42YadMuD#5yxT{)^jPVVbimSIrEjMIR8g_#AU!COKwKG*gxrWGyqgR=Nb#|tM
z^GU2deycM1
zOFQh9$pJrZ_y*^dL;t0Q)xoG?z^HGX!{1ot3y8EW_Nc|tub`PtTVd}P0xEafvmPb>
zXRgVyaUcU3PIJ;8X0gXj-!d?YfOe;sXdb-38u`la
z-E@EtMsfDyB;FKM`dW5(vPw9ZpBge+%c?DfHEzX!_SK(qTGcGGmp&jvdo+9hNvii5
zS(U-HZj<=y`V+b-$=r)QcZ*qBYBWRjPU(>1PV4tLtwTbuPEyW9H&RTvO(&ZfyX?QghM
zzgy0oayyf6z^KKbv`9*-g0jw~ahYZBF8+wZd!8Dv()Q;3`xW!-nW#oBRHeobLVxrV
zt2;&E2J=CkTI)^R`4pi^%o4EJmkCxQ)Gk6t#Rl8!
zgEOKuw&9J4?7n40GeowsQCm1V;dNB|`m-o>0p-ul`^MIs4%<}tbzUyp$@8pBW{qjh
zz`sgQnPq6Tdx;V8(SR1!UGId9x>$n{c1~YipzV9H
zsfzJ>r#cTBwb|B^v?4B({9U~$VAhgyf;)kgT=<_kL&NBcW466h^J9?IX0fmlpk2Xa
zi;6idAdR~1vqyo%cLsMU%=BOw4SeuX7*uiFkVyMqH_RQ*AJ2TNyDA}k%RR+5?=!(}cA;gRj2N7ZWx95<8IkqNF3~
zZ#Z3=3TQ}6NgLJnN7Y*cPrt-Y=?VFQZ7tvriOE0&cAY-+%G^y#3bP00IdKBiY~{ln
zU&`<;nCmg5b#mh{s~OZ;zXTfFov8sTvdQ>$F?F5vB#1!Qi$*5<%=QJa7Xav+lC_+_14E7#6^ytW?!ghbr^(JZ
z2nc4;l8sGPUZ#6YP$g&EU_)aQUs`8TZT^6xU?1GvVqukCq#sldpGRI2j_ave)D_=Pry@MGCTM^mDm8KtLih=JRKSkpSR$Gl(B`pMhxSf$+f(olu&ckF4gW
z0yvLK)9Ez`F%u!38E1}QMjNmqQ{@~HR1RcM+!xgPN*?HjAt6wo&;JHr&*
zDHY#7*Y?XZHlTdlC_c&Ffws$5iAHeb(Cz3is0+bF!
zRnm`g8_qcPT$9$k)k@Zq9$hNemKO{%DD^U(aE-~dqvqDR`K|QtXcxZBzv--dvT22;
zEJyPfy+BZs!iD$AEs+U0Dha*)A#aHbBxg>$9fXhNx^(ESZ~sjD$KraFz0npD$^vAL
z!0LqojbNGj-w4n@DqiKw^4%?xjzgNv33MsT`k6?Tw{Sl(0(2PTcb#(J8R%uV-YcNQ
z@Fr>4tgswm5t0WWI^mZr3J(ScXtF1fn<&42Us(M!CPVNFm(Gp5V`KGNeV5XF1MGf?
z;z+|R5Pz%Qv4x0T2-hzUo6^>04t-Ii>OHv;s`Ml26;sKFXQ|CKruI=3Ge4tZTKVBI
zTW`YxfRHs~=Cc5%J;U-)9~xj8Z!zY%c6uLRCd^aT5i55*3mZcSRi6*F3GVI3-_~C(
zg~YlSS}>_rwGo7{9m(SK-m
zS??=AuwatF+e`2}w@JCGnq3Ca8qw;wLrb1VNBC|;*;?zLEwa)_0~Qfu2b|x3a{cUq
zoHwnL*50Q@K`9e7gS$NA8&HhiT$3^|-hDzsz2~6i1yK}TQ#I4t9=e0ea=pu@6Z>AF
zq<>;(stvcb)!YaBPh9KSB)l@hDG<=>0M7D;%ghZu^Qpe*+VnF
zSxXu9_peH?SVVA5ket|7#78iq*cPH*h89tuPXq`
z&Cd{inRVh&myipKVOA?{QYRDq?Ts2VW%#Tw}K1EcDL2WZ$Y$4_cup$C+8rTbvl
z_@UB4SL2I6Y1%DF+d&!-8gIki?@2RI_Fb-Go=eh>5r%G5E+7VFyoic)0sZ|YS}j{$
zY7$A&$rz5--?x}VzK$x}K!h498)C^*l|x?Psoy#zU%XaZ?XPvPd4E%lavAk?@{mfQ
z30A~+Vm?(k+;>o*F@oIrF)={c2ptUa1|RzxynCP}B)%7g{k@bH*Fr^Xwf><0`<8UY
zPJllz$?IHEhH%B;7##LSbF*1j((ISee2{!oGy8J9`rS>YBv$UwE;18>ZwD-8+=4`|
z1lXQ9;diSbUbFXw^p^Bqz4Z-CXm~Q}>honE*Y#G<+C@+c5z8hWy6As`(6w(kQB1@}
z&CT27Eg|<8fqcf14#0a9(T3)r4x29&k8|Icksn27wsL4$rI3HBxxCKw(S^Kavfub#?hKX?%9aX6xj)FE`$
zZNriMrBD+;o`{rsQ#A#So<82cc6v(?7mxgrt|-7$7cx%&m1;JDNXLJv)FHQ_<4Dsf
z>_S39s`N+vr?WpaSuaG#INQgTQ{d)KQLdy%1Jsp``BN4L=S7IG<2)DKzcIKF8*`H8
zwX783eX^(7{t=J8Kjb9goBT0%?uX_!wnTxC>#NLA_%mbD#*00EsT6)<6WYTB%|;O7
z#>pP_#VmDI`e!L5cuwfhT==z=c>ouDphpYz`5T^Xd-Y@3`>-|Yu+*^&W9&)ZoorO+
zgqD+@oXIR#TpmRd1za29Pws|*c{5gC*qB`@g3eX$f`@${wJ8`OPB^fi>z_jd@cX#$
zc1)A&*;zZLdru&#WEf#A`=M#Trw*r!D3nGx4WQ%qDTD3G==7&J5|81DEafp4A|r}2
zofZQ{NadapZzLn`LYLp*9_dJR+`_(C&_Z{#UE-MAP}_
zV4+H{zv$%vB9nX*jQS$4Jj|^*R;mZws8Im`m$P0(YIa>TW;ipgH1q3q62S)$WUzED
z{d4(L2~Ss$vC?V2-eL0GUc!Ov^Z$D%)IXPGX|`GVk^40FPR<%vn`=*>?9of&Wc8j4
zxBuKA0qzO*S2+NPm~K&IGa3@)(GvFFKO;z|t3)^Vz-Jdu%MT-O7d2&NjRpA8gD%{-
zPdkyF>#A*#Xxk4UO1tat=6>g4*d5Yr&GiZKs!px#R^)6GZ#YXw8ne=xR%I6T;9{2Okd?Tpr0wP0%w;zgUtYR^C|2El;Dnj?u3cUv
znjc5bY!p=Dt(q~pIsYI-u1G+zvjS%7V2^Z43Q{2?`}cVZgRN23)0n1xt%qQ)GAzg>qQs)IN#
zV4Mx(4~h|kqkI{N-)oFE1UQ4!QSC0mJBeq;T&p?bGr6sCwD^EFgIn0}x<%EArBJa58B2)C=z8+2f8d)U3PMLw*hx2WY!DvK#(
zoZ6~+k&8FrH}!S78L&eWUJRBRH20njX-V<^1TCDdypa2u1-XGsNbOB47gNAafRoI+
zLX&$$^OJ)Z2GKlzHBb5qcWgUPX7mry*0+dm?;Ny|bDl{CWa6t6xV2
zD`TJ!c*WhwZro;pI{1sWNT>pTw>sF=C!G3rX1-%d{f*)v%7&mQT#+d7Q{S&U7}{!L
zr5lSoCnIH%)w;E71!{xU%UW}=+Qh_JI^9^9!k7N(lzm+W_;^+$Iy!G?)msr3Zi|X>
zoPZf4zaLYZ83CnJnRSIAzq2Qq@1=u{@4C#V8^%hFYdgK|@RY8$t+uSCgo}ycaMm_%
z?+$#g3^ZDu(i{ImAgPpJE>sPi^D#b)J86c~97TB}=M`sW6>X1n12x#hsi|HZncM2q
z@}~`(lIXzhSll06*lL6|4ik`@LJYPF_@1SRpzV{!9xa!6l+y!p>oMcOSqtJ<^rbbw
zAw$Qw(edA`6gxmM0o%FE@;{`q+>!37?WL58Gh=jAA%l0gFF?l^nbnC_lI3FT_DLbD
z&Kj5)o?3A_n^(8XFEX{%Q+91TDp=jFv$%ACA>m6X>YDAvjBaXm83pYYG{QOK)GixkqyA?mZRsfUMe#H^Dr*NT
zNpQNZja0^p)S-+Xf!iL?H@kEd>1^8ifSy3gu15huju0K|7;ijiTNvx1lqxe*zBD01vHd-Y}uZ#Km?L1BtR2*1J_u>BaYLfDiH}pU;4}+jL
zzKXwzQoU~BsLuY%IImm2L2vqiuXl(i3GC-y7R6fV?>6wKPvO4Ymf5H-&w^X&QCHtp
z?;OAP`PB4vyOzU8c-cYrtJeB2`G8!!cJ2Alk0{&fGnd1j23`oX@S1)2B*F2*dC#nK
zSI)lv@-!;h*Qfpa>Gx&YSB!!643~McpLDt?Ihw|DqRVmRQsuTCGd>?lb}L@PN$KIS
zEz%kDr|1KY58E6YRy@ej?4wuyD`M}m@NX-j6Vj*8NkgSC+^LfJN#i@y0*w`?LXyDO->@e0$4NEI|IF1-FL}(nXRaz%
zYxHl2S56dA9Gs1^7c;yR9*G?0`n8!=hDR*k{0d_q3-uP&)<0uhd_PkjPrE2DwE%rm
z*)AkxHO}|ON-tuKi9Vl*n85W+>;4m~`Vo_f?M9gO-wAzlo16(v0yU7`L0mGOKet#4
z7l;;24I0i2@6^t=fqh(C*vM0obp3Y-e7g!qD1Mhe$9kC?Z-8{Xy+Ypp}{S0VoG2pnv
zb}R1f4woeD~W8NgR$U^JVsWT{Z5Wr9EBo+8vwqxZ+?^a|tWX^v^J|d%;ZGu&n3yf!Sl}
znh8z?`FO@8n*ZiJw%QQ1EmJP!{1g29tSN_B%nA23Q*9D%kR%^mrQ-BMf`=`j(Otry
zrGSvbxPGHha_d|5=eX^wF)lC3eo&D<4kuNd*sY+}UpzEx>ct%ZXp
z30Ae(To>d`E4tK=-L@*#JEk^Yv!Yq(x0Ow(5-+`2KQ`%PUGw+7ByK%E5r;}>Z
zo;%ui2BU$m|4eJ&cGX*G{3dF+ysw(xRTWmJVu1HojJW*a2=bOAiNj$_X4dw-pJ61@
zj>{eND3|1=D=1g`;EMqluzJJ+AF%XQtODAkcFWm>YFjdj-~X^0E{={c0ts_m#UE3*
z^^2Dg0`jb&#zklYSdh!b6vO0Qb=
z7s|ZcM3GZjH}Gbk(Xuz+2zUQ#b-V=3UtB^y&Tk!Fk@cNKJ0@FC@P3Q?T>t>={>3=S
zSxB&YCVo=adFl#7S2g*JExPfT1V3JREbF`972sUfy}t)WNFVU!i6_LgsF&GXhr7@s
z7o_A$+E`o|I~bPM(-~YY#90vzaL>Mz;cI-`;mE~$bzG#gMfAx3SU;)NsLyaCGs|$YBA|ChdgtRIAmhWKidmYe`{kjo6JEA^q4}m-V^zF#ne99dghDYT$
z5HZ=bbV*d+Z%=3BDM+(CQ1}nqV`Vr@1a}L%j*y-)!ZiCT@{#W5TK_O-jq%q#uv$ze
zrCGn$vN5fuo*mv6MoB?_Yv5imeO>1Mw6
z4-a8tS6eT~!Wskrg{7-uZ==QX!Qb9LvVjgCp^DmV*lLNW-HEf%p#}q-
zla<(sm`7fCPl2UNX_?K3_d@rMYu-6sBdc4C)P#^y8U1$wBELGf7~hzS>e1iS+9~q8
znZsG0Ubtb-Ix4juhjf&3b#%a7(SWeN!;AggcTj`Zi)O`=?r5joH$$d&-(``PBiCG=
z)khl?@3XbC^*lhdQ=Zg|7wo?qGp2dIS0F_0tXMXqu^QgZ^f0JEJm6w~{Bw?vvPZGm
z8pf$BA=rq55&gr2B~=E4rjFxSQP6dsd2-V3kp7J-_q5sb(T_>ctO(MHvh+!t85YzO
z_qRa(O)x^u-hX#+U?T%u&wVN$#;2VSOQKHf^>efZ<}I%fd_EyXzEjQ=bFUmlk{5f2YI4h6k|v2aosNnJ|SqmIDe8PFT@w5!_|OB>nhJoqJN1Lcr6hGH>y
z@xK_!hNNN6F_D(O^B_z?`zP=}J9uFG=&aA0L_!jY9nRE_Y`^TyQ{2ngDPEOCODg*H
z0{?hExuWZc#L4HopvUI&nB}@J0rRGSkPiHWz{DkH*TKwy--wV$mR$n}IBGBr0MZAc
z6Wu0%iC>IrH>!qqEsS0grbJl`MiboRfZ}EJOnS8;+dtGf^SiHVVdmWTm~+N);F&lQ
zX{pt4n5nwOdpID^O}Z@mIWLth{pY{0B37_mq^;_BRo=f&tv|nxueJu$3O%Rha=BL#Gmrd5RekElz{Flj5_4lfy6|Giu;gwOb_kE6W(FEy<<
zPQOO0g0G!A!2X7h09J%NZ}zUo-AT^&D*a#;-E^G!+>J{b&x7CYs5;46UrB$+671y=
zP}ol+E>EC#yQ*Mg-FyB?uQJ4`j@Nn1W~|B|DoNk@xFM_m1g-pZQ$
zSMq}15VjYylh*vWQCl1jF|g-lCcPzmF5~+>@2#nScU9}tbe&k?ms7YF+Ix9lo9YsA
zIcP;2Fr`bo`7=+eKq1T`a|hORqUEUjBppjB*4|`
zf!}<`%lF3tnQo{jzz6O>K2|K6nfkgNe=mt|x9cEp_&poL`Zdk*;_C@SGM)|JnjP->
zxs(i`g@<+IP~)B>r1BRX{af9Ah8LU<^{ZSq=a1Bu$2
znVg21-&tik>0Cl5aObaZl)L&9zgQ$jKG`b(|HwE1R2c6hG7Plsd2<6^=a_mbUwFEX
zZa5TGUGN)R|5>nb270Fh()NYj5eKrbg3C6gI#`cZIXUaMb4c4=bD{-q8|OccJi0^yI+-ulLUm5^-`H(GpAzTF9a8f
zv#AhZTI1ReB^LPmPTo%(>!{B)R{i8Qoi7oaNCnPc)8_U!Gq!H`E_+IHJ7=tAXr`;_j>v1lN(HKbkr#VT{v;D?^R4FwPw0vhSZY%xok
z1=}N5Hsd&9y=81q6NXptV&m*akg3WqRO_5Hd*oCo3zan6>QFNzw&00JD(ODy`kD{_
znmTZQ^w}a_7;vkE6dT~1ep2hEUN?AuTD1N%
zFMC1pboxnYy(%Hxt$*=&<@DcCO5n4ZyW_9z<=+7zDF;wg{tXbIF0tPf6pnhlzEfApun*Hu`t7d-m(iA>K7lo(aiZCIA$OEr)7{f*y83=i6#%HR}@R
zKPqE;gE_NIJ4JXAX^Zexcn_>iI6=PH4FgDG!;2E%v41_KXUB@7Op8dy4kMIL-bEMq
z*C1(VzIj1pa!5RDbwP{}&#rX-tu1A*Y8<#dOo{uH7|bp^sqH;g49NQgm`R|iFWL)s
zhth|~v;Mh@5#TkqhFvx^g((|PN$6}mv))*#_v0JsO-<>V;zdB_@6j&{3ES1t+e4^3
zLh`%b?C5nCq8qD|-9b}1{ok}L#zB|=kD}|2OLG0bf$Q)$u1&(rLiX*oIii#UlhRpZJ?;qaJ1Mla3p677R
z^Pc%V&?MLoX)UIhfyRJM@zt&c=U+Q4+)7&mFM3U;HaK4&7+8nDKFv7IJF3Xu@e-Xc
zcy#DybyKqNqdTH9=Rclu_Ak$oa<#*rLU6N^e#p$?fP`9
z>OKWw${|I$Nl?&*&Um5poZeyB0O;qDSK$-7;2QYT)9BNzF9OO3)s4GcLKq^aJfh!5
z)kGIMWGS?@QLL)3);93d)5Hg`Oo0}{Hu|D;=(B2dpflubLDE^(mVmS1Yf?^!?5G>j
zKyGG_PrR9PRw{5TeN<#3E_7
z;BBJfVzMlLp`+^V%ic2JgubxUWyHZ$fBq|?b*9d@B#+Kdx}!L}qWyL<6y8{-%{PrS
zq*Fas-tB54(AMLZoW0;~nhS>^(KikA=F($eALl&M6GHR8hkKe0rhQL-oegFiw?X5l?o98qjKSwnW=j((IMeko2N7A<-uKDUtEv
zJ}0@J<*Nh+EH&|@R_>7-+`Zu130`sZmPWO*kZ4_X{FQ0L)4Zyyc;gQ9GsZG}VAx-%
zrseROVsHor_U~-mu5ZaDDnsrn`)Ac3+-6+X7_xz}XTn#e?FRziBs~;X8kv4eBA)zr
zcE;M5&D@aON0l}tY69WL{NamiI|5S7sEv*Rz9+u^TSQzIaM`|Ofs+516PvScKg)NH!h2yAf^=*Oso$MsC2PvRRvJvIOwc
zV4{1g)JeQQZSX49qxhH)P~hL79oH2`w$?=hza38qX
zfq&XPtv#i0!k+fhDKu}N>r(8!K|8Dw
zaonZx@Y@c0s!V*B<*GqI-oEL(YOa~a7Ysag^}Kfj(VCW^c)h0}&bA}2?jY*c!Se3T
z&(&391K$n&x-G`<^J^!5vvxDzDRS1Ldt`&hqE?J&p>efY8SlU;OOfCG=_LljGKqv>V@PGPPq&iucL-}!+ESzDQm66nVt*3tZ=~|}PlfF^fe~iIT=id!wvuVuXY;zO
zB5SYb&->RHyz}k0%*$Xe;L_S>=e6LP_q>|ka34B&HC-BwHJe!78za*i5YRs*k1@Pg
z9zBV6mSfc?Y^#DGh=tVBBVd?1l)t^t1|3rN<8w8O$sT>`B>6}2qdm}U;=tzJ5bBTs
z_U4Uz)vbA|NA&qDryH`rro<8DSW;9ZolKPS$7p#9hwsC-;iJED9&
z_!?cddAMu~BSnV$(H@o7-lk8AD}OFBmVJOf=p)uDloi-!uuJIY2HXpW52^Bxfwi;n
zI}kkg0Q}5=_Fs{(JCHa1mbH<5WuXu(8*N-6L6t&r@+Y`OkX8i
zu}2-Rg({qTssBGwbu&>^0Wl8dHVxT*6PGP`r1=l+vh-O;6LX+mk+oS5?y8lkc+gtu
zW4n6n!aJu$$=-68#?Z;={tc<25U7Ug@Nbj4H4-9?9+TPMk;I@6!?O#E>%!=p%d1*G
z3oB){8Es}6#?IRz6J{BjZ?8O+BSLZjNvxMF;woHu5|a>6X8fq{VLX6(1o~DE&Rauw
zSmeZpf!8&W&-3}$2uW?d%hw9H@w>fQqP+~dky?^vGpC_Eb`K>d^6mGnJWbI-c=*iO
z7R{0)2-?jLav+22X3JJ843J4mAK}@Sp<;hRrRUrOaEvl5c8{w&E|I#W`chB08s^_c
zcrDMh+GYfU<-ydOf37u-YO
zG3k+AvJM9V%2K{K(p|5hI-EWJUQ1S4sBHbY0#voJIA!czXA-#y?7~2(!A~nbl}+%W
zv~5o^ce}^6=l8FXr|x+6%zV9TWbkUlHRZ6O^wmAX^#;_rPcfiXsf6$onEbH{Hg@0S
za%wZM+GZyZufmo7k6Lv@fIoXOn5Dk(Bi4`p`NkY{>qnvFHk+nlbCMpo6Y^}I6v@So
z-hH|dhbm>I*Uyi4*?lwmK%*A0ud@F$9G>6yV|D*4oN_jkdWprUwfmL?e>((VrfvsZ
z2aE^Xt*vHe204!&HqPW1UbFo5(iQz~xvMd$Op?!>y~D#S&!
zKr&urNneI>#Zal2GkgcWf4c7@!a{LLaDf6RZk@g1%))L}Lhv9#k272kuRM<~ScT8;
zMx6&os*?6*GnC)!R(OJW4O1A3Hy9)+afa`~AES^@y_GI6pRKT?uYyQ`+{oTrl;(kf
zB-osQB7YMWAq6Yn;4Jacf}hSTE!EQib^J3`&L0DKG^5J=yDyCr+@b(?H*m4($~W8P
zXld|NZU*cbt#>-Nqt8m!&}i8_NBJq$f;AyJe^#8j|
z1ZODpfb~i`ubsPTRG!ogI-^?h34wlwQcbltRuZjw+MV_SaAuAAFn5JY4LiB0Yl_2y
zgU3s)tfClOT%7|5NrMt$&(|*#%@M
z+g)=&&cNSNdHz@MBif(ozAO*~uP@z5q5tztwYA&-EkAY!H2+W7HHzI7WE_l`HZ$Al
zo330MRS_Pp?~D(Zo|#H^hOfidbfaukt8D7vjw}q4`}oAFnFG{LFH6Nm6+NkES-sP<
z9flb&;Qm5|1)kft$eJd`z!n54stsLHp{96K7`id4DF@a!+ByS!Rpd16NVQPlRCCkS
z@Lki!dd~oGjAVT?UBT=o-^7okstA;h
ztsblki^RNEfJ-m7TS6aZjI_7^gTW_CHg4+0B{TpZ?S*tbFAnAu^dB3p(mTg!kt{dY#~S}cEco@>9J;gI^L&vzF$J-bnb$U?RLmPU`34Rz
z=mpJwi48;M4Ec#Jz`L*)iCrU0-3I?HXsU8W1X*mdrPpfK{0d|x`Np-wGGp-d;dEN3
zWW>3R=R1B371ujty&L$vO#<)Rr(zm-&1>Gr~z;qsjj`m$T_|_syQedhc+T*
z6z+(OtbDa_D|O+f05R9Gq@!sZi8GLEH<{P%NaV$WBIJL}EzqMYvHTB-$PEZ9RXN9F
zj^}80B77raz9aHphwh82g@{?yl&Lda8}Ckm2W^^A7S2%hY~T|Dd}mVz!9x1Dn|g*E
zCbgb&aVEB0SMh)3ZEZsc9wn%IF@roy|EWrzRq>JGlv;)--E51Bhk8SQQ!|v70&NO7
zo|e^(+S63IkwsPX-PC|yNu5}C<>?{Rl7evQFz*|l+jg%q6*o3Bnl`6Z&Rd9@TRU6G
zcyiHD5K~pGz^<3&rz;E#cYw}~(@h(GGm;O4@u+%`{EQ6CDHrUvX$0#h`7?T=*Fc@N
z?Ug8G$MhjsXXIqOc}`q`$Bh@<=m_a-qbUq6rE#!LPa+cN>p@mZE9ly?=-~Pq#%*pL-xZDnZb0+Y0KyuhRic4_zci
z&R{E2NnriXXx#p}8V+4^+u{I!xrt8}*i7Z7E9c7gAT9B6Wlt&HXgd}(Pue-933E~C3D%7cPeO8>D|&#N
zzCFYz@H)l_`Z@e(JNa6&pLse>@mHg&8|&^`1G~VPPd`?)X^j5HLX^?a}k$d
zJp#1dC;eQ~kD8<9HM-w)@L!IxGUfx*;IY3<`4K1g1B;gbJX_vZU|{yn(Yo4rKevmK
zeh--KB#cJ$f2(c78Uja)miH?5Du=xz4W2hk7~iJBiOtYr2(-g`Kd%!gLYM94DO>87
z(f$BNx>Hnz&QXpX5p5|gh39vohbJ13^UFDC#AwyRSD{>TM1;JN!1#9LMYuut;%^H~
z$Kv!S_iBfsxS#xhRB8!-#Apj-ROk%!?2P8!;P4Yp491MSXKAv7^ieL2@-Kmj+(vM>
zh~ld)TpP@bf!kKz>ay6Ecyyp1^NH(RZ+U)!Hy3fMBEQJrdQKf7?Bgx;O+>a^?&tY#sV6jw
zTc>Og=kCC+dIbXq+LuONb8wuW+Xgge=>(W3ML2q4Wp@)Y
z=cb;pNRL-i^L7Zc_vBe&{332Oe&Z)~j>&
zzH@H!loRCy7#-Cbd44RSk9m1a}dBMr1uy-G&JjZP7
zP~o>uEPh~dc^B#dMTh-P9rLAnHC_#RB@{>Ud!X^zER+1+9opR;-mP(W@(cCXCAhmV
z)rA%V_lI;OMj5=%pBL%74A{j7$U0C*ISB)m3$Gq%=!2ar*BOn3&1u<&2NK7^o&VlK
zT%jmFH;rZ}d1>%1#sLq^KcSil3_T$*L)7x4iME&hFbD#HT)d{&Rgyv)PY&kBS|R+4
z^{->(5gL^d?r#;g?-#D}JG}KlC#5xi!w8iJjYgci=RA>4;xm}L{^#0<;HyDK-Pns8
zpfw(xHF+
zMYwX)w+J9pSq*Donj|&@7CKJoqR)^Z_2rzn$_r4|K4cCktkqSjRzlw;TZ}6b85b`f
z=db2#-Xl0wzB^u#t=s=~deXJ4y>=dUcG+HvE-!I7K3bQ51Egy&mi_|n0YfhpB+Hqq
zYi2EPS`*b9bHT@wu6_qrViS|2uib5$PknqJCUd~pmFMqJsxyz~apWe~jF5M_gPdye
z&yl%;R+T`qHlY^e1J4wvYf3?J9c3X>7vC=0hca0yx9twOdD=L`pLfYun1KiZ@1r3(
zxHiYe-01tm{n$gY`lNCpQP8G>C>LOp#w{2MdxhHt+KVBAeg1^_-*fE=_u?ptM*)uG
z0^Fc=2}Pc&KCyKdam#?m8<;
zDVk&AONSd?^Mpln2I;+VqDe;1B{wo%R~AF}!;Wa87BDQg;s(R(iP=TUqIrakD0=b>
z8GdX?xpwKJ;Yp(#!w)i!>HLdcBwB2V4}W1}BhCLY+K4(At_!wO7|dK)C;ThoBdgE6
zr+xLzttsP5XTptLvWNl$W%+Z-`)>4?F@lTh2!gH&!CLpUQ@^>)&b>Ix`lZqY8B{cv
z*%_Cv94m7ZM@rq9clE{uKc|v~QtK^IX`=Dp_l9Y0YosA_g0RR*Z^}n6ajcf=xRRCh
zABl`iRO!=~g)CB=GP9dymL`f@Dv>wdEpnD+H-0dW{I9)z{oI{zw|ShDTa^9*x5pW;
ziIgrKhsYf<;k4h+Ti!X-UO!%oI&xvy5c__g*9xDQ16RGu_MC57&gpi-D`}`LG3x49OM{kf<
z*kV($FQ~x@zn~K^%*-_fA^LZg{z`6d8SD*JbV)*Y%$oHt3#@=%sBBE-dseRkMLho{
zgWEWQ%7kC~*c+Of-qQ{r1ycO}FqAXC+M!>Rxrv6V{$?8lyU79N117|--DSu-5)&rk
zy3fQ_y_7}1dafbD)<+SLtlIXh1Gv2?y2JVoJ|~zo5*R6?yjkeJWC;&>T%N6Q&XzcX
z6Xl2lfiNa+0V`}!DBRD)jaw~>mIMzPL--HLW1aWzV}Cu|smnpoL}!GBn)UME1t1^|wj
zn4)f6%t*K^!34U#Otv#W0RnNYQ)_P*s&un<#&GF_D2t1;qt=>!V)dEwY-6a!zmj;q
z#jx^`Xl9L!e&>oZ`o9y9hO8xchD7ro{nSzJcGvfcPB-QwQAm|Ua{dZ)VkLR8(2dq4
zGXAan^hMs3?{;`CUXRV~`_{OwIib-A#MgqixkQ8O!+d~4n@U>kH|;rm84f5>Rx6KBTI1nzA)5I1-NM(mx-BDKw
z3&3*snu9oGLJz<*{*|vZ{{*0WfG2a}-#s;fA;`DplW9kFLQCNL$kQTbT&o
z1Rh<<;u8|ZF?|pw*nn9ew^V5`b^IS9y*?uBisGBCsNl*KCJL;ALH(qdjKJKCOEgWb
zbqRq0MZGIcRy@B5JS2+{To?h5|3%b}G#aDL?-;pLJu-z+z6=z9L#c`viS9qDye^fs
z)8FDZu8i(TASS>46wUPR#foO3;(#J>cZ5y68yEX)B-IWaCe>o=dsmEb{!RZtIJ6jE
zri*%AKRbF2{Q3A@<$W(l=BV2f+RB4T@$IFnqf7VOw=<8UmB>xT&!@{5buh!zkmDan
z+@?F}yJIQzcN4K9C4c)QS|h@1Ieaeec9e47f9|jMO?QTerphNCUJvH^mt9ocly3t6
z!6bTk1HAYap_b0^(@SuxHe
zEL-yBHor9AeD|{2+obaPp9}`wqWA0*(&5$YmyOHsvj31BZl3^yi~lSf`*|lFI2tL{
z@3N>~ZLGBK&RB=QWlK{W+(78iTwA0trO{WTx^dCwM}AL{<-)9IL1U{xPl>w#Q)QRbvrErWr@s2n=J#qMOg%8Pwz!tl6nhP*Vo
zFSc;Ls6qAb#$EH4nwhwXb?qv%?M}gpMo-zDBI&YKmUbZ4jC4VZ(J-afbTXJiX`ymb
zv)z!tOi0hnbQl`nkRgr=9MmbAd0vIb1PyU=WV$$c8!pT_Iu<2H1vxTN9(SsP92Yj%
zpr*aFk^vZSFi5OdB;O+!?BYk7V9BEBV}6Vz|BA=#>~@CCmA_DPEVZe#uY3jc*jJBS
z{ZRIa!Nq_k4joSo8b1~h?x>^|YLdC
zoOJ)AaQ@Y>RD6-AC&Y(!Ye>J+enS5EVl-#224eW36Z21PR!|G+x}mv;g0Fd9!esu7
zMbA;le?;_7IV@iZY$tA9Y-+sCs6CJfdSa&!UTyr)9sh4#yeGl;B{gxpRa#e}lIhgz
z1adaqs!kkc`sfsWcF`~fZiZ~V$rALo&zUNR-r{&|%xs*4w>KAx(FvYS$Y=UMMJ1)W
z=CwA+K*+Kwriq%wQugiihb-@rj!{dju{tWjAFmpg>AvM)S5i-sato0$isB3^CRNhv
zpi?%&KRMifO8=q8lPQbw*C})6bwPBY2gduUsPFiwzc2TF3XWpjbccYCTl`?+Mmc^0
z_JZ(3lr{S9mX)*aO?k@SEYz%8BeEyz)N1%~(r#ejGoo>vITe5zJ2f%HuG?lZKpxaY
zB)n*;DN1(jG=6c7sYg1J&{8u3E~saim{`Jlx8S{BlmZzlgD&57nEqUbwzZ<-Hqn0e
zaFw~&$v_o>!bl^d0B)z$fdzgF@c4W@?8)`nFCptZz^l5%{
zJ7!pQ#svIV8kfe_rT{__sz8?+Sc7>8(z3*paxn&;C_qTMgb8NbkR4We*kv
z#~SJZ!*aK;^DVGtVvZ;<=2W^a{K725EpQ4<2^?1H8od3WSOT#>Xy5P(8hxgH!>BAx
zp*?7<^bTkX1h6nb@6vSMIE;2izvAc^tN_iod;
zXZ*w@*CQWZGW94#hUj%Jf*T*=`Olfdwfx}Gzi!O^eMe6d4klgSnGD=1d7|;=$2e@I
zjlWem(5`>q1ma`Giw-%y{4}~4n6G(*6}Ny|EMrvO8D!3Kyw-2vstH!h?~7!aL@>VX
zgxrxFu9Naf*YE3m$SJAdL_SxS{mw_4v0$cHdb>h=DW9y6lZq2@+4pM}^X>~MP9@|T
zKYd=3B_y?;5mLR1&@Vg?^o>=TBeKh2@6(D4?$1F-MrHB(uE;XHG0!+H_tRy^TS7A^
z=Ve(wKibNLeY(A!Tl)Nn8Fl0ArZbfllX{|$U?Q}Ko
zw(!uT-mh+rVotQ0z<|v8;fCD20x0gz#fQUd!Y*tR?(IMG{P{JzPku>Rkr)4L=u79x
zUh3_=dfLIoHlf%VlQPSrX%`4%_;`1&7&_v}-_$j6`Y}ewQ*v27WcHu4^6gke&)h|7L
zGlJTIkyTCu=Q#62pMf1cMR#^hsI()kR`#oSJ5cqvK1
z8v0jq0k{J(Jk`}s{0k6cz0c1M@eWfxezo>Guqf5`=}Xd0lIcYGhH;hi%9ySF;
zRA16WSS?W;=?x53I7|&2M*qG88hU!d_z^`<8HAa9Fc@wMmB#+!z9+)}86zS!jeY6n{lFaJ!!j
z{mQAF)a4IdYIF6)jJHCkeWUBLG=zGWHW@r}$LoHN3B9M80or|UFVZjqD%uOhcWHBL
zlPM9y7CT55`J9)17s|@BMM&NO@IhoG**j;TJ9C1znH12m*m5Qr-dMfI+R5w$(l3XT
z+^gHt=bukjf#CZtjeGSAb>Ahe3^E!!$iX>^5)I_SxY%y0B~0LWp7ue-Z;bjP_anr>
z1FVs^UCsD$Q=QbW-wd1junUCc20-`}Kv|EUgx+`dXoTyVnY7=_=A@JOgV$zMr*CKP
zOc@lD)Qhxke`ZCH?OR&xogx2K-7#u>&pX|;8CvYfh5
z(i!Hq-Z(Iea9y1mGJdRenwSwb{0MigR66<(bcR1k4omcYFXggeKb6D{^NfASvf6I$
zlj_&cVOvR11cA|Xqu3>W6uh}i*nnM8<7`}HL{7RkG
z?}+16%U$E*kLA@GOIxBY2bGY3b&@~yCrec?kx97x+kg?KIAc=0w%QJof^xqA^{0sJ
zMq{_|+*_>ChDgrQBjR}fBvs1(8YuQ^v*r1o!6^)rL@cfEA=U
zv1{j3Yu5&@mHf@|@j%D7RF9?m;@vZha!l5w)4R|aB1n-#u_29mJ~iQws|pvmeb&Y&
z9fa`ju~AbizB9WUU5z0u)*0ADGu4jp>HsU^m=bI5X#Rva7*wLjE61tg`T3=&Y(@P9
z|3`Fag93F~+pCO44Db3T5FzM1u_yt1ZuNcQ*0eI0Xx
zAFf7JWP29`O^s_gRM&m#tFO-Vd5B*X#=z^(nN}a=HKq-wLBc$|)U7Xh)NF3ClzQ*B
zXWs?!Owel{nX^RbbQ+pd-t}N6=zVKrI&8w4?I^W?h8{MWtvTQX+&bR0_?ZqH5ATFy
z(?+^G7aORKM4RRz7pm6@>n6^3C6pyd?}$*DY!pryI5MS${A{)=_A`7emRI+Yn>o<^
zCpnsCm_XKA+9_5H-J>Xr1>=NY=4|cqf$q(udlM}c3$u=hz=^W=)eUj)ak>a;(;Cdi
z;N__e{Ogg;$d$@a5SEi%wgZ6p$==_UD4rOy#MmtcH66)|T@G)I%Y`n~cNv~gZNqA(
zN=y9`5^=rp+?RQuhDhmbSxHU$Sz7-q-nU2L&l2T9khiSOeM+C^En~IoNY!>GYe+L&
zmkjnq0b6>lE2E;|>m+{-)0UN{n7PY{$$Uh^fsrf9gGH3I-sGb8s;WTAn}tm9^p}aM
zJ&Mj;s5TsTM~ODPk|NF
z)KD3Sy(`rZpSGUi@o{z!f*tq60wGiRsnbiFkPR;4=rB^i7UFy8z?BJ1s(n1@b@1_{X~;{=DRq$_O)<<#>FED&9734ArIx
z2U@C?M-Ysvh2rof(r*^N+w|(P@IedkE17rQ+JCA0mEj07Irz@!-XY6o3SqWIj*gj_
zHP-=YWf@-kD55?vv@a&I{FXRZ2oPx&FyCTXTLaNX+GYqFGjM%#_yog@$ijAZGqN(C
zx6yJ5h`}|!0zbz6ens3VQMV&38OeFkVZpvuQBp`0(-slgcM5g(
zPg~xQn-HjmJUydRuxm1LPu0Bj$r<>%(sc&WkL8!WWQ*={_2a1x&4%DU5iquThauC8cAYujA{1$i#)z>r_93xkCpgRU-%5I5M3Aoos_9wHQ%Vm=Lh
zwJPSOc<7V4SGwUwodkYb&x-FeQEOkFsY67yl-Co_{TwoWkBU#`P5%nq5@L
zy-snBI&D^vcdwW6{n|IPIyjK4uW!ZUYN-Q~-6bUlZj8y!;qD1ZJtd){VPdpX~*#jM@
zOBHf?4Y&32i_13rP0+Jzl5}}xMv{xDFq+WxoidPIW@j{3d_Qvku!iH
zU*JO`-C%t>!e011S0^(b$(9y0oRWr%xIs|~{YrLk~c#vk9?^Z)F8
zG^}^Ac9S5Dcu!BbL>L41W~8RnbG9I3lyg2`>9^p#bGxQ3yLO-YK|V7Gn*7sWb@GGt
zbYivX#RhEinE8BsY`>iV3
zHmSE?oP)>mrc{X+^Zu49$de9~V)AbXbL2cO0his9noz~e8Li?UEB5#`8XDJ^MH%eu
z9$&=^v|Jid=~eWJRm+QYUk$Y+pAGAPZ(+pJXF|ZRzD@wY0*ymFNVSTDZ9tAUGrnY#qb|43+KzW8lFZqyaefd_Pu*Td
znFOQ#KRqG1j3ZDg-)6Sxs%EA@QvjIU1dgsx^_^G-7lrfuX2-~IxgMBL^{!@PV-C0u;tzJ53e
zc)h7xq%y%Lm#l%YT!BDD!v6iVSTKGv@?03VBH`9
zi^m1j7|Zq+C7}2|it*zP=&Z?E#35B=XguXEa0uC+;QAKl)13N}sxvp|q$rHGp|BU9
zNi(u`-!JY~U90pkNo2l$oLOF9T`FR9`0veg0USoXdr@Kl&P=aq#LF&P)onN(->-5i
zCK=2Aqb=6#W3b~o`B$8p<1&5ITl#X~;74{dcr2B31S9y;Smt&=lF^)sZz*aIbe=6A
zE3s}CN%!%jM)Yu{Ih|jBk7H<4?Fz`cZmM8yB
zNPKSGZ#Y+dj2u3LW!?VJINvK2@UZPzq4Xb^Z?8XYAqjU9(e%#OlM-O?l&q0u_=dve
z+Vu`aUD-QZ3#!fHYJBIpJSLsBV=!jsNw#}s5YtzPiD`^K3|ElFy^V?Gs9dg*8L5CoK)H0C>3C=|8X%}0mF
zRD+P4lS(#^R}XCH?lyXf?|Fm#*fgp|Y?1$T0mNrvokw2^W71w4FBa>?)w?8;WTQSL
zsqg;k!BJEC9pzASn4@RrMEOp|HuxXpBi6Nsz$bz5sucNq16|(y6T2ae?WweXB%-6N
zn@jpvXcr!3L|>8Y-u#C@iNrGn9~Qr8mv_z9Fq0-dV&4zYYr)8mMY?#1M<&$OlNHV@Ia-R;EI!P=In|a+a>12P+B*oE}iU9}qE8jH(
zl-bRU+P3!o4TGL%`-lrC6$ch|cLjc#*4AxS-c@dxOfy}R6L-6l?Chr?ucA8n!IxYF
zh6b6eGFhPEoc`QP!z1G9yWECxO)qbGQ}gYPd&`X1rzbT_$p+w@P>#6Sy~16Ayd(ON
zVr(ucPlO+9Gl0Kb_OE)O5tBzwKM8LLVh&0_W!Sh#g8BW{g9uObf6MR0eic8Qx2K+;
zsq9!KICtL9T2CEOA4IV3?P>#kqOY`E7&6~5?$xz}FW9k<*Dep4_r_G!#0t!#lmSwM65SzvgoGhgWvLZ;A*Ckn18(4Sd=&1O?n{>inF|d(P)c~p0
zfXKZuxYv_nD~$K+(yZ0|>8xTTe>7YlHo8-`^WAv@@y?UR8rKe&7!sYXb*6Iq(qQ85
zhE#}%3iaVR2jX)dH+lWR2A_)3(X&R@N5AOBbd8^!P#&Fs9qzUI?99r;Mpw0zWJnmLo_kdA(0fsl9&r7IMs
zALJo+%KeyyvkIn*vEb92S4N@i8yud$LItf+pefPpCk|=5yM97uk%l)TP=Bx!|8y^3
z+biB^mqtRbQN5m_x5YtfSo6uyq8*atDT$>d!IFS!oZE-&nd@#lLAxfT2Z&zJu8cY*
z1Ft0(xMu?{IrHAyqD`T5ZlELxjyyfEy;*EC+um<=YcFSpUi#;sU{p8ODG+lndaw9(
zIJ?DhFH3V)opB|$+I%8<0x4n9c8vB9XsCD|CDTP2Ok1B97pZ@QFJkv{h7x@m*Cf`|#6y*3jgaeSblhR@FaVyZ-RQwJpE@(mu5MuWk06J9oEx-QB%L
zeeH{5e&eC&t*`Ue>6AY`oOxi@{>sI3AqO`8J{rY2cLE#u#MS)w(|KjtwSlK_c-?FSB2b8ZBb4l0
zkx`0Zpl7f%#@us;4`l5ogx$DJrp4m0q55{;Zw8fX%mW45K`F4!_w#&Br;gqIW^jIu
zIAG;*sXhE^{vQO}t`~7?h5D{eip@Dbxov79<7LoGcvfQHE6>`7nAWJp7`}<)6`2Yt
zkn#|nzCx6uPw;i|-^6>2V`~9AGhx$D_-p6~X7VOma+i@sa1a_V+x47y7<*QDY^UN!
zByfXssxU>dQ56j~HuJigKj(T_3bZgDBQ|*@4IZ%wraP~Eoy}vYR^onG>N`|YbBJ#8
z-vn_RCcc-NU#sP};$EA3Y8W(383k4kQ%Aw8S)WEVV$A(kI%o5^S^0m$4@;9@5Ct%bz|oa*kLR0UMm?|UntZO_;fD_F)W&(}?0=Nx;Her}ej4?qE|;eVO_ZlA
z^kqrUw-j(Ezp$eUo^LGR9=ud1tTsAYPGUV%jRyb!bsxXA&yA7lp2KaW-v&}T_szkr
z$`zo54KSlolmE{U!4F-u)c~hfPO&**hpkr1=bmkW871g23l&2B)QfUT$$wsg;e%$6
z0ni8TI+J~JqT_l1yrUjyddvq@L;4e4Y7r^n|2v5)1S|{d=IJNQ9xHTJ>y5t656yYD
z8D=!={V1umv|lyBUbB_*mD{S{PB$bMESLXP66WzAp-Jf!y03R&YgB>Rlk2_-`+D7O
zKfT|($2;ScYIq7dZ#8R~pAzLP)0a^bHG=_WIa`F>3C4LiE~+-*;-Q)(UK3^{<2+1q
za8QjTCyf42Lrt17-!F{0l13P#*02^nhClXTD^2cxMIT++oKzJR>@B)T_`V0@`5~?y
z0(F&mcqVPB$O)#5>EIuJSdg^fK)o<=AQP9*9Th0qXbN
z<^B&7X6j1UhzovyB38oJ2A992%&e{Dt_qPk=SG1(6xAo4CUC6Y0H65&p)N|kp1{TO
zt+4mQqb@|-YV(ZNrpQ&`K(h?lU#mfz#-g7p*0EkW0gph_nS<8EA2wl=51Gr!vF#O&
zr%BQ*qmSr^OtjC=46gG!;H!~Ar51dLKy=SEgP{txg75wVF}#$qe7Pf9qhgwQE*TFgUIRdzffhPT~1BBTRwA)f(RA`1<4s4Zl_e)!F!
z0}}tKee%K+IxNjD>d|90x!}%i%Ymc>=9v?bR}>rXMRY3a9w+`{9wlcu%4IRkf0(~`
z$op58-d6FkXK2N;o3t*qN!M*5ER%zbi~YnL_VR0(;$^t{iaDOBB@Co>puo2GfA-XF
z=2_;ne>gwYlyY%|3MwB7{;cY>9*Zc7ow>(awQ!{HqC#TCj(P7GrLlB-s;%g!J=fdr
z1NZ&?JZ`ssiuLc#xlvcXxV@xPc4PF`b2`w5`-s@6rg-XTg}9)$APZSr<9lj-`Dm!-
zfX%hHUBn=$EP2fbl=gXL)2`1_pBt^p86$u3z1$`T9O`eC$c-$ObX8Tv=}UzNQS@I&{VDkISjDer@%T0-pugM0)dA@KPhV$
z4oV4^$k&&T@0yT{o%v#G&Zo+$su*3Gwk?+v9uuu8p(ok0QG@M~RVO?WIGWd+vXO{K
zNxqcinJdUO;D+@g2gqY(h*<*1;MMYhs`r#H4H6B(4#J|5m4>A{_D1pj<%sg{%Qmpm
z<#;x#a&AA+v2V@NxV!(z^u}Q}y0hY{RR}9+K-H4Ssh)e^@TVbm+pl(a<^-DEq*RG?
zJ2e@72|B3`?%qk_O>EnfntV43?YDcXhMc>Y-+=AFv6bg{Y0aOha;P;7Atz6cJYSz(
zc8YPNrX(f$);3k;dX64kepO)Fc~(kv5`+)fisj@YrF(N<&xofHd&Lr!*U#?8_T?5
zFX~={e{be4AvXT|qKb8fm;A%_Xq0TfA$@jD6z{JI-}X9&Ky85>_}S`t+GC=Y59n0w
z@p@kySWoh}ChhlmAmYX9g@OEWw^P
zqU#8rfQO3{>05K=Zt>MiRFQlDLN``sh(!pVRU`
zF$PAa4@+FqDWm@?XI#Ktl4TIBahg91>+J{`hsN}9;c
zjIHd!dWhG<*3m<%P1a!&u7NCdm-a9(&7!u+gRU0Oxb`T+Dw`DlOw~+OC-yxc2GQbX
zV)`72Xp3eBDkZX2GlewT#9R|x4?J5kVj1vJ7e+0X4~%k3FB1-}QW$rLAjdPy%0e$@
zNT^-ZOOh+Rz9Z^#&j4n2tM%V(rg;jpYhTAIHtpxZam4Rhr$|jnL-n4yz}_NomD8Zm
z&Cko?H2KR!kn*rV(_so$|8dVL;%tee%5nVfW=c8QY15>TKl%gk=@@bk`=auRhJcug
zH^d8(HqO*us`x>f-x6<^MB`}m7h4qs2!>q*tptP#%>!>60Il`bV~&Ll{ny$0STDn-
zquAerR{yPzVt8rRq`luT4E`xexKxX;D)P&CzbAJtvhJR$-I2%mJ5?b~c#Q7Lve(re
z`^$$Pvz7j#G$Plh?>$DCDpWhJF)w(5Qkc2{$13*uxWz{*_3Oi%x63f
zu3~`4;*mJ-9$YbfdcQSpbCk=gxGCaR>%8Ve@`r4P6zkXZ&V$-l>FDu%9
z7S`>##aOnVVoF!BV@%Q!x_7UH(K08FZHy`V-St0;uEd|||Br`CQ5GsWmyje@sSq|&
zBt>+n#FFG2<&2qKq@o;irgDrBawWOKrrhV`&at_NVPj+W_VfD}KJU-t{d&Eh=W_QO
z(X7lEG$f3NHClA}hY06&s=gFG2K(7VQw&MR;MzaEU0XT7@=K>P_P2UWKyk9vA0LQt
zRsMd-;^dJrozRbeL?LPi;bXcc*hEw;lWJ4B2E5e3Vp$c_dP1rdsa?c=a_WnNzWkF&
zwL8JeG8RoUw=o7kQ4bBLHr3Qpe;O@{i2r`tEAE&exF6&csr&{Q>3|&e33pNN6Fn|L
z7c?;&ZAKoHU6F90A%GbUWRpL6(aR=?e5W>b;Rt_R*T1v3x|qUo*5(6G51>UZ34sb-
z3`Mr47w^ZmxfI;S-bG&*HqyL;-#anY^gtsTYO~ZIa)QQ?b&6%JjABj4bS`V&Y6lB!
zkT@fjPX~47!=4>)(;%E1y+L)+T3j8f2W3izia5^`G3D+59%Zu_sS%_&)N6LR_8WX!
z8n@124&(e+`3%T)*V=vPCI2qxFOfn!F3cTj%Fm4u%(+d`=E?;?NuWrw-P
zHyiorvS&Lk)1D%;w-F@|H#;BnA!PItk1WiXj>LH&{K81LGHlkj&OI}Xzd~I>W!xd`
z1Jdi+^7IFKc+>+n=qBIxH$|%tkxCE!nP;#SF(&lTW`BHsxD!Iq4k14Nr6BV6JWpmJ
zm%s9+A}>RHdZo`>LV{mp{Mutotu%GJt}qXwf+I!Au*tecpchl(mpLHXst>JcO}D$y
zX&WPsqdS5?o&B$+jL6tmknG|4W3@E$A)dEh>G;r{e;q2T^<~>Fv12D7^mojn
zb4lFso#3F)5RM{q>tA(2VA7Mldmd4UfNYNU%5ffe$OqA^zIXCKo6JJZF;%88dUnb5
z@likW@Wc01A2A>eyx=YmZg*-&2cGlut>_QjwJ@vNDDhb^v47&{Z#!1+ngZ9V{+1-N
z@MoH54!`5tbQ10g>o0OL8TahsLpy)plEo5&5;;4d>;|`J$YJG>(4hFIzKT42?WZGp
zp}wzd*68~UalRE|*z>vg3SV8j>R+AdiZQED6O9dT21{;H@bB>Z
zZT9W2k1^%UFRf#uvX%y&cTw`kzpIi?A-C4SV^R~ZL+pEd+8)jZE?nyxNP0$|+bQ}Y
zU9W#T%>JlDNA3R5g6qkFcS@D-i%-a>*&y#qprg+_-R&HF0#qzB3Qi`E&{&
zt;NK*$^71)RG5vzcFrylukT}2O+muQfb=oqxk})(urFoc8U+zy&HJjF&Z)gz8~;QI
z?eptj(j}SN`*@xZGLpB&)WgK|riGiBaZO7=b&U?r{rX!|I$$I7dg$4ONrwg8u29~=
zQiWftHHK$XSNvY};gqa5y5;KouCtK9t5*DCPLon!+Tl+fK=7`Kn_cUTU!SBSy!?5}
zjcJ*xmjq)HVEp;Jp^<)NKkH6nR~Wcsm@^}3D9MIHFLY;7)pT0%98ek|Lo4Mv=WSLy
z!|tcPV7lJ0-#%+jqe>r7%|YlX%_fU+^@!i08T&#-YuQZwo`yyV1FL@FOR(R-BV`Vw
zWs3ZTBf2qJPKeT-W;y+C8!(NT$!j=nA!`I-)cxLB(Itzn{e-#ap6D$JrUzGG9cETT928
zMs%mj{VwxU9Xpl4@HgO4j2E4{%(t2V(fk5zqCfH>eRsXQG-kVRb+VupMM$rZcKv*X
z;R6HAt*XjgjGUB&SH;Zv@7qxpH5ZuobV;E%wFM#)55;}3m!a;h<6issLaR6J*B;@k
zSiUQ43SVs`Q_Z{#Cd4r0nh?hTU*{>-tme?MX3>+BFnbqFOI!4MgCz1A$`l9`2a2le
z35bIMW2qNAh^BjmyJ!{Z_{_u+N9tAMBQGR;KAR=-DRp0P(*JJb=<0Lpg5TFSRut;b
zq=~c+n$<6U5rpjE?=Obys%+y#8v
z!8MmA0EZ-Nrq#|9mcs$^!nRXCdk=qY2m6SZj8tHcB%1*qo4ow`NYG&Vni!Eg>Cd?h
z3dQy1tl7!Zysc6+(m~h*2J889zO|Fzk;OA`G@+4TOaK<%u
zk@8O1z5kFEJ4e_DxBhVR=BcgWq`)(&8w~?tlEM$RK~R>IYwlRdl{yB(&2_fkkrWtm
znS1B%_65@whDe|#3TUCz25&|Nda?{xPJU%EU{WH
zA=~A-z$IuH?F|Miw;@X11#I7ZpKv@~!Q0>N$KFu%gV-D(;CH^Xa4*jLV|d!n(1=S@
z;kQ!=-^76me!gUtexhd5T=c0Y)dM#Qa@bKLg|&@TndAhVDCsBS;gVZ%OzPBO>7Ja}
zMigv(2~#xko3M4RY=mZuA)XYZnPd7iIl6Pk<#?nz69dZQoz>2r%=AL)CIC%zxzFY>
zYmaaJmJIqk!}^tf(s*RL9#OSIbCh-RW}Wr1OSw37>b;><*tlf!O|@rTM3`s!z339fA)$27PkU&eGWrLoEF$_hxu_+mE1YJ?sCSkGA5V{dCo~Mh
zU+U8KJuG40F6vF*ZNn_e>oY2515i>XKz!8bx9XPROGZ12df
z@sRhkf0eX0-w+Yp5W#_DG-Me*cR-V{?71v@N5>aY9X78p6k#bpGHxi1n|@mADQ`@;
z&C9W>Co3n&)D88%lM5SyMGV82o}h~95Rvh$Q4
zx&%g6xVN)6)$L&w^Y_KHi^;teBzbU`^b%@GqR~tyg{HcX>;B4j3SAkMiB0LNfy%-^
z{3{e1`~a;`Y`2KO`Zv%c@Knsxiim8FwL=)>Z#
zQ2d}h??tL7h$oe1|RkCk(AxoqKLaar}f__6lT
zY)Ra7x!FJYddV*e^SQSZZcPR=L@q@`+Kn+XvnuiG!mY;
zyeV#KN>`Yv%Rt=4@bI>pF
zTG!5sE7Uqmm64JlKSNd(@%OU#D&p1=(Z?O&bwGUpzI*XTo#CyOaqDpHBf`cj4RHM@
zSJAUYADybrlptd}!R2N?_bEWuQlvm7rsMYION;B=646HJ%{MBy-aisaFA5{uj&d|DA=km%1hz
zPiQPLRVGg=`X8X*_hN_VTL>3Dxp;BO9^1(12|R#&3|usWL4l)@#;wNf{>l#%+k(;wT~~X?pD!Ri$5@qCtw7!}eMbBk
zPBqNeV5Tb$-$&HR5grWLNlk}q2t^yUC)E8D7m5^EEuq_liKsa|($p)7lJm2!3+Tw-)clR{D5gA;+tSKG2OeNw
zesKGp%L8ds^s^7ekr(55MYs5(TW8jkn#wl)xp?
zz#J;)czR+2pV@Smr0$yTo8_#kS734t6eAug%`zDavffU{5QSEh$)Hnf5>orKA$Zn7
z6d+HRZnV){gD#a+Q@pL=|K<8rd8+sZItj
z&E#ja`oq4g?WWMKPfZtaofjN4y8@m7U9W;O&t^kgIfuPm2e`sM3SIUGsAaq4pn6gu7Z!;YF3pq>9r{TaaZ#4)IH3L&+1#
zkIQho-7{#{Ei%~JV-yT%PUj3hr>v1&-ml9iXsuPvzH~l-Guvg{Cj7QVc~i)C@!5!i
z{!*sXujj8g32v>|`Ci}`6n+<}=CpuWJ8-_;x~Y8ow{sI9F}1ozZF10lzc%ah$B3$h
zbV;T4%B4ozeWKM{g+}(V$TUymGT%P|1lLcUp@wBhXjwQOUN2mug@HHTTXU6GvoigC
zJ<@;5h8(1-@8Khs-7vMI$~}eMz+wCwg*-Q$MTQ1(eeKyjQLB)4%^i0l&E9snMZ*5$
zBV0ws_r6FmERvQ=o4-3%KAG|uc0(PfgI=mTFA>83aJ@qtejtQxRxG*F#OR-*_!g2U
zkM%h}b1lpdN!U=i2^sQ=^Ij=RD~O~S%-4@w@M}%~5ecs|o8F8`u9z%KhGvPT_c0;=
zj0~N>=8z_8aIUys;iC_uhisOZl*NW_z{L9P%n1{z4obzoTFDeK`+F|xR}oCk9m$}liD9cMmrSxrFAmL5+}9Ue
ze5?XHu)OO4mUmh;xVW6Sl5J{v&BN?mUXyQn5$84}KL__Q0s8l%#HM%QFBy}kk6d3Q
zK*NI&mb>|S(VH;)o-hHukei26>>g-O5C*-O6Gbm{-ANF-n&>ND&a_eWYjen-(9Pe0
zeO|svdj+9@XUI>YMfAOKCT1>cFx#w1y|&u`$=ESQq851=a$a?^1N_B1eQQO
z>I1|JiMSK?eR}AXXvs%-QF|i7B46wt(MsilEOR(-403vZNbavo8=97LzH`=h0FC%_
zH#bkqG5-eotmjW&2;-2dTvVIIGc4f0#>h06Bh_MjtnyZ?{G6!D8Bg7{ZEGCfBRos-
zn209t5Xm^FU}8eYON3uAukg<*`!Q$2HV@jBCjlbtLmrgSpDonnpCe}9IL_pMcjoSW
zxl;{c$&ml$`3jo=`m4Yk)<-HBL3cly5k6**M}~nP_`bs&Pq%@jIn&FJuxvDZOTYud
zQiFYUYZi2ysKINv_iewmFW#QLD{TQ3fp3uZx`=U#_M7;ra%df?tVz;t(RnLeti5rW
z8QPeYR#0u@ag1W0?3vd9z`g;G8=vt>a%x?j$_4I4$y$&P)y$@&)PfqpOMWvXlpVwJ
ztPQ5vYDM&L1~M2WsvqnyRpgmmj0YQJ9ru3e@I^ALL+3pS+s+hxpz%^|Cp5lUQclzV*7pHTP)l9W{ov@ie!I
z5v%ZRn20v!E|?HA#pgP1oTj}o)gmm?&MWZKVtA8}Hxwg<)hpW9jT6e+8U97lDE`Sj
z@+FP+!lf_Omhqm&Oo$J(FA>+pzVZf9u^ALqI^zQ`?B0c^LQ>Es!(lmY^
zTBN{fg7yS&#rA3MTpK~CtzD)nDcAAm_XGXDE`ID
zB6|zS4J#LnEdZ_1>~G|w4M3;*4))qJM+1%@VZC_?V3ckOU1!SMVsoIt5w}W7N~)Vv
zj3lWZa*7ofN{4lCymtvLiww$H`a;zHtzBNRV5YyrbyZc}pVZQ4IT2-Dwlni)KHEez
zKLA$uYOW2oR4bZDtdFyrDP!jWg@*Ckp_-?t{5^}aT~eC3>3x*C3)c9y3-|j(@2)Qu
z4eLm6y>;+hZU0kmH`30vkyKO7;b@}i)d#G<5?#WYPWYWB_onNo0kC
z7e^BOC#v9%INnbHx4W-~b8=C8_Vt>C_ZgpxGiy($Hs3?^z%+o8R
zxmxqD5ZK0sj+qUIW~#{@{Xndt^i>arjwZ~o_`USlit;ctz6#)w)Ti933XOub)Q#DqC
zQpC+d^q6-}#f?**VMX;u=es
ze!i>2s*E$f2O%z@s;p%M;p$68N&8H
zq8TvCSZ#%^hMTmGtw+y~OtHk(+DxvQj>OG1X8wk?@m4xi2D6p7u6I3bKHqJc^bjxa
zHeM9?9S6;j#uS(1Jm+U%hP{PI`n!yxZ36IR*U;7ZktbfQu!u#n?^_R`~PZ+ouvWEfldk5WfEsGy9kVhO+
z$f7-6Ts=jp9M<;#xnHM@UUtPPtb
zx#*z4MG-ZiBWSjN7M4Iu5x9jOK&OC}Jdrz?(=Wu}+VlQ1A);trE90ZnP7Z?aa#swC
zDyBS-*|7d8BJtw$ohwQi#8+E1(qVs_%v+*Xq+XNj#Xp?mb#r*6IKNFvaN9ZZrnR5r
z>d=;YanmWpgkG_{n9pkWVGi&0O%VNA#vtLz>lKEFP_IdATh_yV4SFs5KwEkJNOXjS
zmz@IsbJnJM?PFhlx;xj^S8CqAg4JPFoK$xSnSaz}tKO%XY#qbkPlmVN+la~#C%;d
zE?AL1+9|b8d?}`OKRX0#%9Q6hGN@s_tTw2U^^fz_bO!yBjC
zb6g(iQ;~a@$_nBGgS9sAKcX>!GwBZiW}3|Y`nu|NO3%4+-C#L#mhh8RulMI+Wwo6m
zy56oY6#2oxSgrLp6)q2zZoNvYlR;$X=R(Vh@wo%0IEYDU84hY)a+xLf`wo%IlLw)`rPVLCQVGPjfw94l6#613HCh0D
z6$fTrQ?xmdcUf5I=}Y)qAo}syOxNAuguG>9?VDNGeE%f>H!%uq4@kW#(>)dzu91b!
zmWdAT)!0T@gq)CLl%RX$Poek&TlB-LhBYe8IKtdD7t*gw!=AMsz-Wie?4^Fte}+sT
zDL=TyDGLAzW66BCleq;Lc-0SM?p%MTR!jJ)_?ok}(HUB!67t;VD*u96c$=)G8_BNB
zf?jrUknq`T5BJl(?h%4GZmZ=#=h!(`RBGywLDj^x=5$a*?EgXhN4dxB0uE!l1XXI?Pas^-ne8pXi%o
zFS((4Wani_bAA1P4IH})t3hPMbd$VBogpz8uK59EEN_MthpJR6`+}X97
zA7>X=SMy*aXT!*+65r(L_&TtMUgVTOOcT3bo%8;Ylk)o4^+sjGMHX0sPgLAmEm^W*6$H-aN|k3qW3W1Qtx-NP=EQmTClkN$FfaX(HC$mY(M&V9L($lX8iGj
zAaqXHU;Yv8fS3$!LMWO=`x7rg@0Q|}-z&04SYiF`B106b8Tz~|^5eQ%sLo;p3S<6z
z*1TJ}1UY8;!`S?ZtNhu34%#(s(y-Q+<>9uB6n%d>a_WQq>>kT7>*{|zqRm25k_gNB
z<2iExZ|zRgwm=@aWdjVhHD%e&gir)tTSbcEkhjxi&gO8tp=+c~xlU2^vga;(ltcA~
z6z65%_LI)24ENw)b@epN*oU3O+8+)rC?O31ws&W_)kx&$+1=loiG8Izh4!gql6zZDoJx>Q+co^!pwp+uP={7Peg7!!!ntgCVSx-6&`k&&W2B=U#NMQFr?}*@r&1MF4BHVEC
zqMiAR)2HX*joN}=*h_$SR%#16%OxZ&a*J`Fbu4eG#ZsNvWt#H~L}!k`Uip)5hy&X+
zxN%;Bo9QOK*UAC3-Kd>3ozr-_Q)h)8O%@}mh9A-i?sc3RR_w8!ylMvdtj%lWHOhaO
z$&B-dgr`r-r#QmufuSD>mYW>adEo3pNTcEg+=X|!Qt!=V9P1X_tP1poAJN$?!g%Ni
z7{9Q2DUUHmB?R{2
z-gQ0(taLkBZb|#Z_x~>M&Kq~7p%4|rc&cDBXtApt>>xqhqlat>2hakQO?G
zzQmQQ?j|1Sw-k9IX{Y-Q7kMX4lqqlB2zu>Sru~pg8FNLpQ8~UFT12Taw&<~!RO6UB
zFdHH65A*$9UvzwRIi?x9*az0Dd7spjtscf8U
zHyHj-F`PTx)yB*G+e-r1
zU1VcD|HDOZo?R)Qv;byAa}V8Pxz<*h2IVu6cuD4AlEzP7tpy}F0qwL6@Aeo!wlB?1
zzrO`ux()&PSr?W>vVNN!+h^K8lK{`e`sXVK#oxWzE4v=x+F*seeRD&Dq(%Cuv6b|+
z6LWu)VjsqP5HFHJxnuPC)~#r;Ex5__F^jjK`N0B{17zxaru6R(dHIT4=qs^y!u2On&=6D32x49>{jzXV?33sLWb0jm{ko=~
z=jXL*g)^mr?^?x5DXi8ep$K>nM1KeNq)AF1S!EiKbdGYwwT*D?x^oSjBp@Ysn(TY1
zu?9nwM_j?~Xl<}u^+j0#_1cqb1neEW+N{hS2jd2J%ml?U;5!$a*53u-JrXb{Zp`WI
zP`e+0D&&kG)axd*eCY`5wVP+Dwi)-FOAk#0?8Gp`<(OIl^HRf{8RsxwW)#N9b)Ocb
z%;}B4!QwdYW-Lk!+*_{m*;hFX9DKr>8QYcY`7CiRuS#lTVmNe9MpX4*cEehuJGFoA
z;V;RMnuvbw-Op(I+eK$oLzvtr@5FE*}6B_fvE?_vYWsG~N;&lcbd?ZP*9D
zGef$@!^`yFdEPtnn%q+W`TiEU8=+;tdVVTl>6@>i}Xw@C|<24G|EsSSCE1g{eIZGIJpW69Rs>w{(y
zYG?PF@27;8^?8V`>frFI7CXI2&Lp&QJ6QLpuCpxe~e-v~wg?Wy=Cw
zAKsjw?Q9Mi&LRW@sFt;N*{m{xPFhqjyel+!IGBkXF-X@IYu+oiRXuLar@9C4^})
zj#IXB$&#MBl~Kt1W+^u7`W*i2@nqeho4zCUVfbB4?<}Cok=k(HS%W7)8C`RcQWNI0
zB(lUGeK!m%zxjd<`KBLcM)^4wy>NJxM~QMX3=!uOm3WlN)Mle
z7c&NK-OP+w1{v*!f3ZUMam4XC^0`pT`PotXThtENkv4Ap1MOM`Kku3nOlec-BqT0q
z#pRg&#r5OPq9vJdwWGqe=>U69xV75#c$%J)Bqp-l^;Spz4f72{Z*$snHPBZ0c8Dr$
zygrd|8o*53CyWjQo!PkQI&1o~>ky)M!9NDmC5H+zWT&6r=*91D@O@deh|ty{{DrKm
zEKv$nmlR5!a#}ln>b%~DG>LI<=u}iOx}o$;lXYP0+^kC1c1PwJHrzqvcXsZbcfNo2=9_Nmn~=#{Z;F+litLF$uo4^%436ie
zHE()QuC8-@PLwvBJ$X%NJ07dQ(BmIuN0_311{5$okPF=t#yxLccF&b?e9m@Di4Uv1*@n-1}}UccL$p<YTQfJ?h4
z{{7XZ&A49qUe@biR)Ue8J!9&ada7^_HzGmXOJs?6$P7Ol_v2f`nVm9dXg==Md
zV^aO1QO|bxk*}^=PaP9Jy-CW}I6k_8J-a+Pf1?pydLz~J$F`c+Ka)NA)HTJL)??hP
z?F}qAFF#d%mXtUX7AZB@}9lYYbGCp1tf1?yu^2`n!^Yh;Wg5NdOE50dMKaF
zLHio~{ZP>nUom?bA$sV)jHqwB+6
z>{>3MGAzi1(P7_ll7UUHydnLl9~U?fy&e~q@hSB0=;K9z6)J4KWhFIV;O!OOrnJI|
zd7J~00`q2GPAVh{Ee9ps1n1i2(OOO`pS&AA2lwQF_bryxJQ<39zshi%ri?|tG-(Yw
zn)w<{v`m&q`CY~AWA+-#=h6Cg`f%sBn#$taQV$;#l=NuE)P)u-=825=QY;h4?ALZT
zFl<+GYhpgrW`9^+A8pzh0{l&4lg$bw@g!~dai=@8Hf=wc8dLwLrLn{+HVN({$4f2*
z()FgwZvi^c{VDy{=WWgOB+Q4+*WAP-x@0E&ZCb=g_7MCiF6aT1(4^kS!&a$Y9%N?
zN%wcn;e4!2ZmWT1imTnY#cPy9J5{0}7u?Zz#j4}A+fnS@oS4o;L4697O<<5jpUL9`
znH1GgbM5y0d^3n!3?gA8M@@FKu}bTs{O!3E50z?N)Prj`4M(6R8z
zO4b*Lbyu(gcg;O>kut`tw;KW}^P+ofU1Ut(UZk5EUN{h`ilu#yO^?(ci-Z~Y
zdDmH!RQ2-cWJP$gWCx{SI7LvEyy?}iiRSIY7nQ8z>$++0IZr0Xlcy)BD=9{=YtGVP
zyPJgrb^C-mvjVEV`=mC?_p4a-1#h$1GmWZ}4-+HTBt>FYq_!thd2cZ#rTez-4Vuj&
z-1O%mA96Wq9>oS_K{}#)Rs_!<=>|pZ6bmz;Yr{31cJRj=&1Hc$f@%qmEilce9v0`1
ze$cN8roa4D0?gcu9RPpJ!n#~P%vH`mS~?Yj*R8YrZCd>wbh9qpdhE>{`nu-YK*%4r
z=6tPdsy&fZIwKFaW^g}J7`
z!tZ@+#z1w7Y<{HUOv0@zDnWCp@dN*^Q2Sbq^tk{>8aF)PaLqhM0E$cVB#-!y0!C7E
ze7>(kmhZ(0jJvdW%Xg=G!4b{EVZsE-DI*p&uNSHIAKShy*}Y+Se=_SCm~D;8hl^>=
zi!kX;=lYy)&1&^dJIv^wA@VUP6~JrnCqTMq041^Tdw}{5BOK%?a8O|$^-H?O{mPd?
zu~A9W^vvU&73(PFO)0wowT*!mY@k@k%9_QD(+g)YuoZMNv#~__kY7;@wXPj?VljtHh&To
zZo53=1`UuU;sP)C&k9?ITg?#Xj?(_A9_qf;mCV>WO3632ok@tZu%iMj=Mk9PbUpRI
z^5|Lq^By^Z8}Ax>poc4wGIc9iOOUv>Lyc;9mHGa6qbeliGIaCyS$*5h@Re(Gn@3Rb
z40Zc-H(JI%u3trFWJ?Q)3gtOwMrQsunL4@rKC1wx#Reg#_Dj0Q(d9pNHlQ
zF5FoDLgY)_=J+L$06VGGO@$wz%d;jd7R5WTs9L}<
z=V7m?tUvo1-HSdFtd}D*twP5t@lz9s-_+&WejH}5#v-1WEz$bXCupzGsj{%2I5Hw2
zYOWS3VOsToYLiJZJra!d_Ixzq0uP`~oQnu5e<@;p48Le#1z96)BQ#}PHw^tB%z~5a
zH<2l3+;+*}G?AkOa@h+mUteb7_SO#;u-H52jdS7h_7d1)!wsFrwnM%md-so7EYG8*
z-J_K8ur@_1`T!$v>sATY|K;u#gH@?HJR8_9&l>~@doaCI+kzQkzUnuB{IsYYH69x>
z5;g%tgb64kb(a-(Y$Z
z?!~f}>h%92$c0Zc?S72f3&n+Qv&hjd_^32tFR6tbFM1OmfX|p={ULPlN{6ne8+a$S
zs12pCeNvleH$T5a@zRH#mQ0d3+4^w%TF*bFA@`{dO!t7xe}4wy+Wb@Nnt>1YPOvJu
zAf+&CSwb6Q&cBn9>on7$kO1Mn!@kL^P^oDuwxVMdzSPd)Uo4iMZfIMlwPFsDJjz@X@%*0{Q;D-ON@#^P7d)iJUmW=?${c>HrdHrK5%jqoQr^0zTP{X1rR2Y7O8zX{Zh{kank@UG
z#F-9EOI{$u>X1<^C!t61N
z{egVmk(Lp7egzu_mhK)o9%p(mQ(|Of1~XY4JegU!;-09-=M9Z9zLycq0EUiaiH5Qq
zK|@YsyK@)I_G>dB<~Vv7479W8y);AFJx)2o-I*c*i@Dx^F}^Z}bu~V4X?x4SKXsz2
zCZM0xrxQVrLhPz2Xcvsi|>b~q8TEEni^`_KpQ-VcTc2TWleX;|AHwUo;KP)1#4yl6bma~%)c6qKq3XQwjpM*B?z{wAV?%5$*Z*BHf(
zYVSuXPZLL37bURh6**L;rv&#raz2%f3*S~-TAE?flREat4=iFo?dQ_tvli9g>|crg
zMtR~d!7NvawS6{I<2z18>|_|^hl|P%{w+!shy9BE#hRj-lXL}tlx=VcM+3ImY(<+5
z4F5f&Y5)X(k*`EwGaxC9oPULHuwAYQ`tLGXB?9l1V}{d>G5TN;y8^}ObAzS)D8z_n
z5;$>NT!nv7hX1>z0i{%rP+94ijan@yQug+xnKQgzv;fLZKuJkuKOwEM`mF&n4O$0r;TmV63JV#QF|lTmal4U
z4*a)}BnVWZo}UN-3a)c`4xl$^DWoq>3PlNiE-vthmBi=l6?x}ipFpS1XvjSAlV|)J
z@?q@Yh?El9ubro-_BYJ#mZ6FEflTYb)RS@7F;K#)88yj>K&V8Yt9)-`}1
zig@a-8XG#|+UHF8CyMr5OvUy5%DNzsEl$N;m`P87cKb)0155WtW!{SLF9{sOP}cuF
zOwB5um76MWu)KnO&_nxW=&%8Y9!EXQ9DETX9iVTp(e)*{!qio$z_SpQ%Gz(J&Ug3W
zOFeb4hIHSmQnORbUfx(8kFOy*J^JX_RQJpuIbS+MUdd{HdoL*C4aWCU1xtaoJF$BCH_Yi{N
zm98=Gvgl@x^^;kc1x{(h_fxE3;F~r^VTqz-5`38Iumcd|XZ!G>DSO4{wsGVu61l0b
zS`0VcY;P&5NrhM3$DX*emf{|c=xz4qJ6@QHD;9WpRh6?Y@UP5r0^2c`#iI~uwoBy1
z59pm+fbo}L-_BM(Cw2G^A}t^;z?Qu1GB@jppt&!WgnS>vMTXh4fkPCXDbmyTI7$s5
zEfB8FN2FSik=6Yoab(4$q23O`>qJdJk+NUpA;1J6z_lT;l)X#QH;Nm`r{M6f44es`)dNisgc#%tqX9!M=a}30tv!XZ1;21f=
zLkT)PAG}_nsv+7}#@r5#3k|IIT50Wx7oD5~ZAXr^k^}A$?~k~5rOM{V;>(eMW%gO-
z@ZWCYD%~?!a*cdMgQnxqjI&Q98_s*gcyIEqViak6?y60M(Dy=@L98Fo;s@$Xudyj%
zB=|8)zUGxF%;>Mwp+t1_LKD7&c15^nm6X9RbsCDBls2V@+b@XD%*eaQwS|a>v?r)<
z4cRwFtlfSGYXB<{cuyNxlj&W*&V}M9BqkV1Z8?BPg=;1$cF#D3TVK7qgYl{nbrz@6WW6+huQ>NCYB`$;3^L7iLr
zk(%aVUd=cA^JvV&Tk}{q2K|G8cP4$KzVr419!9@8#^=Q4nfV+Ci%Y+D{*DB!2e>ZU;0j#kbZ57
z_(iM1KX8ls+t+}P)2jcr9^czw&BGA+9~&h8(tUaKGrPpE`x*Fbv;4XzffrcsaToG%
zuea*X{X)IP$H~09VK)3f!_@!NW;XVRSB<@K5d+*#yjh0$8M*>@KIavG=AXg8hjpGt
z&&GR)H6I3mPar!^@~sAj()bgf%`if`5SOv_W>T-lOT4l3wZE)%?los
z55JAIPDgUw!9IDX8=r6H^M2F|;<=oakNQgo^<92yKJLHPJ|7_eX))qoS^)a6b-t|1
zXPwVz@ndWO?g{$j{MwE03hmW>{u9s#@?2tvA0eL>>eo7zkNc_hZvG?qd$w!8fEES#
zU95P;4#2}p)8%*RTEKT1jZ2IwKwfr)&bMgLJDRw}ZXXOha8do+Bf%$V-J>%LP~XYA
zCq527!7*n4pN{qQYysZuXQ#_OE*E_2taHB%^!{&?#m)>uo&w9C^ESuL)OY87;9p_w
zONW3@tx3vip4-+xR+`m@h{>6J=yE)LmWrueM9?H-<
z!1n|9TYVcx&f$BLzPn}4!S8-V@7GU2p70pW`?~;D}5RDs${1?+z{v*`Sh#`_ceja$Za)9B$
zhqW$>Kp#G=eTu7y=b)Y>^Ek*qJyq)NzRK_IsC}j1oeTS?rP>ewM?S05eo#t|4v$GwxKQFoDUN(vJ%hC4}15bxMF3X;oiE*=z
z>HM5k$odjmziV+J>-A}!|8@MX+9-)<2oZm1l=zePQGQo~{4NKn=l3$i{y#=OlkXS%
z;XBH6aje|St`;IL8o#@PA3PuZqpkZ?^ZCqwLH$O&=x&sgXHdyx6sQG4G
zmt{}7F>aQ%pAQBf=Y$loThji()vlNVJkVV8XP+niK=hHphB%w@kBFB1j!_pKrtW%A
zwXaI&Gha;eTvh;g+&fVAhxOD$F6wMRZ#y{dM6EM?U_SDFUf1}#ugGU(g6t<}$mic<
z#2)(zd>VJ_dGRat5S<|B%MC@)8|oha(T}5u@x$qI5A9wAzq(WJLA{HZN7+~MQxc0<
zMo|XQaNHZB#b5CuzZZQy7=L(-@*t0l_m?w8$ftG$B%k^M=)*W?1K3xuLjDa_{qS}R
zV9!|gUZ(}j>xmcn?*$(Ei`J8g1s*=F{Z@to5Bv;&IKJ1rz}yqvsME!HGM4mSpXB*Y
zBHl;i2WBq7dzQ7|7JxqZOkcTAEyDNupH37ze+BtRn%|`cjMnqJa9?9yz&7e(lD^aJ
z0`7Q6`w)Ff`d;Z`&mZHsId1XipQ8Mued3?IOnGq6;yw2_e3x_R5ZOF|!ijgm4-MjmPzaM@H+S>zwJFNHR;ou+o$R+lekK-QoNnXZe
z;Nc%MFLE0Bd(=M3<##nx|M|RP$Hk;{>PjQo=rc$zmtRl;E7T^3IZgd#v@C2|oU!B=JX00v_0E?5IXe&}U27
zZ!|;R#qxlAF1e-eTX6~cn|z@5)l$ggu;keRKB4Fsng0#^-oF|B_eA{aK90L3Rq{bj
zfxp+fAALvu%U!aMH7RBOd%FByElQ1@92)mG*-yHF-t&x^hu7d2?Ny4nP%D3MNGbGS
z)q5Xb%J(vJu8oGES>*3d5W8gx;yhm}W!!kI*w3Y<>Gc=20aR|fjG
zjQ-2f7cUaHKQKi6UALFP-rlVH-aVur8ZB|@F5rQK=6C6Vb&*mAzucQTpZ`kw554jZ
zIQDn?){fCu9>he-pQr0(3h@H-T_Z5BUIgw;iIwwx0lq7UKAxPn<)C*Y_Z9mm2;38A
zzN?Y@C%!AodcS+C4DX?qA8%(F^8~$eJ{|y{?<~J%nDR_PeQAt)7VeivOoGaLO0*l+hmqTbMVkMtja-et{)Z_3TRuNZk=w689gv%g-t%#&ZJhiKf_u+Owx
z$T;T&i3e~3_n@v9{Um)C;#{-rXD{eOT~j6RVBA91n@yK{{bLK^zqR68p94Oksot{!
zz^7a9L~|(TSNg70$?t;w#`yNNkiVs+|F?lpx8~<=@>y&AGgEQjJg|^`z144UoO-wg
zeN3Q-GYeVAAVccH{fB(EoB7rZzf0>y&>Q>=+-L4s#5yz48ke#N>k;=O&WD&qv^UbF
z-sw={fAWewKbCxQHDBN{$}=rN_JOI3aKHXR_n(=IP(RAfj|LxSi5a&Lf7l2-h$F;NyJV
zEq#X{r~Fs7{?ZE-w4?N0ri}8hGj?E0=yO>G{D+oZU0;E|+vg_8dA+TIc}8xzzr4qB
zt^V4FsD}>P*Zu_bu;1#R`!nUt9wP5J*DrxTd8F>!t(UOgh+FoJyFlM;m)f!Sf!=vl
z`_3l-_dlq0^@lIP``YDb@$34Rpg)3@S2YpzPOD$W437Jx$>Z3=K184oS#^F&C=dF8
zbAPT`!h4E&NAO_atxL@B<-q)*|EggL>-@w@otz`kPla{fodBOk)F)y5##wxC!0N}{
z2tL!TxUb(h?g7oaZ(qr}RYuQY*u$NH`>no*_Yyy?eeL5aaW0(F-!~cb4qv>~J$MN8
z&J%i$JW`3@Ynt|dnFKz8Z`4ozT&2-Z=pL;Dkk4^9Xy4=oDdoCH7b*@L=~;v6G(!9zNoh
z`{Ogfoh`-)pPVYbvul6weBv)8i``XO#XJr(PbRajIPp7T`Fg`Nk;iap;3xD)3i`E&su
zLccSfWS4j`Xot;dp1K85ff!XGuB^u8F$D|wvsj~o5(1pXrFOA^J-$papI
zz$@
zag+bo17%$&lRjJX_=YXVdywUaA4mFHeaC+oxaW{h-h-Z74*%OgJs0x$U29{+4_pZP
zGgjTFYRFSy<)Lg^j`KZP-(_}!zkiU?!!_vV0Og!&)?EV_g@FfAM~M5tCE}Cy9X6uc
zth*#@-L9J6-($+aYIx^~8`*hLB?LHex&)h?y{1GLWYG|&f<^_+bnXy#jJndVjH2aSFTt$6s7Ap0h3
zUHz5(-doe;-E%|G{4N_T`+0=FiP_&yXUIDJUyNI9jr$4s?6>@H$4GD0`8mhmB{oLR
zi=U|ff&pR=I95<^qh+181RiXXBIo`cz#Z^EbKkpX1^bby|J)6{&g#!QjN_ud7VS?T
zaDO|mFl>b4m#A%nVfZyBlhg6aOKJDjH3p|8+1)L|Fz-NQy
zw|tZOiHMOr`duri|7dx4I{-c|%MbG<^wx2p-Z#GmAJ5fz&C?2Dz^&#IA
z=Ur>y&eLA0i|$;Bce=fq^84Pml6Abzy1Ns8*SM9i6TIjn8I@5TL;82kIok+)CUD0=g9q?kb5_F7Z`rG>fv>gl&R*xZUyKs_
z?H%BuK3?h5`VsWtIpq`nCs(pQs`Cregg9$J0vU&FZ5t@oELlyjHHw=@v{I7aOJ&neFrnsl#uOFnUNQYUH|@$DYT
zJFWx&ZI&Ii3G{)J=03F(1Ajn1!_2y_<2@0${}r>2`oYdWTEqH6<{fz(?3vTlTT`!`
zcNfTihrW|ur9L0fc=EQZxi7_vopT>>58}-EyZ2wsJg;b}r#%RG0P#p%@56vQ{;GXv
zGC1xSjmLYO^sAC3PHEa|qvr;zUU3fSLs1zLmo=YqT6qe!q-R_=e)r9*QCG^2V_A*(
z+lC2JXL$E&?2~QuUilHfYeKZdUmd4B3Fbby6C1=?%9A!g_QNZy&3=+)?I&$(SuaBC
zz~2TuJW~4w{JEC?ka+0>-lvxLP>p*`CVmZZVmKeuYZ0Gm*>#ze=L^l(dy3+Rg|Yn`-86}pB~z8y1o|vlg?hTZ{MzE-2n6@$9FY=K7@N2
z^?8u;Cuv;S7qzU9;gWpeGn6MTRr0kPiBHUs_t0i*Fn{XQuYS`S&_AXA;XBtLkH)(1
z^aS3~y7zg&-_c&{Zh6-jJ$uGw%01M-#@r)%qn{Md)2uaoKhnM%Q;4JfKkeb?*RbD&
z`CaOupO=W^y_@qhALE9t_l1R^5A{r!{MI1wAnH-`Ua*1qQH|?(19+g&%>ThCT>BpJ
z58dJiJ^=mH{h)UK3Ch3RBlgdE=-K~`_HAh-e_yKP$u_A&oTv3WM%Lk7W{di7+t)GP
zc(lYhbg!e`rStrL(l@3_eC81FKV#MXdl>k(q)d6QnOevDSDft6Gl2Ww8X)zWa>1vr
ziQez#)S2IRy46Q=aUJZdtD4ua0(^?!$rS%&9mWmxHRoU!Hp(}l&kAc_+C}+&2@+p-
z5V&KiRd0~|kE$JYmiV_CKky^*PqfcqM7{Z5Pvkg>_iI&;eI{|Vyqnxw4>_l5Ka_hw
zACA<1%88&448wgE``APEh!e2U$$y}Om_?Pq@PO}c;H_zLucJX6|T?SXqHXNbS_u2;-=^|bOD?gidx?c0gu
zAJt#u{9i$QHO@!g3;xU5)xcPC6z6dwD_|U9;vhqU!i7Y{*l4}Ccel4|&c5}X@8T0V
z+i-Wji*YhHZ)V3REh4Ux{Vg$a<@;U}?zj80KPjJ@~&V=NF^#R*_xB~D0;
z1;#oQ3nNT|oDggTu~OAtH8a)ocK2;0`?l-r>guZQ>h9{EelrKS-b3>J#&;0^Tdq1R
z;)?FWe9j~1$pPu}VQXJ`H}Nko%I|&L$M~I7;$GsPQ@zhy&-)&Jn9gJA`>L$ZV=Tvd
z&-@eI4#(tseZNKWH=LLEZ(kz(vd86f;a3U&{C~;${L)9L9ky>5@$Ih>K63?q2jmy2
zzX-qZ`~fkaTu=D&r%b#$Lly6NgzTl?=kmOLh~>BBx$!K^e~)~R?ttVRessH#bL0`a
zcWs^jJn#s$!%w8WOT^!`=7Gn!UTgpUb&~Vc^Kw3amfP*i^8EupWc(fSy9PfdInTV`
z6LH1GOZ2|wZ<+ajh9-j7FY*3Vo*P`T#P<*7@2NKszTq8v#J=om!e^eA??am+{OE^_
zKX>{2aV+OQrp0~5gG>CK!3lAnKVp5X@2D=a9QwWz&-3>#@x9O;;-1*2SWZOu4M?8{
z8Gq@0;(J)9S^a8IU*vZQZ#hPBk@dcs7V#e*>=gIvQ`YAXZxFu|zmsr>?ql%pkM3oD
z`aLh(^{2<^Js#G3X+C|7_63(76#D!n;TNpukLO9wE0&zEaJ{Fe#eJ=>b35E3zf1US
zYKIHf`>bAMyZ+&N@&19A2wz?@@z_)JJGlR4`6qXYd!es6PV?|@%69%$!ms?We6IcW
z)dRL_%HluQuO-`B>y$m`z{V1=l3V?7vF^p2w(o@Zt?tUk?^Az
zUnid9+(r0>j;Z%DdT{j-!kzE@uK0eWIOI9PPg?834+ww2IuE({1odwqpZC4t1mCBn@6pq_
z;s)mL(049qqIvrXs@IA)t|9&-^xY6%M{YR5-&1>+=*OEGr|-Y>dUrePW4*s9JwfNO
z&q+W05aB1SxaAWk_PEb5=-S<0nf`5m2P`qdFNy444?Go=X_{Ir(FQWCl
z_yuk^m(DAw-+x5-;orYj_|+vR$==_R_Wly#%U8>Lm~TEw@4>eAp>I3M-+!ML`;My#
zKYHH{;`>BfS^oUBVxHVh_{;-0ihEq|JIVLZ4v70s3(S9fyLjKoT_^c_A5&r-|0vfR
z?iBBT_~c2`kMGGfGqWdKLy&i6d%jJ729%uXu6JlTUZzTVI>pkAz
z<#v0MIrr;PJo!Itm$yTlJN?`#lK-V`V*hp7DgLgyT$kT^ir?FRyEwmnC*zM^FTPhY
zaf?|&dld##QE)eSkH|{{xS`i-{X1@nQ?kQ)f+JXzwZ$7
zb3yuy|5*0dy{Gs+!}5IQ&sa{jUF-|~n&ez*o!gvceXRKQYlLrjX_wfqJ;(e%kng#D
ziR=C3ZgH>XRl<+_xAF6zQ9Hc$G{x=K`t{4F>37+$mFH}4InD3IotE#BJI(&KPwZQ#
zPE(w3J*VDH{4>^bfxUzuzQ~N1hiIWaNO~Tj-`DW@o=f~2?vd}6?VhIZURmo!&h>tD
zhZrx5Ea$rhe-obmd;ortM3!@m!^ljVQ$UBZ8EWqrOP
z_x0WxdR}SmHxsUR{&vwXe?a)*d#6SF|Ir!#J>!(PXZQ)`zxy^(?`O`?{O}z)Uww}C
zzt8y95jxjBeTKh}Cf~cb%y!Mw?{TOfpJ07{eV=$9^bE_{IVH~VUf}k>&G^H9;{WLx
zv!6Zk%|JYN`}wnE*V_(==ZTjPe)RHb@%-ZQv;5xR1LC~#D#B+5o5Xn8%KY!9=an?R
zZXkTaLo?#J$zIlHhrIuD@T_^>^pN$u$zwTxFW;jcvHo`$IhT^(et`A7Xuo*Qd-qv>
zFUPgwUg#eazD(~qZy;pqcEZu*w{O}3Z^X9E0K6#q;c~Y(;-zGWZ);{7z
zZlA07iF5ClS=ZNz`%pAHE5
zH*vimlK!*roLOJ)u+H24b7mYZS@G@sIerelU&M#^F#a#w#65@m2|s$T>6eeu`SSye
zKX#jVkKAWj|L;wS?;)OI{AULLD&glz&s%>Y^?Z`~U%W}&`+E8u{a$HI{$BM3jlaS9
zymfB;3fq;*_iJ5rp7u>o?-%Ru8_$znBrfw
zi%q=xJpCTu85_F>{`2Bq*Q0;q%+K<0OgV|?ccV1CCQ6IkPm8gx<0-Y6K#nP-78U;Q
zdvOeT%|iL;g_P@J1OSKY8<-&Ib>_a|IGOL|cp24l{A)^j5T8q9`)
zJKuA&c3Xvo(s-O@v;Cfp`cP3AtdN(7UJ=^ppc@ro)-P;4nN71srCBdb8)D;3HKcmJ
zA1Y;|ov`ocr6`?ka;9F=tY|ifnx-d1KybFnt|E!?bA<$Oso!8X`k-(muGe>h_Bu8>B?_6^zlq5P7KjNodlh
zwE)TbxsO=lcB4+Wmkq+)nd^IL(N7$erHjrWRD~Nvov83)M|p|rryWOyUI)6;Ng_Yb
zdd>n&VRQW`pLGkb6^AzMs_0Gw208dzu9Lkmk9u8jz^HI~dDaR!(-8G+7Y!!FFlhir
zfLjx~3YUF51UvSJcgpo{&L1y9Q
z;H)~|07hI5Fam2pRaFcY^n!ezGYug44TX4F4D^861p3qTn$e(+7!~S>ks=VNR?00G5Ud`eL#pc{1N^qst84B0=
zeynp0XFtWX8Rv5XQZOORk%Q>aLQl0qehHvk`dL5KwWKiTppRm16zKLUQ?Az4ZTX%m
znyMNz1+Jn*ngDHz)d?oB-3ZsSm1%gvP=gH5keX@`nh$l%;l#&NQaeh6vLa2?glf7b
z0OGl{WY$F7*Mk7ldfe-&rW}@<@E?fN*i
zmWZTu`I0it7(*EtVtxQIs&bUCB1niOiZMS6VEoaF2fF7WMiOoaad-q7p7KR8q;c&v
z<0;Go~mWI~O@&NoR053p*V+E)%jna89jsjfOv0~%0fmgaR){d?VHAQN+
zQnd#WGqjeLUv$C@!UowEiVak2wndGVD^R8_6t#t-wop}DsIn0hTTdn{X_hL@Qk7YX
z%u=QS{UTo+o7g&uk&d4Cl&52}FbkX_%UV%qY+`B?pgMfaAsj*pwKO*eRxyB~irGES
z$J%wE*oFx=@$y;Z&4XUX<#i&5xGq&V(lM>V9NNOnV%p`E7iZA%DgLXCg$&0JL~Hv2
zHK8A@)!H>yZf!r%t?dVy<2$iQ7N?7duf
zHq28DKdLYa@v`q5Yz+jo9I-5N4g+1%a&$3eiPbWjt+8(TO%bbe+pYZnsL&SS2RxAc
zzziU8hx!0Qw=e?;9HN`$1+U+J0Ko;xg|(|6vNz1>odppnw;XrqQaJ9w32V~{pu8wT
zWmK#}uoegr`~XIuNti(!m~jsV(C7m>xV~e3UQpnAqf@HiLZN9G8yN{q{>WRVda<`i
ze-hQE6u7=WtDDE`>p`J4H;WLYvz|`kTF5&XNUk;bEOu@HOzRR;qL)obn3mL;uv}mxdtKl4B7f`DmT}Y`<%XSSs2hDOs94P;9LnQR~pTes9p
zVUWcw%EXC8`xw66E?8X2F5L5
z+M=f{daFg-TG~q5I@&5WG_+{aFE`sBXe?MAV6R}@8aJfHTm+rn&Preo))NLWvIh@w
z@St>T^W>D%g^63efDRP;GKhm|(L*vwyu|C72~O`>
zsw{N!I7+}Jf>J~^3YrMc!!*`-;-ynLjrDsPG5bn4Q5~1IcsiF3;`N?e>#PT3tqKGN
zQBcd)n>g);emOSu`H;r+LZEenRkEuGY)UQ6JN`OGn``JHHVK-&PQ!{BK$*~Nc54RV
z9w-XxJY=Gu2o$j{B;-aoxx9_&iEGawc(gkn6_Ui(C_OlFI}Fg(%)EF!}+E)9Sa!Hf^4uzmra+^kFCd
z<)Ms8J(Mwl5xW`ANWq$=B3QbzI8W3gf3#R~$8IqGOuEsd`!p^ssVFIe1o;1RI{WPfvNqdFQvSKVio@S{ZDl#f2V5N8m5io6XS+y
za>6i8ZW_Wg#Y`k=a)_jfjg#XIbYkQ9xU<*Yd!uVYw$&rKA&eS=tqOxCS(WFkx`ZY>
z!uxjZ+&{7wLzqi=ecG&0q}=2NVXNP9lR*D^ti<;vlIxi{k*mgHJe|noh_yW&#+<35ArdM
zf7g~^vE?v_fRa&!4}5szLL@2;LybutJJ)C&d49K36%HbE^4Fj3br(xvhBA8~lcpVz
zA%d_@n9UFgFmmfVqG1`h`(aVEF%oQ5z5zztBCS@!OX~I+iuQO(%|1hreMHb^FImC9
zVHtXNmk9d=Ta~{a`&KIv_;vdXW$ZI)vd<7?9}#rK?XO_pung3nMUj1it;%1IeXErq
zEBZx7NfW_^3w5&%Wz05dGTRVjHWBp1IbOl+VHs!^iz2fH8|K%6(ac`0L=xBSGnBE<
zq{%)*kbOiL`;wLHOIEOtMUj1pZC|o(`;s;7!_#y;xGksHG^QQ^4HT0tCi@bb^8ou>@#Vy&k$rE5p+(Ou3+D=4Ah@R
zk$r-#%3qIttCc8(8y7V-mkM5Xc3Ql#iR$q-P5oit5Rz4n?pP@j3#6
zjcOtFhn<)J!UYH++X9L+;4#|h6HqVp;>A0|Is}_LZJ>mpgKU(y!nX4n%xGc5H
zQuBBvh0^VAkI2W*c&(H5p;|q;HnhHMS`u{0
zw5E!_{8{GrB|V>JL74T*>me4L_2yw@D}N|a99-fwC8c{Vc
zX*{Mj=bS|8#E5&!A)H~{#&dqW7$c8js*F(%ZYpj}={wpApU|lJ&=*iUTIly2rdqj|
z;#qh*(@cicu@I8x@VpBX2}Df@=#z7t>+poO1n?@4)Ar)H<>AvymSbJq7{V~ZU5z27
zbRQu}UF5g)y=oB9N%WnE7EV_#-ZXGR2>$fBjJbYI9NM-l4>bp*fxVVYv%<6@bvq`@
zUMB+oj@IWx7_|Ya8^$r4U3-E07x{81dN;_k)ZX5B0f
z@D|4!+mvCfnxmaVgoRf@@fQz1EL^z@LyE3Yt~rhxd=UTpUl{cv&PJclkfc%!2@ZKEI{_$+fVsfU$`=b!-RV
zs7@Y2{Lo%omnNSzX_~XtRU}A$^K7~jq@Tpf;aK4#jNO`$L4=bEZ0#YC#^Y3SZa0Mx
zo!rzMQRuW{tb9y3;^BwIwb%WfJvYC5*Lz2dh=($l@Oon56^o$#dcK5Rj)T!zn44g?PiMIOL{r=Qa4c^}(Y--a$Bt&AyJf!bt?P5*olYHek41sfXgJM_aEH$4%yxy_|j
zvt*VasV!04Zz{2LT`@gpo{9qfZ9{0yy%8rt}j^d^8nZ{Pi)e-{F>
zAws9seD4Ay3S@X%ee|)<6@b1f>pMQM#HqI^lp3^PH&(8V2
z=i6m~$Nl(X)v{AW%%s71*?~Mk<7deh@pbFw;nn5qpI7<5s-8H{C{`;ZE%SLWrTe@*
z$X}=g2vV{k#vlJXkWfWhuT*jvc{OPOu_;)OL1|@rH|tt50bV~
zs_o#4&}P$g4{0|A198IzBO1Tw#1l8t^ZIkG;#rIzLmf{(pm^rJzRH~{2(_u(_3G;K&1zkx|GCWM4{%YTVe(g3Z?0C5
z>GKXjf>uswmavL^*T+wPe0cxi`@1N)aGFk3j~<*eUC%Vqhi8mxc0^~7W_BdsKmGpc
zi~C(Tq`A7T^qfJRY9Xish%%>hvQeEAHJ}6bHr+aT@z{bD;1i2BoU2^oy?weFgGHh%
z6XpYomM|%fn^x%~(f79K0ErhNuahS8PtWPe&#P0SS*Q7?A!nGnDwbD9v!K|W1z#K0-uIm>iy&3w8oqczZzsBtm!#cRJ*6b%jVv76wAEY%HRV~{
zpH_G5H*m|crhNjx)y>0A^8dcv{Pt-nNS&?hi_cl=lT8F;{_){|KK<~CrMUWBWnX+2
z#(t_v@hEvRbsy4lxM1%ezkK^IpIAK9naaNSyrG_G0xj3%Ao$?j5%<_XSj08&LgZ?>_j%!fBeV?2FHtrjt$X1{hSB
z2t+dA(a28^ixRoyI)PJ?)!S4OSz6Q9K`kWB*vkFpU0T*Fxtu{eC+$0a_
zUBNmx$-B4j{Jz5eobv9`-xWnX-jGRdhXeDwMK*X1KRuI!7?9MOD}yQ+xX9wGP4h{lzL
zO8fTVgZ(U}4v(u^;aSw-e1r8~ZY=$XJ*>c(TEh?w3B~V_0%;&uYMDidttMW$1FX{M
z)?9G0h6ab1ye1qXe+h@pOZYWv_zXNlJzt%^qefKa63TN*zCv2vY!=b1R@Il@KD^LO
zD)=R7s$=^62pyEe6GEC{rW1oSijK7SMw!caHlWLxm6k?T1{_;%S*7b
zQ2Dt0P}0rF!d|TQ_yIg*E$qWpo%TFDwF|$5HD^9AU&yx&m5*2kXYeWJ`4cE@i*COR
zR~|Q*h)KGwJYFPF(V7z~vgymmi!;_`++h5y-geEtT|}t6s^ilCG;1obcFk@{Cvo-h
zlRiBZc~UNOauO;Zix-yiwS3(Oyd-tj?q38#S}QJCKMe()F1_3~RE)_gdi<%{x(nFc4G!L8*veWCvRquaEj3z>7e^KE7yZ{W7zyaD@38Ze>U!W5A*`S$b18pUfQi@nYL+mE)D7N3ZAO~jyn@})-YhaE1uR3eA4L?b2-%A
zkMgjgO|xNC2EVG=l(zI*|4Rs6SJx%zUvb620di02nEkWcbQk5?R9+sk>Iz}h&&y^u
zvz75uy|QTDvTvCIHwB8DEqv|aw}SI&`6aI+Z|KQ-%9a%hoF1K)F>!ruICPRV
zN%5%{eS;iVi~*bLdBQ5N(j{DlXlO#VzPkGLwNAuSuP(uUeG^ttKymtXVuvJ?T4!vS
zY12C%O#f8(&3wzbs^`3Uu03n)nr&Zhp{_A`b@X7ti%xda@3&=6%eMtvYOaNJD`RhQ
zRmx72oH=XL3_hz$`@7X$x!bkdiO@QAZ=f(i@KLgsgCN=+p@VGoGUy95oVi3hsVd18GW5AT`&=@YPRp>tDCMI
zo{~(aph}s2;l#p-0f%)<@!He^&y^>MUti7t*c$FR_yqV_WM
zRljRx(pN>D5B;tvfYyKi-|z2!{NWQz(ZspRzW6L8@l+H0CT{^1AyzNl5tCXWj~}Hj
z32
z)j5XJph3^qx9{J7`uw}b=!=3anG>BoEI+~I*t?iibzG}IYWE_O;F$(D$!~uyRrfuv
zsb%K?i23?F0BR)SxFa4?nC%FeJ}wiPQd$XvkKdoCxu
zPIr@H^I>%SRDB)OUw*7;A#IMNV3euWk>he^miv~PuME=)p}D-c!sX#9oNkxh0!ZP#
ze;S22b4AYau;iufI)EmtFr^EubO~MXTn9_}9&z>gCo*b&@EM)CCi73DNjjs?sMUOh
zGZYx6O>UC+pS~~E>z=7Cy8(K<+l}R#m^nIFQ6!K^4`!M>ZNU;;v_|c8U8MP1gHOmA0*Xs%Bswvl7g)eRcWf
z3Y5=(zx`@IOG&8Xs#bUw`83~Py%W4ZaMO(iy<=W3!!*wGIjuXx&5en|h*Y8nssj~2V_2|J_3d5%xL1y#Ehj%}GVzJcdk2xpe
zR(zh!=tL8Y`>)0G_1DZ){dMLn&DBR-(RP(LVEFK8YEsQCCX&m(*g;`spzn~pLSFUjGHBq(&@NxXA_dTX`2uxZmDkKRlm?Hkdlm)Fq@^1!}l9Wck(};S=
z-yKqxtF<7iYTyrx!n5COVA+pyL5YX1d762mx5iA1vMUhTfdj6Erb8(o>Bw%9Z#Qp0
z+t0!kpQ&nv=dAgO22Gt6uP%i)1s2^^Y0Xd&2e=aP@tOUjym;oJ3u@$_zz>>+JMq4d
z5h3L{p3QN6L>Y1PSicqcD*P{W!7aWVRyFS+Z@1M02n60m`m&DL8&*0zc
zTMOB}Qr}D|R7JAR8;I!l_5@j)@BnK3>qh@B1wKbLwd^dgGh1Ij_cs3A+n1+jQeUU1
zK?)ibx0S^xQkQSZ`bkdy(`-3jmh(xjQPLUG$6UpsSV;0p5eww%eP6ihB#vyQAR(O`-&wK+_^@6UsjIY@b
zg04uaCLENKhs|!^-y*fI)$VIR<(dz>{n~yS{uZvEBD-zqFimy(I~LlujXi4&Pg6pR
zMN2$qpdM#*#_YnEFTu-wWi>zO+oH&OpV45s!w@}$<2F}->uZP5RKCVc!A?td30Oad
zcP4eCsHr3jH-)Tk1$;2$U4U
zIO%T>lyz7rYV_^o*JrdTi#)F+el9Pm_8e3Kb)LkHSabFni4G&H$GmqF1J%9jp|lqG
zLzmG=R3qK7ahpYArqDmfhj{6V>EI=hr6+_TR<61D%~VsfBf%K-JGME
zT6UIZ&TRd52$44j3%ohFxSK<-_|MQA_A@*g?lWYeRc5U+*DAACnQN6Pnk235l@@kW
zYN%Qli<*}Gy7`s#f=Qj$$^ccS+2D1{`Mo?$GQ_ToSkn4E#m{>q~
zD&Uj5nvf9365vx0=HTWLDb5WNVP_Ery}X~M)l_GHntx8*KWR`GI#>2!)ox%cn1M^z_IBHN4+c;RObxY828l9ML$PvxQ+nlpR!ZRQ`J+1u%k
z5XWw}%p=CM$;?yC?ouU$af7*MOPRG%?c)b^wa(<=3$i4gSx23oIQB5s7
z>z1Fb-^;>33WhTWMZ&X%XDsS$ofMl*nUzJIJ*~Pr7aZwVup^;XL-F(F<*sVs6g)A_3k#
z9IU1cI68T$dfJYs`pG$ye@cNR%5Z
za@wzZx5C;*-2$7HmdbF{JSNrW^X>R~zKx!r1kh2N^B{ZF@N}IpfHOOPcI3Pgu*d(w
zO%j@&ta1LJr|o8{ltRzK{F1BP(GYWS_oKFMyGoKwXe71*rfYqygbPwVTpTf#hg9Jk
z>sDtA+rM}owsYH+eN)Rl1Knmkli!%JbNv0T!g;gyOt-cd&h2;7Oy|O#Dtu%o1gRc6
z)klGVn$wus54d|eUEsYVg^v^ogaaOLLWd@mUH?r<%k*
zQK;`wcEghj6#CUP|DsowqaH>NZ_ClMN%rN=Ck>`AW^|J<@;JL_;BkY|vt1KE8s}c_
zd0c<;LGhz;Zpn0<>{u``SzgG9mjJ1`7Nds(5B-BU{c-@*=Ob>17wsQsoMtNIwNs^XLmno
zFnV@(NU>k_$td%3zoY7-Cy3=&JU|(OlAuZU<(?-E=AU&1d6rT4zT}KI_%=t&4WTXR
z{)O8k)R%5yyGZ*BOEZFGeMomSYFszleebkW*O){|pKHi9Ol-_`OS8KzjR(l2qzckn
z2)W{Zj}Z6ny-vg$=7B~}F&F}7eb@3QPm8Llk<=6|8-4Dj+i#}g+B9C}+mNO-YG{12
ztg{sp(v)T$JqHe>C|n!Nz)1{WA$^oNiy#@T)q9MbQ_5B~>czN-3|=jo2#xBDGi^Uh
z#7w?LU2KgcJE{>LE$i`gSNlqyt?Xw}XIk~Rln#GaKC!Sbt(-Szhq(lD|HFKgUDv
ziR#gVa|py|8tG8EqcYwknL{%)uG_1ttLrH=6%rWuN%oMhqT~|b8dX1WoF4K3l3eceZFiUIk2vt;O=
zCM6)5wiLJ&ELcBL43HO_biW&pVqG7ambzHZY-Li-M?^mLV9AUxYkR8J@)cR$gIo+}
z1egD7Hn99(X9tx()dCBMv37+(@XWFtdGDVI7-;mOkDlpw@?prt?bP_ND>f|fFMHvO
zM^$c;&mVrgegFPjNG+VU`P!lUoT)qA=9no)@TOJjh^#*Nn>S^C}!?uCl=uFvJ@A0jk
ztFTUw-h`sFUo`1w9CYuf#iB@l^KB4@5T@7ZTB96J^ORZI>mHi!
zPEedGfu1=v>fI{J^+7FoKV_XHej!OMiCsy<{k|E}Udo9I3*IAjlY`VqHn}fmpeE|Un^{?7t2t7gf41%t-TP-d
z$gmG-)&@L%qt+8hsm8w~AhH)ce$QjdsG^!W)M~&dzp8mH301s4)M~niqbrb+{-qAJ
zS|u<8&D*qW5{;${R5Ijb$!O8z3s70TNU2^0s!#J&Mk*WMRad~4iF)w|>*@lg7Da-H+SM
zKgOeGKdeTXGrEu3NBWbJf&FY#@19QFb)))s$Pv4eMC()8+9!7*6;f6-@{m|
z)V?A|(d^nD=@jagkCN6o92lyLq%=Q5TUfZR($-RG-dNK7m>@|zNJ}+$d#j+nPmtnG
zqbZ^`OsaJ|QhGIwULUcNW=fawkzQ;#Tjd-M(xT?s?cJf~3~kCyb2Py$O!Gsi!P#cY
z1s_HsC!R@T8^W=KpFI#9w47nLbpcqXZ;w7awVMv@{4I|Ehj
zK`s!e%yF+U$^FEXnpHEUBrB2xCQNxj0dwZUBp!I6YUfH9k+Cl~oUL*O8N00cXaW=S
zVAaXT!{x-TNLx*)HEF>_9#ZL({xb9fQ%&#FeIZaoC{lUTqD^N&Bi{V~d%H{9a}qeuT>xbw|)SrT}4w)NKQ
zm4B_sKXP}k%TqY&GIkUDEWn)0Y;K3<5MH72${$0)p&gn{*phaQGwW}0&EXPfYS|q=
zTh$LkU32;mzpGv6{^oW$yGmWw-Mju{CwanTmr+3Mr(!fQasE12zI@V?Uhyu^Ybvap-5Rby?-rkP=xp@udTaR_`$@s{o}8BZYv|O2
zB`0NB+f%icpP%JD+$6t!U2J9Zb;iWz>zVd7v-Q`l8Yj-Eo5qip$YSF9NSk5BiJqgU
zOFNI6AZrdjBuSJ{PTQoK>(=wra`{C8qPd~31
zdn3_jVCA|*si|^9!2&y^C%_DsRhu$eHT!m!49o$yv-g-U4M{I>r7^8lC65nHm*e*~
z-ECIXIp3rLbV8kS^StBgqXsw0r;lf-1k6_U#b>$NJJke_Zq6Fg&51GH{DVQAYE#03
zI4>Rr;eU1U%Qa1vi(HaFuK-4qZg55kQnMR`fZW(~GZ+3^G+V6&Prf*hS+Ot-ckKLr@aEoi0u1`lLKC|p@K2@8AavbIP
zw%m+fWqC_3e$7l>V6R-`U(p$q97Zp41uG=XwAG3izjdziu8B8OC1`W1Uc^tYJsQjH
zf94i&tzN2-l$#|of|pub#c~7ZG0(izDxCQ;YbA5qw&QiO{7QbqDoJMXBF)rApYWX~
z$ER-~zHHmxST}IL2mXrG;3|Tti`rT1eid)zfTTAvjU~w#ObRMS!`JMp--W^VyTxNa
zuG;U)mM+@_B#~>dGd_es0A(o1yu!m?zf(z|3_$%3_d8d?eDI+rdqfO6A;<72xhsk`
z-H}PLOV&dJ2Pi-O{H%YMdK3Kf*s&+d&hjNVTVJMR*w>>8w){$d!xRsoV;0WwOkF9O
z_4;S8TkiR9)Bq_%fF#M)lV4rFVQ>Br_vUF&61rTHAOeJ{O3mQW#y@lp6>P}4#9jKXcPU^Nk(-pFf?nBLDsD?cc
zhZ8Ps(0q*|N#RH6iwfRB%Hhc#IJeb$;OeHU(p{o{EE#~D(b9b?shCcOUgkm2A$WU6
zNmCcB4_Qts#1Nd7)O{f%rz_3Bi>{Fi;qvtb#ol+t6MSF^-2|;4dh}$XtI4BA?5pCj
zSr@}lbk?i+i>8(kG>-1P-;fTWw{~{}Bu|^Jsp0~p@opJg`VcvbrnoAS|u
zSZYSqCy>EZ6gko8PS$!sJc&`Io8;S%x4-?dl&3aZ*%zPXHuzK%9bn$ORNo2YOu2qm
zLcea9By;P+lr5Gdb*+Zpd$&N^trU{cLP<8P)6lDb7AE{EA>$W`@89>G+)TaY?D%*5
zxT+9xT+W!}9?^oSs^4DNuea~OZKVQIf33%^Fgm)*8DH{z-LSx%cv6{30eSp2CxGTO
zY|)OHuX_T0m50S}7Q(A7(ym3wl|2O0Na7aMl*WU6rmZ#ub#~aD|K?HaXDd?8Vq5%!
zSGbnXR=RC^{n%uIio${pWb*K0We*Ab0jdmpa6XVD^!PN2sd8f6!vb}$XPZ7-D<0PQ
z?}%H!u*CMY|73SqQ|v{AI$iB{P;*EmuVJ40d`F5_3e3%BU68KDJO@gIj|HzqX$h~>
zOgRVAIdYz8sT0-)Six&m0kf>-;^b?L+dmpN2V1rv!-iqWhfW#@?f(1CSNmDYIXJFr
zg=g^$<{Qimc3ZXNfcGmT7kIWj)fCgtHT_wG4u5wFlJ7+>Gx}yp9+7rE4Q1#hYD$6Fqc3C;l;A3FNxfhb;NGtlX8O#)r7WqyovXTzN{5=KqVjZ
z-+|{HF{kC@4{e@*EFbs4m}&o{@6h<=dO)TB={wl=g=+u&BbI%^KOX*qvEP>eeDtpE
zi`D+|7g$puQ-fjfLOmKbX=oN(EyKvhRgd1iaEPApyaJ?v495mex_mD2`c2CVNpWmI`P&~F}cMe$d
zP0)Q+)-S$6>imP3gjRUZ(8$iMpH99aeO%(=T0Z(oL)_CJ|M>FXKCu{6
zn5pcG&%+Z=G_hHrR*R(#4b@!l=PAz((b7DTS4%72YZ=*ar+|k;)v`0Oym3?D5na*l
zPQAoGKc{=&2%aS68`P%d)GNl7&Uw$cB_h_n^sZ5zb6z!Sh>~4doqCCTd`|za4Sv^E
z28YE69dn{~RO6hNM9sKux{SYIBjI=Zz#mvd?c8T7v!@#NL%J3i@QZ9rjeQOF>24^q
zyIv@+%hgUL)5u(%IRF3X?1x5Wi=ntR=ud#hbJzCy?J2a)S#%<5%TL~D5H1C?^9X-b
z;S4e%Y9(3q(){APwAw#>4{=3?##Z|vtG4_l
z$8BG#1{l--vo~nd`Gq6^K4alozm}Qd0lY=W$jC=nA^9d{OAah|b=so}ua=E&$_5gY
znx)-f743i}5W%H~0vHdT3ux$uRXBib(;wP|fp&#Z{_^$5_mEmntk2XAC)#ik
zAWw{zYah3ne|(Nt?U_bh>0MtV=~($FRsMfD
z@?MRs$^gpX;Tq|{(=QG9cjXD+)_xSr9Z(-Nxk-L}|M2_2mx^p>>blai#I`3|2$jV5uTs%f|oj_R|Fvy
zmNBSjn<1|ti%&eLLayEKpbOA!)+wUxNy#JZA(YXKEc60s8VwauASSxe4@LKMV#G5Q
z&lvdP*FYbOGU-J9(=X6Te7XIpO+e4?|Hl_T)60B=s_*m7ZaC*1uF3q&6Gv45uMEzgCdGk#FczS04XoB>RtwBLPGwX4UGhPxmlaG+1ycR&GO`DNN+o~@zxMm@(cH+x`dylWomp{$7dFF9`-bLfvJomSar*EO`ZlN@JuGJ|hw>u9g?pEpUAr(|4Qf-^9dQ|O<*BrHVGnCmu8=3*gZ?oAj
zyYD-PRJyDomM%*ik{dD3F=L^A{KJrE)*+q#c~qcp3fQV2i-slgO+ubokGr}8#uV~T
zi)e6)6i4-%X02x^9+u0TxSr353^dc|#7%H688B|dRSqk5Jcp(hy3bny2m5MXtf1mS
zJYFte2yNyc{{!rH+HAhY**NXE(fsqXko?d9DH*6xOqW8oUo##i%F>phqLDm(fyGbH
zc(ae=lRtNX#ZS-Z+%-YkDdf&pJeMLKwV8i>_E8u&;=F4}vpj@_%3WlqJc{g;hsaO)
z=+JOw3p&;Pc#aC-$9WaNkLRlZemt!LNR66Jmu|0(%cJR{zPD6fxKvs9@Ykl9uBea!
zd-s~mTz+9)q8b($Db>qEsvnxJu)H?uu(P%5dcS#fdGXpkFjlI}V7hf>=}^#seO1=i
z2rXUGlVg$!MW;oY4|+YzP{QUE3$2NjD75nn~&1zfJ@+oz0Sqj0SU6GHCc7A=m+U@!VT;OZR#MId;
zhf72mCg#T6OPlCKWkQvv1vksq;3m0IJ<*U_YT|oBQ}yN_sH&cBL%;ePxc}THlAs^j
zwydtFRiJiBHF3DwF(_pFMqu1u+jovOSv*_-wEIGezXMV1~~(@Aw*Zs2S}
z6I!y#tV9wT2U1Tt8oj!_{6*iF-^(GB{MF^Ey?qiSGOl!WjSnj6WSYeoCk1gZ@Vk8T
znted!SPs}Nd9ByRmrVY%uhw93L}fUcu2x`HUQf7{*AsT7Ja2a;y9Y<~`r9}6yO<+;
zT-TMJ$BmtDag#`~DRxU?NEM}8uiIGYspeA9Dt&Qv!=%f8hy1Zr^FAVs3NzA
zE5x~*l+jtzjt{oGW}WUr`Mzec&-3+~OLpq1uj{Dv1yGU*NP}{jz8EDKi@jJKx)uV2
z%x6>>F`aMjc7#Sq7IKj#s*2sUU80ut;fZw!#Y;8%R)dYWXT)EIrzuvXpQKYBln%79>yc$Fr6(
zZg`?jp61CpY{_Y>Q)?lJZL*;n>AE;?N+wNDjiA_2kK^pUJ!*KO&bHi~-LGqNY73=R
zksOL{fye1*8lI>F*S$IJA~g^=r~66MQxK*zi<`5+l52Dl9JDPYU$~>s10$i`sf$Hn
zqH)H~x{^jMpRcsciRZITPu4nz^)haA@^R61fet;d=TXy>wd(x(+-)*x_iU9VKJibt
zd$!8{4Ev?iZJ(`H{U2UYEqldzHd4>EeqpH=+en>k3cNj1VZIJJ%*aH_xz}Dh*V3kV
zdkxvM=?hzqPpX}~2KG4&FF+$LH6`&6lz@&O-L7xpS%%y~`CL!be6GEo&vh~?
zjx~LBUAfd9*a@$7XJzUV1f<4u(#z5FbLf|ty?h;*wbv21_S&;+uVa4gb;Pi}o^WjK
zV`}vgMq%iBcZYn4uwfY=%r9iwjunwp7sofr=YQY)>&y2aA+$Tv_+nSof9{&{U_DWiVq&aVRsemaL57jhikZta*|`%*-LR
zGs-HMo%n_OIx5-pg1k*4)x(7y9nXc-g81~l?on~pR8R(@ThnQNS;ujUQx7#z=_G$v
z_pXQAV&CDnJ3PpvbXW9Qq50TL?r=O3n4Xl|IvK$9J}Ou?mQjFP(fjr2gN??62mt@Xj
z3*X$-WnNTmGZZ?y!=?111{ACo0R+uxYS-=QZUZq(qu%7bkEN6zE{EojAUchW;czK<
zBb*!J6<3l@aHoZw^V{eP`e}h(H9l{&;PP^c+4Y
zqrS;04Ebu*+&n~v!5EizN{=@e(px12u_{q7O>r^W~{qxfq>v&w*7oRz(
z`6j@||M>9s`-jDJz+CN6ejXigstpJHueaaNIEFK|L;0Cgb)wA_#4Q7av)9iO-r!O7
zI(YJ~y}B
zH$GYI%(yGdy3mP345;zMMKQEo&dt;`*wySzoqV!5=+(=OPgXlK_|@W>(v6gmbCDbg
z;XIpduGT^h-CR==>y8Q5)Gi#+%w0WGZSg%n(^g8a+>n~#AqF#Dn+52Gj440~(B4Gg
z%2iW{RSr?cJ?hKd?kR$30HWn!U{u|*=UD=0y7<*l+)TDzvo4S@MmKA@lxNJNOO+3@IVGv9@LT|BJ!8=e@MY&?O*;X}#+NKVFS6W2W!4J!^lQD*$$qRtS-
zG9$lT$J?~4VZVdr`)%0*V)mBD;PzFVOQ8d9qqbsmIbU=gys}%FoV`8V>JGjHdji~U
zvN5Bw@jDDqlCeku^r+b79u;83!@>e-9vITT9X(X!EH0sRvT9^rn{HfH-FC+v)BB4S
zU0%F?^V-3YP2(JoPaY-l@U;BmHA2%=Qo@?1x*{@eumnWOL=W}hdW-EweQdAeOU!Uw?RB5i4zw4*RqC0H+d@IPK%`48l!UZq)dqTFo;Esk-Cd9EB6>Lp=?v@gQVTZG>9CUvh1
z2QGpvyc~zlUkq`MP+yL>MJAwjZMSbjFGH8exMc5iaZ!Jp(tAB`aAw^)my1
zk|@^CLdw1aNiMG@N^Na{pC4O8ypZzqiHuPatPu~{(I2eii2=U(m>QTAWB#=7Ko7Vo
zF5;4Am&aV1uOGgjG+k4NDYHZ6^LCz)k1=kWnxS_ZURr=K+K=@AWDCGI<$2O=QXrY^
zHZLtGwq=Y}fLvyKyxS>7*X{g_b~{@MfK;^jfzY=gy+uj;l*|6Dlo~IC4x%;?1Fx
ztMryj)63Ovbo*I0UK7F4Giro%WJYK-GxiQZ-R<do%%_&LUoV^Q3sI^?mZ%(usZ_ZHSCn6NN
z&56$Z=ETd6H|MyNk)}4I&1n^Eb82pR_^Hh^o70bOv^hg*v>p4+ICs|OJg%Pgs_Bxv
z!Pmxn5KlOv`p9pro&g|Ru%R>=m0Iw;&1iQ;S?n%kHF(y>b|p%%E76C>+1iBd#)swL
zeo0T$K+Ez&$QvDwe!2f7F}TDC)Jk4ABp+Zymc8xBvJYFb?A@L$eOMZ;>62kwqTys;
zhN7@BLz&;1=rL?fymV%7j*GcDbo#!F{*^SGG1S;ri9vsH1sS+mP`^L%|j*kX1!hvInq
z4#gyU-fljwZ_}pNyU);S-!hX)AJ6z`hedhrFv&wBnh84uK0i7Ek`E^UYwu6MP}sgl
z=?HA158Zu|8gxfmO3Un+Xv1!>;kaWm6yf{bCbu#i0ChOy3Wlh_?`k`l_%?3&!LZyR
zV7Y_CatDv)4j#)LA}n_}!g7aWEO$7Uc+~BFtan%*Az_1D`^3oZ??bxlonaP*+~Q4zI{|U6j*jp{YLA
z{N!R7Vzk?p#D`*t(C#5ZyN5B_JxtJUmHSm>&qNrw7E^37M98?LZ-weM&WT18^%>=p
zIQ)BX`1cUu-^0#Ncnk@KF%CaWuydF1Lf(#`zV%Qz>BKmnMfqX!e3(2>^X&F6$|G2i
z4rK&JhFv(lJlTg%PqF;EQ+(*`6d$~Aw}W@~edzj?TI>pD;b*A(LxHL|HrN?tTnqa@}
z4_(;nnufUU&>8SPbh^n8&esv@aFa{IZ}LOu#}jYzD2ttS=*FAe<-3r#O^(-d_gaEq
zH@K3)mjI)ZU)`S^ne5MpweC;(b^BA2x<4gh`;)a?%I{CK8Sl?f;-@bZx&4XG{Qktt
zj`!!d6q`WD>G!8qu>GmI#rt!6MM*gnUYxT`I}Paa&!;7hR2F>~DK93uAlW8fc3+BW#3-{8i^
ze{ipVbf5U>KJhX7L|UAp$eoJE=u|vntJK@@GR+Q!+>BPiAGOE$C_K&{g~y|#@HjpS
zkE5gTc-~Q%t?uW=F@P~0@mfBP*Ya_^DIZP7p(1ZLuU6JQLNG4*ZDx}jZco&D@au(P
zQq-fx7+IO_p!LaiTB&=?s}w?2b_w71*eZ{PJ3j{8`O)Fdj~;h^^tkh5ggZYT;m(i8
zxbx!??i@;j&d+0vPe0D$(~n2^^y3(xejMS`kLTgjkI&)LkF)sn;~YNyxEtrrf^^5#
zA9qT)Jw`a`V}z4Fj&ah*2~PUB80mKWv{|0
z#4?dZa@mJ&l&#h{us(~J>I9Qffd`bnM=Z!isIrG76gt~@Z*uYam)Db*kIQrfT4qfy
zFWj)9`Qek7uR|*bH(XwUhszlR@k6px-p@$#`XezOioy}^BN<+QjsS1IGK!&N(wTQo
zmo0h-KV5c{^@uMcvwgXujDA&Top<$9ONIsXFF$opA08}mP9JJ(iUMOKbwZJ{$wbnO
zmNT6w`CVw`aa<89p|37~`GuWPKUBWBM9l6(3dgE=nR;nw@oW3Nea%N!cLV1iQ68QO
z6F4EIO9b|D3jsWRW%{gX^5^A2Hr)-&IokCefjcGJTG^npoSMx)CZ(|#Lfj9>6U;oM
zcg0>C0Vn#K?8JNDF%vMlrhP$1x+G3N$O<#!LibpseazmlJ&7tvW
zIkoKXws}xnZ&#=6+yG=9vb7&($kDM#$o5$Z<8r3uWU4_u%4_)Kbh*6P4R|G~5m|`B
zJ_kx=nOa|DoxD_Db?*kC<$u2a@W+h={5@T$j^@uRrw(#klV)C!056mFQF1=uWBu=@J#)8`+_kGJ1`|M0^yfBgB`
zQuNcwE_9VM=@yfQqN3KAR&iNSBCnFiRz1OtGM8cWvPm&py_y;GD-dqVuqtemL452%)U*I9C%p1FE}hF;uQtOMG@BvLvUbQb<>!(`y3xaTP=gy!pQ5*z5m)86
zJUh2-Zt1wZmHjig3}W2syCw%fdmg$ApVH547=FH@;{*V3j<>7_SB+=HrT2Lj%GXuM
z$lUp~93)k8(FNTAk?F(d={Mv2N8c=mELo?yzTLDgIO7O7Axqoe^}Zf*Zn#gncMj=p
z4+VP$p{)`#IJX>LwO0monbZF%I&#N6Y#^7z+(!GL?Lr1i5OPR(wHsg175|YFOg}c2
z2OzeberFSYxQv1imy=(ev%F9Jen4oIsP1l>lS$e3wvJo#zEMR0M|Vd6Ee@{OxZ<={
z*u46g;b&MR*RYm`$$FGsrALvD64Gk4Y6je+t>=rHyZC79Zlqrxu6@}=M@KFJeXRFK
zNM5+zE@vsr*HKQ;yVO7!VQ_LNyTPxym9@8Wy=GRZJt`nk^e_o$$O>|e{=~13P$!o+
z(VXR+c+RqhI*qd?9vPQWl*WT&sFQ!6Jy?u7ov7^JR~+n0S8y)So2qQLW$Wui_eT|f
z60-hTec;8wnWr0|X`#Yo7Jq-L)@9QlKXBK}w45{#J6nCfeDm&tuBxH`?z1F8d`1v=
zOXp2oP4yt4_-+O4ILd1UGNj@fDvx#pu_rbj`xef;0E)B0q@0zMYWU{z}{|2`#E_m;DJ_lh>bPS#~
z%G;tYx|FAj8!c_2tG<$7*krtVb8+FyX`^9jTBcf>A=R1Ll#gkhmB6)?s7dp-U59k0
z>D#Wfov_WUg2Em|rg6T>d2ZuuH%B+o!MI>|FXvme!U2ya_daK7<+xfyA2H^_pA8{kn^)WjljfE?&hJSPhM`FG<$pZZdCiNqjw2#ml
z_7Tk3M`-=YM@$PbQf=fu!q@PR7JtO4+Hk36vo9$(`P(|oy`16xk8s;4t#CpH9*HN39
z$A~=hqEFeQ>L;HhdLf_Joi&<$-gHmc7Xq+`m)&bW({Qd%-=_lTT11|B(cAyYX2&(;
z7HtH?3YL;%9T)aHX?3!~lh6^jg>1$%#yr>bxE8z(f-XuBh$G!C-eO1Xj;r*A?8Dop
zTfT3j7RL`a3;b$MD$l%uRzYs7G;5H}%ZE4Hc&476=`%OOwApbD^<%uWKdU_hbjpVC
zQ-0tf*PBPRwSiTH!hF%T6@ljo|RDJLXpH)y0|*k$4f!9@W{vPYTGuY&&*>vRUL7
z4Yl%yn2>RK#t)PD;iB$FE%F9;m5lD#8M0Q5A201bZnL3tsy%|HsX%07zP8<*uu0j$
zMLN@vl!uxKp;J5#kkLmI3E$qxg7v}BS)8);W-s<*Cz17WB+|cLE
zu1R&un_Z61!Kblzjvb|=tY15`ON?dW$!z02k!{oy89^~K?LNw=5$2|M2AEM-!A%oh
zHujno6^*J*d_+Y>qiX-eli17c=4zbbEckG90zTaQ1Nd;dO$Fcw^|J>i4OCPfR8$*hX;lSpmz9GbRRljOgCEsW
z_%TzFeF&83m=c6j-!Op+72U+=O{*zzZ!7P|up;Cy3f>@zm}ykKaGR7i*MUxJ6G?j~<+}NuOy{
zI!F7Znn{hdcI1Lq#kVCYKECoz^8Vj{e)-{k7k=_wT~~U}$DV3&zi;G>J+%e+f_M2n
zv^6DBGGP%4a#UL7_ij=&B|q5r?-W}k*2Lk)x0d*g_Fx^MaLs|LO5FY4DK4=GY
zUAhlmNcYa|DH0F2f?hz0WgmQ#?!6Dxz4ubOkDQV2BUh*U*wyJihAevzeD<-o&i%++
z=YHhYb00ga+>e}9?nhoN*|&>_u#Y^#a_H$@LA*?JCHZiTPQeuL?&rW?T&T?^Sk`_9
z%Zkdh%>?Dz&!AjUSvxzFCENMscKiPm&|TJg|IhHR7n|+>FZkD@#`}MUf4$gj|9`>1
z7Bx2A9&&R`%WqO{2Cs_J(5&c+>1dP~n=4En(s~#V4ZV#=#uE6uR-wz7zjLUP$)guI0Y~+j
zjixfn>&!(3ZZe}HKbuk6zNY7IsC9)x4~nC*cuI2w7nBk8cPnY`I0hOjMe?0#155IO
zN%IFE^66}WeWT(v4;Fnz-XYa=9q5-!|BhX*m=(ERI()+{)F_uVe}JMBvVYxCk-Mxdifrkum$o&e2rjwEP70
zm}zIS7k=He=#(PWOcTr~+*btOS{KKAcUocD4nFGkxbX6&cU}IYcU|&bKvNFzA6kuO
z8~JAd^|XaxLj)rBYXAgV`FwmQDY>&*B}!X0lxUQA-f`||Qeb!UoA!)|FWULo)333N2O!;A44XBv#3IjZ`M
zkxiS7pQ?ZGg;NzO&z3K_eB#REa)2m**y7~Nr2OT8#3ve^dQS6$vwAdxg%hu9Hp7_%M2oqlmS+wb
z>6dSiQL7UbvgYBR^cyvMrbg2aWp#GH+Ui7wzc)>OR*!6O;#qTcZ_RVv0a;lBPLG>B
z^K?NVirF^LJZ`uBKNzOAdcMLx8LTxswSmEcICHeF&2x{>9jR~h-1GA%Hfr`ljej)Y
z=jRsC3pOR^bnDujcq|wya3F?CKBwEb-H9q~u6AnYjW@J9SwTs<^Ex$3eExC1L=R!6
z#i_TQ-Cg@!cf;A;4bP4aT8|5qkWRIFuEL@K%%_^2sBtEhaI)odm6p;BC)zz%r8*P9
z%p&a5=jYFJ)a*nJkevUZaOpym`|sCuI?$}gJ&6b)5h6hSob-!^fgRpm4YHuhV?*3f50B
z0Z<+>XIynfT|X>JyDojw>(3Rf_t{-B^pm`OjVlaH^+~nJV$wZPyK3{ck=GAJxxF1;
z{q*|h6(8TVt|kyf{A!f#7xg-4YD!1iodxPXRM-;ov#iVGdSPU46U!k#D&)~Qq`UYD
z#$BenEo>oft7O;hAqoR`-H9orLchvkXayagQ7I1qCUlqXWovdT$H^{g
z)XrBU&bBLzkI>NwUOsilP3E44saxD(XfpS7ZgLlQJ=gg35YF#^ao2wJ&+OW_I}%#B
zRb3|HnA-!#JLC*;$y|qF1FQ7G@7EXmJ=t|jcWL}<
zTv>rP`OER?!RFHoT-vR6X%9{AS8sm3L@m6)LD2w*le#E!*%vp-UpHTWfB*K!+l6{k
zC#pve&e4^6rcn+9;UirEU*_})d_kl=;LC#gfG-M~2q_8m4w|4?fc4!WUE$3wytb|T
z2b&?AXgHEe%Q{Gy5e0J9-!}VQo~#S=W+e4%K4OSbJqT36S)zCkAcX=
zfO^4EYtoR1_m34*o3iWG`3$opkk-~8OUmv(WOB>ELU~(9K0Z(=w@D5AUsiCwLTq4T
zk07Be)Cry*kc<3(Aj@jz^R>|WW{xi}vVxKC4-{;t1ykQ2exT~H!gXREKYUnOj<#;2
z>5aTLL{1x$$cck@+Au0K&kQ4<4O+oHL1wYfhS}Qt`mSysoXZ23vkl?0<~`SC-S_y%
z`b{nyO*cPlrkuLNzH|G!xL#aA@(Zo1PB)OETZU}RbLX29UQI9Gy!MY=2uoiOEgSP;
z>9qdjGiS>271}gfL0`!h(d8GfVH<**7~K7uYUM
z*63*bY9QnNxYXWZh&COsz@&_xTI$GKhWt0@`}bfK}8~
z{ZMwA|BwFk>*g^uw^V3Bms?oOi=Tg9p`aJ6aivqg?_!TDuIQALlV_TkB3H-@$S(Wa
zRo3o>+GqwkntI8J%52?Nul_&zKi##rsrx%LRhhjKVy3CG8o28U!E1~4#q}Eu(s{&T
zo`F#fTSuMiH|=iUN7Y8fr8+-?#W3tT_s%1QH7O>o$RT07d^g7zW;vn_Ul4~dakZ3JqMjW)dF5hcg5iX
zlUdYstqBkHvPy?Slk{S*oE)mMYhH~nF^co@$62~=9$Mr
zQ^B9|xxHF5%vnGRkii=5+h=b2*pm9UKR?>fQk(4Ks#bWGHTHZ1`&?OH__P)Bb+k!b
z*^8TF(pXCN0;Q(ixw03#n`@jN(sH+ijWDju_J=L~;ecWbD^Z$T5GW>nKy~Cqr`}&!#9NWJec#SUXaN6pq!h_s%Nmey9n0?W5
z`c$h8BckJ{->>mg?RWUe%L9J0s@>O?DDEwRp!S+5m^ci*{SNlanqFbZ%66-!?O$D8
zU8A6o_W=Ed?doRNqytm`{+xbh;?w7k{QZ9)zI{Pp1NiyAxcp@W-k9@spqEu;S5;MY
zDAU`js^~{uYEwF|)DM-6v(?|=fTN$hJLs*cPpxH9k+J=P-T$Ok>#S)U1;zq!rP99E
zOt$a3f)-=-wy-jDU(g<$nG0p!J`0hX&(JyQL&{xVnH<)n9nkZ$9;FH1Xi5MqQo(+G
zCy2q7{#>r!!SlcT2pT~#in7xHcJRWw-Qq`GQnv^4N%hA%Yjxu8T3YegBPMko4l)aL
z)a}1MDkI)>R8dxoWuW+dE5+|Lx`lp>8uTQsG=Z7a$_fR-C9N%k^RVj$N7j^RWINcq
zeGV^lle~IJJMaQ&%l_ug&#psQky{NLxa{m9F0nekdzbg$Y6bo~6+OG(BY2p8YZn=z
zHeK%4IlF}~NaEgvy}^a!Dg3D4w_uUN2KJ{j`rr{H%37UkEZwHKA
zACv&=+`PEED`0o}1i-}Zb1UfuKC>j*sXf+lu`7a5Nzm1e>nu+l>F@J(qjNl|a2X1G
zcmCmp{{{pV=!TH38{!t1p=2~h=2yF>-u|a*1kmve;#*|Hqf9Y`
z)Aj>HK1_PgKR@Ho_3DoT3juUgP7^~5{gK_?r9!X#Q8%|~;jUT4gLfJ1(@jei82|LR
zV4r4DedLG{(xN23LJ=Y<-&fUBqQU3EpU!r7m)4lH=Gae%yFfBTm*@)URjuOmvg;>q
zp<1OXPyXfgikeyw|H{$(MHaCrTCnAHK%g%O9pzYr@AIWocOu7)miQGpZUt#G3s$h7
z5u_Et{(8(=l06BQK_wWbw2-j?l|ItzRa%v6@R{_w6(T)-dJ-}ij_)q@YcY0wEIsBA
zS=tMI?E^4t)`Bo=#sy;5oUtJ__u7?$7dB!^&XhBjvUTD(lX11^Ir7UWxMvywkJ(AT
zpfcgsZiqkAe`5H&@M+2DTipjuN_DvLr??9CL~~0&<3#nc8Lf|HO~lf~>*F6q@}eeQ
zGR?hqr8sgmY{4zRON}#PaUHFA7*E4dDVh1rcvVBC=;^Rwm`ncXXQ~y${
z9YjI0lk%+ZT;`!eCar${_1D*dl$Et9I+e%$Dpbd|9Qs$6KfP8FXT
zal?n*ebQBFZKBpFV^K+IK8eGPSW`@tKw_Cn_i{@!(wF3b4N@HDU-8o$)*907%7r53
zTi|C20k5)k*uas{H!hnT${=}WZk2J=|P;x!Dh-w$IC=uQU1)cHX{mai>yxo
zWk8z0`iJuG#3DJwMPM)EN!jr@T;ao9p=&Ngy&NW?g)C2A3^7(_m3b5Lk^5zVi(mS8#QI0YXaVAvLBNXQzM!8Va4$LU~FwTa`?!5Xh
zaEEnL@Gvdd#RZdBh66e+(N^JXx}4Nu+MiNn!Wl(w1UG$wn_&+#qs%U3{3Hix8Rw#!
z;p-zfIm$+rqwkI(b}?MI~jRDyCYyfq>Xf*RvFc&5^0&-EIhiP2HD02pQ
zo2k9aQh)A{#*x$C2m9UemuJip4=$mPbdS5#gHP#G+si)r5RzKK9UG3sotP-|5NCES
z6LlL-N1U^o9vHb%5#;zG_?$Z-9Fe1xGIv6da?}x$W1K*{o?rwhbo5g;b5KGdw!BWY
zKLL_`t=&$y__UD3OBQW$U%@?DzQs?~<~)Qg?z3Tw`=Zg*O}BWMl4y%Zg??9a5u(f)
zTYRQ=%s7=g_?HAdt5^Mr3XyiztFgS^otGEIm#*SWnFe)R+Jn}fdw{!jaWAMmR}M0-
zU*3&YpL=3z(~Enu`g4!;)GqExtIs{*$p)`_abLcLC#Lbmnu7RFix?zz==XJ6m42mN
z9$+-2AENZmrwLM{%tM?B)f6Dcxrb3M)HIkl%07&G5Cb_`H@kX0PQO$JeqE;^T_O$d4=aKn)S}
zl*R12n1cE71HksM6^;;|pWgf$Jq}!-QJLfXSmEn1ZAYy4nFnM^yU*|(>$qZE;|%uu
zGc6eV`PJ1g7hxH~Z89nfH_E8^Xceb7%Xnd;+hy{=Un+ioObX7pX->3Ahg73dg;+i}
z$#OfuITOHht^elhV_+r7>>-UX>OcnRCm-=hkTds$$tXAt5)=p@o
zsuIdN52|wrY|W=|oj+1*8?c=hDZsg!I$-^V1!_XmT8P)I%1a1+Qq=O}EokLn?5mcZ
zz8|7$ZL-_fys-qLyk82w-XBA+_vZnxx$1BR-QT&f=}6;}G*3)L7)jYjJp-9ThgeRj
zJc2y`wjHjnuU(E{^6RJNVEL%7D?Jl5&$hsREyFi3N1=x%RU%@QKnke7TwE^0`Z^xiF`=k{qXeebyR_DB+m71p
zypkTY7fRizy}=6UUautH*q9cWVfQK~3E7?NniJo`t}5MxU9z!VvT?g)<95j=+9jLO
zF8R24mwcSrB_Ge+CA0NqL?eK($=#Q4;w`bkG<8sxw5_qpL&9c#GoIPa(bV^Ye+{Z&
zw)(+l3z1kkTm2Abs~`MqQLTsmljTdkFO8yeTvN-=nzz~d?qj0U)emm!`XQP+WH?j(
zFxpumt2;~bO0OZ%b(MB^EaE0_o1Q-X^&PY_=iD?IMPL0eGt+Q8%@_dyhV1A;us$Y>
zF2w-yv>gyq*Al$CIaG?mHA2VNppl$=3_7RCp;)kt0A6GFEe=U
z29hws55qCNy1cwz_3aM6q!eidZeRsNA()V*W$Z3l3l(k2yvQ1;Wm?u7TDwLaqC2rl
z?-JD9b_3zS8IpCiE}P!Z*kPM;l8`XO2q~S0t!lavgduakFQ6F=6bD(dZ+r%3KAWc2
zW?V9#>u=$=*ym^vl`5MoZ
zAbfPIeG$~syl00UA|+7aPN1}n3=WB&ZRFGd4Jp~?I|O{w?^~C{dZ$T}z1p-)x2r1m
z^pox=sFpW|_Id?_P$}Cks2^1-meh|b9mdJ2A?;l2s0sE_a_}2~JB;9=YaaRpYId^!
zqRqBajtwCNecoAu=9Q{`UF*|&U-8?C_sZj6`DL2BeEnJ%#&Q>I%CY#iTick4;`IKF
zGU{^kl(_L|;Ls!-5tw-62qY0eX-!YEK#Y;PNOncN9d4PoePTAm*aSO<2ZwHKQ`^}<
zu5LO3FPhJ`uP%SOJ~{}OMTBkrGd{UiX!@t
zxD?dzZXMyt%sFZZX+uO=spu+SN~}^#1?ZL=%NcJSUTqtX7X(N0&lNXt*Ec`$?WQ7@Fkh91+UiCL3MKCfod|pUQCx!l(A}
    XqCVmt0-k9#uM&*-AMJ`f;-1wmR~p$Zp-f
zl^)hj+T~;?hMZo;7@liWVx+Qn`xOwBe&t`HjH@V5JM}OIPE2OjEYZhiI9zMuKURZ^
zqe8XauhjhDeg(T)guvUuAExXnSs|HnDxvYwMqn{-MW5pW9F^eS^9AYtaZ&{(sNz1~
zmaz8)A+@qik6%L+Y?nre0`73NM|pL1{i~ls%!%IbJjb>%fYFl{u{^hS@hEs;a$7>>
z-W*U;>EB9L?#a+3f@&3lO=kPSo!*etmQ)LW6g)}*
zHG~t&kfqs!R+G*{$^~lmd6*}J+=JZ6Q5MiJuB(xO
zxH6_J{1VfIJC<(gozChIFjxlGUA~1sQ3%UuWqLPTrf%p&!@sNzKHaq_M0lExOiI+C
zIOM^P^0{T~sFT&b0k}RFc(F?BzJz;InYXL(p0rLFDmLx!F8Q5QP2b@bRWxagnnEv_-s
zn?ANo@nUbq^Su>uZ-*CqJ3QZ;KHhfGT5UU9ooM*Ke|!7&U!UH6Pi_zi{-wE?t9@c#
z##N(FT>i#l`5TK4VA9-e!no?L4cKhPuWvP;kKsrm}?Qn(C*#8|UUr#YOx
zaDdDZFFH^OdsP=vJze(^m^mX#m+iB}ITF~@6vQLjPJdj+0#t6>A!seYltnU3jioLx
z-`D&K;+?wvjNnltBiIi;B}!1PY8qU!qB9<~W>c#wMFIun*McqJ`a3FEW}S7^%)Xf}
zAG54hJQXRsF0$J0imaA9Ib(wOq$UN*Ya(AW$e{Dw)W_gHyuk5u`i$(HK2vTE?&B1@
z#oa%&>FqP2jog3)8PKGX{};dh5-pcoNVj^t(7eunw5)JuA-xxsecciU#I#nAZy1`r
zru8=OGbMsJPCXI!(Q?DQS<(1xE9(mE^VQ|`YbG*5Kd&$R)ZQ|sPl5={h}L*
zMrA7;0@%YhwU$~F8OxMy;YxH<0SA0_`O5`8phSDr&dcnsh3j1dAxXT;)v)oX9BjI{
zBch8@C35!xp?;FPT#=~!MUq#Vym%w&HH~kWt*;Yls91E
zPPX07(s;|hM^7qXOAHV`_4=I0z-3SQDL$?;rgF<&7|;`z=dVs;iq
zW&v6dd9xf%weK-FF|?9nb%bfLUz9A;LvYzMR%o{VMoGec#mMPCn5vY+lk|f?*t{S5
zq(cb^RxM(RWw;Gl45=S$($WaH&d
z_AHy|I%wHc(Lqb0MzR^L+s3c?#+FAHcoUYN4RN+MlTEORw$COk^=4*OH^)oL7ES?T
z6D{uMoR!_2Tvklzt2Y;KR-4>^VfdtI;9=a!W&$+EMLM{6(0ppeo2B4lzOFI>IdFOPbmj*S3PdjyJf}xwpv61S8I|3Gvl^vCkW~bZyya%>mafd~Kt6116`S
z+eMu>9VOJZAGZqPT~66PE}L$5W$qsea#cg+*5&U;O{*Sw$8J};0&sQGR?xGyuY!Nf
zzS2dKge{V!OeTtoPHQaOX02Ukt-H_IK>IZhWW73daia#)Nzg{;C&%Ttp8sNpiXKJe
zVVOs~8QEm5T&r8?rWx1krKd&h^zRwCyinUHyDzxvI}3_hvPK6Q*xm(+E-rME2XhJ}R=?
z`0Cf!mh=lIWfz7Jlsr?}1sRcY%3foPJZ)C+3s-999zHInDqkoaXBX=AovhCZRR8hz
zI%WQq%}9IB<&8S9oNYvxwJnIOL#Rq!2KhCVs%(_vG%kc95Vtf`DFo_ab
zq(n&o>D~^pnf{_J<^A9@PyA6$x}LjLbz^#g`9{phGk*C)`g`
zR{Pyh`|*1k7)iInve;qz0zGRTX4Zv~#q0xg@fqz^WGy0eS`pzfKvHHe~do#N7zFj@P+;ibYZ@(6p_Icyk-Zvx@Cf&
z`HA>-I@C#-dCE39w0^6rf@hXqHu@8lRS;2TaFg0>_q}S$(BG3f_Pbs_Pnc
zB7Px+?7A~CfNWx9If!nJ;-fAvy;JWUQw^}G^
zCbTE*sDzuPV*8sG?)L6QJ0`lKy5IYhOYD3RYI!pPb2YxI)4JKW>IAhK_O{#VO@FxL
z)hf7$d6J?8zNTYD7onOSILw(?pUIM{P7c~_gjji49X4hF54Hf@wlcJb)s^gR*VN_T
zg+)9|yOuc1p;+A=h~aP8m&Uu$kOVS|f_<(w&ECgSC^uzJkyr_>Jo0Ls*u{x{l>;#h
zPaDAx1@Bg;abT#ZKZdPBWOL9|Q7YRB^u=jXCvIge+wnmrGR^d=f_9RWUc)(XlGac3
z0D7D5l)326X?smsGt`o9^KSLnIwdF}-1Opsma@v>$tNYc1rHhKGffWDur49ZAAlnZ
zN&<$xm;UzjjE$ZUheRoIdr?SD(x*Q
z*%#z4D~G4mplhG#Ew{H;FY?fd%tS+R2DmhyT;4fo2x1B2-{E;-26V+(Y|)x1+h%T?XufD
zxCJgZvdj1D)g3*eVVRiN@AQT{4C{nfx;i%&Bpor7WaRyj!`Y)ODHdj(Rc#bHF>(ON
zwa!!1ZS)RkfGQ<2^OYSJ6)P0Oe<~lWPzKF-iYw)~sPYA`*kO1u?5Ay8#ZRq{7ff)Q
z;cx>N0tJa7w?do9EU3F@#Z+9oVlXT_a?*}n)-u^cTyGHT3q{zkpC^aBO{D*
zBdBo)Vf(6<9(H^W3p?y3of@g#xCluQvcsqgE`hdS?8;^|ts>j-`kew{X#Ip;DKtd@p&Kc6wh|GYC-l@XB4N7N3B2IXBe2!nVkE9jVAw1$9qp
zC}(rsZUCu)fXmkaO32~H{0a7q7v`O;{0gDx5UC~v`=t1b@WUAL0+JB6@yX^7^Q)H@
zz&>m~lygVO#Sxj$!td%L_K)IlNwu}20!4uBAYcvmhaBAWp&V{0Izo9-ACmjM5N`l6
zK6)@WwHuz?6xggX$stBM)j}KT6P~XG9&p+kelj{T>P${6qcrIUf;|rsU*i(V9$7yr
zU22!FyWX&vxWwTyb63-z#K0n;FPz14uW;YV8N~wOjxhlaEXU91qJa@p&&^sAzH^@l#g@s2_
zZ(GJ*lJh9rpJtozXf6v_JO;pF0l0vHb^Fpllk7d$kE}tK=EQ;^u7;Om$dR+P?k)pU
z*jw5(em|mg`G7p>EzgP9p+KG^*m9BD&OG$sat4#K+W9Qr?
zA3y!^A&Os-TwO}x=a1jtfBN?2<43uhsvg>RwME!+qNs@D;s`dkRyu!I7i$`-Y_<;l
z5xfstU_^i*|4rBC%NY>$!1IO_@n(RCp4s*84qks1gpalL`xO`sS-*1pfe~J&$ZsyN
z-I)1?M+7H-0RN?I`l`KsLU1JtX#ic^=8@AysJ6%4_j*Y+dW0Mjg14evF5Z;EB4omN
z>B?znFWcxugviTOa4&NWIw}ja2gV1{BcqhIhT0i^qyBPNV|CC&RW{JBwfHKsS8d3b
zez#iaZ6Oi`IB(i?xTS3$!BU9#EtEj&&tOd*`U2>yfE9lPhituanyg+SQ5Fyrr9q@_
zWx!)-0wg`X%@o8RDh=c+RK=aUhZGT&8M1RM2ZCEV@kc869JVX$r5C=u4UQ7$#>*^#D}Ms
zM3}0l9;9|~lG$@J$>y;G!wrNN%U8I!?q!#jcwjG&g}zD$;mh3W92rZ?p34q!X${0i
z(z~>*?4BNb^VoWS>0Ys9bRCzqVE%%y5=%9dUI{xQDL@`8!B6y@E7stZP>gmWc=5!L
zqP0}bB`#|Y(v@-mK-!Mt5+&Erq3H!?sr
zcOR1P|N8UC`!E0fdF413M9a&K(ekENTO$Gt1QL%$rs1P%!^E)6K$*u=B#_>wh%QFG
zCT-%hL^`Kxtc!7I?ie#K0^WPrQ?=Klu&!Y4DXDagGyEXX3)@?lJ&K&CQ|hy7Lu6;c
zgU=EuM)7!Q1U6~pO}_f{{cZB~^Vj6-w=chaSb1vxbNBL1Q&ij2cq>RY}^y`-BSn!Dq+6f5hdI!(&o-9{F3qVv+;c(nkKWL+*
z9i}(iDl^?VS33+`Ovhc_${>J*2p+kHP?QVg5bM6!ksD(~+}#dX6!+5VZs>3Yl&c*j
z3ZOI%7fas%@8`ESpWbmXWsQt8VBk!>eH#x<{wY6~j4&{^bVp=zF;OZ^lY#0^7JapT
z5D={7ckI1n1xGk>xNd*Ki>eiL2(nMxT+S-Mv^GpxQs@T9AlNj
z5f4Hs9SwK!Ks0ytP}c8m?>^%}*|#q2Qp8j7bRa`q0FG^Lhvv{aUaP}ogST9jM}YkT
zt$OJ~US?cSf+q-B$$jH`5;7Xi2c|_k81I9Zq0qmN7M*%6JHb!Fm9WW)HvabK_vG7$KR&$u
z{y~1ffBEyMR__&)R(+$-rM#8|{}z)hm8s=x_QB-N3w#sdH-01V%d
zmP=ZQqUG9JS7O;XCD?pYzWbNcFN0@~?
z7>fA1EO>;;4mGr*#6lQnhY{!NL(7-k$zj{b5x!+0BJNMOj0hzX1sW09!6`?m>YLv_
zeSn^YY@7HVkz+}4fc^P!TgXSP!JfER$_Alxj`1};skaS7k~9@bL}gGArZWN(8UBP8
zL#~q5Y^3_QaZX-k%PCoS^XU_|#(#hN^y9;~55Gr;OCe)@59*1Vx!>WY#inrNw31c~
z8?)(i#TCE(_5Q>6cbu}y?vm9eyQNHSbeHk{a#fTaWNhgwQz*i7*gI>U!A$AHq9f{)
zNw7L0TZB|1v-Z)U0Q|Oyuc*9dEQm#Tc(8SfLZ)M9V>>I?$Hb*Vt^B8vBi0BlNX9Bm
zH^3!*Qtm`}MV01<5*SW{od#ak+G47c(@J@gECd-l%Ayz%us?)=9Ww{XXi$ML*{Oi%
zI8?MdC!-1|owtP{JmZNyx%2&&Pk4=RWvq;(j=O2(146;HM64rT#2`vWC$QxAvZsk=4J<#0rAt+!%_W1*?
z;Cvq#rY*AUuwcIyh(d=N7Q-&h5w9d{1|HF_Hm5_lr=fz+twCH_1_pq)uUiU6yP6T2
zR`34!^6tNq-#`5L{^8yCz$U|d7zo@v`C-0xE}D=jJIMeD9(MMJUw2Q{-fe|M{Q)vGAEmV}PP^
z=xx7J1V!#`gN!78hnr>SBbK85MJ5Xvzwe-0*3)Kungn2c^DeqL*Ztqgv9FX9)GNceH22bY2S2(|oo+`jw&Dtm4TV>-N_3Qrkw6MirGd%`s&}2eP
z7_?+qx$G9E7IGuhWD{fmw1YM=iGceWcQvVl}4LB-f3}Y86PlrhD0gwoyxu%;Z0r^7C6A0z;$kR
zeNo)Gf$04<9EL`yC*H}*l%vvsY)DA^fzq}Eu~IcV2M10KTd~}U;dsgp^-S|dt!Jiq
zCj?BgH995F-2kD%aOE@@)MkQGrJLmDy#UT1YP5UY8^rQBaJFY
z8!<_ZAAy5G38JC`z|m`sm#aDuI9-S9s_*3*8CGrEdx<<2_g>LeO3bKg;+Yz)m(KU8
zf?n0q7ckgm2k>!anwua@O`&&&ctbl9Y)+*pFprLDOPziyvTMv)th%h4#7%G=}&f;ZlUO&qOThbvc`*^rx40SWL#nUs2V}3
zIx+-g8r8C)!JbEN95_y^x)>%3BwRt@P{wXTa!n@(5iVA?B`7xBDQ*spK0m@6m3!fj
zo@0{j*C1|(p~20)NPBj2L}XWnI9WhqU9Xa@}#UA0mwXLBRReO+&;j
zhX~h5qCVE)`1%7M`B2t>6!pjQ5jqn-5GN&l_uPESgbH|E1c4LBX{L>~TY&$hyWFqPeKuPO=PW+^Aq^KetB>JS;m7xMfe(X__8gl=5-1j&;0;>o}i_?1_m
zB7d=2InNtbP#qyv5V`aw$|rk@N6*D}z7Ld{K|Hgm2Kc5!
z5$t^-+8+d-%qn8Yab&6A^GF_byc~CBgd9Sy-R>e7f;}O)pLvp0g$#JCbFsnA
zJpmUEHBr|Vn>BSzRNY8XG9tSf
zjfQz0bbCMsQa3dYzGJ+$q^vzy=bw_KcA!TML3{h-$J=-Rf*vc+RjHCL8QD6`4J&Yr
zFm|u5Rg7_M;c-_pupi(=P`1HnrI92LTtXa&I`5iwS%<650h$9Zdt8Mi%{YsC&H1Y6
z4Jxo{qdHBa^^GXqh^Z6KEuewzPOq4UHwo~rfYIFUV6TwHYB&ckbPB84KeQ03%UP3)
z=Kc~IQ&+_I8*lLLaas`Cg2;b=|KC=+Oi&Y3iinR4nA%SjkMK?MR$e^P2>64+iU=z
zzNaMH8F!PDytoF@bVB!~j#M3N5>xay~ZqLi6w7k0>4PfvA!tV@Kuv2Obr>MvO5;
z)tSWZW}4S13l5tvZ!ENSkQc2u^TflCwIyURuE+E$wvfNVy&0@BZzw}1%a`{mRFImz
zYCxv>0e1qJ+gs`mMPf{nM;x`@s_g;VTTWHQ~ae?#LM}
zUVf3|hlYcbDWgsiy@A>#V{s3HIj<^!Q1SwWb`vr}Ub2SuZ&@qS#wGL0@Ll0p?VFy^
zGD1*6gXl9kQHn|ef%TeN1N{Yf8jIjcN4u{r;z{+A7nig=#CXT;2SuHRnYs)
ziS7~|^?0p`XUnZn-l~|>RoHlr>&1^!eSL>-AJbpaQAq_^DmSg%_NsfE|A&~fvVU(&
zuz!;g;4a&pyKXtMo82|OK>E!f~;~^+N4v?v$-IhTYKM0;lCi9Y^Y*dxL
zB7{ZtVfk7hVVEd$BztQrW=Bc|oC@kpJMBO36Ht|yFu1juP^xUk#dqHrgj<>l`vs>~~1e|ZG$+RaR9AF$
z6!K?(7puM~2a8*HyoQGStLU)Ggv{CiA=x$CU=BLMn4(KZZ+~Nu01{rmiO^Fb1S8x5
z#xGs-^XVF_KqAGkU&zi<-AZ`X;-zIDx;7+NSCu00-#-2R@n4k5LDh$n
zl2{QbtgW@8zk!BGWiW7Zy7X#?)H-{qpjQiAycn8Roj^5gWb~atv??<74rmxV@@HHT
z#CG4om61wl2I%gp_RLhv`iJWmuY{)O1(iDY^we)i6NM$<;AOXRCu0_GlCMAhmy9RG
zlkNu97G~G7uAy)|P47hDL!jE6*b&z^C?dYcc{CNcZ4#!@
z7X)-?pLE$F_nOJkrIM%!2WMgJFExeO9vX5gvh}?IBZ{@SaZKeNlpBnPsdf#@8*2uG
ziM&u-Fum+>K7zd){oxr?UYTDJ^O9R%ZCg}zLU2;Kk#fu?RQ%q3c>m|O56K^&KL6L-
z-#;Wj-v0K-hs24*sHo>Oz?ESJR_Z0xI5st*1^8x=Uzi)yaOpS?p^C_osp0trD%teP
ze_m?CxCZZ3jQZ`v+xLX2H#hLQ0WJt_r0p(VKeKSots%x
z$O{ItIhcg^D;fQNnsw&%-a!-k%{6lkIt>`*E>-PEi@pr5mfcInDqW;Z$%Yv(pD>GAX*+y}ag)<<)et
zr!OyLKc|k9?XP~wsMSH-&HJA|mQK#q)~%5vipaxnbEID2&?zstKs$vu3Si90Sx6|F
z`4z3{G4}gPm9dqXZyunamn7Gb^h1!T99fml5qOyzCox04a8(zB^JN#YQZ>|7FtKkS
ze!H=%1`m(C#%zp%oO(8*3BLiBX;+zg?GvKcj_Cn2yiRSadbl{0jbd{G38KmkVY@EW
z67=G5X-M@JCN{^?V(4Rpt>7i*au(J?!UH)}v#Q=nFsMj&P>O&yhH}R^pW##-W0(IC
zxTG2$PFgUPU|n50OayGCrq<=aV8O!k;!)%1m;=se_&jb@LmQ9Zm@dvtox1nNy-~_o
zy_p+;m$O^cnGugJB(3>|VHK!y^z>Lj->3U^q=V5n(4xW+aN>EjJAMTG$(I1g0DaUB
zbX+^b^}Sh4ptJKe>FkQ=d2IPyBXW-Px$pPt!4&tN1s}?eHCK6R-rcIN
z)d2oDKSTLHJuzXF*VvY1Z$
z-QY)mTTxd3x2k-unqF=RLgzLCbE{4DYE)N0wkKKl(0T*DLki*}S5M@smo?TtQadVK
zSYQlLmA($ZAX=qoX7S
z#}644g$DSd>`KWbji~HgLhz<*;WS09!yPjVEYTtp%p69EL;ttQoE;e#KK~f>XEErP
z>cq&YIz9qE>wSqEOEySGg@(Vq;lE;z-ccTOBcK?eZ0ok%Zl6Y4SBgqNTLrs85gcR8
z0^@`dH=~C_+6u!-r;ur;M#}RPoQvv-E+z`8c#z6=tM8N}Cg4pDSPT0e8fmE}YX2ZG
z?^>-lW2P*FPe3ad8)Fn;Qh}*g&`v)6_4XS?Cf`5&{_mBuJ8xPS(oE4H4u}}AOghjo
zwHZ~*2>E=qci_D|*hMAyzjWY9Ah)fk#9AAhLUkErR%&>qQ1(Rv9ZK)h2!yM%{)4hB
z9pd{bVtXIkEz-Q**N%O-bLMECLP#k~a~G+BA~K)$F^?xKrCUgHZQ0`h6eK7^r+S@|=h5{b%oXf|Z+->=HeUZX_SjWU;=
z9uhRKXgie}MT<)ZAe?K^rCZ*az+DBO@6$~&Jb64j^X#-K=Uq`~Q$ez;W2HA8$q2n#
z37fF44h=A)GhT6?8lvAh;&QNhSv#duS#eP4auNUoNq>2rh)aK?1Yk45@p34sw6j>_`
zIAyZ6zWxxZ>7pHqNdA0T_1OSIOd3_9@#hjh$2zEiJ7r2%0>4L;W0eM%
z6_It^dS~>BvMmUcZFge54xY_C(!|?#>3Vgy%T-BEZyGiHIVhM^=C+GAh10KRHHR|&
zs-kv8wd(euTD<7aOjf-^+d#>Y$EPP#p%-~2DrL+p+M;vIf33IPCZ(?mEE1wbQ6%dH
zm!=Sct9geR&%A0k6&bHhlMxPDR0ynFQW;AcdpLD^)uy&XYdzJLUa{KR*13%)wML0>OwfRAsW%NsE$qDlH(M`ZMkk
zS@D&3m}^$fh}RnK{Kh-0ak>IW`;A&r#yN%s(f1GEzkmAj87*>dcX|c!9s&fFRDUjQ
zM&nNMpLp0VH)QAce~yyfEbhgI>I`J!$3r`;)r9_4tJ|!C$G@7-;xnU1f}4
zKEJ*B;Ehp(fuJG`mGjuZt1O^3u~HOZ)G$10Ou=YMjMicZc_Hr{NlgC2f&AYMINDqu
zQsTxrir3c&xi#F7_Q7ls+Ynp7H1Pf1WE$)S$;LPm5EOX1iVz~OC@<
z?eq~!GOy%1HkS-?U9zWXUZQxBP9Zg~=Y0ImP=L?{8U;k;?`m0_p-Tk
zQ9=&jfjA3U+E>XPCe3c?ZTGgy2WRK{{RcSnzsm%uwUMfD@qJEs4DAQi(gyJ%X{d(C1^wRw?bt<7+VBNHjq{hG6zmc7{sWTc~gH>bxYJ@4RSUr
z;d(?7wuiFx=APYL|8VfC$>Q`g@)h_k7e|Ud@N%%1n?bf5teX9Gk87U5eXqJm%8-Kp
z)4&iN4m&5DRHAYH2yL?dgB;7<|%cR{7p6ZT`Zig-uvRFK~~()?QSNEt@abqrMr
zGo4^cyYaAAE{a{FwnSx)^W|Mi1x20_KdfwHyI}QU>*GL%Pf#=HiN*52jZF5Ud6T3I
zKHtg+dJEvA#xcrxQUe1bN9wY}yzp_6DsY8)F-4X$CUJmK4M3~eVW_LlktEFwYy5sD
z8_1lmo1{bVst2m!s1AX^GcWU_wwRuC`Oy1*!*@TuGHDRI@PIcZWkQ59pj@#lcyLvAl!JBJ@Q$SG*J~z_bE8H+@wZq;=
zQLHFfQ91=ON-(Le%@wC0$iLqRChbLHYQshf}2Js!2IOUvoYSyyQS{O(sQ{wHegl)Kfk2@
z&YT%^QCtj_Zpc&s2LM!VR~t241-=62Pb^OF8*`mg
zs6$Cp;Bp)%q02dAtJ*o0E;3-e8XIwBR1L;y+ne~K8ySS~W#p%f{eoOlDYMK~N*)x3
zW5qZxIaRty2@r&63Ocv6v27z$S)#Uts640ms=9P#nMKct$?itEXmG)v=HGC45
zU*2Aa*jvFDD~+Z=kaJtd!=EFzOUFkd6X@Hgzdn3}9rcIzUdX3*;Ig6sD&#~m=MB>6
z@y5T@Wals`Fp(C7^LjO4HwEN{Thkk~sz-2hi$HBb^>_dE-6!hl7@O4r>OO(ZZjlpS
z!0Vw(D;46JWgeYw<92ZV<0AjkyPY5#MQoy^`+y=!2VHtoC{uvB2fm>I?ai2uhEGYkwggJAvWESbJOb_$J|FMpVE>)a<&T-4i9maxrhO(i*Jyl
z0yBA(=?B4VdE_utlU?;fJPGOL$>t}=IAz#O?shN%L2{WK-Vi+}Bb+vsddX`~w4;ID
z_t5MGx%GT>XQ0H*M(cfd0uOb>EeHJuV-@E;MV*ZBY|4j$w4tGz-AndMbuxc1!7^sw
zQ?vwEFh-xt4>uzA;blyyJAa{aHb^7z4(|X_4qlv%OY2}(8LAu4&?W{0`n$^=jp2o+
z<~D~ut3f}(l&HUGE{N-#9(>6^ge`%_CyW?(*Kdw3A-wsgG8V=~%<
zBZV{2U0u=co^*b7Zclj4GbfQZ?|=FV5lrK4fS_w(Qho2j7+9(7g`haIukUI(d^99&
zgNwccbp{o4p9+|GA`Hu{V|8}Z_;RLgU`0V|0v9U+9s_HV?WQ-h`qs4*P2akR{Oa7L
zz+)GsvS2BahXBb9sKF2&f?i`HE0b9B!%+VIsaiL?k&P>i#$i{jEOkkaF)JOEU4mm@
zf=1w*16T%=aROb__j3Gf60_ua!+1vaxOX|CzB8$f3igo`IACc?bw}kkvZ0J4Ex}0T
zWHdDS0R8;Q>Qr
zyA0TQ>bzeSV`aMp%`OUEFn{|~0Fzi9F%8yr0)hCLL64Z&QxP0$ejRL_o8-4?w
z2tXIE*{g3s7mJw@K_DBXkq=Z=mD#h=;gPH6DIY&shUCwID9EVchbR9Jq{r3M(Sh+l00*TWxO6N
zP3+=Sd6BX)fR{M;#DavHhY@q|X|c;)7#CbM+&3z@2D3QOVw-&pGna>Y$Iz?hH_&;p
zBQ75ZJ-N_u6y#XpDIZmT_Kn)kI`x|-^H&L-^sB$}wfR-@O8A0B
zI?Pq6Z9-1WE@~O1zthH^H5B8naok)Dw$L3OG9@{J9k7WhoirMVQ_(-f%B~JV17;BS
zQQq`OGanOdAwZn+?52hcESOJV+k^j57Y}yf2gMeRWv`}V6N6^+K?Mi`Vq%}Kd8A@O
zUDlBIF$41y1>L8SUxvx?{7ypPe8O*wLZb1YMloqdqS$+S;0m&&j8swUbpB-~8SLF6
zmQB17a6DdG?=XbBT`n6VIB6xP8i@AqAASU_37iVKVt)MzrVK+v9UItvlItw6GxARl
zE_UEjD{iDoWDQTT>jM$)PyT
zIAapTLoj*g(_VGp$n}MD2?-xAM=Pk`3Q!q({`kpo%%wE
zB!;HQ;$4AmV>bfq+X7-19X#I>4=5Z=lXC;5DQElzm>ZjZnV7*5`t~8FO=jF{8)(fC
zEUJ1@wz#P(zdzvynG9QJ5WBD4jYiS2W3DI3y6^3VR{X))vA`Y5O(GzQPy=o;m0w$p
zG;ArBD|>%Sbc_)~nQi3-dVecBiW(Jq@tNwTbKa9urmO5K;y5rz_0nwb&Xyc}axDNE
z_e!Mi)^#w0=hV^=uZcuMD&C>Tk32Y{)hPD`I4+gb*__0qfXWedjiBf2otJyn52YS%
z37!BG9Rb`IBj}}ME)IM!N#n7`;Q%M%Z}r_Tce%;-0?SpcA)w%HaoC`Pl~mq`5u-*r
zQz2@(9&VeRGByKLmG?)U&|sMLA9CvCy(Uorf6WUNNIs};8F;lvEPbjHc++3K|2$4V
z4S9!Ewk@9}clG7#H1$z&N8w^ryDJM!)4(L&*JKmBxH5b7N0|QyfOYtrV){H4bgXtP
zqvoL0jQRjHVI-Ld;CET%t6I&N1iq9Y{&s?@K>!0rJ}pX|-vY(nklS|6gRv7Rrq}O4
zbP9F)9n`A?IfR-H-~unQ*j$Hb1KE*Kh5GY17`cvaE7ja%6j0|?u`#1@^N&!rQIAwK
zQpGji=w55JKXQ%%l+K1Nn>alY0Rf@I1`pkhmVg0`erIB;sCVxI`t?FJV{o^0R!`1IG?
zSRYql___e+`QD_Zisj2zDjopWt{AvbeTpbu>-Ba1m;)Tod^ar97=52!GdE>3%>92gUR1tvJO*ds=S
zGfxEHJvemiROhMe6%S$<-N8%`wzYAlGzv|iR^f-#A4
zp$;Cw8yzXgN&#;H@wN3o);bTa8Zt#g
zKocUDeR_Q9{ZJKUXgX#G^9bF3pOSd^bimFq(FjOQG2GINgCMOID*ENq%l>I;>lD4n;z4r&wBO)r6
z9^j{_(j$Vw$17I#ABVg+n$hDWA%tEMl#e)&Y}YB;X?jI)QVlht5EzNl`#X|*QyP%8=^e~dSL8^6Mtc
z1Q>zvLg`h0eB9=BmS4hABkvW3E(Tf5FvIDwvV!3@F`-9Lx-0YG_g4joGGFw-IPv!sSR8b?4r!`!gIem!_cM0P
zqX@80C)6}H>7X?5l{JQ*UCp%%?kYHfbI+>*f&|i5a^V7fa=w(Ky8z216u$O!ijhDQHXy~j0!YEziyHnO_-6YSx>%+;36{2k&8bo{20pT#ZlJm0;F_6sMnkKKYb!6lW-u+Y?w>pqMp{?spC-i1;*|K;AZ!az+bmc
z#Tqd)A^jlY%oz6?3+cnZd8O%%4jF=m7EyV1(~?Q1pCl;LEoc$B(+IXb*HEKy74E7=
z_z&}ijTLNyW6{_tq(xjcU(9iIJwts}SA=eM4uGs9RL1E>2mnfy~!nbS*>>Z_|y10hSx}
zQf^jVYCR%jJsmU0fR-1cj*YQoZ)#5(3v3PqZPstON&foy{T&osAaIzt1;QQ&s*cZK
z41gisLYw$jK1k8W$e7g-<6S8&O_oYxy)I}BVd#iilEbaBlh8mi+_bb+QKdZthe|b@
z2A?w^J{9te)5V)N)`m3fVU5uk&F6!VIO5abo|&4E|4M&ZHpbyk{mkg${_{B)U3rz&apDpT1sy
z`TB$5x67RiWMvwpeJixZEpLkun;<9@1o_?wlQ0D>jrPO&Fn5m%odnYVX(8`z<~Z=i
z*%bue3W6N}`8E0U`Nuc!#SN0eHj5QZ6}e)tTWad@=#D%JMu@RvXaw&`8hUdWoOaX$
zK;I}_nDbB(9E
z2r<*a9G+|ZzXJk`XKvdu3Lk-FpRFn94LYb6E&
z!*a-8%NvExg-x(NVy`Ms6au{*5mz4)Ma5mjQA!)kUVxeuP8eCJEE1Pru%~l=fT9gH
zahqbwD%?t3^o>VjZs9@;wt_dwp9&*nRC4pB{jn<#=Pp}0D4Q;E_Z1*29pO7qxh}E_
z6$~l-_3>yZxlq&XV|I}#z}3aW20UVQx$PAHsti(1RqLA31?ikwXce8HyvKFa@8k$r
zWG!m!>cOP;$fc1Au@5B-qaJy91Ked8MMuG}jX06(G2iR8X%a5Pt@MF}y%-T&rnXG%itR3(Rm;m39!lN81atX+12l%pbv;4hNzmq
zwh`L2>{isHaBdimbSZl{934l5m4lCkfMXQ!j{=gzq%znMguZN4USn970oH!?9tI~{
zb2sZ<4@Q@RsVJD6h9l8?5ZI^6Jd2$}gyVLgDvaQyly&V4@$xqcIsST~j6#UX>VRdk
zYn(%p*i9+eUWJ;v*u5Ct3nK^d0!1+8K9bEglC0_-+EQF@-nWUm#ao-kmm{ms7##!Y
z{prhJk=?f$9FR{$%M!Eh)4B8@Bjz~k$M<(_=6n|Np5y@hB%0NkGQbhx
zXrSuz#wlS#GG$Cg3&9FMv97J>5ECISn_jP6kZpu}V6y*F94=_n>2#bzI8lGOtC6iq
z5g6)0!!Ym?!Ycjv@b()b%_{;kb#in4W@0U+D4-XI8fxh6e4#~v9hHrDrjvY!-APOp
z7aLe603l{xW6JGafB|D8gqXja!O*>!@xEtzUEVvG(DHNvjtY%hD66pFv+8BTe0=-<
z{Wn!a$D~Gq`EvR!i@|B}x7tNNPbL+BBTzF|GVb!fig()-L@gA~(i^@h{a~~eD
ziEy<=H}Tj}zoAM~w(!XPxI2P+U#vs0xo90tYB_+7;5{?=n%;S7t}X{6wjIqBRT|{J
z)^W6z#lgkYA^YW{i{XOcD%RO1z$-94X`PLNZ4>w)PseUb)~T~zIWZPIvK__zIhw|B
zKTPc(r67*iW;Qs6sqnH$e*fdkZ*TudzI^-$fNHLg-GQ)b(*mfG%w6d=!V0K9{8pc&@$gB`|Hn7?^pd=sVygeiQHwBK9Cu&IcjOb^h;gcnQ*}S
zLwCYT7-aO$uQ9Ho;56GS(5qCrpk|`Caf#I5BPtJ+8z{Z0nSx&+j7?WZxnV2yv`L?S
z-a$NEi782U6s5=u7ID0U;O)E4&Hgw9<<(QDu7$RGSs231H6Hn=
zN)8q?=iV5$>P83Jp+`dfIEc{&5de2_%X&K7IWxpJ9Vtk0)NNbx`1nYo&^fNC^N}tR
za0HFR3$+Lz`oMgrlbS+I1F)9bLXByigG|3zD5#2VtD4M_Zz8HDIcJJ$Nr3~B-QMLe
zZKXXq9G@7nxiYGQ;h$+Ut4{r?*b$+5PLq5j{I$TRv9&^#k+1Ro!(YGs`OyIem57@A
zHT9sQpddQUYHw|(GA4w>9Vxr4Uu{~F(+>#yXrA8mXe%$b36Ak1G@4PL@_XCN~dq
zX;to?WZ_g6Mj;ZM)7P!@!%6&JAecJ6BJY_K>u^0M{OcRj_T(jDE(Bu6fp-VzWkGrI
zcqtfdTa@0#BrnB&Jp^E&;Zx
z>D@Vf<-YOWwoUig{4AI*v-ca~0}FsdTyEhpAQAAmN2P4M6FrC5Lf3j%l}_)nH>sGP
z3mufx=QM|w3g9B1KHdBA$OhNckwE%Z7TB?SZ$7;L^p=6lsk2GG;uOSrPyeH!X&O2*
z#FOqfq*NJPR3M0=mfk){`Mr_vT+i@Au=%w~DfaMVD-$Cqr(wl0-RX9Xe`eek1(=zm-`a0!X8bx8WHXRi}dZ1wfRgx+dvqCk5BgC;T
z9;B7*Sz7T6U~^JnO3zYIu&6!qHARr=J#;t)-;qHuG(^F41`4z$Zhb@KS_ZR$FPyui
z9jHQU#Imz~+^BUVJ`WOF*bxC-X%s-O3226xdVOi&w;-u>EJ7`DI;GIHRK%WVya~~0
z4g&H(m<9%*s_`l=2iW;{Q>}Tm*z7w&vU7q=n>7du2Pm~_bS?V1rHZd(N*Weg=k7XD
zJF@^Ni=Cmq<~-laLf!V(t7;FoJHZE5%zR{EZbA%;W$^2@T+h4w=w1zCv_>5-3T917
zpeehIEDO|m5jAZin*uO-@Aqjvz~e`Vh3O{Ic|`Mm1`J53t%f;rF#Ebw!W(mh>M!eI
zP#S6nHbS^zJj35e(b-sA3WX`70~D66ptKj9SPGV(3!ltoORIyv1{8j
zyC~dMOa!F6U33$wi)pYiy(dQ>C1T=Kz%f@C7Z-~1se&_r<%0Gz+|8c!_TuLJp3+#9
z$2n=3S2Em#(`Acd=^AwuJi>$c*ck`Y`DlAc<>Sm*6oGucI&Dq)h=*nl^B&NP7bt;Gi~r&A|)*?UrkqA)tcm+jE(Ty*N^cG
z2=uEq*BQOtt;~FI6crUzu)p-dX|t$2&g8?mlLi7!Ytcf60SHgjJT!vX{a*D@y>m0Y
zID?Bbr;O)pQ*aGs&|lAVDe2uCeM**z0?1sSIXRnGrQL?lKaiQij=c0ufeX)
z<3RJlQ;)iCQDbWc&Q;CpCQ)S-6K=~B$hYgpQ=pXhQHe^O8tN?s@J5?6@2Qm4vdjvL?lNJEnaLhW1c!|GUZ(A1#9eR7~X--qH~$(f^w4j$k&59qzX!@
zuu|HqBSZBwNWZOMAb9?Umr1}C0Va;Gq05(%C9U*=yUrMTH}8M?L07>|SH-UW9BaVB
zADP@-(6V;F-j&(rc0$QPrQLN;s%Vp0AiIeP+(-%u8|TL;o)x%w56(}dyDL;a7W2=b
z1M*hre8m!mKG1tAxD(`bGqyhDY%69auLOo%IlO|THZY*UxT(%qWNd4MJ+Z?rYMPI<
z?g2+BcOH+-C&Z`sA3p#1^znb4Z>%8Yjx=G{_a@C!WR6Sb-7vY(?9|RrH-$WK$|so|
z$ASlm6k7?xOL?Evdi0?xHQE!M(Ua5M&+^L&rz-c-J?s>QcOqsoX
zOq|egV%X!w<`hU-0}9d1(^TW*hU>|GsMh4aAF8pxVsn-q2v&MngNaGy6?Adz6;07#
zR?akCCTMeONRhfH2To#OEQFQyWVPItfM&2`qceYE5h|MOHQIQcYJl8W$H8w^qn%ug
z>#14-#s!~L3O}F-kLxCIBAtr2Vr8xTcZWz|oAoFH7PReRss=6|>cU0Dvw3nZi(+~i
zUo_RQQO5oafp-x`e{P*aaMupI
zb&(dEX6@O=hA+xtgT#-Qy9?LHC^LE!#VYn2b^9#mMP1iSkkd%bPlNUe;vqlv{pOa&
zLc6=FZs35Si$b+1gH*6zz1iZm!a*c=Z_f9GSCPpJWeMQi$daYzp@dT6`fw#ziJ6a#
z^$QT;kx~=rLL19cJxOZtNtI$z9X&q;4cve|D0|N0bgEmBVC`6XF!lY^$y{Q39yylYHxC1ql{k^3D?O5+)6pP5IWXf3NGn)QzU_S^30y}{3
zvf%A@Gf|wxXDBdHSEJrHX>VcJ93hn7sbtCNrGoHsF7{N7wDbDcWGf039rm6BXpUXX
zQ#uGoQvgvQ1hm=_oYK=ut{%nkCNlz?j59+ma{AgOY8CWQ9g9?{Cv(n{YtVxRilpl9P6^c5XCGir
z(+$oUO4GV6*tn38DSShi9hHW7C_Nto;(Swfj3k_<)B#Qve8B~OYR<=1ny0Nre86^?
z%8Q+QH7GO(x1YO66|7&A+#;)Yxfm>YVM#%|tjMo=at??44cSTAil}n1{7z2&ahmXb8iNgJ<*sH;%#K
zwJr_HWrtN@Cng!GdY$>mK6|@1k%O0*bGWLN+pc3M7W+N%#+*K+c^xE__xDcw!0Sq=
l@d<|0IHeo)9&c=1N+!J2fVL;5CZ*T!{|}^Z*RyZ$NB~TPEEE6$

literal 0
HcmV?d00001

diff --git a/share/security/patches/SA-00:25/kernel.gz.asc b/share/security/patches/SA-00:25/kernel.gz.asc
new file mode 100644
index 0000000000..ba987c1215
--- /dev/null
+++ b/share/security/patches/SA-00:25/kernel.gz.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUAOTyRS1UuHi5z0oilAQGO+QP/TV/5d7w3F/6+uvh6VaiftAwq4lhZzpYJ
+LNuo13imYmj49lttLKModkZVDnNdQFK/ND5lsWkZpx82w3S7lY7jazmy50nlgUXw
+pBNE3aNLsDmmqZ19LMkF258IBDTkObDjSFfzaqxiQxsUT6feegqCiLZZfS27uyEz
+l1aAcB1gf34=
+=wRPS
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:25/kernel.sys.diff b/share/security/patches/SA-00:25/kernel.sys.diff
new file mode 100644
index 0000000000..dbaea82179
--- /dev/null
+++ b/share/security/patches/SA-00:25/kernel.sys.diff
@@ -0,0 +1,1289 @@
+Index: sys/alpha/alpha/machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/alpha/alpha/machdep.c,v
+retrieving revision 1.68
+diff -u -r1.68 machdep.c
+--- sys/alpha/alpha/machdep.c	2000/02/29 08:48:08	1.68
++++ sys/alpha/alpha/machdep.c	2000/05/24 05:47:57
+@@ -112,6 +112,7 @@
+ #include 
+ #include 
+ #include 
++#include 
+ #include 
+ #include 
+ #include 
+@@ -996,6 +997,11 @@
+ 	proc0.p_md.md_tf =
+ 	    (struct trapframe *)proc0paddr->u_pcb.pcb_hw.apcb_ksp;
+ 
++ 	/*
++	 * Initialise entropy pool.
++	 */
++	rand_initialize();
++
+ 	/*
+ 	 * Look at arguments passed to us and compute boothowto.
+ 	 */
+@@ -2110,14 +2116,4 @@
+ 	}
+ 
+ 	p->p_md.md_flags |= MDP_FPUSED;
+-}
+-
+-/*
+- * dummy version of read_random() until the random driver is ported.
+- */
+-int read_random __P((void));
+-int
+-read_random(void)
+-{
+-	return (0);
+ }
+Index: sys/alpha/alpha/mem.c
+===================================================================
+RCS file: /home/ncvs/src/sys/alpha/alpha/mem.c,v
+retrieving revision 1.19
+diff -u -r1.19 mem.c
+--- sys/alpha/alpha/mem.c	1999/11/07 12:01:27	1.19
++++ sys/alpha/alpha/mem.c	2000/05/24 05:43:52
+@@ -55,9 +55,10 @@
+ #include 
+ #include 
+ #include 
++#include 
++#include 
+ 
+ #include 
+-/* #include */
+ #include 
+ #ifdef PERFMON
+ #include 
+@@ -67,7 +68,7 @@
+ #include 
+ #include 
+ 
+-static caddr_t zeropage;
++static caddr_t zbuf;
+ 
+ static	d_open_t	mmopen;
+ static	d_close_t	mmclose;
+@@ -94,7 +95,19 @@
+ 	/* bmaj */	-1
+ };
+ 
++/*
++	XXX  the below should be used.  However there is too much "16"
++	hardcodeing in kern_random.c right now. -- obrien
++#if NHWI > 0
++#define	ICU_LEN (NHWI)
++#else
++#define	ICU_LEN (NSWI)
++#endif
++*/
++#define	ICU_LEN 16
+ 
++static struct random_softc random_softc[ICU_LEN];
++static int random_ioctl __P((dev_t, u_long, caddr_t, int, struct proc *));
+ 
+ static int
+ mmclose(dev, flags, fmt, p)
+@@ -151,7 +164,11 @@
+ 	register int c;
+ 	register struct iovec *iov;
+ 	int error = 0, rw;
++	u_int poolsize;
++	caddr_t buf;
+ 
++	buf = NULL;
++
+ 	while (uio->uio_resid > 0 && !error) {
+ 		iov = uio->uio_iov;
+ 		if (iov->iov_len == 0) {
+@@ -171,6 +188,7 @@
+ 			rw = (uio->uio_rw == UIO_READ) ? VM_PROT_READ : VM_PROT_WRITE;
+ 			if ((alpha_pa_access(v) & rw) != rw) {
+ 				error = EFAULT;
++				c = 0;
+ 				break;
+ 			}
+ 
+@@ -178,7 +196,7 @@
+ 			c = min(uio->uio_resid, (int)(PAGE_SIZE - o));
+ 			error =
+ 			    uiomove((caddr_t)ALPHA_PHYS_TO_K0SEG(v), c, uio);
+-			break;
++			continue;
+ 
+ /* minor device 1 is kernel memory */
+ 		case 1: {
+@@ -212,38 +230,92 @@
+ 				return (EFAULT);
+ #endif
+ 			error = uiomove((caddr_t)v, c, uio);
+-			break;
++			continue;
+ 		}
+ 
+ /* minor device 2 is EOF/rathole */
+ 		case 2:
+-			if (uio->uio_rw == UIO_WRITE)
+-				uio->uio_resid = 0;
+-			return (0);
++			if (uio->uio_rw == UIO_READ)
++				return (0);
++			c = iov->iov_len;
++			break;
++
++/* minor device 3 (/dev/random) is source of filth on read, rathole on write */
++		case 3:
++			if (uio->uio_rw == UIO_WRITE) {
++				c = iov->iov_len;
++				break;
++			}
++			if (buf == NULL)
++				buf = (caddr_t)
++				    malloc(PAGE_SIZE, M_TEMP, M_WAITOK);
++			c = min(iov->iov_len, PAGE_SIZE);
++			poolsize = read_random(buf, c);
++			if (poolsize == 0) {
++				if (buf)
++					free(buf, M_TEMP);
++				return (0);
++			}
++			c = min(c, poolsize);
++			error = uiomove(buf, c, uio);
++			continue;
++
++/* minor device 4 (/dev/urandom) is source of muck on read, rathole on write */
++		case 4:
++			if (uio->uio_rw == UIO_WRITE) {
++				c = iov->iov_len;
++				break;
++			}
++			if (CURSIG(curproc) != 0) {
++				/*
++				 * Use tsleep() to get the error code right.
++				 * It should return immediately.
++				 */
++				error = tsleep(&random_softc[0],
++				    PZERO | PCATCH, "urand", 1);
++				if (error != 0 && error != EWOULDBLOCK)
++					continue;
++			}
++			if (buf == NULL)
++				buf = (caddr_t)
++				    malloc(PAGE_SIZE, M_TEMP, M_WAITOK);
++			c = min(iov->iov_len, PAGE_SIZE);
++			poolsize = read_random_unlimited(buf, c);
++			c = min(c, poolsize);
++			error = uiomove(buf, c, uio);
++			continue;
+ 
+ /* minor device 12 (/dev/zero) is source of nulls on read, rathole on write */
+ 		case 12:
+ 			if (uio->uio_rw == UIO_WRITE) {
+-				uio->uio_resid = 0;
+-				return (0);
++				c = iov->iov_len;
++				break;
+ 			}
+ 			/*
+ 			 * On the first call, allocate and zero a page
+ 			 * of memory for use with /dev/zero.
+ 			 */
+-			if (zeropage == NULL) {
+-				zeropage = (caddr_t)
++			if (zbuf == NULL) {
++				zbuf = (caddr_t)
+ 				    malloc(PAGE_SIZE, M_TEMP, M_WAITOK);
+-				bzero(zeropage, PAGE_SIZE);
++				bzero(zbuf, PAGE_SIZE);
+ 			}
+ 			c = min(iov->iov_len, PAGE_SIZE);
+-			error = uiomove(zeropage, c, uio);
+-			break;
++			error = uiomove(zbuf, c, uio);
++			continue;
+ 
+ 		default:
+ 			return (ENXIO);
+ 		}
++		if (error)
++			break;
++		iov->iov_base += c;
++		iov->iov_len -= c;
++		uio->uio_offset += c;
++		uio->uio_resid -= c;
+ 	}
++	if (buf)
++		free(buf, M_TEMP);
+ 	return (error);
+ }
+ 
+@@ -293,7 +365,7 @@
+ 	switch(minor(dev)) {
+ 	case 3:
+ 	case 4:
+-		break;
++		return random_ioctl(dev, cmd, cmdarg, flags, p);
+ 
+ #ifdef PERFMON
+ 	case 32:
+@@ -399,5 +471,15 @@
+ #endif /* PERFMON */
+ }
+ 
+-SYSINIT(memdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,mem_drvinit,NULL)
++static int 
++random_ioctl(dev, cmd, data, flags, p)
++	dev_t dev;
++	u_long cmd;
++	caddr_t data;
++	int flags;
++	struct proc *p;
++{
++	return (0);
++}
+ 
++SYSINIT(memdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,mem_drvinit,NULL)
+Index: sys/alpha/include/types.h
+===================================================================
+RCS file: /home/ncvs/src/sys/alpha/include/types.h,v
+retrieving revision 1.11
+diff -u -r1.11 types.h
+--- sys/alpha/include/types.h	1999/12/29 04:28:00	1.11
++++ sys/alpha/include/types.h	2000/05/24 04:43:30
+@@ -67,7 +67,7 @@
+ /* Interrupt mask (spl, xxx_imask, etc) */
+ typedef __uint32_t		intrmask_t;
+ 
+-/* Interrupt handler function type - arg should be "void *" one day */
+-typedef void			inthand2_t(int _unit);
++/* Interrupt handler function type */
++typedef void			inthand2_t(void *);
+ 
+ #endif	/* _MACHTYPES_H_ */
+Index: sys/conf/files
+===================================================================
+RCS file: /home/ncvs/src/sys/conf/files,v
+retrieving revision 1.340
+diff -u -r1.340 files
+--- sys/conf/files	2000/03/08 16:17:06	1.340
++++ sys/conf/files	2000/05/24 04:36:43
+@@ -423,6 +423,7 @@
+ kern/kern_physio.c	standard
+ kern/kern_proc.c	standard
+ kern/kern_prot.c	standard
++kern/kern_random.c	standard
+ kern/kern_resource.c	standard
+ kern/kern_shutdown.c	standard
+ kern/kern_sig.c		standard
+Index: sys/conf/files.i386
+===================================================================
+RCS file: /home/ncvs/src/sys/conf/files.i386,v
+retrieving revision 1.307
+diff -u -r1.307 files.i386
+--- sys/conf/files.i386	2000/02/21 02:10:01	1.307
++++ sys/conf/files.i386	2000/05/24 04:37:37
+@@ -240,7 +240,6 @@
+ i386/isa/pcvt/pcvt_sup.c	optional	vt
+ i386/isa/pcvt/pcvt_vtf.c	optional	vt
+ i386/isa/prof_machdep.c		optional	profiling-routine
+-i386/isa/random_machdep.c	standard
+ i386/isa/rc.c			optional	rc
+ i386/isa/rp.c			optional	rp
+ i386/isa/scd.c			optional	scd
+Index: sys/conf/files.pc98
+===================================================================
+RCS file: /home/ncvs/src/sys/conf/files.pc98,v
+retrieving revision 1.140
+diff -u -r1.140 files.pc98
+--- sys/conf/files.pc98	2000/03/01 08:50:05	1.140
++++ sys/conf/files.pc98	2000/05/24 04:37:34
+@@ -228,7 +228,6 @@
+ i386/isa/pcvt/pcvt_vtf.c	optional	vt
+ pc98/pc98/ppc.c			optional	ppc
+ i386/isa/prof_machdep.c		optional	profiling-routine
+-i386/isa/random_machdep.c	standard
+ i386/isa/rc.c			optional	rc
+ i386/isa/rp.c			optional	rp
+ i386/isa/scd.c			optional	scd
+Index: sys/i386/include/random.h
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/include/Attic/random.h,v
+retrieving revision 1.18
+diff -u -r1.18 random.h
+--- sys/i386/include/random.h	1999/12/29 04:33:06	1.18
++++ sys/i386/include/random.h	2000/05/24 04:33:20
+@@ -1,90 +0,0 @@
+-/*
+- * random.h -- A strong random number generator
+- *
+- * $FreeBSD: src/sys/i386/include/random.h,v 1.18 1999/12/29 04:33:06 peter Exp $
+- *
+- * Version 0.95, last modified 18-Oct-95
+- * 
+- * Copyright Theodore Ts'o, 1994, 1995.  All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- *    notice, and the entire permission notice in its entirety,
+- *    including the disclaimer of warranties.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. The name of the author may not be used to endorse or promote
+- *    products derived from this software without specific prior
+- *    written permission.
+- * 
+- * ALTERNATIVELY, this product may be distributed under the terms of
+- * the GNU Public License, in which case the provisions of the GPL are
+- * required INSTEAD OF the above restrictions.  (This clause is
+- * necessary due to a potential bad interaction between the GPL and
+- * the restrictions contained in a BSD-style copyright.)
+- * 
+- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+- * OF THE POSSIBILITY OF SUCH DAMAGE.
+- *
+- */
+-
+-/*
+- * Many kernel routines will have a use for good random numbers,
+- * for example, for truely random TCP sequence numbers, which prevent
+- * certain forms of TCP spoofing attacks.
+- * 
+- */
+-
+-#ifndef	_MACHINE_RANDOM_H_
+-#define	_MACHINE_RANDOM_H_
+-
+-#include 
+-
+-#define	MEM_SETIRQ	_IOW('r', 1, u_int16_t)	/* set interrupt */
+-#define	MEM_CLEARIRQ	_IOW('r', 2, u_int16_t)	/* clear interrupt */
+-#define	MEM_RETURNIRQ	_IOR('r', 3, u_int16_t)	/* return interrupt */
+-
+-#ifdef _KERNEL
+-
+-/* Type of the cookie passed to add_interrupt_randomness. */
+-
+-struct random_softc {
+-	inthand2_t	*sc_handler;
+-	void		*sc_arg;
+-	int		sc_intr;
+-};
+-
+-/* Exported functions */
+-
+-void rand_initialize(void);
+-void add_keyboard_randomness(u_char scancode);
+-inthand2_t add_interrupt_randomness;
+-#ifdef notused
+-void add_blkdev_randomness(int major);
+-#endif
+-
+-#ifdef notused
+-void get_random_bytes(void *buf, u_int nbytes);
+-#endif
+-u_int read_random(void *buf, u_int size);
+-u_int read_random_unlimited(void *buf, u_int size);
+-#ifdef notused
+-u_int write_random(const char *buf, u_int nbytes);
+-#endif
+-int random_poll(dev_t dev, int events, struct proc *p);
+-
+-#endif /* _KERNEL */
+-
+-#endif /* !_MACHINE_RANDOM_H_ */
+Index: sys/i386/isa/random_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/isa/Attic/random_machdep.c,v
+retrieving revision 1.33
+diff -u -r1.33 random_machdep.c
+--- sys/i386/isa/random_machdep.c	1999/10/11 15:00:09	1.33
++++ sys/i386/isa/random_machdep.c	2000/05/24 04:33:11
+@@ -1,378 +0,0 @@
+-/*
+- * random_machdep.c -- A strong random number generator
+- *
+- * $FreeBSD: src/sys/i386/isa/random_machdep.c,v 1.33 1999/10/11 15:00:09 peter Exp $
+- *
+- * Version 0.95, last modified 18-Oct-95
+- * 
+- * Copyright Theodore Ts'o, 1994, 1995.  All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- *    notice, and the entire permission notice in its entirety,
+- *    including the disclaimer of warranties.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. The name of the author may not be used to endorse or promote
+- *    products derived from this software without specific prior
+- *    written permission.
+- * 
+- * ALTERNATIVELY, this product may be distributed under the terms of
+- * the GNU Public License, in which case the provisions of the GPL are
+- * required INSTEAD OF the above restrictions.  (This clause is
+- * necessary due to a potential bad interaction between the GPL and
+- * the restrictions contained in a BSD-style copyright.)
+- * 
+- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+- * OF THE POSSIBILITY OF SUCH DAMAGE.
+- */
+-
+-#include 
+-#include 
+-#include 
+-#include 
+-#include 
+-#include 
+-
+-#include 
+-
+-#include 
+-
+-#define MAX_BLKDEV 4
+-
+-/*
+- * The pool is stirred with a primitive polynomial of degree 128
+- * over GF(2), namely x^128 + x^99 + x^59 + x^31 + x^9 + x^7 + 1.
+- * For a pool of size 64, try x^64+x^62+x^38+x^10+x^6+x+1.
+- */
+-#define POOLWORDS 128    /* Power of 2 - note that this is 32-bit words */
+-#define POOLBITS (POOLWORDS*32)
+-
+-#if POOLWORDS == 128
+-#define TAP1    99     /* The polynomial taps */
+-#define TAP2    59
+-#define TAP3    31
+-#define TAP4    9
+-#define TAP5    7
+-#elif POOLWORDS == 64
+-#define TAP1    62      /* The polynomial taps */
+-#define TAP2    38
+-#define TAP3    10
+-#define TAP4    6
+-#define TAP5    1
+-#else
+-#error No primitive polynomial available for chosen POOLWORDS
+-#endif
+-
+-#define WRITEBUFFER 512 /* size in bytes */
+-
+-/* There is actually only one of these, globally. */
+-struct random_bucket {
+-	u_int	add_ptr;
+-	u_int	entropy_count;
+-	int	input_rotate;
+-	u_int32_t *pool;
+-	struct	selinfo rsel;
+-};
+-
+-/* There is one of these per entropy source */
+-struct timer_rand_state {
+-	u_long	last_time;
+-	int 	last_delta;
+-	int 	nbits;
+-};
+-
+-static struct random_bucket random_state;
+-static u_int32_t random_pool[POOLWORDS];
+-static struct timer_rand_state keyboard_timer_state;
+-static struct timer_rand_state extract_timer_state;
+-static struct timer_rand_state irq_timer_state[ICU_LEN];
+-#ifdef notyet
+-static struct timer_rand_state blkdev_timer_state[MAX_BLKDEV];
+-#endif
+-static struct wait_queue *random_wait;
+-
+-#ifndef MIN
+-#define MIN(a,b) (((a) < (b)) ? (a) : (b))
+-#endif
+-	
+-void
+-rand_initialize(void)
+-{
+-	random_state.add_ptr = 0;
+-	random_state.entropy_count = 0;
+-	random_state.pool = random_pool;
+-	random_wait = NULL;
+-	random_state.rsel.si_flags = 0;
+-	random_state.rsel.si_pid = 0;
+-}
+-
+-/*
+- * This function adds an int into the entropy "pool".  It does not
+- * update the entropy estimate.  The caller must do this if appropriate.
+- *
+- * The pool is stirred with a primitive polynomial of degree 128
+- * over GF(2), namely x^128 + x^99 + x^59 + x^31 + x^9 + x^7 + 1.
+- * For a pool of size 64, try x^64+x^62+x^38+x^10+x^6+x+1.
+- * 
+- * We rotate the input word by a changing number of bits, to help
+- * assure that all bits in the entropy get toggled.  Otherwise, if we
+- * consistently feed the entropy pool small numbers (like ticks and
+- * scancodes, for example), the upper bits of the entropy pool don't
+- * get affected. --- TYT, 10/11/95
+- */
+-static __inline void
+-add_entropy_word(struct random_bucket *r, const u_int32_t input)
+-{
+-	u_int i;
+-	u_int32_t w;
+-
+-	w = (input << r->input_rotate) | (input >> (32 - r->input_rotate));
+-	i = r->add_ptr = (r->add_ptr - 1) & (POOLWORDS-1);
+-	if (i)
+-		r->input_rotate = (r->input_rotate + 7) & 31;
+-	else
+-		/*
+-		 * At the beginning of the pool, add an extra 7 bits
+-		 * rotation, so that successive passes spread the
+-		 * input bits across the pool evenly.
+-		 */
+-		r->input_rotate = (r->input_rotate + 14) & 31;
+-
+-	/* XOR in the various taps */
+-	w ^= r->pool[(i+TAP1)&(POOLWORDS-1)];
+-	w ^= r->pool[(i+TAP2)&(POOLWORDS-1)];
+-	w ^= r->pool[(i+TAP3)&(POOLWORDS-1)];
+-	w ^= r->pool[(i+TAP4)&(POOLWORDS-1)];
+-	w ^= r->pool[(i+TAP5)&(POOLWORDS-1)];
+-	w ^= r->pool[i];
+-	/* Rotate w left 1 bit (stolen from SHA) and store */
+-	r->pool[i] = (w << 1) | (w >> 31);
+-}
+-
+-/*
+- * This function adds entropy to the entropy "pool" by using timing
+- * delays.  It uses the timer_rand_state structure to make an estimate
+- * of how  any bits of entropy this call has added to the pool.
+- *
+- * The number "num" is also added to the pool - it should somehow describe
+- * the type of event which just happened.  This is currently 0-255 for
+- * keyboard scan codes, and 256 upwards for interrupts.
+- * On the i386, this is assumed to be at most 16 bits, and the high bits
+- * are used for a high-resolution timer.
+- */
+-static void
+-add_timer_randomness(struct random_bucket *r, struct timer_rand_state *state,
+-	u_int num)
+-{
+-	int		delta, delta2;
+-	u_int		nbits;
+-	u_int32_t	time;
+-
+-	num ^= timecounter->tc_get_timecount(timecounter) << 16;
+-	r->entropy_count += 2;
+-		
+-	time = ticks;
+-
+-	add_entropy_word(r, (u_int32_t) num);
+-	add_entropy_word(r, time);
+-
+-	/*
+-	 * Calculate number of bits of randomness we probably
+-	 * added.  We take into account the first and second order
+-	 * deltas in order to make our estimate.
+-	 */
+-	delta = time - state->last_time;
+-	state->last_time = time;
+-
+-	delta2 = delta - state->last_delta;
+-	state->last_delta = delta;
+-
+-	if (delta < 0) delta = -delta;
+-	if (delta2 < 0) delta2 = -delta2;
+-	delta = MIN(delta, delta2) >> 1;
+-	for (nbits = 0; delta; nbits++)
+-		delta >>= 1;
+-
+-	r->entropy_count += nbits;
+-	
+-	/* Prevent overflow */
+-	if (r->entropy_count > POOLBITS)
+-		r->entropy_count = POOLBITS;
+-
+-	if (r->entropy_count >= 8)
+-		selwakeup(&random_state.rsel);
+-}
+-
+-void
+-add_keyboard_randomness(u_char scancode)
+-{
+-	add_timer_randomness(&random_state, &keyboard_timer_state, scancode);
+-}
+-
+-void
+-add_interrupt_randomness(void *vsc)
+-{
+-	int intr;
+-	struct random_softc *sc = vsc;
+-
+-	(sc->sc_handler)(sc->sc_arg);
+-	intr = sc->sc_intr;
+-	add_timer_randomness(&random_state, &irq_timer_state[intr], intr);
+-}
+-
+-#ifdef notused
+-void
+-add_blkdev_randomness(int major)
+-{
+-	if (major >= MAX_BLKDEV)
+-		return;
+-
+-	add_timer_randomness(&random_state, &blkdev_timer_state[major],
+-			     0x200+major);
+-}
+-#endif /* notused */
+-
+-#if POOLWORDS % 16
+-#error extract_entropy() assumes that POOLWORDS is a multiple of 16 words.
+-#endif
+-/*
+- * This function extracts randomness from the "entropy pool", and
+- * returns it in a buffer.  This function computes how many remaining
+- * bits of entropy are left in the pool, but it does not restrict the
+- * number of bytes that are actually obtained.
+- */
+-static __inline int
+-extract_entropy(struct random_bucket *r, char *buf, int nbytes)
+-{
+-	int ret, i;
+-	u_int32_t tmp[4];
+-	
+-	add_timer_randomness(r, &extract_timer_state, nbytes);
+-	
+-	/* Redundant, but just in case... */
+-	if (r->entropy_count > POOLBITS) 
+-		r->entropy_count = POOLBITS;
+-	/* Why is this here?  Left in from Ted Ts'o.  Perhaps to limit time. */
+-	if (nbytes > 32768)
+-		nbytes = 32768;
+-
+-	ret = nbytes;
+-	if (r->entropy_count / 8 >= nbytes)
+-		r->entropy_count -= nbytes*8;
+-	else
+-		r->entropy_count = 0;
+-
+-	while (nbytes) {
+-		/* Hash the pool to get the output */
+-		tmp[0] = 0x67452301;
+-		tmp[1] = 0xefcdab89;
+-		tmp[2] = 0x98badcfe;
+-		tmp[3] = 0x10325476;
+-		for (i = 0; i < POOLWORDS; i += 16)
+-			MD5Transform(tmp, (char *)(r->pool+i));
+-		/* Modify pool so next hash will produce different results */
+-		add_entropy_word(r, tmp[0]);
+-		add_entropy_word(r, tmp[1]);
+-		add_entropy_word(r, tmp[2]);
+-		add_entropy_word(r, tmp[3]);
+-		/*
+-		 * Run the MD5 Transform one more time, since we want
+-		 * to add at least minimal obscuring of the inputs to
+-		 * add_entropy_word().  --- TYT
+-		 */
+-		MD5Transform(tmp, (char *)(r->pool));
+-		
+-		/* Copy data to destination buffer */
+-		i = MIN(nbytes, 16);
+-		bcopy(tmp, buf, i);
+-		nbytes -= i;
+-		buf += i;
+-	}
+-
+-	/* Wipe data from memory */
+-	bzero(tmp, sizeof(tmp));
+-	
+-	return ret;
+-}
+-
+-#ifdef notused /* XXX NOT the exported kernel interface */
+-/*
+- * This function is the exported kernel interface.  It returns some
+- * number of good random numbers, suitable for seeding TCP sequence
+- * numbers, etc.
+- */
+-void
+-get_random_bytes(void *buf, u_int nbytes)
+-{
+-	extract_entropy(&random_state, (char *) buf, nbytes);
+-}
+-#endif /* notused */
+-
+-u_int
+-read_random(void *buf, u_int nbytes)
+-{
+-	if ((nbytes * 8) > random_state.entropy_count)
+-		nbytes = random_state.entropy_count / 8;
+-	
+-	return extract_entropy(&random_state, (char *)buf, nbytes);
+-}
+-
+-u_int
+-read_random_unlimited(void *buf, u_int nbytes)
+-{
+-	return extract_entropy(&random_state, (char *)buf, nbytes);
+-}
+-
+-#ifdef notused
+-u_int
+-write_random(const char *buf, u_int nbytes)
+-{
+-	u_int i;
+-	u_int32_t word, *p;
+-
+-	for (i = nbytes, p = (u_int32_t *)buf;
+-	     i >= sizeof(u_int32_t);
+-	     i-= sizeof(u_int32_t), p++)
+-		add_entropy_word(&random_state, *p);
+-	if (i) {
+-		word = 0;
+-		bcopy(p, &word, i);
+-		add_entropy_word(&random_state, word);
+-	}
+-	return nbytes;
+-}
+-#endif /* notused */
+-
+-int
+-random_poll(dev_t dev, int events, struct proc *p)
+-{
+-	int s;
+-	int revents = 0;
+-
+-	s = splhigh();
+-	if (events & (POLLIN | POLLRDNORM)) {
+-		if (random_state.entropy_count >= 8)
+-			revents |= events & (POLLIN | POLLRDNORM);
+-		else
+-			selrecord(p, &random_state.rsel);
+-	}
+-	splx(s);
+-	if (events & (POLLOUT | POLLWRNORM))
+-		revents |= events & (POLLOUT | POLLWRNORM);	/* heh */
+-
+-	return (revents);
+-}
+-
+
+
+
+--- /dev/null	Tue May 23 22:48:55 2000
++++ sys/kern/kern_random.c	Tue May 23 21:09:05 2000
+@@ -0,0 +1,392 @@
++/*
++ * kern_random.c -- A strong random number generator
++ *
++ * $FreeBSD: src/sys/kern/kern_random.c,v 1.36.2.1 2000/05/10 02:04:49 obrien Exp $
++ *
++ * Version 0.95, last modified 18-Oct-95
++ * 
++ * Copyright Theodore Ts'o, 1994, 1995.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, and the entire permission notice in its entirety,
++ *    including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ *    products derived from this software without specific prior
++ *    written permission.
++ * 
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU Public License, in which case the provisions of the GPL are
++ * required INSTEAD OF the above restrictions.  (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ * 
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include 
++#include 
++#include 
++#include 
++#include 
++#include 
++#include 
++
++#ifdef __i386__
++#include 
++#endif
++#ifdef __alpha__
++/*
++	XXX  the below should be used.  However there is too much "16"
++	hardcodeing in kern_random.c right now. -- obrien
++#include 
++#if NHWI > 0
++#define	ICU_LEN (NHWI)
++#else
++#define	ICU_LEN (NSWI)
++#endif
++*/
++#define	ICU_LEN 16
++#endif
++
++#define MAX_BLKDEV 4
++
++/*
++ * The pool is stirred with a primitive polynomial of degree 128
++ * over GF(2), namely x^128 + x^99 + x^59 + x^31 + x^9 + x^7 + 1.
++ * For a pool of size 64, try x^64+x^62+x^38+x^10+x^6+x+1.
++ */
++#define POOLWORDS 128    /* Power of 2 - note that this is 32-bit words */
++#define POOLBITS (POOLWORDS*32)
++
++#if POOLWORDS == 128
++#define TAP1    99     /* The polynomial taps */
++#define TAP2    59
++#define TAP3    31
++#define TAP4    9
++#define TAP5    7
++#elif POOLWORDS == 64
++#define TAP1    62      /* The polynomial taps */
++#define TAP2    38
++#define TAP3    10
++#define TAP4    6
++#define TAP5    1
++#else
++#error No primitive polynomial available for chosen POOLWORDS
++#endif
++
++#define WRITEBUFFER 512 /* size in bytes */
++
++/* There is actually only one of these, globally. */
++struct random_bucket {
++	u_int	add_ptr;
++	u_int	entropy_count;
++	int	input_rotate;
++	u_int32_t *pool;
++	struct	selinfo rsel;
++};
++
++/* There is one of these per entropy source */
++struct timer_rand_state {
++	u_long	last_time;
++	int 	last_delta;
++	int 	nbits;
++};
++
++static struct random_bucket random_state;
++static u_int32_t random_pool[POOLWORDS];
++static struct timer_rand_state keyboard_timer_state;
++static struct timer_rand_state extract_timer_state;
++static struct timer_rand_state irq_timer_state[ICU_LEN];
++#ifdef notyet
++static struct timer_rand_state blkdev_timer_state[MAX_BLKDEV];
++#endif
++static struct wait_queue *random_wait;
++
++#ifndef MIN
++#define MIN(a,b) (((a) < (b)) ? (a) : (b))
++#endif
++	
++void
++rand_initialize(void)
++{
++	random_state.add_ptr = 0;
++	random_state.entropy_count = 0;
++	random_state.pool = random_pool;
++	random_wait = NULL;
++	random_state.rsel.si_flags = 0;
++	random_state.rsel.si_pid = 0;
++}
++
++/*
++ * This function adds an int into the entropy "pool".  It does not
++ * update the entropy estimate.  The caller must do this if appropriate.
++ *
++ * The pool is stirred with a primitive polynomial of degree 128
++ * over GF(2), namely x^128 + x^99 + x^59 + x^31 + x^9 + x^7 + 1.
++ * For a pool of size 64, try x^64+x^62+x^38+x^10+x^6+x+1.
++ * 
++ * We rotate the input word by a changing number of bits, to help
++ * assure that all bits in the entropy get toggled.  Otherwise, if we
++ * consistently feed the entropy pool small numbers (like ticks and
++ * scancodes, for example), the upper bits of the entropy pool don't
++ * get affected. --- TYT, 10/11/95
++ */
++static __inline void
++add_entropy_word(struct random_bucket *r, const u_int32_t input)
++{
++	u_int i;
++	u_int32_t w;
++
++	w = (input << r->input_rotate) | (input >> (32 - r->input_rotate));
++	i = r->add_ptr = (r->add_ptr - 1) & (POOLWORDS-1);
++	if (i)
++		r->input_rotate = (r->input_rotate + 7) & 31;
++	else
++		/*
++		 * At the beginning of the pool, add an extra 7 bits
++		 * rotation, so that successive passes spread the
++		 * input bits across the pool evenly.
++		 */
++		r->input_rotate = (r->input_rotate + 14) & 31;
++
++	/* XOR in the various taps */
++	w ^= r->pool[(i+TAP1)&(POOLWORDS-1)];
++	w ^= r->pool[(i+TAP2)&(POOLWORDS-1)];
++	w ^= r->pool[(i+TAP3)&(POOLWORDS-1)];
++	w ^= r->pool[(i+TAP4)&(POOLWORDS-1)];
++	w ^= r->pool[(i+TAP5)&(POOLWORDS-1)];
++	w ^= r->pool[i];
++	/* Rotate w left 1 bit (stolen from SHA) and store */
++	r->pool[i] = (w << 1) | (w >> 31);
++}
++
++/*
++ * This function adds entropy to the entropy "pool" by using timing
++ * delays.  It uses the timer_rand_state structure to make an estimate
++ * of how  any bits of entropy this call has added to the pool.
++ *
++ * The number "num" is also added to the pool - it should somehow describe
++ * the type of event which just happened.  This is currently 0-255 for
++ * keyboard scan codes, and 256 upwards for interrupts.
++ * On the i386, this is assumed to be at most 16 bits, and the high bits
++ * are used for a high-resolution timer.
++ */
++static void
++add_timer_randomness(struct random_bucket *r, struct timer_rand_state *state,
++	u_int num)
++{
++	int		delta, delta2;
++	u_int		nbits;
++	u_int32_t	time;
++
++	num ^= timecounter->tc_get_timecount(timecounter) << 16;
++	r->entropy_count += 2;
++		
++	time = ticks;
++
++	add_entropy_word(r, (u_int32_t) num);
++	add_entropy_word(r, time);
++
++	/*
++	 * Calculate number of bits of randomness we probably
++	 * added.  We take into account the first and second order
++	 * deltas in order to make our estimate.
++	 */
++	delta = time - state->last_time;
++	state->last_time = time;
++
++	delta2 = delta - state->last_delta;
++	state->last_delta = delta;
++
++	if (delta < 0) delta = -delta;
++	if (delta2 < 0) delta2 = -delta2;
++	delta = MIN(delta, delta2) >> 1;
++	for (nbits = 0; delta; nbits++)
++		delta >>= 1;
++
++	r->entropy_count += nbits;
++	
++	/* Prevent overflow */
++	if (r->entropy_count > POOLBITS)
++		r->entropy_count = POOLBITS;
++
++	if (r->entropy_count >= 8)
++		selwakeup(&random_state.rsel);
++}
++
++void
++add_keyboard_randomness(u_char scancode)
++{
++	add_timer_randomness(&random_state, &keyboard_timer_state, scancode);
++}
++
++void
++add_interrupt_randomness(void *vsc)
++{
++	int intr;
++	struct random_softc *sc = vsc;
++
++	(sc->sc_handler)(sc->sc_arg);
++	intr = sc->sc_intr;
++	add_timer_randomness(&random_state, &irq_timer_state[intr], intr);
++}
++
++#ifdef notused
++void
++add_blkdev_randomness(int major)
++{
++	if (major >= MAX_BLKDEV)
++		return;
++
++	add_timer_randomness(&random_state, &blkdev_timer_state[major],
++			     0x200+major);
++}
++#endif /* notused */
++
++#if POOLWORDS % 16
++#error extract_entropy() assumes that POOLWORDS is a multiple of 16 words.
++#endif
++/*
++ * This function extracts randomness from the "entropy pool", and
++ * returns it in a buffer.  This function computes how many remaining
++ * bits of entropy are left in the pool, but it does not restrict the
++ * number of bytes that are actually obtained.
++ */
++static __inline int
++extract_entropy(struct random_bucket *r, char *buf, int nbytes)
++{
++	int ret, i;
++	u_int32_t tmp[4];
++	
++	add_timer_randomness(r, &extract_timer_state, nbytes);
++	
++	/* Redundant, but just in case... */
++	if (r->entropy_count > POOLBITS) 
++		r->entropy_count = POOLBITS;
++	/* Why is this here?  Left in from Ted Ts'o.  Perhaps to limit time. */
++	if (nbytes > 32768)
++		nbytes = 32768;
++
++	ret = nbytes;
++	if (r->entropy_count / 8 >= nbytes)
++		r->entropy_count -= nbytes*8;
++	else
++		r->entropy_count = 0;
++
++	while (nbytes) {
++		/* Hash the pool to get the output */
++		tmp[0] = 0x67452301;
++		tmp[1] = 0xefcdab89;
++		tmp[2] = 0x98badcfe;
++		tmp[3] = 0x10325476;
++		for (i = 0; i < POOLWORDS; i += 16)
++			MD5Transform(tmp, (char *)(r->pool+i));
++		/* Modify pool so next hash will produce different results */
++		add_entropy_word(r, tmp[0]);
++		add_entropy_word(r, tmp[1]);
++		add_entropy_word(r, tmp[2]);
++		add_entropy_word(r, tmp[3]);
++		/*
++		 * Run the MD5 Transform one more time, since we want
++		 * to add at least minimal obscuring of the inputs to
++		 * add_entropy_word().  --- TYT
++		 */
++		MD5Transform(tmp, (char *)(r->pool));
++		
++		/* Copy data to destination buffer */
++		i = MIN(nbytes, 16);
++		bcopy(tmp, buf, i);
++		nbytes -= i;
++		buf += i;
++	}
++
++	/* Wipe data from memory */
++	bzero(tmp, sizeof(tmp));
++	
++	return ret;
++}
++
++#ifdef notused /* XXX NOT the exported kernel interface */
++/*
++ * This function is the exported kernel interface.  It returns some
++ * number of good random numbers, suitable for seeding TCP sequence
++ * numbers, etc.
++ */
++void
++get_random_bytes(void *buf, u_int nbytes)
++{
++	extract_entropy(&random_state, (char *) buf, nbytes);
++}
++#endif /* notused */
++
++u_int
++read_random(void *buf, u_int nbytes)
++{
++	if ((nbytes * 8) > random_state.entropy_count)
++		nbytes = random_state.entropy_count / 8;
++	
++	return extract_entropy(&random_state, (char *)buf, nbytes);
++}
++
++u_int
++read_random_unlimited(void *buf, u_int nbytes)
++{
++	return extract_entropy(&random_state, (char *)buf, nbytes);
++}
++
++#ifdef notused
++u_int
++write_random(const char *buf, u_int nbytes)
++{
++	u_int i;
++	u_int32_t word, *p;
++
++	for (i = nbytes, p = (u_int32_t *)buf;
++	     i >= sizeof(u_int32_t);
++	     i-= sizeof(u_int32_t), p++)
++		add_entropy_word(&random_state, *p);
++	if (i) {
++		word = 0;
++		bcopy(p, &word, i);
++		add_entropy_word(&random_state, word);
++	}
++	return nbytes;
++}
++#endif /* notused */
++
++int
++random_poll(dev_t dev, int events, struct proc *p)
++{
++	int s;
++	int revents = 0;
++
++	s = splhigh();
++	if (events & (POLLIN | POLLRDNORM)) {
++		if (random_state.entropy_count >= 8)
++			revents |= events & (POLLIN | POLLRDNORM);
++		else
++			selrecord(p, &random_state.rsel);
++	}
++	splx(s);
++	if (events & (POLLOUT | POLLWRNORM))
++		revents |= events & (POLLOUT | POLLWRNORM);	/* heh */
++
++	return (revents);
++}
++
+
+
+--- /dev/null	Tue May 23 22:48:55 2000
++++ sys/sys/random.h	Tue May 23 21:11:04 2000
+@@ -0,0 +1,91 @@
++/*
++ * random.h -- A strong random number generator
++ *
++ * $FreeBSD: src/sys/sys/random.h,v 1.19.2.1 2000/05/10 02:04:52 obrien Exp $
++ *
++ * Version 0.95, last modified 18-Oct-95
++ * 
++ * Copyright Theodore Ts'o, 1994, 1995.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, and the entire permission notice in its entirety,
++ *    including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ *    products derived from this software without specific prior
++ *    written permission.
++ * 
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU Public License, in which case the provisions of the GPL are
++ * required INSTEAD OF the above restrictions.  (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ * 
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/*
++ * Many kernel routines will have a use for good random numbers,
++ * for example, for truely random TCP sequence numbers, which prevent
++ * certain forms of TCP spoofing attacks.
++ * 
++ */
++
++#ifndef	_SYS_RANDOM_H_
++#define	_SYS_RANDOM_H_
++
++#include 
++
++#define	MEM_SETIRQ	_IOW('r', 1, u_int16_t)	/* set interrupt */
++#define	MEM_CLEARIRQ	_IOW('r', 2, u_int16_t)	/* clear interrupt */
++#define	MEM_RETURNIRQ	_IOR('r', 3, u_int16_t)	/* return interrupt */
++
++#ifdef _KERNEL
++
++/* Type of the cookie passed to add_interrupt_randomness. */
++
++struct random_softc {
++	inthand2_t	*sc_handler;
++	void		*sc_arg;
++	int		sc_intr;
++};
++
++/* Exported functions */
++
++void rand_initialize(void);
++void add_keyboard_randomness(u_char scancode);
++inthand2_t add_interrupt_randomness;
++#ifdef notused
++void add_blkdev_randomness(int major);
++#endif
++
++#ifdef notused
++void get_random_bytes(void *buf, u_int nbytes);
++#endif
++u_int read_random(void *buf, u_int size);
++u_int read_random_unlimited(void *buf, u_int size);
++#ifdef notused
++u_int write_random(const char *buf, u_int nbytes);
++#endif
++struct proc;
++int random_poll(dev_t dev, int events, struct proc *p);
++
++#endif /* _KERNEL */
++
++#endif /* !_SYS_RANDOM_H_ */
diff --git a/share/security/patches/SA-00:25/kernel.sys.diff.asc b/share/security/patches/SA-00:25/kernel.sys.diff.asc
new file mode 100644
index 0000000000..f1e591265b
--- /dev/null
+++ b/share/security/patches/SA-00:25/kernel.sys.diff.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUAOTyRWFUuHi5z0oilAQGgGwQAgvu2lHGPcfhDiDAGltItN1pq6lXzItC1
+STZkQLso/UjqyPu88tALvsZtAUKXmNm7jDIcCXuz2ONMMvLKrRaNTONlV/rNJP5d
+cKbtr3JUHr4XcALvBGDsC8cY5CEFqbLT9y/bBeh/DqI0JdJ524DGsv/JSEqG4Yje
+pwdsMhVRK+k=
+=yEEg
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:30/sshd.patch b/share/security/patches/SA-00:30/sshd.patch
new file mode 100644
index 0000000000..6be08e94a2
--- /dev/null
+++ b/share/security/patches/SA-00:30/sshd.patch
@@ -0,0 +1,21 @@
+Index: sshd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd.c,v
+retrieving revision 1.6
+diff -u -r1.6 sshd.c
+--- sshd.c	2000/03/09 14:52:31	1.6
++++ sshd.c	2000/07/04 09:27:02
+@@ -2564,7 +2564,13 @@
+ 	char *argv[10];
+ #ifdef LOGIN_CAP
+ 	login_cap_t *lc;
++#endif
+ 
++	/* login(1) is only called if we execute the login shell */
++	if (options.use_login && command != NULL)
++		options.use_login = 0;
++
++#ifdef LOGIN_CAP
+ 	lc = login_getpwclass(pw);
+ 	if (lc == NULL)
+ 		lc = login_getclassbyname(NULL, pw);
diff --git a/share/security/patches/SA-00:30/sshd.patch.asc b/share/security/patches/SA-00:30/sshd.patch.asc
new file mode 100644
index 0000000000..f1e0db06c2
--- /dev/null
+++ b/share/security/patches/SA-00:30/sshd.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOWGuGlUuHi5z0oilAQGCFwP7BEac7VMQxiOZ3Qv82kq23Wlf92IvGp9f
+HzLSbeEtjZ3DcxAeCtGEozv4oa3gFA/UAyXaWUYBa5dgVoYZ6AyhmUaQmFrRTbPL
+FQB/dGwJY65pJabc3i4OCCRBZkFL8qJRmjYGUvb86Y/SSB/BvTvKgSyvlfZfFzkw
+w6G/6VjCIwk=
+=3gHq
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:41/elf.patch b/share/security/patches/SA-00:41/elf.patch
new file mode 100644
index 0000000000..e95b3570e3
--- /dev/null
+++ b/share/security/patches/SA-00:41/elf.patch
@@ -0,0 +1,65 @@
+--- imgact_elf.c	2000/04/30 18:51:39	1.75
++++ imgact_elf.c	2000/07/23 22:19:49	1.78
+@@ -190,6 +190,21 @@
+ 	object = vp->v_object;
+ 	error = 0;
+ 
++	/*
++	 * It's necessary to fail if the filsz + offset taken from the
++	 * header is greater than the actual file pager object's size.
++	 * If we were to allow this, then the vm_map_find() below would
++	 * walk right off the end of the file object and into the ether.
++	 *
++	 * While I'm here, might as well check for something else that
++	 * is invalid: filsz cannot be greater than memsz.
++	 */
++	if ((off_t)filsz + offset > object->un_pager.vnp.vnp_size ||
++	    filsz > memsz) {
++		uprintf("elf_load_section: truncated ELF file\n");
++		return (ENOEXEC);
++	}
++
+ 	map_addr = trunc_page((vm_offset_t)vmaddr);
+ 	file_addr = trunc_page(offset);
+ 
+@@ -341,6 +356,12 @@
+ 	}
+ 
+ 	error = exec_map_first_page(imgp);
++	/*
++	 * Also make certain that the interpreter stays the same, so set
++	 * its VTEXT flag, too.
++	 */
++	if (error == 0)
++		nd.ni_vp->v_flag |= VTEXT;
+ 	VOP_UNLOCK(nd.ni_vp, 0, p);
+ 	if (error)
+                 goto fail;
+@@ -449,6 +470,17 @@
+ 	/*
+ 	 * From this point on, we may have resources that need to be freed.
+ 	 */
++
++	/*
++	 * Yeah, I'm paranoid.  There is every reason in the world to get
++	 * VTEXT now since from here on out, there are places we can have
++	 * a context switch.  Better safe than sorry; I really don't want
++	 * the file to change while it's being loaded.
++	 */
++	simple_lock(&imgp->vp->v_interlock);
++	imgp->vp->v_flag |= VTEXT;
++	simple_unlock(&imgp->vp->v_interlock);
++
+ 	if ((error = exec_extract_strings(imgp)) != 0)
+ 		goto fail;
+ 
+@@ -610,9 +642,6 @@
+ 	imgp->auxargs = elf_auxargs;
+ 	imgp->interpreted = 0;
+ 
+-	/* don't allow modifying the file while we run it */
+-	imgp->vp->v_flag |= VTEXT;
+-	
+ fail:
+ 	return error;
+ }
diff --git a/share/security/patches/SA-00:41/elf.patch.asc b/share/security/patches/SA-00:41/elf.patch.asc
new file mode 100644
index 0000000000..47b156ef98
--- /dev/null
+++ b/share/security/patches/SA-00:41/elf.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOaNqdVUuHi5z0oilAQHJkQP/VRcVMXJdLCj+cekKYAPpF7a3l5Y9Fzuc
+Ejh9xtOG5hFJaUUzARkXmIKtZynNgKcRzT4OmfVkSejsu8YSl5CdYBCD/OzbtQZm
+9+f/AAN+lmCD1OSvVlePLhIAjiUOh379mCC4griS0emDHEplmJ0sUelugp5Ma0xX
+yqwRz9NZlZI=
+=1h8o
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:42/linux.patch b/share/security/patches/SA-00:42/linux.patch
new file mode 100644
index 0000000000..41290b6045
--- /dev/null
+++ b/share/security/patches/SA-00:42/linux.patch
@@ -0,0 +1,83 @@
+Index: linux_misc.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/linux/linux_misc.c,v
+retrieving revision 1.77.2.3
+retrieving revision 1.77.2.4
+diff -u -r1.77.2.3 -r1.77.2.4
+--- linux_misc.c	2000/07/20 05:31:56	1.77.2.3
++++ linux_misc.c	2000/07/30 05:36:11	1.77.2.4
+@@ -954,6 +954,8 @@
+ 	tv[1].tv_usec = 0;
+ 	/* so that utimes can copyin */
+ 	tvp = (struct timeval *)stackgap_alloc(&sg, sizeof(tv));
++	if (tvp == NULL)
++		return (ENAMETOOLONG);
+ 	if ((error = copyout(tv, tvp, sizeof(tv))))
+ 	    return error;
+ 	bsdutimes.tptr = tvp;
+Index: linux_util.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/linux/linux_util.c,v
+retrieving revision 1.9.2.1
+retrieving revision 1.9.2.2
+diff -u -r1.9.2.1 -r1.9.2.2
+--- linux_util.c	2000/07/07 01:23:45	1.9.2.1
++++ linux_util.c	2000/07/30 05:36:11	1.9.2.2
+@@ -162,7 +162,10 @@
+ 	else {
+ 		sz = &ptr[len] - buf;
+ 		*pbuf = stackgap_alloc(sgp, sz + 1);
+-		error = copyout(buf, *pbuf, sz);
++		if (*pbuf != NULL)
++			error = copyout(buf, *pbuf, sz);
++		else
++			error = ENAMETOOLONG;
+ 		free(buf, M_TEMP);
+ 	}
+ 
+Index: linux_util.h
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/linux/linux_util.h,v
+retrieving revision 1.10
+retrieving revision 1.10.2.1
+diff -u -r1.10 -r1.10.2.1
+--- linux_util.h	1999/12/04 11:10:22	1.10
++++ linux_util.h	2000/07/30 05:36:11	1.10.2.1
+@@ -56,29 +56,27 @@
+ static __inline caddr_t stackgap_init(void);
+ static __inline void *stackgap_alloc(caddr_t *, size_t);
+ 
++#define szsigcode (*(curproc->p_sysent->sv_szsigcode))
++
+ static __inline caddr_t
+ stackgap_init()
+ {
+-#define szsigcode (*(curproc->p_sysent->sv_szsigcode))
+ 	return (caddr_t)(PS_STRINGS - szsigcode - SPARE_USRSPACE);
+ }
+ 
+-
+ static __inline void *
+ stackgap_alloc(sgp, sz)
+ 	caddr_t	*sgp;
+ 	size_t   sz;
+ {
+-	void	*p = (void *) *sgp;
+-	*sgp += ALIGN(sz);
++	void *p = (void *) *sgp;
++
++	sz = ALIGN(sz);
++	if (*sgp + sz > (caddr_t)(PS_STRINGS - szsigcode))
++		return NULL;
++	*sgp += sz;
+ 	return p;
+ }
+-
+-#ifdef DEBUG_LINUX
+-#define DPRINTF(a)      printf a;
+-#else
+-#define DPRINTF(a)
+-#endif
+ 
+ extern const char linux_emul_path[];
+ 
diff --git a/share/security/patches/SA-00:42/linux.patch.asc b/share/security/patches/SA-00:42/linux.patch.asc
new file mode 100644
index 0000000000..9c65289e28
--- /dev/null
+++ b/share/security/patches/SA-00:42/linux.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOaNrFVUuHi5z0oilAQGKLAP+JuAxZQJF6AUSfm5ea46QYYk9xjn/nawP
+6VLKz9lRWqVX12s5NiGTM22EgVPUKfdQJtw+15dH/GT48xIdgmrCm2k0BXqCRiGB
+OPcZYXm/ArdCxZATMVI/7MGONfa0RQhj9O6kRtRL/jB7DnaYqWSO67b2ijnCtGF7
+IWwea/2reKw=
+=QF1u
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:52/tcp-iss-3.x.patch b/share/security/patches/SA-00:52/tcp-iss-3.x.patch
new file mode 100644
index 0000000000..481915f8c7
--- /dev/null
+++ b/share/security/patches/SA-00:52/tcp-iss-3.x.patch
@@ -0,0 +1,196 @@
+Index: tcp_seq.h
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/tcp_seq.h,v
+retrieving revision 1.11
+retrieving revision 1.12
+diff -u -r1.11 -r1.12
+--- netinet/tcp_seq.h	1999/12/29 04:41:02	1.11
++++ netinet/tcp_seq.h	2000/09/29 01:37:19	1.12
+@@ -91,7 +91,7 @@
+  * number in the range [0-0x3ffff] that is hard to predict.
+  */
+ #ifndef tcp_random18
+-#define	tcp_random18()	((random() >> 14) & 0x3ffff)
++#define	tcp_random18()	(arc4random() & 0x3ffff)
+ #endif
+ #define	TCP_ISSINCR	(122*1024 + tcp_random18())
+ 
+Index: tcp_subr.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.80
+retrieving revision 1.81
+diff -u -r1.80 -r1.81
+--- netinet/tcp_subr.c	2000/09/25 23:40:22	1.80
++++ netinet/tcp_subr.c	2000/09/29 01:37:19	1.81
+@@ -178,7 +178,7 @@
+ {
+ 	int hashsize;
+ 	
+-	tcp_iss = random();	/* wrong, but better than a constant */
++	tcp_iss = arc4random();	/* wrong, but better than a constant */
+ 	tcp_ccgen = 1;
+ 	tcp_cleartaocache();
+ 
+Index: sys/alpha/conf/files.alpha
+===================================================================
+RCS file: /usr2/ncvs/src/sys/alpha/conf/Attic/files.alpha,v
+retrieving revision 1.15.2.3
+retrieving revision 1.15.2.4
+diff -u -u -r1.15.2.3 -r1.15.2.4
+--- alpha/conf/files.alpha	1999/12/06 21:03:17	1.15.2.3
++++ alpha/conf/files.alpha	2000/09/29 22:07:27	1.15.2.4
+@@ -120,6 +120,7 @@
+ alpha/isa/isa.c			optional	isa
+ alpha/isa/mcclock_isa.c		optional	isa
+ alpha/alpha/elf_machdep.c	standard
++libkern/arc4random.c		standard
+ libkern/bcd.c			standard
+ libkern/bcmp.c			standard
+ libkern/ffs.c			standard
+Index: sys/i386/conf/files.i386
+===================================================================
+RCS file: /usr2/ncvs/src/sys/i386/conf/Attic/files.i386,v
+retrieving revision 1.220.2.17
+retrieving revision 1.220.2.18
+diff -u -u -r1.220.2.17 -r1.220.2.18
+--- i386/conf/files.i386	1999/12/06 21:03:19	1.220.2.17
++++ i386/conf/files.i386	2000/09/29 22:07:28	1.220.2.18
+@@ -330,6 +330,7 @@
+ i4b/layer1/i4b_elsa_qs1i.c	optional	isic	device-driver
+ i4b/layer1/i4b_elsa_qs1p.c	optional	isic	device-driver
+ i4b/layer1/i4b_siemens_isurf.c	optional	isic	device-driver
++libkern/arc4random.c		standard
+ libkern/bcd.c			standard
+ libkern/divdi3.c		standard
+ libkern/inet_ntoa.c		standard
+Index: sys/sys/libkern.h
+===================================================================
+RCS file: /usr2/ncvs/src/sys/sys/libkern.h,v
+retrieving revision 1.16.4.1
+retrieving revision 1.16.4.2
+diff -u -u -r1.16.4.1 -r1.16.4.2
+--- sys/libkern.h	1999/08/29 16:32:28	1.16.4.1
++++ sys/libkern.h	2000/09/29 22:07:29	1.16.4.2
+@@ -61,6 +61,7 @@
+ static __inline u_long ulmin(u_long a, u_long b) { return (a < b ? a : b); }
+ 
+ /* Prototypes for non-quad routines. */
++u_int32_t arc4random __P((void));
+ int	 bcmp __P((const void *, const void *, size_t));
+ #ifndef HAVE_INLINE_FFS
+ int	 ffs __P((int));
+--- /dev/null	Thu Oct  5 03:00:27 2000
++++ libkern/arc4random.c	Fri Sep 29 15:07:29 2000
+@@ -0,0 +1,111 @@
++/*-
++ * THE BEER-WARE LICENSE
++ *
++ *  wrote this file.  As long as you retain this notice you
++ * can do whatever you want with this stuff.  If we meet some day, and you
++ * think this stuff is worth it, you can buy me a beer in return.
++ *
++ * Dan Moschuk
++ *
++ * $FreeBSD: src/sys/libkern/arc4random.c,v 1.6.2.1 2000/09/29 22:07:29 kris Exp $
++ */
++
++#include 
++
++#define	ARC4_MAXRUNS 64
++
++static u_int8_t arc4_i, arc4_j;
++static int arc4_initialized = 0;
++static int arc4_numruns = 0;
++static u_int8_t arc4_sbox[256];
++
++extern u_int read_random (void *, u_int);
++
++static __inline void
++arc4_swap(u_int8_t *a, u_int8_t *b)
++{
++	u_int8_t c;
++
++	c = *a;
++	*a = *b;
++	*b = c;
++}	
++
++/*
++ * Stir our S-box.
++ */
++static void
++arc4_randomstir (void)
++{
++	u_int8_t key[256];
++	int r, n;
++
++	r = read_random(key, sizeof(key));
++	/* if r == 0 || -1, just use what was on the stack */
++	if (r > 0)
++	{
++		for (n = r; n < sizeof(key); n++)
++			key[n] = key[n % r];
++	}
++
++	for (n = 0; n < 256; n++)
++	{
++		arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256;
++		arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]);
++	}
++}
++
++/*
++ * Initialize our S-box to its beginning defaults.
++ */
++static void
++arc4_init(void)
++{
++	int n;
++
++	arc4_i = arc4_j = 0;
++	for (n = 0; n < 256; n++)
++		arc4_sbox[n] = (u_int8_t) n;
++
++	arc4_randomstir();
++	arc4_initialized = 1;
++}
++
++/*
++ * Generate a random byte.
++ */
++static u_int8_t
++arc4_randbyte(void)
++{
++	u_int8_t arc4_t;
++
++	arc4_i = (arc4_i + 1) % 256;
++	arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256;
++
++	arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]);
++
++	arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256;
++	return arc4_sbox[arc4_t];
++}
++
++u_int32_t
++arc4random(void)
++{
++	u_int32_t ret;
++
++	/* Initialize array if needed. */
++	if (!arc4_initialized)
++		arc4_init();
++	if (++arc4_numruns > ARC4_MAXRUNS)
++	{
++		arc4_randomstir();
++		arc4_numruns = 0;
++	}
++
++	ret = arc4_randbyte();
++	ret |= arc4_randbyte() << 8;
++	ret |= arc4_randbyte() << 16;
++	ret |= arc4_randbyte() << 24;
++
++	return ret;
++}
diff --git a/share/security/patches/SA-00:52/tcp-iss-3.x.patch.asc b/share/security/patches/SA-00:52/tcp-iss-3.x.patch.asc
new file mode 100644
index 0000000000..9d0ea3e8c9
--- /dev/null
+++ b/share/security/patches/SA-00:52/tcp-iss-3.x.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOd47wFUuHi5z0oilAQERNgP/evIr0dVIcdgynQGpVq84Tq7TT26gq4mu
+sf4vRw1KZUH/Nvv4Ni5DQD/X5Acait2xeVWkHjMAqO8CqRZG/VDV8B4eHDg73ln8
+I9QNsH/TMKtJ9oWNSw6B7IGIOYOS40NVAsTLHjIVraPkuq9f/JzqLbS9DDdKMfhr
+OqMX3zCTvQE=
+=jnjA
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:52/tcp-iss.patch b/share/security/patches/SA-00:52/tcp-iss.patch
new file mode 100644
index 0000000000..0587a621dd
--- /dev/null
+++ b/share/security/patches/SA-00:52/tcp-iss.patch
@@ -0,0 +1,52 @@
+Index: tcp_seq.h
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/tcp_seq.h,v
+retrieving revision 1.11
+retrieving revision 1.12
+diff -u -r1.11 -r1.12
+--- tcp_seq.h	1999/12/29 04:41:02	1.11
++++ tcp_seq.h	2000/09/29 01:37:19	1.12
+@@ -31,7 +31,7 @@
+  * SUCH DAMAGE.
+  *
+  *	@(#)tcp_seq.h	8.3 (Berkeley) 6/21/95
+- * $FreeBSD: src/sys/netinet/tcp_seq.h,v 1.11 1999/12/29 04:41:02 peter Exp $
++ * $FreeBSD: src/sys/netinet/tcp_seq.h,v 1.12 2000/09/29 01:37:19 kris Exp $
+  */
+ 
+ #ifndef _NETINET_TCP_SEQ_H_
+@@ -91,7 +91,7 @@
+  * number in the range [0-0x3ffff] that is hard to predict.
+  */
+ #ifndef tcp_random18
+-#define	tcp_random18()	((random() >> 14) & 0x3ffff)
++#define	tcp_random18()	(arc4random() & 0x3ffff)
+ #endif
+ #define	TCP_ISSINCR	(122*1024 + tcp_random18())
+ 
+Index: tcp_subr.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.80
+retrieving revision 1.81
+diff -u -r1.80 -r1.81
+--- tcp_subr.c	2000/09/25 23:40:22	1.80
++++ tcp_subr.c	2000/09/29 01:37:19	1.81
+@@ -31,7 +31,7 @@
+  * SUCH DAMAGE.
+  *
+  *	@(#)tcp_subr.c	8.2 (Berkeley) 5/24/95
+- * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.80 2000/09/25 23:40:22 bmilekic Exp $
++ * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.81 2000/09/29 01:37:19 kris Exp $
+  */
+ 
+ #include "opt_compat.h"
+@@ -178,7 +178,7 @@
+ {
+ 	int hashsize;
+ 	
+-	tcp_iss = random();	/* wrong, but better than a constant */
++	tcp_iss = arc4random();	/* wrong, but better than a constant */
+ 	tcp_ccgen = 1;
+ 	tcp_cleartaocache();
+ 
diff --git a/share/security/patches/SA-00:52/tcp-iss.patch.asc b/share/security/patches/SA-00:52/tcp-iss.patch.asc
new file mode 100644
index 0000000000..3391ad98b3
--- /dev/null
+++ b/share/security/patches/SA-00:52/tcp-iss.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOd47yFUuHi5z0oilAQGe5QQArLhAD+h3wI1AHPLiinZyP2iMf6ndwDKn
+Qb5MsNcGdupkcFl/OBjzODjcDnEo6Zazn/35CaB4W5AR67XOuMC+AqneyjwVWQJA
+2UwzT+wNqQ+nGBAeOckvrM7n7sMxdTS+74cg21Aqr/B8gFjonNV9wUwUplgpe7np
+ZlSm5BNxafQ=
+=R+/o
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:54/fingerd.patch b/share/security/patches/SA-00:54/fingerd.patch
new file mode 100644
index 0000000000..8fb01b656c
--- /dev/null
+++ b/share/security/patches/SA-00:54/fingerd.patch
@@ -0,0 +1,40 @@
+Index: finger.c
+===================================================================
+RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v
+retrieving revision 1.15.2.3
+retrieving revision 1.21
+diff -u -r1.15.2.3 -r1.21
+--- finger.c	2000/09/15 21:51:00	1.15.2.3
++++ finger.c	2000/10/05 15:56:13	1.21
+@@ -293,6 +293,16 @@
+ 		goto net;
+ 
+ 	/*
++	 * Mark any arguments beginning with '/' as invalid so that we 
++	 * don't accidently confuse them with expansions from finger.conf
++	 */
++	for (p = argv, ip = used; *p; ++p, ++ip)
++	    if (**p == '/') {
++		*ip = 1;
++		warnx("%s: no such user", *p);
++	    }
++
++	/*
+ 	 * Traverse the finger alias configuration file of the form
+ 	 * alias:(user|alias), ignoring comment lines beginning '#'.
+ 	 */
+@@ -323,11 +333,11 @@
+ 	 * gathering the traditional finger information.
