From 48d3bdb32b9b7e606f926c531b719ef71a6c9da8 Mon Sep 17 00:00:00 2001
From: Toshaan Bharvani <toshaan@powerel.org>
Date: Wed, 20 Jul 2022 18:08:33 +0200
Subject: [PATCH] initial package creation

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
---
 ...default-configuration-with-TLS-libra.patch | 225 +++++++++++
 ...lt-cipher-to-AES-256-GCM-for-server-.patch |  38 ++
 ...54A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg | Bin 0 -> 46764 bytes
 ...nvpn-2.4-change-tmpfiles-permissions.patch |   9 +
 SOURCES/roadwarrior-client.conf               |  38 ++
 SOURCES/roadwarrior-server.conf               |  67 ++++
 SPECS/openvpn.spec                            | 377 ++++++++++++++++++
 7 files changed, 754 insertions(+)
 create mode 100644 SOURCES/0001-Allow-running-a-default-configuration-with-TLS-libra.patch
 create mode 100644 SOURCES/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
 create mode 100644 SOURCES/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
 create mode 100644 SOURCES/openvpn-2.4-change-tmpfiles-permissions.patch
 create mode 100644 SOURCES/roadwarrior-client.conf
 create mode 100644 SOURCES/roadwarrior-server.conf
 create mode 100644 SPECS/openvpn.spec

diff --git a/SOURCES/0001-Allow-running-a-default-configuration-with-TLS-libra.patch b/SOURCES/0001-Allow-running-a-default-configuration-with-TLS-libra.patch
new file mode 100644
index 0000000..b9218e6
--- /dev/null
+++ b/SOURCES/0001-Allow-running-a-default-configuration-with-TLS-libra.patch
@@ -0,0 +1,225 @@
+From cf5864f5922e4f40357d9f75a35cd448e671dddf Mon Sep 17 00:00:00 2001
+From: Arne Schwabe <arne@rfc2549.org>
+Date: Fri, 3 Jun 2022 11:52:19 +0200
+Subject: [PATCH] Allow running a default configuration with TLS libraries
+ without BF-CBC
+
+Modern TLS libraries might drop Blowfish by default or distributions
+might disable Blowfish in OpenSSL/mbed TLS. We still signal OCC
+options with BF-CBC compatible strings. To avoid requiring BF-CBC
+for this, special this one usage of BF-CBC enough to avoid a hard
+requirement on Blowfish in the default configuration.
+
+This patch is cherry-picked from 79ff3f79 and the missing
+ciphername = "none"; has been added in the OCC code.
+
+Due to uncrustify complains, a few extra whitespace fixes had to be
+done to options.c.
+
+Signed-off-by: Arne Schwabe <arne@rfc2549.org>
+Acked-by: Gert Doering <gert@greenie.muc.de>
+Message-Id: <20220603095219.637361-1-arne@rfc2549.org>
+URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24456.html
+Signed-off-by: Gert Doering <gert@greenie.muc.de>
+---
+ src/openvpn/crypto_backend.h |  2 ++
+ src/openvpn/init.c           | 37 ++++++++++++++++-----
+ src/openvpn/options.c        | 62 ++++++++++++++++++++++++++++--------
+ 3 files changed, 80 insertions(+), 21 deletions(-)
+
+diff --git a/src/openvpn/crypto_backend.h b/src/openvpn/crypto_backend.h
+index a9bb38ed..aebda3d6 100644
+--- a/src/openvpn/crypto_backend.h
++++ b/src/openvpn/crypto_backend.h
+@@ -256,6 +256,8 @@ const cipher_kt_t *cipher_kt_get(const char *ciphername);
+  * The returned name is normalised to the OpenVPN config name in case the
+  * name differs from the name used by the crypto library.
+  *
++ * Returns [null-cipher] in case the cipher_kt is NULL.
++ *
+  * @param cipher_kt     Static cipher parameters
+  *
+  * @return a statically allocated string describing the cipher.
+diff --git a/src/openvpn/init.c b/src/openvpn/init.c
+index da4d60af..b1b7b350 100644
+--- a/src/openvpn/init.c
++++ b/src/openvpn/init.c
+@@ -2764,14 +2764,35 @@ do_init_crypto_tls_c1(struct context *c)
+ #endif /* if P2MP */
+         }
+ 
+-        /* Do not warn if we only have BF-CBC in options->ciphername
+-         * because it is still the default cipher */
+-        bool warn = !streq(options->ciphername, "BF-CBC")
+-             || options->enable_ncp_fallback;
+-        /* Get cipher & hash algorithms */
+-        init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname,
+-                      options->keysize, true, warn);
+-
++        /*
++         * BF-CBC is allowed to be used only when explicitly configured
++         * as NCP-fallback or when NCP has been disabled or explicitly
++         * allowed in the in ncp_ciphers list.
++         * In all other cases do not attempt to initialize BF-CBC as it
++         * may not even be supported by the underlying SSL library.
++         *
++         * Therefore, the key structure has to be initialized when:
++         * - any non-BF-CBC cipher was selected; or
++         * - BF-CBC is selected and NCP is disabled (explicit request to
++         *   use the BF-CBC cipher); or
++         * - BF-CBC is selected, NCP is enabled and fallback is enabled
++         *   (BF-CBC will be the fallback).
++         * - BF-CBC is in data-ciphers and we negotiate to use BF-CBC:
++         *   If the negotiated cipher and options->ciphername are the
++         *   same we do not reinit the cipher
++         *
++         * Note that BF-CBC will still be part of the OCC string to retain
++         * backwards compatibility with older clients.
++         */
++        if (!streq(options->ciphername, "BF-CBC") || !options->ncp_enabled
++            || (options->ncp_enabled && tls_item_in_cipher_list("BF-CBC", options->ncp_ciphers))
++            || options->enable_ncp_fallback)
++        {
++            /* Do not warn if the if the cipher is used only in OCC */
++            bool warn = !options->ncp_enabled || options->enable_ncp_fallback;
++            init_key_type(&c->c1.ks.key_type, options->ciphername, options->authname,
++                          options->keysize, true, warn);
++        }
+         /* Initialize PRNG with config-specified digest */
+         prng_init(options->prng_hash, options->prng_nonce_secret_len);
+ 
+diff --git a/src/openvpn/options.c b/src/openvpn/options.c
+index f6ef02ae..2206d9f4 100644
+--- a/src/openvpn/options.c
++++ b/src/openvpn/options.c
+@@ -1135,7 +1135,7 @@ parse_hash_fingerprint(const char *str, int nbytes, int msglevel, struct gc_aren
+ #ifndef ENABLE_SMALL
+ 
+ static void
+-show_dhcp_option_list(const char *name, const char * const*array, int len)
++show_dhcp_option_list(const char *name, const char *const *array, int len)
+ {
+     int i;
+     for (i = 0; i < len; ++i)
+@@ -2288,7 +2288,7 @@ options_postprocess_verify_ce(const struct options *options,
+     if (options->mode == MODE_SERVER)
+     {
+ #define USAGE_VALID_SERVER_PROTOS "--mode server currently only supports " \
+-      "--proto values of udp, tcp-server, tcp4-server, or tcp6-server"
++    "--proto values of udp, tcp-server, tcp4-server, or tcp6-server"
+ #ifdef TARGET_ANDROID
+         msg(M_FATAL, "--mode server not supported on Android");
+ #endif
+@@ -3103,7 +3103,7 @@ options_postprocess_cipher(struct options *o)
+         if (!o->ncp_enabled)
+         {
+             msg(M_USAGE, "--ncp-disable needs an explicit --cipher or "
+-                         "--data-ciphers-fallback config option");
++                "--data-ciphers-fallback config option");
+         }
+ 
+         msg(M_WARN, "--cipher is not set. Previous OpenVPN version defaulted to "
+@@ -3681,9 +3681,30 @@ calc_options_string_link_mtu(const struct options *o, const struct frame *frame)
+     {
+         struct frame fake_frame = *frame;
+         struct key_type fake_kt;
+-        init_key_type(&fake_kt, o->ciphername, o->authname, o->keysize, true,
+-                      false);
++
+         frame_remove_from_extra_frame(&fake_frame, crypto_max_overhead());
++
++
++        /* o->ciphername might be BF-CBC even though the underlying SSL library
++         * does not support it. For this reason we workaround this corner case
++         * by pretending to have no encryption enabled and by manually adding
++         * the required packet overhead to the MTU computation.
++         */
++        const char *ciphername = o->ciphername;
++
++        if (strcmp(o->ciphername, "BF-CBC") == 0)
++        {
++            /* none has no overhead, so use this to later add only --auth
++             * overhead */
++
++            /* overhead of BF-CBC: 64 bit block size, 64 bit IV size */
++            frame_add_to_extra_frame(&fake_frame, 64/8 + 64/8);
++            ciphername = "none";
++        }
++
++        init_key_type(&fake_kt, ciphername, o->authname, o->keysize, true,
++                      false);
++
+         crypto_adjust_frame_parameters(&fake_frame, &fake_kt, o->replay,
+                                        cipher_kt_mode_ofb_cfb(fake_kt.cipher));
+         frame_finalize(&fake_frame, o->ce.link_mtu_defined, o->ce.link_mtu,
+@@ -3853,18 +3874,33 @@ options_string(const struct options *o,
+                + (TLS_SERVER == true)
+                <= 1);
+ 
+-        init_key_type(&kt, o->ciphername, o->authname, o->keysize, true,
+-                      false);
++        /* Skip resolving BF-CBC to allow SSL libraries without BF-CBC
++         * to work here in the default configuration */
++        const char *ciphername = o->ciphername;
++        int keysize;
++
++        if (strcmp(o->ciphername, "BF-CBC") == 0)
++        {
++            init_key_type(&kt, "none", o->authname, o->keysize, true,
++                          false);
++            keysize = 128;
++        }
++        else
++        {
++            init_key_type(&kt, o->ciphername, o->authname, o->keysize, true,
++                          false);
++            ciphername = cipher_kt_name(kt.cipher);
++            keysize = kt.cipher_length * 8;
++        }
+         /* Only announce the cipher to our peer if we are willing to
+          * support it */
+-        const char *ciphername = cipher_kt_name(kt.cipher);
+         if (p2p_nopull || !o->ncp_enabled
+             || tls_item_in_cipher_list(ciphername, o->ncp_ciphers))
+         {
+             buf_printf(&out, ",cipher %s", ciphername);
+         }
+         buf_printf(&out, ",auth %s", md_kt_name(kt.digest));
+-        buf_printf(&out, ",keysize %d", kt.cipher_length * 8);
++        buf_printf(&out, ",keysize %d", keysize);
+         if (o->shared_secret_file)
+         {
+             buf_printf(&out, ",secret");
+@@ -6168,9 +6204,9 @@ add_option(struct options *options,
+         }
+     }
+ #ifdef TARGET_LINUX
+-    else if (streq (p[0], "bind-dev") && p[1])
++    else if (streq(p[0], "bind-dev") && p[1])
+     {
+-        VERIFY_PERMISSION (OPT_P_SOCKFLAGS);
++        VERIFY_PERMISSION(OPT_P_SOCKFLAGS);
+         options->bind_dev = p[1];
+     }
+ #endif
+@@ -6248,7 +6284,7 @@ add_option(struct options *options,
+         {
+             int64_t val = atoll(p[2]);
+             options->inactivity_minimum_bytes = (val < 0) ? 0 : val;
+-            if ( options->inactivity_minimum_bytes > INT_MAX )
++            if (options->inactivity_minimum_bytes > INT_MAX)
+             {
+                 msg(M_WARN, "WARNING: '--inactive' with a 'bytes' value"
+                     " >2 Gbyte was silently ignored in older versions.  If "
+@@ -8132,7 +8168,7 @@ add_option(struct options *options,
+ #endif
+     else if (streq(p[0], "providers") && p[1])
+     {
+-        for (size_t j = 1; j < MAX_PARMS && p[j] != NULL;j++)
++        for (size_t j = 1; j < MAX_PARMS && p[j] != NULL; j++)
+         {
+             options->providers.names[j] = p[j];
+         }
+-- 
+2.31.1
+
diff --git a/SOURCES/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch b/SOURCES/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
new file mode 100644
index 0000000..0af7115
--- /dev/null
+++ b/SOURCES/0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
@@ -0,0 +1,38 @@
+From: David Sommerseth <dazo@eurephia.org>
+Subject: [PATCH] Change the default cipher to AES-256-GCM for server
+ configurations
+
+This change makes the server use AES-256-GCM instead of BF-CBC as the default
+cipher for the VPN tunnel.  To avoid breaking existing running configurations
+defaulting to BF-CBC, the Negotiable Crypto Parameters (NCP) list contains
+the BF-CBC in addition to AES-CBC.  This makes it possible to migrate
+existing older client configurations one-by-one to use at least AES-CBC unless
+the client is updated to v2.4 (which defaults to upgrade to AES-GCM automatically)
+
+[Update 2022-06-10]
+The BF-CBC reference is now removed as of Fedora 36 and newer.  The Blowfish
+cipher is no longer available by default in OpenSSL 3.0.  It can be enabled
+via the legacy provider in OpenSSL 3.0, but BF-CBC is deprecated and should
+not be used any more.  OpenVPN 2.4 and newer will always negotiate a stronger
+cipher by default and older OpenVPN releases are no longer supported upstream.
