From 7f00c9f2ebfe1e61c90880259ada47e26dd92f34 Mon Sep 17 00:00:00 2001 From: Georg Date: Wed, 11 Aug 2021 15:41:35 +0200 Subject: [PATCH] Init Signed-off-by: Georg --- README.md | 1 + georg/389_Directory_Server_+_CA.md | 121 +++++++ georg/Drafts.md | 1 + georg/Georg’s_Home.md | 339 ++++++++++++++++++ georg/LDAP_Sudo.md | 140 ++++++++ georg/Leon_Apache_Reverse_Proxy.md | 97 +++++ georg/Notes.md | 23 ++ georg/attachments/5341350/5341352.png | Bin 0 -> 53393 bytes georg/attachments/5341350/5341353.png | Bin 0 -> 12109 bytes georg/attachments/5341350/5341355.pl | 153 ++++++++ georg/images/icons/bullet_blue.gif | Bin 0 -> 60 bytes .../images/icons/contenttypes/comment_16.png | Bin 0 -> 400 bytes .../icons/contenttypes/home_page_16.png | Bin 0 -> 272 bytes georg/index.md | 35 ++ index.md | 1 + 15 files changed, 911 insertions(+) create mode 100644 README.md create mode 100644 georg/389_Directory_Server_+_CA.md create mode 100644 georg/Drafts.md create mode 100644 georg/Georg’s_Home.md create mode 100644 georg/LDAP_Sudo.md create mode 100644 georg/Leon_Apache_Reverse_Proxy.md create mode 100644 georg/Notes.md create mode 100644 georg/attachments/5341350/5341352.png create mode 100644 georg/attachments/5341350/5341353.png create mode 100644 georg/attachments/5341350/5341355.pl create mode 100644 georg/images/icons/bullet_blue.gif create mode 100644 georg/images/icons/contenttypes/comment_16.png create mode 100644 georg/images/icons/contenttypes/home_page_16.png create mode 100644 georg/index.md create mode 100644 index.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..708e976 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +This houses exports of my Confluence Space: https://confluence.psyched.dev/x/dYBR. diff --git a/georg/389_Directory_Server_+_CA.md b/georg/389_Directory_Server_+_CA.md new file mode 100644 index 0000000..eef07ce --- /dev/null +++ b/georg/389_Directory_Server_+_CA.md @@ -0,0 +1,121 @@ +# 389 Directory Server + CA + +
+ +
+ +``` bash +# install +zypper in 389-ds openldap2-client + +# base config +cat <<'EOF' >instance.inf +[general] +config_version = 2 + +[slapd] +instance_name = syscid +root_password = J0TMD8GdS5cNJD1jxg16WBtzr9SWWFVHzOpUoCn4QSlXkwKT + +[backend-userroot] +create_suffix_entry = True +sample_entries = True +suffix = dc=syscid,dc=com +EOF + +# init +dscreate from-file instance.inf + +# stop +dsctl syscid stop + +# modify /etc/ssl/openssl.cnf +... +[ policy_match ] +countryName = optional +stateOrProvinceName = optional +organizationName = optional +... +database = index.txt +serial = serial +... + +# create CA + +mkdir /etc/pki/CA +cd /etc/pki/CA + +# init first CA +touch index.txt +echo 01 > serial + +# generate CA key +openssl genrsa -out ca.key 4096 + +# generate CA certificate +openssl req -new -x509 -days 365 -key ca.key -out ca.crt + +# create extension config (for SANs) +cat <<'EOF' >server_cert_ext.cnf +[v3_ca] +basicConstraints = CA:FALSE +nsCertType = server +nsComment = "LDAP01 Server Certificate" +subjectKeyIdentifier = hash +authorityKeyIdentifier = keyid,issuer:always +keyUsage = critical, digitalSignature, keyEncipherment +extendedKeyUsage = serverAuth +subjectAltName = @alt_names +[ alt_names ] +DNS.1 = ldap.syscid.com +DNS.2 = ldap01.syscid.com +DNS.3 = dir.syscid.com +DNS.4 = dir01.syscid.com +DNS.5 = gaia.syscid.com +EOF + +# +mkdir private +cd private/ + +# generate server key +openssl genrsa -out ldap.syscid.com.key 4096 + +# generate CSR +openssl req -new -key ldap.syscid.com.key -out ldap.syscid.com.csr + +# generate server certificate +openssl ca -keyfile ca.key -cert ca.crt -in private/ldap.syscid.com.csr -out private/ldap.syscid.com.crt -extensions v3_ca -extfile server_cert_ext.cnf -outdir . + +# wipe existing SLAPD NSS certificate database +rm /etc/dirsrv/slapd-syscid/*.db +certutil -d /etc/dirsrv/slapd-syscid/ -N + +# export server certificate and server key to P12 bundle +openssl pkcs12 -export -in private/ldap.syscid.com.crt -inkey private/ldap.syscid.com.key -out /etc/dirsrv/slapd-syscid/ldap.syscid.com.p12 -name Server-Cert + +# install server certificate in SLAPD certstore +pk12util -i /etc/dirsrv/slapd-syscid/ldap.syscid.com.p12 -d /etc/dirsrv/slapd-syscid/ -n Server-Cert + +# install CA in SLAPD certstore +certutil -d /etc/dirsrv/slapd-syscid/ -A -n "SysCid CA" -t CT,, -a -i ca.crt + +# check SLAPD certstore +# should show Server-Cert and Syscid CA (the comments assigned in the above two imports) +certutil -d /etc/dirsrv/slapd-syscid/ -L + +# install CA locally +ln -s /etc/pki/CA/ca.crt /etc/pki/trust/anchors/syscid-ca.crt +update-ca-certificates + +# start +# asks for NSS DB store password if one was set +dsctl syscid start + +# check +dsctl syscid status +``` + +
+ +
diff --git a/georg/Drafts.md b/georg/Drafts.md new file mode 100644 index 0000000..2ccbba7 --- /dev/null +++ b/georg/Drafts.md @@ -0,0 +1 @@ +# Drafts diff --git a/georg/Georg’s_Home.md b/georg/Georg’s_Home.md new file mode 100644 index 0000000..66ace8c --- /dev/null +++ b/georg/Georg’s_Home.md @@ -0,0 +1,339 @@ +# Georg’s Home + +
+ +
+ +
+ +
+ +Contact: georg@lysergic.dev + + + +
+ +
+ +
+ +
+ +
+ +
+ +
+ +## Recently Updated + + + +
+ +-
+ +
+ +
+ + [Leon: Apache Reverse Proxy](Leon_Apache_Reverse_Proxy "Georg") +
+ + yesterday at 11:35 PM • updated by + Georg • + view change + +
+ +
+ +-
+ +
+ +
+ + [Drafts](Drafts "Georg") +
+ + yesterday at 11:24 PM • created by + Georg + +
+ +
+ +-
+ +
+ +
+ + [Georg’s Home](Georg’s_Home "Georg") +
+ + yesterday at 11:24 PM • updated by + Georg • + view change + +
+ +
+ +-
+ +
+ +
+ + [sudoers2ldif.pl](/display/~georg/LDAP%3A+Sudo?preview=%2F5341350%2F5341355%2Fsudoers2ldif.pl) +
+ + yesterday at 11:16 PM • attached by + Georg + +
+ +
+ +-
+ +
+ +
+ + [LDAP: Sudo](LDAP_Sudo "Georg") +
+ + yesterday at 11:16 PM • updated by + Georg • + view change + +
+ +
+ +-
+ +
+ +
+ + [SUDOers_OU.png](/display/~georg/LDAP%3A+Sudo?preview=%2F5341350%2F5341353%2FSUDOers_OU.png) +
+ + yesterday at 11:15 PM • attached by + Georg + +
+ +
+ +-
+ +
+ +
+ + [SUDOers_Defaults.png](/display/~georg/LDAP%3A+Sudo?preview=%2F5341350%2F5341352%2FSUDOers_Defaults.png) +
+ + yesterday at 11:15 PM • attached by + Georg + +
+ +
+ +-
+ +
+ +
+ + [389 Directory Server + CA](389_Directory_Server_+_CA "Georg") +
+ + yesterday at 2:54 AM • updated by + Georg • + view change + +
+ +
+ +-
+ +
+ +
+ + [Notes](/display/~georg/Notes?focusedCommentId=5341309#comment-5341309) +
+ + Aug 04, 2021 • commented by + Georg + +
+ +
+ +-
+ +
+ +
+ + [Notes](Notes "Georg") +
+ + Aug 04, 2021 • created by + Georg + +
+ +
+ +-
+ +
+ +
+ + [Georg’s Home](../georg/Georg’s_Home) +
+ + Aug 04, 2021 • commented by + Georg + +
+ +
+ +-
+ +
+ +
+ + [Georg’s Home](../georg/Georg’s_Home) +
+ + Aug 04, 2021 • commented by + Georg + +
+ +
+ +-
+ +
+ +
+ + [Georg’s Home](../georg/Georg’s_Home) +
+ + Aug 04, 2021 • commented by + Georg + +
+ +
+ +-
+ +
+ +
+ + [Georg](index "Georg") +
+ + Aug 04, 2021 • created by + Georg + +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +## Navigate space + +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ +
+ + + +
+ +
+ +
+ +
+ +
+ +## Comments: + +
+ + +++ + + + + + + + + + + + +

blabla

+
+ Posted by georg at Aug 04, 2021 01:08 +

test

+
+ Posted by georg at Aug 04, 2021 01:18 +

test

+
+ Posted by georg at Aug 04, 2021 01:58 +
diff --git a/georg/LDAP_Sudo.md b/georg/LDAP_Sudo.md new file mode 100644 index 0000000..0e049fd --- /dev/null +++ b/georg/LDAP_Sudo.md @@ -0,0 +1,140 @@ +# LDAP: Sudo + +Prerequisites: + +- 389 DS server +- LDAP Directory Manager (or equivalent) permissions +- SSSD client +- Client root (or equivalent) permissions - ideally not only \`sudo\` + permissions, in case you lock yourself out of \`sudo\` + +### Verify the sudo schema is installed: + +
+ +
+ +``` bash +# file (locate 60sudo.ldif) +/usr/share/dirsrv/schema/60sudo.ldif: ASCII text +``` + +
+ +
