From d7a7dda0e57a76a320dac5bdbdab7656b8b3e0df Mon Sep 17 00:00:00 2001
From: Toshaan Bharvani <toshaan@powerel.org>
Date: Mon, 16 May 2022 18:42:33 +0200
Subject: [PATCH] initial package creation

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
---
 ...-tests-for-test-passphrase-parameter.patch |  56 +++
 ....0-Do-not-use-too-small-key-in-tests.patch |  45 ++
 ...BKDF-benchmark-in-OpenSSL3-FIPS-mode.patch |  47 ++
 ...ssphrase-when-device-in-reencryption.patch | 106 +++++
 ...etup-2.5.0-Fix-typo-in-repair-prompt.patch |  12 +
 ...setup-2.5.0-Get-rid-of-SHA1-in-tests.patch | 441 ++++++++++++++++++
 .../cryptsetup-add-system-library-paths.patch |  22 +
 SOURCES/tests.tar.xz                          | Bin 0 -> 66656 bytes
 SPECS/cryptsetup.spec                         | 181 +++++++
 9 files changed, 910 insertions(+)
 create mode 100644 SOURCES/cryptsetup-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch
 create mode 100644 SOURCES/cryptsetup-2.5.0-Do-not-use-too-small-key-in-tests.patch
 create mode 100644 SOURCES/cryptsetup-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
 create mode 100644 SOURCES/cryptsetup-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch
 create mode 100644 SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch
 create mode 100644 SOURCES/cryptsetup-2.5.0-Get-rid-of-SHA1-in-tests.patch
 create mode 100644 SOURCES/cryptsetup-add-system-library-paths.patch
 create mode 100644 SOURCES/tests.tar.xz
 create mode 100644 SPECS/cryptsetup.spec

diff --git a/SOURCES/cryptsetup-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch b/SOURCES/cryptsetup-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch
new file mode 100644
index 0000000..fa075eb
--- /dev/null
+++ b/SOURCES/cryptsetup-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch
@@ -0,0 +1,56 @@
+From f671febe64d8f40cdcb1677a08436a8907ccbb7e Mon Sep 17 00:00:00 2001
+From: Ondrej Kozina <okozina@redhat.com>
+Date: Wed, 23 Feb 2022 12:27:57 +0100
+Subject: [PATCH 2/3] Add more tests for --test-passphrase parameter.
+
+---
+ tests/compat-test-args        |  4 ++++
+ tests/luks2-reencryption-test | 18 ++++++++++++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/tests/compat-test-args b/tests/compat-test-args
+index faeddd00..8bbe5563 100755
+--- a/tests/compat-test-args
++++ b/tests/compat-test-args
+@@ -258,6 +258,10 @@ exp_fail luksAddKey DEV --unbound --key-size 0
+ exp_pass luksAddKey DEV --unbound --key-size 8
+ exp_pass luksDump DEV --unbound -S5
+ exp_fail luksDump DEV --unbound
++exp_pass open DEV --unbound --test-passphrase
++exp_pass open DEV --unbound --test-passphrase -S5
++exp_fail open DEV --unbound NAME
++exp_fail open DEV --unbound -S5 NAME
+ 
+ exp_fail resize NAME --refresh
+ exp_fail open DEV NAME --test-passphrase --refresh
+diff --git a/tests/luks2-reencryption-test b/tests/luks2-reencryption-test
+index 6f156016..73818b5d 100755
+--- a/tests/luks2-reencryption-test
++++ b/tests/luks2-reencryption-test
+@@ -1606,5 +1606,23 @@ if [ -n "$DM_SECTOR_SIZE" ]; then
+ 	reencrypt_recover_online 4096 journal $HASH1
+ fi
+ 
++echo "[27] Verify test passphrase mode works with reencryption metadata"
++echo $PWD1 | $CRYPTSETUP -S5 -q luksFormat --type luks2 $FAST_PBKDF_ARGON $DEV || fail
++echo -e "$PWD1\n$PWD1" | $CRYPTSETUP luksAddKey --unbound -s80 -S0 $FAST_PBKDF_ARGON $DEV || fail
++echo $PWD1 | $CRYPTSETUP reencrypt --init-only $DEV || fail
++echo $PWD1 | $CRYPTSETUP open --test-passphrase $DEV || fail
++
++echo $PWD1 | $CRYPTSETUP -q luksFormat -S5 --header $IMG_HDR --type luks2 $FAST_PBKDF_ARGON $DEV || fail
++echo -e "$PWD1\n$PWD1" | $CRYPTSETUP luksAddKey --unbound -s80 -S0 $FAST_PBKDF_ARGON $IMG_HDR || fail
++echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --init-only --header $IMG_HDR $DEV || fail
++echo $PWD1 | $CRYPTSETUP open --test-passphrase $IMG_HDR || fail
++
++echo $PWD1 | $CRYPTSETUP reencrypt -q --encrypt --init-only --header $IMG_HDR $FAST_PBKDF_ARGON $DEV || fail
++echo $PWD1 | $CRYPTSETUP open --test-passphrase $IMG_HDR || fail
++
++wipe_dev_head $DEV 1
++echo $PWD1 | $CRYPTSETUP reencrypt --encrypt --init-only --reduce-device-size 8M $FAST_PBKDF_ARGON $DEV || fail
++echo $PWD1 | $CRYPTSETUP open --test-passphrase $DEV || fail
++
+ remove_mapping
+ exit 0
+-- 
+2.27.0
+
diff --git a/SOURCES/cryptsetup-2.5.0-Do-not-use-too-small-key-in-tests.patch b/SOURCES/cryptsetup-2.5.0-Do-not-use-too-small-key-in-tests.patch
new file mode 100644
index 0000000..40f7269
--- /dev/null
+++ b/SOURCES/cryptsetup-2.5.0-Do-not-use-too-small-key-in-tests.patch
@@ -0,0 +1,45 @@
+From 34f033b2549d95833270d657cf099ee4f6faff37 Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Fri, 21 Jan 2022 09:55:34 +0100
+Subject: [PATCH 3/3] Do not use too small key in tests.
+
+Apparently FIPS mode enforces somewhere minimal key size.
+As 64bit key is no longer useful anyway, just remove it.
+
+Apparently cipher_null is now more safer with the longer key,
+isn't? :-)
+---
+ tests/align-test | 10 ----------
+ 1 file changed, 10 deletions(-)
+
+diff --git a/tests/align-test b/tests/align-test
+index 9ae606ca..a00103c2 100755
+--- a/tests/align-test
++++ b/tests/align-test
+@@ -262,11 +262,6 @@ cleanup
+ echo "# Offset check: 512B sector drive"
+ add_device dev_size_mb=16 sector_size=512 num_tgts=1
+ #           |k| expO reqO expected slot offsets
+-format_null  64 2048    0 8:72:136:200:264:328:392:456
+-format_null  64  520    1
+-format_null  64  520    8
+-format_null  64  640  128
+-format_null  64 2048 2048
+ format_null 128 2048    0 8:136:264:392:520:648:776:904
+ format_null 128 1032    1
+ format_null 128 1032    8
+@@ -286,11 +281,6 @@ cleanup
+ 
+ echo "# Offset check: 4096B sector drive"
+ add_device dev_size_mb=16 sector_size=4096 num_tgts=1 opt_blks=64
+-format_null  64 2048    0 8:72:136:200:264:328:392:456
+-format_null  64  520    1
+-format_null  64  520    8
+-format_null  64  640  128
+-format_null  64 2048 2048
+ format_null 128 2048    0 8:136:264:392:520:648:776:904
+ format_null 128 1032    1
+ format_null 128 1032    8
+-- 
+2.27.0
+
diff --git a/SOURCES/cryptsetup-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch b/SOURCES/cryptsetup-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
new file mode 100644
index 0000000..aebf06e
--- /dev/null
+++ b/SOURCES/cryptsetup-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
@@ -0,0 +1,47 @@
+From 05a237be2a6c7a342fb5aba4433aec487a08317f Mon Sep 17 00:00:00 2001
+From: Milan Broz <gmazyland@gmail.com>
+Date: Fri, 21 Jan 2022 09:47:13 +0100
+Subject: [PATCH 1/3] Fix PBKDF benchmark in OpenSSL3 FIPS mode.
+
+OpenSSL now enforces minimal parameters for PBKDF2 according to SP 800-132
+key length (112 bits), minimal salt length (128 bits) and minimal number
+of iterations (1000).
+
+Our benchmark violates this, causeing cryptsetup misbehave for luksFormat.
+
+Just inrease tet salt to 16 bytes here, it will little bit influence benchmark,
+but there is no way back.
+---
+ lib/utils_benchmark.c | 2 +-
+ src/cryptsetup.c      | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/utils_benchmark.c b/lib/utils_benchmark.c
+index 7a9736d8..24e7bccc 100644
+--- a/lib/utils_benchmark.c
++++ b/lib/utils_benchmark.c
+@@ -184,7 +184,7 @@ int crypt_benchmark_pbkdf_internal(struct crypt_device *cd,
+ 		pbkdf->parallel_threads = 0; /* N/A in PBKDF2 */
+ 		pbkdf->max_memory_kb = 0; /* N/A in PBKDF2 */
+ 
+-		r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, "bar", 3,
++		r = crypt_benchmark_pbkdf(cd, pbkdf, "foo", 3, "01234567890abcdef", 16,
+ 					volume_key_size, &benchmark_callback, &u);
+ 		pbkdf->time_ms = ms_tmp;
+ 		if (r < 0) {
+diff --git a/src/cryptsetup.c b/src/cryptsetup.c
+index e529b7ac..37d35c92 100644
+--- a/src/cryptsetup.c
++++ b/src/cryptsetup.c
+@@ -860,7 +860,7 @@ static int action_benchmark_kdf(const char *kdf, const char *hash, size_t key_si
+ 			.time_ms = 1000,
+ 		};
+ 
+-		r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, "bar", 3, key_size,
++		r = crypt_benchmark_pbkdf(NULL, &pbkdf, "foo", 3, "0123456789abcdef", 16, key_size,
+ 					&benchmark_callback, &pbkdf);
+ 		if (r < 0)
+ 			log_std(_("PBKDF2-%-9s     N/A\n"), hash);
+-- 
+2.27.0
+
diff --git a/SOURCES/cryptsetup-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch b/SOURCES/cryptsetup-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch
new file mode 100644
index 0000000..4aaa5a4
--- /dev/null
+++ b/SOURCES/cryptsetup-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch
@@ -0,0 +1,106 @@
+diff -rupN cryptsetup-2.4.3.old/man/cryptsetup.8 cryptsetup-2.4.3/man/cryptsetup.8
+--- cryptsetup-2.4.3.old/man/cryptsetup.8	2022-02-23 16:33:42.449525744 +0100
++++ cryptsetup-2.4.3/man/cryptsetup.8	2022-02-24 08:57:43.036396289 +0100
+@@ -321,7 +321,8 @@ the command prompts for it interactively
+ \-\-keyfile\-size, \-\-readonly, \-\-test\-passphrase,
+ \-\-allow\-discards, \-\-header, \-\-key-slot, \-\-master\-key\-file, \-\-token\-id,
+ \-\-token\-only, \-\-token-type, \-\-disable\-external\-tokens, \-\-disable\-keyring,
+-\-\-disable\-locks, \-\-type, \-\-refresh, \-\-serialize\-memory\-hard\-pbkdf].
++\-\-disable\-locks, \-\-type, \-\-refresh, \-\-serialize\-memory\-hard\-pbkdf,
++\-\-unbound].
+ .PP
+ \fIluksSuspend\fR <name>
+ .IP
+@@ -1465,10 +1466,14 @@ aligned to page size and page-cache init
+ integrity tag.
+ .TP
+ .B "\-\-unbound"
+-
+ Creates new or dumps existing LUKS2 unbound keyslot. See \fIluksAddKey\fR or
+ \fIluksDump\fR actions for more details.
+ 
++When used in \fIluksOpen\fR action (allowed only together with
++\-\-test\-passphrase parameter), it allows to test passphrase for unbound LUKS2
++keyslot. Otherwise, unbound keyslot passphrase can be tested only when specific
++keyslot is selected via \-\-key\-slot parameter.
++
+ .TP
+ .B "\-\-tcrypt\-hidden"
+ .B "\-\-tcrypt\-system"
+diff -rupN cryptsetup-2.4.3.old/src/cryptsetup_args.h cryptsetup-2.4.3/src/cryptsetup_args.h
+--- cryptsetup-2.4.3.old/src/cryptsetup_args.h	2022-02-23 16:33:42.450525749 +0100
++++ cryptsetup-2.4.3/src/cryptsetup_args.h	2022-02-24 08:57:43.036396289 +0100
+@@ -75,7 +75,7 @@
+ #define OPT_TCRYPT_HIDDEN_ACTIONS		{ OPEN_ACTION, TCRYPTDUMP_ACTION }
+ #define OPT_TCRYPT_SYSTEM_ACTIONS		{ OPEN_ACTION, TCRYPTDUMP_ACTION }
+ #define OPT_TEST_PASSPHRASE_ACTIONS		{ OPEN_ACTION }
+-#define OPT_UNBOUND_ACTIONS			{ ADDKEY_ACTION, LUKSDUMP_ACTION }
++#define OPT_UNBOUND_ACTIONS			{ ADDKEY_ACTION, LUKSDUMP_ACTION, OPEN_ACTION }
+ #define OPT_USE_RANDOM_ACTIONS			{ FORMAT_ACTION }
+ #define OPT_USE_URANDOM_ACTIONS			{ FORMAT_ACTION }
+ #define OPT_UUID_ACTIONS			{ FORMAT_ACTION, UUID_ACTION }
+diff -rupN cryptsetup-2.4.3.old/src/cryptsetup.c cryptsetup-2.4.3/src/cryptsetup.c
+--- cryptsetup-2.4.3.old/src/cryptsetup.c	2022-02-23 16:33:42.450525749 +0100
++++ cryptsetup-2.4.3/src/cryptsetup.c	2022-02-24 08:57:43.036396289 +0100
+@@ -140,7 +140,8 @@ static void _set_activation_flags(uint32
+ 		*flags |= CRYPT_ACTIVATE_IGNORE_PERSISTENT;
+ 
+ 	/* Only for LUKS2 but ignored elsewhere */
+-	if (ARG_SET(OPT_TEST_PASSPHRASE_ID))
++	if (ARG_SET(OPT_TEST_PASSPHRASE_ID) &&
++	    (ARG_SET(OPT_KEY_SLOT_ID) || ARG_SET(OPT_UNBOUND_ID)))
+ 		*flags |= CRYPT_ACTIVATE_ALLOW_UNBOUND_KEY;
+ 
+ 	if (ARG_SET(OPT_SERIALIZE_MEMORY_HARD_PBKDF_ID))
+@@ -3982,6 +3983,18 @@ int main(int argc, const char **argv)
+ 		_("Option --tcrypt-hidden, --tcrypt-system or --tcrypt-backup is supported only for TCRYPT device."),
+ 		poptGetInvocationName(popt_context));
+ 
++	if (ARG_SET(OPT_UNBOUND_ID) && !strcmp(aname, OPEN_ACTION) && device_type &&
++	    strncmp(device_type, "luks", 4))
++		usage(popt_context, EXIT_FAILURE,
++		_("Option --unbound is allowed only for open of luks device."),
++		poptGetInvocationName(popt_context));
++
++	if (ARG_SET(OPT_UNBOUND_ID) && !ARG_SET(OPT_TEST_PASSPHRASE_ID) &&
++	    !strcmp(aname, OPEN_ACTION))
++		usage(popt_context, EXIT_FAILURE,
++		_("Option --unbound cannot be used without --test-passphrase."),
++		poptGetInvocationName(popt_context));
++
+ 	if (ARG_SET(OPT_TCRYPT_HIDDEN_ID) && ARG_SET(OPT_ALLOW_DISCARDS_ID))
+ 		usage(popt_context, EXIT_FAILURE,
+ 		_("Option --tcrypt-hidden cannot be combined with --allow-discards."),
+diff -rupN cryptsetup-2.4.3.old/tests/compat-test2 cryptsetup-2.4.3/tests/compat-test2
+--- cryptsetup-2.4.3.old/tests/compat-test2	2022-02-23 16:33:42.444525716 +0100
++++ cryptsetup-2.4.3/tests/compat-test2	2022-02-24 09:05:38.716422307 +0100
+@@ -699,7 +699,7 @@ $CRYPTSETUP luksOpen -S 5 -d $KEY1 $LOOP
+ # otoh it should be allowed to test for proper passphrase
+ prepare "" new
+ echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail
+-echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_KEYU || fail
++echo $PWD1 | $CRYPTSETUP open --unbound --test-passphrase $HEADER_KEYU || fail
+ echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
+ [ -b /dev/mapper/$DEV_NAME ] && fail
+ echo $PWD1 | $CRYPTSETUP open $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
+@@ -708,7 +708,7 @@ echo $PWD0 | $CRYPTSETUP open -S1 --test
+ $CRYPTSETUP luksKillSlot -q $HEADER_KEYU 0
+ $CRYPTSETUP luksDump $HEADER_KEYU | grep -q "0: luks2" && fail
+ echo $PWD1 | $CRYPTSETUP open -S1 --test-passphrase $HEADER_KEYU || fail
+-echo $PWD1 | $CRYPTSETUP open --test-passphrase $HEADER_KEYU || fail
++echo $PWD1 | $CRYPTSETUP open --unbound --test-passphrase $HEADER_KEYU || fail
+ echo $PWD1 | $CRYPTSETUP open -S1 $HEADER_KEYU $DEV_NAME 2>/dev/null && fail
+ 
+ prepare "[28] Detached LUKS header" wipe
+@@ -967,11 +967,9 @@ echo $PWD3 | $CRYPTSETUP -q luksAddKey -
+ # do not allow to replace keyslot by unbound slot
+ echo $PWD1 | $CRYPTSETUP -q luksAddKey -S5 --unbound -s 32 $LOOPDEV 2>/dev/null && fail
+ echo $PWD2 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail
+-echo $PWD2 | $CRYPTSETUP -q open $LOOPDEV --test-passphrase || fail
+ echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV $DEV_NAME 2> /dev/null && fail
+ echo $PWD2 | $CRYPTSETUP -q open -S2 $LOOPDEV --test-passphrase || fail
+ echo $PWD1 | $CRYPTSETUP -q open $LOOPDEV $DEV_NAME 2> /dev/null && fail
+-echo $PWD1 | $CRYPTSETUP -q open $LOOPDEV --test-passphrase || fail
+ # check we're able to change passphrase for unbound keyslot
+ echo -e "$PWD2\n$PWD3" | $CRYPTSETUP luksChangeKey $FAST_PBKDF_OPT -S 2 $LOOPDEV || fail
+ echo $PWD3 | $CRYPTSETUP open --test-passphrase $FAST_PBKDF_OPT -S 2 $LOOPDEV || fail
diff --git a/SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch b/SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch
new file mode 100644
index 0000000..5bf54fb
--- /dev/null
+++ b/SOURCES/cryptsetup-2.5.0-Fix-typo-in-repair-prompt.patch
@@ -0,0 +1,12 @@
+diff -rupN cryptsetup-2.4.3.old/src/cryptsetup.c cryptsetup-2.4.3/src/cryptsetup.c
+--- cryptsetup-2.4.3.old/src/cryptsetup.c	2022-01-21 13:14:56.864817351 +0100
++++ cryptsetup-2.4.3/src/cryptsetup.c	2022-01-21 13:15:15.579947027 +0100
+@@ -1188,7 +1188,7 @@ static int reencrypt_metadata_repair(str
+ 		       _("Operation aborted.\n")))
+ 		return -EINVAL;
+ 
+-	r = tools_get_key(_("Enter passphrase to protect and uppgrade reencryption metadata: "),
++	r = tools_get_key(_("Enter passphrase to protect and upgrade reencryption metadata: "),
+ 			  &password, &passwordLen, ARG_UINT64(OPT_KEYFILE_OFFSET_ID),
+ 			  ARG_UINT32(OPT_KEYFILE_SIZE_ID), ARG_STR(OPT_KEY_FILE_ID), ARG_UINT32(OPT_TIMEOUT_ID),
+ 			  _verify_passphrase(0), 0, cd);
diff --git a/SOURCES/cryptsetup-2.5.0-Get-rid-of-SHA1-in-tests.patch b/SOURCES/cryptsetup-2.5.0-Get-rid-of-SHA1-in-tests.patch
new file mode 100644
index 0000000..4708329
--- /dev/null
+++ b/SOURCES/cryptsetup-2.5.0-Get-rid-of-SHA1-in-tests.patch
@@ -0,0 +1,441 @@
+diff -rupN cryptsetup-2.4.3.old/tests/api-test.c cryptsetup-2.4.3/tests/api-test.c
+--- cryptsetup-2.4.3.old/tests/api-test.c	2022-02-17 16:37:09.535345938 +0100
++++ cryptsetup-2.4.3/tests/api-test.c	2022-02-17 16:37:29.156459763 +0100
+@@ -312,7 +312,7 @@ static int _setup(void)
+ static void AddDevicePlain(void)
+ {
+ 	struct crypt_params_plain params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -322,7 +322,7 @@ static void AddDevicePlain(void)
+ 
+ 	const char *passphrase = PASSPHRASE;
+ 	// hashed hex version of PASSPHRASE
+-	const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
++	const char *mk_hex = "ccadd99b16cd3d200c22d6db45d8b6630ef3d936767127347ec8a76ab992c2ea";
+ 	size_t key_size = strlen(mk_hex) / 2;
+ 	const char *cipher = "aes";
+ 	const char *cipher_mode = "cbc-essiv:sha256";
+@@ -438,7 +438,7 @@ static void AddDevicePlain(void)
+ 	OK_(crypt_deactivate(cd,CDEVICE_1));
+ 
+ 	CRYPT_FREE(cd);
+-	params.hash = "sha1";
++	params.hash = "sha256";
+ 	params.offset = 0;
+ 	params.size = 0;
+ 	params.skip = 0;
+@@ -620,7 +620,7 @@ static void new_log(int level, const cha
+ static void CallbacksTest(void)
+ {
+ 	struct crypt_params_plain params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 	};
+@@ -1116,7 +1116,7 @@ static void LuksHeaderRestore(void)
+ 		.data_alignment = 2048, // 4M, data offset will be 4096
+ 	};
+ 	struct crypt_params_plain pl_params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -1203,7 +1203,7 @@ static void LuksHeaderLoad(void)
+ 		.data_alignment = 2048,
+ 	};
+ 	struct crypt_params_plain pl_params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+diff -rupN cryptsetup-2.4.3.old/tests/api-test-2.c cryptsetup-2.4.3/tests/api-test-2.c
+--- cryptsetup-2.4.3.old/tests/api-test-2.c	2022-02-17 16:37:09.535345938 +0100
++++ cryptsetup-2.4.3/tests/api-test-2.c	2022-02-17 16:37:29.155459758 +0100
+@@ -1232,7 +1232,7 @@ static void Luks2HeaderRestore(void)
+ 		.sector_size = 512
+ 	};
+ 	struct crypt_params_plain pl_params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -1242,7 +1242,7 @@ static void Luks2HeaderRestore(void)
+ 	};
+ 	uint32_t flags = 0;
+ 
+-	const char *mk_hex = "bb21158c733229347bd4e681891e213d94c685be6a5b84818afe7a78a6de7a1a";
++	const char *mk_hex = "ccadd99b16cd3d200c22d6db45d8b6630ef3d936767127347ec8a76ab992c2ea";
+ 	size_t key_size = strlen(mk_hex) / 2;
+ 	const char *cipher = "aes";
+ 	const char *cipher_mode = "cbc-essiv:sha256";
+@@ -1337,7 +1337,7 @@ static void Luks2HeaderLoad(void)
+ 		.sector_size = 512
+ 	};
+ 	struct crypt_params_plain pl_params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -2142,7 +2142,7 @@ static void LuksConvert(void)
+ 		.parallel_threads = 1
+ 	}, pbkdf2 = {
+ 		.type = CRYPT_KDF_PBKDF2,
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.time_ms = 1
+ 	};
+ 
+@@ -2675,7 +2675,7 @@ static void Pbkdf(void)
+ 		.hash = default_luks1_hash
+ 	};
+ 	struct crypt_params_plain params = {
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.skip = 0,
+ 		.offset = 0,
+ 		.size = 0
+@@ -2874,11 +2874,11 @@ static void Pbkdf(void)
+ 	pbkdf2.time_ms = 9;
+ 	pbkdf2.hash = NULL;
+ 	FAIL_(crypt_set_pbkdf_type(cd, &pbkdf2), "Hash is mandatory for pbkdf2");
+-	pbkdf2.hash = "sha1";
++	pbkdf2.hash = "sha256";
+ 	OK_(crypt_set_pbkdf_type(cd, &pbkdf2));
+ 
+ 	argon2.time_ms = 9;
+-	argon2.hash = "sha1"; // will be ignored
++	argon2.hash = "sha256"; // will be ignored
+ 	OK_(crypt_set_pbkdf_type(cd, &argon2));
+ 	argon2.hash = NULL;
+ 	OK_(crypt_set_pbkdf_type(cd, &argon2));
+@@ -3839,7 +3839,7 @@ static void Luks2Reencryption(void)
+ 	struct crypt_params_reencrypt retparams = {}, rparams = {
+ 		.direction = CRYPT_REENCRYPT_FORWARD,
+ 		.resilience = "checksum",
+-		.hash = "sha1",
++		.hash = "sha256",
+ 		.luks2 = &params2,
+ 	};
+ 	dev_t devno;
+@@ -3983,7 +3983,7 @@ static void Luks2Reencryption(void)
+ 	rparams.hash = "hamSter";
+ 	FAIL_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams), "Invalid resilience hash.");
+ 
+-	rparams.hash = "sha1";
++	rparams.hash = "sha256";
+ 	OK_(crypt_reencrypt_init_by_passphrase(cd, NULL, PASSPHRASE, strlen(PASSPHRASE), 21, 9, "aes", "xts-plain64", &rparams));
+ 	OK_(crypt_reencrypt_run(cd, NULL, NULL));
+ 
+diff -rupN cryptsetup-2.4.3.old/tests/compat-test cryptsetup-2.4.3/tests/compat-test
+--- cryptsetup-2.4.3.old/tests/compat-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/compat-test	2022-02-17 16:37:29.157459769 +0100
+@@ -302,8 +302,8 @@ $CRYPTSETUP -q luksUUID $IMG | grep -q $
+ prepare	"[1] open - compat image - acceptance check" new
+ echo $PWD0 | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME || fail
+ check_exists
+-ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
+-[ "$ORG_SHA1" = 676062b66ebf36669dab705442ea0762dfc091b0 ] || fail
++ORG_SHA256=$(sha256sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
++[ "$ORG_SHA256" = 7428e8f2436882a07eb32765086f5c899474c08b5576f556b573d2aabdf923e8 ] || fail
+ $CRYPTSETUP -q luksClose  $DEV_NAME || fail
+ 
+ # Check it can be opened from header backup as well
+@@ -315,6 +315,7 @@ $CRYPTSETUP -q luksClose  $DEV_NAME || f
+ $CRYPTSETUP luksHeaderRestore -q $IMG --header-backup-file $HEADER_IMG || fail
+ 
+ # Repeat for V1.0 header - not aligned first keyslot
++if [ ! fips_mode ] ; then
+ echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME || fail
+ check_exists
+ ORG_SHA1=$(sha1sum -b /dev/mapper/$DEV_NAME | cut -f 1 -d' ')
+@@ -326,6 +327,7 @@ $CRYPTSETUP luksHeaderBackup $IMG10 --he
+ echo $PWD0 | $CRYPTSETUP luksOpen $IMG10 $DEV_NAME --header $HEADER_IMG || fail
+ check_exists
+ $CRYPTSETUP -q luksClose  $DEV_NAME || fail
++fi
+ 
+ prepare "[2] open - compat image - denial check" new
+ echo $PWDW | $CRYPTSETUP luksOpen $LOOPDEV $DEV_NAME 2>/dev/null && fail
+@@ -526,7 +528,7 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q
+ 
+ prepare "[19] create & status & resize" wipe
+ echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash xxx 2>/dev/null && fail
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --cipher aes-cbc-essiv:sha256 --offset 3 --skip 4 --readonly || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "offset:" | grep -q "3 sectors" || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "skipped:" | grep -q "4 sectors" || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "mode:" | grep -q "readonly" || fail
+@@ -546,15 +548,15 @@ $CRYPTSETUP -q resize  $DEV_NAME || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "32765 sectors" || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+ $CRYPTSETUP -q status  $DEV_NAME >/dev/null && fail
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $LOOPDEV || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+-echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha256 $LOOPDEV || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+-echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha1 --size 100 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP -q create $DEV_NAME --hash sha256 --size 100 $LOOPDEV || fail
+ $CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "100 sectors" || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+ # 4k sector resize (if kernel supports it)
+-echo $PWD1 | $CRYPTSETUP -q open --type plain $LOOPDEV $DEV_NAME --sector-size 4096 --size 8  >/dev/null 2>&1
++echo $PWD1 | $CRYPTSETUP -q open --type plain --hash sha256 $LOOPDEV $DEV_NAME --sector-size 4096 --size 8  >/dev/null 2>&1
+ if [ $? -eq 0 ] ; then
+ 	$CRYPTSETUP -q status  $DEV_NAME | grep "size:" | grep -q "8 sectors" || fail
+ 	$CRYPTSETUP -q resize  $DEV_NAME --size 16 || fail
+@@ -567,7 +569,7 @@ if [ $? -eq 0 ] ; then
+ fi
+ # Resize not aligned to logical block size
+ add_scsi_device dev_size_mb=32 sector_size=4096
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $DEV || fail
+ OLD_SIZE=$($CRYPTSETUP status $DEV_NAME | grep "^ \+size:" | sed 's/.* \([0-9]\+\) .*/\1/')
+ $CRYPTSETUP resize $DEV_NAME -b 7 2> /dev/null && fail
+ dmsetup info $DEV_NAME | grep -q SUSPENDED && fail
+@@ -575,10 +577,10 @@ NEW_SIZE=$($CRYPTSETUP status $DEV_NAME
+ test $OLD_SIZE -eq $NEW_SIZE || fail
+ $CRYPTSETUP close $DEV_NAME || fail
+ # Add check for unaligned plain crypt activation
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $DEV -b 7 2>/dev/null && fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $DEV -b 7 2>/dev/null && fail
+ $CRYPTSETUP status $DEV_NAME >/dev/null 2>&1 && fail
+ # verify is ignored on non-tty input
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha1 --verify-passphrase 2>/dev/null || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV --hash sha256 --verify-passphrase 2>/dev/null || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+ $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size 255 2>/dev/null && fail
+ $CRYPTSETUP create $DEV_NAME $LOOPDEV -d $KEY1 --key-size -1 2>/dev/null && fail
+@@ -695,15 +697,15 @@ $CRYPTSETUP luksChangeKey $LOOPDEV $FAST
+ dmsetup remove --retry $DEV_NAME2
+ 
+ prepare "[25] Create shared segments" wipe
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV  --hash sha1 --offset   0 --size 256 || fail
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 2>/dev/null && fail
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha1 --offset 512 --size 256 --shared || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME $LOOPDEV  --hash sha256 --offset   0 --size 256 || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha256 --offset 512 --size 256 2>/dev/null && fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME2 $LOOPDEV --hash sha256 --offset 512 --size 256 --shared || fail
+ $CRYPTSETUP -q remove  $DEV_NAME2 || fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+ 
+ prepare "[26] Suspend/Resume" wipe
+ # only LUKS is supported
+-echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha1 $LOOPDEV || fail
++echo $PWD1 | $CRYPTSETUP create $DEV_NAME --hash sha256 $LOOPDEV || fail
+ $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
+ $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
+ $CRYPTSETUP -q remove  $DEV_NAME || fail
+diff -rupN cryptsetup-2.4.3.old/tests/compat-test2 cryptsetup-2.4.3/tests/compat-test2
+--- cryptsetup-2.4.3.old/tests/compat-test2	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/compat-test2	2022-02-17 16:37:29.158459775 +0100
+@@ -774,7 +774,7 @@ $CRYPTSETUP luksDump $LOOPDEV | grep -q
+ $CRYPTSETUP luksDump $LOOPDEV | grep -q "5: luks2" || fail
+ $CRYPTSETUP -q convert --type luks1 $LOOPDEV || fail
+ # hash test
+-$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha1 || fail
++$CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 --sector-size 512 $LOOPDEV $KEY5 -S 0 --hash sha512 || fail
+ $CRYPTSETUP luksAddKey $FAST_PBKDF_OPT -S 1 -d $KEY5 $LOOPDEV $KEY1 --hash sha256 || fail
+ $CRYPTSETUP -q convert --type luks1 $LOOPDEV >/dev/null 2>&1 && fail
+ $CRYPTSETUP -q luksKillSlot $LOOPDEV 1 || fail
+diff -rupN cryptsetup-2.4.3.old/tests/discards-test cryptsetup-2.4.3/tests/discards-test
+--- cryptsetup-2.4.3.old/tests/discards-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/discards-test	2022-02-17 16:37:29.158459775 +0100
+@@ -80,7 +80,7 @@ dmsetup table $DEV_NAME | grep allow_dis
+ $CRYPTSETUP luksClose $DEV_NAME || fail
+ 
+ echo "[2] Allowing discards for plain device"
+-echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha1 --allow-discards || fail
++echo $PWD1 | $CRYPTSETUP create -q $DEV_NAME $DEV --hash sha256 --allow-discards || fail
+ $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
+ $CRYPTSETUP resize $DEV_NAME --size 100 || fail
+ $CRYPTSETUP status $DEV_NAME | grep flags | grep discards >/dev/null || fail
+diff -rupN cryptsetup-2.4.3.old/tests/integrity-compat-test cryptsetup-2.4.3/tests/integrity-compat-test
+--- cryptsetup-2.4.3.old/tests/integrity-compat-test	2022-02-17 16:37:09.542345979 +0100
++++ cryptsetup-2.4.3/tests/integrity-compat-test	2022-02-17 16:37:29.159459781 +0100
+@@ -168,7 +168,7 @@ intformat() # alg alg_out tagsize outtag
+ 	echo -n "[FORMAT]"
+ 	$INTSETUP format --integrity-legacy-padding -q --integrity $1 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV >/dev/null 2>&1
+ 	if [ $? -ne 0 ] ; then
+-		if [[ $1 =~ "sha" || $1 =~ "crc" ]] ; then
++		if [[ $1 =~ "sha2" || $1 =~ "crc" ]] ; then
+ 			fail "Cannot format device."