+
+---
+ distro/systemd/openvpn-server@.service.in | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/distro/systemd/openvpn-server@.service.in b/distro/systemd/openvpn-server@.service.in
+index 9a8a2c7..0ecda08 100644
+--- a/distro/systemd/openvpn-server@.service.in
++++ b/distro/systemd/openvpn-server@.service.in
+@@ -10,7 +10,7 @@ Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO
+ Type=notify
+ PrivateTmp=true
+ WorkingDirectory=/etc/openvpn/server
+-ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --config %i.conf
++ExecStart=@sbindir@/openvpn --status %t/openvpn-server/status-%i.log --status-version 2 --suppress-timestamps --cipher AES-256-GCM --data-ciphers AES-256-GCM:AES-128-GCM:AES-256-CBC:AES-128-CBC --config %i.conf
+ CapabilityBoundingSet=CAP_IPC_LOCK CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_RAW CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_DAC_OVERRIDE CAP_AUDIT_WRITE
+ LimitNPROC=10
+ DeviceAllow=/dev/null rw
+-- 
+2.11.0
+
diff --git a/SOURCES/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg b/SOURCES/gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..81144625839c48a57583eeda737830872e4d6693
GIT binary patch
literal 46764
zcmY(rV|XQ97p@!I>Daby+qP}nwrwXJ+qTtl(y?vpbbn{}KJWQ^U+bzLcRh2|95qL+
z3?Nt#^=uspKm>s9IK!{_Y)j9j?FMD3PoWAEAq(&M<k+OA@!q0GQ5=(|R@a)&C`oku
z^+@3>JY#WY<qp+z9X%Pr=L#f$IOCEUDfPRY4!K_OPgVfM3zA6YVG0rZO~i7>(W{iT
zg9X{EFx-)%<f?PpZ9Z<)5v-ebbQxDXh_`q8nm*|=IUFJ1DngFyLl72*Q^4@>*z73;
zFwh_3w&(Tr)m0Iyzbq8(FSpr&SfLi5$fDTVEDo9~!6eUc8$C-!G$$PP?)(LXpX}Yb
zb;pCr<}~oUun8(T&?wL3oua}7f9Xk=*^!mNAK6RkgIhuY2UOiv6@;QlL6-}l`7u3#
zpU`Ofzi#UoX}E1xDvhmN16R_A!yCj(@K1HmPD^Im8aq*x8>m6ZP<mx<X0tAy8PG^@
z_Oi;El?Z&g>13Q<&Gki%j@MXMeBm7vtp)4nEm*8BdXZIZN$7uT)Hkm(X5L3GR8h0p
zrT~jMU4uI^HKPq;%A04iMlI8}*i=5xyah+p90(G7{%rLmA7^)&5I*F`p(XDcGZH}C
zTvrN#Cxv4Q;cyQ|fGr!_ZX$E1`4CvDti*UrOamX<oVGV`@-NjM`M}5OawGVq&*CT;
zX}5shV@PJm_dEMT$r#;8E;FEV(=xJ1OLEDw6W_j*fZEEz!b6fmCZ*o}Dm>|@)BP&j
z%Vdic03sj&U=ypHy@{==yevKqzLJTNi=&0J2fmDfg|&sP8NRfIlQTZI)BnNzc7J~9
zYHv$xYvRls0mKD@3<v~30)zz&3W+oY3;=`+2!!Sj3Z$MrSpxzM2>}j*0tE>HiV6e_
z2mk;DiGcL@+(btOcntCz{)?KtPTuDspruA%!}x3|>c(t{(x4)a6a_z?G*iq3$DOZ`
z==0S5Jg77lyS<nH7aemDtJ!4FFS^B%q~AH7E|u6F`Vy`+V0(5F`w%oy8{T_}%4Fd;
zR>mZ?W!VVMQ>`F&&5lnfFMjNXDy;+=y?o^r{zb}5GDb$xrvz#p`Fg3rGkY-!@js53
z%;hDwMC}im^xNIz5m&2V6I_oO`ki>!#Z;;dM?FpL7JQC=TGS$G*^Ibi<<{(+;!A-5
z4pQ~Mqvr@Mv<36Aj>Q*%rjR>J5AE9$<GK~eelPI>-5B-Ld3g-0YET*coOh-g7pc+m
zV<v2R+~D^usT42yoyfu6pUjqaoiXh^om&z|3TB~jlI<cw4`8H7s?TFO@!69Qs_w+L
z5Srw?V-vO7ypg@<^C;mzWJqVxxM~GP6)p;~-1DVzfQB3J>y}!>3-?lrD<vTmWXoD<
zJ~R$~UNoka_PbY9Uk|P#DpFx=SemJk&O5+3bX>y2A;A6%h!HME*Bx!UKGFCA9iaUX
zY=GBlhrW&9RuAjVG;&Y~PMG*Cj8o)@DTS9^X}eTHH$Db37Y0~_rQDRG_brk#HEzW}
zP3>*rR@w7n3<UHSjN+p7uYGiWS2|oA|15jukK^1uFSf?UKvi^U4`c2_0dxv@p4|s~
zc3@Ff<v1K`UfR2G9S{UWAOIXx0+1ZVL9sJxMSeoJT^hVmx$*#SPeo85jn!M0zoGd@
zis%9Iv>oBphhihJvSV*p>a!s@l#`b_0rG2xW*f0=lbI|Z;8ApajE94fP~IZ|u|W_3
zAppSsT*&Pw?%xY>`ZB&kcWySyx<CMwjNqU4m=O7MjE>lRIh-@xx;sor5)Z}3IW?k6
z9@PG@cU&o2sM+{*zt8(=vtM%GY(fesH!I6!x?tb9m+w3sca$D^lP==+0_2k&{%l)K
ze<)~fcg%+cZRFHMgcP7GbH|sV{$%jQ^-M#E=!Sl9Ts=(}wOKjL$#C2_n}Xs~T)JZi
zyB8z_n+<g-VonfnIKdU?Vw=!}nN+ok-?%N`r#263iY^+6(M4lvy_;Lcv=*ur#Ard5
z_^92is~K`u&HWG>LJRaf*2|+ub;i@vF(`=*U|~_$Rw6S_juJy9k?^UWgZ6v6rBZM#
ztgaR79XXz^qBeSF|2AOCWVavfzj{idd;jX8Y3jUw%^*C;7X$w`8dmyd#yL}xs^At*
zHbuslFT2#l{M>0xLQfDtmpPc!>OMoNbj}M|ai=!pY!7io-#)pC+^6&nl$l61^|ITA
z9w|ab`x-0tP*LJCENT?2ORmmN!lWgTE2-hnNF}?+s0w_i(k0QYk=jJ-bTDfAfI8;{
zbv|CAbg}&YeP6Yuw1?%jY>W~2rRl{fhy175f&ZyFH11DD*q^m@RF~}dU-{muvF}db
zbyDHR;a^B&Fo?>xyEBwBhdU-{FsTa~mWcT3gqT4ae00$dO5os4qlB3s6}l01ALOlX
z-uI}O%mCu89pk7<Fo3ckkn2tS)uOqI<JKDrcb)myT>Y?r^&tJ9^kn)c{MADwf`#Cj
z&mk~P1OBa#<pf>kozzhd`8yrWSR9AcSH)<F+ee-hYuwVd7x(d=)tC`W6W(V~`J2M-
z0OZ0Th00HVk@%H_b+p>H`UhxVxh`q{p@p)tQ`t`-^suQ5yv5iAxeBvwHG>Ldi%}~(
z(uJt>Qe*I(%XrvL4%IaanF(_f^=X?zM&(EIq&hj;d3vRu;x1DH%j~HYf5%HF&rZxe
z4+#EP(5>-RqLhq5ssQ(p1S(bduFT{tMFz^3d|ykZ!dc(R?yPh2VFwHom_nNQqfb&-
zw|S<cEr<ST4=Mj8yLMP|HZSh}5`A4KMFJ_Tu2WRP!N#Lr!I^FC)4}23Cr)(2A2m<j
za^L+CfK2~eTz?m@3h03nD4uNGbayvfJwK_#CG7j=pEb9<Jo(q!KXNz&{>6$HB?Y^R
z^8p9iJM}ra41U?TZzVL;h6mTyS%nl>TCchysdmg8px2VxbK6^F3u8~4vyz~Mlz6jH
zX@<{|du+BS9V2EcQ0=RmeP|OtYe{z~G8xA<@(%2Ul;a>TK5#dNB-dNc-u1wr!|#+(
zM!z-)%w<Wp|0;jVj}62ETkN6T&IPCn0FWp2p2&6PzisXhn0F+t#YheZlwIPpn+j-E
z1lNJ?szDt0n1<kcQ>0{Mqel=4E0<F#r>sevB(+GHbP0*vDBLjT9wM{1%`~MDKP63<
z)^X?HvW*KbHqZy^kx^y<#FU(y+Fkx@PyPp$5snXlXwKO164j(nlwt&6_8)6d|0_v{
z?V*45eAbYd-rt~u3tU5g(PR!6b-$j&)kF=mS@lkkVrc5=P2_zY$&Z~A<<yjRavm^D
zif5m<I#Pmn`e&?K)WI~86laO?;9UhaM&#|FWK9mbocP9BF`hhljEIy74s?L|HCm}k
zxMJ9=AsEBa%-UiI3zA-bCn6ZZcmuJ=Q3T{6OHllD=%TrCzKMkQvi=p=t$%TJYH>22
zIN2wUxde*v{*V<|3HLjeZ@{Nt$$$=(T&UT`eg%k-Mbu4di&>pO%z1DN6?U(casBD3
z`uj|A41U`wzQ)Ha?ZWFb;;KkDY<Y(A(Owe)9VguxS<o(@z74>Pi7{oUaju@5xE_wC
zk6t<AEr>>f``~Kzu&nL5npwP9!0xRA@y8qmH}4@x=n~Q<z0*0GWbzM2A0>@S@)7m)
zT0)2_Ppy23hDQ(CvHQ)yClfvHMT`gP=*d-l4O+vqfC@JBm@?FfS$wknUsorW6_VF!
z1S+0<)Qee^nN_1nY79_atdBYi^Al7#<ci@^o0k>(@|W}HLlHp#_lcoi6c73L_NZ;-
zR2p!_6zJ{4f4d#ruCKOd7!ZB8I0jOfR)TmBY9||m3Ahg*i0i^4?iLezxmwo=!FYm1
zU`k(Q#3|O$k_(z<>2lb&Z?hRII-%vU!-%pO82}WIiZpuh`!imJyrXChjW1+OsUqq#
zZbFMqM3A$9B(%MWX6ET3t%pQ;gYftZe30`oS?jJpMc^_eBq|D0pPI?U$gDD{jzl<O
z@qkuf$Jl=tlvfvRP#^>$zw4Z+kL4yaULKI_m^5KO7t<`2Rdr<?6xB(C1?dW+RE)OS
zL9}>%!D%F}p-+z-<`*;MYAT$VM1}Pcpzc?o?JjHE5F}G)M^s`5f|R+De*5o)20~a?
zl#&@A2j*STJX%g##h?nYI73)zsc^|OtiNy+>iel3e_}Upz2d3L=ZjDD6~t7)@QK#E
z*8T|SQjStuxo-1a#?nRAnX7ZwJkhb=582dzd1kM8`_!6>h(_Ozx))!bagH!o()G8w
zYDgV;BAC1z28uIrm*f>=;e0#!VSW_HAv^r6a6`jYJ!iT1)UefZa?0xKW9-2`(;Mvs
zw+KD_dKJ>?Vw*vvCpu3O$BUh*v{LTyUYa~qL8SS8UTC<};IhQ##rhecz<%;cB3jrT
zu0#)5x4Q8(yX{^7XZN@-%qZn$$epH4ecG87Z8V3I#H#j#{!X8Rk$D(~&DT~I08s`j
zG~qw-&`8tv`x_7IlVkVoCq=i9PXvJ6Y6_W#4SI}I{Ky=JLlPGn87d^~Ez(^dlNrT`
zxRLf(hUT=%Yyg|H>-<0arpgFrG=<pex;>=x<?vO^gK$YCq+zT%28=+)7uHkDwCf8=
z>+BtVkDDLR{B{~4ZmKP!nXN>L;ZxKF&^IxUc4gdyGPh7S&_%*U>Jhp3aCzUcd)zaW
z=#ocQY)taRhj6udUk@a><H)G@Q)fEo*e?$U;I?frm@*hFrw!=nUVaetR+J&pwnrpg
zxA<90U;eJN88B$OL5-Cpo>kBA5CNn$;yg9xplSVpgOeD&l=@Yl6L*8$c1AA648K=Z
zLt?);ZHz>50w9qKj^FL>LGhd76(LR)>LT;xg;5k3zjdnY+Ehm^KcRJs3ZrtN;Qe{;
zQoY(H0OhZB=i1e97@W$6cw*fKToePycKx&hust!{k#;mVzfvI1$s1UDy=vBPgZj$Z
z3MQ4pYT99E-J65ji#pQ?um(KW+ho-Ma}e$ji3pa6Q5T9eoUP;l<0dI?kn~OU16Tly
z62r;OUKmktBJHnIRug*Y+uT8l;oRtvYk>lx+8l3Ly0|8t>BN21>K&>gaK<~vXI}k}
zjVnVL0z{w}X-~nE$gDufiLRgp#_Q;x4e^i3KvdrGi5H#ZCh;SmHmG#PZ9#766{a$E
zFmwT=j2fh<8bzNvc;ycN6Aw*LIi$bwm_#HbDoc?AJIg`<C`PPmXp9RBzn5B4lUi5H
z7M2l}|CM~<DN{ha8T^~>3^FjapzqCUPeR>8Gg-^9dX;>c-3N$45!7IXOxYW8Z$kiG
zZ11+1zEnSpQ1jbKvVtXc|71!`OVG4TRqiaDh^wUuS9@&)*nge5wz~Oxx!xgMUGKtJ
zk3MH`I>f9`TvCiF{p&3Cg&_#%y0s}Q>!&_v+`enVG@;A|{Q`7)1eBAqLV2PkU|EU@
z-#)~W)xA`vkL?DWNtSX#i%Yk`1=KMH`<KZYjaOlzC5uuSDgtXwl8YPB!NaMakj5Br
zaEMVS0t*^Dx9urAzP9i}$YLT|hE!QdmX^!@^*#eDvN^_$VGs!7(AGp6RfO4kO+6$%
zRGn>84YrVEUiKxCLPM_@uXv1ql9n!hv4_yr*V~sNIdYK}cTW)t<=)~Wo*#8WdV8{P
zF0hKU-y|?Bl#tfD6h5hiP5vU}3xF7zYUTZEm)VY@x`%#bEDk}aBY3oxP{QLgFFQ-k
zj>poi7G8i=x@#W8<y1dNu|!tj%%>c8w~_@SK8qJbuSd(=QFotpyn$7_6h4AvZC~6p
zh`Sg6R!ZrR3mtE0o8Bb(X9QG>JHME357tes<qt3j0WM?8qRRa;8dfTm^hg&9H%vx%
z4f1YJg%gBlqfU90LwUZs5)Vaj2(k>%s>I~O)(9ZJ|Mkigf16_+iT~R%ga7T4fq?+Q
zP#}OHp`bzjw#xr+7yUOu|N7-Ja`-R4S(Qw#;tmEoQ4)b;ej0`e+YBvx2B(t*IU^QS
zdjZ4%44s8bLAad69r77UKea|`!|jKW7%VXnL*ya<V`pDv$JFDG<&>j7w0S;(Byt-S
zHaW8mdWPQ#*p(7)`!W`bQ2|iZt^@n3^#jBbkt4(OH|UQ=a^miCa8GpPM0V|}fJ=ij