+ 	 */
+ 	if (mflag)
+-		for (p = argv; *p; ++p) {
+-			if (**p != '/' || !show_text("", *p, "")) {
++		for (p = argv, ip = used; *p; ++p, ++ip) {
++			if (**p != '/' || *ip == 1 || !show_text("", *p, "")) {
+ 				if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
+ 					enter_person(pw);
+-			   	else
++				else if (!*ip)
+ 					warnx("%s: no such user", *p);
+ 			}
+ 		}
diff --git a/share/security/patches/SA-00:54/fingerd.patch.asc b/share/security/patches/SA-00:54/fingerd.patch.asc
new file mode 100644
index 0000000000..0578b9257f
--- /dev/null
+++ b/share/security/patches/SA-00:54/fingerd.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOebB81UuHi5z0oilAQFBMQP/bahC+beM4tuxjhi5gcUkFdUD7iF/3qNr
+MbcAk6i2ym7AnEiQE6t1giAVywNPCNleYbim1e2n0w6XXwptprBRhnmp8Z6eGCBc
+SU2hzWnf7MJl4n7XEjRxdp63kWFVpjrR9NXqcm6Wt7MVUZsS64KwmKlaG8BBJb1J
+bWX9LzSqfeI=
+=Upao
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:58/vipw.patch b/share/security/patches/SA-00:58/vipw.patch
new file mode 100644
index 0000000000..5ef74e83fe
--- /dev/null
+++ b/share/security/patches/SA-00:58/vipw.patch
@@ -0,0 +1,17 @@
+Index: pw_util.c
+===================================================================
+RCS file: /usr/home/ncvs/src/usr.sbin/vipw/pw_util.c,v
+retrieving revision 1.17
+retrieving revision 1.18
+diff -u -r1.17 -r1.18
+--- pw_util.c	1999/08/28 01:20:31	1.17
++++ pw_util.c	2000/07/12 00:49:40	1.18
+@@ -250,7 +250,7 @@
+ 	extern int _use_yp;
+ #endif /* YP */
+ 	if (err)
+-		warn(name);
++		warn("%s", name);
+ #ifdef YP
+ 	if (_use_yp)
+ 		warnx("NIS information unchanged");
diff --git a/share/security/patches/SA-00:58/vipw.patch.asc b/share/security/patches/SA-00:58/vipw.patch.asc
new file mode 100644
index 0000000000..53284fa4de
--- /dev/null
+++ b/share/security/patches/SA-00:58/vipw.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOf39jVUuHi5z0oilAQE0fAP/QXFEPIPAt5Uwzcf8b8O4ZPvF0T0ig5xC
+HY4H947WLLgM91YvlLb15jH9tWQ+pFwUFN+7cu5RYb63mdUKtcgxuC1oMjymJG9G
+qafYmeoF6iLEcqv1uRn+3L5CW9e7GI9cBInpV1C42M0POzsoU0R06RDgUiixUnzy
+MTPZKPJQMkQ=
+=Mwt7
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:61/tcpdump-3.x.patch b/share/security/patches/SA-00:61/tcpdump-3.x.patch
new file mode 100644
index 0000000000..b47201b417
--- /dev/null
+++ b/share/security/patches/SA-00:61/tcpdump-3.x.patch
@@ -0,0 +1,256 @@
+Index: addrtoname.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/addrtoname.c,v
+retrieving revision 1.5
+diff -u -r1.5 addrtoname.c
+--- addrtoname.c	1998/09/15 19:46:59	1.5
++++ addrtoname.c	2000/10/30 22:45:58
+@@ -525,7 +525,7 @@
+ 	tp->addr = i;
+ 	tp->nxt = newhnamemem();
+ 
+-	(void)sprintf(buf, "%u", i);
++	(void)snprintf(buf, sizeof(buf), "%u", i);
+ 	tp->name = savestr(buf);
+ 	return (tp->name);
+ }
+@@ -551,7 +551,7 @@
+ 		while (table->name)
+ 			table = table->nxt;
+ 		if (nflag) {
+-			(void)sprintf(buf, "%d", port);
++			(void)snprintf(buf, sizeof(buf), "%d", port);
+ 			table->name = savestr(buf);
+ 		} else
+ 			table->name = savestr(sv->s_name);
+Index: print-atalk.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-atalk.c,v
+retrieving revision 1.6
+diff -u -r1.6 print-atalk.c
+--- print-atalk.c	1998/09/15 19:46:59	1.6
++++ print-atalk.c	2000/10/30 22:46:07
+@@ -495,7 +495,7 @@
+ {
+ 	register struct hnamemem *tp, *tp2;
+ 	register int i = (atnet << 8) | athost;
+-	char nambuf[256];
++	char nambuf[MAXHOSTNAMELEN + 20];
+ 	static int first = 1;
+ 	FILE *fp;
+ 
+@@ -540,7 +540,7 @@
+ 		if (tp2->addr == i) {
+ 			tp->addr = (atnet << 8) | athost;
+ 			tp->nxt = newhnamemem();
+-			(void)sprintf(nambuf, "%s.%d", tp2->name, athost);
++			(void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost);
+ 			tp->name = savestr(nambuf);
+ 			return (tp->name);
+ 		}
+Index: print-fr.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-fr.c,v
+retrieving revision 1.2
+diff -u -r1.2 print-fr.c
+--- print-fr.c	1998/01/01 04:13:43	1.2
++++ print-fr.c	2000/10/30 22:46:08
+@@ -395,12 +395,12 @@
+ 		    break;
+ 		case LINK_VERIFY_IE_91:
+ 		case LINK_VERIFY_IE_94:
+-		    sprintf(temp_str,"TX Seq: %3d, RX Seq: %3d",
++		    snprintf(temp_str, sizeof(temp_str), "TX Seq: %3d, RX Seq: %3d",
+ 			    ptemp[2], ptemp[3]);
+ 		    decode_str = temp_str;
+ 		    break;
+ 		case PVC_STATUS_IE:
+-		    sprintf(temp_str,"DLCI %d: status %s %s",
++		    snprintf(temp_str,sizeof(temp_str), "DLCI %d: status %s %s",
+ 			    ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3), 
+ 			    ptemp[4] & 0x8 ?"new,":" ",
+ 			    ptemp[4] & 0x2 ?"Active":"Inactive");
+Index: print-icmp.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-icmp.c,v
+retrieving revision 1.3
+diff -u -r1.3 print-icmp.c
+--- print-icmp.c	1997/05/27 02:17:32	1.3
++++ print-icmp.c	2000/10/30 22:46:08
+@@ -172,7 +172,7 @@
+ 	register const struct ip *oip;
+ 	register const struct udphdr *ouh;
+ 	register u_int hlen, dport, mtu;
+-	char buf[256];
++	char buf[MAXHOSTNAMELEN + 100];
+ 
+ 	dp = (struct icmp *)bp;
+ 	ip = (struct ip *)bp2;
+@@ -191,7 +191,7 @@
+ 
+ 		case ICMP_UNREACH_PROTOCOL:
+ 			TCHECK(dp->icmp_ip.ip_p);
+-			(void)sprintf(buf, "%s protocol %d unreachable",
++			(void)snprintf(buf, sizeof(buf), "%s protocol %d unreachable",
+ 				       ipaddr_string(&dp->icmp_ip.ip_dst),
+ 				       dp->icmp_ip.ip_p);
+ 			break;
+@@ -205,21 +205,21 @@
+ 			switch (oip->ip_p) {
+ 
+ 			case IPPROTO_TCP:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s tcp port %s unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					tcpport_string(dport));
+ 				break;
+ 
+ 			case IPPROTO_UDP:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s udp port %s unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					udpport_string(dport));
+ 				break;
+ 
+ 			default:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s protocol %d port %d unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					oip->ip_p, dport);
+@@ -234,11 +234,11 @@
+ 			mp = (struct mtu_discovery *)&dp->icmp_void;
+                         mtu = EXTRACT_16BITS(&mp->nexthopmtu);
+                         if (mtu)
+-			    (void)sprintf(buf,
++			    (void)snprintf(buf, sizeof(buf),
+ 				"%s unreachable - need to frag (mtu %d)",
+ 				ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
+                         else
+-			    (void)sprintf(buf,
++			    (void)snprintf(buf, sizeof(buf),
+ 				"%s unreachable - need to frag",
+ 				ipaddr_string(&dp->icmp_ip.ip_dst));
+ 			}
+@@ -247,7 +247,7 @@
+ 		default:
+ 			fmt = tok2str(unreach2str, "#%d %%s unreachable",
+ 			    dp->icmp_code);
+-			(void)sprintf(buf, fmt,
++			(void)snprintf(buf, sizeof(buf), fmt,
+ 			    ipaddr_string(&dp->icmp_ip.ip_dst));
+ 			break;
+ 		}
+@@ -257,7 +257,7 @@
+ 		TCHECK(dp->icmp_ip.ip_dst);
+ 		fmt = tok2str(type2str, "redirect-#%d %%s to net %%s",
+ 		    dp->icmp_code);
+-		(void)sprintf(buf, fmt,
++		(void)snprintf(buf, sizeof(buf), fmt,
+ 		    ipaddr_string(&dp->icmp_ip.ip_dst),
+ 		    ipaddr_string(&dp->icmp_gwaddr));
+ 		break;
+@@ -277,30 +277,30 @@
+ 		cp = buf + strlen(buf);
+ 		lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
+ 		if (lifetime < 60)
+-			(void)sprintf(cp, "%u", lifetime);
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u", lifetime);
+ 		else if (lifetime < 60 * 60)
+-			(void)sprintf(cp, "%u:%02u",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u",
+ 			    lifetime / 60, lifetime % 60);
+ 		else
+-			(void)sprintf(cp, "%u:%02u:%02u",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u:%02u",
+ 			    lifetime / 3600,
+ 			    (lifetime % 3600) / 60,
+ 			    lifetime % 60);
+ 		cp = buf + strlen(buf);
+ 
+ 		num = ihp->ird_addrnum;
+-		(void)sprintf(cp, " %d:", num);
++		(void)snprintf(cp, sizeof(buf) - strlen(buf), " %d:", num);
+ 		cp = buf + strlen(buf);
+ 
+ 		size = ihp->ird_addrsiz;
+ 		if (size != 2) {
+-			(void)sprintf(cp, " [size %d]", size);
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), " [size %d]", size);
+ 			break;
+ 		}
+ 		idp = (struct id_rdiscovery *)&dp->icmp_data;
+ 		while (num-- > 0) {
+ 			TCHECK(*idp);
+-			(void)sprintf(cp, " {%s %u}",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), " {%s %u}",
+ 			    ipaddr_string(&idp->ird_addr),
+ 			    EXTRACT_32BITS(&idp->ird_pref));
+ 			cp = buf + strlen(buf);
+@@ -321,25 +321,25 @@
+ 			break;
+ 
+ 		default:
+-			(void)sprintf(buf, "time exceeded-#%d", dp->icmp_code);
++			(void)snprintf(buf, sizeof(buf), "time exceeded-#%d", dp->icmp_code);
+ 			break;
+ 		}
+ 		break;
+ 
+ 	case ICMP_PARAMPROB:
+ 		if (dp->icmp_code)
+-			(void)sprintf(buf, "parameter problem - code %d",
++			(void)snprintf(buf, sizeof(buf), "parameter problem - code %d",
+ 					dp->icmp_code);
+ 		else {
+ 			TCHECK(dp->icmp_pptr);
+-			(void)sprintf(buf, "parameter problem - octet %d",
++			(void)snprintf(buf, sizeof(buf), "parameter problem - octet %d",
+ 					dp->icmp_pptr);
+ 		}
+ 		break;
+ 
+ 	case ICMP_MASKREPLY:
+ 		TCHECK(dp->icmp_mask);
+-		(void)sprintf(buf, "address mask is 0x%08x",
++		(void)snprintf(buf, sizeof(buf), "address mask is 0x%08x",
+ 		    (u_int32_t)ntohl(dp->icmp_mask));
+ 		break;
+ 
+Index: print-sunrpc.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-sunrpc.c,v
+retrieving revision 1.4
+diff -u -r1.4 print-sunrpc.c
+--- print-sunrpc.c	1998/09/15 19:46:59	1.4
++++ print-sunrpc.c	2000/10/30 22:46:09
+@@ -126,7 +126,9 @@
+ 	rp = getrpcbynumber(prog);
+ 	if (rp == NULL)
+ 		(void) sprintf(buf, "#%u", prog);
+-	else
+-		strcpy(buf, rp->r_name);
++	else {
++		strncpy(buf, rp->r_name, sizeof(buf)-1);
++		buf[sizeof(buf)-1] = '\0';
++	}
+ 	return (buf);
+ }
+Index: util.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/util.c,v
+retrieving revision 1.1.1.3
+diff -u -r1.1.1.3 util.c
+--- util.c	1998/09/15 19:36:31	1.1.1.3
++++ util.c	2000/10/30 22:46:09
+@@ -154,7 +154,7 @@
+ 	}
+ 	if (fmt == NULL)
+ 		fmt = "#%d";
+-	(void)sprintf(buf, fmt, v);
++	(void)snprintf(buf, sizeof(buf), fmt, v);
+ 	return (buf);
+ }
+ 
diff --git a/share/security/patches/SA-00:61/tcpdump-3.x.patch.asc b/share/security/patches/SA-00:61/tcpdump-3.x.patch.asc
new file mode 100644
index 0000000000..88c559a384
--- /dev/null
+++ b/share/security/patches/SA-00:61/tcpdump-3.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOf36/VUuHi5z0oilAQG+/gP/SlS9tVQ8OgLRuk5n457kj+8KV05LDl/6
+LlIS/cE7DLeiLcmM460W1hQdmKqHp7RjIVEw9YyOz91I93WPPrZRc5AmIn7Oio1W
+Fdo7F0w0N+ay71YrAjPteBZ3y0SqQSzPdaXbNhSoJJY8rFKMMSsTZOPisqHnQIyq
+HZmDjtjLB0g=
+=jZvy
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1 b/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1
new file mode 100644
index 0000000000..3cd4a3a03e
--- /dev/null
+++ b/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1
@@ -0,0 +1,479 @@
+Index: addrtoname.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/addrtoname.c,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -u -r1.7 -r1.8
+--- addrtoname.c	2000/03/08 02:24:10	1.7
++++ addrtoname.c	2000/10/05 02:49:48	1.8
+@@ -559,7 +559,7 @@
+ 	tp->addr = i;
+ 	tp->nxt = newhnamemem();
+ 
+-	(void)sprintf(buf, "%u", i);
++	(void)snprintf(buf, sizeof(buf), "%u", i);
+ 	tp->name = savestr(buf);
+ 	return (tp->name);
+ }
+@@ -578,7 +578,7 @@
+ 	tp->addr = i;
+ 	tp->nxt = newhnamemem();
+ 
+-	(void)sprintf(buf, "%u", i);
++	(void)snprintf(buf, sizeof(buf), "%u", i);
+ 	tp->name = savestr(buf);
+ 	return (tp->name);
+ }
+@@ -604,7 +604,7 @@
+ 		while (table->name)
+ 			table = table->nxt;
+ 		if (nflag) {
+-			(void)sprintf(buf, "%d", port);
++			(void)snprintf(buf, sizeof(buf), "%d", port);
+ 			table->name = savestr(buf);
+ 		} else
+ 			table->name = savestr(sv->s_name);
+Index: print-atalk.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-atalk.c,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -u -r1.7 -r1.8
+--- print-atalk.c	2000/01/30 01:00:51	1.7
++++ print-atalk.c	2000/10/05 02:49:48	1.8
+@@ -500,7 +500,7 @@
+ {
+ 	register struct hnamemem *tp, *tp2;
+ 	register int i = (atnet << 8) | athost;
+-	char nambuf[256];
++	char nambuf[MAXHOSTNAMELEN + 20];
+ 	static int first = 1;
+ 	FILE *fp;
+ 
+@@ -545,7 +545,7 @@
+ 		if (tp2->addr == i) {
+ 			tp->addr = (atnet << 8) | athost;
+ 			tp->nxt = newhnamemem();
+-			(void)sprintf(nambuf, "%s.%d", tp2->name, athost);
++			(void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost);
+ 			tp->name = savestr(nambuf);
+ 			return (tp->name);
+ 		}
+Index: print-bgp.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-bgp.c,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- print-bgp.c	2000/01/30 00:45:33	1.1
++++ print-bgp.c	2000/10/05 02:49:48	1.2
+@@ -240,7 +242,7 @@
+ {
+ 	static char buf[20];
+ 	if (value < 0 || siz <= value || table[value] == NULL) {
+-		sprintf(buf, "#%d", value);
++		snprintf(buf, sizeof(buf), "#%d", value);
+ 		return buf;
+ 	} else
+ 		return table[value];
+@@ -266,7 +268,7 @@
+ 	} else
+ 		p = NULL;
+ 	if (p == NULL) {
+-		sprintf(buf, "#%d", minor);
++		snprintf(buf, sizeof(buf), "#%d", minor);
+ 		return buf;
+ 	} else
+ 		return p;
+@@ -288,7 +290,7 @@
+ 		((u_char *)&addr)[(plen + 7) / 8 - 1] &=
+ 			((0xff00 >> (plen % 8)) & 0xff);
+ 	}
+-	sprintf(buf, "%s/%d", getname((char *)&addr), plen);
++	snprintf(buf, buflen, "%s/%d", getname((char *)&addr), plen);
+ 	return 1 + (plen + 7) / 8;
+ }
+ 
+@@ -309,7 +311,7 @@
+ 		addr.s6_addr[(plen + 7) / 8 - 1] &=
+ 			((0xff00 >> (plen % 8)) & 0xff);
+ 	}
+-	sprintf(buf, "%s/%d", getname6((char *)&addr), plen);
++	snprintf(buf, buflen, "%s/%d", getname6((char *)&addr), plen);
+ 	return 1 + (plen + 7) / 8;
+ }
+ #endif
+@@ -323,7 +325,7 @@
+ 	int advance;
+ 	int tlen;
+ 	const u_char *p;
+-	char buf[256];
++	char buf[MAXHOSTNAMELEN + 100];
+ 
+ 	p = dat;
+ 
+@@ -608,7 +610,7 @@
+ 	if (dat + length > p) {
+ 		printf("(NLRI:");	/* ) */
+ 		while (dat + length > p) {
+-			char buf[256];
++			char buf[MAXHOSTNAMELEN + 100];
+ 			i = decode_prefix4(p, buf, sizeof(buf));
+ 			printf(" %s", buf);
+ 			if (i < 0)
+Index: print-fr.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-fr.c,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -u -r1.2 -r1.3
+--- print-fr.c	1998/01/01 04:13:43	1.2
++++ print-fr.c	2000/10/05 02:49:48	1.3
+@@ -395,12 +397,12 @@
+ 		    break;
+ 		case LINK_VERIFY_IE_91:
+ 		case LINK_VERIFY_IE_94:
+-		    sprintf(temp_str,"TX Seq: %3d, RX Seq: %3d",
++		    snprintf(temp_str, sizeof(temp_str), "TX Seq: %3d, RX Seq: %3d",
+ 			    ptemp[2], ptemp[3]);
+ 		    decode_str = temp_str;
+ 		    break;
+ 		case PVC_STATUS_IE:
+-		    sprintf(temp_str,"DLCI %d: status %s %s",
++		    snprintf(temp_str,sizeof(temp_str), "DLCI %d: status %s %s",
+ 			    ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3), 
+ 			    ptemp[4] & 0x8 ?"new,":" ",
+ 			    ptemp[4] & 0x2 ?"Active":"Inactive");
+Index: print-icmp.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-icmp.c,v
+retrieving revision 1.4
+retrieving revision 1.5
+diff -u -u -r1.4 -r1.5
+--- print-icmp.c	2000/01/30 01:00:52	1.4
++++ print-icmp.c	2000/10/05 02:49:48	1.5
+@@ -177,7 +177,7 @@
+ 	register const struct ip *oip;
+ 	register const struct udphdr *ouh;
+ 	register u_int hlen, dport, mtu;
+-	char buf[256];
++	char buf[MAXHOSTNAMELEN + 100];
+ 
+ 	dp = (struct icmp *)bp;
+ 	ip = (struct ip *)bp2;
+@@ -198,7 +198,7 @@
+ 
+ 		case ICMP_UNREACH_PROTOCOL:
+ 			TCHECK(dp->icmp_ip.ip_p);
+-			(void)sprintf(buf, "%s protocol %d unreachable",
++			(void)snprintf(buf, sizeof(buf), "%s protocol %d unreachable",
+ 				       ipaddr_string(&dp->icmp_ip.ip_dst),
+ 				       dp->icmp_ip.ip_p);
+ 			break;
+@@ -212,21 +212,21 @@
+ 			switch (oip->ip_p) {
+ 
+ 			case IPPROTO_TCP:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s tcp port %s unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					tcpport_string(dport));
+ 				break;
+ 
+ 			case IPPROTO_UDP:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s udp port %s unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					udpport_string(dport));
+ 				break;
+ 
+ 			default:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s protocol %d port %d unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					oip->ip_p, dport);
+@@ -241,11 +241,11 @@
+ 			mp = (struct mtu_discovery *)&dp->icmp_void;
+                         mtu = EXTRACT_16BITS(&mp->nexthopmtu);
+                         if (mtu)
+-			    (void)sprintf(buf,
++			    (void)snprintf(buf, sizeof(buf),
+ 				"%s unreachable - need to frag (mtu %d)",
+ 				ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
+                         else
+-			    (void)sprintf(buf,
++			    (void)snprintf(buf, sizeof(buf),
+ 				"%s unreachable - need to frag",
+ 				ipaddr_string(&dp->icmp_ip.ip_dst));
+ 			}
+@@ -254,7 +254,7 @@
+ 		default:
+ 			fmt = tok2str(unreach2str, "#%d %%s unreachable",
+ 			    dp->icmp_code);
+-			(void)sprintf(buf, fmt,
++			(void)snprintf(buf, sizeof(buf), fmt,
+ 			    ipaddr_string(&dp->icmp_ip.ip_dst));
+ 			break;
+ 		}
+@@ -264,7 +264,7 @@
+ 		TCHECK(dp->icmp_ip.ip_dst);
+ 		fmt = tok2str(type2str, "redirect-#%d %%s to net %%s",
+ 		    dp->icmp_code);
+-		(void)sprintf(buf, fmt,
++		(void)snprintf(buf, sizeof(buf), fmt,
+ 		    ipaddr_string(&dp->icmp_ip.ip_dst),
+ 		    ipaddr_string(&dp->icmp_gwaddr));
+ 		break;
+@@ -284,30 +284,30 @@
+ 		cp = buf + strlen(buf);
+ 		lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
+ 		if (lifetime < 60)
+-			(void)sprintf(cp, "%u", lifetime);
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u", lifetime);
+ 		else if (lifetime < 60 * 60)
+-			(void)sprintf(cp, "%u:%02u",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u",
+ 			    lifetime / 60, lifetime % 60);
+ 		else
+-			(void)sprintf(cp, "%u:%02u:%02u",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u:%02u",
+ 			    lifetime / 3600,
+ 			    (lifetime % 3600) / 60,
+ 			    lifetime % 60);
+ 		cp = buf + strlen(buf);
+ 
+ 		num = ihp->ird_addrnum;
+-		(void)sprintf(cp, " %d:", num);
++		(void)snprintf(cp, sizeof(buf) - strlen(buf), " %d:", num);
+ 		cp = buf + strlen(buf);
+ 
+ 		size = ihp->ird_addrsiz;
+ 		if (size != 2) {
+-			(void)sprintf(cp, " [size %d]", size);
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), " [size %d]", size);
+ 			break;
+ 		}
+ 		idp = (struct id_rdiscovery *)&dp->icmp_data;
+ 		while (num-- > 0) {
+ 			TCHECK(*idp);
+-			(void)sprintf(cp, " {%s %u}",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), " {%s %u}",
+ 			    ipaddr_string(&idp->ird_addr),
+ 			    EXTRACT_32BITS(&idp->ird_pref));
+ 			cp = buf + strlen(buf);
+@@ -328,25 +328,25 @@
+ 			break;
+ 
+ 		default:
+-			(void)sprintf(buf, "time exceeded-#%d", dp->icmp_code);
++			(void)snprintf(buf, sizeof(buf), "time exceeded-#%d", dp->icmp_code);
+ 			break;
+ 		}
+ 		break;
+ 
+ 	case ICMP_PARAMPROB:
+ 		if (dp->icmp_code)
+-			(void)sprintf(buf, "parameter problem - code %d",
++			(void)snprintf(buf, sizeof(buf), "parameter problem - code %d",
+ 					dp->icmp_code);
+ 		else {
+ 			TCHECK(dp->icmp_pptr);
+-			(void)sprintf(buf, "parameter problem - octet %d",
++			(void)snprintf(buf, sizeof(buf), "parameter problem - octet %d",
+ 					dp->icmp_pptr);
+ 		}
+ 		break;
+ 
+ 	case ICMP_MASKREPLY:
+ 		TCHECK(dp->icmp_mask);
+-		(void)sprintf(buf, "address mask is 0x%08x",
++		(void)snprintf(buf, sizeof(buf), "address mask is 0x%08x",
+ 		    (u_int32_t)ntohl(dp->icmp_mask));
+ 		break;
+ 
+Index: print-rx.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-rx.c,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- print-rx.c	2000/01/30 00:45:46	1.1
++++ print-rx.c	2000/10/05 02:49:49	1.2
+@@ -341,7 +342,7 @@
+ 
+ static void fs_print(const u_char *, int);
+ static void fs_reply_print(const u_char *, int, int32_t);
+-static void acl_print(u_char *, u_char *);
++static void acl_print(u_char *, int, u_char *);
+ static void cb_print(const u_char *, int);
+ static void cb_reply_print(const u_char *, int, int32_t);
+ static void prot_print(const u_char *, int);
+@@ -754,7 +755,7 @@
+ 			TRUNC(i);
+ 			strncpy(a, bp, min(AFSOPAQUEMAX, i));
+ 			a[i] = '\0';
+-			acl_print((u_char *) a, (u_char *) a + i);
++			acl_print((u_char *) a, sizeof(a), (u_char *) a + i);
+ 			break;
+ 		}
+ 		case 137:	/* Create file */
+@@ -865,7 +866,7 @@
+ 			TRUNC(i);
+ 			strncpy(a, bp, min(AFSOPAQUEMAX, i));
+ 			a[i] = '\0';
+-			acl_print((u_char *) a, (u_char *) a + i);
++			acl_print((u_char *) a, sizeof(a), (u_char *) a + i);
+ 			break;
+ 		}
+ 		case 137:	/* Create file */
+@@ -912,19 +913,22 @@
+  */
+ 
+ static void
+-acl_print(u_char *s, u_char *end)
++acl_print(u_char *s, int maxsize, u_char *end)
+ {
+ 	int pos, neg, acl;
+ 	int n, i;
+-	char user[128];
++	char *user;
+ 
+-	if (sscanf((char *) s, "%d %d\n%n", &pos, &neg, &n) != 2)
++	if ((user = (char *)malloc(maxsize)) == NULL)
+ 		return;
++
++	if (sscanf((char *) s, "%d %d\n%n", &pos, &neg, &n) != 2)
++		goto finish;
+ 	
+ 	s += n;
+ 
+ 	if (s > end)
+-		return;
++		goto finish;
+ 
+ 	/*
+ 	 * This wacky order preserves the order used by the "fs" command
+@@ -948,25 +952,29 @@
+ 
+ 	for (i = 0; i < pos; i++) {
+ 		if (sscanf((char *) s, "%s %d\n%n", user, &acl, &n) != 2)
+-			return;
++			goto finish;
+ 		s += n;
+ 		printf(" +{%s ", user);
+ 		ACLOUT(acl);
+ 		printf("}");
+ 		if (s > end)
+-			return;
++			goto finish;
+ 	}
+ 
+ 	for (i = 0; i < neg; i++) {
+ 		if (sscanf((char *) s, "%s %d\n%n", user, &acl, &n) != 2)
+-			return;
++			goto finish;
+ 		s += n;
+ 		printf(" -{%s ", user);
+ 		ACLOUT(acl);
+ 		printf("}");
+ 		if (s > end)
+-			return;
++			goto finish;
+ 	}
++
++finish:
++	free(user);
++	return;
+ }
+ 
+ #undef ACLOUT
+Index: print-sunrpc.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-sunrpc.c,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -u -r1.5 -r1.6
+--- print-sunrpc.c	2000/01/30 01:00:54	1.5
++++ print-sunrpc.c	2000/10/05 02:49:49	1.6
+@@ -132,7 +132,9 @@
+ 	rp = getrpcbynumber(prog);
+ 	if (rp == NULL)
+ 		(void) sprintf(buf, "#%u", prog);
+-	else
+-		strcpy(buf, rp->r_name);
++	else {
++		strncpy(buf, rp->r_name, sizeof(buf)-1);
++		buf[sizeof(buf)-1] = '\0';
++	}
+ 	return (buf);
+ }
+Index: print-telnet.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-telnet.c,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- print-telnet.c	2000/01/30 00:45:48	1.1
++++ print-telnet.c	2000/10/05 02:49:49	1.2
+@@ -128,10 +130,10 @@
+ 				x = *sp++; /* option */
+ 				length--;
+ 				if (x >= 0 && x < NTELOPTS) {
+-					(void)sprintf(tnet, "%s %s",
++					(void)snprintf(tnet, sizeof(tnet), "%s %s",
+ 						      telcmds[i], telopts[x]);
+ 				} else {
+-					(void)sprintf(tnet, "%s %#x",
++					(void)snprintf(tnet, sizeof(tnet), "%s %#x",
+ 						      telcmds[i], x);
+ 				}
+ 				break;
+Index: smbutil.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/smbutil.c,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- smbutil.c	2000/01/30 00:45:52	1.1
++++ smbutil.c	2000/10/05 02:49:49	1.2
+@@ -680,17 +682,17 @@
+ 	    for (j=0;err[j].name;j++)
+ 	      if (num == err[j].code)
+ 		{
+-		  sprintf(ret,"%s - %s (%s)",err_classes[i].class,
++		  snprintf(ret, sizeof(ret), "%s - %s (%s)",err_classes[i].class,
+ 			  err[j].name,err[j].message);
+ 		  return ret;
+ 		}
+ 	  }
+ 
+-	sprintf(ret,"%s - %d",err_classes[i].class,num);
++	snprintf(ret, sizeof(ret), "%s - %d",err_classes[i].class,num);
+ 	return ret;
+       }
+   
+-  sprintf(ret,"ERROR: Unknown error (%d,%d)",class,num);
++  snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)",class,num);
+   return(ret);
+ }
+ 
+Index: util.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/util.c,v
+retrieving revision 1.1.1.4
+retrieving revision 1.2
+diff -u -r1.1.1.4 -r1.2
+--- util.c	2000/01/30 00:45:54	1.1.1.4
++++ util.c	2000/10/05 02:49:49	1.2
+@@ -205,7 +207,7 @@
+ 	}
+ 	if (fmt == NULL)
+ 		fmt = "#%d";
+-	(void)sprintf(buf, fmt, v);
++	(void)snprintf(buf, sizeof(buf), fmt, v);
+ 	return (buf);
+ }
+ 
diff --git a/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc b/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc
new file mode 100644
index 0000000000..4cf15dd002
--- /dev/null
+++ b/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOgX1DlUuHi5z0oilAQG5mAQAhovkBIg8HapqGCnLeBKQIwH8HO4fZ+d7
+6ljhg90s/vX+LTB2uTjEm9hx3EBZgJLyhGQQcxgp8OP+xjhczPZkHuorCB7b7iRL
+i5zdQYmbnoRCsHCmxjFRFz8qsttucPCmpuxENYqOSK3efiqBJ9Sf26AS7ptkwVI5
+JnUeFNXb1Do=
+=aKk4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:62/top.patch.v1.1 b/share/security/patches/SA-00:62/top.patch.v1.1
new file mode 100644
index 0000000000..256ba5ad7e
--- /dev/null
+++ b/share/security/patches/SA-00:62/top.patch.v1.1
@@ -0,0 +1,51 @@
+Index: display.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/top/display.c,v
+retrieving revision 1.4
+retrieving revision 1.5
+diff -u -r1.4 -r1.5
+--- display.c	1999/01/09 20:20:33	1.4
++++ display.c	2000/10/04 23:34:16	1.5
+@@ -829,7 +831,7 @@
+     register int i;
+ 
+     /* first, format the message */
+-    (void) sprintf(next_msg, msgfmt, a1, a2, a3);
++    (void) snprintf(next_msg, sizeof(next_msg), msgfmt, a1, a2, a3);
+ 
+     if (msglen > 0)
+     {
+Index: top.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/top/top.c,v
+retrieving revision 1.4
+retrieving revision 1.5
+diff -u -r1.4 -r1.5
+--- top.c	1999/01/09 20:20:34	1.4
++++ top.c	2000/10/04 23:34:16	1.5
+@@ -807,7 +809,7 @@
+ 				{
+ 				    if ((errmsg = kill_procs(tempbuf2)) != NULL)
+ 				    {
+-					new_message(MT_standout, errmsg);
++					new_message(MT_standout, "%s", errmsg);
+ 					putchar('\r');
+ 					no_command = Yes;
+ 				    }
+Index: top.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/top/top.c,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -r1.5 -r1.6
+--- top.c	2000/10/04 23:34:16	1.5
++++ top.c	2000/11/03 22:00:10	1.6
+@@ -826,7 +826,7 @@
+ 				{
+ 				    if ((errmsg = renice_procs(tempbuf2)) != NULL)
+ 				    {
+-					new_message(MT_standout, errmsg);
++					new_message(MT_standout, "%s", errmsg);
+ 					putchar('\r');
+ 					no_command = Yes;
+ 				    }
diff --git a/share/security/patches/SA-00:62/top.patch.v1.1.asc b/share/security/patches/SA-00:62/top.patch.v1.1.asc
new file mode 100644
index 0000000000..a4cf321ed5
--- /dev/null
+++ b/share/security/patches/SA-00:62/top.patch.v1.1.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOgX4s1UuHi5z0oilAQGxJgP7BiN9uaPy9pXRVAIN0gNEXaVlDmbgSfJx
+rsH1UPOv3GOW325bC8YlacBnWytPdh8lZFHSX6x2fuShxXECI2LoPjOyQ/V78pne
+HrxH45EY0gNRlx6L/f5JILXqs4uJ9mCM9Gf8M60cW0c7AuwolG405T0shLHqnblL
+9Jz8Vuch/40=
+=OBL2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:63/getnameinfo.patch b/share/security/patches/SA-00:63/getnameinfo.patch
new file mode 100644
index 0000000000..cf3ab9333c
--- /dev/null
+++ b/share/security/patches/SA-00:63/getnameinfo.patch
@@ -0,0 +1,26 @@
+--- net/getnameinfo.c	2000/07/05 05:09:17	1.5
++++ net/getnameinfo.c	2000/09/25 23:04:36	1.6
+@@ -154,12 +153,12 @@
+ 				(flags & NI_DGRAM) ? "udp" : "tcp");
+ 		}
+ 		if (sp) {
+-			if (strlen(sp->s_name) > servlen)
++			if (strlen(sp->s_name) + 1 > servlen)
+ 				return ENI_MEMORY;
+ 			strcpy(serv, sp->s_name);
+ 		} else {
+ 			snprintf(numserv, sizeof(numserv), "%d", ntohs(port));
+-			if (strlen(numserv) > servlen)
++			if (strlen(numserv) + 1 > servlen)
+ 				return ENI_MEMORY;
+ 			strcpy(serv, numserv);
+ 		}
+@@ -253,7 +252,7 @@
+ 					*p = '\0';
+ 			}
+ #endif
+-			if (strlen(hp->h_name) > hostlen) {
++			if (strlen(hp->h_name) + 1 > hostlen) {
+ 				freehostent(hp);
+ 				return ENI_MEMORY;
+ 			}
diff --git a/share/security/patches/SA-00:63/getnameinfo.patch.asc b/share/security/patches/SA-00:63/getnameinfo.patch.asc
new file mode 100644
index 0000000000..469b88055f
--- /dev/null
+++ b/share/security/patches/SA-00:63/getnameinfo.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOgCeCVUuHi5z0oilAQFKcQP+I7dT/NGJEB29bn0nwvMb4GPFy4lDBEtk
+rP1Om8GOOPtP2BTS+yj4U/8cZjNcCKYlr9DJhF/5yuBxQLMgHd+Cx7wl3LRhbqOY
+QM+ClNMoi0VyhQcYlcXx1zkqRg6hp7rgqeCfJ9TazDy7A5o2/QU5anWpGTBXQ+8o
+WmEuNwdtkCY=
+=vL+t
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:68/ncurses.tar.gz b/share/security/patches/SA-00:68/ncurses.tar.gz
new file mode 100644
index 0000000000000000000000000000000000000000..47c810aaabd41873167bc575278e3b26853ae69b
GIT binary patch
literal 1404734
zcmV(vKClO(9_e?{q)n_W6cdb=+
z^3^}!M;z_HK0X#-3H;f|-w$3NANarf55?=l{gE8Q#Az+S!aKiB$Ev}|q*
zM$A_Nwg~bjm$MNa9Lh#fwQ~4JXM|mA2hY*&oIxpde}jFW$W5WdTH+oaRB0Mex2r*I
z@$usG{&Za#rO
zPokG#6gXO{w5GQnNdM{33n+9B(KlXcI|ge`1|IhNKLI>0jDwiu-NIVl$#GdYa=onC
zP3B5;4d7BiCkeQOiY!`F^{{ULuP6o1V!Tha1dHQYy
z>olrHpAmSB9Jmd9i9S5WGXQn))X=0oXrk5eGeD+#sj|{6!McDdK_!#}T7@kITmj!%
z$UMAe-?FLx0$x(^8tT!3KDcl4UP*2x=ibMIWp^>k^s)oRvP{)@GMR%1vszXN?NUIl
ztP3>RLP>|u?K%kH
z5hjv5bPzz-1!VQU;~?mV(b+CsH#lup^YqPqY0B)>U$p`)>JB4
zBW}1dgDgomp9Y5;))&!JEJ22k8>DVVqVJp9?q&%
z){2ekAXz_vchnE&K1Bw|d}>(;07#4o5|o6VxBnQZX^=A53h58qvJ9gN3x0epkKcYZHV38wD@u84!2fM!emz{nvnWLiWZW
z?0Gw4bqL~xepF;o!a&bBG6(-XVF`hrKBWDipL90RzNG?g$#}^x+h~kM*AkTl=qobU
z)$mF@V{%XgX&}{{#Cnc|Cl_+c9c2eFFZh+4m7E;$jL5ddxPQxKO*CAjsi~Vi^OuPUZIlLAV~I_X_h8Bnf~vs$_6i
zA!4==YmcY(Sug&agI+_@*dMc3uPf00LlaWl1q5DnFF*M
zGMSBN0Taj_rZs?vvIgnIoTzV-
z%J&akwkIZST5c6ULF8gQVNs_Nm5VHZ=m7=5vZ;DL)pl4hv+IxW81NDLTd1RKEbp=S
z7SnU6&`%IVi`Ia%$Bd6^(A!_XKbu{BI{6XhF2G&e;1{X9PH1?K3jf=GO@BHMa^QK0
zy034h*XPfAQt%NgUXY$I;!!Z{rdajCnPnIx8I;vnQfI&_k)PUtTb}D#)II0`&_Fc0
zfXG6l@~Z)UF&l!L5PT6u1wbT`p+JuZTWXoO)n9xag67O!Te6R|ifns&&}&(V-Gjq#
zvx8$u3UKhh{`*M$dIDJJ^8Qu_QTp7jJx~#*FP8Hqc_e0s{!YI>z5H}}O~#G}hBc9<
z!7kg!2RD&u<;j$)hbPsiPXZ$Q5Edp{2yr<#R>kMNuMCiQSwotAIX>7IyWx+Ah@^mF
zU=%DG@$GZ@H+Xj5EtxpI9mE}mZqxuWe>U}65DNi9)3v_ri+~%C7$O2`8%8}=H>lA&
z19SkuL&zlro399I->bM0lXpJ5NT$|QaC0F5R6n#E(6_gF{n7X^dIkW+G4(-xZDJLd
zv+O~dI;UqBvm1cPtEwr0XcOxzoZ1_KAt;$mFJrierC93$wuwwtfP@3H8Hm|H`Z
z*T1OUy{8?H?VcH=&Xd!-^V!F{>Gk#HHFXM91)9JnO6r;Ex|deL2f#Ef7I3%_yn1zg
z`SI@b_BPTLh(K&oA{nAinMA*&5IOzko8%e3eH|)9?r-8#uqWbvMD;WOeU?8ydNh4%
zjnXV3>1k@e-8sYna93#~g5bx5KJYOb>*H0-?*mZcaBfVA*--oU`@S1s=l5#q1tkb<
zr%-EVfsGJsCQ-6Oc?vxP>*-#vER;cXdH_f?b%JV&^Q@RDcHE2Uml=U9tx{l(Q~q(o
z`h#ylp}SuA_U?9v9$fGqT@!ZAbfed*ro=;0wfl5@wwLB>F&mx$1wK4}9hepeB=t%t
zzNl@`uZ(tSFp-*vDXk?-<2+)Ju=`;inrvx=BJR~@Zm@wIhHJ_5fPsv7Fqaj;j`3;Q
z;>qc(2ZnxJ(m4Zhtz+W=U3-aymWGSC48ZANq=%m+C_SkM)5v6y2BSL^N1IXD8+CiJ
zrv%K1=V$m6Vw?0t%pkglM1CZ6*f!wdAFc{!?S5;~uGVN3@ZJdEixM~|wbNt!8f}kK
zFtIFKSyeQ-{68r{t30OzwUpt2O6DICbyh9){!N{68-q{p`BmTP8q1{ZE=8}%opaI&
zuFq4oe&d?_lGVn>%Urt*7R>PX?Xchq)3qBvC=O!!-r4n8HwImt`Efk-NFpa#Y-7S-
zAkZ-xZtorVfDY8I
z!f9xQ1-9>6#AcnJM&s7s_P2X-b%rPPEgF!j(2)A9%1RvC3O{s}wM$mLom^f`FJjcP
zB21Zl6LutSXJ_G?U2fi4p8AAC+1p(7bgC!e2op;fXz|*G<1)L+yaLTCm5z6r#0fb1GO}e
zdhCGs_!@vjJo-rH!c@h>1AiQrA8`k^edsZJ9-ASkJ}>#%vB+?d;0$TJkSd{mmp0x8
z7<^2l9Z014N~?!ZyD4fg^^zO4$Qp@d_ORzWRM%o+HTS-;#l-XuJ_t^a0tOr^Vdi;+h^3T&?0v&H|aGW;k);hG{eP
zWP=#I_JcQ9p7qItSKKFwR>z61hi<8pHx63GDFOQZQ>m0yp}~$>rt&>Fn%qTHuT2_L
z3fV_oc)v7&8c7P~zs~1I+B=-4&NY5TR#2MQ^1Ipllm(N9Rd7wUSUMfp3|6t;Dj#J63}s?o(@r%O{H#8{t&X
z14VAY)s?H11)U)%?jT=33ARHZy?fm8iv}HUbvq2bDWj(*n=v-!tgLCvTyFL
z_~N!PmWSrfkS&IHYhpo5?bWRT@PoE^nF_};plO_z1vigp$yb;93kCK%xN$}2D&emd
z;S>`9gez2}Puhx+1gEPb+NFsn-<-kZf%1(_a35o2(k?MAOadtZrXYbCLOyB(Z
zCNbj}U&{3=Lqy4pn3TVv7q!ziDmd8AaH7Un?ou)FjHkEQ4%}`%24^7Mzy9v>d^#D&
z(}YOYj%Rqj1oo{O=5y%~nD83BfZKb8Zvk?yZONW>7;v*ccv=`O!igaY^Y|EUePPU5
zk}j=QZK!!#64SqmfcH%elEo)=Ux-IYztml7hKhI%(%i_uo-_&v@FUO*^xe?5m5@Ne
zcks%Me^&EV3Jbvv$r^R_wu=E7dgK0HUo0S>87$!xluemkiuYqcca){
zgSDbl149X~`|`j#128Zf?DdCn><^yR+jj^kjQwnXFe*nAKt2GOSoRQprvV;cSPrHS
zqf?33r;=2$D+hP6_oxV?+A>KBmg@`iUVn&~0n)g9r+`->G0Y@IctVdV-L?q)wuZlPc^N@Eu|BB|NXwldBY?&$tA{
z)`YH4{K{LwMTnoJkkkO3ol`+H{8L${6L
zE5xbfq*=62)Sfd?lh)sEh^X5dXHfmjcenS#9Ti^K&*A)~6n{0Bb8ZmvuXN3_-!uH~
z=KPa*afX#txK;~Ryh`0h2F{Dq&)2i*>_zNi^pxTeI#5H|wme(ZTjIhniSLUB$*H#R
z-OfMit&zU7J9&B`->ipw>5
zXJ+Ms4jodbX$u}Eie;XQ>?R%hFRtAjjB$BLr2x57xU$P3Daax82kx#T%W`(U=hf
zM1gz1rM2^-f2Zw~m3Ytp{DdO#d)>cl_S4IsSC0P0!Fs(OKd8sfj&nIVegFM<<*NRj
zrk{?&lUx5b0aoN~_sG5Iaj;Ak+NDV&iaP!cQN$@pl$NDg_Ff^{hWKA@w(gv>pJB?z
zd#P9z@6fG`t{DZw*OM~`uEq@^sKx=$+Trze5SRXGPG93!zojuL%1W1;`f*F;SoMYB
zz?Uyy#Jn|Ys|E&n9mJ!Iv9>w=%aOr9a5&dRO-02Xe4yWF74Hh0*J1
zMlbC__nyTI>JK_$(ZTq5pA(T!#F#Kcl=Yr^Gk)D?8F((TUv`rk2Yof>#sXiU<9yKG
zHZE}iK^Mp^mMb`n?~R1~xbFPyd^(VR*q07ZCWATI3=RkXE|8I99(c}PF+2fr=6DT4
z>sq-n{x7@9uba+xiwQ~fia)HfgYm1Lj33PZviGO$Z5&y)D15$(zapDuACfiz4w_}z
zhZIFgEK4L0N!fA@jYlZZg<>rKBkE#vgt%d%oB0E$%QXCYcB`I+4?72?xv+6N%o%VrBPX
z*ykxttr3q_Ki~e(n{;$VgQP769lefU{5of|x0#WaP)3cf5&>x7Q)y+EX_so4-lC2`
z0-75EEo^#`pE4e1z@Tkv{^wyqa*h7YLhWZ7P5wzXuRWP;ya5l5B^z>uM#ZlL3317>xuVe8z!Lc#~;6
z{Oj)1zh4eX*{1!4N5q!hU-x$Y{^$SSj4Z+Ate@q5Acp?Bw_Cp$Ku+~(1nHjvFc2Q(
z|PQ0=@sir}eRajs8oYd!iYm_&ls6impMuhiMq744KUk(@c4r
z%mf&15P28&!38g}DvfYVZc-un2GAm(sA0ow35O}WO2ju_%XPf}sbt4jb2g{WMzo`>
znHp{}ERA%2ID7rT2WbII;n(C5nDBgY@LuQGQ7^u=c*dF2@U=scRXA}N?|gZBA9f?hF8)QkC`xSU)hJC}L`e$sDHfN=N2=mj`pc>G$z{8
z?vv>8-EKbOe)A$6;!9XdPhCs$(0!6EB;zIz?CEsT-j2KI*LjA0y)~76eSa|ihylb!
zyPwn2p1WwtmWvDSe{yB*`44lKh{2WdN9dNVd3Dvwdi1eNkprn$3Ya(rL~mc3T0;sE
z!_PD>_{a2syYS8L_(vK@&W{dWCNz4<>8s@O&GAL@>iF$Z^5W>#>G@Ie%jx^%^8A|oaC+Ko8RAqHRzH`qtnSav~0!|tAh4S4rlpz90Jjq%SmbWT0Pj7po*YBjhMg;
zni?YoE88#^+*1u}PqteSb#1J9JK`VRZ@=AWB>#Yli~o|r!vD!8bNcVbm^3i_*8bp6
zMq=|HvtmF;)}Y7#1IF40^}w+A82Wcd9(|uCvm)&&x~uYVD$;lZOC(L$&xxp{rcC0`
z6CpaPSrJt>n8DqWFmR3=n>E(dQsGE`Dk=RgI;38XDz7la$FFz_9MDua0BO|a(L4Gm
zmq)M94=zv7*E(d5-o(Ar@F2&25V;J1MvSp5I5Ni(3P>%DoHzJGkkPotD8y6({
z^yH_b^NZut6J~C>a6Me|Y{{C6ETss~mK39&)%v3&cep$qD9{j!a`zKopS`>5d9%4-ryMoN!K63KZrJ~5QFj|k#5JT1npJB{
zo^|l*qBdz}MOii_pv$PZrA;L--XFhxx!Bs;;rZ#sMf33V-5H6lbKkVZXl01F*Noy-
z^ll>=6t>djgcmXJiS-M{fJ$tgmepJ_qY}pzt37Ja;?8E?uAZWk+lrF`5gXo2w`4_g
zdh%vxi*cW7%zDwO---
zkc~K2v37p+zuzC9AHAcwfAMTB-fJMIIZ(^46PC|BI2sh>OzmJYGI4=yhPDO-GXnmz
zXKQQszF~f}Q5}jE)2{2t87i55mkU{BiyVTSGZGpkno$TNe
zg6!=4^zi8A`}3n`D|CUiH8RU+ZO!1S>}6d99BG4N50abMF4+VVVLAd@k+lp*mSEA-
zO$~~O`;~Kf>B0^Bnk7)Pf_9tEau}=w5RL$q?1n^qHPdv4za_jV?z&3D*;otB=5&_z
z^N#_QhR+RDdN0B67cRS@kTe&2js?ukm#D5W1%OM|aJ)}rp|ER%9UXMT`%>Zp)|>Bf
zc43elrhL)u-%3J)BW}yCMo(q)#S|C5K|y5%!(bTbLB_dvHhyIAXQ?`J-ADxjr_?1?
zN(=?~sjoKWvaM|rFwgw-uJUffvy(U^qR{d+*6z_iKnGOH-q&E>z6L-gi!IY630n5t
z9N)CQ!7u#|>Eew{6z1&qXC98T%nMmA-mflBefVKAEHV5Iq;*+OCHUZ3
z1ZBiPotF%Yn@sj7W&K-7PX*c0cq*P_#sM(X%ynMO<+=LFT#lJ-pNT`OAbllFOwf-R
zAsIv;<@PFem6nlHSl$-XW)JfX3HtwNZM(j1IM-+~Rfl;1N0Y4~QuP$&=3h3{J$S|=
zvXoZB>A+Htfta(*5Ww%!tBeO<{Od2Wk`XU9RU3?W0Q|(Bp#!AI!x(FXrBB9bG0y)b
zgJ7Ge4eWOuR19C4o&-ny27eZWM;JBh(M$3iU1!Jr6)&YbuuElX1e@gP`Q^cjm6^A=1DNkyqMKJ+e5MSbl}o>G`KOR&IdMMARhh^d}N)GhQuxz^Tqei<|F-h
ztPChvr|2Ls!A${}JaX9Bd_}ggb
zyvHJuMcOFqS70&Ftg2wn@s`kRDk!T7ErdYflUp5`hU$-aFU{@&$A)Jk3UO!d6?(E5#pv_jNz`c4nP!8z=2Vv<
z?6E2^((z{*o>@;u1GLIyv~c%iB>_M)~rL3uK#xj|T4)2qjGX5)8tuq21N$
zm-IDMu$gk9-jxP}yguWxNW_nxj05~|dD6LC2)asmvDaT5(ueaUZk4_iUu8a3qqaLN
z@~(VoWZ@JfTtXSBDrgI_!3{&sSzvYHQPd`@0NfnzznD)*3*ae2Dy-l=d9`x<9V%9-
zR6`tsx7?t5!=hB-76=+v^)#fZ!o%Wje0N|{`{)^TSA)(1mure3OBBW}FpAbx8pTmE
z-H&}F7jO0?baGQGTyh9CH=K6lb4Pe@WTbk8+V#me0lGRRizO{HzpcuELZjwbD{VV&
z1FwXbTK2t_#7W+>!cCcsU+P6L)9k+6eKD+X&KwUW=qx0OvQi)wwMeqrjMLQ1l6i~0
z|47(SEUkj&q@HwX4vTpfjd(Qbe9R)10`_F5?+N{KkwxUpo{yRJKF7?ge9hdNOMBTg
z<2vGD#tH*vYC3U>&yA{3w=kX>iU-Ox)z+GGXgy^gXb2xbBcLh|$lBH(w6LTn5fZ^1
za5Cv5aE*@;m!ZX=+78_Yq0g$G(|25Ir;>S$Zf*Wa4wj_-R>Fs_xhH@nI|*m9L6jjd
zGpho@%LqLQ)dOYBND8k>L~o#rS6D|m-vj9l$|!2K!HSikbfPw)mjd{|a#e&CaGG?%8lhMi3qMe)MO##ZI+D}IMq
zsujR(y*xVH0M2NTgYb(v-oYg~W-_I#NpUlQm2`UXYI}DpP^cWEfb=<{%67^9$Xw#&
z2~{j>%dr(nSjF^LMKr^FQe8-U%@W&9wT7Ql$}5!idb6x7E$>iLtAo^3+)pp{qtc(P
zJ*4qDorsx=%}Aif4VOw^Ibmh@H&E;^h60N4zsT)dv4)a|<)u;kP6+g>Dm@6moS=d(=G0a=M_7FpkSL
z=e?zMUnb_UWxHrX(#ShL`bA40gYCihj?sDZ*%YjSBu+K&rc3)+U
z#h1MQAV~R3M{p8Inn{|(JA=r6JXc)b1(zZbStRB@c4??ao%~QA*_Q(k=_dO}Rlsq(
z;xNrSTey*_)nx=F!OS`OZS0J(qj?;;c15{$su~(@z7^jAde=3Q;JyUjqyeb{Nz6~tq(0uCB*vVkeH1ccgAoGb5&^h{j`o7ZRd`xSs
zeM4Jz=eCle_MsT}G7=Jfc?z8_c>}p|etLTOEIE`S4560Fqoy(7&~JU~j7MJg>=kk;
zqUIJdKeRfDB#M#2)Nrmi4&aF8n0AV}u7gldRQ#xjHW#4b!DVkhd;h|eNYNW=+&xZP
z52B3z+s1??97wPw$>mjg1-mBHWE8#zPwq08CUv1QEh%#)LhZp2$Us6&`WDk3PzVQ%X_TV-?YF_lhb#e8P_1y&E!j~
zCIl^&hIgY=6r+tG{-r6Xp6rVD80uKdt?c&~M*@U7Jwvpvk-Ruc4qpCrd~x)Wjvri#
zsX!OLJNSiV0M5U7djyb-#-NkU)AQu~{mGV#R3Dt3y*)nU@SldQ@yxZg$Ih>^5!hi^
zN(@!dxUd^DO-n||n7@w%qs%-pUnX-%MY+IOQvVp?;tdNjD-XE&dzo2aYQY8d>!5K-
z?o>OR1i-8yxxqmbj;2XmH(=KaQ{fv-3NQ2eAKI}Ewk<}J|?Xfy+nK!_C8@9zaku
zX;g-<`&nF4&qO`aXotztK2ZKcz-yWJO%@{t?Sw4a{U=`1Mp%~&}l(rtRL~lkf!dGBVxBM24
z00duBNj&gD^U~=aHkn7;GKcZ4x9!U=nX!?|bSqAeOvjk_-2vI7cm{LVLr*Z-_K!uA
z&IvTX;v_y3PU{KGXn_8y
zqvit_)t0v@*Bd2m{a4m|=6f%THteuDphOuA60|rG$>N-2MmUb9!;}mFC5B~8jm~r*
zQjyZ3WQHT1Bx+emIaF@dWIWj@iBC85^t$=+x+mO?ODy~0u$_{M-)Ss)V4
z_ZF%V@eoUwo%av)mv%Zvtz~QXz!Ypr*L=-)!sNn=m+BHqWJmq*&%<~Q)z`ju&mPJ2
z@1+rjz{5Msd%cWl0l1zMZ??X&T=<;0J*FVhGI!S|!<&6;isG%b>MlVFnJOG9t{d
zy==lvxY8b}7Hmj7de_+stvnvqMc<(@A;EEu*W(mxoi+3_R|v_#Hde+38rZdaN>$#=
z*a-|AC2&7q>4jGu&l^4d^-ev6`)L{;0
zvWgC6KwNN3c(QV)Xhqa=ff4JT#pDqAVmF*n+{tK|i+K^KVVgio%P4%l2Fb3{WZkH7
z)@`SNFP&^#DX|c)B@_X?$IaOu!-Fwl{;=6ZOYLmnA1p=o2LkB`*nqIZ9|IM$$@0WZcRxGdnydq3!HfCZ3k#WB_BW!&_Q
zLvoW&KV$#Y!duZqACA-M+Py=a(AHNy;XU%rkkwKMHIqe#MZA@hg9}d+PLg}CikZcc
z8@7@}$LwileV^@JU3wD7vRNf>g@j3XdvPJE78XKBDOiVebPHMx8W$xt;pZ;&hKY0P
z-GTMxV`U*DyD2Rhv}|q*d5SC%k1tM0%=~
z06uQeFBI0(J9VyM0b4NuRvEyONDaw46GgyPxx2|ctkpXd>1$nktxXLv(mF;F__0pV
z#}kos(Xiw#N%7{$7L=qSx+)jyVn{hOR4PxAmY)b1hmP
z7VVtjd=luFI3GhDJD46|j`Z_~D}b$8$fC*Ww$%euio0lhOaG->!}=^i@Sv$4v3T`I
zelnzX&vMn0FjCo!>vSzI^>xprng0Z=3pXuOXtE$RP&#dbg0*1Izy)58fId@9cyWR|Sl*(H6cN}Qg2ri4P=;qC
zvFJ<0YtRCKJ<2r|)zqvdfc=c#lrqYFby
z2Qk@-AgMdh@;Wpv#CT+$!FwwzE5oj}QjEc~7X~H^$0eRmWpA3&N;x+}m$_vnQ9=RF
zTJ^~(`4eI7hBG}t8wtz!+Pz6eRY%!k&jwhCsCugO3w64Z{l)A(o_
zH>8ds)NJo_b>!_l$E8qnrb#!t?bVo;wYsLBu55|$GgG_&x2
zc1*Vcq}!Dmlwy|m!W0%az@-I9rM)KT)HAEnT!uY^gM`)%^GNBGky^?&Is&4jRg-az
zL{_vp_h@t*>w=7pW@XT+a}vw6a6|j>^yK2wbb?Z~VwRIomC)0M7^-=QkSL8>(U;P4
z2uNXq?)89i-6*Av=0B>E@Z+kk;s1Tz%fp`{w!s_^`LTv
zeCB*o+r`oKpmdC1f6k2airW|hQ)mn!hRQjk=khYMVqua#OAibxu$a0u7j{bN1k4lktP&lym@%EmV8y%gn2lu{7uBkomRi-&H6*;$YpFxUfWuF7sI;y2<1Y{y16frhvfa`tLBrWH_PF6
zHELbIsC!AoUi!&g}nr)Nw3*Jx~O-}&RX+mvc=OC>|}$>~~{
z6DX)H_1m^$2R0`Kr@gdkQ}6r3cQ4oOT`1}VA6{s7+|*Rd63OD?b6X!w(hBdmzO~S*
z#-0#DpqUQTq-ylB9!-z%w7b^uGcp9u&W~Ole*j#5o0`M_>t&0NQpfk_Jj#6J{z=K=
zg852%^&SZ?qg$``-yrMYUeGtUk=w9tg4)c}|CX~Z6ox~!
zj8#ukpaBQ=(@|J9Mk--8JSmPPSXc-uKurYQjweR1BZWSe2VcCmf#>XDfnq&}>5$%U
zqfG2xpXL{}%vt95UYq^Tzng)K(P7w%LUfF1g@Z^n=JobKoDqz3d?%^nF_g)@c9?%SQ-z|#R#(s^sjS-d!KvFf?U6-oE6a
zuRpbP2bT@T$Rk`{okYsRz`8wMwrzu4!ghOg@b>MCgTo(_qm#??bxY%K{gw-U&EdVXyH+bj2G*5)Z{eY&AMY4N^HY6EtyUb7IP-z`wv{
zHJx>mSE{fxK8~BVcDW3iP&M?-eYQ@@(`en{58UHiCX7H|q+}f1cam#mao;lV4hv$?
zOgTwgSm1Kt$-_00IEc=g?spn4RQ(arF`A;c-W=fon%L$=Sp$Wa@i422s1)ro%)Biu
zO=%cv!C`S^NEJsfoT;s*<>p@E^J)iWXe~+4=PQ+(pUR?{G0WnMiK2oUr+{0!A;!V5m&C{
zEg_Q~Lqp&qioc?*l!Q1qt?>WtUZuk_4pe`NmxcA!_irOm`pJNo7slC6yw>p
z#Q8%*2z!iywa$d%Tu5DV8aNaICH}Ywl8zi$@7pLQ@r}moqav;L8d^cPWKuYQ1B&Ub
z`D(1^!f27QJB(f}o`JFgg1uiUXg2d!MxUodPHJ~6S*8m_?P$hE(2yPp)QG!Ohv|9}
zY7T4n7F366O?8-c%Vyq-?eX)&i-Z#;F)7&qV2rgIO@|8Z(k$rU%J^NBW5~aX9Pn>q
z&KFEmDLt+UGI41^PUcWgWZhrIv_MM7U~H}HWL>P&m+mvm7|I9<1x?LZ(TO2-LT%8r
zSc#g6t+jhj{=fHT{&Eblt(%T>--@&K@YUOc*B5ZxFY&NiP}lZ?ju~REMoV*`Q6Qe%
zwK$KCGmU6dyBupF#_<^B+}bPBWIlLt?1DVJ(rVjT0FQDg(k}L>Nv(u0vx(YAGx&*;
zQ?K}N3Gc!`XU2`u_e$B)VXeKgiR8ppSD~thyO=1KImW&}ftnm{WSSxK5CD
z8zs}O-3uTIv|2_f5IyV2h+W55z!$K-`}(8_r}na+(e7EhCpRH8PE$~09Y|8n@SRke
z;PNb;DCVzIK%D1{_i&p9)F$jDvOKziaE(8faX_fHFEgbs!2QrI_C(!;^NI2SaREvE
zwWWF*yW%-d+k8uN3#ZsCEa=9jU~y$9zeu
z@WSV{Z0+ANySRsob1O*Z{`AaZK7%_|(OS?^9^`Y~H^NouT&&Ki3)RalKp?ilB^!f_
zlzW*!4}DR5az==(W2fe{CcLNy&eRo3Z@(U9ZLT9b5{cUfm&ZyE$_d)1Z(kmrd;a&+
zSB9>-J6m#j_T-CxHpaiRG170ia0IWC63tL5n4Ij11}M
z95Lf8t-+}RCk?w~gz@T7A#GOe%>h|L$e=^INiZpsd^q#cca^%(PPE{mdan(b`2Z0wiingadGAKKDpES(J4YUdb8P3TJh-#*Bf>r)s#0i%v2^
zCWxexcG;R1hnA!r`1;bp*RnxM10C-T+`XLmS&ZGjFiwAEe~Enx4LLTVrRMrAXhSq+
z2uFsZ;coc?Zm;!OEf78)Q5@t&a69@*G*R_oYd6{a^PDEnlLpsHAz64_?;CivzSSua
z#>JM#_tx$u$!3_-yAVFyS^~y!UL6iAp^c6Lf2OGbql+cGwaPB_G7AAY^>jvp>e`s}
zX7nPPTOM^14l|$h5jzJ7Oq9owZ}6T&3_{V9gf&YsY2`@g1dYrF!xQkOjZ4PTSKQ1&
z%eFTp7ng6*<^d<{`3Vho)$%0NmVL6FWb>3%I`G)+-ESnjPoF+r{n^}N(*e2R=GtI}
z6m6;;UCASYQ7Y|iudUQNhx~<2&}R@MO%YnR<2~#rQW_x{^-$IH-nYhvCv(~$!fde6
zW54kaw4B)PkOg-T)5f5Y9yV+1*X50!ZsueE2h8S0zuzb(|2M$wah4;zmAzgr3R~>ltpP-j`YX2GPJxCJn{klZt4374Q84w
zyarAO_BMRZ5V}~~s5~EYBg$u_J9js@N5f!uU>VI&WJqS@+XU55c`c+{BA?6xcU%X?
zlBE{E0g2fI+E@OWd!#RYG*b)y$df4SJ
zXGgXGH*-PlwTAe*KV|UjA>9ajU@g&J6jZrSRIOX*Lgq|GrSjKw5pl=p?gwEM2uKH;w$>%~Y|0FXd$zn1|p*O?;0lEjf{C=^bk
z=zwK#Op9~?q1IVa7gu*AZiexLpukoB}c=!fMMB*0Wq-vH%t;FM84N8Moa%5;p(Lr3O$^=}>?YJ)|
zAIuLSzYu~XN}uW|S-dmcwV|Lv8==%KbtzcWW@u%ri)b;|3B)+PaDT@*@zBfonffuLwUHTaki8dfg#4EZ
z+K4GOIm`}be69ze66fOb{P6Vs$z>yMZ{cGx&yRftPW;s2Hz<=ELvO36BN71Ylym|}
z)zQ9`m#WzgVb`BN-PzrFDwUr(lZ~Z1d@*1N@nqD&6nti#&Z>6G`!9kgj<~sMPX{D%
z+t3u8=fxA$!=miU=5M2ir4&p&|IX3GFNb-bLDDpz_gdj%8}SspiF@f5skXfBT4moD
zTQ}KwZtD%KQ`vab2qw70UNKv-|Hct`i#`$85z`K77LzZN+KMw@!rjawXZ&}
zT@p_a*$sHjW}bftUSgIBz@<{)yfhMRM4YLixWPhi_eqQ*{URDO9r#zrAD*ek
z&)?O3QMcZ;-dphbY?m{kX;YRd%-x`gHRgtp+d}^M
zd)=)Cy|tJ3>V7#1e0irxG+h4(7g0P1$ESIs2@;R^1{p&g^X63mCOyn$10xNNzavsm<9W@D5&hv
z<#yrdt>ZVSoxs$v4aV)dzI)s;_QlETWgoNdT-MYq>1Nv>R9>eE~o
zo!7B-%wSx*@Ypc(CHJZ_8}*aCR9|3Fd(KfDJZSADo9~z_VUKO+C#!8|dsAltIPQx3@%&pnKff?QqOU(>5HfQJ=ZGA|iX0zY@NKGmO
z=662(>&M%_-C8_S6kU9_=dt~bsSL!>EJKJ>V^Xxq5
z4Dc0463y>n;$Dt<9A32F9-NRtb7Gw&5u0orZ=iRPF_&++kGhMGdYkM%IHG_V3
zN)5+pBZHNu>7suHT$E)YH-)hUmna#gSU1eG4cAdMbZO0!jwuzt?x{AWU}@MU;#pKF
z)i4Bnu^48RN&0tnE_HgH%$%*lXY>tI|Gb
zNz#rW$mvi1-HCSt=br%U4|_7XcNXy@!N1)Z%{e@S2bw~r(KP#FJIUrtGPGGA-h05G
z?U8=A&U`!-8D$e3mwV|6E`}Q>#$aolrqeBLZ@>m9@y_O`*D8zFZtF?w;g+k?<2DCe
zwgdpi?p_4e@$TnGZyn@ZJuN|+G7RMd#o4G@WbzmdV8Y&SJ+Nry+C6HG5AL>}ww?}{
zRpushw$3;S8kX^q3xgrr^&@mCLLLnu55_PDlsPGn;;@^Q+sAyX8~jIe#LobAu*SHu{)GkUw+0ed^N+t#T)pLXDhJ{N}L_
zaipH>&<|`6_uIS0Tg24|x80TvLMBRbP<@XRK1$;Tt4Vfin|8XQ4264({#LIK$3dVOomhCJ{6qXFazk<-IQcuD9rYqr4$r4SL@1S@(!J
z#W1*uqtmv_((m>y%{wI({`vUi<>}Arv@sBX9Q3oDK0qoVfS5ic(3}l@ARcW{pLYk&b?&2~6Q5@x!V{h4BU~VxA+K#GDLD?U;Nj1H6ih4!LFvZk!
zoe?BjjjJ?sY4^^<+-n5xoV9zAC#UwcxN#6f&dA2%_s7RtoY-!Sk3RNDq!oiLnLF#e
zm8?e&UReNM*B1q&?9yJv^`Y;s1^=m_xP`$
zRI(4bViua#kan;dFWxyU$1pu
zAI9lh)U)HD;3*d5VVvNrec++{D8^3mMn3K4t#e1uq3`-JAzFR2O5}^F@Qn&vmCp01XC1?UU
zN8fpg#`=_e*We@4`g42`Yxmfn;J-Qz^_j$M0)u;rk`Bbu-5lRx!CVMpJQ-Cfs
zgz<4|DxqWNVF^wPpx|ud8gYvFVvVCM8hmh|w0t!YVQQH;aM(5@6Sq0~VajqhtRBcV
zw{y~koJ`CCd3bP^a5?WNHQsrZI4OZs(6pR&$UZDi7%rvOrCCI(lktMEi%J}qTz>N&
zmY92|gt
zjp0no(rHbB+aw#68M`f*(`P1p;B5QBH%)Q?Wplw^B5~)`p_UbQWF-|eYnt6<)IwP5
zLj*C2Xi>Vfc&rv`o}sG5vE(>Q6(Bge3bI~VS$Y>k6b1Sr0>+R
zoQ35;)LBl_fZ22d90Q9K1wT6u*D7Le0BZ@7aluRy2Z^K9U8$R)Z>C#J&-Es{imQ9%
zK#hu6lxQkX4=>`R2b+)MN^#b3kkcNibA4CGd=hfwt8;W%6k_gU7D?!WhCBw;h1LOC
z6=Up}HspK@FGVi;LCQrEWkBjTq4OZq?vy=T@rwR@aq*H4PRK%(V<%Z9hv;`v;t2iR
zKD}6rh^7S*B;ks_!utj~xk6T!Fe4ANpME?V$yDZ(Dx5y$!@r~?m(95T6*fy2^R%A1
zRIdgk5=S=SPP}
zCzr_wF2rp3*cJN!N++iT&Ob3>Oyo1VH;p;1KH$?md89j-%gp$&yLY=WwO}*;jmL#RB(<_CUJsP!YUtK$3Pd8`feS{c<&XL5({nl=4@0G-y
zrb1Oo+p86Y4yk?orrP}2fAXk#eSZ(^m+&S@4V_HhbT9PUQW;TBCs4{^@dWZzuNjniJ3pp^N#Sy8(ALRqczAz=3y?mJ#NgqY`R3{xlaB
zk5j6JWUG@IRkAOB#joVGLhh0|JYD2#5g{s*MjaOMtL4t73W8d+E3lKv5)*=l8zSA+
z`&AZe_GF^=wy+GY-Id+_soFZ&r5O$w1{ZXn5>J1vz;U^(;43X>u5MQXJeFz6piNOH
zONN19wvqD8<@sRcFnM5=oL-norD%Nc-)${5mo(cmM2GpJk^-t>lnctAF!dl@$6m>I
zupsee*%r+{733#Kh#5rbQ}HB;m&4(5{DuMLTpm#Rh<~JvyPTl~V`DS#2PEWMN?yS;
z9sTL4frb}kp)uF0g%W=0TBffxXX-7McZ$l+0woQK=kSz5wrzQ(0>`DQa1t|0fZ0pJ
z>ePB`;fKVay$C9yimoOBdN+<%Io5gxZ2%Dqj=}SCl{e)mY4~}|d0zQ?jQxC8N{K69
zjamF{njZx~&8Eg4&_M>?mO**?Edeq10LX8+P0bR<-~DJkY?VXwZ!vwu#ol7V2A`-+
z#wZG;cERPxgd)iEYnB<}1eJk))L;=Lo8?9OXoPti1x5}kafa20#w)f`cp=O5cFUD#
z8A(OH>uPsrM_Lm};kv2PUXu9j?JW}#+DX^db^VThMdP6*_qcIw_Xl^nD@$jRaHf#<
zSFP`mUB;GcS_W(ame)w8nz5>aHP6I|QH=m|bQ{khan&sJbfI7D;2ARLPD{-!X-g}r
z(u}&WJ1!zYT|1cEGB4qZTZMF3*C;Q7zQAm*1p)^Dk&t^c_=y?Nf|@&4EZ9B>
zTMRQ=>X7Q3DefabGhsrcD}5C)v*!JqJC+?!W6K_5H~mOX*}UMn&Qzqc`AAj5`M9G>
zF&9SW@7`q8kge*xG_ipGVeABSfk#Lt;$G|FkCOfAUYT~JWd%)_??isSTP-@OWDA_^m_}zhe|@Hp{z4
zL=UYYV28UE>UJz{uBbsB(|0-G3CSSqwAJN%c4vHon3wGO6
z*+Y742I`{MW&^8$JEw!(bek*fs`Pn5uG5Ep7BMDHujeW9sv!8dK&rfH1Z~SX@Y6wpFg^qXX$_j%3#6m1$VLLR4Ga
zxE88OTj3^*4QM`mRdE
zh|gHPr}P3d?nqq
zOaBdH6zV`yrwP!JR2eU#>qYx?r9|PZ_kQ?rFOCa6h=3DD{fJ*cN;Tz}Yk^aSNqUln
zLQEO}sZn5?%C{ySScxXBc(~Oy)Tzvx5j|uRa&k?A6k9<*pmEbIQXaWRA_@lp-$-(>
ztxASt$QVu6Rq>eSBVpqi%!->eFp)UCr|W+Fh5>m293V6$v|2oip5-WQM}(l?s5C{0
z3qA_=Mr>G`s=#q#dYN#Mx_isuJ=HDV2OI(l1yM()O<(n`xq5N
zSKL`W`iLnbfLMiMQb15IG16a$m)(eM7zU#SbvVk*(v2+k>ohpsQpB12@W}DNO?PM4=BmTE)uHo2u
zv~x{;Y;G(7Io$?qb4QMO~wKX|1ROn3d^ODrd;7L-_hsNq+-jNsw0~4$O
zb)^Yo^^fF6$xiYp@q630shr^fac)p_$UtNZ{a*{kQy`r@mx7m2^1?<^;uFx;7UU~t
z2{T11?Aq01mLR^Yag4&HCE}_d$RZ4uc$x(kt877e7k@$@=!r}W1dNkN@)rZF{y;6~
z{RKQnRx6&_2M%75zJ8DXZD>t40DMP8iByxKt$mQRMi@NwjSD6
z4j0rc6Np{tx>L;p@TV?E!hQ6C6lbv%H%lo<-WqCgU5?$5x}W?>Q%9}jUl2KR#eLo$
zzqn`z@!54(^Ko6FT9OGl?~L<`ad`~>F}Rd@cy^z*?(Z1ph~orY83PrqG}zNIJAn6E
z+4pqO(Y%iNR_YyJJ_%l*y`w2`qDm*A+u|GdK1F9;Xv7~(mzzRGHcHOsvnjs$JMdh(
zYSq5HUL5GbBr=tog(%u$_W_EB!(8g9(7W+trdBNo(}0O+4UUydDd9IP_3B**JS*A1p)
zTqIFF@q0_?lc!T$QqwcpY&ziCNSPDmJ>6Sw1%(PQRTLEkw?AS6uH>FeZ=%<6uUV?a
zDUrHvH)&!8^8dFAU&WOEqTc)8Yp9Cs3#D>B=UYV-i?cj>#W5DWM7}i_1r-rF@iDHH
zgNNh+vW|Pz%eze@!OY+dr)$CetL1y1Ub&}+oN;8f_2#j+;=2qxKxnwDB0v^mM@oE&NsL{
zMI`iwBSW9nQ_6UGbGngHo|q$M?Vg5aT;XU^jN2$VDh1xcqd;+}6Uo(js=C0Z{UDKb#JrGtbOXHHc7EH9N^-@GEEN)X3
z$m}wLKL34&?!m^H%1(*&=1PFRFX-fil$N2yXkWa44JCu&5^zEEX>%7A=lEle)%hoR
z!Kkf0A2jvk{$Mh16|+GL;S1VDrRF9w2YP%TqwRz1o9bY+`(z<>ir%exEYltmsC`q`
zi|3dWP5A9bO{FJl!Uq3AopNue=h+N=&+}Yep+n}n2oyjE6l7sCz=b0iH9#ISl`zBA
zc&w?<>>uZNu@CzXWDbwRyb`izyH`+d{>T3Z{^7*HyyN8ayMvSCS4S6@f8;ZEcXl2<
zc#!-L25;@)zq^kg?&|O4(ca_xdr9(m_wnw7oxMj7=8jb?n@skE#Tk3tA*cq3+$HPcFQ!KWTUeA
zg?*H}f73nni%Tv-UoKr8cCNOv?688Qi@o)-&vzeOB}C1AoTFpV{VJt?>X)#5sCLYw=|(TjMn>qr_rpWqb7tKchvf1ov63
z`ino^@@KVpXG?0$!aQhersbWDF28?r389T~%7mSIk2@wRl%WR?pIV^h9vSth;>UnRP#@MRh*&>ID_5nU1Ez
z^bcvF{CzDbyyf?I#W(cjJ<7Nd-bKJ={<}K0*w!D?uRp3!zpFnesEVJzt203(zoRG9
z>j!Q1EBwCR#0`CUkN$`W{YT8@SvDZ0=y!F)HSy)WVD>F=M|88_)s?uN-`Aht-I3qZ
zgD-q|XdL~<`|D=wZ@T?AT))C#{cX1|SgXJ3_TO^-qRn&X^-GM@-*)S7xIs0U-?+)g
zcYW>zwYwNKkbR^-zu=M4&A;`@sBJUG1z+;y=;q)0XAjeDE)Oa&+@=eDZI9+~+^zGuqb1j!!Nw
z58l3|zbtBiKh5MAAj%#dU>n5!D#|_jd2;mg1^vf4!Q_utHvZ^;SVNbmP4+scT?WUB
zqYV|B=M(A@`<3|--EY6GJrqauN%-^Z{Pe}!qj&aG9@AtTm>!amNT<_Qx4Up?7#-=?
zFX`7V7}qZt*DrwAu6E7BgX@o-roH+lH;V_td&<#Od;t#F1#H{8vp{dPyZu3{wDVb&
zPnnBKe=Ez0{^E&2GsHE=b35bH9ENQT=A{1mpXI#cegKjb{H@OrcxKxlo{s1+0{5-)
z75*x^+dv6%(5^+l>=;c0nY%nA!lNh%&5>N3S$bmoa_K3WU(4^oiS2{cr(Uc+b-4P}
z%hjijR-byc`qb;yr{1hSb-eo2kE>6;U481^>Qg7HPo1tlb+-D{|6YCSeD$e|)u&d^
zjP3WUPyMv|)X&RKAqVB-vJ)&LmK>KD*|M2_r;Dde7HMZ`d!M>%=|cF;K9w(c{v9p-
zF?~|o_>b#a(BSXxVa@6DhjemDn}1|K|L8vcA^kJo&>zydu(99Yv%pXE$Mmk&;P39?
zAGtvO$h9Hfq(7uvzNz2ctH81Jhjgvh-XGGxKdfVaM34T6&iu}PI48{S>`T9k;)uA8{jJ*c0!_{T)4t8~L)HeEH*l
z`!j$0vwp)fmR}lrdczam4Ol0bM>e#;}h2u)2jT$CFLhOQ+~QHpSt2I
zn~|P#=Oq#Xzx#^oyDuo_)hAyVWLcy1_Reb%Cb{!G$|`*NikmwxnPvT1R^C1KWjCGN
z-3m>Cc5gnudnMCF#pv$QM_A{s^ANXOBI}b^fr;o-*RTw|^P*z@iD}8@#P7TUr3&u6
z;D#i9v2u8QxviB~^s9D%&>5^c&($IBIM+rmRtrA?Qv=*_=LO8Id*>yBYy0FCL6OnV
zxVSS1xASLQc-OZME(5pTXIwVPR(`PHs=K5>a2YJV>1xRpTzQ?2@}3|SKY1}Di0`^;
zSQIN48(;9Lm!$J;@IK#p(I>~?lPye(Pka(h!{m}RcU|{6<4lWj)p_L$S*3L0bX7p?
zthm4mrmt$Bi|nmB2|vhP=XBMq9BRJi?u9N$_B+=xUm|=|cV2SW)Zz=^-MYK4<8*d+
z6L-u`K7ZH5;|r!-uxsV#mTT^qdwjuX%ssvi#EeK7x$Bxw%ul}Nj`=xemtj|E0`9)(
z&hE+;cZ@DyaOdzk=jC0m!xwSwicef3oJ*@NvXZ?kPP1og)k$BsYSk5dZV`^*PCZ_E
ziZ`4UcjnzyLZT|Nm8YijYK2jULPRT0X_c;J?`LW3Im)YsXX6t+#;0J_*N{nk2mquO
z!=LzP9~<~=(CS79U<5`-Y?ej`N!6(xm`~#a{Yuf!wWFW}iI4Hb9MZCi8Lq
z5VCNhL)pSbc{KfSV0!%^KC*BRhgkg~4zj_{`)@lY~lYuG+ar{T|cKZ3G^
z7bwHk{Bd1_{Gn>6xEy9i+x@??Ui};krC}?*xso;N&O|HMj*_;bTwC&0-Ek4A!}#hL
zS!YN6AlQ*fw~cB_-PSNZD55w%C@+adhtacw*AJV<>$Rok(6DwGnpdsEkh9@s$l#of
z{8dZ>)#SHEPh<5u^+*&*?_*{{&Uws1^b6t%-k4ps|?)KeB665m*K$h=|U
zLGyn_$JFB$9y1?T?U;GB!o$vw6&^ItRqfc~>zQ{dJf{Ar`k}>}z0WB=swzo*uw2q;
zxvb5_W6oO?9yI?@eC)b@$oqhzqt5FS9u+@NbVNNn3&(D12fgjD=&d=VI}+^HnUKibreFAF+5s6!gX8@vK|wWmr5H`4tvUt0y5m
zt_EIsXt6_qe;_=(q=!qcQp+nm6x&+indR>$wvrz4)_ZWk>~%d9Sm^#p_@YcFR@$yB
zM<(rFr$x#v>P+~9LWoJ1+99#ugI`N$OKhfx2kTQYHpRn(@wbW0?eLfy*x{k*6NW}~
zc*vX0(b4F0EisM5Gu{{uk1l+~z~HqbH4`^FTzgPp#zu!~uT(Qtqr+yL#s{4_s)xM+
zst3&E)Sr=&smH{u41YWhey}uvUR6H^Zh1S#Hl+PvtI>Y2ooGMUGSna57Q_J>-MV^%
zL*Ag{pIMc&4#hvbuE#$`;l-bJWbFJ^kn7O^y1o=s>Lx&Y05QW;42(BoBqKeGqdC;gx4_o5gC4ZMQ
zc4RQGnmZL+j`Cv{L@xGYk2Xd7p>|U*XF=e&_o5GMM_q259k|E`2U6{47#u~x1Tw#9
zx8>O^PpX}yVQGVrtz2@W8g@(WTj&5E4b;SL{hU(*mYq=n6dgv##N1nTs?@c$aE?v7
zQk#;t2>%?ij{57vSPI29NU(wPhnG9dR7e3Ri{iS
zEuOOw=+d)UcUY`AGwH2tGn=I<_7_g|M`^jDm#Du;i(~moF^^ZBS~*LG;PqU7Dj$!t
z-m0%>*7J&!VnnYvS+43RouV(X^4uNITYaj$>pRf=yv|m=qFCcAPF=4$bG`Cmv_rEt
zw(8{S8&?d8S^P^++J?V)LTvq|=Vn=Nmfnn3^urtiD^7AzoaHCQX|UoH&FU2oR0qNx
z=T?0?Iy=i&ELjo|?bRQGvw>HfNUK?UrFfC^MgPvTt6r4P-re-78BQnf5WzURT42&y
ztksn#M`>r}In0KYC+~U{an&q6d&jByVD*DdCDXE9La9GLdmz*fEM3+3n%)0P|
zDx*$KceM-ie!))l=%^TS#t80@dnMkERL~en*B)>Sb6dz&7$6_v%|XT5S*K)
zvvO&Fa1tMX$+=!3v6jU%P(@b0A}!Qxa_u5q@ktc#@=n~v^N>eSo|lg;==NLSS6?{8
z>Tq}2*J8yso%g`~zTz|;Slkl)X&2&LJVis^hM#ZwS@rTSKRGHU17~0_o}Q%B@v7I6
z+6t@AiidysIojS=oZ;fgE6$lKe)ZWqUZffn)v_OSC1Zzd1u~VcA`RkhGjkFGJeaRhhWDNDaVI-
zWH=hKc#Aui)-;UT=}ulB^!R*tc<1fC@$|0K_^!TqSMta
z?GqwL&DkEFLpiG@dZ(N!hvWKpq~oIZcjvREXUO(ieoJ+e)>JP$bB%yW{cF%U`u}z>
zFQ-uY>;0}6b^!P6vNKZlg&Slwq~=nQW8MQRzh&pFxJMEalV@EpKNOdE3
zq^PQ5937I-Z**vw_j+my1c%~l#`TAp-_w52G8&$4d`&s5^~W5s_IqJ?rXC$)2h2Rv
z-%gnee-CTFor;9gGNpn5O4K4NgQM}M;A12%ly?(
z0FyDPITAPf^ku_4t}@puUsRDcx_x+h_RI0fYy0`;_~P>P{1^Kfe_}r5BsKp^C#CF!
z{0r4}Z2;wfGvV|nz;mPEz)W>5{)Kn&zxwlu|KY4X{>7eW|EuV!thApxCHQACcb}Ml
zn}30SIQ>z6-A=mUFN~r8jel{}$p4DZ$(YWX-C}yHBb=30eGGBPk0E|_5K!y7UuEl2
z@V7hOCHcm^N+pQ?o@J963M?l
zj#D)EdG%iw>igu>y}h-CsoVc
zxq1}*%l52D*|3;qzI3scmXlI(4Qd8O98p{F^!;UWaPmv?^TGM~!O7(>-?;+S8CO|H
z+48ZJAf@-3rIYHGx=#(fJ32pnLw6j!IDUJ4`3v6Q)$!%Y(Zxmb>hwH0NX`zTQq9~Mm
z`{~c8Re-1|Ox(Arx=U_LnX)n@Iotu^R6cVEFO``wqUWgltFDev7w
zm+;I4%?90usU#OQX`7%6(Tv>m?CbC8(AQfs-^sp7m74)(xPx5``qg%EztvoNj
zf1eAmY7f&X>VVF2)Kru&)zUB4L;yeW@4m&gHOmCs@Y?m1-X;0E)uq$H9QkPT7{(O5iI+GLDC8TCU~gI@hm@v(M<@fY=DZ~!bj
zw$MF+S}Y#Sic$R_49#W7P?I)3%y5duWA1Y<04QpQft;ux;!u74Ag~g(V+@k09}{#$
z?Wk0jUO2Y+Wf%xiJEjPT`cZ*CEF5Lb!@|*W;qiiUSUk9_%_YamrK6-shT2hvFf1Iq
zUO05U*r1{n7LP8uwEi**OsE}o!mS2Hs2wy6!opz&A1oYY)IseiTZs$DfHPP;SS(B#
zLl!I^CP`91s91vf;nBj~4n45+MA2Vs-MAi$_OkXYnAu
z$KuhYJ>#f;?eMZ=8se`Vy%aJZzboS?X+LlPU9I%jvZhRUhmtP|FCjN(di{t?N
zjpWZTC>|ZLXn1tchrt&QS6)S_1-_$$F5G~lHMc0p847z^Yt8WWY=lWp@H`k9^oVk9S1I+b<8d2j
zaCFJLNl-UBBGKINP!Pt|!*M)x>A}<_{F2b@(i7d`@*8^N>C)rlGJ3EJzb+mOg~39=
zRgXu})bJRGQT+iIKaCF|a2g-cxM=M%gi-w=AMKQ50^er!pIrcT-QQ)E*w4^>iY+9|
zB(YzTMPk3a?c}pZqTe($@$c*=`b|qO`dt;%=(khle3nT3J1@iE?nm$(Z_$mtI_9!L
z+)roQ)h)Zou5;NR?xz`fF6+a7(ss*VKwK>KPY`Ug8cwz!97%RRIEZY&Bz|na5GM})
z?%7^94b!~e#1hBX#0!JQSZC89ZBpgkq$;umqAfvObNQbDO?hrzmwOho^q!)a(
zX;0t6-})^49rhi+{R?jKhoGzN*?g-#mBs?Dre-?%QkDnVQ-K{#q{P5A?o
zR%`p5!*OeQe*!0sB-!-x*_!)H+=);K=*O0(;jEE8nD^~2%#F6cHU7!B>+ESGuCujG
zgJx&9v?bR8Rdu)v{_lDx^vtqu1P#;=EbodxU+>JAbU|uH{&P?IFeMu#|G0(p!`jvS
zG`%JG``*&0$~pJI!?UwjZx3EyB;S6YG+$mGoxeLid3E~z#(Lbp^^K%?Y#*7jCn$QF{WID8Y7@%A6sx%N>$LxIYpbypcj4HbvL3#D
z`S$q5MN?f1oq1mLIlPN193J!RT3erHV
zVUGS}8SK~ccHAjOWs>*#5{^bvD`^53cuxAq=(Y)mJDtFinvq(?F+q~plMNT(uzT~W
zwHAb6!gu|e9?WAW`K3*N23=aySVmjr#WNKhZ931AkN#_0dAj7B4Wx`ZpQR0(&(b(#
zRZ=_X>|=cBFL}^2-4g5P{U^N#VRx1B=xw>jM7?@e?-pwuci-rGzIb!qt=}sPi55(TLtCIQPxgo$mxufi0eT_+8Q~M2qHVg7y<8
z$yZusNXb}VBB^R>np*;cFIp}_5yLiY4RG)B_k;v@quTg&OpEE
zuh=Y;kQ^-O3XqVW7`Q3v2vBsAAe3mq%TY1##uILE$n0+7QhmCKV=@~ijNtd~2X$@I
zHGyA~ekmBvly#v2<2xqBIK_u$%Pe3!TW+A;3s#^*?{>{zctU-EcwZ>NU;d+=cQ{(s~D{wx0ZQ}Wd@?P0-ZZ(Jw4E&3vRJ3BkuJ5RQE
zpC-FcpY85Gd-y1UW9sN5nQ?1>`a}O&i(rUdh9Q0mftalP2hII~|Dd@uNXL?+Sfu2W
zNt1PMlL0VwS+5~T#-g79&_2i-z?1<2I3>%6ZYVlcnoqD>r`DW@yHRTffdtYqNz1b6
z=4@#6itd~&nu_0(L%&rimLe!vi9GJj=T>c4Exuik`#i
zQ9jP~DbgIZ!Jnc;%X5Gn(cy+7FzLS;zoz0S8v%wf{M%lZL3(^ESv4GXX<+9a8Gup%
zo=KUJu|&_oj;BaKdl9|{eL-_me2Pj3mwR|KEXMJR16?|wO$6kL(Sb?FPldH+m_Kf=
zk0AIBhJ!>QX@=*(Fl$z_Y4O~;a>
zpXf(&@rKm%@MRBPoc?sg_|)^`*KaP9H>Yo39-Ut#FOH~(2QS_p$;0Rc58oafziT8f
z58fTTKH@h#r3TLZ*x`EZ?$2+I_#8d@fc|%Qd3<_;_c}a1xjd(z4SMbKOV`HF#}`M9
zlbJzyzdSn
ze%D0#1OGvDM<2V{v?9?95dc|jULIOpvZ5NiCZKC?mRq(&>g&>)8x|uDm&hul1{A){
zjix$TrSg5Cc+)@FuRh)JjYnAe+#mHI?L&5#9gaw
zvgBpcIbBDVfKXNb-m&|GwE*hh0r&42Nj|b)%7muK%e)J;;`1K=cfUIV>*6G(Ur1i)pBV4>WqDA<9vfari+vRX=?d8$M<;&yq@AvhO{k6ka?RVms
z{yy37_S@a-Hf&T5uJ0#y{rXp%`sddA+S>lb(PjJH!H-A#YilQm@6RueF6iflv4(y5lOCil2tKHP@2`b^iQokPrh8}rFWQ%<
zJa{-A{-)DdL(iU(Ngp0(=Uj9kA=`a?MZHMAk^xc=0FLjA+hk+I|M|@~q;N{AnZ?@1XeWcpO77_9nI@nKqp-h&o+PiU(a6NkFI<1&>AF
  • &buohd4cK
z?2qMyclRVBYFR?U0Zy9!te1=mQ5gN>{!N@S!6Q9!xjm&nm}OJ@i0z+fL&cu8>ZTvI
zd)f8&WKL71-piliz6Z!tGDRlEq-pZR-G67-oX6)k^vvD!WgWBIHxSr3LnwWSJqm8K
zWQM>i8!rfOa4_K}?Huf
z6I?vOJkui&@jOk7&7qlT&q;aD+%0k@K&_#Roe^QyoV
z)Lm-GFcEy?(Yp`LlEwmFKGzB<8r@k=w)G}5a)rmDm5mWfgZql!ShJ}YZlLjqnjh<%
zm(-KXVK!+5!*$2#j7H_cviLLo-)mjJcdiQczx~4v^oD%iE@?ECU_1bhOEz$FLp`*3
zFCh`3ze#gSX`Yr9=Psum80d!kVEv1D&9liBWXz&UXP2Pr48
zcZXT`s?_#sy?_o!su(TKTgi5=SmC?Dzb5Qs=!~*)+0cO>r@6R1W-cWkQ&C}~oPZ0m
zZF@T>3h0S+3-z~5=A|w}YVIE;O{ZY2kT+h)%qk|NVUlbZ3=>8p8dyedPUS_y!C}SI
zh9~9jS4mcu8G9^sE(@qJf$sx87#WhQT%zL}?Mb)&&4#tw;MDoNLVEaEKR{WGGf{Hs
z@#Cb~Y+FJMBb^%wey6?kn?{mV-DXodA_yLOR0%+?p(bdywGwLSO>vW5uKvLX6|uCkH&U^1~#~pfAp5E
z?hV@u4Mm2fNIkJPr03#+DiJY!_mK6K%lmYVO}(W(aTy{
zZ@xX9cea6;FSp5pPPb{cY|}eQ(}7(p#``zleB=L0Udj$Ej0SmWid2iYTD_N-5&q87
zUMp(lBMGuS_YA)7nY)WtF(*{n?-4RT><1%s14y=KDYNP5H&0%MG$%@pH$h}p^F9g8
zwY9g$FU}9n5jAnd6#-j>vP57$T^_t<{Cn(9!~J@yUCM>$r>B<}d@0h(=`jqy(I&Ql
zq;k*P+QJ?6i_z&ugx+ZZ*S6izX7~YHK)T}L%O9uRT6i4L$o0oj+p8Yu9$=5VXdfV;
zQfndoy!&4sy;^+NtY5#GrGBmBTQas6$FENgF5jOYQ8Oop!VpmZB+a^qvsw3WuB}NA
zzxLyVL7=Ip5C58rb=;!~n2)DPv)~o}eA#X3Z@9^(0KPBZ#>av6q>gWJ$;9-zF|e1
zJI^>fAfSJL+kx#+8}e1p?dJ~0w!H1NHMhPKK>IMawq(v&_uOxuv*K>&tDXgB2PXB)
z<8#h7uuzEiRrCEgd;?cP2%x13Rs!TL2kWE~BuulrTb(}YxJ
z*ODFlPSBb$R5HG8$vupijQZji=coIEZ?(`DI{1mc@Z4RzN6?$jduoG7pZqh%%H77;
z(WQf9_{SB4(EN;1xZ^4I+RL62yq=q5m^<+URjNe~l*7LyUw!p|^8f4SdUAYne96Om
za(I+Tm`i{B;8qV_FB1?gw?z~A@cj6U?wi}I6mfx|E?^}8_vk+b%0C$~Ox@N8d7IHEm{Z4l*4EZ8j}K}6B(VfuOj^4-4FVQMluzr2XjTYNYO>+
zh)YUyO?{UHB)vAcR?JKua_mKq5d`w1_%o5IDr&5w`{IZB>0#FIl4@$bLd)ot#lemRYHUn{
zSZb57hv)-e!>zKOPw4B>nx`G?`yNE
zsF`Lj>&yrGyBT-$`+rPtdjA3VPBTk3%Kd+DJ=@>k_{a8Fn>w;vs~<~7tYJyELW?et
z71l`WU-?w0@G9+m@k`aUbDk3P`Cxy#mbYIWzddRnzihoc{)??dnJemQY(b>2x}Lg4
zbFbD>S|7pd-yt(+;VZ6s>;De={=fH6J^p)g^z+3Z{fs-~zmFb1zW?xkE&h9dckl6k
z$AAAT{%JNPR*LV=G17-mpSmFF?oP6^`)p_L+3s!t{a^E13euVc_dXfe-e8`fA=x|w
zxL2#;jJ^J4j)37`vfEz5Y-U++4S@hdq9UfX%+Bw
z!2b4HYioz@snWjqZP^b#%euu(QflRa?^?-=Y|?y_j`DHK-6=goO}N5%@_ahW$MbTZ)Wy7P6|=z)TdlCK
z^sPu|!UnN1LwKUhHj-;n9XJe;bMCXR$kEWQ-J~U+L)sYI52UMCv$+SGav+LN^x>Qb
zwLX3KUUJYrKLWhz2zNG;tTkxy`%0+jD=2o~qZR;it`UPk^iX1i80DR(yN}WLACf6E
z7vWK1g=~=7V^j_uW7VCPngCj;YowlvgyKE%fFL
zk?~?)j&3E)(*dB8l5BFF&x#3>K-{PD<3g`RBLnb4
z80U9!9gHcDmGWjUb%vwA^C`!p)DJ;gnJkY)@6%KMycDN$_nN5`2y
zYnt4TuI1;@cbN$|yO;R^sXb99BTtKbob}qUJ?Pt41s-4#(2`W7E)HV~cq#ChSC)(u
z)2cxRlv70V-I`)vI&^f%;XYsjFq=VQ#qY!`c$5v&?kzZmN0uEEul0jTZRiwG!lK}f^sO0&I;cF1Opb2k9eYerI?bpNjh0y2*K&2u;Om7;kqxA
zjJl4nFZwPvN3Y2=j*?adoCl1a=EK%5KLfLRVse!X>y+kVB3!Nlx|cv2{ccWEGG}+t
zOee5ddT54ak36oejVK}P=9Y}fEMtDCCB4;wHoh<4eLcch2boi{U&IEJF0DpV(i9Le
zt5ISSQ<{>(rPSZ|KU-UMVe8RjZ{A!z9
zw(V*aI6NQ+tSQ3`@8*(j*vGSSZX6Vc4j_Py(nJLW#h;7$Rgs+Ck_|n{CN^nrX2>Yv
z3_sgw^r2eHOT{2U>$b4@S&)mu`B}}n=qv*uXm@y*_7s%@`;jvho&HzIGf1jU2Gy|C
zNg-=c+5t&mcY3?Jb)4YoZz4-w8(3CQC09$tUZ`CpeOlqO}NU
z>ZSb#|EJSX(W~*#?Zb4+T?ZJyD|jPCqhJ!`N(t{YJ5Hic*a;)8$k)`=P<~xZ6d)~R
z$r&voTB&BF_Q;^Yjo~ENOxAtjfaOW@iWQgC5Ic&|K({;>jYamMO0vqL2~2PxPUkZy
zH_7_f)7^Eq7dw9#4u9QS4<{$xZ`*}#_nWM_C2vs;N+4So1xbXw+_JSNdT83=&xKK{
zhAb!Td5R{SWq@%+i4C+D%}B$LZBE5dC=Kq|o}{~s)pK5zaXMM&9?D_wcHA(R3oF+F4p@88MeKC*>x~uw6YYJ27M=EE?kl>-9E-dvU#oPKj(zA!O<_?j~
z#JlBlJ=B&%`}CQ5AYW;9x~*=i$~?c@!iKL4n+DE{=dWHL9&%^Cdi~*pM}<|RTbXp@
zDW@C{QuH#}xXpmr^3@k4r$J==t)j0cNJeOg)x=~ZQXB;s#!klim}1u01l?AU=Gvd
zB&%LryiDL`3`O6N*Uy{uhRi4=i$DK$NPq9YJHBiky?n10|FP{2rISan7-wwUTT%#=
ze+E3d=voxC|6mDR*f~m3*^w
zWU{8TSw>H$iB_8a%qk<34(YRGK{v!@53`0whI-1oJ4V0}55vS)t&)vcR_@Y3ou-G=
zd~KH1E%0{Qx@>5+%}HljocJXuyIs;NGJzc0j%3qNTb$CHNDeIS58Ngs3}^wCpSFH@
z7Rl__e#wU{eQ$E}Nh#KujUooI>XTGC7sMXiXQZ2Qt?JH02~VDgVD8usA-3d@ZC9CJedgvEVL2JLB?^@1mGpbJ2`Vzvn11QK5`v?
z#1cvvWLfyeeN*uuw(kc}dOUfg*NMFU)9!;u)&;ybZG$t~El+2i9H!4gVat582`>bBUE8#=6>Xit?Jlbj>tbHQ39ZMgB@2mevZ3OXjz?)lK&8KPr)jfhv{b2(h>VO!?ZQdDq
zxw|%$Pq-?L$wp^`brGB5
zOxRh%mMpy-Wf>HXxZkN|)?)UnjAga?V-@*E^9c!^)Km!njZ+eXx1=~hFu;})>~k=O
zyb~90PZlY(nROX|oLh#<^eG#OS=ILX1C7dHMq5LN_Dx8Ycw30yB~l#E@}fd+)vs4+
z@*LM)XQO@A6Q`q^$2SKF*#>%mxk>t9`|SMqpyy601RdJPZ0GC9b?C6`_{xjB(L`3ZDHR4V7F7+;Uu#+MRO+E+W
zABI=(ZD^JhWa77xw}ZV+v;~gF%Ug+xk3cdz2#(j2L4FO3B}vB}l7Z0nMYNA;rlRbV
zCRB{4q_QrTAPcL4H6M0GBB70Ic(CFL2R<6>%LdnjZ`O7rPPxH49?W(UsmIjwp1I^D
zt(mvkjhL6u=~s(??N?>DRrRh~^cCnsC!Et_wrXDbOakG0rq?1N!5ci>@(usVW||Jb
z*qbIUYO>?L=CM#8YEQ*98boZneMCD}`w~7+-{n8g!3Z=-&iYwSTWn;eNdW^0j=U6c
zOEyY1q>o5nrEt!ZhAg&!$xcOfOga;f3a25Pg6VAO(*HTJ?VAtlp9?+MfLP@9HFA0*
zecNKnE?-!vX~o;|2xK^XX(AHWIpyVvam&oOA)AJHg@B9bWa=*LC2U7t7hrL{&Qpj-
z)KHU#H+beC)Rk;tj&HE0*qe9F2Ux;#Qh`FRw!x1JZo+TzLFC9!&=BWiyCT^jnJtI2Y613Chd#s!|D9vH|ys154543JuklY
z!s)@)t-V`}RVjFYp!QQY*7;kmyBUNrY(T9}C$~!trf7E38^sH<9wxk~PzV%*@H44X
zv*dY+1I0cK$*9*VtDcIIAeP}=fQjTmxjG>lO+(ED>MiQ#SWOUFKk0Rm_k4(tmI`eP
zm}*wDk)4=qk3rSKC{)V>9cV#F!B
zhp*ZKpJagbqPK);Fnxvk|D{0WQ=hQC|PNadEYQmch8hF^+
zb*Mc^WKn(>(<_TU+IZO7F*fOutChL==?yd7CPQ~O&5MIx`t;#88T=uiqxN!&7n$f%
zHyD*{_KO~^K*qmGPRO<>Gti{*&XkUNWc7~r^N(QTp{W#1C#%)V8VD<-Mogi8d!8?-
zOFPl9Rq<<1ITp$5f6Dvo
zkrxg}0GBoS@?`Iky~F=L`H=jRgXn>o<*cQ^paKw0!Wpo`LX_j?^Iyl^qL|M1Z?eu9
zX}+Ct&eTeQoxK=eV&|qoH@y`l*}oFQwN)j7A=fJbT{hVjQ8~Cg=`yF@+)?L+M&T?*
z6(c>Jyow@1@*PPHgPKS3h8J`#X2jo2!L_#`w4s%K%)GH3+Fx!cYL~cmMl&Z|XN+{v
z6__$WAUYcb=%WeDbN07<5x+68gYLHEdN^cn(Tb%tV-GREjd(%S)sB~*=QL!UthzzT
zz&SEGx9LM>Gm)j#ByZ{spP|OpL_U&*D5{yIeFoXttT{S;J?Zz#zy3V|_W{qo9gzj~
znEQ8#f2T892uRD`++xrH@=;3*D~s4FNm&2Ag*xRHCF!n7k(JdJI-}J?
zZILT+3wnp_YkKENa!6l5Tqw^6UH*HYR$7&okZ`SZ{)2%B&gSenrOBXi5fbK)q78Lf
zVmpSDlo^t3rzgjU2XEUKzg%1%y^D$;V+w_rfCa(rGYpuGb6{y%D%$|t0nBEf@V+1s
zaaA!4dTVnD{sM-z#0=o*rQ$)7O`AOG(4(Q_H&)kQ)XQ&Vb1j`Y_hk2J2v?B63g$h}
zO$T0R4dxjNJnOG=-oah)S_a_vRhP;-=akmH)|1u)vb9>yix$doD3MP6Y7M>Qf+fPZ
zaIQTRXlv%Z3zasS*!(6@umm1H1FS*PRYezpe?&~#PpbmQH`MeFlG5qgv78VJ2^nRN
zDChiVXX1q&3$@5HoP(mUhy#b_c(WduS`hIVP(0OAlg`eMULAkH$Y|<-@X(I9o)!cB
zNXrusI1^3HVNI(?gA?-|eIgboN#v0rg(6)+yKkJcsxY*50+5!eo@JpYU`P!NMLEsl
zqVI4Gtj#Fk!Qxlyyy(?G9B!>sa;c>!0Ul>9N`OM7k*Gx@05Wt}heMk$QxP*xe=Q{4
zK;Se^Av6QkR!C?u04{!T(mrFBPybzbRe4&GRUciJeB>fwDIvFq?+qE+(-?U+HsWB@
zjK5WShm|XC(|OX}YZ<{M)*-uo+*14uT|$IZ)5Qo#^ZXvu%vLCG)Ly+{Z=MRag?h@kC*mPs(#EGg89(X8P_ydiVw{|;mCKDTYPA{
zGao39!@I}#T6<5^gsZZ4MpqFNo=x5-^c~YGzeQ(+jU)F2|Sk>
zV(}(zylplrVM50!VcDEIh2W*kXG|(@DczygMk#G9s)hRkEX{fM>cRf(UoG0Fn^);x2cF@l!L$BAwx+yMp(+i=c3Nyd%<%^zw2BLdYeHQnp+#EmQBL*|78NM#>I;ZLOgX`j)or4LYYBR*tecrGDnlXj7rdf^avB=*9+``wRL
zpM*ZRaZ7q%l5Ct37UNfB9Tj~LUmwmMa!B93S9nnRCt_xGqoIsLbahgJ=t5$ClMD_#
zF)@Z&nY-Qh@gDEK(1Oxrn2}s}a4Tav>VEre!bGj~BrkE*1Co726_*)mC@~-XK6Qw;
z&az@(NF(`#hrA}b(AmS$?6NpIeJgG?<<6n0i!8OG-|Rr7m0nm!-soXy5_a-IlR*v@
zmmT8>U$>Z(J<6G+*%&*Cl)xq#?gLqX^N9E?Lm)SkT5r=PMP>p51tV4$hA42FYy$pY
zR1H;^nX*T~^BQCy<=wnm*!~6MFMz866WWKT1dluz=Yy1`(u?f$LipGcnXv(}9!Oa-
z0PwCBR^Rr2Ug;v;W&_7%Iq@vx72@p!j7sdYHhn9v*l)=}0PmJX=bG1(ZY>nA?n!Y_
zB^#GVA1-+t)gr0}}J34ljQ>JKBDGaPoQu92%W`fBCBUM1Zu!4OijL$5*djy~HQw2gv8UPu*wb
z3p&AGIIQ^Y^Q!-(O(KIg59e+zsXtBcz>42h&0Uo;@2Mm&~PRGxn9lfMQ6!2|%NA6H6zSEwYoTRaD;Hc?9lhx$Fb(DVPFUbx|}%
z$Jq97(yGQbX;pu-ZkU@+u&=GlH|yfy!~IYS8xo3Si=$t)`-9G)b^oI{O2a${98@g>
zqRPsJ>$SllMnB&F7+N2kopq@BS@9c~KByYAtdr+zUk`r}V1z>cA;?1fws~I;{SK_a
zYvZ$<6sncM|305!cS0h$s3>A`^e06VQ4UgnmKqz!1M1KP4K1C2p3{&0>SMPa$;frS
zl-nB8V{Z|uxZCAz*~_M)jtbUU68HwBt9Hb$K!zUlE6$M<$SiLeMPi0#A?cLYX+Gi<
zFM3JA%Tx+7=Qhm(-D~Z(9!73C1{7FJO=dad@G*CSFR@6dbId*7dBR~TW1H-=0nD{Z
zp)XX^mPSo524<=*X071+S>l-Oj0UTYcz@N+U?_$znmFr~Y@8ua8Jqd+;O
zsZbTrIn`N!C!=S2J^!}n1YVZPB@QaJdVu7QM@A)iKkpaq>AX}S4)5gA`ME$knf8{>
zCr}=R&rp&w)O@fsHXd5BC1`8Ke!$Fz98~ivv?X-*3Zvt+kU9gsCq3*5>@0UxlGv8!
z4>-ED=cLI_yt+g(pp8&C%wdJ|ghGrjh}8GclY5|0AgVUJmBKQ
zofn6v$>}tkTx7Frry0}Az=o)fhc=R`3iYah?X+F7?a(zSf+CH1Cj;}Spq+atw+O%;
zitWxAX^)4oW9R(%!=ndoYOFU?g5B;ihYU84{A8dRFp&MW$MSIP4M{oFq$eK(utz1E?V
zmWa@1H`@zNjqz1;my9Bm&BW^|S|bKBng&vjg*OzFSLNL~!2D=HWuf=5Gjc=Xw;b^k
zQZym0jRJ0-3~7GXURw_6CzVKKAK*Wz8?pTBkE
zNj54+A(L*dE)npo(09yQ!)iQ&Mr>QKCcj{D#5m35`BZ$es~rR
zCvW3COM!vx^JnlyRoWlG`@!RBA`gAU5|!mhg1BNVOGA5;nypIjeifo(5DlS0;Y79D
zNf&gzisj;RvFE*3;I5Ao1o9{-z7Y3PaQ<
z$k#*~p%fmX&r0Hk<>yV|{Gp|yJl^wXJP^|cqPF01X~L;i#zCUP(d;=p+}!%-#diaY$Ca*uvK#i{lj``pW(b2QHFK>=Zjk}4Z1J?Bi&IuQK0r_7ee
zwKb#acSb!gk59mz!{877(vr!ei7{W&=Go!-QF6bvXPOl@xiHmwKq3PhxJ%-+26kI}
zjJWsKh3xZ*>OV}Kfz$R`d6LWW~rdUZc%iBP4F^RwE_mW8c)MRIe
z_cL1bvw^e2OH~CYd)zKpMIXV<5
zEw+}Deq80_>Kf(Dd=-7djqCeZMKGCM%W}z&WbCNHszJXU8cp=KIz%h)}*|mRrJG_TXQ@0
zDT`;Xp0+ggw_Vu|?p<_-l*iJX<>d%MYINIlc@eh$+&+GV?Ip~Gl-Se!V_k7^p6%R1
z>3FteE=!u3V%?MqQCwWpaS%=_Xk6g7Dzb^!Ph(;c*0@;Zj8-7X-@`_0TgAXlTL!t^m3)uv(T^wM;pRywMZz6BQ=nV-bs%Z
ze>w`3+D|tA{eQ9gQ-iiPeCiSBVtTl!
z?F$e09tTSaY>e0?vmxmZ#Y}uc&TB8Yaf23mhJDffW~4q3GUs|h2@C|?r*O1IYv?4)
zN6BA6$3IFVCPVsSx#)+(Y=Ue2@1b3l1;=QguDVSul4($~c
z@m)GX-u(04&6xk%NBpvERoz}I58wjyRzhR}e(!aur4y}l1{eq4<-qwIf>=R
zxJn#bHMVL(-WT|o#GA&$k<#$=#3-G~NlE3FXc=Qe@_y(H<60X=|Kub6k#URBXa;$h
zA`FAiBjj)T5M2m8K+k8+2eG=nzy^^jP3h#;)dyM{UzAW}Be7VdW=U{F(&gAgi4m0K
zI`?bc!1U5DhFw@OYH<)dLYiF|NlIk)qnd_;kVp>oDJ{EkF6(t`r4Rt296_ZYQ&-%Lx$&!vfcmzwL_8N_R$>Qh5}zvu!iG#?68Nk
zWV;)tNSP>kD)A?SEdf%F3T@ux(bKUDd-QP1WQyQnm
zC~!naZRgPnuRo2}#aZ)*HsVp`VAj6>wEf_zc|crnw;Sjnof%>c-jCquBMv@mrF?}+5d3Im(VFWGuyu1Z*{W#OWH$K}WosLWYG(_0q
z7Fak&k(g}Op&tL7XEQR~pWpC*_lLy@sQ=06hXo-SC94Oyq}^+^uf+*Q>%O@YKs4eI
zk;lRIg7B7$Z1M209tsGT!nu`&u^!I~lUmh(k8PZ^Gtn>u_7tdW97xqL%FQ(GNsvqc
zjLPd$0t10CB=|uwMxf>s4@A*qD@3HCe+#uq%=HCSRQuAzQ3RAX@Y)8`cy5^b?Q+S*
zV<5?~NKnuJ#WgB@a=wKu1+{?M*+Q>jqUh)2lb5GICsKI30h3VJ7&;95J9u&Ict#EW
zKNQnqgZi++({pHDVC`}~X_naKl(mV~wy1
zA{sf5f%ZoOHWrv8$*okvP91O%pIjU>JTB)Caxe*EVYmj!<`L*uM|NpRn{{S8jGzr=
zlYEy0;#2f1;f=e@MiY?yQp*#@4?AJ)oUDs&q{&a0%?BSpdcjW*rm=`AaiC*8Tf2Af
z!zKOt=BLZuotE9|QFwAyCIqvLWtLX3Onn8|$LGY~EeZ=*pqEO`(^1->^ds8~-xQ5&vFVnH*y
zxm`}E3!PSuP|EWxDxhFzkf>>I&G)v)*C!n^D7i+78}N%2zRuqmqpZB+3@ewE_3c{>0%
z2xF^7XJvvA<7fpKwhkbWd@x3$OfpRmRCU9d9Sqm^mWR7wqpTD6#)&%$vQFO4uWr*x
z%?t>bf@T|TeOJN{O+6hk3dhPrbGd_JwEa#-Tp%*3cp!SDs!e!iTBP;-=zq6Qj(%>x
zJw7=?Y+uv%V|j}`Vs&&~D;BTc$+4pnW#@@Y2B|OkPT4EU=Cs=!H-f*5
zNs(;+IqUbqw{e)fDJJ<~D}tR)GjYiaJyPiA6!8Qv5bZ>rf8HmRV0O(>H+B~(vrT89
zC+OC!oY4YTV>lc*5(TqV)jRQ3GlNc$+`vVS<{+T-sT==N!fsJrUuGSsH-U}%r$@Ux
zPoBh%JBfo=(HnvK(NUWyQEygxP#Z+ie9TINSi>w9C(NbDGLA-g%&^)UpD5vYgL|rB
z2sl+uGXb{++v)&Va*cjpQWBlvP>BU!^54L;oU-V8+g
z_MS9%A3oi}qWsVOM)IEr9#G{>JI(Cp?ExUpfOj*=gAfIKP4d2^3n^i>t|Nn1tFJh}gr
zh17$mTZ;Ar1Aj-j&+02lI1rGr&7oRe?_3lsqUT8wRgt77jS?AJ&sZjw7*!TXcX)=_
zW8*RIQXF9=Y%nl;IGq2XZqhGZ<0Y$tnW%U8Sbo^*P{C7laXk%J_wcvp;}GNol&iD2PY
zp>2rRY0FL^O$U@2M<|32&@$R9*#RdL
z)`bkH$zuf`L4$
zB9yVV861+x4U5QIY7%(?)8w!Aym{G?NiwT>q-3AL7(6h=swgs{bYadLVm6>kI
z^CACtKc`K{0eB?|)*vULtnOF0B(vtscj|`?)qj;4Bw%~RyS+R*yJ(ARE#MJ^^M=)X
zQz`r;!~klxw%d`+tIBeV-*|U#Z_6*OT^9~Db}c;m#rf%vM<=k@empu47`EY%;r3AO@ZK`%l?6-N>lRNE{IWl+d7bkaj6CP1eD$
zvTSOGmWw&-ZjzQEtq2?%Ok5*|XQgBrszf;D%HcMYW<~k`ny;*zR%d}XaRdJd#gl$_0Dm%717S=$z6B_dXAV7rqxkj<_|WqWf;9TGgON^OR$U>>*R
z-HkGdvC>s+NjZ5k1J*ZKtlpU9v>7YujPqV~HA68{w{D!NRqx1Jh+vRMvgJ?lGUB
zMsdPoGD8ml7d=LG2bq9LpbZ5dowZL>J=u$fC956`)i#q2F~>K2CK?<9+P6thIBqqU
zW;5o->Sd|qlOiZ1{$RA>TGWDr34gRfQS@x^0Jw(iL%rjC)=s-+cN6i8@z!@yrNEk-
zgm<pNC!sG#TFS*~^-Er|ik7J2>c{u;Cjvs7ogMP;$86|KbiGH@ZDL0_x2tIp&%~$5%XMIi6@yD5Vs<6nAn)(j<(IS7lehq
zL9253MOy+V=9I_o)nHCvOAbj=Chvs8O>mwL24vEr5JBF%jgd*_x?J9Rui(Wc6%(g$
zen1m(STSG5#M6X11nVd84@M+5A(21J`Y`llS+OfPyD7V~<`3-=cJYGgEpFl~5yLmX
zoGL?HliU?vQmBVj#PeWtW#3PY;nQ5Rkq*J=ucGW^jEa2T!-4Vsa5`!Yr-3_o5ygQ?
zbTeb$*P@t6J#5)=^yz$rN@l4>!W$B)y+yyzyQ!#~l#geKfDju>>k$hb-O
zOC(u1uA3ke44^^%t+#wUZmyv$imP7161u9Ak$pO${8P+n8ILz&ZbxYLOq*@!9
zCRP!~`E5ewvEdr9LbqePx7B0K6!Y5XR%z7
zn$UIi#n>3ifzW5MdZAn9f*EZtlyVF>Y)Gog&)BZ9J}mP?er`WeF!lOc+;mRmp+|R-
z3e(U4eAc`3QS3J6&Cvj(*r1m7z~z2gV!Th|2lS-PRdu&-{NFx_&evpe?cRU-XfMow
z?LwILwLGfJ-O+|v-w=@=G%GN3l%~A`DehF`$}6%IWSeFuijtd4J}`Ra0!RoQGGZYP
zJ^bn6qX&;3)_}q{g^3kji=mImIZ5eZ>iBw=m{yJlD&-SvRmG&)>1MJGx#h_LtVx@`
zTbZ>X0U@G|34=wmJwjLEDC^ToA8dC9wPG6Tk7wu)hXXaD$Da4t3mt8}FK1*61E!d~
zf~NQUhJUzy!1nTE($7)R8&ywpYW;c62ll&qAWn_j6Ca{fQHvl%LYN(~Wz$qXY`;6W
z__4vM5}5B{{HeKXE0vDr?6Ti9GfSaf&M~q)zWl@8mpltXB={H{+P073*gAc=gv^)U
z=FNGz8{d^NV2(yLgI^uLecOIeVo-P&N}#Yqyx*3Q(0H2jMF9fCMxu@W_w-Cy$!f_wV1YM-Ul|@HvA#
z%WkA3dyTzDvHuuIqpXksszPNvs6e(*#uczlI?RRhxHGc-9$JB07rscl=2;sqLYTVx
zIorAdw3phqXlZgKfdPv-aF+e81gFDF;~dcj(UZhDSe0jxZ(eEB4i%3e1-GneHtcX@
zXHOG~$Jn|m$?BCDxV)&JKHc3xA&NxC7qJ^Fzre6$>K7U2Bv41@_F#(vs41;Bk_TCo
z{9>b7J1aD!8S_k8`?-Id_#unIRjc|M-XU;F*uBrrM@k6ud_lUFfnmG_hU;|*5OW75|b(Ea=#E2~&+SFQk<
z?1+*@kr@XgWTk4XGH5%w246u7~a
z>Q3A(xi}9N5+&}4FEA-VP-j>LT3JPY*E#1_2{ca%$&>n!((VwIJSCIp%4tGQF`>3f
zS1_Pyb(7WpaU3a}CLiRda7~s;Hei}rg+p`=q-w6PS1;QaN0**CR#ah4pEs^gz?V|U
zqKOhOW+MlD-`%zNeXa#4eJx(ogiN~A)CwtM$sC~}Ydi6~WzT|L!^X)fx*QdB&R@SQ
zTJ7i*@Ld<{;w+LhM4JDtGR3hmf?`Ytlpq1Tt^UL9s>qbZ3-04<*kuEa#fuJyPI7dU
z6Qv70585lI04sDsti#A?a{OWXCJtFF>UoqB;20(%n?=Jn5lmm{)f^SJ51ro~k8%U6
z4lX08WG_66Elcn=O9`e7Z@;823TyO6n
zOsFZzJm!sUGM|2`t{Ei$hSh%EVA!DJ43CB*d}XAOasnND)!9+OEctG7VOOYn-~p;f
zs_@Eg5Ot||%$GO082JFBKod26!JUTTlN^LRlj2xzz{BjpZ@=9heEY3?)mFEa^Aw~%
zhV*6n(3Zrz86ezxVOUSll=QU*b^4H~ih*EkNeA2gPB=$|d`evW?A}Q&f1Fp8YFiP%
zdr(mu6ljNOiR9+zy>v7nz5A}(M5c6X+jk4%+J+!x4;oy}7VM%GZ+jhC{JACUL8EnR
z3yua!I=D0D=t%X_xWph>lN?Jq%MWuhm}BEXYtKxqhpnB4kS#|R1k&IL)Y1M6WQ
z)H#l=s|w+~Rl>cnz_TD5^^)vaHbWZr)PM>xzyIVBr%_5ElgnaDI%l{%`BGYwz5_1Z
z>8FFY$1mF_@82DrA0IMC%g_koJ{Pi9BOU5--amW19Z*H|mYQ!ej9g%l+Ev<7HrEL}
zP%$jJmjhbb?A(fX>XX_ML#hoaN;JnT50D`Gh{&
z?fy8QmaQ3hahntRdg;uEcx;iSH
z+h~IP{DO(ZxO|x{Fr&NO43m!$!aurJjKT9xFWdiDR;A#nm9ktY@$~1EB$`~6JpUCx
zvi)vK6AZ>{pa)1SXj(vGV)xy|dYMl^5IDNsT9)vD^gqMpE%v2zokjLDWc<~{T?q)b+PQuh7NVhAywS2MoF!jl
zREkWtyc=gJ(#|@Ov;k>;_*^}*f%(+ux8ii)DU
zFU2um5JdG2@kjHdoPuMEsndM&f|br-$p#@KUjKd*W7k9y94qje1>RvUZn?%INKNRf
zL5!E`2FBBqCv2N33WG~@y!#PnO1SY*nMXOyd{JXS_8gqJJ+gB`O-0Q$1Dy=8aL
z$}0Y52c5*G#As^xfWoL@k%dMg)t>13tO1vw7r8VZ{1(Kt8V(k6RpGbk3v~iswwy
z0mz<}C@JIGnUSu;fYp;?HfR0$c}73?yQ8u-FVm75O=~<_b*i9^(#+AXyfeMNCu2gG
zJ0Tzqv-&@HLcqblnT
zTUl>jD`~A`OLD0BRs=@hjWEyJsu(cWdL+4q3zh;{fxza%6S~dn*#x;*C{u_$
zvgdW6V02oc2SPOOdKs36W1eTD&Kr~Fpb^w=b`4Ov#)u*NbUL0>Y+X~(mYpCKw~3`6`iu`@kre!#aOKjH3vW>>bAvAS8>h03+(~+NUMM3
zvfcvcqLerbT9QnqMS#grK=>m#+upR2SFPklmUT3>(r-keFT9c(fNma0J_&pMRNKwO
z;N*?Je!HU)pf$=yiU-R0$Hm58uc5JHcq2K=3f-0l>ZMOTo{H98*8?hjC%Z?BW+NMgipZhP5SKJ=Lp?r)dZ7m4R{b1es&Kn364qXmQgFL
z-ab3HJba_>y$8)+J|JE3mP|vpbR1f7!Sg9dMOJoWn%LX02z;1J{i5iQLJU5-S#nln
zqpi^HBEx^&fRQ+s8Qr}d+$<2CgrCj)(Xi6@9xkKw#>xl2T4ogB*RDp7fIcmv3hKQD
zIle)He8X)irBV6T6{ls|3ws_HYALxMOXNuAv;~jC?KzNqv^Dl4f)CVBRwNU4*hpnl
zV^UKa%o^8kwAmiVL%H7!96mHx|?BDvt*Q3%6p?Ry)x}*5_JpN
z%>eod?VhvKi{lUWhT9UBQhq`;XF{rPe9V)>_UZe}v-eDT$RDYPEZ327JBx!%O1^m#
zhx*DBzxS$YZmUYSEvegvr`AfhIrQFQiMZ8_!mFFpWj`-RS;pxAOkNUJPsi(7@``id
zj8o0~Oas2^bi|o?L6vmN8_;MT-!YpTM;J|^gSY4JXj4|zEbU$AT?LfAAQdWkJMUa^
z*s+dJNk?smCu(Xo9lVxhEA5piMOJCu$!+nN=>uM$99(jOJZEJJOzI!hNq!&
zx*;2dt2!qug01w_GCdQkPWhWzDMLz1h2~a5ii5moxR_jq>}ReZ%ie|ETWDs0$rqW?
zmMqMH8P?vmFHc{dhPhY8)X}#Kn43xd7xrrNv}2r_&Sh!7Aai#apJh;GQWHvT3hvdX
zU|254yw_t|JZ+RsVo4SI4jb&J3VvJ44=g1uT^g35Lmz096~0I<&qO8x4eo6z#=be)
zSm%YWt>J=ocd{aDG1&J`qdeeQ9W+SenvlY=}y8_Jch{ahfi@vJXeV@N5R^6oC
z>$JqOEp2B~6pvzHyO5W&iKV6NK8OnqxDwIqn@xk#K#TNwTwA8hr^z{_E5F;X#qEAK
z@1Uq%YjAaa)f&!XKLPRxy9FqU>RPccE~90Uy9EbfwAc$GAG(T}AxX!JyY}?y&ZFH2
zK3Mu$%Q)a#b}kX#nxdrtX}HVsZWQu{hQcb@^#0ooXkfH7Xr`zR#P3iOr*!OqjYhjl@qo?LpGP%hgr
zFSu@;@EYfXwE3iyR}1A8`8&Lk+KS1>D-fTLHl%c^;BVy6ekZ%7O}ce8X?B?8i-AIc
za?u>=jBbuB7OsV<7UDoYqQ=EVrekll+%Bq+Y;ABz%q7H;Q1Y3QvAZ2;EE_}t5R%XV
z8zX1(7MidX>9_V-`vC?yG&~&!U5m2&!$EdvroIIY+=r-f
zM5eP4C8OKMdesds;cUn#HZIj1U3k2figI!J@^G2L7bK+6n!|<;Afu<3uu$CVllO3Z
zMigu|IyGDN;x*iXbn*~`jk?LrN3FeDcLGg+Nnb2nB5-wTMJKtby+?0fh1o|=u1hJX
zBNCA$j7VDJ=YBe4J)%YSa_X^duI_@P_m}7|N1Yl083bo96w|hZqa3}gYI7Wy&MH3_
z`I|@?Jh?@ZPr5vBoDr64bStbPLt|ycZA(SU
z?vrIAg)#8TB}ILGbCx_NMR;#PWYh|j{X8d~VJN%Ez8Bve=$a_H*b6Hj(O@yG6J}Q}hq33LWj+E*OlKO#yfv_Cr5U|-X%6U+A1uC8^7pmeizhh&)K+Y4l6$=ZN%djf
z#IhcV0X0(cuDF_Izm`5dN|5sWE+nKJ_t&wSNKnFuX+Wglv@3vTyJcM&3JQuJT^^sc
zKYsiesJG_pHd%%=UqgN9=Nv$w8q@~?J+aN2qX9xpZeQJayP<|GrZPN5?UGZ>`Y>ii
zAa5`PsaMQNHf;ocC6uEAuQK%jVyl(Z?#HEJgs_2nJhPl8~P|9Elij
zis!YumE}a*_Mb#S$njSpaW$5|_9yt*tu8J7R`*{&2;vgkMnc=hRx$ZWuwatm69rw1){$t6
zajeIY*yUZ1K=lD2`=bA>42-F>(W&=A+R*KCnaJJ_W0g#*K~|AWclOi*43?}~3kfM*
zn$mqKRMV|iWT;yah9MABMu23FVOQ@eFWvHD$OQB$?g-ewT&6_Mz~y32!_f1<{PDEg
zLfoxv!LI9+y_Thff!qm2U8fvPVjGQx$WiZx1i9>jQ|@RcNA`0>E=g%!2zo+NWQ$0#
zTN@nifQI2iIHTLK1H{IhbLTU9I%yilg6}B$Kj50tca?-I)!>XdviS^R8$x
zwD%N>hKQMZ@m>uo}DP%bNy!4fYbwzO*eGnG>uAzWab4
zxX^SeSY;Yg10O&%zx%NDEROoJ+S){hz10ixPx}rSKaL%W=h}U^uRdB*r1lf_xrT0|
zYqJm{5wpSX01`OvjF2uZ|0upmAAe?$8(ud1n04ntF;zyJa&G#E4^EF~AVt(e&li
z_gd??so$p&kWGdBo`PRqQXJVaG`Mww+v-)9Yg;`Dx}S%P?n@Z;S-G2RQo0G^V7d!l
zz(BELA)fy$+vdQuYH|%X;{%}ASeZOLpDLajrhZ#01*}dhCZZp3LESUPy4pu6g`MEX
zqgQVaUXzT884m*GFXnn#DlkJs6Z;N*?D^EH5&eqku3$yrJ~>@U1P)`K(_~|NL&Mo)
zHxmq)wLpY>c=3=rd+`YWdW?TPp+4bja84PN6T}uA22vNYic+RmNnP2k8LG&pNqK|R
zO4ehUxO~ZUbOn|JJA
z>uzV`kH~BY+^3Nj(DUp?340vH2`kFMDA-6h8V;3;xVaHFWR-OL@%@F#U7w@E9lwyV
z>u0GDj6so<6{?zKHlr4*5L3%@nCCh+OhK+i4jrwY8nVnFK_pfc&=L$xjv6??eC&yS
zUCih+z3=t1PC7X*ELwzSbYuC=QYMQOH;K6EBRSwEs%~W^)ik73722RNVCK4dZ_%TkK9jAF!2zXI+H*HarVTXy
z$wtLRoZwM)Ura$DGhq?qxRYs7NYViF!pp(`8J`U~=nv>={
za5JIuE)0OgSxU(39wLWt9CYa9keAF^+JkH;9pFkKp1Rk|B-Mgi*i#e)lqTyaLX8ft
z+ecktRqz0qa|SooSfZ2v>rlaOS7TCOxU-r2bF!Yf2@W
zsd}qKhECHPf%}j!0!9X5LX67dH$_AKvo3zq$ZXrz?`R|uvxmwa@ohQse>JO{#T=l}
zq32vtk}f1k-k!|o8K~PqQEpnCWAhnm6rGtJU5d6ZJ639aDNO!fouy{A$2omF%8|QO
z6=p?xTnjrrI7u3g_c`N81+6(X)HLV2k*tGGZ5{G`{Yuin0kj0)ujQucytmDWa{(E?
z_{O|GZ1HAegjoSF&}8meP6LU19kh2O#7{vZD{hRqA1vBf
z30J>Is!0ToUb@-MXWe-oW$0$mEfy*oyR4kfh6^2WQjpuNEz3lU?D3}ViE_j+7YLj>
z5S>5|znsYmS#c93`$WCqOo$jH6?A>`*;=Gjv|GcH2Fy-8OZNG*2l7
z#kPSqlcw+qHy8IrJYrNxWnDl^Ee{M?tr?27nE1k3hN|X^C`n4Y=Uq_NiIc4f|*8*g}C@vhctIM
zOOzehaq=}k7`LibTe(c^*wM)3;V#=)z0>egG?k2eNV25ugs{L2o<7-my8F~D7F5^}
z1_T{o7>PAbnb^m~m<-Opm?E)emOP)9^4C81xopiza8aiVO-STH-nqYGkZZXYp=Dsk
zx#l=s0eLY>_F8+bkGR_>37NE0=qp!qaDM&5tEWoUT+2}ToXszA95&fPl2UVOqX=L+
z4XVM7Zku2w=s7{p(n)I5*=lYJM~NBZs8?vkB}6Q-(9t-)_#{)&*v3fXSJ*&6+VN{K
zo6wt#1}Uwv=R^5pzc=g#%gCuMi%F8SLYtCoqA*)Jz-7R(+1+F;$t)r*LIZPEE{aqX
zfD7G(zd_x69j-WEY8!5Tjz{KQKv(
zQepM=wKfF`DS0=)t)fC@wIEP6qyM?=8FmCQe5@tq$hZ$#kKvaVHaCSwIAMNz^yKrN
z?rLyHFNtl29kL=FL!P^s;ee}Y&bnnYr_DfIggTzP3xH3a9C_A@GX?WO+I2NU=+|`?
zR?VTAs@3X!5g?`dHccE@BUA~N07!bB<|6?i)mBt60-PA-1|i6&T^yxnl6(iyNlWN8
zl7E2hW^%QGC;vl&iWVdEk9Sxm)^z`2o}&$}zHQ&yBVPYO@+j-Is|_~iG(06BDRlN9
ztP5=*
z%_Fu3+}5Ri|8(}X<7yLoRBIvefQoh820uWMisX};)-;97_a^XP7)KPVWVY6WoZ)qh
z{<^Q@DD6ikH_aiqYS~jfDU7pPp)sD;0I~5XyG~TeN#Yn|q_nmK9VIW2vo`pJvtl}8
zk4@@|hqC9!)8rvzi&;LTOwD!$Qc#Y8PMI7HsV$rgllA=jvssZy@|k51awK%ppG)R7
zS3!mcNz$uf!5dX1EIk=JTR1fbz$d<`6tPVQ;}n$SN3_0+nLuk@=uL>-LUTmY;x9Oy
z-#XB;GIKS)7_;xf)|eg9y`CCYAr4I`*~yp~$q)+a#mFRjbNTMAB~;2wF2bFCSV6Y*
zFrB~((qU>!V@GNk`}BJhwOlN%UZ&qtaUGT+{hF#G&~7!;WMnl18Ydy>L5}J$ip@yCnROYAUm2i{Y|FkzELOV%-f;FU^QBDpgxP7CQIrMoZ{+7ZsHkGg1N1GH_fb&pY&EpVj(qI!Sve
zhyELh2-8Po3Oow67_hlCE%C|kFBfNvLjuwZKZfEKGU&!Q#fffFT$!86WRcrC12h*i
zazgxV$VR|q&`V;M>K^5a7Y$G5lO`Jo=WIX{G65tM5etJ4i_&pGqL$jcw3JEKhL+;<
zdG+lqV2oX^DoTnCZ9q78O49l!bU)`=89X}9KRpMwxmTu2lJ~r#f6w-3(>!2X(Q1$D
zf8recMD~P$)z}Axpd}Pik6lEP?BgKI=gG-S78pz)!E=>zP+@H`nkclB7}rJG$%Awz
zqjs2%ryXn-&r=-QpATByveipRfqD6GQLl;ep_I}-780-t&h+EQkIQrGjdhH_!~n>(DWiP
zLEasl9KSlcxD*~3t?0?G7l`wRiwRU=5Yepb4d#c?+%_&K$Z+2emy3SlE=^|^q6aOS
zQR6J9e*@dAU*W;-<7I(OeSjvk1_|@8&)#kT(9bWWh)l;wrT$trcg+ew@cQzXvm>*c
z6#5}cQa`o%0!VnL{cZfa6M1{{EG}{BM$YA
zY|XFJ)?^fjb>4%UqqLrI!WUpmWH%v~6Yg?Ot*e+CSH(^?wSK6B?29@Qlt&_s?IV{;
zU6ApqV$3u==VARAeSv8dHzeX{o=rIkSO(BU%A(&;F}Wd5+hw46B5FTjw(IEI9Dp5NZrTjo2(#A0l;xYSe*re#@lb1gD31B6#I5r$m7
z7aW13QPGvckTM6@aNH&>%#<(z^ZPOnHTWLOQ?KDY6PIp^XI%^I7wY6k>v#LeZG1AeNh>ZZ&$MmXU
z#3;fIhj=nU3isrs8Wq^G6nzw={*e%)<-2`)L8BCJroc8QZ&HciKL2$*+=mj;8k32>
zgdHelULZxnY(wz0hotBtvvIS|e$3;zm|7xLe}~NArD-0}_BOaI_=YCM)yaVj_Sw+4
z45@qo+X&&{cd86dUqCBPWiYpTJ|ImjgR!dBpQz8<&dJy6ItYOTYgy&-TFQbgviQ{K
zkp`_0-cCuIWp51`S1CV$nKR1aI8_i`w-Dfp)Tq^s{NLYmK5zo5L
zMlSdU-{GA4W7^2SzjSZ}8%N@}N1RP?
ze-VlocswM-l*d#Z$h8V0alzuQR2=jHV0N3a*kobv2uMFMW4xNL(qmO-sli&VkOTj%
zRz~GmD<4o=GQXWHBvkk(4d{Klm|VpYu_wHMOA2(e{_{Gc`_{M8jh#h
zc-cgyl5{JVr^gzo89QA#-Rl_*I?C~e6sWIWt-%bN&k#Z+aW()nOG
zah+Hy1)Hw}r#VvDL?*EFT)C*AJ!{3TfeRV&m`PTa(G&=?%s6WchC6Uos>_=`*rYqX
z4eGgT)vm!smQrxkV48LJqxP=QyRwQiy-3WjXArpMT`0x8uz1yJ*8{Z5pZ
zFo98&1$fvxbDA&De}zfGfA5dxXq@NpGrUXyZ1(wmES&W_O|qLd8#AILx8x>fg%7k0
znFrX6^KpjPvQMqo3+T2SUA3_cT**fDoq|nX`NPk&MzG{vY(L#JWn!r;XiA5#ZW$Gk_OHgB%){CtO98z;oIS?|a|I#Y(%!35~
zqh?LGwZ+mB&6s~9qIlC>LB{HjVG67$LdeSnuCZs@0hbttb*Tu(u=b_U*4xT8_nd}V
zuzYQvMqfxKRe+WP{g+n#fJo=L*K^@;#iT)Gy<_{c!G9m}-y#a==XoZ->&3Yg+Y2$a
zj8hFCKGZBE3dl{hx}jrDz9TR(VSU>%nbbLyo}lIgy+wyjLBV44Xdr8pZgqjuIMmHt
zQii$_X`r=D8jho7Z*S+$-J@aR#z%*r)uMhJ=GUb#tj42QTm=aoT5rT9oh_k+Y0(zM
z@{IbmD9=jJA1CR!L+c4P1EY&3z3r>fX#1)hiRbnT=(O#tK919b*mYwVlyDNXPPa^#
z)WN$I!D-Pxc%xXp0KB6vUXKuCP_5n>(z&Bs$^VqTu$PV$FW*Dzn`2-fORQF-yv7)a+C8*UV8g8rElTmgpNI{%#K
zGaVP~jruK}wc^@`J1y#3&0M!cM&LMQpS|UD1U6MYEKx*{)MkcL3}}3vuw1x@QHy8?
zAJU5VnY<%F+;-{r$K=7}c87B?|dIHl*K-({Jp$Agsc+f?9pqg|n2AQ%l
zMh$6Q5O$1-o}=2dv|$hJ0Tn(A03gOY)bgE%qGO#^K&8APJC6BTrm1@vr{h>vZM!ga
zoy=|;Sa2V?iy0o{E4gnv3a=W^UChrMKGT7x+{&T3+qPi4kGWwz&bp$u?@2idCEl+S
zl+{^&6;mHUK14kvOQkdKtD2ygi=yA(1|BK=N{h%Y-M5%hZ$1gxA;d<~YMnfR4b#uj
z6)u~`?;v#n90a)RZqK^4j7eWW6|~_27+VDXt%7(IFjkJc^Xc{s|F*dp<*|8}T}UC!
zRy`L5RE?F5vd|iE7%9ev1<5WOrK6I~lAy|wGF^m5o^4E`{)~Qykn6D+@^G%q;9S@o
zEBXfh)1d=e+>O;C;X|X|Ht)A~cc&8NL|}|Tw_0LCbmh`mM#1ujGxV9V**180W}1~-
z*i5j;1uZj!j(irc0%Jv*9^KP=6Ue75c#Cw3A%`Ou?N?P5d005Q<)DEgbtcAL3J4eD
z3|-b`(%KgOPS!Kac?W=OF)!pwrk&6vMPpDGK$l*u@CP1$p1r$LvZ0%HnZB9Fn5j}+
zwfIgt@8NyqYbu=@JEJ%2j8Ll_uSTaZn!RVUzGiL)ah@m%c5#@Eo;^avikB#r3pGR=M`o$hr3)0W;4Z_km}M)OOcpqHmk?pSG~Bd
z5-y}$wm+($#l3rKyEHX1QivU2w2h3nZBBOMDUva{pG$a)(C)H2!TC|AEC3`;Bk{h7
z!Nr*&n}tuvRb@MV@oockyK
    hiidj9jQimtz5W>Agv{mebn)F5mCKZRfstEtd;;!
zPaR@Xm>_rxgGz#V%n7EY=1b(X=3~e9+sR19$cwo!BQbu!6jj~LTFSO`E#5Q;2{ukS
zPqb~D4Imm$!J`S$@H?_b+XZbF1l&)m>b8SEB4hYAt7Mz#=j^dtRk>uV{+X(>(wJC>
z$viQwFHhf#LE$tko$L+uWky0?dSg?2iC2L0C9%Juz^o;%$}S{32i6(e>{n*94;
zw1{uRS1k=8pc|zThqFKy2BR`?7Bn;m&mJkfm6B#S2@neKe+k}A*BxrIx~f>|wF?JH
zrn>E#fHbOkk|5L@}4
z!WCl%daq9h8f
zOt4LwAI5TLv}aMlgCG_9L2FO^+TQHsOjykqd9w3h@1f1L@^;c)jHo(r)VwNiGTCeG
z-cP*RxG
zmmMyJR;;sCSZb+NHlMQz>)~V4+r)q}U!cpTCyR>4vME11PEG0NJFGC}&CY+H{I4dUj
zbUdewpWv$(=chj&oiLZt(Rt*XS-y_t`&?zW5&?0rGf7tGQoTVH)Eag*@x)d>MPvbs
z6e^<6f9($UNu1?jYpQB1N&7(rRTLRJx87dPck%NKdc29rZ3)mXc_(Fa(|Q
zHO??!@^Wnct+qOCj3zHs5goWEymG^msW`2RmyUf4wx^xW)aAkXMA?(Oa86dU>hSbL
zpzH>;L{Y#6_R{wxZEjPtz<){0Ic@LB^Epk_Nil5|Grzk_abeO`QLloQfhZJ44FD+_
z)SO{MO~pY}>p*-!DDJ6|=9wsaO8nNz!aUnb^|RG=eh^lc8#5?Nnp6-z8AaY1{|
z!$3~Dv}>`(UDAZ(|Df??cAGK?db4%!%y&?d#qKj2whDSoGPX8o+7Fz%&m%F}%1weISAh
z=&5uSLqbSkZrr3$h*&dQkRKNnlf_?jhc`4M|CKy1aiH8Mle3};(~}~b?qf^M5_PrC
zIKeUewjnEko3x)4nFVJH-z_$+*tr5V9Jo-xnT3TU@cj|m_@{-uJnPD_iGzBo718$ca)&VK%ys~gn*jJ=`s9LXgGd&f%0oe^9uTB$B_Z$_yvh7%^
zSQ-`w;WT&g^xSVfZb^cfBpUI>%017Mt2>+(88)ZqdbH&Z?dR-fpl)8ZXtFi4*$C@!
z;(5Bv!6^<$31e8UedEw^&19>UbCL#l
zi=WiU*z?Xs_Qsc%X~G?J=0O?n9UKx198K&~4cI9Bz7i-@tBSq~tLOEf_H0TZkUASd
zNQbl1XDJD--`dkByL)?&M4*;k+Pc$81{hyR;c1nsSo2}1E`%8g=CET<*_;$jr=`@f
zDH1>sU*G7~#AC2wIG?2naI62zXil%22K-Eta(E2}$pL@I#i}*DvS>f4*oVzYIc}Cd
z*yg$F6^qhJUrh=|#_E)$?hrt2}Dv
z?-@_qecmhznq&$nV^FlZYPzGslt90YoB^hcr=1ri%{1gE(1G@hf9(&lqASpt)kS;z
z#iVkX*_x1H?h+dGCTH`tbb{>E7&L;K2KX>9-XFhx**-jsRrI%{@ZTms<+ENUU`lFf
z_i5lxU?(A|1Iz|QJFo_mef31eme6pt-D#!%Vacdl0DreQeHxpe+tMY{)E&~14K?cX
zirxB-Ef+2{j+5tH?T+(?gm(7$YuG3lZbO(hA$8?lKTaFIR7S}t7nj6ThNipHd+TEdZB?Z{*(B_qo#l;?U
zX()8X?SqZa7r3h`lxm%rZB8v?r;JNLQ=OpU*(NaHZn`y
zO%2!Sxo4xbOx8H@eRA5qIJ$iC{+0JDd1@g8Pf5sBOHwo(g)MXT&1VP^$4K;$EXIj`
z)Ae*ma=cL-37us78D;&d
zSrtto=A+ZY9Bj?=n25o|Q(F)$P9^nGlu2TxNJH*OUNILh6$YkTvqCWAHhpnr7I#zS
zcS!?qROJf~Sg9cm?eXh$vO%g(21mk}jF+xg8iQctjVR&TW17x}73EiAkz)Nkp-C6_
zlMw}~(70%D>TqK6bY)#hq=+;-U;)J93_YL`c+(LqxkO;((SlZBl$G_&IbCwA;KY(Z&H)m04(h0h1ml+mq_M7=c$%U)i%otnnJ
zEmGG57mY{i2K$6OX7lppmaI|El4xi-5iKR+7*Aa}XHZfW9m6z6lBB*z^Ek`iPq$08
zbo3w9RCLxENrOz9WvUb2?A_`6i=+07_m`Js{kC`a?)xPln-shE_uLwaSs_Bh5KGyn
z^lq4BjuHcSdup`R9qZ^>EiK&!TgW43$DymN>FW+h2qSkTKB0+Xn*FmZ<+qinW(_bR
z!hjRN{F|U(-?V1boafm6GwB$wTj%+-7$Mr<0}E5&ZqAhvmcx?lp2CFDmgsG?0Ht{_
zqHr3U7`&?_S_)f8)OzOT0tA^Cu8WoSBNG*!K0i8m`R=HdjXyRbrZMH4aD^6mG9118
z5a@Gd5R_{T=CoKE_N$zC^BNyxDZE-7M
znlp+xzT`VrA-6~!;6yP_RSD<%PsgX)mXbJN4}JF+v=33Um>|zF%2>fU
zs~~`gM$zBw4q+v2{oD8Yo8E9s_AWB*j}B=%Ooypj0lT{of)B1(f@WaHs=G>@OjkhO
zKy7Fte~qUME&pF-S*y9>qNppiyKPU$wHylf%mojy{=MzYpR^Q6e;7&o`Aw
z>piII-%*HN&u1-&XL0Exd4QxO&y7W%(xA4TDP&#)GbL-(1GMoowe2Z@NfqbXtNIZD
zE~Q&Hq^U5X85)7i+HO&fGZc{W4T(M$Akacibeal}9yDJd15M!!cB5D5oH(KfuQ%VW
zn@KN%t*!&QNSe#f$9Nu}TwET!ecL`eKYDfi!SGt;1Vz-5)uvy>~zZ1sci^&iWE(CfCteTb_oSQp`8SEJo{#&TYC!Y!ON<0g^l3g+`o-7y*PO7~r
zuF-?bMZ5y;4~f0$qwYSITo2CjX>E_08HmeKE@1^~nC)1HCOPZ4*(_(>UOo${3*5#h
z1jp;m*?JJ#(GSmDLW!Uy$nvyx&`mkjSK^8dmri@d)s)1`98RSTQ%fV?v6U%jM>U9~
zXz-eja)P}(t6Spf>M(PqO+l_x;L6M$9-P@naKSZsk+376;+zB40bIZv=dPuoY6Mn&plG5OK{e7}wqvj~SNkSBD=ym`7E^d8V5~y+H~P*{1x?F;giDz|%c{PP0Lc
zBOez)L)#u_V?p(!C*OG#wUt893;^)<=)B#zAG}n+w8xdC)y6bi(Ogy%KX&P;cvc(b
zQs~ptSC2cra>?vGl_<8anh|>rFpTcOnEE~`Qor0%Qe!h_b{=KtDS9j}NsfTsUU
z(V$7hN6MCjdV{f0@%n}+PhJA0^I9@l{ASEudy|&)KEk_0`D6b&?}2;{l`&kJwzP6U
z`q}-~UhCnCJY=qp{o0E$xc4M72~E6Y1-fjo@aEv&mUdxv+zx
zPxFK1h4ULqdL)l&-fh^&h;svi6YMG?s}=gHmu&fcnsWDDXIXlQHlUFuhYz#uHt_r|
zTlvqzfIyfy2WKs)ryA`1&m|wGOm?4soml-Sx@7O+*W3xs^y#ZpwU~|Ljp8HCjcuBf
zqimu8gzolD-mApjp6II=04g1&K
zb&+!7>MzjDsEX0%{jG4Srlj@a5U&|C(`YP$YI7tN1l1{E0I4xdD|#?5LG{X&6%dZy
zQedD5AsOJnRrV{BACh+mAKE7e?~bH`a6VDyFqYP`Yq+)3BYWQkUgJ*jrs{%+X{}X3
zGdL>N=;XJ%Za~;A7mfxE5v>=D2g&BM^W&cmE|1!b(+N`wQprm8dZI%uZ`z6g&@#C$
z0olTzvIK-bTC+t-H=VGtaddL}?&w`ZiZoVQLr)P};#Wp!tKof9g55&AP#Hkx$igCv
zvdlXO(4ZmLdK%P;wa*jHm6hTTBV>AiSZsBo4%K$IAVC0SqTLy#C?&lJUT!W2FW1~Q
zCTI~CANYaa5BC7#hE(V49QnqG5oeoB8K-n
zB^4V9(jX>}@mDEwEaVnNrm<3xk98ly!98kcEaDi%kjx
zA^-O1iG!Y|*N4Xw&hN&NMD7&2ItGNH;J1+?phOUY*qB45ZPF~e-6xZMXD@Omc_4UH
z(#v@k75670;D&{XG^JJI)}+I@oEmL6DCr4o8J3q~l$kb2T9fdX)JAD&feWO42|5T@
z=<6$Q9(>@L)t~2yqm{=NHo&@t#LNR0Ig?$O1Z|W#h@txVK45B0I8e+O2`;6oxp)kx
z4Rb?#tsV9ojq=p!=a`3u-Eh2A@3(f$(utr*?|$@vyxs_a$rd|b+(``sd~d{)?#ohN%wgHLJfdt(i%
zD;y!yh;TsFCB<4sLQW+P2xS_rtZLKp$u!YV$*EF2y(`
z&uPcL+GlpTZV|F<3!*a!IC5@{&u#Y1JpX_8{@!rYJ543CVj&jFwQeCI68^XG|n^I*m;!8!E(
z7}+k@TDG-z^-4tTc7Sr_52Mbw_S|lrQD~0Sdk!f}nP=Nc-`mdVA5JsgLFl6JWOZDo
zIvIRafLsNVP;h|~sNs3qSQ8^IB%d4*p+$_+V_Vl(5t+|9tfuK9wm>Pp3
zrA8Gou3U%_UJNE5`cLbHePBtF}Gy8YNEiI%15a2}tjSmi#@3mQ+9Gd(ZsyLzLnT!7iV{KRG6m2BEPcM>*UdwT+MDnC8iFqyp&aXfxB!
zkTZ$qsJ$Zh|L!M$&0b!Wqrvs7Gv}Fb_HgPSl-DI?E8gT~ZZB^0nZ-kPSN3jRG9JK7
zDM5xcgBEdv6r-4qk$%_Ck79f^&5Q9rFo&K0QN6l)+^y&RtGZiId?Kg-AMT#)WXs0O
zo390nN=xvztG~VKkLP_C6pyFfa`ux>+=Zno=9UQv56(eh6AbQmQIopS#^fKAG8scc_#B-
z-^5m92_>R!fneAN#|o#Hx{fqvu#IXx6qcX`Bh1c#u|&PES`BGclUC$)wL>-!Cz4bh
z(tkyWF6Sic#=cG34%$@i%;D_fF}e@}*Mu|A6|DzGH(`h+a=z;fYf0*j!e&tuY$PtE
zG~`B)t#xXTup$D>Gs<$Ksbj|-wjoN*NF@hckgRZG9;t;ut#Bl2Ji?6RykReu7d6k2
z*(qYx)6$4#v?v-ny-w1zxd4e%rC>&V2iYH;$L?nF%a8KItN!IM@6PMK?RYCVzv+lFDv=x_<9ig|E>OrpioQ*kmtcSUn(Vdc1J@@Pk=DD;)
zl4xzc<-=Gi|20@FLh>gd<)zMsO*13XPpEc8jE;UO{e2ymP6M1!^fQ3Tou{
z#_fylfD^Z0)e^kC98Bt0rHj#K`4nx6AorPHnKM5fZEbGeW0>CnqsZZPmmZAV53eqU
z)maW(o}A_H6@
zC}(2yYC|yB1=?7olg^FD#=M@ow{?~-z&APMFoty%ai@3OZ)8-_d$`mV%0Xc4iRf(*
z%eaYvo7(Q)HX(KY?v6RA#uxX)HfpP_tLNR(ls)_E)4xbLU;(z5Uc>y2z%h@7x4Uz=
zyLWJ~_ojFF>BHXf{x0PTXb}a29XOS5@}QMxapz@uaoHhBmb)N$0;MsB^Eumo{3sOK
zg@W9Bb0Imd4MYLVPs=sCC}wEzYV)V@d?Y_mk$qO$AEoLeUl4dzDPK}Ywy|@2OOn{6
zs88~Kv$WpaHJp8SJ9`hjmBKs4AA-uCJux>3Qt6-#ly@BFCaG2Lm@d;q{#YOfHuYmK
zK(KHv=w!yxJZ8JI9n)$uMPVb@ulYHQq<93l>}u~~Rktgl_Tk)3+T8RKF+P6^Mn8Hr
z;s`QgFI}YAbz7jpMT3fx&0%iZ4QJaKSz*eprHfe=s;P=1Hc`e*G&4~Z!90?Cius<;
z-R^&B3APf-ki|quhlfbsM*W{|0Awo0YAXVx=PdaK;Keo?v|~W?xw~!hB+~Qk+=}jH
zbdudmOs+pxm*YBJa|9x8(8G7GilkFbct+Y*V&R!@y3!x3YS`TmOa#ZDPv3WTK;t>?
zzS(O;hhBpOzE%${D1wu)*x~W!bFD6g8+aq{!y7VxYs(O@9XPuZ$%Ulq*leZEk5BEV$l9;*`3DS623{y_mGq<0`
znLm$ZR}vk6cAOR;e$yzArq6OwA
z@PSIsnd&U(0IwT}wvpmx#tu)q0f;+(;Od!cua-`(OQiHfkI}O@D+ip(@~P*t`+n!}
zo!bSl8MOUx$N0zU1oq+SQE%_)K$)jf=v|34emV7lLwQc4;G%~PKc`A>B1?W#c-B#+
zWfe9M;(xTU$+vM<>>`5(m+$!&Fx@ZHM-eSovXOI5(nb1^yXoeZ(1`zn$)kHd@0^i|
zBJg*3ob0T=yM@}V`^O7rh|6pGS-h01-&lF_-`D}f~ip2(rMge
z{{|TQA)Ki~u&ciTi{~bj>d=EOB+k|u5;rgtJuzA)1006Q#G6*?1*tZ352`mRW&v#3
z2KbVQPyc=xgAbd36|<%-O#(?EM!;RNtZk|N-o3%!yIJu2TlasJ#>7fqw)CunJLlR?)rYc4Qzu?Vz)b>#;2*e3X$8%7obC
zymKTh4D>z6)!2h6LLj6ysx!d?%mlFE-p)lDm_}||0~AZQBGpt+fORi216AHko!1wr
z0q`x;CC>Wiz5aC%*@9km-UF(p>z1~{f@`RDA}xOFHKn{-ED*4)>+B~PQ3
zvIuDs^U7l`v@q2XEXQmDUazvv(i%G+G{ORI!9CX2=I@i2K^UI9qk}iSllMEvZXY@N
zczVM7e*dxa>5Ds{o5b$rDEm-V-nIZyNv+9oV~iJA8mDO_bhd{Kbrem!fye1*~6K82{r`_F}OvbW))RO)|IYV
zWC1zpa93nsF2~w%Q6M4!y%|a=q8GPzyUtZCf^b#?H?aejnYHW4;$Ot#F2d;3>oG{I
z@5PktUF)I}lDz3%OS2Lw#aB0S97?qSNm@O8Rs3&}y&KEaav{bdtAbFSPAtIsmv=`;
zZbIxG?CqXrfB1tmn7rFNJ>CDXcl7qn&Y$pNzsF@jM4_SH+zM)*(=xkHPuV70gIRLf>Yb
z6iU$aFgD$_YCMmc$@7FZo2SsXR!q&
zZ5-ARFVT!}DD-RwSp2nb3(ysM=MmUe8YeHAureXCKGC2FB9XPz-~8^
zH0tM4fwfvg;jtOJaPuIkyzOEU=mU>L
zOSV?Q29&58YmpXh$=V5p`{H&s&9isaX(bKunrtu(Vt2Wa_%B_Yxj`#Sk5eFqBWrbI
zzrsdJWy}ZKKi>ah>&F{9BXscPEGZ#qVk^pY$J}u`K^uj53G(lY3IU4+Aahp8XLXWE
z(_~O>2u!K+`9MDwtcq%$K1+SZBCusACC9;xiK6$u*4(+kZP^Yb;(IC6Bf7YcJ8$0X
zAHGY$89-%2OFn1K)lRHWIW63qH87kNpoBg+^;IicESeWK^|ivEBn8((z#W{om7#M2c4j?3xo|i4f`bMSd;#XkqniPN0;NV
z+n0t_HIe<`(e~qS?!aemNzR<@Zcyz<`U^1@W2sbuv8FzI(z$-LX<(hLC!EGKvGU2Y
zGvf;LZN2U{E3!Q7KHs^BBQcVimO6KdZL7#c5n<{)Gz7!}
zRTR9o)a!l!u~jRF2)&GmI~Q}abI|Rw#1Gng^CA;>(DLQWbazy+z&H|$fv>&>?y~tf
zo!`g#kSuxc%i*AKCmIiCOE)avs-+KyTnSq-5uesMXHAh(Wm%G}B9x^V`#PSyC6!GeMgR7kP&F}yze)ozH2;qMit`b*mv*j
zFiXOzCFj1EFsmx5SK8)o5;7J9vde;!YYQgQx(5E_X80_7d53?Tbv*CxV!7pmDnUJ8
zmv!8g-y|jpeZf12C;I{=lIYc4vhZAAxfi9X=Y1;4bary82}A&m!+STv7|kUw
zmf(gc>m3bipoA*?(|_e2uAJ0e0QiS-1H>bNJQ#D&WnQcPHnBr}W_$4)}`Ks8KQ4nz06h}?ZS
zH9ZNi+mo#$!Y@hMj))CeJEEk~(U8KkNC8;$%Kd%^%k9<;&{fQqG}2kFY`l<>$88nv
zWwbO$*Eyd!TN}^&&iTjv-OQ^2r{Zvn+BAH90urd5wQ+Ik`-A=0y@P%3kLaf3@1XP8
zi2gK#Y
zxJB*NvSlvJEXB;I0(rK80$BTF_tcs1@s%5hX3w6-q=&B~@mqQB!QYxw@qGwU?&C(Z
zbBD`yYk%o3m*GO1F`;U!D|3P}Kt&7B5G6`==7@;1rS)zTCP*YAPA{vGdjs#L`MHZ}
z-G5&p3*J4SMjd2^w32*^U6%zK&8tb?U-wz_&Zbg|w^|F+j>x>3Mo7Y7Z;T&|R0{Nk
zDoibwcQ&+iCe@*)%9Sv9*9DoQp
z?i0_!4Wm!jFU_>zJ-6!1R=a62KMh@6aGO2qK5EF+Re62?Zw*dc#SRmBRM+SV-XXcxQJnCR4OX1&i~X
zoXFlP8=HTS2NN4A=b#%_2fdd2BDe^a#IPU~E)X23G1RoZPT!cr-O_(Ps`IY)4dZD92ugeYEH
z^uA{6FSijT?{WU$U<}~oMD?mAyls4|I;d7Y61;pvGW(BcVukxWtQyx~{Z1$xmR&%+
zobM##>D+J+ZDGbEa$UZ|P2dYLrZF1bmxJNx)x}dx81QqC6R^6m+Ek+e7$S+qxXN1H
z7EDO1>;65@MJ=49KH2Ge(Smy~g+=6&7nY(sTW@gYU(Sc5
zRg&9_6WK^zq8LV_wKt_K+f8w%oti&+C)iR(_wa*CW_fZa)Dg}amVLUuC@A&as~EIu
z5?X*{yQEc)WO$NoEb_KlkR4w2zK;>PLc=Y*w(%RIa|#!_fhN<^{tcZm-C9|AcPHj&
z5xRnPdX|yhA9=F>i4=Zye%`Le|0`nJqHDsga#wP4LT;R&RaADpL>`NE4_(zlTgoOCH2xu-oWMv!=L+`*C4z~l
zQY4#0YQ;j?hQ51$^kHwKYqKU2YeYX7=#lX-R?f^-X^6{-CvEh;<0-~Q
zOkWK67esIxxIF4UG~MJVvDoOiPu7?$o?&%iZ)y9%qwcmBU&g@CC&MZqsIM~V=4ICz
zWCZB3b$jckYnemeNQCE1U0^9fZ23yx3@cr3W_$bD19!=e-i$3~rp-H7Rrze{MNz_M
zk-`h!%+E*r&(c?5og>-Hzq_AM>VNgR8kYYUb<0clcy*eTH2}2wLk%qXy&|S=Z6bah
zdSdNaOtRd_Amr|x@45&?2QGxBy?@!qrx&mC;YEdhqq><70#K;KG=c3{2>-NEtZ{`C
zXY;0l>HY-}Bj?RIHxm9(eVx~@hK1WB#?$_!?xKV?7#E#c_hPE}j_vKO=1YL~x-so?
zBS{AdzR|F%gdiHl%I&R3nGdhm(&;cj<1#~wYVI6DXDuGya*nKrcRXF(u9Mq9v9ru2EgE_uiJKj6!{jzs_vVU~Qe$HkXle~BrgK+bCpTj44
zd2#9XTem9|w_!dR?5fGA;!d5I|2DRaa)3uh>#tJv7@LXTUS-(7wm?>7LM+ZHMw_-q
zhPCn!dH(zuRZ)#wiLCD1leY?M^&L*+CYIXHOrZJNj7-E4BN~sh^J}V~Tjz8FF~r(+
zKBN7rYi*oQMzzNSSmwz2aHG5I_59NJ&U%xsjmO6IsI>V9gQ40HK%WYc=o35MQa5Gv<1Agb)<#j5OO>4c-^rCBN(aUl-fRc{0
zK<6`po8F?NA+leb2;vkpWhOj-wZazMKD~E*e0bExPw)2*KK4HBot*4M?Hg}NUM5`}
z(MU9;%|ex?I{S5Ue!DKLQ|Fu*Ye`NLCZ|L6>2!{X$~~Gx0lb)K3YF-9g@xC;AOpHu
zS#zY9$W5hxKm6jCg|Mr}@2!ExjglyIuqD~(ygav~3J+H3W4LExB(G2S^q{mTou
zcA6Y=t3)8`edPu0@$cP!ID&Gz)#m0n7^6P?sk`Hf&rzt)&
zUMf+kGADXnA!r^nP8}*`!kTtqB)auw(m`mwRq8BpVv`Rvi25-jf<>pUux7B=NCBa~
zUYcw6>>i+9VbrD!A21ewI_Uw1ZRqU8i?DWU7khRed!S4IIwtK>!-lV!l;;|L*nWJo
z?zyy-GRK$Cg8pwK`7o9YSKv1GZ4bQna#VCLBjEvqQsIvPefMWlnGXh3)F|>n-qTS?
ze1zm_m(k689%)#cjp_`~HX(c{6OL|62SpT5+#lO4udU{SOD?p+`)RQz5e-y466?uwd>eF
z)Z*=!rh0KJ>C33}qB*yF2cFB2?C_jsZbGqD*|$RrOV<(tZM<*nF^v{6A?XcjOuzrg
zEByW<<}NK}8|FhPaW9R*ur|=YfMn23G@7_+Zydq{dSJRM=0f-=Dh~Rhm}%&lIJ_+)
zcbgrPJ`ULw0n^ohqMi#)=1BN1_1-;>fYh~D#U1KDybKM8d?4&5N|nN2LP?NFD(Op}
zk&GtK+(Fz<7@HAL1KR=x&udmBbXq!BEC)JU_x6WGL
zL7Y_=7ej45t!)OICZ3t0aV7Q^Og%-V!3lt^*!o7d^a^zh(ys~=G$wtWXmR5fq$oeg
zT32#6%}&hpOySXWlGfA?3>_Nn*xqV=(`u3Sr*IOq>|N)0@@FPc9RQ~(
zRTNne72rU>?By9gdUbm@%mb6467DH|6JtQs=-!s~Wt6pC*bmA&ulr^Bm2bfLU!slU
zHoezJM+Zs(98tqCn64@#S%Q;pq>$aF`cgzzxNrv>)@Kyimk8J0EpCe}lD1ty{RJ0k%PHEqqcCm2|J37n8zz%_rG+i%q<88f}bR
z^DPHd;9PH>WCuNX#aE{E59+TN+Q2F!
zv?JZZTLOFbEh!4d>;}xsd_oSFq)ztXXRJ1erU?r!{Tm++gfJjp?n-pp%InKkoGV&*
z9838%k){g0PQj+@?HF4+t+#YXk|xxtx&gW;6R_6Uf8*0Ve9p}=y+X8|gAs0Hj-n!o
zW%-`#`Pc^ocBfVc^iR)OLLap(n
zE%z4%va7Ks0??btzq)Y?YE^&Qb4|{geII2Yc}Q*2O#|!dYk%Gov24g|K$agK%!Kt0}g
zPxJSxF6J+5TuAnqvghDQ1tNxULv{Mx&IBL4h+IsMtC$559IH}V6~GG`^8ih)F~?)5
z!A#1^M-gqePqFhG;r75-@Qi|cB(n>kFxEPv
zw{9`?jj(>}H%Fq+y0-7G1v6R^wk;6yCl8=y~Z6#q!K%)wX9+Ds;9ke<)}#u1UT+S3J0
zQB=19rxns_Q7S(I7fLK?_junW#h@}8i(7Lv&?Z?YrB3LWhYf(2&XisxrO*uUKR_y$
z)9d_^OX;|B^Q}g!lG`=z+&S)E_3xbR15uoty#{08+z~-8V-A}z(Q1*>0`s?<+};&l
z6oqCN7bgKy!p@K*eJ_-ZNce1+%UpXtlGWU~JF6*wYH0B)`%!2EF`Er50^xe{PUWR(
zcC8>61{bKLz(aPN^)f7wjxCx6*ix-IN88;aL#
z*^w=k&~W>=Zw{Uy3m%K_8Pyh^k)sweJt*-VE3R~mY=c86q;MI
zkj~fVK#iKIjt=8%IqAaP!0@;s6ACtcdt_@RajQC&x@aJQGQG=0&?KVFFeUk~w26fT
zW~wsl4ynD`pDwjUOUJVZ^gxnpm9uK8jE}O-w;x|;JA_VWchKbGI^v8Vh)-!ThQ;{8
zc{qg#=TH{QJOYg<$tu*tb8
z#Z_qt1u0e~%;2pgS>$4M(F&Ix!#R*9oKyx4(%(_z4*9qhAM70P=@e*
zh$Ht}hIgbi-H`tx1;d}DRuM00O$-Gxph!+es3df}KzS~IYqC09C$9?&M=lN)ZI&xz
zQzs(6j$!Mu_-vTMzTMPt<_k@yD&lRG%&pC5o>rd)he^fyg2&2_lQvnb1tO91N!(z-
zCa9=PlD)ijcKG7e-^aJ1^}%nO;;^yO@pgXtd
z+>YvQPu^g#)FgIOPUcz`^Om`|maq-=#|T+0z{8FoGta2ImXHU7M8b2FKbp$LY+oV}PP
z?5e()A!MpJA0j8&R$Y|yw}02tN7@8BA5_vodr*|Ki{dPMIg}q>4U3_(cpxhWKxp9E
z@!V){#)LDdooOpSw-jAzf5PNaaG!m?0}}3Z52{=+h?F
zB_=U~6~Q-cHA*)TW}dk=Hmfhp1mW#d(n@`VwgF6(wK_qd_#2_Jm-8Yc5#W=LoY?s>%?1TiAYYzIFv0?{-vQ8ag&KFNrX;BMX3H|zB|9XcWKvEu4TcG_0EcVapR=~e
zAk^xNXkC!?obf8CmoIWy>b=GnioYX!*TBQIjo{f|jmvFIw91m`SX3i@TJ}6b=f}xv
z)6f$Z1~d0PB}P$Bb7v>U0uS5lI`4UNQvqBFA>6_o{ee#8e3aK$Tsv2~XuwM53Bfhz
z9@UTm1*^4xOS0kDqI5E?s+se=|lHlIFC-XMt7OCj!426`p;bp&EE34OtKo#OqwSHJoI?h7&C!t^0QO#Zs#{A)x
zo2`>eh}m1gRYDJ|cX}Eq*oeMa19it0%)8*ON80D5?}L=Mx6_nPpsL}xS`@oaTTs90
zeR=7=z~17CzS-@}EZ`7w3X+Qv&#X>dGJ1}|E7MLI>&B^tnkjU@b7`~OosA02(y|_j
z<~1rUI?34DW7)wJ)EOds&bEtjKI=S0KrgTfmgVV-bo!U+s%$^){5l_ZozVHj2|xU2W9vKdBu=_;L4evojJv<;~q=
z{=AkN@u>QEdnvN=#z!T;emf(jm8JUIv&vq0BTe*x5{tFSuqA21OTqYUOraj#mjsj?
zteGg8ebPEih7e=}&I(F`jD6K#zwB=FSMDO609Q2QhPZKBB%kzoD7)BpDU5DW_8#ZJ@)
z7zVaI3!hkc*|tn7D0;`bK%_6p*CN4dD3mf(@+MP!p#gS;e!7SK+TaVInnN~AX)WBn
zS=9V`|MW!Q^7@#(zmDY=J0JIVB~)t1fXe<4KePo7A*Hc`q6|`-t%CvOwhh0+Sz#Y7
zY2Hxl#@L$xUW~}^%%FCq2WOQt`R#Ci<=0xwV@U!oj)rH~6?tS&aOAtGD^JCuWL@ZG
z)PB6Ev4Z5A)-E@YIVtT4LcCu3JgPw~B?U%Uwm}%q#iR7$6)7$fve(7O^KUX}IxRe%
zm}t8$XNZz(2jVKf?@h^C9D2AtExupkN$C>nXgdX|7`qc*EUgb~KTCL-zQ=C9P>o5S
zZbh;&yaKXJ^GW3CxE;Ebnk*eYEBRfjhQM$rYpf@3;o3U)X-{zZt#uW2k@du$F+h_Y
z=ff&byL$8wWT~0t1HYg{UPnl(Q7}lf1=NUG`(Aq6-E@52{ms%Ia^XB4y6}e_M{GNa
zPe3CW)66dM_7O4O-7^i4ST;I#?JZl%6B7f?^eee8+#Ii)y(qY^zD4Gj|#B`8W
zldVjs5LAmvAXd7pLO#g(6K4!*gT~qtrNYm}XcX4;{Fyu5bDvdb)_UA2)9exx7z>jZ
zx4V$#q?^`ar~kC0Da|-xTMWt>>m$m_F1q90ODF*-nEyWJJ{oW}nly%tBP#gcUrzlU
zsVaO=PzY}96M8VuNMB1SL-NG8jD9rQ!P(Mrqo!#IP1Bujc3O>!()|}voHrh9ViD4=
z1twNzZWvFQ>{ZW5I%7!?e9h{dTB;x|te&NZno6Q&Zph!Wl@eh?&+`csd4bJl?8o*O2sVR`t!$b7H_u=pz}13o5rPK+2;!l
zwIo&3SuPPmARK?(_qNg7+RpHz7@OLj46U>jU0{!q#uS~Gwhc7eXLO%f?F_QJRosUA
zNqz`$SJ~oH+FLhzvJX7%ZfDo9s^dXLS@^0Ns(-P${Uq7{BIX-s80XB_kJ*OkPN1L6
zW_SF=wBbZHTQm7KMCcdWJ&LE$z)jjTbFvgh7>&n=pH?~3<=7Snj9vp-8oN+-{o?N&ABY{d3LHoI}
zb`YU?Ckd}XagT6M#CN0b%{R0~jpcZ4i=E|*-A!&UfqTeprRh4d1nBu8BR189*I{8iRIoA0I4MUO0n+{`x05J_`e)8~%`!|^v_ivR^#ljbd2^-Sfu*cd96v}-2
z@?1rMEZ3ON(iJItjNfYct&`p3y}d&`JDPO%4|fit!0|>2$0R0*fPvDW1Z#^rl2$;7
z7XMbtFUNKz&0sp;_zMwFOrX>wp>ETrZ67tUJ)2c>w@;lTSzv5SGFeHu#D@tROT>;H
z5<6@{^VkV1!sS+%kR#9L7jWCq{+hC9xH*l+GO0%K?(jV!
z>2YRJGnU0nItZODxhXwm%B-Ftn$SQtviTbOtAw={G+2U*g3icOib%=Tw~JM;FJ)@u
zDb9vveW@f(Gs@$JXa^aZEZZ}9P@!oJ>!Xm;7X8K_00taYZIzB36tc~tPb3zb6wldm
zLg;hj7IWbpe!L0oKu=zaxM~pBauXrcxdf;vCMr2YfC2{Q)~tYJ9aA@V=Y9
zrMLCED9#E`_c*j}fB;*GTAV|&%7-&@Pbx3uzV~70%fbHP-ibU)q3qZYn&PKa9)qqQ
z^AJ%bN6({@MZDzh(ZNaEHkk&B^EXtGV*?rTB~vsU3_4hYa?c^XY0x#X0`+e-Mz#1?
z!z)YS$_}$=hV1LKH{bd)?IdRuY(PKBv;_>KRa3=;)xZXL93uu;t+UKk<^XJ#m?l7S
zEK^ecFLXR2ImyXXV;1zLX@SE7$fbDzt5IIGvenInLxuT-#>lH{Yr51LzKrtQUf(U_
zE9qti?_S_+7tF@}9$Y|Hj-6=1G=qM1#IWIs!CaQCZ
z5$gC6GN8SjSvs#1RIveP%Fu`$ymb9*3(rTbsHkz&_&?yfxV6|Vx^2^*8CU%?7uQ|=
zAPgL7cJ1rDvR~Dx&j)$OS~FvXdVH=;b!`n}*w)hk2^$Iy`S9$nn8gqyPk_yD#5*(S
z$<4*p#+7Ks7--M>URbx~jPyLCk@h9lhE^KpW4l-x@l6CS0woBgsnJ;0Pi}KQmZ;i@
z2Z$E1@y)A$jPC?XXQN`Si9m%c>n)TtE}F%k0$`H)6h!qsNwMkP#HCmleP@tsOTP*d
zNSmH;e
z9uc*yeRG4_9Zp|YvspDtbL?#39Zq{iReKmOCXMf2g(cOebvLEFRMz|#PdLEvyZ3P)
zDXq55KrJ>K&R#b@kI4}5RqB8;YuN1v_wlSKCaM*ld{ITjz1x1RzlQ^>+hxa5B@5K5
z?daF@^Y};wAIYY&`S{zN2A(Gtkl+nPiJ_tRhaWbgEU=#NQLtN(R%t{5ZuqZKrFzM<
z#V&~PS4b{BC=miQ*_OlGa`v98Jh4%ayNIWW$X5BcRqg1J6UI?2&W7aCeZox%x@Wt)
zy>-_1Q1t*P@1FDyb`D+0eHdq~TKgQZgmTVp`Ia7fwz<8YOqPUZjwWDQh?_aH
zccRb_!!)5!UaEJRU}I=y_z*!28=+n6FRj?-tHp)PjN63jB0&FD394FX-Lkt$Zbcm2
zzO$fX=Zp=t?u9BbGtO;nx^BaCvC3ppjxUyZ93i#jTMD@9DNeKa^#=6G8n|I|St*Pt
zW7!>`;10q6PTc0jNPZaPi;}F)SNO6Oy3!gLnLBaME$>yd&azTo)go?B!t*!rt
z?)Dt`A-6b2cMHO+Xh7w*kWSXrEq92X7cayL^zA*H;e1T
z4F^wSz>dI+JZix$g
zvq6DBZp_C@D?wCq?Tb^9+^bK=FiTlFH!#05aWL!>{i?bui%b@-BHt#C7HUPam@tvEvHzbCaSskve*oT6Rr)7IxVJ
zS0cNxnuP0AyL+y0{(O1;SDH=l2;6ipZ4&MZTY3aym6aK3`S=9|$j)@sQ$7r?!aYH}
z)*44!8AMvt=EL(+SCoQN?KJNWcTNqtDtss!sMWTp&%8Jp>g691!%0Mn<&)d
zc`9^Z2DVr>1(h$0P*$Z;5;V@~clmU;{p@TmuJpc|y1PYCoMm56Ncct7w%}U$rmcf9
z+U>K7kEKFp`;yD7S?PS?KR4bsB8$k6N`?Y?t%{^UPmmqOkhBoYKxRhP0yk|~w#xZTU2
z#El7@)X!->Uf
zZy;D6YN(otly<-d?wFU(wXgHZt8#YM
zEloOQ5naE8=huxj11&MAWNtz2c~DGhMP)BA{Qeea(0XtU^k`@%m>cD2bnjRk4g|I$
zyQ@V5Vi*>xDLmx_UQ`y$3#Ky|^&HcTullQn0fWVsEA
zXDUPDgCJq3CTdX0ES3TTA6emQQYVpmVl`*lht)87-7?srXk~7o@1Q{-VhRaAWbDH2
z5{Hwv-%3aA+VSp5XMaF3oT*_}-97Ltyp$xwG!ul&{#@MkjtfKIxSNRgX33%r8Wmni
z=eTcoHxP-+>lq;!{f*I?n_J}UL?e;{u$={Wrzy$pIuxlL+?@tVaC*ko%<~qA_?OY0
zX-iE8Zw(SX&N+A6^ci|{&zQJ9mx;|74i74pCvoN~*|Vi@*;s0%)xm>07RZ^GMMzN-
zX!x^x6!~jZ36&z0sW=ba-T0)wm-$sFhJv`ZyN|nDOG>G_NS()8-fp;Gt~Z$L*@)1z
zi+hQ-b46{t1pOssnHZ7HCriOd*KPrdqLD`(M66_rMyH!}5*o*QM+R`WH1D<3hJlKIY*s@k!S{d39Ol&?D*g^PhaHfO#b5dBj9I-}X6}?N8l~MirVZ_}L$;
z%W=vEv~+6)pmaI<8i$^*va7R)eoI7wqWwn#k{-_Gw~tHHI^pG}7$
zBd>$u+vJhf)co)9>E4Hv1t@=X;_PMrSN!`5Ej@K{hnfx5;(vq9x6T=)w?;W|wab)-
zQgb(}BrnFMMBgoZ+K7#PN0BwYskt^ny(9-9d4m_3HuOeZ1eSxay-ufqEqNp93^<652SSEAJ{2PmM9*?XQpOhQ
zjwd6C!HTb|H^;BrAKqe$#I6cYnvw~-wTPJ{S4dx@J}!HBEcKZ-Jlc8d+5G%m+n{^|
zixjFRT^H^wN*~Eh#kb`4qebO&opgo^6Y591e$3ezU?&1fUU`EY
z$j^#l$8GAhK^`I?fR4b4-j_Sk&U{vNcC}H52k@2erc{N-!6L2HEjkg{#hpStJH#K0h&
zQy{mqaKY#%{T)VkbpP{XQ`G0*p$U0|o(Vw8X1%xU+!hd|Z*9+q=z+OonM%H=MGGD9
z=)Ahw`cq#_s~Z6=4*(AZ_(&Nzk=2l7$2h+(FKm%8MN!{>^Dc^YZ+yf{hz~lcYA;mf
zex9+5Q?sT5<*$nl_|L}p-gPd7aBe%|1toDAKaDJyjWmrZyocsm7?h3AVpM%IF%^J
z)DKKl8h)W$D+U9C^`>|bGhgg1{YKDtz#c5)F>%vU3R)kmk&i`o_Y|B+m(Hl1&k-y7
z)`EqtCydIEimxj2(NMI#mVa5Q1IZOhrov0UQD!kAy*k%`FN43Kx#G1x3AVWZ+qdfZ
znIdMv;mfzKYF%f=Wex%srRIuQ0HREe9UJBhZVDIf-#1;bsG75-alD+Brx?s9l3@@m
z^V+{~qehz2*(K!dNg;u89##U_(A=%j!@I{i@z02Pg=~&KLFPY3O^RqGhH83E-qpS-
zbt@4-L=#M7`|$QRN0LF?#oeC|76YXQy5DchSuY>;gn7wU0Z8%1V&e9$#w`CK)OQ0c-{ymuQhEYVy;+oLaIVsNVcRY
zA8HXn8mKs08SGc1U3vX$Nt_gD59LDIbt{9kA##CIXbs?nwvY>&*hqj!o}ZI_&6i^X
z={3VHm}#Q~62C-K^?C&a*$gbzlYQhyci$V$U|hvjfG)g4V%gIIZeT0k
zJ3d|l_m=IBtqXRv2W=|JE@_Aq@m1Xv(~i7EnIlmOe{y+O16JTG)5c*P+E}eDOkN)u
z@s6K+^cy11RqX-Pc>USXC1|V4nTF_ov?R9*7vY_tosjmD@=`
z%~HqW!906e6L!PW`5kv-eX>DO6T6`nb82wT=)IR7%w9;P5P;)84Hw4Ka?5@weCkfI
z>{g}`^0a$c9ksjKNGGFdql2Vb+GqsiQB}uawKH9f)w2wj5VGb;cjc(8oiEN<*OwE)
z2rJV9#!+*YI6>4+;2%;$4!3=S-Oc%*<#k!Rf3Dp>-MAbT@$o%*cD2Di-ACO`sV%ad
z(7I3CT;5nr1kRhk?LTz>LXtH?G7Cy717BBqp?f2cQc;GfE!D~^qgl7U4yyH8>nmq8
zilDu-`T0Ga#5m8+5JCf0(ou|D_zb_ls@-YM=F^Mrd^{53yx$Hb!OWP{#e7h8%(1z0
zhA4XBzIjWQzT92BwrwspjY>q3A_l=zYDn5w=>@nTG*OvaRwk9vTdc)s6l?bO4^NLZ
z2X&sk-+!~$laGR)rQgdIZfLehK^U()I3LYnf%!9RIUpYygcuA?4_rPHg#d11yp#yXx|H=M(oJVutr&cb&&RYRo>U9CZcpNj~#
zn!N~!eziI;8$d_OWS($cciM9fX-t@B;|w+>eGPa!fb+}NFEgyHWh2%&Pj5l*99bD9
zO_ui&3%7V8fN%xd+IgZH{gciShf5?6=kMGC|3MX=!NQcgKx?T~8966Zaup#ibk;tf
z*u|o0l$`Ij>gNf#<>*otz>*o+Gt5h-*QVGOjo3{Pk_SX2N{sNib7}M)3zuFp5tHo@o7A9VyxoAO{TIOM9@yq(BgP>v=!*vV
zs0wczgZLw!7fpNWcisg4HOXTz@fsJ{%b0QdCUFPF1_~_z^{9+wiJXgeg%GzTFFE==
zcEngYolFbux6;;x5KQE1RsFPx-%uPQsv(?&{A&!v4ZDrbblbs(IoX4~TX`{eS9bSQ
zh(a$qP`t6ws8MR9OK-wIm~ZCQb|>VV!N((2;Wiyac`!sL$>0FRQKXkRFV7Kz4NPWQ
z`|R=QjEt0E1hYro+J5R@$V^+jHlJ;KagInaYDv?mP(g)WJ+_bH8kb{G-As($%$O+2swpi9;`(q}Nx3dKL^$?QHw&3A%Yc<*EGileHx?3j
z@Q8Kayf#F=5P6&YMiTHD9|1o{8IK)pst(T1s!
z>*8@UrkYA7^W2&Fsb)5iumw=wAI!GDb;*_qDIvN+r5RHMT4%+D;-UB~S?E(AXV0H(
zZErshNtdy-uo>Z2vas6b^7$~|%Zy;J>o9s{>>BBWDdv-PL+6HHjz}COg;31Yb4i_5
zLLWNt`z?~?z03LdO7*2NQ(*~5`SePmUDjOSUJ3HAn>I=1l;Lddowh*Mah^|GSsyGm
zE;7QKnPaSq4mWCE3agd&Psg57(M_cnAzYnlI=eF|
z0>Q1o_}p+Uij)S26d;BT!#cDvI#-6&=*x{dv*;BIb>{?3dMtPi^{SU&*5iw+(KV3d#oi1zc>a@t`Ik3geQ=ft(da#_Qz4HWDugt
z`*qK)g+Kq*vX{-!tF1lq=oQGv+J8tE?13{C=z77%2q|S$%cRFKyn>J^z>SoHes$H>
zABXm%rI5YIO|xT~aT<5)ttTmVJBg}rE)`zWM^61Aogdkn^PT2Q94X(~d}4%W95T#I
zxRHKtCXs78J;_5x_lU7U$}RP+KI1}QiamkFo9xGeK6)dOluDYsB6w
zLh-@=YpTww)r?p1+IW2l+O8p8)X|RFWnf%U`FXq5Ao5`q!8(e(cX3*dvJaIrb$1aj
z=9|Med#^ve!-MR8{1^xbeMk&*G}TjqsY@Uzyn+@ehIi_$4A!G4)MzmjbLT=eX^9t-
zj&gV>uT_!=OO@V-p>>L$(!KZP0Z?Ip0%AO!6hFK503w27I;iJ2`PfBbze4muetlK<
z&pYRJcV74Zt9dJZX&b&oBDR)&Bj~;*e^h@somE9O)Ve)>KdaE&3|CE?!h}_tbl}KJ
z34YOb4h=MVNi#)hKIw_d6~R(PHCO40E@CNlFsaGsW)4EbdXu6sq3b
zyl$&$Yapt_bgm=auSmqf$7yP($pbu~`w=!54S~+xP$Ob?F2EW&1f9W6DCkLUDUOR<
z-4{UrUXIj9gZF>{X+W00ZM!Y`5Juy*sQ*reDuV9pjHKpDHeyN0q1|sJU{d0X&`~s4
zJgTlDOi(>UnPPaC@EA8ItV9&jEKlgM_XDf3&$n7CSn`!%J8Q$g#s-1Ct;bj79u6&*
z{ut934?HjmGv_1C$B5(Ds2^HjvNi6IZK=tq_H>&~`?6uQZHVJuRHZ5l0_&0O0}XvB
zutZ5ni!V2yN9J4ldt8L6bhT*I5nJWYKrEoP?(LpDOE$2X^Vbx9z&)x3*{+uE&$C3M
zN5y@mM8#qd(@O+oH?r#0=!J9I-G285&h|_9Qx`wI8n{iq>mCS+tnNj14LqP{uZ!g*
z-RMrAKHuC-!IIi-p$V2iyrpegf!tC&xIlI67S$D1U__r<`N?vxY|}v!qr6Q_2Wv70
znHTqzcP675Kku?V=qvJJGA%lnZr0X;JGP`<5c_25)!^9*WjGym$w}abmU`jcbOHFS
zzpl<_n#t?ajHz3rVH@yy7e!1>u2p+Y;@Nd2gFn9K+S-tgnw;34nX3M>?0Z{E#VM3h
zz0nbvHQ2OkZ(?0s(;-uk1Td1iNE3UO6g2EP?uu9qYFbA~X`f42Y`>#u=`SdpFI__-}6_fSQjHxV-uz&ag
z&(ch(YOaw%vUCqq^{I2-f`V5y^OWY?doPe+km*xhMU^q|w~GH+DIP+y$IR&nHD99y
zo(z+fh`E^ucgE)zWWDs>*wPo8})kZXK-b%TFj&5D2Y
zMK?jO3NFy5W5hMeFk{2*d+fxYO7D2$>_o{*u;Nx@lKh*xO(t^JvVAuiTSYe|m4v^h
zVSMZU?rcRqcSCjlYUE9Dy7_e5*X1dendDd75jRM{mEgH_W4tWldEv9y
zc%?oYBnL$~=zD3i5IV_RclNby32vr&wCDc}+-DWwxnc~N|EMu@B{S_i59{F-J8^r?
zU@^Pye;+5m62#VaVe~*7cR5|9`ERhy)6m?RRi->o*5{qx?d@$OVMPzOmYh=N&M_ux
zBFLo6_xY80|NihZtgm|xkd4P=6#kxk5+i~>%kr0UWfKA2c!K0=GbGOF%hFc~`bKce
z(Iw{o-i}(rB?af{;OWB_vl(gF2{oEc+u7ge&O&Jc4i4c^TVsWEjcKZklz$X*PeRss
zBFChJ!bq6CJi|Y)oLhR?bvy8-kJT0)2*EaNrjSt2?#M%EztBZ7^6zH5aSG+Ra8EY_
zT32^UkuMF@;<7-I4**qZKXfHUx_1k?C^^Ur=(s!Eez^H)bCV1G(G$0GY-VRtEx6|_
zmQigiGB;|uQGWnVq~e!eWr_<^iC!YRj8ZPvX3Ry)VfYrIak4=)Fm!G@TqBOb;1F-`
z-g|FEHj1{V$Ev2CL3QJy$-m`-KV`_axS*!U$CiOqp~8g7$6cR_?H8SgF9hzVN~noq
z>bcOXRkI3;23iu=A~M4!Nv2xeNDH`4>g8k{;x1x5BV54VU^MAIB=@VE^S!}YSF(q4
zB&vG@YKg%F8@6AzBvtf^)ND28O;k_mzngFY&HC2!bSKoeL+VI@&pKcC1`AS%`g{$;
z9sFqXaXV{tZ+?}L1|Y3supy~6)%Dg8KFwRT1Eb+kT3+Du#3mr{1fUCHGy%CC%|RXs
zhTkuRNf9DbSXqc1289Grg$mC|ObzTus9y#dqeLJp)h?|q{fM(*+1wk`)P57`gHbIO
zZCv+JZ?<+;sWNnwSp6-Mn4H?7uF^5fz#+RV<`A_7O3sE|BNfJN!niz|s~;{aqViZDzLlf5=LeU%%*K(!i`_j
zARm-A$2+@w-ET_*E1_RX`y3JO@9ckZp4@Hl4)$Mv$aXs?d#A$Vp83WyqF$uUwOOsd6R63=*XEL9n)|dr(0;3SNgq>7l&MSrg-hhC`1kRi_
z#x!QVv&ABRt8pW8i_9LmXyKEeZ?7M2FFgFd
zl>iWKkF51m6D(gKLi6lN_OQFv-F~Z1CYsu%j*gv2RlodcXIL?v?6mu)>|YgWCf^6X
z((vGh&1mj8{>WMOoHwAabu&?PP?Rvo$o=)n_A}<{qX>GDDMuHgx`8umd%)}JPw9Sv
z#CD*x4fsrbgd`;Mgw-Kcp|s5w(nLhtp?_Lryb8Q^p9JSQKqZPa$^miilHqfMIL;@d
zx`BwPhea{bmPYSUNu0{vZ91Rus{0#9HfUZ>AtKhQtprEGBJ2l3A*Ve=+;43oHL#TC
zax`0#VDFLz;9tD((2>nW^AATSZ#TBm+&U&V0{4z*Nmamud&1jMKd!~6?=mi+8CCCD
zAho~)U*r?F27?-pip&P8HO2A(#C+ksGLB;&CBbnUYcZ43I^i8@qEA_aL{I`Z#v#6S
z@e48*(37p)=u?1;vZuadR^S1(+9Px)N#|40)qvEARNQM>Z~>^O?2$=aaKE_LG*N_P
z5zaIqqrLn7^y8|}_+X#wxP=K?8}ZZz+3C*flitzKmVRV;{L{%^@BPm4n;!o7?R{X!
zT~#*#@e7!2SBEbo;XOy2c5iEDwvM}c;72MO1)AY{==Ot$$zA|_AhVNAK0kPj&->F4
z2YOVjce)|^0$%th;xS;b4iY)q6k#EdmFEmnG)EiOYHM@rzhtc}Zx`_#z$NmQYdkQ6
z1tWGooReeHKwZI98Os%S?2w?B@F(O{rEykkhvVxqKv}&ceFSAaQ~OxNY6B$_UdDgP
z<_IyR5<{9PHH?sLm1h(wC=h@l!!y;yW9!$}62-qIiYPYKy}RDvX_gfw8=Mz-Rxm2x
zc^=9Li%hV>EzdfgimS!_IG)7QpHKGhi>a)%x_G<^#_vI3#Dig9zwe66^ysP}-j-kt
z?y*q}V#Bg^-|7ep+^X~IKEs4-L17@QwOUqorYCCswmB$88xb1MQ))TxoXYYg+vjyT
z5Q!9(X6Dyr-{lc~Z2>#ar!q`bd}20F8BbYE_;Gm>BIr!!On6;raOx@X6>@;QfRP>R
zN3vz&1H1_N_I47syl%UK4Au0#VhWQ
zCRwLgHS3P!z`@PcMb1{Qgu`;pAmYzGce@tVy&wyi%y+Lp1d3~4uaOYCzvRXv!*q{$
zQ0otWXc0sw$%sKqy>hF-1SC~8Rgv|Wa7>$eof%@`N8!SjUW?d1vGav
zlE*hND|`nc$_oV+fs#a0Rf`xi8F(P&YAL198KwD#1T_U}TO}OF_#h03x>f+0GVZ#T
zpCv5|U7&S{54z&9=Oh>83~y*J0ih(?rstvj&N_G_e?&+~CwkQkzsr7C^+DY@g|c)o
zOjhCQL|R~E!9sOicGgH163b=8hH@+r=e)!{6eZXeQ2+r1Y{*xZYO{GpV+Q@`hpHiYFW}5z!|=yqJkG(X`7(E-bK_i~SLfC3*m=mz<;R0T
zrZ+D`4y*2rs53UBNuyS+YUboRueB^GB?vq_VrC)#WH+Jb)H95MQG(N@7*x&)`AiyDDIOB9?9r>+N+aQxtXUC)B>7
zLacU$4n=^WdqcPHD}srS>Q?FaA652&i+MMn&HMc_dpVSkU**#a=ZCr*%D21jOk*<0
zB`9OWyh8ObN$FeWW0VZ!Dyk+0pZww0kDR{Vg&8OvYVh=Y6fw~#B5E9RZwYuIg6TaR
zU=Rv+WQiyS5*2C2AL3cxsI({jCk+fnP(Z{Or(I;HM<=I8A7SY~4V`tl6$tsGCP1j!
z!NLl+#&3&MPV^D;F(*6_*8H>6ef19(e}FZ9i2A
zGeX&{n1*x6*a(Hc7MoZXxlyo`IY&Lc2EbzB%U`*o-(qGV=WT-4^#=c|Tn}DZL0cH(
zg_Z)heHFnI>jhP4UBI$?G%UP()O@Ia`Y+WCLP=W<3f(v)TioOVsla$XQfnnhK;=GR
zQ25(S$?Os?p
zDcQA;vL@q}1&8RKE0B!dzOAgZ%nRK4{!aUAf+Je$j^|5?BxB$IIhao)O`RVz)4}w8
z$O0fPxl941mQL0dgnPniVkaY!9MH_5yJR9S_plo~K=&L`jOOCru}D+Q&NtkD&a77J
zIeeT+GiCc6*t2MN+c`YhcSrtxjtUSq#od4-qD?>&Zkj
zsB?fhM5xBrh3upj+#4mkK%7~LzAUtvReB)fRHx+`G$xH^Dc1K~>6|A;H5oQGQjCg_
z?mGL-4UPEFmheGvHYD5Md&m@tOq4v`tQ>&uHxuPU&C3yf^o;{;SVF<=Z~wk*L@Yc~
z?__Ipfeki3b&_aAPncSgcG!oc=dL500IHWJ>=f)XK`(CSL?!qj&yFj1aC5gY*_qU*
z!i10eB}1{bdDq`Ykw*}6NenEa1zRWswkT%JWj`(Z?$!Nn``N>6jV0^#z%b%(OEA!0
zxxvrN2Hz4-@Faa~%iUhjwl=prOU-TA*cSr{;R`c_WI;a
z_vrYY4G%58(moFc)wt8lL@aLrjgto&0{Hswi_CNDa@V128CP!fo3zQa1JYUTb(yeR
zac`t5q^4%f9TFk~&CW>ahPsW$SO1ggcy4U}HZMWapg%pbbnlA*
z(uX@XD~6qInVBL9$}HxGcgI*4b=d(SnA^jP7lz?x%2-^PGaVMY0#Q6#Mj!H!4Q`{sh&7#E74igYqidubr*UUY7XhRsZ~Q*1gPKI8chM;!Q{f-w#Pt
ztWGdzB14g+*napy7&fEgb~$z%o$W59^_JE~&DkfdUAZsI*g$~8QHPEv7Ew>+tioM2
z?;sXb_9V>CN{KQH$=c*@;Hl7|Hpq+5WWm@{re@hR_d4zib*?w42YuDi1e40;|E8v~FQ
z(tAKdf&bAu?mUiURRFOPVXR7S9?8tm#J^E#O-D*CJYdy7WeA%>T7g-cI+4cy1
zP2elzx!wHl$&H~qwOlD8X
z?wqZh(M^6Pp{Z@pjF$Li);mPpHdASV?5XpBKG9lkJu$jVrKG7tz?7^Rb0ho9G->@=
z(mYVY)$>fh64$L{>Hpm=7L>`S_ZR_h0elIymTb8if^X#;%sX#MQ{I@AFRcJyFeIAP
zZyKF@+#b9FIp02#-BrXy!lU!E+SpArGlVEV^?|>drr3IFO_mg_34Xl$z2lotQUzOs
z%67B^C@oNV_`z2oaI2c2sPAfL$UDf3t#X(fe^3epu6PWb+ad)(>f?YkgPlr`f1{>9
zMd@ob0R7awD1o?UOMIMd$qZx3GPFn&`YFCEy$p%7qfT7b+N=uOj-a`6W$nBk3+e0t
zm=vpDga-m5RA~PfyM6umM%f-q5-PG<$?0ibmo)@uFGu|M)u6h7s+(MBQHyNxlEr`SeBJ)>OTD4m~vRL{rmV39E*fRmE-5pUQ+sRKZ=d&xOa$e@M`qkx}
zBYrclXTu1|K5&~{gfqB{7O5{1_X-K
zBodA;kg)vxw%qOmV<1{a^WaCpBm0`Yb8X#1eP;}Lom$Ezg81FL*7p}TqPf5amnJCy
z`8Ir-%J3||G5-#%Rx~zl&?2Nxk}oyJD8KIu3`Z)J^C{g_FW~3yXE5&@5)HNjocGfc
zWqA;Kq!bOPrXIB3(~_@mFqaIXVkmy&J8CfChEDB!tK^ImAU~FQU~(vhk7S)lbwf3R
zMF@~^Aej@tb;gJAkwI>ROA^&2PXVdrHf!~XH3T_bn~n#~MWPub_@~7$%I5$00ouiM
zm*v}ZW9=Mvwz@h4*UihWn;9@h;?i`SgXx1~nH4zE=3`9K=v?MqY%X)=E+W(-cV5X*
zv&$>`zEM7i&~*cuWPA}p-1;l<4)R-kM!zGvEs0}-4+EUxO+Fp-cV+q!-vEWpau{$p
zm_goe5ciR|Ch4a&^$0sx)RxNT%Ql-VTo7s8vWoQcS>TBMGa4MG!-}c&)wy}7M<@vn
zyE!>G#VcfVZT&AIPpf${0$1c2a!=&sRxQ}pquHnf`{C!}c7mxp(1tVZMO450vPcz0
z>uG;bPBq?P6qUw=Q5p+vA+_ktaRk78M%S+`A0Rs%GFnit2m~*IEaMwnPQ+kK_;arMp+nuj>1gP(XcLl>{1Vv!QPo87zdq
z-{?^Ga+wD3U1-a*DUh=;=8ox9+h;gDN?Uu~O@&l8V*E%<~W+E0cwQ`G~|qf-uc=`utCj1D0Gz
zsXc9R*;=1e^>j?hX$CkRMBDu>T6(6XdrT|zv};nwc{Iw(-||&fKmKhljlKn^%+y$p
z##vp~T(x|lDCRV(h;(Qdk?m1VCag)jVNI!EPf$K=urtt63s7V^19PeL)dKFd?T;F3
zF`VBpBv=r|*0M2{wCDP;tu62>hU6m?E>%jPH7HQaFeUKR?VK;{oV~vCCtfK8Et2fq~kHWo}CR1!@J&a542^H((DXmfH#BkadqCQ
z`)(yhEOToSJy;6Ld%XEDwm2hqKKIU@^}I6I-1E*y#4M4fqHXOI?43-zmr_UgG%j!1
zzq-{;IcZ`fa3&cm=Cl~~CyJi3M+YxEhWy_7HYKI)`1`!lrohEIUM#^*)z_bUC+~NT
z_uljl_Ft<565-thG>ioiEt>7_R`+p~wM4EjFnCUl_4jvDo>XPxce}g2kH`Cmr*GT*
z`DAzJ@NE;D;_H7As&#>P?Vc{~*k{0wE^E$OeJt6;YH|v_bWYxID@NIi%A1>2+mCNz
z@BT-n2AE7-q^NGNi@sv%%7r2FEpkjfM;D3u@>tzADMX={3dPiL
z{{_k&g%F28Nu`bXB$S)6ZENaO41osIJz_k^pn&DN9?d#_*jCiG|dsG_m}iR{g)t<9t_YN
zLnTd<*M}7V+-l$|`bKrYUE#j^hEM@6+s4-Ff_#q~hkKt-)>AVgccGmrH653Qw8VWa
zhL5(N=-tq2oK_?3i%J3OOgK&|Qqy<$WJYA~d9)qJLrScdz(7S^>KN-IG$bMq7qPoRP5jlBLynp8cggx|HD^)4rQuYcL&9brIw{rSW`2zg-Z
zbiosg@GM?Dfs;m8`m=tX-&`exF}ZXjA$j5a%KT1JqvATH!n;f71jy)by?FHvGQlt2f8^n=9k57JDOG4{FzMhT~P|$NfOS<
zp1e$`!69;VA=U}iAH5#37wGGf$+h71`XTh}K6Q^*
zbo!@{d%eR?ANG#-cO}P;51d!H_ipdl4bDe*;c_4h8R0xd@&v|+Ic2!)>#agPZ7dqy
zEZt0+?MqplAbUM^b|iaGYS_9O#~33vR{+~njyFd6ZRTN}Ol?TpMEnfG=tOLfxQCuO
zHpza=no!s+Po>B~xGz!^GI3eF1fe0fXgYi(coWdOt6L)Mo%c3vEj~5Q;2%7Dd4|s}
zUtN?_$m*eE>jE2p#KQJS7(F7i3`+nCffB@3wr0)M54X3(btL^rc3oq4Zoq9M6&-P)
z2^2E+HO2!1oL;-2
zZ_4g?m|!DmgVeGkKQ)cW%{r#kWw{QO;v9=;b8qIsqmlqoZsTI$b3jNnrc(6NLV@Q#
z0+d#Wde*T(4%%9nR`(bV->^V)8_~(f7FTxj)WFJ14pbHQ3sG^yZpVq^2r=K{U&&7>
zHKZ@-R=D(Jvl92K6*p#xJ2Q_GInt6J?tVHx**od&9vz;XwgU|q7$>8*&4kcR31Ap=
ze9pl4ja1sVL`tM=OotJb<{}P+6g|$2pMh1zO+n<0b+5-+Z4fpD6{7F=Yi%z&XlLbx
z8@Op<>;D^MS4fjtW7WyNrU|XaPDj@lAtZH|#+->)Vc>#}Z>;`q-;L?c!GU5lr=%;)
zRy+Mw0U&tGjnyoiug1$Ar^V%ICHmeU5JY$`Z7Du%v%4L*NXI9!skqkuA)4fUJ
zZE7_sZZ)1aNuyD9X!5(Uo}$DWO^(>ex5+JKLfkqLE}HW-?zu>b6JJp_Y(ncgDxqq%
zPyz+o85IoFH0Poedtcb(Jy`mv+vplZ@~mN?{%d^jVs)PkYoroPtlOk%Ez)?tEN!2JXPod_3q53a#Hf6e0s=sM3DZ
z9vzM2!<~cP?#{=P-Y@$n`>zl7(vo9gUS-l-8OH8S?wqXbL*DlKrPWaJpexTl2c#ADis+z8cd>4}mkHZutlPtJZ1)h+k&C2Y3=
z6oXZ(2}z+O7Eh(6HO+V{F>6P+er=a}6Fuq;tQ$y;2FlD{J1IRzF^3dw7s|1p0iSzM
z+TzrciObJs*fY~aClSPaEG=yb4=^s!(nL~A>)_L>c8&>i>{tR{xjv`cmf!9bN9oIW
zDE%zOI(MB}tycw8SkL?YLVOf<)|cn{U0|ZESO|4MK|)7ZCDzci^JN)QYt|5hw~;6{
ziWNLS_{Auj%O|q8px5muK9;zml^4kSgM^Q`kHqs^hA*}5
zUK#P#w$JKH00p3@M9PXMmdmH^dPHL{c~y6#s8V)(BwNc+3mrL?|nQzde>INqRlqON~Ag1#`JFZOU+ebq_fjI-w8r7LFRMj
zvkLb{TfWC<_BIa>p9L+nL)n-!oP
ziS9%@i^5`p`{i9P8QwuAcn70ABK@Y~NCFSwRRMzKB9`WuvKLH)J`M9^htvMzB{VY@
za)}0w7Kf+Ku;eqX-is6BF7m8%CK{&;(g%#Fd;7c2e?Mt!rrLYO#hIR6=o2z^>+GGe@nhU#E658kA$0q`O}9qxbOAX1b4zH4PKZ!Y=6t65!kX2sA&LBXTZuuJmuFkg~2
z(%;IWZYP0P(Lf{Z3R)n!_B&)f|5#m)k^YJ&3Tt;kN?glPf{No)7n&TKa2=OV>HjthZbEZ}N<_u`V(oyLWp
z7S5u1W~|W09iU(;{b!xd&$qHa;Gb=UNJkglv!MI8s)!M(+!%`4T*~kJ;Swe
zPthrzR*iRbo%h^Rw0y}%b+bJ<1DVPZ=wRg$u?2KQuDSgUiXa<+*yKlX;fD7Os~7?i
zjYrDum9(n8JKQNrkA-lCtdEt7p;U{N1QsZDkUo>!1>Y!n!6>?L5qI^
zfKNKJ>(HC(5n`QTl++p%)T12zw9!~o{=118`H$jmfF9WA+s{&?Wz(zmBN3~V!QH|w
zTBS)bg|Z|x{rcV7!C~)2PUJlXfwZR`tI1@53l#UN=JI8_q4;jPEE*WV73Q!K(2IvM
z{w@ghDL1XY8kj9Oi7W$Xz{d$9;HwV6S1Aru|1c;b3O$NkrtpM6BE^nm@~~2pCC!Yy
zbX(~L>o(oXpJI%Z8sP-P6=zKrvpVZOn`|6wLFL)At%*Sty^1&${ZGyqZEZa>D-mkD
zE$BOIqQ-L>x7tCyk58NM^qBjOd1NV`sAp*{V0$hGWK(vVW;?qYBOxkCpLH#L0d|4+
zi$Ffvgvm1<6JRgqXkEBK<>7uy`hh-gTn02{CYY0to;
z+{gj+eI`XA4bqJ}r#8Y;8!fRP$CEYXxc}>;GZSwsbP}5(*|JTi7!wS4FxMWO^J
zyGH?O>h=q_0!3z664>a?65b>AlHF6{JL_3Tp(7IXnWxgu_K~h?%_3dIdR_`o3D-=+
z!63-?WdGgg{lne&er7;#GaErwct#UD3*1;EbdrvXCKt6=a}^DyDLLlWDwjl|@XzX8V)#r1Bf(1IPV`ockKnILrdd
z&hbaLC5~wHUe7OwA+(Clc0;n5=ydoG&e*W>IFX)(N#I}4`17lN-Mw+^%bjXgjYD&=
z4o@_r;`MK!WKUXxw*~x6yl?3+%)R5FNpI)3_Bi}K
zt|{79alaH4vFD8Uv32377EO^;=3N8CkT)Hb14y12o4<1r+exga%&kf~fzaq45TH-k
zM4Ha@m!6|Q0dfK{V^7S4Y%-9Fz|2r8Wp&VJ_kh#g&ek*oqlT=g)8$PYc@A!i-3aea
z#%!E+J;Kzv=Se~nK+yZQw@KrtlGcp!ac5%ULmd3Gp$VyX$LAZ}^HR}$ap#)mJQm)%
zXQQdc?ux_%13x0!b-U2gS;M)=-@E+%)ucMBZbPymNuH=Rahn*b4bJnw;F~4Fl};`o
z3qSneJzPbxa#FdEeZ4VR93P!2%l-)XZ#7FV(6%-6bC?X4JWsW5oqpwP}Y6KAW4TLKpwE1XN3VUke(j2^*(f=h%SJI
z9nv0dXiBjn!h3}|Y!ASK>)!EkJ8De!&vKa$!o@uMoZWHT6DW(=0g}WUgMx|kVNibM
z$d4?`WT_M(x`FsyPVerFs+YV|R5axk*ZGZ5b&*9<+l8>X6jTQ0gEU@~Jdj>Nc4WQp
zB{w)K+)xd^=J_!reUI~|hp^z@=%QZ+lBlwlw9mKN51n5Kq73J
z;2Q)x3ENCxXCJrET$V+)$`p?PHjVvvfpw}BBMx_kQOP)OIFq
zn3*@+Btr_A*X-TL4;q&%>?cd19XHv}^Zq55%FBFo^=gz~fI}W{#*WX{*kivg?zxJc
zn$7kaut4b0aWcFctT>MA0U+W<2(+?sEy;)o(hmoMZ1O?DCA>6M-OhFIllK!C9hxaM
zW^Xo?wGnBI+OZM%z+omS@%D)Jki#JPF9cei8DpBs13|d
z6{>KN&(WY_;6WKptU;In5;lN)<`Cj9+%PyF3SH&axf9SZYs!3})BEepuW38sM$+~y
zJM8$fJfp6t=Yp0EL(B)keTH|nq?b}kludUsy&aq;x+CwfDu1o4a0}<9b!hMS!~WsU
zflylK?CAzg^{;c}m4sef@)oUBt#yf8?|k`ZhFgndu|pGP-F!dy)dhShcyKo2?Y8{~
z_PcUU1w;fd(6+7k>@LbpO8tcizP2xTSQnhfvSh!rrflsppAFoes+9KHZ@?GxeFSBR
z7LO&}V7~RX9L7_^hRq=oIG+D&4z@
z^G@Lovg|Z82ZES|q3EnBVl1-Ob*5gX-(>_t5k(9(Zf=HPYd^!p5}w@o8Hlpswln2Q
zdna%XtL2_uT@0c=0#y=$PlBOG^3F?eOxY8_6!Gn>9V5G7dh+Q7mqs{VIog<`
z56qY4gi$Z)#1O>W{GuZ^Y29~5$dGr^mRWs-6fG~UZY4Z9%~vfZOcQBv46+T-qlFDY
zKu06#za!z@EN;EdT9q+}-$j6E%zu$wE>)t-Ds14;o@%!W0N&D!in$WfXc0YL$eTr6
zd9A{fP^$A8Xgp2PQTa4+MS;EI5|ZB9IIk+a2cP(L?ncKLO>oh_9djpuCS0f^BQ4s7
z8@{IA{(8W4#B4y5mIX)td~6n{-B|kLA%eCNS
zn@^YcgL^}-0p>nG$WMBgGc&dQo=9&x0?TEzY9EAxL+Q#cHXF;zQ
zrx7&Cz|g?A{UT8s1mYs0eG&3Tvb~(mhgaSKs{_2$NH>AU6^wXtBT?%An`}U`R>(QR
zDga7%-w808Mk0XMrH#=jPnqAjm&0XPiR7;6HUyBHZjLc7O0~%Hk}0n^eM_d{W+`*I
zhs*kdVF(eC<&%!^994d>{nNLVDc4=wbP+YH7d^r9>oC>5gq7n0Vo;-^Iv?bBCZ!`wB5z#Vln4YYVttdFnmwP#C4oLbQw5S+?(sbl5zQw$=oA^$>15ak6g}=jTgn&B$W!Jn
zrB4P)9HEpxE8;XbtiU&IW$?R_IEd4B>*3}D%9dQjISmORCwIb^j-LL$?8?hgWNSz=
zI&6zF@m?`yw3L1uL&$8Z&lBfq?94nx@tGnqXK1C4YcTClT0@|cizI(ZDuBj
z8DsDI62EyiK9Bu0*1!?S)hrJjxIBfHVnXIX)!261pLib0Hv`A5&$V06+c}sL-OX0w
zRh|eX+K}1NZkM0!+EdvAUt^Qoy?1F$j)u}V07T~v;ctG3pL|op+9T@f#fx};6$24)
z&ptPJiKO4_2$;|kmray02=(~;G0X;XG6x?wSyR6l!dbliK`L3s8aF5j3Jte&4&hB1v=V5pA>3Vnhg=5Hh
zY8rKbi}|3^v1ziu-Fs?0^@pQ3pAOt~c;k$1p8{ph5Dn^e%iu>`{jo!~l#9&I
z>)$=xeuT*_DOoH@C7vM~09&l{p~56f`ArM7wO?h&g$sKNZcQ(@HlJ)hdEDK8_~_9q
zHV39ufCL&-d1Fn+)EPukm(ce%mp<&(ShU_^d&!O_y?q_klcq=S0kww(n#gX
z;ACxjY15V@mPFpir~=j_D4VJEDOx5bx*SC<)Huto*iDT;Xk~c^1@&tMN=7CL<8x)U
z$8I+?OB(sONpmn_znG&i8*npIVdx?mk4Cz?JBPb_2M2CTJvlwzKYSN=kL%86FgsA_
zfJE!JK=7M@QNbg7UNlf?La
zf453rND8N#UgU&fE(nNO%93+cZRqCn#$*ltuotgiraros7EJ@d2=mco?{ws}1m$+p
zlx)o^Q!xNsTVSnOfl!=|c*~9KxIqfp(K@N%nzmB6#b#?UP)X-Fi_?yZi^8dzTG-{*
zDXt7CJ&eGuLxJEX;u#ENP9#Q&npUL{FZ>6}GBk8Ad3NdNob?atMlD@#a;`>8mDeHl
zgbH~53yEl)H|*&&iYVc|D$WPp;q0ekluNw!wPfwy@^psV(Nf7#kPe$w5d=_+fl
zLrf_Ha&HXQcw)+0)!`|w8gl`cZ9v%_(IM^&_
zc!F85LmU@%DmfPBqMci}Hv)>3Zlcfj|e{jQl>5QA&
zht2J#iz5XrQG5X}hMOFW##@RYVR$JJB-;eBfTg^g8DG@6oXm&D(2f0A!F4mE&Ic09
zm#dgc5iwP{dzJ44#!h;WxNG!-CaScF6-&_@ZhXZoMRZ%<7SFuyGfIxvMhkP64~BOg
zDPIjDyQS^qYa*{~`4@yaL8~N-2pQfT9XWq!?_h8DG^SSw!F^-vV`EX)`b#USI7!q-
zxEza`t#&KZ9%FW6HCx%)m2A<)?>q9$aUZ`s80ac1IR7Zg-y2mt^EEOzg@t*~*Nc+E
zV{`@&#r1|pP&zW~UK3a1Jn6haEutOlONBT%nPhj9JS7Syd7VE|jwn2nE
z&)oNP;2&jcA9tNKzSFh`PD6TL;DwRx;Hsy<@HT%@RT&gDRS6r#03k#hO!FIc3G_5e
zBe-;fWiU9rvIVw=JY_lJiX5y9M}VkBHpF}sP+*}`n3GLjVU0AuYB||Y=FP4#!MSnm
zO>s}l`t+PZ+PcS$CFMZJbMD+Eio$I|R;}Mg#W*JAr07Il_z2BfT|f%)TrCa!z~^yR
z+<~X1)$NV)+uK$=?JYe;)-oewPZD&ZX;)5UGc21c+yt-^9xFgV=3{5M`duW23E#mj
zi#b^Bb~jcR(7!=Ltnsp!42`kF#k5{P?~5n-VXm83bOpotoHvwA{OAJH~OIw%VUN48=5
ze4!0%i@u!44*G+U6zpv26Kp=dXErXNsI@Cp<4p=?2AHe>qC@@YHYyf*C2-j-sNC)X
zQU+J0Hg43!gcdQqEfCMsj%0iLfhWYg-!<#xINdurU2ovEaq}k3)RR({H|bJRF&l97xOBU?#ggdh#>@9;Lh>>ciZL8cN(#2HAyhq<>Y@k>gqx;XG!bzWdEBnEJ(
zKjT%tg)lT+Kd#9&=YI|_b>F&wS;n8Oq
zM*Q;TcxV6c9s-CJ!FeqtU>iyYnln)ndWw{$z{s^=AQ6+_INus$1$tLeGC>#
zf-f+I$c1R58eIl*SVcE&ETBnRigsyPmm2CD%7H;zyBpb4n3pn`oSmEIRTeC$3uN;Q
zEf=;PnT8M_7n9;zbmU|v#4P@;P}^-`MhJUNw;B$FR$c3UR5(VklhwJnVVp5PX1=My
zWmSb!M)*YJg|fqF5N~^@F?F+_~y|Lw8)=
z^j57QgzHfX_Xy&qmDgBwSA7JpEX+900^8?1+W5p6TKh+M%P|}dn`7g`o?#%LO4Plx
z+Y@%EgZ-yF;TfAwHcKUCvOP8|
zL?-y*_GV&%n`JM$d4O|}98myk9nE@TsmoYu>O5*?gqHUdwJD)*XDjW=oBeJRA@jin
zk=f7A_j8Wb%Pao-3XxIOzv>$Kw~-1-Bbi9?h&K_hEsxx>veO#e8`y$6E?K$Bl{~Qb
zwZj6j2}eO86(|g~pvF66<|UnbSqI%h3aSm)eU=V%l7qsMOK$RMqhQd1MTxh8Xv<5w
zU4emOr<^yaT3fQNRBQ+3MetZdmw!8pq9BTIVXRdoBWcD>ZuQB+7Va${NH8+((T%kV
z&<4gXDp*$;sefaaOtWI)?=q~i!L+)niQzvYjB*;M`dG
zs>WGG|59hcBzdX#+^C;R%!GRWrWrH?>DNhmT{BNhPAL7;?nSU5hP;=Znx%aMH-rcU
zjcOxGzltjt^W2EBS8Wd_`&*uk#r-O7#{#@KK)O9Hv(vB^h)|w!y@S-aUQ4Jb4Ej)@rVCdtq&oOaKj9sy^sZ2d4)>%Y7uVz&v){t-3
z5ojhY+0LvI^GN;p1>m8PKHrE^RTPc8bLY~$&dh++N0`0@{)mg9x|r7{dabdz^O5@Jlt?MFl0RGli~IV
zY@|i8OO)59s>Lkd_)&2B5z}ZWFKEeIn1y}(_)dP1is*Ed>dASjv#89J4`Xk
zMEQ<&UeBmW_jivE589dAXu54nr#2u*o`Od*`{ol{HZ5&vQn!gdQGV0T`oti}1>)--
z9Ukl+FTY?ry`n;7y#kH(2`H{4Aq5HK_xxjLK&>*MVbmhq%VtCOJmL3!KVJ^Db(4?M(XeCKXI(ngwRE=W*87vbO#=da@xfGCcLa<9-#{Z`3s-%>A>
zaq0>i5Ysa|xfrQ`8KgRFYDvPtcNX7wofUb2dvQ&|ztOPB5^!_5A|yA#$z;02wd}ZQ
zG!J@|x^afi+*F>9sSQCC#e4t(_$LK!<~3sK;RzTl*fK*#LR6b%P=2$*dHTqPom})l
zlW^Qvj>yl1_PhimKH1;tWvPHS9All=#u
z@mU@jz|kiUosw{Yt?`+yfu7?~mzRSZ!skSuqRXSvM3y=jmGzj(V>T
zb`F0Qk;%Q!y@UP3J+Z(xtfh@ZP1!
zXOwal@jYIu^)ARqYbTrUu$xqqg*EUQ>W}#-`w7~QY~G6UJNcHgUPnwK{YGH@%`ol
zW-o7Q{_tvoM*MNVo(G~glkfTa_%>|IQny}4dizixd`w*XnXb(jwO^an(G_iL66|6~3`48Fj
z_IkFiK+Mu}0V1~Oi<{|bPqQ_*^-$=SqU8T5db6}{op~}YYIvgDrpVYqfsK{nyTXY)
zS0irvrl9Ofou3!N&SeZIkS7LYap^@4~}+s4tm;8zHJ&M
zUu)4R2GL9ssi~OG3hA=5x$~TT5oJ4hTh>(jyN8=kHXd$1jaiKznC?&%;=5RlrxrHqYe-=(!-BHtY87IT$Q#w7BZqOP&
zyE}gzEw99D0m7Lky%xXO6tkjpyZwj>)D~}R`}t-ob>bLPV8#y0S#Ok&38W%537jr?
z$pH$2nd9LglHDq_8deNErnI7b&zNLPJ$3zn+yc7T@EUGCfa1JW8*$ZIRZT2eGoMwR
z7>QEQEBSc5e|Y-#VE^a64g7ktyK~6jEUmK;^@Z@-Vrv`cCRUdbX1WKY2u!I)N5UyG
zP5dlr%M?*8axAY=UraY8aWYlzO55R^;ZKyPs&lu&-X#)Bh@Ro|BH3LSg-{G9jNs)G
zFlcGe+FsA*7i{owwj&5VR$d0uU^)#i3oj`NRPFV9OM)edVxvrT`7E9m8JNUM%_}G8
zzE5|K1l=I0>h=8d^?K4Ci=E|My0sZmHSkX|d?)XY69sNS4oyVRt4xOI!pCg0Rw$+g
zIUgg1%9PtjHzLe#5AblIzYCUPmoO^ssXR{Bk$iJ!mZog-t0JL98G;DSbZ})7wf?OY
zXZNHq;Jjl^@Wt)FMym3okn_MEN#4X0!x(!KVJ%W(;QVyv)Z;_Ws@sl$;e3B_gpRB%b?j9<*S|eEtqSqBo?O@whTAa
zg971*rW&;G(1rXR@8xbt5h8p5!6=~)2>__(MzPcm3Cei!Mu@eSx``G+J*RAKwMs!O
z*6nbIJ%2+@Fo|y|6w!o8?Z6Ek%Sw{nku2ns?d>0J9gpe@0Be-0$lCKld9g&QXG$_Gt8o`8WN`R1*0k2o6;;=2Q
zZk8RBL}`%q4)^xn^gbW&e8he5hmU)28USz(t>AI%!foB|9mRfz+mQl(+WoDq+toGt
zY*n&#Q05n7H}&0-Dcn9n#}0hF!&V?=`gX1bL7}2mwG8jHCF#+L=DqS!J9?3BPc?cs
z-YuS`cjsO&363fy_iNO77W?^6K6ZZURp*nyHRHb0%lqsutW7r40L|n{;3l^!eN%>J
zPo^-Mz>}2+4Hb%V#&O6nI2Smsr~Y9oslAXRgN14g?3U*hufPS=XaxOJWxMm>uDpW
zdQ-*CNej%OZRrZ|%?)chDP(()b)j_9#l}=&?nxRE5wx=WgbkcLVYO}I(lVm{l^#P|
z?#vl^Q{Nu-oKZUwKS|h`Q7G}f%+ks?l_LC<1aEko^~|cSLWKM6J{fVJFTqEej??1e
z`ELIst3qYn--uSejB>N3<30?vn}9UGmgG^QNp2GcuV;zSO4vkJL`)wft36-r&v91D
zS+sL9W6xrr;=WEEZLtx;qE_uQ_0oY8pCR4Qn7G1#>G_ldT|jV(@bK*su~uoGCR!R&
zbZUvg3AU{LXbCZ=yDjwqP2Yx>GFo$$J42CQwi*N%reD!TKPOVTVh-{_v=OvG$f1Jm
z*b02lo)--a-(Aq%Ybl+sKEL)ewY>BnQbo+?(W5Zjbrdc#4d;Hm5Qu|`PZ{>pw0v2+
zaSz}Y75GX<-AOgP8_kB@e%?qJnS~1d`EQCdP_>a9MO<%S<6Aljt*=EBuB+~Ay}_9f
zvXcw7vdni2l2a|i)%z(gc`2Z8v0CGb!=iW(_eL^jbZoB2n0Afd7Tj?%W#d)(eX(_4
zM%ZeG$U#957_=^cLtX>!L0JAyZ}zFP3}w5>Lu3JNekEjf|KvzxYU!(e;f*LIT{<4t;|xl(R&gcS+0n
zJr1v8x+GXKm0s~})ddr+KoVq&ZM}y(&vM3YOdf9fim}|t*huF{$tl_C-Agdho>tT1
z$~_ItWQsNohLcaDj+lx8Q9(hGEFH|awZt2Vb%PWRelI{4G2o0lZ-+OLq7|$H#gEkHk9^2>DiksZ0o!RQJ4ZRb!FDykjJYGT;
zA%zItNuB3`rb^vk^Pvf=w?o50N=IzrixmM<702r`*GdaT+s0Rmft)H_7__JY!8;lk
z0L;5*3>r2d(s%a!)p3@}`N~ETp|0JsWdCBy*KHzfLZ0yo*2vtnAIgZVY8r3VLT
zQJS>8j!x)3U@LJ-VYJ(rU0xz9s_-wLfYM276RxWh?$v4Mh*O$Gw48if&ECgG9^8%6
zBnLW9d47h)i~^E5(DZQE9+B$44(#Pg{9z>Aja{EAo7(rdw%9OM(lRkSfN%PIQwnMG
zU@qc#?%^%<;i+>#>UiK@xKHr!t3h?)V(D48??U!LJ?|b?Z}KaEMdSobHx+&p)q!1H
z1uwG6<)9e3pI^;~XUHd?8K_E9G^?gFAx+Y&QL<$?Ow%Z9Pz;faHo`WED+>tjx%|uv1kBJ#+_eLrEBM^v<+sM+!^(|x~$jZ
zRm;7fY-{coN_Tm;WyJU|L5mpZ^asO*7pbzOfVzuOe{$FMYdD>IPuuQ4&te}r^gtzf
z5Sjd)%0{0M+kSXrRX^YRW$*Ab-a^l+3i9=F{s1AMuq>-5@eBCHpRON*Kc
zpqRI=ovAmlYT+>@8(WTAzcpvuMz5SZ2y?pCO%2>PCiwYiX3*bgiq1i`+fmA05(4P-
zY>?Vn!q@}trp8lO)V
z#puDkz)8b`S^8*K$@fjlIV4SZ?M1SIs5TG^&RWK7lsaQ97yInk#>7ZXicP>_dFZM0
zy9?!CmFB#J#A48>Tq$p5WU-?x>5o!Nlv0+`yC^}vdJ>No+*sYg{bbC;WJKl)UT1z2
zNI_ZpKHWdsg;Mg#f5hw~IEsK30Xn#`YI`3FSXA35`E~JdJ#tcYH3&JokUlzNmTzo?
zk710`j#@-6tDRysH9NLOxI$LVth%oypcmDK>qJId6U}Ny#R5nZ7R-WlZCeW}u|+EX
zEs-Xhq$Ij!&JO+aEWSJAc1e;qVj_gGG2r+lW2~0@+-)crBb|&3-X9K#xY3`-Pr9@J
z1%RsV<7^G&c}CFI`*?J+|D|_w^yzqakJJi<&fBV1O>JerQjK+aK`-?y-OHaMrd~zw
zsK@B$N4KANLqGrF*y6}Y{A@jakq_}A(_TyS5WLzSgC^#4FaaA0!}vJ`6oDS}zRc~0viT&nzlX(_(>CFKmSoW=v>(5eZyP=QCLs*!7kL~eVvu|~cWw+t4dYB(Q_8~g^V?#cdj)vOH$rtHU^
ziR!or=iq!8h<|9A>xRWFQCftx`A0D|yp(iR!gM%WG{q{ai*>_H$y(yQa8F&lau|oG
zU4%;@uRB^DUrQ)TEw5;7J|?sV0y6FaJ{#w$sPiEn@J^l50+^_k-~H})X6ic75qOqo
zou4u)3KT0V-`n0Ooz6Evxy>hQ>l-(B^|+7LIYnOQCV-k!u`w$G$uStZ3BX|NJL-r^
zQ0T__UMCu!&{7^q21}n^#L|zi64mD0MGlTW?;UrJ_usugRq89BD#Vwq(}})eLU^1w
zD6Cg`cf<5>Ov%XIexaB@jiEym5968e1Zr_5KkoCyK5-Fcf?35tB12iUcHW+>%Ye&N
z6m!gFLkNZJIN$4HR5rpKO)HkVl5(G0)z{^;5~5=3SHpptf{hcYho27W0P7W|hX~8}
zeb{stQ#BzefAY)mqvU0Z+M2SoL_Jk7`JJJl0KCu%AnMhPyw#vm1EQ?VOUSVZfXm?Q
z4P*b*>O?XF1>EB$PPrfPb)4)TWskd?I74j7_D*)+>>cd(qL!Mzi;?g)qW>*LLedutsO)MGRO5-_-m}maqv2yBTdE6i6K0;O@NM@2SoV=LJUK
zjDA}I%_HZBY--_}rEzDy?*!)WT;!>MVaIpb1>$FzOlQkc+n8K(H<$ti!;IBCXl8#;
z;)vZJe&CgO6{HLi2)h|CPMa?uF~J=OrlT=z!8k_)$m!<181sMe2xuc0eXxNBg9Zbv
z+-5zTpo?+DnOBfk6#aw(pac94XI&SL-)py_SJRd$7kn0c%)NoYXi&&v7}2rU7}Qr)ck^_lxhg+Z#A
z*5WY=uBe0%n3T01RH5FL5R74Du(JQtnXy*X8P`qjKfqEYAa&tvUq=@6$QU$)a;K7>
zepb?{nF#+eoSGHS(0SR;{L({T;|V9^?$N;s?ORo>ZLLQ{S3fEln}CjVDV`eLHxDWM
zI0ReKSm4IAMg<-3v+8zBHA2U;KW}brKm2QQV|oIC`;6vb+QT%0{!d$(OccRzHJo2a
zr_6NZf$Nq
zvIOw=jFvcXMCyI70a5HMsKmziBBe@STlvyZ{lFcPAXOos?ml5ehQJ43GpR%%jWDbh
zw=?0p#_5jE3L)i%r
zz?K%@+eX+@X$YHDKU%$j`PWP{2ii&so2cmh$PX%r)5#@-+kW!5H6yF{WFe3hUxl&=qA3^MLzFZ`
z(x3&kw!9p>;6ERzB&j<(#z&?H!}@#h8b^0nX@62Q%YE1wFXnq5`(!>ol1*{{c>l|i
z_x;e`_oEOXyQzz#S%(lPN2faP6!1U9^sDE9H=Xy9MgLy$WPU5SKxZ#`i$3m~uNjK)
zjErG#a)H-)xZgKcB&mG+LT99YU@R6Qd%hSHqn*Nc1jsL;&P6@~^_cg27e{2fZ$t7h
z3<*x77QOd&|6tDzEXO{?J5ihyFs*?n8+YyZBSyU=HyoGd&T3M&8rFOU%1jm$Q8`qJ
zT$Pd%H;IhLSH9<~i_!erqihfGELK-;`OvNv;V~!TB}H?H;3oEJv;|DpUde0;tLx8M
zSDpPzVXF#k&PyiQmcNY^4S8D@^Rjjm3Qmi6h7qRBTkYq&ZE3J*+@_>2on6GY%=cZR
z({tI{iMe8Bhqt6W%7Tr;KO$pZ}$Dti-h`=s^
zeGr)-{T`+$5wk;TRrsD+GXApYZDyXgW(f;9(}td;p9B7iU^Lt>?!btY-77P~3{Kmc
zV5cl<)A62Khi$euY~~o(rdmilGZ@sOn_Ei$j~k2h@(k834?^W-Lw@-toU=s{f4)ZyG^tSQKp07Nwt>{~0D#c_8eVxN=niUiIC6qG29AhjKu<@u$3rxT)NECre3L9ok5fE?p-yVsT
z6(T>GP0DQ>!2sN%nlcn%zqge(akeyDtt&Y6o{xQU703`e_ujX%ye>yE&Fj))dMd!P
zJC6%>_s)z<%#Mfibl&pEj;Ldnbu~_+j)dUl`(;V>D66TlLsSp3u5D!fMg91DtI2He
zUy>O{P9xj@hurXRt{($Kula;pc^a-{K8j>`d_K&tBqtTefd8LSeKBo2FJd?-dKW{m
zL7|*R&P+|2wdIUuzb9MgxWZr9I|^4w>~7D6TGt>2mfy|__jUyev#Z#e9LgSG@mwj@K*JfiK9LU-zVN>V`|q$x|~Y&tPxI
z;$@j;A7M^)+ee~0pQPU>MBa=(P|q894{VH4i6Cpf8(w?6+;?V`Wr>gt77_CkoCMXS
zT{j7;VUgyi?xGV6`F*@V?M{#by6#2o&xBN#gTau1b$->19u>38N)GX`Z=_KQ$sY%9
zC3ffoXqwF@#*Le;<+afi*Wf~3mo&WlZl*HgmyjwM1F?~1chy{#+6cg)Ee+9@uU+A~
z`;s6mW|D-heFWeRVmcCmfsA)+=FPqjaNY6LtejQcr{u5Z2J^Z!bSNxblDqjAXNKI$
z)K;L&`FN&zYZvWd?%WhZcN$uT8|inE?4&litgTxG&*T$XC-9}Q2scCbbcnJ|hHiH1
zg>BprN8`@&<_IG6YCsF?LJ8e0JRAoldGduwdqMQxf&g?9hM_~@veFLQlqdaZX*VHelH)PMM>!$iVJZ&@^hHnzt52|
z%0(=gn;J?c-sy=cpZe8&>P|)7glxj7slTf{f^mvg(xV
zww{HT9b(l4i&$WngX>(}(a@ExZCY0CjT(@!R2wUK7Hf}5>55^oDk%u6WhElv?JNH;
z$>2hJ6g$wrmj$ntc)6gnlH)2;#dhzwF5*>%zxOYvjIlVa>bUA2>_F59m=twwKV#<&
zX_2)A)8%cKwUtpXeUqX>+7@0*-z|nqsVuv{pX|Ro+51H-NQA2@>tH&P@nrxN3(%@~
z%lJ-tl}*IERWtTbq~u&$6x@ScIKNL2I~zK2W1*2-HU;P&M44@kAVuuaImzjX
zilM-EXcX)S(^5rz#{#o$^>vu09@K{%P?(Os=aZEP=i=SPv7Z&c+;Va|D(m?38PZ$I
zv^|q((ca=>HshJ){M{mhk&cjqH`W~=|I2mMZdgj&;^Klq)W_!yjrReGK%@VpO$we0
zkcJcvk9!i@^XNRV+UEF5f;~-0F$J%e=w>JWZ%7OH0VnkxC6~lnTEbS+o$83P@Tk$}
zxI8bU6h6YD3JQBw=sn@yZlhqK7^vzB=eF`eiIS@K+Ia*RMIlRE|0+*g!C
zecKXk0-n#@XX2=0taXKVGjtmoq=kz#FWJ(cMSdtf^lEJMqWldVUTrOYyPIG=5}CjN
zTf*1Yly3sYfNj8e96WePtB5Fszn~o|gy1%p+jzSY6iG^{ezCIhK$o>fB5(Fjc3vOs
zJ=nb6+>x1vwygA{3jfBG2fC%N}iE)|9UZDz}qN=aNk
z7bvI2b}Q94J=`*sOkFTJ%V}+P-OTA=>#`EYBte^-TlZOREZ~C#tSA@2e4dH+b8WFn
z5?7MsrpCA)mxBvb8%B3Cr9SLm!8KSD#!)`>4A8R*!5w#ncM`$+9C8dIROSeoT^`;d
zwwOiQ!JrHsCzrlDAbjji0+gXnf0Pl_Vp%%@4&+TbUi
z*hzujiCBk=nsSLL$JTBShuaUn?9dJ73l(#xQ)8M`mi>-T?@lxyPXJQwOV&wobm7Dn
z_V}z3W`dkSAgYv=WZyA^H8!|r$j6Qt_iJj#Z~CHRJhc5lex*m#{HFV`)};1QX{|;;
zA(;q&Vo7!TU*i+6-K@JW5BSH}VND&R;G~5~AqjbPbr_-O-b7Dmp(wp1R@e>Ve!hq*p-Mb=8(AYY+9o9j(V_f6vY)Wz_caW>LK
zcNS!4Ym(I1>^^_q-FkE$r4fOOk7h?CcrE4p0Kf=?9}OPL+4`e3ctpF&%~iljU2p)u
zkKUX|JK@DczDPY0|NaFgBqiP`@tJObhFjHqkjH;=wfO)?ps;R#5SLKE64D3PUHS8=
zo4LX;Ewd#|7OkEU&G_iAD^1`uq7;?-(teHT9`Ogsyt>!th5+SdcN0Kvlrv2Y_%WT2
z&Cbk%#79DUahc#@`xwE{(r_*b@Nztf*{s}zJsRtx+Q-9ORO;@IjSWcVaA_=L>Y$Z1
z{k5~Z6)!vi2iFLU-H2H0cD66}3Z41>aPhX_g|+r!=Z{CnnR5gW-|d~eSlL>q@8bm^lPz+=`H8z~uvFaSSveEGb4gyA
znVn#ja%buxXC@h-OUcKr%-!FnvpJIkN)(E67#x&FKfa}yh;1S+lm;ijVXMF(uWVQf
zK?%mG|
zzq~8h!tM3!V-ELtckZT!jDUNd%55xYvxLH9{HW{FWWk78@(|
zR(%YqUyL9)x8EAAPy-7j3|toj=h|l!N7A}2a=e%=b>L;IEd&@ys@jd>!}WzN3IplO
z%DKkwYWS@j(ZU*JP%;IG{<)ROvelzsIK#zM(z{=bsWv18LXN-c<539ZGvggW
zlEM*E1*Dr$4u+C#)^dfGdkqg}#jmIg)zLCW3?bKT0ri?26mGEBxy^zPD*0fTb2}NW
zybCQFI}B#H?7~vhPI&hu;SoHibigf>%c1gczyD9=zYWE{q;JLSlt>Q7$DV
z^i^+CAc8W@5iV7;Sv6{C-P=yY9nM^8wq3As1BTu`_E|NMATkfswc2i2(_eMp-*2Iv
zl_Y~$I#DG)WS-(%4h^oN`q5K`K9B1L5S}*9DBG;aqQnT8%r3SJI(6=ffBTPcF=uph
zwX`BErt(nxHUq{532UZv4YXOC1sj0~85EJ!ikmwC`k42y-bIxMcBd|iQRsD&xFS0!
zc#S2o)~y@%
zZQ?F{PiUN@(?Ky|w9rsgjiYJClez`SCW{D-o_&;s11cWp9&QlRV6-dj2&$%<^0Z6^
zsdf;+knTYki)x};GNt)+W_Jq+sk2Iyq-)uACHXdHSzF^cOTC|?!nO#>5h4xYiAN_R
z90iT^jqo@%IZ=Q|sXcDOHln>PjK
zm%y0ot3BS^dGldUVHM&YChrxEH5^QxQSJiqCS+&4jQw0q%Mj|ss$Dtb64O&iT>;>@
zj-ccE&Nsib29dFr8P+5wpE8de&dqj25lLK+Zc$Hd9+h)$;x*~jl|21`7*PvzBh3HY4DHrIhDmKR#BwP4MZmlX`(3oMklE?Yp>j8!F5X-rA118Ka6pllcKs@1w{R
z=cpI@k)Vo=^F$6HxhFerb|M2%&Js^=0HD>sW$)2&K~#5ggA^3|H}@dERtW=0N16(r
zilWvstK1ere9gM*iqVhZn`w;P&30_>^TC-{sjO!HfmX8Mpi2pxYh_T@q#;HU7H0eo
zTk6FWzMa6S9(8Y}BiMVovZ?DTS$F6C-ZQQ6l-IS$4d9@6)qsXwJ9~;@UHnTXGlx&h
z9uGZ0G9)sqC^O5cUCn0!=7$C4Qxa2PF5HYk)GS3DoKf(ZA;9*T2{`uf@^lp-)XsLs
zcfmVL>*%tFmKFy`!k34i4h}MCJqpT?MMKbKVu#gH@s{^I?+auzA}V)Zu1Z|OD`L&0
z{w%zxVJm^+o*MipCjxu`(|QEcFg!Hoak*zYN?1XbKOcx52Q%(cwjWNW0t%4?O0+Gr
zHi8{aa-c~m)bete-%QLf8Ka2Nxidj;oIx%X+07?srgJ6=O+sy4DP%e@1&A*$t$ZGG
zEgL9X$RsDkqKw9h0KN=qxXGWG{q2BFi;_JgY)g{HauDq(UiBcmgJn}LL6+-a_?Z-7
z9$+D;-f9Nb+Y(eCR@d3~vv#)i{JDhLD}IBEy%X+3cpH%XXw~><0w(wsgs+n3
z^a3)GQiE;r`0|IN@3Dm)za5}_lJ*0
zvDYPa&d5Q~-URWRFdn`$)r!(aAw0SBN$a>ej?AeN9@*H@kqASV4$EfuX?J@A|9#jP
z9vPe+cfN;PjnRP#0Xxi{fSHAlXjO1c)ufPWMR%1pZXkQ2dXy_!6GdW~Lh%g^P6fv$
z?qTKv4oJv6yL8u)79|cY8iC!fb~AYRk4Y39p+>|^D#d~&KfD{flTb8A#TQw<*#6pL
zQ`_15j~k!9w6jk`w3KSv}aGn$KG7eM)wS2CpTX{iuK^wafK6jaZ_+gAt37(ya)OU7p(kQi2d7VkV2_DcZhz#QobFZ#s~==P58)
z{a)Oy9rFk0E07`1n>O}98VP6@11eKKSB_4L29(#=PP9fs>Zyf$|0bLwn6CUrR!aYR
z1Y)2_tUIz0rbmWib=kjar?V`6C(k-(ROe$4I6OUoDioM5tKH|40}qqplKpCmY+~Qp
zmqS^{H}vu)O4a;+V7)b7v_*RmTLKv;e&>Vp7Pg-@Y=LYQBK5#b<3w5P0_|u(l&rbg
z<`zero1b4evZ~gX7727O^LtJ0>u~N1a_z+@Xx{&JbpP9p`)4R&T;nzC=FX_BN!pi;
zYl~QDzM4C{Vl7S@-ILCnwm92Fl<;BFj2u*o&I%?BZip=>TE0B@r%Plkv9Tr8FI(s8RC^a?noi~yEqqr-O?^94UsaRZZ6y;yfAGI7EXOC#
zy?C4QUb@GMX8XHP+M9XbO*h
zP@{p6>nzhj^u(i?0JB(6ZuHlOex|$@TrGi
z9lk1c1pn#IaM)0B(_ke+?JXnKFoQXc4W{6UlNON$T^lT%>)H2weIovwREXAMgixGu
z@H?W>c8DwJv-5m4I4K??YGWH1V-seTTYKHDWvN!n@g{hdMYyf^7wX_+4rJH-zY9yb%|HFV#6wB97)iNkCo7M21@
z1VRh=JHi&+0$O=cqnu?dcmX02?f9DQ)I%j-V+>jkJfT@x%P#9rgCU-VZvqDCK
z{z7B8Hw7K-e|ut{($smkN!S-)=RGXU%kjlP!8g*s*>eNeQ}z*&x{bPvb^l^{&-$UV
zs|dKE;#%pR9TP@cHj9qEqEeL28nL2c)vQ=56kN0g0tX$(liO2OfHb(8kB#%lJ=YnP
zi;2>9CP^ob!Q+rSURxk$U)vo{KUoT_)5*a7tlf=v7UTr<=gwA>(kW0l%5(@Sp++ev
zIXJKFb3yBB*`2(p&3Ii94D2
zpKEb*rF~>fr)ej5l(g{{xKU%0p&93sQRLsvNl|{irrDH;h?lXDG60F+6%oOPm#(*O
zZ3`}Jn3}SzT)Z1ia5sxS?;q~I4+I9a?1ho!fIQr+j#UAZbQ>M(YOcYHV#eG*O+=w{
z(xL}NE!#(j%{hynyms*6@y%HxhMij;yR`*hX7Oa>^L1@7^
zKT3`BW3d-+i?eL&QEDzM7%;;ic7ol$p6W7+f}7h>ZoFhWijqwv~1Ozb5p3$tu&*EQVh=dT4;%qdb;yCnbwr23P8S9|2
z86n#S^Df$#R$hpim+wuBP8o0XsIAdA0&r!-xN1D>ir|VUpAnX{=t(?GC+njySs$iz
zHJ)R%PMl9M|8jFCE-_!tuY`=t5=ZN>(yZ`Qs<7pGV$tGGF-Zz}qa>|X(`b})`^-8m
z2}EZx#x}&YkS`U;hS2&ZujS-;7n-nqI~#6mrYr_dxuBCFFG(aiwD`M0l)mu4ZLkTM
zPwAY^w1sKuyhY$-@YrH32&M7RS4{Ea;>&GhsUBwXcK_&n`R&d0^)9e4g>cHnd6P>h
zvjTM?hy&rJ$uY|#pV+A0v?5|A%t}^PwMj}~nPz9AwAQ(=@bKJYn+DXzAs?TnjRm93
z;39A2%$o_sgh}z!hr^TQBzDci!ZydHxNJV@*Y*!jW!T6}QQVfZC3(X}gufl?2f8zC
z+v`|(6U{sOxNGkvxUfbI>iJB(K42qjg>kr6nR|o8glD@L^g-tFj?FV~$_wz>WxK-)
zEGxN?AujsLz3Fz9
z&CQL?XB%7F+4jR154T=yZ#m;L%Jyz2*>@|QfA0TQ9y~CRnECGvQPt)s@NH!Uh%zE8
z@U5N0!=q1!yL-CU>-lH|M1G)(_P9k_N!VLwSdvqy{36eQH~~I8lX;*w5tTs-&?>>J
z$j|x$c5Lv<&OAb9f>byD9hh{sClo6OM5e1Cr5sDv!a`e4PR(39T&qk
z`3>93Fzj3GQj#Bm0Iob2+SIzED}M>;Ese>ESMc7}yVjExZZWr$VWSITL}gLO
zFZDnBKm5>YXa9-OZM9ea(?#0&6~oSd-D}0a`V{z)FNQx%s|$VtpU(Z;0+Cva@9IA(
zuiolrD{IKD>0b<#t&k|sQ%Q)5CFvzE8%j8h7Bde|hHy^1ZgKlPwqR36(5xRK_P|(J#PsDANRF$C$d!DP}M8T4(|^MvsNP{G|s0vy9C}V9OiT1
z#}BYYZHerqt5a7nS0fj9%-Fl4v_517Wt~n=1Y;1)OB+#Ai;5XzMV?EBhC#C~kd#bf
zMed|6&(T)4WbTAXEzedlRE-3R4G=}NFpE*;?S*?x_mvgvVkwmmq85O49pw;^mYWB<
z?npJ=$lY4th+Q#`Sa&zID$3_|q>Avv57D5AE&J-QEViU`&l#`qSQOm{N@UX`IOi`I1}=ODPO*}=`?&8tFA>J4~h(nGRQhi`pBrR6Yz~x
z@UPWbJMq#u{6Z>n;2J#0PUF7Vvzi3(1P8MUcB5pg;o(`Vw=;TMGjsA4F|AmmL
z+1=XK`byY+n6bvrBwa8_ETGs4RN=G~`3P$+?J805`j2?>c3?x#SNu-oQ?L!S9%ld8
z;(-J_=#b}=C6C;yS5o~2Oyg>ZCs_OCDPVK!UZ2?X>apx*N|4BVxDgqZAxhi82H>9C
zD?VZ6F2IIaY1dr)bn9buXsI
zZ1u~LEBftR0ifhk7y7M;v!oc5vp~%61z{A0!5O~tpLT_oHYx&M7n3tO=P2C8V|BV3
z8^)cG{nc)+mCOUj!=^+m;Xd`@eab+dMP|~3NO$SnRXCC;)OyQA?<_V~mH-|M=<
z+vF((U}Su(OG3uf;JL8ux)6;>@OZ7{a01r5;%s=2l+!mQE<$NA{+|n(Lve;)0qt98
z3CDJ^^1v9!mK|o(&7WXkz1q_ap)>^{&B_BImPsxRfwWp0VN9u&$wdudY+T)Kqtucf
z%VcdwY1Q+7pZXkCR7XiH)`MA9Ja~ZH=7Ob;p`biuwC>zDV564}O+M^2Xj1GL4!1Cx
z&u%I=Yg75*b!%`NsHXY2oXk~VW7&+Ve+=HkGhWlGfQxKiAR`uk5Gc6m1T~hglI8I$;z8zmeces@mGe!IHo}>
zv!9-76QnmtH&X_S;$gazB@U*$)tzzn{`A8^W?Dm5JRaMYBOW1_^@{k3>hO)IYmq#N
zh4%5Ypv`S8&E}#IgrJ-zK$?L8G?7J6xew
z7aWj=^h9x6O#7vwAJl3_dGD2-Pp9vXj!&G`iCGg~WGfGXWP~R_Fmkz-|0wPT*@tfS
zx)^ufyA?NjvGRZg22cpvx81;n_9$ZB0J$6Yjjd@VQ4Y!0z;A$;p`{TjRbKe^m`B~M
zHd{zXzIXWT$=g;9<-c`z`LwA(ms{I9K-*q$H6L)NbU(#}%rdPXK*NWxqp54$4kims
zIGp9^m=l^~So$mLy>2@r1=3YPezZNlTua6ZDT_lFZQr(zA`(r!imxvQSvOL`tKkT21bS@(FK1!4Bb{eb`FXZ+;xrFCh
zcAmHpqVWgm=j2aDmnL5j-KREp7JlL>Ca9#Zg3VnY0;?)p*C+qP>zX&)uM+KLv7u#HsoVg9>5wV
zsfRdqhOk^?Fx5RV%S~&oF}~c5x8=2TW+?%568^f?ax}iEgu66UA|?H_va)-0czV45
z`qQZxqMc!Jn{$%<(#;O$S9kfix?Xv}`_QGKt3tWI0=`rIxCCfT$z*JQx!Ysi#?k+|
z82_Uz~!v|ptuq5iYX;z-@2DJzMAIaf3)Rd0QcG5S$n6?m@o8y_YK%BjGW#E05clcN)?z`o|T^wH)XHg3We@_WPRLvHLr;Ca9vJ=O|PxA
z|7AUD!)M|=XlwmrEVT73h!kR^1Ule$%m;&_m~`s$HVfyqqKI^t5T58_g^Ou%<3et{
zd<>_1F(>fx-B{}52&s^BUS^UitPl(lkYuNYepy|e&p{FhKdG?O!_=KzpU0UtH)bj2D7Dvo=+bcSGoaq+{N0>qTdMW##p!cW%)=
zu%wPJQCVTka=t3#4VhmM=xHw+y>{4=_c^Ao+aKP|%Yl))z|+iPxp~FFv--|54f_OF
z9)$XrJg=vBxB>KBdiD{q3IDqb!Hg89o=Fvc_#|mvXY8VH;nK7X+o_cR&A=>NC*fxy_I5sYE?h^X
zdfZ)fGd~_a8<>+s4qIg0h3$pgCAmilN*tfz_!|Qktk~e`exd+oK$*WgW(60LtpT_n
zchEbr^ifPKObq#Sh78%e!%x}hk*^c2SzW`;qjmYKza9U#?e5k?7xD0~f^Uuf^w@2M
zI}>z|;0FD{UQlydjof7~XS2zRjg0|kUKgBdZr|UqZ#!?`tAAdRhO*fe2x3x@Issm>0rYEM9!Onvv5
z@2j&j^??tHDqB;careki_(qVITX~QnOqXhDm%=%|Nx_|#$;?&3b!bMdUX5fMBu$Ky
z2*Wj*$LCPjs>RdvB9`%tlaTI3&$>u@(QL_5PwJL91q@;&(CLZNeC2f|IJglOtXVyA3#X%<+WiH)
z{QpplM8g$rN%|Ez0#!~e^+-5;|jPoHc)e7d>$@FD!a?I(}_umAVo@xRk5$a5ib
z7GSt@YC1-3kD1U0bv@E#rB(3db3?^Y5}fFgD4gB2|JPjqgrokGukrQuzy0Xxqo
zDtB=&Up~HjS(@~s}m8tjT=;PjD@8syy@$O!4@5|}l
z;hViTlI16HY^+VJfVYU$9nQ1&_>0;YV&up*-_`JxQxQnV97<>7&xFEGwC8rZH0|2=ijo{iGj}OV-g*IsL1?CrY
z>#D0V^uqZ$2+y;v6GghvFG%RFe>Po(ik#Z>@hlK3YMD`@d4)Il!cjOwKA@OI3@fJ$
zv`{>93(W2A+-nD*gN#~e>GchS3xj)Exp(j)?${%A#{J$WQ`7_rdMjSX%wa+%&?hik
z*oyEhY%}~`u&GM8d2+9succ@`>bvb-$s^<=gn?W<~|0BgIow
zQwK3nMDk>7wNp1MkFNwl_E7KH=OH&5Ov%
zwcOOs;&?4)s!=QeYl|-Ob~k6I%NdNRZb~sabAxyI=^$JC%jV|hx}*r)f4E4ySwwi9
zXT#zm??;$6F`%HCDpZ&i6oSk=`K4{5#exD(XksvWAVLl;40qO`5&>8+4Nj03L($1_
zB;fgCJ4BIB#}vxu2yw|@<0ug=%GwS20T!9rk_
zCjtlig$Pl`#_&bml}@T*PL`sC#g~6^vwxkeQqYhqCj^VS`;!ivg!>hbFU_N!KuUwj
z6e&DmKQ)4V6?ueCTs!*F(cP$K{jLoOJ;xj56rN64Py^fUs;D+$#p+N5AWEg
zEQWXE+w~;3SMeK}Z7p`ZZk^0g>ahX}f$qoHt14-E4?1AiLfgPO>I~ysXH>{)cUa8$
zuR9O~cU@Wh1A>}Z7?U~f8#leK0A$ZOA4aC*W3DGVUhCOJt+;?I38%ciVUw#+oLt{1
zy|Ohr*P%0(h0~#`)8*3(P;q2Y#h&#+dws+m4*)+iQ6a=A$O_At#H7ydEdGqNyDH_P
z*xN4~NA7KPyy%*A=z_HziInSn$fWd1B@(f9j8qB@y`F}=8w7)$+u??Nc&7;J+`mbx
ziP0qi2;N}caha1m$$n8(Sbbw+cfim#rjTj+T<)@Kx>k^a?QR84YTt2e@OQ-*$R;AR
zWG&+MB&mqm{s>y!77C7OJmy={)Iw)LQ;AoM;ptx
zBHd^~ps0gOiXGwEP&TFc#2MxRfmhqzr`=7Pa=dTs9@tUE3{rW|YA7mq#oXXdpP&w$b5+IqS?^HM|xi=V&q%VgML&0ro3HW=O|{QCgEfx|fNY8|EW4
zM`XuyA_8Qvu4>uE+%R2>tE-;q($Wiu9SRS1$8OjfeSCo+Q|Gg3Xs`~?gaXuF0FCUL
zs=-7>^Vlfc^qxhj5A6=c$ihJ0pr%qx>`v6ugNd1CtUfyV3$>$38%W2pn}d)VhH?c#
z7?U1gSovAEzm63^?DSVFTUc^N~8cMXh?DbB3Wj|3x;F%Zfu6!d<#@K=C$?0Eq_`)!FIN`-F>wFB6|}cyC_vlo}=xPBKG|!=&F0@uK2=vlo0|R
z^hX>6VTnuFSM<=Qovmkb^kZHxw6VZzt;STBVIZ)0?DNj{7LI+yE5FX`nBXO-5c>lj
zK5`~bDAU$oXkV2HPaz<~>*Pi^ytCKX32!d=lWpyRMBpG$ZDV4iyvseAD`M={{k=Sv
zd%2OD;k6=u#lfH>;cNt5&qy_@qDd>oZNI=KYbP;vacgD-pR|US{+dsC&7OOG%P&cS
zvfpq)oZ+`z@436)Y&He8rMqCPyw>SB-xf{;(>UY}jB+`hm56Nfyex)ZkzHeFq$Y4;
zKLsB>bg}5w#dJJy7s?JpoTcc4=-U1e_Xf_G4+W)|JM2)K*!+R1TAV-bDUQ385
z;d0G0woM{7npG<|;hI7ud(YrKb;|-mKRqrscct(Pj$3-U_%g}Y?HWrS=b2kV)Opj(
z*eFD3?|TN~nHvcAX8o`qR?9E&j9=^9`Imp|`9pqd+|vbtnU_fQ*;6`SL}%iRDxYDw
z`oq`!Dtj)ss5Ab5^Q1D{{VAX8Ddj%DxE+DakMa=SHf_4ubqTDe&XfO*OZ&q?Gbm(u
zMt-Lk*?NRjw%W4~ezyrmuw(3cOt%S(XIZa|m%oFpt;amy|Nbk$!M)@SY;8TqIcvSi
z{WQKqQb-&eU!gd^Z{rNR(5Oo$RT7Y5a}He1u4J_$BXGW@aP1Tv**ZGs~L-!uxp82{Q
z;2Q1-_Y*ItJb?IB$oTI+-aX58w1(5c-SmUIjdgf~ZF4%j|CzVpCK-9H`&#g(oQaLR
zs>sLmhhoY{hk{OW_vp=D?@xOtD=Tz-@}YIkNm)sJZO@S^6g*5}d2K9lwGr=2s+%jyeu~Inr@=vp4RNjK)@ukYaPgs?NdV$4aNDsdNh{q^4(BiAE#1yWLsD
zBs6jHbE%n!^Z9fp6s*&+i*o-_#9iGS?6LAs7ukvnZ$>1q@^p=nfp#|hnHWZnWL
z?J$T_42u=ba^yn{1E(
zpD%tz+UCc&Z{=V@T1xqs&@(wfwqmD?E*Te}btt16p8%oR>#9Pcr+$H`z9*4f58tHP
zh5gcV0ZMb%37RfC`fRRQWHbAdvZo~Yy(zk)9y}PPAB7p@
zVw5?m&B#!?P{)Og-5ir@X@bx;9KQqJTW_e
zaS%U|O_R;QVh?-Od2dpVy)+_j5w|kh1H#am&U{*dF?dZPkD+>%0J9V?K%hfZXD+IQK*Eu8fZwuLI4v
z`di&rn6cd41TWGZ)a_E@xCh^%2dm|#@fsDkJUdpHSoL~)WkoYWRw2_x!It4&KMgy?
zmQ}<1r{iQg!w|7L7TFCMOxZ-*@}-HJV
z55U2jLan#6lz9WU87!=u*5znE>dAKH-k=`a^8$j=LrsgnBk|g!!dhDk26|{ayQth^
zwO{bUbqlms2ovWezl3u&hP9#1M`|{UTeo4A(%oA{IkOH3hQQ6jCo}o?b5
z-kg4A^JA)kO5T_-S84|#QP;aFu%C=;n4$4}I5aB=tKtsm$)7+kP`laS99OsEF3Ntd
z9uY6(JkwgxDm@8Fv3}jLWS#2WR%7>nnAqrN?Mdf)vd!{IV5h{-V)AAt*~74E+&#*D
z@+Z2-`t$9moLL42){n+5bJxcnH0AYa_aA`oI{cd9C;yJ|>-l;7yE}m*Y-4L
z_s})2C|D*=k}>P6+7P
zJ*Glja|W3pMke<|sGIoTyw8c#9XHcZ|lhb{~<{_mf
zN&!v_=Yn4_buefPHvr;eXQUWMS44~;UxBjE86rr5xajGu2}}xr_HcwN)^*h{O+qZD
zcw*SS2BWlacdIr&tLwb@pkVb*JTW`F3DH806=Y@{!$2h*ozA{FEZq*Euoc6D)C!tv
z^BLNrq=SD8KKW#RHY{uB+D4}f9cJz5XT`8kh)1z)h-l7~Murus4T$o9kR(2xyKWiL
zuMDFCp
zf6u%lwB$@s6t+H~&m%lC3eyX7Q~y+7<{|^>RbupXfL0H~5JJZ03HEFx>OtwKOKJr&;VTIhewC|hi{MFmG?gE9iDdm>GluZ-?F`5+=to8d(d^@Hg;Yg{j!(s
z9)0}N@&3E_r`h|XgExD}C)w*gcf&ic5BB70?vZy7cJ@EC{psH9eAs!1n?KHu+=-6)
zb-mHg@AvqTyX21h|GTIAM~8Sya`w1i+inn!PjRR}9nbN3|75S7?Huo)VBp>!AGzyc
z^xdIHJexbg;hvlhZzg?#@#*k~PbYif?%wR}9JrI7;4JY`%jVku@p-o=rJuYuDmlY0
zOD)r_C}pjMRA#+y>!Z0Y?R1yKlGeHkwHPEm7up)g5=E2`;Il}_-jLjl3DuGDwS~K@
zbKv5cztZp1zAF!r+~tCicfqi74M9jSe%PD@42F;Re>-;nWG{es*r15m>l(Wp8oS%*
z?Zbbb;XlvY@Dcox>`4l~sOVBWd@QUKThOM+Hn(25|Nm$+>P+I|7D#}-rNiA%$0v{s
zn$N1vGFG~-za~g`zD_A1f=LnMLn#m*0jSt{{+aX_|0mA3TPgLk79xa#O*fd1Mp+)!
zwwp=>8<`l-q+Fd2n=XmA8eW&`%cWZLM
z`bOi7=Vf%#ce}eh<6TkzhBMl}>(08mQVhds!XM=RNRMn+v=cA?`oCta@BSzF70TQH
zWrwsfJH{XMoqPpn$H~JNe)IhzRkiY<7}khGfAc}^82A6(D?R!2`s8%Ye|LT5uj~J(
z=D6YA^FcnD8E>?&7}iY!h3*ue?o!(P==4t?_fA^o8Zk%iTzFtY
zNsbuYRW8+Zz8;?JvHo1GeG(s{Jo)G`a+Z965~7doJq2`&;e2aWCZk
z&WXI-lhy1mD-Txr-}J8e3GR|V>=gXo;%&;2?hXgl$^$>*=_|;-lk2a-9`sI+QO5r8
zasOa%&CQ74mFLhX%#yppr`f+KHfpWMiP`I|XaCRtllkAUdbieB`j-_z)y2y1z!-OK
z|NPa>j0fdduf4d{CVN5Lmj-Y&3+2AS`T>SYIv3$w@@!&1eZMRDt&GZL
zKITb@V>rhJ!!-mR$TlJEXXM#tLJZ_Dd5$gTvjDjgdXHw>)O3buAnbx<-u8(
zY==-3m~@;cNd?Tn_1^Ew+jf3B?q%8>;=iu{pPhlH)MGi%T4(MBx1{}(4FcE;(K6s$
z?X@Xmko4+wrDv0;lJ+^@6k~lP*on{-_H12q)rPy#OG^94@a{);E#XAck%V{DmPT;!
zf=&`;5!pG>$mEgpHbSRVt&H!PM|Qke2wQNO%|{N;Cio4Tr0ixS>Ox|qoXrJDKdVLR
z-Wkzu;ht-2V{^SRi(eld9k^e250?4@e-;`}8CyI%2l%gz?Y}&SOr|8g1Br-fi9X@2s
zi7d;uW^}D6$Ie(D8X`doW0K$yq>k9$&;F~cF94+EOq|{4edC#kK%=|*s;;iCu7m7j
zIvD4q9gxOd7T214|Ja?4Yr44zJB?;M1K2XW9OM}&EQ|-L+C^>(r>quFCkD|@uv#C<
z`q6m`%Pit`k>z={{mX9a<=eNdXRr76PxlU6ubj-iAAhV10#Fe;A#sW0Z!xR#eOwX|HlE~%%O6OUP4(!nfFhvL~EV0K3(T>|GN?k+=ttt}-lz=D-ZB2|&n
zkObv)K}3Evt2F7QmUKaUvo+2wm|OrQE|sJpy%j5WDTw!kwnlujHFn!*M!U>!UkY?L
zyu1Q0@VvkjB#VAqAKIwCWar_-%$%Z{b?bK~KsiXA%aXbvvK)r{6{(cep&V8NLB82O
zIb7aOB)Wl_e88j5i5Pf1dk$P!GLYz+d`wJSw|FT
z2uVeuMu|SJ@@My$>Soe15`9Tcg@gyz^^loycu8@~y|6#7_XUikB3=TLU|@zVv24ei
zP}m#Hw~ev|I8nSsg1rq$R&k9>d+4PjL}o%_bK{K@-o)WSoEZ6hSSZFg**>taSd$p}
zSQJtK#!XROS;rXR=`qI(@ey$e#4v_=No^-PFJ9`lHfKsQcov++aV?T2V!W>pj}GCy
ztXD)EbujhvVSz#mrRPN$WmvfP$PSKMWAuK!cP^eVPs&zoCBRKsvmwJGbq(~`U3!a@f_i4u|{$;IFCs(byiq#WPzzyjo_5bP1U%c
zljP>+;A|)@cMD`wGiB1bQ~5|>0v&+HZGAvw=RPi)K7Fu4P9V>VoVBj)0hA*MT~=N6
z5UM5etzULent0!oDYN?YhlYAu?}V3iRJBqiM>J}NN~9Fj1{8GWOo*8gL>&0Cz(JFW
z{tN*>fHDvgd(waNAQczH5?mUcf<;o46c#$N)o;5a?63uucH$*bxEvouCJ>-?K0>+*
z+Q%6?!2mi`A$S^7F31Vd01mWOV2-EgCrvEr)5PcH?&@l*{0@duS#$
zVZg}8?(ZG`J)e;!i5l4sp^u4ojn#+mA4@{{eA-2>57JFi=e&hMv2UDou50-R$PL?1
z8Fx`tuBdWd{h)ILZ+SUstgH}!i3Olb%ap%3X#)qfw6&za4A76Q{f5boL{2K(f`d^`
z>Ja4yvt)0QNk~!APelR;FcEL9RE(MI=5sw!-%_4$kdY7MLAxDwPywb-cK)nE(+)7e
zk!)zz>zMXRA#Bb#(mL;K8GxHlg&kwD%^>-14y~JN<3gC=+pT@CD`veWM%la_K@}_`qzSt7!U-3Enx0w#bC&{6XUdkMoZ2ddis6DW=z2ACu
z)I4S3T7Y6GzR0DZQ{%vfs1Z|}kc<#@1k;LQmIyoS!EFB8Jl#EDoNmKw-h*7=U7<*O6A7Xo0Qw@xwBW
zp{gdTIxfK`U^ajcMQ4xs4X*`VHpJ`=DQH+1O-dRROM@+y_n^58ruF*pzh57n?ml1U
z0d5^`AM95A0=eYM$xwNhN!s!uz$g`FbPXEgm&yH8$9VJ#Zr3Tl8nfn`0!7g^Xw!oEZw
zmP}w|AS>kTf(+$$clKM?*Vjt3lwBedD7u!4fKss_7q{>JW$2u4miNS-&X6TUT%rLY
zMMc7-1F~wTT5MX!v3W_7s}Fc1Cf-0sV1eMY?C&*COSZbj25zgOZbN>LaHR4G5R^SU
z$~~|^|L~5JqU8ZRa#6+OnY;8l?S5;q0XzUoU~;6ZR-)BBeZIf<%o8>_(lEKDyR$Ub
zChJL6?<>@ZcchDr;wF~1C?uKuh4|?u+wi5u#uBmuOLH>-W-wb&FrV43a%<7cnZq`4
zzVvk+ry|QRjP**!>eJu}^$;+AgsFRde7t+IY`$0A8f5s>gw)LfYqD@p?V*g+7`76l
zIKYQ>ltoX?K$B>S
zkgIW(TB=3M;ssW`+q%I>_qtkCfC3m+!BuFiL9*j9YX7p2yxP1KMW0sT6JBp1PUfyL
zJ3e<=Y1FNJb{tRknN_A)@+sYu1C}r_Y}aDraY3Ur^pI64oO3Y_w)ldyFx;CD~q|sQrh0BXkS|tuY>n=
z^i76pDC~aAUMcccggSrqNA*S{ef_p`eB3(TKG{BK?H%r&dR%F7ap&#Z)Fk=a7-BJI
zG98@NExEjEk47!Z(!$SjCAYtQ2`x?I!(JCtQ30%M<0Lz2w5`ibZdwT_K(WrJ&vf6`h
z-x}R0c`O#}ZdDutVi=^x29tJOQ5|fbz5?DC&`Z8Sw@2=`-M2ft$7m10C~vDt*Q~00
zi=S9j@THDEZryhbP+W9Hs?rKNn&z}!RiD!c9q#TvZ?+acN%k*k7}(mcfPvWo#vE-6
z9@knlB*h96BIY+bXFtzvacNeI?*M?B%a@CK9(5a(fmIN>H8xlD_wvNg4zDq15=q7H
z+p@`naDWGOaRGf!c603Of}*ICdlZy(^@Guf4YWo#B9UgVZ<+%kDL%Pn#v?Ada?ze$
z(WfIhQRf#ThJytoR^+dvt57ty~y_6Ngw^zU&pnO`?0a2Gc`6+pEmf*j}3Tepc()v1gPa?
zGR6S#T&kFAk=wRXj_QCN3eAk<7E4hVBt{#3mLyDVRaI{EYH+Ne{
ze{VfQ8?KV0M(=(<_*LUii6o17D*0Bs7uu%?FOMM{&7BDy6H(%fez--I&-h0cA2e71
zUG<$$SvVA>0-`AQhKB43yE)QgS}(^(`}=aolfr#!mD?CWcyYAVqQH~p4kt$!DXVvc
zm3cB6gduuEFde=$#(pE|O?oYnqBQ2|0)Kqd?Ie$xZ6Ajd;KmmysRrM+)XHQ1%AT4a
z2^+F^i1{EpywiaGK$$A&!Kble*2FUAAax@^c!!C0hats#d!Ibc+xub={(b7&$IV5T
z+W@|pbNln==mfb88rE;gXb}p={Z3uH(UT;TSuAF1)C6y;#N{2aOnl48VTYK%B6N(G
zlTz&>2My6b^xjcZFws>rZl0dJ-Z?cHN@+|bRM*v4lp`^)sdH``eX*ZK)z^o6&C}-|
zvQCGv{d7EmqRlVu^9pd68MF-4>FKXZn``k`gZpV%IiTi3$}vX3Jl!~cT(I*4$o&H(
zmC%ylUEW{`F6Vzk`kTg9Kg;a9%2T|k+&(=$`BTmWau3cI)3LFz!6QJcWqkg&TB2Qy
zQBjb~`1dplCt}Vn!j-FFj7|brKZ<-XGpq_!7Y4&@l3H<4-ehm?Y#;i$DJ4Ji;nB(N>Fbk2FTYO2i+LDKauHOn
z=M{f_2>bJMuP`U&7sZ~<9*PCc{~4{^#hsm*Xn`CD``P;UG@gXZ6++(BaH3L5csN&k&AXsQzG;S=tDY{K<1}LnA%;KJ6-#Gf8Sm14ki^K)Fr=P%gb!y
zx=dcVx)q(PRMK?l7HIXdjJ7vV3v=+nFF&I>6meyKYx02Qv_=HgBsaT?ua;Req*ANZ
zN+~dn$|~&XZvHqPC7A-wC}0T>asA>zSC{c2oyV{)Wa%~TwH^Ge@OhvN$(L{-updy|
z2du{wfUi7OUkIf=JbYJSGP`AH*+I_cQl`+JcMD
zE)c!i93)wEJEIyrYOGhdQ2sq2ymouwNKcWJ$A!7r#XA+C146b-*1|VmztBJ1quajB
z;8Sy*);@h|iALcbtApe30?uzWR7**nXQ)=LpV`H6Rg*dZ0%eHGYWMs3>(P<7;H@tG}@*H(uJVXyh{Tnx)-wlUnLScQB
z+-&Mw@P+Cd=&zPgEL*)CiBrZONc0G-2H(KT?FmaCAJnc(0tof*hMizIsiK%Qfx|be
zR8+n<2M8
zjdcj?GNoXaYU4c`QmmkM>O5MT%Q>Ww?mY|p^6kMFcHf?!Y@77z8&!P+qgkXP2&lDl
zbl5!IDrzBVaS`=su#W(rX4rnagRH8HJP5@V6JemCxj!_$egv0^U0WpKn)SR_8$J3$sUdCY4
ztPFwMVkc;^8FfOM7a|eXAXxS+aOxan+9yT;Obe=r7^O#x$c^O;f=&XY2Jd))7A!Uj
z@|4MS?&Mn4xkx|WYqc)nGCr&tUvl&ls9ddnhs@e;bFCsS-8L)l_+fF43_SVsdZj|?
zw6V+g_4lO9KweawTsjMVm)+eRpKp#CzgV$9PFDJ?i}NQ&1~h*zd4BSw0<*&BGL{Gr
z1M)JB0JlDPGf}
z3rmy|6vxna;5n5lm)LUQ_0Y;2C?>nEDyRCII>E4|bc>r{Ga4umW|e1j;gkgD6sC?G
z0a+(NYF?v;F@J|f5gUAK*HfKk$h=%zMD
zu;E@vyxn-HZOJGc=Vn#no&slUydxMsnfXu~ah3JiZR|@Cc?l22tlt&eMceq89NKas
z(N8J3sLs^X*Me^kYaGR3WLEAiUq*#ES%rC}N92xr
zqY;82?P+)};4!RR%6|IsNBTt5YFSR)>NP4~UkewN(scG&I{>)o!*)13*j1s2xC7&l
zys2tGRl>TT$%vj)IbAbqHY%B1#pu_iMNwp1e5s02Te@+K+JP8g+52Sf8JwX;>al?L
z>e5Pi%5A9f?$z9HP+NO6GPi1;Cfst?J{(4gcbwduuI)MI>_*h^S;O?dKP+jR8`Jna
z$RZ)vSRvR_Oe@nb`o+GnPWv7?t%k|Ho``F8vd`_0s&YQ8h}{kBk}NXk=pNYh?UR=+
zbRwBr;;(l1k6Q=3&F1#YU2zWcd=K{LQ~E-tBtk;JnLyx9j_-mt>{%V5vR4-&kx!<+
z+5^4kW{l$P+VHoyRkAVCQnku@Fk8>}PL|}Xrzvg*95JvY0bnTu`jKI;-pa8Tg#|~!
z$MIt#zWQCeO*SGBXFtf{YAXcs3kDS|kv~f~I8~)g`j$82yU%ePm-XCtXSaR%P<*F-
zclOvf6WISre|>jrt>>-pjzvh_{F3hMa!k7
zG@>=Pn>%}ZGxgx4;A|aq$>4a>;myGA1#OD0LS~^_$5uCINiCI}i*^@a>UQ4yBu1Gc
zyUN;Sx|#FtJ>}EvTTdC4Z#sp*un
zDcaPqqXU}Oh1nciVF9?c(t<6pwX~!eY_$4!KR_dw_=E6h#s?7^8g4B*wX%&EF9)0a
zEk|>kDYdId%3_Irn54#&wTQJSg0+ApYI=u!*M1C1@1~+7I-v6Wln+J-&w#UW*L4}*
zSm2v>dS!PcR@;|(PVZOR@jHQK793q?)9$DhF)kzoW-^NDtVe=o3Y~>fsW2zG>Xgp0
z=_;NUbX0n45{9nw&@pG&v1Tw8mRkpAM`qKusI5pULuM{!=SEvJf+Vo9H5ANU`lsWs
zp~!tm#E5RPaNPFM%Y;N5WcfWTPBxVrhU}*VfILC;d|FH5h3eBxTJ6ao_*XoBI`i98
z_!|u&M|M@5yxx~9cW;>>J=2~l(uypI#I2OSg!iSi!g%v!N0iZfHPz!V`?
z%Fe`hbLku5H!QWWqz@LngCU*Rt388xTrfvZL3XO`C%
z`~k)J-!g6*>=?-q@$5Wn?w&Tip+VgrsP{*6P}bLz3vP-`*wzQ*@55{RXAyQKb*cv~
zqw9-s#(8nX&%F;CN_G$k5z-KgPCH~c(KgE5Qx=n-&wj=uk~VBO`}yZIjGxKP>%xM@
zc1;@9({u_uMOzqLs=P0mL~IAi@SG(z_*h+;T-1WAk6bB967;liGx8UodYWlY;qJ?h
zrele>9Hf1Ams!$dyTp`OEiXwuOQj`QvF7@I?{xQ|q6?Jnyq<42eZgG!Bz`@|HVubu
z3{fF^p@A5Ub#U{FN2uRKYEfK{PDF``P0rcvl_|xwz}R_{IIhVe<4U%Q_Vl2A*R`fKGAKA-NCt~xIL;fY=v?=#vkRLpf)$tbm(Q<+?&C6gWOplK>Vy5ia&}8~P2|zRt(p>~+Ch}GZ>`gS8U#ZR625Cd@OUd6
z^b?73eYupqcQ+1jvJyiEpQ%qNp
zKy9i?(EhlDYH33ZEeuC=)K_;xup1#n%{rdyP${dmki|6oZg`yA=WWhlQ%!fr6eLdG
zZLEMK$KrTN68LhLxa-U2#fJDQ6dgIajSY>U-z^Q}rk#A?r=pf=7S$-2T#)Y&ec^gB
z9Z$rO*bS*~viQggBru4_)=LAL5D);=a=iL@g^n92*dTgoBLzYRmv$(twH={jc<)U$
zC9w#5L?e=AIq)u+BX=eGM*1=eaF{6clC}Tr#5OLWqAt`5g%mDAVT+eM5zDR=h$ApE
zU~EJp@nb}!M)IY}1Z7rHCkn@S{mm4aq9h{(2RxybvkVMc-TO|}&!b@-^4#O7HOU3W
zHI$0sT?@TB+Jo+rxg}rHF{fzq=%)TM{;0hw-OFGPmX<5@aTszb4IVoLV^Y->^KBFd
z83s@mj`c^ykr5@(fgzm8k9eMUslYf)5Eo`NEQ{8KYwWX_f|6lH!?kv$eqd=sWg12dQq_OpcznB
z$wJfU_60C>YURPkhPSqVzkt(cKUgC;!`j=`j62zG^AsSL{Hrwu8-#x~Iru0D2nk7Q
zL(gMmau^icUbbJut_dBYy=F$;E@SyG((AQoMOZbX*FI`}Fft>np8Bt%fX6V2=5uLAGeiV@8%kSFC!d|p
zXPxaq=0BOoXv>=!XKJf=9;U@;)&R_(hr8Esw~<~jM}t509+vjts>rQO6g=nlkhns7
z8JkX9&AFf@Ggp9O(ig3yw}LnMkg1{>QD&P`AZpp`EH2KMym!2}lFQ%*$t#BBD7U1b
z$y-acU`Z~1JK_1XhaogDxz)oDm^>QCI4~tn9_eJhOez%?=H4?eT#V4Y`~uaK^yMab
z!KB1Gg=G-@*Ah+JTcVy&rnvaYCVqjf;M3yjm*Ssl^ng>cPWD>dWIfmSD3jiL79E
zaA_MK(~!Uq@(b{7SuJj#;D4>7I$citaF%`X(cUs7OJY
zFhZsdkcoI$5*I0r(&L4CS?w(WwTeka98RdR4B$!JhLDXm-NT8|v<{UiGw_(av7lX^
zNn9bTJeUGtX
zm#epavV90-&aFaVyP!qm*wIQiI_geA{lW9zvtWJf6c#YHR%)IY4`^#8XHnnTM2RZp
zsM&doIi-Tu{~Pj0;CRy~ERVNS*bZ_&QkMhDQu~kX9ec
zfw@3{@IiX3N;aBo%DokSuIp?zh6?&#syK*(UlQ`{mQHlEtMDCncY>v1K305;n&luX
z-{CkWqjdlG_#<+b?no!6Pt~q;#iQ
zF5i
zD&pwRQh3JU%`GYGVz#Pu^Vb6|{7r3Ph;?7Wi-aW`hfRmS<(nhEFsiWUW=PWS$Wx=c
zXfDm1yN>r9tA2bHj#-U2(bq9R9&fb96Vi$zo1hMh=q1Wgx{oGIiI-m98giADzwRBSvsxFYfyKPElsNp!vcT
zj=aN|CX0#@Z&k~#r`9R0r;O*rgT1%A&v&+)yDf~3i}yp?{UNbE7!&&F%?7
zsi-!#y@C`Lr3mT32so0_b=bj1&E%&nU{Wv@z+nn7Z<(oVxN+dUx~(*oAzf*@{0y+g
zd%n|()b~=RMmr?AHQLW!jZSiIjrRMuM8hK{cqkIYpkfrW72kB^Fp7ybU|+)Cg+4k=
z7Uc|ft5(yZKMdN28UwI7je&1S9KDXTz2L$2;qmrMz`3K7gKY}fpweWXflGB&tPhrD
z!Lb!xmS$8rC!X#U3=SL$W+`p$1H`JZd10VQ=$p@JXDIcoy^bIm4ufzoJZPG1$>fF_c*#RibjkWG3ZIV!%QlY}lp
zx@TkSk`@CTfPu%*^QV?6Ld^gVq!^h3#*VE~jjG3Y=(u6;1s=ga;g4GQQhcm{y(7mm
zQ5V@?NQX3=>B}ZoKVuBBVgALi^o7n%*f)=9B^5koRZ%-sch~dV@aa?K%NJUf6tSD3
zYmWl@W~f}puGikJG~Sm}iG@7*5Q35hu_Fm=mSadk@IO25Ldx~}(g&U2305mbIa;kQ
zS#*r*?Y3@1@+wsZWGZC_5fKbGTm1fyQg)Cv>ghZywC{Ua5GUXI6QB+`f#G97e-ih|N`A(^a3Y+@
zEHhud1L;a;>$y4a)6Lqo^IqKdhSv*z5ULQ5~nkNr}foS1>8Q!+;jLw@`OxyhWR%0%9glk1!bx*
z>aiUC2B|rXuXXI;>BQmbI~?QkG`K}>7VuV0vmx#*3}^J&>BF3skgF_h6G8LvF>FC=
zP$MO8WS(NCuoF%23+dNVcd^H_X^k10Z!GQ*Lc@fS4QwZI+&2;fa$?<&kQ?-fjp!jt
ze4L>TnJ!d_ylV^wafdV*k<^eI%nFbs3{s1cp^>U+VKO@lWYX2;^;6Ly#x&P9gX)NE
z=ytNB4S8me9sN0%?ieGWG~Ll3(sV_q&m=r1gHWE?s9@Xu4Y!{04J!t7Xb2O3!Ym&Z
z58dF*cx2Fw1oF@{RUG0liBb9#OoYYO8mWL6uM=@v8V&iIoMqbXs2J?Dv9QNBIzh%=dLa{*L;oTgBXM+0`8_7DPD_&p-TRl1NL!rqgS&
zFc}BKg!pQlYvLYSCQaf%7fuh3Gg`|qW~8kQnMbPVDD4*2ifX7;wV@gtg#tP)-8%d9
zY4OXKMuC;G3p|JERI#*6rCOb5N-y(8mS|;1hCwRV;&IgbTn5(UUnOI6UuI8=s5P8~
zbfva+_5t>tu_~USO6I0os+G^qYG-H5l=1AW^zM4_zPxny;jvW(J|oYo=-tI?iKm_V
zm=Jo5s4!Sk;TNlaakj|w=;f1adL$Gs&b2II>&%x|%;=Ra%c6Ur!MD}|a2Cj&L*-{A
zZm`yVuAFJoS}CH2@`BEwi7V#N&z$A!dQO)pWMILaawH}!hPnAZH>TPp#x1MWtKV-w
z+X1fP<*U8F{eA!7@aXuzPnxH%e|huv*MGEHt?xhF+G*XPMQI0i$Qy3IS9c%Hg(pN|
zpAu2mk{iMX#H=o4V
z2gH&?t+XY(X$MnUW8j`8$8}Sg(AK;?00^vcATk5vcnC!v*H!L`EH$tWwOTYh&DRml
z;W+MgRh4WK5wz66{zwLw%Dky`&GVQ#+DA3tt-ZM1)|5MLoy&%yH{655+j^tt#!dc*
zG}!Esc0&27_K%|O4KaXa6iEKzZAGAS+u8f=)`s?eOSKf`p5@yY<2{8Lb<+~o(XFj0
zR^~TnV})?^xj4ez$FxB2B%JWsN{G*DVLlbXYD;os@*j|Z$5yRa@km!5?im;&puleUV`NH%XDEqi&N7XECI_j
z`;2`L=^!`6dyuW5)WSYBNYiTJww+&Gs0c5o=SQc^+Upmr7ZuMRfh~z$V((6VUA*81
zfWwKMhTLK$Dd7}e*pvt3yJo?1h%!|?9C;9R0ewuEonsMAm*zK5va%~IuR&kio?Dx9
z=hjGLM8RnR2hfJ~)Ybe!*!h12`Mz?rZyD^=(BXh;+QZR+Q1fl2kaI%UcVleuiT0i;
zGWAW(tk7dAbN|NaU`?s*iRy+A_9q%LB26D$`bo~&z1)j;Ds<8s|gzM&;U0|I7Ny!8mbkoEQLAHVcH<$FcmhhY#df6jYFMlf7+dRic(s1
zrV6OnSuQ=6xM9mh*6e`~-}laj#fo~bIrP;Ec6s@_R9Rdty>lI}npXL0-8Pvdp%kLR
z*Gn-uyud)tk>Fk0)%u`_K`s{?Tk!Z^v!lc#N(GgN<;
ze_oD0VJ}j6>Sx>ec~fki_1$84CowLTvetL-CD#BC)AMZbFkRr##_+8jQIi7dxJQvv
z+4fM#DJ%k1U`a?l1r`swO~Da@Rdy1RyEV*04%G?VdDx3|AR*il^bS?f3(&ER^}s8X(1p5$68|NA69)euhHdnw&zCG{M-YrLxIL+BA<8cC)fdcd
za08?rHMplnaZ4NXp|9NZ%?E15w3@#jo^HQIH9@()ez*93vEf`;*UR38^}C?@+jjLI
z?>FC_oz>sVH+9skud3aHw~`4RAABl{yHZ=8Esq*oMXtkKLZs_ds)mD5ms
zv*(TEXUz3;_7ddh52*_TWdz9%;NJ(9eOJ&uHQ!MiwGfLuu1d(aU;m4!SlQZrds?wx
zjE%t#k>LsubP=(0^47Le$}xa#I`7{m%e)^l{a<$F_+>$fc8N>?OY
zh?^uxs{2ZQe@bQ%&(iS|T|kj-OJOT#`M&<{pFsH*zyF@}@#d)$)@G>w>ASrTzArku
z2K1|Sr7N5Ntd;AVn@b=56!Nk?fhEoQG2YESaGr3O>BSRw|LgXH%Xm!jNylMt+7HH6
zyq$x6E0TCp?YI+aukYl|OL)W-B|6!Cx%+mu5l9xeb_tYk3E39VGjkK%cF`a!U1NbB;RiM8}b3>8~?vVX2`wnI1HCZ_yWM4
zHf|NA(&GC$fhs7^NViN3>_+J7giVW=u|oYHRcTrb1bQT&XVyN_)tfk@zPYa)l&bw+
zI5eid^V>Q$jh)+CYU-@E&S>nITk9L}Qj3dt5~Khe`Su`GzU1v-ltdh_%tI*~Vv2CH
z^@ORyhGvrxb*LQiE3qaU^vo;akG~bgoDG8^y|TSTD5Y6ok++CJHRPF@?n%I}d{@bF?Qov^x9SlEB=f`A*
zkKUK9x5_Bc*%>ocrt08;e1@?SElA?5QrkV*Et9!g%_A6_di2R
zK4a2nqnw>zOjjgDQ5$K&oCDv9+B_b=;mm{HGhqaoN7}?bSFpzwI<_l1qLC%F^+aTL
zxole{UQu=@^RkxA%v-MbMs|ofNX=##z@_OKIF<
z8)6J&9vizeK&O(!Tx5fo(~XE`9sFHG#YMfexV*DdQdKw+
zy!-jRs=gKXH`OF24IIan9(@0xs>2v4Gb&JpYGq0Ai#?kaFm}fBgrcUKK!R$u_MoUPE|eEW41*7esx@Z{Wh}+nPqDE5SG>%5=ezHfF-RA^lNoJ>c=Qc
zR~Y>GqrR>mgaZ`2!XY{6p^eKzhBR+%Y!qcaqH)CYk-n_xcUoiQJhCB;;Jf~aR@DFz
z#->W|6+&>1x2`u2_w$(@l|?U?4kidabg^RZWbduo0HnZySZcSIYFSM9E`)O+O
zQP@JBtcpKbDit~FLn;16DZ
zzn2_-E1Y*{J3|+8XFMDFj*hE?x(YGEHZ4JUIh-^y6x2A+sAErmQ@?9}o5Khs?HJJOasv&|f$0tU37kHz
zR?CENuirc-dYHk{I2mu$R%#nwA06*;fV6kug3e)is=M$)9XNHp
zRMiXh^<;&DC4JRY+>@J^fP%iVCtd}-_sQ!+x)T;xeky^HXtNY7qR@Lf!`32G&_9aN
zAg_LSZv$iIv}4O-{3#P^Wk9CmtIif7>|;0k2gu4pxA+Nid?9q!yLmE&lhJw(#cEE6
zM@_X}Yt$MJIeJiA`Ol{Q4wD`vNjOFyzT>buK_8ueFiQZW3{E-8>da1W)Ha~g%aRXz
z4X-6{5LUnWAp8fI|2t@44hcL_hV*S(-r!H8f+zob{5|2wO>((0y?RjoJRL^Yt>iKX
zSx}MS4a%4wz#>^u%Zwb4^bxV$E`56}QH&;*+!+B}8k~3mS<1qqi&f{d5xo@_BuWon
zTPIp0ua8=v6Lc}0upb#08p+%-7c@yM0t$BvJ1hc6hiM((uEaY7#7BYfAzii1{
ziq405C#m$PsqC3Cg%~Pb#3fcNUo?6o8Ofv#cK>|V7q2p}h}oSpsk9xtsUD&7vU~S{
zvp%f4UmOA2H&vq~1woEB+>M42Uv>VV*sB2S&55fteH9Hm@s&!V-@+>Cc0|J-tJUni
zJ=on;ZBaL*>pDYGh>RAKA%?J4%Pfm*tkkYkUND<`|JdDmwSD+*b-+@(dJ7F94aijTXn;2H~CICs2@=n{_d&!OyEjHHA71Qg;OMrt!8H+_#JlqAu
zIX>MzXuT?8_$6OuD=iMUZn%ViASjX*WVF1Vo6p)k%q%&+ughUw^U8pEK91?WJLar(
z7S0yP$?y0?)<0a#>3yMIHkzA(tFDQI*4#PTR1^~daH`kmi(S0*JMEGmSmzRY
zMK%fku$EG8rlYt$={vAc{X@p-bnj^AC1Sa8^*ou}P+y_XUO|sZBcRy>RKTh5a0vIw2F{K~
ze|Q}wlSF&VL9JPFy(T&!YDt2?ERm@Nn~9)5ouJdviW&V#tdg6HCS0B@!g|z<(0W+|-eQpi5us{CIq_i$Q|;1#Lgz5s#ygT?Y_Siv~cEVQrt#5wxEv
zh3XZ4Da=~Dd&8%bs2@#kY}-jKmh1BXW{_bk9ayn(TR25O+%_E_N$dNj4*yyEH;SVx
zQ;V^Q$I3U&dJ?}vI-K$5fD7)pw{!I(WP2)as_AmCygaalyxp90V
z2T!(!^gN?x#-`|<26H-)$3P9Meo&
zOQ|%>2c*^^JaZtMT*Z_%gg|ljkgXy*#?XPT)6^={H=9?im2C(8)ZT<;SzFHUhuZ+%Mo;R#7-@Ywc4>Yqh(U@%}3ohZH@pu7^8jaA5
znv~A?)x>em&+y}q*6u$gsjxQoH|!$8D{aCgopZXx@xUWaI`Wt{+0Ftf`X(Rl5p^;)
zXJImXM6-nRY4_d3mG_Se<}0MYjKs_ETOnCW+{Ncoso+HwlQw1ok?C~S^7O@u#f)9C
z$?vT5owskLm^{ts=eNYng%ggZRjdMO6Fp92R4f|jV{IOg#>SJqJ?z*)N*ON;_7DYUGnOh=wD70-%gK6cd*^iT=rFUeN$}U)d&!>>
zYtz>)912NS=&NdGRdZR1-nI{$lK3N0Dx^hicL*{T_0ZKWt}9py>9JGr!yhQ6bsluI
zGl!hIWK_I1eTx>*1&L#h<4gnjpHOaQ6Q?0-S!8ql8G)t-LHhzlUvL^gHPqBNu@why
z;S&tG;7b>^JW-<|iU?d3WVv2025QlB#fiN4YIpnj?g_=oGxA9Nn9#G1CkKzN&}Xl?
zla@whfzmW6cWfdXBNd%;^|?1(Wxl~-065K^=@6w)bi?R<
zfb;Bm=mZb8jd5~e3nZiMSMCC|qm;V<=P0dP`8DFG!E{N+jq9<}vP*cWwObK}Iik#N
zhwvusT_LL;f9v{7HQ?)7;59+kR3;rKF|{li|4MYi$}x#>O0(agZ@M)$FXAyAZ-?lU
zxIK>9gk=i*cr=+#*pwOmI;L9`ZwDnJI-ml9p{pS{&xFIvXdF{~G-C~Awu=Rd$=#2K
zy?Q5PJLu>#G~u}yC_Hx_1pc}PU&WOH3+Ym;8`)j4o=zLkQjc1TtCf7I+9Iltkad+>
zTrCM#gR&F!sj#Z!XfLj%s3m=M&Wrfs*SAGkV3M);C;!`*ZyKwMCrd8DtHbHw97QH5
zQe&YgYm}H+>N?~_IBBQ1?Oa1IWXrR$ly$Cy?Y|wJY!yF*k5o!J~)r85!NSfP`(tj
z0dIe1mYS1*J^sQQ=|y~H7}+V_#Az!wb^;dn=yKP`+#L~j;{q3$)`Zx!Ky5$U)5%WT
z)$#`nY4D*`(k7_Hflf$3M+?)qf3$AM#lGDx7O!umoOJABPCCuX*VJqR)1{;4IX%rp
z)N{I<`POc?&f~b>LdGrg5iNXyZc>iSM=a5byZjOH;?FrCw5^~?SWYzKy?DwO`h2e%
z;x#U$J?3)&-E-j`Eytt4xD|Nq>xWcJd*W&S+H9Tf9qhK6yZgI4r@5CH&?4IcSFgZr
zMXnPB$k4)KEzVWRW4CX=MmKGImCns$lDZN%Ww=Y3QfAzoYhr5w>9<%;*CgMWk%P|J
zlwp?9f2u_41fKdjFPf}3Ro_xG<+*2;kCTEpDW++-8<9xtf<7!GBN9v|zzI9DqY3$h
z;~O{E$edV{5_==O3WgK0a8_%p>O3NUK{3Ycptx=3sKFW8+&#uE57mU}@OT9{et*3R
zMNRGsdVe_w7UV|CQMh;4cOChAkuV*A6exy)0~An>iV0r}#~AtzxbsecSwei|tSZqf%{-`n`fbf+Px^fb6O~9X_)Xi0JQ=<}fzIIv`8Qye=G6FOofvQUCsg~_YoA_{H`vsL3ZP4z!
z05a)Nw8Vo&Y9vE)apHbe*OY`vwmhV8>T0N-*m;E4AAb}GenHezS-w_JpQ<5yPN9a~
z;QTaDQwI)RW~SiZwZv-2f3!dGGr4P}KQuQoIoIr;Yxr9@M&$t>f85xj9vm^~qE`FG
zKw2RMwPzp1+Zw0Uy^)0GGWPt$gQ_+S(r_cXz=I{roF6za@{zO9ZTI6OT;{hg95sD;
zMIxs2(KlxWZhb%}*A60on4J~daLZRj2@`NwgQP&_xf_iKfrB%pSsCYZ&fTI%yDBrF
za%$uC{#LP3^!GB2Dy@Dr!MLo6uZXIP>0=eVe0iM$;ngN_*>No9fY>jldkU$gZ|Jc%
zOYmJ0=`0UYM9z&wur--Y(5*Pt@yL|RGPy!WEnFnv>N<^D7O1{5nDG@Ent2#zvzD?`
zmyrbLFf#stebe}0j#`tsG%zk=mtHTiso?&Sae|NT=TN@@*k@CM)ttz^9J3y%Mv06>
zGC`j~C{Ro51!ed6T(p3uSz<0rhBPDkVK3bA<>3hMv$SZ)r^LScQNfC!zxcjf*^Gn()>iNl}cu$O{jRR=-xQE#1itE8EF&-eR!8DNHx
zeSONP%c+25k{Cb&ofu76<0=yXPZ+gVdoObRfBKyC3?^B`WKc8m1Sm?F$1YRn0W}BF
z#920)SN=vEtKq@STK9S;i=C_-z5>7R
zK>;|(A>8vbMn*P0uU^gTddkpC5`_`rJ8jGG^w)`}XZf-J3D`cxAb{<1LIF
z=nTmfFi}0a5HhiIJVD4`X|kPIn`soS<(+6y1ni
zg#8g&)^gI?j7t(Rf#yu>>AR8&o++<}T0BZH2k4L+?P|<1mE(}Y;fJAYWTBAG_EJK3
zJ=S~a4>}sed6-v2me0juBy(rEurZF<78{j!(ChchQtzhHK@Qd{74-CYQ(0Uul`55j
zlm1S-Qv+6haqSEG)AUlRI`2jWN>>&)N|2{SXyZE&UzTE}0z3I$+p=!koO_1Au)H^VzzKG5v_rd91vEZy7xAqz9=fD2Ef8>8NI2i4J7S-HQyuKtUJ_$&C^c(BosceTE$*)ci_SNz0XZw3Qs#vYp
z_jXTT)a%brpYxZs+Dg5?dsuv0c=8>PWTh7OI-ANvm&&DT)YjHj^~Oqlbxo}{
zHXCc3jRug-f!e(usl`II3Lp?9{_Ji)ho95E)BWA2+YAfoxnQH(sI5Gy^Vh-?auYNT
zFSiB(93n2pVHfqqqy8k`JfHTeQs(F0a9WGUJ#1)Q;6FQh{_E2MRM(hU34AIPPOV)A
z923GT#m^;cj)ANUIt^1v+?`yZBq1D3``R+MpbaU8s>v3Pzo-*-!>ZP6D{SF4h{t5Y
zH4#fIx(MpV5*NKvFyfO@&|xzm+|$MdDvP`l#-_T6dKZ28Z^AjSY~ozBaH6OtRzHU5
zzHl@`Z3Y5^Zixeytf-jum72dcf2m6A!y%lV+aX&Vp+*bFHI$*KJvoMP+8e4t)T#b$
zIt+2LH!5P(6_M2%pBC3^>$aF;3ud~P2IlZ0EZ`Oh3@ax2Ib#e~5KhEfV}#9V$J24p
z(=h}-hT$kAhx7%CgCTxy6B7vofYpzh6`CgmjBtkG1Rp2H^$qoF5*LPUzufsJul82~
zHvKZ}#~56BI>amAmxr(G`{<33Cs8i#$j2(QBO+gtFv>S-`>?rJCnc*YUJ=JQ&piq>
z#wBqULX6&X9>O04z}l%4$>U8h9(`vTgs(l|dl5wo-hBl>`jkjL~i8BHhr0Nf8g5F!PHzU^RyER7ZoP2#u@oXTht
zBPhrV-F<-vtU)lG!Y)WLmq`jY8poHB*xwh@y+JTJ^WqN$z_|nxK%CiS6hOgvcr%En
ziF$E*tbz$ag&FgUCD9}-JlR&SPIg~x6}ywsX1xx7YeG8eqv?4ap7o|!e0pn^C-v>8
zwZa}$2x}lLsVfYUgZ`2_cmWR!a~yOhuGE!8jCAse
z*q1qvncEzlJLq&0YlO`Hz;IGbWI#$W0pbWocp3LEacZdFL#hF$?Kk6mLg=NQsAM`A
zz|{T5(-jRyumR~&Rtm>?5O<)hVaH$%tolhziYTnjJcjelC?1MSA{;lTzX(O8Mt3>r
zb}?ER>0&VoXd*pMSg(MLjY(;u7fwpBNTe}hbcF{)+X|AU_CL1DPRv9JS|id{K>G{1
z%H{^KK8A%$vjQL}{S%PLO5E*MFeIoQZ1#>r(-QHpDhyLlW{75<;8=uapdu1^+uX~v
zp4C#h-B(m2Rw$1>eAMS(PD3YfqR9%#%hj=d7*v3#%Ww=sb{@jWMRfm*=A&rnnK+_l
z2`2=L;GE1TaIzQ_u_w^}NDGS-+hSnXqVOv0)Tg5koyP@zE-JKhpoa?#oCYT|e~R~#
zWC}bJSMZBq!>S3LrguOc1pu+yL3FJbw{vuekp>ZlGlP8muBfoqt5vkO4cM=07dh>=
z2qS}z0&wXA(ohtI!5pbh+$I}s3j&Sv(NSg4at4t@Hp1zz*AItiSb9NpM(@nVGfhQc
z3;II^ShDH3a|7Vy-DBa425SaHAKK^DXg0})t`aZ;=ESmT!m1s!@k_T&m-6lZPX06FNCk
z%Um19MEUm=@ejuBG#aRbI39*KM0j(mw4RL8RY3Cds25FOYKXZ{Vj@RapCv`oFF>gmcWgxroDaDpnbQ*HW0YoK`naaZhzLFTpQAGt+cJSCtve5<9o#i#
z$3PXd5Z9|#ilR82t$0eqPDd1Mx!vKNjhcPV;P_Taw-IP;%+3bUb)fE!7;_=BJB&#%
zz<9eV8>>0b`@4!=xgyD~RvAI76M$OfP`sil8YT$_9l{WOLK}Hw$NQPYaZp9l4vZfn
zM@PkR%k|di(hqC`9e2Tc{-QXv+T-!R=>j9{7GgrH`<@W>O*5MI7t!nL+UO+mCD*~O1vKQUkX
zg=W@?5k}%bXU^OS;{|gN{3}Kq^qwN^CwEVA=5mtYNuN0Ee%$`3ntLx#Pmf;n0MlNB
zIE1Oq)8h(*LakXvs@Q#=im`LHclHhA0SZTJI%FvcY`h_^Mvl7)aQKLhREsO+u+oA0
z=Rbh?+wP+!Y1@ryuJIX|#1UW2A(Y-Yo{n%-NV=C`xHBEoO;?FRFH-9bK0*cY)ey+g
zMKnTYAezwl@=2IQ7qb2nQW(Lgd=;jo_(Y|c##I3u8-S3
zt#h`ppzrdq(%l;z(J&xx92uiQdpfF*@vlCS=o2aV&arzw;{HGm&qQx9e6%-l<4^>D
zKr74vIgCeI6aE^Tg*Sn+j}x~RhC?AT+Pjj02W=rtWLuwp3irohpICtwag%lnLrO>?
z^H?c39E(-8DB}|`de(d{thmrQmI0(->dg>PfW)HXn7HZynNhR~z*Zx#J?f)KCFWV<
zE(xZdhrK{*4)8!3j$y%?tx$*t;Vf_4(qfog8Ak3>keGJ*V*n^K9T7jEsYx5f-F@U@
zxsfcK6blP$S`qLu=^QsyowMQ;CV?n_MPsHgz_^M*AEjxAvNE2~C?Ek8ikK!*
zWfP(ByiI9Nh_IAJ7qW>EmQ;z^Bql5~r>zYSx-ddAhU^N9(1?`D>huTC0QKpRe#YzpqYZ;Yf=fEz1rmD@
zQ>nq0l;YX~3d$#tA>mPk{7uK~cp@y2?XDBE(1Z7Qg3M&vQW}jG!WJ=oLD%th;57lC
zE#Avw>&HD<4IQW#i+L_-DY|wb`vMGs-oP;SWk2e%8iOz2gej~eV!40+M&97@j(9VMKh-a`u+4B+Sqz)b<*$DEIfC
zZUZK-ZamPvWtIuChGmU(edEei*kTL!FcAuc9Xw$IB)SH1d0?0QGIA9wL;o1woX6-J
zNMGOa(ySEd!mkRal`G6fJ=)%BdZt#?i0LE--U`39!;TvRUPs+0RFx)rE=z!@(%@!lQ>)cWoog`*dH62F8
zsv)K6_QPwMSI1W#k^v~L#783Aao@daf}K}09c*C=`g)ZMcB9G>?_o4CIdwgQ1wVF9
zHzBHBz+79KTv-VkgZXaG;uW>BfLL`NO{!208s$~9hI1i-z7ek4Lonprxiz>{%q<~f
zv5o|6cAJ}c${Y)F9+olJ4cB(_R4s;|R66|RljiBk(c#OddU48YU8ieM=1aj`j_4~~
z?8d9(`s=rZ#oK#tIi_XpNgdZ@?nn{c=rk|gLSV$*cgX$?}8V;I2!KCMnK!g
zdpKPW$;go-ztV*akb`O;uN9Qs-jdy(9^|+6qvPE}8QFq&AyXlFt-j-tg94epnaSkq
z_h;M9UBy-CwO=W4gcjbici*1w9zNfFZa$ZY$|e)@rRo{$jeS^lU
z6&MU?fWuW?u+)q5h#nR>CktUe&8+tL|A=8uivUS>~Wr$
zH-beH5j;D^w4RBIGR$2>WE6M$f)_l@ZR6sD(&Jd2Ora$aoECbcfnFGP!JCPEvUBu&
z_vsbjOY~c~TzXQccP$x`b5hWqtOyJPSmIyjU0x_eWf}VKiM5&b_
zMRZ}sZ%#7ZH&qH~lN?@ZHYFtPnn?K=xNj7!4K&S}`2&l_P<)?i
zd_l(OJe&}6NLX!g1%vf_n`))NTzV%;fI#ZTYV`g4?ys$bqu0&dN+H$~<%pO}D-gt3
z!@8CPCG8@a7_bmAkn=h!`m~83P2*wXKA#TEFry{75ZfTK82I)Dtc!>D87F1ul1@Tv
zVbejDnK?=4Xe-RACdI?pxg-h-QW9ft_icH0&B1%GFFWBbv(yPsol6N0jAqrA>?(uL
zus}PchGoy(vNohmywI!6iL(seRb>EPVhAnjqc{v{AhS)tSEKa3-;05)Tnw0FWdUM>
zbX+^arZEWm1)210V=BZNSDBp9)*x=3!zwZOxTVwWGq(~yC_O@nku8{Z=)?Uez5-5X
z+UE;tL?&N{>fh6-{jq(qTvEWEOprOJAv+0!enzZL$YA%iK>#c|;7a^43RSOBNG
zkTa53c*Yxt-7%aMScsxI(!gqNXps>^E(qx9&>RIj95BXsJnN8ofH`uaU_R_ceC|TI
z9tW0TPNyT1E5MBrD@@=ag#*yIXQ#ahHMU?FVibt8sg~2yb99x!7f~by>%@G!ES1ol
zN0Y)RPLfD;!Lh@>rV5QE47<`nMA++4l%Vbt%aKrI;O|5{L99RIg4gV!r|TuM5v}qL
zl(|Zw?mGoMbs@uT*h}&tP6skTTYbEbNaUgT+8^4QglVw?Zde5xf}wLeJwe4s=Qc(>
zc`H7-QU!Lf+N54k*n`fc9g~Z6hUllvCmf8wRf*R@u82;9JSk
zaORHdM$1flMYk$tEDx3ialt%gLGvWYDBup!$Dt*LQTpVl8NJ;-+$XpS
z2nM6arzwxRXo9(y^`P^)`NI~$dpigS|vm!Q5(`a
z*y7tJI%=Sr4&A<|PeTR0bYMHfg)<%HS8d8UZNQ=Z6}Dx>J+TZCvm-=0oiPd}EMhR0
z_=hq$or0^n;2x%OY(U6c-QkO)7I|DIoG*yL6?i5-zUbjF2#Gh&Qcl=rI1;0LUTB15Pamo|GdIC9+A
z+N)JvFO&Zs=>;UB)5oV{)}{p(1t(@_`#68LVO`YGONsg)?hAq^X2uK;j%a~b8ns?C
z3CPC4mUbER5g?cGsVO5uYM^9zjO@lxby)@VaMG@OL>S5WxiP^vqchFj&ec6bI7N~1FBtZav7cW12o+Vo*G2=HB
zoUUWzZdDJWCYVM{5Qhc}Jfd>rk(5FL!x&x%c;e;YLaDvXyPGsO4urzCHJT6)!ccA^
z@eD5v$v~LW3GR!SiL`J?%mTasS|5uqBdg1Z)XSU!tTg^S)H^cC2#L_2hXtdHSS5*W
z*eO}239GW<%jf`2#|W*0$48ZWh)7*Iq!{TI8EzE!@Z8Xu8oBhb6^b#PlUwehIhyMQ
zN9-}GGLia7l!D{vD>-sDS9eLoH7K@iPH?Lgp68ek3L>{X#5*2T**>545I&!$+<3vIS9-6)+=mH^d^*1r1X7x>=!*v)$GazNgSz3Un%eLy1
zpE+W6QMHWFYRdPKA|yPXj&Xk*gwWfYDwSetM!`MDGprd*oo)!wfSq(9wF^aB<7ypQ
zVbHRb(oF(Kj=>Bh&=^45&BBxCC|Y}d`c$<$AK~HoQ>}dXoKf&9yY4=WoL{438~XrTrXP8b8-%#CcFb?=rF!p;6mdVG1vM+te{}aB@AW
zJ>a8vFroV-1PUn3K!@Q~GA3V~uCQOOTGYYb!EWBP2OmGyro*WE5vWu$o?e8tPDrzh
z;Ogx@9&gZvA{?2AakuMY!&eq{kYo~!XjGr`qe3x03lu=2lJ$ki&wnvp=8LKaJa*&i&{2SOOpHXFmy=(e2#!8k@lul
zpro->GiJDq=mb>_Vbe?QywI@xtt$;P$tY4EZ?P)U>g9oApON~02o+q-adp{{M%X30
zfR{bgyDO1F&g#=Q7cneM_)BQ_2F8$H1E5^+l`BVOEYUbI)(eh#2%`0q?E;U27&`to
zI7jom{?E`s7}*;9SA6=9@TQ}l!I}CMoIeKGPue{42yD9@^~rwef5K#3zlaB+kl9_-
zvS`-SNpLd&{)GqYXxJkO2)ZOCM{yy(p^Y=D)EfBGHXiGr%>)#IvjPqlXg7U8kOi+@
zQtn^Va15uX+Nc{wu=0QI4X(NP-+q`*2mQzRQ62L~nZ(~ybDNbyCcdSjMrM?Is-`yT
zd_jUBme?`(b`keGEJHwrQ@UXw51C>MP}sqUeeH>-rDUr~JS(tyMyolA(q}^1Sp6%O
zBc0K>1ZX%dC=RNq5#M9;xjiI$3p_G2i4N?l=xf_LSiCKP2es4+1(L9!k56`=7L@xB
zZ)o7~2K?*~{mEn0IQ^kFdHgfJ06Q?Lbz^H56ngBXbAHY|pcB66Bg&k?jB~e_PW9JyY6pDi~`Mfj`rH
zZ}sU5HZ?fz!{)~X!dy}6n;*I9dwcwH-Cjtx!wQd5uCR!z6_uyydn=
z5!SXmN@23QB_y@!g0B9~3FMVv&)7XGcCdCkhu@Nv$B~z
z%nuv)qnm(xbm-x*fh0@E<2AC^E
z?*C2~AU{iZji0~0BM_&mzubZROrpRHL
z4ba3yfE2so3*tIn65rjihw>eJKx4kbu?Ou6ba$(j<_w?jUZ0|N`tlQ8*H4YP;19#|
zWb`=4obpMXGLmscU_-X*%d%z15+`FB9yhziGW0G}5J^Q>!PCQ|
z)7>X^c-U0xn6pXeXg&btCUnnyjyE)NCyr&!wRkkVjB$zZAm^*f@(AMh|8ge--d3L(ysVuQ?A>#GSHUC6=Y)I)nc}@>dOO!4n0ado&I{NsEqE+th9BixR
z%M%4>Pb3WMk4i)vc@bcU0>1`PI$@KrxK>&C(*#T;wr{$t?FMut{ejSWsa6)V*a|VzT}gkCF!CW2&-!Pq6^J3L|Bk{mjiBC@1396^i79b1T`DBKH@tY)dUW-ER$fD&uYkVAF0f-G
z5I1SRi(7v$uU&V7PKehD!^7i0;ynzsryb~p^s80270nXE(p>yu28_&~Q-4
zyb}Oogfn8ZLup8~ZL9dI*w_pXpzzqv{CwG_QiE+01p)%9Yf;@kXYK@qxkXytwi{iq
zb#rouvI{>8QL}KxUs(*_-*H)cda@Q3eM}X0OfRw)9a1++v#V6}izH~u%|IkM;!ut2
zYLI8i9=nOH=d7BCBej;}Di0TeZlomp_vCtH3uZ4JD`2ceTvk|_U4le4v}#m!t!#`C
zU5YZz*K>ttgB~lF8pi_it|OYM;nGS=e~v16XZOYb;*ByD$)ldKtE~QoN0}H;r$k;t
z6#LD5rs@?orJOfP73C)^0F|#8C%HqpuL%-)mVC2uLyX_26=oQxN;~%1+crI01X}Vn
z^iR#{xk+e5a;mGrY}_&8#gj8q7o1W9E3(64wfD~6Bw~~&e&*09LY2z^KUQI6GGFub
zxrSes{xp0X7t~A4K3iX~x=3%b8XKYzxUNkrYwJ%M+`3c567$b)>fbWsv?u7`uED6Q
zzNn-I6HrxDlEJ#-x*#UvJdxC!1r8HSfvcls#6E&rU$i7Eg|hNfQw$$Fk^1|^Sh63AXjo@M!sXALTueM9eFqHk_9Tjv}{I!Dh;ylT!aBLan@es0j3
zR;+Bd#=-;GblYG=>HIFvX2N3?OB|bJSdv1#AQSkVZp`|~pV9{U7Jw1+
zN!u2gRvZd8%9ZoG2|8S6phMhGZrm*<2TJdOZ$Jn;rEMoW};&rq6;2ICz!N
zrux^>{Q*NNp;K7QZ9Qtw{Yf42c$Lb0*byVq*xs>ms;H~ij|?Ul{V9KRi?v9xRxTH81`hITRc(Pa?v@)
ztUM++y0qo*6SEANP8Sf1cMmVMQl{PwtBJ|}nEMFTL!BUR``;8``v;oFgD
z%C@hp;7a9q?kT64TCVu1V}MvE?$Y-O^{HR5AcnzO>~_XRc8;bm;95Ykp7t|cTJ+md
z>E8)wc|gz@QbW~6|M!B=(q=iZUwhT-gy|IFe#0?8GsEWu@09+v<(H%Uzwg3p%lR*T
z4VQ*xP^tH@cJ80XAD-3Kw7u`*`iA0;G@y5i@GJFJ7<}oZoDaZc&p_{3rVS)=QG}%ja7jzKB
zm{6c$=B#81rikWyDH9^G6DwU5v7ctd7cXS^Olg<=O3c2BG^-yBuaf)932n#gd}{lw
zvT&so@P4cQX!d?+@_zfUGIETQxfwrO9Ra4$D->}XZxW*LV(@Hof}XVM+tS+W_C})z
z+`Y=pyJ^F=6jg}YTpimgFZcY@5NelOcCbP*B0i-nzJn=-VK9lMt(J!qriO_19{nE6
zp+@Y%sO2M`YEl?bb#>(g!FU^P`SP1PIF4%61kSpwRQ`C1JV~z5RMdt?sgyV!j6j)k
zp#mU>+_%0iCCUpLiqc46U75TjRtU_|3G(vY(LRO0E{8{xe2Y`4&5iQ3_E{GGhU0IK
zJ8mjCSi`9RB3_Qmq$K`TxcXE|xr3UEM0qC&6}){NaGdP^-sYrN?J|zP6n0uh7ftpg^CW2LcF=^5ybXcKDpw
zAwHz$dJ_M2*1d%hv(v(|Ir=2;hoS4X7ouZu_!PJ38`uZ6k+ZBdUDb$WR7a4GV||Wh
zLvUuz{xKzK3w9X`w5%~!_d0l2u;44z_Fk1U<0Bp?((W$s0J+rgPWM7H8u|QihsR~tP^cc
z%{}N378oju*}HI>jmlo_;B(l$58@l}ROC5wYRw{Hc
z|F2yMi%2;s*!)={t~5E;Irzmp_)A7)fTn(NWy@A6Iq{ZdD^rYzCd@f%U=dBA)*n*7!@x*W0?apfNch6E)5i0<^U8ApJfQrfBiYYIoQ5axbT&J9s3OM5
zrD*14{t?`eYOS(_MAvPVJ2va!qwLo0(5YuV18JlR~f%zl(-pdi5B+FHxvG(dl!-kCng&YM>=pJVY;U
zNCnm$V>l#HR=g}v1{q(3mBQIw-u)VkTY7p0Vn_PoBdDrgzqzgWGh`Nk95+sdm1NOC
zy0E9k1zD7Sa|@g>PlUw2Nn5D6VMeU`pvawkVbt_wTl{wV*_j;kOl6Nrl1Rfv7)_Bo
z!YHrm-t_7mId$OzYs4UdUt>$I$Bd<4b0IP3qZ{%`lXIVQyV8!~Pl%N=DVqzF%&IK(lxiK>t$7{ojWXJmulGfB;@Xt9>Am=wxVT)?R^)6&!vGSJ*Pn+Vh*5{DLY3*F{15cs*
zrc?G)p+^)XnzpyH6uvuRgCBSsfoNv9<;_$BHzNqx12u)*wQ4quIcIu$HD-XXGgl(n
zBa=QT2SSEvMjKj-Zyp>0-DXkkHM9UqUR13cEjDm;UF5$yc!YS9WjU#67iU?j>|5Gq
zoS+xfxO)XHM}wq{O^X|P6#Gk;(A_Jm1ki_WxR-8fXF~0hG|Te&fIlAI?mTj9*ml8R
z?zR=G2NQczXm<(0Ht~(Mr!iK5)<4JB_Rl}Zr3~|T&SHoh9u-YZv3&{pNS6(APe<%~
zAdfxr#qM*HFCHQH#d*M21<*0~p-pXlmZ*0K@VF+wH8CGA<)=Q}As
z&L0g75cP;Cr0oeB0&Bv$5447bg!qwZz&9n$=4D!5f1;$8&Oc{=IJf*2JiR6AYs19w
zRw_0ZRAqHLM4^wG7#hlrU(#oqq`FZc1h~*Y2Dp}lge0F!LHl8Pn>9*A6-nsF-_p~v
z9Gk*1uzz&Lw0qo?GS^Oy@c|%xzn0F|$Jcpo(>D>1k9~JdPCmggt498i-xK{MZxjV~
zflR5%l-JPB7yHb;@#XY+@6po_TpZJ&`w3%t^t}Hc@-f=-;@vKI$ewM{huXN$enx^%
zuPm98RP`11USiF=h;_E7W4Jbnc4iy=9Dvxps&_G0eFqG>ZBbQ~ET791_=SEHJGKFTdRiYnBQ)so!(VzSnTqx!(%7?a
zQcxLXW$+S`eX|no&UKCU-s=ZvCu37o#Q~~lWk+=Qu*BwdF|(?8Od7ia_G^rP2-W&*
z0rLy)$Z%6Rs`>A!7gTcD8tt+M{Glnjt;KLrh&zV-a>l|PbVpNe8~t9vFV~d5-!iQZm7Be*T;w`X32bT8c0~
z72!M2V+s!u@miR3s8$H7+u{qFA!$YhQQ^7<#iSP|H{sdjpE9_Qro^tcq>LYVlfI)P
zR=ZBuC0V5*^`>_yc7yy8GlC0>X^-S9-ARK&j#2*`q)wJuYVf!=+!B4DxA8u1JXzcHG@!}9N
zdryVmAGIpW5*~h7hpV>km){{V`Mx%;>kf|9BaF)ZNAA2qtqXf^l~c#g?u(n7Wt^z~
z%Xe4jqO-N+mqV71u07wm&Cf@kyq)a^WTveso85ual-FTLYc9g&{CU@>d!LHjwJ0cM
zeFS$St~WiyH8v~bgWKQ{gR;nAb@HqawW940#VB}?7K0+;&wIB|FsiDPSBd76e?2CL
z=*~0lo9U8DvvHIuYruTT(-FMJkydn?oKWK**Q@6A-;F~<#Y4gIyQ@c)&{%W4@wsnWHHzx9HjdP5o9fZ8#MvV-<$D#Ujv?-{<-{g^72EBrR}
z$Im{Uu_#(yyS40&p1r1STDSJ#FSVbO&X86fJZ+MnfPoTHw)FDW?3(*A{DR!)C9{eC
z0B1(0VzN`mjBA}uB*>@0z{+$oJL8NWl=J(*7DxOA3Gtl8-3*d5JU
zmMvdAouM3d%2}^285^SH-iJftiygS=jNytJ`=b1c9-@?FNrxEbJrs0yA3wSGWl66C
zU7~LnMIb^ZTnM`pt5_1&-X(O9-DntzM(dQxzN3@A$8RK+y`V>_fGRh2up@&7P7OOhL#N
zvRc5;rRs%a6fRa5sK@8_N(KJ@Fm_Gz;t>$LnL
z=lT)7`VkfD)rgM1U9Bs4wQhi+y!2>6x(Qz3mU*#?S=a5$W7>70A631u%Vn?@Jqp__
zAy3W7*fTVN;7q8f?Q-YvdxB0jLv51()woR*@b|>nTlMZ9&>MIE;JuDMO}?JLw`1?7
z8Ut+tw+cIs)Z9!RkxXbx98Gm{iea^A7Pm+dk9LXn?7b%R%>>Tl
z+&meu19r1v(xcTihSHW`%}y@oxHACnu%il`}>f
zbE@a;XF3K
z$RcAA*nd)2&AoQp$}{=}>WWV?*%D&07lADm79`BjlF&>{A@25Z^0BV2nNx*{bY3mV
zjpwJJ(2?6`utJGHuI`|x!LXQQ^hW|kFV|RzL;IT;?9I}JpT4Ee(rR{_!RVT-mL`;yP|-oSHNMVP822C&zpoM)z@6#Qeo
zQ&-)s{5CySRXw#om7mgGJabDo0GsCJzDC+!mR;~^ON!FR1ALkJK)h;FCHTCVhK}YM
zyw|}Z>FcobUtKi`?}Ma7C^VZ{Y~IsWX!Jl0Jt#a?5J$Xn)Z5q|XOZiXNe2oY(AmUTJ3r0tfdtNnON3Tw5Wt
zSS^rX*o1fw?CCc8A?HA3==nUQ6jIAUckAwyrQ%Atxm+I
z*nLAr*wOpJ?AgTZq`vQIY`T)}I`^zm5>sb)d)`d7Tg^;A8kG&mx0WZIqO+GHv()5m
z7kGsBqIuItaL4_e&3mqJT2g`e#EiC?>+@_}hb)h4oxD?Nix#)LNtQ1AaSS1Ql9?8E
zkn%+6wj6$~7tldoU*>c^S_W&N$$`?K2(>_A?Dv#O?-kt^a9hYWh#}s%*K+RPIWJ(M{MZ_|M)>b#-sp70`LuwJjUqY#+0*
z>*~x1Y$Ge3mdpKEKsy_l&ivT<>>ZKdm%sYR(uyaVt@3tJfmKXy68lhXtVea7`_d^h
zSGDs!cRGJbgHh0BiCwzpS1CIvKdYOuL~_>%1>KUT%g38drN_gYi8*`r5HIy}q0^?I
z*^xges7V3u@QhL1-?J9KaiHH6gGXvkr9XkJ-0
zf${;r{hP&=O#`R`LxYu7+JUv?BqMNo;X)RwbtInS6`=(Q>{=Cq=PatNsW^TcbjZjEB#L&BV(P9qskf0$Z7o#ytX5tOum!*l63*Y2mM=k6?>
zq_@V4+W|AAvGYme6)@8&YO}lqe=yhIZ=9!eyjt%kb=aJM%kN=PZlaKLa9JlOQ+it(
z>XporQHi(z9R@WjmOA%!0;dBt39}Euh4>WcE(DIV&PIb70*=~{
z+|Ptxx*^6K{vmfP#1u26$??h`COoFbnz>qwNuk7+Vrj&N1w}6$GK^3zqPjqpu995)
zl;fmx1CB5te`-)LKZ-)22s95G1Je+uDfDxsW>nkGcWwBB;o#q;peoDRs_{477U|oYiuKA(q!!=~EY{O~Z>
zh$P>lx4RZc?f9IWJH%Cee_`UrDeZ+>2`Fo|zxg?#Vr=`WxP2&^0mMynq^l0qU*44ZUfDw)$w!y0*GwY2IK0^BZ)n
z>bS+y=JQF+kYHn>`H|b%
z1F_xqyz%klqOtkoq8*>Z=FKLTM=O0pr?uLg)u-B{
z22soq!uTp#t!mifP3-=P{-Jz5`wKSKZsB~Nq7+vD64(D-DT|jfhBHX0S%3^)dF;W{
znX39R=8VruFtj3h%l8=C=ZokH=|>hM=L7GX9+^%myfU7-A&DDnX%29+Cn(6OzP?a5
zl^86GQK9en;c(C~C*(|f#0sw`bOnwC)7$%Z;EB$ki$mSXMN}?8%iI`ob$#_GmVQl}
zBAPW)@^tH4mSkjjt@io)yqewIrlec{r?oZu2rP+jmD~IEIAs6}VGlqzNGnc7LfhAH
zV9yaz5@ctY-Au8kdwaMZx4vG91Q8bqns{RG{QeN8{D=clYG%`c^mk>$>5sI8hTgip
z^u^)K&%xav51;oe87DK7q~E!Y;sMA-U{3eusG$Z)RweP^x49cAN$fwp9IkU8!nXW$
zW#gRy{8@KoAN+LJhtP$M425#({7WLx81C@UxknolxNQ9s9V4YhAo|Lw(cEtL=>XZ`
z;Nl1{BZojXvn?tGg+)>^Bs^Gr&~|$P>IT=eyysg>CFQGF=u7Moxd&>|xh<*|auDQd
z-F~asKocE(V@68~u%wr}PabpY2?YKTD&9&QG
z_J`}9hH_6WNE#??dOd$rVxc0gTAVLSo~|A3`&|25$TMSuX|4t~12?7pBA<)3656Au
zIze^nkCNI|t6B*-=p!bqs(LL@k<+f#B+UEy%VAsHq1azvv_c+$5sN~}AW#TBUYo;Z
zvA0llY;iSmwErCO#z$-_-m96cA}kdrO0t9zLL7$7KUkR<*zRGlSFh!vGwX?~aiUi5
zjtP%2)7Xc%0s_pe?1?!ocnKB;rHI$DY-Yfl
zY3s}lAgN>J4LY7!L^*RsDl8H2P)r45&KV&$$~YKIzZ>|$R_mY;&yPItUdj(T~O6`~2&{3Ys0SJSe
zE2RV_r@Gk8tUX?a*jNY`B8B=X(`v0)n0PB~e&5=~KK7&v72h{deJHyrR$v#X;vZ>8
zl`}>xauj&g71iH`sxsLtkr}d*-1k|^$lOrx5nUbg?mNDl25Ot>Sp$Kb*;5LviG@gx
zvAvfBeEeK%IL)H!(QBy<->P*x69ZD%Ca{KWCzVmNBF{?{u2)nklQz(-vpYJy+?n^2
zyS3lB1>%R3wLsC4U9hmR{m{Qoba}UwDu3}ds94>h{`fi94u>7Ayrd=99UUW`yx`Mz
zz(xJtA%oM2?6JT2#aTNKAMSH-WNVf@Z9*i&mXB8|m_Ko$B_BRk2D@8bCMV|em_j3D
z!*Yk(fU)$cWE5h9>c{2|x;QWihqDz(b1%bL+9fsEF`3WeSiNox0GrMXQj&Zb1{Rfj
zq&uXMF#lp;--@(&ImGbQR|d`=89RQeH!hDDu3ZyhlQM^Nn=CXbZippdm~d#%SW?OCHHsb3{6uq3){yCNb`rVQcw=?w
zfeWehL}NYz;~*on;oDz_iOZ|yYV*LY`w3+@>L(4TB%EzxWflY^yw0ZZEu5$KHsR{+
zBpo5to<3bBdjktMI)e^GF`%p}g9l$wM6+^KL9Tl&3&H+fZjc|^r!hWNSzI+8MA_9b
zTFHE%XnrDM$Hq)S5;S!8aZH|C8ezNcC-jW;WrMJ}uj(p^IcHRglQ901wBF*W9UomK
z`qc|8LccA!M`k&47CVb}IQ>93&bY?pFokqKY+BuN-VRe8$ppduNB;ck9}bFtRpo3o
z;<8qg8U}Pq#frG}xgE#)xGpLkAWLib3@)r0%Y{Gn`St!TWFc@`bH<}
z=)3-c1YF}6x`H{05%<%{!&7rtidD$pw6~9^jSIo~h{Wk$&t=@qb}B2}tq3mw|0T$h
z7{kG6yT^13J3fq|%snXqjG6COYwE}d^{GBMdxREFbLwOXX}SSBu^oFq=PdyO<6ZgC
zlj7mvQDi~>CS`P2tb=?YX}Tkp=c<%dxs`aSIZnxrV3)>Kqj+fZLko{l92_=oiXtO|
z=iTfIbp*k-e!li}kHw;CR!a5h6nG3f6}N4&tDD6@%7)L_}~+mt+YhcRnGcyfc7Q3gMI9t>ib=?2w6Arby*O`8QN;?G5cSg
z{Nv`JRSegID;A=tL3a|(?M==tuP84E4`Bu5Y&cQUa#}5)_~c<2t87CowQIj&jF+BO
zkneljgD=oK=g|kRD*GzG_U~D|w$(V{ljC$AxAlbj
zvtGL2Yf!w+3=osmw^?{aye2LSNm3wOYb6=Ny8on={LlPQ%9yklhO0npyszwwwZXY
zCTUeaA}7LsqtAEOduQ7hK~ver5A=Z(N>BU-kNMGWb)cI^FC6|qW62=n=4Z9)!C?A1
zVw7ol>PwJkMu!yR;~icDFrZn~h;J?KGTxv>tJUxJEk39MUmFTM@`a+O`%_G-Q47nd
zqzq!8i4!Dd+x&@42DzPkwg-@{!|uNlKKPH+U4f0KiLf89*sRMC{V&EGf6816Rzxr1
zt<$$`!ws`Y5Y+QU3)=|gOCoNP4=GfyKCI%Ex>K_nk-)!C*qNb&44+R9D;8=bHLW$K
zO!bZjL=sfCH*0!*GZhC+5H$pIoDd0z8M~y$Gs8OVGF0~^Z%UE)3AR<3gjdXQ26T83^o|MXGw34SNFid@$4&@9q%1FLq9$7gx4Vh(Gu*z&|vh
z@UAztcDZx*?n-}rd`=a+XVbOdqYqtD;cIF@E1u>oSZ)1qZUmdh8|QCk{~qtIC6~l|
z4?VNZ0bDR6tp|jCYiYpd2UfeYv0zQ#zp%(0PRv@=+v*S7bl=$!)k0zX=w?s)U#Rc1
zma$nM5kabiHEkh7#OwA*m!oRBUU$Om*yl7~*12xy5DB{(yawVwyeh4nH?t6O3Z6-?