+ +### Create OU: + +Create an organizational unit to house SUDOers settings using a GUI or +using ldapadd/ldapmodify. This is not documented here, but the LDIF +query should look something like this: + +
+ +
+ +``` java +dn: ou=SUDOers,ou=syscid-system,dc=syscid,dc=com +changetype: add +ou: SUDOers +objectClass: organizationalUnit +objectClass: top +``` + +
+ +
+ +### Convert existing, local, sudoers to LDIF: + +Convert an existing, local, sudoers file to an LDAP importable LDIF. Old +articles suggest the Perl script used for this should be included in the +\`sudo\` package, however that does not seem to be the case on the SUSE +systems I worked with - I dug the script out of deep parts of the +internet and attached it here - whether it is "original" I cannot tell. + +Note that the SUDOERS_BASE environment variable needs to be filled with +the DN of the OU created above. + +
+ +
+ +``` bash +# export SUDOERS_BASE=ou=SUDOers,ou=syscid-system,dc=syscid,dc=com +# echo $SUDOERS_BASE +ou=SUDOers,ou=syscid-system,dc=syscid,dc=com +# perl sudoers2ldif.pl /etc/sudoers | tee sudoers-389.ldif +# file sudoers-389.ldif +sudoers-389.ldif: ASCII text +``` + +
+ +
+ +#### Inspect the file for faulty lines: + +In the `sudoers-389.ldif` file generated above, look for failed lines, +which may look similar to the following: + +`parse error: Defaults!/usr/bin/sudoreplay !log_output` + +`parse error: Defaults!REBOOT !log_output` + +Remove them, in order to have a valid LDIF. + +If the lines seem crucial to you, either correct the input sudoers file, +and run the script again, or try to manually add the settings in your OU +after the import. + +### Import the LDIF: + +
+ +
+ +``` bash +# ldapadd -xWD 'cn=Directory Manager' -f sudoers-389.ldif +``` + +
+ +
+ +### Verify the result: + + + +### Configure a client: + +Add to / modify in `/etc/nsswitch.conf`: + +sudoers:        sss + +Add to / modify in /etc/sssd/sssd.conf: + +sudo_provider = ldap ldap_sudo_search_base = +ou=SUDOers,ou=syscid-system,dc=syscid,dc=com + +I read that a \`service\` entry should no longer be necessary, but am +adding it to my existing services for good measure: + +services = nss, pam, ssh, sudo + +
+ +## Attachments: + +
+ +
+ + +[SUDOers_Defaults.png](attachments/5341350/5341352.png) (image/png) + +[SUDOers_OU.png](attachments/5341350/5341353.png) (image/png) + +[sudoers2ldif.pl](attachments/5341350/5341355.pl) (application/x-perl) + +
diff --git a/georg/Leon_Apache_Reverse_Proxy.md b/georg/Leon_Apache_Reverse_Proxy.md new file mode 100644 index 0000000..308cc84 --- /dev/null +++ b/georg/Leon_Apache_Reverse_Proxy.md @@ -0,0 +1,97 @@ +# Leon: Apache Reverse Proxy + + + +# Reverse Proxy Setup + +## Apache2 + +This allows you to access the Leon web app using an Apache virtual host. + +## Prerequisites + +- **A domain** + +> DNS A (and/or AAAA) records have to point to your webserver. + +- **SSL certificate** + +> A valid SSL certificate. + +> The setup is possible without SSL, though using HTTPS is highly +> recommended. The following configuration examples apply to a HTTPS +> enforced site. + +- **An operating system** + +> Obvious. + +- **Apache2 / HTTPD** + +> Apache2 needs to be installed, and the modules `mod_ssl`, `mod_proxy` +> as well as `mod_wstunnel` need to be loaded. +> Refer to the Apache documentation specific to your operating system to +> find the correct procedure on how to install and load modules as well +> as on how and where to define virtual hosts. + +- **Firewall** + +> If a firewall is in place, the ports 80 and 443 need to be opened +> and/or forwarded accordingly. +> If Leon resides on a different machine, the configured `LEON_PORT` +> needs to be reachable by the webserver. + +- **Leon** + +> A working Leon installation. It is recommended to test if Leon works +> as expected before attempting to troubleshoot issues with the reverse +> proxy. + +> Warning - As of writing this document, the following configuration +> examples only apply to the DEVELOPMENT branch of Leon. +> Since this branch is deemed stable enough by the author, the complex +> procedure for setting a reverse proxy up with Leon from the Master +> branch (it involves tampering with the source files) will not be +> explained. + +## Leon configuration (.env) + + # Server + LEON_HOST=https://leon.example.com + LEON_PORT=1337 + +## Apache virtual host (leon.conf) + +`leon.example.com` is the domain we will use to reach the Leon web app. + +`localhost` is where the web server reach the Leon backend. If Leon +resides on a different machine, replace this with the hostname or IP +address of that machine. + +`:1337` is the port the Leon backend listens on (you specified it above +with `LEON_PORT`). + + + ServerName leon.example.com + + RewriteEngine On + RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L] + + + ServerName leon.example.com + + SSLEngine On + SSLCertificateFile "/path/to/fullchain.pem" + SSLCertificateKeyFile "/path/to/privkey.pem + + ProxyPreserveHost Off + ProxyPass / http://127.0.0.1:1337/ + ProxyPassReverse / http://127.0.0.1:1337/ + + RewriteEngine On + RewriteCond %{HTTP:Upgrade} websocket [NC] + RewriteCond %{HTTP:Connection} upgrade [NC] + RewriteRule ^/?(.*) "ws://127.0.0.1:1337/$1" [P,L] + + +That's it! diff --git a/georg/Notes.md b/georg/Notes.md new file mode 100644 index 0000000..20f4abd --- /dev/null +++ b/georg/Notes.md @@ -0,0 +1,23 @@ +# Notes + +WIP + +
+ +## Comments: + +
+ + +++ + + + + + +

so cool

+
+ Posted by georg at Aug 04, 2021 02:10 +
diff --git a/georg/attachments/5341350/5341352.png b/georg/attachments/5341350/5341352.png new file mode 100644 index 0000000000000000000000000000000000000000..0f631022d44ea0460cfc3ce7bc2f35b8a5ce0e9b GIT binary patch literal 53393 zcmd42cTki~^EQf)0YMQLBn!xbAUT7iMRdtYa?V+DTr!G;B@0MSO3pb)6<9Jz23c}W zyTAfV-m}k(@AZ|(QRTNV<%sn$b-91-d-4pg+Ntytk5+4T#hd@>atcrtk z{~8D9PXEJyux|t&ddOgZ;W^3ZxZ>at-~9V?2luN`5Dv}@99gi0x~JjZyq9{~bQ|Z@ zqCejYx=-ZyD1TUH+F4Sq-kCdm%A~X+?2*o>G{&Gfm%G31G~9$1>)g>nwr$2h=H2r% zea22}6;mzk;`tPbttyE{>JLSYr9P)TCcjIWd|&1TgV^QuyMI2jF?_4qT|!!|$5hhV zi0k=aXe#OgY?0TMj{ciI_ptN(&m$jQTeTe?K=I?Bb@PfhFYesFh1=Z2{JWC>JlaHG z(0||KXs7<4XgjzrNdGR!3}et8?QPt{K1TU%o1qx=BF0<#%H9E%F<22nx+!0@_TsC16TBq8)5csVpLy`QZD+|H z(aR~9G)Kjn2D2i)dpq`zq*p(@X)QctV__;xVI;q#n0{L#4qR)JJ>EO=S z6T8SR%qq$jV%PT?V~An^+%Hpu%FMT-7Tj4Ad!&22oYU%B%JQ#%FEgg0L*9aSLiW?9 z%M?bX`}L!j7ovHQ*N9_x!8B-IUO zOMpZ7b|djeJ723W>m7R)!?hkMrPbAK9B)dO*4y2IN3 z&+;%S(szCwa=t{h*N$AUvb)+EGMlGad9vG>hWly_90^Spc9=wLPOn8z8wsoIQaUu; z7Y+>VcJMx`sycmS)zH2EVqJZ;6IYe?hvF~|(k;h;`gtqx`J9490F)2F0ZMcZ< zS*cOSW^fnO=z8x>i)}Q`fzeH;`fSY2K^oP>)J{#P^06|@YRz=QK4y;XIsmh>G>K;< z9Au-p=kxu`iAE--w4Woa&#=K6wYnG=eKjXCM28D}1=81>JUwVn=-#H~=l3SIW)rU9 z(%|v_zEg~L%s!a-#b&XXP{YrJo6(;e$Bq^~O7~qeT4-!d)>o{IJ;Jd4wHeioEVPNr z{XCtcWz?h=Q`4oKdk$|wA;az)`RjXt*w-H%Iw-|qeY~a)wr#@vVNbNTND|xVR^jrP zn*vrdwOu(&14bZFLUE|$eAZ`(7z}o6haFvEP-h#|-Aw*|4zIg%1ENpAe5pLQwW!+o zj5$9tK`L|M3s0++kfhW_pP+*RyMMjGmuO z8fU(3Y`)#R1|_fCMjpnyLFhfHnW4cmlBvUfhvjuFRN{$=W$b0^Y+uFQ<%IUzpc;jQ8Qx*|N2}uo0{oM8KS9DrKfgD z<+C}fwP5fybq2Adj_sptmf^?uhZF`So^J^#Z&Gf&h<+S32#2pxKCg7PF|SP>T@fJ1 z<94nJR6kr&z8U#k(|_KmTJ`N-BA-4pJt95%p+-RgYN-UtLNix~nhWS?tEfA=nmuwQ zAVnfc`M6aS>=65el>rgZjYUab@s+*(y2FH6l@C(wL*^2ADpe|jtJ4pv7XL8e7gcfp zb542%t-o1L8L$P%geJd`As-cWAbL#eSond`D5Zu)Pe*Gta)48R_##FVGT)fOCv1By zmWDr;)NQM7!t;qcEXb?WP9kTW*f;mqaBvWeHAkT8iMY7e5>KZ@(J{7`&rlQml82ko ziuNYDPgT-;q%zX-S0e-SD3ckwSnJ8n*4i)5ISK2Ab>IK$1`LSm@+z7t@ZkIQesFgo zdONXQt=@iVIv+dn>tuJj!e?prM6cZcsNYsvnCUe)42tVxG3(nb^VAXzAP$7Yio>?@ z8Sv?)x~v53LF_uuK?~}B-LYAE$z`RyWF(X+C)yh5i6L$CLt=5?`j5KGH0P^75qDa~ zhln7e9UY#U1V4u!hdupYemFS=t+H0i3?*t&zFF4Zjk^EpEqrIbMYGf}-f3mE=!D|V zIKiDqo07k~q!cTJ=zuz<0&z`4oo4C1Y1}5fuA~YS6hc0`v6!;%<)3sMK{Zvj)M62R z8eUb*k zjMjSDpdo3zp&V11(^HDqTCT@V!3isxNelz6S*}g`3|hgLH%EBdua((ETVApHexMx5 z#+T#m)SuQBW(<>gPEA1)Jmb0VCZYo#?*E!HTb$;|p1MnUA!}4E#_2M=Ch;(?ury=Q zKlhE;lvCwZY8t6J6GWH8h&v+i?RR5vc2kvCGKE$`-VH@dq_(G$O8tkOOQQXq6N>7- z=tK|XT%`lzj(Bz*qB?;pTo7)3_tA)9gYE!3fmZ$k%D+UhUVS>|)tG#}IaN_X^#;s7 zMS;-@?ogxHHWy(&P|cGcP}cFDuIgj#U+k>Cl3y^uR{V`Y8su`gw>~=i=#A+7rZU9N zJGYYIa=d;(>FC(aO;~FabZ~ap#Jw%MpyGS^`0!nl;bI2z>EGb~c3M!