+ 		fi
+ 		echo "[N/A]"
+@@ -214,7 +214,14 @@ int_error_detection() # mode alg tagsize
+ 
+ 	echo -n "[INTEGRITY:$1:$2:$4:$5]"
+ 	echo -n "[FORMAT]"
+-	$INTSETUP format -q --integrity $2 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV $INT_MODE >/dev/null || fail "Cannot format device."
++	$INTSETUP format -q --integrity $2 $TAG_PARAMS --sector-size $5 $KEY_PARAMS $DEV $INT_MODE >/dev/null 2>&1
++	if [ $? -ne 0 ] ; then
++		if [[ $2 =~ "sha2" || $2 =~ "crc" ]] ; then
++			fail "Cannot format device."
++		fi
++		echo "[N/A]"
++		return
++	fi
+ 	echo -n "[ACTIVATE]"
+ 	$INTSETUP open $DEV $DEV_NAME --integrity $2 --integrity-no-journal $KEY_PARAMS $INT_MODE || fail "Cannot activate device."
+ 
+diff -rupN cryptsetup-2.4.3.old/tests/keyring-compat-test cryptsetup-2.4.3/tests/keyring-compat-test
+--- cryptsetup-2.4.3.old/tests/keyring-compat-test	2022-02-17 16:37:09.542345979 +0100
++++ cryptsetup-2.4.3/tests/keyring-compat-test	2022-02-17 16:39:07.132028140 +0100
+@@ -119,7 +119,7 @@ add_device() {
+ which dmsetup >/dev/null 2>&1 || skip "Cannot find dmsetup, test skipped"
+ which keyctl >/dev/null 2>&1 || skip "Cannot find keyctl, test skipped"
+ which xxd >/dev/null 2>&1 || skip "Cannot find xxd, test skipped"
+-which sha1sum > /dev/null 2>&1 || skip "Cannot find sha1sum, test skipped"
++which sha256sum >/dev/null 2>&1 || skip "Cannot find sha256sum, test skipped"
+ modprobe dm-crypt >/dev/null 2>&1 || fail "dm-crypt failed to load"
+ dm_crypt_keyring_support || skip "dm-crypt doesn't support kernel keyring, test skipped."
+ 
+@@ -132,23 +132,23 @@ dd if=/dev/urandom of=$DEV bs=1M count=$
+ #test aes cipher with xts mode, plain IV
+ echo -n "Testing $CIPHER_XTS_PLAIN..."
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ load_key "$HEXKEY_32" logon  $LOGON_KEY_32_OK "$TEST_KEYRING" || fail "Cannot load 32 byte logon key type"
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN :32:logon:$LOGON_KEY_32_OK 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ # same test using message
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_XTS_PLAIN $HEXKEY_32 0 $DEV 0" || fail
+ dmsetup suspend $NAME || fail
+ dmsetup message $NAME 0 key wipe || fail
+ dmsetup message $NAME 0 "key set :32:logon:$LOGON_KEY_32_OK" || fail
+ dmsetup resume $NAME || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ echo "OK"
+@@ -156,23 +156,23 @@ echo "OK"
+ #test aes cipher, xts mode, essiv IV
+ echo -n "Testing $CIPHER_CBC_ESSIV..."
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ load_key "$HEXKEY_16" logon  $LOGON_KEY_16_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV :16:logon:$LOGON_KEY_16_OK 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ # same test using message
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_ESSIV $HEXKEY_16 0 $DEV 0" || fail
+ dmsetup suspend $NAME || fail
+ dmsetup message $NAME 0 key wipe || fail
+ dmsetup message $NAME 0 "key set :16:logon:$LOGON_KEY_16_OK" || fail
+ dmsetup resume $NAME || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ echo "OK"
+@@ -181,23 +181,23 @@ echo "OK"
+ fips_mode || {
+ echo -n "Testing $CIPHER_CBC_TCW..."
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ load_key "$HEXKEY_64" logon  $LOGON_KEY_64_OK "$TEST_KEYRING" || fail "Cannot load 16 byte logon key type"
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW :64:logon:$LOGON_KEY_64_OK 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
+ # same test using message
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
++sha256sum /dev/mapper/$NAME > $CHKS_DMCRYPT || fail
+ dmsetup remove --retry $NAME || fail
+ dmsetup create $NAME --table "0 $DEVSECTORS crypt $CIPHER_CBC_TCW $HEXKEY_64 0 $DEV 0" || fail
+ dmsetup suspend $NAME || fail
+ dmsetup message $NAME 0 key wipe || fail
+ dmsetup message $NAME 0 "key set :64:logon:$LOGON_KEY_64_OK" || fail
+ dmsetup resume $NAME || fail
+-sha1sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
++sha256sum /dev/mapper/$NAME > $CHKS_KEYRING || fail
+ dmsetup remove --retry $NAME || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksums mismatch (corruption)"
+ echo "OK"
+@@ -207,10 +207,10 @@ echo -n "Test LUKS2 key refresh..."
+ echo $PWD | $CRYPTSETUP luksFormat --type luks2 --luks2-metadata-size 16k --luks2-keyslots-size 4064k --pbkdf pbkdf2 --pbkdf-force-iterations 1000 --force-password $DEV || fail
+ echo $PWD | $CRYPTSETUP open $DEV $NAME || fail
+ $CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" || skip "LUKS2 can't use keyring. Test skipped."
+-dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_KEYRING || fail
++dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_KEYRING || fail
+ echo $PWD | $CRYPTSETUP refresh $NAME --disable-keyring || fail
+ $CRYPTSETUP status $NAME | grep -q -i "location:.*keyring" && fail "Key is still in keyring"
+-dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha1sum > $CHKS_DMCRYPT || fail
++dd if=/dev/mapper/$NAME bs=1M iflag=direct status=none | sha256sum > $CHKS_DMCRYPT || fail
+ diff $CHKS_DMCRYPT $CHKS_KEYRING || fail "Plaintext checksum mismatch (corruption)"
+ echo "OK"
+ 
+diff -rupN cryptsetup-2.4.3.old/tests/password-hash-test cryptsetup-2.4.3/tests/password-hash-test
+--- cryptsetup-2.4.3.old/tests/password-hash-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/password-hash-test	2022-02-17 16:37:29.160459787 +0100
+@@ -75,7 +75,7 @@ crypt_key() # hash keysize pwd/file name
+ 	esac
+ 
+ 	# ignore these cases, not all libs/kernel supports it
+-	if [ "$1" != "sha1" -a "$1" != "sha256" ] || [ $2 -gt 256 ] ; then
++	if [ "$1" != "sha256" ] || [ $2 -gt 256 ] ; then
+ 		if [ $ret -ne 0 ] ; then
+ 			echo " [N/A] ($ret, SKIPPED)"
+ 			return
+diff -rupN cryptsetup-2.4.3.old/tests/reencryption-compat-test cryptsetup-2.4.3/tests/reencryption-compat-test
+--- cryptsetup-2.4.3.old/tests/reencryption-compat-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/reencryption-compat-test	2022-02-17 16:37:29.160459787 +0100
+@@ -338,7 +338,7 @@ simple_scsi_reenc "[4096/512 sector]"
+ echo "[OK]"
+ 
+ echo "[8] Header only reencryption (hash and iteration time)"
+-echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --hash sha1 $FAST_PBKDF $LOOPDEV1 || fail
++echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 --hash sha512 $FAST_PBKDF $LOOPDEV1 || fail
+ wipe $PWD1
+ check_hash $PWD1 $HASH1
+ echo $PWD1 | $REENC $LOOPDEV1 -q --keep-key || fail
+diff -rupN cryptsetup-2.4.3.old/tests/verity-compat-test cryptsetup-2.4.3/tests/verity-compat-test
+--- cryptsetup-2.4.3.old/tests/verity-compat-test	2022-02-17 16:37:09.541345973 +0100
++++ cryptsetup-2.4.3/tests/verity-compat-test	2022-02-17 16:37:29.161459793 +0100
+@@ -148,7 +148,13 @@ function check_root_hash() # $1 size, $2
+ 	for fail in data hash; do
+ 	wipe
+ 	echo -n "V$4(sb=$sb root_hash_as_file=$root_hash_as_file) $5 block size $1: "
+-	$VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT || fail
++	$VERITYSETUP format $DEV_PARAMS $FORMAT_PARAMS >$DEV_OUT
++	if [ $? -ne 0 ] ; then
++		if [[ $1 =~ "sha2" ]] ; then
++			fail "Cannot format device."
++		fi
++		return
++	fi
+ 
+ 	echo -n "[root hash]"
+ 	compare_out "root hash" $2
diff --git a/SOURCES/cryptsetup-add-system-library-paths.patch b/SOURCES/cryptsetup-add-system-library-paths.patch
new file mode 100644
index 0000000..0a5d753
--- /dev/null
+++ b/SOURCES/cryptsetup-add-system-library-paths.patch
@@ -0,0 +1,22 @@
+diff -rupN cryptsetup-2.2.0.old/configure cryptsetup-2.2.0/configure
+--- cryptsetup-2.2.0.old/configure	2019-08-14 20:45:07.000000000 +0200
++++ cryptsetup-2.2.0/configure	2019-08-15 09:11:14.775184005 +0200
+@@ -12294,6 +12294,9 @@ fi
+   # before this can be enabled.
+   hardcode_into_libs=yes
+ 
++  # Add ABI-specific directories to the system library path.
++  sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
++
+   # Ideally, we could use ldconfig to report *all* directores which are
+   # searched for libraries, however this is still not possible.  Aside from not
+   # being certain /sbin/ldconfig is available, command
+@@ -12302,7 +12305,7 @@ fi
+   # appending ld.so.conf contents (and includes) to the search path.
+   if test -f /etc/ld.so.conf; then
+     lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '`
+-    sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra"
++    sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra"
+   fi
+ 
+   # We used to test for /lib/ld.so.1 and disable shared libraries on
diff --git a/SOURCES/tests.tar.xz b/SOURCES/tests.tar.xz
new file mode 100644
index 0000000000000000000000000000000000000000..250c4bf3fa2a2a5bb15643c1d44c1894e3310150
GIT binary patch
literal 66656
zcmV(oK=Hr*H+ooF000E$*0e?hz@3N$fUpE10TuuN0001#g?;tl@J#RjT>v^6O3omx
zSFM@r^UN%<OA`ZXi~RGWl!3DBN<I}{jSGV5_}k1wExRoa{Y6Zf%<sy~!?ZLz;9Kv@
zBjK^NPY{Et50O6R#(Qi-MA!{UD_tD9B37qf-+<N8qRN4LH2z{9`PQgQs!(zc_`6}^
zdjYZEv8Cp7oIz0jp-YJ*j`^oTjZZEmxBg7g6irv=t%X`m!n^1uD=k)7m78Recd&-g
z5sC-?jUdd3$MUAgA>LclO3S=$UBwrFxZO<ByFnVTCn=tx6k8UGp#7C@Ue;WAZt4KS
z%f!~loGg!895JIzkp-f<h}jU=LMT>%iGk!&W^8vFWs_oAd_j)WuDbBSjmV@r!Y7*(
zCVP9C)cBaC1eRCHb+XupzIbwcNu+NyBBIv>IH#yqbzD$0!Md=z+hhz>BFZlxg2I)y
zk%jzfz=l9G<jR3*$i1|*r!yhZ&NQd*_%a4!w+^EO4qRK!#d2wAz?SGe0O!Z^y?TOL
zg2z+yQ;U$X3b7yReHO$)<tBHuFe~n$iC|*#%OW3P0IY_p3U=8CHXbCua)1IZ_Dh8F
zKH>PoP}SaoJoaa$yI8)*>^E<9CLNSyeJP$463t-tO7O~$_B!7p5FXv#6hcpV=%pdC
zp908h@~_#LN@s<KP{4T~(Bj976<M8AprXUZoT!DhenuDHk;<Jtvc7kQS5>?Y8z4_$
zId)d5gv3EPSZjPDB_^b2YuNuO98JVF!Rug(-T$GT(yc9+-Djm1>r}8>6=LLc_MaY0
z%(&oip^QV-kq|V?-hCO+q;28y<Q|mNn_dt>?xCf)Q?J9_QLvJ$rnVP_xMeE-bUJFY
z(~QSej5hCNQ=cT#NU!DQp(69Zi}hZ|3@f1hIXMclm%^Zvz;~c|MEZ6g!27nBWu*>w
zw|P2KOnO5f9S|4vp(5#6B#DG+_4fF@r6eSeGLFkzkBLW%l0Q^AYzKAXjVT5npHAm4
zU_N}d_lR03?1`l2;yM#H^slkgr5Fe+l<ybLzKz+7d&{h|7R(1Jzr=a|qz+I#=x3Mo
z@2BT9mXQi6KR*RD1Dk5SX+-UytG1?4lB#ikggrMI7@sk*O}K=gw+>ycl@l4<VtJ4V
zB}s_tfU$wrUD{P2QZCTLNyRZ&|7XTxESFj}Itrw4U5LJ#@x3j{5Go~3Yr6As0h)x$
zRn=P5jCH;M+1s=P<~G4Jet0ImySob^A@h>p>9Q#{krXQ96u3Z)zWk>$4KBk}=H{X`
z^1*49AD6nS_1}iu?mLb1xC?!LkOlr48}qYsF&pL~i0!+M4gt3P^>2-K0@<())i3zA
zs<%=$x+4ecsQTp+H0yrb;ze;qY`>;NTc9eu&dtMqXNX<%M+zmZL=KetPIl!tx9nbv
zB}-dN*)6Q;Cg^jW)Z7C%ff_YnCQ;3m0MpCO53VqfMSkLVu6Dcj#)$C{+}v1o47n4n
zn%W;WfIYZz2-U}A=tj^d`F^=lLEax=jaPAhM>xZ+mR8)s*~23P=aeQTY%j<tz<o1r
zHAAK0UZQ`PJc7@&5FeP1+!WM}SPF-JjV>xgY^f=+?gjj@I{vLY+$^CE8(DP0#PGyS
zS9wl(^uYLM;^WB{i}=i9281QVRiRiskca7fn4hb|E>u5sQW(cz6Jv=kzwfSx7mj)@
zS3x<0^?xW{qJeOB@`JV@kTS}wYNl*{!FM;U10*++o{8@&ZJL=9ts5OFWfS~C1#y9r
zpR~hn`4H@gT9;{Pij(u&tVFqGuMU!(O4ci%@R^wudS7|aaDVJrO4_yJamz#+My?)#
zJ8@x~<7y)Sd<oE_t*2k`J#`osqXTl0Dfk`YtifVvDfxI78Ge5-EVrK<Ux?gcN1MZ~
zi25WqAO*=yaI|y<z{6-7du&CAkr)KO+eks_Dk7rvGX@mFE+R(#<0SbL!|*1oKFoHX
z3AvQ7y<sE*F$u>^@QBL&oJA;QJiUZOmUPLO#5ndQIX_`jqbC+rNybu6jlPrPFyk_f
zuN%5&ZsPxU&N=u`43b6jtVG$Yrbzv=$5e7+gX<_B%!W<9t+oR$)kve4f8*dy%6GAZ
ziJOjnTxh7Ofg5Uu6y6{un(wdS#RFaoAVFl2W?t$mw1J$3ov89%|00bbuIB-x6SO&i
zQ&7jNS2yLuTnZoUZmlM-M7vDv{1hynypp{u=t$DM#BWNzUx?$+zM}H}B#-Wy@nF!#
zlMJ)rGj0)N?BsE6H7zIpIbw5M(0!+!v8oyv@wI|v9iuEI^+Zk&xCNgN<gx@FGkF0g
z#k*TDChBrj5p0us-yq7}WI)Q$$~}y>=00qm1nS`C?kF5OmJRYXT^>2IQy5JYLLt2n
zZy>V5yJdnq9##!|sc_rMq&$*<DfiuJaKlhW-LJW}_FtS5CS%r<{JtFwlNf0%q>({n
z8JLaI&@liA%nBWROmYpY+>qgJ+nDfBK=j40w>UFFGQ5)_qr2(xsJnjvQhfK@N;A_g
zgJD<@{qOelhK~tlN+Cs!k#pu)(*dQ9@I~yXZS(z)x?}Wxz_yazR}-rI#L*g2<0$XS
zen->BtE0)bT*O3!qGF$zlSNC)#DK}*Z}Cajo?3Bv@7h?>n?px^HopMYc-b+$m=w;{
zrLF8ZdwSA&cH{qo9K!VXw!GaR(XD9Kk`(MhNX-X!yxgP|@73Yi1OG4x0A}*Bb--Va
z4U(U}sYK8c-fI;U3WW9M%Z#ICI1!GGAQg||eCVej-@~Yh-Bb^uKA|sQS@G1b!xOhJ
z-s@s_3%7h@$0@xtPxMUu@yWvHtTcj@wx+stO6z8UceLFY=SuX^>dQ@3rFU}beYQXn
z4w9S5c?q(^U1dcWBgtNSk@cwl+cXj>$531PI?2c343zoS@Y->u*mcfxH1&rNT^RAN
zgJCg;_{-Uq<(0=Ci<Jz5esgG?IcMIPbL|hn7bnz%+h8s2ePSXYJrY-h{jDOoE$ow*
zw{2N|06RzZVj)jpW^x`wOTztDMnz~snWkYsCdY*!dHM5&JLWo1=GG1CBzm`|nQgO!
zw&6fi*1I$QfWZFE4%aa!)viK&Xk}dn9d?GKIl?i~9F0Z+o)TpN`WA-T>SZ3#3z&*A
z9rK)(ZCwW8vZ%7rFiQ24<r6k6-x8%a<>m^i))|Z2EaF%#%hW)aWwwzqvNl&zgq{#6
zP~>u$aR>Dh#jWo4TrQ@*E1`{K$mlT;+Ojq@k7IKUqUi|oV4-v1{Smb*DCu?*?DAP9
zEITbY5h}Es(a840{MIBgZ#S!`p?qDt5Q)91PGKMK-d-#&mWvJ-tvHKL5W1UWb|>#w
zJXSakG)Qnz6NrYbDmfhIFpUy~;6Hn;E<t7Ov;y&8$q%iJIfYJlCJC{|S-2LG7Vrvx
z9;1UZ?PdHQAfBgN?o^{7*c{W;y8Xg~<@7AXq|6neB(5WYmVJ->=R*YllOV0UOyX0Q
zt|qU15nh+s#|8%b&T|A1G-es{`<>mlC`f>?9c0<^vWsqH!E^gIk5eBO0xPYFVBnh>
zxRcvu2sAjpWX-~LkKys6YCyqr(w;b3PxB>z)j6}dn6ZvNXNMUZ>%4bKdQ~K1)S9!n
zi)^MhvRvE{Uy5=9<r^&GDHjLGHl<>tYQ2Bnz9hASTIYat9cSs&+TEL>euKKrVz9WZ
zX$$%N#27utvaI&B)vdqw$W;R+k@_WuCRPAl6dOetlM{-5b_evCYXA!2ye23>sHg6V
zJ+3gSfKInHW~__hBY!4kNsX+^bJ<}iYSeKTK=pAfE%5DL!LTY17B=ZtF9tc8HV(n<
zUVRRNaSOH7!O{mD=T&wDYl{m%Slxl_sx1M4W@co<n3O-cwnm4dO#_N=H7h?+F6oP;
z_36f$(<GPa97VcjicY7ssR6^g4%f>kH7qP+0AVGb?Fi;@d;9g1mC(lh$~U`J5X^HU
z{9ZsKDGaqEouA6UY#+>UfmN@vFg{@dZUH$X)aE-7?3A0D1b8KoQEG2?RAi;;?@4h=
zM=zp)DRc(T{)Z(`#$15wk;^28DN6D_3gy^-r#)sNc6XZq4#Hq=gEwLP2vUykMw^0Q
zlZRDws-Q*>1m*JYskQ=RbyS3fAU`#63sVVYk;><FVm=`Yg-d)l0)pg>K7W!skJnK6
zQV5KBcJBpjDkf;_DS9~S&C&-R(Y{V$+>?nRbEyc>>=9y3r%g2KWEht7u)Z0H9}6B{
zn49kJ`@Pu@QOus(Ey`mwpOW1>^UKOx|2i~`I_5X7Jj@(EdNU^lAjppRc+(g~HD>_%
zHCM^fZoE`Bx#6$3T=;}M2K_#Hc2jL^^ezGtS~|xsmq6Uh@cf(eg-5e9LzF}Sbv3a^
z!o?<Rcbfy*O_>j{Hv98R5w=J55k}y9s+r-28oH`Dfo2;@lk_&wzTU|kZlyL8XLv9c
zILH|JbOSap93h~dEEf-y0f{oqUDaDg$3-w%-&m5;<Xct9$D!jdu-(+m)zO=QE_iAz
zuOgl2Q&VWFR%Xcy8}KqXy#6#om;pvRtHddld>4a{xRx#`$H1dK<#$RQe^xGn7Q&M;
zF$?#%;X%4VJF(Ib)1%Xde9GQ@$CB=bk0ywcs!>gRC(TArd*&&h9(<1YLz_)Q7n+qb
zUzJ{S<xBCA9&J&aepdNc9vr{gCo}407f8lRfem6n@jahTW_S{yUa(iG?i!$%g}#DX
zR(bFwayrNHj0Midy$O@Ok+!BRYh%;Jq`I$rU^e;&`BL-eBvA;zs^N&-Fa#EkC_pKi
zhKRLcOWdYeUkwQ~{bT`1Dn-pCAD!PH%jCAG2gv8uwN6@_<N&{PJZ@)$T{oaXXfwLg
zwFXjBLOdqkQCi2fB-8-G{FGC*ULajVvJlAZ`$ox+TpMVNlI7~k^aZom#kVbINJWww
z8h(wFlm;ztv?>^Uo04@vq+H!>#@(RC2K`plFto&r30!2@>~7Vjt$0N!#kie^ww>+-
znRn1X=gLF@6oV>WuqB|)*qV>B2-6r%-vh3EG0yjxm}s%)YQ2Dd_OTm~`(PoiwDtkk
z4G&rMS5q-)P7gZSieP4qi;B@MdCqwhm|(8Pe8Z`UmeNuHzPYmLs{G;%v%yhy{U2?3
zbH?@a!@NYRJ^6708WLznTIUd6DxYPPoUVMU5UKHfJ_z*)PGLQ#+#L&u9)+)^zi1vM
z4?>xwWXgRnq&U9V`;nc1J%~~mx<E^Rqj*GKm50W^Qm=7-gwAYz$Sl}cj#M|=pe>$m
z_bBSPV(Pztyayt{@z9K*K)(fr&Q;~N7!!6HoCL+%_Vza3Z?VndT@Wg-E=em=?yNlg
zYc6Ypm_rhW!okklf%Jpn-B%RU0{tX8EV*N-cOo9|LN^;MIqkSgz6uVqcWCYf<v}IW
zJoo@JRMW&YgKGf=duXkvsoS9u<*;B*QMSk{!E86){lX+ZX<vokO+*?Jec7<f@6_LW
z|0C0Bz=PM}g#CM9)khn_lGq25TCkt{R!oz69?`qx`Q;)WM0VaCrWxCVjDN9sOr3f(
zzGAo+dJH0N@|W$U0qn*^7#_ildDEn{yLTbwf?B-d?vF~l!4WHhp6pnvmc@y~by7sF
zZ*fD)Dyy1B4D`XLr&p^6kPgl#AuZpf{N=Iw>L#A1+=Rc89n+JK^JFpm8JhFijq4ZP
z19+DSNw*1P;2o{;0tp^cg{)Oo8o|3%1Y+QplLg5)&+^nC7@3_N|AO-59d#Lx4X5?a
z?-=;vvzY-NgHefWoN~gLCL8Gj!>%v9!jEI1We<{OJ4xZHY*3ET8;;U)T--Mk)fMMg
z2@P&|f21MGusrSNY`3-x@}4vd)W~Rq-zOD{a5|uYwGERouV<uTI{0QcL*}w-i#m2X
zmOhu>(?m1Nb*~Vp)gX%w5|V_q0@Pj34I&NfEUltE14ZR*j%qNH^-oF&au^p|PngwY
zR^*cN1yEITFa}39AKY0X-hDCD85wU;tULrj8%X!zsxmV{Lu7`Wfl-;`*{goPZF#$5
zEdQceF(ce#+oNpX>)>^&ETeMCnq3s#gwG1Lld@i4K<v7f6BZ>uW?E2P6UKERr1;-k
zk7Q*4aM;wo!Wg(6H%-#wJ0G#)6o{HG>La}*!>l-(Mj4Fcl{lpTP4Gl!aIpM196+?z
zTvTQ>#Fx5#0MVPAM-qj<R&HM+K+k4<M7xziU6^H|iQ3FS;QiS4z5PS9)m#?06jzrf
zWxPtCMw^24Cj>!7T?zZ>HJx-;l-SE{A5Rk&?{{eW-FK+Kfdh)`^vnaff+{km5fpLW
z;Jao_HV+dSEbmpQG?XSFX*CO8A^Ov*O2cBaZ3`6xfY}xMlUSdqL2^s-Jv1irUV_bh
ze-W`wy5rS-Z&g|N04wisJKs(QOKH+K6(+_Hon~cWmM&4HbG2&>P(WTxMj>oRNt@!u
z(C*FzQRa~(_2x5dK-*9tmF5$WJLXY`sK^O}ko6geo|hdF$id~=8*mL41S9XL&NGUb
zlAQCunHKwCeB2|`@ICv~psZRaS#J6za~soR>oA;OMjJ7syzH+%G>%|_d}$+~ZHK(~
z_x&kLD7*aTvy0!aTlEmT-*y{b^twT@vL^g{e{YZH;YmQjQ<<CgVoW^v?!?X&9=`Q8
zpwan(4wuYqtJjbW`=~qXqcE~Wq_R%<OX<Kn9WYhbC8wKTBrmd8sDZ>MobHM8I#mJe
zRm(?6(}AM1nWE2x)CHt<9cl?2#^hnAklSxppp}wg;)j->v`OmNH3e_~N5d|+SZ(v_
zZI&mkgWUzCw`?gVOVnOw8D3?zRTmMBA>8(_Z>Ehi-Xzxd%{|3j-GHeQ`c~zwy@u#M
zZiKDF@unkcF7}S@R0{#D|5q!)sy~%+*@ZiwT%q-vIcEJw^>$K)e0tF|mL8tjecJZ`
z*eabZ@+-j34V9)fvdTbqN_&#wF0FTH;m*^Co#NouWM76RA2<tcd(0Y#%P-j7S8iYf
zFa9fdwlZKiPmBa(URAAvlLth9N3sBpKw5z5zGw|JqL6hNTHv{}u8H$3_`AZ&5H;xw
znKaU1-WuCg|F0K{N^_A{1yokq(+o4Yk?t7=cnuuMu{dJVN|G3p;!BNt#*TwPREN4O
zvLwis%-<T`e9HEP`P^$4&(^c_+NK`?4-I$IOvvI!v8gT!V|Z%0dE5!?8eNkhYme#7
zZ~a_#H<+l#kgv<D4JIAq2?3WgNOoP)^YU*o5*$P=6xLEyH3?v8vfCsasn%PtESbFi
zk)VQoI%4U05PsunLg4u!qU1JpE1r2GGhgU%URg<r+jo#YNWL}8-a5grLAh)^k{ti!