zW|9&{Y&96<wL1!#3V}H+z!{+wOBkcLz27BiFD&DBtLp`3{4aj9g5x>d#5*?(H5;Dw
zv;GR6%n<Tq7^--KF-fRJS{t6!TmzukLW)u;<T~XrcJRR_VXpoZi=~Uo^bMoyCb+}O
zm?(ufQLA4wKV^Nvd>Bx>IWYpSCVF_I-=r|&XG?lN*_b9Y)uMh#)YVcshr*O~dyNkj
z=#9sglcXIx5I9+OCE)+8)s_urxy;9a()Y^N^Z9;R>_}VMAGb}QPiLvuMU#B*fc@aB
zZ~=|Gc$nKJ5fG2QC|W!bm-)h#^CFxW$uur?GXdLOdyG1b05<b}F!2N4TaNW%d)s9z
z*=o(ef=}xjd!5$F&<+ACBgUXdqujx-=$;7(S{T|^MQz&~pspNicz32p%@GKsmqA@M
zSxiM$_B3P4*!vOfeTkY-79UTN%ggiR4*o`1?+ahMNQ{J7|1-LGJ9-Aw>pMw#5dQ;R
z#kqcg3rZ*;XT(}y9z@CJKOLK9_9gb;c&xN+&p-*IAL=55e`1sYu3rnLec)oa!_h5g
z`9L`e4(q*Rtl@fUm%pVs1t47=LyjGd@3i*F?-#>Crjm8re|_hq>5%ag^uS`m2rA*u
zJ>U$9f^EsuX}X<{l&H<dm`xOuiXUv}-9`gmgIE*NPFkMn1W$5MSq=e^`2pS+jXO8%
z)$~iv-oih5OOvZ-!4{IpCul-t97o|j0J!2vq+cpFEx_Guj$Kz2Dm)*^wDM=8ntFD|
zJ}{IAQ3Cj&mo+v;U?5(G{Vc{jPj@O4vvTTN5d?GE!7+@Mn+$Z{x8K7>B&|dAIR-NC
ziw^>tFbzeRDRuf4`aI$w8+(tF;>8zi>xER!Jf{P{;PT&=1WQU8qWabXx0#pL3KO^y
z-)vjM0Tf6lXBFYEwSR;&82np9a&FXbH<K|CBB_(9qUUC)DL3*99PsNqw6Pf$FqT9_
z4#yTsg?vZl2^SN00V&F>(YE!|BxWTxCjw2?Tz{S7Htb@sJOz1uM~E=dU!#nP`8RIY
zmyNQn)ns*z*dErq>pc6JEi1c*AdO}Mig5LePpmtiVJ%_UZW9@_79+H2UT`7}gj*D#
z@ZCeS$>kyuZpoh0F`u%eJ5#IycJEb0NQjZ7D^tH)BH;84@v21e5H4oXiXi^y(HJGA
z5^H&6ipExU_b1b#YvyKie4p8h=1i92#tio%%PD9M^q?o`tSi;)O}TSpIl=UfEkPLu
zbw&btItKHy^nKuSk!#I=t>Kblth-iTB$zwY@pe4)JUezBG5@hvef7Wg_a70%g#btg
zfFKNvwb~ODK@QHkEvyt(m<K7D_BbQ$mLP>-)F(b`qEL4<Bse$E9EzTBYXT@0fzm`p
z_azmt{eX+P!qWgM>|nI80U62*`B{2-GUo>v78Y26x}+WdTTDWR-|ICZQ^-QTjVN%g
z9pE8cTovWF3{Jq>+p5)TQHOiE5n&3uHgCim?E?$K&mu*or7!(yYYiIV%==CE6Q?5C
zA2x6yr0G0|!Fw$@8KuBC9Hygtv4LaQLQT!-!y)LJZ&JIPM7X>MU+$CrGs_KN?v6tp
zHy;yOoor*tZLUCR+M|Axy)l9&qv3i~_SATjs%ODk?xNyNsFPUOg{DQpY@`<dwT5@Z
z9J}?Cq>#e?a42R01RjZd@BtJ^%f6ZVZ`S@1HYV_IJrW!1m52{YO4U|L5?EyMA+c-H
zUmY4l#Ahz;aNmILzlYIpLxg9oAJWsLYfOnIt{z5|b_aj>iEzUuk*2&A30e3E|LUk(
zQh7mtk&LD=m=xqgy>Hu5(9=bMI7lFlj>i>VFN;hQ>S~#uEl@fs9Bgc&21$ZU?fQuG
zR;0@r`Mu|_&p0*DdMW|c-3=_Moi1xmb6_75h&%7gC$-4#5%x}ILq11<b39mY(56pq
zl=NBcvc>?C7m?H%XykIfuuqA(E?Is0%X)5M-gd%O*xo2nSO>`FqgAqVKbFiA#O>D>
z2!D9GKZ<`mIzBHZcvqgef+|7#BG!ooRKFIE-G8m&H}%)Q0Awq{W8f(g#3q9*i$ItD
zvDU<4{@2<+@|+I-iOk24?cY;+!ga^5P)*H=X4h_KFKye>5{7Z)<77*ld75GYHzVxe
z16W!A<4^AqckNKs$xeb%hHPhXB7g-wD{8MwPS=>ueNR`3-9nke>w)TMvO`=ds?iRQ
zz>!8Mw58v6{x#_9&9<?#)5&jd$$%(%?w5l&w2DRHxR)4Ze~Q+PXH<U$Bixh_+|wyS
z5QaU<@wxGvzq|WQa~zYz^>a>|PmIrjbQMBL<=f21Nz!-<e0nt#A$XMBk}uS^YwUFM
z<v!riZUYD2^Z+XS&3&wf<!t0p>xGM*ctcKoZQmYu9hJCjROWdy5+YbWvI2IJy<~4R
zvr>+_xqPHp@W0lmz0g|5I}Nc(oVs!WbVFi}rP=;uP5Y<Q|6Z>DBN{Le0E6(*+cg0s
zY^8_;8H@D4V$70qCCl{bx!hj}1I+dw@DVLs@*>o3+K2#e?di4vP{ZnoLJO>9yrb=*
zYNNXr{W_K5Mh}YzgI40uRO<0^2AWgs{Rq({Ah_F?qKYgNV_3)Mc)x_9V0WNYB}hrw
z#rNmtS&%G?;(h)cW&8-qV%VUu^0Rk<VQGIDMSjEtE{Td-VnOTRh*f%wUyRt?Li~*B
z!Mn=6XcOA%%lEht<*&M%YV{ZNh#r=2nMTqv3N2-sAkNX-_yy)I5rbj{El8sdt=<GO
z=!qqO8bXFzEvrthk-$O)E=WdCJ{Xawe~eEzrd?fb@&qj0-CF16Ci-7%G(Q*fvBm66
zR%p7sDVh7y!_1t}|J1d)iT`EoA7O<A|2FW3J<W<DE29RCF_#CQ4H7H!PbmrrDiT3C
zZk=1!M6BM;xu67E&-zFl{2E}9ML4ts4$E~CuD?0#2S$&JY44s|F0ejnQGiaG&#N?{
z3qm{kA-WKRzrIcMl&VKH+d{r}tw7*_x#SNz8*z3O!V=DkSlqeL>yASdU$l;uHW((H
z-@`E5-zPk6Ae#8IhQ-;tI^BSny*#{WrzExC^=cJC67!0X%6#&@e8Uiki1l(?e^Avy
zYBkqY4v~r``1q(m#C1Vev4sscNwWl!ZSMY(=&%CL!{ZhB+)MHEYyV7O9NfN&!D$@8
z;t0?NnisRXZwd2(m?OaA;^T9=SNFfxm``AuglpxvR7fsrb?-@=iAr2RL4h=H_45C&
z(0}A{4*ZMKI1sGt7jNMAZ`p8c4$rC*ELrUveofQz$7P9vCW8=<=y`57_$dgf-<2(d
z>#f?`BYY$VCsX%ZPlJa(%og73=`%_YN&c~KT+yvA;Wl|V1L<at)mhP(Q#hlS5eZ5a
zhsMlw7Kscl;}G&^KCV{J-OV&WOw9BKl@XJJRCH3Wi+e2jhqe0*A7lc}fkdm)z7pI+
z+7nY_i-sNjIt`|T`6j%A&VGH??;cDgS%s?0z2LdLFAs;Z*dRH4$t{7%pWkjceiiuk
z8|CE)cE0d#4U>O*X}b3=iKdP;f>zL2k0Xd}`IQ!YABcA4p>LxJrplvdD4=p7(0Nfi
zW}BY>S`*J@u@nreyMpCrx~xC44!uG)8UK^D^Y{I~*8UL<Pw;Q;AxLq?#%*D(rFf83
z{y8zo;c!4z5Bqb0MA^vPcIv?&;KgQW07W0XOZEuOqU=h?V|nW_7Qdf?7sQdwM2`Tl
z+AXs9JuvagOxf<2l-z9nZi=LM4zNZlXurrY(c=+LQb`8xgxAqdAG8Pgi`7$&Q&Gxk
zT?ph&E^zdk#BPiWh2b+^B-h}w{B+t4kk}|;?s$kvYPtDYsxkO{kj)w6X>XjbR#ae<
z%f@x=xEoHL=GF@i?~tgVh@Ar7<M*<tf_BBa_~wBh`}ES;e9E_NA*N}`CQq9!8{~d&
zBXCq0t|F1%MbE~4xYdOazKrm&wL171^jMACl3YtgX-8}P*P2XVew`63wf#EwW5Mo-
z=0$dp0Pml=77af1*V;c~Eeig{=*@CP9yE;zOs$@@CCD4R@Y5BkWvVX+hT-0qVnuTa
zlHdXgkY(u_w)m2rPk)L5QJ+8HBj^+9`h~0Ano(;*!-us_wP$>q%qjq!0c`5GpX4II
zlwgWD2q6W}?gYKIn#7Js2{Vk4=+-BO<213?)puO}*TP(U*#V7q<*^t0*cr`ETM1t0
z8LBzV<q-XV4^vRsm(L2ic8NIXm%s|l=@tgIx#KcI{(4nh0P(5<X(iy;(rT+F@AM&D
zfzD|5@Xm6%#HC=pCMDAJTsDqDlD*@JpH*gQ9=R}rfZ_4%a15N={&GiZ6GiA0Qyq^o
zIOEK*81@Z(vG5w=b`nC~f2|pOWKWPGJ*gI!TIX$33QVgZwSxb#mMD?)*V;eg;tv53
zIe$hYo_H`!o8jbOdY-xO=Pr|qYW`B4mLOD#Q49*xFIdhZSh)%;5|PRMOkCg7ybYxF
za=V9ZqHnVZM}MjKb5`LQm4=qKLj4QU_#B6YaW+<Gk$jDIg`c^uFfHb64M$(KOktKi
z_}J>_x~EI8m@)0zdrf8~j3mtj8R$XY{dQzwkd_6t;jtg0DOT}a0GQS{5qTt22Xe`+
zM~R#<bQeJDL)0(3XE|21>lo0@C)6vrvy4lucb`qco8^Po+uU^Jnp_lf5!_OT<uEKC
zI?g?j#2Q98n|3i4>&;(urPATN;c`vEcQ6}8+<?}hzr6&h#V*qHq;0^ck*IK+|7*?s
zM<E`a-VQ3nC9RDwvwKnb)5PwdoyTWJ$6sszh(#p?K>N;$TjIpFdh`ZM4`{ZDk`8j!
zEU^~D7WR*#V=z$)FNEF*Hfk1!<}wB{ddqYJR3*8Zu|xN154{0cCEzB+ZPxA=$0RoN
z_7+Q{wgBmE_4oQ;%ej3ufrM^#pSQ_o&+m~@uS&(seH#@DI)L`+FS|$&V13bu?$R(i
zfYJ%%wRvgs{E;zfIR?(q9!~r_qHL%tMu)nzI-fdZik+_VXoQiQNwjyaU$u;DSeK_F
z@t9B9V3V43AWU{D>)nM$G@w=vG8vTizK<YxmeT9tC$|pl<-ILls1fY}1?E&X={DCX
zP6c?ByM-5`uyA^BCS>nd;DX)pKMtP98!#%He*f2+b)UjQ|5|ZvE-8%q!hUj<vn*}r
zA8YO!AAha=BMz4k085AY@>);~Wm`(~=BMKf2x03tA@XtFjBmPyhqp9o^bYFqYIBd(
z-?U!nG`-kQbC`M`UNsQXCWh{0u*B{!DX<~LL>td1%+rBX)nruWhyDC&SEqA)Zl>m2
zVjjBQs&jDF+ueeE9~+}NsgkptM66Qee8NcTK%o}r6PStSH4y$cT8UEZKprQoZ$6lg
zRw{nD#MiBHnFmRd&c~P?L1FPx?0$wR1S9o^+#nOc5Bgs*fU(F@XxUoVzeWV*g72@Y
z!EJ#yarQ2D`3co@*_@||FseJCp&3n%UWLMWN<){M`09YlA`>o(%u5^roQEW#KN9eA
zZANvc5YBCmCH`y8i=j1;GYX=^P!E!H3;NneJInO(k2UEE@xRvo5uY6JZyTUr3lWO*
zDR$<+izpT%$<?G_xcr87g##yWdk=bxfPw26b707T^vMnUMm*QMu1o^yZzNEHu@>^c
z6t<2gYJPn=!)B<2%kg7KXiES?HnEO6VPy;SMwfM7;pH{(Q_eLGmHPU3=TsSopv#4m
z_F0>2xwsH&=6Fq~6`#0y^PX;MVOch1%x%lyvTijjj;MLOQOG^MM}_Nuon^SgKlylT
z2T=51e+-Zodz2L>bKX8s8fiLS4;W}E1I+~bvtl13p-dnbF>uwmI8<yyl)QncFiXKX
zgf?XPlaFTrn|grT5P&K;J#%54kM@>g=@B6Eio@_-P93Z>T^M3&jsMqLAewquUVLal
zQ?Xi+%}hojg;i7GpPh%WXvSY_|A=HW_$N-BzIpJwaH=dRau9o>jZc#7um{t%%wdD^
z3zTCVMs3yEyuuzA1GRl}oqny`l9NoM)s9Z@vi3mbx|Zs*mR5h4Qx`C@xZC`akvcC<
zDq)TB&rhVgUE29dJNeyF--HsXv;>j~`z7aJ#qrSFSj4q(B*3Q-)P>ANI9bW6%;Nw7
znQCJ*;n{djULTj&zVo`Kxp2+f&~F@Vz!GYlr#@JiCXf=6Ej49*$g+t)oA}_?+7uIQ
zLEz?`Rp-0_mq>rJ-JwSAcf|2gdZFmHP2RQd+GX&OdX{%nK6^!bU^;_dvob|V>f7+D
z*fM(@QL}+4G{&LHW0?-{>cYWs2WS7+S}GR?OIxcD0xb{6hb-2S7@&(C>z}7Vp?%X|
zYyXIq6$C&hX3wpt_3ugK<zT=_MQ2z%HG}|Nq3?2})x=w&j7k&Ohd8#yYlV&jyOx3l
zvjS7`ESbAaQ%+!_t6!<<2=IDH`wV_rS;D9g-hjt9`vlpS?KS-myeey7Q}=C`AwsTX
z8+XsA^5%=1SBY|7C^VM@n-NHF&NY6c2;)gs%ZAb-?)*Mgzio}~z}Vxu5lvoNvp65W
zmuIS^({oT(<OI6a5ZW5tzf11k5no_#kl(e6`?Nf|>{_}T#8kMVf`ngeCr<S~ufp=p
zW-C1dECg|9GFMj3hS*=ZqDbam=zRnew}OjOGBAxSd1(q(ZsR4dT833VfUpA<T0$U`
zKimxef7Z;~nrpTTt?Ku8>CQVbbX=((9RFm^y7T<6wSUBA2K-wm+G>9JbC#;7p}W)Y
zryZH8+fwE=Zk89Bm*N<3Cb&YBWxalwVu!F%;!$b|urjZ(BIP#%n9$?`t)J5@V{>DW
zlALi3ecR>qxoPrdI@o7v0Et%=wmoNc_$7~&Yll}jzC=_IV^wQD`W=#O;pf1a4wn`K
zYvB0;^w_oO1|%j0zN!O-e{{^*2&-V1199rI`D~kQL`K-V2tyfDN7m=<kj9kOGpT$H
zGeMj5BR+Gi<<*A*W_L)AW{Py~npiwFK{;R-6l)o`@WYJd)+wW5I?NASDF<m-uGjf|
zmjPLvFa%L}KNnGo`l;&tivbJ)x;ys+sPe57?`FP;!61<TS}Sh(bXI0*v*Ee)g1O?^
zw|?de{JZn;H`)4Y?H|$U2me-V)NJFaU#OGCH)A=)dUW)i@%r9)^T{oBh8%p@We?1_
zG$Fus_?_E-*8l6>Y1dFpNMsDVqFZCLG@Jj`;f8!IgKLGuj~0nW>ty%%P(}FLaLPZX
zrOCl2Jt;@TbspvQWxpuIwJlRl&B@%M#V<5)+S`oo2Ku*v-cA>NeJaYSJu6OTuS}-?