~p08_`+V_#g z_w}kDgpa%?xtM^U-%jTj*M#=I<`85LS;g$j(Y|gpQf6JP;u8>mhGyi%j5b~WaA-*R z<`v7XseRJWOS~BF{IxFk4%9&B^xXoXpsnLcDh4IS*ih*Y#N#fSjM8}Z8+R+(^p<^! zv@3;Me#vKgffi@s3-cnzXz3;3DT+_*Ij)kj3Xq^PhV} ze21R;D7Rgt`i}U$^l7hA;`npfLOF7cm`<1rX!P0Hz2i7U&5p!eks0VU*!3D=-iOIC zMic6l^XoSYqca(QR(embmV~*Eig61YZwq7kKB;Z)4Dl}fB*|4m?Aah#{?vYum(5k} zXOi|7;S4xFDk$)74Wo7_@j`WnA*j>jBO1ygzeJpV+C4EkdpZ4f>6&Tr>}|EpW__C; z-!Cxcq*%P|#KxU4GJaIS_Cp3%IRBoUI3FuOd#L}0wf|=#+1#7^M!=tqC&5-z-4C<3XXGm~sFrS~ zWq*?*{oHJeT^f%*3&wc7zUEvsz7f5ivQ6hWQU zcBM3#eL-|9Y0`Dl4ZmDrv(_I_AMYW}7>pzk=wK_XQQkMEpkHEFd1<6iZn060+#AT* zS;VaTuG{trX0rD-cbu(ug8AMj%9BdcBrl*q+Eu;IPu;9f^}Z`WhTG5v`Ig9@9#f2*dJF_V0Oa|&jFN~FPdweghmESS? z{qx|U%xTVnuLRwgQ&)7ku=aILrgXT1NZS$*{z3GDs)(^!R$8{wj=C$hef4+t!?{aE1=t_y1jE1G$pZ(R1A0Min zUg7oGa-eIlf9Xk=`r#oUQs%jU-t!x>yYbsm&i?=)M&c)-M-CSKfA%ek016p8={Yuy zOrr@8<2*?OwR7Kmur#C6ZkoA?(D_LG7PSs^YSvHnp9*^AHo8VQSK0e zgJ&56?EE`lNz&SHrS6a<&V;0&-Y8vEZw4|O=6pM(Q`^m3?P2wKuBO(^)kcTamliLD zhSijc&219mseIlnKSPU@V?Qw~WDI((x6f<+Gnu$`Is-6Y?v=KlZgQPI)%T~2_K77) z(S9nUVhMb4;QT~8{j@C0NKM)9!{vqHi}=tH?HqhTJMH)^QdTZT^Sz6?ti6@t5b-w8 zAG%JM{B?ZTxy(3|BXuFw(U6PY4r?^;3UBIWZ7Oc7ns)Ga>w&4Uy`Wdyjd|a%#_`vO z9qpBm`2x;XF16CZCe5u;Y4X*?s}npUXIoB25ZB2Rl;T|ueD7@s0Z2n-a@|O4CA-AZ z=S?Hb$tX>%_TGh6)}raNt{dKpc6|pxnC0V8^U_uL&*FnupP((J`8P#D?+y-#Yo*#E z0b!prhB6G=OhsaPh5WVVhD8L%Gk8%bHtVbDColMiOVX`eCN0w=CMl)Qe|we^D!U^(}g$N+B;l zJ$3voPvOjw>)`vojFdc9ln&Y6HvB1x5Yh~lfhzwVAdf8=G4}w(s_V5{Vf-j!|5?qp z9ivx)u?=*fRhm}w&{TV19)s;1Wjp!Ig_^u@MJ|^4;e%2|5joYo_P0PFk&n-y=}Id9 zz*=Nu+hN2=emux9omf#YMigsZp-^*JRE&5Nx5O|MYK|972+G`f|0q&VaY`0Q8r!lP zW}vf-^%EQ_lDiX>I*yY~`QMTdmJ%(J<-9O%AjpRMBn%8T3EBR~F&{)Fpz&m`<7U>)#dUE4vo-fG->(TXja3+qd?*m#gRGIQ0oQHHR_asBgiGWX6u?u3h3#LR+; zrAqB*Hfd>4Ny^78QecM1MmI~>tixaJeFR^!1{Dq}T$5!O0IME;ri%j{a>v^Q#ZNRY zFH>VBFC?sdv)##?f!J#k_k7Ky&?G9!X=7~$tFEw@ePXpn)9P~78ypQFO)!2Y+%kWP zfcOhnqb_4eiu&gLx5$uF!ml^eUpkCTZ~;MM+LJ_1dcW0CXV6(um~6HY`p1KubY}== zy)%@9U`JrDU63^pK+B&NDiq7(C7BurfVle}_Frn4nH(|;4Rpb11Odz&?QVjPrr6)Y z-C!dt*qvU93Mpdvlm=x8IUy_+gp)tHhJ`j*$&fp@%=-Lr={=w?S|I1-0y=m7bQ>63 z<(abUSK(UWa5WovktI#w4GzJNmx*WY%J+N>uY6*l&9WKZx8v42WYYy$>YXm+uD~Bm3b%>q9h}xGqQv}H-i9Z|6r};77MV(QA zM;RIh7js*$iD9`o_x+Ge{jd59&~dQxYQ6x?jG1SKw>SBG#(iiEOc^HUd}zL^sYH?U@3uN24dl9xRl;5AssZ;1?lmZI<$?EBj;;{}k?v8<3n#xO5I z%F-dg+v{fCEX&t$UnKukZ(fVe7l+uLsDHOvPoZrgLlOoyiu(a)B9bNMRsC8M@{T1* z9ttH)W>-p8K8t~HU^Ck`bd8vF^z-+vo0$?ML<6IK8E$R5iO;%#V&rU3xBHNHy0pd!+CpPqnk zk>W?acL$uwxTFALb_+0{>HY~K+jK{}ED+#aVDFhutkO8_(=6A~x5og?=6V;H2yj+5 zLVlD1vwY?b$2yK0n`GW70ZkYb+6P=Y)~#FG+Wk=a`Y3d<)xXv(Jz0v1-U`h3q3Yr^ z68>U~=vWmi{ZzIaVgp9N#+jGeP>tT8z%bvTvz%1dJ|i*}7i-+Y%=92`cT4=J23r5s zsCOD-9vzdjo@rwz@rzl{VLBBBT);-RnDgv^>E0f+uI7I9EX*f~LH zmk7-F*9V#v6u!7@s|u$HI1@qNah5baLg)-sl`cs^zFzj4SR$kQxiTK}l!Tc5>EZWw z3cNHSA9^PoRzC>*EM)g34B zA{z(B%t*py8UDc@9zGWh73s-_FPA&bT_^wmH1sBg+LZFM#1ItgGwrfcx5Mk{(t6Dp zo~3-vCTVVaL}7WvAJbB{VMtiTB}ondWVv~v{^^g@V9lX8ETUI}LZLBfC4_AYW6h{- z=?K$%7IMWBg^nlnOjymEeLnvSn1hAHEx5QLLV$>2qYNx(05{<#bOoAxc&*>Q{62TX zN}6YdrUcoQ@@2V)??GEQ7GllvtO)SyZyVLnDg7pS#x4?Y*6ah~Ka-UCeRkaWbr~N> zv~M=<_<%mOMev{dm0+t0S#sxwx*i_tkKpeu4&RmK3i0pOGaRFMTF_9aOlopwsd3k( zaCy{))nDpsX-Y?7LAv&Yu(?Td*tA;yNVr(a6u;h{OOAZAGl`R51PbjYKbDgM2XZ?q zhUDp_*7%`ZDCj||0pI^D~S zP;x$yjR2#kR*E9^BylTN@CP!rNW?qFfzov_-CwEed`k@SG<4Vz17=s&Ua|47A~G*R z{4q~%@xw`cNO1}|64*e8c9 zWLYNy8GU+g?0~={H|q8`;4bPXxJ>-S*^khoTD=)bic%*2P|38Kfwzuc@ym9oPuEm%`wGvS6h}OxqBp;1UIgFtW$@l+9G1EZC>J z0+HNY@L2;LE7Gt){pPg$`=l|Gb|hL1azTxgF`_N0Eo=!I8Is+ycD+dqOXHmYt=7%i z6^c%iQ)+o)maBVZqdv`pA0cQWWXG5>$M{Q`uPNQEz_b!6&qB&8dIoFXi)E#Pcp2E5 zi%@LD+heJ3I37C$?VmmK{i~FF%k>W8iLe;?4SN&!n>$%aX+AO93MMw1uUAiDu66HZ zE^nh5xDrvDA<~F6wP$J;zOVj)53p>a>TEg#*Y!Hi`ApJY<9p9+Iq_Fe<@aK=e}KOz z2OUTiLBTJWb-mVkISMc+{mF={n7yxqto-)>pZ)=`;W zKps3DH8=9P{Kf!eQ7!v|mw9L+uV-K}KWW$^178sDHGQlbrOKi-Q%W6`ls4$0#1QQ+ zXt=)_{;*DtE{SJUNWgmAuDq;mOo;1eWUwAS@iPU!$>$aPibS!UaG_kNU{`To`SLEm zk+1&CjZ!Wd_PX^+F=B9fA3a}eu~V@ATg1QPDRQibo&C2K;G8M6*n9rj@z^|@XM@7A z4pTNU!6?2%gFx2J*6P3*T*C$szfabm_CPW_Ei^~7cVG%HQ5fm;zVN^dptCzLmU9o$ z=zRkoc*>L=2Cz9Qu6-5uEiBo(xC!x4<+I>ND=C?Sv-GHL^D?<8^UNFAj;)y}*zw*& zV_Wl^#O$u379YJe;_6+}i`;t^@424cvkSxE4Eg^H-6YpQ2X#algR}m}o$>SS_ut%Z zlao(nVBkNPYCXl@jyI=*11tANT~-7;#QerDzu>g@2X*Z)`Ze?QkNY2NI!=2MXF#|~ zQ_#JxE!DrM%W#c+DlEwfMgH@pAN%}0k18Ap@}rgc$j7H0naA+KaE~%G9Ml_aQ?S~* z)sMXlunC4>OkGQqy4FP`Y&-Bt88AfCAyu%n9$}vj(tqR!&<3` zqt8yp%tY*D;+OD@T$iS=k&K89b7}2Xr7<1n;--S~>Y?QT!0l2TKF_71mz6G)$BCIy zkve*uG$8%p`#6=)oPDe&iksr&A!ux zQG2%~A95N?RJAsFRjLO^D%`I2`&HHjZ3Q1C(FZ+4<8Ey1K)LR0p!rs<*RnV2|#TId$y|cY_Nb%E}+d-fHVaJwJxWha@0no>(Wi*%wFc?1N zR;(YNm(r*?YmDw_(1SdKi$XON5HDC1J%U6?g> zR^T78=RbL1M{{-lPxL?%huv(VH0@y6ak6p;#%3#bL=?!|IETvl2Ob<#FW|nImLAty z{Gxp$S0nxUZ?gPj8oarcFhXF91RFPOaYtPm9k0;uZ^qPKCUKAdX< zLpj1ME1kRPs^S4xOz&e;ka+liXdl-j9#^NuxgxnzAme-w#WIkK+!gW( zXl0UC8fK+!J(E~vz{1?OKmUyVDqa8cFqq4xM!(H%FCrXKRMf=4Q)j;V=Zep)R*of_ z5bZIQCF%>K)Mzy6Oueer{=`jZHobUbP6iRU+U~wP6?iGguEjMhoeJ{WeKY^X@d&PJ zr#`;)NuRhU|2`t;gPOzS(`3mB1>yuq@-buFDvBH2qzHSfKkINu0 zNc4h9hh8?Pl?sLkIXp8E(wI!*VGs z@I!F=Rg~a}H`%L)SVrP2VDs$`40rOwCqN(Z5n^ulx#zi4K?F4D>>ieB^14v4Bm>CS zb^DwyCIOhaIGP#7h%5%HuY70|L=3$esf#^onQh<&5n=9{E$7!=NEt z7aIYU+1uxi2(z7Hi|1WAg>iz?lrB7-mH6gGkB(DIX@GGQf}oo<*gYY7VBE`Rpfk_n zckEma{5niw+F(RElZQnxFL1aCOj4$1Yu=`@nHp%=98vU7Oa!aj3^u;tfqB_&xA$c8 z5dmSpEQ5#a*qV*iB)+~m4H-|$CxzXk?f()hg#K58L7tznq=|H}UKO zHSf`bJ_umpzQs{E-%EPL&e=)=x&-!XMa?BKEK1A)s5{hv=wa=6JS zBFT&HkN-?EEQjPHFE%<^>4OR%8_f(dZsCU$Sws>}Y1N+#>;_ZbinjSK=GB-vC6Juk z=B;IFr#d9Nd|cpBvE>oqE#$EIC z1t3vhuPHJqg1K{sF+d~o-#dkwvs*%?Mah*9mS{H9~b{J_dN>*mNd+I z%K6keX?B8D^(_3PWc6jFa(xo*>vIvkhQpw<&w zSkcfkO&(=PI}Giji=U+n2Lh^O+PDJ&hkXbowIyC{EK^^dd?6WU_4QegJUQ7Vhre&( zpSAqV)M&+&bNnL(toJd9|Cw7QYvW9i)U2pTrl6*AzsZek^%KkjWMURc3_bHiRgKtQ zGKG~JA<49)WMsAU{VeLO>s{$9=~TpqT`nSX5u<8W_w$M*0^`zOfDr`03kAtVWa<*;uga@)_x*voTk; za;T(szf6MDtcyuxr@SW^%gG= z7h5ZB^Fj{$79x6BE*sgHSv7t_Bj)S)1vB!f@&!Lo03f;w*XCMJ%{NX9IxgYmz&79F z;ulGX4|iY|G$zDWe7zKhVW%M_Pk=zu{D)~20yRZM#Af$aR_8O+koEXtU+L(1XFfhS zQ(>_7i?#cg)L4pY_%ftzEu(Bw{3uC5%X)i3j`EBhG7}op22*RVZJ}w6!bvG z2X{?#ID~yKrfHE;_&%`M6rfd}>a~mS zvduwitp7HYK#eLY7JK?u9(#|}s8ABOnT#U|usTwhZ2bvJcyd0*&KL9jF-3~R1HK-MagBI1cn(ZBQ=*=3oZp!+Rk#QC8}S~C(MYoQ7Ra(K6*ROvj{<#OJ1 z8O&!`3Ib%^{)HW3<+5Y|Ktw;g9M%CN5K|twSk_T0;|H{bO-wU384P?12x}_{xaQECRQ6XKfzwQ&BzceP^+ySHikj9 z6%19X?WAS~VSjlAHOIS;{?&ze>)|^D$2l_DygLk$jdOp@Qt%V8+TbK}DMLISPZH^A z)KjN|ar=vWe+*&O0bqaq*`Yk4CV4NeHM%%9InbUek_dKwur5FJ1Y3vope+s%YdokI zZ(@_UVYk?-4}-=`7!}ekg9E3mADV$p17f;myQD)x#6*>h|Lm;{Hs`Pla4Y1<_j5I; zaTri9W4XXcSN5tcl3h&$kvSob7{&fEf-JF7K3H&}H32;zNU`q!UCv3XiSW<6VP;Y`&@_pALW+K8+|Mn zU~gHI0WBJrcd^Ld*wsw?Y)*7E+(7MtOX#u9LFT0YHaO}VKjoU5NxY3iY&pE0TLrre zKK)YKrY7Z-C4&+7)raX%|8+5+39Y};@)PYxOddT?=zdRzdNT^5)>+T>>1xsl+d|V}BvHSI}!kOg|H;?&^ zoA7F1&mL+n&NW;9Z$Um3iu*5Eps*{&9%uy%OCk|HzN>7RSe5gXAqGS+vkl=}!52Ks zJs#TpjhK=N!wf6XoR5agcI^-zEc~g^1FoXi+;$FSq8Fn-@fX9G1FM|mP2SGDpY-Vv z7pF;jO3RFnOidf{KQi%Z$$&x`1~l!51bh3&HN5t!Cndp|-=i(#S>bwguF8?e29Bkr zg|?7?{WjHw@@r&AfjdQA||RlBH6Csn5p zPEt8R;14E;MhyC_HDU96 z(Nmu*+O&8@vxaZkTbyr_Z6mg$$-!f&U1CqcLt4r%A0V(u*oZjxtFsW`()YKb_`ZnUrll=(oCV%{IeupomU@?M(vH_x*v2)C6V49xa z%*%**d)xV=*O`3!{~ep-G%VPQE&e?kaBv)`*8a{I2Pcv7e?l93$KeM%T_5~f@Y1C- zd2^=+bK)@Hh*|&0pps&tH@(T&EzNQ-$*)%xa@KbAqySSuDi>Fc!o7@`92|FF({eO? zzHu}CcRv&H*Zh{0y0MY!-mLLg9v~23O;qOA@Y*M_yKPCoO|6$*CA{z^-@lw>q4=lCecPC(6zCkDf`OPV&p2?{Zrl>q6C$Cdo_Q#^l%|>J=SPJW#O=A zyyA3Ga-2FwacP!N%|39C@yO(#ngR~@=x{I_Pnq526u+<(n63CYC4lWE$n)mJh;~1= z+w$47vO(?qi0HAx&a*C=#S>V#nib_mtH_UhWxxl_v6bWW3>K%{a#^WiiAPBRKKYo9 zwRlku2lpM=I&J#LSC2N)FXY-JeSI;r73_m z>!7$@y)Owi9Zla=?tM&!&MQtv?~&lE*%I^aMM)PhPAVi+ty0a7a^oXU4rbP}FKHqU zT8~00=Y~)Y+JRrU(PC8 z6}H9znR#W0q2Tdze&WHaxSF_5a_8wf`Ay+{;3#;cJN&c`Z}zA+cTIb0 za-ivzi&3GIN~`nhFFm??4ky>*DLZ=Jf>_p`%ia85PWQSW^mSHwhAT(7TESK195s;X zQ&Ek;KDqIxZMg@3Ix_XY#aBNv9I<%{Qb1lT7Z6dYy8+kh3>_q0v;q0Txrb#tley~H zA14arhhs}Ru=LPI(L?7`olvjDVX8Z9KwWwZFv9@$T7`f0B}_0(hN9dY?Ak@5#?HD> zDZn{Y81*u@7Ct?`MZ+}mJwAqhI4DBTrM*kqI^20GmV%qo{X=~ z*fW*&Bym)>$ltvqf5pQb>X%U1FCe9^Sclx2U;rPCZ!h%N@PFF=UxN)OlwoOuO8D< zS9>)oy-*%Wf!xe+jZC-VIj77zt4jH1uP@mKlr|7oZH=u5Gsm{S%Y!6rD4hlUhiA$NXIh~LiXfaJv)*`OH0;=RN{FqzXdIdW%@M2Neu`b0#~oO1P~Pf|p{>U;qq z1?F2Aoe}sM*2jyO)v4B}Crf_uC`PGQzpdyMoealVL)yTqTQl}n6FcYd4bSQrwlLQ<18fNPu)&$er*%p5O!J7br2YT<*>_6G=8}&_T z?