zB9DPWGE!_%SJH2<{Y3x;54w7uj1K%%sJaxvGBd4<SiDQ*WC32yKrscb%+{9|L287t
zsv2XS3y-UP?iFw(JT;vEF?yP$9gKSi48FGIy0dZc<n-)&HgdWWdr#g#JKFwwcRTD}
zth+CscEyo)$-_b)(c)_CWl60&4cO=HH0uJ%duRjQB<6H?H27Tv5#QNb$OOju1-HtS
zHzM!K+Oz-}$Os(*SX^HjwS7Su#R^xiJUQ-F-Rd3{r8v8o+h^}ed)*sF+Bot9ckYtx
zL;9xgj$2Hi+4}AxL#iyM8~bb=+eTb5kstwQ-zEF8HX(I5+KO3j&$!;Q))<!(s;~Sb
zoJw?p6dl<rzWNO!{+mLEmZ$~$wn|nIZL#*1DQeBBb1Y`=J7ag*657hA(RGe=k#0jU
zaEK2BV#$ErhPb4-h0qy7^2Q3&!s)mH+TeDEbteHOAS}6xPyg*louB&9QH5IJkheUv
zci5r}&RCA1k=zO~b+AHEJ3g~K<1Adl**(K8ph0;z@HL5TDyg8LRi{v7>*qS+3(+Lg
zKW6}Rl}`q7+?jPJ;M%mD3#yq~VZJ$$Ce~->W3=$ICku(+_)Te5l$_N87Ry-i$NyXe
z1CQcrR6!|#>FiuSUNZ=6B88`b2F9bGI};`pT*Bb-Q(WDw$M@ZNHe4*vGx>Po`LsS{
z#M9vbBHXy)B$j&}me&b^;{&B!g6}TzjX!vWeTCcJAc^v(7wVfReD2Vih7;<JqAjOw
z$tk@qvCzmPx>LqmU?#U>o5~LkXYx7GmK4=RpT%fa*b>mbMgM?S7dhb?Vx&DpcJsV2
z@badc{3Fd{4ZH2zlB%0zkcTs*oLwR#0XqsbbSbt#Lrc6LBGOq0t+_BE{GLY~fPjTF
z&yTdHb`}ampSM{V&#^9!7t|%bvwfOXl|bOS()C4Fno{gujx3&u9v>bK(V(MA4tc#K
zaYLTp9e0QR`7v{krFOPGWQIO>GyY<XCu4ugcfIAUWX!g^A{@vmXv-CBqU5;@z_38@
z6__pp;lEV!aketD%!Be<-fKF0v;G%ia*6iGQqkTJFA@Il4T5fS#L0>c9KOmpj>X7}
z3weAK-G9kMd|qCmXjIysiM!NXy$fSE61DIv-7yS2^+pjl9&nbpUgp*QE6peI){is^
z16>+x9Fw~3L74M$sR#PRJ8vk3;)BZCp#`=_44cc!ruA7$DDebjDW(Q2d!>uR)AWB_
zE<_EQBJ?Mnv^3<--;?KiZMv_Wk)qYYsIE~ULJs^q3qWjMn*4#J_w%oX<j`7juzEb7
zQ2WF66W9s4l`-#h{V|W1OoYs-d`L<XO*;5ksQxS6M>^TC@0BEQP8Iu?UKe*!qjmQZ
zxkn<pYJ!V7RxE6NXVFQP#7$WBM~$>It{<+(ySgcQ@V*OfG_h(#sJT#?U%DOx?&|!u
zDIv(va8T7GhoA$OWj|QcCi7&<CT8#b<GeRNP`?%3{d#VHT-eiMa$-Tll@{UzK3;ou
z1JRaT&9!5C1okVw25UV5bxtXM|Fxtasfa(+;H%$35p57!l>l0);6^=#1>3h8)$lwR
z6Zf`*0gZ?x%4=Ge-oje}Otg!_cj-(GVV*D(NcBH_6tU-`4gw^$mIs&xJy)*|)gH{s
z6lnbNRDr0=f`wNAG-r-Zi_G40lflNc{gp-J);=Zy=kp1g;XJsTOwcCQCg%^k%td#6
z6=TJgH;&Dm@>g<;({w4(pk&qO1`DLD_HiC|xAFQI!T&F5G0_hNt`dNm{Jjd;^DL|&
zK<4x91msuL_Woe23k=ECAc6&yT7OZ>NTD*3QOTfX>hf6z5e6~mE9cEC*xS*JCTuKh
zs#week>&{&+Qys?aLG;z-#rCp%eMiCle!(ZKvNeldDPpe2|cBM1T~;}K*7qNM<bl-
zLoxu@88@FnNgNyLMWM6tK-7?1rP<BFgL~!BM#&z<Y(-WgK42*q*5<RG2H=TVOGC!P
zd`%U*&GDT3p@8Ac+!~Gs+k@AOJ;7LcW9tikwl%U@w{HIJyRrYvi!ASa)4z(I$mc%Z
zRz_U;=?rBUacTE!)evi-pFz>1nxTmNeIdJce*0ZleBu5o##}qxSF0{+F8kc77#avg
z3QO17tZTvXwyFC9Nds9mhD=Y|EaZmnG5B<2Hn}yaCHD9Tt`z}LA~EO(JhyJGLb0La
zTGS5~uD-Dwp?135GiSq_rJNSI3^p&D2$vu3YPxx~RTh1Y;8U_tN<?Jtp&B1Vyhlp@
z7$l`V)mtjQsHUt$!K0l?EusnHV}%8dUB_gXJBM`BTZ)KMB~62)MYzq&R=~M!5-v0~
z1&K*Tx%AUgyI6Y^8|KuH6*Y4qh`)qjoyLMd{8rV9*s@pdwjyZ+*|F#${3b>gHxh(^
z7yvg3Klkjqx2TbEcJ^Q#$J+G7Djo5&c%R*HNr@^$8ugN{O67~SQqddP!2nS4cBR)?
zh{2!mrWdasFStyYZnG0z1ng&FK&f-O1Sph*feB>~&US#GfAz)IrxyB8Ey^yg?AC?(
z?TDxVV3==Apc^~-c*VvVgIt9DVWty$EI}#^yd?s)|2Qr_1yyM_W?Ht^%xQ0G&P=QS
zJ$~RMSQwM6==DnxWq(7x`y$RA7(g0cwuPz6Z<<(6la#J20HxFn@ksQiOg#;YEECsU
zY}C#WG}K)Vf0epQyw!XtG!5rX23WQ17R46cITXH2+Nl%P1lC4cC@Cr4#S#VlaVALT
z+tB1WTw>YLyogQ4Mvo0m;!VA8_4hVjm#uTS6e@e_@t~D8jjrj-)>ga6UWHLQ%5iHL
z>iM&HR{9=6#<)9CySLXZubEE2iD*U73?SHOg<;cWKe{LmD3f4ivYbreKL<7QRC*j7
zgRj&4Yrv>QZQRnT)pCF5^`0QP9;MhoW<4tv6~If)PrO9XSt~%%4;it@SFdr>mQtE8
zk+xE0{RY+!g;fk{iApsg5OalUUf4I;?5ygrFajlW79f?@g~pD^2dJ^O8<yj6Vmo@;
zGQ$Z?vX1UIdQA()aRkwJS_StAhJVl|i>VA5tEv%MeMHcU;Y1z#Y60-V>R;2-UGXBo
z506UQR}W@81f=An0-!~PHr`o1nQUZA6YBYt4SeFZBpmZ#MODDJ<o#F6^9)4;hSlb~
z^_TI$VuNH~8t4W4iF44?P&5lxZ8xxz-6Lipg7#ebLTlLOMg&jZGZK{J_v~=sq`iLz
z3K$rYUdp4mpF+`M5Oo|-FJsJdU^mE}$4O{{={@B<B_i4iA#Oq~Kb`yIhFW-h$`+4G
za+E8$fGyi@JjP5%baTVWYo+Vv7w!n`-6=<<DrjbzHc;c;^EK_L6H554ueqahm>N29
zB#bQq-&uZkS+^JT+|Q~REy1K+etaH7@lKl3MX0)uYUo<Dovj2LV;AAa#F8rWo9z`W
zo4tYcp-yXs4Os1z_7wN%>*X%*7X{j@e_(Dk%&0jyODAM1)f3XUj%3~Ap2Lg-UNl+5
zd2W!vXm3rAWOXe~%I;vRoaguI>UOojYV8pT5ESU>weKAWZK48~t_OSw7T{N1X=972
zf4A$FPs5c!YCE;}?U3HeH-~XGXnV5p>$m4&A!=`rqz>j+3W^xnWx!~RU0H+`0+!?s
zyR-_>7CvfL{<WH2iDK^HIJW(ws3`><1ADu?h2WfSg9nosOU7pjUm^JP>-{BdxQ5f&
z;K9FL^!^rq3M)$2k1SCklM@h<NF0n^9p$--f=CX#<~)xU4ln&M*0K5o!{rRFj-$BH
z(t(J}A-=<~UgKjCU*#`mF8~>=*7cf0cfo*ToesRja>Z3x_DqC0@ZnXdu^*{zilaf*
zqzdSENXqu|*Pb+*^4T&fgAvV88-4$7HI%HbhRROp^0JWw1FikqbDI!1A#%Wfd?uR3
zhK}W9A4NpZ<ek7Df9##B1>3~EM(Aw*k43py9kqHvixIZ_8A)~!UI8(`kA~L~MUTH(
zINV1#PREq#J2T_9Md9vYsP-St>NgVpqF6)qPupP`*msc#QwH9m|7!)8YR7KD*kF%e
zSM%SA^sVjLJ~JFE=*u~*3tnz}YQnLYnbypjyOC9WIGl!UPDEp79JLC`d53}x@UJ&w
zC#h2gA(dl5E+!|O(xh89k*L13g*ndyC`^wQEB#x_!0pR*jhUxWmt#8+aph}NOYA~c
zT32+BBB`;a9-2fHgzmwycja(>v&3t_EMtt!pz9ZIx-7ObPwx7d9*C1kv3ug~w7A!i
z5W$5=NFsTFpde&ChN;9fFOFa)$Pd;wa{@@hMz%3AwBfa3aEUx4JY&WtpQ&)vp+v#2
zqc<NN(hQ316;mJ9y2PlGqbqiSM`PCkg5~INzF;gP=VTmZipaPo=0&np6$BS!y}0gm
zstsdn=Q24W;>#S8{l|2LE5=0vGBW3;Vb@dsvTuu|FOKyK)K?44K?jn3=G?Zl&%=iV
zV9waD7@*Pf=AcdkV=#d&a?6${hBcl*$7)+I9tysCd@!M9!GZw|jrn6Zj5%+UkA_Z$
z(875E^Yo~?4ha7vp-Y`OR#?Lm2Oa0?<XF<dY!PABiJb^nGITII1-ZBj-^1X;y6AA0
zRGoEkQ9&}9DFv$5MsZ}A7+FImwvR|ZT8nH}Y%(;U^%J9?md{5Dj2j204Pb>ITl-Xo
zG_@0D6ap&ZxfeOZHd_9B$B*6D%Bp`>^`!hDAMXl28hJ4Yn_;@ta~Bx#*sx8qHqKb3
z#@6PPat4~L>W!T0z(Sq8YKs^^EwLY$D=npA*cR=qS^CcuQjP$b%TEUp0+-guam=)J
z(RLprCpXhR(gkb7C1>>u6vD=fnwKRLG-<N`s&mY#O}}oKbHC1SF_m%#rl0EziqmA}
zUQ;;9oc1`5=T0b<X=F`)9Azt#OaT7WlGN@Yh1-DoG9?3!PKZqSc0(86L2M|1WyA`A
zT2KTzwsC_8_i(y;+{GC#8fh~-8Am8qwrLDKG4H`7)II@yroadTe6tZ9$OkF??_yMD
zw(j4fDrH@Wq5-y}6IK2`;C}(9T036Zk2#Pk0gCE;M4_wpX<SsPYXQl;ZsNpmk8+W5
zwTH>mErCkS#UFd5e9aBIJHS)I)k2>ngt)5zw@q1fm2X_O?3!t9-jrPb`EJy)|0c{e
z7E$)B;7$Y$kq9olDwNW9veZ)|{2hs6Ze9c;bAQ4Frm<O;cru~^HH#A=n+4mvlopIh
z3CF2r4KBv1!%y>0o|3aL%_t1^iNHU1#nNR$Z<~>YYQLhdAvU`LFLUK0O9Zhu_!%W+
z%$ZCenwKk-m`?Z>@ZH{<H6KBt`OQ?eSPLXHC6*Wj^_;)Yfr;^U{l%$QTzn$enWMnT
z`mJznoHo@}t9?RP=vO#r*T94R^OP0x<nm#u6KwUi#VX~jOG=^0vg^eu<POV1mg)qt
z1H@~K%HM8XZw*I7PQNa3d(}wa#2DYvSb2zfR0(TZ^k{f|Bl=g}AF2VY`%6X|ceNed
z#e=W0Mu-EIJ1_;tVL9>Ku04K69?Pr|1(>)s)D<_<V*$)GaNA1Gu`i4wYyBMENR|i-
zX7uixbWt<}A$ahskFPDgRm5{8r$!D0%=?w(40r5$v__1l`i=O-gL}$MR~82adPlSV
zoKiuNvz5%wxkSqD$pRr^zCm#p0jaeH6U~bShw35d;Hfqxg`2-V%Sh(Aw9z7<;~7eg
zOz3-5l-8q@y{-&z0x|C$$-DsgG(5>l+W$emq_>RPF_Wm?WhsMfHp*+-QC4~q&OJXk
z`Y;$aj>jC1l=zx%S-2|wK|*ap=>O=nYGfN_6fP$)4lhvX>LU?#Eb1z5Ycu`L-1v%K
zMo9V@fs>bXyk18!w;mE%2R>dKmPgMdrX4L+Ooax?$Jalk9-a&OdO~&wE^MXZ_yr3i
z2l<88vl{+(pD3_+xx!4xzI%YSB5QBpr&&Cmx#Z|Q;l%ccvUz;3eo5`c{a)=PU7`Zt
zhdgU$c176>AWOlhB6_%aMu4(}sTgm3J^;AXK^Wx4GN17-G~Ygy*r*xcA6cj(j*M7l
zeoje)G?9s^I^o=84%!UHfIpgNG|CeX`)J7Mn+8N06Y*Y2n(RBcAblPEt7W$G{u1T8
zv;XW%W!_(djA2f3e%kIH4Md?G^9O7^DbF3Ao)(4FbUbr3#5c_svuHi_5h*0yg?fpX
zlpoKJ%+Y7fv0@!$gE-Yc^u&^XfTA*)#1{iGt%^qnj6Z{<hp|)*s!9hz{tTdpOEx;b
z`j+H1rTqpHJDJ!TSI9^6Ypwhh2XA<*hGB<GLVS<2)=cl0b*({<B^SCpd6b7Bt#J4(
zOLqFZH6r5<l{Hi9m<$*2B%j8#$vR;A-2;vgd4(eao+;=G;gYK#B4WAgRxtNQY*T&w
zl}JMFFeLsV0G$g7%ZM^>Vd=0btZ*KWvHUY7;EP3JM9_k^&~iGJ#I+fobMtvHAewu>
zSHzfa3r+>xQHAg;tR2R`U8W!QYeL3U)%NCg(vi@Am9rX1Woz`VFvA^04QdANLvOD3
z0PW<`>!qIz2@3?G@!R7Hz?<Ywvl|i~>Y&)1AD=W<w^<kG|7W{CHoj+%Od-<M8Qe8|
z1qsL3`jV$qQz%j>@xU&N*3d?aIMG@!sPiiEoqtoQ&v~+~pGur4*N?rt(qiShue6rK
z3c+i<me_U2iszhL4pjTva|XTyf0!($Ft7Halk($Hwxpx@sO$oAWcUr2|0uI~f5j2o
z$s1qdRcap>k(zj2FHOdE@{!8sy4S-yuGt2e1PMu$6Byv-xeIhh7<S`6e*C+6*g2|i
z*c}v}LW-2zo=|ekF9H$HJFgMBaJM7f*Dl^lQU_rRj3#zZeK{8FkMlo`t;gJXrDxhg
zG*|Ez^cG%#A7fQfftbcklW=KuXd?w%K!gO2z6-H=R39v6T1E<1yO@}ke$J|DY+9j3
z0efT(f`PskvD}5wEs(X)D<&?^$>{I(2Jra9{EKre)bYp|F!q@}Q4-llV=GNWRtol}
zp#<09y2hz{04X=Nfz;~{>-`wZ5X1~T)zlNImsKaey3Jjce4c8i5qdml_WJwK4-^$2
zb%}h*RRnC}VpPnfM5Gnl6SEqKdN-Mp3h7wipm5f%Z?xt1R@^9$_cA0Ys_cC(4NBS#
zRf;N%t?9bt6klVe@9?X%l%iTii^i_R-Y!t>OK2%8n|;5;KaSvNjq@A8M7VvoeuF*c
z@#&l&jUm!ExT42Io$&Ye?`Bh=rUNLMICMaJY@TblQNYv-4$lfy`pI^;?Xi5E5ngaZ
zXZzS~6YC|GnPh%t;aqkNv1a~&<&y@S!d;u9_0LTs%!EP8;%50<y_Plk>6Oj-Z<h0H
z>j~8hC&GA-jJiC7vveg^qs_P*GP@+3Dps4s-gi?wLR9?wC60_>=I(lnmW$abEkt68
z?R#Pi54x@=(jwNT{L=n|V)K?`?2Z;MOI?ZJeQBD%g?5GOj|6Edjs~yW>d<)SjE&$7
z5ujFBHD(x5SeOMjckR>)8Hm^YM>w%!?V0_lp9Ziwa$|gMgm!NUjMdQARa3yPHbW5z
z*qY2svH$q?Zd&RXFv52)<Ui_k;7mS1_^G%AI{jNcLJ(}oPENmt0eQhQfy^#hN8=J5
ziWMJXrWH|Ik<OsE^so<VBAL@@<AO>tswI7?#w%#s7WX<9Eos6ncmi@!G6(pMEoZJ#
z`T%hReje&l?9{&_+E5!+nnMpDmW0w%(Noh%{pFyR=T4BPm_n65l#<}(zc`dUna9C(
zl?2RW7Y(zQX#fxkDID*5TDQ6$eaD;!-+s9C9yImaAaP#8K3Wa|gA*^M8Yk*568?(t
zttK+=h!Mo7l?hN{gc972H`L5@F(%mxPe<0(0bOl3<BXU{dzjH7PTKJ7fIo;ci9nXu
z-R6@^oU|Rww|=R~DHLRQdkL!ZUUa)pGV99QS&RcsyIW>chRgl|rY~ns9T=+Ke-EW4
z7t?27+wtQOh~ev>v{CaC;Mzv|Ylp3&UpwI+8`)v*Xa0bQz^U8)xb>@SA-2Wn<fk)}
zYaIVXsMkuc1NWrAImO2#`O6QZ2>dJ{>qlI_24Fd9(T8-30ybPPv%FQLb6)y*x&*%0
z&FXy{z+6K|5`&x_p>^2kMXp+3Io5F!x}J%Km(RgR>{q-r9%MI703+xPSh|EZUlXJ1
zj<-~tlaAG<!KS4Y8j@dfAD5%{=O)fj&68HsJfT$-t9i-MaL&p@@`jFG@2XilL>9=~
z^l39Ev;ZrElP(5jgFx&GmU^@*cgolPVrO$@zE>eoJWiQ|%{DXOSF$5G^~%flxb0}-
zr%ubyme?Y#+iX9z3I@!y;jM9PDOm+R65qj3M=4vQcJ3{KT7-S(v@hA&xu>_KSL_ns
zSs=fiU>0qrN6kH}a1mBN{+W2Eg6-oGL4pWe0aluOu<rrkJkg`+G$hK*<&#D5mQ+-_
za_ys@pGpDsz+~b}7MNq{Cxo<5IwAbuOr8&d)9nJ5M0IaOy=pjwW6eSE#*l(?)ms#*
z<S9LT7b*rBsc%X_!acU_9b)QCw3`_P7c?l3znVs(tK$hZ-6f!7ao5Cka#g)P`%39w
z#5CE{^d_qKu}Rg73E)QAh@gWiK(>z}f;ItgMJXzBxAGqkUW6tr%_8evk80ze1{`sQ
z4vnpk&$as0a+<e!Ji$%7xSh;DRJCDy0H9DOP8&r0;8i9Ogh`UfHTbb(9{xy{l{Yci
zPU?GaZ{6_%&cFSxiw<m+PhhjT-qziS^z%St=rm<fP6ylZD~m@ZvZ*krvL1@F&@F-r
z?YtzGbXRjhjMSZY*wQYzBFNy@<iicXn=w*QxpZKfqAz{GVOEQ%xEML>rQrx`pX4Iq
zZbVJ)$x||kF19x3lnY*rYIKcNayc-UwXs0H5APb~a#*nFF0|e%Z^vCId#>vtxD~%u
z_R?Ol96<tXA}$R86yuv9^X`^@LaF=A*gxKn-UiVX%~!M?%)qU+q}Kb6qBd~{dn$0&
zZ*m!4C_qGVd19NJE$*Iz;NT)C2<H-D;&g$+BEH~D^fx~67wv_BwC1#ao*Wrrg0YyC
z1X|s9B@7_)Og=dj;6!Mt<H~Ik9#&6fu7jAf5+y1Z``_eXsBq_gwj8I;?ghilHK=ky
z8|XLC?Gs`5gF^|06JvH<glw}_z*1Os2TbJ_@5$8=sW+DX%_rDJD-VZc*l#>l9Ykp;
zMnaZXJUpsC_{r>X4Ox-sKAjDVFTlt?<F1!5avZWg&{jNp`lAt*m0npzWCCIG5veOp
zAMn}>&c<NY1BUV1D+l7LH+GwRF6kbMhAJ5ulu)K<9360`W)JXpqkkkjicbf0lPcp0
ziyh(m)5lBUB}e0ya74qVOPtPE?%gtIi;!G9-Ir#rBE<d{fD9_%m;f&xUDo%l*tqpK
znRdXnWY~Bs%JW~5wS{4t$<SzB5M`={cz_v{E8WWY{Kn#t#$!a1$CmKRqk@F$jYs}Y
zIe7^I#)`Lyqv5{p#JsM7`hC8C#+9>JVVvSEolt4uBOff;v-l51A{iq!MW3bXbos#8
zZ}Gp{IK@?==3#PBw1H^@EGNjqNRMWUqiv-JU0p^{h=`Vz<eq?JO_ut$8qQzXF{p$!
zmMJ9yLh8|{w7#qVH-G>Z*>ZnCf(SY_cKa2?4&vN33vLhBXlC0MaVM?N06}>euj{1p
z;79I%T+7_@iL{~n+F<8(C`Iz`q`Q-*W_qh#tbFvNExScxmdTx{YxTJ<9BIXHWhpu>
z=&_ERnJpwE-zY%2A}*q1%t>6M*j)??%JvxuZk2GT7wGxA{s!@$w*d4i4M;tx^29>&
zW_gE}Ma%&K5P~c4^ZNfy_CO$nxJmPGxd&<vTYI2=L8zPxNpa@n^Ca1#nOqSnr#I`I
zZKw7)%Bpd|p#FcKp+s!j;8n--1coPdG#F5KaJBXu$oCriSx!Q5LC$;3{tBRNK@|+_
zf{4p~!l}?p=A0->dZZF2qB%gFxIIU2;%(M)U3$cqoKH?cB9v%Y&L445Mr*rwZAcR2
z1&o)~_K>~>5v954=zrzI@~gV^Xeo|Y5Pcv2dkScSZhYjuT|rVvP8<diGXm@vm5s#r
zC*k6c#Y9DF)5neB4w}tgv-lcNlMvy~KIwkzg|CH99TF2DX1p%eQEsZgkBZjMF+Rrx
zHshh9>~PL*#fPvS4K3UF6tB8trNEv*68!dcr%4tEgk#@pRe(VP@2sEM=A|IEB@v_o
zLh1bw;mH3qhJH7DkeyB{Tl%~;&iWHBFHtJR;MYJM!0lTHCoqXqnWvnOqnAtFf%jW=
zMgpf-?43lq^^AR2vCGa3u7l{DvDIz^5Zsz+@{6G%Y;Ho@eE4XFDopYsmi&Z>g;yPD
z+q{&r&ATN~qOaOF!h4fkRP1{i*LN;+R7V!kGaE@t@N_EPn@U`3)gKZ0&Wl0F)TyvE
zhHTTy2S%!nF%br*n-AfN^Xy!<TMpN;t<fX=SMJLs`>>uT6NlHgkt_MChM>IUdyu8|
z3S?0G!C|-=sHr`cnu3uoAT!dvrDiR2amv*X0f}qx)K)KU`HV$u7PA@(t21L;On92k
z-feSMJV?csWACEK&8*EE7d~JKR0M*e*<2V(=X4;nVuRf6@kXDkhNZm@VBg8|g_tU&
z#*CIR1;Xs4>2v#^w^{j(&IEg;T7hwC-I?wFrCz6K$F0+d2-=0+4Fdhln`^f~Z(0Sm
zvop;b2$~JY(uBv&sQB(@*+uY7+Pug+_nNG4jU;|?Y))MDOH|_Ie8pFNw*Z7D1h8U0
z`P9J}@9Ssi5#onqZif3q+pD0q@nac`3xBf!_Y!xUbfLqY7k1`Y?6Ydq(+5?*&o@z5
z#4uGt@c$*UmTFve4#UO<q6W|u%}raG{v3@3WH?C)j3Mpofl&RsCUX;0@Hq-9-d7H@
z{siR9KHS{583;ZniFg8SlGeZlJR^Dn;$~qtnP3<3uS3)MHH^Kbc8$>UO>2IAotu(;
z7{t>!b@=26G%SN6ltnfA22~%$svFU{Q>blthUC&op%3e&`f02IH9%al8ot=9o^q1~
z9YZIIK6W>a1=zt3_TDGktxAt)R6*o+hTaoB6d;=wo)0Jb!W7k9(sRPqDJ*=ZV)<OV
zF-z~AZvyzwLIC+t69!6Fs9uvgPAJst%)SqCQ`JfPMSQ>eWXS3?rz@;+*gJ`yQWaAv
zTn($jEYQ!ZqM%3Co>BRUd+$94aG$w&6HiBT-DBg72DJJ8FVzd(s8|p=tg4z;_4ur4
z(<`a8KQCVLX&nNqprZGQ0E1vEHOP0e99=szU=EiXJ2=cpg^s#|u0__SO|jZ~E@5$S
zvC7=r!eKSxiT0ag^C&2u?)rk+(PGWJyD7@KOCZeS4MlT`^>g_i0^pvMZxGJ*bjAoj
zltR$rFt((Xq4)@KN5!rzR}gn~z)e%4i`d8l{<o{0JYv$EW_uf#00tJF-LuMu&b`Oz
z2m_y=ct9?tj5}2ci2tWox6-DuADyOl8yGQCV*>Ex<`W{K^j9I-{+B3mZ!TUKfUB*C
zg?A??o87OJ+Cc!hZD$+RL+P>qCwy^XQ3jiG(Mw1(gROVa`}mC;gv8mnNiSJxJp0E)
zDuQx2zyYSBKG_i7|H2cVh#Ce7PYPp={`gY5q0^#R*ouHmT?-Vwa9k=@(M~AcL26{#
zr}Hbm1yNm}XCDZqR-eVWCbfuZs3<Od)=HM%S!HI?xj&M%G)*mJ8yR+(`^^b6Va02>
zHysA!m}H7Qjr*T0TlP=h6xnF;8n^PZmdlrm|MU)n<Zm}IM!KC07SLtTYL|$t*uHf!
z>kkDJZmdq)yc}Oi8&I)08eITOQV<U<_C{Tlval2>SbsSeN19G-AiwwHX-(s;_V@`K
zkeiZnB#h}Hv~JHij*31SMq-=VavtrEKU;E`zW?MH@J}}zjk|%zX-8uc5;Wi&m@MbZ
zUoboqY^T9WJ)ba%7>Ja>G3+ZsE4-WwT&{QFtvl#X(@_TNo^rXtL;c=~=jof)J_lU@
z(b_m?XA)W^C4E)o5mL6+vali)fZ(8A4-Z9mc(`dHN4{)UgIm)y`XaKyczCCQ4Br%v
z>YeZ#xvB5!Q_X{si2!bNy=a8);RbFX7RmY8qWr1qVtozU5%qU11Ok!y?^`K-P;xa4
z%}ji=a0)qugAjaV<!q1QTe*{MrQ?2xhkFChwiU?hOLf!WE#C@Ds#X_@MCxLv#&lHf
zoJU&SQR$^6<7ac5C&k(RhXI<uFPjJ@4%Mm<5gbX7VSU(BY{CW6xso|YECnUC^lT`f
zEpwX`#ZAUgt<_s?@jqTTIExnzOCK`Gz;gg8aerr0Vb9}+0QmN}QGl2~zF;bVl4(zO
zuzxQ5xMsP2w^YdJ^@rFR$~g+Q&d%S^t!>H^(UaOvu<k8v#nL1qvpfRZk6rPfuf!S8
z{hPY=rrma3SXnU6uOq59<Se)l$DNOp7xOC@o7HmaRv6mwMe-N!`Py9*A}WW`QGB7<
zBuDlaH_7evhDGTHs~Q%|HPio%{X^4dNW>u#%}cjSU+7B!ok(nM&lA#djyv0&g*TU^
zkQn3e&9)t}$J2yQA++9l{}%;nD&E{NWrJ>GkBc2Z;yF!Ho``dd;WxoE)(v-zM+I7T
z3ca6ozO(g;t<{#x^Y3NH!uWyIsLP_6ce?ZRwu8@_OtAiw4X^4`+B!OP60fGYFOB$K
z2<i@U&FjJ3<$WF~%!uA43>+#&V!;zvf>xP61j-8h`FPL<-N2?3vw?ybCJH_Z<`<*L
z5u{K4>x%DWE>CEC-GI68LAdj>RQWaWdfo<-A#Z)itQAwzMOyAa!1}*Yn_vA1*MMgk
zCT_ECqZxT!%1~zHy3ZN-r-+#vo0GDD5ok)1>W6e#Ad@DO(`R**q!p)P^E$FG8-BGN
zMEj)}K0OXad9hKGzP=TolF<2TfEj85l0E{i7g@tRW&)LM{?f&>OKvS@WXtOMgbZ+e
zO&X+CXq<Nn7-GPQ?K5x6YgOg+zbBIktIR0l#<`!l5VqFWCP60yPl|NS`Yf_9EGp%i
z!G`gkXjwv!=)~gi(L?gMn3?RD{B{ml?tp*sE@qXs7MR9!hQ3bMTwK-!Rgew5fKur=
zX#^~x4d36-j=AMuN)7ou^r8c4Y5FEd)oO&#_zwA1<H(W{KS{tgMN#73!t>%#J@V-F
zSc|5t{QR9t(gG&)2`)J5RM3N;6|qf1H-GaaK)Ja46$%Jq8xYXgKJfL18@(gP$-nV}
z>nd&Dn+X$nZ`WSus$98~Fy`tx$Iyvvj_do}Kfk#8jy_umOx6WK_<r6V&-qYh$C;fw
zs-@<}U&7{9M7}gm*{>TG>mLlW-zQkM%Dr``lBKM1o8sLjJ_5In5KP+{!Xr<_5nJng
zlf%1Y9r6~vV3@)Dh~89Q3Pytp9|KVOLR<p5*>+`vHY9{WICE$}-;u`4fb--wUwq&A
zeSRmI8VV8%C9E_KvzNN-L3Kv!d5xY9DyQf#YweXw?+WyLAfSxRef~WeZPYnMXBz<R
zz$d>e-MOvYMG&wJbc=hrZ@^WGIM;kZ({HiGMyA%njfV^w@HfX&>>;Moxb;B4oO|+d
zY{dfOiSa^T89q{7gu_F47Qt5hn%Z&#!sj?S#Ee+8Lc|JrXw`vbKd97`d^4}ZhbWPs
z=^r<ujV_aEThnvMmnbSS`wj=*t2;RZWVqHS*7y5zv{q&2vqJ_2Op-Z0MsGwbU%$A?
zCDp<n>Rq_L$4XYhRDxCU<eHB5Y=bJ_PmCy2)q{oTzQ0J<W2TG*ZaH8|eLimgh5=pO
zqPNk9s1vkMM+=hH4e(zMt5R#Y|LZsW)&X1sex8h*SVNpMN#s|*i=7CWEYN-W-8zpH
zqNM|w9(Sua_xGl=On3cl!TxMXamldn{cN)|A1+~|YvDiXrJS<K?%lNWL@<uB(qfX~
zn0RPzho<bZ!kAI%Hf4ghMcITDyiJLQ<o1g@!6rv|Lp)#r;t%v0MHMChYuN1?#(Jx)
zJ!uABHfPsvR+VDT?gi3Sc0~hhxKJ8{@5*qi1{O;~gx8f7Yug^Q)qXRoX-_X8ooR~}
zsp}~X_lEp_fa`zRQ0i`#_cc=i%}?w$;PYXv4#Ft)fHG@RD6KG4G8wJnnjdH9un1(6
zQD22tX2^7s-@@4j+9zV13tDqYMo49S#R3dVc^y@&AC`l@g8QOR3p+8wh;g?@)$VoE
z7ng<jLqSKB3RHBD#^o3VE{nYjDDXwf#|C50>2l7REpB&~UKJ|8&hfRwBCWh69uj&9
zlxnA_da<AYKBZU)s)ywSzJpjjJF~H~yZ|{s#=mdkdtyu0K;kt<`5kKMc`~h_;AQT0
z_3(19A|$&MPgs6mBJ4mR6NIla;5x2Uvw072m>bslmmc3K3*~U|0=?V<r5W=@wzzN0
z`<9G{BZSUvQm7vMwT+N4GPO%%10Bq6(uz2kvN2%}Cu>+2ky1(k&skYarTj2DxGVXG
zOVz@=4Si{^$dJv+<He8F4an?Y?nNk)!)}q^l1;QmjWO5*K0EfpNmzL1wEt0lh#AvZ
zR72OvP4hoBgi%u^(`A6j@qrF)wOim?byLsTr%SoZ$VTyKcqB~cQjC3YD8u`XYCz#C
zdX2Ke&Fe32=iYD>jm|_B(%TghF$c{rzs;fLWK1y3x=pgdUjlhECe7>vg6I~vWYz?o
z4d(53u_=+NOVdD-${GE{4a%9}^BJ9c984p(dDkf`609`ly)Xo@z*4{}NU^bW@_p^W
zZ9@CM{zHAe{Go)v{XD1(qNfl${%c6b$t~*&*6*tO9N51wBYv&|ejs{B`ZJVUy}RmC
zMY!PoB2_CxjsL#GD?$73y3mE{$(95g;|GK#@N!fO_kat`cRQusw{xXH>@JMmO(BjA
zv2g8sc@^fW1(>gx52ZX*>_M6enj+?&Mb?_nls={eL#49AE1m)`(|pp98M78|>xD^x
z@#zxfN!&Uj0d{z#W0M=SRF9tuG%c+M%a&Pa-sDikDvpRjc)Zo<{92gr$E9oCq6+EH
zAyC80iPH@aCLPOTC)+f%9zS$qPdOx3bBTdrM-<bg+fc**f5y+_aelp7Y=)%kUIu~I
zpJ)PX=hA;QB&mRC?pl7zU$IPa(9JX!=5plIB)S4D2dF--Tzau-0$D!ag)K09$P@DZ
z+JWxts9>b6sOg~)R@_hPL>sUvwF{YKL<ctU(SScL<Bb=IUi3JkZBZgd2cm$X*cKf+
zRG-ors^`zD;^v%V1z&{fy=x6CwTU?_4s+4{`WbBT?|Lwmq)9W@;k3#Dl_-f<nxmTz
z5ay@n0SfujnWA1FxM<b)%V9lX%dU06_Ttm|jgKh;EW<{V;4hPZ8dC;%MAD7s{JY$O
zfEB?&Ny!MuTAX&pCGeTp7Dwn}++j9b#xZabV=t8q$|zkAH_bgPdS*V#Hv~w)v!HdK
z;K>43MJSP2N>bzwRk$lRzMM3#J<t;F4&zUZ&r{fce#jU0F0elEGMrkXp`aH;W1ko!