zoNyacAGYY*l+zFn)lMem498Gy-JaU5T#M<w&&m>4#PILu`Y2i7s_UJ?OI<`_L6>tA
z-rJwpf@OMDdqs$T^q{WE`Z-G44suX~(bwX9*8r?B;9Y{Q*`1SsGS6q`05bA*AEO-)
zEPdQEX}v#Ruu&_?yp~A+Ypu+%T4zVV!NW@UKxl(RjP7UeM9iP8Nd<5Jwf2uV(}I7I
zoG8nM>DS|ZyyQ|a&Ep98tKli9SYQv=>mB9S7oyw=$IoDbUi$>dFB`S$_^MBizO$)x
z6{?dw!0n$zQy^oyrWJ(4Bbl7*ns2v|%gv67DR@rA_amV@qr+h7yUzTkmiA^E(Z4}z
zp9P!JJmH=EC81_Zi9KnfOt@-eT8Tru1jR>R6+%kKsw)W5EhoYY?|!`?d$h|Fyf3#{
zGS2UHx;4c5@Oh&3qx3*UHID$ZD+7(8BS;wvu|xDlXt~*4Ym*(WOqlC9+@C3$t01Ah
zIJ0-b*4ehsZOkO;VK_2*<<W&9r2IVE<S5IM*^rsNhnup8yL-KrA%r#UE3BRHzt&m;
zP6WYMY8$m});Djwn!HUTp??3#+G(ftUu*x!S_1??)%<I`9(*kb6VXr-9a#skPFMwN
z*Z`e~BUT7$9E+reSEOMj|LYlti=^HaV2N0eP4mqBn@83s-{tP2xU&td>j+G_&9H)o
zLm%9LpQHsvRL;D4Ad$;(Qb9*c6xBYSgcUSEke)(_{Q)qVCnaE{txF#*Z>2K3%rhZR
z^|BSP8paraAQ{VS`stySe**|<AERK8mg*$^2{O`fVN|}|q?Sj$V`aF+px)E<N?4qV
zv=IBu4?p7Qm8Vp<btrbW4}n`4)qIxGmd#CiTFA_=PvF}@TL3TWsrJ3u1W*z~qdu8T
z;f4g~Z4?$W<Y0$iy09Y799)aQEd8Ls37cUR|Ft$<$-W?)nz(ORSiI!1{{?+kSoZR#
z4=wyD{ny$*5)|;Ku0?4Zg3kTG5MHR#4Kk934P@#L<v+vIJf-<b^rLj!8Pta76^?#&
z9@h5m!_pg#O=*)qsy_FMy#u9>;+GrJ(mUL}x(C6SWvPc~erOd4QNLZp_hX<Oym~|p
z!MsQW2Il0mUx_8*D{1@Bk*(?6oYkek*K--t^VUfUP}t6FB4tBIjsy{+X&-_nI5Y)I
z!5g7dc8djF9d>7Mfo1LjrOM!&BXL}Q1wQOO-w9*n1||*E1)6&lB|8>pq~6n9b<RB3
ziBmRJ)MPSFXltMn7-3GFDs&#4Ts9vN;H6y(!_#J`3o=+N(a12K1tEHBW?q;u1TUJA
zH1OdiJ){I}h5uSxHbtYX<&!D{?Z4)`c(2Ih9Q4cjlQogql)u*g5!`3+FZLmu!8TI-
z>00eKxQFUZ7;NomuZRmEM-<XWUeaW$6I|2*l$VU14R)xoS75p3>CUAzEyTnzQS=A=
zL`DHbJ|Wr6c}CZIy|Ze(0mEuRe5E9Rp8UhKOEHU!DZNN;R9I7W#+M)iqt)+YSK}7_
zGctiERQqHt0#8kPVP~Vy?NV0SUEr0%bnijTlg%yxH|<MzNo!)`l)C{rMZ_xrn(u|K
zMe9lRA3wXTzM7nVQGcO!Vl?Hzmy+`0l`Hhc>G-bAQi#5(*3Cl0J6w@PZvE=XMF>UB
z5JB&sfNjPb-5X7Ha|5q4*fd6NB*{w3?awtCZ(nqlRFG&<({XQid-<=mCtn|1e|TcJ
zpz|@aZ_DvgQJI_UKXvUje)zAoe<VO3{EHcZu=bk08TrV8G_;Ks98?*D`C-WVYkif+
zlB?f;9mt+O1f$dU9>A}{ma{kR$$zxy_uf7AT_Y7Xu6I%?IkI!Y025e`FFb!MD*k!q
zk6w~ick$HbW6nFG@We<-v@<FrJ?u@M&|S~3Bf%RaLa$@Y&Zi(~PmyYaX4?vsS8E14
zFkDx5MPOoQLd*lqfm|ib?0lOxf2NB=p(4xE!T#J3mUn;XL8q{-sbVafZZ2k4W2Pv}
z^vET}rq@O%|D~5`O_F?7vVP4i=DQHS2^>}l{N6{MowB8XTzl@xM$>NL)DJ)PQYn->
z!UA^2+TXbZz!7z>pQ@QGLX<6&*VPe#9DfdhApnT}jLq5cs|F$}-f&qF-+jD@=LO|B
znce@fmRw5$8U!AS=l|E;KTgvH0Z_~zqe(ycZfK4!du+5rE<OkZ)m}%G92suW1SgKa
zZ*zwhPN=gg@=Z#BM2{gVI!>Rr9U*Qw2oVgO62(xT(<E%-7P!bOpm{!b@&Lksv7otO
zvyP?7lA_j@?hTPXY?Qjn{|Q#Up1(c677%g8!zRtv<u)$8XnmJ08t!!kN;Jt-Sy<c@
zZ}C%1s;SBGE1m!f!Zojsvr60hVZ*yVc{1I(Hi6fR2xMt*gPdIHW~iiE?>&KYB7SN`
zW;o(#-BKr($V|{hc?G92<Hy(@P%^qkEg_w;_g6UYOX9s>v+G^re#xd`%3NvAD3HA~
z41;EOO%2__(|(*Z1E#)x@}KwMe~0IQ{tnM+ff;K4)q@k5`!%6Tj-)UT{Y7}gR>n9`
zLgl2b{JT~vShTve1}300u~<vVdiY^%Ot+$tq#YhlF&~+nkNWIbTK~0Etn|9!9{QY3
zXL|J|?XxSOK)EX>Ou&j5K=b_J>XN2U<cu^2)34i7RV@Xp3ud^aL-tdIX3=0|&{7s6
zMN0$N>p@0Zc(fC{+`=T0%`Qy(7cB7mx%_ptsyHT&d_XoXRT-SFfD#cp_B<89S?QN_
z=pulxo$_8Q`?#}W>dG>wLp}A`#Y2z-K3+}@&q;nMxHm`z4PI@Fl1RM8p!N1UP~~>3
zW~bx;qr|iwn<G^@W&xetXwIM4F*Z?O^lSDq--5jS1qWZHK9LeS&`BcZq^YHG=xck0
zeC=~8nu4(plk-m~WFb7g1H%K!yK2)_>zT~*D%N<rL(J1mEqU|Q{Mo?Q;z4``vky@P
z6`Mk)oGSvrKQ$p)^|62PaLAcJLwC-}9`BHP%J8%DJupi1*_9LV#`x5hWvbvv()3(5
zVnF-qoyuU=Hf3Oabi+gdHvZp<(9(6Dx@0OEAS{=s^)%iwm(l}h%|Fpz;obdv*Zz^(
z1?X=ZN(>HoPVBW|<M!#g)mfkPDxM`Kd{$yX(Y=^dz?x5s^inL2*h$maD%6<gYV>oO
z-%{a`kVRQwojNzNiyuE=_j8ZPW%%MW7Zz&sk*mCBExvyDq{MTe#zl#|g7KpXT^6cJ
z`^=e61<F-9-=CTp5#$xL_r~UEG=fA(pfM46f=z{D!QU#GKhqAy$Wf?8EzSo0G;wCU
z0;WlDuRimZFr|-aBQ3a{<Hjb5&S2UGZWj+7njC+4Z-Jtg{#ivmD*62(C(3_&(5{7N
z=-Jhs(UwH@QozIo$RhT=bv-<NKd*+Pi<cttUJKIG>4aF>&4vgJdFtKOv$R7Q_*R>g
zN~RonC-y-5mW9->$(t@dRrG7x=qYkZ)tp+bt=Or(mg{l^0QmOnCmlQWk|4FlC}R;y
z+7O8tiQ_z|BNrI#+{w<auyma(6%St{Q67hzU`z|_oo)w6u*9<%WzO(Ko|aN4Ook@4
zcpb;dD30JdR|TpyCSGMs)d}oCAhyR;1mMlTiBuh{_R+t$r&AEm+fvjt&4wK=&-QuL
z9h9Fc8QSl60)}}99AX5r)^9gs1H1Dp+s0o@FF!uDA&r-)>Pv@;@IwQ>nw<ngynyCL
z+E*C9pT^V>cY9(=H_rhXL(HB^Q(>{~)i^m05~NnMnbdWDF=JYme4$$yCvuxnw+`B;
zB|2IaNumF8$H?nkYf1oh&tDopcZpeFlSodaRO?v<-7R4;hZ&~=E>!^svXr_YX`TEm
z2=Q6f&guYQZlJp0)HSHOO||D8?NL^nK6;lbM3ayLDPENrd8fWDl4`v<%r@s9*!4gJ
zOa@~oYAl_@8Z=w=8Rh3S)N|wo+4*rf;96hWBL@XG03r)aRUi2~1j>`4=mDKtw|!_^
z1N_Gk_YPW3miEJ2!e#+#_OX`3F!M&ly~Q=V<2Yx1jel|{GQRCYKsvSahpPU}^ox<2
zk3}?Dqf2ghKZW0u=7DYX5vFap6Q2>7>soGWIx?Yr*w~kxd$g&!<vu-eN)-V3OzYY)
zY2fh2NzVRweMIhO52^@nmFC)6`kLXI<cVuqlNfIDu*1;1KO#7$%C58?jT(!mazNqj
zFu6fTWkn9ZGPDW~W~xy3C3r|RTnBNH_v_G07+eIJZ<4UxTc-O;l&>)!3q`&b$87`<
z<NsZ#&l|2=lJ%<AU^#t4qIEpbwvkRDe|CwxWsHB5@Q-{`!oT!{@?l<m=8bJxY?!%U
zSl?r;R9WD6E0SthdQo##s7Y?}Jj2j+t21r-6(?tIYpvk!(h_zqLeiX?xs1TEPy=yH
zxN96me#PBwnwyS3rjkL;#P`IGZCw{^_$>k8xXXR@P4GjeOIaf&jD+4+Z;9NMle^OP
zC<F_fPz*w5>bs}FfJq2uAH?DBGcyTcln6si!s0gL9j{hx?tXc+WEjEvn4)0%%^NME
z8qIxnyk`Od8-^%sFoJ#j6nEG2d!?qWFX4sC&?__bFvK$)y2Ob=r@nWFX1E4Dt>1u!
z2tR=<eCu~OLZ|}@Y?HNHx(3)(&jg<^mMnjb$wC(PdBXHJ|0O~OX=5946<tvL@y%j0
zeQNrp^M0XXJYkmyc$bO}S{RW+hTQs&i30CT)*X@mPX6&5>ND5GtCP<_ZEkRZuzjzJ
zeOeIE<^I+~_^Uy2xXf7idtk^)0;@CQ)Krz!X#GA(ezsW005_ch{}oua^Qd&!ri(cf
z|CVB!vT=b5ZOe#5g=-;S5RMCOOMN^U&1R_S1K3@QG}#lFwR%lGF4Qh2i7302*s=#(
za<gGY$K-zg@|Qf_T_kHlLX7h4skOMkw>DP-%K9eadpxguvYlR-sGVAuqNR=@F@{a%
znt>kk#$GJG*5iudMS}k%0`QlxE%A|YXDsk@El~u}|2OXsWSuWx)}8*G8|zT%u6dqv
zn?%v~r@9a3ulx<oKhkst|84Ch%mFJ;`_}dO;st8^>!rODNHZ%<CGjViq!e#RCSJlD
zd4bQk^WalcS?EHG!Mp_Jx|4$7sd0{~m;0o=_HDw%s#O$(M@DX^S64Ow^s36r*0N#j
zJ-U7Tn=ZIXCeLa_Yn@=bl`4r4Q4LuUd{@D%V8{s&&mHuaDOmz{hNrPgu7N-S<pXU*
zmH&=;Mio#vXHMUzgLnR`f^z8VOK$_xgO!Q8%2=JQu6dmwQ4#lB_wu#d`6^G37i%8L
z?Pm;U7sQNVVg*2X?6Fd!JK{tYGUh7d4@qaGAv>^KGYa%W_i9r)@vjKP>WRw;k(iS0
zql`2d@Q=yWHILfd9=f0Wc__q(Vps!nAuxJ7l;#(fJ?-=FM0hl91hC`kJ|(>cdf}9F
zCNyf@Nb7YW!D1{Wa>B2_R|2>6g4g#EZDw_ubxn|ltEGe(>9Sf%uAroa!!|_KC5uYA
zf8r2iolb%*O;@P^9yTyhrF^6s5?(3>q5}eaj2;x-dEi4idM6+MMm!_cww2&9eU=WK
zApt(%tapfDQDyMHyVtp66rDAOj%;T#Os)3!-nE1nnt7?UUvNDh^QOO$&>j3VIg&0~
z-P~km--i5^PO%|9&+C@bVE;m=b<tvYNz?Pn>NUVF(?^UXZ_1HUe2SvHqnc-V5`d?)
z-H^kXzK*PD0o?T8)Zj$m4TGzl+o}oEpu(()@N#{DW&CNax;_4P2>*}ZkidUS*+`^J
zE|R{(cYyNA0_*YP$jl=9Yd^ig>*Rp|zmDU7XSw!AZTWZ*kE8J=?-;%Q!Z*c0;;>Z-
zT^~7mi`cv)VxwVZClT;*t_YR7`#8!BG~!P7-PqdRJ_)~mrzsuLe;oV1aRpp};d|!+
zSFXzWKxgHO#^!AXn3Ua?*2u}vo!`#;iVqhrKbSh%pmdgeD4k&0B!<{CYZ#|#7P`aA
zd9~8sL3#uk;iJqUymXTb&<&=JY{#JPq<#_;?<&yf{B{5Y_cGxtzx_7V^3Xx~IszDY
z%W7J71^`;|2an&wRWISxRNKPubW=wqD-?MPUK-2{oLuZ>J?lGp=0U?*7HI^Fr)?q-
zUW9mS*_b^w7||c&2?vcJp+ReUKwEG&PaP4YcZ?15(gmpWqTPy#%qkD@4Ii=J!AyRi
zvgv{gomSph=q+kR7UGkw&nD?uIMw*f6<16oKFGJQ%2A^_QpgABI$RzeepU8W2;SE!
z7A1UcwrSOq1&5#Ha>dhT!XC3_IAQIS;rQhK{W|L`^qw)!vu>&{&D7qWCan7BQvsZv
z7g)slbM2lG+RrC%qzKi+A1bT*1a-{0tV~ilMQEeh{-_WK)*|@7m(l@7fbkM_mMeR3
z(eUh-XP&S1LKRF*b=*lS;YeL#w1bk?bB#ccF0Q#H17(1-a?i@g|C<_W3AF4jS;rCB
z35EG|9c~O<fvG<SC_37#vwv&NKhm@U|LvsQ_Gwm!ZP06>Im*b<x}YN=Q?8OZjQG&8
z22z72UuFG<w2@nGWH|+PIN0+EL))|RFqDgk^vK8p|DLQXj8hxLo$4%z$$3PqImTEO
zj={7<D6>f>lh(%Lon1+_=CeIo^cd|-KcB9RPxkPJ7}TD!H~FSMWjL0JrY9saPc+yk
z@ul8)2gkE$9Kzn=(D>a(nPomSrV_oFWph>CkPA1((3Se}v)aT$_!mLg^!=K~$PU>?