#lX)B@nT-OS|ekULoHg=zHkZ>^~h|SeQ<|*gMO8tq2+Tgqjo^4;TiXHb5dvW1>up zTiX^D$`AtzCRsYw0i-R;^=AAqoCm%>t3+UIGyzR zK$=;9(pOv7MO}w%x2B93n5}e1Ng?Ojpm>p3a#)ZrIsb|OUm(<2!~UU-Fcuq+HY{8n zzpb&EStb&KC`Tq!a;m${R6YHt^?6y=HR3a>tj&yLbhXx9i}va|jdq$~P$t<)uk(}E z;@Ppj8Ty-_>YBb=)Et{uiIN7S#nHDn=F0q3CgoU^Jxp9e4vg5Q~oCPnJrj;b?}14pHX=IHEla+u@c~ zLU16ri}DPcy@pZiwTGABlk&f11{DwggXR7%2nWZ=FGBx+Ar;8${|R{H|IZx$1OD}% z%bqTD`1nhkqw`8S;g~;Vo!Jqz0sf0}=ty| zylOIc#hXcuQDL)%wgb5r_hiSe15Vb8A4-9{gvjPsbM8)+mz*RdoQRoaV+uBN2Nw=| z>r2C6YPf0A<{zr8jBkuGl5l=H;S#Cio#)vejS;WrOuB5)&~ESAw5WQu7te2;VywCD z`0ph>KWFpa=jF7+6T$2ZtS54M{mt7ObGPq!(Sn?ohq5%CoNwY4W{))Hro5i0*FW*e z4<|Lm8;qD)bjq&wiAx64&=e`k49y(8M-;E1XxkyJe*PsM46x&`2YpkWxFd$n7e<#n z_a26bM8n@-^iDVA2Pq%dHB9jlC_;JaJiMfSp7x+zIIp(nbM`$joP#fa#9UX?XT@MI zKt@D|c|~#DS~}dt=%kepz-~81SuaYjBWr)t{ix*LM(AAmq<*op!gb#>*klXMY`ez@ zB6hLe&&Haj=}wU+ zj}_8!p+i(SCNmw?I#@>SRvVb`qfUq2)mKr%59 zK2^rvt1wY)fjEr)S>8V)Ud-jA?Y7N3Qh~Ucui)&Ro^PmoEy>zI6R=*E7+GL6)34Ni z{Ac!#QdhQomY09j`TR8H$y|Lx?(RgKY+6%Y_0>%Gu7}cCS2YtYv;6x2>L_H zr#owH(PI8FFn#ys-V_!5X={Q$m{aQU&;yMWLeVxsBMaM-7IpD0{D_Gii|FmUCfc5R z;ro{;-i)#nGF>?R{HOdc3K{LIVG1!PN5MH7<&|fp8r^fJyBZw<*V;)wh399|cH?GL zt8+2_PCtP}w6qUB_iR1?_$|(8l~OjUdhLvTk^ip9s@=A`J<$kR5ccr<&;n4if}_Dt z2qva8OS8U!^PVM^E}Xdc&B%uee>um4&Fc7Ae6u$2ZkDj_;CK)gf3qAd-}B%Ba<&0f zyxuFF&<2DYW9y!p*qHe3D(jl70?buSdi5HxS5_4q{#y&sE^T4f0s7tgd$!?qh4Dk0 zlJ7zO*qS-rnWI_@)v8^W&ZQwpx^;yk^#H4aVw8{xViODjuc1`r=QM&9bA#QfBea`# zi{@ton-Fj^1G7NO*?wwebH)C9l<5~;qLdrhoIdi;YSolh!nBf1wraSXeEVtg#NpWY zQ`zhnpQd-^dFQW`6$>l=`if7aN$6O{vian4^3t<;WQ=|m1F*QHsrfL)(P2Vi=;i(S z)ctOisrU}RO}ng6XyJEv@XfE!yHi%`0W%B?4BIc;3Z77dkQwDf87F>GGI5O#KK>Ij zCn6Oz9|-y4lL|Ym`1dbC&R-{jJ9!@thP&kyH#OSFlO-M3vC<^xvw(}r-m;{!{R1i>P_`)#O*hh z5zqB8&cf5+r8SqFtu4qF2of=07hg&|z#hBKp_8al^b05eC^dF`iWf*w`hp8}gF^(S ze*C6TWpPBAD1Rw^Q`D8q^EK~`cD1;;TlGZ_;V?S&RAu_N&smh2ByRZE05)2kVu`As zH=PBGm)VnUWNPo`+m;;Rxf!ESTd-J@56_i>k(i7>TURR{v`Zi21EW?Rqe;B;&|Gd-xW;2;tE?3Oetk&kpr$D6tC)N7X#p_I$tVz)cRm`6r>j*7 z(Nir%9+Aq=^yYRM`>&mrIWQUJdbSl`^&bgxGo5V@Z_uD5ao~;B?LMPS-fEE(E-yD{ zple<4DOINQ^kulFHA*IUVwstj2an{h^b4vxul&-pGzk?CdAz>$3VH=Od$)a(VL36; zUkf9Th$rT4t?0;Vtea>0D=4c}bruWH>%dj{-ZROzOe+S}qOPm{&tK11-t|Z^GTcMa z_lMkZl_sE%QvBd5ByHYlcTi)XXs}U|dS+AS9gcqVRlaZXUR~{{6Loq^;{V9vBW{fJ z^d%R5aNu&Y6noa-fU=^3^E2}cLMkH4Uoz%C3s*y#3H(rK7CN50i@;Fqqz)N>>GAy1 zrcWE<>ZjeFJpwPJY=LgJ(p82iqN=qi(|zMx4ik5P!=&dCO! z?>8PJ->u|tOE2bfGP5$1`Nqa3eSuV#pRw&~{U6TH0Rxq59|D1yy$;3BRkswtkGuUj z&4hq=U8vSc$m`5iwwn22MA}LereR9KYQ|rnC zYk|@{x&8}N@(|B)G)GS)(BB_wQq}?Gj?^<6BoC>opy!hJGxU;FkpB^FejRc`l=^&f zCyboT%QQm8{JGbOweYx>-~N@w$yw<_FW6qhnXl7BOg_>;;+NR4>m*%CgR6UTV?Uq2 zs))n4HTT$06BRWEF$}T0zjXW+MB3v*2{kt&2s8FYp2kiRMupiW6MXl;XUyC#vlAqP z-5+5AQO5T}KG@B>ZJi{%> zE%39(1Yq(wDp|{-6ZlKp-^F*#2J+_XkBMJ{FH#FXbaVo$Opna(=g6?js15RG2%o&W zR6Tq{WL{ZVb0BJ^xBI1UyeXi{da1yMOV&2_w){5NuVxlJ6aZ&>0|Q}80}qMxK@YJ* za!k-57_*M4GMPP3^CiV?##JOF8#xf*~f1WFRtx`WHvQ@CQb5+`61iL)TKSo8HFn$` zWf^WQ%(vPno0hxR4k%79;qxB6@l-55=IWXeV-u>*$k1!tCX8*VW{-Q>Vz^||pyE$* zKrsfUKjg0%ua)R`T!XQQ)rgo6KGlK(Qz4m`vlNJFZl?&AzBatmn(POm>RuXtt!IsX zn8E#w@6SWUcj>VWDB@FIl)QH~h*$I(&*$>iAsoPK)IP=YZeCN5GSHmx$*~F55(nGP zM{aU~QA@*0`MQ$=@E4?lUz@c>xS246dtWn!&=$=@it7~p-+t70M!2BY5S+x^!}>Es z&Jn25wdKU6u&_iBhsOO(cwo*!^v6VhBWTzA8`oLj7p>J5{5&0ALIE``kU7z z7`ZYnlsqClUO&uP2(0MFcB+buM(3Nb2qSWP|4z1dmM1b-!a5x3mRR{LIFwQnI7 z1+b(AbhX>Dm(+?nZL`;LaM`TMehaj)u@ZM%gmD4=gvteK&y+LYsYBsRm3tykTL>e#tB_$Talylf1T&6bScJUHnf2WUfgtjuM+z-7n<&-EAhf(q-TWJ&Ue_=vxXe64-0K>ZwEW?9m^W+Q&SZDxga#DqR{n z|25Fhc7v5r>|fNHc<34H**QkyIR+Fh9@?dgsHsc~Ss09apqFxXC*I4Tt6>pt;hH=e z(AFA)I}fH7mu@KwMVL1srnuR72RceRxQ^fd-qEhZdItxqy?iCL2yEtgkJ{k<>#RpT#GdF6{QblHuEPX7_!&#{DIbD3)RqLO(YnOGgOY_@wD0CJPj%RkrTP@)Q~2@fqhg z-&_~sWes$5`}T2^uTx@HhGS23qb1bHR+ejKR$onJp2y;wfkvP;$i?=(Pjz4BYKN@1 zx9PgCRmOL*XHkDs)=Qq+d%`Uw!RbOZV8`!GxpErI{KCUB8#oTV_1B6fV2w1?ndo#V z?BS5~+GBVeaci-P0#Q70wK|sKMviCLA#U$(;O47>-;eviH=y!ht`hEiGctj z{shH$%7ahXR*~klB7HpCEd{;R$x@uiA*iTZS3pfzTyq8s|Ky{W`MbeTnY%XJXx%~2 zHEx5}<_T5|1dG315+W>aLZk+Dg*q-c>dZgRN@6YIGZqa2dRIy#cdl7fJmIzqx@_^=^pk~2{e(qV zW^N}zjGjBQ73O^X>#diH!Zl)yy%B5h=^8h&LPez#w{5|@s9glFJfZxvn2x%qs29?8&i{3PhB@t z>0-}IZH}9OXL0l{HZrqBtKEZ^7`nEGb(s?h(NgMH$O4=8gGE1?J$zhb$NT=ULpJUq zahuuZ%2#~+>Sie~cM6-GP?Ez{^{t9?zbBtnu#__eUFLc{UgM|9>e#KaJ%(3rjN5a= z?q(BSKDG(M?Df3bppP=oU)ijOk`)CG&G-n0)p{i;zFqwhpU(7Xf_FM*nHYE$B0aDO zS&#kPqoioKulI^dN8h*@dwO|>+w3;{)IfI9$;D7qbOyh=!2Ekp^s}Y}V^Z7VCgny3 zy?9;iZ*af-?-3}c@@4iVmmMavtz)vi239Xa_W)|B;@;701M8fact=k(c1wbyu4%i* zMiY&Rz!pVe*h%u-Ke4@yX|5I3Oo+%#X~C>!vT}7hi_8SDiM$} zOTNv!GKoRZQ?f9aBMxm@U1E8g%t5XDZA3W!<+BM*ls!liH%?vI>r#s357f=dph~%n zX^_e~sr%fU;^O87b~en}6kyZ2UHJ7ti)W3T5)CIZ>KUn$PLpHfuBZ@2ing}C{iU{a z--3TnVpl^^--G4+fy__cX|al}*V7NxX8SCzrR>4Pe@@%)x~nRS-6H(LvYe{Wi|gQ= zJ&tYv^T(oIt8y+hh%gPG%Ta`|5Y8yP6j*^zKFozgf1rGSvGI zuy$qU=Mg)_m<4xbe`A#iy6MVVLVh57oTLKKX!iXwN@-bO++t2kZ2l6G0s4o#x?1WzyQD^4?9{fxTP-bawf1{-K+e5SZODvctP!E^DUxsi{y?szb7~ z`-_4_?xqGat3rVvZlHKJ^bwob(?tarq7*70J!|Ft~vrFwhqM66mv5{#gOE z+zgMOlSvCC)}_1gxssQaZ7P1pcbJK++x*Kv@c!xXHlS!zN{Y_h;K!1UOh!vhzrGPQ zpu68)K~1a`Axg9+?YQ?1F^0uU#m5mN8FRiF@-lF(z?G6sd%CW;^#l`Wh{8vWx^M0jQ zn=;ECDe4c<*~j3C0k<8Kei(T({Y$2An0S#)KHjH=naz$x+f`;adiuwZ{Z zr4JafXh?1EtEJ=(yIyZ0>xSxbPA%#K)eQ284W2hxm_5i+W*{oHa#}EUhFTg2XMN4V z|Mbb12vj=-d9d151tP^GAs&eG*PGaL?@}_mwpsWb+2{3gDSx``MsRvyB6LG7=^O;& z7uG3#^!~Hmna*m3P%dEA8814H(3OZUoG8xQsZ~<$6E9)Ri(I?l$7+}TUfTXfI{qZI zjyc8;0Aq^)y(j_-mJ+Q8G<0Qvi>2Msd@-qu7@E$0Vm&X=8kMwT^R$yMdiXv4K?+^-HEN>(q_svq?}ti0HVU0iTj&wFc=&vxVXN&AczMncXYnva+WCt+|mFnM*p zXFW|Vv)*7IM=>5==7nXZy|>5_x_IDMXE}^Z4ZUamAgkxi$?m9AZrRlwqJQ^Tr#Uic z&SllyALc>lpK*Y0CMUn(5#(WT^04$)AI=PzpXF)c5@A%FV+>mEQJgwAcb{(D;I1XP zs)h9rh32=|$`6N{`S-`V%D1nYb>U*#w*4jw(qg61uCU=j=0&}2){pBriO`fqa_evo zrX}0olBwWV!Q$)ZIHRj3%P=PIT02Ps;q%oWWQ~=v6iZ2~L0f$DW5M#QfaSvurM+Bt z8EJENv3`*_3HcAAwyaMa@IZKiBm_8JBY}tzre6mq(QDD9I4ozb7bL1{m0WGRuWcw` z`|$~}q&-$7{8|L;!Czish9$JF^tH9&hpr4w?2i!-wUXgQCR}`Ak&M*+lAB<~@4Opu zk<%AU)ARFYF3%5@M#)M`XNFAOHYaYH;SuYIaB@+M&9w;+$~E87kJw2ZVs-6T;+=Fo z5R6JApKM4V=)^WuPKplg(dl{&sq39sry0KF;_^lI4^NkG7?-UshMnP!LjNkfv`JEY z2niL+EDlLGv=img64kK$Fht(mZM!dRBZzTyGY@8;l-Ban%-c*erhdJ{KRd^Uy=>?= z)^2(;dm^`<{w4jTBynt?`rs&!7PtJjQPY50sq4gPN~-jcVzFz^Kep5XR{kuk@MEPO z`7y_`1w=F2t&>oO#?vEO;Y*qjCc8# z$>_y7qo?jB+g!7R6RFCdcd(xn*}Y}b-SZT===+dLr7_i}%r5z<(yVF{f$4tzqA~P) z80}stey1g#;`kDWVq|>|Bc$5^lBoXc-W_NEzIP_UD@)>p(}`mzZ>{BTE?yog#JK5N zxZM%@dlM((9sea(&56C1A@F=%>Y7Kk;IjYVwy^7mg=7mQiwNU;%a1^mVgLUDJXd=; ze`?tp+lp_CfGr{V<_ijISkF61*^F>`q}H}yJ&5CIlMvWFFyoK5oVLgKc%=JouoeVp~gJ--u+j7|$E($1PnAhqVY z+$5YfYsf5w9fyiu+_>2tu7mVA)n+13!gF-PjJ{QZDcOWlw=jt1v3Urp^}JnEAt$k` z)@Cgmrx!apgnpb;m>CM8Vu0aASr6#m=rlg&xs7G&yH&y_R#r-R?~5!54?SH$M~bXf`u6!=&xSxC-ic$pc_&)cu8Ilfaunaua0(B^(Oh|~2&+kUDA zq`=6msth%6R|?2yA@9o6((*b9_?WU$B7#7 znv{Xb`=Gng0;*claDJZ7#0eBIyUJm~s9Q-}nvJ^ofTIzBR$i`J!dp6vxpz_zmMq4t zGF`0H0X$YAHP^KOm!tqyb`TlflF7fJ6LLw)NNHo=`t`;(MnXURy-D%-{)v)pVDEoH z2rF#I^F_GbBZIlSR>6YsOQrNc>&tDC*2C)3JHK6Ug2qipUKAfN0=Ye`M$LNd4Gctr zepf3@YrJ<{rY`;on#m2^{(+{y&wXzA8(II)IHm~-4zBQqEk$Pwoz4TW?>}AGP55aO zzvwA%{v!yG-p}pCU9@E#|HC)xG_iOLyzTh$h? zwk|gsGq@w^BM=Lhhs(hFc9~Udj+5@d%VTGC{OD=x+O)Wc>K8VagX>s9<-p=`2 zGwY@2bZ}baK=y?qP|CY=@PdQ7Uf*(qwQGFEzwcSiwz);j8fG|!U5ij+0^THiu+gWv zq%yyqD?<->b&NW?7+ykFfKny4-(*2uAWq*-T{^=WKE51(SSkwMFmzou7UQ6xx;KcY zZDN)@EZ=c4?Nedp8~rmv<7TIobs?xZeKeYe6txl5bZ5Nrv}?%j7Eb@P@_<5(X@G^0 zhs}X?)$s(Q6`W3JxzyKpmCM$mFL;>(>yrzS_}sZz?l{9ct~#2y`C8Zo^Q|i-Mvq`j z)yT!9Pm1asY>FQBeV)zcso4{jyjz4*$dAd9d3sQ4+}ucLMR9^eCS&Q;?#I$lGoi=4$m zIxa66sn*8FT!o`a;mCC1`Wyq{D?Xe4>Z=Ti(}ztCPM^`aA%?weCZFinlP=tv0EL&{ z8N!#__{9@=B9_SVO+8DJO6ikFL_nTlj5FoRDWR!`Jfx`ei1mfjn{J2*#DT z#)NqNPH-{kyUywUvR271q^_dwTb+>0(A=hGZhc_Hb%*m54phbNOrb|ngL_g3DnL!O ztT4M1-1(qc-T1u1m-3sUZsV8Iqt%q1<6_&Zhw`3T%X_Em`&f8N+fg&K96wg#r}7qnKZrh#vG zZTU|2TcYwJ6p_bkdTX1Lon@L@riL(&u@yl02EmqHG1BOL!QPFymVzG=_(#G~ac0b0 zgLWY5%%-~!gRZ}VbPH0TCm5c0-ul&+h?Kw@27Ok`-Wuss>K06uYDSNG8e zUCA3$W4W00bz8OMljwz~YJ4u!jBPraOZ${sKPeR3KkAIjU;7AdywU2SZ@b-$jYIkD z#NAd|hsRuZ_st~@WkcEM+9thZ*Opt9qJ<=wxik&mQy#N=;k;>`UwA#+J$!i@Y8q*D zY`#z0l&Y7w$uDe+JF64mW}wwA3W2zI*n7uLvRtBM_!yyhmQ18JrM2OlH5q+AL` zkXS6$5J!j3;PW~h1{|cb)!U$y2g^e6;%j3!zI#Kb0gg^_6-ml7+LNXFsU(f^H1VEC zg0|x8JC3O@-StQD*jf<%%T1?