zdUAw0EY(+cMTAV|61FYKWh)zY?H&_el(08M*u=OB^rX4S8E?ibCyLHqTEtEt_}6RJ
zjABaeD%k{BxU)oTqUcH0Ta&^~)Q`KUB3mz^mM4eF8^CCaH^3R*(670y)00HQ#Dw#u
zxyzU7pOWlx|0iOrbfnwQ9$0KCKOGx?&ib;U?dRh%irH*Rgloa<O-Oc`vgkZZ$l*x!
zo!)g7wB_z+aTL{~F28SH0H{FAKbD5}_HrJH%oBHEn=swSojpcMX^`)Py_p}zL%FyL
ziCrvSJh%m)8xoYPICp$-iGpqa1$qrk|HG0IQmC?2UlnM$03Miu2aD{0hST<S6NcHl
z>xF#v3|;c2GPgtPCTC<&+4qb3-IY8~3wPXZ&qFRR-Y)+_)JOY~D}t}n{_R80Ng#O3
zJw`@OCt#SYWx9`<qZcP=46Zn?yv|^mWhWCatbuG_o}<T}N3o*}xD9b!5nDp`UC}km
zht`Rzl<4z3;~c<{R2sjGwF_YeQy59|Mundo3_Jt7wQ6n34tQCGT&7)ws~(={vlSrF
zlt#se`u$^#79yS@Qd=6V2z7zgy7OtO#z(b|ljgz>2OA)hz>S|(xr%eXp(52^WFqBp
zoklH{5$8UI@wj|ew75*PU`OMSt5B~d>6BF^1eYq8%4b={J-j^#{8_!q(a6j?TFv4d
zVD)GTW+}~R#}~swhYk_whn}JMRc`8mLm3Kaw?KWLg+=`<|KdV8`y1CRFH5`@+Z--c
zr9m==8WEoVhBOvi){u4W8EF{$C4|8tZHKPsezg;~*rqQdttf>3K9m&4BtH84uUI=V
z3UB@h=c&k|*~gpzFGyU%@4Czu!RI1AhIlsx{zKc=8F9u2a%iuP(3tHbb{cmKjZ%GC
zFDoSW@DCJ53YOV66u5b}o*DQA%MeLaUKC5?7@06|>r5V+Gv4SWv)~cPxhZ*c=QKSp
zVZg$~bk*D!GW<-0P=bIhHYp~%*<TV1I4rZyS82nwppk6RbH~0bKCR=IV@^6$2)l7G
zvd1*mxyRoij)Co#=q$+i&OTrjA^}dBX^f2~jik2=qo4tSgyk{$U_3A9ir?RLe+s;6
zHn_4Y&RG>9?nYd5VD($56UV|&5xFk!^75fW6COaa0nq>9mKSQJm(%!_B;AQ7N(?}2
zNaFvhSnn%pF&F4|jsdvW80lI&{c-2;04VGzockDn6eyXodL0)3XY=Luk83vLwSHe0
zY9$$K8S|m<fCrr|I4&YMUDKZjq|s{kQ}_;sjfZ%2unk?c8(U`&$fG4{59qEKobOs<
zl0+h_@#s43hU~#Mfbq@Fjt9IdQm(TtMs>L?>=F(BS^=fxp?ymNX@%vxeaato#poxD
z{N#CakK6-G+1;^iYR$o1_@zZ7yAgZ*?$WQIMeUK%w_%P~Z&C5>d}MnBl(#rOtfM}r
z?g2j&urSU~=H!}EZzANIDcU&?O|t>igSh2gUTO%i0V-g8QFiA@>aBd!&u1Yy`X`8n
zULak8X1=2?2hI94g8NAlM3s!5e?Nyad(c&!`z&6Ko(mI^ZHH_A-B#l)(la!aNT9#m
z2?;%%Zgg#_?i#yC^Dra1@mCdLNe!MZJ#H3DoGy4g10*f0>EO>KOw3hOz-+*NHl%N;
ztTy}4v0JZQe42q@^}JZNv8Q!V{o&d5p=p=qgh-rIRT!S>=lxII0FK;Lcwb3H+izc^
zzxD*zSdr}=ms&DHBaO!1)5fkV{WU#8P;W+MkV{HO(fr|Ls9>LnHbeRysfoi<aJRbv
z@%>jQWWTar?6S6=r>~g+efI=LcL34qw+td%>9Cr~!N7Cg&OjJt{u{0+CsRG2_`iFv
zx*sob)?mw-4?70a>eq^HDN(vKnGxY0d0wPjB~0_Q4;%)&tQJn;9c>hgdddWKYY@y&
zO07Yd7GG}Oo9{e@#CDW$E$NL$0BaRfJ-+w9G#XHS&#7nGW;dzPZ&yIxtPX-B?9eMI
z#(iYMC=J*!E7knV6>@e7#Lcz_5-lHEwuK3u|6#qwAE;c7l@i3xr$e^q=c*|>RtTOC
zOWO?AERq+F6-bZl@cK6+Y?^fXt#W<hpf5dh3n+c4uzTIVtMR|Ch_j!<q7ZIJ5l0ww
z!wF+QVkZf(e5RGUmVaSSjy%n8=N$YwtcJLc^Vj2Ww5!6XJj|ecm^z|!rrg%;8d0h9
zqVq#R3uZ_B<W7JR;v0RQY3g6pk_wFBvEX^~y~dWNwshATP~C6-=tuR_wn)^xZF1Tu
zJ%tT)7*2RfNK4nES3#eRdrRw}{m{>;%s5N<94^X{iyEGe#7q3KVs(xYQ3)2X$E?lz
zLjqM|dV1Pl_IgUn-^hH~#|?s)E=G|?7O2}_5v!AZ%x@94;<fjLVf~gTHL5+_uC#cL
zI|OQ;`aE!TsUo_<%kp0F=iGA0jj0guQGf^-h}}i+`B&|-h>mgwo8b53vQ6H<MWdwQ
zf#?w*$4!IGjICnfvH{StILffk^Ow2ci*5e*8<;mH)pwuu^Ny1-thDTo`F;iH{_*Hq
zONKk3x`8we_4fQ}Iac3%K{1)cN<6dCPfqBALgtzG=o%3p;qyCo*BD0*VW5%3GM!YR
zaM2J@s6acA67);6x%}%zNAtv$5_%|z5XT&!9Ra9fGvmkXCQJFIx#t1PwpsGFau%s-
zZA2KNt%%Pi0NYvecbrDCX{<ExOeE#PRRR=SYtF(}d+5`%+&JG@nz&K!#V$sTz?eBH
ziVvvu!~xmdS!;1}U~pnjU0`|RD{%x<`82=;-uR1=qe#QA|12#a9Cb~be7Nm^;&$cb
zH!Nd9m{W$SjGHzwesgyE0$W+>l?g>OqLuG`2n&y}8sw4FQK?I8Cktw@i`%48+JsqT
zb#2}%w&q!qJ9`yQfite6b!s(*0V!-tLpQa7bi>xWps#Z6!=mvO({l^~>`i=q+*=v4
zj(v8#9O@!Z6&&qIiSeE~cwBKwt%T4DNh?lxXa75xB+DBBckzT~6Y}KQMf+*;zg6%#
zFa#(v;COA|KtT1Q7H?bh*Mq|nkciV4^{(<kn**heW@Rn(<Bpho8Hw5eTMY+*(^nH?
z>XGJq{ytc@rItaO=xwv57;xd-Ap+4U<}^D=WXC0xd1~k;kQiSs%6K#;ovo%x<+Wr}
zj#b1LLUeHbd>s|mAB~dd^~E;+&}GQ1G3#MPb(5f73Ez-N1tP1*+v{7;l@1fTx3<*C
z%*hS`-?I~{csY7UNaZ?epn_%6$2nz@(1Xg|K#So-C@1fNeg)c5RR}6Fw@*5EZl}yG
zceab3&~zR4V`<_lbM&LLo%Kmtj1Eh}Dhy@X0?Di0T~LvrEP(<Qn-KjZn#mCPv1^Y=
z)Kl|%(or2AI0dx3Wx%!6Pu3dzBS_x>{-OOOO{1R);6^GyaUE!mgc+m8Bo;I5+oOvR
z;gm^swJ-j-v1&|Ys6RBg?4pza9?^xa6zPqTL>wmg6jz6B2tXqqTL%2H^;=!f=%b(E
zt;KegowW}IQ$VpIE#?G|i)4i^`0eb`Hc0RY-fp&@-V4ZK=MYynbU+nFW-NYGgA02N
zJb*JDtY8U7QxDiQ=t5Gwh})N}L_dt-1VvY6vx(uQky;2xLRp5Zg?MC?&M~X0V&!dL
zJ$^lPH<Zc19_Lm03`5XI9}3~t8MQZMMJ$W@jpRAD2h;ebi&oZWBLjR)!suO^C?%|s
z!%9bAz}x5IN;*X78u6j7Gxk2DTo!eia@%fJ$(NswQJ0KrqJ?jmUtkhkeuK34A^+<Q
z!rzU+!#Ezu36=Td;a*i~E8*u#S^)2XUyUlIESxMvR#d9uz}JWi4ZYimRe4KVVFT)L
z>_L)Ji70lhz%=Jd%?Z_6aN0Zvw2m0t@Jx-_pGU`qT(cJY2L}cWard#e%H%8kt?O1)
zpscwfJlR15eb1xS<Q+8#hmD1@Tw_Sq4)=zeL@&;g-Eko9p_MAR5$0bu<c>#yegOz!
z{jWHbXF`;_^I(jshIR2zt{{zur7c+o7pYEsNAhD_7(d69Y5Hd%Iq1~{PV+qX@cWy}
zOSty>;$@;IeGKw3S_9e8Nk(Z>T?h~%9%St$Ys*q-QD1cysYm;X6jOG@(#>kkJw9T)
z3+*EsQKhJBbnpd3s*e5<^gAvA+pM`ZQVWL_TZ1>5<>sZluD<A}b9y@%p3rs|_c86N
zcK~4gqsBoNWNrS4{I~+Ulp=v0V2C7SOAtS<h1iBhcB?xH#}Wfka?d5Px=BY2i10ZT
zO*D8&I=@STp#r$Drq{=w^V2>gQgi@sN9~fIja*XXz)7Gt0PUYrVYvTqNA)zc|M)jz
z*&Sn=3|eRzY3%M4h1PQbGfiR2+0wA^Sr`2;ErObx$u5%h7gO{8Xq;z-dAMJa9IHze
zw=9;rM@AsWyJ3Ox9TrDax5P=IvVr%t%FO~PV2^nI=W9g3*5B#PfG3eHxU%hP!Rozs
zTOC$WjW$>CP%F<3H)^lglz;wu8VHpSAOtz*Ul+^0qM*-d!w1pP>>KIh6vr<<L0!vJ
zP!g0kQkHSuo^{bYl+grkt0uwxs{27&+9$lWy723qmt;v1o*aQOXL6pHC#^)oluae{
z+cng|U5=nnNSqN7|5Y>VKi%rw-ob8kmAqO%o^OwNI?bjwcmVnA#3nX~CCrDK@CmJx
z+$^;3>clF5u_~LYr^!_Ot{j2fsDk7zCZyDqkY?+B3i?tXw|lj4U%vmE!L>MK?Md8S
zfJN_GbgdIAiF%W9U}N1C2>(&Y+e#Y1*)H9?KQxEe3mlNmF}T0tVc7~CyYj`hCCvtQ
z=2(~L_#=%cZnx6TUMg=3VA^PS;r)#lbcr76S&AYM=llFYD7RarRKnZeKwrzQ-stKw
zG(-gkgeNfy39Bhtx>`SSfpTr`i#y27=P}W>7tVeO?M@p`+3rsL-0g;wP&UH@q%LjT
z927O$@rc&il0R8;w177@ynS{osj~GPK8;CdfC{lAS0Rzt<VO*QcCXN(h=)?Kq6N}0
z^qzpgU0WS&^WJ;8$Lw}MjlrDJi9Blyu=p-QDIYIC>xT<`$Vt4gr?g)=bCb=s)>FNB
z2F4B5#fDdmzR+BH#2J8-Xa%;gGJaZfWupb|=%%oCW`P>==U@0p5M$^*N$Zb#Q~>hn
z|2?SGU1G1@jkD$XoFVq%8J`zKAoOwK6J#nYb=fDFg_TTuJBZ0|v<(Yvq7E7%rM*?h
zCxAe5eG58uoYT2cr4F$08&3_pa!<&G%RgIeXB}_Jm{n2Bt|b@zY{Pcr1X#BA?5h+f
z5}dnW>+ZkcM00pWevppjyL~TWog+%?Ja^dL*;f-X(QlUw)Cc#fh;^sb514CIT4*0`
zx{K31XOf>_tf2ZZMAuBs**oYFNyw3>U(Q?2%v<;>GCK7;%X~coDDFNI8&+`rj;I1g
z^0=n|e#l@}=c~yj<`B-27!A!hq}RccvMe-1cWCH&YGC&Q<_tStb0t=GVIy~5cF$QL
zRsLqM9iS)BZ(Q*RZ&Kx89@_@j{6uH2xef#>#aeSqwUNA=!kRDcL@|Fn^{_<Tm1GU(
zMk%*E^1Q8>LN;sa>Ke~#h9Mu2t9AHuC@co?0t~$PyC+WCXz9L>Yv0q&d;AtTR>?X|
z)>$Ao^1+|j>>5^?dM881DyS<u>X7F!d}Hu)9^bZy#F?~0xb3YN5(yi?uWlb#O*pX6
z-Le|zH>={otA7z=mNqd$&IT2NB(H`rq5?J$wY>Ty-2iNG$EUIFcS7Bn^DMKKFOfRe
z6dkmi&AK>=<ki4ARV(8$E{?0H$NwiB%V=P8cmMN-sTiPh-z<8{C*YDSeUnxmzCU;T
zQ!z9sZFrt_C$?h~vd<?%_@eow0c_sox!{z$j#{)6_5%+?|G}_Ccn&CjT4ji%Fvxv}
zPNQI^wz(OtoA8hm8?NStNuuc_b&5Dgi&B^(PDX_-=wA7Wh1&bhk+e7pjfgf*`kog1
zGbwNpl)BxRB19I6SpG7xQ5t|ui-@6-$%O^)Ry~0`G;mGi5q5R{Qll9REkQ6!JZjja
z-rb|q&&xVhyDhu4?4nDo?fKs{`v9NO;dGDyb!nRJ5oFu4{!$FaMZ@~Uk`Xtq=~2-D
zQi$IW88Sg*;zVc!VK!x`v6CNjxN2<|;IxIK^UL}4*bON#QdTEG<rb{%geIsxjvKYL
zeA=;5XP(U9HcYz+Y1IU=!Vs-A$llK6&27R;N6$gJs%u81f21-(+Gs;QGn2gyv%c6$
zTwNUkKgaAEA|c0M3Sbnk&PI2O;*#x{26L7Z;cWliDU%-i+y2gXp2ToE22uWvC&8sD
z4qmn;l5M}K?|za|fjsKtyG+v}0&Dw%u_?fPzUkIGFx((B4Hq8BI-~zo{Z4lLWtDT7
zBA#NKXe>kn?@yo^S+J4U(MBB%U?)OAaF6@RnLF0y(f4EJU({y<p~FL_R8R{&Tdhun
zXtaqCzi#(UW1!tmNi?XMwYs)o5mco_S(wu94cby<vRAGb4gTl^?CV$(%70W_3xro_
zR&apt`LmmRqk<IcWrN7+-*jGTjwx!sb5j~lD5P3blV=Yxz=QIR5=p-kdOc$IOVc{B
zgYz));bh}AKC|efP+&8PcV)Ag{3qfCHBa2_2cqJgG=1xm=Y2%R69cqF(PV*=JW)(y
z2*&D<@GoA(iT3K3;2FgTImFLSKc`KCDgreKmVy(k<E@9<GyP0ItGDp7bJoIjLb(3^
ztq4!#Tg7?Ur4~NBNNLENBI5vd`XS>0+l98V`v?{++F)I{rKm&?H7gqanPRdU2rTl2
zbdB7W%vHO4kjW4g@bPOBGs8v)H5%6js@X!T2t{pxR#4ox;X3eiOj9;oP*YlhgCY=7
z!a|se6~&>h?)`XEedGJHq$~)L;>DshgDazTrKx*B>xZ`?HYcHe>RuUmeInpwkgqv{
zI|viB5M`Iyt%J6w;sgxvyUO}0T9fn*pOW44JGw-1-y;`bgO_RxJmk!^@$opY9^5O|
zU$b^%=x4Gc&-Z3%h3SD{-5in^edWufY-kP)@@~wO?GW2y2rXVzD0USFRV4FEG&Li<
z81k%#)f7Q1HVN|$*IXYjL>?_@@Sxlm8?TyweMGOmjqr>D4WiG0vU9IZU3j9uoe3Ia
z9+Gpzkx6=B<k%obEHgN#4I}V`)Nm?Dne;0D$~0S3WF*E8^x$nw+Bgv>=a$EV+%IuP
z<d-#1QbxHa=4Y~&rVM1V2mlrwdv|FiZR$3YSE~9?IgnW=Z!ppmv-(GY$`3Rkz-pVt
zSp2sowwmYC5-K|$#VMc{_u0x2d<sAV26JpT<+U{6UINH1D%oX3(Xn!!M&}wg2{@np
zn!CjR1yHv3d@Gel7a}r8wFE)w+$w(<d3)=utzq?AqU)P192tlL!;L_w4hve0xDYZn
z<Q$u!Djl}9OU?L|%a4ZzPOkv(ih1zLa!O~l9=&`1T3pW6_<7P7ESzHwiH2=j>`4Jx
zpRVGpOND%R$^pP6r-1pO=aEbiC4P#F85|9j;=%$it%!q>3Tx4OmUgZk>bAn~GF`KO
z$BERa>i2`=;4Uv3-(}tb#qGVZ7Jp2vk0MjIRken&b?Kf7uHTA$QnHrv+%wYHZ1*;+
z3vdGGgAnpbQ*IR{r9uthX47OFDza?L0P^$()z{wd1N_GA2yiR)X5QR6eNJ}+$LI<^
z90om-?-g&IsbW&FZZEm6F1N4jqXH#RPTIm}BMDnDou^vJ1TD^h22~KP6yX55NZ2H_
zHX|@H=dx~`H4t4A101tPsKe$ypXapvoZy1~Phb&%-_{_r4~QQ8`BZ3BD#c-<U4~Hg
zQ+#;~<`%2bMU)yx`WI99EW?p7t=ofFbpJ~ria9`z)luHtkeybXQH5GCSy%u>)}UZ@
z=uaLaZ}Hj*9v$b)^IqO-bM$Ckdq>(`RF}2e?CO(LePe$3!={)<EL*tgX(dRu+DxZv
z4b&AKa68I7fY$&#pD5@$LFbG2;wdgrU@4!tpa=Vs8jRi}<bJ0CgeSi)hU6Q9ouTi|
zf+O%QObN`V^Fu)&QBT081P#fJ5I<PTLZuN<Qud{6S6X74X`VMO++`I9euVoQa{--q
z%3;55`u3g%KY|u9q<JtjxosNWiXf3`huMH}ts7dxFQF}<C#Nk>VrxEe9V0#yU-@Ke
z9K~I&beENyGMTn$mzV3m^O!7RM^*G~l$vqYU_0AUXGZLkDeq5TY<(W|_fReb7a-V4
zI;fZk><tH=$kk|iFv$Y)!1L=2WSK{hVJ&lBmDqicr@|S{$#Z0(W=#gk{O3<7SsPFb
zhW?3eLu>q0G3$!@oyF#EH=10b7h~Z_v`wv&B<_~qycelXCiOy?gaOoa?JSo$m{L^p
zD4|M>i(75T1N;KMaamCvLp%M!CqG=r%7jDa$qk=5x$?5gJR&)T=1kUTxj2z|^B=ZF
zTO_4?jUqzRF!eh|aaSYsiMfYMgWVfr1+JH6I6A5&_lWWah@sT(QNM@!=m>3x0=tm5
zIGnYPO7J!QW9y7$MyfYkw|9QFuU_$!l}tToG+jCuaZ*LClm12+C6fxVc{kbxKzvR$
zqEw!ybjpoT!AMaq&kW(GNh&oKXE{J)J98Gc>f=yhRn{e;jDCb%C#yi%@k#z;S-IUB
z<bGT)+lsX3eIbes*)RdDB7Kk>EP@ldZ66L{NmbNlwG=kc4fwRGs6i~7WmT>s=s|aR
zqT9!iT16eqkiru`oU!%d;om*gq{~BUd<gG%gY@KdFSSAD<)YyV)IVazv@xYGCa|ZO
zG5u^jEGkX4n`yTJeF-U<kXvyazxj=0hq3y|6&=l^-T|V9Wt*?_jD)tx9XuX8$?zyy
zH-SUsO>qDKihW}MXzh;PdKcuCZ?u7-Q?q44m@7_&oZDH+Cx|I6f6DYgrKc3s#i-27
zM4nD_I9{`!ycqHRsV^1Q4A|Bz!m@PRr6i*c!3&TFkAe#+23ST~Yc0zHpdSisEXo+n
zWVW>I=2sXM9k~rx_BOxHnbY3I<ChXC&^OM39>O;XZ^_}fyMQqNhQZ^;UX-;0P>)lB
zd`fpoyuMPuTVsdke!dHlmSjgbiBT_sV&;I?^M%#Pos5~Euq@J?_Q~|#)PL}P>&MES
zss*tEd26Tvp{`F;PvJIx8?I~D^xQ^_5+xbzsG+OiG~m?Gmrtk*yuSQ3JBT|J<kQ&O
zYU;AjRTI5r3jT`KFn(duj=`t&zs~q233)AIbdrO8Qp+AgO-vS2{S;jVnk-YaR~HA4
z<`<`3W#hoJ|K!3)4Y;|2%J~7S@?<j&hX)-;_Sw-8#hmHnxI-yFUMhBESU@itNy-ws
zoHz^?L!m+kCN*8ixcl!v=IJqxAYMOI9^{ZKaT~+lxm7L{dk2W+!#Ji<Ta~fO<tJu+
zfBrbMSkYB#l#F-Hi{x<-t<5d*rLgz+K@Edu|M?RIcMh^ziF%1Bc@*rji{zM|xp)1H
z$BX%$H|Kjtx?=BjMGl2bBp9J$6u5TBM~wN39+)%^aX1EjC_ih6r(4*Jwb{4Hbk)?b
zNSk9Q>lQ1uZ~(?X_BP_Wp<O4%9umDBv0az<`o83p%{OP&c0H)CVRPra%EADVP@O$w
zp=FY&C|mwL7PhWr7sHBK+X3qKe&UOoePrrh5#DexkNiy6>x%E{UsG#9-tB|#Ac8D;
z;4!^oz7+}1kWbyHRFIw3l^rqO;llIHWX~#a-y6~d4j2I)mK2m_Tb;0%N*e;UZ9$3u
zqO4lZ%$}d>Wp*$U{2ZR*418LGEQ@yDtGtxlja;}cI=^4H*dj#&aouAmsudCuD+`vY
zm>rf)ZsQfS9RRIBK2V?4nK*#d8iMF8e71oLKe>wP=eV{Xt|8G<R%T>!nBUcJpPGkc
zkmIl)!ErM*ntC1kSeZVGarhu=O-d+A;9{_=npiSmqak2BBo>9Usg;u}NQo6&v9Znq
z<`wo7lXu`Oi4cBPDgQK)>uxjTFzH0kx>YANh1Os@^7gZ`jPj+clQ6*#H`Nv_>^b7F
zqXli|qy?^O@HK%U?g*vRyzVU{IUB*S?h}H?X%NYpd)(FUDSdm=?dPw*&~n<BUOI<_
zg;N@XM?r#)$mrdelh%v*4IOE4ZRB}Dt3Numww>e8r{Li+^e-p5URO6cA^&*VL3=ZR
z8^G2mi9pjlzUEzsKST57OmtfxZxcg~GJPx<_3IrLzdqI0Y_RbYtAmi#|07<Tc8n*(
zhqBzp_e{>z&FP#E4A~9b`riHhVI?VqxQTLt;J$bnpFv0XyoGWMB=wQF?}|NrTOiME
z<l+g%n!dN#NKuT$_%H?VzL96XBk5k86lJR=(59v!kZvynm^WAnq~(dH{i&uS6|Vtw
zF|V4K4(&I($21q~!8y4-84s4r_LlyIG);UDMN$WA@GQD8h5AR@I=oBOMXFa2g?&k3
zpCDK8Yw~@C>su*tWKfGJDXkuNb@;JU(g<i<e{73{6L(AOM7Nq?E!c57@8oUpkvVvb
z-nEje@+MOHtnq%SYK>Xx!Mz*~d2WuycscAgdO0>|VuJnqU`<Hdo*ghR9hA#yzSO{w
z<}#rRT~cgW5{~lsjrW;XWu3Rct%$i|I9W?<1U32p_N29WDug`+)#z7|=~FNJdq0pi
zn!lZUYw3}k%HxB_4p*f&tsN=S)^1ONu}rc5HuE{O9`QSR$e?Hb0RNX$D3bIn23sVD
z5+K`NfDssGz(@xn7cw#aN*}U!%fZlV*kF=ARTIZzP^r6j>Xp*pZqH)w_X9f{AKW#x
zWpfOho!CZtc*!P$ORnr9@4@OSVD=MrXJ^d+k)#+Vl4_f2j`n`#2-TQX`nCqj{OQwX
zk3=up_M5yn^Hu)!OPNFrIkRXOa&vHpy!H&vv%I0HYP;{^d|8kM3yMDplfEA^WGi*w
zNsJ!VhU#i?o_mq_lJN~8u7!{u8)TVg&iaQ700G`QnWM0ew1scZ)n<lpzA1rBRo=>-
z=Mu;i7o|odkDyUC0E=)F?T@hEP?-<vD@5zD3xFHlqHLA0G;p0q(yM7t2$rht=nyTR
z5>W68xRz!K(z}!ZO^XPVy4XC$F8c@rJGYfRhe>6B2(9fe-Rm(mA>Q?(H<I!#tK#VY
z)B~Y&vdG{AAsWha%Pk^$>jfF$?=6>56<29DzeWX9tvIHoN1FJPA_x9sMN6gSi*=+g
zM$PQv1tQAEW|FMKGEPEdf@`7z&F=N!XX&ZJzWi{~8`*IjGMFs!9Q{H^j1FFr{Sfuo
zrX<!i&Ne)cIK&tBG~tUA;J2WtgxNNZ*J+3QWP=g?;=~ADl7dhK2RAvbAphc#>rg~e
zeJeSrR`w!(5W@YI?qlV*r+5}CGW%cYW@=Nr;^n>F4k>+XpUHX&l9zvYZW51P&||GO
zu{2$jC}}-XD7>)D2YBbrUU5Pu=O2SYJ)FD0t<Nn7lLY_<mN)VuUe(SwYAc;M|GEyQ
z$ys+Z)a5jzA09jnD4mk_hKJVqL>KLe9ZN_>_RxSLa(WQQV^&S6UCd#LLKAupYaxGe
zx&+_U{w9%l3eEAT%L4-rp2VadtS+V<<lVUSlR=BM)T{r8!zChD8?L^xiPRmv1A3AE
zuv$Z7f{)MRMyQO7)%k{6gxs!juGJ`)Ms6SNojm7cBBl69+Ks>tT2h%zN(Q-gH*`Hv
zTAJ6ZKAd~-5ez<e^0+wwiUi3fZmwPlou#$Jw=sx;egp3xk5W1EU|aCe>mFcB4zv@+
z=-SHgO2<g5xR;m0yMJY)(@RurOM!-uKw*5%j1nvbCNEFD89QxdTZBt#LHq|@7<LD*
zg5>^O?h2nGqU<kcfX!Bk9_uT0>tLTtubcQ=)b1k*ufEV|%jqVcM)R7RYE`rMt#7rc
zC&l9&cQSR-adGvcMm(J-X^`P<h?MI6cyhuDf=`TiC)BCv3<|&~ctvv!Bw2}95nwh?