zw0><(Pf`l}uJ|T6wxBXfoIO%`gG)_(t@BXwY4mV+UghEC!uY4>mK8eI#swXkZLfe&
zj(rgdx6RJPc1M1;>-qlbAtV@;NQu`+pX5d4v0YWlp5{RrkCLH!!WvUMd2^>|_R5H1
zD>xF(VyG*Uh25R0>d6S?HJBn~_W1Z19S5mC{68Ytjelm3CZB!7W>o9bMFkWa%m3H>QU)^)ebn
z>CljP`_RyJd#uk~Ib+C9qD5sJ?xKRl6vROf1NZv*YFPG3N9>Kcw>clB4OSg41Z=Pl
z)5d24`rik}eFU#X9k;fUeNRRG)PCvucs5~qR-x<2(-FcZH5x2LZ^DrHU|^8>h|!zm
zO}0{D=pwHiWn64Oq}`jWrgFrUySqR5(|CDddmGAPAvama1M<(<2ob=gBQ@B
zz~1;iJIK6(y;JC0)c5f5UbvD5@s{1(X|ILex1Qh5HwN$37rTmdKVbpo%3IdM*P%>#
zK9yi$0d&5wDJ@cjr0k%TM#DTf2EySglt#rL4WU2$iRQod${y(WM>c2mkEDsdMGoR5
zS`8nE)%JiTw#qSjtV?pwuW8p$xje_t>IgOxiV)G2WJKzw720n`d_XF7_LGnK;8!(ifR%LhF7LOHZ?1Ua#ga2O@^z|q9y`ye#K%sLPn3FTFUten
zoqSOcW8?bpCBQsI5_61jVq%v|He;2fmfdh&^JWsBl!77XHNyk`jdcC?jEexxhvjc#
zp-FbweuhDwAEz1~<%ex^z=ku}Jvx}b+bY4(r*BpojW_#SJ66blxi1l!81U%?E#&O3~=zj_RWs2dT=?b^2qWVKhDf81g=olJuOzM;ex_1-^Z-W@rt6IG?r
z8^1XTryJDePn-p&gCr)IAoR&yAHq}(MKIOb9HdCCfyB)n>WUP8$QgXJtzaHT!J~}>
z3zq)1hcrtURQVD5G_AcfdQ~bNL4F9nM4<_gL4PUoGWM{tJ;9a!%i>s*#0U#F=Jl$T
zJ-cf5tmS=&TE2{&mA&@qwTqAeJ@sFU%q$kLA^m!KVE17#B%e%-9qe*L=&buMdC=7S
z#%uJyUeF2l6&bQYFA(fDXS2aD>~8rgfZqrpdfI@@Ee-sIV#U6KHZP^RII(Xo-X?$J*FOP9D=Jz1=Me4oM`63uT!oh>OV>E<&8^dVlnxu_BmXlV55ry=JzUK<=_
z_DXjAcY(U75VCzpDfgbbNIsoBL%xyvr)0{BI#J$(tTAadY0_H?vCK}fGnsSmy?-+s
z?l|~{pffp95Mke!$MvLBF*JWFwagH-we%C~w4(!V7&(ELi1t~<9s7Yj0QA(k0@L9`
zkxn*nNoy3wW^L5?7aBo=sJeFgPXh%dOsAap;EKu41RQ3gK3s
zA{iPA@i4ET^H$@fw)e{?(+>rzmd{$=P?p>Uclk1|var74-oRM+6SKM={lkW5)nc@>
zqu151IDau{IB587{QUD#^`)z)#o_xu?P@E*Yu_c|wNjs$I5;yC&klHGeqvr;wRhXOmWc
zuhoNF_LuGK&ilhN@TZT2A7Ot0oDTvCma}kvhJ%}sIst=GG|F^+|8uC#>IJ+e@!0uz
z(E0c$S&>ocsNbJz&JTJ}M!&~80#s7O%6uxDar$+I3^?8#cn}ts@p$@}m-lBmL{CIe8
z#BG`hn+J)lmwxO+El;o7?{{C+!c29Ep_}zS}8)3Z_>>Csm8)2or
zeB|h6U9O@dz+liPL?C^$rA%4cc6nz&yZ@WNgc;Sp%qF;I%Y=z72WaElD-V6jBizqrZPsXa9u+?p!lPsUAGXFP1JUfV|sS^wgW$w<$$l31l^iG58B_Jaf6=k
zudD%$y9a=lSfvl1HhfnFe;4KfDlKbxR8)$QxJYedK{C3Xx+w*sKc-!N)=KP_PtbR@
zDTGV#BAj}tK{;LRUMau`B!iA?P5GY%&taN4Bo*iDBsUzB){Dt%es`h7eO;zK;@R$A;B3kZpm
zkuU|Lr!fGFDK$6|Ei}M2oTLat9eKJLSa?Kh3)-izc$tw$rwNK7y=8;=9JAz%MAMw?
z5E?%sAe{q$8=T1&t%+X_2zZ4jZ7K0fm-jZe}eIy0j>nuHIc!_6K^Vjfm1lwYMA%S?KL=RrjPJjlQV0(}Pc
zj%CkjNaP(GX4Kgp%Km|%GN{Li1c=J0h-fizlKqcpG^D+lrhtAGrA;M)HDQl$y{sD=
z#s9!jj(F7Z;3R0WMktMB922y9ZGm?e1Jf#Gky86WuQ)7iUiX0R
z5Z6;}9`?bfuWi>xh1GO%qE()9dlncn;8jSTFDljUGK&-TFaB;o{>V$Rn4?4`zVv5c
zF$;G*)zQegOC$y?I9Q7+ZC0$^;#!y}nux-cwCj%ZUxDUdipxMluy6F8h-E7NA;DJu
zlgu~efVd)`I&YZa;ReOU0)>s)nfqt}{E~js%~(yDsf4I;Q#E)vvw+4&;JBX2_&gd$
zBRClpP=(P5iD7h80=Gd=Xo8N&Rzw>qTL}93QoP|}5vWBBhVCFT&Xg1}zuTJSg3GFy
zpm{|Mr~qC5O$QmHOu5Xea;8`UXjR}N{Tn5JT}O)rad1zzm|$Qh*`;nbtl68yblwW@
z&Z*ZUEn640nhbmks@#o)|3-x2HY`hL)U$=Hx|Hn<1aeH-+HxC(8CDw&RE^@VGSk`z
zQn3uSE~cSG%_GqzkTk)r>fGRET#P?w1deVZ8}>)nc=&iEL6PBJiz07DW74Q{^tyOe
zD7M74v-2QNctOT;UIhfI>n?yOdB#P;dWd#67<#CUAk*gG$2lb_$Sz98@(Bi<2
zK8IJ)1EGYNi7q9JLU_^b1-D;3?V!pu>KCf;q1Q}A8^&ZEUalE8`BZS8M~#WU#AV7E
z`duQlpFAWo>|~7gBr`?HnFP}rQ~EGt&#y(2!xDwK(`T*KRv5E3Re8Rkw7)asv)&XP
zw0W;={VNu11*8fOHnfORSim6UleF$_vsz6vWI_p9`w@ntLI7D+1+a1L%74X-5pUED
zt-RcGFNw!WA&0N&M&PzCUmP?5e6AL-qdlGCA5GvKQgVwDkowC!>36EFj`X
ztvdk)P#qBfy^7Px^H!DFNceQeG6r9OR8_(4$M+J7#e@qq&ozZ>y)g~sR@TY#&)xD6
zxLyO5z*B@L_;%u4WK^cEv}Gl5iq2j6XqvP0-NLWJe?sT104h^)^;=3ikJxQt$G%keG-JU<)v-FDC~Og
zh!^yw!}gE-0qj@aw0>lk|A2wc&!74Z09X6~cnG;^OF6c`4a)C+%ib)-OrYbgtZxez
z2`eeDbs-qs=sNW~+C)xHOp7Li6o`G4f2KgS!x`Q{A;eB%3^)woJFTs%Uz32a6oAse
z!&1En5^jY^fvoRwVii{p9US;JhBgXkym#e1}BZ5WDfZ5_zq>e$cIR_+Uk*qPtwkDLg*QUku|~4^&6}yLNV8+4gTL^
ze5q<;Xh7-Z!7LSm@h@JH9b+k9VNz4XosE^4_c!e9-0sfr-EM8#uCDLve&K9q^m{CX
z#9^P04RJO4N9Po#;|;h-3FYc&dN)@yxzx
zWoiQTwf*t^=E&uWqTC~9dBGqEbJwoPlY#ISXCtqv@*Ovv{=0zR$1pU$p(}r|{EZR7
z;9)z&FA8G0j6+$b
z1!W%@lK4mA77ibD8xB|GMC>`TOnNhPu(YX&`$wDxuf*#-oL3f9Td?8RIXD-cQv_8r
zBsG=#p5O4y$u^@rn&*>Yy+ccrr3w1&wW@DR5_5{d1jHR=h305y{0D8fU;Xowfg5U>
zXgGBM3CVr16Lc&(Cp9%~o*ISYsmSKp7&ecuc=u!jlDDTo!VF^Db29u|m^f;Bup7|Z
zC`6ZOH}0(R^BXbfQm#U2u2KJ}!ytIDD}rgKvb~p~{%&C1?^#fA(qc%qqelZI>_fIb
z@A<*dCjTJ!q(`$~^0@cG@6m|oS{3d2`p-ddSXTl(v`vudBYgb(e58m8LSBD-3s@j&
zL%66nY{oon(@s<=@Yzdgp*BlpFft@4Kp~B&N?T~y4G(&J7PQq6;MUqd7@7j^Ger*G}~6Yq||>WiFm7K~}%{Y6(M#GhXG
zKCOQE$@gPL28eaiO6=&N&-t;+%vY}g*`$Lh=q
zw++f|=z@b2%yB@TK}BKGUo4u^==)Pc@xW|HUUn!3K}>N%627Pd{aLEpDKaMd1vG-fzCS9b
zUgt5WEVha~vMLIo!{;*SBG;?E&woXUM;JPO&<$>h8BEQtS9qMkkdq91h~vrjq2!4b
zMX~Gm@nE{AusnG~i)GnfYMO>n5T4T!p{bQq!Dvsv&dq+KoWVojTRt?Qo}pyF@C0`g
z_k#P=CiUmkmzGegeW$|z(#~puA2W%RIn5LAwW4_@oaQRnbJH~gqRX8lG|c?a^p}Ic
z{IrJN6n@FPhQl_KN-qt7xr+=gLGw7C=M(CEDcOys_A=O2=X
z*%H|FQDKz4GRbsOl4R?cQdM=_Jj;P-~`L*EEkYj0NJG2hZbpvlbn_
zUKy~aE}@(CM8ED-Bu7ruBWYh3QjHu0^IDKmL*_&sY`^gButbM=n!^D&O12coZ2wsM
zm)}l4`{LPKn}r7Xi^VYUdxG|K{F4B(aR@vQzpbR|N?>Da)XOtpGTCzmQga&*oP{Ph+Fhkm
zi=ET&CoO7}H>-Jh2>%YQscc;r*JUfRU-6*_nObKK@vV5X-2NF!LCkSK7>o;@G;q^8-PCZ-ab`0
z?V8ExM{muJD%68Jx)oX~m0$
zn7xlED@kI59Y#9Loc~wc4fGu;Zh_X!m4MjiXzQG7<(S9Fm&1fV;o}&2p0L_szp$CV
zM3ZGWruiMQXhv@wf8^2-a7^HPG#LZZ@w|-5vM$=6kw`4(7)zmNoM!K8lg`7ON(J0L
zYQ>8#WZBshF_PPrh?B;Ia-DRwtL!Qv{C7O!=tf+t*=Vn;ykS0$hO4AU?tNEAimW5!GQ{oVAZ
zL2N8qH-+zfQ_zk>6hE$i{ag!yK?Hx0pA$XgKWKW#FwvQ&Yjo^Awr$(CZF`Sx+qP}n
zwrzW6kL~&9e%^C_|>z2lD
zRCvOnrSC7U+O%|ad-dAQ1}_abtpZj>UGwdZepBG~-~g7#+#{kX<-UPev>KF}W_QKi
z(Pn->9Bq%)oA_!sfQglOp^M=f@4zvBd6C0|5VG7%rl#13u}MP^aUIGDRNdoRg=tEu
z9aA($EyxqT<&JQhht0{_Cwg0xCvg`B?0_To(L#nh8>}2RULNK-xW`ZZZpDl;?F|+fuM1;W?|xa^Gc@AwHu5YUF$J}a;``F*
zSCilzDnf*u-;;6sDuwjWQn_vbV#XPth-L$Bbr#t=M~u(}f@I|
zfJ5Wd0-a=&C02?c=oTDX-#v{TZq>O2u6Ct;4qJr}*uMobA!LbT#+U1k9XOcZ>Hd934tQW!W={5ipkCuaZ7zLs5u&+t3SJ
z4XZ2j#sfF#&@*rH$8;PzvZ492%&N-pU6}W#{etfovPb35NWBJP=^W*?#*HI^u4QA)
zk>_Y;<(v;ekNdY|YV6S)L@hiLb?@dZaQ9POa)(xQt)ty_z|ZZ
z%F4d9Mav5q{P%k{2ahUBh8ctB1{M*uvZR%b9ALJ+$fbKsE`Q!K2AfD14Pd{=S|ISU
zt?V0Iq-23&S|u%Y>$56bKMiFIS4@|m?PYZ=8!sl19V|3wtHar5*Hx-dRg<+Qs;Tr&
z5-3h0RqM>ef%eQwqBb)tv@}Z$7QiOq+U#Qv^8#i29%Ko+rmW5)9YxmCAJT%BYD
zc|hW)3cexCC-=fKQ<@8aNYDU~U6b9J#Yx84Nr7`!KK4v3%=&pK_;h%zuWf51rCEb$
zMVzH{Vh>M@Z8Pzb5mb|cCv`6At~f`hJeW+XO1gpXeOJP7c}F!g)>WpPr%OQW)shGZsP
zLNN#P$l`9%rDwEA#xq^5*^V4U*x@$`2-=IT_NYNfu>s3|P7FAr^Q_;!M*mDK@nY4hr3T~`|
zmRN2z1B=uY?PbyPevb9?Q;52De<+q_wxbA^b;f5{KTFTPEs+>yn7PGxGPv79Omfbj
zt*9CtnvtIN+U9>aCAhL~inOb>!Ka!-xruWE1-1k>&uT&cN&?M2zx4rX-iryqoNw`}
zHVY+bKXgRh{icFz;%X!LEh5aPeRZfUUPfykRp>ykf&zfykcOSTc`R#rS-H5Zh+dq{
z%PB=Eaab4hx$V7yQQCh3&WuLg=_fA`R*BVs1cT!Wtz0Ug0BCxx9Q#!Js!R>D{(W3T!kEIP{_
z&JfbFpD#6s5DX0%^H)1g-{_-2f*cqr+eaC{gG
zRtLI}3T9{+Re2ZH*_NuPr;|h@(rZ5Gj<~$orJ~dtPdmdqx?r~%x5r)^iN%7RpuQeQ
zQx&050-Ms0$?)U4#5Ed68M^Y&bnoaUIMfp6+0rnmCanryZj
zz7%o0p=(Q|c6)`+KRO;Wlr(SE<(PU!$H>mG>B+1+MHVwDvYbZk4f!TIAJ)H&TfQV-
z=Zmzg0a4?Qy&*Q@pPKcp)hbrlDOK`#<|o|}+@^y2t@=6>x>v;Yf~0a{!QPO(|47yZ
zB-nXjco_U~i%+QK*@|Eb8$Br1A_Zge9w}*O!fXfLua~YXl@lJNsHV{tF--ped<)e!
zzcrxg9h$CUJOE1U3TPhZ0%4#~nJk9)RceTKm>Pwv+1yx%R+zZnE8kTP7jNS*Q|V_X^agIG)7}?sd7YxVB3{VnxzD
zJi0z*OOTmL{WR`24wutxVmnO?G%HRs_g$RZ_fWiFS`3u8Kfy
zYyeVfz%B!~aG$RM$PZT0(Mft~bVl>%_3Xi;@eae128G2TT6DOHs;FYewhi@17D({;
z;{J_y#abSQJXVlJNyka@>VRb-S>Q)k-mI$3cLuL^^{;d4Df{Xl6AY-60#64#8V)df^Y8kCoBGCf&+=XI
z5;v77st=f2L`*MB9tcGurzp3%QuHFUR*LDd7H|*WQhqkEBM%fA6hjC+Tz(RjU=v
z3wEZHM+Q4$+@!tgNPA7zSZl2-G))^oPne%tbX=^D|EeSYmU(84gzI&5=_JX(ZhBG3
zR@xXc>w7z!XxiE7vdTwq~;Xg41A66Jl{r<7FJ>Y%8sE_cQlXMx>l-
z$epq1nNFu&@^8S1GH04BOc-9IyctT7@i3i}4~%)4>O^zX7F%%xn2zprt1$_Io(d~1
zT_hJ3w=Oec|2EHylV6K6nsX7&QLev2*8(F6)y!zqZ^z<8c&UVb^Aq&!8I*9dwd)RN
zB3V?v%pvE;x7Fd0UA2$A7hXdJXzLXpm?>YJkKN9%DZ
zSom60BXJ=HAFl@f3wM3>7-qU>G6N*5Tkm&!jOp5ANKWe9fB8-*RE5UJ9@!M9gnUen
z2y$OLrt12ZiuVHvF^8uyh6Uui;iP~5ZCbSBnD30ZU&%Wwf`YY!wI|07`s5}F>uc)j4C>&pH4Vkj!@5L-3|eYrS&^-R_}37(iCL3^in>Kpc4(XW}6-`@SS
zcJx<~b-@sIDvSOn*Kdj)~2v1MEK&@5#~u4I{aC;`g-9&l5^hqz;rUfs46-~}Ol
z+iac+9~h#FWc{9ki&IhgIKDmuCT+^&re4$L)Bu9Y-7$_96#agfg
z=!ZgcVJW2CA!Y{X0!Nw!8HZa)wSoiDJ~rtxwJ!8OZaP2J&3iVscXu^En;e~94R1^$
zbt?t`^y+ih?QvpCgU6Vs+hqVP16jsWVnfOI?wakZk=aO{6#=}(|3fWlDH~HYYW6Fi
z`<$!>awoKGb;Cj7WDsr7GnYb&5q6az6oMS_H?Zp-leSwBm(LJM3M{~}i@V6Dq?JSw
zneQ3+LczfOF!^USzcdBNBVBn5+U{@8J`8Z+2Eu5sWQC#HP?pj0p3~w~2Tfb51udkM
zBu=GLP?WXpxd3;cX+dC;42DQSs|7#P=*=uwB9X*WDQO}mR!)cA&6B}Hd_JP`kH#uqXh|qS=@$&fj=t-d
zBc_d72oF%wBF$_O
zJMlPi3FBMsPUc5KfH7Y>natf5>WM-4VsqlepKNXCl1wcRP3$^u2g>DsG!q
z5OgY3adEkbbM(p{Vb&q^L@2qsTgq0~&8Jn{WzA~9e_f=L`UN@M3h4T}1*n?3SJ}+R
z-5#N(oiD*eKD){{M`=>60d@`+zA*dg&6s=2B4Q4d8n=XnibaC1j=uG+y;N#QQzG!e
z7@^@I(HKyq4tgiKNZaxwevEL36=QT;zS(JKSzh6#NZg2Vc7ae|o|wT%QK4ht620(h
zPS1cFYu{mmdX+TilSDn{{I%{mP%z?A_sb|q@wN{<~UY6BGLAv(>u
zo^i8>10H2v;;3^r+;O8TCiI)rPT9ik@s~=vh%k}GwTXlA*upq>Drn;q=?6o}7PpAP
zZfhNx+0RIm%
z5%@%=FxY{(5H>&81rQkW;i4!ll(+%KAb?kRL`Xc4A7UuMJCJqjA9}Utg3W<@v|h0^
z3u7!&#M<2)n<;o<`9#bFK-|ewKtGrO_`}DDKHqKe8r4KMP8+U612#178-6^?<`=jsB~jXgTN?;T#8L>b;*V|E5p`(1&4i_4HqaNS9}d37DsnfqS|&}~FCu6Fg?=;?8lQ3m2TeFt;uIP91IYFXPh
zW4ii$GW_v(2UEuc1DagIuUyEr)8^dAf1Uu#?kmR$tc{I7J%PpFuyqCMD!Y&m69&rw
z42a|z2io6aMi7KWY{p*kXoeDPdIs{0LHdc)QQR4As?3wuhZEMAt&Z7)D&FzkMP9W?<%k*o?i6U24w=W%Y@u#)*2`iq
zzC;OdVPg#~5KNZLbu$=0r}v}q*;OC*qXHVjDmN6}Q6z>0an+sMK?+#SFa?Z8VmQTW
zY@jS?SyBg>MMj-2*9$SUfDLn$G?05gZ}vPW=3V2DQth$7xD8lXiU+tpg6tA0NRaKR
zJ)Z^Dj6h3Of7@U!ZQO(XCj<6@%#j#7LYjTvc3`i{aV89Kwk|h>gc-8>h0S3MpCxZC
zX=0`i`3Dre19(0spWsf3wzg^H2-qnj|
z2Am6PE}$7aD7D$}D;}%LO{;lOslbNtzq!}$4l6-)V#(>x(Z{GIC1O-Ph=_g2+*(=mNMM^>aGYl|_-q&?SfU?wp{(prF4y3y`&B%hyh8C-bSw!4$}VB+SEG
z?O-e1>1#EfYd|C;0yuIB$g0rw(G8u)q4p|q_*&mqcXp>w5{|9woZJ>TwtT)luCI)N
zRuVxgWml11V9YPNJ?mUs?j)S;Mz-yThKcpEsX~x&3sqrn>O$=K5LPt&0(NX3F%}DV
zVV4Rnc?y}d?S*nK>dZo0Vh5Iy!?1r?57%Qyw|Cs>O1aD;xx_xi$mn!=Ct-nWOxSs{
z$vBQL*_0$_IWFn}!zLk!ZYdYU6z?Tzig+-(?GbjNKDmxuE4y)!
zsmpo?YS3Q{h94`~83NDPOzm}yp*wCvK`OVYTexuU7)?d9sVW3F$s}4hc2*y`^+e3G
znJl|GX!@d-S*5+dp3WmLgutAjxbYrquL<)}t2&$KXi~n!PD5pgAq#oyB1CFX08r`y
z$wwp_r#qVa(*~tH?e_9w5Y(0@vvIZonFS83cJgWcgU5t%e;7t9q%36>jy54d?|-^N$7*2>>Sn076nQ
z+su4JWf})2IFm+xh<%}`C%KWJRS~bDP;jM0rB)V&SZNs=I25B#CLa$1h`SS3Yw6<*tu`yU?YC*O5e9G^H5{vf|wzwKF_q
zrER&{W*=pvW99U|MdB9J#S62~zw9^EX|%oUnkBMel2-ly<7L*oXfu{vk+cIZk2v2?@_n;QYT)v>8&Gn|Z=;>A
z^Jb8J<#pm8KWy+`HVg!RWtWclCv04gDIA@}w1m|An;=6#C|+lN9B^l96sSE6S=U$G
z#mqo>u}0i+{!9feb!uUex&I&Go=*ImyFBljai*i8nEpm_4zehndD8ozZ67Xy8U7>b
zZ=<7Pz4cKk-!xVno8?(eRtb%i))t&v7u&wS{CY1d_J0%WX8$}ntws>5r2hJEJwESa
z`Eqg$(@JlW|9}490qvO7{E1~q!N*6DXehcWA^p2d=RTbwlqEkq)6N{FChp-g%AM!y
zRq07i0XST0GVOOCHbu_RA#Uxfy5vY-)L>vpq{)uc1*cHz?0UMj4dS0j1ex&t
z-+FZD6qtwqJr{c@!fVqoJUq1{4L1Ty@@|Pek@#i!u>s*`xJhoL0{^q|C5*R&4byqQ
z%t;!|8KQZzo=(AQA^oJN$8?gS9C>T&jZs!+@>)?jGX@8$T61g_xb1+T`SbSbZL}?m$9&lx%(=xPX*TP5^{`Ua36(~kx
zm-w8%Cg3^07}ykhFy7$Iq2Q~7s?;_eseC!Kfn1bdAInN_^k=L;ZPxR{)>#C
ziv#H5|2d9%&Q#fY#)D{#%1fE_uV4Iv_ZZI?q=@=OcL{J3R{3Sv{eSa4dzO0ZYSA;4
zWtcA!T>meWM6YVObYTUn_9Vnm`p@OU$HQ#1jcGAB%{}>chXokK&}D&Kae;lBfT!Q%
zAEMjKrgBXtNNC;zrQ1O=SdJ5dxY8X=z{$4TZ2wM(+~YGIC1{$VJN)HH$ky}tc&8XK
z^t~ARCKFBcJs6tFf*mz(@Zee1{I`K{r_=e^Z*jbEIqmWEYcQdS+N*7No?l{h^sBjLXsW#>uuTF#~a;f9VeLtzfmWPg3Fe{5rU~0iiYIOehOiX3a&D=OZS+NZSds&&VD2{J*FsFPB}YUCwuNMT^!ZZel5
zffJ@cM^=vv5ZGm&$6W%DUQo2ayTo_b2_l)j%ApO>4E+M^yg+JT@Y^+)X=_FobbdjU
z8z{l>a)l5CU<{+FQ;_$+sB6&L2rD>m3s?C
zZA;7)%e=$=$%6D)ceC&!BG7knP~)bG`%4?E$Ss_VY;_TBy=;!{T4H@d?VO3^>}kBP>5K|c5u-1T)z<*Yy#f`)!CXBJIYo9Z-KnNwg?^yJLUM-2
z(Z#@8yY_ev!6Rc`h_~k}XG9sw8qqE68qquyPk<40mO_sXegzpUEEu$SWodwLCW}&85Ztak>s?cHDT}
zxUgQ@NM~kdmOG1^%fsR6@x16+aJ;TieD|=pln_P1RGIP6EhNB%w$cfg*zI{?*IOR4
zNDdid{S59Zyi#~6!$C0piX%Lc7u!<&SX?qEf#F3|I%OP=q!@k}-o`03~?a@`~m?bp3256O8pokz-
z!O?Vt#CjtJa9<4JIg0w6OcBxa!H^9vfr5mD`|y33visNi<^~$1mfM>jqJx`+dnRS|
zYZknq_dU+Z0+t;UV6m8){e9xgp-pY&?Ex1+q#@527*lkj2Y}mGg=bs^+#4P=cobr5Rf7JjDz+=@w9V8ig
zB%XHGsm=S+M&rzZ*$)f#rDN8DHe)@tBB@d~^1CLFlMZ&wP7-@+dq2#+c)rziKfgUW
zSuIW$P={IiAk`awTMzaJM>gUk7Tn+sK&
zYlqep?AH_FZq;dyT2?__t%In`K%To0;?Y04{i3T9wC(;U0TVC#BY|ntiE_VD4Rv~H
zV>Byv4%y^b6nj%s?U4XS&fe4VxDzOu$}s4mk}xjSUI>$#VnF*u#ZbzsnRngBwd=<%p1U^)*<#VX
zfc#KJZO+$@Na``N6!AY&vEw2?X3hF^w{|^Ok}&1(c>ZDp0+S}D3QKEQyA91UnyMqb
z^^15rxJB8Urn)1NTD{t>glH5eiJCMws0M)UV1*Jbt3KD6l;FtG*{#P6WMgf+JG;ZF_vZXEn3wr$18
zw1(jbSj^6Ib>F#~Z+p6$ja^_LRkX3Zlx6d(-uZUF61Ck5tlG`{uW?QShaY$0p4~p2
zPE}ylC4W5Xu4oU`?Qol$qVEpKYyo=2QT5wRP0KkT*E;Dy|2;b?Qd=|{6~QFHi3?y>
zZ1}X4CT2gE9mCJgyUe_82wZ%`E1_VY9DQC=Rnytcy%7H4E<6u9fYJ#+FRH99H@wu(psnsiC2-#M
z_b36>q-X7QIfD?KYvk`XaSG$Bb9G2e7N}?vC&)PDF`-VDFaY*lG_Pu#CcBWcAgju<
z0}mIK`nrcqc7!q}W(`kR*jM*vMKo8F1tT~jYsA*lA^E?s?Qj=_+FDd0m!gmqH}3$c
z1+ixFFOe8gaHB$qO9Phj>_c=!dB2+r_4}L<9LGNs2>U#VwLI(V)tbUVx&w@
zy8F=a&tynZ!S8`)ety`!vyt%{HBQ{AThie$*z%IT`O(w<&-<{zQvXf@F+@2Xx2(z2VKXetMv)idisCX-09vLx;29Z}S|1k3
zh|rqDgqv8Dsul|&3mRHwTUZi{w)Qj|bec|&_&sp#mWKnQqYO}zAUF-QMo
zX0C$HWy({3HA6w;Hs|}~pCQlfK*K$t-^Xp&hg5l3JvqM?_-FT_&!&>G1%O{Tw4tdy
zoKBujO+!oLt$9$`sAL*mlbFJrHGZWmIYkDdpC06pozT0W;g$FOj
z?yu@3O8J2R=*E5li5N#SO;N7IOE{!D_#%$!kz07cVzD_MaQ>SY1p
zfesRxl^6!xe{98~8CFl9*+_|dNP~gBJ|N&#ehA>mOwP+t(0ic^|HpFJs|F>w{7B;N
zf{?fuQ)4yJ&Ac@u=^DH%XCO{T=%yuk>AeUmjmGm>Lw}o(UncF;>DkaAM>p}crwO6*
z?@iy}a)IB{gp7vO5{J|1ZV)mm1T0DVn2A#b0Un>|fFy5SAOnY&r~9ksmARS^3*88X
z9up=Tx!Y$v`qd@Qqa@|AP`1A=Q>kqQ=GeMB9w*v(GgS@*(jW1EF0kZQSRU_hW1NJF
zTmTJXq?gEE*u)0CR5gl~5cOe(OzmuWmMC{p#tuxAOp<=^Lxj*
zs6UkmUifbY29fU=$#_5zb(544uD7+!Ehr#ls@qZeGX;~_>rWZ3URy#GO{M?Zv!==W
zkTcSU1Eo1nWXw(;oZz>HwKCTKw%TD+(UmyRb*v#lAdAze_YA3Ph3y?f{^62VqUUs5SbabxI~|oJ_BWvHB2JH1hovvL4Mh~o=99f!S6aU
z#un&DWz?UQGE&b&bjjO2p$xaPP+Z%!xhBACAGZ{_vCR1p5SAljin
z<@6i%Z8nI*#N#eEgvdJ-h!iFj{Tb!psL`h2_#h0RJnTjsqQ>eaJZ9^Qj?>y&&KN6i
z2&?w+A?)?&ux_UgF;7WYP(AkU@DmN4_D)-<0rI~3PC6_Y8&m|($Ulsr#^yFo&wOgh
z60WMqr^gO@6BhdncT79lSXYgkFN%fN{Kqa7X9Zit1%hZsYt(jHOv_iNF7NjUWvtIizHFiE*CgLKy+-rrA+#k_vgHp5;Ip18c{7K&Vn+Lm>qmseYm#QXX*!Ik2X2in
zJg<>hd^*1yRRg6WUzD4{yBe4nmAUea1Egw@oPYS9dp;SWi8NlnpnOHZ6Gg_b1yim6
zj$=x#ort7724PcKa=3vIg|pC81E(~#^!{qb6?T?-!lGjjk6(}6STjE=c&n(Xsjb?d
zFBF!tHq5ospJ9yjiCk&ayexF~=Oo!J>Q0I;J<>*UR&sm7A?`bc*#xfUd4>!zXWFALI9?Hl?69BLFvO=C7Z4Uc6XWNr7e
zrK(q7Z6%1uw4Q*R0pr*Pk#$8x7u-^ov?!VTgw);3F3=Nvnbw3Hw+n$~IrJ8#hTa{T
zn0HfoRj4yg$BSlRnbP*U+A7}0XZyFT>v9?qI-8j-A%^}fPpwut&~fB
zUu4)#7o0J!NWle0Cy#76s6)b}=!TWifS2_m+{||;gIhHHKUdqRlOXPj$G
zv}r$14Snci>>S)6tR*HqLWQYob97=uVyo&N{m<3%A+L8zCkl^l+G0
z&`#Kd8;$XLgp-q#KP3Kkdj5eB{g_I
z@7?4{1ZeBn+HvnPvzhtQ;h$%(B&_H8XHT3GI)CgL=M)exYKe$_UH0WZ7T1%u&?P>I
zs<{FyR5_fDPt{{$po8Kt-tJ{G{R-SsKn4KwSVHQccV*Y
zs?86oW7bT^86HxC{y9EU+TOQtu4c+Ot`nPfwA8nQFv+<7j2F#B$REcR+(xQ_J*mGkw`|-ngJsWm5xeLcsymv@0l$E+X-lQ
z%EGaX&WV=~%bhXh2(soxTbtO--jiLj1
zwAbaUU}1684#UoVHu>e{nUfCdYUXZy{#+r`O5Nd6uX8mipt~p*tbG2oVEZV;jQC~h
z45KyGPkC}4iAvMHh#eExwsfA;ZLSx4|09tFTN-8ej`phBiSuglt6R2|oYxoi9Zk~F
za+rE=6sMLxzkPk9a?Y2@+u^@Kyz=riuj;!%o`IY4k(os#7
zE>e4j;@XGdes$Ul(l7E7N;Q*TWLU%ksX4mYdH7TcQWU$Et}!aL{-|+khnu5WzEcsx
zHMawt;goRv6)}z!?Ip+1naxlEX-1Sw89&{BOj@IIB&jm!B{<NSF3d
zYVyxpen9k@EbaI`@~(PLMN5t*oVrE(q%WRq{1M>QSr_LOvz#n!EGJG%%T0Fn`NF-U
zjeB`v9!?--H&V^R%eCg`*2P{DW8Ht*|)73(+rz>bBsTpB@)FWb2
zwxw`s)n3Fw|Ad&<@~wXEHhbKd=2zKi1^Rb2=NW@w#62YI*mW%I^PPW@>?|>tvP~#E
z=jR0N+@=aZ?@9RYXW@mcA^Iv>??d=Rx|Yl0{#uACaD`DFGh?mdxeC{!&IVQIk(cx|
zrRkokt3>eA8r%<g2H&JfpF2Rc^@jRrOUaAkxXJiQgsjH+r6WOgiNg(`^pC+sB-{q9**YJ#$@L&sci4
z2AUcAsSX3Bnb{L|-5T91-2(|j1e9mN$8CPwz)wF8gzvywXW9zRr>6y-Rn2a!_wf3<
zHBot-{AhVT~!HkpmQp{pkl^~ExgEN9)x?N$BPkgim
zW+mj7e#rI3dOAegNU;o=MW$AG3(_RBF^2plLAx@^jl$~3rBzSI%en@}SiJJ<3XhKH
zv6hgy@_S4`H+b{S=4SB}g+=CO`6UGq^qthM5tYVUqg
zC<_9*v{lJyn`-1E>yo^OS3Cl|MPQnWsj2nVzD`I{6|kVA!w9G%+f7l|mWjEbe@TfD
zbXB_5-~1IeD@%ktesn6tE1J4|<3Q*xVqslBXDWMAG*Q!n`C*_k3H-p-AL+4oLKt~Y
z&Bhhwb_EZXyr_(gM2xNe-Y3A?D9`yQy(
za5LwzVol0^q>t0#!K(tk3($Ik5Z#PFZ)GXeb{W9#@p7j-vQG>HX=_6fl1$-bak3p2PmhaKl8*)Y@%}+=31?ADf+^z}rA+~Z%WYg*9lyRmN
z<#`i?CuK~_1)@8(l?~r!DoTDsLYQ$W9IgY;?O5FCP
zc32law;I#Je`W3}T}!vO*j_<*uS~uc-Z(z_K2I&sJe+dqjvtCEtEjWKXiyG#cryjf
zFuMRhy>cfhOY2NOCXC$HA~~zEId_|I3PL^iQ++6o`PNl>`?5%7xF|2{GAVMVx?HT6
zdokUSV2C-YgFJ^~wv=AZxMP3wV>LXjN^?|M^n}Sou{u%;Wk=y3vl_mFU{Vb>MUDzx
z6Y)XJ?Y?2oWy1!&{4m*>a0gI7OaniCKi@ofI4x|~!^RDFC!?M|P5@!`TdYN^94~y|
z^Zudl|8Q}bVSvrg=KC}Le(2}_)qS4#rwsmsf4a+~$Kqp^5?|vbFm*S~LFO$H*tcna
zAJ2ggSsk5il0-bzM_0YsP*b?QZDOYOUR9>s-z#(LbtuaA>JrwEJ#W9l<&h(64F~6=D9Yj)4Ng=Q}FH^@e%)u;wt0iblm~
zl?A3jfADBo*!k);+nCa!HM0~atLmNb*j$HR?1!Z^tvb{M-Cj)FJtwBAESA^*!q_Ng
z;BRD4OwEdg)66kS4vkTrxRMT$I^uV~Y`#DW
zOwUOBnIovaL?~>}t~(NZbYQ?aVYl`tiz?_=+oiAl(bfwo0*K-AW7SR$H;(gQtUH+#
z(@j+B$uvJZEu=!0%sX`eiP9{M)UPs}4J#5`xvfiBwGy$01_NX%2D^P{YE<9z=rN2C
zV_}8REEk0+&x|CU#%`$bxrZKAdPP#e1h1M0sva`D&&m;!8&NCtYH_5$A5nC-425`q
zJ2YG6;B6LT|AEhGjR-Ce&Z95YW;L__B0ke@6>D(LHjn5K!{Uewn?_idtd4U9^|~+k
z-^`MkDt|?n1TDWOc(qT>-j5pJqN@5A_9faIP2zMBfSC!N2y_9LrJqK!_eonxaNl*roE=KGb;x^T8l>{!#$vWdCTsq0NP#*4=68g`Pk4y
z2_}?&wbN=Xe(2f-mB`R%O=vDuUd|6k74pL<^;aWJ41|Xcl6XfP$j=$~#oJ-NFN%Na
zt!i9+8NiU(G_pPh*Rr!HtIE(Cc~Q(|G%pY=fPawkyg*vAwxjkP70eBGOmZCnlY4mZ@>L3_3w%vClg0
z`S;bgzf|9?=D$Zq-@MzY&=MG(?NZgW?BQMl>7ui8zR!PR$usjOCacBlod
zmzsEV4?O%(KD5(lRy}$Y)+P+YNO`~a@B9u{?O;`siuk|&Oilz%y!-=kioJ>HH0hQA
zrJ!v$AiTeE#fK4)5EknV$r4tE!xo~F$xMyF&<1_Dp_o=Akfe(vx@h6(SE{ZG<}&DC
zWVrN=t6ieY4b5Z&{_E>n=#R2vR2}p`xHo+tgJ982_gVG#c8rIyQMjTZoW45VZ=GZ?
zB#Vy`wYhPq$3s+7?VCw|>e5BZ!`CRb-b0@JQi0H6s@xHln3L6O9pAkh^309;r$l+(ye1BX;z0bAD{)cq-t5X9o<1aBKzQJ4{P
zf;EdQ;(H+(5Y>HoFr)fpHwZ_d#u1Y%h#tdw3|!xr_h&*Lek!CMIHNlmh0UGNA+kcr
zHH@Go83A=&eX>?t-`L!;w90ga^~4I>;R^U3@gC&~2@P05D-AB;JCpee*MVV6R)Qk(
zp`Btx<1KFMkC?@iq0kb5Ck!k!u0T#k%+0R{N$gY7gMG|k;?=lf3WlD+7h2%GZ2Z*h
z92_0K=sa&7G%5V2X^5Bn)JA)mqb6c>dEmi(*!{O|uS};UW~V({9@n<)$F|h4Q<_y%
zU95T!hSeEc&?C@jR|iar!yp~pVfa|A8Ubq-|@Mp6{dh4Z2OoUPqsW#Q`-
z179RnTqvHO`!Y3gMsUb|&ASxWy!ThB$J@30c$GS793Hfu-Sfi~1C4!~;;gzZ^B@00
zr3Ne!XxS&KP_JyLs)OOScGT0Bp6zJW?A#TziLPob-9B2dle$yq%KxfxJy`Mn_tBGI
zZS9M*iti4qVM|Eg?5y
zbYbRz&8Ay-dw)jymU5$py-`FsC&ksx-O%pWZfN&6+0akcx9)92zdkuY-qFT(1x}aW)9ex4IQ`cF&o=Eep
zW)Ig-0GoS|3saE@9f|>L5JD5MNgoy9(8JfXH$Zzy`j3PE{r6NSd-CXB=+i;#@bsRE
z5`v7SM3_;R`Ty}WM-JBcRXSw>5EE?JdxtgOAzw-^zjt`3zi#Vj7zWVDDSDWEavmexi0U8|aOP^o$K`$h9#Vmevx5r(F
z9GXh}{AA~SNk4&&lizXzok{n)|IrwG<0RD-ZiUHAETGUNHu$x!aZ-0Cp-IH7=p;f(
z$e~HZ&rf#VQj^#@IzGLJdrFF#l+Fl@iJ-PqP3xnuxMeZa$Q)C;oM`&4Pd-LwTNa9&
za;~Gw$jO(9pJIxB$i%N#5DCui0ku>x0IJ`q+z@&W&QZ?`6DJTT8UMO%3EJ&A*
zfZ;ePl=CadwzKzu0`z9(mHf_TdSnKQ4=zwg1FGPw^I!kE_q-#uuu-||skA;ON1Y75
zkd;N~y=db4v%$0;(w+W5PYz+=);nw_6L>&mAZ*c^sjPlLQ`TjH@9ove!r5vfsSRiZ
z%C8n9lZkm`?3&5MFtDZEH`tgi@6F5Dm31{}4!Sy!9gak#w-K||%eT(BM^Z!!cbCs)qD
zhQh$mTTMy5STXc^?tqL|U4q1gOGHK8TW2^PxD}-MgFcXOD(s`5yd^Ab8DcPiH0Zmz
zy~w&Y0(CC(%F-6n%CtGi$|ceushnb&A%8|}Yt1|XW
zQW;CEm+IIO>(z5FW>?EC*Q14Q0m4A%t`--z7K@YStQ8eVvs6@2uN3`?UntI+vrY^t
zx=b>CiB*z)TF%SBC7Wt2wNQ^Ar*JY50ldh^0I9czy$n#|d_MzNB&DYTEUFhx{*GTZ
zm6=Qr6}afi>6|6jPIvD9&-KJhO~7+;CsHi^x)sYk7D(tOXOA;(E||DPIaI5fGzXA8
zMIgsyKEd%#=AlFeJ}7e%{VDpnKvR0^EF11WrCR>J@oaCu`TWJp*8l!^@apjB
z`2SAYr>}o{bN2J!JDtw=@1e2N*5UIbQpc=M`=d(_k`7wWI6*qzkV(kh(6D2U@o1;(x@74(P@=9hfd2PY3Q^p
zs_C@+9Z#oKW-^^t;0zK%Bl83D1^k;nrb;?6F5amz5XR-i8%+}^LTGZ)xh6lA^e%>Y
zsp(Q9I1}hrDaF!l&GFx}0Q!7pNY$|UA(c9hC6Z-QaYeFhz!=Gd1l~yHCa<1`7TzX$sR~8ovqId1M90!!;RXLRHxz6hhgklnBpj0;v@_ogmcfq#mC^>Q*hZskjt}#K^|MF
z55bL%a1hBk;1UkO;0&~?{+k?vUvUO*Y^DiN{2y}$nyVUf2-?}poq`)%wLee6f1gwE
z-{%ngnlrHd5+w!)t@bI!Xj799e&g|anlmvT{M=I!i(4lmCd@ev
zAv?`U2*va%2;cE1AZ8?=eh4D=wuf6B3@7BhOH1v$$dW}CImKM%7%*kP8ZktE-o
za}}|%-eUTVVh
zew(h)bS|8ixoqM--&$KDP76hpn!rIq9@)wtMd25*`mi9(wv_)+$j$u{bdhPn^viiZ
zXE+s=3g7@UmzF|=)-8rYD2Q^ue;cw9?p6ZXSV$lwoPq-MHQX*>40F5hHSXem)qC;R
zyreC|&SIlXIK)D(mDS!e^UFn+^2V8rVE^xkJ!gbodIByJ37+IFMHx;$hh3vSZ~Py}
z0@s|fM#i&Tes8by0#$A)oD*LR3nSvfad7SW=YyqOp#80Z$
zGcP`;@@sn$~Ex4pxkvl>S?Xs+jDZRdLB*ov2xK@XX#NLm%0N;?z
z!ZHX3@-ID3spoZBBMydHAok8=m(h9vnXJeh9PKp@Ix2L1IAOh>&A|G!Up7vf`>ZRU
z%_uj6nRKTRLo~D^KS6!3XP%fBGYtyJ;+cs1p^tt>32Eqcj*kXcaIU93r{gRE3z5sM=N%-upTv#
zUNvp(HapFBu-pYD!C{2QL33O*9V<_UN8{UvJrI(1TpqXfc$@+aM%V@#u%Ppz&BJU$JC=KTdgBoO(h?}4rI{HX)mrtFHfg51~FENK~lF-ooQ4V`EDXY>`-;!_0hFI
z#sK<2J{5o?AG$+y-#m0i&J{*y&P0y&t*tF(fYP7zc{RemV*-}Kmbnr&QJHAo1Q20n
zm`y6t)|XI1z&ytSqHyGZ2X-Nm{-{O59`Zt!%!Lw_
z{K`r5pz~Anq}@6?EWU@|jb|%Nu%{x+B%taOAD#IANg4lK{dgVCWe<-;J^Po6tKd;urPaDQjv8W958{3r)v2rnECm!904=FON==FQR
zeGr5|0A}1IixotLgtNq*s__eZWp=^~0|&UJ&ph%qx(oPiH_u$%Q&Lblg$9u>v4H}*wsqudxz%1<6g@YC}rTa~rSmNiC02nh(A
zg4?-(jVaRbJUzI`z7XYW@pZ%`{W3h@Tl0;BAw|fv*qx&I@Z|Mjhe8G6_8UPm%tDug
zo%C_SRXETOUarm#zO07~e$k3z8+OJ#o6btV7z6*D;G2BMWQ@ml`D+>Sw4DK=h
zdg73`DqAq*6QD^
z&7;-Nvr+%HRVXEj5H-d4f*jDuf<`_TuoQG?>P)WOX(elTDTywJ76wZR
zZ!xRAnpl91l9|;4510I?SZi&F{Bfm6#yXp?0elE5PbT=8{I1ARlzXv4clnSQVoi+s
zv%H3dP~6yhNe>e@t{Ay4S;UPo9F%i8btl$yQ3}cHqs@>~UJ9roIjp6Sg-4D4Dac=u
zIjk@8@Y4z=3uLN~Hn&sARBZ|Ba)Q%GTN~d@lL?*R&`i+OqOkrqS6vD?YOp9fMO=jgL-+jZ#E~0n*&;}RbD&~>H(%;Dc8P8c^c`}@ElB6lM33@tU
zlWZhgwgoe}B{XTZG=L5c%79EKza_Q9GE$_56y1rRW85CgJb|QI6vTc^LTayL+1$IK
zFG9?qlA?Th2_BBo8>Eab<%xldl59_2H0e?aspWw*lb)+j-1o1su!`lV)YBAvinK^c
zX{gteIF;h`Ei8CH55{c0p$Exx-_dokv~TIUg4R0LDKYQqp#pRKbOdl0Xf6OHVbxY;
zSzSg6GBTHV*GZ|s@OUj0TPOw81?!;8Tg#wR=dOY(m39$Sd0YeNoBkcM0#N)q
z06|^mM2u;(JNzASNs72F)ChguZcr9Ped%y+Vp2GaTh-3-XgT#XMOlwagT$ar6=4u<
zQ9DiQ*)B#sy){)h&vf3K9&d+Zn9l{sh&Rt22p>imMl#|QB*5^r@mv<1=
zns!c^&sn^UsUKaj(}0Z7u}ae^kHGk6Vy`cc*kn#b966PKfmlq{mrC&`lUt($Vbvl)Nl+-F~`Xl40vvzJmphS}av1&vh%nO)kY9vRfNgC_MC$%I6=NNDc
zy#G->iwuRG0mhV=>l=`f&m=$TTm?q!Euva;2$tH(S{3v+ASLz)KC(~B#D+uULsd48
zZ-jYYWaHO?zkhOJZC7)~5_YLX{j{6V*nev4$pCywGKP!(Rk`a;NW_3Ho&|b1oy*@ZYYz!%2NRD%bF14Q2VTv!F;Fi|l3>ikqLH2hw{K
zH)H-vMMu8oonDL!g=;ShiYxA4_)$zmf&ym-KonS5q3s^?f?!(i}n?Ya5{`
z1@i$eKo2o%~2aY!AXA)+}+&K<67+REIsElRE1u*0O$bM1}YOW?Tf#HD)^xMuN7e7U4o3A~zM1A~5d%4$Nyc&f3l6n9}W54;=p
z-V*S%tnP+9?SG0>8e_;|1rF%rDYXCM@U_^}R{A{cK0lBnl3`^I`NC5RH{3o(SE0Q@
z-K6*|H_n|;EGJe;z!4
z9z6dk2haBJhbi&76uAS#y`uOly*J?Y1wy?-5TOBp$jyWcaB2nhm8X3;48E(&PU<8i+}1pzL6{N*V11(O
zwBJ}vpwnnh>6JsQ;3(*k0}y8s$zNapy&gKUnV7w!ZH#o1P-~G}v=3m<6n^{1l1053
zd4w~3VNU3deE&xzJX
zi_fF=?U2^=e1H;-%vagu*)zJIv4@YZfHW#b?nwT~qtwfOF!oSrRc%it53l+C`Re%$
zB%^8OG8~RG8QA=JoI8ngXE5dT*>fi${AMWjc;l;3Ecy9Bi?yw%1D!he*+7*_`(&Uo
zO+5u@Bu#iKFp(JPKspS@lIBx^wiZlFhVX>|Nl;tSAQPHtez*)kN!HrtleHiNgve9F
z#RQEn%hE*@TttCo?4r*)E`2HN0;wOaW2-^8dnx?8ZEUP11&5mhc9EV8)$GWcwz7iN$jnPrA
z#~S6+@oY-*U%RgFi)ZcqvOm2;UxOU99*R<^(nNYj)g=L11SJiUt%r}$r5ad-Zaj7y
z&p2&9f>D{&m_?-nl%k)BxWu{1&!7@o493WeB~Yck-#I;geQJ}SCiP3`8)g~qq!VDR
z`@KT4lEcYf8w$9iDF)x2_=cNPsb$jxFlp9194s^);JLcD(D`z|7qSOXiE}h;p-2ac
zq*1DsMfDoX-|=QBDl>VF6}adk>zw7z8kogSYu{Sud$uu+=Ws4jnn~6iLuXVTJ6CCJ
zLN+$GLr(w^81v0Qpd1z}tD5Gzhw|nuzbx6|l4-EOt|1lh&BO>kg!82VGv9FxBMGw*
zYC2~tSO4mdKUZ)MOn?G@uE1VyeXg+d_;ZDOFhx1k0}<$8OYom7L9*qR|5f7<{l?@>
z##pA+bL3tNIB(^gkA;M4B+@r;)~E-sj4Jw*x*9HX`wT~V9u=~9b+w9v
zth`;Ty;}_>QZ?BO8?j(xhGhxCG9yu~Ryl5zu&yq*d0CZoT5eU%K>JN;!Us8hN?ipM
zDMqFS(FVO$VE*5W(Wz4irOK=oGvOkLX(f$dvS3jT(kjW=$R*fQhVnowM=38+B6oI;TG(1M0wf)Qq~fk0Pa#!i3KA)cE<+<_mC*K;sq^ThDxz$&W!5`>HxjG$=zu;V-=g;#9
zU@UU1DsY~MA~~@pYGPe%i5hHAI9e{CZY}Fy_b;c}EU%QA!s9Vh$Q32&WaU@+v6%4d
zJm1%6-)hC1^shdz!m0C*qBdb%1+KOHP-I0{=32vZ~%C18J
zJ=_^3!4BS8MuSy{L)jTbg&Vhmd+KOE#<^H>Uqiniqc{U_02`@cUtJV|FH3@
zsl!X^`z>FZe_cqs_X{UQ4LC3RfdjVI!X9+kW>SvK}y!lZSK8+`+Epwh<|570OXo!2x^9(cWma_0SG3@(3(sBkz8@OQ5IN6t+
z?gP_jl^jFFtGY2sk>gGdAj?u5l8A~teNt?4DNHUrG^qxS%WEEIIZ`{Cc$b#~8DKuH
zWeXVbGMgEG6#AD4w>*!@qtjQ(S(K-PMO{gG;I0S-So0X7r~^FdF8^J2Sf8xHf=U;z
zf6uAWu#*Cm8{KM4q+fU8-2YGFauHJ=@TSJs3-y99odDLyf$
zs0S7}AToNO&L2)NJVBjT-qw&~dRRICTeY%Qg^g$Tk(ld69hA^%3RNTMv>Ur;Gd`SW
z$r68g`%C2=3KY#fKW{yN12dUjxglPw3HVC6R6HGV5LE?rnMf{?KRE2P=XXyQ|o7Bx4gnz<+J{G%Y>lC!;FvO`mc6RKzrWs$UQO%bN<_0a2yM_XGWM3S<<$#Wt6
zR~&j%a^Ny0y9h%+d&Qr1uZ2T8qyDrged^*{0?=sf^3ECE-8gs2eqRDl3Lcr5NDuC+
z8FFDd^3yp;+}M6xOY+mO5c&co1SnZ%B^|eS?v0+m@x%0o{9j(r&g@zyqyhny&K8M!WN4^XDaNoiy96zc=xYvt&i`
znA&{acztl%**iKoI%zKn;0-sOzSg0fp61zU=lScyy|$?<`yf&Ehqf0YFxmVB+GL!5
z;of;
zB<((;!qy(5lzDrI3nZ(3=rVGa)Uxg!0c%z-R98nHS&yw&3vt^^R<*a64TFlz2?lNw
zw)4EIdwA42ZtU;34qv3z4SclmB!OHeLtU_>Bd;vAy6kl|(&sMj$m_^*X;(O?p_e&G
zN?K>LgiZL8R^4bOs_$cFrdRoinc~HYfPVk#ra$Ul#}I^e>&2Va;oeIz@UHsZ#i*mp
zUpu4Tz@4PQn5`sj(g?5xh@!_~D=@3n`3lUkRB8ogSw2u;mI;Xp%sM|Ea_9!4s1al>
zsdudAb1_PgyBHQIk@f4qyTNj%;qu765fqQQKj=^Ui{b>}dLn=_)h0bd_H%*`V+|;z
zBBcD`q`{s?TM5{+d~1vRYXx&+yVwfS=X=>gFEz>P5^;{UbdA8*mQG4^w`G(_hiXPM
z_VIIu;?H({&B8vjw8pq@5D5s9=TZPH*1=+F34pGkS50>}Y5N-m%ymjyMqNDSoH6p2J7|JcU3}66Qx`=K
zW458zu>UW2F=_;L(xS%tb^>aIK>g8C15+>|2{VHHG>D-}$KXYfwH#W!Y@FjZ`gMq(0%SY_r&e5?jyOcku`CG8cCj!rwx!=G9wfv{%|^|&2&%U1)6
z%^D>iLkI3GaQ=87`tA}GWB}z*NlBTnp-ckWNrPJ3NwUHumQAq{x+)m3p$4WxC*rOoEu~IT;Sx&0`@>L2y#(MruDn(c2vQPR!
zm#LSwmL#QH0D6(k&a7a|?aZ9{vO6f*ktI{h?~FQu49`eRl;fFYlCQ@W{1_3QmA#}G
zukjrIb9~Y|JbgZoTIh+SJy*W&qmyAxGcGR`(XjHvl;Z(&zG|Pz5RbB$;5v9(%rGE^
z?}uL}4EzrCO4D%tAu$fBS_QO&n@x+k8%dbEL^F%9*qlNei_M(*SWG25R5CRd8+8IK
zHWCxD*eo-La#;<;ps|&`BpUCX9332VUIH4Ye6_sk_uOvGsfX!hbok|Tr^`6Ouqamu
zNLu9DN)jF{1ik>Jc(4{Oanf8Qq9SRrhYD-7plxZRW9}(k7^%C8-qMpil;M@g%6z~g8I#N85
z;PZ;CPOwx>(VJlu99B3spE=|cI7@{^Y
zTNPWfO?(`<>UNdIaXO^%UG4T_qH8Y3gUz)>jyw_QBD$o8WRoV9I-fepQmF})>XRlz
zGQmU#bLGh%)GDccb!Hm-jpqlA7ib%%CBjfi!XK>ik&;E$kg}$Xt
zLmAGY0UW{nd}!qaPPRFH1jBH9WsY?&)5aco$1Xb)RQIDK|Jvz!H}acg#wMh^HCSoe
zqG#8hZjm=9S(NiU3Fyo+*(>Mf+Qzo>$|?78oMTRzrG0Y-imSn%LA6s4LlwgsS;P)0
zjP8x}8<`1VL~`F1KB)S2VXPB0H5bnQ*=hR}ZaFXZo6lQ^O~gdfWo7l&u;1mRndM-W
z2}C>~df~`ZVJZ-!0e!Xm`5mczdsLXqTpx_`-)rC(YB>
zCx=#fl_;vKLMn)nukdK~*N4C|?OT;ODZZ+0xfmgc2{ftGai*{dE@o4=(~+hVa1taF
zr|l;(#3>mHQ>iqx_)#r|-(owJpv9;5G4(PtcZm;LKQ>n`httwWXHvAsu(HAyNGp8X
zFR4<+qV&gs&t9Keri>cUec3az#iZUT^;~GZtwxK*TryXYH{sB>-6Hk}
zINN+^3NZc$PQquNgrZ`Tg1r=S9FNnSH|Ip&+2D{sKS7z*uK{6o*aF91hvprgwY4YT
z;_wVDxjI2DZ_?Lr-3>@n_JOp-fxnr+vWr)>vRXY4w%~cST1W(AoR)mqxg-NpIhn>$
zX4R5TsVCu>28nkZ4k89DiM`gr2+_A`^4c>fYuPzz?ut{9w2MuJbINs6E?8YDJWr+mebhNmq|NY
zT>96dqqatP)z~{ZYDcDuhRAM0I6hO~_2<|cUAa@F+1_Q(xl3~lJXsH2Ff0Je1QjzY
zev`mr(D_Gypul40`2UN7i-m^$Ulw4@9DPENF{?;8&{%l(z9!h%=KA{D?-y*$9Kr7u
zaLnq%uM9e7!dfQqSUMi!Mf3Eu^$L>r8`|V{ZfvkQ-Vn{6;t^RMT=*#-zBbo4!$BnD
zA<+U5?p$;}Ium(8hn#{vOY)9hxck0ReOUg!(;0WZFT782Y#`u#(7>-hG?YWzgVr--
zhw)D?%RgvHLddim!wYHzfTO_5O)0zv?<(!1j;0_)kNN0R=Q}K
zL#_~N!2thlh*ieeTar#J3~o5zrn)>BijnK$Wrp3e8lEE3NHW%+gx+uG156p(5CP!K
z4(}tfVJdR-WIIhH!Hf|zaN6s8$VwV%I9N)u_ixXep+M&rhA;stf$S*@C0BBA&zcR;
z_t*DV=c8On_)z7xxa1z+Slj+)dpxv0D8c#7cXhZ;sZJ5cV?>q70x=rmtWT=%P|`B9pKHjXlU^)zF5
z|5%eu4#>L{Qn@wh-m6Q%Fcr9leEW+T*Hhnor>24!dD_e}xng1E~&
zOHuArQoUe(sGCHPCGXm59~`}Do~(3>Vx`~|#9!+IztN)|{DEJEe-(m4{Y~|+0c37n;3D|PHB~L*oFNgST*v!q%rSzzh!oSNY_`$xl
z!5oNH7}l6$xi57i+uZyWsv8R>8}U>AJBU~kI+82{o-b3e!4(v|Wkf4PX{Hlg&N@j^
z-fMhAB-b15*C;emD6}|gViJ?Q?uR5LB0@%Fr*>tOutjnl(vx{0PH#LRBR%;jiS)+!
zXfY8kdiAN$>kG+{F%3nM<-skgyR`R?#F;zl-&QP&Y4r$ZSy8fihHywVRI93~G^EE0
zlN}2rUgixsg-$^g{`U}fV^5b6cW*vk|1T1E%e9P3x^>2q
zg_3G2kdEfurl2@mkzj-&5b^Zp_TP@$+%83Hw${@K=l-NM@w8@ZWAjg1^M|H2x4-I5
z49UdAy_yZ23F`TwA{;8pF{6}5a=#Ucc{m4L%J(pU;NITDTUaXcu)TR7mn!NqCfOQE
z8A|U=#p)P?wLu;|i@8^L8Cn^aL@rknYekuN$9b?-x;l^lA4@q_+!ak{OHj)
zelnwB)N^uLzQNW__wc#(csY42^?w|*t{Jvj!P~OD*RJ4lssGV}>Gk%f?pS7j#o9gj
z*3X^h+Ks=_;%ReN>%`Aw)R}(;$DvM4v(npZ%Sm>5w3E1{p1anx&`B%3rpkfgc!b93Qn?XPx%Z>yy1^G0S1Hc3@h86~TAwW6$s3
zQhijZ^7(2I5XT?b_Cx9r^g6KJjYn*#7WToENU!KImt;8IF}9h4a6PJpO>H7T;-x{H
zS?Cm~{J)1hi2J;hQ0US6S{emNixcFJ)(!}`%`?f907x>Ou(Q~6Zx(9oo|0}
z%KvJV|Grj!(s@_yRIduaiy#clzN;n^xoR?nt1d&{pqJ`(Uh&Qv<0Zl`mj5KvmWzM6
z6OZWvG@8O+`{tvqu$VavBc8Hg7SI(g{O>_nu*=JlmF@o~Su-tVRMISymn4*r{**KS
z(Fmn2XQr*akkrhzzA!F*H{JxT_0c5KycwpUKTksbV^cs)DR+iC9fZ{3ir+{A{dg@6
z(MT3SV-c1Gw0~}Q(1@nyKpjHmtCA=mm4rL(R%Eo`ser|WLkx>a4~La3SF0D$*ND&#
zM+(^h1t9O!-d?%e{UXX;kymc{v~QBgVj(IOvhtiTYkTqfqEV3fgZ%{9Oar-vkos|5
z5?Vy6P8U8gd(LAUk|_2;i=G%4le@>8k3#I04I!l`k)zl{Lu@m3o3o~ZHu>%nva
zZ0)c=hC{sz)a4(5?`*lxYzI<3q+D1Nu@pw|cKzKhPlZYmx4YzrL0VAMDz$iE#KUmS
zRrRMk-sSXFe6Ry3hs{0F{^?|sYy^@!=1(WHF7Qq0lTv)5*MO3^+x@Z&ISyCt&%ZWDxF3%&UCB*Q-z8oSfWC(%pyEGqaZ>~LLB`?ckXEIgW++nEFi?%9?GpMIs
ztX{!Ta%?4%gE{QtYsp`(P^tY&{7qbyufz_$iorNv9=|>lk6?J#RJy)fL7)#G(kftm
zazwYfS`@r4U7Z$MwxWRSPv|=l_5L<0>mN7cmr2OZPIuL(gy5srEA&&kzAM6y9lNO_
zYQ;jW)#<~BtRnkGHt7vroO$&2@PP(`sK;K<;gU1BlLijju`jaH+%>Cbgfws8Ax5lk
zl|=2)7wROnj(Mw>9-_-%Zr`rG!<>f?AtC6+43!=MafIEPIR~O#2EKnvYl_`;F1(LC
z=R&BRWwh5HPbb(A{uNR!7@HmIM&~1}@SQvK;zS2v?n9-UD+!_x>lKuW)V9{P%WLaf
zVx?UaM`IUlMa6JN@vZ^oh8}PneR2&p0Ma&79hDo&m!=K>*fqQCjNfj&L$<*zxO%ZG
zF3Lar14gi=yZ-v%^rUrG-dGnuZ2*B-IdMOVCq?lwgfjb6?iH9zGA5L-FK3NaTO=Z>8$1In>
z7r}%9&oILHa3e^PJ7A|m{L$&?&s{hnQl8UK)}JhWPJf}!LMPDGCnhYn3x17<#%zXn67{jbfU;IR_q$8}(3X2f%sNUh{wPKTB@Y$M=0$
zB~0eGysk$Zk3YaNiI?>V1noB|`RGxy*X}ibr9t8+VK>|%5GfHC%X;udmF@#+4d0^+
zOmJg5P)F2U;tsjBwwA^~U5T2&RP2?lg}*B9<1p
z3a;*7dy^?#N8Y%w=iE!EN;d_L!s~E0K3Lp1cNMBpWu#c~`~QNKUJ0lzG*yHZmg%xj
zMf5103C0DD=d=^LRDg6kR4wvkk>=fqbnwhvlmTSeSNO_^t)55XufaOP&xa2s1iK>Y
z;I7=_(Kce$KI+&Vu1^gOp>JhK5U!fJ<$Do*6VJilU$W{yv^H{aZuv$%!kd3d%|9ev
z^sj_F@@7}pyx-w&cF~{uvLczPO1!ObTGg6K=q_W=-*{5t>Z*{2J8?OlP5l)vUlNz3
zK%BYk4&Z*e!oQ#tS#jeH9cwH&Ahy=F?)SMSz4dk+ZFx_}L9n^r|MnK%i6kz`$~&VX
zWCY!ubJAFV^(nK6u{-_w7=Cv4UgC#{110${&H?_Qo~z|-X>-gOXGV)r)$*V8k1wx7
zAVQsoe|6f)b3h#Ave~)E=x8>)aLFex?hL#Er9Du$)*go?sENSRz7t*dFQ*++mAsFG
zb;)zpXuZC%zSNnT&h6K4cCu+&ttqaJvCO&dW^KZ4(rW8uh|=mtcO5TCl$HjeSU)^Zxsh39I=8Ix&w-81=uBP8h}zafE`7mVX~YG4GiJi9*>M
z4eoT5ilNt=;Zry25Tx1h+ne@|UjQ-X*2lsf1ci|9<7#UoP{oPFl#3?@p@5OFt0}x2
z_U!EjsYr<0`bG(@_e+xFbY@r)+y006tL{<*nv(uuy&DM&$
zC=zcKhGOasdaUq(D1e$mzPOlpAKVd#Atg@Sptr_qkkKlunXAM#ikl28l+D2Qfhh{I
zIHWSHTQqB(vS2l}Q20xVMGbr*eNEIrdrfi1(yXa0x8#~~tt`L|`X%)SPa227Fq=(C
z*d}OcF>M>j^Dm>K%2-mUWbOR=Z1iE|-HeuzEp4oArE)26NRl!r(g`6IBP~UYBxj=E
z1&LA+v*`HVsBQhOvKMr;I_!>DQ&mXw%SQ@>Ba0)f8awIeSegx{VRuh
z%HJQ|E`CfWz1f&Q;Q!Igy$c;1UrjKPjNjq!$4ic63t#?7hO@Z>7
z8{2VyQK|AWQP@bE`V*E-qDrh0(BUdh?lgrxgK_)k`i>v3oD+X
zKs>&Ur5=nXjZdjqsdvby6wy=UIo{URALA8@m41+cs8hO5>Roi4$;7!c(s|4)e}U2^
z)MY2t_Y%-9@fTIPByu08wY4>RhwU-~tWf#f6!q{6^@7Tw(<8`R+CkaY=H|DPmszX+
zEtLmVlXD_s#PQCuS{&D`vz9dHd)D6X?7e87HV*?+zWM$g`@Z9M`~5WAbvta^uj(!%
zJC=36k)rI@W-7igCWeQ#CzS^`+4&Wq-^-b>LqF~}qQ&BUV9xfp+zeK`$vYx$Lzq?L
zc7>h4t)cUOmx^N
z+VuO7peJGf@&67aXgih9o^MEkwu5kbf0Cd-Nzm_2f_QqYyO*30$^LY%!-PrNN3&NR
zvWw2FmiH|#c@=f}6#!)1db1HK7w$sQqLndp?k-%)AZuphHQXqLJ&*9?Z#gyWHws)?+PUwfghD_r++zcu9mxFY;UdK
z^Bu!n>~C@dOcixtYkNE0ReZr6@Y^oVqx-&{n~M`tCHd`E$ZQnpO1ewuY4hY&>&VdC
zi&%qaGO@|_EzqJWwEZ*68RDE*78C)aNkkgr@nj?XkfLiZBb(K=zR{D(_LFo%k;Tpp
zUmv#Gr~8&sfx14&IyU5$ZCe$LeWh(CPk$EnwoSKJYf@6U#=P%1|haf4m8OM{|MwxRR68U;k@g0NnNhO?M5
zJ=)xg6K&52yNs5R1l3WMe?8?&ts5y|&qdaSRC9JnFNmgm#+t7IieCf9hZl_(gp~(H
z4L9`?x6Mae%iT7$MOBsD4yd)bc6_NN#1o0f$k3UVxKnH7U`+>(hpv%QPajWGxQMFC
z!GbC<Xfe^=zTe0I>D5%{Y^`sjt~##+
zbJSK9m7loupUSFOt>8zZ1FqN>;{DIX77Z&(FJvg2r#}I5bxxW;HBZ{jebX95J%@(L
za7bg1UwL4&je3Jr@fWuqJuyAjEdZC2>|*r}*Znr)v`0^t3)Z&qjZ89coS>}6)Gv!y
z>~y;0!OX}1DTA`yUQUo6=E|y^z!hNKN-C|mLhfhy&#vSaL*FQ
zvw7?BMmY9+1jrIjyaI)VZ>3T5cr#UWoW+mR!GOi>k_f-~+qjFjC-ht1TtY1`cXP2T
z$K71QC6>Lp!0zb4F0misllBGsEpSNTfR34exn*FoMptS4@jTu(bz$a!O6!dWs&I|_
zvR4j))iNxZNdY)mPF>dmYku>GTyM-Sg>pHOJ8U-hJIANZSDlwRd|e|5x~2^(#|rSo
z;*EG&5mXM>Fw~eR@9XSrS_|vPkC(heBne^`309Vro>(#xS8`4S{>PEc$56PiC|Ik9|y;nPF#$0`9pj*S2qPy;yY!7>CZ-FNT3t!X)T5pL59~%iozkM47Tmw
z3%J)bvl%6Xn%>c{VfbX{`Mh=Zs<{K#Q$QAZL+i6~#^1=JobrALGx2UhaBm2%0-G6m!Eo^UXEeZbKvz?p$R?^*
zI@QEMEqCfXS-y!t3k$BKQ+8AYgy
z@+~V9PvIgx4zjb-dl!k+lUy!GJ850>;tG6cdM3%FjHLp2wfC}d_@b$f$c!0WH~^3I
zhue49(+lkGI#
z>%Nu!pB(ysk@;UR;{P)1KRNIO<3E)fw*51v>#I!vo;je&UY38V`Cn=H
zC&4VEdb2ZM!6ljWUUa?j-D1MKy|xzCcjKDNkX@?rO^ELHS}kQn%Wpz-Y2g1wBv+01
zzl`A0uoK8F=Y@%_o~W-OwcBe!RFZE`YN_kL7op|GeH5Xn=`O=l=_3n%0E+0i9X#Fd^@@%iA(?_$YOGbvQBML;G
znb6}_E>_v}29-^7yQV?&CWa@=@P@?NB}y(SAO4s`u6(!z<~^*fsY11_P}UabJgi|z
zG<3f#{Q~*ZNq0D2;aa&+kIcRm)46QkUc2W2#LK!3GS>MU`V2B!o#!wp**Q=EKtA*%Q6i8a{(i{}Dg8=T+y>vPvWw!n`WU98ltOaY}GdPelA0HhY
zSW;%}jwzBhrK&+5F$`e}D5G@_2A4fCyu0ivNhoj?z>Q@nsdCwq(Lea7`;qiw>H<5`
zI>d5N9DXC5mA_CSpkheKG$mWX5~PW;yHICjyS7>TU1^lH%-@hoS?$iDQ;9CYjrwtK
zXLi1Flal)F?9I{1kFCQOgnv=RKeCO1cHjmvQQ}oi%cT5O+IM{7pI@YfN7)qxzgoT$
z)oMZi$it8KQ1R?6R8=OVs61bWsO~Kno;MKbLTqf;w!_}?qfpX%bOELm>U8caYE>%o
z^C*??!t^f7ZE`|$Kq~qU_G+oC$^APfk4|&F_RYMgn60iQ2VV;_17T6_)x|>SM4tq@mxbljCmdf
zdk<01Z*NuD^Nc;aFO1o>-bqMU)M1H$d?@k!_0^($Gr`xWX%D6ihIWCa>ijc{4klm^zr1(s57gkC(i>g_@~KUJ)rp#-(;?(>#*}ui#P;}NR|L|b`}Rlg>L#yiC_xE+^8*iX#HM@xN*X*u&u3yTQjfvMsxI
z#ooh*7?Kxes_Xi`m%?Cpdt=kQk}ra%Sk*vc!M7E~f-ZiTrlXE4{dzw3&x_cvyod?G
zgTyGSL1&t|w3Ks64_kqs+uz8)4fN;_=VB{HRpgs^tC1^Pg&D8noj8WDDKi^mQ`YsC
z&i=W(e&z0B*A9AKBXgY#-Lqt>R3WlGaG^-6Kf3gO59eFk8&AUies!CFT<2Tcn`>$K
zx^L%v3p%v*M;3A-ojJHq21(u}VQm_;kGyGG0G2V}^)BxX<6~l_FR80x
z_ULPLH8vlm*-t5~>q-4V+0e7rW^BCZ`AQ#_49X}B45BGmeBciHmodUGv&MLwP$RCi
zRg!uyquPDSW}deWnqu{GOkUZ>?r0@vELg52ayJxa1AUf2A=3Upt&@zVCDX~w-DO?D
zl@&}au9RTTB=LP2}XE!k-CuWr|^W;K*v`|
zjy2|M=L(uGljEyQ>@c~`!gFHmcKd(|N}qnjmW-I?PWxk^Zi^3(t&Q--YB5xf_n_=B
zm3~i7UuJVgz+*V{M)<7+Xm{U<`Mtf=I3wnENSY>_%cmQHe#PB0dQ>txqOpAh7x
z&z)j$`R^@Iy?huR)*1r!f^-l@ouU4d5lB>7Z@N4+`
zttXFvGrqn%aC~2!HruB_KgW~)M`!BputGH~H1fLR*~OsWg)}U*qI^T3Prl6mqaWd9Onei<)xd|nD^aSaZEPzK>Y6vhN=kQ
zjjPF?S~n!~&J{EU#qhCqLT0D1rP-DZiXxPu>x|f^ri0e16LEt^qzLE6!FcK(*|0)=
zWzE^^`_oDPVm9?~i}ZcxV&Ebm{U!|eGwFzltVmUN*gcbj9(d>u*PTtp3h)5qw0&2k4&lI&4F;&d3HaVfbq5yGfrFWud#GC==?U@q
z70AaTdvHEG(;c`jj=C-t@&T}O<#ONMKsKok9)IeLdd{Q=`@dHbeV#z_P>Q}bD%m+|
zS(naWaN%@6*f)*E$M$x_$woXR<>j9OAY6O?6tI7m3y`w^x5wMXxGN3b#523Qve;^D
z86cB^`;Zs~huA9{doH(cZWK$_={e*%g`{puv-c8{fxY|S)~`m+6hGkPZ{AKPPM7_?
zUiK#d=Ej@!aL@!!Re^iG@1bon+I(NYR?wu1b|x7UJCiG50Du`0z1eWc%C@ThF7guy
zxt?F2|0afo(yUrUpH5d!`6|Y0e=rk3P+`aU_vf*g7<2=204cuZx?Ng45C<-=2+<2q
z8OdV`odT-C)^lWpKj9yd`I4haCZ4!|i9jJ8(x}i*j$5adfvjV=Wnz+i=7c?uh@4j?
zc7cLr15ao2?FvfKeS<&i>{3_{`clX;Rkad^hvwv=)1wv_;j0D-zxwcpt^;b2#>lX^
z)vp-1s-Lk<$_Fd>e|r%UKxG%NtG!{ZewYZd*xVs`Jm?20m{4;!E9gSmZDKX4pj&@$
z?m~R21YW169xe-S*UC@cRp`I;pVfl+d=8)j+oZR@K)N`uysK8PAXDTUZ+;YoPrx3+
z*_E&D!iKSQcFo4gmz&tA)ZW$*_UDbt+jaVQyNS)NvR`Me7Yw-TP4ECBc1a%L0{ueM
zsGvoRik(7_jnjZ>kTifO(gPTYUa;56&u=>pxTp_{S`cM6D6-WEdX5-%KjXs`^K8Q{*9J8~!eu3uLlK@pkK@h<)W%>r_s=T}}d
z509SxZ@Z|ri<+2NkjbEe+B5?EIrkVCZhj5%A8y_|$$zvFKB&KnTA5ZFyVc#R6Hzv>~^G0(4kvFG47D#r{I@;vjXgwWq7iKVn_+i-8Jp}>c<}A_$
z{JA7|YI_bhiK)IsSDcklVR^COzyP!iBK!mpX+0Ww!QLyT@QbK(S`+(6+ncuN%&0Bz
zy7(_5Hsoujz8yO~AMTlZ&pUXLB)!?*j2zL+3wu^(MXFr{)rgv%!X3NQI@;x5*qO>v
zyK~UL*o^@Tr%U$2z2X1~vS#HNFJHNr?qJ}FH{N8>%TbI1oqy=w0KAb)iADqXr%BE;
z@U6@p^`gDU*Eoy04tj#(4L;$EB3LD=5XdbON-aK$6`!#XJpu~Sj^?tLQA5YxN{w*oyLRI{qto?>*$)BNZ5I^2t=?*oRKct8A>V+$Jib>P|lZeBmo%utTBv-*Zn@)p~OEd{`^9Wxew59U>Rc84pRd}b*7
zvkRaaFq<$aXLMH*mlJQu(tErz!!`SZdx!TZe}|x;;s{JV%oE1_nvx4YzeK+8QQ>Z}
z-vrrU3fB8c#MNmShGljp7hLuv?DgxQ^{mr={jA-@?IFtusk0uN`H*Oxm6QKu{QQD*
zkjt7)>-jLAo8|y`7?cmaa~Y+S)dwcQn(ws^U)1-T&tAXCMgtzNmiMs;#W^<1JA*-B
zV;+kOKCQImHp=RqrH|e~J(R1Eq{ab~l+CL5YSgSzPuJyE1^-v6YHlZ36ju4+ZBfyC
zA|A?leuaw{t0pij8Z_baxtGHYVJA1;O{mnY={?KhA0>{XoDB{GY2uCP#Kk*p$PRYWe6;-g~qBp~y8
zJiA>jW+J`u2L!e*~CXHt;LJ?$aciP
z030o$IVgNixta8*E(_RkROhn5ZTR@QjXA%ld?qMZFXUIaP*D}Cj=1@PH6NjMF`MEw
zQD;#bxPLf_2Hs71fY&b$Zw1pUGzsd5jwrnO9ePt4r}u_$iCywfZ#*CM{Ypxn9o6)3
z8*0uOQ0GgPKaWqEyptJ+4jZqUaod_<0QE*u>L8}HMfc$(K0Y~mq1x2#=Qx?cD@BVZ)frx3?u*pA~#AGmI%mslnipfb<0QwGq_vjE*`(W%GgMbb66)nrrgx?uDed*hM#6lXWR|&_=Q>qc
zUgA3(Z4WST#L&5`qGlNiX)vI?n4-p))PvJ1cyQT=YxlJ`yCQs{%9>ZiJ!bH>vWs5t_&Oy*^Q9gjXC7>1FD{VrUH7VMhI=U3r
zX`k##W(_J0oskIc_cqOo^pl95RXuO~3N|f`Il0`h?{^7_bB1C!aSNy=Ep-J{6h34M
z6CrgUK7
zmzZP$klT6H__2v*!0pHxV?gDZwn{^*=5ICIy1R1PZ9%!wr9iVpgxWO=Bn%Rdlq=k$oG)^o@Vs)6?@(kNpZGFOOaa8A(R4UK$R%(xGs85S{NNmn7e
zK;#w_$_`(ELfPisC!4W{lQ(~|t6!=qS0gmjW?>qoI-`4<`U6@HKj4QtI(b!@A3a28
zZOnle;FQ8F^xQTgwR!;MmxR;fb5Om&>z5hz4v-Cp47Q#enDM>Wf7$888H++e)Wo`|
zZ5cM1q~)fKG&q>AWOB%!0M2URcPIVvlt)eFeHmQ~4fK3u$2HdrAZQZEnVmP1PaPb6
z%=ZKZ1D4u^yws?ddE>ex3j{aFT%}G&ka!1bO_kBW%*Rk=*o;SSzuXQmXAeZ{lJpkg
z)J8K6-PJp9hAUPGY%o5!?zlwh$P`Xo3_gS}#&BtacBTLepgp@&@`IAmpBb_ptX|W<
zs_;ZIo5Hh1^H_rF-HGc^>@5UI9n(As>46Dn03~|J&HM}mP*fTP3}g
zw1~lwaq3_6KjK)e&IVqar23gp<)K_jK0yM}xWa0>eFP<^7DFD*WF+V@#zRBKZKOtS
z&o@pmt|m=jpDv96s9c7=lb%2@V-pu~)NC)S_JAvSMUp)LS^$QlI6+y?aBFacvOiHY
z7r&u^%t&C!a?QtO#~0KaSD>vQLV$zR2#_t;MEDf+twhE>I58zcdiV0O5BI7O;-6@H
zC5g0SfM~YG9r@_MJr?J*AREU@uLp3ExrOzihei^H&~uYN1y*~)JIg_s7r2pmZDBX^
z$KVe8k7e*7kj8x7hnvtvf2u8pf*GHUplzQFrF=BvSBnDug08Fph@#X!S4sx&S5Vt?
z3^#*%K@@hWi&8aRWpI`EtWUkFi=PXrgz!MThgyYTC;fBg(OrHb2Y@JwgqYHOvC{Kq
zFh^xBhEJT+{*>-{5**r$`{Eq_;l0I!uacaBp3ajwMOKR?eT0!Xmq&Hk6*<3Js1^`L
zp-=_($B5!0RoSzr#P^f|*)${XO{XG8({{YDK!k6keXDY^9
z(;!EwhmV9vtA$?NiQ}Vo>x||^+Fk}zV-1Ft|9@H7QRpXj6M9*zLm#21>(IY~t>2;U
z5QHnp6m^GVw6V-nLWht?=SMv^YA))=tYIiFGD|-j_n5jeN*YCZx|AIyXa8Up$Qrth
z42+Hy1#mXPeS=#o9yY%&1-gtpPI=abtuFO#3cpB;6ll(>Sgp`65+n^=XGFk#rHY~t
zY%RTHF(fk3x2Oh#yb34PqY5!u)-oqmQTKLCgyq)l%G`>EX(U>Jjr4l(%vV6+Ph)f^
zcRQ(#z^?cS_00v@O!}e?l$Dx=3?kbIYBp5|8Cx1i4G6h0yWRlkGRfcwPvud}MbF=JYQ@yq|2PJ^P%l(}c`GvSR%t-=
zRe$@-&b!rowO1f++E`za-#a>d-h%t*Y2);DU|hZ$T|l_Fx9jD7x;o2BFL5T{uwokZ
zK3A!d&Bf4V&dV1A&m-X!O)hb==8;&*?qF~svkP_2kZ_SNQkr@{7+!tp6hhb^E0+GfJhf`3S4^!YRFVEibLEMsjcY^nY8{SI+=`8Da~LxM(M
z;y&fkSxb{R16VPEzb`RH+nlL})U;bk@
zO{=T0C%0>XQU-MKg=&T}CSP))5UIp=m`K(ou?*5%hcLo}1GGKjuUzQFlcLSw0j>J#
zM|^^+Tvwc%55~hJXd$B{RdpQxMe&(
zz1Wce>SuDeYHXZXRbuvS%1@3?{p$Bmt52U+frYL<{a$^2e|4U(KD~l(_%D3=)wjr#
z{^k33Rr*`Kf<^bS^!KvrQ>;y2SpNH~YQgkKf?Yrn!TBBzBCk%$EHDnR^7!R{|CILS
z)9>^2_xmeMVsQqf@rO*5>N=P#KV^n=+JYJKlQW*Hg!pf`BynC6imv
zC=LE_g2B{4y77y%b&j1#k5?TS?Z^ir%lZ~nC@zC5kq~tPh4_OLeVyu?$%Fm{_JnhS
zADoFnc{xXZNlyGJ8>BQh!8#00)oaqgE
zR=)LH)xY#qW%}aep(Ce;KREGl@AXN$*@o@>zegvKXZ;QpX&u@{@V8wA*r>giMiKhW
zMOailaRnQB$a=2cPKb&yVI0TXnN&LZy*tyQZ
z(VON;=afl(D8(rD`uI3hEJ#r&!{I5N42P$x-XWDe4Dvfi$ER&sh`!Za(=5vgMViw%
zQ9o1_`DJcaQXm*OSH9k7rE42cGhEq7kabPfHH2XP4vM@!wu|WB
zTqMxof&AcyK1)@W`V2DoNmpj^k06tuXJsb;PB0_TZ#0)J|(4RX}CnteS2^{Iii
zUp7vf`)UpB1YO%MWG6^e_)(=X7FxeGdi+RRLE?w}VPxVfvCgC)oXKxJ0l#AXmi3SJ
z8V5!Z>vv3%^>CSWd*ksaj9+rKn&TcE!EM9wkpbNpbndM*iFQ>3?hyAH8Vx*ZxZ{P;d06jkA%m
z%FkfNLQYWRoP|<#@sMK_E*(nLjVkL?Zdd&ZvZYa=%$C1owsF;I*moUUZAFseAR#Ce
zsKm%ZK|)X{Q2mvKf&`1=@Y)AIOp-4*c<@8A2U`D^u6F8&+SgJ=hc>qSHnLFLMP=c)
z!NJHZ{T)oG)Pj%`Du2nb8c+8)QsXBS$kOeUuGvX<@N;q6J);d5U{1IlZzBXmD7(YX7t#e3l2Mi>9)s<_zs3+2B}Fj)P}f)V0P)*E)K2~
zDh8fAtZF87Wm%mJg}uZGg>&!S+cEoKB9YodQG2iQ5#RDW!72$+E2x2vO&*Fcs=eoV
zCJE%?NiatOJ00I-=I(mRl!>fI6-blmclnPgtjv9xD^Mh2CMEt-wkc30-5eQiGhw`Z
zsbxjQzS~Oh_yr`9-K&Y5H=AOSw>$lj`L|N3ynB}`DLoj{W}%F_ssZE4RrHHP&=kMm
z@2nP8M?3wI8AOdreP(gy_w>@X^F7C45;oSw*Vw77VsS0)HX7m0j=#QO=L}gl4Y|=H
z52@(ibl^-;Uxa1dC7`C}1_H@y9KW1bsyKk0>_S82DwS%E
zBQ7}IYvb8ZIW5yLE4mqP>enssvV=8TtKS3U@2_aGG(EICsev&avXIz(4Ux!PDGG@y
z(m`63bR#rLu?%d|#VNXqk!}nED(ddj8t+1v7PqCt
zr*o+bVpPNaENF`nB-C77z0eK}&#`(>;z@p6&A)>V2G32=a%vD(8M|S-tZLbQ5f3&?
zR-MyUQt-Ce9|1E~&m}#3lXC}q-$E6&nw3?;c>8fYmrWv=>J(s-2FxbvCgf`U^K*Q%
z4)rN#l0RA29&*qh4BAtV?O_H8
zNV(;__&|PfCH#~b6m_BZtX|*(GWG2*`1kws+Jp0TF0ltCHu!VDUI0?dU7Jb0x!i-<
z2*VO!Z*tNEZ{n~c@{55p`XDb}aowg4&k{O(UL?R)@2DFy-RJWnca$N^Ue5MV?U25p
zzvr8}$8KVeNkeC;PP@x?+J#Q%V|wfA-nw#jO>b37m8jX+Z=STJud44%XH|Cz
z)N{){lBZx&`*ZkI+3KI1Y9gl^(%({aD;v2~UQV2=;FnYx(DA^&#TkHT5GKJtm|e=s
zSPwv0)swktW=31e(N?~4ZxvAO|BWkdNC_G>-GLr*yaTtV%>~$H6(r*;Ia22S$aeux
zwDGv_x`Oov7#uqS6OFx28QT>~P>r6sWI{
z<9dcZZqc^e%F*E@Oyxe}{2i7Y32!8oBUKUPiTvN0`RM7%+dB~etBSIn&Y(5oMvN-5hH11@{-3R(Ai1;k}5vCZEE)ETecJ-k_qp=w8o|K$8v)
zO^@3niJm>D(j8hb8x^(L3Re8zU~m2PuP9@Tn>1#BXcwbk1KZ)we)(qz5#s7{qw`@)
zDOd=4FAP1j_K{U5G!VmG4Gdn^eK3$+M@*@qu&`WPB6&?JJn*XCXQe#I-n?LW1M#k}BuwU{NPpk*mhixkXC9qvG)Z13-D
zGmC5%X6F@$_sVNBT~qZq3K`H@+`<%@>ed|IvbsG@H092$l%XhHc-dFWc?$Tebd6wp?fcn
zlsj6)YngoXQ}g7_N$XU(&ozAGWFtCj+7E=0ri%5vj(;~qA0L6c2qR4uGnD0YF(XYE
z8+LrJGw`|rupmhlGJIPF9x8$~Di*d`ug6=mD~Q*F{zasJR%$NG+G3E)A84a1Z6R6Cv(=~R*wQ6TT9}9**HUOs#e}Yok3`TaFZ_>Vu#}wL17vyq<
zL(XI}VY_jA`#}M0Ba=yEJx;RMI6rAdZj6gGGxsaKqnXWHj?t`)<$R(ARm1MkbPoE<
z%GlmUXlm-p7&_`aCT^>R964o_XWdwI4g!_IKiG*ytE2imSE%GyPMQZDpcn1d(P6Qm
zeKTW4APDm+HlDStid2W^OL^So|ArAtQtKc^R4U{an`TW~oEiQ;%&A0F!&5BIeTx)Q
zm>yhsiY(`^#?&akw8~L-MtS6z34`yShO8Refqy4N6_Tdas~FCxH+l3^8Z)
zLry3A;?Xztr{|>NuJj5>P_-=|NWKZ#*7G5n)C8Nt3O@xSHjY~s@83SR+2-qTAQ`V;GsrnmH>PL2{B
zb{K(nf`G>q$`hR*kkp1r0yk361>SybQESdV76Kzy!=Eri0xD1Ma22YeyndNEfq!A;
z6Ws(J!x_lG6$}q-`zs4Np4Z)|AV;CA&?sra*GIi?vEWGyXxm)ML_C({eBvGNt7e86CH054
z1)rFiZcpg*5GN|Xf?Pxq{=z_Bk;W?gc#5(t4Uf65C2kpE#v>FELOa2uLy3G^1uPf$
z6Zsi&P7*b9Sez;S!B*xLnvJYtJ39&GmYET&x*Zl`iEEZ@*#Vm*uv0iX7=nVnN9
z>bKs4W+9chvy;U&GkkZQt0g{{V_?n?8waGdCRPE5a
znAtET$VSN_;QSUfAaq!0!olAP416wtf<9Ks)d|%J1i#vcmf?8Up0@hvD$5t%&B$;<8tAO{EWe>~
zIEML}uUWiibEcYFN{b`p1u!%}aJdQQD(oi2$e~^uv#NV(`2rzl9hSd1_-%PXz$c=D
zevl|AU3TTstv~wceZZK#BjMN{$L@64c#7aKowzR7QsCuNa9K61e8HfOde(3ktG#Y1
zQMAJP_)aKro_~OpbOX;u%017+A4skN
z?@mTNyp8wUr*%loo;07s-*uD`!`}^F9Ek+%V*_%qN9TE{!qIBz6A#hqs=h&Bu$t3X
z#|-8Zd;#v4tJC55OZEIc#@M0TAVE8Sf1W?jbMfYWq_}}LT&{Ttg-jUG`uY1TvD
z+Iz&D^E`|NLzt{85aRPCzZZWLxd%C{LJT+wwk?2t%;VEB=U4xFp2s3T;0LsQURA$y
zxQEX3-0!Spav0Y+^<*!bk*|TOn4G{Lj1r_Lrj~^hc~CJk6^3s#&jHA6Xc|-yC`fJe
z?lo`&V(rn^mbDqbUWRL*Uec9sgay-k7|9{qnilQoDFUdB9foH3K_Va|_|}OKcM8Uw
zZb+dTuTROokjPa+%O+3q58OzZ0I3M462@#J)_W}-3ZxYOAmIdK6!6ghfTnT@Eb~9=
z`MzeEGeMPv^1rHs68clI0(3ojUZCrYb^$)-`|mN9E3A$|prM*+Vm)`N^$G*1q^aP0
zRUfWY+6W?;#nhc1nU$ds8haN5h&sEN&S@aNlO|yPI;3wQ-Arr8*%%Ok918I(7}2YTx3PZ2CWe!{kViY^W_sjx*e{cM#rXVL
zB>Hx;pW2`#``gLpKOx6cM(Oq!bblvTH2Xh){#*7R>g-JV7mAgx1_~qn(S5a1TU*=S
z+!X&qFPm%lxAthOCV$t~HXdzl3h}7+sJ6MbzP-5tX`7EWYX2kF?yCdy{sI5zOoaHK
ziRVq{mHRO1``@BJ-}ql|G+4dAe^~%0_Pp^Od$L;T7DesJlgB0a&yy1RI}^`=c^7T(
za(aUj@#p9Z*WqXztx>lktbYvd-u^MTV+^$8lSC9Q0;oy{SCgxWGlE+R#^-cN`4U5n
zUb!W@BaH6E7>GW)nZ7`G(j1png6qOy`FeuaA2lvgPx5`Q+o#Kq(m0grE_Ab4!7ECn
zcR4jRxgs^*b4jCy?lXGUltMb(OJMJIdHR^tW8VyLsw62va_id9m@nN%muL(nd>-px
z;$N3WKAv3+`u=sv1gFEJKz{JeD*aTw-=#*-gC|z+x+9-G8du4LdN8mC3+>{AioD#Z
z;jyMG>IvaWP37EEZ*Q(yQ7D)Sm~;*9ayA)3kNIZT^I$co8x-$Lx+D(VIs={S^{KBr
z35asfc!#=Q&V@&Az1990c~h7p9xvk0IKWMr2ZJp~Rgqk~`yC#;JJSd0P;
zdS1dg3r%e$v3K`9*q2SwK6-xorg72~t+qHmIr^!!57(|-qYb}vC6dS=y*?FC;-qnS
z`m;ECE*ghFiyvEu`z6slJ3eW)+X~##iD)|i#;%)-2E9;KRh}W2d!7FQ-FPX
zMD0q5t!5ix#`W%1^JMQO6lpwb9kfn=E{W%@(?e|TIW*J|$BmQI*52!b#)&w7eR6!%
zZbHxYp{c{x;qwz{x%sMjcv{imT8EG)nm<9JXum`|QS3(J+0jo;v3GR*^GWN)%Tw|4
z=m6~;#Iq)Jxbf_u$*sYV_YNAZS0xQ@zwxT^0y}>qjsVaJ6_*`-^Rh`v&}0MtfA6$)
zbcmw_MhRadPD?NeC#P6dgCiJkTJ2^@G)`J=oVe#FN6;S5K2$v-XaL}_$>4Bh>;*Kz
zVaDrrGw9uZvvB}G+X%(16^CoTIo>sIyY85b0Ho`GmM78X;vH4u_(i~>ulPl^Kf?P`
zfxGqw#P0JhL?^@-F3XN^`}ID$u+1opHtatNL2%P2yH0czJM^ShbkIBB8L+olU7qMW
z$NrYRj1c+pq>sVPCVljIZw=O&L5Ydfvs^UY3+L{hxd7^6gL=3Fw9gyDngCAh_q!k5
zJMq^Z{e9XUIFk>RkvshX`Gjrc6CUZ>`Bra7nEYtzqo`HZYmWqS64lyTb?vcOtL?0<
z?*P*{g`=T)I~I99z=^QRUnVXfp(+>d=c
zNOt6u(O)oidhj=L{*v4
z*(?Q=BTwT|Bx1kk6kLNn5fR(yqg0w~n_e8g7JDjE8G5^ZDb18PD4nN;+X5rZNJ7P|
zqjGP~@?{O3Z9-2~5H!H=ivcRsNGUeZor&fMq;DlLBzgzCWb}dcRAlP_$cm1EnL}XU
zE{R#W?8AT1CUr6)wvt1164P=`j|UEFV)@*mwuc>_PVU(H21Z8Jk+wl4qJlRZ2M(&H{AwQJ3A_RY
z%EYbWJ|zruN9gXqEHmo+trHCMsGbYDk*2tdT)YApmdU)Oqz)u?yixtm^Icd+Yk
z0zdV5D!ir1eMc09kB9MWGWLA=FyY7rA9**GEL%@d1c#MU5&N%X!ne7+*%)aE-QJcmAAiS(0%iHk$&f^=e26#JsQJAra(%%@G0Av
z;J2lBG{tD3kZIEnLG(leNTEVF;Y|@Q7lfN-MU70IV{|3a!fj*Qwr$(C?R3-~+jeqd
z+g8VRPK-{+wv&$ea_{%_w`z>4Kf7vdtTiWHMR^=;uF5zy(p}1Gx@lA?M0G5a=Y$u3
z(&RA?{e##3!+=e;JbD#7TZLy9rVw(xk?Z5*AYj*l(^U2?5(a#zwdg)Lkj%iX>udt-
zwGI1O0(m4`I!O)>^kQNuaH=F%fTWJ*tCTXR0i;#rrY5}X&XMR5#@jpr8Nsj?C-&r7
zCtxU0W!I`NOu%+O5UH8#z|;Uer)Jc&3o>;V;=RxBy*8)Vs=4)Ni>XkcvZd#C-;Iyl
zm^KboWRUZs@h2G=Ie?DuXB{0SjjE8SI)V3nkQh!`Vcyu+l}ZPpH^DG7O{lmia>&YW
zOvr{3l2kdbI%5mZd$|&7Y0UIc@Hwz{w>>dTY4EB3SEW&0RmYNDPhc->V8Hzjk-xT?
zQe-UUgg!_x;8yC={5)8^7-@rcOyt%}4g~g*NJ!)NO&y<;-+~tbA2AOL8U^q~j@&i-
zXt4upln*ygHf%ds9c*1ndBjsi^w)cDf>h{Ky=XF*@?1|3q;pj!D31g%(c-3wuNzVD
zf-YG6rjU1MvJ(O`>P~-1g@R{!2v=qx#umqsHf*!qEGq*eAqPbqrtHNBmGFfaGNy)Z4|K>QwROCUX7C?-N~w$ym_$
znX-WHTK7+N>#JAKoqKKf2NJQu;V{I<@Dn&De^PkAxmY#P1g8@oA!Ec=yhsaiB3GaU
z7(!dBZqO67=XnfN$=uB%1Rgrn;F;WlA&os*@90E;U(0HmLMDjwepK^l>1%Ut_
zYzNIaGvMx`yTzt}-JH@aEHYM7EaK_xs0^L&guw2qq=|+CI}|Z4CrA`Aqt(=AvI@y%
z!4fH4E<{sc5%q|$|kW)6TK<-5%=gh_nVWUE#B&(W`rd+WWTZ$io{sNW>Wr$dBYonhlt);CYC*
zj3)>9X;splareY2(+V-W&h>Z^lxnUaUvA#mlKUxIKL-z42}9eZ=Iv)Q`z4)D2BeGy
z5qyao03h@9oeW9>+sx(c{Q6ff1Qng#!4YaYm75nJHGB+T$iiLWj@nlZC9>RcWC}KV=Bsyi>ZZ_tWeL9q_->@ODb@o1!3mzR)u?Pc-)`Czwpth
z*~l(rz$5%uslVh4gH{jvXV_20csYp0!Y#!&IqV9uMvfI{rz%Up!zJ-9zGlgl&qd{Z
zR9;$)k!^8~^;3*!6azuT-GF`(8Iqyis{%Y%{YduQMjYDlIOmBgXjX3^XjF8D?KDnlr@eH|n7X0vDv9WN_2=>3LH`g6|btWcy0h;Pe
zm%EgTQV$fNq1GGL=;D@PJNaoWPD;8VWJ@LNAubmoz$qLr)f)D@7`e+K8S)^A3Gx-C
zsjQL2+ujRZrpuH9ma1$HN`cAcl<}y9Otcx;GKm_Q3mPbweoHedX{+J9T`5o>cOHkz
zRe+}23{s)?!huQ|C%1vX&!05bpGzu$jLhBpgDBG>Av+^aZ3cEm19CxR&xyg+&`iK+
z=<>#ROGXEP*U3lLYGf)JD7&EuESS&2$!uR*s^EK4{vvNyoN;~_ptCXMN~~WIj5!x9
z_CP?lSNmH-^(bngO0~m=)fT^@IPXgsO&d)hjJrh31U+LY1|7Wtb7N(0mOnY;DWD>U
zs7e%kDI6zWjN{B@wiX2)bEBJhs=K@B8EjzH`&fD-Vhi
z63R)B%5y%unZUgC?u;7t{ss=$<3W2G;Ks|AJ-=g$z&RIWJXVr1(^74}PceiNAa#M7
z95VsCMxwbA8LSXzae_8W5CP4U3a4!&OaoDUpzJB}_XYEVE2K?9SI~}UOCgDh!6hzW
zF%T0i?cbTI@34l&A&y#!Gny=bf#fNd6!3WXA*wFaPBBe0NXq)yPzp>(M;6aw&LC)!
zI<#}W1{2)yG7L_513+LcH&V*4P^VXwecr;8Ui}k9o-@4Q{rfQhas|_AVG*vOw1HdJ
zgmx^G%3=}XE){E^_bVeXbs*z};G9NtC9gr5vx8~x$8tLH37c~T4>s%ZmAOA9i^Q$vTCY8@$jxZVN6Rj})0^k#*D_)J&Q3t8WB
z?8&KUJyltyluqk=OoLbay8Wi3-xT%IS1^y)H$HxOT2iw=bn7p01$2H80`M
z*n|5H1CsLe|GL0UyxR+?fA>$XQ;Q32Ub@$PF@Y9hW&Dh*=F?ge4RMw3n+j8v(-T7X&h(lVM8*6oS>0Z`~AD^s_
z*13d)A?H
z$Ex+1o?eA&`yQi2p<`p7kbhB87MHl~gN`8L?5*rqUK`6tj8f2P-s=WY`B}-q?HB(v
z$kmuP+UWhd925cO>^)R9L{n^krVOEV%YOJ$tQI-C-zL+2-s2oN>SDc?3
zO3SHI2uW>{OqJJ(Ye{1wAx{Eh2vc;6XxtDr?)4d`9^Tz9C8lBVj=5ww&%Ez1}$yD}s{(5eZ
z?EI;FW=IF=E@tE`pV}Tu#a?xk>-v6^s|Xu-sTCVHfPB2HfxG6NIk&LNjy7gUUaH=-
zCLb6Og!Lqtj!CIPX2Kp?75QMKvs`IQVoQKJF2Irm4y_2WE}t4>iteU0Sf~E-z3%H*
zkD{(&14bAQ)c;4hI#L8HMOOVtz|fR9esk{7hVdLUFFi1OCMosP{QDr+sJHUW1Ej>u
z+cw6cHiNah%s;7cq3{wW9GHmyIao_C!i+r2;r??WeK9XN%Q>YK-@G@h~F(+&(W}Jo=2@jB+f6R4}u!
z@OWIJrETPtC5>`v0jV;Xu^G(iG#0i?0dUZc`tE4R1e>b=^@{D6{Hoe`&;d{DmfTZ^
zq+2D^md$&QPwDRiIf4Obrlq(%&jBdebgy+^{1VxOzQV%E0vRy5B
zwFWD}7w9aO5O#01)M}!MzH_iYYJo72^1qY(=UVSX5P+It=9&SD
zJ6k2Ym_y+eRm8vhRjtL4MU+{{mKv8!JtLM<(&vP@#u#c{ERK1skj~Ixve2%vvE(!}
z2x}37=S5biU^Hi^gCqYtTl(K~VI&7zNOwBeoszdJ_&p^94N{v6N6Ou9zhpKb>TMP`
zrw=179CGUKsD6mqGTpno%d`1^O*!sd^5o`Ux8w-{HW7D;Cid!BR)#ZD7&nI@SeCf+
z7<(#EqvWOR&N|o?uTvqkdZ6yLR2I}?X6g)ijr_13?kbxK7AP&(uU5zor7*e}w7~aX
z-|5JZ(ros%4)I+6nU;_x@|53wKPxXbYn+z0Ch*E%jB#oa3rIJ(?sb;VMlQ|GZMHGh
zYv`^-T!{6r*2vefxuy9_NYR~di7FSrwT?AZZPpt>uB^90?Zs?jW}CDtC5F*m5~V?e
zEpR2KU}kpxHd`*_3>2vsjuUgcz=7M1qE*9Bv006
zxkys>X0yM;wkDrN&pnOeWk&X9(v9<@3knaqK7AL;*HCp!co^m_hWLgfL~$DGKl3F)
z$g0JAV3^@O6hA_$Q$08b9d%_@;$F(CZsiAbqsEAjBdBr~_N+VqM}AnP(kIIZwVXh+
zlPRN1nIqMR9dGEUvJ*
zBh5SiLnJ*EoWKLl_DI*S0*|%s-0w|D0v{O#UJH3&YoO`z4UUE2B4+7hf|c}Qk*`O;
zcFlkxNszOY2ltGbJeByH@o$km`zv`*VlgG$n3vt`))|t6q)I$9-awokl#=;XqJVJ7
zjtMm{L#n&H8W%I8)M>j)hYQ2lgFgEfeqpYFcq`Q&F=I@=&{RChAle3
zh1)&2w
zXCB8&y-ePSk=!Cgw8J@*T7y#^wgOPuLnMf4`pePBV{TSevRWhJ0<8*)M~#-pM@o!Q
zD08tZEZQn%aBO7v<2?i53mqVz7Hj$cx?_?RwDvUsFunfpY@q#{-{0Gw
zxy5n55}QAX9fc~vBqK2gu@@TW=o&CIGq|gcfBx1`!o%UkU{$HcsA0{#AbKKUVoT|1
zq3*LdLC>^&%|k8^creKV6F|eMKMI?y>Lff8};6El53{MAdjvJ>bP&H(zUU*S(j*)$3FgH&l-vR5`Luq
zF7)ttIDF72+lQ183po}RAb2n~HEue<>+iAWgb+Q#9U+t3w9!q+;kv;pra5?CNFs@h
zY7qQ#nIR3GD$k?E!|a7?5p|;~7UiOp^f;+4Tc6`yG?goUVZKVe-Y~hs%LX6HY-qI^
z31ezRKFSE+#K%VeiD!i+(+a{R7xvRcO6iWV=Ko5Mh!UFMxIO<&Hc*yBrMq}lvit=i
z7hi)5Nn=9Mazhy?I1<`u$CnY9o<=mj2Lac?;z?Z@MIew+()D8v-OO=zFHI3yn*?h%
z=JeFHBAWL8t}!Hbb5EHSj&M0AVf$Pkoa_|*L&NeZY`7}hcIje;fLolbc;0s{r#1dv
zLx@^M+y=4a`eV$=BPrC~>883~IX|5^0xP(GxDMo);wL*We%yhUlL5fK|94x*RM*AS
zaQjs3BbHaOXp2LC7?#UfK(wK;THyox)
zej3)q)DsU08&-aiiE7N_QkC9M>!mJwa&m^NejF;#KT)v
zzv#O^&YvycDh
zS%)L0&|Y(i*GpLdVBVbSU4%MIK%?^Yj+3ycNWifMU^0
zXB>`xT+rWBut3I4slGzUJuuRvAk(UVZZ5p;a3(jO4vy)r9O@pNB-n3{VW0p9zHn
    H2aF&;56{|pcaFHg4uso@;q!87u4Uncc;Bg1o^FSC1|NOJQ6lH_
zPEbZsgKiuplE7_cnV0(p2*wI?Z?;F|L}3OzeR9F6{4u#VM6Ut?6*gjhHG~Nw8b0zU
z^pGU;Pzispi7z1R53_1LUVr!RhZ}?hkhP+OE%{Y2oNaSeUUb?hk5!i|IRN!0_VnW7
za`n;tzmL(`k%e`86CI%##J{S5y$wBKoC8;H=;ET;)rxCn
zpLg?ITh6^y&UqJ2=tcUuB02==Mb+Z@;F$3|6|w=F;uN6SOZCz85ba`c(<9
zOTEw4f@Q?de~^k%`yWr-d_8P$G*ukx6#YD6=j4B6sUTR2ZkJI?vEakAl1t0T4AI;$
z)M7;4lKtDrUni8HbQ75!>|M{K&&XP|-HM#c`hcw%OLcVHHFX`hKio0Lv0GA?U@TkzAd{`Kq|WB~F_)IjNdb4*mWHULv<
z`sv{tVN5)yyMxm!H8cJXnyHhLdMZK~o##fVDBa13;5EZ&is@mjlz;a+f$ev|VZ$D>
zUqGl2sqg>cvZDU&nrpoM1A%S>-M^iX?*A8;G%?{*M$Ym^zf_7)Ftp|T_aul8RzZM_
z0tMCYwYW#4YDpP4?>p~n4B~cPSA?=%ji$;WfGY$n_Mo<6W3W$b&*D%#J((Vf5}3H#
z8V~P?Ids7H15JrSK%Nxpw)3}H4mG;@s*VVBg=N|h;
z=oGf)ZM1*Za!6B0c1j8yiDR%14!$>9Vjg_$U*k0m^eyNZZLTq{(QfTwh@>rHvqvcA
z43pI2?2JYHU2tQ0WyvWPp90}99N$2aQk!m}jb6cw^2YT^+U>>33CQEu)&Lwo;)y%|
zi9lCK3fnN}bs;jGxn<@B0de=w{V$9Bryz7GHO~c}m(_#1Vx(eq&se0cSfsZQsp$s<
z{^6+_Z6YV!ZoW*v#Fs{p@j{N{GcRrBb=0h@!05nVI8lvv*M0p?+W*FOSbBNlv<
z>S6y}H+XEii%1w30^FDE{B}r}{x_k92gTyXWEtu4aJooMmg}1PB7kp_eYxINkviaW-Q!ZPbDqv>9RFIE#cU*HV$nnegB&uZ=J@Ssx`G?Vjl*3))
zOMk1utGH;p)RB1UdesL`QI7aX>tx>Vo3Ust)
zU)GCQs7&%B7KRCu7kKR1l4MtLsvqb=$Hj}p4QmUz(GB35Bb6MN!DRG~R5@7m1Ub`-Dv7hm*`3C{zvZM#1&d_nHXP&iV34tz!JIEOuPQO5N
zcR?obG38`X=25C~SR>4&pG75mQy{4XteV%Jp=^j_b)Zen;IWFS>$%*7!?UH%$!vur
z2>K1u|F1*uZ@Hvz#lwk=9@Br#es=H47BOpG?E6$er)+n2~z_fU6J&<0p
z4>oBu5L;az!7?<@;%jtyrLt0dPLZJUJogo$9A!5-{~>SU2XZ^p&i?@U;$ZzT4X4M@
zRh+ll)g~)1rZpASv9?BQcAcV9OoL4UgOx1XM-n7Z1^*5WjUgRk6Wx8t`;2I)@kS5U!;hC_GcXKYf-(z)gUNe*fy+R@wEUmILRZi0cD&x
z0=vN<7C%|=G81_+imkukJsuu&1`@Gny}(KTX6=f~wA=4j8%gVrcaYZ-3<*{#pLO*E
zW5<~CE}z?*{(}W+Aorb+g8oH%AXmg<`gO#fFOG+O6U#iO8$H&HY>zbLrJ*Yy7{WfF
z<%|;;{y#hreqx*#zZ8E~-$zWe?#s#*D}pbRo+eGN*s1s@&^QOIzJ?4BSi%cB=X913
z-AZ|gX?Ulv-NhjbrDuaNTvp#SS&t~bwDcGClx+z1&?}VF=z?G5`o6n5aDh&!tl#_(
zMOv!ny1Qjb1Rvb}uTIbSCswI#L)ozTp@yXkCS$##XMPAvi2!i8pHA>RWu2KDV
z8o)Qyfh;94b$>fIf53q-yyktm3Pr{#6Pb12wnx?I4*LS0Q@+9xhneXIFbVw*1nL`Zjl4GM&UmyoKniBmbK|(qb>QnMuuGG
z;&+OJ#Lm#Z8<8}kl=*AdAy;CD;|YAEO?XPc9?CZFr9B7qhB6ag{~#2mW)YlQ&xQ+X
z3;&sv)BwreXydkk5c3o-QFrPN9-Zv}ehP1E0yrCeEMW+JG6;wcQXI!EMsVIfH
z>EE&Oa%^CSFaXtZG_}}2LQo+d)h@a_T=jbuPqO+=j@e(s);H-@Q?!mR3Mvgo%o7nZ#E!FqQmPe`YY>hgE6M605}TC8i97;r1^#H>DhN6%4$RB;e&7fKPLA{
ziE#S2Zi2Qc!wd*nv5}+XER!2X(+`BdnYSg%
z33Cfq*)q0a+xAM2j^@2W-@7klq>Vr5$uqBVh*VD~EpvQ})1X#ZA5-d5UY&S%WZb<4
z3-`u$EJa+5&uV7F&0^qUYTLhbkdaX&6O4*EKcgEptLptFN-F=`NVV!*E3?XKF>6M@
zEwvt0j=;UMg=L@5eC+z4I_em8ngUTPtaPL8K#F;EG^)OL_4p@jofH;RS9efJf_JPZ
zVgR_L#qt2%sZ5{w*weJi79UOHhH$t^W312yO)Dm~HVfSJR0QGIk@V87=Rfm!esCN)
zi!MUgNdSCU-1w@iP&(pZ0+gw2h$q~Al}tV_`?4q#@%wmKJMF&q%$^gE{3p;7wKVhI
zoN-^9$<9-M$^Ujr1tqa2;GoI%TFkAnv$A4zLi!uOyp_|Ul>Gn$Im>2#WpK}*#9Bvh
zwJD=M;%&6kB#FtspwSq`A1T7V;M!<9_QVHXj}HQ$q(REg;c1Y#YHyG-YG6Pig?Ni+
z-W2g>T{>ubu28o@dvFJRaqB@zoZCc-ocI-*T@)*E0q=d4IA-}6VD0)>_(QWd
zC{dPsEUY#b+UX(fMf?Ax6x+5q-}QZ3G?V+nR;mQoQ1(0
z_jtMtqYfFC#F(R_0DO!JHgu@nVmSGW^tsM8LNFTR3ySl$+(}U!-gB*SluOR!WV}Wx
z!u%jrwcu4G>T5Txd2exF!DDYvbTc1|7e&w`x#r;+coU?XPk7~UC=kh^Y(%o}d9qVR5ba1fB%CuDkv11iH&uLhaj?euG!26Bq$$~9q
zFHtJs!|vY+uYoV6^MFZnqRC+uu!_2ig+!n?ECET$5%*9Nav6F*teB$e-Q&Xf>67%L;aWEFb`%}yFBe{f{WyI(
zK@Mjh?n8#5@e8*#R@`7M?Rq^|3vkP&{eWym_(BkNrn3y+nUeYlP-BAAzPZ?YG#$PN
z6(DQ_JLdY6CZ9!JO2N~|hw&%yy}~M}deravFY%lvea}LTMo>E66LDS6wgAK6_UFll
zvEXcd0nKCc;^n>7&@Q1x&6QS1JPPXgZ$qUon0IEOu)mTg`>4>LSQq
ziC9E}33@PJi_G-&b3as(asCz~2y1BvPgLi%5ijuh4X6eH>;G*W+ZFlJ-r*Nr+(MJW
zWAAzJ`LuLB!!eXeJv1>`w6Tp
zz5X)`A=SHW_q6^Oh%xXrM;wFcE_gf;pi(29K=xVw@2eSaH%Mw7QLlCVXxR-=+)790
zB!wN7O8^UfY;ByC>)yqr@^4ECQ?DB6`;gvB=Gyr>3DadXm;S$|~rus*hK
zxpHh-6U`DeOh<~cT%m>t2KvMAv+|+)!;(6EjQGAMyV!eHHQ>%GdoB(x-?)GF)$1qp
zO;vP0Z*d9x9`?No;_oQm=LGLEfxe2Sk}tJB1Fd>@$RSd17}}PUa5xZQ0szkp=g4bdo
z*J2wuJ2^J+A~_**X%!^FxX%eYJyeI7f9i|7yj;tF>iczj9W>sy
z!iJjObFaEYcYdC2<`>81k^|y;4v8sV>V_7G|Zq1iC
zO8lp!jNl_&j8069L?@Qx4feYO6hcS@)uw4Oy#zVNC;*s);Rg0g!t)mbQ#DK0+#jZD
zK~ot!2sL__&t1i;IoW6C8~#nZKLlYFiyXR{^WC=Z*YmJ}8*plR5h-emwEc9~J)sx|
z_$zA44V&B)Y)lFd*?1h&(}kDB?}@c(EmehjP|^02$Z_Z%fpXyfT2)b`cAaJqH9D+l
z4dx^E?q3hp`wE5#S5j?`;5mq6DNT6;z-P_jH|jgXRfaSA9sxf$73^zS)J6fS)a>(9
zl$pL+vK%d3ZAybs@_owf7^YMx}GKJlh&1}$3hxYx^ZP)^h3ILjn<1q1tD
zu??vAOecj3BR1xhxY%(QAfsNTvoIFnfQ`@aK81S278_7+EdvoW45S9Xtq}9YN+=GM
zAeD<4D@RPXE%%RosKIEm2ae$VPb)7z7u8sj)I{Go7w(YBzA)0X884Iu7p&N$DJU2O
zhoU4wz{_&2!Hk$^=tp+QBP~Rb7Lp6rC@mrsw+AIeZ&>F@WLo?(DK^{D$)U1nidocY
zhsbj$gc6fxo$^=R7r>|u<7w4spVF9uETHU!ZIg_L<+QG%3FCxTr_`l51)*rv3{%N{
zfqMc4omQ=N=sSl@B>=h(5^|l;8~57xgH5_o?_ut5scrbfliUxAyO+r)v-HJZnxT#F
zC|A7CbUOYt%BhP+t;heyU>}*9F2z{NV
z73VG-BlK=h=o4Tkdynz<0blNqv-FL&lGV`6#xBEf`$zulL7|OM^jE0Cy7Er`c|%VW_PEEAdg4TkYmC{Hgt5sf
zY2pr6&}hb9&55GyybGqZvmyH!#HhYw!d$t$5%`c*1elnzR)d_Qn<-$<$8XugZQ9kL
zEfHhfEQByj3W90Z6^1}$&io-hOBI0rgci9AgG+ZFWw;I|lAMJ(1ytWEv1=jiH5c#1
z9MQ)Tf6GJqq;uYuzC-?Fd5R_oc0LZ
zbP@+z6L||Y&vd7_8pNqob1$h;#=J&OH}@Q|X6d$`zhHi?g?XQdieTh;$3qz8yL25e
zqec}QF8rs|-z=aoo*;
zj@0&3pQdPN&CUV{`?qIkU`je6VV{qXKB`^eUod?=B-iWmO@m4Q=+7s48w`jL-5~GF}Bb%2mv+Q-oN07oSa879|
z`z2CV=mpix%`q)se-?cGANb@JfZzAN`N8sR*nscZODp-X)UZZ^7B5
z%j2*eK(3T>>5XglXjgjt(>X1_H+KaG-(K>I`nNB?sXElUOHBcO0S-&c%ipafO5oQr
zaqVA~&$h;1)%C5aTG550(Z^!p!+`C*?U3sh9QalA2OiyJ<9IaTl#&(5it*5*?p-3S
z7HAxBjS30Mj%K|}3;7y^w?#Sv`4GCl3mKZX^`%0idEC9`lRIn4)SM$fx`WS?7ki*u
zE%+WJ;praAn`v?D^9Czf?x42*5H_pHRQmCStZ21|{w?o9lPbS99yIpj5sMc`#t8}1
zNW5Vx=l1kBa}J0;BXP@tNDc_BMAxJ5gqQYxRq
zk~cccfloPheIVIAxbQHfZ6)PyKQNBJ@`;aT7E=bG$+VnB=CUTLQ}N!xXuPzB^yZ6&
z&_Pa{e4Qi)>H2BfXe!YI1({_n8eIfCSrQN9xj|L_OB$D4Tx0c-NCLiNL4Uu|+xs`P
z9NX}@hdj+y5}$-)K|ckwIOwvfJ0vdW0Y@OYgtko8SFdaPGujEB2a??;~XIY(_^lLwl#_35IACXpdOp+fjuBZ5>g74
z#5YPqZa!uN2K!MEsiA+mKekB|>K75CoQKZmhNV-`TC7Hyu%?mx#4m9D$aD2SC~eT*
z`r~cj8!|am5eaASl0KR%z6aY?jh7G;#ASbamp>zV*>15?r?z
z=!95E+UIMTjE@>NYusT1wPhI0MiYlY~G>~Bq}A@D)h=zseL&s!k0$W`=-
zBLw`pQaA*ImurM(1N^QCVtj~^0xQ@a_l;yid?#_V{O^&)L+(Z&6151zV*Hzpa+~~R
zOIJARfU!kfW@Exj7a}V4Ru6W#ri3j5puJ4lMYSx*<6#UsEN(I>e!94IGCL};%wjwb
zL33+@9+-hZn)(yk8$|f3P014>BX&{JRQ(pNd}Z0237f)wM=u7peP+`X+2qE49N?Tp
z)FQ$p8lTj3ka)oDrs1y~ZjjE8I7NSdU%VMCd}=n4CtNE05p@=;q2x{f)8z#ZHvT7I
z;;J!~uWPdcP-@blk0JWkYobIRQLT7i`JmvnII|1hqg6cB)Z&PVMvx(TC3C!9
zdR-P`j}(Q|+AEG?60}2%#J1@lUTPZn9=2qIoL8J<%#ppGF(ceJU(rnsMJFU1DyF1b
zr9zLf+Zg0@Fu25t4QfLY&JiT$+BT3jQ0d2aYjO~>RFcL_w|7)_L3;}P(APpF82dwL
zUtz8sRAn@7Y+a@x#q4C{0?u|okv62gDzNbKhx2v?ZwuW4yomyJM*zb|vV}V}yI25~
z%vPkqr115dm_Z6VO*>j~$n@Y`W#60?7df}S6wnGN2#A;}u#j>nCcIRW
zE=8dwZ48fXV%*~Ss9b
z3#ijpqY|MbC^>Hiz(jB5*Rp&#FFGAsgP5vPbFKUl3B@#Z7`G~_{}eNtaP){
zEcVcLpwVH=&jPm}^lPO@mgRAr01L)Z;l<)}^VvesMG4sHkD97uwAAdAD7V{jnIdnd
z_C~anzBFB0FsFi3PBw*8HX+-Vh909@0@8Js3yQW6;f{VDapO}at42Z;s3xnSq1wN@
zkeoC1e3ZWadZ9F~N`bphtq_NpX??Ec%vkMzP0Fp>k^g;glMBoGQyp6I
zJPMZoKF98s0Hqze2kgk^S+tH_gjKhQi;fGao0b-@fDw%q@TzEYG)vQu4Gc^nfqUK+
zNKk`UZN5{?;230E6-(22m!WLP`NFX97iH>)XX`six#|vx69Ol&N@oG$+oWsS=r49Q
z*>{R1!f#{G0f;vE4>8?o((OgCFqlo$?MTln4XWDZt<(BvU@>UONWhVr!DStJJXi@v
zP=|+9J8WKuV%5|Fc(}3Rh4l0mF2maI4j$YF@4-AqDZ_fJnb&1IGxj!DQ;kVah
z#&g@NtpnCR$9)ar1VnT^*hK3+T+uQ>O4rs@h&eo0!~)v!mbmGm%qll>bmti~4$mv#
z0$I3ruKp&cz67Qf(8qYEWHk(f0h=(}BxRxSFn3e%Ga~#cMPxfi(3WKxwDsdUsp02)
zw8-sCC^{jElq{kO_4OZVDH*;WY;T)L0f>TP%Jh9d<6dAzTGM&({yKcbQN0evuDq;J~|
z3_%aJ!r?)an$$r3*&g7R3=}Tp2ZjY!6qgzu6ZVI%K(enHEGyutM`j{Dpw2QK;l-U{CpApY3=EuMYtA3
zo1z!=ca+QYxDarchB)i*{p*pf`P*6QT5M+Jk;!6kS2D&t&ccWjlU)1|&?`a?y?Qyb
z|1^$^WXT1gZsxo~lqLVEO6AOiY+a*O+!JHAbif`;>o@mTdpTx2ECJUt^1
zaOyTM&)eE|oBnXQji)<3-;Orc(5L8T#^f!fg8xU@
z?N7!NjYTexmTCPI*A#%NH=9s(7RAY@V-0mkwV?Asf3ywdF>3%q$D#J+9(d;^u7fH9
z`0#%U@uB`)EACTfl^Tlxj^};`8VtI_e*TNJ?N!{UpSBYCcWh7aj&%EaB(a0I+r
z3o-9_w6@0(uY>OthK_YGy2yw-6S7o?CrlTG=8US;2^nZpd{{F8AGRtK4#VPnH89hX
z`u$mEU2ulAzJ!_b?YBSIA9C1O41J(qL$AgSPt!vmlfJQ|@
zEySsnNbC|34vJ1AR3(bM6C&U#=b8bYfgX)|7)@KWAHQG*EJ$km|B)+|i!P>d8Tf=f
z$(vWRkfHJg`!#4ax1xVR_BjGVd}-#pZ3*j4lwq!**`5~|aZ8T2a-p8o0uG!g;IvoI
zSI6IZ>dpLoxz>M=dH(W#Zt&iAh@AF%&Cj7Bs;zer&|CLz>4~B%Tt83vl(ygWkly?J
zNS_SYTQ;svdXRov7zKO#ii=xIGyO_9@B7{QSpIp<{X%^hFq)JM;%Fx>2STiEryRJr
zRatv&UlX7YOLF(9{FwssNelX}4)$CQaia{olaD5Xct!N}@qJCx<$I|1*C&BQbLnY7
zY-y}=&ksega2DrzkQWqPt7{1RHXWb*OHVHXuU-Polj%UT(|-({NA9rQS#zOuTdu;Y
zP?>vz4(iNb1Q4p_H?3QpP4;)(({pXx`uNqFT4N5~tyGlRC)
z#P*nJzv4Row3x7TCDA$!?Q`*Ty{mHShtz!5%9Ok{uOYw#8FTfcv%tXB#G3>ESX)1w
z+^0`PE}xKf5k~l_TsBFIl;ywW>E{S6<&CvJ+52*>+
zRjPsJ;m@q(o6Y465!-mt46^Tez0oRTCFq0`l_q@$>Ej!W@4#Mfb{G5YKGdhAzitua
zB{Mvu%~-0mYj{A+jhScEaSg-=u@Av@TvPl~k?-hZ4<%iZRfr%+Zl2T$h4*MVN^H$X
z2YPde&p@o8Z~0j+f7Cmnw4`$v=>R3rNnOV^Q?X4#fkl)Sp>w4Q3Uh}j=o+Blm|#3}
zF8G+iQs4$EHmVjsx`hPA3du3}rD^wDgzF5N>nY&~uVZp^5ju5~4x@w1JLTA8Vzg57
zG7E6fHs2k%s<$lMr=n%zcx?egd3_T-TsI|rVD05`r#dD|?nd!!bm}8AA^8_=G!h7`
zU3V2)@u#jER*hoUoSvz;({d|=4JC4z0CW>p0Xj82fF>OV9q12sZ>)Y040;YjN!;DN
zroE98By;s&X6j=~%tC@xe~5h}8P8+)<-~;p8!P+gv304EYO8}V8;$lMY_dxhZ(t)o
zxD~AF3@Nsyb#PQp|DbxsBs1>vnd28i*osEY(pIh?5&@&m4a`HD@{f>l5Z1*a5W4QWRmJHN3
zF7|X+fuJXz#!K3tmRD#K8Bg#uq~OFmk0XOClnVTd0fk(ju(~*gnZy9Gqn!l0JZKIu
zb~U4KmXMW!LNL$XWjGLO53M~ktIl8rt`%6Q4oZ-r9pBJ$)bfk!Up_x5=
zMg0MqKzuosDPb%2u?&}0Q6iAwffXlZ$ahR3nifXw0uguD6H`$bvpJ3XL+hNbgFH=2
z6cqUWN=#$Q(V&S3xw46|5CMs^-sYXWFfyDNaGJ}0*5QCk-E#!G;liJ@f!Ps2!%sMY
z*y6z3W*}iKctFC@SRv4q6g!b?Oryg_pMostb`cFQ@1^~Q4t`7BKw0<|%N+jmx4%8s
zAynHNUdrh9MCoBD^aw4f!Dlb)Rgf!vSUIdWsG68Ur(HF>f>p
z{A`d1zaZ?
ziK1kjy!geoZQHh!7u&XN+qP}nwr!i6MeWDdPMx|n^EV$;_s;3=)15=8mTyE>Px3^@
z$SPU4Fq(iRSYy~An_bDhUi#-wu5q>>cgnnQ!o3p;Amvh3NYL}LgEf&1l*^DC(uY=y
z35R&hhb2~pU9H9+hl(tiXw5Y@hnvuyA$%RnxfPrXb5_y43B8?-)XT>dAfSJ>{qZ~^
znL!q(id)?y^N+h{tLVe?Fg(xIsCS>w$9*)TW6286+kgn+4GlXiIzdc9F?PVB{o40q
zb$_rD;*0(M`wFFSx_l+uz3~FxlYtLI)?eF4OKBS-%RkE(I`KDMg>tzO(-~4Wo?lSXWNGH?aM(L9en^|qq;ql*FazKN;_=_l;K_V!
zW#ZKz7WPZ8ZVH1v4M#wss`s@AIjfi$+A7>c{11^ggUYv6dsnl?SQd;El-l>v*
zJs<)sQ)}h3{prm39fZh*>eO^ATZr)2A!uwLwjAsL~OL>1ME
zS`_zt0koja-ETpZ51_I1-aksAgL(K|STmu%>_{@Xqwf@JK%lhy9UvkgY=OaMqWhN6lZ|q5
zgCxE?gDK1N1&Kh<^;Mj!KniuJw7D>td6V2AnDO9SPyk$b=voq?-mK&M5Aw5^fepGT
z3V?PR$AHFYi_d&n0|dQry1+P~hxP#Te{~pj`1Mx7mYU&+Xb0mUXBgFj+63Fdf#m6-_#oIgQjQ*C2
z;OXGGN&xL{sFCGylr-ay0ej(AZiFVw0iLE~1^8`RZxHth2Zo1F#{e)au{-Xq&Cs*!
z7Z!?xi0|wx=AnR=M&5HgS7XJtVkdzuj3(njD&@3;K_v%P8
zkJE;!x+p+CRpw_(s*w(mLoFyF_?(snzE=&q4I~W3TCUeIRS^yL$mRB4{tct|>8o@<
zKS4e(p*y8cMSM&PpeQIEX-AK68vt?e9%z+!{7APE9$$3gE;~q8NxOxS@#N=f%LVgW
zORN`1a;_l?L0!jCl)-mGxg(q;R_}8}K22R4N)VJIROkkTsPq5BEV2ku5yip<{pX*s
z$+4g>mSH}F31Ejz{dbiCH-s0o_|UYFHIiMH6&!y1_RvYH1(>rE
z^>=_68W^(ZU{Y5K7)4p_;w>>c@iBB;Y-K4Cput9xmqLl{x^{xQC<*#sx3hjSy#8t}
z2RLMGv?e7@dUHl_vY<@BA-`BE8a5bf%+M~dJ))8vmv`~t7D|a_1?@NJF~`D8r9IZ|
z5Px&?&ulOLHaD!fSySvzHVDZ$kuupRJvrg)_hvLMES{9DZcyK{XkA+6C
z_-|8ePr3brQBY84n$ktaUPcm9GH_LD=LBUcu$;w4M@(00DrmOq8p!RO{x^Q`G{lGH
zBrOVYP>l7VZk~@kM5MG%q$ry3-!2#~H2!K#?&1yl*T?cJma~D&S&eN&jWd}gqQi@&
zoq%qwtV2!d^hPN4L^~5&?HII1rxA0Os&2JT?&}zq<><`qMqVyV92FW^#XBCK5rO}bb`UaMkD
z*ZVSs3${mom-jSi>0z$R{7F$h1-4>`9DNlCnfA<0Hcp9F0lA8p%GOqUWq0V-Isl}*
zJYY<7U4gavdLQ8=<90(Pj8#go$hnu3ZPUSLD7G`ZcLOniW3DZN$gk#2Y
zZu6n-3n@aZHL}{g<3js>Uzr$$_V{x;50ogmhsnLU=g>vhR5$6q_s+2dZ
z+P`ba!AK+h3$&453U5$-jzXg7c|Z3&U$eQyZkA+ozD=fEII}uV57J+2j@K8EDSs9)
zhJC84tF|wEboLuMv8cepa|mS7f{AuT25J-hg6VK{s=y^9BtL5XDhuwL0C_1UB3xd}
z06<(&zJ#l`)*N>|x***SRq3V9iw1kT=~4>$d1-y7G^#)Y
zf0Vw`npMGrJbSsP{=SlW
zB5Jd9NY2st)yH2TEEcac4>1lmkbuUd~v`>FpCW4kUlNe8&8{VP&I@Ah@mdI#qc
zDCBs{k!|?6Pq3{|%chpPcRfNSkGjr>_1BmKVq%Y6g%V9dt0uX7NM%g`5<^+`UQ~{W
z=dc#kw|3qKb@@3Uxm>h!OSd()xWTeRnH_Y$eMSUT*X8I3z$|2xKH=iLdWHp9M&H@p
z1`4UPi@ATkWKzXc`p*>_3TUje(}(TNZR?kXh0V?Fzbv25b&m~-vLUPL?b4|$ofcT@
z_5B3QrdM+ti;t2Fmbb@cX@Xvd46P2m1RG5!%qoWsPiG4{A1>=Av}rixHVk4>#G008
z8DBDrHkBEg-&7mXz5<`xKeb-Ls5T2r3IE
zVP!+r2S^-iA7x#rF*Kjjx!`ONs##Fhy&L_!5pWfqC~;jaV`=4IijGS>VI&cKfAmT*
z_3EE{{o&~)TQHRZ&c}|4(1GoNtVsasthJKR6Vge|Ne)|r>^&R0aiZFNZz%}TrnY%z
z74->VDR99Uua}0l1#X^={;a@OWXyxeK+^ec4iv*8uRI8NZO3@~sx4}}CGK~$c`}2WusALW^
zhI}H>OxW_ppY4Y_NQ>{-&YniwoZ^?vHRDriFAs#N!?8`e&g19?RkphlDDBy6o2{dpBeSg+W;iK;B@scy
zA)|S~CPM_V;vzdxXuY!t2_T&*-4X13da#+w*Vi?tGYUe2FkC@FGqHQ9RK;1KPM!N-
z{hKhk&6Oze#G6VHWkxY)4k><04!Gy&|1sHkss5O3`PrT#?p;~+$zjRi9eew!WWG7z
z?Vb#|?AbpEX{pw5-r*g({Gfm9_V;MG=~{c)zVxtp?qdDe&hX-{+RE_ag|u;bePd<(
z@Rv(s+~rFA3-NI|}Hc@%>9?h@E=0_QfG%|iC@`*MTK(7{B00(4LK-ogV5?z0Y7G9K3?
zm*;pF3TGtFptG-{nzwqv^jko2f5<-qOh!HLshoRfa-c`@texcIyGy|%z&}J_4ode3
z<2DEO*g&4(@C+kekBj2|l#^$sewz%d9I=AmrZ&r~&N7p+y93x+k?zOB&_;v3#1RJv{eJHDah#{t>E
zQ^Nx|dXZ@M#e3f|^IYQ-gP5WZN9wm9rPUCPv$l;pfM8c9(k3D7#$SCRMDa0}l13$G
zNfkzP3>D>&zne7Vr@}F`grGVM;vUlF2n+~N8Y)l(Qe7+Fgm8ZS*0=*~+Od=D8UHtU
z)|9I`8%I5s8b|e!%3@Jz${8X+J>ruvKx9ceOo^FAawZ{$Xkr>5u9hoV&I_n3P@-l9
zF%5@80B%{Ie^ebCTEU#VgrVD56Cer@zyAjyr_~oT2VkYinaPU(VXt-a(2;O)Bs|kC
zqd2a0vH!)Dw94?0gXZwoK)>+g&jE;(aK``c?pV}1NAw?%a
zs*tP4Q{_y{b1dgmAVx8#f-;%SuHL~Uac!!{X(05#WuSTJwgdW*hW8+p?wU^~p(T-J
zkUe=IDCgei)Dc%Y5}Xgy*Z8ucKo#8|b#JKnK@c^}Q8*=M#v1+oY0Sx`+UWU0M5DCV
z%!Q(wQI@Jzl=O&d4FGF4aAA%=!22J@Wkq@el4Wg9^P{wXx`{j~xo65D7<^~T65Ndb
z_UL>+hfEYW$BS9nqL4V!Nj!7IWQhnG>S7yyv<7==<+ih>8)LNsPB8cyp=W}G=@0j!
z`y+1dVcsg)hvl+*9m|1T>TM#8bEUfx)Zl-Ik@e=yumdo9V1hXYHQZ9{_{Ep7@qi_m
z$*KJr)v;p$Mb5FQIaZmSwotvSbPwJCyFCkxs35#*&OaD23mik?#?7P*l}Xyok-;mEZ~h4wN5p$4Hj<_qt!*sxh9yVi<)>2q^XL5QYe(nsffn<}&IjJr2i`R1@f+{i53j_V=9kX$a``
z{1lyu`hI=Qjm?JqW5#lnKWs8VxdS?7axvBPR6=>3whz?KK_MzJxq648XoVr`_(fLh
znM#gL`XPoBtznj4xb)(T`~qYgNIm2#EJB(K7^Y0
za|-CzZuV2qTn+pE{oq;%xn*h~2S5IlwlQb1
zej=R7I$#lU`&a37cM{FySpF8lQ~)1m87Mg-j%pv3@b%=*;E923mUWVsN$sByiuMQf
zw}IfeUdPh*{6yeplpTog#elPg$;%^dh}CABkM)vyM#hlIEb^AH?A_l~>r{Wc^H$4z0>&{4-$
zep)Hs+xpoueLX=U-dLg+@@fHI4IOZ2p^7H+)C%aPV)7qKjs0gHcqPrN1RYr!&5x_)
zySu%*Uo&_psYmH}tz5%IEr=FHxH@PaZFhFdfY<;xb!bWjTHESVP>-1m)G^CIWtKmV
zuxj&}V49e+3VO_JH4)5}CB60G`(+lrkyY3AiP@c1M;PGkxXCNMEzU4P*e?53__R>W
zr3v*I?QmR*m%g!TP2^;7zX70jf{dKn3$sxghJ&7^#JiSX5J&6gR%T5op9i@7N$J5S
z4XvDK3kFT&iDa|pxLD0GaBwdcmI88)x(4v_%$eo&PFkz$#?
zfx0Y#^IO}@D+JRt<99^wMir@NGFsH0E-<+zg8m&1v?S7l`isl_a{IcoSkbm0`6xh{
zZ8pY
zjElprrAvI3W7%GY`L@B09TsgOwH9umlb^VqV99ZWD;7P2taAhm;mE>>MYV=kbgj=%
z49H_fG|M}}ckkMOrM*5)W#-G<6c)+*Sk#BLR;df41gy~I6}u^Tw8E`hj$+rhs|A^y
zlYq*fnm4&+p@i5*$W+B`HQS($%-(G(z(SrNFSn9~dce7%>*#D;TX++m9wFJUd!ux>
zi+N?vA*oHMrw(P|5v)lVrCQ0|R%|pZ5)7}>BM`T5nO;|o-}0>QSw&XkK$M#i*^_O}
z{eCgujn>{+E#Dv1JL#^q8|!u2mpGrDO)VV@B-Ym4J|4FVeR~}N&(C|`-^+clB|Dsw
z1-Je$4C|~b|N8#okA@IEFxKRQm-0ma0trS5&oWHm1=Ses>~TC1`F2h+Ut4oVY@r=o
zMlChp&O&R~8ylBc%q@U-ulp`)wjMquUpqD~vU<+XE#C5>0!}^!3Unifli1tvCYFsE
z+SYKQTQF~blnT0?O%t$5(@v{MfV6ZR2?_9tVFBK1D53y;`-$cpn%36>lQz!|@+*Ek!GW(*wuJ<q`90)D?N11EOh09JwZh&JO?L8B&XniapQrP#YdK>%d
zNFlc~t4~xa`$}AOV6@)^q5nu^66>uK(*&96b6(nGF;qynWuGb+5Xj^Z!}`SsvK3sZ
zmrVUm|CXc9u1mE8IyppoG}w#gS;P@Vu=)Zs$3wO0jt1jD&2j+S*y)`^wM0p@9YNuyImZ)guZTDVs}*aa6@|j
zF87IB7F|3~iQF94Uzg-lC*nc#;8i*@%4Qv}eRIn(Rq^|;<5r)eI_Z3I^Uimwnj5@X
zSXNdo_H1TX@=09%vYI12V%vMj-RykLFB+QJ{Tm)5L1Sw?+}jmA??>`e)Ya-4unqG(?VQ5_PaHx`vMHkOWjclX+ApC&+((vHa%Xn3jA!6%p`~
z1b6$5xz}OppG`(~j4>99gGpFrT`cORp4_xx3)ZseBapNfrDV@Y0)y_fFb3RPjiJ)F
zQsXUdToE-@jndz7F0DjiusWWrLi#Rj&Ri97c`lI(4QdRIk;o7W59da!!x3F50TZzy
zl>x!)ukLpYm8hbURft`g-|oL-JO0-`(VSM?vAPWir2*jFt!_+X;FJ%?u<8TMzKuJ1
zUmhJfgV?xoRtzyNr%xt8wTVFgW^ZB90S_l=MKBXD$QQ}Kq5jyhuI*Gu{J1vP-+!v}d>dT7
zEquJj(B8eNPW*_hcrVTs-KhZLz3Acop9)&O9^m2m?=}_c!}g))iReSqL0Nz~o0fIO
zf9d#ryyc?8;`lvU;JjsJXwar6!fYqsGSX~kQgG8=^du1y7O9sE8x(2-D)-z6`?P{y
zXSa?b`IQRHYJ2Q<6SZ0S0!NSQnmc3vXtS{(4%46}8L
zAk>1pbI$azSIK5nWI^)4w2ws1zdIWpZyrFItD
zqr?uVe6dH)KSqb#bn|PqN&gf!4dEXLz{AI>E(aRdz8#bQm2IIg{5+_5j37g<-Tqqi
z2p&!Mgg}Qti&%q`h-Q;UZwdY>78e_e`S1c9Vf5w?u}CoW67UJ@KekPox8tmRD6(vy
zxJUQ+l3;%{dz%583hTXGFP5t(0*UYD{1DG6fV+Xwjm8=OawbTie*>B;0O8~tK^512
zLLRAht}t(5DmZG<1_gt)<3KYF`pnAORaxYsb;7}Sdr2o;vG>G1_4$X=qJy)65VHS`>wX5cmj9@PskCdK^Bm&M3
zXC<0qVwIDkfGrX-LiVlDdG7Fp_$PRyODHMBnQunppl|?ss$Fpoct?@PKb@umD8J83
zog$tO51i5MzFX2JDb;HB?c_8436^IY_dg5O?(?1`en9INVC{$G
zZ$T}zLHigpIy_Jsvhu}47qDyMUs;;gy2OrP|7T!Fb@q&1%uW+#Lg`KjIa8o@)7r3a
zAhQ_0qYc;ZkX5`C0rD>dP(De*lr4p289+4F2*q?6>o1d?ar^x}Dhf0-87zPV)Y}D9
zhG|60v&*v`7FLF0dNF9u>s{|+%nc}_(qas##T&;zGGD#o|7o-oriPto3y8&EjerHz0quv^j$zJU<3$5B`YM@#!R+Pv35LNrST77pN*
z9S$QC^vd>1B>%+e?5tx+2H8sEUzd5XChnkqreIiRH+VWv%*?q9K`@aL0bVz4Y93(HbxR`6v#bcBKd?z7s+CG%|TM42;-8V#>(d^H1S
zKAmjc=N<_4^^t4mpF$ju0@J`%4l%H^@cpVLU6cGaDSchgdNCDW
zJQO1s?^pQ^zUUb5w(t`rJLJum=)`H2;FE~178s$yrBuw(I
zcV{yfA=_T!S=SlP|ape1<552a`_14TkGL$4$k4b#!?lKL2Fo#?Ay55xe>AHCy)
z`B`8&sXl@?>$P(IBFJ0-k!g`&Rc(1PNsR;#(gLO0LIeS0hyh#!Gt&2(P7XNNHMEp$_rY+*FZqO>TJYtFEm*+_Ak{?%DGj%&iBI!S;6NBlZ%c3?5;
z2Oy?6P{i<@r0z_K*EhD6g_pm2VrFYB$t)d?V<+Mg8^KDL6iL>GwXg9viUQ~FLoXv`
zD}r}qZW@R@j7Fs;VmoFenE6i2&k*Q>qIJS>WpeMuy&twDCFKoAsT+<(2xtJ)@V4b=
zY3tl%?y~qH4AWsnrOFuDn`(|5fs|RfZfm+Rgx_o(VsF1#d*SpsvzuyX{miCtv
z%r)vGyl+w|>VNmbpy!OA`KM{#K2yz9M}jCPiA78j5i=CBf!b$?hWlk%hK$jdDi90D
zyb8vx9+OC?Jt@hTnF)2_!wRlcl%&&H-J;GQfBrzqRq(+WXXP(A>?Ccv@=*{Na*{sE8eHb9ogrWBHxQ05xN`h5Gj+2EKXG-
zS8J6fvhWMwlp=0M7Nx4GO2})_o@db}4d_CC&ob80Y{X3GKe#S-$19HQXS_U{6;gvM
zw*i~~YQ=hPES&i1#nF_LW@T~5-lN0IO7#&XT+j_f+xGqm8Z!7}6bVMQ9BU^`$p<)95!QO#m&l<;r6kWJ`;V~rFSS-VAt7`AU;A%s&x?eC^
z4Wv-`fZ)BXi8SQ|_s2B*V7Fp+?b{K>za=ysmE~p4O6W+9-t3*RfURbd7Ct>Dkr17%Li*>^ss3%Bp4a{-!Yy$A&sIZ(;)BLI=-^D)LMVPiVYNg&^6dU
zrh)yGl8T+VZpNT^GAh6vtyW(7n}$X&j&T%SOh7%naJ6)s+omM^!FL?V*S-9!Y;
z&b~f86h@OoL%r^~zem!&xrpPM19KNspo84mj{$oZji0s(PS~!tHxMSQ>}j2Aw#?#b
z-jcx`Lz9d{&>pvNYfeT}t@D+7CQ4w8q8j(ee;8i#v7Za>59}+108v?k2ld|`_}L@g
zdlQcP34|egvB>|)w9mx%Cr$I1fHqw<7D+5IvdRUYh$Ph!vxZO{KM9Qter^v`>ZHsH
z$!nH^*I-VrZ{7JwB#U)7e6(}Ly}RGajvUuB5Kl+?CZt_@bp*uc{7kcl1w7EwCLCGB+5}
ziYkAtf?woG;OiArJYZ*_EJP~cxG}`-ZJ!zV72j$fUVvk102qwlvbLjXmhV(K02i
zvA66sB5`4Q
z;7c3dvW@!8le)h1xVXbY*;Vg7u3I*aj^5YPODaWBejDKn1x}gv7Kv8qX(e0va
zct90J*_`E?A(g{SiUE9acm6PeIbB|Owu9iqm`t#aw*LzBpltujY|ZpICXDi7@$_gZ
z7Sb6ww3K1pOa{<7X?LiouyD@XUAH2WM=b;GlTPhDSu@ub#|T&%SG~JNgn3A=V@7)!
za1L`V@g#|0rwZX??j&EhGQeEN&1Vwm*$hf%gkY-V>uYzOt32Vj57g2m#N$txI7;@%
z5Jxun-q7?AwP}77_o|MdVAUlCt)*iI>ce{A{>~9iWsJ=@xZ1t?wz>=MA973F#xXiz
zIv-3Gh7$E1M|@8f5JYNHg)2U&d%t_DEkn#P*F9%}M}fu>;v}po$6tC>Bny6VU(Iym*@fLL(8;BJpFuxQDk<4KnG!`SiZZp%I9
zHl+dHW>1OQJ@OpH0lxdOH!Ordml3$Bi`q$#0bCU42o+H_m)6xlr*ym`tHbynVJJz}@biJ5kUuIw25Ps&bO_h)^TBqp_oj=*fi
zVvhGAY+<>Nch91h&RkLWK}EW#R%2@i_Sa`)*U}Zi*{1b3@5tvHOCFGKB2<}SgkS$M
z8gGDZhjP3f^w4<`t!-B@k;x0uS~jOmTcQ|69?Ot(sw7K6Un=k)I^;e_D(!in{b{eko-zDi|E%f<9!DK1iaG*67MO6{+vq&>2fAUe^mFe8IMnqRlW!I_uB%
zn%zr@pl1-Q4aU%!*G?tWYBEx9D}DuI`^yEOsIRKb45`ZsKr9!JV}v3XpF{2k)PPST
z^ro2+a@^-h{fWE>ws=Qh8N2|Z2IUZN63;69Iez^|)j4T=Z4T6;xl+Wl$`&O=*^qi~
z2IeTXuz9pT&tl=!j0CzXlHK25NeljBM8$tt7;FoA?$zKika|fTa*YM9JW&}oS?_DA
zev>~%t7sqO4nRH@Q=aU{#yfbrXjv&R-s;97u4jk03c7xqO4)GUTu_a)W^xs~4G(-j
zY7d!pwk?zT>@x?RRBs(B;mFn_xnyN*9=p9v5rWA6MY<)c1`}?4b$)G97V(*SoqB9S
zkYu$$<~YPpvir)~qf1XzIe*=~fG49A6t!Epnzr@GOddE8R2a@yYRwODV5g>qK1_DB
zZGYYtW#7JV2SiF7SiOGDXbhgl&KpR!f9?#Q#2?l)60Uz-zYE=benwJWsSdty5$$yN
z*?~d+Ikwba1FHW#&;Ye9VdFiv^*|hc6U2T*@Lkga{m+Ad#S5yRC(`!y?SqZ;-_Y(v
z1OBnaub_Ux*t*RT3OI0{s!QDK&Mk{37ngFVI994yVKVpl
zn4TcmIHj5&@N`1|1lmMwA`o5NqaMR5fSL0Xn1$aAOD#v$7f1>lMm-yi|B>)Hs)`q?
z^bL45a3yoSV}?j5g^L1ZEf{==6yB1$=drb
zQM-2ruR{~(cLrO*i$_|&d{{+Pk_Bpv8r3!{3{JJ3>*il@sn
z+6X#-;pX=gK_3#d_fs_`8Uo+~;zBIZzLxn<>3tUWz_{zR`=z|`lrazhbcxxSQ7x;m
zOcKiYM)8)XU%RGydJDS%p?zuq$_9x&g_EYC|D&x`tOVtdMsJe_TZY~sA3FuTcliJ%
z*6BxufbNcUJZGDrfCTcfg&)+1xgf8t%%`VEp+Iw8Go@Z(sZX4Te4Q`%b)~%FzZ>)n
zn#cLoSr6>qT4p%j_xcx8!c3Vjzte#jbky5R_D$sC<_T$4QCHdTVlu1=m|xDYl~=PX3!bgr?a|k+&t_V26c)5E9i=M*<;s+VSLcD9yoz0-D@58
zGL-2V&nodpZKUI@l!VXwBrAwNZC&?G?{xqGb37jBu>dD2N>~{++PFT0XhXZUOKFx8
z;oxPfx3>0GY1Y^u%yv-B1kgjTI)#PcXvc@l24qVtqZ~YAfzz_odAvTq+QBTakDV?>
zhv*f+0hyfzd@f;TQ49&b$^G?=tDUjjf<}TfC5@pg13O9t)l-jwPi{PrILBz
zKO+s&YZ}=Ltk!kZLfFe&n^_3`BlVJ7af>j}@5m%6j#Ms}d68d%UbL-gB9kP7Uj^j`
ztL5x-;rKDtF534;Dfha)gVA8aoLdaWI34#?K}gBkakOrHFoZ-rH=uzof-_YBejR@X
zO6p3z@2-t)?C55K&<{R${PvY|`7|JYZzASk*{8=UE3?@}1H7Xu%Lx;`nvT@uTnd0~_3A6@*{5fVn^@1t=K^(!
zb9@-{dtZNK0#)aWiiRvF5jQs$+c$J*3f3094bVCTy*GHTnih?E-W7id;BRH+PPB0M
zM#+fBl4uWC`Cn8G)cG=s_flk9p8q6#kd?nmmTRn5hhc$QI4XhMH;4ZfH}5$+$KF6o
z;x>A-C(S#XfX{t|ZLMq&KFybXJ&$fI#MP7(94yadXGagtxVVk#Y(M{
z;w3th?4h4tJ*?k~(Y^AEs~YGn#N&%a^|r**Ln76O^yz)v<~}_vBJYLE@Z7-oN4~>OBbZh@#PSIdak)RM}mx^;94=E`KU=8%^!VfmXVekmCNfemA&@
z2bX|}2xmWjLY=GW>%a{B8t014CaR!ndQ*=Fjq1ihN;^XDRu
zsp_NmyaZGYpT-yX1<;oX&GUUUOwQ^zIQPf#2nFMvZk0blXcqH3zn$L3uh
zP>v6k36`Bugbx&emF)n%guL>qHCHlI8p(HhbFS!KepXGge@uR&-&1dX-W;7^w2wb|
zbE+ygKYYBy;NE-`0)a%>jGA{&x;Fm*BK7>9+T`IcwfAKHxGaA&?5-ebk9ZbwCCv|9
zy=vJ}>P{{dx`?|&^6JBm#QaK0l6cIPfkACXV^QDAruz@y&j!{@3b@S
z&%Y}V_uf1M$2QftGfKQ1to08`PwfF5P0*~xwvX~4hNaI@pOpfJ2^0th|GPeUT5n-b
zhb1yV)J1VPaI}V}l|)=g3Wb`2r=-!!(OXhay4MkZyrlJ)f9hh0JoUzM#NF&=3|23w
zqxs}e-m%L0&D;5EqR$OOG#qOXyjjA~=V8BVg`g3nV(5e}-_W7BsYG<4tjfRpjubzYW>ox-{#8!kW$es?wB$7QJaR
z(v}*;bEa*xhPg(RTU)pvEDO*gHFo1G1w
zpuTzQ+gF)D5w}8EDoy*89X#obFMEP*H7cKrWAHqK!st*a8od91BsqIwww20s^F#OlY;n83UWbVc!
z5&l|;2wC?2A+vDx7)4;Ayu6DJ;p
zR7~^;tl9>70t9w?0c&pPhd=iDa{-;Eg+nE7L5-hM
zL4he)VUC}>dkHq7hkRYD8&rqY^w4v|it`+HsG6v#fYs~ueGwpsJTOT$9C++$n}_L(
zw(8ho+Mz&wMO)v{GEiy}JBRA8kNddVwfi)
zOa80~iH8*
z`nn-VbnIZt<%OqzeaH|tHVercvMDH-qe@u^^;p8tP5T@Bbd<=yDt-a@iTip#lV*fa
zQ(wFa-Tqv*l-0yRg!g_3hrfYXe6O^+$N9e1y$sIekU6dUA=se4^CsUkEn4t?>g3-a
z##nmlhF&{PjGMvO0hIAo4KSQ5Qy|$Eo4_~R*GNVeUc#!bi$JQijWvod+SH1wdfZI8
z<>50*2*t#V6&=!gnmMpw)5_KToR)tp#Vk8G?3HzUp2yz~Hgwo!vq~{f&W6QYNm-|U
zU7|d0k{+(B?wJIYS|8(4o3QLvdo&6GcamyLWiA0Vqc9C9Sf^a1D1OQj>0fYCWwVHL
z>XA|{(y$SsrVWe>od=%n^NiA>*&U*&2uS-be!YO~Ld<9-l+?b{SM+Plcc`MQ25y^R
zTGFWO2VJ{_95n65aC$7j-*ixeN`F1hoT35{D&w$42L=Vo>ZbwN=dc~wOIPm{(F2cC
z`|8KXf}SU!MyWh&0^J1ag%r)N-!jh&pz5S`2Dk@hQ27Dg}aFed4I7h3XXOii3v!3|5
z8=hUgN{1S*`WOmY7BX$Xuf0K<`MW`*ndXr#d~EkIY_#7rNQ2?DDGOt7z)ovk1l0ER
z&%=ft-J=ZzDz3YGkTP9XuH25$eD=Vwkd|=-D(vp~wJ;!fb3GHV!~2^jw{v=peaCWx
zxr6O)fUb-0f{xCbWBLKhOfQZhb5=_ckXjX$t-c3bdS7WHdSVFtAry0`B1yz3%lfHM
z^Tf${(_ogKj*UP292VJmhlCc1(wdIfxI}9NieFTRP&RH5#eS`FEapUCC5aplwT;%^
zpnEDq0kgu_sC_*j=TQKfvFn(41_5xa-UI}Z_^pQn!ND8oqr44NC&o~0sGJ=f6tp*H@OS#`)3`MG
zA6>iM3CY25=QJcI4YFF@vvjY?f99E*P2e{|i;|ZV;
zv0Kc3J$oNi;icM#YlISBeKWNHQjl5sQZh!{UaLJ5aK1!%!y``e58EwBUAuAYVOCt346yWLs8_7$ktik#q(kKLp(m`)^b_y0=xP5
z{v?lhf*(|zJG;&b*Pa517|ZqQx1gtSxpry9>J;Lf*YRlq5KutP4FuFDcA9E2<%5)y
zO1^1n-*AC8gU#TwE$(~otVmi2EK%Et`(d_nzFL;eC7dMKHy!VJNH)Iep;}$SEw`Dv
zwW*@zVHsGfF&j5pnVXlwczlK$VkW&c
zN3wgUhX+Hdz5phIa<$Y11R2(c@(
zJp)?xTI<*~-U`k6k+<{DrC~J5o
z4g&BOtN#O$KyJTn$J~OZ+!^Wk=p;sDMZ2hWTqI)%A1PqC%OFw;ye>cz2^1j5De?M)
zX^qKEk}+>1ycB;bqsWHMvhw~!^v0Yu_F--ZQJT36=E`bwPFqf;*tO(fLS_oE_bjS8
z5%|t&zSXQ+w-`rcv_DVVbE5M%3IHoJOE-x!bQvVejJHuw$bPXoVqF}Y&&-j+^*!y)
z3*_JUTsPV)mX1(@P8@eaz7&q`feU+4Fbl6JJ{JQ!>C0pi0y>m`DtSCn{4UQ1$mPtQ
z8o}-a!w<44CeNMp!-;k{!pc++-BB=B3*AwZp}Mf|w1Msg!6|ZLXmU&(QD17vZYlai
z8r=?diA~?NgPrR7g+TSv4UAD8m-=Q_{$6yw)RjEZC^rc~amt)x0lKyfaT%bOW%U$K
zv5BGG%*)crl*wTz4}8wx+L?nr(8Z6XX8IQ?dc$|zs78&a%^z$}3Ox=zigG2fstVVH
z%R3-hy(?KVXSGyaR6WSETzgZ%nJGttS<#0+Nw8j~PR@RoA
z&p?P?f6`oET@7TE`oc%NXU;Z?mK>)5bz|G0da-T3c;OIUG#C7uOoL=JxB_ADlE^n6
z$^JpsOYvkZR#stkK)hGUG{vT{yCAfRWbgt56EKH2?rjooiXO5_cRCPZ0jt~9=>EHa
zE?%Gk;1>|SI(4x*!uQMH{-{;{Uh&_qv~|ndmA=}t^AcB^^kQr2C7&^DrRQ0dy2pO$
z-TFGHfq0>o+{v-z5e$lKL4`%A0>jVudb}D+)5L?*Z=PIzkB`fUjMt-|L*m_LTmT>-$&u?4nO}w
z`rng!UJ3mC`rjPw&m?u_cs0uD>emRzN*x3x5Cx>=mFLUNwP3ZmzVhvQ^NGnQi@Kog
zJi3^3CGAd!!z=6ZTP}om-_kuDxze$^DkTWU`ugWFg?`VBt~Acw$9a6rep|P^-?{91
z=d#l=H#>iD(PD0>wKEFLPq35gg2q2DzmA(3B$suEtLN^w
zh3SDF7{6mtE2m?Sd?SA7yKGp7lSbV%oXI$jwhmf*7-To%OSQrgO&$+`SX)&Gxyx-@
z@XlN)JV~aVJ}R?ZgS}~~i1;1)TEy4NIobm@jV|HGG7MM?g;B_zK?I7o6*&REwy6;?
z%bPcM_){5T=Xj+1oYCdtN07DvLb(&k_BIbJcXKKgjk@KtTGp}SQEv4sX)$?ZEo11&96Tob4n&dCym!5Z{$CljdqWq)t_{{q}<}GJ=gn`R2
z2p!Dclun}elj=%+Vm#u>rQTm|7{0%%*6L@fupcz5f&}9@I3Ktm4IFoVD387y*b^Wx
zSVDj0K{S$5wO|?Va8($6|6)a9^ZlmWK(25XcDqouik%1V>x}KXx@X7|5Mi5z1ip9>~nASxi|aVn|baB{kQ
z(rsl$5LI=O&(Xa|wj?(p_w|XV3ACGJo~G`3jKZ3N#O4
zO#T02n1#tDlc7FIKw`G<4u;(Z&>sr#@?4^HD=O`NheA#poeU0PPyv_#7K(H8%0e?J_1~F73V%HSwH5E6iTy;CI(9DFA<~?OB|WBI*m$xsI>xQ
z>+9L1n{{x#>1F-FVzYL}V-7BL-M^So7jJSA7OR?nxN@A_aOK_w2nolV0jv$xf5VZkv&H;emak
zQsY~B=n36{fKNcALIos^dIQ>~VK@jh_UA}vB=+%@M!*=*LZ!3OB1@;x_F06N=0S56
z-omDovjko!rj|;MWy+%fk~iusDt`pIk724&OyWMKU@BskNnyWn#>)5qVZDq(@+&ln-6)IC
z^_6y*2w(tB4uI&Vy&k|O8Tt}5zYzc;ufx-!ERYIsAyL{x=@MBGJiOw2qht+$ywshN
z!G<@uMgZzSK0ye9`7lt^>PryCr=}M9De>CPlH@k1sN!Q9q&);@bTUhbtkMY8OJjNK
zBxwpdNwX4tHHYzHi%s4!!T@w(l!P74d|A$?#A17r=6ou#t~MgHIrwM5B{<;7txUzXtTdKBFj
zJ9AGB7a8n41oSY#It4H&UsVsU(MvIz72P?v7`%)4?l#F}klDI$XfmLfObd8Uq4sjL
zq8QCvE+7rVLg_WbSE(p%mL{d
zJdJu{D&`(WniE!m$z}rkv*}cXtvq6VA@U~aM9EDYGDse=HW+;TKs_pp5kP5EP{Wfg
zp>&KMoyH7Rr*`?2v;)Q4C=Bj><8W*cADgJ4fb2P03iwVB1&L)Fu@%?oMik>scyRPD
zp77xQ<9z1$e}vsTiU7LC|Kr&zybPYNJbm(Pwb^{y#QYDdPoCfVe|(A0ziRx?NBDry
z=iU+I-Vx;95#-(x@VYJ22ZN){e@@(
zFz-*MXQl7^?ejG5qIseUkAh3*CzTk+BfQ;!UgLKF2)8y6`ufBu5
z;P4&vwz;Wq$)Nn%OG}avKTX?m(p+8GrZWz6SSrVz3tBzKG{GHM#C%^M#RO2Q2^*94
z1+*8@757S4FZeQTpzRn|Y^Pt-Fi)s$xl}D(z9ly57oE)~Vh4W!K*^mDoN#-m59Q~xejY5j@B@^p<}9q;TIk9Qb{fzfI2
zmR?Fs#)f|RCZcVFUiRs`v>nL7$p6ASjk(rqkZIn?d#C{;LdvJhD>u}`VKfQtN7e}k
z{RWX%nH=e8lTSC0sOi{IN-4SwssMvAQqqj%;90Lca3)2j=7DLLSIdL5Gzu>^d@V8Q
z6`H9$pj?~0=!2I5U19tn2nsDrQcfxO!s045cJWZJHiH!^P8VS~Zp)y;d{C(LCE7f
zMF=vp95xIp@Rp(*%`O&vVQmuD@bHy?cJU3&?&aMLhMDXfa%DKHYDEKX)VS%LwpxS%Q?uACDBliej;tR$UVOAF6YIslf$5s2Vs#89Cu0cLw_a7+7{S>P*M<
z>#)$=0}(iuUOFeY+z0*3k*ZZcCeFUNtbXFH89bc9Z>!TSD~)
zoog1~)rEBG!X)@iY^Af*
zZ0lJx@!znG&8r);=t37-3Q(8MDu6tWxAxn+2fL@$X3Z|wpHq&-QUM%>@DRTu#Abmy
zI}xKqT70p&f|tEqs$a?t(UDPi2ZQK590WhgvSs1aipRA!0L8!=WtaAgOa08iOxRNv`p$L@+H1dCa!zMIhZ<}Ew_ki$%`
z=b*;C?Gt7hpU{G!;)a+N^4SdhxYex!MahWw%8=XlkI!i$F2k-=Rk_VoVz|4V#6?)<;9ya;R4I<()$L;G*b5AD&8
zE2k7^S3xU9=e}q*!Kk7U{rw?LIu}=sB%4L&Nh9h`YvhTAfKhf}ie5-3>PY6tgSX^b
zz89aRVS3e&q67X(V*yCe@G7uu&^3mgaD=YA<}f;*sPkq%&&CG;vs~XfiPE7sH>*yi
z!{Eng1cKurIATx5JwCn0qa`^BS8nnV;RIUnU}YnSVmj$T=XN~HT~*`TQ>Wn=-4RYC
zgR(-=NDm
zs?(?w#g`N}V7x8nwGM6Q3B>FCtoSWK=mzf7qXa_(&@Ep12sq>pt=L{F&z`RZ`{>`g
zbqVvh9S+Yx8ADfz{jFeSwfW?`dhqsSi+mE<8-gk3?I6YYg`G4Sk1-KiwaedrxCqlh
zmQMRo<9yg{bR#A6;RpQ!wnpJ38C(Usmtl4_y#TV|2S1GB&PAh>^&0@WURidR`D3$c
z$+20j;>&4w`xC60&R_Rj^4ER0ys{cJzg=HjTYu7Y53p3=^!DN2;qgiPpw-$TMSOQ_
zZ})$;=sY@DY8Hweo|;mv9YNDdzS#cZ!QnROoBOT6`V?B*I&OhbvbDGOYa5TWrSK|6
zaCf8509Un&4hYj2FX+s4j4(MlSBR_}b#Hy0FL~VzR`xb3WTnr&KWoQ2IM+7ae+{(A
z0CubGHjwp??RJeqz9sB@_pp5#wt)*x@M)l8S*+)hx(Z*D1E=_LI=Ryn7#VQQnd4yJ
z8^S_pG#Y3j@B>4tmUI=S=h=pOLZOhDEqmv$fM;pNd-E5XME^&ZW
z8dKFmQ4N7~#8h~J3EHgZVwvLBHUNq0>TP+^IzHY|s1?(rAG>x)o101QPr)_D&>^NN
zdTtJ?%V+0-w>&mt4!DU9>^cW@7yfuo_am^$(
zoW}k9F_e+or;X_2=%2jxhxs4YL@Tg<*X7S3abBC6?3SO!0cK$b`@sw>itoWnNd
zC!N4Hi#Y>Td$vW?M)EK_&xPve&72It95X03QQooHGt_ATT3wyJ#3c8`hgm08_NDxe
z!-rOC`apS4Qj;&DySZ7uDO;z>`C9%hTA3q27~RGiS=E_WJO+t6{X{*5-IGqKs@h7B
z$3xDOr3@89y#{Aw)tQl1lpIR}N{DL*{TmMv*^vV@m(Su69%z7;f;=leQ^tSVv|Y-9?X*Tf`xbB_F2PP
zH(m7L990n;u<>AG+Phgd8ea=8ewnI}q=nvyzOZ|tJbr9Fu(D&@fEaFgOP#|SoC`f7Pn6%0GQ|Hqz*}3vs;5Mj^YAaVeQkMyGIwn*WPb7nP)h<1K
zXAQ|3D?BC?z`y*H@dN+zPcuyUhL1&%dPl^f(r6(csxBVy9v!}ZjWb@$Q3^mInz1Pp
z920T;w)Th0OU1Xsr<8%>5&2Q0jYria*^;<;JMO*@0-lUQvy12sjhX4W`3)x}8n)3M
zb=puO>GkNa1|HQJd~CX=HW7S=;?+%doM2J&Yw}4A6rl^DNk;hUZ0Thi{UshZYnz+e
zd-XPQgzFcgVB*mbY79iSOD_pM+FOJa9e83*1y+SOi-)=77~GOd1syZv
zldC*C2&lz(IX4%4Ie#>2ZUPycj_Q7(wr(?JMXppc9x|Pz8__z+&AZdCg+a}1u%dGE
zA^gB!yOP3;kg*}n$B+Mzf#(K|Ez+owT^0m(+YiDsBI*q{q@23|-NK+2HT?KW?o6QP
zG3TZuv|OT{T*QMx+eipiC9m9U
zd@K3EJ%F!;CdK*yuVjU3+k-rwQCl#U2Xx5-GEsc0EDxrlS(@lKM>Pou;8&dxV>QAc
zosO0!@i0=E&U$E^$4ofk1QQ~s%ya;?YM&?+nxtW@+-qsVHZ~m8QX_&{@gaPm
zNy{pLn=4hMdE!>pj9__sLUYWll)ge+;<@-hq$3S#u9V&N2SwKp9w_LEH$Qm5Bev@C
z>}Xq(5u=3`fD35C5vrNlGhz`NFQTO-5)L-3H6BXI{$
z=AzM8Ioa|wNiZARRiFg$E{1$2S5bE%*8`CuG`DmYA8d$}c21`RKYi>yZwLVFmze^*
ztixCaY%`6|Fo6j6H|=KPC>TYE9@p3VVb<=55kd$Y^G$^5gdbO#QKX-aTQ)sQvgRVA3jv{H(4Z41f|
zJ(v3=jMFyy8~|&oR;m5k(bn#9`{3>VtJX0IO6UlZ)#|}R?)V|WRV!*yj|ghUW`GU5
zrUz#~!!&rwDCzW5Oi?q8LSP!RKAz+yqu^`+JxD>iWk|5vezmu?{gdTm6X`ea-t3;X
z?A~Pa6Ep_jb3^M?t4!WGm}2&0mUq=x!^h*eH(Niq+HbZ_
z+CQ~^_34|ql?)Tux_HytsCZ9$O({Fokn($%9qA&vs$wMF{^8q`7U6=!!iWJgP
zeo%*79{-n63TNs=r
z=b#vM`VsMcx?Pb^py{>R3AYYTcFCtqS*hz7T#i0b$)F3XayX6$816raFQVYb?d_nO
zAcLX(D4uX45;TnDO72I%X=YJ+kx@<*Q%9eJQ*u0OSp4**oKrjZLh>sbviNJ1W&ID-
z=zp9w}p%wr!w}Y?0#vc_$
zUF6AJk<6>e-njxju2nmIN_7Zd1JKiibF=d^Ji|oY(kVBiI;CGuOL}IdTRil{^POVP
z>P<=K>UFMv-JSwLJ;=A32L$wN(0T`>A|UEbjWmgo4TO4C9oaDGrW6e7LB7E}41Dgd
z5+zs3L#Bpdn-g5hKm~o2x+M=PCCK6QJsH|T7MH!V2MyL-#}0hr<P+NN@PkolbHcK#)Y(E(1fqttlb4&KHCv<4I;g
zq{~&ub$VsNWqMGM=_iF=^3a{pfo5@z__@Xop4-dU)O?+ouV>cNf%%%60_N!%O6h7~
z+)))efQF$#Xb2jBicsOqA%6i?jgf!4;1);s-Z!-Owc?q|CI9JLILE^@dJpgVE+p?Q
zFy343<^dR9&L~=^2!(p%g2E0{>@TG_ZCyB>C8n#&1m0C0%GMpGr@K{9st5VbJ@8(Z
z!h88C@Lpa6?`0m|OBdctFT9;WA)xCWs7bU$V7y49>
z9V%amN&-c|EOkvaV
ztO$8wRz%w@iMFf>!yTk_l?%1qg`xUTP|5FHM@oTF8saEv>xwSSl(wM=F+FziBMBZX
zSh%k0gnl{IJ$<3T=Ie|lL6QO6IT=vgo7*|*Pa3m&H`1Rp=n@~XSh44_uJe8Kwwn{=H4OEfET03zfx`<3-QwbhMZfY$1D4Zr5mK9Wbt8IfD}rrc
zu(me`cmqli{&MgY^tS|9;4Oo-0BR1>5q%6)+Cku0@)_=Eqn8VL5!2qpOtXjl2l6`HzFQQXZ7$d7;Y<%h^x~Xy#ox4VFUv
z_dFSnTsrh{qO8b@vOF&;8^xSK=rMc*;0o??o|FeV4|5sFurvArmKWD-MN-N`2dZIf
zKehl;t$V<^(kdw>iqYk--YepC)Cd6Sp`i02T|tIaO2t`?;IJ15uB-PpR9EkvK0FYi
zA9e{)^eU&=6d_UtOCjPOETHH?z8eo{m;$NE&lLxItsTYl2
z+eob)SO|*Mc6{SdldG-Us=8lKk4Hv`b?iy_!WCojN!8_GmJo|S?5ZAy>Jyjgv89cEUKnZL^@os<}V=}mrs{4_U6X~gQ69^{+K_b#DW#m?o$^;*6P=JIIy
zs&NIB{Lb~@*YZ`f-tG&^K1RiPxHLRv2K`<(7#nbkq=Oe%4)eu^G~dPK)K*jZUL^#g
z*s;8DC(fi`Gu^2cRFCpI*G#cryb}#D;_F#nIa0n0hLj+$QwJ8+s)0tH6dKP%lyy>%
zsRN%f{s$IMz^B!L-80ozo#GF>zNf2X;O`8c=Z0-}3UBj6mbR>};iuc4zkA<`QE#qa
zGODC+&FJ=Bp!BNIz34;C-h-|VTvl-+Z)*AVr28zI%{;5GSeg#5^t#IxX{gNWT+>F)(arvQ8PU9KqPP6)v2C3%TqU^`NXJCuS&uL^(>rWTz;VO^MEbI*oNCpK{Oq|jFZ
zz;f0+GrYM(deJ5Fq%RFCi&q}%VtejoX48NWW5wa#PL^f-h!sL<}WvaITwSO>tir0b28}k&qLpt8a@^;l{(gK6F8~zv85whBQs)owC8XWSN8xs<45V`4eUG3C^JOE`dml}rk+iT9Kc)PM}m__jQA(ae)3g@lE2Acd(Tnn**
zt87SfM|6t;c}7wkh;J0WK@`W}8v?xWPl&v54-vdbmy(tvUk=x*56hX)!m#SdkKB3G
zay_kF2fAs;Msn#uERbAm7YJs~h~^CFHsc9=^in#I;wXxP$d9392qo?%>dl-1xZtw$
ziPu!Ed$9nteNl8@9`H(h9@Lw8-~~2#>=9vsXG7;YN2mw+uKduI&A)P#xb}RWC*FZH
zv(Dt1N93T*&9>uEVfyw1T)G7HvC>UIHjB@Je3SXwGG^Y^9$pj&+`i`
zKgaP)8Gb3h7j|FDLYcuAmP($pyNtbzua~lQ;p(MOFdr{Kk>}tp125y>1$ZC>!+ZYvyq@jc}PbEP)9jfOI<5UxiT~5(&;1~
zT$s%q_jQae7{>PDfdMj`!+P!ehb-
zy{S5a6E~tdre97o1*g^+Pkx3Tr&fNUZ*$b{tNh$KsZfn*uT}n?YpHmQnPI@RuXFvX
z(7k?>J4aPbnX^lIQfRSoS`uDHekjzN0ubtjdt9U1(Z?Y2Am3WSq?QhouE&ne&kLRN
zW7kofThL}P`sub(Ahx8eTlJ>Uv3lWjt=rKgmpI+))_k5g7w26s50H1R86|(LAcgXV
z6xFWnegnUAEf+#(EKm$81PBuYXo6+1XIF%AdbPSN?awl7S*u;%69F5rcxIL@_xBe;kQoMDWw|dQF_O~dA%QvrW+;iUMJ}g-&MwG
zd>Kw6yo6TL%hADjkjsp_Vcru?f_y?z{TgS9@+No^wP8#S=Oa*!$VW1dqEKH^Nm%q}
zPSzG`E7$SuGGTZi&!=plPAFd=Udh4uGRYS)16Ia~I_M_!?i8b~DIb-_kh%~AGk5lM
zrlNDYkzv9&5?I;VYLo+%5^?%-zG{_2GSI;!CX=WGEv*+(Tb7mix|GZt4DSi-ZQ&pY
zN0RMJ?umf)8)GKaVU%UzIo=!ce$ucegZ4ts1*HJNOiq;92~dDJPQ%Uwno!tS=k9{w
z9qti;%!DuS=)jV|+vDjX`F=Q2#jpi)#r$++(W)vUpfKHEhG|AgUvM2xl3;~NO`%ji
zvyCA4ftCmi!j2T@s%o9cN2QH)s#02txJRj6W;`IfiG23AFx@Eh&PmPc*osbPR;;R%
z#@SW-QP_3UpiyQtPwn`u*zpLa)KtZG7!(FQM`gvlZP-LN&hTaknk@6OA{U2en5QfE
zj%a9kF*wBagiH{l>|uFyqm=G9p~=Ju`O|)M#Yuen5jx)yRU;uLoEfEuH@zUfhY_Y6
zvTmu+DRUdhQS)nzmJ?l(vR=CWRLIxW-E=roC3QkxU6QsgmF?Ing952piUU=|18FWNBTRfS1v9KH!^d?2cdpBOt4Bf?1R$
zFWq0#N0if<$xgw6yaW>y3NAkqlXgyFPPD7|uezuTN%=BLuQ1uh5O^b9+)URR&G2|^
zL`3Ful$2tgPaE)2blqwbPgUottnj2+;C(;?*w&yad!B+
zaUxsvnC+UJnUiEpdrNF+WE7n{E@9O&?zFnlZ=&=wUSv1D7!Ht8Yy|2-F+WQkd_aTkxBEVRJFa`gVxCgB^iVM
z58PdY#6N+v9xRTM$)e(x#SU<9DYn0TxaVsg3kSDqegfM9-z}2s;dJZO$?pHObSEcx
z2{lT$SY>_}Ih7-y7jYvGb$A)Z1Cphf6WL&@yq$UQ3XK+#QD`;@J`2goQu#szr*9O_
zA%t&o4<2K7$P%)nYXe~wmJ)-y9=X```_iV>7JF^ueC0&GZOlxFZ*+WE>2l
z9`2ASY!!}FB66s=m#flVu5>SZBt?E?AA%20ANa=ffigRkcn>9$lx}S-MUKp#zsajY
zlUKeb#j=o3>?zA_ixQ(*$rG(AxJ{gsY*U0mH@9Nen6zc8akEy7Xo|SD#b%*JQ_Zv}
zn7Tfjrc&yy6p>UOw(v=Mr>jtE<9B<&yc^PqeiImkuV*Q-d*973XP~^urb(cm-56SU4?n*$2?th1Bn2N)+-avHV1p1Y9EnFN&29fIM(N$h;V$7F4JjFP(?p`L;X5ovISGtr`Z;`u
z=LVQOIbvI?9o2@aFLgD%M{;?P7TX2LVPb^u31`df^&-&7;^8pr#xUiBtH$SA@$qOp
zoqTpOlKd(T?TCkwJD(xmhle&R&`h-+WND+`c1!8g_%Z3Aog#rI7B2vPe?A`yKM;6O
z%=c=V^W@E?X01Rm#^*<$DJ!6k(U1trRg}gkn)k@q273Ue{DcNk4oF4$36ZwM00nAH
zn#O1z=1#PRsje$-NXru-G@#*;)oued+L5h}@`YN1ct~7M+BzS>7S}DoKMtmNSbQxa
zZ1*Q}e#&8krpQ{!a!Hq1LU2E{Cyn$ubvYLq&KaVPAo5wftv4nV++@#G*V4XGj(RAu9;UkeH)bXTV1^yyxa^{sZyJg
zrPD0I<0@uXAELbwLFv_l)q3!xR;!t-XH95$$xzF@syqY#gxL^Wsh0eh@*wK&G4!+^
ztobqYnYPnpI{6a&sbm1o#W6UHO5zx_uOUWW=O-WoKw-Hn
zFenpbzjO<}mb6L$7h_v;jhtYT7SBVOE;Xy)9%%%tN?{P^gf}lbX}7VK;B}&dcGY*>
zGA#!BE{)Z}1n)#BF*rb?&;iQM3<~1=m^TKopiQ(waqxC85ZRqYfe{N7VW*GsL{Vs9
zok$4^CFJATFmi64^LGw2ek3M83O;cU5iikOY$1gkygjURCjpkooQXidDtVf{9ed-u
ztZ%mi+~%I{l087-HB31LXzPsT4|K^
zJx}pq80P97^QbbN2eK9v9nHE#OruosUVbO;^6nO~OWAV#n9{PVusk`~anZ)jTn|*4
z&%9S=%=9Kg>%KN;E18E?P6fnET@O$UEP9kOD$>WV8HOYy%43yt)6eS7B3efQ-rje`
z?gPYCin2KiC&k{lS!R(1wM2JnaYJO(FIUW{QMJHRI5~6l_fEB5tVkAG*3$?k>*
zC}UJ}N8p9u-SFmX3Nw@6&QTI}%?!#WS3;C?*R$Oe?uc{@FRGH#;?iK&k4D#Rf)#P&
z@$ZCXGdX`NyjFwCKA#G8YaL3i2k_?BN1;Vt&vX_Awr>O7bo$EwOi55$CEf5MPQ~=k
z>k32u>v+>Fy!3V0>y`EB?~naXOZ%hXYHxqh^`I^F%%W(S^nU~UT7#M@Yl
z>&3J|NmmOE=(uzrczjNwf%L*iA@4+&x5#l&1}w+VmqgC<`CC66okuRK&Xg&G+~#Zp
z2_O3vIhia^$8rKAJtrTYl)W0LL4A&xM#C^B)>de}q8-2LdAMfi33oIjg(-=5s=y^1AoPoZ2DZ
ze?DOyC}JoEke81T*s*?|ipqUB>Zw}FRu|(mfjI#w1E(k)kI~<%AfFe{VT_->)wguY
zjOB*?ey*9On?F9kYXe>eA~?Xyqc&HxcpAXU+g$PJ=5ntD77Ktb5Uzd%ePTY%u66jt_
z+|zZbx^lQC=EbMVY)t9JNH@X4DDFfHrh=DbdEn~qn5bu?D@7L(_>FFQ>YA8j99SjT
z#jQ}JO~bh6WkF5^tb}yb;r7LT$
zoml&%fK4vk47yS$(+r(hCwklCM)l;5(dV9~6|08DnXSm7K2NWn+5Eg_pJ}}sA6TIA
z=nJ?cX(!P^G_q7mUa@BSC1YKk(xXAq!sM9+CT`xC&efT#vRO1TM{$CjLzTkfE3UhQ
z+$-k|(@kvT8FWDiP(x>PY~30BN9_DvFTQ+y;_`-bb9vp|XioSi&&=F0-hN^(Kg+~8
z$ogzP1bAc2RJr%xW!rfxKHp;F+U)6>C3Uq@cG{nJ93U4&ISuhMtD$YWCF%wZB^Onl
z=hkXb-vFhv+$ynY`8di%c;c(5dV}zsxH>$p8wE!vO=eQ;D1f*j4xjKtrEYV|jZhvJ
z2U$>6<_%e0)>Ld9AK#$yG9DrKF*)r@njDJ_kXfqCd<)CN%QLx|dG=cA=wl4FY$8I=6f=p2aA8j-zSK-(y3$mm)DFE!X6L-sS%x~r+m>e|8uDdL&lEeg9
zmE9S+xlG4nG@bzFfh4l{Y!Hbx_)w#+n~)WEL@;A50JEqp$K8$#Cj!{{2mlSs_+%)H
zQ57opa4iU&g~XYck-4nYl_$S_T(KXf7ff&cWMHhANTprSC;i@FR<7gP^}Vg!pttF0
zUVo}te5{gFV-zn&v8caZUl4G)gi8ax6~>SqFWyH
zTq^xN(ct>)t-X_$b2v(IHWEe6Ss?J<_VfZRcY0X$fGS!%#t-Q%9;uG!0caJQ-4HYr
z3wA@`a`d9E)$lPFeUr!B)oW`8RKqzP?@cJQ6ZV!a`f1Pb8uRE<9oO>75EsH)T*^n+
zeAR>ywqd>_cTwq5!gd{3Qj-5iLa^B+OedONUDbiIewTqzT*+3aW+@js&M#%3)RXY|
zotpsG*Ue+Ig(RGZfIO=xE^&x)tJuf5f0dDXBXY_hNiJ}lgIEeE-~EIKnPcJE)u@BJ
zJ;Q)onR;N!n@4Ff4$ng)-vPO0BqY%F@N|QG)`1m{k*q5C-rv`BOnlh%1rM(6X*yPC
z8~qrRowU=x@-&YmsCuC0%>%m!CAHep!H5$@U~K8cBt+o|{%o8O>%yTX(^T26eG&t7
zRwf(qt64p_up~N^6!x>;Ca*9(3Ro+u04TJ$j2tgoz49rm3?+oIZvrjAr!F4#0jS=Y
zwQpQb^1D8Ibrtq~d3duC;wd`At|nGn22shQ7?V)kxOEt~aVIlcp=TB@qN{P(^$t>A
z75SSNNIKpcj|Z^2Bz9&%5j#;jh8B$%Ec(g&SlBR{gkCV{#mx|fZBsD3j?n&g=~X;&
z%-n~r2>(1+fLxn(3K*|uXl@^IH4UBE-ZCwWD2j7Iy<4zO0LxmYTUClJQxboR$4L&4
z(x&fTwL4W-2Fy=@XcAso*MUy6NJlv#Jq(>wP&?#_6NWVI9!w`xEU@e$?v}()ujQm}
zWT>)Bs6J#1L46*nQBGF$cGS@EVDlrtav+ajF8yHJZ|($i10lCG2hPuA2OLfZlXyI^
zyb8XI*#H#hbP!(ovOnatRaJCGx_HAv{2{+_@QkIYoM(08JM^QCZrUvu_IFJ0@P#s8
zYZ$yHxMX~VqFJ$HzS@BFpg*E-iGfftc|$2;7@5)?kE*p
zvpNm2u3%8zt6r@RX*{Yw)fMYv(p63uQ_}>Jibkr4v>o7`n3sZsk;VRxX^ryT^3rxY
zHRlFSLpC)Sy-($O$qn!`8R7O5c9(@KM2b$M@n6-!4PcB+Jr-7NQ7Hpw_4K|=^
z1^w$YWz|SQ=SnjJz}@$f%i0AjI374#xXuD*xp^Sn^x~BKHlVn@cJu9_H3w+OX%RDn
zm7-JtT|Ldceuca>M_@~vn~;P^!KW4Mc1VdW9?>i(;Q;D_;rcVas}Vl
zOhG3*T5-4xHGz{4_rDzqZk8QP1NvpLRg!iskG8VhYb*~G60niI$(w+!h-buyh3f)f
zR+={HFgG1_so~AxCRGGFWKlM<{0ZKIz&pKx_oKKD=rb9fGERp9$-QLgAb)L4p>Y;b
zvP{5Q++}$|OT?1z5D+z;&^oLTU>$NCm+-?(o8-w8z88hS71?%&r}}7ppq`m7k6ZuU
zKHA!8AGcl~w@%)`ocz@KwY|Uf3#P8AJ4N0exxax!9Jo*RTCY#tC&#-#zR5jm{jz%s
z4?YAioc1vr_sEHt?XT9;fZ9BK7XVZ_I5%YdCNnG-B;%zH<~A;C
zypIJ{BX_Lf6a6%qp7(=U
zKkl&fho#ZxaE9ttG{b|3&$p@IAj&rrlQcND;Ui%1U1bwp=Ip5p_!#k_2k5PMGCeD=
zXp*0b*3oaDr*RiEbJc@O{XL%z7fXU%*e0a`zW^sOxlYNaP%^AQiDlyZJ%#NI6PS)s
zqz7&hdc+&}E6KR!Frgxi{^!r5FUXnOXTqf96t{
zG0h~jfN#bEBy~Zq9%ZOsaF#$*xWj0Lb!9Do8vwG89**9QE=I|0bT~#!8!SBn2Bx5$
zM*pj}>-F`sC>mDi?JlL7z-;bnYIUAHiW@<;a{1|!{)
zIwrxC%7gCc5#=<@;8lhvk{%%D4F7}3(^jE;$B1F`au#Mm^gilP2p(Fc{>n)eF}SIs
z*RHWGC3dr2_E0OxqtJyd5h@8r3Hy@T)Z&@Okq+0rFWV?K2}As#IL3`at;cght=-@}
z>v%j-fnEq5V#ErurifH-W2|vvg4p!?2=?FQ|-r^FR=m5G6WPHM^yS)
zpq(TcYm1HQlW4&RjHHd+)cFna8>y6SP9Gq&W77IoFIYSURB
zk(GEVyRNDZ_yA03D@w&a^;VY37iTX8(ih8TFPS@Mb}gk;64@EcOGO--kuq}`^K#=g
z)RHsoX0}mRO_gJ&{emQ7_dAD79?YeY2e%;*$L#DQk_We3z+0wR*?>TQ-!1HAxW7nE?LX-8fvPh-yOr{J*?*7l}@L7^69Dz@?fqNbE4
zm#D^M3E;dN!2%%0FAnxJ3B45N133I7o?trmXwoT;l6MSB(CFlCRw-|Qvp>qrzM>SZ
zt>85_-aXhJZLs+sk<pf)F6yi-TuBehgXv-1fY261XU;z;L6(neyx1J)w_*tdKv7)foE
zNYd=6yWsFfIn*WIkNj`LWed0+3_#-QUa76c26rw4`aA#`KIQ`rmp}VOU|a3&x5p=~
zlXvYmmH+U3=;$v#Tb4B4%bmxMm+@;hxM*}bz8bgxG*?!hJ$)Md2T3(6__z6dttr2Q
z=E}2Yt3mL*`MmjbW%b$9HF)&&`P0?^2v+W<`}vl_nR)7yhQE(!Tv%zbO(W9kP4|YeLhR4cCt=-v&T06qCv@8>i4No>;`#T3k
ze1h(bJ%ms)37%uTc|wjuu*NeqY@JOcNIjI+%$O{I3|q@Y7vwq!b4YqMn4(rx;-cZ&$4=jYil!pkf)%SE9kd9;v7v
zB2=ic)miLF5Z{>kgV9c~&idj*sqp{^SFQCx$_8**OaqlPO9+U+Vm4P1IC~f;z~Q>+
zTSt(te+ha+36oR4bo8o#odWP9G8TqO7@Cw~T)k6tCD9hJ8{2l$vF(m++qP}nwr!(hCmq{X$2Rw$bIyOqxc82l4^{P0V?R`_
zG1r`XejithUty~2dl`BTUN4_-yXzK=n|x65;ZVN2yVmc4!4>FFy$Z-1H~C$>US9Zu
z;k%WAv-*Mk3xkWj)xGlV;9Re{_v6z)u1>_Y_ymw$AL8C!bRNy#4LvVz<}Z6=d+1Ai
zoILQ)ZZGcgg=dSx=V~}xwz&q$1Z&UQW1IE`!zJ==@=7XugDi=da6Y>&<8c((ZY
z*LHo|o7@O-I|PLIc`ZP7_@`$EFMCf+E?XP+_&Mw<)?JXd)D~ZGvq8xm+TPw^KhGJ;
z*B*G@pRadOLF(q(+O)*a2dmctx?ZX7!ElE-+}_#T*siZ$acleWUy1yU4;HpK$&iB0
zxY=nrMSlDP4zSI?CLq{DYDYwri{CfLXLRt1QdPBH8t&RoR^wgc-r*H2>EYuG*+IHf
zcu2qreut#9gQpnD{awxG^Zi_6YOrZ(dnK4nu@<2_E^eHkx%0}$aW6JTq;c#lN)wfy
z2=)}Xrv*->qbBOdBxU_&GFOU9q2)5mEqV>U~>K~bZwXt7<0@QcYIBF
zat15szI@tOqw}_ff4@3gzxus|Y}mFz@4Qc&!t8w}GJX#zntx
zc}T^R4Y##oA4)2Kd4sw8vHnsQ;x+UVC*3%(a7u`I#HmFw_0}dcf;i71EV6c^;Qbl#
zXDL9&@N#-bwy(1RbG#*HyxD&_9Fy`~s{O_Q%=Zsn$a-w5oF8BxTMlRU?Qy-iA(PkV
zYx|Hp1ea01;d5{}{;|o~d&mq0O`-PQcVUEG=`R=M22-j)3T86Tix8*{-XTjSz`r)5iI1?b^}eXtu}vR+vw?5p~N
zG&J$vg`o892yENs$<>2TKmMJ+w`;|#>tSg8tCocr!XCr8#9<7JvEMI>US8w$c7_8u
zU#Iwm-f7QQNY4vywSq0#uT84|EQcLPKp^R9cAVviJv2ghF}vRe@9an;3|RyG-^jxZ
z@EASH((r?OUGv_f!A|`w(uS39kieRq^k-tKb7g-B!$fk7sg?wPjnfw7tlLh8sL}=v
zx1V{+ot4z=E@%B}tj(H{Zf|`|g4C{+1U6qTn$0W9;_>qrqShYX?t_@rPvlCt`A3e*
z&;~$l3VqkS`N+pvntdM>`YI1g$O$&69FUmCFWbV))O^y%j}2>Qk8HO~V_Lnq`)b5`
zIs6RXgLR;QK=cmhZWeoP<*aRKU?RQAd(gnWM5jF+=arLlSdGUL*w$P_B7umSImY{e{5HhBdv
z8gi9N>}vd;JfI?Ou|y+|-39-Ijwb9Bn-kye=u`sy>H>&lF%7;dFW9!QCt8ig
z;|=T=g3TedXz(c+ae7_ycy5g!0W*8M+hJ7L`m~Jbn2j|Cta{2AGwjHONpHI>bDkce
z_ZH-pzZ$BI_d;4e&)TI<7WY(i(G+Db$YB$#S)0N9nt&`WX?QXlVHj}Eb)wX*;4`_k
z&IGm$wspr+TE>(E|88UoaBTP^TNZI8komr8bqE|+D-(HLn*JIZ&9o(LH*iUjO|ul;hUzX
z=3(ivLH(NyP1Ma}h7v}cFDguu
zXg+Tuqnd8A?2;(5js$IAde4kg
zx=r_|pV(8`y7R}a_GEf4lq3aSwytRr`%H+zPP6_fiPr7@^9z%Gvh~2l_0WfgI1}XA
zPw5}<$mkPy3wCfW>sX)KQIC7=To<_c*9Bg3DN;hN(z(%w7~0c_x_+LMv=1Z;nMHz(
zzeH;67SMgBzfZ8kga?FC4+A!w`8o|@Qfea$Bq5nTZK%wSmq8H+J*)PcEaj@|O1cPG
zw5jKWL^UZ%M`i=g#qDmCq~RR|p^QWPy@mGxY+)wzdWX
zfo*B@#x_%5j4r^r4<;0IJSmzVe}|{sjObj;LD~QR3;oWd7PxeA-v(v3~!<#uHD;G{l3OZ(jdr@%CiUaLO~=knX$obJhNcR
zb{UbL@uR6B)mQgIpj9Bop4
zFH=%xs9(u;gYE@H^v)bygNbaFE(^g-Z+Uqx5rD)Cpf$|H3!!x{9N#j7zSu$F
z6-g?F$=*M;p^i3J4lWVq@;UoLJMo(<{o%CS1Pty_i%(3Jrmr04FCS_aj{bf+?@>O)
ze0r@?I8=W+x0j0rD8?(wbw^@uEJ)KdrlwB8aSvbM6N1NoH~Ri@_t^R=4)NBpr>f&1
z8u>+5TTAP_OV?zf+|<+EwOdR1Fb+4Ax|kmi4CZC9HWu-jmmpVG5?F5YPvB`ObdUtK
zV{dX(e&#e41+;i##~MwowT6rrFlx#m$rG5OB-U;2&u9kb|4B!Q^e}41q#zL?`Y2rw
zpiQFqnm02?z!knnzZN|tNh{-~W{r|3EAs5z2mkjT<^Qo3mF`S!G^mVco}VB+{%o34
zI7NX#o4p9FK(Vc_s~h}P{M^W>=Zh9&aVRa!Lyc*1;sSPIlN3`;2)}=6Ow+sD@OSop
zg_h8^A=$u)7-`m_IfN~&Rm=s@(DlZyfJNv^e3d#@+1-Jh(06+Zyt
z*Awf-YkP5guIVrJ0&?35RrD~fB-YHfO(Y<0LG61fqU-AjFJ!PL1~6s1v&AU=y-!-h
zNwuKB9&&6{BBokH-R@fpxp?j^rGf?)N2J+eCdct-XqMo<1${Ful+#5gt#pX%SgrQr=Y^-`+kJsVQI>Tfqb
z6Cd)+J#t?n;k<=@VqX@4d{85ND*{ZtYj5wJd30-dwVB9937(0JXz6(0-Z=6NnIQiZ
z_J=SLHdHLR@n_L%==V0k$5&O^E0#!ymkWH@QzNcE-VzJX-?`%;bj>YPRth1Kx&p8$
zu~R4DLZE$gsOP2w_oVl!$y;D>E0!DUQe`6QAgvd{#gv4`!J+YcO>J4f@Y}S1ca;M;
zZHnvHW+$B9xDs3aMTp8M(7Y&J?%E+6RqfUw->
zv*>@~w@diaEybFBzPB&?C_blFu%`oQ&~{o)@QtVQ4sR_pdeFX@$fkQ|F|^083MYJJ
zpR{*6gKHzm(89p@gpv@*3;SDRSXld~$U-+%|7(AuP+K>5o&<4u=FHRAUc;GcKMu`b
z$>$S}miARm|E}w9$&z(>CVKag9n=071M3;Sz&*WG{{{R(?4WxfaZ02zvTO+7ean3<
zEAwBS4TJ2rII;ERAqi1w-4U4*Cs%VP&tO|#O&t;U;vlAmLjdu_M6))jkw
zRzx36FYhW^ytrw&c-_!JeAXtLy7@$w{mM_ba_g?$hUQk{Ki08}48Sl9c2ikK)8naG
zLz-gc=yC{ZBvprfGBD&<+?6X=B-h^+-A?>=+<+V`xY2oW#hJ`TouZrG9U-Y}L-CPg
zj|ZhrLe(?UZMKA|ONbGSYQNU(^zaCNoSPBBM?o#W#W7pP
ztDzue0c;7$-ZWpL9(v-M5wY)ISL23x-iTpc6-|NF3TYq^S)`xw5-dkC{~=iznhiEq
z>`h)9Tx3n@ZMie`mo+b_>W@c}TE_yZy~g@!pWfL=v*MxRS`R$a`9a*#hhocLcp|bd
zkM1t#rVoBP7x%5dJ-;^&)K4iong;Ekuwl$%4s$?qNc#slvKK}3r+I$}&DO$^lqM#&
z5g|=cAi=+#$s>0ziq92wft38w7so(xIS>QT{?|uwsi~C39bNC7%c{2cwl}P8
z^NqIVF%?113RXEp>PLlO9hf*b7~_``1j5(18)zj5h}Vr({|r~)3m4LQ=sBXXpZ8`d
zH@+1vd30+b_J&UDR+G|HB!Nj$6y}>)8}1Ny<+mkJ+BIB6W#F9uxQR+h)(_ki9rv1^
zOMiP{AJKG=D$i6K
z9d*RY`m-==l3#nM?q$%K+VG#w-w6HiR5hn~Or4KHK$FLktAXatj+|-rwq1{$^~QTi
z=FM~)^maFSEplnG+iY`*nY@v7sCt2l9CpVw-sQ`Rs(yh`4$Tm7B9zO+TUtG2xDO$$R%a>M9W)@M-U3UW&pnH2OpfY)PY50|C>C9AoYz$fL?
z5_BWTUO5Fj(*+eld^fZ4T`81)b9mg^hp;<5^J=KS0k#Z5P9w<)7x~rued`&VL;fh?
zaC&LqzRYL$wZ*;S7jzpYGNb9b&!0_X#ZEX|iNM3E4+tY^aCE^0y%TUMPCV-W+9Ics
zPNKU6eeUYRWMJA)K7X~(6AmQTSL*L=)`$srw*6OViDAf2(3hWI-$rpMrit##8Q}y&
zx8jeLbBg=v^p8n=ki$FqYfa~(;>KAZnm6V#ctSPRI`Zqm9t4r?VtyG%Pqnt7;&_SG
zVn=mRj!#thcL(V4W$=uPvOwY-Ec~=u<}qYX*tMZP*1=QdCee9s)Z2mW1`|7V8w7KN
z*nn9A%fjM{h<;`%tp9OyANyh}twcE*qqzm-itn-~Z4*>Wd{boO{qNAINIyz{EyGt4
zAyyCM_~&ufDOd@$L6~I#oR474nCEDK$M!3xYu=at-r)lvwzHp-yXQg7jRQL%i-u-)
zb!FnyKe*Lg_7Pyqr|G-k)3)LRQNOB|w{-&eCeE+#)8dO3pVaKTXZt;_l`J3Ew0mxn
zMDvs4!X-=cdD^{=`}vj=1{};N1qMSzT(`Nu4E(#M#YW<_spK@UnltzJiX0$JPWV%rQpml`QmIW)G>s}?yfEw7{J`n(IpA}xDMeh
z?iq*>U)d2q4Wl9fJUr*CLtJ14L1f*~E(fOa7pTPXMX@q~hbmynz&;Ew_P+MnaGVM~UXGL|KLm!AaEZvp2
z>2o1)dDny-2Lk_ko;5yhtG;z^OHlRo4f`8{%e;fdm9uNb|4>1=EN|>{doA1j*6r};
zK_0t(f)S~XPM0^gdlt7rFUI5hJ`cQMaxwDrezfNx7;Y7WpWUr5ZLSM`%4g)MkVDcy
zgx}UVp_o3mU`h(C2pE2_1fO^CaZr7%m<|oq420~#>66>1PM)mza8{|10nXjdISEbc
zA@-b@(u%i~+8D)OBvyxt#&_9U$psys67TSOe$7<~0VTDmo2{)$*43B~8r(yU4Jnz(
zI0=?%glstQmL#uX++iFc$W{|URox!kaA{sRfpbiH;P1yzI`!Y;q}vhV?n`5AZ~Ciw
zfiCrj{DK`&S@QXHygz`?-r?~3J|zM;m#Oi~?t1^3R(Y&cPyee$-;LFemiiY<{hP(!
zopRqEP_HiekN5w8fZH#Y=$1c%Xkn_985R*t|o-3l%TD32d8;yp)X
zefzzAEBbJ>=SoJ~{<1_9$UFSs`y>=!OQnRs^DMd`|F*^zs`Hx5MW~TWJ%3rO*b6Xa
zJ#K~udCei1HPDv2jHBN@tDQn)UXv0W|Bn8;_4iO-DsXy3JRq%jWZKl|(
zQ#iGCM`eVC#Vk)+AfuOaQN#5Uga9p74_`(7H-xwo$IZey%K)yykL
zH`8QE+y|X9RIl=UV47K8iABYr_`kTsYp~)ci??`>;ZQ?DMKSOB%`u3tdUhA8sRmWx
z**3H)B)x5)_ry@Yuuu@R<8j~w9=Rn2Ed=DvSyP%O$Y#{r_>aOq;I{dk;^$CR#P9y0
z{^92PZkwE9oM7%B3-h25&9JsjNqCWFg0`Wrwb4~o-04`rB8#rAZVRfS|203e%I+iU
zUHd#(!`Od69gclv~_?V!Vf`7^x#Oo|op;OFpwbmb)$Z;N)M
z<$BI=@
z%is_fBj}SBc80DzHh3aFvJIp*JVc>D4@?!JU7}-xo-gue4Tx46*W51KU7$^vMg3@A
zjahxiPnU6DKZ}xZ+z(D;Z4X|c16b2Q+PUK3TG4@m5q%T@9TIh$x51vde#jWwL~8V}SRM9J_qU!W9C$ykv}
zDnefsmU@Bz2cC{?xsING2v)L7iB|*^mGlSMXS|Wii%`BQheAm*#En^ZX6$Bf#=ta@
znSDli$F5GU$xTHU46Ply=gN=s9HFR1Ew(qF@j#da!G5m9oH%>HK1feDGO}Z2!31LO
zjESo=v|0-+kP>alx>Xahpm>ia%I8xr+*)1MU4m?`c$o}Ag`QwkE$An2QqJ)kkZ@p!
zUZ=rX2BWb8mvTyI@h3k&{mRV_;Nkxp%|D<+z{&qWhh^XS
zVhQBR=PZ(?x7+s<)OuWPot?e!!xw;#SoNnCcSN}#DU-H$8->NU?A(zvsfPE}p{+-=
za}n&#e=U3i#ngI^bxF?I&ehxWe{oVUIj-%FwqmzB`7lYY;yt{&!!2j3UuTC5j(wZU
z<+;BRsYL*0g!$i)N*ib*v%fD6wZ3kCkV2m)<3DKWbcXvkZqB3&0@Iac?1WFW(UG`|
z+4OwY;MAL+UC&S#O6cTHKIry;BNb%=-|u=h@PFYG;uN0$;ang;xQ#Cj+|CcFRXu5_
za11$dr<5q14~Zzy;(IGVxYN(!xp=(_@AG?K$&B@ua5bA*}J+v
zX)baDyoJ8~r~k)-mfBogl!Mt_WMfkG?b`Z8_(SdW#n$)Hr04&l$$!(@<86DRx7oG&
zeBH{Mu5f+pTz}<@a(%4<^QWinC8mWJ1-;@uKB*6ty%o-$FMJzQ(@(6uJaoX*2U;U=
z`ftd*P-*@U>nN-&)9MN6#Daz@lcCSD+Y+b!QZRU8;@!14O!Ei>7NM9tV-Aycg&^#f
z54y^)Q?5WU%Jq{PLihIpI4ZLrnnjsvKtfgQVg+U&V%0qsQGglpWqa}Kmr@uW4HA*d=?s##eN3}@$z
zaM!@&rZcVyl>xaX%y{~yJ*6@NT!q;xSaqIpOR#A4fD(4GH6eSXJY|+`y98bMSrj-@
zd;>ZgBK$m3Z%Ogiy?O`|*&!hN4BT;|2I__+G)!C8cKYX#UBiNy9Wex|J(_`LvZYX#kcF-;gh^5gIpd}wlMbN$`?1ua+u@DpvJcEl{|lu)tKjT
zcOSD>e+r~`d>P}_G9YvOhzjcJB=f}c7!)Mpu1MmZznQ(z
z0`(Qjk12X8ta_BCk}}my_L!(WuO5Sv@Ad0tSG-RiC)RZ18i&#;0Z1Ftr83h3|B`1;
zy96l;{9PT!B^@%Zw-V+SONT+5>boWyXngu4VQ#9mY>gv9i(j_;$b$hV^`nQ+xvt@fh!cp5E)#;C2=qOltPQXe5#sWTKPyq@#-0E+U
zizp~j>K75!gTDr2Mb1!s&Gc*b`M11n-pBLKb#>M%^J>{dGO14?3y#*Srf&h;h1YVSZU-s~v|
zFDzJbMMuzg)bB0AQxs536wTsH!MQo!*lM+Dm$a6e^2c{}>Nl!2UQVv5
zJaZwQWmC6^t(dGZH1Q}L8)TV}>`?)tOARQB4jI@QA!~=>UfM8K5gws14S@VYBaE?P
z?FmgV(0R7|)_e?o>S9iYfogPVj}IdhwhPx4t!)j)L&HB#plufv+Aq4-?ZNAt5KinE
zE7Dn77;8grYHj%USbyG()fQsbX>TfBOtG5X6joc&Tm9%LyN16LX6m@CtU0TZSwp1R
zaCK{)h2(;LM`ITku%<+2lHLh_e<4dBv?bIHV}}*EEOrd=882bG=OeE)xyJbTT>SC%
zaEYS*3g64VLFaVqIIIOV1MpY0hp;he{F`wIjP*NHK&?J&F;l^=$NFG2VXyaA-?FI`91(pJgO*0a=$^$zssjC^sDMh
zoBh+@{Dn%Bkz?-}AWs{Gm@g2yTEr<&)E?5R!C`KRGLdvM({}n7S&Da!veNRZO{vFV
zc;?EdY4;bU81z!-iZ}v_d{^NAvx5EvKM>}CWVE4S@gX{~CMN>VEe(`;S{s^$<
z>*)hrMf=16@@0POt2R-8`^(?0+$^U)wWj{qeXpCpw?6(8A^%OMRsgfEU#OUkrD%t%K8h{>9Ws6e=RbwBbDC~~D?pR&cX
z2knL+TU6i%W@W}G4q706<1t8ZgRt8LZ^$$DFG^ivVGMwvYh_$;OT4>1!Su`kk+GC0
zYoPu7M|D1;?`J749=9st!Qr0~N8(b$gYRsiZ)z!K)~Kn@-hAV@ICQfAjlTr|#d#I~
zS($uZ!RRi=(ag-pUoTSF@neQ;Pz1<^YpxKXRloJ0@sR2E+4D&Jt60W3Xq;F}Ke@2F
z>!^M|Y^2OFcQ*V;*9Q~s{^r2M$(;#0QCMGEqgT1jw2sXe
zYxw>M>0MZlcUunt@bC9+AuWp$Xy6ZE<=cUgbT{wsvH5s@{=qof61eqW+Tkc}3S5k0
zKM{m;;T%7BnExTmLssm3Dlon_(p@7P3m|Y-12UHh62~FM`(-H2uZCP6M~{b4Ece
z1#<#vrL^cuNu&K}qbU{@GCAgZG;e0#(XRZBa3Q0*X}r~)O^@F;v@E~N|1Fxam;3BQgs3ogih@&xv?k+Unfx
zsJp8x>Xc}JBz_U=h=|*wjdLk8IQ%}bhNf<(l88_7hQ2D
zI~5ul2TY4-FI8S?Y~qis9#k8aS~oWZ6ty|VabE{-K{zC<7ynI$S9ea~CG0(D|9Nb$
zEd{(8;|G8W+*=toID0gC-;@8XYm#K0s)^#n`7(sMlrs?KSp1lN@rtp^c&x=#ms0GM
z!MX}s(<$_)_Fz-KjkRl0DsV*FT+jQs=>$H0^AAHPlrB2nMjq-S2M{)Vr0RV4wJ!hL
z-~|9s@<$I)J|XX49(|1yyK9(=93L!8UqMLldKg07x^E~IP45F`qgyT7j2+5<`W%<55!GvZ=*1%Et
z@W4Yx0~FV+S&Yh#e4`<~UC{7M6}_-sE02pALo4(9OU{c$xlCj&zL)oj^GUQE0ZzSZ
zvA0;6?iwcvjwcQ;E~s=Y=-+PGKOKA1xwn7TJn>#A5x>F_RWWxK=+*}~Xh4D<$9Lvn
z6<}-$r(w1eZ8t;Jeq0y1M*(C~rOHeezOHi8^7nMPO%!c?r4(gkE&JV@>z|VzD__#3
zPM!WOZ_{15rXqVByDH?CoN8};y@Bqq1OCc0hBy%;f*-^pOrlVNA{+jI68F*WFbMH2xxlyjs9DuKJ2ZwZ#TjU48=i9{Br+=jU*(XVMb{w}NsK2ik;lov*e73dq
z+XsI>Z`aSKYs$yayTP@^_w`hP-p#eW3yS`4dFR@#p`oR_dz0I@r@Py^bI3lARV^)D
z8xod*hM`wWs|w79&Z#2gN_1E1wEy8awS3_G{C)8sHxCO$aVePvNcJ#)Z7u$*bEkLb
zs#nK|ZD9cU5>^dc7DL*b?J>A1zjX2BwBcH8kRQ$yJ7$<6PX_6Q`Qigv<-^dM#fHR!
zGnk9!hQI5dhl@!VmsQ#;Fug$1pr#(4+PEUk{#|Qob)qa(A@+L(5LJa}RrS?>)E!;2BdU#4E}K_I*maTP7`UPoA*a1>8c?D#)O2m&+RG;zTM
z*#(&8TmD=O*F`^B#_19vk@JLw~v+^%oU~sb1EHP|(PgvLr~o
zHax7V0{5a9xHk+G_O8XzyTfQ9uAm4y$da3Bu|-gso`#|1Ai5oA
z-G!pdS{^`x9mfA&HiKu3eJCa{N}O?!VPKSED78<%a~afcis(i96)Mt;kF;hOGQsAO
zL>df~CyQbOGco9(A8Y{+#++3Y3jK(oRIf1G6Eja8N?-XlZ@`l0>8J>Nr2_(6;1Znf
z2!)O73*Uj?TQ-@Mz057xovo`_Z^`ZyfW1$9Y$D|;p^}L=s6@R;W
zud9}s^EYCE{e-DoP|JR=#`Kamc9t$q^y`4dK%@A_9abR)+bPZi^!7t!S^oHUzd=tG42L(IKya|UIF{t1jWc5jUhJ#tQIJ~&o
zrn|8PE!H6~ja1Ziqb!K62JK)wvY6he9#V@?Mfky+nb*ACc3UICb-@F!(=cMg
zSB!-aR6LyAs3@wL>Qe1gVl&q3SHnHd6nShwv0v8`p0EU8?Q&K?p(j@@Tt8ectO9oH
zc_U`5hK9yAm3jghxOKuQiCJ4>41~H5Z)vEC(ahQmV>irNJw8s5A{Pm*d>e9nlFCPFeA!SlrK(3G&()z~%=6jn55{e`
z22Dk#M=Kx*?G=o3sHPcu(C}
z%Xm`|-MNyy80SVkq*bOkR&ike_OE+Vp(ar#PKlGRlD17B^3dSmblD3OjS}4qyL4FD
zEpud-h%3-Vh#ADky5A?~&weTRsVRo$5NH^)P|dtCL|2E%FyH{bHa%vANm)0;bkT4L
z|^U4j3?}@D~9Dj
zJRpof=BM(}!aJlppEM8EXKcWa+=Oc*>RG9l9nK2
zzo-=k_`OSOulJpITO+ZHRE%a;zd!g{aN4hDk-bEd5qA9=t03$Wqq4Ex>@rfQ7bd!U
zFcy&U(76pRu_da*cg7Z5y|~U!dMt74qXMuu*v4mQ0uq{aaMYn4TnE7@K8YoI2=U~SGr8u4&7OO28-VFD^!luMOOV)ktz@y)Y?99Gls!;aNTrT6{2|z%`F6qSpJDYqe~DZa
zN2MvZK6Su0@0Bx~r_C5=(JYp>B;_VWGE`A3+P>0IjwBJFFdPA8U?%_!(`h;7ReTGq
zAYyz!g;k+CADh;KQ-?Hh4_+0*oMPdET|OQmA!VwM$#ZGj-v0c2{+d3`%!ui&4ar}H
zD#?dRT82!EWRtN*V3}dqtX9r#BVrM1qj8Wl(C=(jplHC7?#OEG(g5`4A1(;PO&W{3
z1nM(R%~xy&5plgz)T}P$g`$FkaZ0EB{_8s4-2F3a=;fM
zjIx9!p{C#B174-X?I1xDYr)-?-4T1<}1r7I&biEU&6A*#_`~>_|u+kMt0JqemSs6O$%z
zQU5W*$H74&Nz(#>iR2(+mQ`M1qSM<6CJRe4C>B2WRiz5GSWP+rrr1E2KlG0Nl$
z2vtU0SBvhw9AbTuOJuh%rR@Ku1Yc>{E3(JfPYb2x;
z;%Fc#8jn0Xk-#|9>7T#ZqCKKPd~aO7RkTMIdP;kZq_%}((VSGkN%yqf)CEAi
zI0jag8dKiWT(^JxT1UP4aVF%GfMGJLocDEd8NvNr)wcf%kQ
zc_4ivh5^G3YB^$)^$^^4#Ypyz%|x&eS*q+9x6V%qP)7jFE)BsaC3nCey{}f>ya7jJ
z|LwbGOzF)d1q3z1{r$#hHch$mZf3-nq=u?+bMbjK_Wr4Ov;d*W|GkVXBFtPH4EUri
z9DF_;lR+}#;fQOqpc_G9tW(+E9r_^a)<5s|XXtJWNDy>F&?cZLwUBoR1q}?#{0IM<
zkpaUa=JVyzGAk2?k$vl`ReNXxv`G|~d%m$$l`)Rz+9lpiK*wydaaPC$KCRReZ0Jl4
zEvidvD;**Rc3+PR*j+pDa$o^4&FspViT&=&
z*vPW`?;Qw^MwI}IMDacWEQSh#(n
zUIE8e5olVSH`0c}BRxbTHl97RhmRuZMXAoLIHO^pQqD7Y0X0(RPIgTav&K%T6=u?<
z?QUzU%~clcWV+n}Nq#bAe`YPCV6gl)uXiu>cm=_UO}s5U9MtHbx6kQ0bU{tQD(+|s
z>A7i?@9AVV>xAS-skj(?5aSOrpxHg`
z@tu&dGGUdn5%$7bM<Nc=*1_x1LbSILwuU(GzgDg+`rJaoLN|;fF>Ug
zuy+bjMMEwz+M1`m^km)82kPv-1X6M{=C_Ei|gALT^2!l7*XfP=77M|v)u4Mj>j-lH@Lo{3ajsjX2p(INXS
z{nkh!f1H7)I=HsTVw~aF!qg;%qH;bJRO8OUO-YP1?IfL52s?aoi%F1&NbD)!6KnaS6W_TJCOj)fB@wacg*oshjw78BO~gv^Z_W{Bz#m&>}{e^z&H!2TC>BV9n)#dd)(BZ_}2FO2f-Vb
zD0uR~NmwN&EfRkR8DaJ0kD{-Ja?|KI=Ivdni7)bYsVUDV*0DPZo+A;YabNO{J>DxT
zBHL>Kb#E#(&ojo{$(8DZa{O`hsW@nf&=DG3IIW|<&MP)xvLV?}H4Jy9=~+EmDDGj?
zz&3CBAbms~QhpydA^gdaZPhbGrOp4KHb8&-{tx=V|Mj^bn1Jq8|}+f8S^!z7_3iWWY#1NSAm
zFcL{%m|BfTYU<7iNv(u@XNQsT$?+shN&p)kjhx|n_%$jFZ-g|lmwVka<(E-P#q-}9
zX6_`(t|KdOSnmCjZLwUwWmsQH7hPA8?!c%a7pJs#k;
z1;QrXAUbyJdq=VlRD?l6QSu%rncVwyI;P)>6bhekDyI=`E(_LJQk_o9h7yF)IGhrQ
z!w)D+XAb_tGKsj+7Zl*{q9;KrY)J9}hfsoe#;^HwzE(zz9~+Ed@SqlC9TCNQJ^|kf
zG2>B?$p@eF((|t}8}UgJ!iS5<5nuV*brOqV4z&oBVo<+nh
z0(k~oM7Eg7D66vYSOpx*44L=3PNXjv&5j)T_+2U4M7z`!
zA;dNMJe~jSYT2D?1|4I_zfwxK2>3EIP4z|6H%&^_SPZK{53fn!@7;sZ+(pSN%Fw_+
z(<@)g|B;H2E*djVp%(qcwhH8|LXV;?hg(%q3c88CE45kdi8{cJU~WK??u-zuRAYxo&a(jurjBg=AyA%l_IQI})R=D#Fb(&b^g-13;6n_ElaoK$O>!i=9+GAyQ9r`~fsrh+1ZP@8*PkMeDyc@cyC?=>1c
zQOsDqkc!duEWvtEP!wVU>8_aZ41#sWj>}}AxJ016TCT*LT{Xcc=S!L|84XQN%(=Vh
z@>&>Q%vOcux~}cCYym`)Rs?1B0%4yN(q#f?b^CWBM3Kait{V$`p
zvt#TRNezA3^LU7d%hT9}EDh3=c9MjOj50Q45=63K@XDNy8&ae&_AR|5a2UMNkDr;H
z^yYWk4$6i|Z3+})Jg^FTGS~P|Z;2D&L@9IkdLu%G5^mO}K$?KasnPr?n3v2BLvr<6
z5&BOSo2Vw@WY~qcqUwQs>3KE=m$l|DrVEyP1M9o#L2UjYk0q(`Kf#n(xrcFQU%o?fHqDzg51GCAr*U!}
zJiSjSqVTmmxNfeZk8ex+8gt5dfIGMzK~7Y+m-GC9TY+O#Uy|x(;dNEPE$@5)FPNGu&wZ2Tnk-zgr=m
z|I4~}-&?Em{kS_Kt!z6P!Xn4r_GzQZ;Lz3y4}lfsyGBYoA0@+xnjLnazrrJ{m*I3W
z;WjboOl@W5B#z}d5Y6+@YIoG>O~wY;C6abf;Jda5s)_UAbfKTxeO$)e1A2vD#)jKA
z8*3}Pdy3qEyS!p3R;lkA&)KYj{wO8Xgq@!y8AvlkBbV{A1DE^C0uI;=12>9h87e_|
zd~FV7Jv>f^8
zjc#-nhcxPC*?_a0QQ_moNK8etVmWGJs{=17NS2VX`LlS;8O%lAmk}Qs5hH
zM;%BEl2K&uB=9;0(vZ1P(j6b&mGNQ(eGH^NAZ+*I<$un?!37{$8Y>R;+S2y)5UvrN
z%b3*ur3fUo>_(gv>(W1SxhNK}(Rod*n+p32<@8>iXktbVZD6VD%^c)9^n^Jl_ihRs
zTYdSipTIr>|I%W92h&AAL(s+GEq4wI^f@741wK-&rG^Qa#fz;9k6yxW{{~b)>W70L
z0JDfmVoCoKU3G(3(P-%nXw1ZnNZj#FVy6=ii1hv$W$AJs`7h(Gm4a$?(g=>jt073-
zjI6`aIoa&UqY0h!Bl5>a`}x_GX9S%0|WpKnVWiCGf0Q7B@qfslGR;{A)GG+SAu4fdN5``
z47NK(w3~vC$4ZXX_7bXQK-{JeKAsU*Rb_R>^$eWk=(zRLN;Mn=bi&wyu*FO+v@NORp}BaYDZ<6YrvCN=0^tWPj^MpD(<0_2ug+*$0jWAc`<+
z(8uZOlu}Nme>wW`sX07HXCJ}{A&V0o8HZ|hYD4WDQH(pDvY;|2UfcG;^v>Z4b18jB
zN}A?74D>>ia+Hi&WFc#jng@V%yWOLqf{wqP=|kRuJd#ZXLrs$f%0*%jq>!f~
zdJ&N;$8p4_w#;IkCH#8SLIa3;faj`M+KF7
z(x>AQJ7w8?8+HizRF^^9(C!i64X6%psup2}$-
zV178+1g5RvM2aTWBe@=;zDI`-EU;j>cx!)a`vkM;kv-488i@+7BLtYf6CFsPweAvI
zo7YD%K8E29@GN#Z9IZcJ!NhW-?m8vD__Nb}6h5W-U-}rHH;ub@kN{?G{+H%T^Vt*o
z{?})i|K<6U`~1IO>k^tt(GJI`*yZ&@-eYJU`1TeuHXbz7Rf*-L>
zWbWer8SL_gGRQpnU>0yYTqtCO$$Tkc5O&(-wH*`_??!{(l1}+p4;CXz1i2Wf^nh$D
zM=5}q9IA}eJBTgTX0b%pQ^JI9zD`jhorzAvU?0|)LlrXflAMs>Nj{;-m%YY^A-3#_
zp%qJ^oQKW@{7CQIn%RCGo@JOj0HoM0`9|WWTPUFvxiHj)mxtdzQ;!6
zGL#N*C&kdag_lw?IFu(ogrZYIv_QumE&3iDCu|YQm5fK@DbT@B$_aTFe|yT2PujxE
zeR54}T{3wUX@;UjfM7U~1ZUucEr4&)r37}|(rN4s(Y(wczorBcSbHBmeD_p@rl-eA
z+{t6~R7n}z;+0>9(@`>_L7keQTJktgMoa2|YMNOGRNL0UtOt}SN!V`zKiei)8O6lG
zw1oPsXx@dFoQ87=#~xS^l_CsnR?r_yrEe$YaAlLL0gUnl{{*M;n5CQ@t=)U7AR+T&
zLLuo*tY_OC_CVo-t^L;Kf}fe#IcaQG8`73R9Bg9EnZmbLMHJ4x-V=?=E_yg*ooU9&
zrHEII`|%*jl5zj4o^z=VhS8*-bTe%`uXN1PHjyWtq$~bMZpw8&T&CnY9IcIK256|H
z6F@vRW({%HPuMBk)-=S5S(o^HN%zZ#OrpY8v>T_3*&A|TD>Nd>7c0f96+FQKRFu*q
zpWF=nrZM8j81y@6?=wDSgwMRS&T_5LlD26A!>>C|?1fN%-p?IK2faB^09V0Y&a67d
zE|MiDw)x8Pl_Nf+wjpH=!JfB$Uf(CX>NrcM{fV<|iV=dS#Ah!H-0v^Thhyd6
z^(H>=Fa7T{q}9K)6tD?Z6R0Yx>MYC+95Hd*%&31)M-sc??ZOhWHq~@
zsDs%m%@(EC);cwLl}*y=aIE|r04*c*RRGk?$bSNMmJpt%A)
z_@)X_GdM)*jDtEVTqI&wV1a8t;iv^%A(U}O*+F|`ovL5ATA^oNm=(+-XfjEW6A$bZ
z5qu}4ViclrlOh_lO6lI3
zqPTHjK>O#`@yYJtfiiNlMc+_&MdOtt7V6~8$E7IOU(eiDa079wPsgkcZQ#?Gv2ntf
zpqL)9MRQ~daYKBZ7g%nmiizB^O%791jD$az3UU!&Yb4gRhwu!+->$^(3
zsU?cT6U%9dt)=Dl=E9;<&RLg
zBMF%6Ru?V|m21LE^Cuz@@9tz?W(I)n-^jYFO%r;AOo9@qs;iuc3EHuCw7X@LUX!EX
z)b2B&@a=P29QGtz-kx;aLb-W}nM?m}XrsDdO2^bUVvd#!JLKKk7(T7BfAxf%w<+(Q
z^idH;%zTL=s5oszheIH7i^4?#TauHmfkNAHYinn}RabdK@Q$6OokI$NXXo#I
zD+{g!{-MX|gfei@_1m1f&GO20MpDxRbx24wiY$dC5s|M~UK}cefe`1uoFJ(&=K+sL
zvYIHLlZo3U!atR4S7gVO1W+Q44T&Yr$-biKq$axou?Ud;B&AKKpClyekwHJ!65=Bu
z+ptEiJWF90Byq8aBpj_)A!j5O-x+gE0akK9!U*k28?f!wB-oF$VWXjhkdIoWrZD!}
zWf__*STgx|1l+T{&qYAw9ybVM)lRKK`9~;MIRRuJNfJ;hHyHiXzZPP&iVh^LK$D?81yer;0z&S*>N8lltrfibNmoYHU
z9KXBHh-}$*>^dA~yztV58-rS#;_k^=JGe3?*ZVYw4wW((DfX`*xF^GePQ*75R6HxM
zvlj7AT&%wvmr)&RdJ|zkdVgMN6L~^v?J0zBautUX?)aO
zLQfvbKpMQGBd4nhITTD_g~sQs(x5mMnwS^_h{7d|*8^Kzs$Ej8+e^)&6;zg+{
zw2@HO;Yl>k^kSO8GN?$%W`})=IKvIEIf`^3XAHaqiUm7P71rfw)xnkUrQK1WjT97D
zJ0+rBg0e&g@z4qt7JTA)g7|#Q`bj10!+N2fqpL^A=mEBoIDjzJqOqc;gGk3dfE=eP
z2&TeTAC)~-a~ukNd4!p&)8q{J))hsdqM*a=VYV82gldM`V<-<-h+@xxL>jgEijkcS
zBk?%mp!=~%nSvtDaE>cp%v4qpoC)MJgDcs}7@ZWNA~;26HNjBM7$-dFhF2;fGI3Xq
zmq#grLoJzm={fBtyx9Qw6>5;kIo8)6P;#Uz1z2~=4(0-T*fqJMmX<0p3akhaUWqEv
zefnN9E3ax@pcNk0E&H0-
zZjo-t=p^T>1Ckj>38h!w8RDp8BNsZ+M;1*_Q^^S!ktdXGAyRnC6cID)MuA`HFwwKVr-Fa!&;N(28ubG9r=
zVmo-`FeROrI!QPdl2S?wPRx{1+yhG#Zj2Zp=WWJll?Bd`Mo_jAY8WX2Aqp9iEl_knRBxRXeIQ^QTLzb-rOyXfpeqc?$
zHQyNBH>8Kia>G$&I+{|vI`?3;g$8q2s?!vtBu@B8N%=J?Gp9nXn}McFB&#AvK_NXS
zk1vXJ$}V)yqYTywFR~xCNH*${jSNqxL%GaArv;;qaDk8X(h)=+tE);_i&V_Ra>N7x
zDJI``ur&OH&kreE19Z#VpuTNE!~>K9bc11f&JrDJyjsw~8&q5Ew?{i$m>gbW@~W8Q
zOp9Daw~((ja0@RNP?AU;BD7SI@Z;eS
zl+h6LW5QZsHygaXo03h_85`Z6gDVq@n_DzgJZ&^QLtQ+}I4eqzUCu%19dwOpoa8D3
zMq4-36-J6snN?Y=5(PoSA4&&E^C=ku$?mKAL)#wb06;CyNm|iK!x8Dt1~q&#f!jTb
z1Eiy=3#n`kssj4>)S(dI)shk<>=;ua+b!LMH5s!qv{0c=AXxy(P9Q=F?aNj)d9Sb=
zn_R?Ug-l_z3PA47)C~n0X5>6~ET}`yPX;<&O#2qfWL?lpSYs6&AEKb7*gyHSYL8UC
zxzcRLbeeRI0R?>VFL%r{4V!BRgNMwRiGZh^Zv}%a5dtTQpYG*F!q-=g)GM+Do9!9X
zUyqbV%PT`gWtqcsG#`wvM2IIr$IaQo*&{)co9KvXv0;d2sn`jT{1xac3A$bDak}ef78Wl@p~n_^K}$_2P>{)ytOFe3z3m`hjOn3?l6c{1fDk5ix7z1931z;I$_#EFtA
zDDx{vkfFv?AvbrG9#d;|=ToF}UZOM3I~QO`vQW?^rFXAuw|7`T6-NRTGPHo@l+Idg
z2}!PJa#H^I?govMz>+eqzKUTm!U@Tog`;I-7HZLW$q#0FWDbO2k7GJ4obh!Ks0Jak
zKNpS6M1fn@x(>*jBg|(7<2w9_NDgiHI5k*mRtZs6!R2AwgQ|LKBV94o7uOI6o{pBN
zQ98-M?Bfw_RTWiM5}c4$5O!;9goBT9
zz41~;(={!JU`Xc@EU0SxM5eJPNTFfof=y{%(Tl^AmN6#z)CrN!&xeBo$njw6&U>#E=JRt1_v!+Bd_@f2
z<5b*N<&5)Yn-iab;GH?DVJW$;)j|+uD=H19x@ssdjHr7sq9GnHca^iAq|##mD%M0w
zR<~tN=C(}v+b{*3nA&{CHC$%r=vS1R^&sxzxeTVKHZYr8;ly(eoo3EK)@e}sHKohM
zd@T%G0_j!{UKMycB_?^AZ+CBIfJlVIJaiqFAroAjHeNAalGG}?x`MWRN$^skLsdFZ
z574*S7zxzEq{O%P=)Mc1@>A{fe)a
zM{8>(Ch@AFR=wmfBJ(R+_#`FYlC=u$A!iX#K1u&%BP#%-v^P!Nlx%@aNhGP0NW@no
zN$!ohQX4z?+cKVF`k41o+KJI)!}9Lcr@|_uPiV`YyjNMoCFbHRB2khB0ls{M)&kR$
zwojf#gM{ywLoQ~=Ax@%j_*L%2;TC@AI;6mIT)M^&UHp~yEz6gcyM*E*Ay@2nQ2BUYEZYl#1SMGO@kmx7EZy@&?l6t6NT5OS6?QD6+7OfEi-2IO!sB7!
ziDaF^Z5NGa`)t}H#ByIQVkL@!4Nw|+xS5ck
zL=I(Yv(Z<=MtBG=ms(O$$p>e=rPu|CM(fJI
zb94!^QZK4BprnJVWoO+{ZUkvmVkuvo1momaBA>#FumqxOa>3UEv0(xlkX!r6;uW8h
z%Tw49+9;p53rwr8SR39%gfgVs9744hz?P?R&Udwxt-YRWV^WSA*(mIRj5pNLKsq#s
zaK=mIEv2cotz~iM9_+=GK)j+AF~STx36e#eg$upQ83CL!6J!G*&FX56{ru1&zsITk
z^BkCu1qP)48O5K>WI7*9m$PMvg{>&&Fm`NZprU2}g7ni(*b-%A4E;(j!IAA92v6_a
zJ)jp=ijt-kh~7U(w%DqbZ;&(1vRBuaDxr2ju`Kb(#X8&amCrXJM|oY8xsJlBj|M%q
z;~UYQ(`mko9?^|oQ(>p>B$I;~SqUp7VFuOAK7^VV3#tqn{XkSo9jDe3q*6)V;)NyIT&;Pp
z!zzblb&rqEi~Scz9Bb53P*NGlcrlu1(~&LF!sGEKD;=2(V*`c}Sz%^d5uANEdpunf
z7j!g8P~zeolW-r*OltRu&*y+^<1Vt|f^6Yzw6KLPA~RC)0W$8i`xuS21Buo}>x8(J
z(FT}}F#-o}Nx}E0+#X&4zaZ={rc6ev^p^zhcP~;di(w_%EHx!F2u7H_foS2sk7XV6
z$-qTfP`bxJk;)_TG6aVB(i>6wP)cC<1+<~T8u8Op6oOFlpu~#_l@=vC6M;*^?(lk>
zq!HG6*mQu#TlPd=xY8BooQO=}Pa&rkb8H|cLBrj`km`YSKx;^M1t#qAs|$&!)rx&C
z9hDql8>4hM=W>*4p$MzJ(B}1UIG$!)Y}p9tBBNj+@`JcsIeznIi3v4e2?z_4ZPk*z
zTJMYR9x6{>Pr%3?3SW>X5|%(T)~Bd530(v-IM2N%;JC>!m(!^E-qB*}<2{VTp>ISh
zDaQ%0)sf32psaxBXRyto!&gWMR}nk0HF9SFG}Cu#)JTb|F
zYRrum=jj!zPjI~nAo69#oG~m&7bP+!IaKI9b;SU38((g(6=Z<1ID!x;1sMaJS%t#K
zqM~qzFGiZ%k3s{`cfqNA%q4><%bW3ZP{ewqqN;si=)Lz5e;X7a78Z(jtQFS<*Mqeo
zHJ)?mOT$8E?+0$L!pune4om5
z*R2EG+qG+s!n(+O~Ss!Nn1CaduN^d^1YpB}x+Uk0$(bmg%VB`vH781V|~Uf=@KAV}=ylJ1zp
zQoW2rq1C+uHK2y$ExbmKh`VVlo91+Mk_G&1vI!;Lz@qZ@P@bKiNiz5~p%THtOne}+
ztP`Tsbt)@GWaL*$KqJmL(-%Q5wDeLWFO=#(Q?cVvdkNY)XPA?4L0do|oCPm;a9dA@
z5G`yVVMa)*ycB533(2jLlH*olSPfT51c;wi8j^r_cG(D;gO@YWpMl^pj7*RisREr1
ztw2tTTO1wXg&Zt#l@2z>tknXcV!E3Y8c2Mlakg}~JCXH-xj_u+d|yZPGl+M2V+;mks3rw#Wy
z>PS=oEvLlc4lvI<)kqe`&(-7yH|&>KrDGKNT73D0x?#1**70=*kB)v{@b)S?b{)OR
zuCnuj?r)A(Sd7&W!7VybsiL436Eq7LKnP%c(mr7=b3MQPIbSQ0xd4z_#Ys8wS3q#d
zg%nM6hpUeDKX@z6G$+eWj#IKw5T@~1VPTMSiNv!j&N1bx2fBqOXe8uN_-x^ovXIfx
zm+~fLmK;5taWauqNwncfE3JSY8EMba0Lwy`I*M7K)nU>((+dY3@kxwaHJ2R?$ezUR
zv**ryo?c>$GxWr%eVGU~GPLc_D@$VYVKW$Y5wEZJma?inRh
zvZ-Zb4#K67I*vi}3lwRW0}ni;T*QSDSK8lir%o!`@N
z$<1t{QqWKmdW08t;37y|fzEPP^Qu^mCcAm)9;2e}E>%ZKm1tTlR#z-!T?PI`41UB-
zC9-k_)^iH1V}-l|qJe!}vd4pAz;SEv&W?to(G193_kuA?<{KFo
zgNHRtF%<;$bHvi^9e01|{_;AK+NolDvBqSJg~L}AV@+`9jAa6^hWl4sl~)~uRTcR{
zxq<_facI;8s-h%oMZj8%^C
z8kcv9&u80oc7IC}1FmvGO^^`R%*Xs{@vEqyDywdFztNW9
zu72ar6Uxw7y%ENAGI|CjIH9+GfOT+XKCa60FmK14BAcuG8&UWE(z%1r{N>3VT%IA}
z)4+kDdrp#K&3l|uh#l}%K6FfkcHSFjF*by`CbMPMRtTmM%YmKc?^3yOB*L=8cGKIe
z#A``b%2d(l1T>C`+xK?a+xS}%a}~}mY)-CZ$p}0HO%s9mYr6}qvJ?}J*cuU{&f<9o
zI=BRh+plJ@)r2_vHbqW6Ba5H&4Ft={!KNhkt3_DxjEI~Hr7lwF7E?`YqmQ^=L>WY8)jNyP
z4$DHof-PO_yR2q
zE-zXx3(UomOw!C3Db~VOllXcZY|AK2bsEQxRzTb~0Gj9_Kj*~2z)#9`XKOEJ4nh#2
ziHONF3me`aMDMTxMh9Up{YGX6D|m!pwvkI&=W6trwj-CPFt_@?NOolRJ7?FBQ3r!>
zqLxJNU=j{nJe)r%8KGGnUO;Dsp_)k^AjK$|q2?;_PNu9h-ipuFsn6*MbM!NwBVr(7
zh42;3NMt2u6A@@kf7@OB21_fU8P3R>XG>Q#a2wD+xGg5HUZ0<@qv%y^~Zpt(mdej!L
z7dgX~gjeBWq=EyF#%P_KuX;{t%_wy*fE^3pM6u2+Iu^0k7df9PXrpf_JA**L1TuzX
zJ5H>>nzHW;{jd^g!@Cah!3Gvm!NhMbkuu6~PU$I4@-M?hTMq-pi&AJuST=}#2@ztd
zjmUU}yxzH!sCXB8v#7SO$p*pHfNiW+X6z)BwRALAR(v^$$OVD%PR?|Lit6ate71rTS^x5iyWnGn~8>*OUeh7
zX}wST3y}cpDS?VRNQl?$YJ=DUrq^PKH@n0!DZrq6aK5<^g<@E^eH{oDFz7oT(h0kB
zN;mPTjkzSJ8_4TZ^2(7Hie*?9l-%edp;Tcr%!g>lXx(YZ!)&Ip4;;r!%gckJ!n%~{
zS8%eq3|iQr=KA6#s|VLioO2Ih&5wTEj!N57B=elLR{C149Gk3+WDPrlc-T
zBAkP4*kOr{u&rq>nYHYc!W>tUB?&gTV6%%}PZ}8NqhL!>hh+4ir4<&130lf&gZU%E
z$$UUp6%k~{(a?4D1B=1hH~DW}eaX5}bYc{s-Swu!5$V+o#@)amVPgn1dXbEQxt5IK
zew6GITpH{#veP5b0R}{vr31;_E{VCTmWdHrS5bQes;BA3WqXncc6GU`YJFDmqakPY
z)Fro5l#N6^y7NajPQr|fU;!e^RAx&B&0YhSc)1gb)X|*Dl5pihwh1X!?%qydPxtFH4V_3-6;Z3iNH=9{Wck8NkPRtXY9tY
zT0hB?becgjBg7+3{`Vbd5Tc%P6c~2JaZFdN0re+AbByyLd;y|w0#}o?IW*Cl%n`E~
zl3hXBjXrVNnID4;0t-ZDLvlnkM)?-;s?Ehfp>7J}JreT|7AnF)!9@Z)%qh@_gl=_L
zjR`1KUCDHE_|~2MUmS_UO@6;NP?SVeRV6gzOIs!V!f+pys3zxS!+UcBNu8-G7ob-b#d46DaKMKtP8SwMg20^6t+qSCSZ4xqTEMWH3ocDYzqW}
zNVCA&9Qe>4mt#@|xKD+LCn`Z{9CKfTzC2`{-J?0>mgq84ppEizj07p~onr}u+~4}>
zYlzr1p~3kQkFL3(yd<=u9B!Uk7>+WLtx^n4$W0xj4B#%hr`T+#61!FbG800vcxH@}
zBQ6)k%GIDd4?V!)zr)4Itfa&bdT(wuYEM#-U2qx4;TjI3>>(;+z=)3&ixya#zQ?EmtrYr;;9VU4xjUqOmfcb4Zy7sWUk;3(9
z-POtBoMBR6w<$(C6ZCi`19v7IjQpGphg0XGQN@cCqKKXNid>f1t`fl+)%xROHBT|k
z<&r8%Y0>ppNgwTO#YLp{gWwo>BvsF={413eX;3D<{4Y}s{N?6%w%KCLfou|;ku#d1
z<~FEc>@9d5maRrA;%c%8D?8jylB!x<%|$E8*IpPt?h`(ry3gC1Lx>e7uwt6fVVW^u4Didx;JAcfEe-H2pj>}2R!fla9YVDP=q!zJECIkt17<=1
zcH%HhC}gEEuh&}=eTJwx3Tzr+ss+NL!1E`~o9!TWmcA@4(%|d`?{fe~?CoGQ=(-aU
zHJp$o!&?R5B1En5C^*;U=9d?;@S#T%FU4r&;#@>e1b-~%)F;t*dx*-vclr#EECbo%
z+xGUJDJ+D<%ih~NsPMGlo+dL9)woOPAS<$5R64z!Erv&UvwqQ*B&5qh{gA|Tyv>&-
zsatDCBnni0?z;Yg6tQ9gd(Azd8%4`SYR@#CwA%OZ74Q%B3jb0qM)-GBr0LsMJJu3Z
zoruk5!hPXpaz*EKCj&Gl+(|W@;4AnA8c9ml64yxacWfJeoTF7q91xQ(2q8EgrHfZG
zDx!g+9SP*T>u+n)OiPv
z<_05JsKNYM2qyF0VDOC7paq1V^5}5%lArD?{JPczV`Ce_2R#h1=bBmQjpG>fSt@V<
z(on;xO;dxQDL^|KxC+xP=B}xOQ23YuBLvO|wY!Il)vz~6y?Fims%k`wPfAN{g5crJ
zn%T}iIrosJk--yu65KZq{0F~-$I{6=^Q}k!(N7F2jeex4HQ0kQ;LedQ1O!i$F_Zj3G
zfA{hjwr*!{@3?z%@~n%wwkMnMadI`r5K}BHloqq^i%BwjyE(tOniUH;0{IwA41u^U
z&7#&JMa-(91zl2bHAo$=3yZ|!i#;J4j8tqw!Tl@PkyVpIu4J7*2#zqv!|GGbT5?86D^De%>`S4Nv
zU~6mZ-qz!L_wUDBTTiwgKKbSwxFW}K_x&{f*Jxt{`e91{?qzpp5B@pbKRxI^t1XHV
zOHqvP?(sv>cNq48K>}FUY>?iLFF*ybHO`7^kuyA6{3bqWq*7n=I>tYJesHw=s}g;J*0_`AS_24yCxl5clVx!4G4O{pX_a
z61ucgZdCL^bi4iR1pmPYiP>p!&YI`>Rs|K{9A0$l|KLaORY%2}#Tg^J6(HKWd3YS!
zor!~>El;B6MH<_F``NDk>UW<5PiJ9Sfiix*T&VPX<%Taj_{hbq$`=4oXBtSVp=nZFb%ur0fCot
zs8Xe`Dai+uvs1*{N1T=CF#yjp)DJ~7_W=-P&YGz-+WF%d@JUEcP
ziVIqW7y4`bX4<&O&cY7Q>sIcWYFtf=jY1wSk%bVUIs80JrnSpH94(3qn0&(IDM|36
zot%mQThk6?STbPWes+*wZXA#;+XTw)P*he;J5!`+Pk(J(h6}Vl-hM_#$PRf_I412B
zLuZ?hVY1M0hH)Anl8qA2ZnE&aE1XM82rkG?5OtpOj}G`lXO;xjEUjrvz&c8CwdiJC
zPny4?r{#-UR!EuDFk=A?iC?KMp<5vgp>ApC>>k8vu%8f>H`lJ5E>Uj0m~dPAmzthT
z({xZbN;ay)`U;xa3$^^a#M*EPnmIES!e(x%1+gWPjzX5>pCn|tX{+I81{%8k>{w6@
zU;syC)SHt3Raj!p956PLT0ZxI+g&t3Hjeduk>RO?%|VZl+#|c*G1SdKYi)=u&^OF8u@+J%y
z28Id$O-Cbm3iUH~$-i)*sg3K1xtqL-CfT!b4aYTW=t647l@3aby>D*TsY`#=l=f+a~nlcomE9avG|1zJ(G
zlU)RaaJ?AepmE+*Gtu;NqBWfkGzot%nJ2ZEu{=Q12)`8l$Kg18>d0!*34G
z&5yRO5fURz8;43S5OSLnFDeggQxQfKBo`kSH^1AAe`d?141yu^|JHq80D@6Bgw-{c;=9?
zxJ5;X4M&uS1m;?M^i<=1W27hEh36nTf&_TZ=jfQrjn@v9-0Y+vr?U-Sl@(iNzUeIa
zu%_&MM73G#(ky!#0i=}Xy83d{D1iJ#T3Z{A;&9}Zs;K0h0K7KIdZG;LCRhtTmnhf}yq{~C4>pJEtMBaxtqhysm3
z@}HC*51&NCIzM;_HyF>M@nJIOC$n=>#NAMw2Dl@|VwK6;&ZK3yI4O-sGgSK8yh642G-~a<-fwTS18$bHPkor#T)LW(#3o9dN-a`y
z3nsNiSrNp>P%X7xH$4JYVsWOBRT@u)NqsJ~0HFmGI8;i&A`-5Xt4ZhB2=PrN
zT3AvID8xTIzmOE3(1*=FW)4
zU~UlxP|Fa83#lxDiSC^4$tf*ZfsmGJH?-bRo|t5&2v|czi->M~1msX?RjEZiaTz9I
zQn$csVm3fQ01^4nR9knh;%l}M18ULDT%=e`G9RasCyJGAflOe&SwYxx6i)^tc{|Ui
z1s0OQlx>V4!R%^$mEbA-(urRo{$JAHy-B~jBZjmSkgRx>aQI{`{CJHyQ1KErbmMvLCI@QHFrL>lH*
z5@(yq(Ml=A9+9!=s3_8crloQ?#Qy$1e@!vRh=3gv0=C=|146FT1!d~%Uu+0A+#ssk
z4-EumPB13T+6zYmc{Yvvh04q9gO2Of1ZOsVT!
z)XF6Y?}3N_Rmd?4t9C2XbYao@aw7VOPs%u%A+mxY8mb@1f%b(M2sKX1^)E}IQq>c$
znw@AJAB_A`Qjr@U#SnsQE8><}P|k3`@Nk6?Lq7W#$|eNnaL2dnIEWiU4k*$MB0`My
zDZQFdM+JEH{RY-}BzI>aY;ar{6iIG<98@s~YJ*Vj2iJ_CN68JT*KGCO(*$ISmY9vP
zFTw(l40~A$G)($(+{kPd#&gC}p};9~xf(q2Xm`a|P+$`&eLJHf7nppNDH$I^a?dzX
z9nobyvaA69&`H$=h=#^%D@CNK=FXgMfd
zFKaTZ#MoGLmCxYfC+2Pt??^H$vl)rN6sr`D4W(a__bpS=5(a}{<0${2&`-c=C+C-tJdt5%F5ycpV<2zX&w4}ddVBCUDC2hpHga!Lb2
zUv{`mhz;yl$f3WhFfcLk&M2dq;uG4jI+D_jG}6MNDZ1eFeF4@wjP{EzXZak@(8MK5A;y-?rgFedoU40(^ADT%N#K>Hu38!!8=N7f
zI_O^)=?wGUro%LYOX&Oa@%v4f=;>NWB7m>BW3LeRA*K<>lpOGDt3R3=hUN+8HE&{06(nv~$v3qoWC5ep=^`3p`S_
zzq6~#GzJvZ^gU>8K%A3Dn=o8l
z-@gX2d@JKVTbx&e*J?hLSyzou#BaQ`5XPXYr+exg!2X7JD8*RJDdUt>4?4?^=AUMd
z6c|>edd)I+LO3&SDoUS6Nm1l|j8i9Nky0th2tokVrk~6XIoVVg%&I
zWDQbun8M<9qIjmUnk8uPEpIqs7Au1)
zY6>UTi)yYmV`&@MQ9f30HD{ykM1d1`sD78q4v{3v*9w9x2_C)5V4X;cRfyz4;7)x6
zVVH^Wmg2u%!8SzT#DQoj8MG}CVg#mIl#oc4#Px~Lx<3gQqf?R;O&1OllW2kQ>Il6W
z2MdZNVr)M#*&ebBl(Z4;l*`%}y^`dl4fKEjY(SI0B~$^VR1m{KWa7Ei@^SQC+n|F>
zItXf-virm)DCZENVn`{)T-}Ur0TI(W0^iRrEoY(|(Z#`uEKdHD!bulb1>q-2B8#Lb
zaR`yl73L$=0kpM;yG#^QO4yjQ#_5Q%&2&>U5HY?l5}-S+Ff?QfAwp11M0>$nc4I^%
zkPH~qYM8s3ClR&K)SOjii(^%sUV?@=H3JF=B^}^_W3oo_9F|ZSJ54Lk9^h
zhobhmHX{EiyQRv_T6sg(B66+JrHzI*MaT=vEy6P9#xEtV(Pt|S?OBx??lFwgRJ7@LUF=e7}Wl~
zqsUFQP$-S^Yke9%3&@dwjBMpX}At$oX8
z)YHcELmQ(?1z8^H!QP95ogYqO!j=@#i5$g5FAh*DBX~CIm=fGv7PiklFCCI=qqFPI
z1=p7_w}aDMt7k;l&KV{_ydmT&$4;b=I@UvM)jepI|B}$M2*xQQU}$=J0(br<8OK?3
zTFl_qLi9>WO~k~~mMPSPiG73k=l#RIqn~4fqU36}f?Vwc5_g%wB+nhbug<7rvgQ#8
zRs+K$s?H^;we~8--&?4ZV!bp*kC~^=fmVOPv?Io>EXdZumx!-v-4e{Bn(8kMQRHe}
z@r}*p>|{JVsoHCyZch-)TENnDLj3lq_9mnJd}T4__3lE$TDR#iS&ZhcGLKjfB3CAI
z$87)=)`ZPdtnMlfn0U_}92gdz;CvI7p_9mCgSe@4(y2iR*CmjOu?%7j+FQb>%F%ZO
zLrK)Re<}68v62*_Gt`L|+YER-X23(Faoh;3KQv7Sc)(eP;-DlC6yi!2IWXv9Sqef@
zfrXgn%;l^U1{V*8a0=(({1}~Txzt$4QnxxbI1bq(L9`sVy{vqf1^s61k*XmMq64NK
zx6h0-R-Ty7SrSo^t*VZq_F&o-HRDG$iV$J2qlr&#QvxVVfP_?km1RUJlS16C6DiEu
zEImg8MhfNHT(+VOa$hQ8L@xBo^$stJOx0fk`9?$9TS6oC?2B-r@7xi8+1v(9lo6qw
z@lXs>AV27U<_t=Y>D=VoHms-2{C`WTjn+OdVvI0ACl3}*=!Cpp3kDTvUq<~xv~Pyw@T2d6ds7o{X)_d%fKcs!~^X!
zaBpoTE>83wU2R6YLWCZZO6kzn^WAy9Z?Kom(nih4GHy7Q?eM6*LL&EoSBxOZ*Pn>K
zHR~sN>%y*usK^~1IS@QSvr24r^1OaC&)25dJI!8+kFbBdrCh
z^wqhXw1-Ipfhn#=bRknpPK7iwE~h5JCmp-)y3N>Q9j4G_>5Exv7yPA`_$CPx6lnA&
z6J;oL6g#nLyzb0^EJfI#&iEbi?to-#7E8#)7u!%ucF5gIJ(Z(%A?L;DhqPw&l5PBxskML6_WGfW8s0ie
z`ZQ|W{2jNz9`I^3?QkmoLEfB8EG6yVCP#=q{g8Lsb~SIt)VA1{7Es@vOA}-=!$L&x
zU7ISqTcmbe1h@2&S$YmUOZ@4SFc~A^OV7UM932rCNP@U890DM)ljSS5DdkkI%ck%r
zH3Jt^$Qxc-*k933w9)1q?54$Jyfe)tO
zFshOm95&lMI^b5OSwDwUIH@*N@+dFj=0(Y#Aki1HlKklJ_;&Lc+JvtwrL4(tgEl$F
ztQ!faB=Uj4mdah7<@rcMpa=;GKS&d{|8$HX5dQ^ltUGZl-8|pynAYR~%A9GUZF@gG
ze$%b({VyP(r*~pRy^CA-+ncu0i=Bg$hE_vZ6xVDkY}P$K4jK_k5rDf0
zSuqK2fY=u+bDRfVZ_${=4wbtV`%sKP34-=wsEAquMQ?ehcAEj#H=$A^&eqs$Xbiq#
zG#U9O!Yn8dR_N~JT<{hiYy2;C$kwX
zHgWseVk(y}vzmFOI{_JLnI6ml=ROc$89B7a=ia7Qpw+jSMmjN`ZR`S?OSMv0-hM3F
zsx*}M!mLN`rTkt(>z22nV$GJw!-Eank=^5ahX=6-Zx4Ix6Zos|4|^jmbfT4V3zFgx
z`7j?CkysD^+drKwJE9-0dEAR%r21Tl}eeaB%c<
z=lT|pI_{A--Oehb`bJyq{%PlMr52C1#jBkkx`(GbooicstB?Hra{shjKl8scZQ<6n
zwztb`+Ymu!*-QFEE|A`0cNE_K#c0
z<^F&1AKEBA!|z{z9niQhG(&X8_I=;E5QYw&x$TxYey*R(6l)bxkO?&U`%*S7Jec7o
z-Jyd{26=_?UJ}?w$Zrv`7)JrGQTeQ7V`_j&S>kXDFX@s^iBwlp`@+k^Y8}Av>VDx9
z{Rwm1l(G$NG7Y98eh(_=BT8OY7hYj5XN6IgyTMs`FbW^x;l(=7GR`LOEzI1?;7(-i
zoBK7x^V$v7}L?m)o|*(j%%!vKb$Vg$VWLyx&i>?lM-=!4!ari|nn8
zm;?Fs@{6nwkxds9k>LPb-V3|pk&vYrID|BRIxU=K-n{_EI*e!5%V^vmef4P(&8ft
zW0S4-RqY@AR3LVGK$Vh1ha9S(s)
z(ba{La#To%>P^Y6(I@#^Gsv(rk;L+u1h$eN4P(sF4#CS#
zZd@jDl6IP`ue8zDUMA!4=lV`jGNW1ZgiwVlAB4kBTcFW3j0HhqlqMdU))o=ueT1sF
z>k4%cI<&9dBohF(8+>eeA;nDFbvUg!g&5^JoPNZ+$Z>2`fp3-#D2xZ|(Hl<;2X{$A
zvngK0^_SUxWDTQUZ7Q2wssLMZwH#9IJ@m>*bvLF;QaBe=()nn|gbaCz4-7*yJ~aoX&(7R|_QV#k5fyCo+?@fyr~f=@T62$?_K0JWPX
zju4+25wZexdAd7;NEC-Ab}ykFA}YK1=%ICG4IS4L|8-RIU&A84qsk9rtCmg$cUfFc
z-UW#l6crs?ND;UORu>x2HBmLCauLXcguYbZC^wHhzA);VaI|fW6&WKcx7^P_z#x@z
zH}PL;pQsoi)e7f)Noh|dqoM}4&2^P&7dVBIdZ+ZYhTs4v92s|W?<|;OAV|4Hd>KbZuOSipC_eA(!C3oeQ0#T~)zi
z0hBSx;h@ZtOZ)On>Nr9Fc$uO63p=uymM@_)h@-Lhb72?q-Os$s)f*5?Y$H=fB-*E2
zNE|1u(lBBhOM%x}N2K6oOo$#Q>QhdHMSS!?MWM1qaw>5uAEcF4Oz~3Ujch~(jmdC1
z=hvh+GaaUsRxK(OE-EfF(h~`&6fm!Yio~$Sp~n7|NZ!~X?j9S@II4%sq`M+qfB6gM
zCZ&Trcc|A6<;aU}#TS4Sq*jI?x(P0!Ps$C~ew$lfW^j6~a&)KA+vHLzdoCtipiC<9
z(JA>^dG$m~=&<#GlIn8AJmCCXSAtNj!+|8H(KcMoBD|i4*vWubK6#g9BdG)Ef&wY0
zON)SAQmqfqi#XE*9uUzEVX|RnJ$Z&O+96$D>wowYxGWUJWm|;*TxyO}F$diX3#6hl6NOb?Chhj$@=BqjVI6
z-%On05c{j_mX8DQc?z!3mkUnCii@n&l|X}pJh0WW^_N6XbzE!czc$FPy2CImu3-~v78WxB({bcHtp(L7d#`AxZTc;(a
z|Hb*}svS!f%FfB|{=P;}RU)xJ46?aGzYXc94!xwBH16qGbHlNmph*PpaKbEdZZ-{^
zVO+Z=8W*|mT>Kp_xNc5{ia~^7S`sV#HY0=pKLB-E`T^ngV-C##Wd@Dz#hCJ>V9cGf
z%tx(OP7gZYBdJr|zrerT$s;CPzma@>v
z?;XjMqx!_Y0ik+H31%1EgG(tahH^Wy!oa$g~`!YzbsyRtyoYN!k%vh=#aV|f_xAdJi6j)mc8^Ag+>9l(UY4+D@A`!`8
zk&(eDY6(r(w6?)JOosLO0%!@&RXW&kLaOwPcr9lmcpoA(x!^BKboIT(8C||Hhf;SW
zR2+MzI4AVI&5Nk)g{5=_rAGGoV@t$#9f0y0IKZLePl3eVeR&iHQO;H+6t|
z=6#Uu@Y1!WbRfMu@5DQoOqyG=WJruu80-eE!l5&eMc!_0e2j-)7E!P=rg?TgPu}Hk
zRqph4bR%A7LlMDFG`~dBOC*{K21mev^CBG$h4*Dx+btWX{vpb0;Q+yfRBrac6tl|3
zxC~0~x@*vzvSPSlsIC#-O?0PI8J3`m8#-tw
z=g$t0PPN>sIO~mual6=a5T=-Fz_V*Y4aR3s$ee?cIhJ}U
zkN7K(3$qzjpYf0}f`mk8no(^yncbj*k&wpam^;x0yT{CcJ+KtsJapO!p#{@>vI1iz
z$7dt;Pq;M0%QO;$n`SNe%mz^QFjk&JxsVEZ(|C;e>}{cCLN8GZLUT?^4qr8wg80Wx
zHYi62A7TF6ic
zoEaucM~pp%j794!NGZk5Qt7|wHOm_)-|)mNx`{$YIQ7Tpf?I@>C((BctfV%|7@1DR
zU)s8W8OVw$i?frBs3@!8Buw6|
zAG?3zqvX_UoS(O7^#jiW8q6XZXDUfij$_+1;tk&awMZ8np8-rh>%T<`04a>-PTzGZ
zWaMo))Un9|aqbV50og!EonZn{{jfXUMCeo=JLIv5Mq{*ZG6yeS`ALC4Tx#0A`0|>s)91u&`;)zm2E7`t-
ze8)&s7EkN~w!_roa$7tn@~h=8K*~uQ4CtCemj~BZ@W=BkjWFDhaED1x5~5<5s=^i3
zaZHXB7j)PwgNbPR1Oh~dm_2FwPJH@3k;j!?z>Zj9SPvLco)4b3|27Y8%PJ9}v1o;6
z7S>?UzqBFn7|zbCEGt2Ev!HMl)IGFRy$d+DmShs75@kU9dl4;>anI5UR123_qbGE>*-=QBgh%V7(;G8L~bD|y@_ab
zE_XO`hNcmvr#YkY5`>0HUG(q@g
zHt#P4RT0nL2JGwxe4NkqUN0(le#BFlAl9m8w@&9Cfl%oHnFKIT=QM^Z?VNHKm`6sn
z>KU>JGH;TlUF_!WTW>mfJ3+4IE$Pgz*#yCA?P#<>sN1=sDPCkQT@N*F1*{DWE(B|D
z?07xCRUiK1?^SXQ!G?=LMr~%SR(MI)S%)gli01luHSw=~%Gg;g_}5SHYVEuMvDuAt8;5|m`*}48_2xK|E~c+mi$a+UWIyAsCp<=R8CPVZyIN0
zojPgL@n%^(SM`c7_#$jJ(TH#qnWT)aH<@gK?
z`43^PHred&NSgLuxSVHlov0x&mvPz*Zwis`P#P4;&Mk=dkH8QRtq1KrAhzM5mQa@6
zAe^KU|K`HbL9V1=Q$zN|36pp(H9N0j;1CI%rZVWSnjK`KsGh3HNlHRs1Ctib{RAnS
zx}%)Anh&Q)57Tf9cl--U$Y+-h`<%FI!SeS&H@we2Y`aW2lpcu%RGfvN8hqYBb1L9?
z#-D3F9P$^0z&-v%YCbjXF1iZ2`;%QvkBaXGQC22SzDVA&%$=CxJGA-8j@-LWFKimW
z`mu=#mc!^;iGanoO|Za={R3wk5#Hew%fyG~3Y64g6b&PK8JvT|HwOp!^+ZAhokZ%F
zfZzGAr`_XMMogfDiv}q|7R0VN##wSckW+4g4T#`mV7!8wSj`a)NDvNJk9HV#x_n*P
zV{IUv3eXntO(EKcTVYU-;F?|(qbnVQkC`ZQumBscT3!h?cQ+vdV=jy{sH7pg7yF@P
zMUeYUhGq}$fKl*lDq<8A$$}wx598=GLFi`P2I+{0-72QlYd)KhBi~f6EzNwJYIJbo
z2G6E+FMAN$f#R32W@QhKlSp;tOaiwRgI6ua+#t?W?so$kqTeADM0ptsn+l=PheE_Q
z;2%Rf$!E<2%Q-g21PSAg%U1dH8xR}_hz#X9E)vL#7+K+_F)+5DPcvD0#-S69)s+zv
z3@m@^=!JwnbX-QM>Cx}!3j|ZpSWT%j5{b!Z5_<&$ZJM^IkRM-VcoY_cQ7x_jvCW&Z
z2Pl3s8F|2?at4jF(nb=r*$HN+mvNa(q7xslWSEj@5Peq$X?_u=(?I+1WK{1|Pc9SK
zy=zDYjerIji4t0z(Tck+)O3ncibDd6=ql8$W_z?K;$wC0d7S|h9x=X#1WnRf`TCC7
zxmB?XCXzE##%n`QKHvLTHj8YSQ8`84g}0PZM1-iGpv)SAu5}^&3qnc@oi}wlXX%(
z$h=fMbt!;Kw^A=gNN3xzwm%%P=UDH&kpj-jRUF`=L*$d#XIEYS#sflP_&q`WDfu7
zP(0aW0l$DU3IauqoTN1CAQjbyBFcASBWR7$ftLxjDtIT^ffrM!C3#)K@Dfb}ajay1
zwZRo?N%RdZ*|>R);c9LE3^z!lJNchNC(Px=u7@
zynY`eiM>^urLQx1o)f%5jz~Y{6BrtmCBWr>MPb
z$caj44Z2)Y#ag||Za$E%tjKBASerBIthHJY`St!+<%p~DC5xpI)6iZSg*FEpr8uV=
zwN!$0L_mFbrD6|U3f4(~k@=8kKEbdFxVkBwNeCneE8>)Kf}X>oM09(pUHC85-5n(y
zJ!vQub7fgXl+CHq7dgc^xltlyM3I$nyE`1&!)hPK-6MnWgDn)3iq3=cdbFsXK{`9j
z;SMp5P}pYlyK>we8olOoII$KP?eutOx9gI6B*`OMnpWiE<~0I3j$8Y47kFUhMA(5S
z*a1`#7!8Woz<$M7l}3ov*u;d5XxtwS-3j)VXnNG`@I%N(z>pPBS16!&&JBZCUI=m(hEygRu}&A4jZEjB=gyv+ptXzZ*}1zT
z0d2)Juboc`gbPPKOG$Jw(l=2%}YYcrBsrn40B1qY^Fo-d(v>0l1&l%ri%Vxmy$%Ln39L^qtobL3}izIC3K
zRUNe;6XWN%pPisQj&bv}m%IG2_4e~YMwo=y-MEyep&*cxw2Z(#$!E!>QGpeBf0CEr
zeLCDzoSY{bW5`%4Go1B^tLffhlEkuzSc)7EI${-{Pr{d$(~PO`h$dOY8uLfhJb+@^
z_Q{FY>H#xb9!|hpA1X75OkVIzKm-9#%4Cwdbj-^1)C`#OZHwv
ziL7bYOOY^4`Cg4xgR~F42?4!~L&Z9Zwq0gd)!t3Gj1sVaRkxT`2+`*ktEYoel1n^K(~RAd->}q(nMoD5O8EsLeIjJtfW-6ZR0u
z6;!AgA?MvpJ{l$P*W9h|oFqT1z1A1h2+FNTYB4f-^)=0W*!CqH{SGkOEa_9KA>MDyip%;B8Y*@X^5uEYln3
zZO8cVr7ch*DS~-Hwp-VlKuUhmkk@9&e@evtN`vHHbX*=;N7`3@|@m40N
z5)a3xm|v_S8_R&?hF~b9)}O^2gnZoDM4bTs9#W)5siV!|1}OA9KoY?t(R*=+RHhuG
zuW_BdY$LI(a(XD>Wg{0L4N60h=rhbD;|%w?i;u!(u15vX`axX3xn2gN$t(%SNo3(@
zvjo*k3*D!#*pLTL4uW%HA1gL5A^V(BebGEJm;1Iu|5E%>yAVHzuvfXJn>bvs+L_U6
zUD*j%k)s;pacrzxO+}pwTT$F~m1G>|W>H#IA2UBleMEB}QRu8jGuO__(4f!Osl#Hk
zQ1ZgoNR@hrZXJoncPXglP4By#(x#s^;7I8#Ee^fUh(S}Dg(oKgtuRn7gnxkx0_$`3*PvfQba
zxvT9tudj8xxVT;J1KR_Kq#5bsIuqvw`19npM;6AKARf)dS(2r#TkYyt%}{B&9P8#N
zRY(Q;sRieyq(OyAQRc~2(tlxdzAyA7EZr-ncmwvJnyFOVLuXK24MhIFXL3WQ=Fq|AGTXZkcaP2YFTQFI|v*Ne_&Q_*u
zN|<&&laLTJGzKNpiuPu-4;MLN#n8QzNs0v$0|p8gcI)YCDIxqzja(K~k<22738cxf
zE@D&$jW#MSfd1dAKlHGK(h?B4)~i-TItqIr6`g^Pb=mQS)+u8m%4h+d9TNIm%pA(%
z$ORoltg?=?xi3Owc58q~tzc|St~@a)>SRYMj)%AngfbD7i_WCHvKBCOHNPk398mtW
zOFEvr1bq^?&`???`A&q6Ou}$%Sc^)9JC-wVKYOV~$zN$8kAqj{TBr4>P?ex`x3(@4
zMnd<(k{yGlz*oj8wUQ<7vqv$;ok5PmCTuH}QY>TP1CdO0wy_nJ-{&gM$v&uKji6e*
zIPAPZf{Bt;Bl$^X%E-`0{s|3J-S!=-lq6Y&<*3R4U$|szpd>f-Et1b7k)&9QzwVf@
zM1ZOgqw0j(YrSVN@Lu8=16&I?fATKqBG?EN5HRQ(Ckdk_e#QzQM%!ZNC5Q};bCw7b
zr94q%=ob=!97*mPk7=VGgIZar#<+}sw&vnBVgQ8-GNocpC0j#-0#a%o8^Hb#IADt<
zP(*QN=-p=JfiPC^=DLa$#UZykjgh*%+=88%)c1>0gy^IYx%M{p>^_
zqFykV2{|D|tgpS^F8KnjyWUV_EELCGgdAT7TLAT0jyHkgJ4LC(4Nm0pHzAo~a;EFzgV$hi*zQ+o-PTC&`ZI-rMwQ={zF>pBZLc
z|7eC49mZ)0460l19d;h55oJM1b#({dxQwjE16|oYZCLZUw{J=4G-c;!g(Mt{OVmY0
z+j_3Gquneo3?_t0M3k$@bj_gLZiTtZYT@&2JP0=AaYa7
zS9BugL$|^yxt_4G+RZ|=R)8O5$NXV4`k7#BNv`veMEs~qwNkH&!pXUrdkuwiMM?Z$3v^7)K*w>|jK919
z2Jwf-tT(saG~F1>E?IId&u>55rGGQ)b2=KK0{#;mpHjx_URq31en2&oDx9RlAufi(
zP7n|&s#t29?UTU3vRAF4T!Twh<}{*GkH;vC$RH+zkIiVJbJc(yXDxYHXIo@h19^VI&FnH5ayz&dOLLIJ!g4K
z%=;#$Tm!SI=r=~fW1xwo@M>ZO=LSe%EZq{m5Of;&PvG?6#Mq2-A)Xf>{$^ydce2Ht
z%gw?|h|xtgY++@cVsIKHBV1lwIng3f{}Ec1#wiu)WGgv~_nHuaH7-EV>n|8e>pcIB2-{goy4*{Oayqon8&x>7;dYJis7yV29CxM6^pa^C_Gs}&y)=!
zi4JTCK;}B-x~9fOqUXuMERfjBUPy{=tnt4Q%xXf~6O)yzb1)C_%Of=wt8eOO+yJR1
zwS+^zl;ND$wN6t;-zDy3iveJ888wx{3yx&m11gBjT^?24He=+ZBIM@Qzwu!-h!s
zQswM(#CTyW(S`EuLh7>v^X+&Rb${~@o8RIW_c#Bz`3KDB9K>eI&`>X|2p@e+3rAN6
zpJCI{A2p<9~b7H1?a*Iz-MT5v-bhm8utgkYEmIH?6hfp9!?
zt;yLKHHHC8s6@cH+g{7Yy%^+?88B{BxDY?5s+PdZ9GauR0L2e=9=I$yXc=O+v>pUh%q3V9T8<<>{VhLo^LENO4I#??j%ItVPsIq$V(|oJMGtHPK2{
zQEi`N2Rhbwn@l1NmsX2GrO1uJCRi3&Bf&6{0}$rG16f!>>ZT(DIuPA`hLg=ww$hSQ
zc4<%%-Sa_E2$^L&QE2W-Lcxb8?J8#Qhdu7cSf;eN&A{hzy5g_FH@4sR@>D~7|A_?B_`bxs)Czjq`;86m;sR1k}t
zRU#CYMQ_ykNcMj2mA~!`xK~x$w(!er3@70U%g8yF?~~g@7Te-W1uO~F`w3DLI!@&Sl
z>H&IlQ7e&%#VZ%3d}+YL<)cpcC4-UccTxBqBa+KUCDDV~$b@gr*iX^cuEO%7{*;p-
z=0=Mcr@R{M35uu1&Z_fu7DBYu_T$aCb2OZNMFQlTk
z-%@lhQSpyjGJ$hngNaNCe;2iI%Vk~reUahVi`&o4!@K;>WYSMp34k_1YSF&m@ZM)J|x9M5eEMK}=?D-)ywb}^)t?)z0UiK6BG^kpJR
zS&d*P#8~J!%k462L0zKW7~&+$+qhBc4WIzvddV$K=R7nVvB2_iZX?0f6N4gCcSMzG
zBu9?ph(oYagH~j)MfJ|5lpAHla81v1bRldIh+>M>=mk!dtm+<@n@a1jeK1fyeus-S
zw3hb!o`(6Ry8R3Z^fljp2TYPez4uq4-ZQ5aIF~lXLfTkRQJqE0FMRH-SFQv)hx3lm
zD`B+DHgjT{IO6eYzz1o(rtBXBYdK?#yG!JjH)-}u)7ACjHK7xYIrCgD0hMoxwAaGa
zD6YB7d0=ZlI;9&|fg`u1DjD>0me1$;cw;fWgd<&8U}5xA6*eB5?J&->l%ExS0q_P<
zqhKJ!8RpuRN|A-Q?i3B22~K!rB?lQv6)ECeDehH77^QrgNDzq$QgZ4{A@Hj=q69+ib)pNJ%@Y
zJ&+GL?pp-GVna~d^1))H<kNnfSG-5bQfp0Aj5VX1W1P;KHk(A>
z?Y%gB1{Cr3yL9;LLCyHar2@(Qts(on^KCt!UJ4GFr+NAH{o)77_efoE)2)?gAF
zvC<)&4FMGKP_GQHLQEZ6B+le=W^5}z<(gt<@EfCJ~cTy0-rS#!&+m=^AtDZf#
zHsG7YUEOMAju^l-g)JiWDuC;+z5UO&C;0CzEfT1rg+*g7i)J8cs8$Qj8%)%QmO{imu
zvJlI&woz;NK#3NEnw8^sf!WBh2z#vja%L2&;SG%@>^IUt4(r+pSkj%MWZvZB38|Q=
zjF>8P;@5{VEQ(-61GrBvIym{R=%F5m>nFrUIH|&sC3ZT^2ryMgnnnv+|7f6?z?h>mX;>6OXG?=v(I9+
zMY^aI@Tj-9Nm>>g+Ex(rCuus+5L6DtAG$Q#YI0u7Ck47X>F&UHID4LCcL%w1HI*E>
zY66mpjcb^TM+vPCwcOxE%r=_DOkAnIN0i;8HKtwM&2y)-q?0z;xBSb`E)HHTR%xMUI
z+sip-Q!N~3tERC8Y&VM1^_6mTB!u*4(ul3dTETW0PzdHrjt8#j9}Fd609i=fDv6(Z
zZ`f$IZ37GqFG&OG%cVndMyu}UMP3nB>5UW%1NXX?i6Q6%kH$;zYn3~Lg-&?&Ak`!p
zir_6u9&$I84C~M0)Afdi9+PKa3&_qVgbu~+++o%7CG1p=nyz`zb?ilN#q^-#R(mr#
zGEBjOhmeZFv3l${4Y}wzEBd#ey@LOyqY*Slb&I=t;WCq#ZTcj6mz}F9MLX?tmdl~s
zyjWB+vPNC&zTnsgwwaZJfI-Y70dO5qqI)q~lPp*?9H&YOb+8-E`3
zC7LWJX`rS!<=>?zF3V+ZI?;rUW`Ngd?8b_ly)YgpFM)T^t?8wSKD*}WHZ=)!Qk2US
zFA+o%>*S6+|4rvTp-ULX)W$@Y7h4`MXD{-lX9F`ayl25i;#crnjfr>%o#hLMw8MEs
z%#=9&sKCIG!buq<`&{ICA)$o@BAm@5@}+V7yj0E3sCuGJJi`~&xK9#I{PLMpY#-Io
zPE1g6*sK!uO@qG3;JD2C7n#N)CDCG%p+ADmKf_V_K6630R4=s52kM4&!}dn|ijOxp
zj+dDm$JMQM#zy?^8dD=R|6oHSw)!|bBeq;(X0!|TPi1Aa6Z=Rb^2}^Gi?LL=evOmnD>w~O(T%m
zS=4rQHZfqD;8{y`4KgXMfu$yycAU`?FT`28K~>fqov7n+NP+xAmuJBx*>L=twrPUy
za77W>;0Pfo5B7agrw|Fzacz8NmkB)Fw2m-3Z^Xrq4O~TC%W@O^u+-#rUd-zo;0HZi
z|5A%%AHlBSw%pS!Cm>|HiCv~NEy)H7<>u9C&>AYw?d~X#bY;nQHJY%)h{x_rNIbNky7g(ZrC0Kz@
zokk|%4EW?}5G|{>;qYktuAHqq5gbZd2l$!|{{qDV%oWcD@^{gH?Yn?`${T{^;l0K;
zoJ*xm*Evd#+~<^)4{~~&?M89hRSl5bI{2bTU3-g8Rb^zAO~jumQ#PB}ENY8Uc1-GV
z%^PqhFqzd1O>90q7o3SK@+;4$#YawwA&Ut=N&LxDv3n!YK{a;Deb;ptRECNBh;G?&X7rj^Vz_>h!%xv5#QK^s>f(>QDk@(a;!xza%sz7M)9uG1d>RU^81NkwxzsN@^mvsj~5Z!!j`$QiQ3S!^h2EXvCj
z*c}KLGW0jX(8&k0pzIi~?#xACM}z_93Lv{Zr8YnN=*?;|eO%1H!vR}tBP3oAUb71N1d
zga;S@WtJ3J0la|KyaP8Bf|pDPcAQ1FVX0&s4U@KL2x8bpKFj_arQneiz#{DimTEB_
zrA}7le1mL|Zk%0h6oePz&E_)_zG*RiCOg8`^LlTLlV9_hhjJ0IcqSP{QwiH*txCb_
zluz68lhm6^t%W8Eprr~;P#u*7WuwpnM0h9)ea_{4BxJy?C#(VN--ZLEbX8t>ajD0^
zr~>;1LsYA^7rA+0O4a;1i|0VJP9zhz9d}CwJc2?GXTA>VAab{q^St`l%P|RcxB2|B
zfOjEqD<-hA8>m4dVi=AhhgLzeT>%yZkPq3)cBGP!Ie*xbm3}OAZwM$(Hv>E!2`3Xq
zM+!$a8IB~i+bs=s!AGsh3kl>tDoLFl3lRIMxo*7epA}CMDA*A%2*jdZ6%5hLxxS|^
zA(yYqfF@i}b`dDsB3ig_I}zI%C4ie^Grde9T1MrOK=9y)B87z+m`Vn&NFO>){R6?tUGxE-&fI_=4@kM1#pa=TV7-!qr0Y`Nw_`LXts~2mTc%WU(DH^
z!A1|S&m%|jfu)q1;|KeQ7Eha{P+jXR
zt!m;DP@oWWJQ+mHpBIsvy#>xJ_f}G`xj#;U!6CaoI`PZ=GNmhGqNYo=xH%{+N$jvl
zYGk^LBq}NZ8Ld`CL_S2BaR0T)Ky5;eqkJ~yrg`lZF*>B=`!5Us2-Jcap)0phtHT+W
zbY#|r??cPYr(^&faeBJiUDcDXKtWoIJu93oh`m5T;EexPBQ^SrqU1vp6qt4r(Udoa
z=&Yt3YpqR3Nqcyz_{O!h&GKsJY!!^i6ix7Iu9jQ#r1h?>^hI$-1SxM_79mkfUlqE>
z9vQwC){ktrY(ul%XX<-D?*8B2VfUBQ-u`J!wzFM?W7nwL0j&Xnfo8{tqvMFWq%#tTMunsJ0ACJCPVe_)#aep;EwM87$Z-
zeo-K=WJ4VHuWMEpzk6f9E4O>S^Mn7+M^m}B=KG3c4<9-`
z`r(IzuH8SGAK{Py!O9;MJC-CVlk`-Ono==n72Ar+F2JNluRQ7<09-($za4ge+Bxtb
zz8ELx0;=Y&l)XByC2X+UgHgZf0)_8&5BIx!8Xj0LhzE{q(b!;nFmN;s!mMM9lo{^z
zr=$D`fZHjs`Y?OX_(qYFBwfNd
z(w!^S{9YQW)wNCjG&xLMB%81+L@f3q>s6MH21uV2MN56i8~ih*Vq<*qAo7LSgVnO|
za}9S0X#|n((&16>)y^p*TUpv8BnWp5gJ4_xHkY3F#E|puL3ii4_j>2_w0nG5a~z)U
z?EYB(Ix4YRJ0#ndcx^adx*kR}tcd(tvsB^pXeUb}=8H=AwrU87Sj#OR5lgmGWD(yW
zS}o?XGg(j|3IPuD;#pW%8A;^my1A%S-CBF^v-Pw)8&PsKlr$)o}JIk>u><^n1
zR1uiFeYNvTZ};fctDQqVx#USUk$NULWJA$p^a`zpN|fm^3Idc!L}frC3mx9=y*d2x
z5bwKiC>4opNdS=~lN!0~C#l0j3zCcBk~9cT1{K{x1vJ9o%CWUWJ-8BU@m
z1Zpji%C7c`lvX#K8xFs+ulV@ztKqWnD+)Mk2*1Mbt_i=Q<{un>g{?j={EBz0G5pFd
z*gsYHm7Ul}hF=Zq!>{Pv1u34ir+l!2pqU{_tOC7Ff2glWCYFF)c9xE!7Vca!NvK39
zn%)RkIH3c!!3Rt^Fs$D}&S1M^4N!=R^xUcU6#WluP+rTe3DOJ2W>PyVNcwzKHF}G>
zZiwFEDcQg+V?M)%Q4qMbU8Q+^MIm+=DNu*^CK($X@I>E1Gi=C70nqHv}mRDxpzRVd()~7)L?NGcLwGKy)CK
z7&5)5{p2DuIUFwU{uPZJZlSlDam9A?nh+t>0BGHv+a0u;Y@m|kgmG>)J9zBfq{JBs
z?Slnfu5C)05emjn`jKYx*~#LPjxy4nXGjAaMU9ay8!kG7_yvXibR<{-4-Q#>+_9lx
zX%C5vCp@3HDrIzzs4f=B5GGyK5~70Tufj5
zVKIF)^qY_AGbghe)JLB;NA<}$Ew#yK$8Fi20YWgbDc#(Q4B&oYi=V3nJc1sQoOZ5;b;X!HbUWcQth|nsny}K
zTq3gAnRpW;;Z_5|El9_77ZB{Qfa!X7Jf&*b*e4VzBJzBZHYIA4hyG%QsCa-K3>jos
z4|e>QY2D7>(K=p)yGVdMboMEFZoqaO7X?O{gax4jkq?Fz(A*+EU8&<8nxgxW2S>nh
z9GVa@FlEgSm(p|Bs@P3O=QbZ9ZG^;wzrXO3M_B?x-f)%_S>Jp7Nl(>ogzTKdqIz^)
zIkOl0-GjaOu785Cp;C;T>fp8`t`;VXQ%x^qw>(P<+>tt9!4DOp!-}H#%P1YrJH8|s
ztP?IBe2B19=oxM5As-GE5jiL-CZR*9p6L@5yVTgxsLkc5}0$wY3`;SQZq1rJ!{Qxd?`q
z@XW-)&hep)NT6;9WzMaZ9P6(=Q)}PlL;rPr-}yZ7HO}!v5YNyBorYZiW`b#Gkwk6U*$EE9tbEMeK|W7Y;+eaz}(=e~>q
z`$`)3R;n*XsHkxX77Byc3KmGS!6dx3hih#woW!n*XgFt12Xe=R
zPK5?`MwPMn-s#>UUV9Ge0-70oEGzcBA^eT(9}>M#$;^klB=U^bx6t@S=l>Z;cjLm9v1VF9`VdNs_sZ5D)N#ol9GC-p#jlu!a_@x~(?~3Dk(3Bc+nnHUJD;&0jfx?OFu+>ly+i->v
z8<0V(!)r|pH!k{xEr99{XGnJuio;$8i&^H3)ZQ`36b6d*gs;}K?7!i85|St9nn}c^
zOQ_0Skz@5%nVXlKyeXXov9r>mqhvr1lWHV*(QI`v{sCvl@B)!R07Op%KA{vp2{yIx
zVGA1fgLL3aIZ#vKaZ!m_n3z$4qB=BLKixpLSAt@bCR7tA5lfg@+ob3evGv2c*i|gj;QwLFi8;ba+0G?pUL97iK?bQiqH(Ay{ERXZZ9O>zFI4F$rA>E}z=8MS8-JnKNSg_uTnalDo
zLA(nFJO`S11p5+4a59jq9OuL>iJL&lS%G@EdV1s%q-2rzP1eB%%);4fd;qMQH5Wy8
z(ls+QSX8(@CmaKta0wdM`>sbv!bo#;`y%jp;j;`Frrr^K5s2E3XIJVP43Q`;-&Kp$
z-Lgq)sX2<8I-&ILN0_6iU9C0h1INWh)fD3hUDLs@wZyH=}BI&&xy(ME}gbjRd4nL6>C@qaB4qRGZ^
zxfyAKxLnHqFa@zOc6AYGk%MFY9e%@rJMPKdXJ%!OCh5iqoo2>LNkw^n<)+AB-LDL8
zZa<*IgL&J1bi5M)T>MhvQ81aGZ90=|%7M1T;T$mq+e3yjnjH4tv_-3Ik8Tn6gB736
z*@EWyi3VXoTf?C$?=2lld^d3;>cYvuC6$%FB#&p|eXc%c(ZJFK(8}oa6bTVM5m+rj
zrL@DN-oL*&Io*G;zYEv)Q8`wYzxxvh?w0~(^*aps_a>uRspW3>@U(l}L`^7ez?R{S
zLGzXL^{RCA(AI31jk_`lMoCarHOSW!;xU2O=!P{_SHs84hD{ACm?owR_vB(CHEyIp
zUs+hv>kTalu2M26rr9L4cUxH+Ap$fXWJot~S!$Dx1WCFQ7;48*wp|MJp#++;WhfRm
z96g8zxG1pfNvv@Ffx>0~tp}=q!R~yRpgk7Q+;5FJRq}Yl`%68z0WcTTQ|Tvwgz!H(
zfy(LcS*8=%{BC8(fEtqoGGWG*Y4msFM=)T<8n
zj^32H@J{df(ZODcZSVAsyFYc0Pc&a9hO4E`Nz=SAXW3jrI%vX=VWM21R9_w!Y@EWv3%dCuJ0tKJ}KDF
zMBFnpju?g<2o5GWwJ_Yh
zD2Bt&uncAt!(q)Zu9K=7Pqa;GCcyuxKdoeAc&WA%G6J}`DMN}+qVM)F=4tQrS$x#{
zY5!#Z`9T-{+oKZ372u#9gF$O-H;DP3L^fF7KArKQpx@O=L
z){0m#Kn{Y!00Oz|nt{qL!`<0E-T!H&(X#D5Zm>AUt!xvtFr1Qv0Md|6SPKRUw!_&u
zKst66aQ+|$x(p(j4joAGdZ@^Yltg==+_r3*V2oK3%n-m`r~3NM^Mn1}hN*G@rR8=y
zQTCBwbT2!R=N=aZz1hO~kt}m(Jz|rQkJ9#$)@o975u0Rkieh(FM+>?`d&L>2qb$%(+oGzF8|pL~
zw5ekpsoFPy)CQ^$I87bi!uCDUNvIJ;Vxz$CYOYh#Ck?3uo4Oc_)q`)>e3G{9#zY=i
zi#7&3pnhF61{^3LSkw~>p=ap%495D_t<>{_ox>kXOC|aOPLyxk8d`|)l#)(X&OS}%
z23SaaKoV*|NDR74ChDXm^rQM1>e(9=jj!#Q-kZ~-lOOlXd+bo}1+ed35eJs-|O^Xp4fy(Uzy4<0IXP)uA=3)O0A~~-&!t81U1V(`
zCdbuBf;-zVWL+gb$&{i?{(%_<&Yy^3){P}(m6@bSD$_S(a)#ltE4Uz6XH*fqb-wH!