^%g75K)J+&+xU~|uflEi%!7W0h#Zj<(+1N&=4X^d8 zds#Tvtn^fdniEcbeaz-_I&=uVE&@axDqw-braqe71J#i7AFly#t|*oez}vM$Lr*hw z8?WU)RS8KM!$$x&m{tEyMBo!p-{BBb9x}QXKk2~eSB-TY03=<=4rFrQJqO-wrYkn9M&W8>SmkC-RWU=o(4DLYpr=^rRnn+ivHB3;~40`gywL*^SZr zS1WSy5ZVBkdksKxrXkKnP*=0^{Y|**c=a0{Wl*??A+sTyfk&si=jZsx;7B3O*U^aC z=-%vS;k-~=Ger>q_|@vB+1BRPrv4xUT}8)&6T;f{G%QYd?P{M?ig2Cyx-8W$36n`s zo1l{Pu4hGdMK>;zezyg6=iAfP}!P zEyaC>xHHYv+p8k3_}9AJ^3r#9V6vLw9F*=#tzK1c=0@C47iyPd0SYz?K3=ZHregPS zv0HA&KFTA^L5TWFkp=72@C7sl9e>f$D<5L&5L7O#?*oeVEj;pySLGS}OiS~b1x!e- z#DBCpD!*IWWPj1f6b1?oZDwn#6PSt*B(ZBen>-h$7RkF>$%>{|O1s$>4QTJjGN?jR zagp>CUdM@ow*pVKhP_=g3L_$BA?q_sgAw){-FBxaismX2i7`DyI{?f&Y2|zJ>~>pw zhu?9DKa8l%#+G1tRzg-G85VI>Slut;@{M0s4r;kklskU8jw2JNfvw5l5;S z%oWr!!Z-aufs_9B-U}&~vc~aQ4(?u@W3}C(p$r)nN7?tXiWRq^g*mRGlM9tZafx_f z*A?=$wJf{VBe6aGjw#<9l6`_?>9ujSdx(s=zSw>Yt!{v@X(a_f9VoE939bzagz{C4 z%#Rdr;LD&VeE#0#%*c^)TyCBdYmwc;OzO%57cos}mFcm4;*l!AjTD`a&~LM{D&v-a z4RP5F;G&t;uA)}REp3|Pv}s&=ob{szuVhth@ot3Y3PcPpEH1cVB}>ZGBk`&&ODqIMR+m^QiiN7=yuMP2dgccGpHN7n*jZ)n&h6}2gX4$?tysv0Qm zsg;edn4o_Rwd}^1cM1O~F zsSk?xm@D?Bj+8cU*tqE&xTK~H2-dsx^6ofTO#I>;$vO7)nXdj9#-~pruUP?0Z$x-# zPae~tB{5MdYA*}P5*PdSLaWuQjYj}}!9Ep;b^^sYUkZUdX$iXUeidKYA#D=ujOo`X zJ2mK<)?Do+a0e%HLWF@v+wuUr^^E{eqcr!l$A+re*$*2L53ZK-hQiWvZ}T}SH14c6Fl5o@=^VQ!A@5#zk*;zmKtFhrp%;NQs{Gjdvh8Yzra}jAHzAZROYmK_Ja){#z*Z9&* z{h_&;nNxkkvb1=|XRw(RTfU;}0OzqwI>bfn8|PW6=xz>Qbf94Rq(alI6&rT`Hw@D{ zzW`M?#z_0ZI`^?v6)cHH@ZHwr@xbWk^{==k3GPRT1BN+Bbz#o~pT^Xog2_ir(;oPA zHt)8W8-{;)kJ8q&VPJN1&@%C~WoC^muJ>_aAqAjG*_M4P zn@q!DF5CijQIlXCk;T~s&=Mh_wD@p|Ed3j!r0)Ex8{w3GP4^2oXsOz)QCc*@;(X)< z1vPdIYwfB^^e^EcUPBER2ppGS{bdzoWkg#AZD3nLpQ(67CUf^^9ntLoE=28WKL)P% zzD&+mI}a0Lr58_&w`KO+E%4I0o~B4qOC%SQ5|{t1?D_D1JZrV47r|io1w3r7X;VSo z%}g=WWL0zg!^gl){$zoz@hC^tdvnAkLzqNyl&j8thiu@M;b&>w+O4qGc@T=Nb;ju`z15rt_obAT64L06 ztDcU^MQNTRMKXzPNdu(50@QXUq2^Yg{pS|Va>Tz8tEUH?zqrH-LQQyIc+|p%yl&Rt zJ*JofymCY4?nl|^+*PX`=GE;Ove@o8sUs`}IGu`h;1%_P8`4J|BYZ)!-!`Z=X|ZQp z4nLht++LeD+H{EfnZ|;^y^HdvmR{n{nvcY|r$=Xm556e}ZBbJ4%gT^04IQEeunwlh!v5J;rPaQ$!LF-=F zbVb3*XbIW&Xt$uuJAI*cZAMA1t08&Ms&G#|3oE?4jo>e}X9BW)SrEh+9=9tjuWbJu zv_GXA#sbJCTT7T3c^}8U@M|POIi=t;&pA{R+1g3YJx(*)hvf&g=_;Vs^4;|P_;*9| z^~TY|@l3MG)_Cm1oCiY6v0un)>6!26&yG8r2JopwM=Zo|n$oQidmoiMa_3_WuETTD zy-G(G>w6efIag^xlYMvN$0@1hW=@^jBzLqWH1_=4 z^6#fzoqnB@3I*cg`~Lg;=f$NC_N)xtF@fe@@870Jeu*Z}E>5gaGKW^67ADUC&tk}! z&2P8kCZng~6bZddTl$-6Ru2}gHmibZCDU$ZP|W?Yo$RoY;pyXY#(_bo&gow+&zW$) zr`MBjoG0V8&{8Dkps>@c$*()x#I>xf5La7o$C7TZhE7K{u}zM3vxj>_KDw?lIMIgM z72bQGZr<*65%i24i+RqSKIyYSkSn z?%KI?SX!kAb;0ygeDQ0$ZqLCN_X%`+uYr(c+Q_jPA_&tCsMmn$= zog?n?COis`RA-sx#Tow8*tAspj3S#K^t=LGP8En`;Q$}saf&+Fb`-CXj z)0XJ^a9vct8XPq03vMehdLq`fRFrPGQ+{>bJJzh2YyVinx>RhIBR(mmytlTpU4(}^ zZgN3+$)V+n(`9k8mTzMYUt?twC4Wf`}kA@LRx=j2bG`#^n2bpC#Vxr?@= z%uwZ6&%6RZjNc@M>Mkx7(iw|>3b}~v#48rp;pffDd?DYOtR>yB%!UPSIUzL49q%9-kEOPL^sJE@^5u z)gL53>*vNbd_Az{=FyZ9R(~)=3DO*RpYB`a!{>aiwPApjq9P(tFd3?Ys)z~-9Kk%T zBV+|QU5j&T#B zg$XI#^)-qGyiq>ztg1dvMWR^P%-nQl)TIRF^D`c*+K2ww9T*-Pv3c;Gz1=A6yGe zq)*X|idMnuluUo29>adxgBw;wYAR8a?n$DOrq$iQhLV8T+qRFmi$FY_KN>osf9loK zFS>#cc#bvii?2r{PK%ab8Sn`K2vVgL;oqz^98SL-h>44bM0?kkoh`P!)VZ7p!EoIl zLif0`gw`i{&@D*B|ZHzgfSekrKy3 zrXu|(F84#fHOS5fq#$U`XfaOa{D)#6gi_H+i&Aga_5M?fWR;wB_Wb^_S0?QkZ1(Uv zp5nuLt{+m-Emw;$LYyfy(Ru#4sW0750pH@^k9P$Pl2<1VE;We zEG}R3%tC`YZiYJIGBv}3xs$8#3IoOxAb+ajgYC)G<^~(TckiI$7ZG$X40mI?kI&r1 zjxT2;Z72IulU#kfo9*i}k}0Tc^)!BigP$B5!Q*If0C`Dp7{2(La}ev;VOB>aRID#| zG;?)-;*qTMaigQb&Y9yFW`wAv5STcZ4$Q#FtUu(Wn;KM!6S=|+;4y-0xn^n%?G_zW zld(NPms=)vutz>OIxNnKuMI^kD5^Y~=w`E$(seK1ro zk+NMq#vQp=ns z({@R3LYL%&N`Bfuw7g#VW<<#R>N@+!`&U38pRIE?9N1mYe>k>_d;+UximWFQ^w}oa zIkrDBVg?ltcB;De2+sruoeeJ=WJzM+9T`vjc3^yA%D+~jN8rdsjNSF(^XKe$LyR$MHEK`EZs21zhf)5WJDLWR!8)JTXM zszabEJ9=24#Ff1bh1?L@`V|zVx64T>wSc!?l^|egiPJ>jFvJ{t=4FHXf#%q$UPMc& zbiSS1-V@x`pUw`LM!S_1vGe%dWL!@e^yp41`-5-lmJW3n8)p=keKv}$9Ln|uo$9oZ z@pBI0p}%mXtT=1M_Q88myjokVZ*@%3BovzvTrcOaY8x)5GITR=*Ig@&V0hk^b<0E% zL^+s>YArQ+StGZlf<^cXhqj>e9J@C3O1|fq9+K|CRbD4HDImy^wWY1|zUQjrQQYSS z@NyG}hI3JulQsFW+R=hu5c0Lg?e-ZJHJ0*c@lw5f!Q$J#>F zkypK9)7`Z65=`0#(>deI+GOX(T9p+e&M;lAtF;H7wcIy|&9QS+d1+Cjpk-Nr`XOPGQ7*<@gZ`J7ZU7AHBhX;qkJRfms&g1V%QI9{W5>#fD{-g%A*YsOZpPtU zeZyz)X*%-w>SA+9Kn-i15H~d?l2is6KQzgIi z`s~6U@{#ryHXkzIne7GqRUus(Z4?)IcNjJHo-kIs(C$E6@ffpTI(Aw5)U!fXFRyBk z9Z@?&y>kS3tXTj8CmW83RIcp~U6l!Q+WHLM^yu3bZ&pTMbzj7o#gO%ZH>;bU5(*0w zo~9=C7paC$-hURqTPemF@P>Lw}M zT&wq^DqkZzNA}H1zucs+-0|vvb{QBfN~wE(pVEh8Q+ToKt45`3UTTN8#w4eYJ#l&M zxlqS7l&{GffgdZet;beX@32u4v@#S{#%AN;e7n@jNdCs%v12<^s7bBAB=5s}^ceffNU+>*QI(kA3V*gSft<;mORq4I>Fi;rqMrBb~ zJ0-q`(MB$~72Dwbhtg3$LeMs#x$vC zxM;|=77uJZ3m@jIP3}tjNT06)354VbL#aDNuyagPEYN@dLPJe+LK)H zav3#GpDXrmpJPL_KXpiM=#5?4A48fh#Bl{bi&c*uBUv(P@scgj%0hQC-}{Jk>-xn? zCKr%YR-eOiP|xwmbVNW%;?lgqaAGCdGIGZ^!zKs8_)>xqCENt{kY9u%PR?IX)+s;l z9Nu*~K5Ci{zo-%4|M1vTIlz;LB3!<%hwJX>pBhQ|HN{aQSJ)fO$jX{V*BZ0IE9n=7 zYJ4uP0q=tpz6!$167D*qhj-R>zhHuAGsWGI8;gPD zfup`YE`m@O^iNy3_qCMW-9TUF-)$QLVhPj!*`@*eRm8#Ry*f4%o#ESE^I-2GV$UJe zbwIT!cGgFXJO0Cs>6?TTyS-{=Ot^WDeB}n@hOdm;x3vSJ4$R$gEO{2L%B=s?Fx?ji6=ihAZQKs z5I>|_*t{fhzj`m?ZOy>eRIQ&OlbywUVkTOJW zX*(19NzIkp;N}rpSh_Vx6;N2>H^=opiNqC=TUR!-m~}dh}7z` znA!OF1;0%0aW@b00Bm`e5`nsfJq*2AD-YScY;@2~0NN8y8c&ng()#B#i6)(N2651# zgWY6_U8QBapt(j@t1*vyaghSeN&Ob>NkDtFlKiaPaGXTH4&801>q$`0%sH&pTVJI8 zU(!P(tT4lGLb!K`!tBt(jJdGdbdGz*!1$Ah5ULIa%ik8ljZkt!G4HlK;^}I9qC;j6j?D11E*Eq z+IRRXko+OdwtJ6+ijL-RCq7*|Gs8c5>&m&9iXU`)%)NAC#D6yk0|+gBr97{%2DS1U zWuxM7?T^&Lr4r$DFSq*`X!2V!8c#q947oCDjL*7bVj5{pWTE{DzhoohV28T$6H!>E zwSlG4k0rv)dm>lkozQl-`JA$Z)Na?}y@n(A4YKe{zLNGNG(vxl!*R0i%a$9hIcu-M z_bUrf>)am+irR4Q!Wu&=s0E^Jo$@^OfAN!wDQl6^I8`7_)@^9U`S_mPk1nPZ#F6|Q^!U-+? z?TG~z?bWU4em}DXJ2Y)_leLybL%jiREn|<>47AlQd(}bTVj>l_tbHCpk$O0ehqG9E zICH$aC-5o0RX~n6Zhsg%wHUSSd)k~^A!{IZh?eN_$rw~oCFFCcmSii&N9M+g?Gm1^2`&R3nHEz;Uzn|_%U&oaM;+G0&`UW zO%uYH9=&Y2>Q=Hf4;2?zC}do&eHL#kSNbc5UmkWEs8Gdl?Mf!!A6UPzY~>;8`nUWs z4M`ouT<-X!Q0;?kuOE7;W?Zo+mkRL3mj?Z~2$3cE>zRDG9?n`WPNE=7{OXLZ4Qc(Z z=2#v5{tm?>H?fTVB+@tKT>nn6Czs_=ChZk!SSI$w#Mt`>W~(x`?-7y$rQ6xiA#CbM z*}+!KVI@~ycmljLjA^ft&^r^*DIE{Q-E0s-zqo1G`L)16ECWhAD=Sed;-aPEr6?8x58p^yxx_BW*%rMmmi%shF~G{RlvC7RI2l(KFxn5{lEmzBK1UQ7)MrJ|)a zl9|*>XP0WRE+?_7B{0FAByQc3`>%6Z!AA=yAy()3c>gQ9aHp z%p$pDK*n?S;`0NdE?fAYBp;5*U9%vgo*B>caVDW$lIplW+TSB_% zmWQ6*PK0V}I*Pe>BX-Sdu3uRDEC0*$RzCV~xFb0x&iVzfRy>iCA1@q1*PRDmBL(1efkh%v9U4U1g$Np`FS2M z6HUVuYXt3yQqS-c>M&W;!p-d@CStmo?TYsKEabr6^GGH0sSNMLkB)`OJnaPW*T49U zE4JH+fASk1!e9QC-_T3RZ3d-KIm)T6yTr=|{qGEiCVVz%U6HGJY-Yosb^Lelte<4KId&|erv7E|fJ9rIHUH~?v)SIp z@clEJ(US!?&;BnkJIF6o&iQOn(3NQiQ6dG@qM4{IaDEsBJZh->%zi!_(Kor8X-1@6 zBfk!g$459cFIOviC|@{?KJh`%nT0QS(SLuZ@N_BXbiWmHXEP&Bi@3JofN3Qw3=Klz z7TxBvOZp=C3ItOryN{KZ&)9a9tT0`^X8Uu#7 zw_Nwfwavx4E!I?w{*KDp8bcf%ZGd_L|E%VbB%1-4e;3Ar#J_CZzqiFZZg_Y5(qvf$kDJ>l5(MO?gLS3w3m0dJUXeJ#Tn9KmGd*?`=f>(OmZD zsNdG_&h&Tg6f5Na4?B*^&u5sQJ`j?b<7)LjeLM2KBph?eWwyB+U6Q+<*2{}YReB7$ zybN??1NERwvWp_EllnM+R3pmp_q}4{QOpyPlUu)cQgl#pQ5|Sdu4e-!B%|Rp@3i`a zivqE=7CzN{LMq7&u%sgYO}Q!%_!99`H(#T!jKhgN_xD*MzW#rg>2(_|T_Zmd{x;?Z zlMgjS9OfD*9nS7^IlxUP- zFV9`5CE|an_Sa>7kO~iQrjR7Bbq4Dgj&*%|%UJt$ywFn*-I8K^;`o{y ziS(9b+-ldusqAw|5IP%CSnpL{Xy;FlcFM)4v4q4`%A-OK*YP6D_vU@B>!AK<>->3% z(7>eYa%+acT=Orp9Oqf@HOrps!GKcuv-7pBt}8uT!={BdnE=4Ss4p-o@~XL~Y(!pqX`D?YQe5mQVEBAb zTf(UewPw+@;rsqiCzk%ZuQm0#H&d6HKyl-PIO;MQaVX@(c=;Yq?_R za;RFETX~9$+g6${g+RA>^1QX&)rEK84&X;UkGiu$*CSE?_#Q;<9hUlNVaa*bVzuU? z%_5mlBTRU0e;9mg--SpyMp6usuZ5m2E}sg)4weoyOAbIVgQBTM2+q6b;_MJYs*j)L z9>sqtMj$Aki$0RMzen2w6tS5~O5E!msN}!!O0i<4Lcb1qwnk)dYFgR3)J2xOy6}}x ze~bA>WNYeS&9fT)%kbD11KdfMgS|ows$&P=`LK`89q1IYdciy#{3W9t1zGz{!_DEk zIA`EVla-!g>0`(wa_UB$nPVD*H;S~o>bd&;P~GB~3lFja4RBaSfqc%nV}`nvuhZwh zM}NSVpk@5nwc9Q=*8Gtq6}47 zo>*51;V6XRaeoHu_TX<>nWwJ^F`UW=1~V_96rbhagmzm9zq9*TY^ z)0-<0%*y?oq zdm&NEk(l)ENbB!zZM6tyoJCt(eVPt8GOHfdXQ5V}sufMjb3c2+F9d3r@|Ps_yi@t} z%X>2t?l*u}qvq_v%;I=d1L`j85ICM2U2H#5tqyZ#*%oI+LaHlK4N({!t4e{dSIDfD zpvwX`_kL4FH(hYYeIu2%y}bYGI)t_)Ovub{cHYZLh)UW*-yP&G*88Q#hf}Z}CK}*y z5jvLouu}~oQc5)H7=}=TL|N|95MCq))oQ!