z*ScOGd)VHJab9&xmmCC%<GP8cF~4hw$=!I3s&yzjbV;1bQ|^n3tJww2<8dxc85PHL
z`a#TQ#ua?@&Bs1d;=(KEve9@335#KwaWU0oG+TplQCiR(XFFpuv_ohNo77}@vn4$M
zk;9B*dG8zl%M<8y(ozlOkodxyr~&9{--pU1cc28hwwU*R)*+hiQbrVCe|FeLPf94E
zC^xhIS#>h*W)!3Y_*w@mGEpk#5lKFX0eh@KB`tNKOVI3rX9rvGBa8X3Pf#paOA!po
zmSqRH@#_Tvd4iO|1$NvyQ5Z*V#N|<<kr_>pXI!V@Q6@G6DYACnwBU+3<Sp&bcd4$s
ziivzbElMy>rtX&+ehVXsv*!0ct-+btW&w~9iBsAbK8N+4bkdT{!%sc*+nKQ<q;{qh
zP|2^y`AzQ7K|>S<-&F6UA<6%yhG}I1sa=_g4jFw+bp3J61afIC{m&Dsl27t)YW|T_
zF$92~iiW8N68~bf6>-rDgVvF#bX)QtRgb41AKvIZt^_1sTZ>pw$KmkErDYrUOyN)&
zx$*t0E!(>8VQ@j|`_&Tc6w=LBcJsctziSUciXEI_HlJQ(`r%m)NHQyPjYl9oRc~f@
zX)R~=PIA`pRYUteXt#0Y8Sh|?*dO#RASk#=hHKiPAj|0)nFmDG6J^?6mYeRittLJ0
zHzicE<<c3TV!Z%UHQEc5kA~PmO|t2t4?pH~R%ya;NL^c3OUKv0%E^H)D8ViKdbL+H
zTzy*dXMi=>gK*v{%8CPX6cWh~q9$bB%l8~^paV`OmC}+x=WC|TPh-NSh(#Iag$ifa
zQk|$wFSi!SHFAj@a_S0Qi}9c?ATtu{1s52jIpc8Wbub3(Q(9&Nke=dWCkrfQOG*_c
z^UMbaxysyVGkE90`BWYh%PdmselV!Nk5T>rv13fVzn7}z4o8=<5+Xl>Ac#Y%nnS+r
z;_B#Gb6-#;)Y{A)k?~a%S%hnBQJc(QOFE#*;(Opoi8HEWI!EJX<SIREXaX3BFyMNf
z@j%Cwgt6mKRafN$hJdk$-Wt)}Qj2j`tUC|Oljn{mMXylh+%;$0+5I!=7kA#I)6{vj
zeN%k#mNC_2=!WX!Ak7|3o)flJ?#$l_$s`;@%j@=VUU99}`V&9mi%*=m#r|U9zo`)&
z5+&e1N)X|Y$?Dk7o?%0(EB-UAuanX8zu~%nM3)o(i-|{}zWRH>J6vP6VUJR$t!eOE
z%q~fb1=MNDrzX6~W9Vs;JiiwcX4BSxZP}90=0_7P&*Xb-SoqD8TF(8S@7BSwF=lxm
z9lZj^7p@}&D2riD-g|6?@Kv%;0YHjjShhIq0Od-nO?<9Ju|-dV=^i`K!rX5yUyBV^
z%DSmRyJt`93Ia7RHO;?kQAFB_Bd!W<y~44B_Zf}7_4<WONAa5{<8HJd34nhq$qSRK
zvOwfgbrG^|Rn(vr27udPVC#GE!Aqevsrf`=Q5Fap?kKHKreGAEldfeLR3_UU%yD{+
z1~Q~Qo(o5CmF;(h_%<j($^+6vL74egTSb-cRI9|9Hp=pvjJU*ZH@4KlyVFn!WL3W1
zLfhN5W2&kxkY3Neh<~r0#&C29D+y`B<&iR2a=CKaw(}f{2=b~h(7-{Wp+t6z@?B6x
z$xi2U6400XC5Wn#6uos`ceoq6Dtvi08Ys01V40R)=mt^sKP`ik8Lpy;Xz+e~zEd6{
zl@xMvc!mqAnw9g)U-OLa5gf}maefxpj6kO=-4WNa2`2FbQx%M==p#l$GVmMA5lyJ{
zwHb7)V44E&*To}Qn`Sq$mo$ez^c5%&jw+8Kt$X?+O%iJPic2T7ntTz<{yt@lJ8-=C
zxz2f>Aq<xQ9?***{Rx=5^gO+dF`w62TmRqGh?kW*UvX5oZ$JF7fMRfMw{B?r^Zy50
zk2`UHYt26*P6z)jG2yH(i9&w{3D|I_P+eem+$xs&|FHH>(UrE{mv?NN6+5Zeb}F`Q
zCl%YaZQHhO+ZEf+mwNx-Gv4Q*yGI}NKHGELhrfNzbzgg}xgf?|`KE!*bxpqZ!RJx*
zF#o9HUb#CUY~bS4eN`DwRPa9`iCs48X+2q5A>f}jpC6%(6fJ@(2R&S)7$rG$07757
zjX}G)Xe5SjuAV$sqck>HuVk>E3W<>YUXwbt8;d7Z2h?iyoNWs^kyckO6{dl<u;5ds
zM3p4=$3C7J3{_%cO}A4PyvHznnfQ!<dUtV@iAhnfM?{-dB9l_5ZEfxMT7LyiFyDJa
z4s|OMCGjWd{_Y9JkRRCZ+%|6BV7fq_l;Nl++#Q^&7Z#0_antyz<=jqrxQ33TDNZwO
z^PyY3TL*S=%?q8NAkrMN0Dj4_lS=)fN1cr}yjp}%ZCuA>bcC627~ZCwCs|cE>D_d0
zgd3%ZNT<4)g;I~KKsIxWJZvd_HI;pgpm^FReh2KW^Gej(#|$6Mi3luYjstHl=G?Sv
zuM`n%S!g;qlItWLzGw*0>rcZ)N;Uu+>U{rbH^O=WtPnwm{`xbn*uOYhly6cu=uKpN
zG@ZR`N&YYq)#2%G@S2B5YR*&i#({S6{k2e~O-i{dsY(CtDtPDXDRD(Ps|n>*SIz8j
z(VTFo&?@p416m{^^!65tM6^pjs$E0~3HjwlT|G$DUXJ)qC8KMdYCpXr1&Evkf_h;b
z;=&4azk9+6GWg%rNOJLHZPLUWky*>1!hUET%*V-md^=P|BHdqV{!wHz;NPK&bifyn
zZz6aw9x^KqZ{@gYvIpI@8V1YUfIs5ry0^WTN`#l|V)-wHh_?&osMFg}c~j0GW8}bC
zFimLdjJ5btAERmJbOWne0Zh@36vXCn3~@l7`o_$N3oxS1&ic8bf83_WVtA~)bY<1(
zl1ckPavwy|-p(+*8F!w`qPbSagXK$?8`JD?wvd&`Cj>8;7ee8MBh2WKD;$Y{_0y|a
z4-kKpLsG|hQ9VGoAj+(mz!EQaVkzT280N8XI)4=KmS7ziI0r+tI(C+$M%JJ|O6>xg
zRTY%l7sXnWo?#KUE#`f##|cbJNjrBI^>YVoxs2_H2meY#FgL^DTq`TrX%lFoMm+}S
z`%T6PCxaCmiB-;y6MSQyZp$7J?sfouLI-aaR@x4@v7@v(t=VY2x}^1(25`WW8kAO>
ze#Vo0jKD!8VY|cInDb^y)G)^vpJBy$xczjw{;?wa*>Da+?LyS%d18wWmUD=LDPh;M
zgLE{+LEelc{yWk-dF-55+*Nj$l0UDJyp3TNiu+8cb7Ew0ei*UN85J9eX+6z;>ayNR
zD+>A%9H|M4tywW6k~g?^+k(e^^YO#sMPfTafI#0>4na>fBMmp+&=V#f0)$VAYC9^)
zlLjw<!-jdt#rC+UuNsNeF*{quV%5C%{giDb2#|e?kl3isayH}N)L3c*sM*&(P5#d7
zq|<pU1<i^a|NFQ5N6LR%*ZxsJ*5O|OJ+b4YQm#HRRk~3M4P|-3GK;%-?tt<PAwSb>
zKARf+LYPR+%IR2)E_lraH0(K$b95tRz$N5~C(%_d;L9j~vfx-)ibvF}dm*F{hor4b
zUC}(tn^-)eS!7oOtct|q6oQ1Dt~v9pVE10o`AWYy92jY8;W7@68Xq%a03jV@HUjQ$
z(W<^sO~%aGFoW;RFdj{{o3g~#I}i(U@%5*c2ahe-XKN~vn~QZyj|>79sS<|w0xGYJ
za9K#9{s}~JDSHjTFGp+_cl_lxg~QwZ$9_7fh<9el!B+Tpj6?8jveljkBKjGIVP&P;
zN=hJxAedGiAW`-T%#j>o{%^Y3D4{50t0)0~(&@T|8p~wXjr*c)C8W1lLudY2)jpUC
zgUxhAxLX3A^Gdz>L<A*#C%{a5^uST=C6}Y0?e!I5`tY=SlBEISooUVIaYm1wDimd#
z(A#!<x|(VDmP->6G+AxI=fY>Yo*oh4shsg#qH}1cXNT&zeXfNtuzIi;xD>eR%gzN4
zL4e86G`$c2W;(kPSBtgJAzN-HK=Ar^QCTd~gD4Ow)77I#U#;d);O!E!u<7wCS{RM|
z7#R3)$R*bs3ugHZy&yGo1_vDF9xOST4Os7oyk3A|7cUA_BDCqDi(2Izc278WP!ZA@
z=*_)qjXJy)lq`L1&KOi1|E9*NLW}vXDl~bSku(eDHaPZyy0Gh;8Wc6)zh})q3Y9Ga
zKsrfJ@U26BE>LMzmj(xLrIkWC)@W`5798%m45E62u|glBsfRE_dw11lNpnL!j`MG5
zJVYR*lzcxXT*Du13GSeK*CPTT5@mABRg&}}+rG=89mKjUY5mV{VO3ieplZeKcs)&R
z7&-Dlc^Ib`R{R3iV8w9~Tt=otVtq$wDdhlXtGSUMEBD-lj@7sOm@@ztwk*-<@h3D^
zB~6qAYs|*CunB?(L%Xq4CKaDqOG1Xvymuvp7|<w^zl-U=jxHSsa_aS!sTnz?G<T!l
zIproCr|^EV?f95O>K(h=Zem?wd7ab$<l9K>(+re0*Vg<YCM}BMIPyqta|Rj|`-fZ#
z^0sB^(UbkPOj)N1^f|aLrV7Odj#%L_4EP=g#f7DwE=0x2*Tm1O>LK=uC7d&*5+;Mo
zGk6>xsQ#D4)dDB2g8s3g4hk2l`^LpjxNL}XYS0n1Q^E%!pN(qe)miB>7jq%2974y*
zS-GRsB)xFcwGPM!!=S>kO(^~+<VWoYXlWV_A(JiwPrrcO5UE<zi%&(x^Bakq4(zbJ
z*$$F%b`gdh6&6%M?O2FR_Elos+?sd|G#;W_8R*X`Cx#nytJgqbrh3qkMOeh@5$zf~
z<_n#dd>y!$wp^NCRwQG69uw=@n97aRdqNef352Gd#v=i9xqzt9kK6H3^1FXi<3TxK
z3*(bhe4CM%9(Vr)lmXsZ`dtm@rt|%!<{t$)`}>xU7Ij7EK9XuJ)bl*63+qd*UD*6p
zso1<8pk3bU6I4BNtmW{_Ct-MqiGfCF&!^_W@i8@VbOd^WR~A6RR#d4YW%XR?Cn>yx
z8Yx0E50z>dh~VrwSllXJ!EKsZ>%@AAX3TBTk8G7V-Tm)j<~r<i?IzF|{Yr)CK%~aX
z9VJ@{Xk`%d0V|p*PX_Vby$xfGp*Dw^S!BL)QUH@83uf?F{U#~Fu7WVB7pojgN5+ig
zUJub15^t%&X$wh{%Wbc#xPS)?0Bhw5%)WNnwRow!TQai(>lA9iVklfj(nN7@X7je3
zDWU^Bt3wYW1?rz@Y4ZAWjAsv7UNE{vrB59Wc)0wd{=b=i|KY_m%a4*2*tHd0wxWKB
zjg>_bIgF<h4_Wo<Jt|$fdDz}SBj;HfY)p8zle%%zO!;x#FM5F}J@Ott9=GLE&Bh5g
zvOag_rP0nFw^V)m3-z3-D~^k)f-1Lk8e-aPB-=~Phw9}X<)v!yh56}JM`tFTz^j$?