zT1Ds>X78E3aWpVRNWq;r=5)Hkg>^*&S8th_?6%bDGK41NeEXUFLL{asQHX;@HaJEg
zQ^OIb8iLq}q8_Fq$x4{CUAeKPNDn#~Mrk;kDyYR~HyU9U8s??p(U)Fy~
zv}t{p5=Df1y9P^Ug=%gub`DOu9^pwBD^iSY95iY6?hyu0&D1|F;^CIbOJ$b@B8$Rw
zBbYAA{h4%z@AYs2waOh2xK6M65S@m5S=BgP^Ukp8HKt)b!gDuwstR1r7F7ZWv$Gvi
zNivpnArJA>QFK}kVb^liLXKpM^!&v0iLO;RaC}9zq69!&oK6|emglZdAj+T?H
zeiB&d4GjJmNLG^DhTl+d7N50n~J+(bEu
zR0NR-rQWZKfRuLW^WuX7XtR{YA~oF^*(o0bjbhv<@%f|><-UEg0P7z5orJ{VXTR$F0z+IXJXKywV+f790dcGf!V>jN%$BR
z41sBz;YS7yc-6tje(+J_;3XK;6L2_wa%GHwAUO(cCPi&g+hol+j-M;ULR5xrq1w+B
zAcT)P+pr*gmtG~je~?F+LlHH8{|fgXC+`~rRH}TxrIOGY2gtUU$hz1w4w87e4|38u
z$W1EYQp(JOBf^%I4YqX&REu>JN2aM_y_e2-_0j8FK|y
z)d3ozlfcLsW8@ep)1mL)fLn5c4u$yR?xF%k6II>HX@I2BMp8eIZLpphsTu5S!Gg>r
zk5dMI;JVlGCYv`_Uy0Dln8AVt$!}g|w`ftqA@YAVF6X7bE80{U&l5dEFPhpJyMyQXG
z^@caXC}12os!JbwLh;p9NP@bin~6a)(0PUSAvOk8^=ULJl9^7cfh1%re(NW0;AmL_
z34*|!CdLt(LDmH-6KFP-d^1lZrmVFrO0TYK3DzYS8>9X!nujj>+r~B|pP>azYSPyGZcnz#)S1+NB4?=X=tR-b9npn;6WHhoG7K%RrR9K5eQ-(>Ped!$CGlP4}RK9
zM$?Pr_A}g#-p;}6mpeg_k7gbSY7a4AtcBjZR#JHAm0J1d$7vR@>QIoNUl&8o7ys;8&m=;kN2QaOnn>;54oM!-?8WF~R~W
zkIz(+&0(&#=#%S6j7g_gQ`VUx!B$q}PPS-du2PC#rO;f&?mLCTKEzs_Co)fU%C{6>
z1{O0wZmXSebdkv10?j1iE`uvEVhXc{O8l9SC8&swEDztj`f##jR28DdGKK!*ktM9a
zKOk93l5S+r)?7(7{s>Zy%A^{99H~Z?5q~_Xrk+x}HH69}8US}7lq?7&bCaneu0PRp
z$2nKMQ9D{Bl8co4(E!s*CLdx&!kF2<4f6d+suAFWZ#GXhBb50WqW-hfaJNjtA40=y
z>Ag!6A7#bd;510-UMJSe;xwNHqKbY}q=BOjKiDYHbc7Le|8`yb#UulH#E2;bRHKM2
z{O#!K-|Ekjn}(hz3@jR_xPa6R*=Y$LqLOJX(~a0<&GZoBWxMH>4{L{VrDy2&Vmc>_
z_$(_x_I1LiP*}JcHr3LZ$I-)tXWwnEjiNJ$ki0wt^u%anO{5TeE^9$G5f7ChDw&Pp
zOB^&GR$a#ej8b1&9ZIU#sHW!I|UL^~B$-Xhfj^Xy|)U
z7|D(OecY|Ui5BQfMRlJ8ZETR2KBYfz5&e5@l8q2^Tye{7yp)t~kfr6>J!ASr3OaEfyI*BO%H10pW28
z*TmxitNSjUWE>`e23X`iaDE-aH@;}s1B{12I>|iGS`Ql&Na+ZHu#?WvS4iUlw%O79fvoi>e3>@>wiD1IMVo+l2t8sjCXYwn5*
zl7*){syXG$4tc!vkVl{Hkk4lcq2S-#DR-ypQ=RhRb*Fp=cisD`9P(peIlsJK;f#|g
z=jsKQ+#a5m*W<^A}f>dGcOB
zo68GQD2$kgV}OTHtg~B0jvi;%mtHo^yZObnS7X@&!*q1}*&anx3b?{^CazZ+ixhfe
z`1M&j3{9xU(269l1S;4^8ta}oB>9MhbSJWQsz`tfDVRIaN-l3F`K1WL3BMGb8j+15
zHKA0)jM8l~27M2dS{u$J&WRPM%9)%SZUE>BUYWiRX~G9Lczvc~y!Md@!SwJC62rKY
z)J4h;gA{r_LT3!8DR~19PFNv$Y^D+&y*rF}jD{>%>ql%30^Xz{P|S2{N7T|Pmt-$*
zyAfhMA#Q18wzT0`FWZ6-iPqH(2=}jU1FnyXqZyY{xUIp(M8`G7LR5-mi_co(F*qbi
z;H*5P5?sREh+MIf7n`UC=whiPWYuquDuJM`O(@7E;_&w+LA_QKd+YcweiYKf1btn&hx}7|`f_bp&h_RXuoPAA{^F
zf;y0{Fph=F1~WHz6^Sh}ngD-d{Unbh=p&md-bQ19!5WtRY>FP(($y_xd9t~Ra%f~S
zmnq#?k#Syg4FOa#>dnOtQnqL@%p?Q$g*Pj{^%`y*mr*IhYoQPhNnn>IQn~i^RhS5h
zRF;keXP}hR(a#r?d1D`JEXGI5h?`}xj|(MNH>$i?rlLDZ^GQ@T`i7jD!8WCQ2WwSg
zszbHPV%i18CJ>m83xXzvTq6iR>z6{06X6aGvckhJD&`^=FKJOa^a%7EF`ZT*CMkf9
zPG*~4Gzr6zOHiP`ARaCN8D`H?x{^A+4p3jpdD}5d5g^x5L?d$pZOgb_;g{Oing|lJ
z`yLKibtkI9bj3Sg2Epd>l<_JBjuZF;Ydu<>a^t>&me!tVjD0}@s77gXC@j`pbCq3?
zlPUC)VQBlj;##6hK^ZyFx=1eNhVkLG!VmE4i3p|LhQ+5B=xG=8a*t%&z<;W@$Rhw-(4?}gK<|iv5;I&KN5NvNLDXoeyhes+2R1+
zRUnYg#8+t{v`Byl$nuJ55=>iQnFmoYe^?^6*YFs8NljANYjeoN`5GmIWNND2C|%4A
zuC#Vbk&zt@_Txb9Y?MmoXbH4R>PE}xlY*@GVx{thV&GLEW<=v;lAKE|Dwp{=O(y9G
zu5kVriQJrA1iqFHt_0`XDrWC|rkq9hLCY{EK*M`SIl?@vOmtl-8YGq6!Opl5AQdMW
z)tU=Z%O&nmGb1S_zVrwcUzK`NHZycVDJZj$&_&fCMtg}O`aEAyKDUvIG}%iqcL{j0
z;QCyZ(rlK@s5%=QASup9TR2T;7s(WHS4UGWXBL!D418l#$@PhZ4X}74Q%(r-dVX&q
z)s-k03XRZS~oBLN>c03`-gi+KgV~W
zr>e+l39Tf%YP*_YG{H=U9KR&Nx+%f=`IJ*4^~P0eTsEn2AdQm>J2cbs_A-S!m-@V>
z;#TZ^7-~W#*5kyuj$TW&7*TPNF9>CT%k$`WW??-VQ8=>3;>}{6RTEfX)l`rKf~vyg
z08?
zl~VlZOie2mj|nyaq?1+&9`%s)oPrS57B5*vQ&b)89-c
zP~rzDA!llX5i3pdIf|x{4qT6VmS7s6fugubo;%d^rnB@~r8?EYJ)adrJeX=9I_9$v{
zM#-ua@6l5w=ShiFXvMfYPbyMuF@BfLkQ0!hxD)_06my$FXmizQJ6cm!EsNT!Bj&ck
zmQo+cC{6u~p_V#ywSrV_LK`_{8NF~lgfNeDbyEQJs;W)n&W*y42uBHunU1u0ThIV!>Qa$0YV+o5e
zhq&d{SOrDVOdvc4Q7H+>8LcY1MEJTW~Jts(6-BcA=4{{H**>dO=`oY
zpiBg~Z^IaD{jI`!vuMrLLyBumE@{G-aE5EyLCW0}9wOu7D6#>i0#XSzZ4P
zpS?yQ|Ii~69t&BASfoYjap~AlkF7UGpr(%qUeDDaFk-+QE{AglGgE!n!`O!asSYc$
z6wvm1=Ld~eV`QXPxvx0LxL>NNY?eEqfVZU`OlK(r`ZRa)V*mK$nqergZBrKqJJ7QrMsbs>YM6Oz9S5?!Si
z?7K{7zZ(+uBVWfzfA)ue5Wz9$wy>FD#c*d6LHUwbu$iLB_+7gb21c%yl$u+5I;w5W
zG}PSO5K(P=BB15XnSyFtpIkHTf(mdioBhc()0ZBuS%s5TmO;8&wi+iZEQfTnWK|HF
zzo`?F8OhaK*OCDLo0>8@MPu7HubUb!rp>KD**k1%H$YR1X}JpLa29oTB~Q6JdWD;m
zfko{I;*g!NxL?mtq9w=3Iy`5!{SZe%3s%IEq|GdJ;X$>~#$fx{g|ji@HQhYrVe+YtCKcuQIA|C7gafOSsC6Sq;Qnp&??$
z;{iK#79UT*#ysB;uoYa|e2O2O<@0$y-b8o$Adfj+
z+rgx^U?7VVGEI!>)+Yf&b_m??ep#r
zOC*D{^gNqPq;6mRRogw>Thf8x1J^gjcQ-Co@ao#-!Z$ZImlxMIBuS>8IEc?EBxr*m
zQ{R%0eq&RRW9r)h8*OYvVoZHAl449lmSPBQ5IF|!HM5M&*Onc4;lU9F#U})3slY%c
zP_E}`F-`gsDTFby<7C37h;e0$$c5-voVPrQNJNgp+bRN#a|j|#5f{A_)~`NpjHO_^h+r>-Me(TSurrgB
zdnmj@_{#w7Y&)vpyX#{fR1CU$g|0`Bmqr#EvIKAdjfEh7e;45oOX5-{mqn&Yb4rmQesk?AfU08_QxzFjp-gpOdR4ug#@T
zcvkMBU-e^rB*J$!FyH;d6VN{PN)(;W&9ty}g}#n{I;d}l8U-4rYg-+5f3C`8hv_AY
z1-dQd&SC#014h7#vX#GG=@G|YVH*21_Lu~e02al?cGUJ$8JYCMl_1#Vx>9F*-Gl0&
z_EJFt@HI$83#x68QhQzdKwiJ5kIICk4>y(OrWJibnqKqP-Gk#^_vj#KxjRae*>yrU
zH+-?QVZ9W*d(hoEuF)~LwXNV{t$9FSAns+kGeR{IX~~3N+8gid%nDy=T*Bs%$599_
zxphZ^x~+kp!n&j)1Lw>M&JRTovrOqFJr{i^G8&bjr4Ot!6uBB9RI$UG6j|~PaKyx5
zM25x7)PavRuf-G3mN@D*SjOfh%#=+smlII$Z^#xW*z>vKn-hISG&R^-v=l
za>u<5=ThxMR*lQtE6efB)dpMO-huFJKK20zq2@_?gzK%vWrC?L?&K|}Mr3S8bOWZB
z)6+GDPurUxzrdF9$_n@S0F_tRt9i|9Tsg0&0pXE<8TE@n!?Kt%Q40H}M!zK|txC>u
zm7Jr1oZa_Y0Gwh2lHe^RTl;3T1TMBxYNWDK}SU3P6y8Q|SVTz#9ST24SW|aTmH{Fv{nCIbsHy9Px
zb+Iwz!`avuRYhYw*Hk4*oMbZ0Vp(t|H!R8phg23Rvrfl$m?!1Qz+ZCZ(yiz-x&7>j
z+(9++zT~SaQl>8tMawfAFnW^4)tP{L7Y;%(NawCEqR=u1WQAj?^ghAUM>2A23j-IysB=v1lqspL+&m-MAU7blpPHpl
z0LP4Mo0zv*XxoSs2}9KkfqVPeE<@pZAZLW5$)O_`v9_4UUC
zOyD#@N4sJj4GYYVJsmMoAvi)h5mqAbP4L}WF3BK*g+c7faJq%p`dRM{e>pK5YD?5mYAwEgwfai3IJ?<
zat@t-Rn3uWyTDTsO=%_AHp#^~MDFm1eF%@|9sT5XJ!Ls_$y
zpJplR-X`N*VVE^*`3aV??o~_1XrktWEO0^)RRB>5J|$GpnY5*F2A`})=W-KMpePSc
z?jCz|1-_}Ar|gp>@bD&s0b>D_XO(U3iUw*d6v6)HV~O
zQYWCOjCtMCR0@-sDBN0b!{A9#m}?=JsU9qe{T>y_B=4aoA8nt5wPWi;
z#teM?ohy6xee!-enjVcZQBu5>V0$4ki=ablvcw2@TbpOVl%I>0bxQ$dm9)o@-s>_m
zRt4*Da2=ejP*b;|xX6Z@%@N7NP46!iPp!Scm4Oe^_p9ZUG@^Jllx;1I|D4=6@HX7D
z<#}y(Xq6nWIpsx2Klq0LL{R94T$l0@XBUePieonMTmDsYY++;{9lB`^qgtT3B&J)8
z7#~i829tMs3FTTWKx6GWmAkYijp3uHo{`d@6`RXKN$GecGfcH+jwR75)jVF}w@oCm
z8bN1rQ`BTR(glL_K=FgEtqrcE)b@l~GltrfY5}~GZ4NG|5`F3B(07`gVk?2j4s9t@
zkhQ-qbl0wZSt(p%tP*Z}fY>wKWk+sayvZrx$MH8dyPXl(D30x_RB0^|$u(2FhWRR~
z+R$wiywHbiF@ho0Y_Z2knwP3Q>$`jTZ%q|%dVTPImXxR>=A>>A!{KLG1T%=?usVwC
zsJv0N35t7-My`lDI;7J=kll5wuIA*sOh7dReRqU}z&g&0i5+PuV7f)?+h5A)`X
zyzh3RYhx(n$Qj#SR(NZ3q_ywhub}*+ST^XeU_$Q*!+Q
z``N6&7^9`BFZr7$qb*sQ9>LZb1pimxabP=NZ4oO5{%{eaRRU20C$cP_7?6~$`!(*O8vI5TG)%l
z40U+{cBkA{wRVu*Rf*uzg5k#GGlzco8%`Su}8N5Rr?3
z0lM><0SVHYVwl`bl{l7HL8H|C5t-0k5ec{T9dR37M!fdfT%1Il2uzkPLnvW5Ggqi1
zqkHgJq>r&R3*&{!2j*3yvh$+RRo0HmKvH@xfEFfmSw7l{%Y61$y|->M+nm~*ak0lp
zD@v6PlHcw638wxFo>B*o*)TiDLMrqEp^CJOyKD`3&Xrm@OtAiPmM~t7)$7W6GRMbI
zBApXp^O(rZ?wtukCAso9IR~Ym<#RPWMm918OV-%RwmYWKR?P}^JiZFqnM}x6xq!EH
z$LZ{Ki!F*f>f9b8yX4t+l}k|!xl@okmg|4gA$(HuLI5-T2qy$#E`_BKNsn_}g^kBO
znFP>;Q%U8ce2GdPi;cSP+P4X|(yd(3hsbrn_3F7ALBe~JwSuN&11r|;%(2`6UM1d^
zZu_W!5_IIItINf_rUDm;rZ%eB
zo6pKGsz8e`KpdkZQ0t)->z7ajtS5M
zzE(W`cm{6WZQXr+dTcM;Yj4{YV?>jwt`t4+)6xFk2lZ7AA5fm&gM}(<1D(>Pd5tYy
zCPu5#gVQHIX<8hA82O9=H@UteENx%z2tSi*lG0&gH@Z439Ta3QB1ps3jz_OABMjK>
z<+#WSowI`ok1$pWstM-OMF;|{LRHD%eStf#frZTZI-syfPt&d_W6zdkG~sJY8CRwB
zdCglhk8;FNV^Z(HawZ}UQcn%nC8aN&^pk0URar=yKyB6IX4>`Ay?^xsDpS_ONWnvnu=xw>X$uC+5AfMtg!)Ys3;{
zjUkk6%y23a1*@hnLViH8$(2>VOs*K`tRVt3!*zL~VuOTiR?$PayU2&4Hil@@weI5J
zme8
zp^GRP1RywW2<2f|C+_!Vnkwio4nb!-C^{xggyMnMj#_BH%HO2=hOvNv*5^o`a)5bnWz
zqb5lW3wytX+v+%(UuX!iXyRo3s+y$P_(_R%$nUImEuwl2%tKu{hGM=LTxs~dgCPJG
z+)o*g5ywmF8gX4QX29|}7RG}Ic05*Xra!{;V^ZwNxTvK8L|A`QDE2b;Piiw}!;F|z
z(s%jjoq%#BqT%0iDSTKeW}*=C
z{Alk_AUEB6dHM>(k$+kL{4e{VFpcc&o*bils0-Y?;djK3w!Z!5oA_Vop54NK?|=Kv
zefe8HjK6)b_3+!RZ@zu}2)=&!;K74`iNCqwan$}Ske|l!zs&M{zU;ZTv#j_W+z#UP5XcU{)30#!v5d?_Wq--2ag{;hL65^wDrxu#9KG<
z^6P&7m+$}Y;(y&AJc-SYcizSKHy>`r54N_p?rr_y-h;>SgZodux&H*V5U;-O`)T~I
z(eG~bC;DBy>n`9{za8KI;~)R9fg^}tpc;LW59gOC<-Wk^KM9iEpY%6t#e3}T27j=-
z*O=GALD#7Fg2n^_*g2JH9Iy)quVu6@qA3Hl7?f$!S%Fd7XIR9O{YuiETHZJbRVPQH
zkN5lx@;+$`BK2no3Qysmw{#7wsgWQei(uqd3uTR*f|;>?sW?%6jST&o!i@MW
z+}(u$s}-V5umPuovR*dCe^Z*~ba94}#T|_MmQXSKyH1uQ9%`!bBnTY|P5bGjU@7Gu
z6+T3d0@lrRMjxGsWKZYR-4wTCE{j{Rq$-weH*qomfi6l_hvqrUV)WKuu{eoXrKvmb
zkVZF1#vz9vPbfF|gWaLb%gKITK%M0CtgmG%xYV=KrhHXgBy5G}y=E&0c9)nXrrJuB
zo=AbE4E9i2`uY?0i6;B98=oA#IQ@C&xEt@E#IKK!e%jyb?!~uvPT=p`o%rW{P~6{~
z#_+`P&f)2w;-eSw&f%ZpANLRUI&t?GP}5IN;-h2gZvWNmgZ(aizJIuT@MdrS@Q3(0
zv^_jJjSu!;?Vm!&r$_Ws>2AM!f*ro<9`C+{KX;z*AMBt0sUxF%v447qy}y9&cjDJO
z$EW+dZw_{jLrM~A1!@Mj06eSGTr_<0}Qt2@X0C%8g7+2bR49WFIA
zJfgm!`C*qk!)*w63m(D0-<)(yW8?1jx;qEZ`w8}A+ci?xazeSmAMCFCo&%{0Ex4>^
zKQ6BZCrV|%FR#7dqdHjiO5ZhRG9Kb;}q#pNuU&q4dGPBvN038pNO+`Zqnb~h{q!1#7(d{2P$
zx0{o6{tTsr#~t|3x71Q)7_xhC-3D(A*^HQ-VyPc8
z<I9+2Z^j>c_;R5MNR2N3hPRYV^dt-z9e!91Re0$TqdbSveu{xif
zCljqD4kH~b1a-jAMlFc$1p~I(6rBiPtzq3gAl4oiBY)2?*cLDUc{;%u4Xi=P`Tv_I
zZ(h9E|D}8KB#KU6b`K72-Fh0|JIf}pM$zfZ{S*9KcO!}r&x{`Ve(%L;@8IWSLO474
zKHBS^oWjKTEB^iah$l>+@vq-wG$IU&KH^`$k1)f$C!fQ|=FjiZZ=*f%uir;{55mXr
zssHQyDB3?fIo;tYd@sL$uOIdf_Mh9&-Ea7Xe`;^%bjLhKe?!kZJhL5`)Xs75==JG|
z{7t{Zhd=+wAN>5|_tC)~{eG|qzaIAZN&E%++1;hTc6Yyzc3;2d-(SCmKVBT{{J>B0
zulVfi*Ze6z#2?3hj&9wG!=vL@
zI|uxjekWh;b)UcaA@~M|+WP?~`8~W7ubi$v3^)3V{ey1!_{Q{HzlR(0xVu;FjX#%l
z^KX8!^XA}`pXQHh}_WJL7vvkx$G<{$tKt9j+t4}0nnSUYzp$5ChuYA2_Sd?woHcSXeH%JR8
zAtl|6h=_oMf^>s)OV>z)lr&NUlG5EUbazV)-5o;>bG}^H{oK#?{rKMZ*Q|5q$86`?
z_G87q;<%kVagxqt==utKNz$Dz%E%fqOmHkAia(ikLp_h-a-w*5-9d
z@4G3YTz2R+g#}vt-Zj+i{JCI1w82U&(IxT6mvEckkHg_R;g1_bsGM7o6FC*@$WI<(
zX5+8NG*f1N{^m|C`9DM#+KHJ`;)F%9KhnSJc>m>kdB`{z#e_Gv$eC
z8o7<#3#{yKK+l#(fL%j`1(|P5%~OjT*XsuNA3LPLMef~Mseq->XvFO<4r3fk#hN|R
zx5zb=&?M*P7zo77!A7wDV)cy-+V8^1D>ZrC@gl8A;qj}vplb)=8`?&2{nLh6Hi|>T
zfGW2J`TRXe*Mc<^ki`U#n_05kb-|ARla03
zr9O>*38?XWw7>w(_04LMjlxXm|`;CpGPCE$Cxx>j#i?;PE;%N
zH@gD$$S_61_uFVONMC>Wlsv*K#XO7m{inOf_){Li0d5oB8iRrupmLJJcL{nGa0HOEhA%Qj?x){B=J-I~x+Ble#n67oRd|_e$5tZ`nZ6aE*g@tg9F75md21G43YLn84L75R73P@A7o
z16Y^%x8J3X^uVmcB5iiIru74jXWLnei!htz{5RCBVrtJG>DLv86Fc8;CrDEwFUS%Y
zVRjHZcuOn)tvL#}(dip#0%nA2@WMBQF`J>`@J(Rq&(D+>*VI&Hu({Cvsp=?@@pG`n
zZC5%sW&JVVD?W?Ii!m3t+3)Xv|-j&2IM6TqpeXWwa<{
zgSFQ_fOP7J?!mHYar^`PuHMyq%pL9}-Un)t{)3x2%93!mo=w`;CaQrQ`LIBim!d^;
zr*dW?$US@M!rX;J&AFj;v|Iiu@_yw9G{C#Gr
zU$|JB@W)HVWX2@dH*cqwKK}?EK#Cs`zfp~V%zL~SR}w$i%1lw1R#hVOn0mAwHV@xM
zRH`4`r69{cQE#a4PXe)GN*=ChY5=JvubMi*FB($&;BE)#FM>hDt))lMM!
zj-YdZ&tEuH8>)wW1258;oD+IP19t3>^D5qFVXR0g
z^{G86Y{D-;9CPMQW86cRM}ZE0u~K(+WA3S?SUP;X6CO`vWl>a8@;Jjq#hb@XMb{;N
zLkQz$;g!MJiC>>#Et)JvZaS{eB-7vnBnOJ5Dt$3eHW3C%!c$&Ea4l$_-WI61zkt(m
zag|c|Q2%TEH~H&dUWq;nfQ)v=KrTDr!owC@E6b*!*RrTyFgYsmkwY
zi{B9)nUGW$E*KYs$GLkD|u
z^_?qwSuXw-b*!J6X
zYbsS!<9TkAk&G>7*QaEeO*DP0uGf=aI4|ac8$TCQ)ZXp?nMP!-m)ac$mmpdne!HiP
zd9&K%zAUU<@@@dyfbv2xrPBR<16CaRhnIHtfaY1=sZ5hGU&_&Wvii(o6dBMdhorCM
zVA&;t>HA$EjU7%rfP!Nu@o4)!9I?r%`cInmNb2RPjNN{hjD-mlqGrZ;9E75AInh_DH^n2M*xrJpIGqPtwAaXY%ypMvLh!5vXS@o0C0^CM|
zOox}vD55yXU{0V(`+dXy<-Sbmn(&IM`$uSk-H=O%*Hfy?HYq=!Jjon*HmQs)y$@3*
zf}UD?|3r|Sg2bFe43?gL44sE9OA9UXjy?Qfd(Lqw
zXFf)rX-W=(*nExmyjS)qI2XAJZ6`sbZwpLI${AO4NXYSe-z|0ccV96|`LKF$Lq_RZ
zEvIdoB^YznUY#^`e$zs_2Jd`dZaS+x$i7P%cBhSwF$M*M){0e1g;Kwj0fz-jkM+z+
z^k077uQ1Q1?6DOq@ahM{qNjg{QLIX?J>dx=MMxRpFHQirB%Hxo9^P_Jyq5D}@hej?
zWvD4XOij^s$t_<+(~&7UKUAw1QAb@WN<(r#pX6e0bQ!aFs<2Edpf`=tNI#F;znCIZ
zH{Km_Rov)ZXcuwtk?|GQdivmX?}q~X
znXpejOr&X5K?SQ2osJt_E>sY!%_Tl;UDOjw3#sWJP%1s`g3r3?c{=Z>`-L@J+{31z
zvq1i9v6nE0*@w)L30Oc>oRzMm(`4ci+E9YawU6Oki&}9%QhX$|Bl!qk
z=LOH-kNajI;Xy7IYI^oA_}~L`cDZ9eLb$(I(@~4+KC%lGp3vq;
z4V$~VX}%k^Y_GDVi0L2WLgGw~W+u(`NG$~<+V?eKZh!41XF(4tYa>fmNc{Ah@rc^m
z5Tm%{u1i0dC&=}F{#Yt3P%P(fQAAwLz3*+eIu6ijAtwS
zb?#Unc`|>Gqm|Q3CznC0q+y!!uaSa>SIl5q*X+B$ww%YQ+_A)6
zAnS1&I#&>u7^^=J?;~h)Tv1T#$#^T*tyDGb$R3uS>@3}rrM@J4!m=7bZJAxVuTmiu(hmARnq;m+fIE!K(5OC=2Md?cES&St0Rm9ky_o!jxE~6vtxK
z_f6%wZ-Mpk{Sx*uajg99SeaD%MU=%k;#e=+%+mjwRq8!M7mQ}C|J@lGXcJa{grJ}ic}ytMvUhq=uK2*n?yD`w-7*xwTrg2N2Lp*K#R(_+GVksH;kwH(E~*zXTu@iIK&!U3VFLM%`U6
zXoyqJSh1t8%=G1E1gCXmLWWs$yJU7%?bcUhD)bdzKYata{M=O!TKsWlo#>4sN9-4n
z;|X^e@y9rGHMZ$^46EPlBVykE_n+@J9oX_K(011lAO
zxhA`soW~Y_2ATAm_EqxhDX0+@G*roT?P~s;cAZdHx^3geEqTR2jIl=e`4ihlqlH*@
zV16kD{!%)<1}@47CJ}OAP;7R
zb;%LH{q@|HA!uk!3<;(KpwYlTZZ;Y)>;uX-fVnf^;08DVBY&*}pIpkYfLr*0hTRP?
zVwDLU89ZAOoa)rX|garzl--|udzv`q$0fSzDBzrMY;?+y@F}m_EX==pQ?M8a!TU@NE6J#H*Ok#;J{r8!5
z9kM~FasF{BMTUu+>K-zC%e-DCW0D?yKUG`>Y1d_xaqm!~IYj>^+1DUIbMWwhR54Mv
ztpV_N9wKNrcWGXuan}PqF;Gv{9sucP2i$XlZ0=zT$oe|Km&r?a5txNTYabl!fJdNurNebBvb6qv7Xo=3G4aPNOi%DM;_`b1t
zid)%IT{r)?XjXw+>{nDl&UA!zJMScRm_0vxYASLLEvPJ!gVxWMEq;MGLM3QG|L=lx
znT89l41!wtmHomWYyRe!_#-~F>W5YB!;8BPQ%XL*=?O~M_ls(yjElaWHBd!Q+Dk6R
zD2du?XG7wKel_v)uN|_;bYO!TJ!u!P)NP3+%Cflx9H6LfT0a2KmfG6KY^ZNc2QWMU
zY#sp8iN*gB!KFa?)jzQLa|x!%NUH%t385d3V3q+Qe&w$WA|^G3&~mRe``Nh#Jx`7Q
zbUz_?tm}XOtt?MA%PYBYHG8#QR^}a%-k>Il@QZK|?+5>Z7xY^@&-)_R#pU|krKC~|
z%d|I45{43H{-UNXhRC*dX8mr!2sBCmX4Mo(`gUCwRV-&@N&>
zP>gmF{8oguK~B~S`|h-x>P#8NWStzSxbWlrR?nVMXYXEtDS>7U2***gMKiDoyU
zctrUlN0w)iWmt+TrQN9?ix7d8Dq_C>>zB*W480dTU6?0ODK((@XeO)B!&KBYwEN5m#di$m%+v
zP!*+ZNTno|%-ccRPtW1n#I{oU`hP<*W^h(&
zn<+yLlj{pFUB5C&VeVmuj&H}R$0wbl(rTskX^v?8e#ht0G!iICB_7BAj?ie9TBSqc
zxweMc@)|vhG$H8}x>AgVwi4f~zR0D!&!ac1ILF;3ux9^i`gEv2V_L_4fz+-{T%(3m
zb2V=LYLp#;x`t_^h6=_{@;7&G(V+
z@cl=l|2c~PY83q6lUjNN{#T=bmJ7>0O!(_Pj3Luj5@~V-=9Ui2S4Bq+X5g6`Rhex6
z`My%t@v`C*n{`rR@m0w}xCExV4ElW|l
z6X&R($Lri2P8DqZp32e%jvR38x?@hS!TWSBhUs+x979SJ^htLcmo28Hk6J13QJ7;3RNj2gTZT|xAB7E2GUog(X|AWg$
z`1Csc3&25|k`#IA1
zW^Jw`)G(CZK+TJ*j-gSStLqt0j@?|KU9xFF5_)WTn2aACUgL9rL#!uK<3;(!{)y#3
zzOe<3FY?3%|>xYOnI1;0V=}|mS#JB%!IivCcL)}iamONx1YA%i8Qp5
zd$j7PwSJj*kC@SoDY^pcj?0h0kd4P9_#ZQ_^3LJ^1DHqg3Ix1^gGe&chQWjkzOmaN
ze8qrD;Z#85!`LLsYYzb$o?c!l!nbHGjp-S+;rW7JV(U}6+-%3GST(1UNe7)9_{QF|
zlNaA%jV|hV4s@w=qFKhBv@Kfmj13ocNHS&FZ(8P%B^plTNc)1;#t2UNquZ#wTB*Sw
zm1nED@L|7S*Q6rH&-1NxVHn$SLM9)r)-4Z;zodP3*4Aw=NZmeo+wry;ceu>VKlX%t
zZQlw3JQjD5)AwsPyB0Q$H$`7<8O}~N{#n;Y5QcYTbf++AX(pg%qeb3K@fx(e{Y9gv
zEZFW
z^@x#wwe`OS>k&ea+WH7*Ajz=7e?thIZl>|n!)XXwM#(-=mQC5BdttPGDEz45@zZtI
zNa^(?TXK4iZB;h{U55KKKk(lBr=efdW=B;eYi0mhGC^u8E@`k$7_7H?2q)$hfL$W1
zbU*b>r6+NwWx%o@&V;1P?1X8`Y@Rc+ZaAaYlObw47WiW2F^z`0nFTxGr`R}3L^d?t
z1vggHz*-Q~>a9`=O4$J5b!tZhoTcnTL3$g2PZFdS`Iw{5-2tq>>;EhM>*@Zn6?=fP
zi+upfT|Nuu6S_KWn0l>A3f_Rw8F|$k@3$lN#cI_(S(4!}cflX+ONpg{shL?h+Bie$
z%6A@m6!EuLbiqCKVr4mhRAkoqR7LeXJsuuHqHit@=7?EDzp!A@Ma9>%hj}~~)1v8*
z`y=QY6uJ3c?Cr#bxfs(I2qzVjlhAcTO^!ZMK)e*UJHT`V)fcPEqst@x3AWH`joB~b
z$;dt^JXabgPO=zt&N}ZM&B}o~$i+&hN;@~v%q5uzl3v{p@-9Xr$C8Z_t7VTThrTHA
zeYR9ND61e0S|I{5$8wl^oHjYl05b^p|3}-bx)+T{ki_iQ1E!nynW$BJn&B5i=98b@G58Z0_X2
z1Nsx^hp?Oy6vJyIk0{9|W>T3G-GC-fzQY;Bz-x06o9klqG;?M-1@`;UBPHIK_6s)Z
zceM`uEApZrxaEK7Ji(O_HDsj2VBSy~hv
zjOX?sapORE0@m#SdwV?crH{3#|8iB}e`CP8|Dm!TiPUo7w(1CAFhN=j{IUgNhUx&2
zpVti#_2E#AMoz7br1z0n=YG$LIsAQLwSnw(dZab(&)W7~b1XGx17V(ss7`Wb8Lm{t
z#~~2L1X^aQh%#S0%QP9OPHV_my{MFax#dn5qyF-XfIQP!=Dczm0sIzGDHd4+`s=-F
zsyX&I!}z+HnyFuuv;!Pr
z{v@dfWUoIgBv(eX-JnGmC96m=E2?K|j`6=r|5=jq8W~~coJlb2a~9|qAV!l{iu9Hp%i~QFL0b>h5H5_>S!3Oxp3P~Ut
z;?ij*7}|#SLD}+j=Bntg$Dvvnx1>V~m-^=@bW9>_&u=1I)?@r(j!#o%TE*N=~ZUSi<`{#hrYCC=29O0khBU2o
zWN7ZnFvae0n6%zt88Rfe_Kuxx0Cs{IPGG<0@)yrL^629y;~|4hUw+ME%{b=s@k<#b
zrfe^xv|LKh%vE-A5y4!*cTp$@B5(s!i9g4A-
zkaCt8%5O58hcaQ>mph7#Z{q(hW*zebPDz;-qy(Z=IL}brLcv^eDEcGE7mSV75bVlo
zd)bYbig$C=Ly;Orx2n&T2iXamk~{w-;xL9TLkznF$r672VUJ#?FCGK6Hul_qAR(Z*
ztk*K&^T7X*!G30MG~~hTVe&qhIA}MwQBRcgYSZgnQqphgs-}>xS!y44YO;f3|J6>Q
zf6Bz!Vl>KbG418{OB-ENq}9w+#Yj4ZiFMx@^o&npEj+k4`vM2=5UA-ysK6hq6df6N
zAK{Su80&p#$p%oH0PBGz^-$8eBVJIe&rK6bLFg;4_
zCpAk9c>|Hky>#;IP3SySY}3rtFJ4%&TZN%bqJ(J+DVuAa{WTHMlYG*z6)5!;Pq{(W
zX<1?BuZz#mh-cQ9#=!>Z-9CA;
z`*8P4{F%52mQnQ5)<;B`YGbt17ixySHiE%dFbz?aeCwXZ@S@1oXBBL=j
zKKoz)jFte&lcWCk^&byLPmI~1p}bzY)JWpZ!p2Y2ZsVPmd%~wpNesa}CY8wEWXE&&lVYo0%^sCG$c3&f2f
zae2c|vI$H4+?92^6NdGQOV3twlxMl>XI7L2LLDKnZAd-%u)Op_D$XQ@y3-0=VG!dD
zXUzSq^5Pw6E?yx=f0Z@rWt_3CNd`^`Iu`UM&Db5|Rq}Qc~jU8}H`@e~%&p*!VA4UB4
z)gK9r^&?Q%z;n8FUcVV{s)uOF?z;kELf<~;%k3Wi3vIEnQ}n|p_q$hjQxm`20aMj>
zZ&hyAv!mt3Gs7I1|9K*Q&QssU8#Zc6gYN=mi5_)b4z{A%M{G@B-Ci_d9Q>6D!`F+}
z?J%n$Y#5+)RQlbd)m}B`pw#!*>|TQw*0pHTK>Q4aNb7o3t7pS{99d4jaa
zh~2C>tB-s=y6Mu)fnDjj>$9b)x3DI`A)c#BGyyj=ikpd2-43+}A9X(*&?`y7prkv6
zg*P|NYqc_#^b$DWWO`YXVkDkr`wfi%ogQlW$eqAC-;VYq#z_7&hF_f*WyRT!i1t1j
zvcET?@=(B!fXR9uW7uPzl9hoV0*O~DRx@3TDZ+5gY3PG+lXHCXk5^u?w9_Xp7*kcOF5?|r3l1(@
z+lpl5ok-;~E=`H?BfjKBI$l+s!{u$}F|8t@3Z{?yZmhFfOKiez*tytK1oEf`cdLi_=&Bn4TieqJ=hv
zO>162=^w%-N2y#=?T2QkgJTiTG?P_hMN@&3y84ZCLf)qOKjFqXDKgNQc~XVOX;R&=
zm()(plcc|Rsl9(>vkF9>rdZ#f(gb2Aq-HXWB3dyduO1WC#X2uJv09mLW(tB-Bs<@-
zc;)4M_ntnjZhK@Pir*QF;f4g^ZKtAsQrUZ=ynwgyt1{S(VUdxs>$W1gBKYJ(3`J(<
zsmIv>nmoURy5MA(^Y6T!J^l}jJ`YCvD((~3u_`w&+|HJg9SgRSjY)Z;EJ<(7}@!Hn7Hi-Oq0rJ?}8}0Yr54_iHuU(jr718tS_-6eu)q*FG
zJA4Y`i-GK$)h@KL3xx&oeUOVUP%WTh-!+Z#V273anHi^&z@`4x*N0HsKCs`g3cIqA>DGL*DU^SA6V;}6PNQMqTmA0uo!
zJ)FHSE#*YzbBclK{<&
zB0fRAh1}fSJ8c5
zn|w9VgBpcmwdO#Y`mp50y=x=jh}`oB^r;=Aq}D*SzhiwHPxNQ=Pd1K$qsOs&(Y$If
zhy8y?eb4639^hOFnd5j*Z4=6z*YoNXN(~v@!9{g`L^Zwl;xan<^a^w>^B}1|odL&1gt1G;lBM=T#FBs#jc0
zRtaZh3mw3d6*yo#F`}z+&i9RJAwAy%HKz#WU9TQe$g%Gl4d-I?Q=H}SalZl5`f}#}
zg9o^@m1Su^KYV)WOvS&&9VR(@Mf~|y+G3iR=S5Rl=uZtwHCW3MeNc2)6a8Cj3~4hG
zylgKcH^XDvP<RetLG{Jw9Zcphv9gwT$yP4Kt0m=D)`z
zh0X})a**MZTSgbL(-)qJl_+tOVJ)vrYdw}8u}pc7wa1oGFc*m~-X2KlcB+&YSWQ;i
zrYQDDdAssx^Ug|L8QJBad17?E+At?6_H>c|6VA9%w1330$4ot#xDGJ2yVo)IKPnzx
zpGew6y&SVm5>kavs9?2f%6Y%EipGvlktuNz#e689r2X?}0pV}OE%0UW&WsY%@Gn&E
zW2Eil7&fNmDj(`f+B7}>;f`l5L~h1!oZV4Lj;E;eNO%ZSoz-mWd(nf0fml|4v_XrR
zgVp#<{ZWI}hcj6|YB5cduUf9H57`T8H1m@y2G0q@6k8u+y_ikO#c19y@Mc(Cs|nYo
zuC)EVn_n>?u}bu6hKS=_zh15wPT_Jr
zHQIrsUwjp?a`QB-vMKymSczB7<9-~ZaA$0_$)Iq$wLnF<=WMxZ>(k;Hzc&24GwP_l
zKG#cY1~Uh|zYjR+`
zNpJH`ESzpDQzk^$<9*Ucc~svI{kU;X>f)iHnd#_A-l-OdH46?uBJfs}yVJ2dotaXV
zyO;6qnM)OBVfNTs#gRd~kdGz*)?oWylfD4O@MA19lsOXnW~#()xmV)Nx40*1oV?4i
zYXpIKSpB~_jRrqgFSma9t%J9Yimb2yc6zs^%v$t}`D(FCxSSe##C`7!oYvgSTsNF~
zTP{kj!0ZsnXF9-n>hpIu7I~{II+@k7j|&D=b5n2$*h&+;Daozde(;{-b`6^Ws#%h^
zR`4*0wlzVkU--2laA~Q#Lv)hU;}ti$@i2F$vKP7jkzwtFh1I7pR@>VkQ}H_w9y*qY
z35ikmPK_?dEB}z}Ui*^6?za*YdxfFBn@2|6c_#z>L|oaEaT}gVJlk_rNj4PaZ=bnW
zF2r7#*D=9eiE8X4mhP>;>~VdwcC%hw%UG~+Hm)mv=S3+)JZv2tco`aiF
zb;V_~vT;6t`qzL@oN(oZ+M4m*Ko&=n=DD`8WW?yU!3+nT#IYu2s6E}-Ty#o#L4*DD
z8s_Q@n~JalEi^k{&>(C`SJ>;_N87)yLDVExAL8B#3IgRh8676CqFf3U>ES^do?h%u
zdsBkG=ZqZ^Ew8ol#aoY|g3Iy=S`JtCH2vo3Ey!1S2RFD%a+%b~tt98-z!Q0VI2(O?k762fTSq&gO~
zlX(FgXtpKnEuKZ@G~zdHNy^WkHuPe&v$Xo0e<}^>3Nc5rU1&7A)f~;0*8e>_{RHDW
zQ$+mXp_-q!qSI^LoAs=EiA~{9_ytm`lp;9ROsezshmw(ghZswBv$<0W5l7@e+t~33
zy+jaRkGg@5d+iNdwhecZceVhQS%IjSdcoA(dmHDccWsx_T;S^o|^(dG$7r1(l
z*K>#gns-W@yY#~Wx7Zh!eOtoc(?<7Bl8pAQTG(K;3JNr=8VtOAu+~J44srN&+_dKB
z6r*4N{K4#nxCum0y7QE*Al@aGUy+(9v1FlLZ569l>xyowCB;xCGGYLSu!C7bwC-3K
zWQiv+R6oX*+#Gtlw^jdIXjO53*mvM-(byC|B3tS7PQP`8^PyZ82iMbWCa0wKjUz8*
z)O~}$ur+8}-eW6;W1?({Px)1#eWtmZ4J#^Moadw>_oSKQvUCpX*d(sVexiYmS^@I-
zqZWck2S=3I24BB&U44#)mX(_M{K`wPHi(_d#|L4VYC-#~D4>N(K*dyTnO9|!Mh}gF}8UuW+tIs+%&{Cqtpau
zsA0Xa=S^|}Vhnl)QW=b;^m{7Ndj4#8YC+oat?dX~e~BXDsmN}9!TAYv0IKpznqGoJ
z^8f=&k8O^R=Z2HK^*uG{x#@#)F4WFp|xJ40>NrSbdMczfk
z7Hb7-kEGP&sH6Cxv%T3D4$U(^?9ZG+Zw+*DmV%CBST=fbJxLDeAUZ}LPAT)gmM9Q;
zON;7AHHrDG(s*DH#1T!&6{UgCiNk&-nn32#@xwLLE$3}byxVY>SpS&+msp`6
z6sA67Te1pF_;^n+^19WcIj6#cc=@YH?^@hZprJJ#%on)t4lZg98G@{=`cxpD&p;*u
z$lcV+iYYtjZbn17?(0P@Of(+ZG;_rL>SY~73LjYlcS{*ll;qw!D*o)?TKFt1<8+Ql
z4-M3$cuFP+;op3Bc|AW{wE#y%bNhFgNVI)6!1(;SpS%>CZjtys#iZQ|#R}^rPpb2o
z%@Vs|`N;h4;=bJrClMaLI>E4YC3z8faAvEbB#cb=37q6_Y4)bbcAO&^SplV~7ota;
zA!mhS7Nr)*$hZmmB)ojR0$lX(Zoj!4%$7c{6^I5{7*c&cdsHp4-z7B6Y1D$&=F2#Y
zw~rl^*RQ~)+uTBPP+r41q>^^iwu92h3{;e6?ox%l0qKzJj$7?GHJ@mI((S%vp*@i!
zKq}B%y9!c)45}T)$#pbBPkPBmeH0S&FFh4a5RO{urAvl#ot^#hfxU=SKap)hyHLfu
zHNt?ooU0+YJbkovW4(f=G;5ovDA&>lWqp(}eReRL&CE@w8tJ*(`O!N6e>$@vt6Ysa
zTJj`BCU+&?dWhFz>CPf@jd?4vmW=>3eW`4*dPAc6~MA
z=xn3!E8@g~9$Z}pz_tAz`QuvPkxIUOv`YWwkN>5T^&UG=@4*_}fcXoHS18woIw;4;
zWL=apsgLm=1&8)MS_9O+h~z{s*ftWj2FZEC76&K#4Gg7mpYYAap!hKQsOo$t>w$Fs
z>Uw4Gm@f3UPEfgw`c7d$1*0#eLoEzFh1%FxS
z!tPhm0+jk75<_q=01|ccu4rnet!+{Kc51-t`b)XD&oJkLK+CJ`y_D*3;j~l`?5_-T
zG)=QNuyf@4?nE`sCs%hI>*Md?c-7ZWJ!i5^AoS1<%PxG|==FI{yJu<-&4!1xC_}iZD(Ct1
z_8MLK##pNId41#0`BDQz
zrJ=PfOq4>Ieniuh;6-q_N%%I+L<33`2<)RpHV>)b&5UtFE5CpyTrXc4K3>{q_GSfwv=T+UHd
z9wVNr4SoQk?cClfVI%SthoVT-Z+T;``a6wsK=2vpQSYnlNu8z23c#m
zc6^5M2bqBUNDWx0(YK|h`wMF&^EmdoOMk5l
z2cY&#cU`l|ZsK3~2S7;Y-))Fxf%hn8?
z;nzhj%Y4rzOy++2hr2Le>8ATSUee>^CGaWlZ~4YO(5Ua7JwUL2^WJiuI3aTtSEvzA
zbZ)a6%7X}3xe!2jhrvte&$+#Ms%pJz71aqu!R~+Eq7I+$-E}Ev2`2UVXh@dYd9yFp
zITAvYD$!Bn+rPtFVAjUpJsno+9-QBKSPtgbHL0)t9Lqn}zBoSEMAf5310C|FHOt;S
zw|Bkt3(Zc6wc9Z5JU`t#xl|1Q4ebeXR;+*D)MqgA&C%9U*Zy`Q)dC_}>+qz`^FTvM
z&R*d1_fLa&PuEVk&(xM@M>Vikmf(iwq#~01*H?dQHdeMEIAOSVp~PIx4z{dxRNN~l
z9YKLo5UF6v7h&)8rpvqJ*ZUUYtWbr=f0*$Z-t7Lfm*;E_`Yi%FH|XpJ(Z;)M{usPN
z?M?+PJv<+bAoO*uL-4gj48g6o9EY(t_-V#X+IHe?aYr{5U+tx?EvL5CtTQWzFvo&8
zwnWwKk>9DFxqm4&vr~tu?3U{QONT1e01w^D&-)W<0M=FNK<}dq2bQ7GTKK=sF@VDn
zpnDJe(;V{vwgF%ZKs_9I6dw!T{I`Ir3(GZ(q4*doM|iLV{z(2{<{WBC7}2^JKS5rk
zVsgpEpO(d=O7x;I*phN_zohC`%k@W;U5&)GR4!xQRv*K}&qy|gnV&UdF*fs*^Am(N
zY;|FT4!eOh>)%U`R^qyzD}o7L7jr_>t&aFTV$JE7g%lLO;ddcn!Z$5whKH_ilNo9{;tD^(pwyMPZi
z!K$+mpU_dw+dgD5`-xY$j0Ba47lRab
    F^eIk8v!dJS4wYaWK4f*PI$DeX-HCptY-~SHbsLHZh8ID4eo;7fbt%=43
zRzF+sv)DtBJlx=+gl>2L5^39%DT;
zL9UoRppywN72{)2*+*h@vVr7H@G5-7P89;INmi
zm$19mrk^xQYy5Eu&{UOB?z=tQpQ455XCwq3U-Qk5Ot&bq^9FSel`qEj;%64L4txZH
znB$`;H|S~W4TL^TXn=yh?MU@dyuFyZP{oX!9$=HOJ7uoK?Qv88W?mnlqJ8~aML)mr
zBbIlZ%g5a8x)we2-;%MC7+pOTipyFUSX^PB|ICxra%dr)(+Mc|_L3eO5FHsFcIxiQ
zZ!@+sx`hT~yvufa4=hE(FwS)^F87jt=(s-IdT>g2*qNU2x#Fb|&8mY))*_>2ei;un
zD;C?RM3nJ!a>}x1e~@kN{tz1RtBgshP*Ad7?-N?8OUyBei@DV1$>Qtqa!%Z+u3G$O
zT%@}4v##iM7L#}$lrP_r6QPqh7G_RAP?f5Q&-
z+tF~kpA%cSNi@keE*>>z$vW%$=!YNJfY=&HyS6!UOJ28WXx@}`3r$YHpMNqIRL-eb
zd#n~9F#{>niXQ(CzoHu@oSuY|EqOP&l0}KK&
zY{8c6S+^6)-(_@rvK~-=RceI{_;)ZKu1xjGx2Xr+s>J&^9w`gh1^f4*+;N0^Oux%q
zN>WUs_fd%W%p9pDbZR?9Cl^JTaF9?+Pr;M2q8@x#YcZ^+wT0Xy!TDV{^ms34pPft$d|NiQUYa%)>idNsrK&Dl)nnhtjKFJZe@K4BE+?|MZJzl&HK{^G`!~LzJC{X
zNC{BSx~7-4;RU_WHGNo>r*h(`C6!5;z+`0nY$T+S7jL9f9j2hR5)0N
zGvnc!Dz~;z|1?#V{?2-uF`LSOG{7hfS7|Dc_~KJL`i4!b3BkvW{u#bxdz8<~ytv_#
zz#_ZbpMeUQ!l0FNC^L59R
zz6lf^B9H#an-}Q=<$F7iMIu^zV<`qmtKurt<`dd>udo3)N+U%fHX4s`f}9VgH%V9|jay(K%Tcv&NWwiE2t5Ey{2u^eK%T$WqsNaQ
zSMdM8eZ0>9`5Zs%{GWCH&pQ9-6Vcl`|7V^5v(Eon=l`tpf3E-evh#mFDE&tyXUYHq
zaki2I^v#1$i~zV1#V%-?;OQ|^1up8vC=4NGMbf!H
zO48pTostFy_h^xiQ$BcwN>Kbz2RbV9IKxP!w<&T85Kbn1l#3~7&G_tCV&T(iGDAlT
z%WR7K1P|b=W$#Is7$E
zCB}b(NMAsD=?sySV1nm4Mx;EUc+3P#p<>Oz_|O+OHa{&IhTntfEG0BXEZgwPO-gF%SOF>LDpt!!nUrXZgVl>Y-utc!>;&DB3_%HF2
zLmpI}z_Q`L{H(+0636B7QvqS_s*CD{S^4X!vs)nn!50#`Y}$EjbB-^@SH`cfn6Ils
zzRHWcuk4FYKo03&;K(%)BjXGqJP9B(%|^);vL*_MyKwW}@I^h%+n3JwC;M7Z$m!g{
z3%nBPPNZAl3}3j*mEtRtyk?%e$M%KC+8Q=Coq%ReEFMl2SG#H_!0r?zCTyWnmGKxFGQv|CH
zvJoueWB{u!y)Mua9^pTH|BR=j)R~J!4ie1NIN<@}F7LeF=c^w`Hig~EFxx8v`Ujy6
z?|{uHLRNx#m}ndbyN!7#QO23Wyy5I!#r+W?F1rffZgi2HMPSb78G7w$1;YM1Fl$s|
z&M$De=-PxO0p>}givJ7NAdUJX5cV8}AX~;Mv1o?zSyND@K&r;m2tw6nyi>$OXpj{C
zaALctfI;<<4p{)h)xOFXRJ44Nq3egY2SrJK8%-sZVE_XkXQN~m$zFOf3wKEF+TjAj
zjd5-1B^X*m?*Pt7;rmQDaPtE9x=5x#>vNtp33A$ujs<7+=aXS}zL=2^2+z(I6MS+r
zVsec4bv2c4kWw}rrC^XCY(;U8lBq7?+!*4q_0x~{yN7!Rf9kzH?*7y}?EZ4v`}yd2
zFK*p$<6B;2?^)8G<;3N+2fWyL$!Pb9k+MG$_M4;Tf+Fp|aL)Mtp@eTefAfRBVu!XP
z#6<2`sVfP?(y!!EhGRev95BDZV3rnzXu=xID=+?Cd}!aj!_VTY59b%*dk@?3
zpCe2p)^|b=@z-(d5QcI8YkstMkWS9$7m7<;9uU4h9F$yxvM6SFq*=i4gKGyWYg8RC
zuM~~>nt6S_(xU%{*}x492j;3~x2qGWZZ=L~g$Zxb(;qWPx~2k!h>Qc*Ec`Avs2dLk
z)Cj#SA2|oKxtL?vH2cYoPG_Y(D9y>tr#hQ!=D$@p_R^@OzU2)L+!6AU9cg{gCVm~8
zEy4W%8=BUt2!bmKR?T`};!sv$W1#HJzuI@-0p*ctz9gPGg
z%l++dZQav7ixvz7=b$Gs(o9$NR$X0HU0uay*?!P3(V=+LyxWIwcoPJ|CIi|$$A4P*iQI?)KhxMa(Z}w_iGVp3N(;L`kLbZ+@(!F2l96m`W!L
zto67faij>vx+v5o^lDUg;;Bn&ALw0uQ-jK$3NXlM@{V)aI6rGa75O|qE9RS>(bd2!
zMC}{E`uHOn(}vqTFMtX`1A2*VGJsVfXrEU|j^ZS08+y!;K&W+x+B~K1wrYKndUZ@?
z>ziCQ&Ug%IPF;D<{5*NWBx;mSb%ReWt!e0e?WFc*uUeRho3AA4fce%{rR2iQAh=6O
z|DmL?VKRRXoibQPU~BvU!rDsI_981y??CyyEwRvzVNAtg@0$1+8m}wZ2c@bv?&aNL
z1BpEE7QWrcHwu_|3BEh89Q+ZL=8LUH>F-iX-=~0G9CYn1EU*(4*KmX0c1NxRW5dm#
z)AckkEyH9#Sacj6n6Ah;nYej0x^Dm6npT!6GLm(JYAGTV>_QyRX_&ySN{m9U+n(v7
z*VN|R>V?Jm#yQH1G;kcwKJt3OPL=cop8brae~l$dLZWWO(VfCC)JjVma>u|dWEiM7LE4xD@AvTcnir=Y0zTQ^0!98ro=dEE&07H@)lb^TLY
zmyx$g+I;&oK5;&>N!+AoGu+7}ibm6hP0xd$OXXi9lE!>r5lP=y3VuuC4Q^x~IzGrW
z1Gnkbw^Zu4Sz{)~sot4N_eaJx@o4+K)NPm{{ak{?L=Vvmj_Wpj)|kG3pABVUb>f-T)diFFEg!lt*JcTn7d0?ZLa!7Qy%5!XGq@Gy**D8?wh2sGitRsLfDX-kntI+qL)gQzw5<
z(o33=4mVq9)j&N8lVr^sxz{nz;)-%wCuE8F-=^FnR*K$Gj-)vTuH~Z!1jG(18LN>z
zF2VucbckYwioB)P`kjT4v={ND@trbk#vNdN^%hsS-}=O{;8Y+aGc?HSXl+yGxhTJ%
zEOq&%?329a0VM`)0PF<@E16JGWDypKreOehme2E2epYyrHx~x%bQ`of0cFvw3z0~8
zF|$0B#>$^t?Rsq%!sWU5-`=CGM3~DSJo7+Od4kwq7C~IlMa!
z#11y|qLka7L_dyPET1v`vE!)N^Jtix7?=g`gP94BdFin^k4}t1-BCV}cs88g0B)R#
z2(Op1cQRw_lCu=^gmfHYLR6Ov@EV)Po{4`+@Yuw>rOroepjE)4OTRVh6rGNTH#XF=
zr^KNW1_0?@Z}4xTJf*VoF$sZM>Kp-pFrpxE=8bypr%z<;L>yd)esLu)cmd)`_QrD2
zkt#MKp72`5m*d#h(o*B$*I#QeOtH!JCxa^GInAhWo}?bBa1<2=%w{TRfz=@Yl3+BP
z(hX9
zE&rGUudGFKzK<4lhV=x!_J}_Wy2d(p6%z8QMDM$du(5c>0OYeiT|JH0=p4DNNSw#R
zuXH3vqsfzv^3jl6D0#q;@T)IY=-%8tS4j|rHOYyYQ~YG$whS(!0=f$OFqn$Ta?-hp
zAwh^_fG$3+j>kx6EeJkvOu=JDPV<_wAZUKV#(I8Y?&gKp%wb~uB%K5BJM1>Gp}xrq
zzNXalmPBNvd>#CZ`Vutw=`YJqsiBw|h{?ja@IyR@h2E0P8L5mGxkP>e%V
z^*4K)2k{tlDB79fB7GbX|6Anyj!*p5jtTy3Ai3^21nDyza=~mw-MW8V?c}Q8>%LmpM(G`Q%*i$kPclWQeD4JB3jGIJ$zd58Bc+uJl
zRn!9&^g1KdC|yL8)vB)w$_1GWLBi}rN3LmxcwjFV9mErXP*2cAO4@Wl7DHA{czeL6
zvqmX5X42ap-4x|+C>zHIvpdsbvtkBxLMM8!3eDOcqnCji*$m#av$=OtW#EWqk`FG&
zRl5}#B|(fri%tqL;_|2RI^#PvS;s5W;zrEv#AY6Zf!%lOC_Cyn*;yVquZ`U{fOf)E
zvq+TYC2JPOAf8+}jzXMv5*7@rj7qm*h%u@R%VAIoC8~tj6qSG$&@%%yUo}w0tXQFj
zkH%|ruyBW|v-DCQ4_df0ZHPw%#f(>hJH->^$rFqrn@jR^q6a&l!Uj=&GO<3|h)n^y
zuBxmC`A3rxU~NeRsj~>enK_9%#+-2YI6+fF36$Yg!~+o&maK>lxZAeiFG7(1AK8sLBg$r7nmaG|ydQV;e#<6k0Mwc0c&w$sL^OqPF|Ihm!(Zej-Fh8m9=E84<-J~n0}%QMDjmBZv&EoYJ6SKN=*=Qp2A~4(t)Fz5WpnXP6aU(l}tcI+B;*S(Z{^Jklk!@LX
zZ1`9XG3~nGIBDJs(k6UIetp<6#fk%!2TyGMip5$-`9<4zK!@_5bUVqmDm;ItLv7Km
zWGaMh;t&q%mQ{Ng^i*?|CW2;P;4&B_B#^YW(Q;E=Yg|FOersuIDN;wlJ=jviPV9QftPFD)4BRtyiPG4AjjO}LIoUiv@wCBkW}1ubVPvkkGVIdgpqglw=W
zO`20!m56*1!;%=pL@}-ec^+V#D00$_WX#NKjYj(LtSh&M{$(+yZ{v)KRSN5wIppwD
z%dBia5VSBIpUpr+>p~2xYw1A?8l!sd$EEh8>G@eHs
zKlyOxlG09dJ19A2qal&zkyE3nCvY?J){>A|`bKp$p}ZK3X=Mk3IyqF=8^LH4VAd#f
z$>(UFhCS3{2rSj
zLAYUUzOUosZD_^^)eonKN22(8T#=9_A10sqPvv2uYO|mVos-SKO5<|~(`=QAu
zh&gcR(jo4N%1pvl$LBjXF|T7qZ8{*mErB6rE|c9PvvFEKS%5J*1YH>oudpW=)T)O$
zXkP&`@f_}`Ug3s~>OBV?O#iU2()Ie!PWCAP-=vcu$z%_Wz@XYui}ytH(PWJ?p8LbE4(PMHpdXG$gR!#CkSR*SrNaE%fj|BV
zht2fio9+e9=TZ&roM||Jcwi5Si(Eo%Fn(h5;6EV-P7e
zc!6x$)?;k<(Zp$RxsW)YG!BVbK-bO=AqDGIg>hb47b3lf#$MToAG|0(n3j?UrCEdBMZ1BQ3{diP`Ssh&s=DN1Qn?q+l
znA59)w>dncd|l2ncX&3KXcW~pB8iw8xxGgrk0PM(Efqg8~8*k2Lag5~9BxVFK`TV#a`ezui7U{3h>|js@B9&J>?f2$*
z!iX9yJ5~J1BlJ@Vn0!Ie6ZM1A_figh$nGF+#LddVCL
zDkNugFWe5tm_Q;i$LhpPn&&5ScA}3{=(j!)p?%souZ?w`k3LX_PdVBUbzb@D$_Ypd
zlZAo)E9MEq4pKB^X7#QaES2ifQ)7vhip5H^q!C6U?jJ
zy~qxtIxUV{>ZhKv!yi;s5Dp|R{;w(|WHdfzkUvHC<|$LwTHp>alh+6m1qzNc83Aq<
z_bN08E`QT4K4s-kjI9xYrd?8t+;+$vXX4e^DK}n|C)d|-*|CnUX-iSD(`G%qb`+Zq
zy$ihY(r__S%q?DbnQ4N^|3+WT(3fpJbW`KSk;#fPkFoi>#)ip%?YkSYil0206m2wv
zACVEpIvPi->w-R%l_RM5A?Zf?ft7Kly3E({<9?T1y<&KoOc6UXF6Rbz_Rw|wm}@?5-+a;~{Z_Sj*Q
zdKu2n&1`?1#Hx$#{qe;@@e7^c#TatNLJncaf*sw^4Vvibq&$5>v?YT+njwg`9d=eX
zE-BzV5J!Drm-NYImlG+$2!3R{D<}CUKS5~(o?eHYK5CnO$`(M18_;AwX{GU|yGkeD
zr8-Ne1xm?F2RD*Cj)|Z^I|2FQ(bYW1L8h>=K~D;b*XY4g%;g^P59P*Z_SX>CXXYHW
zb`)n^qBa;|$jPrk-zKAcTdC_u<+O?JMsqG?&6F^im~s=G6s0ql
zB4VYq13$|BX0}T;+8fP@HA=ZxW_efY%VBX(i4+&S<#ZRin9GAz08JOAvT3}4U&fWC
z6sHA#G3#BTOsNu`9om>xZ^!~AF&&q#(SwW=x!+~WoDmt(_?m*JGRUThpFG(q7T0^f
zMI3Uj!u)60Md`yUPO#yfGh8^c?lUUWW^#8iHj<2ZR;jy-m)KooBSFJ!hTR1QP*#8&`Kbc^5AI+Rn=tH%=c31
z+yAI;ypGgO#AD#iflNX%do@?@a#-rtJ?lx6iu2eUuSwOQlAn{j7%lb
zh2XRn&ep^~W4ng7X(#HH1Vq+^e^z7`XjsLhd^IU%XH=!^5*VFCHM}OUijY#=isos>
zSICGo;fQ0Q&MT&zp8J8*@mnomwH%o^EXEG3dhV6X5!ntL7q4a*wW%4nu>|nqRj{s=FLI6
zHmGMPafc9}#eB>6F_M@yj>#CmH5NZ6u}#0xKS}J`JkMzR3?GFmGfaYoIM)@nlIgIu+F|B!fg|
z_is@hF+&kKxMOCXJ5W`&0%e~nsKZMB*kN+a5;H_voyX!h>#Y2qWt*ICB+GOooWVOr
zFYc^(KeHP%Q%GCLSu3L%*MCIxvChx0b9|nRw{XLGB}-66tv?#NC7OQc0HoG47HP$9
z6+(%ds}45s`yc=s2b8s)gZhE@X=G$rnlWO;esG~fHTMC7okl9MwZQ<-m=S{whL=Nk
z5IP(?8k37D%N+vWtUQQul&dGF_3i2bFarjWddaD`7Z|BpZ|{tF+7!g|;-m#+P(sYt
zUt2K&3Wbdgi~A?#6%&G#!w5p8fZr(_4r+t-+D`po^L_0t2x5vSJ<76gM2AKk8<)9E
z8T41-Q89k7{Mz)4R!csIyo6KT#9eYQ8`q?k&E2rH`ctZg=3>>Rq0Xix%ds%gNoJ4t
zGn7n>Dvu;==jSm89sF}5gGgVbnr)m+;PtQH>Wvb93O(=
z%mMDE^V&>mLq}w}r2T8yktxsVQuVj$DoHRWZDbB(rq>5hXjaSs63Ed&$uBMsQd%q8Dq0ra7X*-{b6w86C(Z*X1<@>=X=OfCPuGN+@fSJTWVX#=b!9SLYA<2BKnAn
zSvews2HTiapfOnDi$tcPvs@hR=f%;V@w9u
z&Zv?M0z+@$i3E4%_B_KW5OFf9#M*ciB`gG<)EKZ}rKXL;rjv;cqeVg`Z0$skR2-nQ
z0M<^!ZJuAc!&aQ}^KeCt=N3qt@%~Mb#~PQdJ<@(i6yT54WSGmG(WI?&O8TyOIg`Mi
zo3*VZ2;%k_x#r*qL1U}j#?iF|Z_`s}U5@k0X(w@1U}76r&L|2TJtJw453#q*P*)$O%uX=Z}%}rO==-htH(G>%a(*SBO0)Ao+cuwazUH~@BTly<&O
z&8Q|`K~S1)f0NcA6#7yYl*Oy&vGgTYRnWgSPgiO<*#+mn(s4%wJ!Po=0RPs
zab2dUtO?ec@s~oNvZOzYG-qJ=*;ie&iF3jxka1dxwX^@d(swvOy_sMoWe1pqP4{75
zhl;!12ClPStX;s23pr&WaiGZA76)B*&)Py7gQS<8Y#HdwnWwyf_Nw|@ZW4Q5`?{_~
zK*a`)indFk`22o?_fJZR-2#OibAdFkn%zl(6>q@U<#vaj+q$A$N3@&qlD*w^GHHy{
z&y47(f6|$e9NqKN>1Re?03jZuG36#Hk*zbIMT$3=04{!VX_2C_dE71~P8{Tj6cbKq
ziI7Xm<70;7`e_>hey-{LHQ_`*zMB44YvtYGGZqR7JLADp3cw#p)y
zcx}dGF(M}vkavwpt3boYGoZkYdn3fGsO
zOM+VH`Fsfr5J&zQhM`8!mgcCS!|Tl#VPRI2HeX+6UtMm*J)uEydin!+@h&Eg&rnMv6IyJChScM+0wDO#l_+dFgB<+GHes!afA{S(Ir4h
z%;u7E6(8a5Y4E$4lpyJ%d5BnynpJU}CXKo5_kY_r4f+B50J|Mf2X9xTnmSm&>p8bX
zFcQAXUjhld5&8IYX+X=_cT5BguY(SXcSZ&2<28v4O81=(j@+~BvVxRtEn)^3f#p^W
zLU+#yvWIFC1;n-w(qHa3N$k4a_ASvx2T=b#iDSy3O`?!|3W;F4_QLbZJ*O1v?=?4(
z6e=;ckvpT1JKRDhjMgOba7t+eQn=@&5v_+?ppUy|BX>w7)5dKIrA*=_cWtlvf($jg
z!O;H=Q@{V`+Ua*E7?CBW?KDe02O~{2)eDB%jP+93HrLC;zlFhmrm?;mlRbKfL}qe9
zE=GIx>y=YdwQ6gMQ8FdiiGfvF?o|*n%XTjjNsNehcqVDJDZ8k)+$+>6hHnE^n&BI-
z=R0VlkIEUQZyh%+SzsO`zGF2ahC0#RSdZrIOKDnPk_G-+L;hdETJLIy_)pmyblCtBi&Ngr_VTwnn4LOiGZ9L{u&!?I-gg>_7RQYf%Jull7ey@@qc{T7)Z
zE;}BEi^IH2{a_S@j`R9-V`m7sCtkRh5MZMKAn>ZD3mAj$l$-4s&x_Vp{DYmyqflU4TQ_O}jLo0JQJW$L`M41s=<*
z9dsc=M2R+2?$Re4mbhClOf63V+Y;pq&OdpYU-8V{w|y{kK1sKPv737-g_&!K77^R}
zD7{*wnx_$Z`u*mK3&~s+SlPrCl(B@Uk$K+4$K7t>uUSpmqp$pSiNbIQ>p*eXTsrl*
z>;)G((~hCt1($JEuf@rXn9~^gb#wu;cXY3U!Zl5rp`mVaGzE#-KXq_
z-Vg)q4ClTJU>W}BO|U4}mgWUxZa?}ox=wvg*XuhIvw+iJ5Yu=HWuHb2CNv__x+9%Z
z@hP^Gi2(p{zH`P!rzupG7mhG$P&%Hz
zhx&;-yrQzvpkQl5vtKe27_c-Q6R`nkN)PjK4k#K@TOyYZy?+Cv$EHRVghcbV>$s3r
zFrIT0P+vjwdbg5hGjqAeeH@6Uq9w+=gx7~H!_ktM62%;6f;2YJU7adSsT}J05-6*UzekPgacr!hCj!+JIZkB
z;Db7bI-$V68_r|ragyoloyg%g7}
znAX{CbiF7_F8Q`lX1(NpO$`LSX-8#$x+qeqWU{FYa$0=+gz
zz!Z8EH>crAe(09d8q=;`SIZwypdGi8yV8K(@TLkVV9}JFu}*#B3N}
zYpaTq2l41CHla8KHKBwo02}nR<^bX$0POFI$K6Ge8)GFVMHm6*hW}0yxYaGp
zDH``4FJ&UZ!hg;rT9K}nOQ>-=Z~_eZqYW7;&gMR|*%b@7yslxyrDs!D54*T$Z6Rsi
z`$lo-K#c9PjXkm!5#7fn%3DdQZXJgHr#P20E0#{rDC~Z=KlzM8vK;+u@fFoF7G*p&
zNo?;6+0x36-04lw$KGtL=w6Y(w?`gbgpT$o!cIF|hHbU}p?0u+_@TakxLw;pfsv!b
zgcwQ&*Pv=x6dNWDi^{@>667UrqT#@6`fgX*8IbeCvK@8}@svqif
zV1zRIc6E=^`$XfDDT61y;vLf~9w2W`sI^J&Cgag?t}58RIPT>s^uM%Y(Ax0m?{y9X}Bo
zqlzQNSoSlP78r>Yzu#3s`QMC31}-Ebw;Kj{LJ(YXM173^&lqB4jg5Qu+!5hC4`aNs
zu~V(b`eMncAoVKQmf60RJM^m9s1i!Ln`oV18QHB^AP
zR6UA0nK!fL(aWMC;$>b9Q(aVZX9*~=4jt^JcPKYUkK*FVv@TJ0Q>!~_zgIgw{=`I>
zQ6Gq$fpSKn*KJ1>oz9q8=1z&W6cZ?Z7c1Wm@&L5%1^uD}Y+!f=vOTafrABFriiG*t
zVXPj{>UQlkeLT!&L~{l2Hk9NdL7$9RPqE&`1*7Of9oBKrJST|PMH4u4o)5OLhz|tG
z*upoWG_FIJPX&YCpzD1~-yra%J7hB}A0q0#Q0s2U|BbyTV+-ZVT7DZiCkk*-dfacp
zCNZL1ct!^%IY7Z~hM5%SFbiGJZ(0o+ij%?~XSMCz**RS%S(CnYwebv1Vf<
zW~y=2eqb%RCk`;fJy>m3$&qMsRb2z_4mmV?n%O
zPqI)tBT7dx0MFA$9rED;MOk)GVMQIFRs2uq4Bb(TI6nh47j;+{ZLe9}8-g5{iE$aXfS}iGROZrrJ9!3=le{dh=GqF_8ozg+pH>Z}4lr~{=lJ`s{J)0!-
z%qHC2sxUHn4CV-ll4TAQVT1gCsTw7sjIIVAlh{`M&EDq055@c`JlY(djeF?T`>dc!
zy2G+(vW~-`N
zs=4X*NnbIXF7IN!U++rBU$@j@S8sT*uk)#wxy3!&NZi^`YKr}tCW{zcVN%`~;t)o2
z(q)z3O?gBWos}KT#tl;CSj8q%cKBEo$+M;}WXX&5a_(K5;XZ4>wpaRXF4M`K#HEoq
zxr<3&_ju}*UH95E*YMitJHa!zJkb
zpy3)P?shk{i8M8nQBAh38SVYpS-sFQcEFUprr*XB<%u^w5Usk^IDjr#-@SgTC`I6F
zEEu1OK1#GV*{+w%Y`BG5H)NI@lg3u8ZcO4wcWh1^5r#>ZJ9R7ZxGhcRj>a<8b4QJ7
zDr__-sjzgE#G0{SDQO6d#Yh5z5mm9og;jG)x@m>N3{!H+YslKn`OU;!%u-p#ErQ8+
z@u+;<91smkX5ZD>oMT(WuG@m-{$`0N_kNd~M<8OLPyLo0_akIm!AslYr0OI&F&OEjYr
z1|1r=y=Dj(fLvW)B?gQIIR?vO&uHgIy&a@2ns@Z`V*g{hLd7INo}OnuU5a7q=wnz)
z@|z9FRV1J+Q=Zo^MJ}I{7&|&m&g8FZ2_LVqFY_?qG;=g}FFf}LB(`#gpl=f1f|`zp
z{dgaVWvSH0HI-f28XB8z!HAPu@T!BokEQYmrg-Xq>~RHZ2)r8xT9GO
zW0r;I=zKJ|a@aK!y&lv>(@S!Jj1F%S+o7r%t@%j_BHpgTm$ZFtbv<{8-k;K=xuQHE
ztU=o|MQ9L4csJYF^xplRLH}Ri)a?M|b*B!?-_I#a_9~jPMlkvkr;Ihsxn>HMl|P&@
z6Zl=uQ%YAX36XC5rVEU;GftYm+e&+#?g#!QWV^;Tv!lU(i1&JRzkY~DGxw^F-JUrf
z@TEU$cF4%b&>*L^?!%Teu|LtmG0xn@oOA!V8+1)ho31xge2hU8buZ>Avonclda~jC
z-<{2q!N-!^;7j0PX<-VtI)UHxV8YpL{%_3G=y;Qyt+>x~UOy-8`}E^c6{vA^HJCGc
zk{tNTt@HU{?Gs#gcs7`Pvu6}tZ)8(Jllr^lfINo^!Z{wo0M1aIg3wY3*xBwjfTE=k>w^FMT2Vw<8BKNH57!2^LCg{f-d4SZJpK^Q>R1akaz^;
z@u2!q9=@1I1G}3i^{w5*+Ez7Y@1U;h^NbkOUhUwA>UJI5Vk^{ch#WFcmD>Sm@^S)g
zc8IWcz4pjqLwgb7_=%40mI6WXtt<$7QgGt-=d`8~2AsQifE@io9ZFmTe#?1QF#2-O
zoY;s!^c9(FF%Kg0&tf1N!!?-*ey+zz2I?l(49p}WkXv{iW}@r8VTKaJdy7mZPBR7t
ze6f5b-ly4kODa?rf0=x|W%3uC%2fV>FDCPsTMK1<_cGQkNQ%e*nIaDVh;)!zvj)?}QI_^Z-$v)3(np6CXugEwZ)k(;3IIIQoal%Hfs$-FvDkZlSpX~%Cf
zUZkry$y)|IDEC9&A!4len{~Po+jqP5h>@GS_rx&s0^(WODR?zW#2GqONAOAOcAh1h
zT&*{}SaDz$CJ#)yR6|;Rx_slz=8u)|WZv1@t#185VoL281Qeuf9t^w?9b4{4nTWjMi!?pZ~-ft4lI6<3Mj~ck|$FRKOgSJ=!0*rD5KTUYN3s
z?$UN}`?Ah$n-AhW_&W=03BgQML5Lz`KXQ`~9-TdUS<2k$rcYTI>jELAY*ZFw6E
zZniN}l13IMOuHSzu^MA(xZ@qX&6PWG$$kkdHjVYr=$E)RQOJtF@#>XLH44a4KkV0!
z+%vJOG(O0Y5&a9QbLT}nr^o_?z$so#kpyo!ZW%s%Z&b>wOHp}s~XK<7z~2Y
zLj^8{jaijMIRGM{4aY9R%RdT&uaoZR0Iis5*B^~(M=xT63W^`5Gclq~Md%SHE0r`%
z+FZh*u<)?&gv0~@JevFzXv%!ywkTLI!V5dGVt8r3f-zML-lDp#qd!<&J3a@hbi}Z8
zF^)Yqr=|otK|Dx=RL)#2gQY4~$}H4~(3uxLS1{D-_qCJSo4qP_Q*qCn$v#!jGzTq2
zF|`bO(l!DWoHd(l=oU{t8Zm6j6RRPbt|&?-#hxohbR(Q$0w+Q9*hzpaLTWL{BY_OP_%Fl0}jHZhR$&>4r4;HBk-{uv5EZbVmPCGJaG5S*5%B0pBARP2%{0G>T^
z(5~#@9T6qomtDygi0r7o*Oz5uhl&ytB153fkQ^;uF}pyUj!hpD+_gk&kHnowwX;oP
zT(Wikp0X_ohI31|R@;#mTaAcIx24;bZWj#k*150ptxbd{0fx&mB2|9z3UQwDm;~K%
zuU`P+7&eyC@T%xgFkea;TJXh2#nPc9T-emM%M4rcOmw1+Pau|S*S9P
zHX=*Au_nHtC1JDYFK2H}N5w1VW*5g_uxHLRH@C4!u&)n`B$|jluZ`g_LHle3|k8aq`UJ5Rma+McXU0=aLz>5
zn2sVCs>~-GI2_d|phR@8cVk^Fa?(j8P0+mDu^h8Fey``Xe0PL_)-gIts0X?m1OsF{
zh^MFnw0JEQ3XuFC7>TY0qu>K
z47}m>DgKSuL~f}l93%IU?Bw)a7z28atc;u-wM`?-&JQz9iA=2|F)YtHnCXm#yfL;o
zBJv5xfr{Ic6^{(Kf{b&IMw!H+H*Pwfr%JecDohrcHjEw#ppOb{f(xTX-wU!1AGk$b
z_lh#S^`m`1^jmuT43QYmB(jV{DrH>gc)h_01XtJ+M((+3YqWUHtowe-@ZJs&xdshR
zXC53>x-C&bqGhSyaDWi?hT?iL!};KL&uJr8gAki`Rysnj86a2oFc(WdLt?;qTh7_o
z9byV%62CCLHUN)MUTEumzm*WofDoGzp4hQQKS+=wAB(Zg7eyPY88slD?K|A~H#TU{
zpFD}H3pmCg+^bMv3x+eTjo}etFiv$ocxv&sgE3k=lT-4659<=5*MeRsdPT+#X6%%>
zCc)UPdhIA5TW--Ml8MS(gG(1iy&J%ChQE@DPa4e|u`KF^oLbRQ5U^_vCH({X)b%DY
z>Pn5sQ1aszg=7QOGj2Pyu-Q?pEyhyh>}zO-HJdWAS#6%S_kMXB>UMD1|DyKO7Bu+I
zwo^2+P2Wm!am}}rGSS}jR*GiyFKQ>9h4^lLBZaks3a#EtqdC7H`=~*KH@SyiUyYb;
z|NOk&)0~8?ozoCuV~cI>oilsmiRM|rBzBbu^FD(S-VJbhzyWYM;D
zY}>YN+ji11JM7rD)v;}x9ox2TJN4zh``$OksZs0vtU70{z4qL5%{iYNzmiq17oC5Z
zC4{Z^skCUU4-4-i^Fb5`?=Q&BU$$2MJXS|5&ZOIrZ>4K*;wmcQ|VzN~>U!_S~()
z1AkX7m_$2ujl6+0?6e<|hZ%gn@Gmiu1!)_W$_xbyU%>XfcI3?7=OKk1Zc<2{b4L3#
z`6>6LA{i*mUEzHx!NuxYlm#g*9j5E5X!dJ2jCBrfwf$wwH9rjAzMAs+zA8
zm5mb_2kxk86mQ%0X`F2fXa$}pkH9RXT~m*1!PIYaq`Q)Y9WnyW?CvjXM@+85<=J2iO$d4#X{;6zhUzL%X&naqt>ztF4
zCpE|pG?m`1#{_BwHiO^K>}-gDDU%Cgc$)L|07sNwl7fNuPq)vpzPfoq)(^}Z+7%7g
zxMI=xZwG1*mO#2<$dJZQ^Q(&u?S``0n!g@WHc)L?YPf4?#0)A|)E2>O@CB}=j#k-&
zNQEW4E)Cb}p%YDQznq?dn(9atV6fO_qUYq_(TlUOw#a$GD|FN329S-0%cmS59XZG}
z&H~Y0wJ*WqI1VMao)tXap;#idNMg-f3>sYflZ$%n)lmhN%w7I4H55|HhRos(|GO#R
z+1Ib+sdDb0HCp9F!-kUTu&x0X}G~zX}7Do6R`x)OK$Q2rBLGwg$-i
zAGB$fU#~|%VYI6$niSQQ0TL`KuR+BNhoQ6Tlxege$V;m?A1tQ(<}-^mPw_Wkm{=oM
z>^p+uN!IFD91dtE_NxAsP~NS&sttp*Mlsja;N2vx;2p3$e#FvF(yYrMHDCknE0Ve*
zju6)DXpRsoE8{7{`48bo^t(boqZd$t!@O_+5WnAluV@1E3
z<<0_`w&Lmy;|n(0R=^FT)S%iZc0#MeB0uy1?0kWE6%R&69PrC7CKq^(ZkL4#9eME{W(+76QiD{k8&
z@8O_`_e`AoT6%%p2j9)T*kttgi@pFi`2Gqa{gV?{>F4xI@D*=m+^dFihE1&(*KIjT
zh8M
zN(Awb+8Q;PbzVu*$o*F-$h}Ml19E)jiXRxfDcpiHO5I|w3bz6hVwl>U;xI8f;V44-
zVAk?%?`^2x3z^-<^=P%`N8#RIv*RE8MQPb48Da&dqw
zItK-6*&&(3yJ;Ht`@6%Y4ue_(LP7%8VO`w|Y?JHJJjn!Y3eyLSA?U(48?uh_rE=5p
z^&jLGZLv(;y;Jq0KK3bypt;>e$IGC)*W*QF>(=9*40@s%Y5k)0vxO!@E-W3)r?J)J
z7W8^zfOnUw^#y}t)8{#d~L6QZ4^
z9glI^-IKURs67uG=>wn1ak_sGFCc?=9aI4ZgbSH9CmxV%|$R
zoT7C4)IA+%&3)fi#!6*b>;&%EWX6d>2VCjWO-|}yQEi}QF*KiwC)G(#AT(^aeKR+`
z+_I>O#h#b4aIa08c#f(B+fF6%t9p|U010CoRx(3rnUMa3Y-
z^|fXmTOL8mn_PS;YZUz!K*R_r89}n4)~{(;IT{+(iuEm{OEwoj`e~Jhbinlz_`QC1
zh-l6;LqdAQi|27Xu~AqIpTxykHy(uwvyKF!8x9zRPCHCpS(3QiC)p!5`7j&to-6lC
zMZdXG@^RvV1CV9eErB5F{Z`>OQ<6rM-1^G?v6jQmAw5C-Li9P-BiEApIUzAj9jegP
z$0frnf|X3iGSe`?Z*!y18VxEtjtlepFRJI<8RwYt>P2F0
zF$sI#sysI5zcwo1*WVjYg`md2CUR4bRO2ZK)=H0ug;t?l;lRvL1F+Y|hD}JzkRc?L
zB8ag%Sc%;I8j6vt(xA4zMC0@PzZEhD@-~Ksve!d?f%a8I7;<90_vSkZfr#6{Rm@>k
zr9-vd{qP}JXcUE&w&IYgGNF*rnsl|A?i8!QZ%Dxy6Y0Y*_qCx~TuH%p(x6&?pf)*;
zT%o#~(39XictVl9o$uXWch20+4;rz4L?;<4ZLBurh3m>QUz_HiLu$k>zz2hwx=i+`6f223yv&mYn04(_6!iYE1xzXw0hzfT4PMH^
z7<$GjOfnP;6}#Hhb|f*wy~idgzqdWRayG*pP(&(!ZYBI7v&7J>`IOK`;y_fvMd21L
zon2VIKCTyu#rvTn&F+i+g()Z{fsg)8!Wq7pp(G!nnW&?qi4sKg`5!vw!kr&fXvE(H
z9i4+X;jZ$YnB%@c_k--WF99pUtHEeB#1__navr=Iap$kWp2poHzvuIdGPFDjRu`qo
z66G_6D0Bnrh0^R64EppI0eB`AEU
z?mqB*a+r}u+X1$
zM2W99ZcNkBH&@1t;|QX+Od1PO!lUmObiu$LYU{6$nUV+F-IfdSBGvXa_UA3(LV_$Z
z>5Yad?Ke|zvzDU$^Y2&dMvm5n%|DGL*Q?{-l2+YqxWq(_ni4~*dn_HDmF9~e(Tf4n
zNgW^N7^{M?OU}p#N1T2}Q%>$s#!`lZqUiPocKtg(4TvfK}?OZe{
z;+El~5M_L1;6bK;L>Y+ULj(&#*`6viIvv4Z7k1@}|24;Cu;j(XO
z@I1Q7OF0}f@M}GCj?}}JY1l>_kbL9#+NBOS71cxrNKj1&55u^fssD5fHULF-D34PS
z+dZcH`X+b)+cMkOt5PtrbznCe7N1$(2N6e;;vg5+phZGSTn8jt1O0pJvOLd^7ZAR`
z;v#e`muxK~G#v!sdrs|E-2jf86G`_&_u9hjhWVU*M)2V}e3Nd_i{e^}{tkL&9)eg!
zt2KXL?}mXUnrk6X-3D()(@5{a^7f_8o1Als)?OG#p2+b;S`Thc<$R3Y#CRDuv)Ot*
zWL3yJ8Oq^hKz}`8dtxkRPF=kp-)*>kECs2C_U9Ak#LQKV)Wl5zm9(cb7ZV-g2g3M3
zx!6~R&Nq$2)8}E&ZkW4ts4=8Ehk@1Z8)LmkOs8%JB`r)XR1i?zA(JnZ?3BWxF|;TA
zez>lJO!h=KF6q0p8?=PaBw`B|b=Zbndpl+fGrL!iWL9iyC%fXD$>L*iPR`a6!B1re>;;Qwr|Tm2o?7)T63h+vKj
zC-lt|3yy~&HqZ`(o&6qcZ6^e7n_|t6_R(;0IH)hq}idPHwN3sw?7Y!9HD?oUYU-v9yWp&W-ZKCEhkbz{a{C>yS<{
zPQ5=&-Eg2R^PGx5Y{YP37B+GbRC(*`0y2uZUTbB~2ah8-~(WUxmgI(JIW-~M+IYfpFUHCey435N^dUR`W`7=P1+
zx#}u8J9-j1zmi94m>4n#8{jHJq{Jf(k+MaHNQ%k5nXjN|d0r!Bpfr89tT$QUrj9P>
zvePsgN@IPh#*1ss$75*#OxCnjaD%nJ7ujGzRDBK~Ll_d=4hr+K
z4q!OAIh~Pk>6+%<=H~yRh6O%sxt)UnbNLU9Ai~5P8Ig?kY|O^caru1$%fTQY5N8+G
zHViA4VZ#$DEvQ7%kGrD2xp#@`?bW^u5!P~?s(Q4O5xJD+bU9IP@%aETNN%q3-s4HT
zFYt|X8d2Q?!Zu6%z32E#Ja!0o*(DZ|kh?)|Z8m~POLh#$*T2RQ+c~_gz3Y1<^WmsKQ0X
z&9i?kYdMpAo(1r{Qn3F<)Qfdv4Dhd7KaTS%7?ikV)I0ids6ET8;dhYMRIyzp-`
zaNbxKcSJIWX0ADzJ%^?{G&!uMDteF%)FG;seT`O|%swB-Pu*4IC5gh?v|(U+`hu}^
zL@JPH(38uJ!g@ORO2{%KUGL{!Y?U7GTL0wYqPC9~z$Nz$H?8SMvzEAfOzd
z9(qF{(DZpR4g7vR_I`I5f}wgO*T)EUD*5_rZ_R%@&VRQplrBY`6mOl%dicpK{QY{OTQijKIuku;Y-dZw_9QfJeow?f5ZGQV6$zKLl4;
zfY5+3xR+C}h2IO`_6u{-B29bLK^sv(DY!Q~v4)^0-gUY4@=!(o^1ZxhZ-|+>0i7`;G6i^;e@Z9vFTO2K+aPnWHCqXeo0LiVpt%(
zajtDpGeZOo66vpvyM+=}6qO~~B2_<7&AbCYuRgyBHYW^i6E&B{YYt0ZYS1Yfk#-ze)R!CxdSNO!hb)t
zUv)Ip@cMO>nbT@}mtl}Xi9|AzUP8(6#y*uvQw?Y_z0@mLHL0pkq;^&rVYKx+>Yife
zDrs~|#!=ik9`(j0HvVuk*eKXr5EdNqIOtxUuAO##JvfYUi^NIECG#W>_Ea;YC(l99
zkqwBjK%vYJO2{?ZoQD&rA%&puTQkL%81)
zWyI92Q2k5N)6EN4`jom*U@hE!_&7OS3kFdZ&>oOO|4dhEb!_({K6>!114D{PGnRQz
zKw^d&b*dC-e!A(mwF=2z
zn!n?|4Jl9l*nc8rIa6=UX3xNGUle6j-yt?<1G!)m70|tG&%ljM*zaoc^9k;>z={mP!c+zQ>noRu
zkd+rR1!fmEfh5YA7;_3^uMq4WR={jLhUyGF43YST?j$LMQE@#N;D!YupGy|4F^eaO
z$-FKAaXC&38q<1JkCQhNLUIA|!+UFcT+M$(j+SN*R^K=je*BoaZbNTBBjr%9yLj;~
z*M%HJJbIQ-@KiEwjn?^`$P!$5<2jE%asAAx{{oiAPM6x(Fr
zU+k?2{0>rQ#9fu7fYLY-mP+sbKt@ZKU14db`pKcg$>YHBpQZ9_F3FLw8|#fF+mpLv
z=uclgXMsfpH^iN69;JQvhuz0Qr?vwd0&i#EvV2a7r;);g^RWm+UOv~~ACg|pG+pKR
zHdoynHTYdF+dz+fd*zLq8?}1@=V!#~v{2SdsFLlP>$V%U1ol@V5mTJa-RozP(PN&T
z{(rB8_%o;Hj_<5&VP{~n3f)E|!zk4u74;Ai5Pw7Rjwt;>S8pZ{sdfdb&HAad(%F}G
zfl@&+tKLqpJ?B3Smk*hnp~Z`XeW$1Qepk7O6X(vQdOOSM&GNRnZEsnft^Kuq&rk{>
zZJ7Sup=RVG3M!w*zbq(%n8spD$RPg*{G-&)z7lfFZ;bh|k@R#_iJL9?o|J^5|xg&xd{2
zj}EHIRS&rpDx(gD6rMOtjAz8woh$W==Bv*GzeSzeEGcIOeXgTo`#K-ST*g{{#@e6B
zz6urJ=B{%o3;#&SX+eSq@Vb#weS3dk5kg-6)`;an|C!vo#qmiKAefG`z?0c}tjm9w
zQf7KeUb_5cHv|OVN`mD%%Wm8Fvxzf>jS>mVA*v3(bI;Zme~@=}3EvgK@0BS&3PkVJ
znDlU)OKvCnZ+i2d69xTGgtmGU-0b4E41iqDcta4C(Qhv?|7ER!6;&JM*$yNLp5O*F
zwoC3_1tW*Q|Gn%r2_-m+E%&7@o=PtVAhTu3UEQ4uGUl1R$|NRoJQ<{IJ-FQusQmRYj;a#?v|II89FeS)LmPs4JRRL%dbF(iDle3lka%qskiTLq(|>xgR=RG+)#@TRf4yk6p#dKCmBhXGP=0w2_cufBPW)an;y=qA`57a!T4?(~I*efnm)
zTow6>hDWD;yMIx&c7+2SvBj4b@V>rH^7xM0d%8aUZ0*w5R>%U>&<|M-6bxAzl!=kJLEr}MX)an9P5mHBBudxeBf=m*GWBCBsMyip8LdrAqQ0x3ok
z$6Xj3VyJ-mmXX>GTl51qT8bFGr`dm(UYD`Q(_TzF{HzZp>1sZ@sl&!5S4D6w(Hx!>
zPJ<8dkR152Qx5LVo(0!>Qe2OKMty~zoxh2&3|~yTfz|d(u*sd>E}@JB_b;UNvFyHc
zSeYDI+LxTq@Cp@5qecZ=p%YwJHC`CoO(Eu?ImKjBG4eF%vv&`+p6!h73C>vfHfH!g
zUZ8xeo-xmC+qvvsf%x2{ix{ONS?L#+IY|MGAC4DS^;yZl@&{ZmVSAs%c$988+6p%A
z8&@+FtF9jb#;ReDJqcAq3Y=MhOshDy!@=I==o~9R@!*J?G2oXzwdVfw&JW}p^!36Z
zfcU%v`Em0T{`{4F-yenmpE`iRsvqHH?}DHo=?CL~Jg$GqZUf4zcKkkWh*AvG2YOUD
zcd+}r6B@O19qSA@Rj;1tTNXzG26O$%&Df4T11c<{l(ON{@SQB&nBj~-LHV04qIF$0
z6DCwBvrYpjf7+m6iBoq|=gFyM_79bFNu%3*u4;(FFyW!9}Qu-)BEG^99q4ImuN87_m*aPKkZ!
zu?-mYa~^sf*%|VVBjXI@JY8wu*k2TcJuBt4dxQt{D@h5G_#5_=iZen|Io)UW_3XnJ
z<$n|wlCoi_g{^OL*D{t>Bei`?MtOOvK@%tG;Lr*eh)`f1P-bZVw)a`dJ+w@^Yl|9Z
zsTJuio8F}<|8WoVaS;0YRBZWTgpzbS1hh9K)&clm{kG>$`o3Qb0bX^0EtGElRRF=I
zAL4T_ENxFJQ8gy5_x8!Vi<=BVGt;T^6y|j98E{bJe_1H)0>WH{
z7#C;K=wWa~N0%-MBn{kc5%dcM>EVn_=jOJ6NA{F;EOv0jqk@PUs*iTDi7`#k+Bh^3
z24&#&Z47E)qfmVe6KaX6v7c+C#~Lm>|#@W;8>_bOd&eiX6R8|aNlStv#{lOnEg{z2@*90
z{#u|oPh5cbNKY`pBEPf^+Sva-*i|caefY_xg$sTcaU7DBAb$66#gZ?~=U|@Sikya^
zImUqMs@mT0HNTaK%8Q?b>U`zt(
z>oW6>4CQuHdWFXhp@O_=uvypdw)odKq$Z5qA9={SaXqf%2;$L^dPm;6c0kneC
z+~VFqybE3zeF|5vgA5I=RsyqHqq5T?Cj3Tx%cLTv{M^#UJkkX`%zwrT$!faK6)vH#
zG@c9HB%ke-rVyhkJDk$Aw$3x({AK=`8zC0_e0y{8wTz5--%VlZ(
z`;`A;&m7uf&lR$t%3aj{^51yt>(}PxswcW_ee>*`v&_+R||}Rhh_!DdTqh-FEy9@d_X2<(*wo<
z6`!Kl`vc3dQ#YckA#I$qBkq_Jh?S>`JAWV3r-t`)H9Y7GY-)8)ph=2c+}yW%zdJ1I
z)d1QY+czQh&SFEG2=JpZR
zS4!OFJVVxjWN9#4#`y7E+CT?dw5?|aHMQ4Pttn?WB3TuGkop0xrbw50?ZBJ^32?6a
zb=_J5*;d7lX}X~qka#5BK7Y!7bBc6;Dgp-r!o^2ssct8Zn0lnAC~k~y>ya=%ZfO@P
zE@hEM*bE~171s$|3EHY@p<_RRC71XJ;aTG`aT&!HZ7C~3>|^?#16-m1-vnFW?O2`x
zL+@o^E+3k-l(Aoqa~#80xf2(?-+Yj%!T{_1bqR1LfOY>Lx5i$KyVd6cnLs!2At)3
z*#UA#lIaVaIw0MTmK=|^J^fWD)`I90-jhW^_(bD0-ekUOSKz!Gq4OESRb;Er_k>N
zK0rLWlATHv5kpzm#PWq|pc~=Wra{c{@>`pxYO9-O{?aqHNAsZ|u
zcFQHla-I^|lb=bQwA5a!qT{I+(cna~%!qPVh=d2^F}^wa1W?7HRdVfpWm}
zu-d9bn$(3tTri>7R_L33d9(%K{%+l{m_AeGxODcDhq8v;Pdf!Z{|MM9Z5MqN&tFjv
zvt<3JM-8s6U#YKSm$uq+N27(WEy&`W`-w8r6$sLYLEl3&1Dk#Zq?+g6K+B2>b(aIS
ziuXL+(T&xz9AYAH;?OtS-mJzgXK;iJ64Xq!4H2GpUG8qjngDs#&#|9^`pKv-g5!vH
zfScn7Lx4ve;HQq;MQjsX3L-xLynHi3Uq354>(>Kk10eo1%j{dbeWX<|nH<#Q38y5N
zdrR;;wuf*oe6#%qa-@Da}^bN8ThX?|%GFJw^wCfx_+9b>?veT)a8}D8!I6_Ib
zbIc7WB{k5OPNmyH+GlP7KGDI*a{lsjR(I?C`g6muFPNOVLTml!%kQcWa9}4Oq)2xW
zFx%tOCg1-trtDJrBh3!7_e?5vy!1tC+D0XvxawB-bo~lux?DI_O(^6ZQ?yM!_{faK
z%l{JDbastSJ0<{LN1Omf#<7C!(JhR*XyWOK9xW`_aVcAH_@l563$0omb0g&1aof=c
z1gdfdV#9u&0JlO^jQ^}^59Nt;)*Mt5c7`CLMNq^gOx)^GqZJa*(==}}_eYAFO>4{e
z0LXg6=VoCPcn>kxC@N>i8Eq8z1BoRiJ1h8B&6y>*RC?5|&W!UVT@oQm3rpIVF)4BN
zw+saZSxw5y@T=It@u+fnE#ud68R+E-adPH}{m=SmpV_H7oR^*|_P
zkOYTDyHQLediqy)9(G0nhBp&?IqdG1Bh3(T!?DHK41HhI6x4%EyxiRB<9*&>E(?y^
zhr;C+(K2Lj*iGWe=zcO}x9cSR`Ixbtg&t$^`7n;!y7~S(s?druJCgGQ2Z2pyyr^??
z+5;93b@TKnbA#91$ZwX*{hAlbIpaH$u5(aDfiyTG(#>5X!iP~ngj_}+tAudceE^Zjj}!!op#)MvS+!T61G%K_o4BrSXp
zwn!NWti~MzDY%LkU7$P42~k`Z4`a_Z;QzH?+Ny;TG~k+T?;(_5;0GhzMMCnfviyJ{
z7rGG~<9^H@v#?Ibv+`>SRdhlL)M$-Ey)t|$DMoPmx^YUXA(#}ek=~^8)1V=_usxnx
zfzIUQYFXoJtFJTZyyb{ES(9x?jHd|MeF)!#Cpj`gHp`cYYH`*
z$!Y&{Z!xZtvia(~j~Zf~0h4m_>cPVM8W`|2j27P#zGunEUwUSYwjN6PD{r;ot?b<*
zSmBQzOJPpn@{Z1iHut)Mv^=s&MAGV`<2Jf@ACiEtPU}D8)B+7ZQ
zcM{z?@C)(Xi}Sg6srj$i=SuTW=b!EU-%S9UDd%cK=EtNhfD|Le?8kQTnCDqg$YbZq
zkJJ41Baq&AtwbP4XkoE5hs=iVvmo!mS29JQSWmA0)d*P@|21&ZS9&4E=~vWFs_pp%
z9@N5UY56$Iz14VRwD);})nR4?km{s&B#g;%4_(CviH$GcdJ2sbzSmAS%j4G+o%ags
z757T(mAo0B6V}T&gGM(l(~0)xnZ5CJkN|($0|mqO#rmC{*`5OP!PnNMTdsAR=y}eJ
zgIiOlhdsO-HAW|z>aUC#h9xe}R`uAC;|Kz(1schW1HXUZV{#w4ZYI}$s+WF$kDf3Y
z@lM3w#64Wv8+tkv?s7E<_XT&x{<|%b6?F}w|4&={EXe2xpsfYU)z+3HKP+cQe}{*#q`3DGz!8H}zo}qBp+0@EZ9ZGFKdM
z=BQ8CaE-Lxljco=U0OV1!3Ol
zfrDLdRG3+;k)YH3LNu<|unIk!S7x75Nyg1z0YO)1Ujwm*307;&r;Qec
zf{Kw}+;Xp&by_}{7WSa!0>|5t0!?0bI5Ot%^0j@MuAAOwrJt^o#;Ig4=bN<3p3<)|
zh>hXEiGw=`(=SdKW7lb$Kuw`Kh|=gbT7P&2MwFKU(YWhZsp)kS%z30I!-gyE%??
ze*tS_XIfG$h$_oWbYL+1T5(BcIRk&kB>Z56<{))5$8V@SdcF{y+&~fLz$v;x&NKSi
zp@C9yNHi=pRSAS>$WVvTBI}>N?i}T#MP^%`y=0}>vfp3jDhZ}j6I;_J#8ri;ThY!5
z%%Qbmwj@zfOD@+b%h7^3RTWj{VeDdF>rYzV2m5-X!t@s~0)L1cG^E`^q1Rgskkjx0
zT!_sCi_m~n{J=Ped$o>NNDIPrX8z
zf!~#ljglaF=j+WU=E^53g5r9_!rbRHmAACbDug-<#ZRX
zjBu~V;kMyL%)1#NVBUV5i^Mvg`KApP1DE6mTSE@iK+A#;p_|^~;b@)|dX5SpHY&3>
z`rLyoq9gb?zy^_)WtVN3?hs^Z_Pfj`++vy`N58Tl!oA^0kQ8b`YVY_^)A=YDz?-@c
z`h|?4aM?7JUhxqzl2+``ooLFC3U~Ur+`lj+tE8+bQUYU;HLDJuJ&^A!$?ZxgdTvit
z-d4ij(GbJSZuBGILS3?2mU#s-%3Jd-NMHT(CWVROqJlzC^Vv|S#zJsCa4-z3XwFK;
zE|qV0lyvnAu#M`0J9w`k>k6U5lywITO`4GBT{%z~`ul^Aose-Sq|I1NXBo<#=O7xv
z_%063p~K?bfF-4#fIH#`&Yc?B{Nm@l)wAmhi3qF^`ATti=_`bph9A3`A2*%eze__0
zv*B{1Nt~c7oVc4Ijg;SE02RVmL!4}pw+Spe;%qij*haN&o`v|aclOnB@jkE}i5RHNve99(C6%oXd`n5p0*tf?@@LxfKDxY0HC0vC=arY{ph
zddrCsx*v2Bwv^L}1sl$N#v}!V-v!)APMWR}4@a%kEp#TOEtg_J@iQyK%YChMPx5%u
zHS9pZeIsj@v>qh~)^OWc9@g$lI%Y91nK~;2%Kpp$3_U&xxKmn**19S*1yU
zXVF2DHFq8$S|1g6kgLaZ2C83F($o!SB*Obe?MKsQngsP3vL0yCa!`-Z&NUXc7TO-G!XyPYZi-Uen7V?cgi~Yk
z1Tf0f&;3okD(Lr3-SD%b_oLS~IoxO|;YO$x2d(<>6{Y#dfl-$s8lEvh3Q*JedBcCb
zxie8y3g(3iXr-xdTIbcgU8XPRu-!dnJZwACgmKxX49fmyJyJY!1$CywxZJMJlQN4|%B1Jeld%l&TD}m?ADRa>
z#Yt^PTz5Iee8C0eg;c&!*+REQWZA)QMiYV$l8zrL*uXgivy-8sTf@1p{43Y!TmOF?Iw)BL?*R7cB&s
z4_sk8^Z-;qmkt9OFziZ}6}1Uvg5Kw-Lx28mw|SDmsJgP#%BPnehP=YR%@y&7-~1eF
ze4B@V`9_ZB*88lUY@c2Q^ag9
zGJuWYl8pX6v%AjGHxd2TMkMVa0Nox<9>XZPndAX&_3cThB|*XbtV2N
zPKlY7sL7NeooF(*M`mfv@x++
zV$rJmjp?4RA#(b-itPc$^q-nVG2@0VHSgW7-nPsOUFrS~L-u~rpwG+j&FM`N-5rky
zit20H{Xj2^!j0x{^9;tNm4GoE|u1|^2noq^};zdhD{w*$*6l!YAY
zOF2hLiU!o_l&Pc-nN5-vO}gXw>|L2Gy3vF&{ZPYBpf#FTynniX10cQhee4>hc%Qr8
zKZ@6~_y>+HY=EGBv6w~EKt;3IE+5-c;(IdPhavRfCC5G0WcWJ32}0TqM!?oe!60v*
zD@U5EKTd^HGT7MI4J7~<9Hi-RbeRlS-+bkOMFX$QjS=!2jNM90(X)+bs+Hmg#G
z4SgY*2`P)r$yl-dobhA@LnBvlM)M`h{Db*B`kZ(?b#Ha&v)=d9#HZF1h*rQr
zTmNeqYnbq&IjH*JTmZ`J*3K3`O!D0&jApe;Qg>u?uHxF_oOnf#Qg4!~XY`>uUE<&c
zuB5!&`IVZU5IjAF#1X6q3RHZU@G}rc?UBW?Rbdm{ha*e1QU?|p+{|S#tzN9s7-~{`
zh=XG}h5M0i>U8Cfdg_QQ%?2$!1)8v2BqSMqet&FATiL+Lc>GX2K5AKSu}%6B#8!f=
z1wQq*4E?jTV^H=A;5xAB7z0HZnHZsNwrsi3zBU(bN>8J}y>|#+I{icntzdp`cU9R)
zuwY?hk!!-1{iX(ZF7n?HoSVUFRZF6}Pxe;9s(brHyEd2&RZoh^BmlwiS_!a2tt}7*
zpfL^T61gTm!sVn@JzMWLe<~Da?Y#n`v&H$-2BN#ctutRY^EMuzoG0e8o4Nq-;c&
z6kYSNa?19~h?+DhLPMzZ7(x}k*wjo(G{>SbBvIatuU;4!OHUsUTa=uHo)&BX3ICLolgJUumPI=)@vjIZm-DY_7;
zvMpspOKub8ZokukIdZ+pY#Gkm6*oYmUSE>RUa$M`)ywS+Jg%8NUqJI3Iy`(-0dcCw^#q1B)<|?qIW%*Z2@$C8R&X(0lK4R
z_G5f8Fe0$w&kQlTHO3hYdye;y!zG
zbiPi8;Al>-&4SNCw74V_-!WlNsapJNRt8)f>@Dpf0R=+jU>s!s(abMgumvLWC9EJY
zK8ECk3o1d}SDml|msj!Q$``}ssG1!+c)K@Yr-*|U7lC|g=4-8-&V7pCTlzATizqRy
z=kU0E{TE(SH*rz3^H7W-5k`IDKtnY}kR5Fj6s5rEPmc`nT%77_n|m5in6r8d?`0ZjvD&a#3A893WMjD+}y%Rl0Y`eNmW@U(Iun%h2USJ?Rf
z2~W&#NqG2#J+*rtqX$!{uU~Da-euX>1U25Z~I?<_0To=iBjZ_a5ZICBe0=W}IRcr@H0d@sC)6CItTG`bO0iX7<(8*Ho+e
z`5rM5SL`stgsjtl7*6}3SRI)fi+`_hryMyM?TfhDdVMpuQn#Y3BGAZZbg
zmp9bXo)YLT@gB%+5Dn>oRhcir{JVAH0Qw#k$`Z7?p!r#;|Cy|^JjARFT+#Ovx$5`kZRuIMh1_M
z*Is1Gp5fPxQ@fu^{anvEPrK_ajA#xfWx8RXO8@@hgSr^wj-2RH&a?S%R|(
z(!G_uIJ2sB-iF)`;PCVmB@r|c6@JPP@srs=@%;D12Gp0L23AuH4Al}$;z0jqU?e*S
zT9Xfy=JcByWaaO-eZaPz+#;n7C&}4GOZ})H=)QnaCo?x;{nqZuTYt=Us3A_erWKX3
z+Dhl?#e+p13!=iyZ~IuzI6EZ*D%S;3Cs9@p>1tpg{XOAOJo9pz@nXc>EBtafo63$~8JIVE^|8>|ba@f`lp
zM=8X-rhxa=%iY&wq^(IG;!hCE!rXQIP?=r!YsSv02d#~}xtQkcTU}et(-XVS9N1ap
zFaq($IQg)yUEfoEZN+kvu#t~hMlIY$`o>(=$B7y-e^eK#n>>oJ-;u;AKW#ud;*Oy5
zL(C2PO&SnMSbmQQMR*;FF
zSUpUtpNU1T#{k!_HT6MB*vcZ&6KMH{ZABZD-a6*Ifqy5>aSGioAK|3r1d28q4Z@oc
zX}^xuXBH&D@-b%N$t?I;Qe0^9#20J%fcuSDmqi`P$1btdP26ZSVuXv!>94&~pJnC|
z?^!Mfc3BpkX5l*K;yAh@egDyZ725ZlHI}~7O(60jF~^-+c!rhGci#QecfI|0UFjP?
zZl~JGRZQA(|6H~PE%ZIP+Gv?{f>_&LdIpD
zm5c3NB5WTg)X(4Q6{A?NO^@Z%utUas`L~cAg}Rud|2mKsKw?;=BQeyMnSqVjgaSR#_~L(2fXpLhYYnxJ&_Qe_{ho1
zJ9~8^T!=l?0mq24pl-;SXhdAac^caXoWVJkU_(I^GW|cM-Z46}Ub3UjuBXao=dfqJdsL!|Rggtd0538O
zIeNA?xC#e%x8C+ryFIAIrV7$8L~SBv>s+4CvICW^ZHq%OEx$8pYbu+=6FrCBGr7w-
zCoij~97#vAVbTink5)8L=rqdS`AZFC)og`Wh4k{4-m7hR{W&%5d6u^^>~=TJIaw|n
z=9@j9f!HTwkIbk4sZ|m;6s!KA+h5UxZsw0tuEa0Oyl%Vu*nB!Vy4mdx&b^;B&^c`K
zsDLBDbSv&b&!8pNRXMNR4V6yo7!gKhmrpg$5}vuLGhfPjV}yGeW2BosQmAFFGDDS3
zlSMnY`3E<|Kst}JNi`a86-RIUo&%E{4x%~Z?^5fw&>^u36Hv0Rd|Z>|hp2MQ-il!n
zDYcpGpCm)DfY*X$hhQk_siWf?#i`ESD_I~ub*xC#i1xRA<7enr0gknOK
z<9LiZmOcHN{FEC178baVZwGxp7t)BkqI$}&XI_ZZ*ltm8sXEEsS;D^qA6ZI^#oU3V
zOXDo}sqU~}Kao_I>WoMf!YaZgl`yEQNbq7J6bwUpU@v%B)gTL=*~S_l*#L?f$0
zLn^hQUUTbGI+=#ROFECqBjs913Hk3O=-A&WZF&ze?SZSx`)n7OdB(xOY1TwrZACy#
z=W}Z&^>tQWj=nC>UjV5g-3C@4K5_>-+(0WT*q6TJ^Z{F|-@V6mKpOCMHI0o&?A987
zk6k?{8X-d;r|l5gAxd2UdRIa9Lcs0RSY$ewX9;1F+JmtW?Yj|^fJb~Ey4udUq&Wx_
z_0pdO1+p3wW;f~L)`h+4jL=%^m4rEP#hQPAvvnYG{@Kcm-CG0Pgzx^oIwwHqA%T8d
zSqGhY^B&wjKyi51A`*zXm4>jqY@|_*qp6pf7rYi@#YTZ}ZpNtpi={k8pOb#4#2UUZ
z-wIve3dX7fIu-|~9L~W`HXMQ`{QY0Ld7_W|#j8b`*+}hx?2Jlfme68oB%F#gVFRs9
z^gUx4$78nA4E0DfN{yj(MYAj=V=gvdFo(Ot{^0Bkta1CP7^8uMzPN^4$8^wO6D~IM
zTiG6tQ7dS~l(RIK6{_CG-ZqbCheP&$aYaL2HUz%MX?CHlwwy#y4i(#=N(;GzaYkrb
zu0gwS8t|x
zb30BHXfN`-hD}MVAuCooR*pn@j=NUS=6GY6H08h~ZZ%Q>+-5h*sp~858m!K^yHd&`
zEwd=s{0p`;P~XYe$^5G?Td>`>t;r!;q&QW^x}Pf@p7sBv`u?rJY9G~mXx#tOudS^c
zJN(zsUr8&l{jWP_zF6d7(QNF-v?}fFBxCO3p=K&ZqlV#H@q)wOqK@1ha<%7_rReiUvzx=90TAFeM`^q>n8I2
zkR#R{j-9zDzU+rb&dvUM^hc%WyKa!+`@y;
zrFcb{T>J8h)??FNwiQ~QF!fX{D9Pi?SyDxDpWsFz>}}Fdi?Te!jn5m{M3}m(*!r+G
z`^(Xn=ml8NL@jc(qGtssJ`CN%gFP9!M4Gh7W#L|0&|u3^n~bmviYT)ZET}l_XPA9i
z;|3Rn
z%v_Vt3TXKs->b0U+hP9Af8u#HMw|%H>6axYvZ>k^a4iq;FzM6t)6?@A({s*0XSFdJ
zG*^sVd~W_yvRN&z`@GM(Q_QjS<#HZ(c>jvcW`cg%hp>DpQYVx_CHs@`E`ZJOoDu#a
z>Ul}R{`=^v#*{M4>56E#mK5o
zBw5k{sI06CzrzcGRSDPVaoZk?bW8HiJ|y{dqMQg8gbeb+-@gusWXS{2|A6B#Ekc2_
zo3(dK(>46QH`3rWj`F
zrYZJE;BX@_a@~qDof1^D-hV11XTr$h?p8o<$!B(6ITSE8KX2lF{3<@FFYm&5o}yGI
zMwKwDu*723x5Cu*wa_9n_AjiX&Vs=x`Psyhfk`zw!gc-1CP`5LZqiuHyXY_{{VFi_
zCn#}*imludu0MNDglFO~E5&#v2m-=)Pm_K7T~>iC5KFDo(Y+YGC`U&L41K}N3f5I1
zknTT9owKM7Y<<@X^bfwRl!UME`fWD;PMg*RLZ;3^71kyg)34x6GR0J0QaGC^9fZ7ycElUg!bvh_6z
z@~MmPj7+vua=wmjI4W`leXQ7Da5>1gKQ~i+w{^Eh&wJ_uS;H320JrQ)9Hsl@g!7dn
z0)KQs-V%3Dslgw=m2bM_XkH-R`JNwS0Xbw@)tohhKGuz+L4a_T-yv!Z3)}i5cIDGl
zU5Mbk&>f;v&f0Q|%6HPYJ9??bjRs=>G-w8QgF0i$7Sa_60TT5*cI3TdM7}E---_i?
z9w-$HRz;4_!LOwby%!h0I)pRI339TQZn7*raOwalhO81xi#sc`
zzoC_JX*OGhPD@7z4>EHh9v#BkDpi{liS(kCkOex0JI8_-X)&MvW>8V0R;?i@byJeK4MjO9`*HEDYWNE|aI?-pe-PsPg7SKTbhqWK+9B}?INL-Pkz
zq%VbK(&8?VZ--7I%4ba(+%iSGjJ|g9Hctv>_@@v1k^!T8j!bf<#$2%6p()X>Q$(L3Ryj6B$!X==&Rv^to6Fi1Q27gH!pFM;yvjb)-z0v4XcSAAom+Sx0vM
zr_u_N9?7J+QVpyzRpi$yk!)|X4+t`(C7z)_;?V`(i&PWoRN3Vd$iw#A1QsZyD@_lk
z8+MTnFme--5F^2k2DuWTMTV{N4eSH~YlJ45DnuNrdMpxLI9a*-yX&l%`}X$`LelpX
zEErl9BiI`#(x(<%=mlXoak1yT)4Z=7Lk)^On^EG}n5
zCDk~i!mYI#p~6QwO>z_VanVDdB+B`HBxoS3f(k4Sw|ygps7Or}abY3rpFG|`X5%DN
zQo?hZYxWP6fm?Fg=zLC}iLh($2%lCTje{!*iw5tz
z7uU6-4#sB78}JR|eYOR#TTi_LOs#o4C5bJ7fQJSW}(<3>J~6QBwp4B=^D45V*Tu04tBk~HpBUeE*2OxCQn
zFS3*v=51s$
z!ydz5j%j~pNf7wlgCvUhYm@^>MyYC0?$&&}4C7F+pDkCDPTZUsPKKGP$A|^h9El!XR=>Cn;)@nt~%9@Ar?lDuZVAX(DK?12fB
zR8*C&W4eHPbG|rPY-T1Ta}Qtw=ioJT^4@=TUM@ELrEp$&ah4Bh)2Um2VUs~K(}*V2
zvVC|+H!8HoVyo7ELg+eYh_rp$g}Pr}Wi3YC`INdH>K?^tZes;{i)ckMwgav%&S)w$
z&{)MwMpsHx(SA%0O9E}`6K@hA^_f2l0~HEMwd`#=DppCrA=dZEB)30Q90pBCg*+WE
z^FZ1*t&L+a`7n@l0r`bu8*A$ZRYqMpi(C)htS=6PkIt^hadEG}Q|;?7tlO=B&-$O~^?`UR$XSWV)(
z0l+Kn4$wqk>?&sco?1@>H4Oy6?m1=pix9DB%9(~`?pmpAyOSp+-B;O{xE8d()vp>7
z#Km!3jUfmL+gjloBScEZ+xTm>1#qi+9iULk{D{&NP2=-qwYV{ZZ%
zeQ0hZr1G|0F9uT30C5d2qgY5frfX~<%~!~>L26K4r479GY%{B9?GyKRApA_s{E%3X
zTr|%PFGpn;e_btY1G+SWeoyR+o_GE`Fu-^blYUH&`p)JaZJobLsuL*&jHO}LlNWpm
zSRhJUb=YPo_h{7Gu*zR@j>LGYJA239qr_ll)fEs)Gei&Jk^$28swVYzU#-A*iNgpG
z4jH?mv}ZNzN`WaAYPQH!?Pa%m5A{-)@QB5UQR3jed2nZg00GcEpW}n_hm}R-&la;a
z6qxM5SF3~7<2vH&riK|5J^$D~z2Q?3AW1|@_M$Sdm4I=(LHl76(b|ku*mC-NdM78n
z>M*3_v~+Veu%=&KNE14|^q#trw;0
z-(enPC`H+7Zn@^M-I>zf^f;S^ZM>hRf$FRGo_r0Bbrqbo?Bjlgx{)kTS_gpgm_ZjZ9|H}ME
zQVH$+*~=C%D@RL&!J~U~MWPK90=8`ig2jX0Y509yrHC21A=TPT7Y)YlqZ3glYn0A1
zFfKm?<4Bs<{KQ(LDHR1_#e^V{xb#|9M`)<_JgN>+Eifroh7%p*U#);lUvYl@^j?%-
z`dIC&t>xO8c6<9B{Exw8W#HEyEYBP;bh>lJor673Hl|^Y?ln9I`Aibe2L=GT-+8>G
zaQAr=i`o~;hGDJq7|?w8dX%%crCiTtpDGk27MGW5#wDafJ~~*ID)<)2l(ZHieDZ>Y
z{`vK0er3ltjvKgjas)=1&^}x~JUSfauNdLJmQ!M%a(&*VU=+gSYmF4HjG%4@8P@6B
z(+g~-2Zy#*Z_6q%T;HOm`SYXLArFU98vTJC>)Dd>cNrThU2(HW8fpGMyxta$lD?=s
zemV6P4hA+~#wjdGpOv{`58c*pkesZQDwfW9kM?LF6ak`M2p7$8IQmi(x<1l{;S4+$
z`rG*y01zz8tyHayN5IkR2=K}I)oPEWF6I%g@EfWdnp%A5TH
zjk>6n2OTFxk_ZhWj7{2Sp2SJgtjk!Qrf%n$|2RbdIZax3nt@3LOp{O{xb^ky+rh|>
zYTr1(Jr~$LtdDifA7@$=hxT^>A1lUK5@8=iEJAvCYjsF+he+v;1{0
z^wK}&!gzSpFmgfi8&Ngecl>Mi3Iy5{ciADkz;Y$|Xfzr`o9ph`AKzspuoco6+1(h*0Q+fQQ&7Zv1BTbV2&?!LJ~q+N
z(IQZP)hfN}&$r;ECnb5H#Kaf>HIzpU~{=o7u4qro?nL$ntvlTqs8h1r#JO%m@
ze*CXwArDwV{`K_ltkT_Cwwy)0w`t2-GnOZ5;v@B@(Q3%3t_im?J4Rz9Lu
zrDZ}iHM5-JS)ii1@bkZOo*3LFi0Z_)eSWQ|5si)O=u~SL)Ztrk9I=t{Pd7V#sAC}{
zW8Qw>%RIk~baxdRtA_GnNZD0sU^rBb%6@Tx(;O5nL2c)4q>E5Q)(e^4G*x|3qj68`Fr-
zw1(pGt~)Kr%2<%Hx*@j>l(#X$(VO)30{XV|SEpgGPr@$AByarrs1U-W2|hI0awMCb
z_Rz}knxn%2Uty;Mn9{I8mLflwPXDADuPenOZml|9BOsQ+flaqoGiPjeIQ#8GZ|(4Y
zId#aYQue9e8+4SZNr=3lM>PK>`b*$wV!Mz5$+K*ao0>rz;Q^KtgmRO*x?eeDX{W>-
zJ@1na@+tv#onU%}8kV%pv9Ku?{g*hWVF+AZxL6^c;P_43wAh=zE{kasm~w`cuL1Ig
zJBBi_Y@E`25ehi;WElLj{Sn_t2Lw95PXmw(3V)c_fem)%PkIBABkp>jRV+pt&mFED
zCk-aO(CK0FS1=D2!_=XgW80}FUIMvGD1;Fq^%(2{*-;%5mh)KFTgu(Ct?J-1Z0Bm|
zSNxcLM}4QppJ2$p#-u(~XaJB}<+leNhx~-7I3-0c6`WbUa6Mt?s?fCM3-%Kltj!Sa(Hl#aquQ7T&d+J5x6>3{Vl{G|O-k$DpEi*eqS&pJz%RO8<+!yfqS?m>}xiS0Nk|p7kYj(-NXk^z0R<@89id|&wzg+
zt)fM-;(;7|P8@`s{KHU6gx5)&(tokJb$H>;5K$1(FF|gT7al@?sh+7PYE=Y^mc)BP
z)C(+MrTQ}>cc(0*V#!0-#v+;`?=~`grehMqvod6YEzb=z%m9n=fKTU2LzVl-ASI4T
z!N)k_P?#}TJ^j0~(SXJqEi=pJgVy07Nd8KhF}92X^*W!zwW^q$aIVH<-5@%rwsQxF
zlJHc|02ccWPw}RD<3pB3O^C+W5d%u1-p{pdQr3TR!kCdRtZo9uQ#p>q)ETRf%3`^l
zZ9EfUA^i&~-c3ZH%|Bt92B!fF-;c5giL*?J
z5%Nv9QLSJUHSYcfm!*(`QHzp`WPYHK#Tz*wq$X${O@NE+LI_ZcQDx(Z5DU{bu1t_F
z_!}7-|CL}oraL?Ojn;rvoP~|3gscp-fB6=B?fYVme1ml!IRU;CR(LhH$u2w=%xSkX
zQ~}An$)_^ocFZ0_#SAC;GRBkM$>YPi86CPGL|pt0CrYX$f()Mm%-E-7DD4rKq&S$f
zG@@PyBLe9Ie0LTGG2!lym=Xpo&{LYz&E*+B$XqEU1OmR%zA+s7VnnG&42N)i3Bk|4
zO~f3#AUpvf%{HvDjsw5>K+o89g{Gtfcl|27$Y0bxqRB$tMF=ku>~4}8B0iiNsVP;l
zq6v~fhU0m$mKu8ijCmV91Jz9IWnz4-MmWzaj0V+yfl!piID_|qRgHr}`FW773LF)6
zy`Kg0)iUr?Q$-j62dp0u`mP)R}-rMM`Lzw8#m{_{xQ^dfpDdd6lWqo)_9>s34lfVD$*QI{6JpR
zi
z%kIM<6w=kvksekKrl!2}RYnMdW6M+s76+!QmH4N-56rB+hKJbcb{QJ%5DM05?xdXN
z*r%z~NauQTYK7e~1-7lcN!%wA;C#3NBFHkVF8L-7gb!{wi(_g21>_G81A|72P!M0>
zBKNBw`8tfjPr`u!yatw9a&fdY4c^{tjipBtys@e@j+zmGOk!nR31MMlpf*W;3=k1W
zfz|5~Ol){tzQ1~$q-}@$?Ofox6wBWg0-T(c`cvZ0&(RVqpMzoFfKT!xpU$;yR_}&J
zI&R};#D!EL&Xki64Cfa?gqzmVA^MV9Ogt?sXPa2p2E}T2Y8DAg1*`Q;T<{>;@I9dr
z3A2ypr?7%+CNrg}u%gS(13+v1f<
zBv*Z+WJ$T3CAARUGV9q$Xqm^pgU;=Qdq$d@&hKN%E{1P(a0s?l1b7Qise|&T0Nz#!5tyx?tUfGIgEOOtu7Vs1q9{EQ?W5LulEWA|BW)kaKE~2IU*9q9F2-VEV*?
zM!40e5ulE1K0*VYxB?`GAhzU!8RDFMqaAuu^4G&%{;bASIEmln9P;#;C!wWjvniH#
zZ&WMV??ZgO^6ARnlh;!BOe}q~KKa@&&NnjqPH1Za`7lrJuz`NPA}_2_MZ&S5_DRK&
z_|7?(!;dnHF~O3J$n10uQlZ(wFS^Qhp5OLKA(8BLGO8d;(T_e0bEc*?d~voK3Y0D>sIC
zIu1Mz@;gN$E$WpSRvo4Sksw8*R81HXRZdvzw{7PP$ywC#D9M`n*~G-qAOLxkr^`t6
zAz$pFC>d{&lAtLQOh6UvwvF|x&DL20DaAA*+LW(txiM0%3Ccv_UQwaRLU`01>%bV5
zcNx_dcz|$<_Oz2^Su*xQ#$1_gHTp6Zx
zh4pE`g>FCBfu<@%Q-~@X4t~82$c%mNRaFf{a;eBD)pq_y<>9OAr=w9n*ayi(JIu&q
zjyPNPYwm50_k`dUP*In}8Y2F-($OEh(23=hIWaAshB0w+O5lGq;C4Mb>Fw_Hmz(cW
z7`3tq!S)O}BrE3O0sXXoyISq`M2w;v!HG)LG?C6YBhBDMX}#pbkin%Z%1zcr`A+&u
zZK}$I>atb^hFBKYHlj;Kw8wC?e9f?ysvP5nuu({0MM
zd?=%DzP0EkJv`_4B9o<1hU+~4Mo#$n>dv9RRd-lwQ;yW%8YS;I+V
zSeTKcimchKZ#U6wH}%whNLJL{*JvXECCM3r?P1Am3=v~wJ)qH=#g)-&UXMZH-c%pe
z(XuMpOfBX{hec@FbTF53p~saEX{yuG&e-?Rs5I7E($d75tqcv(cJ^?CPgjpMPie0H
z45s(k{0v&r+Qgde3=P$G_wa*HcaJsCY3gfgX8L&;$PPXTn|KXs_BS;$%G~<1fKPMa
zOmoDZl!b+D_`aT?(K4{5XTTnV*}gF?Dx<{+4}3mom0~3GF#bA0)X3ryMF(=K89XNpQjk3&$NG&OEe=l3Zl
zK~PG^q=}Vt$j2e!HHzK2!0J=bM^!K}mVEZFc6`X^eq$BEHS=LpT0C$v#X_#_BX_V1
zQFNl_7a7ycbxkt(#nWWaGF#v+w<`u=x1|mhHWDUQ_(2YLiycB}Wnh|E#4+%fkck~c
z0otB3v21iSGe)ojlV)z>wn|Do0)INPxG|E-Ofy}nGK5+85E)+blIK5@7
z3Vq(HRVn7B?7eUSm9+-=k>~=yA}au=QrO<0axx8GDZ
z{QS>x>N!Dm$wi{^vmy2qb*TtNW|T22qi?N5=6aI?qh7UB=aZMUGmL2Td(j=Qtzwvi
zBwc+fh6d&ghE&bE@3nY`K%%~4k8?j&6Bq1F9@>REei1_~$W`vtWZXzUm-4E(o2b<~
zd(0)JLsKu(hKE<#*_bS`i5T(AC?dBXMJi|p2qqoS7Ds$x0cEqtvW3-Bs*#>`6p(W5s=7ZuI$E260y4`mka8{fHUC
z{ctomxkWjK?lAKbYbME;q7tT^=4i7}wmNLi;*i=f5ocSNTuqpq)j>8mh6B<4yZ^{}
z(mcyB0iHRdH;%?W!7IdnbwV6ps$vjvQo=n-J6duoUH5#F8yv`?1_46fDY_|EmhM>qr!ffJ
zU7*#L8hxaoMhJpFNBRSXc?Q*W|n08|C&J?6A-(#d~U;@Wc8%0smPEy-U(UmE$mjD6O
zQ$hsfSQQZaZs^1TXwdos5)ThVQZR^Pb+_RDF@4Kh9=>r{DJ)E)MUs
zGs+Z`yRQ@1CSI?qX@9R;0Dq-(5$9iz@BIcWtuaqA(^VA*zvJqm=?fszMJn_gS%u|g
z66sSz`PR|R_%Ek!d+D&5YE3QL*y)T_j*GYO=$+abR7I77RI@^)u*tlJU$5M!WlK>P
z%E(j-p%R*Mze~%NQuobBarjaL&Q0`ftU)D1Cy
zwR?v7mYHY5h?c1pQlXBRj2=p9g;Xj-;7R_&hpnC!zDmS}!zagV%)dZ7w$I
zlm#31=OmY%_zGyQHtLK8X8AM9J+l2UsSU==9xo=@$2c|YK;Lkh4|BeF_fz~&#~H&m|UH*L1!8iD_tueb-992Fj(KAUH6lh?5D
z1WPeCD;y#Otn$k)*jqhbWc1C{Qk;%+kNac7FbynokU=EG2xR7-YPfd9$hIH5eI{i4
zh7LkI4%m!|%5iT-XIyun~Xdm~&JUR~Ty#+5I&h%9crs5sDY;3WM&xg2^H|GoEQ+idk!b*LkSLrF4=;O+6NofdG@J^1#>2_IvUxHID`bSX7rHQTWO=sc2`&0*=J)w
z)D4yFwSq)*>u+lc!&yJ-SO?Ydtq3>|jF1-gT1GQWF8;%`M>Psyt6TCSCvR9oHmk~C
zkTN{O_~JP*f$9oaPXghcTnO`mtZ&hVhm
zgpx1al$#9K*_%`r7_In8Ptak*>)?23aL8w4N_(vb8=t)_)P_snlTz1cvD*1>YppU_
z6_Ovi!H3UMc&>g>8Ks{?!3Rqdd6+*BIi;U*;KLRPJbRXztO3anGO*zaI3D`enP>^g
z?xPPd)s3?O7Ak|P%6-AK+?7!Hy+1Zx6`RfriCr7Zj26!ejTeN(&JA^jOBaMji$kIT
zLO-_uuQ(VVE>#i|Ee45R6w-l19*01Ufv*~h;LawCgRlDE*_K)VpZMAFA250hf_f-|
zzak@zm20E%!eBIDF#mu07dF{yg)A{h8evGt|IDXO%dLsb&AI&J(*Fe~{SW+I@IN{J
zKPGE6T^osA9gBawHvDn*$0-%~6miHJ4E$Oc{9YBtnx9#$7Y3^VgFgS$`vU$m`TtQT
z;E=EM0E$D@ib8(GAM-NI
zc3$|Om>JF%hp-iaDh$?^EevLhLD~pI+Wp6(&5tM0__;sdi(9kh+)(bku;hPegW=MT
zEN$0Da@RYC{~y@qf8d(`2M+mf%-CWORznd!{^Q5$kEfX2P-rvWKVi^uZKQW){O`K#
z7Y4flgTMb9o&Td=W@O?X&}oDJ%TLcySB2I_=T^rq9Zk9Bd?MY52ae==8!Pwzm-_)n
zsAV$<18q@qQny|n>8^1V>PgCSXcv2H^yRgcmS1{+`wyl2lgz~RzB(UQ^sWFqqmvJL
ziSb{7in&7ZwzPMH3pd|LQtY+HQ}VF3^dPt#J@$Y3w%BYcNyPcQZsDH)mM;zfboGY4
zL5@O0Y}TS(>B7xlA%sfE_+3z}biXy}>D2)dAwvw8?E634kYAlHaoJhbJcv$iLCCA#
ziz;4JhuSqBZ>#4r6E9ot)d7P>%#xYBOP`Luo-P->WPsOk{PBgQz1v@Lp=S<6nzQ(h
zcHhr!=@DbTWTUhHuRQizktFmK95=B3=F^USUca=L?|_NQk_jrfW-#?P-%HM!oA(6L
zzg5D24m{|h7OIx+z2x|HaUjD>35oltLr&h6XKmA2-AoJkz=Z0d1hG9u(D@~hV17??
z;ittgi45j$j6~sZ2)<;U?ThzSk*NC0c&xsCfENL;x{p9*Oh>!7G#iz1(@zYyb!jWH
zVBJvI4Eiy+nC|RhNZtS#qyi*7_NGuXOvbhG=8YaEm!T%+qCVKZB7QBs@&~h;UR@#j
ziZlk5_h_|zuKmtr^?u{&7ps%YNSNxu0%*U`R_Cq~0w(
zb44?vjqgsX$pGc2r#Gy0jkYPHhW1p0q|Tmz7WaPmA$d%XzeR$9c1XrP(@Q)W@rvix
z<#s|r$bllBMcyhea|t|TE>{Lh4~J2zFddcr^@^=6PZTo)`_%(+9JPRssR2ul@dtm<
zanHKip^X!Vda85N0vEZvcxj-(W_0xV@DTRJ@9552?Un=
zA5l8&V6&Zx6s*Yzr{@;i(9{qp`FeqBu^2@g3>y1KMlOWM&1#H*;?(x
zi7&NgG%+glCjeaQdd~z?twH|ynOqMbA
z22dfn-wjgk{({QAuNsDjPbbm*$cRAVY6GHC|;
z@86*H*Wm8I7C|bsNMN>W=%1d$V<(GawAY=4=u*?e@vOdk!Kch*{347-epS>`^X~0}HfXFf
zFeO}E)!$b-WyF#jn)MVtmzDP@h*dm1^ZpH*cL5y-7y8N>g#oFQ9O-EN{*=N^-g{^>
zAN{Pf@}$v_6~;UKLU`;*7c_)W+)Q}}!!$|Cu*$>-8htuNz>VTSS?EZyza}zO6hq!2O*XvE{d@s_)Eor
zVBntxRB`&D!W<%$Z-o%7bl!x>4VEanv7Mp1hWZj3VILfnKj#$zIz1%_ZSftjUA4~c
z7^Kmemvm3kHsQ_7;TSkP_6U;+t{kSod_!^W1E*!UDAsU*g2@{oJav}vZfp{loYfU=
z6dtYv@fR@^8ud$ILX508sl6^xa)1j{Tv)K~F2ip;N`N!MU0ejNI8K=~2Qhk?h%ii#`
z``pFN13EEigoNKw+*B$|N)_wNIsM|n9CB7GGTngPPM!xQmukZjmLxM-IMB*(IXmbK
z9cN7W4Rr-TLDbSi8>iS~b4o-1)?vdBo7A*Mz2xUa*o2x!_C!{;wLsmrF&d=CG*}JE
zb`(NK$&eMO+f#`O(w&pq^~7va52`V9Rec?K5_U7LiV@7SGgCY0WfI+
z3mOF}QTdonVU!pegln^lUvH#Q%iPWRDyF!gTSN0-g4%^&j-~e|t$UfO3$1=P8b;u_)2#yGqG`u3#`k9@
zU@l0a@|R+BdzE+puFI)R-l*_3QBru2!&&%sb@@O)@#s*D5nOe
z)HohL=e{PJ^qhOjSjdQ-kp@0rM97<2#dR9rbiS0d^gmfqN&9SDK*{>>CWrRUh&76&
zR$|b+{>3EK>2=>WXTfSGt)xARmb(BWE9_g8a;2Ne1ns`j1wSGpD}3o$*Xf#tSyw%D
znH-3JpMcJQQQHuN*z}0dAPWswIt~2H6cU9OhG9prkyLhlXWJJ{nJD>-)|a25<%*_s
z>+03#nHRs#7I3W@Gt1dN;Ci&<8LGE<&6Zw2w%FDP_|8H2rHiv46pm=?xxS`6xB*v)
z49E5f2tKnDKnK07!tpOXkig*8OOg*!KVw3UhK)NM5-w7(H}=##j~l`@!~<(z49j_O
zpMbn2{T?uug^y{R>siFUW>19z?O@yW!YVulST1vIvGGxeo
zmTXpw4|Zv2KnV$c8|oOjuWz93Hi}a2RBq=s)=uS*L;-h9ckPv-Uw}v@UW{CvKXsxr
z#@Rw1+s8|Q@x|_CgE*eRTYi2j3{o;OT39nQIgUM0a!Hk@hCVNWAaZV1>o%%<hQBSBTYv?bw*h)Q5CJ{DF$+71Y7yCkX
z9O_>Rm+OG~$e{;4qGMtDa
z5c3r;S$xRmx2Fw+V{~$pn>yST#KcDN$ZX<{ZgT#1xE_-8&s3}#|ErTDA^$wSL~R)s
z0g3Rr`Cl6SYBfc6dR>;W@fi6u=Xul^R%7?H=VK4F%;xC&1}ihx2H~cp)7V&Y%=_`z
zeRaO>j6*^WErv39A#h2cxxN@i@Z@-v;>aNO=I|Qc7Id2**zL!GWF-_NDsB`P3zrC=
zdBtF0TW1MJ@G83Da1@jox#iOHM{W-uDu81iTC`z7<`-s_HEhP~-x5LXQCDlY?PLOZ
zc}hk>)RJ@JbwxNLA@hSHpvaqbhdeI@k+T3F4HD63v?-2xB^|91+NHk1WLGa})LryE
z*w#&Nd9%I&6GtMS!bs%Qef_rRUnf+uqhyz=^^IiMvWuAuP%`q0Xrp9!Rj0!WtaNak
z4mc+TXU8?3h`0{HRMvrm+Irf4F3okp`i)3KhuvI~nXNBFqq=QGGTI2(KxW7FNCIRP
z6eZaNj?$dCQCM@0Lrc*w5Yd1G45mhW@(qZCBWh`sEBA=}EtD##$2RrE!%u>{6rO`=vT(xjPRG2
zWqjFf2g-s?W7ETo=U)rJ4GP(*iI_2x8^mx&rRSPEM)+oD-BS$So|}oP{qX4hshb}H
zJ>26Q@pHnckL8fhlyOX(cnAuALAEu#`f^01r6P~#&A6HlkTQ&4tK+RonVc+KA_tOp
zIvb1$f$Kn%j7P8Sr(O@+dYbK+2RkGFpch)%Ej+cWeh|oR%)Iki*|*0t9h2~2F+mOC
zG0q5a&+HJRj}QZ0ugv|2{a)sn1SUWLN=H+kbV_*K1imUt&F&Gws7m>tsS45icD&Z}RT8ijM&XZYU5GvNM*^
z3w$T`rG>K8aYKRJYcw;kxm4U=rxp_(1x1-V_#K>}+N42?>m8IpLB@4rnToR8GbKxi
z^fKP)4ljS_P8*9(Bol+PG~SxKj6zgUL-6z2-_7k)e6<;=veC?&R@^Q5`-!nT3jw2#@S-N;vV
zl1$4GLD~b6|8s39UM?%%w@{4A?X&cPutp*h0|SxiO)+7>03Tr#K7p%&*_TQpfMWzG
zjwSCACzp6qh^PDl*z{a+NVuQrgJRv}`7ukY_{nbTt|LlqH2%%p{MqXBLO?M$dr6*w
zUWrKT+2p#7#n?zvoEX+S-Q*e_+@;n|mQH2XdD(ja-)>xuIT2AKI2x6tDN+
zX#xX2nXpnWKU(>odiQ!OvWZQ!M{lfyM2C
zEoATTb($}pPY#1W{=)S~=~Q+?HnH)XbPNS<)y09|M;8I1t1egQ0k}Fh$J&}rNGr*0lHxxV(O~!Klg;w5Zdo$ACDes@=7CW&xO-qZCqHc_nOJ>
zI)^bMQs{f6DvSiIq0+_{ZXnaiQ*TxipQAU-7C)6XNA?m8hPtsIKJK0j6Fine_>#uk
zj)!z_FiXLCJ;WJsT%*GDs=P-S)zG;Ykp_jTgv~IB@WO%K3Rjp15Wzngaq)nNEu&pG
za6$;apa(rVu<^df28?K__OLR<>cEfKR+V<@Ascx>?{+ajZ|z2d{y*C8DM+#|3KVqN
zwry9JZFbqVx@_AvyKK9QUAAr8>auh4zjN=6nR%F(iHXR_TqkqocXphYj68eqwZ?fs
z+8mMYBZZ|MaZ(lr?i5(MCP(^$7+}RHz9be-@Y6YW#TP7MUK}s@Cv#}tcz7{YDYkD|
zYRq)U0=IQp7{+Pfe%+};3FT_JAy%zCtHOT@g!HbWiY@l-;;$zy?+ZlRlNxcKF16l8
zZ0;hA_-({YseU_>3daYLa@au#*PUJ!Ix(T9x>z&A3uL|!ow$^ckeT&Sj2Kc=qpo)4
zxO;9KJ`j*AfAwuqdCt;ePZ3HrBcznWb83Kk)9r9Dx~Kj6sg-yK8bd1eZ5{JGW7L|u
zjkS+_m=5M*EcK=h*_bBR80^PlqC*sG_KzGkK&(H4fbQ&tIoKslh6qNCRu{Ca_T;Lb
zr8+-6_GD3MPTHHflNm3%v~t$H`QiP-*?byq8wo}b7C2!Rhwglln-DHSykx>~oe8V0
zl|gM$IV426(Yn?rYpj62(V59-MJ`3F9P7$(2ihckWa^bL&6`>f$gg8N&LaO}Oqz0a
zV)ldHxeCNQpAoJN3DNy}5emh0g@o|^3+rEY=g;_9ZgD_5sR~oXgi|*782YY=pH8fo
zC(D3oJigj4HKM(^f&;Np8@_wUncfUb-pTeHj{IZ9G3m;43E*qV&$>E`Vn?hzQe01W
zD1Z@t!RFP{v?ediw+|EjK_4slysQkNoK&gN3fU&P+0YcgG>#!#CVsp}H6$DXOERcD
z>-29?y>#CbB}^TflkCmXwSnT9U;wcrD4ZsUB)|Am2tN3nKpdZslh5cNJLmMYG82U?
zTwIh8*AryiA@-BF@WKK!S{Bj;)hqG9OP5l3%GR
zwza6Z;S&G+A5)QKBt@}~9|1+YbcGA%sY|&jFdsY!*VtZ`eBXFp-n|xh#|o$Em43!OOisu`2KqMz
zIS$|$F@tFZ>Ck~RbRmH3(g)J8@PGoh!Bi^^!q*fcfDqe(SYwId*y&8B^?C&nYJ*0u
z^7MF_yF+4Y_Nu@%iSaP8Y@Ybn4$q{OJ
zWx_BVJy?siQ{TEvCrJVia(}UgR)<&*Nf*1NyM$?~g2q}cuG`14p;1O0RT{)w2`ug`
zjb<}GyZ6!hMkXuwQ1XYIJOpu&OzjV=e8gwa2ZX$T2x|KOL(>g8(^PZ1E-lCg7;yB$
zri2JE)r0p1;d#2qHLAhO8q-fiK0~WVKl0l`W1S15UTNV{TN+|UArfL;iHc+pzSL@9Z2yvotQJ}e4fx{i7PSWgxPnsvRi*`AI#C9so$K#JP6>Mt*CH{g^5}#xx(wC{Ucx22cV}5>
z-c+u~Y?F85gXeRDycm(X`mMnTvr0HVvni*4RIn!v7G4C0kJTyE1c*)lniPY0&5L$2
zEwwhT@YoK2Gnup#liWD9;Uatxyy3eSwE3RBXpH*BHcNqBj0AEY3~plLj~Vf)EzUt5
zOuyLi)KZ;@si`AGhe&kk%U4eX;&~}6Ua4IIRo(Q9{ExW^1%mbGc+
z;61gb#(Mwd=D4z>#eH^nvfkQM`Ehf7u+-O9YPPpIT$$wXb9}5VMpbM#J-N^UyL_aF
zk1hmPayCO1U`YlHxK}6FEs<%8m>fj{5cNO4g~hnlSv(c
zKpzm;0|LQ7pdSc8wxz}f0|5kkT3jd(Cu@Q&l^;kq2TQ_0fCLC60Rid%fPLTy{sRVp
zz&;QN2LgjY01*g;0|5dcfCL2ifdCN@2m}Jc|Bb-u=Xm6QzyWXsPC#G?2pj-`Xdo~Q
z1TcX>G!S3_0$4ym4+t;;fj%H$^xp`8z}SDlA#eo$0V6=*5D3Hrfl(kp2n6DR06!2Q
z0s_83KoAIkbd;I}{xbSJt2yH`u{|2Ce*b5H
zV8rN+UhS*jE23NL{Vpmbz?tV?oZrKm*AwfAuQ)kp=pW5#Dll_bXVMv>{I0>TcC=?|
z))C3m;!Lq@P$5>DSnPTi
zn}eI^%y=DyUdm`|N`nW!#x_u$jK$u(IvLV})0q4z1)|KS&T**tV{Xg2q0{I8T2h6WDcH`_R8
zbzKDDZMXktx^EIB)WZtWdvRyu-vfudwpInhk)V+~LQ9W)p(-3hR2S(OCj
z-0Df;KEx5t^dB!;)P$iu@swKcZvb=}?^<~LEDV>^LI^*egyDb$S*adErOtJZZC`&S
ze;nUndyLaXUz%Be{8ORz<70M0(3+){-*Vuz4oOyP#k!v6bQ}0E2>=oK;7%EoHzi(k
zg*1ym=tJeK{;=K8JAX9p-PqQu`icw6h!1m4U&`9|Xf@_NVyd8WwcettjG>$SrhUzY
zD#N4;$j?!kJ=*2^s*5bla;#cIXq<96F_x;0rjDs*~VoN+<6Xnf
zqcz4cET-^7xFV{9uk|f0;m6#RE)4&_^A$S9%
zknixiOew>ALcT(<{J=^u6&GI3{DxEE0ZAHP@RfP}0k5MJ
zcc~Y>%FE3%ho9B9uMP`U0Ld!LJK}FkG*8(lX7wjq0-k_mM8J>Q_Y4(*5Wt-+T6@)w
z*DBWlXPNh=4CS@+(4&~~5%sYap~hBMQ*cdY;*_`|T?z?3obzy~*|$g24_Idjk-FcB
zQ=JML)FO3sV;tzo9W&z_6k{Ba9rmL4Xx!TQ5FK?ShM9?S-PFufB0WlpyTI5Jjg=1k
z9v|{;A=KSJzz7dom|yLP9;uK;IPZw)ps3HemxQh1z1VOV`BcqLXOgT1K;6(4vYC6P0EH
zEz3YPwA1BzCpW0b-(S%@A89hphRV%`td_k$em&D$KhvLFX;Mx5OHBJ84}X&U?}Oo-
zuZfcN`iga6W`Oy^)&D)JoI)tF2ms~)wch`?NVTJ=%=v%h*#t<`eqp*i15frH{rmqC
zsRQ4mp8l@-{q;X0`Q!f;)qbgSd{hJf((z4WeP^q`edKOdpB8X#Odt1yq6}dq4508FR=%z*&hR?xnSN{PSK0+cuc>7V(
zX+F%Qvwr(LaQ)8M!x4R~2SBI9W?|MBg?FP+h|UmqV*dxt;apPFNRR=W_s~cOIg25k
z)(ruQPwv!Z_sAg3loCo>k&YK*ls6lDZ5=#W>5*wmy*n_a~XnB=|@0G7hRHx(Yg!!a}Dgw}-{61MOIfqku9Q30I`
z)oC1J8>?4OmysEJe-{q$SHl%*`YG+$yemTqf~s-ql0r`%b&ka`{ZY|y?py%w<
zQ^mD)ACN0xeW0Lzvoi-mM%RhbP%0`Il^r#KNOrj!q!D{}@XP`;m@FGV*#_l#<&-&>
zYoL`m#5de0ux86FUUv|YtEI;9Poj_%*o5JPWflJf#aJPo!%(+84Ht8>>X^xwiAuZv
zvuB8#1+IHm-&2FM#~m|mO>q2)*TRl5zhicwh)K2f#5*|bAjO6l#sUkqDVNTBR#oIU
z!=Y@o$B}mocIs8@79k+(kNiKpoaRxUxr!#yb
zlSoj}3l1->E~h>to9RK%Fgt`ex9?UJKMaVEpn|%H5TwMi)#4SLLt39!3Yv;NIv&Wu
zANodoeSd#^<9~GuMelU+P2?sl2k)pgzF6u&E^+g{AkUaU){0JA?auRs=0&jv-(A$V_8^jn$8=M7
zim=OcB*LD^mwd)%nbi)di*LgeL2C5##WQANfa=gayJKr^Fwpdg%CLBn&_$ql@2V!I
zQGZkGV3&KqjmKirZx2ZyYB2p`F5>Vk$ra{T=DpktM(r-|M48}pAzhQrT%X?$
ziIDg)M}B
zl@G`a7oYnTrwM>l;)L3K*$Gcu!6kmINdwMYm6rhQ63{Brm@AGjV}z3XEg}C5hkz0I
zYx}&bDwVeioLG_4yH_HY{HrHs#kut>HtoLDr{11m=uzeg=85XbG`AzjW9&)fOMty#
zOaj3)NKU|#PJPbn6gG3ty~=te12eObq5qq22iW3+HRQLh3k$8;(_-J-D6sm?SX66p
zKV}5i1Q)zoM>E?aKZ-X+^gGf8w25r>Q}$1V6X^MEV4-%xLQlM+KQbcDB0|6P_9dwK
z^J#c-d~}Z2h8xm6ZxO`Jr~VKa@xr-=6vo)Y>7(;bCbN%7DGN|sn&3dm=MTi{o`|)=
z^LeFq6IZi(>CvF^!lefP^P${q6ph3~`8~?gI5X#Pza|mXyL`zMet)8aqc24!uMCsU
zI$|&Yg{`ddu=%=LY>zZzHo}0Hg*J6t)m##RS^+nuH>5YK-wS*HSL)!@MGkPPtdQy^R0BaH~R&GyUlVzv!)0o2l>#;ME8
z@qM0W%ZU?NkXL94sWk>TH(q>rF&^dODR*Z5A?4FT$6rrqd)>WRN7&`I19H{BU)ij=
zS)U7buqalgHn&_w9qHKX-PHmw#FIKdTJ*=h+}%5H%>(4C%;k@lug<1-TbtJvK{uZu
zFMp+|*#9m_Uv;C2tdLP)?|GuOJBWO0=HcQndv$e^J@}$-d3kqs=yZL3Q`zj(-li`g
z=(M9&7?$nuT&0KW>S*K8+-m6B%Jssvt5F#d5xB>V$H%}t{nemb>Y?;R_1P9iZLwBg
zI~cNP`l=mjPn>T}Kx|FDT-5BP$JdXlk}Dt>df`|BtnuRr`YMu^w9mfQ3@LH<@;Al0
z#xBRr0LS54`@V?X`2pUXqptyt$4x|B_nnBhP8`-3@~3aetp_!w-b+@%`c`o=2I{Bqci^
zY!<4elC#|z$cJAJu{AM^U2!ju1lC%j(%qP5zSkZ=1Xg!S~uc9B^G(A1a{+FSw9
z+f)PlJnQ=+eB`SDOwkqJ0eF{y^K)sBz&-XV7JNiEaqyD%
z+8wK8xZN~Q^V$W$A4R~;VC?A_4DLBQB^*C`=(PkaCoA*wI0xz86$2&iz!M(~oQP9&
zCo@Y1kGd+Zb7ti6GGSYGbwq8m&*HhuYTMN`G(cKgo&7BdlX1|il=V!mJ~V;d)w#=#
z*~M!E3)C-8#&J}#!Enmh!Q7Wnrcvc{c;o`3L^C*|g-oY@?|QLO8j{3M)mV{)FG}}r
ziw2bjHOhkDuZx=Ke0p^}-mlUmMB&o)Ui)lgMbwP^dw4ItNyFUbQQ%9Gq9H#dw~pQT
zV7NJNy*1$Aj&Xvgc}w2<5>}VOhn?WZiA}$ha;4}8R>)Mrss1(!#woyyUbK$EG$Rk_
zyaRTo-XR`T@yz)kOvo?{rvs@Q)4oQVq^7
z>y2%&=gc9FQDclO!KTj-CR3sxR+!B<-$nxtS^;V93&8{R0q1~)06nwF0h?41BJsd=
zq4f`;rn=G@G?cmIT|f=55x~$;e|iI;NymKmJQQ;;YhK#b6Yg=gH~YRZ_#J?qAI7!Z
z))GQMi^+}OMe`5m7D_0=bj;YW;rin^gSnS>K!`cUMfZI%ad(Xx@hxusdoeL!N2V_|
z9Z;kQ=igr(Y(s=@R;0)yl=*Q+g6=hvHNYPMyFOMU9|0aU+Qttp;F!R;?Bqd7i(aNCrM0xnJl^Thy&LcJ{p5Lq8sa7@4^(d-2
z-iFZ0j6{*=t$ieE6vDevLA1{26WE-_-;|p4*OR=gNH{Tya(EtlxSnIWD
zN~$(0)WlCAwH|JAFlxK<7)c>0#gVFc(HXP31c5w)m3d3MgWsTf-0&VXI9HRq)lwhX
z06)*qFO|o??jXGZGE12YY!_PHQLA|W0G_aqLd4I7b+v{>e7)3rPyHhpqHCvS{1YhB
zUYX=4n|(DG{b7p1-0Wk79#Vx(%shXyZ>!nMS_bnK{pI5YnwYeR9paG#Du|Yh;om_y
zi_h++#<{i<0&m*Bn*Yt&V5TS6moLUm)z1f|*e*2w
zyc-Vj9|7514u18lD6QEd&kiH3>fKD)>K94fqvkKE$a_sh*UY=rPoa4pw
zqNokxT2BL$|FCHKrZ=4`!!gXpygK5U&?fG&tLpM&
zHq$9*d0cFg#CbGP=NXhMe$4EQ-|#OAE^4rBD)hw)#MIkx$_I<%WyH(sh0RtfHve-@
zmn-v->(H9sZe$V?_bhk1BI1ym8Bat$R7|g
z5T(>SUy>ZB3{m%`=0<08**p;Vdc{6E$ZH>4dMl|3&fLg$a4Uq3^{p)8F*N%BSm^1U
z6SMVIas{xwmB-(dOb*%i9fv;9G!jVRI4?!I$Vu{`Dx=sqvC&VEUT4#Gz)6Il6sPC|
z6&~Lp@BOMRRs`XvSd`@~OeRDZ_IOg)*H_nH=%T)4*Vn+*fg5
z>FfzW-+CiNLQ#e*j?V`PQjF*xIH(kQG`$tUy8V!e_JU5H8T*UmookjV9`+%
z2J&VSeQG70z+4uuP|5V$vY}<>f;zYOU84G-aow6IkA2A7{`12FpVAyHn3J@<%L-le
zpQ(}Yz6S{VWz0tkPq~(R_Jq4JuHoA1*huH+VTeEnCulxo!*HR2P0zBD}NyeGqZ-GBtk__FQ;
zZqkj0{rM7Y0CbO#(>(?X+_*)-3E0%|*;TlTY_O31K``s38MBzBFdIqu=11Ku3|O4U
z8^`7mrhA~>l|d9?T4j89`|~00vcyCE(8>4`cJAr;*z&AOEf}SevMvtAa3-@)Ck>sn
zp?Oaxp993TTz$dyfl|9Ik5UQ>`HFEidxr2JuQd-0g)PLH?gb(yE5n5{C{7Cmm<
z@2b@NKy+bi@v8mp$UCb=?^H|vGu=Su+f$OTM4usHy3Ks|@Z5`&nPFR9e>2~rR_HmPcq
zcGy@qQ$HzT@n`n`d{$1#I*_0-+O?VU`X`H1+}nhG#{~DDwyGG`zYXBU38}x1)B)6k
z{c91M&%AfVf%EHu8(NJQC)WXuooXasLP(I5v{xwH&;RanRCJTaJ58}h%3G-r|5L8!
zt7D0&BG6eTUix2bh`C{AgXKuqTq4~Q6^hP2dK}5L2fkmK@4m-Uc9&wVhTkJ9uV!3t
zo_0B^8Rb{MD^hq>ABln&OW2Fy&hqGZ@#_=A$OD-N%D4hA-abT6^_^Zi}3D+(~@U>ZCcQ`&lo52!O
zhl|wO`uf=lxFPVcG}<9l;=mZ<*#U`SnkVAh6(Uv;b>#SPiK;9(L5^~^VbR9)GuUW4
zia*WHU-RPJu<5i4rx1fV_atendsrPMBSbcZ1rdQTY3tPt*B9{@*v;79BfLM+_88#m#LX94s5Jfz+8WpAxts$R;4-xE-DY`1bXq-ffb7~<_lgV
zGM@!mf8Q<&kd?m!yxIiKF
zEI5Ld9Att;q{3f!)oXQ*4%bVcBw*0E2oB!4L(;MqPPF7lbeG(Lfl#F3fERB;rnhgb
zBf8DSUa=}xrOWK#B^#V(M0N4N46Gq8?hFif6t;~G!bkbx$#IMuf@#XYTNu}|J#^<9
zsEz;*gyEJan1B!Cz+lCi>>MaIdTVW4-A<3)_ktB6x5B00;Zcd&yG)peeXm37owh>C
zApw_;ofWcS4{Gl&_ZG7EsL(FADUQQkn8CkUu6V%kt=o`~ryYNf(@`O~(q4+c_aV1@
zV(-OPE!V*d{#%oap2KP!@*{%VMZTbt*Xv81i}OmMNLN4copQV9eDzMj;@``m?}iZC
zc_YjnZaPhD7sb?tErfN=KSW3A1NQ}v|09EuQh)d?{uY~J_8NV{yBbG
z1X(~LE$}YYZ=7~=kedneXZ16mOHj?Fo`JP=90@^Ju3B2+xT3#CBoPEe=^qjir1mgR
z_Gl7Bd^qj-8(MT#+8Wg`OjgeKg&~~uym?qN0ox(b-uBK&L
zL%t8`#OL+uX+9RGosujj=Yo@Nve^#kU^HX0xt2iA#~WXy8lm~4sV4p6L%()~v%Lt9
zgJYA*h9%^z24Baqmq1VS&P;Du8VuOhybQS5{#E~b%*K*s2RQ<|Wy9VQn?Zt5)x)*APFGE_3g83^cFx-^cgB|>4*p5zFmfx&Vn
zbJ8ficD`79?Wyq)REyfLP*+#`D!pZM8XNi^6N_oliVFLILO`(Qh^AtazaJtZ#r;)I
zX6Ty7-0cF`zKB}h<@(Mp1B8glzhl?G^fbkJz4z+WrpEzVnwz^900N`CD&&ORVL{z1
zdFkCD1&r4T1&qwD8O=*t`Y_Wf7k=tiOqP|6?K!1TyUyu&c9YuHp0&q^oA+Q=JU`-foUDUwB-qHYaIHHvdJjj7GGao12a0y%EF4A(vdvihqe>i
z_O7&}+Pt?7e*%@^4%5*{E_9~|4FBrraZ>ASqG8u_ba`%X@vZ@HJ8U-}2=E}e!yU$}
zo(3M8u)S1di;D?8H7Av7cReOc?-5O;7AhQ%nUq0{B%#lpd=t(2L^l3piRaAgIRCk(
z+mir|b_x}wLSBz86e8n~uf
z?gjqoSHpUkJ+fFxOv^qPfoSgX-y=~h3IzQjCQ^Gidir{>AGgJ}?UHv1HpA08iZe%NSVz=|hupX&K
zxYS>ct26qp`Y!|Ay4m3h`iQMDU;4Id#yB*-QI2z;atBwOhM%R=*3*wC#E>hcz}r4i
zt)869mq*ZRwjK_+@9J2=*)P)Q70zFJp}%u@5&fF@vKjS)4zfIQdxRc|3d#sPjH?R+
z60|*O0n>j*%y4ZX{8c5d2p)&2z|Y<1;<#k%xv_0-(+XS2(84TG
zwTN0(821gWe;UMcgaX5xo!mWrgdiU;$CPZe^*GbD{P`%A_NFgVxIq>MCncF*aI0a;
z!hY$sv$p2b5s~y*O7Cj`DC^Br|+^BGoSVcSdB&
z`0RS7qzD1$?=vb>lKB|B(WT3ot>{<6ezdYZY=Z-~PcK4m4prZZ
zdd_|>AH5qp-x`eB0L%K;?k0dwdavaiK!BqGAPZ<)0MtGP(0}dzkI=jjc%b;Zjq>}y
z*DtoGfZvl;*SiTD*F~++ws#`6?hV?LRsgkBw`O19H?mzqyyy#L|0joRo5g
zLiHbeO02Ypo$ooLi7J2zhKQoeKHOB|&p%Cd5ucN95{EU#Q0LLG7V!LArq04g8kX%p
ze@q5ZTGhKu(e{&gie=?zs)4GCPP*`WaiJUdd;f~%ytN3PRb=#2b|CIvEj|AiXTb6r
zz{7&G7Vyj>yjb$&1m)NJ(UukGM_%#Ck+pHn
zaIoyB&Pq~JfLbb<@t^2h@>jPIp`G?mX6qEU%-KJRh0$@E3tNwte{o=#?~o4n`c6dr
zx_wUF0*e)YjfYK=-e#@5EgvfvFTR#;bAwwhl
z$gjNP+>Slg_>Pju*B$36Ze`#|9#9fEMaL6-?IYie`H)0d9t4^jlYnQ^`w4Fex;j9p
zbj9u~w3yld%YcOz71c%}cS!6YfT5|xNFD+uJd?gAi)w?J^Y&U+vI<4^BwAWJZF@>d
z|5i}E^Gjh_XT+~tofvFB_`Y_yxgBcqpzdb@Zk1fW4|j99S4{x#Kmq>Zj6L6_iIRbP
z@CNcjgvxeta;c3BE}_QPF~=LU2dE!&M=>&L(3S9Y75-{k!m(JD9lN@_4jQ9QNhgxb
zC5wtd>vfmYikA@=TK)yk6;$Z(NA@H{8-ixy*H;NeKxV#<-QHYKIpcZ$$titb-_JcY
ze9FT%?Y*WT3Phn8!;?|5*mX5Dz;ELC?DA5yFH=lt1!BX)-W3?dK)qE^&Sw>&Oo`u?
z#M#{b@2j663#$0skIC=m{=NbJ>z`aGpjP&eA=*bJ|61ex1_EkdPV>*6-l%Ojl}u=(
z0;Z9#AK)2~0GSTP1HuMHE60i(7u{Ak%5t2eccoOn*S&LnAj`GUcWu%`cZl+q5(HB@
z*&LYhM@w~1w*O8_9@hLx^ZKwkgcxnl1@~E|xi&K>+Ji*b+?ehXdT;U9*qH44d?XT|
zSr9}_y#c8+b?`-hwCXZ(rKH-#h<84U13aFts(qUNZSAOBkahjC;jTRwU0y?dD%Lo?
zI6C{huW{0*`w7Av!3@wV47508ougU$DAsp{>1A_Mymyl-xa}Uv2DWls$=pt=EHTFuErdm
z`E!;TT3mh?w%hMN^Ui1(FxTmYK5DLa+6=orY%=`a;c~|MmCNdV<$!L)>AV=AQjRkz
zIW24~B+>o5X$iO}+;QbhCmSuMnDj1cD|3@jvRl_cq;SqW>xXX^-ExoOzYWz@@MI}c
zf889OOVgs{^VmD8{T&}+oZ|>9(Yl~xy_SsqEpUC
z_qu@|ZPFR_wOK~hLx4W$V!G3^Z8
z$G@M!v^Z}nC74bs;5hv7D_ixZEHtAgS;Se;%-alImp~0Czo&K?|G7C@(#Rx@{62jN=*c=O6>D)opVK4+(HE+tehMFia3L?ps*$Hd}TFcx?W_
zw|Kx=4`%&Mf7}a2zTT)Uo^&Y|T>1`D#NHCB+wHZm{JV5KaS(!7yxv(soZ$*>oqf_S
zfy^JvWxMKQ=#ZNiU`tRPt*iDAs-AhQY?KgGcLjUBF5DoPs|%d_(%zOkpXm}C8xEmw
zeI0`}1$9Iq@Iw(;ayrBoEXQZJKx|1w$LOlAYePvR(QHmyZ2%oPq>uPn0;>KMOGHle
z6~#bIp5iX5WmrUVl)lx&`PZuT1ActCp8}1D{CGMJcSBW=YdX@v(CJ@!DT;Qd`ATvVU8p~ngnkF2S&=m%ThSYZG
zQ0EFk3kN1%u$3L>ywT>uh2{B`Ht0H^iWRtLe;zvfjYCkEBzWBy9Jpm|VT!@iF0l^~p
z|K>?34A5al9Gg!g*-1yj*zrUilGk>kiqn#tdVRSj5n`Cu!RgMs~m0__(%mmZS^gFjHEwr;!X_Kq$Z$3@`Q=9v`G<#xHTa^CcTcrF$al2-$TG^^mgF2n-fN
z3r6hsA6Pqma&te~RfC}>xJRJ#Z{XfBi!JU^
zo|`cL5#LZUV8%2QTQez4p>I=EPiyf}Ur#|5#bul$6Gjg?`e?zD$
zGFROY|BDJ$5I(K?U=wTtWx7R?r`^^xqgT8XEy}kyF+`$*@|4&$GsYkaE@Cno~e?6X2Uupo1c=w6wnh
z1ucpC7%-!RQ7?m;4(-2>6WD09kYGJThSxL;FLPV0ieS!%JV28`)C0VAm^dVX{1&G%LRoJKJ4^KEx{w4Gwi{RO00oYBcw7#H2-~qxSur@9D`_
zQ=b@pSEF8%hm@3kmKOaK)|kim{S8m0ba7fnZoCNwZ*B%gZ%hSPX-OxnbQ7s2Z)Zh#
zXC;jMaN-@~aSY@e3i1cU`wl#fQI@n(ThQ;eemp8oi()M&6yrIZuJJE`l9|XNb}WDH
zIg+h`ie=M5!31r#K${S59Fg?q>kV>%<42NWX%`Xh4rJw=6&&dl68rbf)kVc(A-vsT
z?R?pagjW6JVe}+iJAVK4I`)!-af%*bA6cD{05L6R0UEUyE>WsMxYN7>By%yQPE0OQ
z3jR1TfUHtf+b!lp@>PH;5V=nLy)fVu89nu~&Zj#X&*oV{e`^N($DX-cv7eilMbF=M
zh^Wijw=y?1p=JZUT>Ta$nm^$mu=>fOgRfD@7+R9_S7}LT9ivHzAwu>h!ykWlrHlz*O{%<$8N|mGqR~@m{-DG
zWQ9iwVQ-AkH$IOn;QOI1T7VRCamLc>7a{)mD<#oa_82J_aP@>0E_5l2Ns75bVVx-F^a
zDIcJwS^CWtMOQORvbjFp!UqqUE*H}cVR2!3>pUg6fY`ljBZnPZt&
z3qI#hT$ZcS*>|L5M`9B41?rRrg({a-YZGZLQbhf
zaO^Tjo!7FvkUw=c-flB>O8IcD_GKn1rIEt&6G-4#%t0=MSa7~iHO<%NNnyR8xVzw#
zD|5+S8_PRD$bQT__AhXE5I!0YlyLKVzu(e-5a)&B`cZI4QXqii=l@J>p|sGxr)vJ-
z^>0TOZ4~fAGgLqBB`a5-2b{PQt*Ku8U5_~*HePfMyzM@Tb%8&?(~!0Q+-Fg>Q7A2Z
znTw*zM77$VK@0+9B_xDyDrGJ=0cT;BFnle*+hNcmurJYIzy=)!C1nfz9vv6$_}v9Q
zPz~)Fn>ee+$GN#`vf^I5v#s{QiQviYrhX!^-4Pm4eb8Gf!BG|
zBUje*9~83BJc8MXfx$clbv6hi4p=AN?-|d>@!$a4)eKJ23CIXj5HYX#C9ebuQGGMT
z=qT#ShD&y>n%KZ#dP~q7ru|r^_j;GP(Pz0eoK7&Bj7cO@PCu^aX}T~yp}k538OMUb
zEimMu+n%rA>w#oI(=^A%Y%h0HG{FfRCVX!7TF6u=AYPSmA?t0*fO#0fM>=!V-BTm?
zzZ>}(D(aV%TV4gxJ&H-pB+Frc=d2t}YtItrqwSdtYhdu2Srz0tVTQqotA<8!KpMz}UPXdIe*R9;B#)!9_!c|C13)%D33k6t~uU;kPGSJ(#e4OMPDWtbM^o;xHw9J6g*Ej-k;Ft
zOo?bI)svYE3r&r}hgGCM2D%
z_XH&a>;zrWn9^D>2^OZzWLi!Hf!?B1KtC@Ve)y(e69f)B_)p10I0N-9CcY9)vij=k
zDm^5$TV-lv^;X@@8s~H|AA86r-Q9+C6Uh5ESMj&UtngPysSlR={g$$VRhA6VP0QR5
zmkhzcr(`9HcDkoX2
z-=iYG+t{;|JK+QMP!7;qk$*}^*g?7+7q4551kb27noG*3>*Q&`!FxsZ4aKFUcu=8L*Ey&OPX0pY5s7Qeu2#P(bf-*MmF}
zg4ZWeS+4Z4o3T(;S$cfadz4Q8KLDUWU%&FyEJ*WrzYwkFZ~m`ZUnyl3qUy4_8^2J7kNM}a6w$t(X;9MI*K;z#0*E+Agu53q
zToH^X31Rn!6jm_v)5NhwR$vxmv}j)+zXOGcmo=RII#F+@x|K52K8A@0`*Lj)0_$F#0WEV~2&o
z$KL%TW=KSJdF+@mE-Ow|k#)Tyy0fce_7MN60MOcLmLtMk0O&`6sT&U)i@6hwl~H!i
zuf=3Uo_Z%gHjJ*PI?jA8H6Mqt(jrt_j-cl@;_Ugi!Q`#(7qz|@$IEmgzsPY?t8Uq3
zemqIXc}uG~J(;BTJ)>a}JA0Epa*IA@gT_9F<1BQcn1-oxWfrn#qX
zl*;$<)rK}dFbx4X+|lCL#pNIGmWBhtJb+Q`KVb?CQ|DQ=7ACiea&yQ!CEjOW%(aks
zIz7gW8^$Z-qtT8*uw25k^;`7>v#8^C%~IVGIBcUukG98
z!A`u*)}{nG5ql2qO96eE@REX&J}wB_y%or!x-f+z;P*0cnXW%ec3(V%*}aZo
zwlFSd28Ho77T=AJ-3TJ6S!Uc%jBfT+mgU|Ea8^9jf1F5X#WsHPEc<5c57y8;BBs&3
z3d;59N*J5#QI%9^EqTF{39&V2+hKGo5RNC~M+7&@m^v=fO%>&7Va4WLNFRu=c|Wn+t)0^Nv6QSbh-mu
zuAbeWrFp*P3_M1)#(uCukbgZA4Qg&kM*%Du-|-?
z6j@-j`3O_ZyrJfT!gJ0z^9d%I#Ri#=a*NADTL{=!a|;x;;&FEER4;Glvk(`znC5Iz
z6VI*cb}mB++OiBEYpO5m77S-jorSb*3mTHLSx_n2Y=mUf9@%CjcNg4vor
z-o+1xB1_|?FeYS&?buiB-lJ@~;aeg%t&>AxG(%l~MWzifPLK(XniYgTU#0rZE`jM6o;
z^l|faR@p5J^7+Z}tis!7;rdA%m!{R2F)g(nvqtmmW3x32{%(cPwH;Z?)KJN
zH^7ATy&FpRTYia&Z2VsO(!Jwcx;>e5oN{VG34i^1y-JzQDeri24N}qdO-eb?DD9cC
z;R8%}`ao6!LFf(Lz7JvSfwmoZhEgU^L|1_(tji1eT?`J{Yve2`Aele@8g`9x*
z?dH*}A#QDD^DpU{vD^f9!^*_
zQ>vTB?_Q+@w8*Qtzn6rn;{N<|A%4kxPUFO%^dp^&$;xakwJ7&hH>s3LN+X2NRVypJ
z`~t5-vm|F+q~f7L+tE-N%^vYTP#hj7WA&oy)~YU^OK@Iq8kGjY7b*i4vbM{*BWwh1
z6*G*LbvZI47RBta{<=&r<`<=s@IBF=!bpEqt|``Zqym`v?%@lDQm#H!zf|C4EtMbK
zpIm%X`B(by+Rv10`Ji!mS#`e@efxsntY$FvrG{Dr5=%@2iP@5KATcHL6p*qW76HOl
ztK9aPcaXsY00wmq6y{@9zCgF!amDeoG3PL*M`zvkqb#@U!A(yYN%{
z@~UCA{nuQPxAl`&<2B2Q**^Wfs8e{lHPQIk$BfxSOl{Wswe?YC50%LT6FZBavB6>Z
zY|DnTTPl_9xu#DCk`J?H9C5L@QX!TiT2C$hP=wS|pcf)6V))eJdFY6mnd0-Y7BPN$
zrH84gK4lz*XpDG2wYV6Erp-!*#4^mQm&)os9QT)IG%J-%JrpEo)DtUi)Kd4zSiq}}
ztI;@3kh3>&1$V1BfBs7yKz}pOvT>zSb
zpsMMM^SRa3DAEcKJ~syVVjfoPR>2Fyx&o|TGm0oHI#Eapw)70gb=5*4IN&OFRgx*G
z<8V;+Dmei7)~aO~?k(7)d6HtjC~EDl>fT^waZfGZ;cNQ;P4)j3qcW8pLZ4#zUkd;0
z;=e=qADr}E__rHZ6imqh%qg$H%lP_&k>E!OgkP(&cXrvkqOyAJgV5wU(IivSU`(X=dMb!bI{q~|O|MVb;ufBh^Vn%FPtnj&guL9>_*aRxlf;$ZbLG01>bl2=23wAaQ4
z$@hd)7qVs*wtJe)>Z&pFWZJ;ZGKEEmGZ*3;b&p<%a`@gL_k78rX{3CUT|;6ha0G(4
z$j^$tX-KQx3c}KFL}~n>%S#SVbyK~`H7=P*yC}ZN7L_`FimN~zhj<~n!0+`rq&B7E
zGmX{6b0~X|^2$#utq-ixT}EA@mq&(B6w+l?oKe8v(n2ZW`=_5=;HKSwrT-qdMlGmO
z$-z@cC&CnG%|alpGdC=NoB>=}w6EF2JPY}WJ)YCwr}cJbUzwmAT9Jj;OVzT0G1+}A
zFjXrDtY8)wg*a;_rB=W~z)WKwC4y9`nrFqzgHrvpP&XNNw`Eymf*1!54@l66KHbu*%ekpo2Td0jVOHB)g)
ztBbU0wrG!acB@Qc&5bXsnmoA8^vEO)MYT+pxS&?i2s4)mg(DOcF*8D=(b=P9;wN#7
zTD3F|@{3W0$Xa%U)SAJfXGf^$m)@@?Ei^lrZ%x(HwX&7$Dn%{LZ6}etqLLj|lGzoR
zdPS`z^P4kARnjDA`lt#j%qV}CU)j6Dl@(m&FRi9jn~%I+9I+ncmy35hXoLa3M_$K$HND-z|fkL(D(a(-%TR`aVypB_fdR{cf|)-Rr`=ts*;s6AIU}ze;Ym<
zm8x`ms8k7tVcw44v@x}KQb4r%EG|W7
zW=eHY3|rogKls)SIp3{60IcEA?ScRjjr_j46W4kg_I4(zNIvD|N;R4HmICPBz>E95
z3dpW8rAk%{MBZXv6=RjL>RT$RuMM4z@!76SIwZTEsYEKQ66zXSCqAo2GNp&foE~tpX1^7kL2r~tMQ8P5Dy-_u{wRBo1
zW2~9okQ=Mo6Zj?7ELSJn(=^jfU5LMiGwWItr1wRh=Q6iTA>U;Uu%rY2PUlS&`dh8#
zx5d=vRNdJ%?fH>-nQ1hK0l5|>>RZ#A+YtrRDz}%_)nv}(B)Qd}(o}YI_vWlj9h+V2
zu6W_^rY?L&^(3>US7o~kD4uMJlT(q&)aK@1UPzx+z+Ys6FAsKBVaCKjf>v~59&BAr
zR>`WQ9zDZmon8Sra|+VM;Dx$Ynj5+OUG0&_f(;AQX3DZbA?HF`GgYlXbN1-zG^*tE
zJ&Ni)s*lCoLIG$C^1@xs@fBGm+I_Cai)hiZ97tBR)CnJt1BI+g4)EhwESW)K6oGxr
z9w=siGH~x7zg~GpDX(UG{3f_7*aZ4&$qYB?RqwE$<-3ZiZ3eRRjP6)*B4<a}f#A%(+x(_o4QgOT9KOzL+(xtnA(_zItX
zQWhX&3xJkVWGz@Kxw6jKsx!tqru}cGz5xJDu2k1Fb*^T`q5I5nZxV=VPN=xg9PMJg;~qX
zXprls>kVVy>pw_95=7NaqV;uK6QX(rm@L4U-v}Olq91a~F36&14Fzkjm-;bu`qsz3
zOwuIi`)<8;)NH!37he0K+oIR^(vm@{v{+3v9J;ZePGa_LxDM|8(2bx2FgDipMB(tk
z4d}`3MRDvW<0$N-ZtQjqrg!XhgJF=;fCFiaO1=^g(Ii&R5-$_+a}c?Hn8q2U(1*sa
zoul*PM(5W?tF*bZxk=tub>;1a5#&9p((Ie4s;
zDSvp`sDBWuP^@Mud;!2AT76T!@+6G?Vc>O#ekBX!`25qEtAT7~fE-8n;hGo6(S5e!
z)rBqy6}PF=SL5Qs=$2p<-l4)L{va(bP7VsX_->|Cm+0V9T=V_;X~Sq}FH`eU~ycL*?eM$h^
zTLcglmU}xnP~}kRzRL{z5AdoYKz;Ov6GHld0n-h0>wRK$XgAlPV={|y@x;m2Y}z%m
z=+-0?iNc!4M^?=oj&YlsAY>c1t8W)KOkTDyaj3_Qg{h7^D%fTX10I0e$$)Eo2~t^|
zU>3nRI%(7|HH<8R9-+~iFiy-hf8H{i&tfQ7O_9d*aW$s_IWd7`aWe~~Xi-{k%~{>b
zB0`JIirpI51&qY)l7n$+!N{V74WkPihJch~9}l4XW;wg4ziVi4Sv)!OzhF9!>)cQ-
z?0Q)Qxq$Y9Xp$7xZMEx%#t^dD(DG9^^}4zBw`&!ze^I@!T?JNoq-A7+@>_#_A(`e+DhtWMu7@hzX={k(u29V9M
z*GESP)%|X^fLG{@26C_%)p-uG@t!$K-@5-uJLLHSfATQQYc&
z9nO5{_KrA2$D&`jcSUzHY)N;TF}{qZ&s{C8riX;{NROIj!btMg{86
z&ZbdeUVmUGU=`+e@H8#jFo%tI1bB-}`PXi_>t6#m4(wYFagOR|M~xFK&fLfm-iZ$L
zwEMi(z(PFRN5d$|)A#e!)B4#lmf|Ts8o`$8MWc}y_VewYU;K(i#oR{Y9IJK&tXi8I
zon@Vvi@~e4IZF&oA1|^RpHfs)<5;;hm!^jgQUqD=NtIgC_$}I&nS}(6!@pEX-4N
z>Gz|2iMNf*24Ec)+Y!YEc)|_**az$@fcX~4<$El@E6bzdZNA*aNuA;DiE`s1GKYEE
z+pb^Y9PaIlauhGWpxo6dg4^Ge#U`WtX;`NP+vj;~dHDrv;f{n7Jb^8A*98JOXJfY1
z&fMR&>J{(Mmfn8*J9c^Afdv(42k!4?O6PZCOKrvdJ-cw>mTVm#;g;Orx5^qEYret>
zRM->pU#3DKAJ#Y_@9sSz_qCvCFSmRxqzzEUp7sI~(E`>G3ufk-7>nZOiKgsr+7o?T
zKwDZ&T=q8YSuP?nEv7PioAw+RQJWTuY*^HuVmh(2MVq)7do_D*o8fqp?<+aNL)n^D
z_C$$$xeAJ=?bYl_ocrmDpRaBs_=@FGIkQuJzXtClHUNVi%XgaC@$vwbOoR}?MLC6lnd
zt?f(;g`|vW+1{2t>4h|{b=A7y4Yp-ZdTWx5{Q~s9I^&74C;Tcbm>3OO%y=nY++XqCpY$;DTO;n?aLGDscbu6r1ic@VQqAi
z`7-qrF0qpmm
zmA4kEOzW4gyt7bc6JZ1l1){dO5C{{EvLLn=17Raq7Rb&NAPzeJ03de~Cc!n{@C>8y
z+8yB{b<)@Rdy>YJUh4eSLFEo-TL}6b?yq@_tKJWi6c&6EfYdgc4AWpdL?_?7pvMvC
zupV+#U#jjy)%^>_!{Z~b7e#R&4qv<@EGvEY8i+u{imWL*iuN^Z?A4XNcL%GZ!F{WTHRnxQrvSs>?zsurHRedr_Q>easka1CeVkK9$
zQ)QXW6J%l+fQ=|ypBbDP`p?SOj2E&P#_$zRDgFC}0|LT=bXZ3YuoO)&;gE5IDrC1|
z8j`6Zw8<&F8m7=*!z*5GL~jHuq!IP#+Oup2ScdxjAVx8+@1-8%43*-m4Wl;jZ5?2$
z$~vGVuzmMFyay(gZ!+QYze;xN*zZoRukqsYfUaimgY*W3x~{m^?Od;WX8$O_2oAL8
z53HP~oKno4mD<>-o699zb#?SjJBt}tFw$d9FR&$&5sKK(nPOp&OCqw1+;l~N*jk&q
zrgk;Hn^qdzDo<(BC^EZmRFL-&H=W-}oNW%vWqZdskBdp4b4P^Rz62?%bKGpzfzp;X
zzu>Whh(Q4
zuG#|5mWGpJS}|dakgIZaaZEZDtg~aZO-;C7PXri@hJ7H>Xw<+vtpE}W)d=SY4F}OX
zipjk_;jz%gQbBbL(Folq2(?WO0k2f_{bDrX(d4S1UmiEl>X*NA{kL{~do%@Y1DnC~
zwv}y}ukfc#-pA%;TlRU!sCgH}>BKYpUEJxW;IW|k4@UK2biX!)V`m6BhYFH$9KrdN
z6rv6W?n3~zO#=WQH-IVa_OE2V0CTQRpG+6j*tbjwMDjq?+z9;y<>M(6aHMMQn6<}v
zGODppse6nUYV{W3%nxR5v|-t}j{_cpwA|RhA3bl(bU6nN!?$8bYMUk~6;F2ho&kBe
zd3tpURR{1#0dR%PEEa#RLx;#HQp*|2v;j;6au5%?`1u;8b
zrXp}({lSp0{Zwd65ed1|8xJQ5{*TEtnGj)))Py|khCwgogSXW_q59}+H$XQf`IAD{
z$OnqaA|G%9hHP#h~Nd?4Z&M&1iLB57JI=
zaJ`<~e03W@X7+b?-GAa+Yy7vizgrW}uDiR3=2-i+{o2mv*51xOeBP^VZvT_JxrFh}
z{hQ!5lI#9c97XA@a<_4iJV$??`R}{mZFGZh12*V)?)T09fom*$_0FxWgS?B%h>gu3
z;s4?1!PbulyFa*SSu%8>f?MJrg1f*YHbJveG@St9$?rb6*Rh9gwN-b3eT0J;kDP0e*x?L7
zYfU)g6Q~e%(KZs#22XT4CxG*i7MeMFfuec){rOef
zg%X$bGvM6M-@5g)U)>KNvRB>4FQhzl&o2pF^Yr4R*?{-Wv!jzMkbT~vHq|{lZ@VYJ
zO|=1V`3K11kl0es!PsAK%_tCRYrdvSGn
zao%b`M~(sbS@Z1eCA8Hz1-WG%+J<*7%h0X&b++V^gRLKeKtxC`f2@LgGP7`050|1VR_NrPwyM_4VtdQ{~w{E7sqvUeug}G
zy9&d;Y%3U_nyp6FtzR}zNPBm0KCs_Uvg
z&?QX;XDI03`LNSSQiUx@in#kA@mY-)jiQudSGb8c^qIJ$E=-mrG7nV~)xR9AAIAYk
zgaFwv^}~X}dJ`xY3sK<-^KXM&G8X{-t5g3DfbvBnSP?*xL$|iYr~QWGEo7-_Tj=c0F8@h>uK|l?Vl(HI;7#
zU{TfN0O6Ltuem=-4-;aPZt&$6ykwYA=&=6bCk$=>{r67$^x`LEso*Dw$Yb|KJaX3t
z?)Ol{{T@EP0EW2cZn?W|ZP!7ActkB+)6Y)nef?vj(>{9FXrsWc-!v{yo98Gp*>Cv8
z;pO><##slmi8L;qe&m!!cP?}fTXag8?gF?KA3E|UxAf=lu{Heh!i8aN{rvly`!n{+
ztvDr^jL^ZX0DX7OcV8xNqzL+wYQ0>4_5GWdFa84#avI2gym`T+`uY1Ur{oXO5e1kH
z_XU-H0n_usN*DFQeeGtO*vPezdE66m9#ZCdpQ0nblw
zGv7RQYdbYZqj`z5Tt-?fuQo?LGLsyS=lulK-CLZ`pLaKze(M;HD0#CH}3X
zx0Up^FrqB+Zza90q_>syR)i=^{98$HUp042<^rA|y+I`*KQSi?KR9nF{1CU9@aw;u
zUHV`5H;w-fdmX^~sJH(0*FW?4f8hM-{%3n@yS7J8zO~)`?adYc{~UiCua@|Sp(U2a
z{}Z&O{c%W+WpV!m?dzETY~L(l;E95OhE^aFJX#vi(5A=*j}ZtAXmezP1?2(>Z2|dU
zG11@~;M=meeujoz$5QzIZ!yv(vHT1T8Pz8;{RMr?$pKH300gwWAn+s!KtRh00#D-q
zCA0!L;0XeNxu%vN@Ko;q8{pg0Sbc)F6i#3DjamLBu=@mUX?#9HTjC#?YA^ARaO6o>
zKF=}MjaO_PquF9Ij`=~@#_Vit!q4r4ovnl2eQg^fEg{Je?(7I{_RfzwlB^p(gqbgH
zjSVR2a_6LZczjCV;T;!%=@^M_{EWke-o1;x2ltbg!kPIpL1X#Yi`glh(`>UbULK<8
zLgu}@Y1#|wuZQ`Lbj_YnScni1`N+EohQoz=ayYFkhedtisXXtTH0mE(dIrUdIsHZx
z)a*#%RSq1LfmL~X*=QhzuQ}{2LpOYAET8co0IWdfu>*&C$Nv(fJGA>!2GgMvU#AB-wJ!*G|g!(zw9SCKCkm^d^6MlS+f$=^}eTJ6i@s|(dIEJ}Ye
zrcv|Hymtk^&)ETI(!Ar6o^tE>v+55it1kYA@{Hi+GQE9;-HHbE%?Ou?k4IA>^h^lV
z=@2gc42bF&v#Cfh<}8gdYinVb4D;GNVaXZU&XE7dUg!^>LH^&}-^|_r?Qid{lHBLJ3
zO^t?lB~%$%mqQ__y*PT|{#A)%Ldd56y{53yA{_6rk9r^F3uzU+iK1HV+V~W4Vb8@=;XBapK;aABR^X`8)QU0_1|3D6`t>nMw_*=<;EBS9F|9vBT
zTgiVb`EMovt>nLz{5SvaDfhocSHIt8td_iHamFOHZR;2bAiwRS(6+sm7204_u=1F1
z!AX2d#brCWLNWd6#&|~yM_vjCQpdiI*B>Iw-ja}Nh9h{q4+50VikGk|M1^D`5%z$tHs_q^8fxm
z=5({;|LoLO_TSI)_nm#H;d0Z7w!3g5qz4;hkOo3&_nO_nnHDLDESN
zfWU_@Q7(JnvyjETN9bpXDPV)@DG&*mu&W_YOpg!$$
zc)GaY$NFXc6bd%m&T-@Dq|>;(JUe$9?dC=2tkF1bbx!N;_aIoBR=*`%7{gCjXIGfm
z!u~+Ut%o3s9YIC$1YN|)KR`Fci>u~IyLkpJ(BpCQ5|Ek}#e?6<8ibt58OwZo^@=Nv=&fkZIfY5AF
z=4<)Tf|*iXG3~*#rt0z;$D|(KUFhFHaIe$@-Hpm8AoeZU7eoQ^>-?yG(opZu&)#+3
zHsJ*fuF>L`r;XF2ql;hV!`YQAefpu*Zk%55!&&|8ymiuO$VX{)E6U2taeg>IInlr5
z+sno~JiI#Z1qvE33*Kd4VK8y|8DvTt8(e
z`0A|LY9Gt;S7&^R2KqO%*M84M@$j@=DBuY`4ArVw)A2W
z-iFbA_`;FkN-x4F^x+xcoxklIy(hpphctI@-yOcACmBke9*`*3FN~j^qx#W%{`S6p
z3CBeJuqB=-)HnUcCE~ZIm?ZR+HXuHpf9M<{J4X+fM}XwVT&`7r+Ym|V-tr3y``vjD
zFGPvvyHCKVzUK$tK>Xzs@W4l%*3|{3?V&fnoa*PVl>evcf6&u~-A=yV17NoPr?#`X
zznAg<-`n0>#eaU5zh|)jKm)xWA0NVbW&g3V|5(|7tn5El_8%+zj~uj>{l}B$ZHa#?
z`~Ro@agsZ_b~Cwbw*LQ7SdwgS)P8g~xA5MrW|;qr6nSV2Vb*om)(k^`%-D(V*G66#
zj3+}r|H&KMGTbM*ssn`V@>j!3!hXB3@xC^s;4p4KYxnBY`Y$NUwo2Pu);p9STO{X{
zYJ1tllsp7zpoINFS+0~KuYIa4p`
z9k-u>7{Wy7UJktkUjE&o1!8vrm4x~i7UY$^%hhS;@cbM^@3U4p9it=pxU%+hI2m;g
zqiE=RVPchq{~f}iMMaIWXA{_Zv0b#)#*;Buv<0jokU1S1;FmV5)1XK-s1i3?4FLJR
zR8!1Y1zif_9{^1XmJdlvu6flZ_7&G|VodP7GPR;;gOtJ)G#E?jF
zHt4vfNv2F>6?^L4psH86im0=OlVoEwypu>IUsXV&Vt8hIFwwc@^6g1<$u=jKNw+56
zR4TA^*&Y@L8s*rx&Bwv=jc92gtrIw6j=W=6a-L~Lh%7va^$IyflGoBrYjCYVBUa~|IT%r
z1CZQ%-q`B~!ytViz7P1vE_!LiKqQA=)b$|bRSAIFFpB*($P8!GZqcMpfp`12b
z$l;gA)!!!;Kz5rRbKyH1HY&@
zFJU|yF#Xqr{+kVbT;YNxtBK#NCUDbd!4z~d4<^@BD)V<@q9_)MV1jxFu0N!_jTmo;
zzG%kB@WT@bg>9f9AY$u?w;%|Ni?Z}$HV>q5RwNnvT@bhjjcEl~$-7K1Oj?)X(jef?
zt$rVSV|xg)q@JG?Ije=|M}Y>u`#S8%kVi)6%zhPgiDq?vHS8Y;L3&#ExNg1~0eTp8
zJ6ICFTB%;@D5d5t==t-YE81Q{)ZZm#TQ>rOZ)1_JFJym`D6JzGO8M
zce#K!Gt+=$PcUzBhxQ%iI?a9W2MK=YjC~Lg`zmx%CS|J88;J%YH#q{blatdDdE;I#
z+jS;L5{{A*%j!|$BWXZG!JSJ58(Oi8#LESBG0-ybKuCyF9!n}q4m4Ug`ORe
zoMb?!Xb5BjMTxS#4mJ`a&;ZKFqs}f?W>R(I_ih!sSMvBy33xkS=u9t0db32P{(?To
zmT0~@+%H|ze7LawiWrStbc&G-M_+T6_Ae{XH>tnUAw<8S5vy}JKf-T!?fd|TcB
zt?vI;_kXMVzt#QU{J;OR_kWVhru)CzR@U!s?_hgcMDfnq(G`hgXt!uw;90Lr7=TN}
z+?KkCk3gExxKcYtTkqW$Z{(ZP`u}%+`DR@|H_zbt#hhzF=dY&FsEdf+%ZtL~A=yA_
zHsRaCOeZNztefj2zkXvqzHuE(Wp{CuQQ=)(WL_NV5(!{j>PE@f_xrD1zEJy}^te`Y
z*?C{FA*9!SiV8uyU$#!*RaTXlUPoz^QM-@=0zJJg1pw$Sg5(uApH0LO_l$HrKJ9%zuEHt)=sUqoss`{_ILJH
z^8a)EJ%jwe_B3bimHfYw|5x(=O8#HT|10@F2W=()KWW~U__vb(pZd39h5sf-n}f*h
z>L_wQ!q5(O_77@%Rus7sm3G(Mcf+U)RR7M412hjv=sZzDyAu`b8x;&eIKUX+rBX=-
zGRp+;?sR|vnhFH*`~=%ynY;OCG^voC;G5?`xq|y8jVQa3+qk^kIR79n-7)NtG;Myx
z=O$Dhc`5N@-0Qv?j9{ZMl3pSX_v8TT!T*;;Aau7}+j6@PsgHJUf<)j3#_9+ckK60u
z4z^m?hw4<5Y);*lFW4%hmZT)=bmg9SL#ih%>ZaDb^M(_yiqwT6P{mS7SZ`{xG&tGC
zr@9+XkPUz_P~17<2NIw}FcHYPBKaA4w-QoW6%?j&9PKnG!4aN@`RoRt<W$eG_1m}usxUeqnJJg;P)$oeqb*T3Gb#^u4eTal{NX2_1Y%?it6*U30^NWg
zY4Eh;d|16sB==6%F-Yr^G(r#S2@x@w_J`8CND&Clpol^l`@c;BBxW$QvDYUFr|YNpXt2pMJ@VPQ
z6;El=nJPkoS*NMznekxnLMLH?kBljzCSXaKUgA345ap<%u^|G%AyQb)8-F++z+S{1
zvSHe>zH1(pN}D^|TSV+|RowJGVzNV9M3XKyR??&&Dcp;Z_azujMlW31QxF7T&2gZw
z-CtTw_j=-yaO&fy5X*`USOu9Vz>S5ln2wRXtClp8Wca`&`F-0~6|Ha45{+Uxly+;>
zchM0*xNDdtq;xPGAJ7Cd%eiIf%0X>wzmkQ+hCl>pXY5k}0Z1jf3K{xLX*Ac8c1Q45ZT=mmzBfnr7$&0O8u4%TgbjJLBRHsXMiVWc#y
zgsDgC!^&>$~!c
z_vfdL7Zs+~|B@J3--@79#0(@fXE2XI+*ov%9QR$|Ax{Log3Z^Bkc*~?cFV-#1fyW+
zVcrs!hzC(`G!~izOgw1>#zhQxNsXb|=3o-`1P9%U+`8kwql(7~R`=WCK;^B!~+f|>8*X0n6zr%|A$3MEYtqM+F
z;`=UzcEvSro?e|=V9|P#P4}o#toqq;OVXkbsp9W{vRcS=1UR72j#d6|KV^EPSUu{7
z-R&}*%wC1;woMp6XJJ$%p9fUQMp6^Z#w!u`$UsWLQ%*vG4MsD0i%G#t%1ep$^>xm)
z%CR+0njaeFT6N2~crorUu>M_;bSHysMo>+b6F#en%fq`VVg;gGANVIuYYH9gJ}`Fx
zXL1PKw95=D9smd=y+K7H=>msIq~u6CV!Y&rorQ?8RV)f~mjaLgi=ep0gm@cfNfO0_
zc>~1BVMONz_h;<)kWFqKda8aSz1wU;8vFgu7e)^&GEGLADd
z@DxW(Q*zF%s%u@H9XH;(?k?533dJ>`HA@)k=BoAnuzvKRv{u7%a)rl})jF{OB`Q5}rxKT*vSDKb<3q
z3ORpuO5_pwD!uKHPb7_xPuoFe70A;O%E1z`Ul^Ik(}HCRmjmQ+xDYW1x)CVOyz`vO
zT!<=Tb|v1kCA05DxHQVXRx{|Hpy@XNz4ae>ZHbqJnG0fr8<6(+>pU+4^lgZqq9zd#
zuA+FqiN#+V{Sh=oSH&(tt2C9#pZ;w0>0C%EX_S*gNF0(~%ydwmP5_j^U=I?z$0;6m
zodJ|cuejH(5h32`Wpe?q)&??ObB4#8#*0w;@nsW0}W+?LQ7
zb%-;b(VoOYlzg11Gt=s-B*f4OL1(cziAPj{hDbH&7f}&?J0?2c*J^Sbi%}CJZ4b5dY7j^0!)?Awqs$9-)R?{nv(rgC2EVg!4`3H|
zic27hJsJk!O9n(C3>H&F1$vm>rY?`2%v4yYm+YQ-jVvL)%(#`zsVcrJ5PF0Xj&aDf
z-=4!^h#rm8=BwgvR!E|VCh1xs{Q-sP(zJ`eENW<;yTS`nV08%&
z*6b(1^Ts6#-1$$8_@$EcE!teTSIkQ!dFBJXE@fv3Y^A)mRVgSWyS27e@KJP3_G_)C
zC-@^sZK?^pp&+kMV5&DOnKGhkRiwaqlpIToJWknpi0#l^;fW+AVIfDMW&$;k
zvG3iYPz^Fu=*5{8M4>}k_M9}%-nHMCYMWcz3|=KZk=NlsdyK1TB;-=rZcu2rc@FBZI)pbdc1PbirMr@fP&6UE0S#tPm8H7mdKz>{G8LYIRVIi
z;sgx+FTmjr;W+k&4@r<16NyZes|XdcZIVOCN^{5>ixQRzoZ-HQ@^281Cn-7Z6*=5#
zXkHlfIwRnKc+ckj9+8jaSQ|xOdeKmQz%8J^AV1OpcB0^OG(v>#h|nJ9D~j@wX(xFA
zF6K)f3{@9hQ-ag4XA1vIo4MDp)6lq6u8SYXQA}Q%>^bfJ9(5X|B~23V+BX--a?KQO
zkvY$1!h?cYrbR`cTg^BZluA^oMd2n7z&OPn>U6$Vb(*B_nh}@tP`?34>6*Scz`P@A
zG8yAJlt^HSvBUf?fXIFFaiw2Ulpv`d{aK0sLj8Op@k(J2aK(%PCwsZ_KFe+AzE57u
zqABFkW;Z2tF<~MDf8^X@sR`iTBc#39gdzPw$1pI1Na&jzf~q#dMVW0;Gk)-B;w&x
z+<)i!|L*R=gS)rCx4FH)xw*ZE{=b|1tNc&T^0)H;UD^Mx?0>%zzOC$kSN6Xv``?xQ
z@5=sn{@?#W`(MdpJAxJjAZB@Z6$Qu;@+FHDl7%%H@amCar?}1xSLUs-tzl@4!##LI
zM-Q_C<$wPIOvZ8Jq|t8RS*pqs!X@s%|LeMYq53ctFqvox8v^OkY{(5{)cganfE$}z
z8?~BS+rrG)JK1=~$`1MJ?5KTtVp<~0H~$@8%(D%gReyNIvR;vEEte?s1?^*GYdQLF
zC|zgezmXSiEV~VNXLEmdcdGnHFWvnu6#sVj_jcg(_U881Ke@Zh?nu$!|8e=RX#Gz=
z$QzUOWEnodApg%=|NZT4Bmd79;6iP8cYA*&|3AmycfZ@{2H{3><9xToBQBTE`K$bZ
zmzePL)iQHAzxwJ-&Y7MqQ3vqdGF1TIEmH&V-7*yb-z`)AUoxI8QTqRGnZp0Fhq*k_
z|GQ;M{@*QA@c(X^a{qVB6#Kthrquu4GKKynC_vr-
zL$nT_BhJF-%fPNxWqvtFay;Q<{m|Ey6=%uWob
zH+&#bJ*O~07lS6|$@aoz2$P=xtbazd{v0YF!6sCj4EvZ*`x-l$@X^Z7r`R1dQW^Mu
zKM|fnLt#`K`?#@SEyM`AWc>cm$`6t!oUKh@t-ho@mRsK+v%41hK9ZH`7(`&aLx+K*
zx6;r*a8BxH@2-Gm{&eJ=P=00j;eWw{&y}ClGkpixh!{V8Uvqk}q(6PXDba0T7xzXXTE*v4pzoQ~ea)*?dE0M;;
z!z$rVHII(#2!McK`icW#RR_WcPE$O=8H&l<3@`#-!Ro{8#nE6u6@}m2HTqaY(QQC3
zm8o<(p%sBe4X(-Ult80y0+-Z{6>)zWco__1g8n0RQ&mk1yPsyXEepBb0+!
zv=+L5{2mv>eev1Z_?LfKYqifW*5Ht7to_TsZ2abI{QGzRvXN|TY>e^eM&C&`zTf!g
z_TM+)N9j+$eqQ_YpAPXqNBEz2_@4&+=ku#qrHxYium4QN(8dKG0R%jRlacxjJS+cx
z;r@*}RTV{q)v7iM^4+qP}nwr$(C
zjT_reZfx7OZFBSfceiTh)cksCKFz7F?(;|kX4IkTZk!CeIVghQoi8N8$uEfX!h-wm
zKdgS%Jg8g^qDAAp=4;63j)%90UrL&>*jbVX?)k4bOvhozz0Pj3?$<+Qvgv%GsN7u+!M0j0q>p(aGs(1?KZYX
zIWzfr0A=*md&El69?^v1k1uelpka!7;?$ImF5IieMgfZ9
z=a5c{Mg}!$jkMzNH_Ex+u6OZ(9YhP>D;wSS$FwZ#_r~?IsZH^ZM=ami;u*;acQ7A#
z&NbMikow16UW*ril=-c*)ECtv8V|2Y)9Z(AMgdrmR_1hgpHKGks3HIiwnaakz*X5e`~=%XNrEyK}le|W=S&rNEXkl-;;$V72jeD|7uT9E{2
z53#+R3h~jR=w?SLMcln5kx^aTGVal%sO5D|5kKWD_E;aUZb0$^HU`y)GRZu$u*Uw5
z+r%O@Lu>JAs(NYgZfc$yBUlIX7h=Hwcppim_%`_Gb%g$eBLX+ee)d1BrG7h)q2{d!
z?-Ut+m-%layp`!7a6+2MeKQ5W!3ieArvOIhvb+Z2_|VFS`7nI#pov0hBl8VmBUqv<
zjubVhsehwC%Bs)%Im3wes;0*s~AAW!?`uzXx!^Ok^J>hC&M%Z8>tq_A>zlH^1
zlHC9E7?*vhTB>o%-45TeJDiwy=+a^1on=}SDEhvv!zAM%w|L4v@YX{OD)ZJmW~ICi
zPaDn&<0)Bx^wfM*J)`rvp3a
zc1`wdIa0@}(M9HG=Dm{C*VQ;32*#YF5ug-v~zsGw?t`Y1cQ%lJy;1HP11}>?qP0i
zBT@-}f8Fw5S^lp)6Hc4}m4!L?>E9=3omtE6&|4doG;VbTW#h$Qg}U(bt4vg9x6=V=
z)UloIUK$>mcR-q1V1U5l{kY@1qliSBtI6gB)!a
zg|N(fx>$P?sazXpxhHe4cLnPK;18$U-TBDN-R`~N>-c;l`YOp~`Fh}0!^Dke>3z9)
z^;={dtrkn0g4)bz8)ofVJFHh>0zq*`2c-6Ipo)jLC<
zvIKPu6sJYBPLsptLwC*PUwR-xDJX8lOaL-BFs`~t7Fk09BmX`g8VqZOQH^Wa|7T29
z$1Up^z(z7Up@8SlFkcDIly?l?HmCzKVP!FJ7N9T!lgMH}%;hNf6Qv=oEL4a@9{+Ni
zWKL8--d26u_9(fHHJNg8_D1YlKs8wCWY#c{n!UchLv|3y3$%&m7WeW1;`Xq%|c9u(uGXe@p`-^W90yI`OhhY`uRsL=MO2@4ATd#=}
zsm!;sVNio>pgFYMFOJ9cW}869IKM-6lwboPBnxMPXF5bTj5pNSET
zfV&Zy;6Z*5rgzFN^laO<-DKxT{lbkn?T>yJ(-<{kJ&S=qU7(QiiG6Q4MU*7(ak5gk
zyUtky5A)=-OB+3QY4qcon-LC_NV$QA9AZ=RI=y-dTS!AVSs;)JXV^Z}TW`y3u|ZeZ
z|0D~skc|1z8CpdPnGsd&rCd9eM*~0KYzm$4Q~BV!YWOaD8Q!0ZoE>euu%NT_@O3vlgvTcwZ*t?
z&4CvyW%npF&Z=OoQ
z>upY50S1@^D%J7^jGzr>R3vqokb#o%0#~P{0G9gd?kNYxJb`|(Kwl%q4Cd-yeb~I`
zQY2a&7Gj$nysLrW(c2t1w+mft7MA|*ioXtCo~+rgL$t8<71#@|5>2{=QI*c=Yz^1_
zaIu>sX=U|Jc1nj}&FRAZ&W%RSPCFO(mFrtL*RTV{
z^AFpWg^YjD=7v3k(=S(Q-2Q(*0j?W>Pfh;Z)*L<|ZfrM$si#qHB5uM->InJ8$eLbg
zM|kq{i*rL|jyA*UQ%Z^;M|yO{fzXkK}EuH=Tw<&9g(|HY>eeQ-dy#f0U8$bz!9qxyml$7XPF9)
zzg+wGtlopPG(oA=cX8h92UqsO`3mS1i+Wn>O32?~#}LjbrT2Oln)xMR2!>*AP}9xa
z{4g$bRUX4ve>&RW_fLYy>ct~F9+42wUBQVJpb2XPXvy>T+Wu1#gH1q6F#{G!oZJBp
z^Xa$^a5H^OK@V#~pL}-_>QYI5zMa6gvpv|NoA}c-{
z2i|jF_Vf&@-ijT$J0vNBGZ4fF45(?hln0ha(AztL`89HK{;pmUt=e4%yhtmbOhVqu
z%@G%!R<9u_JnZGRp6{7~M&TTY4NZR;By|c4=AZ98C)r)PyDaw4GhO>mKNOumSns->x>|}*4+lL<
zx6?DzKb>7|jqN{Pu{}#uJLkuCE)Orz?*H1~w6;F0ZNIx2wts8R|0qe(fBB9{Ifm+6
zA2xQ%uG+OWei`(*);I0x5Q|K9Uv;5cjkKSWA3UGb*Ux1|E*FW9hRzSuTPqQg)1GX!
zor+2PXJUZ`qSX3ref%bM@fabiahf_^0&v(5l*6(;)DO`N*<$|Q&}Ox(!MJ!Ks{-~h
zp(Eh{Y;!yoB}?*cY993`G9UXDQ;5^dfG2o5ni^j;AGPw|LAf}!J2zWZc77UySWcIG
zFRW}YPIo<)8&q#M9N((Xxl|PPB%n1#y(!48i9l+KyONOFv}pR`0i<$cfAT&g(Ko9M
z!Xvh>fL{}S5$rErY^3yt~Y*klvm@fLn3h2NFLpf)-p-S;!%T>MemUL^5-yJ{!u%Vf#ptvfQBx#*>2umx6CZJYLa
zE(gRq;DQEaiEn|yPdJ7Q$>;>bu1&9^&Wq|3iMC*KWiI3&Y^DY&pZ
zxy7rK&!&ZvP5!p)DQ70Jx0DySPQ18ST4R{RI-I!nPEC~*5meDL6iUd-*onO}LdgwYj3f)ZW*O8j&uygG3AK>ztpm4ls_0|!vDGAHt!R{i
zQW12+aV+3$(D&1P9NY|kaM=traH3ZU0A(VEe0?!ypgfZaD~<`{Q@x7L9DtbOk~re!kmZ2zlf!GO7+
zY1O+PeCG^5fOijK?ka}|AcDgw&fZl0!bJ0HXkNH2go4OOvapReU%q`Y;h|B;p;p2yBrX8O(CZzC;G=NF0W&DDFSd}2(8*E
zU7(ks&_}pl{_f=AffAIaqWj}|>URsArO0%maja=5XKo^t$r|7&U&f;j@&J7!yx{NP
z8Tg{2V>TCecBRUli}!w2=&67(VP5myQ(S-2IOFfQM4|3gzaMjd;ml^jF=}~uk|_`o54dMWjuMnN$4}Y%)gOvcBKdXKOFt%
zSf@uAz5Y3Azub*DO&*E?KjG1Lg-R!P$6sLRQHLTTRA5KO_wTOhX+b`QA8)N5?!bv{
zu&XtCeySw#XZ@CW^0z!9ncw-x=kxht(HyNvF|D;CU$L7Q9{Q|6g!LgqHx(c?nFT#A
z+!tgD=b!qIPo=Y(!yyI+u@V|`6!XrGU{bx*_iq-Z=4fggRHC70rrf1IK*f;{|IUXNOy9RKQFYtg;D9mN&T^xUA=`W>#+
zahLIs!$=w}g4Onw#76MYqgG6PNfg$fPoco=?=%LbN53`dqT0Y^{|2>ANSE)MyorN9
z|BF6iT(3(E?k_LcihD|`3{?s<5E&bQR5Sz?54P6lV~>!o3S^pH1s&DR0C!ON`^j)MSlVGIpk6K76q;d1CrfY
z4xj_F-@ktMr#zBJfkj+$3ExhoKDTn%wN}%sa6kS8$g$@hH{j3N><~!#TE1GZ(K~KV
zKsDH^ko|dY!Xs`tj6Th9BV&}Oo4@NI=cv{GU;<@C))%uyiF&t*C?K#ShLa-h2%O*B
z#m={GzR?U`AJF3$@5Sxh4Di!sXYuVIDj1JHgS!`S{wQX5*fl$ars;qyG8vWhDCS6O
zAVK7+ruPD`;Ycig=RpJlY+b$yWM_D>ed^W{U2zCNS4s+3U{p&~KWW6U1#XQgA_}}R
z;H*<+Lw9?w-WSiy&gF;S>X#HfV7k*!Pn*)j_Ro#Y)i3!d_vrVa(bN8>xAn;f{NE8n
zjqRuM?~h%y+ixYC*-C8lFZknvQ_gbz%8f5lRXGoxb$75!wO@p4
z44;)e+*u8Aj6bAOkY0nXYo+D@r@%qts`G#9O^OD|8)MvR7~ObKd!%(cs(IH^&a`_P
zpfLTTKGt2Tm&d~+;B+BtrBf@r>}U}1921hI=j91kGTE#2&SWEsyVlVu5bRMZ1WloH
z3c0BK5^;a*9*pLG>o6}Rah1;45&5t7J~ET`dq}03*&d!V9gtJBY&rZXNnu9#k*qV`
zb7o&zEE4tl1g~xvKgM3j1^`FGL0E5N)DL@!}F|)S8oU%Ho&@VEWED1HDoV=`tw*b=inXIzetBIED>vUUvp7)mm^bsvCiU|V`)X(N74D;htGViD#@7brXHVl>^}Q$M
z+phS>>rbcF+0Xx;Zmko8nWcF5aab8%DUtnll
zmag7*uHI~7U1FT7VbeKw?zPr8vhww`%?67l3o@yc81|#48d;q^k2Sj=mV_!a2>hat6=I
zuKtVak=Yh{%v*l)oht&X=TH12JISpmQ5GH*%r`f96DE~e<(!YnKX>onz3UV6`dS>3
z29Mgfg|ODONH+bJS@|iFn*W|$__4ORy0SBQ__?~Yu6g8}x%(IS(=ZQI-Na8tGb;(z
z^#4CPw)t0~k}q-QRnt_1y!TZv(W9PT!-YuZHK~Jw)CPPl59>ZN@q|9F$Wuh`La6&)
zRNg^*dk1TTI|E+8i1hFSf)k^u5Pk&a7@S=K?T1_nop3Hdya}R=#>#ikg7#0kS;c2x
zl20)_+Sc$Gh2KZ8=q``UWq-XDY0}4WPhc`g9heA^H_AYEbTCVHl-1goB;kn!UZmrg(9uKt|n|Bva
z=pQ8N!X@WQ8VS_HZHd^dtYFgHvW4iKI+z#yK^Lqivse7{nlYN66aS{OMp_4{Vkwc?
zdj>f@ZV=Hy4=3d_10@fKiWcEu88@uNZqLyO*$DgXt1}`wr1T4V~mf>9~x6qp=uDqGGSI3WOpsACbK}UE)WCcs?cXc
zn;!>gM_z&OOGh*0L2a+~85UIsP?-8|TndU?zv|N$7tfl9-{6-tA9w}dV&uYA-#*7+V7ERVlJSg4U1$Pr$qxa|
z4>pQ^+65-2`>aG%a{=ZM6krmY;2wg)`?8g21?aL^`S{o#qqhv
zn|PpYLEmEX`i!F`>D#%vkptkO$5lM$gvf(Hc9J7cAV{Rm*r#s3BwJf-Z&*}Y__J`
z#h>J1+z;g&?MALwa^m6+ITyKEHBsd`{6uLz8*f9q{qiU)#<`l5Wzy@CpScn!qB}`$
zp1_k^S1M2MqTI1mJJO%Eg+B+NrywexJFtzW3Xm3|N>GmSt6HWq{<-WkH^bu
z6Yt02tqM{q8;v3@7J4(2;T^?4f_ijWd0A<-9*jKHEH=>(~0@WHQMA
zR={=LE|aV9S>Scm3e`f$`h*J%$M0f3V|1S)q*}50?rA{HHz%aYPs`$Ytx8R$C#vtA
zeja`{1f8een?V*~%=3l0d#A-d)*vn_An&#+v!*5j`WvGPtJ({onXxzmtU7Kw#xZK*
zDabcipuEhpk4)m8eb9|e{ZNFu%hEkw2X?tr50g@JI-^TM+9&@@jyDAncQ7EGJuIkF
zKLD_y6J{o%+tbiA`XTiUf+&5<8kkDczXKacC7w-=ZEVl{Lx@e;$o3ehu%8OHO@9{#
zhvJf`>4ObauO>=Kf1bHou0&|%!?jg9rU~h3)KDcCJwbAR&O4qee6*c%$Xsl$<70eq
z3y}d!yc2m%tP%xL-cCu#lmqfdp@aodIRi#e*({)qfunqpTShDvnj!j>-w|f|mUl$W}e7%YX(in>du;=3XZ9qhX9xCY~^AKO&;kefChT
zlYW#tht&fy_Tj@2vEtN%PB~LgHj{)6-N~?SnN(Dy|!E$n|ic_#Tgox0B
z)pfGTuB+9e5^X>xj_wEAopS=Zd*u8~<(hg2Xgcwf^Abi%aJV0YLiBjT7rV{vJ^$4+6
zeg)lh7TBG?NN0$};Q}au@zBeQ+FXEI3-vbn=h^3}%-u{=*TO9}i@pe`7+f*$&)=U7
zZ+0hUHvORW&9azwF)^-=-(z`X?pM`#8z*RpV;4B;W3CV301nZ?o65JRB+G>LBjuH4
z^1%Z8;pM9Hn3zzI_n*XC0v9#~2LKh}ev(k(wLg0>P^IfXEE_*u02*meolQVXnO;Di%4y=42^_#)R;{;%|Yc&3TmyW=f%6Iw{d%
zxjWBiL>VBN_-a8O5`EEJ<)!V}C^1FhWPWZ$6NU78)46j^SJcBvCb&z6
zQDq=4B;>%|ft!k`bRurJrAH?#&VSJ5Bf6v@{>O8odRj)8R&gR(YTDyoa@zh8XGEyr
zrMtSJGDM>ddWT=+TNlzXwjJ~n{rpMGZS9*#owmbs^1gM^l))%>8dq#F#<8#8aCDwO
zaj$=Ae|B_Vaz(ytmu6|Gk$x<^P=3BVzEyL6^}qj7n0_x>|7om$RSiAAW8K65ch9Q&
zoY^EM^WCZM=exqQ{&BC-nq$om9SNhHgV{Zp<6aMYtk@W6%H~d%+k-&fHo(zUoTE
zSK6Quxd~4g?MaT4ExvoJB$`dHyH9e79m&-hyQEeNONS`&i
zn9|3X8Hx_9P^T}*n=kJ|CcQaZH5fNlu-=Wb0-l+2GxwnQeYe`
zdMHIdSb1TUTQqc$v!H<){SL!*u(}2pMUXV0FwhJo+DUDk;-IPy4xlYg$^fh(tgGZu
z$O2(uW&+s;>KcaN50*;C!jqo@bmtAzpkJ-cZ=CJnevjQ%&ExNe@$dh~Av5j%-sk@B
z(+>L0?;Y>|-uA1$O+@&Vp1QG~%{SqZZ$`@@xfAl;nzB8hN)e
zaz))#yXLZWoSfa#-l%i8SpJE@?qVnrpW|XjHR*?ET4xBO2Y-ItMg-KM+iRF#hRz1Q
zVqD~wf3L|H`=eDKONF%?S4o}!+X{TWDbUd>R$q+pc2c$5?3X>HoVtdgb~BLEclBaB
zhbZahXOXePkI@{=wkyr11d
z!pbSp%V~H>fem8qQJsG@y1{*Qaj#DNW5^%!-HgL0UWTar=|2;6OplO>Dnw#ksg1-5
zgN-4qe+s9_2GQh%ZhifU)IxC>#yaS`RS
zvh0M+oJBk_Ry2;KQ{Z6VaHvFZgzXvlsC(;z4!Vt1^dkYP;CbjL?|a_H`x}MWMix5s
zg#6UX2P1s|?9Blx!?1>^x*w_!YlcyzNU3KaP`q91y{QoBuW8)0>T42)6WrlE1gcMn^zOd~e%F2}D|`~2I+cTY#o&}VO
z_>Ps4YiN&`VnT)Oo&n=N=P@HWMe{9n^m|si88_3e^d$t+5&^wCrbm2vu`=aTJEkkg
z8tIVy-Z@afq?V}ApW4>4+Eo`R6BWo*=OK#Z@W7%iRS}Fq&XFucDmf&K>C|<*$>9Z<
zN_5mO){!|`XMc?j@GEgg>sj`&D^I6AY
zC8w6~c!j4+v
zzpu|gD_ZMV#qaBw#;>JjgKD7;m4ukPW(f_;cB2z_A+m;(h8$MdE|W8s7weCq8^Thq
zFF&G~E`LZuu)T*V_h?Agik!ALb8#^Kl^7n<{44bZP1)Fj(ePOLqzF5eXySCsbZlwykhm8VzC3`a0bsxmI(1~4i{vp4+I-bXKv7n~=&`msUW3j7@`lwoD5
z@*C1x+s@Kn1n>#$4KIMQU_RdwP_1=bb}kwV$ZPv(mH8Kc&v|N8SRqdmGV2_?c>yWK
z_PvWVta270?)`7g&%o~dO#aWt`u4`g#PQEo(~2i>nmvLits^inj~56JHa4Y5>(lQBq@PGysIv9
z(;djLU{I9qvW_HLC-EVM0QN0El8XOqgz?6CK5+)r!@m4Qi4cOi45w+KXj}m8Vs#NY
zdCEHD(+l6vIjWLDooa-LuMBTx2)_&0ZE7Zm-G|G`5^hDxaE<8m(ZpN
z>U3u*ugq2%IG81OQa5x1^s}8PUQ81?>1;xRv}gbx!q*w**-;PQN}*B6WMHCX=!Lk!
zKE-j~&P(wX&y-D!ByCU7q_E9T4BkJaBr!!!0B=PnEY2fQW&hgi6qtTFQV&j-fo{>3
zINq+rw%{DW4%siPT6&2TL|b@RRXt#Q2(nPEnI@&u6dEUo$Yw4SKkw!rbw4-ybeik^)gm|+E*$;T*3yC3UMS7Rq
zFwGS#88WL8c8K*Nw3zQHy1No{w(WP8{FeQdZSVXe4)>lNy+<{;vOej!(j27z3e@9)
zv~yZPwb8tMEJu6rtcO`y_@!#}dsjNmw)D-LDJ4YAK(Oc_Ja#U4W8`H#^qTv46gJ+5-x#il|NZBPqC
zLA#0cMG&Qd?Kek?Bb>$255!;RYo-p8r)7l+gb6}j&wm}r=5Zp
zk^BR|#$!v;MctFH-WRZb+cwIesMlo&qQn)bh;_(jLsWIQ?L-OZEW|e!rvY4m2ammL
zPAg{BOwzS9=>ka)ez&hjT)E_#tR|U6Ibg75_KXeX-iWw$a6w%DpH@3}MPsbBrd}pj
zf^Zq8JL<>2qW{FU^SQk@G
zwzQhro(~^WkXzr*k;O_f7H(ZjCAL!h?Wkca{uWLhL;2m@U}bGVF&c<-A?Chzbkz~`
zPg3ko+>o*Wjr&9p(gq@L*=QzNd>V`{ORxh`
z_-&CaO|)_VfXr=2Q>G*E=glo+YvNU~q}7a`xJw%1WP|xxoPYaA9YO*a*h8%}zJlYs
zyKgdu@2LZ3=s%{e3r*?0X_hM>v9C-E;8kv*u9t{e+(bnvDnQD7HtvB_LEPpWUCK9x1>W7zXullR$kVN`b}ei8
z%N-ITwr*Xwt|XDlm11n8sjVxeB}<+oIrvOuT1Dsc?~$Hki96ft((n*jfgC7*V~{$^
zk{Cs#XtUuE-vjgZaDIr{)z}0v0(+mFrCw+sbo!=?(2QL4NElg2B3{5>a9MW6nVK1(
z+mnEJ^wv9Z!l}gGV+;xP-?6mOPEONstfo=Wm{X&4PS<=}VZ1Rf?^~8BZ=w6Kq12%y
z^E|UUgis9Af&-0p|P@-W>1Ex{JM~FH@|5ns^`&L_o*N*(gDM
z49LYPf+3McRLb!%suFf5>JAW<1!L+PC=6^hN|x*n!
z`tvB-Bod)Xg~V1V5H|{@+A=qp7V|Bt8m5xPy>~CP;9Q4Sqfof^3j}v%H2TjIxp4~u9p~-2Ub`o55$}lF=o%8Q7@A>If
z>ITA`sj#KKlCsbzJd}q)heB}j?XikHG|&%;J-i!FiNPX>SOq(uKlkJlxryL`?#a4i
zmmoWF*n;aN=2$1m-l?7vWb@f&F_q?d%2t~haeaqL_L-~V4S(<=J
z&j^^Wi>q>PhUa`niF%%uiVgao8qW`b?|oSnowOisV7dZE?X5vtLy{aBlUXAXhV7q%
zQ&+QW*~4mx61LSDALan;kP{S%8GV@TNbur35>P3w9}uV&%NzaJp^>D5l%WTAhmT&{
zrbEKcCXq-vJ?|4En;1Idh&Trwj?CvI0^{(Ckm(-ixai!Mb<>H+jrOc)NgTPN##l6f
z5GV=?%wk|=g&IgY3$U+$CBELs8bQa|2}rMG1c~KS{CcFVei0vt+UQDYRg&}ra<>`2
z4hnfP9kbCIaCQw0ppA8{C|zMVhUQ)2V^g-2SuzenB(oLbNDc<(s@N&eQluA&TkgcF6VJh+eD6Hi{u!4gK!HdU{V`5n{+xj$AXw9k>T6PYe8TF1A*?+96
zq)XTRp1%xkjyW#*wz|5ys;xg)w$>@XFB(6qFZtAdiDn-&{~gA@PR75TOn%;Cey3kQ
zZ~qs!tp7>gEV})f7WUiXS>2{%{3+4|JiB0?acg1@bT_SoF
zqP3Stb<3xp)rd@Y&|Dg+$o7MRSRX_$xw2*Pc)>)R79l2DK8!Fyxxk|e4-vD~I*$t)
z@Ay>S%{JpI{5K8DX!=CpLBKtUl|q+ZvWM~tcH1;f0tx>ho}=v7spuJSk>b?&Cx_(<
zV-RsW^&*Ar?SM9K%ta#U!dpwG<|w`LImOD3iD>rky5$enrp=EXac&ODj}b_qJp`q{
z$K8%)+b5lu)&>{V+s`j6@Bevf%=o+gZ!q=i{Pzp||9&;*^v{?UpYBJ>Hc=VCO9Q2M
z``2zD64IX%)e7)5sT{mc7sLRlHX3LREh}W17GKZYC1B)b{8j*@L9-yy|D8)mt~b}L
z9P%)JT*)!2?1qCzfPfnFEBU)@CN5&vv??O9&!n4bUclZLpxoC!vLK`@2USga1ZIIU
zY%HA_20I4ogCt2$pFsd9cn+eS!U4VoLlcz9zuRKC)?Nx`(VGlRlO!R2Z|jY5-d9Ds
zn~3N}N*XCziWRF4Ut>)mN)`$~mO&PwgH}?}AhH@7N*Qhta+QaC0vjaOu`zmb2?2>%
zyGXP_sh$rpi!mr8+Qidhn#_<*5Tc@SK{vh2e~(nM!+5G^z1{G8O3m|qNELOQD1ge5
z6$dM%2rD6g&Yyre>L)KU+fSTDS`|x#`;K_(sy=$1qVzaASO6D;!YCH8yr(b)B-MnZpkn7bLRT{`P%na=JZYZGw|@q6ZU;G@;{jV|6}yO
z*N=}9_urWgkH>ZDB&a;x#o_>Pp3fZkGKl>?`{`ET;NuAI*KZQxIAzBw^7#)orkdd*1X?uugmSd2RAZoz34_15$Bl2mO-$n{Nt5eT>Wdk
ziO-gW2XEvYbdc@k5F9Mm7kE8J63@FXVqO|}MKOB7UhhjSAQVOD%TS0@%ImZz6IUW6
zXMe#1EGwZdrJDUzTQq}20N3NqXFlY1uTFXU_xqFQk_Ml%+X~wXg2sQ^>UlWOztrjJ
zk&?RNkNC0l)PE6@AcL9fv4+8gcELM=iF+dB;Q4<>}FMlAkIs9^YmOW5X
zQ*wn)lRQ_QFm!VsmEqFGL|%RC{g6Xg9C;zVH*4E}jRv)YmW2}EiC&Ca=zde`E`@Hy
z3>j@Z7X=9N(Vi4ej0X9F?xNADKpM+CGp1u}XtiQgPl)P3>UdU4->6;m7aon(y{>YZ
zf#wfRw)+(Xw!a#;QV-G6>tJW~A85E;6{sgV3nyXELB(eH1>aPF70lPKYLuQsJ>>LKD$6{slNVv?u!sS0?Czleo*_#WjF~{&sfM@nXeEIrJ;q@+B=p@HrM{;XrF_=}j
z=|?&$CysNikb+gma^;X#s4p)@L5eVhG?y}JIB4=UeVc^2jD?s4ZQS9iKLckAtQHpZ
z_Y{e3%!UyRy{N_eorINW*c#|>U4O}~E(B%5Fjj=dk;NTO{pSs7gz}H=@oDzUifOcK
z(T05Xmdu#k?}C#-7@O)@PzU-$k^C!WR9xjA_tAye`s@=RiH+c3VMm-%Wr70;YG8a?
zITt$
zu3>7)fFQlHi5aI|Ft-fBi^yHgc^XYf=Hll{iG>inUWUg2xo!x7T5_72fdYZytJGsg
z0S|$=JtLye#i_`N1Z3txfR7xd&<$ZSzYMCeijEyX`xEEU-M*{<Q0Hdcu}O8m`oVsNlSoB7AebM2K8-(kn@ey|3H>l&m$pFVHBph
zi1adE>XU~X_{tdeoPha@$YwZSs}$vlcN-F2K}y!>jwTEw<*>2dYLr5uSZK>{oN|bF
zlKWOidq<&`_~3AI-TD31_cj}NL=!5E$Us(XBb5ZH&D@c2W`8_t(;w0%O*DyBv2_?>
zkKIOGGO3c4U&Pz{UQuZLq{C2`fhkVT4eWOb20}Sf^rfMX8$+
zp3O0oJXd{Os61GA2Y*9-3ly+JbQT*&73X%Pa9it7SFf1`;(w<7wi){`ys~j9B
zd_43-VQY}GfPzoMs+DjzlrFA-ub6yy=B#PgLa4iTtLU-LMkr-FyPd3+c4Z!>*5#f_eH{Mn8!{S>0_piGhBGrZgnEW4o-iHankd@Tcv<+}Gz1F(79XARiz2vfC{5Tk!$D1AC|SBA+!jVlE(Xo?9+6PlX4U08>JI25~Yn3&nejkZeh0|7k3G5D+Y
z_krB_eD<&VrpenuQj8HRXbJW1YlTO{+#)W%_PKcKycsMCPol_~B3e+)JS8}levz7T
z4In6%9?+RfU-8mPVUp;V;{mwM{*c2&%Cy!#$yOo8+RD&L(x%zc-ttBaD(JMcm30pE
zL#R|Q9vu^&!^Zxv`(Geh3oqTwn#h-q(E;?!>1u~*FWTd^;9uso+uQZPZup5
zq+a;~rUej61p6)$oyMP)Tf4X#S;n;gY#sp8sVk#7CDw$TGKyci~JLZ-&B%
zalDOpSF3eSbABaxQ+)PY`rP|rFar{~u=pn~)@K?6pP=-ncF0_Z?nWzS+z?lm?)KWJ
zjh43(0z-6Mm==~;H2CvJ;reidCGp4aG8ITTQkWOWiS*UXz;H*5&`zdYCt&ukWX{;Dy=#;8KoUm;8E
zH{0GkenN^mMy?bfcQczBLVoJiuyD%ni@U3L@wU!Xa`*AjnmYA?yt+;BN+y!P7|c&ni|-I1{
z*|DfkUy`cNLTNcI{=aByrg7_RR2%rGrA>00b&7i=2h;PUO^kc1G~R8TOq@IrQ?e5k8I;NglBwEuZ2otIkaCJ%*iJb)2KE!8%wQVRu(Ff3k0MO&
zJZL{~YaIigF&P~LW9pw}c0^`ieDD&39RoCXK_wF2e2FS|%*cFkWsJ}89r&$&LN=6b
ze$!%y7>dz~^YxxS=)@FY+-Ya>^6(=}X@c8W?btJ_bEnXza7MY%_BBG1Ps1^1)_)hN
z>))iFW*R$hvIuXu{#ALu1}m>Vu&X937ptPebUGIsNn-$Eii@iv3Lx4TOS=ovP-Ymz
z<9`SMA-Y~Fj59B?7FY4_;qNKR57Ndam=TMhl2rg8c#YB~Ogh(jEYL^VBF)+B8fp&c
zN_uESep=r)l|iB}*=WRcQK_U4;w>;wu#GM`P2O++ADYf7NU~^Q)@|FiZQHhO+nnaK
z&1u`1wr$(fwr$nzbIyNXs%r0uda2k^5i2vlO!=Wp)?XNzBT+GN4h9<$diZEra3%X7
zIdnd3r8eLTkNsDpz?m(|OD-}537XLxGE0dsfz)yD$ppNU6vA>NPEt-`)+XW?voo>W
zxZbf|Gn04S6L?I1H8bd6XHp=?ii7k;$dw2rGYehJiG)
zq(NFc{8Ug{g@
zgBQ@T)`D|XxGC#TKP)jTzA_IOtjV!l2T)jl!hP>F*XYn&0y=v;qX4gT0ko4lsYf>x
z_b=GDKl!50hEIL%?_Z`}Kj9;R{~kXN=>syd$QE}9=_hx-LaqoATWnS70t$5M&m2Xl
zH!An3*$8f~{=Q_)78^_o`~$ykB!|Pg&Xk(5JO#R=8dCq{80iPwH}B*XJLfEzSYUt!(MTkl7`_UZH}$T
z^3Z}N{sY-BO=C(v@-Is1zTN?cmSzvP+grRnIgF9
zs3NvlwgCSbIcinQN~XY2JFBr5l{I8l)z+Y#oZp!v(196p>-qZY@d+k$M5*V2vF+ea
zCDRz^&fZ@}+7^2R`G;LhiP<0o2-003t#f?KIZd4qpj-=Ehv>ytXm%&`iwWntcrX(a
zt$`^m>GEsqK4=n#?kV5t9JnEOVq)3_wP=}|9Lr2or%&#|lIbT*>{=!F@i^O!M2^t{
z6Pr_emWB+_DSo+2^oVwOjVaNP{K5*)`#}tYufNz_uY^(qMSJ}w+YjWOb68j=jWBKT
z;=pJSm|!H!QGEqpD@u#axgC&2#J3d+=3k*IY#b6G(0Wj%s5PHPy|NhDy0MT#+yEeE
z983~|r#}M{Wcxar3V-pvUF&)>lm#Ed446=yX*V(1YNm3@7~KRcCxyDtdxUILFtwn5
zCDX@v0f~T*VxYXsr0r8(g}CA?O_cQHnbcY%6f(mVC&$7RpMQsE=A@fo?#BLU5
z@ezP%_#@Iid>_x$UR+<@*gM=fIyl@EeE;PAY)b$EalMxF06~K%$8zqp=O1@Rf6xrT|3@=WIjIZVNL1_U+q;#k+I5>lHdgwtTR!qo`Md^#X#>L<
zhdF@|4U4D15ltCeay!4-1)~Q@Z(#X5@pcDQ7GMK@6%P)icVi}^^JH(2o1#5q4Gxy%
z(qmbPYUFPVHXy{_Cc0Z;%pD2-_D!uwF{-6|bU<$mtjK=YB(-p~&Z<%u
zL4?-vZ|2gWvlgaC$f{ifwOiB1Jtr*FkL1xyaqetT#Fbwvazmxv$fT9&S%Oz-hj~@p
z*CpdX66&&ok%A=IvQh|fV+IUVs;R!#3U3^9qpLBN+h+%Yi)smduNO`9pkR(oaQ^aa
z1OBCEb{+zyNk)ty)BfR3Q-#?**L~4Z2Xgj^&8X0jg=iG^Pt#73h&t6?O8iqu3}w*P
zpOB=<)tFk8&+6~oj~}T65}}>^cR)@VVErE`2T>7V{Xfn3{y)w4F@TQ$4|Du~u44!7
z=124RU&1N|L+UmK@4I2wXXZX0HXWf(?ixAp?p#`4OA7TRq$=I
z3oR$1gy(be=V=|xSd6%&q&rOOp6e2w%b(vVnR%
zUXx_G=M*1Jn0GQV8tMylOOcKlZ1~a=fQx6syqqIrfg%Apb5z5}rIy+4X{b4fQ!U3NHg*o^T-`OLVjk&OeyWK15PqxI*IdEC09E|CBk==U^r1>wD
zq1L5#D26Z>Dt5Bu5-v^%wnPD=$<*@lgukNiLyMgv~EBUH?Niv+Dp@`mW82rY`
z>R5iQ%Acfw^USzf)MYr8*;oqNjEsKK?R6Gz-n2&jCt*`g1~q_j9M~-maB@7OL4N>f
z*Q~1f6#SvvjsWdRpPEU4|HR$y4W++n#{vH#neGGbH|aBAsS-ZnA?FC?Am?hPLpHXB
zufju0y2GTBQ==;-
zV0P2Mwgb@lkMQu!6|YQGyML^Xn9h@Gj3u+Fa<;866^=ho?b*wP2F2RT7HxhQare&r
ze^|~(A1#@mqEB-5bF!Duq&|!KC>wf7rHog)%V*i2m3785t{!LfsG~lDQi@KLvy+s0k2aoLeW`yeOOmoV;h2>Se;<#ejkx#5sU)Y4FSQYkCd<
zPQAOudJ6Ec>HH`M{QG-l=Wum(nf&c&>H5RB#r=$wojT(E{`@-p_KyFJkkx(bN0lZz;GEE^xLNK0pnwcpnbg
zqJSw&$wt7}HU^T>uIoi|bd`7}xCnY#>1+8_UEKerYMXIQ7kUi&)
zg-IPz4DBDr&!n&@vjIz&wjgOr3{Q@r(V5FeU#y%d)vEm(;nP=hq*a*)0*)yj_<*^m
zJ;LOe*Mnu9$e$ig)rpj(1I`f|xr7?q$%zU3o*H3|0D1*@-rvwt9
z*zleuVL0Z7X(d-#jBgls$x_u7yGSNB7gwdn$DY}~-@REmjNxo(E~R4%)>hLspw(Pw
z^_2WE#c?tizTR$rjYC=lq>5#Ug`BZ?GwI?RAPN|AX@+Pa&}~TsO}f);foO4Rv|Q}Y
zU}lJ_bxQD(rPaY{YJ602Ct@^{j6g#&<>wVbZXPJA8}BT&I8(;@CAP#z5SH8&3aXZ<
z!u+|JvU`mj$Q4O7=B{KuD!D*Y$VHXd-a%L9VsybOQYw?uDvrkll>pG!t6kMs865d6qGs^lw9VzIdp=I|&@25J2yy`ExVKNs8
z2hGyea9C6lc13>`a)_9)7U{~hmGzC$lczvR77?>7!jd+Sf{kVjLAfkW3gI>gfUune
z_>Uj>bLeH<)GBYa3Mkm>RQw6dOCzL$d5*a|vHotp{Kz%bxco_IWpi+lmPcb6b7DTQ
ziMc$Qk%K!GZ2^^t=23x^ou_pI@Q$El^NIS(Z*}#(ED1$2BB9XE!!!5@HKz4IveaA{
z@w#((o7yQm)VM2d`ee%-8u%fPcP?4Jl5~8?ATn*mrQ*oQ{C7<;%&6uWiaJ|FVkVZ%
zI9j60^18Y@Mp2wyF9dCY`n0SP*$8sY@cnr{N@qs^GW-V0}?8C!jbDXnax)AP@%wdx5H@7cG941I7SOLQB3
z15)B6^dS_IZrpS66sGx)q0ifaaC!LLm5`}Sx~ksdStJ?Mvv#uNz|3p3rV?JJ0U8x6
z=4z7aYR4jJlsRVJ$_FBE`AmsgHsI3DEQ7EwmNIzZonkpa9hMM9Wj+$r=~$B}Rw#AS
z6cg8wpd@5Cl&IKYO2_Ldp<#)6cTf*O4}Sf$=1@7r!Zh#21~UH!IG4fHO*H#BtvIot=uXL=C6F+=5XT2FEQgf4;w2*+uyeh+%T*;Oy&JJi-0S*bJ?KXVxloxB
zk+#mGrd3W~%e?iNYfbP{f=}}&pGiEcnLz%f7y&`q9}cy=i{epik?r>cgeNapk)E%9BR7eez
zls;ODyWezT!JF`QKSZ{0$>tQZ1gDgK>s47JD2IsS_vfZTfa1D8HK4zPz|%xQpjk3<
zZThzz8=vuq^~IMvY<3vdh(8u~Cw9vuv(osw`N!crAqVj$*TisA0MXj2t@%FOiTMzm
zihF{4%WLuQZ1HIL27G*c{7hB+44rv@|GoataK(?C{J-sr^Y8ya!#}V8vy(jmlx@<+
z-+&091ij{65GC`#laJ)FUl`+}uMSK}irEbwT=`uu_ux_ycSc;&YUMx*$%QfBUrUQM
zTI|SWR4;WMu=m$boOgZvuk>}9V|*5Uo4B)D_)mS?@FyxW+lo=eYbh=7%B}HU?PIPQ
zes@%sZWGO9Q>RTni@g=?ln?%Wr;ilWPI^ce#<**Xzb!ozXlJULwY2pnhh?Ht4XT-{
zADh~#K7XJV7|K$=y!TXKShS2CVGs&gQ+*t*o-u#op?#Pp9~5fna&PDC?lXQ=%uYE!
zW%2EJ(EMByS5=Yx_tI`a44PJ)LXh}!lZi4iP>mKGO5CoLP#e3+&R~ydMKZ_brkJfz
zo3f=O131qEdx_>Q&XY)Mi1*A-Z_$9KIygd6wS`?PE_RNaggc56(Ao8E&V{
z>2uvLb%}~exdu8`18X>5jL}>;~Rs>EA2=CRbmgim9pB3h>hJP~Dq`r>014X-`
zS&#m_5Y!Q&Hi>v>m6>9CR~2Jug#SF6CSMGF#w883yhBPaUXJ*h4kTJM@45?>()?1f*wm|
z$BJo(xiPUqXkg@ZJO2GqUzP(iuc$*`Bjapkgk{9+>EDoUQ%=-#LisSPY!GPF`NdWX
zpY9%D2P?Bfuij$|rrW_oWfx4%H4Y4|A{3MBHv_0tB%+Iht)Dr#HQtPMImR6M9I3h$
zw25&Qs=={if47?*V>_arm@|YT0_9%dt49jLTQgLVUZb?^A<1=KVB(wmg$__yh&C%u
zE&Xjc9kgw=3fjK7E~@8Z$E2>Qs`=xMjjiA3n$mFz14>~6+gPU=YC|qW(9z@AFc{G;
zQ@>3djqDDtg)YJU7qu%UCcz~MN%~5aPEW9AFj=DVCCqe`4%&j~!*i-TeyRYW{+5N(C1=F0pR{#+a;S;L8UZf|
zoi#z^im7RrSWHM1h14;t2&Jw7Uky(*ea~K;0QDv6(WVhQaXZfc-NeugJ-Nyeq|7vX
z){}IYRM$e<Av@SFKYD-cg4JNu;7^RzOK6)F=+k(2{JyRymhyt69*P=HAsFMK
zqk+$8T@VxNs|n*8pA@GI@0JeUZbB%3RP2CUA5!8`Aj(?G;E>5&Wg2dgG43F2PrT(n
zLl+Ha;Ec
zB4xa`XfBp+r07W+Izj15ly$=gH=T9IDl~Kf55^hYX+x=QdJgKR^YSN9B&M5<$V>AP
z>6Dy}yk+XLI#mpm*_%|>5={r;zxQt7WkT%L8Pqu-8boZO*kWnkgzHr?V<~kp2d82M
z8*j|rp2Hvg`6Ldf>%H0w66X3xR7yk0Sk&6+BGOGc-7#U>>07AK9voQgcWJR{D7I+f
zq)@eM?iBIkvR8>Y$@>gQC>i-bB4Pj%;ocKrrH1(+M5H_if%qlbA78{og{b0ZZiK-%
zw-62gsN#A*>i1M)d-W`(IsZ<{2Jg#FR4hAL79~67$KlZtfo!5fYU&2^Ji}Coa5e;#E^`h6egqD+
z7R{ndqL&67dzR_3+`it=Kc0XnJT-)Y&x?u$``SJUuqTaS%zig@O+5ep_5$wd{8Mbk
z>00xV2e&c{BzO=c1OtYDB~1}YzaMdHIHm^l!p%8f4rs$~g;Lh!IjLS9_L{iAUr3@@
zx6|ag_)&rG{zjKdgK*j09;der$^fBgb3C%@DvAZ#StI|@I!wVwDHBwv(mZ-y^-9KaAP>Fba0q4Ty1t=X3h@z3s4nl7o)j?vK%dLg1MGcX*3;N6u27;Y{Vms&MSLn!uOGZ4hnQhzVo(KM)H#FU
z&B;)q)B%a_{n13C*tfW-wCv!tQ{QVV<2!Xi$>0RnMTJu9I7pY1=woP-<~*r!?KF=-
z8+cH1)<$h7;l<)`Ql4}c4OhjLoEN`qvqu!6s%xg^IF_k2w+&E(Lty36o=c~ZLFmRo
zgS?yRNC3tZthP|yTbml{oYfkG0G@!>0jK0)+D*lQ>Ty}2vQjj`V7~0}gj?v>Xh6au
zXySv^W=PCX&e~+U*8p6RR3#Z+NyA9hGtqhU=8fNDl6BMJhg>Uqb15jBUIh=yCL~I*
zRq^EkKUtLeWNlh(&2XSfLI<#WWUNpU%Ocl5qt4oHq7;aJf=os-kt9zzX#!uCdnb{%
zwfzt2DGh}UCDpH)BH;i=Ngt9iSF(m!iK;?V=?%=|W|7ic6oFY52E9N2S>tVIDMZ!G
z5qB#OiV(?W8r0G;-oxaxzx@_GJqnB#mz;6-%*9;iFjXzQ9H_G7Op4VS_vO?cg*4n(
zY@*Q69+Rp?sT&?H6ZlHS{~|k4W|avza{GPv)0^sH3Y<1o`6G
zJICBlBdNo`hvAg>ww&XWPD+G{p09{aF&I$&N+z0WIv&_pvOg)m5M+vcJKEoh^LR|6
z0qY~wa)g=Yr^sw6VJ;PG0EE&Nx$Py&lHEW^3q1=M5_xZbEhC7}wbjzv)A
z`~Hn{@fhl8ysB7S!al!GgFm=LRndQz-ecjM10efL#B<;1FN~jUM2jW}yT%KGB34bf
zLj!#iPi=8}to~ujuubT@?4V!qk5A`XraRDj9Bat7fQ>fDN;wE$c`d9O2_L-jjyxp2
z&{Cep&r*fOZuP|#(69Q|FaQFxhZF^Ih$Kee0MCK!o#!C+8b$XiqPyI=lV6L2&S7RK
zF3H@7GcPt>&8zZ<$WMXo=2r-BESzQ_T7CzYMGe%|!0LXJXeqOVBj%dHgtrOsh5N()
zP|OP%BEnOywxeHTFN;b*ZZG!p&Ugb#-}EG)rMEpV642Ax+1T6w_!ZZy{#lm#^)m7O
z@gKVb(A@wqSPuyJu{+iS1pjAuT=t^oyxZ@@d>ee+8F>PXsxM3N@F^=JE>u^bInkjim#D
z+nX&R$^TBQlfvg`3PzcIX@@V?_1;hWREikoL+{RYOrSur-tgAr51S|*d#wHOkNQfC
z;m6()A0q#IUX|wzR#vJZP8(rnW)*s7@f;o-B(2XM3UWb`h7uP?_eQnJ`K^*(3`ElP
zJUufWu?^5<53YW#R|d;q$gY_i<)Bu8sW>3`a}00fSdbfp%_%{Vli{%Ii$*ap4#6&U
z85(!5d}=ub-!nn*^4hC?4@g?*osI^;1p_QJzIS&18H@vdc+>xzZVULS68isJ(?7r3
z`2R6=-fufnfG~p{ZTP;Kl-t?yrboxf)GzvRvH)3@`1K`6>1XcrSNiepIqRL!N0J6u
zdd+YnZV}3q-f5^Uz3fwZXxNGAvB$JS*OqB((YOGM8twM&q~L6O*A2A`md@=dJIA*~
zffmGJ(g3~q<3nHCIa%l>8s9%?_*_bhUTRud2y4Y)PsHW(^C+fvpQ%zuVua68yIN~EP8U^}(pQZle0`pn0DQ7+b}$x05k
zy`;~vBD;q^Ph1xYR!nSkc+CGr-T+<~OPPpCiwJjzobJ`WnH@s#ATmL1E5^yIsI6p$
z5P%I@Y4mrhChqjj|3&50u6C0D)>>YY7S>-$$3||N?_d@xlc6b>bGV3mtS-ClW4n@T
z4s*tNo1arUyE{Ax_SRp?BDvBk7!MrOJajkCb
zvJl_xn_7+3@p5x{eG9u1-r@JiEiv}bH&H?^to6#3XRr&M|KwyT;`hjl)c~!VCL(%l
zv_xTda9l$GTLwDM2K_7!>&oW~`%yNfOD%j9@%PRO)kY++v%?kWXBO>SF(tc^!akEe
zz#c>nXDYokl_s~1$P_{-j-ql{mQM<2I$7fYfURME3sM~N-~OaORO{Pt-{~oI)hl6j
zRZ3&9kX9TR&wi3TI()AcQJPU5p+vTC<@1=)6J9rFI@0Spob0VnGLS2tJ3kG-8Av|l$rLGZ`kpLZF+$4`Um0-*N4SDYh1Q0L44
zj-r17%jY|U@>e%2$Nk6G{m0K}S2t`&e=9zwD}U9LW$&;4nyT_=oz*$>l}|)zG8j`T
zfQFnq(uymf@C>V6WnhvW&stoWS-75|5>TzlTAi6$I+>|t(oN)*1m)EY>2!J;t#l|M
zDaB%x^VdWl_IaO^tPzc=9f`Y@O+gscb}!%kOwfBOxu2;h3%)bCg5cmI$WpGO120($
z=h2~LktePkG_6oRLN64-JwI$NNYNRk|1bpVMU6S71dSLn5IS#ftV*6hyGo;~{NPf}
zQFk|ULqmA8P~`b!C2n=_I79@$8U4zuwN;Tle;_tVj0ay*2>YMNJ4zdreI`TnawkJ%
z`E#o|MW~#3X}S2YFj$3HCUiAWkW59YC51~#=e6fCn;iqc^kTno?j(Km4^>Ha0s7Cn
zZj$bcni!NMO_HbeNa=ZCL{N`Pf7KLre<(f66v~pJM&nQPwK3
zg`?$pYkH&q`MZC{AQ2+s0=+!&{X0Jd*oJ3JL>55g2MyWhRKD$!Pd^2cO*{4XYX98-
zoygWS)A^1nIG6&_@KDu+Kj;u7n@?wXY$7{$ah2J&>yFCU9wl2;q@l4%LIuXZdV4H0
zem{ly`4TOCd}_H`1U5*9FiJ2=J16NalyY4K^$3>S6-JqGDN2dErEI|PNE7Q4iGXyi8cN1Nt)MW{-9THm)odK<=(&JWraIx9Ak1<%2e`7~!nT6-doC
zuEwr{My&vBRP3j1m$bz)I_eHXp}mi+D~mpj0REh0UC#_u2!}I4VREjjp2BW|t-^AH
zMr!h#1c4ZQITbp8I$|#KaRPdNi8I6(4@xz38HCTwEOP300|ndIjf3nnL(50A7C$tO
zG6_r@mSp2(1*JfC0ER5dNUAl(gs?$ooLHS^)G_)p?MZ5xS>?~1WJO336+~j3h?!j74=I@8iuK3}<@O7Vs?_8g;h
zjGow#YoLX>4Z%MnEpSB9xVa=sy)Vfk_P@*B#nkG%U((`7ty`J-#l8#NcJo$-QDut9a<_EU4G}yJHBlmAK=t
z-$kqj;3{!cwAB?_tZ(f|n#`nj@UrZ%)yBni*pZNhIhki{N#M}rRxj%HyWo;C;T);A
z@j>#57Na=TGByC0E+dfD88|=bwg1Q_INk;==p;?&OjSSS-URDPmCX>qZKf5{aYC(X84}8hjfCBhB;8
zeRo}ySEcLf=ki8?OA4K7X_r@jAn6KICuuNsM{4m8`*#{~X
zO*g@lh6VM=i{|5#75_3438Sz6^<{Or4
zYvDs(f3;*x#4U8x7ucO&jzTH|6d;z7MVy?Txyi2Cu4>}#ZoIq$m&)7h9UR{E$Xi-+
zu^E)p*%_D=Hzz=O=>0ba?;_F?&&$kl5Zt3odEr3MC6?%Pj4b5SPTOdH
zbhmXQNN{S#dk5#zusY)#!CcUPvJe(CASKh-L)(~Xz{l!o)l98_$(Ws7z{Mb8hT=~)
zI#4Dgg-K%MD>W8mTH1D1*<;i`ti%rDZ+nW;xmdL0B5h$i8_|Y{OJ9UMneN=Ky9Gv0
zyGsST+ZOX;M%rOAM?VNpF%-eceO;cw1KJUeG@Q7=HPV=AX?hMbYY%9_x|hc16h8RSc4OJ%W#0K
zEjthiwl)6%|I?ta%0^&9%P@98LOuD4_a6QznT}&2po9_zF0|2`A40-KazP3>zM!ck
z#{v%u=%hzPV;Ft`vpI#HpbFCC(pcgY#24?s`0=LN2g<7Tzkv>I3T7yE-;q7KlY2by
z-tZOvNi({CpYKMIb6QQ~KN?oCfAU#5bh%`WW>>HZV}?NEh1p&5mkw!r0$UXOH3P?@
zAngGGOMV*~WC>B>x4MItTtxh8*GI86tm5f|EXE=U4%L^z9C!b|&PFjl%(@dcGRT=E
zr*%bsL1)kIG+wpkEy}-4*LiO6Lw$dFt*Y$!hT&lUZaVk;8M2o_%eZDp`fHjGrvu#O
zGTN)6{dy<6TtZ^KWDNgHINHJ;fxF+n*TwuFhZuA|88I3tr7sw&>$phJujvQJ`AXmn
zY9*^S@CHc`fcS!k+F^3=GRGg!E!9Re%WgDbr6qjsV-i9B-ol~I8Lm6ZFDv+m_$0Ky
zZpV2wVEzD3c)K^_DWrV1#?*+&?&KOH7NnwulGWx
z&SJ4;uLevKL{zP4+}gm8bV9z2%vnl_#UL^nPKS((MR2s|@C!iG;k!n38IZ$wY5w++sk9GrV*@aI2Y-*uUN#|
zR(a{^vW_;Z^VMGMJKJX+Y~-@k+VlThNVK}vOyjJ2{CvwY&bHG_k9YWBgL$->)m)F)
z=jS5!`cNl}y*6jx`DzMpRpG9Ur{-n4^$KOUoD>%iFTTs5X$_gfIAJ+%Bb|~Q+vfuL
z>74Q^iBqqdIsy32=mKeQfrfcGEvTm92=$~P$P>5_K`L9GFTtEX7ru*A5+4PrDC{6R
znUzQ`a`c6MMYverO~PPD6EhhtH%Z!kIWfJY9aRG#HnGhR#dBB6{5OoCt6OrvJQZTR
z)G>JLSVc!pLGij5pTuQx4?sIG>&Sq0z0?*NNhpU-3oVo`xYWAKWp=N14S(C3?5sxP*%{8KT*{%V*@(@<--eV
zRDBt@V}?SycUSWoVUqN3k4?RcH_@2U(n_ccTyI}mq*w$Q5Q(w9fS?H`2e!t(&tkvM
zE2=OtPuN*ue^9$|ZJz<^RKBeP@4-_X0Z^-+i&B_SEi;PUIA%$oeJ|~2MTQo)b#np5
z>h=WonI-PfMSO2>0(D;0Rwgkv^qMUvThSh9Jky|j0fYDk|1fOg;E<(
zN-Q^Llelqfu~OOOQ+yY)_8UpYk^(jWs*9Cv7h!{6H$hH9l^<1)
zcx3&-EP=nH++ZyV}k+H7OqiHbR5y~
zL@8cqyb>i#DbH}=xPsw4ofb=eJxNf#n2#B;R2Qp
zE6$OOHFsyQKI9_QKbr-VAQLpc@_fAb-595Zd(>Ih2><%w1~8k-WJ7_^fno_D&Daog
z^l&AF>V7-pOQO!;R!lFlSDC3{i#f-fqAo-{xH<G6Yr!MPH%h02!@0T=e#JT!2ClWyD|v1EUaG3?zz
zS+Ud0F`iKOzR2@>7(-)ORJ%ufpjy5FU4bK^Qe`q@R(J4T@csalngS+|_qW0XtuprH
z2&iVVa{nk2{bOok>%JO`swOpx$V2PnV<$1jOcr=D)eHUi)`I8u&}%i&WZ`p~B8s)!
zG%KkVYFu=uqM_`m=3>-nmh*q>m~SCd=4*72xKl_guX$v8{8H_tZK2Hk7#6@)h$Lp!
zMkd1(s?*7t7A-*K44DTwt5Kcp07>SCj}wF_|$UY3R~d
z)_V_5Re)d0pY*p*i;(Dbo27tz>e;RJk0gNYXVM3K4V|{dGCjkHUS`aU0C$IzgFgkm
z@ZmlKF@#gE9VJbFZTWNjMw|)d$xXt6jAy~=R!}AnUcr3Els^T8tg!PSITj>0<_N6a
z2MH&L_{U8YW7FG)x)!OVO`3o_!+Q7hP=$_hNtc!G*c6}sq)^{kobJwW2t*;7dAI=v
z?~u>mpInvb*cgaJvSYV?3|&5D2egKk^yl^ozQ#@%(zWK5#1%aY@I(nqFaRrnjeavf2PL%^xuP&_v~f48nMSMfn;ihR_YTKc8=+r|$#t2-c9A1z
z5{+SMdn*B0zWzyb!YV+>#7KC&4f-tv92QN`|DI@3T7n*
z90@6oCIr-VTVmz=9l9ScK6C4J`mO&Ed!`Y{5bCWGwFGYu`XD#HD7_*?n
z66MaNeSNpBcW_kzV60p)hm@s){ub-EFab0pDVOOAilSWF>vC9QsX0_ct!~8D*y~g;
zX>$Sn!sXwc_UM`clYlH^fNv|=!_E)g|KefGd%N@1J$>~xJ$=RB1lX#u|CtNUJ8(n?
z*#0-8@BbsiYJb<#1!$)A{-^dYt@nSbOUA2Va2DC%4*xzh2S+O>6Qb1>kbFSv79e}K
z9rf5g;3i5g;I7%YP8QKD#kVZGW4aDw0REv~xEX2l5=eFFnIx^ybs$1@RQ0Mja~jG*
zuN&A0p8GP$1=T}Khjl-3jy-UqnPSkpTw{b25qjH)CQs|%=w?PAH_PEG=Y-`B9M*hk
zCq8nqUKY&)dR$v13MIqX(XUImFX0Z4kP|(|DA5{^louhoAKY~1alIyW&!#`%vA2*AiizWmC;IFB=1dXIYCJoDc)M{xJD+7w*iE%7SU@N!Ta*w
ziu+!t0D~|Xqd0)0y{9WBD!}(|OX~#S`3HmePo?KibHaZ*C;n6Esd*3hkJR}2e|hXg
z06XV+PcLr<&@OLt$d<^Cp>n+txR7-@>CrmwWB9QsV+VMo+2PAu3BI%H@b&d@eL&44
zR6FNwC}dbL62ehB6U=YIx)S@q?ZQ3XA@6CzDhDLehGpo(opt;})c!rM6U-8&bvFFy
zv?FQVYE%;$Oxo(wbTyi~>T0qx32#TkZZz+$iK!@;VT=o9F1k2{xT>r-7Rdlni07_z
z8M!oM)#OKGDY=q91dMU|AdRpi9NXW4P(&ljKF!Q`WOyo0?Be!g{|b7q*-~?A5E#St
z;_C#(3R%%NL?%KE~>%*2LqX%MM%yu$bj
z4e}2m#}&r37@C1jzXLx83z71(jSqWwz@o(LjtNvB>Ri;tYN)PhRKfZ1dHKSOi<@J)
zk3VW?r9#o|)|JL(3wf@96$+6oXA(fhF1wEQOf1#zc&_DpU4onOTTZ9znM-q8{$EZ=iAX@UCyRzvLGo-k@-@vFhEWYsWy;t*`7;bHX>O|~yD8L#AN2@=
z((ki~WH%yW!9*8BMG~ecjgC3YULwneG{cNM!;W-KqZ}-_T5p^!$R4`{l=q=+A%^1TG5?rnGstMnsIYp)e1uyU7z7GwRuqJz|DLcYptOkNH(e1X{(H
z?owl1N>I4~4tx5OLqz95o*BfDH15YBWrUa!R%%9;9GO?t>#9r`CzcQAGTjdC$ks;{
z8$8z;GGQaPFUTL$kTTw$T>B%M^%yrjs2^8fy^p?YjwlkMO>_S=>F6mj8d?)Z$b6n5vMM+49vR3%X4kPG6oJxIUjz1`izUe6Fv__?-i$B=p7!k
zI4Gj8YqjL|fby-5wm-IZ8kfU<
zrDMYb4!wOxwSDt4Z=72*z;l0pu;(%UNPkm-Nv0ZrBbGb6A5$8h7aO^H;1s(ka
zgzfDh4ez#cO5@Djl#2vJpl$UpG7O52xpXh;hIP{D%G2u)Ap7RR(x-h4?Rnuxt;lL(im
z7>2@z%?pi(h51kFHOn2MZM>l07{TA<3N3~j(c=rA+&bTIAN0gpkm!5T`s(D0FsacE
z1F6<*1(7v9ml(@Fw%`?h5zjwfm2zA-*jG5wRrEOSNTB!h?zw7G%MI#hsv!^}?YO{<
z#B_NvYBE!Y__bu`2g_oO3JpkoT5u}NxDiVh4f@=LXY78%*18YTdp5kM5h(PP=>DU=
zZSdS-7b9|c^R-r56p_8(AFE+X&9@gT)nMHealBXqw4)Sil_thrC322tWF2MFr45{*aQJlS0b~UT5&n^wCRNdizt-Zg
zVg*+hkfWmv9rM?byY)sDEF;@|=OEU(Z!efr)whA_74gkUhbnGk!r!=swZPkekb)L}
zN?ZOi1tZu>@ZXVu@@79hFbv?{&}72yUURe}!**0ZeGsL>SGW
z5H6ra0Y#La`*=s`b@*b`TJF>S<^A=yf5m8S39x~1M@Vq^!jwoTzY+n-4&L
z><#{29dzS34FLc8`wwY?e^Gx9(DAUg#fqu43SikJI}7kP6%~ZrojuX@o%MvMIXBGy
zEB+fKvS
z<92h7n+3m3*W>JZv=1%6xvUfm-DRLcB58t;%Wyxw=It&-n!JdZ
z-o8>%e4EThcqK;?mihecgGt~p4%s4^8a4Pe;bZg17SC2E@UY(5%<%?DJoAz|52&G_Nr?4Hod~4H$t*++
zWwbdc4}1{Wvf&OYO*7(@xY@%*CQz=bvJ%VBPgNgB(T#X9)}@j}Nd>%nq|Q}()>)8n
zB7jiWj?RO5+el(&UCp(bfE1bhHA&3R^SL05P5m&zE$)Y22pJ&+^QbouW<3^D
z2o0xQhsQUCwuL{M1{*wKn?)&-xG9c%i{CC4G`|y~7)2MzZG*}3d>KY9dnXQFtN>v&53Q>wr$(CZQHhO
z+fMqQd++b5=gp};b*lPJcYXIdpS|~5eXo1xyN8sS@dKv|WAByPTLMb^1=#*cA_H7A+-ZLt4lnXe($zO{hd>8X)lE
z#Fi#pJV)q+SRTarm=~Nre4MEyEt;C3zAyP=PmWXk545
zRAZrm2v`D^(b2E9!qjZQFewYqG(Jw-
zrD-b6zg*d!7pxv8(pNl$@f7r8YU(}d35eL#5Bqg;8(HjV2Bbpi>5craTEc6{12L}c
z*MZbF%V2W;LTu)UM+w97mvoqQp6d`Dw;c&e&8!cU(vaKI7&A8fBg3
zM;TNsfez#$ee6w|O|0(DmnT}K?$JwCq~%AwNgEWV$>inC~q3bt&5M
zf@Qsxd^zm^{-C2hYFh)T4Ene=cU%qo;5mDRsiga
zk51~($DOQ^>+Ck5C7;VJ05q!@t1o8`5>T*xvyd;wJX-e<743qWW41Ar^u8AC46vAM
z4)#OPgq8q2zPo?WT@g~~j@FBS^`O&1Ok8>^YeVa)W9tP_{4HEg9tBSAGW0Jg
zO(3V3J?pIw)fa>Gqj1zZ=TbW19gX3WNa6J-+4>y@
zL1nsU5hkG#yAuaRSF$bRN5w!W@S!v(98#odK0B>3X}mx|rzGNG2ibqk=mv!Mg^ORa
zUz{?vQs_`<8%f5869w(m_isZaZi@b!=5RQObtmkqlMa?+hLSDpf1YCxs^CqG2B#@y
zpI(%-tt1V0^?1(9Pg(f6w^E1D#vsb01XvDjNbSP#?t~|l14Kz4k1lA)lVo4n+D9J{
z3HZAS`t>X1Qxs8#FwQ(>C;<@iHA2cd51=`5E&T~qFukb
zQ3o*os`O_YFhRJaTcP+%$~Ge22i>HAj2!uqMLw%Rg|N2d-m<>1>ANx>rq~72nD52H
zCyj8c5e=Ze1_x3P0&s1uSG@VGdNjXK@A4wt!M^VR1E61L{!=x5K)#W0bN*X3+x|b{
zwY*6j0>D`O>M3-p((yq&f
zck%e+GfYOQ^H$&j2jXOx7cx`U+NG`FjxbQ63G^}_iC{?jj$H3d9{7QxNJJh266JXL
zJL`N=hlwPC_JTJ_Y`;rwgIx{4NWd8GrFriiT#4>ycB-OS0SmiS@1w3k`kq}vD^7(e
zcL^D|&{+KkMdUHd6fd@)l>v;R`!Y&DZGl#$rgFQ&qDP~Ajs}x_E{#$wY#l>ME-75<
z5c|Rl*hE4RS`U^clMbs4#Q`Trk5Eq1At~}tH(AJu`d!#3ePnzc4<~+yOlXfXcd5rB
z+kW5jOcPv^fFO#>&#ZGCa7Vzep^AgAoNdg`@IUMkhAd$r>M1j{SCu?>AUt2qmAP?f
zT*yqML+InJQSgZ(mfRtPcW*kVw&#OBjXXywFMzg(%e97Lz|6m1AKZPk+ZEB)6|Neex#T~wYO}ESIG}zKT-sB8opwo+Xz)Z;uWQWyj%%KIauX*uz#Jj`PBi>Gw
zeROq64tsJ@s<$}7t1+RrfYXsxZVa^IjL=yF=O>(Mq<4MS7Laftxx{$F1SYDQKn
z%?e}_R$)RG`efZFt_ygbrOBl%&hRuXd*+?rYqyTqzBN$QWyEM2`9n&e#^!keqa^|E
zzr^mx*)mRZ)3KvON2)uzzv}h6ker(=f)+PuvLP8-3~i829J~bE_W8%3CQK{2
zt=zJrEb%#TC5MhMU#hpEiVo#Lrq10MDd=@AxavxP)l=cewye@nT48g4ui@q@>klSP
z4uAq17ABmMy^P2(hjob%IAi4OH)n!=*(Eyoj4%!_?~DtUU5D*MEtmR~YK7H){7whQ
z`K`PGSZUV70Hy`O1x_n{5Q%EAx~Q9FlSXY!QKI{d{>BCu$|!bx;Xk3a{ztphMdpGx
z=)0z79@VA&0%Du7dr{rT=4J~1E_jC%)ybae-pG{sP7$Z(XWSOU6E=+p4LF0SxTwe>
zhf2^s<^U^wrkL7BgCBEbBpAW8K#KC%iuo+p;zJ2*O|rHLh;|&VCKQ+YkjMG~ZB$tx
z(TqzyxvNuRnPLozbXM)7*K$C@irGt_D2lvMkIM2UIjO&k>Gt5kzWp@icg6bFTYFs?TLUl$VPK~f)=I}D
zGrxd2<21Ov=Q11jzy8r0c~H;d#|2l#Vm!ofu?o@Wn7Oz7)sdZX1Kt?)pA4DvfY_JA
z7D5AE2vg17a*?5UWmW)B$gz&1tC+*&f3Sa*bOL*M^7cw`Q9EdIsu6Vd(v3dx`75#{
z_1%vXMtf44-V{w0CUi#sdXd~@snc;?nY$X%qB<@U(gVQZ*L^7
zAOdyFuzn9rN0Lz~W`q2^pCs68DV1nC;dOyU8vZy9H6*NJ+E2^S$!?{gx#vH2VFJW_
z?&(@)BMMv-n@~!y)uNr4TgK~G#)%2~?UxAE4VbtJYBGO3x@<5U?D*{HW1w-ROW80_
z;JBwF0sZmBI$td;Lm}n9PAfNnI98dg7haNIdtar1>PP^D&c%1mOLovl4&>X<#TI~k
z?ekwrBhw0ie&PMEq?!4zr14$GGQx;KBi?4Fe)Uo?tpw>oWLu;{9E3WdDp<~)0XNX`)Or1llAD$
zX+HZ
z8_w79l>B^rOXYgsn*}~y$OsXVA#N+IJ4qESrTNFA*(ZfGL5||D-4M<_Q+C}8a6lgB
zz^*{H4)d_(B0wy9cuiTVl}8)}0iI34k(h>~zZ%mF)eNwtOtGqQ1DCaXn#|F6>hQqv
z-FxlI$rMnal-_sFlHS+k&1!jXVcrX0pQM}1u&0sK#DMous2hhd(+s3ZH~X=C#4jfM
z2bY=a4Xlk`)i|@jdEUti&k1EU!%><6Mn|87Il$Grd~@!1m^AycaXGiDG^vgz&06ED
zc4NFn;>(-(nB#a_kY>bFaf-j&)ioL*{d|1SWu}MZRmYAcUFN6Z3|!p{fY=DAYX5$D
z)(!_4MNo=XP2HV2u*
zxvTfc$f2NXfz{Y?TD>4Hx33fgPE?4m1$!rTv0fo^)X1PXbnsjC7YPmZ-oh!xbNbH$
zfr-jK1F$|va)cDn#G1C=v#Pfvbn2te1S$6m)%xB4*5_7IHeTfdL95-zDUpC@-ZMqD
z1r=2=kxTtkszNESIaEQt=#Br=JbqI;TYN?mUnsZb0J(63Z1?NbOfe1>EeKou?obAh
zZ7SP8Z?6TJhGU2+q+8%eoglg%OhPD8N^7_XDzp_3BOw9%F4{>4mNG9lBfy^jfKGsI
z-v@0#VZNHqVz_9(_BtOa=W?%wk)V%H;TU&a1fhX_rG>HqHS@SgSMWZ{Kh~;8D};r^}Tj6V6y_SZ1mfuCP!iog$ePTXp|Yk?qkbi#~wj6
z?-_m~8JzM<-t{F}6MdY3LNYjS0Oih%y*Epr`)$FR&GmV(>ChsoOtY}(dED!)25iG4
zJ4vOxrUSI0dhAV5o8BngqlTt*4JMxcXN(Sm87-X8^{>#x_4&IW-lxal-4u(nd-?rEk2pg|LD9-xg&Z2V`B{%GdcJa>BftANynKeZ7Vf8eq
zenyT+oJI8kj98#iH8x93w!yiv3z4YPqa~S?Y+y@0y1((_7t9Z*lgIBtz&gxr^J369
zq#&r@ZQx3gxeZezH-Wx)-Hkr3z+S6
zC_l{9C<2${Vj9U;g6zdcPy`(f01AYT*-@^tn^S|bcy`3@L4=4DIIm-Br7@3$5+!30
zjhOYO390A7o3)a{F@&+XLuoWRG^HZ1@5`%oThqx9A96H`^A9fVz7zne@8rE6x-W!X
zz@KhwUaME1Ex7j_gnQUmn_eH#?++kHwA&qD0L14D?81)*zTt9ynFMFL(>W&1xaNhJ
z$-cSb*}3NTA<*D_hQ-51T=?vYg^Yw5Y`YP&L!MASrvRlQT^dIv!+fmDqea6a-@
z$4}f&jE={Hx-`_6`lmk_t&$%eAey05F!ZElFCf+fk2}NFo5UTHdOy96scz~i
zV7?^Vt<=tHPT!OEo+l+_6&rR5#RV(KD0ZS}pqADxO}_FH;b34=)pX;GWm@2|!H?B&
zU(R6~J}xo;N|(&?%ssWg12DTYouJ1fCI0386{NL1j%p5pAmz}d&l${Hj?iPBj2z;Q
zsYARinc3dT@iDxMs5kw`g~;l5@<3^XCsuDfq9Qwsjm(q%?JBf-VO1XE?b-BSw6quZ
zqD<{h)cU2%lGc?=fyV01vgp9y9L(WEU|x6|?P1oUAh%5;-^FTZj1GfgMfPlv&!T**
z)eU9gM{*iGvmxa~E?u4_BI}}u?ca$e*Dxc)#M~o5(yC-{b$s@8!R6xavErXuo={+m
z51AvetZ0!SLmR*y&U`3og=zMfXehT8EI`8r;oIs#i-Og*vfti?iyCz=RgbDBNJiLm
zo$Ia0PO*ADV}yeU8v&?H_xx)a#bVl)llzH^QZr
z*eR19Ag|@geIz{~fLN%l9_)tQ+YhuirvsmaijTT)?J&R<_me0MmTBWg
z(sy(`m0m%LJM0$?9A~&*Uv(Qu-ft+$GCQX%ejV{p_onzcyj(0DT
z*;~D*hqYodW=RXEPvlcvSBqQhI+Ny}-F#0D>NZ+dWT+t_vOAXG#_*D~RSbAU9P;T}
zJnn=eKNDKMBZIXh8!=d!A4e%0HPbvYTpa2U%=IsmkWXXevzb`3ZmzLWh^owSe<~iT
zi`-4zIgfr1_Q~L|&IXc@6yAzZiIc6jid(z7L7R(mB%hvJhwBF@*9dB+BCdBfil@X2
zQD2BLul-%AFBaDrQV}!z|OK
z_}mRtqWz)~^!-a7;@b@tBTAAL+lZ@5yQsrHa8;`P!PX_MSYR(KjTku66faXk?zzWwNEGO{(-nBv!LR8I
zX2Os?w9<>8==B880+m`a2{h4O*9_;VtN@B=X85wj#J-8^7%=YYqe)@X&9!85Ulp-S
zLkUpAPQpzCEyO+@4_yVqK(LF*N`|3wQnbF(GqnyipPn6>()-DEe|P`B_!ZNQgBEV<9e>U
z*>%d0Hu=av1{1s|BjP$mXZ(ugLbm;CE0%b6I9!sMUhf?DX_bxY`89M>5_!XJUdxC^
zu+cd0z+0HAD?{N{rE&EjPk5xLcIygy(a&R
zAS5)Ge-xufk8lm#rz$F&xJI5~=g|;20rvNp0AU``!cIp2NfYAOArk6F=qm!zXhrJF
z@IlneoUF|29_Z(`O;%+aFlPllpW)DEH@s-IKsJQpCM0WD0{1T2dvji=#JJxW9SPO_e
zG@5jw)2sN=H{&DIo#V&rfM>Rw%#XrmCig?tq@x+
z%J#9rMPYsIxl!J+Xg6WzzWV8%eR4Pg%F%gwP*`Bdjjgp(;qIEgb7VdpsiFey{%O9$
zNv)IFW;KNAgg>n29~*iz9Y~LV#hm6qa(IB2yvF`skcLPYDajWjfa@KJnB5!Ri~fSTY5&(u^;VtDU>7pWWzgD(06(Sq>MiohFI&`~9ja
zcHzmd^i(t7g(flylxbhx{O+5s4`^hv&&lEOdY_Qw<@z@$RrqR-8aLTAD0%C1w
zQYQa?5f{bu-FFINP8#yZa$_Iat|_KZAVD@|_W`~OV^vY1E5&=01AYIhocUG~a{1^i
z^O8xII!zl&qOz{cYyteX&A9`VA!#_$If~)KSyBLGaqhWk+`m=@`7AL?-D#3^oW4+&
zV?7L=g(jmWQR2r6=iD2`xaf-oe-{IGt&pSRRO2zhNae(?XqEHdBlm<|!XIc|K#y9L
z-3~#0(jsEly7AZ^j0*6PrkxOT_3d#Gv6@FXh^FfTT<+?6Vs#*PW|^~bw6mB
zTPJuXbScz@z#m_umBj`~MXw&KEzH#JV<)Ho!E*XlblbYyeg^-=*Rz>m+b5YE&|Ojc
zb8!X#u0@EHId75BH=c2Ne*)g|2|3dKI4XX5px+$ZVbb!+jIH63gM`wtjS{z{SLc9)
z7VvG^Bic7O4xkzG*<0*Ez{>sedh>j3z4d)^rh8%5>x1`03IC^S|3e9TfB|r?H~*!C
z+yAA6rhPwt$%a_DS?Pe6zU7CmWvJMAxqu#g3*)(LNDvh?==L!davH8^vb&%UYRZuJ
zxB#m$1MQ<@Jr=St{B_@js$PQuWH%{YTCa2_ExMgp0USpUFO5x=-|`=SV4r#jsHw9a
zJzH{S9Qg*6U2fd*JGp3tks0_V;-S4K1XLtSH*Uf7@|QK~`n7SOukJ_d*S7
zY#7=+r5On$2X}N8uQyF(vDU58EW8&I^hPRQQEZT2xx<(Fm_$DFV^}4X&ZJNwq0hDE
zLN3p;qW7TeU+lE|`@wnXDEEW0Lov&IOrNp;?y^HkP>eM{f(@KRWbU9Vpx@({`?DY+^39PA2O;<6N~0K
z$B69Ptekc-#eTz6hUms%yMy+?f1}@@wA4sGNRjv(=++(OS6B5?Y0!iJI=h^H8g2l0t{mF-rh(TTlEiO0vc0EVLQgl@EczUk!E?
zLucd+Ob)0AL@w7R5#a`TccWwcL{C+%eel~dU{VnJ`|p*{%zCUb71(-w1}YNvqY}(Y
zufncS3bBvCq4F1(-nC<4i-e6ln`JLt^DkC-^NeQk`kPJuxb?B7->{IXFqJL!@dQCA
zVl4VPCbKl-r|{@E56?)%$kuAVI5vxZHjpDQ@R~a~UsQ$#P$u*KzUT)#@-UuvVbTW0o1%>DjR2&k4Y*Dn&h&YtW%~$kE0OXbt&GZhyHSSyPo*mUoM_Wlv^~jZyUp+j`A=k=5s;
zzyfVs{^%6tF$iajcmj}W6IGMN&~Jaui3VK8Ow(8t>BhusNEBy;Lqnt;H^$nmq@#Wn
z{y&alku0ZR>><&FX1W%R39RGi!Of*MLKf@xBCgHG)Uo@nTDa7^5tr0P6&Jk|`A|4tsr>iG>#8mliLJ;P$*n)bJyFuj7Z-C-M&WZqhh!UlAF!Bjg7Kk3AFKM-cyhC*#!>0qN;y7
zN9?^Sn;OSkH4BO$JVXMqM9hAd86I9R76C
zRZ`O!kdgR8EpoNOS>9MX;$<6tBBga8U}xsy^}f^IYJ>w096j$|Yc^(_U7pWh0n^LQ
zy#T!Zm*1}dR$u_at4}Wg^c(LM;0y4PYlnRW{Ez9Oe(JQ2J;VA|nMgeLh(%s@0|R~g
z@GPhY-RD2MLKwBx2#*zh!^kYO-ZEget#sj>iqY{PyF7E?wB_u|MM|C7xx+oBGR(hU
z395Hwi_%Qi&e?tS;zFN8oq1`pq4SEn^KpOT=!9a`pezfG`S6Ot{D#-qbic!962C>t
zpWoiw_*$7mHi=%o+^CELjc_KN5zA;Pb~1j7&Wd{!g_-)YCDuyfnZj$*b!vPhTRw4+)?
zqatS&W+XnJ3|l6A|6GB;3&Kh|)^vbcv&V8)>pX_rnlWvpI-S?fi-Cd
z{c9TxCis9*nvra`x-7cjYpSE-xXzUPtWqmV6fQYe0W=Gfr(5;
z9v=i>k(|y$eO4|pxxBX&4L>LH^!OxJ09vM1(8b2du`#NKyg*KUCv?nFA0CUtd?4Y1
zoU^ujy={=S>MRTE$f<2!_r}8gl0|sz7gpqAQ>fq-oRo!0US%)fY!|7cVy3`&dHOm+t%|^ZW`S(coIn
zNmIC2t-lYuQU`=_vJI_J@)6k&y^PB69l@W?}r_P}x+OXnA56aKZDA#;1O`^UzSzdUpgDO_!>$Q|o^>U#qWl1YBoqkNdO
z-1}DpP^>bqjnHMH>6AnJEoMX~Gk|@7>c0%_gLA8xlp-Zw$6MPGUsbTT`#zC}Z@|U6
z#lxxV^x_Lnv$hZ3er$B#NLHn}F#o+-E)G_ubmx7cF_4-JtTF}D7Q`;_p&6iOXV#OG
z!7`0Z?X}EXK|d1Ew5khA#v@HbuVxn_w%U*{(UYn^j8mF%4p}arztN
zoWLqjFU<2(78WuI*Up{{P$hT-2WR9HVn44+=xj~BFic28kG^2>kmJk-w`dGjOatIy*pM~Vc4#7TQVU!U&AsJ5p~pX2QX!M)=fZuzouz9sJ9K^sg`MB8J
zzvLEk^f6@$E84Tn%>I_T8{Sb6^h!>jl>2ysAtQ{dh7;IhqY*(!
zhu9tS|0DwJ(=I--EVUe2J0)){+7m>QNLwb8ycQ^lH!CE_0{%3rF0|sH)&k4U*ye
zkaYdtoDf$*fT@x(vE5YmG|Nh!Nz!KnkJ*{QBO$|Mk8!VigRJ37;OJ^EcW;R&Eh>^^N=s<^(2?XZ%W?2*dRuFlkGK#pcN
z$W8%$|2}c0S5OI|uV#VA(MkNF0Guf5Q)G3kc(E%K)kieNV+<^7=O=FBjU-Ht)AtRc
ze+nnM?T(xdn!xT?j}BdBgUI}E48A00q0JG76Xcgv9$Fb$Iz6&=(KK!-S>PW|kBZ}<
zz@IOQ@+Y+)7;E)VCSEb)Ap?iqjaiYkMBV}BZcd;c?hGBdsK7&?q2)YVY7q_yu|c_|Tz6dOFy{RS7*schazrm|(;K(@8_v4`@|Vl}0v
zX2x*4cD7L&7^)B{AN#udtx@v*`6er7&a_<3&37*F>F-3;^2DNF?gy0D`~S|)dY6};
z*o4kb|E?jca7GjN6nT$^XSAv0#UxJks@QNm4L7HVh9iS|
z3j0kcGycB!x7}sku-J3cO?T>;3RC8nW7
zYhINHuf_T}PAXTLx{vS6yi;yPVZ0#duDX+_$^q1aMsWfY$`dZTWB
zqfVO&UQ};G_hP<(UgO=h@YZqmb8mIq-u9hZTq$#_
zDvJ3QRwoZPg{FD0hO+jAmxW~#^S9zEb@IIQKSW?wR@D}R+b^f>N%3gJ&S(0gzqQI^
zVLC_eJbijyDS{ZQ={#F>;NQQN&bX}}88FVb%D}TsdZzVP!4!jrlH85vu~LRs5{j@%(D8GK#}x&heVv!f!RG{(`qyg{uq(;m$iq*A
zlS1|9>&Q{3=w@bGE;%m&wP*Ppk9huKl~dS~^nq-zNb82Z)VwE@QCU!6R^L*R{`a%p
zN*KBKF20lkyfYyrkS#AEmmEIfZkb$stm?zNV+$d?c}T~%cBX^c@iKde#ogRS;x_ln
zCMtRC);MPE=wg#uK>{&sWi{bJZe?Hsrk8+`TeBaBMZf0t1(x(k1iP71a#d4lo(}Am
zp73xIz^;GK)0z3#5zN89M-FW+&Ab^g@shu%`h0NncjE2P?Qa22#19(~%q8J}Nn*O{2>haZ*g}b%5nlPNuz4pkakP%TRpoz=&NE~Vf1W&Ix
z@*Ld@h-EbYR+gbr2(9M|_BXQgH+6&l(~GrU#UNjXBLFU_=@$Ax#d(B=HJ?tJ)-%~S
z5+2J>DCc%_^R&H9-c{)GPIDcyJ{W*OuskPTVL|g;^Jn+!?|0v7YVzsI6Gm7$#DIBTD!28sB66fuJe$f(-1P1OQZJ
zwF3ZMT_&7;-vI}y+5dX6Ti*h$VhrD}>knVN
zd>b+FCo;ri%wOLN9;?H=rWMeh!yQy#`q@hf)NE01(i4o6d^QPj56*GM&qiAi0$}0?
z$FB-qpB>}Z^SwoG`=EpaQ+ee;x$y-XIZh)dpO
zf!MFjf`4vB>eYUETTU5?w0HU8_yK38F|SZhe~Ls0#Djo+yCUwyw!n5W<(OOXzKo+P
z13HoPTu}`!&DK!C81OwIl@Jq|T1JL}PjUY}Y9AFt5#05UkzxKSAk@yCAf2;N8KjU#
z?z{-JqWGuCG>qi|2D65S(mscfADqJv?K78a;p`{MU)_*3u(KxK(o(I~;U$c#;FjlW|B
zfVT->zT51*am3q^Y!EW*Y%@$Rdy#f}s;;BL97=m1R_&P*Y+5>afwZR`QkQy<$Bx)c
ztkW4R3WbSUE_<%?*~6`3<42t$Yk(QnLtrd2Fn(G0*vD^E$4mUX%~Zw^kt?b;Hi&a{
zL2KAUXm4srt=WQir=9N+jca=a?cgcBr4?(B8Xg`R2uA&bQKBm-p`h
z)^aO7(Lg%l8Mv-b5VqxCD6P(7$YZ{|7()^jq20?Mb&?Z~ZveF<
z8r=8b(_d@6Kp&L=3^_i*7&emtZ9R5HPES@3`ZJ-ZbH^)zY@Lur*zq+?2VAJg+G#m)
zAT6ZwsmjSb|L&$-jMh4M=HbydEm%ck<;PjjV$+gkZ?=HN1DQ>Hdf&(ade2!<6NvB&nPsP{m*n
zEh<|>Us^vEhYlT{+w4FAxXhQ~*@4bNEfo~O(*<0NIuoh>NSq(27|VV#TF%YnDunBf
zqlf1lL(uitruc;2t-N>PwwFJ{)P_saWE4})H-}ooNfg0Ke1&0FzZ>k5%Dh&mAWbwr
ztO5~v0GTmv1{9(J+sWFdM_xOvv5L_>U=Kk~o{#&V!Hu11y8l;DcV}aG;&H;MwXvIU
z^jFlhapDXTJr}+UurzMb)5FjXj0fX5iK=fawC(`DhUWN{A>(nu!H8w1F`NS0g>*~LnIVoWSa&B^f60V>)82zR+}rMy^T*q%
zzOa1*(1DNoB1$TodnZ_?=mMz3rp%k|obyaeH{$kO>-?7+?W-Kz)BCbia@_F2faYF6
zgk{!G>@Up?mM$bo3B72$@syl-A-wtJ2?);!*;k>!TwekxM^xX87@D;&;QFpL0${4nmn+;Mdezb|e(jf=A-cQB=PQnFUsKk^6#
zgYGrbQavh!!5Nx
zb`Z
zSYVxTn5NEvjW1*=uTxW_1Qy&2S&K}Yb0Cmb(6_f28JQR-BhpBV?a059+j{q6+KUuE
zfRh2%n;r5nW12z1f(=H_GJ_5sQcXLl$`=&@mchCZ8Z#}O$-Ea=2QV!yW4D2gPL{5pY+-7ctWV8Qr~5XV
zwQ6{ys_)CYyqLn}i;QG}^w)541ZwS@ROFhOf-!y3ktjG+`=le-O~}`LRmn?_Dps~$
z!%?G$sInbsxqpyJE>-hx1W12*aL<1hcR;hGt|7m5!T>h}-+;%pg`coL4Gm5iM8M7#
z^!pCNy~ppb8(#qAC+{xc|4>v9`A^Rs@W0Xs2SBrq-vyKmBL9TySi(chJ@3Bhe!Oi<
zKd!K6bExoi;Li`S
znnYHdULK5fc1kv26uj1QBkZ9^G=O>Ox~1|oqcE@V{F!SpWpEkqU8Hesa7?^C(?ixe
zj%K}ccrW#mQxGc+*gAIXE~bgrAi7kPi8V@dJ98q$?QN+=09zhw7<`{r?G(QMp-RBCKS_TpVQ9mBK`_O
zvHO{oPG&*69+PC6B3^j`r@7y$Ys*7B;Km){u$Yf@BZMWbM*c%|rb_
zidSV8GQO|jl+_MHBnf{!YLtL=Qn>Vwt4;JIiED6KOm3F%(HGXBZ5Cc#wcPIMYc7V1
z%7fN|q){xafTx+VC@7gk!NVf)FdAcAhUR+O=gh<Wet~o%#eTQ*;!sVt-+GN8?