{JEj~-iPr`5>vQ2Wkt!?q0K^Z$azgS6 z^JJjY26%^_;JCHY?zzVBGbORAn9!3>v5Vi~o}bv{kPE@?3H#|1x#gSlR$+lfSteOt zFa{SD)sV#WSg?K$MDVafN+C-hw-D38^82TW*HW)mzc>V9p<5LV2|Yspy+=V#N)TjT z(O5nIy2G?AZM=h(osUVQ_o+=urKd2Lv-!8R3^uB$0KcNdNp4Qw#kT&u+xs=LDD%t%)~4DolY@pw26r`riV+$%}5X&Sv2<>77U9+;!1X8oL% znPhTdpGVHl5@s=SA08~hwjy=vF;5c3vZed_pJYKxrVIx;cr>Q4G0QszfPqh)swgw> zC`^TyB=$MjNGPO_LntIv%_@vH*(jL>>`cE;ATP+TQExSiVoe@*w(X^P1!9nw1oY=4 znvl7Uf3IstdRRkYLMo;1NZ1oOJ*{*jdnZ}q2C7uWkV2!aDlE;rui^t{W>;==U7y~C0cdMHH>{_z& z3;tJkUl|rFi^#a_hYMvV3GUz`@64>(yG7Tc?KNT2Ql_hePbKf6UEUy7Ck2RoKz`0?7k^I$ zzjWl|t!YM+)xnhWeVd~@E*M_;g`mr5J8{wev8scNg^ACF72CD1DskQASPzT`l@CUV zdjj?G6>)bub+LT<&uq0)p12=X;TxXsaDq<0H=)vF>&0f}WhfrJRf2}{sppMzn78W; zDiB_7UL`c!o65?fMnp3j5a6%vfbEaem2LGMtn>1=-4QP>53-quu@M}M+?a(u8g)20I0`#1 zkcY7ePre3eTrFvH#5mk+{w7-(#^#@xtTgeTRbwu&)^B`yNJv**jqpD(Q788g^}n5Q z9w2_`%>j+n#P?R*Jw0hVa_?v zO%lJ>9mg&lkn#^4`l{E<$vZSVJS8uu0%0|?H(&R61v-S3)~asETVrN0#wXn_##sl> zlOq#)YkgI_8B{HvJbNM)iTOmAZcI<|Gf268pC?wD{L}ETgfe?e2gOl;-Ib}{LLy~9 z<}cbk_aRj*Q^b&7VvDb53!$Ux*vXKO*EW%NLYwJFZm>F!ft0?QP_yMMwraBps6`^-*5L z^EV33HA4&2QOh61a@dU-S2+`lv}i0@tT7j~&axd*&p;=kx>YamYegb7PcLWkL$I!| zB+J~EJ()?$%FP4}_`PJ~5OtK)8$OryX<&Yfvc5;w2F@v&7yG8OzGIe4S!Cq&hQUp- zzUDQX{3Zvy-geN}FTcG#wV#}Pvwun%-R(S0iZqLodw1R$TH@)LR%NCVTPi_T@@S)+ z1$RJehtc+-ANAEyVp|E-$K|c-DsGa}ip!H!t+Dv{tlcJI{mp#}go={y80O?~bjT(JjSb)_%q76&S*Nw_W(|aFE z_I9p!avTOw4Y-dtIf!@KXp-)r8uq8vCL8~%w}rH;j0iMZNCF&opx9}71)MH@fOo_g z4Aim6;ceOXSOGN5@L)$R(JwP+0mD%8cLcR(nN`E!0|U-?U65I5auGB0s5+Q|{pqvt zq%wzb7twHGwB(%xQW7A)jjP85)C$6W9e`yXJT{|@#Y{^iSc-mCIo5s;wQeF$IT9lGlCqKV9D*N-RM~uv4 zS{6xRUgWSswOZ3qy~9Ykt*;m8;cy1M^!=p{~}I!@SmwDzo4NPo9mc0?Uh@r}eMBynOG4 zv9@0hG0Ztj)9s}MY1)F&tg zmG3-l?_dVsPw(VsCT^C{7p8O6veA(R2U#b!F`hfq9r#Ux-L)B>ORA^IBA?=vjXP~t z8yigkReU9}{ZX3J+Q)aC2n29mVD`3xAD^sFW7zkY4v3eu_TGdhPD40HNx0$mpZBso zX`iCtflu#&6CGA?95gxI>*@@@T*}AUUV36!_pfljZV|LTwrqdam#AE}7K(vE#QI2; zl7&iE6iPnsK!@7-iP~!~g(D3M|CZ1B)#?G5drj2!ToE zu@*)=?&TYpVrD_Ow zHCX?y-65a_AVot}V#+htGplK99=%1fPe!=gzVXav*sqI)T7+=vl7R!Uup~uDR9_== z8}u*K-jwrlQjd{^#~Z9QLO5SOv;imi`6UW>0J2cVdyn(Qqyp_FQroUV=$O=E;-79Q zn~-{CWq0)QzG1O~Tks*2PLg2*FGvJsH4UB}nN}Q|gyiIux{LVH&Ybd_eNKOjanGpK z!K_a{#FX0PEGg#vbp&JNQzj6~he;syoviID_=ICbiE06<+-n?7_>utkocA~b_Bn)0 zc*Wozs#K5PK|+eA%W*XRh?@TeyneG~%OOzYZfTACiE?D6dNOi!aBH5hFtpwGICa_iH)l;8mph4qAXa9@9y zX7XpuyWZsF9FD`{D!C|G4^}Pf+%5gE*!Z4>Wn)EmV zVwhVCF62GjZDT(uDX9W%JecraQqRs+*4e%5ICiWyzSACPjzP138Hb8h%bj?b0c}Hcr#^nhyWE zj>VxFcm2`si@Fn0bA?5_*8}ms1OnDhO{Lsij*>!k5z5*|cCu1ym30s39_zUs=PUb- zr__^Y_`cYU;s{)KkXpUjmW}0z7?J&+5LsrXp`L-EVJ3x8m(Pwu61NIRS?z$6<@p`L zgyNdd#a8B0>o#pxi<84!UpV~b`i@WE5RF642_gi^4D<{Qv)Xeg)aYGZW}YPy@j19S z`&i;{R}b@&XvHLf$tg?~>U`iVnrHJJ-GteW&JdxU*#;;>b5yvse~z&+C88Sq5*Atl z^?<8m&GARwMB*&J9*tU?i>Z>-$JW4&@nu7DpW&utQ@)G$)}So6&-|R z%XdGQfGs1`H`p~7-a!o;fVvC%kNn9AjUYaHGX8j`V|rQb_oVGLxh9{5B@<4~&XsI0 z3JlC(+I)Mln}isMn@D2L`tL(Z@He?Nq!gi#lP*{ALO*=a`SrjN_py0Y*v*MHhgN6t z`Svd0%~5U;yMN}+$GsBV-vtUU?y@F(XMYNNf4ng?hn!r0M<5-m63JeoeX62s=&C!n zc9C?zc>}E|vrk$PVE z!?rDr!LYS9zzbfzXg^#VP?j(l*S(p`xw+Z%KcGeK#^T2R*JIig^jIQqKyNMoEV)}60FuPUISRRpa5UuSPo9E`_o8wp3upR*# zxVeNUH45w#+E8WVC8TaCqaHDT3%!8|cZ*X-YeH$VcKdkr{oi3-norfhzM;tE28f9C zP1dk+<*m1t*qR%RqtO5o-WTh8Zb6=Jg_*<9+2q~!I!x#S`nTq~n*Vs%_kR@B@+bf2 zpmvS&1(1JT>|R9;p^)1=W%&tFTekeo9PV=c%P}oi?%&3=GQocz({d<6&@nLN+Mh;Y zuVl6RP~Qv8X)Mdhs!N;y)_SONw4OHozGP(@-Y-Z*Qu-Vp#F-dZ%w?+k?rN>h=w^&=Wy~KQQ|AWN_w-V}EIb*v#OcVr8&h>XyYJUIcDx93S1~k5 zXud-fUDA{Kf`(1PafgBMT){b%u&yk>oSB|Q5v#K!80tvXuVwaK?Zr19Era$YOIn6R zHrxyvIdK{R9>?y1B-1y-MNsvG)aQBOklwS(DOAHAE}?8;mG=}&1@t0Xcm#zgCpZG8$T|T0VIJpwG;Jr>)hK5VFACZ@W735cU*tqMq zw1)j_m_0&q6c7zj1#96J4+lpTlj{xAK8N|mMfZ4iE-VH`dBYm^wy7yc)U>Q?Af#V) zl^PEnI2~uI$X)}_YikdpeXjm5`hmh3z29*5r=}ZS^5n%xYQ!qu?n@;7IPL3)=IvXyGe|1__gUtgLBravfq{V8j%B3W1C=&4~|_ENaRsceShx^_@0i8~E2Yg7goG=Re%i zTi+o{TpNlve`|@YVh4zOd*|35kKZre2SOHe@Oyf1Tb`@=`-%-ax8S z#!bm^W%{Xb**`}zucRMD!(Uup=s`#^1`FsQ=R|dJ)0TWo8zH zjk8IiV_08S2&8iILNi#9uMhA=DN7<^#>j$+N^)CyTRU2D*#D0EeXIU`b z4zc^hBrGZdXYHIFs?XE*DyM|*1WJgb8Uje8#qg>mY7lyYY#N;YAI0sh^~x)9S_Wg; zCzQu|pQ6_?N^#nDGVSakHan4}dELraz@Ci8&V$&zC|=E0zP*x4*qSU}xY6pcTJ^;6 zG$Z$cn)ETxvn9+-vH53h99cfTz3N#H)a64s=V6sN!p~YI`yQLe+{0=*P1Cd;-Ts2v z3;s_NKH^MNva-LoqhDk}i$GXObY0{$B#$Jwnlda0KEJ6@?Q5<4_%0jfs%Heqm|MI5 zjrd#dn1z+a+q6M#Y?V54z-M>sZk>6W_uKBgy%{!mi>!hA$4BZgjIsltCY~SyHk;(+3O3puUY6EXzHKGTJk9xhwG`HgYS&w!R19Be(`vW{PJMy?GX-JC>P|eMio>SJcDf`}?P5 z!3pivi1VRubWH%2JTCSs8{8OLm;C#p?YDnY^C0G`w%|_M%h(=&ziObJgkFMGpV>g} zQn_+Ro$}_+Dr1>`yvkrmrVzi8vvcpJp35AfI}KrcbmGfY4nROgUGJOqag(jl7jkm? zmtlwwhzH&iZ-wzm9)8!`nn=ibF|Igr$UzI2A=M|RHn_rUE8u*!EAdM7l+6NRd$cl_N>ZW-J@|mbZSa{C)w% zRt6P<;o(KuHy1Rwa`nvoN1MJ4OGD+UnzKiq>2gEgpMnKZ)Ik-ah=U%@IMF^+{}fV% z*FSy~BKm2uG$3%XYyD(bUU<3U_;3p!zA1+=IN<5$#vRs0eGV7pWy*efp4%^$|It63O$OCHB{lGb9Ezj9e@qNc{MZ5jfWox+vZR)eo#>5_xqa1 zX_O}xDh!~+n}JK0>QL^a-xEBE$nPWF2x@vivV$a07zR zKGr{IemvfIC03J3YPbOb%37PfA6JD#F(9aol!>S1M){}fVasi$kMjZ@mr76s3@^d- z(#VZxkl?aQ$7DWNqd9Nfho$1f3bJ{?&w1M&M1`XpNyn@ut5l)x4j{?-8Wzf&dtG99 zWg)?b@M%t$(tU&TU9)h1Kam&tS7*6;msx4%`0~w5?=2SxW;MTV$7_E4CRrurj(gk< zOM1)|Q9!;mc?<*E6QwSE%*1pld~waIt+wX_y{?WY_pzVCp9N{gpC z1#$&JzlUDW&RWJN^B(*0n-X8xD+7$!t-KI+EV#8K;o*+%0^dUr%2_?Q^;P6@yF4-w3h zPYnk14nS}@29A#EM z2t}{Hy1TXYRqjOb+viMnvta8}llsLKvUg8YtG>LZprzv{s|X2wR%v-kwG#hHk6HVetsfL*FfS zIv{U>C-yimT7XJ>-%&6ytnrmdEnIcw-q}QnF>+)e(!9F&JUq^HRdM57B7RgCM^~89 z$L9kevv`f`eLw@t;NrCjAqhnq1v=Vbdi~ez>7VF@2bn4&j1t7&nyIA(D5=>WC-{Hj zC(%))Ln8^aMQOi-lW^W%Ta@wM(yeXHBJy*H#^n%XZ5l}7_jze+XS-kNd4fsd^s}Ug zK_dMswHx&ro$0>)j*^(++{7HbZ#ONf&67ZF{*^*oMh+ITvJ+%b54VSD|DIX{qyhgU zvHAzeRJU>3;fuW_;*b9H^<@-V4vm%TD>h}MG-QodD_lLEynO0ksxZPCx1!p&}Ada{#K3 zr%cp>mrP%+ht8J!Wg!>9Z~F?8JRhv6y#Ht*MDz#Xt8=0#5NpY$2E4ML4j~TTP^h!# z|A&bjhma*ulQOM zO5z|`4gf8W#EZEYdw+GcxFdaA5j#5L?(;k}A`XZ?F-eVrW6@I6ITi`cIU|Kj)S8N#AD`l>8jtGkM}o+5$ceC zL83z9QRTE*;Ds(Yizqs7T#1ZeTAm;79V_5j8%{xR*2hzU-RK`C&k9bzxW!)El-JD) z0qoScNY0H`e1db>8jVxJTFobF$nBP3gN-RB2h}8o#HC9Y(G}MRlWSvZ_8iTnj|u76 zR?-W(^`1~HoSFLa+LxOTC3s$+24_Smi;Cw>3TQG^)WJ`(XQ35_E}mog7fv0yLDfv= z=B#S)(R5#nhX)(HX}~5SKueW0$dZq7#A+Qm`+oOGz8-j9NVh072evj&oOX&}^9~9Z zDzLKj%!NafOv*xM3b^jng3i}BSNm4ho|Mki?vCc1KZI_@LxN##i_zmAZl_}op{IGk z;0uNhUHEJIZron;pC_#{Bav1$<9MrwyILd39%Mvp?Qz+!8Qf)~NQk3L`+8)J-&rxApA zZf3-sCp$B|q2rZ(Nz6#b;k982HG->0s64AODpF5Ku5oEdGDM5!kZTbzpp(1nycQK& z0kyErznV|ygg!u%&&>b;bnielk`L_d(W+^!rF7R7CjD=@RpFnzYLL#)kC)iu36QWU z?alau3-oK=ivgxbroS7gSRHou5a{7sGy>DtzHQpn0r#Aid9;ZdDxkVoCNr-z@@!+Q~1%0V=b_0dL% zh8=*&n!)Lp?@!*R&g2*@o!X=T`(KD!>A1_hYwuotQ^8O8@(uX|i5I)ag|B!ynHQ2M z(q3btNW3JWKR>S~Oljw5EXDMiIjAx`PTTKqDbihG^jX@bn&DyyjZ5;Ze1eu(-OB4M z9Mi-%0j#MV!xit23HeIu;rFcmYqLxPShwoxJGT~zDtl-L5 zqI&YxO~F3jCMi*Dfp$K9sj4muv?<1wzCcj$^+6bMP?lVgsx9+37>MNdD(*eTj`ma@;M2_6U+3NHQh)J>eyH3lt)L^dtu%agHFpg|E3HFf%ou$G zy0Xga@7#vcPiOCUZxt;LwfA2t_;t!rNDwd@9^U2`Q0UEK3%0hrce`l1NcY+V zutd2}fjL0$bTc|p>bT-GpE9p4HauQ;F58fhSP&9m#gnTuLCUB&Xvaz*A%AMR$S8=J zd3f3flhCH?Ap@_|d zrvjd57rc%mp=45FIEY1$Nv>klUUzp1z5H-DZ&ZxYTW9_(7H!YN(3TOf+2~>!Mq#)Pff3u@&X8^I5SEZ*GQ5)(sd$$|Y49M-SP};K+1QoB3%uhzdBY(&XIzsoxr#P63!eJqqw;_9L=4>8un{9n5bE4 z2yh!3&=Hji)?A2+hAPX~eA>bCPveWJXo&$M3d!t~a~Gk*(`JFQdmH1r>yXEC9|!R^ z9xkZNR!~=Mh5GrsLF;2SM-^c^3mzo>J`9=8wKLQt>Gay}Ez)Kaq|KvSscPG01? zsvUVA=^IiiVoC|e_0FfsMq9b;v*qg*6_y0=XU$e$l#4{oGxW5ZNU3k()Mv%0rO>ZT zIX^**XBrvh5D}bg+o+|lcn0QVwbd1MZaOg=I}K9`ef!pRY(1=`)=+)M6=wdK`;yb5 zx-no}DqkRSkA4Tl15>QEmcES|Bp0Y(&}7 z7IzLi>sQl)^KHK^@7bt6S5@XQSNqO=ok^e3Hm>~%uP4nL#QYLT4@($vi5+GB+m+ zvbTSMOk61$Th!R^*A^?Wu9!`Po3R)VRI=5^r=Fvu_0BU07}Z^_&^N47Q+12eJ6Q+w zQ%MCK!pm75CWsOiv$A&hQa7pTdi$s2(xUtqJ<+x`D;o8>OijQmdp0Rfoi9pOy7zYO zR6ezwxC~7+)=|!`-@9Cij&GbyPr3Rk4XltaZQZmRHL}(9-Qca!yx)CLv}p1%&uIhj z7oZ1;lBb_%O~W3xf@P`-sY)rtiEyBbJgwt;v`+Ai}ix*@Us$)*y1yZS?&w~MVhVylVd{x;=kj7U>F5rjO!DRsFfQoHf%2tx8O z9Jo-SZ#wvv#&bDIfxFVU9H=H?U{m+?#`QKgx%~eb7aD_f=luN}^`93sQnCE4LgW;J zPmB(d^Jkk;)vtra+VdA*UGfx2vP4&yw!o%CJ8^GB#3`S{QyMH-QzIJPvl^1!K$}?A>o>wGlkkIQ>{p5J# zhiIGo+g&}@G27rgA@Tk^FAE%5bJy`!98VdeTJ3)VevKx@7_ApnPH z#pEv(jO671qJq)oSO(qqZ-E86!ha7~cx?Ay*g&38^Q9HtF}=2*kxF#7+BgGq5=N-M zk88A*Hkxvh$N|kdXxU*3q?)!X4$M@9#84f`k7lYc-@^lYR)F%BHmi!Sz zTwCJU=Lj+z5po5uqGckh_kBDd*FYPEg6hjQAkeY+p}I4>RdeF@2XR@)t0FcgeMGJr z1JSzNOT@ufIX4+N!oY~c09Wb+yu7!l3$w;~87X=)vV^U8(_Dt83xV(lOgtULyo{DJ zq}s}Snzj#q%#ETfBOifjl+WwBWESh~x2g!OkGQiF>(wh^Pu3Ht***M7iRg5}EZglE zSk_>>g6uM8sWy8OOYJQ400j;8r5xybLL#=`?2dDKXWFagyU&Y@h%x!