zz7~qw>n7_#qrxxliY2;&&bP9cQUdkIGfE>mBb~UlOOj|Ak{D*KRYzQ8RpGQc6ci|~
zbo7TyP$5^J+4?Y|BmJWdy#zwYpX5<g8bm5H8WJ56^QFl!)l}Ek5gK69?hVC~hh8yq
zgvAWb7QjJjKdXM`g8WURi-|V~XZvlPe^ZlnA!b&xMsSyh^-3}I11IOQ#^>z2t|_E3
z{!7h23hg`mCpmv7p?`elpAfCXku85}l2S<G-iVL;Xv{5jA;|7tT<_z>L4~N|#T~Xa
z!#XbK)UE+*z*AMV`gX}hxrZIxxx7h|RVn75fn06g#v9(u_wTK8y6Gu%I6+@7umK@x
ztxZ8(z>2FlqG)M2%@;^Aa4H~}?ItN=!SPuw-V*)vv9Ay83iBby^LGI~JHU0#kd&#A
zV`-I@{4sMP`#t+J((1ZBxT(DsdC{zbJ=8-<U$D*Xuh4WY7QllIx#(CDXoXwn4Ug0x
z>I}7olbay|3tWs{*J1h*hV+i)%EpIuaA_u1^)*ct^Z=TNgztYQhIqFiwy8+q<_aRC
zP~0oj>t0V8ab$zQ2{h_VcL(bS080z~uJ%|k>snzIniyTW)2C-pPpZpCNR5(~bG%$R
zi+Lr>7GLT(Y_04#k+ss9+f(nQS~dvoMi<u-BV{xeZ<3;AZYzD8{PVJg?E?NR%6<sk
zaHrc1j!@!xg*Un=@aW6o!og~@`pjN+@DyCWPIlQvK^!eJH#k>{D`ClF1KBJxayHH4
z13K1rUMK<0_`<i0Y9Fm#LHl|S`kh51Jhp{AD%CiJCN;J<#?T`D44NHa--$%L_=sx1
z(B50xy@xc&tNE;4w@B&y$^t&zU0z!PBjh8rt<nL(0@W^??Dt_|1BmM9)*`|fS{Dl)
zmHam~dEl&rb@OIY)s;fn)r2UI)ej{m-_+bq8T_T@A0<T&{ta~BBRWN^pCrM^NZWoN
zK<0;K;CQLo&&bDeGi5#88?cMb35~J6<hew*MHq`>YZ1wO1=F$oyk$QJjlIXGf_H1W
zvEFX<T@NcDvr49e8KEW8+FapaOxV=zambpQ3d*mRL&cWdZj-j?a>r9_VjFkYLeUMP
zeQ<jyi67<ILcMwXfMsRMct!`gDAl7}v3Msuzn$q2-f}1Gx~UrKVyMNb*U!abLO({r
zdsj!b+n}ZxbsYt8`f^Ds2QnJpck`)#a1Hu-7_(e^md<9vxk{KY2K6#!cv03@C%0qx
z1!xh-gh)Gg$Y+oZ&Ho;qJ6D#<u!dN>Soe_fO^E*z@aP!%l%T9B5ciLq<ApgWZMa%F
zqWGP%Oy=vGzfLx!A~)#J5l%RUz-IbmY5C8l*_L!<@Az8STKxzQ99=uxZXVVN+3Y(&
zF*uT-<aM}8*2vWa6pY9RSVW!JV_hq~?7`3@H5+9Tezy-T!+KCdQBpa$s)`K}Tj%RT
zeW`ysNA*|k#o#Uy9Puow6#KN)RP4ja=sfF`#}DP>=B;8tL%ng`ISzI!>_Gk`VkQgs
zGYumTyexUG_Dd=AT>Mvek>4kJ*+^&al7QHl#-l5rX0UW4M?TDoQZA9**m}x&Jj%-t
zR-Z`2U^{D2_}1~CQpzNS9Vd6%I#?hx%Ztx=uNCM2rlyEH(g^qWD)Ykwr!)7f7GZrR
z$-wuUcRB^zUuynQD7C($S(tp`mQO6qI_zJ2rcCRVudrUS;4%9ff+&MK$R(<dhfUrz
z{9?oUY+beapBqhoMEZrUoIm7~Gws$@afk^=b0j(5+BHxaE!^l<p56?<Sy>+8r&rxX
zxTKp`FZ-<DUaWRq@SYGO1de(xK2MAE6DoE>ZTW=)2o7k8VnEnT^HRg|$gu*;lCqns
z>?0;B=C_4x^FoLM$;iO3Sadi-2yv1TCBL}dqz&#}xd^AeWzepl+$W-q2JNBn`v!}}
zZhnx*K9djI$Kj&O+Fi*vWBU)Jy`PIV++;N=UzKdE4X4C_{x<6@3nDbDS1$50r4y>L
zCpMGb*i6Dcn||JDt1=IlzRIu10%<+kVy7wW`A(*szE|}dUhpk9FTT%sIoOuAwXzm3
zobE*Z4RM&HBc@b-;}W^TY$6r%{No1Oc!N`qDA?HK{mhWOJD1)CnMc1bQ~S%gNLV&j
ziB~9o=BIID$yzap(1m|C-s*Nl*ajJ-0+)STEuO?l<h<;iHz}d4;&V|BTTUWXw*)Dv
z$&kj24_hSeSD?Lx7_r_+=s3l&<O5nnqk;9&AiRZue72ELNSZV8G-YAb4>cazy#AtM
z{M_YyqE-z{{uf)`&){UXU9NspDnGQ+01_MIvRb?r5vs29guUrOUBl+6OQQhu`uE#E
z0F!#TMy#Wl75}EDI2cu$@nV7vM|q{SLRb%FJ~}ewo0^Z*|1@0vqnL}qf6_8jl8Xoe
zLV=x(0gMTJCo@>M4GRMEGx-3FzxfbTvRWPk1&XA^gmvH138E*Us=xexymI~ndPF@=
zdPD$GFnCAK{X?3+>o;r>)340+U&u%9$wW5m0OthY=fd!aT|!<6#f=YAg-Yc;)u=mV
z3Q1U=V3Pub?xVeU2j&uc4)<%~@}_^T1_fy&xEmI7-THre%8$>uZZQO9JjLi1=T8u*
zgXX-x%I+rzklh2wMvxE-%5vs)2SFfbn5}iU>l!`(;JzaEt)tWkVm~54ZLVNX{V~3N
z+3n|$wzKnL!{J4vu8_GGl2CGD7pW4V!+jH%M2t=*JfE1qI_~7rPT*P4!oA|%&J-Pt
z%>0W+mk8m0QsFsupD3urRaUl64lk8?1yQ7Z#Lx?d*ecCpNcsXcvh`+lU=W3N1VHw}
zvWjemvS+T#dbzv^9Xe{F(J|_G^(pYU3|NXZixh3A)R<>QHa3-Y^?W~9-(z2Y=TsHt
zub%p^H9tic=MQ+5+&Un{qcM*YEX>)1*<@kt`;I|`?MGD0T0iIWoguo-W44U!tS!wU
z%kk2R>k(6*W+8WJ8GfPmR_xJB<F3W)=Hp{2mbFB;2O;>U-dCV>Om|+xKq67}%a!zb
zUd{|WT0T_M0Q0kDZb>~N{`3p$U6+!e&%5TEEeihp=J?E%V41;xQ&T4FOo}(toNU5N
z;95*W1XHgBBKiFe_5AstF@b-S&M^2-c7*mo@aVxv8vFXpr;ya#n<>56ug$^uWIoxb
z*P#e@I*6M2XmA+(L7+Y3rwK`TUR{JNIBGnViuC)IA7-Gy4BZz$QV*afbf9%$I#N0s
z-A<Po*k!b)Orul{Q{Xek!X;jv#=M5@{qX3;#ib_{L>ItxQ|;${*opM?allObXZd0H
zDg<r96MTF_%f6a_!gw0GY{#h<5g64$o<;sdQ2R6O&NeM+0teqN4{JXVr*=sZJ4a>H
zQUd#mGYswgQNi$hHnc6+2iXcom2o=YsJHGVHyJZ3%8H)0_)BnfGL%`^1EIUyMPxZ}
zgF++K@UvA`X;g8@q4pD03iM}MCV>+lP*6i!=A?tqmp%F+T3rhG!s0@E%_TM@FUHiS
z&E(w2mB`@}CnONo5N3<ZCAt!)dPXHOirfT_@NVS|=t8$Kd**6eVmBPOfhmJg1EZfn
z=^o}O4WROS*Q?@h31z{ZREc>7=7>c03aEmufW&IJ*5*@mt@z!tBj5uWco5u}EtCNt
z7I_`*W%6`^3fIUAJ`UkAi8~J!T0hCOEtvhjS*FbN05*Xh0>Q|QQN1Yv_36cIjBVlS
z5#*oQb6FTqydguMRBaom%YNBK(<UXEiP=b7z`)B2goU$-eiL$5xk7a|NffY0Ehf5z
z_JL5w*%k4dY}Fge63tY$-<i1o?UZPS?3U>O$B<`r)vJTW7L9x~9OU?>h8R=ouS5N#
z?1{mDDV|K?H;$?ZOAhQE0EB6x!5-OMYiLxVIn^sRO)TDFT*xbz&*%AU*%LkY&CJc2
zOspc7$>WH=QD!$&I_*3&iv37W)jAN(bKPutN;@pvO-VePz;z!a3q$GKnIhu_4YnfY
zCc+`Ztn`-(43nq(I0PE<U!iUlXptK#plk=FC!VS%mJpd+WrK<m1_VqijQCajLrYKH
z<mS*ISL&8|NIR>7Q^+-v7oy`6Gbo1dnto2TC5A1<5x?kM9M0aCAy5k#G461hQH+Gu
z6X|?YJTNoxaWSm>HtVCpPPazrsBv7IQVT4<P8<6^#5qZRl*YH!`De};5Wi|l8$#!{
zXf;L!od8<oTTZP{K#>Wm^=>7D$eLm_FwdXahdk>fZp0Y6NnFWS*ozfy(x44UR##(p
z>GVO@6RPg`*n~?nycZ9rTjQ~TAsvA%3;@pbXE}DG#cLn=l5kIh0_L?P=1aC1ff2mg
zpxs~)c3S;cWLA*~5+sUdK>5N~&E4S`0v{JA1p?E+b?xHXr=*A%ve*mtI2}9va^StB
z^^x-Hqw~H>Dyru&%`&o0jpv^NAhHBQ*b?IHcc@`QYVAQ)gWVlcqaPsAjl+catYvFy
zV$mZb1XWLIuhKnePm)JFczlX;gPRKs0O4iP!zql?U73n|xl#{YZL%}Os7xHFjsK=*
zf=zMXnvsMgR;F9BIk4{OE*%2*yBap|l>1A~KgvKV{Fh;}0T4jcgP>ys_3+?i1WSHb
zkPSnkIF?h;hR>{^X4H+(!OGq6$0OA%mkb)r5z1Qqkzct1^oFhsgCyS!nx1n3dWC^M
zmI3R-@5gYMH2T|`3(FFGi>I3PYct4X?AV&CmoSMUU>I43jwD!&#z#}7w#}HEV{4i)
z<n!wbUm;Q)yKxm^?NSu`H#VMjX785au)S){hm(uNvI8^y;AVmd2Qiy1*8YH!zSy(<
zXaixYzH5CTCeV>M(*xU>7y7yuP#eMN1sOhC!>8HEtQGdIckFWx3Tt^9Hjm($IeZ4Z
z463n*D%=sgIPz)1F<!S0i}=c&#3XWBr$-9??5X`Tdp(yY>)2DdWzB_+6^`aLI*pDd
zP4*(Aq1A0zS$0lJYWe=7V1*mlMhxY5gbn)6nMv)yODj;x$7}n(S%BeEjaUZ=@hWn)
zq#!wM`PY45-xVd>jNieqFr?c|wKnoZh3oJIv7A6cQ*9L5>g=7bXeau$nqK|dkmB)T
zy9Q`xPMK-9d_ya}g~6F&55XVI3_|n=F;T5#2+?R7#E4XcZ)}DW99Gnxpw^+F0lL@D
z$AbHFSbi5JGpqaH*>Xg_I1)OfP+C|V?v)Ng6W~=^0mmmYR$YjyNN+Z#7I$-37F@jz
z)H)L+u~0%-=P0`g0ue9>tSD(OewwMUBrN}?X7)yTmHo1s&=~&-s`XInq^!kB?fa~`
zP<Z%D%|8l+3j8Mpo?Ox&SDNh}dgj`#`cz^&J{^aNp6K}!;1A4TsFX#o;pNixZa+ih
zVU;t=o`;AwMteWajC#wSeah(X?yQ!a6z3hsH>F`xfB1+}_&zme`-wrJ@rQAG6emL0
zb9%uYYVQ^w%a$I1#7STt*Yy^7$uf2bL`<T7CxyB%u?pB%pq>N9NszUU?6O35BU9x{
zr7qT6P9`DV(-RzAsiT!Y9j-Dxs$Vs*FT){t#p?ZCd%Vysi(v<VY&V_Ihc<1qUuAi%
z4;|S9<EAd!kRT3B%c<Q(&kmbim=V-XT89z!2qR=La!-ia0c!jZ%0zD=w*}gWSi&Zo
z0?|)+h2XM(yp9xe1t25$j1YH&=(!*@M4<}I6Y-SFJ*Z3<RiekDXjfUoI00BT5H4^d
zz__VDc``ZATpq1=JFgu>NNxGGXlcy0Jp2I;Nf`{c3mtImJRaTM+1p7{f{Oy&M_e(K
zF{MYqy-RAY#c`@DHLwBzQE4fRobb9ISvb95?5d4}BUS<BBrc3lZBfzWD911sxL$eP
zCDd#B*3^R9K-EUrAiCBkFi~g6_^&HG0#Da~_D4o4lfl|ujCmkEt)X=v72O$N!9Fr|
z@Q~x~IVLzuTXrbdKB*@9%4)%~>Ml*JQJ{zEyLt^fy%zzeS)(F7317@i<X+e*6N>0A
z?jDf;hZ?B=1aH@nt^ERZ^;PGG75FF!%(;+jY5snPQr~_2&q&%o%6;qieT|En=1;y&
zW=vUH2w)1$8+Lt}IIVZr3c@$BAZ-kg?u(&uI1}X_TqzBxmIqg?#}ZDNP{q5S3kOg!
z0ErY*z1>OF^)KghA)jV$jR3a1NN>k}bxv}W&mK!$nhS)<X%3m8x-nn;qiD=bS+Y>q
zzcv`&T{d1*spc8#c|m^su=&BrTbvlO!=-7QZnzYn+_hYApD05~{PIR`Exz)xCBQpt
zp1PsM`oSXmLhg0rx9!q}2tM50(4((%Dl{}lAaSMbG+1+HlPLej=$|N3fPl}jS~`VW
zu`C%Hz^N<qD^y3T)2irMjgG#NnnNFqPag2G+NhLwls#Kxh)Gx#oSRpVBlTH(HY2Q>
z0mK<nF7eQb&mDT+kZOZ-(iB4d6-Q%pGZyQRwYM^e%1!Lie+BTSKp1Xoz}EgbLp*_<
zvMcZtdcJH)yh-`uLsz4rtt@jpto3s}%@m@_%5*O+C}R8JW4nZ}V0Be2c+Z@T_b~S@
zJo=iQ4)>6|6&8e(AvLaS4?9LYP1Rz{$Pmsrgk6Nn!pdJ(!drE9kz)XJL^cp-+XLY8
zLYOA6nIxPj!@g)+sBOw}o>$)TrHuo3de2<7QUw4`l(k1gn&-P`d3i0*D=2%BG{(AJ
z{{fb~|9wj;sSb>6R1@m6GhRR?$K-Z7weN^;3t1Zhb{tFY-rz4ae@9pTCO!|Q$60o?
zSIz1<5mo)zhHcFZcMJHYrZ$S>?^*MYqC59})*J#UI}wIsz@z+O`z#66$PN%7K$0`m
zkgN2dYwTxdEl^f3)Rrz&Ms2fWU$pFcB_U+I=$?{CSrD2yh<VQvRYIV%HvO4hV&qy_
zj^@XwuS%lYlGJ=me-5H2>w=YUg}@d{7Jm$JT!&5H$P<iWMHS9y$}y@0ab@yL9Z9^d
zNnV`Re^E0XoUG5nSd*{1tPS}KGB>nV1sDCetMTB#j7Gi@+o1q(i#LcKrcV1Rwf8g&
ze~|wbD7)-pXYC3Ow0KmJE>-Yg`Vfh=W+c|-tbVehQ2X@vfE;lpV;Hl4O_qw8<K}2x
z6mAWjW+ud$wT5^4#L@)h^sG^mtWjLp$D4wMAt4`uu6L0W^ffXev}<-WeY(+wqyt?h
zVf;EPU(>)`M4qEv^~Mn(2*eV*-l`EX!in)mRzWReNiGom0d&ob`r4Comt9e5H?@4o
z&T&&5P!jj=);yKFi&Ub~H~A^xLDeNQLG8RNn+mp5Ap<FwgZh3eHzDW*5{$Gl0iaU{
z*JY4Ug?$5_CyFV7qB!pCMDRLaPB<q`2wT)nk1;`b|NamoL4TAs8+urHAn5)JeVQb@
zle4wF1@e%)%imp<oARXn<pEI<hYa3$6(!pm1@l*e7HVE1co_Gx09{@aR_U)^{B0C&
z({Z)8s6t!}MKENjuoWM>9x5?G-v6fNMyfEg(a6(A;ztB7(Jj?ohf`bVUuvS||5Edh
zvUCCeNqI4AL_m(Xp}(7W)8;5ZseE~yqfkp(pjD+JYHe>5-5ZthPCSUskdfb@;;?0&
zK8Fo!EwnqGlZsNh(MQ$xW_4`<-eL5nft5$1H~$t+MBME%CjPYmoa)#T`jnM}m<@Iu
zjWgy6-g}QeMA%2AmlziJ<4J@x|Hjj3lEh#}s4M15GU*{ouE=>N_YZK}P&!33BRV)T
zfHPBkOx<Nqn(hEh;yzOIvh4^|rFnCyGb!$fxK=9O0P(Yv)WJL?d0BH)HD5!7kps$e
z=%y|&?Lm&Tqjmo8$FC;{5ce~hOE3w-m;C^MQf;J!V&&cfE3vjF1bk_9b>83{_aF^5
z9EuFBj}xr!w!}FNIuI-nR8AA&4E}gj6EG6j`dBh-$YBQyW@1kO70a#s&T4j!rz;A7
z1+;DkxQ-kkW5I1#de>R>7@Dk=P{zze)*fuU1aYxGY8NbmkoTpd?s{DOsXO~X23hU*
z<XQb7L}yCQXcjvU_ZJPF#_QI$)Jc97j3a?gHO?%eT+P;?s#=O&)q*ixRE@Ix-bX??