z6^hdlyzQ0vqVO{KvuzMv7(ZT@NS`zC#_VcWo>@ix6(hqlK{4|enUcJjN(W7CW9$>jOS(P!_GtmG~8)wAS
zG~ode-%e_KdNR%y?tHUVLmKT7wAwZm6w9_mq0>}{S_9)lTj9G%AU7|9jbl*LsGEkm
zp21;$X0{lT1F21h?tzkm_`{4kZrPO$DMGI1$W)sBDQwmx?CGHAl%4cN6r_WfoGWXH
z?W`~m*;d}yL>;nk+K(HrO`ytNK#uhlcf}B3%j22p6u>)5`|1PzADoQmdkyk`L|O0u
zC(4-LHmzdqz^}!)pD!0b?N@kRFmBU*fLgt6W=CXv*aK6SGp?@2BND1MKfsMCrw!L&
zJVO#lgc2(Ip6UTH4neI02%yGxTGFiy$C`)-f@Om(szEDy6@ni_Z`}K$mR}B3
zVn;5bHz$R3I_|yR)?TzrqQcN)_(E-Fq>bE2u>vkqtmGVB)rl#8!4yi~DZYrCm!H&>imv2gjx9iw(#6_DO4vIk8~
zi1;(+3#6W5+TxBbxnZpVtNl;z$R%}QLV3k!Pyx0d8lh90jDv+rn-mQvh7xm0=pO6-
zR;!y&r&<$|R)VM!MbJYC|Xm@9u-zlBWCh*L}GZ9M9z!_u+M)=?gR^2JS;+
z@bV5{hQ$J`UEL`t??@BSwCE|<-h*m)nNgXs<`U0?5OT9h;#SKe^M+3kS4OrNWZ!Zf=@Jv?`8
zqA%D~_-p6pT5k*?jru)Waqelsnh^MLas6=>+P@Ct?wyHqWE=nXOIg9@X3;X2$Z(|{
z+ZsCjj3FLF1e%rD2~YYu{)_{hKnt%gPBXHgT(C-58Q^#*xjkIP{tkL~=0b2zF-)1>
zI@nWevEMB=f62;0#uA}vyJ@`4#1cP8g+F%uSe(aNn&}`vlHgOdQ79a;r-TT1^xj`C
znvvy9;jU`jrKX2B8H)?@1MeiKL$h@#1dq!ri}#r^RcTg*pU@&|Ioo*IaiGTYz}9FW
zH&mo1_Kle22P)*14FJRbo!cGg0cU^X7G*$_a!1_Vf18#T$wB!Coso*c38gyt5{HW6
zZ2@hB<1|#&gn9w|
z$gI>4pVyNN85NM9+r4kzO+d&8z!rda4X_b$+57&V+yZK{%~5~Fe(v^!aR6buqr}NK
znzs>o+yP)q@9&rAkSyKA$+#N7f$0S0_Ql4d_VvCaVqXevY|OM|^FUtDsSw>ZG@By5
zLi6>zS4Tl$=|Ca+8sJRdACH_4Ky3Wv9?g#wwb33jt;Hr18vP3`&UQ09BRTe
zHU!5(4BF6mdtxQOSTZ=4cr7a|aOyxmm$kp!@3*Exw*oVlKo-?>>{*GQc2ql{yHVrz
zkPdzMg7f_u_sQMcJHFszaMqyL*nrmMQl}(VOgj^^Tx-Fw@(IxX^mk&rZ!Mt8ip%^4
zb+ixz192g6HGh-Ja+3H79pM)8B)C
zgbsfu3Cfr4SAezrW~)O4@rx2IFSKn?EO9-(%Y0hWf|Tn889B>F7fKU;9F!Lw&56Z^
z=l((rzT?DRj-l75R&qp{2=d-_pd&VHT3djLMOFp
zOFp=hTIs9VImC61=6`WG;{Tk<4C_V{#|0>c1C8liNe=dZMw*%}37m?hCk-R>9pl3M
zu&#(t?WgfZvMZsqL5o_LtR`KGX#^mI8S<(YFP&zT0Iz{h_Uq6GLEo!95VM%6oT84N
zxfhgfNft6W&Kt*YdTAoHxU3p!)#_idW=IQBD7N&c#5XmiFNlm_Wft)nr>h;;zej9p
z`8M1`E|Q$=If~JdZt-zx%$m1FUQXz|RsmTCN{rpf?ARi#Z=JX6X2O`P*mGLv>(uuoD0S5W8?`|-
zJiWe#6@yyV7OujT4}11Je%_o}DpN-D#}GG-$BEWs;2Ry&u$3-xUET3&dBFzq^`g>8
z`ZRVdeB8?YGNFDv6bQ4*hG*g0W`D1<97t!WMR_`e(l)2}{$${;f3$GQaS5uGD5}}_iG#iKXE-w&+gq!@%=Kr99n{rL
zl;oaRud)dRQZ`cYwyXPzi3zIw8_t{tdmqyB
z#+X8u#p8ppPKvaKO%osDf~qMvV^NDrGsG(Zt|nea$RNo~c>O!!u&d8BzTSgMz5;
zyfLpHA-}Ftx=uR|J5vuR;Nxc&beqw=5xy>30e;{<5Q*Qv?{fI21#)7B0YoD{FfY6a
z53t{O17AP8Np3*xurIuO-(;Hr&mZ;q!uvnsbnOUOXnm@)EPcX$n>t>8KHkkRrE~4>
zc<_{M!D?z-r}a1_3ctl;A!f!txrGs$O0
zuvZuS^wpy*fG
zZE(IDc!J&0zjeM+j|S%ar?N^u#SwRWZ=R3q*@uv0*=>weFG
zw1oC2oz}!6qdoB`4^D5GVi&(osZwP_=R=yVvm@${CFcD?)m6n?KHDg+|H&7-Xv(6Z
z4YFdiOg06Si*Gz6g|2*X7dm2Fs?1L)v&A|*P9;PhuRhzBSR%Qr<*X=zXnrc0i8esy
zl;e0EcMF|U7v7vmN>%vV`{A&bnj`jwJW~U9n|aXqfW7drzpZLm#ST$_l7!1!T6}HT
zc?|N<7BrMYXH(Qa3}I$MfQEYEY$PPi#l)Bg*!OC%|5oKAsRt$hP!eH0D&z(~&ZWr!
zx>3yy0fk3=ls;Myu2Yj8LlhNbxD@MjnDD+`#QQ$Fm;@p~?Lh^Wl4s@+oQ~0HO`ePk
zoJ?>KJRxhZ@Ky{J+g-q|+u!N)fB?;ev`A3$utQs8{56GsM>uNj17BY)qT10@Y-oz9
z0lAvU{6GPdy0Y)_hZL0v@uo+RGNVINmQN;_qa{wa`0hw}!gS`pY;po*5&nY*j$gGqe;i8zj4g%tB(0L;hFxfc7)9ZZQ
zQ(8hQzLEn(U7G`U3r^BWbf1^Ao4x;JiZbCHiMK1~UpYi1^o#8Ra^3Gd_j?p*UVckO
zAc~GG&-+S)Q?NcJ
zl|QU*4)zPTMajSK&igpuY@j9m?3%LoM^rr@m4hn;j5ghpYIi#94sp1qKvzGEZ#?VdnLCJC+D_4s4Cj5ao`)8aFXaCb~*2EC4^OCdQhIDeB50Qo?wP$%2c^>
zniKmtva_%92-@H^hbTJ2d*ExNXOC`Uksx}!ksPOJ-!A9ZZ|CQ6>0WrPq*71j!D@x1
zUc`!6QFR8V-8WVc;WP&{wUU}2k3KgAyZGPE=%+5TINu#UyQUg$#l5i^HN($oCNZ_h
zd|-X=CwP5e$^2gaUUUuyuc~cK;!&|4LUGlnWs5TgaLh?C^09bl;c_=h`Mmuu&d~=R
zg#>(l?HxT_Ecb5?2FG0)`k+@4i2YO}W`2H{D?kSZks{iD%?wdoVjKv79qUZR>u2&3
zI|m?7qt2ORD@d)vmn>wuLj#cp5n(XAE-VB0j}&TVqFq!V;_LyLHm`Bwq!yy&=z_(2
z2-7t`O*tgf9CH#86PjOa%a{;QMUn0}DWH!i;IRQa?Io|=L>Syaq@?kKhXP$%xYVkS
zaLxm;OeItVuj&tS)K7z!%45c^sx|#A?!}uP204HWkS+$_K@KI$Hv0ZEK3XW#5t65SD-+UC-`3(q<@7+;64{ZG)w?ycdqiU
z04M8Ljro9Eq;CWn@`GT|m*gA(>WxqsKziyA_8I?v4C3>NIH{V1GsfTuo)!E(yNPpt
zW$$%m=YBiqlnY<~F`j`HDShG>PsGvn985isXOodh5DSLsK#XeA=6Oi|x&nN>K`{6`
zg;$V6ldF96K}7pa*n$oC96M{MXj7oFY|9T)MxKu2!al)o%|=rljVVyB$}n&CPh=Qs
z0vNbF)2#uw5R>-8&|y^2Ht*`Z1Y37ZEh>aHm_$-hauHhcBZ}uqzeE8lF~xO8sf@J9h?BpqyYr>S4i2NWlMx4$5C?`a{Jlf=<}#wY?@
zCjjLfPKpvll}7;J5ub-+Ku!+PKl0reK==#spHo2ae~$o=-wBKMfL|YseB{!AS?dLW
z;mPaMlgb&Pv-|j0;SpStf9MAA*a)aiO>m2{0+x>3sm#H|C3C<%U!IuywHLf4jJ0Jx
z5C`_TfqRKgD8|~aI>9yEu4~066KH`;YhTqAeP^ha^ovoU$?dYyYebT+ehF_dB(8lU
z8@(xZ9Qr*49}!fpLHtdmp*3SNHHyN_z1|
z&@Hcn)pt89O6CIz%UfZN5B;q1(&BYXX+0ZP)_N;9Qqb1UOi{k)m1Nb)tcvZ@%^^yB
zc}DC|%jRHk8g
zj68RqE17qwxvatf@&_+7rsNsPjf4fx!3r4sSD
z=*!-5k8Dod%S(%>#2eJ4JZMJM!6WLJ%iDV9BV_I%p;CrWy;ab!ygZg1
zL7&cs0Cd&&L3bi9fA>m?v76>r6Eo^Ztv%y9JepA3i08;?Kw=JETl5(JLOg=O00+s=
z0v#)QeK=T_Zk#J)`>ez|9S4nhCXtZYgKVb3_0fn{Il2U%HCCa;m&~{@QH?;Ax#K1O
zGhEvi_BoA`l&0!sLr7mqqhR3IF(zqF=WlHi1-&{crJp
zO}o>&LNbTb5s#cdQa~jxeTcCg1^mOb$SBZ17deygM^2dt6prHIao190s8XAiSMs7v
z2WGB~Hp4`AF8~*4qp>+7go|fBGzi;mStYyTMSa_9rS?(X1`8(xjB4#~(L6#g$Gj{|
zaf}O9XM=l_9Yik&t2gr3!21MW(Yu50JAk{2pNuejv{(ME5IUW%pV!@&Ip5*2e`*50
zec&Md&o*#`*1mlVt}T#ooxSgxVEwlHtE^adue(gd8%dU|Y(NzNtE(hv~IE!v7uQRSx#cl<*=mwKGa{05|
zF?GdDlv$^a#Xb`3>%jA
z0Qrx_O>f!D>w07NciejDU!tSIzc|N#7#7#x6^P?w_Jn$~ps#GU)gBm}hn!v<{PQQj
zDIH7TeDR@{Kd}n+9dx+Xlsw!tFHkT=jWT>HuD)?G-fxvXF3-awq^8;NlRaNQu~J3a
z9H*^@2dym#s)5axAd3}piN-CR{n*lHE^e~ws6XFQNde9U*|ACJX||z+@8Mz64TNSB
zs&-ow$L#~AD=#cIf_Q3JKj?DEkP9ncQ+)|Jh{NBAbn3I3iz4%dO^v#e7L)L=56|vl
zOug>qfWMc#vdoUOkPB6HjTbRR_%KWGPVd_*6xdvw*AZ`@Pp2=_evonJ^Qo&=l}**W
zfk?rXT{}CP)T4Hlq5gzLu5)9`Zgx$YDGNH=sa`}&D32Wmf)KCg@f`QjBIuw^n0~z@
zyD%T|po_kxID0T34t1YZSAgU775zDYcf$X!;r|WF{B#1Ye#zUXhJJt7_UY%_#^Z}^
zY016j^X_?+f6zcK&^8ieFyub6Afb`O-MCA3hMsZP(2bY13LM=7%`JcmA>KsdH`=C(
z&Dh7S4WTeMp9q|-Zo`wrs9l!#vv`d@k6f9oM|oy-tkB_s*cHH@ZY*->%e58YS47%P
z@Vt3^VoFcS;9zE;eGS+WcLO&4q(9kM0LpMII>c6W5@z(!s?bg)cR7YwWuP-r>qMm&
zvpJ3=Z>+_ie;p?xO$ubz57lPlJDkIjx(3Ov68(`H$pY7)#zQ(3Xx;GCM6fm&Hj=sT
z%v|HaMl)xs*g-QX)tyD=D2+~Gn<&d05yOJRIFc;xGbk>XbOF-FRtr{tm_xz5RK(S0
zFE09HdkQRQeo+P8k%#!mC`@9+w+UN#r1CH}&~jJDwJK-$Uzt4ChmFYX|k
z&#H^aec%E&QjN-Sv1qR=l%!J{xU0Ni;DrlD<9^~gXYH-9rhov%x{$=JatGg?uD+Rt
zW9&ykESX9`oST|;s(iLev(O&O)BF7kUU;;Nxp;31(#b|~KLlcz)lQyg0r%3C^EEWuovH
z*A|JLO06W&oa_Y24}Z{sVEL(U4db~w)NQxnnga&xXcwEb8I{#Kt8E5aVk}7si-l{~
zitBauP+x~zG#&vJkmAOp_V8>{(W-0K>}63A>;Nz1^49)zylSfuLWw{|zp3{*zkl#{YJJJpb1LLiHQDQ^|JpyM>vb}XO=7XRWvo$BRFxpRI&}EvtcL`SN+01ZCc=ePiR_xF)<823<@3{5xfEK8Ob(W@;qcWaHrMGlY8*
z(U2r^A>DF%LhL`Tph>q%LPe>sVKdsbKNDdvwlJQnnAhOJ+%yZCzO!N<&A#$~9K-TT
znUxw`q>QM?&=U_2>mgd>$KrSPWo>@pxDbOLxiBUyes?km)5w+1aDe*{n2mFq9Kt=g
zSbxc@q{79YD+6&T#`ykBtfxHD9Gv+}-volV@4}NsCXq&SCSf5gX~8J-hWSa5ou7==
z@@ClyfGZ9NLHGg+WA~@M$?Kh&{2P5JsN?O;4)9le&V~5wg?t77?EMEyNBLhOo#H<@
zLFZmwA=)oeKC|@W>lr&b|N59?A*9kaf1xQrN8%{49*#YqBeko@JRc5XyF>Wy$
z)ea&!HYHra_orJp8wqIflQqU`NQ-GSUM?UIUHm-nwa=7g;k)=f#bemr5rlv-=6Ej|
zLF2Y!0+nvRTNI8-&?RT9A01X8YL8*gpt+nn`5zc!l{$4^RiGd!ND28asD1$5?=KQD
z;oxL6K=T-2hv?h$`Z9Z^e)C^W(*OAY-#oL`aARI*x2K_P3$>co|Q0q?K)DqeotT6-3D7Zb+JebwIz
z*i%VYEBb9OfsR$@kBvt>0|)+HUv0%>R-->Z#SAxTs(2u;l!m+wU)HY69gI=OreY$o
zf<|IasI^9DwuH!4ologpQBvWk|6Ke~AzUU{Utb`oiInVr(j_aYeL=Wm_=K&Q-UFTBZnqKJcI1kRfR@d
zYHf+nCe*o0*>!>-{<`sIMW~rc9cRFqX6_hEUo0X?s9Bk%RL=%JoWQ`a6c^v#SnrTS
z(n4@RAE7LQ5PIolWHBtfBC|TBV~cg3M3+_~#yHRtbd%so4&S5iL$mS#$Bpm6>I6Ix
zOk5yD_u_YLk&F)F1|!Y7WHcEB11>#zfxnhdjy_YcSL&9>*IEKRi7b;ySe@6@peg38
zxwI~lgA|_%9INv*!q!_U=Jk&M``b;)A}oB_T>!3o&`)bi52cTqbruAD{M-)mx@vL~
zDEr@eanHLId3VNYPSNZ0n;Aw4SZz0S1w5GG96rVE3v{oV^O9I1GqIX5p}*JWgi2H=
zTWg8xKK5^Nc-mzw^v_M-
z@;x&5>4-0i*gTPQ`QCyzD82chn~V&Vr3cN+{_>8}QYsE`eU=XfjA4L6I{u0ru4YYr
zr=(OGkB{*`2OeV$`8z@qRCh}^uuSh!#RO&Y)cS{hS3d;IifGP&%8e5>I*F(h33^FOd53V6u@)aJIUAk=CdsLRy_pBUAYu|c7qfKTnm5OqW?c%+Vdp%
z(v9Fg_3%CBsPEeP){e-m0q<-s;#1+G58K~fU9h$m>BdK|J{`+qGz9Fm!6LYwK1DAWi`
zO`en(i%LwVYpFCEVqMW$aRfhR={7>_MvzO&w-%9fQ@G#B(knS~(PK?cS8~EcZwADv
z9XZ4n;vyvkDi(gS8ZFbzg8MgN#M9nR&(^LOAv*F6C{Irev+;)nF0ogL^AG7K$m%;c
zEvam1Wr~W%TioxL3=G+w)+%1K{=Mewl#QQFW`0k#zHCtIDW1$YAn2^ZoGP1U^2{cs
z^~mkZNd4Y4#d6^z8xpfZ@It_Bel5Ckk
zC?3wP6yO2gEsf2%H@)F6|Lzd~`zp5?G3R~*EIegk!8&LHW^)}bw?)8}qO@wjsUop(
z*(~a#0rf5M9DA&#{qEx6B?G^92#hrpkCI_6_-|RawH>bmrYdc1xM#{nD5+Q|&MA;H
zL8w*AMax!kkLj=vq~*6YZ1A2M(dg+@hOmE;jL9tRDQ!@ox4EX3@zGt1q|h0WElvE4
zl0W9Q$jxqxkS|!DuI8I7F9{)%0R)Lz{Y|nFfP1$Rkc4LvbF*Y0gIw}Q{Y9EYD;_^>
z8Uj&~OcwWpR;2r_K>;AZ)
z)R*v`|97YLU*RqEj6v$_zl~OHet*v`GH5_BecD&68wX^trT2|b-KUQO*}E1
z!)MEi3x~z}7sVg}FBvC(O5)C$p1#7)s1Hq3`JJ+|MZq54h}=4xQor8oj{O5gg(rpa
z-B9QN@^-{cfvSWY9C*qj7HYS!u%^OM!zG{%#%T{FF@i_(L9|f7xm)1fov-
z3q&*w`MJqzy}aY%9lh(_$e^3eP3c+Z4Y)a1{EI(d3r_2&fP`>9B@UoDs7IWe{A5t{HZy
zamEbx(65;EqZ5QJ!`Nt9mQ}LjXpl@;_Sj0|I`66s;Oi5uw^nXQP)*rTmfgTy#Wov&yB9HdR&?ZGE!P;eqW$2F8O%`Z1=|
zMkE=$D!Jmz$<`_az_;jOe(}#vW7%)GZ$mZ4^u99Q6c-8
z_BgPWo-GI35*HIjO}Y7E8{tFB_;>>0|Lncolz5$A#LeSqYZ#CSVH|SgDjbeO*kLuv
z7};%+y2dym9iuonyn)>@wSUS@lp!@?hm}C6zy-&F(4-v^J0|gA7;1M+co#L>{iu?W
zh{@bZXX3shabpa_E~050GoVzC^T%fMgyUVEyLr2x<*+mi(e{r1%?NiqTLYu?l=6SR<0SXum;1Q6ub#x9r&P9g9wS
zIOVnH^td2)FW0HnK{3+7NT+_lqqrcMrEaPmD47vs2R)!GYJQbNXg1}kv~Np3M~gX`
zHz=f(oea{-FA))vuHMS%O1pdN%ehlncNe_+{Yf{V+ALtu(BvFG<%EZG)|
zKEu2<%EGkM>UpJ>%)C*_+=~91!8GAMxX8>B@g#oj5!<@BBcMz0BL3lTtoKPbF)z7!
zeB_ZO2IyZkSQp_=@!gi^r+np(UQ=0zrRfqB5{K?*q@kgle#514(<*GD{W<1Dax2Gj
zC1?voR?>7JreXAk7^)u!8C2~WVl9N!!eIL^INB0ZFinxeTH^+=vy(H_TFR@cO^``_
zI+zJ*j8PsiC!1kzK1McTHLqj^@U!XHVlf5Byv^>sv^99Ll8ZV=L|X3>BThm5p6&_1
zj}aR58elLJdi!9G%P{!9Ir%0T&m1z8K=O5VH`SI-82mEmU8#3UvVg@0;*n
zz*9?WON+oK4bv7#m`>kMSS)+sL3+bB@GkuAP@TU2atH0+dIwY&9(Pxf@4&KjW;r0e
zPr(dfzx*M?>^HpbB|%ObXa(v0?IJ+MPt2_c6R8B5{~{W!WG3Ld7)Z{0&)oZ||^gX*cOS!flAE-Nq
zmTFnz#;>oe)*P~SoX<_yk`Fx&K!w{Et(#1{%4
z_+mg!Q8j5yHTYr?@)XN5Af1iaiz!D_MM3!y0fkM-&>pxVkE4bsg{(|;XE_RJS@{}(
zb(OIm^k`Oawxmx;7mxaE>&p=#qNO+Vr%g3-yHB;)l^^NDa1{GWurQ4uI9GMU-G|9;e#I35G|1VaYn-K(GaRa?SFi4|#c
zdA)==)Fu4}9#jBq=vRb3sYa;KvauSy^Sj|57d^Al8C8UIS4pf@cE7)61Kh8&tua|$
za9V;s!$FMFeLhv!9$iS8m|ItRLwx*7ZT7UIWr9ZdVg{iFiwYg+D9qdIt`*ifZk)``im
zpk*db)$)b3Dv;3KdSuEtYw*6$)?bng*-&}T@DguLvva8tbWy*ZWxT{%N>eW`Jx0nq
zyL}Rjkz&Z-f{qsbT&ONkthxJ$NEr}KK=831u{NJ7@s6b&FU_;&~b_!Ow_Z~Oi8y7^yTA1;m&CBqpJ
z@yfA#11#^0-a|L+YBS)}6xdU%GzZjXFk!Ik;z>7r18KChA^h%fuH&b&sW$x0BIyjV
z3Mf@gos5i*@1tecp=cY;d+c~a&qP!hi8_dBz>}K$e8-uF*M!#UB4Dl5SY(dY8FVrS
zM>-yDqi7yxO;pdOqgxuTs(-;ru%)_hK}ad%vbB-I3c_9}nyN?FQT)cz)7r@QyL~Ql
zK=AvVU%|s1qN670vgRU=qwLFwu}=t|XmipLeYgRx~
z!u#Q=5Ngws#_rPeg}V)wd)Q1MUXp#Dm{ycD&%2uz8PDzujAAeEXVppp;Om`vCyZP0
zW^}E30NmNOUI9G4EqJ#8d_(_)EB^Jhh5U=-9{8O7mUNrn3I9-^{jsP$dj#j|HPbgx
zN;_@)2vqdB9L(pURX?cD*o8uJddDSnB9Q~KkL!uV&i)e}-r$Iv?0pq22tHxK+!}X4
z+MtS>T@AwfUcyWzr98wr{|jiL@X`JeopWy3>KF0hJdU+IXWq~HrW6_34)}ys6C#5k
z2CbGdm{bWE@HaEd7KktFk28!NgROeaKQCtDh}+SfhJ?ax(T{t_wj}dU@Q@w
zTLuIxC_*s?L=p9JUxK8*e`g_q)yDy|Zd)(cipl_IZ{E{?COiHAccM!_YCR_ykPO}1
z&o%T0P{;y$Sn-5FQ1}Y*E<7n;T{IXw_I?#%E|4$n&dgng1_14Z&)#nwJVk~?;XTTc
zrNDS@WQ+`_wj8(zHPO}!@hcjFu|!G^NrA=^vk3m6F7&Fjtf?IK_LaPj6Aq6;(_`|B
z(xGNARYR#7uGpx)P;U#U+3E*Zh~G_afrGUFLJ->wzS@(XX7ST{5fTj_z#pDnC??Ve
zQHP3d>SIjpT2JL8oF~<$jn|Y+=>j1m1!wtNCuKn}3AAPHIJm)L76A2yO&p}~N_bcx
zDD`o2y1wJa`gQNt_FWPT{-*^m_}{eve7|Y-R|AiUnmR^rURg8$scrJ-Lrz>EoK_V$
zDUmxt+~h6tsYZsiXeA%9pf_lY^E1%XAq&r^$g|PIAJ`AHn}wT_eD;WAzel5$L&k?f
z5%%5>Rl?|bBny1ucd4J@H;(#fGLA6mj_mO81xrbvgSL#Cf8%kHirMcTjqFrxR0PiY
zBk&bjrl#Qen0t;N)~h~v_{5v7iv0O&v|wbGa}cYQ@P{P?WV}h5w@rIcm{NxlMhcWb)o^HjeRI{~rwd-Mz=nTGoMF81B$-`lUz)gJPJf#0PpIg=9%vL?1r;(Px7&yU
zwXqf{a!WL;%SeXraWhrOIP<^e_!p8K6w_LdmiuiQ%sWJ7t;f_F`7Lvz`&)Pip~v+F
z&BexYstLk_SGZ;vrNqgo%s(oN7<#k6(@M^Y9fU7B-*ZqleYHpZ-JWtGK2C_g@8Qrd
z|4}Tz1;2kq%>UfO2{oP%&w0M?AMdL#OI~JKx)Cey=llGraCz6hT;QaJyq_ZX``PFx
z@a`sN4@uZv-8DLn_4{AgD@ny`Fr@Jx3dD|5DW)aHM`u+z<~<;eS)q_s>Yl}Gv7hdO
zV?B}Uscbs+CFMF`=Xl_+cU(!;b0K0t`?wZytF2Cf3|{jz)l_slhx_p%F8SM!
z>Wn%rm50lp=-BxN3^jM+@(y)l$%~(hpsiitxy(Ol^7m1-WtHoxoeUa?7u%xA(<%f1
zp!>dHjC|ZIW7BKVeUanoY}`xPPSv8EPwYwPX)UZNAHItC!8e;m
zrWx9kQFV}H!V&2pQ~$gt)NE#hskAbVo;`qxMeXM1san`qB0D!^m&AIeTqSDgJR!?m
zMtyG;M9ip~z!)fbJ0wI}huRtx=d@^~E$uRk-BCqRf@=@l2_DxtMlW11Yg3IR;#Vo@
znU$8n8lp)hZ%mz7-Yl53qHNhr?Nl;iPzXIIxFJ3k+=uHBKNA-pw`179i(C_`t4koC
z&`P1jS@JT&5^dkJShI6Ov9*Ib^(Rxkd$>7SP75%>TDqX56Cm`JN}S+-_Wfm&db8h2
z<-vkhKL9%Po&hk3{ebWJQU96A^MC5||F
zlOs+yL<=M!@VS!WByfMQ(`8|t94Gn5JnVa%>cIRkWmnFM~(=|P#?v=1jM)Q@~*V<
z{0kXBlU!7(KkIWbU2rdQhFd#TRUKX=8dA#|Og1xO$k3yP11wC^Y+R^qgR``~r*gvp
zH!a{j#siz+poP3}j~+OLpdXT{4;WD0B}eU)^JkjqHT!9`m2sCa4=+3W6N-|GE(Ykw)?lsb*XW#4^^n}zqz*S?%
zhu|9g-M4G$U+XgD>%W`kx0UJod+EjjX=P;VfUMGs-ur2lbpx2wr1xXi$&Wur$5^vI
z6prOi_-wzb>5|UyeFvpna~}~Tfl?Vs<_3pvxNer+9%FF!;tSSu~w)QwV$TM+i-`p@QM>!5nSRLb};+rC4{??bZDE}Sc_Ob}54u651b$7}u<_R1ftNPuG_zyG&+>w6LY
z+0u^u|4>)I$2W4)Yoao4Y4&F>+oDNP-O61Y81bp-@ab)^k4c
zry(BtCU4L3$S0BPTm^{KNZViH3K5q&*l-n
z_W#I`yO-a@SO5PCaCBeaB4iMtB~N?|-qzl?oBM?V$LCvryYaE94FgE$THb{1^&(FZ
zKqbHIDnI0vL5?~Yk`sKEg~Q5Vgn>)5=jS_8Bx9x6AyXN~qaSADRdXpj;6~)DZshGb
zny|?s^z@FI`_m#A^kxIN0ucTGFs^1u;LS|XT9Wg95T@{{evXO(n1@_KT5tDMlwGZ4H&(ADsb$VQ9Zh10519`#}l9>Q9FY<_uM5MEQtS2JI(iBTq
zG6~*rr+d@qz
zGrI9^pf%eb3RKFFszk~7nZxnJ27wtqOJ=1hI`d&NJTm+@8@XiGc1Iym)wH=)SH4Wj
z5fFtB^2EdxgbelVDYyg6O3ygZryTIaNSVlT=q%zsTa)}=8@R>SI55*dC2=lp)e>nk
zD0|P87$)vPt_0>+!>`CYp@+xvp$UzRz9ysx-?TfXne4GOB7s53Dnl`!Olk{
z_-&>-+*bM5ZSRW3G92}lo}6)a{s~r0Y`QjOJ1P$Y^(IDCBtWYtPZtO=d!YZ>0kBit
z0>PJ&zy)yCKdGcTiDqBc`
zKT-}}Mfn1My^-YqOp8kt9TI4`X{z~Z3I#x}z(8T=Xv-%t=V6=Tp40g>vgaJ#gOs1M
z!-1JMY%UUC$<^NGrN1cNTCk>tAK~ExyyX4IwKqJhMm6JLu&v6!NjwxP@Yd`L88+Hv
z1n3-cd*KRbPz&X6n!_hHS?BYx?2#18yS95-V=67SF}B-PS!OEoPUY7nIp7UT!){Cl
z?>f{a@jheMsaKNSDEaWc2wln>y1D~Frdjei$OT~BrDs&GX+po2Wk_|7zs>?xo`u!k
z9+bn%Edef&niwH+VN-G3EjG^OCI%{wQ?C2lBucq=ox-$5m^ri3LuG!0XW+}izaFkn
zyW-r`Mf-g+!}!vzy1rF^4>sWN70%vV@aB=`FMfX7%w8&I2%6hbkOgvc<$
zK|=?;K4u2z_R>2czxhs@fn3<7WIZ(Oc*_M8Vs*(xSzVxwT
ziAuCk@8GwwgGY4^{2iehW$@~8f7@ZdkMv2wVl;$$mTgeP&6SwqxLmN&*nZDld%q~h
z6g}zUQNd+snW%qX!ro9v$F!2x<{WSycnBRN&||is+Dx|tvy_=1t`+&LQG_{FaFg14
z3Ctc{QdgaD_!^~RVSj!*3gt#IzeJHY6?GycblAA5i*(i-x{0-C)(SZH=_C0
zt+p(a9>GO#(KDvCW?d?koY9|uRlu9ge`d-+4gHlX7NQg{R219LiFycXG4BN%-ei^g
z16{*yRBzp!(amt6jwo&{3)@>i@ub(L?-XFI0B%~#-tH`qy472A_WNsr9?$%*=jttA
z426r7;@j2TX4CWGgWd(?Ng6
zYyN99c@TG(@RQq+d6Ib3NWDA
ze+K9)8*yr`MNj(!K1Z{>tQzeSL7Rbma$}r#yok^L^kQyl^DHK|dm$cl)v5J~Ow+?2
z-&G;-YL{6Gly#B`kjgEC|HxI?(4yemY1k2_xx@fjW+9$~fwyBZM31E+LcTIT;iL(3
z;q+hS%}+Iwp&i1iXkKyY!JA962qqpNO$>{6DA`IZ7@Q1L0&AF)VQbcB+7O1%9nnfd
z^ICOm#YvEj_JO-*Oo{=5=jYZ2O2!{SdvAO2xS--0a2h3hVlQUoDpVCy+{02UCJTgN
zBaOkb6K|)Dvyf@KIw}qz&_of$L~j4tl|?{ygD{Q_|+v1%;1s>o3|k4atO*#FlP^
zC15_&LUF<4)_}lU!)BxoS#KFQx?P1`0-wJ`7f$XiMmSzE!r-nS@tBwWcGo*+jUcyB
z23EI~wVokQznjs?&R{#}j;|@o(zT3!0najF!gg%Ks*pjb>vqXcB9R4qmQ2paycDn<
z-p?GAKsoedPe}fdnFGBfWFD`?{n68piAtVilEd21tXeW?O7G;p?oCRD$|xJIwrrh+
zYfSokob<2B1_Eie{=M`M4&9frIVD&0;p`Kbm6@&FD;{_oK
zk5StX+Tj_A0%d~79y8EFyELP!jW7mpp7_eECai2>T0pJbWRB5K5Xooc9HHEg4c156|O%YN2871iQpIl$`qc5Xl$;I(}?i8!MQUMxm0yI
z^%Lj|y4i|m?PV-8(&5rW75xo2vfFtj^)|?Jw8u#!Y}>M%6!Q5(-)i
z;TnZEBmVAqQz#`*OJqNHI5TeEy7C7-R@?TSs9DtCU|N62FId7re>COOZ)shtnTUAN
z7~#WWb9Ujl3IPYo!rp&u1onArSFKo(u}l6@XI=Nx$wrO@h7_nFZ2T+ymyIKgE=JL
zz;C;JkK3Ts33VRluRqVeRyc+m;_tVvKN}X>N*&N`;vPD
zIF(D{HbtbiT0UwIm7ClsqnL=5NpJ#^PBv#M(B6_iMmAe}R5LmZl%Z8P-OsqyiMpAU07^5$}N67L4q6He(Ci1t~?k8A#f$RYShxvXUI6*eQXbu90
z=Ej`~U9Sv9h?{2ac}@Tbl}g5D0KBe3F4(?0r;Kn!0X{yZhjuTzSu~PwEs$?se_tsf
zI8Uav7(qrKn|rk!$5$A=PcT!%pBAxRq20PbIRisL{*=!z^$&Z$I0-_iE*4*8l6(R?
zzJuhqF0z-!)TTm7z&N2%S{O8oi~Tjh{^u)ctDa>q=q7hw;@XG_aO)#aK724Zslrkh
znfG-1i{=&zmb`#dXs1_xWfk+k$LR+snaZ
z+Z+aUNvQ%b$4}G4WJNPcK!*BGWX7C2N8St$RX8E{4%58LBVb{q%$QJE
zxhf%5@bj<}vHM;Kd{S&v
zFA^AwF3z|~NLFIlNvN81%%Gjr@n?8q`4LCLu$FJk*L@7a9mbX<$w3Cu_C6WIsXG4U
z+mU^zA%pi)3Q-+ViMa43WzMQhpsneQWm-kXqpn(Sc7?+$(dt9@>Mn|>C&b{9(JPY>
zVM5BTm01EJSI#ww*^=iy7ZRq<-C;g*sVY40zOI8X;KfzDng3
zs8aloB_nRU@nMxLO}FK-4jt=(6O(_|iHbTdXwhpH&pU}tWO1u+N7#OBJ;n?Iy2zqa
zKDy_E)8KF&x%Mg0w{xsZB0wa@taI#P9FdYg<9Lk~kR_K^i$aEzg_-h-_#C6oV5o4VLVySf
za^eSyu$>m~o_S){f#cH0P|1v;8FYV-;QI~@M%ANi_N40Bd
zwGMDk7;hAA(u#0S#q>EF=E+P@yO;y@WDcwG)2m;X@9(0VMV+K>DP}rqPg!y*%vAGo
zQ@=dWoxlmihe3Q6#dL~j2L{Xk#n?MVN5Zyix3O*8R>$br?${mM>ab(m?${mMwr$&X
z?Rvj&?SEnHe~o=sCsm`49^B70=T$DcHHn(jA$^qB;ndR-+)_*v(bSlb$G8#^;yTF*
zVepNF+(^X*2KVPw!Oxg#XkY)UxEyXo?z$%>xId)W5Tw{63)#m-f(u2I@Rs2cewf>t
z&WP$)t|~7#IPd%~S2vHnu*q$mMS}deWvOpSgExFvk7Ls!xUpbtAdk$rD}Zz(JQAr#NEhut+m6ji993cq44u+pZX
z3`<0TRWHHX>=CPVh$P1STBFI2HpX%{IshiY1o-w=UKHRVD_Jb;&zGR=mjtM5XgZF=
zzt|4Hi+`gg@pap4$-7poru6+p%dN=jHU3pLG1w+;On=_^j$I}STTPA>?8`xRE=m4o
ztAYj4GIMlX{L5q?;iUg$RP{x4h=3F34Oaor`A3761%zw%UmB&LqU31ci!O2>IyLeZ
zci;7IU%f9Oi_MKh=s2}ozZ|0vgKfa@)E3DLz$0wC{}u2;^#XwT5()ss?f}UD^|1@+
z#sm=md&=hxAkHYEKqlc^0v$nu0`{T3d0UqZg2I@-{lF&CJ|m|lu|dUUzWw-fiRm3o
zzwDAX$sSfV-~ocVFzCM9o9p*ssO!dUCwc}mntKb%1Fn7+1USE2G@_GqMXUYujYpZO
z(%SY-v%c#$2|m;u=p|z#%so^EN6-n)1C8;QTlub+`p&0PGbaThbz~$yx;B4yt3<+l
z=wp;?oUGO|aqe&1#jCn(w$F7NF7u4rH`^r=jn&IG^KXmnI%>^J>51Z-;^z!xRqTt^
zu1z&*8@8ma(|!8{$CVyDy13IgtiYU?c=TsW0#=I@;)L1|dX#}?cU&)N)wnSFPYxH=
zVaLEl#aT_lNpu09kG$+QH?Q=nKN5^ENmjk#zLX>inIC@18(E2i1Azm8@Ep7AmRrAE
zm5jB5@c&;P5OV8Rzdo
zWM$*!tJs0f;1z$mUGhpFR3dy{vKo%{Gd+&IN0|r@J=m6dWz{gov
z5CE`k^-4V8EBWOImFxcO*7pf~tRbSfll<@R+y+TN`HbIjZM!+s4$~c=KIB8uh6Wbk
zH6Zmb|En9T{>|0YeU*7L_LuS;>8JsN&&acgwBJxJ^~KZNd=mr?5pOjscZ0C8<~GuSaFgnmvW*F|P%je(@90oAE69Ng((nQyh(b~j`0g8n%#YX@i0K(0
z9ZyeYSN{)yjlF&NM|ZPcBH+2ny*cm$fYR;v?#DSjZ&Tm#129xl&HlR8+uq58BNljh
z49@MbsIXkiSOMr=tJba^9NFMgAg?kE6qRh{YPaUI7!@;
zFPuUR7=F*5T{!Xv7*^h%T`1y4hSI;jh3yTJ^m}j<+3jYK*GusR6sAmbL$5XvN};E!
z9bbD!3^r@ZmrZj91a@L&6PD2e6xPLDh>+gmJH*t)7AE5fNs`xxk>fKIv4i6?7%_{5
z|KKLL!;ah2)($w`RZc62#Wr;y^aQ`j#R3d-P~t4qIVpTbRNJltMBl}!DDtM>!0He~
z7fJZJ6oHYV-AzM6d_M=qeINz>UFNsT+q8l$PTrJ^f>_9XnH=y$r3R@y6dGy%L7N(6
z>c0v_Gx361W3%>OjBkFv*ogVq6w&2>6Lw9B1it(z4N=>Yg#GNW(cMnM#RWpdh<8B<
zN*&7=fHtyjaN%RFZskz>?M|Ujy^P5tO#V*4=c}C;cM^UoNPbqRTRtKzj}Y6t&-3~1
zT5NZZ5YROo$?iXLv-aGs5BLhfQ#NL^Bx^DL!5gZ^DDUQ|
zZ%|MY&M2R`CxHR5Z&u{tM5&p6Z)elQU&i+plaa%-*R4|GSKVFxvwdW4`Fh{RvI&Ua
zvUKtM2N91KHCF1b^S7PveebhH%3J?
z|3b>V9oK-~_5t+o`hD&`W;RP+f4#pPJbcCqeSQoBnBS_B;HwIWD*hHP7vJB7pJxq{
z08y?xzW3D0yZ)n4{vLyW3=LaM!Pjs_WW0A__ebo3oxb4swm#SujZdo3=kzPZa_+0*^*v4cNqoG}
zd2S+Ix(V<{JSE}9+uGbD3YrszbgGW3n~EB)Ge5DEx6fYzz=s?YG)W9?u^2g_{vQU`7U_MO^v;uTQAIo;#A
zjnm6V=dPdR1TIbPN4<(*0YemB@f2^pvTTvT2q(w@bZz`G$*=lX&s}eW1vHRxkmGuU
zzn(VxwL`34dQgpJ5-391rhFcon06Sait+
zr-e$Otxdb|eC(8r9%n2aC<2^OkxlCk6|dRXXn)HO95`^6e5&wA*0>|
zjzOMVjxwvP9~ufOtvjx2-HqAaR+X;LSVJWyaL200kf}^_0v1N1r=(57))zmTz
zAN8t*GOHfqr&&Jy?Hwn1n8rEtColH_ZLS>ogVo)w(lTMv)bTd=g}Ji|^;P4lKz^YK
z>~guu)vQ}aQ&ZpKuK81&8swd_Dxpl!?^W>~v0r9}TWvym(#+jw2#VPIt`n@yT?ZQ3R?L{C4W(p3pg7@n6|;MjY)%xvqpGMpDvuC41cFcM4y{-z`5o{~pv_U*ATW
z9}TjjH^-~2Lcf3YhaxN1tu?!hwD)Q}q?X@_3GEw1=vu_#4EUA75!&Cuzsc&g8ygWV
z1iaH76cM|Wv>$dOy%KM-Bz>~sZiYs+ihOOauiCx<);B%z4gjGqTCdx3JbLeb93zP5Bw$3BSRUq^lqjrI?>zqNde;d8w?{T(W#dQH`u#$
zx5jjfKP!dM1A#y+k{|(dsdd7fX_s@YaP&I&WxY(m+Q;}lGBJ^D%)(J<*T-!t^5?zC
z7mfLiWb5m0e@l0(C#c`&sps`{ChF&Fs*t$BCobUG#2LN&q-6UgHsMVaZ~*;|L^QR;
zx!A2t`NH+&TwjvgK-zx{j~a-qH1osy*1zG4ahuV9{h4XUPnV+319&g?-`LLL@Myh
zE~=-2SFN@g>v3E5h43$^Yd5h+wSJ@B>aVe^#a7AD{l_--+<0G#w8aw}U2~WrlUHu4nnlG<^1k6{me`
z$BU_uxh4OMeuTt2Tv`v~Ij3-Ou5aOF*z_oi+EER(HyPDR!_*;oEWdtQcIep~dh0ag
ziT^#__bA=WQgwOp<{hU^<97{ZPNnH;zAf)$9ROFxrgG~p=CouWQ1oaws|@jyA-hSS
z{YFUW?QmZ+%Sbid-@z+f^H_Uwb6?
zKn^V{M#nu+w$8PDn{6EAxartVx7v~&@dsa>E*Pe#b%D$1Vi6K*kCBFm`I3nD`V}!6
zHh5*=(-x`$9v@Z(VF9UiYDAiM5RT?m`t(n6mnyg5!(ixX>6ey*GjejbSof`NgDR!D
zYSVXXEaKSVo6g-?w~UluL_QTp)r2giy@MH@zJU!y>HiTEp(V?tkj2_EC!6?NsCcEp
zgi`fmLIbEvXy32jE(6OrDeCLIGB&5DghhxhgK-t^nC7UFwfa5?am**k*_C^^e>+C8
znt;)=$z)kjD!2l65S$vOUMw#X>kGEz?T~N-pB;847#ph5MCs<~6|RXnT(~F63~B3G
z5n+@~m>5CaiGeNdR9}~N1>01(s9+(nKWsKkeO;gJ_qp(5Q|u=lQOO4iWvRa^txU`|
zdax=>t}SAI%q2ENRaGFcknyD+F5Wp(m}o9E`LS^dd*QgXY)9t)=p`3`7ky5)PXFCi
zU@d0tnfya;UHRM>f?+njAj&M^2I#aazqEXj@nhPx*cbR)<>T?TVP!lRWVUWa$dCvI
zTjrz4D(x_mid|=A%?g`p%bYfHK_pAFTG)TNn{wLb4wDGy9=@K`KK2oFdSEAkEUc>3pvEG7Z%E=w7cCCy&FHL7fF=`lQ8st3f%Z>y3DJCSn3jJ`zfTD*jN^{7PM&@T^qr|
zcwBL79BBNx{&NK5uSzdd?{>hM4dCVd83xq|Hv?KsXwzmQ(uXuuU371A_gzA8ize(c
zIuaf%qLXZ!P`F>Tsio)4Sq!c``i*a~<8o{;TheSdj9-JMKk
zem48+9|f<(tKl-&h~8fS1$QT*kqYW>>h@p%N)8$dGdB_-&S
z=iv0~>1^k6S9q9a=kr?=C`G4{O3F_n+5H-_2~250KB2@URk9)dv-R71h=Yz3RK_<+
zj?V8x9GYX%bR`;OC`^46EmN{WCmLvaV6}TnqGr1MNDzVC>M`-_As8@n`$RwT6C+I=
zma&P4@A^`ulkf0R29fGdsB*C->Lk*UgWsIXS=`8`;I%<=8#tXl0^GA3E@){WQsjo3
z25;pbgd{#v7h=6QHXzVYlA8U0IR0+dp2dTYDEyJfWEfB*&pUu?PmQ3GXU=}oYa(_#
z;6YU!q^lI4M&vf}m|T63a7rM0#=7$Nvsc-xk*jx|C%In$WOGdVp?&Ug$1VTMIz~fO
z>%lIo&^Q2WOY^nGguonQ`r#XP5~Xpl$H0G@@H{!;h<3hayQ|;*b`!?lXTUWb0o{$w
z&kaX_%Tq%yu8n_2BB0lRKh3OQl@F=(Zge*$s;(SFRToC6>EW95R|M84IR&>xzi|x3sNRyhd
zUA&>ie-|+rdov|%mEel8T)<)$wWPpcIF*Bqu*$(5dK#8${gU`0|A#uKW)*E`&kW(Xy3d$8(>
zE4;ymZ1c&O7b5fWseZQ6=4kX>w!XX9q>qEnN#hhD`10A{Q(I0^Szj}0`f-FvzCOBp+D*|G3Qh#sihCF30&jtlij2aSexFjGe~EQ$zgKkY
z_poY-fjW0A+CzR(Zc5T^8r9q!O8SrW3`Xe&P!o|uk-rN9l+!NLbLa)w#6UnUD%uRJPp6L
zI|vyI64~Zq8ja~oHb9IU2q7L-;FfP=wv}V{2e@e+2E!Q6G4f^aV8b!+1LMQJhbbQ)O%wQtUxkLbG!w9?z6pSaJ
z%jfz!fW$akOEUqJOC6~@Bxa;*r!+@58{atsjo
z&q$E@-@`xv_zch*7LPr%g)e(YT@@Q7oN1o-?hz#%1Imp
zkYoW73TdU4q#@OwsFbvG_<9%jUTuvfRA#rXzer=;R@G2k{{D*ErtP4hRl3OS;OBRF
zKp7cLL|aT0BKWwym_)UM{|6z5bqQ`m`L+QDVGUQ=8|35QL{eZ<#$YxHO;HiDT4ija}!2SuCW9{
zhTAJvo9HY^B;Gjv;EB4d4ila@fk3L;~jSHpe{>^h)?Ub))I8EH=cw5rK
zi-vl|u_i`xV=X3RKX>BqHa08F81xWr>?n1=ULd{pHw|F;3tHpx>0WIwNHtoa%`bX<
zR3w9lefg|otxh$Md#yEJB%uEB>yPYjy(pcL4eyltRC}2%Yr9_(;$>H(@*Fu1doq_-
zczTktYi3guD|5Gw4zfomhC5u`d!Hj0>KrN&HzGmO(qQPzClj*;=<*_8DNBp3(RXqy
zoj-WIXiOny8?$QA+Ylr^)uXQ}Qne9L*m{ISQI@J@7%lS?rEj;ft0+Gs1-)tJm49L<
zWc`F|I^#~Lu^>NDLyc7Rm}pnv<9UxFess*Z?I|cPwB>eLJN1s&jROdK83t0|c)rs<
zJ(G46oD<$Kx?tb|0K7ke_%rib|AuObTPYI;FMrity(>XC6L}&|5dN1Q*YqP
z$!BHHdHv9A<#u2@TUDi=uyB!dC3Z%1L(tZ5SFFV(9~XDXDe_JoWooe8-`}}vu`pca
z@_Zw)&FjtoGt{Hj*e`9~=u-G8Tqyc4OBR~#03%Qr6u9WYCe_1p24FQhNX%H7O
z+MLvNnN*vD*4HJ!6k)k?cb~^!UAF*r*MQI&fNxXt`T_vy%YgU@`=R@PN(mj{y@9GF
zdBFNjk_-Gtr8wX{v*>L*tNWaHMXVx%lLm{*t`r9^@!EI3n>u&*02Izn7l8GepA@;{
zt+J#?C{^4x#%=EL^Ip)A%`XBO;Pj9)rHIr${a;7R+&6`)9sBWU@T&q
zytXMO@O!jKhp5e2qiNd=JO;l9-Tb#OO_xEKVl@0lA4AFnOU~s+*#o-j2?(0TT3{_)
z?cd&e`cM$P7!$|bs+Ph423>MVExHM1*kO{EtjAb2#-4+ytnRgQHUt@Ymhxc-D*9I
z;BJs!{)Wgm$RDnILO9Vk`ZKx7Z-Bt6UOPg->gF2K%e3hK9mMHVb@Tk%@M*&M?A_2?
zi5-~2I)KhiOXd2Bf^g}|RIcf;z&9r7{ykW(#{(I?ZAuk|JvWb`i-~v%awT5z$kjwv
zb60OZC>hXEUK+H{efLqRzxt1j#r$zB#lfotp$Jk&Muk}HkQrrQ9HVhu$w$#*SQ^US
zs4=o!NmqQC1p4S+r50RpGD(Zg`9jf9$8my3vsR`iF@sdHomxti9O^i-)%B6n$Pyoh
zMoew2nph1DnfW!m@tlAQHGmTIdi07EMm1mK`~qdJN~85A{z;BBqL3CDi?)HxtK(?E
zNimad6At|^^Eti3an;+{?n#*++-kATqdJ*Dv%5z5)fE#}OZQbquv2K+=Q)8I!{mb6
zYZRy?e0_%Cu|?PbTucC$R&4G#l_p5fdzN9n{xwJMg1I@EP}TfV(#)g#)2my3B>^Ag
zsWbQk|B^rMDOluM(f1Jv`xRRJUn2gL6Emo{5O|KN-2|y+pydckrZ1n)pS-sQZqUBW
zAU86f-JMWh?av%9ex5+dq2GUZ#{ruH{^2A)H13o1t_+@Ym>~Umd}X1*s4S41
z=l@|`;$Z5;cK8XYgCqMm3RB%A2fxz|2C|Hzy^o^5k$f-gaAIQsm4uDL12bQM{j;Sl
zIfD=eB@u@JJ3g0T;|OG9yJGV24MUOXW!OzW1~tX%&@?YVaP%T9iZPjv`cihI*DRT|
z;pzhCK|emprC{<%zFO*I^*Rq;?*
z%ampoHiAhof*)vM>zIzj+&GPHykdtn^{Z!@=muE8D7U|7^Z>{=_X>M`d6}N7&-VWZ
zCH^nMw*SB%kAa#^ynnoH6<^zi=dVjsDlgE^?tg?{qI+}UYd^&Fmn66+R
z4PkwEYy!;VME$vLlqIL#3^Jpd2b_>*FEL~S4jN8n+8LK-!^Tf|P4&JVh)^ZPfu>8B
z(Tb-ljflh(e0t+d@7=p3sB^_ImSCOKgg0u66v?<=P}ByA2_@`56h!T@rHM=j8)sNa
z80g^r@>k3xEoKs3qeqp98=}pt$h3dHu*0vNkDccXiu^=uqFlDE}NF8VF6BGYp(dfrQ&QY
zIcuY`+!mwwKqrxeE!X_L#7PyqrZ`XK5&09ips*A^LjWqH03Q#Q;DFVwRrvpPIhjyx
z;sxN@2oN)b`o#@jfA`x-6#GqwhM~xf0h1;7I$3h|%pw5}S?5)TKH
zk)vKzP$8P4nb!R9Dbj1iO93Tm%%>jvlU92tW}u{O%Y*O*`-wU@=BV*aHjItXA(-!j
z_YmN%zM1$sO$Sia(OE})^>e3w@%#0^GRjOKhF&!oAUzv;Fd)9?Hy?<(S4W4V7#F8L
z1o4`F0fU_0zWeR<{O@%1
z-T#|wj5n&aCxtXG@<8x)_k@}P;!!566u+K6PBK)Sj!|2eDh8Tx*f@si_~oR8>mA_g
za*<4a^?L?<8Y&czx{5OM{N^2aO@wBCRzzCZ6*uc(8mu{1jz)WP7afLpTEB$iH-i>1
zRiIOD!G*(?)9d}z!EkGn4FZ2ZBsS<04Ei&|>V23WX3la$n%o2^;K$dZ~RXsll1cv>E$R-}iybhO`&Fz%O$s=tLKO?hf@bY!wa%pi*M-kUQF
zec)QN;_V+{9JotUTV6XE#_H@mJ
zSB|+w$mCs66AEibfC^uYNC_X4uI9ON>U@#Tnr7pVyKpmg1y}%Hih8w19(w>zZAF%!_VdZSOWXd??UsV?uPjx{gaXsW3KnE6CYp&+YA|=KoW#dIzJc1w_awH
z`^yonEeVgz)L_fZ!#xxBqob!lENMLo(yohOK6+VS;`YFwF+LkEv#<&yoG>N5lKk7S
zq@;b#4p)Bok3&xm;p!|9&@9zXxUaNnqsXb_MAY57vX@yft7m`a5zgp}MprT|6J+Xq
zbEx*mSBi8_0x5R{_+0QyQM3;Q=#Ep3050HaTBkuC`_RfVBLfgxe|#~xx#8Fm`bXIK
zKk$7}Kr2w#7y@_!%17}}HmizQ;#8%u@eU}Alupn%H5$;^&R8f)EV#kueZWu_9Bvs7
zvrq*{ktmqYj(mAHUlFNY;rp&Zb}4<3|cY5dQJ_B8B4y=I0uO=Z5*f^a4sVBPyglZP&AuM<^&K4hUFK
zxRFb3R(}MwOPXRy{!cet4LDD$LeLd}(tT8u5*hQ4iMkG4iro3Hx2MDR{lvh;dg5J(
z;9yk$0IwI|jN_1jD4+BYyBUCMb7?0~H4f034gll=#clrujQ)>~hixE?p9o-7T*U(=
zFadNPGWi$!GqoBB)=vP?c-FnqPWgEso_|Q9CS(pNazQ4b>8X+|@)jmpbMiZTS2HMT
z9z;5cYca5J=)#_IE>=Zp%LMW(s&kDOo>?TmUU8i)5rt*7*3l8OsaXy+Ke+sQ)eo+P
z={`M>Njz??R6irUc)a>L{(iV=|^9k$h%xn*$9Su$5vQrxl}SLSwWAyUrb{5O;E?Jk=hSThg35!4(bXGB5jHN4MOmdr`&||*8Ud|AssS^p+%krDJ^Iy*gvB2bGc^j$
zn{Vl7;ujQUp#4Tp6?R2d>>#hVa$;oEIvxHkkOP;?fi0hPz_p(^3umyBj;IGPJzuhp
z2-Je(?{x#qJ$C&5r+V@qwK^UU79Mlk%G62&xrje7td>n
zv$TS$U@6*XU$ab16-Wj!wZj6Ng|#wAFMcw33~B=q4B+_oupcc`dNPpI+Un|u-Z?W
zte^rNaunvysCH0uKmS4GOMr;HS52b;PSDFXAn*TbRLKPzWmf%abf2Nw+($oe!cD&{
zy$A76J>v&77zS(nU{X{Yr;(i*{3J|RXhsu1`~n2dPfAW;JFqSFyIDv13VjV)Equ4M
z89MCgu@af-u?A4We{9VlkR|6+SJn&rF)bfx?WS>4$|FqMMzyS5$9Xx;5pqL(mF1LnUEPw2m)Sk(PniZQhc2+anwa);XdH$=4VEMi&YZXt+OR
z6zcCr$Tm)8h5ew+Rb@`2o7FbLZ!rRqU96PlX(Ca333Mhw5@3ek|1jXmf18PKFqChm
z9bNMlHdv)+JFjF3`4|1pPP2BYpvpCYVokn+ce6hK%0UO5Ec~$5Uh%jeW3sloMl&B9
z#(N;iN5RDI#nDYp#Znxz)xvCTEJOQ2rM*XSlDimxM@R?-dClF+r=ZmP8vLPsE2JB3
z?xec~4%0ICW#9YO%0!OI!{w&&PuecIj4
z=%ASC>DbH$9Axu43M?gHk;IIg7)Pf)vpSXu%(*!T5TJJ~{{SHb=P<K0|#pAju`#u$vSi;;T&DBkgF
zmURnPe~C#$ILtezn}t9SrEUlal=X-`sE%EKo068y9Id`cqw+6)1S>8D
zsUC5bor1xW-}_aS(iBXxxCnD;Fd*=P{diA^(mTCaPkzbW+>+5jTb?_YIKs
za8-$DQp5?R&B%U87S&j(WpNIg^|AQbcH8}a^D)`2_T(2B0=Vw%?5+P_>Ku5#j(>gG
zc>wVELxtKnK;)kkU}k>3OKeQzjpEuX#-vg=$+j0v+pFqe4=qVuEO=|^PMzmNKN&vH
z7$sq==4A6Xz7do+m+I&7$wfOQCwWzbSrXzXplk%vDZYG)_{tstOm4s5Zo4->o!tSZ
zfMrkjB;6!HZRvkXLH@P(0X5%vcS5&Gm$%!{)9zjRq+fwO^R%DT@K|4=CVvVczsg4l
zLwRyZZtDG!irV1#Ie(<8f9-O`j9k#{lVJC@3Tdq^KPG6xhhh?x(tsz7NajJ&7Mw)7
zxy^|_U+4Sh{{~amER}v=+bJXdr-&f^#5jZ@GfG`i>##?=lpov(&j62|mPdTu0n>#b
zy2+7>(Nj;bWPH!1P~skJ8TKg0KTfAewScWxp-l1aWGLiz$lJo1J1ChYr+iishfpM^I@PU_q;HKZU9QnPO8
z{l`@G3gRYSWzm>)5%cT6n5q^{P0|_~GgSFg`z~PrSnz;i8L!3K@Z$8}MJNRo)F%c4
zF^j#{p070DJ_qXt^1`rzM+RPM@ae9KxKVBF}w?w_vvLeJPBHp!pUTlGMjl#6){;s0twQilXt_w8y2
z1JgzWo%s9$A??{XYdE*ioHE>R(c)qUN=xzkh
z_iK=M0&FQfXzX4BH8Fg67icf1=Rg^jjDtoa^4Nv+^RcHOYV03|nt6EYTgJn;e%AE1
zn)8|3{S5W1GilZ7*!m<;nMsFtJ~*^Z7s8>`+1W
zEwKs*=r;50qV&a}Xw!}$(>rQnRSSHTiqizA61?>ll<Y!NN^8qQ*gMz`KDEa$?L12*Nfq+7`0Ph{X0DIs;3OjFo`uQnk8z2k2
z=>Xz~Z9tMbdPA45F~r`Vef2?zn>*fJmDGJ5R*l0Xp&biqtRx~Y>r**yHpzI9*UIVr
z?JYfRs2+Ee*(of!A8h};x(La|e`2`Ce;%<2!USsMw>d9_W7!F+DXrc#*&%vS*3XBS
zfI%+?7=>k6Z0xI603<~}=d0pZ7xi^4{Xuu{($v)xNkk4}4x(FgQ|^`R?&q~3$_0S<
z;MxDq0Qu|nXg;`y1OWNUJmM$(1%C%TB-u&23xEB49$&za^$a@hq*tcpGhqR3PwnP4hNAAGps|LlpZpj}FOBUgD4Pf|e2h
zBTKRm^bk0h+x!+-RE9IZy@5-6rbPQgAL_EU^6q;6-CKgccU&$XN+m5Cc<330lGw_m
zyip9{T4wn}4k^ZyOKKf7jB!JH8<%8VMovlGB#zdf9_HP>jLZ6_e(J(0&Cm~O@+br_
zhKwJME%;`6-WFr4UAx=|w$uwFlPkYRiut{~wf$2M1K6);XgT*MX>NbyZ(*`;j3@#E
zC{r6pX68x$S6;)ImFw&r0%24@%Kkzvx6(%RR=2>177oP7$9?;?d!tKm=r#?L#O&HM
zb!hw*(G7JQ-a1;*xql3KKXiaaJdSUO1ZIkH`g9~|9l{{S(4!hJ)Nkg|5Sl2=48+&k
z6*U#1>QyJf>;V2JcN|eeJ03cQEK^{(M{&dpyy<=Yxke);ymTR#x+hi%L*nVnW6Eos
z=J(_{i?6J#zato)%-?y`u|FgOvnR5lf0H$em
zFbme=ys?AZ6Gu`KdwOo1j*ed7k(9qZ+R>tAUIi-J`KK+9R@r*7s}n85^nhfS5tDTqW@_
z@1)y0#)5?o4JXPykwft$lV!_z^9HUD+Z+ro8FUOR!9P4M_|hetX%qz(XyC1q8l#AX
zhi$_=2-gf$QAkIR!DPLbBN1>sa)UpO6LdwX>J8e8_`38KEw4NVO-UsMpEjuLB!9cG
z^r$;SHAyfKyF+!-n9NNlIx6gCIbMzpH))Bn9oKr4CWq(Qogm_KK^@>yMAXlttUQr|
zHx)E$Cwt4$J08Y6OF8@C*$ga7bO`Iac$RZC$00B~XFY#IV5k~t1EamcdqLuX{cS9z
zw6vHBo<+kNf)na2iV+wUS17Z9J}QMUn?ksfcr3%ZZwT#dOIQpbD7}IMj5*mre*}w`
zZy82e>)ih&*>1>M)W0p{kN
zt2|6Cg&2R1e-ru4zt5xril&c~-O{62y&O|&J#5ZcLY<+eqC9j*Nx^?I+u&dAbzm9B
zEfo4|^m&`@D+sbZtd^9n%>*{~@>Y4RXpi&AN8H-*|6xbb9;%WyYWzG6YD{<_8>)Z*
z2ckv`z+tLn%rP)9k`SsNk!|Djf{n_Mv14M3d#hU6gsP)TRAd&H|~^DY9%OgA3f?ONyKUW-^KOercg!iM|U-$n_)GSS<3~PY!QW^|(&f
z{Skk89SBMIl=_4bD(FEuZKa6PeCIH+N^hVhbb3cnDw#St4QbGJtZqf+{I
zhQOacNBALllq!xP+K&Y3_dQOI2LM?7RJk#e-mSbkD&`2&ba)7gddnDg2@|nqz824%
z;U4$Qz?2MsY!;Sbq-JoPvzvr$$Av%TYOC$dMiu=ryi>%7fW>wM$J1X^5ds03j-UGz)7ir
zSqy@iJX;P1m4Hr?=-kju)~nD}lo7b%{Du37?d5U)~Z4d)^+j&n}MA
znaZrY^@8H_rn>&H%j^BNX!>j=QH+Vk!kk)V=`ugqXdKG>bEfvVuTcJuzWdbYw%yu1
zFnZ~cA$S`QnoiI?S!MZ-QhcujQ!oYP6J)NbXB1Zc1czWAuR~6JjPWN74p`k-}&gIs*0%BFy+Z~5okd6WT
zy+5LyaAd}(T6IEIk+2VXgyM+v^vAKhmEgoS$lmaNXi5f|b=F#N;!k$%J;{;BRQ
zli&5b0hN18j*B_+NfEGY`QTzs-}eo+gT1=*z&L6gQ!A@bs)Lf4-e)6~J9<@IWTDV?
z8F}l=!^8VQ9gMq@nb>@?nyi8P!IIm&E!>$DQIYkxtKdsHe+-oipB;rRU7$N`{3%VN
z3$FS2j%1KeuY=FA8(#6kZb7`etkm6*b91?yd$W6ZIo;D*8qLOf*rla4XrF?|d-%Q8
zVKTC!MCNTVBjS*yJkGHuv8~5Cd)>=CH={qFzW@eui1$Tv$Q9Epf&nTYZPer82N`P~
zWZ1^%Bh4GB!4B2o(;Tkv6)n=Ey)XAK=Ng{QUcuyFTC2CmOE(PMpLb540vEJsNtUg7
zT(B6}zhGEqSvcXWaPw5%;=?n8*bP#1@URdAa)1
ze^B@g*E4m6xRF}Ig@`&}Mm?8j_u9a_4O^8q-k{RL@syVL;^SB8W0$a;WH^t}k!PT|
z2T(gjNmhP~oQUu-*@mA{jUV#d;1TcZXaC3_6zu5jOo1h}ZO
zn2;AxmiV4;jgeJjq_QI)4gPe%4sl>n9EThE4|B!gfs7EFg=4lJ-%jN1j*5NUBR!ti
z^37{YWiINoZfKTUiw0WaEH_Jxw+~^d>2GxOmdeE+t`^9~Sg2UWF!~HdRy?t9zBq-c
zz?KT!*GiU*gF^AWyJWQ1V)AyQNptQ>PQDsBU;Tq_4t@+-H%0=Omp#XJ8OFc%zb>1x
zr_%9dZ9<7_dHVU8C2B6!22}I%`Zi!LJ6PI1v@M$=stL^?`Oa}OtPy_Z7cp&Obu9Nt
z<0o|QZD0lz+U(6A&{v}(SF_6wa!fV&)O~mG9}q)7f?Lh~hLvHWvgBpQyzYE^%cus*
zmx^JP5LFQ^E4Uts;Q66)that(kgrAobilKI0<|Cp8l1h(R$XCr!1Cs_Di}Fa2DMQp0b7C8_h&+_
zM^A^Q37OSxb$^4`0B4eeg<8&w#p&ZZf9NMg-(5@P-
z3x^MUydlXXe`B=rm`%4o(JWvy*ZN9JfGVY#Mw^Em+xHLL@N+d3UBXPocsmjbS~m{Dl_=fcVf5X
zN80IzUY2ke>*^HW1KPwB4j-eA=2zz+_KOTkc(R-cX<@kQ$!S^e5Ge&n7IyuZE)CC*
zO<~U}@0so2Hl&%9H6%fWcGd*ECl@`qZSh${9*iH%w2W
zX-N-aYjb+x*(NqZwPWd@mY~EFp+J7{69oARx>@iVpTH_S8_c(XSjf#A)a@=RST85!
zsd3Ex=aEhZkK2othbL-tEU05glbH9N;9-;0id+X9wRkeP@k}yq7u9RwK7G@NTuocd
zmr_D?nJ6ON%82dy3EJL}_mI2YRz+cr26DcXBb9f(bdq<_Q4~Tv_+>6Bj6;aOj-+&2
zh~0oXMSvcT{?OgH<`iX7R>R<<_P)RBnd6t$QT`!ju~
z16obc{!A#
zmcUwp+}i>1w?}!BLC;4%-E~t>Px6D
zo`ikR4fY5E4%O{rsz+~Od3a_|8*;hr#=f#WXcK!F%qV8bdB_k@udy1gE
z2l_dXtM;WYoyhazD@%PGiS$h{a-K5R2-l5qoTK8~WJT*k+mALMI-|GL3%fWH+VVr#
zvv2Qe%%3ZpCdx#odE*WIqHCphuQzP9QLl_c%En43-uTJLw9{`#_WxrKAnJnKu$vJB`0WPo{O#
zq>4M*MmrpGGcx!13xa|5T@5lPBHqpvJiOG$ij8ya8Sg2)%EsC==4
z%ooe(e6f_27fXqCv5Hz3E68=RoL-l$qQw$oUaY3(#Y%EsET`wiQi5KrqUgm6l3pyO
z>BS17UM!{R#WJ$a;@Q-)jy}hlB@6d3v|1!eRDHWnWmdH7n9Ix_KDFa9%a_XeS-y-B
zW@XvVkIQQPTe^&s$?_szbbdqS;oK2g{qG{V+p2v@9v|uQv?~E}o6C`eSwmEGrfHTz
z(?ld~{l4_u5|RTk-GLEn$0dC15_Fc2boV&(ZKYdkP0+4)r12SD5w5~JIMqtTgOXJ@
z-CxtcCwg_*C&NRbxp7=nOYx8*o#o@Pw`~1dO5iiQ+puIifK__tfx!BOn*f*d(gfIt
zyhxU&aS^JP?-Tc9K5^QPPfI^`GuSwP!xdN)rdhUmq0fk6Q6v{jD(RN;%Vhb?!uR=X
zd5X!^nRlZAFAVYMj~)bV6FA?qrJudYX?|Z(`trh;l-Q5Z;}eKbyzSmYLFmDqJOAq}Ub3Aaq+WLRyz$Y?iuZf=t9RRnSB){c8tUi~>bg36
zyvqd4vn5gneOw0K&a>sCfiTFeulg`?l3lkq6Ti`=NisSktyz<-c9(LUj{Ga&+Bm}Z
zrQ^JeKfhj_E#<`E`;yash2*eQa9Aep-a^=2E$XfibeD^{i>0@;i>24Ji)Ht;i=`K}
zi)A;pizQdJi)DAUi_R;M#j-2c#nL<1B{0BZ$;Iem`PJuQ`Q7JY`OW46-@r*TxBRDn
z(kz1~7AtT17R&F=7D+aoEaz^8Iwda_Xd0OkJ!hp5;aSEPvW|FWah@
z$Wx1z^2}l>H@aBLjxKOD!}{%FD;LXG`*N;m!E8~-LBAB%>YpAo!xI>_HPVykPy}eF
zp;gi44U~9rjKKt=`3(Jx#pz_OosnhA>aAl?4OZ79-;cFy6t18wQJ-Ecw8+2MJe$B<
zW!>Cld8NJUSgUqcmYZpx2dEf0jbU0#-A1EgscpqRhyt{zee|M)efWH!C=5&hAJA3+
z6MAnjiN12y4|HMgJkwqK2cz4_jZmWg&K47mGC!pj(Xn)DVtfBgt4pqZ7$2tC0QfIy
za`wcTg&2^#PK9FDi6tLItS?-maSz!um+1u?$^cbYYzv0U!mX5HbYv}E)FW)NTT90>
zr>2SNn&y-@)AM{{92sasi{Tuk%W3*|(c@MHFu3TD;5@mEuhD0bo#3Y7x6B7wx299H
zd5g13^4*CS#QM4pwJU1B2;(LvWy
zQ&Dk%+`$y2l!Zn2mfKWp|KktM9Q}oS
z^K@&g&vq?jZ3~SDDP9zw+3a#Y#F+*uhSg>9`vxjummHLpRKv*%FCGq|8no6#g<5e{
zfzF1I3~bYQBwxN%KjCnY5gRME=`bW@*C(?nt_RMHxt>}}`w3Gusq0ROZ+U0^dfcol
z$ves8kuixH=P)A`d2!Qh73(6RHbdo9+$csWEO-ZqivOXs)e?U0TDN#VK6GKHUo|3$>%^=^(ltU
z-~$=dm>EWM0QPCD*RpXMPWf-
z%iN?{0e4F2xyy0xE^(LPK3g{lIgaMr{hv;vwYSMdUZpbY`($&?&I8m5G;p14I-Lq>
z(qIpUp2kIrt}>)D3~Za_+C2i=U?1>Y>S=^>$WY8|sV!4r+<~F>m9}r20!6W{4(`6V
z6Qsp(KD|a7oFo_V@Ftq3rK|y7tJdz&p2$7Lk)%H2SM59l7BtyH=|*65-luzPkE-Y7
zI~swq5;qJb9fX*|b+@GH!av#EzNxsiT}%ST655)Y!@%O8vcE84Dc+aH+Dt$Ytkak%
zqYZdk@>*=!7YinC0oX%?1?om
zuGn~@MDrC~VWsZ2xAwB6!nA#D^Gj1SHlokD(;CKpW?|E9`^+MuUlw2G0mh*WEGdZ8JL2i={
zN(H-Il3u$eyHr$PV!+k6t}A4JlKA>YyUn67YQTbT3?UU-EBEvaDLq4zB)br^W46+<
zQrF8Ir7HEBLi=8I3MtDPLt{v)
zfN7svvtx9;hqFLI<|Gw*I*)IdB*-WhZX6DR|qKjwSEIlr7j^3XfoPGQL^z`WM
z$=P6gN7y=^05(9CSvWe`+>Q?3{7jyE`*@a?-u^@)BDU>(UR7kloQZcBnBKmk?7)eh
zBeloT&ITtFicK@*8`H9)Lxo9^PAN5mZ52&1aUciL?;1ZS-
z(1tlf%kz>Q1BonOMJB!K2yJSCCx(lY6J?%I12K{KGyB2Q?cHD`VJk7()G#R^I#@oxa
z+aO^xB&VWq(AWyah7=@?_=5eAichfd1bzMpJDN_3X?{=0L~DH%WdokZXh9}Ik^KtG
z0xkB)^`u&J7(}c^yGmT|DGVqH^IdP{I+Haw(rMkSp#77MKy=VCx1*HAGvuPmd@`qg
zu4TDxHHvAdI80j$Ri>R?us?I!;Lm}s#3v1Te^ZXJJd1xGVPkLbgr3~=BJCW-nA2lY
zaWaEg4GtmmcRlP>$DWI>F}0_8lG-ZZVb+;INX>~(8f4nelhKH*F8^3#D&$BilNxi1
zM2G8}9TMiyQQn%xV4T<#V2O0WM!Rfc}zXPtKn3BxsZ(T{ocEaa#
z@-u62hta&K`SEl;3|a|+e7dd0rM5^l9&nME+yP|Q!6ozbh#g?@vw4ABK-puPat6kn
z){*VH_-SyrpPq7=Y{QkZx6pV(-kd7q#;`FMhIv&oPo?fQ4+AkgsG6=zkgu{u=Ws;P
zpsa};u1ILnL%2>pnd&ove$o%rD;`#VG>wGo^t^#7DT6854pEr~u`p+qaa=>&j)xT0
zPcHOXP#Ry4a$&8s_|P*Rd}Gbp2~%b~Juqi)EcqGX>^ZWOZ@*O<#=bg0BXRE?jeCkzJ*;}-5|Vc_^3ViF#w0G>@?Y-1)3Qk`QfZxL!onY?7xTh;
zV>q;02})dd)hCvQfTK|{$LN4Jt_X}Sp13gbI31-f!((8bPUb}BUpk~WKyi#xYNw4I
z;`bUwmd=s|N%Z8klp{{ft9A1GES`|b;9k4cvu>bV=ToDEuLaI|=f?Kv#v~unuD?%y
zBe*&2IYPT?NHqb}#R#C1^ddutxD|QrBSU|5(j?Fk9rC6LntR+#s^O*#sXO23*+?CU
zr}Dcb*>KuQy``+VJkAteBU=S)?rsnf^t5}!x+STaLp
z7A!ko5uaSCL{d{4&yl4rq@&!}0>=k6+MyOX@KM}4H5AGm$I!#JYS&|@dgf`wfzOC#
z>7XtGaazRZK6?IWy-!zZOXZeWJdEnC0arxNK)qKW^2Zn?#!ep&l)b8``x5gi;xWZV
zo1~e$n%?c7{(#%3-gq2*6}>#W`vx8#wL_0ReChedvdkf>my#V`EQ;H)a;#)OuN7*<
z$E2}KqvKB_`B8i(*_@`O`9O5#Ll8YK2K{;B+JwP+_s&C{w2xm)
zoXn>d$pyNftGs(S>p*5qH6n6Ilb$T!0
zFY5pewvgXwLhnVt@n~M2aX@=6HbmX$`^4`KUmu(Zb^Pb6{nLHO_n(_^LP15!5}xC)
ztL8A9Lt~9=_Z-emgT0e*7U|M-^+1LVpVc^pJ3mVVKX(fur?t@|x}<+3zU2h%k?U^d
zuV=baHL)6&c)b=^WM)Gmb^_kzavnpjjaLXBeSdHYs|vEND{+yBY~pzg+=TE>u*^2f
z>IPPsOR&7|>i8(Ba6_%5L{
z>tIsffTY_VdBFq#(JdOsLy1AaciZu-VhO&VXH68>WVzd
zbyZ}E>Td1yr-?BnHsl~AiCV20qJ_)9v!71^qn+k9%s!M{?)X|gp4V!>7mh>Tp71tZ
z`yP{hbaMFpPls<`{vfW)i=`vM8my&k)aV%v{Zr!c;9RwMK_!%P8%Fqv=f&FH9np#S
zMaEvO#jl}_Q-BuMj+w#L-pU
zMM1g^SOIQS^2qwjef6D20P(acA5(NcaW~m(ObDL;aSni0<)^P^=Yo*((g{h>o-+uHc__jV
zNNW!TxvGkXm)7~V!x3Jm9c-lRHrS#(UunQ<{}$jTc^t<(dDvQ9-?YH#uzCWIkb@
z)5*jeGxFQuR%l+hm6(_HcV1=m#(z_~q1wk^B;zwY;ijD$nXk
z8a=HKXvZ7x`MTNQMPpnStpmGg8`(v3XcvvKMcwu@uY$&CFPg)>Xc_NC%YZNHBfe-7
zw|QBAS8sdEl6juwIoCkviFXJRtPZ^#(RZDErv
z;UpG?Z2OGHM&`Mmp-vQSB+)_;4RWXxL*v=s=oXFrw(U)03tlvbvF%lDm>M*4=={N9B})uab5H9?b07
zf8@ktT&q}>r043WxCwyWTOs?;oE}~=E9%*={BsbR`%o0bZT#n8)<>_WaTNMyJSKzubbZmQYem@hMK
z+Pi!QX})FP#YYxF?y(HKt&O8w0RIlf%k6C~kn0Mz{*#En%JZK^1KqGdvjvA)beW<>
zx``oceB}37b--#3Xe`zfa?2!Lr#k1r
zeN-KWmyIff4+{`T3+U^iDAxHi(IbTdM_oXNRD1jWHK`w#I^GJ$^d*6Gf(liW8@{)|
z*c4ewQZL;PQM4VcXeSygT1Sss#oiiRxbXNg|b?p~~wwDi+Ip
z=nc^XKOtBE)dyUNLexPR93-V3vC;s6y2{B}x%K-k`{9_~rsH83Jt4aVoQXAgi?7cr
z`vLK4Isn=}U=EC9V&AS~KwgsUMb8vQ|FNk00J&NnB*e@2-{Ow%#0N$_Puaeso&H{b
zw?A0dRyiCGF19x+a#gt&!%|P;jN%%VB{gg9d_8jB@nlR;9eW~Dr&Aia0LSJ>JR~1w
z<;AF^024|$hZydVj!fpfM=+b{MEOG+VJVNH7!_xJ4yUAAIncE4f$Zdt;w8**$>EFj
z1OgRX6@}m8?Ec=FK~jk!;ojc2#}zAwkLKsNdEpL$>Yf_Y1^N0ize=>uq9GcILQqhE
zfu4zgUSDanD;uLA#kZy-fu(sEbStre7nA%P(PjoS-X5JEFcOa@|9Dj@ItaBeEb}VI
z>*Jx1Q&)bzlH#|N)hNxK@Gba`*%
zjxN68L-@P4yz*du87{4@Hy->~xO`g;nD?2Wp(qUh3oWMeo_jw^vd__;&-?+xzju2d
zTu0$nI=mvc@vz*kgpKdMdlWuLhwoO}9g~aebJWxeU*8$D>*0(K7k6tPF7Cj|^OaG4
zR$xBBe+QJFri%@g?7*in`|Obu_b5YI;zTXhkrszw_cmHldq~07S(dgF5;&F5y5{XN
zZYxu*yQ712r&47D6nT5n9%RN(^Ee^06EIsINUI2Uiqj_@pKL6NW+xLT+$!~<$`S(p
zjj89u$w@EC&Z=&4=u*dd8>`ND*6y=_p&p^=W7137Al!0t-utMUM^^#2I7(z^WJT>B
zAL!8Wm$E|3*mJzmnV5~tP{5#@;<}U309q`r6u5g*GyZ{bLLx)kjReE2I1k+8&qH_Q
zn0bOZu-ayQApT-oQ`taQoE&s=D?5vLS2qcIr8qn)qEDd=AsRkTDD@jUC+F=bI$T97
z?bCGjWixE;KR^0u^ROB2w8DeK{Wm*kZn?ABg5P(l;ZHjtK)gN*;fce|y`x{k{paE4
z-Y?;gJA2z8L;QSj*le}5xc$R$=heaPP7`kJ>}~D7Cjahd@H$9#;qK0>og*mwXrJnp
z5_g&{EVHO}ubPKjFX0hUbM1vdUL+=qe=>2Yc3PcNHv398(L|8E`b?C)VO
zxAynY`}hcit^LCzeAN_3W&E_$YF5L|!<`lm-1EbIs1HXUUfrkCpn$z57l$+BPoP^I
z-gw<=+SYA1H+P}X7M9|^HIu7K_5Lj|f+G1WtgHAcC==#X7ODzuF
z*U-|(tI!2$z~$FDk5O2q!{;cpkQm6iK+fm5!PseC7GV-m3hI;RiN8YunQ7$|lOK){
zML{Btyw1XLjFY_;R3!y`ucrdqx_9{G24B+OEQ?|Zq`%jp?^gMdG496p{JN!0lwBVlmvUkfX
z;JPX?S<%dSMEc)uwzdv;4v^6Y2Sg2|-+HUDAgaREbn(Vf1vRQ@A3@&x?yhX$KbPL_GO1?I$ooS7f22f0{W`()@{{;H{IR)F!Ts1D^1Z
z+-D?-JiEFLZ6~PuP7ZW*QG!+3lS~|JdspFk!e|pxlselIqk#wcvdvaH
z)jo{Ziw7`rXQD60=Ow*4D|9F_w?hG6sDD?a6siKXw85rRmUFJ4*}-s~E8(&vWipF0
zW)=?22{1qx!woPCbj+hrrG+m|p-lFsZPu}Om}Z=>IucGBjp;~)ZgSXQG{i~lO0Lld
zemiIi9QPegD=vg3dOVi~tK_dvu@W%7r)TO_#DqXLI&L|k5I~b87Dc^SD=`4mCCtA!jaN
z=Ak>UA)JmQ^2CNxP{)t5g+sk8lTbJ`NeWb0MUo#Qpi_o3Vimk3*2FS}b?ssi_kT;7
zf(f`y8hW0L#;E5PjUsvZb$fJf!qZ|bxEpFgC55`K24~jUh+&-nDFd&j7%Nw#Sge){
zIJ?SF)vE9!>{HAR#p(}-y`@-CeGx?=2j{LHj
z>$L5rwX)1jQ`mCCoB)LidJt8!G}F1h=6B8}efjvjzQ0Z~Z
z%w?J$!?H#ep#{rh4z#(Nwm6&ojT__2RLqGd88ZzeeS9o9PvVQZ=GiW2p0K!Hia}6)
zSfL1&!~E6@1Sh7!Ep=oXZ7HK-M4|9`ZkIA$;+M7pJyV>)@-_yiUd!curpPwac~yFXp;xQny;vMS=2vCPaKtARG(==_
zq^06HmklOM*(8L-M0u-g2nXS&tRC|who!2yl?&&pg0{wkVCaz^%Q&+dixDgz)>vHeb6Prm1VAEGai5G?rWH#W2Xjdcx!yYOd;L`>debnD
zFLqXTt{^$QT{~`eCFD2-3sc)Wn=khETSq%vEsnoduM!7>(k)f5ytOEl6luzq$$&5h
zL5QAH6ak$|+`CiS{*O`?NKuTT$5;%4UMlVpZwf)I>j?u5sRgG0hZAQO2Tg;f*s
zjaZ5#70J0JB%?O${^D0bOoBJ>L4+|3q3)v`r-QcS@hI&~7=8p@D^}|(7&62`541Q*
zj+k<~fS#PfAEgtv6!$rHNBlzwr(z%m@k%|&Z^dZtxBD^6;j#~#NO;=6P4V#v7XnD9
z*tD1>Fp5q@!!iTVc{RW>s@Ea+9>xzfXF-22ued%rW^d)IC@5fn1`1KZEFS|n3sufARM;nJzIYY<&d%hujE916aJIy
zwHrO*mToXlYo3Hb8@J1NykjEat5CeNnKuivqF9T8i;yS8?9nohri>K#j(r*vJw>4}
z1v(8;0KED;Vsvg5e=&!M6#ehS$lP#Gw!C_@5vr?Z;O?3ki0<#EG;B*%8#Ye|A&i@k
zIM_$fdM>c809h0RGa_o?duA-M;i8KGjDL@?=No*ALgxx85}%Jp2&L=9uO0-V77XlC
z)0k9|?i36Jp0#}srXN6QD(-csqENl_uH#n`>`N#W(zs}TLCF0nLLntQnzW&{;rAD3
z;~xfVXQ$nIe_R_zqxbdGs6NS_Rx$ZipFt_newk$n$3~Kl1x91C`shKQX&|G;kQr@r
zBy%759e_o27>iRG)9S!_ZjcYii8_GP|7;!<|GPg${vS5{^LCs-uJQj^URi$_h7TS-
zSYCa&4FAEU^#_fI3;&PL@mctPEc`zf{vV%#?iT(Z3;&OW|Hmh$yM_P9M~~etO99lv
zO={ueDG%`Q`wsp60Rto6*9Y~LB=#+JBT;XWw>fl^u;waDa^S(BUZ3MS;sy`|*7HGYDC188)MKXw_BhYP
z1EW4=lQ)1@1ILHO0wg*xWu)*G%tkhcBBctL%2}GeHvngOEKAe}StYfY<=sOgnYS{w
ztFTHa%R$EcEU6LfNR^$O0-}U6x`wGS=U>K-Zi9||HN1f*w-9rkq|bvQw%@3On%zuR
z(+PC@eH;%dtP8tIYxU%+08B_v=AvV4rvkbqYEN5FJrK-G#nZ7*WmVrqc+!go?`s%Y
zps<{ABzU~&qoCOsS=)v)mIwI|tqGPOLSLq(keL~t9i=c&i0n^MJb^#Z(HIj_uwF!BLc1Ku$pe?7MgZNHB7nQJa+u>omZ=
zjg#PEA%zBK+s(d%HUm+`R|A&o$(X9MGKz;0`GyIMv`N;Y=+U_F_$3Bs3oxP!!%Ds2
zG_!?c%QTAZjfXf_-Hb8n$&Y^$MCNrKYYygoozI*hDsO(v5Tfw9k(OLf=
zeTwvdByFwVULEuGe=931jg@@-SL5O8LjU(UJ`4TdLjSkW|9u9!Tj>85`oD$#?-SGA
zLjU*CV|U9^fYso!G&wu^YdxpCqihlDHwgS9_1@bW0l
z4G*YW?#rB3BM+=kZkZj*>pT)If})wj`Rnby4q@!=XhH^a@+OazI2vg-0M3gwIfX-Q
zR%;-z&)e+VhB#x`LSZKi#uupsK4k5)xNnjRKjs=w?zis?I%Pn|_@KT+)E$WbI-&08
zfc!aOH9XkXrx^C%<}OU(9JX`FFXM4|l2!3}xVaVxY&qvHcEIvw2<}Js@i7{S*3}>#
zT=gxMd&ap#L}y4FxCKr{eWRv2#2h~FO-^8X%}lP$tDsrQ?A!b-sDBtZe#{0K#gvrt
z-l-|K>cQq9d}MM-oWLuH^(wJ8Ah>ljdk6nkf}j+!^dwC;#sc6zoSeG4Tk^JxI!=SV
zevmGNLUKArSB4`EtSSsd`C65rkH}=$P~dr-BZ6}$dKay$lu8hIn&u))E-A7I&fEAt
zquEp~WIjRNSA&x@?Zq&?6!};UB$r?{KuK?aSCDS_M@VU>ZLb6%M-i0>H9s@7Au1KU
zYckScyRtLXaEX@BreC0G4J`hiILaT9PSiY&dR27j!dLpyDU6yx1eVh_CUae0TV1Ja
z1mzWe1ob0?F@)2G_)T52NKEVC=~aH(q7BmH+B6*{`}|t|`QkolZbtj!dj7?<+a)DR
z*)O4D-HT}^oFX2~?b-BXwfv@$#&C>y+Em3w8a}G&3doeAkU0>cn~B4+5f{h@;eQko
zjGENV_)&pI@NsI}f^sMk?Q}8qpiGR%mWA3ghM|iobZ%w+!96bZTh35Zq4x5#Z)*)k
zRI;zg>cLL(gf6c>d|0J_H)KB^#HZ~4#;LQIMJbxsk;#7>p2h=AlGVEk2@uT5y61z-
zIk_kh1`dULxGHfkiM2Gs=OEb*SWD1mF#x3N{ChZ{XX9~X$wh!=kthNghS=kTWDG-4FMNk%#0*xKYEC~A%%vmcVQ5?OW~eosQ%*;8)pGaL4o
zXMQF=S6G-_hE)$&aNE5i{eYffvv@>m7Ieao(M*H+mICXGY*vw9oNgynA0@Qlg3Fp5
zJ_<&0517A@0FXbB{!)hC;+5MP|3CLj}d?n*p;y6>|WE)7%2j+n)we7&!ay*KL
z$iLZlAJax~VXOnf;<-^l+7Z@vLdvbtl_YD*rr9k>{8SgEF5vrAkiKatB)4G@ek6PB
z8-)hZj@*|_cn;4QQ`p>OXcr{&V=Rc7e#FU@+(qd%*`!e_IIKzRr7Noh8lE7Cl70(p>3q<^wDbsYz+P5%*~>7XJbkTB%4`P>JuP@Y5HXH+6FO5l9+}zm%74S
z_&k(CB%Ds*J4QnkU@%Bcjy5C@(u%A)xjt2q)P_BQLYf^MUpkNg-H)yUFJ)I^G0sEE
zz%?QUM7Y5Uu`H0ZKp?O#`n-I3fJO-48{=rPT+d0`^*x(f2r4VH0_5dE?e)*qaC7Hp
z9=QG1^ZRfVV}pAKk&{m~#@obPnKCGCHO9L&_+=tfo-lKG4!p@#U4X-CxbbB@m(iHW
zU{=u8s)yNI$aBUt0PAwV-%VYaz-qrO$PMQveZw5Z?FsAX-7#U5pjbGbQLRW{v?qfxDu#HZ-{vAO-Kwpyjw%Hf1$0nTp=A}jKs
z4Avh=FYrdsChvY6)Cb+5o(+Sj(_f8#?`26y->PAtYCzO9m>)2D+1HPjtL(h?^~#!a
z502tb{{EuMDa4<=U0z-J%lD0^@O$*+@2}v`F}@Dcr3ZQ#ET8sUSr@IfbBT@Ay!eBeu?j)M{`FT?xz(8G54
zpdCJ34Ig|LuIOv>-UBKL|KAAL=}V~N8p6Orfd_Rc30@1kUHpIJ5kAD<`AumcUy>VZ
zbi-*Af1spQQ_}SR!{rFyTUn=nAKFsglJ3@*xTG~GY2~|o)hj1dwfyMhZ-*5s=UXhP
zrfpiE*QS{_ihB3p)=GMKYb8CpwUWNOwUVM+E9vCcN^0L)Nu66ODZaImy0=wQWBJxf
zYTQ~$D}^PkbeTU9Cs`(50E~5IEnICQ3zY)yOG&`~p(Nx_t1&%#60UZT89gM13tz&A
zC&)8bSHg#M19%Pm`vAD_(|Vn@flzrrltlcA-(I0F&dc80*f?T*jW`T-0|~Jd=^gSX
ze27@@a-04=k=Lk)g&#XkZ?kV#XpcFBe-qwuP>G7M!`7)HdkoSEs+)~~t@4;;SdA~+
zF2Bfw_t9f_%Thqj|L-CD|E(1G|K($M$^Y-+2l)Tl$VEPuz~qvK*rcb&EMtW(e@A2&
zI8R3DfUpYB14++bdjs#j
z=ahvpE;EWIq}RsdD~i7@KWl9Va$oyTjTo@vTC6zPq}xpdcnhK5GBuiF*OK-q72lFk
zAOoJ6XhR%gTx)3IgFX&PlU=p*25VntB!Z5#MQ*?YZgho|fS_0Vxc;e`1}SSeifcGZ
zQAoJkok{=1C$*5e{tj;}Vb9-j_3(WVI4wbg!(M!WZeQqngOzI0@6N|?WLl~!3bXpH
zU|vuR)oWAZx0_qRn(KDIw;v%534TDTe*m?=YA+wEqH0g;F2*z*HmOXG3|8o+vpH-Aw6sVHw1d4@@
ziYi%q=n@!BI%vI84@Kz`^#J36r??e1mV8EdJMK<;ioi=|M0Kc*f;OD)flxVTDKN=&
z1XIi5+NrqlmNoMBJjpQh`vgaf`hvF4xQ1S|X+;t+5?o<|0OrLLqx_Y+Y^WEPyEssI
zV>0DmZrxn?jOaQeh-!~auaryx^?^90FbbG7HYPuwY^^
zPUG-*atjCoTHBUyiVJW*BCX1vI`i8qR1OP!AJMGXIaD&6+Q`RB-^lVCF1*n5*#HWCXYgrtoAS%
zgb{k({0%ZH*imdawN^ZvD(a<3>7=LKV<#E6Thn+uJVuUOlyu4UgfPT3ikZ=IW?)}#
z#{?wk@^Y3Uf`l0WcXGsC1=!LsK%f_FS>MXd=e(ax1_|s#(D#?d$pTp2uy%4)!@uF_
zgvAv(DFjw%VyqV2Sx_Dz2R3OHkSFt&{$uLPa~!^^HZ}@TeN0UhYM|dF(2A=NuN~kv
zAXwv0AMz3w7Q}Rmj+!Y@7&^F4J(=-Y;uKxuLqhu+68aa^Dkhp3I?7Nt190-=#1I;`#
z0v;aXOj2Cn3{IO)k4W#G=!!Gi^pb8&UWZ8=Wd%W78f8o&-3g`5KoPVeNrgHvapk(h
z2syB!M-&eWF^ix;82?_1f>*}gT#}NTBwplUm}Ch_fLPQ9uRv!7n@)3gaEg+#-2)8q
z2)?{oow;+F9(##v$oBkN+=R;DTi77Ok!ZhjF{fy2MT2fnoEt$N!;COAYH$G3
zd?07Tl?N*g{dIA*zD%$>vxw^2C2`zOV$C2ARSWcyx9Oc$x9NfQokE_(F=_wP7`U1pnb?ColHf!7B_ythLkh
zeS*ROxr$iEQAWT26JXk;S`LwY!7#QdLlv@e0sMjq2!NeA1~$|M_no3Kqf!QK<2@o7
z(Ft2my2!xATRp-oZGi+Pr9xT~Fw6Q9>N{`78EK+0jFKzKTo5u7n`;_o#;X?fgC>tQ
z;#Ac@U_&lnCUv_0x){N!gn;`i`dUADl@3x`8)1zq!r&ToJ|&A5)vM1AqF@hXoe>;%
z!}sx31}~_#C^;RZoZ7XtU8Pi=9!
z>a-pffIWYiS9tr7x-Le_GGq~+jwD8u0bGaC-DgmG-1NuHJSJ
zyg-R6DM$I#3#TkH#^bq$Lq_y807YjM@SAzG(TOl2p-wj`G;|%a9^ap9ijKg%Iz6?p
z0GGx-M{PC&hP9)BwR|!zblufE@J6NCpK!)e05zDW3dcz%cvusvzPwI3PI42lwc3$r
z87YKKF-+N|?_mE>?a#2OVeXg9q(A8wWnS0JPxz?ZnHM>Opcma+=Vx0`jD3E(bp}PAzT7_o6`>eH{
zfAu4L8_mUqv!nBw<^P8xS4U8XTd3oj{2z_wwMNeWZ~ejY!vF8Hd=~zH3;(}`|KDez
zyM_PX!vAmK|M!XMZsGs;(PMYZQh@LOXQWAT1N^SQ3vju>3lRPN!u9aZ9s2)sH03-e
zLtl31hVFr+BY#`FL8O$;?!i%3)Bb`x;gOUWkeb1~A3BlzM$uQ*+!Hgs_7w6RPcLwa
zWJiT6B`8TxCo%sfv=)mG9r+_Ol*wa`7T4Rp+Q@Z{!IgHK|pxg
zDbI|mui&qD)g{M$KrG#5qii5gfK2R!0gOyEG(b%u9qZZBh>oKO$-@3OZ{y{MD=@4-
zp$ZHJ0+W9-WC1Q|r^=L!ajbysxOi!-i8VM*h63~65mr%&UJ)kb-&IiNeIwi>e9pmv
z^E4+8u$mZtJe~WrO<#Q~+)}JMA!5@a+Y%_JGAHZhdGbI_-w@5QP#W)z$j{N$+R@B0yc_Lexi0EbZ-?lV!v^y
zgxD{;ZYd5Bdv4T^S^)yzKo2$opop*s|HA+3$W>cZQ0Y}1;W4k&WVjAQSFNGRZ~)&*
zd&Ztbe!QAagn42qilW+sWqur<9y*WbOi86S_GN8|)|1jt#E>Y*$B3}b%4)$G6DA1x
z6;?{z|EM3-`XysJ*~nW?_*062W7hD|cIlO4)Y)Kuma(4l3?!Z&NuXTcpNPp
zCEwUm?!`!A;%~zikqY-<5RpZMxEE@%nQ`<-9K`kpy8#Z#!a?3NcbCjm+9MHotrIqQDc>@RW
z;WAo8Y8NFmaEMvuY4~Va^M6&1eGVvHXY~R|vnf_i!J
zxq3_jc~q6Q!Yvok3I(&5(q1DY!7KDU!X&X)B&ZLwu-5o;G?k0br})g(|03kkEz~hr
z|4X{wWz_$!uB6o^v(OPTw8|(1(@$%Z^^+)bG4c>jG
zD2OgQp)yF%NnGUH25-E;i8jL)?Wkds0z52;x9;TP(d`_mfHR@%NzFK-SjpJM_hr~#
zXau=I<-L?0ahzq3(ZDk&a#}6e*3$PG1@N%!N1$0~-CqfyPhovEaRH}rfBhZ*xj$^z
zC>kvvn?l=h)j(MF+v`cyh1g0*+1HP%;h=r~^=g%THL|ZCtT~TNPM*Ad+x!~>q;$3k
zQOo{*hQGV^_m=zK#9rTo;cTDT-v{u!XMeu3uf^_TKUc%J*P!2xAFJWnFtYbv!0$2r
z+_7&b?%O}W>^PO|5^UGNUT9Urx_{-!mh}E4BLK1Y?Gvu$|KfLq6~iCf^rOQ+o;hz3
zx)@&Eq9-Q&1G@iSuD_zM%k=$?^J2Hb_kW`MEA;(m{LWwZ@arml-N&zM^!30kV4W`g
zH{N|fUk~x?L;BjnuaD^K5q|xSzP@%|hmqq3z%cdOT>M&s-??0%ns5-~aE`b@^J+Sz
z2UZ_$tS$F3U~EWWI&B`+mAk(+{e;e|4gQ`X?`75u)!-|smi
zoUQV;Z}EOSj+i*tsHi?)VtQPaOZLrptPlT{K;NKUPwtM_?#2uON53A(uQmGBkY5kz
z*DC+&+}-d?)%tF;)YB0ay1da?=5ogy5ASZ^*A@7>#$Q+M)iwCK&R-wE*9L!m2wxxZ
z*GG6&E`NvLSMn7un;Kyp$0u$2xpE3}05d?$zao><-Ok3{4$#zuN$SDCzCB^m`s>}l
zZ7erdR@c@aJbd)suWfji2@SrTyKA>oWl$qvYlLl-D87-Sd(l{fWPl*L=mDb6UvlQb
z)UdsX;=V3i70H+m-Y4#+KYspaHs+!5;J=0R#9G`AK#{x^b|rHZ5n~_x8NJ2(J~Xp^4+85C6;-hFZJLJV=xOg?Q|z(5!!6az#=;Ey-)G0lurZ0bmGfMuLf4HwWW$}
zI;Hla!RZ9glWvfYfN!*@@Xs_tybYE(6r;L~#?ol33ms!JMT
zZ|8}1%~rk5DTFvV4=sS{d4{;aSJpCP0&Cf|uE;jJV@ej8Kt
zVm}(P69eTWXtuUC51MbYWm^te9R7aEdV?XE*&}tVt6d89TzO#tmu7ry=K`t{YKeRB
zA3~gu;lC63uM7WC$UhD~<^_l^I1=Bi=c=soDx&&UStpO%33*@kuu~@ryqI)mz#vE^&`3X*m?LdJ!{5vS#Kc#d7a`#13E138#57+KgmTw)a}M?XKyq6x?P)5
zpTNUClMups=&QBKAQ=bw20&xWI|JD-8QPrlb~r4D
zZ8K;I!!Y)vk^5VJy9vvtBn57$_@kx}E(3G~@ELx*1J;5X}F9*D6Xy;*I#g`vk8=J$d0c*U>Z7^B)tw=+kJEfIN)?9yo2%4htAl3J2Hy4
z!$Qv!$_R-n1a|kD;S0pD2Qdt}?m!%sPr29Hz`dVApUDi*fh-I?H5rf*(e?zT5(F9HNMsgSzCaT1QCR|h$p!?Y&2e?XfYYZqo9+pn}Rw}L%S-Z{y3*Zby#ge+=7BN
zfVrU8HV6H~IDPkEd6~e4ssU`*z$(JV19Fv3MY&{9Ir>Sb(=*-Su2%T~c$RQC-c6Q*
z_b@M1H;y{(!XPuX-(zIpPQDwMaSW5_RN0d2NEB-NMfe6vX5-K#N->Ty#~HI+0y$iK
z&!P;D@KZ{gqe5)~5UxRqI{C}+Gy-Eadt3zpSi8U
zDP!#e9-owa&||`g8^AbeF4?OFI6}Z$pmboyic=uvhl9!`q_6yOYPuZ=NrjKS2TE`Q
z2)S|Wg`?F@~U6OZb;MOOKwHAp$`m4YYm6vC=2tPIaf
zC|jPjDcNlO*^d7#MLMTgGQ{~%C7#NF$m9wc_G0K++&MMu1a4z`
zv0#*5R9S&ba~);WyY>irSJs0O-%^2~9gRSAI*pBfL<1gQ&1{rvAV`VYAxk7iTEdK!
z(OIQRE-DnVUJ0h!0#Af>M;5=X$Al}Q^yG9uFi0Loms8=b%Q<3LS1r{=@OVs48qkOq
zvqVx}uuGa&pW4-1CH_jlSLixvN(^!(b{k<;zE1F~QWjbfL(M77NQTn0e#(-G<0=>R
z)cuoSv}ltiz(iavRo2$&S&1;f%$o)~6kWgHk?(G|K{}3b$%Wzx*oeX}!X_hu=yrwT
z0CcE6RmqSbkn|}#7;KNj6c(JxEoF|gg;QL61ldFpo@6T}3d6wNWm63%gC6Xj$OTR=0%eJ;gqtesG({mz0`xIQ
zBhOGe^z*O-PfiIG4`z;N#)w|D)}R#KMA9)jI8bXq{2G7|;zY8QF}{c2DUW=K~yxm3T2|r;y#8jwS^<)
zI$-RFDkEchPG&;dDA5zkz%xM9;7R~jad@r-7zboPI~G!~5WB1DcKNtF3P;7F0V1jP
z$g$F#%w*MN(5v^ERzch=m@b@Wg$M@d9*$1K$=HE5H3}_Fo{P{bxFOQ%D8gYv))H8B
z)`-+%C;>8Y5XcC#1Lgx3CPD|pzHBx!luWw$^(gicuJpvM)VxP)Yl>@ogNm58l#F?V
z+1+=XTCktCCOHg}{H*gPKFzELLjt7rXASa+b=9U5@hHMwN40UGZNq1d*$9gPhq)awek20evSU=t0X2GQh}HstE;%sV}%^CP?`~+!0Ova>^jE2
zV&p;gFeu?}xw`uH_ut?C4wcw%^mnS{YEUwX7BLy)!xbmPq9j&4Yuj{)X;!5i@Z{L>
z&~fSj(h+n~Od}ae8cEJkzWwTLZ56lg59|h}Nu*};znV@G+KgEw{REMJ|G!n6PI6X`
zNCaTzewc)l1-(IM71ca>`%p_aJ;V-Sj_YRXMpY*(U?ll8TRTL7!{ubE%QiG?^;9Pk
z%@7Q|S_>>(qWU@HvrjiHueK@yfmf)#5?1_OGPfoJg4pwv?8wHs-OlDw)t$dR89GLg
z(6VAN!xLPUcIPppaiRQr;n`J2
zXgIQQsYm?SqA5wzYL1|v3^II7K(s1_+>UP=WJBFL?L<}sIYdY-iuLaxalSu-0SfH~
zZIfR2V-TVTN!DkGE3{1_#u3|;IZroE3&GjoX#;JD!1EH!uR10q#1Oq?#7ormzagvd
z1mnjnWSX4=_MM^~$5cq$CQ%0&F$Sz3WCYWCuul*+q%uM^elNasTy}VNWbeQ7B$2!9
z-Yv1E(IkhdFO9`gQ0m0Uw);8
z^S}P>BI%6J{#G|u(O-YXCpzin&lx_20W+nNvFP$zfQwa0SdabqTkYGgf3;?PsHk1y
zVHu{wa)n{^@3yfBe!pCSXR?B4GVd99X!y5A?Ymz~G%wJc1ZrNwwA0b34|fm#7S;as
zYYC$uJ69N0(Y7WEx<%(`EFT^|<%dsaKTPIntSK2&;hVMp%Y_r>5}pVN1dtAWav7fZO=Fb)D4~7iH1?mOTku$qM+Uf8FCLVkH8g17hIeb>-FxBP
z`{CU_&fW-E8Co0LVfikliiRz!@|YS_=HZ8P3w^=Pd=uXNJ-qw((h0%`8j79y_>=JN
z)9~*1rCxeUY~%*7Y*xd&`{o54n{OzP+AfbWn}P+|0f9f^wXedv|5KU}K)LfM)!~+&
zln^?w!KN`3tbA_DWfKOXg%!nN`zxy4N8w!(><4HL2=4;3?~!2(zHh)#Cfyp|tl`zF
zcN=BFAvd-T590M&(p?f?Ar*#Du^n#qPSala;L&4v4r*<`?KIv_u-+5-7UQ)Qb8W?3
zTQ%2K&9yaiZH=!%Lvh0`mEdObb|Ur%1<9!5lY03Cm<&bh%69xL$&aoe!$SwgXkllt
zGsW(v=kPo$`z>2B=%|j8R)nKMJ0UKN%i21zR#u9jqU6rq)62WRt^aYib_clf-2{%{e=|&qRD^YIR+p$ck23`(g^6`f0W;t$>xcO15lW2
zvDFi$x6cRcYL*PtFn*CLbTrGdsHY}H)G&8|g=$C^#su9Dupj93ywYi->+nkF7m|$a
z#zQ!_6!}2XwzO5_cU>$wdS0F|Fxu!4#3D>!HB`yrk9nd-^a?B+%h$esP9p;hfaC=mKN)ERmO^I2|T+$Tv
z@>PgylU(I8aSnZl&o5Q^n2$S*n3{M)agW2-r#gdqB>V#5GZK54ksb5G}%mq=mp)*^0E)6YiSUvE!G4G}>P$DIqM|&uTfh;dqmn)BhVl{YP
zS4X;P1H+7rYa%{5u|)akHD&C~=;1r&!&gQQ8?dVt5lm+_1<
zDJz`(nU_2q_6+LzcB6%J7zJel@IlYCo*go+tD<_cb9|D(hT4VC)g8A$ZVdUxo}ovN
z7=T%Kg&yz-XpZg+u5@d>Sq+mMaGHlR;Fj7Mf9
zIRi<;20TeN<x+;mBF0F5%RUa{lA$f#Gk-FpFe}jH
zdjc7o3@ri}$o@>QA(I7%wez~Xi26fS!j`GBx!JvF>B
z2Qz`t(P0o9yeSietz&2>@gS$T!cjsHNp%2LizEC04+1;g&YQ+C6_%}TYa9zu8G=RA
zUGl(l3IJh7LAcQ&b_Cbqsuct_M{yKxk%^&jO;{frvkmFlBJYAA@jobCNubHn|ES#xgd3ss#VT{l1PvZHsradzI{1&vTBfEspHXv
zmJGTx$l2*U0x=FmPsdqxhdk--ONl+sAxAcB-dX!|giy-RFeHzuL3|;9LE$Y}Y;p{L24aboa0^0bloE8_8i;RlX4FQBR
zzH2zi4s8U*-Ra!0JC+brc2CviauQ2h;HdbFG74G>jFf(fga#&
zvOyV{v3JfJTfbj>f|!~GnrhBhCf($m!?J5CXd1V4Lx&@48()xiP|hOB_NE&c_r;`o
zG?8wOZ$LcACL``gG!8h$<<$ViCEEHEk3Wc_&>F>kO%FNkx#u1)%mYCgjar3@U=AR)
zWr1-ckVscb-^!{eO>&!(f6sK2D1<1`?3ecVn2l_noL?|Qv7~#ELo-PsTM{DPoGIFm9=nN^;i2q*y(PC7US9xy)U
zWqQn%@1!4>)ZB@{DVWt9h`5T$>@-?}R2Sz7>{60S2w9aY;=;I`M;Ygi9ZNEjK-iJx
zHk?J5-}Skh={T(rh-8
zOASUs(tJrAAp*2=<1zKHxCZ)^B0aM1)?CdfuJIn4$%bbKoaBo^4QC4%6O1>8-D;!^
zw)f}O4ym<(NaM?4EQkoUg;i4z#T%nvoJl%LcLpY&SjD2ysm`{AIAbyje0cdbuol`g
ziJ_z-L?JJ?Tp|<&k#5pR=5khXp=Hstv=`f=>6kboeK9E!$T11q*-1?TZFXG6u+K3E
zya??8=^~+bpdTVK8ZWL{J1kx>j&-IJksi^ajG}LlJuyF0e!{@$vI}tdX*Ed3Me^79
zEU%`JaDUwXv7S(&CSk8|tbvi9n8pz^B|1#A7MS@{qRtM1iIp#S)>wD+=_;=-Ory*O
zv01_>CtEeCZ{%1^@t02Y1+I}OXX42X!$!!7YTaT)EYXCnAR_h9d7X;IB2RqQMCF(~
z(I%4}2TdZ^WQRO9inv5UTQqI6xTdU#ni+K?)y%jl(b#ztEi`89<3(!=BX96riS_(3
zV4KI2%>x2Sq-X};$B*&n8XF{nNb39&rXE}P;-7V~C-Ggee0-x+jJI=ZN
z=*-9NomHZ1a1~)|(92g{w}Dzo*Avm?Zz>i3~_54OpBL1
z3IuxL6_qo{spqR^T#PYG2IY_@j9WEi(e8AS=2|5wc=_bSL&84%?~{Q8tqF_Oq@{;V
z#>C;c+7|T*LKr&AMtnK;F`s?MeRf3>8)kIUejD=tfIYH3lSOq>w+1<%|1#;tNYPpG
zvO$}|s05uqx~k=hVaVza?EdW>fu{=^PI9nHiB1`1P?PiX4O*K*xKpHM-_HR8-c}ZpL5+MDu;QR*~!&M96xn9))wIkZ_L!?H1vpTkgc?o>kSk;40e#bdqm
z#wd(Z1SpJ*PKOfmMaREBhwLw3_&RXzD*$kxmRk?Bs#BLm4|qM$Rp;
zv|f3LH;UEo9L1RQW+7<=N%}ZA`MhM@^Uk;
zl8H<_N}T4QM@su_peKJ^v`&;6)l9TyM0D39S#y~RT1yr%8K$mn&N;dx)JeMyk|Yu~
zsTuk)2}Ug9hZIaHIh&AH0#0j;<#f3fZ2ux?k_{%3tNsuVP^8+MoFL4EpJyI--C+mi
zKi-IVct|=-)bTpzVD5|%0!C2B1`9kqN+evG@F6%`z`z9ZqV;M(lIO)mui{U4D)dFI
z(V2lj$dQiH*71Sl*Ad;Ss^Zi?4w>P%K^-7Ih>6=I6QF%dWD2{&?mMeg&a2eZ`|eVr
z@KzIiR7Q(GaVwY!0kN<=J`MS(Z4^Nc6%dL;fbExw&S!1M0K-8#IVIX5t&`F+gK5dx
zp`h({V%WFWP_?WQ^!d|yaDv{MG5GPX7Jn&+nG;CSWOpnZBq{ck#DUl}3A%GghSatz2(mIfLUeaIw!Kg3B4O=X6q44e*(XBIf+RM-r~sJ`3{k3b_zE3SSt6
zRc5fGco;{nM%O6gv1&5iljngY0C&=@a~lg)u8>B1I0vWT0#9<==8Y)D);8d^HZ(>>
z)=Z~uSeKGD*lCY??uppNt?*kASmTp>NOD}GNP-bZhQte)9!DokcC^)Tp}4*1K4TZN
zLs1dsgm>cds7bC&M5`ZXdxqeqdpYGhjtRabQMGB180V)9h3@@+!VXRLJ(_R#BuS-U
zW+^|3d0>*5Z%1Poh)xnMffz>iC-s7GidDBGk>E)kO?oT0XJ|Iha`2DZTd^CH*$0Wv
zwF>6faaEoQ<`K3jfauqmUQsxTQXJc5^Cl4w?6f^s2>KaJdsMh3luF$
zlXS^Li5&QVvVO60R{Jc)V*%m(Ne$$oPM&}(bl~9u>M&BIsfE>8r)dfs8Rku4JO)Yt
zgg~7&5UikiwfG7f$`L)Z^SU`!VD3iPQDj7?lE9g_G7P#LFv?Jj@t4r(vb*D>lV(aO
z?EI|llur9B>UC=;9AArZVc5oi(iyprQVQ^Th2zA{Mm|ly-WUWHIaLoES?VnV`dM`X
z$Q?u+-Rr~wnbV1nLW$zkibxf}hYmvvWKJP99G!*4Kg-t!1)_aAdb1OL*I1z@9l_!o
z!JIahA2dJ+tOlyKyzI9N^p61wVhy=#S@R1N>gg)Sp3dr&6$
zX-eq5gFAF!coBDqpX^6%s9F{g;)D>&tDP6L-QnZLrE?^2;9{Hm0tjxH)|S8s9hkZ-
zRxf-y*^%^`vJguqA8E937J9S@*u^~&W0le9BpH*<+BrmW$|@{E2%`|W1&1prQz3?1
zSKtLsTlSq}JgEmwly@C(OmkdX<}`c*j5#$?41|J~4O0bR*6}BY6yhb_E-THy%b94%
zm_l}x$ANO1s$E2ekye=&F{v>|F9Y>enduPPE>cR>&Qjpb5_vz9#fj&G&r*y`%ZPds
zoC?DOl7}eh$slZSK>ZF*E6l7h3+N>ie&mM@L+7`fTjBY5Wo23G&IHbuISMr|p8<^%
zptbeiinE(~Du;u8Hs2@U$euu;;XFG-Gr
zjfZe~rDWzouCKw>)sjq!T*D{VN;EriWgV`pmtdkwo|{)Nd{DxP(>ma(hb3D7a^(?R
zc~p|=q<8UL6b!#B!OY^6!eo~Iz8{u>nkwPn_fSb$F&Vjj68}Cvs^vOP=3`x@-7YOt
znkmEfs<=+u#FlyK4N``VQ|An8LvXM|1gnIN%t1@{WX6)DOn}A#)OXh~yFQ-7)?Ef==yt<;T&jsq=ua!Zef4Q%UhRn74N
z;DH`lNmor&MlN$CyMjJ(D}Nd#)FTb);4H_c*;SGTPmT6FLHikwrJzP$Q6|-oU>I6M
ziNS32AW|}MWE9BOBVr|4!l@e!V
z`JMB!1RLvgd9B20S$^llEWyS@r?gcqZI$jn#QTrv{=*XIZTX!uw*-A{Q$GNHfb_Oc
z&wYo4M=`v3MUuMweeZ7k_kDOvS;oOc0)|M1fpA1>>q!hKz^S9aqT~&aP1-3h6HUJV
zxm+|}XEZNNE;Eg!qv=a?-@aXLJh&Ull?IMo0GU9Y3AH(cs_7U4
zYi~elu8(})RTM^<`rkR+SOYt$L%2D(4X8S><};mqf=C1Gx|oJJXB#KOm4Kn6o|}%&
zuyMv?7~^up`8VNsj`|ZcDF|rgtm6w+K^7v!9a44Glw+sUR2eZ>S<{a?5=&(c7f4DB
z^2d`*gA-VAHP`!%q9)J{A{R3giNgvXhMbe0D3pOJvxKc>1l@f?&X;I>pL)ebb~Nlo
zslroB01R|C)6E5?}Q%LeH9F{3haf!_xh-0j)
zS#|-PbaR_wffICOXdDN%p=H^Ofoqit$_91RQNXKBq7ty8!AL&Fer
zPE5Fni>zu2Vr>B*%0$^g{hcK|RW+Y_K~;#s%Ap?)>?_FuC}Bk=2cg)KtIpDJb7?y{
zlB}XLPR%(Vm3%+OSHp;XbDmGcZ3nK+3)g+mudsKt1g>W??k0T`WfoQoBd|I-U!stJ
zx-<4>w5z!8047)o)%86mbn4i10MK9zX%NY>q--{6jA2F67R|u2{<75A)X9KcJ7AoI
z;ZxfyMqeYPYcvakMVNqn&Mj|#S9N`oCX>ZC(Gb1A^b~9KQyi}@lFaJ~8Ai|yNg83n
z3eYNKF|vvPWl`~PWgyQHLD90ZP<|lNIe#PPIsQ(nDhiaPnJNgIrmT!rPQ55e7bQC*
zdbu7(=P?QG}_sc#o-
zs_4fl)=c3~Q^Wlj_vH7z9!3nqbl@CS$kg%v1a)2pWtXpwPuhW`!y>^mI?3b?f*9&8
zTD8#$!YB_zV;v%gRDHTP(uZY3#-%~Pw9rC%h-?+*yroQU_Ut{{n)ouAFj@QM7=h#_
z;u03+^3vO#>Dvb6c+^N
zI>EpS?kF&ji)hrj@5~Znw#r?cEV?}z%FVNJCYrOE^Fe5~XzFCd@WkUf%yCzdoK|t=
zvOGmJ#OhX+s?du$uu0vSn3?jr$dL+HId0?cBSlbtAFb-QlNJ5ec0rZjw^t3OvSIKN
zgkux;*$v;coKszJ)+5?(M(R%_r*4UUVU%l%dG?t`QOk#21nsZNci{I(
zy}&6~s9iXN6N6z=GlS0!7EgGg%7^%e*;j~+AR^v3#>dT}vS;iJMmMb>d
z+EhCej-{>#&!-E_)W$+|G$QK@>WB4R8{s9C5_oAfSQ9|OasxpHF{%wzc{$Fbo)JKB
zr%Bh2V;_hk=g`DRpXn4~TdfL9AtGqI&2T{2Cln7P{5+U(J2nU=a~ZcM
zPI4^Q^^~^!jZpOPKms#MaXGby@lu8$&{%j#4iruvQbH1fhU^Ry
zgaS(bMKa(_DH9=FIV%dhsFH!Pkw=~LXke{ggp6z0Yk{TvY#fx;cTaKlcPhvq-n~Pf
zU4xgGmI?uRQL4HiOeL<1{d$O!oC8zCLR?k^;8}7XecShys@k*-|^t?Cs{0`!Y&EWSUxCm1Fu}qKv8eorK@%*1dG!Mc?~$@z|jbqiHR$C
z&kS+#sG8fMi=m29w4~NY<->W3O4*){wLiy|xO@L^WB5`;Uu#dhMr+JG?*
zOeKpXTXFX0BttnP@fd*{|C*yc)XBT)crOZ%LrFt4F;-CbGTI^Y|!P3AJf25L~
zS=$JBXE8LfVQ69_Fe`%r*G(AjVc0)y3-x6E(_W~=13yOk9xhfB_lpN3eF&s(c!tqr
zskJb(Txl1sBMo%f5zTMfsz3s~Vn0`J;uY?IL7=7m^`NCe3??}g&#_e&2nrYqY@La?
zWRs?sQLQoCy0Io0Ta)XFOI$2l3EY?obo8_L8s5^vZEYAO%-Za>O#yo;AtWRBi76=r
zw2$Ob5D(Ka^S8nK0VP}+lRcdK5kb$=Q#cm&uKaCoWS00S(<8&kMQR$+S~u@AqLg+=
zr=(~#i8SJHT57JPT$9{@IP&xcaf;wNtY8f!JT`wToViy
z@wJ3aJ}{j+iA@}><-_QDPVg)Ym_4u!XWLCK)Lz2j-E233#DZASz}=TkdW0S(zND|trOulj7!eUQ@G=3Wq@o*`aq1hiYR+M#BSGy
zY$IZvjXGnQjGGyF81tN>b?k=YNN-%?qtziucC=wPcls-D`VqCq_SleL%+t9mrCF|`iN=J
zA=x7BX`W>tI6`&+Bna_2WlwSpjRk@3zs^U6G(ap*fUR6IM
zI9YTtA!|UGtHzdW@@4d@benW($c#Fap`rlo8~
zX32`x`VWBSd6ePY&^moE0=v_
zg>AcmYv_Q}k+x8G8NgXsPexAcjDMw=SE{|^TRB85iKdgGkw>K)JP*ioF!UV>%~=o*
z6}s9D$Li>+Zbd=K15Q7J)Mrx4FC}N!fZg13Q9i2ER{aZVYXW}?E_mQ(gvGE=1V#*u
zbDa>9$}90ZPH{(P7MIDdGzPipJ%ta*>vCMm`GTVChT6y=9=GcZ21?<#j32AHlpPXt
zlei3KBJUWVgsXVW2wko#xT{@pv;c|=BpCxJHdvBMUXcVVs#u#q(sFHN*Wrs%G=!Cu
zSurxtx{F=cy@YHiDP%QC%T~A1^g@WX%bao>xu%Gss^-y@ZjSKhx>wUP#04dsk%Ui2
zS}-1{n@8Uqg==e#GH4k@p_Fj~_r9Z^@M`=P8D2E=}-aI_q|EY9ds^=d;-8Mb4%a43ts^%Xd
zM*@20ke_*4`ZoW}WJnLZ<_G>>ss$%0o*hvC@XrZQYex54@M&i82pqX
zz0fZU6Plpc4_C4Kx&;j#1n9q4+{#^U<@cqlzyj9`&N@G^yS0C~*F1!B`tk_7hq%ui
znrHrj!Z%mpc6N`e`Kt7LfK9y*3mqEl494!Oojqvm*QHaCP=LkKSTr13h3}>RDW%Tc
zRp%~zhv6DJcON=;AJW~CbN4&vE_^S&{pPp?yd&);9icjQqhs3I-QW5VnzkH_?&Uep)sSF0ZZ0z*(-VnY0Ub-|s%Cz0ZHnD<%SVO;5J|BYUd@9=jA1PUQ>vSkAjS^~*SVc+z6;>G*
z75TU4vR73XGqDD`$XG#{z2Vh0M(oREhXiITCQZ+dLWUbQv*V-|=v;ZHa4TfS$qV{|F>4AS3w*d^_?kATr*ZqLh
zkbB`hZ9$Dj6~oXmTSJW@Lam3j*cn*LCTkzLWaFCwsjXq%Xq*&!0?%%qC{z8m8RT9#
z{=KF!npbYK%)ZZOCK4Z3?!9s%J9rckh+?m`Q$zU~#IzI7^AIccC&)Q5F|Zs@z2`x|
zc24Vkq3KoWNrco)I|BMVB^rwZ0yoW(^r=f$aJ`bV%4O1@^sTE%SNariG7~!%uC-8{
z=}D=Js7=uzCVjs&37t|IvV#v+u#B(_O;63r`D`97F>&&FisDh&2anG`LEh}=RLg(5UNYg
zcUz40fpI`2%XJOtPg`l?ZB^4K9%Wz&-6H!rGaJ!0_
z2uWPS@@`9bnzf&j&Bo@OT1SLPqYlxLEGwbaR1;$D~oo9~jj%
z;4-a2$LY7&Gh(5?yYSkX@tMn}C@xQ1j)zL1AhUPeb9T{$I;A+bPP{W79r_7wJ`m-Tx|4u-
zP9#Jd748fATUg6-?V+S}95Hf=L03n%#=tLSV$2MxEGj9@o69{xQ-&?a+2VwIY#qD(2s_~ZV;J!OxavAO-dh!hcBLK
zCykSm#KNGf9nTmm*`RUcMl*dAY*vLNeYV$>N?`RXBT9?+~
zbM33hY0lO!o79>I(i(gM#!1fwfGDgsKo!w*)7ZIeNc1RV&
z94$+$s*pjoc1|P1W+KTC;WGcQyeyb}R$8isjS90Iqtbc(SuYb1ZS}wll;fd$`xs9*
zP{+&NR#<+CO4eOGz6|0F7H$i1=xJS6c*Rn6$Ogzqn2nP)nYfl)XK+I4ha
zC)+L=vT|D++2|Ze$jJCS!OqlbZm5Fk!(@c>2HcBQHxp^bmNl3DiLh!`09tf964hm(
zRa_)uwDn|yI!2*I2$V()*odFB6P)KXmtq4Vo7YJ)uJxnrJ-UN9kgWnFuKfS<4Twn-)0gxz2Tejhg9G!I)%;QVXw>lxhn5mhFu
zrAP2{d*_vCu+~bA2Y7#fcbk5%msauZoxL|ZE&TnU^Z?&KINU#KZXE$vZmeJdo4ZF_
zFE^q5qtc_&%K8JtpgkuZO+vBr>=m3U)JCsIVG|7MVuBDg*r}bO-SC96ds@#NPil}O
zB_l8&<&P7AlNX~)Xz$5K*87(%IQLZh=}qesRMji
zDjT^f-j?CnBq$Ro6sH#&TFXa!1^#;BW-oi5zRimuPaLKhpt;$u-~W
zN!-Au?@)W=e{gaDHfm}}8R@P1VKsTixwW$0O`ka&B=6qk|a>sGxPKmD{0r
zxnexp8MTw5(aDs|{=Mo;!`J}%lxqnJ0;E>9TEEJiS&;=YBfSQ+RkLgO`H}V5lZS}r
z&c$ZC7L0QR;I-|PRH$Y+I3AYL#UhwdnJ*t>`PFdga;ZvTR=HHQ?=H<}=|)+=rV=#z
zND;I0J;H~)cP^GTb
z9o^+=^2tE2IZ@QT+s3b`D;3*jH5t@v=&>XthYkIR9H!0_I3_3zwBm)Mv!JBNjIbSB
zTY<7P7U+PvbXog=SZryV42?=#$$3Ps4AR-i`5Kc
zbvg*j1cZ>ZE1u_|xZ#-~A4(31E+3IXE793OdV-A&5DF2wRn#-?j7BMn$s2v&M6+dCnQC3@~z{iru~7W|AxKCgVj8KY5~lb|_5SebZCPyXMEXwX(o1fHA5CTvl55uQTaWvGe@-CAlsfVRr`+C{v0x~<4`3gk3rA)o-
zxUP@#2FaeO)G4C*XivuX%PA*{)Vvqm_-=L*qFfcJjo+MUOS--s;K6avDuxJuBb7|f9
z*)@39U`sN)rAn(N^rqilH_r^*M=(!F>|N1}qU4UxNpGfum5g~8Zz>vxDUvb1Z6vb;
zp2tNdl6l!$uF_lxh>-9_VdI!65sjbXP@iGvMELKToLXHQ;ut{_nk(Z@E
z!h%8`*}ju^sJM*VbJ>d?TjOaIo{eB*=|rgaqz7I`|B4Y?&$I9{AcLJ<2ze@+xkpn{Ya
zF&S4VVc_K%C*;nhUz1^A>|<}FV~wSyWl8d&9cDambxg)0#t1L&=$LG7ZYDwk7U3i7
zV$@Fd1MY26urY@8`%X{Si!4>gOo^$6AjPNHfL(ArjvIHjqX={r6}2y
z_FsYE=YTy8B!0<+y;?fSj?FjU9w
zB{x*ri0|$ejtw<_Au`62tek^6P`vPcF@&Yl5g(Tite&^sol6f`tCjQ<=01wao_m@9Z!x8_1I-d~!COySukEcI*JhTzb9vp>(wU&+?
zs5PGi82*fUV~TJkTMxxYuvR$WZ-C$?6N&V;x<*ICm_rH9C1|1ql-^?jh20PH6NgOX
zAQ@w}L*h8Q2uIL_VMCk+e1I+(wi)vshGZHbKj88JJdJ&eK*p)S-?
zHh!#N0T>_7CAc`k8OECQ3j0dx4uY#zK5n;EkjY6C%j3URUwziv=99E1jSz){3K42}nu0?<*&AMN@hsAmlAJgp+W~VAed5A{b}4S@>DbcV~*()LXo7yZ<`Q%heH*1jdPxD
zTtY}w3F+Z3B8Fs_R4bfNA{iU^Ac9dvU{%hZ25kaTMjBGv5snuR*9LEy5-V+f0T~R$
zQ6UbL-UzfyUsM-DcUX-g&d^MsL&G8#OwmpTM-@W!0a_{~BELaA90Wq-XGD&^i3~Ajc_I***fI~jnD$ySD5BiW$9{B@
zC%fjjK5MPfJ4PGSmCRO*C=IiihUFJ~ug!b9i&i+9C~4BN_;FA_ItbT;dqI9$HBX}s
zzDYozTb{IPtF{>7TkfLc98&~1!HW*#7aH${Q%}E}<9T7(3eSYe9Kudzr>J3^V
z(9H@B7~8Th&M?BBdtu<-r7ql7`_Y)yD|A-Pgs7_QYZV6xp7xhAXSV4$JQ!!WmfB4z
z&qJdko-2U`N>#XDQt?$BD|kICWZ=B~N!)YZNJoJ#JAT=~{?I#|6s4?tmTf8Vq*Pk#
z43=A^4a*)lZ;~nyC0tH?DJWGToGf8i$Y>lhXVM=AVjx293k%G^
zs*5jEZ$KGvVrMr@iW)E+
zP!zRPcya|5WVJzlDd?`3S#qEQ6SZr<_56M#T&*uxRX@`2PdH_F2jOD^5))8KFWDtY
zpiTyIrbfXtns&suELmu=h$B;hidrFud1)gVJJU$29hpIT3Fpgfon%=i*}@;vO#M+tn*W=o(x@i$&NzA=
zVVdX6DRPLbZNbSy4jBw2$?xl>#N;)KvTBqrp)NX0d#L9v>-q`IpjT81Vi2Kc7^{92Zi#mh
zN0ICpbtQ*xdQKqK1a#oV7R<%+(@Sgz$}hmy@-&-i#W&c`$8Y
zh&W=C#JrmG$?hD@7oU5n$z^e)kda`ZoQm(gX&Qia{oL9Kw^$u)>Y~Yb88&}DYVNgm
z_V-#WfRWFg?=0yNoSemQ=QSYJ&`^A>%14F3xFJ*X?{3lyclTwX=vF`z<&oLBA{peW#N=F@27Q!E%!afgWS8QFh-SNqxxT%CWi@Mmj
zBV+B&O-?a`gedVUS%9h?^#s362geAoXW}L$Y%ViT5MIzR|2$*p8q)YGBWTFgzpbpU{c4+nOK8$RW<5UTeMZPI{B_KT>$G6Z
zHEJuh7A{OIKQa1&hYt
zZ||YwI2O72`sn5UVJrB*@l_{$RS%!VgWAiehuLGB7!KO1hlkM>!pc-(RlwOl3!C+D
zJ88r4)`MqJ#*RosVQj#C4`9dcA@dp&1lQX;U(-LdrmUkaF}t{vxK<-nur*(8ZngM@
zT@rNO$Y}@TXYeXM{&+B=JjVDNhOZ}>u#X>p$Jd&J&g0;}7N0-Whdeftll!t`-S0<(
z`>;gnjsES`(O6!7u(lTd7llzRHT_?SKUJ`Y41a4mbCXehK%Vhnsu9gg@@=ZG#Z?^TA=W)zaej55t{T2fI5>
zxV5vlwflN|XYWP$3|`;cKMHquUhNz~*+=_SuavmcY+;#2t$Wox+wqEaU9)<_64-fWRAU*DFLsfe_d(RJ{=H{#B-cj8Yx3dTL
z!sZ*e7`9$+?(R}EHlOXkX@*<-2frNdym)yOzTDs4ZXUM6XH97E=Cj=<*9KkQ+TGlF
zRW-$JZz4cM3p>3J1s&4k($Jq?Ht7;nxe5Q@I@;Oa!(MLf?;Rb&PmnhE50CIwQyi7?
z(@v{d4L1*WS~zge5BH%y9DR6opGt!Q_L^KA&Wt~SZgF_yb*pJxx82-CbjcQ$;=WZx
zYoDC%nwRXcZB7OX1V;32P@+
zJ3btxefD0Boz`U$I<`$1qL#Ip$lvK`tF4@3@^Bo%Sg8?4CJnsKMw2nYN~)pd-y6GI
zmIA1Sf7$6g4q2M4o`;S4%6B0O0r!_5-EVvsHXc1*Z#+f?7;yFG6CZ)sWB~*`;mD$UwT<#
z>OfJI(Dq|s+>Kfk$&4ziX_;obLg{Aqrhi-RxInnG{cz
z>GrFSG)CN6Z)9tgtiXhh*vaIv5F*Ve=}tfxg^>QUUa$e8No0is`$Djqedc|_-5
zV=v_)OZnEdEJRiMSfNgxmKyU=L=MNJng#<9YqGs>&*(ilGw|$KF2wO3qfv^EWA><#
zUBNDUX#*s1;L%|dn}})Y#a)l`ri-Z%t0t@p)JxY;*~xY`iPUAELar{N00!<2Z)Cu#AHdaS*Ax@2aPt8-0S7
zcHt?7`C#9@M1I^$=L}4
z2Twq%yO=T2nn*!JQ=V%3S_7ZggMa2c!t^V!gaXX0FX4K_=n6bg((doN&O3fBcK_Fq
zKFnyBaLyuwqF>u`G6q5ya5CHdp=i~^#D?G*R~w0Mw7xVBLMgE&N%lk0d{&Avn~2G%
zT+mdP+p>jHF@LorvP|Gb#csCy8M};(2@TfNMlGU1a?7~ME0)+4rgJv=T|4R6S-dZB
zoVVGaOb|}w6AVp5Pj-@sIt)uitqli!=k^_cf+wymAGLO^+86ETH?gzdZ
zOiZq3^4Z$5{!=tM(5Xx;tAP5t@NjN-&oyKy3YDhB}{)3Rgjbpy6#yQy4q06W7
zFGW8j}Xett6
zAFr8;$gdrJiJ{wBzzV%EJwfcSv304zHsE7{mF+YXmj4
z^n|hPj_k&c)J6CniZMYe!>2`B!N>>*QDr0n^?|81XEqmdJ7jjsMolEWL*bDgdz3ul
z^pJY(NXwGUJJV?1y1=!6PLA*
zEQ98q$x5-}M6bu(0Ul8LYV~e=>!HF?dc;yYDLrt_Mo;4_am|vdGGT!o{h(k8B3ca@
zJiL$qKgi4kN$BEtgFYrhS0-(4ozZe2RQ@x51T!En^DNguQ{BFpGY~7#IdE
zM)%5OAQ}>h`jr`0WD}L)(~*^Z2)>osumduLb1&>nU$*Oo0_OypOL!V%i;%cGcClxt
z(^zZ!LW(>IDV-16?ny)3?uZRu);ICA$$2&z^F1N9I#HXpN5;xK-Vs&Jg7S>J%tzXf&{HZsKi3>xdOxR@yb1Q$xkHB1bH9;=T!u(X7rXM8NfH&z2o-idn4wsZbF
zi!zEbi+ZOi(B@g6o?VA$-4Jj_+LCBH_Qisy9tIMeZlmJd$Z>k+5wLH`bdO?B2Gh)G
zJx8oS!~9MIRN=$3-x17_L|-BCPvlfWOPg?NEMx^XJd}EN31(xUYC}l~%OOh!Pv(T8
z{RAQb`7H$w8Sd_@1eNF&&{$Nsej+~2#h4=_jR{xe4UH}>z@`9R#_=hUz54`+p4I|<
zuZa+OnlE-sAe;p7<3FbweB=3IIVQLkDc8o~kd9+`3WB2)v-wSF2*qS0NNjYHP$YmO
zkqBj7@{@r)x!zc@4;qv}V(k2c3Ji+*z#=H?sDtwAiW>lf+FpiRWlAI+4z4y)wl&tg
zr&YeJ1iBJ6#?$N%MYZzLYYJyU%U}$-4tvaQ?Y}zMJlbJLhTzCxGooj6e4cbHW()|B
zuzEqTv`aG=MJar2|j9{>?Rxt
z#42b}Ga}J(V9!itfjN7~i3>|-!gn`fD`tD@N-=7YxJ1JNBftscC6xuI1xHX-RWUdx
z>(Qhao9H0kO9NlObW|{uscWJYNL1F%$!0x9=Rraazam%^MHqI*g!Dvu-;10dqYEN>
zqjDpcf~CXZLr^3b|yCp+<=1h8Pn_
z)hOw!Mx9;S*4|e@`+#GN1v+)04`2R2b|36P>7ykbX|Nom1$}Q8~!vFuH$L^M;0LTBIq)GDs
zZ!F)$|38gC$p1g3BX>;}Zl|(Ia?9Bp;i7F9%meKEarTjO}UxZKtj|3g-4XVd_az;mk|rt|v32Dis4s
zhdjCmspK>;?;>%Dxr3a?O`=j&srU+XF3b4w2Bg?^>#v;|uieObS27Z-GLVq3$oPyI
zk^`@fm~A`tPz_(=>A*`QH8wf1{Y_z(px0VLu)_&2`jJ@1a4IKnIRZnCf|*1JP=g5J
zf)3G?_?uImwpHzQrl{qt#A1vee!NY&Ei=hnNVYS!s6kU7Qx^&CpUhB10VX|_o#>qV
z0HOAsu{kyeMb2W2;LTG~#DRYi9i*(r)A3|*>tl-}Wd-qbWl$O|?lIaY5M6y<{o=T0
zM)>uOM_BRGKVYN-d54WM|HeQE-avDosq)W0+}!(+z-_BR;n;q5e{f<}x8x7*xtfS>
z)j;6YtupA=U8z2ez6oT(X{FK)6i`920_sn$Z(4l5tWTl-4jWuh9gOY2Vpr1w
zBl*us?4p$G@o!pD$mOzD@QBaisI^n&U^^PBCn)L=F}pnZdDQFm@K@3oUSG&FY^ACf
zZ}7PG@21bA^Pe=*eI=~5@GX4e`|qdjy_u!&JYu(Gt#mTxh=7TzXmbAbIW2$L|xRYsY)mZw7{s-R%hWTQBzXAG3Z8F-1D_6M-@|
zk*;oHLJVGsv$3l*z=5rY&Ikmod?CbO4lYfEos3m7Dl?(L!!|pjdd*Vi7Ib{Wum~B(H73cW$4s)WuYc0H5NfGATYzS`r{rQzHVv@%pjaa
z`J_)&bVFVWo^S59njA`GbN-mDEEs#5*-$2E`!jY0=9uG%-T7r=7%0`~viOy%ad6Wt
zxEKtW>jo}|zx)=OL&DZmEaW;AFp~6>MIosQ^*J8}qIG
z-Pf=7T5hNS!}E8l3K1jm!R6}N4RtOnUqG)^(4QoL{z
zePPIr6MTk2pUL1{;)>K8m)RQYt^J4vibwET;;=y*ZKf=Skm>`+>EAq}h+AZEpe;wT
zm16u3r8|a}`b5OD#tQx+g%_F>(Ar;Jf(%*3!S0yInk34u(#Nv195{S}c{=BcNtTBxtNP@z%qq_8bmy%SPKgV9@?b0>++H}J`Y$`7N}TCVxB49StFrjcXgkgc
zAIUHvW6$G|GVpY@R-26!i(ksDxFF^c13FKHEc-mc7A09jh0P>ev0qos*RJ`71BLs1
zH7u`G0#qY);vQPaB>G$|J{1SY#zQF4b%er;WR@AjBIt}TqYV_gTH)O8HtCd!;V|1L
z9yGdL31YvtsDJ+s<-K8LJhDyD)wu>>ql=4eC>ahAx4Tt=2$MwVPgmRv?iE)`8s9r|VKz#FnX
znQCR=JX@8~oJY$BRmen^`v<28p@lFeM^e@a&y}}ADR#ph%jF(>Pw_$FUrONU(i^L5v5GG;hqkwn2z=hX7${S97Yjtz4B{av%EX|
z5C!R1evKk{lM!l(MJ>AYhHr1V1q!jN;3Vd(>J)zg+%F4&Za{EgyS`}5-(q%%RQw!}IXb~c
z_1qxUj@BQnEStGNJQ~V#A$foBo^uXm1ThWq`}pz7HKIKkhRY$!4nPWW^vLi~OVM^I
z<>q41h5(ER{4l*xd7~;gV){EEYX!)$gpJolSp#;Mk**IGr%|=VSri#;K#q!c&eDE-
zCy;t5)0L4$+y-Ny7FN}4pE2#wm70p`+V*_dtrI)%mzPp5m*9X91WD;<&=a_G*^SGp
z9j&b|e^80|d_id^X|MC-9hI5&v-BNq&d#+FUgIen+Y?ggosjTx<_CC^Jx%0@Oh}bz
z=nr(H3~ZFtp)bWGHo`r9!;CGuq|6u)g^OWOqS$wo2~gcR96zS$T%5f-fB6k-{Nn)g
z_Qk5NV5c+WY>&gg{3fmXvi~Grh18dJNevmhN1}>=4KKH
ztd5n{aP32v$I7Z%8Eg46-96Egh}~|kJ3N{lQFwsuRDpcxaD&40H|;a^!Kr
zzjD-lPwkqsS72Zo%kY2is*sPpz{MOkbqK!UXh}H~k$+Lfid-NKR4uUo3g>mt2bJT|
z$)4(z)U+&WW9G3LoSe*`oj~~tc_Kj%NIL*xFhxXT`w@p1czSq3Dt^x6sUiWv-1)PqNW{+2!u@
zS&R_&6mHJ=52>dm!HpEXY{2>QGD^XVKWuLvZEo)z{%{|K`gqK~Q}A7pkeRtYL}wIue8-b~?*y7DP}BsDGHtCg?d-L++uS^4UoCdb%HXi&{KUq*wV)loK!6vk
z!Bj1}UO|54(9E~&FS*%)hY}JoQe1yah+oIkv~w6!g1WZCioYU3gC(M^vuKD=ML^%Y
z^WqDV%(@@DCE=SdCLqW&Ga!jh)d4Jj=2R6^3S&{m%IGbt8V{xj6;z}gc9jx1Nv!;p
zDA93&q9b8df+GdbXoaf7XE!1-{r5{y1Px}UiF2@U4iO~HXvx!M%+WssIr?pC@H>ID
zX{s#354cgAqF^vlM4Rhcas3FYlE}a-g;oLWO-dk>GHb9+Gu-W0pc;F`0khx&{kF3S
z;gokLtZFuxz`O$az(EYN8xb#*cy0k^Oar^o>#(vS7k3T86G6x&tLcKr%#oT8)DmNj
z+qyz|j|s7h1k+r4)$7MlOf0iTCh8I9JmQH2ng$n!8)y8Z$g&aV8EP0ck;0finyLjr2{k!1Ja&$)iXHb^^i$q2EZs4*sOpk=
zm~+E5e@eo8U;UTEAfPj3Y*5odY|Mr!Bido30wO69n~qumP6bd<$%YvsX8BfRXRKwSxr
z{s?4sl?JIlMy#nx*bgq7WeYR&A*-)6p?9gIKo(+2;pU3?9IcR9GO(^*Q$p@J#}?pQ
zY@WcZHHk(J_7ByuM=jQlWUgc5a=^?2>>2w=&CMblbmIt^VC*WwWA^4IvyF(V)o>cl
z0iH#`OVOwkL`Q&XfcvjoyLwgNkQnn};rzY$e4bCC|2Lu|e?I^32M-=L7XIJ=q0hqe
zd*S)L@cjM^ba%Ay{9br|FFe0LE!{0Vzdw5HZdnR&JikerWY6!FoaguI>f_~ydCzZD
zqOs?<>)@>h@VB0Ww__po93nhFZYuF_wVnTd^UqQCD}2NM*as8U;`l4^e!cg8A;j@c
zKN=1>Hw-~U>}bV!fh;2IwDC!6$$4VG{RT}vG8ER=*(wP#I-lzk?9gB|OPOnF_E88l
z{R2DX3I?XW7^x1ogKl{ii@X}zltEmTr>j8koq_0l8+CPnbNXkz5FOQsh%2t&9hb1e
zB^Y&;oW#|jUu-AmS6Ay{84u%%kBjN<>J=)^Z*blz*L4yUXi70`bmH^G;LPGQ-jB!a
z`{VId_Es`)A_(^WAlyv`69%+rLqP3KjSyX5@9q2?6Ku%NY0L%(c9J5N@Q?JwNkthr
z{VaC0uzrron6b#YK}aH;e+ZK>z)-C5DEa^(Mz{3tov2@ymW+~gJT*!eQC^?rPg)Hp
zjhSw(ADF}tMCR<FgM!ACLT-<&Ic%fJE7HTgVg
zVH%r1cfsh6^Mhpi)um|*m~u7)P(l|V;~Cc|-Hylmg2^521~
zE=PSdrS~JFOdew{0@%utl-R?j;|)U~HpE#jas1xE91(J`8R{wboFQ=y<;9~YbDJE_
zY%*covU6{z8sHeJelXTb6N|#bp)pmtDuFTt3eP!9j4O38qoIUHgiA`@$=ET>dXPE(
zV5ClLr~DZD@uJ%XX%?%2n9aLz7Csrp(R+Ge6kW)DYgQKrRxi^KvN)=dFp$H^fE*f;
z=p%1zW^`Yap@F0@@`&1>MNO~KVHr-{2H2X_oxtoi*($$}ZKI3=PF0u-HKFu&h@{*?NPUr-CpZc;cVwJsvN+vGBd=Je@N
z?wRo@?bZHIg_26E4rTf3VrhQr~rz
z&1oQH#shZeHGWpiuWj;?)XA8YOF0s*2ep3&(_1EIn()YUI&>$$K+$fBEwK^|i`PIm
z7txgmL=(QNEm=P!XaQ6}ljJiQZar?N8hZA9)k
zn}_5)8%%-!4FzHvD;X5(lTf(w+Z*$dPwBOfZB5Kj*|y9duJ`7Rg7y}^(GOYz92Thz
zzz$InsVta?C{dps%GO+gz!W`lysdnqoX^+g^~`zQcz~gilw9v*ZDhHi!kiPzt>GImelE+S1i8OPni{j_?rMlGtF(o+qHsh02r!wl&nMwSsLv|&1u2*%)W
zD3qHGVuVY~3iI#aM6iS_RFt(z9T=l>uQN?@;AG*=Ky>{3%cUhO3BH|?{78;AM@OiB
zKrKOY@6FEP{vIk)f}Js&+s7p1WXVY4JGq$!GddL%im5&W_c_FZ_x;Os9&kRFGIwNc
zjzK!n*pAmUI?mZtz3bBvZ62lA<~xlI<~1dB@_o&s924mYMAmxQ+})jh;6W!((k#4t
z*Un%X{3a6Yyufp{DKxTbl^FCWXQPovGG58FAsWjkU9_E6`HT1aY1dU;7=!e*mvRzR
z-G-AfzahNdDrt$YSVL>Qmx6$g+>e`7x4u`RRF_<1Ggqi&JndaQ=IuK^N3--hQV^JF
z%_w^N?Yn@emgCMhcf+G!4w~Vs&4UA=VM`3Iw2fN_dYxV*BQI2r0}{)=S8X7dT|(x>
z)ZE5O0pWLIjQZ&qC(@wktQkr@*Pe&XsteGakK|}hCz!N3$tccNJVyCK1;-AID_OfK
zMj0;15s^rP#>9~>6TA6f6k;?QPlh2oJWAB<^qNN}V$23Jy}pap6;uIoO~kmQ9nmt!
z;bb(V46R)`emcvRqS1$(z>1t1B_XRd3;6qxITuN8JPe>h%C_AN-o1kp*3MF&55TzD
z;+BRUQf`tr;1|d%PABXg2e-{D(KvXIc|@H4>CxNe^~xA*e_ZTCboNrvKC`Fdb`Y4$
z94gDFRQvErG(q`(oQn$c9tsEx5zo?(;VkWJ_M8YPe_EzVF#9_C#7Ll0SnkA{g!RO1
zOkkC4_dWml0smk--@W^4X=#J+
zi+husG+tf_`Hna-^5q}QWsnfCn`vMQ#N$@10$GN3FRMeyBrB&KVn1!YgQZAYTP8s|
zp5_VZMuVFQWtp(dLZ6M1;Q^$L+RP1WP^RT}jT4@u>Y4IfDp1cEO^>JIQSDCN16b%p
zYO|z*rQu)&G+2~Zm7b77s|Agl@{X5hQBcNYUYW~#or?V^V--rLHuiv3n$(dtCpff^
zT5nc_05E<)v@9jPytApvi;pcoefr&l<>klc&w*fKvvjE`$rSu!5K=Qt=o?S=o|n+g
zIjm5!KJpV7+of-JM%^=wCIt5M^E4qC5?I8V9uK6SsAfymJfPX+^i<$q2s{DU0EWbl
zifW(`Q_dQQMPfh}=Ru<+!cLQQU2tkIk)Ux5QTBsBC@+vsw1?SB?G_80?%No5UD1u<
z6z3yTGJFa)qY59mUhcGx_79B%q{?N=ui2a0x+kvImn}5Gz{Hs3vY!R0ROq3Z6th)!
zqT$#PNW-=I8W~qOpPZ8>Tol4q6o-AkiGUHUdUzOJ^+E0mzmK!g57_`ZQXijPjj~Br
zhqgYQkwDPxlA;h9UAc&nthC1Ayny9YqiuDZi0>#(J+wA(ngt`sxwrah#!i-_fn%O|
zmNTS?BdM|4lp7UHR7ujLYp1axF+En)6L2-I&e~*18|MbgjOodFLjKSfoGdVNY@bUR
zw+iM178Itf2C}Ibm8YMhjskg6)ro>U&kET=t7;zU#uqj@sVk14OO%y5Yb~X8-~^Pl
z9sA~MAF~ZyFyeo$j@-tfn4qX(97ja>sDBkIv*&2E!Lc&h4q8=Q=;`;?=E2+U0U`yZ
zEDs?>x!`3W3vl6T+*c00!;WorF4J0|6k0>~=c;}0ndUuiAR?&P$1|K
znh^9b7^F#-K%d;K;RcidWc*1RV*+V>Ds>0-9@iE;3XL)ugLO%X_pxlisM{w!1-1o9
z#)}va-W|1?NAKvwN%xGgghCL>Og3O}3`*k3A-%OWYDjxP$slKka)5VG)5%%PeUvPx
zLVemgvj9_O$qpfHR>N8o{yT&JCaj-2Hz#h29f3nZ>~Rz4bfqgi8OVUt!#$gdxi1CS
zQKRQpao~v6Vg7{?fdlBdLkoxlMj=&8UZLcVtua57L+6K5mnPI`>Y
zKn>xr6PE3HtK&?#91oWO69wj!4JiZPgb;&R2?jDa5GWE(j9glBol}?%no(#yagSjE
zjL*nfQQCN7j7&OJxkE3*UC05driVJH3DYKI-1sxH<_e^MF4L$p@P`6Pi8mpcWjkZs
z#EcT(Ux`hI#Wm?4$_eV`CTcz}nS`glwB*6gFa})+o%MTo>GVwZ>X{=)ssU~nhAdN}
z(lG`a*_?$=1I&giK`SJGF~wDZU&igpSTXYzEW@*}IZOsQav}$h+JDRW8;!`uC_|d|
zNEN{2i&!;`M!K+YVUDYW1zDmz^{}K(&fI*aT#0&=wwcullb)VyYF<|tJ3~}((fy3l
zQGzIhUk62+@B&nRqpwm0*ie)2+PtnRlIjt}#KDl~hL}6pb;BSCH~^8R5GPQ?M|jkb
zPY}N_vNO;>&@TFdf7kFYqjHtk`C3L_q@(4BmH%Lz#%%>^6#4&O05Kyb+Un)))G^=x
zKYZ|Tc^&_Ku)O+k8UBOY>y70_{>RVq`7HkbAMX0^xH;b1XW{?9@c&=<|9_s&F8u!&
z{{J^2lv}2|h5!FYkKHXx0o1}xYT;wxeQ6)&1ZZMAX}^c#@b?}1`$M~j%DzE7eu{F!
z13z%UilG!duuh`H{pHpBjkR!P_3_%uV-PC+*a3MZT>Uv8KOlEFYCxWfH1?VuQiFPZ
z3jh6U;k)7Y3c}`0IE9;>`n%4
zIh!MPECVFq0T0ix?1k&Ar~>h*MQNq;4}^P2#%MJHnIltMwippb$;V!3Wcv{7t9cst
z)E-JdqPKGGW{!8N)QMn-aI_*vVmPa)$?~KZ4c?1^o4qETQcxdzIzk~3dMMj)P>$Gt
zgdEnNU7Wl>9d!59>o=zVX_RusoZho<^eW+g{=+_(b!2+mpa0q8XiQta~hUp#&kh;a?kpP
z?PFu3^M*Pn8w)f;e_CsRAn|#`6%d%bs!-5Nr!ATXCTg*Gab<`os;DGTgwbi*E-!hs
z+fBx5QbDrwvAgYaW}I9+C$D-0%Q8=Gz6SZ@Fc8ipY^lu7hy&NH)KHYNU}#60uezDKzrNK^@O6RKsP=KF5n+hM-Qov}yEUy57x(XJjXWh07Wa{gq5|y@7x$qm
zq8WN2>FkH7hptfxVR1K93*A5)M8(}qC3Is#xy26_cUxK`pbRYTc2q{6th2YIHQGO<
z;yzYoG^HNm)_t6kXj(bsboPUFL{qvUGj<=PBr4DiX=guNMKq-ua%T2pl|(ZLRE2*Y(wi#7aG)5-vEqhC;EnZw
z*(o`;zK?S_k&lC~OTFY|1P3tOWI2fPekVSeoZgopllw58a2~D%%9f31(NZ>QcaqT(
zY_nY()GC$N%zh}&^ak=2l^r-~vf)x7`6-@;B}4)Qj61a&m;GdW=kQM5R6UyX#PKN|
zokjx+nPmDQ&mua6o8A~Scdej92g_bo4X|nqD8(q>V<6UJ*b=(kjNb*=mG3IKS~F;Dlp7;(B%6M_)VUNuRG7MhSp2?ats8CBU#(6
z*Y5)$fjJhkA0F#?p>?u|U!G4XEJNkJ=}pG4BFAaM;{Eegnb)
z?6-Kk-92ufACKbRvADkg{XE;5ej++a>=OY7Q5J>nqfM=M6RqjKV`tPL%xR8Z^`2o2vWkeN$96jMwjVj%*4WsdyDvQ~7?tL5&
zSyw!mP|h-XF!-87|5Pe~D&U-xj;>JOnIHGZp=}pm3QDz6Kdg1JRi*ZD>ONkdnkly!
zx-z>Ie!(xqnOVO@&Wz7)mh&=>B*@yYfw}Cw0k%fumg@lsMdwUh?$p9hr$K7q34(ES
zn!)U~@o#vq{|)BbaIA4Y4EdC0tR>&r@I6!I(W
zsJ(>kLmX;08K)Suz^TPly6A+R$w-djB&Tq+!EHD0Kdo>3(msXy-^1qScKucJw(7XX
z|1W&7wqpJN)*6KWySmW-ewL47A4I@5tUo;;pZE-+F@Kqpe4E2kuZFmW1&@X>KJ=yB
zZ0(?>k4>BLdE85fU6Y}R=cyu0i8J|_vr&+GmO@b#
zBmZc>w!QD{!g!(|)_Pcd7&!ZJ@P8(#JspGx-8g~sVi3fyU|1iA|KRKOAz%ODw10`G
z+)vE03fDjF*SA;4HS2$Ut#!Tl-LHx9Ix|
zrQM?IFO+tRp1)AqEjs=}X}9S2%j0%iZog34EqeXlI=$VZ&o7jAi!Q&n-_zT3_=VDL
z(cc$JyG3_jDD4)#eWA2lboRw@yFFiDnbTWx^}Tg^yG2J|DD4*ge4(^kbn}JMZqds(
zyv@D-eh}Qc><}93Pfkbu;lMQH{Y(Ss3uU{wKK_~8p$8eZAZXO=)?H|894!-8}
zXSu6-xzs$~|FKjmm6t2drPeR4qvk7odjGH#mddq;d-vJq_VMQ7i`U3==7v%1rRWVd}{^P{3w|3mQ=KQy|vc8@_
z|2Hot|q5R+LB`56Hb1QXRlmB&feJwBludl8wB9cAu>UOVKMVWMze8^e`_D&>+bw=RiT&rJf`6(cWPIAb-oF>3(>uF@{}OWV!}|UH
zaWuy5FsrviHWLY6%pJ$?_zqm3ko72w$H#c%n9x&`!MNmIDF>wzx-ysU;iYN_Kig-B
zgjvE`D)93+0X8Y$D%}#oRNx2s`Gh@Ln>G`*aZtxi|d9`Tp|_x((I1)lyS(*KW{%uVm?b2NN3=bp914
zD>&YZFUQAQip+bwGdSLXjvVg+b2r0r?UMzQj_;w1*)`WQyO1WwZ35@8+tL>hx4!TAO7w+A6
zI*J*D`LDwxDbUIeY9otFAw$ZVjj?uAoV%xTD+je(scI=$!oSWx)$2-1n
z+#mPP9&7A>wO3WGxvS=y)7IX3F#JGMiG9Q+`A(B7l4y(;#S-dXldF5bZE*l17RH4d
zQDL!JGqY3gM>>kt;TYOf`gd__@x+#%bxZcBDY37)KEovi*IW}%_k2Kj|f8&=A
z3mL2`=)%IhIt#M3`$FRb^s
zm}kjty^faA6UptW-64GDDu3AkEViC+n`Wk7M+Vswf%fe@-dHzTFZ*@>uo30h%sVj*
zRhljpbqiA(?drEwAsvJt!=&p1;S?nbITNFbtGLRieCz5_v)Qv)k>oY^H{Vw~yFnv3
ze&F~dUbZ5k-}-vEPk+!2UkaC6@n>+YT^MsR43AJtXohZoOeD@h-^wmH4q9;tI;k>A
zV|g%lrRcfWx7)EU8V9&kxU=Ss>|z1(Jt+5kd}XEr<~Eb3cALiF%q;)L8gzWt`t372xQ}?j`=M0+{gjI-R8bU=CF;y+NWsC(BJj&Qa;%8YhcG8-O{lBZ879XVznuozJ0ueXa`T96}1`E!f0ihp=Ta5w)D
z%hhSbHA5o4D?zB+^nL{UpYh*VFV6^g=C#`8m5nLmEFEN0iXCWu$G~Bdq4PvArA&LHVAg!1HVL^
z{@w$3+<^6f0H${#98lg0px5C&ZsWoRf}i$M-pkSQ%O$`>L-`O2Pw;Xf0j2@aWX#-&
z&~XTVjPmY3Xm`yvhX3>j^mM*;d^_v*f?`JOG>f0?dx}1Syk%(6x8ng}5i&+^a|3{p
zKKvr?PUrH&2dhPjwsu%~6HfvsS~nyAn8@tQvLNXqMc`GQ1oSj1+>FY6>JTnP??p70
zxl1JC&etEGb}c-~h&w(QsV_E{v==QVxI6Zu1CkZNSY9BmR~*4!gxC$0HHT{*3+iho
zVy91ErVr9r+b#IFb;h6`;x%y>I7~w5>!cUX`-`W`PieVy;RLR@Sd=*3nWBReT`99)
zVa6f-wPR231b!bJJLprQ<5K3gs+4J~Z3Fh^w!L%*CDe+XFxZ0cAJ6ej1M{{jA$;}f
zT)HXLil$G_pR94
zrUnvL0*G3Y3|M>jBOr{s(z21tui~%IS5JN8NG6Q8)NebArLUKSHvSR@BU+7QOD@Jb
zq|FgK;F4_Wa4HNounk{!<2aj?37Xnoj=K!_&7gHqp!MtJ2As~5-ww!F>*%5Vg+-#M
z2qN$cIQi*IInmx8
z$)w_EtlcoIc^3`V{!uUxL6L|&Cyd57;FB%J{kk7OiPYO85E*F38k9#`5S+ps=)VOc
z`(U$D$}qzdOuuxv#5CiK4vB&3cxziAU18-mC3=9up((0LphwGgq~GGj|h;KX8g>4}p_Qqh{RWSBbU&zPx>s;P4h`Mw4zpLoGu~)-3*7t5p
zZ?@J@RC
zONmL~6a;&dlC9sQ<k!*v)UNLu((Il
z7=0
zQv>Z#ewT6mcudU!e&$Wax35zN=rda0u$`yJb=-|3%KCuTl(aF2OiucxUn*^G+_LIJ
z-VU$A>;2EnReLFZaZ=9gwBuPj!Ea+VX>UTxvG`9Y
zds$*ofpB@DQ&?JUX?tyoqWbGja%tqFcSBCW6~9-lnO;fKQVWjH)E`;L$m_KY1quvA
z7W!Z)JqV;8t><%*rZ#oDQ~Q44MK8&`A(3Mrt`nQnM)5(Tv{jp0pypOF>-m7duha8j
zI--r5Wfntl*Q20I2xY
z5W5+iqYaaQco>C#0g3w(Kr=2~K~6&VKo6e(+>-A_UJV88>p{L;_)GEN(*uZ*PdJ?`-zlwcpah4#CoC-##ubP9g?Usm!cr+b`Jqi`
zW;o&|pzqEGNTKJ|)h*7rapA8P?x3iUCC=MXD{)h~lwGuJBj4gXdinCZQsU*w=Z&$o
z9En*Pb9fnX`+nUgz^GjyXGzNHRY@qbSxl5*V}MV26UR*0;~=BB_!H$7Y(t_f^gl0PE?kjvSX4&j7fcY%U5Fr`g~Yh_GgTbNAjh(^
zW+AgiD1<3YIDZ|2w`Aq}mZv6?96GUY{wy(`u8T(WyX1>n-0(sQTYPM*hhug0HLv
z@Y#|)mk_Q<;SUaXs)bXY7<_*NZIQlf#^vD0GEqFprmd&f8Jj_wB)AXKl)kvb6b2=b9_(cYO2lOGlj-01|xSMjYW$NAR;RX6Zm?=&a$IZ%T0||c7Ng)kZ
z3r6sYEA>C=7=1$qYZ-8Dew&a!Y)Df2(1o(`PZkmK(PS9u<*3@QbZKa9*Z258LERSJ
zu?D0Za?ce*Yct_Csf_qZdSv35*;0SDY&83dQF~eO4hLEi(h9k2spYuG`Vka3VIDjI
zNqG_b-$EyDoQA0$nc{aG0-9Bfr)?+Z8{p|eD=u=FFdYMa20}e&3K0_$+Y)`Mm_H9T
zLl*%YR((ur9gzS08x=)g-7Dua?|7gnJ?*TR?AEUQ6YtfFnx#Yp27>_<
zqi&#<{*6ykKhVCkJ%3fwKCuw${O2m60-flpSl(PdP!Z`C^5u342lvoPLCrmL@r%AV
zIl?*f(MAcT!7?j$CPBxvn$aVl8*4rlE=FCUec#An-fIb83e(%;E`2XSb`#xo_v(g_
zt=;d|Of1Z|ROK@)jfwLBcuGJ<`hSD$P~f{G=Y&<7N3(%UsbN;J9nSm&_nXFhS;h}o0-bMNVWdU
z0TIR%*L}Y7rs(R6CW|tL-2zE*PVQPwU7D%MA#bB^8MKE6XOq?_t+7|}k?~XM4Yfht
z)!iUvlA%Gn?AS}otUT&7l~E)K038s3C4se4kWOgbF$pz@|JB%sCpeUhIfgk|>Sj?u
zj#{8QT9*9m^N5bKX#WSjhDT;#@`BP#{Y{}kDz6QJtT7}cMYoJ85
z#6y6=6n}a=(yN~n4j
zL!m%1wd>~|m;1d(XZ5mqYjsn2D|LqZP+tn$#vY=-XNXL3A2
z3HGrR3|Wa{=JcPE&ys4@1;l^w!ZrrXxuDji#E}eS_U+Xf65&Jb+CMEhtW^bsB$n6l
z!+wHv4YcTLXT958n?0A4D_{3xV5Xo1B1ESji^~SGyj-mC@|KHiy!^!Y21pfd?Ij1=
z+g{91U>+JaWhATRDGX*&0zG~Ts~U;Od$p&0mVzwsN9P(Z@3!65C3~ApUig$M5$3iX
z0-U(0E5a%m9jA4qQ-ib>P?Et|xd%5lY(Di8`7vMrj>paVdYCMCG`oHKv^Se|Y^-%7
z__IzObLM&cVSAR(44W@#k*`(v81kvj^y#=gvXVxw&;dVqhd8Sb;u)BcGqb)U6mU)O
z($NAw`*XbQHUcNjkls(U>38>q3eKzTvFJ*XB4Zb}!Rt`)(sF;|Sg-VV4728G%MMWg
zS=jh6A>Mb!A?KI4Yc5_QoYtiOQtRC0Z(SX}Kt=@mjo*SoyppUQ(<7UG&lF(eV|*Rf
z%aN@H4SHUdI{C(a1JzTP3RARf&5QG(4l@NTZoFCg-`?P|9@I+@>K@!_`lc3Fk9RM3
zi#kvJj4!Q+@f71(hq#Oi1M^N|%uP4~LLyyG6G}!E8ci_vBoD1qh*U$!zE5#4TdTcR
zT$_I7QD(t@QyQFOhFEO?_E@a8KQzxp!Za!v4VKX**Q7r}2lViQk(&KPPFCwNP-}q@
z>IgG#8mP}T0k|;r#!y|m6r8c5m3+~>;B?c2X>5p|{<{X`AY86yOBabmsehe3@e9Kh
z^CQ+$A(#uskcOcm@mRb7DilsbJwA-#N-_6-<0AU5rrVk&iW1{&A;0?yKIhb@ZWZz;
zNoJmFU$E&*5&WN$Eb7jcabJzur4}9J953~NeeS!ZVyw7RvW^OqqFmIURm7Rg^Q+A=R>tMH+Wl)c?!1$zx
zzuN7mo?o)Hh=usTUG=MxJ;44vt!68Sk?7V_Rd4@=afXc?aJ|MzUMc;PfZlDZO;(c(;1PmiBPezZ`V1If|umxmGTq1
zsW}p5b2JGX$J@bkwwIh-sOr+WTsN%yWut!Be)r5%%3ymqfy8;k$O0)>-RV(#WV8~~vb4SS9^T%8b$eX<#rxuI
zk?NoJ`Kz{5Xg6zA8{gbAsA!3`XJR_92*sj#ZYF9rWGQ>aTj*-9Lq!c5l*mxQ_$%}h
z8dc;1b6Mfdcllps4K#|vZ`^1wtw~`v0v!oT7W2IEtH=2fl@}QoDt&RDH0zyse?MyG
zEo%1f5yIL~_MP$YUWLx|Xbb!EN8_qB-v26g@%t_D+g@H=(@rxJ`_vZ{(+^19NN>2M
z;M9#9cVXs@1vMZcO0jJtQWKZ}$%vK&o!`Gpzm*L;$oK)-iJq5au+#bq$n=wV@!%OiM7wA@^%)CD=^P4FF#i5W!B1^K3#p>Q8qUUcp3(U4Tqsw
z^HUmb)$RJ#IS!fAX4f<>vMp(Gy`?tYn63J#r-I9Yl$k0>IHtqGox}A(4F86o^lWcN
z3Y6G`>NB9jn{#5h7r#UXG%4j6^x1!7-b(71|D-@Hn7DC~VeMh@8^5x3viC7@)zfQx
z2cNoKvWJk5`9Dlsa%D3E>m7oc-1&(lwwm8(PAgw$P8%nW5fiNIJ=#MVh5Ifbv)!&7
ztS+A?iNS?ONRBl#mB0~7eZt8LP@UFczD`?ls-_Vm`xijh6Fy9N^?HGr?`R)@OkhltlY(z
zJAIx25^DoylLGHX;Sd6w_+qTc3;b
z3?~v&pVDvejcPG{4HKz&_ns*?zITnq)aLScRE|qN&2Z_dc)GkiOqdO*8%3t60x_^u
z3sVi~zAgG4Nv1fBl696Q%1`9@3ZQkSHE(S)l76?iakvAhH1z>f)FV!!?4FSh^9*d=
zCwVnpm^U#GJ=TPk!)yq`Si58pNJ6?PazT^)t93>g?fr+t$?OV>1*_BDWPXS`x4vxZ
zT!zEj>|_ZSBRFGH|8CG?m*@Kq7@r=R#~dipd5GKrhNqGqe`&iLEzvjDjlBcSLAQV93X9-6z=_qm85G&?`aq>0bx=!)AvVJ{XqGn
zb&5xEBy&!3h;#EG!@V@AlA&7&nWl^{ELNShf>uQEMbD(32(H>t+fPaf7ZI6Kr(bLH
zkPRAK5M?DcngfKG;B1#P={5(9q{W#OD(VY#act?+0k@3h9Ag
zlJi$Kxt#sONdAD)%f9Xv`wmul|w
zg@Lpn(2BW>>MhMGr!#WZ!d`4gatC4@ftfzlmYd0xDiq#Fwdv)CIFRkd1u%ckR4mJ&9ZZJ?Lmws
zS4cmkyW{MSx(W2__%{1^%5|-M0^oYJD6Q(nAh+g!c;R5ynNjA~d~a8=;EXaDvE%m)
ztYKboQYCa-A)}J>`SzefM4@E<*^Vw(YqV1Ym8o{9aouyIhE&q^$j32|6NoSp1-;`b
z%Tx=TUNTb+%K3R7JUI#{TGzw;V+k4TSy7jrmGyBTHazno^cFUr6_n`oyKR+DSyeg~
zWjp5k@^SNM#nL(bR`47~**}n_(m^)$rm~}Y3NW~Jp43{!(+-&8L?R{4l1JIc`eYHr
z_sp*{wTE(&v$IKN3iJbfBMLhGIJh-v>eynZvs5dxljwQ+B38Sa@QaHmJ9bXG=v8$Q
zFRz20jV&^kHh&PldTlLO{^60VQKgZ|&p2`&v@3Bj=HiFP6E>#`53S0XHitRJaFu)H
z_FTJ>=Be6w`?osF{?_1!y;SLk$6p1lt|P|1B3M~c;93pwn~Ne1U0PaZ`SM<#tm$2%
z(x2$G^i?%*UE!f97?3oF^Z~YF7KrfroVG6mUI)fRV9%q0bx|;wM-cG?EDG+M2Ls5w
zbWg!Juiy|6pa5)m3a$gc%RGV^EWvzDUd%osW)HQ=roPFth}txc6i`j9MpEL#vN_Fr
z5D~qX1B_31K@VWBZKL;-(PqeeWh03EdkX^?$T4w#S56|ewTe$?AxYPibK$d~kU2l6
z7(7M2e8nF^Ec$R&eNG{(|Hg&5+ZY5ZVn@hb{Fd(Kwwn{oM%^oKnx>u>h-f2ktQZg!
z?#Jos0F?)p{C7WFP)!o6c-oNrbNN~GhWGyb{b9{!bTHmbB9VM?Gqj_*H8r;UbMjM9
za$0&g<*3q4F}}+RdGK%lu5$F}#ajyT24N%y)oGE{gMGQkQVox*!+7+S=PDhy4h4Aw
z(zMT|e~4Hn9(6GF)wCZ>QGP1xT%F6T2}y*PB0_Y@{Vo#$K7-Y9*gl+kwcul9!Xo`V
zt^L$vY7SGZ@9&mAUXz0=W4$$gLEFMH`zAU?``Aa}rK2U;&DO);JL?-lJ}n)(?~4!=
z*V@-T+t4y-K`fDmKfl6xxW>w%wv5T`eTy&7XfHo70y+&~@;$Qt+~F${iAII{<+H`6
zBoCNnD;MppCGZ-h4NDHXS~j9sb6}Y1QSCB08EJ%x&%ztA1n-us*MCKiHyeljp1aAP
zhBd;C^xXgsv3uu+=@eR{qrk!=)+j@PJ~ylHwSgUwBXDTRMOdlIr=h^RFhL@xaJx%Yw~PN?
z|DzW0`F+
zRV)DQs8E{A#ANTtIehLKo{K7}X3)66&S_c!tOn|13qu*koZEr(16*n241*y74oON)
z5Q#>C8&;fS=coG(c$YU%K+6{11&5T`j0)YMUkn$rz_ycbBmlN*+@8P$``!4#oa-_NQHV>+l}c@MN`;?R6v_EVQnOSPZ
zRS+<)x@}Mbe_h??{`4@d6hi&IlqDN!nLviu?flf-G{>4da-#Vlx)!RSU78w`^fjz0
z$ge~_3~LvX5;007mHdk}f$&~*#Bb8BnrO3M{S`GUPpjvD^loaunargJC=)PFTq@CJ
zq_5D1T2M_7cx3PU0;R%=gY}uEWrr(-CJAD%rn^hvf{UNm>c+Ok({Fs!zS3!C{CWVn
z78ahIjJmKzfu90cihp|u%XFyNrK73;#8a+FU;Zb7;!4?_;O^-Hbvi*W(U+u&fP9*q
zlol;Qdx9rfRbeWL*Aaz^NpzDCD{_&s0B`GcX596*dr0Th9tNq0!f#u=O=+B5poHXkwkMeV2b=rq`S^WO^&l_HX~3M{{Sb>MXo0
zo*c+jjN*rd!B)%L(a&R7q8MV2Q*#QhBJaNpqI3y{Mj1|xOxu5W90yL^+q+)0+9@EX
zJGmImoDccu-n6G%=co&glGo~IYFnOtnzbM9OEkSX6C$&rAJx^)2JD0Kb2rX(n4bab
zcCD?r{hLCRf+0U84kL&PZ;tJ{VuoxwIkfMNil`pjaJJc2&-Z=KQX^KZVJaKc$7@{wvA{CCU(3v|H#$3Dt(7F>AU7Fsh|jEUGe=i_dxoaZoO
z(9Rxu5xAVC(>g^C{w~no6Es<*)v9i(3j7pfa<|;FQW3X)vW%UaClYi_k|e2srKgXw8C(`t
zJp8Hmz?h!Re5`qfQSe0bOTk=dx{dO_C=hXY#vc=`(kFY*F9ShQFn6y=T4Yv*@2+3t
z1r7rsN_8K8Yvp!o*{GGunhayAbR@ZCJ#otynmVmGU?#{+1jRiq*)lLp<}WJZdgKN;
zhZePqY2E!B7x1$n+d-?0UzyQ4&_wF%hlW>tHtaE`;mh%RrQk|kG%DJj+p6Ut>T=IX
z%%6d
zrIxvT??aTNDj!u}S=R|Of7i4FekjTe2@`H09yABu{xkKVx8Xz!R|QrJRwgH4@nxaV
zvkilfy%+_UPsB|$xQB+{
zqS}W_puUB{HyjdRyT)|6Oo*^{RB2AjaO%y70598y$MP`I{QnSJmWHX6>+LKMa(AMQ
zw$T|CgxL{f$+YCZ-xH4ufp0%BpWnx3+D|Zas-Exu_(sjtPMg=fw2+8yMhDu>s`^Hj
zAIWCz`**;j(~pn?gTg
zoW7DKJ8J@W9m!|iK8QF4rn%O~O_^!7#|A5AGXgq!goa`c-h6hf-Wr=!pVoi!tv#4}
zA%{wdw#7)lcs$YSuqQVc{A%UmGx8jy$>eHc+%^Kd8MSJHo^&&f;%=3P7*~Qm^uhK*e%hRgp!tr%RbVsZXFSEqOp|v$Znrh}v{8d8;mhhu*`ISFK{5
zlf9b0b&nEYxuN@q_A#>Rd+oZ`IRRWpTnr<<3|#qGueNyMrjOpkMUbNHKtZXO!NiH;GpIiaCM+RLbHc$UX5hQ!#
zC=b9KM{J5hlt$dduWH-J#k=Y=nM@reEFEzi3MD-Xr!yr$?p-K3SjQd%91I>a
zLtfdGQf=jG87`MEp1X*pJ>@mq@9!XQt>veE1_h9(3sIXp@}IsC)w3U?{S|aqe!w|+
z_P~_UhOI_><6M2^#R#nzLlm|jxRfFj80K7uPv=0`Vvp@&;g@X-;
z{|lCf!OZ($oLg`d5G?Tye#{fHdKW@i2agu3yo1d{YwOanOR4c4(~%E2?WVB5K=gR|
zr!ETetWX5qs}aGVhZ7QmlYo6b+xe$psigrhJ%!Rk
z<>m9cTICgx(61*&HF+38_`$5Ual^R`YmXIvI?i!dlq2GLQ1#pj<;1QAy0>*}@8P&QV$BCLE-4P_k#GQQDGz|NUk6*Mf&&458z9gz;=QPMQ-T
zM|UI^TYvLxvoGdV&-T`b8vE@ps-HgS54((>P`p3}8$Z_eiAte}u5kLhKF75sCBJ`D
zMEEae4BjPSo~mH`YM<3BM-1$qWt@Je7(e4+)v2$o$hUi`cT^dlw+a_N=T3SrpDQcNAp<=I
z%rhJ)NXK33fMo$s(a9A2Vs{QlUxQH1X}k^Ib$;t(@*|2<@{{#z$f=naUs{B6#~*T~
z1Bj2h;}BbTFtp+)%AyfbRix50+!dNs9*~?N&lDYliy^*+SD5p%`rTYU@hA+llU_p$f|t!kCqVV0%lPi*`7
z<>bE7AwEcd9;<-;m5jNm+Oe7OP$v9m26B2a&QG
ztAHRvR#+H!()ZQie%HiAen+YgjGJe?tyTj46OE3Jp=n3EBkIQk7PlcPi4)GkZ(^SAiTnNI7A!8>B}@$6;?CDLo5L&|-+V(wf`>hfCgXER0g2j}ei88NUYg@>?S&Z&
zK}F>Pu~JRYa6cOlztb@me@nJGPP0{^?5fLXMP3w{!Q5@$Pfa07w7M!S0%gH$9ort^
ze0r~@U7Ib{Mj2A#we;EEEvm4jc&FdiP()%vAIIb&VQBBB300Sd+}8FX0ca3yXYCBx
zY1(@<%=`&B=JlYk%q4D?iw_D-#1j@fnU*!=MH2Fs@VWeG9VNX6dtRGfO_IP(sIcHW
zO{}N-=yK4Doi-c6<@zdd)?pV&hX3lKo)42Y=vwc#w4ZF2-lv6X2^jhH?RjVDPC)Xz
z_cx{MOuJ&e53s*a}rb9!=
z^^&O++A;mdrJl0+>tqhDE6F6Hw=5N}xh5A}d`%rA_9V{9n0A_5J*L^pK=V3lYXzJr
zqGrV#EZ~GmeS$a2pPYA0&?eln&FUYBqP8YJwo|+5p`Wy8?Q#-DSF`5IiHwH#ba-|@
zy|>!9BAd{T9$J@CPYTaPr+-{>{T{p3i@9AFx4;OOuy(6iVLnTuDMw6{2c0?{!A3{XSCmUsy2I!%
zukh~%_iU+A#=uCxucLimgZ@3JsoZ69&gam}y4OaN9@)NtHyZf~9EruRSjebfj~sX>
zL(bEmu=W29@zQBD)*d7`}CNT*2-
zoQOH2hP{2w-At?;K6Q&ynBF@FLqZZEtc_u|iwMndH(5+lCKC_>1Xy)qN7RjLQ5Ti6
z^BtftIKJ`#DFTe~DKDQj)u)Rw94j?_Fu${kNuRlKbbVN5KONkjPW~LyOW_=PT9rvq
zB)QIjp_k;8xf8z*m|p7m=1>?Xmfb#!OcoPI)UZlo+ZVcr@-W>gEw1Awvz>hzCQUWWw)nR69mG
zSnJ^YP1ryKYny{Fb;g!>{NcOUfB
zoiT8q9BdEF{ZM-4f=*S?Q_LnvY@Lt3v);M?`lkQ}#CiWNw73U!1_G*U>uMGD
zglcM;--QInKAUeFZopbVfY0aoDGPy`1%fUxbQL1wJ-PR4DyDJx_9Cvm+v-wte
zB`KIuW}LLwi|mr-BUH9v{%7Ok@QBgc4dXhHsn6OzU-pvz_a(@&ssr&GJql#lZ~k08YQJ!=BJbQ-iBM~)!D^}BL8?$jH^^41lg
zVP5&G8|;Q>wp-VVQ$mOBm*U8$3@21Gs$Q&@q`FPTHcNYMrK?J;T{=fLnPsjoAY$kqBj_9=g^vKwPy1_KUxx%E)r()qN9~H%}xlZ*(ESsbRg%x=M
z^KmS%?h|HQ++GZE*ZAi^Yzkp{Lm+6bw6aSf#P_z(I=c$^Z_CYp>g@lo=VlP}S!d^L
z!2>R{!~#`*<4o9(${qg$`r1FjX7NqI+EZBoB7OrqpM_&$%ePyao*P!cu0Xq+{$O0R
zKw_BiDttY`^!ep6P{CH#AK!Z&P@d--lb-u!g?l!xGBMC?nhxI0lq{elRjU
z&axhq;J672WIoG3AiP{B-}(b5blow1RN>&;LOjUY|z^9`Z8rl?AV8X`g~WmvsU7^EL$gwNFvp9`R#G
z6x=osW_$pAhW}aBAXKZPB8x|Z_KJN;T;wo;wJ5Rp2C}t6dxWn*;=kYpPm@sabI@1}
zvo2)0050+v`CQu>|4-gMfevR3HB5{_A8ho^uW;VCpGE@caK*(u$`Da_^~5NI3cp(5q0+0_5ZVIgo4%F`I(X+ZOty1?@H_~pJyT*^-)nf{
zqw-e&AIj_AD>1KqJm_Sh`PIVgWl9q~AMQO#+|6jb+=Ti7TZ9=rFPPhg4tz&IWKVd@
z=wIDmQd7y0y-zsWK=nws2mi4udVSKir=X3M(Q;)8Wwjn#)ReOtWrOiUSFoiau
z5?mto
z;g!(>;le
ztI#Dvf^dNT^I;q$5#ht5_-(053g^wqkRKgXA@VabURA4G&P`(;_Ny@7=d0N(s4;0o
zZCdW*4>?8q-LSa71M-%jZEHcy6M|9Tl{@PIkUcv1Mf>wg?tdnn?|-l4J||%a$o{|c
zu@?MZ@d%g*BXi{y2nmVAXUGnY&cnHiQ!)>Xj6!AjFAN6{-H*zH>;AMbt3aM+BYO@D
zo$hw?a2RHr$$T>`ptI+WE=q8S#S`Qwf%ErR+G}T2Y;gOzu2C+3mg7D6rk?lW1*_);M%=5y&I8=DNr9dDCiB3Zf5BA^>mKPVV0Mj_&*?UI
z`~Un0sRqAT9x0B$<}p516@2QVSU5JJUy~;O;w9PaCz_l!c1G;#nS(tCG_K7Wo*TB_
z;~bqAGkE|F1K)?W*zTdhtmiZ(%Bl;NnEEe*s?Hp|JauI@`ng($#<@%iUHs=}u(ybY
z3b4Z$uj$HJ6S3mPw3817?adXa2@GtrJhNszXiYlp5fOtM|15)t6}Lpbuo0*bO-5Oc
zYRUU@H?*S@o2?6(WjdsJh{kz|k`lvkzD9b5)*F3YKCNn;*E$N#FfYBC3C4D+i;|>=
zO)K4%`MWVupUuCSc94{M#4|EO1GGmQ+w_lM%(K?f72|;kp*^_pV1b5ki}L}5{Axv5x>|Enx2-1VW_;g^3Coit
zQk0|c^#C=q3uk}6O3O;Wz%j1tJlU$W?w9$I2s>0?X+(FpdWWu!7M|nr=7|oZZR6j5
zYzhZnJMvfv<&ocGy9RuIO_uxMhUdE9zx6c1+mjGSURLW2<&>qwq1v
zy^t&a+N>r>VvGWdl{pd{7Mttd!MlBe=k?FI3vdqm?HvFK&0obCzS}l+J+n5J!V8vZ
z7e{s>e}$f#gh5mP28Gm!S6;w^tKG!ofQ<*sgTLTsa$mcnzP7s^-Ir_TFZTZv)Vx1y
zfV}C!J)nC-IxwZ^o5e-NBw#E;@0J1LtJM#z*_3>uOGD}>Wc)XWyyrwPYhT0sgZ+Jz
zVF^&vL-RZD)J>{A-PO^hEXjDoOhy`XFl!EsW0zKG#h}Le^DWtJylbOyv=;#;q`m|@
z6I|p2>~|y#4@)uq3GIk_CDsM3y0NN~<-X$03NIm1NNZA))<|8=UFRIv)Q!h%s+>pQ
zt*rK$Hm0EtMnTibRDV+|iJ|YemdH7tkf4mK$D1l35iQEQ_dCM998l|tm*p`%#MZ;0
z_)Jgdz5{b}*Bt@AC8w^wM&3qn$&Dr?m4jzpKyXcfpPyTATY%?v3O&){ZVpQ!l4#u7
zPd$)d-k_f%URXclbUCWSS({oASy~;x-Wx{yLLFAq#VO*G7i@X}WH9dgK;gnHmG5wz
z+&leX>&qX_HTR?q$CiL~B0oxKzH8J8c-S)wKdPZO^Meznp;&%1^1Y~7*KVerRPV)4k=nc
z2vLJE{KUTa+n7P_21(U~ft4Y5k*kGR0s?QTIgbvFiqlwo^p!vP5!+$%h=}KT$1o-&
zsSC>X82Jg-wb|S~mb|}`VZOV090%IxP_B_=U?LA0nY-)P_b6;$%fIEDaGV-RE=MXQ
z(Z=1gU%FW-VoRVk_a2Wx5l=_9m_lcU79#1-=UG6!A%6G$`U8XU%lB{&T$y)}jQH{>
z{A35<5GB~+$x
z`G-{9a(T*!2UR!9*f3`JmE?>$Mq)Idvs1cC>s((eNCVpgTd!7vLDyp`BbL5#u@!V2
ziM2RwZN<#*`bO8mHl4|VcK=r_!>;+8tR^Cqk+_D>V3&cG(bg%+eqrsee9wFYcUwL!
zwfAC@%GVky3iF{!X`JxUu5QYf+c{!T{V&yTL;G075euTspeiRlDMP|;&sOi|Ca18c
zlxMc9lMFk3196E}F>FozSmT7Xi6~PKPM#C_Zu`ZnLp==^gla!}a>o5#cDbpiJfy~U
z;HU#NnBx4=?<__{&EzDz-t+otAJ~sGR`)R5PP+WXJv8}Wxnvl$1;j=mV}yi@tL#Q_
zUdS8GclmqxTl%D8whHwcNPt!pbyD7;Oy5{zQu!1(V^Q62Db74DWIy0@H3XOg*B+K~d#%
z2>l(Iz-|c&P0~c-BAeTADe^u#29;Gip>>3|R2vgP&4XBpunRK}Ucq{p@t-G{qc%+a
zh>%L~P{|NSmnh9uWDP)}Yu`p;FkfUB@f^75BVTpYk=U;HM+>;#0;mqE>->n8$uOWvO!iUaJ$K3)P@g@SKbY_F
zt3g}oE1*_lH7h_-nxjSb9%gLP6*nhpXznrN63KYG#ZOmpvDf0P2RLmsRoP_&KOzdZ
z$X*zGrbrA=e|gQj7P{$cgf#F;+vH0VYoMg^E?(PUn_z<4-euhw#kLHiB^v^nM0c^p
zO7M?g6sG~PPb2X(-{z^wy$aG3Q*8UE|1`2#Xzo1rlz)jglPyEzM`u8$WYcvewB=^zk2L(inI>|v~;aaXh8_5NHEYtD9b=qrBC=|-g_}I
zD~5S`g-&6fw*~&SGmTd(qMva$nf|!pSeAvJgjAs{idvIAl*C!qPbx!+i
zRle6fFEv!X9Er-*Al%J?`_o)Xe1l~Z6F+L|H~NQ^z$Qa>t2#^y|HNq2t0v7~bawxZ
zB=;givYa=LEDh3ABQ#)92mWd>2p0<=6nV9+FLLqg->xQhCwDylWVYB^!L;G1KxagL
znq$m{4zAw_83@vtZ}LvfBi7cjJ>P(LmXhR0N(A-duS9U;-Fjij@#@drNhP^1YH>Gg
z(QPh=ZaPtJKASF>ARgXr!EM(foRAT;;=y#w_=~~pXKd7i!=tC$SxrAk7u;44&OAen
z3m-<{?rFGUq@K)08krLAgc7_clyQBO6?kJ|GAB#I?&UY>7daVe{nc9fgPx1aJbu2-
zH#YP(EGN5d#wx#bBN$AX85p;hOV*jLQ&|bsWSAgRM*KIr5I?Qb7-}#bY}#!QMd90d
z(#O`8#XKL+N*d0;n?kbbXhwTXtRykJwXVRZBwm)i5+1Hksq~vW{!8lg?e3!VCH#3^
zTjI^oRF>8>%R^HkPcEJ{7M{n6Z6!UQCy^w!%}xA2fa|v)yFeTY*1pn7j=m-bt7}YQ
z;n>N^)RF(g*INeF5iRY)2@>4hEw}}DHcqe*2=0>L4#C+QclSV$0D<7{?(XjH?zZLQ
zJ?GxH?ys+Et(uvdshOHJtEZoSx>t8ao(7z`w3@j$837#vk^^wEe
zz*n?`0q4v~gO!G#KkD$lKw7Ggm5d|j?DK_IcG=kMLxGXO+DVmIEdC1<+^y`*CR>hg
z!4tqXv%J0r?6KP&H2wxV2A|eOK#u7grWB(Jkc5%s_tqHY?1RV>Vl)Pv9ktq)&HXQtYWa($V+sBg{(^y!oSOUW|LMC
z33Yd&c}y_Y;+)B=eC_+yv!TG94Ey@Xk=G0(7=9P6!1VN9rf=%&?k+J2mu}wX
zy}Ftg!5Q7;IEzb#B0p7(Bo`x`^;#&tDNgSX(O=QErk_4PhYD4u)A451$Frw0-3%uM
zc3J)~%AmXC$_H}GT*#tL)gq-qyXyc7K>^og9M7p5q-1TAGP>|FRCH#h#lb1@^JdnS
zYqKHqx%9R+vI)cJN8Wx)60iK@MW1-0*^2|>XiX{(d(YHM2Oy)K45Mwl-(UOaPn$Bo
zrYV@B)#0XoL}$Izr>g%)?1Ut@y?t{sxtXffi0^4NU12)y3#LXI9t^AW@Ux@VxO9&=
z&M2+e&iy&24zYB%zxJzhjC$b!-gsP4SHv;;bC_O$Q&IkmCS!6Q5l>@Wx!`%>&1OXQ
z;c|rvAF8J2{q=q+cxR)3JiDN^V)f7JTj8n@mfV_<ZY$1CmIYfU1MRfmIcVp~f47psl
z8^Uv}snjGw5jKW+oQvT#E)EK4No}S4tM?R>bODNb^KL2GwAi-XRr?w;Qhd)Btf+YQ
zUZmxX0;26narw|4zT$TbZ|<|0W>m~J#Ze;+^O`Dp!I=h(*sUR)7Y38%!C^q*u?|FK
zr_p)EauWdwOAX~MPD@wZhD5KxD7zsK*CAB00dMIr|1D^#qQV~WQsiB%TxP|x2e>~3
zgSAYv;iEcSnire89*5=9rSs?KhqJLady$of60b_P4UE|#N*=~R
zjry)$1g)Ea?fg$sUQBt(KC_*)xtgI~Ws%NjiDZfZR>p5|4EBH*X)mgta2qJWAu0{W
z;5l~vy`NaiKY3|Alb6FR8Q*Uig|`>SNrWaPJo%h8FZ(f){eSFZ*2tsn3F&lXNeDR&|zh@>qG2@gH*Ha7Nr%{tMR
zimuaU6Uh4SXaB_9{Gz$jFEmOKWl!t1_B0>2A9Z~x=O>u@7$hSqa_asqrM66akkiG4
zuGMPcjakm`KPzf7JyQ?zfud-E>KMy|Dqc5n6J?r{)SvvW$82Rqm3`LZT!(B=ZZKT9
zVHLR#IV6*XzD7V7Z|8*{zl+kNd|cB0IQ_WOLRGgH)_T&~S>d>5Q)P&fJWmXvUDQsB
zE%=tHd{^M>cu9433I1`|PieRYsw3ZLWnW>=X0sQczp!ut$;alhQ|#%s@6#1Uii^*j
z-Me!g_jC-to9I1x36rC3luHoP-WbN87WlaPvEbh?tly)MAv2AIwbSrlxd~FPR%GOk
zSsa`O22G83&E}9|U8!>JTw7+;Rz5xbO+ZB(w-gu<_Y=O(Sd!Rzf}K9v4p&y42~|&Y
zae&zIRo}G3^5hY#|4R>Xm6ddxP6uMtDRSDWn%%n(Ek6{ezo$w20B*lW=(kms
zU|I{g(4is)nca
zi1XLfi)y`0QGpaqJ&P&buX-&jl8;?dfBMVy1T9^E;?;>w>9`aXK%6W7;SU<>^?ugx
z2IN{(3oUyhst)iqTXaIl-~K0KP7>V(yG+eLQ}&AWF2vXZKVBReFCJApMrzRbPzpft
zHYvtw8-ExdE3{%Mars|tF=9SZbWEy%*?#rOK%Dc-8tTXniFgq}o2?Hvr{|dls_!nZ
zB5$}rT&c!q4jG$~TkfczoR`U8^VhUH4Sj#4l)mokJLNgqSivJ{GNQtUMCxDL4^Gqy
zr>mo$?UsJUu3hRWgniaY&+$kSCtwyspT4hQe^NYUG5r3A!iRW6`1Tw>?ONf^F^q|b
z2DRvCC&t*dF<93GCiVsD+@qL`WeN{81johP*Smn@UdtECA&+m0eFe1np9Yh
z0)z+t>;J;x(18Ny_-m8Bh~qHQ_BE(nV(S@sn=eY+M!3<%IT00v#zr1QS3!!K(8}qa
zLzN?8;z`7+K1e5bd_e;6hK!_5%lE}yrm;|-lV`UvBsc5(-j(f4v$lLtB#4U3zNDZ`
z`EYIa`cHHYvhFw%cVq@}J)XYqPBS)x?9%{NysBIMJa24XpFAI(U>txKGoM4-$B$Oo
zkdjNn43D_GZ?B7~X!UJ=E_IJE_xycP2+gqfXb41Cx7<5&E~^t09)?}@k;P`ajYGPt
zP*tm;BHjsDtj2>nh+D+X@q09cWk8$uci;QR@VxGWVr>-hsB6=_+>HM2saWg0^*w2M
zU6cg}hvU?IlVjRSmMC=Gyg}E)WNGxKN7cjF2gPBh8>>g1WFpNSC117{B|&wZe<>RH
zdR4)Cb{`3d_Z`{HU-=}e&<<^b09njup|uRD7m80}iaXAS25)H%HpZYR{fJ}j$nIG6
zPuYkqosSHmI`WhSl&+EwZU?^pN$k}_y4cwJ@U(Q>%~D{i
zM65Ie%-!2#9oKCd8wmcu{u~L9lV5shOzrWq(7f%!T=H7TuEi>eqci~>+_%fh^H&g>
z%=J=V&-+}Y-U+J)W!ckDVVVX?0C;I!t}C4{RAG+G3-DqEprHD}nZ|PZ%GtR?RV&dvLE&o(
z6{u)tQckMgU;)$~q9M>NCKneK%e$fZo3|onw&t~LF#Gk+7}&L%`2SL1M1hTO==6WN
zuoRdP?3ptK#{CCU>wce2ER;{<|4;7^WbS{kXZv2~h@*x)2>A4G{zY>Dw$=2HxH)~X
z9kgc|A^XmJvfIrBN3`oyt`}h^!Bcd$-~??9)lh>7?^+-~BmhtX#s?-A^%zjEKSpP>
zvNs{ONCe%+!gWd@toDo056@n7YZ!LcxPBQ91fa6xj+s_u
znW3P}U>$JZ(3VeO*Vmgo|4fZO?W&U;3{DG|g0cdl_5gG}A-%P6iLfZ6iphQ0N>e@T
zl_^L6`OVHd)Pmlkb+7(s$CVZKMk>AG@i*4HaRd}R1tn?KvxZrYXEP)zeWz2E*k{xZ
z2G;)+Ek?pz7+@tkQ?ufxfMM#*lfrLNZHVfB&<2!QOR4UQ79Qyf
z(W1?#%kdT_XyAg5QR=l^Tz)EX^YLX7;*e3dNXlIDAluS9b00yIvOXtM#^E
zS#lC{it=F&0XH~W#2V<{>68n@8ANj{U%l8uC=#3&;!
zZa#HEd&26SzUC_qpSE9hZJ>QQ6MK&+R2@=61zj7#*2?o~mVBU&p0EnBvSP(S;F}TuA7e^D3_{{_a^887nd&J5>8d>y)}A814j+~Eu!|FeL>SsVSJJAS$D1jEe`!eU>({lw_)7gtV_<{2
zJ(hSwgzB?MWfd3S9dDW4N^asN8re*5v_vG;7
z|U!GPFJ?AJ=I5bS?F&{OR$J)#0~;i$lZAfAf#S%JmyK;k$-
zcb(afc;#u)n=Bl(-pTUPO^i9;cM**OXo#befH(YdPr0U8V{G401n}7S#6wZEoyYT>
zrfC~(OvX!foN;cpz@pVX`t?)OF&4L_2|Ysvs7XMO(Aca05M0_cO3?{)n7U{4Olm%X
zH@}^dTo}b@V*Mz76pSyYP`7x`3O9F+Fg1)sBxzK;6R;-#p~{yp92A_mg?edEI}4k!500zDcq8z?*RYcM!mD8u!3StqcdlSho(*%+U8vUxgk3fb}P&oJXE_iKJAU$VVf5FNiVz
zA1!w{tr0Yiwqb!d*bTJ!A!~i_{>^+jv|NTFutRUO0Q=0a@A*`oo-2hgE>xgs`55B$@7Bp
zdZsF?i&n|0ei6=x@(#lI6ljUo*PE5tYU=ra#o*#2^o~=aAdPkJ>xT%8owNv;s0q4z
z^3RAQSlGY=1cjD1A-4}vi>);Uqvamu4~kbWN2NgmDnxz6Xs~A>TA^#*YhV@St{H%$
zQCMb9StQAy0)fC2E3UCe)Idm*QB9MLjhf>vAiQ)jb1MKbsLFI**VhGuDKi03rRk>
zoHt{%r@Ojc_G(PoSaFvakk|tyxNe3D96~j2~;8V^Of10Q}|!-j=o6d
zJJP744EQA9;U!#MWwI6-x4L+tI(7N`ROZ|kDf^AEu7UH(lOD^wMmQfC^)X}Y0buYqaik$u#ZrkYl8*;0j*WJSEz&HH6xY_>bnAG}@GBgX09zhSZJuDtFT
z)J65B6-p!j$X>%SLs~pWVdTORTt^>-7@1~fYZY>>7@wX3R)@dpw$FENlD6^_1jI^%
z>_SrJYPKwVl{$@!cNW9UyoZ3d2NLHvj{C4`*AEcIf!yK}Wac^gcAZ6UtqRQS2nq(A
zOkELw^U9NIV8t#WCRe7POt_87tk81Tpl&gca8;*inu|=x2_nV{mfMxP#=b6y<)5pT
zT#~3(U|*HIyKY(dvOCcqs2^q3QA+yu-R*vlmFTaM&B(@gs1Tx;Cr4>dz?d#L1ko$a
zn5FF*G-D}D81skJxNfjn-}J3=G!t0vP{Zl{a(_^%Rg5r|-FPRQos;~0Wx)bDyD{~?
z((JuPyI=;gy<S;xY?|cY3{f4+ZQ>NEJiC6
zyFr|t!R^XAG;BsIlUYQqt6_|l4RLWESdVYl@!v(AXH_cwMe7$}EhJ^I+VkcN)`sV{I`*9+McXYN_=O(An9
zyR-TrbBvu>%bSCZGLy4Bmbu1-#tbl}%TUc@T9U9W;zea#L?HahKoQ@l%588W#OVtV
z+ow1#E?1&7G{usd4+zxsKAD&itHv}%EwjS?mXnm>e+L)P|F@D|RGFhU&=+x|Gz>sp
zF?H?4Q$fmDjA!~;=N}Wc^eUrU<8swsQG!MWw6u?t+)U?)4D>7#D~J(J>*&qY$f2jG
zBdD9XvK)e&dB*SM@3rM`idRByd>A*sH_?dZ`(tococZo1XqocO-v97oqPDFdt4pC^
zgrze)%d9Z=Fp)Q?X{f8~_Q)o=&8?X^HkH)x4ilh>Fx|qdv1ICh7zXAWekgLv52Rit
zQb7~OfOfe{W3KkxAJY0(ReU)5!cVb*e)mhW(_wX;S!~!_jKWY%bVz%VWTOg|Q`19P
zIl6g<_BS{$&_Ps>SBBv2M29NDPC|wLkXmY#GgGq3ay>Q*-MlTovt-7kR5T<~Z+Nf3
ze;r<0bNRif;n!(%<#V(_`{#{FjGGdh=tRec!3s?Cp~uS+%$kQn%wg?$lkvcmFmW?U
zQ_$T{jX?YgmhnTFpCZe*^ITKQe+aE>^hg{9CKm?(Uq>Bt>&K||z1U@jr7(7;2c~wH?WHG?!(Sxn1?-N0s3n0
z>u}!b_@4%%@ocS!b^N~#ddu1fgNA@%Vt*h>9-8QUFT<+^SWMn%<9A-TcoIC#-I2Kd
z^|x4*PMex1SH@GYP7kmdE;VZMi;|n9;GRe{U4)+Qx9Z8E+2b
zZVsm}N8$CEf7)-8ZPwa8$fS-OW%woL4CMeua?BPvms?2;LB-DWXbg*^?ardq(RJ$E
z0~DBD^n(5bBbjbYhRg4y07o}?hvMPtnFLvfVs#O2Zc
znWORwNOL7Co-*w~-_)>P!9Qph|Md~!vj5p@bh>eQy*kBfxx;dAkPQ5{8R(XK@Es*u~NS0>w
z1((Q%i?)kt^c#;?T$qc2#D)9dH9Z71jjUd^A#6QK8$0*<+AKmOhkoM)WQ6%IdKGk%
z=dd{*dz($(J}|4hp7PCh0TBGdRI+6UwNroDY^vwab-U7Y3%=g+i*~u--0qo-{TU0=
zXaY+ChwVbWE8mj-HZ%_eEOn`4W$gTESnRT^Ckcl|9yCDQm*q@|!^%(ZUd_=hRjtxS
zQ-rc@-h!avJ;>iv=M0u67Ga4bydT1zAa->laWLCafrkvZVt*}k2u5~2uipAp=Kc#c
z2+zY*S5gH{Ao(97{E{{Cn0pLtKYP$}?6ZLFd$64=Jb_OjLeG0_g$#T6q$B4(U0?f%
zX>ig|`$7sjKiGh7gg1|v~rgMe|ONmBuo7pIQf7jZO0p!hTXeLQj_F4W{nm@+L
zF+~hQ*xSH4gWQD@6vnEo@Y91PQf0v1=^wv6SgNMP{dFf5|xy#o2)fuW4}b+DBGjOiwV!mA+VBy9{C
zo?kuWa2-$h=j3CD=yPNifNdm7eVs9DgCq>}3k@SlwPj9^i&t5ERC^gI?=lW|eDFuZ8n*Vc_(`8olJfeVn>XRK(6-N6
zVnszQjc7K#%9WMOouUJ-Bqf8f<_;~qIptICB*e1SxDBdKu2$H)gXc=mT!~+u
z<>px%oB82SMN)58ep0)oyixce99Gdf0U=yb))cmDrBcC)F-^
z2TX7SDn~}2429D%!=*$rABy|KVrJcNn}Sk*l3fJ|twC@XCsEebyH10x)ATRB+a=I_
z>U^Rpgai%bASqVAJa!|%H#^6ihFq+;FJ{i4^@<&j9Y)S8{@uk}74C84Qhp6~X`aqw
z5K>J73V3woh#YZ7&MG;F(Vt+xs^2829Wqb3;sTrC>=Db)|LcIhb->oJvX`{oMc4wrcu}MWr6b+Jnjhr5$$34!t4W3(OZvP8
zA>49_=g8m&7`q$Pa5`8aL+j@sdadlwr(Z1N^vL?L!S$-*M`75bNVRXqk19ft-#@I3
zSCd3K>x;vPSkydP-bcKCSpq3q>kB`6S+qTA;pImhJVQD%DOZ7HtaS;FzVUTsK{s=W
zXMZZ*$3GuGBam2K^bW-VtA~NqG&9{a0*~KhKfB)0lB}yHk&Z`21rB#K&RKmi*ju<@
z9FAexljUE2BqAG+hziVt6es2*`ro_Cm;AXtO3oLM|p;FH78}~C|
z@gK0n%{7-gsiQ-not&AF<&L8Cc)mQOFe~N!eRe253jAkretX1waD~gM0jBl+W<>V;
zvrZBC3qY*h^>B9IckQ@vm*8cfL9a4APWag-WF%tbWyNgA!q1-T`e$pyk}g0b=5>(}
zKGXYfMSZ7RydCI7*sv9fm^7M6FebOCs$-B|J3Wqy`?OiMwMxd8C&ae#&jbi@F*mGW
zM?l&*Rf^fUP(iK!Iex!i0aE~A$Bj+-m!Lf_cAc|__*RC(_*-|
z1j-nE;R78!!FVsrfLr2uF$+QC;~`)GAeyo)0J7=p1PU^$tPFr{g1dJAfx&6Fu#{IA
zcgN>0NB-IEu%lg4*ye(_ZN43>76`ii&(~&wp}7D4Az_;%TeYHV@7K_>kyja~cP@WU
zh*KOC$M}}f-Cg>BX`lZ~bgY#%ztNhiMy*)Nh+yUjN1%!c}y4lq%#jmmOfz~nH8s8B4=iq
zwb#0$%Ak1Ln0JLD=g3{*(`qFNYG@R0&aVuRw%BuRRn`*4Jv7EyY~#wRrsqPJdJ7DA
zxt-Or#VC{Su2KT>m1!MGruMRF!?^EXbh(uW$O(NEr@V#A_~MKJppM7!i|Ks5^P|#r
zBF>97FWmC%!rpmsn>%=Z0|&TTIBz5JHVWdPYL(A{l%S2{EVqqp6VQ_U?d{58mF62s
zaer}Gzf!xNZ>~o@2Q%md8A(@h=!%Lybc$CVe-mwxr(0>cqW~mU<}4<9C>+Y<%7HM_FtE)h??f>Oc7p88rht`KOmn5fqqgGsnC_Bv(^QA60D0_#YiO4>nPc}e=+3<_Zg?xDorsSXv%0kBn+nMdk~xf94GfUSN;x
z3QyCe8#gi7@EK6g=zUZzQ}O6VoKh#llg<5W*pCG~I44#7z$FS8jP=;xrvC8cCbh^H
z6Y*ejPyyGXP-y<6{K>&IZ#M|*0>Cc)+zBpDhW(u23`ekX|FDiVGsyQ~OlJEi0RLLa
zzX!6lZG?iT_G`T_1*+OCX>vE+6W-V0JJjDh5zKTw4;twIJ>3Ca_6B_8C&dj9}fL?OE?(+2wK_mc1)aA^Gy|voM23v&Yzzj9UU#?
ztb1{s)BD-})GdqglHkVSf?|y=ud-CZ%^)1tUCq^UT=ef9i=hyacbCDODtfUIea@etfcV{bnuO
zr-*RA*Fp4x_O>rvunA0_4RgR;!!GY-Duj>xgiJlD`e}W04*0G1avINorS~mG&ger`
z$KAQQpY=~`MEZb?dW6Tq9BTQDoD7_BEG{JeyKd4hzL(W@RqfU%LIL2C
z1GuwuI<9q_JR47lCm>3OGo&f)A-Mk^1(I!hwIWZ15gKFJ%A!t%-gzG?XYd|z
zNP|)=qb4`WwRgIB6>>mEgi?}ofH%2I0le+3^f113A?wS1_@>9RkAN|jDsIW0;3-CW
zkLxR&O5P=_1TcF}qt(X*%Z(IJ_ag2OB^-|0)pS7LMmbV%vo$%Og3UNRjW`
zqI*RbXE{B?F;ga5v%G0o^Cj(ql!NZ;AS&5}0>NBbV5(Diw#@mK0{7WlrV07c@gsd<
z^Ax%>1Mim6NefpP=~J_Qd=;*pyYj7aj+ae81WVFkCM!7wbUB|b6i(9)
z8UFR$gV`Hwr}vs<1o?WtCcZ?e#!j@0PCiqv{VqKufu_B|Cv4g}bkzGal>*dh8(8ygu2skJ$QBcW|UtFtD-m(Urn
zkFi311Yd1E2)9t!G@J^3NT|ayQ!?)a8WCV&uNt$krB9#IsY2nKLZNY#b&I2Su!9$N
z2uw{J@ddEte(-K#l)URD|G^T5f|>gnT4-*Pq9%%%mv1b)B0wQh<8dlb4}^3J?vW26n_K9RMY_DYu9lqXUHkjnHjMafMA@|NMT*-$}
z3?HeNzWN^Pvpk=-TQx7?;uLyHdLTHXKh-?A!S16{{^o=elup7-?r@%A<1zJKP*A&{
z4-_y^u51&8+f>*F*|Eu@aDJC-%uUHdUf$tmag;aG+6=7rPenbnK
z*H*H*K7SBNl#&A9Y(<~
zauA()k20Qt%x8yHsY3>4)z2xDGx9C*m*HVOHDm&n=I-!7jZ{aI>5_%+ILqoXTFfQo
z3|fqj7dSxoKdz2M=KZfgb7-^0NhtNnP
z6+Fdfr|DC}1Ka}NrL(+MKK>GLsiw2QO_E#gyrT`jDRlQkO&ph?fHq-7woa1Z*P5aN
zkX}9UK^`v&U*;nm#@*fhD5pDCC1FDF4o>kwFkPvh6pU(pKLawicES5vc6Uj6?sY#hp&5u6BX0s9a7?#`u0o8@a!a24)@1~lMfwrH#
zY8A{SX4IVfMGmj8(0vf7>)u-tDFu(S3?eMQW&FG%d^esaBWDVfcR(EQk_bZwRY}A3
zRd?4Q{1l@5f(SrCi`jp%ddd92`#I6g6iH=Nn*AWD#UNqRE5jZoxz|&waoBq1{ch;c
z)-`h$V)F?)1y5qk2Rqe4#Wdgy9SeMO>)`C{EH5LWz15(7fI)<|=X6Bm!4IVd69&VV
z%0y1h8_@8UArF;@xCWK>E$9@BQUa!b1zT$BbcUtEUWuvhVN(>A9hU(uK^78V%~b%<|meXEr$v2o~j2_
z@#=@+l;X|J+g)~<+u(HuS_M=fYHCuEEP`cGoQ{Q*c<)zd@~l`%u2Q`Wh3C4>qEslC
z3S&g*Y@iyWewU2Al*{4TFKGCM-tDs??Oohtk^!+m0~LeDW}GS>t#eEyk&MV_VO5`A
z##d<~X>4xdZp630s-(|psSq8Iw%3)Tf$eF68M7AFrf$k`y+!$yJ
zDxoABc&)g6!IKws$%LjqADEkS1Ms%-#H{K)Ck$KifWAvMZZ%LhiTPv31GUQa2plNc
zGKsj?Ql2AkHzNp!8#kZ|h2nyW)*q5OVG$kE(N9sBH}a6vFjTnckt~d3D!m%UqrXO{
zaRUI{;;vETZ
zBNd5Ec;p^Zo9!BB^$*`12deY4^Xlp6^l}3xg`^Xm!1_VHN%&c?$dejiA;vRsfGt1qL$WwF%Yi>BQ{k9@-l8
z4;a+5{fyJw-AbNrF%!;&Q%m3uK`mnYpR?()@72U+)ueASu|M)7bNxtD>7@+L;D95U
zosRZ;V`1`%j-6h#Hl<0F^eJ^4X#^8aXY&d)vi%eaG%>u9
zsUhQfpMq)4uD)fV%h)7J!fC#$V%a>M&usCfW46rjuGaJhNw1QM$S&n$D(QhWPtJao
z82SA!Nf1Z*brQgLRnOK>zX-G%t${|Y{FAnc>#IC6g%NZe~K$ws51L=u-_|!GQDE3f8yDk^#f+Cc2S**3kxm(@mTv>
zOjV!TCtNxO*#gvc1UCnH|IWd0B*7xNY0JsP#2Yt*yOP#!II0my(&^x>KKjoB$^y}T3NAa1U?RK#;kN^+KD}_
z6LwTgFJe5mT;w=REvh_w=X5mepTfVqeC+^+7TxKPIqII?QcDBu!(YCIK1l$Fhy{S+
zcI&GbkC*M7PGY0D30OQjLNZ>=GAK^NgjdE6pKrlZumcdSq&tZg8>=C}!o{s_LfO
zfov!d#SqyHJHsnID`1OIoN
zL}5S^Q-vRxc2)Tk`qLO>e^uE4ZJF#`*w@w;p#5d_
zN|no}DlJrY_Rq_?jhmZ~gqjYAJ%;XYsLTS1m}XtYV4{aL#f*5;rByZ`!&b8uWA*K%
z#OrMALH5E>R^(};+8u4?CofL%;KG*^2D*!A>$+~oLodqD{jS>N6H&Aq)@~B$56c;N
z*=QFY{DtPR@BfOKgwcDN;r-1~QDyYbw){SP57Iw8kyEZvs6B8IC%-62l<
zg7?Cp3id1C(7TMrWJ;WZ@fvYEg_OEhlJz$f`3AWYoOs(4or_8GsS|Ilp5V@1*ff_w
z&cwbKX9I!7c$*S3TNEdtuNw1I$T%4dF1$3pdZYwxZeOAwbt;i)H26!lNL8pdkMaAd
zK1G8tX2i%ouEjC#_H)f(b~uD@a{d~I;UQ(
z*KO;Osn$Gfb$pT**){WKs28T5smRS@(($%7$rarWE5ANP&-#g-tKJa!KfA&W$WLFS
z=N|tfp%~!lcu&Rn{B-M!%sD^&Z1-FBmf?JA)(YT5Cbs2y&nNu{qooGuM#kE>SDF>-
z5F4;hjaVd{s}uxn8x2MLtcksjF6nlzdTX~m88{k+Yf$)1x|wtbqoVrF`JI!qNx(vj
zvuU~$zKgTzZzqf*?LEI5hm>4NCKl|z6)^Pm0?N@D#o8RS_^r7SNwuk099sY|xqmTt
zNIZ1c@g;)vm~y8ZUbM*(E?~=sRg{LB4SdkwV1J`u_eK806SCf3HDcQ&+98pB@GI*h
z99p}7G_uKd!9iUwT&p0NOJ3&}i~Oe7qY3S{wQ|nOwn7yfzn_QmPny1Rn-4ZQYt61W
zji*G19^W;OC#^I(!xzg8=OJBR`L^
zCQnR`aFES+9x{{=h6WRtl0}}qR?I020vO|t3MvG$EA6Mq-fE&}){hU|-oM_3rhj|H
z&pABBBApbVWD)9Pudq4SO#XpCHJ;9v>cpUii&s6WonIx#lsdf-i$cFAqpdnI?z|GZ
zz3GCqQ`EjbS!<>1YBX`A_ZMU}dm1lhz(AW5Wx^wAh2v2ih>KRCizPnbt=ecL{?*wK{+o=P1!DeK-0#@BbN
z^$Ueyy(HtueWFlTHe-RKQ`_fA_&dvIMV-I*aviwh)_!!xR5Od6LyMC~r?A~htLJK8
z=}S;b<=SiG4Fx@v!FcfpG1lJV2bfLc9#ISI;qrz8k~5@z2g~x6g;l@xA~1o9c!J|m
zC!O&$NV_BNRi-1)PPHTNlIOXFxz}p6^7Y161^DOD^*M6m+gtBEth72PetQVf4Z&OF
z600}W+ug*IEB~bqziksMk6x&5?gOID41r?F#$;eL0_f1@SEwsAbY~TeA=|m-NW2%@
z3c@$}7C^IxA3TlDB2S07i~VacWM`zUIfaLb#pGe&ThWXE7eu4lh+}^t3Fc{GW;IIX
zOHo>KeuYa>2hqP#(HwgsESdPaYo0sse9A%=$OO6z6Ix&Swo7)^HK*=x2?ES`&Lca1
zGgt<{f%+?gVB7`T6q6L^<}ThvhC)C49#abKzLi|swE=^OZss(T571bIG-5e$)Ij8;
zp_l4okxy1z{yl@4abWQFe59=d8wG=-p>@As0<{_|BRu@8-(X0c{}8Vhj*LU&yvc!1
zn0McrfUN*^EHUq|PfyiD5sQ`h@&@QN%sfvLX0q17>ZXXMGNT1J{uYdE*w+3jn>W#}
zx&~LxQWe`b-YVR@uQa2V{pJS)R0w%VR|@y>5KrZ3T+C?{(LgoMY=x=J2*8n=J{3Vx
z>b@;Ns(dL|J~j)7B~?Lks$rGBB-MfF@gm9#b-8`@SAM$cdaLCv%*dIN)QI2!c*-w-#Z{)FwDmMCr*
zey-KB+1-&TFZt5+t`6u-_!FJab?pbH@<;Wfp(#|S50RAwX+PP6`@M8*QhW|j!iPpC
z>GT*H+!K+384TnIoH&EVk9j;%VXU-%TPHE~xGv!f6+!}JLCw{KU&iG6BbL(vT#uFM
zf4jC-EJ!>!daQ4PMyxB+ikg99a+x_>W=w{T>)#b=-Cr#d+|D!IZSR4%&@6YK`|gw8
zSKiv>TTP*Itql^!;jhuj`TJkQKODD3k6HGuZTj8aJWa0;u~i*8w7(viT^(JdW(Wd4
zygs|#b2ZHtkq7*yw?Rn4)8ujBq7kRg{zJx|6SOh;O2U5i@sJtfOa${c6|0aJ^LuEc
z{CUnNN5>+cy2${4V2J&IUEq^1c|IM!S+7rg73X;CUOJy^47fo!AfneRL{tM)?U%&|
zGl`|@ml&n;f0UlG|M5p!Qq&z(8(pnf!!0^I=$aSm+^**V>7b3QU@~dyV|^aKeDc|B
z_Z|kUx}z|P8r*sOJv#q#qHjXbS%+=&s!6)DPxF-4m5j2H2ZgMz2U-3cTtB1qRr5F-
zzv%w5el5_7B-M7KeGt&4bw&wxG-L*^2T9X4dSJzlq{%26|C(Y7S4PJ6#N*!^>=yyf
zUw~R)?*=>+m~4j2#hy*ir|)t!aOmAY7PpA3wT`+Ut*5n0@~K6SQD|5wD^N
zHHkqf$8V|(S-xX3tKSGcd!~wcez~}j)uB>HeoRk(v6eUz%un^yQ)*Vli;zqFKntxh
zSLD2?8nPS>`Dd<{UyG(j
z#YTEKkI9YA#|jnhGup!1T<9zpARV_Tt#5o>_i$c2&C1Hk0l^^svYh~8^e|n1QphgV
zE*G0^;cTNLC+B8+<~ZxDlsS3Az((1B$obvrUV=dZw!u2)^%1
zu{FfYK%8{gNg`dGpQ9W-wDqE<45ro(Z!*asV85?h#)FXvi_n76^Q!Hag@FY~hiOhu
z7@_V$txx>WBT7f7+tE$s`9tR^!|R`fB~D;tLq(@&oh=#6{oj4%c|AyE?`5$eb#;qM
z&n^jMH-bgT(?~UhMab1iH4+yF-sO3|CV8CQp=vop+N|*%B-ClaSe8zeK7-zicM@NF
zTqG|?hG}nkulyh^NSW>kq;edg5}>@RPswqkh`w!bzo8U?o^v3WjZurGcdCCngG8>%
zhC(DhKzKNQizI!s7+Ro-ZcztZeI;Gf3!1VU@sZyorsDTk-@xMYUN~~OPbPRT`+$be
zCh*U2FA#Lw-#&%f-4=B`Z)Lx`-n*dqzVXA!NUk%j1!r*j56FTS`ec;?H~wH%S4G_C
z)k@gi(G#cYPFqr;%sr{|@H}V_lpp2!H!erZYqYAb
zWlrb}X|0$HR&pslLfyJYJ=cWd1X1?<3~{&+Q5Iwdq7i8_N-mUz^a6tAEX68+y28(3
zcWU=N8b0EWJgu(|$30n6J_L$vb4%3uc5+!jzys3WgqWP+$XS(1+gQvA0qd7Y
zIh`??`Nzkf{1}z$79tzu%}JIRr?rO#O*2&p##jQH8}A4Se-D49uM%7Rp>~=6i-0eE
zkB|Wtm2X*E2DYC!{I}s{LVdv*_2Be7j7X*on6OtCjXR>&Xu*Acf1<$@suwv9XP!^`
ztF$p!+-AJQ(gPc7w-%x0MnU*^_G;Ie=jAl}g9MMW06FHe-Z&c=MeU4|0;=-oN8LMv
zLU)&maojI{s*oylU4sLND!(40BIc5>-xl`3=G!X51|4U(f^LnRR-*Tjh{xfgEGX?)
zSeg1NW!=rUFY~NcPjW)$Uv}1_7;y4uRmEF3ZH~oh%di>cOvun0zWrHu%LrI`4zE5E
zz<{`j_e^L>@qC*zv~q7LiY)_rh_leX-m12h3-5xVTX;Zc<`3GCr{vC~Pt$$5w+h`E
z2HKC0QlnA?jhP?tZ!dQj%Ia^=9Re&kG6@j05VIE`eq%bo0Uh9AQp0L?;twf)3a3Y7
zA(jQ4YS7D_^K0>R_1Nz?v(2k75-qsI(@_oi%4osX64nn~^ju2V(zW&e?=X%hm)5cFU#zX1PnHV}p(+PB3ut%)5Fd~foqrKmVk8lA`Ze`@y^C
zA&1#h5Wh!P)#DMY>UR)7?Q=m;V=^bC;#P!TgQOgGA;07WeQE_&Ku$d#KhdTmZM?2i
znIJ2|?4TDpSo@DNhe~&j^6V0z#yk5`KdSSO;QRLi$JS=&LLVc&aABv+8=Hsc_Rzmc
zPd&TMn;x(|uC>cwKkrwc_(cJr;>9sN&)p$jKI6}HlHW{1EB`e>>z3`rLpLDB=(vc+WdcTZ`ff@cTx94vdZL6`
z;>7hx0MWnvW9;|1*W00Z?OTF20K=`|6)Iylx!NL0k5l_|2XmgIi>h@&J4Z#2Bxl^x
z+mfcfeLE}?58>q|v{jYX`(sVv0d*fbl84)o@sF!`&hpH@mEjW4+$3?kC!ZShL_xTZ?P`l#k>z$f_K_UW;Op;;Y}p}s9-
zYl;lAGG*N3SXp_hYB~VWpUvs{4zh3z8HbLYpyorC3!(U0ueGl)-=0nP_Y66^=uyw$|T(CwB{%qpDf|
z9{`;|V!z({L;0zrkg97B^p^@I?58fdcDtd4wIAtbO@}DGtZC5)vfw&E>2h7`$)c?5
z@O0yJjn4a{aD9zjUTe#4ILX8h?#7@#<(G&f*4k2YD(&jN&GEAgbi%VPKWx2Q+gORN
z2f?ekSv2WUSL%~pC`Zdy$#cBv6Q71TQ%mb61ww9=}i!x
zEUp?jC{e=mo4TVeSwkme8GkhZ2wFAom)rzokvYGN?MdB{iD)GE9V(Idm%5__b#zJ!
z9tou{wBYykFup}){0AtN5LN91#Td9Q{@?x0a{kYa2kQ@R<3D_ij|TPP$Z?y|-u~V(
zXM)+^*^MOiko@=!axU#0?!DstZ+G{17+M;ejdlaUB3cjVq~h|Nio??2?r&-c)E&Jz
z*nW1fzq9?~1+}n!yd6A1uDqkKwhwooMK52!INp2pf_l-oV!x@~xqJMVSGyB;u^jJ;Lp{llvF$FosF?>;NNdnPj6ljm?d!Q9$c
z70^c7Yl{kD8|Zzj^qxbjooshN@A$6P%caIi63(N&QB}akuvvP!r^@e>Kf{rS_0uR;
zUMzS&7dm-RD)1`HIU^@e<^({OjZv<=s)tFBn9p;R7*kVzTID4^N+xrK*2<$tA@1;1
ze1_?*mB)QF8+Oje8S=25Y?}x^N6GR8!jcE#Y=&at_&YkBo{hN`?kMsZoy6zF1M)7d
zmtUPG=XAI6yKslP(~)a%Jp`lfY#0yHj=Vg9@D?S)6_7Xa_zZA=f9?f5@$hDS{>`-4
zORzngpUu7NWK-GU0!+(0!WUTO&9%8V$TjqiYt0YPhQ3kpCgrYL59VHdPuLz9V15wU
zXo8)&->Q6blJ$BRVs*U}hVISzsw3XDjrqZg#2c07-+_JM;Xj;zCC6=Z{tYomZ%$F+0ru3diT)^W4^Mi;BSzE<@{7puMAs(#C;VC}Q=%aI(mc6)9D
zV>kyA&N`iO9C{p}x!P7n3*4WZO+G#4$!wHgxb>b}9KWdT^||&gQ=Uhwa1MYI-Lb2F
zqkFivHuu)>bvQThbiT#4$~V?xI7FBm`g-AtBAUN@(W-i3?ajTk0hV9r&TWQEJIZpd
zaME!|yMSlu{lvAn7A{rZiTi#v3aFka;*&XaS-6={qJXD1)~nwduG+X?`Cf6-##-fD
zI~j!~_pc4hv?|}~;o11C@~xtb>Nz>IvGJhty@B#t^{{ng*UL*
zi)`K57mVCmeu#XMC|eF5thG{Vd9d~f%~
zv*`Kjea@k7t5CXi`PvQIuDaz5qpKn;wywqA3rmFPyUdtGT6`CyFWyg!D&cfdUOtS;A94bE9+I0rOG|UK<})1f*cu
zn30^TENjMW>l|3yPHtALn9Z0uwYj%^o|sFXd*xPwIkLIecG@=|R*Y4*ff?z_Wne7T
z3TGl1hH!W_f?>2Jq
z7KeyDq^f;`WRSq+74`3mXE)%sgx#uY*sXZGdfD8f7jLghj;R{edd?+y9}vRAB?j*b
zWU|o7#hL~7GZOx@yeK9b5!p!9%!;&sRS7$g;7ZEv2Ph2^kLuSzX(BF}KO+GeX|I>D
zUZMB$P1?Iz7`_5q^6U(NqLcyNDh
zo&K~o*6**i@2_nj|JQ@f^;`b$V|)s!M2ny8=qrMQWW1C|Urtj=-n_r_`tWG?=!#l}
z&rQnh5CkF((fhS|FWNrM;Z!-X-v_7PC#=-6`17x5^mOS3?fxNpb3SuXm?Pn6|5zyS
zRd$JaK1&eZF4{FencRALm5nDBa1J(!NFS1(O~=ak@Tp@Tlx{UqP-j@oM!8b
z>6v@89UW&=m*s0;{Yzd5Yh4(rK8p_M278+(mxY(GQQRG#!O;IO%LavaUz?5L9+DRq
zUcF@J(%rYE{rE$4AnCp^<0ElDdOd<(Z+K<{M~}~04uC>0li^fHh){)q()5
zd(jaaz#hX908)=<$=jrl5I_Z}fWhlmX|QlN0q7zSU;jZlHhr^zh?0Wg+z#p_SYPum
zR=JF%CbOwE(bC=o!CE_0PGis&kRP3={VdN$=d*g0BCezdtgK3RWb$|
z8s|838SF-K?s_zBi5>~JMkhfcvulFKdKWV1EzVm~%Pkw@ZnjyPb=%8oINYBbq4tp50l6O$@R$73D!4xrh$J4a!B&7i#4Ak
zTyTo`#YjfQ!F=6O#)+2;fFq5|QJIUHJ`cVYnNyHJ<*ko5Z#1z=30|=YvBaybTil{X
z!q;gs*0H5y42N(eUmg;vn1(|0?WLTA(1j?z%z{;SSgG7)>A-Pv3iYoHPnV18hSf(q
z5GHbTqz>PrT$^J~p3dOhOABm^>3XDb!_R>|1EmP>4E3_)$M+HeHE2*cD#MB77L{2|
zCED*bXIIXuoKs-H
zJxi#IKH)XmVRic)Wwi2)d*VFLIw{j_vZNgQH0X_!p*iR9*rkIQ#GP?gcO$kLbowc1
z5T2XQrjqh?!BvV&LD&Y?_|u6Sx-=K8rMo=~BXKi)9wH`5Ys&N`g3DNpXXfIAbpDf%(R2tn4x&1)&P!oKri0$)<&g7w5~fjQjoEQaecS
z7MwqRd<}_m1773$56bOer7sD|({hUIy3S}ohene_#1dM*;oxp3>L^`~&e6=PgQLA~
zLfYZr$X{Yi+i`n9E7~aIaN1Y}?I`w`ukq)wCBg-C-j>%^cwyYSyn%auhYk?PsAcSt
zhVE5}S)r{mTAZWN#}|o*tse0n!*1V>WS{OK7pngC{@yp#_Su?P4ERCuxUQYj&XSJfZA^$7qtJ-oSl3moe%+|VuEY<<=_t@|
z$ZyL@hRLv{+gO(z6a(CKsa9<4<$|=|2
z(TuybZ?t5kWfde#_i{%MZqnqy&qUbL^+$l-9BiyG6eYCqBO3Hj*!U9G6}+VBRutES
zXa)%siWkA6&ozRHn_-h@l^3oO
z#MDZNyz6Q%^8)lMgVu1dwRC+CcekIt+^t7!x`5og#|MpP2MDa)T(P<@B_|5hAf6xD
zMM6_h(`S;ubvbP&&3ZIMdO^PZ3sYJt0N(*Gy61j5;UAv@Kjt<9NziCL$SZ9E9W|yOcpn$$f0EaEP6qh(d?D_J4lu^1sRnRP)B!5JGS<5++b0np+h
zMr)L-bh_S*-XJZR
zWSH<&d2yLI;$(ZvaW2u=9X$(vWJ>oFOH*vWSKLv;h9KQVHdGcp%b1A6AS9DJlYg}0
z%kc_lw`j!OSW+sp>tO@VfoSP;oL%M`(Tx{Lwl~NZ$!o#)&=%cxD-zU>`cC^Z7ycA2
zfk$*OBcbku6lU?2Zf;)JG%V`&ti+&ny2Z`VvMqOT<&HVSOETnPg=y1yXfq{p+?w(=
zjyR$X#6%VbHRbeS#t3rw3uKx^RQx)S1Mbh92rV#rbW00)rxG1zXwPy<8o6*!u&r<2
zys@NIlX3bsjr-T)Jo+pWx84}v(dye!iE%{?Al}?lYKbH6OwSs6Ykht;oHn!ZS<@#-
z6=L{%qRg{F#z}RyFq-e_bk>wWS&Vgp9~@Tuo5h#2olmGIJ7$Ju1#A
zpPq_GfAknO(N8~rd`=+Jq%lyvr;goml)Tat14UQN!69S}yYHS6z>ctsZ?isftRVX|
zoyt_e@iO7$J-CHVksuUoaQaSGhfX~a8Oo0^dYl#Ev7b$p={X04@O5Z;i4vtKKywqY
zHqNs?2#zK${&B)d7MK9-_fvw+iO2>(59#d-AjGJkMWq4n_4E>j^aS5{2t9%{x{)zl
z#g)1y#$YgFhZ8^Hno;gf!vwVEDRSTHc61m%rgENzX{Dt*Px>P|ITNMG&agDJxJ15o
zF8VVEy?aA1LjWq{#UzlR(!9wj^`G>JumHoQ%L$46D9J{BmX|X1aZZrVBS>b5K7=t2
zEp#l8UfE5sFq{#Jy5Stz3a>1KVS1U-T7W<5oY9FUL_2yKBf|wY2~>-;hy+#q2v|jL
z2wsFZg?xh3ar?7M7o$qiMRt*LP$L{OArfu1+%&itZH1tg@7vOASb
z9Xc0U@6&|V1tP^p!x6zCPccY3Y-j0P1)v~dvYx=YQm^dZp1Z67{@QhEuoNFKr`n8`
zq00dkjcbxQWkjkVO8g?RWoMa$H3ZqaOW&La*#{h7;^em7G#Ae&@aHQ=NgR)7l^Yqc
zIKk6-g^ay!mvIWFVF+>i{7Cz=bTKPy5U!WIPi&P2i!hXjz5(&p+6mQ8~!(ivxblEBgP
zv7o|Sw$_eDiUVvg7hB4UYfA}|gb^5HC?roHWZIuGLW0;@4>zMSXd9-?0&{O1+|Egt
znZ3{j^Bc>_=!D=X>?Iwm*SRdYAPj4UaRRdG(70{LsK5wA!`T^QyhZd4(LITc%$?rC
z0A*wVuHvZBiC>4FNA;y%m>9vKfW(3W4>McUhbThIS|b8ya_M^*ws?m`i{{NLKnY;O
zbKc_tzvH0x2x&aUYPrA|u0=@9>F`g-L|Tc|aEc@%?x6PUWC1M#*Gr%pY;`KTLQL&h
z0!|9qnB)9Hu5?KbYBczlj-(rQS+E9;F+(r#kEI{vo`5rk?g+Z|Jxok`U~mG25uk~L
z#t4;)lgaDYt%1I2iRpqKB4MTVzbwKa-&CxgqLM2qb0_q0duR9L^{Z#w$Ge2_5CZZp
zcnkFTDioKSeDH25r=r86JZlyn=gk$6i;BYx&g#N|OPX`N_WVlu5z$siro#Xib9^|D
zjWWB
z3Mb#DV+_cRn^pVG=!H`CIs+}$(7>bJ>0soz!(jfLSJsvi=N9KK9Sn#;jX61Cs%b4b
z2I2qT_?DbI5T0OX-fMETS2dLcTKa6B|85^=~E`LFU4
zE(`L6gZ2z@#=?2?=CcN>Gto@S(lJDWNSIl7cRMh!n*dPDI36;a?H5io6(BAo`pj5P
zBEEPznPb<9`Uiai$E1L^5LtYv@+eqNN>Bm=KS=qpHd$L>o=x
zVGVil;h7PKl?{kr!JWwZKo?CuE)p|)M$nsNzLSU!^)eIwz^+85plx<40|@SNSdAbF
zp2%xm#&Bs=4i{&2P5M1a-|AN*XSTuJ=rL$$y*!y;>L6%Z!U$p(^^&B|n2U2XjfGRg
zO@+k{ZdJa#FJd|-UQH>=SMW`k@_5RuVy289KVs4w1kjR$lW?!NCs6n{mC`Z-00`D0
zk)KSFGKH3j^Wz%CBBO!c1DR1W!M!P2!I+a9CUiOLo;p7DY>G1yK`!k1AD-V5g{M3~EA
z)`l5&OnIS@pq>sJ+y!f0kn%Bc_a|3@1Wq_}2;o+)TT8ke5@a?X)s2evD@tee6xvvz
ztIkD{@G$WjlWAw&Qx)-Y7pyMuiQ^`oJyFtKz=Q>e0dFz%x&x4ij!f>lTg$Vee6AMP
zmvchEX&h^gi`a28Jx}~F^D4A5j;#xQxXkA$8nCWKsAwmm$%9qZ#o~Dni}oBmNPcl}
zv^t18=O9$9ucsjx-;D7Ec*IqFx@#H
zIC2c+cOG2de5|0AWigau%#?U9;MjCx5`A=z%fqa#7_Bp>B1%Njk9ReYG+V!*A)IE$
z1Oit6t}*E%Gw;rbB#44ZVDOd}tIk2QZH_iSmgDhCHvCEkN>$NyMQ^-TNvQm~V`zy0
zukkg7b)dt~=+m;d2DzqzykWO7fNH#J28c|I*=DlT)$gZn=4#5U$|{Uk5NY0Ijulcy
z9K5qkMMuTGhxlhW;k?{_>~y#CU71eQ><{)mXGCZ@ZKd&8lKOi9$tXLr3|01)o7RDM
z-HRB*fiZncGl0=lL*`UmV~Dkx<*Q@XOjRH-D$527aa$pBOeK+QuGqD%s%IL?`5+#t
z9bVjZqDSFl#RybV)1Sk_hKJGY*fdbL+1V1N3lip(>9wXi*+xyk%Z`(*Z$CJmX=3lNcwsYy*xVrK`z4_t
z`H^(aGy6*Xc%t8lcnPbYB@@~SeRmFAq~BQ{;D$$p(YY^2I2C>RR_Fos?cWxP`tM*V
z`~WW!xQ8cUJ4`0KPJzws>swzB{7gTd>90}T4O?LS=B2(HC*5&;*|&y&x@4g)z+Oh5G+WiD=Z?!M{u~
zaq2WZsdT)F9-8sNn(=EUXQxBY4>3xWWR7*YkH>5u%i=ZM?$Gmv2bfOG_>8cJ-HJkH
zN#fBNYU1E9(sqa^yh?IC;XImYZgyQFe>B0U8j(FJq5)&tqrSsbW#5eU_!z}`)$-yzn3-t%nvvX-rsON=l&_u5Ck>zUHka*Z)N
zQ`+3PV|z#JuI*8H{t74!Cy{VP0j1H^FKCW`(h>)_BU2rgZoOt8(O+o+O6cCRTD*XE
zED^Pl;SF@#iKv!3O%E^bh?UOPIC+~gZ^es~_8iXzdQyBD2-F3RgaZ#2nu)TE{mjB6
z=18W1at134yVAfdqkQCekBpW&=j7ci0b*dFCdBz$L}=-mD(W;nW18fp9lJ=zLw6UQ
z#?vn7NV^bX!~b;axrK)2yKuyMMM;!dl;p#>$Hwes4<=b7IRnu2)r~nab~Me4q8`{+
z4})X_ybhku@Hd$ZYsyCGeF8uj-m+aHG+{laX6CS}Eys4BxjN6Ph$U|5mm6>Wi8qVr;?XxG911meTGY6OgaM;%_(HwmPL?7CM>7U3)eMKmac
zW3&wQ(s9wj)7z^(2afB{3fA#e2sF%S8tB-CowD<$2H?%m3eHi*g%v3q$%~vJG?4~a
zAq)$it)OZyTDta=BaNS85OI$D%g*4+PRo*fs=-ufU!_t?qZjE#4Og?S0Q0v
zV0GmLc+;4GrigVF_ck`;#uFJcODdEbrz6NxqMjR~s>ay}r64HkV3A>hQQ+Ym64J=h
z49w5>o*#(KQe7x2kxI*e2Gjl|r32h>f_xp97y8%;bu0}U3zG~1Rj?(95M+#5wMV0A
ze$LY$VJ?_{)g41{
zmJVQ#!}e7@%#@vZQgiC|Dxs7>_(%X^d>aA
z{!|eAad=>PyG}3)f)HnLMq8SvZ0*Ck1Lxu<-P!7t{PLBWm^hCj?@B6Yof@utaKsT8
zd3@na16&01VPB?}jI^C+nWu#vQs`xRlFWx2YV6Dqj$O%+1u_An!Z#ibU#U0+-7T^H
zonZrKMPnL~ki1Ph0sr)xeNiN(44MW3UJvKMx?Xd(U|}e4w`Qb56K?#91(1?y5HN^v
zn><5wZU#7*wkQe4c_RyWVJ3bhlJwh~`@s7FDDI*^JxgZ7D$sqQo~f59V=*+OU70^?
ztP|0b06n8ozh_x!C9X3uI0C+kRP_O?5M`>});%D)kzx8AgGUiv`#1gbeCrz#B-
zE8JkR+CO0ZQmBSu;j-aAJEh1Au{YvtupJk;6hf%VDhHSmtAy1Np1=gfqGRKArgg-j
za`ebl5kNd-)NJm(MME=iZk4{XP^hx%HS0Bz8*?I>RHaCm29tB!!9EDbPfUKs-f?1j
zD3KM0jdR{2n&}r%v%QEMoGroE_t~jMeSn!T;Ywn=1}Uo$JVnKG5PKe%`L{R-MKjQKh{aUM;$6aO
zW+r^9+Wf%<1>s0}Nlv(@W%x)=`09!ojFP-SwsBFxPqG_WKkl4K+W|{R;EWPprb=MC
zmJ1kDv56jpN(?M6;LKZn=&)w4v8^=){mr`KB3C
zXeBgG!>PFCBEm#(qE;;0i})@Js0uy9b-9QbH-Q=pyN{M>@73j8_I5>&fDk|omb5b*
zqe07YjFiC$*)0?x93^>Wq#foy%p6ip)kPPfw~8nFAg4!E7xDj(nHqr5T&*h6(y}P`
zJ^j(ivWukK7zlGmdja1vq3v-7jXM!h?1~dd7>Dd^TSZp_(d>lp9i9-*J2U7^2^H1E
z@MZF6<}7n|fRP49n(Gajt+Xq9E_Fje&N?&Yac`@QRT&2#*2FSV$(hWnPXr
zuWF0RRJK(Yp9Ukx!TC-m;t&IoWDv)rFjrct)NEjBy53vGvRbOj$O}m71;Gh}Cjm!M
zQnDpTC>Gn6OYtEI1SHL9H^;P6!C04yK?SLZQKNIeO7jB7_ktSb!X_pxmDBIk$n;*c
z^L*zxmPc+(l@ej(MeUojoDQsZ(&9#l)iSe^@c-#1?;^3C%1e9XHYc=eU`O55MWk>_
zZyl`!qd+ovuf!MHNo>`bNNhOTMpTLczok2XWTqk+;n_F7C;lJTgPa~WwYsXQc}Yc5
z4ZEN&Jf#yep`i27^_~Q7{9h%+A@#kq3RebN;#q;`$OCrE9Uwl(9gVTpEN*Ndj?=vr
z!MS9CWzG3?U@BKB3iB{nK42~eifjbI2*|Bq!5N>n40OG)=*&Mjc8yUqKvY#@!{rsb
zV@$LMK*QQ*d7=(Mx!Ij>CC*Sr1UgQ?hqlRAoE`_lcE
z78zl&(QBF;Y!bCT!CLdU=cb`hZiN^_mTX)YzyoWAy1D2pF9H7}-c~VBQ6vbxd
z=IF;GmLH`9vGrv0D=|~@%fr-_Hr(~WbnMty1pr}F&&zYR$I*i2z15IqaJp5ezD~gx
z@TN;vaA65-&6%B6Ln5)h(T1F%b16#21d=^o31HhxAA?D-%UFaQIIda|a#1{MMsT<=
zX}`&DSIwpl5f6H5MHS~4im2*zreaOpI_zHK!V6q=b!5ToKTaCs+8Ll7=X+u>%)qWP
zotcn5vrt2YcFa(VAO*%S<@Y1if3e(~M+vtX3ta;y
zindGiU2zU~3l*-IE^WI0@IDe`uQgi;yD=Cw)f}~nz_!ub_D0%jwHq3CgC|6EPu#gs
zM;h%}brxGed+nB5vd=P&HX!DcsW&HuMBN0Rc^_u3FfS+C0-|qXWrD~%SA+b`<7D0l
z=!ex}5;ijJ1ZscPeMJ_bqVE(1DmY>dfC{&$@F`;5X-l-c5^znH1VMEtVSvKmPN?&_
z>RODXjJX80HtkL)Gco1GR13;q-AFz;V6Xa_1Vr#9FrG0h^}Tu{@H}97Mq|5@ngHimhp=C(@#6M|n9X&et-WJgpb{R|CyDO^``X(QrZ0*kP(T?$3Sz
z{|*~subomGu|5n8CGvzQ6Zv39%fU>tu^a13B+jIn>0sdp@m+lhWxji~gth5$#1`s{
zDOk~OnQ^If<~TSsArwH*VHVzgFBXLvg5Xp^?psFjbI3wMXYncBbb3*#v0q)}m3M`?
z*42&JnZk7BDz8+n#-5@F~?@zHDD>&5&?v!}Hu9ycFy?xk_7@;K?H0bul38oFb
zBs$q`L}9-;;Oa#JWIJZ?3We&0^$`pYH@uSGI9eHX2qr>w;l43wzB_o`HWKs*#K!VR7i?#VXBxm6lapw{xM8U1S(p
zJ|jv9O!6(Szqcw*?kvGLc7owRitWD10i#2Ad(Z+
zn$^lC!^h|3rkY%dWPgzC3Q|fpm
z+IC(Q7Fgrrju{Hf8!~lrfIJah8=^^8M|zgoEDjd!#54$jFAiq~ec*rv55mO|RNLHem*A1_TT5Bwu
zupH*&u?iKO9wqKWf=o>^R7(_LzF?T0iN|0$ZE0N;SZoX3OkbELT1?X?P^qz>1INIS
zyHDa_m2iTfHQK1omb-R?C{QuGsGibD2v^V4<(e1lZ6YR1IO4(a>sH*(psiU^tAU=3
z?Bcx*%%}87=()H&&-%f^md&&Hd7hwv?5W#T%u;3iqKDcdgX$Smk+Vp%+$okQn3;nY
zN1)iO_`v90-k)iNFdjj`6|!>{1gD6%1H%-;j*8HfvJF-^o%r5z3C9U*O5)BM4GmhQ
z5m1raH-hc
zL;|k!z(r`9t7k~ueH#zqcbq@6xK_D4n9MD}V1&AD1Sd542V+UzlQ^G6%fz`~CN4yf
z%5bp_i2l4Hvv93<&J$)<1ghy45peDIQ^6BDm5I788t25$f#{8?cyG&RDq;@M%bvzg
zhd&2nthl9fFB&T$lHhw3_W>`6vDARxL}d`6ydq^gs|iOjgZwoQ?$981Gia_!awc2{
z-^ICu%w?dyizFGTIszNKqTKmJ%*_-OOBk_;6qq%k-Z%`gcxu9qB^%5{c^bsLXGaa^
z2+9Y*;8TeU0aNgggeaZwx3e1I)<+r4oR!hcFNIoXL3?K$|1c9V5la+&3{Ev_7vO9*
zo6K1R&atX^(wo#g;223wOm2g~j2uv_5JE=is!N*PObvK)^-&bl9y#HLZsO_WJOhy%
z`WC?r#UE`8SeSIC8l8yuniC4BDbaY=;DZj=M_A!1TJ&)tc<*GlExLi*zOJ5bi4cyH
zryE?nFON&4CCg`t8XmFEi4`tF7j|9fdTG~@9gHy;rSNdr;|vSSBkmzMF{|jsK9ko|
z8UPLz%lKRzgmvJ~xOrk;n7AA5I0my9A2M3xgRi&Bw1N2^v81I3oh!S*^?Gt9c$9L#
zED2M`OqLuDw@Ldk!=l3wBDR^R>!av!;D5+e8V82WMQG9YOkrRMY36M#EZ~(@lmq`6
z!=QrGb>C$4+6&m81&b7h*-{P-6PP*zO%PYAkbBLf(0SOJ-qF0>=Of;5Pm0O^3F##W6
z?IC#VJcOA7R`WM^To~WSf=1Z8T8Iz2E(M}^Qf3q*bB@{a!yM8~Yih=|@H`ibLy?J{
z6=jLxTuhz70tq<1J1Ft?&#V4+3Nm4RnO_3NLI+n>qQ><_)
zxBxgN*hQ&i$tgraGm)FJs!C$lSok0p>{_S6mM9v+*M*=h3Vq59ibk*%uU2zuwY6mm
z2^6-;n0q)pT-vSjRi-_
za0kZA8efzs9u7%k9?`xHwN*3ZAcua&LBqRjF%^dKM$~pD+Xk2!dtNitVpYtk2(rb%
z4nJ5HHD%{{kCVXZQ`|NK^X)mK4xunXBRWBsBh1+h%Az&*Ri=TIG#Cw`aN1z;80GNR
z;Wi0H$m-8RqKwq$g|4^vzQJAD4i}ASJfpk=7nrz{cbG2GKpoc#cq{W1UH|bw%xBFG
z8V0UB`sFxgLo1E7;?AAi<2XH*WJb~%C_e*VTz2OwgLE@`m5k4ERumD1k|UmaL3m^)
zWvpS-2w04XC6J=CrDY03@Rq2$Lc}AnvDwvMWH)m$eNa5{JdW6^IfF@uWEVf~p1d5_ZI<6i_(=tGczQ9Anr(1uI{X(Yal>&U}}TKAU5^81gnIzHrCcB;#0$7E?qusdb5>VAtx)ug&usVr8bH
zh?fkmn)q#&c6~;jazd2om4v53B;tY?gUDyry?`8UhTE(G*2^31^A1hUlle_m6VpJD
z;Tp#OFPOyE&?bTfqvw0yyxc_(77A4ymxx-A&msgD(%{QxMVU>+xXH%_3!EON>|OLO
zJb}+xIHVi^;`cYynCajsNK0e^&{M>e>^k_}@xk_wg?7hNSeZC97AjkX`}5#RXa!O0
zI2Mw3H>=~!v&oE$UB`y1syTuIm&KJtU~jbKB8H%ZMx#;jw=iR32AeQ>qeh>Oc;Wt(
zxK#kPKsoMCj;Ci5PvTt0A}a!wweG*23N%unyCf}z=^B*75vD`b&Zd-$5!JaP)0J36
zTKMu@4@TOXoU6`zxz~@+U|y+_O#|nVw|s=I33_3l%5;4&v(U=~gZ|DJ&pnNs3rjH~M}JotdQ|M)2JTR;JRx(w0bL
z#T-j*5;A9q=X}gG4}q7Q)rAV{8#!z)2*Ta?ygXvLyDVuvTs}CxkZ`Bb*U|FIin)!U
zAoF)15uLh%gV(A-R4!B&k<#Ld3!ff`5xQw+b8e~@0`n6t!pX%AXio!^KPF1pOt#@<
z-bI_?`H&kh#&e$b)$upxV{R;pvavXfhQ!YBZB&NBxF!llMW~Af!7Yd<{%Mge3NE$9
zKo?>-7{;;it(1aU6yiZFa5=ZI5WW!$`5;yqp$F!1(J3&1eKAcD04303gXfYbx5Xw2
zn@jSfaGVM)x@a$=CXm>@0l4!G#1LQV=_bDYMPL0=)Q<|sj1kS$l9T&EJuk!f~#SzkkGDOw>!1e<>zSt?axJ0%=ygJOujFRE<$|@S9KimfW
z&gWNg?t+s;F7ao@_jKga
z7!jn6Kz@u45wYsHFkaF2?X==lkU
zL*tZ3P-=;7^f+;(f2k!k9Q`)qFQA7qX`jL6SusCu_?TtFN6
z%v%ikkHQ`E_TE90;$dVOvWh_$LP_vP&SOQRLZ-~!LpQ7(23fI9f_fqA
zbz@c_sE@eC7d`p8AA>?}ZWmsuN6qLko(*6Y`Z&qQpXbAPe9@eo&&K(b5J5J0TC*W9
z@3W1osUmT0vXpx2@(TTSrS?A`^TU#|^mNr^3NRj6MLO}bX-Yiq`DD=l*?qKIt@|4r
z(f{xUwD7n6V6&~i+pRVFFN*FzxZhfT&}wb8>Dm4E#{K_^S|4D3*M6n|;VAka*e_gF
z?qZzgA7eZp`SbX<&klBALoNx;UcLU}#okVIx3Rjqw|o42b@kctGkLS#Y^|>D?%#b{
zd;D8w)IZ(pK8lKvQhyt@n``S)`?JqJTWz&h+Yh2v>rs32(Z)j}0|wFVyHWIMt=C3x<(ynLcCqKMtYR<;Ncz2ok`qvc-V=)do+J4skPgJxb)jr&P{^af_@hMC#I+MFkxAoiO)om*Ds$9^eLB9L+pq%AilQBxo
z`93bsXZhRl#@(k?$+x9ap}bFXeD~?1B+XK7b-uH};o|PoE7Rtp2^nogGlguAcb_iI
zmbqZH2
zU5Rz(iB*`JKR!A>JlOy8DZPKZs^1It=M@V8tHrxd7aE;b)Cg2)cb_gWJy^JC&?QlS
zB_-j4Wy+xjqCOUBgBDZ+V9QZ+g4AF=p?`+)_
z*ZQ?LX(%TFwaGSX2<;;gx)L+qi$>=uG2Gecd{$qOuh`iP*22`T%n)<-&rFP;S*#f#
zho%dlnTQ2IH|f^ETbQL@Je=Y7xIE7!L5=7@MTM!_!Mdb7?`oWQaS${oJjQf^D;k3_gC&X|mB_lLF)V0;`rFw^`^N
zWIUj60>QI7`6HdL!ML7;AaS^a@%A=^m99=X9BWigEo^`&bJH^(5ggaF9^)pvtjtx*
zpnu17XA?hkpH|)*ld#KQmm>hEK9QrjoN8R{Z&nXR$GWSLehh(yD9~!x2Z?MxMbUjJgh=i-HSD;Lx3j(5WZv4>Aem#JNjwH&*|g-<=)Dtj#Dvc
z_{ZRojl!gCHMKk$CxJl)_79d0kotNPKGz)<_A-(1|5Aiwv@O}VUUDQeOFNR}dk<7BN{bv~sKY>4@JUYZGv;oK27}!gi;_7C2{`09R88kC0J^@ss78cb*As
z_Z3>yxxQ+#9camJUUwsPDUtgr=i*~)*U-hE%d44@EJ%%Y;m&+nd^*lKLQ3P{$X|X!?{RAgyr4~r;X~qJJl3P%_;c9KctMrSPLs#QXBGE3#AiI_|>kc+fA!)^o@%2J=K~@;%ddQmF?aykQkuJ|0Y!B8K
zd3qSfKrIy!U(Q7-su)1AFGJ-AM_x2v3M0XR6_}E)v4OSu`%5@)(NeBr-RnN1Fq!KZUiAiL2r8SY5EUtB%n`x>UX_dzNJZe&`B})AVzqU}s8&^t
z>KDpWP21u-z~iZA9z6E)(eF9Vnj=A+t>$$n4Tr?c#A$dFj$7f#BDw9OFZW+7GJpjW
z(D-tD#ZW-(@-lLyrdac+&V{C+R&hU!IV+dmM!1N0|LKr~n{5a))nq5mdd>Q;IfGg;
z{$dUBvYA6A%~VtyafkDnH3u4pK`fNTrBwTlNRm53tSAteY#*Vd>T8u@-lOy%v!@4=IHVr?ruMO
zxm!2mySf@%CX-Hcg)6>fQ+>A62aM2@UGKq`^pSckZ6?inG(-wjzWxidS#f}Mz>Db_
zU$&8EV3)x@J}_Z}0_saTIjn>oRS!NL>gj?*anr%K90GA2Qt2pUR_gaQK|DmDNq9Rj
zNCQbS7tImrGKGq!#j#N&$wJnCh&3xglCyZj(nKX3Fm
zl9Q7D@^6_(Jap4A;0kOs@!3g@Z;X5~kz)7N}xbJ9ZZ;u1uT_)x-%jcSypDEpD;?tlo
zv!X+1v>{%`EE_?53Kj-IU648oaw+Gql$S}r--x^M$P%q-jV&euNH9=CYKmOCrNQ;gY@
zNL~8E&~%mzmFXU5@<^x)!Atv^H<@jyl5WkIOg73yxR_|0$b}$RVci@%aSl|LreP{H
z7#~fnY7el7Z{EBqx!O19QQ&nl=|C(L))AZayHB0%y6Go*>rS;YZ0DUw&?{c%^)3|;
zQNLL;O(=l&d!p^LLB__xTNoygZ{I`>_m)<
z1kgRATm5kNY0>mEpPq_CRP_7)WDE8nzdxI7eU2aJ1W8RA95sVybOO1$EE{*~Zg3fb
z5iA46j}`!3l9*XOh8j|(5~L8A5Ny2RaFUk^nh?D%J|h6!Z9;Cc37aJxdoBNQ>C38qOB(oOqTu
zgB+hOp1nn-l?%*SsAm?yFs^Zf4AZIeEXLFjH9`i~or)WU4nBr22cne|=4mu)sU@I2
zomn(L+9tC}WOFY*Wp$->`qnZ%JbWVvl`Njg^1??a8Jh?sT{m!y&zGtwaN{eHAZ6W
z!&3m6)Hr>bMZW1y#aEChiGJdpDAJ)Hfw(lPwW@QcuO-ecp$I~gF*TXGMA;V2G$4)W
z%AO57bmmqs||*vPMT8WO{5PH9l|X6MuZHQsV&a0zGRnT1QT)l&Zqjm<^G!I)5C
zUozrC1g>Y3@sB1`CR&3#VQ);n?#DF?8sfH$6N_m`rEr(9IIlGlj-GUJ-KVm(*o~2G
zVL@>4Bs{0QWl5v28Vn$%I1sdMGY;I1N{tu7MRL+~W~Ta(Mrc`!Y7K>sheL~gOax}I
z`BAX>!G8Nd&>TH~Sep(xG?4ZXv;`qM9oOlYC?*Dw;S_Ow9ViR7TH-ujgnXD7lnCE+
zs?N^Dw`I(cC0%5d90=GQv@acrhV<6&;sLbYVPq@p;cYJg)4-*p@SR!afBL0B8
zEPgIjPa#65=ps2}E_Ew+B6q&*ICb`na1F-eGokRn6+5a&0-?Ts^=$iiSL-!v%W%tb
z^w+!*$|r7ccc0#Uqh7kN3c`1lBHm?cF7VZ2M=c+4H78E<(BUdedaki~IO>>PUVdGf
zu}>t#Wq@aE2rR|bcDk}a&CX{#86YcVoad5qx+i(_hyq5`Pg_kUvUo7wU5o?8WP|B3@>fnULRh
zl`)ZO(^BT#(zC%jN(}TwZmHXEXJf`Zc)zECUETb1CdhMk<9lb+JRfqJJf@AaJd1is
z(r3KFo^9eV&$kQ~7K7&t_97-g_XGvN
ztKlR(&BOdNqm&hlmyEw_%o7p9KT{UXhgS-ucpaiUhZ_Cy;OlxArV*tsYaHwjM2#PnGp~Ik@)(Lua%-Duh=^`_s7YDm7b{X_dWH?b
zhM}{M&;;X}_+P56m>eJ<`ymvwa8P@&fgG3!d8%+F_QnWLP&2gTZ0IZki_c><#tHE^
zs0P6l_KA}|r^L=^pd=HJqu+8k1r6}bS~^ibcQsca+o05NF8O*D_%SxqNt&6(bv7M-
z{|On%inFhjlQYG^JPrHSN(mQ=5&1=lWa)KMXQonj>>-h}HCYLSR+RVxWrE~V<7!#T
z05$%z06IK?TCkCtR%2DNYOHc9jU-5NcVYS12u@)*)65XK$=QGh=ARl6jmNpLB=eaXmw<1-G+&BYwj=afZ^Q_0z`S`*cHvM8hXVxWVvO|)P`|&B=^cVk_W|QP;P2j2)L_w(ezy~!K
z_<+B4&d=hBeb*oe?t6COen~V0`@zu=YR(Cs)>40B>Fle-NwDwi9?w6J#>~EI$OH>|
zW8c)9A3x54s`NYa;cieayh1GquVCLfyn_8Gl=9zm^V+W!BQLQ3FsNYHm4slZ1tAz}
zg{TWPA9W!NxKI<1%I-M6>{}g;xKJxNdxzl{f*-Db7mcA9h@s}=3+T6aGCuLUArG=%
z@#nDcvsBux4*d$@0Y4?)f&GL#t^d`BC%^qbj0yj%(1V7Js0AS;YK2e{93vsv^Gl2=
z>-7phZ3-4nqNeDR{)PvEi6x1=T1WL>R_)GWQpR%a0z9U05r%YxNRHwa0~LK8*bJ`
z3L|Z6n2XBWRf(|>&%GdT>e;%pWdiNJzhYT%s4_;=z*=A_&ghycoy#Z}Nrb^xYMc*d
zEbBGNk7lXDR1#<`O(=w6Vuy%A%awHQvP=U!a6n`tt|Y|xTaDJEHx$CL`w&q^
zU)Pk!Te#5@fWSu}@yORuX^6|bt9vOHLea6k5UiwDj40qD0t5kGYC(XPS}~YO7*?ZM
z4L0t`mChPcf=gWKp~zQVa+_S_q^$L`;EJIopG&XIJh&aXnxlyVLb@1Pbp8~ITGn#%
zo^$dmwq4Rt7x$6}rOlHTC591zD
zc!SJme^w_SUNJcy(5BT3va&QUs`n%hZOyS^lEt`YM23>9?tb&+H%IW#`vjMW@x<1E
zFyrqrNi&CgMKRE4=FhYJl1q})(y;T`&}XckBXD$q3n?@m;XgmqH3kfM4
zSuY{gB;N+R-bu9U!WOf^8A}LjOj$mHav|c0^RYRR?0FC=Q|evv8Fkv!dg#pHk&qr_$9Rhd+r^Vj
z!8;?JizPf`cSndaKu@?7)}p_18Pao$Zx>rSj2fpnE#%jhiLl5;r3cDP+Bj8(&c-Hz
zWhL@lk70IEAPF6Y^uf>K==t9B12H|STkIwsh(+LO_`J}XhT93OY-Bo&1`VSY5;9vV
z`^db}do-Hn=X^MrNa7`(4vYH`%%pOkG{9xbTDEDLpZkQtep@h>V5DI{V*ePT+OFF0
zLN;M(X<|0>>ayunElAjFQG#qifyz?SB|TWspBf)8C~BfC#)g5kltbU)^x>H(V$L#l(-Z4O
ziTN;Wobw*hoWDr={o0H8)L8Pgi?NE98NyIz^}TY6<9YXI4QJ31xIlY4QRrlrbvsN!
zQ(~ulmOns-=-4??bBetpZVud!b=hQDY1V$JU9Lzh3|SXUn^`vNY#+GM@N{u#dFta)
z`J!}(-k}*YCTGPU?^#aAePWgahzmas6x}ssVM1O*>BtQFIJbr1fJQfgVL0B3CP4Tw
zB&!}3n_^Nk*MY+(hGpDhiO}b(M^K*G0<-1Qyd;a!RLy1XVp@gMGVloJ1YXbeSU5Hz
zoa0iM(0v43VnUh744ksQ#8YN931LjzZO*8L{tdH0y(7k1%G5HSahY-Ajz=}MH-rm|
z><_1`$9kM_SN<}P2;#Y_QIb3)18cH^wij4H9t4x$0~Qv+vt|B5E)uS;5AZ|mPskgD5
zV2(4c=^a$X73W@%mUL@#<`Es!);o(}!viZuCm|dNYl|HD|TF`3I=z@w})oNY*
zCyYPHiS_5?<`-KJ9>6bO(=*en;c{&GFh*@TR*e3Jku(#b#kTFoA^BsMo|4
zg(t-F4Va`b7IO<&2t0rY#vM)?f}4uj7>U*zTmpbrRZ|ZAHBh+diV&?Cp@>lD!0e%A
z=rL?Gt~fc4(E>5d;|U3dZpLfZIGu_2DVt2VEeuRYiWsWTISL$ORzx)XQhNfj6gy%~
zW26ZVLL;Rct$-aFtuOWfR~azXEy{s1MDVs^coEYhIf*sc`0;LTn`!nia?ieSV)Wz^
zwl0?3&F(J7kpYTS9fN7-Bu~6`RSXRw79@J{n{_@h*%PtYUkd3mBV$bVm{n7Vr1a>+;hbSDCQh@3|twmReCiOLTgsgEW!*D8_S?&B-lig
zqcUSY7j^?}NU}JA{DEYTBbKYzkKbl&AT>_Tm|Y=W86rW=SS688CUj>>T0=>V!+bj8
z_?{f@e!2V2E3sF1GMG@XTu4sD*OWx2kj5nf3Uy6)uqrKQ^&r}n3um>YDGDT?Xu^~f
zb_)_fu0G;OX%k&w_NipSgE^xa*X#qL4LLft=pH5R_1De%ZvxTrDgHcoMhMS0M9ldRDq^(xFpxgb&oX*$LK>=bpLpA3nRMXV
zwZ!uN^psX~;v7q5#uj^k{f^a?woVgcg0!2|px5m%jU4x9KR~YFNPs}Yr_f9`06Y
zAb)ObUJHs>tj-E%^%FcLuCoiKuBy3$l$Nc;5rLzIxVAX=n*H6cXkoiKrtL)nj67xu
zpwkr;mQ+knnFTNju|+~+kjh<#H!ye8kvY5ZBgt|)!>zznzOYj+)|(}FVJ|;(*kjLE
z6*D^{5J}!vlViem?s>^s%kYz`am4Fw=v*0Rq5i0p>9cf>lvw8YQ|A)4Q`FEHgN6Nc
zJQ@d55daMe6m)7z!qno+i&dKOYR;rx3bClB$P3fvmgo@V#|!yzV!f@h6PrtNoSk4;
z(8KX6i`mlfLKZqyt2b-Ur?B=KLpbdDMIA&MvU*{hcv=QJy{;5c0BVf_1UZ3tbZc
zc(QQCkTrG7JUd`fM~x+oU5m27Y_6{1!YwinF)?f4g~9Sdl9|IhOZ`hzCrijB-wu%E
z^%1v2M8Pp@Dp1l5;(G_7IH5T|6L-Oa{&c{K5nOd!Oh<}ZUVLs?$OE&S+Opd8z%@rCAWp{=_c=%Q
zdCccUfHEn1}CeQP(kW3+>T$EvR|AOCeS^eA?_eY6OpS};+K^WPK{&BbhaD;
z5JcUI*{%4L20>TBOr6|$A>SrqzQ!0tYj$g8A_0UvYrZv*)*|YxX{l?Sg`J*0J%X3#
zS>I5hY_A13^b`(+WL+VKZWz3?W?@d#iJfc}!m9+%5QhXY&3wXYm#1DQ?1+rM5fCz(
zfD08b)-!f^1_eGPl&rWD^6MxZYKC9$(is+Obp}>WH~eHMUsqEF@p_XQK`X1v%L_E
zF4}h6fe@oGPena*7;16*g_Th@n2A<8NNB)LKQ07@=b@C~5#R;eONiA40B{C8-1I1e
z8NKqy`6Zos)*p1n@eebRRr;t$7
zukozGXaP>QF#HxZIUEIoxF6z$u0UbYE!@6#6$&JbJPzql)H|h{_&Bu3WF;KY>?79F
zu~tgxSRt0&=xPe7ie>~4@s9Dj^N@S#*z6(1!k3p(L6aN);C22r&4Bw4rLK
zR*)F3hFNP(K*ZMqn6e<`oQ+R&+7?D9`Eh2Vr4z$d$7H(5y+!XACopg!V_5_Zf!j<3
z(5xhs&`3)>)=6F3V5-d8aYQX*kcbeYf&i(@omsfYZl*$I?#xuiBZ^t!$G
zjRSGI&D)g*q)et7J7KX5z-paxG%D0ex`8e4Fai0;ZZ|=wRuwUDq(q(tl6|1iGs*d6
zd@zj6B-9cEotZdy%pT0glneK0!mcN_jBI~ns2m0&<-K!Qp_}>3AF79%NGQy9U(MCc
zO;nbIS5&OglQ2d{mBQyH8Q2u$Om`{~;FS$k5$;G$+vcL3DX@e=&m@eFYGDc~yHArK
zE`eAF_on?|HPyV(D|+XR`qV$!*`0}*Zh&YEOVr9iVpMgC><1xSz~zDcPH5q$f#A6o
z#sOqq1SFEpVhBte{x0JHHq&=G3p|vMvq{F0J1y3Z>Y(fFTV)E})t6se@T8l-KP8M;qQ3I5EpdQy~|KTPRZ9npQ#9huE0I{$72+hD1_v?T&$
zv2#!s?5|n}yQzk$b*ku7*fy
z!<-}tL+`9@W@5SIry-JA{LbNH?aq8R&0Mr=)z|QZ6?0>B28XACRV5P~Y|`8?k$o*R
z{$3P>AaJXO9i)pjQ5{;Q5Kd-M0GY*MVuIK(KPA*lF`mnU2rk5Jzjrv7f^T>+noA*o
z%fg5)g%~IcA}bW)p|~(7Y|paD2iQv%y(ejK7DQAaU`vq2hUt&4+-?_#=c?|KJSiN%
zLXR%Uk?21pdUVwxsVz7pR}b(ep)iW^Eqt(?YdrbOipVk1|7XWfadsv2EjoPm?5PEjP`ldIXD{ZETjA1X@eyayOZY@v9J*TR7>j2a&hp};
ze1#jk9@+PCXUFY+m1}z_oCBx;FRrElAxKaAc
zIUnh7KTnd2<(0@%Th(hKP*X%qmsBCKo$Y5KdK323L@MY;Ix)LbmZP{z7O*F*BgMtG
zl_>-j_!3=$F&T8c)R_gOePA+B!0oZvEwbK^V?aErx;+=(nt~}Lh_X04k4&6EwR-nf`Sct^#O;oIP?4;o}of^atW$im&A
z1t;E}05&vmp1E%bk~HL}wK*Wpl~s%7H7?70)PU%OPQ-iFk>EV2AQ=0~vg&Ft3kVfL
z*6YTz<(0Y$4wgAD8*laFuMTPJwx2ya+&wyax(g58qh@p%&jv6^MTVjzAAg-1!Ey}kB7QR{>Be$8i!QyxYC19Oq9%3X}p{9}ygBY#%!
zMX${rg;hwh_hLc6)@-w|78*nL#ufPjQIVa*bl0qCgJ5VSy0==R=Cpwg=xV0}q66r0
zBi+C&s!wD_Hp(@M_`^b(N&XOpI@2zMz)MJexWq3y37!)HLA{>#k!V8Pu|yTYrUYFO
zBrG*Th0}P18k#v*DneDtxnH;v2RoKnR-JyV(j!zIo_6M{`aZRGP$}11aaYF(Z~9Y<
zQowb1MB|`UehQ~`PHF9X=hk0
z>hsCE=C~fN*rjDz>EWo8qX7xHFydhD5Y$5gz-`DdxlDc;v!R~wOb9v_Yz@lg*(vWQ
zVVHC{wUC!xO={AT7Nuw>ZAE^MZMb4rpA1s)Ys@*ZqS7sDp4YTe^cLbVJUiyRLMIb^
zd$G5_i@#sIe*S#-5Z~VH?LRwsb9-g^PbL0`bhMlFnw>%SL-cVq{%^O|*V<8Z|H1v%
z`h!+$qs{pL!TnqO|1mzR_kL50?nR&Obst5+w%6ZA?dC?*{_L}dtL^sc+FI0Ff7IT1
z)Otu9gwg?Wz!d0{Wof@x?Y0OMGcoBD0=qdg(goGTPO3b7Sk9>
z*wS^fU$Dq%?am!GOK55yodFz^M*XR{MH8>we75^s?8;sLWwQnj8bi2M!i|cZ6`a?=RQ*~6gRZ$!wx1N*W6MK}~Z(zEg%
z@8gmw(3v^qRe%k!BxMoHX(4iCwWTKOD2p}4vLW0On3y6ipkzT~J(Se$$N9un7PlUA
z^F^W`X~W_Q>dNt(h^E{64QybcgXix8i}IaEh3`vCnC4_KI$_Fy9`v%TNxzqZ>5G3K
ztQehJs@T~PRW}$-W;Wfx1&K0+!*(Ru*DJ&G&o6Tlj;roccCzFoOWs-Jh
zCqy@4V0Tyl{@3ls|NGl&cPn50Yjo#t`2XH&w0cIrx0?4pUFC0o|7%1~>8pJEbhUdo
zoXc}oHC-m6h{KMnuG;ovxftxuOAy=Cb$Gr9D1
zDKhw>BD5&}x5pt%KLUX0jczD@19!l4eqQg&p^Ef{@r5
z0Y1{FclMq~%jQ-A@L3ybV2c2}A)=>UUWtys+TFK`cchvY2>>|uB-4s3tRjLKV3~IH
zUgXu&Th5idguHuvVOAutb`-M4<`G4^FEDCvF)yd0JUk6M$N{5xkSk#y=@0~=Mjz4W
zsfAd)vWH=n>T{-NyyZJ)!}*AP@Rr0RU1}y0SWjR?K>-t731@b+>lzBz7snv=G#D-c
zK{A3Dpe9MiuI4#|ulVWY7wHI=CIzSvv9iGplXt<1DxDMhEb#$-6OV@+r%-Np9hxM2
zZ$JJ0+ETGWrX`r_c;Z_xHSAFUeS{JTYT!Zeo~f4L)V70neCA8jvBQ03r`jF=`9q<}
z$_XqQZmVJ}e2gzskMK&%s0(;^$r@j}%OH(VEPUjWa9xp#62cbVI^IZqGJkOiq3kG|
zp|~kSwWxkGpf~Hzb&L(%f!mbS5kAEOsN+%ScWz}d`=o&H
z<+hZlluUAxh><~rLp)0|mg(tfnnSp3u;4kXM_wSwi?Wy^iwdL+t&yFO-_(SU#QOZF
z1uFl?J`3f41VyJGsE>B5^)7l5I8G%1M}K>lTv%#M>J&VMVf;vCbohNx~B-y
zivicw9-jUtJWZB<ou7qwp*EpAM;+(C6C@2eiuob)~M!Q_3^0(+I8$HG*oRXIE5pt(3$;xU#3VrsF>&&DpKWw?|JkJ&FV
z*{^n^ql4$iZ?+G2qrIc()#1UP_nz%Oi|%e8(eJzU=*`~oR|l_;BPwyYy?^|d=-_#@
zz5kc!>%IMFEC+^(8nA?da9^;ql(i>lfRH(W}>ouMUoO
zX&}$2@%_F1=ZDnS?#tc%<0kb@&!XKw(~s!rE4XL`limK};Lp3!&cUm{9PWMj)p7LI
z!HZ|Rhey#DyEMY>FJA0QXEec`7u$O;>(R6Am)l?N@(d5CfkVG`D6hkP^VKfDqpr8<
zza7>C(7bjI_7V5;xK7hPJa%oo**n^;N85*cM_3`7?BM}*hoz>92iz7_-`|zSunooC
zq9XYH`e?T_HfiqJ?)D36{Rr)Z^{znTR{_cg{GhpAF(rlvxELmy`>t3s(20`ZOQ6!1
z^A(qct8^}{Ik=G^ypxfvEr*pQ#6llN`{F5QscWJ4kr(xXXV(hcU$k
zaaEJ2pc3xa>7NH&(`h9^jIv7dfv6-~Ypd;c)LwhkUVpUN@+wKHBjG8738dsRLwW=PYY*5q33qsq%
z);R8*+a??gRjH~r_8frN1qhP_%^csRfe8At0B%NXNiB=0k(3d%N+Rxsz``CqtSD@R
z#xl9YO}r$y#pro2j~8v428(i`S|b@kT!u^?&oY~9b-4vDqwu{YVnG+b$l`D5^1X_Q
zIZqIx7z^}i8^SM33ji-WsfbNP|0@&3h|%xUr**j(wWf?%dhhs@+NQxKrz;)YG%0
z<0p4N{p#T5?kbINm78D1bnn&|K519y1Mk;T^&<{YjCHZ(!W&J-tY@s
zg2oTg-A^$lyp@^Xxx-`pv`t^3`@j<(t$-Lmr^yCWzmuP*y-5wZENiujmZe?MnEa82
zzrpVL=n6|z2BM;NE$J6pLC4mLteXx+ny10IUVj@kdJ$J}J4vsW#b;8U)AV(sk7_nS
z?HBVxYvX}y1~^8(bZW=jhhOd+k4+o(>sT|+sC_4?lz`x-(_4f
zYU~d;TCEnXur;9V-LbZ#PvuPwYpSpnwzZ>6aI*$>UKB_2jEJ3M)lf$b8`e!*+dJI*
z=H6A!&EBs)*!Q0t{rLm7h|w`{5hpt4fUtXJMac0`IOdi&FexBGU>ey%4}1XW8aIf8
zLmxgtcjb}vOOND>KBdt@GU{NJVUE$YwJc*#rKx~RLlR8;S}~mA4tY@js5q=#^y%J{(IxW`sS_t?_+!nWnjxU
ziJ99w=D-8{JG;^G?%_-O@tay`f_8U*hoPmh*=RS`2rsuDv^MJINs6ZK{-y?(%;?3z
z_OpZi9paLyh3(_*-~l*m;-3$RX@B|p#qr*&7u1Uy{`{tP=PoqeJ8{3mp<+(Liu6!&eZfy65ZV7X#^UEnI69K4Bd_-fWiNNCYURPXPvVHQ7E6HSf>ANzvqk^7ElA
zZhNjPqJlBi%I7CpuZLddT9cO;+uFnOJFrspV(vMDRE{QN3}WsbTlQc#TXSzx4oHP}
z;ePR6fk(m+TICm#p&qY3E5Cx-JzmT;CU#}$XRZ9|Y@EzcXYPeA_FN~a!v9<+FayE!
z`{ft93zg4x7uM&d>33m$uBTDl#q+r#k2tm|L)C-wyD^M1>GYh=3|toZ>oF`p)ZLB#Myu+jU#^XI)q6W;8*8Pv
z;c?nnuX?HHW@BT)OF26m<<$t!&qjGE!ZWl{UW&p&+IU#?R!`GLd7;7+wOL-M;B;)3
z7pZhYHY=AY0PxBQ36O7AuA=VVX5}jS-P^2OMgjQEa;KAQbTZB^@hV)y;BmNk(_skL
zn||s3)3n+z@mWm&k3SauzrNX8FX{g`9&D`N(*GahWAy*a-Tl{V1^T~8@-HdLAGMpG
zH9t!lZD#uqj#k&AMwm8hwp1YELllL}erpl22x@Vw>YBnm)~o2bHhw{H=dh`PvT6Myv95
zfpV)V5Rh)A*9BPISg(9-@VK$D=r!oKhzYo=0tU1jb4yde6&rI)Q>NmoUfTiQm|M95
zV%wZsxe!`5=ay}rn5!zF_-eCy-E7x3tJkeSu~ijNoVPi*Y>ql(sx5eFFQPk4xCL(t
zlpB+7^9W6$gc<4badwf7vQouAjomGs~G
z`dWL={`3C*&Gs$*_c1=+K)(EWqkaOf#IRc(1on4cA0F)(}9#0*X~@yjEobBn=5oDno>IwF(Ro2-CX_I(QMi8H}rea9u9$K
z@DA$!A=-|<7^g`uk_4t~{V6nZq0~_)lQ+y5*0h3oUG-7@I7r@ES{RCLc$VF?z1hkvYP@;YgF>8T;I#DeuPv
z?jai@WHVb2%(d`mbE7Rx${U-^PuX{^iC#zZFAvyra{l?=u=25VCn}fL-Y@&1glH>CkE%jgq8Wu^8%E_}t=Q(~{^6
z3ag7VP1_!%i;$Fk(VsPC-+a@D5``8m9&ps!5xbr1@trUKg-=kpi@3Ul{t?(*G1HEZ
zZyw^USCU7$3U7IY^u`R?t|%R%I4M?mEsyGQzFj^wkDli67eJHEU{Tp{YG|-@XRx=Q1PUO&pg2%8`7F&x{dhM2Vt!Bm
zU{-_-<*P*WSUIiSv-j=uL5Zs^ON?iM#Yh*GJhiK(m6@^u~gj%XiT^D
z>OphK1HKxfFVcB>#){B6m`oSGeT@`muQE34EG(wo%?&I{R~Npx+}yyQ;r+R2>c~UC
z{o>VE+Y8_Azka#k-R|O7d;7<`U+x|*cuVzm5BGK!ygj6v-@GbJU_SKB8f=!
zG6>jNB)REVI03tg(D7Ij-f9uBhBr0g?(6D?toJnEPlToB=^|Sa4{8t$cHkCzRI$TD_&PO
zfQ>qsqq1l->D*?60LG(Z%)(yK*#d3lf`&
zlLuNt-kx{oF|hF4AOoYzgJSt+0!Vx18?MP5n2t}P-j%niuk2oG1NJwBsfN9}{MFIa-hN3qTtqqREg`uC{QE(t%_E--&{(
zIC-IMm~+k&UYSCEt{(Ah{WKnHVp6x1lB9$k8T$wTJ(C3;CB*k4ktG_^N&9Zt(B9>g
z;QXmHP51Q`pxvFz>ymy=pHJ^?oJI=&{v2oRJ{0ruV
zm)k2_<)mBZF^`6Q;Vfk|hQA!IaEj;#>YG$Rc1&a=jSeR}w8i1UqNU~26-mIJb~yVP
zt}LuYfN&+WNR|kCg7Fk`ZJ(wS%@TlS2>M2}tuhf85xR@29xaJ-
z6U}tQ=^G~*2O`qFK;R$t*|w}c=KVKeq(bNMZQ8X{(r`!HuC+7xgwUCtCcMMBIxFf`
zqPV=lj%a+vNb&-AT%w*ZzB5fJ=2C5j2fUc9STL*~F8gYoB1bkSz|-h+c3=5`oN`Hb
zbtP2R8zeJLI0@YsN6+NQXx46j_{7^U+S}Wc0_;lm1z_<7b#GW4E(_zt)=*%mbKaoM
zriCnAW0oF?$p|GmWaY}~W}7Pdp$CL(ux#88n6hMiK@*uR<#Q`r50hnZoGOVUMLVy9
zaikxoH>86))a3Qffs5I)0>YAPZo2Az)O;C=Lm)_xFmb6ve(o#*o@k34lOyPc6Xm$!
z_zaD`cr1ax5!VXDjyw5sPF!EIk(wMsZg~w@$pY2m-yho+{@HdPp(AB8lDAp^tq@An
zTvGZnCU;^P9#zJC8;>Sjm3nl>7Y~Mdn#`bc02sMMUVM(SOFis8PzvHO5bnKUW^?JlGK~q55
zMrxzMz_rq>8U*gA25-S>_O1c9P8RRyiq42Fc6Utf8aNbRNn2Kz$?+nYF-^&Ik1Ne`
zdb|882QiB2reD5Pbp~8l5%ohe&g<$RtT@^h@3b}Y
zYr_(~&G|cNLx4aqb6zg2hmg*aRMr9=GFD|B59i9H6Ppa*rsHfV(Qe@q9G~KbXDUmz
z4;U%Dw;49X4Orlz#K*bQZE0Ww=Wz6S8c7yN@e#(L5y@2B8oJoVZXqspQfD
zn^3{-hSy9B?dHQ~TVmx(?JS?T!G#uqMQ9!Q0Ns2o`s>FSlE|tac
z8W;_jMdM7uPdieIYr7kNwuwegks%5hOb>=~k+4fQu6hhJK(%>b^3R^VDwudOcGiOBP9s}LP&~S!&q9l3WSR>-W}q|xHB;V-`E%5
zSq@nNG1(2R^7+|t+RVmh3nUDDJp5h9ctA8a?t(Jn2?;_5DW?yXvjXJhcs|5=`zF*vbQ2rQr))b!88Fc^H}Ia*ht}5=|zeR6uHSLEWs}TJ4O`GS+wlgZ*G`T
zuZ%8VaZ9d28}(kOATc;$2{QaTaLzqEi@2e<8B7QXYU^hl763TRNCg8Xy&EBW;w>Wr
zRT7-K6kHsOydzgk&@FLOjdUp8%Pc}$21oA&lTpUUQ7sc+-bJ$KZ3R1=4WWs!5fQgS
zW0*O5#;>G)wk2$~%gq|HE_^pPAn%Wn0@3BhF6#)Fm2?$}9xNEfR%)dg{Y6s&YZ5;2
zG>X&XQ2Gk-!Pz;8ZefIwJ~?GHr%lzP+zHYHIS%s8_JVdKLX4wJ1gu8qvm8vMHq{Ku
zd-+XXSQdnZN*HfiTe9yGu2ZNTLq~S|+DLB#nMcqzM>K=hEe-S2wzk?^wSF(x2%+_48p}9jZk)uolt-?Q&2n$>zp?GCgXBuYr42z^BC+m@>Sq+YkOu;QKf~o6v1Y)dVH5
z@Nmd^%K2z(c5_j2jFT>i0>s#XP=UCC0Yp|S6$e2B=JBBl2ZOkVSrc1|)D>LnTO9)h5AaHEvHTA-fYxIcmwPYkXuZYqw(dYAduk
z;FAn60T1AKnR!6eH9;FrNJVXMYzucxwVBf4<|8d6s1{TaoGtEU47xvM5jJW_g&|$V
zBJUK!dOD_?1#u5GYb%`u7LdBzYK23&bTvm6hHp{H1zCG4z+E~tThJew$!u+EVMs`1
zB*@Kdj)st07UE#W9D{Os#<>373V5t>mzfBs^QcDgKIZ|rV?*9L8o~|BK+%v^5!3*U
zV;6LF?M_uZDC3a%DCV_EIpkZlFU@FMv;l4^+NIqbJu%U9$$Nrs-OWK{d{>Ly5B1Q>`K28+O@eUCPMsYXNsB=i~2N|2^
z40MqKRUXD$B1||0hW`Hv
z*2BD2d32t#=757V7C=H)7Q{#nfg@Nh|>SdG)y7h&~|!k1PIK+Hn!
zv1H@bo->jhhRdhNQIAmZM6HyM%u4`%kQ9lzEV-tXAe2?nWZQ~X6$Ee{3YQuKswAv(
z7up#w%!E!}*A*fb&Y6rt9SqL<Ch$?x5Q7Rnetd&oqIg0xr$za1}I~M!NJw?}>%!$B)V#8&3bTw1$Bu$?;%Uwaph@D;yvwjQlemVEi85?KJ1Pt6
z`gX`7_q?zI4Mg*S>P?6RrU@j4DQD?K#wql{*&HxE$W<Pnp+lH;?lm4lVFKmDjg>41mQxH#~=`^PD@mX
zJTwR8M6^IQA!1q(@lMzSs@I`hh7p)bMMO0Xattc33vxrH0-8DHyr`X|>+F66@6sW7
z7cC9mE;&PF1JH`aQRt98Hnpr7ewo#U!HrOn{>+@~sR%eAUN!D!D`b=zUOVUXkO5Ri
zPhBIg5k?=j@K#Er5!_f>M@bg_$nFrt)T6o1^ziV@n|2x2DRsOrVRIFqI;D#9iV(0u
znk{;_qM3*^WvrMlbVVUMzxr&c6Z>PSCI)-X`C>+*4GG|5#X4}z7^B8{K@(S~q(>4RjtNBqF+ti`yb
zL|qoE?Hs(2T0u2S`dqG9T(9Q22rivMTNmvUxo<>B8C!xukt_)Fah4333Lq5UoAz;-
zoy_nw%R;9Y{7hnzOVoqAHu?^?%2KqPG|!rKF2)l7bh5Ql64D$WzTT~9@jD`3lclKF
zkI$mz_DWf_^L+coQDwDW%xSNsUTd!2?qO*CoQ%hW8Mv$@KoOke@Kwe!aO1QO$>VZk
zei#Q|zej6&Td}FZSti1}LWA=TTyl~xk%h>a9B3#>x7a2`D#~G4Dv=@`jUdN7pAJNq
zGgaw8-7M)i3t}^p7{Ko0WEw&ZQ$*(BMB2HS0kJ}d1>7?|_;tN=%tX)&_|Zb?9%m(j
zi>eFaV<6YR(Wvg~{7NMtG4fYK;cj9mrR?9D9HX1&ohirt7l5r2Z24yh^h=x}gkAZB
zP3!my>#=j$GR_~B06K-zhkw%*(_waG9NnYuZ~ywYmD)df2RU!MI+Z0N*coQShGMRw
zSY5JZAlo)qT}H34^1^7AkM_RY+dr=BC|0%vG^lwb_Qhf{W<~l~x##5UPv)A#XlMhM
zgBF4TPUf*H)knFDWJav(vXPKDooIrpC#+0Bfzu59$3U4it*HIdtoyE0>370uETlKi
z+{ePS{TGd=JBO?LF91Sn!&q#pb4mbu;TuC!%zd#J0Cpi~0x3pxX=LB4Lq>KPr(%@w
z?Qm{rh?81qugjsMIeej?OWb#E}!
zp*#J81t~?i)ruN{ydX~YwG_f^OoH!P!J&2STqa9kP;ttr(!Z`ml!^(7ET_xB9SX^`
zS4N1J>}^}bg9v?$QPg-`MNj29*>&ZeS7wXAlCgxEu9IoO`q(qQFyZXv-un@u*Af%7
zG9T^)71E%xn8Xw!V{z9^H{Ipt5U<$eA}gs%bLHx95>|irNYXP+n#=;Vpk(x6~y)+=s
z+5^y>4n`my@(hGX9ubA9S`pnoSgxr+WgK|0%rV8z=I#`6qbG8YFvw&)8BR1o^#FX3EvvP8Y(PXu
z>r{t`v@X^sUMB%sl6CbkYczQ#WGXcNQVU9yWMegNV|7V7v^>H*H8Fk_a1-*9+Z8J}
z*QVy?#pT}R#Nl2($NOXg7y}gP(jU5|{3_9mjKt{Z$gJ1tf3t7U=wMdD&q=ryF5cp=DlyHhU7*i0Pyn&+lXBf?Tp+<&Re|wHm@+Vg8M&+bKY|nlJ
zCYoB&>j761uea<_48ylh(K1q0f=ZRUJwUoR;B1yB6D^_3I~r3rmkg{x%k&R#g6|U|
zYHx*HJZWB+u#xW**@1;qj|
zIU46%nr{JzN16qCM18U#++vxv$4+^OdxQ&DyIjtP2rHnX)(#w!R25}sYM7f-Ci}Ly
zR%}8Y9@=|s`PG&f%jzearT%Hp2GFQmG$9jxvT0sw
z-_x@N^c7wrYUUw|8ffrM{LJ)(Tr#TT)jJOx?naCY}PO`_Q2
z8C@@g)Fl%F1l{BKGQ8;N`s5@r)Wey0u7ZA})t-)Qk`~Xxi4QZUvK)I|l^$e1(=;??