zovG*ED>yNU4fz6_b(z@MEKHcA<4PsZk9n<l@7xQ-O1O3cxyA>ER!#5}gG>!0@wH04
z5`j&cyxNxeDfa;70r!Sdv=p}~LMap9R4+OgF5-Dj#=m45VGcvCb^)*`s3EA;XIwlM
z`|Fi3Fd3kP%a=H#kmac=ed9cAY=f^SbRV7M<|y=Yd@-~6Cz*e1f1X?YsIzr1TLjbw
zEdA`_Yn8q0D4H$r*73+B$Y>4KfA}z*0kcrHRs8$y-nzNyP)O|4RJgQ!m-7mEK;+-x
z>E@d*93pUmZ#B2-n9;dL&N|*fUnB9m#DB5XBUEm7YUK!(`q@Py9b2IO5tn&{4r_eO
zanuas)eGvrOCp(ASyp|Y|8L43ilvP5DvXjw|0>wxQ#KvHBS8%JtzG{cR=+^kAq6#&
ztL4x)eV?wd2xWWmFh%d3pS?(kJ!_JO>jND*YzFYH$%=LNM+Yy&x9z+4TCnV@%}7S)
zh&MZ^sy+v-1kBRn$(~pOMFPqI)-Y}3Fw~uMxPK&joXA)57{JH46%d@u#Ueaf{S8pi
z+O|;KPHtwD=$$w_kbM&*XhN4D90>PVwv%!}TXK=27G-)5-?gz4BYk9=>BhnL;(^gu
zD9Xs&{m2#FdnE}$kFiZYuz4R#$aHh6f8K3dZ%h4R`tRGReA6Gh7wNy1Wc{wPpY_&K
zWVEF3_<^exdGkux&TjhFrc{6G?;aLq4u2T(OE+lBw|!L+67d^8GO=qDwnRH?qhfQ0
z2(Puqr@-6>Rthxl%GI3an6q_&ejpXTi$B;>?P{Pw_8WgXep5f-XBEnVN1YN3m4fQL
zF8@30EYI}{s!!TfeB-V7Fi0QtG(|Mz-KW(Va1u4NwFx0Zt(J-lIk$1|{_5orE~-I4
z<P~fe(3W&R*3&vy7CD6>j9EVW%Eu#3cB?>`87A|48aPgB0<B$1P+M+_rHam|0Q&$k
zSie6XwJ<HE_FAIxyv$ikwmO<2Z2ql7S9ZTFzWRw~u1n&K!9(<fgzCZykI8($^0N@K
zDG2HhDDbBd7!)ds`3NQ4eZ7oTSV&qwu*DU=!P-r-srQQi;&;oKaZLcf`X;u$#RD6z
zpT`ZO*@l_zSR1ZocVV6XdHVv1H7iNvIO{c=vwxp1>l2xwmGFQj=JxQt(XG^27qwk{
z1xZWzFsB88P`uHhXy!(|YHu~;;K$hgDs+AbaX$s+d7Z9zWo4+6YA9L#NY0DH7Z=S(
zEe)e_3WAZ@PCp$hN3tSg9^xNz1y;<9`YRh8Bdu(^cNwColGb!bB|^BO$xI{Yxk`s2
zBkKq3O4O3w(#Ay_KA2n4{rk7y{;^Hmv9J7@Z%uwO5H=)(bkH|!HvztTTRKg}AJ3Ol
z;fE?WP=rFk#$2s?xzyRUSV`g(_}Jty*g#){PL;f9h45Q6T#JufR7!)7E#$I^zv>sk
zZ+Rq|z9-fpTW}I^<Fo9%##tYU%j+X4$TN+enY%XV;z6&m^l|QyuheN=p+tv+h`%C5
zdbF-g!5jbe%r_$7COqg^d%ijFC%n!;Ec-o@+!6uz?a!-QJgg`yPV!3riU1VOwCu&y
zs|^Vae|R{`)ctX_1;Is|FhB^YSI{A;|0K-~J~Er6Z%`;l>A{luI6ZY~J@oT!<o~4t
zjg}P07f)xhWLeu_LhaOUFJK7!-(hQjw<v|3*Ua!xbZFm8)e&~L^ZBd@tBrP$;YDdL
zs|0(UObVf~{mTPJB|ta81jNX<sYfk3JSQsw?M^JyW!|S8cCrC$W}ZznO2BBB`)Iq8
zp+=fuln3fL@+3OUgJ~F!BFb{{K?0C+z>nWu4&{1KR;9+Y_zbP+O~1!}lVVb^^YGET
zVRtpYR9br^S%z?%<WAc%Ad?8)PJs&bDsv6L!};GD-{FdFhO6af4QYA_VmotsrS5Xl
z(;{$UA0euYsC?E;h-=S(Q1L0UDg!Z>x@L+O=%lOBXz?ZV#x~F4YXuDVP+R<8lz1fS
z_hEs-j;P}(nBuUN6D|CRu037m%rB3=ap!Ac{JL#J!+}TqrO5rHNH_W0Z7_)o;7Ljh
zDPasM>XuPFRTBB{5~<<)H6?HIf=Bq_2KnM;ZfUK^jY1C7d%RSj4>qPy36a7?@FIJ+
z+`jYFhwoVKcTV7@!Ow`uO)l?|tO!upzUWrtR{9;?3cT>4^Tx#OPTz4A(pgokFrTsy
zbR(x4O-c0rh^Xq}J1vzpQMyZx^vsi>ZF=|1%KOn%7ppv`IC!q5nGzbcnbAWycVbyv
z<+r>|i+96O!myc+lcP#5!}T04avzs(veZqfuavB@NwX0i@@4R1+%P+d$&y4}q-HKI
zowkisrtb)i&Rw%Gi1Sa|P6uvYw>(l0-yASptik5Aq_uHhL=m4?wF{zIzp0nDzYw9q
z!};UPbFTdecmyc+oC$f+uD$)h*pbr<fIu3C`~!9&Xa^vyxjwCSx|ciB*0H>ya#F-N
zy7a9B%>t;(q(UGO3jc9!&E(mn6*uHw!9q!bQ%r6BQKO8oO&0G=4S`-1r67$z7!#HJ
zd$tfNa9N|kWH#zDBRrOd`uAylOCPaUJ!1Ax_SL>rpsK_8-l0a}d0rD0T9#|p@BTCu
zKNo1rIF|+sdu|Hf`}8|8|1R-X>crJetq>gU=W?Z}jPRrJUc^S<26CwD$ZDVOMq;v^
z=n<>Y%`muLmOUp~N4f5SZN`%aqzf>Kl#tG01mq#3=@7v?k|CgMOu*EC37rQ}C)%jP
zMdR#Wk$Z$X@D{Wz{JgYnvIGM`N6jGX0T)Ql8UB^I76{&VN6^FL1|HLwj-g&%yojBQ
z!Rdh6`IX<d*>l)kYuAf2xMf#oAPz7^wftEr>$Hb}iVmn{D&M2p=YamsgIE!wq_7+M
zeSWcUeK@1ALyriMfh}mQXupy+*(^h-e;vA+VkQhC2NsUrF3S9(P#%h%qxM(R0l&hB
zH#jP#)QM~6$yn(Lje`_(GH|NTx^z-tS0=kf-QkC|DEko$KhJ#ymdj@am#6JyZwe#h
zGck8a&|xaK*vCqO8J4ZnC|y}=AgT9sl5`kzdQNnO6MZNoR!_oQGe$f`WZk&xQ)};<
z4dy{A@!)^)>qWo<@&O*!H!A!Y6K&Jb6d}fH#2Ps0%aK#><%iqk0oR=2pcuj|l>B)6
zSJj+W*%pC=$|msDF_Or-SG)$|S4}RFT#<l@g?;2rT3aseedtv7xAE(NvJsXVU46Nm
zor&|bO|m)A;Gs54PQKpRG|}ehf}qdBNNtXHT<>;0RlNy%Wm)<e^eYyI6WfIhE(y$d
zT%**L`#oc6oc(d0Nwrb&1$D#}r~xL@+B2C|)hjN+HqF{zG>ojCe6PuiOy~3E17N;d
ztkfH?iZSN!i%llsGi`au@8Cfdr{ShI6L)5I9@YcgAr1d9<|ihtRaKW8;Yh95K?ms@
zKaX0qwWNJYn$+H#5T?KgYv@M@QwtPrI+zVuz-<|__vmy;@8my!JUc{BO85gy_vaSa
za0o8sKi`r5lu!m4?azI>C*mjLzAR4GaSCK*Vnc?cd7Q#~bDu$h`|YGf8;<KS*;j>i
zp@KMwN4ByOnUk1~M93w{wYXp!jA|~%XLu)d=l3>dwV{!CaO3pN*4{sxfze>RGGn%m
zcrO0=*0Y6Lk>@VQ?X3&_xvDevC`AO>IFK{D+?}-Y=Bqy@7DAL(Rp=D$46Z1)w4o8m
zTl+f(uy0EDzHx4IA1c<jOdF({XTh}f`H3@PX9e>^Iqt~L4h=Nsw0}+EVw9Z8z%dq*
zo-l?vq4!S{nIQekQD^S1WHYdjSifbc4F4kB2*?})y9t6h=3-3{g|6O{$9Vq3IC>mY
zYfqC4_i&F$EmClJ{mvaC^t`%N<l!-`nya@CMMpz9*rN3uK7_2j@S^E0AvIhD&YMuS
zF8zddVJH`3=%vQ_7*Ij8BCU0c+=mzkcc1a~|JL@1?<@Q~IP)n*vE22o4b<1c<*0Ac
z&vE{kOEZ3X%B24YJq$4u0C9MUP#Vsr#2@NuK(y;y<npSzQ&YfwRJBZL%C`PGu%gb1
zZEMw1hlx5iTN_CoE2ny=LlnZjzmPLMy9|uD#?r9b2TuVaMy4N(0jJ5VZUZ5A=G;(=
zR|gX94iBdqICn%TO^6UlocC-1g!$JH<oJa}ELR<(WYaZHmivzyLkeNEjU7xl_!QrY
z2}DZw!JhHkgdm@#uN-a5;y^qKKQ<~LA*<M#fhT&mG$+;l^T|{3#(eVO(ZM`qD#yC)
z4}0MKH&z~3LOI2l$7Q^70OyXG`8i*;?~c0M35bC7r}kR|EA@6-b}MU=44tM*nz&V;
zByX;5-1sCD=b{c7>P?p)2wdb<0cr4E$Hv}_Vguq?(-M>B{mqay9Os<ct~<z>?vH(D
zs1Nb|EwrmQ{V-zkucwoY#Jm#Mv8Q`ic|28VcHILowXh9)ZjYsLo%gYG8!Z1P77SH+
zgb9^vi~CFSl2dK<J4Zg7+{xe8L|Aic2f3jTshp@(_M1X#MBRG!u~094Gju;v4}Nmt
zHZR7>sg8DMqk!%8BS}R{6aOU@|8PVpXi%%2zm>vn!oMlldES{$CX<3BKE=Bieg~+z
zy1q(T%|WOPxhaAiR)dhx*volpee*X>Wtwtq2JG63ZjKRC%?#XU9DS};+k=Sb=*{uh
z$Rm?)fCl~tgWo@&JO4iQYpS`yCuG}ZH*%X{;acCJWt@!DV}6I8kC|Q9H4v6N=4>oX
z|4j!Q;=-?rIBY63U3QiSfJS>56&bo#j<|4s8vBI+B_15e!)s_8K|T<~g3R4Ib}x1b
zlj0g-1UiBEWgj0kNAsZ7MhVN?Vhq&~9hlTAatfZ}+_c^91UBI9jyaZA&C6V7BRn=z
zi+)Kd5~L%v@#)AyLYJ_5y@*q6oMKvC0`ZLSY@5JG0<RF3<-?<JF|lBK1dA3%3J8=R
zQtru$3s;y!W4Hqigi;qdj<GS_q>@}LJs`LSL3NpFiyAG6cdl07x}@{U$7^qv%5);C
z5(G!q$|G-2R;9FkJ}x)}vdaB_h+#+8ak~0_AeDT=`gt#sqLxk?T7eQ*VnEIeavNEr
z8=Wm>oh<2QTMe!Fh7i`lVqB@kLX=qEfKmwWG8kmn5?9I;4VkkFGbi(@k}DnnsaEIX
zKP&;B36k;MM3P^6E_v<y$uuKT(t@dfux`y8Tym{isZYN+B5i`~Lc{?^E*=q%JzU(e
z1McrFa7fq*T+h3>=TgltZBjGrEUh0i03y3_`SdOs&x&`tk30ceK1Ju3L@zV=^K$`W
z!TP`)R?|W*{|)cOx}{S({F(3M!=h?;{tUvSym;Ubw@JJk?T}I#Q%%2xTP>a_U8bo4
zUd9Hj{fnKuO#-`>Qht9)N^S1V(A*?_NUO)mDY6iS_Wt<O(O&imMn(CQlm29mydv^{
z!W4+Uzvu;w);~Se$^w<CCTK2#{(L(fiQbBB?ZbK)l|c%3S}A@@(#S*MhjH?ETUkyB
z_V#n}ciayN_jX%)Nw%`**-%N-Hq<<9n`kCB65@EGSC$3ST~@X~I*fzU6LD|oCvLwN
zhk+Y)oAf=A?A`#r4WRUESA<`~b$?tg0^2y<d}y^DS!YdCWOG|AMJWRzbuXuaTQ*L!
z%+u?BCEa-S;8<W%5Cl5yeX?9Oais#bP)i_^F$$$deUDpWW;G`=peOVuNer-^7NB%1
zePO@2*XsK-Vli=3!U}rz0cTRVC|V=dnQ5jD|I~O`tpGYz5=ybz(i7>Ax|jQU`lv->
ze!W!R7dONa+*7!$C6XF7e=!(KO96u=U*@kJN)ch;P>yK8r0HJ{)4?jwHHBbij*iRS
zke6j3XZ;#fUgBtG(opUQ(;T41j?SU1z@tC|5+s35R}D0l(KG$=4zj^iQbk}%7|Ma*
zj!J(#n4_SVJb>u~bxzsJexd51i%!AcWw`B{B5ItRHi&^FYiH}k<D_^+#*?r$DN*iT
z|D2y08V^I#hWv&yGdkgH<d<ehN&fEukA0(KPw<JGx?)cHDFDA2I$sb%GQB<n`b)z6
z!qWprh9z~)!vWB7%9qTB>9a<0t!9HqR>HFelD|O?uF9${qJouxzlDvMQ(FKh1!G?_
zNv6@!91tw-hE*0M-eirfXIlfeI&7Z7Vsi=)8kaSN0fv1I1e&+0+v|vM=FefZd)H$-
zu3=Yk6Jv;f|CdF$IQh9nVsb=ms=S>9oU+UIm)#@*alk;<#n{r-0mvMoIFBu~ky!IY
z?kIL;=w&`t+3SOeSh7Tl^3?odyC<Y1Z0yc{tYz5<r%M;RP_EhiEMK%zt^KCZDHFUI
zj76nUoYL3Af3t6XEj-o!J*7BuyHU$l|7Ng#0zaJ4k75y-K(QMwCUq{d=nwK*>);y6
zImz(-rXB+6vLrnFQ0;NA3NpeQ(yLT?828=k?D)GJvC=rN-Q{#eZL2FrG1i`ka>m&I
zJtx)P=7j2|EPSkR%u#*p$dws5yV{;o1sN+rfo%KYG=qi!ZsLjWz93p3Tm2ghPSQaK
zA5~7rp^lBtbD^tFV0Tt(PsbSZlmA)6-Xf^x`H8~6z+d5fh1_u<m>ca^fzpc?*A(*S
za5N`eMK3DsZ6%Ha(dkz}!~{}G8Dp$m9%`*x*5TvXKf!aPlwYh|AXY4PfzI|dE+oTI
z?dWp@;9P_c;=c<zwDg9As$rcq*mKMTcV0GRFq!OAkWqPpJJ^I|TWwe;i|x6PWC>>M
zun(I5xCOGIXjM?p8`00Bn3^Q%x(27n2^FQak2tkn3^Mz^(|z=gXYsr-0Md5|=m9YL
z*LJI5_5?@Jq7>_O(uT@BldMqlW0%wWj9pFB=y+6V9a9U)euUj0X(7g-Cf{t}H4vtk
z_gx{65(K?;@yG!q2l-C8b>PG$V#}8BQq5in6!n<)QzN}<+%_dyMw&Ggf=u|<V|3Yj
z^HUc=4MG<Qn9X}QbU$nD2BWgqkileK)lGRzlRk~&t{BbN$vb{Wzgwb^nGjQfw|6Q(
zjMCgUZ=(A&3%AB8j*5+SF4g6TLUC?l<IM1B^#x)lFKK%6Kg|l)6y80RissP{u%)rh
zj%L^Fnm!P_RQQ~(7DWWoU9w4D0QkaPnx~$O#(k7K=*YtAY1|sS#VhN=j7%uh9RJHg
zbSLqmeU*)JsR(UT`_%fLzQDMG#owm}8^TKlhv3yuV|Vh4!9<(8jbJc}i)#Z@OLQL*
zd;O#LyW#)fBL-dEV%32x(vV|y{rHv<6{K(<$)y5|R@&izbm8958Ad4@{$``9%zm|h
zoR~O~-oPp8S0UW~dK9g0-{i&m|GPyogFa1~f_c-N?o{02cjP@cXi#$9qG=AY?K9jX
z8%Ul0f-tvRdj5Q1;iQUbq`aN@Vh#(VBTHr&S_y1wIcR=Pb!%NA5J@3snxp<%zg-$v
z94Bv(Y7wO{Jz4lN<sgvWfWenQ#5T%?tbGQm<m{wgsOP`-I1_(Ib3_A51<CX1mVZ0w
z#pIBkJ?7|(^UE{2t;hw_AfLjbJm-BUnwXNY@+Fcn+l=w?Hw$u>A3LFbe>x<B%E|T}
ztMrASe`7}O9zM%)Ik@nzeK9pVH6o9+Hw?h8I-zw1|F*M-${}HP17FV^!+ZN+bYv~-
zS~ybaoZMt=fl(I&rlv9vh1UjK<YTEj9>DG~S)!G}8gQ05sxNQQKOPvs@t}W0I9Ge+
zU3dHrhCz#uQ5HgIGn7c)(VlXWi@L*qwG)T4uViAjsn@<3<$@c0qB9|N9CCg5P>`J%
zdg_HUd8vsdE_8Nj@D63OPFJ&T(LDbp7D~NZ;%oUjRk5zR{<5=O=Y7d!x0>B~g(u@o
zjF!SFA^%0mS|w5ORScT3r^O}mo?Xw!vijE_e!&pRQnx5h%N6ILpE9fun5;ku;YK6J
zca|~zje82$d@BFg_|roYooT-tpyf-d%0rN$(5h_PoEr=vxjMVZ0R-icBr)zzkhZc|
z0Y>mgaLamEZWIt&)TynG&G}PYrxKkQ7abjP6y$fcs!HYZK#-pJwrhK`CJKpSEVj2{
zCg^!9Ey`ln!~sk#aDnpX9z;r4qv|#;s!_g&s$e|G*einD<oA75(K6!!W}deF0-N6!
zW<X$x*hb;Q(`8;2rxWWT$m?7`93g;Z(!tipa_)dHNSQw*iM-cZ{Rn4IcC=NEnfFUN
zy^`Y?g3*y2XyOP)b`;u?rU}7pni%IS|Iw|$!x-@LpptAbqnVT=AFfq(dPJ0&&Qx(u
zoW&?%l(C73?DS?3k$Z^fMdn#t6tr0P1As(4Z&585DkB!b+RRohE2|rzwGF(31#)N^
z#iS&JF5_QpP!9Ao0v&Bg1f`X*lGxZhvNJOmzZ4D8O5TC$Idb=DvdVTpIiQ3GPYMal
zdP{2r3^Lyw^%FmD&hif_3xUzsCIiWNau&+zUU^ARb{Wh-;4nVxE#B?`R=bz+i|Yq<
znV#_kVn|55<$drKkEI>$EFk6UhD$vV=wUt8iGC6tL2HAeLd|O9WZX&}UV?*bi^Nh6
zy;_D}7v)e}Vy$Y{_+`vRfk34}`fg}(Qc2=7uhABr8G^c43Vg}{RY0o0@D4zmcRSK`
z@%9Ax?iA4jNY8kmmRUUFJh9$+H<4d5`R9t8yPi$UC!gQ72~`g!W<W!^))%>Vg&s^H
zPLA|K87OI*v~`wR7;0+B%Fy$chXX#xU@i45q-EtYrp%yfI_X(a7{gC{y3T@!U{<Nt
zWqe%ckj<U3uf2u^URXUHpwFBMYSH>C{EqQ|MD&=A`OsM^3^pZr4O2}BtAugC6APU$
zmjU9}J(A8$=YlYcO`|4zqL`G_s&UXcOk0%|5g6wW<=b*Ow;9n(e;6D2CGq5Jy8WWx
z&wb~1ca~r|Vk?ymbI~y#0}ta{nh0J2x#}gT2FWO3TSk%c2`U{C9=pdM1APT^x(p}|
zi;>O%v&P25r@2n_Ni#A)*C(Jk%nQ2?`hQ;LGRpm=uEv4ow0}vSUIS$v0yS%GMurrE
zS<^&Rq-U5+<1-gPY7-!Y^|%t2)GP4^z4N{HLmfd2wVaG7EhtZLTTXDYzN4^SW|`TH
zeSm(Us$$plH3e#>X8DY_3PanBNzZ?@)Q;shKu18{k6cWFHn6vz9W<~F3iVb>3d9$&
z-p_G*MUVM9Kpkp83gNB*meu~ahbrcupOm1^-^%qtu6_3-IdN%=kZKA^)TEJ>jybz4
zCiN6~_JIs1sjA7ye*2MI4|FFq=670?#Uo_UXvDW`ujd&CdX1tteS)|zvslXcp6XXO
z!b$&oSx6}|a@$;~j|AkDtc?~UGbgY6{Kc$!+L|`$0cw7j>uT#H$^C&KqZgTnH4Nw6
z^W6OVI}V!Nho$6Ux4&f8<4sm8y?qk8e=1W_x8V`X8`?qSK^S*6(zcIt=V?m9zp<LF
zGj}=t`PmXlWls0624EFum||7w%eM_C=y4234nJiiD<Z?B4F)d@ov5>8xQ)ZjegAI#
zvV|Ol+D};^#Vy3zsRVtl{|B+=IG4k<P*ub0$;I7{)g^3+7c#IVd*YRHm&dgs;8$)k
z9mx2A`lgt(*oTSFL5E>t+zx!ozUE|~#DbyhMvW+d1x%OVFg0zsJ+Ui%`e6`SoWFks
z)r%ZjoWoH8<sNeGHk1Ad(Uh$Rl7>~8nr=-)trKm#Ki6S&r#J#nA2iw|B}scr7g)qY
zY)KJbqds1PK(CCnmrub#IL+K9`mJ|JU@&FCnycCTfb<Xm1%~I}Ts~H$E#G$WL&O2l
z1|ai~J|$qThfw3XSmpmZF4Y2NL0Q$THP)9S+_Ez?M~qd<e3n!50^<h$NJ&2HC`ffx
z1O-U%1?k-#`Gl|{k36W6j<-CM6#++I9H(U0-Z_boy3Ok`^y4O1@Mc}#Qa7`i)1?bd
zVs@OVWjWaQtV_BtHXE9AX5l>zTTguF1cMz8ya%PFdZ%SEB-OW&qD7`MeZ}oG4GX<I
zLCn}|!Nw3&GG^NWtV~Cv_P-;+N>E2-0#H-iYCz%ESnSArR2iAp_5Mpp5$TVu=(AFP
zU3Bs7A+lCsu3vKUfah5I1`rUOP45=`-1(Ivgb9pzJcR!>I*-a5S2-<5kURr*-L{M4
z;s3(v;tai-NIvlAXWWTXBU&S-zs2M{w1S(}e@y2G(bas`C?$jk7X!Yq>mD4y4N_q#
zX@+FXm4^g9-B80={^^p~cM6>eGqc4iNu~@Le)rnfs2eQWk+8NNN4H)ExB$$0kYcLP
zQ3r+lZGw=|C2k#!-~xQHT&eJViQ+u42@tIuuHj(hjrpncyeQOn$Eh!0B~3I1Jm_Fw
zA~vjf0J76~#uiZTG29R7*Bqg$JfC}`_JSIEf{yL|OB1d0!!YaG1E1dzyEK0b3r&ZK
z=b}g4u`V_l160l07bc)!P|jz!RG&qOG{TPatkx(-gn%nzR!tsqdOf2T#SkDHTy*z-
z&L=OTF((=kR<9If%51lZ8Tklf%>QD^S29~X>N@49w&Hl<qlg{N*~-V=)!)~fy*NL6
zHA!-*KrKSQq_J%r<<Qk`D%<0E`vX{^aspo-I)c@)yA7Uu=?(lDw4{GBc<5Hv)em%U
z$~xfc4>^2ABR+3V_2nmgG43E6@AUT+<iVLiD1572auS4+m6oO;?sAKm)AWgGHj_hj
z6E@t|v1c(oyDJZ;_pZzT$IEAkM_0V5`mwtsa7w4bCVCL6)xq60(<H6L$ax)rg~GQc
z_!1Tn5lgpnO$jaJYSogJ`O*1uAE-U4mEID}9keyuRQ(m2<rLDxx4L$<1X>3Qs|&h+
zS`L~@;JVPE8;;mo&HHLtEf})L85gVfBNh<KuiOt$mR%UgQ4j{yD}p7MGg2`*T8d~V
z<nx>8-}+!toRvNyb4#UnBnx6rwSkt<&St#vEcFR9ZaW{qTd7<{>-N;&ou4}la>3;i
zfWMTz(ens*k)Pxl;VDcQm`StKm5;d@cB3=|T4544v;qsXx8^d_&pw~^)~M11O~C-{
zzP}2^`Q^#hOhi~Vuq3X+5UJ|<7cCAs^5kF<Y1#)>aSPfR8uKYT{aTHPE6ox?HQkq6
zb~dE;*P!Z0erIzZoFX<u({l<QWBp~4F-q4aXLcHc#l%rRw#@`S1zLi2$S;C%6CeL3
zM~yjMW7?wk?%KU|I!9~`<2Mn2LKHfQ0nOsWM`HH3bgVhr_C-I7CycrH1F~-we6>sk
zTRY3>m`qWoY^x4Zyfd5}Md;?x9w55MUFT&t&P>?Mhs$$EcLCMpJdbBj?FrE1gY2g^
z1fG9YAjk4oIzr5!){fXRCn@s_ws)|f`0BxozwZ^u``85`8IDz8q{^4p6!YIyu_#b@
z!Ny}a^quknKd;5Y{Wx#Re?T@52OW{49B}6?L3BYCA}_})`YugZkiQ{2EiZH&+ldV!
zaL-2|n@HZ`>CV=7e0cZRHG2-oDGP1ZJp161(<=WWkC5^Qn;J8Z48AGA<J%n;((0ub
zlU!9|Wk6OhL|KNxTz`kdNMcP({wAa|_MayYa2|XGB<C5gnH6%*@0@$;h}v|tk_elN
zxhSF?wT%yT)67`7OoDFD;JWssrpp!mhuA|@(RnsSS*K^ExACBrD=S(UQuJ|hcyOs}
zqY%A%0%|inA-hmOrGitl6kup!?-pG0O<|I<E;aEAOoiH-LMbtO+y6+lqaVg)<A74Q
zOY$Hyp~QG)wlMV7<8Nm+KTi?m2eWi^DlQ#V$LBvqm7d96@V+XcZnwLdSMT4p;8$F8
z6$esp{IDqLAo%G@F_TnsC8hKJoGSE#{n_!=0@Nw`c&2^Uudo*DYCZj8*@M%?Xwo;b
z?{Uw+d}-yLBE26V9=#~pJG~k-sUy+R&uji9zsc9M%a<H#r3W&3@bKjHQE^x@!$8Gt
zoer7u%^X?@8{{|y@_9V{O2m1MeB@wH&Q(j4dW<P{O{C16yd4Xxwz=Oh=IiJRJHs??
zP*n_)r1Sa`+NzZfoJ&SDdQqI6A?6o(ul76NZp11ZrfZya!sD=;!*snp{69W!WljMZ
zm$W~>b^z+?gC<IfX`GQpUwPw<F}a|SzJNDu<HHpSbrl_#!=NuYn^69<0t<@S0<Gxs
z7V~F%;LC-f<5NUtnAvk+iIibkAx1<yU<2DYIT0iq_CS=_sv33!&bF)gCENE8XDFdj
z7)}mh;MJIWih}!`Q$r(>-!s3zDvRLFhBd@Uzogc>Q^nnF*uolsPXOtpU<^-_+Gaz+
z5}2sA`BEwrY1jWv^Y~+~EHK@dCA<}v{OssFa`0H`GN~k^To0WPp&*?34r&M*H#%0t
z7}Cd}TH$?6B5(B54xDMtd;PcFXEBNLWf7PlN2PZXfIv{B#;#r_3gp@#&&SA?3e@>A
z(43I)lTrKPl4#(e1ZhNN__h6b;}&eZ?ue1j@#mGs;-x<IsW!MDv=J+#csGd$I^*}N
zMvp&I2(r^@&L(db;kWZf6`gD|*Zbx(l|-`#HG<XQB5tT(QxsG7!Rq93ZH(Xa??D*B
zwn(v3YXcpGkeN43ci6Al22!XFWpU*JzfAH+LPDYU3J)+LQ$45sq31w6L+;eIMi?9v
ztiv^#l=z*1vd`WMb&!Mr44IwfcHdKbhHLo?O+>Qiv|4P&w6|*MR)bM(TPN@`v>|3k
z>n0}<6KR)8bKI`!CeJWCT<4$s0EmGf>9@y#M%1oQ97K$xND1LmpN>+9M6VgW+f55h
zpnlbh0?z4^YgA7Jn=iE&*R}os3Ns8w08MvH6CMzVfx-7Mvp9Ta3|N7y-~cf3x4Z&6
zgsYY~Z^J%AZe)1vjrjjpTJn+t(tCe6mCaOIE4>|aqP_Mfx_TVopyEJ``heou#ao#i
zr2oquzqbo{qthpnobzW*){qI@RP&)`L7jBWW3ENPpE^6AZkIRs)(+Cjl+vw}SmvRX
z{mn%u3>E{@WV*C`y%RG?tWOrN=XS|igOhZb%!U*()$9e6%u>oAA}z*iyzxCw^5Xgs
zyf}Gd_W$LRPq;n&R%iv6VP`ZyKLwpiek#PMjps((0)YW4SeLC@O@|cd)e}@&qH1->
zbF*oVr*Wkv9}|x5@BaUFb1+p8wP3Lb<BMW<3d+v%&du(kLyU7&Zc$zIKJXx)z9w(@
z+Y#R&msvvf!<1N)SurGgH$B}BpUlTbx`jX>3Jrp9AGZik_8-W$$8~J9YxbMEj5C>R
zM=)L}_xl7`vHWu0V$^h?S!3G5f{bPx)NVH4azO7u77$n#=H1%)k#xBW>SycJchalU
z+)}@i7^Tlz)fnmCqpsmd6h=f|fB++v_`Hr$f<7hGFy56yg4y1UwVb3IjjBkjHPUws
z3Xg6jKRk&`?Gd?QW*v{%%yx|uJ_M+v@-$JI9=vK!Hf{K1tMm?w4sE$v(#e~3yNV!M
zN9GCVJ-mn#+wEa;jF_Q()(Be)JP?MGYn|8T2W6cl9{Aee4%NZp0d32j{E0qoITZ>b
zHJWM`3{}wBoJ|WKgZjw9D)GyOuL-p}R1M`DP*eX|Us<BokSql~y3oee=L)1fVsAxq
zjGW$NPfU#8XDg))Om|(Xk$>Yv>tCVrqXWNLX?H!TBdyjv1Ku7iwR=q9B1zmE5#|IR
zlD@Dk_B%0ArgS#+e8cuiEfrT}oJ*Ey#d`%l9e<l6ZB||&w`TmlA%}ppTu#**s3D+y
zx^1@;jCxF(JV>n|rVgUfB>(uuD)@n72yOEG!gi8ddrP}qZ;KHG=?=J$7sN$Zw)@<7
zt&V}vEa9#MIMTCd$uXzDb*fa&e~T$ncR%Fx!^jsT#0EC!>v_yQa3PFFn*Rk1I035z
z3-dD@Kwo~{D;XepO}jrXr^AmGX7f}4iW+d3g^l1{_ITj8%_!b?BOIDlgCd&G`2~R|
z0RMfYVlg#Yq2Ds}tjNDwqU$^j)b;cVPuyZ&s(~84y4j(n)=KmKuR-#mb31T*?XaF5
zr8#H4y*e%ff$2#uJ$VljKxcFZesN9uS|chBovVX?@NkE5pH>gk_x6-TXiOA%I()M`
zXH&WhWSg~Z_cgR>QLkR_)SX!<>Bp98aaf8PCR!W%q-s&mh>#0TLPn#CY7^Q-`8#?}
zZhci$HeIQh8ll-F_vJvfhb1w+Ms%QMN`!~_YK^LK!tH#<b;>NJOsHH@TwD??{y+;H
z5fnR^K-4Pay0KEL<r2t{Y9sy&(fw~9p*{!94kL93JO8H6#SBzeMn2K%?Os&`mA%&G
zt?`eql!V2th6cWtqn~zoV0TWcIds-l_MjKNN5@j1KcZ`JJEcA9O~JpSt7STK=F`Ip
z%yDabG{MWi64M>Y7BLY9?f5UZ&2~q%uF#@g&`2q;TJj_z)?7n|Z8Fk=f{4rzg(7(j
zc2sErKIti7#@{DItoKd}QUzQqU*Co?%~FO^K=9N?ZyaJFzyqLMR#A7!)=y0t+&MHx
zPZhL<vEBKSXHP(B1sqmmt$-Tf#Z?gT@RFC=3Yi8pLW)Ipj2w<a&CnEx(T_e~{_8jh
zX{ahUnRd;^q9KuFk0G>3+(`8$Xd#iX>-;G=o4ty0&!^wawe|#YV;*0MAr6(zU)=8N
zvc-mVVV0-f&@T}*Z@3U4cd-*38pV8gOI`ap%m1$`M95VN9Km<M1m3x&cuO0Xd+?bF
zkm<P0q|>y2J(shS=L2p(+BixcNO4vBXu+ONq~V5TP&00hv<HZRuQi=t3W*zWe_P5!