zSyZGcA0CAw)H=DvVwQ?$RovGzpS#&9qDnpLxK~kS?-?$1>3I7)@7(lX=2zfsyeqEa
zYWAD6^ap&=U@E;H5Q9b(OThe_s!ohf33b3eg>Ypq%I#$wGi&}>`N|Em!))m|kfA{A
z{|Vp!J0|C0b#*Fs8$nWTn_HU<Xzs|#0|@+0&9=S5f5+th(anb7KM*i)qLY37(k&Xt
z`(iiB;$VX1m4r6dXnGyhy+8pBd_=>E16NQM8)U4?K);^YJH^_YR&nft9y?r|lRQ&2
z16OuU0s?e+@tHqd2>HEPi?s!cF{BYr>$bl`^WJ`QduvpJRl+x&2(Tp%hZqqP+czsj
z+LejFjUzGhT{;ge*-_sae%K>uI(jVQTi5qKHMrt);MaQuuVBAtMUz}Tg;ESvs4IXF
z1m>P#J+6k;EZC>-w!_YCg=-P9?6to(7vBI}j!{_2+!7=O`lz#rv%{v*^z&kELZX#N
z#JcP(Ns|5$iRK|%#|IEuNfVrH#a|Tmc(P-ZzCy)ypkBoJnX-M*DZXEnSY14{<@*GI
zgrAc1kdP}(zG9YYDA)n%z=;{;NFD}z^L!q+6K}LXufI1k*#ddIe5zER5^l3px>$*)
z-P4x3?k}>anYA_5fraoo7K4xHa<eac_GSj9glQhPQL!#_NIQ?Z7^WR8H@${c<EZ89
zL@5^VI$pFYjj72D?k~tk?69#<;zY#tMk_S8iC67P9>_@M0+bo0gt<qx70dAz|I?*F
z+F&R;U-EO@KyBi5nGM&Z*iBg9a+AIq(bBxFwy7&(rMl0mT=a0pBwjf1&5}0A3};+6
z6kgOT#MjoZ+xrq}MMlbzXHQ2I6p&RBGnOq2(Y$G`)I1bO{6FI@OyBH`H=a9u8u18n
za_Mnvw$fUXb3b5#0%^l`P@$pt0DOO70RZfbtoTf<9c@j1+Sr-=J&68!&=wy7ARzT*
zNnM^yAY54-v8_66g=I}WP+IA=vW4K?CNL~e3+W?&(7S*AY_td<SpDjA^Rab;{3h*9
zr)uCznF1ldXv~O1MwSxy8gbIX^$HL07Q^`}VtBZmE(qKUT&N5p@jY^JQ&Xzcg?rP?
zB2i3__rUciv-q*nq^c#+r0ju`U4KR|M%JpY|30~lo08H(Upqg{V|wzP>k4&?KoeKL
z2AUu!bh@EbZQ49%=b<D$IZ=muP)Lw;x!aKdOEJXgiV(^tHb4E?OIEO8-=JZOD853R
zRs#gB5DO3sZbpXiM+H^6e0QC7l|VyU0L)VjBdA1+-k(0H%4vn&^=;ByI+y0GZfVLh
z&5AfwzTOFcu_vZ2_ROHs!lz_GL^Sq~Htj;R$|s!=6D-Zz^yE(xtZJ|DBx9>38!>K?
zu1u%8tw@p|8=<cUv2`xpag_Bw^!*QSe)vfgLDps*_CJ%3!5f6FYdZ(?n}r-|67mi}
zBw>j}0uJN1#8S#J9&4>Tq~WH0X?>etu%TW(++guuO+y%r@9OHk+ePq4BFsIwje@r5
zQ$lU(fPo*W&-{uWBqb3=x%fOT$$p?wlWBg~Vp^amptLHAHH%`KZ?rkG;domaJkGf7
zyM?~N(kr!(fSnGDVel;DZF`$sk$^EWj6WJkO1dXm5$Xx5OTR)tWd2{l#PWXu(^lm7
z9S=2z+WVzY6d=dh3<7j*fats|=aS3J4D7p_-w|^7oZ(&M$?u=k8#;vsrP&I|Qy%OF
zc<#sr6HNIL;DL59GnuXcCN(_j5+xt>Zt5lxS(TLsXyIR^UEG&sp3AtX)r{#-HDiKq
zePT~+5pp0AHokbD8~XwL!Z(QZkP)}&eA+%jD450lDf{KNM<HZEB;7XgY2X|4!v1D`
zI*I4{c8ZuFPog>V`NS!wK#PBbtOGnu+ilbasP;OgSo9h_d0m}>aFB+fqL}P-psGts
z6OhsUKpuY;LD#z}jBz#xi|Xz`NfRQitkGjLJ%l)rJ5#9wMasqBm_H~+Yc^it&5@N8
z9IuL(qKx2(R*m$mtm^YqdD)JD$~lTT3$zh-PAC_8AvipBD(>ZBqFsO6t>Vj117!HN
zj|dSyIlk-SFcrw{iv5)FW#YY-Y4X(mWZkaDF=796G*h&-aYgcwd?0}@*pK)(*5)pk
z%K~*w_cD^%*-Pg@8#{Z;Dw(rX{3a$-X=POS@l>ZO_p`g0K*pGZOi@nDdT$AC@CYkg
z7f?r%IlqD!1ol^W9$-;atYxD7+SJ;5<9WyDdi>NAwtfb-eVcJkIm#5vPiA*u8xfRF
z8@{`4MK)8N(H0v)a|3E)VY1dZs7*AT(OoSe1Y`Pz5V1HWK7Ec{`tOE+|9``@L}UbH
zU11vJ{l|!dDe-8=lijZ6`()xkUjIM9^v{F+PVir5EIoHZHS-bz#v8cBLKQ_0ya^_V
zmS+ol9`?+!{6D)v*ERPZ%(oAw%r)RsFw5c8&13<-+;9Pp2+~Ru;xzA^+YqZd{>Zy2
zu4|_aa=Wm9|6r|T!J@@lX2`z(^s3YN6^oJYhSWDd$<NGTX~^f9#xru4-R%ARl9F}m
z(AV1kY1deGsB{W9FH=NBc-g?ULN}YiTavt+b`YRw$A>jHHJaG1B|`rOgm0+K)>Yd|
zBLQSXNk%kuIr`nHj_CDk6G%=ZlQ$wFfx%%6x+EWIQs}5x&b;uFjslfVIz3%?_4NJz
zVIgK2{|o&*(8LXTz86}g5xJ}}Xf__RYRb$HIqz_(aHZ&Z9b^O8!-v@p9xmed7Q#@u
z#73X|a5t%fyS1qX>@c+<kC>F07|)FPCZ$8YnY;8768ahC=oYxs8QbZv$2V4T=dJb7
zj^U69{ct1>Z6zJo`WTTm(ytLV99@B0P|Ms}kv$7GQS)GI3^;S2ekHyV@`&b=OiL=_
z(|EItKgzspV(4G7PHr`N`lZ_@3n`awv1~CcsiU<u$J#R*o*ubMglh|9ffXpB4Vuym
z*oYdu`Jqu+YWwJOnVrZb`16^E+Sk5rOWNe-1KKxsFXYRc4<PJuTy?snzTW*vH_nuC
zGKKKXFA_EHlWh%48OLoXplR%<?j+{l+Xnt?bN}lp&TpGT`9Hw)&v2*U8T=<t?{9xS
zSstf5zmK1gRJ*#tG04jST*vvHtW)aJa_5IifBYmC@C>iaui->$13HD%tePue^UC`D
z=Ds{+`BcXz7NkJTxJbsD-S-s5I#z!L??KVbN}Vc@Lb&Ah^Nm02aoCIJI18SC9b)|1
z-oSYQqMad|Ssr0$nzHO;CW-D^NbV`IsRvJWJ?E_kmc&#B(QEFdiyQA-8`9QI7(n)8
zJWO)jYCp1l*-vl@+IDv(AV#dLS)NgraK{n{zS7pDJwP~?s8R5nk7D=tu0DYN?Yg!~
zkcRtezm>%gV__$vXeiz16G$FG_&E!)hnM|0!)Ubc;OX8UGrj@@o7hRM3%H{o`<*l&
zeG2?IG&0pa+C0FnwWoYj9mct7WG_`>k~<n1_?r7wT#hJ!1@S<LhVh-E@yxJ;Jt`)z
z%2zS{aOJkRYQ+k>afPr7o1`hu4yKz?7kvQZPVKgz&umT=dHaVKt%#F}6V{>1YXEP|
zKS>YS)6(b>vfXaCItXNH!+>w}&mz&)7U$)0Z3jcejcb=z?;`Gz?m01>WBl3@#&tLV
zD%b%_b>1Yu@*OWHsay9Vy~$=dl|(LFs;uLl;BL{2kQo+UCWQ!E-|9h63k;z1J7Kdr
zza`<tvPbA-h0X`;`=18kj;P99z3eeoWsL$QCIjRWCjUA0$0mlz*8lE<%x^+LIn@^P
z(K{>OwLE1nMS^+ZD*Yp3YPm!xnmeBAO`>&FSWM}QwC3?PCAA3L#_ISQgCzu@SOF*T
z-1_UO2h*qHMuQr{iq()tj^``|7n79$Q^r*TEB@XIaN<DH(M@x+e97AJ9w1B5vqmJ^
zb-Er0S?WCJ+M@C{iyu=2(%<6B#Ar0)o(fgGl(kcs#)G6h<kb@f?6%GIy(U=@fSLT(
zl*Kyf+Tl@U(#fbVIrYK8vYM+T+B)u8^5p7~!@w`_rRfsH;Td)hOFCe9E*F@8*VCYP
zB+`YaR}{K5&R=a5jL`+X4&%?V%w`J<g5TXSmxDc--n-_Jp*?Tt?_pQas-+hcdE3>M
zHZOjO4!zucxmr_iF_0lg4w+kkL9tnn8J#zs7tWxqd>7!0<z!k=gg@ee^7ObN<{wu~
zRxa%W$LKKpziE$Fu+^cL$t7Gaeb__s{myP{<25#)gv+@Nqp#)aZ)~m%S)e=I!T~d(
z9VYXYn-Yg(9TCaTM;*8xr};gNlNilB)YV0x?61Cf&VeMiC4;O>PyshFX~mWUIWQTV
z3U44PjdP@&A=h|yV*zxrki2c^W;BhxND`D!+n3ZOwHmSc6Lg<pg0Uaxq{&;VNM)#?
zdE&jX_QHahuQl=Ah}C&De*QQNJxRLeBYh=eOoBtOFI;K6bN|mi$WS0P5c2P+4Z-gV
zWYs)jE?htfBUgM=J$rn8BO_~kdq-O%J9{HTBSU<BSA04bW`02tVSYgtd~yW}eA;h;
z@%t+)n~(rLxiH1wlKP)57L;W0pQJq++9qU1#7#$!Z>r3-6hTTiTr1>>R>UZKFC$&&
z>k(43KLDqg_<6R4She?(96j|ze@2LDvOAvY_Qkg}a>u#On-vK~hlr?GDXXrvDG%@)
zuf+2Ke8~?w83n9!)?D4aNylpu8QI|i8!Ib{_4~dU9alxApyqktPMx~r18_DjCJj8T
zR&gO4TsHBo+icxu*LzHTpgVd#(TYDYk_+-cmi^Lm55|*UrBs+KaeyrNlH#FB%a9^Q
zf`Wo8;0Fl}1O?`xfpBdmQ0~tCr9Z?eBmuY64W(hlF?b0Feq~20QUyn=Nkkl?r8i7D
z#6!_RA*S3x_;JMExLF1U!-Tk8WNZ_;mr+B_Sbk*9vd!qdGG!^vG^#m{6xJ>DlNz)9
z6f&q*+Z(f|5iafL$fL6S`o!MvHaZ;8qeePq42!M;f~_-tVJj1v=kL7wZ3N=WP5xI4
z5EZ)byKim;PvZv;RepdGZQi}q(n=F2XpEm{%j1v(n`~9JUp|kLZW9yrxa3E~L2!o&
zp3~}lv8mpi$YQo|r+-$aXawDan3j|DS=m_)Q+@oX)xJO!LO8*Lcv~F>;sxt1+KOA4
z7&Wzmau&cz+1e<*6UUUrdC(Hhl0A@^m1Q3UUxG+6ZrXLjeFO9uwt|`;m8ehbs-TG1
z`G?;+AXBDP#UJkB;h#f+NI)>Y*@6echWTEFk{>Pv3JC<%?f!30PSw9T$*f<v&lb4G
zk>Tj~F*&aVL4-qmFOG{&Y#@tVX5Tq~@zE;li04=S9YC5-dF@d(>J-GpBa@V_bi8nx
zjDfx?op}k@c2VqRUY^a_3ovo~hA64dwkY~ZpCLl)>aRa9>J$2CId?v(WD<s=_U?X{
zo;yxm`{TF@6@8*yb5-{&V<2;z$YVq{9=thsY#PCFH{6!{J@gO4my&8)`8B?sj0j}T
z4>&8_($qivpLW9qE<?K%UfG=x)%vaZL)yo!6wnx^VR7qNf#&>Sf>NPXEwVli)8{B+
z(acwS&>uTu)vVFbhb$#5QrbAVgYZ`9^xV05F52L?$<VB-(>&OODwBER;DrO~fnyPD
z(3wXy_)rGjIwRJ#q8r;|qq3tGc5lcCy{78^Dse~!`OjLyOJFnPK0pI{P)R&Ck(08|
zV2oMZ<XoW*c6+zqy9a25^-SD1>^cv`kY2~*9SyvRgYI;tqHz|xcF5*e4SGW*4Rf_H
z+v$GTu~&FLV!{;Z%6KO!o74=G$YN{+r5?zx5eW{yT*Lu=5B`qE;GK<dA|+|arB%Su
z*D<x((=2fV@wFOFM$QX7goFlY(jg+DBH|C4UmXg3r{QnS?@09!A%*;+V|i&J<8eSt
zjglr3NltbUFTxk3=K7?u9zdzM6ZTn<ZXlKCL@F4?<@WcR`u{!Y@_R>d^^_FZO`o@8
z#BBVy?&H&|7#E1ApmB=I4(6f`by4HBf8rL}%?`sb+Z8~tIJxzfzlafTGJ1TM?{ALy
z=w9O(U2t^$2n&tpk2PJFvw2k5l);)sm0xUZZr&DNOWi{>!l2u|3A$au(LY^k={+DE
zF8>rC?r`P|N@>6YXX7cN(;Wg`&XEafc9NKr_vFz)4v2eL^>;Y$c-eYHJ`S;OB-qx&
z5}pfa_0T-l?=FG}SXM`YV3A6!N%cDFA47{+OR`Zf7X^(OF12>W#zznXjTLhjvri`i
z&*Z(8fyX)}NT$11q;@8$`|qzgNN-;^1V)c_A_pWM%RpBx7RQBhH+9WSUAIA2g^-Dy
z+goxn9VWcqSnc(obMf|iM9k@@$J)0qG6jhjkbcnNd;%2T0l^qMe`n4C$dL2fT1wO3
zI%;Np_&wf?uwtSU)A}?bk76ufJ_hOaJb++Rx%e@!hlpWD-W09qEC`ZvltYQ17oukq
ziuC?5BA@-t)wukWQ<as)f85YzFL_@(5pDXx6rf?uCG@avi&!w1g1&jwHHvofNIe<l
zWpDE)Z}3ATb013v;LMWMcjkj4A6_cQGm6QACrJ3JChxOwYNJXb(6~TI5`2W|YzFQD
z^yAEQ?Ww0?u_YLtysjSbYD`hEZ_01>cSMZb4*vkOwQjHLum6Q7iTpqFB-2~?4@8|s
z5<bbI$szwr)=Qy6PxdV1!Tm8J?K@~20GMAEjCPP#g$|Owo?+6E3fjvOf2^<<O5MpD
zwoq4PjgqYcy^f?Bs~q7JeXg=`;QH^;7G(r2cFi|4X^W69T4z8=!X%J@AZd3LE-PCQ