zRiyViP?vDgEbS%yUsoax3m2dQF2sOg_`vAld2*gf9wMkpmL}<(;FBc)xYyDF+ivti
zY@;NloN{z8;F7R+pHlQ#C9E3&fJrMhx^n|hb;lXH^mt{JHIXceufBvsOD6fakll|^2+l1N+X}l`s!lU=y4nXq_0+^F0)Z^t}4QZjq+sL%^Jno
zcq#&yEo$4YY2vGM351rsOFGj@@hVikks7-*jpR(+7`m$@W(?}i_%;t*Wo#%7n7gY8
zt!dGGQs;Ff%Wa3OqfweJVOgSm%MQ`{C&Umb>QZvXTN}&5Iy(~6A`<6uDVr90{unFk
zs|(AdqHM9y)%EqAaXd(Mjxg1NJPWF_c}zY@LPKz;r8s6Iez{6m>lutcE4RsJU1~yM
z`Y;;&NztP(Eh2~|@868eWIS`0a*JY^+3p+aatpQ01Ud95d=d+$VyD?VJq)Kz8K~Hh
zy<=2>gNk!Y=rxz#tXM5u`!h2SKubipI0psUD-wZ1-iXIt3&IiL~5oA&Kvf80f&-$~K
zNG-s(k9PL<%rL_d3fBg?vt=v$966uzc_%^-Smq?iH%GxKurB^lKzG6`p28B9ISW?)
zx#n30?M-cX*_cV~GCi+GfJ8sRA=Hn;>tOu2u(hyD@8Tvk13nmy#<|2oI8B``S|!S0
z?dx*q9Di37N7=RrZq2+sphFjdk((1Pz-yka=_ILwbxE^X1aTql#RtkwlE5Ipu;Wt=
z{zc#q5^0KBTPat+d1A|%=E72(!C#fVn&Wq{60<5=*Jk`hF>clz9&)rI*=5|!^
z>3%V0+6ylP4ihs1a3&?U5Lr&3rPSioy5T^8>wo0g*b_EKWU?#zYErj^S(;zX)QxMo
zE$RV9Ao`A}A{6i&ED3^~()+j_Y!RM&?s2nXwxvyrmPi?yhki_=yM_X1{4kyy0klpa
zPI?|d=)te*X&9dOF|$b#q~mzi$g(mE_2t{s_veR~KOUZ)Q;iY=3yJwCHQHrIvQ0&0b)q0;Q(=4Wbm2@AL~F#u3+uz(B=5fCh=3z(yQa$zB&*WKX90^RH;b
zVmML>Kow3(1Yihpq(QK8NYVjM;H3Ikk1Iz(2fL0FPUGfb1B{>Jjm7vir)hLUU$R0i
zuLFC{SDs3VqCT2?)ig_uuEFZY8bOtm3BhedefY!SANd^d&~C+O-;16WR!``vb>s*B
zJeW^&5Dec9g33WY*W(Yg@EQWZN5kGd6JCi%33_e*YE`QosFQ&5)1L}8Csa-86$rxXtXQBEFgV}HVxOC
zXH})8n^OF)zK4XYVm&JU9&-i5{n(6{v0)g!uq-r*lPaU%>dD*UcL|;~(sck$D^)l*=-E?e&KNGnvp
z#=(Z_u)>(LJDxO5ppG0Khj=}}MYN`yHq3i_Q%{NBe6}`Lz43ZAGqNN4vVj`I&d~<&
zDwpc!10ft(3VH=ZW|@ejDTxwEc`L=Dim_?kfaI8=2>V{<1XJ_7a;@iW$i0L-mPzOR
zG@TzM((a%Muc~p$EMUFbm{apOw&{zxsgo7-;&<(xGm2
zVPlfC3+o!}Pxg4sJp#r7DZ5OlNf9tZM?g9-$p@756p>~sFN2$g2IesE1p#+hGVv`6
zT8t5JLqdqbVt50D-yP&v9FgiK^46gZqJyh~AY?s?V2VaR+h1>lKKjWa_SZ;eq9sCL
zFBph5+q{r-^&F(23w45~K{kdtluT&5l(?)8*Y6FN!P3Ua?)Ew-thc%8mVXzf+?l}B
zlyIJuat7Cb#QLRZGi#=nG=VhZH70Sw4+&}@gQa)Mb!5PKk2&OPoI&w&FGjsoR@SwY
z0l+{Kn1vD|#IYGuPe?Q|*3q?7doIzK7SGQqh*T{r+AFQN5J*b;b|Unrv|KEgcMKQK+C0)XQK-Al-<54YJ`fNOZ9Q>aF`xi(KAf4FCFraDRrFeNI8y%$!1bT$+ok3>_fMR>Vdo?K?kDa
z$ykB|j^y`lNk}mU!_m%$fGP)TsoQfm2uHgNr$sL+*G7VfwNX21ErAj|>MTKSF;8dG
zh2?avX1b&evGl9CAKwUFnF9?R0pYfp<=1f~*j4VDu^oi8BBC`1l3nG9`@Dm2ZLC@j
z{?Q!>zjng(5RaCo2x2iwtJshqd0#FOG<&kHF71=+yM8
zG#x$5n&dMP%&?&U5OD{0hvMcYvpi{0r=mf+N8RymB~MjpzEaE5-r3im+94qXdKgoa
z36IN;7s=FTKs<8N)BY&d)RsP*&`CApQSG$L{6eo6h#8|MmQKVAP=Oz3BXLiw#p?F@f*
zpjPqR$DEN0v@~w}ZczH@mK1Q?aNA(yCe4K%
z#fRxW72Ry6)u9r^>(jQ=P-knq%aQiTA}rUv`-I$KE`$thylFC8A5)x(q;nWAOtMu#
zRLHM^M^?3ru;8ZE`qRXD1GW#iGGxBOt>EP7=YmxSu%{!2NYU
zMd8^jS-lSb1M93>Y{C!0b`1JKM+ed^XtZ1Est{wj^zcS!{pWMiVB4)FnbHBJjIApQ
z5=Fpw4@9t}MiUfRgFOR}>mGU_tLyQnP;e8elwHA!E=gn+$30jbmC4bzxi&>T^F7ib
z_uM-i(S+hi+mZLmo=h~vn-_=C_?Aj2*T@Q77{yP!VeTk$w+R^prFnD;7dl0cwZa?+
zD}KJ`!3vn+b|mKPa1Ngl>$$&@H%_PC1-5Gx9%A$;S0axq=|m%u@AhF{l_>wZXvERN
zaEBK638#vBbH|ohP@3vGj1`5h8zdn&M1B#^CHsaFO9HG9sJ9c$`V}a&lPp*%GeQCV
zRcT0(#K@<$2gqC8kcwzkLmGKov>#$eo(%`j!>;fmf!;&@`EVl=fQJ&AqcC8tN)k%@
zmwUhC^>pJFwE3*L3Wvum#2_Uu<$(LWSz%3;l}hCab5dGh(p6IECE%fdukP#)@oUgA
zDrNDwaB+H>vByJ76kW1h<@?628V)o%tiwk1!^GBR=YO}E0pi#3hR^pb(y>6-mIzvsbkrO;
zcR8HS@FZ%2{#!E?1Q4`($|)gNxfSQDRP!f{3d>D0E!^gl+RQ;3OSSw{VSAIx8&x~o
zt$z=Dql}7ATnB3g4k)?+>3J@_mdOAtK>U>PBn!d=3?<7$Rw_ZlWXGR*kf;O#Ly6@Y
z{u3I0>Jau!j2CoOuIxtCf=$9GEukPz+!D-(=)3|Qd&;mB*lmQhro&3FagAUkt@5y7
z$68bYX$fHuTs1-BySUzHM6txACvyf^mg{vmWIVAKXZr_-mxkTXQwJ1Bom{?xs@*wS
zTTIheNa`#QY4J>flBxsgm-sqSOhljGN}+4$bLVoqL}Sy(?Z71ime8DT$TpOhyIphcv%TZ^#*_U(&PvT+*Lx{44
zh`LNkj$y_UgM;M-%{@+Iz+yA$;yf(ljfVXvHqGASoy24fFF|d5tl5y`_$0I_QVGaV
zeIfG_;r8A{zftGuu7o|9
zqd=|=;qkpe%HbVJ3Th}AgX5rwTvaQBRF0(xH}Eth!X;z`Oa}3mR1;&T=8gVzLRV)cZH80t?7RuL*0^h5rno}5WF4${Gb4a|YW
zhNg29Baa+Ns2T7dK?EtjQ=Kfd++5g05ae7gPIh7|2|B<53NOfzH|?5Xa>jSVNzrh0
zk)*dO2+9DnzKNYq>zaUtf*dxPZ-=F2wGz;0sys2Ih=8+04H5`nmGkYW@ew5S^)>6g
z>}pif>)KWJ{i8&psn{f!6OEf?wOO$E6-nOe^(zN28||zNe^}eht)VnIi>;S_oSsjM
zj;iCtCG_?@82#qA;fz9tOjqS~J(C>0&VktL&C;l?;Pik^%IXv0mBe$5y|CKMl5AzY
zIi)_7wWRlDieTzqmF#Rstbp$CaOAF=W-|D5bH%$qTnX2-G1Twi20xO)W3*ObGIoy7
z60-!y+=R^LY=tHjnUkl-=X-lPYX{1wvPV%NbYDKI{f?{nG44r9j|{avlKF7&V)uMM13riVO
zGCMcapF9T*-@u$Q!5rerFfavo8JA3o|M0yNp{V*+S_!}(c;&xUZGdvibhaX{c~V8B
zX#->^{$_Q9DoCnH_v|8wyq5<(L1c_d{pC!{=U
zbK32z>nesTP$;c5Axq9wj7*B4a*6A2{!H%OLZQ$s8>1yed*SCn3n_Gd^!uNVP7Z!h
zyU#;#!)Vp|=Vp=E)qnfN^uz_Kh_7le(#(V?m)c;(XvI>kUKnq+Q2>lfAVzK=d#>S1
zyb>5Rb1F)X5y)k3gg?!==nNw=!XznH8wXR_0>zt#W5m@G!h<#i(m}I6_68@Ksu)H^
zPHxt$X@gUZ*pzrA2U4!gxR&!-3#f
zJL
zAx7nT=omV7ea#PA{PV41IE*y&-1IQrs1YJ;Q)Ord!C0kKlFr4qNh&q3#ecu}}|6R`!28%{N-47O(uTtKQ<7*$H>pB=v
zRF(i=qhA)Axw2^BcXmwiOK`=kdD>j|QzSj$k^|((gF&R8Kc+P2IwIj_xXqMeJ`Hr8
zWob?6c8(xi$4>L7b{^gib7Y4BVk1cwC7TiI^Pk!<74_t4kNX5~^~MUvLnP}s&*ruH
zcrxBBpX^HDXhd;n@^T5x8+WtN
zeS5yF;1H%y-nUksWqiZSHZA8h3g0?cATopKxJt&Wx>mHhAo759g`oX#$3Mj)d78aM
zNJ@1JX7o*B(^c#5~AhU=Ep>_Mg!q_fwLPdaUyncLpFx)t`9w8E6;h85jSIb)F`#^KJ
zEaDZN=y@D_rTF=P?B#7Jq$7}2~l-6kP4)qL3A
ziM8`yNDz_?*Sb}nJB#}m%F`D+1LIxZ&15DhEkz(3R(N4sXKVqIL_;=b*;x~%VS0TjTY!Vt1zR9G#yIzWwH_
z-`QN8q;5vY)92qx&xr9045BCmui#Rta5|N;HJso0Tk=iRGvR8B=m!3_DrHig0vK6D
z9Di$XGT!`h@b4S){;z^YZmeWKzX_-Lx8Jg!ziUn)>nV?isv?KQ@gDrs8QFe6h9hF>
za<8j)N%t&C2{5o%(Nc4%M&RjM@u4y!EsNaYi
zT&L}$EFR}>^4*^@=TH+==q*g5Q*$p8p!Ds{o!!i(dh*FDF|SbTioKhxsVZt)tec7Olu;jX7&YP{rC}KoN1w=@QF;(4Q2u>wo>`Ryj&iBWx2MJ59c@yIm`4cUOl&t94
zsk%+M;5QQbnHoNcT=8Nn=HJsb6G8?L2|E{OoXO9=01QN3wCnwM@Xir07y_JH&UYX
zYI8k|a_RZrZ})yfA3Wdt-QI60V{9^TV?w#=Z=}DHTF#Lc(319=3)AZi?{oT&G_JNP7idL-G7Qr7^6O23aV@
z#S)imD2%&i=ISF`A5Ipxd=^r?y0-`Qh4}5vmC11^Hb{Gj?}GlflIvQ^IkcJ3dSP#~
zR}m;f%SX6e8+NhMnvO8n><~|Ju+ewQs+IVARsu_ekyK7()35`Vkru?$sr&m#IiaAH
z!KaZ>fFOB}{4vb=XIdB8TjD|CH6|
zOMC9#3dT>RT$&ublDQPhS)7|-%iy9*q?ihi(7ec6~xmdcN
zY4QSQNqMZNtJ{!?S{VLeIXkA>P*LEu6>#DHvxh*mJe}iL(Jnh&m8}NIMNjr*qU?@^
z&O`NXOn6hqt8Akkz7t4+Cn>+HLlt~L5K2o@`7KG;+YC@5sRxcp1%xRxnKOOikiQ0a
zQz>M{TEGO1+cm(90+4~Dom_sX6%7&TYm>M#MA5&pQwlVTT!YGiJLI1mEg*DjWVxvh
zU{LCyd5@R{)I5pT9g^lJbbk@CXitW~HsEy1jNd=a;ac!^ptmz5qQ!
zf(q1yafOT{L9|RjVWq`
z?a3$k$tFF#-&J60+LP#x2HMb+pQ>8(yQxb;F~zw@U_FLVfV-8+|2aBRAolc;QLmnm
zFEWWZ_B_3uV2z286BB9Okmq^?O0bG5uR8y(Bbr4%68p+zS$;)RVUdda{?Q(M$9IQT
z2EP9R`?qZeUzx&fp-CXUJhCk+_F^};5epS%lu-S176Q4-opHuhk}w<1N>H#IqKDn+
z>K8G=jX5?RNpX_a<3iboVPTEtsvQdn?F{57q>Oy+f2f3Y6^A5Md%XU{Dv0h%A-D~;K0v8qx9wm2^Mwg@NvdRV;5G2@
zU4=rKn#C{%LpbW8OWXogSN?IJAyF4hW*P^yjwA&+F0b&r71
zzFOvrTu|uIs@3`jBT%!NP!vWzQU7taV2mI-08OA>bIrbn>c$bYjHz`fM@4$ByCAe_
zFQ?qPAf9>E$bb5=u5Rg+@p56__GR6ht3T5X1(%}tp)g^C&Z7%2YQ7qD)(H_iMjv-+
z^enz{$*sY6Z#Yb#P4l6FfLJ#pI$!PxVnX)f#_u3>(Ny#Y`l>T!FqAX{B*fb-pR=uhDe7RB?i6sUKO)j}9*k|$E>jt=rsir~gWg7}i
z14-RTNAt@*TjsNFO;m~@K$GfL@o8&5Le{NpT*4J(abJA>lD{nXmdd3lw_Ij)8U2)<
z5~Gs}i8?yoouKkGAB8L2AXwDXU4{D3c-(uYQyb}LBm!b(-?RNtUtc5_@`RbN#C#H9
zn|5neNwwB|Zp7k=zGPb(HN%B7fF8fpl7bgEzKW_UV__;&g!PN$s!{%b;9W-KEh59E
zlr&l0=Y&}>0HZ~{&9Aq1%e!pa+NbYg1Gta|GJ^6EGvtRp(*4H6nSW%rgdJ|Jf!4E~
zs7ukM<-v>E;k1NmDpj7gnLCZSwJUXoME#BD1DcFY2~gN=(yvJn?l(g##UnulimX#w
zUgqOXD0p_l@zH4*ih$JL+2*h^kdkN`jx#{wnkf(u9p4X2N}WqQ`6=ZRpI4n(disT+
zkmx26uxf3dRPNH=;83ovY#Qt8q!|*XQ}?J#lE2fKwlIxeK6Mzkx`Fg
zGk~Psjb~E7KJ=(m?#7tT8TR>VFR8!T=>}3?(HdA7VCR|g1Kie7v))}Q_pHHfzga|2
znT7cX>P{E6xZ#yNkr`lk!dT-Na@EXOH~w7jOa>&X;wYLw*s<$R`Lg=-vt6H93Sr3u
zWrz1f>Ct(0n$-u(IqnTsX(e>SeKgA`9>Z%l3o}H33cmANPKr-y*X;zrP;EKZPa-Q$
z9p!ymK@>@Q#y@T4lN*&*u>80;(R|W!id=$isJ=SKPT1KG3bKnklcB@vyHr?&cqoKv
zRfif?WG;{}C^tbMg!LFZ!UJ)6^AU8+Ack4*DY
znd?DAFBI@~6ZXlad|48SIMIvDVN=e~GMq(0N-KFjvT!Ya&yiy~)+SY1#R_kj09)9i
zsA3Y9ENz0NFOxK-Mw*a|m6>L)7hwI6W_3%8&ch+RfxF>wk*<MY8S^|fktSdzZ#^E_tMAB$PW{70PTJz%i8
zIJDPNCFj=_iQ$jYl1@W4QyYvGP;HCJeewpxdSU=JM=_fv{~GmI`v1cy@YM=)nk(HO
zv6r+)8|T}%BQQo<7U6vD-W+or6ZeWsUg1(Bj+Py^ig!bpjzvgk*+roj%UCJh|BY{M
z;n8@66A*jzZME3^B|gA?3NmhtR)MnsSW0mIKuZz!)^1+h{Wne13hWA%vvJEKqQTHz
zsfbyl^b_m0^b+SKFExZ0lOC*8k%HR*a#r>{#;9^TH+47Qb1_
zs!z4SMv~HHo!
z66Wo5yh(JrB2NZS$XFajR{~Yj5eX9@yz(ZX{;B6Jk6#oH%jAb3?gL
zK{racYH9}kkU%#(IVfaJ+BL`Unc!4bZ@L2Kp7^gi$Ap9)`#dN<
z(yp28mEC5J@IIBXVx>dCNQ%vn6>>hnr4%O0pJ-no>SCNohRTLgVgUw69E##JifUYk
zjmt<(uCpvgR~b{X#N`#6V(Euz5+7I@@qo-A$IEL?umZ;Q(B=XXP?4!t8XAm&_^XPg
zYuFBO|IoG)swcH-;#P^0Q`bUd^t`+?9=y$h*MdkZu@9n8cfTLMNWbbAzu6nSYua`GHTvpes0
zV%B1!_2Apk#Hs-SByL7g@~Om8$&8UCZHV`RzyBK|QeJL*DX*x$_P2Wj0#VyHb-c8c
z$vA%JzR2t4zUXG=`LjLEb6TfUOv`v)Ve`RBNHU5(fXq|J8gkc0@K;XgeC@E(2-N$o
z5*x|KJ5qHQBFfS9V3^Hv-R^w-X;%_%xY~^Y!hEa2GHk@^M+rXx{%L4d;1AT_h_Yj=
zD(wy?`p&$Nr4Vaj#NlK1!Akl)`y6SHLO3U-j`>ykj$}f3h3FmEm04@{2Ek;|MqvFK
zQ9ZX}q)ZxpG5zTh?XtezHD&gkez4>X$W9fX#qX4O?#%kqw@h?A3;-=TQDNqI+s3|P!?Am=3a_nbDQ8avg&eDkf6YzU$aC_ZvJ@DD_9!^
zVZwzq-^}eM;Ed;nQ@qu}hcisGJFrAXdtgK--$jl83-)qv0D0#ki>SUfn1OA@62@$K
z^s%1|yGV0)A80y6*$Siubn41y5rR9eL|pOtV)3e53(XcuVmY&_q88b
z&nO7Btm=-j^jdI-cNm{46;Hfl8`%LP!&loN_^t!>ef!c!={{Br(;?|Oj4S&2DS==`IqP4lAC$9nJ>c6
z$-OKTO0n+>X(Po&8IE`(qD30NoIkr-2%2
z_XZq)t=GW>z^aN2sCWi{T9qx;;%viAK4nK3<-{+*UdsBb0FN^>o>U1GMUIE#4pNAvQ}%_@=uh?cpM
z#DL|-SE5qBAQis4=QM+a8jKoXt5{(2w2%vBsM|$Wj{F!%!4D^uua`zrx4jps%a7XTM57JsLBzeSVn1Rwb$R(!)YHkC+%Dcm^N!V?1NE7{%x2a9)+
z2Et^IK%=^mr2pveNeqj!D@DTFjlO+dMj^uU@HHX6YJD|$s$m|j)wBKZu{TdB%mUt;IsL|pK~6>rsjD4NB!u}S=p
zt%`JH4AEQ3^j9I#g#VTlRz-L6O~E5+^L^p81`4@q
zi3d2=AsR-Ch8|-WO_LHV%jj`+!aT!4jHm^)Vxx25ivh><6+aTxP7?bu*^A9)&E9Z!
z2}E<3giA!S0YM)QityU7-9EEu9V`@TM*-JsOv;xVF}~`#aA(#FD&{7`L^_Q#@hu#VZ7C)|
zJje{%6eodB;w!t`5X!zuR!j@{nW(J1H)fqy?uI&!ZAX}Zu;n@+Kn`^|dsTw8MmB`L
z66x;RIWL%$jM_o?UZ|Y#57^vl4G;VOd5Lu17IFS&b9J{i0_gX|gFo>b@^~1*1DkwR0;%0Xq
zL0~~srLb@nH`JZM@dJaG2zVfVK||bQ(B#E{uM+i%dtfxBkfJ8mYHb;0!O-^S3(wap
zX}ZlDSr2NVv&LpsT9P3G>5D!0QV2KUj$(eC(Qb9LBGDNdFq&T-Ed7j#c-8Lez^Q9Af9D5hm#>L!
zb7;T5$FDly_`EWF+L_BnJA^sj?zr>1?U4dw6+rdii$$;@}5c2IM8%DRIX*
zZP@Z#zQdL~I6mAzyL`8QadCKdV!QU${=pyYk5Me)g-$MU2iQM>mvEqh!|p-=Qr^gs2;|hb%cXGPvq@)nNMrME5$c58K%1mGt+xw2#
zm`QOBfB{8{87*`-y+8TG3EdU))_Z^wk}3tw;zwcW!nhjoe?e*G{3cOnRmDI)I9K!K
z2y!WPQDb3N_iYJaw~Q7@{o#E<|D!ZhH}#Vzw*eb`4wMj)VVEZ4*jG;6gv88>Ty*zX
zEBgpz%C}Nhcf~nMlAF@lHO|?jn!_P1{fAN^aK41#9Z;w?8?+i5QB{`;lc?sixD$(S
zNZsVU%b#mG9OXK#jd~25bhS#Z&nYJn24!rc@fqFYaW(H*C7O&I1iILtC3x;~t!|9G
z`Z_h^>gNvCt+s%VHHlYXxdp%#XOu=tZ%kA)2o(B0w`cL!;RC3cf#tY4A~Sm97T61~
zry^QtGs9U8yCVMa(NLB*$ld%4^Vxs`c^GK29c2RbdFni5oJxx0NjwCcDF}sI>vVCj
zGj;3uZu~+B6SVo4Ax!XS2Vp{geE?ySjN@?#6MEz`5hgsvJqQ!}0PXyrhA_dreGb9|
zn_kkD@G$S)1QjraCMMLK_(lEs(#42
z!;FG+jra2He=VDk%PCO)jl7$m2e}FEJosV-M}Z2Se}cj8mUVa>58+V@nI#*<%?Kmcu9S)x4$Ki2IBCh;5
z-Q3)dWEu<-6@hS>SSv0S1Tv}wkk-9Ms0n833A?&%KX}4a@|0GV%wqjG0JoZ8e8D2WO)*luTtIweKUNCDg9)3@t3TlsIWfAS!mvQ%iqZ_ATa9
zEtqku#nreJ*qjx5lp8D;5l};UIW6cP;8n-Wr4lh_B@FY}F1zK07{Qn$ps=V6RbH=D
zD2f70J72#_ycTj%Lz8AtoK&$?{J@;B)(Eyyd1%PY
zSZkT;x<;_ARG&8QPh=%w}
z>>PSZj3J=&ceH8b3xs@6lGIb1x1PF@=SVAC0
zaz3Mkh}oZ|IylcH|8Ix7erM
zFZhuEH!5UKjmHRr*7ufMFG;NDNnFl|U53)btbSJ`5tz3Artewl2RBKYJFV%elpnTH3cYLK*#x?WVc
zho`;tqMJ$^v9;B^F?ME`e&(BBYR}YdyfLw_sVQn9x(Ut|@W(U9*{oIpnF)+RIQ)X+
z`G)<$?wys_t#C`0>#&YjoTJYy^okj09TJ_m4Da9h`sZDZ1d4NfHpCMv;s1h3rWPX)v%s9(y18;iQY^34U5o9mno7961eIzS|~pZkU*Yw`iz7KT#2^u2mTsF=64FbcFk=)spQ@
zd5%J)2A7nkq+xcTs;vg%oW&lOsvDZuz#^1Zo{d?z)^bOXr=+}A9&VZ1WH8=u
z!Za!y)1=k5OGnR%3kHXiO1cbgWA9ehC;tjuDUhYtL7gXqJ%anF`H@I4xDzD4Ors{c-g4KJaZeifhH
z)3djtd6NYw2bWK7yZb^8maolDb>7BntT
zp@Xu0P%!;Y=TBT*;$(cm-rjZ~HCUJjnCtJsu@N?F<>%Q?@6<`FfwxM%E*yaxBvjbZ
z#xWQkkyNs+KguQ%e}{n|*lDJrRwktt9X4%fvRSE#4pkt=v3M^9vv$GPD2;SuPx
zi|f|dc$eU!B!WfiZ)Ny|sQ*NdG&HKKY^Le5M{FQbJ7Q%TXXgtwskjI-PAGyflc&H|
zn$>PwwALcuiua&pj`Y)bSY?^@5L$iQs?d>%E59CBBMQxwr0i(6C4_}|i^MI(;Y(G_
zr6+8+$b}_9FLd|dMhI+R)eiOzb{nyy(Mu$#=BUWn7KJ?;oU&Y&s
z(+fAQqJo|8(;G-a9KQp_?Gx&7vc7$Kd492fadbdJZkHwSN6?8m$|7?;D0Mvc%g0J0
zWUb4a4NcZ8eQv2>Ge;=FPmTw;L$;B0APo88^eeqR;48os#epY;VL(^v=BO>nH{-e$
zE?fpGL?o;oY=~PcPh)D4MCnPXRoV(J0vZ!Lcv_DZNgqdH2<8tl#9$n<^iFkOmPair
z*e+yW&#RIN^7R!5kphGuv=n?K!?=w&X{PD5ZQbU2ut{H&{pM-6|Wo}Vvr*U!CfA3SPm
z;}?H{+Xv6}dVN0A?SqDTy*`g}`=s|R(?K*$e;9Uawc>(q?&^A>m9>S}LL)$y6%?gZ
zJT~y8n~I7AX{?GOc;tYpjq1cvnfEq!++m<)d%$2z
zZ3<)qZCQ|Bi_JWW*dL>8f4C#!3ZCu_{(VEFCLZ`>L(z;_?_?^?$&ghj3mE#uP6mHX`$BJdV4>mM299DgMU
z^iWiE{oBFe$;IKB$!2s_@>#vYkyRO$`Mz^W3T09hEy?GR^`;ggjuqJ)k;OZGB6sI)
z&HvFaZx+IgFLih_4McAfhD%4?C75sZBK7H}x+f(HD{6g;OD@-lq&1=H%t3xGO_ZO^
zoOVi~#kfKCl?)_ygfD93Ix)`#yV-LnXbt|_LovSL(y(ESert!v<083}Az$C}{;UP-
z01GNTS#bcgCH^x9(0Tvo4j^pNM>(0c4}jVWt@Pf|;qPwuZyQA32eOv6mrP)Ly>*v-
zPA|z@*B3szID3BxU8-4)s|fya{p{^U+Eo8!47*K_*8gmG>8vvLLAJsCLl);
z76ulvliR2QdS{=^l#|z|?}O~zzkGFi{F?rIcKGAr+4&)Kko9<1`FyY8vJotR+KwzA
zH2;}#VM%mA4tKj&Drwe!$hJ#SQY@cOIhFAhr}4;?@J$K}b%N`X-KZzzQu+@ZWa%;0MP5p?=u7r4LkV?Nk^(&Hu0JQIt*@}zEi
zf6@U?YbIA)nD@S3Os9W`X>h%mPJ6oXkVeyc5`88k_>q_Kl#%WIgL)HSd75v=?Lp(Q
zIKBMw==|u_@u3^vL4I`NHA>m$VjL$oYA{&=(sQlA(szz6549)fGQ~iptULw&G1l{h
zfx=Y@l7G5A|(vKDv0+zI!UjNagF1
zGE1EPyM2B`Px-v7yU(y-)hEoTz#@)eP1TIu1%35o%a16)kTgq3bZf*yU@3xu#AHgj=!
zuo}=Ts$I8=`PxxScmYklYl#AY;UtG6L55{3CnikERT#*J?(Dug-aq+6-}H)^LURID
zp|>YNR=_fZ&$4%FOHYL&!F>(+Bm2DdQ)W(8ofp}SY9o^2J`!6rzGSyYa=*VgJ^#Z|
z@5V7&=Ry0SMj;$5iGWVxFc(~_E!mRUhKkr?rcBi|P$ujj%jeIV`La#>==*c;{-8c_0XY*~oZPe4-RxyUVr^ffO>*|##7A&7>L<}5`G?pi
zNk=|56L#sduW(k+>veaj$cug2y9HI)IV^SE`bx-LJg+N5<0@H+)fYA+5S8HcHwB;D
z5kua!L(z;6>W19FFW_C*DVl=>=peCDWh2?QIdX}qqOe$@=bL&~rQ_(hQ6ssB^$`mGHLb=ckuP7)MyLm?PBq1#Se03}
zkk0`g;xH+8t`Ct4vWT1)iioURF@gtg_K(jGoqU$*fpM%gpF$7e;jnM9Nlhet=2R4vWX%Pl><$F0X*?lTiV$3)~-9_#1sd1w0QJzj1(*5bq_21%~l
zm?cB%RHRwQ0-M7=q*N~0H<5#7Xv~{{p=)VS*?w?O17oQh?m%h-C8OGP64h^0NBP01
zJ&?%^2AUU)GhA9Ou;kV}{0d215vSAEH{oqCrXk
z`Nky1O!pslDK!MNu`6?o3#N0G5NaouIaVC9x!v*}5zi8HcTkbzdVMFPKG_^ePU6n<
z-Q3IlwC(SR65tF6J74WaJd_DN4n#loP*%;MCPh%<(ex{luW_I4e9d)eq$muuEizMn
z+&?~gji8FLDUb{SbEVuR&f&;;V#saq!stEe4ez8Z7erFb%nWjUGbUaE&G&0FxU1rG
z+F7&KT|_&C+Szno9!o>7d#cRp_no<}bbp-hE)XIL^pCiIoW9-T=@TxM+^MIT+E|C8Ks?(sxqXXH}sWQVy3{
ze42UKW^_s*gv&N299Zc4$XQH~DZxTpMYMSroF$b`R4+t!0K)9yEHxm(SLVC2)@(c<
zCxm9$XcRv&#MHVIqvjJB1vsrHh-LD7Deo}fgn+$7CaRP-HIm$7@YJmYolk|$g=SeH
ztYE?t#aR?0fm!Ymt9|s$bbC$BBpsLD`A*wlBD{srF}rRI)J$YAee@vQ2&jc^gV6c+
z8#)~dA~#%qm@sK8DR@YcVK#gRuavl&8p>HjQ1ufiBKop<#5v_6e;JGO37=GBOmtv_
zQ~{lrpSB`hx)Oay6__hVyzbtkj#A6iM@Z=igwi3%1u2j!NXThwvgmFeT2lsSlN+xT
zid^SIV6^U3E6dyFQgc6j9NW%0AV5;cWw==;-0=rot+8~;G-2YAKEpY~VMWP=!PwNg
zVG9aJDlIXUgCo^jcC}&kW6@|Gbw=Oe8(E%?GKO#2HmOVy$+7H&F
z{+s}mG*L^vOFKf^eyg10$=9_nV(4v__PpKEQqP{wzq3KbO53%*AoIdyTHv7jlnyTS
z2Bfyk=SU1ffEUeNm)&d&9UW%K#Ai}4tXUezrI&HpaQY`r;}+stC=`byzYRNSI+iTF
zgz&8a4yNruwWOw#fjW(y0b^zdF(@-hjv$?${Gu__iyO8)DLNuDC6`H~g2P3Wkh#d+
zy-WX$5SjjoTK%Kh1>IPrzt=3vBf>lqvy&%PQ4Dv>wO$09B15V=~o0Fpv5uN
z$Qa>kRJf82EKRY4>cm4z82r@4^jD%&GJ0He-0n_IB!qXnnp2_$jD>5~fq<|GVPhmb
zv0kU4Fyl%$ce#$~gwk2~rWEm5COJ0S8JMJo?0t+F`GgKtGbAHj(pYhBmZcQ!j&Zwj
z5J%Nd*7`$kz*o#)^>U-QiyBV)~97Nd!LjUxZu?I<6$@_Fs!Pz~dKx
ze0La{p!T9K%Fcn2H}|)&x3|~DH!)%%=3iRk5Z(X&o&5uGxsKa`L;0a`mttClG+`xg
z()_4B%jfD(lNcfcW*E+_mOF7>-en~kr5v0!rZycXXGbo(9Q)7kP4A?iN^+9=CtXN`
z{yza>+_#q%i$RloxqtlbhyB9AAZ1Dctb;@)VY0j_uPPGyB&S}GCV*&2OUEG{$>SXT-
za-Uq!7tVgShwv(bEhst_gzyL3cFCuFFWq$~@85pju49f6Y_)6y{vWyP!ubEU-*qbd
z+(E%s>D!E-yAyfO^=!t^-ihX`NH^mncj95T5qS$HWEI2`8uWy<%Nvo1mROJTMv)EC
zMX(u<1s0Ks#*aI9CYb!R(Y25Gk&i9~igPEH>hkvg;S4Eogk9Bm|z#J-}4Ir$=HWE95L!=6?Ht=nHsF*6PT-B|V
zxsQ-x?4xwhX`Z4vktv!&r`lH01LNGuLSSQpvf>0uk?Tac+VZRf#~&aTk%Q=!_89Bs
z4bfjppDmCg=7gGBmd(ViIoFpJ&PmvXIepploJ%+4J-!G?B%BjHDjem=ZQv|O2}N?_
z?FQzayn%VV`boS+HQQK4C@uUGmVc-U7&W5ahu9&LjZ$;USlA`T_(~`i-LCE1Ek>Kf
zFS3?QD#@eug6T@-uRPV>GRjeUO5*QveQc3M>UD$OqQn7}y`zFF%7^YS;faQd{djb8
zarpbgvxn~f1>7{(k+@u>UfGHX^f$A4d@s|-Kj(g4l6gbf^hpc9BKpcPFA?2TBTDlK
zKW}g6V-PGu`KkP*9#r1AXm`^(oyvk++^VomwiF^H
z+nEs{4#QN*7ggmTYP||jLQrrZ2J-LZ;gS6=m-Wy+8X;r0A*E?PT8L$#h>7o%d1}H8
zTdlm7iTGr2)Djc{9vXeDq47ITe>T$l2^Tm}LgDD#@Y_K8BLa|if0*2l)uQI`{*@FK
z4=2&$IMg~YM#lPV3E=Cd-uZerITS%gAD#h|bnl@c`jdJd=9B{*zu3|E?BgN*?KbgO
z9+CW*uv2DSgQ&Z|rAf1a5`lAKzu>6+jSh;tnC_CgXu3L34&pI$WN4)EXq^kOm*F=*N;_N+GTz|c~7U-c)$JBB
zJb}m#zTjPls{=MIU)3Bjb>IAd4!BciKV7`O*?$;&h0$h-&)#FnNqvtZo-`I+=|h&WZ4&xw)aOnu`;!;_ps8!?M
zv8SS8!vYqdiqI@wBEwi%Wvu0KUElNmLOjv+Xno$5Ay^fSl#Mb)FSy0tbw$Fdmdzcn
zFheJz8o>QXhQqE~VP_070QQDf$QwOZ(#qcRN)3hc6p!pdtcF2SNx6hrPvDttw4jl&
z_c0!~EpO!#h~P^(;q>uBv_y7#6Hf+nm7_uqS1%@=VTTKW;LxGG8*}Qche8p8+7{vp
zf>NQihmAmEL5u*CFcm=rF7+0ZhFrRk_}|qE${2)Htw>5_@03;q$m)5sDuALty9zUv
zcdX4x?8wW#kJ@eqZ;+Z<)=JJ^><+#kwy55o(k-bt?Y!W^Klo-LUJrh^75jr(+?xg@(L>Dgq+Gf>BDy`+j#F402F7lv_%TNF)-z*9Zw(wP
z1We6}k((k;TDY#YTB=p*2yc_*&Uv{guUTd-%SAOyahF7MY}LFo2)8f%B)~6DZ;IqJ
zt!&GhsuY&9hFE-6bMd7=_8zGBj$P$bjJKD3PrmXC)_Yfu)4x}}cV52#oOAn+$uM4*REZ<1L)Q|A
zhtPJE?3p4&UPIwr?$v>EMQEE}09=!VwC_A@Pv6HtuUvOF8R76F$)eiB?
z?@UPDLTKZv3SGFbk?m~^^2!#mPqCsnQn`c9u~Y7HfZbOJ6d#M_P4NxW`s#D+83B6_
z-)lmCx^tDZ7fqrh?L?V_So_qbR7Jb0W+(!aYW>M@WO};eF*Lzo$59MZ&9YrFhb_fa
ztEja8-8<~Aqum@U?O8{xw72!Wj2#njl=^=}L8N^X8AW1YWp?i{d4IppBkn3H*o?C*
z1)F(S>^^!|4F$n?RXxU*VcYaQ7M8hJrwxLB*D)zp=R*0o-4cps9FQ+8A>YLpIPyXN867PWY}
zxqh$&wJQDYk@ie0z`i#WOpd(D>OQsk%a}$iB173?@?EVeBDOW96N+M>b$1txT@A)~
z*pOp)0(YWWsT>oSP0s$nCeCs$%;`IdPG4Z)hXYd`vkDG6)=vII>#CM>{sUJf-_iUD
zjBn&K5EjwHGxB~f~7nIC7Y4SyDNJgHI;f(Ypd~f~j@gRBbYZVG2>RN8KQoQUumNOD*cc9nm2h
zas2nu8;NDDCtyqq8Jov}6g-=sWShWS+%vcRv|Y*m*!F1L9NQk}jj`={w==difL(Fl
z^Smv#J$`=g&|B03eqaX9@0|i^;^CP%e|RdStp{f0{J|-acJ7}U;%V=11u7f@n_C_Q
z<9q+JOcrq8!|&hqKe<`n`&clrPWm65kYi)pqxXx2SnVBAPaOFkQPDj{@yy3b-Xbiz
z2PqdA-KQZg*e?cEF3SwFDr>FyqSpeYbz98jRNO5#4O|DORTus`drulvG2ftsLMXzr
zQ!4Ne8mf=1NMtSz;iM)dA{pMUT(3$l>tQbk?uyL|D&;!ikR|VHb}VUy%$N=iAD+7X
zS{f=jS1_%#qetszBvcj)DY3Mqzg;!!HH9N6=U$U&g&a!5Qwcdg3|n+$WJTq5V!MV*
zH?bE*Kr-RY(MsXc-7#)BS%1|+CF?M>Emt^%taXQg=)OE7bt
z*Q8proC}{`FaB!UY+6uK{7&oiSV?rWQ$!@rhfh5L7_oJJud+joI(Q`o^lmx93e|p-
z(jfa>yehf(@Hte%S5i-P-%eEMl=S_TJn0Q-{GHNz=)}A|{qc}x9G}#EDYDhjBd^#}
zC-miXus_s}9>DQ|!iLW2j^j5nqTM6>
ztv{WfZB>_u*LLe$w>)TX-S+US!{2Yc)~~ATda;nIXIn4H!;{xrTM%a8tqIcnHfg;E?>`Pbz_Df*6
z$a_x-h)uQ+_dfJmkz38%T%Qqbv(_UD_cJ1h<*dr@eIr|F@>$w1pOAyd}
zRhh)yVZD+=QtV`xn89uXD|rBm;o$7@
zO?EcV^C_S$aa&U9_^k((+IjV0JLH*sL_=>fQ~$mWZF3o*Ll3s&I&@z{Z+>`mk8aA@
z^r3D&+?w_45zW2HWRA3!u%gBJy7x*&?;g>do3;nr`(exWN*ZiTyW@;$>F?Gyw`{e0
z+tf~P@8}Qv$8R3dDAwe&di$3)ysgWmGsm;83iwd%)HEG{q<}EcHOw|Bf`wWlw24aY
zLy=;c+(zaADdcc>cY+G#Vz7UHaC8)Rf-#wyFPUS0Dy1mYI$_H+DJ5klo|c8sbb_CZ
z|5~sEl8D(>D+Rw&-U^blAa1#Oig~^abV~{^5pYr?JMnp$Bmp*M{^?wNYQmHW{b&{&
zX^#GxzCtb0I}@>cbaEbSiPy;%uGVfy^hDo&I{opu??EyY$Sb_3bzdbfc@OMkeLY)sOKjpp8GGdn?^efYfx$7h#^r^oJ-gIQIs9-(RT
zlW*>Ma;xHdaD2Fb)-f*labFsv#{n1iTTuP##{5fuvznhum&AJ&r~xa^EU+>XX26{y
z4muOEVTC#>{*HO%Ew9)ZT2RiTWYz&u?F^tM8W~E0;tz@46G_*kI6-v(v5M`hQ>Ykt
z!*0Oa%1ED*!JD|CSz_>MGFiz))hZ2{UYMCqP%|Zmis|;t{W+OGV5p)<1esK|q?Y8%
zX@k?XlqZmh;!@x$VWJStdP9pAbYy*tMdrIxtR?BW!JRv1ESsZ9WgUb>BlRoDH)uUa
z7w|wrp32wC?%rq4u$Qqi#bZ7qJyRU*x9yXhpGw`4akBxsMMlJA%cNA9r-T0Am;=+Z
z)VFW%*|f6M_7yFoOo8_B*VN~|mvLw&RYauN1ev#T)JiMgEL5hRqV{$ejQjOq)28P_
zWx!+3g~86IELGHpV{FO$2~^|k60NbJv3wt
z`^={No_)rQ@I26UwC79RPcaOVXKtTfzB=#OU60yYIxQW=6)+M7Em5-Z|9F3Rei24;
za&#Dba9%O;MT%Z>e1$S7Hk{KNhIhlTKdl35LV+bl!zF|D+L3lo5md=EZ5gfd0>*kX
z80%`nEHw%NbNKEE;TBq%YpZ`D5(3wwZWduSYTWBM_ezp5I0KK`VQ>{)iZM>csWA&d
zE8OVoG{xsZt+YXaSSoNZwd1-ss76M
zoKEG#dbS=};T5LjJswK(!Ij7cS3Eab`F@`GqTbW
zIbTItDBYY1eHMEvC+*ZNy6*rp2jWsJ%>JCm9l_g!vfQhM*n2{f6F$3YB-cRTs+e1B
zQP2GMhr>T!zTN*>B3Rql9_T_?3&CLc_T|Cp+qe5CuOp>}0EJS}lw<(dQ7>a3xOc9p
zVOLCWfh#ad7(|Z4F9)2^_XB~I7}?ix(~(Rt&=#Yb1Wxs-8gJI3VuCI@(;|4a1tS*=
z`6OhT@z~=OiebvP?JUn0Vvi^_
zk%Ou!|1?L*JuW$s-jBK9E`*1&TvqxFFT^+d-sbZe^CW<@n*
zB7v@FF8?-D+4nZ-=Oen=GnapZsqA~zeSI8gwA1A=k-4EPi2{BE@8L?GL%=(xZsB0!
zWFIX!O-e2Ve|+1akNZcaN&xDG2?sJ|G9kVX)_X8EZDFs|QSO4ojQP4**K-lb(g!p_
zUSU&7>_oV!Mj9KwigY&PwT|!%%fNa8l*Q0xg}ZhzdN>g!UD?tL@*6O2roUA;SOjuE
zdS6bvPsUy}~y!aH_q($yLkg(ec?f1|KTrSi)Ik2l9`uj(wyvxY1y$
zaYMA6waIAcn2n|UF;0LfF*ikEJ1kQAIu`DpU^fTA_8^0f_5^{7>;gWjL#p&>`K$eMtq6
zyFuySLsawaO+D2_ghIZ&?fqFH#omiw1^lG?^tg10t^7<|N;qcyzeWHgyp2|^FMG;&
zD5e{&0os?x=ocXp;6=5Pe)3mNQk8HG0~YBS{!#KZf#h+ZMR(~w
z)G0C;5_7-&Sk{~}>o$}5*AfrB8{*-D9}!=qxMb7V0C|AhaTq2icnJ`|HF9QGHk}ve
zG^_gxtv7k0b=MMf?gtC4zff(4zlgAeYlL0yg6AIBtMO(|j-j!z)5nadPNc#$!fqGh
zH17mN6Myrg<}&)fA3vAbOKE2RhJ~rO_yM>mHv(ERkBf7)YvQUHtdVgKPIV?EZdQ)yMQac3N_Bv|G!iFT&$JMT
zk=fhg4ke^=D^p&tC4j=opzuAptsvo;sQYoXDtNa$-*o<^JqZxmcA-`P&`ASFyB(Gv
z-Rohw7i*a%%=vAz`Y>orK3Ml(a6)U%72d2aO?Ez#MDJ8%)ge`jY!E|Ey}G7K4tR&`
zg33`fT9DKE(F``GXM~_iY?>zL#2pK_%Mi&50+_OOIrbsUHC9xkVbt?gv%YbDHV;yu
z${2RBQZ2&$yjWd2DZ@yC0oRLz8oAoL^iS*W#)dhGxo@V$1SZopG6iQ*S-V8&zoacZ
zZ4r;O!hhvDjRTO*LjOKL4ggY|v=AE1B$FWQzrB>9ggs%_o&2e}$GRPen|N%`?}8=J
zW-@6*bgv-Z`Xv~u!bPvKaz@hws(S6OiAtR=i0Fv%SJ5CH+^#X66A~VLbBfpKhKte)
z%|hP5VuKn>Y7=IjpEWJ`s#&fOsKbijx^j8+Wi&5+t0`{Lj%zwcyW#q#TXbA1L?D%`
zILzo$cn&Y4+@&z*Wc_PpY!(|@Wtl9bNG%ZA)(jBhQu
zXWBKVAHLC<+1F!Hm;+MW=_AFwifrt=F;ypc1?4&dc22NKs49T^)1A(_nX*)mKO)Fz(Whie^QJ
z(9i<88}Z@-z=PV(Hl2Lbw?8AINtlH60;S4Vyze5*W_p`~Hjvq6JUx2-S(I`5u?x2_0jqabg;v
z4%_u6HFx3-C()}+UaVQP3rJ7?#o}3nNV!zj0XJc^g5>uvx)x3UP0Mf;(hb>E7eF>e~$NQAeWWtHw5!(#r#0g7_=mH
zV?b>Hpf}7^1RU03=x5KLm1ZGzjtKs+X~ACQQ3l*A|MN>6n@YAG+!7el?#Hr-~A
z9-UkyCh4OM(!a%xC!N96Xh0!6O=d+7Qhl%unot+8r8c?{RL^|Bbve9`F&qo%M^43I
zMhyGXi>|FC>XP5vJ7sh}Z8;>n60xG4>4k?fiewR5tAL?2gQelyeo_v0?$1QJmau$*PF?mV#O^*J&4S4#XNb`Ygkthk$evdjM_@M^C*J&oU1J|
zo>59FjBxn=lu_N3?f0$n*wRa2-BR+!j5kL0v6+1oVq?mHZDT7`bR`VV8Y4IidtIOd
zqu}CFmVr0?V$s}jbckKh%=<3GizfO)Aj&!kRu4rrF}%0>MDw3eG?e2HLhMEtqVZfs
zdFjLS5*zUg#N?2N!%xe>e=SC%&=$2#|2f=$9sYB1ba8z6
z@~0KU`rdKaPP|Pg2k+0$56{2&0fTSzS}#zmzwiG2F5C7x+=|y;RxHJ!mKlgku
z+{|}#I4Z;c|6kSJWbk%x@Tyvjeh7-x{QFmDFN@7`0^_-@iE=Jn%N14SdA|3%z28-I
z{a)NO^Kj3+4wrp(7y9R4gzg9Om@W+H?!tCyyznS!e9Ne+bdqI@ZE5sa4!bOd=qaQhZgb)16d4CwW?1xh@KY(O$*+}
zCt-5s$GG}TxVLp0u%3AKz5Ik5@El}Beba{OHeue@VUG}H%1>G@C2Se1)gC@Dm(U0C$hrJ9*erWG5iIoOX8q*lDgN8@1z>z>
zANGF?H!-#9L&%Qdf`E-@Dp66!GE!d@>ygY7hN5>$VK8SFheW-yw&rPZzL9a0rul2{R({MvU
z$|o;>r~#0;sFy8kix*_VY(IwOhD8<}Aw)U}r~d)}xo<30`4K(32pV{^;`)!r{6|yX
z-v*t&=h;srj&#R;e{lNx@TENQ{g?PnfaClTzAYd0ib6WFXuCr^5V7ZuFaAD{fXi%Y9R@T`~tL
zS*}@HhP^6#2iN53jAre}aBT0}@8M<+d+5o_Gp!g5KY5Ruq31|mShldr-L
z*NkF5r20u)`}(P^=~RZr`T6`v?~x!^N$!vhxb;D4C
zHIY6YZ!dp!@pFCO*PDdDF&sd`M&bdxV76XGH*itVIb~PH);Ez65CmrU-)a^t!;1VO
zr*J{M36j(A&7OIr8Vfv&Z>ieC19Ld9u{snlqPaI1l(Q*X66`
zy_$Py0RL0V%s%2zh@2P7;nFo8WMH10(`YTumscl
zmSEa#A$wQv8sNo!UuTC^coqFub9ded)^V_!bUZ++h*;EsOlJ%M=Mu^V~&W)viN)LBR8
zC{@h1NGkP|DWDWWPU^Hwp7gk&yl4cR%d+H80;>Z07dOllO18ezS^SJiPCF
zLU|xxJvzBK{QcqC)^AG<7WsB)_welKVC%P6q2*6Y`SMw4_~&=qC!D?KL2m{5SQF6t$PbGPhIx+KG{3LBxP!1K1f2|>A~?rQHdz=(*6@IaxVt?NyxJ#-iLmt5(4
zE!>+hkngLp(Q6gNNAKg_?mbsvX(Y2bXT|ONHUY?V&*yB6{mV6>iA*uUy;5_z9M31T
ztUaV2+qV+%5ZWP6chNh)l$V)(IekU?{nb2*D3?*yduza19yVEj4#U<>LM|fsvV-Qo
z$iAL_b5Y&O7c;PNZ+9pHOh6YBYWKk9whqNF+x9r|w#O;BK}(s(ocubv|1G}%;p`<`
zNuiyS{kMnz^5lM(k@&pe;F*Yn$2d3RSDCn+k@coCuw9Xu6@t?!D0W^Fi20_ZyN{T-
zD-bY9WNaNtV*D#@$tdP
zvHI-f0?9eF$V{n_tP8DY+xRsZGO;(!aOjKemHr(nJBoqM?dD3!iwr5%tO_AdnT;sz
znfT&j`RNe~Fh?qKqC=`a0@|jo3WRbCVQZqd+|<`M11>=(l15yiqI`D?D;t}wriIkAM}gOK>r1*#K{HK6!BPF=YGRyoWz&)Y%j
zy&r0GeZyqX+1*k(*a=qwmNMi_
zNKW1=a+J{-U$ixtDTu9XQAy+FqWGCW`Lhp{XMm0J{SRNo>-TZ-mv9Y#6`thJxKBgR
zB0$G)%@O>*EqE&n7BO|JdcCHT+7wb~QH6%d2EB%_324TRuBZsSw5eISo0d~{3%P_w
zmSo7!(0Ydhr9Fu!kiAED0))Zw!&NH#qwuHDvt=*hW#qx{Aw6Qv%sdni
zy7=dEzI<_^i}<6iet2`=iZI5=kZgGW)Eu1XVS_wHeB$S3IJm~$7P=k8#2rO|X+w$j
zO4(Y?tw@ULEF2D&jC);4@L*6?gg~lV>QuMA>IqV?2-cekzHpJjPpp%(?cTx^w*aTk
z_^`~&uhky%m_u*4tCtU
zj-j>^Sz006hD7e42o638GU91`j*6XeDe+Z>@^K^V#a%w+`RnO=WCZqA^Jz3$l}sem
zibR~dI#g|J;j9`r*9+rzHVov4>JEhmpnS!zBRZ+KZ+}0Q<%BYtB|c27(80!3+@DMh
zC=vj6u0g(974iXUAjGQi3Mnf=j6|>4-BWvTAIxE#j3nyj91wCk1)}!~9dhIo9$2w(
zn~Y-W0!s0~lJ*;}Yr3U}(g1&0wMvx>O%Us2IYO~9wt2(`b9InZ4P^-mDgXjY2b};i
zKbRF)LMaHPEtfumOSDqr!vQJAFa^AVW@9NhqGFItXIu~#X8kW
zFRw^JfJ!I9OzQ5>T1vddx!m33Y=k1(sdkKmF@=2??OVL@v4bIngL!>aX?<5B+`L(>
zYq`$#3$tQQhD!K&0u`*mu$xLq~tih-vtC)YM~STWTy
zgo^O_-f#DwLl>4uji`eC5awg)c3Lo0d&_B6hr8)tujilk!a$$A{I`GJZ055U09d`_
z57BjgLn-EzM%8dNv1}9gE#(yqSZ9ncy;-l9-+lSz?d|PeIVo?#zT-LCpOnA*H8mep
zaulE6D^3@DCxT~yv=)SPCM2S-?mEMm0Ppm#;~C8-`kw%y&~wsN{@USpCvY0%a9u7U
zDC`aYAt-o*vu1q5A(#?e4y~YDZL6w+OcATWc{5$#lFk2y;?hDc$AbB$;ZkQ+5fQ;u
zwp~0q1$oQED-u|Id<~_6clv#`x$Xkmdj2S*?mDC(Xrk%>W3LnaURqE%UiYfH4vSy{
z)iYKJ$VCu6Dd#_~z8Ubdrsa#IiAp(3Y-VpMV(KXwkhE3Em=Og}IanzlEqpqFxiAK0
zedBNga#gZbX~p9$Wt*j$)R)j}RjAN3qXx~hOMrb4YcLU^LK535^34Su=Af8Ty3I~>
zrm$?4PPL+76jtMPy+v=U$^8%(dzLK&2hZmk!5*;lt4IR7Q;o%RRtTCY-zT$Xp%8Ud
z$c6>)O{-s2ws%aay%L8mXJl}7TwLnth*ad8k-w?H%Vm_QDtjN^Pqf&hMLHqFOm%ck
z2ot2(ZR8Ybz`azUC`1_0Vtn^q=)r4JCtqK@l$8iSzkXTl=edl|)`XHYqR3cDg=39^
zlW+AMF*M*pE~I!3e?~W_GH;UQ$5}+W10X6uhDkMCVWk1IfQw4pB|7+rTW+!}Ch
z*)G*m5jS@&S^m-mQ5$Kv0zuO8hA~Ozwzj})4Nq~)ilmA&^VDgt>b+_YOL50pA%)a%
zK+RsRw0Xmp8x`)A0+R6JN`!gbQyAxV+y@j
z{cHlVQSd}uM4x=HkwYUTrbG)E+cTmBI>OHxGJj|Fhf3z7u&2OP(N=Ip-KtPy|E&0r
zWp#pn{rXr?yLK$@N3|-v*dL@vpjzcTegDJP?nR%4Y7H%X%_q|61vHyWrM;vKE|BO!
z0vzT#Q5puzpsW|s(_0uaRp}2{+gpK+c$h6BQx8aWXR<2j9KSm|d|CYCVDKwZM+c;F
z$!&Q9CF}by@g3cq>t?BESDKcjB~dixK&wv4{$UT3I{Naou%QN#$(u8Ottz>yB^U8)
zVIS8`@~yoG8i8o;X$kwXNxwWCvgzrlb5l4VdgJRIbsW7PpLvz)r8a*
zs!ke=mS9q^=H%Ag?KyYMgeKlU9RQIYHGAZOp)jjP0DFC3o`neu&tDqNGE<_Ko*ut`
zbG-li^H`UtkeaqqD2X>0c4xy4gJ+raZ-`O54)?M{@*sMX(@gi2bN(^Q2>+XqW3nNGW8FO825U+)UJ&2({l2}g-|qd!590s07&cKAej>Z4eF(pT9N4E(b|+H
za&c^GsYJ>8bQ#u#@<-^NvZ0q+(9H-ZWC~a~P~2tll*q11K2^5Ai_n!)ga6DM*J?th
zEPHk_zX+=s?qax5d5;&8kxJF1DYX>3l$QEryCo(oYCM`cnrTC{Rl-Cp8$E59T=d(I#x8{gd&*s>T#1FR4%u1aPOvfy=
zhQcSwXG$E!SQT~g7d=K1?OXWy)IlZGp_D6y#S=Y|{8kHL8VE{HOqu=BGRMyKP7GY0w6hJPAaB|Sr1M7cMM7)%^r^(t)*euixvmTIAc|Ki
z=nvWH_`0_oA;Ou>bDJFzpLJwZ-GA7`ek$kvTTw{B5=DruX7{E-S8yJFb%r{2XNci0#;H~8c5+}I5U8WasW
z+{QJ<851VSNcu+Pm(B={00rJ|d#cPAsa(6wUbjQn)t_#k;vq*k#NSFTF7+F`v~m*3
zE7LM9077a;tGVf+abx{s0tvX`3uU!5TF&rV6G>9~k*s{(d?=9;7h$ju!8dS-$?1#%@s34)d5ioYa$as~4x1YK_4
zQdfhFf@Gyf5^;6~u7`0oiQu~M`?UTvcsl+{f+&QPM4U(RKiHta!Yj+f;m*RzD`kS-KM^9Q_tYE($nWCrLn%n$YE-!Ab}%d
zK$F6FwuNV=?^@lKnkrZ3Hkg#rjSxE;_N(_KM0|+5o>Gj6PBD|~z~UJ|0P!E(1j<)N
zfAv3UNO+5gKmQzmh=2=*TV?8S`q;tgF+b%V8#m!3F1iou7Re`Z?g#U6W>K6ZF^
zmOR8%V)!a^2eF_tAxN%qW&9cJjIvIg{^7G4Q<^e@)?7F2HFd5-=Lozng$Vo^(@VW!d=J!IeLS4$Ac`qEQ>b@js9@FMpjwajAQj?$-J{nSR;!ND1m>tJ
zgmxT81`C{_TyYA_l@ewC77!gmYPz%Zp>SL=XVpV>ZxKbx>{t>*8sSLPBPjOENA=&t
znqJ?D5W~^h?sQB(VIDjAq@awcptRr)<-GA75Rui_#E4J9Jp3MRy77>CLca(9MhN*#zMZY
zHbS+mwHG_hQE$SU?zk3Q2iFmvuVP!6&puRl!It0Q9Wey&7Bvwbuee@D_`+2~#@1YH
zRC!R|8%90bNh?yVDHttpBXgSlk0-|?n)`#ZFHeqXPYHlHZEcLY_X)2#SRuLg7?=m3
zw-L`IRa*?AYY~*`vStv@|6Fu>SB-C)q`e@mQ3b`)^=dgYmC`ZRLtTIQ-SOKI^{%r-frz2=|EOfMJm%$ib?SyOQ
z^z8E0@&3UdhJ$UtgpO=`^7m(lhbQ{w4&3>
zL;Z5{%R^7T-T(dJ$;G~YJ^S^cr(YevcW-+C=(qmy@c8)jC;fK%n}7EIUANeFt_Wv7flZ)3?-9>T#Hk(ujkdAAnH(G5)#4!1a*6Z
zQ*qazcGY-XwnFF|30a5Rdd$dsy_X6f)MGz_(!I{f4GjfmOG}xRFRpqqlpH`Sb0w7U
zS2~aggWTDAk{D0Jc!eVNjP59Ece0r;$v@LJ4S4#ca82K8+a}1IOslG}Y`CuJZ*bNt
zrBp0yPMo33ApE!qYSB!_(e)<_!~N)AOHuAlY16t>scVEdBIp_Igv3(!!Wudc
zXB{b1kR-BjF<*#l5Man#O>w1l+k|a^M7<%vE+I=0ogo-N~ES3?@U;KnrPUs^-g*hOCl37e<2kI8i%xd16!23CQc~XI|+j?eL!JTXab4klb~{u
z1(m}jeguuVIFF@K7LXbPig7`@q^v>-YIgUFyVRSl*`?&Qv5XEV;NNU1+2OhZWf@`!1rKebG7KK`_oibyspD
zdh{~UQL8W#^U@}h`Wj|xTCf8IMCn7(hVK(Z_&Ro=N~17G=X$7$)aZh~3TYM5Q+3BT
zKHy>@aO1S-laq87Y{Z*+FILEh)=F++Vri;rPeD-ys$Dx(i0_NB!10x|#i>DBLH2Jk
z+yov(LC?fPyesiq^TaZs*WK|2Z-Tr%*)
zYF@V0X3~t((YpE;Qe9e?Hf-}5Hs)PXeX7QrwZFwBJSn*|&=?J1>dru)W7HoAMzpss
z1yK7l3XiI{G>kx41#8QuN4&sZL7VZ8W31=nYIs#pBot;9~7M7C-3^eNltzRpxRBaY(v*
z`d>wP2ns7gwAR+_(x%dGr~7x;;aPL
zv4oZs>=S`C8>C3;+~M*L%OK$^CXE5=*x~IrfjZfce`5PZ~y$@=tyBrZQtJgJkI6L9^R59YV;%BRPVT#HKTi2
zBtxtj&a)5*}_
zw$jhJLft2VvX4n0$>i5#%e*_=sUOAoCdIG6&~U!0W!#
z!_}<%&P_8dYz78YXI_t{9jHO~K*i&vr)kA!oh)QVkBGStmsc>{T#Ce1tf$tw=8jb6
zbUVU~OE7&Ts$(n-%A7jAf|IV|pm_Pr0MV1As#qC|r}Zq9!`o%{JC8z~jOx4?#fg-{
zL}mfR@jjK5wt~789{??vl&3c24Hv3`m_hPI?dopk`WT(o#=FwopQqDa7aNEktF_ZE
zMZ^kCS^=6g;cB5=MS|NfjX{$A)N_*HtkWZJE-f{aIO86`6OM6GWGslcEQ6okTnXnh
zPJ5()=J={+`al;eoGu195xKH4x5+zP9`yAl?4@w7s>#TdRcV>XR<35@eMGTj$Sf}H
zZLNh_Ah9rDtn*N?+|)7vNL;qQaD%|3$S2U<$l-aabc&uL)YUAevzqCNGES(MqePMqv=cj=Sl_>s{+%>plG_(YkW6{YlmkAxK5QjxY-+<}53sADcs&@Ai+*
zc21%`qHJTl=h0xj_}F|<{gWIp^>{NYR|QYA+Y!l1Y=4R5e+bMebPmjZ>$aLrMfL?r
zI3jy7ehFzOjNaQwvE_(+SoL0x_wnI9bQQ*Y=(dSj%jH1n9fY@P4~15+!=Hvbt9lwl
z)wMcum~U%F_Y>}R)Ka;cHRBKez6swAzfjP2asBe-^y2Wl@4uAa#D-8BCbHcXd~4cr
zP9|f~FY}LacngY_<5<_M7lKm&&t^n0XHxX!8~!LVy6hF*??kc}p)$g`W=6B$h}h`2(0eYpa$|IBP7xgz*}mNg>L<-o>E0b3!^9{N|49n
zRihPYF5jNMKR>+u@$l^Y==6j#7sY8Men#EoEHp_&V)7^wE?OjkGXYzIo%u~uyknh%
zbQ~U-=OIyY2Q!6Y;YpPqmD)!^{$
z&tb^u-n*A#1tftKI`Y&UhtM>EC6rGW5og|k8oH>Rs&Yj29}vEy5B=PTN-6*C|3
z0+8}dDM*}MP#6_YtjaEgBACNT^|2mTdh}pAb9#N;J#4x%4HfS!P9b*MPagD@^=Ww#
zDkrz9^aDWu7@yaZimdUI2hr>VeQ8F`|#uvR?<0R5R&a(pjtR!>E
zB(^^z(EQ+{1mXHcau00^HJ=Zm2tkEzwsx8rBcLW43j;DiV?AZr
zVWfY|NZD-ZqTc0$?z>4yNKy6TA0lm0xT2d8(+Um6G-BaO#EcmcWl#PozezCg(UvT%
zeZrpbbcNFszCaB6ECK75Ehcrk!VjJ#B^F|~#LX_WIJ{d7OCKdsoGrTmku)}$;F_Zl
z2p36+$MdQx2qFmbVAx8sshCizwaPdq5<+M#`2xNb3IDsXifxTB5
zid3lr=;(EUDN+eGR>+A4$|uZKxv5(!p3CgD#z3btQE+RX$!k0-dEbhNR52=9n(D`w
zU?Nn^kF^?>-MeA0ICNq-W{+TB==SDWpvjI@h79K$4TCV)P&oxoz*$lEN8=gMAhW=5
zI2bL^NlA$7pa)C{u7MsxTgF4X@JB($F}{^^les~=704lO8{T?bw%pN?^s<1p#oMSu
zRyK4;0_TS&P{#|Girp9xa0EYs+-`5`DHXh#N!6S2dNnh;J^H5MjKh9WwGQvGd|My&
z;;>`TGawjKX+9-sA$hl@Saz1+TbQ$HhWs(3g<*lN&VkCcowUGL6f@aOIs@v
zeLzAY2u}+lhb!$Gi3L*gx7R!)@cV;CdC!?EncyEDw)
zpT|@Ylzg9`T&@pwiuVBC5^UC*4R1)?dJZ1}LBxfJ)k2*N-zmX~K|&0e00jp5ZRpbH
zI!r2$C}Ai&DbFLz7mm}WE==n*87&hiGg{6Nv5DB;EvQjuy@Ny()W$OJ2H$gDq4Z&ViFd#
z*FxVv)18}HU_5z#BtEiAL3Lb08FxTHUIoX$b>U%P0d!By*J
zFo2L8*?A<0uFG&yrGDz6p!WohO(IJ5G^>GNQ86muLS*)~4|XG0SpP}Iw)>+urERBS
zi@894F1*q+O;k+nO~tqkN(o4LsrEPwVA~q&FVZdwyJ4{fxXa{fPDZ7ab)*@JmS>X^
z<0YXBM6W}>pP<6g!4`{=BVB-v?9&}6qQQg*uL@WnuDZ+U-2vVX9Cn~4vRTqQ|
zluT81KS_-Tdcfr{b31$ay6MVtnrSm#(!N-x%eWt33ZKOW&3s
zSqCp&MICGa5=-{3iyNPJukmdN!yIO}Qwsb0t^*OgIXX69iO7)F0)!G*v#KL~#6r^o
zFAHbk_2TgCty3A0l(9vlkO}cKPB=`?88TxhS%4y(4#F|0
z%hesz&Nd8(>=LUSRy)7C{PA{NOl`0r=xr%Qhs|;@nZlL5X=iuZkBFzprCCC1*R7jG
z*1Qc0RLZRj5@lAiy*PHIZj)qXIG-aU1EJ;FeZ|@QAW|IJexb#Fm}d)iD}hkxninLP$a-2M*1CB0OUz5yt1__k
z``76nU^9ezvFgG;$I2g~!TZH5G8N_7Hs-x81lT!DMyD5ZE-fj*PuFu8l2{dEt8uix
zNmFmyX4O3%-8(jJnMGK^2eu742pz2v5@5`s#Z9;BRwb>)sJseXi@MzGs}>`Du7SU3
zM^J(!;cuXP!lLEtyx_oB$7fhdj!jOuMv;Ej1E?+*{F_Cd?QZawoc=>L)_0`GrmShh
z!ZC)}{?b#EAg|amq|yj0`gm&tPML9BSwdl%W4Ux1c{)gniZ#$I?{pN&;gPeGc0v(D
z$+{bE&oN^uPS{!6DOsh$gm$)UvfYS3^JA>r8@9Yzz7!dcnWnT*_@ku?XYfDpwO}TX
zPDNtzgg=BmiAci?P%5l#{$$^<-EruQVpxntP-{o8!ro#aM3abaTc}reI(fx?FEwRB
zVbFXYF!{djjmuE!9%P;>9=cRG#jOce{LPA4|GA$-#svjC4DxSH^2Vj@1XHt}lL0uP
zIEs0_DW#gLd`O09xmYx`-wHyJeBksf41>G2+kfc=k%0>Mlfh!@{X~Fd6HebiIFeG(5{h9td(QP^~0onvGkp`jniNm0MEwjyhtm=;}2gyZV6fDz1-&b3Z6MXqolyIq-ALE{R8
z43om%8b*AyxK1?1ynh`F!RM+kGZqrOZa|075JgXZ0#ip55(cRvUAZJ@zzQW7l4N=&
zbpJ%)hE*9sGQ7~7e;__lK}A>wJQ5`7nvXAkHXJ+;djNJLLK5LNB&-vt66(ZTSZJoX
z%R%&x)@|crrR;jvT!n*?*^5C4T&8EZfODjYG=1J+iP2V9!Dx_Hq3c{1Ju}@gEM>jQ
zk6Mb8-5{}%tfP9n*u}!JREP1{h@yvz7ON;4P%DI!Ox4=y_KyQr;$9bt)eg2K*%h94
zP7a35wuj%YN;Ou4KqbTe|NdW5&pxLVK1#$`3wz%^>&g3+(ier%61N+*4_^pf>ea78);9nK@!Ljrj!FyR
z_EKN*pU~V>-8g#ENGayhu|x;kpk5aOW}FBq=ov9)1&a5SQ9o?@5iXwuMC@#<^intv
z775uwL4s;^)r3351xdp)Q%sgIdE@|FufvJ;lx7!a`v-@X{3D4V#l7iAhO1YE^kA@a
zv^G$J*Av4E6v+yZiNNemJO}G(&HZ!F`}42blnttziBSf?DTWCjp)tB>tH8n
zKo>L>s1zvp0Jkg^(TYkSrN%mpu1a~%V^HCffd>JFVC
zD2d_GxQfB9qD(j=E(t*Pm)ju`P*maAN!&%X+P)=OI@Z$cGf($b*?6X<1
z#4l28?WR>90A!0q0Xz+4Z6LW<6~Osa_ewDDTl}>w-tK~?aW{9oXy$ijzio`@zXl#n
zIb7;biZ=3I-l$B5Zp!ECvzk;?XOMWnTztjHj$T*-Sl9Ipx_l-$d4&eKvn~SUYC>_@NCJr#I{sk7K8w-Q<
z`?*-qi~HTHc?HAF2vt4QsESYtZgY33=@zb;>uW0zP)KQp2!Hvb1of$EHrG;*J8`vH
zaIipbqE@vDIqz=p#jFg!t!;kSPyoFV+g}(XDXCtlYBO`31F98Bkwt4nul__$%`kl3i=QJV
z6bK{$!gbS327hj@aG!@Avbd&Qqgg0!GDbQXu}rr1kPjzQ%10uw%t~*CFB_@Dr^n}E
zn%-Lgo*?Aqr@K$yd+NrN9tmW`ep+jgo&bla5%?Wby}`#Kz+Azo+SbBsJCzz++X}}}
zy`gqkn4=8LE9zTTw6bA}DQ+uA(Bivjq3^n-a1-p%3xQ75VaFfyA2qvY@HX_^-Mn-&
zgWV)D`6*QxTg%Q#ASon-nAC!@bc-PLT`x2q5bq)-X_P|Qj6xv&-#AQ!!bI=JeOONo
zfwXC^qmCnxS2;nz!i*Z>-axj3fYT`9j1%J52A`s-?k5q@T0mToxnCE32tW)p=9ff5aQaPxHV
zBHCb8eWVDFfc7n0HDC0x-IhK}Z43RBj?#0<$HW=(s(FfWC~2)@e*twSt#erB?|eA|
z;c$C$?vP=7dwWlW+ILb-FKMG)(p>B$EV^HQ!Co$dRTv;vD0q!5chLC<`d`*PwbXX^
zc~1Y^dD7lI$=jgkgOtRG^y@kj3kdwr#goW3Otn2C0gO47vZ|=?7{Euyt4-B)=c=?3sw$SEQCW(wEBXve~e4OhHfA(ui;L+-2+ifOh|4ZapC&n
z(@4^jSR%oxG>`~NL9wn2Y=Nh(*B@*GN{tUk=k6`}ut9S`ofzzd!GZ#dAp)G#jHJsj
z>}Dkh5%M`E<vb$9Y5Vj?6uKjd2M|&uC7^35m#oDIt(Nz~odcvW^235+nxKB%G8Z|(UUbbTFMrTt<8KwyW6aE4x3r%`s)Jd#xiwIXp!w3W
z8A&J7?Y_F99-q=P=k^^r$e^LHEs~jimpfNVEx*P+z_fz^y-V)plV5ye3%0*6Kdkj-+){=4KpHqQA+Ntr*1bPETB+TV$`Hi
z*KG_kCV@=qV?u#p<42%DC&7bJf`Wl-92!Osl*TI{&f?-YW>6WTqwo4+?--=^frc(Z)seTkIaKv)a-K?Pbyl}Cq#
z8f2PX8odcn<y$me7>xzi8~PQTi+#+
zS0!scE$8GSAhBf*W~BcS|FERGt7nZ744>9e^Khkjj4e~H|5IOWRwk5s^734mrQR_A34#)$
z;`d&4w|trQU3H{Bwn_&t3Qw$WExi1!(>n}#ent1R49gs39ULocV&y9$w)(yt{BU;o
z=3k!tN(>cM2)_Tae5p!7%WOq>4{pt<=cwHo2g&j1%MaDvz2hvvS2L}-!qJKfL(Hp`
zS5%ih#_=M@Bk6^b9cu!>g^|4V6Pohtx@FGS(bpxYY9#d6t>h?6q|^Y@zD8?rZ};+v
zq1-V6N?GBh2Rdb|m8LhV$1jTW1cS&WU{hAIqQgptM4W|ZYBDdPKa5;I2OZab^5UTJ(J?74CwZ
z`R!iu6IgGd<3)fGe^oVHDN6;EIX`Bv0m`c=2mijIK-DVPJ4WgF^P3*HP)rbWbg{p95V{#*MP)ai_j@gKwS$&zDVSM8GY2r@ZQD5aWCX)=_l0vx7fZmF+!
z48?)u9A34I6X8lcB$M*BqpNboNo3}mY7q&S&2z$y-=4n
z%&Zv+7fFu7?aiI37^TLO$ip@cqm7|gXJ@&-oz|LC2lHzS;r4rUD{du8|V-3puL<=A#sqWdKlZs<0aBEmF
zyEll+#J!MCzMcSK&hV(zZm=z5Ur
zpLBM@Rl)~HdKP=!n;~O{O0z=wZy+lCKspM-w)iWvLTZH$51EMN$2kT`Fk-6oMLO`1<|c40?SxH13_feEy15lhMj$3KBtpM;
zqqR+IF=-0dVOpkiB7UmWGzl*=0!U#F8howepmhOnF2#RpL43vf8ql%044v4sn1H88v
zenpzaR{W9b>#NEr%1T@@3|rz`#?tOg89Ms%RFpE1#x$s@g}{|4g?;WFviqQazlsLn
z;VMY5uEy<|o7p)I1&S)tnb?oH@2QyG;fsYRVd%2hHP`7CWZRPL3PZ+vvjk{p>W?Ra
zLcuI*r_dJ<`AdKUmdr12MZZvMp$7U`;9m%skk6DHAI22WDJ>Y?MmwdT81D?geCv3}
z+R}Hn5s#I4JzTpm}0iaan@WOX}+eh>LiTTBCLcs4NbZ{$;AuV6#Y&S
z(=eaVLTPjWz~FujuBz7DHR`c2`f=(b*zO^u;QB65;6_sD7+;+7oH}wNM@y=AFEVme
zAcyOE-B3tj1pdW}>dp%jE4=KH(i;_e*iV=kA-|%@n&zJO=W!qNt@Y$3ZPIsq6CU%n
zlpXy1F+2FmECdU611ITmqGCpi#oxyC+GuDA(+;O5QKZ6In!7BKF?gc$RUingUspwt
z`MAt6V|R+&_%0Lw-i&s=gdL<}Yg#>5Tp&XnD15DTO{$w+)DvGy(hP8#1x9p9fwR!c
zRkL0<^U-E`8;*7Bd5I}@)q1Qp`(!NI)LgY=;r|Y5N6S2lD@w=9s+y&=@IVUJLNnf(
z$w>_jqatc7rOGNmamptOO346>luL7qgdd|rT^J56um398B_pD+v#Ny+8j|!joa#<1jo3`Kn#Xpzx<%mSAB;5F
zIpHAYt9`-wa&Z4pI`^N$Nhoe=KG3e@lQVn4s>~I~CGCL~LfaEpmYE+RL~ODqDFme$
zC@IN1oaS8fpfv$6b`#C8U)`szm6UAV;DlW*!ztj2Oa6X(_qqhlg2$uu5oPol?OFGdf4XUPl_h!$kNqHMdk@pa}^p$wCp=2^TbY!hms7{ItjbOn(~R|>U&
z9R`BK7z|iI5$dm8y9Hl1ZS5Hlcu#1M2^os{s6CpEzL4$3r2OUlW8y+G5#f(joX#51
zjp%fAaNt6L9X`yHh@_`&=IZ3y3zfL6oSG{8B+d^qFWRI>lW?Eh46P!a5M2!VnKa?9Zo0`H;jn#_g_{HNU>84Zvqu=)?DO>DxdxV<5sH%xVQyHK?wG`ZL
z;@(b77__qMcHoDcU=Q8hSb6T2l0Vl?OmcX+En|tKqTR0inYA&vR9SriPngtr0lDaq
z**$9kD~|8R6p)^>1yCx>uBdL|n5-g5^$~reu@-0;#5gd6S;7FOI8;UwM}RSFpnhx?
z(HW|2a7b|>odH`wh;NyitIr3s48>L(3m+L5*{S%Z0=VyP5YFkf{Uv9`Ua2KTT-@X
z+t%mY0QGlcZslg`>4GAEvZ8og1IRY>CWx=Fm}7_cPS@S32oiZ2>gfZ}uNB@pvI#`}
zlEWZ(p3nYgr!+B1l+IM+;KUkTh|8YmpDnfam@mA>TCiUzr1R^}(Vl=1&ZQZ5)z*vy
zVghL94~!M=*da_e;J90$c4ca)-X9*}_QLT=hnG}|7G~*^ob{?}ded~2R=g4Tm~g*q
zwHeSOL;_zhwRP?eRzAb4CzU4A0NvYWQF9wgO{Hw<+x-rQOWvZ1PoTbDfJlm;vuV~U
zC>&@mwq5s8^7sqitLsU_JG*vsI)<=gPT)od0TAk&MR
zdt({Q_bvRQ{8(SBT7}h)xy?D$nWya(8L5Ov*W6_@nUgx
zQ@}K4Y7?_lLtD~Zo%hGb9-p4HB~~pba*)-y4p-|-*_)voOOKb%CtJSY&R=0XOzf@tLl*C|ku7V0jr*G;d;99{+6TBR%z(`5x)Xdt8rx
z(*8f?dGrJO3muR1e#ax7@0{w1XL&3>#VY}h>U0PojB`0>vudnxK6W_b0Czo(%nU2E
zvG7rHGMXn??BfN*o6`KBE@U4fQX
zy_~VmAbm)pm_1;31B@VCdTYu}p`R7Ul$4wy2GQJ4LEQ>2(NMHk)Bz+F!GcBCHnI8xO2U>6>aS&FVFE`c1S}6
znoNa^RlhAVe@AeXPe|w7VRaf=F}q3*C?D^%NkP2A6~x0#HOqCo^YtfhEYTA;?BH{r
zTy1}^c-7EVic-UZ@)ZyRPMxBbXas!n6lBZhZrVL8-<|otOQEmCJcN%q7$CGQLAcV{
zAo(u#uzy#Op7MrddU&nr4cAh<(;6r3k=tCd5rROtTW(UTt=NF%--Qn@(RB3ibj?RL
z-$eac^3GE^NwHk3Gqe0O8S$SNoI+PtYk^RArrMY^|zxAjuQCrdc4^)r~
zcP*8E)!U2-EgGiyFfR@g%Zes1>~6$e-$}>bi(p55W`ismE*#DEWoO_Hv)anGws_{J
zh!P*1UY?!)^mhN>PS12IYUT5tBwyBUQ|QOhS$4lJuu|52z)}n86Tz2)Lrj$n8%$5n
zDGx%mH>2LSSS8n-kdrBc{PO*AzfYfbEuB5ovQ%}
zoWSNY%t2Vckr7#1kr)5E4U)l5Qq+$`#UBy}RL
zVrkV$VYih@TeElnWTW*)SwAIYTF`|VY|;V?KAQRQae3YPK*h#
z0Sd)}gY?2)EM`{A49}bsd|`>Zd~GIs!hqXtVswj&VV@2Q_B#s58@SD=TZpyM`AVXI
z@Rtgul9{+d2v+Nlf~=%cu_z+j8@vk`n!C9Q`m5yy<91>;MZ8D^Q0oj?z0{MNLJWxF1J|XJMJi?qJ
z{=-;4u}2B~68C2Y<@JHou2n981EsFx!4T>Gx-D$O(o={-NK3_i;y+<@0&W9P?1h9J)d&pyo-hz4l1w#
zxgkL0E@UBE)s9}9&V{TCH#dAQda1sILv+UJ?COWrNWT&cX{qN*Wmq=^6jkA}qfNL7mY*rF(`=IsC?6d_e
z5-90?7$e=-(pG10Q;SS}8|DwbT=uE?=4*}3pB?^>%ag;OFD{QR4z)y;Vm9fscV~w`
zCZDr*8j(pTQNvnK
zAD_{gFoaS7n!K_UGmRD)~5Z%^)N%X3dFfqmD28EC9@v$MWt)obqEw}
z?dC_sZ(FI=NN*79mU7>DTL7Q}vSOY*PYEkMDQsVFuT9lA*D)IHqwnU+l5gi3tVWpX
zEbX|mjA7yU*rG*YVQ%*A{?C^Or*GfxpXkX&WZ5D49B5>u>@#|WcHtBGJ}eUO64X>C
zF!HqHhnMe9{%}I~UD}mSVEG8Y;iJ0m=)c&3YAK%DLS^x!nMC;?7K5=e=z!MzeE+@GJW#CC#K18!s)m
z2_@imRW6C;8cB@eAzi?8o`jmP?gG0^=a&Xcuk7l$5LNUbH*A1_;R6t|f#nSoe<7U<
zdha%jm|tc^fH_x3RCL(b>wKdR`bB>tmY=l$Pre~wa&@7z4BqbE<$_Fd~)J&nh3WYa*(fE-Jt_(WbRW&Pi
zX!XiPiK?UIiUT)siGw!cgQn6r%;9mvWW93*FBENcZKggl1%gPF*YeY#10xk0CTNF|
zpGU9AE;PLb*~LThpf2Z5qX&xw)b*mf@97n-_++Hm9o?aDJQ!KU*ywf0V~gh{^!`gi
z!O-si7EmzsMCP^^3ubXG`!=p8;=X~)h~QwHaJ>6VTolAF8`Z;Y#4cIVbBe
zha`7lsNWuB-=5S{!fq7!nv^e?kv9+SV=BVJ#hEM{0yhPW2i4Z_sEGDtU%24GP843u
zlR&IOq&?JnXUD-6ZgA9HUi~}tJlsYfG((I1=soZuvIa2k7K#rRPCZdAa={$AnoT^9
zp;JglFodwu%jHs$L7}Anu$46P&kvTSbXLQTUeO+4lr^DVMuyygyZ|IqJm(kaskZx+S|g>!`ZT0uW=CF=~SM_db(2^E96LqsvVcG5(s{DpYGL4x-~DC950
z`wc!1?}x7c@_0XYGP{63{Czv(PtIxfOtZ@2ZHD;kJV1Z=dm#S$Uwl8}kHt&}zSlFp
z_z0i0?lV2}_&Cg;S5^oNjdkamjbLC*V4yv>5fjw4#ky=ic#?7Q2$C296i*5W594k%
z9+z8UB)gL6Vj80-GqHSh7d#6VG9-^#A7gl?iPt@O~V-A6gv>n93j&&
z_8|x`70t$J8KrB#`i?(Bf({?bJI<8lv1;&<4TJ*7_o6
z4i70<)n+{25GkY!K*>SHz!b4V?ljz)@M9I
z_u1zu71k9)GpFybdr2b%@AeMo*~#acBJ+
zh5*P)pkF~etr#dU4b~!cywg1~=%_QKIZ6*hzY>eAMagE=zZ5cXQwS741U=jZi5-M!
z+yv9Io>bmUOREJ%j2W$9LEa~=La(;IgFq@iZqEV8HL%G&!?0l5*lT%UsLuy49sHDEaKC+EEIed;apN}n1Qzo
zUFi`;UWwAO{(&&LOWt2HElDI-EL}71v^H%grkEIP$pq
zOK7rLid2+8i20R@Zm|~{=I4FX9i%rvc-qT0y3Vu_mH9moyV$Kr0J0I?LTc{SZM=K2
z=?iMxxiZcb1k01jdHf8~gyG7R+;tV^lGK>O0pMokbt@dsBVa*4``Pgs$*kbL=p!7t6`dsnNx@CsNiHM
z__OHrCANZyb-T688j$;LhBl8Z2t}iu1Cz)sPVJf}>XIiJjf)Y>LNDT&6FW
z7m91Q6}8T@_-evNt&Z3eWMW;>{Sk?
z9^G-`%`tcky9G5~&K&WgA*ZcOHmlk^*D-R)+bmey3%+Ns>i-DehsM0P*3=`eg@W>V
zZ9}DDWo%K6ivD$IWmnmxlbV1?N*6NTZg)kvz=1h8qITqH1SteT-_UKpNEWq?xCR9V
z(LRW^A@HaOx+2>wyrapQLSdVFT#YCuR+0{-8Q2gf;vN$h9LfqOonYIj*XoWq^(Qai
zD4>xBad0C%W-z@6`}VyYdL8{_l1&g5C)=Sh?ZuiYx;{a`I1@;{>JNscS46uw01JcL
zJ72Ij(zNW$4%EX>sEs~!n(yi5`NjUl(Sg}O^?EmK`i~&0bewkPJki=O*kvCp31PM|
z>7E*|0V^m7bhYAqo}c9F+%wyLIvhrhA&Js%ANVv1H+Dxq3H-2LkF`+)WSsFrD$i(?
zNQs|G1yhKu9G&T202YS
z=%lDc7Z59^u1XN6!6qK2T7w~%r15T7?VW;&b&#M@kQvm|9%Yjn{z6?DOP>GuZzz9GgZ5B;)XX`Z=U
z)$v$4Y*jkN#No(zntuyF5l)X=vK!7#@9Cl%%_zR+9GR&7^JjjPM6UhFyy^ZAI7XEI
zJ*F5vc;yB^2!w?=0od)csF#e-h0L>U)mNd
zT;W+KusZL}&M3Vb!U;{7dYqZG_z)4&HpXZp-qBIqB-G6mBo*b6A{SJVK^3@@)60K*
ze|~ZF=I9{Y=BGK%mOuL=gZ?v+t$s$y0@1a!%APzpJh?bL%h5xATahLb){ZU`j9F6Q
zyNc7-FI~NOS-d-!q*NwVT$8*%*+mYxO`%&?~YmS@H7US+^ern_srv#QP4}kn%K%dA(#$dbDh)M+$;w=8kQ@`!~Ne7r{fxMSt=KFdv
zo&FuB!S!M~?dirt8rIfR?bD-CTwobbEZh)3sCxx|0>fOnt@vH>{cFNYy}o!kIKBMw
z==|u_@nQJ&^-HR@mL98kuM+u%I0%wUnrwGQZ-Vp1`2l^R2)X7dGA%`og1R8;HWR6^
z!NdvzNfA;Ch%{d3tliV@?jKwn{rITfvY&pi#W6Y9srRZqup0|}5M6eV7y=pYrlT{W
zI}R&w9wLEcCWQt<+AcxL&bLV(*=*dt-6QObDTH6pk<
zo5da>qjb;QEp}q)L7f4}{)mGlK>2O6n&dm<@b%HfL;K>XpjMUYOUfr|x_&lQp(A|A
z)a_`XyXq4rCri^i_~G>E;Lv%O^CZ9Y3rxfl4k&pr3Drh)ZX-CjGh37soG1ebd=7Ks
z_@~4e9r{ma`|t9hhZ!1CvdvPoW=`;PmM*dZ=!&0#nWutc?TiN8wmYaqInn^rWETxn
zPu2Aiw%SAu12f&jTi69Cwh0~riklRFtM!iLQFLi1Eb3-1z7W1$n?<$j7p90rU04`u
z0PPxrBOIu(VaaA}Wj}|OuR>ox*i5}T-aq+6HdSIb&_MaN?b!>stu$mSk(EWh0-^xj{bp8w$}Ut?p}AG9B8REood3K}L3V!?G(
zlNB$F?u5k=6Gm%BF%(dwipsI)UN%+({b!)!3ocnkR|Fdv_vEd^r7P^}Jr&Y?HV8G~XmDN+QT}
z8o`cFUdEqEQN;BF5IAl1g3H$SoH{Fw{=%d`L=%d;*o5QpLQP?cTzpWc;ReRE$Fu{o
zj_@W0TYBVwF8Jw-?0i;9jyKTj^LFFSw10lSb%xwi1RY!fUC(7q=w0xOkU@#h^Bl
zsz+%|G7~QSS8i-62t=`mS(T2aOOCNu7%7dmBr~tggqhV;6?gg+yCW@nz9in6sw}Nw
z>W$`rY$FqiuWE|UHLV5`L4Z)sMkv8vcz8*y>7E8b8Azmt-8p{qVNUE%AL10`5!vqw
zvaDOR-rnpVpC3lXD4noE`Mas(u<-3GOw3wqC|gv-XD-K;BO1h78irhiA(QT3OJnq2
zqaN7q+u~05**BkK+i)w7br|=&Gkx>{cd;JjwT&Oui1W---3V#6w=tiTb4fXhltDvf
zzhxM_mdciG3EwQkGclb9Nh!Z%Xh}6c8Gzf&o;wDxKcr$v0yfUMlq(*uEotbnZ!7H1
zUH2czL3|?}MCz6nfvRT=pFpM?zg_}_ytUDnq1AHpfgmJ`aUPlVquGj$+Ba~Kg$A9CIj<&kK1fJ^v7QiQreNQ+eUlk_5(45A@QtzlIOk-{1C
z?32Q4s|tOQdh*N|)y%^_CCn(~ec6gJ5~J8hJ}yTBE0}Vth>Y)IyI>27_Xr6M2$qL)
z*dW1L=_kutvlWdNNUBma8j4TsH?;-DBKlOtoS-1{$pxh>;e}vfB7s^;aUAKWF=pyg
z5;_dZC(T5m;8}3DiRvzTn1DJ7tLQx{-3}K?hoxh_vo?qbcOkUQuIql`*oGh5`9bV_
zv9thUdWV>MB4}QG2ROO(AwyX1LpyA%+cx=X>^oc
zjiME38n+XZa8N*td`9db>e|=jXoTxdE02`$AAg7gcXYR`i6lrdv&tCMnPhE{VL`4`
z$ySNxAH6S}?u{yK!X!6?I@U*Xj(Zy5W6@ymNj`Jc*)gBvC(qEn1XDu7y~H
zfqX%9)2`d}wv7&)x&tiK>WJQIf;Ji5zcHCH2yGJ9L%iI<-Pw5=myP{OBw5q~i9OW<
z=wK&QKS}cDBuGLq@9YZ_h3DHg`p!rA8r3~!kEo>%lFF6%@1xF>*pF5!tH*`NP43jh
zj(NAM29t1~fg?Ouhk5SfUP)-1{qj&KaHSjHC^{)sL?GtxkaS%fv1Q5TgNw?Ig9Hn%
z*dq%fXCe5SE=gozT5z6~dR#TSf{l@2Ao{mA3y<&mKtS}#WjR~kluusLid^m=zx!c7
z0RU;@g0KNW2$LiV&si;#$WLD~m`H!U6OpqE|OYyMG+hI@M69nEfsbYUwpiZfyQ
z3c_pG{4b^>th>nvzwCjCvyh|U9(y1xQ=tQ3(^^BE{JjlNEClxSolXLK7^^QdWetgg
z>Edq5HdG-T&dLzVUXI!-v*@)N9v2n-X{%Hc11$zrxNi;f8;dUn&qE+L*M8c&LiBH;
zeG=7|iJO>>g+)X!MoqS7FdJ=qp1gni`P-9OTd*hdo%(;~_6)P|f8h3%#NWc7v9)g5
z!C$ati+sxt{<1Awbb9>PZP_aB*u$O;%Ud-e1|j;|ps1`}u8V{T#r~Z)TyaNzY=vkv
zQff#6shz|?;-w7zX8(84`)5)Cfxh^D?|iQyTYzct|5NtzVZN0=XD_oi_zMhvR<~=%
z10f}ZP34yf+I}XmJH};OB>_G9!>A?K5+UsV`$Nxf7In~5ocaPX9A$msPiJ@kz5h(v
zF!Wpz5NTe~1fm)EazQ`QN#K^@7VOsMJ(2Qs+wk&3J46chio#>O-{Cc1)osv=O)-^S
zmd=LH-ZU3FMWRRs*y4KBojZ((22Chhqez@W>HI9)L9LWX!yx9G$NZH>14tF%sSu>p
zdDg&_+B|9nS|%2^RZzzF1iGp(=jVg8EQmM@)DUWJ_xo6dIa+C4`%9i|`)3XOkF_6~D94?n-0~
zkJG||FI4_26Wvq!q6aG&-8Ng$hHOMCK(P?V5Q>mcEzZ^K&T0f0W;|7zdqg&Qo31I`
zh>d%6a&h>3%8+_k(^w4T(OiO-t=MyaYa7n@IDPzcbb=+BYs6xZwD2n;Mji9=(w#V>
zl#}rD_I5r7nKYE2%1`QF<}(AT6)*hY0rHiFT=n-d-n8Us0dP9By=k2`$FV_fRwztc
zio23afB`xl9H!q?MTdwMiJgKE*@{X-l`}muq7n?be`4&UF>q}f1)!O5~;aJc@4M@#QPqD_eki#Q>z0k$X44xc7?8qcyyjp1gbwB&JX{yy6Y^R`E+|KwAP
z?RAq1#gby>OJlJwptPF`JM6L#Zlr+kLMzIASTwhy7?=D~3V;+If9l{@(;DeIH51Nv
z3|$X{l3>Ooc9yxPx7-AwrSRJ7Q@SrAAR^j09Y=RWFC;^xU!an4Bb6a-r%5`#9;GX$
z@s!*Hqcc{fAD``nBlwgVm&ws(b%(?kAv{qEonqnB+oK(=x(VOQ~
zTaa4DI{#b2jRyudE*=Xv23_lV
z)joN-pO7JS3gt+|wi_wL6_(UW4--g0$QauLcT&-f_{}4J*(#J8A6SZgK`CRF=vF1!
zlduWdDAjR_#Dx(J)rn3z#|+if9M?;V*k)I_lm@ETs@9S7$z7_rwF(#T<~jysaBO!a
z8=Y;t!_1b<5t!bv^yUYo@*pR|Os|JlBqc~T9n!h?^c>y
za-9(AZJY`{R^T(5)NN#ZRGLRFqOyb3>RGUR#I4$4wFK}ECv+DtTBLC1jD0i~>7xmN
z)Ap*u)ijLth{jT8-1k|E5m`e8dS)Hnm3~_Rn%>ts
zB2ySZgN$G+NGoQJo-0pk@2Mut3~hjZls7|ZsScb~nIVa$luk~t9r3JdxiIB{WT19i
z-pXwg;khCg=;MVbsRh%JF#A3ioC0kx=_@;2UI#~Xh;S5tJQTJT)Pf;18QP3hcsCA`
z1raMu!VCrBxzwvtnsJG16uMSZEu(T$EryGGNd>E&(#mNOn-tMqP7A4>wX5i3X?<;~
zl;_;{4t~383Zs%&v$2)j(AX1vIc!_KocXPasqzI1VkklAq#<815n8Aq5^qIAwM>RB
zl+cqR8Go1}_Tg|JVyRCU@x8fd5~MB4Nx5{DcXVH@9jCQ63smJ$fr1S5u4k2GqGn`R
zQqNj?U$*e>i{~m9tqHFRDn~Id7v;6o#j;G&Wx1$k;VS3<(k6GOmq@o|fji)SUs3I2
z%((N6LF6%}gzE6#Swj@lsvkX67KgSC9_1KP!9jkwpBez?<+G-*tze!=nBa;>mVnK-}AP$@1PASo1wC0tgk
zn{r81ud^kWR!d4cCb6@nxd23XCJA(x=rUVpifN>9ioxd5JU0Rx2h@hX<3qj^CM
zB8Ks4(Ke-57t)kXZ_)ZA7rasubt|r$Oz0HV4OwXs_`-sVh858zA?W}*YNC}Vb~`57
z7_UpJG~*PhYr#DfzJNf#3PpZVAp-B!o^lmxn~wqzxJ;0K<|Z~W9Hl+mT3A{@Y
zGfeh&E?UTEaarC}#2mQQs_~n_S*N<8(8g62`f*<)Tidv=VoU6utFOhXGN=fGmamp(wNJO6Ama=Rka<}>#nL9svh;Q_WLo(Y;7G>
zgmUa4VXFY^FxCFsP4b+zWKiq-u*0rJ+Ul|7rF7^Gr_s4=qB3?+;A!fY5`~g>QzWtB
z`C?#+)SKu}^zLjmD(jBpE@j<$tL#2@t2zH_w@Q%`t*5<~K6AqTAj!fLqoSZG1>i|+
zCfrKvrZbuZ=(4It?cHL0vuYNcg4%D7;lU>_kKki`7g^fmyu#Zwc#Usm!If;wVAi;~
zxMide|fQ?Tx%SIy--$8%m_Rt%>9Phgz7GSp!Vol+8W1JAc21@EMHn
z#$m_2&;ZWxzS*-71YQQS@4BhlWDvtXxS?wVdYNOr>$E~`_wBb|O>q)P&QsO^$Im}&
zx~_LiZGSTEr{1S|FKvI^ZKmGmv61e7oOhBu
z{jM|e^9P3BqG12aP<0=6{-y%HhfzCNJv
zz_v%331jQC@84~EaI@V0R4@upwmml?w~Tx8F_OeQ@En3(a#i<^bje9geGdkycwv*E
zU%nLg948+rUG=uZ5+;nNU`^9!FIw5cR=n%$1YOLrD#f|k(#Xk^gvqB9Fj_YwA$FmuZI<+ht7g4!=6e)|pELtb3pZ*u4&bFlBKZ9y
zQX3G}(-~GW7_+^)N$RM6lSzG!?@Db6=E>u@?{ZksQ5dSx3L2C!3TDax4NlOu+MBG;
zT+lh`a^bp2&Xc4@yBs4=G9hky+KO8L)f{NnmPU^|<#N;n^_fe+k+#mMS9VB!2d|`P
zFG
z>Zo_D%D+VKfOb8w?J7qe#Ms7IYu+WZHHy^Mct{sH_+kHSyDDO)Pro{{^N;d
zA0M6ctER@%-2dXO&)JK6pT#?WIz78b`671b{&#MD&feMk?5o4y-=ig5RoC@mA>{@8
zuiV3v*Y`9a9L4>Q(z~}#Rr2cI>7qApeOzAL`ye!${>=e-qm-mu6q^1gSp;l-H0U$^
z&joS1^&zM;{f|MLaSyUK1DZpU9JJOfI_g*pcM_Ed+Z4bxBxk85AXG5E*HybL$AU5<
zob9|^u&ZL;St5iT(#a8$Qn$V(IjMBn1EGz02!{xV>EretH$;)#i
zH0zO6Zv@SwG`q?=V}V4XM&kOMat&x~oNyTII}xsjv~C~jB%5m;A*J*>;SUp%wHHN)
zXI{S+$;?7iZz*IMdD`H`fv14MH-^MrfbuBFY`)%10PnEY%2)z!r*&9Tfb`j
z>$~l0_0h?Buu5KMJG)xDp-~H+eRlfeasP8NN+oxo=H1gor1%)k814o;c>T9uPb32h;>oK
zGU|PvwD`W~6aD>xHaY{6Hf$){AMMx=^5_F^JvctQJUl&4o;;XUc*T?TQ_Ou>d)3D#z*Tm7DyN99mzUCc@Ykt3H!H#
zMMZo`l?cwm6J8;pkXgTsTAv~KL|;RlT>QZsM}^fbK^2kcYGh43;V=_N5*&`Vl@Xt9
zpNsFJXkz4UGL74(uvSsY)Za|cgStbifLc|gL64^>^CS#aIEkE#wOR`g+vC=zYpFmY
zvxd?Y3l%w0z!1ZDD;%m=?$+(TE}DZE4$vz*FOYpEB)ARL*ZZ-;{!d9K^OQg9bQP`p@}25bkuI{zzopsiP;3Ydu?!teBH9$EHKsq}ZFDjUB|`cs`-TPzP8#5YMUi
zPdd<8E1QeR7pjGb6`_g>pItSQTq4|CKqe=29x1sYf9(&4f4qFV|Fc(Uw-cMt{k1NG
z7R1kn=PnOU-@e^Hi4w#3TLjCMg4rY$#Kcc2_)hNpwpNE-A;z`#z^Jkf771*b5`!Ob
z3h58@H=m!@ab{AC*&ufePh*5=^{Ec|Sb9IE
zg1ZnN%JQx0GrSPr?0cKfpUqQ8(ryyY@0aSP#|-xLF?-eH`iT6@p1J(nOl9BOq@R!I
zX3t#y4W_d1RrmDKq41L|bFh~xd8q(c!AQE2X90bPNq{(;dz4y*{5rXZ{P7j4s5}Qc
zCS1?~E+-S>vSIxVBh$w%X+HLm-!4ITzT?(472cJ!d2WE*<(+7?oeI8EkqC)zBO%hr
z?<4HRGWA{ns4{fK1qDV7h>@hmTmFgM>2c%yVy|Nf$M5qmp_SkM634c{4McFSgIxZZ
z3A+H4k4jN3<-fV0QiSYm>wlWH7-#+d9&T+WnF#6Jy%Wz`&H<``@P*k{a)n4%y*X@(
z?@y%?%TJOcw(8c&Mh@G3CGKJaUIo)^M6G#Xa48ZD@}<7gCH<}0Qn=`@QR&PwcAEZ0%DKaOzN*GQ>s^3RQG&ndOF3^
z9FjLjkH@U?6^sFc90>w)
zbUrz4in9G6;CC3-L@?rx2bEnHF`2BahcGb
z0RC|2*@!DX?Z(a7(}&*FZ6Vr{rA{uZY>(*z;WJHm@zqLXm7b|^kokWI`s?Sv&tSaA
zu_coCnD}nE*`eITbh85}WU`K3bXOoerT*PzRpAQJXlvz%SU-?DYXb^RZ=*H(oTVlr
zrk%?^WcbEj%iRrZ4i-&gmR!@{qUVFmBHH`+mQ85O*O*
z&-noBHhQNEt<@KPOG;LX=K}|Zl80BMP@^svf%#%B#ut)LE?(zKOCvVhP
zaztIWTzPMr1$%F(Ac4l36JPt|Cb1I`NGGv)40t68I?LpVvzazPSnJU|s7S4^R!FK&
z)2is0HP?jB8i8RDrc-kz5CG!a=@D{|@Nc^O;O*tm9$nR}=+vA`E1bRAtjN|EGBD+k
z?yK}wr0ivEeTEi|T@bZ1L%*oLqxU9Q)eG8Rd6727Q>r6dboCn>N2lEuv+6obHf$4iBni;Wd_XSrpt;auqVod<;tI?f-mDx;
zkrqSS-9zxH?A?%A;qDoH?pEc(_P|i$O}7OvK)sge5@#L5CFXWaijC&ddhpUGUn}%$
z?DityF@k5&ZptGbTVrgyMb2cU2PABW#agBhD{_o-Y
z?jK+kKj0w^>AX$rYpV2u7s#%taw2H&>9aU&@2LuFAcu+oXKa6W4wgGdZa3n<1i4R{
z;~W=SFkh3^=xG?`e$}kiOIdhm3Dwn6l~2p_?z`$>Ju@|oBrkACIow!YiCmiF9QwXV
z7weu3^T^$ug~zS@D(NOqTf}s^h$#*u_dX3>1PS>UL@q%7l-6^Ev1by7JfqLMTn?pK
z$c1lmJMm05XEvBgMYr;}RP=_CP1<*dm_EFeveUv!a2jnYg)H9Zi?HXrpvS=rFRRqr
zMR};K*e<-xZRPvJNJfSkgvdAMs
zVZ^r;#cVi0kbf)=As;C!j9OXMhuey{`f%_B{$9@*{=UoD1;LD%uA;mqVcU;{XMOA>
zL+}^TZEz{B)9C*xLeTAWCD~J
zd1Uj@Vk)U%#?^YidKZhCQ4)OVZ#ST2XnwQZCm;1~R9}C$j<+n;(Blml8EAXq0(1`k
z@r#`=-d&vei}%4>cZbQV;nT~Y2S1)3z5cAWy4VAi?U!M)atmRYU7im(-eq8zk;`xb
zC7_K7iU*RnfHz|WD4Q_2lXNR?f77itFELOfhdW|`yz%MZaEjxRi
zqe^s)sie^sWSCAwg4Rk+sCW-1alkF2WX)Ftu$FOeTQ$i`UrW;A;qDb+oqFy)Z>=NM
z67!x(Q3fxeut8wEI_V2zuv(1EWlQB_pjnV98_7KVeCc{WcD~@n%PSgbwy5YbFyJJ7
zwGe+)@1Q{2l@4jhyG><9fg`}pPIOZ!l{IE0yN683P&3I$bw@sWr13h%f|{=8P+RH_
zQ5tF<CI_5iZBAx!{}i1~6w10BqV}eiOQzOf)L?Ns?u5
zacDoCNWHG4rU?u`LH%+frH8Hh;sMD2bf#B=Tu%tTt(hdf|O?FZxLv%
z`o};uK`NBhioY%Im~d?iq?1B0=mS&;!GLz@O1QZqVq3RjK5@kxpzi*Hpv8j)L1Sb*
zn!LStF59_BCl`sS`)EV=Z*faXXJA5TbR;}Y7D|p0ey|OiY8T?BHo6etyynE##q!?I
zaG;=IInC&{iQjlpbc`-)EfX_4Wps=6ovvMpz!kK0y$DjOn%;1BUbO}nQaMTRo>G}7
zZlq3mDPJVW48nD+aYZ=u0=`8LGY=g;WS1pyEKZEU*b2{!ys>!>lOX<1AlExBg2ynt
zbeBG2i_EuTGH{FdSgx8Yf+>??M?3dj_9!Bf};xMAHvOb
zR<3Upmn;@KyklM8H9JU=xks|kd*2Eam0)>lH6z;fW^$+4e&aj{;&@y!K_vATCLAQN
zI61-;nkeJW2hluN3uio|JZBjEa6oGP0-413t&&4i`!J^|-DbwyrTW;+J_>6%WmC7Y
z4JxD*28E`8IbzoibZS(6T*~D0Sy(KZI}U%bOI#`}@VFFUA?~FV4X*QGrHxd7!~3gG
zH2=Z@!qZU(8~vKq3}a*S@a0(45;vV+E1pKl#_-rogia<6!;Wr5DsE5*ypZY=oL#HV
znSDhhaVbhmk8Yxg6lD*rboadJs;!pi^kU;i=aP+$IV@iwR?
z|M0)dKR^!Zt1o4Bzns_YSby0I^ZrY`Vro9{u?{
z|2sZtm`xpD}4*-Ece!qj0)06Wb
z_RkJq58l2%zBqb!9A0$z^Sjfti}U|d{Ns~X2T%U-U%&nKtA7mN3pWb=>EQJE^z1zR
z`Pa|B&i{P*ZvW^keDw9Vy`S(?-=v@6kI$dGKZbF>K0Mz4BR=r&AjkuM{h9kKwM?~d
zUmen`zk2pN{~7n+fBpPj_)|C&zTu1gSLa9n*CCqrV}1V)kNeJDF2haC5mP
z!~?bb?AP6|g!h-N`%2#V@Rjj=NgaQdcRhTxZm4_)J@{4LHJCGgV9z^mZ|0;EURD^|
zZ=ZKskk4`F;~V+hz)lQb!OTAIbe%qR9r)_2{0l+p3*VZd?atHmAz5pe!EnJhI^(Br
z5O@Wjc1A~^uA2|l0`vNH_OU>YFPGJ-ZfN{pb-vM1-n#k7&2j5$JS^N~+pY{q|YD
z*7z8Pl6|MsZ^SMx7r`dQ8}ikh&NeL#_}Aa$ACS+4nysrA6ViE-zTh^>uk(FIUkHPv
zk2)O>AKlip#^2`s4OUfp0Kd(bn7$E@Uj9~msvGEeKHKo{wPK?FG(c)HlJxKv;k3(PsL5p1ur?*2;$;*`Dp0x
zxwOh#r|;zAD(^adXWfjsdtc|>AOvcV)3ghImu~`mrkn3K&w4-pP~Gw8zsqNZh}ACF
zHJxiZu)oV!BRq+ni&y7IE_}Ge#65rZRX%7q$(q@O=7yfl2TY$Ys#|_If9t%O6X=+p
z%Qx4&T3uIeyq)*96-m%`&EhBj^kWcjm=k>byz?|ZUsdg9&UaHjWd6eK3JVn)$a_w6
zWg_g`&ivk=oIPVM!
z$B|i&MsooXJ`LMKPU&wuGqo&(Qs&kne=*frT~9B$W;DIvt9(;0H*{)DPUIVxTpZT^
zx1Fcs$Cqq9qZj!g@GV@1v8DV7<2!W5`Sd;S+#RcmHY4qJeB6BpK8_>p9N$$%*(ba}
z-NwmN!=*xK8uCR7pObxlxoPDR=ybncHq)tG=g+^+r?D-$ZlN8Ut$|H0?7vkLMhu7AV(Jzoa?
z3I_U3zFlb%*eiyQJM$1ewr%#?&K2IKciQuB@)O$nORX~n;ltZiy{=dWKmT=4^P444
zB#$iL18sfHY#VsI^Kt|lF1gx*$bwEEW*>m*FR{)YZGk?v%wP<$qcuR=HMO#H%E&uI
zVWP|15-w+`reAfsO4Wr#B0c-Mvk~qV>+%yG?7aQ1P1VEv*>zdZa0c>@#mnz`$26kP
zSaZb3`MS`@v~X))mySL{$!n7^V7YC+&Ntl}+QT#m7Kr?B^I2c7%CX3lXC19Fe7I=kjIx*tX+xfd_w^ANbo~HjZyD7Y(f?
zpVj*JO~k=f)6B>v44=cZ{FAAwo8Kn7
zEPWI|N#4Q{#qg4ElE0FmNc5qwWiL7B$qdwFYmUM4Mt}7K8{b?*C??klXoKjF&+|V*
zb|ts)c(z(MR}I?uI{$kGD?Sm&=-Z`$hUvp!cRrN0`t5I$PnLIV&?UDxsjH;i&@N51
zRr0DyLtpz@kS{gP1W|3CKrysd33eH@4XHrMsM2MtLk
zFtv>(FRY;u0tszc21uJuGEIdoK*d`m8$+AUYk%(TY_jB#G&7%>-#4@YEk|cR_r53;
zSYOS&Os^t9&+@iWbKe5eP~_E$`(YR55z_xw!*}0>cSzqd<&=F#C*Gk~I8Ybie}}|?
z=Nh*<AQ+sc92IFCekBUP)bjCv|ZO>K&NDiN^W}czp6V1H+yx-v(
z9I}AY2Gbd=XP>G{>=!@+kLZjv?U7$}ndEA=oQGpfQBGjg9ti*|b;cctav2G;lX<8Z
z@w!txybwU@U{kd6;inDvsfZ}-DliT(Ek3?jabBbb+&ah<-^6V~7}=*p6!@8^ycYxK
zSY8Qf;~>$v)20Kz+;ARt`Jp}6aSvz#eryjW?z6CKIrB^=$-%t%Tpq7FkK>UBXe)m9
z4My-JOq+SZhkT{xJeFo1q#pNE>Z5~>;32F59i|m`JQ&W8pSxp9Ro(88QhDl*h##)H
zof{=eRJQ6&cS=;JWcntGqvpPzV01I{)|sMIpRZNB3$O#uMRpxH;1OPkB+qy76FjHY
z4IJ2JNl5H2U&r0998=#RamWH($X|Q-DL}s)>4I>Xmxa%)HT`v@$PJX=Nq*Tz|2eeIqX#wd@Od?v8_YDDmVCwPF=2NpK{yFjp^sA@#W_9JN2rSeWgEI&c2bow7fd?
zLVdGRn|h_*Obtf8aF6Q5?5EXCWqL!cX6n*A$`POU!yyY>9emP{CIYh^X*fJqbaCK5
z7V^}0kou}3>;L}A5i6i+r7d2SYge;
zk^l7vNjRaW&fo_qv=|Uc9XP0|KkgZ(t>M0~c(%+Z=7rt1mSwk`6C`1wsp(ecIWhk9
z#-2_jZY)+QaB$<$BB=uhKMngZ!X&y#BAyrr5e@AZb?1fbyTHLgz<&(sVbguc%O5yG
zerqutZe5nb;j)tmnD2?IWz~73JLvG+EK9c8u)slc{NCZj0teqwfe|f$gEbTKQ;~fh
zv@)Nd;7_w?&O2K)9XJRS#nP%Jd*0Lu4jkkO2k%{HOzQl=kr?3%5l#mVR>c>R(w#`S
zAoEVd5)NvG=X8J^_Fu9#VcFW$W2X2Vv@OA%^nBDZ@6;qZXc*(bw38&dq&H3X&3LFQ
zb7ru6{SM_ev?8sX7ix?S&!b+lXee+*1^ONBI0x&iS5l>e;PIW3hXl_0(;Fpearh=B
zPo__@qw0p|5zV;6rsJE;v2A3BZNJNo%-RhOFOKiju(CrYu7OBpXAVbbO2E8^2j!;sIUvjI>RMbq!hGr&1zpy416d>D%9LEun~
zXq1{T7v?*U6&)EkbR<1D@|I=i742bJXGcSUyx^3SI&i4HF{yZO=+l+#^V<=sH9Oio
zAaH~gH)#AW6T0d?mq`j7>Qzx_fkVCCOx_u+>j=={jm8y@WWu5kgJt)H{=gwzHCGWh
zWUIqd1P-!OhYX$=>AXYRPK;RH8MGFxJ5=n%mZ3Y8SB`HiB
zcZgEWB-R~r)M63q4moNV#JWRzYWA@1kdulHtUDy5%>>pRn$KbZ>kbuZ7{IziJZko@
z?of0SOH^2QsJe+IEUY_Zoy9QLgUldO^?Wt+oF6+>+9V_Ka`?Q7h_336OVq{p-&c`I+he
zk^Cq8Kbo~>v*vlNhyyhR%u-r><-{$hR5m)2V!`M@^7Dp@92+1?scs*+_)<`&Rk$)PmA@+MR4nOpL31>M{5`>CWeJ0N?q(34Ps$W74HtW7
z+AUd5LD?E_)n>Jfx^il~eP_m-cS!QAz$`Pc>4_HIjI><5Ak5E759>t>!tAXoRdh_0
zAsLqnirds&amlhRo32f9$R*3tY^s!Fb;gTP&p$3MCNpbS&tDf~n#SW4;Icxf``XH>jVn^D{{ER&%%{8_~f@@W*oG-G6Dj##5Ut5TXUuCy_$oQNe#
zmQ~wy*MDQQ<BnWx&Ep@p7cr5Q~>X;0BgjEyN{I
z>|H+tVpj8TiImmAW3_-Trb22#ZNh3bT68w3&WRcEY97?0LfknnRKPrPq0Dd#
zm`E<$cgyCX5!-sUWZBQ=>`vE2R~X3|XT`DERg7oxVNpi8%r(`Dj>$Te6i<9AnZHhA
zwJS_mtr&V4JKmCQ$(z?Ml$>M;4ZoJRTE+-inlGlqj8$;SwhNvvNY=obtE?3-6sbgX
zLBEKNQTDx3tO(uP=DvE+g>1iN0BokHko`9{!PbNphyiRn;gW4BJOviG)=8!h1&4|X
zPqJMoI8{_wPO2$fK%MEr2AEkM+C_y`Pe`_sPo^oeXc52^FC1D)t8EYzqa9^9Ed`4g
zOW9GEY)k6A`h<|=fr$U1bpgVGP_$wuyUgF-5cZjTy_7AvLIY0TIE4Gn=ZBhonqlceNUM
zG@TTlm{Aqb5?G3w=Te1mFGEgH;X=5Vp(m(tJ~?4r1xmKFKpvQ2EjdqqvzU-jz64Tm
z#wy)RAEsu}VNw=DCEF8WdV@?{>{qf~6N*YZbJ{FEOcNLTm2Cfo{L-2I-^?e**LCIY
zjxCZSaN*1*ED|JeVQYV5;aq`&Q&@90mWO^}VGCil3fE7Jk4m-+N6xH?El|mJ=*TH1
zb~`28y(7O^X2n`Fpy0$sSya3T3Qn{X#8f>4aZOyzMa7F(%*9+-c)191Da)gh?V6I;
z0T**o@xrwtkqn>TndZVx=~>6j#dK7>2rw$+
zs*>$pliPzdv&mM9G1x@2)TVSXNvLeBO14W*{;+I>N5u1ln*mX)B%t9fC_NGz=izR%@kxB{{i}=K|O4V4*9{0O?SJ^&SIR&)`R>}6k
z$}1=`UDmo5uZ_59DfMje+K|(h>SItSxv(9%%4ryL81f7D#)1*%cSBlXB9M
zii_9Dcx~Ag7cZCN%caW~ubLex)zn`E8;vuV)f>NP1=r<+jH)N_^VLm`KbbCDyqLzt
ztYkZxs)1O@gDSWs^_E?B&7vd>hF#S3N}+UzALS};AG
zRBfS&gK}AuV#Oyd>l{a|&k$`)JImSLayjLVvzr;+3{i*jfRm0Fub8kpGQUCbiWx7t
zlIuJM$
zEWxnxX#Eq#l>dKV`Ocqw!I+`&_(k%0*Ecn4uA)k{PBeXyt3f
zEH6f@Y>_%yc`ZsGidRngC`!Q@&=N|Dvo)415P&GxMy{^V+(N2jFGwnx4;XK3ql{p=
zP^W*BW0ess=c6{`99gp6BlEhbJumHAKW+}Im{RHW4D@C^I7_zkXmQmOW#`Qw6d$xn
z*4DdZdvF$&&zOc6NR%&%6f2!djx3@t(Bas}cKEjr~=1#*u`*1Wr9yMh)J
zwk0Y-uH3^oippS$bS=iwv}C)Q<`&Z!sK89a_Kvj{X0>=>lwWMg_KeM27@Mk6)y^Or
zCk`>AKFEiH&W=@P+T5dJEN1*?OST8?^j685YE$t7N!3JI_;IEAgrjoMl|nOM;3R9W
zT|z_Wd{8)1=Fp{*?c$p=a7FrY!5M3&jh)RB)Mv;)jAO7}z8G;?KEYP`87rpje!1ht
zbcb;rwmVXUyCykeih7|CWL-YUh$-r|du5yO>!?<&oY=`cgYK>aEUMTKZ=aLgsVZq`kV?r)8<2Y%1LVGwfPL;MS
zw96NsD(z2RvOUW4tF?w-h`wUW+Ol3C@ZdRe%?zn{feurvLb%cb6M>8lM5-*%uV@_z
zS6M_^DCGy2Dxxf0t%o#Rbd0hFhg7)W7%8JOZhpq%xP?}fnI8!yWu7_qL*5b+i(+`
z&`UE_4JRxNy<|V3&Jkp#5}L}`rZdTv++1=vGWv{DMW;$}pd$sA
zvatf4(Dx-b`2BQk>naQ-7gfV6t$Se?`+g^BZ1!APif^%%Rk*6Alj(g7Q=Qygb!q
z?Ng#cwwBzWt=YcW-RFanHv)mACiPw^FZmv)>?yfPdvNfSK~idOuXzz;TudNMZ#d~X
z0wqZ{pOFCyKt#Px~5Mnf`(x|(5QNf3lk=*L0lT$4(shUb^
zT5{8xVk1^!9Bc${vHGwtkYY68J%j1$)4OyO^-Sljlsaxs9jq8rq;t=7=e=&6jy%dI
zrI37nMz*|^Y>}PiGcV1joAE3!<(Zop)6I-&Z#CYDaXY&O>8v{mmP+WlXMqxRh|Z(#
zVB!=PN@k^IffAeZvC}G1xuCFCy{cBmRX63T*}s`AlX+<-vw3sf#JN@}Cl_U2?%b(_
zm3bK}tsI~wHw&oVHP{>6G>Bcj?qF~|9vXz)x3Ky>@~XOtRdo}{H(?Xq=oYiZ!+sCD
zcWInDy_BiV%SLJ^Ah}(-PcoD?3^rcd1>J6*Lhilb!xIwUUIUWBzA5VJDL!cUK-~EkK1|NjYoGdQGLmt
zWSvEoh`N-QirPvFTXNIF>WS}#G3|f6fnAb#_&@_9w06>}>6N+#vibwB5BMC>LUcRC
zm5N7LEmoXG)kJWpcwL%4_bL_d*D>G$K
zL-Tk)UJbnK{$P@NldEt9GM1)nLVdm
zl4vBZYYK#N2{Xtk29*n_JgTZSESZInz3}#3yBoK06X|R{P|jV6sGCNUs|fglYPG69
zResI9cDX5=DJ3(%&aQ)G8RnN+xT#Xy^4qDTj&4rKQeINXsVuLhd!%_S<>q;{)1{X3
z@}(k=o(@G2gaxvbtkNd)+bJxRNvK-N&8VtVnezLogrrt-&{AG@(9S>ysG|2~Qva{x
zJQn@r#{Z-&)78$GiT?Sq_@AC%Yc@P@*ut}SBjQ?3{`CsFI{wID^{7+i)rW5_s
zJKH@u$PWcNFQi4KS@A0YAo&_F*kun$>M`)DRM-6fZ*J%4*{=8UX#3gG;m-EUmr%v_
z*|zn-gTrz9V*6zGnRoE&<=Ou6%UvsSD9Tw!qd|{zp3j>Aib~X`p4+GND(*!3g_BbW
z^L?uq4o3jsQ@?Oh(cm*AJUOZT)EnXm364*_f?jkuzi@Nv9j5pla+0KA>ZM7AZM{mO
zVHe<@>Agdlpn-h0Vkgzd)xeC;k!%fy`njXEpm<{Ziemo%*Tb-{KcD|I1O9)Z=+7U8
z|6VI-W#d18h5!Gd9|!(_cJycZIxqZl7O(+u%7HNeWU{~;pm!E}0r<**et`WMNCu#6
z8gl^Z$N+kP^iv=nVEhztN9bM*WpjW!LiH@VL41<~#}SZEqYT6u|4B%jd;XJg{~gL;
zp^WfOaH;Mujl_i@$=v>TccI9eWiP3J%HDpzUG?&Qu(~h!gVh~J3F!a^eG~#A+kJlL
zT_z!#fs{Q|S9pU95A78$qcY0e!v38%jFJ>S7@Uv7m}I7*st)7j;s+#EO4Z;{t`?^0
zpdF)Kjn^5p$E5ZmZ5N7&Q*Qy~Zu4q7<`>IU9kkbp!Y*k9udLac#G@-~&(S|9m`(>}xex
zY=%FLS#y_`y_8HzqCVCQ!(Ia9kVf4uwiClJX==A`E=(z(&
zLESj%L+4lm+8MwsQ>(v5?U7QIQFRySu{dExUB44k|JFW#qkO?1tnLiDNf?J#fX@f|
zbGMZg7DhTWdsAMeS143Gk7TV`SB%w#))Xf=9cbl+a!L;+#3X>sOnv?d`!@~t#jbaH
zw0HI+FnQkosds#G^uzu$;P>XYPvL&P?EScZ_TuQ(nFl3KwhzyK@{abr?ZcnE@AnU%
zl|7&%PIgaEy`vMVZvWu;<^C=_-#^@W`RdvJ;dAdPe0z9w=DplM*gu1c&yJ{3scwJw
z6e~Q~J=u8yx7$zmU+$m%RF>ZD?VlZD?R!xDws*XJa<;$o>gD!{cl_$)_~>*OI`Ry8
z)cwP~6KHGqVE6E>3T?wPZ}$hd@ql{;Hr5*K_S2&ucDDK?dX6
zIXXN$f!i_+`{Yd5@#FsKZrR&D*+0b@QiDA?g643l;lm@U3qC*G<;rjw+|`02c>n5j
zH`6z+?%D44OQ`)6>#@Hp++DLb$`|~>>UMA2(QpKy7eN5RYB8?B!^J16OlJZWEeq+Q
zIwIL~sj9mgbUOf?uX_yRp1Av=Yc^Y;j
z2JY~sE=gb>)l#~DQ?P!R#84Vl{-da$GuUtp<&yX}g2bOO|88|(m*TlIoqt+~8bZ^F#>V2Ov`
zLxQJ>aN9`?>m7@>1!f+ty>YS7sD%`JY0`$5xJX#P=lw`42nd|Ng__Qzc8HH~v4$aF
zxb{`lzQ!+NL`pybOs-*J6#BuX_fYO+@8R$1_~IhIeX<1*`}w=w
z*JoRQ&|}~T&z|j{JlT>9d5pm^ur&XbhtX|>>P&uP-N@^6Uo$rk^WhsesoO3@2*
zEicsz=OK2Pp2~%)DCV*(!`wSkRgfOrJbrh2vLmlv9=%Pm=3j`aGBT&?x!*ydi~}c7rCN$$6Onib^hV;
z_SuVh_-tvJD3x~9uUY1p0<{V_h9qb&rR5y%gQ
zNKyX=4LqTj;RrT*l=dHwyvvA)PWU~!0x0xLdIkIVF^(B&zkz;$7C=I9Qj3#_HO}xQ
zo{_`dAE~F*9n}qaI7fT!>Hgt6oZhJ+=uTUu=H}Ew+U0rey>+D~S7qkLXm9P+f?$r=
z6ZDH1Bk?GhK%oJE_TIwaJRP7D*doCKd|mdU>SeX;EsfJ;2?o2QVaps44%p{k=m+vtxg_8*71iDRq+|v=9zIB|t&HyLBO%(8j2Sjpo
z3)DE-BV7y>866|^nheHJg|guX(9{Jqg&fSFf5C8%3_i4V2i6A-pg|Ua3LW|fs)Ln6
z_z2SnBz-*U-oesSPva3|RN!G!58A=)0^5X{6a(qld;l2}54W}K2kU+6h3(N8)!_($
z?|SD0Xo!^f)wu<)-Ld8nPF&LSDi?|Otru)Ab)uW4{uluJB2M5wj^Qy(4#)eavqk{B
z45N1+d;OYvl&#K58;xU!yN%DLO^H!_953W@BQTo+*t$R!t)+kllJFI
z8fWl`2x)Nlao47g=SpV>$8a{_H*C<#(x^B5W9i|;xsvoHU7MC7@jVdfZ3jjlMC@0iH)4$?ezGIYhaL&=cIaoab1U4wxbP
zBafG`4cqoSQdT&fxe}d{xl#$cS-G7nokSs9#gIT0=zPV#%i)828Wj>C6+D|*Basku
zB>=4_Z{iM59gIV4
zrAR1X4~`KC01-GBEYd&=K?CK+XnvrfDUf7mSUyhGVSR^2r$TIDRZ!w^FcO}Z?O}oP
z8xIM_JDp5Lyl^!ja*oiL?sZ7s3(@F~PdpkgU}tfm9^>(QTr~&rAp>?khkBaK@muiJ
zX`pf$09B%OC1{rWn(HW;0&t@+$#By71#VSOR1MG%vk_D;N+kr>-ELU}beO8sK`+v?
z)Quw+{1C2&ulOT5iLeTj*n*Co!5B7gg~;D3mZaS?|3j3-7k7v^RBv#SO?U9*F{9Iq
zs`KVMBu{Zu>V=O9tm+ThGM;IV^olm;IUz9FZh()h+Kv=|RaQvJ?hSntlRQY*PhZ21
zF7Z*I`8LD?)1-4a9fl&9+Vr@G27N?VOyX;(eif!NpATr@o>b`Za~YPJ=#EAc0EcjD
zPj+8!pY8v!>*9(J8dI$O{8%b{ytKCV*xnNJ57o!AJ^9;tYg_2rfiS#Z1L~n_45y8^
zF%!m~Zd6bEB7#h5P=g|}$0N`}g&x!Ka^S^dsU7~o|Nqxw@c(CjX6k>^t1r@qU#l%Q
zo5lK{G~g4htRQ}{jGR6YJ@?ma
zL0`)rskca;*!jY0EPbdnZ&&?iGedm4zm-Tk1sFb6-ko{v|_ZlpP?5MRTc}Z
z2JNt`&6NO+?d`u-Tt2_ICBjQ@kqm#hw1iwYYo7Y3
z4WiFT?W82b>JdqXr6wvM-ID?$_ftLLm)Hi$_KG?#8aC5$u0^OKdXD&KmNGVO_%u})VArqe@x8=1^*lMYjA*QYrS29EBN>=
z9i^{2wjv#y=+yLFF1@K$R<|qv2rIw+^Zzq?HrNVU(T3O5AnuFPlbt6@-(olWU#NnE
zuHH}oMq~P_eEUMmH`Kb(+<(=webusk)v|q_mJMiyuj;k?sn@!Ff;j(i?OLw>hoIn>
z(=p7}|9H#G==103e;W11SO35N$j?{(&sY7=SN+edjq(M5zUqIz>VLlKfATiU7yS9E
z|M^pM_l2o|Kc)X6I+RpDEz$fmmx7uX)YoeMn!oI5eqIq1YP3JlQs`myt|2mBC`C;~
z5`wNMV+wHIv
z5;7*hf~QN!wR4=^R77wgY~#mx1d<+Lh%^e5_7x&vl8|HPCxhgg2HqQ>7@0>e$`s7E
zfKj+e0mc#ZA|6N7zloDUA6tUj^lT9GMovg54HGFn>C=({P+BmpdM;2yqeYh^Aih|I
zhJpTG#{KcFw}8D9?p4-A^mkC-^TSs%xJBa5Q5K{YE5X4*Ra||1180y$P_#m+*6-N@
zY83|2S}L6Q;^n|boC@FwOBOqJ=k)zNy9>G`C6-Mep
z$N)_qqH+&M-HXD$nQ?iAV-!Gy>^W|=FhNop3Ch9v@(ODPV1)~c!UWp4mJ=3-w(Jv$
zNL6FJK~+CiMr{7M%}|RdNeLfNB#ZJm3ZaM;SJYYLRWq~05@dq>*S)*Jm{ym>1`0r4g*VjTfcIJ9hUDqQ
zQ*BFa7U-zynlZef-l!PduS>^_W<4fti)uE_KY{ifgw`~NUFvn2sprZ|>P)4pMPtw}
z-b~ymA%qZ>MM%iENsd1SFVtSvT8s%0e;%wRDlHjI45M~TGT4;Vw*X3>Mn|XKNu$~%
z^$|cb8)thGvl7uwPjvF-S5|?N}~wOtXk0ytIC4XpY6!@tdc
z%(6OH{xiZL;WMQnpY-z)`A@46)HCs)8qNAw`Okmk=RYd{`5e)YCUd{w&sX`+SNYGq
zH_8|M`6~bUD*yQ^|H<1ZU-0Lv{O3>2-4~_;{*?TO=}-~?HHd&%ss&5F@A<)+Uteq1
zYyl9S7${s3@egq!m}+1`R=~)cqx}ljXCypjUO&bW3WorffLxx@DGLr}ei6Bxpu*am3x;K`qtyZxU(*hD0-}IM3@I4
z14a52%@a%8z_6B(y{dQ*|K?Q=`wa}DQ!1^m&y|RqwO;mt$85{H({cak6gA3JpXy=q
z3sqWbR{yqGqQ0LFU`65-bY~*XY1fByy)>ASjd~tNJOFTYxd5I={T`?C#8g!zc4y_+9C$FCAmFpDSJbw%YBJ
zsRXX`lm37%)m&h$@Bn)#>i$Zf_6`Dsxkr#2nSg!%ZgKS-jE7N0%z
zl}!jwQ-4u9j^_Xl(Y#X!ovO;dwj<#OSWYUUI$)jhp3?%z0enb*t(Ux4*^XFt1@XtU
zxwsogL+W2y=SBw%|
zRpkBFWq({9B$p(m{6XsXYt^9Yql?Nj;Gx$<545@zG`w1{7ObxMEkyq%W7ti3v8aw+
zV3EDks&^9J^?(&Dl@>5J7YeO0Npz(%Y4$CSBLwrX|`jO#7C^-ig+>7ktjq+
zDTa1-Nd!nMMFkI)?TgDmzm44W{)qT+vSUPwjtm=FD=~@_Z4!%5pf%L3U>3Yawej>6
zSlj1^ugcyj(VE^5)avQZQD*!qUDwl-mnht^-j(5GA>Et8K0?Wr*B|%Jk#)hr)3j9d
z);F^X^+`Q6;gY72)G#z$^wXe5(MjTBjH(FSkXQpdCZGi{%z_z?>6YGodb(v74k#BA
zof=pml8<2;Npx>Zy#*uFB0f#bw>4yedKS@Moqf5~5xD08*gphdcestf4Vc(}&_(tD
zkZMG)+^f^d_UX?4zS;4l-B^I*x_^4KveH~NZ&J~MnYxrwYgkZE75ytv|D@8pp?(f|
z!Lmnr{BV$W-eq@i9(F4nMII;S?e4-;T9voEi%%KQ5)(TFt`m4h^iYA$p?G~2mK4=R
zbS9A6gvOF=AF#e{Ro}LJ!KdIUW+qLq+%J?IkQAu20O(GDUNY^%C2HNQ+d;h51Z!A;AO$b$pj(VS^
zItSZlY7<2oRO6~*Coz*I$%{wiWpU14EqxIgqptIlsajz`ftnvQqkiwj&q^2y_YEGVc~QKrn@
zXwg)OhmrVl=Ix=5u+u|lsnEMj2IC=#>up4}z?yF8-7iOHj~Bh@{Wu1!iW`lbKs7QD
zPc#hW-z
zZ{?+QX=!Qx@j5~7_yX#}O+#J+YTAAwhm`%tL?Og&SdfJf2%1X~A)%4NB?>b}C<_|&
zl)f18%$O1hYLHI8R4|x9pO6l&>!Mk0H34e(LUU$`ovJO@S>7S?2}!qkOevzLs)VYnsMiTZ@MjL8y7cc>q$p$9aBS1h(bZouC
zMmD4!!R>+^
zGAdGFNL5eU+jJsK;!XAlBXa5z$W$iZFtxoGnu}@?^N@2{C?;vsDlJ`q)dw7R%yvLM
z63-ok{c+fZ-aiE}JPDO~0hh-Saw|CIbD$lepC~tkwb18RfDjTXqwrd&9;;0uE|@rl
zSKp0+c=K0Rn?#}CvG*F_hj9{K5^91Oyh8#H4tFoUB%e>XG~5i-gd1QD_H8#tqX@Js
z5wWht18I;T8oxsTv9N<_3jT`Z-D7~}w6!Exw-N;t^?(D`211e*I8_IWl#Mbld)qNY
zQu~qU7_r8J*?|_&NDR+nht*`d((Nv4)iBd6iUu#@sM{gsCQ*!5KLDKo1&HYw#bnKT
zz}~RvK8TYb;AL-|(7g0%zNYDKGu{avIp7xvH7OY^yS?>=Prw7sV%~)$8YF1<#hZmp
zp%^R)soop(HDBUk8sb!^RR^jAp@67IDQ<(zs?Y<589PVcDx_H0C@a-pFwZves1sy`
zMMsO_J~oG%~1o9|D7Y;dUg6za}x`AlC_fRl=NJz;d!?E^3^FZ{RH6_VMY#cd95DMen5yu
z%?huD8e7d&!=zrsWObxE#g2aj*I@uj2ah*WIItT4BHux?JJh)!@6t#%%(eg`-1Nj>
z3wLqHj%}g^4VArD$Js;{Wp;G(eEZNL@^@sryT|N2y2Mx)Z4%wZh9ZY+)#+Ph@B!?L
z>Gn{{L56+sg}@UaMk<7>kcqaPtr>{my7nUqD?yf&1nU;kfhI%HHk6}GglL^fR+eNA
z>_v2V31ZO+Cl^t8g+P}}DF1yWcYs~SW|J|qv22QnT22L>5sWx1MRXzuCuk26;QNOI
zwg>3}6>x!OqY2^fBzq)q19yR@LOO7cV#2^&0GSg17LoOGC$;Q9?8+oa4bc?{mxVdN
zHgLm}mF|d!DkVw3OC$v`ZC1BhQcDJ9A27LGM>|}rUbj>;dz=<*5vIm15nJ+^`n&&8PVF}$(biO1qqE?hr0>4*r`o`igcAOiOK4w40ISK+5)E=U6@l5qA3wZ5u!^D
z*8>zK+CMu2MqB`>BW{m@qSFY%-e=TlZ>lv`(+fw93nuc7i*867^$yu5!A?lU4EE&c
z0OJ2G)FV9Y@OZT}yloDreFT5qY|Zn;gC_5&fxR2p~Znj+8~2GIHoywZkM*01E6P
z29^M#fk2`@1qyTw!#FX-p<;$n6kaM31xmGgTq_ZNsuP;c(mhFOLSRKphXZ?_VArQ=
zS~kMoriJk6gD#fuhCnW*c2Sgg%VR2*Vlg!39;Xas?6T%DmQ8L-`edU0G_oNudc>jw
z+L(Yfy6A^7=rh@kDvV01*4V0zhIDgYdPSe7WJ`aJtjEFzoRIWtbJ4N)-hg+T^v$I7
zBL;D(VEcYO!2K}p^{H`G;_Ty*Ca{InsGdu;RmIFcVt_@Xg++vuTK2@#KT?MVD!Uvo
zq@?2w9seZ^!%DqYNns*L;*ms5p&*q&d<&Jp*HG*+2^jJJU6BINZqSU%unSe9V3L7j
zCOM9#BNa;wyJl(Bw)tr?6G1AFPGgt~LPBo^C3q0#`E0=ALxm<0PhCY645Amwxxjc-
z{V|a4uq_#STnrNH7@^pQWZLM25HUNmz~S2F>-Bk!CJqQq)awAlf%PRsF(0%7-;{W9
zjQ2=P6R6@iX)08kR@z~k$iI-dDeMkm8%XaIeyqAQGgN{u2=h^z%rm+HMvHCNT^7pmxQ>74npzvb$FRk5VDQ|V;}W~T?X8)7ls>Ni70^mJ|gEkc5o<*
z$U-1L2?uUS$j2LVq|}4nWtg0IwcwI@njzrTBqeGY_U%P9QI+nKKLedEGR#GX9;RE`
z*ai|nypU3BX8#avYXrbFz}u0MV_muYop2dS_61dG*`1)zFiOS`d&URIaH+sLaFDYvt%Sae1mYir&D@dru^Lb{gYlijmzWwiL}6!^@Y
z?PIoX1d2%`L#_2XiCDkdpbhc*_<6%(Z&?)Gf!&GR0*VQkH^@%<1*2}9d^=uF+1nV`
zHmlX@#&~rTt>yMDF0d@#ELc~R2rnyp%Bh^T0aGyE#keo*hlyE*0Hck-iZ%moGNmK;
zM6Ny@N(94DQLN&gGhQueG9>E1AIFL2eilfCUB%W(jjDjdRfwNhh-=?VRtNxPc>4=9ayBFcfAF)Rv;)$IykNI1Q@u8
zbl%(DH*G4^kC29&o&!rSVSQ?dxx$Iv7%u~=m4Rl)nEeVxNHm=YABbK=9)X7CE#R&7RD=!fVN3OM&v1h?Y=~jVrN40CHGrJ)Z{@R$t_Yr(I_c8
zHU*mRVxhiRK~4gp7d#j$*Rx0M(sr9oa}i`KMIOF+14r_o_FL9mD<=$5_(^lDxgsTG
z;oS3<+!(ja)T<$Lw}FV(olQq~u&7YiqmF_wk+{yvz?qxV&_JrPSy$}XPe^QH$h45u
z4oXM@Y_C=55!!X^U)XXDEn(%-Br${lTR^10f-xy|NTz@i?LK)mvs@GdDT&o;Cu%3u
zS1$?y{_tK2FHi!Mh=>aS3&JUus;Lgxa*yIi
zo%KhZ6FM}Xd|a|16~U(FxnbWe_`Sult5pnn$P_Y*Ris6xMqaa8Q%zAQJrV|bTHu&qPTNqkct1{G`UvUfINhDG99Rz)r{g#W}VzH=#5+A|cefKvo^lW0D~)
z+8s6pmDV137MV|>*APEmlfe7JgqI{%OLRpzBYJlO<7S0@jCt?EWCET=Igt|%4fS6b
zsR>G`c)~Rx7h>|GN0}bL0w9vfEubtuUPv(%SVKt=%QlMI
zpzA~|qkxsS`fC)`!|feVCcQC9*X+UJteqnR#Nt@XU`Pi{T~iny`me8ed)Y@60{
zwfP9Ugsm&Nj?xGTqmq$arX&0~?2@Pc{^Jfyq-cZOM2;NpajH~P?GedMy@h?0hW0VK
zu9(y*Pqcm*ciC9)8*g|8yqh9VANSZ=ij0xirU}it`Y^{=ivLjbw5Q~!Beuz-P}IiD
z%2FgrL~!gWuO14Ohl3GTuhbYYD?dCtgWyO5K2=kQlqN1~~7cI!Vnk
zMIyuN-endGx8Eqf&@AWRJZ+B?1K+zG&6jKopsrsI;uH^P*pH^HKiGOPBZQXNr;im7
zqD>1(hnTZToOV!1evU#cc+*3vI?7T>pdof$1Ti^UFc(x^G!co#YEt5!Uk((lpmCqF
zjU&Nd89i0c*)(nMh_~Fr7`Tg3yvTEjl-FH!j{ZvVNQ469W~AaAs9EEfCBn;yBtyDw
zaG`{jKy4^YD@jUFmCUx|sJ=A_+b7@3jE!Z4_bZjajE6EyW
zDke3>ho}${DxM}+gN*97(7^AL=#oyaKt=#;q<9|P@tNHLSOfFZk3-Azi~8L`vs)&O
z{M8loHbQHG`X?%8LyLFC-k}24kS$~sy+5L_L-Z`}4{k|daXvtC35r2%k2HqacpS*t
zf+ACxLM~arO7;=xCD+gPGhbjUO;{)?w~fuNNi&gWjeyrJO9uAZ-U`oh|xi{2+Xmd4;mLzP^hm<<%E)46DE+!U?miz%0-^M22}u+(8utl*}5Bc7RblCrz)|
zaP$Y(+>*61s_Oe>PmeE2z7BOO>y@fG(Cuy*_vi|J;cy`}83vm+A|X96V7z&i#EM{e
z2q0w8C4n0XlVh47{21RtFVsUZal-18IK3vme8?~crr$V{qknz(uF6L_i9}}NU5-QY
zz$a1Q9a&!?nR^png@1v0(cXzfu#_1`0!gY$XjpCl@_%0xmc0dF)?+HQ(W
zrIn^o5#fpn_TV}es|KwMAfv2!B#fD+H&I#LmaVO@m5sGk$Y9h>8LJq8|CEgc!Kc_e
zkOq+VzpOg!=;d0C#@qpZ{KHDEBDw&)#c`Cqxl-7}-|!-Ruu{WI7~_+lpO?LM^5o|O
z_%rVKPk#OmS)mU7os(XEP;tc_3Il7n1OgT2>4nv|i;E{ezqGn|i5mk3_
zV$h9%WYD!_6{c&&(*sB|p;ilfbv1hOGwk$h{bsIotzY)Bo&&t9UZ1D@dhP~De4uVj
z^Y>VeIenXlGT{q;{yc2GX)UiDyQFCPctgCwf~%BOUdtr|qiIT{rBf@i&yN#iv!kd3?M3
z=9x?bTt3Ci3%cCF%Q0PULuvD^e2Om~4gE(Q{#@U375a9Ei;wk#ZQjgoU+50`Z7O{}
z!qWfHD-P%m9>9u@&fEAVxKy8@F}nIJ9z9sG>XyfJ4LBpEqr|%ms(1naV6`LaH(qq{
z;(PT$(xy#wH4Ih1fA{}*^v$CV?3|mahaL4)GEu4{XDm9D2IC%sHQ
z;04kXL!cJ`X{rb&bdE6q7=F;~;o-fBaf`fJ>0yxe8@ybGOQ@rU*R`HiYdYY1i6|xx
zq~9gbo%GTHmc|d|a@qcH+~p66dm_kdz8rV;mwefHT!f2wbDX;i%T_HUVpTXm%*b^LoVy)Y2(qTDVMEBBOflQ3cV$uE^C9(
z6uI}~t~D6w&ZmwAKH;I9lb8s0T->9B{AY&Jd^8IF%ut3y9)_S#5?^3ly*BTe7?|I7
zgVvHRo3z_veb!UipFl-MIW%9}WnC}2D~P|Kex+nx;0*Zz%c6o^h5u=L|$MIwVv`V|5k
zRYjO`yiF|pFeGc9E?a>ukD
z5j3JiYH=Utf<)asPquzdQ3OCNR!|@^&|GzO?ix)XzJdArP_R@iM1tK?P47}m$_ex$
zO!AX&-qwQJ+cNz2D{pJ{TJ`6jYH#cH`Y&&5wMO_hX!#d!>&vyvxAm5P1-G?d;jMrD
zHdtQn!d1|FTd&pn@T)oa*AV_R-s7(Xf2Hq6@TWe8uNpUS
ze_LJU%fi`tVAPDXLfbr@QGcN0&T6!RfL+Q+&o-)rn
zK&y0SJ87qO5|TyGOz~o!56C9*Jh~Iw$)k9Sq8LJx8-g~X&J|)^HaP4%y(q{dB;$-o
zoAX!Es&6R3A1wDaQS!8*;Cax12jq+-a%E!wwYVAW9mK2|Xe>2IwH*k7X;FbXAcY&j
zL1;FtFG6m(JVQp;v^*C2vha}xueEi*CLnfwS%cX1h6b_fDS+7Zrp6ZQK3^`wx{0tg(5F-I>y+D6{GyQG5+x^?8Zl-4g@k$n@mTa8~Gr9;q)>)q;
za1m9FQP@%10=7Xx9_W1B?M9(Q8qryYU_sQ*gEQbkL1|>s8~cXjo0h00@GHw-=pL
zU?#On*MoTFli@yNCG07cCe3I*CTLZEeph=N_)Ucg>dO}hp)cWA0GJ>MV)zBQ{fq_KonPmh%)uJYo?gQVNDOjkYcg_5GN#}d{ChthI+6`y5K5_KU^CyAem
z|7>+-jbyAN;&vOn@sT}y0>tT~i0#`>TSaZ8{5&>DKhN+_RWKOne3O-2dxIa91#0lUtVv}Hp6|x^N+)pCo+ZdWKI#0
zq#`D5BvG_hhsk_IB^4EjPbR~aLBGOA#G$gl??e~jxI2;^hg~asw24Tb@(XUe$Cgr?
zx6oxWxMsq6FeKCH>Ri_lDirINcMjhf1DuVE7#;
zU!b-rS?ESLKoSJvDQWvk>olv}5t7}p^BqHnSaVDm-9AFsZgqgfDcDkyLnX@bD90@?
zK5wVN2c}MD_ZLlFmBCs@LZ$>-Z4#KykjbG`%8|+y2&ponIuZ`)2geivcZggnNvt}T
zWiPVczqW;DT=8>De3un2IRdJ=Qrz$K^^;TKih&yjV67jY;RXsxc<}9V*W#EuQ7GP4fTw`1X^rsE;rSx
z`M-ETez0a%B|~PFy@Mrtf0#p@l@CBBm^C^u$q!*f+jUsy;LaaNL0QM@+zzoEZwU5>@DU
z)>g8`+H?bwZ-UjJU2>uB4=jcg2#tNlC)gE6C+I5Uv8xO@N7^h@MVA%gH-%S!OJ%ngi&@
z2Sl_aUel+Mw#5)j_DIWTFUIH2kqGRk=1flzY7wx9sp+=quX4MMF@p@0)Gk$X=Ht&8
z2rDuGkh1n;YWdUynkYkfd#~%&R)dco&GcV--K(oBZ{Y>nsJwtL0GBL!H*v_pvgWdG
zcWji%o@L5)hSd60J5|2muP!ey^2tJy2{*rNa^4AaP|Q&_d1;IZA?%X*3xH4aVm>oR
zfkZg=6`R51lvOJ1M+<;swN!BVtyAdglRm5)k|GLf)2Ik)6O8W8zImI@eh
zE5(UtSL;+`2<Uh)=lNCjwCWvf@4v)g`}X;p%f$D7I=Ef)f?%ay%f8tqU}-G0vhTM?
z-4Hfd*?YcS_3E{H5J42WInRB95JzQ{O@VP5^ZqFgq}}@aKa6bokHtrndLo0J48`X#-f1&5Zjhz)1?{
zA-4RS0tAmY@Nzmw1h(KqZCDd7i!|eN1UziY-;@YJ(kplh+>N|Pt@$R!#`!xsr}ogI
z0~&(bn$=oe3n9#WD2eo5+-J+?NhI~cX^e(aZ4z%P*)yU6vTsxohFCJ885RtKAkLGt
zAm~w`)4>t$G%>AI20A2$2jqT6Vm_F@RQXQvi;Jis*
zwi=O9*0w~MlxfpsE!qQiyi3BXsutE}V%d5d0FSoPK1R;BV$E)PM?l!uYZTUMZrEm$
z>4Ul$^amf}^Im1xHt0hq<0I=p(K%o!M1*k*_zC%aFXjNX9t$w;1=^;#cV&)Zn?5mw
zK=AYl(9E%^$bn{gaBLciA?c}Dc5P{*45U70<3SKEACg%u*_J#dM+#ICGdEeMpsCj^
zX!eR%jEL%>DW-&(wUSk6GVQE(fN7*&*NxQcA8VvupVdgcUerhf8^No_N1JHOY@#vU
zggE|@j8VsyWvA-n9Rn877lR5_t5xaNC!GOzu|%wzKiZ(FSM8pQR!@W{X*k@}kTZ&A33uQkn7?ny9j_$wmjb
zw-Dtr;z#BE^7OHU*4%zP_dq#`ZltwNidZc5f6`%}PGmNmMGs>M2G{_;Vn?GrEn3ZEXwsMqx#1>;l4EKD5kJIu@yeBw0Q=*xb
zXWBHNMggB;DyNL{UKSZBAsP5Kft%CW=7kx-D(;ad7)hC^KA&zD;Rg2#T>cF&>vZ|e
z(+mWklCoxif*cHHF5^_o+0o4!g(+gxL2OT%^rJ7I5N+Svjh0c5sha>zv(CTAJ%TWHq3LL%!&Z`NymP;WF_
z%PXt@B%93fD!ys+Od37Xl*+^igDm(%0rBFtM9E^QSFTi#VlLpMkwLzeaUeob>J~|m
z%+|%D@x_HW7vtKEF!H;Sg{tVT1a(jaxg;bk0?Q>76-c}<6rP})AuK5;YSo5X@G0}4
zZ5*ImEyw(^mJuZ$Y)^R3$zrPCYZOcnuEB!=U4YNK5RoEI8C>LX+>`g#HW!Lj9X3liE`2|KT&yYm4~J7(lUuVKWuY{$>+jVv=&6yXvh
zI3oNyynt^uC1l+s>ULGg0BxRP^_0T8l4}asb*bD~z>Px->#;TL5URqJRv>BMc3%RG1h)sG#5`yts(kqf~81MeLVVZEOcZ=?+ldK~YZ5BW2BP#VwicAB+h7
zu0Of=^NKjuT?`Dd}zJ`5`Qx1L4SUhO9l$|>U$%j24
z!LHj0#jV4on?x~2R7LgpO-$8c1SW|;ON+PL?^q{6^cS*Z*;Cg2Yg+}>pEXAx&`Xb$Hh+fiQBl8ZQ&VD0m@lSovXx=ewK7z4
zYukXlKyqE^;WQie<|hU8^0l+kYLJh(i@^+{T5vl?dmVnH3>re6}l$ThrjwS
zLrdd5zETrKE%s>>P*p>^q!!X4Ow&K`Q{xiOcCtN7D{8qsh=SBsj~Z;PM;QHVsylj>aa%3f%394im;>VoqH;ud
z0<1Xrn)110_jOAti+Pa-gO28*eN0hVM}o=WDwMj{sf~>f{`Td5u(m&y^xOXVSZzOU
zpB(NVK41Hk+GzL@i8Dk<7;0m4Eqzb{QAtYt^S+}5rx1FoHWda`wAhJ?vWeWZNX;xs
zvlG=#ks+7{N@~-@O4WE!2u}h%QVIqVhp=+WNM%!Tz4XSzwU5r*r~N=}0I2RLP_pMY
zy(iuo^w|D^dkk_Ob~#DCTlfG@-#aNmS&uW7?FB7(CA2@>cu(fv*6Q^)|Cs+b>?K-8
z$vuR$eMo#lim|Y?OW7DrhDT#EuUbHz{V$08=#D*yu(IFE&
zWG}ub$2hVrc-g|Smqy(ioC?e0!%605rCc*I+ph@XD}wlnAnrYiuL$CE=j}_vhp!0Y
zKZGD6FM#^pISw%x%MI>q%I!j5qGdUI)v>z>ic;1k6iF!QYcI)0`MirsXQdcPk#BBd
z(h0EjHoFP#C1L*>09YH?-*b!;yK#X}wk|9E%DCEzHmh?q86UbfCQ{Os^L8{_#KQ6v
zl%n|L#PNCYJ>s`@zx5vq@}bQVV=>YEHfVP7kKdk_^URgnXb>R9uJBK-{i(LuBHsBF
z%WPUoyVaHUv`LSV={OOFiUd4G;vGx%6>@V@|>kW
zZ~f)vKW|QC3x#q-LSlnnbA>=Gg<)ZjNQC4Y5(5P+?D0ts6tvV=BnS#v$m5elB3R`c
z5=7KR`b4szdZ4}{aZtT(1Wq)di-5XRZy4bd4UT0`A{1lM)0Y1K%c
zNbWUL@`MpnWfSE~q2OyJhcZ&APY^y8`Adt$>Fw@6PaLV!=LhF#!ewy(XfKZB$%vQ4
z7_5Hz5gj#~JGIbmMAg0*c{trT4+%6}0K35p-{f9D7Sk=C(v0$A9G(
z@34(7$C;Aq+m(LX#Q{PTU?6frFAA}$C~$z!=?wSd5zfXxk8wn|WO5fYn}0m|+oRw8
zTCMiSqa{T5xFGq@8@bQ1>H*bz;&xZrXgrJheL%i1Fkt(23g~%bFdU~_gEZ+@JJ$fF
zR=w}W-8%|jqQ;mrz}7e7peUGl7eO*9%#{80(Q)$VGJ%3EoQC6DsN(WgSAmyO#kQ&fo?#XA5!Z14
zkMxrKr`v7(pR`-JrRGdjQ%q8gb^`l5FP7k+@BOfQa{B7jJ2}`tSvrMZQ$Fz&Fq`*R
zKUO=8!{N8DmJp8Wbbq2*>ks-Bm0LqwVUTgH;K!}0?h&V?C`=uoowG#3i5~Pv3oDdP
zwmS%!H*(|)7`CT^L?Y)4!yrLzrHDiS+2arcM4SxL>$pGfZ4B{tE5z{l<55&ihvyOy
zXcgvZh$m`UsKyG`Y>yf5i##T0(}z~npTO5qf0i-o5739fa;rG%5737-3iwk)%FvGW
z<72F!T4AgojP%n`AXui`Kw}AZ#4E7fH*pGBeMzC05+1gWr-bqOV2C)$3(UjfVn~b@
zvg*@`3T-#xZx^lkOtKSNNoGyy$NRqP_&8J8c5Mk2_XFM+(gAp6H!p=*e1&B{Yi$kf
zU-Rqvv_GuXHO6YfwQb?r)?L~k)>+g3u()H~FAnWrYkr*ecTW|ndk#XhZ=BOu*fSNkVugb4+WV0YFg~_IfY>JECgfess?nD?MOdk-n`1gn
zS1v{$4i%cEhb+$23B%_`y>fVf`{|XfPV!kkI^7fdK0MEGx8wtf=X>(NVf&aiTJ{%uxzs?FhR2=z0pWEiLBRTkZ>~?J(t6dB=OZ({?+}g=%`{r$4B4c)r
zGy7uD<{ykgUq5D^BJ9Pg87V`En
zc5{fX49`!Op6@QbI9S>}TsnTWbo^}TgN*6fVuYtS?vg
z8Y||@Z!$$>Gkw5qxQp&GIGN%~qx{`D>a;O}N9p4I?X_&kLi9%MO|#i*EibREtggOY
zd%L#2zOnJ-$>!$X-t*@#UhMCG_ucp3zkGRcaCmrhbbS2xzn`3(o}Qh(diBE(KmPdo
z^)J7MwTs)!_gBHMKV5&@{YP)Bzx)2#XlLBG*`7STt^bQS-C{(Y@7f%Er-guTXXYFD
ztPl+!acb6qbSzxtV%)dnDdzy=>+|RmuXkNs{7G^)GRiW>SAvT7v}EnT2-bcuhE_k?
zW>&9_NR3fA$+JQuKRY+lv$lLlGL{ZKCmBnmpgl-ZTIPt+8$`x+!0+-+e4u?sP*^soZ3$4l1is^No|kllG+~2
zht&EFJ*T!ObV+UB(j~Qhr-gwMJEK9Z|3;5BQF75>ks@7E+i%~}HGTO{`I4G{`!l_u
z*5A=3wf+lTQtQ7fis_9|R8;mvOB_$Nyzxv+8(+B;lk49pl+tr8T-=|c6P$q1vDEDb
zYAuWmeLrKh|H8<>S^}V~=3S>SDrolPuCGVzdZB{PIia6Ns-F5I-0Uhwq;yNtzl^e|PuWZ@>Tk;lm$)
z{Oe!$b;D%k?@a(PES9?<~
z>OcSUPcfj!_hCQ@>mB{W!g@#BAEWH^*i!s_nlb%2TMFN4cGNJV*P@ZBx!&|SDjXZ?
zP6aBx4-n33aiBD=3By_dtRHd#?nhNP0%aov+ZqC|{<(PTmd}5#$G_u$h|JWm-Ky7W
zm=k3U=Bzik0bn}6_Wi*VosD@ME?xJ+VKr^8&97^AbPEzUHxeoeuP^lJz0{}oN(+@@eRhA3c4p+{NPt*E{#W+;Zo
z7XnK4nzFZI4&2ezAPJEHCkNaGzgAb7=*otmdQ3??`#@*`-Nf$e!?5$0#WE>w$ij()
z@%#yvy_#I7;Qm
z#r~?Qs<7{^)NX@@RDf1|9c?C!r!7G<1@upHsR2wC1eCBus6+
z7YAZS@gV2gWYf~;ul9K|NOKlKT>z643`H&xGiWiP4`>QX(i9-6>(!<*I9tFpt~g?Z
zyf}Y4=O-!E+8FD)hdZG&550v_DhGF}2S%x=BJ^Ja?2vTDv{lV5$(Y34%ogBq@=)0p
z=kW*)P*p;zs`qp}vV=>+B<{hGc={90Sb2f5l0g={B-lv$zEQJB1h9oLUW7$pLZHMA6yqq?N6yoFxV85R3N)XYX4
zATZ>v5OPma@n|N^E%|D56lB19ll+N8vv9~(NdUkMp@((jmLxP5aNX!6
zoE@AZ`dX35=vb2VW7w;@K&nHMRV8IKnV%^wH@2^sWEU%x6|%toOaWHR*4);R=KI~B
zPS=?A27uZZ<4$D=!?AWbL+~(!#>d^v87uR#WTR1KLOvN-D2nEqA_qe!E6@cD=|Y;~
zb4<`nVOuzyyAt}+8Q{rri#q`=3_vG|n
zzg18hgDV5@x}!jwU6mydKuI+Z!DkTrf?z`xJ-Uo}%VB@eNrMeRlkeoIqulCjp{;SU
zWPg!0Rza3&63p~gJtaBe<+DZyDH1ScXW7m>Y^C}U5xV;cGf9@
zdAZ;u%ooPFp2wInCY+t=vd%7u#vMIM3l`nNJ{?gW7Yck$2$dqMt^httM}r>I3Sz;I
z1O%Q5%CqiW#u!a}6!)TPcK<>(`h0O4ID46HkZJumWogqnC9?rkHHbN0&mO^bGSSAk
zL1-_-D}}|*2}2^-Lc(f^^DbJ)Psj%qF#^7isST>E0vr)mkny=lqHc797)2=@%n4f1
zTLJ*t_VMn*GHoDHivVRM!B#l1cX~yT0mEIb$ts^dKk;i`#XE&I+9R4%5AP+pSk3Dp
zBtJcpqJE~RZ;JX-bYF@FnWBLy8h9Acwpy)v3j}cFi{;E0%jSz^`T~!corsbGVRVv^
zBHF9q?INZ_lMf7|2wUQBuqP~!79@NI9P(X9-WX+w+Rh#DrjoZFDs;%xs*wG719jDe
zs<{L-i^0WjM+BKw$z{k?_JC8=b)1MSKg80)xUksOEfpnJ$t#a*_;2f*%SPA?8d3Gjz277^e@tgyYBA
ze7u);{aYjy+i{-7=2_zyE?R9>qsIE2%e^Es#tx(Pa
z`b?1;)Gw7yq>of6%x72U7r=lu7!O(PI8+?2a4;h|j!~Krmo#E+<(Z2-lo1n&L{Qm}
zBU!H3YEYC@L6BDo0)e>i6z~oRW5CjtPJv>foG+M?g0}1c0|#O#z6z4TxJhBUFJM2w
z4pwO!N|dspGvNJ8jREdK-EEarzon%=?Tu5Sf0n-wVj%D3(e|_b!{^@d$S$wu%o?#36YjS#`(vrM{e6b$*6kl7|
z3wli%n-MEB)+w7BMoz?~kk~(k4k-(YlhQZS_lSr`@&+2TM_pql7bcfPDtbTeAML!P
zSrIoc+;h5ykt~i(0EQS>S*>EuO*Eny{g}CmSuWWqrUr~MB^$<}PpPYa?q>3+Z9FRIg8yd`nk
z*<*9uMnZ9P(FsSPhilBwFkLUvxm}?t=skV+JAQZtK;uuv^i
zL&S@9@pQeY>JdEg*QGR^q6PB~J5-jfy+}oHRu(25559n|cpE^K;l(%KEPB*M255Mk
zpj6p_p7LL@LaIX@!9Q@AoLdCYCN9;Qm=bM}jD2%ygJkLOm$D@+afX0R!_QEvZ+2;B
za^UVUo8Vl;NzY{bgI&gXzZ4==dBYVduSmL*2XoSq4?tMm4%;7wZMv(U`ybKlRjX)uX81Gg=1!V`_%l$MmB`Ca?c4?P!iVbVdNB9EF9Yu5b);
zY+WWg!evcjGm1-iUGtY|4$=JM>F#rQcgXn%cD4_d`fum>Cwz_yjh&M-e2PXe&(Kir
z5G`?@p;g==TlqjSyukvyM=zBka*v*p2JywqW4uJWofk(3Se8b4y-(GlE#u2QY~v7y
zd3|v7174zb^zb!3MGec*@tJ5d;k)A#DuUJ>C(n+QM)PE!N~871$?;32Cq3Q9vPVbs
z;VbUbskT!(Jh!ztA*vydCXT@p>TS9Mr5|l~X}^*AWv`?3HUJ;6E>zsK6a4U~FAASe
z%UC1ZUJbb9$S~B6iC`CInwIiPf#G?*VNDvngv~Talaq+
z@>RiysBjX+Iq#z002NJ#*q>g4C;BihTc*p`ed_rkwmlfqjNj0AgCUJ5an#8}p3mRt
zlIq3YCmmW5G61|zB0Q@{xRS{QF3%y(6f2i;R+Ax3ADT5KDb>dPOhc^i2u-chE_De&
z%=MTDo{Ii@cQ@DX(D)kW>(I1*xG1g^y9%-V^>h?n05m=w0l(1&6p0Z|>CqOl4VAER
zIZnvK+RmiCT(;cX3HYBr-+ydHh)2|h=AJ+?@EhiP08LL)Z*LXNEDc$Vfg7kIK?WA9
zrGomA=EU=Uj6{7$NGVR@v_kQ?F_483NU^vIg<4qKAc-$YuQM7rwK1O4btp`S0ezP+
zey=fCMPE1-Y1B57wc~fNG!O;bz}UyAF{f#XQSv1LRDm$KoupTo*F1%;kco1blKu{5
zZ#|6bfIOX>D_7E8lSG8$=u1QgJ=YYz8WoB{Uz5;^g!K|MpJYuHrHDZ;mGhmkxhvaU
zA?t6LMOqP#-DP=>N|(7()f}AO(%Uz+W$f{sJ|iE@iR(wB5Bn$krz&9>
z9F0beC0$O+0^IEs0+S@Oiy7yHEK$~|IYe1e=*qy2X|TF*dQ;Dot6K|rpvNs(=-!eME0!@9oc+Kk;EzAUGwEF+u8ZSdqv&A
zhkR4#oBDfWBm=jN_u7=WR%^ajln&fbC)k|0R$G>@R``}?fX#|)wbl0pMsI$7^}S{H
z<~OOaq1@EoYjWjHz?G=z1Uv&0+kmDV+t>7k3U+_&*L(_h->Kf=#!lbvqD?i>8nXf*
zSi$c)f~zY_{!-9b
z`hMsrPLEJ2$*4Jg3Pg
z=u)THG!6RAacY)1Ak38$5ku;&_ogFKOvR({*8@8uML~`;d)Fuv^lbX%Y&1K`C?@$U
zEyW2<^zqKp{_8SX6d>6awn-q&0*v&rl4R61HTyKa^qzLdsKe9h51_kGViZH69{ivU
z6%Bwegw613=jqbU>4DHGYr~P`I3BmxEG4os%G6>PMdMPpSiGI|qC_%}B;!aMZ=nM;
zN*OQ07!{nH*#ldJO}n_xGE0n>&++ZGo2A%mnJy5q4Bb=-nXP=EwoU&$%gfQa%b{vz
zrjK_#Og7fON|5dq*-x3~89T9k_>)OUx=v}Tv7$k*H|}d)%rIR+O-B@+#o=y6F;gG=J|}QB|k`>7kZ-oX7wR+Qut)^piU?5AxGi+ZuO#^J-L2>O5#}H37G2u
z_$M+m3t=d7Dqk8D`tGGB?hcgfiX8A%e}2-!BsPy``s*LIAw6l7vuS+Twfpafui2{`
zF1$vyrrgjG2_QO%x{p&MuW+!EKDX%Lyb<=cC?8~xCp_Lnz`v2mEnwD@O^ND<`vr5!
zC}DxC#^yX!Ni0@{aJI>+g7`vsn*fuofiYmg%gcy_Afe>J5HzLis&pgD9JNid7;RmJ
zd0j9qyB7Sg7QqTLs1mbB7kC!$7HU>i{;}#l2
zj#4Y{oN@J%iS}M#O0LA)=nb#vYU_Rfmi@fyH4M4L5tjgV%Bf!SFr)Glai)8_yTK8U
zM!4N61`%8>a8w|;`W>%YQm(wYI0va?U?l9_i{>)ed
zbQUcz@)JkY4=AEOMVFFm4N@%r`Yy1%F)kE%*%QpFK#PGaR#XrECNc_)T`P1SsVM5p
z%Wvz=7OEpqNrAUAC)Ya%&(wourMaNu_@1>Fd`n~lX)gF4Ya?cwZfm~MU(l`ZGqe3#
zf4;1g8g#o{Q;H3~<>JJRb6@a1DmdshN>!LS=a<|SQgv|S*q4J-HPBi^X+Nm=GR-XO
zK)AI)argYbNw+_!+POHXMtCgv{$%%5ece#n5-#52;>T*}%XOtU;m#~8VFBOPjVgs6
z)R&byh2PhdDurstT)!+-z}uQpsPMehl~RRoeWh68Z<|~k)hpc9rc$wRQ*=wdxb(Wd
zY@s8rp`lR{-8X%WmiT?k^335UzLsO~7gz&rWuEGW*3IzLHbg(ecQu9G_}iM|bm?ut
zqbJP`S5^~o2;I>JBxaay{lIX;Tw6=A!+g7379V#mUYFtx^`KD}$9KMMmc{v(rOJn$
zrLKCqEYnz5eO;z$tS_r2=f13{TUpcks(Mft8i)Hz)6}S`m(rJpuO3ie8iBf{zBJUV
zs(ESXd8K)2G}SHjrO{Hi(wBzntIyS`zVe1p1Er&Op+;GgVXGw}5OJZ_gHFMPS`MF@
zRcE3uCytbg4Ag6yxZ?vz_b5l@^4!hXI*~YMu{n`-rGR7*;Tt6+*Y7JuB;Vpd0L827
zn_8mBl?O^g$&(N$EhT@vY&4bppe_dy#K?WED`h8t9Vmq-*B%(9C%^ZV;*}--#p+
z@M2ypGj^A1Bg{xnN|U8c|B7$u&E_(xDtfFn(Jwpv5~Zt4o2&fnLJH8Mu6%VNwREY-
zm~L8Je$200BtnkcJ-Q3JJT?0MYI?L2HCl1#n=9Sk3`1S6$J1CkFajoL8bzl`87sU~
z;4s+xLgzV0jWOETq4^e6L(U6i25PA$Et}+!C9o!W9Ew(0S)HPxH|E$Zk!^Np%e;*7
z-qCn892;w~5xmC~!|90RaVGW|Yw0+88FFr^WBX1y&Bbt3{2!92J-F=v7$4)7dt8+bh+X|~k0~^qiW|STJ=}6uPV-@V5h}{t1Mg`Z_S;vnw{gxF
zTf=q*dJ_dz{9PUQ<6&HlN5Jp;iZ5G1zAQ?UHIfB#v=5x54QOtYSV-oDH%+qANtobD
zrR1ZqaQ19X^zA>=whkEdg0u0*$t`xNkEX?>LqB0x~wTGmBycSNm#m;m*D1%;g_cAvJ&~
z?G7-Da{8$W2mMt$kkusZQb`l9B)qt|y!`do>+5c}*X#EwTFHBgRx%ooZ*C@&+gm$Y
z37QyvUc3?veQyh8r!DeS{CPhx%HdDSdZ-kU_cq%5c;>^08_mtx*$++ld_P!+5&Zc;
zC!LhuB%c;W|1E{IvP0=p5dBS7=HNFMT<^E7E7A{rO0X1)j-tD=m5qX+-?+h2I1=Go
z2>~`ESc*~sZYnLHXr3f`%6fwh6H(;1@Dz|Ub4g;D*jF4s$F?F~pJQ8zg<`6B{N2Nm
z=I?h8G0N30n-5MD-@bczt9bU^LzMW4?ws(dQk{1c=S^X=#P0C$H^pFc{47zVbL24B
ze2`*Q*-CUW9wcixHXb|-ndKw^TtK70^FfMG#pZ(;PfVCu4z^VwRV8+HcACm##j;Y&
zFe{Xd;yxwF*X+15R#X|{6v>`&NYBZj@V(+M*=COes~u4UG779F=6M`gjpJKTV6~$g
zCF|udH56EltS&jQ+R?4y9@%V<1FMk{AO}_>TSy74#<>qTvYJYLz@gP7^8x89IokmT
zS8M9b2OJ%TqpPW83mjgJ(;aYpHBNWH0oFL(0Y_N#Yw8p32=|1etf}0dcB;<0$RnxZVOe)b*g1i7%o-6dMDP;$BOgP|ch0BHJGiCX;7C6o6_|cV*xPA)
z05-qokZTtM0T>`J>>_4qTqd2*eHp;*ORbNFo)0yoJmdrpq0P)NCkuX`LMvaW?C<7
zMTMFxjR=3k8u{x%BOy%Qr9-?fi2DUIU1S7^1SDQ4yAzuiu~ZtY!yp2cDNj>HW#m?Z
zwEJ{D7LO}NHtO?UrVqsH<}$f&6qEZ;#pJ%RnA|rGll#VHa^E;i?i*rq-`Gs<8)9
zu0UI86SosnRG2}+sRt<@2Dyo12C>MiSL;5qP1|FP4)i$nfD#-5$rz6+P)oGtz1d4*
z&Z*G!g4$ZJy5`p?EaE@e$a+sqVT{Q#RDeb(F*1(8t|ZWVjBU~p_hUA4R;AOs{wTba
zn2+eB-$@4K-5g5Xq+uG3JA=xLV>OtnH;KH?fFdNIzdafHhIk8eC4S0luhTUoYA>s*
z+7uZ3k+&AZbLv1yUWFBy?r4bNInWmlHW71}7bENX>11V$8O_itouUFjP3NLbB@Cw=^*V9d
z9;c~x7A;N(0&Le{Qq^p=;j9$O~
zKwIu+6xdd83(t0UydTbjz?cJP)t{7`O{HbK89k_LzVe%I-j?5%E0t=sR#QCY)m0pS
zoX@;(Jj_C_Qj)1TOy%cslRv-s!o1{cK5_=v_zC$CEaT%@rpHsUFF$6BoMqpTWApDr
z2)N1A7=|BN{K}DK1#)C@D@QpQ)Odo0R1P$yEVdvjt3BI;2zA`l#IacU3NgHF(ZVY>
zDO{YHj43zzq#!YwaRq^7GRyJ{_ZA?on-uhB4{O5M8PsL3K}x<6gS40!s|6miCe;LZAg8
zDX1ASnTAb@3RxJoP3GReqQEwW*NY-JMf|DICc@+)dM6V^tL!S{LV}toD#QE>sL(*w
zQlrj>m8E7)vh7MW>)uMu<2Z3C!Oo!hp%b;GpW0%P$(^9dAB(JR+G0zro`INaCQQcp
zFPKbVunc9Wjg=W~tQ5Dg;p@^oKV_=DL50F`MpWJC}Zwq1{+at;_GrAiNa6BZ6_bT4m
zvpE_V$iyKSr(K7kTB=j3nB)l=2~j5ex(S3sea
z%`fnMmPvTH(X4IWE5C9sYw+pG&~!KMt!T2G6!~Kz`K9YZ^*`LGZ(5W;-vUq2SHvT0
zOlI)|)4{7(WY(@jsuqQtq0S$2u9J#b7T#K!(57vRECD9_yGmG%nNBifdrPK(iE~~cB(@8rtNApz
z-hA36L@K?v9Ca!cv4pR0ksQ*Wl2&FT+l%z_ULs2FTcMcJCF<=E;Oav~+Vj1gyI5r!
z7AJ=3nDzpEDiZ~MCijFtel2L+F1J<|i?9N=#dR|D7y9b9wQ{W?wk!USK$avcQLcZX
z*IM~r1sCS1kK>Dwf*uhpKLyTis2$3_3x`o3rDVM@xu)o2?0R?*_W^l?-a&Xh0N}jQ
zTp{og;^)x%zGX{gGkToQ|f^hd0H
zVNDKB2q9aZkB!mI)^Kn>VAFaGJnm-ke0I2f^2|Ge0qw;}ZzB1+*r24{#c&ER5;AE(
z=PrzaK!Iu{cmsRtkNarjkX~WXUo3Sw7<44u9lAbTgh_RAZg7G15>%h$@f)=qfFIQB
z%jofh-JgQpsxtG61W!vp1Qj_>jlT&l0MvZ+$#ifac(^j1&wyu7yMFV8UEA|>Z4dj}9p|+at7*`VHwPl!!D|KF@%l$C-NCzC
z0r7aPfIMC+Fpt;oMY@C634guHcS8~4!1a;{ap3Y>C#5_h0o+`oEkj6$pK6hc+%Wu<
z8v|Xu`3a>$oHzU$kXlUPqMIhm$x{wH+l$-Dpn`GEdzjLIyla38#IULuZBIM^F(70=
z(ox+p+~vh6N|ZMoaksED!kBql(yJY^bL15c$lw}#_pOo%
z`2!$JX%Tw&Y2tzROG5ewfi#bCN^ar~!`eo*0S%YcT;q%(c*1LR(mvik*$IS-QabKeVw9@^rB23zmWx+-KDddh@*L1n5+R*W#J=4y+9@eZE9T!MdqAPxrSaW{I7ImRW<
zulJI<90~JtJZN9jNXmRg;atmteSW_hwtMj~EdxdbMDz!I1GQ5$7R{32-qt%g?hEr#
z<|vsM4yJo&^DLZ~600E;pF~D^88jzzJO-Qz_K7??8;;mBlBP{L17B-b$^NkI&SowL
z;%BD$Q;gd(S_f2z&f+HiyVVSAoK^>pc`EW8TB~Wb!^iS)6$U_YtjvCKF;reAt|HsA
zkL2MJ_GGvG|OH&
zgTSLJE+*=RV~WASB?_C62Ikt_5&9cC%_az2ZM-X{-WbCuagS*&XFw8
zi#lD$j#Ah+4BF9-s2UnpeBpeQdK{KO=9Hbgfp>&i!jhO!H`O^o-XGBNg@0p$re-AxCm$|gZ=R79=+_o9Fo6B4A~+%A))$z6K>b0=oI|+zL@?~Vw<_SpYMmyorI7d$LGb^
z{7Yqv&d2Au*xbaLD#GWpvH8C%QE?tNzhB<%UaS86Qw=?We|cN0H84^_?E;I7(IakCltm^xWga-
zzo9SWzm$tUvQ7fF^e8Gl9!G^-tqd5W+rkmy+sv?X+^-PqY|*LQ!u8y8!w2D-Y{^P&
zWkau-u1ZhqHPtz|n(9}*mN(NzxRz6$44f(~7_F)`XS8`$ll>!JHtMQsxSFc9Q7`T*
zY8R*a3Lo@Lg#~?8wHEf(ty=fB$@AJ(4K#CRw>e{Wn|ZU_RI}T4wpFueqMIL^=w|*z
zxAdlH<#f9>quZ^#ZnvyW(JJa|>tlUw<@YscCLf0Fdh&rHCBa{Le?5p-D#=tklO=xP
zweJ$3S>tvN=m`9#0v!Q>j-cMS!f*uwHG*368e;%-F=RmxJ?#4!S>gTL+6cYa$LP9#
zgFfmLbX&j0APjdHP~bNVBk(VdM34_N5|}0&0{oG|@LX9V!gn7XlDB}L6+w?r0T`y2
ziQa-d!?3leKlka4(#RKXJgagTpI!a^hHLNh;zq3P&0}bN!Wdf9V`$}$p{2*r`lKCq~hk-!wL@W>R_zdynyvJ}J2?p^uES
z55X9NaNJ<%jR~HPTRa_jP69k9^?#|zD|zRn>&p!D@N(xjJGj|r;)`I^uCKSTOh4?)
z`%nKp&WY24IVty_gL@qmtXgko8A*#;xmOz>Jt=w=Ei;PNr;OrWM@2@#Qla`vONsqa
z6n%86Vzi|!95_=!)tu1s@|7b_@fP+eaQHRGbw@TCIrm{V#2jt$2$O?RWI@aZvx{y!Ws({O#C!Nyt9{tUaL!xYz$u?g0fZ_AeLh4a`LK1`Lj
zq8;;NR5zx&66+!EHV&pbR2eyON5Yz#eP-+bM3sb+!UfDq+?7DHn3894F1yX}%9CxP
zs-4;=tWUFdL^d@06Ti7<$tlE8Nu&TzR`%RDkBW<*N)z+3T=p~Ej*CRqY*WwD^a3`Q
zwXtfko}BQUKbxL&fC96p9N<(?t>G_Uq*$CYR+pAE(J5!J6!)cC81P*5rt^=
zfkMS@tTGf+OyZ|Ir-8Q+RWGY1U}y!?d#99W6RKIn1QclWfP%KLOIq9{(gArp9tmAN
zD{TcSdr`|cMv)+^f<=r>NgcLP)Y{jhG1|p$m&LFoJSCajMKp;LWll-DQK)-C+My>l|9;MBn0%IgqpE8QdxPOW_r&vm@`@VRK
zA{tVCsPqS%=zeZ4^XP+g3p!}f-N2L5`H`=66+NfI-UoAuEW>oo_}Il2O7}T4pOyn3
zY-m4Qh?%dT%*n*?r`406BZ?G=HCwt^1i|j91T27H@U@0vvmuz$woTjfP4C&y+Nk2c
z%pjd@`=$fjdPjg!kfvel;pu&)lHiD2X(|zny++lqqP2Ei?Ztu47HA#A{DUIM4E|N@
zb23!}11T(GMN%^1&9e=_JpmG@HnRQjlh>L9_!kM
z0D#n^{F$KFwFoV=LQmLn@byHK+1lm@YjvF4yXYAUt#{?%g3aki7|zxU;^co
zdNXPUVlmG_+ZYPWOrrM%Osw6Iv38JH@)49{Waz|C4HK)Pz=}U(ZXDQxlWdV94kcn8
z<89|O>dmjDw(VtB50gP~4kBfC%Iar)tDJID6Xlw2}-SV9>@s}Za&?d}|GR~joo1WBfJZog0JP9&E&KtE?D
zj=N&!xqI7=h9k^I#fiaDq0DaL%EbbwBD1TN^Ei<4$
z-w&^<5jsY|&gUS|(2X3?2DY7yf9&}hMmw(vd!KlqVrEZA8MlHYp!G0^2AK^b=_pBdfoSQfToF-%1{fxfLCRtDak?Vg8aU|<9q&#ZJJT7$6hcL`E1-
zg6hT1txY&^EPa?B@&TdK8QKf9n^3)7^B6^P>g1f&l0b!aj)+Y^6T|ri@@-R
zYod}nC*I3FfwJTn6{hJJCKxLV2|TC@eC_$AW}xcrUr0CbjW9FCuiE-*)OLJ%dy%*PXD34b1raf&Hv9_^TTMAjlWg+0y*v)~7{
z+P7E(p2fu~^MAA=+-^!c7rw>zk@pP8qd}!lsTJo3eGDXeq2I+L>JM&W&PfkI!J|kO
z5^6$n@eGj-hMkc_utSpw&6ZNd{L&%9;arZPM;O;*U#y6dLI1Lg)}$ES5^bG0MG5o`
zn3SbkZ23GA$2-6mB(RfQOf(e1n5G-N6~{=IZX{`-!bo0h+LnlKUdUZ>QfjQ7_pfD!O~b*t8xIGVlpYR^EJCW|lSV3)
zHS8sEl$8@75q6;i-cBe-571zDG0s!f`w3PBkv@eqou^jjvDM3n_Igk9*vn)v#Knl0
zk&R7g%L!yym=6gN|Z5hCZj#wG?sO3g^7N#1BOu;2z|5nA(hxC%_z%(Q|PQuTl{
zeOg8MWH8x50uKZ)Y=dnrC(j_w4`Smk7sHGzrgF@)fo)24^E3&n9AH$d(XtH%X@C@@
zriWo%z4_g=?Y;4SN7V2K)BrmdBeJAr%5*)z>AKX8D=H0q%56+{r?@F@=*Zi^hBmE+
z++nF%Lb0^A6(1%s;PDu7PfB5HV{HM3#EigVy
z9T~OV4w*8=&#^W;@klyG)3+4ixd@X0GF#&&Y=%x@o04~xGmRt!`z5ou727n`{zTa>
z_QDPkB9udiQNIa9M2-%s&D3&vaGIvwB85hj^J@QMx)g8H5DsUzt3G7>iMW@#Ds*dq
zs*~;(j&WbiTk|<@l6To(+QS!o!K0-0qB=>4iPIHz1wz@ui;)V)G+=7US)}Kzo4aZp
z2|0hU5_`s+47Fib;cUug6y3)61T?s5$G5=0qH{Fo^(%`xX7`TcASFC&VJcf<{tzZI
ziQC@yR2*hbfoHZp4S~@dQ|KwAL!>NDu1bzeQ!A0CJh!rG2v-Q-)Q1Ydp(u44#5twz
z3*ls-#V~F*gtOaJ=g6LiAJh3KVUid!
z7rssba!G7-yytrr_}!q-%+{yQ=#kB+M9x(fkaAxbWY|E|ULA%r*?8kjBc<7@cw@xV
zGr$0cH@|zbB^W_c_NKFLGN
z+r(U&PRtb@PXU2B@O3nBQde^T0_tNri5Z~jabjGyoYQ2sVYUZaRl)5$2OR|van$Xk
z218&KQ*+ps6w%bPF984T@ni`Yg8tL{V0zYgZY0g3H9NTkM$rav!8T164mLFI0cPM(
zSwDhpogz5qFmREx2ayRlq}@C(?tTQo3Q$XyB;dVLOaWL+nS+4l9()!GdI4bjaZ0Rh
zc$olyVzJsa2V|(6WpU!2#}pw^qlwXA$O04rx+MINiU`h;%|1#TR45%ma8iJjeIc+#
zD2>3fM5bt@f`J4nzxnf{m(OhJH9#l!h!D<3z&T~xo>zjfdFsxhN_-B?60C{c+bC^^
z!$?Cd%2S}ztEX9*^1Vr~>n*TEZvG)GcNB_~%kJq8f^dZ(RKw84MB0@NmJ;fWQKD34
zHw5lIYzn4LWjHv4xEi)p)0C_Le>Mv!bt7^;N}lyD`yC
z-s-D6ebuwOu?h{XQj>n|-Ss+M)!8o<48zbH1SYO@ftFGOR
zCN$Zk##?aJqN`=NTBfTNxLUEg;p-*?eO1?2UZxxGb(4v{O8F`xVnlZ%ghlzD7Udik
z<$GF`5EkWoSQPx~z^R#kYNko}SJhXUZqU!eqoGy!;ZZ-YFiiM$+n1^TzCjBBPp}&_
zL(u1UTQnQ&OGYw^vM@ITjvR#I6#_*TKPKVO+fL{UddZ)B
zuW&HtVl19_8Y%98*r`PliZDYteWe6>^BVeCC-Pq4a(l0j4wqgZ?d|Cm=XazYg=ejr_u{vr3fv#H{`Nb+
z(k!lEyPw8OBoe7r=#Ta8DRMK%(1jhqZB;0+Opo#_vim?npxk#-V5P7kz_x8bz1P{z
zkME9w0w3L({gVB5Y8Iy7scqx_9I$8L(}+&G+paWv8ue4!s-4dC_wL{_ZM!dbZ&2($
zm(9t3x_ef6bu1~zZ2<`aLg9Rw1qWz`DW`FY-yIx1+bwOsIy-u&cF?<{!_wjIk1zKR
zci+KnX{GjV=ji3DgTqt!=Esxm<9FL9N3RZ_K{?O+?$yEZyVISMqn9tSFxoQ^v*~n(
z6_>;oVPCit94`@u5)%O>-nTkKISF-*XnUQqN{h@I`wl%m**)IfKEv)leR;I={kxr4
zC#OdzrGxF0=lh56p6+s&aL!I&?C+iJK6_Vxhtu||Pr5a&4G2Bul!~@x6#(^0(Dp38
zj7KnSmI4##-XG3djT#ydkihPSSrgW;_0e||iFe_~!z3XE-(MD4z|R6Fm|_Soa;YsqtkF#;j7P%kh7g>E09`
zSygbVoVOgHD06UN{!Xn)L!+3%2+l&4qJiPqlzv~d_biR=4$e{8@2rHHT&O@M7q0Rr
zm)p44{N~Mto(U7jn!+sy9B$bjebD&W@DEThDVyyVdi7X4NTe!K4O084fkKT4zeKVY
zO9yigY}bVa44;OND}6X{izv?2)>bCW2|8e1DsKahmqNx>=#oWW>(fTYu9Sm>B3YRX
z8Ol!F*nHb565Qkj+2b8pkTF2ej?mnVh39iX&4f}ABB(P{7s$M!)!2Cw#{EhMMZaWH
z-Rt3SQD!Z=l3@~!NG(Nb1fJiDF)V$I%8oGZvbJRuC0L#&>gOX8ss4N@qF|awU~JH8
z#5=v~4M*sV#`1W8Y-p&Y6yu^L2>SzMcDe#sczr0Iod^5+MsyUit-Gj2Psmb`b|~I=
zBhO3wg9%{EYqsPYg^8tQ^cKWBdQIjwpp;av}<@*BYIY^6X7Tvta|cS$-<*%bA=F;o%+Wal|&
zw)_X)RDclR##OTC?wGqlY?Xr+ye
zNVAiWLB9@(1T_TB5A@rxq)z^7n*qXft;fUDh26!syKmnLSkF*NXRPBOBTCYx(0Z1c
zL+wc#-&g&ZtOZBpV)bK8F`VLlRXEbR|ED-on<1_H>Ri`-m+4fwi$2O}=Cg}SS$=WJ
zWf<3a!f=w7?#DA)u9o6eqnW^^nOxw~rsYASOIwWJlEeAoU9RVhMjez{4)6q`j;xh^
zHgS)!v!7ztEUs*t6;oMykQtlykg*x8C7Z)qQUSOP-!Y4^QpF8#B~R{`xhN<9ja2a|
zoX=90^`Sm6eFubNg|&tZlTl5G)}R0g5aOZTHgG*lov3SUzfo3%M`izU53od6)WjQz
z;mEfH{*W~8JZxW2NQ)^5Kr305r@|bEu$F+c+JC_@hbyz%Qh6sbj$qVJW{f&7`u^h^
zw3tP4l%@=rM3sT|?$W4xL7~K`N>;^>`I6}?pM140eDBGO)tsYdk=HtI#6cbm<2b#xI;Mwy0ej6#Wp7oftwm3JPC|bG
zWsZ3gBD;|yxh+LAsg_0GI{)lwo>ixYp5OCpCLcOl*L36dNTFe+YNeRs9dBXxbZ1ck
zMCvjU1Cd;_Bo=K`y0A`tq|rogi~Hwz&#zQae~O#MG!Ely@M2(s7kg8FK!
zb(5<@kxSXotVFEkOZTRs?a^7kD^julgotl;7P&z4E}xuB?h_p64Jh|(n~pQ2Mc+E%
zSBqtOxqy8}-m$4XZO(jY$&hwU=+^tyrcaOYou(pk*&9arw?cqja^CKzUW~FfZ6T-n(
zu3XUaGPOm7S}wS|Pm-vFX*ny`Z+hel20zeBS<@4IobDu2X
zP{GZx4dHQ{Y+BK4jN+351f(GA7_piAu_
zcesdua-vM2hd&`^wNivE(i+;bVFZr=AK!|Ic!q|AVp!`IF$m^NF!9m!n;IbV`QB9Y
zrnkrE|4+HLXB8+WnLLNSl$4nq{8Dme`kYz5$v2#Fv!%Ww09@y!n?6C{I_IPJ2?W>c
z4tS?bKGbf#@vkCi-_p=t!S@wuZN-B2s}{6p6ys-8pJY*;K`?<#U!|D(?m650tnPVY^8xOipPB*T+jV*$4Aq=
z6WXwXcIPGcRC=gFNPeG$o(z~LLP1W1v={pE6J%@*O$E%K$0$yvOQ~2r!b<~xmjYJP
ztdK3dOP&5#LFAxbHz3)`UW0cpB*lvhm9zO~6j;t?x3S=IHo1)k%msOE1T^PlwwaaJ
zMxb*+W}D(%HUgp5%h&nYZ6f)g5K3bX7Xzm0PQz)O%tAnI=g0Xdq_#5VWb)A3jxo0AsX|*?|3lfOSr7Wn8cMS!cIh&3Jx$&;WcbqrJg4}o)
zs4qEpP6m22?8fIsz+1?3TsIBB@n%I4=y;>yH}<9`E%xO^Xc&$!=`(vtuXRQv>8T|4
z(Qq73m!PF1Zb}a-5>M$
zHlQ4PY`6egO9jgDyE=X6LUVZDn^x8Hj#O|Q+ptJ->0zoG(ZC#+meVtn&I{K=Zva_kV=9Wvp;iraz
zE27^t=C4SsExsXxhCob23MWY{7`&|6$j4acjM0M5L}d~%V@8lkg37VJcQ%eNx(DXG
z3TkT&e+{;~zq+!5;ru8n~{6uU~)igu$O_a6hkWwJh}
z;t6sm{^;y!C#t{+J6iDWHz~%{(Glao%K>#eWMgdf>p%w`DCBQim7*W2R114G*wn@Z
zigF{ySxN^c^h5&y9GNP7B3#B)nq)njFOasj+VW8&3gtEu_V4(*e0zS&)7!N-YjpV
z?M)ob`*DncBD_)Dh7l$d1jH!P@WB0=3fT=8LS!4CVA{36qPqddxZo4#5Yp38q%s1B
zPtuMR2@M=6!L)V2eWS<~^WQChekfgcAc$|lk(MKfd&_cThB`DSAJeK8>C{}JZTKZ8tv8khO*^>9n6rOCs|%YynC@n@gKH;>k}^uch25(jhi`=_=K1m0HtP
zsg*ejoDTWRA*OCdb;8ZB1PTnt$#9THmGg1j9g#s5ML5x(dUFrx3qij189I)+2PK0Z
zm@2|XZs40f;rG*>Bj~`(pHB8)LkGw{eG;okLED|M2Yns%hADs(=_g_{R=Qv%h~n^X
zQD3SSraL_H&@|mcJ9*9I{wZ8{HWjlAkyj>e7tCK;W^^>62ujZEsxS{^nZV2NLWPJC
zvMs*sN6BMyyNxJi)y8$iL4GK@7=qN}9pI6W{M%Og#K#;&^|63lG;%n=G)yE2hB_Ya
zqJab6>~e^*J@gxXj5)6uCS!gn^2&{(UaEljV`%X)#(W}dSVek`*bD5;3;bKuo4x(R
zXQnT_1u>os(TP~|#&!R8v`OjF_|X})3<0|n^y-vi-F49e_l~^t
z#cdn#IU3U-6^?=0RDdF?B-Ki0q>;$$S5A!(^n}!LTm$d)VEgn1J@l_D=V1a{E#WQ-
znzIjyw-Ju`a%+g<{jk~&H-V%cjyxi`R-0@%0vm131In0ls-f}7McPGk5JX}gpDjRP
zbuFaFgSG6TbjY@Op-8I6`ff@12A(e<}NvW7oo=53OEw(dSwz$9L)|T&
zkl8ai<3pyu>O_B$^*%?P7_fz-Uk@;Uw9s})imlZ2gQ`ryL?&Qj4WINY)9B4;S`cT6
z$|cTq;<(2y$oKxZ$A|WyWenCrPBKfGGZt$-3s!HsKlfa{Px?>~q%tXsEpENe+&x@1
zYRE;O={)Zz(ewRNdU?A4diUkD)h#<1vnYa-XGa*9pX?$+6fR<_&XKW)s4D^Foeow)
zHC&+$GzzLH{Ey|AQ1`0M&mB#PV+xl*!Wuhbn>zG!u517DVQR
z!o`wJxiR;K?v=d*vAKqE-HxcHVR(rw15@zSsczK2ge8<0io`@~NU@Gnooh!bcrn$)
zvM4plaMh@>Y)oXxT@I6ZMWIvCCL7baP{IQg_)^^b_7#wsJW+5Pk1!bjh@6{~o_yMH
zzoLl!sxbF2jWVmIM87|r`E}n!S7w@+}vo1vRl8%z3B7k-x
zwek5QC1jfpGpmJYG4pU7u9EbwSU{!5QD&YLauwOO=ZCMLrd<+}-S{i!xUpyTXyEq2
z33W%3cUc6AI*AMlMdd-}PeNEo_#-F69mx?#CREob?n#VDiLj)@aLukn%R9xqf0PM7
z$diry4EBzL$a#9OtJFX*Oh#gU+ao_KWQ;hHUyQ+NIif69#iGVUvpj<&6V|G13GSYS
zec(mC=iM+(q56$Zc)5jVd2lhRs=u5i!>^N28TgvI@HGwKYs8ns%91gk677C4ufpas
z8$6#T^B4vhE#k|cWJPbu`=CjLz7@Wr!=~=*ntOs{HwC_UV~CF$9qs$DRR0N``#pK8
z8M%HPmg+y?{#_{MBrop*mP%&;=H6!btBh2%h{IwZvp2!Rf4xmK(e*w2LpCZeqtmqi
ztf=5M2ZmqfiCXW+fX!gPHrNJA8$`{LIp*Q-f4?mD({*3dW<{u$&T6A`WV~();2HeH
zv>w`atC%tJo`Df+q-UBI6*CCzqMO4ajLe=@JJw(4<1)vo8Wa+xtXp@ahiTLt
z5!3Ave?>ATMQ5_j(e0v0oH7UelyW15+{A?b2OA#FG%@?
z?PMU7CsV^(XE_=SnD!WqQx2jCEuw=j&q9ANK~iJ)^w~G}+dm06g%!5;TNfYiMaV
z!n&YwyHZm@E6_q>0tDRu7=<<+md9rw%l|Ra_iRe7kWRBbf$l@6sp*lFO6Vy>t|<2-
z**-~TE?wSIW|Cj&xBpf8Z9}iaUxu1Oo2KT7hRY8IR7}kky8z`0d<*Eg1tPiDC`emx
zaD%||`U2hIP#Zbub}6?4p}Gy!XKW(j#7^RXb1_&YVx93Cb_c1C3?Tp(K6uQavMkLnJY
zb?a<>07kJnN>`P#7~RANlKB0^>MX9&(A}T-f*SHRJioQbwx8Zj*d0gS6YSdh)CXjn
zX}$`4`O5mp`^NLvy^ns`%>6R>c$3SyAJ#wmVZE07VWZ$fw^Vao$6OUczc)@tDtppZ
zbQ=O)A7hYJ3|k7{0vE$+o6FvOv(^k6tBu`xVh!hyPxcSb=BtuKi-PI*2b_e6Qe#_@
z+v$S{ljyLatsO)trVKtk49G)K9Ec&aI62gt084Y-N4vTa8?*ri9kvZN^(ITlCc?f2
zXW8Ik$}jwlFLnZ-W|QCpda$e#{9s*M7%)VxtM?3)8|s$fa?=!N3U7JcwsQAZwrLP(2Bn)(C@^HNt@UsBQNHMjvduA29Y<(S{N*
zQoc4w3qPteX5+c7Q_sYXzfNC?1xB6vR9CJ;b?OuQ(p=Q3PwZrKQD3%31Gg*ISm;ac
zS5w~eqVRAU+_RQ?#k01eKW*^5t*ZCjKQ)aF?x9)V2KQ0*q`|#Zv)W+W6SKYzwm(s=
z^X6z;==u{pPA&3gt~6|qfE|5xdh!nCL~qyRBy(h@3lW3MUQ?DeDlQTCr$Gt;3v!GNu8e5YvxIVp1?;G^6i^Poh8JPDMoKHnro(T
z=S=sqXBFYWv!he*AWB%9V;*vhX>fWv&8tOhQ{ho4nG9_24h;fg|Ve!x>t9uCt_;
zq*Ut|A7!s;qNO0loPuFRaLa*O1Y7Q7OXXNn(O37erE)B(2ue&rD$ANm0SR*~@sp3A
zg?m_6yu;uZxbxY+!Oo9BP{74rlgapFhWzUBTA8S7QVc%PA)=)gZ8Z^CCAKz|2dv@w=
z2a8IsYb+TsMR9C00g{D;)gsE!#Suv7b&f`rS3@=pr
zrk8{E^*@*JiAOOc-)whBaDSX&<}1z~@lTIuo0ox8E#wqdUvd}IZ;Vlg+ge;(0i
zsY)*>J;QZ5#~^zE4JnZ+w;rZs<<6<^`rf#YbP@UNmDQILs6J<0*n1p@Nc%bS4$=1%
zCU8hG!p6h0_*+tddDvol9GE~<0_rt`&kphKiba}QEYkcc7Wpa``JWVv{5KF@1)`Zx
zwg0_O2&w<~#4*Lur3e%@KNS=rudZdxI6s>*D;qdN>PBkJ!po+Hm(8#6@+-Xj3NOFH
z%l{d82|tox(~##tm;*TcZgAE2UWAkDxKHkRzh1%h*1`T+b@$n;O(2`QU35G&CMCN+
zZXe>~z9eM&5zgUYLMB!C`aA;KR-UP1A(6A_q!e1|gt*C!l
zZHK*T*shMRVJZDp?{IL#?)=;&Mjk}wb<}5ve9g2dnLHz&ttmg>f21(AVml8lFYF(@
zI9l|g+csu6?V}aDu7Vcrc;_)?)ir6cD0stwc*i?*sGeL6Bz(g0jyON)fmbOL02E{g
zT=u=DIqpU`QMat4{)cE}Mh5(VNZIRn`{m0@+^_iJwo4v6yc99Um`%yD&)YxTJ34;(
z>Xc0NPM$qIz;p_nw-l4xa_ZvL_P~f=!{!h@%wIeTs2ul*0gF1yVHWMWbRKEI^7s}d
z{Fp0D1upg$ej^)g6@3yIGU5W?k^>2DN`@X~(gLNNWs&0~phvZ)7(Ung6n%JDL4_rh<;3#M$MWNSl31Q2IY5|Y#gqb_+A;UBgy^p;bj
z9-LMbj9+ao9iC|u+H-UYKdaLB{W!gfQAh;G=OBbNuOZA^T`@`8y^AE`q^J`LCy?DH
zcpRO?ekuXSqKJCrz^9~~ELGqrB^c3wl(FqWzaLR(B{a;0muEZ2OZ&%wrU;%dP8Y~v
zNVX=`_N^SRwr-b@dUwBX)cmQ(doj99p~Ch8g*?ds5Dn#M`W}Y~!0t7sPXwywAM*EU
z1wkG*3g3I)-^X$Ly7I&J;Ud>}N|w!t(UkUg-mKC~wBHRcqj@g-T{uL4CywZIGEP&(
zM~+*Uj?fdSIc3O;s^T_oX0|O=qP~G^U>Q?V_7{T*#@#84_RxgZSim^&oIso`s_~Y(
z(nmwpD5cafNfZJ|q+mSl?tnu*NS?3$fZ{YY18lc57y|@GH#U0&yzuMH5|L69QAc0;
zO?w*!mQN!@!75Mpi(??;e>mO-%s9f-AS9g~v3$%r%sa;~skb|aFL{=>3AnTH&W?4a
zf-wP4Nuev0gwzgY1|*3NaCQ-nyXZkDal#1SVF-v2^N?e22Q*zc2N=;E1G-Z)*qQg^
zFpU{g&j;t2_nW1W6fGHNYOjvL+{7<0>csSr6R)#*
zZ#RrPWL_)T3SJQfIdM0#oNwmU_i#I}-c2O2Ji-Un%XA1vlOSGg5j+hTM3E
z{7dNtSsgHIRXT<({A!4|!(nNc4gxSX^!V9e!ih^s%1jH)Hr0CJq7M7y!J^2T1uK9`MvG;K1Vl+Y%f1GK6|=5n@?M!W38{&&!f${z3F8BSS^!$~7i`cn|F
zB*HU$qX5T*V7E7lM_qAius^X%(5VxPm9dDj=Mz4Rm2`el+m6H|13rc!kX5Jq&wt!M
z+gd6S=xUJtoo%P?~SMdAW
zdZYdUYO4M5HmEoL1ueD+%YQLHw)?r6SyCD*^C{-ZpAx8JrVrWGFtj@OoT$43`{EpN
z3#(%Pi-IFkpQco?WF|qcvdY*$X_jyg@ejtdF!8P}@y~#s0&?jUMx`!FQ{d|03mmvU
zoh-d^_Ckk=)9WsvaYdbG)433v#_$0MP#`=T)mmB9t1N4<;0))mwo{=I;39*$pn1De
za}$;6xJQqby7Do><1)f94D5%zN~M#8lrh_+N~_NGQjr%NoT`4rK;kh`uX9Ug?JfTM
z0o3Tcy>*XuZRIf=YRype^m>}KPjyH}q@h$C0+W!O_(GU>^6ja<7L-XQY2r=hq(MRz
zDVjmT%%5{ILc)@qs2fw;jaX6d_3kS4hRqrOhL?w7FIw~T8+vg{;s)p!R3D>pB^gAv
znTl4eD?HBI2T>@aW+LejHA6+`6l6in?_g7)kDVGDNjzWsJ_Yf^zp!~LYNSiAaTg-5
z)c2woX)mNELJU2}tx&wl4vI$0x4ZZY_vD%Oart&nd(nKmOJ)$Mxapy+iAWRZ
z2uc98l;+m25nXYUV(Lb?08K!$zx%**J1wwSc#Re&LKV^G$Yegh?tP-GRf~W?Ve$@&
z0QMO<=KhT&z&+w^&W^Q(9c57t;u0fR^4D{NsNdWF$4xsl%l{__?@cB5{?`
z6#ZviXHedxlZYBx_@pTZAJ3Ui@b-ESj^Rqnt5*XwSz+FWgclo3UT$rwb3{jijvrZc
zEun!ft4)?t+POHUCF}|Lg}GW(-8!;-Ud20mrkERce!LqF$kHiE1MSPmg}BLat1@1t
z1UpnsC27i0gNjAGlyjc)L-l1H7A*zo%+vJW?nU_N0rd2d)ElDbiVZ`|ee@R>Z-CHqpp3-Wv&XUxX8Kq|3Jhk+jq5z$S
ziGMO4L@@;l)Mh?!Q2;|*p3ry#LT7+aB+oaAvf7A8n+(PjRQ(uGod%z+9PqhdKJhvO
zB2aX?O(IhOo&s425E2LwylAn2tB2XChtU8{M^)r#SEZ0=#|8+C^LfOqn5rk{T(~Ekz)Lpv5&DXnEwlPjnBfFS@{A?
zt;!WgOqxX$<^!WndE6=BBNY+EqQLa+#Y(GkQx9fvrdG?Wl@;+thC?N#@~6UarF{PK
z(EOY>^gq5v!v6fEmJ3hw6I=R4i7lsP@AqdBzC3=(37$Rlp(!DTPHo=-DtNAE8%ObN`S`LhtBH>p)7qvwr0zD1oMM-Xv4dpvYcP+VV(4F$D
zY|&kv?>dTyibe#N>R+fj%U0D#ZtX*^!K!VgYB6})V72B$oA7%%W3Y;krt{QkQCJqg
z-#150MmScw7hm{E8mC-ys91$&L-SCZ2q;4P^|BZxksgU`iAY3-77|D}u+fHC96-q~
zx+X{*36B5mApH7$5Pm%e;omnD5{}#@F|5%mi!Y2&mqdV%Q;POx4;LC=I0Q;Xne?tu
zG(<7D;dlh3_ZXtbo-x@W3r_wFcWi!o>LAU-9^s0g?+us*|GIc*s+aj%{^g_S;`*sQO-K{$p^V~
z{cMMpVVw}%?%^{$SWToNUK}0JHDbzrDio{>ANO+aj9ww7a`^g;;1ySJeDVXW65pNd
zb2+43LVt^irTUg8k9LU`!uvKoHRN|Ld6hQ1`&
zZc%SJJO=bu5r`Zf1NzHS4i1k2y_MUB^i~&dN`K{jOL{A}DvXCNt^#?qGSr*{6jr<0
zQ~sss1gDkU<4osSJ)#pRB1%9K|09PLgBY3vY7XT+I201I8Li0-uHAFA@@jkJoW<O~4oN56{I{ujh*1T1AdvZItsJkkjn1R3GIExn=7
zp{5~w$suY(Dt6(l`Ydh(DqEDU`z=B;AC%?i=*sh3$_a+Nbi!Eb()h@4k@n^R%5@n3
z1kIK@7!1jI*RD`RH{PVRKOTJ}TXZ$R>-Fqun*OM6eYBGO==_N)zC^qJZ*&sA!HPQS
zP4Cfh2-RMO_6fo}bAs^BoFKe2CkXDG13A@T{omK1y$5Jn%U0gy{8eAA`pOsty^A=@
zGUbwQ5BeAJB?`g@L-r%&s$t!xmLHzU`qPrP+t$j{I_EAu8rb5o{AXjG(Qa~i{&o!k
z%6EgvR
ziquvwG_4H}46&VUNm1MCD@|_014D1Cx0>LF2SRbHSBm6@dqZ=pmqK*Itx(-?rO0la
zQ1TbcQr<#$MU)T!kw`lA(ta5JUkh7+Z<+;FMX+;FM&+;F|?(DQBnOl6FQ%T&pfc=w4=
z30@ef65Ko$QPKt98r?VC7;{{x!U%}5$ISGTs0j)xSraaiQGw%*Hg;QhXB%$ey^%QK
zol%41ow41*JKJ~*?~NuLyJl43cxR-|cxM@KVfTzS9A9d6IKI+0TzF#{apA4jh~teG
za^Q`Ya^Q`n6vtj#l8!)n8LRoUL>=lVkhBACw73HSisH}US}|z20E$DyBC#-LQ-)px
zt|OO6gXfY3B*rytPHWC-w;DE$cC8ZmGN(p+SFvjJ-ZlcmK^j(#*1PAZjx@K{3g(A&
zRN%zWX@TSLu>-^UC6}ecR~g~~ho7Y!sMr_e>8On_$J9Y}|5mOJXBJmE%hd5?YpzbM
zx5d`s#A&{c-rJ0w?5I>Nx5e7w3<+-smxbINz7zfqC^yC7-MB!zW90rmqCVoe{8G@^wqRZrT4h)~Ux@&c3H)>q8~belKujHxU@Jn`-#6I}+Hj
zJ66Kc8zmW?7*Xhzh7P-b*U(`1R7pP1Y~oW%J!Kx!_8@N}Fwk$#EPPrZJLPGil!8h!
zD;k9#6nx)(^P|xvyw;k8H$Pd*gEyhp9lSX=s)M#s8*~)t-hC5kxV`)4(5MS8jH=+W
ztkr~9MnMqEcO=RBRjUTxT$hz*@J&~%1&}pYk@WlWA+;N9H1!D?L?=L`7}+3Pnw(l$uc+
zV`_v+65dI$aJf7%$*
zHigs*fY0!wv|O+hEjUZk=Z^30@{(tE=6D`>D2I(IFdVeOD3Q88P>?6yRU
zB3TqA!Req13Bo1P#ZPM~Q~!h60#FGR#wLAU*luIMMTtA`n!^vBhn(d#23X3z5)9r)
zfUHv5>y+upN~$~Qc?Sj%-Y*0`C1P~164`zN}0}Y((VTt
zsEm-qJvd{eb3mlqB<((+AcK;p{hzhIZ}_^U8CBnK<{(gTNsAz_~H(y
zt70Z3GgXT-Iuhh}B*=6`N0Bq3J9tBB;WtkjXKFyz3rR4^wMK-ZRE2dSQP@T?G$O#j
zfZ9nTgM(6az%7~P%A36?RU*<=a7X7*=VbLIEk!J&&L2ehEzu~*O^9XZY<
z1jZdczxMriYiB<_3Db5QugzOwK)D7C12=|YAW3Z@ET6AK1?wN
zHGUuUe~rD9_&Ub4af@?Q^9Qc~I>dLmr+7MQg_RwcamZF-tO*rRjU=x%0u@-v
z{hb#}@Xz;t*gZLYb?TiQ?4K;1!Y{xsA=7iTcP}s-y4r<(ZB4=epnbK3qyZ6`9Cnt0
zEr1b*w<>B}DgwzZZTstPIaYHXgvqscdKC?aNWE@c$2}m+w|W$drdw?fID~Km%H2@}
zVF3w#;lYS60ktWUnQRyrU3
zjB#-yn4QSm-8tBN=4CeYD_7vM=pWf-SWaADl95NPB2#KyNe6~0uZLS*P~bp|MY
ztc0w-Nv*;&{ax4|oWnc~3#seA!N`ZJeg|RW<62VXkXdxMl`!#l=XgoZd;sdxJP#0&hghZq}E5D|6=mYFkydhT@AMhTMb<`8n?aaQN7
zA%1Az!v9D{SPx}#r?&(tvRsYKr?>}V0GnL*z^|^}pY7^hY>bqfDB*rqMYew)JTUvGp9LDZPGd}=lJ1$+zZc;?nV5jg#XBMz5DNs`LS%|{`dERySI;ajy)Bboi+S*
zKgmgSP+&r(#PYC%YQF80$q_%y`e!`aHf%BczujxB&=Se97+-Jrsk%@CYTGKQFeYKH
zdspN=?lVd-5L-EPokSf3*DvG#_||Jy0}fQ3b_t~<(G~Iug9}BmR?_o#3BIa?KowT%
z9i`Z}!U;PR3PN}tDOC^xk|cl;>Z=IW8>>~1Zfjf)5x_{9`YeRqfeNdP@oFUkKW3a&
z>Diz%TL=ifpEq*7c`H1!!qCa>4F`~OWD#ZYR8w*MqYwr~l0=L!YmJT)*bb1Vp~xp4
zitfwobSFll0!pbgaL(Mes<+ncr*88|5YO`(%{zW|=k16jl{g*iOu?D#4wg_e8~FuS
zQuvMPT;Jk+g|xhk`Xu;cT&ZoT6ncp#@qxqU5k;3lqDy&#WAkX`pT~JVR
zdKF{*XlDnusrQx#lSUdD(;aTtRtm-
z*a*kl=+NJ-b{7a~P6<+Lct`CKTLeDvUa`&Hns*fab~%Pod>^H84=8Q?v(*bnSJjJg
z<(xRrYA1rv17lFg0tpN|&&MaI2L3s1(76XCow5Zn_bY^JiT$JoKpqKT00bNX!ib6$
zvrNH%Wb1|_N?svR%1Nf*_qO+68%`9OJRjT!PrC1~Z-4Dg#y6vWnQ2ORX(Z-h0&XHF
z%6NF54!Y1TN_t|P9?XGG{h~Ri!;Zo_3?Q#8=P1@>cQCl-T-gjjJblT#W*(u-Lrmq1
zQ+pcs+mTh}i1MRTr7jo|pn$ubnR$vZt{Vt$e(76?BF0DiG}!)KvucoTebDlEG7vVEGJT8
zQIN#s6HbaUX{vSjzynF;^JUGFjtVDKn{v!B98i8#ETd4mR}@9UIvIR3Tic_k-;C=B
z5@7~|j(m=l?(PKpF-na$mx*eh!^)53QK-z{0siV5c)9oCecnhKoR0Ib!
zhg2<)uJp}^U5jDZHL_pf1jQu47G&nms>b2x6AO>$dlw2eKOgne2hADw&)wdG+Lx8a
z{g-0+w<B@C1v?+ki|3V6YaR`wBj2$!$fPzS4
z{NhL=8AB62z}O|v4CZqay;>x}mz7xle>geGRd=ZS51$m$2cI1LGC!=%pAfBnJQn8v
zIsNdTlEwb{2wwLM%=r-y&}skAQh_8F*=54NZQ`@(vbRWbhbhtS>7W}Xamty`?qIWE
zV!jcX3~KeHa?ny@+!P6gkcF5?N1*)G1hY~p$0!dOnk{nPJJN45u|ZOhxZ5355|PL|
z{UK?1q7bI+R>oPX;wcw0*5%GH%^~puNf+*=z9aIXK7)Mtf+WM%zd@6Sbv^sv<@q_&
zd6w_Lj7B|O*-!sQo?jU2_nNUzHBx0eXIG~;)Qoli&*=1i${xpAbdi0Y<
zlSlv1NRktK*mj;prkzJ;3SAw&QpoD)2gSP{{b)GXqt~uDS!17{-)Z#oN@JfN2wrQ{
z^1eq;8>_)T?hzD$x7}8apkRZ?^42?V
z|FH@-&Ej{Ry6T-ESH)TPB5mO)5fK8+w-!ncZML-|1Qwrrqi~2;{sV6xRbc&VlYUj)
z0)#gnjV~_BP)HOS&=tqt6Ejj#T*lDJ2`M&B`iT>sa}*^a=1e>dV;kw=0Oj<1$LiW
zlSCC!Z#cS>{1&j(5lwVw?R>=
zdcct({5u!24if>LV(dpy(pg15Z!xl-Y;n0
zuW>cIKqcW{GQ%8RbO&uJ;D?1pZmB>}SfJaVZlY6D1sFom=2RnaSyD9^kyigTt&txA
z*ZS+0rX2p-5x)WgCUVD!{;wVJ6b0PlH~)ClezdNUJ0bty1B}ywVLlpo@eQJS_|>Fn
zD0u&S3!}2Yhm83jJx1LB815swT*gbA2B79`0)R&GcP*3tYwB;~jf~={MF;$~^PT1l
z|B58OUc?*wko;86rlvP0722qj*}8FGgs*OL?g*2MN0|QjCJx2tKzpO9WXG%*{#!ck
z@5#sC!?$bbsWvZ>H_-f?49L9=q*6DR@K3O58K1oL%P#{$7<;~7-tz-u2q}DY*o#yq
z2>h(RS*=z#P#m)~0Q8!hl`o^O6G{#7JK&m{C5@31(*QCE*Zv7VZt2cwVQyu(P4ab|FU-Q0$g(Q1g
zk)V(JHfqkS33(4Pzal{-SAIi~H@s7mWSEa2sQsp;azW7e%@NDh>%SSfoWC0UW(0Ho
zs=Q+X*{c3hqAWIlGqO2eE(luk
z9s8sPHLjK2QiIwm-*H)=>r}BRef1?v4t*Y%M5gq4Ty>83=yM17!(drHY>3oynP18*
zbCV4z%YEe*f))9Yn+Uk11eoN$adUP4if5u8$XBvdJToFMlsQ!_THxaX7=ht$1~))^
zG(cw60-wGciv*I^Y06(Fr5%={$%wbGQo9Wri{3r6+^pcEvSUD{h%_s#0#*YFGYO4u7c_|@uT6p+DNI7#o}SCGQ5#t42j$MCCl1HYChZ(*5l;g|ofw?V^A
z#3<^c)3>`nY6|U?FuGD8{lius9lzb(t*xV%lhPiA#ue?==l_WV@^X!mM?(6ZE#pr*j=UahXc-(Ibu0NP%ysfgOW
zT8qD=mTJoilEHt!kAA@T(mIrT`xrFx3Y*prF(+iIFc7bw(NiwMx`yip!Gl
zvM{-LN^~O8i+kF9u%@ZS*P19i)#`{-BPcqxt5gz^^#9M^m3K9cB>BJLQ)sG~E$G2U
zhs|Lq1_}(t6xa-=j-F!uMz#g0%a**B%rVd1pM5hTGE!Oy)QjJoB4-`@p{NG^hG0Nn86;AS*|m+eAo61@I$09cVL
zsrOFtb6zV^*xxf5Eq0JFJ%C;zp4UE2cwN>@t}volXKk>;t|jXlB^GYtTEaBViI!<+
z7%RaJ&D+GZjaSu|cB;FQb=A3Xn>;Q{JI)Wg#LD2u9yek4h*2QF>M||_->q%?I^j!W
zI)mO?KY7+ZJ&RMwK6g~(Pp*6x@h+F1H7zZ?cwCo~8jeI|1=0gpC2FB1Z3dEv;E)pn
z9`dUrY1gp=#h_DxFKo@ASaEhU63awrB?>l%z;X~0jq4~`AZp9kxDgr@i&wKZF3_>22_PUc4s&Y-X>D_
zY$0#}QWH)T#vNs*it-V1ChPrbHV^?}S!j}eTvbC3GEoERa>if5Kg8$d>%KB8^CJiG
z7(*6lLU5_mbbO^c%rqTe>tY9cQe{f5lyR;TJ{d;j@yO>tHcq}6pH40=KklCz5KVp3
z*gs{2B~BeQ8?ELk>?r${
zCAUR;u?X8@I_e^S1;F4$W9=C8;2}@O6{ciA>iR=Gw2bAyu1M?~b}w5dVRy_U(p@aU
z>uK@d7!l958K&i9icfj5+ZhM`!=&3W;4|~Wx-V83K64caGIVB9I8Jp44$1SmlT#Y^
zh~*yx&+h^k?WSZ?ZsQ~F-Qb-2RJtcWNLJhwBICKja-W32Ay!Xa3MHNPq2#EY_P!!L
zxbO?-o-Y3K+E~7WpuX6v$w0sm0{1c1ze}kkIOH2!v~X$K
zVC@d$$4R9V^^9TUjeFoGV9$9RdfJeJ&&K{)fSQQoq<2e6=l-PjZ7J#6pVAK|iwqS5
zld%JUGa<5i%U(Z6u7G8J-1unJK_p{xO4%`uMGx)nH^G=)2dAgsF2oYDy{B_|Rrmkg
zB;5bV9Ner!KIMm>?|fJM#0BdW<`>)5@+D^n1y2hFhE-VSGW9h%y~GOqC&2)`5f}w<
z{%>P&Dh0-8CY^gww+%#k9?#o?+!n6~hyl&Mf9H*uct2*cbwIH-0#yK0kocF~0yDQ}c5?Ormc(y=4%B#bhToLnCRA8(IQ*8j{neHcVOKGYbvk6;)D2m#FW
zU#5nH2W$rg?_Ds%U~(oHS^5cP2fN{o7!YzsMoG3+B;1SOTr-Rorf?xL8ad#gs-2)j
zJr@(Q#qi&;$^I;N!mz)>x-6&`5XyRN=b@1~X*CVov~7b;6;olD8rS#8wk^TN%A&pf
zFG_odu#2fiYwRHylv!8YaX&V$Z`L|D#200)e{
z`r?$=D>Js?=H)P+5g2uB>ahjI(WU?Lm#fvQ)l#WkHcb&Ub$k1NR?I~Wx^^nJSHFYg
zDtaxhntnyh*`n-QD5V+$e_B14n>^k=E!e6^Ruu^7@QAdw+C1cf(|qhby{w}Mk$NKj
zfu8lN7nyodvX7=BXaT(azEpD()q&leC=UTnPW=fLWv17Rk&(DgUL-CIK{uOPGsy8(
z&Z#T!Ob=hJn{O$ZXK|s0hg<;9MyQINuK?5HMLirFxsa68EGXds4O3G|qxJ+)vWhXo
z8DXCahY<`#gq{go)?d)pdw
zpe^#_fs5=kb8|#9JBxyDKZhc+8JW(^j7$uffG7*5ycp+U9FAh&*f}cm!@X`W?t0~J
zFe>};F6a-9gVsJ+Edno2m6#fYQA|n*|GC@u5tudl<>gS!vkKB2p|&1F-B$XD=-!mA?o8RirU^IwsclO
ztOt)c{0wlR^eUkFbRhKQKIn&T4?}iP#k;@1F9+So1q3z@Z<9oJswg+tSWP`Ls5p4Y
z!-EKBc~xNbV63GGUG0T{x)|et(p!MJFEZ}EexE=laHub7Eba0-c3O@hXnItxhbrDA
z78}qdxw%K~?IABzp5R7+zC$2)Q0%;>=wV+7E>a>&Hyg^2pt3WDct3K7_@L~sWGQk-
zqwt;rews%|$|VPv7pJ9z=2_zqhKnv9c(JQDv}r(}vJY^B=-wNliUz4Q!A;G01@l7#
zUD|x5T+4bm9^xz15QV(wM?4%$Uo7+(j=TZumqx#dI3TD<0vxY9976sufQQ4q-ogS_
z{e+rE_0w}>Vd2O}xRdwIv--lqNf3D>w#2;=n~H_={p0$_^M!>A+4M8Y<_MmG?>~iPvfj2@Qn(1lb}1TYD)&uia7FK2#LfT$q#oO
z$`OiL>j}^b#TpaD;lK_2p|k;l50#IApmu>~A`wb>77>_RG%#`z=axiLmoR=BO&17i
zi&djARVnHdVX{x3^_SFMMzaWzqF}~&L61VSX%TRILx>dy;uS^!?P-g+Oa>EmwM>dp
zSZPxR!GI7$Eup#*(}OArO^;AHUDxmU1at7sl*kT&a>pO}aLpv!SGpg`gX<(V0d7|y|7}%q8?GxE
zzLxGnv~yjE&eY6ZHNh$o)n-ib)AD+A5_)H4@+wPWbH=LJotA60o||T+RP#|Yu4I~3
zecAl82PTDQrQ?!(nePCYB6ljF;)@G&tFx}#+t&8FR-hHwc#3^*%xB+V$Dn;64>=Ei
z38JSrdrR2Tj5859^&WPRLl;AfVUdrmP7VZzAK!A|$nF7~+l`GC2XoBI9U%g~Gde3NoFh
zD0y_E^q>yRZFmnLlIjkhs(-Tl>5>uMigA8qmClbU=;(0oT)&S}JV4J;=(vcTh`9G9
zc+_F-Mi8z=A@LC+{Im9sDj@qL0>MO=o@5~uRm#bhKKgwZCV48vg0iA1*6!TzGqL%6
z#I#4ZKPX*>Ly{+Xx*sfVcFs5+2V!Jlf?BQjA_N(3qgKF2a~sFQ+S(fET})heyX9_F
z?s%hbOjdpbC2Va7SFXi3q+^zE<3WEB&rQU+N$Po-=fK-udr^cMr5-Y&xu~5jVYac>
z^Fk%MGeRYVI5e2<&F34|;3~R`R7mAqD<41Nt;7BX;d`*TwLb`}!{C>zNZDcDNlx5Z
zRikE@@^x0fI5^oqH9j{lKC~|PFHf2c87zZ=F>u{JK!$=?53vvt#mmSTb5M?9RGY1%
zHOsglD0IUrn=;W8k?MzCxPL+)teFWaE6ZRi=s<N1Pvsr_6{TNTUjJds;PbV$!Mp
zQzKdC39dqj(gf2)6rEwO(hzZk2>5&{PA}D!jw>XQCGp#9wjsqCPxA_Kf%>f0{K%>i
z&Tj-B@37yet>K18fOKJUUBH6B^TTljTwsL7DA3&VDh6W$N=L62nZ5$Si13gzpEX4h
ztC8^;j2kiOlln6X#mhNl-~CY{N|3`m?&je59ldSUNy%
zKSS&<2*;~0tpck^Bw6kEy$2U-)t`>PJ-R`7XYBOdyS+QV=Y{1*cNCS;!UoW{s}SkT
z!D}Hcduq42&z46iUYG!Xwu)xmu2H148F0ejh&z3?q2utCKyKow+%q5EvP{O
z@F;I$C9bI?4gH`%ugL-~Ns(;B+7O}Fn=6ZK$(HEtV)$^MZ@D&|+D$
zZC-G3DttJdH5LwI60ju-kf=-0PEj$fP*Vjpy)Uc7?FnVf
ziiH|xSrn4h3`hj$p;TCb<>0t=@`XtW?!cqME=(L44emjDUv3TEQMbjng6hhuvBMV8
z?i%|GG=1H7zcImnEakSo8^yc~m+>)R@?<;)9S5MBfht1+dLAg%NtpNmDAhp-nWIqs
zB;=b~8R@)x6ZsDlIEtbwlDz&#>h|RKX#?lV7O@HJb+#lWYo`UNaJO!7!*g%P0flc7
zmLq!)(1!Sv@nzsOEcjz*dCy7EEt5|myKQPOBRTTUPvLE_H|};AI}H8Nu3=n`J)`9f
z4ZC7kPR**+D(qluvx)-|&EBQe0QD3M1=Vfhmbm^^{pv~-Wr8EF-1p^}v5Vn(9(y7_
zx8%)xa`H$hcfg@BFxd1Nk1u)r1uC2P+{z}|xT%9VEW5Iqes!mUcRH0hcRH2yoi^QR
z&%4vk+-Ys#oz}*jI|U%Bawn}O%bs_qow<{4RPQ4r{$nKOUMt;|Zcxk%>}KwZM{itGQL$=dt_zXBWLJd`ce3ZQg_fRB$x8_hb#ll3{2^X
z!x2J9@oBD-ti-qF-HKukW8buuPeS*}$d6J|_ws$@v$JzcyDh$6sJ(BomN$;<+WR^l
zY}Bsc^ugt8yLRx8w?Dk=0EF!7$m^}%V3^LM2Y$WPPJisJ4%{0rh~3pL6Vg_HIJ&>}
zV<>`~twILxsDzoOYmec3f?CHoG4LGVw7`ais1=Pn;Ae#Dl{+Zl?7pR{o~ZJRz*n~Q
z?;8IF4eX#newQQ0T%5}I3mTXS{Hd7up%f-{jfzRR6?c9FQ5aRzSayfQQTV_f4I6_3
zN!Pp#x@r_Aoc|U~MWUnngY2e0>Cb7!@-A_)>}Hh>k>JatZ&mnoTp92!N!nF3QjyrJBC(>m`JE|lJh0iH3+KrR7#Lb4
zlW#2{XxT#Ja7bK#h-R*k_`}c^JhM1i)_~zp5A9
z`J*rZyDOMMu~tWo+a5XA5!KCMB0(<{*pR^^Yq{aEhbp^1YYl}T;u&?sApwpIZ^JGh
zM(C|a5~_pU^b8DJ-EWM--h-p~&<%VKoU+SwWlf2ELjK(B*Kkoa`n6Y*k_92sJrnxi
zB!ks_#lk>>tcAR9M+(6yZ;#AuenjzO#+
zF>a`RCB%G!M?@0%lK7PxvGgf5e5nRBLP-~mF}jD^|E&o1@K$1rYQ{2XsOd|JX@=5W
zLs-W#Um)z5&-d2)1CybY6=2{QIn!I~X%UJpQ(7<|>{JVICTSrNh^DlFuo+qlcxHx3
zC0j`Bm#%T`!r8=H383qE9k?yrQGl@}hEGyHIWc(b54(I-xE)0Obt#ZUcs*ovF{*~3
zlMu^6l16|4^ddt6V>-$SWtQNLQsmht>TDx%>O_f`Yr_C1WIoF>=uwYGHy+W;MJq2N
z)3&72b`Fu6W;K^e+k!~jf=1hdL`}1jL!|A5M%$c3+eD#lBG9&^&o(E|c0+)dw=Y!t
z1>DMMv&~7fouO0s+wnqPX!^S3xeQ
ziETahWiK9&Iw8BT90l(67)wvtwsGin$$AHX5)<|L(nKFmT}$>;%(l<4e&t!>0j_>V
zeRtiXl9<#J8)#+Q$~S{nwgEyB2O_#NDxVXw(@uP-F+8Xar2AC^5#Os2a5o@7}`cnq({DqDiaS_>r1IlYW93)C~s!tA$u-
zs)#Lw>r8$p7p37f=La{XeK!RnonL4%onBcXYZuL{ead4*`hF)BAu^)|0vYH;NC(2_
z0-){&3B4}}P*z}!-zJGWGY$VUp^JqJxcONK;{aVeC#pF=Qzo5BS_n*-{T-!(ToN+O
z&zMQan;=`H#cyw^YhRX07m%X-nnc03dE&Mp3KSkhQzdWQO*MyS^v2*SVX8~oS6YdF
z(v*K_hEAp0fs;86$)+4aC*;K`z-?xgL
z^sQn~?OVkz(l@$FdnIgNX{Au#_;ooAExuj==2~jDAUimPi>!2={Wy(h=RT2N|0}ZZ
zyZE*9OeVhlZ{y-wUY!SHKb==+ee!9f`T0p9^EmClk8A!q9P@rywKT#ztg|ty2~=*5
zu5AoFH;9ZKSVy~ZDdN2oSdkMvuHbRSoZxtuIs;4_j6hsTtxs;&i;}e|soG5T&LlXp
zF8)6g|L5+jU#;zmIpW3HBrS4k(Ysu7^SO;k*>L;58yTV_dY4Ns?=Kv{6X>I2^Zv8%
zxt+G9QzhYGGvx&6k6oZYC3vYY%|7mj70cxFX|S2ZnjyoHrhUJ~@T#VT{q3?v44;mb+f~Pz)>X%PSyvsaSXXDQ;|wh)
zD?m>Bwitrf1bLJlqw=D75+5HtfDxiIcGcnpzy^ySIm#)=p;OLOZZKmMofnRxQ*aa+
z@o3yn@IA;jd6SIQlp)fWkszH-Jivhp#XyB}ph7WF;d932w_jcCoV}U1G2{*n<+>5u
zi7eYRHG#$6%%vWCb6Wq%O8ET#*_(y>m#--(ow(9^u{EL2OyTeLR??kBwRllCwu*G4
zYFRU7R9K7FgtiI!X~-m&xw4^_!k?1*mUe7&ZTE?i9J>kb$x*|Xb{uSu3wZ478s^Vv
z={)At|71a9B~*#;t|U8Iq6}doL_OVnUpzxNt#-fuoQc6h*>Gv6x~7VQe1N1($iL?#
zjZE*CS_+5XpNM~=LAio9@>Y;85^V6LBR?Txo~{2)6CJFEV;ZCI9#{XYxB-VRI-kO`
zmVUVk*ixYQ0c+_O8B1U;{hUWUbA@8z%V3TD4D0mIy=&4F@olv}m+lMnx^yr4n;h|;
z3jhspOHc1QqH0jztG`CyZ)f#g)f{GCIA@T^(s)2>sgFLm)9PfM?j{Dmq<7uqT9N?2m7ZEsV#6*v}-o^i#P&fazi{Mpq>~r^jDSN9B7)
zrTXusrtSZ)%uWn%_zD*E8K_E6sBO#WYeqqP*o@3wu?yt62d3h&%&cUKu@Qd2r)_f}
zb`|4D7PU>tt3s3dlvvnVw}9ZAsM*~Q=0O0N4r-MUjxt=+QHuiR2a_6+-c=5I^%HJu$xlX1i9voKTYC2S6
zdNd!z#VvzsHuwh?^Z?e=CASqIf@AyxDWndjBtePRzh>=)dV^|Q~;DXUr3+8RZS#Zx6`J=YM7m(@gThamE{Gevr)CJeR!MJd>>2Br7s_
z;><(Nr6Iu?S);kbS)uus^Fec$>jLIqIsY^Fr~$_Q%ze)L%y*penFmr$FpnjdGeNb0
z&><696S6z=@0{5oFjq9}VXQW2im
zD^mwEDf*C9!W68@94Kom%ZtPtS&9?h+;*((iprfVJVVS@wK;jz=6t`@X8u8K
z|B=*Y=1`mY5^CeZ;d4mML{c*gk=h^(LL{*$9uNJV0p9^D9YDev6{g@`!=V3&7=BO#
z6>>bh!SL3NC~zSayOx99s>f_C?Nm*X7IB5j?env+X9n~=W8un>PFT86TDV+M)s}9t
zh0E^DS-RPUo14y`sBI>t?qh%_rQkp?$K%btA2_zL9D9*ek~#pSXKj_O6)G>nlb(H!
z0|)8QSV+X+DM1j%eCuDs{cI>oU@$-h3=9eEn{6-Bb0+`G-jz4CjcohBGoM0}Oc-*5
zjU_KESuPGZz)ThfNG7REWv*%Gsu
z@Ybn94B9{OOnmNa(sVA_VaBcut1uO5CSI3pp+gTtEx4#^`KH7ix3-amM%r&yu
z`dP>haggu^oc#6sB>o;2^Jj>EIaf2+W9sK`qH!{1E*)$?WtL`P9(?-%jUa{+vIkrQG_zII&Z8jMbexw*&W~|2i-PfK
z;5v_~nRZCddOU+fY2N=PcLYR53zSWCU%^l5$QGP&UwB$V%`P=GVuW5HkuuSX$&p4&O_ld#P`I;y$G95KZ>~b+?oYba-A}T4k3Lk(SHGCLV-%#
z%G2h6o<%1|k_Qo;4LJWI)%2b^gh0L%CS^*5kA*C8s3HU)zD<#ZYO@=6R(~Y>j~DZ?
z6@Cg`C{LS7cDjljN{u3E#Kme{@VX)H)Kl4^;zjWsxoE;s;yep|+Lod7cqoM}Lbb8q
z9EEu}Zc;^Qh)BvSj@vbvAB8=Ni>oxh`~~H!>Krcs)UviFZH!@^W?zdvzBpFW-x(+A
zmd2QZ?T@aJZ*}_Nt)eV$Os#m5Ni8h5|5rJm>IkCye;wBYBk`NLEqA&hxXs64wnfmY
z%$s=`e=2F~Am|J|-tln`-3?mtp|jC;y!K|t-E6HnyDyLF@m`Px-{%gU2Al!{paz%-
z`Hf?tY(%P~uhSAaBCA$`pxOVL4uOLsF$qRE5PXarmRv9IQcn=x!fR1wdsOi-NdyC0
z+lOmvH(L)jzez{a+10_ela(>N+veZW`{R!Jxc^#eO_XixE
zPMa90Y*acqua&291TVNihk`sOtTxPi2^met3zSe^gb}==CAp$l#!G5O#${=i5TQrR
z6cIKWnQ?G55L7@`xdf>n6;M#)b2kh}h|tf0|@|
zGxNik19LeY4mm>uX#*fK^EsVzCV;#=Jta_DjgJjQQcdu)l8!OEa(7?$(Gzd;E737V
zttTJ)|31k!M{xS|QShiRM4?TE5fwOI#;8MAW8CgiAwZ!=g$W94R5&#+uG7^SZf{T_
zM4?ZGk0?B&!nt{Io30|<-l4)2g#i^}6rNKdp#t7}_l7P$(ZxHwm!WV-g&c(!R48|8jMu{r$q7vv?cQ%ad`e{lw_bjqtEnBKgtvEADel$>C7}g
z;qbOb>bby=wJ)P=n=AU^KS|zDzs~;t7jfI=bR=m}Zx>1uIKh%_xwj#c+%LqFyoKMP
zCCRN^5Eq51UK~*HRv`U+=Y?!$##DpXFJwpC^xBYm)Bln0jUt+w{)>~jD22DQn-pj7
z{!9KG6h;4)YIlNDz0ddIIo{urB2IQ+ia6WPRM8UM?e9Wy8;ck+!I*9
zg#oZ3H)S3z=Gi95B+UbYzchevMV4$KJIt|C-_NQK!r%ZKlFE`h=vDJM7z)R
zr)YLp?xWQ`F6tdHfi#Gn+JE5tyr})x@~tI7tQ)5+awW3-f*^vfnSk8n7Nj6?`~MOo
z{;L31W=!Bt7e8F?DuAROG`a>b?L!pBOix8orH{8@+9r<-fL~{?t>s+-`stUUlnrdKYoS()6kZDqg`p3CM+t6Y!*Ni
zcfry-e>`^!FRe~N_UsOm8r9zKN~k;&uCn_@hDNbj*I1xx@t
zK*YZ!p|+rK5FR~FW=*Gt9@nr-*3?#cD|pdZ$u6|?H^`AKVLx`y+mSbQpL`{P79xZwg!(fpQ`x|DH`TcHP%(q=
z6<$5o@j^b#h4LA!I96;dW!kxGdDZ;;Wbo9<;&8;N?2*NRSV`tgA!mBKbDUG#cQ~6CeM;>;X!P3cM!VN)-C5oZV&ZFw+b;8h
z<~!5jm$|#(B3a7%($7X`Y}LQw>>UsTt&J_2AB{g7u003jBgT6y`iQ2=U$I7G%mWsW
zEqiplpm6LU=raMN4JvQom!QtZ`U6%mfw6an0R&ut-XG}_)RND;-X0TMg*ZvTB)zO;#_%h!V!jS#1ahw{7PuPe3qoaq>K;;AFvvB
ztC$b#i{>|H>8Vt7b(UV8sU482t)U)$G41r&r~g9*)i2M|8$i2wI$RX@7A88_<74qP
zA+g2$Ecwj!jFQ#;zB0@epsd_%?iSP>4-QeRah4hc0Wox3ocVGY2Z3_@d_
zeP~GGrEwKKa7pq{->@SWh0hVKNNH0(VY&{)`m)ui45)4XZiG;JEzity4jsev~&skPJrt-06p
z+}z}h$$iP}Ql*gOw1Ohoo6p1|ib)9Qj2aJok=g170%(!ltOyoj$
zNe2jyO6z_tpCMI!rj5msK~eXEzGpH~ub=c4Ggu|&k!q~=ZR?3rQ31>}&(sA^@`bwK
z6I3Ydu1u&rwnu66-wyxn^534=sqo+Rt%{RO4K7ssgeu|SgR*}Z(dA|vScCXd*KbTg
zY)1)I9XJ!q81BH4GK@h$Mrrz3wu6SBc~MR#Rk{%ZjpxP_3h()?PUIC#{4y$J5NHtO)kKBuKr6)0vx5yA@`Q!1j{dQVkxc{UJ4hf=0@-JE
z!;n;^1yeOs1)xrp>b?l4G<8YF?b|n-z3h?sxTAjlHoTF|gY%svaK*&$qcT`}8EI2JAKeJc$
z5{t>_Gbm`A`gtWQpzpn2r`vS)bapacEA^adOw>+It<;ka5E-2ET%mF{(@^02a(#oLZadu$WhklI3twsSZ}
zjPRA4P9>~Ih`w#I;Rv$?eAMTTp9K|I)`PXx1HY0VU;XxZ7Ov!$+)xuVi>~x9VNx|$
z(u+#Eu=J5RbPcIL_U&nDOhDe7vaUv0sNggfPY8r2BCTvP{hU#OeP>D_{3pr*a|y{FT|RQAFVhChx@PS
znl4>0Ra2H$^NuZLKL6&9aQ#cE+uqikKV3kRQ{R)So`zm*b?zpyp$_x8kzC)~>GjQh
z-szg$g?f4Eo@xXoxw1NMeX+;};WngLWoCLdM;g>H^!%yhKB#Ob1ok^BREv#%8JT(=
z#O7xcGrtffpN=WA2B;Bs*00pZW*1jsqZcxfhjv8!8s~LbP5WF=dA1;MQ0S3hd6Tt>
zoXCt7(ib7Y!pQ%OMD_}R8mJaW^?5fn8Nzo-viB@tYmznc7;w#9&kj)LYA{kn#~b5#)I}RYm~-xh&AGa3f2#HJ_!d73D>Y^z|`g
z=rV=CTC7otm++(TS0Otjop-L^04j)6Aa=Nm;^pDD!8i0n(cX0Aro?R*QODj(J3|0V3L&PH7p9(Lv2Qr2d%g
zWyQ||bT18hqt|MQY0Wa9z7Dc2rV(w}vGeN9i%LQP0*!sWCGrROIIq#1MX5!t$}fX2QKHy7bJwQD)b&|R(wFk
zWbih)qyw{h$qc6)c#t!kv6(rwNK%B1&@Rlq%RNRqn0%7=^AmSP_VR^=p
zTiLgpS&_^M3SbevaWeRU=nGENC26|GDjmt#d6xNOx`ljTq&{V)Q%a~lR4W~f4MyzAspzRw($l11@7h@)qS+>&Sww@;!G;te
zWVTs06yuy^IXubEw@H?8qz17h%julo0E`mA2@{Zt-L4ewmc!0HR
zZP??E>vq)>lK}wrXkM5a6hQ>NS*rmrDd!vuOW5#~NdRgb;MDQZLD9FsuZPt(EDfOp
ze3oS4uSs0^kqUCUoduAB&T{9TBC2#Rb08n&tc3?tIvLh5NaQc#qX2T(CSL09qtuzW5`dmvQI|fo
zi`H+gJqM3k6PnQ2-PaefCq-}KhOKd{^t`Bbr0#fh$7`2fTi=ov9FYl2EHJt0sb=Xn
zI~n|Ft7Qy9*<%s>^CTNtpoNh;O*o+*SrH*GWV?9nrk
zQIBc^oa^~pKVw4>ZHrHjVW!JRZ;I~dgir*e1RbfqyWTa84-drk<|9AqbbF>%Q^RHF
zy4t8#3F7CDlBk@_ks4(@T2Wcg
zs4;H_xpdK*x_)ce8o8J5XZKgyHgx5xt5(=LQqcTl&{leqTO|M!$@Vg%AF=Nx+~nczZJb{3MtmtofB#r_=J8AO%MtB1OUn?=|Wnq9s!#
z--HlWnJE;!4IBzygUQg!CJZ9^z-PaFMQZ9tBC!tG8&abhYFp-y3QCG{O#q=g-RWwX
zR;MLwL#Ly^*4nk3gtq!?#msbEf72w6)7h&wPs`03v(iyg(oR?X(pG1sUFV;DZQp?u
zkS069A243{+YA;w5jJ^{j{XI61<$fqxWPs{FUFP$!~Av~FvSUXnA@i;T4d<3z?|XP
zyyb!?rVEO+t8^KLp5~ZpHU1Y|ys*CoZ@}D;gUMt;8w#GpP@MUY(|s7Met6E@9Ze&Wu&*dLWU5D>H#VYyAGRMy9QGk|DI@QytK9Y0QfwF+seV
zIJUBczgaiFNJ$J!u`j5J&y6k2LUnOX$9}WIc(JQkDZMme#(&Zh
z7U>*&BD#Oz(;h$dX^+#N@%_NP|7hHLA@{z$UpV*KO-P|!s%y>|qxHMgAg9Rv9iKhK
ztw(Yc>9k$p2wmZ^H}}{xPde8>?8=k%xhHFMQ#zdEFCY4c_XB#d{X4x8Sfi<)q3~$&
z>6IaUN#>!bL9Jf%P3ceQ*^FvM%m(IH)9kx%5W@c~)!MWxZBQAQEW5N<*-HYVwZ%#|
ztz%_NZh_VRtL8z+wnf!7un+T~P~ildX1GZMXis#51y?d<3#JOH{~KpoQ*<1pz)*AZ
z@wY3Ij_@wvv_4t?&EA(cv~6X5|4lxHnl=+iu+id;HS7s30S3s@fk`TC8LQZqE7=%2
zOh5a3mb*!ojUh>=^FBixkY(LPcRBYgzjMy2d*-c|*2;T}v*%0Ce?0l=!~WmjZXAAp
z^uynmkH0&4dg{D$-!In6d&Gp9DHxiLn0!A7mt(43{#Vny$+4GF
zhc^;@`97?%^p4m0`ZTS=oe1J0?8L0lXbPEPTO!ZUCy?xngm|a9n39OwMqErm$AG6j
z;lI>&c8(G+Z*7^Z4}6Y^0osz0;bm1+(#S`jL3R_h`kU{1$1Hw#;`~apR(~}nI2Lq{
z+-0QXd&WYJ!QXtlZvQ-CAY{~hV<<)j!jvT8&Mo))hZTow95)`&_AQ2u8#5^Qr9f;<
zH7q}8hJ|Ewao{fDaKJf6pMali52WtRC(&C*JJMpiD0ugjm`Yf6Peoxeyyc82Fh#)R
zwTI|b-GxWLC*G*tv{#$RECJ1I;`dE=wdvtsZ?%ce2hGxIvy6Yst4+)x-mI)PtN6FN
z+N_yOmHT+6ifj0lxDj!^IWM5@j0Q4aQ{2)oYP@8VX1-S%*n}9ec^APAJUqt3iJnL<
zpAJgmQ!bFhmys8J3&XLXEu}vU1S}MxXv6~vBRaD*CIp&58h*WnCnvG`Eef9ADJB9P+`R;5j23~w)kO%u
z#0{p|aWq{4gWmm4Fm)Faka8h{PGV{+3Qc9QR4Il!yM(?JXP)AUBnR{mX5G{4iv17k
zVs)MGz~SV;@dOpTd{$=?W-hTj7}-Ukml+cSktR7Vc}G`pF>m0(XHI5wL~rrDmWL{ta^NPlj(9UW1MqPW%{q{8yN)bk1S{XZOSo$
zig;MY!;=K+Rj*ZHiX3F$6`1$>lexjKb}>zJg=RF8apx1z(Tp?LrQIPfU%QvhkJ7p@14E
zjKG5EsbDozJ9D&N7+4;OEi&SC{BGD2fnyVOma2sXLrKOSoGuz_!;V+43-M5f{O;DT
zzeg^bBYam`Fbey`7F{#n|1Zb3L3CJs)_0x-MPibkE&HsI%zo$LcNZ*UWWOuncXifO
zX1^=rcQ>rH%zjtF?`~P1$bMJF?|!GFhD-x2dkF)bQ@8iXK;}FA_rjH*FFd}gm*ky#
zSv=#^D|~h1+*Y|#9t||jC3P_}*y0IK$_nhrHH}pe95WmU7lFvyhGt=yibgO&lo8zw?bx2!G2
zw?KvRYw#BE_086Ygkt?_ps4-XbT9`5eW%&a?Z4VB21k~N#uG34@3!EGI$
zq{popXdg&9JOBmd6Pqx03_XEoXJ$4}@cYe^h3%bvBF;QLGc-Rv>{Vyk^5KPs@IK3y
zE5I_#@EtK+IFZW)UbLVFJUo{fm34mpN+aX?5|DEx`iG!KYz!pN`WiQ;^{T)H$7rF7
zpg~yx&K{6ZFf?VW2lF$s6vUi`=%yuRBo&+zL;C0ETr*=+a$JdX&vUNM-D3{x(G0eYC
zl&5UsG1E|ZRw_O1sn|_xj?I5u_;cheJ9pkfbr;t{j>-~8XPU6xT3Jcqnnojai`dp8
zRJY6_#_}oWNav%
zj*Y!4gCU_1$nihd9L&vjVuig$cL_*r4})T_peAjN%r7jr
zw|c>iX=R6p@8Fkdz*qY$*BwYJD&%x#{mEqx(+M8s`Tpd}z1xgp)lzEecXHMSQagPu
zCA0TggSJ)_nmRMBCmV6Z7d%=r5CR8WAbX)BO~9BLp{L<%;iHxhIuIo5k$?k|RMUuq
z3CM!`!XT({rQ=`)^|(I)S%6yo^PLsAxUzAvPj(*C;djSM*kk>Qr*!;fc{aGgs8eq_
z05ky(kWVDsG;p9d$e5V(Cw=@-gVBu?`he711aijsN9-3G54zDcDRL;|o3RGahd8_>
zuq;`FDZn{~vPV-Po|=RwzmV
z$ws4*SU0zY5s=V4hL-PBaF(3!a1O}et>Du0BI3GC`(WC5mG=P*wLd@@O=~8AOImHF;&o-ImDDRwBv~o|b5_fLYiRjL2-zfC
z*F6zkWQOkj(TO*WtKS@9^N_G6Dw@i?4s4>rn%sxgLG5HtaEI~M+x#dGSISBR`a
zUD3`>TLMib=R_;uy*9wn2ZSay^)+hag^4iV)|^(%PZ5?vnCbrIIAx)NH4TAi27EzE
zfD&H3L@E9y3Gg-kEbMmDSoiEXn(Lm!=YTG&c)2`!c4?*~b&6>nZyH{g8!u=yT981(
zsPjP4oRvny2eD;6tQRkW7#3!5TMQb5HDd9|odpV!0tQc*k)vi_A#XAXobpmP?dq&%
z+dCOsH?F#!DT43SuUW|2X7@5)-#<#G=8dKRV(F`Zd#}};Z|xbQjvvH`Ztl%%a3Y7r
z$3PT7OF$}A84+Ye`*(f6WtEB^2-MqZG`C_uytMY=yh^NTDtU
zYs>E^!EK;jaLoZ7OO_p1g%U11k|K}NV8w<16^Ze9xN1IMnLU{wVWAmA8paU=b7$gK
z8?!g_L(5Ex-X+(|>o~Zywg?EfatYV3WN7!52=*5!*sFZ
za+czC`D84*BWEq*LaLR@2)ew&2uJM32}~mK+?&Vy%+2F7qv(4>w#@+X@%cMZcmA4G
z$v4N~?Hy69&U2O#fOA$_8dm>6@pmftd_KS^O&pB#Sse^eBjz32C|bK=w~N4Wj90mL
zdc0$;H2KbYC+x=oCILc7S8yG)Bg|G{S5J117Hv5P<+5!!bdPoyNd+4>pyMhf_zG_H
zwfPmXan_a*-AV|Jpwok?TS0Z`8U+Tvj>3jD^y4nsC_(aCAso@#!V1Bx)?kL!1eeQ9
zj^M8^>5+B923|fi+vFSk;G-=?mlic$BCRcjG?;*^`_ZIZLMi(~V2aX9NN^)B8h?MV
z2giLxZAwhu{q${mmky2FOVUc%$pXz+1dd8^Mrvgr8mCc5X`Gqf`5;G}ks){Q^Fq+#
zjKmcR50^YV;j}^R(op0P{9PXF@ZbLttg_wv>x=M
zE^`k=H>$Q>7~X2?9bMp#><8AQ+|g?0J$W=>Lf-ss{Qhgi`p%E=jj%hF=gElkJ;fe2_}rZz
zR_tQ+#e(qe$6J3qg^h^X@SRx@U+i<+_Re>HS%iNMvoz;UwW@3^9PODxd@E~v<pGRWFY+dsQoRz$sM4cq*95v
zT%y*mkezZDWDb3}6M(CL0bZ?*jSX$i#PIoO__!3BL;5?hCQ%$YgDaUXWYC_xdUBx|
zW`?av-r7bc$T3ME)#`aGNUA(|8b?2@lyHnvPz?1gt}Ai8Ykbht(h2l`(?(0@Hwqt5X@1RFKQk`mpm%os;8Ocwlf-sCp^~8&*>`q(*?@!Bap57DZ
z8duYGpT3uMO}#W_y*X>MP-gd0%8?OugIo0UE^H1kjiX|~-@=Id(7+qtk1;)Ahd-}h
zBCfyPEOw$e^w%(Q3Fh9#{Dh>2m(^KVozA|1j_8Rpy=Ftslb0z5XS^iUeO=@yHr?Lg
zdl83OdgU%?>+EG40s7Dgg|ij$=Mcf$h{*hm5qSl2TLg%gtuqq>YunbIhhLEN+w=G%ve~z^gU#T9b
zEIL0aKKrBMv;U!Z>VKv-m>8L{gMzD6PKWY{Cgi)6kdz=~7JlYOCzS3>8ko02XO%&H9bboXDVx>*{iF%ZPVO$s*#6qR+I9Rj05L7Z{Z(ND_*=
zfYGifPiYyky|=hQVhRzd9yhYAV33DK$LinqC6gZ-(m2+
zUI^pc7oZ05B_T&Kd_<$;p#uu$MpX_Dzu?{HW~Hc0qH^39_}YJ&vb@hRF5<(+@xk7~
z>m~Lf;Izvd+i#6mn$?-macJO6k2(eyFE1%t
zCy^pKYf(=G&+8fpUrGau>25JdUw8w@HioCXpl}$C7>dYHT|Q8-AV_YlQehaP$B3^o
z#dB8?7`z)MP*IG*I%Cv=3>ud~aZqo;>s>~q1(_GY
zF^P&${J0)RYv@H`w_lul@&ps2`FHsHu8p~~@uOs4r;G%%49DZ7G}DjLKqz6{Kx9Ja
zT-i%^DiiETSHEdew0l#bX(3BxL(}N7JhmiPccF*odm=Ypu70cI!_%LRmY(XAbnvJg
zKJO93H(t&3qwyZX15Wt?!R{@18y5S@rJaB{$RPvKn2cCaFJM0$1go7KZEWq#%)DFJ
z|Gd3-ax}BGfBgAm>-b>CEq&hKJJ^9ow%#3o-a6f%nc3g^ymK%!v+?fq@bdwD-rfEP
zT{$EtE8(Y?5N3^H`Sz(zZj3ec*FiT7h&acTOL>49yM#kf9KfcAA;xgllx;8$INdU4
z2!oz&Z0_%T{%P~`{^8b7Gw^F;|1*Nu9ow6kacvhrz=J!dAL;hY&fzKFGNbG#=2;*b
zY-mpw%*$Yg)q%l<7pwc2X@|Xvkop|3ue^0Pd-Kx4E#SrRb4jh9+)TX-2@JnB*O`
z68zFH@8}Oj^fS#BBEKDt1rKd`?7n`}`t;+kpMJXfwBP>p=?!f0zX2!NYvYQ=M;Z~S
zw#~sV%dsw}`6oGi8OUIkf+^0=Aj?wGsdbjdOT47F*nsuN3tTPj$Vlu2XN}H8m0}Nvkz(&A>6ayE>w}LsB_c-E>#Sw2Pbtm$j1V5E2
zt%!fQKu?`UR3G4G$6~}n-SlD(sTImpGSb5lLuq{oo;QRjfguuM!(oC_kxo>^&>~lm
zSQr%9uxLc27HoyC7GLMu$G3`zL!u$w9269sN3pV22ZsH}pFo495LocsXzV2yDvAWe}}z
z9`6@UUmq7S)c%@v9s0tcexl>uq9s;j2%|br`auu#>ik%=-U9i9@#7oM&@f+Y``vm{
z^y|gJ)%u{`F2D%lm|k)6BC6oN0!2UW`D-v^D?~2VII=iJZbF1|VBra;GRsn)AQf(3
z>`BL2Lc{Q&y+*@C?4!tUi&2;37}gnvIF(kSPy~ib{IEewAh_m|(2IRoDk3yB?+O^;
z1kWOLA5WN1Gq$kf-04|J6U>$Xzg%@uCp3n5W+hV;7q<|1p?Y>`Z4f>3$cB>j!E!Mf4d-z;+@%;Jq(~no5j_@RITc3_U?SI<0mYx!E;nM(iuiSv&
zi?DYTq;Ynki
zU|OWYRzGeR*hdq2xmy)=5BW1>+~|1iU?be3j6=a5=pRV6%k;$~De3
zg=aI8IsB$*4)9y{)a9Bxehgwal4RCN$_h8FP2gWJ#RU!EY$|_2m$J)XstU|ocg5=s
z*%*<>4u)EfgOES?tQS%bRjOWn14u^#>^-RqXfMwO6e-0wZgcJsRpy=bE+OO^2r&)l
z78lE{e%spS)MRwDg=+DPYF|0Uz!8Za$VDZxiWBREn5C%S$|;#Jzm&4Jt5^96iI0FWAusB6S_~{RNZLkH+-2t_BxFF
ztWKkKK=Z*V+a$`cXi)$MBndr1?KaHGbD^9XLi^Z2-s;O98a6H%hR8dBW;Fj}cP
zY4)-tNTwg!BG??PQA^f=JEb6gEOn{(kL6kg%QHTE@Yyv!m*8{R_*};CZFQqEUxOPZ
zBgVN@q2JsE8|
zB=F!@y?l_mtBEP?ZIO@{E*+E0b2XReX)dp%xxBLG@+u~mSJhlzO{cbBAoke7}lmXV{bzhD`ezVzuu
z#M8xyl~0>unm&j*+7=VEBWC9#Lsjragq%8S;5%lOl3`Bhft}HDbf!{m==a07^XwP7
zF9=&8^-A>IP6l&204Q~~4y6aI85=&ZsT8gjBSA#0+shl8fU_aS`0
zOuXDYDJ%1r;W)m1*(h@nT@I2$Tgav7a6B>f7M$z~tRoPg&E>51@efqUr`PZK&dWcK
z9Nvm)?x)u=A#Ns6!)NEVQ!@Tl2${(EMB8@t-@O0+8bYmlT?`Yr>u{LBU6;cI?s^<1
zaJR%^0(VJOh=BrkD;y|rw`y+A+^tF6mE}38MYc|a-d&hODTfw{haBOnPT8e7?f5W~
zp1DdH*73V&fEQWmpJdFe+zP9q-(o0yVgQ$nQ(gVUNGG6D)QQvgFAI0@Q<&!GB^R(x
zoD+AnX7lIn?ganH0{8#i-FXiyAbzGSAo}x=0;Pu)cyO2g@&#TN9#Vi7#{&weR_=M`
zq->p3tdpuNVo?Z#`%0~@ivNv!`bqV;j#p@~&4Z
zmesTBZrM)N>(E_%d*tHlI~@OXjnVxa(EY_43_P
zre25cR^4>He0Q;uu9xrL81wDOyC`I%Otpuz*7WPaf|$XDjeb84K`bUkz`g4U#XAw=
zb#sv1Vwgn~Vo_ooqA-vQUHa{fR`%q33Z-SGep4l=Zt?4!o@Z-YnRl`Uy4IKiEC?IV
z)00L6{4C!8v0OmbJkyHt{J2uiVyYAj<*r|+45P5Ji`hzaSMw@S{iR_;3jI#lq3Tih
z*8wYQNMmqP5(z0g9d=yDsZ)?S?gK7Ist6bV3F%@`r?my*dN*jx8M0>INbN(2iaa!h
z@sW*b_2#m5RiLiJ1JTn&h4tNhck;7*rTxPX=}{2-n}1M0GpY2Oz1MGWJvK?zK-$(2
zxJ<+cIjBoa1c#9ftK5}>MLC^rC9ZIC(*-t#kfKiL{HU@TS61h&u&nN+tU6*77`jjn
z?I#TJv`%#OqC8<4vJa~4Q#n1vZCEn5;m9^200HWK%tua$t2il*{#Gj}v;F9IY4VPS
zZ}DAdK*W2cuXk9%bbL~9J$Fklz7uFCBa-h2SO&5cGJ=C<(0Z#PGt97k9x
zW2GG?CG$uD@K*QW^VVsrZ!5i+(szOzF_&lvMKM`69&
zL$pe*Dt=84hN5X^TlqvR)tfOdk5-hUsNE*aC&$nm!&C5J6sp!vf@Z}KsMyBI*501M
zP_Y@R5hUSdmy&R+2uwZEgs++q{e?GLwc62TShwudTgbc4J&Qw+hiKxkH?l1Bh@_s$
z9~0beA|xWAHwfzJ!0rN$OvMcjZbAvbKPeY*Z-x9tBS33lqo|c4;K?QmDccuw6_N3`3s~T+4#xdjX7q
zwO&Ucl3RWzw8UtbHc;~QFs=_^Ws=^Y2$V+VyJR|qNLqRjFvrUIYmpsW5=
z@Oc(;&T8#}Fl+rc*y9WYqw?R$U>HX|=^c$_bOZ?3DZq-li(uN-%91s%8!q@hh}^x^b13U3>YJv;4|iepOn2RbGAt-#az<
zx7e1(CRq<}pHe>JE7y&nq|830FEsmnb%zXiR)osiI^Xdu_&1xi`Q>kuv_tdG4=Zlf
zUK=&|QC_&pi?w_+j`V9DXY%X$4H3S=T-3D2R4k?6vdd0cn$y4!nM+DoNXR~78TOGv
z$>m&}iA-PmG`UUsz%}5^Je6Jn7g4_ti&)TXGi9eW%T-4SV!0x$p&7EjC7gqOJgO-J
zD3b7Dm;_>J6uOCA9oPk#P~2#HUirB1o$u^gn4Qm95&G7>^A0nyWF@$t#9zW
zn}v7<=sRKo=o@mX%tCUm^gS_Iv?16E<~Y@wW?W$V0QZQHLxPF}dEhxh?^HH*!6Df2
zQN{GukKrJ6EN8J+7Ws2fQ-pv}lIdx#%#^!fVzEOCLDmhRW7vNV+;<#Z!JLxE%Yc$c
z4`M_yB@Acx3Fbt&#stAtv<}o+4{b4mNi%1{=?xR0puriLm0$5lrZb;4ZaB-|J;}NZ
zZ^vN*Jb>0yHPZqQ#tgxHUR_ALWZ3G!U6-O(?J!GY_E-f1J|f8i85
z`#_VkaEPA@?fk{GM`Wrq@f0IxHItqEeB~zOKx32*T62#JfPz`fjU0aR)MQUrkOMja
zLt)X;fIf2iC*|P5J{GX_q#MH!`8!xn0^a;na2*oFe{0a`peGnqwo(_@>piRym__A!(MU))`G
zvaGPMao|&KHk7LROZbvAnZhTCV5_6Dd8TaJ)*-MCLb(^#Vb2}G?uM^+V;|q8g-i6U
zpHNirC*=2_xoq0%VaFn0mn0}$hm9aAKI!3seAnx{@Ou~s-8WeKEfW*w&Ve^LZj1A-I4WkNgC~pA@
zEs+W=k&Y>$J-Tx;eZaq1d9}ko;G(2o`wy5V++Ki#;)f%(*WkluX1AT~bGdO5OwLjf
zeX=<`QW-pC6C0Vp5*-{Gb)cM;+A6-<*_z|EQx58ed%D`6;zLI``LAJ)jk7hEemj*m
zRf*S&ZOQ;b*B<>A$xG-_=kLY|c2;VsC^^`PmUe-6mq(o7X%P;2i4JLv4tbFdM^`C%
zuzPNS(;cOw9Ke0OQbvLm;8EHW%qdh=w(odjADy~oTe_YJMtwc!@uB(rm~M=zVyI}{
z-v>~`>~Gh7vUtzn$9Ze7TZjETlIQmZdz&7>KWfdsNkH|1>ZCHzC
z$1B0T_tDLgHCwaoxk9O2EtE>7D$)rb@0RQu+^u>Ar|j5p_aNvmS-&F0c)cIgTL{4|
zV$e9Gh1M+9y#4&J4U&8q`)rG+j*=TYdg}L)9DaZj3}EIk0kb~AYS`%>{YB;|Vg`E9
zAv9h9eW5P&eP;-EFOC|*yx724l5oMQh;2N>yTJJkfW}hW6mTS2l0grw-%zk%QJpS<
z4GoF>lc=v^AxI%(8M8@*%%pNrL?T=a!ZsQEL~uT$%&aHz=`m;VrBD+QG|s|uO!NI~
zKWqz^dQu!R7#vec|6s^j>eBpjiri^;Zq=ol~qsKDzuX%y@nVM&-LU`Rs`Tl+JubJms7kOT*L#k
z>C!CooNSn5;16$@q53H1`Pj}_R>Ja{T@hY=xy7*FJUNr!}a
z>X<=HSm6U5-`L(h;kj)9BV1^q>rX1Ph9wtP&4q42J**lOzT?R0(mbAQ9n#yF@nuB8
zs?9kL)2Y;;CK_uBvSD;tN20*3d6g3NubWAcU`pWtZUB}xJVO!-tEJn^^4Gf(^Qn23)EcV?Y
z$14zq14=!Eekw(3gFHEv#~QRKXPbPg>TN&l5TKT&4_@2E!C*KPm^}(t5_A$_zPyY`
zlWURd--U0;4qOJ84@%aPpJoAvU1r-_QmQ8`ZXoEOA%0?XN8M_26Eq(G_Teq|bdL3hGd+Baw}FWPn`mCvT&S$ogiy
zsCH;Xn>;iGwZl|^@52olR`u{m##KH1y9}&)cq}8U9%4=cTxE1-sc>T4b&6>EmR~cK
z3sDMouTV%^lOhKRaiXLY@ZuFRlxMjIG
z@sfC7Sd+9EN%C;ZsPy-Fxsk(-3jQcpI#gp+I8^n?E4YyLinY%5v*N>=pnn-Ro##6r
zVU3i=b-^tgy)ZuTb#7m^yj7C#VA-GiEv3uBlyEgbxo@Re^^;u
zT+^C7`4OX6ci|whITS1^(XkXRJUlEHM^fzO=hVeTc7ImgaXEFdG-uVV{gGDwnL4;E
zU2~auii?8Z$&5#Oh7)UcxZpRg(fPe$5f?xAs}nPi#Dp
z+C?azsHEM54S}*0WI+J7h0Z@Q0uRlygiF_p6rWOzv)H0)faMm2rK=LRPmb3rl18tV
zC{Oe&RO+S%Q#B-ZN?ucjrYd(1%X$vQ1Y&cUhFFVv3ZuX>-E99lWK|~Kdyn_fkWsd+
z9ZYVz8An(C&^nGVYRk;gp|u&^Sfxd~gzzX-WmcR~^`_%0^(HAY7t5tW&GWppdK2&3
z71tA(sEpPFx@G7%g#L_zzMvKcrk!+BekU4q`=sJhsb~p3&2?ZYklvs7NtEw!WI<9;
zU5ASfTaED2wWTCWn4$!OD?~(ixi)_MVqRR-=S8Utc~Mv8y8#z98t1q$qJKrDd&>#%
zH;bJD$$znGbKhDt5WW5!)!#65tnfw$n7Z_dIhjU^-Ix`4RL#*=fv!zO(-Ww-22{1L
z3fEXDQOpa*ZeQcogD*)cc4+Or-woSspNGOm5$8kEdW~qkm3lJtQJ=Ve9ij>s4Yv#K
z;zA9h2c3)tdKBSgP8{?yaxG6qU)UD^k$Y0=-aEW3oA=(~bCy*tr|#i%j-#J@$MwM$
zDyQzzb7k{6uFtd6_wYI0mv^#%j+?m$&!JnFagXXl_pQ`Dc+NBH6a6dIGWX!Qs++p^
zE;BCg#D6ksh#1haRk5m8&1m!^7OWmP)+|wC2J}iSZ-Sv~85=tL(dq;~DmyQMbqyMG
zsXDMj2X40C)k9~b+lOwp*VP>-(`mTn8uLb7tQ|P1Tkr6eo1Mwpp_84U8r3DGde8(d2?AEag9HVQXNAkYMN?lyjCPEqN
zyg<~lE?+lL%A|4@<=}rt7VDBNzunXYn-qCnKJHo8n;`E0uAes6Gb~#DWXZC28ew0$
zafqj(Q`EYAE7`OtR3={&1aDv7KkBl43pfUXHns_m0wdC<>dEYr%IG1Ej;yTlZvCP&>8
z^}v$a-r7#pQ@gjG%y8mL!$3G@C9XYvEwfB@$3yZc_UG}ZeG2`+YAOzeIFE3O3y1$U
z90~!w0*o-;X!U&jbIpJJ4*u>?lu8c3xOJEb)5^Ut&JH$nz`Zo=Z~D|#4+>!NB|yM2
zAR8!rZrcw2lc^^Dna-ayWt!G8`q_s9Y4A0NjK;h;-Kx{Vt_tO#4xyE(?Fl10AfxAE5e|zz}h0ahFm?cOt9MY
zLVr04e455aK$*XB{vt~82wVZ&NZ+1IGY(c>b#%sZ`859^3oGs+r!esm
zTo`!>SwwOWdF>(BkIz?Z`LxMJWS=HpLToPTge;WiBGQEvC&2~j4Q07e9zvHBJOq~#
z{DUl)})qL@qyh6+&br;~vg+((`
zn-Kx<;k?hE7XeVtX)5s5sWu5*pv`T84b=vBkTp>oYh@BsWOz?-vtu#`O%XIdpF7Iu
zjaWT9kvq!gjaV}~!W{`i-IcP@>AXO{Doa2+We5;Z3{>m12#T~qzVB;9$xuV|JYn2F
zLF||0*ELuih{AhHUQbUY*dO&&EnkEHC&UKkpUOmMCA||C2O`mI2Am%VK^=tHI+e=S
z4n<)_T#yK~&(%=J1d<#_kuFKtE%YQsrudCMAcm*U>PQ+L9+}hQ9dG<6CP}rgLuGkVi6Wa0I6QlI$;b^O9d>(8ia2wr4N$sA8HQe
zBvOpyh|(aSPeyPV2x7BtzFVDXaEjl~rgD*Ld7&XyjP>k3kia?N+v-`f0<1PiF|a9c
z0mZlPVOkMn3h+6MFvFijE65HYg9-E>xzQPKi8$ApnbHz5x-&E7C8?gPED_HJVjW;?Vibt0zoh@-JucUyRKFQ@(oAbfTybBshXuUh8EzKaqh>@R=`k8KEr1|v3W4c~^
zoSei&ok&2BPfs$>%F0vg8yA=Q=FRp;6{2ZY#i$lRrsi-miq=nT$_j4!L6`hyC}9yu
zQS&ss819``Q9t&(2^?S2XHCX^q`(GLX7c_vRk5LNu-^th@q>>
z5l(Mj{k42W*Y5ZVF5TvkK|RXIS5ZSHD?2`MJvaCJaYOmzpwmMaI=$e8i~g_t1;xlr
zFi|Jvv4JlFINR&OKQF37$ABRw^V1C+gJCB~r4fYs5T(sp5L{|v6i!MDA3RvdJ0iq^
z4?-`7;jCLAvkrPumzQUcMiV4eWR_{Lk>~DHQY;w&uqdl@b#-D&l0Rz-n^$`~g{
z_$(bmEO?_2L>E{GAJ4!pC!-nP%N@0%-wGctX=5%5QOvb31b0!-vPdjDOk$D#e0^Yw
zg?VDy7Z+W|YF`6g_Pa#wSr>R3b_n?nlVh#G@>{Pb#UaS3lx+}`ES?0gh(t;flH6P)
zEW^@Ow0Z&DuZSm1%Z4HM^VS}vwCF|@MgrstbO6BE#I*HUvI{!B{;jowY3J8uGBiq;
zfolOMQP+fGa@(V-Yga~ixJ}6ZF9WI&KlwN2f3HKuYv)OP2pSV`P9vxH7|i#G<`!amU}nP|%Y
z?>9yY;=iCV{<*s)h3$XPZV_4B)+Ok2>fMrKfx3UUK%vYyOu1X0%;fJEW1CFeAG{T|
zAHNmS>w25d-%Vc1#P(`I;N#)J!bc3_^f#!zPs}1?by7#OORulPfXF=Zd9zSavydqc
zJ9=7hLq1JRkip_C$;x(8cDrbe3mhCy@r9{HAL?5y50iMk=&!%s>KC$DIk%$iC
z`X?&q`7Poav?CD5SVzStftr%5Ff+0xgJSRvx$C7PPuNXisi$*z7$$AHKLWB&<)>4|
z;!x~h+W=qNDQ^ygc#!YI=gA1`$I};sv?#)oib67i&`xaJ2DaynCL$Q`I)u+dQD<5Q
zqDK=M_=?ENv-6$j1Oqm3!3Q??{yLM$pe-k0T9SiwX5@&L#O78Ko4(|RvnB|FiQ^YP
ziZAe+pTsq?$@}6O`Q*3a8X4sSRT_Ea!>P;}hA~5;%%?MFn0EGDqS=O*@MQpMW}-2r`H5w4O+URrCVB5OE=-g
zM>zLiM|`K6ST;?cQ7Cx7x9FBr)^(&rU5nynNNgk9rchf(as!&K-u323ZS^BcLsS#Q
zsJxg(t>Bzt!9Q_?jo$n@5^-r}W;Wq*)K$&YW)^20duHZL=okNqI-41H#+xa@O-c?y
zays6h5aM`Z@Z;?n{!ifX_`|yy0m0%A+cQGN$RFWbMgs76@GWB!`6GT?mfuoY&(I@PQTGR(XN3mMETjAts#cY
zZ3o>;bg?JT(x_KJRUl0j&y<>;?I5Ygp$wo{o~g`C9)0RUVWx@|QcE-zg_)XpqW~Q=
zG?#P-#>P}#K9K;dS-G(0)SBbKnzD!QdNbSEem-zjI5RUJXJ+=%7EZBfNMQiCgk2tQ
z!7(q?RrC>0S~RZAJ-jiO8Y5ezYinP1*(U7Khu7(0QB*Ti6-sqXGlqA*w8oTbxBSI5
z!uuQA<1ea`ig733`ten!%173zdU=8|Zqs!>yv7Pu^`RB^0|jD`VXoz@Z%R1BkRH?D
zKCrDS)n){{MfLv7qq<$CZW|GHWmS(D)T(&NNF>7Ksvc9*BGp886dF6|Vnuv-U`=?`
zKxu~i%p!Wo+TWd%6GB*@_N^d8o;6EH5}t2-uxV-}K=EIn9{m*D*4rU2i)Pc3{n9rd
zQLjr?>~t?NR6g_0MCwDzOQga;@XLx4@LBbN@Cwcoj@;);912Vqhb2krD#|7xj@{)nR(-0tBllv}
z?~Ob1o>d565JYmKw|DDd;YV_nlMjnPq7`6YOX;ZP|6Jw#e-HtdE47b^%}-`naBk)J
zf3r31y>TnR-2_v&XX3n5^riK*I%gD|XQX>nNgkCZv&oMO4)0GDddcXEse$2MdFdih|b;2uTJ42R%5xlTiwn+oh=e+U#RK5Ca
zK>n_&(LEL^)aGVphB0#Ly*TQlSs!^c_+}OlDih}|V%DASY|YJF#(u9A))N{0mr6Xt
z62r7`0Jj^^0@}yfYSV0oJy~Fg1;|Q{H&WivKpf`S9W;Btd5#VjGQyN_BtGA(<)%>M0j1N
zVwRd*X3!NKf+w)7UBa>iT1>CNh*G!XI+v
z{8^+zw%P8ugqkl$e&;-6R&=N05?iRol!-5`J4%CjcY^w?JDokze8jp-SCs#Aw~2Z=
z@q64ePrldh^yRMx&AjUwJvs?ejxBdIx_2}KW1sojJtBRyXpL8fo9a=GemmCqXTD~S
z%r(hve6=+>uJO_PspnHmiJX1z&;!Q=g
z%gRu#Y1=p38);usM}xHRc3#Baj?L{W%KDYxKiwB}G|c_2JSem6XUe}DS6+IY-cx>i
zOf8o5Po1j$yz(M}@>K1Q_Ck5SKH&W`GIwK#y_w8bn`blb6kt^*M0E(%ks4c
zv_CqE$`|;-^DoMK4}X8NF6CwX;Q1HjtJ96&Xvuev*ngwH$sBrL`Dy9LLuj_Q^oRzh
zB2^}NF7qJClm0O;IaQkj`UL|&3?;a~pCFcf;mh5G%k7*OU-3uDTBdb9Mjh~@Vf
zVa$oAFun}xM1}I5^rLIbq|#Wrik4&?Fs%XQOyrtO0NCk3
zi^@Vk80HI109J=zrN((2oOeUG^yaPc(PF9YZ=VS=KP+rEC~OMH{AA|dXyp?u1sYA5
z2`$=S6yYTW7(JBu!e{3@Ly9ySScE);Q6&2U!D?;0L`pFH50zc~*QLMo;EgBlp_a)O
zFKH^Xb)59J81=~}ij?>HLqLl5e<*cuXr~baRx>(6hsQ1{lN){^7
zKGKhq`HhpT
z!*|ygmS3+&G5VJP`-NXx#bU96fzsfw1t+gD;PG{Oz@cWY)imoj)KPsgG7lHu{D_rD
zfEgoJ^&Y4R=Om|epJSwd+@bwUY3~dRR}w;zbYx
zR~OupAF~pk%432~EoDWfr|6I=9}T;(?PD}a&r(Pepb>G{XawCkDBOsERmPy5&F}^j
zL~(9j5$#!JAA7>#gqGq&idOSl5W{a+vI;xBcE}k}WfTB({4yjmj2;bglB~}V)ldvv
zs<)TWc`WS9>{T2Qn4~HZdxm0V3y=oVN{z~z2RV>=>z~)CI!=hMkw%uPA2<>t~f;AD&|Rw{%dd)FkNIcN$x)o{P@qj4zKsG?-^bKJE(#+WKz7x|=23L&;RVL^5<&)w
zCrYB|)G_nI(Wq}V=bc&Q%sC)`uYNk9FA_%+p$tJ!Q6I_&RY6K(_s(}phD0b*+{pLH
zcyP;hDc=pXdpL5?@k|$ncl_I+sb!#~`8jQjv22YUOVvu52o>%R1Z@>GXbaY;0N*fb
zix5SruU9Z5)SB#L>*7xQN%fLyy%4MY$&5@QMZ*DWLZSQeX1*nRn;pv5$O|x~eKY6)
zIfZ??(F1v=A9bOR@CQRh4En(hY;`2E^H!~9mtDttcWP}6l0FeVBD+;1?D5m37~50f{?VeRZfPxf&tq21G&U=AY{tcRZn90O|kzLDDd$D#XZI}Ua(c*FP$+uE+Fcb
zHYCG_R0d-O4l%e5YOdHX7mpxp4M|@ju2(5^8YUgUm?6mklZrAm!pLk1mQkvqI^7=aoM%^3uGzm={@TUe)JC
zZn9U6d6AFiRWL8I(Y$KTi|8+KeK{|3(Y$K0A_=a-d6l9XUz}5zX_7pCPy=pSij;t)tulAXE>dhS|%LhGCCFYb!x5}f=XBI!u3UZ^|QDSD`)^j
z^de}tO_ulU6_7W3?0=LK$2<VAE`GhkkJ
z0y3V=1!IEx3y+0OQ(upY`A?^;m;ZFk^ni%luA-m2ir~F=);B1_rA#~LY_8L1wYCm?
z+N?)GpXS3_>C%n$q#j|ecz74v!(d#9v#$`zvMVWJ1wNVqJnAh>6VuX?%ak^;78=5I
zUaEEnqj@E?B4vUt!co#8gh|fWM7}pPYe>m9x7u)gp4pPndGQx9!7n$nUcOnlcP?*
zq*YO!95pBHqk8Hn5^F&Y{Ecw(3TJn0GB*c$W&^lYKv{}F-nI_ge+^)-#%=tNXA@KxT
zw@SJ2Rxu0S)tke&sAfv=zj4OJ$HYAumvNcGnaI#4t_*GR=cELo2<&HWdD$Uem<9DS
zd)W^2jEXww(@40H8m(*3h&O_dw4-|V5jXS5P4)pN{XiSn1c&pfct%VUcnx%AfG__>
zWHn%k0{8L-K3zw{2qx`)&B+fZElp)C4fO&%73{FmS7fvmyu*tgX(!H{Ww#vjNZN0>
zWCLE^Hq(m69eS6u(z0`{80puxItX6dTu|ykSPQbniV&O=IHAsJP?**?v#6X8uy{do
z$g)e1I3<3@;}TW=v+6iSN*d_6;;$$Emc(D)I4-3yT&>u=jU4*4NFP|zS!D@m)unXB
zq&oOqf*tj_48OXhpb4z8YG6|ZOn=$5LmLrVK(PwPbn$%0J~Vl9J4$`}@!Y9a8d$`=kU0cK@Yg
zRcvpeR;v^i?J`AoJ&aMT3;SjrBAhzNNx-pVVYh~CP+_W#g3w}+|P;ea7InmLc
zOm)es$4vfp`zh&-3$dA=He=zjEu7}y9d%xG$dUXW)FBy0h~A-!7?20
z!2dxbq8K_pQa$sWj&<0=2pE1h;&I@vy@IJg=^G{t-NX`$!(xg!!MayO&Ho4}Vf|r#exBhWi*~SbUD+
z&ci8k(GEH)j<%L{+4hp~v%?n1k}No1qD0;E!!GJ&Z{e6}#Qw0$DRF&@PND0-ggA|&
zwE=4=8C+h%hC*Y{D|iN18xAHVCZRChoeQX4>?wM&5C(?7r}c^cv54pE^X4Rf{3Pt+
zu0V4Sh@qHtm%M7(T7;u06_6nEf>c>rE5Pr{8cB~LB|*DXXjj<$)CiNyL6`)~_-vJ)
zT}(gg6xv?#3HI#nT29_XRpb3y#>3NYn;5_}cJB8dR!S7gQ|KJukbPlHlJ)bQO{HK|
z`o*8`O|wp!z?oxy3*04zY$V=TY7u_|cDS;zrc{QkF*Fr~`{VMRkk0c;_fCqA)WIv=
zJS+T;q`vR(Qr&kfwSDiIrzpp{hrW6*3`Ct+|2W4Q9`MY8_eAdLFq4Tp4(k#1iek+u#4Z{qAUg2jksr9Ut!RV+M+2_-fEY*toe!V)_YQVGA0EuS
z-#dA?vHuzR@OkI$yZw#Ry~BggZx6S3kRzgVQH4+xd=y&Zv1M*DiaF3gHzd6#eKfH7
zgkvBrUb_Iv?5MDSMh?Le(F+B8BSer>R@Zr#B
z-7E#X#Y35oI&4Rza*!Z_6`TMv(ZL^ltb?I|VQ+->5W(YG(RwoI^)S-{97s<~FP>Ti
zuSyJECk58Ux2H33o>Z&z0>ywAxG+iCOFC8JHiXidHO)gDKi~=E%e9gJXyVy#ME36B
zIS4Z%$sb(iorI}9dU$%({T}0W-fwlwoQC=!yw+HN`q%^U3wEtkKsD3`K9mZlQg$cb
zDjm{I&R*8=@hnM|x*b2QU}=l@GvNmJkz9%3W}>Tme5HDNC5cW7!hOE;s%IG7ep3dw
zSQ*?BWpL{&gWEtE+^!9S+fW(YZj{08HgyJQ*n~uIhg4n-jYLlTD)AC;=$L0M%txt(
z`JkzoR!_WEIH@&7(mV~M@Q8T+dcH#_z}K*B2(krr3fa{oS}3L0T?1FOs)%7pBE&D}
zrNJUP7~3qRS-GvH_Ip`3(j&qjVs*
zH83LSni=hLi#S{1?t<(whI)wtHrF7zi2IpLYM2}iY30!G5-5qxITr2cLQ`z*LetpX
zXmUzbp|y&7gwN#|H;Bp53r#OG*6clOq3LCYrAHT9divLK*39`^msUl3EBL@~7hjvN
zm%_Cw)%m(02Rm6{M;HIT2zAxkk|R
z2kpLf?Y9SkFo7~|R~{O&RuRpd#5i~j@_f38&^`xqOgV)7u1xz9{?0-#0mAg5(eWFB
zk`&Q{*yjW7R-i%fQ0)&WCpn?#=vccB;mIY5K`|j6)`g#N;wNlY0@>stM&;z_b7M(p
z-FU@HD#AJ)9&CykV`EDn6Zs&GJXV@<2qIY7cvQw4!9+`Vfu
zGR)oCe#(D{QApJU`@8HdmzG_7`Bi!O6)Eu@cUjuTNe$}EZlfMFG5PU_!Ye*+;8v9s
z|MRB&gq!j6mi&Yp^7A%-k`mbG9r-P8&Ck2?6K>DXujMD)pr7C9lDJJj?}=~oK^Ph)
zVZtqx9t?9m%u+deT}<812L~y&1-xAxG~9YRpL~
z17h1ay((w=uJd*gOs@)cOgX?5OukX%wO)Xl&Gk-u88Z*4wq_~b5IVACYM6V#B5_9-
z2~#IeQYWQzvdMrDQOe@!v@EBT&IMIS%o%KaoWemrHNEM26QMb)Q#95K
zqQQaIIRRfjAO#^zMq$t+IbOc{(oJuPHDEw=q9NtN5(jpGyaOH66bO`}&T)b^0S__7
z3+#WBRSOB$qZOar1l)IQo#sqd(FAcMiUrjz+Xh~6&_%6f7fXL%T9WF&FG-g}4QRcF
ztyCHJ3f!J&@bLMXtm_|EDx_)>gc)igp?r3dA|p+^P0~FLf3G=YMZyoI!Yfbzbt^wf
z?tWAc1|%Ip{XeYKbmo+OdQz6mQg{zTwAl{*uF`Lh7*XbyJ`(4&Mx2zOn-leE`651)
z(p}6ZsX^n3=CTE4Wqg64t)I4(bL4@drlI0>K51~qr)?%Dr$j)7c80X;zLh0&{otw}
zN8Rwol2QGn>`7mH9_aSV^~P9Nune6fc<%eKb$(zId%a)PdG_Y;EBCa0{&P?C_S%do%P&8=2saSE@SJ
z0mwitYc~YyY@PIBiGkQNa{?s$#|Tq-Y;9PJWydSQ&G*sGk~LehYjcHC)hlowikV$s
z-nICy>tbWU#Zt<~292ZQlI?uhlf=jTjY5Qr(L%z`E4@}kag{BnPy_zp_0DPG!_Ox>
zcp3(%OA}HX?kE({X5pbZdJ>FZjJ4Mk`1b!p03=_lvDQ
zA-(0mTtox3@8Nm954*>hvUzK-TQA}<>?|&_AX2B?qI}d3yW*>|IGS%QwA$f)qzQi?
zU=BAZv(ae;SJp)g*YKMCD1w(di8yzQO3u;?qF!4Nm%iV=Vw&V%V7D+<19okm>YO(!