z!@P+v5fdkiQqQN5UKEexD6=LP`jR^QaGD`bVly+l1~5tRLn`m7ch+_rnw>}K#GOg%
zKSu7A1<A}K;tTw$6KR-@cxG|%EKEKLBW10yyhdNc%}p?MD16x<&}zR7Fwrrkw?wuO
z<Ho`4+mvf0>zK0^40cXlaOL#^pI6)62|{%of=C`YYCZHG*A(n#a>>0|tm?`OT~xC(
zY}q!`jm{%IiwlHExLiidaXb%M<@4B1fb@e39<e9i?i<1%EY*Qq^|4jvR*i)0z{Z@(
zbo=pozuS9*4Oo=<B~B81@|0~?O|8B$x8MeBczy<iS;_=7X6K*1%ntUSCs)Ye<+RQ0
zCKK{bXPvlSa?dKOafL+E;&Rv)(-T7GG{HnO2D2TmP9ZG&;G?o&&hwM7jCe5~yu&qD
zj!=!UlvmkN8j8&T96TiGR0%jk4l4P`McjG2u+#V)6&$eAKknPM_&jz2-~J{@{C#q4
zPLrtf-1{W2a412Gmj$84uK)SoZ1Cjf(#S8sDvkZLVC+H0hOm^1<0}4@mqz_lr~>Zx
zv@+`@eDX2)xBIY97luk_&rag@H=%UmXK=mz;fi|SM9pokx^#D?T9OI@)Ocwcf9dCz
z>sk-stL1Jex;a-9zej^Q`*cumto(KP_Y)BY7Q>wooP*8OH-yrlr6yj@*+B?$sY9z&
z<sm*%@6<1m08An;+uOGR2Z6oGV!e1U|4Pw{wT=&>rTwKvOoJhR4#`fkG~yL&edIl7
zn*;eYa;1rdsxfB97R9H#)l6q<bXuHR*20C14=qUxwYb@XUWdI?jI8a#FY}RiQ7~Rk
z`c(07ByN-plVC7aJ-2kWeO_o7(=+?|J&MSsc5k2YQ1}8=K%~l9xC~e*7Q1>wGZoo?
z`&N1+CCwwc&%n`bTQ0UPHc5mDgLh=S!6fKYRxgK|1^K_;FW_{c;&sIIVy|(Oh9>qV
zM&D}{rho`hKRCx<$2PJ?Z*&bguLhqTTKBx^j^F$JsXcbZx=J%*do}}@LcHz1#47K0
zOFd%3P;RtSi%5PGHNJcRhzE<j2$6lqMBWcwo;<pS#2)(%p-!#Ae5!0C*-@NY`N}ss
z<OUb7_jx|S=a}a7)uFD0x_=!`BLvBntpBTxEK$$4owy%$g(dN@^O4k>u5grLBSGgr
zn+c+7IDOtH2QIP&6c9+<FB$hS(#P$^SuxzT{!;nBz-*eO8kuld(p7(-20k2OR8ohc
zx&89QY}DqwydE$dNPIvO!PjJPa?%;FzJ}v`ek(GU(JOYzV2Z(rS0RUkwq#!A&uP&v
z;Z*56foWgOWpVIfMxYd+64d`-j+e%J{&f|NG-3YW;>+gvR9EiiI3Ad6-}>#xC`Z*O
z)yOf`wf$cw7f!wU%J*-R8|E2==nA0%#O!G$!pYm#uUjd65J}hsKMTmX(={lhgIQ^`
zTo^0iC#GE8y!^{M<d_i6OiZPE%|Y><uwRn20FI1n{5GzgG3(MW|5g3kv22-h^y?Eg
zpIpl(@ghD^BJX|!ulK<J4PsH#hA#M}zeFHgCGhQO5sUmg=VpyZ**I%i3y!&cFFT(u
zFB7JR`O;W%Gs_JuNtk8B^Y4p5(C7@+$yhmn7q|}1Hq|VtMZ;*UrvPd1ZVJ-2!n6Sl
zq3HE*iy_)slCq<kR!z#~6*k;p5dm{`vR#zmgB3)}PH|9=wC<vvp=0}&J4~A~CZ!$M
zOHt-)gLDKjkIc`fMffT&a-chEW#ZVR_@~dObFcLzo+j1X2hCr$ee!oBTZAtUzt^ga
z^@ii$;4SQk)1wDzMsL64O$4+aSb0SRidXA{qw&GO%U#!Uudz63PfSkawS=Vur6l+D
z!s+RCWVW(*Ppy|lkstvGVP!?jP*&BwU$<Tt#U^d<MDF@UmRwt0z^3_xXh>a7EI|EG
z!^$_V51IhhI3|+7yF+aq&zU(hIY$LOB{hy&430qR_XrXJ{k<@Xg26xilZgC&h?wfd
z0F~d0>GpE>kmMeaBZVb?_1W*w@`h^KjFBScZ9^&}LnUM~HfaQ*wM0~F0Z(z3?*f58
z=nfL*bWq2aTVxlAFT8-0pnelUEGUfDs&wG9P_4~Qch{RBJ|x2gewS_N-k>B0{shTz
zOrWX2{TDTla<=&DasR@wg?qpXL#fBId2K|Y0Xov^!SSI^g-8`ur9U$haCGb>A`L63
z&QS5iFy@?vzz`DVqT@81{>tqX>AVM{6^9qWSWUBGl$z_r;NHg*@~AbO8I}ap7?&WZ
zBmM`bO9!N($Zbs+$MIM=kWGw@^hgnHG8v5{G-mR?E$0K2F++Fr7DJ$A?E#&IhAgy8
zFxOIV*mD)n26Btse~a1>Z0zfkWeze92?s91?d_0$C+@*m9~`7<h*pfYkO+k%*V8Bg
zO%~gzx;cOyEWVPw4D*MI7`Eh_7q}Lau<Q{yq8Q+Lb+0>l3w54fjgPNpx!8=4a=Y0D
zpRmELbi!5UqciIW&c;>W>s+h==H!%-Zt1PA|IGG1@$gv!RE=gnK;Ro4+StgN4p{p=
z#w-AVSd?nUlB)&m|L#YGF@dI6^Ce@u2_GCSi_MI#V#B}8`(7?|pk+dq_z7J}h5|4^
zAszx52df{L=@X%1rqZ+952<D%V?;kOD-NH5)-5K(-c=?hrl8$h1_fR3g95k#D2Qry
z#0Udyot&Mmm44yzbu{GG%>0?0%i+@@Nr~55UNmyOR@NFxvY-<8Boa<*ZSzPmVnX4V
z^A|cLh(|ZtpyoHq!48!!`^in}15M0Q9xTovb`yl8x+Iy_**<S$mDPJ7)Aidr7A&~Y
zoEV<CbNcmBAkgccoBQK6`4gQ!b*@mUsasrVR^9neq^iwYc_Sw{%aEIIyD5K^5jyPO
ziD|B&TYkrV2hGx8iCy8I!%Zn}j|YH$(8YId&&H?MY_3AMExqldqX)?zSAVhjcP{|h
z*R+wxYjRnuY{KaPQZ!kHtl@K>^`^kR&d#!J4FmnPwPrBkcitx1_cAB;M2P_xG4Yw}
zbVc=A?MPtS83atBkR+tQAkyxh<j6~GJNz7ALlet!6HEneN?w1Rrs3P6r+C79mv#CT
z)HBbD>6F#P3#E{$M*W;%Um#Z<X!*`d{e0<=-a`AIUJ~LdP8Gh7xq>X8#`~g+F0-^N
zQiLw{{>fXm+&#on%CuDVpZzW^jHJ`Q6uD|F16)Q+)~te4#Vgkbv<K%WlMn6OGx!eD
zBphbWi$OzQaY)(81Ge@PodR{U%1%!5molZ`cCLcJ9Y=GIaAREM%VktZJA}C;nG1W~
zv`nW~mJ?(|cmmuyc%#KykjmmV)sv0i!OrrtULK1jW25=7*CJmDYh7!fI}kA4;o@U-
z+N{W@#uAekdw&u6@mwqQ06Fi~lCGOJ+$EIW0J$a=zm&A*mgjc1NGe~}M-divG&{BY
znIdR4twYNN)n$=4vCm{y@;SAWY_QDFjlNzu3y&bXW@C{!`DW#>j~Pv_|C9IHc9O;Y
z20FGD&Vl-2)kKTk+w3P&#7|FUMzC?L2s$Xvr&tMM7LLyD!$yn8oDcc;BjXE6=JV*z
zk&AdmWlp8(n+~M>eh>b?pecaN*QX_uIw}yoBifvlTAN^&bq%Jf=e6Dppm>(b53P9U
zrE0I=udjp)ND?6`IiWu_Zk5ZF1-OLYXu?w!({_zl08THwQiXDKF=aKeAZ1^K9H^)V
z=;BxSl)?Thq~Ix@^k)M&IlSo+iw&kf88tKQ!qY;$%`{0Il1?3B`Y<^Oiat!<&3)fw
z4sWsj_qKlJhXzJ?5%o;W%vG_Zx@^E{58k#1R3PF3z*fKN!){W$+D(=CHi05U*A5x-
zpe!29Y?s5=%1T<QpFmPk28tl&Ir@XJgpr~lDP<XOX)<(RWOB2<1xfD4bvAV_O9ecf
z5=BKE3&9AC5T$>ZF7?ZD&cfw@XC#UhS<sPm7ie7@r+WZ_ux<)U#dbW?&_IB^Vz_ZT
zu-xa(6QfA4m+dk*_05zVAAUANB4h5#9Hxwp_Q3X+U5O<NsaF51So}pu`>pE3R?<`e
z5Hk%V3k7<Z%gkJ2OUxGpBjtuVqP4V&r>Yg>Rmmb|^BRoH5Xp#35o&b!#s$PrKM%*}
z|EUmOh&-fBMus7MLTRO+g*PdbLWv_6yPyTgoRjA~zTob&k3AAx>9%W|!6Jth7O_oX
zk}Z0Hf_?D1sjNgt)lUkpCpV;oFb3ql^{Qk!2viJlf=S3RnSw=au6CKuQtzonMSK+a
zev3$xcWb(_TuTHDesd}rLFVYXzII9b*c`PZpDVMN^!YJi<0wMYG88?swHbD~`&TN*
zL;bkkHX$tOPbGw^O-^{FZC?6vw6{&9{6S3TFqE)st6t5j@^wH)Ls@KjpjF&Qe=nDS
z#`ln|$U9TsBQ*#I?nwhFyc?MM<}6M%Mspo04UmjB;?D|yQZQ|+D#;1>x!A_0!(mLS
zP|s|-u^Y@YFDDUMN*(zWzV!YRojqfr0Q9s{=``9-cR}jwU?Hn;lHHjirW8)9(hWpU
z)EHQ(M&aKsC;8)}^Ip8C;AsMHrHh(o<9NK%Yu5cIMEOMfp^{+(PIc7CO2A`rNqw$9
ziXp)ppFnD_WO(<hhByiaG3wHZM^DSP5~1EMQ)=&+D5D{@S!xAHSB9xMU#=|9vuPuI
zQTYA^u1~wX3dBXQdq<CPeRVH9dim{lx2{^V(wU<)5ZIyTsZ2v@k?Yb$0e#5!4(un%
z@F|!4b<_7UbUXU$y|a|gXcBG0aG)IEp#_VZHougok$u(_QP99ORnwtM+mFysZ-W*v
zeihmOkW0=mmC(kPQuO9PVq`bbL{Rq^CYA)s4Adn^S~Bl+-9HB2Pel}vwIwx8(RU?J
z7@0LFxHCV~sp_Edk#J1fq>FPl_7xX3`cByu&mN%i0R+{p>V9Z6b{Z}ja(L^UH2J?T
z{?;DvsYPY($yoLA-)5=jJd($%Wu;Hu8(y;Q|1xU)Cl{&~i(dKq-sAm+SZmV)Tm5_y
zx>zeac65A<>h>0Y9<U*9;dg`uJ*<Eo`^TqAu*5@5(dh0O*0%@YI-Il&04@v41Kz>H
z%xrJ=TFt+3b2WWvfbf=W3|ChrNeNlSG`4Q_0R;=Nc8*L3Rj-~3dZTm~Nk)Y6-Tq4K
z+mw}Gjm`k>KXS<sgm2Dg`ycDwcz5^!#zkvfr03k<Mnx+XG-OyrhnSbAj@1z&Z3PeP
zjmwEKXhJB?pjIg9)+T(bAF<W}RT(coLbTEl;jo=Az@yh@JXWye_7;#pT-Xy7HNXzT
ztXQS)vnzaKFeDwJ)qJeW1DC75gJb3OULE@i266Fc|5+Zn0`_)V{JW2_<>>d`IX{qQ
zTq0$5<97pnOQ9{AF>(ZpQ3U`L(De7@GF&s16X-#~cndRF$vZu@rp4V~ro;?b(anjQ
zCoXsIrX0a4!|%%@fDn%mow0ql;A;~7?WH~er<8Unif5Z~W>RR>p)RltWu3L&o0<aN
zN-v3sFQHkP%b$69p0e;+8FpWT3y+2-@R8Zr{!7C+%+E~q1CupR=FDUK^1&^muTm2K
zd%Q&fRPAci_n%d<grOkemvk@w;xf9H^&NIM+~BMuXS`JDD1e7^IX=}x+fCov>)Cah
z>iF;#IJ?da_(Pe%Xq$+fQxa*ojw+a2xm;|He_lw1D`VUlNO?;ARCXg|Q^q~U1Ss#w
z4OUc`Fral`wb$<YEFSBPG~@Fp2()75U=BE0GB^Wl`kr#CrVVvoRswwdn`n8wUVGp^
zF*h55utK`jHIf>tKo?baCZi|lUN~iv8S|!$jwv<@^Vq)Xxe@8N8}JVTBq8@WesbJ3
zZjb+7&<bblr?Ku3^@eIU3k@$}6agBA&v<@h#9wBi+5mb_aq4sC?p|wW?oP?ckXXXG
z>PE~-t(#}|HZHx?fTYeg)Q4j=2}M#zBKYOBAgULYpurX^T<ysUK?o7d-m!nAI;EOF
zW<iz@+5bjdzSj*)kuqBHSa`I$f9Q2?!di%~g|V_a#J^J!<~V4!Ap5`m!HEXl3$b&*
zZ39{9pHjb@IQK{eJD#1me9|>Gx=fXe>5dKCS#-~kkRgflmkb**ZI!4g!L7GI8)n3>
z=g#`mR3y7+(sv~`i7y}p67dE~avmBtB(8~20!W9%>*LoKhu34KM4hpV4nStqNvzHR
z{FrRK(^HBa84E|`R0GF;0ZL{OG5^exj5N!DtSO?3!R#tj3IvPh`6Ny9+nEO5NavtM
zS$e1m$wLzw+SoHKg_pO+oQl`tdm&6q$Xo#5!K|oHgzH-OIm0u6jHXKk6(J$X{;V9^
zj~N*M+*(<Dr$3wQnO~1<Ca0O77_+rsz^GW7th0pYW!j`46XD=x@W?U80?wQUq8Zoq
z==^x~(?j|31eX_F|8^PCj}yb`t2JyB_{$8+fI$VBvwwIiR@r5QsjLDMmxLDhPqu_~
z8FxdOx7EDr2!+&>Kr5C||L}d`2u!vyr!@}Rb`11Hp|JkvEEI^c?Z5K%QF{i96K|iA
zBzalWN0!ms%HJF|3U@2Rd9gqz!6t+QDM;D^)Or<P(fA$ZpOGrWUkn>VSDm>gVWc`0
zyGTT4nU0V^+vRW-<6)sjRjxl0rAE3t+8oF)R>87}MCw@ATQ%f#oYljRBt9#o?}>FT
zqeU8*w|WwdE8Zkm>AtXTdn6QNofPtEvbkog0>bVedBDR0y!Bz~*G*m)aUA!B!5_c3
zk%k@~D0S!$8zU>HZBd$KI-yM(iwAPN!YPeA<HuaDxqO>cC{gEp&{el)ZLA4Z>+t!&
zyHLd6o`Oo^`AE7Xy)SACWZ+xgEN$>xNZdgS>Qz<LzSJ#oFho2jLoAeJpW=W1Q*<Yf
zO`bvO4z<HZj4hKE09EYr&qiHWByNUssI%7=i}iG%*x9z*2y1SGqDhFdpcJujF9gX)
zuiZ+$9ghV6BU-v3art&H|Mv>=eHI+mV?i((NhD<5VFA@l>qjHJp6`YUXffz~P^t;+
zL2{6InNYUO=nFi@e>f<abSMZ4fqFO~3j-fEltCNcXH)0fY6?gC60Gn%;pRjDwDsKi
z@VR#3l(mX9MQ^+(;KGe7rifuyRZov~;k%F)ZIyWPr_)rPS~n`$mp^d?0%E-d>d3(C
z5i%B-e+R7KtkczNYqkLaFypftPa`{QZvN8Uv|dL!mU&v59vSK4nMD~xyOlzDHnQ)Q
z$)1EaAn`3k_w8x1JHP*U8wfJ{;e$GNf<xa~HxMmr(|qY12R;|<;r?tS`q^l6S-*a-
z((?+0ZA(;XSLwTH-=<S>=I96fhcoO`_^psdCB^~i;>672xu;}oQo|0}SMLJ|9w;bh
zr+Z2dF~aJl$O^2x<>zPx_{h0Hqo-ujB`X8oBvg&ZjZ8GCe8sK7;Q-RFL4*Qz?aE6(
z+Uf`k80SoQz<*D!U{(?=r>IrIDw1|fAzdVgduAus36`iLdIE${Yj|<TiH9FV@KwT}
zcO~|*Bd>snGYdf+2BBSaep5vpT`y&%+z*g`G~EcdYi~E+?>i=SATNSp5H5z#n2>!9
zYSn=zmK@2|s)~of_C|HX9`1yL7-ouF%xh;OOYXx8HRK$}hi~6AIDLo!Yx#lzg69g5
z2{e%^lqo?5Cs6G6k_Xs3i!Oyz`m@S;Kh1h}WAHam2&3pPi=Yp(X)}|iEmO5@aDT6Z
zonKdWWeT~cR0J7zxyU4(^R=!OPvU`Il!{5kS6HGR_EU(i_$@;YpJKhvtxz~vn>2!U
zifJtk?<L0ca74?}4q^bp<%Ulw-AiDt7zP{C5rE(m&3Dxl<T9JBn2^~;%Z08GbX5yD
zI0`2|n2$Q4?PI6ECXCBssxC*@CBOF(i#cgc=K4;5$lxk#;cU4K6Jp{(n>Gia8@a4J
zMI%4X3e#AZ<jmNM!)4DJdF+h}t2N(wN#S~5Fe=N*=VYMCsd*#pr-bLTCz4wTH}F}-
z|6r9sB6)E4zRQ4hr+CO?)dTzDgHBJbrhyIm1$0tTw!;$>%gcRYU==*240+4X1uING
zXH(&j@=EQfb%;^%nmt5=F>b&aj9FLlqjRorI}oRzJ;LM=IB>Czs@9d)m%A}ityiU<
z;r#&w0;$OOjNc1Fx?x|;(|VKKFyVw6mXn~zInA@``5X@3`6W%FtzX}vD{?gjuHWy0
zBuihAUa+NB=R{<i+gKo(9~0%2iS%n)o`<FK*8scsH;+eiTD~Z!5;{AL(K9hDo68rn
zm~gHoE{7Ad#`hBqE!xpf-NhaTPrQe#@gwD#YAfJQLwjJNoW4DS^@GT`wymNnI3^`f
z@u#py9c(MrMYX>Yl_>DsVWj&)SQ_HO!a%KRr3xTk=1_seRYXL&*b-$5V0v+l>pi8L
z38blHE58@AbYNCeLwRSl2$EbUa_|Z{O~{TOkuFaR95vjeI71w{&O|9S2nNrPy_IDO
zL!$WRpPd8Drs8E2n5=B@2hg9vG{d?BZ1^T)pJ_?-r3uk>qCMlG13m?3cA;?a5rhFO
zl)C=Gdc~$dVN?1*i9p2zGNWy_ARQ@W<ya7Z%U=l08cR_MqK;$+Qb)2_<4Q~QSho4P
z^c2p6c6lCF0}0#<3+6?PCJWL5ufc0Cdc<}FpU*-vBhzuAcilNBH$dzP#9-sfC6k=>
zq5b-vDJ13w7|!-bHbgZ=8=TW~N2HX?Paf&4l#`bH@@s5S``g)o+dxTBCF^h`EMk2{
zT4RiMCcOGaq}fhY;}QBzb5x6ucqh{#h6ozc(M?y$54myhDe0C3I^5e&Ny@mRtC}>@
z4{F)>4Pn)@^7?rY`>5k=m?R!ptkI4tQk77o1$(EyS#9e)ynT$^zaRqGlZrY$%o^r!
znrfRQGmI)>$rA4Da^eA!Njs8wIG_0Sppw@G9E-!lG!Brj+KuhO@fOY2^kXkFZq9vP
z7yetV7vC1Vs#Yhi3utfrZlhUUkO<%2j2bvIJoa`cI9(9w)ZhL<^^h7$Sd7p3jYA;j
zQDi!l<jA@^kQg9Cy?)6Pp6tXAbq&g(tHXf=lU1AWY<L-nvH7<|(O=hVR!V*2<7vnK
z!6z69qqOkD5>M^LU}spliRPp7*pL!0&EcFMamdiZRPQHVn=8$!PCKja4O(+;|AaTy
z09K55%}a1;0aXq*>x<*hE2Vt~&8uh%3%O(g^@n+UlmlPY`Bjl1CbDcqOZiGBo+$;F
z48KGZLzm!^XeDuY8){RQ=S%0QSCtPMwLm?p2Af57%B*lgMVnny(Eskg+AdNKhNHg$
z<X45S`JGLr;I)Jv0-su~c%=X7S_I*vU^Fc2P58VjXPQRhv;XtV26>*fOxf`-!@%#{
z%YsxrYX$BFd8IAxd~+Kpa_W{Q+NW`h#0>N`S$$}T3Npu6rar#xT<I*>rgWWYs7YK7
z2I#=%<C!7JKdf+-iS{jO&y^|03sj``CME2OOHG2e8kLD%_IRWipy6*9C5M5FrH|;K
zf^zU15!m%Ct97E9{_%t)>0IDdq-HO#K_I^U5wA1$<`P9@W!KC4VA;rp6UOOk<J}SP
z<VY4~Jo6RyXM;@TX-%nD*AYJpWh?oV@Qu*n*ChhU=W$ScM<pLL4P*S*j($mquvD#=
zTYleVRx;j8u*8Ta0Zf0+z&}n-Qi8QaFe2loA9{s}hSn{(YL;2W3X&hTA&Xh*hFTaY
zg_7@5z@cykHKddbyx_ERl47N9G}C=!le$t*7%T<=7~r-dzx4KVrgGtOjo20CJlp<L
zIse{7KoD2AYe8{Hv<lLU=gS;^h1F9->M$sxVE(b^^9vW!gx{xPk9WosKRu)rYHYV|
zedRAY79I8qjzkpjF^v3XBY576Kn)UH@7j4HQ!n>Xo~zxP^}f#~92id<;0X^Tjej(-
zr*CybH}jlPWGj=YM-k{J7g_k+5kL=+o`9lmySp%Vd-b0MO!<6%=8BM1^yj&q>8tXB
z7w(t4!?3$i7_Sq`eugK?^ZxY<wSuDoH-bl)l#zqaK;d9UqsSW2Wu>8CbOs=|YnF<j
zY&)lX)(2!`;<m?iZIyw)Z(G-#k{iS8t#ZAsJHww_6FmJ$A$OxvBzdg!v!bVT$*X}P
zN_TrDDG*F7RxyBbO|nv$%9#Z)em{m7{cl7?gC)GQ%&bVpCU$SPM!RTI3^^mP)|v_<
zq|wr08(Vg?&%hjoYnY2UphQ4w3<!PL%s%*%er4np{&UC~u>YwvsQVY&FO@FicKJ1N
z62o<;;#}_pk&P`(QE>SmaZ&X{Ftpjp)+Ed84A^gDr%Bb97QW8liE>lprCJT5+jDzl
zGTS7ZWF?ab8kl15x%}bZg1m{#kMWy#5JUXFwNyx`5-ixeT=N15`s(~zD7>p#&r==;
zMg{h9e*{?;aH>;rO(pvM=Pc_egh4L_Ii=|m>s+E{o#U6F>_@pI+eq^i2DZh>>Jc;(
zCG`^~;IRtp72Z<R>}ut&uNNdXjshB|y=a+$cl-Hi3n^rJRY*SYOaMwiG3jSQ)<w93
z*~*6y|BJdc9hluav78=l?w0DHcukqrcWHiQ!Wxo9FT+)<JVynBNR*_!Er4?f#YJ3~
z=}Y6PZkaEdpb$Y`HPefJv(95pb!zKrxiz!He>Y|SDObY)(emsP9(*<VH98mPAZ(W{
zpP@`V=}v10)*MwMR`)lzis$wc5B0duevdO6xWEk+AT$vfUO69kpRQ%P!#NAIR?0|>
zv7#hEQ+g5WQFOLa$eeaRv=368FG)q6eFuOqZT0FdR9DC1#$idTOW)v7Xb<&7XR+0k
zEl)ba!OCy?8@}FeVQx=i+xWt$dsRZPE6>EO4LDn|F1pW}1!YRB>M(kvwF4fegJa%a
z45`pmB0dv}k3}QQin}5eH)s@_`s&D&B?nXZ!W5j|WP<eBz>0Ap>xqih>b6>m3-$Ol
zn2I~BkI{Td;Ik*yir~ZVlcj2?d?!#X@D620&PBa`m)Bi{Q)0?x*xbn{NwNdo(Mdpx
zJI<>^>OSn%133kI0nK<`ZJ;)~?^~{AL}SNnqMf)(ljb=mtACWqDIFic=I~kN^|jZv
zNO<+I3a%R?g11sL2hgrVxlANKK`OGW>eFUO(;Y=2_qyyPKhn`rLam+9n;;cqTNl`5
znzzgM7FcaZ(XR4Ev;Fa(IBq__sUqaDcsS9^O+L)-i^fuMOuZcoXup1^V_LeJ0j4b@
z6fGFOWP`=I{MNTf#j-?GY^N4^aw{xb{Y@#BidRL;Hx0Y`Oj;867nl{W+FF9`T>~0C
zQY~Jb!Vg-zCOk@D^lbXs^I70jDVW0GE%G^}T*lJ0CcP>}cVxB6Q17bjuuX5e%^t=L
zDvtkbA+@QfAo%GJz-hfq5f+U7-*Q6oMbnx=&G;%r>0v`P3b4so;JGOKhy(O<Z{@=a
zgFa(+;8!?dZWuMa;8Mtm18@Z*k64nl`jOHh5wMOEi{Y~XTZvL(!dDH*L)+xtmW<tc
zB2DItQ_6zLIIo8z?o%7|>ZxCz$AC`_m1XDpVylLR#b896+e?+o;sc`QY@<sL7+}Ui
zf=1W-&wNY&WQWfAJ9Jx@z?UimwGI(y=viYfh!w$+J#qOd9cP(UZ$o&v!Fir51XWc(
z!^52;$+-Ml#(Hn67tAa#@5>)^03Kr<W4hK%B}W*jS-_J_YR(>aq@*)9`N#r#iWX_B
zvgSzu6t^A#KPDjuMz5-bt|Z(?6cA0MP6U|DQ&OvMG)ps+ZM4?V8ksrmbKO05zNSRI
z3CoR-*zWwhn++$pHK2+F0g3d<$Nt(H0=Xq`+8?J8tC5i(aChGH8w<aKA#;nOw!kwr
zCvBZZ5Xa;mG{c|9@EDd&=Iv;(H?!ag36zr_9s_N}_v@?wJG}PEW8gpE({l6lz$=F{
zD$lQzah6!VJk^2^HL2Zc3sizHkbs4MHb+NPNsr@KWs|r#Au!JVeMY>9?hwg@d=$z_
zoxDU|NbfF8B7))4y>XmZ{3KF=VTvY{DTo-e9$`rvJqUy*(#)pJ)1+O*ynsCdk<EKu
zp~KAk#_`y7aU$hF9G+Fcua%7&zvmn*><MGdt^}gqlp$Z4qePRWx))FJr_&@(Pv5E$
zUW)myYz<2v|7UqZkcP`Z)8G}SIU@4ME<SYe5Rot!RuCyPm>TAKxFB3jjRjEcVZgga
zdBNZOQ4JOeaw>f=s}QR7;StGR{Z2~IrekLd{up4r*+k?u5IY|*oP!T^TBEe0q#*vp
z75KCpy!U}InaDx1W+v{RKrhW{N%+Wmd*+RL&hlIy-O)F{?^|O5Or;t<X4)m&K4&sN
zo>Eu|uSn7h;aIfxe+^a)R65w9NJZ3Egs`~X2PW5kOi;-#9@aAeasxk%^D2*yNfd4J
zd^qNJdIW9>HdsbgS!LVKC}??`sjFugNP?zRCXz#uIcA=Em|~O<GKmKa{-`p+%^+N2
zEmO`)`YH(o%h8nuJw1-c|E>`wyfDpLVLnDH54tH&>6YZlymuziUdVdzazuiR3HrnB
zK+=%jr2`?h7~qjzZ(lGk>AZ-HeVE})4n2WkRZjB5gDfs*0ur1HU&3AJH~qbz=qZ6!
zBe^Nn?9tpDy`Sd~vmYduST*DNM}iP&*t71bM*1$>fq8!u{q4gMS@;XXu0)0|Op+TZ
zqE5QC@BFfII<wh?_Vqbeoz$c<pJcbxED2wS8yKSp5?pA!gK3Q&?o7_ZPfcqD+Mx6q
zLwqP@;%$Hi<-FB$t`8XZZx~jlZHxJ5d<zX(&4h%>lr_Jr^Y0xPX)GV`4sn-0KY-V8
zzG0|Fj=S{3ssm}x$OW>tS*6+Sm7NqiBAdgXAHb)lUFrwq$e?-NE<T&iY%b<BD}OoS
zsca)KQhN5TVPHI;l48kbo$WL=kU!cK2Wrpd<<WYZvcSG^_Y?!ZfgzzjXGe_`Bp+hy
zLW?)~!h<BOb`#L!AEUX8FrwQGC4Wg28qX8z7)0C~W?a9n>H_5w_&AKhnZn;Lk*i1W
zAn@pWKsyU}aX#x;#hc~-DZ&}Kh9(?SE~a}v(TsA20nA*rK~t~XOw*{YRG&j_Mfkga
zkg0fgX&I2F%RelN07NE6<;~DGX^m#9*SQt9m&pZy_YCw-9{7=yW0LEvbas}{CNyVl
z*i|^XbU0suULIEgW+<MxL{V$Z)i1Zm51Ht1L6)zR7=850JYO=;JQL}-LtAA@uqu&5
zpKy#@T-SxRh`M}PP<hwme3%e|qEg&Op#2fUr8tw74*$$zfiJch!|oAO)#lq_;FBC!
z<c&zUE2?t_wJyo%>Cx3YGtGF+K7`K5iY*C(yy6xtdDRGc_QWB6#E{1H$83x>9sNVS
zAt$cVsX2ZlqA~@zwNoHZY(VRd2}?KGS!e!V#@a0B-j(7(5}fGxz4Fgx?oW$>xI}5!