~pdGwClO{WP z4fH5z4LpIye;PqNgt`$pGofTR_7iwa_pyR@@Wy03G(W;>PZgp-7 zLeufbmELDZT4|HnAIV5ah~;N&4-X>EBLRS_8nYeHuFjCyqIBw2y+a(9%w;lh+m3s5 zOeMeOEc-iB8ns3izVe-Yt&kWv1Yy2071kr#nl5HIg0b~Ae=-JZbE|{4zGsItCX~bG zK<=+7$rOi%IH9Za&1E3HdDld(Y*J^P7M6K69eSfL#kEC*Ja%$c1*_<|eZy=S$PySC z+7S~3jn{m&8Mj|q+hi!Ixg7B;Z1|1eXh=M`0-cq<|5YyELsUac(}{$Hb}kBdC;y8y zj#Bm$ksJ$aDCsxu`sSo&p8ioVE7O~a1X0R0NR1pypE@UpgKCJGGqNZ4l6PuqWPVlr zg;~C7>O(&bJc?wFrFb|(c27fJY}C@q}pNJm@UHKRDAygczaA){?PiPdqT z)7Rb2m^jN69(nE*-=2XY-L z3Tb~48ch^|synZa)p@V#H%AM|T-=rP%q(;BavE|7cK4#WBnlLnO3byt=Wr0=J;$JQ zs(EK6@}{f;KM6m~i20cyP7w;mSFNN{Wp>o4+EfTrj(U4_pN=&R`rHqudFo!^pwU7O zl|A~w+8}e$-UNNCq(Do*DW+MPhy*&0f|5&$6+$ApHjV)n8Dl8Zy~ZQ?K{X@tZA^Za zFA|8XdsnO503RJA^+8lwTSg`+J455wm%93PajL{<=+Ch3l0RYRaX)-NFG-}L+5kL$ zzvo0qM}&3$1voj|!2}WM=*ta>Z&X!#ZUL{m3T^CmCCEyEuMeH}g*vIzN zCzbM~dP^|eC5x$KwF%(b$=-g-r1u?LhLtnqR|`o4@h#ReNtcNXtd_HAI>SV-NO;Yj zmCKsQXGGLU7H)}P;ytCaO8;Qx;M1i}$ob)bA~VG)&@f?(5_B{)ESAJ(LD$8AtgE+C z=ejBDJ9@g>%LG7+jghE#9{)JbsH}7}T83-ysf&XjI8zO;7`1)QqwWMKUvfRzoL|^u zSLY?K4CH{9;%ma;Kz7(zjK#)!#)IHRu;i~$#pwZp2tc%U`)NngsG=f4)tqgt*Ryq4 zoX3Ba#Ez?xU1Jm7y%&Z`#1d>H`jy;ku(zkw?}yU0D}!C{#R5OV4gacM_n6X4&Nt4ou?;=e;6<^yhEj;D=Ar|Ls72=?+pQrap~y&aEvjEy*c)&c{U+o#*`XShzH@mT)yobX1G zTQVFR)TFw}TWB!c!e7(cR4drW6m6;r;%XTh8#R3PB00jRu#;A7?kun1z7)V!1d>lp z+cVqHXVp;XD1rGRRzdxRblE_>guT3`sq}1v^#E_%kxzB~`wpp2xkt+P`rTH$f>9FTv^sGjzN`>}X_3n}PE>EKP?735PWu_z>bAM)Try%g7REnMZ<_^FYXS|w=Gle?lm?DFYMC(D*qg!HBMv?G$dvZEVGw>q zKrN0IyUJ2hKhqP+X-2&6?KrEV`t>-ijwhg z^51f2^K96v)=Wk9EL3+dU>KQmGzT-t)sq9P2SRXY9B0a@qzXPwPa*8 zoxcT|V#`|V{9s;7bd?WdVk{Qcz&01>9_DTM4%dqY3D3riEnTmH`Y_AmuNrixVLwOD zdu7Uif%_3IP}-~rURqlm`<@-kx7;31QW{x`IsSSX;aOs|x*m&{TdvSZ7hnCw`Obmc zZES4RLr>9ukZCe_wHICAY&s11ks7g=Zn73`jen3;?iT+h*V&Q^7DrN_j62U<-B`Y~ zWnj_*x8`uQ2UD&#BLfe#^4n<1%QhH(&6tO9^WVD0{$SdX{zn$Ce}OIkcO7KX!cbv^ zW9<6i`eG**i>#1>FqYzG-60`0rQ`fpwy=lN0skp8+;;xeZx{*5{oQ~GR2WC@1eQ|T z`q}@A)m-CX&g->;AZZ5744Rm%V81W{W-Z%5o-5Jq_6ok_wtCFu`Chqax=fb@EU7Dx<()e`Z8$Ey8qi|Vw(i1eV>X?cxVE8cbUE8-*o0;l zX5XkB=3=WlYtZD#5NAxkqzYkHR6r!TXJOgtS=+uM76tKDCdj$!^R@3ayMw7~Rt4!= z^z2UGI{V(vEHfn5UE~#`cn_-{IpDQ7LTl2pjLHd_W+DEcWNG!Flg2zf{L0v63Zc$3 zI@e>t=6PI0ivt8=DQYupJtnJBlC9Npq6q>ylcO?9y=qo(vL5JOlApkbZi*< zE^oWsJ}0jYu<4)D*dY@{1fLD25q?W3U3<5599zuUDq{X)l7mD+qVsM(uWDN@k~POX zzs8gRY`HLV=YfRlS~AaR>3M|$Uu+`T2g*}#u2~hr!_)bP_4S<0jndg@cQ7#iNEjH# zBY*7^qu_{8daa<@5Lr4ok1j z)~8f6pxOoqqituFrOCGKh_sjAh~DEh{EeDTggW}~<(Qnje8{PY$TCtSGeoJ>Ht@JR zbMkiZIFd3zRrT&sg^@5RBUjF{d$#7Ipuo^1Ji1uko5hQi!uyvoZQNnOgXR$v7A(m9 z`^gCh;a@PqKV{?J^}WlaR{ITn%U{S-MsF_x{o`31WuSN2Tkv@VR%Ew+5QGM&!=1-e{Cc&Q<{3cdvQml5LBN5>d!X&=+@<5%j9d8!ETztjXOE*~Q;jB3U`aQ5Z z!mZesu1hlPWoqD}NS58k=>Wkv=c?&7Q!!91Pha|FYl_kM_dV&epPu3u-SWG1+<7dk z*YCqTTBk33^A1P@L4pPFf7f{4$IHMnDg!LwaXWA4ImaHycNU7LBIlteGt!F~hyu1Y z} zb893&6Ko6`vYbbP#SVdk($iczDB+0q-s2R~zqvUi?x2k9se*vKPmlmSrDD!l< zjVatVf#?t_r>X}tKHGc59<*VLC{sqq~#B*-lz@q`V z$%n%TcsAJe(LUf6wm)rl8jDNT-yC{b11obQKiBsm_y7=8xp3MuFDI2~5uJ$Zu`I?? zzrL63P8z6iaGBCE5{8qYr9$+?eTRKK=8Nfmw5+YK&yhTuX#oJ@l9G}V65Y(%J{uyv z-6uJ-)2C=g2mm&&PNs#hct8z`SwV9N=ubd`wlIrBDQD-@FNgZ^{0)K5E4}XZ;Wb|^ zG0|qk%rilQlES{sDwA#;fY{o9E|u>Agy@AMA-E>zdv z9{v~+MGYc>`AoxH&dlt-Qcm?8xz|UJ6HbDhz3+faM zKb2N_#U_w|!t?VrKczA>;Q51Y3JPvUO?r@xl-SbCD)q|h;9rPz>YuiIR(t(yA`Ln_ z#3@({$MeAB+b~YP-8_v-!}x3p!V!y$(g~_xVN|rHQH})E9bB^=%&NpHCa%XP3T+K@3VB5sR#8x-B(AWDWc_!yH zVp7sZ)4{0C!D!)6?zJWlg>SyPj$JvMXoG%Z$!CkP(wQANx1J--ewx)RlV(Sh{Wvkg zoTV5g=(GN_XREE8(q;eZ7(TMq96as=+oc?YN`|{1>yj?J-|gHS=%Aw~y<_IY26zXS zgd6nDpuC0Dy?~W@SeHj*uAQFBeOqgTZ8%Dyo%dH*nD{3dU-ixEAX>&B8x$@_6Ldsz zt((nuD!Ub}P8uZzeW1}d$Damy_3Y?|+w3`nr*F4k)SEjj#!X-j+F#ZA56(hRw`)V}Mqu>Yo>%%w}3y zy|{0YPR^tY)uD)TY4FYC1i6IloHg?y0(~&L96_G|aeoAWmn1$20pPy6F0SDd5<(tk z;vyr-Zw|p;-X6cp=U}}Rt@Z~ZHiL(L(gFag(uz;7=i85QX#^OhWeqs(3m!1I^krCF zef^0|Y4_rFrSXRnvM*VJKPXfpC6ylsW|3g8kE7&Uu|TeK0#-cE8tjB`W~~uoJhaUb zHC1)Fc##e~IbKVq5k#nKmbK_9@Gz^rQ~8FDYfz@TWazKV-++}Mjk5T46a70P9L&R8 zIhz`pwdQWGdq5JGUm$C=u5w2s&t~Xq zlE$4B#*FwA`UE=B3w*Ln9DHH|63Lo05PswRCD2(AZNhUvV-UL={I0Hp z<Zqw|=W6!pE@t@3eC}xJw)>lm#^=Df z6^ekIi!nhR-@05V29Px`Dba1x=cce`)EJ}1E^P~o*^KkBb%{XHUDyqb@jB(ozu70pi`-(RSgg8A3C~-GF~&Z}1OIqeyAO6J$gTqpO)e zf11~-5&Tt3MBEM+qNs&|^@SSKESl7Xhs~$QmDo`v0I%bysC8cY@yhV=k4>jfuCy|e zBd?2{f`QNKkL-?vYC*}NOCA~o#IA+&DanKfmPwzN@z$5gvESucx~~q zlu%~rEd+ZIHIb%Q{#dxN!WEa^XiHPHjXnKpVZ`kZ*ojXod9ak1I(m;uG;T)inhfqQ zi3tE72y6yo^V+}MY|U0v4=g}7N$Wk)DS@Hwvu7u}_|-8BwlTCFVA$R@Kt`LMQ=8k^)$!JLn3ddSE(9V$6`M#o*{Dd!1TzcnHuApXMg_{}$+d_m zXoN1c-?3VOR5fol_p|H^%8s&(lhN>Zx*<{YNgL;I2Xo6ZJO03;3U=9Olh2pq_ML*6 z5R$U}!{0w&E#BZz9?}T2sO~C%HrGgKAI_7Up2=$$Wje2J0E`-R0+@+}_*xH*pey*H zL#(od&3ww|{?wGSMz0xdS061=P=bOTPZr)mTOG$0C*2g?9LBw$Dt^4%{yd=0*L5v$ zd^ao;VyD`1x{x%mQ>H41Bov(cAS&O&S6it zj^6KpdiZr8HR8fI?;nIJH!z+SZYJ9s{gIItWf#f zM_GVJfYxTlvnEO1Y13q;mRVD@-B53ajutc%@MkJEcwe!SHFFXrynMq;^LB35yMwcB z_E(M5M3+(sF(Jt=fT_?yM;3#rq5DLvfiR2%};edy6{!mSY*b$^2on znMqrwF&Ta!^?hhpr;cFz(AQP>-Ab;NUuKOFM_5I{&$*5ZlONmDP`_5EwY3NobNJ&N z;S>k$!_9frV&|+!aa)Jj-;s@h^4Ib|(X6c#Ft3+0Yd=7e;8iViA~fx_f{UBPb;-NM z-%MBw%A2N|yW&xCw|TzAu5-!C;*f@!eEFy$%g0ZT+h-eEnlX zNn4_-cL))jyd)tus4n6D;JN2EBP!0x02Zf5G4!*NdpR$%14V029Nf73jP2)Qd0Ok`;Zy+IH9 zWyE7zkW_Kh@RcW!1NdpVx;8!4FEm3NQdA{1BgVQ}c%5o!ZB_wfC>=qYT?7$rj{f5&Xgp7#Z|dNcS{&XBz=a8-KK`|`dTvbM>`X*bB^{)A^;*9xS z7-QI78CIHuQKuTucd{O27EsD-f?oV+q)hL8s_Lw1BY<&B!WK_IrAwbwini1A272|sUONv_?KMH-Udu*Xah z9p;sG@GVNejsASJLw`Zl7ag}nY<9zr1 zWy#rVh#SRSw+?|GYMC76KEF>Zk`@q zf&^_S>k__&zEt8v8^HSO)p+Sh`H zdFH9>d3b5RbM8b%_Q5V}`_Y^1HksleGnGK-$Is3?boWT-KVZOr6nkI|X9I_$@YTf} z-H!i&+25l(b28&firvgVF0V}}L7#(EeUjRLi^16&r?7b&$1VyTt*uDQ`uqid%Xzj9 zT3$s=d-Y*W{ke$WYg5bGv-o0r_lqd{wOqlxoTFK1!?*r%^LmEl>vDf^UNsdcK+8Wr zR}HU8mVz#UHmW+RBy}$6=Q7cexzVE{T3NIU$1r!iG`|2>t_G^acIY{~-}XT@ztw`D zLv_=RohSFU&{Rcs_!F`>{l!^9Y{NkY?Cpn0m_7bRe8Y~rw5_pG2U)xDlfOBzz71`z|Y zt;x3i8ep1=UZ~lQxGYt9#pZHqx=M>7`fLiC|JS* z{F^RB@rOPqH4?|mUU3JCY$#bFa4(JG2qG&}O?dKCOw4KTSKtZw8om$|M*`^RQT)Y+ z0>q)lMob?+>^0cFaa8$+$G=gCe=663L)kQ%el1Iw@s?kCHWKkqDlg!V5D_i9-$o@_ z)`LH%JsGLsD!gR8QyZ{KpKEHS(VSigeW4L$QgGhKssTP9{n!QyIR8up%TD?-P(SuV z;h@M`WQO>poy>w8II#lQ2!8pKJ3g@>Y&xOhp&%mrD;XoB=p1km%9Hf=k29oT7bS(~ z__&ySG)um`+R`v#OQNK=V0CYt`yv^+(uo29N{B>1jEsCt8->rhs#+C9l!F8{Z=e*j7dm=uPc_P7ejqV z>A!ro&VY9x*3Sx7Y#7#pBV6yL_`@i)Fu5IhxkQiS_Q(gf@jcpts!7G2-$Un9x3k9o zxRW$q==!}K64mU2X7&xk8`Nry%s{Aom)36RmVo)(nO$gH7(lsbj|yzkAkn=@?E20$ zFB66S3Kfwz>W&*g4D8}Dd6?&PTY3fSD>z0jDiSmYpRdi1P2qVtW3|6ZZG4pl)^ZRP z+WCqJCzN_ASoN+akx6>|y<8IjOlpt^A4*hIUuwdux7`~eTYDBbE$5=)B^VrKO(XJPikS%yM7eFv=5TM@DfIb)+dpB z5~EL6WlgBk`=n&CSGT15(Ui!>FvVJyg`8f2s#ldABBcnG_1xt;jQ2Z6?VSi zkD-sJtLn$o-^!|3iw$%0bkRYxI6UZ2NXB8xO!EaO(Pe zx$(GYC^A+Z;0~&*QFlec@JI1hZU{E3 zb&{F$4P&S2HFj2Lk`REgRf?Y0jlE2Q9WgWuFHFSVk41AOn zgeIun&325bYLG3i9A|@$L#k6c>G7u*N{lGqHyLd)qgB-#nV$EpFhz$15HGCH3S9>$ z_7h%myP~3_=Ro?VCA<#&Sec`ay6~V`eV%-g(3S3bU2y{WW7&5GG@gBVel1}Pzp87U z$_0=dm4gFcqj$|#%t`AWbl1{0fIJs3qA{mF5krlU*K=H6H1Oc12~`voT}Q^@-6{tn z(Bsp-3Q=PFj&Eo3G-uTOxzqCVLMOkD=@-Gtt@Dq;3s9Z%UOb8q#P5}2Q^0eU4P1+r z)jphmz_G)a#}=;#s((nzy;JLmc~GsmtZW77Xdb>(Eft%$VtJ$l6f1ejptF3ojUMe; z_;yS|&lVacZYvh7%;7zw;p46%n2m~6i(hDR3(in6U*$*_=$B@ZcJi;X$-J``+nLO> zq33J>1=QKS2!qjwr?&GBQ6+)gsgKMV|73K^{d9i+!QW|(%-di#d5HYhRtyAtH zJ~@Y5W8pcaPwiaU*fB2b{BpjKLAPvDKNj*jgP?b~^*B9xi>w8x86+~y%}01a>BMz%**f?e1 z+sAiT>7bAdlDoM8@&Ra;VNXP4wAp59^wSb?joZ8_6wMn)Ey@TGr*A$u3*umAqfwX! zs&9Ah9Mnv%MA3*n(Mi^l?kpAn|DBJ|2cjZ!H8Nmib;Y1C+V*1YN_kbVX8K*!yEt+u1$fx1Az9H&pbr!mytm;U<43c}kcpD|`B&ZMqjP~=FJg1K zY}rwK<8q7I>M*O%V`Ah66m3le#{Dak&UDa5IDdut=|UOlOQS}}+|>rJPo<_n4x2-} zZe`X2MkS;3cyQd9hb*0$+9+kE&*Gp5ZwAw=s7W^V4~h{OxY#)215+K4k#N#7Z+PTl z1eb8L_tP9j`&ZupJ{9?N8Sk{wNqx&-G8KBAOk(^@36s0(nT?$yhMY5hhSjMcK66N0 z##IVOw6rIa)gX3%?M;zclueyBZf-m1xv(a(wa|VUMF__|oh;FOPP(mVEQ{*_FL{oA zdF!-gzEs>7%?ckA+zRglmt^wY-|#hP;;=Jz`pv}D8&UXs^pifaelk;WbOekEeN8%B zuxlQ44}(B9?0?rz&|uV$YgCK^lhcjMf+0~GXB{TfX2Eytxsj;!1 zG>>0Xd!eW07<=dhC+qSppXN18Q8#jZW%OmN%jhbfoZmwQW`m$$K@N-GT~#d_wzHE zN1R+GMt{1P9cUeDT+>`DTKpaC^po(tE6d`I6XtPfi*xmQ2lhkAY^V0i5o1Go-i@|T;bz@+ zVkf<&2WYF1r@7yixVIBgpRKS~mbyJ|YX42)KMzWQ1-Opq^=P^m7Q8w+paA=Xk>kX` z+V^=^`Lx5M6T6LQ(l4`Th1&J=UgooQYpEN~ZvWBRIE@-;y&6?5KRBT7^--oH1-iKN z)rRz06Qoc9Irkz0W_Cr~9aJV*K3eopLXWx)Z#jQ*D*?p*6TgPvSvRcW{#%vZ1Udk0 z##j?2Z8_+1U~ez3Ee-tEhUWh%DA!^_1pr2aq|~lizWLEH-U|K$SZ&_RID&T`CkmO< zqSm~5*49q!