zRT-}NeNL%LIXYpt-X374O{<9+t2$T>dOoqNj!U5)w1t}w5D*I6TBo3`_+G@4UdYP0
z2+3yX&<*#lF>_~f+wJ=|T&paEbKnV!nNf^*A=$M!Xmi{NjJeBh?eqr1hPK4EKB%Z#
zo~OUHGQT!nFD^2Ze1YVdqiv%D7xK8U6D-TxXrp%Ul36L5V~&%nYZ~
zHKM8t9*Oe!nw_;~8)0WoX+mZFP{m$z+zV=WFx!fGx;(qksjH5ldu>XCixYzn-SNcU
zi2*g`<9z612DF%hE0zeTSRt+xA&#kjx2Ukfu?)=uh`R(_9e{g&K
z&tdQ8Iw#17_SE{t$WitZcq5dNrMC7L=YDnVRAIvnw4lV70e?o~IH_rWsZz*ho!f6s
zAC0>zEXdEIdsztJFEy-;oF#r)#DaN1KxX~0;*63PQ{O4>@4U;O2)ySis4au`&OdqB
z0wvV5S(zcQcmFaCJYzw3KRzOkM=I1f&;+=uO0~c@3geL%UR);%gxfhjbUo~1Oz^x<
zpYWBG2b}~IBUZ0WaXmDX%V4_SN3n8FwW_gn{C%mKi=`7QhXHXCZzu~)09ic(vH7wW-KtU(Ha;mW)#7$bK1=ZKZ;@1z9|esRCq*%
zrejPdf#`Y_oW*DVg3ot6e-6Uw?$j40^+gFky5@6bex#zGsp4mcKi2U^4OhcMmIuDb
z=n|2y=StL_u{2%_O*M}CNZ|e%JRDKGg|<@QO-Z>-_6FcoSBNyOv62NH{t#G1a|8uh
zW2ORaQLt=2&^W0$a;BKTl=K}UuRETBP;}5ml@}aWjCBggSp^s2g7%x?&=JTW6oaA&
zOkoKEjq8gp*LW#iU&y5-u5c+KT8>oi!V3!iuA2iv8^dDmfKJ$Qnq|qH{Xy}vXl;ib
zWKl^y2cqoE0hzZoPmpF{E^dW`RF=gkigDLWNzRtU7%pr_7PeXBACS!;o+Xdbz;vks
z5-3Dza%`_70}H&7naO2l7`EF4JEVb?-s~zAnb3T;(d$UJK^nQ@SnL|kr$39H-NR8ye(K50_;_okb3}@Zats%UU(T1XMmVQ!$y*6#ig_&M
z%wRB7$S6(6Qr(j>dNNBj#@m57tz3Txk-k-?axEFDT+69cu9b8u*Z)YowH%(U7x$S%
z)7;yWneqJFDEB6vA-)R#MvAFlD)a%)`BX5t$1rl9;NdECNGrzf&tvN<{{gmcB2Pej
zJBK46b;H+S3s!*Mu6;RUK+I|RQOs#sv84LSDt`;+)O6GtWmNx&hcoYB`^Ei1*Y5`e
zl1CGZj(rresXMJU6SY$nCPRhlQ=l~AWtX`|w8*yo9&JrwxTXbfk;QyQ=SS3a5Yrcu
znYbGYV|pj*M)g*VDoaz(2Q^5<3la`wG&}xPV5D74`h#ZEx+HdY7Q5QL6&@4Rb&Lgw
z+%ws#KNuSKzGa|!P5E`yEad634Q(<+#fJgYw9H%Hx;h2PCQ$M6)`x!66%>a=_
zw`#7$OnxQmFq%%)A((5fL^o8#d>uRl`gjuR)|7poC56T{YQ-B;)}a#vV>U`IUu5~U
zE+V<0>1-hK%3Y>D(h2CpuiFF~-Lw3T&<|6L8U?Nc(GNqz!AS!Hjjt^c0A^1~x)Rs|
z5|so-0Qa7LYF0$R2rv`duP}A+5Cx_hd#2Tj@a6)5%lQ%qB$dz|W;*Kg)mbIut6>-N=g{tBX^kMng(H64cms`&+H{i9U
z7r&Ap@u5*}+hnYdHn4(MSVbRy1+t8jX4u^{WACNEEt{gYN2C
zQ$hYtN(q9FYcDt)W0t+X1+#6k*9xRjv5TWxB*~K^Y(ZgA2R-BsDZkW(KWKah#a2-9
zv1a%YAn$p>E@EjwU(*lU!VrMo)-!&)U!bULfiQ=Fr~qs7e5cOQXLeqmC+Ku<7&5{{
zdSX+}ESYpU>@M{~tYVi}G5>W0N9st9R18j*E4}JWq4m#+0Ht|T$&+4u4@2aPsQ+Is
zoX;2Sv%Qw@Hg7I}YdOFEeD$jRkIs5`=eOTYE;!dmi+$memb2!wp=1_lFDXl$_OVywYbVAR7n=^gAsuxe
z#N=M-kX6$&xh9KCEbD`qT$9E9bD}X#j}XaWautg!!#HJ_T$s=Anaw?qr-@uuCEu
zY*D5L9Aaqr8orrj+1@m9jSSxg)x$#T|rl*>t9DE<)_g5^b9L!x5ky?3_^C-ed-|P+qCQs(0Q#C1j@iy|q@^hZ1^qq-_g5h+
zKs&q&G?NEa5`2V=SEzCoJe?FAIE{`OdzPG&3`Zt%NfPd*ji48Fu{dffyF%06^JBk5
zu{o_|P;Zf|a@56aO@4#ZGVC#c7_rC=*6T9%B@;F(8uW2~m*}l#R)EN@S%o!X^JFB}
zuzxGQbJcfUios5rV;ZI;WY+w(t;aGcXAG7jADZC3%#%^FO4WdgWK|ZFfqWfcfv-&
zS*%r+0Y|EB5s}2|Vss{lCO8^|2m`@ElU9I_g5PntrZw0>-$!R=juS;-n|6~^Nfc8m
zejm}-?KZ3@40t6v-Gb*tz>EuY1`Y&{36@bPeWmmf#iQqn?m
z77ii|8oEt4n+jT4v6s+U9PI|cTv}$>>QA4@qJIux3PD>T$pG89oBhm46KTK`Y>D-2_pAE)k}uVRAx24j5GT`
zspb-K-LM
z;Iib(hQ(F-WlOHnDm7SQo48^Au8{qE@+l}a9hn)@PFarOY|k~SW65z+E>w%=%*u1g
z#dFCsNmGUAT@VaM@7mx+&eV&s(9@u#pQYT6e+A{3b<%#xQ$hhWV?tYA$vmVpp^zUzse#
z>$M@|^NN<=#pQ?5&QGpU0QHpMS6EzpeM*8xLP=esenwV@%7dGF(CbTJ9u!sv8J3{o
z(UQAR;?N1wd?HX#)CSZ+(Fkc6pK|V2kW7_~PLZZ#SkH_PP7B6q{}GfScLm&x`bYgY
zYPTlU4TZC{W0+JDtAyW&uq4Magzb(C8-Fr^1BFchTp?r|?wbwY%&iEqrtkB8~FQ+<)H4#bQ;^W(XN)TI3!M
zY*ar`5@k!ju0VJX9QyJGB<<{Xu+|qBFZ*}w-whXHf-fm$g#tC3QWI&J(>5SQ)k_8u
zbA)xAqYg6l9wWMBj61pVNhxj9p~KD=prhfC4nS;IFpOS;1Zv};2{SH
zeF0IFBW#r1)(E43gCb~`aY?~p1z(#r4pUW5d0wba
zVia1R0yx6X$CMr4iCDK6gUiI4-8eYe<46UlkDJ51R|Sp(k0IFu3fG!ekrFmNI!y~U`7cz|GdA440A_!g*2MdErc
z;IwdlCOyP3Tmn(;OU0RjFiBR`BUyd7O2@}?Wz
zVy&0ZKat#iNC;hu&PlLb#(?X1`2wGO5nP5{@r7tq~;g((2ZGVj*B67ywRr7#a9axJrxvC
z1*ZhT*VTZ}Uh#y52O?)>-AbC=ctfQzO#r^OXYh|}6uGj0`K|LteyKyn>16goO
z*2drxL&?-=GZ%1G@s|DYGqV|TsnJfG4ZHp4ZR=5SgPoT3Xa8nmDy80j$TD?BJx1Hn4TdgXBY?2GBbsJRN=FJSgE~OQ!%u-UjdhL
zev;h`x~yWEvyIfNugWd7%TwxA%BwkD^3_aYu~g=;Y!p!v1J`s=>9bl#t81&+#TYmn
z6*toHFm$9>TJ{!~JsCaHsVs|0cj%$=vSTkhH4go?Tw8WABQn3k2TX0s>8H<19K<=T
zw>|rPUd60CG=kP08d2*GQ<19=RUU}LBcY7N?mB-6Z7hE9{!r>z3M0nfRaZHv8C=$A
zzD1cu`r!UCFJhb?{#~eJsbny?dtV+Er209hls+JuEkzOttYSlydTvgiC<+6fGFS|;Ax?Fp<+`-+&
zYFw!4>2FelYde)^0d^#Xj6Um#zCHad9W8M}AX+)R6Jp$rCikTiUb@H;bhiUs1WL&|
zWat};jEGzTaXU?RJ^LDGp?~jT`0ixnBxDoQ8!4bM$%~C^RvDjpmzv$BcIHJiNz;xz
zt77BIz~;6)NBoyhN)zCXkQFvLU&$&nZyITK+2n8&jI|qJjJIoYb>?PGV71_Jk`yy4
zLRb)AI_MSE%m~g8>Un+ePB5S{_B!cxJ_2j|F~i!5;?n(6v&on~iJT2}#CO5LCSzFG
zdBuCelj0E!Qp{z{H_+^DfH8GZRbr+#?lMY4IG6D&ZJ!>SRm>~@OKgv7k)7i9zS81r
zl04NU#YBNGQVVecBlZ|Luj0qZ5M5Cm+4Gy1x5eS!AD^#(oxOVA{#)l+cP?7|?L|`S
z7Y4=a^ZDV+o7Hi7S|^&HDF&GBxheZ|X@U)!yk;J0gqG~kFD^Hbmq>MTTo29uoWcjZ
z7R*k4-C_RGPN8|vKRJ@^IsasjcREw%N*yj&%{Z>XK3kumVKPC}xCTYxvW7Nl;oE{%>!8FY>qGc@k4)OZQ!;SNkZiugR#qQr
zSSrgE_8bk$b^PY1N1Cl4>7MqBVT1M!8}voWJ*_UjL0fV|T%$2L5Z7o;Zf0B<1ef$_
z<5GNq-Drtxd@2;z*o|MsHFo1lmY&|uZCJTEuS1TVTN$k{)Wi`gfY|Rf1(02S4m*^a&5k>Xc(4Kb1uG^dDx@8V&)-*gzmWYhZ
zFVjwCFVi;Xml>zBmuYkJ%S=3oJd=0Y8f~Tr&6uDQHTrs3O+&N_US=4d#Wd+KDDn`W
zmQngz$CNM6DPJ8_e&(ba%OyF6cbw#fn)BI^4i1AkIX$9Gg2|?spV7!80h-j_W&eM0
z&i@3QGxLB(Epi$z8Nea9>0{Ui9kl%WnGeWRKHV1O-*Wj?>jd*OH=d?AL&jCohzkJk
zCA~A+p)URS0%3}x<#y1_#(-0JOOdM$BLP5R*%wMX1O4OR0;3&z*G+VnB&?HO2=4lp
zj3Y
z*&=I?;uoFL|9|*J=NtKdDcqvIBBtyiCVyKK+X)cH#i@Xcjshe&8n9?wQs=$_c+nBi
zD93~>raokb<*PQWowhV^(YVaK^b{b*vQFQ2%%_EfRg_a$#GGjEV-bk>ZN|?t7l3FE
zrGg!%K4gb-dJy7tORXl4NpIRUrxApX1`ZmR*%|m6a6U()2ptnTnEEg>R9~;<)S{E#
zdIpxzxd%*W&a?CfH1LFu2`F@?M-=MqV91HpvPix}UStR^^hx@m8-|uhCJAele9laHItJRHEQD~VnkWbHekRlb>VKh*;BlR+0g86SH3FNxf2u+JvNc_*TeqwBB*kjt5Aj;1N`a-p6HBgTpw6${#}H
z!w-y3a0s~IF3M7bT##4_23EKxu)Fu>hr9NzG}*49k^g6)sG&T$~u4}+gAb|Hquw}oJ)mDEZE)2L^tr}C^nvTv?MtR
zNAX|?g-S=Lle6m)mw*blFHjXy$Ror-KSeO-zh(4vamR(F-tlOl%GfzhJZVl^Xsmcim%&z+|#@HA7j;P*sBI
z2R&EVC1@q21v6xh9MeLm_GU}$&5=fQXNQw|YqXn;?YWW;h-m~
z0=tN2FBjU2dT1}fJJL2ra3ic^~E2n
z_85*o1&Jx~TCUk&iP8TWU}eWift4QtQ_g0}$rS*`v;Sid$r8OhP6Qx!e?$n#7XjQ3
zv-&3g&yNd6(G0P7R$OWNF$-$pqu20WAxd2C
zY_^sHG(?)1^l4;(lmtMfrjY?s5&)H&C<7q4I>Y}B*9OFNp?XNO}E_i+~#q&?W
z@uOIf$MffM{3CotTbO=Kowh}GFfE4i%wg!ZRQdS2A3#WAIipus_oHd
z^EgU3pQEfks1xJHWT*#aIB8Uj`jRZ~Su0D|MMhWs6kJ0GPBExeY^_}3r~W!3j=RA7
zAU0#(a$M`jL7OpE0>xF2dVz@Oh2g7vJwHZYF$D)l{D(?2T^Gy{0WI)afJ)DWeM^w~>Y)q?W{
zuRcpjY8bGEJ(#1n^y^pMXbAl1C4*vU0nC!yp2%y1*-4DT*%AbyTx+J_g%H&jlI0uE;Y=p}Cth5UB$DKGCD
z@cnXqt81}CY6U3`{f}Y(AH)1VhWW3+Fat@|95Z|{S!VdCd1m;anP&Kq;hLrHT)P&+
zGX~p?pETc$pG@UBe%9J^{G?fD{G@qj{A4Q7u_s!Cj-NF9jGxl{v(%vDH)$3+!$89W
znuEp?v;C-t2R_GZor6oL09w(dh2gza
zqiV{w4wUm+BD@-L3O$(T%tHSk}@oRl6Jc|c}i`}S%ouTC)Y?DF
zw#cj*Id*9{8w8vhSe_`0@2=_9<
z#{bI{Hhy=6lkw7=j5liHAK_$5nv;1X1M>}e7q#+Dy`MyXpOfbAp?bej4(6|6`_BYb
zn8>!|==}uKa*u^SrT0?|OP=O0U+*WGm3uXRUx`;S^Lym*DuTjT$M>rN^W!gM*q8Hj
zd}UAY^LflnnvcQu(0Gm_5d4n+!dgN(RDWl_MsqpS@;EuRe?dSscQYDwA;s>H4r-Ja
zL7qb}A+s5-WRB18f?JYDxV#)wA<@)iT@d+oqPgp)A~!Q-M2qQt*0s^wN$dTbF`7?D
zD?E)$eEcPy16g%mPPO?;O-Cs+_0^ci$LcjRhh{Z>XyV7rVZt$?=}4%qjV%1ugI;3n
za1D*|8jcLuOJR;5QG_~L6FR&F5mKwTF!LS(JFRV02LkK&V-#3#iq^Id&C7HIUSYAY
z=wfkRbx?ye`&%`exI|9?{_!upSc(3{Gw!IlR9P&ER3YlH8HqZq~DkJM1lhI`;uNs!dZzfja4;F
zFDo(ECKI4+wfv0o*x!f
zK_G(F2%Cgp=xeZU68ttmNJAn4wWc4Sjy$cqa^WXo-K?Atu249IE#~g64D7YMfcGWa
zu@^ANzl7(n3^*JN1;3yCplj5)ak8~1qHE7$q!bvzTOB}fj-L07ip}RQBN$1MLLgJ5
zlqdU;#!ml
zC!)NZ
zdCvIw$rBA0jI>A@DSlWfQe$IG6(Vzw8C{v2^QSUec#kw%OoPIBjC&$}3j3sktW=i8
ztdY3#FSl&}``HSL8t^xuTV-3`LdP1uS5=RpA|qgdN2p~->hR1uO7fPjqDD11?!Tol
zG*Uw;)eCt`*T8-7umTPQhyOK({H9qujic=}i?&9b$RtKtqs?+j`)uB8wIOTGoXyr7
zRDjzdn;whmrvMfxHvs@Ba?y}>FOAq=YE=$X$MR8ePE<559{*#y0Lw6hbG5)a4hx#jt!z`6_*$DkZuvdsyOP_
z{|QTi(8epwM9QilQp&(^)>=kZ8Ti;{5;mYQUv!tt?$aK8#G(F!5Ke=V_@-K+Z*bK<
z`_55&Xq?Gn*EpsX4~T3PvnI2{+d|ok`I>h6QdC|GcdT9%cj4W+q8(QzhG9T(m-ijtE7A2M{Ab&KG|{LLLB(mu}<
zJ)0k4_snr$CZjK(F~akM&7AL)mGixlD2Ri*Z#}#}Eg)=X7G(ki#?Bdw!dMee2TbD#
zKhaE{c7T7NnOvG4r(1PLTN9Vr&e7J$Ds#UPK?w|S!M$roL}DI8L-gd1&L@_
zShXaDZ?A01$x`M;v^JNQQIqnG+>uNJor~_@!!ahym(f4c67_~O!?pN@#yB+
zKORKML##ekZQi>y4*P++K
z_#iBp&8Dy+w;Ggg_06>^ShTD!G+gNt^Uw9GG0cF=oobMr)`6htdPqY+B)yqs_zC@LhqpdP}(s&w#H
z`X^4D+@S6wkGT`#yN^8VjScmlc{G&G=SO`XdD@*20Dk0Q>cw7DF{gtO#KyyN-*$
zyd`0P5`(9#PV6PSa{~PTCUE2XyK|`;N>Ke9biIY)G``p*FOsx_Nh`wOEpgb#XfGDW
zyMzfqpAK{6P?t21+Bk|`AJeckRB9$#Izw`9?G2P;31+D`jNTZRkqPc1P)Y(Rjmt5W5&8U5cM(4L$8|oVLc=}@n3HjtdOW2#oa|9}
zPY3eVirDT@^7uYcppqVW5^PO(vIn_x>GG_Ptcqs$}V!(m@H7hU$1(Hyp5@6=TOJMoZ9Qk;u
z#C&R-rI9=d2Y7#hs}ndlj6M^`gI+&J3Nn76z}D&UeqjrQlRk)uP%O5df2u#9BYQ~L
zmwY>mXdF3mv>MSfHl=hMiB;WwBUen&tE&|wul0&C$ICF7kvl+|Q)sB`W{N+clfyBN
zY+#YpISpsZAIj$GaA`W@oN~sBIUT`y0JW4AjJ&2XFeWk8pC&bz9j~uJU<>Sy^#CG^
zT{j4U{xpUZ9GsntGu|QKYe5UdzI-KjC8k4wN$rDHPvl#
zsk>dOP3m^3HhI6+sN1EQ+3iy8LESd
z;cIV}iDW8g!;F2yQq6cn^vh;BGtx>c>h&YP@!e&2u-niE4>4gZD#kGkrZuEM
z@~wWdhVqI|081^h^|nmYv9Y~(gTNPWvXRL*l0%3P7;
zHBL&-c*H>ZF2_K+JFlQs*qF+q>sGHbqXD
zJ>S{D44`?&e;H#k9pr$0xC^v?7W>aJ(p;O`TB8f=07tbMPjMk&f
z-yJ5H+FHaoP6D>Yb8eaoN~ta?fVwa_4VjEHjYV-{!5>n5a6)#VlxPTqGCv{K;1q@G
zZUasU3R^7ufVz^CQH^z&;UBM613Nr
z5NLr5hE!g`O+Dygszq4nP;Hl%GpqW(v#b@Gg*CEr)8gh*9I(3Si-eZeQXR+j4Ggk1
z%R02BI*s`fJ)UH%7tXzyJmw)Qs#fr9Tv5HcSX1)Caqr%3ZH~OX9$D?EuNT%ES`$HI
z9qE@MQ9rp>UR9QC9Ebg$LAT-Fmfyv}8i}Y4J?u9=y4ICNtT(c}-kub;4^L#3
zZqcnO7(X@k4GxIE=ITu?xi4RF$0jzMhLk8ZI$6`py>S-luGSK=xLQwvpsvBi09S
z6~+pIPe^&DZdo6TBlC9sQ#ohguhqbpvjhKfr1tdaBQ4`Tj~gBAI(%JpO6DwDMAtS(
zDn}|Lz=cK2dY1?qv;y4z8kKJW9c&{lB+hvoLtA9CQeu-J7FUYWp)eM9c^iJbfjCAD~*kwv^18anXxRfL6vz0
z45~_0P)$OD7Sm4GWAdpgfQgY=GJ_BiD@qP2Eh}=E#jGnJlZBUEm`%$5V!c20luaG+
z{~{40o6Il#i}o!%bQwit;fxWO49AhoC$2p-v68T#1nnlSog<*3Nx(Q)Hbe`BVQ|xH
z`(2^R!00c7%fe-MPzVqvv)+q?UeOPW&~02OvwSEM`=+8qJ%H5``=S)
zu5XGkos27m2Rdw~{3~Wsc|aBw!?c=)iE4zXQ2FCE;Y0J$p$0J2FlfGF8!Rc3bFb;?
zY4D==rwmVHMRg>OQRU{^`Hr%|Y|8~s*mN6k`H#7J|#kiQktc4zPn!pqUu-(-2gg9LT
zmg_8+mn+L&ZMo#~{7F4*cus!*tc}$(s*_!($h+vgJ!Jxo)`JshAYw4)Es+BiR0fhH
z=(W&9Vy)apm*ILnDGn~`#kvoIrbozsXK~R%W@PI`M{PpKA(CK@TJRAB40zIdJGe!G
z+FI$g8l81YGd8HVi+&wg1Yito>#cu_wN;Sz?
zNS{%6LubOgI3h-l0LQs&KxdimgS?JCq!ST2AWA`YB@YOW3z|6&9-O=4KYI);<2m5|
z_}@qVQw{|gSAq$rfz-O=dC<_f*!Wx`V}F8wNWrH&50sZcmgql@#{aP5El5v*o$VB*
zM<6rNg|GIlTOf^@mE0y!CnhP{>!&3OMApiveg#wzK^^9Cz|sW?
z0`*qlqqE~|(gHyuh%u%MbUA7pQ5Y@jZIC3lqW*cP3^nmd0!_5>ZV&S+b}>gK%4lID
zjFQ`KJ@)IWDVc~9Gq(Gb!ja@r94TpIBCpaYZa3Hm@*uJ(1fUdgFjYDYm-1q3!ub${
zRGG-*s2!@I+?yk=0Mk}Rji8-~teDdE6>a@6Ef>*%>h8+wxm6Y5P{cMuD*%Y|RSt?N
z+5@4q052>uR24dKM#i_gC{()%^Hp#08|_)cIO-E**H{YWD9FT|sRn
zrMqWz0wRhr<0Ts8U~I+74s+ed9Px0w0}t;9eG7dPQTY&3H*bX*B#OBn?u}@I6`V>{
zNoQ}mgR@d|+3{~-&E7_X=W&30F=hxe9{z;b=tTVxDh((hXcwi#4(B_C56$p$0FR))
zvIQMO3^VFLsoD(^-UR(4hd~I7Kj=n-%a#aSN^0J@r6=Fdz)w4X
zWog-%&h^v&%na}zj1C_H#gB#y6u}a;x0D!G&ogaIQr2L>_n$WK+^A!5^ZCr`z}S0{_bJuLS=*_~*hu2maZ4SZ?di_@TD65`FAx*8}0853{)PdQxDIv
zxLc$L$ePk5B9zK@cLAbBLX!uRD#*JiIFI#Z9`A=8QH6L2i&_>I7D;_C0?~fZD55vL
zAp6&Tdq4!*Mw3q=!W?+q=&7!Z=ntN0erVA6E-Fwh+OYGwr}g%LG9yP+J&%N_CMlY$
z(GiRBP|R^uzZ!;#h};}?m#zK)TJFV&3u}b2Kw-pW_X_-ai{2S&DZi@Kg0svQ6w1Op
z%+~BJo}F>vx7)XKn1>J(VWVdY4zIO!%s&{S&%>LL0A-#AK;By(OFOE@1RY8l4vb0W(PN6f_xD0
zIek3U`UvUo;=lxw|G=FX#X8}&VFlpg%c%Ah3m*?YvKJuJ#ZLSp)*`h52Tv;!3Ao7*
zit|>t`N$`&Fm$ya_S%7IY?yoE(>}28`0ptG#}Y(W%H9|CKnmRBq-+ieMZ)o?jZg2{
zV~FHqJWM|wWiX8IKkZ1l_5G)9mQS1XVHfXXh#I$YZacP~eu?mU|7nXPM!0xQ;+s&}
zu|GGqc8*d?Kw)kiRldO@4tB05ajc9iBac*S&UPrAE#>#XFt(0P_~9D4J;+@(^L^=A
zpQ8=kDNj|7#(QV@qtZ~kmZFRVC324#mG~Y}kYrVF!%ln&j~NP}M=WSD(=YFx>X$;_
zO9Ol$g*Y6Q?zzqX2}ujS-xJt1uKa8CQ1s8aub&JZ40)!Xf7+Bv75uOvjZVBoPzmwr
zeSszaPw!tUIrY=~r{evPgbJPBr}sakUh1Vn2aa}K}T$V)w6w39j1kukubeLEsn%?s~1Boi&DpE&JybPHXEw}!eJgMf(^N;ube
zez5sah&9b9>hpodY3$J35eYS{8UB!WId
zqJGN2i)qKEweYy9@NN4SU;Bq6Kw;uus)-Ia=ZA#`5|o3_2O3Rj`jUZf6Nt6geS
zhXN^VDv-i~3F{Uhg(DNxZ77>y2P$}7B^e3;=>avz#O_?_loY)_mc;rLO7VIxbp6~lFH<2%*bguF
zb#wiyV^QdEeL9XL*%Rk
z=j=Bcz!xSm*G5Qcu3nUod#K1oj_n6GK;`?SUZ5ZQrWshTL9&Y4Yt{;!B5O+RfGi*^
z>Lrp5S63}e*@7L04ToLjsTJzVki%A?8ignsboaI3yB*@>_YV($I$^+BC>TzSu*LI)
zB{^bEQH&63vi>j<(jG+$r#NTW!IK~`lEO4Wyav%4hLh5%@jT>_DB-u;24o#1bcnv(Ope|HX!WsFT9(&F4)J`%s
zk)$HH+BS)UW2+f_{D{A{@YgZ^`U!uX5(VNj+qlQ}7r5S+MlZO2YnYR;c4Y4{RF}Pm
zA9tlK39gagaF<=XbjKTga+iq+y2=fp#1x6^P?b3q_s()EH|{i*VR}2k-efA{$c;g_
zVGz2*{q3D&ZHYMj`Do`vZ)559!6YW?vq=D0qafyu6%z_p@vIlI-)#s16;-U=XoxE~
zOi*tUb_YR&_c&^myE0i6agre!Dp0o!=Q*krXv+f2tKC+L+BkChw^M5tWPDie{oA?G
z{?Z0vH4JQ?Qw(Bp+Y1WRJ*f8m_GzLvD%G|ipHc6USg1kl5euEb8)I)z2Hj)Qd2FM*
z;|ZHhFv=gkl&!
zRG7L^J9Eakj1c=g^Rni8a%0Z7W7X_Kvlm<$Z-s$b)T_v#D>5lAUfVJ&E`D%yT3r0-
z%DlMv!IOz`@k2>w#>Ee1S&B{2l~@|9&)itWbMayo&ZQKqXfCoSmE?kCxvs{_a9xX)
z-Fi{w#yuCIUlddc(_-k6y%(I6h9afR&x!S>F_BJ)c?
zwg$Z+8h?$H2pmL&ZS&-R6?T(_M$o1WOcsJ7^PIHTMS$DBAi3Ipg?U_bBqX%IwgNcb
zLv$@{kbSI!PE-jR^5~=>KF`xNBt-2%+UX6D^{{57kHV^oZT}JoTf13MRv>E?D!8-C
z^f<}x#-l)&gP8cXRm+8^ydt}GiRP)M3)ZPCE=U@O(V(hR3o`r(xduG!#Ir@o=3ur$
z^7at1so27r3S-<1;{;Bvwhwd=$$Zppe22PXn9x$mv6q0++dSD8fs;|Yf}|S{jjoQA
ztdkg;D&r+Q-&cg+@T*E2K~n-8Qs--ehcx(_03rcj6GY^aG{Y;r(+*qw4Q{o=kgsvC
z9sUZ}5`zU@E<=~EojcKaxPsGI+@s}=cNg%6Uf2mNMB#^HDMVHlij{wgw2+}0moYvQ
z1NP<1^ZE1nLZMi+Z3)wAwZ0-y%U#CZJ?0df1jI`DpPX$@ePT)CZJtOv*s6(?8U;f!
z?5UP_7!lSh7lG~NiTDIOB?yGr`IcSw-sch&TF@9_oYceV6)AJX_NK6c$7)1gzR
zO#3o5RtwLe!&80q9lnz%-{E_C@L|tVDO%bB03|SG^5Yv*-61oz6Sv{;0&72Wi*AG7
zo$ne0Ksnl}SX;wzmu>qu{9>u#RFVn#<%FJGMH9_)f8Zb>b)|rU<#KDHXVYOmWwLY`
z#nTn})n)8YBi5$~11i3+erc%Bv5`AzYhh4cw@lgRI42=Pz7%0B4DS@Vglk16;W|So
z%}7ldN|_r(MeWHJ?@4n!TWUN7&%liuJ(InXJ(`MaQ@hfQ-B?a?HQB~u%3Vu&y}=JW
zN+rG$e?-UNO8m+6@IKYzV}}Y`VD?HjgVGiuwtVK1$d{$ehxQ~lmRuK>vN8C1mCKXy
z0kYM%fhKcIU~LVNNky|E&&w3J{9#6qAC1FL)tjGRw!CH>f+BplDa4GNexgSzqpP=;
zO6clQV={m^tC1&Sf{jyBhXOZ5G+%|;_Enf|4##Z-vccnkp6kuaaNOPLK)?DRIpq9d
zI=nVgEXsA44YYlD!w1L|M@?S>geiGE2Z?xzsF
z`6ynsuGG;WDxC&VJ@LF?`tK;)yF4l!JR(NJL{D`zaNow}`b-0dwLIu7%dygD2!A#`
zIamX&^igjSa|%SrrPS;jRuT=+vm1oHGLa|}3lunmu`3BdYp;XucO)=SVH76%tvFz8
z5r_*?VJzS-2)IFgxyYD7I&Gz35-1V^gJ5nC2DC*I3n}O>YW9TOgf*a$=QpnXZXfGK
z+Sa|5s(dL?VU~=Gpg%+bhk&P~@_GY(71m-PNl^c+fW3W(DrJv4O4L$3G)vMdsn`?5
z2hR!39#L1Fjsq2OD?ngSpdqU%UH}=PKO`^({DE}6c!30g1*2BaryCf}Yp4f9_)8|@
z?HTbZhv_1MsS#sE;lXII1dg~^EL!inh^Z5iCUkHL(p{=R!5mG5g*%5b(IiHfPST@6?2}Zl
z?%-@;JJ4=p0P7PdQYV7*5b;E+6gicGyxePrb(MT
zLwD8EsL?kj3Q<{
zu?50WjaQV%iH~3j*~{7zebqm6J)gvlW7Uz%CbN5Ia9Pluz=
z@FT>%Fz(BhXG8r-Ns~r^9E<)HEJ5a$zx&@8stb>u8rZ
zGa3YO)O?;mId&z_Y
zSvI;2twh){^+_`9v>`2etSC!?(>hj{E<^|CW7pK9+
zF+t*M=&0zGt}cR0_|Q+=QVdDr%5*>%Vd~wVRG9kT74Hqd70X>$3LTDgFSM(Q&u%I{
z`%>}QEyZVtN}=;>%3^`G1jA%;#lWkxQ>p10%o~Y#mFqRChlmqDJ7E_-nK4EtjFI_b
zFkMU=dbLaIxedMAMZ+=lX}5}hYpc683Zr?xGgJnXSFX00yjl#|KtVD3ZJrRjY6*n}y4Kvc3>sXNX$cAZjh7If5Fr#x^-L8y%X>
z4s#loFDzP~@XnJul^qSUo92XwP^$;Zctvs=@zOo=bk~Vd@N9f{0_-UqvOn#>VT&g^
zpY|wX0dsYYh+#UG(Q+l3R0Q!_y{2Rg@GF^u1UWs-iwNcAQtlOAybey;~7;&+xD
z&zIe{98J6wV~LlS0@RZkQ5jzb`A6jI=rg_z_ej{1*NN!TZ;yVL=y#cZSLk<@e%IE=
z(;uKI&I4(Xlc7O+-RSo$==a3S%=<|w=T~?yV`02xob%XiWOk1~>CKeW$y5^YKds9J
z+C;`qG&(&r`#j9)vfPP(UT=q4vQg-!2nT#LNe6r!*JU}}e_q%1P-9O%yWBPE6}dTs
z%xJL6sEbBM`Ei!o$-MNJD6CD>tl;PzgDK~5r&*R9I*ebw9;>OIh(cl=avtX{&@&H#
z9%Z=riTI=Z)S4OX_ZU8(wc@ri3fr7OQ^S74j7w-4RuaW{lvdVU{J>0`)5|4fipUX4v`B(<AiY
z=3#x$C0NQlbA_`n)6VIRT+*Z&V5+>+))@s?nFnsx*qlCAQ^YbyF-8rHI{=+b}}d0w5h<#~11l&0#lp+33l<0$Su=%f^#d>}MP>_!FsscB*ZJ2GESVk$;V)J{!p
zZ&si#BZtGBO2E}S=k3Z_`mD$-V-I*)hn=92BMpe9%i*8-7q!bHu
z{z-8_ngKeI49+R@E%s^>T#}Oq8N<;{57`{ycGdSU*ez9u$N$5?LHvWANOi#Nf2&n?
ze$KieG6-r+Fu9bcJVS1kCGON%F(oYOV|=Yv9Cf2XqHMnfY3Y@&FdP_6#Lq(I5mj~_
zl4U50g+rlo0wM@BI`#y8G%)EfMrgL0!GCY|UccFgf2Y>=&hFm99)>=f@d~Gh2Rrz+
zaJ;m3-yLkxSFeu`-yKdGBSZ_eu>C!ZAej83b2Z(gSZ^
zgh8X|Fv-vD#E^|wQnv_!1
zq@=0IpU5tF3TNg?Vg7JD|L~Q9T}nD;auuUwZAurS2_8g>qsaBl7hu^jG;jD17x}JpXaYvbXkl~=JgqNZRd_)jcV?rsg62hxG>rog{F4d3&hZtBCk+%c^
zF{NS&Jyej8)%_l4^kRanqcKSU0HRwmzB8gBvRWNw1N&O7ZF&D1~tdU@wn_1EF-pzj7P`cZAxxOzzyq8!3Bbolr6yoOCzQevXWxLFz`6Xczb>dYq6Af@~|Nh`ICP~?jCOr5J?gz*<^Q!!g0
zpqFt`a||{Oqu0?!^@BEr?ZMbNiS^qcL|_rHGHnd*Dw38_&K^WM0v~~n#TrOiL_8K@
zI0eLTo*oWv{7$b8ACiawfTC3bLK@&mVs`wC2-Y?&a71uMGE5u!=VP$VmfwGlh)vvb
zR6??r2(>K2!q*T_sDQZ_WCZ&}52#|UlJ->?i+BzccOU`Q1rwfsud-Vx2RIB&%Iu4e
z5F%vnx;|`HQrQ$0cZ4H-4;p_0dI(Dk^G%r@5#X;d*tle{DQ9=&Lt=>kc}9^b{MM9;
zIw#45vX;0EVEV5KE{^!1Q7F`Shq+NM?0yrNqFTo^a)mJsCe3>1E^$jcM-vowL
zz8{A5r@6LIkL6N66Dh;Vv}P0KGm$ZzOkp;GqS`W|z4yjpuT13ClbHvYFsAYFn~1i0
zto7pFbRDiEbl&A$NY+D)9Dg+v$Gwm)hN02B3rH8qJK7rZfC%)twvZ
z;|#rA>JvdLC&XqszsFuf2AVO4{g|VE6zXg$j&n}-9JupXXZR5VjdAFX9Jfv`uz8h5
zn*5V@+`)UImtBgx|D8>Ewo=Jz6M%ZQSlZ9I-`ZCFPj
z>XE;Z4Df=Qf|S$MqE)b*3h68;Q>~A2SSTKf-$WN5AxH@i93r)-)=r`(yJRf*T-gOG
zc#}D*NIX@vQf)yki$=icMCw4=L9^e%{IUILfbqor82ylhq{Qu_-rn>T!yf0)2kZQh+Jv5gVU#?Wi$>k{m<48YC3%X3qi
z0^pWsZ8K=go_IqD89vBq*I9&cXh*4RHopojYb!ul9FO@fO0Kj`!&D
zI#KQ&7DwZLZDH0P!?@QLvFpQWrP@I3P=khy~o5F(LkxO
z;HZ2Fp)5Imcf^=5NjUf-(9_+N%>6W{&h}KNPQMjX+8cTH)a&e*2c-4_^j{-V
z=Z6w!Ofgg2pMI)fOjhhOX0vT$ATzSi$`g@KKa9#{8Icn?Bsra=Xw^W+g9Kd{MQn4-
zUwdsBXI1>lup^`9azt~LaVzW^R(5Dg96k+k_%zhvlQSK;YW)WtLM#pZXU?MO&Ypa9
z*F9&?R|a?8bM~a;hdku$83Uod|LplwbbKdcbbRUnD-%r|J-~p(PkV$t0?e$AFyjED
zLuu+G%s9YQG|7h?Vfp}*(#?a8FcNXTcc(ndI+sYb&zBx_s-Zruw~Ala=`oiUN#Pk%
ziTo2UEkv0I;HYv<9EJ)tyfPLw+yM$ii-XT5DQbz8^HtByFH@>rVwX#Fg*_=xa+kbQ
zy0ll50(vFJ%j4S`$L|>RnXoEtqt&M|Kp;Ov=yS*wR9Bv)`j1Qnxv~`Tf&mrY#z1rTw+n5w&dmpc$
zQ&;d9ULr<#=Me8wV62^wRE&o1YL^~4{0R5o>>sU)fLU)2-(o?$+@pGbRI=LvmwS8o
z9zWm-_Vxt3e28|M1FHG}4~oMhY6Z1uN8C>q>yD18;A=cSw+~l^Qtf!>WL0S2_)tB-
z>W+`7(?3(elMO6*h$z;RBkDA2?cQYau>
z8SA}U>;oUa^_UcmMijDXWm2@R@p31TkQX!^v$T*8ePw8~(}p(mU%H`IuS~1kv^F;t
z5_6ohQj;3R;AdB@HtujCH|N;mh(9pS`c8yr>;d+s6C*u4U|s_V>#B%?rW~5Cy7Usn
zLPR~9i)*^1S7YBW?eWy(asHhysS)ID;s(tXS|8&83Dw~RTLA;yZxl@~ZsHss_$DWE
z758X}G3Z;IP{j<2NqnsO5P|whn|im0mpvK~j5#;pu}Si{nOBRoc800pJ1O2q+|o8j
z$=WnQ_)=6u7#$nS-m=}B>|fmksdBWOdw;nR6K7-Dxwq7}WWaXEF<|MC6Dd-u?3-z3
z%!q@>?AIemE}g*il=!B`pJX3Ww0Q~!?>}cc9m~=22$b&90We-osZANn&e=}Et`=$-
z1d9@t1#t?~-j66@Hzma;m|&fNSvx0NoCg$RXCa|nvyy&j5$<}n_;RjJIQ?!(ieovuNqqzM&Zlx%`4uvlZ4D2c|+J8Crzn`sQAg#0E
zvw-io@{TKSmF1nXddS0DbXCHuL;BiNUsu%ERsD5IeqE9ERpgzjyi=8TYVuBP$Xmc*
zf4d#oeeV4rp$V3a(><7oc9^upJ$|QV*zM|j^a}l7VH#oh0&$bxrVpI=Ft`l;ZfXFM
zVbIXU`6Vs`plaQ)o_dcaLJnK07XgOEZ$O2gQ{OGpcbKe3w9DXUB>GU)u
zL46Rz8cfYgKe(tjRG)Z;`hKr1Z}97MqQr-Xma`H@2PpgCG&fB5&fQBG4AgpOWFIK-!o2H9d&RdKtogO
z2nC7MB7z$msTBk_wlaO3-OhAzb|03=l(|B=L1Buvt>e$zJG-k}$1?}}bVYeWX13oQ
z?eBbC-F>%@Z5)!PQmXEbe=AQ!teWeLC@1!H&mXaMAc+M^^yzYW4TKxlqa
z6b@I?nSj**VnCh0>phurO4>G#1I#TBhn&ij@>T>5Jcuy5q<@>J6yl9#PUe>MG4b6E
zIy{9pe)sk%p41>rqbh%U%Ujsqa;zr$jEV53--&^QA(f5*6eZCQ8%x%^gOiQj9czhE
z4psZj5}kiAVeH`{t{R<&bC;S=Rso@Z*YV-oeD~{G`i!gEI+FMOxss;F@{da;p;qIF
zF?MQo#gmzPQyh&A`;iw)JFCpj%f0Xj6KXn!g`7zOujJrWq^LEDQjyeNG07N+7N=VI
zTw1ekk@z3N9O;9CnZp
zH-t*@Rk&N`w=uCB+#UKVSrPdq3F@4vc-EZ;dpG!+f?o_Sg(b1s#59{IPN*bFjiBjc
z(C+T#vY>M+-ZokYu}(@1fYMh-d2RJLele2171Z`p>|6G$>RJ&_?J!KxI@t{35Nbtg
zHd4FHFiB(%2MY-ux>~HX+iQZrWn4@tJGCF93+bSn_)Q|dyA;Ja4s=pG+6TKEf7dCg
z$)ddNUxy8A6WGE4I7w@z0Rwfh-ni_yDTjAa5>q6glAPjS{7Bcv{=y_#H3>h(4XNE!
zS^eGZ)$gaUqi9Gsi-ydhvpW1!I&IJWl=jQxI*pLsY4XZV7j21^Um3mc7{dDqkE~J5
zph^ngw$eA)lU%vvDbIe=@)Fi%!StBM%}+~|
zPyue~re*`}zh!Axn_Of#2jcTo)t;`}+mVmpWfgqARfV1_1#^EaEEu~iS7#T!o$;EpZDSzFU7n-
z6O=rC97kism6)6g{U^z!Y_nA!u8gQ=pR{F!*S?Wc`rGpt$Rg~BT)>or04>>Th`||9
zUbfmAtnOwIOUO&o3Y$oI1@1;f*<}1nrXF`u*Hfxw>hV={awy;P8#1On*0y9>tJVu^
z!Fp*`ts3D_OIF#cSo4-+xt0f~Pm#mh<65ZL!V?ZIjN}83?IPqx29A*YEk+)hfMuVQ
zx9uBvyg4Z&WR}L8==QIWnr%EkJuSdwtb>_$8oQ6j&gZK0g69d9Flv?^Px^D=2iL@>
zlR{RbL#z!A53$zA;6uJ>FO7HN;^Rty&Q0SHVM-2q^AZ$!@S8x1;5!`XJf#PT!jv5J
zHKt^1UV$RFML{wx?aa%7Mu)reGN94n>$JIw0va9i#^-=WhkNrfpwS`4M52I32NcDK
z0va7KDxaV!e-{M_okGZbm%u3m&3Ccw1H$IJ)b^2SAfsU8)H-APscovlqqeCEkDeaV
zCE3$NULcR&oH7S_^yUQ4@#wv2XgqpvLeqHEwnz!2jdCSwn}RQusO{hAQsq5rmSi#{
zDn|urj!M)v1(zyO+iy)9pSJKRKZJ~p54&>^&F6dAaR{tY7rT>`{Z1L@Qoak)^kw9O
zeO1n2Q@@FKT@Ig^PH=5w_0t(mD@S@Y`Y7;%D=&{QXhVKgLAi1
zx`r!f2*2DL_(&QOgRZB%k#d>zG&iml9g@1_Cc^wO-1dEhY*!L7k$u?~OHzbOI}jTc
zuMed;oWg-}cI3ayt#WoOjp4M&8PX>5M=r_*KW3|lE%91yi9KF3QRt03NS
z%XsINgXz2Q3k1R3M9pS>l}z(+>ep8T#gD?Q>y*r^UNV5{QT56v}#fv`wiMyZ+0q0qEO^6?5hv8HnSU`dRV
zg7HzT1a%t%2v%{*A`k*bOGgm2FVd#KHz>}xL(H26pM>_%w=TjSOf
ze@Y4C$9*G#y@=SwJf+{!d7(_GSw&`jgo|a(+bvs*wOrmVX-8LI7Wm*l%l}DVnpbX_
zEZ<`>Y48B$mvhkJ<7)?<%86z9)v#&M<7F2U2YhKDgvrRXhlMvV(+#WU?o~`|=jkOT
zv$7bbAeS)Yk%csi%aCaKtzviA4R&{9K9$Vz-bl|6ikvl;ku}&@Voh@y*{=nk%44mN
zof-#;mO%>g`KAm==+EPva-tDr5YiJ8#N5YUjp44+fEgp;Sb0iZ^tX*Oa4$DEiI>yK
zcj=(e2YB8|@m0=m^W0XMXs{oS?Oo-cS@=z+D}NEx>3x_|D42^Xy%$po1vQlP0YFlu
zKng;dLXGA@MGc_n!-1cCa;8zA_BvBI{=+#f98PNCa8`>&`mMm6h~QLk&J=(%7qw|%
zHlgJ7s7);vB7Spv)TV*iL;$CO+T=}0J`v-~
z?2*(JI^}y9%CQ=yT&;|ulc7^EUn?VZG5MMpQnXCg#pG*Zs9?S>X0rZ;1h^ax%)R;-
zDwv~zxmW8#suq=m`aZ48=z`Ls8cyJ3LjS)R{432MB_tAaXdaT~dk@Jm(>QK}XGl)@
zUXn9q1M~tyJa-=~o{O*%B#18v$()VjmKn0t6n-Ug6)yfK{Qgh){r_J0om%J}W8?X&
z3B8X$WmeC#)*Iuzp|fIY>y2^VP{C=fH^#|BN5$0E8{_1mf>T>>v_^oAn5nHd#u-Ef
zr?lRT$#6TydNWzU@Ru{qOj0n=hNA5?G3eo=%{XHf4PRNipk5+;;-&#Z@VxgJ;K;N*H-uE*tiT&~CE
zdR$qL%k{WikH__RT#qM`d2&4-*W+Qy%69o7(l}wjWD^{tSJJtHdo3XQ&&q=zAB$?OWw9GG|ph
z+j@%_;=-w)T%r8)TH^TnI`Y#9!u&x1^Zlsqw?FUHThZ!avpMrR=ziXXs#XuXGsi)H
z5O>jUgLGwX?T@VD2dHPwBz3
z8{R+-`VB39!*7IsC-K>{RU~}e-D~sK3Q35Q(P&pz}
z3VD!d=k!Tzr-Xm!C$Tk;>-(g?eA!P0G&~q6>F?lLNq+|I6cqO#B`frb5zrUAa+8)W@7iw?^VBOpYH
zaYBS4IXEaW+;NU1;qzZjXGh}vCnnE79zYL-1JUwjhx4`t?cilb1WY^t_x1W3eBBF0|;z2gjU!gGh3h6ga;iFT0LV)qxO$#KvY0Rm-0
zltg7jLOj!ZSGo+6{t=spSAiyma2U6ArXdvv*K8nZ0rBpu)NoBa4-CiquHONUS5jyG
zgaq6;Xc!p&2IC@P&?!#Qav5<3xsHr+Xy{4tV8>_$XI9x>F5S)GA!-Z}9B_NYd+h(h*EZYI
z4ZpHrG0prs==3b%4rY8+rur~}V6-HeA*u-WADr1RCT2|zG(WRXvF|NpE!2IeW~S$(
z$2u&QpnheoLS^cED%Od*m^hI~+I(g7+L+nj6>mF>K3`kM^0WCGRjW1Q5BiY^_@JwI
z;fpphZJ5U-GAf_7HfLsDA3|?7PPQ;*A>Ey`Y`E*d-4kRypx72VDgMpc#{d!Av5$Mv
zXxDR~gD1FNtP5CAg6ZJ=ga=U{Cg3ea{gfCq)R}X|?OU;3Y^&*aLimXM&9NBT_c-df
zS1Cj%EO7KX>#&31_Rbdjs0}b=r<@F$Cy{yV{iy@h($|zs5uIfkjZpA>8_d!T(Xk>L
zz}L{gEo19al?hT&gi7B;L;Pmm+~GGNx$vcW$F(3m1f~mClUOx|kEiG%5(K6JN!aPN
z(d~{Z%=CZ>#*lgm%nocu!uA2H5mO2^U9p7@cJ)4`=7h>HUz_CR`>FO|XI%v3r^nG%
z>wQcFg@*+B{D~Ob+)b#6UlzaVMn-lhWPX9$N8TZXt`1T!iK`5U3idg^l1TStARDo@
z1w12kDkw!ip{GS-`Rodgned80gA&a7l!(MsFt60{Jrx=p2a$7m7Lq!?qi}J7{t8aI
z&PxwF58dQv=}|ZleHz?8)CEn^BYn=1CFYTdxp+&XlWCc%2eRPjn+|jY&mSLHo9yYp
z(~6sgeIhxmu0iGD4S^L9iB^YtS}clo3!Q>*VdbDugU{iFhnUI>-Bv-w=@H0uKtX()
z1AJdvm+!jaja4ezRzIvm)f>2nx|oBGyi&1BtbjZ~F+HnF+s8{r`Kl%~j}%wey7t?H
zKxatp#nB}^g{#iT%>l27`$J^_L=g)?sBq?q{g2(pqxZcCZ-Cts&0oM;7uiI_+8Ng&
zv8i})@jb-W;_VHOV$L%fX>!5FbZTApfsKPp5Za5h%*a=Y1Vy=HsB`M5#*?|rGtgvF
z63Kc(G(|kEGYH}j7ALMu1pO%g``OB~K3wetWjeY$E4A!~Thhp38P7qYD=;E>eT}it&-ES4Qjp3RUmQO(IyZ
zve0Jqg*HQRfI!$|WN8LKBdsG0fLSZl=4*vTs^$p9aL3w1VZ8|~0Nn#B0Bl}tIWS8w
z^;=Q53xtnOmwk+`gs$kKOUInCG9Rq<_}p;$p#rr{PI_
z?g{hlcakF)p0vVEKxRuFE{yX!{GV}tL~ZeZ(>R|^#W%rN-|nuK&gUtU^#sHH<05kl
zWlP3h&vEu_iduI@f>26JJOyx_^v2|XV=LdxhgtD6PE8N9;^zke9o6sL>#3=te@~_F
zF>L)h`ghvef1j;iX@16|%kpjgRB$r7EXUR_JW#XN{&-&D%#wL!>t~a_3|~&=$l`uI
zudMxy0igG03;?}1qt9w)!BK1fS4NzD4R?ZEo!J!bnWTOS$2%O{j|P~YO?e17;DMn-
zwIjm)pa8dOzyjQoQ0$2?q+FR0%=16vn{Y2kARVhSG2Sr~irqvI
zEH0V|f^_C7l%;?fB#VmWEjZr7qKzSGe*Cb5oJljhAyK;C9solqbp{mGXN69YwRtHu
zBS*RdQ@kcU@ERms3LOI$z{t{TAezjc1S@d=b{4^MZNa9q?d
zA=|iEOZjH1obV{Rsmd1M#dnaCLJGF|rx@lvV?$sP!W(w$DB<$t=!DX#!4={piWwl3
zcdbEJ=8hM|!lsD6&w{(|BgPyZ?V;kvMXYf=T7_Az>OCCQYFOi{(i&GCYmGDQaQQ4T
zo8+eCi?w;q;EvtW|JdXI6YQ~MiKmJ2H--}?2(!
zPxI8C=BYi+Q!`il&g5z}hV{MXYd>hd_T#+5u>P#M+JBfB)-%o5o-^l5FaA%uq!-6r
zuiuW}otP`{m9vOT-+mak`)K7O99SnmpU}ajG>*Uvr}d58P@ZN{@W!6vjsIjGdW<`-
zWT;;`UMs^=Yx6iU)rzHlwd>gk
zHrm6LWJKUP&u%X?{Mu|^a+KM=>e;$dw
zj>EQb9JatR#u*q2H%01sB2ZLEE|*^!q4+N$6a;4r=-cKTy+E(|%+n$ZkLdSkG7O*w?E`y`uBTN|3qwFL_1xk(D4T`Csyi
z-XkkP*7?8W6-$q-1Oz!?qptNi>MNd0FA&n)N-PpW5>&qs2NnR=7K8-#LXI2-PS!iS6=L-GXNo4{X8gD&
ztGdamh~vCX6O(gqc<-aGvwYNb
zhhtYIJg{on)}~*-vQ7{$jMYtk+QGa9{?$DXx~uqyR|BW{m~90&b7tRp2W|&VRPEyo
z&Yo=VQn$}Uzu}(;|4Q($+@IVl{9zX&iKUr!3f|(}q%Ibq+Ewf4<&Vqo4@NwS8zBY<
zPeyxr610Q5=;X=1?BrlV?W^hTWF{?@@&lIU$y-@xYhsZKvg2gU9;;z$
z-!n`*2!p+Rz*td%`U3_GpMTJJVSz6gE^2SwXvt;DX4K<=qMX7~J(lCun^?UKMSdFu
zNnhcrhv~&Tp{z5mY$NOhUCIe#baXqo4&j9}9o?24tq@+&s1T<^stb&2wh)t?sbovP
z?e#rxOU0Xh*bW-^yc<2Kfy71^PSMiZ^XZK@iH(2`(IGH_1t5iEpLfyZY1idN{-69R^tRy*btLs~YU>=OyL~*l+fRRfs_VeU
zsoKe1eflxKj6v{u({FT>A-of@B(ujGo7}Ow@uc|#91}gDFmN_(Y>Ibywfth)vzOnW
zydT@67r-#sm@7~DG|OR|Si}X6X4>c9uc9+`v!6;`cn>)}fkLWGGPoEiH!~|bT+s8}
z41;!qc*cf66EoX*?c{8Pjdpn1B_PKJrtv%9F^TGC&_@5R2nV+pBAlDX^Ts6K=n!?(
z!n|O-_K3@D@HRXj`(laMvs^Mo-5OA1(8#by{2cp|Q476kTc9$eD(_JpO2A9iztxWF
zS5$Gm6%FEL;4udMU^xluQMYk!Jgio%E|CDUIKCf0^X|~h5Br+^8Vr0#(uF_+}=Ch**ZNu{u!?~PB*Bc8QE@gOuLlp0rxKD
zjP_-<9`|ErhvOGKKZ_LZ~<&)KdE9MYCc+j(Z2b5@Ugw1ki1z*E}pa$#d|S*TT(
zMh5Xz=4ND6AUn@qpc}6eL)k}*NfCw3r`&Y{Q%4rF97~jyWNDr&oTcCi&TD6v@2CuA
z%7z;5E))7gRUSbpOz5XMf2z&h+ozoF?*Q96)Zt0sNvLx)v{ZWD&6!L0K
z1FrILRgA3pQe@S`aaC)RAyxMz-Ln;t%GO9KH#aQ9WPbq8XT~Pvqxc*v9LRCBm+d!X
z>)$!^(0aVmCinu4Dg0U`i*h?1p@G6DefK!n5~sei6A58DvzvlY
zYktTCCmS;1KS;bBNwN?n(32NTuoQ6M=ro5$X&r8UxCV;ew@$OOjuW%aL%)urxXzFk
z9SycjSz1I#T-gywYg)R
z9PRI&T5ooacXEor&l3SXucLRkA75Fmpxr|u?Fv)PHsKeX@>b7>$s7o-Er@z>y2%`k
zT@(}0+d2dR0FOIZPAv+tAiUKXKhVB~>iT^sc)amefR`z54}zD0$-IaobV7zRxaGH-
zEP1sh&$XPznnTcSe7Tyv1bZeMF{%^9
zm)tJ-L7r?KK9}AH3c1at?|k^zz<*+l)CGP=!zXW846W9ol`e*`cH8%y`zo;}!CUwA
zVg2HVm1=qIo;;gy5Kt~oI%ikSB%5aPO(Wr^%A@r`qK}V%SSi0)6DQ}bI5+zlKRSnw
zK`!}sc}VVvk}6*zq3<>n8NN~;FoLks-Cq^$Y)khL%nLT+0zxx`Q+E+Ha0f))+fFoq
zp*A4(5)njyiF{s@D8zOyU23Fa_l7q3(wuZ+pR(w(?ceYjGM
zUg=h^RI_aumrq#aZM@#0N`A%A1{`jJ^QLpO1h%gED9T}E1`Nh<
z*$xWI3WWrg!mQdvF8*W#8lcVOXeWZE`X)sEf#!Ai5M;
z0Y9?`5XaK%MtvgG97G6q2#3ZHaffD~%02LOj<^aO5#TgXYz@TWAdaMbS%*ODlYi5IL<|RS`^UZv=fNf<3LE7s|$l9UPxf*g9TXou)r6Rej`P7KqOn&RA=ja2SlLf=R32o
zsfhwTJKy;iHg&%9+CJZDobPl^l0;$*5~cU~Lb1qyjT=?MfeGe`@
zzAV9Ii7(4=S?0?MTvlYkDtxH&{Tf`>_;L|07wJ-sh;&ITLccH1cm938(-iBo(RoRZ
zSH>b+e5e=LynLFZT3oLjyirs))Ze2pzP2i1>tPIgG)(&81+ad};PNs^SU8Y1$qa}1$_g%Hp%XQMPB>`afN@F6C{>(W6+O)6}}9+#D`C{A99rt
zKdiWGrXqqrn||yme=zq);3w=g(<{u&dV@U+g{bbbKEW0KU?XXu1#^Uwv}iWZ$qO1>
z<7b7OEuK~0UFd%x{I^i(6JA=PpDO3`4=dhUZpg>Xfla7%hl9w{?-GO1HTL{fttEEM
z!;+S=a=>*&$V0kc{X=O0YJW)opR>h3l(g>He<*3)kwr;fcereo6$^hzZ<#ZPOE0n_
z;g77x%!t1Sk8j4$;|hIV)|j0T;yMqz64?2plF`M-Z1{4jXVr9>kPk}9oIk5oKh(>9
zDAxT@EPN4nE>Vk|A_C{Khmt20d{*upd#&-atByZt-lQ*{s}Hf2T)Irp!3%-JN1`K=
z0JvTO7JUu2IPP%yvYsp76|VRd5uebuT#j@+mJiN3*n|^j(N6QmVv`n2BMkEUuPd7@
zNa5sXasHi}E*}@<@38>G-pD!O3_)dKjU5~LG~>y-B)(Lu=Q3<`>co=jIDKZV>oaSE
zFY(0M)F;-KJdp6r+SX^*jy|(?`4Ug8*ZRbIBMai0wU<7#@{gw})=mM|^!U|drI*hz
zyK1ZjBc%3(eZm8KZhIv$x_Z6S(i4h@Zr9p~FMvIq^?g=5=vy7X5m=2l@H<9gTx2C%
zAUa@dGw5v_<5NqFWD@=^LL;>Xm&iJ^t%za*NQE1D)ni08?V(}SbG*4irQ#K8w$0J4HV1v|v$MEZVJ^TlUQ!QW
zSm-^k!hTY3-6AT`58LSb(qq>c)fNgve)lKG7}1=mIH$E*yWOL`!TAiNO+E24$&8f1;O@)qBS
zHGB!fj!OgH3&bgmWFR=T7!Ap!>FlGD*9<2i*tiJ(@8Oc=4$oUFMB~=f&MrfzpeO}E
zA9Pvq)+1{a_TXge5MR5?yQGn2Mkyj6sWmZ&HFXH;lHKex=99xwvYe`w*+4%AJx1JY
zSe>9dSh8RR+LmKGwuP4teWnLC#RH2NG}N*kdd%j>Z2rYJ#AOx!EmFxXQL>B}`wIRd
z_a*uzYlHUSAGfqEyFz!d6Bxz~o}%4`i=>Hq15#hg2$sHx3z&XCicXIKcF{^Kq9w{F
zF=8sxPdfRSKYl?GHF3FMwB7+iilye2>rgQ?sV=55IJ;9(3LYXg2x=(ABaNWx588bhveqbup+GTMV%X~;vSH?e
zLw_`VG6(Zom^{@pn`rr8pwOJOh#4*O0xLra0D8XAjk@yM_?pxr?GOsX>7zbSK_CKn
z6aV6h7E$D??hBeyd=}&!izb|>4R<`=xmSj
z%CpL)vCxYn1nJ2Kgk`~a0y~mmXk~^_V*AEN{Pv9ul?!BMp%EdyZW*`m5p7|jI5L#B
zUaW){3#ro(~j_A?}``G%Ri_1Ol
z0?(_*5r>&gf6&0luYom-MPD$^z{Sl;XS@jAT!3<`QKK<$JFB=?Ud%i8DybUh9cLA-
zJ5b62dI)3|ioRHI)ioZ)qLv_z@%@6nfKx}!=8FY}dCVvzJB4e8yR@?Kz0qp3fN@-5
zWP0u32JeaCg^^_NlfXr&N_er+Y7j$6fD&Fxa!^qt9>xKU^a6F)e3rI}+FJAtkRsWl
z{ESWy_&R|B!B1Y8jUa|pf3=|QQ?%NIpyiVbt7mW-W-D;gU#DL%)mbb;n>7hAbS!aY
z0_O5!QW;){{sm1aM)bXyuACq-vgGsy6>wY7APkcvNZ~xl7zm**7U%d)IrYbj1-Sq)
z2)Om}@L=KN;qI=ifJh7_I+1OOkMOr1ggrvc`WEF5LCy+$C{_?Mde;8#3tGbiRxVpG
zPYFd~hCK%h3~nvxFGE3iUZnQtgw1O{1wA)CIh-o)#~FSX`VkFFw`VFhO2vb$=II
z**eB1Fiw3g(MG?e@$3~wyT_B3GY2j3rv`GPD1OiuV2d&DE^L8f-qU!&VkS)`_o+$D
zFPjW#Swj)ac_9uTEM*k#A`~xGE~Y@hs$k8|l+?DSFj)xMZwYw4emtn7QJzOgM5%qT
z5MFkXP2b+xw+tK6jEZ6#Qk3!j0$u1cnJ9CHkPv}nOAksVxBV8p^NR((Gw5o1%+b8@
zVT@x3;{xvp6d%TYRkS_N`L?>H9f72!oghC+<82hi8MffTH
zHS>eM&}QY2BOo@;(qA*{GXppvRnW@JpG8k}LZXsI=oD6byiORTtG`wcomlrq3Y==D
z(IK{k{-%u%`&ymynk~@P)9PXMko|a$#aI}N>zZYzdA4=*=8^A5&XVoi#?QRQ9=5I)
zkMTM(++&q&S^Z3EvO9ZNH(rpvj6O+pM3yG&6`OGnPHpPkIGYWA@?H~do6iVvP+9$6
z?7!2N#8z1A`~4d-SHPrOt{<-@o%&V~Cwst71tS)LpJIzK!jWJcql7K>gEP+0
z0%h`}We6J5n(Yn;gh$?O&P}SoyH^9}6S#{ch=u)V5QFC{Xp^&`gR+e=H#P7*mLgtD
z+pLGm%DVvb)qg(hTmW70bM&hTgWs-!%jn(m>@rT=G_hahwI}z!~WgZBQ*op&oCAhQpTd5ugW5H
z*7KRh3&T4#8^`+Tsz;tT3ZV?n*VA}@=-JA?tZbhmBJnx}=_lw&ZHAA6PG1sKFUIHl
z!fKpg@0Nm^Bg?4zuy4A{qr
z#{}4i30oBq^??TLI}nIy2BQ8+`_XbPX9l7^)_{Fm+JE-oL~PUac7nEJAnNzpbC%)k
z$ZwY6?C9dQvIHmyY-&(NxyUkDA2sHM2B&+ejBS$N`tAf~D%WNaS0+0QODZ#Ot-7r}
zZ7=C4_RYS0FrFJ4@5lgm`1|_J*H52b{a(Jt-_74W`rY}xNWa^^yY#!olLm{i+j+rF
z`s*6rx+Ab{%r6W|D;lcJTT%FI`l>fGD9B-PX5g%hW;^5`TnnsR*2yy>1oBm>=95b;HkxorAS4t+)q%*yaODhR*&Qf|Y
z%doZM{x-p>Wi+|$ODP|d-qavambu57V=+1af|yrMk434iGE(c|*F8y}hU&+-XEgK}
zW|itv{f!$P>&_T}utWfaMFAj;;T3VScgmTczvz_He%4MoHs0anDH7)6ic{_>svy37
zi92}W;GB6KJO6!h%IX0uN9I4~KXjvVW7dFf*YlB;psML#ibatsk{Vq*yE;tGmU1Vz
zGe6U{$9*Q<$^1-LKal;It~;htnLh4WjdI5}${pJ%S3NMMQQnwFjfnslZIm~*QQp`_
zdFp|2jT$>4RJ-msA*juCP#jZTapW_L*`HY)`lUvlEiHlAiF?d#fMhfT_njbx8
zX}Tjz)6HI*?%1VCcRso0do;1E3S>1gZ|5SC8KUf_=4E+-+{@-n;&NmBa{U36QNE!;
zN~M{3T3U{@lG|23?Vom3quGTKwq1mFrSIpPo4OiDRWs5L`pzeJ>F$2Wn+5W=QDC6k
zK+vEoMB~X@?e(}WqsffDHg;C4j(g7CcE8DuRm)qVTzzmoxYaM@v-`X$LTeCeoP+DZ
z_%17CcA4&%M2C%OVE;1JM!N9uMvnH)_il0yI~iLoZM~(I-Nx;k+~|0k=d<^g?D=VD
zPq*>&(@wQLIq77|-8JDdnau3T7T2xE@$PB1V!_yvxi@=?#b2GZPnch+o0VvaIji*X
z#1Bq#<_ICBh*{oMWp;X%ywq=Na!AeFr=pf56xmX1}R8vK))q%Ta~{6@aJ_&`Q8^HWyzU
zzqX1GT3bc6wi>l;;XQ9J8b-W0pln{W(-f>?Xdg{grhExS>F4e96zzU=HtY{?@lP(F
zr{CvEeK}rQ%;#lu;Y^n%HP6#DRcQ3+Myl}EZ`qp|%O(^i>vvHl=I59vLb^UGwB^P}CN$0;(7<0+NYB2Y(|`h(2q
z+R<6>dg)df3WHu^x)`taMqcfuU%gb)w$?GP_Pmv)(h5xSjCXsJ-aR@f>g^+g;^ij~
ziZ}B4#-PB>2MzE*%bmP;kN$(F@V^Il
z;1##W96zU2PQ@mb%J*qOsf_edc?Gz->*LjeQ=H4?JvUd%m&$PU
zLr`0`&Ig0u^5SAmHDRINZ7XoTuy0*<5!Sbj;ZG_eL%}j}@D$-3Bi6d=dTSPu@B;i&
z?3%gh1vE_VQNUHf=yktNj=BxBPhx^oJpt5+!cZ`r%~5bh&V7hriRi)IcAKySJ6$X>
zz=*G_ZvTQkSlO2dJ)Y42XSOe8`vH!7!UbHKINB&zGvv-p?UxvN*T@r`sfU1IAK^c
z$%H#3Z&!lufZ_3bh&Tj`hQRw_m1DRAJBN|SDIxr_PxHV!LzoWW!kak2KwP@k6^tkh
zd_$^Qkj{bEC;A7@vGF?iRds@PYNR}H&#Y(Yop@@y_8mTsSdwByw;UZKy5;H^(XG6W
z5#91Ms=-!4MST|Fq^M&=w@Nxjbc>)2T2S+@gTKz&E{0!1ox8+twxG&gWKW>J-2(m=
z)^>~dTU^^kwiqheE$hv|-q3r2y}hhFkSyzD8#eo2^R
zjvTP)?5&(-54k{DOd9m;Ar~l%$%8&_$Z;~aFLg?s^_`P+Mjp
zFYe-^eXF`X+1adu692D?3eSE|HC@D)mDkg5?CG@2(!DyCk37OJf(kT#->&{Vymd&o
z%z41g*MMU|10z&7x}BR8=nQNoL+jPBh3HfE(z07x2C-Zrj$MYqRj(T&l@??Vnustn
z%(yGwVpm}zttU~*6am-O+#;`&JhSxaw^DPC+qaz(5AL1tV!QWP#l{98*cn{^prWm49O$FIY$2VH@Pv)jy*CMgt=X`U~xFq1!)Ow+b|Smt1iv
zUL|;k^+my;SzLv$=D+s3jvS_lcAn9|NLP-J1e~oG)S0)zsz9(>;i%VM-hU3vFZK$I
z;!K_4lLyv0#&uJu{Jd=W_)fpIhLM2y599517}Xj^p3qg2Vr++>QhvmI=GgNH&mt8#
zSOLpMbOpH#Tx-w-agj!T6rqp1>&g
zMHq*=z&w2!^vY>vj@~uw=nJz8kEkzh^-$qSYV_d}j=I7NoQSc*P#o0{36Q{Y44G5?
z`2FDm8F@oqqu@72Af?8}A7lh#B+;LARdGy$(D2z<4z)Qngxx@Ynz_}o=**u>z)w+a+yqEA6G-J#<;44c9D%*LDGPkiUH2YZ$tEwrg1N$$ykW!y>cC-WAE
z)F+2~$+mJTV5twE+_kI><1`aEA^btN8N--!
z-WJZ|#PJrxPBRA5vw*+mrJ&mcP1@U+a&bLefwf6+0{H$jgud$&GQ>c_I9Anm4BUQY
zxB6}!3e0Z8s+p&Ha#+uD5Uwr55?!|17@l6^U}xO(RpKa#`=HRu7J)D<%*Ewbug`ny
zD&ihC$+H&X{xgA%mmvzN+)Tn0C0KS{LmO!tNa9dGEGm%DBELz3GsTc0oGQklU`OgK
zH(XGyvKO#%tuOPU(|8iN*kL&iF_u1V2NH8in%it*{BTA#6;eOM77irc26G@#fPBI(W&oQJX!66XQ85ID=2xJakUip5UIzjksEosoXtXKSt}fW)&U~s|cB(
zLq$3WTJ&FYtcwi$rgD^cN`xJNx`RmJlc0s6QYKjR
z_TCAaE@m1^cbgKDQ55^#+#M0v$=FG$d8Mo_`P-$B?Gc&SDg(O)Tk
zpCWx>OYHlMx{CH9hTP$3xkOzAxJ6n=ObvqSr-euLZ~)U9{^s}x2IQX8+KiEVl{Jya
z1-WU^#FvSNWHzKFIhXWWcwR!2c4_(Gs31SCaP7@{yBdLF&a)w{KB3n?4n*CF)mP@}XcB%f}(hE@l{3c>_$
zNq3zX&xA-HN!<(aVhdu#L1o)qroHW;x6EVvd6|PJ`^y{w87*`4<6xO%ABW4B_lct)
zFPAy?@oJePAFr1=?(t@Ma|_4FUMaMfH{Z}8FK-_4r4k$-%UwLd>X!HAc?V1Ezm*d>
zJW|);$^B#f5T2&ieQ>LGNHq)MC4X?z8}P!Xm}h3G?@sKKA_1BLz^@rSW}@0sP_vO_
zN704*P;?`aj^NFDEwv~nlL#HA44;yPBPkTnBn;mMR;vPOX{sFRNZX%u!0eG?gE$VC
zrc7Ih%eEBLtzvy?+H{NrG6X=YL+=ifiDGp4>R76xGsWo8Ju?$bHvViXD~#IOc6?Y;
zsFr)tE7}1)j))DNNO2lq9Zic*(&_lj*}p6w8L@WqgnQjA)-x>lGzFBP~O0&@|O#
z9YkhfHi{7g73{4-%!}8)iHCa+KX_TvLn4TrU%xmbJ=C&A+T;~X5lbL~(K38n3+C$z
zftV8tkS~vRJ1f@q(Fx6o{xXT7IR9D6i=%^GN-%+4h0g>t6{bCYkz`xoc^(etR0klC
zC+hvs(S?ElT+u*lb39j34nlQmYxV!y@Gm{fcHd
zy&{D{kH7I(pWr6X&faN$Ad3r-#BsV4NUllXQ^bOYOf~8p)n|qCQNCd!d_*4V9~MWZ
z>=9WP2#>!A>v%|L{67{k3WUJ;(c?rBi_Wd45?6~|Q6x~Vwy|vCBoOph%CI5z8*g&*
zuJJCUeAzhqW(LI3+OzBKjITW7vy4}LpHIw^2MZvhX$-KmuyUjI8QrZ9QO=bVZ$;;)U_ZyZu#zd^ghi`uVZF~RZ
z=*@52@ci+Q`v+5)H0iewdpq!G*`AuJ?ChQVMwQV^tOL?!B|Zi>zZ>^ey}mjJ|sr
zbP(e@u;{ei9(F=)eG&M|wsK&5>GvCyxsWh6%^qUD4C^PXJgclw=2w_)kR(dHNi$1?
z8}2l+JcH?ZYkI)H(1>ZQeA*fgV$8AqF01kQooKTrt>22pS(c`w0c^=3Y>!qhyarZ=
zTs%hY)(>-S`>*BIO@D6ATOp;|7o^Pxt?`blq*M|z7q
z<}H*q$#+_Iey?Tc4;pIfqn4b1)=*RIO_K#Rg&SA~))Z}^Xwy2}b;OtjhvK4ksEk>M
z+M4AkbC#p*S&lMjF$xXYv@kgenY3IsY2nW2z0BD1lb}=?Qh!3BXy%GdDi_DG0Lnog
zM%>lh&W}a>+ZPV#GjT)Yv@~Z+Wn(kVvMM2=rOePPWa=!(@C#)75RH|XUQj|tR9kY|
zCgZ|wJuDX-`B_f#CHyJljq=ih!A2MjKzTQQKb|q#yTP~^
zt@!EhwgUbv!41cT8;%1v9M{1=qs;?RoLYqnm9W#qjVfRUtHwzP(S2I*bWx;l^=N|@
zR}tLLPCKWAAAVR+L(}idhvs_GZ3zFx;{><5{Q?tpcw-R#enm2B^`j_!G1C#dC;Y7BMl%6A*@h$5J8ti6
zn^}2;9kyn}HY$9W-9rv-XY+;iFKaizjE?;wy6;@fVb_#g=N9XDA6}3l?%wuJc3i_R
z{-})dwrhT*`SHRtIOHscANbn%zzOM6_hS1cmb}nqr0K1e(fC&On2w}G`j2S;6Plo<
zg1byyDUKQ2rOy3^wM-kVV_DT-mWh#vTgbr<2amWAeKq_hKNy{gCb<)({V(#cIXdj&
zbH}89mzdP!`bbY|nZjC=;*5r${H%m|_)2OC^gjHT$8DSCJ^I4ph+xOAE0kg+k&@*u
z`EIGmknt#=9iTLaGM!|Hm_lXZ)|-Rv*IMM_*CfR)zh3Y5RbI!0d^I9n?Ga60Y+!Jg
zk>VC*Cw!OWpq*C$!&m3s7V38y*&Kac$zLtN+~6P*b*EwNPDjBseQ9DsNM@5i&~@(I
zrwAx`@@yLY85t#bf#*z7=1g&P&SZ%&f0GJ6aKb2M-K(doMU`L<-!g_4s;A;)f0J|x
z7rIG?^O^AYyg(a@#9qjIFXY9{-)}1ReoJxp+lsm0iFx~qV(oVoXa7Pm_AeD*?<=;x
zmLLYe-w&8QR?Pit&Dy`YJJtkQ^!vG`C7jZJ=ANfzXy=`*RjAgXD_Jg%x;6A>eIGW4
zH}EYl`~?auT(DNd^G?rueC7|}^zm6Z=-u=m_vvYEkmo!`hhqL>_ir>qWg4d%L6Z|s
zpk`s`;KTkj*-9jp5+*1>n}H-z@@wiQy6d8Wq;kB?Mgh#b*1}VrXhV|cpd|{{8ZII7
zQdh|f5YvA_#VKl^fh%Uay8R0>0P4(pYr?)Q;4?7?f$&@~8JtvL=vbD8z2`*;Y*bT4M`=~zhiP$sNcA&V0!a1ifH@D&hA^AlV6ZhSo^%g5W
zH{@T3p$OGe=CP{PpO~s(VuADyPOGn4J^G*(_*GntA(cB~Is?n2_`#x|cPio=%Y4!T
z0^B*ZU3ZHY5T4`-WbOi`|LD@)u1kKWbw6K|FPW!2VaT)zxZ61q=Ne
z+XA@zN4p+@q$92=QZ-#@djP$gql-=@B?a97SqmC30@F`ZpV7u`?F`YiHi+%|Y+>!(
zC?|Q&2@tl~y8wNcV0l74zrO%+?jm@`84A(qz>jV^^_ab1vCsfIn_xqTc1Zmkd;gfz
z%Lg~lFp~?VC1OK&*axyxr=$%`YDFW8`~)Sm4+cUr&qX&(QN3mf$$lLrJOGsQXnnwD
zbhM|VC41OszX%^`sUL#OiZ=1Aj^POEZNHV#vfAqCXbW
zJhX6Nlk#~DDNwM*4fTXh;Oh{sfOXqGc{}4)aXD~Zn|)sAWAis=?^bSEKE+94<{1@f
z&<`S@whVjibLP{&P933}<}iK<)W9eglHP(-Tyok9Gv$Qe>%r%C1{f0JpRoh36y%MG
z0ueATk8FC8GQcw)fhgsnJ3GWz;x<^r&8<{O=3KRAo%EG!VVE&YgaWwdm2#aUC9O^Q
z-I_zS7Tf4iOF?Ng+0YK#Y7}ZWICQ_|S;#%SK%*duU7@WJd8#zX`EDP@RLsWVES1W7
z_;gk_c^K1u`Ur7QcH`Zd@xs}!7{7)+JWzcia0?<+ad#_t0iM0=C=3;Kx}6*bsbd$Q
zqeP7YPcYwP;Nu)_4q@xnJ|_Hfb|g9;1U+;+IK-qNnD%ou8eDD+2f%lq4;H#t3!N4)
zscuPHzEpSwn}%PoZ_j9_GAJboZN8aKZo;bqLXW0}O%U57?f-@m^G5Hy2!HPWwDbT{vp%xe(sxpY!j-w0K>L*2!?H!6n}vyWhH6Z_LAZ;xD!x%+O$|Qr)9;`NewEI_t2&waHq4mbx}!m(3~YJQTk+iIleNwM`OM5`mV6uSA=(
z6@1EzH^gMCiQzVh^MZ@8al&rLMi0IhN!|H#ZTTR>2Qojg>0{KP(p{Nk^w2prc;+`W
zv-FZ;pLc>NJVT*N0|$Y?Q4e|p&cv7f5Zv&9!0!g)F?GY2T^KDrCd2rSqvGaMy?ieg;E~VnC_z=8+v?o`-6@1h5*zcC-$m)
z-a&YrL5M-yaH4LnOW?AE&X70xbr0qYZ#NVf(*~BSbrT1I5{sp%d2SS5sDlZt1iFV9
zKT6R1F#&qChr21I*Qmo@ClNHPH2Pio@fpLTsZFjywkF~*8)1aodDs~S4HCIA4EC%m
z?2#ZWT>95ezVP_Gcd>3+$H2wB8g?kYqqOWf%fKTEs6qwv;YEn^sQ@fd7v|Vy;`I7G
zA1Yd=tXR82jkfDYcc;i!v8LqB$GMp~o3h^OiO&eyntzKEcs0T%WqTf2l+9b5=gFBL
zTXlGJ@b(zxVPftO-KH5{v!gzOHvN)=y|&lyp7s6q+yamOiO%??lXqPOq?f%SVH`6p
z)9@zvlrCj$Lk>A`wIi?veHpUJQ~RUL~fPJw{arss6#PiR7Dq
zhDXJz7I~rYOvN_S%avlKdc0Wu2?n5v>`{Nn(HET4>o
z9l17T)6#KW$m00~LNK5)qRzl{nPzTwr6NVXE)?`soPD`6CAwP;qx`y+(@q}NlRTU;
zhf3be_`KAos>+euXfROIpsjf>4$lCwpwoag3i}c(rPKvv^^wy@cWu0^Id%adxH!Wx
z8(=2!AUb2ju5_ig^#AH0YGK2%r;X3ejkW=IGSMdiUqT5ip%CGUHFDi%j-Q;joJE&?
zk8vW+TW8%tcNXh>!rGcAKhDXUoBU>mkVw4StfJW*X}XkeaCwzYccgcdeKCx;UMPAk@z>C?*P
zDR4o^ELo3xaA{>4uUl{(Z6bUJuJ=wmyrDA#oW9w|+hh#ImlIs79GQ*s(v9-sMzNaD
z!1WdFUaz*HMT$Qv7bmUL)ArlXZ?50Pj>K1{AVAIYrz4gIwK2^N6#fJ8ooXk8VoR7&6!7j$c|wK$^#fF8Tq+8WG)QLqp?j1I(R%9=oC$(hAL_5tJ=#N0tfh}2nFlv_$WDYqsX+_VC<
zeJYMZS|yQ6oDWqhQCrj%SwW$Ckf_j+1-A71#WJ;yb`4^3`E617h4#5GLBDIwPE&td
z)-+8q{IoeygJBUPG6s{ich5Rdn3Jz}V8`rZx592j?y8ab5)RL_*s#P~xn>EG@5koF
zfRN0^z~`YYhXzNs5a@I0e%mLr)v_R%PCof(R
z9%P@w+PUQ+#($zpOAuvxsIR1eE}l!WqxrNEY6gtqkWjmN&>;_D8WS>hhf&I?+z5KW
zPLP~MlMSQ&TjF6%fkpCluGNlTj|wmer3uNn<+rY|;XwyMUl**R^d0h03#b#T(I*mS
zC-H_wOY7d~+~oi$EG6$_sEfL<(%~lgfo3V!bP}8;ZTM{81BL{h1%@H)<;bTHzoUb&
zfIELYH&2>PWb;}iu~Cnq^$rDoE9eqZDQ=F7*BE~sb@>&VMKO$o^xEX#?lAXE7sB
z^a&IVXrE7lTdP~E5nKXU2Lf_BGsc%7$=db8I;_XfLz_hD;1A@l7N~p40
z<&NRm$4^8&kffiE2<-K|k8?s9FvLr80cIwGE5SV+A#AiTc~B{LZVmZTJVVRLc{f7g
zkwil10*aF(OxSlO#1cl%s)X8+%<4W1D7BCXfNl#<$Q}r916HEn7~h8E5MJ3uKRo#w
zex*V-ZNV*OE>9~zq37gm^#cZmkwuzQ&hxBOcpPZc=tcuho~fqQ9L+fGCPJp^Fmmf7_WMOy&t`iu^r>jfrr^<~z%dvz(Doj>$f`8pDkg9L@)5ZG<=_)3}AQm^}KmQDm20kkCe>1hg>#;I;HP!{M
z#j4yfkY>h0me$*Xq@m7RCcRZcP2tq*d}
z(ozw3&o`n0#7#fKV5smcWbnYS!}b7Vb~?!C!~UrJfzJBf3)=E{Bk`dT;T@1gkC;W%qje@vl%ibA$-Xb)JHw-ZkjSJDpXCw|^=s*#*mZx5HNjB3;ytA%ieJC!ZBNh$nE}9!G7f}y28O#A1
z0peCyFbk9jg>8k(Y61!=Z*UffcXF4f7~POO>d=vuSqNVRwhPY_!pE?y1_r&;H--4o
zO+uISnVBVDJ!%k}=;^Ly}st)zB#fFH1HO#CMXHi_1cI21Ec}
zKPy~pNI?A1j|8e9vH%VNEM1B8ALBEKRt_InX~t5}9>e0_5^+id>(eo*gUN9(BvX`f
zkt60Tjrp+rD-@c-NTR8!DTa+85WRuP_Y%{MLqz{zj`YsSJ7{XEdLYHp533hYllD5|
z=Riz45CVDWr#6%(P(KtnP&kdTEfWPvDnOwgi3mKa%G1i2ni6dS0x+-#3RH{h1%Bdo
z(OrxcrIJhbN`A;q-$mC+LpY!$2TJ&uR$m>1WN>*`mzTGX)}o5Wm077;y!?tIwQy>I
zT_;aVM+z(~EYOoq33l11hxn^XdLt#hjFPJ8PiE1=NYTQCqDN-Y;z-frgrdhrQP}WO
zWzlFcw&-S}sFNy6$r#2L-bxg9Q-xW5G`{q9qI7zM$Vq8@;hjX`^dOOSV|?M4W??68
zH_|`!0v=y-FHthxW}UNeLJigA%hN4K;XR`;Fo938+%zrM{h$sc&hOs{<-x7J%_2n_P2=|iML@OEg0OP5GQ=b?YO^O|hMWO2JZMpWdw6hkvble}_CNFm#5eP>3o)n1-DM2u!+K!7_7FHx_gdAs2c8$
zPgK=xMVSSLmJ(+Bog2-R8fe$V(9ZFTadv2imAq8y@;SzPpc2A(AmtP{ZrDmS&dX|A
zylTxhu{s$l{jO~Sk#%`$)2LBM07(<(B+~x7!Vf~@g$*R`7TX0=G9rV7ZXvLTzzDKG
zNo382nE$CBqBktOqz6Q3pbAGpJFIu%bE3IupM;R`NZK%6fz)gZ9D@W<&nJ||^7Dx(KPt`@jz)VV=d$i)&}M6(afCb?FYh`E6>
z+2ev*QC#BM(h?(Z^+AlqfHZ5?6qg3tP9F^z1vm=nTc-jFV2fCaRAqH1MPjaD0Ativ
z!vHoe*@Xc8aHiN{*zfg}Xe1s%=mq7s$>EmlHSx3v$;89s5>W@w^c-tefyvKVYw?1T
zE`S=&0{n&*e%wVNMEVh*Pj>1|FOO-zs3hJs`*Eh{S+msJ^d7U@XL%xMLGltD&3eErBfCV#xy+4Ay0y>u#nMfD%d9
zl2iiAvQdM~bMWru@ZAZWP_1Oz?-gebruKHHbnmWM{2>QN^w40%nVLFzS=m>`SBS@$
z0a2u~zq7ZiYI3Kr7TwKK)=QQ3GRt~YmbzNX6;kC2ndKbJOp$KA9#;JUrBr35%*smC
z2t8a0?I)v!H>NW3JS;g{lm
z)ocn(C;9R
zsT5rBC1l2C^@ZS9_J{aoF~^yt;&rs$X@!NgfTC7VvOT7bEIAX$)dNRTbZ<=<`K0@2sJHZHTJ-{90U@
z@V>@o9kIDec2g3maLzE}nurMMB=!Jeg!ySw1*lDBCh!(6NfEe7Ww83Nvc^e=!1$cg*{q4#?kyW)b4#^=+Vt0
zve*b<2OHMOJ5Z9JkopisC~;U02Z@2S$j@PF>JDYeg82V)r~vx7gcQ>hPeEjP(6giy
zAwGd2#bJ8pbHCLTH}Pqqm!$5C3*b|%zhPpMsMokjpG9TyA_^3o;(5OdUpXKX1-{ye%Kk4l
zx=-U#fv#=N9Lx+rhzEk{+brC
z&AHhJjyAa%Wn0#Md5G6SR?`1_M7woObRgklYCa
z(p_mf%UDuLN}+HioyT8{s|o}YFN%w}a=eUa05t-R@(*W*XxL*XRvc7z6z9h=<#8gEHOa2TtByc<@44_OSAgO%e
z2j~+tu@N}wIq3fRbz*h$RlN8es6VP8&bl-!bZIiF2^|9BFO0YB7Qp0ESt
z)Njl!JbHBAh%oQ`nE3FQJI5}2=_%wXBS7r}6F$L*e?wx8R{M#qquPG|oq;mO!(@E@
znhBJF39w?Q49sYi0LxH0IEv5zj1ebKN7HcN?f-Q^8k4eam~hz~nuq=i=%-4)2U(CB
z0T*#N4<47nCm)i9gHXG4JMKumAr7?~Rl{B}aW&>_Mvf*VX>Bi7J_O3KNx3GOjz`Mr
z$n+>u-bALWka80;eSoz8kLlf`J$p>A9qqAWI^$?Z9Mj20JJ^`cGum;+^o!9xF>(<-
z$@O)tL3^>tcq+#e8Y=c2VY)7gck-Lw*i*(_f45f4E&J`AhNWy2(*l1W_5yL`a;PR?9g3D-F4|qB_k#%6vlTa0QaAy3}Ltv
z#=Aox?(D=~qOv6^Tc)$Je$Nt}OD1A^jV-TnsY$LaXVf6q(K(RmSyw%qr?WUIGU3hf
z2^Gxif_W;Kmx6hEHm{!b=u8qS=L>XJ&?Sp&3@^ub>AUjsU3vPhyd+o7(^ut}R7tAV
zR(YD~yFB?WkDBL6M|;#b&(#I7tDjO=d)U=a2}|F@j(*BnX0W55Qb&8#AWtWI_NYmo
zG|8hTc}qG$G)2|&2{ovo$G$*KDoB$G)TDy+SAqJgkk`qjp_-zRUK+zLbb@I(DeDx|
zr-&4;b4;HKG>{52I8kv1m?M+}4L%{(D8(6kI#%%dFV&oG*9p8Ol%NBk9(0Hu^9i>=
zhT#8{m3GHoNhIFM%)O^!_677)Bge>vM0y>nG`0bwp?7A5{>doVxFlB?ODzm1rNBois1A<~U2O@10Rh0>8c|E2Guh*x*zGP6h>Y
z9{-u-Yo4xp9Hyn%8@RBpd6}oHOT~4~&|qlJ7)&tK9kE86Ss0EN!Lqh~0Z1{oUy3R`pSLMvu|P*9}>gF2@Y{au6oADIwmX~l8fmSTz=
zr!0)ooP*_lI<0&_Zs3Nr7o5P%K3#_Y=iSE$P-YX0aD`brm>YCgTzJF$2p;J-Z1J0At7Shc)~>4^dA3k5kW&I}wl%*Yna?JjY<
zbrQEVPvx}ZFBk(>hT1gxfc$Vm9@r__AzauYE=QIoZU#t*`bF&-9w=~gC15ji0{RwLjjn*t!9|D4(NSo${k?51q)E%cTHJ_PQz@HjkT&G!u
zN~5c=7f1!{Uy#IpVrUU@mRGnMi7~nef*z;Zb(S1~1~X7%p)szf41s*NNe0C;M1I3w
zP_}mC^l*qgLSR4#lMXvla28{RMZuno7OdHQhA9Y`TX0aJ4NL=q
zQ=PL3jSSU1?yZ{Aa$NHW}Q`{Cq
ztpNLp!ux@F;yk{JqnbatSDNc{aQ>{6?JJp5EU7w=lax^AoEu-&^U!5ESBQ?{C|9Tk
z(HT>{uX**{;uO`Nmy;_9J!7jhdd8xA9;N0rQ=VHPKoONq5}m8XsP(t0Oy+y9Zh7@5
z2S;Uje9oivw`ffEYt;u|#h;AeJo3Wl{mXxlnvAq4&LkAHtSyDnC`w7RMhoe|+x5I{
z)B36BUE9QKd{n0g@(i?qM=l)U>6nVG?HtwxD-8}@t@XtC$}o(5D0@}o3a6EyGl3M85|Egxr>lj90>LN{fAm(LbACL1D#`2j=t2yffO-xB
zT%d%za+=pXGqcRZ5IY(uci+hUA+>8r1!QgY8#OOUc(X^Z6eoDJsW`!-EyW2QZ7X!y
zBgx}|{M%7Q0Sp}NDtv*X7YbhB=%oUdJ=znd@TGK*a7>R89zd8HK33QJN;t)2kmf9M
z)GTsLZ%Q?Z96gB~oJ9BslQvD5NsgLHj$S%~IgCHO4b9y_`*0Z6%|^-v!QE05SuYLB
z5Ah=C1bx3{%{I;mzt!3_G3j6VxIJw9{T6{@*ZE-M`li)A!#wu{q4@yf(vq{Hpzg_P8CM}*f2g_T-Az5f|15`}XM!w;0;OuAJ~*rN`KH3d$d{BaV{X
zaE+FlE?SJsVge5?L!YRMJbIEYls8`J6|{??6wFO}Bbtpp^VxtUNZ65l#BvRM{~
z#u+|H@F|4!)A7ZPEE!#n-5&$!;{-vs7?+z9H-ow6VY3-tThqBxZJHWZn%uAjZqf+{
z#>JJjhtWXW|Mm~|b32vY&3A83tPTU(>GrgM!5aeCxbTROn)GCDG7J}x>m2Ij=U@?$
z|8jiY&7m$FZfp;9)-!Dk*_7`RGfK!KFMvs@|f>c+Q(>$Lp$*Cug%gg0y*OuFbFJk=Q)1rFXl?$aW
zV*cRMGM{>Kx}+ZGwmJ^C)s?o&hr7~J`fz$&+UjsyU1_U)xb%yy`X#U0%9ZE2t*-QX
z-j!2Tc|I=}xbnOwr&4)AP7CVsqFg9`5vvQI@`vZka#~i8FUf_aFT%%ATe)(NTk7f=
z;7MDhBRpxV%m7bXs%L;FZIzDjR9pGOJ#J}U&j7C^7o@tfobrczOLD4afSOM{k!CO>#)P#>%)CO&vGragGZ>(6D4IE^h8%=39nc<_uDpG(a%i4LBr&vdzY@|i9-
z&!9MXrU?!<&ZIZ^l9=3(OMs>}mq9J4#)+EGn#*+}ov4DP{V{k4S){spEqLNKO
zkQ882K1mSwv!ViH6U0eEJ(VBsv#fm1??w(5)jx&rs8)Sh>(y#a)_JvBpI2@b)oMd{
zjA}KIwOy??WnEXRXR@ZN)pM5UDIFcHGJIhu>$qC|L)LJ$dLev6wd%;qtyW!Gwbg1~
zO5+PX;Ss9Uf~?ePwJ58!S}pMkRcY_=b!AyI_`)SwmDTF$vMkAJbwxJ*YW1-!#AKXNy=3lGTud;7ct35rVd_ALTdPddtjB2PILZvvg
z)g+`D)zmZUOwXuuJ)=U+f2z4x)N>DC*wQnqt!Grnm{CIStJU9y*2{FI8RhB;mDdx>
z(-W$o`A3EYrGBP}90l)YBT@cRH_GxN0>gB)3{!
zNKE%4ePm?Jd_C`(y3))?VKkv&LZpwrp)gRQ?es}-LHP@>r{x(+KqxVQgYEzWFO2*&
z^h{)3`joFkLzHN4j!IJ;FnQxDZA6p8<_vfXvF~8$^dCw$MYYijNSHnf5K*aN4PoSm
z<%9=5yY&-F9EO9p!n){420lTqPfZ;nbaelcLmhJ}OhQ^88aWp!R0+L+Nfj`}KHWW^
z$0~Mogp{?p{Z{$JObxNOcmHy2_#4uZ1CIlJ8A2yMr&KSuyZBf7lVCnj69Kek$IIJh
zf_rGl&Wqf;{k@NIUc9=3@Q0Q@abW&;>X%Onc?>2E`?F^3JUXu=8WH2KjLo}-3qH<+Qk
zKh44981Qi()GruHXS&;i>(khOpK8rtr&*PV=X8p?*M881sVa#&HE4v&1y9P(*`2jU
z2vqjnnubc4x3<>E$!Xp?S`&-f!W?!Ebx8SkJJl~HE!e>%q1ccecciPd95y-^%RCiv
zO7c`JdTJ(;%f#8v%)n)jh_iRvW#Vj0`$?P~vG+vVn5~sh9vK~_{EDl~i~k*#7ymmf
zkFIxZV@?9k`OW3y*FSU;f79#Y*8bzK(-UFxJn%{rhyN}bq=zs;5vW6hwQu>(Z|qo}
z2Z=^dHwUZ##ztgy1oXnnzju12Istm%-_!u6t3rKv2I4fjFF9JwAVmh%zBeJ7yd^%g
z8z$_5f3vCwZ+dZOK6FVN-DoW6tcCo)igVxzXUs9~C)(NT^*S1qW5lIz=ft2Yqvs0l
z2q~lvM8=e7-_Z*j+itrb$?*U>_^+8C;1g^czG9KD=f_<4##}Fqxn3M|y_9*KmPlPS
z(%H1_-CbM$sf%0c0^U*=w{5#L^5l-XfVYg*ceLx3^Ufw8x|O`M#fQ#L-r45E{BGVM
z2ZgAv`plI+n-^C&;?n)THkJY-7W9`bmDpSP5Rr>B{jr{_YYVjZed7f9E@S_vQ^YP;
zlT}}88<#Ss#-TrR=8qIsm(0Q$^XLABGbY*n3uny4`xnlbuJsU
zAJg-BMP0yK>f$O)?~y0h^vwS;W9FYO%hX@bJ1a8v*YeJ)O#L78&RWLQzkAB?%0QW%
zO#L8*m^KuGznMi3Ml`16&~vI|iCR>gCyRC=k2x~;GO^|zLRdn{xq37;l|$zSkaVDC
z#%{q!f)1`E4BD-3<0A?cQr~Et<)m%5FH{@Ny~)fAZ!9$x4=YixWBtR@sdq4thF!!^
zx0~<~`&oI2{URP>Rib|6AZEKZEJTc>VC~ki`AnlnXA!F9`nCY
zitAV6b%dHe@+Ysp6F;fyLG>M8B_AZLQbKyFC+wW3mD@a~311@|DR05sI^NM4nVVrt
zfU+8Au5DYZl#(pY6UxrJI)C%$VR-4c&?^T9UVZJKj%&^=IU#shDTqp*?tte6x(7Xr
ztm*3EOn>J2DZG^bPIJBjbWg!kX5_pl^1V;wK6eG>{uN@2sOnsXOcsf`}ma&=0X2Sw};l&JFU^
zfA4n&=(c{`Z4Rz{1dZG4)G2xoN5xrYS9whMy{e~se`aB3eL*3fU2!r=zf%t>$(qm-
z^j$~b3rdHra-%RMLPC`EDb!$?lrT`>7N`O9tPw**j_zsHN
z=JCbK^A&dI%2U|47j@(gHzrbdcb={m@FvrASLIr2oOuPCy&<=|{SM+7&QdzfW-~;a
z5`I5C0gI*R-_!z()QXlzJPei>@~
zE;tNf)kXu%QG*Fn&}Eb%<6>w=i?SOaq?h0dU3DbqWakC}>=;j8hFwr-83UO?ed1g{
z5(_fy5qKK9k@j&~r8o}tYB5B3MO(nw{2DfdlRI?>=e#rSXd=Ui;E05b96SN&2&AKh
z@h;k}4;5XwU!k$j#1&KqK-D>fsf>PpBpRBTPfdVBL>fgO$~f^xm-7r5Ui8`vloH=|
z4K7I5Dtsf6&t(v0*z(b>Mcr0_PNK^fohQZR=@rHWQun8q+ZY)7VHttwBpH>(AwV&F
zu?EI$`-3{6LqW0D@-#*KpbGuW?<4<)FA>}P>GGH5X$E`=TL^iV%UKlC8#gk!d}YSr
zD2Wm=r`WrA^JWHbn9Q`84(Zi9!A>fQH?=F6fdEXyan)!dp4cl~-Yi@RrB%e;h?IRa
zC9$$@+XVfXxSI%3O2xD$kvTB@9Yay8)m@=n#_sb_pQNUp@I*@Z{ltDY+UZ7nqa?gY
z5Oeg5$y$>dBl
zfmS#9
z6pE3{rkH}_iDE8jQNoV6D)Bjdhs%Xml6gtPHizK)8SVC$u-Vy>Du+J{zKPX_&**bx1P=8mz5(uYp%PUjd)}Z
zvDp;YgooJA%ta47KME4UALR!ZW^9&h`LR&8$Wfe8n
zP6md9T0{!zL9G-w6WD=Y=dPsD7>qSis@-o@7(xIMBBm3X5HZ9fuo^+9k?S^dB0eDn
zV#GuRnYlpokO`&Zji*9!Gm?5(nTi1tr`=uo6sBkC4{`2X-ux*_G?Uz6D0gxQl8Lzu
zAJXcg;HT2Pi_h4kwe9M)O`||j@t5ec1;?;-IrgpF!%#(z@SB=)j61W5XtTM|U@oe7
zb_>aXicy2swK1wQ8JafxZsB;r+C1Lg+nb|8bDmi!2B=RJOEv&?>IXt|Mqh%?WvDQL
zKZS8)>KGK}!hrwNor9l)tz#&v7=z20u;rR2>NIAL?%VwcU1dx6+wc{o%Ln#=Ce?$!URg?WK$}h;D~~aT*^NF!B52B139sE?<@KRhedg1F;EB3)de{y
zO=wIpyD@5zHJPk*&XEspXjKxswK5Qhzbn
zJVfK{qPUj%l+_(P8{u&e~5nY6!}3PaAADGh4Bd_gXyoh
zFh1i#f5nCI85E`hhqf{ZQqz81V&p7XAU*?U!O`zAa+R8sqqDY>nzi4|@Kb*YPqQ}@
zyc*B%^UDOY&~au0+fE1pP|vG`7!bEEGQNiu_LnlOoce%7=9HWu3#7;kM9=Y@Tj06v
zj@{Hor!}u7x4?WdafZw=7kK)pnc~K;eJ+c?#LH>St4di5NVgnIa@$L~?f0!{w8@ET
zbJTQ`yK?Q6v;G9$ioCrvZ`BO0D88M&XISfwykgK`YzhH_itZ;hnLIe|;H&l+Aqu6a
zQ6UPYsD}tqPb5ElE|nLabEqaaKeLf_EE4j!aEGg$>(=bi-ZAesu03YFTw75}+SwZ@
zh&NhD7(`WhF_ZYNuyI3CU)b4_l;*fTziz`_;<7{rzDl^
z8IjkWZS4D;u3PL;EyJ75fKe?h4N{!^kz4@M$W8_pk*dx*$y20I>;NVwkdIJwb
zDSA?|F>Edh+r57GGQd>uL~I)HlKL(F9n*Kv2GV$FO~*>XPAWV2f>JE-nOJX$bx_Ix
zzM}vjLHfCjwF7dCrFA;d8iIm7vfZwf$n!Lq`P2RjHq*nS7z{XZeaqaDSG?rScjhL%
z;wEqIv_T@1eYnV)I&Ty`7#bQ2Zjt^l`!b=2SW(}j9S!J0rbI$Sj|YVr;rxVYjngBG
z<8?0dz9p=Aww$QimCs4a<;-X%4F;tqxS5UKHgDgjvVKeYg$TSeP}q7F$LW-o_`zSt)}LtVBvpcv;l5qM&Ot}A^I4xs
zy>0~T?Tq!qSytu{V+E&vPU@Pz-=l9K+__COSM>Lkfb)5d($TLY5({c)
z@$?0}t~5pv3gKW+W40q`JMLuEgw1(N?P**&jLE;p@}X)6`nx{>fk1x06C6x3g-HJj
zhCBM6j+cF6rGr5m9h@M=yA2}-q4Z(h_0Iw$`qm_!dWC!|Tkn1|XYW3o%zcwMP=H--
zGSxk0NYt`@l}$exim+^}M~m>;=cJF+t?|tixj<$vL1GGw}p;MgmU?e%gnA8NO
zQWK$)O|=r{MF-0#sBa((wZl0nkQB@bPeTSXRMMd%?6D#u?dF@
zvxl9kQu84;xy4CP-`)|ZBMt!%D
zWqkPeaMY7*3mIJXILiX}Rfhk;L{=K1)~#8`Eh-jpF2P;@pJR|6Vvte&hKZQ4W+z`5
z!zDwnOyZK^_Wvz5`EN3Q5ANKFGKlWod-9V+9nG5Q!iGD6!*HPwDOD(Y)Rx%QwBNp2MXuFnzc2pqaXo%L@ZWZQi%
z7x>r7%LDldWZcD1bSJnJc!m<;KDyJ96|%r>W+wt{wH!fnxv^uL_MF=G+-Tf8C>r;C
zQfH;y1a>Prdm7y;u#X_eIqx1)1jd3(=^5~MoNjAGgT;lp5c;LvrNSyqQeo{*QeNeY
zX!oZm-%U&{%Goo0z~k}mSme!
zckLPSv4pdnByr-aKhFH==KsQ5>oWrz_f`HX+{d|NJzcwL{MNI8SDtYUBh8ndk6now
zbAi@kazfBj%)8^q;dN>p%K4FTFgnpFLeEa_FDJ9VoOFLVclMX+r$nEjmxAszI)Ofs
zi(_3ECa<9fI5B+dJn=)|fhWU_`V5?bXN3+6=Wn=_>^Q>8C+rT;CHCG`a~NuvJWrIfrCH8`er=%|p3
z#E{U&t#-@&1aBdD4%?qkY~C53LrHp)H)yavzHj|Rb0@weca?YzQ>gr8Z>2jvWQ^yM
zK^haUjEpyqr4#bP%r~V7Me=1)@?CxNWn(AW#J6S4wA3s6GA%qkExfF00T1ANya^K_
zZ%hQwmL@;ZdH1zqz(0k_4dt-)vTw})$c0M`So-x>7_FzwbMfND?6Qk^zqwI|t
z8J}{WSv&cik@3ori9Gg=
zcTM6u-q|-_Ix?@vzx7^odh)yV#MEc^efwSWb7Us*EH&p*>g`t(-aj&*?%#;iL>p;_
zTS&D-E_BfIT|l@G5W?-@crLZ6aRnbB0;XMxA=DqYgl53(`?0IrX6>J1u4@_
zw6HS4P1IYN;3n#>Jj6}Z^y=0UjVNK+xtsc7yhX0WYdEQ0{a?~CW6W{ceR7AN`#4Pxg1g4P#eCQz$+=cKu>|aQWuU<*N$wl&A7zlnqimVJXt3ui}^Ar~KG9
z#1)MjOsr;-EyNiehf?VQ;{X#lVhkQVcX6rVE91!X$eNvgeS9=c)kJeRNTt%4_Od%|
zVvtIu@q<(<-91Q9eq1MW@kxV3FTYRu$%Di-;nFLV%Hv0?R9b{T44f`;0*bXr`@548cFx6@i
z%6h-e>(H-trIltd(4$B7$gyu(7_0l8+qkDVxxq1lNU;HxadPej`YRAIuTp4V3MR1n
zDuHVw#%YCYV+%^4orVd_La)(RnhsOtp3bpUxCk5GeaKs2-aCAHo(IyM~E`fZ9
zohw^GMyHA_oOcyTNtZ!T7WP_b>dVA}%FtC<<(84=plT7|W>PUL!^FiGllhdCiHwD7kTCm`|U=3t@@D>
z;=?{&r~i!V*A?E|M}d2zGKaXLp#&e`?R}Xrb=*cn@%h<#%L9Tt!OlVDm=K|?X^Nl2
z=b$kNEI)0{{!wpR&SKtKEV~$hhlr7kj_X_PVBqI~D_+ounX6|&_-jG`Ea-1U!(2UT
zg$sVa=dbgc$0jVp5`TMwAhCpNLfgdj@V#bYj2N>;ZEZ?;e03
zGz@cFs-%YIZMSf*hT?<9EXPwnp5_2Hz`~=;Q$Js>N)hliR?N~8T#gw%RP@46rp2+mTq28wsNJ@gf_L6<=nSG6fAK?JW4ID8))h-|r9b5X#
z&Di-h)xL|kYcI@>W9;0U)4oE^?Va}34*dDFueRVmAL1Syok|*BjK~=9b;QdZ@*$$-
zUh*L#B2k1#TFK*wYv2SxC8%pr{0n{Vr>PjR=Ud9!A%{uri=9T%}x|9zCS6r
za07qf242EjAG@8!kMJi9ft4)WNJm%t^%t#_}jL&UYlf*<;RZz@%4
z3b<%olOxynP_l3N^&ou%{_~~|{eC#Op+b!Y-m6?v4oCBbS!fF}D7Qgwf*U17mvGj~
z^mz9wpl&PLFTcRW0{rl|6sF#wVTPK~L}YNwUaRbFV#zn%ZjVRm+Ppvdz#GEH+wS&m
z@Reqprf4{Oem~&16{#|5{K!Wo@0s6)cl5VW6U?vMK02|EeIVhfVvTm$UUYCf@~z7O
z0tUCb-3uT0Cf=070i}WMJi}nJppC?rwkQIP=gkRujxsWYjRF49A3fjkbdeJS#7LJ6
z7df7#p9xj)mIkZ5gPk`}CN^Njni&$PC4rmEV|yiodvz;+
zQ^Tu29H(BEPiaEBb75~QP*Mgx15zT38g@y~pvPX$3E~om7&l3(h-ZTRTAefbE%V?o
zOSIYW+nD+Wq;z0nR)MRg!;Ky?75+lqU$>5N3_-jC;k@t&zbqH|(QT4;=NETQK2on8
zZyv*Y{If&~q%o{CMMnPqyYDow&pw~qfBby$W9ygpMyCSgq4#;G-;bif_RzcByxO|X
z-`srp^5>tow}1Wh_3K0#NgV4cYbL+J2ldm+6Nm1&8FxfTOd{}ajq>rS^4Ss=^Du9<
zsKwxMzzR2;)Y!Ddbw0qbuxF0qU^LYJR?M!<*{79NVvL@_(Nk9e!M({A)HDQKLR7nu
z23<&dV!@5@4Gsj|fPerPeC8?Q)_Fo9_Ts?J7n;Ra38Fs6;gP${D-oek6%1;~MLiQK
zJDx!mpc9BNKW`O1PQLL1^=^yDl{ePAlaGtAhEzTt9W&4mkoY2YEJ_7jgUE}~3eo6B
z7V`3_}9Ygk1zFtD(9J--6z(^KoWzBs%ck%8!^kDxiI?g5(Yt(KGs9PNSN$RkU8aHTlfgKNdm9^7b-^%J5oN9y=ov#JB4
zmD0-Gm1<}1Dx;;D)c$|8=~qVE`F*xm?~YPeJU5psd4*i5TtpMaelS?J
zFrig6>}}wXw-+Ly7ENr(LcQB2J^8k{w{!DoQIW9@mOXB!CG}0_^Vr
zZ2bM64}@*u97G+UYa7FQZC!E>HM@!#)0#Y_L4A0WkCrT-^76nJmGkU>gaj&#FttYr
zeU2#Dm~-i@DayM)DfR3XmlQ>E0vi)Z0Pi++u@oo4V~u@%llk
zj34e)slG|<_Xa0n?EPxLf31-jK4^tcUoY|V6$3x-g&un9zeb&7FnWI^IJmfLR^>7q=Gz>js
z9C$A_f3a|<+
zohc$c6D|i&@}{uhH=Ac?fBbQA(Q38Zoeqf#pGj0042PGOS6A29<3t4`;RNdu6%L~#
z=P8klBr-$c8TChmvA)O*Yp3_jOQGbt?5q^J8Dr!=7W;J3O@3C(fmm2(@mD>KzaDAj
zfP4?hBB&#Hx|%03QPNh(sX$Z^(u$o(W$|b#A+5aB;4)u-Qbg=)Vja+xIruLiUFd~R
zMncR6lT4PHjTvY*W~kYiOU=f#G#hipLAI50EJJ-N$rNKX3lC+C@qr7C7^_l?
zmo}qe{^$UowQd+qr4FT)QPYJ1Le{ZFo;WkF6?18&bNpLA=MdgXX+HLCRN$Zt@#!d}
z3`F}}G5j78GE{+OtQ78v7Q$_d5kn&ViRUrg=Z_9FZp|P{pPUudQ?X`=&slo>lt#fVt_Og2W6Y8-rs}CL+x3tZhJS5Qy>mOQ_Gjq1fh>VW%77T8uaHBmXe>t
zQ`gw)^^+z0blx`l$7QN6bRq7a#AC(^jVmfos7|dG{j@8OIj%W2>fzBQ7PIOcZKC#9=2H=UAeV@B0xGXROI9z?9*K#^$~Q*8M|%;ZW|oOxU^gFeWB=)sE`3?JE0
zS|Son)kGOEmNzIRtRadZ5*5Aimfw5Z#MW4NOdBo}meeFhD6s2x{fUz$ZHR*Rp^WQD
zZmKMGzuwH1!f;0;OR2Yt{P3HWAAU8IgHC$r#M-ycCS2LE%Up_It_4h=v^_#s=8@JRDW+QwS=%v`7k#(#B`5h`<}AhS2s76
zl|BzATgrN0-Q4EG0vzrr+kJJjqHOoo&0STn3@0y?^}f3Kk`8sB&^rGkR^>lUik3==
zKQm)Wj?938FgDP`f)5iC3=1T2{~}){D*?3!$gTA+)l@YOalVe|9?hX`sG+SXvZnf9
zVCS03+IS)hhLcz#xH=`%241Mv3fhrM4?gS6u}kO;>A}f5_@3AvSj}wr3pfq9M8}{D
zk@ev`=I;3Ty=`Sfh{J=VZR3R=Es
zPCy?hVB#KIdjm91A`V6kHSKM`*W*_jDb7Rknd$_vBSskYLh1D2b=Vqc3^~Vkt4#JHYDs02BPuYFW4b1xK*F*O}uWGOZLISV&W1I8-~@uA1BI
z>07(n0HVe4Fe+=+Rn#KV8*{ZUT&<6IVaLF*3ywygsw}vQ+A`mIDUY}+fy9dqgCk|)
z*<^x{q?C(HDr3b}Pv`28)KYL@YBVo&trv<4UnnxnI>$Xl$gqx>>xH8FE$nyTE3bp!
zg$%ul$q>>TMTbC+Hc8P_O^FUnJ>`p4MUI*Ya)3jVbG)n}u^bPk&$-%qHdHxBm%GX=
zmQ!8~DaYb;X~)YhkFQnzK+d-HsJ-#Am2k?~IuC+x8^RBEgru|7N~KFE7W`
z?oVE5YHw!J_U5
zqO-|nKTbF}6=*cMBFVFDcKfZqvSx7|HlaOp3#>J|^jpKgBGIHBV3q}D9Xj1k?y`%*
z3hawVn{Vf#x~OaQ(92J4x>{w0{*K5?bvwLU;|9xY2Vr-S-?8L>%9P
zFT=4rQEb;TdW@^Pv&W6PM?0RbvqVaYx`U22d)8$ElrF%>ZFl>|)J4ljH
z;dVTLS7P|^w%_gnL2I$qxM16{3`(Zqe96wift@rMa#$i1c~$lgvXDu7sfoXSM}DA
z+~&}0q}ym%=Qp)}*bonmf!`lQ6ywwin*k0s&4%2t$8n|FX+r`su-k0?n9h^g|5O>s|)T4sv8F)P*y44t1TV&5VGfbNAI+t>jo8YM?O_8jrp(|gXiFf0i-N(W&j0R0t!
zzw+eM^=l1JY;$a`Ee@mpB01PBqKYdREQ&W|64xI^rd8PUV&g!m#m1dauTCo^_*ns7
zt4wP9%BRoYWNOhi6(sDFOeqPwrr~gESU*e$kg;|UL)$sxo0>2)n0_&7qr+GY7EO?=
z)C|dVV`a^D22yC;<>$%_A1={`MAO}=o
z@%@SG+OdKwXtXyvSDoN`7%hC*T-ZK%yUxqS#ek7-UM^7j7CHfc6wP!Q)H7xpiBp^$
z+E$2-xrQayw8D-CJSvWF#OnHx5Xejg>g1JYuDN*1CfqeXy)iVdYS{0z!I_NP!(uGI
zag~W7Qkx-Z=}e#=MtY8aZi5`W#xEsmAPiu4ZFoBw`3@iU0h=fQ=M5EEL5>m
zj$hW&7I(#d!U4=~K@?Z4017oSDvusI7M1J2mb65}8`1GdfeFvdW;#fKdoKrOyr@)f{C)`w`v^Ofar*l7?@
z2l5nczmEjw5Lz2zi~2Wo85z?~*CH@0aw7%a@G4-WRANBb?07uv1%2Q}Tx<3%DV>Yt
zgkP_B`|O_IWi$}>hwVqgT1j%vW`6;=)IG)!p?sPcVc!Z#S0f<mmzAZ(fDzg^C|~=H2l#a+(!i*cOGX08fphCHMfq1NoO-vfZ{6LRYWlpA7@##-WaO
z;CCXfK@e?S+bbJ51zc-wi1sZSD{`!hVn{alp0bTK#P|pE7K}pJ1s)KXr5K#RY#>OQ
z-PT1!y^W!fSOKd0*aYljEWXk)B3s|_aZ>EJ%f|t-7yO!Q7yEZ
z#Br_yMO^3M1#S)_1bP_pBbrTmQ`^76ej0SC5m5`~Ib6k`sD~jSE8IXT7+Gh*Kqk+C
z`N~rpc3=$-Oq$0oI~MAxB0^C_GXw+zRP*js-tf0Tq3#9QSMb%woS=ClJ04rx!!uOv
zk}48;PV!CE)5$v6fAjMS>JhM27(7;hkEUl}_G5H1i*}593_XB;)*Xt0iH8VE9wNDL
z;&$|D4&s_2Dv}QET~~i#c@13uKM>@RdOe
zD6*(m(Z&1RZ#8q&Zgeh%cJ(5B4c78`=r^>QIQEN&2`kecrxn1eJCJ_7g5JA9G!I^UT0xB~VTD&7Erdi3ESJ^-
zVw$ebgHE8t3=y6~6hkhVl|q#@EXZS;&H61sR|JuTB3~Ip@daJ@?X88p6wKcnn+xYtYD(>?1)8wC;vktTLC}5Whpda&0W%>b3zhIuo
zd@u+)mlm|8V&&?V%$N_GNBevGFP5nTF#tm6Oc(?afm!p!LgIeL{&zq)%TEcVp%$
zeM@f;xZE9NW|3Mi;e}emSchAi+pmugH@7PnHE|)uudfdW0Z+31$_HA=K*Pyd1sFvb
zYuE;G{$m)V=3zAu64~^lfFj3~!34%>69ZInVxak!3KY>~!gkHaJ?$J-hx
zTtW8?u0nWf7FDq@Xmb)xg2y;Js)+)GREknAR)p`teM0qP*r!m{S3!8xAI1EN|
zv?}{2l_N{y*x~~
zKce2n+~a}7;_pK9-sla5KR={s{yyvgI0yrNt>`5BtXonYgGivz|O};f=e$lIfi=JuMb0@>2Kd1
zpWu)}hlI_L_axz+#I%NugB^pIMk9KWLUmyL@tb-**22Ih9`>wFuc+L%_7)Eqh6Z<*
zff}RULVW?(R!0zwaNB@=q`=b+>yvZ2QReFW0rLrAPjrFM<~SUwejbo)N$5MWKxuhG
zS;f~`dwbXiA9yBl4Kdn2NDIS$qs0z1nr`4%^@-3x$zeyEB&9R=4^Ar9hsv8b@lMu<
z4GeZE*qKCwWUx~a$0ThZExy?$;*Mk=7VcxKX=t_?T3zXLEW{b0_0_EjbsCOn_!vQA?9EP$i2eWnulKRG)O2?-w-i+UVwaLt094SAhAW-5eB-DdJB(NVOp#!rT+i~zYgsp@Thzj$C?hVy0}N2bYTZZyiBj^P*3pz4K=rI(@P`0k!
z3|MRy=|g?QxgWxrA@wahQgbK=-{V-U~;)zq{xCWtcO(0Pew5DS;!uqYACA`Q);ejR5c+;W)Hvl=wIu35y_zkO3KjOoUHj>aDtpE@|*R895h%09H12W8Z
z-r5an7^S*2he$j}gzJf`kh4dCn*c~UskdT!MR}}Qr(;I
z4U|f0;GZw3Vn9$BI1*|yp(9C8LE6b@WjkW*)Y*gAEaA*sd&r1GbI|b?Nb?P$;}3f+
z75g7yu<4C8ea^aIp#swjbF5T73NQ>;1*W1ptE=}1D5^d{;_t0lQDds%nq%!LFtONb
z+#Q5?BUNg2IoTCb>^}OV1I1s(sm%HbG#U?)^hLcc-r5St=?7(e{6wg2nE>@r0S8Pz
zxi8Phs)j(j1~yW8YPXV`Vd_zE+hY;eexQP=jZm=%ugGP`$1
zWX1*>vUiwh8bogtpBFEF4V#g2%3aq^GSt3@kSTPJ(Ty;l^3-k98A434#-
z$y8%Q^LcnE6sxge*fD<6)T?o*IlIR1M8Ak*@M}26)m<3^V6@Pvt}eevofXUq+I;x|
zg3tpA4j1AX>KM;p!Zv{cBe!!B_HYv4kSl?;9GxvME@SY}mFNi+>XCSa{)mSBZui0>
znGQWcMS%+|lIJj*8Q}*e?s0%#xLUSHz2L&ag3Mu@csP%<3{!G@UBPkES4BgZ-_5Xv
z&H{VHZIJ$rd_U_xD$nZJF5nYLsY*tK>TY`a=WlE0`L^2h_xASMsl{OB+sXAXZs)fX
z0wg=JRjNn#2{Si+;Ta9kfo-}V8+et2ix4r9-Nh=2J-fQAB|O{B!^U4U5${?pY{hFe
z=OPrc7cM%AWJJlH!>zv)}kZ$n_Z;d`cWe(epOvEG=MfOs$SWEWPq+mVd`
zr!YoikXlHobL03rA@mE6+Vq0kw!DWAh!Iej4Bre*P`PW)Je-uO?pA7pF*vUis3P%q
z7EF**gFI>{j}(Dqq8N>mMHs1au>@RrxmYeTA_k5LX}q^@`mp~U
z`R8pPC8$|^a9P7=UZB(Mh2sE8x^Rj}o-S7AtzA6dEo!oH?qexMBluOy^nZL>d2(9$
z;k0soT4|qFegtm%w6X*gpEMrt#EEj3dxS!d8+6Sf$W}OTnMs7ByzEs?2YYjmj<7pJ
zDUAJjCa#!=-1`_}OD>r2#sBh^IA5NK=jBV~cFB;9-17mmmCR96pOlOD?2{Esbld$d
zN`m5&rcAv+|ChsPIniU@jOT{xFv0FrCFh`DLo`FRyj{)Y@I
zIoR^3(o=u(Q&cc7*KT!5PpuN36USEF1}uHg`>2UY!_)df{~KQ5?hkJK{-7K3m&nZ=G_73(^76?VELs+kHdtslR~Ap@kAa?-jcyxjnq{jbytc*`Q&uI+
zab7PX6cl~qlY^r_SSHU=qX(v73R)G^N*xYcesmF9M_s=`-lf3jxBROP1L6OS?7icZ
zJezuLGeTPdT6+Za9?|FhR;+l@eb!?@BV}VoIFIJ1fMu=V{FkUJp0ZVZqY(!m%fFAB9i$L5{Sh
zUsSepZ~ZT2OEsN(=H
z)_aXbrvrZ%&Ij!$&O)KEE*>)40^D@i(2NH2`B-76v{umQhymi*?#nzTS$lbIw}$l#
zXv@!7CJ`ppwW@EP5vnEGw}~@t^r6pV{UDS(M=cP0=7`nSLTkTbu}L5daRy$7z@R6w
z)X7%gMKgPirVQo6xC{}lj_g+K)S|4(3bT~LPpw8!8=jqsj{{X(hYtl&_xuaC=vFTj
z49?5;jFp&YH-qWD6RaK?Pv&G3DF)6rwigPG69ADLF!2f@Q(XjvG
zq~<&X8z_@EKQ%+#`X)
zVa!$2TQB1JXxP8vs7HLnLw@cQFuXO2h7$Qv3&^p^hwc?^Iwgv-fc8clA9;@5PC_;n
zUKTk@u;65W)j~h);N)qD#$CT*O|Po?_uD!(U{y`QpVxJo7SzW3J-u-o*df@q@(LnV)vwy?HY=wS6=-
z^=|RaZ`+&4m8r_{_U2&)?;RYy-8}j2V0U+_a`5)IO?|XQM<0$h4>ykv-tF)FcCZhP
zIWTNPL8N^3P{TyRF})S>I|<%2#1IXOPTTEaN8AEvcs~!rK9L|H06>eAA3kcQzgHR@
z@es#la4!O_BK{7Q5#?TknMs*hEX74RI=_5%bJSlor43!1Pv0o3^7T1I?QZ1
z4_v;ko$CNgQ%@{no(lhtU4Vz2t=K6NFDv+~j5rZ>F^zpyBmQ+{J07LW+E9(;w&11&
zAp-IU`ye62YavF`L_Pf@9lu^f@uor2jc|h$D@c1PYcu@%1*W)^Q}ltmA@1}sxqbsH
zF3_2Th|_8=*0s%-oe4=5+~?(4a1&!va1*?qT1-4c4~!sG*8k{KPdW;LoE$Kk!-{$7KCn!%=!~OqmQ{puF4pTa~E0btFGpwuL6>o
zv=g8YlL`|s)Plhk+GB>j9w`tb#$EmTj3}6!WQSdQG)s`N1C=~IeM=eB7ZdO>l1Mhe
z8kw^RMx?ktmfx!x
z03G13Fl8Rv{PvWQN=qIXg2ar1l2YRtT|ryoK!I$K+cIWGAQ41hZn_r>Nmplq=1`Fi
zVUw;BaIMHrFjC@ck#K!S>IIEJsT*V?dJioh&ivuNJ2NX5e;f_By5GJ`k?&i!!mx%1wj5Tdx^U?7VIB_ieCWZUr+~bxTLo3H
z2q#6pUV_6CAC}>;TooN#b!&+Zjn6^KX|LH#Odb4j*IcHedHnI#kkG)J3iwl8E8pPBU*i?^x4526jwge^Nhf}cSIO6`MUoa*VWQRH=%)mO
zgjXuUg^sXHi8)ib4(dY+n<(3s3O2B2VN3UZ#9Xs9ldKP@VSDTM2WVQB39zyG=I!xj
z&RN(zI@~np5M|(fe?kF`Mo5_g5FA+3etR0o^f{^&ksHFs+y>B)GHm$xUr;t>7qf{b
z2hbbbY2Z^KufQ&}sEf1Fh!@jv#EVHh;+0g6n7bi~$A!nnb>A$riET1_TW?Xh9oE`;w{(3=`~WdBaKl37ofQpkTEv#0
zb>fLteOqNKe2hkeQP5P6V>`DY{iQnKAeUCXOac;2>t9|!$gKVIH<-2eOg{qlXSDA!
zamUjw>H5>5KEZPAGl(n%bxJ{XN5N5XXz^sXj$=rg^{p7XosRVrk=;-aC?sZY=Fg({
z7eg)&;JEPD%&kUahV!C6&!_HtbY9ly1v>Zic@fV`u0Ai}dD-Ukx&m^ptZ&W)*rWuI
zv$w&mRCqe;o3Rf%UPmr~I;H3u`un$-dJipPAW*GRpz%gC3Ug7^Sg1#53-}A?>~!cZ
zSqJq2n!sGkP!L|gHV?zmK^KEw&&r+baOW3cM$&Ko_Ufi+=iulg97TaT=AkKKM$ls3
z9G{d!+lba_)GdQhto}I77u*Z@0}DD|@Y?XF(1Ab2&!_pKGk`zd5dIV{;ZN}j{*m@8f={^J>}9&$Oc7EkHZqa3
zhWLDyaO$-3hR~YoKtR{TY4}0zzYP-~PPZ-<#j&SIzOOMdPb+^Y_$aclU&tL?SuHun
z4dJmWf;+7j
z{ZpQahZg4^5j7&^_qt%>hFmHo|2jmzlhS`3k{N>bPjAy8WSfTa(Tg1zy^a4kTDH0|
zLd#Y+4EnXH_g8OII}v$XdiN_jxou5Pa@*Gao8wrHV1L3oaHIXO!MW~CT5nMJ$Z1R_
zosQaBimrN{Yf>&vKc4zA0h#rc)Qe_AwPI~wkJ)429H{kLJW^{lts3?=;y%CvsuQNE
zu+hZaHZdBkITj~N2{cjI0l-N4wMG2foR7`T;&P`1F?6KshiBANDgmn+PXJ;+c
zS2Pw;g@{Nyn2V8fmO;%_J&0r6C=Zzv_$z%zG}|ESP!cJ6&kx~%?{=~CJ!^U+p3je$
zX7?uz8BCvmiJWIyM0RmH3aO=!r3ue--Ad5q;PJDW6>;WOFI(Kt8h!kr0x}k~r){37
z9Sx4~udQVI67ybF7pZNr{s7hq4bJ=oLi
z{P5H*da$S24(w^Rdkv@gtUc{c_#P91f9>?Uq)1V_;0U%4?R~n)=6J9l{S37%2LB1_
z=la&itc0q`Oeg{v$gOyR>rt0}Gl~)P=~%?&kZKbrTk8Hc2elbi;pB&Ho
z9CNdiz=L9+%}>UrOS$Oy+Z?a_S?#uP;&L2L(2<+P&uRz$WZTYXy$64SedM$Da)UER
z0(fX2hI99`-ihHX|55;_e3xqU4opMC>6@rdGCag7&V7vI*Ph4B_GRJwtBpB~Y7u`BdBC&*sM@12iiXs|kieS7@mXRikF-$0WLMAq~
ze(sB=16Rg+y+Z%!$`_h&GKqfC3-yD70j6G?c@F*7O)$W=@aVyr&+E7Ya{&=&wvo@Y
zcH)(+<#=IZ(qR@8lcmNwCwViD{Ji$qAg0!e>gPe5EU3yq2$^H#3(*6wGa!YZUI<1&
zHNo7I6&~YVYc0PH6N0l+DXbo+nB$kI@^i#&Kc|cI<$RmcAB0qClH2aoFHzY&!gPN^
zHWLV<-4?#N7L(*ZL4I4C8Nj`nfX*F0chtGd=dL=>^LbvKdwlMx^8%k2)OnH5i|V{Y
z=Z;-!i+~71#Yl7VspjNU&B>>llTS4#pK4A%)tr2)IZM(S76m-T_pawYw&&`%(jYh*Kl9n@pPkm#Amv+nX~wG%
z$xnVoFGW0cSBwV95`d#iY7REy{fkZ2AyzzJ>wfS1uR!Vp{r>dZ|B?66f=8yI=l{S~
zP3{F9TwKS+&grkV_l_-ZffSu^52S8%#On`wG;C0TQ=}#rfz<-$V?YpNrYNa%*BKb37_vIKmW&!&;N1k=hJ(6?G)p+lYBR~{>~Oq
zwgFrfr4@5;pV%I~c#PRwR79mXLR6ykP!MzOwzW>=lSACDBPS^5N3NW>iYxwR9@|ZG
z)+_Y7crtkU3-am<^7orl|6w2E#2=DdvhVRNBmpeNc@m3vE*e$6ckk-GL^OxgCQalD
z%LT{1<=?!)1Rxze(RlD9$$jskhtfHGKYxyM_fAkQrL*&Dd&#Gafa80^Kqu5e2_)zT
zsDqNaA0_*c_9tSKfn-HJ6$s;$&c?_>&AfN4V_7rQF9~HwO1WSN{`VC7B^*=<{$s^{
zGN*qUrZJ?mlhFc
zGCfFhb=2w{EU8q>t;22juJP^v4h$u}8ehD*_u<%jiO7Mw;@CJsMaFm)6#ljbdOTqK
zB$aZe4q5Ar?@$sa)FPiY(t2U?RWx1pdT@NH-`g^zkPY|0l{bI1%-`bdwT*!=QsQwb>=_<
zyWyWdU;#ynZ>jnCnLXwcKy&S#Q%(eOy4<7&^puvXR}C|43ev9p-pqz^b8!am>CspOk|>T
zV&i++&w$d5TF~xiKa2grM$&JLv!9{K%&?%{+kU3KSj2*MfBTvCWf2S7{q1MkpG7Qa
z_qLyDrxvlG-QRvjB@GMO{q1K;)vWie``XW_pkYC~zy0i=Wu#N~Go2e#ENJ(&pP|Xj
zu%Jz}pS>9|pDE6r8OAJ@+%`5}`=2tVX>Xlb8@+XAlb(lSUz2v)_vO)rzsR47CeNO50jbw>e=2674`fsj}J}HUGrAqRmOVA{230;I~WkTeMksgg2}$R3)Uf
zpcI6M!i82Ds1lC1=o=b?ao-TPdv8*^_e`A|yfA*9bSWMtyX!9HbVgTtPL^hOViQwp
zUvmc`Cfqw1V`Zj+B=wz6W_P!pXrdBGTL5BJ!oA1hd@DJQ#ze}1?zPW(+c
z$^V;34(jW;Ap>cvqM5N;441R?T2A_H?<4h_p``wIbm91}`@3B>s>HmjQ}Sk~kdzPq
zS>N0_W4=HA_21T5OD<8*J$q)f#$24aY_HSo
z4!WI11-Ybaz?7zfc65f(Etu>Dv9c*WRg7q~Q`we~I5H|J6d0f|ZvqU8J@57?i1mii
za~B?kP}eQh$bbFYkypdjO>4H20&*Aqx5VzwVa6+b+OVbpxGr@Q^4POZf
zYBF#rN0Za~nHaONtS(HGuh|k*FNPj;P$*ySrEzcWP;F@u(S3FIx5sMknNXO#JWG7}
zl%iWhg#!OREn5W##&YSJ66G&
zD5@_>v4c)SJgm!{0*NwmUUH;&r(F9L0`4T*E)`wfb9V
zX5-h4eu7}n>}|g(dbZ2(s`bH;e7f-~UUx5sksoT?{xK=ZEPPm{3xH#fgJkjfo#Rrz
zj
zxN^k8I6io5^}12Wd2I#?NK0LkLNDS%TS2QOS6>=eRq80YwHM!d+3km45OG;b3_
zBURNw{A8sw>A|Cs2Ww#?>~o?bOg~5}M0)gO^zCDxeLwP{m{GF8PB|l7nCv_mS^DAGv$yWX59i_bQfbksz{j1v!~(y}Z@)s2a(Cs7N2CZuK#s
zsgD^CIoEZ@1TAmH)J0t99O3a{my;~sGQPF|AyP9gFy=|9x<*Tc6iE~`
zHtBI!Jx&>bZYDpRw_;7kJ?r<(BB^&^XDk{8boM>z5ta4RnjM)T(v|ke?2??Uz*|8*
zKqV$mCG`|>2Fup7jc2)M$Is@iXTQTi^lZYs;y148_t8?A&2ttYy(S%_kfcxG8?JFf
zBG&v`%n-3Yv8R96`PI0F$UA1|gK&#JSOekiM^veilS
zf@}#$&@zUn!_%Ff{A1Ye$>Z4%I;zTcw~I0`t+qymijZn>y0M>
z!F4#uC@_{5AogrOvjDcjkjpshp56dnrSCAdINmbkGUWZQFtae<<@<(k26O}UUeFhT
zkY1Xy{M=jPNz{l)T4@k2ngh$4m3614Z%c8YZ>^)uV(g7EwwNLF#j}j|*I6cUG%xXj
z6gWr~(DzjVU4s-jO!mu|uQpSS#=?@h9t=^EU#h_H@aA!%Rj{G8F{|uZkf6}`+5EU6
zYYKY1+9gL=>36B`ZFf82fIzfK2QeE3oc#IYJpBwc>3W}729zh8fGUk8aOYN<
zZ0OiNX18e>y_hb_t#ftzM3`i3K=tgTb^-g?!U@*Ey_-+Y1J*Q*YgVF6gA@pt#2wWHeq+*ivxW
zqvPLv8TL^yCHfQdU*Vc1J>+Be!JJ2G(BBQElzrQC`6D!
zp);P($8{rQG{RHHAN9d_I37WhCVVuXAkvgryL#omi&rlG{%jOu+Mt-@49@PC#3JWB
z^8H1O$Q(wjHJP-$<#~(sN#nYgo-?YvqjPmk-`)gSnhcp>~=0
z35FTZma`n@H#!&Dw~1Fl88rKLUft$8tXZingR#MX9&t1T1DyRpA%0*|tBQ%o#O9$$Vr|i1V?Ze{3+QFDM#wn&PKxLh
zMhz1txmqNCJV3h^Y;)tEM->xq;deZUY9=jSk>Y>C!)5bfNya_?=_M=H=b(D+StUd5
zhYv2NAAI?Yhr3}sh|>ebxk=L_Fs6r6ADZ~wB+nWbgq^@CaXqlMQG982ecADi?VO#m
zp5ar^)Vt1%wyDOCl@mIv=*E~!BL==cSbs*~T{$`Y?k26z(Z#Vf;^z;p2vF2Ad7P8GD`*N1&V2L^7s
z84~V0El7U4lQ0xe%k*H3YnieZjBlB;62vXbe8SaFWSCc!H9(&5xV_z!qA7;YU(|5%
zlf**Rc9jx+(KL_#LzR!~9a3{ldd`)8et-x|Wt@kJuvErha?$pmlDKi;?
z(q{IJ`+C{vyOD7>p)2u~qI+PLPpC&?W%$r|<{r}3MBP0tCOX9kPMF!TF-`$(xZcQNkR52|x7(hAL^1qNE6)hkgSSoMqbgWX#A`J|ML5
zGgQS-v}x)G$0_vXSrmeBU?$b)$up`d{*pgOENe`nFxv~|vBVvFT%EHue+V3Ngq{Kz
zzJ;-!{gAT61Ak?;g3j6CTJ<5Mgm{2CW_;=?N
zzU!+|j+GuJ??UeF+g+95h#)};-Q+O9M(l)9!v{*a+Jn=LUZVxmy|vH)KC-h=?=B24
z)-A`i-ohsAEG?C&vI?cB!Ni_7=x}G9Q5I43K5X3(&{3^>nNU;lizDmZ{z>Kdq_VT1
zAeXdb9Ok%JIcdm;*0)Z81z^SR()G12!Rc{e2qLCPwyHZu@mjI=p0!oBCum5}q3ky>
zR#5a2<)&%-7Xp7O*^5FIrL@w~VVxh8v+t2|cdZ(E8yGp-G4g%sC`;!TP8LEK4cqvE
zrkrh
zLMiNE{r7>wQOv+u7q^cZQnvxc763gy9(E)yK_&YI(iZd{2mP?Vj%l46)^X6YoT6oy
zm+j)R=W%9Va=b=HBh#V0?ZZ?@%<}4+>KkjB9L#@Po}Q=7qXIlVz1#}uDka|Tn|TXk
z$83DV?YN%p_BE9Zn<2K~ss)?R1o!@QR)Onw{fU!s?gm;yj@wK=Y{z@L3R7Txg5$r+
zpjDMPZ`&!|g)(p&d;i<6`*gLiQ21e8Xn^fH`T|Bn01gyhY!K(;2E@bOx
zG>k=WO?%o7*RQ?m
zvC~uMbQDt{5j0|iwcia7kPUT`0LUHzJ9#vvB4$3VsDJLt%20>T#FrhoOxuf~07y8-
zb3y{R3n%4N@UustWH}FofXT`U2L;Iq2mPoyfkb^nO|sL{PxsjKC+HS{U=e_22*dFxJm&>mqM$Lf42z`}PwQ;gj;DJFpx#7*h
zk1!cb{T%m;vV^Mkf-YK14JD{2ML7oh{$xJ-h#=6dx)J(p&}#}
zb=!-F`21VZP#kkPzUw%4!P;Mt6m*-HftYoU!|w3f+6BH97WOf0OXt>(f6*QIR-xqB
zO1s8CA2v^pt;;UdxeOKN$}p$%OXZxmA3m+U3u
z0ja@wV5wNJ4biHCLJe+)-8Oc>2BylnsRjK`aJ|q82J84J?MiU6_#vplqvwM`Z+UU?
z>gozJ>Ey5&rPN7`jDm~|JN4EOwKu?Ack4q=(LJXFaQe$)7-@to{UW2!S1=Y+czV8|
zG{$@lqfE$~4ps0m#*1w6su`OUm@V4p
zn^;$vkCeq8-z1PmATqZa3)Z_x)rKL-IL&#*C5!g@A$#N=9~O|!bmxF(U8qFLU9t}w
zZMsqEBDFh4NE|WVCuOE2VdYm*!5}WkIZ?2gm*J9Y3;eQ@yeT{G4Sgo2*alKCzyJfT
zN})W1$WRwm$^O9!Tx$-lxMKzba;XUyf`xf&6{ZO)1u*4oGrYFQZO_Wj0U6P4o#zhk
zqo?sjaKn{Gy`WCsX`-)-V$a^I^FVZ)865zNHitTChM3}fza7$?)JcN^kI*4KB&7I#
zC@GqwD<8d7t=}8ssq##$<_Oz>m`=ExtP-5xI?TJ)V=yb@)2?u<
zp;nRO40DBN
zhR$4as91Tg&G0Be7Ly0S*cfN>~#Vk4cW3m=&3kxMZ-D
zwg^tWIct?Twsk{ggMwSAdRcAeAQ9q-sNBtx@f{s4N&R25@-fn_Mtg&F|+V
zRy{L8zj%ta$YGN@|M#F>3y?CHkE!8^pXE8a3gmiYUDi54oD|j1Ty%f
zm)S^c3j4S(*e(brP7(RuickB)66O=bT>`d?>C?(zrD0U+6x;Kk3kEVf~%e4
zy@s`!#b-3-|3yJT!0yu&WP(Qfx$L-fiv59@5Jdh)`UOaVUKLqgqCY+UVsq2my!(qT
z2=1TpL`e(vhxsiR=BJFb_nZMNWK6qR150KP+Ea|JWMSf`s89GyeMOMDb<;qc&@=FX
zyAS;UtyO9JEg&izwOS{4>0d9<1V&ElVo=IZppgFLef1UUPGU|Ap1r-0FK<&;-itx5
zbZ=e92y2zXN|Y(~ojI$Yg|j+Qcp+z_D$dZza&kYeOD!}W!xqfAq%f*JlrZM1zht2P
zyf@h{m6(YbulQRo^ru{?Z@Ew(L;8`;J)M&fPBxVATHV~#`jO2otsmLk*7}jn9aXRh
zClw{URyTLGeq{57){ktyH1s1?Di?Rzh3*t40wWaQiFFiod`wJnvIX6ZJIM0DU!J$N
zDzGHzwARAYW9T0`y{N(IJ|7-0qiIQ?iX>wka(^)QN<#mI!venY51%q#kVR3MKY(eR
zgAMpd=6IzdnOH*HTte8E1|jaF__Fr-vhn0{gx48M2T?CeHj=-+kDB-?iRB&ul|Ntn*!rct(W!ji8F<6(%gw8;
z>-=aw=@+hHqkw9&trQtHiqXZXbd7J6(&#>mQv;2BQ1tJ`hGB5v{ftstX02E@mW*Gr
z#+uX_OKDZ&E@nlH8U1xWokLA6PO;ED6kIo6nuzu|vN##?@#n-c&0eI8X*hA2W-n64
z7@V|BGZ!hN2&R%v^oFenwNkI+Y{jU=B*{;UeYoR`)b~Q6O4)0Q6W~%$Wh2tE;0sR+
zgD=Vki4Z-~+pym6VnF5M+nv2*V!Fs`N+2ZS#MaadD?-Hrg9ei0+xkwo1MP3+cDlne
z;0g#bx3^l=QAHLO68W1XsU~0^eBWE2DWob)95m{on
zWGzz2Cis4<_sPyJ{c8PykNT|;2v@`c5XRgBV~^ws2m{o$N4xJrGuj#L0~@z9Wp
zHL4~nOYbT!`E{|>MsX{lCbDU$JseviVu`5URv5<@r2vJ+0!xMTDG?{SB2uXCVfqm0
z;mw6Dzke}Al~~Xl1QgBhEG^mAEKrPAh*sx7nbm;@?(+Te(wwMz^ay2*ObiaS>$gJ?
z248Yhq1@Vi|IuVQ?1xc1=giB2OI>}qv=n=5Y~$1i_@m_(7L50JTs<8Z;#VBgE`Y@`q}P`h_Gt`YB;z;hH!fJa1agyuF2Q-I
ztCG)P$&0v3;M#5!?jz0~D0^6dp^q%`6w`)vbS{X@#ukk}&_cYH(NUTnDxkntSnK0-
zW;YCU-Jtm$vXuS;%0MGxC-^tyfYlI;2WZeSTxcN@il_*D@;ZPS4=tSyuIn&?44Ll7
zIkTB1HFjmAbB*zP+wJR2R&kf&vNgsJTFHC#VTo%g>+=186eP3;4n6B%(589*YF0xf
z+B`4w2PZWx>6U+nu!`}wqw@sZ$NnE&byND9$jZU1sgBM4<2^WI2Nu$`!pzXMKxf4m
z8A3h~dhPv*>)JYWOQFI*4{rg_6Hk(|YNoQ$mhJkY>$N(I<=z?HbMkJzg_pub4=(Wn
zOiT~QHTv7};tqe~lS>Kp^}NwNFd2YE++Zp_8tg%r`*ca1P7WQ9x+VTf^5TFgo+B3z
zvad$KA$7>rggjFhgyIKA^4~a>m~{rya>r7tK34OKiz)WBEcsbXSHPcv3>B)1cQ6OA$_naztQMy+ZQQf>CQxRaZ(rQ=)?90V+6i|mDMZLQ%lL}mvE}n+#>xTJ#j}pOY&5Cq#o7cl+sZi$7*xdW<)0j
zL5g1^^Qq^!i8jLNNFyDWS~<3nj;kJPkJR*bXFIEj_$*Y)O~jM2ZG_uivV~qo3%xs9
z=&8rrBQ=d{p=Y+xo6tg<*UM@~KSHop{g2%@6b(@monZU@D6Hdr*G$6kA;$nZpv&5Xfyagzm-G?7stX;^Vz=yqgfr(>7LQUbVVPE#}&Zr_$mH1^Mk(7hDQ!DP5qxv>93iy`pg;}Ey>X>{yc^s_C$gcl(5i)DZrBz
z)2r*3R8m%rTDYkV?9>n^-4N%yHDn~eoo>J-y*}A53_IBK)SUMw&3R-vZ`5L>83Wrq
z((ZW9Hkpl#HxG&5gE>zxh%_H^sCYzL|8xJ7Ggafyp}xZ0_Y^N*3+nzb62Mh*!ENGR
zNCf0Edey%0`Z2vyO5
zp5{F-W5Fn&M|!~h->`sCGf~~%6n%u9FF?cd@>>{PU!rvXmGAyftu}VVtfIrm=)!B)
zQ9OT#2OjGsVC0q30=3B1?H%RTw2fX(B;E6&cvISTe&)}jC;pVZJh#ikp^2R;@#~%^
z-6-X>AYbv^@Tx5HXqqCu!`AF=|0I-S7nCy~04BVAv1hrC7M_
z6>bj;#!@UOgGkSlW|mYlOIghnR@-PP!tr@z%8rGrT>^g}7u?vHq#!TQ;tO+!Ggbyt;DSC#MIRi$t2s$)r*6m#-OY?G{f46lHG
z^T`h0Y@u%sNKza!ie}gp=fqZ2=&@1xVBuavRQ^6g1RG=2Usk#)RI{^Xopn>JqcS(5
ze(;RkdRZSer^dK^+biE5mW?qkPab3A^6$!y@@ds^&-J?2_Z#Vnkh{`Tft-(Hj$PtQ
zb9elsDf8?DaIMcqWv+M>ztjAO_TFNnp?`88%pS^Uyxx%=PPl7y4E3cRIHpqk143vv+HEZ!a`eu?vG!Y6
z{!Jt$ad&#g+PCXL-?yH@85azq`lmMVp$mPWoMmN{)%0eAycxI5m0yAqTIuQEJnz-;u2y?t1oHnEz0TIJNG1`4|v&fv~@%;-k_5yCe!bICOE
ze_diXNxCuf7kZM6Z~z%ySk
zxQk~Z&cGTDUOk;2IFxbB$}r}Zj1*(8Cy9SYM;Tv?ab-&@PHDw0tmN}6p0naDtrSWt
z#llJ{Z&8v8P6|A8qvaSgDr}4t<0gfeSZXO6QVX1x@iZ?_!LV^i(jyfo2=6l_UV84y-
zDr0w*vAfFY?viGUQ^XiTJU#_^Izgrx9+OQqlgwhSoSH9UOG=GmbdP!Sz>dy(joD>9
z$I3j*%A@m)4lT3Rj0*qV-I}|Sj&-#5K4txw+>tE01_9c667!C`#c^+;=G#NZ)Mlq%
zpfw6hx+(Dx^Ro}93FD~(8ERDPaLnj0v@kJZneUBTYIIw!oowrD_Lh&FY^+mVhKZH3VnWuq_BBbO}rw-@TS^w-37%Wb}uw)59#OoTf>!|aZD
za%k&7Y_Izsi^_xcdeBx=N1lGe=&JIJvGKn9s`8BHQHOfeonEptv)-Gvsyt&=jWJL@
za8-H#1FOoTRprsD@{+4+%tvLdDlf6BG7A19tLm=)n!Kt!Syi5_DlfgN?)Mp4tE$4j
ztCPL6c&{}qQj#N##CLQ*v#!t%)$8_#IN+j{IK)%{=;ws)x}*&lcF+&V$LJF%8Df$p
z@kf6VbkPIm4Yqpqj80l`yy16S6tsxAmK65Cv{Zc5E1$J)S(63_qppA2e@H7`rS!&>Gos<
z`R(c;zhAVkIlcTsz4Su8Q{^##o$_6EOqW)4WK~i6=*Rk6d!(Z)>l?X)zN~NM7@b-7
zfIv8R_~TLuzDA@
zO7Mc+B@vEav6phsN5BLYd?y&!Mr~Xa$SGDXJLw%uNkM1*`T!?yJDAhjTRd~LpJ+d5
z2HGhrF8CH6vi8U;gpT%-ocZdYO#J7+QHIct%Y^J|SN`Ok#?$Y#7+g
z0fJH;^86SP!=?GHVJ9Mhlj^b64*U-4JDW|inLwWachV#f(dp%|zUEesmxFL^8CLLe
z*jrn0eyF}*o=)jR(LS({k0Y0%lH0Z#s`yBHd~9INT^=iryExWm<+Y+sA7hKV>yiD`
z^|TW|{Qt+9KfMxS2%)A#v>${j^gL}hXBZJ1UJPHo7{iE^p02tJdAh=M%+Av#mo5cl
zWH0JMyheW|X^hI-jxMf!OVU9!uQgfwXav#xLO~}u$$O%-hIzD%Dr%ep7<)oyHR$C6
zoAuNZV2mufhBn@&@{7W%a7@_mHU`P@ad2uJr>w$sl~#T7Q}pi4AVgu$r<
z4KVBxfifzKx>ggpMvRT6nT?T}SNI?Y{AgEE9Hv~ec1wU`@;ah{O3ze1KCLK{d#p(7
z&n&CsgYX>HabCMUH=3NR?iJd1Ie4-(N{y<&R=4l;{J94mLS^ec=#Zv5
zWt*Xk5M&4&R5hr}`2dNe19WKJBsEe)S7yy2vNj-mUX`u
zQ6_BaUe}+qdIEA_N(&fe9VcrPVU4#X3^_~PS%qBRA#0zGIXh5Y9=VS)#SunOE_gyq(wzl&bPdpCuUMYI0Ed
zkpv(Wjyo%*=Q76jl`*ynI1D0}dkPxr7j3y%(PoPhvv8#7uV^*@>9W@H7iBh3zzvOh
zkC-+z>@t)tZY4lI*vA0YEwe4SFF$K++Ms@|nOkA-^+4u*mS#5|vd>E_E|ukauc_jkIxyd$=Lx@x=Y%;n
zY0~=9pr}aoQuLJB34Seg2g3Qih27p-vYhgAA;0W87&VrsTULMAu@H|xj`xGz&h>2D
z5^&kB0Kc?pFOW35{6~xy3@%
zf~F0PuF4kRBbF{c1|*<0Y+#upGNwRPP*c9CGsh!ND!lN2+1Ra)HQ+GZj
zNM8_zNV7wbF7giaFdks4>xj`&kcShbk~Yz%zG4lLU*s-8l^gq=M9k-)%ZG3y*m0@G
z;`i1SEQhZ~khieB1Hw_8{vxjf2TGSSW>+%QGBJIU^M2+f(21eqOt2?52`7nul
zP>_eHPRKx08pmxjUZA2E$HHBkMBB=HHp|WLIw2{C2gI~}2qO?-p`RZ?Z+JHKhWf=a
zck~AcS?*+!@LSQWbXfNjlB=;#n5NYEZDnVkO0U}v>2jz;3
zDLxGL(0S_M5eTbfPkUSn#5k$l?9&t*@o`d)
zI9Yy9?3Od$&uNkxRToM6IYALY&naQM-%av-N?L{|BV1~H%O4A^7}fH}0{JsA#0cI}
z*G%81w4+nf>P%+nyX?-4eYq36R?Kdp(+Iq7oqT)fy?J>%{w?8OXT|mUcNu6C@cAVuxNpU>}Mm#eTNOq761pTwF1+0%P4y^<*fN?|u)IRKyJF5>A
zZ2k&%RhIqdJHZv_Ocm7tE&fH+TgKV~AbB;8CuYCy-ewZ5!g09tI){z{ECc
zV?(Ek#jzyReI*=m<`#VVEs(r=`~Bn`O65YfoVQO`HGDHH4fM+_#GCIY`!!-pr#IhE
z&KoHvG)4(jiqfnCTY&4pq1EHHVme1_=*RLo$N)C8{SSsy(bR+yp2yP@G~x7`4qI+|
zO_vdJd(AxCa6CBlM0$Ixz92<0V)sLVcZLrG&SO2MCT)pg(_}zLwZ+sR;nw$bwYaXZ
zpjBl80Zr6Gm1n!o{`QeYW*j&`dxR1`>Rc4IigK&b|EW!R)G
zq+OyaJ_+jQoo=gphE^?L)`EGfY@h}c@`>WW{8lRm?+E(2I@+8Wj)lG%U-Zbpcbc~(
z{*#hF!o%~}Js6fLWhpWN>n1jB*oiGS1T9sM>QJ2tDz)%YTjCIjmy>hE_IMHPaH!oS
zU=rM-y)79$OrT7P;U;}K;wE6A#N_~aio7EHT*Q1a)3$|2oq8WC4LbwBbBnK;&I#ed+^)+3
zd;(^T|Ig^7tN+|iy86%QrC#r$on#$uKmX^usMq^$J@ofx(ckQ#@eb4fz_ikx7Dnm7
z`1fIOb=ZXuQV24U#!)sv94szNrf;%S`J_cc8)(}M$3Bj(=FG;|UjMoUx3_B@dBw7PTHUt(9(_g_3b$pKH
zLfXPm*1xun-yeCFvjDqU7?IU18p1AOyn6vVXs@Yyf#aL{Xht#H9{wkemWzVqW%STB^ARO%1MkIKFB3r;D}@n?gq@Q4*xo1F>SD)ADOi@+J}h0T0?G
z|Ht!{KMEK5mfLnZ<J)j(jyh?Q+PSFAdUu#0fX`i5yfmrDq?G6j@ZAcrknagX@7LLK~@1D?#zJ@^uE|t!$8M
zpF<-~mrpB=ML2MPPlgA)(@K5A-oU@kCj8y9;mi$5TPv{x+SY39fVQpJ>Ol
zEmtR>!InIg8#L+M85~|X!{`1bcd#MPbQx^QtlYt-%*in}6hZ8k6&4;`t+gW!wC;fOR2+bGemPa-=j
z-_Qx;dh}cBGMJtoF+7R`a!~q6bpl>g%zYGE7dN#=LS=4jiJ5xyjEzxt#NU7S{buv*
z?2kV#E?TX2yVL1*KYxy*!C*MNyu7-)zW(|(-WVTEjSo0hVa7kY1tZRwR7j-AbzUk+
zDy5Q#CpqpIw@PRIzFK*;khG>o?TUtWUSDGUO*=;e^sYE+E<<
zzK~GX>q}bS#br#ry*wkDdpToOto`&W7JEv8uc_eWSVvaSq06Ws%hMUZPfoRZ-+ua+
zq1fk6H?mkYUI;Uj+T_zJe}1K@=~v&S^!@UL(#Oe3M;EB*0xBV6xgD?8Pmg<~sakQC
zR*I~nb5`;zsJTO}_?*qy$nnfNt*nzpgLwm=RB~5pyFVDBhdHU{ZcJZudg`;<_zxme
z{dZuf{|*fG-+`h2J79By8eEEV4m!A#9K1CZgIQ`p+_SWyp~-2%C|LWvMYE5?u9aDZ
z!l`NF`c&i?Xxh9!Q2=$n!GXvWDIK*a#u?+R#Yn*&tqc_kgrDpHO4nG>I}ZATWU3ii
zdAgo$wy@2p=f5>{%8H?bpKXbJE@I^Kild{RS3EvcLD4HE9Ra;km|1COgf_>TP#xcl
zH;8A$ajA~`haG=G=2E=UQvTj?~3wU;p4$`--Kd}R__tk{q8s*bc
zv$a=$ZvEextqBIr&0^5p|DPE&#Yz2_NlP+m!kP)AW-@7oB$HMc&!kOc&@_9NLIN1a
zpe5NeMq`}Fp#2|a&usNZgHbbJb3|QpdM9vB0yc+A-3K@)0h>dm2;(Nt?}`~lms*tP
zx4MolPs$co*Fc&Zqr7L9qW0t!$d6mpI}a*v)Ru&*8`VvyxshEg$+G5cy`Q1#Mr~WD
zxIvzhkEtR2^?7Q?lDs+3us`$^|k+Yj@dCe=9l9oVPiEvlwpop-8*|J
zgV}ZeuQI!CirLL)F}wNyGQ0m}cK^%l!ZfmHuKvsP{+H?fFVp*x0);;&xEhuSU%_fS7uoC67&n4zdwQV4~K`hNoT#uGv}Y;jUTYo
z@8ppmP}eyB&M=BI!8OBHK)LYzuoGo@XR1&c^hD3Qg`_X00BcP030<(PEkPw0=gnx)
zAJzwyytk?R>)VVkG#fwNjDKSMc1Leqzjc%nmuuj#Hd_y9F%Ywim>G2+cG~_{3`j|(EGBFkr4E3BZw|6zg`cbsEc@53buzP49=Gu>shz=
zj8b)|?#EbZgqFdOAnHVogOB50lcXG&Jeq?w4o)h|+#9inDLJE#aYemC(1wI(Yp;)p
zhm=Zo3KPUX(^vwbRT`!$!$yOSmSBvW~{;}gC42<07F7><%ArueHBLM
z6zGi;DIBP5l;o8vWc%s{R!^D$UBRNV@{(=({vM?0$BeK?SyF2K@<~2FDy@EZZ_>&S
zN~%-Nq>dS}8atB4qGZRE8Oa;flo`iHL&wr170c^lnVzJDI7aKplm-n4(i_7KWx&T7
z4y1+k@eZU~2y5uC8s|WY&Q^f~zdxK-`s8zku2QC^n=icd!{}v0v%tdF)rZ8ODC4n}3*orJEPATj^#?
zyOk=qMRY6OY{zb;n;p}wbhG=V)z&0c8|>L@EL>rhgEhj+TEdKRlyXk46l`_HRaYE!
zC9kfy>WZhX`aC3U5&Tc{dch#Re1UDU01RI`h^
z*^X*=QMcPs4KM13JG$l2V01FQnW-aSO@>o0JDKiCz-(j;y-O~-TFPuJ8ZzeRINkkV
zf}1XhmNW;_9=o&ykH`RO3;z2)yJKeB%DpDqofGzc)x<2n@Eh~vqLV(*cNgsc1}FWm
z4o*sO^ceyi@uW56z&Tu>0+!)}Q1X)wMKmRp1LhIZse6UCS*g!N~0Nv^*zqO7@+rS}hV{r_+%S><`kBJ~e4|K5X{|5O~=-xC9z
z3?K9VG&vv@M3&(ABMqH3p4Fes=<6u5ajgCrMqdSyO=k7SG5RWqY%;4qhS66+WRqF_
zag08dzLV7-$LOb!)w5asF^oRv8=J`LXEXXL)!3b^e$41ABg&!7@xRaSyZ`0)|51M5
zvE4Mozcj+|FO4$%OQQ_GV>=@pzhf6iSboQ`M|gh6amF$IZJXu3>^MAR`v1NBeqmJS
zuQuQRA%5TeKK%ZuieEU5$^3r7e*Ry6|9?5ZKdZ(Y2D8^&wz~cB3=J)<8)e4{8gWX5
z9Ddor1srDU*-Cd@i+Vrfl3
zqztw;j(!|LNSHRli~q~z{+G-BKhEWTi&h&`G#Je7-+@Q?eyc6bo~8A%)vW|$mW7va
zH)F;fG0K|34w228A&c_&;S=uBOAqDKzF(at(?&a}(J#epZBg-|%A&ixm;a7RNG8fy
zqi}jJC5Ryn$oaq9D(n`LJE)V`LY;5jL%n~~9{LYhjB(>k%!~V)jbq>6`|PvkE=#-S
zgZ5c-m!;AV*=NmNmUhht?X%`CEAG7y*k_GhR{VSKzt0-GESA0hK6_#0dAa94`yI{3
z`TyAs_WLcxyG@>{E%w`V9~yXgbeAoT(SH=bgZkq>9raM#=l84A++&M6Ovp*&_&I4D
zzbvRDX9VrZ8ISg4R&Zt3kOoU~CV(Z4K{RkO04SXC02E_@0h}xp59clvk5pw>={Ak_
z&m@$EbZv>Yxmg{R4O%cJ8qUdx8Fa?S42}sZbF#uMox8#oI%l%cgYv&
z94F&qB+t*oFpiV_{5g)1yt(=EM`hO$B=85VzX(iAP8Bts%q
zt#M4Gz@O@ewzTd}2Sq9r)I?CEJfx!{O{mn2sK|`4NZl447fC3n$+$=|ikpFvqLoNS
zMwX0x1#eX$4!FrXEiKH%=xp4D20j~~#sF>nmY~D@3&$Wx#V9N}%3dDBwz=y%P1#6l
zmP8mN=Z55WVLFjFy4*-QmQRk$5fPYaWMGY$qL7OM#iwY!olsMs|%{yJ6-IH7d3nsm7iShHiMmx8pGgoDyyYSL*j
z^qHzb0$=Y|3}=lcc*P^`@hpqF*v6y_6ZmXA+W)A{Y;!TiCu7-_SSWe0D)Bt
ziAutl)~BES?#Ik%1o+X%x;JaZNMbb1Yw!8($L!t3pMs6-IOfYPnIxf5(|r9T!mK>-
zbc>#Lvv?v7gDi!5Bfokvi?Q0gMTgWPD*6dCUsT^?4hzw}4u+V>uSVZo%qRW~YB#=c
z=nG2Kd_2WW>Y^&%U?ye0gA#Qr@g5TsR*${p26}89S#m24`1Z(4lE54JqT^FK=g%_j
zVU@1n<;WLre1D)jd2*LQ*D>oO=LeFVgqcY&`SUj_F#d6nPC{>9=;~44)e{`aA#LX}
zTawCVRP|~62DZ*!5U6N698YvsHULc)|E}kv&sPRJrHNFQO(?6#d%(`ox{zf$ddOH2h
z7(Vpp8{$NU{;eO1-~0rV*L$NVPP3q&>LKlPD>bJ^$$^t0th2&M9_J(3kqP6DuDuA@
zyI7z5DRp&2kKhL{nxgSNN^xbaM=^X4rLcfQq;N#}DrFW)Oc<(rd}I!UqLzl7LYyb4
z>X>IvoP2*lIl*CQ^8PLsLdw-;wpN!x7f>?yGv!jIWEy8}1s4-&=h(+#3{qhsQQBoO
z^F@l(u~>Lrj~lijGoC^lV=e6Td;8)7X^)>PJ@
zg+5VU(8y1)d7OF}{Zi50HlYKF+5sTo^jJG5-J?BApZAmQ4m+^3?WwF;!5A0^r%^3r
zC&R>~zfNfdFfU!lf7syH;@sU3_hS9LE_QZ=y}>sQ-Z=86hBtM-nb_jr!fwJ1{M+4I
zuIjZ})oZh=*Jf3(jjFIkFFxZ2&=TU@7CXDUd%$#g!dI;rJkE$!VYyFg&L1r3a6v_7
z4;8C(u|r%_4;FH{&~Y$cT|~UW{7E}W9B2EZIE1Bly*Z5lML@d0HoYwLqRbn4o3OoY
z9-Vz4U4NeK>>9`gRtYS;?$H_Lkib1KxR)3BDQH*Zq`0n|#F=JrsT!UF_pP?>cHNIhdX?;0y`83RH#E$5R_iwy(zWm*8$ZM%=rfYOuYw~s9
z(9>d-5*k|HYEWqXhp`?_-|gbO)y;YH(=fha$@y71-5;GRIYpN3uvZ}U4xrtoWx3cL
zt2R)w9Y#WCv2ISQgTvL_z^$uoSGKbc1y3-=9?Mu5K3Gks=|7>!!l{o}&D{h&??Wg!yQVB<
zM(SCK$$z;#xpUz^pyD64Ol#rg3Fc~jDL#8i1SHuqPriHd;BXlCZzzv5GFP2Ih_b*1
zm}k201J}pg@JAP&_m$&KJ{(Xu1de`Ei7IipkQ7&AE=>zVAnlnuJzLG?HvdMb~7kt?Y@FgaiP;swQG
zvTBz0e61?tR}aQq-y#dEBlX<$!$espAK_m)_tKsyr_beI9IhN#3SRsZoC{@K&AqTv
z&Aa#;&A(JZ3aqlgPs%D=;<=yP1X1NA93vV%n}r)H@m|X5NdX)N{Qy%Hs?ZTAB2a_~
z+#nGS0je>pp`?X9+$G2N6W?_$_}c&p5(DgmAz=&U|
z7506RGyJe(kr7jq={w)aU&z^#S~rwj_ms;H<2&e#z0@aLCe!6kJ(5j*v13p#<`H#j
zk9AI`Fx44M|3v4Ia4-$SCg(1tzUp+#KtJe|tr9NtEv0kG$00ufvpgWIHo+I-S%@Q3
zTN;_#;>ZLKd93_DjE+>Op6T%!sB}?kyo$q@FBW*P_vA3Qk;@|wJ_T~4wcAcMn
zvTOXJR#j4bw9eORAMPBejkt5D^p2e)wGnq%p-Fpj=R|GBoi}PX?!498@o8Cx@anuP
zuJ#uahm|fZowSv&<#TLSz65akT^niMp;gdu?AqdDa5e6I#HcXoy>xKZ+|u(U3~Vq3
zXK85=lF5P0-{K2$?m647ns}S;9w84LbxY5Wt>=d#*>%3rlXj#h?O0FRi7{z!^rXGj
zlXj{n?VX;qugy6CS#IJtEz26W7>ZnbD2OT$EoV<%*DZPlkQPX_P#DD59?1T4F-ziT
zgcE~j55r)9F8?V0LeIXC^%rLrAAwj)+rv1H;{J7lX8_F*>iU^s^ejW5GdW4GW-QB;6FkUu
zrU6SA+LX-k)W@yYXPuP!gwL!P37!w937tHqbIS;&v0yq+b!uguB0k82Ua2ZCx=yaF
z7s)h=l!EEv;s>OeX~w6ENnb_hFi_(O0>IIE^@BJMr>U?z_9mZ_mZx4kdIMetI=c-}
zeH)~lYdRr~TgGZBPNE8kf)0O7v(&L#m_hlkx0lj?XM8fXdw4~ns~
zG<;dNmTbIc9Nfv|*I$#wjD?GK-rs+}zyI%lAGG$aj*8ncr3+|}^egS=tbpvipB^T4
zl0bH~wYLZw^z*|dR-(T;GB=I~a>kRvR=;sjNFrab-Df*bEuWLh1V_M1gl
zR5Ds>gK8ndtVR@PMFXqC7ax^Hm7s+gS@sam{FB}3lc1n-^|o!;M*nsK?cm-<|nvyqQJchq}h2EH5@LtCOf(a5YsI*FfvXJKvUhninqc)%LQEL72@
z=uLxgKx*BTV#q}!W;_@wkEjyW+N1{sK0*=GDp?%*2}o3UHV-~ij~Gb>7zoB>LrO>f
zF-02-E0gCayP=tk_0p8M`qm3VX$_OC0{A3`d&|VwOK$v(Rqts`a^KJkl5j3_wR0}}
zFEZ*t!?mq@Z!mT+Vg1DG-*_X|cyj-g;gCwuFo*->ebHQP9;hEtJe7_bUL1TpKKXzH
zppO1Q2dC1$6iSUhT4N|Ug9oEEO<c@xu7I0weWnwh!!;ao#Q|dIBH>4mE>99>l2-&JarxC?Yu!_#~Z=ef8%m*bY8l>7RbbHwa?UMe~5>1#
zt5CgytY94UfzCC3BOwmPIQ;h*mvKx+rv)c2+{d3n*>azK>*hH7m;C(3+s3l2jdQRp
zQ9Y^2(>_fHdJpXCLm5i8&ZozesbusGxwCz%_Of#|W#7xV8~Zs3FKV!9^IECH##yu#
z{H`gu?I^HaXHbn`+f`7zp+vE!0@+&%Vs9&eZ7pfFtz8arYwvP|+uAM%xOH|hzAXm2
z9lH4G?hZ*^hkEc~leOT(EmndLxAAiuYOUE!WQU3vwrxO+{pOpS59Dve*jVf
zwIF}21!_rROL#?cP<9U5-uxpM|2QnW3enC%*(pG~49d;{+81Lr!`mF7nd7Zb@@Va}
zXk~n66`ol|XXeH0(&Ckiwjmd7Q!d&q<-k@<-KpW40oL*`lv;
zy}re|_LSYwi<}&-kWvN=H?bz$BoJHsYyql5zvaitBIU91Y#K!Vwogj
zeOQ$x1Fi}VpbttVT*tn4>$IMrn_R^B(O}mM5uelGTtVI^D{aCC)D@a0mD^h=?Z4?c*A@_qYi441}TJg9LM0sU~re
zf0HFK2JcwU{2OU@($BJK5ACmjoJWZ_0i2y%a1m60h*N221!RhX6Hs|DM0Z4#Zqj}b
zhVVC@AT;V!62
z{~_HTbUp*gDTqYcrx)ev3-l-P`q$8wwL##)FHe1rhv%&kR3|SokNk?Db$1zyR{qUB
z{I6Sf4L{{5;B5}DjgfA;iU~RHDy29ds09x9sJZNm7sKIhp(s-)nJQn>yg&;;7?DaR
zWOaMwK&4y^v!E|#Y-dkF?hre)y7sC&v?TXHreKkRD=PNP(cCi^?%AFxuRk)Umcs(2
z`Kn&5rk*c9TMx=sSsQxURd{=`F5Nx%pX#1lY?u3|x>wJ;S4qbUJw(4Tcr6TJ{qS)$
z-pgvb!|qatFI$V%=RJmB_{TcE)LM7Bwa*^~sEt~BVboZ2SQa{n28llt-vDK&5s2VB
zankon9zEUEP1x_lmsut8LvOxEOy!4oN?~+#p!T&i%jO~qYirn4cJc$BLg9+gvy4I&
zA#(w7dEMRso*vIQLZ*t$A7n(y^LV;RKk+UDaeNfB8^;F8k~{`w--}+Mb|*xpKzzikr7T5ys=k%RE#gb9)Ng_0?xQjZ?*}ox36!ya
zasE4DaN`%hTWAugJO<=pJ!6GaKyE5z;wN8BlSMQ|IYB}}dX=K}wT66U$
zyK(%iyu_}4KBp!6jxY(61}YuLZE=aZcAIKhyvNH9bwNH8${hn^^%sk7M#@?#XN+
z0n(D}5mGVkldPGnC9X(lCbQ0V6((pcOEHSD%E0
zFN0u!15V9}eAE|v$sE}h(`KDvN6nR=%_6PVtN0!MX|C4vJz&6h5YdibS}VYbA`ejmXbj#SS-Sy>B|TX0}e|t2m@98(y|&-k;PxAN33&{gq5WTyN#qLzgQ_3zgJG^}1@lAgVX!eM3}*d0!LNU#e!MqIz1T
zisiDb*t8;FNjLhIIF6?y@pd+k#Lfu*?)Q=qpk93AZyt2c
z5B6j}A$`h$d}gO9Arh7Xy)=crWI*g2H6^e|;u#A*3bUU0lhEt?a$}_Mmr!7>w1#G>
z88AphJnUmTO%jacEptzqXEV|bbg?ZRoqZ6s?H4azs1W6hdD0cHz#zWuiuJ3XKze;~
z_0#dEbNW0vIu#whI(tu_oo-iL&{g;2nfS<87iSMo0rcXG>`*)cV{eYJArX3deGp;?
zGQecvXcX+0zfOaMPmOGHxJx6=R-vmfM&1C%1ms>cLCK^~Wp$8`@u&(!35=cHms5D5
zl2-$TaG!;SjlF@d_d49mV+_O|PiO;@I3U&@I>kO
z{X4O}wMF6RW6UKLBWQ=;nBtD@0UVWCsBm#$>`dI?RB(Dv<8Inuv7<0Zp@bS`0W0Sk
zk1GbzZ5-b6v6_Joh}N$L+)LyVWn)2l44a_O@{C?WXY^F$R1MtHY5#^=c8mfDhZ6;4
z)F&m*u!UuirNCfD44&CU)y4(@9%{f}f~b4d+fG1^(%~kkJ|_Y_(pBsZH*1^8NK0$x|%JkEi(xxi%rYz
zULnUg!vXT#m>ui7?!>4(Ci+EJ{hfu9cLhoIqxDWHNuN*{nRa5kWM)F?j=
zYvVS=ncFH
ziYQWFp}2cRjFW3k@0EU%1EisBsh{Se%%Zryn$R7?tice!y(EOc$&LDq#M`;0!fF08
z9ZO5aWtmJBCJ8D4{SSa%6L49J2+VP=X&pxX9n9h^=I*T&_vAQ{(CFbtkqW!EMf)sz
z2Lz*QJU7(Jf*c;()m}Bnz6gEQjZ=;Cn>vDMb>kvp*7&&^<~PmiJipmOpsjAUtJC~u
zvpURgvg&`3o@Z5JEBwr=rd6Z=txIaQZ#3Hw5_E$NVL?}(H`)*%baM?cB5!EunN8Wu
z8>OeHrB*5c-29_yz}=^i?qwM;dAa6Zmf>l+Zo_|g=EAcEJo_7n7q4uqp!tQ{BEcAO
zbnu|nogd-fT#eh@UhsY2Hgu*-{*t>+d#7pmOzt+@J7~0FujwEEr(j&9C^@G^Qw&F#mGz2M-2C9HhFzCmECq70O+%tx@C2bQ-sf~5q
z5_?3}H3o~Y4l94dWjL?mo|O8zQQWauhL#SS>~UlUi{b_T7%1dZ9k~JMAM+*Vph;%n
zs9G^@6q?(=mH~ANj>JnA_CM!7to6(Ko7{W&$#_uiVl=37?lh$WK}n*LO_!AQum5H5
z+S}SjuKwTTQz+0BvWtx@+ZYUCF~&~3u`#tFmkmoQ%QC3Gu4O}LX+HaVZZjJB0wmpS
z`#w*%jj?2DG@8q~pWoR}&j2+oz-d~v{UR(Tl?qIlNOeMamYU&|;Xr^!E+O
z_!s2}0FE$SFxJK_zht~ed`2pPWnx}4vj!WQE
zU4P}Z^wG93<_r4yx_MeE9mA1@tDy4w1bTf8eZp~u&Xhi2tJeN;6`pbO?zmKjbzvp4
zX=@dqu?qL_#UePTn;O?@CGQWXNVIv?Jl}_&w}M
ztCixaVYr*36c7x|lI+}v)u6v>{n=XegH_awS4A9f30B~5({N(B7N~|{m{*cQ%xn}B
zg4t>mLz1kYbq6R9JWV`UAO_E+4VmJv1lzrMZeNtnj%}O7tH@W(LI7PUL3eUxN?-YJ
zlMKE&u?V|$6MMg$>NQ!U^ev~c=+{LFN1w>s<{S5Xc$)C8r3dz0&88Z~!eq@%qoxWl
zlJ3q*?N3cGQn|Ht9YIT1v!I|8YU?_omL-a;h!I*)XlOy9$pLz03Dho2cwSk;^U4yQ
zSC&}U?5nZ_=#_UQ9{W?;-g{$UI?f?FM$vll%%-!rsG+n0nA7Ufn`o%wO2-ljWG19`
z%-XOm?Y%8>m;`)l;9(g)PHOr=XXPCm{!7{A44$i`aNks`1&~~-c-7kyUS9?^aXC;z{M6X(BBI7$8M!U;t^vV-k$a)i=RCRDJm8hZGys^mG>Ihw;yH1Ahrptd3XTxY6maBf8fy+
z;yM^gKrpcc6K#_dy>l1Zb@GV0xm$S7K?}#V~@lKkiI>QEC!jV&E6_5hp-}
zI$)l`aM-o3hC|kHB!9_o2PpDIv(4#Cl)7YuCRjQZfg=+z7`(%wW)kWpYo@NSFlSo2
zd`nG)7?v;{>0S~n165##rDQ};NaXd&a3TR6lL%1(gvQb6j$Wbz@4yNkEGNDY-R?py}y}c9czPPL)4Kh>X%6awV@XdNm@os2j9a80Do|e`v4UZehxv3Vnc=6tX#;RfT`xI+a6L^Fh
zv~?8A28MB|)Pk2BxgK!vq&#{3CRmrac4#vk4jA4`SKpp!6eJ7`AJV!@Irl^SObpuh
zawe_5WbQEl#&mk?b*UVJbJ?;pkzm469>Fb^;E#x?D64W7<_B#t430P+#hf6*>7TRJDaq-G-0mAacaCDvbgiu{z^|s`8dSmR!0tp;QJIml90~>U6M7
zV^o2XdqVB`#A(+wP-p*PBiVbkk+STFo@quh;%0AGZgI?Kr1ef3rOpZ4=Xt2sQWqh7
z+6Swf^H3{$2D-}Xew4!oQsjP=-G;X^m>yi)pI
z0h{0?*O2mpID|HnV0fLOHvw)RiwcM*a>Ak54>bFs{kC{=;t3@FaKY}$nhtxCIG4$m
zFj*EU0Cw3zRUu-7=uVVV50Cz=9xa2CNN1ihF6qnztClH8
z?D26Yh0`i!V_F+|mzQjQEARTWT=Oq!
zKcdXWna)1fa7kMEsh4M{B22bG?t^jzaOePw7Br_|oF5BsnD@wsavB8LpPkobc+Z=SvD9jxNxSCyef3xO~OUthV_u
zO)afQTYbfjBboK&0C^LNG1sDDba)FC&tg&0G1FhoR{Mx6f2H
z-}CdEGeJijh@?Z07KI&&fRT+E>QdQx(t(Wk@d=%0!3u9<#=cfPdcC7mgERx+8ITkP
zB85g9eZV|s098awL>`0Nnam~&Ik`4)3B>RcXqpG`^GvLoC|nLLA#7eDQo^K#`f_r9
z_)3$R8j~5g;A7z@t#+qkp(<*C=WLAbtjefBnnU6@imeBEu-?$Ez2m=c{`%4O#)&l(B;;PwA9;YJQ!}FZ)P}53IP<@5H0ro$RdC
z3e$ENivu?zyfr6+{s2|}%Q4XY^AC0!S&<^r)ndu8?f>k=xl$83)(2ZLC~PS8BzV`c
zhsX`|p@}|9(TZQ{oTL4}d9WzPhf}W=cn50e9Xlr#WYE5;KpK?gb6rikS|l86;GoeC
z<>h9vE^;;1N_0WchGE_$OAT|29^WI@7epa}DP9+Q63uCc{gXLdMx0$FKLj0%yNq2!
zwayz3I;7R2e68$*0x8YS1-Rz97>z>7MkN#d2?v||KrZ2P9MD%(FE{srN*u5h=wjf6
zysfz~;9X}8xO0$A!Y8#2S7i_`bY?u@cmE{qR#fJ9kskRN>zlQ`2+&AW
zVK=>Xut;|M(|&gA;6ZFbX({4a($?~fh?q=QJvvoBE*5P62rKp?Y_{XYOtLo5BjX-M
zl~ti#YS#JwU=lr=md@yt&^KkSLR*JhNi;I3?9cm
zDO$}3%bm@=2TZMNjAJz&AZpbBGu=^`xE%x6$P?LTC0v9CrG4WU7xAdEI>HyiB`!6K
z)}E3tKIk^{`Q~iihGS0HKjuy*et$F(-xy*r5Z*f6mRbkW7=ckp
zDx0_-H-IeWt?NG0e8Hn4=ri{8f#8P#TnzPw5%faDCmumofr$B#Cw+fC)ZOR3o^};D#OJ$=n~O}j8)8v0m*HI=P(-4U`bh!#_J=#
z1jm6Z^dhkSq_YJdt)x`|(NR5oj4&0*G7!K`Lj5E(PpT>7%|lO+G(fk4%?t7#O1GrN
z;KQKjtOr3OJn>P_Q8abOS5q!jn@XgWvz0I|ZxDmmMoeD&CB8~)48rPwUuB0O0x{5V
z+DfR)VYh=~0p!6dVTE1%$!u(b3!~4#9ni*T>?hPxgrBFriYbU`Dh{V2c%B!NH;E*`
zTRfPBFz{~HGP|%c+yJiJ{sR&gzc-P0-sYnW8H5CD*@ZzLJ0)mg(fELB~MG3{n?Cyjm{fa|pFpez4HkNPyFIka$E(ql#x_EU+Ct^DAYR8
zQ|GQe80x7bJ^!NMrnv|%#d%UOuA!&4F!j(zNE1Nr^9FO|0kXuOXa8W*mJUbAnIdItr;_Fi1y!?*gvnVGGuno
zM-d2A&&l0vp;qL)APu!W6tvZq;=ybA9r96}{rL>|%@pN)!O9uAgF6Je_IfC3kuVOo
zdK0YMhp1o#o7D~m!_Y;M4rI0?7xd#`0(ZNiFJ?yq2PdZ<#v)96(1Sal9MNbG2KEV}
zRRltdxg1#XMsf@A)YXvuz!=Tu-Z8S5yg{Nhb_rdTs-xhG_7JXHi;wh9p-%;ol4?jS
zV4J-Fozv$hl@D095ETqA4aDwA5nB<3v!y@oMsI6e2
z7l<5Kl!;Op`T=K2c$DCxjDR&NTa?Z*viIaJoxaD<>^;{rN~bYcD~<9szazOj1WMg>
z7v-Foma+^_9ox>SwsWyoS^b}Bd#=HSaaW|SULzj`0qAU7@eRKUOvcd~ITZ
z*b?FrqmaCwdxO%bL;^x*v4|Yn#|e@Yoo57m4AOb!s0K^8*Rk5uQP2NE<@!Rjvx1yR
zD{WvEn#D>b1_ghn>oWuo9yaSVWgUrkd1LgLX$?OQ2t~`*uMoRJDmk
zP(Kyykf^w^eV`?BXgrrSD%xU2fCG}eFG`2{Kx*9TicA-m(n?gr*w)tTrqt3V`Rdn5
zzQQh>Mbj^AhifL=3WDQI9w>4MjRq&PI%$xZ{6jNnU*Fgm#5+q_jnA~a50l-YXMvAyKvj(>E*eV
zU)5}oE{}IR=79Q!iHKhB;fXlcW-HsVAF;n*{-PM2?c}8S_*l)3l#xcZd`e^E$YYQQ
z=SIQ0-O_eqrt$`5@)c
z3iQocvRk>EU8A2}qc?2r(OJFP(xVMM+Rh^t*^#l7m8Ivk%IAF(`N*+{nA&@)a(hq9
zBz<6d@2Se~Jyi+5r)8-QcB&G5Ps>st?6hnqXkak~5sofD^1=iWAigY9MwC6ioVn_V
zxe<5ycHHvur
znxs{PMkoyfpGZA|tFe?WJfr1<-V-(
zOV9`}A6lGwbZ;G+QCl3kMMiZ_7{btT9Xe$OOs!dO-MiEA&;muANK7L@U9fGvw$7$w
zs?0Q=@E73e$L<)$A@Sxnjr3nxzrpCg=|C#x^zWhuH?ejOR-UqI$F&@~U=R@^7)<>z
zHq~fnDje4m>4H&@j?^g%hmP5(`LF
z5nc*49rNZeS&kj(WNQEwGC(J$i*nVd$Fe!qo4)D=6OgDR`w|1but|~VsWH@XX)z|P
z4egJ=9mb-Ed1Oh|o{PHbx_2;>_x#6^zchH?!)}2XrebB2VqCTwQR`QaG1<5As=k-+
zB@_yYG*P_EOGSiBF(E$ARjZn-zKz0kkYH?5G)~REv#czLu=#XWqH(ZX!bZ^QkG%X$
zrj?3w1nsh+jS;uLVgFFUj%skBnZ(Guhd)_6o4ThDB4-px0o$o4m6)xK!H}Z9lg*FK
zm)|k=msMhlIP5qu%!_`Vn}Lf+;Jj4hC@GN_15uP^3_s&|(Ky`S-fi1JVBv4*^Eal+
zTOZE!zJR03hj_%-W+;-kIa4NRp%Zku3-osmet#66MCb6Bf$sc(*HM(8
z>RTL-#CQYk%Szkq)G>WltqCogZ*^Y5tt?-qa=ECW>PHc895m803agV%iKydb7#Rhn
z9Vg?6xZ`Bf;@5IA84-7!OjhI_C$lXmtWGA!ckg1Gc05#2*H9&CjEktA>k_K(NGcK^
z6eZ^%mI*F{`2a)pb}<|iWBQ&Jg8$9n45owVp;TBFkP0K@8I=kd4AgL!2n*@s8RHNWT0}Xm&l0%pR3R-?W8pZDm%G8gsT#upTPg&8^%wnbg@R#YT^|ysk95>
zudS>j6!
z?cK{aUw!fJd0uyH>3%f56wuO#ef2B}Fph
zdtp<>;>S_`P<`!3V@?rhxLGC>)*sqIh<97nvbE87?^*~+mI8)O<|ix=h(1l1ZCl#u
zLE(9xj=-B?&?c`iJgS8TO)j9~KB)E$
zKp=P9%3au+2E9ol7#Lfc_Lt+|>$N}|;xRk+B6}a`GbH&g0iO7*jYeeO`(aC2jnY|(
z+h4XTI7t7pfeSdEZuW>Bi9`m%=^E?qA&Vn(^vupc^E5w#_|E)h>3cWsm*+RrOa?!)
z&w=83U7sWSaBNrI(W-2j$?(c2Yb$N5Lg)p7Rrv}(XX
z{WG`MwN{%7rbYE-)#$B3LQ2bF3MH6-4&6}RG~vP`HJ?9E?s>@$$OH8d>R_~nFKj!9
zZZ=-IPbL57zZdyeE8JM$-%k0zb43edWd>`(3LW*PGh_PT@EM~;so$4pMd$b9n4ISg
zZK?vG#sCT?fbC>nr^wa0b$|z$lCMmGAI&gF_I1MVh~mGPVCX?xvia-4QgAyG>9tt5yQ)=kH(HSSobhQ3Z?BIuT_>`)opEBP2l7yk#Bxy+^Ff7Nsp_
zhn0j)>qiE2fJrni7H;3;%#IjG&!cpdR9od3mtGSW;27gQU`eN*hje%#^N$;+pSWq=
zzoU7NI*RYao$3c5_6wTLJBi#n@_RF+6xV@)`nfP_BPJjGF7wNL?DBm&d-)yQfso=0EY#n|jS){dRf&PXCh!@_LQq@Spn);ykv>3;d>{5On6Bof8meA{Hr20vzd
z{`hv>a-X+u(Z;fIGZ6dg(#WVEH`yx2SzNg4wL
z-NDrq>(t`P$F%Z~&9hQ1S*yV6Jt^18gd!OCOt=WX!R;gTJw4A%Ti4If(1yYWzj*#g
zRiGz}$!*X^A%Kf$GS<6R`7$cp&zo8>N;L4hbyG>JxCr8`dXg8MjVm%&V
zNs%n1CVVkND<1{Rj$&eT0@SGriTR5PiD{^i7)&!X`ITGYz#8I#~p
zfJ-D0{Wlu(hsQfENPic|xe9F+q>xx}E9_We<*-=;DmP<)k~F%kF-8K}s+^41+p
zhU4`R#sKJxRhtg3;KDNJ`>JKvCrw@bHPjFPw(ovP?AYJ^_VdhX@%tO*)_E0N8ZLG&_q>HP|H%>$BJC`-9eR?qo8(xtZREU;YY1AVokvWv@-a
zG{PkOla+a9&mRSs^){VK`mjZ6+Qn-|-xZE!rFUo*7
zq#kmy!ld4|9-LsBSDav)>6h{MviEZGYN|_kCh8R*MO86p9*-tyd@3zkdOoW#xM8Qg
zyD;>_=T~mO?>_fOVbB{6p7&dh_xx|LW;cEwUJtBN(mDod6Lxl`Qi+LAm_u-Y*3%$l
z$*JrEcRm8T)(&97?svl0cyI_8t5_?YASiBIk@+KedmSB8)_WZuw{DU0ffnyJ${!zw
zgTx2Sii?@OMZQNz6bkv#_2O}3csTMiq`0ocJfu={G|Z1W^|xJSl3NO+T0dBC
zOeqZ!M0(Ljbnuo!vqKRPOAy_`EjgabMqa*15blUoiA{_pq$SWixqR0x0Z5LnI6jW){@Rs%JeKKJZvUqe?#FM2EJop
z*5&YbIKz8RhFI0Y8aGd?ulH=lEMBuliPsm+pf*6_*4zRl
zbu4K>2ge(USPzNeiqc|J939Y;{3#F(&ddzR05s9@WXlN7C5;hiT|8V+ico|BmZIYe
z`j|J`aYNL$IG)*eF|;+xA+}a~L!iF1QNw5}#>kRkn=vJ^2g+$m9pR7@Onni*Kcx;E
zJrDXYY}h+jlADQwas2RVCH6|*^{QYgg=_$)dKHtgYv_t-N1;q=epDZ$mHELsHPd`L
zh5&%Ne1vp^5>sKMk<7FeI=*eYl)4QfpH~HwbCH#XYCV0
zUlC}s!x-{jj^Obk{JdQ{9=(!Z4DS2Xg$n(HHQJ{^qR!|QJKtYzj(BY4Vn3isEx9(_
zb}&TSu-Dx>gC%e$LaR6QhUvUAO0=!jiMy(5-9_lCge=z@4sq>q#&0h|i(75=)^e+i
z={UyF2@dUYb=3k+Okd3-i^#9i{j2#F>*8<>JPZq)Ky$q)##p-t|1oNfhqr@G=*K?~
zhhAp}ATQ;>u#Bx;`x(8-{V?3ERx0=OidJ!09HuQN^8;wM_2#Zs_2C&01u8EObYk{(
z`FT|{uZui_U9lv6DQH)wj*?}20(*K<{aohsC`a0h?JTn?fF=^@F7yH@PhWmc#Y}C-
z%CJyiq51N&{fJ+@qHPFO@r!@PS78gn=jTHEFF&tEqOhILJ;&F-Q1zbpmXI%8<+z6l
z$z6-HnlC>anOk__J$%5V!RL+*e~q;&PzInbvkmw3&u3QgbgLGh!QU}p?X#MdU!Sg0
zqj!^LgB_rkMj4g6hnWF
zI~|1W;kaY%cf-~plJem=>3PY~bPS}Ib`VaM-u*zb{Q-fJnYjSZ)>iUIC&a1K>FfMa
zS-$r2=SBSb+4?PiMBk_ez;F2ryrYPBG>Z8mUf%HXCk_02oIk1I-$MZdM3I30M
z{;l^VG!l$OPi}aN)#OHT$vPsd)pr_agxUN>ZE}*%mM0^})#X#23%}f$_|#H#D0p5<
zzS*Uun_V8WzyNJPlE29bX&LsTcCwVNhDJ4t$m!%>T{aDq}U)I@CNz=dnC`tRJUtdKUeB(;XtBpe~V>S+1O_pn3YYDS)99eWG
z?l`cTXJ$NcGw5TSKsAYBD;=Qwu)6j`I(cgfiH_>9PJz5AKLfh=YLiN-eOc_(}yR
zpawo~S()7g#hbo6a~wklrG2d@<h|Dx)%^^7f-EWVvLL0Jrz+gBjs3GD@LA`HLA4H7GP-1r&=iT01t(yRz5&5sc*+2t#1r+Q(!hRL6(XR_a>1kolx(0wtHa$xY^
zRf-A6ekr(4_@i0>k#v1_WK+}vywzwp!k1J}7c>nl5(z&dRmMsgz4psJfdv7Ll5x#i
zDl7MjjI@+@Aj9PKhKTj7kU4G%n#yF^Z*hoEhrKRHy72WdyoLKgxyFC^U1&_&ru5BS
zgs>`*Gn%2EDcnMA)SE_dfai|=31>fR+q0CjvoweCVcw&m6esIq?i+M?qYv_$o136o_S$s>{0$E;P2Zu
zAFoIW5yAD^qU=EYMt6Q0083|caeB^T8ODFhZxr9g41D1$d1fuql1|!%uBu{YGl(YjKSf}WqA5-g?
z_Dm>7FD2=kEk`c8V+LJIz}PU(h88`Ym1gL-iMC^*QHuIS8w)lcAH-6&u7|gVIbYhL
z{BXZB_QPweNHbH&B{0x-xc&?$u>>4w%BVW{-%RqDYaI`KSPNuy(%~n!uoa*WVeohE
zG!?1=ay0D)?pPXX2Yu1}VDDZj7l{!mg;U!_s=50$ztRU8qMWj^v94_;1lxy*LD^31
zT8RTVpV;LT^kgzg7vn3hclXvQBm}9^0{Z}Jd?`D>Nr`}<8gj%4hDF_h&nJxmE{tQ$(_Ea$f>6CVpG9uZSz7J`no{0W+Zt`o70S{s
zRr)dRyO5e7k7W(d_%EJV0#4sjFa#5E%Ie=v<33u3QFi*Qd+Mud3v0wJa(~QYBrmIz
z6|a(YLB&R9Q;=sWXR%cN$+3Hz|1xUsr`@kCyU=O-s}gfQrM@aT=achQ2|AzBUnR#F
zWPQ02MV(LCuS(YWwEa~HJD+l2m9+C|=W8rUSOgZVLlR36j)USp^KDEgp&(*y!eM7RR#SMB746N*OQZ;PP?)Lq)o2`3bpP`_z90VfEVh)9Kl
zI12(pU|i{QM}5@z95xv0CFwIv{6Pj$mi9?|e@YNs?>dJ^hz!^;Uqv;-xm8pHmw+N0_;8^R89LIW1HNazijoB1HR*uw
zns(sYlDl{LrM|M>L*2a?3o*gV#CHo{xu{WKjLQr?Q44?y@-cbA?lV;(S|NusBu37f
zL?&vg7X_h6cS6T#F+2cnELGi<)*jO>mDd)0}$0EQu%N!za_fz8^2&`$NG8Nvk-XHOs7_GwLo2m
zqj7-p`ABD*ggPQ6DT8t|@MKJQINqHUb-Ym&NYALT3#BNR?s3w)Y%+@8G9YcJHSg
z{B<1o;1Y+CJu2dXPm#(Z(-X;Mv(%Plw8avdpujvNqb-)u@Ww?lTKBrgmE68Y=BZB^
zYKMVeGFiU6Kb(dl2@6h4hWfxrF`1O2*N8Di%om~)eGb;hAYI0;@9$!e9(bz1!
zr3-w`6-LmsTfmCHWd?z&xV(k9tijGdUmU!cyjU-<DcumvD#Fs;DUgJcCvd1sche@qL;glMFm9+h6%^4SZkQ)&{)OES)R%d{Xh2p{jY6f
z`5(uBCVz!WP8;aK#_|OWBoqVY(r_z=BuzM^vMoTxw@5OVl=g4`&U0pWwX$U(J$=32
zukYjW$vHK;tX8Yt+1Z)dndh+RxY-|GIw$wA+`Ml4@!C#(FIU^B8!)&j7Fff3mEh?%
z3>eAJxH-d4!cIE!o~9VZAcfL{^gOWh7*e7W#4(`4X+?u2L}D>ukw8*1s)@~C0BO57
zrlbVSL+nS1GS8NPA<_qN+=kcU@QxXJR`yDBcvJw{TXERQ#l$7z)-0>d@DW0Ah%b7+
z4jhW$pbUJO?yRWgct^yz&XC&~rbb&-f+#T_NG#N~e;<*a&*4$>`6SIVa>xZcGf{QsdkcD-7QO(@2^dvTzOyNKe*ibRi*wq-^EeWs~wAa7r_ZloRB)2nRFBQw53V3pI&J_j8lgd3}
zJtGQc%Q#0IC7c_t;EXcDLgYYf`Um}xNV^fk^!36%b!zP!A~UF-%sTesyt5Uwt^?nB
z-K0qtG~3@@@cF6<@#x{{h#r2(swdGjpNMHFl#@tMV%&%8Fm_5cDM#j7&P=XGj1)ry=u+61T1sNn32sq!Hcmu~uCCiE=AaxiMN
z4!DJ~jlTpRz7;ze3pMY86Ki(|UL2?lsX7dh*}v@Jf(J~gX3?svl5WJ|kbU5E&mDgK
z8c_XRkNPzlN=A%VjP#NNG}){Ci@y4#+Xr>zCWpkFu)931&oK{9m%LIw!lbrO+dkm^5Q#q$FTt)(8@vIg3D@-6@{-gE+eI
zz6-Bf&dhPY>4!0i8CO;usqS~v>*+qP7Dl_=@>3g0H+?lwynQ|8N}myn`%x=31sCw-
ztN-l)nCyA)Q@Nz=Q80av@bZu2#+0WKJQM>CO}CqLpk0%P>K8LCGwETm2Bv=Jw}w17
zINM?{ijdSuqC?}GV5ykw?jg9B1hlrZPhu45$l|-22rTZ+1V7ePSNmjo1)%yPJ)EG8;v8L@G*CB@i~21WcO
zbA!-_IJ!@?csJ*~^Z5_wV^!-9QZK>Y!&#}WgP!EMIBZDO)k3w(!RX>ip!WTc-NMG0
zW=sXV8@SxBdao{gzk_TW>h=6Sel?aDPNRWEFKh+yX6L4{6MlOrsaBD`w2%F37|yY!
z-tYacF$L77X%l#Q@I>Ocrd;G-8s~o^bs!h0v&z{65$V`nbP-=|AX_8Sl_JF8~Hf?X65!z4JZ}a
z4v77L4t>cTHu8DTRK;Trdk!Z*!9FiS24dgqGN?-E^bk<){I(bLhIg+xIIl&jr#yGz
zfoI3G=)?8~g$k1%G9umQhRo(2iz-NjxuI_9hjS{Nf>fmUU_Qv-wxROfiAM<1Vcq9Q
zk5Yah;$p!8Ae?!aV=eT4iXKvYu%eg{sTF!^V*~vn4pWA#=#n^0u$MlJgB@1!;9d(m
zBl~wXhP}gvN)v1c92_?C8Z%$^qd6}OZ|6`IH;k(&f(HIegcVev5(9H~&tW0&MW-s-`nCTjc&)BE!xfBXBJiY3@wn|2Ec{&hB;iJpVp12Ah
z47<+1=h!Q_%qKZ<8OC8H?+;P3hA?$
zj^-`(|G9t{h7f()S$c9v%QJHDS&%M?<1j0tht>iy64t=?*HZq$S(GKRD}bw?O;(%r
z4F}LKB>HVmCM?SY4>LEWwI;(@N8Jk1`MoQz2k<9NXF_!fcWEpLSwnO)R+JaU0lO!Q
zbcu|BDld@)^bTWM)2Il2U3eLYM_`hGSI}X&jWZW+j@`Ad2Ls+Cla0YS$+4jJ`DWD~
zgb$!Bz^tY7&RS3mY#s|q9gk88#nLEjmtcr`zDIdPA-{N-v37!
zTbtr7r~dtf;;md?+X=-hop(QoTBL$_Jzspv?Y%SAagm)+l6PE4eUU9H!KrM5mtns|
z=YyPc21vf_b7BRj>*tfqTl=+LXWfg4g0_$Z$-FD29V%Q9khwx&=OmQuS|;}9rZ4fy
z9FuIqi)aa>+IR^I*kycL68ORh$LbG!)M@pgdXn^&ibKor^DAIn@;bp+PuqkoQ!@eqK`~)jdkA
zZ%Sfi$hVG_D(OGAsCw~+<*QE6oCjU_@w`fEHtGz!nJ8z1v~gwJ0uY48d+0OkX8=KB
zf7mmHv~gw<)Qk(ahn8^r7~Y6>iWS5WMj81MGygQA
zw84^wk-LZRjX7tLIKd@*yUjT#G;3qxS3mpVSHDY3;kENR?*Hzu^|1d=bKUFs`EHbt
zhE2>@;zl77Z74pw&L8O(s?1rvB)tzCG3Qu1x$s)?Fci_B;XL>ujzYY)mVxbVb7z`?
zIfgxnXWAx)3x3ZrMJ=&ssrViLE{I^8>bH?A1l=vmgF8ohfdZi7$Q|NF9X78+1kgeT
z5^WIAzwMcY0TwJs2Uuxl^G?nBunXUl=6gEe>B{$Rs8ua5qV=dVga$C|{xnOR5Ni^3
z1WaKmgi&4wBt20jU#v_cmgCxKv!pS{yNMpXy4P=Ag)sZEUq!z|jE-s&NN@T$B+?ci
zk&}1K<@uPTtw7?zsDc2&rnYf7>hxna1i!FSFL5rVyghd4C~7d=|5QX3tsIx!{WJ%z
z`h8@&V14YxOYzib-#{Q#OPfeQthC%i{+Z);`gdMez-Y%1d)olV=nuLqR7$X^m_nUh
zSve$&Jud?#I|;Kaq!Os6EVK-a3N29tWVWZ%3L(vY6;U$=RGh8LY>}pqBSIqmXPH(T
z>66XF2G;73;U2J3&G6)%m=gHy`O*3D`QG`S1Bi)Ap-}ko{AUX>fS-Oq_Lv5`H<3Pg
zJ6MYmjM1w?VPoD5_F8%?C=H!IZ*t4_I2}eoZ_3;IFMnsx%#PScypb%V1cM={;-44POK2%)6`aa+
z{Y#?e>xTjTjfM(>R&5N7y;m>&ear2kq-$R&7^}nwKkVN*)nY-hsgFQ%U<66E9TD}s
zuV3$-5B1~256)5Tcq1oz04qRAI;9z)+$M%=VrY7zaXjU$a=rmslK?A`gLim0z50QF
zOiOgrpOr(w{pa`eAV2&f^1}z?FJtFU(0ShluK!N#_N>p{#Uf|}n8p2bD!PUI$eOAD
zs^hMiZEA!(lEMKZsT2kJN6uWy#?Bc}h63@K!x*iF{bYX2U7`Wx7Qtl$o$Iwi|
z{6(m|uRSf(7IQsir=s4}e{;p;i0`u;;5#SO;lw_8Lk4yz0q@V~=w$!cC!T*TSuLN$
zDZY(5FBgllr7RQ)cXrRaxVXIh{rBtZPN&=L_4@rUU!o|Ehr^qj+uOUlWW!mZR%Hs$
z+VT3edo?!}sAi#mzIGF*>j~oY|B3vUf8VT}?N@yfb(Cc|1CR6xYjT1C2Fab>*=Q!x
zL^#v%5j0bD3|mW1LEKWF?Zq_dc*%g5$DEGiXH3Lz2RFU8I^#O|dIcspu*Cc?b1Km$
zUse)-Xe54vpnMn`iGL`Mv&?^^-K!68jl_SaU8@i8(;GYp_E+tKsIDUaS=tw8>cgIP
zrG~0uQf^iY{BXC$B7ZOj1(2an?AswQ*@{KchE*+=?I64KpoMzSFkBN9kR(LrX;mZ!
zoqb+oWox*gsGdl^P2W5eSM}bU6CkV*yj;!299OSzoaixONmpM}x;er=s>;iyoc1*3K#!_nO8?HE&7IBV=PwGE?s(Mf
zj%GOLCvzF-Nm%KgSUz{n@>wV?^7^?@N!CwwY_Fes;q-ev8owqpdVDEW>h;QRAAiAA
z4L10DHhJ|2VmyNb|9}_q78MbkwuO>vfzaN6B%@d&#ho#n7cE*~dCF7X{qy@b
z-^ZKZ`yvnU*_Jvh^I1)uE%4cfJ}b+YuW*%@;Tx4GmR@Vp!a}9$q(0~H!Tzy2*w}Y`Ks=Bz4^OOc*#Q=SPp5|mc|&o{gyeF~
zz$ERMA?2Z50A2Bl$&#(!ff!v&Mi!8<_~+D$@JOglY7rQ*)#znFY&mZyvv|$WSAt(_
z^!xj-8>8GA(Gy9+p)(bF^sH#)Y(7m7D{9WnQfxENJ+p_w%x%;d!qF6V%k>T!MvBM#
zH3CdlX;dRGU_-nP1OO&Tr+*10o>af6AJRyo0O`N8)@UOOTlRpPBM7OsXr$ae*1(I_
zz=75h=Cfvb*okn&d}r-Bq7CS|hSYVE;Ab3LSR@=>%tf(pgf!2Ndbf6`*vdr&v&M@(
zuy9ECz=D=qev`%5VEI0|=4P$9I-V)L<|YwHgEf1JA8^nF49U3+Y0G^-wQvo+0w
z&P=}Q#TApUy1Zf-lD*zqJMC`|D`!Y}PdqF=8Kvp}3iCg*+a*b9KmBF333qU3%Uv>0xcssgYNT*~qq
zJFZJgaV9bl2hTUV)xxs)usO(}!a+D}okZ0573DH!3?%f@Fle_~jhbF=_ur%pBHX?QkH4X*zri?<*$Ek*
zlREJv(I+HDN_uk`i=wRQN69S11biZu5Iwn<@NIw!GT#PYWD19Dr$auDHOq!#u7-${
zf9+ulhB!x@(1S%I+@H0RA5LCjbS?roP?|L3f_hY0C>ETp+Aj{E)f9;|*|%RdO4ex%
zeRlk5dpCY_t$i7H7@CK7?j>nd--*0?$*|?rS}~^~n$!8uoBm}WJCwJcxZ3^fhhOH5
zUmni*mLv`k0|{!nWQ2H0<&DC7q=@(Eg?w@ZcT6~D`fWj?H&wAYk|CVb71V|LFZ+Gu
zC|W0?>JTZJr>AewWRzU09;;odkwTP?82j=WG~oX2kgwdxk3ivPz1`J8Y5j
z?r4_2rq9ioQ(h!oB{#5(&@fs(VE^Tm@ap>nXa@Vmmwn7qPEM%y-*5Y2hZ^7LXY|5A
z<`8P*`Y{|G-)CqBMq+|4ENOBrDyFK=pjr78TNzALh4Cb=MH7pMPkj?jDlf?ohfh@~hPRBU
z?y#4%yHs_hlV&heF^^@s>WP$iMKk=7RO9Rdg>2Y@D=cEwvn3HIa0=B+^@@e3-dW8%v!_G)T<;Aq6XR$bLQ5;1jPOv~HIvPB|
zJXygM>DW&fP*SJ=osyC3qY12p;{vyO)GvXnyGWN;a_I$USz_qYkX65z9rtuY#M1h!zuho0DldL@Q)r^PK^JC~99Ol6BVX8%qm6vEj>CQ5CXHhHIsebqSY(VPk%S*R8Yj2wrM3}(ih(uNmy
z1cn2dlINK~>Tx02Y+!ai7;@?ih|6xVdfl|J{19Ewp(|kUvS-<_Yemx`^;F8!6)dws5NN{uT4SR?9hrA-1!}m^LUGdTN!gy
zOuuIU^+YUS*gs&tP?Mxvl$54G{K8=qd4ZxU-)9FuKZaC(IVVY?qaLXZve!Bs+{(VO
zZal+dY77BiDIX-%laU~n&+-4YJd^&~$e#K{@ezncxfgE${hGZni{hbZbaS8@vj25c{PM3Q~P&ywfiLMgs+o`RLT%P1{;fn#2R)WSgC4%3IfUz|cI8g`
z!V}L@CNWYVH3=!2;F*qGG(6_gZ45%~NwAkZJb-?r{ORykr9CwJaZGY8Z`^6mJC%Ag
z>TAepc{zNagG?6I<{8{p+<`DJ0ksj{z+`of7c-KwD8WQvxa*C-umWt44rI
znxO1!bbEEg7xvShd4}z5Jvy!8k-rnN^gItYjzikwjS~(;lB`-KIw(obf+IVxmICTY
zC(qJ`voUkmo3W%uCJE6{oiQVM1ye01?RWM=Fuz5dYt4(c=^q>!%E1p4HA3>`5L~RBw`%r-{u=0$KggKM4?Yk
z@Ht*fdSk!e4lV)--;V4DxAM+*5b_QSKed0-peLrL+@)NhlB+H{?+Ua=6!Ha^uP)}?
zqJ6cSy4|9CoBO*u2_pi%ntftGeDgP{yv@jWFxyJvaDJ22y~=g(LmLcQK`a4kh`cdH
zDjg}20L95I+*?)m;9ofC_;=PVx2T^J%pKqa+{
zfOoWRWwwztLl-M}SJ8EgFX(#i((n0U(0Wi$KCn>n%h1Oc@Pnp)v&E5kk6EEzDns-Y
zybK=2Gf-}>)x^K`x8Ib9>+JQ}T<3@G%iesyKNx)ZF$|+9el^V9{QEY4_x=6-*ROy4
z@$m5HpMU*j%lO7Gq_6_dkR&^Uad~w^OA{!j-CaXl9e8s#;?tS|l%Uc>J)T=S%a!Ef
zzwl=j)ZhZcDNk~4rDAaFs$aX0PzN(ZTY)+ryU
zM31o?VRg!e!ivTd<|4Ghun*;LI9|OZKxbJbMrAyP
z3M=9jWINR=A|EBN31NH*ghf|7)he
zzLK)Mh?M11@uQQHpMIgZbuQ|8ni2D{D5nWCMj_UZ8wa&y!jFwWGM&{#Q68VFq&Co4
z?BBGZ^l(QF$a-a7O~=H
zeO(b>CldU;1)xkqO3)m}el(l%h@^#q3D2w(SO~TKRL2)wF(D*28KTvd$_VuqyIF(#
zZFY~xO)MoE{~t)*D>%O)s^{GaX?=x%#NP6J)M&&#x-g>@wN{}&HzD0p&HJet!Lnt(8+9OiKq_kfcvY22U<
zGftjhnk8KBH79%u0v&_gst0La*(>DYKvIlwz@v8}FFB
za+ylY$Y@W39|{Mm+dk);l)ZChY~;|@ChNamsIsgXz`JERck@y;J6Lc_Hss5wUsZCz
zU36i4*uqvJ)BtwvLrEe=Z{RzI(o8x*`cUrv$i^7<@A6K)vEh88F)c~}U7kxa)}i@U
z$0Aj@D&!T(3rJm{ZiM3gV1}RZ=l;({h!``Gq$|BM@=6bBy
zPE*EBsv0fTOBGU8?a_!H__t!7u-;VAwV*)glg8eoZr(WN9rYR3AfuAjE?5=ovf2eTqp&qj@AnysN>Wj%vPscJd#s)+
zYSntIi~0lKi>>~u+7&)hs-xIVt+DB-87jyDY$4NcEja&j{&Xf56`S0$nLJkE#^#AG
ztSooEe$Th-{cCd30NG;mcD;`jzUoJD?lw%Oo+>Rpb+S?4ciu_5S2YRkDPR)}7v0sl
zVKWOSBXF=m52*!^jv>m}v~ABpF1kPL#OzuFDF$nQFJ0WK`RyZ1iIA5~jTyzkLGtPH
zN%e2nPl+3Kyqkb6ok@t3Ro*6|RQcvGgkKekFQ>|Da@yE~=m-BG@EeutEDp`QUm*T4
zjWw0J;@J1wQOuVj$4*hB)9LjV1OC7u|8p4
zy@`d<|b|a
zI}xVJFysE~PnZDy_19Ss>h-_=RQWR1Lmw;`D9aveMWsqGv*3LRTtM0vr&2JUILhe5
zFUi8nO{};hpt+A`=H0Z6xC^BfcN&TLidUA&_NOBI7?nC_mJbkqt5+Jpj4nD`I4T$U
zzJ#hO!$g7m2wjbuI|=Drd+etLWC4%8v+mi(*<_!sp>6dwPzEg%LHYMF6G|rUoVbWF
zI>M)-PCVywp`t1!re4W7=SogG$vNk;k+-O`&be$)Emq|o8+eNb&xS>`((85fhsp!lKousslazVf?xf2+WpzTiXWE=(Qar=rr0aZ!
zy-C;k9BY$IsHbgBn!KN3X-bMdVQ11r`7A3_Qut{j4a$CliAEPU2AU^qElK%jSXxl{
z|Dc@(VE~Yks>=w;uc4jspP~F|;}7Z8^h>Jgs-y5DC4rS&pqJ)y5+Wis*`n43
z4%H@BS|I)Z7lTW&R7xx^bYhuY=xoI1LRWV1lUQA(%$V7QE@#?ZaNP#s(&q_wqrRd&
z+(v8Ch811THm8`zusubWFa{O6V4xfIO>IcQmy_Z_f5enR2W;keG3DEJeGun1=>lJ#
z)8-UZ!LDwj78NC4qjlP#!pGX8lDtcdD(GcnRY}`abUTz$MW61Opfv>!rEDq1zims|
z&bFmUQ*}pkcXe#4V1r80T@>Uf*i`5QC<-vC(BY^}g)V8M3LQqudeW5MObjb@lDN{*
zNn%)`6Ty@>Lu`yIRH3o1prOkCA*I;5!Um9{oF@hroFx_(oGr*%Mb4`F$ptx2j4XJ2
zVr9WuQO=g+Outk5!Wdd`%UD|IhBmd(VMC#EfwmUa)AFLk+JX~fZb5?*drMK;qYW;)
z^~&N>RPF1@En{;5OR$VC<{R1SQk1qnVs?@2X>535vkN_;?Jjs&8(#31EXxa!5O4T)
zHrA$?UO<7C?S)UT#NZML{}JCnSYL26Wq!dICH5B{eG8nEO)%eVfWcJ!pRmAS#!WE6
zBp)4Fz0fh=n^n0lrYKco3{C%;2myPjX
zThEpG->fUHZM!epw)@hWEKBmIB7YX-&*GYTyej8QYsOJrtrf+>nl|Ta1AW;T=uOT{
zwN5Trdk~A(7DUzBfmljyK=dG$V4+#FoW|X6G4QX+BD2QJ3;!1Rx5U5r>T%=epatva
zqXYFcd-@+W8&ebQ*4{qeSc?UuHgNy9<{kH!7zi4lkFZ!nq!_QzLRc0ck!h$+_
ztQV;H0<186`B@sfIv8X7NL>evI
z(rCq&!57jZ_@XU=S8V}&$(Fxu{$g^RDhc;_60PDf^zbvej4f9@htt>t_`kt*9uE^jCKO;D2AJ-cyg`h;t`X>4q*HqjwTW5V8eZ0O`=VbLNdYK=);_I7oT}6fC
z`X!8zwf%;242JUMoNAP?>8ga!@~lnL8b7?#wjr*-(v|VDzOz
zlS-f>1P|}hyCm*8`FgZtH{+gkJ>UMB?awqCIuPB_w?e*iY~4v7`@-h!#VQx(dpE%V
z6gTB?Of=u$baa3_3GB|)%wkc@m)zt}g(zJHNPMGZT$DLp-*=kayVjuLZXFfuHBw>d
zx`DTR?>KcYX+8&x)1E`sSRMLdSe36p74M1e-*=-BCE+aiak{Jb?luUCgs
zppXRYI|W0Tg@U^6TDN@f3%}+0g)M~cj}2_bvfu+
z$Xe==U3G5|_Nf=u14ruO&}?$38=sRGXwLeFLIe#WJ7!-^Oje`eK3b{d)TI~nHywG;
zcX7*XS7dHg{I|Olg~9LbYwE6Ut9Sh+h%bj1H&?g*-S6WWT_V{9NP_E?qvvnmlpk67
zVHQelnBeHoMF#dOyH;`}V`KrqCvKHDk!hI-qkAg9JoM_F2qo0+vm>D}
zW#}lPVpo~makIi#OJcXBBUnF{_z0Gd6+VL9;|(9d>hY6$8deXn*Td$~&}NhcKERi7
zI@%Im_#ZyP>psiFWwC3EdF5n_e0Ap
zKgl8ZJ2E(u{MN;s)}D#jr%`@)2bLvYFbF5OP+C>$nErurrhLsli^`p{G|>5t=9s&I
zw2!nyWyI5g+f*as;3@%9=N4AAjh}Iot)?oE$>>9-R*
zIz2=GoyuMHqV2>>ao0F0N)wfjV)WU#C?04J#amYWl~AmKMzvU+WxmOS_mcLdI5G4v
z65MlgF*(e6-G>x!*3A4iuu#D#XklXvgKo>OVHi+Ds7iVWuiG)r*-6@9A5LtJmfDzN
zEadLTSl43FW?dsKNqT0->W`h<$-R+kL((ltYo6Ibi^c2?5*Wb^fL@UT)lxZEb_Fe1
zC3|4tWfeWlXtb|+7iM+-HSbBS=ADxO(oY0|*i(>6fqfZZDwR=-H2TYfd={}`vT`}dx^`k69*DX
zsLqbPYla7={sNY96mY09=?_TiOf@j1wN*{iXTTz=pCO+akFP`JA7v%QDi0W#TS!kIEn*%`dA9WLQw=)&OT_;4!)DL
zy=OB1|H;fWcx`G|$)DeA`3#R=nWC{hHOHuei*`kPD6_8Y&E2k^jkxf
z6lyvQrW3$~`xmYIX0`Ni*P)-5s@%Ejsu>hgL$pSbFy-3@0t!ikfe+UEECLhY2vztiAlsio*ykw3!5{^
zv*=c<{l+a<&JSwm@2vz{)RR=#gH)OHE1lDg1OXA4jD>_^t0
zSS&5L3pIMn0(EJ=vZ{c?I!-!Iqg70O}j`gI+ACF8T}$^<}^3=M{1Y?|I9j
zdF6ZUFGB|G7bKAr|IUk4c8z=LW1n$@YsVX$FoPEPI?W_x&)}RJejLP{T7Z_-3xMzh
z(Usay_W)4e!JfIo{+C1x?ozc7X=MEp9E&geKnRH>mqiPy+K^`|3|c0)SmcK{bc)OX
zD*saQX_CDI38f-u#$8&f%{iB+JjPQq43bw)g(s_Ze$at
z5zYiqdt?dy&-v#kY4Ssg-oO(-3r{@Pbn>56B6F467D>3@(`Wi!rx6dS*E`PZ-*5Ag
z9Ir7NV!qeO)2JZBt?TT2_mZ_+GL$5}RV|i_&U-60J@O>z{1fyY5mHgbx9}aOfvPyl
zg%#*NB%Sr0uBRjwlS~15?qxG0$=L^;37PWf>5apKljFm^-0r~%{^MK>V|9>-lM_E$
z=F~_PHPau&vw75jElrf}4+LPjc6xH?09SdAf1S+(c?`iUZ`U`Sz7qVn99nQZzqf@~
zH>NBsXjscSJUvu88LWNN$U)N%z1wLEpazd`(H!-?)|E~ZZ<+m(Z9=lk0jsr$
zu6;$bixmI*ta5DeIhO^s*wZ~`J?}-TRJ5ER=GglR>R;FQdXl6?|1*0wBNyyi;;@se
zThPcr2aSDyw8)lKL?R3_3T<13R0fWWQae_uj(?F^)2>yf751ZOw7}0JP3DS7Qt3%{
zJGuFKt9C79xWx%
zo7mjz^^nnyv&qCUFFjV879!<&gEj@YRtujjYF+tVTFQurgPU2L8>ei;N%C~3#ECT5
zmbBZyCV~aY>vfV~%aFt%W@z_tNtZp5vuh#4&ws}v
z0dxJ+kt`lah{nsnhA97RT!aEr7n$I!SR!TRtmH0=njsCA=BGR@q`AffdTtz$&$o>9
zR~M7!`Sw}ePn<65Z_nzU7$nbk&+2Wl7M}mi)+*Qoao7}#;CX|~nsoPEk=O+f)T1yB
z?yF~E9o*xGlN92TI-K*JmTUzgoh%$*qO51;={DyO3wfowiOYrga&f*=n6+}Q
z+DUh*yq$SfPYucI1aXO0aNlxa1b>IO57wP^$VWSVn?&zR=k=8wtX&%zRYhHA@rgRi&#dz%u1Gs^kkmQGklc)1fox3v`Pq9#di!E@pT|nIZJKmt
z+I00l+bEU8@KKE`)oK!jv)j!!_FYj+Z{h`a87su3q?N6X7jz@%wJ_VGHi^Qog`FN<
zfe63vRxmI%dIrt`f@qK?+_`>7i#K(*3MXS{|fxOp!x|##-ZG{FRQ7Ol?H1G=$Geqinsy>h6ti>^ukzzVmgKj89L78wK<9B7
z^S=R~W8iEQ@qfygwNqBssFL!_N*vURg_NIKVnm}A*c$XhYt#>|VLwcz_)-x)6O(+|
z0NOg71yh=ma{p3#0h9}+!(mCpLL!ts1*$PJJv7TKfY!(6EXH?AI*SZC(l
z2>?%{_`c)MD)RyEL(i2})FW}TJBTHb0Aqb(d4elmJ3!Vyq;%lLOy!yOo!#|)NrA1B
zNJ^g1xF3TaJHs}xm4^{rZ7(7CckXkrjIjlSYN6#0=`m-#F1A`khvV#%M8wjf!v?*&
zjlF=N*P{BQLCX1q+DNmYYq9_$=_E`y!+R*%IVr`>MZQYT^@w((Z@ic*x*~Oe3wMKI
z_d8M@smhY9P;|tTjsEH$%v>5qeI)*?*v*kOWhA-S`aijvj5;wq$rFg38dv=l~Eljp=_3lKS4Y5in-AHzLx6E8XKSh@O
z`=Wj8VgQvextk2$RclO$d4}j>I8XbwnAH2wzO`R6`7LU*^4YI3-W)F-1bR(P!9a7G
zZ{#gg0eh11tYI7BOXm%(E!2`Ax^f0c+3S2a%g=uzemJ$Ma_>xoRxf;-7AnE#wDLjp
zJCQGYf@dUrGaB<*Z|>}3?(9ZYb4v>Blw05?%p-A25OXqjI3TRh7f!LG?rqSfh0xN8
z6(WLa%H@=hIj5v&hd9#X)y=O{QwuVe=Gi(#mlhV{sRey;fDO_aNZMx?v--sg3!%K&
z=+;~eX<3`T%81gI!e#SvQ#Rd#)u}0+qsZ$Z6*7{OvDN1Id5DS>P2tZC9NUS
zJ*`%`;S>f(*X?kcW5&ezzD+|G(gNOd-n?;K&bv0Vh1N&+)LD11R#7#*75%?_KEKi%
zVw*Gc#VGZv_X?%(q-S0s>XG~dV{hMe9;6;)+|SthjDz#Vrz17MF%+p{@7prS~?;K6slfs0+6|!^?JGyh}?~|4ett=d@C8
zTg+1xVw{mTibmcjDS6|C(SwoT`&Dd|-xr-;p~Q<84xA2&nW4@I#0HgCh7iB7klB3Q
z>UK)`xPr)LAJ5Z*g}51E&hGYHEnO=2te^e(?0
z@z#JgRMV97*hn3RoteYgIj7y83H!HlK;KFSGW+TDZWbl)oSakqapvxOcVX7~xASW0
zm8vUbnt=Y7Yx~H~Z7dDOWcVcHeIMtg=2fw6tmw4!jOJn)s!3VgP7ZUd+DhL%B
z;P7wfqorpbLcckTN^X_TBr!!fJ&Zp|kRQssjd0U15R8yr*(p!12NqSqFUrk|=nshG;
z4MSC^RtI;bSPq%(a0*)6CHCnQ&)Er{pVI!u03}VAh8J(4Zzn7o76)CpQ}qW)$ikycei*1IQanIp_vzg?zD{f0y#=Le@Tge2M_
zX+vhm&qVxtzE4x;bq9aeT2X%3Yvuj+aFw_clGqP9;T(A2AOb=Wv`5UB@hY98pcO+`
zY}^y$?K&JGO!`}J3Hfv2hpg;@0hcyOwrgSM-B?H>d4>fbkJQ5+wW)vML<7GiK^kr1
z*Mm~FCG7eBtO}o6&)5_V5Spvk;rlui&{U_sfVboLu#DrhNDKQRM^PlZvg=|&MnJ;
zq=_^37QNp1pQ!y&WHOdEseFiS+zGu1OQ`M-Y}#^M!s+U{Ex_3J-0CX7s^jNp(`sjtQKfVa;%
zs&#a=)gL0p0=3X$Mg4W}bh)qK-{8z3N`Gl-fp>prn3|R$=Ta-$&h+viUR$1qZD2Zx
z*Af?;moK>FLl$wpn7WHu?u^&8bh9Qia7|{$n&_J$%PZr9H*#`Jgg^l4?f
zlKF}pJm^|4wWWyMHbhuE?vk^)d*np7Q2Bh!TlgQ8ks{hD(`E5U!to0rQ=2J;rS&g3$la;4GN
zaJ1^69bA-7`3xnBbbd>W1j@C~p2ZUSr@t5XP!6=o@P}}9=>dXMm(UkxRflmYhUmmC
zT}ofjJ(u8Ra*1~*l_H<&Zd29*?ee1AjcdjcM)zH%u=ABz^+o7MBw6B{7pyC)_qIGR
z&3jTsF1%p}o+ok4o-yE=>A7b9EmBh|^id`1CKvOI=c*!^0{_pIBRxDqRjL1hm0r0^
z-zws+fSq@uzIq52<$LEftfK599+95GE>NCB1ZF(hHBY7&=DY{`r5~`V9Ek#f91_RM
zdFIfeG7fI4z-3!Dw($3!Hq|D9YN-UTChfo~BECoUdL{Tm=1k18pWF#~TX$@c*Trs!
z&JVC!zDk1D+#{2W)g|H3{n7YRrqTV!vH4Y~kh`az8r>&(jaQL$yi($feG4m#E7g@H
zNQqrM=63Z?!>EGKkEd1jsjU6R`UkYw`L@$FzOy7mWA5V1SOoKq}0TYeKV
zTNSNCVXYIe1!6gg$MJgb;c!G&$s{ku68_`<8Q$17+qiMFSj5l?T015q{XC<$|p*R@l4
zlki4_BWeBU=TM&d=q}BPr)ZC~22xgZ-(Ii{NST7f3>5a8@TNtN^_8Q$isV`LI?Dpv
z+NJ|-P?9|FoqPJ&1ELt}#UA&)e;0?I>BCzZ9H
z>j9e9%VQSGoZ~6jH1kg_LUi{l{$m#Zh`!I|ryl~1OG8XdC|1u;-5{VO?<{Kt>
zl2}+?y8x!^YWuB@7fLV_E2R8iL?Lc7^pCf=&H|X^|baoLT~n9u=|J?UH`<3CLB94-ScXNiG07y
z-=W{y7I*Bf2fLTY`^YfH4dMXmF|U^B8|vM5pXm~AVG?(MFTJvZf(O`&m7VA-wJ5zu
zNNW%${Xws!KloNpbXDa#P^>f5jVBIxsv$|dwj~Z#cJ&3u)JMoxM)Qncla1QYH@3Y9IsC=DRXJ!3pR}KHDX%<^B5UL&>pA?1fh9x99gZuLfbfuo>xV9(?d(R3|JY-=x`Ml>{!&L
zUjkMx>$oNP>j1bJ9eRjVr%|#c&I>U1888x9(F{BQ&xR|%b?x)U3UMPb@P93mF8eLY
z>0F}ug2*hSuvA`n(T9)s)cjEzExk=i{x~QuHPxAe<3#>HJQ>7~YXOHR*S(jB?ag$g
zrdnDeEsv@M4Cj-xbOQv?uBH`)31K*Y+iQ?su{u#r_}A+~p6yIpDSPcg@E2^Qd)HX4
zepU_DKH2W-M1>;p)RuR^V&$%}Gw+o=sP#d4mvQK}yn|k!DMZJcr<9P#{Tl!JN3{_S
z>M87|^b%+zg*Q0YI*8g-9mmKSQA9LCP9Y2CCZ&^Th@0w|dUEHoit=wq)RLDVWJoK9
zxefc?)%RL?uF!^mCLR*Uo^-Iuk3
zJ?8o<_LJ&lhTO(Rq-#UY;3uo}C0=FB1;o%Q^1Wnvsw5d+9&rdsr_i;M
zy(E0BW5B&8gfb+Sm9bz3({f>OpA3i7*ZPzMXtEaWfnZoe)o$*P~8A#t&w-e3k5hWbJ^km4_P=jkqi(
z`A_Z0i(=QXSaD#S8qakaF*zYr%Rb0`7GI>a{nl`kWmfdG#
z-Sqd`XIl5Ht}~bv{>6o}4zSWo=k@P&(p)3OF3z|6q(DN=TrJS2X?19P#h*M(rZ+4;CggnCX$8wO3;Chakp9@}Ayvmm^cB~2_RP>6Faw;52
z=PuZj?#H<#v-_%GZd=QRFotA{wUTVHep6!i$qUHY|3q5%zqy3yEnSn;-C9iwW;rRO
z^R~a3(u+&hhHtW{WaVCW%^H&Un!irXG*B_}4)M~Rq)Asvy;O2^UKH-dPfQ>#OVn^Qad=l}f*ajf7Ej96MQfM2
z(6!`uJ`450w9a(GDSPoz`_L_&kqWyI_C~aR$H=bqg!J252arX{T9QCIJ98GM&U)yz
z@pFZcVfnju+Stg|H}*DGUwlOv>J@&z0=VjHj?d-S7E}3#GiV7z7B|OkzZb;m4T}5n
zS-rbhNL(WB_<}3@2zXgj06AymI1_w}rP}4`xh$K25wH1iZaMuy+wmu-uIj&8Uoa|R
zf3rxf^m$8tulzVaqQC!lJ9}{ZNI6#5><+aRcPVG|_KJFJEJ}VT~B&YVKo1R#&
zheQai@7D7dffsj%cWc8|^TxZ&H~sM1@A&sD7ci;EcL|-tm5#MwXE_R&6MByC9_T;U
zrQe+UaHS6KaxNqX{4Kyj=eiSjs2|;yw)dg`DNqBmSE$u0n2Mgc;hflq^gg33Yrk`}
z>=%CG1~uYA8gKejrT>=bztt?arstDuBk^lm*Y==OO|I`WxxUxrdZfwq7fr6m#x-fz
zraiS1d`XarD~Zvj_>|E`Jb8Eb8w}!xK*gXBYsyT}jSN;w=&OiqHaGO{9qd#QNsT{-
zBtP7IW-@f8({ixp5>r?LX5E+PTF7?~viJT8K27Ue_amya6`KX5DE1
zW3^y>?O7z(8(J3@CX8z2X$Sjhs7oA_We(ND;M&>pg3x(=LBE(nUO4d5bI5TT!=7{4
zijgn4u((`wmkSk!ZF@o8vs5YMnh#CJAmcOH2C;A$*r2HP-KB^uL2{hE1ohV}a7QWl
z0MLz?S|ynQ@FtV91usDe4||t0^86Ze)ip(;Yl=SC6mhO8%4Fno!9SPdq9lD&FzS*z
zPO#JkN?nlD1xS5Kr*2c<7T*LT-144^tyWg&HzR
z71iI}-3Lqrp|e!*_DBTVWbT+CXN)Z0n`0VAQB;hg(lHb#%u)gp-xdLD9)fudIO-e1?R-NKK0f95Z2&{S5(V`mNga0XItf|d4G+vyeQBX$+b_F^-LbI3Z{mJlYQkJ{$`oaLUNGl^kaxfKruxI7#(6f6>;#`%Qb
z=?^eN{a~nx4^HUbME3CrGV0Ud;#<#0-roOdE$Q1IHfw*G{=mtSrN^s>kk;q0#O=Z-cIC+S6T2GB8_
zQmz#490ztyWwvF?U7%HdhZfQ+@76i)du>y4j)cTp=U3p}y5(x6zzyH&-(rR-$Kzpq
z0Y^m!b0vNn4hOMwPjetbYx5eb+;_GS8`zHkL1ARqjvX^-_6=G7%xJ0dVzF=nIc^eg
z4l!|a1;4@59i5~+W(0m?78{N0VL;sCS0Xq#s!(mO@8x(6`;wLg7bKZ%7do%Ible>)
z6l?#G(_X-Fo^YMGaNbjiJ_#kgJjaq>%6Df7U+lhi&xnP}(=6!e&DZ7Y-kb8Wa7p!C
z_O2wv+q`;*G#uZR8KRsn+UrY9>IK3&f50hkXC~NWQt;t288>Z`W;@9@ic!iU^0l(C
zQd}vl6u#2&VhO+H6?et`YVR{num?}J2J?bx?xpR)kA>}+M@H?z+QdSQD^lZhyQ_tj
zV)<)28CAATct2}XF)O^sJiV9bz@PR^82q@u!)T;?vN
zc5Svgs!W;L0XI4%Jta1(=dQ+Wot8kUC@ohi*hD7_MyW8GyGGD1Cl6Gq@Krdns>|@>
z{eGJ-S-7JEA2}NzXPx@7IpRske(9E$O3pq>gia$4eLp4%Wa>S_t}#RQYfho)R?2kk
zUH@*`nOSfbXLHr1Laws7w2)7;QCVnNq!qDMpogd>ZSNkpUP=6m^4S`O91pKnj(ieN
z)Aa(yJg4^qYQ5ia)_p|J&pGe%M|r2=bVz-8t9gO@1j2p*SvlQ;ZEE^M?U1zP3qn*2=(=#4g9F9wO+H?6NuSf
zKh_R6Sn|92lWAmzK$G|2k0N8?E>+72u5Zyg(6+pIr6{{IUicnj+S|?vOKNUmo_>hX
zl7$rC3@p5NCp2L59LM@^$jG@;%}On+eCI9fK$9hvS8d(Q2RbO0A55#wGM$7G7|qof
z2QoDxJy*}pmsSc9{w}V#QKIptuk-E(PF#0oDN+aSqCP5C^iip#kIJq&GEY>@6AR{v
zMe{_}JW*ZZmV_5;n%|uh4^nm^YnU
zO#1cmPHLE2TR}-7B
zc}%+lTJSCg-NjgT^>*0Vd1a;e|8Ru)sHlj{EvvS;74`aJWkpIaslP>PW@6*j7&j@l
z$o%$zIP$%-mv=S-L|nY?;k>oh3_H2F*@oqR{dC(oI6SEvd8^le6=6*9(=GNffZT1@dPu
z?&lCJ(B!a5Not|QPY(Js>(i|-!5J@9)-EfpG&p^K0Q-t^?QZ(&9bVEprsZYQhmanmOO9Q27|cx6{?RlADa1zp&t!9v2k>i$OFN`fM>KF
zBOy$eDubt^56^54;P7AFa2x<73Bhm91EIvl#T!{Lfn7@pyEn7w!Pln=-l7_kx0Q+egF
zjb8Y2#x6u(&NTEAUn#GYc!x1VoHq^`#GtC7exS5craxS-n;DA#T^eg%b+5;OW307de?$oWNav165xZLA3et|qR}4bkFJ=u|L6j~~d4cvlbmJWTChb@(tT@6`$97$wtw6ZBLz`3uG)C|FVXRp9ODHwb%RwyWK@3Zhwf?e4$D
z=}2=((p38$PxypBbLt-skHIS(w^Es6G4hYL-@5Vch$^mngYuu>k^0y1n$dSrvlV^U
z^)J2lcO+L_>D?GuBO5s1aXtoN(3^eX-%(u;$s6wap?*WwJ{P-0RUirsFJHP7qMekV
zXtJh%$cR|7c2Vn-9ZYySov7(_YAv~IJZaAAA4lk)->V$zKN!N#P6fGVZ*X1fS6%CO
zT_>+HTcjl~$c>u!DcJLQ{)cU}6lgwDG)V9;(m7yO#mM7wQc}}u0CJqcoJhI$?xHpfp
zoX%`FAGUBdl)8Ol#E`P-)eF;$$6hz~uelrLP;DXH_`NoA5MS_4VGhC0WBUn_?qiY^
zmU6TtmR5LuexYy|bxucU0tz%2AY5ig?8Lv0sh?3LHpbNQt(vh=EV?GTa4rdbY~DMY
z{o$pveS6JedD*xV829@PJAm)ZcSix-d0WEqvZM+&kSrXaF^aO%bWr
zcfETCRUrKXZa`PU-c;%H%g>FS-K~@Q=G6P++R^9Q@gaR4x7^v$9z+6#VD*d$Za%|9
zR&}Cw8AolW!zT;}Dxi!io94)~={aXQmcR5F)2Mjb8OAy=bOv!;VT@tS5sz~h3cB(+
zgP_czsR#YoPt?5)l`*l-acKe2jYt8Eq6GT~z5=SPTri3#YWc7R-oyhs7Bv39k(boEci27s0SW03*-HlKqxHn%x5
zT1;z#F8iJvyI11NpK{orE&O-8I**~ri!3BMAi}ebwp<*zbby>*RPJc2go6?tl*gRr
zd;CfDO#Ly9!FGOV^vKne7g44T`N>62fYs6>J2jP-*th8BOeYLb7{?2pgg6$il1{I7
zgk0DmiXYH%J*ejk=N>4yi|E<2`pb%HQKquWO+PSd>my*uX&?KS&Zm<@XY+8`*+AGj
zb~%<|VhNdTcG-35sz2ZAuu-SeSy6GXGbA<4{wM!JvzXL0C2n(9u9{WaT`1UA6!tVg
zQ>r{TkQAksWL4a#sl|vC(050rQo#k2qoYc}eG#_22l~&s8Q{h|{h_NVe+j&_JSx5=
z{wq4A^plRjmU<-8@<+3n(*j>GeM~3ZcxinD`llDl7pN0wCpfNuWcU34@kNy$_`F%)
zs-5ngd_JkIH>S$f&saAb=|ywu@Bmk*rg+h%Ke7aWez)7$UEix?hwsEK6hHGi$157G
za&pODh~>)u;lb_+J&dIrm+9%f!;RYB=laIZp)A;^jn5l9wd2p!ys4@8M~%-g7w#TV
zna$lsjo!FP4{aQseon9a^#i^~?K?W&JvjNib-K5QCAeP4!ivPVSYFtykf1d8FJdgW
zbByC`E=v~@al@ZWEv&Q%T?kw$FJBB;3X|mD6)4yaX^9jmfkF`HzGaaVjFv~2NoYU{8%HT;3Ajg?Tl)qR^_k8R_JW!f9Jgl~VC^;b@8pQn
zYpk)jPRQBv$QlbMh}0@uuI}ha=~O%#mOezKA!d!^(tfJo8lux4U60K={Jh)(W;N#A
zutl*`>$iiVI4ZWdQeIJua$!Xh4Is8~Va4SDS+(fe3+}TQ+b8o6q?cSh)o9TiUmc(?
zmx?)+d`TN1lLRsxrK2h^>t!Rj?2)Diqoz%pK
z6l)1-mb5yFvmw{%bo!T)x({$28v8Q{8AD{w_ApgG!_$pvao`TRgFZuB-*6UUhDLAm
zJ_M~eY@bn3Wu{_}^qP={PJ2s4?2HWPt1cYSL&vR94VR&hWQUwyB0tM^h4!U-hD{I1
z`^m}18J-ELy5NK?3BAM%l5PJ2m&JHrT|cH51TE*1`2GC7-{IAVH%oRe*x{!wShb9?
z#4V-M5aijrhM#my3lRLKjqi=#NR*`#_%sS$iWawPd}wFro6w&CN$A3xpoN{yffvSD
zHZ_tUHk3&hzvJYyq+TEDBo5zA>u;h?=I`)k)cHRI+m1hwTMNy7Mq|CPpCd2e
zgZ?0gqLR^)CF*G&`e`xy^w`n~UI^BO#*
z3b70$Ni{&q+-%rpBYdJ;%nn29dhj|vIzK+&JKuAxkRAQhL+}N^d@8>VU$L3bj{>V?
z=6rg;BAYL0O*CyVRd(wV;1Q$+Wo|*aki6SYSe@lInrV?VyF04M|9;YuelKB=6Sr}!
z5D6uY+$PSN;lEzz7k|{bitbf+#MTat2pIkt2D`;i$4$x?*q|t=J&a`g#B5>w4{TfL
z_QFN|Tmm=P*RpD9=(3}uQ*PEwbnH^1rg4cVDPcJJFuuC=XeqkTspT>n{IY8+fF%
zg?XT__OF6|j*-A*$5|GBXQo(nY6HPdnN@jcRHbI~o`Gz4H;AF!cp+9ZXQ5Ik<|JbU
z7MpZ=SI3C?=SRK7%Us5#c_weL=fSi}M=E{^>+=xSW@qbqemwc^OHjDM$1(m!W8X9C^1!%LQ5;H^UC?TCyX*ucOS
zeU4_C)f5!K%%pRl18Q2KzpBAzv^`{LAlV(Bc*r=xlL3+HT`lud6&uGVvw4*T9mu5&
zlx;GnC-L%9s}6(DA$jwhb_W_^L_QJ0z&Ghd#mvRKTc+N;_5D2UI=9|^#CvZv=bDJL
z>&@Y_kim|=Z`5b}qTjiWWMoK}xRwbbxYI$L*N#^So~!Cg<#1^&!TpPiTrTFdJz;cA
zf@m;i01Rz2P$d}hmUm7`@9sths91W2-Y-d-6Z~o-o>`~HayQXwzo&a0g1Og&R&K%#
z@DR@pE`iY!H11fTh=b_39&`}I4X6^)u*vS57vc?1leX6qWCTV*Fm^tgweaJX`hCWf
zRQeKi0FTQcL}owY_MrFvmB1bg6H>7mh7n;dgDC733_ZaVW~Qxg<<#iXm){Gm+)65v
z7PL6k7gSIE2$eR6P$CsndRu^$e{z;}Hm-gcA_0hiO{)|u_e^$}-k2ZQswEL7@Nax;
zg-S3YP|L8_yT9=|3i@;R73o-B04XjShL%lKI6>N7fmUY7W$gV%Z(zqa8uVI&Zg6c|
zN87b%c1|GyxBJ6p;wxw1M`dMZPdW(&afJBVME=@&j??tcSqSd%UcLx4{oDlk7m@1v
zhwHfepifHGf;o2RhEoE|N4zF)-)j0El>)OjNj{GH(|@ZjG76ERWT_Lc=^P^Wv!9Z$
zr%r0?NleT}Kkww6Bd2c{7H4n*AKWP?LP!Ghi;
z9E9yP0u>8BnSVhYNd5Ofe;(v8=T;t6ug<&dhn0Bq9GspenMrLEvdY-Pi$2iJLD)@+S+KAExu$2)Tpn%RiDq27fdSSMqLAqq1$$)
z+s42k{CHAfcw^P5FadH#^z<{TlTW?MuI~1c3g=S|&TM3=R=AqzZO{|qJfU~b6Wk=D
z-bEnrpby*%c+@PEixp>!4W`aUr$1~vn=nITp11uTO>JV($mp?u;8ZH5vK@9WVay>fIlhgQR}4Ly>QhQ4-6E9RC;$ltW9SiUk0MoQYG^_kwTd2|!9NTgE<
zsC2Q`Dj^urT_sJMZ`To+$=ZZm_@*Pdg_yfGci>!vyR
zmE>Yko2oEa7z_kXao~$tmgP2L+p!J`We({x>_6fHo%XQXbX3I_l!8E^M)9z9{la9+
zX!hfnBvS>Ds>B(QaCL~OE#`SnX|YgX)*j>NA@wd?8FLHJ4xRR>Sp}WQ;>MtPWrRFbt0~y?A5aQDli_R7M7l6NDT&W
zka(c{qXqfzpVdzb?)gXeto{y%#q*Cvbyzz8SW<`O^N(e9SULY#QHKlX9~ac&;`zr#
zbyz+BSmnbDy{${ND~s&MqHO9?&B_-0v8*hyA1lfZ`*A^8VLvV!8|=rb*=s#sGgj4O
z1I7~3N#YoM%zJXO$GNRZ1G+hO%
zv|*fSdnT1izXKjP4Ollup5X-HO0~b_2zEba8yNE}WgF>2kIP-$^;jN6WHz+`FJ>*A
ze=ax=`kbiPv@EDBLn?e0*`%zhj0(v0iIM|soIbmY4mjfM*?L!oA
zX9inKEqY=98Y?e?#v$~gm`YT_-AtSptDC$ZcB5XKwNh%e%07vk13&ECYcJDfkvQr9
z2Ztvn6Osyld==5U!enDn3U_6GItld2J9|F0!5ccSJ94l#jJ>N|D_V6iSDr#j%D(cin1E#+FMc7uOu!*+?ZaD`fJOPzqUM#=s({EkfUcTde-6i
z3CH^uZdbIou73a5>r!?E^MB9Q#(DfWhaY8ObB@OH|1t+X=M9j4*+p{jI7?uLV7wlf
zCA>7Nth+!uU6+&?411ylu^w_0%o7?|TQ<)}0{9KF2F>ZQyms&iBtzmx<
zzYwqojOjcq44u5QsnHDZH1C%W!T>>hc8)rHihLrc&b!XD3jxioxPN&`ljpoKfBuWo
z%=(cp>0s#_WM5Shyb&EPBy_l-)p@N*@lIqG89o*ykzmnN)-2m<}m2QI#R@Qz6=8ivWJO*IXDA*iMG!hlnQ!;#)!%$F`FLJ2a}u~^Wp$g
zx5^qe;Iv;)Y@4
z0;g(==2yh+`e~urqGjsXkOa4d;_9P9xu}X`UAsj5>D}guvj`AAW6#F=NDsup5+)sf
zbHEf?e3)E8wOU!4cb%J<3d;H_Rc@Rd@7Wd)V9OcjDhcqi^AG$~MLME0nJOrDStAc^F}(@CkJP(k_^v
z-0EN23GQ{Y;y
z`=0AQijGj(%8Zdx9XH)G?&
zcrRirE3*H=$ATN@!c3tbWOcHdK&;%aT#8Z+}DOr}s3|ZjB&;?FP>ZwIJHMD_~
z%3rel@rgwnbShLH=r7UqL5G?^=nyVdnm$-v!x%h0j4}pkCJVEpd
z8CdhGkS3qGi;_u#2=o_o4iY`K&dP5Z)>-AvUs8{|u&VVZeML$vn)B+aEGhbYX;q6H
z>I#c|LcnXLb&o_~PKvht?}+&J5gHcGnj2;LnLL|GS51q@>a2cKoq8Q8xmi_~TvYiu
z*MDqcm5&lNVlSCA$V^~s`v$mTJOS@>gCs|6P%<+PM=VggBajJF{P?VXWZ8ia^rY|<
zJPaDVlUUHVNiUdLTVGov^&pup&rFw_wD8(AQCNB4YE~W;wGbYZ5)nKoYgQgqG$Rid
zG#d{VwdfsGH3JWpELn=vte6iJ;xDf&+HWQx5s7K7%n%)l=F5qltz0t(gYu>#$%RaM
z%n-XYpC&fBru+GmtHCNhxhH9IhqV;d=c>ybX2=L@?6VX^iGP?f9XB=(O&)4xHI-+d
zZd`Rzu`87K65^EqKu{&1uZ*^Je8>G1*zGBIis%;-jWH_4HY-_Ej4Zllko*QQ5JZcl(UClbc^%EWr%-(Q-1sbovX9)5afG~|7~
zHqr5cQF{-y=p;fGi%!27!RgqDO$|$EIx!-X1#rV^uBf)#Mz!T=%RV2L7FWuJu4Vn3
z6k8bivBxHsGIxHLAt*gIs+7!?WMz89vX>yT5ph0ha4Kfcnd;;TJz|SMuYY#W>St$4
z6{R~>lSKDZN*Pu5iN~xHE{{#AsGs6tDU~0wT-bICop=2CmJ8c%k+9H7)(X}|(I7l3
z{DHYbW|vPgCKRg^7*%yLqZ-xtnPDxu^i$T|PWMc||2->!D|&yb^Kou^U)u;KTL{zu
zWZDQOTL_f-DAPtT$wC0bQQAhpZ5eG!P&T0t2NFgp-fqAH2)a3)
zbVbl#Yn%ISQK3qEaU2HCVGJlnzK+)oJM08Vf7GVcYZhTvRn#K(eM~+)eCWeh{3pFo
z%8Dx+rXfim+sOIxe<-BvJufMvsDS@^?dB`SYr+Nx%yWt!6SSq*l)8B$$??J)BB3zc
z#G@|BFt@#+#rw5UOgSMHBsXJW1Y_>s#Ry#K_fnt-FJ4Y9uQ%SDpDu6gy*Yokym9>I
zd>uf0#j&_d
zP0GD2GTBQs8IH(7Nn0mGK<-?f?{&_9{{8&zwYBNY&pdps7z+9753cURG?io$hjFU0
z!wnOnc!B`3VIi}@ASdEG3a(>TaZw
zaAnv>D(jx}`nJmlYwO2*`P%VOZPg$Kwpzgh{pUV>triL{x|jc=>J4HXRFUFLxSa0q
zM^a;H(Qtn{nUp(%LZ=k3BW55Mi~94!_K@SVBM
z+bJTqJ>nIcUMK*zaMkI0z1G^L7xw&kB-yIRZ+Y-iZOvFWG>IC0rcz4yfxsY*5oXi61)qdF#iQ_RQl;-~Kpj%L&;5
z+u>P{%hcLn|FuhO_H&FiJ%4#GA+^Jh11KXszpSE+Lk4^-{{qnkoJ=je)E)_N>+)Lg
zqS-h(Y{0K<#smS)a_U7%wIW`?JhZps+1KwQmdD7BhA;3GJWkpR?
zt5vo44SSNyW1J*#zER(EPES6}6E#@awDj6!;UD%ucs*yi-J^vs$&O5g9xS;hLLKye&XSCW~BT%|S
zN5wAgE2Mh`-IQh^2{NI}tXn4KMrJfPNsz)UHa9f4*xXag54>pw5NJ=ciyig6F%s@>
z7~YX!te%dpKL{7UHVrcn564E-s40Ha*i2Gw*J@h;SU{)0hRxKDx3ma?v(v2v{z>z0wfwqdvmk^xz(wepPGhm-C*?@r$W^9{PV6+}Ksg>leb
zYeiPVI|IuGl@&-v2kq)y^Lg{aZA9_cZJF9PrZ
zsK_a+{J2h
zLwPm}vy~nj$*9EOc;MXhAj1UJdMeR~4u8Jy4?~j=#l-7ga3uY1&j9%Wrw9HUNwh7k
zrC-^V*)0^ych!ZmGYIbd4y~OSoQE%Mkir9woy(4gct}naKCVT%#YA3OwDhM!sYu%E
zh@0-Csx?bXwlb|~c8iuY#Mr4E!f9z!-xQP)6W_B?eXF1#Sa5Cj?{wZRRzSrA&*=ph
z?1v{pNf5#Z4{@#wJkIatk5Xdqai2un*g5ck?!cHDEq9@iD>Vme
z8~xDhh`JWjyl_ZtYjb+^${ag&V_7|UTI~;^NbD?!P&Ia!!^<~?z(tg6O||yd_}%QpNFx!1*t4ycaD0<%3f?_?-^w
z2Xt^v2Rr+8&{;l04PE`<(WxXcSU%dMgFX)MssYL$38v2S@d+J#p@Wn4H+aPXCoNds
zKY}{H#hH|1!OMc+IKAAAmZt?%YMB}H^0WY0i`=2|iioc#+>Uu3Um+(d9N*D3`spE`
ztT>zno?$g~{4%jMf%H;1Q8PoJV)#+yg+b?jR${$~vRb}0%8n(VnHR*ZD~1}m;H*C_
zgi-W?RRF|
zsy$S>f@_^=nBnk$T?KwV)rObDz2LZr_eyShLA8pPboz8C@&TnkZ
zBMsjuIKhWH&CvOi4LG|av#<#njOi`&n|t%e^xTF318H02GE&&1>xod8RSdcp#`8W$
zA&U7?;yb0#<+3D_>d|z*L-Zi0`kPKgZsw%7r<1;7Ucie0pexev3{=`Y4Qv8$UJp5t
zIVusofUx%r+Z9QNmGhrLIoz?KB&R0fwx3A07yanrLdNq!kE5
zGSBElfXiAnrV8Hw>oszev&c)Q$0}#J=*e{9S9)5dG(SJnxv&9Vq&!ivN%t`kgz1T2
zq{cwiSXVXLVBF`Q^ZB_kpwRQ$t(_|6-cFVBRh_V`cBkODu%p3TO#3s|zRW4qFE2s;
zQrS>SIvI-Wn44@U6`c%4P`@q`)Gw6?rK7J3SfHaCE8p?Y!w4RjA96|
zHHem91-~V$IJ?#l!`2lqQcS@TaZs|_S?Q{#FVn=`KcPuWt?6BgpgO&L-38A#vsM>=
z&<81nWz6n$oq>b*NcvzUrKMaA7v(1MYN4!qxU?XK7yYPJU-60hil)8=Qyt*g
zN2;?7sV6)2TGxCI{HDxaZXN_N@I<2#Te=^BUeWlH2_?@$yw0HL4?=PrxVmOI5zv_=?rN?tsKJ
zP>~<1C|to_K*U_qA1%&lAShKMU7$Z-uug?SeA8D$$ZeuvN3;m)Kwqk61mFsTSEf(F
z0<+414P9(J>rAF<6o6w(9J-XeeWo_IKDRTAw}17+zQUZ~kCOxoGQ@Pfl6M#d4ekh@
zPV33>gke7hBpvI*0-esSO9wnl7p;yp?6^!5sW?vFguZ0
zEX3F#5Ks1ZU_AwBo3E=*pwrlpfNx*OC;PMfT{-x7iS>czE+#S0<~%n`5k138QU7tz
z3(A=46Jk#Nv57^GF6MQT0NWMOn?liml>Bwft6i~6?0
z!bn&Px?iaY<`J#H4+Sk{jD38V`*rT)9MkaJ=BzZl
zl(fwH_L1h7XI0mZcdPXfckSuiySevS9bCk6(b&xyOcn>c{%jUZzbO`P2izf1DNk-g-hN#Dpa*lnV(
zoYij@|+6P`$4WX`NZc|uHb{DK+zPq
zOc(f76)2kmVYFXKVNu&TwEBP_PAJ-i<_Vi;~YMr
z0Xz2Yc%(^a-P$Stp`C!Z@Ua9>l=QZ_n%Td~*7;?$P%0Fh9KaM_#Vk2Al?hF8Sr&U+
z2-NizoTZkr{S{cIfrgq0&?3s-GY;hX@N${AUtaeItCrC!*;8P#D6+loAbU!imPaz+
zybima-l{Xx>%%9H4rfX8V6|4tKlt5#96i)demHTCHu$T!G4=h!lg1OP!)OlRM}5f4
z#)mvffb;KvpUs`k<#PG_Z@+oo#l_|2)m0Gu{`>WHr_=5Bdj0-j@a0PwMo}COhc`F3
zw|95<_g}yM@yEl%pMU=KSJwLRWD1=mKI;En3LT}fn>+t(4xLn#cgm@KVp1K0cdw$o
zyK^IHhmTS9-$`Z1M}^3^M;FUc;vOAo6B&C!N5;*)7$wfpa?H-rQbK&A)w9<3n`}Gc
zL3Jkib;QN}r&vwJ9KmDXwqAXSgVugyu(pfP%
z%YEPeex+-1Cr)O^uZhe{T`Ppk9S6Wr8$_?+gyFA6UEjOxck-vF8%L{7afvsAsuibD
zSuPir-Kw*_e*()~Bli|FHn~b
zEQr^pU*P@&ez@9)E7W*R^(QrIcwQI-)XTwifZ2(?ThcXVg?X$cAT0vTLNCCdt62HV
z&}(u-`S{uZkb(PN3u16|C7<(-WM2=QX)bGL6}AS&7r8AA&kGM5r=cw)zz*#KkI6Z*
zu;4c|UcB>z(-_i=8K7>r*P4}tCdG1P5f5AkedJ-U-T3)A=h*k!oJHiQ=D14>1rll9
zT(wZhRTmd>)zadE&Q0HvlqPVH)#>T6y%WnGc^I!n(oQ7G$-lVKpZH*o1W`2kOpUwT
z)t#eRvqbiMYtSjlpxDz*7^k}MbXueAI38xNlky!Ub!V|ndVy>&D=uP6YZmE}IKDV<
zK*Hn!r>c`zvb!Nj~jLPSSDQC~e6OTPN
zTG}%2j|PgGE(tH*%nze*KDr{po=56iKb}{xs}f79debBjTRr0(Vpfoks?0?C=yT?T
z{ODNJsVbsVY;u(;Yp!Wv!p`)iWYarnUDM>~cfH7Y&H2s0YsQ^nFSz?IY{si#OLu@Z
zN4%ZaZi^?O*JV#a`s0WnfYSbh9x)tD{N82$1wZz%yS`5%jqnV^0
zw=i+5QocN^C)0R}zbDe^8h3LRaI{$S_e7eseY0bUQZAJ7CY8dAI}x2GQKfOV@4o=$Yq59eP$qy0rNEy$(N-1
z)9<=^EbpJZ$__zSUS%4t5_5BW_12S8S$0J)QQLkGVChHII&2#Q6(49SLPCSD3dnlx>eomg|c^?6)x6eyY_IWw!^HOqXt}f6;
zs;8jOAGqS=3(G0sJ5AjQAg7_`_eQPadGPqxPsocaD8!(!Y530=ND_eTDS1-6krgXZvWMaRuCMG{>D1^0~2Iws{I?
zSw_Sqg|)q^wq!2=`>A!&*M0{vAR2l1#Y>4yeRF?oB>zu;A*@(X#ud+&?Q&-nHwKDki*)YeOK<2lvuuu7gE=^AEaS9KWS
zTF<{_UmS5WP-nBcL9C^UJF-C3n_al&K`g#<#EcPja_9JW1Fjg|jGad$360dS@rpac
zDRF>ryx!Qa)(`H?m}v7;)&#mFVq}cg4v%Gt6K-jdV-L?jfk9Wy6w0{(@Ps>
zK<>0sucFbfBRR}*10}{A{m5xv(T&Q=D>Xc*iK?X2t*9ytkPqmO=@fD{3sCC3eUGA2SCqCC`x~CB!zdiliZPm
zl#SfUg+e5~Tqs17WP}t->!i)ep(Kb@Sf4C0T#Y42*W$s>c;;ubaq;4kB$qDSOT&AI
zj#H_R{@dn_v`aT8!6|;>{a&T@8^1;ReegInFA0jjdo74_y>u&{_hz<2@T-^9JFBU8
zYSY5TRY*+aq#yd%&g&LV)-LZuKR@iYCD7&Migc|-Vs|$%pSsoMqPtwFI`zg0wY%aL
z9%`z&xt~>Y6>2`+OW6hxMX`|4*)EScUl
za>?{*qFPKJm>sxRyGCA_-nC3bD4y86Tg`rS`Q5P9yz%b78w|so?|;_{dae8KcsO|k
zo!aoyAu+eGv`qhZtDLRrMUuCGiYv~VNF8F;wPt1d5l81yj~{Ubok4&Qb~Ws(h-NwM
zy`$tIkE3)={InkiUMHuL{S2_3JWGE_IuU<8>XGkWyl8ptg=((!(7J5V4^A9`3G4QI
z0n9F(zf*F@iZzA9$Vx1CT4{PLi^yWhcDH>zVV;TnN}w&IMMboz_zf*8KGLFU#k6SY
z+gqd=V#zk-7ZXEZIbn#dw)a)E5r07&_!g55%_MJ37a5i#eGE>}>JK7XWblW7a_YoM
zR+q=XHAY0TQo&@-crNG-i8as5i*){8gsXS
za)3EkS%zG!;@g9CD4T?sb3FM7ung*apqb%Gh~Axj3;;@xmr@IKeynp#lhS{yP?_#o
zz4u5L8(@+>?G8{C<4&oK?k%;=lJIuU;HTbM`&tXely@?^K~>SVz0x?pH6bmjVX!uj
zU@^X()45>VRh1_pN!_mU93+Y}cXBI_0LUDPN20Iv`_~+h*6FkU6R2Ds#*Y;Hr`{Lm
zx6ZKFx@z|CUL_UJs9bT98)sHRge5YTF`{)C>qrh@3z$GME8?ZID(d3~ySB=lh{T?L
zm{Sbb@_f&~z~??}1^{aWg3Wv_%{olF5ZU4xQHRENPW7&idvSO9<*M-euh&0yK6cl7
zb>7$6#Q26GDL?u12#0!~=oA2MMEQV(4Su4LueckBa
z1Y&Q2ogLG1;YIuQ`hot--Ng9wSXSE!MEviw^Ru~Ma*h0c0h0Z1|Mt$7FJ4`~ym}eD
z{QblAM(5}5R_~zy*O$}ib6g)D-JG4>zP)?@*XM8C{`l|H)3Ha?bJI8dl4g*iv?PH{
z6R~kKka2yXVjN!Rd^>bl&}4pLz;Q21n#eBagEdFN?8s|bhv1oK36Kn)e~jA+UBfN$m)P9
z|IQ~0>LdD(BmM(gbXsvvS*n3%pxiAzr&P!}9AR|d^c}a7Ymt1V6Zde?A*b$v8znpA
za4ZFqOacEPxO6T8u@$q4HyQ?U%j3wNwj}uN%d$fi>1B?QBH)BDybw?UOx49j
zeO+sNU3SeFFc^Us%i-DpW=JpJ@>Y@0tV3E3gN5w&#G^{3^>lP-n~K&-1c4#R_5d!U
zn_V~`T}r}0Xg0&R-{ts*X6SqET+_S8ZKB;Pa4rQbX4qsR576NJ*6MiO=!zQj3J@Kf
z15s)Guq&%)0c6U2RmHBE2njG^5fBn(4&iJ=3AQ6ar6Zfsw?R9;Qnis-LeKCAp*}7s
zs+{CiY;%kei8(5%BFkIVX&rAkvoH+`TAWU0fn^`s?^OH{m0y~^TR_ggYyZC47kIUr
z%9tyO*{B6AWIg1_)k_BOnv;Zy+%;@^?|6f_KcHHUHURk4_EZ-7fgfIZgNUhEBAWW)
zrPm`ZtDVp1Rc78ujhWJ2(JlUMfHA}9cp;LnA+V`4yo~HX9FSnEGvshFPcm=i0o>auXLe-EblPF8c@rB6;@1JH6-S=7?
zcGU;1=Z$^o$QyQ?J-^>;)8M@x_DHdBu6fX*M?mI+i*EQ}=zFtNC}-=Qnf5=nsXcQ!
zELzK<``B`bh<&vl&a3tCmy{EL@@Z2`M9-`XZ;h<DAO5&gZ5I*MVkj8nMvK3{$MeRv&p!tR&e-IuR%JiNd8&+Xvu
zW*jqNTY`T%o@h70Px!5n$T>d(iNJ`A;Nfnosr-h!5`Ia(kP@CQHL93!6!%%l8Q(Y%!S0{m9@hi#Rj0T{;${N
zRogPgW@K^Z66eU@&X!49njz7h{w$o;TV?mG{#Tg}igeJPrv`uh0jdI|F`T@DKA}%$
zplaxoS!fsfpU5VolCAl6g}R)LOpbtsjKJ3p&CfQoplj)4`ir;Y&?v9FGS6>(sm23*8p
zf-_M|a3W@k}Abo`ngp$l#*Whr#D#ky+kC$!G(SmfHsxa4-AlPA<^t
zVM0iR(xP=gH2K1-cq5UdXBfC)}>0wWB!6
z$PpX+t%no&>uh?lCsNq6R`PF6K7al>#n#QF8r!4X_rhyuvmf>@{0>~3``ue_O*Xtn
zWDvEZMS^WB3ce{<9;yZTQ21EqpdOv4SC*DdF%IjB=0)M
z*jFZ5^)+$fa1A!!t{;b_xFV230~$hsp#?&miCX;u6`i3@
zb7!@ElSTWMukt7FD!@Q-CY@7WJqp~7`gM`vyA=3fp#6LpqK0bj`Z{e)=iYcas<(<<
z3#>av(qP;zQYJ3o9U>?=8N)1kf;{Sb=&e3p0xZaPCytCgc0ft367`g&Zsg<>v3t<*
zG;(30SZTZNyOSIzq>SYm?5oOCsS@RaGXrtFbrnL_U?J}q0qV}bod$phjUhp4HLALz
zsxDob>&%EipHa`YuE%tpk@~TvAfwjmN3l}F{zc5T;2_RMd*TT6kn-hGiF!yczw$Ib
zWhC%n&|kD-7+v)T;$!4<^rF^XSl`u1*v-L5_OV{!QxFGrqe_G41)89h$G
zrbC}*MKjeg09Rv0Q8{F_#rupEXw{79R$RlVFS7WZ0^!`RvC2z5*HT;lQGnSCIK6h_
zlIF$9<};VYrYwv)`rGUBh^^ix4jW=QL%HmyJZx
zkfAfYp8g<^>J6q~X8wcg-b=TzJUz!B{w*OdW*3a>eo$TXPRx0`yUKS3_vSHC@Ka2$
zev&W!>CmyUXxb6?mj8LYDy?-`@e4X;fqn;nFG`ionQoF5sF>vQ(b;1;Vzr#)^O58{
zZ1J@6S;{U5N2}^>5RO-seGpFN!y6%1oQt*9kq+Xpv#d+()^qnj>;MfLY)itm9@!Z&
zxK_IxJM;9P>i~f1wBa1@?;g)L=!a>z0cH=#Ddq3!4P*T?N*v5Oe0hHeYct0<9~pc*u3wu*UFi2`=uR
z_{d?8t!%dQu!8czbApNAy=PcY`rb>QeacNq0kz}xA&9h-d5EO+u*C4270{1x8Xu;#
zBxu5EcZ;+Z<~6Ra)00tCK)R{!ik0gWe=j2rbO25XpKdkOG^%I=!~F>pSNKOv1z~>>
z1{fON@x>-Bah5yf4ISV1W$_LLYUdWLlnsk`U6N8yBcicz@EdWT;oU3l(%+h
zh1A3Vx0ocdaC(a9^+Ji68mT7D2=+0{MFVs&Bh(FsA!bD+kW_4%?qDIM?gJQW%r?Uy
zo)tR$72*hl+$Iq3Oe<041qmkjEDbm2cfFv4#$NfI0VzS(YksTi0K!ii0If41b>cbvBmk*Fn`-ar~n`p8mmnfNc=l?kApLYRN69308dG0
z9s2?kl8m8l(=?4pIfregWvABlffd*Tj5On9N|Xha=TB2#xoi2JF{-BcmQQ0;eW%vg
zAaOyzM|>^#9WM5=%FB-Gr(E42O|u{tU>JDxP9voTpt{A}I&#E~cdUfeKhk10;b%8B
zKMiS8rMF<;5)fxsn1}!u&&teAcA@->3k~a+P&#Oe$wKxQ_^?!YkwyVTB#3eWv?jEo
zrew03hR^UEnRPUkH4Ks;KIt8!lAWYvOACZRx%lbXkV&bTbP5It;0J8|sQnY<^#k4U
zX%Ol7NQNbDdjrsua;B2KxdBw1P(!jF2VkCUr*So;canT-L{E<`2+sOFB1J;#NKq{{
z#vHTpXwXL_Q%mp)NttO4BfYo7n^Jm#&4r4zgD4tmjaF9oh+zweiXUY~G!~yT}l2I?1On-E|i&)f=AQY_Uyaw=8Jrl?tmADeqsu9Jy
zkJ)rVuSxi|rVO1{5z3XO0Kx7T&<3pLsC>>jtIK?o!384_T*aBQLa8*HtYPTM#?c0s
z;>aK5bm^s@g-UWs4ekwjVgV%=<`6$rtX?D~{&sL9T0grq3wX|>vM61d{!or>GgTo>
z1}Cwml*sP}(AsfASwV2n{P^oj?xjA>Nr|
zpf^Od28Dbc{luI(+9XEUr3-+Ls_!|@I?Q1|W_8Q?_V~5j=n?T%)O55%HHE%+4ffOx
zVhr~V>qWYGpXQOsN6CKcOZ6U)xV#*S&%QRv?Ua1Kvc
zGu3qRbh}W`PR+Dvr%zL)hr}y2NbtkhH!ZRUaI8gF1J9XR=kMD&N!Qlr>hu@t+IAnS
z4FPL28(iD|CYUVCV*5VHer=&SgiFw1oYhh0V9&hq00zZ9M8%nZ`i=F+-q@o)oY~|z
z9woIML73uqn<{l}TaVSoy?S(<)YFgH#!SK#`@mTBtl;NZ)ibB7vZ1L>UQ?TE+A=kf!a33;Q`5%dHC=E`N8=+nUK5X?;w8xlnwkdA%(nE^
zsj2OB;Eev$wbdSP*AO+mOJ>+RKNN9toP+#o)s!2piN|mU?b^f}H+{yjuO*1JqwQ*0
zwIvi`agoj1FQ^AHiBluy?ff$II>ChoywQ}^f3hBMwN2hHvzXafdyXFKr#9@p#p)X=J~
zQO$@GGa>w#>L#8pkR?y-Rvm4aR@Fg}^$-q^B#&_o_CMXK!^~FM>{Z5h;L
zT4k@{V}s{2In_7qc5SMhU1RO~`LTA9Afwy0W!JV9U>`Q)D-Rz1O4PGw*E2?*x}LX>
zwyI-V1tPBZ7@lCCR=#03CGniwJVpJ>q|iDjwBDOQplDTdye9q6qR{%mFQ|vDjTt4+
z>*Lq5+jDp#-*tH5oFKTX8;DM*>e+m(9!sRGAJt6%90{O0G%!u0^j+^K*JIC^x7^!}
zq_&3N8L14ljS0=!U)P}7qqs@Nzw(ZW77p-^tt!u7l?As>R^TB)Y@K;_GY=Z#z<|c*4e$J2N0>R##*(5IYN^E*FoP|@6meDs(o%1G^-Kq#-gcnTf0&JtQFX*
z?Lcb#S+x!I+|K`uFaaYup>1RJjn~HYG{#y5d#CzG^^B>!WA$9cFa++rJ5nwBArUbX
z88}5*7pk|6=xcu;i@v*9gLefk?Gce~&1%=!8XWK%ybGCbcXN_d$2EaKE#V-OkMC|%
zPf_MfT;EJ%IXBch?rsK&nxqT%krCMs(CcTUzns%UJ9$|QkZ
zuokvghr_`rq0Yr=_GVYjE@I&4cPLS)Mw=`1f@
zGgr>XY)g|mx>0P3E&gz*+cI!Pd}2M>?J4T^{Q1m!N~7&5rQ6eg
zZavxUDe3k+Jgc64EParSJz_qCv8kcwMPOaaR+$=LjQj7owkU!N*LyFBwQg!^JAGEG
z4r(Oe9Qc>AoYj(TJn5?Qv05fjxl)pHbLZ>G*jX7jwB(dwvaQi)rMEjZI+aTfkG2OYLZd~b*m-OZ#oiPg
z<87ozaZL?|NhPgDqLWE9RXUc2b$*-
z+Kf_*W;RV>kybRd2VCIvKbtn!)V0j@vaz=#G|rO14%~2loKTOJ<0iCc&#Gq+8^L4i
zld9+4jA%1qpy55#``BSb>LrOG#lra7-XS=!{NC0ets}^X#x%W
zBDL-4S$uebL_F=(H=fr<>zee9hlU%#P@V7r^NnL35ZU!WW-|4Rna`=7cTd-YulvYf
zceH7GUW90&?-cj7xItqQH#kz1$p++S=Wvoq6${ixRo`y}0W7{uOkL}{|NIy4D4IQ%8
z{Iq9}nEhSaiaVh_?`7N@?5^}4cpvFmX6n)3HqJ@7o}!j+i~(n6y9j{kS*d4?izMG=
zd5Sb(c}dk%qIybJJ!30Uc0G_c)Bq{pQy9yv?|Njj+S1$_C$)90+0tTWIj>mjtn|=qWCbuV5&j(FE1GUYS+A1CMQJYi`);l%79`OsY8#Qi1?zLHL
zgF8-R*o@*JR*I-p``de-H;oDD`zAN{9UnQamr6GY=CVn$9jk{&WW1HUe)H|Z8>JutgP;P%$kYQ+5k
zu~`HQIwSS8$Lg^bu@meio?Hbz#myQVFJtd$Nj)2hAuw|>dj~U!1^!Gb3
zwXAw%`;S^Rwvmuo&x?Q5znDF!k<|e}T`yGRp7Kq%1A8=Z$YkGm@lwa@
zMv*Xr#PdERj&-9#(M|lCeqGFg$TJ)t^a4>97k(H@7@fqBCGjonbM8eP%;YYXE3omX
z_>5VdQZZ>VRmN3&y?dkyVeB>KuHW+`F8rSU?r*HZ9(}W>0jQ!=FMQVI&f^
z1|MIq*@Sm552&hceO5x*IKfn;L&#P4UJN4vcMkhrn{LFnh**G^FYMDhN3}fs$|JZC
z|Ayd!S9ZK{tK|*Lu+{P+
z4gjJuGafJ(=6DqSI}gJ+r{j9))02*xl`qj1?wtHgRdKbCf3h~pCR0?#JoUjZ#EUxP
zlQ(Cr@9X)US;U77)dvFJ#tFS78j~YK&gymba6Ov_Ya&pM_$a5FrHGMuA5}EcE=E<}
znq}AGBka2N!E}dTH@pPo3g<52D@D4(vE5WtQm&-0S|!Wo8ZhE?S;p9C
z4MWE3=G-P|Qzg6XoU@R+p)1!jb$gZ_e|f6BJK~9+1Z@!&NHiDH2w}RRi}Q_N8z#Ao
znnB`2p~4vj^?_d2zm>Wfkk9K-KanszPBD1zw3!^Rf{(6!vc3MmvK&A
zNIj?@tMJP>2=fJdv&z`2OH8i986sb``{z`5)Hj`Jah=@lvAR8-cj~qI`sRFn&k8z{
zuTlwu`VKV$;ZUx*#*u7I|1#hteik|F$?-O05R`k|_K>)NQaiIo01k&4{lCZjpB=!g
z;3&}QjTQnJIWO@AvWg*coJt_hRaLh?`#3ejdrD}TktGn##}RF#%Lmnk_-44^3qlZ}
zg0$Zq8bnJrDxm5nvB@l|*YZ^c)zc7XbkD(r)z+*xqhz0|a{|pD&a&k=o95g8g*WV|
zYymS~;z!@VxR_OQq2FP`0eQ58u26kIV-vIxl_o?#MCuo?q_&WE1fIblfkNBBYfiE-!hr5W
zi0Q>}6LkLV^k|&{+jH~zrCBP{1H7%`Tv#@wXc13uh2C{M;uUKUTp3?^*EY$
zdxh+Ad|H*IkgHN~q5>wfv9WvNoaD=Z|1K@51yj?QE=v@Xw7hvqwUl+!n^b!_X*!=K
zO_y`ia6YpeP8U#_X*w53n$D-H>2&gB!(Y5KO>df}R|+XopyCxYp5d!N`)E8#ost2e>dUm8Jg&zKa9-_WtCNd@sh={`XZkcpY~|EQmP!L8J6novSlvYA3%*HJ#Io9K{8a2RQhPig|YfF
z->bOzNQGHNRqvi;uWcz$8>MB8uWd(ro7s!o=`(88_L6U?_FZzOK8{y;yqi_u
z`&s9Bf1acstg|BUc$lx?YD8zCAd#p-G32w27bL=ab2Hnull@s%4nRR~6|%KclZhc^
z-quhAl%xGRjx{2nXBFExRyBcc!~<9wQ{h0>CP!2!JY*qWeMuE;`%PqW2~A`|187x7^+o8mWrP
zpzlYGrRo+sTld;JfEqEE_9Hqiuqyn(NQTtyXO
z?Li18FSSzO>9r=uRSblqPBz6ooT6e^V286FYcvyn7bOu*mQ=mpr
z?XR=Wbf#O$G)<>^eU>r#*!p1?)2=7z87{c5@PKAMX0s`?J2F%0&nSj>TLvfQY943CdD-q`A}{7(gxC
zhC8j|&pu5{Th-2;mxSxf^}Bg?niiAFMIcFI4WnryBb3tmlqpzHfmALh$+SBk_HSpU
zIulpPdE1PPGXo?p|BiUEOczyJS-J(;M_F>{v5e9vEFHoCEL&nrHtl4pwExins1DGb
zOk7E3P-(t^C4F(8INA6&&5l-NEY@Qcm6M9p_iRT=6SZSw(ntZrRB1#6t1%*$5ji1{
zj3O;yseeVQ_KbGQ3pf1ag}R*vFc)}kQ33?hl4#~N(VH|UQrm3;j@oCMud=(|N
zDMTaPQ(JyB9Ae#Ym#QUa{nwNFoWtNy0dwnthe0e7Rq5Q$#bQ~RoVKiS8l_$OT+b=y
zk_)4R%kWiKY@|%u2E@M`uLJ%WrsW}f(2&L_?DtswVOrSmbMgJaPwJVWrdjl-iMlfH
zR`eu|{@b<(R-fu^9R~j4JUu;y_tm*qdGC#Ncl^Ufm?M_Yu@4m>El&B`_6I(&rwm4u
zGD>&ulR6|t3{%O5M4|7|>ZyTR>JC
z9a8N>(h?{LYHh17>S9-CDAe0MhFY2DY9Opxc6iI=@K!f4#R`mH#Fg`kr#v$b`thTC
zsdHNF8{O+3Ai$AdqN2b^3y`x{qtO~NW$WzmvA`vD3C{RRfiOGHqwj>P`o@EeJhGNrj;T^c=3SxB=
z@U%XyJiy=XC1{i}0K{6f1OYy;$0jn&Darebk%XpV&2k2X2P-34&uqn~mQ}X0dGIMz
zB4chx7FHMwq?!I!e&N<{+SAx
ztH^{A8amQ)0M_HJ=vgx
zll2XG<$%^(lZ15ps`IxQHJL3`Qwu;irTU~Mcl22cmiq
z?Rg`}!luuq%_uq#bfQ&NUf19)4V;?AE?~T>F<0M8CKs{PK;o0O<(jmgE^u3>7o6UBw@RAPtdECV!^93a;_q)c$Eok{Xrm3!6(!a({BKL&5zC6cH0jlDYF^&Z`lO4IHkM=a_lWYSE^IIiQDn0
zx*3>U)w+PvZh>#wP64>;^3{tVM7kSe)x}+!zddC7oHMJ-@!`I`!n?VW%QY9d4%y{;
zvJzy|#O`d4lcBPShAnhcQ&Ss4B8EJm09rt$zduv`rJl4g=}n;}`8V$r-teaRoa4R;
zAyVL9@y(^=W(6+$Mq5A3hV%GFgq<V>iIohcV`<;7VRv&FVzOYgqmyeaxi9@cN&hqV4~8+*)fubt8UwY+mk
zv_a!6xs8*2QM6FBMXTY32+LCMl3#2T8srS+ol>-Tx@mPIX-?9Cv-X!rVrKo_Tvvq(
zQcaig(U?-;vC2onA|5Oc#OAS)LW-(?t0_~uVkXHp%ew&r2k}m`nOV)M*yqpm`+}@N
zRDIu%baD+xmULOsq5sKZtkP|8zJ*|YqfwmIUCUwsr!h`k1&A077nJ=STG=nqtAQe?eBfztNG!BnNi}axO1;ek>A_0bk-(%ocIK~H#rTDXt`m2qf!k2`
z#Z_42*PA3E{CF5d(2vBqI`q^2#eovg1L+l}e)|P1(PzCw@&p|0elYsuj6B%qU1PQW
zl^3d|g#}u-+}R|zOXv%XecMX!BJu))>xfO!$Y^_mDC81eqA=C966gm;HxsM%S^X2l
zN-->+6^f-243%oTWsdc=7BT;}$I0O6X=|->KIBUa<*^(e$;@|Tjny5<0|$zoeK{m8}Cb4#yH%>=Eh*(tFG
zq-;C7NDc2Fn)eR}R2gUGN{XzbNZS-?V=Wsiw2`hy7FO89?+GA`A}
zB+&r~3`p*Ooto-;*YLFsVa2raX*puORYiYVymF>ykPB^gid_`FVcaJn`ZDM_W_tg$
z*r7sUb|L5kTuSyOh*w}GS06Mm&Usv9$OVYW#JmZTF2gdChrkkcS5}X_dEKIU&B86)
z5~0j853}xX$$jM}Fe*!11-DZLN4cU^a7PMikL5?I+fjuIly3n&IjW)<-}?4+|Vma$n2*ZIdqoW2G5s
zi$8!nW>&>+9Q_Y8==L`+LE{&-D9+XhHM7sIsMVQCgK;ht+H8LqKWl+ZJD@4ZSoo7gVWd*acG
z3Vvi2qt~aN47rWz)JT$pNM+7}e1&~CrC_nfX;G#U`6BBjSPQAG`BWCVgTn)zTh7_2
z9o5!%_jXTybxw{+blqd)d&4PN@D=lqt}y%D+2?ymtU5Kt`Bic8XzC|?
z$KEF26nX8lY>!M`w>yv+_qO<+-se(_{Zz-JMdPzb0SBjCq(>w2S+o+r{kcVJ3f()B
zs^JRsxh;@iQ`bGP(W5Y6_3CljF
zH*xFqh;I!CpS>_7E@byNGUwue*ijcHWW}L}-pgR$lA^2!`~7ipNe%WS8t1)JP3Y`k
zW;_ne3ZG+J6T<3rs0en`E%FzYmFqU7J*6j$BItx(ClPK!zuOJu(``jlGK7}+F)DRz
z*QY`$>8A{;W93Lzn_Bjw<@sgLUv@63-K{HHxro8_FM-fO9Ai1Uq}#*GWh|A=zSx?l
zretLm8G>!hL#6xA(~>r?m>NGqQ-GWCoU%-@YDoqdN;LwGiBmKN49Al=K*DQP{s-ywMwDt&nV+gZC9o^vV|42RzK_+
zIQP%GqT&ww+
zU0VdN{+*!E-qdzy3NINil;c{Cr?$f>u0Ok)2kyX)sqNNOH)yw&1Wu}nPLGh25~ow!
z!>Qq5LR--0&zc9puY;ws-i`Pe!0iOerPqez6%4@ItiQgG{5Yw-6wGH@=MSMiJEFaH
zVUTAdb1Q0TUpeDkCX|-DWmqX2d&8{Q)c)z;|JW}7dHu(>`)B8m?c$%^KekJMe)(g2
z=g+%8w%`33|FM1i=kSm1y+3dM*gpO9_K)q&KYM>{Z~O_LZ*~;n&B~78B6}&RZO$Zd
zroIu67Uj~T^xjyKWNTqfO$nYrc6-~Lx%MIup|tTXEGGs>&NMILP3`1|6Q`ab-9Yo<
zo0YO#Kont7ek*g%ptVpc6yQ}c=PckRczskh@}@YxC?ROX)ySUOumzJuCT^ZX+2BND
z-|kz6&N;;{ME0TDSh$P&5^zAvR#$Z#0`%&0&idh;v$0G6y(6B}fFsGAvn8$@TXjJx
zFgdz~HZ~;ZYNYM6T9TFTLW<2erXJ?#;2bF>5|YSbs^~E2CaO*E=z8L>1jG^E^@*Ua
z1ksi3EUX{CS?-3*&Ww&^v!aq`(OkNH1s4)kfOzdJzJxAc<0+r0!=E>i%RH7;pkAi}
zv{KFZ_PQH!bkWw{o8`SjzQ-bE)F&>&k`vvhUZJ~NbXV)l>DwE-Z)5be0=Br}5kXSm@Cd|%}MQ4W0=xQfuhS-W=OpyzR_(slMTB^(`O$$_;zY>i`
z?cF$wg}ghf{PrW+FyI}W^uCfUaFcvSV?oovB_?_Uyiccgp*M=()Vy?JT47m%GE|QL3NtW_izmy8bhIZq8BCEpM?JNmu$C
z^4f*#=JR~8P)dI-CuPT+e--7G^SxHDeHn_TZ2u^CFcRp@MwC#tdRSs-h_8+hopwl2
zx{lpnn$aj$(B!S@SCLaA37~KA;ALM)^D*2r3`&zk8;%E;+V_`7PnVgqGpsXc$cT_>
zNf(1K4yj9fiEf$PQ*i?NQ6+M~hvAc3{0~wp$FUr>`km&df?F(=D+`O&CAo5uzLK2M
z$#oN0EL7Qbo0@yw>bCJaAl?9Nh<>j+1N!ZC@WYn}*6){LK;&^9`M4dmv%ZU|G22(?YB78+VQ21ElQVp2`+r^0_6=Z#a_
zXna21+c-Qvs2}S)uDP?bw|h{Z($|a06UXT%O6JZxJfSa_&E>t32P(;(k(V!+J0~Y~
zQ`4fkdTd>-nyc&9)up6v>#9rND_4*9P8)_P)4k#-?pSPOjU3Cm_BOf@i-;iF;A_uo
z#ca&<)?6ogit&V;5?#EIMolm~4TpiHIv2Ub%FAo!inCMCxW^U~
z%y8azk-dI!!v5vZmpr%017i9ZH5{VQNA4skB?hkS>Qt}TGTty2!xy&AFMGjPx=i1u
zv5x{zW#_(fUXv`as`8$1WC?8}ESY<(?VB};{jB?~fTJn6vmr}qml1`#z%KSDx?_~L
zFS|W6Y*p(T0=Jlan6vMDL9Y?hc~`BxoK5~cjWefed`oh!XBHv&;%gN!a<&`u+jTJ#
zNAsSq7k*4XKSoxo~p>5BEg5jNx9U?B5=dFVPEi-f}BmW?LW8+C|5^
z936I{GHrw1*r^>*b9QzcCx^$sTGs6-PU*Eq2tj^$_|i&0{M^6lId6x(uRa?~t9fF$
zZSJJ%d}V%#1I~_pY8Sp-0!v6H0nw!EsUyaxk#~;0`z||uMeL8PbsR-FFM#*Z2e`YU
z2S%=dh@>2RBiWTpL(K&ez`?4RiirUqO`6U@cKpTqBh_p5w|D6tqMBGy@$VRG!(+FW
z#J@pJ66V56vWCaGxC|>votGKAIbxcJ?Vh@(6>w-6@HG6`A6?gB(B}wjj=z?jQhATA
zm_9wH!=+?0(wo`)$8ud%LES2r8;-@w5o=d{LEBm0KUro=&vkcMqD+)&9F@+>R>Q5b
zB=720z&VyaC1TrVy5%$VBO;0|`tOAPdxvFzj=GfoqZPS3oOAAI{l2@K6_N#Q^hg%!
zQ(Mq*ElZ&RLIrt4rAv7?Uq}y{CJ0cYRyVaI)xCFEKj_@&5NF|ILu_y_+8R@C3?;Se
zqa#G!bXf6$UUv!VicySO#1Z8%s5yHfC{-yEqRfVa~Ieydc3E!8YpLtK;xaBv2qFN{~R|?CeqEm02I8dc#spQm;#4fRy
zpI8B8E|1a%4Q!sPEsj*{7MF|ea=9{Et%CAsJMZr!Ytsqq%WxnpP+x?mqg~N%h$HmF
zy!wU`Ubc^HJb2jx)xYePm&=9Gm(|*BrdA>qPHYhgVu*+pX#RHI+30xTwX@EiqOV&x
zS&O15$kPN}&8xS$&dkZsm$xnA(+Y*wb(b65AzQr-%hw)RG7Aw%RtL)lo0A
zd46_7wNVV=*r5{|N_E07#HDnTiq1@frahYEx=yh~U%y-!8^mKTXsczqaWy28r13d9
zBC3crvP28aQ@3T_=wf-R|7^}n{}(I+G*sNvjUqR?L#mrvO2*19F<~q$yJLhQ@AAxi
z`rx|93(g%{BtCC>MV5DdqBGk4%Y1tv`G@qY%Lz>uiy)KY;&N$h;53=2iA?hUJns<9
zv-RHu`J=;bVvbd!kLQ-z-85X7A1=-htMkL9vpt55hK!I(Il6-pRYD3J3gT$nKVwtGbMxEI{fV
zY(wny``2O^wj1wvTw6YXszf5CUBd1)eVY__J#EXFwwh{-6~|pzE|->zW26A+mTtUQ
zu*Y3quyJ_w>+$Y3QnJ<#Hl4$ho%*q}StoS_yWVz5wni39cXvQAD-`A{E-h3yaj__)
zcN4RTvOgF`rJnn5>QFz%%Fv3qv*<&@n7Rl&1BX5gEM9lu-#PALg{~IeCH$6(b6no<
z-4shy--Xv{5m82*5cr}qL<}g~wBunDNCiV$A=nuihTCv)so+whf)+J}tLcCJ8c?w~
zjEblr4j1s}gc^KLZ#(htfS=q$$gD_8?>0{&dBI(*S^{^A+d)47e&EGTV2;6H;K++r
z7>lYFznx7l_PQ$dBFVdOT9TT)cDJ-Zl19+=OKzD2xbU)HE}%gzuUM>B+`N-;b1#k;
zOSng?R|r!?yIrAf&!>4l`=z0jGh!Q~O-oJ0acSxKTf0m_4BEsb+N)rSHQgiqEuopR-WW
zo_3I^R&?Ad7oiDc7*esUCp+{W2%mz8;}A6|MQ9f_@a
z2eG4(9wpr!MPXU{0M}n~3RvZr%VSJ+Uu_OFIt{GRNV2R0w(Lrd4)x^Tr
z@6vKQ5WkYm{_xV-zP<0gimV-3Vau=y^HI*b>Ca}+o+Z7kuOB$;LCgk-G#M)SGuIpj
zomi%2PlHB)tI&%Z@4`|>^~`fpb*b{^+cVc!nwNg)-8(>cylIu)3T%Y~;vsowq$fE-
zJLt7Z#cdB0Go-R$velE6-o$c3vaA_3wF+a@XcaCLvCve;h#1NI=(#&R?>0m|vlbI9
z6}8Vt$A>5NjT7ZA9>HXr8{JJauP!IAF0%MkqW@120OI(*L>*A;^_*JRBof&khKQhH
z0wi8pQp+!K7wV=%BXv|uex1wl`-rVVBLKw!MbN(;ok_DvAsSU;mVSBi4YoY*-^h>!Q(t_Bf}-1s!G
z#DR4Vt)vMNlB7;QVYdyLz1>Q)M1{I1&olr=BD~G%8kTCfroAk61|bCNNYAH#>j|X?