zt=2itdOUkgfiq~f?Q-MjyOziPV~kg}e&>?0z-5yHf_iuR^oqf>OIz2~gE>ZMp<G>c
zhuih3_lh%>OW5^8Dayrh{BT&74B@V19G3ECRF#$*OREBr#e6SRDTIpo-=f0JMgsI%
z^?7u0^mLjlnf52ZH=WGKavkw&xs2EXH?W{DSTq)%O$juuRivH{lem%&6aC3B=&NB0
znkXZ$+Hgl|2;4Xm3aHIOyx~+zMPw?Mg8@wd%&Zz3X47fanW2{3yirb!n_v4~mNleW
zbwD{Rud1{4zT{M}k!B{@GJ(b0?x^$>Cw6C2QDLK2<)o*%A6sV#3y%>hAP%`?RJ4d|
zdL_KFbEzhnjqBUw3CGz;bR5(0ZuOlCi1H^)MWXPg?k>7NbDpMtmG?VR1^Q0(-vwD3
z&6H%?*A1b;wy|DD%t;R20YbwQ8q515-U+>e2KBqa=cx#~^h$3M*ZlU_lfTy<srpW_
zZ2HH{<+YVrKgmzgc<J+B%ksH3m}c}5SqBtaH<b;W5T*X_3$J!f!C=i!j!_8ZYz`lD
z7pfK|++nwYw$)i5GF$8zXMfe1?<z_m*BGi+zy8fM|D94BvP_9^L=$4U2j=uw5<16u
z%6W#*kg|eXB+$~7lp}BWJ+W16$78oou8D3H_7V@bA{uTwEuv<##G!C1HNIWmpRoJP
zv_eUfH^*Ju-fau9;V*jORP^XdY{4acaK^T3@Q~s0$>;YzjRZafsG*n%r972=^X+S6
zN860N88t_ZAKv<jK<iZK@X9o&d2I}yL(d5FY(XS($kTihd|o{T!4Q5_p>kIC{)C>>
zK^?i0*S9YhkDPniEKYWZw4U=_7O-2MB2)=6dj96a2#BGYk><@n;sZg!p=ja8c^yoq
zYFf=l(2&!e3$$LqZAU_&-wx}^Z0K1#wJQ#9n7uv3r~SS0ib3yReVCypy<36)Bd7Sf
zFjV@hUGF$@E}<g>q@G+KR}!<ZY1zSexT4S*D1AIKDxfB%PB|-Upo4efFs28{A7h<7
zlR4MRVA@v|O*f9m{3HJV;@QFVtPc@cED9AlEfN+s#`%adLC#aHn@!Ek?@4tD8)`EN
z(BoFTk#j1bWjK6NO$!_P>o7&EU9+}3s+nSD8R)F!;5`eFU90`B`0R~zm_uF(da0a8
zyigQv_kDuTg+V+UB{P_mu#8H*cA4zJ-Sq&0yL<5{IQz|C<eE|ij@{{&HXX+3;@K3N
zY(V!Wus&5CDt~hSAl@w#?VrO=)<^eN<C*_)$8c2O4ey~Ti{FK2&u<01*7M9Kt(#i|
z98tJPKfmM^`)N%&Pk^|={LE$F%BR+o{CLS+=0=>i5XD!IXk??I#l&e$1`cD)-twX-
zZ?~KgM3875MW2sRf_d@OaJCdPCi%wVH^4%-D`99XVStvlqwLR^0ya2ajo!<qtVC`G
zsdw`Ny~Cd1*GH9jiLJ#y+q|(YGjRd)@#IptG~Yfdl@+dcbtC_&fWwVlB}~u6aKa2U
zie-<DT^KqA)Q*APm5Tq2mbXsilfOoqqegmNIew3MGSJ*BS?J%2SX^Dt5$ufsTBq*h
zKI%gCsVN*INS1cCFkZHS%IVbS&oh&duL+d0*vslRdQclhfdyyv4K>i#MYQv7o#{m@
zZ&DwGtY*AF1xs00CBwkE*^>w@$7RjUQR-2Ar#s=+zfg<qe&vq_h?J>{nNbNc(1xEU
z*A%r*3+(V4gN<(1W1iRn@Z_R}dC%^B7=rne#@?{Kjv$WO1n&xYlmsrP<3K23L%bjh
zRZ|FzvMVsRaWYC6Y$|H0r3@_P=ijPgXs0TRde8X|UJtB_-NlMmJSOQC=d|_26gPb>
zA3T5&LavZH?6#wirl-*FZsNU8XR3+#@b`+y>SKmhxJ!a7qd*b~I<C2spT?<HL=2l)
z>p2jvEo4mdDK){ofBQa{OYT$=qLT{TZIndv)q!Nl;VUUf7705uNrm0Z8sunYOnfsE
z4tD}J#~a`2b>oF{8Vx5#VJPC)^iUA-XBLw0j&BK4eo?{-WJWa>`W!=QIgP%Y97H>&
zQQ9fsO;&N+NFpcX^cw9xGy_4(N)L?HpVjk*8f$mfQ9%3=AAPy=6bz_4_uxPkL=B|d
zL?wnI1kNzz`yIN>kB|wk7v)KaTKuWWO#4@4MwQR(8bIRZ3GYGM%u@e{U6*Oa-aI(p
z1`Sdh{D*a>v!Mbz2#Z^JYoW_4E1tc>@EFnv>i|hWw!e|CCbkx`jUh#wTqN?W$;QKX
zIA&c0smBDuM)$IUZV;5D^`WHn3Sr~`<MbS+z+xpVpxHU?1nHz*3*nS(aRtf1$9L9m
zc^*r+1}Q3VLy!2yVN+ykPptLfp#DUVn{(^ffIAxIPS}R56^S#`TUvZc<V=Q2qbb0g
zP=^@b#GUX|>)e043%Si!xChYS!w)z<N0gU|kM0l;!HPZ4!8o<|Vnw$Mm7r^2`fEll
zj~+T3qF#lUNjLUOVI^Rp3B(RfVed2`0miq#yXBl4J$u@QcsjQ?tF}N%ERPKwrf=HL
zEur}`oX9cRV8?MUpkM?mH~hWrh^{ia5ZI>S2RLi&5CHRT5`Ygn>EH%jf{+cume@i0
zGF|U{&sMk`=agYR=maL1OCISC$@0|~rIyZ?%OFyJ-^xN~1gP0$PjG(3QR?)hA&RDz
zttG5hx5OmWXS=pG<`BZB7;Quap9U(wX0Y})>$OoeM!4wfcz5saD1b&hoLj-FJ$&E1
zb^-F)KtImz+@0*Q&Lsb1=<w)0F&Y!bsI42H7J~XZRhrSK<g3w3E5{GMK8=L$CIq($
zCKVHE593IwGriwopzAD&kZhXBAb4su-q@U!Fqa52V^$wY!LR4}8;2MftdliaB>UPU
zcvUfk4bUN++ju{wO?vDcxOV6#)e7~tQz&?gm^K={jM;JWUsV}I*~*Y(k(+J3G84p)
zBhM8?iUy)v)*%5Psm3&C1Fd;s7bvg|<C6?Gd@GVjQ9+8V9+Ymh0POT)hvq$jxUZ=5
zv%Xrg1A74$jd#nG8i8r=q@s?>OO%7@oo(7@`c0kEu(_pJK|r1B0&)b=7p{V3mlK0^
z?yC1g!v$z>=#o4B+ddd0Djm2wvs31RB9){rLr`wMqxp4oxKqJ>b`l@yrl`MLRW|7!
zUD&S_8;k<D=DJ+N+&vIbctpbPPcE7vzVQFYlaoHuS9+}b*QL99b2P3U%Y&(IH-%jE
zbNNKo?Lg~iDwY;?6WpE!swBM%Z`hA-f|ElC-WR!o7pV3Mq)mUSxgG7a(vnwt2&2q%
z{EbVx%S@B8vh8#p(4oUB^>zSTbiSJsR_Lz+#u>@-PB;e`lE_*}_~8#`Prp?gwIzC-
z#R1qcA#al)e1sI4PR~Vxy=>oumd!sBe_khj-=dkoUtkgHs{b+SI-0z5jMSs)3z)dw
zqVu}+_)XG)iS*(!GK8{pjl-SjyukL91{eQ8AfU<dSuW$-(%Y^!x8-ay4$K8rys|-X
z*6Xk%^7bIVa|tg%$+zPk8__3woPDcI(P*5TxC0IcvdgV=;N!%{WD%+<jq}F|^%?(~
zMWb8~uo2Hwg+3)irQrl$!De{d-M>m30pA1Cmo3;>4C{RGW4rFwdFjy!<M*H>sEcG-
zwG*26T}KPFjf(MwR>1Nt5Hfv0v;e*^cpm7>YDXPT%~n;Xlz75iE`2?q-mcMK{aAvh
z4T4Pmtq~@e3u;ZlViUU(Nh-JXwWnHXYI*olu<U^seA&qcLMxFktgg9ASx#co0_|Au
znW!N9EIhL2?~sabs9yrGVUT>}y2eky^F|xy42ndV`Z0vL$BPApw6a&@Cn2o<KDM7|
zNMwUDH4HP0Sl03<bxf|RULMEiJ<By}Ov_C-QO<>jcZxix8srg~0A@P3X_c=tL}OoX
zw=t;(Aj&63dX6!*$*1M^k~OD-l!Tkjmn=skII*oBX<}mPko65%V=iOkXe=GG9SzVh
z<7)15-E>6(TAR9JNSHPgYKi)=t|{NT_VlttBPY`$3ikr4_)>Z%7E&*a@5(nVaL<<)
z_x#eK(7SJsvj&9VQ6Ls-@Bz1o0(X|0ekDlVqRE1>s~=4eO{hb?FatVjw#Ua?-IlLM
zXH-qUori2no+T)B-6LJfMv#-Vd=VA0bO$8l+0UlI8SbIdJdglfW3_ein1u+9o}NT$
zA1?<sq~ZUOuMB2~L04h<+OK;N&+43*@F##Imh<#$QztQY9>FYM4YRB}sb(%*E8n4T
zpq$10uQhrYm<22^aY8v0<E&lrMVAW`+4{;vc6U`9vd4cS&H){7kU8t`!?-=AdtD`y
zi@5G#)a%+uEorpQT-xTGVtkCt%GcEdrJZ>?lJ#}DQ#uD)`z=b+Y8sS8N#T3;4b$#K
zX*@2-x$jK3(ziWB<8N$$%05E5%373)J#@(BQd0SNyh)9qQYSoDoQqqB?KfRXQK_!O
z-t5X@K4(!J`n!X@3@fA+n&2y&SP(&QK;nF=8sIWc@iqtxG`G>7jBi-hKnqkSU-oHZ
zf_*ba?0Gu4j}BhZU4B^(5V9qvAt`3b^p^H;q{<x6XV;KdM`DAia48RIArs_nRMx*x
z-maORMmD!BF!H2Y_mVNdeM=mU0mgbGeuQicMeVeO9a&p*JXEXiYFb$j-JnwI)w)PF
z5m~=I3Jy$smO2>PNCROtCuI?6okG;guGc7Bi2gvU!k2yNKD~*pZ}#tFHSV=qo}q{u
zAwtDx8?~sc%<jcUms@EG?Pn)xwA^lFUCeF<60fv8|7aCc30FV(10294hi;zJ^;lCU
zd_d!_hsUPMUT*IMHWsPG=JCuh08=ivtQ4mNWVbmvu&ToB)fZYXvHHPx@P2dcOAK5z
zkj8Wp1aFeE$Cofxw>nHN4{qUWzU*e}m`J;b^ddm)DH^htr7K9L82l4rk%z}UGM2q3
z%l4PZq#Gj{qF>f`>!6v)%y-kvw1Ng`+#VtK&GR~Ktbj_2BEYQ#`LFOgtmEFu_hAKj
zY)v@oK+T;&>{nQK5JdcjHnWsUwX?OT)ppwbMm>ASJvHRy@UaUyaG>lKMm#lHAorcw
z1W3&dI3lu`&hMInYVla!^ns5EWDIhVDM+vO2d3g65U0=IWqjaEC!`w=<xDos?m5Ob
zcJu)ESENC0G=ghd{DMY_1I?IC`_t#L;1vAA_v|9u+PPb_#R+-uCj-m49<DqRFsCuL
zcC2>ZsZLkJX`9$atFeEVqu<%J-fOAWh?nasE}3og5ReC<o6TL-a%)>r+I%xn78i4p
zL_r^dGDHf`&`$jceXi}RcUciAPcYF({qVn*j6?@>&@Fb<7UP}Vw(a%6I=WEp_QMi5
z8^<I<(lb(xiY<pfM<DU8)a=eI>Che*#L32_?~0PBP?du(4HK$lvWD%kHjexH@+1f8
zyZJo19jH-te48F6=Q=T_Pgnq8^5*69Z4P>=d(V#g57(FSD*^Av7F}S55rdirswL@h
zcwI^97%&{sJ4?3uX(DS0`XpdbLLl?tqr{02>-`G2RZzuXainvV3J5dP_=Kzz#2Dkd
zMHSW9^x^%#3IS`UN50DXpcZ1_$iAn!aThv*uE`u~KX)x0{wFU}{CrFfS@%1u90VVJ
z0~`0?G+?yU<@^=nN;dLzDrs|4ERE^u`qeP0JV!(Odfxc!wE=B)nE;@B+(Moii~y0U
z>>yV?p@j2?D`2Y{MrSc<yGvyUi%I4)mQLmg>&x#8*^9cx522o2=v>ng>X7(H#tE2F
zR(#rWeQMOqh-YMqG=j44oCHZnFHgp`jGK4+RXkqiBTx*Nz~(M#2+nC}Pf;FR9_v=`
z@j!>HAXZqm0s5lS%I94b%OC(7*l6Hj9jv|3LiciR`28>~$*?qMOkmI0M8ja1#w8dH
z)7GCn0w;v+*SJTwutH{KP1gPWY4h@g@^QvPY8cgsONHt!xYya$lR1qcHimB;S@%k>
zSVZ^5Tm8#6ut_>ZvA_%@z+9+5K;Xxk4{9-g)5xU6X2mJ1jU`V8b6bKsQoomrFuDr8
zTjckSD%ye^$AXf6nO@|GuId^d25h+~O*4fuIL3Q+#nM4|ehVULOmBl{9&;)S@{C=3
ziDf?!M<Jlx%gTStSZ2a{GZ;k1vH@t=!qqQoZ7N|84w0JpmQWu!jPIy?O|y$|@q*X7
zMTT?llqoKj8zk?5a|i^~jCK2Ra?<)HD?|F>ebn$#*}Fie6FS>b+7L?nL-p`(o^r!P
zuZHH!w@2bu^0CS50%osPM29n9AtCn0ildKio*%-4Yh_4tcC8321W~VXr*AKQ_Uui%
zZ;(#SOXAF~Lu`Sg-z^Q&s0P6V(<|P;GTi`=Jwl&398LPOz9>$AsiLEGW(mGVrmqQ8
z)pB**!+o7Pba0qWB(^r7D%go{C}7roYQz>MNRQ2y`NP}7?{K!)2$NJl^CxFK8D#3+
z`puN%oM&q`f;E%AY`F(qVKCd#R+M(lEmK!bb=&&slkt_0+uo1f;gq*T2T4ktmJgXH
zAEa^QV95aRcdeqsiKmBh&E{(btl~j&IHsE-IDw!Tvdz&Rc2>1iDh$$3?xW=~0FqQ4
zD<KGN7;p=jiRt|H2Bx*47Rg=y547TL(CqSxCco_v^D4%5R{Fi@PfKp6EkeK>m^VgS
z+>7{C)#M@Pn9IDi?wEXeWEklDPSwGy^5#2kYEg*vWg__!vjO5MgZwdXz8R#Ad5~BH
z>QF_9+PU>2%Zc-<tZ=XNJF^tX{lS{B>fq!TVJ+E>tVDL>?n_2*$R;2ITbiOvs{Wq4
z>`Ur_^=2Sm^;UR@rE=D)J{HxI)#)FX+0bI|v4|ku?Fj}#A%d)fyyB*+{ZzOtBY1-b
zh0a?A#=(WPHilM|dniK%9g?0Gp<!}VsbjZ7xk9z!>n%WLsq;L0NsY+jbY?y0(<Fg7
zp*leBC~JQd7t{=)sdG9HkzlLy`Bv}Abal0i^XYbipgGdmEP88e0C)nO$u`@<pT-Tn
z((euFIc^-OJ3b>!M^I{(#ELSIqD9nx9}`bd#=d1SpUc*pe~$k|wpJ;{A}76KbkC@q
zna$4@2wSLSEDDVgc~__yK-Hhv5O-x5GYdU*p~1YYzET6~v4>wf2566ke^-joAMk-!
zh&yJZ3<Ll+IZeK@S$k6d<ek(k`}dh*qbU%!PDfN(5vKLr4=>wo;dtF(!RqFesDAbJ
zw9(9R1mz2FWX-0b{f?QlK~|is&^uB>0a&B;_8&BGnYb&||5kAX`(Z6g%(*KAyk(UJ
zp1mn6c*y3RCPN-<6`iR;ypPwBoP*W{1~H8s(FlBxY4^)DM~$KqZ)Av3lq#oe;K=~N
z-vac40~hI@|K4p=TSPCop~GVm-dRcSirdD5))D&5pu=^$Sp2=tB3jiD+i)2ud-1CA
zD>S;vmt7c$it!|>7lOTY6`@lF=v|;=E+Kg#@`drr4DIC&102K!#l>nnbn4K3$JfG(
zKoyhF?i#36x+>}r*GnaxZ6gI<J5PeI6qu%6ho!O>%R1u%GTv{*zJr1$A(rs*2D3Vv
zp-r2g!bV6a%|pD3=OenwVwf^;osS3ks(YSkEABz)i)WD~@ZhduYg2U(AH*~wG5f#5
zolvl&iK$Cn==m(MdCJ7XA{cAer1;xWt@n#(j&C>u{n9)emX0)V_TzJljZ2cR(l|KY
zf{+awA$bQGTA%s0Dl0t}sU9-n<(l%pI=i`G|0T|5{2Xg`FUMos-yf$thGhbJrPWq}
zQbc3uI=|<kRugFP^G*9cHZso@5_rpF%aFVZun&fzo=_2tt(OWSQ$@O^E$0hFpKrgq
zmQo{`r$c!&FqM#>gH*E74z^F(ifED2@nRam@wwmYl-9f&lcv^tTTGsAT!{(FSj&#Y
zcP+h}p~;D9cYu;GIw_o?tS><UZ3DhBcPt18vV6!Q{K4238W^w(cbq0D{LWA7`W-px
z-~Hx)^d?}EipkE9X&WtWwNT1rcMYAA%1O_p1BEseUXRpyo)@mE=N%cI_qm~>tcnj8
z{L6(;8{pXSMoaU-Dg35)bP6pRfXX_Yy0zdw=H|Aflr&QWIixm>pwlAufSV#&DLK}i
zPwFGuPc{C}Dvy~+LYE&Xa|R8!;MK2a56T|JKx`L_h^YpCvF(_o-$Qe&d0mf`Yb4Cp
z@^9503g`XwZrF2VwK*x^k|YD>TbU_*WwjTD6ClZ0EZYO|1@XCJmb?l07oV^w!PO^`
z0dHB7?_}X^cAqpGa)T4quff(cr-5${ms;Wems0)9i9vkeK;%x5HRG9e3%NE!aZN4a
z0&Od9m7LAId|4s~U90g;FtYrq6J^l2H@nr8=<_%BP<;2(4a|<PZuj?B?XK!c7VnzD
z{<*OjbTV+u-@_m!iWC!0Ota_;w0!ydNpKIFiX^C%a)>KSU9xx{Ii0sBz;0bQ>n9rb
zz+h7dsk9}CrnVLll@5Gz6P6JZtAjHGa7zxk*H?Nt0@)@(93SUoC#C1En|vR}eIfm3
zi2z^(bzAO6J1UYR&<Fw-R>fK0(Bxyyp!XPWM%ArTMiPx`dm13s{WRuO^fJDFut4YF
zL?EE_9cxBmATtQszBodA2m!ivVRzq6N9l2XO9(e*a5QC0Am>f-&s&t(@L{OM|0lJg
zGR`XcjK+oc4R1f&J%@<ZcIXtfz(x1<UZ^8SGlr<~aR!pLg=2&y<YFp@np_jUP-D+l
zZ4OYZ$=BelVf;`zIwMriHlS+9!zgG$!bv>&627$8BPLc?Ik2IJZ(@w;jzrEEVE4Vg
zHrx7CUO05p)veuMTpwH1p^nk&_q4KJSq^5@hnw#XiR`&%z?fO)n;cc>R7Q9ElmOVj
zV1*O6uM`YCeQdHkI+J$a@DlN~NF|@D-f&Tw1nH@!3*E>2k4TB|l?g#}5lM?Eeo&Ow
zjv+rUR^D~Zad@d555|JPapOaSNvXY<JA>-eKE<QlW$Yy{R)3X4VY;P<H<woKXH44&
z3N)6MAQWp(yfm}s!MeJ7HVL(u6%i<tQqtW$y>%dws!iJ2@Q-Unrkh`!Z)7{;8K@0Y
z9&M|~9mFTe9z3Yjnw~9jT)m`<9(3gal95avU!l(F|HDP=?kc}vbqwr?Had6{V2Qxy
zxVl@AMMY?&`f<OL`#)#9G!*}}%hc7mjzD!aqL1}ljb2yT66=(FX6nriK*i8Q21CTy
z_V44@3jpv|^X3;Qz`V9%0sxY<6h1vt)(H`ZmiBrg7_W4gm_92p)K||Zz#P9wsBwzx
zXuv!n0|=&;v9LO@E1&JJx3BSMD;u`b@%a5o@*sOs75cipQc#jxsfu+VK%21*gN)el
zV74nUWSjSEiWpwKVao-lSUQ4mTHU5-b3sz%Rf#YeEB}rlE`drH!j$~OS9m~ctoVgQ
zv~t2(!P>M{Bm@2gPe4K-J1v|mgYt_ma#ikR41ax&nm8OJ;xo{0RU@uc4nT8AJ7#2Z
z#-_x=i?FdpWv$telJZl=%Cx}gIlqesDpcwNO6nMmLzO;>JJdryh2E_cQwmOYGZ4pv
z{khaA_A*QplHgje*?>W4JZS<%_*gM7RvX22g^gmg?FCtxuXG^sifMjmcimBp5={{$
zj^7mm)3-S8_MT10TA09RoY}@R>jJh$GnUJ{TRKet=E;%xYRz-P+6$M>_{Xd6M@pa7
zLXJfrFEGr5c0B>;m8*Exp}n`Lmc3qIxqNb1k{#^xU-Pv)nDE4NBQ=(zECNmZ&rBm~
zk|~MWrR06hcnN&?2PC|}&V9HejWr#R`&LsdT~hgYC~P^H3!vhc%^U?a9$2cAqE)E?
z^UvU65e{K#4to3(v2MABPMUvW_o_TH1lL)q!RZ-Pv$Kx@VQZ*)Bvh;&un;(mC~mdv
zefwl2_#jI)eSEMG&21u`mxhgm3Q%~1;J1tkNXtW%t56McIH1pA*S3lH2IW2Pu?R&g
z9NGIGPjR|JmO+v;yl}eTl2{L&793PKqYgj^n2MQ1I6%>?L4Ye(n8cwI7KmH5TZV;a
zAy|%OIdCg_;ohh+qae^VcM{=qmzH~uImVR$0lp17-hWRfaTUydJp-b}ef@qk@g+xi
zEmIYiBTDxLLoVrO(VvC`hX_eDtov%_neNV~ed!7am_rP+kT<)7J0jdTZ&LdAwqeIO
znMD+fYO(*i1%EjAAZNLJ9+mZ9Zi*(IWY@}?nSSr8bLmYm&jv;C(Z|UC;VbeN!3d<O
zcCXbeeapS4&Zb}bkS-(eeTk@^3w_5{b>zvujlIY1p3v7$fuh@hK}k>bX!_w3*|Wk@
zLdgb~W!*lK^n81bj9t=Ae(YfWs;%Pwh=862m0*2Yu{m-5zg%sp<G_BD+`3`r?|q{+
zLn#-@Iq)?Ny`$)XcuC@#`jkM()Dbp5ieHE%+$VuHF#J|Egs83JTcOf#yq$n|qGtLd
z`WShW<J%*L`3xgM10HRT(*a+6f<bP!4Q~mIeTgbN8C?e-EGGf>4-sM)*FDw#4cdsT
zTy&Eg7E%>i`~`S`FaNb@Zgu>VDH=^LOb}w(rI$PT6;*7_KUUT}hUW;UsQaioYqcv%
zcC?aAjBV(=baqd!J_nVcCxN^fup|+|#C#_vHLKoFI3cl<3h4@=ruun`Y6x&8DxF=N
z>n{iS-<bB~)#Yg6Lh8$A9USP&A!ptRwKWHvr_HEk<3VdDM^X!t1uk3KWXW+G)4ri5
z41?|b&mohsaSNBMl93Qc{fpSZGg0K_)Z~UdmhrkoRUMZfvhJ1dk<je?aAt<%=QN--
z0S&(O6t7XXKyBvsYig5S*+hXj8{3Ah1ev|~uN|Xj%sBi1l&o;-?u7`HiWU|gGsCXn
zW`jz&VH}&FhHCS7sVCtk08o<OGY{158w6pB;SVLe9dIIE%H@Y~4rH-llQRrwbOnKZ
zi;S&A2u%lgG^B1u+}_WoKN%b~m}OLZ!tE4N6XRqU;n!u}zK_Dl*ENAyvJPtEJVDTw
z5iDiK&LgXV+w9TW3gUeIefd*wKMv1;oKRk5mU5}}VB)xOL8&I!!_;dvjRBxiUra7n
zn&XA4>yxu%4P#RO9GrQd2<W^hK^FqLRaK1w>%SNQW*vUDm6l+Tw0~|~7}<MdO0Tnz
z@sOY8b01d7Y>8WnYF9{MHnSRQQ|+D8&lZXZt7dxT*dMW1>5YnL2NTS;Ah0GX!-Did
zS>!JO8?RtD(@tZ)#32z*k17O!f13ZzX^A|}Q8VG%!dA};Fdl6Kl5yponSYgb{v~3n
z-cXfUU9g%BibhLUx&6&(2nHa{^WGe7(5K-7^TY55N3C@<p?0sVie_bCA6+fdck-|S
zPvauo8@3!L5H~p~sT_*VYr&DK^tepCxbfc|41XpHC>!-gwq;uiBdXYj(t&mVD$S<M
zJw@dXR$Ba9|02y46#|j2frSj35&u9)FTjC%RL^dG)(a#JSe)j)*%Ed@*FnY-Tam`B
zcbL}nkN_28v;7`vs+33$I63xM!MQ4fo*h<pkl7O~kF#_8t_g?5ZAI)XaPJ2kIU!Ps
z0ZvTHoMOAiQGD5mB;^Sh6~j|b4w_T737E&@K|N)Jga+BKdxN8yX%NzivQl31ub_aT
z9f#`A_X7#8nknMor!&p(+Sf@#>^Xb)QZ>#vAR5zLt{_zbk1eF=?8iysXoNWl)42;r
z8<_hT&*iO{mui#XWTBo_5>$MpPMoj5;Dct&+nLkpY$4}L-ZlYNb>~aSTZeGe*7MAH
zIt&qGyRA$vSu!nX&tV}ru=;e<hF3xKv&yLo+|>Yo8zC_5*h)gB-OXatBv18}IYnLW
ztPcfd+GAd_uXNr1?+a{uzfmMIOPpbM2`NFE*4}ZeP#@Y~53@H|S#O5}5sO1;JO6O_
zWxs>qfq`0z_C~wASKo}+B%6g3#ZViUPW{}#uDGUHJ3||_)TFJ{(qaz9Ts(ZLc`?c|
z`+KI+LQ-mh$C7(}*iCNJ83kPOCygb}F?_9k;<+#GKfg6KLN=uyQryYb*sqb2r<re0
zb{BWUluy1cckHwyR4P37n3V9_myfQi_=3xY&lahz2yqTj&n#zSNSEc_3LJbj5Z|9z
z%qK$J_-jBHqD@4#mb&j`Z32Ta0C**XxH_YFR-|S9CnRx92f-pl91rKMPPS8MQmkMc
z;FMM<TrlP7>h;Dw1w`1c=xXt$KgId9tm>6N%hy6CI%hfDuNlRLQRcxocs-y=ozX`r
z1yr+MR75Z&KjZJiVVz7Ia{dfq7_`LNv&R<KbbWU2=k}TtpI$B@QNK<{s6DNWlP;c~
zxt}e{Vtypc`cGt)(g(l_{28cM!#Z%nGLf_>+dK@v45X$ra@}sDoTKTlAt^^$NQ9>+
zF-?m3%FpYzQEuKP8m4Rs=5}a&VY^o4Ji-@t?`d7`dPz_1*<WQ6u!!R;B{Dp8yTF$%
z>c83HCaG*PrbUMS?yUbbP`;#|u8n*t31cnmb|P_d<7q~_J7u+|2mgson8ZS3DH~Uf
z%gj*VG=;k{-M|3B6mX7qr>ie)l+o*eh;RnBoi4}1xjJk^6k~4=(u5$2$J`b-L1hNU
z1mSJriRHKGf3r)?OlvLqs6S|inEJiwnoLSX<0W%J991$up~i_!a-*txN7aj^lOTqE
zBW+}T-81~k#5QQSmUaliN`%hff?ISH6|==Y!iwF%46ap1nfRv9vr)g{GovEY)_@uB
zl{D8-xeD0Hj0vWRhdXV11J-M=7AOk+Ge2(*P|z_+kVuezDmQCzG=an};WjE+uef=W
znnLbxU4G<iX*?vxo!Z7H%-2rB%mIX|AcLh#>2-FI69zQ2$x`9AVJ1udb+U(yA+(~G
z!$Ffut#IQK;1Lnyi9d_LEc~zzgH05_fk9t$hKfE|xU2>8PG*8Wor<c>`NR^_<Vsy=
zcf`6?eER`W#EJ4cM4BCKmw_6|ovV<t4CS~9T1qX^4MKn)Pdg)$dErqvynw;i241$k
z4yLn=&So1*S%N%DX-^b+jfu&C*>-IUZ1Jg#f!|$Z#!qey&`297xZeMN_#RhRwQ0~!