{<|FE=4#QNk_adUo$LZGkRfInUGrI_*SzN5Iy(IE;i;&%GThWG1TB14 z@#cc!yoa=gr;}OZ*8N7QqD1Y&8bw*yC@A6h&=R+fpxWLg<;YDqW^b)OOBiCxP1bnN z{;}RYkKG!?;VA~u)Uf|FX{gpA^eC%RX;7r*_wv^Z4U5Kx)|U*&KQ53BRO_1mW$C_x zkxHx8<^Th#=JsaR*U^6#q7Sd+|G7%1;O71hwGi68q^y$PO z=i>+$=g@};3_{EsDh&EC$?}T7!O2|V4W>FF3_T_!<*4maNCDa;NRcAfc)V0}bLWqz z#7|h1z12ojZxvm;1ut#=@xGDU6oF`H{l+~e-P#h3gY9W=jtg_>0@TZl2^)QR?Ta_K zI8c>S$y`2SBLQ<$_#BBuFD1DnDx@MUR_)sHvt!c@V_NOq?PKrHVi~r z0M7Y8T7c`)mDRcuW~k19pnwUoP_3;Uld5}@&bTBIP>qADK&8zWb~_q&ONo!72(D|e z^>y3qE(JZeV%)8T=R{&-@n=nBqkF)l6wKK#y$nVVCWHQKl|1W?fbtn>*_@V03!iftxn|X%}_cTR47<0Y_icIKDPogiT)(K4rIC zP_S@}Og#VoTQ!>u4|elI%6R~=m$qa6FXQJuod%-28P*%Argm;*r9#fp^*spv~vo84;nbl%GC2bf7nSu_oI z)rwMW+r^Z~XSLA-P9H~s-BX83Hv>l@2y8!gQc(A!oZHib7q|88QkkfC)ywlBFr=u^ z`Rk%5-{#{fHc!IJPsWkOyM0J#i`2|xQlQp4&8j*t$YMD~JxKOK{8MBcqaElJI{Lw{ z&oC~Iij$~+E1^8j(pt0)ygO<`2drCwA0C)z^c2aZ-EO1N93~&zcQmP+BlJX+K6K9; zF2xP;N4u>xd+kW}{$da6gi&vx1)-hlcdP)mb2v5;q6&{M-~9(kJX%D5CXEaK_eSr@ zIqvD1CI&oM&=UVT;eW$$Ihl=iyJ7hLE2V%+cBGc&J+E!PC}j+k%0F<_QaG zQaL%GxOSSEDGR54dVJSvw}AB8ZKg4c3*)Hs;>xf}5zCS)rS(`C%GkK}G(#!`01+r4 zw#EwGR0!X@E{fkP<8L_i?5XPKtN(>e;-Ik+#5?(FC)O|64m5AU>pJR{8qpN^p|m|6 z1$fQF|0<=XS}uRMds`}x3}^zqklQ?_c&SJ?Bz=`^=kHxfZMpEb8-ZXmZ_-l}$Y?zt9E zoQTI<&C=S!jCwC&^7S~jQL%n;z{bvU9_{PFlo@#qOh}kK=OyNw?GP-zo6$dK5~#qs z!X4RhBK%dEs!dcQnMIcH>5I^tjqJ5Lj{RF(4>eBOfLEtZ2!Ow&YCeIDyRMmxSXk^o z(GEi~l(f#5r+-V@L<*Lva5prhH9!9*7$x8(CqO5wlZK3{10A%?!k%B|(5(5k(1dQC z)ZFKDKAB|~J8z-t%8J#$_X4!MbmgD$`-8N>E6PJmbvu?MrW49EPp4A?vNq0n695_T zcg-`6((SKh2ZC6D97#zjyz#Y@vja*h5}->Ofp(l{zLh{V@cJ17;ccSn4UKYE6F(xO z^Y4=KrRzrO^ik)2O}(vUQlyxK=MW~Tq*0{yUXNupVgUcyMs+g{)qcR^h3X|wN-onr z1Bc4faByt4ZO($1)vVoC$JX|1!7CN;W0liB~)6eg(}oJjQ|vfFYxi{)y33b~01!R2oz}p{JHs+N+e$c#Qvs&tQMH#w9awQC z3?Gl$Yj=WtyuB!8HY8%6hg?}z)YEy$`h3w^+mq6~TS$cob&@z`KQG2Q(+7joj;O^9 z56x_Bz@Iv17`xvSq4cWtYLMT&Uq9#-TPAev)x2k??54h9+tZ`Claqm0_Y$!rrwtY5 z;htrJm8~xK`7`KZYaXAIzWej%w2p+1K;YX6{{KVMNlk)4^3_*B$QO1Xytyy-w|9@T zYTyrQuYe(VR%n2@ z2E5~tECYc*^9ZCwhcpL8;)MQ=`b>Vac<>$ zSFG924nlh*7tpeNo<}RgvK63QmdR2GTKjui@Bx5Pt5Wo4Xp_zM4u^pT}(jpE8K6wu1$*JeNP zlBzfd^o^d)^l!RHQQiEs+gL98UXG*PlhV*Yt@`&R{`?bz|aNPeJbW=B#duwJn6@Uo4pwkXr@?M+>+_*E553+i$9Y?`VX zwmSWcBSbtbGijgb`uXeRSIH*ZN7?Y26|5Gs|Bya-+4_usx1*L~?}tqq&*KTuxF7w5 zob1>ATT*tm+}@~S<)KDT8?bRWExEltXUrZotf!weLEhL%?NQ%e;4mJ1U!nV()W#dz zMafpf%8JUPGG_>f#e00QVD7qZG^L^o|&ITjzT54wx@Y^rV#+r!34uR@u3 zOfM@;Wtu5RzX-s`H*14qJEE2dLsDc6QXc=BVa&~C3*kfTd=-ZCST*eKZYq-udjAy_ zTumfpTBg7Jhb#Sm_O%;q0}j1A?w5-q^scic*iTsLv~w2cfxp#tMgEB!e$NAR&ja|+ zp0B5DGFUSFs?6c}NHOjNwZjMYklss%GC-1$xKlU~h^Ar=&uJ@ZxtEse zl)_y1M2L2s4GkI=>-}ekYXE=5o@9sH+b}*=@6B<61Fc39De;jxm>UeOG`+M+BT@@F zE+HdPQ6!tn>2KHjAUn0wRFV@V%}A}{dp=vtN>NHgV7*|AdG+ycW*s$QZ^yLUr~oX; z`ZaF5pMm|T#-~i5J2`KRMk0a7?b0w5FRN2|%%-Ymk*L}uIpi6+S>)SjJ15FMmH zvld0Ifm_GI$(Qm?BE=42I+f$~|Gag@EF^7aADw=FDai6?Lb@gv6mJBiR0bcxk4&rB^AOXzv0l?gvG8Cm>>`CCuGx(e_aT^-2H$uzxLK^>NqQ>zrOhV^5k}aE{*=Lo>LpAFUw2fW$=bt62S#hmAU~zS)jiieE-Ez#Pva%gk zXkYJ6wlUHhiL;UKWs^HuvQDS#0l6|XtV0IzoEtiqQejJziUw5&bz;65b_j1=XA3{R wB*4Th`KPM8k$r88Tm!`ZcSRQe%)9qfuM5*A8$L65*2e>~?-kxvN*aCpABTvBlmGw# literal 0 HcmV?d00001 diff --git a/georg/attachments/5341350/5341355.pl b/georg/attachments/5341350/5341355.pl new file mode 100644 index 0000000..a94fa04 --- /dev/null +++ b/georg/attachments/5341350/5341355.pl @@ -0,0 +1,153 @@ +#!/usr/bin/env perl +# +# Copyright (c) 2007, 2010-2011, 2013 Todd C. Miller +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +# + +use strict; + +# +# Converts a sudoers file to LDIF format in prepration for loading into +# the LDAP server. +# + +# BUGS: +# Does not yet handle multiple lines with : in them +# Does not yet remove quotation marks from options +# Does not yet escape + at the beginning of a dn +# Does not yet handle line wraps correctly +# Does not yet handle multiple roles with same name (needs tiebreaker) +# +# CAVEATS: +# Sudoers entries can have multiple RunAs entries that override former ones, +# with LDAP sudoRunAs{Group,User} applies to all commands in a sudoRole + +my %RA; +my %UA; +my %HA; +my %CA; +my $base=$ENV{SUDOERS_BASE} or die "$0: Container SUDOERS_BASE undefined\n"; +my @options=(); + +my $did_defaults=0; +my $order = 0; + +# parse sudoers one line at a time +while (<>){ + + # remove comment + s/#.*//; + + # line continuation + $_.=<> while s/\\\s*$//s; + + # cleanup newline + chomp; + + # ignore blank lines + next if /^\s*$/; + + if (/^Defaults\s+/i) { + my $opt=$'; + $opt=~s/\s+$//; # remove trailing whitespace + push @options,$opt; + } elsif (/^(\S+)\s+([^=]+)=\s*(.*)/) { + + # Aliases or Definitions + my ($p1,$p2,$p3)=($1,$2,$3); + $p2=~s/\s+$//; # remove trailing whitespace + $p3=~s/\s+$//; # remove trailing whitespace + + if ($p1 eq "User_Alias") { + $UA{$p2}=$p3; + } elsif ($p1 eq "Runas_Alias") { + $RA{$p2}=$p3; + } elsif ($p1 eq "Host_Alias") { + $HA{$p2}=$p3; + } elsif ($p1 eq "Cmnd_Alias") { + $CA{$p2}=$p3; + } else { + if (!$did_defaults++){ + # do this once + print "dn: cn=defaults,$base\n"; + print "objectClass: top\n"; + print "objectClass: sudoRole\n"; + print "cn: defaults\n"; + print "description: Default sudoOption's go here\n"; + print "sudoOption: $_\n" foreach @options; + printf "sudoOrder: %d\n", ++$order; + print "\n"; + } + # Definition + my @users=split /\s*,\s*/,$p1; + my @hosts=split /\s*,\s*/,$p2; + my @cmds= split /\s*,\s*/,$p3; + @options=(); + print "dn: cn=$users[0],$base\n"; + print "objectClass: top\n"; + print "objectClass: sudoRole\n"; + print "cn: $users[0]\n"; + # will clobber options + print "sudoUser: $_\n" foreach expand(\%UA,@users); + print "sudoHost: $_\n" foreach expand(\%HA,@hosts); + foreach (@cmds) { + if (s/^\(([^\)]+)\)\s*//) { + my @runas = split(/:\s*/, $1); + if (defined($runas[0])) { + print "sudoRunAsUser: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[0])); + } + if (defined($runas[1])) { + print "sudoRunAsGroup: $_\n" foreach expand(\%RA, split(/,\s*/, $runas[1])); + } + } + } + print "sudoCommand: $_\n" foreach expand(\%CA,@cmds); + print "sudoOption: $_\n" foreach @options; + printf "sudoOrder: %d\n", ++$order; + print "\n"; + } + + } else { + print "parse error: $_\n"; + } + +} + +# +# recursively expand hash elements +sub expand{ + my $ref=shift; + my @a=(); + + # preen the line a little + foreach (@_){ + # if NOPASSWD: directive found, mark entire entry as not requiring + s/NOPASSWD:\s*// && push @options,"!authenticate"; + s/PASSWD:\s*// && push @options,"authenticate"; + s/NOEXEC:\s*// && push @options,"noexec"; + s/EXEC:\s*// && push @options,"!noexec"; + s/SETENV:\s*// && push @options,"setenv"; + s/NOSETENV:\s*// && push @options,"!setenv"; + s/LOG_INPUT:\s*// && push @options,"log_input"; + s/NOLOG_INPUT:\s*// && push @options,"!log_input"; + s/LOG_OUTPUT:\s*// && push @options,"log_output"; + s/NOLOG_OUTPUT:\s*// && push @options,"!log_output"; + s/[[:upper:]]+://; # silently remove other tags + s/\s+$//; # right trim + } + + # do the expanding + push @a,$ref->{$_} ? expand($ref,split /\s*,\s*/,$ref->{$_}):$_ foreach @_; + @a; +} diff --git a/georg/images/icons/bullet_blue.gif b/georg/images/icons/bullet_blue.gif new file mode 100644 index 0000000000000000000000000000000000000000..25bfa0cf2b75f92b9902fe5a01571c67018e8b2b GIT binary patch literal 60 zcmZ?wbhEHbPx$N=ZaPR5%f1WB`J^ygVx=CZ>fzrV5Bp1bF)Y|No4M6DMwA0VxJ*p8W6MzqUz} zCe0^8Ged4}t{c=sNhXj6plR}d|Nh-XjAoFU$&)AVVq|0#ad2>80UH1mV`gP#{Y$I? z$m(DQFacfg4_Sg(HrN25bC^GT_&~l3fMLK41mqh4bOF=XuV2ac0>}kGKa=kQpk}7k zt5=in0-yoU^Yimvhz)t5T34W}-yAq_;14(@0#jiIFc23O6cmU<4Y~gG=~GjntG9y2GCpEpn?IwoOcOD0h9xZ uKCIx>sZ(z(EG*svB~Jh~Z^x<#C;M1%w{G3KVZ(;CYu5tV z-QC@*SFc{UaN*CNKX2Z=dF+(#RsMEMii|X~h{^0{sq{<#63uE9f + + + + + + +
+ +
+ +## Available Pages: + +
+ +- [Georg’s Home](Georg’s_Home) + + - [389 Directory Server + CA](389_Directory_Server_+_CA) + + + + - [LDAP: Sudo](LDAP_Sudo) + + + + - [Drafts](Drafts) + - [Notes](Notes) + + + + - [Leon: Apache Reverse Proxy](Leon_Apache_Reverse_Proxy) + +
diff --git a/index.md b/index.md new file mode 100644 index 0000000..080449a --- /dev/null +++ b/index.md @@ -0,0 +1 @@ +- [georg](georg/index)