ztLn^bg@Fv#B1`QHtXIfjjjFo5HW-GMn&eerD%o)}E>~xrvD6Bb5T^g)OZ4DY^Z=MEp*ul?{
zXcpY@QL7IV79`5M*y~&yQL$XiVQXs80$lKAw7|mPogen^s^Ck*I4UV=@Cdo0`MWIw
zp<%xXG#^sTVz)~Y8jN-$8+9QDqwE$Id3KAWasp%>R%uu<)pDbiUl6A7%rsqr|
zp~X6KJQ1nvA?c8Ii#VJYIX}?J*C1j4TWJnnw*sg-fFkX
zm4!G;i`Y$9b3>j@#0h(Te;C2}mjPcC;Zi3kZ!o*HU1V7Y{WX2B1%HTc&rxCZgyJaWtnZ>c4`tGDq<8`PuZ@MMcc_VIpETDTOYCk*
zD1E|tB)NYMv)fv8x;KfvRQ|ggc6)BJNQ>mZ&k&Cy{1M&zI{-L^A
zl6Lss(o9mC1i0zgJq}+n`0VXrXo{8OV69q%)oN|Eo^AoLY7dq?bF4u^_G&U3b5IgX
zl|#tEjrN&+zjC915iVURSh#r@ruadp!WJ29B;lw_69YEjvlcF-A)W)x
zGDzfghFmBHb9@*1BhRq&!dn;4^d_}0(E+eHoNhw}%gtrc+$KwysJR=+<}@1CezSOu
zXd+nXI^XpP1SYi#`u{)*bsT$>erVNft)v$8W=R<~q<~vYBp^TDweETaEg~
zDy*&;j*{eBE0MC`RU)T8-aj(}-6w;m3xVLt(ZD#NbHK1$g5&-7iSU%95^r=-t2qxQNH-Vhl}B
zu-DBj9Y@numwsdgPTARBb^GcgFrhv
z>ts$ZQ6b+((^~t-1XvkXJ7B*U3AD+*VWOC^D6Ukw?4IJXLptX_CqrUB){xFw-^`g2
zXT9+VxL@?_7hSM(xjwqOMU(*Bfl<9YF8m%3II{NcnV@i(%SC4zs2^XYV^8%O8={YQ-0Q8W8>y#62r(>4gJxD&ggR>+r7kRn=|kxqxefi`
zjYeqm$7{z;PP%}4zo`0@o4=yloJ
z+5U0p1!u{5Ow2vIE&;d_UyOSsMi+u8a_8yuE%<=lO^@opiecau^vp$r*`>=)Ie`LM
zpLk=$gsoMgXfhlGP{=DsCx)}ibAKEQFBc=EoXLV#IJk&uBM2JQk{0(Dv;Yq9a
zS=}%%u6U8a;QW7wKc_&F?$2Zl)T3}S&4bN~AXtQ5MZzSa98;*8T5=thJ*%5EcDyOf
zwoQd?UN^#}j`*-GaJ#8;E6xLPS54}3bRTDrIFQOGlYmAXdA8N9#-<^Gu(!-kA13bf
z92Q0#qTKwaQ#gy{daAJ!6*d7*rF!f#*8F32P4c#WfSzL~Xu%1@(I|{j!9kd2N`Xbq
zq*+qBPZD!Ilh=RL=nY&ZaA2-I&2Mzy>(zN^ty!P}`ml4Tc8|ILE=I!Iit(0JPzoF|
zi&qD_i8b>FZjZ1-24NwhTIU!EHoAI-=;{NVc4G`X0b>sc*reZ0(nL@=;`Ro;Mz68B
zhwrzA8$b!!*hj5Z;9|F0&$e34`~liTu5)-p2FJ)}pvx_Ee8hGIB-)F6redbVe}=H3
z!d|a#{`m8spNy=6#*=h`(kpV%W79C!@_*E!B8NeP8-ZI9_pxIgG>x&vzN9Lj+>ArD
zW3?2OnOWhVhvXyA1X+)gAizWHTbzC9u+o$;rB;_Z&PABko!<)sn^#9EUel&lPkr1R
zo)4t2ffFX|F2qKNK;fse%1
z7w`%lOav6MgFLb}3}c`cf4@vxjn%Xua!>qi*3bB9eZ9s4wEBQaTDmEz$GE+dWWBLo
z$931EOW;+!b?%Q=8+aiA+*;$(uQ_9Hv(aeu@CItNvFb7qc@d4)x)@9h|E`I5x_^<9
zAb@u<0RYg@K@;yEc)$oq_eN@B5j_>ju+D;#uywKZ**zIFU;O=mCK!9V&XdLFzUnGQ
zd~dW2o|cvvdm#)(G5b?`S>o_Ev^Y^%fF{hyl5D@RX<>vaKCz?co5e^R=~{Ds
zIRy|hH%7P;;bDY5`8A4v8^vLbA11;i$r3B0&K@ofrNx35G<7lnG4)(&?+IZH;UYlR
zjjd*ru0!&05e*nIS;>o!bOtU#f0t}|3Xa)!TAPpBqr9~t8I4CtC?-@XFd%z+7GktR
z=#4t7`-ZxMxy|vmtF>8U^>P&Bi-$VuXq?0JkZjvKbLsEXbyRN<4|Ty3!t15@4u2t)
zG!CHPXtau3V3e$_!@7wsYl6{j$%oY%&m5k9F5kXg`s=ujE@RwZNplsoJ`w_RnXDO?
zZ?weUe^{pS$Ys3$KxMV%id27~pR7Fb9HtV)!%m-1VPPZk%tTR?x
    • W6wnU+A=hMJHu)owou2T$kx-q6RwATZ)8tP{|l+*3HpJInH
z!w%))9#PqH@_B!xh`%3bmEV5_zK<$1!W~K>JX-M>k9OxSk9Y0ZVhv>&Xfx=5@7!ZHXaV79P1WyV{-UX{e+x0^9ME4@j!%H}
z*U7=E-XjX;j&_AJh4yF6frUA(8n48hR^%Z>)b3d_9~9n=
zmP`rLYK6?>2hZqkXk+)G1by=g>y&~axh6*Vo5}f+Gs$LA;%NL9^A6?nIj({44)VM%
zg#J;cbq@LI&d8UP4LIAFFA3+3_Y>{tat-;Avbg`gCy_^ecfZ9t+cnv`&b18p`T>8W
zfX{B%lgLAt0zA7+!m|sd9e@pZ1sY>creo0OSc58TX?o*hB4<69qtbq~{7YWiAn-@o}I
zQy3lxnsHy3h3e2Q!kX);quj6a;`}ATjx^*SWUNJuK_5lgafX;ju<18Kqg=Z!J5?9T
zB%0H0F0%E4wFsC?JtNVTor)p;QxJI55$OA@cwUNStx0$sXt1XGDvSl*`xrg1oGtBe
z|5noRgg?^3x$$-fB^=12oWMc2^B=@>0?)5z`A<;h{=M%EdnDQ4cG;ine8j2Nmng?P
z(ljM{{4e+(*8qK67K%ckV^F437{$D&K%WC|g+8x^z-t%oqcK7ojk^KIaDIn@Jt(Uy
zV|x`F*>EE5tgI{s+F086-3#}<`L{k7+QMgA54#a|>EoEi<9HU@sTN!IVO*>lQ3?J3
z+Fi^2*TJ&^-pMt3w*>pYmiylf-*vM5QJI|U>BRVaO5$($9qj`?vT;@d&epPSwqQ>p
z7ipg&$D{Cgrtd+S>$~lWHP2O!cGC14?~TlH9e5~_M^n$CnJY?xW_qg4DwYKmr>036
zh|Hm9g)^v%?QO&HWT?Nf0M8tFeQ_v5nG@>-yrEb<9%CCgw{(g-!1?&@^+$Fx|F-c7
zq(7vN1o?$j{%I=1M9&ij{%HicNaHB{Z%;lx^7&8rzs)${6NLvdDHnINRRfv~bz0~<
zhC6UBegB*2T8m7$sTE5r~va6N8}z%2b|s6ytp-)
z-k3+Y2cA(O@et;WkK)|2VQ&2fT6utT#Wg&3(2+%Yt30wV#QL_hz;Wzvx}m?m!J-~~
zH_h-4c+#E#`7y6;RcLNEwvLDM;zK-It9hDlRkeQ%7WFDuXda)K8{Letp(sE1+-SDg
z)MggG
zI5h+4+mG2lJM^fuF_b>%0FMFI#TefU`;so%`+bUAES&>yMuG5&v4
zu2=1I{>U>-TY2D}3Eqtd{D8EDj7MY(p-ti#*0q|%RydbiV!*@N^mw6oMrqGh$~{Z<
z$HDJ#Jxn5S9M=PQp?~`jiVB18#~1k!ry4OSOK(wMJ%WN%H#dA
zP^=e>&uAl=GTy~3vbmfWTn*2dGA~#IPfJtC1?`1ZvAhN2Om5;l;fH^8&@ovE;3+29
z(T}KBIKnYS)~V(?dw+y_OECcOA`I{%jJyJtujcXwD8JbxdeJsE^?qu4oC531?(TNr
zZ}<$X{1M8JXT$>R-;4Qi_C9tnw-lQiAYUK}
z4;P_5Ex;q`t8R}LkiG%-!{WmHvAxP<7w<=9$k-0z2BFz7oZlEoU?H$0?hy2k
zxJ(6_N2o)_6r_I2-tIzmETR;ax5y
zKINMV+;yfCTe*B0lwW1w$7Me*;&o3R@`s8k#!CYKVLu3)^?t77cFf$5Cf;es`Cxo}
zjHipapU}QO!C%^g7>5UaG$?M6C=UH&uxbGHHmH}fFHkk?`{8;?d$x=v{&=7V&I-m&
z!E-W(&q?FXgN|;FY4$zl0q)qDoR1_imda4Ba8bNC6~Nx^%Zx3bVr4)
z7$ap3@W>NojF7X&D<3*v;D=;ivzdKD`nPBrAGxg*40B(}zgIg?X+~_`YRlfO+wH
z;>B|b76N=_+UXV^$F>J0z1MiiAGwUbuYGW2+P?zUWw?1y;(6n|DE~LlY5Ic+cxqga
zD|j5I8nHZ?zANLho<>REA>BEF;pX8+Np~uSaScU(>NEh-o<@8&k?2x+M~C9?9_2hu
z)s2b!Ip_2rkB_u2sdV$xYh)WLwDIbxnY~8ZlxS66_dY%U>jMWJhfZ<)D)gHH_>KIP
z?$3p?MDh!xxQF)G7#=^$*sc&W)tMv21G|Ce)AWE5-h2?xwf<2R)4xz&!9Kq_4<~se
zJH`A-XIPD~dcMNvMSB2cCdbZd6VP}T{o%>`hqli{9TLiFmA@7NpM$dfInb7RR2A>F
z=ZbORPEj6ICa3cD&S-|x-)@2ba0cuhK=)R19*D;KIra+n{ZoIWpXX6`KgBgjI-gJR
zx~#sRVx7tR&u7|uKgu-bz&zEXbyFB0Qr=ucF_S58ff4iZLu<
zJqJ*xmDq15-(U1=l=DIv8qUkY^E!F&@cLh}f4FxT`_-nbVxZqoR73yu=R3&88f8(_
zlj7Uv1(BY_^2u0k+B!=pRkITM;H4hHagOZIYZy9yd#X;2Ymo{y!kZV=kY
zk$%E?7_UqnDLz5=y$1a`j9DKq@NfNHOppGSZL5#nlbRpT5gZ(>QpI3#j!9sD?r8m`
zZpsfrajH&ZEFttScEB9|tEA>}e`E^Fd4l&Gon=@P-rL7Teu79TC?UdBq@+PQCLxHV
zqM{Nb1*Ch#HU$MlN*d`F>25|y$3O%mM-Lb<#u%}Dc>b^M>pIst_jz}&`#$G;z8@xd
zr5=U#l&Pb$Rh?s9D|5q3y?6ciP|@eKZ`1O@NXymnhNKIvoTT>IC6^r4oIkGt2Mm9l
ztG6PI3dY|qo00i$uNw~r_^gsvER#+-;8TcrcOctBY`}g;0^Hhld6x8@x^)`orkn9R
z47hHz)dYCXYoq0VS7v2D+=iRul_GK-xaht
z{zv5ruLYdB3|Xy+%2vobr%qG`$&NiPuws4yTqOjY7Vy#^w)U|B_^DxsjDh5KC!9dO
zqT#%3A0FiwsW0XqY9}UoY+ra-P#ZhOPMvv(0E;gOy^LhO_eAl?kP$L}&qj#%AJ;Bm
zllLd}*)*WN4X~5i6bP)fu8jG}FSR^uLUn_ib+kQy@7Cz@p*7#(>*&ubo0~wau9ZFU
zYbAisch7;F@kqA#)A>9?)|GDxBzc+(xYGBT=TEFn8jf|}k0rJrYEy0R=@}PeOBoAN
z{fw>{IMGtltZDfHM#8Q~KRxVv>nWN1g@$uYD;F~j;2O6(U`^QUYlstLxs?O(j8SN-
zzneK}05;+nI#M;BzZ2Sh_&Kn1F}yJoEcCKyaM}4I$S
zw)F1+E=#>)=S)7go}By-{`^`<4INmX^)Od0#hymZTo&Q
z&Nz*!HC3nkvmdGYN5sB&o{~(K;arOGnoq##p7QLHzo6gdSuu}%J#=4v_ek<}!%26(
zl|`7=rKZdEg1u7-^HPTeb_?5kw0^L-uXF(Udar)PuJ^pg2i{=G#}<|Q=>phw8P?_C
z*sM93=@9*zqSA>k{))Wdncp+EsxBTr%dI3g<(PB6iAsmnXgA7WM0A|kLZRDAa!FHAF$v5R^3J&5hxbF)-F
z)(228d^JphrH4;Dk7a-7nkB`Db1n4GO4h!+Svye0;f220IcHz6O>SV*z+J};c79NaaB)haRH+!T)bHq&C^+F(f2
z%3{}ql2JQnTWG%1!tPf%bo$9DY<%s`A}~qUmPfuf@H3v_gDXF?3;Tv&lu<-O>7`}4
zFgM=VqceqNk=e+T0^Ng%>YJN`T#%wk0+QP)&PXpfZOA`=;)@Ge8kK}-VGk@g)z@(`
zS4x0Zw?XSE>0f=^I201eAIYaQwd~buYntZDW0c@Vo{!XkYz%fj$?qnjn(|^L=d&e6
zJvV4*%Q||@8e>{^OL(^7LJnOQ?-ul9%10`@_i?TILH~@{FMhk<>C7jyPSnKM)>^G^
zS^)G3G^7V^;>ac7ZF9=x*{nkWd3|QG
z&trODQ7X2Kb=)ZiOnEGREcv_V`ux+hOB{^DUte?ef|tfrEc;;gYWni!{KJ>9Om^ds
zUU|_jvJ-ZG}1=emwF^nFt;wmK0`4a{|w=oeT0eB2fMXX|y1-C}E^{3h>d
zMv2?5O-RLU~((zkpPA5&kI9|VMbrBLx;))
zYWg{(Bq8TFD0e^o?I@$f=eqobuMW`-r2+AajrA28D4D2X|vtldjaNj=U^Cqm7n&_8^vj1Y!XZ9AN9E~|1Kr6HNH@}B&gR`
zDS3mL64;bgjeT}T4~bF_|5zsC^U-ha_`C;=gIukeeuT5Mr!7WH3e{w>45vSIPa(bv
zAZkR2^HG1rdvC0q_tXV!Er~MyiW1F6PCkgL-!e!%G0R;q?rIZJa7o=c^@{rWu%8&&
z@*i@mEzM75M=mI4y*X)Mk_xeWEw(ht3LNWa-?D;BF|7U?nX&naEm{;{i
zQM&S`>>rYU9sm4rcjSPZWxVJ{d4SGjF~IJH!zJ}z@XNP{^*vLU5w20j4VSjPgch@|
zbX%OM&}W|?j(#a&zX%prjfGShS6Z%Te_MHb$(Z>f?0hPrGnQ0UJGA)!FtYlVW#8;E
zv2r
z(Pyr-HH_s|I=cn4uS=}V_(7QRNVCyLw69i{@Ptdl@Eu}-BF7W~Vril
z;n+RVc-tT%9h=cyeq-23bMC#V?HvWrx%a|T20ofu#qDXckH(j;_Qe(9a%{nNA>
zVkjK5&!EGP>>>~KH`>5*t%BwE;;s=B8Hwxvk=|T7yK(kIUUFqXM|!%&@)>9*#0;wyD7Jf5#T?0bVTmzgH~S|BpQ3d6kK%7@f(5>C3Q@W-$v+rVv5lI^q;
zsKE8LNYlZY&MR5kPDB1hRPMhU>>~c3!|ZgMmHa>R9IX0%y%?FXg~oo$DI%B+tj@km
zhdETgNyeiagx8q18F7a@5JMgZkW*M7{SFYxBd`8tQzx71_Vw&0e@scZ_uowJg8Q$K
zk1Rr>u4C}a=5Qyh$glBHY5|fuR*DtTnaRPRFjkAIz9CVL^20|HTiPMl7QQwVjZJZU
z?=V?%6&WBC+zhC0MkxwJ#gqS37j8z`VaK5WbdG2t*}Y6Md)8TE)9=^a%oYyZ$UtkK
zs^WsY;=*v>W@1upzq6fi@o%9ru8ZY|^!QoAv*%4)GAJ64<8f%9=Gq)glR`&!I>M>&(GF|BBz=5{u>ZocZei0=d)}u#$FLfb9
zGFFk|Y&v_F`CKK@^;Kk+UZC(o#WCqJriUrXqce~<^9FJIpjU_`8lmQidwb9;qn^Xv
z6uqYYIK#ynF#!8Tyo*EO%N+?+5d7?Pm3?`^P9bLjaux~ywv_n;XuKQ&mty+Rs^kUG
z@#^oz%DRu~WqO@ew6-cGyMXzltc&UPALU|w
zY{Lx9-4=VIf`*|>V`>0d{ZwC>b)=6pJF#^$=;9bPz*nbzexoR
zP?6u;%hQqY9?X^YCNGw&qs}j2rDGY)NJq~Oqsm!G;sN{~lA44JSoYmIeYmx{67;;X
zDFfbgL@YUnSVv-{;|6>yIX8lCnHc{U_1>Wv&ghb&*B-{cmD!8;_fkU{{IsmAa1i?YRE**UAA4OhZr7g$;Y}Spu}lAXJ>5~Q+ekKQSZ~Zre@dLEI8I>ZVexw
z&+g)og{ZJJE}tmY1;!N^|5jh!#UJ1))|TSVC
zHJ4u5{Cx9#FVT#0&#Lp=NLEH6OlXdJXi?(vtiS3i>jV;a9hqUu^HqY`Om!=+Juoa}
zw(0q>(I>0eOC3zUegcPq<{uHkm(SW!&sis~9ecZ=gf~sw^3;&R+Zcu|3R@wZ=Oe}a
zw}sYY)Pc2f0R3bOAjRN{GN%v2J#x&WgO!F5YF?b)hPhX3g?TyG6$o(>rHOnU9okuO
z2FUji{jjmf=x(rri=t`}PPlU7Dw#ncA=yKUUW9O;UKDks?Qa{@iEv_9>}+KLl!2JT
z7)M~ULP+?ve)284MNoG$Jku>m^u_jqcd^F^!zoDh0iJ)l3iLVnu
zJ`>m?MM$vMH3;$HN|{;0_QJ5A7`5`d?|*BvURQxDvG>G+LIXo}gsG0hx
z4XQ$(o|K!e#?mrfRk+^aowl9)Wt2A9#lC%q>7Tw{)lK$}Kl;bdunAstK?0Ymiv+Jk
z%-(iNPS-AL*YSN4`uhCVDhTziAEt1}H{{l#2k+#=1od;wwYMjW%xsOuf`pB$^|;#;
zLRAAhiBILGUEY-0i+o8DtPg)EgIk|AkXh_BTU1RHvIBNR+|jXUhivHq26Ja7A3amjw}y8kf$GeD
zsXtA%)moNg@6Twe;06WR+^()%+^qoKu{Wi=aDk5R^wawl1RXR4xuYvQg!(yoH_!6J
zvE3L*5cFrv;``nv_I0#WtjCMtGr{gN0{ePc>+?Ih15ektjiU>CrC827j1kPQ``51{
zjmDX`R!=5ijZXdSn|KTpT^3~TluSb^3la(>RGXZ`nUmECEO
zqxw&(GI#I#Z|mnC-TrfQ1jY4C*jd~!1>a2W2bm&kic|M%-^D6EnX^ZmyR$E~b+d^Q
z{4Ya}M$FGCAR(I>@NeLKcoE&<@2ad1+*^4XAzqmdhdfpKMYFNVdz2#J(L#k7HOzb9
za-PEvj5j2Z{5pf9*=xq43&@Qn0gBEev`a_XnGp@o_)zTK7D|C8DX0d+>cEHbK_?7++rQPm5+{swAT_c0
zT|3t(f)6HYL8q2B6x?j!JIFe951jHbOoGXe=0HUgTq)zP{gQ5<{#X0pthK66y_QaJ
zHUIW(jPF-G>m?T+3)8%gM>PXbzIk3bB0r|a;Poc9pu_)*%^q;8hEW(Hy;-K4L`wTG
z%z7aso4jqB(oQun>uh+vrE5xX47zUY7EbtFQf_&0X*BQ7_+&4tBoHaaxr|i)(v(j#
z6NfOp-ifz`n{bjpj=FbJUA`N`GO)|AR{Tl*+_&CqnK>V(bb?>b(csQ=H$?KD$L0@7
zMI=_Mr@`|;YY`K^jgU~s;|JxzCqAy!wgeQMW9RJj*@0f|fZ|f;yCGJI2>-*uP1P_?E@(Kx@Fuq4GKxVx}Mo78btDmMv|6xXl;%XtxHrC%?YY<)r
zm&YB&bCwEAViKhZ^F&3*QP-_HVp;qaG55dW-mtJ&C)30IDV4#b??f|MD*Yz;@rd0W
z&b*;Jj}BGl5$f-{SAN91F7TlhqOk$0{W@ozBS{Vc>a~jHXnBc;>o``2aow5EbYIkf
zZn@8V7$P{KlA7l5ziE)9-Y^_Ffs7O~FG752d8c1NJnhc^WTZY7QDsAEde$E;eo6fh
zquTiC88^sN@r`&=-oE`)>MJE>BG<7{S0|?#&)^
z1dCke&!&p+6QPvzg}-fL5Po2OooSB`s6~gcvmFq!|LTaGF9&`f*SGFmzILkQVy_y5
z_(1(kT<8eeI2-H5CV>0PGcl6x2$ea#llF5iv)vaw{mHwWt{6GR!4s?eM?Z|ns4Jg3
z%|3M^zBfATUV=uzZ(&1&nr`h!HPPex!gFn%kJH2&_(t!2gZ^9}8_Ry=BbQVacXW&*;_d*1R3U{4^K1V%_
zW>ygbe|i&qe&u=2f05Z`}e}AW}UOBC#W=Ukx
zow@#-lC{AWEaj0SG;HQ3+BQ?AK5X>reN07HfIne;6sfe@wlL)pP!;M`UQ1Z?vqyDK
z$21mS8+tH{K{)d4dD+kMyFDIA@Hoy~;oZGSJ
zY)ZJ?;N$>b*tuz2OzqN_#RE;Pw#g)aEaqq4l5jnbp|is9etz78EvVQ>Hwk_N5@vqN%p@jqi+_PA7P=pn@`7N_Tf@72jm=7>XH
z8|rMl91D*<23#GGvSRL^t`Y=(Za2XNKJ31|(ruy4s&n+;$F^m8SRsjMK(+X$UM=Gx
z+HWScB~&lPhjTHYYAwxka63xb`S+xBPWK&C8yEnsi2<~fGCNX$c%KW8qPgmB-U@NZ
zg+=+Y2$tRNpF52O^D)kA5BJsdmB(FZnM^dS7XKtbe4wXoc7)*Jgt>i>?&Wi?-(WGY
zdrDOL?ybxCj6jW1ctod(hJb7)T{X8|SPGUR#%>-ORuc91(F*8`C*6}D?F&w(tPaoj
zJn+s+v3;L0j-Ou@T_+RGJ(+mGOiEJW`cm$4eL;j69_c(FKZUqPt&>
zMc5IEbaiT@9=A+7vWrlf3lS4Ao>Q?f(sj1_@cxrUEsQt8BsZ{ufqLPbOYh9=QisCX^^Ax2MVOFZnyZ%YGN1!pZp1XJOF)I2Tx(IIH9$
zFuXd`bfaAnsRPBznB_&I+za)ON%J~X@$>Ojye3g=)plW;jWeRMN45@1RqW3bdOv>^
z@kGGr>#pZ>8?ZvyY8p$({aLT*FQzvb=_mDM?q5~ScJ2DeN!40CR{bg
zLV9U*6~n%DeR`LZ7G!qSTB&+Oguom
z-#pdL^%GvT1D
zI2v>2{J(6BA#`%gb-dt=m0WW$v2Tz8zVnY1s;JYiKg3AKv_8Gip1hzM(h|M!@m%&5bhaB4ludVMP&sU3lg)Vj
zZA%j3+4?4UmW{GNc2#*1(2}IGyZ%`1&)oRmrxaQppm-=XRS4(7#d&+5#|G1o+;b(E
z>N8I)9uuQlYAA=&e2YJ2b7Q^{k?{uFgUy`CRufSmc%G!TnMF%dZ14>8PvZDzuVZBo?=48S5hNlY6;8++Ufd_KQUHbd)%8*P5hR
z-lbTUS#UB9j(wL8OBtb9$uhDw#-UKcO>K5c=lF(B`8U26@xVbRI|U|k+yV7y5sf%
zsY(Ssz@v?8vYnsLp(;Rtd8jY@RBMDju!Fo^SI+4qEVnz0%6bK-&^Gcvlr)^Kf;}bR
zQ{N2ieLm8A_6ssxQZ0lpE2tIPpTOn>+&rb7CzYQRjx+
z;yJOH{RaO6Z`t>E5AMS49ODbA*yv0o)8;j9TP@KwoeNpxwTH3s2WDZ90-L~e+c`=%
zPw)7d{{(3%S(;1;0sbf?nsK)r~z1Kc72(@q93!OM`DQ1dvnX7OV{lx@e@dQ>2=Z7JH~E4q5teu
zTwkfp3if>iR~3@{V>(-2STk)Y-Q*0o(s%8BKm;b0d3cuPR4YQBV*{9Zr#cmyoF`wgOF2zaH
z$@Y8q*F~IGKTg+IW&jM`NL+aSn~!La?>=-lA
z5BKDG*hDi3S&0P0fR)_Y0`;ip$)^i-BH<%J36g%@Zx>wq-MD|ly2<&E(v1~=p<9N#dt@pv%+TqIGuPeML?&jckxfv|ql%rprN*_Pkr{4nZbyx!1VUfxcF!r>Wb_}M*v0*vxHGQz3}#l`;kr|*+wF{
zVrRLGY4t0*pbj0C=)elLa;48L+NoV<`kC@vK*RJw)J^;G3&w)j>bZNA63nuxDCiB=
zHQuZl6rClGe=`;3VGJtj6xtNRQtH&e#+}r%Bl4%p-o4)=&cnQwer4}*byB0#znEeX
zzU9My5-qwLVxO@cf&$~4FzN}>yqBp4{^d^<{n07(#>~#t$4~Y_#x;n(ZuQh+Fj_9b3AOZ{dFlHt9%=X{Abx@I&Z3p|`pM;iMa4I=xrnS=gaelav0Pbw
zwdKp}d3?Ye-^ihf+0c>oc@lQRRFo(=QcNQGT%bQ=-b?U^Rb6jA
zXpj2T9*cjFt$z)h$#gX5qY8-sDI4p5`0|83o}6;zW0p)T8eI*_D>sdUdOa`?TZD$G
z06e7`HbhkL8T>~UEo&GZUK(`wuf^=Oc0Qc=`=9xOgG>#qDqB;!;WWH(>v_VpfY$hI
zn%hByh5{R-{J&;~QtmC%pWv)jtPJFpIi3kqNK+MGRxUeQFP|l6VKoFlA_iVIt%c%e
z?i|^Tr@zjKFMi;|?e(a>_f+-|_l9-0ib)v)swab0?Lv9y7=UH_Ix|Wb%KNbMVT!M1
z04{Vf)86b`88cfsur|%@>Y?dFu_~ISPOEQc>NOXg%vvqM^9)`XAUr2M+yV*%>O${A
zXd^o}6&TW&p2`qCvoK+(qgwLQUo^8hs7(&sIJ&dCi3aB3!H&oo?+JJ`q4LB1+CI-i
z#Pt?ZF#jP!Y7;an8IIC-a2@k6zw#^jlXS$j;W(oN!0PO`noM|&{Fq#A|GL(*+V}K?
z66PBFaUB%}U_oz)&I3>-KXt)3cdW1fHL45#K6}AlL%YSWQsDeZxbIApl`xgU*61`r*shSvo5z?NgfTn~M`fY_fr3>5rS-o&C?-dh`fqw>8e*Ju3Z%
z%9;T)cdjXQ{)L3nMQdqvI$P5=7FOD3R;fSpeln%qZKhDWomHanyxg+;_jYCp=Oh@F
z7zFIhzQ-peDIya>rf;Yd+*x-K-{*Fl4L}CAx>Nx`f>D^1&fkM&+0(19_%T-wx?Nx#1C86~p^0kd!R^z~uCukK_Fh)@T>5LJkt>VjG)>MWVz?AFmk
zp+4op7|!+&w6n%RvB3Sp^9ucF7T9nx)|)LDn9V0>@lrrLyhQbbSz2yf3DKV9sEIff
z!krH0Y@7#v=T{~^E259EVj-!oIT7&F<*({*Qw)gDy|8CAm)f4m(Yo1_W;#kU|!Vn9qzzCKfJa`xAN
zoAUx1p^mxduALHhNWVdH(BVNob6-o$075>>K}}ImhU8l0Uu1WT#nE$96^qNxCJzf<
zK%hxaN!$0&XMXfwh1!>(k$>$Bb
z6w`%cljWK)q`i-AnW-Qs98_crAv*t3epREOM{V_vFCDg#2>Jn=o+1gxM6*yI=3+m%
zb^wg2I-NW3&F#SirG_#kvENPt!$skT93=lW2?A+Is2xqJ@M8#b0d}h
zt~;6P@NG@inLVAr|Gp8L8WUryI{2tZYx8jXu&xz$pBwIC0Pqc0WeBp9M3P9d8VK@d+*1*g=6Ea94zg4g=T
zr@hIaBWg7!S3T(7Qr%2210dDaZS1G-s~*A)BX@qr!6`D-r7jl_plkkFM<~s6WoiL-
zJfrFp4)}}n5#rA3IiR8Lhl&!lKrO!lc8ZCJ*~l=T0UZ`r?!Z=wLT770qAopfED2s%
z48jb=efP9J;N*sme~E(b}=Wi7`PSV>kp>?BHKzWTgvFAn_mJl)beb}9Wsbb5?mSPd*4G`UE>
zj#_J%v65XpVKpU&_0NBno`9-0q&ivx^NFu?M)_Bo#8H#@7tQYB=s!>&pe1ZEGO%s}
zDw{(j1Da*Zn2~c)`1KZ83mB@d21G>4{d?Yd3jxSS4NTyI@Q*B9i-p2>VaZOr&KsuU
zi8wlP2s4lGk=(}vKh-ysu=cy>w>c8wJwaR;=%a&ZGbER&tMSvAOzs}f1
zv>hXtqkN2AgxC8?#RMq73#mu@oXz0a5HT<#`1uz*8(^bDZ~|<#Ep*RXH9ceX<~g@V
zGW@5GcEDng3vRL8V;T^tRpRSmaEHbRra+139})L_)y#)iYVM#jJG
zYfkY1A7ZdYiFiWZC=nJ|8L6oSW;HHt+z`C_iZF8U~uZ8I)dI+)B5t
zAR^-*qTUw^Ta@ruy+!=b)uw}%D-qR_~iM|R}9n`k<*s$(TKDj97Jp*@RBwt$Msv^
zk8Un1E0PJGHFUbqv3-&bdvX}H+GRQ+G~efKY4~P@6^N8nTuSuLhAuHc=CMf~;
zWFRXMe-BC-30NJffgd`>@+zN)Zz#$Ak7PX(<`y-4a|yTqEZd_vz4o=Sb@5M>?v8N>p&)h;E*&y
zNSfVkillT!j8JQ$=is>A*uF);d6B9d%ZXtN=qaB>wVY#ZPfhabqlh7MY2Z<#)R{x_
z#Y>K~>cdelDRrn@#M#PSJe&bk>@&HFig^&63<+lbOBFPz&y1<2C^VF*mmv`FyL>N#
zK>87f`xn{(m!m
zVq1_GRz8P>oSSxNS9TejppPB*h59|Jnz;{3hg}vDl1`M>jxkd^`%)2lhw7eV_xuQt
z9O`KO2&EgkKF2&`i$2lQS3QAmc
zDc7jRrgtjA@k`I4k_tu}=iHx1Lj$*LD%5I%&^kL*(ybgIvMuMXk{im*NuS#hSUO1J
zpbgp2dWo|Z+_V-s9|pylocMeuhM`ke*Nr9kf^t2xr*-fADDYTQoF&4VJkil
zCUcf|NA{PK3bd%|`N(I-aaT2f6IRkD>!1WyBoI`B1P+mA9Y3(!el!ACYW_2e2Vs^4
zQ3`QeO~*{JNGr|&8ajHJh6+(-pDpg^IkwqsPH~r`JrJJD^G__>Hy>>s?nJJZh|K=$
zp1R!Y6#}}c9L$uVtg*Wf6D0RDBLqGiMxTVWNdcHEG)iI(OQPmECb;U(xOzCGqtCWg
zn-xrY0iV<-09*A_eO}_MTP{kCOYfGoJG+ag@@Hb}g9Du;%#CfJMANs}{Uf+9i6h`o
z(?7pw6V7yjm-nC5R9jVD%(_E3#(hjb&|Ou#rg`|$8tq(h4EqH2d4obbOF%MGIDkOm
ziS7%k-YmxL2HKg0u`~PQNmQ~~H!H_5$wSKO#dSi&4RWG+h>}vq>)i=>#J0k9vX<5a
zYrR?Y^oqvtBi8TPwK#oMyTNbpWWs9W(;&f|Y>_a>;y>j3X(RV}TeF2)Q(z){`%iuw
zPZZCZ)wx&eSl$J6!)s2`zwFI9RmD0$Rqk%{S2QDSc;f_z=OUFpO$b_EI$Ef!rR)sN
ze|}6!*2I{=UJMqAR0|SoEki7AnUgMz<)+)k=TqWr#92;LGWIWE1P+6PcZN=vUCd1ZxoSo9$C$E&OW9X4-d7k;;!OgFWR2u1SC)skNgaXs@fFeBb*G3?_%CY
zM90qAs|{-5Z6T!r{!ywP)bV6}A16B$bgwFbH?o_|lfMmm`NVsMP%OMjEyTJS{x9p>
z4pQC!vO4GZU1SYmFVDeSU+iYNt@b+O5-~#Mt2oy8wZiW~bod#>#Hz%i{>#8;u_cAB
zVq9TA{TDcJPay9@xMJwp2U0poib-nO7Bm(gd$gfEKM)JuO^v{lfvz4WLCZ(-7wRc=q4F_xMiXsTw5A#`IjU9rNms
z^T~7zHin6G6Jb&TDl@3|I~k6W81(hP?YAc>_YBlxj(Zk^!!M6jz$`lafOEGMV#m7vX{YHou&~dC7kpIWkr-7MBYoQvH83!*_B(
zLlP
ze0RwzDhGhFJh#xQee~bP{hys74O;WmSi01ztpuYNevg!oUfns5C(w7N4k6cL=U_yMcJMY-{t-{l;24gnu7?70IZ7VW;PZi{I
zc8E(1>S*m*vssS|LzJ}T-^M*!VBCoeHPDxPNiv^E=fAd@aF;+!s5xDQ?m@|`0?OtY
zC!abghu$A4myR-mX$EiS`9@k(mSGR({AY;`3@$3zQ|RYqw<%&bKElf$Ar=DKW~H))
zQx1Er3B3Zv6w0s|V88g%JWQ{i$GY8>m)!mM*zr197kz~+ch}A~s~z7?(bR=`?I5kL
zAdqzA9-nrkHS!7@gcPddm^NvY&a6;`Q5k1yFaiUT#Hc+!mGA1fxv5Q8`FwN=
zq&}McoHlJy&2UWBzQOV2!fkR^|NLXb-x$v-{93a9>NYTf77yT>;(Je_X#60NB^u{a
zdjWoI8+gC=nMNdnBDJmchO?dKpa7^o|NA?lucV%kO4_`TtB=~G`SfZQbJtl_HJ+%v1s&0+D9^?XdhD-&T-YD#p_G~I
zLi&#~?pG*z%2B$IC6tE5y(qtkf&!Ss6j&)jYbX_`r=G?d4DseV+9bKBN&<=rFJ495
zPn5*{v|POhA*0n3zH{(itAz0i0qce$?oY$L+g`#}u3QuvEU~kQg{qg++n~hIzW~LZ
zDfo|}oU(1+3ZUmUfz~4)6G4bY0?tIAtks~7%f8i{&35qel7DH>P=i#GLKbgOvqlDR
zZIYgt78n{S~*1j{{z1$@nAAwB|-bvpil1cT^BhNHbe;A*l
zoDW7Co2EKmwl+NpgC{?3v&|aYTnH)pb{-)4#S!>ZFyz(DmtH{CGIXU7`)4;uAsc2u
zDzXP{T(BADCFV=w96@9_#PWCDg(GuWSKaT5)Q|<9<(ta6zq3dclm8eVZqGd&tBbt&
z53Iy>;yK}^Dy+}BXVHP@nsfiQI!BQLHAm>TzfS0Ul;)cLZ8cr*HVpotv8RA@-HJgK
z?$I@8D=_U}-668^ANwFfk9>8~0$usFdAgMG{i?4Xx=SlAf0_Ti3+CNses5J$<-_a$
z1!~>~|YgB_{FO`l9yw;Av@?IuSb`LT+9T
z;T%h($?k(xe|M^el_{1*`^&w&6QUV^YN_M<@}R;6%bpgZ8aFrQ`1^HK;xdBS6i_n1uO$3*q!
z|7s+2^U$*2N;X@p+!X%#_`2Qd6q8rHNdJF*za<2FoRXZ9l9Hxgc^Sxx89Wqgy%Ea%
z^ojBC^U^}GeI3LBXVH?%QXFx!Bh_kV`sh|Cn)oNkB?qT6nw~D(d*_akEQYdLGOiSS
zlHCCd-fx((f;Xh8j;F$^5
zbN%<^noQYS$eS|RKaMA_Ka^}bERHhVmRMGdt{ONqe4q55bmqDJ$}xq8ifI^-YO~Py
zjv0DKXj6dE;pB9j`(y0f(hcm~-j*M@a5<_sbR>8_cKmE~$Xk8(1l3la1I!1gb)d5)
zyUn3tzS0!((n(sIQ`UBejt%^(SNo`c%>+h8gZ%YO<;qfC*gTV9v=rz++*0&Zw88{@
z-x4^kiXaJy2|j1%9@rZ4S2S}hU){w1nbCLvW5Id{Scwj-c@YlRGY_8!ynF}qy&Y3>
zEJP)#yf>Vu+?dD6MmWO;#b!vpcOxiCe*mZNVn&-xy9cZVr{mg;9j#?TH=kN#BZ~(0
z*dpXUs64P9`qeV8zUW3dKgm&Cs3Us4M%OD{M)4lCypePE?@x`}c-`W;)u8Iw8H*ZK
z!2t$woA`*&B>Go3!s|vQUtWfrFd!I=8^5ZjKYz~7{A2e&+Ha-gml^JNes4ftZHY0*
zScU~9YAv0ufbNfP6$H%NiLHd0IqkZ_Q02b}FsPn7_@QDKuSZ!gVDB@lB4&Rj4ynw{
z{r69$7!=J|FY1zdN+mJiC%qRSMA(6LrkQPU?)l0QCFd-7m8$fQN=WR}x1sVKA5g!q
zhaogw6IXLvLk|7A>;}wt54-uFkl+{ME~+*OURq7biKHrY{H3yEsqgQeuT)ZUko4d{S6uj}rm$9!b*tu*8f%#NcxoDT&cST*GR
zcum4lZIk2vkFBzipJaV;G{_?o{6;`B>~8gu1?vKZd0Q5BdOCJx)&~ccI6K!Igp?vvevC+OlpI0J(SR96kwJT)sX?WzH-QwzQ#m
z)XR1r2v8LcZxMrl*e?YC&`zn?fz+y??vd`v8n_@xvKe%CBnxV$l@^(@GS!79=fY!W
zRt9EYXTGv~m%QpCKJSP5J}~b9OIv0e
z*jg^INRYtsVZ!}oYI`}0mGTPxj}z~!f2o?8-kbW@(6Btq1AVJqm_~6)`y(kZ_7!4+
zTz<`0tv9IL!>SGlZao8s-aHQQ4mezQR`>kgYR;W4Ghx(b&S$J}*?7tD8Fph>_xj<3
zZGkj`NCe(_0f^VP|lJCneOil!-^-|77lc#0(LP67ibH@YUTxf~$-EmcJ-@K@A
ztC&DM6P1o7s+}_{Op2Ydhp0T-nqMhd*?1;kcO5CK63-O3=Cf{uNA$j2$ty78J)dES
zHM6q3x=2OF5)qs?m#GDobBsr4M0Wd-1ID}nzQ!mL;+@~2tv1Z7p*t?M=*_7gLbP|}
za=om&WL&CJm;N5^6Oh&X`nN@_iiTjzK=`Wi=+e_X5*v=ba(MjU(6JJ6@B-Gc;kt@S8tmq>mdwaEI&AZXS6EDJ2NqD9!Y
z+#=Ee)Ig2fzpUu{WFXSi`&U|pm34vdYA8+CRZF%rWpwhqRtYAYp3dw6=frEhUox*p
zuR)h3z;U9D^5&{$eb$jeT=E0b55PGqXrF&>cru+;t%VJzcgb-wrj@)6Tsg^IZJm@a
zczAr0FSQ%2C%-HmQ~}w!(jCT;A=25D0)QZMCFs`ZomJ`qBMJ;~{9~?IV32f%o|j!j
zE?bHwhX`}`bhU`mEuO5gc|&on_(5@3Sz~?VdQKZ&bh}77B)j8Td>6?ntly(YU#wf}
zc81ZJ)!$q9UJamkJrY@<;Af^7p?ayT<$@|{CTNs2YH+mxP8XcyAcIMge6mbJ8{V`ab
z8T`>c|4LqMwdfG*82gZ=Z?H8j2!Yoibpldj3&-Z8_@|E>q}HIGB=i)YAEzTeLTY`e
z%N8vv)~-DSiJ-9fB%GMcDtuO9=VuW`#J~jgb2>NtMgxN@>8hFT>!#M?MP>mH#qDcLL9b+A(B#8u|O^^rmUU^MRIQZ09UdfB`9-FbFTPE9j3#J}=@dRiXO_o4l>es8y;vHa+hz6-#Oken@{N>)u&5r$#MyS>spCUP
zVH3Q4XiB2()CIcHg0lOdH+4T`nzcmDplAKaRht_(ekPmh8}_M<4VQzH-o|ZyDWZ-_;!Gau-4QZ)OVnBX-nb!U4z%?B9-N4H-Fu2O)
zTfomp-MEH}4MJrXH+F+=++i2r5(~4FUId2c(E#^3!1liduuUf*5E2GW{s_n)MdRoa
zufGuLwdlH8@WY(Mqm8pQCZk{Ql4})?{wF(uTN(+IrAi#Ztwzn>KJu8BQIhAbJVyQF
zQpv2E5-XQ4A5-MLi$L*5K+hw4HQ{)X&Y7IxiByzhlsMuLc=<{wXXz}4;b{Ir_~`=i
zb{q|Eoy+_tFnV=;LWo5J&U)y(6soXLQGv71LPC&&u2bhc<`;S7i_kvdZwh;jh0YPX
zO^)E`&kp0*?IXvXgQp%4!j8uQ(_aVKPt+LIo+n{?4{a{TQwsf@gR?#aj;-tlUuwD^
zZ2wGL3uy+;Rl<34r?RZCQKqFD{X%|8?KWh2_77h0E9tDC6Fms?dqWK|KMVsHkVNxw
z%d7EiHTGiRX$4?(O?N;J}Ly6CG?NxthHeQ3Az
z-FJHS2Japug+}4U~_C-
zlLZSn(Al&)$sU_IfRon<>3GW1pDKD=hPq)t_3{FZR;|)c7{Cm|D|co`?(5T?F6oI_
zZ2XmGk^<*ZPuVp3`T2Z@RGr;;BlvL1dl1~}u!$t~MhEU>jcJ3GIQ&&BWV9t;5DYI6
z!sGNe=D%^XbLCFKn)S2=@sL=RX3tx?Ua@-in`rn7`jfos}~PIGNILK=CrxNB)49i^}=82>`$1m
zPf=tg&(ERwSE@TNWuBQJzZIZ%7U$8ptMk|44Jxbw!={OqU0UBEPEDT?QBO3IqB{GH
z*Zw*2J-{417%HbW09t&D!#72_5V8Qw$7|VNpplhy_?W1>pYKW2X`c?q18t$vffBZ3^$8~p<2(%%FWktH^`EQYrKYXHKM=3zJ~fWxz-AoCxd
zz*^B*2ziztgiJgqlqCB!se*iQyKCz>hZHdW{3{^PLkigN9AVDCrY{mi+pHH)FVl5W
zGdgyTm?H-zf&*Xoc98-!UWs{`vQ`L1lMnWMw2@|eDieU|ZKT=Z0gDI`NO9tzm~_zM
z^{Gw;(g0Rie@p}-Jy3TTZx5&I^!?_g&^LAhyp7?E@Pn2STPh6iFBPg62&DsjdJt)W
zB{%!cUaWS@*I>9Qq*SCFpPjAwbMSe&UP7-H9q2ltd-y-Iz1W8LPFfu&
zJHT<%p}_;j7NbR(jnQrE>%>GAp^h~&0?@W7UeUO;-Tu~>&on7do<|M*wcE6K%#j$7hQ9jBU*w419uJMe!&+3KYV
z^k9)`MbY|UbF)WT3Co@+EyF>2sK=9mt2%LQKz_9!2#Q9!m4_n|OQr?U8}9y$?l*bW
zDI;t1bsAMIf`gJ18gt!1xvEa*e`%MW{jKR~5P!?Tj)>+ab?XMr=T6+YHRFC<-^cpL
z5<$1J`gIx?;znM@Bukc&8~U)o>vW6Y!0avm+GITK?a<`hJ;!llwn0bR*rfTJlN
zsX^8cG0Hvvz0pN$f*&wCUiYB%uJG2riqY1O2NFlFjhw&xefE}$mt<{7sZ6G-=n~Gx
z%?y0$n`$(5JL&fH%bHg@>(`%m%*eDi<<9(UDdpu~vL9|#``0*h>A#Vw@!=`tY;boH
z!_*Tx4O{9ZUJ~xw@cl+C2yy>Z5Y*uo{v&q+Vk`x;t^sK`%o-;YDpO!6@3a&wT@{L8{S-=J)=$7E$CiP>x@K^G-
ztFrw-RG>4tWf^EZN<)ASTp0HhSU=@8&p>l}uZY^yuCi4)%`AnK^><6
z4tUn9&Gs2&^c{BsM1mW(N_YNGQu$YT}T{4lF>ln5{UD7&xNvz&~dn
zoRCnD%cUgYyh}~kOQGd2zH=&H0=fi{?zAcsvFd@CK!~%oy?v*$dA)5BfvVa5ZQf?P
z)85_z)p14pkHslIln#SW%R1{#nexzROhmqPm`+y7Yo|K3V)@ZZMpycd_1&6ExN6Ax
zQz2DHeQy=JH2vil)5Laf$_k{nISEZ7ARB*zNq~Og+JhI@D-i|jO%e@q*^X33x9BBD
z@q~f?eOXNllRvNJodbn~60U)};f)i6lA~}r%DIP*iPv;r&=S=Yamu#)x{GVN!A*Id
z+h15Zozr_xpyb&x3C7Xr#>viUX^}*``x(x4TI9aw!=iziCoA@*_g;)E=u>wUG!zok
zQ%-3Za>7mOf*nTO=A_`I?x&<_7iIr=&|%SJavAf={?7rmWuKKGSTwsLn
z%<}giKOR;`|I@2N2Ef7rH3qB&!HK*<<6A48fMCY9d{*b?aDUkc;jeL^g|n=a0n9+UQh7;<%H9kb!5EkAZu&1~+;{LY$!6JpF?
zWgv7ecd)aQ*$h(#zgauPv*Df?+fR&f1|>tI^x@+_!j*4~D1uCytP7iA4ZZPX+?p*)
zG`6XxoI8MZ3K2`H5N1=QZ#&=QxLzkqhsSBft5)Z5KJY0B2g7gWd<1MZX#Bjlx??b>
zVJvuJZNIryG*IX!n5{rG*NSJ}^J28p`L_|r*|^Izes7W6fyN-%5y{=KgWNM)FSw!b
z&X}HsScrHc=lcM61OwFS?3~rk0J)`SODSSZ4q;^6kt_5wAB{fU6%m5BNN>PR
zJ)QGWr?)p=SWGVsr=1Lu)UA4v;qtIX7OY9!b^psck~-b=ajYy?e1iSV
z2qQWZY$Nts)d8{eJq#B)$X>Kd3grvjixru2^z;sXyHB(&4(0Wgs@2pA_{CK3N9n&|
zjQY|pE_pvPLEJEgdyTw@gY}Nsh$ugtgjq)hqKp3$EK1&-m@YnHhB&V*HTJXoh*b3t
zkc+?Oi|fnO>@`*7slbPePZ#oxkBY~P8c+iTt~Vrszs?)jd$DEjcLJyqe{r=A+_Z)y
zjRY9%@GIXD=J0);C0(GCU-Av!4*NtTzdW&hPS)Z`n7A65c-r^h^UebFx8QVuGSub<
z+0iDcoQoOt*N-De(NEjhn`5#Y{0u;Iw>!53>=oe6|qCXb66$)9ar$S$2Q5=hXnrUtmSVP){j2iSkb%h3n9Dixqjp9H&U=0
zfskr{-aUZ82!g1Nqlw-fT7wV0lS2M&AzdUGTUl~5*!W#PNDBAtj6o)SMw>50vIU|Y
z%glT>gQ?l~1^W+e!M>+)%*oXi6}7M-w2yrpuJjveb)VyM3e?&cnnZML5oA~skL=le
z^GV9wsGIZJ%QccDh((4d76f(q4?zbqd9B(iX<J0_&k(Vd*Bf{pit(WH$?4&AS(%TQm7v`MA5FG|THDjQ~LU0@PNqLUSVC!~~
z@!ni&ct0+6=7Uy4>9y|cKU3b{z_~dLI-v|UlWxtmhAa|*y|yT@Kvna8g%z8?6FuHT
zP<;w99C(5X+goaia;=9DWRbrlZoX57Yf1W(n|92KJ$RZucw?AYIz+s?J(amx+qfPi
zuofgR7{+0gRi6V=h5!~tjPQno4#PkcbLgO^iT$RtMt;}l+^6BncRQC_C#iNr>JLb;
zdGMiqs0_ouGwLP>LurNQw6hRySk>MG^W(CKmO*bU9IQ0!6i`i+|4qE}z|@Nw+xkj|
z(l!_c6!^Cpx;}@f%x<`#4+3&MY{FfeK)WLfU+}Ldh?T9jq}u_@VIptq{rTU6aEQYa
zHvIoBFpt*6WnEUp;o5|;`~+L1tHeIDaN=ek)yal#aGqfXD^;W$V2Z;r=axW@-*)vI
z%;|aWtXue%^CVu
z`?r@9Z=WkX5r6iu`VDY_hPUX=_Zl8T4in5@$op17R=|(Xds1W*v*HrQSd-;}N_k5d
zp^5svhgR>_0bCab1OnKwQ#$Bujn52dA_9hEh)kf|n+fUvc7sk%h7EqjIaQ?=fCCl(JgIvMhnIR1&}}Zt
zBlM1l;BOuo6Bf1aNoQGAG2~^|MR~Of^l;8YWu!F2QS9S4FGRt1(rj5f0
z^0WRW;3`!*X0tj8P^7q@UL(h>srpxS0znMA;L$~ZH1js40UToX*{3p(5-q0bkr8Gd
zBN~u$jf1l21x!49829dT04_sEinKOBy@mi+zE}l11Y|On$g@CH<7mT>~aJ8*)D{epxI!^u*&HWrJ=5uhMxxD+Eh(Eapus}8B2i$Eyn|Mix!!Zuu+#Syxts$0s
z0DRu3jhUxi32<6h;YOV4|K4y~UzVF+3^t+27=-y2!glB*Th`cW3x^J>O$6t8e8*P~
zX!pTGjn}0>OkkclM3yQLdEvx6snrYkzCuls6l7yC
zvIIQ0l>M$UEH}2Y%~Y2a{4MribZ`~FIg)Pw8=cfsS2loGJl3g78NtFij28()C}XJS
zPSqjy#kCkiHaMQy{rD2$z>QS(_@LrpMS5X0$lk?)_1C2Pgksoyl6r#Z2@254wm(-<
z$pK9{cg6ewxN^PYL88qcO7H@Ip7FfZ*W~Kfv=!vZQ$WE69_(RN9E51VySQEnH3l#=
z$X}dTOgwBp;QO4k3_%&Ur_{jH2-v4r1q!tk{^U(tXw_dHMCDDVXysijw#RrWQB7xe
znCho1hg}K7kO-wc67{Md)!S)mhbmoT+dWF6BCL&eZQvwVi+S^Zu74Tok+JC)g;2Yu
zm2GE?;NMOEH#fSWcPhFWaJTd^kpd2A$6-@UtGS2b@u@A>o2B5VUk{_FsEzyUUPYsz
zg4vYcLTvSY?noLg<}5H=sC-}{O?+`+Uyaj`U@o>+#CXk13EFX&p`27=!
z#gKS*XvT59QMSGYqwKiy^GP^}LDQvQrhx=&7KlbQvdv!;QISI=8^LH?sC5iUb}Ny`
zezgD$r7HaZVtgTcW&gK(9IuZIcx&ADbOeOYZhmTmU<(z~6+GBZMJ*Z2FE&cQ{4ci@cyT
zwSus~5{WMpOu<+jHM@;<;b(Wjp4rIVDxtUSeA;uW@2K77j{;6Lz#mPeo3;61gXmbv
z8MzGh#`(X@X%dZHpa6t^K%t383Fl7WCuyHnZ<%=&^x)HWJ&Fp`J|azXG0@`sFrGpF
zp28(&##Z>B@S}Yl%OZD=*XJ*Krcg}Yhaw|VKAyAjefI02YcaiFJAb5o#qKLiI%+*V
zAHr`(4s8RYx(xQPWXm`DZAcdGx7QRZdE?YZZ`z|(&}YJ_=w!v;d6z5T*RlNnIj0d$
z{Z#>VGk2Xwi|vzbYV%%JRmvw}`I`mlu2smzKMr|uZFIFxM#77^@^`FLgYSq^otT~H
z!C`B<*i@YB{%;Jh`7Pwiffb#4!0Y7%1%*icM>!d%eBztyd%`(|u7*3V;gpj`eOJaL
z{#$u8F7e_Bw-Dy;3?SBqF)1~%ZZ8V`5cb*DNFEy{=wa69KA7ZWpVxG&pReqXebLM{
zYE+xYl{_nDJ0K|7KJp8EmAMx47|eHU1z|(DU!x0jQ
z|CP5WT?YD#*Mf#+oH?0BhK^N-9g_p@{{@pHPtslQ&Siyma_wmX@ueUYrvugLaMIzN
zX%xd66P@w=4ESUbg8Gv8(py9veJ14`
z>Wewl<;&*Za9JH~0FuG6GfL_c$HsXZHX*I*hE###@~eXri=Fz0;FLvvx}_
zB*%vngQne{$3%%*NwMobVBgO%{jn;YZbPp671W>oCgAr0Im_zXi|_pHaSDl`k_@Sp
zVw3PYM;2wd+n=9Fs-T_MLlgodPGx7G%t|o`Ujv^z%GT`oigYpXU$$)QC7?=+GP{qn
zi^*}J=lj&J0*)tv_;fXeq&
z(gm(ZeQh_PJ5xPlIDH>x@nbz{XeMGV?e`ce{Dz`QzG5mvSAf%_vB~og(QS-SOd%iw
zxQ}ua-&$Z!C9ohh9tQd47-Gkz4V`oL2*{x%7fS5GeopeeB4|T=^VI|CTZA2l2O*pu4~y1nmgU^8djqy*x5jkS{!-3)FQ&@!MKO6Lf89
z1(nvpamPldOAilDlqaT}9I&&4MISVC^CFNZm(tmR1vImde}I^D|+
z?`?_hbI}G239SovRqg%}PONwbrGuu!ONsv1K#{*F#4io91?3@h$EzEQ%#C;lu
zIQA)h1n9?UDEUiE@S*LV=_`xy-{1e>#9@S2hr277WfSu&*B4j*;w~|Q8xEDP4Qtje
ztX!CCn0t!u!w*do=0s@}CD03cyryLCsF})NA|&g#k7=mIB53wwsHEI|*ofSVrdpdt
zO?4%&t>PXQ;1Ua|&E?@RS*Pa*Mn$u!^!2rh?S%X!;*0qj*9whrINw$l_16;f`TTTk
zJ&G9g9*38u<3o=F&7v=8n=N1Hc#oawq81K|9Fo5Ja~A{ZBqkxZFrEs0kTo9y5B0@IqyW~
zY=yc_wq&LyeM93_SrmB;(iR2;RFIkn4s^J#Aw6VzH5J>d{SVkW^6d1MGwxw$N2!}S
ztN)#OqW_Stjr0dE0`}yDu&j3E7dTZ17PMyx0`zJ;&jSanR=r?2kDn#-1_=W?6%1s_
z+-3P27<`bxYPpdAJD+y?!;PTBc1esP4~4p(a6BkN5Mhp${mzv8y3d-VZwS84S=P~;
z@ejYweIn?c>VkXnF18P&oW-JCVczD1Hke!7M3@(1lBHze`owA??AU>w0o?ItS@S1(
zn0O&k^Fve6!C?(@Tw5o|luk$`6OH$#8>iDzoPz~c`?z?GN4+AvMGvg$Q1JqJ@Y-G*
z9Ks1rMtzU(hI6kct6a%IC~)T7F2Zrw*Nc(+dT^+4nX(_;c@0xzn~5?|L1mRMpet5$
z0-qnu9E3_S`+jJmXtBgSv&cdJxX5v!x7B4<_TjU^*i{Cif=^hkEY08JL5-P^TkiFO
z+LvhSSaP|v7^GZ;Izj&_BERd;pJ>F>y=i-~;8r+lsp#)30xI&M>Oq`w_^Y#d?87Ixzku
zJmrCt#elzY4^gBj>+h0sU>xVhmKAzl41Q(WSZQ&mXdH68qY0@Zv4|P>N9er#W
z1Anv%Z<%otlkV=JXlOAu+!f;AFF^w*@E9M%c)K7+&&5>1eAI4tJ_^jCJSl}Y)odjZ
zjdZaJ0kC=f9!#aTRWNK`d&gQ}>(UyFUj39l$1}g4Hz%A(Y*CWKO~>i11?Z-R6K&3s
z@t{K{B~AxS$+d0$h>CO)?rb(~Ibmpeg{R{k5W{$6GJA;*cf*ULpNtng0uk1AD8%SiVm-p$*Os)!|2zo2Cz6Lco|foo
zg~hw(8_gV~3zF6S*u`5%bHVV^wS%-jW@hGe#|j1%$D-HA=@I=#-PX&k#%)u`c$|H9
z@3vsWEbuAkv)2Iw$@p^1b9t6M)y
zNz6Tjt9>I~H7;-g&N}32OnruE
zkw!0NMVvt&l#1h}SNFwx%>&;%;hx_9XyVQN(IoIAsUI2aB*y5Q_*FyA`{YKn-0K<{
zJin!%IG}^h8W8>wFv`I_d}hy|0IL2=Nm{d}*wy_YWN3GE;?n-rayvnkt18^QKa17=
zX}gVSf3RUbcLV
z0*UZI5P^A%OwaD6CWV(>;9jSHP$Z_F2EN3~Uk;-hC=b?0b^l1%HgOG?t;n@((CyhK
zIQiue!#nA)WkGzCL)>!uC8OZYm#R6Eo|V;E<0Z$oJFZS+4oxQ+5a`vKCwA$RUSlWz
z`G#ZEBN8(wK1~%AV?ANK`%eD^hWS?1D?Qd5RcX*qSoOt5W0>6~(@R{Tb8)?icBYQc
zEk`c8ur2}T?br>zYH5yd@!nUOiElsFkwk|z%8dplLK**Imy9bl?97aEg#`2PR_SIK
z7wwV?&1qv&!^4c0YjVnG`jf%$$)dpzZ5W81g>|Iy^RUFF*`$c&QfX0(?B^WM8+W-L
zbm`tCBIwN5s}J)u#=?z@_qej$14cT$OuW(4}pkj~4qTVzR1$q`1!78w^2
zQ}c1zuj*;N7-h>Wma?_|(FUp;c8sZ)$Ed2lQH2?~xF3T2WA9Y`_Aw}XLPeU|8$Tp}
zfV5=K?CzO|`wj91(7D4n_u)7s`-NM`FU2r${rz(IGr`y3Ac-x!pF1Q_ci*o*MLbu2
zdu2}qW`>u$vhQEd*9!Aa_))zKodi8fa`Uz;VvC~qOd(CuLuOXRNJQA}a(KNq3#M?`
z|25SGVCRT2wVNEku4q`|et`E>-`K>_eg8WXn2S+AV>k-I-Df&E=L!6>UZ2>r@k*2-
zVB8fUeZ?vba?;LR^i
z8mv1p_40q?B>IzxyFIY_J2kk6tsa417s!r>HmULxgqqP0^+BVnCT_O)-PLXdUvHXY
zIJkTA#Zm|DwjN@hz5uSUH?&PMorU2dnhy;q;8-8y={e8C-m&eEFH~ivZy4@457UwZ|RHt@~z7@tf>j
zurV67@c~y|qjQNJKxdVVt(imgYe@U0dO+?JX+NyyVbHIoty87KI<8<+G;QhXDEv&P
z$kvKo!h^F=6|wnpoxJq%P42p?G$!~OxW|xYIQUN|%P4GDGVSy;%j{eG>eQ$gH#viM
zMm6rm7b`|8F8dA(s$5NE-V#S?$Bx4#VRU;Yx~5)EI;`+otKy?ePvM+HWfZQ9un3J|
z#U1rIO5js<8@|*1w#HOqHP`t&Kx^Nh`dQ2577fEveIW0@k)(1NCf9aUQhwF_zvla&
zzN+BX8d9$w81L+=jjrp0p6nAdyb3b>&6Djwmzg4;^>Z2iw*sBvYG!76O9Pj!2?2Yk
zF9!S<36W3oQ!wf_@S_boRx9c>{6yMnXx1J7ouyI@uhDfK-GUTK+PCCK+&(Lc>&F8?AJlH1w`9#PjQe{_
zJ_Bc=>fyY#@A%r1E-q&1!B-=(b4#CDP5CSx(7poc-*c!z&fN5*$aA86oBq=$V1FAo
z_FMI38$(psmw1%JM4HHNuw2nnzEd-E@w|^juZc#R`wC0ERC|C4!uUV=7lJHSJ0n1S
zI$!rrAMt(9hg55eOuzFdeb+Usv{wa`SuSGk7i6dUt&R|@o((z-elw|R0Lg8op4gMC
z-hoxj3lBc*^VK&{&RxyQ99Op0AIVMB;c|M!K^JG2O12C$6;-3UbdN7_ny-q>I_f36
z3JNqiLtH8|;Dp0gvA@Ul1;Q+4z)ogH8c^eyBOgko&;X++$?v+INL~!^b1l`f1Mw
zvqEb=TnehZn%ESZU7ozzLY(zM`bgm(NPR8UCunP>gy5)iQ0iafXJ}K{|567ut;PJa5A^nRqY4U`9av_j_=!t
zX^C4cm%>oyWHBf4snknAGDB?X-9=Pu(>3sG#1rc2@dXcOnPxWM=yuqBiipx*d1Yfi
zQ-kA-!Bb|381vQNNQV3Ag5q*8E~EiS!wR3
zX{e-6!k%0F%Z)-E^1>5RSq;bDOsM~f6C=jlXR8YNxH{=sf)pfKWs`zl6}WpSJW<5G
z!jXCZHKM_%$S!`jt;_6ra~AVuP4LEXmQ+=?@^`&)@4>XafKAW!_P3s+!nJ{_tA<~_
z&LHwHUTV^|Js+r=kUn%!<7tyH{(Ycoxbdb73x*7=K9a=O{ae+xr)_uYUt3x?#mdvY
z@Tub++fcq-FRa0wJM)$Udzc}!zr=kq?9$tNE&-=Fp|Jg$sP!%B$~j)oI3rZ(e(kNk
zPte)2O#uA?IxBx?8f$!S0;~0`0J^I%(MH
znKReIbmB1PRrv!S=@KV2W6oighV!27zm)Itqw3uVo;Z~uG1wcWCL!iI=yXR3L2y`A
zHO%|kmZ~B6>(h=Ua6PGZtt6R7(*q8ar!rV!Jc$nUosJI@Tzg@B3vM5Pq}623k3Swo
zqQoorl;$i?(KshARg@q{>aGn2liix}8^=NSBU*;urp8UHMmq6nCM($5B+)~qwkMy99N58&#`KCD<7_pDv`Jp6;2k86FslQ}^{ZH@J!RYUJTOC2GRjcj2{jo{P!v#N0;8
zC0s#Q#k9q`S^TX&F$T`RhZltZ1H6!$*sC*N0UMUtMD;;ftlS1^F{23)a31I<+t!EK
zed{}pFoAtq3JuOn;Sc_F;n+l^!Ov^fyp42)U(B%i1+!^z)f#2sZY%ur2`2v#%jded
z!{I%qg~k)uc5yIneJJnro**JIyebXzaCE`n{QRsa{3O)5lz1<}Aio*ZM?6&DnjQ{)
zxFkN$Iz&`#n<;a36Wa)e4AU}r;e9Ww=k=xGMfh>O&h?Fz+rc{7hs>K!nhOslB_%8)
zP9smBgt%@Lup=sKs8iZL;I$7&W9J`J6t&Aa7ti3mj^T}k0AqnN)4|IVp9mj(9xZ?<
zMboa>pU5`rU=Ywg4UzeYG`tf-Z`>0Qg{#m{kQC1E@t9%zLDZ%rsF?YR8Qp)N2~$q1
zSP`aTDz27L$d2IE!3;##%?ZIT|HEA?K#?vnn2NhgBKrkN55Cn$-REG$KLc}xUH}bl3Mt7IVe$oKA
znb!dAhxf}_B~k5o>f3<67dpgTl*w9erkuW3@Yy}r#l8_b)BTEs?E%ftmEBFmdEN=}
z(&KOJT03%L$`OHm4i?b^A>rfgml+c6Vq@~?Q&jz?kb!q+8I#4T^$@=vzrU_?;W9bd
zNotX`hvY`ekJEk2O5C?z&}~I=FC%ZkrB)3(Cqk|3rQcgLKyRR+0-KLs73Rrw&g}fH
zZ`Kohdp?EhEv_$Eg7`d`@6E+GchfZD!z|ZUPB*6~d^_&zRpMs9KN~)1i18njmv*;P
zeZ!j(!~3TsxTMipyURJ;CXT>PztxgqmDz%_E3QnaDM2PM4vl?yJp^1eM|9o
zV|Ffu{lMjpp+&f3GespJ}Oo9B&07Yd!*8quxm8SMIN5DfSe{D#qIEFJrR7lBE^6$KlMtMGAteO`lL-(7IA
z>>e<$iQxD=TZ7{#*5HY^09^{ZQX`5J1cTBM@aqDO8L#5M`%C8n9ZQBEnrSz-K|bcY
z98z2^5VB~m?8Brg@PZYKNjf)x6C1!epZgV}j%;u!v6B}H;~eT88cOVBv1S5EGyJ;9
z=P+*v>D(R^L>ju}ngex?tF`-8JxMI_1?Em2jVetwxSZ!cBen6k@=P;$GOv@}
z8+MA5IelCI*ZrZD+8v4Vp>n&E(6J-jKcg+8o&)Lq&8tT4@1!%%Y|L3For1nX8o$z9
zp1r~V*VT?ZI|G$J1ij2127P`FRsG#YMefTOYcS_#ozr8sht;IBaakW^s
ztj4TtNtcj;fidsy{@K50Nwe()_bcpB?~52`GJYs29e)rTEbkd&OUM!8#FBz0lP#Bs
zeOKY24Hb}o7&jYg;ReM`7tojn3w2AWD{6qeHHvU|`eG$L-SbHiXeDt&Vr(%tTK;`G
z`ly|(T2+>tlWdKCVFSD|5?!=%Z2Q=RQr=H-&#$-Dyzbo`F$#)Reqj4MEs?`sIzU$j
z&czTTtcMF)78|m?Yo%LflY<=)UO_H|iu2|2H)dvXU6^WmTy64QhK!4+b!Oc(?S))<
zE!J{xsccG)buk#Bz>xhuq;ntwVt69!jP+ag%!Y@{
zBV~1(@1VGo`z;O_=HcQKpGz`gxCtW0pzePc7Gs13%oKU`ERO2}hbHMECpn2!Jxb~9>o!w_-Q5@#VxfBv%g5UMW{Q*q~D*JZT
zd?OS69mk`{Po&_AD{yS;iGRShX(>*>#!`=3%~VKi+2-(W9VEoy>?*Xt^(AV;;TO*4
z7UOj5*uMNNK@O2feQ^4|iCag;W=QHPpY_wM7~;g7QW+*eZSH3HT(#lQpI9D$TfA}<
z;B!`ef8-`?RFyI}qCe{Wox11sx%#qI^SJSE!%J!!Jz)8(YlQq~d)1#N5Os*Nx)7@ULVV~PG%qa#1X#eal*gO}`wH50xUIh@(
zg;qZ)?7VAG;_>M=)7TABKj86rHCT4QcTE3Q`L)84+Sh|#@uf#rS5Mx3ftTaSw2Ay-
z^Y;_m#pTRsdrlC}$+xXJPN>hP)+A4#k{p@&{=6f=8&8rP#qRCh9_7>B-mVc#^5?iZ
zB)W_mI;CB_Im@>0gX
z7iTtUOP+@iyq__YlD)K#&$Vz9ukt>tpJ_0PcmHGC#0y{8%H)fLn!uqNz1Ma!LNVn;_)zrs(cr`#9^PV_&)Jj_-@@A`e;9=h>BrtZ`pa5^|i+I-|y
zg`@q)qyewIC=Ds*J^!nd9)B~oB<3eI5MK
zxi=MJ@WRFw_kY>17lh+QZsoKid4jK%dR-7fAdaJsLK9?DsYjsg)U%6+)&it99_{FV
zV7Kd)DK^{BRz-!&tNMl~qDAM|i%&TvE+l@>1E57V~Vug;$JF@8;ZD&1
zq~~{p#lN?UZ+2JSySkc7hP!xT0
zNhrhT<$I&RPe?&+OzRAcIw7jMEf()Va67^LxNOlAvlsE^vbaHy>@lrD9z+c{PfNhS
zPHTny!U6&!F)wpCSim<}OTHR~_t1(R88eA0HdOe}@(X~Gb`ZFc^t7Ip(=GEJS3c4Y
zK8N^u++K3y(ZI^Vwhnh8RK};mTiXmT7&&K_{cdHtxrJ}vNRg#Fr1P3AYcd1eBM9%l
zrYt3$<^pjsL!`IhZv4TwXO^{-4vF)(C4|pgd@V5?GPQ4RlQSROzR@~SWn|&pAiBou
z81{t6nV#VoQ$wZf98z%A=KGPa4{g4^^X|gp;rGZw56%87;m7V5Pyw-_#5bnV*wa%H
zu+l^R*wWgF+s&W_1y}E8bBWJ>t)Jfb=@xr_i)Wl>ZF$!owZAd1Dh@PSE&!5O4cuxN
zk05eVbkwsbaKehtz!S4<1O3}r1TABZ&utF<=l+bUSP^xzh@AX9xH~?qWI!H#QtgY(
z0-bwLHuYFSz?ghh_9iIUTeF9kYu;yMr`&+6XCW`tFebU}eQ@&DWh0Gu27T)j%Qx9S
zQK{Xs`J@LP%F%MtN@orj?a!%>6A2;@If>{A;dgzNAYaRF62s~_zQaSuYw1)m&20N*
zh-d-=F2x!xdrb0&K81>3k@(kxYH;D{2B#hStG%_n0x4)U3)6mP-*ef7TMpZQt?xn6
zIhyW;fuurgm|)uoy!f;^pDm~d=KJbvI{wJm2PN~96fxbkzPN7P!_veEeVc9%0Y5fq
zF8AaAVd%W$q5k7IURg=;lS+1yQAASqxe$twWUs93mCd;eWn{0AmCWqDIeT;VnRoWt
zoWtF@_3Mw%=kw?H^Y}bIpU30-`Mh7R*Ry)~nZoclw_x(K*nUn;AbJXC@^VACI`BRg
zPi$T*#(KEkx5!i@g&fjAQor44W3qBRyQP3%B7*E(JNvh~maj-ha0j*I?+5$si|
z5(r3i=f~#?;Xeq!>u0LbORw9}DY>T6LyR^WT9l*1C{vbKjZ$3_s=K091CB~+245qx
zt%lSPdMzJ%oqjz6XHWn5B6`bR;H>U>MUmxb-k+kNob}sNeQnnQWC1%<#qiLlFK0}J
zA77H7rc0jTB~Xqog}ti^H_mKdO4wC#URLmO{XJ)_oBYV7@Q0$-o-<7w^uqdJgP{r-
z)y3!@%=Pu3y!tjE1sQyorCfDRgrO;R08&b8EN@HTJFVBL|a(HeUEU-3H}qJExC(foEq0
zJpVD7Zn6D^O5KKJsMrA*wPvBWkZ_CZXPxTu`a`vG*kqtU%X#f6@8aDHF(Ivo
zh=MOl_bNJeagEUKRdsQI1
z8KYRzO`m#y#hXE&#vX$Hy>6X%NQ!S5W~bl91ho2%FVdWraP%uMK07<9eQR1NZ(Qm7
zXD(_*0OWQ81yh-f2F0pM3a)!*_HUBa8Z%ZN(`Al-ybrr>9YMYS;AR%x5+mV+(1Iwi!w(ci_C0vmp`sxcW3dw1e}8>BK}U^}pL
zGR8>-3Kc%v^?exbNk3S!@CjML>R$LGfQxd)N$jL0qQ@nsGsc6}kAiSENAX2X6P&e<
zfBS}MzN(Csx<|{A4qv3IL4}&Up(w0;
z+kiAqZRzvv3Fs$3bF~#N$PuNiL%-~PtfntuY*2zd2v5GPi#M|Cm&Y|Y6wCFzuR~m&
z7~+B8E1+bv?dQ?@#h21@)gPDZ3th1Gi^>|`D@#1*2|nSQuD3};RKpm7vD$Nu*}$b_
zAERk=#>02xG_pyj)j9r3z=*Sg?@nDGf+cJ_h9!*WpVK$ky{sze3qE|80EQUjTGrS`
zP>BqL^qS>NATOgc`C-CFu^AHp_aurMgcZDMp>z9WVU5i}A!=2W8zk};7x42s&h;wp
zL`3*kHZwwmv2rMx-)VON`Z_#&jqNGGpi5%v%iTE*Kj8JE%V<0LOGBZKn4ZFhrw{&V
z@K!~IpPAGBjOKr+CE`OAW9`9}-i|}oN|SNntWoIj@GDZW#&*+sfmxMb!9`^o{2p`F
zv6nLil)j+@w^P47J~+lMZ1X&U+t
z-4zeZzM8R@eqtsXM|AxM2<)lb)SDEv55u?+zS#P$rt1Pfd5w<7+8rH{_sDx>Fa7QN<_#pyO^
za65Eno1}8@I0qrL_iGpH_6|ehNGHP%n!Ioc6+2{Hbd3g!x0uy~1GciGnc#Z&3}1yFJ1g)06}>ckn2g90d!*jN
zmo&bUZsxzJvaRx5<-3;$rX4=rpu45*Be*Dw__J_nLs1rayM635xxFexWeRDzm~>)osh3Rj+WFqHMKXw|0uHxgr;f5RVwp(f&kn#1Mqg<{bT(P?eU(d6i^M+g4|_wo{hP*$T*KAlJ?4SFjHW&1JWC
zM|h$GIQdsBC{x)I*^_)H<%@^CI9^PgFXT^BVFF+lU0{Q5ZWwd>8MH;2!q
z!u#;cxHPz0J+n3MIXX@sIbhu+V&&(N=h0T2vbNM#fAuge46tx--qR!WrTGcY^TzPo
z7Y&`;v%cuWtw*CRIijIe^+H74X0O
z0#xBq)=mrKlvac(nSMby<|@-*HWqktR#&NApDGVH-%qlR7pb_F4OH1L$4kt9f+0t4
z&7FsHWR4KrL)+VYWqu20hGn19=Cxf7r16h>p$Yhz4K?7N#_#XL*0*it0m^acGu*!q
z1w5$SzniM=_-5V#%1q3OE4avUUW7aeF4XrRex4vD4v6%-sgfXfHmui~O)Yxr`!v3`
zcd*OM$m!l|vFlV?s8Wz87B^Fv4*T|u3+NY6GM8SUm9P8aVjbs|aO
zud{aoS8&d&U&(Jue>+gFJBSurH0jYh?AANd9wmi&NfjP5Piyyk$V)P_(RFP3_djfY
zZp>0O0ww{K49KZ~~Z
zawZiiG@C~`W$<}d-xIWE
zdqVjacRpY$iLFiy;!Yuf)5q`9gYwQmRuw`CPvQgV1{;-v^aHfK1ARi4bBcnxskUn4
zykF(mf0s=;kZ*hP1mpj4TklIHqBbmdEK@gN6IyfOb7
zKikyv>H}N-Ila>LAf>2{xBejMBx2BAu-z+*uApZ=Xu7y(cvEx1;Q?3kC-YG6?Nh~c
zn;yfO?b-2QO=k-F$lExRyCTEyYIqy+m=kw5Di3kZzlCR*(ouG%@K9I~?r8UD{TEEU
zQ}Gv+W+0>H_BXekc9Qds7@8v4rmNa9OYr9ZR?XDzl=9!=67(4eay+6g#52`u)Z$xm
z$18{0tqS#x=VpH`<$aT~sEAOC+N&d;j7_ob^Mmp)II0Q?27f-IePLYo&;Is@e5k2o
z5Pq*QILP_^rAbwuoF#d>uPW$GmC;&#TRYqB13kR)3M7~;J!XN{?eAHxSB3QHTXIY2
z*qs?T-`$pA-FpF{Syg?1E#ne?a;pt$6%(8jc}%J=`ux_5LmN=(jYG<%OXK5(rzsv2lstzsXz(6o{2RHE
z0-U5gr6)oE?gHgX?VR<#@KozioQ}QJ0GzbN@{~2a$3@$(J#1?TcO@;rT=|?}rg#j0
zbt(G}dUIFwjj!+YnRh0_&S)oS<^gFI-*OfyybfQvjJU-3h+wmGSaT;074
ztlBys54NcC4l5UqAFz%D6mZu7C%&Utp2?Rew+L$V;K0P}R%fWg(2c{T^J8LSL7@I4
z@f%Q&yMUykl|8#1k)Vr4Hri~Cd;ktDGDtS
z^xomGZOa(Fv{pYhu^tvY2{bL4?C>tn=?@zy_;CN&_gf6=d*TplPa9|*{XvEWoCB5?
z&B1`!z5JhNoS2d^&ydQ-1-~lXS7YyISh|YX(tv1yK3<5#s&<`PRQBbWOKjMU@t{{sjpBxW^ZS9t>c2
z`i8o~W%%F65yax(evL_luWq1}w_%i8;%Z|mqJBZEzgdqYBk|prPZDle8@*
zL^WFJ$I`Fd_)>;?#jo-Navggd^=`@jnUM+@ceOr{!lz;7&26A4!=u;
zq|1PFnREr15W`nHZfcZQbE{LNyeZYHgap8~Lzj_vmki0wmz3w38x8%j8TAGyH4})l
z54B`$%?`z^BuLIGh9yY0{zbb2m+{_BH`$-#<~b#)vT2m3-eFSKiguSTI5W8roHq(l
zu!`RjZ8{;fC~en?Y~Y6N_{rz|Q8q}xa23$8B|UF{Gr{GDc*TCfbIziSx`E+Sm#}8Z
zBr-)%cTwcA1cm}kpF)&h+21g|d9E5@pfQ`lL`C7RL00x{6s~W{|44QHk;)o5WBmTn
zRr8h%TDu84;~N`XQY*0AgL@IfHdK95IADbJ_N!bqdK&=Ctr{kkOA7}&}!?$`UJ=Ex5%2NdeuWP;UI8~;7hRa&b$%Wi;
zR!`Wv2UVebvi*(&LNCVT3k7fnCm~H_evWfA4Ku|iiOg`^>;14JOL5_sg2+gt|9h=I
zd*RDPmz~m7yKtDf41gS+D%*ofm|EC?t$he2F6iyu%t`rRhtoBcl>>2GBxVEiG&0vb
zorezawSkcU$PEAZiIMqwG*FjmpGYsg4%_M3#e3d3jm#gYEI>^v2$_iDQl~LRhn9il
ze+lP)6Q~2jDkDu>BBGXBWnIZn#DQOFpV~_m|
z>=qFMeJ;Pn;dOv=P9&l}Jaf`_o7e7)D^O^*qvIrS5iX2{SP*^SQZN
zy_A=#httXf>!bnM$HvYGWOU8PdnQ<^Jo%`5MX^^C&$gn_z^Led!v$ngQ*bbV_)ZO27kR1`H_cX~3w
z$`02x>BT_?)hxc&eSg1zVsUZl8!Imbak^y+g;9(aTPEM8lpCxX_eC8zr^?!g4{yV3
zrucRVVr6)gk^LAHO=C=)iLfOm5B99l{JnUeMiF@yg}S}FP}}({`+`P@uN3z@;pZOB
z#p#*orw+Gh7DHj-qDVGq_J145ZOj>fw;wvz_@fc5^!soSBpl?Y)C
z(}CLv`p+a{CSAqT%s98TN#Oy
zmv`!B3$oi@n1)Nh-eqU>k%4hVcD3^q)Y?kps{vpB*|AyRa0)BY;ypP~04*fu{zU_<
zozXWKH}u&iD=|f9}cAyC|@l6u9nQ;Psg>l^g1{Q!u|A9
z!?vx_kUKvi86MJ*9dd>#Xs7Y}87pzQ$T?wP{s|_gt;kNw$y-Au>k^~}`pIMI?d|v;
znYjzqtc_8`pl9Yn#$Qk%*lfIU8}3d%I2g+%o)H&QfPsO!sbL-KAbHrLB?aa=LBV`>
zbBozOwMoZf{3#8ZBj@O+5o8tS#Nba@$PQ>!l!Dorr^x`bMe4<{h`1
zMyZ$0<0mT_PHt`$TZT&+lbod_BrPFzV}iUTT?KL2`3v)~r*KY5WFK~tZHuZQ@vM|#
zN3v}dWP$O(qJfH#nx#sqeF^&I6M@?3IK#czt1T*mrG6&vPw((D?m9H)79p+zR2+8F
zPh|%N7|a8SGFx}i9>U|he~}MoB^g{0hpO
zx6O};Td#_$vsMy^0vLn^dm-*#Xfie#$5eY^D8ow*b(bXEGBO%p*v$vK-98KaX1I$L
zm?SetkuBl{FCZfqr@dtD(X*uhQbAgNh1;hC71-&y+qz6RWHig*t9ZbDUlJ$g*dk`%
z11|MYG=OdmzdbJ|N2g%ryPh2kN|#?@^`o)IKCyqtZH1K#hzp&YODZepGc|EtoP#--
zK&@Qb?+nzh+L$!yN4UK7aCuqV&~0i0lE*d9`(N*pJ{4jQL^0j@7r&VoeHcG9b;4O=
zK~88@_DI;S`grF$snzG`>Qnei-eGH3ja7%LhD$#q8;sFhMQbqVNL1xvS5?$c`bWd@
z56h!p4>!q|laiM16ePbGZg(}!xKYrC^iGCAq~AS&jU*?TmG$zPuHB29fN_wkConsTYc-xPR^c#Pb%B3FZOzeRx
zkd!dwHE(OD$SKXidYOUbco+uA+@1xsJ2cIZbVE_ijr$K)Qb%93=hwAGc+{1Vna&72
zO_wywQf&i!Jl}|%0duwb$KLvGQU;X~rM^FBoih4c-zS}4)CPE)w$oN1fYkvi@o@yu
z{#ESVnp}ve!%g0coKGl!WDBIBY+Xy}*R8e_QsnZVMv7V)X$0#JUXB>elb2z>uK<^E
z|J82&-|)wk1-9A!hT0YYR>gc2v;1y`>ytP3Rr;RXN@R|rW7#mS^Umzs$IDJ
z9Z>ejA<*L)*ZF5Ag6Q2TjQwTIo1p9li#3$x9OZaT3K=c`8moZJCpPsQ845KOVW{vq
z2Ye&<#RQJ8iMb}Y)0{cA9~G4yZM9mNnUnXu@W@$2%sDw@Rt^j&W+~{~AxG$>ZJ%U=@begY4!B
zszu{JV`{KN%LLIXY*q-dvh|GgUWza8gDntDNZ86EsXVA<-aWnsAZ1a}EY0H}>a7Ef
zY1you2&QB1l#T@`D~@1tfq1IR4oToCR%10H3yMH#Porc4w04n9yJ|84g?2usE!WQW
zYXX9Y98XL0%ltAfrA8S|zkzr@q3-^zVLC9VuhY{plid1?jK(Lx#a)bB3#Dj46KPxMruA*plHX
z6k=KZ32)amKARV}^im#*-4bX}3^+ncyIV+d4c2H}lffje;$
zSmU~vJ+Ojm$0`IuIJU%RLhpo)Sy?_v*#P!X)&#OBHkO?Y<)a#-`(Q(|Mi^FNT1Y$S_w^iw*qim&jy$
zq;^TYz$B6A`y`KUcsk%aO>`kNW)|WQAZwGPPM7|2NnxtIKeBb4G{#ZswQ2g@pN;r@
zVC(%NwadN8KS@t+!hW3qv~u1aQb3v+o^xfG=g!#y#^Al))2Bg7-lcE0Sv4)5q?$CD
zo&`%IqnviA<9a;3?rep2dt`BsqbzYxO+`F=BtQ~6aMp^y$W!T?mC+?mPt0ly5nF*o
z-S~=`P!RpP&n*TA%jG4v_Ap7!?;FpDoMU;y&I$gcf?t=mnk2W=%UZSO3cUuI50O^_
zTg%n|<|V*A&TBdt4-p+1aL==vLei@drk8c{!~673dqyR>Tksncrrp0{%v`sS8@4$w
zl4qw**u^Y7jm}3r^iD1;^kJDF%niUdW%V%uqp566-@Wq5{lv1d%G+rhlcFgZg1anTSJU<+giYe0qiq5
zy&Gm5Zjt2A$PrF`56l_fC_px!1A5%9
z`c|k;5R+Edk>ifHqxSFJUwT{E;`X?$D?}XfvihhY(8AGi>4X|c;f1Qab5g@QK8l;H
zev@nP&WS%g+RkL$TC<$1%dk{=0yx_#tUo>P)sX&FPbBPCv@W8ZSK_fVg?e+I*005%
z8!aRG({&KTxmkTp%-a9%Y43Wk!Va{gA(4|9m`B0xKXUIPS12SQAb$Y7tEXm42UT*>G%X%CCU2x&P&uN
z#>BlO%FKx$Bp~e__bWFJ!+r5=4i{Y(lJx+JX9w9|A>Z~1D5`C7=I4+%lgWdzbn!a9
zRtrS#f>;p-XW0SEJ6_q!gjI%~X$c0OzRnJ7gQSy?3rK`Q8X6kq+H&Cv~Cf%W0?8|fPR<-LOj|Xub=P(Gljk^utRyrBpkA|i`
z2@W@TLZ^H5XXDpv8!0RBWn=T|O<`~0CbNbZg-W5Z;Oc(qe>F17iad0{g&UT$@57G_
zMlCeK+FxG-=P%Q^2|wm#x~?P
zZQ49^5@%jEZcBFy3twHge$NqnM!Wsk!a0jNDQ3^ZYMsI;AgRE{
zNlAT^Dt{3}(z{nJ{o*bzpH~`{E9Sh@^JgXQ(HQte1@wE+UxD6d+!F{c^pJZSJ7r>~
zAsNa4@(SQ3Z}jxzFxT*EzTO|=a!X@klHb+es3augnZBg%6oO1-oq&HSf*e8(^zML=NCdFuOhQsZAhqs`jjTP8z{yDa3FsY5c4EZVXbw1H?I!a*;sqx+KWlw>fo}ZJt
zUtvS_E1O>VI9apVCGAz+^mkfiatUvzwtcuQM!Ny9;zUKsBlLIK`Y~K+srqyGj>nXn
z90Wqut@j2B=^W!Bz&5om|GXdrrR^{g8&|m~l<8;WRXa*Kk@JXWXHYzGA8%AiNO%r&hHN&V=aI{Uo|
zWtQI=`1FJ1gBQlahbN53yEoopObx#C=YC3D;qNpoP%i=)2f$73aFk~j#zh-uR3M55
zw{9)z1!94&^iB{5Z(}%g$lnHJEb)sfqV^joLd7fW!&kao!Z)`pKBLQ-P_zKL!sAI?
zpx70+hq2op2Yhi$yz?^KA2?=>#1#bNhA#$L&B8Deek1qN`|Du#jHu3*w^QpI|6~BJ
zM3`<8Ea&E)vTv95n4f$Es*w7y%B`$aJw&13L*E@!s4g7b;IG(FxMx{rn&H{+tk+;G
z+`ezgnQ|WC@j9Jn_l6Xr@lQ@Z#dUMPjKtTy;dW^^U*cMjCc(O6w4Uo%hY4x0jeSz4
zR?g!mUyKB9pMIY7%U5}!`c!_2CMxwZmj);2*C2ep#x-A1=@j^#-HHF`)}LA}sW?=(
zJehaa!t`WNpc$*9LKbu=ALofbmE%4cx@qD(A1WKwNzimTGzHu57;N4-HxcaUuYZo_
zh`{C-G<$Ui$f20=9g>|}x}HFUa25vVC&SagV12#Ytz}1kqa0HoxuTEP{?TiiO5(HWHo;{ny|xJxZ%qk{5Za1
zz9PKe%hAYIC}$s=mL1wkTY+Vc(%C>D{;j^QkB54jar}Tf$4dTbApyAU
zvc0vs5L;)UvzUG}8sor&V$Oo70#=$2|8Who6bvQmL1W3yQJ=`ZZPj{I%5Ad;I+EQC)|jdmg-UFW~F?t$h_msKABveR=OjGs7>L_-Fj4=gh>>}3s&ysVR|
zPrpN=%TIlH&o(9{`|7E*Xu-e1uz_Rvng#Dt|EHTdpRBLD(8K9Hl^?=;06!mLF95!7
z_A;|DD`$NJ4SJBB=zszj?z%Vl@8R2CUs`OoA@SsJ7*9!1%}IQ`h
zBEARj=U_jw_LUyg#=r51-@~mQe5WWwB^LgZAVud-^Dz0#K5ih!qxk*6chdn+z6GTW
zg9+6ACx6j;<0vRkII;;imUrdh_K)PoUMTb!pXUl$VQl
zbgD(ZlSM$zkEgk-o7K4YqGtGD7IpvB3SyvO6=cqUoQ<%)+rT+FXv5Le0UDt{uc+F(
zmk~{%t58f>LYuK{nST$vb9t!J(jb*N(I0A@?*`0Q88&og310L_9ol^uwW1}fN08wF
z?O&M)^CG29+sY^|X%XaKs^`RU#z_LtNEC!eo$p7Gm>~t8H|o5D`ft;O#(OR3#mS#R
z%0G}`z_1KJVNll&XD*9a7?Bi~?~(H(xB8QRZS2i=`Ie5h9oKE>do4#ae!5TDaO6qL
zJL@_TxAs>i@Nzk1I+MT0s^ma8V*4oMy|*3E&HJseBOWZj4mv3Mg<+fuhc*BJkM-Ha
zy)JPp8=WZgj}|K|^H0mOOMHQi0l?=2kX|w6z7$EwY%6?3sKXX5q*3}+2H^>)36C)_
z7Cta|(UH<(QMBU>$&oKvsnqql=osNG*Am*cgVVsY6pz}O31ktW93=?kzxe!GZkCff
zO#kg01t)JU*E)||S=jg>3dKD<>>eeyqH()>Z#MI@1_wN=LHE*GgnHyGC)xh{Repyf
zJsyAcfG`@(-g5Mw?AZL}!_jzM3+rwF7aWMFL^V~DI~;>KT?V@(c(IFhQ7XFSzpJC9M*7zO^$_DDbZW?UwKm4e^9-%^u68gGU1S3oU+??7)XOGN8ADTH*#=
zhc2fraufhue!g~hf-WIn0`pSTI?@$L{^kgeM=c7Z=Z$&^vBj5O2U7V1N+1LB%h(R$
zV?+)ec|O5&;kOvi8Wa<(c5A#%4Sa3yT^@GhQvBUibnbI7%Q*`5mkfH^7-vWxfO3=Y
zS#6L&Mu-H-pHU1-uF{8?tDU3v{R24|AtslYKOQ8R;b%g^5WS%R%Cl2@jBz(R`6)q1
zl+q46Lrpi6f1n9Sm+JW0a;L@@^(3j(MmeM!Bxe29y~j6DJv`feZkgN2>uqsgHly5D
zA{1ozNEE{47T=lmpjs>Ehx+u>j0aeN(z)&f7GUxQiMfu$HmEm*Z%Wog0X6X6Cs`V(
z@YK^y1?e44r&3&&9@l_Q2i*1TZhbc|yy{yVd#TX8$nou(e5e|li-;Vby0OTixc!<$
zE#KpM?Kvj&`HGnP7#xCB$KL+^7{tM)9i21mK6GMIY;Dp*C`AJ{pB^*Vyq(qGI_Pc{
z#i?FDZP+lf4D-clUPVYX)>`uxRFZt5$B-J#PrkXe^!FXTd(Fp}|iH0{2^#cD1N
zH&4gN`_m$rmZ9|lCj(RL5hZ+`5dI8Q@9E(pbB8n_@q+^A?V}}U3Xb$T%P?Ae6kjz)
z)C}K|Vw~&u+Ea6kuow&)F6=wWkr=L2WAfQten-l^h2G_L`o4
z_IUZKe*}LRrKHQwLpl1=3n!SSCUSlALzX`1Qk~_u*uL4B_
zGWy}|Zlqs<;8kL1_Ry{odw6ytx1>3og;UH^n}}v#?m2nYl66YmiqX?SYdD^vc`okn
zS59s~57uz%P7y5%ym3GKQv&M_%O^J=2a_AtV?Tbx6%;+5exKt?*{20#1xS9z1Mm#;
z(y=!Ox+G>_ld@vak{1Id6P$Rpcase?T%v?S>Cr~P=FaFK{Ut5&R#i4XAD~4cs
zU5pL1g*iR`a`a?fwQD$St_aw@Ta`N6Ce~_J=o@WZ=u4<+9OQ0F#}@#3R?GRA1||T}
zT{1nAkgG~M4}Ns7&XlX{P$h%4#CPay?@Ux^KX2^H;-}p$(x0jtNN)_KJ>(c7H%sDM
zY(J}Ac7+US`G_5k3SGB(kBkoa`tFE9myk9Zbay(Ji@~70)0;Mh
z9&IalS&+HJuEDCy(xcFFoE1rC{U$9X{2cG3?Lleu{rCUJyO5o13_Pa-;t)oKJj0o9Iyh{z-0^Y44VW_`-G5ATCaT<8|LGq(<ROWFQ%1IGMlntX)@A
zje}`Lu9y||Z{q;$HBO(+)K0wbxCRHbc{(Ci=#IH3a2r~DwiW%TUyD9pfIJwUv>>y)
zn>tn>=3k8`4Xwx1!x~uZ#rD4BiKJ53aIX0_>Dp&E#}~~x0;>n3B#o|7c#b=FR_?=`
z*3m~T3Z;kbZ>PcRb~NK^hE#mJ>l6BplvBv4*)4a|S?`Wxhx6Jg_PGZc1!}$}U{{$EC=z2e`RM*PKk#xiF0h=64
zt9X}7+T7u{VWO9S3w7GPK>Iw&8ckv&0NIY+Z6{4KJ<9s~`Ni>J5H>UL2-%GK*Egfw
zA?^8aa)mI?wLe^C@!)-;yNP+X=RfCTm-!Q_-JNjea{cHno?=f&PsTSCdtAPSs&~JU
z{>eA&Y!C*89ck!ft5omO)?#cS0qtrH-`l0fb@FtnX%H!`Da2Z2Q1(u5BCH13>
zeuFVs-)i-(rrk1`dq$o9bR%(LuB6q}1gl{V$apKaI;owXb3|t+7vB21?3%+q>2hIw
z4b}rh1iGB!?FbFsK($MfnVomBXAb7`a)aFp6C4Q1IBi9e+2<690PMu2ab05)%dxgN1&_!9ZBPTW-+N&PN5wZFo>%
zn%ZR>l5i{C?bDk+V@w${cA<_Qv<8OGqg?iwA|>9{>HCFryRm>1qJx@{4XjIBc?Vo2
z2eBbFa$`vwwglx-u@Q^1VK?>=7xLA02eTobtR(EgH=f1cn~Cn%tUYD1`uCzKih|%f
zei}zhjugB1*%mHiBmP^x-@lN*kswvi$RGP2Da6e)-Q00uBam;MSYEmu&i16Q>S|_Y
z&t=Hg7on7^#qPQf0J(ed14CHkVzO9_T~#I&L46LH&4m<7=VAF1n7J@0cdD*
zOwL;=y7Kuy%`?f&$d(@9j@_j{JyMrf29aC4Hi_yI;8sCy%Eq1_F;edKVY}U8BHgxG
zyIseOnj2U*b0=BErH%ohjM8@Guai$z<%Bd7XSFayy|B$ChhO4T!-?J!1Y2N}=q
zt<^91>1ZFj7F(XRvOJ?aRB;0k*~F)yUp)w0B#2q&7XGjnkTQ~fd;IY5Lw?LqorcO{
z&N)PA{D~HS5Ry_=`4r4ntz1eOOCVI4{H8Fi-
zwOv68Q#AR|ygl$^>4;9YDV@pTJj7h#4tJhco=_Ilc|=k$RfHaGS?ABc!Lxw6iK8u`
z=yrtGywlQ-y6j9FRco{%Ltg+Wkj$7H*yUVV@wh^}q##_d$Q9f6?LI6<1{f5$?~}JedioZ*{fTD@DCUte&*C~-FK<&vxbD{8
zdAF@E3-}6;DwX~V{V4uKUQAIm-knUps%ri^x@GE|+kKE}K7>$d@h$F{^-{61aumyT
zMq)1?%wce;R_gyqb5N|G;W;Af+aa{b8!Gq5Fy^Q9pDv1q#tbtu^0yf#tN%|F`ufGE
ziH>B|0Brebg;cv@@1!_5iYYHkB0%}5+*VbNIORAz@?GnotVW;<#Y)1zUx>T!7KFb@Mym0-+$_&mY{FvfPCSybN{~RlZQoikQ{5~b$
zlPzJFi_kFFw&hhAttt7vcAi!kw@1?o87C+%&E^y8T!D2r6f~5(Na48A?C-XpI6&eqfQiLCA!o0&x~{pbgqK?OzLP_DT3}TDqZLxi$H_I<
z+9cgNBM%OmJDRQmWZkSv+$POirbR#5Gft4=)P^g|1j~N`?uG|BRtQT@=&W-cPswJ_
z5y?D38!;lgHy&Q=Ashsfrf65);)onEir(z@;bpCfYA~I5^=}jBGYbN&bHq?<`%W+a
z+`oBhhXmZ@=u3Mem3g-Qr2!{!UX*nTf(5r1p!KK%o+OdgIZsK&Pm8F}iobjH9$_Pp
zCgm@k>*HrJwl?Q4MH~;O^18)dc*)K)a`cFlFcq|y%wlhVzR8I$J$SVEKnZ^+Q5^5U
zIPF&U@}!j^qE^XrlS8G0NMj_>ZbG+b)o&iaxFblbxB)Z6N(?q=8MRCOnujFVkUOUJEtkA=cC;ikM?N(Wx3VgWki4L
zphj(vzlHiDN0`cbX1Xd35l^u|JorNDt>5*jtH8&d!gG~
z8!qPAIqMtm)S)-SQyj+^*r{ErSVpIl=~STb8uE$zLE&tkH|V~d6T4QC?k`}qpO#Lx
z`fzRb>8Ga>2-~;)xb^g8ijfMW@WV#x4PXn4MmG9njoo$%#a))>y29`Q&Sj?xYw}D1P$GT@az~V7z9K~*s>TrB!p!9Z%
zL9K?N)%_l+X$5!|=ck_Yn@iL?Mr!a13WJVVQM>Oe_oIJB!M4?O(SkF|-x2?E0_Xvv
z7$+Lh6?4_pHsJ#RtR7oGbuDs9H4JPNQ8Y)^)tx7L?7{M;{(kGacR!q>$-5
zb*Bx$*;fIgWhwKE`J`-
z)X}OH*H>UZmzqRtj_1yQ3xYC&Mz*6*wp2*U$*M%P!F=T(q8S$JL2tT#gLn7-2U|d-
zzZRSa8U-CUt9S|4xz1rb&MMLQ3fiwytw-9-i0HF#j^m5syvccIJ&}H`Xb+Tu{elC!
z^tU~Lv_F#PJ~3x{issD6>O6fQdnmj{`Q?6@`WodDPmO3ba=c)S)u}cwt$(op-}15J
zP9168A%5{M`Pitv?!H6sn&*Qh>sY7JTW#X(Y2xFGm~q6r(MWsR5*SZ*-yWp0&?e_*
z%e4?~w(5N6u)8ggemAvQIa)A|MW0f?&7(G4*H{>h2PX0`t7)FZoA`w??K0N&W91M+%M0S-)ktAZzB4#jBz+-RIs4nW%S#!V>D)1
z^HBCCBYv$ocTa0bMYBc!2G^U1v|n@@0~O7}mbUV8$oe7C2PBUOS(Cn5mikUl3-Cwi
zN&h$;E#TiQ1Ajrm(>Lp=`c6;F(3>-UzvR{QZjJBfkzAU48@|@kfBAC7^F|1U{*6^s
zmY2#pUZ$+dYFQS2vp!bewPOa&9S1+n?bE<_p3>;w=puY(Gs&i&X3OJoVCdZv_O){B
z-*ayJZGK6v#9lqc{?D_e@+V^Z?Z`|1hWBrtgM1S+cIi=TGJA5_^WQG~6+*UcbLj|=
zkPZ+QG7$C`BlK>|_w;Vzo;k#Ku=fw}-I43Vv`&UIT5Vk9r*{i>bHbOq^;}^aOj`fH
zDy@GN)p=PSe2doM8pM#4;}6~tT()n@uY1Hb9c+x&fyLsTL}8o4vsUIW3b0SXUU!k!^Sz5ekYzJd2K{j
zw9G5fpQU~RyU|x!*D0biLpsDK=^N82lAA}Gw3whBb`!0>S=f{Dty0Obo+5l6RSxP(
z&)jWP*Q?#}?$AiBU$9UDBs^q>jz}Hb|uR-jLUKls(7qR{{pgHyO8B(
zKwm78JsL>%I5~L5xPFCt$#$~ov7e%?pE6XuQ1H=_H;UU!I}0A?w2g>g@M-7pXVJfQ
zJw5sU9PD!$y)kF&;r-Qom{}~5*@yFzOx*Kh%g4xvJrCr?eN4|#Uifdg({Z=bla#)C
zg^^+&Z(?oZUAu+-`M&Cgftq|wVwsD;BAJTU8n0EX*jrEy6&-+VOkzN`kJ|T5eEi>KmRCfP&=fva7r+mY(
z2b|Au3~KEDYs$sr!?>%embRU2WgSm1U
zZ0vHxT@X0(0>`N;i34^qdC!I>aCu$0us@11Eqvs}U0@DBFs9g>E3W^udh@F!!?%O~
z)zI7x6yN_r@+o|&y!36Rhz}rtSJQ9!Sf`(szrl}TFHJur;-QR6eXUve999+V--16h
z6OS1kgdJyE=ii^0-2NwRFiKZn$az4lk6hfB@(0k{pW=MI(w9m0i%3~c>WOx&U)FF>ydGCu)fo8A!`g2!EULNcE2=@N8-gJ(7|sZo(!G3%cWCaj=d=2
z#h0nLY={3GHc&@ztyH*eU0Z7@)eCPe6Q9l=e_tg!aMn}vcQ20Gb{e5?b%r|WTaaXf
z^gDzLd&e}!U~jBcI;oux_WhldmtD3oA457LB?$R9rFC?8Cn;pF1G!SU3Bbswyy72`Y-Uoc6xo4+jiQuSlXfH^54tL^T)P5
z+1cMnSyS-^G5>dz>d(@yoXTQcX~I5~%0?7^`yO5ogUq+p5_LG^*oecY%~Wny7uQ>P
zBKuS~*IJDP=)rxgt$Gx36S245&qxM^?W#)Ju4r7Qg^WJO9X}FsD)s?Le}UZ;)RMktVIdDyE1R!R_vVUyxmv$_C>(6zrkFo>n0z7S?I^N~Xv!`k
z+Cbf1i#l-@Q?hT$rFTb%#9XWCH0-%%jO$l&e}%&yujsVlaCe7||FCQC#N#TXc)tYs
zaTkxRKiPgyf%+
z#*%YcXGG{DxGTC&>LVHDyHTUp<>rz+?Usk1eH>>g>vDBP>6<8hRJ&Eg+HuR)YbbqF
zMJxh;6yaw>^P^z@a{{;pkBc*Kp~Lx>Ye^QkMZ#ha*U96jJUl)(bSd*+3ph{ohNef2S6~TO#b+JJI+x~yo
zzX!LK@8AAy<@;&-w#oZ<%>;1Ew@ux@&D#q5w^j9TU|VVbdbY_Jhauv}b>O*uG+%F&
z^A-D*nvw^u(q!yq$U^1xt7X$
zCt?5DI(2-)y%qNbed11L_;A(cJUZeXIPJZYaJ)z9TG2Rpc&lT#weQbcwH0HaHb>*6
z0LQYe!k#O}Y0N!Nz4kaotc%)QOe-uSuoeAZoAVZx%_yDEm>a54<7GgV|M3>wgB%OO
zk3{PJjvvU;Eppsw{y-u-t5vK^@PEiYw_V(;P*og1$L|+0v(Ps7-O5j>a(W0C@#r(quXQ``HrMJ6t}&(f1?92(7kSp{?L~Y>+$|H~
z1Y5{w?l#>#Dp>^gS^W18JT~$E;@*nY)Q)%U#=6DXeGdPB41F1$q%Wfu_90@T&m6d=
zkD)KUsxO`N1(d#t#@yPfsI<52LwqsgILdYB^F4;~CT)`A?Mvlv(W9bmiQe%xI#Q7m
z?X!v6XNR5|Izr#BD)EPd9v8&E#I-1Erl%#*!B#r!-=py5FDg&W(`ad5QlB_;H8n+l
zIQu89k528MX!Cj8zcfSI8%p`TcWQorbhG58#dB$Bb9uh~?B>b&{lgQ$-LrXWe$O`-
z&fkOToYuU}_WZqTx8(b-{@-lR-#IjY7m4{hqd7zKcfg#5_cHSr`syXkhbhldvFGiM
z|7o|UJ-6-nUHzNn-2S&TgnmM|3`AfMDehNjTm(4j*Ylv{y#FgehazvJk1SO
zgE8aCtvv*%Dc*mZYPU6%#*&>u8wR?Q8)m5shAWuXM-Y48Ox2Q}G7((83vRxGW0Y3g
z!52>iGt%q8T%%x)QreYlBhmMq^q(Vm2X>7k|F~dhE7%<(t<$XSFcRfp*1BN43g%8q
zYi#KQmsS3;9*m)2%G-**DTO)K!&qD{f4?jL(<=Xt9(n&=kB0gD
zhy8UlpS&y|Ebu4Ra9>;Z;)(Dsb>Zz%cv}VS=~TAzdVZ-mvk^1ByUN$Y=Yn5L@Ux)*
zY{cE*lJ6D6;QM$`GP7s8&3E##G0wi&@9_kA
z_;fm%q_I%pX+sRoCV7tHk(9hcB)kZBjYUKry^y~mwWP!K
z-WX4DwxM79U+%6xII1ek-`D-p=@24`gphJkUU!GD?v6HY)HsTH-D${6LNq8srbb97
z;0z`(8>=v&h;-1Yb=-B9t;#a|p<@~YxYllM*KS~@c7`DVtfFeI-E3jauz#qG6OmOM
z;+S9@(cbgB_r89wJDm@mt*xp3Bh`8Do%?m}$2sSobAOlZ(=iW!CdUp?tzh6ZCZPp+CSio)r26?^r+E6`W4R7Qz$KiSh6EQ}lZ|YVV7SH3h
zGG3HrY=2tJD{H?Qc|=xEmB+odJf4<$EPonvtcLiruVRk7c6F|Fsx963WxCNlCw)Qi
zRlORXN9CPMy)yp4(Z7fGOuzpC{{-Zz=)3LdI>z=`efRgr?+fcpdmnLjU!*)0b7UoO)hlIb0@NWa~d
z-YwI&&^r^S5c#M~_yCZPkk^y*sj%g9ZL4@!oTD96r5}0HN`FbFAEtLJdHR})61Qhf
zIxW}Bt+cP%(*9be?R|23U17TM)AHo(&R>c8Sm$r}{C`r6A>4fpJ$)|sQ@y(ccM)XB
z3-_(73-}x}*Yi$G{_VEf^Qvsm+1;kRu;`NXF5c}hNM2l=OY(x}KTW=ITfQ&Ke7Dm(
zZjXGK2w$Le7C7%}2EXS_;&-(zpFJ|4irt74zEby1&o$Wje__}3`hB5XlVNXNx7qoq
z$4k2e|8eFC_S_d_&jGK6>zJ%0+G3;a+GVw)Ubf?rUE*v%(rT>L`-F@sy@tES==pK^
z49sBoSazhJukh!`Z1nHQ|F`p)mc{yP#v^Zk_w@T;b{-U|pXTI4Z};r^u&vwTL%!t0
z`tD3V{JCt)xa7laS$qg&@nM;b{-yM{kLz&%tTw$IpK*Tv>Fy2OVvrd?_d
zyxcGRKcV0d3mMF#<}M`$eDBM9;GQhN|{N
zqplw&ab^Z*A9lFvJ$zpxuN;`}7zxDwU2@3r!K|4y8pWMeyA1zswH
z_YuzKc0M4!KS$r!%Cd3(mHtoW^5O9Hk7!-EXFY(k$vwe*77m_u^%#+PVXE`~sGGF~
z3+bIw>e0`rZAPRhOzmus>aGI=hO3L(6YBG<({vu+ahIllAMvE0?29VBOQVJ>lzh__
z;#j7h4ZxlcM?LGF6|@@zh!-DQPUT*f^2bZMXtOJ+In=|z@CxGWT;kys`UZXnT3m-O
zFY}vUe*oW_b9}o)(+$)m8Rz9GY65=6;2G9tI1Wsv#~D2r^`GzBkkL~{W8w}E?41#6
z13&Y|Zg17Fmu0w`lkZ;hX|RPn-K|E%zQ?7BJub8x7#pear5esJ@I1O}j4DZsJkaiQ
zj?lnj+kQ{#Q$ZgidVb#RAx*Ew-p&B$W%}%$d9PXOlck!A=il7tJ<)2gJAu6^tthCzl0vqIg@Rvky(mAS@@^9!{@G(!`#lDhR?R%Q&yIi4u#Il_D
zM~}9e%GpWjPlq(4ZKX!M3`gJje5rPWy?(cg`hgegr{J3=`LYuApD_6+(^pyTGwBvl
z9odbonuqAG&Vt^KCzSdui~bIa-pseqMt^lCdKo)Q|0iM3VP4%%{2f$6{Jf%a0GPh_
z@$*4v@$OC!$Lg7?zS;QE8TtI(eSCZ(ADq>kYtP44uktKDne_vHUS@u)_
zZsc7W)_cmf8d1t0ZC;yI##$<4!oRBjZ?gEwdEyeW38Vf^{fK3_?EmA+*<~9qN&4=j
zwa-gyUmmTQI75qhjroyJ{WF01Vtcoc-d*%h&qG;uM!5!+OMjZ1^^MYcq~)^V>*+h`
zrkXN(Dw^216!G3;>!+YqtKvG*dV7AAFoP9jU|b?Kl%tb!iP_z96t8+Lc=Kevx~%Y0{hT>G$5mfCQJV9wd&
zvFKX__n0Dv^Mc=+0~zCg$K?3(;VH%t=>!9i|8{xlr@YgCC5cz3lUzUNUv)Gauh8y)
za!a~FqKh5gd+g1ykp0hZKk54!uj`6|W|ufGTToJ?u?m47T}pFnk-XQh1ejx#M^fhT
zbD2kUJI=4H=wrpLnw=km{H&HZ8)mH~Q^((fKNFpk`SaQg{4v*pWmMKJGFA=eXA)27
zoL{JOpRDtbWStLm;tb7-^qS#C>^JejE?<%EfJ_&c=~}YVl~TIr{bKC}eO%J-l=RDq
z9_wL2*7xo5yPLl6ru10<-2u@L)A8p*$5i-%qjgcgp6^=KG%=!UyMOneRjNeyg+_K95QJSJK+?MfmOAR^tKw+>MCITPE`Vjm-ZSkC_-Osk+VMWLGfZ
zpKo8s_2cZ(Rdtj!X`EV{hvNx
z)J3$=7u@u{=Y)uN?~?S0uLrGte#hyTV0a4FkhrfTA)(!eSUTVJ&4C^-a+dPgRu;Oqtjp@H#=;h-%
zD#!El-?i}lz!yXEC2HFL-<>+1FPHsYP4s=U*gpqOVY92q+u^G8yyk53z<)BI9SAyi
zIwI!%cJNUY?9{@DwLQ(ACA-_p&nClfE$;*#W2`=Sn$;V_u1ax#3GwKYRO`rmvh|Ud
zm(mU~EB+lZ)c>T)^O3!d$e_G08usw9M$zV-kDm0MRhsyHvkGeqLq~?b1%97ZDoIzb
z4=Pn!_%uVDJ>vF(+v4LkA=a5@S41mR4~H4+B>S47vuFAb~TaCT*+;-f97}Q1;~aCz>hOfSS9MPMb$>C{i}{Kc6Z;suzy)f
zE4aGYx9YQ$SGoGGSK
z>Y+!hnuO={VY1oLbR4+8-h(s-=d(s(4+Hc0VuORP?+r<_e4M}YXT&>ym~8o4={?b#
zveN4r=?5Fk^fjs0iozWAHKw3nl@j*5y*&C&&grcUJE&ikw_@RcQxOAgjd_d*_#-jz
zW3*QOt248_W*WDPXk5EFZe@VhfdJ_$l~U%Lm_toTjMrRa{-_gUDFZ)?)8Oov%FjLQ
zBbzo=XX1>ezmMJ)g-o#L>lj@Y#WVH?6}2tgLggfWtm{9ZGM4+T_-`kV|Nd>KJwK%7
z@rwSvJdVAT$MyKqa|*g_p8DH5b57-+PphY$Pt|^T#)qHXPtcr77@M835fSI(&zMgN
z#yhp;ERFZMG+&zK+LOp{(>cBd#~N4yePERM%WXK%!e{yVNc>Ocu~T|8`{jUx);}@N
z+9u7jJent7s)G``KkC^Cydcsg=T6{LwQAn{uwl~V
zk(|s^6Qtw4o^%#>QTo`J_rxh$xBGa#`1yY(@Tj0i-onRHAo%ZcJ#$JvnB$1k+V1Rz
z?g%@-LK-uO-y{Cnumy@Fwm`e(|Jf|!4NyME+;UpDUS{m-&6}nFZ!_?-{AoNdjE81d
zr42)?C<8+aX?AZmF}?hKI6KN^sxz!#PPKA9S>SqAX5o4@Nn9^+?;Yy2$cF2cjW;&F
zN&5d~{Y-qX+0^gCCKKaJ*00N|pUD%9QL`@Q9czM@sSLm3UvCl^J?M{28{-vE&j~NE
z7%pb$x6R
zOeglKv3DwS*gH)#*gGGm?VbOcu-iKyr|q5d
z6Pfl-O39Qb|M%;^(5c>0V*D&g_WEzh!R1`vvdaSp`hWe*I+hb@b_$(IMVj8}b*wzl
zlU@a#+C}uvw_=t~&BE!ikNp4#zbBd2W8#T!(^pJ=t1?U9^3e0EN~XRAp8iD1zF$`G
z0y-DR1F7=xKDX;v&{=%x^Rt4!WlDMvr(c*wk1D)Q54
zy|8c*V2^b2{^7o=tp0(m;ak{lU|u>ww^Ptf>Jv#AAKEi%Qf0a^y4Ryr~zSgTA9rDf`XLkF_o`+qJ6m7l?~sl
zz5^TV_@J3`^3n`)vNVUB+`3_UIXPd-NmD+4`5hVmw84~*SL>b{{busS?k2Tly^D~I(}-&yk)Os#FOJ*7(2c~K}ZW{$2m`|LtG&6GAp?s
zEm0KY_gi2Ou-Vn2VVqd8$xg$JO&0OYe}VIBW5WOJALz{Xhf6#gjCuH6vd>RG?-%J1
zM|17d*7MD-Io@ZejUQcW<@g#Vjs&o?-*ovie6cu7&)57shhD(g$RbBWA8a@i?|`0@
zp{(-Gxf=StWi32kPg%8L-q#8qHoF=$Gu8z9u~U7o4sFDKX5y|0zu(EBwx{D!CTPwk
z9&X1SMk6s-1IN)uTWM_`86vy1L}G25x;OpLefpF5vrFu&X4ASQPZvono>Ga$^V}a=
z&zDepP2OTJ(xi>Kq@24;(^WH1hm|KV?8+2v><_8MT8MNG@SD=`_$0(H&3{P7e?EXa
zXxWIH?eky^So&UDy`2Y%@f!UrYNr?rTf*31Z>BmZU0QU4%BTNnP1B5VqCr`Mia)*g
zyL^qbe;*K7d?rRS>iMy`AILS=1(9U}b?Wt035o+IC3+WXuWP|=$9Kd_4)4L%5VJ)#vz
z|3iM-|KK@tzf1%F1LVauDzjd`gO7I&_3NO-O-7%Z{s^7>BkH9;!k_j>e2e=dh+nF`
zUsv${*NMkE;>~*Y9_xBa#y{ULunQq?FkWupeNo^Aws&0i#T%=o{?i2g;lsL*K5sq0
zkg>5ZXq+6i`i3ANqYpZ-
z&NlZsK53OQ#2Y=`95d{C;!r4N*!P5>SNj%j5&kRoOtMAh6a6FdiBdio^ChL{YR&rJ
zBkTX%T2cS6sQ&lc>YqJFS|xwi6Ft4}^L1;K_ZGdUtQ~iRjige(3P3{Q8*q@I%Xkj9
zWqebJo@|Lp@2L+s&JohkoH4$VYwh8Df!S@+t#?76Z8MNR#-EFSTdV;S<2wD`Vyi#q
zYq9_25x4*4Bk-?dK0=PH{4w}b8NqxgqOm`y5MR__#3}hQzD~wJH=gwUKDC&iFZnav
zBPM0k`o_s?#8f!Qrd)2GWqk8Q!))SvQ+4nyRy%&^VSej=0h~t&yVi1SR`{{QYLi~f
z??3Y#7PvF1y7;lZ$BNATuLf}rh+`=23Wu+9e`IW&uPM6aUql{Wl7sdx?>%Hnwq%d+GPu*Gp61@u~0ewSr_6ZIlLP3HG4^ZXON&%W=R`EB^>syE$M
zqzjty|Me0VsMNwK0$%)`m%o0TF^_+(&x}vOosAryMYZr*fH!-HV>AmKYS?(NsTkMU
zt^9zaFEDJlZ=io3@3UHxmGymCA5DKRuy`D$k!Us^55K4KvW0tJ64D}xU7pB)^E(fK
zg;bSpvqKShL(HL{&m61Pxa8-b4A`8-M-Mqd{7z4W<5;asmeVt^#2pgb5APW1ONSiI
zTvkN5f5Y3ih~7`okt7sL}sl{Ze2p(*Mcr
zOx)Xmx+$gGI5r;Qzcs~wgk<6S)_&cJeg(0~RhkYNeE8uA$pU=@Iyl+cM@U~7Pm+wS
zR{R5rx7+k@(^!q?b$Av@Jis(IVXwyZeg6M?jh7eCqqUNW`_J-Pr2Sh*dJEOzCaQxd
z|1m1x2YXK!@yOg>Bb&;3E7?2xFjE?eOO;5m>Wlz$v}vsMd`f}6r9_`S$c$RGQ)i=!
zxaTonH(>us{WppFe?avwm-ngo;Tu1B^HJn;&zQhaPbtvH=SKHaUJE<4WK;9?+o6j9_g<9)6iecKYnJb2H?#Skqr(fut!D@Z3kw=6c`HaPLw>pE9gR
zYdF7O*AO476dO_aO~JpL)BMAo)fL3Qc$$BuoPS%%UX1J9&s5r`lbx+2#t*o6j4es#
z_4bhr@xd3WU&v@@-HgRW?xVWC)t42Q42$5&qjIvCyFy;8ja0HjxWWrr9Ss)6DboXKR|Q1
zbDFzH0!cA10|S?-%((Nfro6k{m38m;4YvOIhWCFTEm0qjVvh}NwzqX{?MdGV)u-i8
zq&~lhSp931Mbb-qHpH|ul3QF!zQ#xA*8sQ&_eS7`oS
zbbLhPWb~((5kE-!I{hZi`zQ;yNc}egnV32gcXn!VXQ02F`38#V57@=PC5}5A`vvCY
zd;damOm{P1f5I8ozo0SSLTOrZq-mivCLPwu)Wj)m$*&SdD*qL2F!fx8*q{C%=Dr3#
zs_IJozBe<;B!n=)0BIXxz7jIY06|gXmX9~d#F<2Dqs2A5RWs4rg4&wyDrNtF$4n5r
z)M`t+i2VDjWhPD%*LB-z89sKmECFrH_Cv9unzmR2LKjHTr~#rS%${@adGp>(W|Cmr
z{ny_Q-{gLrci*}9o_o%@=i@k>u|RuR8SI(kJ5i<)aV65ihccB>ksXd|x@NVaykIZ?pyEdJ%I?%^RoRFKFv#(fdDogE%&l*t#4>Z#_;MeuiX+^rOSxm(kK6xB_W1T{
z9NRnL48^#>fSciS09P%Stm9+bqHJHxa~N=5m|{VSSjgC3J*!22y~_C9aq)UZ&M`Ki
z#oZJAg*}`+GXO9e<46-x-yvC>eEN7NE{dn?qIYU}{U|1JwadqK+`zxrGNsQ&=e0U6
zRllL;KbcC5XFU&+{6OPD@UB~n)vw)GSF958qg)x~mQ^^HVvK4I7#!z@e5J22H6Fr!
zmbk*$_K8bVi|d~@|10-7w@kr44`a198-8w=tdDw|*vbU*9L?;GMEd>b;;taOw8sR0
z&*1usOM9Bx${6xVW`idZ9djy!fd3MO_NXVGXMEf5A7_8m5aD$Af|JKi`m|*8=yJv$WOu~oF=c2tza^#5Dq+{hhx5y9CXkPzKhXN}L;=sKXitL&|2d~WN7DOs#i)_
zdECP8hxb3@$p;?kM|sZ#yfd5uw68I9ZzAqN>VTJORTTE0i2(af
zd^KCi?=TL^!pCAYyCWWCo*43LQPax`#xAnJ+On|nZXEY4_~zlKLOqwrmV5Z)B6o7y
zdV}_Om(>4{p`O*PqTQj7<394F_A>mAvtSG7EAZS<*u#+-EI8~~9}M(Lj|1-&=6ZvV
z1K*E({ou`Ees6Lu`lGNrB6z?2BIaUVFZ2sbc@Bvd+ge!ri&>`q*&VUXa8{!{0Z+az
zW-5X$en>xR^Q
zGUjg`}8rbj@&m$d6;g}JQ;n^x_IL7%Yf%S#-
zsD$qY7xXJj)Ud}ACc+br&8a)TGx60<_!_xZ!`Hma$d7zK^-t*f=dsASz0ZVt4%7E;
zhq@Y8m_U7C4Lh@^hE>LjL_RlI7eeNe0nd7Qs}$rd1==>jKg=%@fb+K$b4)^8kzZ<%
z=lJy#?OJxNxCe{Q33^e-&-WA1*em#Z?(LqvCRhv4-4>u_s274c?%wchsOJLl(<9gH
zb0STwK-n1n;oh~e8xr`QVvx7?{vgz|mEv(6g0@X;emClMXF>hwPeMIc{2kffj|L<=0si--$pzdbV^72?jq
z?gJjE#l>|;a8CUj;0F8Rx5G28x4%~H3O2rqag9FVdkW73i_eGokrCDflwEu6F0P+c
zb&_z#8(~kPJY+z-5JjJF)Xn+bM@a{K`Ch&~+(uM+oDxc388R&y2Un?c6A7vRpQ9^iL?9U#vv
z#Je@rK?1JfnLwQ4p79t&4mo(nJFaPMK)h8@89d{xi0_qpY+Fs`@QllfR=$kN;Te~j
zg1oGT%4!hqtE~=Nn=Pp;>S
zUKZyN&AM$=43vChvbHsnm6hj3Cz{0
z*K?6@cMbi-(PQItsWUp9aQc_*b4KU5yqI@Ym0wV=i03QPD$FH_<4GokT!T6i
z7wTtrJGedXVS=}b;B8)l@yXP9`c<7Xndf?ph4YP9?Tt6(Ev-ES?Iq(Yb&|D0nF-_O
z`G2VIYUtYw-y|6uy%@i$*m}T=F|8c%ji~$k8LYd#^uD#!r({X?*i-7dXq&{pu7C05
z@u%=?DCTj@_I3R-BVP!dkwjaE(&N7^7P+E2c6$S5r~^7*8<1cfRlr`5-%S{KrN6oZ7mm^kJMW
zZ1?!FmOhbVxVc_|wKK|NC24qByGV`E+f;AlaZOl2L7HWBDDaG5ngKXqlFz~IYoNTz
z=3BsJKR3yK?l_)HJRb8+w(IpcFIt59+E5qBuG~&)h`(El$u;EJ=M;A?g}%|`f)iNJ
zr1ZFohde19rsZP!@*hM#ypF%FLp#p_u4lfe?g@8XJ1;d@5ApYPG_ddv*jJmNtWG#Rbqwk|U58%28>qWU&d4(>}(&C8ei;2F=?$;a_aB7docY52(Yty`)@
z&g=>}LzzwRboppI2rzbxQ4Ul%AJCo&&;H{ErEe%>ZLF?BUz`Cy&!Zx8oA}Dbr%2!hh=xyA3&Z}-)Ebm
z{lNwue1wbe-XuNaRP>8Al@r@9Oy~J3$Lkbw$*;Ne3D48r(jj*)eL^T!!|FUn>*tgM
zvXAr$zCf$N#q|j_%$Y-%;QOO>3AiRA%r;J!@RN`jv(>H1rysct`F0QWKT?rhpRnL>
zN&cvhc|YwkQ&vcOB+$8Yu+&pE(DH482Zv{lOsDA0+6GJ5Z5Le_)T<
zO&tpQ&}?`L=cYC$bNhflum0eE!cSu1htnUlQ2z%O>h%Xfu0QCd?`>ZAr_vvIxc=ay
zTz_zu%MjO+j$))7-#^65uB5Voa*=C&LE3q))Bn+a*bD6*A^udwSvd9gS*~xWV4vs&
zIgsldenWCg82aJ*C;=I;0{*FEnnmvqmQNbPaZ2>1q21dvEfkvc=~Q
zGzfpv)&SarbsAcgM_`_cSi2IS7{l;PL|?Dt@(t=~ehM^j2JEAsvw@RG37-LY-%1u7
zuq{RU#rQpw<)Vn^7zbK}W1Md7^x~M!u(qS7DCt@|yNvAa2s5;}@La}t`bd-T3^cN`
zcoV>7?Cv`v5qVC-x3Q7mF7cOs5(JiSTPXSqI(^NP0o`0aSl#qBU(
za|Dt}%&)M?WniE2iTGT1$HiK{GlqG_(7zh{pwA<=mzj_A+)x)+_`0r(2_2Y&bYRcy
zaxsIr=L9~5{B2`Lv)JXw9GItc;=4`N?g?p3y)Iv=Y6pn-veUEO-|koMqATMSa$~Gx
zy%IosYs9NGvkqj2$^^DE)4j-CT`t|x7iuRQ3*NEfy`6f0oGl+Z*ZMQDzRseUlTSo*j;dbL|51pq!E`s
zP0>Pbd;9h{AYYVJivlbHm*+=+)X<|k|_aP%78j$X3gy`OBbx7tWYRb%J<5jLK?
z@QjzR=VG|81Z@&)RyJYIamM!)COoOZYulcTFNT4inK@98yu#g@x1$CzQ4
zgZiuwX^#W+sg={u65s`dUb-@2W{o=iRb>pzu%5AFoQ{aST*mh@+JPJe*+SCg5#sXS
ze2~WgN9NQXaK}e@jNVm>zTJ!Sv&ZPkdjCH^H-C=#-e<#^3tU#$Oyj#ejxgF8>v=?3
z$0K5%&MVigvf097E~2K^+IwKFrj_Nl)?$1DOGdjUJXbT?@%&X8?aHCu-LzhoX4HKW
z>h92;M|Q05)#{gE%vF6EyaRQ)%QE0#EYj5g=h`g&YoM%JSB7?#YTjud&~0v?0du3b
z&+u`3%&H7qQ$?9W^5udHAP;hV@}R%zpF%zF_{BV4EZyg<%J6TPxyDhe+TXYT1M&aR
z&QAF}J?DgMSqLyo$K^A9(?1L9Mt>aYF+WK6U(mM@_?Vg0zm)oaaK5Dv=XzS2zIdjGAtAjiodS0JwnGSLf}{Pb6e-ndFNej0P^e%SoNT>kyoc>8PA
z1>-(;b6X^L%BDu9ysggw@3vWT#}=^kcrTl!f|!~671?4?&+h@YNT<1cw_OtV0Pu{f
zwpcff0gj+O!h$}DEfU%jW1oTqz)D~roNw%d`~8mJdH5{R=?UW>el+*@&4cg5
zG0(Y-F}q;Q1ydYzu5qQ=zvmbqm!n}HU|wC+tJI)83^de+IoQ|Na@%Yi)4+LguAx4*
zn8zg>uQQD3bcP;zT_v9VoQp=yg(1Hg!8gmKD|@TTYEUE*~z1h
zzGJvcj?(EpSO`VD($PYK}PM*Kq|
z(31$PFB|Yp$PZZHxgDMr@RT=;SOPw@8+&?1%nW7tEnD0xV!iTLBAC;~m)D_S4!k**
zl|GDn&OqiWMZF&RFya}^l6ToQL!U6rR|lNOFy_Pt9X^!2bq>Zhbw9Z+!g2F2gd0~0
z`eQY8w&~jTO6weJ-B0s*jZ(Xd^Y%Gae~uct!KU6BON39<^CHg7Iv(xNJk?e*>EBXu
zd-vvwPvb}`Us_H?M{n!h3c7p#MME#bPiJElb6`lae0NX9E`k4n{X
z$#`?EWVF`~!0*qP@VBe>1pKbED)8G`dkTIVjDM%#?;+lPlY;Gs;rHG7*uJcG1b%zx
zDz!3{k4jC@=1Sh?BJX>bVt~F(Zi}~?zRAmta&^4c8iwDFS~L8fWxQFL1>-4_n|@$2
zb}1%+X_4b`qj94$6UJkeVZ0git7dLy{ML8;Hn#2uj5X|*SbMFV`(9nCn3+2<6aKaU
zpRx2QTO;~S?4kI3BXcmG{kqslvM!?XfH-eV7P*U|Jf6#cW$zsA{r2^?#<$ZtKbnWliV+DunPT*p1xE7e^?FtVGaAwT?+dh*Wu#*67VJV=-3Nh
z%tu~L_gvq-pVmLXsem%{W)Dd!MriaH8s}u@RH}f4bfjI%JY(K#ErSsE;zjhtP1zXK|Eu;Da7fg2&XU3g71U!Z)~$Q
z%o?`WW8G@1dlu@xMfi^1qIjvqA_d(yUO4|3H
z%3I(VKDeSA^U-hlW~k>X^4ar2JB)i2mV|!wRG#pIdZCf%|18ukem-)Ta!jD#D)(1y
z3#P?>f%b+1)x6BkbIRL9PI;JHHK)9RVymKmS1IM5k6s;AI-d+GBF2MlB)Ti8e3alB
ztS)G`F5Y>y;uU+>qo9qR%x%^06z_*R6Zd^@h}33`Ti*}o*Qkz@?yj(ZDaptf=L79X
z(D%;%nlpgBm4*Ay3V9X(p2qJq#oo9Q+Tz-NjBMf}mVM6AN#=St)zecKZz7{*d8sy*!Z*f9LD|
zMt^=ohQBWG3H(0AKJOsUJGU12Ni&QG_=W`XCp<5O(Zh4{RxtN2{9Y^WW$RDtW?O$&
zceppy^8|hK^E382zl*U6fDiKK9q_{U?85cg#8!5q5A>Diy^RjM+cKoD>(Ilr{-J+=
zUO|GH)9W9k`qfZB0QLQOoTom4KI)9<;C){p`+otW8+}R;M%zoFo?p?vDH8p=AJx^p
zM0LZ(`<(6LT9d0s>FY@ROGfLeZ|I{!stUexjcmG?t=dFsA9=|2Qx
zZUeq|Hng=Y+~H`3xt+6?)<3k(rMm(CK-n&@`#!#7@M23J^4$hio-z*l-|BDa1A2H8
z`QlvnW&cEW9KIsmeWZ@(1-=3J-tTk)-+*`9Dg7wR@gJ9er={zsP_}7$BGj{%auxMY
z!*>n%F@G7x+?#DZSQq(esAqt_dG9pNcgN6<|I0*g)jS4#?*pt`2-f2|SOyO31rF;M
z1nWMiFF~IQkR4w;YquH5ZZYCn(OpjZ6NKj_c+1C)?L`jn-w0mmG>l_1erzAnjcqZ(
z8ZOKn+mAS`Zi02V5YJRGw!^@ym}zX=VQkGCLp{ry==?7f_l7*b3|nAR`R3{z{$U#m
zh5czZ{txZWssVOA!CqY`bV(Mu&~fT3p`OnXAGNG7_qr?MJlY`t*7t5C`}fqh4gz1+
z;(&9*5&q{;kCWn4oG94mbOZlZaKu)x_B}y;4;7^Moy~E-!?E`O@F&ziB%OCWTkre-
zyH%~K+9UODOVzFxwNh2IRaEU#p^BQR9fVY^+SJ~A@4XXy6MGZHUJ)xIl6-xBzdz37
zy3c*CKh8hraqj!NU)SsDZ_Cn8&yW6ZY5$|0itX}dcZO7me8i`NU+--YrWiT}S>EkZ
zoZJ?3+&u;!uR4h>)Q$SdW0-w`D3ftmFLwl8Qv72VmNhHCZ*vKG9s$v4PGFvE{0gVX
z3a7byk9jgs(sXJ>O44j;^A_Yx71}~`f%_PHS^gNwZ{#bf9X
zv)FOdfjlgJneP@@dIBb@2pm4IQ;DJV$v%lWx-_}rRW>mrd(E`?zxXs!DzakWck#WL
zgYBhj=bYK#Lk-zg2FLoY0+MQ>>!<|uIa-FQKQxjim9awnYMVR*6AW=~n%KJQ{&vy8
zTe;mHnQ2eA7VKK=d1qKXk&w1&s-}06XT(}Q6m>Ix`kRR#*8I1nc?_lYbX!vIv>FCEfvg~!?Hk$WHXuo&tI%81n%|Pe)VA{L-`_;huR};sIUoDtbR|lJn
zztqc_m#z8N%(PCgnzwr(K6I4m1@E4JrTR=XDx99m%-7BLlAgE;zUA@${G8_Lk_T|4f$NvR*lNi6q
zNCw|VpAo4f+bvl<tCM>Dj!l6vaF7w1U$`dLGC7f~c
z@Z6PPn`-7JX~kutT?AJfFMg@(vaz-R>r3;=cQ3lq@C(QQ@Al_dw+=R
z2~%6;BLOJbyT?QPbg9ZKWU=bc87krlggGuT%~#uH3R2C%Q-yg-4CtJGn;3FBqR>fx
z4^184;mU68c`6rf=?qG56sO#NXA-2w!DE!k+8^u$)yft8{UXq-QZP>E>S8
zqUzqtViyMnGpQOkGHe<`IL-ICkF|X*a26A~ScXT4Ol0jG9OtV>l@6KvH^hzTKASKD
zv0*n%!m6PmZO#28kOaTn>HogYPPN8)!q&epx>#bvN
z6*f8JmYJt$l?8tq+a*yiladg7vz7rt4qbKEg41zGix52LKzgVEGjWu~{Oy6YGD0rN
z=~TgVZbnUGuYpv7MOjas&PwyZwf%IniU?QSkM|2px278t6>c1#a719%rFx|xwQPmG
zLN!)yXQyRt)FEaD|vA_kxR~5l)-DP421{~vO09l$I@jK
z*EdcFdu5IO@mX?=6Cw3Y*u?RylZDiVfEp&pu3|3r*6+S@xam}erqg`;To|Sw(sPNs
zK|@G>d3a;#@x#jAtCQS^9j6S@9G7w)B~Bd1X^TECVB3FDD9a8px#xmP1XepjplGJK
zN@Ubi8;$IcgHyr1(RlNydX3TfCv48*fw1Hjx{J4{?V_alqW4n_MtZ#UysKk6*rr?i
zJS$*&A^XDUGlq;p+L4#uHruUw4v{#q;#abayQ%D)%wSMe
znw;YK!ZlCSKzSNhE<&4tZ>lHC^mj9u41`tZA??X04{PLdlEq
zBA5NTNLp*L3H5*m8Am?+TRy^*^%w5mn8+`+PwdQ5H`(fZG4zn`0Pj>qq~Herm*5Q7
zlxJjScPHo{6FCg$gL!r@h-Gdhb^h|=+9nkFbcCma9f~`*D0~nQ
z(aa?m-WVP8#wW+_=26FaN|~@mZQHCy#~rn=Or@1sDc>*faF*dx_S@vy?AD73n+HWm
zswJ^~(v3N--MNSI?3R%02;q+AWS>6mO|5tx?NVPkNPuBx6mxhoL&clPdaAr_b}xw9
z8hdLcgVvcqbjv4#E}d|?Pu=!Hr(A+NXt8g&C($vAU{QGKDLNvwwl0Q$8ius$%ySv0
z3;EGz@oH7m`dHzo80VoI^{`e8G;IGDT*b+@F62jGnZo{!Mi*=42#cU;;ZDQpFJ{vs
zttkVzqNL5`l?FijzKeYt??J@QrUiKCeG;u?VtVE&zkItB1;)dqr^a~oQ;W!4$t6UQZnoOeqQ9GZ
zhY;HS)ZcQz){leN`xYv^N^i=vC?^B*h^`xao*jL+A1m6_C`*m)$ljGH-LbyEh`ya@
z#a>ZC{?lM{P3n(5?Nplw(_^~+p4N4TsdiHq;-6t|q(?qXZ_qT|01`$`mt2r~ZSFnu
z_K`?Cln(LFu*;Hv^}woqaiocm3{>F(y$=StchXvvN^ATPzw#UEs6UteDf8-1HSY35
zeqQwIV_7N@QpyzK$96GUVEO&t`e)racQipaifV3Ys0LOeUW6K|g{1{wv-6&ET3hS-
z#M&Ic0XSOOFT0+1&uid|Ues-Y7vE
z+IA!V^7`a1PK9PdJ@2CLXVAYPk|X3h`9n7Qo$8Dj%=NE^UAF7BCb4RJ@RyaK;1J(pmtY>|D*it6W4kC4^`n)6|FYA?#nzhT!E5h~A
zrQ#gfI^2H27`uAV(z2^^&z>ZlzLR3i_j}b?9tyBC+jfElqSU6#@@)&9ZJ#eOdE7!)
z*&NQj7_J?y6VcguGv_uLYj4Eqrt)pTM>=>pjfT{)47z=J+={R|ucIchE_1XVi%b)L
zN9{qyul(k$iAlPhtJ>KQ>#!oR8A9V~$^5
zLP4M~1kW^?&J3siy*PvFw2V=TxT_WQ!
zVtN&ULHNZnR`OzBtXvqgBrLe_Rm(RkvaQBLZi%1PCLQT6YFqPL(*ud}`^nEH_ScQO
zjn1ge8_4M{7epIhmz{)URaopkR1Ru>bd1M~%??}aLp6J%;zSQ9hVQ0C!Hs}RuPlUM
z&9!_XxYg~w%Ue+Z0xG0z5KkEs_w1I@+iw&X&SOsQGUVdg@v@kp@wu-Fxg8Dvyd7Pn
zC|WXWEliv&rz7
zg{sS~9%50A$)3Ht-&r?;q6GLoD<_BNw;aQ=YgmnfV9F=rDNj#mqph*7e3!9;lkl++
z*O(j0V-ro~a-3>>r;Hf=e@$GDi(E!ecbpqOkL}F!6!aK6>hEwex6>4ei`>zVw&>lX
z!OkR?$JJRgm_~*QjjF||OP;pOwYAooRiVP#lg-K
z{ieLTX}yYRHR5$CBU_G>V~<8QUDVP-bwV;O;}p}-V6{*=u$P#$XYG%X&E=$q?W(6f
za>5=Aw#;8`5{p+3Ge`hS7x6{`vy6dxQQpYOZEa5=>!LFb&{L&5xc}~$6)1;?%6ZAm
zL&G-dUf5S`K%`(I2ZV6-Lt?y-l0^{~^Fw7QJ)FLW)iR)wb9lW@&Rs#W!D@vpjj7L&
zXfR$m(_Lr(*O%?X$J|c`c59SwFh-c3VEKOwLptn-N`O|>yiuhv8JNsS613xVU6-!C
zagJ`ca3F{5bp^Hi-BwTAZLk?x?D`xMK5O;UHoD$!ssYM`q<6?$jp4k0-eUNbNhc!p
zkfT$n?$7JnPtdj>Uy`MSRM_;Y)WJxfit#5dCCH?@5JE|Twchu-!_$HIc1+lw2rcEZ
zeu9KudE>PW_umZ>t9f2ix)Dsk8iCvDp^@Ab6tBOvHgOqB&|bN%vy0fNEwuJPfq*Js
ztZ@8elOOvZo%VM7y;2P(hn&YgX*iG3U^ODVHE6qKLynHLP83vcMjbn*dKX~R5_YZE
zLIbC#BPE2=$RW+5cnHAV^o6I63!6oMx;>26Q%9T)cZ@O{1^yVRvw+2=z(24`(vgKE
zJfmLVVLuHX>vlt$+08M{_kPGmSDi10zKU>h^&w$dvKUO~vkASzLF{^%4-*C(W9paQ
zmjdd|aur^yEVCKp!_yC^3{i8NHV|1?ujIFAY0|t1UH_M))iBUks
zV$kU*&T^wc_D+MB8`lVS_eT!W#P`%V8hUXw`>0Irj`Qsf=Tpao{WT!Df5RD5A>kyW
zJ^#piA;_bl^=BD47W@ceQBR}Cdh!AO=?z|B!fb;=TTk19vX5NXC*dSMfOE;@S|(&$8+pB)m;KlXGw;(FlA}Kk(H>A0
zPwnWcTnNCY9@leVwk~OV4+I{A_6#eV5_^H37;qI5bUoa9bi$c^gPCw=2z6T#Z!ke=
zKA5(HdE$`9jcMxF>380uqLolr1I9WAN?x*fAd4a2NDv?=Ty0V11q(=DVv^;%AKb|Rg^
z>d(DpCt%hv7eZh(Q5Rtj#NG}9)O-7>n+LPT2VxAdH_}c=i7+xqt+}=7E+EN>@C$nb
zs7UlI3k_$EPsfx%_L20$pF8gq--{sb7C|iTzos~^l}&goXZ)%Jw?A@L#Cj%}w2i5Y
zBB*B`wD=1K>Ca^P`pE(YKnxn$uTo@qa0d7yo325OsGjt=O<>UMTfJ#2StB=--zylA
zrKGn_C6U!GFD4k}rSb2hk7o`&8V)faRtc^^<3YFIo`2^RI-oaXbeGk9gdah^p^m=h
zBMlt$4}KelVYAb1U*3dUH<+kKcZfPj3Jpfy{gr$zFKl_jUh;-gN>4ST$;8c&7k^d^
zmxKkwOazv%Z!1+t1|>|j-k?@wgdZsur)YprNWB2
zc82Z)O(g&3q`1%``ls*dexhYH2si*4KMlxnZpFB>Q^mi44e4(+I_XlTiak422rhDlqH%adJsgl_Ik23t=
zup!O*b#F3@*vC-p>A}y~b2E`8tA;jjERr@dq>^YRY9te`c==)_E=JI6HV>#w3Kv#q
zLVQvt8>KFIb?^YE{BUs{W0}37ho$roq38(E*V|-+hkzKSHpxs;G3kb$_Wt)EJ*K*H
z_hJ6Z^g>|)pIUW8f6rwE&tXbC&o7OSNHIp@hr^t{Q{Dkke-4IkZ|X$0SbRJcdH&A`
z^?2v>!k+>0M!HauFR2eTCaIJyCav-#q~I_9t^YM$u6D+aPX_k9g5dLp-lno^e2-V!r$W1x1L#j*pLnq5`D))>BE=h0cU#RB>h**Jk#S;pf)6)Y
z>|Y;#S+4SgK)az?jL|(CRJu$Ma&t5IJWTbZ-Kc-1SK^!zgkIY{+uEi1)e&Ib;zNr(fLhul{-P;v70-0@pjMYQcRX~Y1f#BIXNXX97ut5
zA8(~i?j7Dcx}5QEMCjLyv53Q?t8_@_G9{Am7sFQZereh9~?MY
z_k$s->4)%k-CJTVGW67<_{2cH>iko^9ACD&d*Ybb%0+gMs%#bx)myej9AKT`B@y>z
z0c-T@Y*MxY>d|?0t2Xz!=LzP_r7rH7o@r#KJ&ea{b$;5t?Yu)`-q49=IZSOA9_Qu3p!J_(SZFVZ?sU^C%f0;RG3FV%q2ohTB@;@-cHth!?!gd4&B9ab
zE}^!};usQI@i2o!L;XTsZ-yd5Z6aovp;zPOSHI)mCeVq&mtkZE^Rw|!=yT=SkL}&S
zC>0hmuP?U$2Yol0l322HcX9S`NnpW%JwSX9KCJ<=A`J
zOc_<#Mj7H0B->pT!9v}6JJ}MrMF#Kau*FA@@AE*2tLXLa&|LmLrbdUF`9Z`&zHrOp
z%pIetJAq7%54JXJf93*0@5g=HL!W{FOYMv0R~2Cz6;ddbJBdOVl=mG%lW>u6p{Azo
z7O7o;?82n2p>VwHol|wOt$=dU{~DP5CTC#_A3?VXn~?aHwiAVNa#+%KfH9e4`m{sg
zqGAgYPh{ZH-Nyd%WZX+bXTp{G9gp>#+~nkVn#sIw?%|4YdB^cJGO9i8Jyqe|RjIiL
zdgqWS^adB&dLGej;t{$?<_bfOwBnmOx)d!&q>h)U
zNj;=%M#t3gw_TI#WS_%|DL~jF5Z;09({-Pb%q_m?v6qCCSf#QDq+Z3>U
z^N_!Dj*x$59zxPT7E`(8W8YEf=LW1Z@2X2Z^dPdy{QL&P$hUZs;ts3cQkd4MAGe*)
z
zBRhAQkewCl>iQcq=M6NQPQV~VRO$p{2TA&V*VQ%8wJ&3A8!pZ{vR=ULHuXmDYb0O~
zA#P5V<$;E4!8pz)z!kEm@AQN-Yb-{+XZ91^AGv!NEdp9(31_=U(jQ2r#J`Htzf{M0
z{e?T7J|L$nK~>YAU44ndvAP{1V-!6dbF-#N7gBAQc|NBc5ZwV`
z5|+W+1VzH=0qA6C4s8>BFW^hu@V_?qg_?s$Kj@*U@GtT_%ENg
zrs-XD$Y36mF%k5L@}?igXRdx_zqVy}iHu7nPn9cJ={vX
z+Hy)A&{_Q2qdi#7!bA@P*Gh0-FNQ47p|;)nWo1Jq|E-nX(isR42cx
z=QkGLdC<1&vUU_bS_oSa>~_$)3kY9f=3CI&lP7l};DKi#Ict7B)ZjkC6|Y1fuA36=k_X
zgNvvUgnLE8<{OBcFH@vruXa5l$9}vlz|?)EqsiX8-R%;Kc6d4bnDho3=r^o&|M$6f+efU&BhNAs7^1Pt`CCfDK!?@v5muAeO_*#L)nQ3GoS#@K63Mc#(kUNJk
zCrUj+Pst4g41YUB=(-#E!I&jcx4CgC>B&h3
zBrM{VWnS=R+kN3wPU?M=Gmbjgi{X${)V&>q(O*Q`DT-Bryhukpx$@?)peEuJ?xy*z
zFmorjz^sf{s=6;uKdpz%*Dx1%n^k-G>h0pTwq(^h_vc}_{Hh+(wo{U)%!zjG?!)2+
z^!+S&{!)tPw=)?}PS02T#&Sj4Q^-Qx%)ba`eb&LZv}xI_b_priXnu6i<;QtJ#GiAD
zzjf0t)dqNKQn(@Tl!`&d{8)K6sRA1soIOwR3llvkl7CE;$F_W_Qnvqlj7l=u#NRLb
zdrVGR2>2Y?e7$?oVUxOBKkh&t-795XPFZ4f}3Wbj<2!NX{9Xds
z7X>b$Kfm|*%6!q%2DreXuY&@AI%G_IJV5oPk^Rfkfya|g#?HNQqIxXF59qP(s;2uJ
zig~ZZk{{)#+!>!~@!e26jx*n&#L+n_+qwtw!1pfSTk77sUlX-oIF!iWzoKyOe{@;Z
zTzU}XgOFcP$)p=z{)vCpY1$@NXLm@k|QKf1N9ywwuFG2hTRLryU#
zBCdj#5hcHH&f;gT6NKK9VbxK))04V!HiMyuAAlUR!)4~$-V@1dE}B9+A`nP)YD|QAq|uG
z>h+3&^c{r0(BLg4`yRg-<05iuR}(dKJ+eK0Z6(&+A+G;NO5bwS>Q>oD%#VrUP#x3NE^=G;`lKxF<#b$BZvz}Its6QO|m{Ivgr`z;<
zmdA3aTS66hm>ZLzAtDsSU>(YdB*n@&if2h8X>IEn}?Tpdi&*)Tq;JiU!qwB
zsmrrAuZF*H73Fa03PAUev?qTQ7C}zv(TLjNt02i)_C1)ABkNGEI5}
z4oQKSx@dCpKT;(*PZq70WHwW|u+D$KH$(Y#Nie$Z?%1I3>u&=FAKk=US?5jfp-WcW
zB)%*~rYJiaPP2C(ZD=foyRyyyxVP6(-E92~JgxQ(=9PYmh(HQeuXB`;xsBK&7kVqQ
z)>U(wolV@jTrMd3F-$wnsuq6~nVgxvaP_Elro{O(%abiH?R!V7dRs@2pKe+XN&?!_
z9HV~Sbf0fcjT&cxsnKlT*pYv}EpNeInsSA}IBM;)bK^qqZvUfV0jYl$x-0nN@D%z1
zDjRu9^Vu_aZUpsjdXs*KoyY6q3-wMx|B=ryS6yCXydBVftUI3VvF5k9454^aD)qUeLUN%u+POB=ATwLN
z)cJs|?xC9g~N6eiDC6HX=giWYELrp_@-4^#nF`=st4_*IOW+LwZ2}J%5^c$Je*#Cii8840**hp(q!}l$keJ
zk6On?kP=Evfcci)@8JPf{Vg)`g!tfO{ONSZJ~2Jb+88>VDYg(3;d-a|>EV#H*ll(*
zroL}gvR@83wZMUX3pEeZOt^6h4}nKg)>WchDHbrbW7O`YN6?nXlWjr0vQ2u>npthQ
z_LC9BjWyWwyPh(o3;GnW#b~8Xx94}y8Y4CfeoJQFd%GyK=JEWlb3+8C;L$@TZgnmB
zd@q%TV{OWYtb1>9V(`2h{@kI4pT#~H;dY@M+!Pa5?F~YiB9S+DINg!a*X`kw!{c=0
z^{fl#P}qY|Q#zZtMgFXF-Wt2A4RFx#}`rtpcn1cE9*^{TQ%UXsJwP+0~WVI$l*cZou(tKXCKce#(r73}ZeM(>VMYwCX
zu@kMX0o~M@$obK&5E3ue!OLX_rY+vrdn1DiHNal}LtGDX_QKyk?fFxJN=@T)w00u5
zapPwNY{CCo$dnYKwP%1{4!iRtG%
zc@UjH&|QN{nL`PdU4d9U5YCiF9)8yiawNQY9&#)+d%F@z6S5EH)b@A$M6hlrF|BqU
z4`k?uZ~Q2Um8pDez-KH6_xn5ry$A;okbeFd#=X3VIC{tGtIX$Qg2=3}Vh
zx^T`8iGMse=w|Nx9WR+ok*Q^#u!qIysvdaEdVN+GV;oENp%)imzQb`QzNOnUoV@FB
zdib;9xIjAAy_%>+SF9eVG)px1rm@a9KQFIT@
zbO_5W(ynJB0QKhS#}0r7cuDn`$
z{@ZP8UUWe4LR|ip5&%ve__|fSN0Yt$denWP@ZlOx+_;R$;k~$<80m7m4|-8X>F(jp
ze>OE5L-aqx7xuIqs_`+NMZ&8FWYs2euGCnj*Y4(?fv!eMs_rc>rWFs|Rgv#4^ekn6
zDKDMQtmna6zPY6P(UM&zc!;N>(dGrDkEm?5=2ml
zrjRq3!LKy`a~6Cl7ayRTZuS1J=A$2#+XIh=1n95e0rc}(YP)2?8H6rnp1)}fc}eA}
z`UeZUS$)r2g_z02%ur2!qBnV5z^5nLxn_q!s<_)LiN@>VCW}H5r%m
zwU&gb;A3W!vpQVzgGjKBYyYLQ!X(#V6rpr(Ipae(`gM-!u~>kUO8A9`*XnV|gIxRJ
z9bQV{a|)aK1o=xB_Us;M?qrEHKndri>0y{E3fTP65|E=@5qkgl7N#VEpLRcsw=b8^
zJrDy^p)1)x7oMZ~Dz<1j)Ke%HQ2n`t~w!#s7W6^
zBY5bh97b07S3R%iQf#~G%}hm`eO!M+B{%gT9kFuWR`Wuxd4
zy@&^Um4&GXHOI^q>=O
z4CvV!-%B)rdC~tapDiVV;lphp!XK2;Eel-3?a?0@Dpj)h254o
zK$e5#UAMd;7VsN7gt}YK0Hhe8&9z6HkXm$UvTTlnJ>TDN%Jc!5KoYN
z?UmGPUGoR~RaQxko~X)J7Q-JO458@sm{4=Rm2`Np@_gg8uB7A(PdWI#wQy8_)gzQz
zK#LMzY_N8-$2seYo^0E|LJ}o8x%TabHTUd>^dz=-ccvC;1!Ey~i##VQXgZN)%Y|K4
zYS*bzE{f;S&@-OFsu|wDZ9X2l(Hfkwu>7+ShWEqxp;90)i9HEBI58LjS
zEZ11D*d?x|zJ7#4-f^MO*HFL3W9KIvp?gXhCF~!$4tzC}V%@}^_FO@d)&?Sve
zP;{aW!Z4TQMq>C}Tk>ARhTnwaZvFVkuzZDjuNNn_4}ZRK>iXe}{WX$0M|he%nM`W^
zxN7N*Xba6+pRT$5H>Bbo=jTC`mk5>ZgAZF)>9TdFv3IALBOTRhE|&qvc1UBgEIWYw
z&gvnFa;XB|o&h5BSf-&y}*f+wWk1
zRM_!upcRS1yooLFi_7$XY#VeV4WeU!N3W8}wpj<@%zf|f;W!Q@P>3RX2eu-F#FFz}
zU%Eae&SqsgvT<|})~>fSBIfQE$RzhZFIDs+;4euz1zCRj?t{4`7c?#Hjz`7XgS=&r
zf9old8)(yF1nm*(wab!GDG#%XohT@%tBz6D)DQGs0JzQSMH&&|pBJOV{nb-eip>c7
zz*Ko^E14L@2S>IxZ#x(sy#oJLhd0s~qDbqFrQpajkC?W+vL8M(0PQ<4_#h4B40O=x
z`OB9i?(rC!>^~K7JPLVynWR=CfsK2?N;N-~v^V{!yQA>*(kqv7FYuw%@foG_)}{6&
zeX>N(%F!3Lo1`wXrmNtHMhu?V6y@E_oqhek%7KLs>1&h~f9d~gaDDNC$NSA2t%pw-
zsPDgr{N;E<{X}M`jY(IpWTao{I>QfHCyBh=cFT%eIUnl|QnmEb_rGSor75#z;_iH9
zazTcn$Qw%u4ae6EtzQR-;SX?LFmlh8!tnXVcFO_---Do07yCD44WPIN&i
z#c29%;Vycpkvf;{!Z~%vdNBkNTCD^rt6ggYS0X)GKFL+sIsSy+HqBAZ&ts>ySg{4D
z>kJV0(0zpnPZ|Bwx^Uj2mD!%C$$&>-%Qpl_vmAf`soViyWsS-im8M=uk)r#Xljyu)A{hV+^=NjM$
zT19OijU{J38&A)198AHO{GId51xe_p>WR|!LgJHX*c5@l>=Aj+e+*|r01t}pZi59V
z@qp7dJgDN*)-`7)5KjFXCYhy}40sb@km~?)Vt@XwDR&Z`5P#ibRqGqq?ahMGT&i4^
z5{a3*EJz&pQvU$`i^?~b;-7Hyp&5AF_)_PrT-15$G~u8A3)`oLsVttxEck5pijQlS
zGk>K5;%I|iCdBn0BwJ<2CEM%6@Kq8)1l2g<9s34$XZ$Mjg7CLHz|HWs1UnNr=B&VV
zEsb^)vv7xa*;NAu@$A^nKN?=N<*J~4K<(034TF+s@b;uvEo0YzrDdh&)sdX^$w}9D
z``_Jy4mXyZEp+CUqYo?vOn`;I
z{LvR-VXG*>-9x(>j(*JIvlUbOc4FJwbW{jcd1GH)0QM~fPYPK%``FyW_o7u&HD9dX
zv89K%K@9*%SD?XEK>{j5N||r8AXhoNkJRAHCH(9mWMaxHU8A5-)oIe@+vQ{4uz}oC
zW(>QX>yJ!zt_^rRd_bpvVcX&50>4gdWWr&h!Ij$5wT2UQIMt*cEGk)H6jku;xtedy
z@x4Jr%#of5(nc1Ee1@b=lS$%Mk8aWmGhzHC*J)m7@LffesQ#?Qqeb41Vte`)7I}Zm
zZkY%I%pjC*6tDl>B46untSGLKJ0{;l&1Xe(54zAhGrGd<`1`!E6*?O;rpAlbB;o(;
ziLQNq?YXLnDmXCroDnsa@^ftk^@gSrZhzVA)5)#&-djenW->Bh6Cl%ws*MfUU38lI
z>n2%8yZ_qx7oiiR1X-)@D0nKIqRMAd`!eBGGQc*O&WpAO`T6mOGwCSeCtDw{47u=y
zZ~FgL*jPwhnC+<6nSdgYf5Z#y=^mw&Z4ZcsC20%!u98_j*(mnNji1jVz36blb08*`
z^11>Pr!`7Np3L@o1eIc;`7uGTC+t`>YF~@NWXQ|GV1`V5u^K-ee;%&P3R4ei7A|m(
zC|mjDTht>~$p4P~77i|lHCVSGE%rK&Cjug^UvU_`gw@F^qe`r?Eq2y>Y=)6R4#Ps>
z$%$`V!t}3jL!V8U9j_sy28F2xp#qM8KjhvG3lajR9!M(){1(AUP8&%kTeoMhLpgdg|yE
zGeqJ%xyF%zAa}2gaesKRULpPK6N%~QoqW>g1Ma8$+E>o=!ZS$Mp!wrQvMwPF`Nl)s
z+WM>`=lf7>8I$`!%fCbIy9mLCH;6|dFBuhZ*c1Iv(?Bp}cMM%k(nS;aN?12AJkw&{
zxXsg^cN_*KR+IvvM@N
z&-QxBSE*DYBQhXiq?aynq*o_1GJtI=T-dXj<*0-lyM?x5xH#8fxPVAOJsQ*G;A83l
zT;Wx-x=!G0_mJ@()?~Ti>leBvnkM@lBw1;H45&Ha4x01FbvC#7L89m~TRV|`9+9Rf
zX@A2}EdX3VA{C_%-b*6d(BnQl8$}WB%rGvbeVrZ6rtmXc+&blx4tNdtQ;9BUd0*D^
z*&r2=pB!|OxvALf*WdIo)N5>cUZja?$4XwxtDe~t)^NUTn*zr?Vr|cP`i@-EDZz3;
zE;2eH-p`B*FMXMXxs4nQfx{gAd+VIdeqP9NkPj|N2CRAr$kXjZuUY<|F3rJb%je>M
z>--_6ftd5|i-)UHk8kmmxnFOA>D=X_$aP~~l|5y23AdPvf0z4k+l`+Ckt;Rgdc@Sh
z@w{42ZjTXtY4)zAIFvaqrqcp~$34q&U(^!b09|(jw|a0lNQ9!#rE*S){8i5IuFC%+
zc^Qs=?jv&?{^{Q8K3h3I6_Dt`qzpbdZ~4e@nQEwdj9B16;HImm&;IuyhUL)1C%-sm
zUHHh_3;!A5%+H%-1_dwI=G6q3%l#HdISpTSesDY|+^NNa=GUm(GJKR}s
zDW6~#%SY2pYcAF1EI~RVqjAe$K*gD162%$K2666a8Z;kxf23cmLO`O6{bJhn&(3b~6xLr{!85M_
z9(A7_M7dNhsIp8me-|8oDNsVTY6HICfWkPlCe>Jq?FwDZYQjd_U*&a?!&V2lP<#>mPWq*eF+=
zL1n}cSS2+V`Rk_Tn?gW;xw09R&1!f)r(p2Pfg(s^A-wU5r!mGVXRT%?ttb+YOC>WKdGeyu=p4W
zv=v?_t*wFsbPiG81iN~%EyAcmF)KwT=>2no>q^VYu9xzrzHW>J+)iL0<*0oF;Aoy6
zR;C#@P6Rz&%IEYg^QZ~B0Og=}=k9_ehdjVKRtAY
zTUXgN{skB?%E3!hyUE>RS3Iu{Eb!=)G07qBWlcg%&y4;b$jwD{hvt%qfQFT(|KM~v
zm>T3V2PBBFz5T8BfsW95m_o7G>#(2Vnrg3>IP&#O$a1&9Z?in_dFh<47d->q%>!H#
z5v?HzZ(DWn#-+3sdJ^wMQgF|Ghr?|nwmqnz;lCXys#DmnVotRD%hHC6r-Ow%8f|X7a
zk??mj%itavEOpK?D4?hFn#X41RuMuhW*CNB+%7_Vz}Gbnold^G$mlQGEu#BlAH0sC
zzzwPKdBE~k;1_;AORxwoT>I#wi@kZv=B!8ii~!FwwR=6kmat3GClb(@-7;{V
zP8rq`-z{CRdT=rg$h^$kWIvr|uP0sD?O-DDs92J_5`xr-kpaFxma&B|D`#-YKWwRT
z+zf7j-6C8w3pHaE>^lS?6%8f2!3_dgeBNf&_sGFFcqP*gVoLKOb(^WrV8!wv?R%MJ
z&l9$aKAP+leZ1qTElE{Em7E07Z9bZ7(jE?QdXj-^DCTineHd4*X*`)tDSm<&cQ3oZ
zUS1~Qj6RyO9JN7&_~AOx8{PXLFeNFr-R;J7ko3xYz{!vzO0B&PeMqxyr~c&PQ@P{-
zx0(ri(%Qktc#EcSMHrnw0!Q;xbGkkC=m-TbD)DVFGhiNhrBIxI^@lUPmmNo^+aTT|
z-Tf5vCr49ge)W-1kg9cU2v}2=-en&9EWmM`p;E=4Jo~RuuiG_$EcD)O1eyTlfX*Ks
zh?VMX9Ly=PblF0`89p}JT>l;&9!=;o_)aSlTLrWTEpd9^Fw}-^5kPStw&-49Tavc+
zt1U{;a>oWr{y0$lYA!Rvykn5T(7T%sB?LQ!s~qxt0^6m_9L@(>SUiKkYgBkV5>@!P#$5W)LGZ^HSx@Qk?ELDBc0*Zd|Yyw`Ve(r!RsEJAFwuG`2D`A
zpkv7CYoW*R!TD0?XOps^gjXA&M=1vVkM`DLR!8a0XZn^es2o%83X!S&8N+yse{tlE
z`r24bicOGt-;o#TGZ8>C+s0gqum{t`fD%4pW;%6s+FroruG{VYj!3nN(oa=Uw9kPz
zLESIk`y{Jsc>I*H`2zQ>(`qDl*>M9t_#JZH1?P(F9LqNosr~3qb$(s&gdOva;apjk
zuEUh1^oDy@hPWwTk3Z})NIezpGx_Y|-@In^Ot*u(lWooBaU;HC$(;S?|
z^$le@&?_59qx3z;;oZqyi_avKp(*EQL#k;nr4t+yt|4w3YV1vXg
z+(0JO{n2P+KfaZ<=Ha|!^sxUsD}X=n#YsR9FO5_8XQ;Gq_~Jv%wWR|CJ|WeEsbSxR
zA;+i-9j$v44;8-wUcoQ5{o9Zu8r8T2JQ7lT9M;*ektx{51H5zyXC;9Qj
z1_HfL8B%g#8ZvFIg)4d~F8H@9y+JX_Y_7R>q#6Eh+vN>JrmjWYdQhjME`Vm&oB|~A
zuj(LIsAx#E)A2R`Ue4r0u#AQ7!h~5_!339N5n;XQUX2BJjzYuXU4>agwS{{G)cv$A
zcA$ZSTsOLm3Fxk}N0jc0dL;g?Dg32PZyDez3HK=-C?HzWwzioUw0)UmxvaaGMbcAu
zgIstkk&_}LVArbc*^=A(1d2r2omnG*VtbBe>8JJgs;6l>uN%z9D{-(Beo+9}`T1{1
z6@P|Goa4JOly8J7+Pi2E+q(Xbr0))D>iOROSP&Hf1*I1oA{_*z6BGpz0Rbt}A|Oq=
z^b(@Ww0Lc@o8%f`*JBM1e%oq4h==j1oZdGhH?p#dLU3_aTexZUEO{_PloJqzB;-POioVKU0(0A-0F
zCohSyTu12vEe@hiQc3eWRk%qk_iCPZh`_cj@hB$cfR#37w}`M*W0-T7&F4v4-`8ZQ
z2$3EeU@tQL!E8)RVK)X}E>6BDF)@kx20Y@a^vt%B?$_v6t4%1H<5AK(E`7LNWEUJJ
zyp;J&Ip1^iO@2diq(&f@lVg2b16pqVyR-)m-pxCFIv(^fKP`z}wc6PW;JWzAJ^wv$
zmHTczK3ZA)`v6Q?#LLq?mPL`bbR}JS%ts=flz$mPKzBV0-Y*Ck$J%tA-J;D|7gSkxZoW6Yf&go8XfAv-qXJ6ES&?MN>^B>b
zPArm9T$G2>{h$~9^YJ~Lo+KCO=J+<|3KvBng??0ojU&9dIF$~1f}7a8Q}WLF*Y)+W
z!tuqXXz|&3lr}^Ti2sGib$MMBH=>EW_4*F=Nn2=OeL_XNOOKtWmBRdOrDuu|!MJ7Z
zowRVqW@{d4kBB`*TKXFE^I*RChIel2!1wI8$!#LNF{<82i3e$~xdrMst*bk(Y&LMX
zzM%;2JJdCOzWgW1A=zI^?-vSos-03EzsdY^vN%(fHs$d?9eT_c_Y%CNp3
z!8S?K)wDPce_9|3ds|-7n*ZbX2VY&l9>l82Vb%V}Q8usYcqfWck9TGDUIOKVB}ZwW
zuQUP6iL&t%SR0RZ|3FZ2Y0Jt|NZ8|lq_SLxYusN2S9;`^$M3pkgsLiiC+5Ltlg%-
z2h(GF<(g9U?$JEepo7<$d%#-v`lZ1gX;=&1W0tJFjvFSeeiFv
zTl87(gTF2}g5`QtZJZX#?b=Cx!dTW553&L6vo!j`Y=>T7Pz0X|v!x-957oOIR
zSb?jKQPN4Tj!0s}aF5ou$lLWou(0B9e`~
zYDiC53G@7Sin{A>0Ta){cy3}zzpdFU82D3ees)km$YDvq@xge?hIb+3Gi$VdU0qGD
zGrv0txLc{J_KD{tcw>BtMsm1*CVk+xj
z{sO7KPwFn#N{lL+PAByDPIv-aUq?LGbL@z@^APe+)=j8DP(F=OU@*pTh@<-N#qe8q
z!-jFoS)>#DWoT2|BgiICVsU^p_Hfb9VQVxu2;4N213RX(qq>#KerD9$pg(kcJCoLD
z#)&9?_Fhle*|Wpz6#=Zl|Ae<eMAm6LNXX}JM=r4IZ-8UOIb_5p|C>h!cklAPGJ$o{$O1rn)zLu
zRc~^{sHj+Q^;OEy6D7#0*ef4Z)_>QD;eU?)8<>k@Fc_Nq#Gwai6xzy#ipL)JVlUA`
z7Z|mm?RSA<>BmMbcN>CR*o!l&46z5Bd;R3$4Uwk+Y2v3`NLH{cLQewtm54h|v%LpI
ztEyAcvI8|oSt~9WG%&Rty3)i)V3?sg1;JB?rZp%K&P1M+2c=2f%
z*`%LKljZP>@Lc@44O6I*8=?##om{Lwg9pjyblx_KG#^nT1Q`1<;QjAB+6t#gPn%q^
zK*nT>?6{tKAIz>GUz``w=#*WyjLtL+C~)jLw+IE$%`cds)lyY7+hKvOnZCm{~gW$P1|L3WYMbyDuWW4Rl$`&7&%xCFb#xqrn!#QRQ3ngFd@ZKF3%nlM{8YIS
zpVs4La^p?2Twx?g*rYQ&$e}Tf{M)P0y%7Z6@kVi|(i|2@@arl9%m)rO;vU&;n8TOG
zC!X1DGPGpXJUy0x64dO|vsAbePxYam0*!w7>~-EINKNz`RrLe+)SRkLoct~Rc@1FM
z_mi{?$Ri5i!-|Enw%_xDFDj!iU(-t7&k)!_&q(BHXa4&{h+P60qaEwBC@lh_?vhHY
zM(Qds5=?s-MBS4iASJ@cn9gmK!2LB*pqk|yZU4t?
zYOmd%s$u2y2Me?bJShD!~&
zw=;}W0i~d#DXYG=<~N>byO6JbT239l`Z=!K
zHz2QjfHT_lXD?h5|1^8AAr&LeWY{*6b`jlW_-DVW`y~j^QmcdQ{YmA&6xQ0
zqemS@`3CT|o360uu9_n6tor@gX&SC15$|)i#)x^GQ7QQwM%=2fQR)A8;X*#O{ds;q
z((hJLW4Z8+0QWH%Y)ZE;&;K=zdgsY(Z~rClITAT*+X9U%Fu%_4A$|RiPm!
zgP}ccZTB6q0kN<(EB;_VlyNf?81w`VcwF)Hi22hiru&=s1<^*4#0K<(_PD#NmX~$@
z&)0X7)OYx-J#IjS?p!MH1ZoqA{Hqemt^u7DYy)ORvnwFIUod6}(dqx~$;e$&y1p!xD8kP*)
z4ld2k@^CY7wKQm6g{^_hAjwbi9=z(T`qCge%9E<_OXJ!1Ex;5ju`%rYf&B8XqS!Ul
zBlqok1)%Rt*%z*KMw4!)4V*^6B?mhl&
zE@a7&$yiVtEW#|O6t&2KaDPhw<@Qx*@8Vw**J#tGN0dEGI;1AZg(
zGrvqPZzxaiMbBDS$tFhXWq_;B!|t3XIRT!Bo1clZQZgZGs?8n%Rycw^?XeIG((eWG}Mi)7PKnDYra3McNYO}6dLD@RBGGEFToc){Qy)|eCnHu1`B
zbaRuEer=!J4AsZfmIWHYoEzDSPDi(%p@*0rvDhJ%J)fk!YTvV7?Y286DOR=L?rWE}
zowQV8A{hVJ>-2CKy?=<_`v`PtpR8AP0lZ}&H$8a4lT;+BevUw|(+rw6Q>fsk8
z!;)Z-?Cij!CQ?U+ASH!V6o@eyrs$Yus@eN6NcKPFePN
zNAN(b{u5wk@zr9p&X~#~ECu{5JA6u3RS1zcRGyg5s=ElfA^>zjr@YqUlWH`z9r_A;
z76FUy@M53Bc9L?%fw{(09DP!^>n8XzM7VtKbZ|7r$qqd2{n1Z+GE7CD&f$fiNG_7E
zfd#CIonqACbL3}1D0({GaS?eF>mu!Yy!j@$(cEAdGT%m(BnWUDr%;u!H0F>22Cxne
zmes_DJigrk@GkKQ9;$Mb*lwNVf?f8K#A%aoUg50Oo4Q}EF-5mA66G<-Yf4H9El8;GT!Ysfgq`)ZAv(W=T4uZg?kC&V})PqR@
zP0>J>hhXGQ9EHA9;uc2C?WxjeEqjm!L0a8{1xjNt0m8iZlW!f2jNUuITI&8|@93Z}
zGJFPj0XP+OGD!k%C5#iIG(QNS^fB9n(w(r=at;5KZBeHP+V3wgh-H1!aJUhWkC4%c;?uLXUUZXFbxu^$(
zU)s56DfPs1lVlTPo=KfafD3_9
zVSV=qsc#MijhFJwRIx2Cu^n(NPk(?{M3TzolZTsnqApjnDd${&(j=f<_y~0tUcj`a
zX-qb}zW0n4xOfC^9T^1Hs`8}o)*~ZTr36+bI#qAkU-2DukksuTpd>vyUO;?NxB-Jj
z!2n?`hf0Hw@)TI3DQj_5;hM~Kw|9oRjpv8!{qS(V2S~k`8ihSfdqq6>cL2FC@kvPO
zgY{#)^9n|zhEKkPd(wkQ2aKD*Hn+5K)>B+Ce
zlPZ%U^uF6xIQBN+(+FDe`c+rB`Wm(}FO6oqHY1#&9;gn!Oc!|+(?pK*;pfhr?lV!*
zqnnl$qE`LT%U)pa97Dj+DTv2d4<#d!aj-FZ>QxOBnpI_HP<9j=QVON`k+ak
zC3c>I+{%|Ia2XRiFmoa+ZlRjT{XG-u;AHHBO5Xx3%OB+ZC@z7?sX!bkVe|ZKrF~CD
zve-4U17!Jc(=FOlWg~w~eFZJAYU?5nv~BOWyI0xJo|h=p<#{=OxtZ;vB3qZ)ozRAL
z*UGqUe^RM~z$!quCJ%VO&v|lL-_>}yTa|s**3$e#V!-D4Ck%0i_Y;Bp+rWY~x+hb-
zp4sgS82H-94_>w28h$?_imm6v(vS(Zbm?O;xTTT#uKyvL26js#9DygC2me;{!YBY`o5l
zE#Gn59h&^4rPsno?(-Ui{XJ0HR-9PJ_*0&rT~C*v_7y5y<_dDiZdB}spMbix{YI;F
zSqS)6W=-gZyN#8D(xU=5yG2-L0P?QPz(0KKlC@jN;kjE1Uk
z9=VGGWI>mRUB(GS*toB3*gjgb7`xQeKhpu(4cY#y{JSe8_Q^?sJxJBEE^U-Xj0}-1
zEyJBc_pXE(UEB8AA$JI44M{;QSUd2GRT3)q2yXx?TOLq{gbhV6mZRvSdejAWB
zsaW%QcNV#{v!k@85zJJBGCQ07vAuAhs{<_OM(qONk@YZ2$C@VxMnlTX>m6XSlc&x9
z!8Ed7LbC*k>|KO0lb=V@j`DgjZ;O*Vl9u;3!`(7w9l4d+6@rP`;m$>RU)C~2BM1k?e?pT9nJ(#
zP7y+*Cs|t$)-lYw-P9gaFOvrhn7Zb$&%c|3Z8luR>K&20^#}=hH6k7CSqr1F{4_Z<
z23AONNBu#u^LQ0EN<=S)4z(T|Zm@|~_lx~=NjCRred*Ro$JRnu_qb_ACRI5L%OD=!
zI258yq;nQKW=J>NU~lIhwAaSzslZl*x^m}BV%)u%5wn71nYveOk}!*}DOFXmsJ)>A
z6tnacw;cujaq^$t0|4^N*2-~yva;wz4=-T()&P-64j)lAtQ$l`1^7pb9T)-b0a6S_
zK_Srib;x^rf>5a;|99_Q)mqLfo9E!HzHo_`h{vlX@#O@eRJc1Mz)mz-9Dws+t<>q7
z;f#)Jux*Y}F!m7rWr-L+%lPZV<~3LK%E^5p`IWo7IfC?q4kU&iOvNdB0pnO~Mr6@`
zTh!PWV6qFu!K;zKC2NlAeRWP4
z&qFR^-k_9_w7yiV9xdf~cb`)ZSKgh`+b*VEQPZ4SLxmq8*UK1BN&DFAd@!A*#Tj;LdPveMPTsb$(_NPeCO@f
zMaXN!_@0H|;g5M>7ovz@@ym|pV@PIH&e(B+xs4gVI;nro37;o!M6_nOt}PnQ;XhTC
zG@*40P5ms5Kf8XkBiP1a!?dgtgNIL@M#Ffx-|w86PL${z*IddYZq-liNa@hIcsBFm
zHs*0r_`oV(4OuqFb_QI1b7M02K@aLS(lPZGjViS&cZ9b6POsY6F!zmJ(7jDLxamH>
z1_e_y``V7iK*?=kL+|s~rJ59tQl(Oo`s%W5Yug`9N{5Kas-P{Tx8GNx0PX2N@<6lu=kI2phY*v2Bq(xMW})gZ
zE_BN376~QNJwI1*Xy>d|+p9{1pWmgFGtqREEe?juyQX(*bDc7I!T9ML9c^*g!?2b6uGhC-5ot7CCVz_#B
z?pVHpsV3wgTtJGStx(o(O|7b%vqLg{E~KHVj2%}M_c4-mp&uon9`y^sPey)3l`B;B
zA$ck|Ek29*TN|UwzpkF(R^RzrC#cY$*~q*_6y~$K#b4c*1N7GeR!T7*xkvi0yl2=i
z=X#BM$>)1*aYz5;6?=V*bM^|i_&SQU+?|6%R|0rwZ3!{gAZf?_jAsnVoTE>Zu+YYKX&nZlJwEP+==RJ)isZK%Xh@%x@$}?x^mK&!?ugG@2djZJL
zOelv>f!PQ<4fjn23qbn#nYB*&UJm6<%6ldseQAk?b_qONbC51_hrchDs50N420w5cQm=#L=__byq&AV4smcta&y$?(d5zCtAL}~@8@Lx-~N_Mh$>Ef
z!CZ6n3w|+6ikLr=}xSeCNpa6QH^e
z==`(hHu$bfb=XE5&PdpS|KWO7+LyzWk9uMjzqWfdM>8o3=|X2mQ0eF-R2L52j
zSdZ}};dee#rP=1ou|Zszw)OhI7dS4c+_K$Yb!bmF>iuk88EHDb%oA(JMMPAAX?1~Q
zk`qrA7!8l_h6U#xT1M)X;fH{~{CELAd-$O?
zy*aoE>QQdSZyV54|K}qm6YJOL@|m1j<S(zhsW69c_>)^cMVQ4h@zg(PJ
zxXR}bPb!)WEsB&&-YS13ew!0gK~2)6{0^-3E#6aoC)MPbC#5uE)_bnRvs#66Ml~z#
zzh%^MRFnP~DRB?^gV}pYiaFI2)?6vQH(XeRCC-NrH(!%dr%<{0E_*Lik&n
z%#qMs#OX8sExz^P{e1=e@@}h<<+SD9IwkOttPx%xl|zD}a*((7l742k%N;X#sF*i<
z3+&T^Ik^A5UTL=-@mXE6EfTo1#Tm2qRWUoNo5O_67)j2+Da-NnHKr^FBp)nU(Q}O@
z$|Vro23)(2{#EOICu@p-!t_?Fd_QUUmPhB6)Qe;3y{5qrj2aQ^O`REvW>!vEcO8Y6
zCNWpIy0^MFc0m>9^+nOywspcw4T&a;ZTUJN=Cj3*GMLPzJsNnGKLzKQR6qll*HAj*
zyj{J<2noHyi|TU0N{#^IKg&riW(h|ovS%=c+R+zvus<`~G;xmEk_npSTU_k;mHH9r
z-8Jh^qcC;?wVKkFhyS4SAz&&6er$u}S_ut953&9$Fw2uuGe8547eeFDzq&)cR
zpWK_$pxvAH;f=A~HJK`?G!Haq#&4
z-1>KI7eibTt98=l|KY<8pS<5M4|ic}3ciBBa}?4yQ_*SMZ@w!`XjaNdr#wvW#fZnH
z>+)^-|F;$rJFuKgUoQ|tT1l+?LHvrkh5uVJ`kR8JszT|h?hfjEsP(dCOyIqN(NcA=
zTfKYb#>onCSj%Ad?jP$dK{xb=wNDv%zin(diY=#V-y(4C{ec?R%kTT}RxMBKb
zt3|?NazbQ%!814bqXg&eYiO*K~NaRPf`&v|DHP5@Dwc?gL*!WQ_k#
zju@^3o1*<&13r=W*z6JH{~DbB2Ck)1OKYBGFS0Ddh8Y63)b39i#rbf~)wP%n&(-FWb6&5je|#br|s9g7yJ_eq)-TL;NW0QxGv-
zZ|sp`cZBWR^p<4s%Di4z6Vk#Aq7aZ2){gY{iTaLr?4Mlj-BPOaT@WTACJPRR#^l~A
zR7vqND^&#;DYDa?I`Pb7bC)O6JOO-nK}uEd-S1
z6Ed0!=gCh!YQdPCZ30G7dIx8QrYtIak(z
z+keMD|HXFEtVyi*fNwkH73_sc&d34ZMdf+A8xgNV(1u~
zun>`)aWOfOW{7vCVDDP`N3h9>PlLJ@`IpLe_WIK0Gse;J=!3EO+y%aj+&-y02I?P#
zZ{z!+b(^+c1nUBuoMpIe4vy6(Cw=e?nKWlvZmVV(BHF<{_osz9ux4~OIO`bwkSMuz
zTN#~`BuinPs0%;2$B*@TT9L&nny6;M3xAxEomWJ22qiI?BK!U>hX5)%>0euZ69jf;
zKD_Z@T`Mt7s_??>o1Uo5Ui1_`Pi;|Ais=(~hqU?dBuG$_=~L@XdRfam^bMAROrMkz
z!W2W%b#AxKKIlbJg^#V?;!Nh?XnL;|?rU>WjLF5PPx^$fmoUpq#w5{Lx7G?`|Jg?3
zfg@*xxk>2+OdayuDe`{}CMZAWEDs-mG+RrBz2^szp2ACfo@Sq;=zDz({=i9B0Bu)x
z%btFPEJ@r5@m1(WK%br7mR3kmfM?MZpqk`;*<&KQIUWM)7)u*DVb5JO=?~%A^bQ*o
zH&mtZr`q|cM`&7h9t7#~POjT?1M4>Q}5d?x}-Rhex#9pAd^@Ma-ubJdxjeL?EI$=xRiIPJnqhD
z{Yat875%z1#PJzObNb0G&vZkAoIOt(ru6+>lK)(c=5*~%OesCKc0&Ju6D{=)sRq6i
zW4@K7Xxs=^5?jFmwbSkU
z-a7B~b=m!iPgb+*{1paPva|g;XKzJnf?kGcTK?`Tf_7p`0XMp$D%bqsV*K~`e3W~O
z-0mD@lq)P7t!w(@26V_NYx+q){imw+e)&%&q{l}Z+~GTAOw{Bhcf^o`5a4kCsr?|a
zF8r@S0`Qxv)!!hu+K+F^J1FT};IlyMIy>H8h}*`gKyZ(@;mmokg>;o%UltzDl_mpr(1nh8@Rc*c=Pe>h1xga
zXOxQvG40Ev%p8cv-S$JKu~kYC?84w={ju=YP7q)$!-P){5Bhu7%g}Xpp?(VW&+98S
zx!Y4WByL?@XVa%4G+0;~QZ9k`*o**v=5MZL_BgnoVeBA`=Q-e!2&iXbMttUq0JBFP?X+%k>VA=4Z}Dt5Y;X*q>CyoGSGc
z@O9P<=jdFgHpDBa#E|kAmD`nC7Q;KH%NOC;73&7@NBQ<0p@O3%W+XTDq>31v>0>&+
zbQu56qonD$(VNfMqeRaGt8k(DzwJaMtP)x-z1sZ4rASN2$3h_R6dusq&e1!V&*d$_
ztamBej8<;u{41M-q>R2xU={xs0Sjn1(+QIVKB}GklhWzmqAd^8A(8kbOk8GRn+Iks
zz|O%06lq3^^xhmGUL~jUcPP#Co#0VG^gcW&E2HUV$}==heRWIYlZV$Ga@O+tCd(7H
znVyFL>U}ryve!IpQHV!1UYBq{((uxGs)t5J)k9y?Jd2&T)@^M|EWN%+Y(ETXr7z=E
z-gdQS*;+5{RdGa;j0w_mPNlxfP9T6TnkYUBq210}3lSC;lfa0X+?rAEf7J@_^;xBe
zM`qY{Lp$z+x+kjvLiTY9`?huE}t>?RL1!EqLDn{h7KR)&BvH50)0SZnt|1nw88Ou
zgO!b5pOSw)-Z8pbCpntJzY?IBV0}{y^;hd_NM&CXPi0qB4r486qpSUY{1f)sLjCsX
za7LuJ=FeA^@=Y+@44)#*ib$RQBX8xzR<*Nj6A3-E%G%c5S=)t;#$ume)Js8Pr2Ikyd
zmgbvbX1hfE^p{!-K-wA|*yERf-kKQ5`~vfjt?Dz_sGX19F&lRbs2Vl4+*iHeOxH%s
zDZaO}OwHsnW<2v{|Ipv)
z5AEL=SqVgNMy*xP%TmnV>oyVHD?~pFfC!yXku8sA|!*Szs9bwkj2>&sr9eBz5-v6WID+pj2RW-pbH7K3z17&b%
zrDm`mshcl3B#lC1vL)R?Gs!Lkzjf3`{tD-v$Ibo&yPA;jTmwY`L5R(ok3s$cZ;+Mi
z!183xIbYj=_~lWIko%A-EHNeYL3M+H1?%BD@I-spJLtM8ADop~)ump2c
zTFCt|nEJY!hSQlp>?S7SuncUX{hNBQX!9{iuUtxO^r;0qSuUY`Ro4O|
zBl6);Eu5ZBeGkXjMC-We@_m&A?ldA(pLh=Za`42~eWP3kxm{ujTiI?2KQD29cf7E%wC
zOlm6Iqir#}17mB#I2dOcSZm=1LG#l&k%^3t-R+T&2hEidv*kF3%$4%?9CMu-5^lKb
zHYFLmO3LL8$wlvZUE>FcFR5lj?~w^L4D~O$$9$bSFa#$vJxsUGc-=>kf8ehwW<9<4
zR|7Sw;20O?F&103IIoTtOt4+<8$B0L{fCUl6J8#Q0b@UeIk4|L%*x_rXBs1#GCz>T}fAFIv_h;y03WMRAY;AFc
z6V|k~tN(h%($RpKLf4t;|Lj*s4i~fQ6GJ2fgz+k-syap?suB`qgC=9gd@0XRjVi6a
z?zWVU8fMq`wiS?6%Hxa2-l_$)aaOe&2;k|pG|-86|D>z6Kh`v3kk2?wOSLaw)f0UD
zcmqR8-{~Lcm&}Iec~$BMGf(4uJ}dJVTec{D0s$rRm?y;lfuHAP>1mGn8`dUm%67s(
zyZu@NZm(i+TTu6X+p-`UF=U&l^7O_Py5-JW2DMK{aXtlXMgD0_8W=U+_%;6R54RWO
zH85e%gB&q2z^Kn6XICN3X7msO(B~+oq_a)ICYUQxuRRXl)Chy0^uP)UJ#Xl-qV>wYR#W@zv&DTU
zHT4LQonh9grtU6URl=K4&z0+A$5%V>*VbuG^Tp=`9EW-@(M2beGTmo+^o)lq62-Zu*vdu4(;A<&gD!T^s@EUy!RDf>^HV5!lQ1(Cq;wNVoN9+UBdEQWDjJ`Z1Sd7;*nKuK0)IlZEqLpY#J+
zm2S+_ZPZD9jn8itVds42l(EiJ`_E8_n%7rS5irX`4M@w6BS!GhD3-pnM>pWQsw3b@
zs67mFERRJ57xg^{H<$Et@Y79sae3&Y4thHSY$Rj!aR5B0|V7>+$Xp
zs+0E#Uj1i0o(Kg{#0+ib&wNsbEhYUv#4folKf=aMAn+o!>7j^T1g-wLJMBkW$ppCK
zL*uah=A=Q8J9&C4a?3r?)sgz{obK+7Ty_Y)o8-)e`QZjec3@_=8AgB!5;9<68UUjD
zzmoru-&4;a5q23urCM&?@+^3%YI}p=V&zuM{}$U87$6CwEYSY^6+a3F1RE{_-&l@*
zeEh5Y5SD?zk@2FJcC5Mv&eEc0&|zu+>Id(O(QK9s&l?gm?;H2|2*4RlvV`ma&48Ec
zp2WNcRG!tb2P?5*Psdmm
z9uN;LU96ySYCoE0ZCY6Z|qz1j!@@
zOy1IWKlkUA1w8kIv`OkFCeKc)=Xh5=MAzzoXysJ6km9>$mno6YI671q@Tx|?v6_-*W*8G
zQuvo|BuT`9BopT<3?N~2e$(~0uh-{`9!EG7tC*xxgBT^Munzpn5}|de+26814{v_*
z*HFG$BHJ)Co@ahHLp?YuJQ?{1F}^t4k0k%x%AS-t52zG)=05_1b=s8_#+_L88<9>ywt=sT1+4mXQ}ugbMPXH5i(
z-k~tai*I%$!Myln1hT4d`;23r)!YSpeeDC_ZaUa>djYnx8KoAmKa?R0B3?+SIGpUa
z!CE%#KXv@rq>;M(XD7)|a*JO`3-Lf;88glh%i(KorYpa1v~-Hb7ofpw0gFsL52P9a
z>}zthH<|a!Etts@N-y8Lb6aPlBK>w6FGL;VQ>{HT-st+Jenel^h6c-}sUKwUmdRY<
z@9n$ibV&UMzIzfQ(H3QOtn#Y(ZKjtQ>Es7;2O^0^gqR9DIo;aAcRNdEy#E*dgwboI!+~NS+Rs<~1l!YYTndtbd7tDr<-f@-$U@Uzd=e38ie}0YHHES3kzr2_S)7wJI
z26gJceb-!5OPoKRy$cq_ETteB=@kp_8Q!i(sP1t%X57}}BPS-kLU~^N{`Bv0onjjG
z5foBTP@ZKISH7@obe3rSx+nZdZg3+oGIF+_fQ42QuqksCn)5229vn&}(XNN7R#U+Y
z2kIn+Ghr)+{=@;iSw6Z&G0bxnur~pZ04)7XVgR>m^RrXK#6cE>OO|KNM{R9WUK4VD
zQwUqxdiL><{H>}3rcuAGBe;pm2m;IylmxJXN-9$cheBkkpS2{FkYu%jf<<(|`GL#R
zL1fGix-ATx-9z<}_|-oCr1fBb_7fHAIlkz8;IceGp1NL_lO%x6q9&VWp@;N{q&aL@
z4ZIA@P=R;UemM(PL^@&izn|Rk3tfM;TS>zvpqs=Fh;$9+7A$8V6jl{*efKAtHYWgz
z+AH6vSNJv)0u&$H7gzgXt1y!32FFhGHaa9by$MHg6ylcQMP*X
z4ub@2Q!k!ollP7Q{e$=!R~0k^6L;2_j($U^GcszK8M?P=(eP0mUkGyX7*h)A^I5(L
zsT$s-47>tArd`Y}i7LKF{-6j|d`81Gl@UcY%9ZygF38s{SNsR%a{YS5Ew+NP`0bL>V>@p5^N4*P_H*r9IZso?2?f3cEvMwA&~G~5Az2+4&^k?ybX+O!!UP~Cqg0Dj6&1HvIwTU>0ne@z;3<9)4qcDr1EfdBUQja7D(>
zO%^IKMylVfsvNTk*9$muV#P!9*h2gU{R2L>#bdXbq)Lm7X
zgllV2omxIqj{4X@xc5n^qD8@BF(QP?!XfOW##wlZt}i
ztFBY6H+EN0vM+{LQTHS~c@M*cBu{?GM_Tc_JE
zn%$V+>$!+`xcpxg+jT|l`Zz6|QedTkm+U!gu
zA;^rrog`r0yW(kUP@XylOXCWnKS9Z#!1t~9`8a?IV|fiX@o{|Zh_5JAz+q7&2m3_J
z;JfGOFd9v(%%Hv{`Cy$)wTOp;`L5pCA4IqIe7s9N)GhFQIeUA^;uUYPfjcUtOPqKBYfyVjH|;
zhP4Ic``Ri6irq_8k&T4D*OU>G!L#ZJmYtK}$}zelJ19Ny*Vs
ziqa(p!IdQ;iSOO=TI&QTsh^$ckQMN^i)9A=56EdMbAiH=`%U7u(P++STqq*De4HQM
zL;F*}#CK_M?K5@!K~$}EZZJi5SHM*7GZ^&Zpo4ggLOr8@O|wr80aG$3Xzejc*U%5>
zN`|!7eK;msW!Hfv@w7)9f3ENzL`S(W-b+s-xt6Ck(E<}Ui;su?q(51Kgjw|+_wm?z$`#Ft~SDyfjn)pY**`830wfh5l9!OrYd=b?%6oq>RYZxH!XS0~f
zSQ5Stir!Y)fA&VvWElQj%hbEtS0(x->b|I=iRj9+^YRVuE?cgM@!`46zB<=pGr|+a
zG&qMxAsgU@-PE2D8une1Csj*L7a!e%<$f=XGD#bQQ-;>(lK
za%DrCgkj8^l`Bm!Cp`BW?h!@eLHjB7KTQC^%cK+3;}SOiWz10C23K-TIC36A3%B^l
z!v6NH`_d~sZR0>%UksGU`7nN0$?lgDP<@R;)Onb2Ujit#wwbSC|E;|?XWa6k_mhxz
z;6{)`!JIOScIlwDs3RtCuPV9nqzU{A>R%7WsD}PFeDG!k$iLptw4y|}^C*yPm&y7%
zbs7i0zDzBeFx8T?PTrpVK4}W|=pjR=3z+s@ja{TbpQ7(2(9meSvP*h2o&>Hl(G++M
zK_*PSq-_e-o`)c7)>eYn*{!Di&u!0XCLJS>BBTF3e)Y6sBg*0++b~cW&lI~ep74v;
z``A+74tZrJIPyINZ3h2xX$Ck0%aRD1r#^A%IHeDZ9XEZ{l2XMw+!MC~VzHKBPCT&2
zE$w_cBZog-oMt_cx+rlM4YZUteV35J>&W9_bt^S0{jndZgWs9ud2-Xlc@eMrz5hZw
zXo;(SD10`(F&sCtuQ<5NJKbOWk}JhpT2D0EzTt`{$N6PhThe}QxBSb`-rG@e!krK9MbuZ$9#5DXa7>4y^R{nX#c^AZ_vz@*Y2&aAu_znUiVkY
zRxeN$AH`O(9WE=Sea6f(*UIV4vHzx=IH(FnNb}@6o7af@vdgai5B)6P{R@^NzH8QW
z(&*D3ww0xxSETC=F;j!Xo4NN3V)1tGtLv|Stg3fAVyYh#zx-)OOQ$8P|K?E$tuErl
z^U+{SSBT_Rfr9
zS)d-zO4k@g=IGN=7M<{wHjFD*ly6A=+a3I4#`RvqjJur(pFYpom?|HXpzThN5nV@#
z*sKt*YkTQUSHQj70{$LnRy5_~NoM;wSk3GA{1X0ycR){DXufx5xA46)o*7k_+5K5@
zTy~jh($qW5RN4^fB{fYj9Y-L|Q(iMMgvL98=Fg*YQbrJNLmqlsACK6>f|in5ptHtq
zcM`H5#;-WWg{smanbm$;-Zb-*&TtY@&aZt!I@dmgGq<3b23uK>s7@nPcX@HJIMAO&
z=zH8A?ZC)O=t4j!F_DB$Z1j#4t34anV6Wf%uJxEQ_Vbj2$oH(|$<_da=J`
z34YXWyBg0sXCh>U-}`Cz>YdzNqZ~Bs&+hsMdia|~nKYJZ(G;&2qfheC_}8bZD^ek_
zdu+@+X`kOUjfOR?w!bXZa=dy^C*e#?#ur|ZLZy(P(wXb85n`!-QhQT$NNMJe0|#%x
zdz37`DVaUeN&WZ@uTyj&i>0HYUlS78DSUGN;*FvKI~CJzHv(th0kc+?N
z7%G!(U*KrQK()Pd3G~Me`4zJ)-3V6;mX9AyOVbevZ#O|N6VDBK)=7lz$J%}?NT(%t
znWt9Tn=VmNYrV%;cKtLP1$TKW8*f>wU}D{W%O|=2u7CiH*R$lb_{JwO$-*MBaF*dS
z0Gi`Jjf%X6+rtyHgOJ5im-ZfqL5(x7VThqVJsX#L>&+MENmpOUTa+o$IO+qp{(SR?T0Ws8)i{MSFFX
zI47(hSN4?9kalvt=r{P|zF#Hwc+Lz~Ox%%yzr?4n8_F@vNS_11j%dzt;?wty8a-GU
z+@qF#fwSHLxBsOX;h}s07H<(!86t
z>?=Md*R@&7$@sC{yDPV+UO~ERW}YX$Knsuyi7aIWsR!U14kK+55Y7HSOWN#XUwIVD#zA|U>!>ozIy>VJCO>ddW$P-E@x
zv}d}Pr&k2tC^F+7_rH9HCx
zZb2v(8S39m2V!QlcRl|!
zH6ybLZt+;`Xu$YruIoLZuT3HCL@m#L!d)v+l`~`UBIm4j)oAHrDmJca+TRXyz#i__
zaQ3)7ZG6MA&r7p~e?BYwvDW;I?I^RPccr)HUFE>>tN7^{vVX51sD6x*$?TQq+dhkG
z|Htxj7m*7l8X9VEqs7wOe=zq701;PFA*Y58Aa59_4zuP%EAxbTwxVWjUC;S1E3lq@
z_0?IKMQzz$H2HMU^fV)8^*DQ81?c*Yi}E7%GQq3&?hK%@Lq(m-4@>a+>gJv8k-fDK
ziN4<9`ye-^2^Nq^v&@(Acj4ZI;RGe~wKhN0{mmZ@c3&7g+qbK@+>~-9-qQS#(Ya5F
zOov?cera%%>(Ee~E+W;)K{~V3sbm0~X*`Sl3%`_Pv~#2sJKsH%I*Px6(aK>Cdcjp0
zZ}x&Vk4!ad{PVBkfg=c2Or~F#VV{cv*+e~Why)Ew;M<_20A1yvY~hm
zLn0^t@xfMc)UgY-mh#;cWge{=&6anZYfmF{q>;->XLf#AFr~a*
zV|*IuoPdc|pXR+?voci$HmBFLt>7@yHg{D6HtRZwl$*AI|4{xhM@hJ0!65|JCKFg`J%roGX6p&SJ(#s#%7K94+T1bqUUGV&rk
z%r75R?-(a@=*r$^f?K|FScYIS0u%hEm8^w0L>aqD6BFBDft$dHFh&HTOiiqr-Tsxl
zX1$h#uiBj8kcWk
zN*R&W)Y0I@l4k5d6u{BLM-k3LdXOrv4$Q!@=Ck0tujkXje{@vSnOb6vEcSZ3)z{R(J;(y%n@iqLgdT{kG&ViM2l|yN
zF{9yqAc;E8`7<>a8+mhY2I`l+^4-Iz9&WWJZds~(zt`Y<2_G3)$R8z@7-3$o+L?CE
z&hYtd%km}7Zc16Ot`W+fc2ve22yEY#VNKmxfw%tt#46X>j~FxPCF8PLC3^P(z9APc
zPxgw}8^+kzc~UCH_yK_yg76gL2?+@PcO~W(WE^6s8E(PQjY|yjw$QLSgE@f+X^LPw
z&d%xk(_dw|YW%5}&&7uUWtl^M-wj8+E+3eQ)u_0tB62?v_yft_aK>+$?;c92GMC3H!T9FrEdZ<
zzvR04nJz_jWJBg?>+e=#_lZcgBTAO8?}f`qV1|@GyH`<#g)9@e0+A?LClLHZR{4fg
zhChxlvlRgWWt=>!;)(%hWO5Z=bV#nb-lU~~vsjr}NZ{olhTAD<$xuyp!WC*{jGRT@
z9_!8H$h*C|LCA9b?zuPX2JEuxhQcWi0DtMko5(3pl{LH6RU&rZ+
zj&MC}LzO85{vHGVQ^>sr+
zPaEiVK7hKqdbIFt+kC|9iIENJ^5FU*%RkI3V+)EL*6BIj
zkT<{kZm;9EfzYhl*4g>0(HuFsZ(*(*75!oKDWNOBl|Gp|V2OmYb^8i?J
z*QS2ggY{>;)+zc6J~=+O|C-mK;`1wN)75lApM*XZt7Ab>7w;Wkfb-#sl;gplVJ?;l
z>T;n`uP~xEXjzqbVFXN(z>wP4TJ#gla&gl*e*S~ei1uSGs?GYbTr+=FY?2(47%)#N
zWkpU8w71&*&`nWGTyi)LXd14MM@6AWqYn>tBu}sdFCH;U;&|atw!6<`nbNPrN#p3ZiS{hA(Twb
z7gAhL@k$kdN6b*j^rQmjL{)|P=#4ey)Jd8;tdEOOf(pAgh)p{n=h?oHd)IYFWcktG
zDs{KWolKsj=aFI+cH%~ZK6;<$UHTR?QybhKJG~DwQ*3z1KNl3`pd&t$XT0F;I}
    SxQGrU+dBvl5R-#eAFr!hfz%5py`U#}uDS*JsP?FDq2vCDHy`dHs2N
z`>)IEJ@)p^@_LuO{e$xQQ}*^^$&9P*^_Jj$(6&A@;-h=!_6}%Ym8Sh^XkTS(p9AgZ
zq-lQ&+Rw4IcSHMF#6BSpkH(|A2@aR%Qzp(_&meAv&}Yl{w_+4=Ai|ITyRu3sFd^I@<`Lz$7I^+f$N25Jince8ajj6Noys~*(;(Vu
z?evh$bbu`8PPzs9R{tUYRsO`RQHuKs?sn7(%vg^Y8&pZLnxV$&`C
z`9fLd@2^Qbd~D}QS|3-d;&xn-P1x|2Dz-7#vryd5E2usf-*YC#m!IBjra8pH&gC<;
z|Bzf0uSGt}Z|#FMoap&O)iQ^qYZuVtV$>mMKls`Uh2Dz&oMO7&!2K*{`|TSnlQkVm
z&bJG|+M44<&VlcUe>s}YkqKX_@K9#`BcE}IgeZl6H@9Kzmy7BIxhNh6_iP!DdG|n1
zaju14yhUrDNz|?1W%&OFWbD5H`gH)0l6t>7d=~4s_#4dKzwrA^|Iq$i=4JT20)F20
zaD9^Ld1qlv8SpNYI$8avi<%x2+$%zs6G2Jg7V$cc*M
zA;I%bu&w0SLBw7^GG=*~;{Ok3mTz-8FW=?-xTX&1O^Bbh$@(0K^V@U+F?o8=Pt4&z
z@f?N^O3XC}`82)ib~-zMwgu)8lDZmzr~DaB$jWvS+Uwn?BiRKVth(an{SqJv$^fH_IQN~Z9eM2>E;)7
zkyuDE^8<-Ds|+o<0(o4HX*}6vbHV4=M+gIa4%Hu_=U$>1@zRSTW?357ESU2BisJ8g
zf#v;bQQwagP&{@ZGJ)$ijH9^i0L5=3jpKf)=KP_Y|B`W3@N)|j82gg<_|%jJ2g${eG075j-7_oH1)
z=AvU<7GgVyX-iazBXeUC{JH#+dHtm$LC55DtQX*i2%cw0Pw%rp<5`BYjTk=ttc#NXlAyQS}<9viUK-4!Ai
z-o={#4)54Dk$JU>KFRD7?Nf>)bj&wnlD^IT=0m?9k9dc(DTc68ZBCLmyhZMH30`#F
z?d<<}NAmM5vKdsWKaTTHX{(;-*;N&WwfZXKn@8V~xx068tt=R4r^Lfw6jcZlkn5oX
zKUO^V=$IFLJKM|c^nQ!@eDuDSb8rgZNzi+p7@gj)7GtOPYPYImEMYeO&GRKm%9tn)baV@sp4~@a)$3oa%lHaT8^KWi-c##b1hXkFYk&
zBgjh~L#wMPHX&Qr@-f#m7!G0nB;goB+p~#BjBD>@Odmh@ef?WFC&#<$#PmqIGdVm;
zesbYksqq)_Ty`0FIaFh!vS`DLjUE5adSU;Y`0TvSmWy>AeHbm5>iQh2ou}*PQavAC
zFNV*HEb+aFZF*DGNp`fNn1lAFAL~oO`yJd|lth32sJZTx5LK~rGxUe+C(kBdWIUZW
zexl#JIDbjs-ofoLRv7cGQ`LVc6X~%a)8>D_kvzXRw_e8YonorrIU2n=LEc1~dy4(m
z*S}$=@$Q=2K3WS3PQxU%l%4)_64apk=+6Z9!T2ZL;MfKPka_
z;FLRYY-9=5p!ZRXu#WY<2QY4`<>Hyz4$^=95#Mb^8tH>wn$`{1cG~noyL=~z*Ur%P
zLthHj8V|slD6NxW9gNst#81Gp40+(`rbON{?qh?81zC>YbO6_7S=x9q=sz0T+6Zee
zc`D}r6HkTr>4x`1e*(|~+MI^5=9!at2@mj2gziYL(d6^LT~3dUx`
zIS*@~TJ~&fb`_lmJa)oW!}H{N7%O7W-eQgar?c$`ct(@WFc7obUl*9#-!-!Fkg@*D
zX@2B>hqcmL;2io6)_jL`D};5^WW9TkGmEr(zOKUceEaj^{f55-P
zgsap5?^_>&wJvp36vgYQAuba>`?2hLZH5RB*VyX8QvY`qX*xeYIL5v%9$7sQG|>&V
z2|^!P_y+4`%$$E@-SO<0cQ}eQT{geHp
z$7khoY?fO**+zI#Q)X(9l06hLbv~be?Pk`myZ3z=csifQzm^$Kr$U62?5Ov0uBmfh
zIy{}s_S8H0_b=>C_P1et@|&z
zI7&Og?ZRo=397;9)eKAs^FQ)`zB)GlXFlV^g~cMOOHl`MG1jb@K!2a^%HcI8>^4|q
ztW)+=_#b&h?$32nmZmmX&wd{KJ&Ed}mXf|y4WFnlh2V1>>rL3!$^F%d8>9DBsQB5r
zKvCZtPd34FIM2!{Kh4Q?lRi|;^2=U2?>phWrCy-4
zpG~>+?pE~OqO37KDITdjuD>CEW1q-xp9pPXS5m&MCW57IPtN>4M=*qP%2}*eIQx+A
zmRoeK95Ft2UXngsPG>LXGn#E&3Hz2;{k6s4H9oG(A7xo|!=BX7Dij}VhWU-`xdwCh
z67L~%O6A&M4P9KHT~5TeM)|#*WTSlebdv3$oMa;pe7Z?yl+S@r!q-B1<{kF8xc8u*
zCSZljRe$eQrC~K){;YyLkKu{s?kyR;3y_Tha31_qk+)9U&hQVqC9yuCb$s
z^OrV3TLGSof7YO1B@B%;RT)@`b058*fHI&GfjK@*J>
zp6Y|9`p2)x_eA{v(Z=Hz8oZOl0{RxO%{=(MdQw3wAjH@QU8-L8LAjJV;cHP|bT-PB
z);X^ecemr5zsGj;q1|#UXu}Mnp4O~eY97KKMSM=G32e;ES9xA$^SoTh^HRq1QevBz
zD~xe>u}q?MmUH6aIhnOv&WURbbCSh1-nPZ}|zR{?$9
z3N-gG5#XVqA1ng>V0kPg*2V4<{U>flo3LkAHGIYtH`N0lP#>1_QF5mm>fR#%E`z_(
zFXU>TsrlmmEcmT^M)hQxx8!|vlx>|$cl8uM1mo{-OY|H0k-6U+qpoWgX!dxR^=lIC
zdpFs}0q1qg+27RzScg*iu1@?LYqDAk~R+aGeh$XpHcb~qY9
z=PaT5qQA4s$i7W6e9*Q&tD)A2;R8LsywBkx9{423PdEPobSd_M6*S*(p}#Ab{#HPn
zH%Gj~=K8$><=48!KF{O5+%#U9!3+2pfT
z)8@6rUr1ZP)C}@St);yyE|0v#W64P~mO|E@t+wkmZH9bVz&54{#OwVeL!vz*k9fVG
zFoOD@NT$ymQ5(w_4TyJ1x$>wl!J4%9i7VSDd2ZD`&EL@{dtR){>1gbDjC1{$zKFWQ
zIKsm~yN={KcPCPofm@PN7W&w3!QS
z1jm@WIj7U8$K{4L=$`|{RiS=&WvcW5-o2Q@US3-+pqfuF>#K4?I6w{Prin_fFIpai+N*^rs)&OmRM<
zAetj>B9T30(^Mm`knW{McF{gkBQL|}IMD<=q=N096>RscV7q5Ugw9&$aLu!}^_KQY
zHKM}4MO>-`wvM7nEZ8G8k$W3E$~e9u|9KgU@`MNsN@Iiu|V_
zE&r)he{SJF!6csYx+Om`V8)*uaMO9E!CXvi?;G)+wEK;FH{KA%HtXS>-3j--RByYW
z{e09DVcr$O3>~Q{+|}5zma&2hpOdoWb0d|9R#81uIVXc`gFCfD&PiB=Pc(^!wrTf%SE)^M4)tcL;?+79I7sWD5?_iguw!+r$*TMK-?AvTTosWJDmp4jmk
zGd|H;j;TJ-D}A}yTz?3C=zhNUJG$qm{NW}TZ=s3i*7N*s=#}%EgLSW*(0>P;;LIBzueYV143mtlL|ha|@v_ljKd*`ZBy2HPtie-`69bK9q*
zj0N<1&9@#ZSfd1_;sY6XFO+9bjQnyu{*&U|F>2VV$uxYh&}^+|b}&wOA1eiS8=F^K<7u
zb7u5&6Vs1)CYgRdS;_Rj?f-^;yu3aux22|^j%A$xx@`>fgE3c3KczrFLAZytQ0IOD
z`uQvS;P(CY%cGy~b4-5IZ~uSL&#CTI@f(zf70qJZ-Kb9)p|}&o&_7bM_Nm5>jeI6`
zc1v2yWgpkzlZ_oQNQTUWyHdbsnt_JJrAXoa1W(8Rj(}pC`rm)*A9(
zmvwxlBWE_g?yj-s;6OZm#QlW6Vb}3F@%#WPQjcbN9VkuakU!m#RInKddWG
zKiMnMzcdbYA(B_+-XCV)$lz8u`+j+Obe+?;pbumt#aWNF`AYW)J(ST;OuD15ZH_74
zCxZIeVznCUJ)um5arTCM+`XLff3}isjO_GNsZYcWm3k`H(V9$l#sKR^0oIKItQ!R)
zgewMmv|09U;l8JBCE0J-g%}C6N3hRwvIQ0je_LJ(d=k8#Et(EtP1W<9$7+oFIDK1s
zig%4vo^Y^_I92`Yqg-<-y2Vug?+om1DeJ#&8BPC`F-lotqpt*Ls$7Im;`or)e4FRN
zvxRIvC`VOO%o*v2YTGo@UlPwV)(dq#(Cf+H5~N%;b+`gP$5Wj}>2I;mc{M-l@lL|#
z8&0fY3EN)%ZSTYUA#eJoDS!DJCjKXBQjWcZ`>X3jJ}JlU=CLRAM-c^O8)I^KZDsuH
z=cjNNuav}
zZe>unm>IA;PMjgg?q+J3+LRLLKyZQ}4=W(f1h^f$6GR^$I5z_p>GHo};8rT_qflgZ4}U
z^%hHDAJ}OR7p6FGry1uh`6NlYTfu$jJV$nIynjE7mfywY0}-@$$NlStJ*B~(a!S3=
zGL6pT1-zI0f!;870(|eM+!a83_zv^AA3cI+P6?kmCDAjdWQ6+x_oAKmqRM-*koV#Y
zlk5`5Fr8xipZ&-$z9(fEQ*Wj*lE2vPHp@O1n7VYnyp9p9rpb>2PB
zbY8{9^S#P=5Gnb;XVc?%v;j5n`FO+r^;u~vp32@)h}uYw*rMmtx$Onq&12F~IRZ;UQh&Mns&Fdm9~B{)0Nqv$rvDrmx7dA
zdOXEco@s9`oZmgg^06E9MBik{|DHMGNR+ovw)~GfcqLFZj`QGFOlqx~T%lDJRER44
z{VTYON=4vfjH_T%Dm44$U@gwm6EKF2miiit@M!@kYt63k*rwg=>43ii5$KQI2Xjha
z6>|X7ZCorwQ|WQhMD|$K@L8{vu}xgrypFkn+M@D+c3Zh#^~LakA$&fLV?vU>x$FnqoXP>BiGGH{bwUK%~FHv0NNJdKuTU
zAdUTG^V6y6A88+LDBG2?sQ*Jj)ZeAJI}tBq{A|_GFW#+E{#Ei%vD&IUeJwq2u|G%-
zJWrqCcU>5s*`J8<6Zs^P|38%;e@)-qVo4#l2-4xT@i`jvGf
z55xUo$o~!*zMpx~vOBnJ+aa_;nrUw;M0vzH_Y|myd+ZLD(XBaj_5PQYhpsL@8S3oN
zrmkHn58n#3q==)oTc(A*s~UYaf1q}j^Rml}F=tBWZuX|4vze%$GSS%$B>VqqbiL;A
zeCbc3-1L6^)jGdNh4WY$JWzvn?i11frOEHffbXa`LH#ND!%V;&X2=H)+YldRSZ=8S
z{L~xF`hyF3Eyc1Fz89mtX81q(?p1-`nm_70#Mx&jy-!KP_%nF?XAk1|m*~gqG#VS`
zBt6~)|L3Y&A&pu7j_*GpyrF!ujl{9rLzy)8dui-bXzXihn#kWH@jS|n(#UHpdtG%9
z`G=YIRYW6_K3?azuS=l}=05x%bT9v}`@81Vj>Eq_$>$HAIoH#?`fSd*i@auk9R=^N
z3RQa*_~EYI)!H@i-e!8pqxmd$o!Hva<1_N#!ZY+gD;nD05%#q>qicB{-(>_jL%Y%x
zx>opMUXQA?riDFOSs!6MG_`2%W{)MS-%WX$6ULK6<8egCW1+k@SZ@}_$%5xP;JH5u
z4GwP@8VkNX(~WwGIc9LLH=%)7XrRZY$R`DgXGMrXn2!;!(6U(6f*h;^za;K0nYk(sTjSbaPnhrLRVB5cmG!k?$u1LskMW
z7l8A?lI(vL&IUSHMQzvQLEmDsp|ILrbCgG2hu{voGU6S%Kds&^F8)&}_4o|A1^M3r
zued!^J6!_vs)|D31GjXcFJl1pxz_t#0n95scwq5V;d8Zp<2$X=*;jvfBzaVUmBYKeOOItaLR?Oi>->^=*SDT9$#qh!S*rVKFSLn#
zYvw;ccWX+aeHpwj+FZc@-LZEqp?B590r)#=_rkjtSYNF!QyBlVPPqp9)ZV5shHp0U
zQ|abIQM_Q2Ny`4NQUIKFusvTEa>GJ0E-X{L!C%q1YfiO
z`l4Cisiw7t=M!DS*pRN@{@QmM&qN*Ccf#L6q)Fr(rWFxJr~l{5|DlXxa4SDoYv8lD
z*LYrqTGLCuY$vM!%c7ASn__Oj_lJPqYLn*UJ@U0T=<65!uKl|7yF_`dmLdDWK7L6w
zt6q|Gc-}o3=Cgq3km74Vzh-|}oNwtPe$M^ww?2xOVh8+-d?4D-1+z*KKaedFVu0VX
z9eIN;F{DcPay;RKm$}TNOANU@iXlIRdRx1vGFJE<%X3s6eFA07+}M8KdU!xACH+Va
z$&+wwpHc3ccUdo?!28KM=hEVfL1m2R-+|QnivhsLHwp3aB#oH69M@S
z6g%hNi0-R1tOsk}k8+~C?i0_n^ju{9bp!l{bth4rTc2G#1^AF{$36QoX8M9S-6Y1V
zbG*2L?O^Joy2@tQZ^k}E-AS(X&1zK~>MEeUhv%)=72Sh_M;Cwk72YimcL7#k9DwsT
zR`1^E9dw%#tokd}b9P~l)JcO27Z02Oe875wgZt$Bke}S1mY$EFXI+h^>P+F%}>KLxPgu>5l_pRrHc
z-V}7~cGbZg{+Q?2vQO@zy67G{@3z9-Z|tFSoM+=Noktu+ru{P;_ATaE@4)j0&YBLi
z$J{kPgtEWu8yDJ}1LZfBU$)hvJ!Fnp-7Q3Gch0Vso-jXmTc;fFL^_k?yS%|;ZR$j9
zzq$*@7U;<&*?U+K=iO0okg?#&?Vf_@z~;Om`-6|38Y@kLUdf7w6c
z^Y7QO^AFz%^L5?_&uxbOb6`y9e}T3UH?Y3H|8W^JYCPO&NRJxS(KCE@q(eK?;jzc1
z?`C6Md|Me0r5XA=v!kWwDb9u6@i@k=!C1^CWGk2nW4_w?9O?aYL?f-!1@gJ}pzSft
zg%jx66&g=|>2^G8IG#Wi#$BNJ!0`X!M1BC;z`k(CVH`MHB585u+mwqtgg)dl25}W&
z$3-s6|4tayb-0Yil)OF%*hX{h-q`v8J%(CuF9QBdJ&SxxfeGKjz6)W#^Z|Gt%997+
z9md7Y{{_xvch3DIxKok8`62;>rs84J^1qLzj&FfD9%;G~aGQZ~KB8xies9L%-^Wt>
zkB>Cxc`)a&=CHoia94P>Y>qS4t~h$FN%k>vy>kg`6>DFSjL{x4VpCxZj%?HXRTkdZ
zJ-Df*=ZD7mzvqZ!Hq&Pr>G`JRZs6bKxo8e+_%a
z9>1ep_oce;9E;M{up2!Dsx7(
z5%fYDw95s&V--)u@J~l$9R7LcZ@$x3v6b+TD%R*2w+CgE6KP*B?M7Sh3@EcHcJ0q)
zfm#_4DOj}|?faux$yF8O*N;~1g+41qDecDG_*SxRSJw7Py{12kcV2PmGs=;adY{nw
z_vq;SLq7SJk<7lEWU|v1d8IwTr+_iusD6z3C%k*7kl)46;a)9Il8s&&_5pS)kIF_b
z!g<(4^_(?>q%XQazC2Ud1`O~S(det
z%9X4)&)=EMSKi98MhAD0ZXr}BT>4$2USBR+;XDY!S#TV1@`r$tZMp{hWX%5Vl}MfV
zAaa-ZHi9wFux&fE-3D!ULfZ~#yBFGaLR+0=*!KYTUJtl?KVa@xB5R;+6SQ5+Z9~xZ
zAhdlN+D4#lFSPB0wl70lOFX#Ck1wC|_EzQ%Yp#dBwQWBBF=Dff9E=|E!pT=GR&uNd|Ha-YNa
z%3)t4Ui@@;;pOj&5BnY&J-#m9*Q%%w*O2bl%wHz!f&Y>C%hDj~VhgNWqI$U*9P7&S
zNK6ll`pW^}Az;5;f;L?!i$EDEzF)aguHieXfA^g(0=$EHY9~N{s#w~E`YDouGH*JI
z`@XOZfRqdI=tc1|2MxxCG@2Yk1ju!aojFa9NzITF0wTgUN{eZWCNlgj=BqDMiobX
z*0@mh2W&;8JIZpoN})XNw``XS{nZ-aH_cS<-=N-46Mp*ue!Ix`eq%zv=$qM?&@aW?
zPpF6Xmj4ZX+=qQ1i~SCmYUnRX{Ld%ulVAEyBaWE^^$^$m1ND7p)g7js$3*{7?+DO_
zm1Pc;d)M+=wEQ}_S0|9&w0UA*$8*ZJ@me)?>BS>MHGYGtCxx`
zdYO1quMltQmExQ}PrTU`fbupt``h8%-v;OYPB`~F;N0IUK6oC-hF^^I&+#fi;Kk=H@z?#CD5iU3J*8*^M3F(_b#Zx(U|H(6{7>
zYKjMl`WDo?7&@05N#^xlb?4Wz|5E6`PZYvEb6HunQ{j%>g=I(4J
zJ90b4i-mhH)W;Z};vc~O&8TkytgKl7SdG77>N`0NB-k2VdH%oM6Es<)&=tp2XkG-
z$5EU^*7scDoHRoZA)oIIOKf!Boe9`zHR*NEx#Q!#*XmiO{xbMHaYNnNqBi{3Vc#XR
zN5*+iWgqWgTe`M~(%Z-TmDv0(e`w_S%cHpJ7fB9-@%v|s#va37Uwug89UsPl1AMg-
z#;}+Cqg#X0_x(Jz@tE3N*eu)J32kIun;x91YD%SA(=|2V%Ba+8&>puo+LsOETlc41
zo4VJfp7vUbW#kRlu-z%g02o@zcBggnck&aS)G^z&b9YP6v<6=P%@TLbe!Qh;HDh6I
zGs@D>yU~6mi|2f_{Byr&J1fiP)cNPkw9&-0ai%S*Yo?f{@PF7`A8m?|UQWH*((^v!
zh)|pK3%)`z6;tCtzmnRfGts_tdE40X&raYNhZBicyy(s&Uydzdis2rM@l5tN0nTNE
zHaJbdqga%MYJlumT@nj$EJ0ab9KtwU*N~4h`5~}6%`{K%NRGxEEmP1*uZYqa&7;I)Aao|ZpI@%GD@3zd9jk=tH
zKeY5LXT8ewO_HY908Jb3;$jR;u_+awT@lM}LZ9#P?DN~dQR-=YWd9G(v`8O(wCly(
zZ)mGOO=y6}=U^;6iCyoOIi?MJ{zO}T3&+A~--xuAJl;|s@2ZV*ysO~3=qo&qY>SH7
zAGo;p`*Cd*iLv
zBaZ9IhD!~NQ;a!rQtSdhV353o_<%SkS#*!7aBq1-IDhzVTdkO*N~QOE7xoDLFW*m%
zAXkv8O*3*iPC8-nc3F?SZmC^=I|dIOBv2InR2w^p)E
zGi<&vMi
zdpKY|?4J2BAJb(%GmUfOVLXl@IZhYw>W&b`?Nw<%I&hy}__9#ur5kSk@%=MU|Fc2n
zrAs&dd5dM;RU44M6Lg0RnrtB3yt3T00sW!md{}v0h>bB$RKE1h>h~YVe5bQuY}Fx*
zaeJl^J%}r29^m?6P;hgj#&4JTxpj+1F&;EUzVB=!};r5pW6Ob#?Jo4T_L`G
z0qFDv6@J4xJ5{(cw!Rj-HV^P>DU@T}sC0Q=5obhjKFAkoHQm`bAC>FTH%R7{8O@(J
z^G?~uvfiu@TmYE+9{ogNO9a%T{3*Of;&4zaJ@JTUk(FZ|8nexUf)gH{l3H?McwjK2a
z&&VK5fa_Hh!Lh{lhdpA#r9{m5SIsdZ_VbtRSD%r
z{fKA^O#%L;N$d;>_C-;|M!dU+jCl)Y*VCD-ST@3WQx>QHLVw$csEh7{9PxwbK1g+*
z5dA-x8lNEjTTuSObdP66#!k0}JX0pDK@OZ1wrdw~-WNx2`nBtK>(RAqh_2nd2ho;5
zu3aj;?dJ8eK4_+Q%&~&cFV@j#&wqSnSOBg^T0{Huv#bML&gadU2iVu>PYwRJu_sb{aqSKvwbTPYd#-;s{*Z=Y5`hB3#&yFkuWH?)`UTG(ery=SB1
zOV1HdSnZ%Z1cI-=NZ!-fA!436B+lM4?DoriN`qBw=%q^d%#!}0Kb0|{-n8&{z3AWR
z7i~D8jjqd>R^<}0s4RBRlCCEdO|{{`d(2
z>z9hY^gA=lx0&X*+eeM8=BgL|24
zHQZYU_j1#{1=W?5S3)7IlZb0|GT}%0rfg$itKd`2YhshOo9(m?Cj#vzEMY3Pot}Sd
zcKtc>Vh)zmH`(U(DXbXeId5ciz&P7IWBd-MQOsGPyT<%-bpCA>csH*r$xnF$^8L4E
zU-9uo{*>~F6=lU`L3)npmLPu`z7NZCl-;|wdbIxr87v>_idf9$G8S{WjKxg<2lJ&)
z73I#~%m3!wPdp_)W3!ys_ATT$Yl_b}IfgcHGhPRHNIj42hc)`&Mw`=RkH?ES$lrr6
zK)H=grhd>rcbV*mZNanI#eG27K0D{`6)N!`?tYB2gd0Bva1gBvLOB8x#O)7ZS91%iZI4A$dyM9cJ66i{q4=O
zS^ouLxPD$`sHTeD{E|3hqAwyA;kD5#PF*C|c{VGKbiGG12+&&t*(#8p&_*PDYt@Xj
z^!5#+@7Z@`rX`$ri-^bCI}Q1V3^+&fMa@T
zfozPieigPrZwKBH^Ab30#{$|5z+c=U#`f$+^pltqKWJfth}E#Nd)?W1+wt-<2iHmd
zZ{rV)+eANC~~=DASLQ}qUO
zKJ4uCndlQ6898BCS+8Yyv=-hsFs`AO
z9B@w&yGqBp`D`7G0d2E>4Q;)s%Sw$KLGi4%-b1m?aQ@+WJeXUih~4XPJlDDB<*j1g
zytl}hb!qt%Cy~vwNZMq7+#=T>>caV@qrO5*@ts1uGyIR0zPVcW**{bf*NnV~z_SAn
z>=JSGFs6+Y+MVHit7f>TbI;$GiFW^U{l4Or(C!0hCt*?8E2SLc)}g
z|2O_05ON6OE0NExB70JcJ`MOaELZKASH`UuP|SVfzpAH}b;Ae8*DdX%(JjLi-#^+p
ztRl@vmklGHfUxdV{`fG+iONWe{EuU8$}-j!8OC}|%2=;9jkO`mSWnBbo`$iiDg7_X
z(*KV#^nXc8{}-A1FVE6Hvxxqg#S?d@^gky{|FbgmKRu=YvrPR@&eDIr>_6X<#G_86
z+uz8t+sKIjS(ntGge0GXcyGikXo|oroRYlg6sVh;Um*;#@NBjV_F60O+??027Oln7
zMQ5{x&Sp;q>LJ=J+ccZ43-;5tY8%|!;d);mWxrK&Z1XKGYvQaGeQB#7wcfWv6W)p
zb=2|JITcQE5+?LoN`Vmn$S^~aL$_H+-`wAQ4BQErnOr9n$=e0FJfx7Q5SKahEChNrCG^mY7FI`
zFQncsa^pTA{97U=TSHLyKlHY|?c8s>kGtW&xNk1cmw6z!Emt+qk5sJ~%EWlrLYc@7
z*|prQxmSqz?p7P;+u%94BA&x)SC?#if@@Ql-}DS~`6oHeiUY=EzJ3nKmpPTi9BCGQ
zSEId8`Mrp*O#IK<%yNf!JpJ$56#eC+tKpsEP4tI!{*7%<%}{^WZxKbx6-}
zN~KsD(Z8!?n~omlc)pCxH_q!VezJc?_xds4#7OZN{J2-=p9Dr4l+fBC?}_o2
z3W*0TAsa>k8yGqAvrgSZ^HFTJ=*_m#CVoG`7D)dgx`wU
zeq*s&IJ6l@{5j6E#5TY)df^#|`zNxKlK!`Ky!@7NOXag1kk9gLYwGg~+=3$O
z{94x8-fBEA`5BB{lgKANlvt;Cqzz$ZE9TV|v44vcVVk&EzR#+mtj2@~cxsfeUKlq{
zKM7~^WkQCj*v}M_S%^-bw7vh{`)f+mZ5F^7oy7uJk>6OgqutlTRXbd_d$_PQc<6Uat~+59ZpnqS`@Is(|4lY|
zJUijp<20X6)mJ0wsEAGKtA{!2!2Fwp6Zgh3=LO=gP$tO-ntWCA3Q9BL1cv$-rTK5q
z*8`OEOynUzyfflreTn>|S19;wiSiwy+=%PL52Vk>1^>_Ufpbv^=efX@j|RH8b?#}Z
zm-1f|+ThIbd`|?9KGM18R#o!9O&HrU-Cq~W*UIuwS0nD}WB~ODNV7<*%VAFiAE6u(
zeT6XhXfI99XOJ*IXdlJ*Tpqp0yuHH*I`<4no^R)Bf!!1OKS$peqpmLnCQ$9IHQ_b=
z&`tqi11YZY$PyV3HYnr48gVO<=R-kX;SNp3I0J8Q5dD>|7P-c9cAN`5MNPz>g4fKU
zoK;H1;`I38JBIUHm{N`yH^1ytlYK6cF=&J0`k>J#;uAlYe0qGjWicI8PTr)4kBH)0t7dAYdn?p4SS4+X4={95(BuZ=b*@Qf4T5&l)KedVg``cQ8c
z`Qh{pnei)=WNd%}8K20A!C5A4k^?uO4@2fSFA8glF~WD&MKGTG6!rj|Wr%ZWg7@w{
zu}b!I4BHeobCGYQ;wMu7a|80tbK;0yn+EiTaj}pGop^WUF5hA=Q=B-EkDq^}yi!3$b(e%W=H}
zb^gbcf4d53>CkjVL#&t6*0uQCZ*bj3>|c0y^@UxXeNNW3c!u*}4Pu;fI_3Lc^fze4
zeW{hSd&~90PIolLPPbU{<-zN5UKZ)^(YtPu-UISC=41bEv{~_@tN`a#>)GftfH~i5
zfbVb8)92+pG!^LfN|KJXAO&pWR4_=i*FGu{IApH9s`#OCPZVPq2g?{!K3
zb2{bh&2Aq(kK&Fzs?T9z^gA45Z$tf5F7kHH2f2O6<2-e}Yn%~ov3y_7&TuZ#bUe
zS4+Iup%qB4M_)HE->4U;+9`h9C1w=c3O?Pr=XdfH9uSku5Fke51
zDW8VeI(?Se7eiuf?Rf1_h@)->epipu9w;;If%=%jPV^Jzx6n;EWOF=N1FJh-_*nOm
zAGpLL7TqoJKg-Wt9?o>W?p&UvPlmR9pi#v0l#-4^{o$ygZTy5(91b%CzhlTa?
zfmRV;dtL^7?M&il{1Nx8#Tv$%bU)Fop)S`8vL^b7Pa`~Jr``egbG+B7@%>iM7#;=b
z7xUf0IY}6;Qs$4JiG1|RvWflw@I4Y@4ZS_Aytjir-%EK5gNlC`W&34e^^f?yI!tlh
zqnC!sw`vI1D!Qdhy$pVToRaU5<%;=Hi0)1XidcDH(6zcx1A2O1p06d#&<5Ag8zMb^
zeMQa=Zo&?gRdXn_Vp$`US)nY)z#x@XW6UrEFIOsJj*#3~N_hBky=$gh1371ye!u6|
zrV>WBp%3{pV~+@o_ZJl7>@la}x3FEF(tqpR<7trizs7yV7Q~-aa@AN%5vQaKWTZ0S
z%jXe4h3Dl#m(XLrevh<&!M#zKlYjL29tF9z3iYGEPR59MO4^1#xmKL#uvU9fzQz6r
zWdF~|{trN%F6e)wOJJC#jUd);`cLseB;PPw+RnSLMLu=iUR>wAR9?I?$!jO$6^Jst
zp1K}H2e?njzo0xWLk
z7HEGJ-p^8Y7`z7kfrk3cV{^hD&1Gc^EO8Dr>#oN(L+r}k4)VQUs{Sd+>rr3%S82n4
z>KdfO3nTl33Y=507KhT;$qsAL@rcY*40AECYa#5@@_3jvz&m%FT1xr7JrR6|!*>jG
z+T+|}Ugj`+5cXL5d4}n#?uUC9!nBSvoOBVWRV~V`(P+%3tAqQrAmoH=Gj~b3b}1^W_jG$>PKO+L)6T
z%W*HBBlE=JS+2>m;8}To7cIp#ct8&kKktXV66Wc9rKFk@j}K*yP?ok=N~%-y&r*Mh
z{a$C?+H>Kk3P!5C~0w*v}bP)3VfeI3)TcJ%#TlmpR0m!Cc7QjY$?Y1d@?K~p`2{w-E7RJs^t+`PbcRjvuMoeyRHH8zx}+PIDIVeq^9EZI*G+7HgO`W&{66xZ&@2L9nH
zAt$_&A}3VKcV8)#)xv$XGb7w)TdOMM7YnrQ+@41F3iPAMoDv?Q{q1SA?}74M+h727
zCZ%jH>O>N`3otjMm)g8P?H=Gcs;7D*D&nf53!`e6Q>lF!c;Ft8S9VzNeSIwO3ro7c
zb~sTQ{uc3}%F^bEQ~TX%^Tg%cqOPC{=C+-c^KUf_-3Vg~+8sVY
zlRc^%$FXA`ci05p^f8Ga(HjJP#!~2WhdhtFp$zl*AdO%?sa9yyXZLZReF@BSYlWpz
z<2BY6n5&jLw8Q$ChiD3QBZ8)Q?R}D_L@bMAw=8>$@HAp(TIcX2YNaN^aSrUwj7>&YpjSp0nhw0$W-seO4yem
zTU-`nOFR|fB$dWs1UW=(O&_smIyx$Gx3{-K6qxm)LJ0!KS7fusFK
z@_B~>ge|I2p-w1gl7TI%o@hQC&Og)$8TWq!AAck4QZqr0>W1+mF0cn=QZMqV(jHMk
z`E@+HLNUrb6o0G~uE8FOfP9bfesrsxi%kAL4YgAK3nce@cLp7j8D|p7q8~l7_{{Pf
zPL(kcF;*96Prt0O*Iq_^sGUVlJ?oP8KY2cGUo7k~C|^ZnSzMO2FHYKXn51o+r0sl3
z+vw+b4$Xs+!~V0t!{3Pb(giGZO6c1WfBRXWTV6-`H3;*bs*el8`0`ljILZL2dWT#o
zTep0Rag0U-FG#xU0h#*i(dOeJwqE~g^xiSLnJ+MhitVF-9esEXDMGHD0q?OY#UGs!
zCOxc$9jh%Qe9nB3qZE@Ig}%oZlN^P3>)Ry#HP)i6{DJ#nIDk{fk9i!OAipJLtU8df
z6qAgFK1A93LYZy5v}Jzc-&Y)DO}dluk=-+ns>yMyq}vlZ<#0l$jQm?J8$j%-g8oR8
zQpSh*oKoX+Vx8|suTb_khHF>CTDalfl^Bc9_F=%w>LZ>fnl3{1rsLtU0D~4a%dJ
za_*$_d67PgakRG^$Mzxc7Fn$49m`(zSKedW{Nuv!
zk4t}0?jK)#466>mKhgBR!O5migJ|otkWH~H>8rG#Y$Bc{KFMsrC*e8#q7I+*Jp6tg
z$BBSFI)M98Vc!R|Yu(TIo$WrUSHsv_80TIe(*fgIU@n07DITNLd7!*)Rwx!AoT(oL
z@%O3JzKr?M%k7r?q|G)$J}jwzo4DKo)&(0)+_b5+`TRZDtp?F_V#&HvOZq~pFiqHQ=cy1mB+9`>7IbMopKS<#r?vAzP
ztRxJLjAVX?E9!C29#d{6oKjHlJGj{yYjo9YNzbh_Bn*Q&`lzk+F?IXFS
z!C--yA8ozX1#+m`8v*{$M*C5rcw}u~EAoE&lc4*kCb=I?RcJ5J@&;TjHmgD`^Hhmt
zzz_U@@wxLVw3vfvKU%G<3SoROMf{+`E^hHCJ62V73x6mBp37`htJ3|G=YdQNbrP~p
zCf2z(y-p_7$;Ud!WE~UM*^yqy1a+okok3YA3+p7(>tsQl%ZK5o=6U>LUI^a-^^)0$
z$Do`Q>GsCv20OwW#%!oCso&4h%d`P{kE@1D79!K
zw3))bKSCMuNH;J}Pf7oA+b9@qvVTEcF)scY{i?PDJ%x8qG%fRE&P^-qVU%g?
z;&IOXy*wTgo8tB2S=hTJ(E=!ky%=>vIq(zlMksHB@;jg${r;??E{Zwm?BahNMESCSnIs86UHv4M-yxiyfXwMhVZrpPl`y5BFld^5!QycfZ$iF>#9mU)^hvN?OxF_?t
zo1yFrV?2J~?+}YH1EYOScds3d0clce5p=~UeyaVvuCp2C`#t7~w-^2Ah
zJ`ay?0NU+_yBIzb8ozLi+cHC)ZkZD^hWK-j?^w#*5#-BpVy*!A?k_Vsm2(Fn!oL*Y>#WiGRzqQW!UzQxb2FCh*y|XRPIda
z86V*GR4Dt2fu4ZAPvD+yt4=v-H0Rk
zgT!g3bZ5pG$&2Fp{nWwlv+Y{K@}%u2AMB?Al#hURyY11%D%p`Di_w;(*_cqCeBJI1
zpu8yQ^H6mj%=c8&$|X)M-Xs1-am7vteXlF_Y2mwN~^0z6Q=CjsM{F%i;BV
z@EVRwpj$r+uV3UEq=&;)|7*q*)pPw~UHuE1{~Ohpw0DN<7jS)5SN}7vFRmHYc1b*p
zP{#HjKCoc?{=+$pr^7hB5%DbPhlCcB9L}7Z73q_TJa+HCjeD+O40t2-fpIs3O7w(D
z=KoDTgLwG@u|C?}5TP6i$UC_1-xOMTi%Nb>1)>aS@WXxN=QmiH^zlRAMD$_yk&j|o
zycqs$qAaG^uLAzGEHN?ZOIaG1u?{Lj*NYWyJiCfMUmg-enqOsUJcq}m$NQmgW`U@S
ztKy!xTRaiZNBlb6$Ef2N%D_BT{s7j|>l;60Y{Z(Ykq1xr+joeG(B3C|g;MEO;W<3_
z@qOIz9naAU^aB=KPB_H6jvNvB*d}g?ImFe`47=agHvKXm#?OC@_%mI8HsXiW6EeoB
z%vW_i(@yXFPS-@n=xH$kkO%sbF%VtzQ*@oOXJHK1)&A)IjeDYOJKs5<;)D#MT!?)1
zO!isW0>2+MJl`bLSVTnFHx=Kpj(t<_!F&u!ztfby9mgf_oP&(vDu#Bg_B;K>7=Hur
zok1_Hc`>bH|6T#Sl8NxOwXjZi!{?LGj|bMi9{O1K4RWJLuS==<&hxF*+??|8MuL|Sx
zucbRJjfST>GN8q&x2l!b6J`e@5lu7DR?df&L^z5=Bo=lX9xP~zRmLR
zHZPt%9)qv0mF92nH1wbQTapi$S{_-V_q8qJxGg@f^tD~|E%|TieQi_p`tA9T_HzHd
z`g|sbzZ(miq>nOuCdTVenudSA5_s!z>5ou8i9_21yDg?OeuuaUH=Cv83k>_CUJ98M#*6r#i5f?
zDwxMEhWB|u(e$U^g#VwE;{O@Da;yw>;_3WK82FX2K_1cW>)h4M|CY)7*9PMZFh8Z$
z$2g4`&l+V;tYc>0+`{h>foDUCF<<8qkT*AuTjpz3+;
z2=Ur`xgV29@>ZJd$no~ZJ?A-oNnfdqKYLO{PN2Q#f6zxml?Phql0y*zb~<*1Ai?wALne
z8SNoSKcJHM&SCkgyUtqSdp`fJw`2I{l340v%
zx`Q~6($3@wsr$S}^*yX%dwHy=qwRt@GKt8bQodzztG#P6<}RHNW47z)=I>dL
z*BG;LY%Z<`jdR5Hn8xdYnA4H*1;f_??Na)8HtE~ucf>i^I=w0shxb&
z8p{|3<1S-H{w3HVN(tXSo9|5P+;n{VFZuVu;xX{;_K*D77UJ72H!=TLjQe=>cq@CD
zo_7?d>>Zk&3g5{&eO1!dr?>5)jvMWJ<`L|Bud_bSS1j#&W8HZ@WBET`aq03)L~PnW
z#WWby%PQw@WB=DHq^#mrqW|yY6dX?>+tUl!o<5W9>8QUOOFr2jV*c;)i_0e}%P5*$
zqU081o{NO^0U2FJ(#sFq`3`NmJY9aUXz>r>_qQ)men^uG?DLXx!9P!&o~oJYP#Qs)_)J4
z6~Nb$e%*c#*>q=eyp}Gf)JZ#pwIfT2kJ0b%4fbn|Ig!`teWOpE9qUzRcP!+2>XC6M
z2YmmY)GrQFAIsDLe8yiImXF9o@e|(T_zCy04Km=A_$e%3g0`T^Kwu_paQcpe$W18`M9cR5vpPG8F3H)9^<@Y+Gru#GE`}L^O-yV5w
zw6`5**&_;de>{Reww80XiTQ{Y72oC5D-l=&Gv)OyNnjisv#8pKW5E8`bN}@`wuvxi
z#9QFF_w%^DPz+Np
z&&=j$`e#c_Zrc9ePW%6Oa{n{Eb#Q&M`-UQ
zZm&_--fs*vewt%kc%jbshWSI40Da5Y?jGVlONjo{XdA|%(e|WonYNLJe#RK}<^oAW
zQO6GrSn?FUPF$+>iai!V3~7n~k}zcwgMg?|p1$r>lYN7jh1Bcn)8k
zDd*5)f5A`rC14&KcpjrOrJiTIn(}p5#S`sr@j^T5V!|AIpk*f7h|6f5Fy07!k83ni
z402z~e{9@yBhyIzOq4t182Z@8T+Uahip`KmKb5h82Vsl9S=$fx(EY
zKZ|tYVZ`io*i6f+%wj&sj}1|q*Z}kSH0IZcFA&S)`a?i}gqL3cpD34NZkr79p~c)Rh|@S!jhLo+
zxotj8fBZZ42Oh{z>5mnTZ~H-hN`I^tN&WFE?!PNv#*#GRn^Avk9YKGbPdN3GQFOU)
zk}kK3X)ltGy4<@-m+L4RuFLiDILc|XId=4dcr=&cUw#^`w;+NK%l>KYZXg@R@MWp{B)T8
zM5B?{6r_oz!|+))9Zh`AJe>!|y4Qfu8Z8!xoOg*yIL>;NKD#`(%|$8w{0VOV2$cO=
z*M5%ua5cu|pO@R7q^FroPf>e{p4RhkPug|%2&SiZxb0>r+h(vwz`fdr?*Q`>g?Wj>
zyhP(LPYIZ(129jok{ziw+Qk^7*S#`lY!{T9gr&WwLFPQrbOBcAqsw5&=@Ny6q3voA
zA&H??e1}9~qDfgE>k-QnZq{+C&u!fE729(UPL;V6iau9DTTWN13x(5-vHxdKoFh+E
z`rj7$rjahlN|sAZ6*1?YQ8DM|oW}T;_3;#j-9xs2(#yjB!EybG$K{!da*mbW
zT^X3OB#U&#^_*jO&Jxt|I8fJOKUTde!*?{I6q4TNC8&pb#GUZHZNf^7&j$R~kn^hP
z$7`l!eHujHlPeb*sUjJ=Uwk$CPj%y->DlxW8Fcu~h`xrn%9F17lUR!Fg8G
zHmw--MT4lv)B3P+A3M2^_nhf>rH%V($;JG@vY#CLp9x2&*s37
zIo%y92RhFXHwSRvz;`Ndeb+_ySLZ@^C_~(&E31u$6y9rLxz|F9+-pdOS2G>PY@IHT
zQW!V$?`8b^lQy(D7RtC7a8_()`SD&G;^PJ7jfp6WI>O5G4jb&5yZE_A8_GYW=xar`
zr@HJ?pGK?8hbjkK#HLt{F;))TrvbW8GieM~Zp&;#eexXNkf~B_o8a_M*5UP^;}{*s
zr^q$yF|65hd@mk^a`Xu@@jjjnZ4`a(r2HQiqKniS0N-CmpCXK9`U&%<+u-@xNWa|g
z!`$yW?)Q+cUz2!}_~mWfcL?fCPU6Yr^Y`)d9)7;dFz);KS?d(k`wRsU_tV68wZ(8(
z*W_btG2aP1{}6XR{Jx$`w65J7-{HRFlRI5aKxYxLn(piaX;?>~CmBLer`nlWfkxZ~Q0g$nkk6a(rGbwnQG;*XL5KwMp!MnXAhM=3!YXWYzM)
zog9Y8M4$T8LzQQZF;GW~-+ON2#rb
zmpzL8>F6e`qZ{u<=%(2~H(>+ac!_R2KsW1%Zd%~~2bpfR0NreZ|0y>G@yI91|42_8
zvza#fEqH!JDE6Wz!@kK_upTJWe6$rIJ}yayBFgLCu)&h9qqJQ<%oep&f*MPC6zQgZ-2egsaKL4Jt
z)3=oy>FX0f6B~Pp?n|ZeBiv3D=whEL%#QD`2%m)-hYDr
z{ZC%>EL$sVvCK64fQV&ME;O{8&GUUVRC#>N{7>1V?awnnSLtioz-!u-E!Q-U?-DJ?
z%3qkLi)PC>XKQH>&P~XicygXn@#9PODfXp)oTuN9k|%If|JQ6?d_fTgUKY;+FYD#P
z(6^W3eQA64X~v|8?6LDill-4Ge133lwDTl0Er0A>y2k{)v&{GXCHb`0wr32iSklaR
z5R^v-hgQHD7x3rW-G0n{CO}TEW(>(1=(B%l&T-?~j~M?dYxMQ|Ki;lBII8m8zi0OZ
zk`QGB3q-5r>~4T01ld4~fwq^;`1}68G&czrMr+he?TD6(#LQva+dXYN0f@23y
z;%1jtYxin^+!?{3Sof;c;75rwt&^)kkbp!CAqXV*dEWOqyJydCme@c1BeR=5=Y5~|
z`+YutPlIXxJ|kN`%MkMi=gPSpCh*mbvPV75W0x%CcswT?ppLF5fuAIu%BwQoWgCJ_
zs!*(K4aSHDhleP~q3q%@qw8Q_!DoxDX}Tx3uj1wt(LmTk{d@?@V?L2FFa{a$+-q-C
zt@7)tMQ#DU*`?bUFsDd_=M)Jvssq69k902DFu#?+MhfCS#=Lxz-2ps=xEE;7_S*QF
zzy{3w??Lhp?6Jo8pE&=&V9&R~@8V8#
zrfmN*YJY*%h$osI$|4*V#9z_(K_~6wL5rB*!QuP?<|waa_(=)ejM?3hib3J1&qvmFrN(
z75T0)w>6hZtu9sKIz;W5UKiTa^!o6-h1=FnR(=BY-e_3=cfdV1kK}ax{}=FosiA#X
zAL2M>HTgaGjvkwFEAeknFx2UavCW6E6=RYOW8&lf%s3`@!I)&F7?Z=qqxxAK=e?Y%
z8v2Yor+EDJQ19^2W;lCXK7or_+&0p9JrDiT^Xf&Q5AVv%CsV9uoEu9z2buJ`g`MXPe_{`aQ-^t_iGX6tbnz*G$^rU+{aX6
zRU(!j#=D4k-E+X}>h)a1>$%OLm(S2K09dilLVV>TRPH>KyUG|pN_AvX9p-ZPQ@IN$
zqm5ENTQ!s#e<+*F@o`-C!-RcQIE1+DsdZ%v$U)=mZ!Y2YF6A^v|F$oo
zeOrdf@1^E4zh`-_)IFqE!M&nmNL;4efhF)B;`e6}e*aj)@6RCo{^av2oi@~7-|nD10f}=}XFUHeC7=I7$KpbayAa~cFCuKiCoT!Uqg?bmf-?~N_*bG^e+m1z
zp7&8R^bz~_CiQPQymO;5e}iHEefs=gNz(j;VQ=a33iVOSIno58w+xFH=dzV8JwX8?4@$k
zoU3X0oAz%<=Rb}59>iZo9M-GkZz=^Q-sws$6bS#5;)3t`7SGjQ9@9NYJ_f74)%88Y
zm6hgr81y}8n#X+)s$U3%pQm~Xpp2HGd8Y8Ys+VK(|AU@oejE1}z%ozM?|l~zxEk4W
zPVTc1)1RKMER!0&I5!0}H_;0MN1_1Q(ua1kjyP{Uj(pRD7sT2a2Ww-i19`e;4xAe+@HcvrF`&QWojWaqdLZBkPW@U+Ds&u-YO?G*fO4&2#M
zkVP{Lc#cu#4dQQ?foF#AdoxVyh04NQp&x_5mMMhqh2(=L!8r;4x5e=Ric`k&SF@_f
zc>6Msz*jjFJ6G=^ACIO%^ueuy{r0J5VK@8WJMdZ?G#?v+GwJ6(_zpbRW163R+9I>3
zeegZ9mi>^lz~kR}Z!OALluax`w=C%Q>$ad2~^*{I`MNAsO|(#ck!#CzO5g
zj7i)-Je~piTg>?lj1iC|kez^sSV=LEjpqga_GFH~eTJX+kI)JYGIm2mX17E{F4nsvIq<&^
z`pn37hVduJgWmw_i`#n*eBE(9|J4B8al;r3VVjQr-!GEv@P`44n=|--W89od`RMW8
zW_q`NAa#sg4I6p|&tpIA)yL^w-vF+ssT{u+V8$WRX`}Is
z_KUOamrOmDYMpo~$Be#4YH5w^=uccDE}F}RevwDVxJDGy8qsr6EZ5&PtPy;-z_3Ov
z^sds6zJT#HQUYsakj-pO)Rz^tUX63WvBTV$XV1%RhyUeL2Z6svUzuFq7h!`KM|B_m
z26ayP{Wk75iFONt8Q%?efQ80MgLldiKZN^aqrP2Wli?Y#f@0$z;_tv7Elu8|3dpvo
zzYuy@XB)=MiSIMp@KZ7P8)`ebk7jFgMz$9*E25Jt8K?wJ34DqV@&WFKfa8`s}i
zVa=^#OE@-I4dwrA8S7E6Vk-9qXn=DMp10JnJGf1>g2u7zEXJYcD~_aiAW_%wa0SPD
zM!g%#wsq|DSMV;>F(C0h7E`#=k)leqWRKH%nhRUyo@_L_bqt*X^js74j
zl4#02FW1+v81t3s^zeO&#}$^sdA%ZKdu1p)QhRf#ybR@6vuer_R?5#E%mZfOdA!^j
z)?Y`@Wz+LIp8K;jawYxjuD+4=lgb|!1-sdr)^ukw`Xi+CVM2em>**YICE>H=#?Fwj
zI{r%^w-=aViL!Za@p^u*o~-nz_B
zIF}~#u`l8|6!dfH82Jg8oI&3J)HQ+Jy+iR~ypW#b2kHx9j-PtAtwon*@+oe*|105N
zp15Dr=bqN_&Dy^jZT#fdmE(c;XRIFTexViheRXVTzrvQm`Gb2Bea@GQeomSp;^{Hw
z6Z2zHtjKbpbvi-*i}D<5{vhxi6!%t$?Rieq|4f_ad809bCmZljX-#;I-M{lJuZ$Ev&1%uRILgn35zKqJ3$I4HG^3AdG
z4OG4X%KrzH??ydknZj`aWHze>;}jXYy9LMKNVQTmfo=BAmFB7#7k7bVyM<78Ih3v9
zJfyHuvbS$@K6}&3=@Q%Q?9|}=rm?e~7WZ}q+}rEea_x7lLaCsf3}eu@nUw^yF_x&t
z!DETgH!YLmi4X@&U?!fd?EFh0{4zje_1o8oCgm=bs`RpX0<0isdTgS^z4cQ5oay$KA&EGejXRIXD!B&(=_Hr+_
zS=zC{C-QN94Q(#~@-Y37v`+7zGJ$=2epgyne6=UJ1u~b^
z?^`Dw+-HN|^Wb*{elLXI-SB%k{NBN)?vvo`ErjzNapT&7ryPX!5=D$EX=r~Y{7LfX
zl@Y{vhWplP^Qf+YHGb#hTAmx-%5GDw@*3b9?+A86JJLPxy2A5rc;3kt2W{+7Yo6o)
ze$Ao1JV{ZzfHvYeonWTJ^vVJQ(8$?<(?@_ir
zILLNG-3Nnt>_4WbPi@ecek$u2}++K3Xay$A&
zs!QN=jn&Cx_MzT|j2(k@d2GLA52`jct&P_Kyakq@%hYpb9^rQV{5u}!5q=Pp2SpCa
zk>o+$f6jN@C=Z_EaE1Y51!F_mW
zrRtx=l)f$Vy_o-?8~x85aQ`|oiqz(;S?D9)Gb!eOagx(KLwP{Oy9M;Fi(^C^<>9fc
z?h=0|W0s0G*F3!AMJA3iR-?Aa<}=Mc{r*K8EdmFb4@$unTzW%As-Hv~n_
z4hNUfq8#@@YSHh#F1~N4X_&X#4m^{NMK0`mJimL-7}|?HmhLyYV2tvhyx#7csonAj
z?e2noKgbq`I@v9uiT3wA_NKQylk7*AWQGIbh2(D&?GgG|prO5ELA$G<7q#&G=P(Z{
z%tIZ_LnC|^gM3m2SNqwB@fVp}vqG?&OQq2e}7v
z2{307_TNgl1lbWdw_&`Nq&yeVcG3-PK^|=$pDSD=zLf7;7}_E6{kt{EU8nZJyg3J&
z{aik?3i)g@joYsc`M<2TJJk-3`LE~uc4{tZ4UZkEx2Qe%fAdu?^}=vP|6LaJ4{)|-
z$?H`;Hwk<$gnqT)`HegyVkz`-+?oo`H*O@|g#3Bxd?p<<{}W*DnFRbJ+a8)^|AgZy
z946am^fPh4q#LVc7QS|ab1frdALOOLKA330KCqdv4{}C{xsYHFk#+~0FF&a|#9j*K
zv+t)pJE%Q7lG<}H=qS}xo_BuA3bj{)_Ba#s&VM0&wlS_>`Tp=Dc2S#m8T?H$rA@)+
zd3EX`NsJ%HB8}9Rb}6|nuSoH>M5M&FyeN&_7LD4XL0ei3@kZE&-D%peGesMoGPL1I
zQyU&n(}s3xLp!u#i=^{Ui-Vie(En8m`u7^>-(#Y`F%A7aM1K#^Ut^$On}+^RQ_x>&
zp#KvS{bgzBM~Hp|=z9$G7pI}WAO-z72Kuv2^k=4_-$C>{fWE^(e`*@~Q&P~MV4y$V
zM1Ncw`ca}E<+4kh{!p6zcs|8`JZspGXH5ICH_d(=B>ICu|NmH={-j%s%4^NHdTj?TRv;p251pd$hvU+ny3zxU+p`SUNPoBzi=&fV!
zVDlnHJq~TIQrm9%2+^m3=b9vCLwYtvCZ-<`0hMxP6WyJ_qijtW^9_UXB3
zXi>2Gsau0K?o;Rp!5R*=?+%3TBshaH1
zK7;fOSF&d;Af4Ywe~;@MET~flxqUj1zb$FyI`tYgK^{XH?DiGfQk22qd87y4LCnWt
z!XoSe86NFb-8}Xr-??jF+=u3eWb>{Anq4fb4gJH1*=q`yk7OCKG)n|#-Sd>s#TM0QqHDDx}jbjuk}V#&Kqw3
z`6$`GhdFEzD^v8XsN@hU;?TjY=r2WH@{U>Z}CSqk*Ds1Q##9=(dih2JsXdG@b+tX=0gg<+}GB?S;
zuQ)bFI3}~b49_I{VXnW?^~0GTa)0z5v#w?#>_rv!
zs*kOQvDlV`-(7;a^Wb?IJTHgmc#iFOArO9mY>1H$#9B7ydsN`gk>EUPESv6Q+?Jc#
z7a-mEuKFOpeowp=2;WYakm?8Vy<lMMgNkvv>^Z*~$s>HxX>WoBYTeEU6|Vcl*ef{-Ra4-zZLTn4$=8h
ze+2WA{B=p9{!|^%>Ay?#{YTITHeccQ7vX+Rg!6vih1Btw)mO+*HQ1T{e#5(sF&nJQ
zSlIphjQ;)N(sO92>wh*#UJ{sMywg
zLtF8@%aw~gyiRBzVxq;`D}Ppr?VU^Q?Ro!zYqg=h8Prb;Tk64bH$u4&hKJuU{#FLR
z{f+eEas6)mc?tD1llVrAPlGi!Dt@+lZz4b2`TOtA&$@}9bsOV}pzpZ0=F!?Z_1*y&
z+UaJ;^!+$Cr#SxMe5QU_0AqsBXT;7|829_cxaaZyEedW0y6CR}pKTLij%*ymK=?k*
zmG1JQo$&YMOZyPf)A=~_I>2W+3Hf7F%`;-+7UO4xv2i6GY@Gi)-T!|}UjNyI^~~5D
zj+LSNTW?D`kLU37I2Y|E=DwGyUfiGYzOUzfUrBv$1iJU7sPA>C@6q|HAL%w{ZQ*xe
zQr-8ZuKOmcy8!CGmDhc*_IiDt-zhz;9)eG_dASBQ`PckHA^X*wh;ygvN1NgV+3Q96
zx;;YXc+f=&`3i7;w$l1VU8{aJwGuz`;=2c26$$=zbKs6y33trBaF;x#q5pjWtBn-0
zO_36w!)}{~HXe*gE`U3kv8N(3v?-IVjO4I;)7ou#9?J)I`>_uSs|`Y(!7Y=0unw0-
zpib`3s=!@UfV?KvgZ6zhE)4pfC@edqGIxp1p6TthxH*RLMIHa`9h5zaOtzA&m|t%l
z@M8Cq-@}XWF8a|K*Pr_e=WoM1BjFcNt`L*_mEQy
z#{`EZjc1zJg0fS$WwYs&*?PMX*o95WM;mYB1QQ@UIkMzX2qFmEO)%IdA5I!lhoxIK
z&2C^~vJedMPV6=_Y3)7d-t(jTsEaJ6wznd{vuz<^W7nkvKxSV!rbM3ucA6-Z7>H6q3
z%BN#~M_{kNlo~E3j>pC2y_MQA@pgo~PnJ!;xz?y?yo0-kw=Y^Ozt3uEJ*x&8UPrqKV+7_!>
z=4+~%EpgeJH5Jzi-lx!g2jRY#(q$F>C!8yp#s;6!b_wfsE^(R8YAWUxwZ-QKWY{&H
zs|L@g`Ur#K>lgK>upJwN73z>Ui^we=E)lt3WnkPKwB3?iaQFlCLKteyo7!Z+(L2-V(VGOl*xSZM~-UnLIq-
z&vuR_DKVj_!#f#(bh4G{O!#%@$Dd$Hj
z{8)`1|MsTXJMi%M!+TO-rV1y)Okp0Evs9DsGRI84O*t7KeUoC#ZM`aDrv91m3!C0V
z+|zZ0nRGuC+>$F>zDjNNP!G4Ljyf32eJhvT)Q;Ag>_SOI!U=yCXr`sjc7
zjGl+Se091Gak~CU&;R)b(sd|C*TqEF%r}zhIuxU;i|Bgk^={`r;I&k=IF&?;9}_L2
z@XT@4Pr!Ta{Oo>B5%Rc+{k%wmwGn~eP_{An>^Z$41owo_nATJvKftx%SyN+$#7^dF
zKl6tV&^-EH7kI@Ari`{67yD8u>#w7{Iv6k0N&B0{uM6xQ=5DoMeN&3PzWH^Gz04}Y
zcMO;$F4MAUO)zX9eA0H{6`uc>+PZW~@HvC$225G}84Er0?kSO9t14IQt?6~Vv!NZt
zqwk@-2EkLvYb(I!%;&s@c~rQLy2I%Of9Je6SLD~-Mtj9uPT{vIHwF&DpBiO?f;K>|C=gEb-4`-jNAWxp5{QNSsIX{^`
zN&0!tgnHi%7j^q%nDR}X>rIp=pVIF=y~1|^yC)2G579x9b{Pz>wrd#IfWy|>Y$KX3+=N#{EP&p3h$1<;@9N4u{MV#|M
z+e1N*Ss>fZ
zb9$w+vmJyPeWWLK{MRbbHx}>@a9>8>x2uEqZ-#z60`K1f@Bb?HeHy*@i<7*@VZwXs
z;Jt{CGT9rsttRr3ead}d3$8_bzo#DT$y>>$h(a5PwM?IwFEW^BZUi~#am`!r1G{T`
z(WSjBxEzceUJ$}~@iV4%-W%+vJ!ehZE3$FF{sn*dGMx=Pcv9s0i`835dKP`Z_TB!F
zh$k1%en8L4ClRMRkvAKX&Nsd|A@KXj{Fh<=yd2}h@vP#QUjOBUkd5B}`%cffTLSd(
zvhT;@CEDqp+om|9!2DIfL#@!CRt7p0b;8`{cRXj-DHS)^-}0PY*AUYOUnl)tbpmBM
z>Lr=`Lnc=0$ebV_Uz@x*sh
ze!H`99c%3M+8MWp1+Mri#}(f}bc(<|w{cwYwHU5=KH-Y9Cg6&TxPF+QqCO1v;p$(F
zFD^3Ri;I%*#n;O5Y!UIr+etQ>U!4qJTol6>W4*um0^81O6dr_kBaaGy-~#Vwc$)Lm
z|0esm`PXs!K5yuMm%zujG0e%wv95(Pz`Eu~%=|pH)(gHf)ppCrc=Hg9@QHcNF;jteV_LlCn2pPl3hJ~ma%i6YVZy~e8NwJk#Kn%$
zo@=C2@D%dO*D0n(`;9;RN0N0-oxJ9K5M(ZoyI;<0>xuewKy#4Ag^^_bvQNWbYl**#
zJLCK{JAuCzhR|kRK{_zA6LrT*%n39IIwlBXiuThz#dOc54m?-8JZ&ub@J#c+cBDQZ
zHiIm~Gf>%R-<*io_w&JXQ`firl%J))N%VDhOka;Ojp$|WNQ}o%b>nT&eG#FMX>*6#CKdtz;|4wng^SYO>a91d$(<`_>
zMSREKkqmYn`|I!>C&^bDiN@(M4{bXbkA^YLNw^M;IU|D@ADw{Za1xe7#6Bm)*H6Mn
zZiD?)ADujZ9PWV&`o{TXi=llDW9J8I6Z&XcFP9nfy}><^YKoI6hjG{O{N}l^=Hy{3
zw*w0`mE#NwdA=Q#Q&x^MDCGHeFn>lO4GJQ+$M8$}+HHhUaElmvp5FlTjSo}YUCU9l
z!$mxZ{71IrQxAitQzVVg>8uW
z&jT+b?j@ODL{2g{VnoR}E%eivatr`BVaxs7y)eA~_Nj#QYm^I!9GLwjPH=hX|mj~K6H7tjQ0G1)_g5stq!d5h_UUM161JL
zgkH)>l4BK=Ta+D2)Jv@($FP3=O?-c_f%7Tr@`ppT$2D-U+c`77xr*bY{c+57c&$9!
z{8@ROftPk16#1#*G6FG7*WljI$`5{-8pmX`J*y1%LkYCyn_>NK3wycE&Cg0NK$}a0
zB6bYVCYA&>NebCmQLqWV=dgzZUGN+7c0cXaH&bq|{$HVAvPk}b^PW4{lPk_*d7k1i
zhm6mlZ@iP$gl>TGoCg|qQ*Mf<;Mws-g)-LBc&gI@K7Ena#A;%+tE75S*}NXlczM7&
zm
zf88H`n{?Tq4+z~2Jk*Bs-9&pdk#2w3r`NwYfH@0S9+T|vc`R(hF__yZ)?)Osnn)9S
z0mgm{KTCGNc&gx9HQRawYgYK!*wH$mJFn4f@An`*l%M;<&r?4e4q(2$g;C+750zIv
zWjOykAo5D&9as@^NB!Y7lqaE*KeIB3^;W9cN)2m=A-{IP9Kr9R{wK|od;s-~py4y)
zrGpdchjiZ(Wb!^xH8$9$$a(&Lz?YUQaKL+J3+=KTLMYb6{?fF6yjJD&`>LQG2%xrmk&4l!{4KG
ztPkOO#`-)}$GUWZZSo6>A?;~Le^#_T&yeE^@A((HXK%YW->uu{4?jgZcxSs<`}+Hk
z_J;^Ru(@5(J`L6l(*IY}vN1-debvxW?tgQNl8B
z3WKdc{56})<64e?SIz%`IF3k~+ou41Fn`yGWImu`4xPYk9{)WegKb(MEm5AxQSR2)
z`)QK-nPJ3XE{tl-*T(lJ4C{T9e*PKicGd%ZB>Qh+y{oj|OJzLwsRDXcvzjBAZ_fvR
zbwInDh3+4I1lD`<`3LZWjI~Ren5gx`#|m=9-u#}Y=NW(a_msbGODLZ2P?rVu)Sv1Q
z?{i3(1r;Q_6!;z1{wS_Vhoq|GiyZO}ptYdepa-!(f?gMnYGSQ(3``}<<@>4dNp#$#
zi~=3Eh}wzZtFMGPmO@=^{&1zWfX=U_!_>O0EZfUGDhb@cc^L>EwZZN5aV`X4IzChdIzNCB{OxhaE
zW8VqpNL!<_BzUwvi7#=VUB=o>=nqNAn;&!D%p~6I58`|jYJvMjeK%|~hdDJH^8_)c
zm<->&X`UEAehvDuG)=ERQW$Ii9cP2FG|tamZG%3*GnM0uRJqZTTh<8khifPgu46k`
z0|4{X{uA(5iL_K}{8p~_4v;nYejY=8yMpq6ByhjN>%VCfv*DmK+M9zS?j|nZu9Wv2
z@P~WJ#`^P%;%owC8;%v|62dyj?LYO0^T_Tw2lreLyg6p-869As9aS1v@H%SeVGc27
z3v;nxob)i;8qI<6e8I3znnTNjHHmuNX8(hS8El`O*dExvm!ZAVpGbqPEXK+vnL*t%22Oh)K!^+URqZPJ5F`hiycMk=DuS@QIH9X%%#s
z$9gWlW{Tqz>QDH?cT+nD;hv)=WBo~2kXb}tWcWY&c@iEDbd(1DjO7a?p5$}B4(3_U
zS9gi6)dE?$%AG>K!Fo`G?Qq{gwu;xbMtgWfDs?1}p&jH!4cP-W>VF{pZ57x1<3J-f
z*noL#Ew3Sf`8P_WwOV7xD#ZH^H-2lCcNy^-(hbkiQqi!8#vTbwPQz!3hED}VAHE-Z
z_tI#NLI3LQ^SlGZ?>55v;Ja?1ca=@?uAk7mWO~J4}=>imun~_J=>Bz5HglUIf=$
zV12^-ThUJIph(CPdyP}4@T|=zTHjm?W*@N=RhI^Y>qXcA)8)Qx1V}j4XmKy>&8$1sF=X$0L
zq5RFm90=BrJ&iXjWot2izFScx^IerP@=aQ)R_M2;_x`=fd5GAq2Mg^$S>70lCbTVICrBAM5qZ5Y+{8pOCa;0U0AOe$1&0%&B@(J7|-F^samKH
zvy%F-jQX&5AL6U`!@O3)yq1;C0-?M3a-81a-eCl&_@5Da$Q=eP*iatLIea7{f!!~HlTq-xQO0e5<73?SGL2FHO
zDvf4OSq5K|W1ZKS=x+)27d|7hw3gS!5o_2PMA?7xFW}pe-P8D-!;8<`Kre`#PHGvh
zZ+#w_O^ovoX=0q)4deXY6yyBQdx-z{OdRJgXq=HfVw~%F9TA}yx6!^W9v#y-UY;!DCBpVCr+4BS3S{@FjbQT^8~jn7UXERk
z)x35m(CbG)FI@)d^w>r8C^gU{dkT8&CVCuyej+_8h#uPWqHk%eXB6###tsMK0EPqB
z0=2ie=k9dEe=vS9XM{xu_P5MDvaH$kA1nWS3wuvh37wTozsGqswk`X5Y}jLceityF00|1
zPNy|#LRJ?TWHr`yHG`jH!#EXAt3;W7FVU)L_e7a}C(Yv)xRyPI%-%?f!!zO;P^~+K$Y?|Fbc75d9*=hXa2^Eo`{$9D5qx^$7TW;9D?TYo4^Q1NSY_
zA4IvPfSlY3dJ*#~;CW3t=&xrC_IHU?sWtxNDjv_m_q^vi684@-Bv-^DWonO+J?|!;
zupxy{=;l7*XXP@G=Mtm84uG@)rfHdGMo5RWbn7fVm^_a(kEJ*(kIG!PSks@gtifbZWFp9Y9l^3
zk*|C=+OKd8bFA5L?BL6~4Zf_IeA#ap=&Rqa#|IXh68$+&lPVwDMI*^=V+<6w`#0Q%
z$eduu$g~Gn{cPNhc~BB|Ogh;y)e_pC#`R%U4&$B>+a@c>GZJA@lHQGUD*=BUzoTEZ
zfY)dGxco-w!*Dyuck+EdZ0>d{&_*xFUhHGCo%1K!(~H7=U1&pDM7*=Y3V3WFuCWtT
z6Qv36xsX)v1bG?v127+`f&aMw=T7kdD!KnRi~D~|C-{H-%t;b4U?7i&N2q=k@}0@R
zcjym(KsuK-3!V$47jS>@RY?Y)%mqGKCHDu@bUp_8B69er=HZ3J!;xo1d+o7yTv7e`
z8}WIdxdmh>uGMUgp(~X^HvcbkUjrRgb?txd%mgNZzyt@$Q-qmG#C(AR(wbUG?tDNd
z0W?(9ST!Vw8j#jl5o2{iK>8Z|s8OTR^(ao#nS|E<`yU>YKtHgcw&hiAc?H|_J*vSD
zui;D68Z~W^yuJ6?cjnGy5`y-vC2O%}GWVWy?>T3meSZ5pjQwW8++)AMe;g)dhXZwE
z7M885xL=b}5_n2MAL_}Zo7%?nS`618i^)T`1#=lMdC2q(=BC-`
zDOMWypiE@Z$wZlO7UU?iJsQm<VeH?`V^@h0r21)THL96q5d7Uh
zwwOParO|m)LTwEK<&&a7A<84Mv7Vx_dU>qOXM$O#12|6D>vnf0(eK#Cyp6|P^%R~>
z>IZ-^>{&_sr!DO@*8yvQuoRA2vF3V*elKH>a1W}YA_az*dsD+Fv$Xo>Ez;&<(_y*a
zGi@Jfku;bwRQkamhgKf%r+T}H3s6S~bmLT2eff=se{Nbo5
zfIVGE`h~rspgk%o+8f}!o_n>uVxF?Zjc4{A);X?#=SRibUA@o-?xQ`AehE==a(6HM
z$G$)wJl&Sr=8`q;-f;EueN)J9b8WErhcVq+qz}$uv@z!a|Hqu8^2}HjJ2RqB?#r<~
zCDcVjGY3#6d`TpnkHnvfKOuiAApW#*ME>;ej8kf!)c8{&@uwHhm5#`trn3D7`Ryw9
z%dtI)>zSHo{e{PQ_FM894~aO>GVAPJ0gT%*g6cguujp~HQ+JhbJPQr3tP^2ulW8h#q>kG
zCoE|ea|OR!=G*1(tYW$?hWF6s0p_Hi&fJz7ZywAKVF`=REB8l5P^(pAFv<74P`Y^i
z35g}Hg!$5*dBrGa!}Hv(^$9swc4&8LLOz2Zy3A6Spkh3%p1uG(_0ygP9--f}c>Y#B
z>F>;D99{f`9{-;#D}LGE`QQe||8UI`!?f=brk!=JbO6tE)OV&j(+zAJ?0tM}exQ}g
z=>8Gg9zTD5Sk3-6kz?MmJ{;QA0?Iuh0rG)j$@5~oH2U6RtV?s7zthLQ+{MuUERfZD
zn*SKm%#ZtK9-B+@=k96#F0UuJw-vsL<;*c0e2@m*!y*J*lJ6TfR7w0jfI
zt=N0~=O=rQ0KZ31b8?Qd)HGT%LjBfl&10_*jkO`QI?$S)=lgVi7f?lS
z0PhK=AM<=&G(}bTZiM|{pEk>v_pc;d!~Srqm@nHPR+4TC&Z`0Yh8o}rD|4|fp=vA-
zXIVEdavIYen7^Wq_Qe_67j4Y@7krays6;h=6P}Gole;({$#l4WBl5kWA{)x6IJf#e
zj94Gvb1&wcFs=zWrrqh&<`J)Np0=2DXYJ`OwP$E0Va!d>IVj&vAFM#+Jv1z0yVSL$pEBK;})96w5*fHAwAockg})I`@)J#SBd>q13W
zE1rOTZeqLDN>2D3;Fa}MAK>JkVq-qlyTnhe<|TZO!2Az;Cahyv%Wwb%QIT+6;+mC(;4!{|r8(*Yhs
zHuQ^QK%YKs46w$#(Ql_2o~7v-?`J)uk@bwYHv(i2QdP_+_8oqXHh!$Nitjs}-*6?@&d!Rhz6tjWGmyz5sUf0)JIO}`G
z>_7wd1J~|^eriAlbGG_Bn>GKx&C(8$&bpx~TKqfwUZdO{FaXaq{$-0jx^7{(f<
zFzlFC=GzSa+hJ~(!~U&A4A)}wUQ2qWQ)L#ABUJXyZGZrNK!Lx0d>Vd*{fP5CpXYgg
z(mbP0xq{C*b+epjeLZMwyMWumXE=iE_dKs3jamAt>H9o%z~8x#^}we$$v#i_NPa2A
zwE^_W8)Df8{tj#X0DkV*_jB+k{?3Ou<~7LuT*Nd0>rZn(iR6%cot`>BlCJmfg}F!n
zqh?_zo%Kg7YpsC(j*6z^)Ycqt+aR{?`km1GTdW~{V?O#siu`tzrF(()0KWl`t)(_m
zm=pM|9dngtnH=tU$~?7Stm&}Ax;XzI;D6Sm^fsX$r96n^7ctqcJdy$DNmQHwx%XH#Xp?_6yihVd@zZ-{rzy!)2BFGcxpqojw)Ko8I!Yl5O*X3)3-
zWxF->j+s0zjaJg7jxe@vh_&$@6J_o4h<=T#e{H703mp*qCKYWbEr#@E3
z=^Xpre51#gF4TU+7B-N#SKKGZa*M4K?jEdVD-7q01n@tTac$7dCu
z$6x=_>*X_6H^%+-XXxlVGsPY-D^KjgeNe0{lNjHcY~z?6*61}kUZ90@@(w=c@7&^+
z&+hX}yo<6Q?%fvJXPR#y@>m1Waq)V2|6aee$zdP&aUVhIjlRkV9>}q`RqKnzt4g5sziDn3qykNp3>g?uM0bR07LHmxxe#3
znY{Px!)RMbkBk&wg7aV?f6Bjj4Qtg
zDS+3Pgl2LcuR)e0+R_f7{|Lxxa3%u=r@A$1MdWvdefEn2nX6#4zjIQxoU20*Q9iPP
zL6OmcI=f1c!S=)1{n8qFJq*{QAa?=YA{_Z2L~9kHcZODea7eya0Obn!9vT{w_6Z@%
zcOmUy9!E3I*UkCf%|8=R;!unW;;M@{a57st_@=(^b@}BK*j~x54-Ev-z?UC>8qP%xl)7~uH
zKogP=!)F+EP7i7M^kJ`{P7CQBanft6Wxw99V?OO=U4!ELUBFdBgaQQajhU9
zqx{hCFwdeWqY8mB=Q~t}xzXRR;_<_C`$a}1
zS^u&?DX{gEt}sr+m}B^fO4)AWgQzR5C<3~-xeYE~t#MPiddC4=Nm
zGt;9`UYOMc^K^Oz^Zy3KYm&y3=j9ommtaGDUT{8fzZk^aS-59>kNZ34-XQOLxZ%Qd
z3#s@^al^>*SEyHD`7mUL`REZ(g(^9QYCQRX%|+X7Q~*!y`ySvo=AqFCFdtO`;xNtM
zbHJ$-g`CRiJ$iW${cc>8pD3dP_7uhspC*4Q%)d?knNklt^s;}2l{a{YeH=+JaY
z$V*8e_G>iIB51b9`
zUmv3jGtmX*nThtZzZTNQ0Asm>_v5@&1f^c0fa3dM|3>6`U`_Udpv+C0PcjzSe&Kh_
z<*Zo0=xU?-+?W@zAlS>eE}k!{B8b0ZE=vR4i{B9orpbJh!Jef1v*CXH9sLvcV^mkGu&2z)5v{JSiV>{q~7I*{k!{bhXrk@Zpr+_}x)`OaeI
z|LZlJ;ez+NoB3W2@V!+LJ>TmQr}m5@i#E9y|3wfhG0K0
zrI^N|P(nTkpv4ZE>nY$vc@Aj%??a{0qwx1q{`*7tyH`}V&)c9@SXz&IvaAKJdC#hD
zJgZ;4h0njQk$q;MMwE92L_wF9?*_;8E$E+e`Lx))wJc|)(OLQ)&;-^tyxetIQ4fC^
z<}44^a|#_841uLoNCaQ;a9_i@(B{wZ8Q8HOcyl%OEgE@tnZvp;D5?Znda~
zEg;to0)6D=#IeEY8yWxKi@ZD|f;kZfITx3I6`%iftssccLR&%>yf(jKz6{|nr!trgCv
zO0@sZ?nyd*p(^8m!kS+gp4-?)m{!_QPmXbsn9~+*8}Pp2(dhY+>zMxQZNUYKJ%BoX#N_DT)sQ1&h#z6zxdqybm;E7I4#;P^
z^Qyl6vW{%Df$3y{4nCtRq0IsXYr;!C$Nls^80AM&?NP*z?alCBX}oUd%Lic8*8i*V^^-J4
zJU1*}{tm2NZor88LuGXs&Inaiyfoif&sBxr#)4Nhe^8Qtzas5lHaNemAm2Ix_b9E1
zb4ntL^_Lzq<@&4cru-kRHH(LaHagJ$=svgdFtq6$Ee{IeUtRwO#JkYHO}N{WpMiO@
zE%0d;h7S2Gm7Zl0o5|ie3!Wz^-Z1`5IA7cuqz480P#I1mLR5xx6Zpkklr6ib625T_
zuMPV-sRPCS4D<7b^<@(C0w|AS-2lXp_UG(u>v4uGtn5Fh-)IIn0~r4
zh`%8|!~3$~Z@l+%YVRZ*W)t;cyk-Jk4!Dr68)NlM-0-)T{e)yKUp)V`XQIz*UyICf
z5Bz4~t;c`Z4)q<`@Vor3bWcsdlTN}C{}s!p7w;GEw}@5n+**!@
zF?J8nU+SQ~EyB<}lKi!IZ5&@K^M!jH(aV%T)5VHUIE8m%0)05i?_?y}Fv9*&D4$4u
zkZMs_^1K;ZzCo+oJ;n5=vYsFNJCA);?&AgU?8_76sd>Q~SZ9piLt36OtUla4kUtcX
zS*eZ^<7E@-LOw)0L3Pk^aW#HMkS6gnEvbKu>9$agYfJkfr>MxXzUnHqP!8Nj$
z-1+K9;runMk@(gL^H&V`Rt0?P1AJQv__hl0Ey%uIm`CA|n9&WmuDe$>cK3-L-I>q%zIU&Xewj}Xtvoz|>Od_E2t%qpH9P!g
zCAmHc+-sC^HN6VT#ODB$qispXC!?>`B_ylNbXeNs=hDwvckp-});gRK!P-+)6Uhqv
zq`TB743f79p#o-|9T*gifUk1GSlcC$59EZ$C9KD6TJL>|t#?qI+k<}LX7pKQnFiyC
zk?&2RT-FZG8I4#U>3w!kX)RJ^e9%xCp1U^6?fZL=?-hS%AD^W?cgZ+~48Ti9>#s3>
zFoM3)Dxa&fSRWRK`wp=UPQ&5#fWy}_4nIUO@V`mG;Sb-1IU5SJnn=Aq%+C)pM={Ek
zCag)lHXw5d*Q$;*kJ|o`N1X~X$UVAvOgzKxjM*npUw4A?a#r3YpOJl+RtrYfn@1TF
zZ6RXFZnLMkTx}oasJC!F88{0Qa-|v*a=fDd?8y02qj$>Z?YvXVmud(W$~t2S`BD!U
zuH#&(*ZFFVSL$-5+BjEgz8AiS4W@jT!F1hua;5eH{q^oqtS0oIi%=hwE7cZ8{Ih3h
zI}+A2oEfA244{C7ukzSI+xFZC4bNrG^F`_Rm&%p+d_vgwI3
zwCmzp?j<`_NeI_MvF4Kf3iE*Ccf2+o=G6BhtRL(8s_r1&Ojuz2MXSvl?jjXkr8b7YUF9N7akj8Xr~
z!}_1q`*NxnyDj?~>wi`!>Yp%ovl;$d;Q862q+7A}cx;3@e&@-9&px1e;1`Z;cxS99
zVHGbBw&`p2cNX*b8dg(2;|O9>w8aPD{f*W?pl^DF{NBae_FIMR14*A7N2Slv^7$@c
z`ZTZB=yNmBXHyjO*GT$Y2=wVnNuTB?DGm{6G?!_#5NI?PX!Pze&}bCqC<-*X1!y!k
zLVXa8=7z6Ik@#%=Nm&f%lNj~gm8
z|IFX{;Qg%sua)ztrR8U=$F;|3g*!mg!A?w`RfgpH3J>K^RT?93GTu8IElS7
zJL;Z;@o~SaYpG@fy#wkY;mqv7^AvS*tN1Kc;U3I4fi^gb7b8Dn58-RT1QKV#`JBPn
zAQNPM^pnCo6)}HdxUSbXWLm%L!uSjWVf5L7_dhP}2VBw#xFiI)Bm}r51h^ywxCC|b
zp*o$cGZMbpRx`YQsfNdGEX&TNJ%71N6d-V*J_9xp>Y5Xh4mLHC>e5ftW?s_67Z{!Ct{|=4Q;`L%q8zn3C
zc+viH73&Ie;h7IYAF`dty8&b94HCB@=0*8z(~U0jm*3we*Fw%`eqiVyfW^dcT|m`i
zATN+U+1~!**_DTDss3+1@y?jOOOyxuTKq(ZQhv%$lAp?h_?xWN6u@s*H1
zpVs6gddaYQTn5p59N*(8>+?{5gZ;1L{_Ac-o|5?NJNVkt+fZ+W`XvY1Zs9Ww^btat
z5pyD-o)h;L?klPpmhMu&3g`Y<^XaA9zdg4CpE@V?3vi|by;cLgqA%eNkW*d)Ipr;o
zQ)GU_Ng%%kSpTkyCxBnf4%R7{6K-~JCw$hyXFYrxTlcuaaK0?M=!{4gqJyOY9TU0?(Q)cJGUoo5bDfxP=|tIn(tn>MJM<|Z>p#CN>zdTdd>}5Q
zi2>lrcs3}2aq;g~_0IAG96ueLohYTcLifcIro8FHswZIf-VvcpRs1
zMtTs@38XufbNeo1rbBQoCn>&HjyJtM9o`u+1=7~n*tQ+GS<;q9bL;r`=9@7lBoi=7
zi4FC0lD3MxX7)`(8o+U5Jkd6#+7Twb`nzR2m6tjyf9&r($!o3NEc57o9@bhO9e*dk4w7D#>`2jdvaL)m4Zknfh
zU$ff0uO;alik0d>+YPE~lU4O%4aOO;AGg8WsO|pF7S?AMS7A=b3mgB8q&@nki^qS{
zryKt(+)wbP#Qk}jHvXIB{v0P#&p|evgA150nv@bd;)O89%a%lN+*#ILF1ZKa1wOl@
z18HLK;L5{5CqcAFszC2PzDy1r%f
z`ZTF@F5XY2bLk#hIZUPvG2efDMO-dLnelw`?DO1i#fsGWmM7UCZ2pS4zNJ~(7Llg9
z6wF2Q7H;|K5B(#&xBKB`tc26rx2J>;KL}i~a(#Cw?tS-cG6iWBSOx
zehl;o{eD_{j55F2`K8Z3Jt|CBXO~|XJ-*NK)vL=#(Er`e{D1j{&|`H+j2>GH;`9jL
zTSzy3rVKE0N97xU|5!)kT`u)-n9CmRb$L|tsv59-BgpAH0C&HHm>%TxbD=}$k-mR#c+Drx*yMJ~075TL@cC<-Ju@DSd0&r`j0L
z=cK^%YjrUu|Unr|VMT`O*7|#cXn4
zd$_Ol*CpbG<-E?fUZ=
zENexqF7mg(#QT5QzMOZ5W)AcK&G(2ML9b|vW|*QeJwm#5kxLb8Ls&zO^6RsHK6u(`X&XKJmsZHd^hVwRs^hB$n{YIUhs32^C@t~gQdyLc1E=|t=
zE!Sn&9rF6or5MkOHJV1}G5w?H54J6p@r~!J50CnTW>M1JBBcI6=H!=ow^8S@jeQE?
zGkh`7R4&=-enqyrkJ+!IXsNW-RY9LUVp;GS#ck8un3eT5Rk_#ZozP-aO|TcGjys3!
zZxhFI{$|!vKK38+I#-Di&eP0IY8cN=ct(|I3~JAqHpXY5{^{ZK;LR$wI~FgApYNl+
zPaVhqe$w;(^h)0U6`%d{J)QlmrdM3p`Th^)anbVB=llDNab7KtpYQe$Ys=fFEuj3<
zKDL)_Vmrn5@FlqRO_Pr3$Q1yQS3m|
z%ACr{N=3`GaTSOy7cFP{r{`saGg?7rzNvfq3^-Eu!Tpsj1pmnOR^`q2*v
z=HlsTiz|@7Z}Bq!_hBwVIY07wE@-oA&h?X5RamUAd9a3azi@RtGwsd_@eO}xHJ=+{
zpVUXlc&~SfkG#P6yw!(!NP1tvy>Q|3mu*b)S1Z$Jo^K5M0s6d+{Vy+kKb)fdkjKy4
zTlU%C4~v+tCzf5~y0=tCx_*-V
zk5?>?(>0t2!TmxZnd+N-eLi28cBM^iiuDclefzcaufrN7K$91f-tWD#7R>Ph_|)>6
zzjMcftp8XPr(e;uGFK6+79m}(!n0IawP*soQ;#?ks!PIF7|$tnkBaIcZ1o20kzac(
ztYgGjP{dc;+1}j@&p|)n2ABtU=XM;EraQcy$Fq8o%;TPX{T9CNU4(e4$)(xRfWNz(
zgk>`b4=?BYrZ3{$as2xd{@nz>=TFNm$GSh;gv{&M%ylTN!0)D-Y>N*580J@7e=q8Q
zUh1+~55d^p@Jxa6pik8~j(whb>j9m=B>DeA`~ETbS7mbj1+#K)kHj9wLWn!I
zGwy)T@HD_3Ucwzm33t5Bz9bQk#2tN~0C!9pBPPIju%9I1%f2z-kG}sS{87wymc8yc
zzwP@!#2>G-j^5|~?DN|bY-`@`x-fqG-`sAsD>eQ&%x8|*H9G#NWgEeCS0euCW8U1S
z>E6EXa;nq`tY=;L2T#2