zg0us6^^w{J6<kb7@RC$nB`NDEEWwx6!zRL$V!Q`pHO$7HQQN4`=ZC9+UTdX+e6u?d
zHgeZoKU2yubKVpT-J`VG!A(JNsWmM&F3h<6DNTa7y@DcJXeu-l9iD^)27(8S)5AB>
z`MVfbK_7wV9$U6xJkO0}o0~jJ|A#1kVfK*aQkfLS>*$bMV)E%kdc$yi4M%fU+wq<z
zi~sP;0>+^rL6l2vqYz|*n;vpsTog5@vy?n-*fTIJRC)_Z?^DvSv9ZM(k0^`P4n@J*
z7GHQZ=SGM5JoikxFYLVxw1W6nB*I#{*t+SHX#uFf!3qp{kn{#6G1`Dsi^a<MP>Z6D
zJ0qkfpJLnM_7eq+h=PGV+bQEj(56YxjYa~?&JmUb5?tu=+|2-;89RW-=9i$boUo`U
zp2`;B|M=@+i%hN8k788bsEmy};0gE)PWfcwI=7~Y;mrz6W?KU-DO11ugu0VrJX_yI
zn1MQL>VGuYn0Y(pup+2kZDEAP^1)DqkA*m`#bU<?ZGG5TO)HvXl6&me?ejyCiqB%z
zWTdMhn`MQ`(h8i1j?+<nvs2bx3XunM=stH)mI95Ev0{a$qxVK&`-cx^DWh+o2XGbk
z0$lWD_rfh|(=hZ$FLx+g!ZDROz|0{C1_E;2gv!Kg8C?<$<Zr2A)Q&z&FIp=^gGm);
z3Io&GI&d%u!{r{&b#B=g4$19AoYt6izau#;?=e)l<u{?xBm8lhO&%Ulqy7P6LErBd
zyaZZiCcXRNi)o*&Fl2BM1BV)-T3K;}0-M}MUkf*K;1TlkQeEkj9&&2e*gMhbUA%%z
zBw!}$BklnmZ6tv2o}Dv!s2aHn)>jz6_$h}AgOc?f7gDsb`yPr4t1qL{rCbu9LE+&{
zWl2lI&1VY^z(MKye%+*MFWycbT(``2tEz80*buyaZtrlyG+IGu+64h(wc&(^SlYWB
z`Fn3)mT(ERTI$$}I2>Z4cIbIE0PU7wfgQoIr>nP#mSr(H-wV$O;+xsjuU&g8q8=$Y
zk22brWHE@Zr*hV=wkrE36}(ijooI|RXX3==YouNeaWZKuV1~vu&>Gfxola)!&3ZBZ
z$TI_~+C3{kC$|;guTJ5CpSg%cdWinM&)SL&vdcGA1#z(Mt1@1-eJI(6&a=4Mavs@j
zs8`FcG~r<G>G&{cyC>!HG3w(20hR(#S)^_QA+eY&{4I3e+lJg@aAEkum_I@VIbpb*
z5kR#foZ^UptYG#<Z#zu#N#Z6lE#~1mrNJG4q$p@{pp1ensU{P+qtdW?dwq)33=(@1
z0T?dTby4WaxIoBa;9Q~4fBYg0c5O~$hx8xQh76s58=Rra8NB|BSBFWuh#`HR2zg#4
zI1YKVoYXyeDOf%P;X(tPP_LNqtl*aA4(m%9q#jmpKU;JCdTwMa*9WpHPB9Sx1@-qd
zqWfcnk4OiR=<9f_2em#D30!i2y-2NbU`r(Rvw-`56`mn&M!~0@DD6G|#MegK?}1HI
z(w9fdPR{lLFguZ0z&eJxS=QYX@B$Y!s2}u6e-Or(lV(?)EZNUoF#f{lKX>g+TX8vT
zqrA2jiGiuYU)o;n^<qL2j?}a&_fgHV%G;@^1N7KTwU?9s6kYh<!)cf$O++JluI%87
zbIP8{5mBpGf?OejMnhuDs+!mvl>J%kF4wbh(W?U`Q<U1%)E7$DBIX5p<|oEWUOkUn
z4K?pM@Fh5v9*fVkTUu1Sigx$#Bi0^%*DBPJ@Y$GgE(s~iy8SbPG8(DE0$TWwYX#e4
zleT^cRfJKRWy6Pzmo{k3rG#E42A>y0e5dTjBHn*v3m>5kk>)Y{415c|^yGP%jvfZm
z=thTjo>NuWyUh;^*YJFLM%BYdl-m+w#AmZKBhky+)|(8`T{t+TSAZ-v(W-nu`Stbe
zxXhM$v`0R<U^X4<Mz)})^2kyWep={>ZbVxAGgb=)N~<v3<hlv$8`1Il_@xLl^C*XM
ze3`T^W!Ja1vdJx3ntE+Bgoeu=Pfgf0%*if#s8un@eXJqIz_Ip>08txdw0RFjTMzyT
zx*QZ6|G0w&DlghCTYViotY(MNdALtGbNNz@O!<(z#JN&yB&3L`1UE9oCaR$TVRm=B
zL1_qoo1S@J`&8z@LN2JRgJ$q<$XIHa7J54_H$>tI2OU^wyy5vZh{Evsc-rW3&xh5x
z2|icJu6VwR@U40ct<KJuzMgEWjrqbwJ5jD&a&`WaZ4yxcgx&z1sWg&3BaJ-zR=~X4
zYvGAqMlREixbEk>S-dPE-e&RRB-8d}?RS-ZA*8hmU=Zs*aaj0|SHH>mwUhA}WtC0J
zgj^(!wx7K)>=pbeMsSn_@zPK9%SG|OCn3y%iVwvWo4PA`1`H+7%uEk#A4$yY$71~O
zvO%vAR#dpez=KO+dRitUKGt>=QQ0Q0v`rtgU!>urEZzpkYB(~G)U0dXfwcn&)TRdn
z{{jB70}=%yz>lP%@%>Yo^F?a$47Yb(S=$jS358{JWmKt6sncK(r0X*V$G}Szk7SSU
zoPF3I+A<zlbWjeLf5=x$xq!u7Yj%PI7=xcGI?1|#E5SpA>y8p6_sC5olnJs<!Cd_d
zJ5KycC7N<?Kx8#NsvhpGF!68EBb<W541vbgM~dhCgZ|zbl*JWSwrc|2Sx|<aX&MUI
zT(Ib@Tq<M`9!efDtt;27J3j$51Gbct;oH@B8S_xzBhvxEkrAO9t|X@GPoQWTUqC}w
z6;PqCELFs}LO)-_!?GSpjkxQE`^NeN*k%@rm#wWPf$*Z^D7v)j2A5(pFUpO^Nr55g
zd2M>S8Onea9Q}c8!uXr=G$eM)@ayH8NHiEK@-qUW*d3-JqdV_^S%#F0Z~j>U${Cbw
zfk0%1QD_0^@J8=61?cgk|M*EO2kVPOs1x)sN!Tn+9HOedjM6<v8lZ5_9cw%e5ry@M
zP(GNPAs6R?hE6gjs={n?ak)?~-PhG^WEA!#JUq`ABh;}9iIi;5gOO)l5`o++J?O;G
zSZSCQWe$vIAF8S)C!G}*Ms<tII>ydgXvQ;K16$^NBjSBT$N+T4dTK{x!!jpMIl*j9
zJ<+o_TALc88Mu_E>)R1pp=Lz+%-0nNS?37pQ!x?T%D2|KJsp+>2q9^~5VxBOdFb~d
zM3o9gMDQ@V(j|E*vpi~M(e~hl4BiUFWxWqQU(|wQ(+Y91P_#^7<aNXUI^f{AU;{xw
zF1n$~zbcMqmCtXVT<wtfTt*TC-(?h;kY?vR6VxLWH^og=3D#Je__Gohy0PwJC3c4?
z?jHFu4B%5gHA3in;eR8q|EXT9Nx?a#xOH*<WE@-e%l2N|BNh|x6QJ~5iW{yojGc>L
zq%K13s>_Skj#yGV!Z8Cag-np_>q?-p*#(xcf)zlo9s)tGcz;m|NDA}a<Mkj<6I6|U
z;xb_1hDQXEc1Ng2R?qG>i1wwPx+IZGWC>O$^O&h8$ev(}poGzH2Pzq(=^0Q_?qo$p
z>@Sc?q5ZySJ_!*Yu{${;6!r4qEB3(7IR_<|p#zh<e@rl9OYY<GQ)0B!2KTV`wUud2
zA|hgoI)YAp=l0QAN;G{k1_r{7F3yK5MP_D#!V!pNQ{`a^c&-XbU7t9g{>BM9j;4|y
zeLr&V87D>N+@5X^{yrphiXu{sQyQ4G-6-T)RP_`LvrK$B6P(0U5B-uNo@+^mwcFIO
zOH0e_{KH~>k&$bFgfcFmoMdH6lf0`Q)6UjJUGN>A{hjF`m^ItuGzQNiZ3joVlVy!h
zdbserUpXVxsk7_&s`ZOu;0o;X_)q&Sw(amyj#2kRXBp_Uqqc_dqwboe&O%Bwwko@F
zULp;<M9Q4WhmKWdU#2xh*rB6c2`a#*sRnHH0QOC;tbC#~qll}zM#(Mp(`LGV5(F>i
zCuqv3AIu|)&ysYAd*<3+>S^vj*%iiYz_W2OP+D4N+DaVQKnHb$43=@zdUhgs%-~ck
zF30vKNmA||<Qq4Hzl;vq&_nm1*rYHLj{lq*!~o`t8qUsFLnSU7?)2%fh3S|#rFzFF
zA}pLsWm@%D<e`7lReMG%<SRNr8;+8!{%>u@ChNjAX44kP#8)`@rdrhO7eye@JRrz-
z`fVGY%HjE*TlA&}N=Z&Qzy`LiWt^bXsj0K+VtQnipGtCrgKM6E&9ou|)GSmiASuP$
z?^UKq#f+Ho**`~_OXWw5X>M;*`K58^IqI3(%-Ed2m-%KT0(ITs+TtSY$Lucnboeg7
zRbcD_T6$XG1Wsm-^{uIqL-V7vGH-bF?5No|-~L+joM`=xUHouPSd++dD&rGr<Wat0
zpZcNH?3+g4XJRUui1hsCEP%<oi0-!7oRhe=<vL#pP)LH+%M%Bj36<+B(AbE$X{0x&
znT@m*=AiRMfm>gK)Jy9)s(c%8++<=J0N#dWcP7t9udQ0F;3>>_g-}Y*X)r_uk=a_S
zPRWq~JmHi3ru;y!p6O-;mNa;F+iSJpb(rbP>yQ*Xih26N<BUVrP~eL&>Z<WL0O=X>
z89U5`-wc-?Dlujl?VCUmA+ndM!;&%8pLKHoD!lzN)NAv-Kvyx<oBpV%da?$m$w^Ce
znCco-vZz@Rn?cg3Mz(E0P{51br&)1zCoB6F5yzD&bV+x<vit%lB^tJI^zlP|X)9i!
zP97YmKl89KgKHvSsT8rM_^XfVua?Mprx&ITx({Lc|3#B8sBicY83dxhd}%PWcX~@F
zgxu!aBvS)EO0cup6qEtWNPWFTrzaEJCJi6NQiy<L^Q8eB*ZbDjT0!YTw^#obX-f{G
zI=rNI6#k$43nQbcH<r)>X(vMgHZ)iTI$0W!;nApV%E{B|xL8irXvFWR_8a-`jo~!)
zI&^psenSJb3oq`N0x!Y_XTrF#-Qw=LDmV{&3jDa%Vx<_4PXqdXAS+!4IAa3(wUX+U
zXPp<13&M~m+$L>lrBZ7xAGurE?|cr^ur<iu{wFY3zud#9XW@h{82BlV0?2d+ua|SG
zxqHjTHKEB}M%wupK0afj#sg=KBQ9ItE@Lcg4r;prRTdfiTj_j8&w&H=$S1jZWMN`g
z@IGoYceeID1ZRdVEqZ$z^Q$4CW~2<6w_X8MZAW;{(@2slUq2J@L%bY`2d+s3LIsPr
zCmOS{U8&MaxJq&$_~@o_#pBu-MgK#X;-X3Jw-L%16#JP_2cvq>C*N$Iy3c49d$9+Z
z?o9w{h&PCX3?8E$nF=+OsPnUT1Hy<l63-Hs=EI=E+;+JDfG4sP5CEPrbXTJ~3>f~%
zU9CDPm``?zT;~d>O}z$KB(4y>+lyWvzNLzq;!5_^WX}_^AZG}Xo$U`%fdDQ3p1U6*
zLHU%^y$|2##Tk`Rpp5gLH6#l8c@uylsU!COT-DO~zcZLi9c=zlJo3EadNj^dt4#b2
zbl+4iO1YrNFK~$!idavaxLh%by3YCCDH^BS{HVWW!3rrLLq%(BR0rW=p4EPcA2_ob
z;!K`3e1%aMH%w&)m`A*JZ7fg|lJIROT&?}Bpw5Z#F@*23)E4U-fY-gzPUeBDuFPl(
z3!Z?VN$M3kE7bSwJ-**OXTDwk#!ktT^ccRb7{;B0yZtb*u$(o4Y;bEzk=<^<JU}76
zVTP~2Az(gGlFzf2zI<7`trp#2o_x6QbMKtiMR6Gje!>f56SU(Q57^?Sr))}3vz&Qs
zYb9dXomRAQWZ1vP?FZEkj_;2+(UTrzZU*6yy2W8Ty9v4mxCQh?5q-^FswnLItee>o
zl@M;G?zHmlDeb(t*ajm>Ji24I$lMMqq@creNngX0&rKOfIj&*TbOECn!t%aW@1XDG
zK`wL<d7Rcjbg0rT$;a*vMjMXzOp4Cu9)2*y^XT`Sjz5WLffNeja{O4gJ?BH9C*oN!
z=eXCFHGmDy#XSSxjDSS)?A7|IZ3*e6#_g|2R<AXbs+1}kJJqM*U7Y3^G$`HGnLmhq
zxGWW>YHl0<U}^9*S?c-DUXr2Vhl;8V#ntYe90_av4wBGHw4l|QHZgH&QGZz2J#Hgf
zSYLZul%Dk;&x&BjwPk=1<8i|aH!@|sOUT^iBA)$Zsl;>gkKHI@ph~q+qyravgmy>X
zQ?)x5)wzu=KBb1K2pdH;Ato}39!X^3>JPN(!4#FctRbz&x)a#lfeXj%qn!6x8oN-o
znKdp4jPp0htb+ly8(3t#JyHx|t2<ZY^1bcXr1n6OmgntE89fF*^hE}io%>LcLXH1B
z8~x89d^ncphG5lN3^_e^qF1mRpLfTS4o6Wn=wsmM#t54^&r!=Q_ToS3&>g9z(s@~G
zpIRQdCvOA9I2WpPop4rV7$Keo*zS_H(YcvaHz|i?XL}AIAH2~f<W(ci!*#n3P>Dju
z`)o$Id1}guzli!&@Q{M&t`P?ah&)(z?&TIrrte4^?Ri4$8FP$FDCexjliW(y8<}pr
zB;K0ecljiWmg+G;VC1ALuA9BEPP|F&Yvh6*61hDULGA5p?DbTkb#skGhtYp`{FX%W
zd;uQ|WYh`e(7X&3%m`$9oz~CB3LZAL+*5dnF3CicGFl<RC{Ms7hg#FwWnQIH=vJRp
zK8vj}rc)}vskxTRF{6Tk=x22ezXp;Y(Pax<jz-(Us{rrN(f|y2IHVM|7^?z<m6w<B
zr2MefTxkDAw!a)WK;<1XZ^qXt&XH-$in}@Ke3`)MhTm7R*n2Nnw8SerP|CPQW{$7A
z#dmi=mbdbmx+ZmOz%fe9M8RV8clJZwtEHNiA(+F%?8M)eJ4sX-J|KZW&EURIlLH@}
zIdrgji-j+0PIaP!Ve41=G|}q4XvoGo6F81AG!c(587||5x-nR<|Da4fH2<SRH%;#t
z$3@88@^Eck50b)8+`-Yw$L1LGG@Uxfe}7+L!cy#5z!wc-z9p(a{B2Fb$We>y?nZJo
zwyD9opCWIW<l^yM$}qbl{Zw)h*WFifjo7^$15g3QtZsTo%%*A)4vU^pY4IGN{t6%h
z-9Rm;b+KwTpg~y1k`$TU%5&Bb#{Mkhi@Q-`HM(WiV2TnU(>z-y2TFcX-!98@Ruz7U
zCU2p`Jr2`$F2o1LZ={kmAEQTbYmka-n;K3oCUsmhMAYj2@M$!)&Xu`r6GCU@+b$`X
z<;699!N%5u)IT<e50}L^nQzwdbQ{-v&K|<(Wl>j3f%_Q@nJMGNKy&Wa=vaFIA!sl%
zj4Ilb;3!5+<f6-G_{znU#flQSRJ$csABs$mHJ31KvB{gj)7ls<-E0Je!=3HGm!X&C
zrsHVCad49f^QKd@*V9o3vmRT-qCNY0!}aTvOTXGxOr5*lhV&5dS%VlG5>_;CHN&jy
zDi5GiAg|rrjiJtN{p(%cphAYJFFBEr(NnM=tF>KZk5)k8_KUVnKqVxOPs0gXE9h|{
zPxs2Mh9N8``*c@?Q3_n87Y}4<<YLLr&l1%85tqCzvuo;r?GL?!J(?^TqB8nW+vKK?
zWY*49@4A_Qc0r~ba7k^eV2NHS^rI)Qw<)yTF%Ahx(d5YXrdwT8ORX>Ez*2SGV<h%(
zo;=pcPCb-j9y<v;_b-v!;vd(he=={t(-pMa(^Eq<bR{sUMd>=qKJKaV{*M}8!9`sp
z4p}g;ADeniPTeVQP(3BfW4Fu<s_S}+>;PKo9`hz1p89u~BuE__w+ISipHd`Up{aNs
z2O4X6_mBDQ!?Q(6uYTI68+Q9A%5>HDhE@02K0)JUET59)nzW-d2N2u<Jhc9QH^XI5
z&ubsqM2gyc6Bw2*fJplwrzXg4#{ndK|AoxW%Sxa;`+iVbC0=De+ew3F33%1EMBFvJ
z!F;(Ngn3xjtC9cG(%}kv1RhHnjHN~zyOT$KLKKczoz_EAyYt!9jo;GN@||jBc9S{W
z((oxsge6@<5%qD^tWnzlBA|aw;h#)>!l}$6bfw*$`bK(xV(F*pN~Qw=MoyDrHs6$v
zju@5U`;Pk|OSh@s3KX#{XQ?lIdM-9JPC|LX3jK)EfXEH-VwiHwi<JV4<3M^|hI1!)
zo1voh&O<%p$&ASiS_p>t16!58&(qoInQ#D%`{I2?JX6syig6fAmL}j|1cSC0Bhyc8
z7J461qH?M9$-+7-%lU@4HhO#_^C=N~vz!&Rg3mL+I!wci8L8`l><f<Smm`dZc(Tv~
znCbjA1nxE|K67tdaCHP^(C}<^M`q0q@t{RFH{|C-+rYiKCf(p0RzRnQnRLeM5LNzx
zq9FIKP%4K1_%DM<RyG;J?{G!q)U|95+}^RSV0tx3mA-RcjpK^WP_yhZu9HT=!Kgs4
zA<q!8?wNh4Ypc<28QWd$-#ONXw9YdqV-f!EB+Pp;$5l9uKvWg6zIoxXb%NfsH{hZ{
zj&;2TkPg~&@{uGx4BBK5ckCI+vtb=lCnK72E)0$buAkP95tBt7bu#xlya6sN@EK}5
z2se!l$hk`oUd}}I_%k~#uskcO2fWqJI^{~!MXS{pQ9KrU+4Hisgu29?#|@gc&4uRX
z!bJHM1xAg+yg64;c~p8qzVz@C=q#O#ODaQJi3h4r9i96>)~{@-N;}D{RH%3~IH+7n
z5R2qZosT-N+MQkIaw0e$TwSIHN$W9Q{;B{7efl~sOQ~3Zf$!%~c(sbNnpOJpZVn1a
zo7wHhowH`re(89s8PCycz~KvGi1wVs7ndWxZYJdc;{AN}m!_imA_6CTOd00Y48Xep
zW3kGZVV&m9*S?jlF0*<JYuL})4%ic}vVvf)={b5YduvGEq@>Q0jK^x^K{}h6O&&#?
z%+%UFbgEy5Kj(mekDQ2WLH^UVq0{&^T7*Q@0x9rA=ZWaV<a>jxMC#9&T44v2mBVx9
z=i5dWWl$a*A>x=O9YHaJ(GpzO!W1bRCPC$>gP2&HH-3c8TvJ6mf|%<lBYz~e_PP-I
z>5wX)anf@uhlM^^D0bJM<x!|b`6GR$0`Os%_S7G~w5LmqN8+t-074ut9$YF^<g{U+
z9TguHaXc1!xSaZ5TP~aEb~gM3%7sz&2R2tQ5G0RkTVwyw0E4K@wQfvZImNU#dKkO$
zz2AM37zlQ`Zu8CF$2=`8s~Zl~+-}hc<RD#k2NaIDs}}l~OgWIJ*nThdE_5YIE<9zi
zNRII;jz2RVW!Lk#&S-vmY9a55V%*9hf(J@t4Or)XoFm4&p1J8EK#0n}G$Q{TYJpoA
zv+>zr!!DPUknyF#!H<sF3dmitKMWpNT8sRILOFM3g)**-_J0JxDWM<iNr036*mKcg
zVMccpY80pWmM{kyT3W+W=%dIEGLdvd{yS(t6l5yv7kCl~P!-DO5_jCn{Cz)5Xr$}y
zP}*uqbW=%ur%#=!tgg2)OfAiuK!(vGHU0tUD*0|pixcvnH>Hm^Olvs$WA8%%D__qh
zfBOkSXT~^!o4-8QY)pK_i^tlSa@<b^Gn>mg$D2pb7TI>wkkZ%l+HzseHwTbwN$A|u
zG&`Z@+xQDr&E?vZ^*~+fo{QOXbFBZe82v*BW||wg70c{iZNl`{_EP0X^&R<|?*72!
zk37@9L{gF_W;abS@!7O!8R%BlqXUZ(6N1uLF^_$sqo8!7aC8Erz}yNbrUu_+U4pW~
zBb-q70_a2(FMV}3U9FaI+^B|l8it8iHu++xmZz>vqyuljR)WC<D;EeZ_3Q6&Ho6^o
z;=<7ACJ8VeQ{#Kl(;AZy)4=zKmjcW+4&dnI^ox5p&i)<TLZl#hB2AlSbr6`S4{VtM
zKb}b(z2f(IZ_3}O^B4la!o$kjhojQEHu)*5xfFvwk38FSfr<~f;IVgK>1V9Ev>&W)
z@Rr(VA$OCrx^oe#Lm-*dU$8<1q#~d0=~{yln1U_CHFzW}RFx&$7!~PPiJCOOhP&_J
zhNq>h=B11zUX$dwQ>++!J2b!b-P!X5bn1@8$B&vFi+%Mk1dobDl^;R=B>ND&=mD4I
z;1GJ(|Kwx~kP;H){;9}8v0H|9&5FPN1TL(~(?E;bFH9z)?7??>t?a{`ucqfkthb5H
zF;`Oa@!tWv!YKp_sTaXycF9}f6W}ET$4gUFOC*Ds+o_=1G0SP_0_11`fONrOW89a}
zXfqhF8FjJagt(~-#J~cbpUrLr7HIzJ$#T$jtyce_2DZPNAU`e_>nWoqQ^0WKtQZnL
zBH465x$l_40+S<^S){Pr0D2ReK{MSa*f+6hKb%l%m-u$$N2uHDnSyEDnB!8idAJrk
zBa~2F$9%$3gmT6kj^}lP(UID)2{O;4q!Ztv9XGOSiel-pU~Z~je}vPzgdQNRy$Riu
zOt!;Lg!f`H5y=t_-qoFU`Vc1Cf4a6{=3;M=DH8nXBNS0CFKCbMo-1Dv)>2dDW0oYB
zlwaBGFY7mhsZ-b0+`xeyr|GKv5QHXQ^$OL?g}yw|6L4~Nmolc9krsK9=dZ6$2WH`F
zYlW^;Aa4Oq@|r!azS@}3T`sdFS4&S~4bhBV(AVt~HErH5p8;__Oz({U_TZQn6~|(_
z!{FF0{<j{gHIl5%el9rOhC<0^wF>K9#E+0Ivs^oo@Hl<-YWTOA^}qz8N)y|=l)Cej
z`YTw#7;bi3#QdJvDZlV%S<dU-{7=IwJ<tY)HJtf7cQkU>%N(<Kc<uTtd`1i{0@U}I
zjS$Jtg@uD9@LLiDw4{KHK^tyM0<=+q142RhKjA#Lu3>bq;a@HEPO%<rs3J|S@*x){
ztgWYQAVm&s{(@Ce+&KVOOXuS12~n?F?CM;E`uNgeG+Pk_AKS|dtF3$<qnt{{RI5;w
zM#fl=5N$<@YY=U1q~`jsOyL9@hU<5R)0FmCqxb2F$v9<I7q65~%Ivn9vD`9%Rzd*1
z0#4y~x^NdSiAFLhE@W>Gafh>Rg8TT8Tdg_KG4S7x0`43DNwneO?kok)`5exS_x~3f
zX0z))vhwBudjo|0dh^D~41Rxu{rbb|Cmb)>xZ!w=oql~?{wb{>R%iKT%e!UqhZY=d
zdr!vpA?RBdRAsnG+f%eJtd`4G{Ml16JoTvAn8M+t1B_HBrgoxg5ZI|5!srGF)Akd+
ztE&oQu|g*k^2Mo!tkNh4t&~nB#;we#gHEqnA!*!-i@o3n<-jNijd#e3_@{4L4%qyQ
z9fl2-Vzyn-<Ro&QBHJrZx^;9Pmx=zA({C$v)b43}gzI)<DkVtVHb*+4?w%;5u(VTH
z^dPCFPV8$u1#fs}K<NTNx#voe#$+HkW3M=By!cG4v)On&YV|G&c*$TGtCn!<L$LLE
zve9!7IO>t7j3O!|Eo;1$h9CK!)f0o|G+^3(?<`ty%!KPEv%}E~^X?$>0dwG!$b^i|
zoAu3Nvlz3w<=A)~<k1R-Kt}Qv%6*J5N17v9x?TzH`?B*Hl(6sC9yE4=<G?Fl`K}6-
z<}iyl>*aL)y?n&@jkqFTBIss>w4K$a@Du`_@AV%7W+_8^zT?Su8m4IQGbTA=hT1h)
zWHfy`Cz6HVQQf5!$D1afsu6%4>yA;&jAJcWZ^YgQ2inur>%)QjJ*GsaanMP2zumA8
zG-_Zi#uGX41A%U$>rjtSBC+GUz=<7j;@4sY<{`P?&~^p9U`sCE>>ciI-$$V!xgRvb
zXEszhQE-ZwKFCz4f{Ym)2}`7g^mt=Ro-9CmXmQRyA~t2{r;(s8BBa0WqXUL?WU`ZV
zkd3;=3Yh+CoTJ_T&WQ;842_ksG)FV%b=391@%^${n~aT9=%eK^7(d(*k1Ky9+ONls
z40KXr_#6@YcFH0Y>O~h5Y%R&KWNU!iQtF<FGu!K6*mDH=MNMQ>yF&-!z`1qMCSo)Q
zeiP6tbNtLL!z7M&>v>$HqyIw7xPqU9vV^o|P%*O~1Qd1z7HFL55FTozE3#QAv2~=l
zT}gA4oOc-k-+@12WbYFB(2hj{B<`dv-|EUbiA@*d%S27sDk;iixiGoi620MSXnGAu
z28LZ#URx`0>VfIFFfwu5Pxh!*Y|3IyP#opA!0O}V^m`64W9<rOAOxySjwi`Sj<+`Y
z`<~s5$v~?ZL;RxsYXtfW6My4bmH+w3PeRDahLa-XqCx-w0000F{B)DZuu!uA0lA0-
WfUpEbi}~`g#Ao{g000001X)_I(6KlG

literal 0
HcmV?d00001

diff --git a/SPECS/cryptsetup.spec b/SPECS/cryptsetup.spec
new file mode 100644
index 0000000..1277cde
--- /dev/null
+++ b/SPECS/cryptsetup.spec
@@ -0,0 +1,181 @@
+Summary: Utility for setting up encrypted disks
+Name: cryptsetup
+Version: 2.4.3
+Release: 4%{?dist}
+License: GPLv2+ and LGPLv2+
+URL: https://gitlab.com/cryptsetup/cryptsetup
+BuildRequires: openssl-devel, popt-devel, device-mapper-devel
+BuildRequires: libuuid-devel, gcc, json-c-devel
+BuildRequires: libpwquality-devel, libblkid-devel
+BuildRequires: make
+Requires: cryptsetup-libs = %{version}-%{release}
+Requires: libpwquality >= 1.2.0
+
+%global upstream_version %{version}
+Source0: https://www.kernel.org/pub/linux/utils/cryptsetup/v2.4/cryptsetup-%{upstream_version}.tar.xz
+# binary archive with updated compatimage.img.xz for testing (can not be patched via rpmbuild)
+Source1: tests.tar.xz
+
+# Following patch has to applied last
+Patch0000: %{name}-2.5.0-Fix-typo-in-repair-prompt.patch
+Patch0001: %{name}-2.5.0-Fix-PBKDF-benchmark-in-OpenSSL3-FIPS-mode.patch
+Patch0002: %{name}-2.5.0-Get-rid-of-SHA1-in-tests.patch
+Patch0003: %{name}-2.5.0-Do-not-use-too-small-key-in-tests.patch
+Patch0004: %{name}-2.5.0-Fix-test-passphrase-when-device-in-reencryption.patch
+Patch0005: %{name}-2.5.0-Add-more-tests-for-test-passphrase-parameter.patch
+Patch9999: %{name}-add-system-library-paths.patch
+
+%description
+The cryptsetup package contains a utility for setting up
+disk encryption using dm-crypt kernel module.
+
+%package devel
+Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Requires: pkgconfig
+Summary: Headers and libraries for using encrypted file systems
+
+%description devel
+The cryptsetup-devel package contains libraries and header files
+used for writing code that makes use of disk encryption.
+
+%package libs
+Summary: Cryptsetup shared library
+
+%description libs
+This package contains the cryptsetup shared library, libcryptsetup.
+
+%package -n veritysetup
+Summary: A utility for setting up dm-verity volumes
+Requires: cryptsetup-libs = %{version}-%{release}
+
+%description -n veritysetup
+The veritysetup package contains a utility for setting up
+disk verification using dm-verity kernel module.
+
+%package -n integritysetup
+Summary: A utility for setting up dm-integrity volumes
+Requires: cryptsetup-libs = %{version}-%{release}
+
+%description -n integritysetup
+The integritysetup package contains a utility for setting up
+disk integrity protection using dm-integrity kernel module.
+
+%package reencrypt
+Summary: A utility for offline reencryption of LUKS encrypted disks
+Requires: cryptsetup-libs = %{version}-%{release}
+
+%description reencrypt
+This package contains cryptsetup-reencrypt utility which
+can be used for offline reencryption of disk in situ.
+
+%prep
+%autosetup -n cryptsetup-%{upstream_version} -p 1 -a 1
+chmod -x misc/dracut_90reencrypt/*
+
+%build
+%configure --enable-fips --enable-pwquality --enable-internal-sse-argon2 --disable-ssh-token
+%make_build
+
+%install
+%make_install
+rm -rf %{buildroot}%{_libdir}/*.la
+
+%find_lang cryptsetup
+
+%ldconfig_scriptlets -n cryptsetup-libs
+
+%files
+%license COPYING
+%doc AUTHORS FAQ docs/*ReleaseNotes
+%{_mandir}/man8/cryptsetup.8.gz
+%{_sbindir}/cryptsetup
+
+%files -n veritysetup
+%license COPYING
+%{_mandir}/man8/veritysetup.8.gz
+%{_sbindir}/veritysetup
+
+%files -n integritysetup
+%license COPYING
+%{_mandir}/man8/integritysetup.8.gz
+%{_sbindir}/integritysetup
+
+%files reencrypt
+%license COPYING
+%doc misc/dracut_90reencrypt
+%{_mandir}/man8/cryptsetup-reencrypt.8.gz
+%{_sbindir}/cryptsetup-reencrypt
+
+%files devel
+%doc docs/examples/*
+%{_includedir}/libcryptsetup.h
+%{_libdir}/libcryptsetup.so
+%{_libdir}/pkgconfig/libcryptsetup.pc
+
+%files libs -f cryptsetup.lang
+%license COPYING COPYING.LGPL
+%{_libdir}/libcryptsetup.so.*
+%dir %{_libdir}/%{name}/
+%{_tmpfilesdir}/cryptsetup.conf
+%ghost %attr(700, -, -) %dir /run/cryptsetup
+
+%changelog
+* Thu Feb 24 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-4
+- patch: Fix broken upstream test.
+- Resolves: #2056439
+
+* Wed Feb 23 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-3
+- patch: Fix cryptsetup --test-passphrase when device in
+  reencryption
+- Resolves: #2056439
+
+* Thu Feb 17 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-2
+- Various FIPS related fixes.
+- Resolves: #2051630
+
+* Fri Jan 21 2022 Ondrej Kozina <okozina@redhat.com> - 2.4.3-1
+- Update to cryptsetup 2.4.3.
+- patch: Fix typo in repair command prompt.
+  Resolves: #2022309 #2023316 #2032782
+
+* Wed Sep 29 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.1-1
+- Update to cryptsetup 2.4.1.
+  Resolves: #2005035 #2005877
+
+* Thu Aug 19 2021 Ondrej Kozina <okozina@redhat.com> - 2.4.0-1
+- Update to cryptsetup 2.4.0.
+  Resolves: #1869553 #1972722 #1974271 #1975799
+
+* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.6-3
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Thu Jun 17 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.6-2
+- Specbump for openssl 3.0
+  Related: rhbz#1971065
+
+* Wed Jun 16 2021 Ondrej Kozina <okozina@redhat.com> - 2.3.6-1
+- Update to cryptsetup 2.3.6.
+- Resolves: #1961291 #1970932
+
+* Tue Jun 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.5-5
+- Rebuilt for RHEL 9 BETA for openssl 3.0
+
+Related: rhbz#1971065
+
+* Tue Apr 27 2021 Ondrej Kozina <okozina@redhat.com> - 2.3.5-4
+- Drop dependency on libargon2
+- Resolves: #1936959
+
+* Thu Apr 15 2021 Mohan Boddu <mboddu@redhat.com> - 2.3.5-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Thu Mar 11 2021 Milan Broz <gmazyland@gmail.com> - 2.3.5-1
+- Update to cryptsetup 2.3.5.
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Thu Sep 03 2020 Milan Broz <gmazyland@gmail.com> - 2.3.4-1
+- Update to cryptsetup 2.3.4.
+- Fix for CVE-2020-14382 (#1874712)