z2_;#4mtB;(n-hRuY(!LmD}QXtSyK8Z_d_dE=Qg-fYE9ORYse0vM2PF~Q3FLMaX~gQ
zlyVo$+IKz$eAL^g(9nmqP`YiZ!`42jW-wt!<_K>W7RK6Ec8Vp6YeLWJIR-dPW>E5>
z?H$mT0qM#?%>=6FU9pU)%a3rQ)vo2Z3p`VK8g+|t0it9WYmV1ZPvVr>9df25+S5pY
z&+)m;p;4<!rYJtLCgyE?q@Tbi|766@&+HPPvCzdkd~x_a$CV};qNz<>SoRq9_*B+v
z`dW_{%WLUq-*(pe26-xrX`~Y&xCclU#E^l92&g*QU*kS6?OR}gy$9is925g8Q;nGI
z$X1xhd6L6W$ZU8w{@7oGUol#vKy5J?tAGAs-J~FD39|+=@=`1tb)|6!445Xe_pG2c
zy>b@W&Fw88o?H+Z&Mi5<d&tB#5Z_O112kshiuyH;yESi{2935HQ9}-i03Jg|Pew&1
zi=_!D*_RHkBr4163qj!<YIt9+xg~FG7e8@gJm?B5;5m3!QI$0pVj2n}^go{TpWR%S
zK-fTkJ&6JUh~mGsORp9_2<EqMeaDY|@9(<&YgfyZcR~?;HB4!4->*>J(vNv5zArhq
zznK^#r~foYorclG7Jtc2hVyYIml1cUxz<w+v`&QQ57~;||6sgzyN0@7Jx&r;AZG|%
zrOo172Al7qXO3<ID;zRF1I!Kk(2`tDT*6(T=m8(QSj%n!{*WGS6c2z@?i-BA8sBym
z1ty2Wwq_*7qT?eL!JU-a-<0fZp+=nX3(Z3SCo#+)sU$=C!(PRANjEy4$4r}qlY^*w
z_){QVvipWfCH6Wz7}_$?xv=5-1P3egk}w!_GD<Jw!%kVsuhW!I?N8QB+`X$wE777v
zCcS@vR_I0@%e{M(4Kx)le3Lam^jO=Q1@ok^>N2Uu=r--oB5y%p_resuAc9ow?ycw7
zjf5_Kb4A1zwN3rnl&jhvyYF{(c1BIwJS^(zUzH|VKfe>K!5u-9Ro|RN<9t(xe^F9S
zdhR-@6HH&VfM(<8Tt=%*Jyevrv}>_<;pm<|%goX#<GNC>kV!&+3a51?&Be|{?#RmS
z*y3#Al-3dqZEED1dl8QbIE1JBH-T%@A{jS<aP!2g{Te8zqcOrj7uqgHgt|uDhQYh^
z=wHyX$z|O-=%>Gw9#PuJu9qds;y6oxHWEkF_tGH{G=dmImV9a8)!V(IRmd-3`tIJh
zc9YlSG2niM&%tW+fQ{fWd>w>2*hY9pEP3BruH+(ta^$VGo`C-{+RCG5ctbKW8g_@Q
z?{X6tOYo#ojb5L(Tu|b@Nq*)zD{+ASycZQvVXMX}<qQ6jQQb9nO9tN;z_&!*-;iF|
zIfoNUZAr`LmQ1?FGOrWzPTo(pByHI9sT0E5V^|E76JlyBPxD>Ba1R#BF9F)qezNEN
zk@~Cmq&^I)dS>X&AQvR<Lj$d9vVS0qj&CPEemUvEzn~bx;upn1-ARgsu$K~?R1w&Z
z?=lC^EAxWfRcMy@sr^G{KgN#kg4<Sb_4>uV^*a9#>Rg7y_$l8s>nk>d(+uxUhM%eB
z4nCT;^{3W2W)Wtl#P~iE7KMW75WAL6kMWOi=C=-kxu3uA1aMh=f-!%4fSDmrw|hcE
z2mDG7EH2NeyT72hJtwh#LQZrXk4U1H@-;uAi1toG2LV)^d{};XOff)4&y~LPQVc<4
zUtO)c8bv}TJ7EP^AoJHKB2{-qw64|TCi7V2-GS29{2n7HeAm8-13RVi^sC^B`fg*1
zrbOaD^=(mOBKJkh;syPUIcG?GJFBf<j<?f-ef#)*>+a6_gd)0IT4!zc)#LclDX>YN
z#I4V)6*c?HkwEuWr}>2V{5nU5gWyFczWe~I0C~(C1FXgcaBu2@QrT29GCL#iV0YXn
z=xJCnT<$FfgMy=7PW~LZ<-8<G<Us<C!^6d6Ow|S5`?q9K&*5A7E?K6_AoF*?B?Fua
z{si76(P6X^xjFyzI?EilAt`e|AMH3RIr0b9G@w&P9MlW*H<yG0*#@g2@PsjEipV{s
z#^2UW!I4%8ynmE!Vt+}VgmF+0`nn=~VFV5?KXEta?y$YQKuDR~{1i$|2r3!aJM&6x
zp{#zDh&UT*lHQXew$+82dxvq!RJ4u-wUU1^Wy-BVAZ*L(oK86k^GL}u0n4gw>IE9R
zh$~<cXy6}hQz^-6%%r|3p)UJj7MsZj%WS!y(#0nxiItPiIx_Cg!oy2gm-%IIUxH<j
zB}&$TJBcfFTjOc4=1d4QHQjP@%X`uxh<~71T@7U4(JM+pci=meTd=N>R`93_1jK+h
zvifWFd)Z3QaYx8`d2aKixbMu+Z~7Hb%>nYpfwtk2Se7mbjq%8Y^Ea3_N?>W>62mOQ
z625?wLMxJ|$K4f+$-x6Gjkw^c(IC}_`;_@XqePHc!Rov&nBM@TOBYh?^YXiLrhGDo
zdn^=2L2LY_nFelQbJja4uRMzM{BJUM6{vV>c+<cgcVT`&NrIv89a0VqX?QNt>L(7d
z7G2P39fMXVC-??Wl@l2{F>~76qA1NWZIWkaVG)1}Kz@0RD|5gb;O8I$x_;t$(4X-+
zuJ*Nt{mpSIk9)#8`G*j&Hym^NvENpmKQpJlj9T#wKVtGfCCh(p<u4Zhu@%5wMxXzU
zt^9rFudUoL)Q(pp<5azUU-QZcemGZ{Vwmtu-Y{^*<IwG8GuWOuM_pLPxtYns_EA%!
zoe3+?F=MCGv-J)?|B(pXW)*T52d1J0wm+Q4Ne)SxS2hZ@^nMR+t|pt7H#JEvP153<
z8}5-&feB*rBnzX{oB8Ps`@D#U?f|6bl~;F&mGvht1*$SR>PA<C>SnOdJ6bBP{O!KV
zGJ!f3&J{bOVz&-OnU>DYDddq+E3}eb7xji~i++H^S2tp2z4s`NYWU=5eRb2TM3io5
zHB)l;BP7vf&c=^BwWE4-dmeHi%E>hpY#4IX&p4sjxLG0_{PRSDdQEcWY$(Kq@Gosm
z0zLw{__}7gw$oa1yxZ!1^&COq69uZ2_eDIj)8O=TwcW3=NWI=_B*5+bL!~8h>pCQE
z3vcGGL&~!PsURO)$2g;Kh!N2uM>&JXNEe+EaFk$ls*&?ejK}@w*02iZA^)fv?O@lQ
z85m$OCXz7ps(ltt3o{>g0VSK+O%(t6meSTnQ9!HM9{lz+RJ=+NnG*xzF~kbya;C`v
zndbG^lfaFcVTv&2-7Q!>JFpkLELAd6<$HfrRAcjT=Nii>U?ReqtVXmia=j)sQ_veM
zx8ERL&d0wj%a@|io_-l_kniJ|$6WRgosE7kh!clg>k+Niw7H?t*Vao?&v6UoJYq~H
z@d}Q`KiLAxGVfF~K7#*17eg?s;uGrms=G7P(zSx|PWqFhC7_u`=?}BXn6RB#0hMoO
zR2~xp1f!)3{OWECUj%KHzaaRF#xawF)`H~~a=`x4Xmr#5H~7ad1Tqd+N_(3}@XQjx
z@+q~nFg$DV-4C9VAH~^~bjiQW+!{KbXc$KVooPG6zR2w;0AWmc)9_EVVH4pg6`_gB
zARv_r0L!XTRbme!<%Sa{a{&Y(`d*Gzd^qiYU>o{CD^S0$RUP%%aXQ7;4La6Bi}q@J
zRU2Ts0p*%3^8flxZ3i!cEAghKdcrFR(3|%Z3NUD?n5~Y$>Y2dzI(gTV#q~Os1?KGc
zB|vSwvNGzet@w~%Y`88XVt(G?jPbor5WPGw<`waZgruPqulQbOE&H*wBk0JHFKQ}B
zVS*9@JMPp&EF1w~Yr4@<*C#Fa(Tui1dB+@syKa=hdAj`nYwR3@JMFe@AKSKV+h&Iy
z+qOGK$L`qt$F^<TPCDw?yy^4qQ+L<Cb?Tn4tDg03)fm5Lt})jv*dbVW7EV$Ty7YEU
zN$WE&WWfVICmY8`E&aSHc~kcJna5X@6Meq6*?k!O3DfB+btL65V23u(*5}}ek(E@{
zA2Qa0^YHi!$6{Pd0KV=V#s5O|$6kj-tbP>%>)eo$WB?IAYxm8P$WJB+0+SNHoI#c?
z9-J37?QCqzhp5@F!Hu0VzSMOjnU|hABfm4Ho}?F}mna1+%f$Jv-p6v4uG)E>hY8;w
z8;6h;7#+n>(x|hmK8ydc6=BG~wxU*^9eaF43&Ja}WZ={<5f$IL5=^_^-B=f(G7&j;
z4j{m-<b3KF1t}sq0?M6Ui|!$Jhn?I5x+U&OlSYP$mP?n!+q;@CAVR$Q8Z^%M<WIzj
z9FFuR=Ybu}QE`nGXSd$!f!U!yTK^*&O=?^lWb`cNC47x>$s+<Di>a7~=@+E~d~|dg
z#|Dt_!Ch3EI5TCkQTpCcaCRBD3^q<LOv5M#qSp>$8GSYa7cfU5my@?6i@h)EMd_S1
zv1IUxHo2sb*TQ0JKYggLA;c&H_6UY1Rs}Ph8(a$>6oP~P$#0*}>BU=t_=BvD(>qpH
z22pq(p8zcTe4sV`Rm;~qHBf5t+6-}u^6(i$Cl+as>nl!Z1Rp%`eFk5@H}ud=BRP?a
z5;EiBHClH@h>FqRXCAd{o3~md+ucS3Pm3)h^nfvD83+eWh)`4lq9e49CbBD8vZGIM
z!Y<^^vS-)L_gZ&lyGl)&0H-^|0|T@f-RY?q*TYbz4dgafsapp>I%gySH{V%_%b!N%
zO%bM@ndG$4NfW*__mS0qf{+*&!KqWD#V*wrk|}M3%fc&)LLtrW4pwqdfA1~$)gJ2*
zO~~KO0KzXFR6J<~u6&x#fGrEmBP@}l*2Rsnc1xlg`{yeZnSM&nX-?*1Nf;or(A&Aw
zy52dfBj7<gqQhaUg#PPK_+J&YuNX|OFy!Al8uVXV`S%K1z9SOQPo6AeK`a?R4@s9m
zOC7~&k+Dy+gNGh*+Ts~vcl~td-qw}HQKI`ea3vOwe1wMru?T)Cygb=KObj*k&z9xk
zZIh4gNrS!z)U+5WSXLMJmJm_S-pweWuj`Tf05)o*NkrdK8yc9B^v2$+4uSj%6WT$t
zndZ(3UL5o#k&iWJ9G98=vyx*%1ALB?9<M*_+++mBhNoK}6oi&P!G#Akm{0hvs6Hr%
z<y=aySh|OW)U4cE<-YT_+t8+~_p#kA+q;t$&I~l)kVX4F%4IdK6RM`;sti2Hj{u%T
z;93E%{13RV&8TtYe5(}Qu;%T}qqMp~?ga9m&CR;vzoDg`Yl4ppsuM3-Ob9CUc=I12
zH@)jTjoQ5r%EEp3Wu2jDXV*A2ikAC1N|TBdI26zHz|9DIdJ;Wa7N%B)9r3-AWMGc~
z2OtJ(B%}VOdwCqkT@O0qQjXq6OqS}sMvA1>v2)#lF(^*PXOpfEwc`P6F8qeePB}I8
zn$EFxG!yDxb!n+YBgld^=zp~Nw2|4=uc%sjpNN7=dBpd0IgM1V%wdT_3i*QeHGTDH
zMhW5dBB^oCUS(T=i${2fCmOCAx!S4C&^(i%Zj=q(=wl?1O(ufJd&GF?kQB_u)AmnG
z(HgO~?4~O!^`pg9mZ?;)GF>p26yYocf&%&cwm6Qt{_2K~Mo!b0Zgd*a%?ca}invkn
z{GoS6#tMyJREJz*56hE^7`r{?-PLZXXjO>g!>^BX2?L6O<u2P*mQVC6$&=69#!K&%
zrju+j0g&Sd#E$WETNH4!R7T_=N(+N^_qWjC>_g;Z4C*cvI|@1_QXI&Roiix&L+#-X
zg&2@~hR0LqwFn%0gi_^U;f{i=+dDBU4C~D_w+_aH;ZZv={L}^5sp0MA5q^|xO$%C3
zdnGixr!Pwf_CXdwqeadf@b*b-sv|wisecl6;jOBFzX_OM+TqJUg<b#FCA1Pm;uYo}
zIn5}=BZu%{*ZJc8hdn)gC3O?P_uT(LGcX8<;t!xSu-N9Ib@7h;fo{!Pg~JYm&(2tj
zsxc$Efu%>q4tyV|;%3clYkP6bX6&INJ><|2ZXO?Ne-HVz*X>^L9e%>LN^xgrR%_c%
zaMTtr+b83d;$iED98a8GWwWommtFKi6`Om+w{FE)<AVf&jyXF5a@7dQRWNvSOs{=o
zRXxTF*g@#d#15dkCtv1H#{<R|ltjGtTyZza6F0hT4YrqW8CmmeB#OR@5}RVHU3B0G
zk`ap$xQMEHic})}MZW{Y=QamAX1zUb41y4>b#AjjYt1#p*$%1j*(W3Iy`D9-zkS|H
z)2=Y4ahkZ8Bn~L-t}Y6pJ5^8-NFqXq=kn5CEY!SqpacFBNB<s+f2te^5dRa7{{7~!
zr0Di5`D;y|4!w{fetr`k+ahj;0~2?#$og}w0H=8T(vr-uCJIaFgBIAJ=vd>{$kY7U
za!9`JymLtAQ}vVB0%!xI<16I-)%aE{<}7b)_@dA!y+`AC`1?>HzOtgH@0g$iaF!Ov
zr}23S(Tc`#-TuJoQ~!aLsZm3a{8^-kR)e%>_r9yN&;VL!$h$cMfyTd|>59V6U%VIf
z-hXItlOtyB;6V|i)!4wCDlX%XWlrZ6DSQ-T&ojXM7AE6^V*=lkL~oe6Pshzt{_D}N
z4}RMV%75lNFx}enP}s^nREi}6g{X3?p`NZsz19GdW`A3cgTyvugWaF#4aPo**t4@G
zGP?ti8qX$k1%=4uI5Ud5M>3IvP?IuFnu0v%0wR7LTBeI4p4JfhXN&BQY}A;VL8F}x
zq^^L~$$sfAqx#k#-$G3{miv$4r7Lr<61!PgoU58YnJ1>HNTX44;D_HvG5|E*J#Zw#
z<FBG}d?w8r6CY#cV;ZvjliW;ONf<ZHBL{ausHN-fBy=2t*A}+c$*{Hq`m8p#QrxRj
z`lNIxG>o4>uJ{`|m_n6~x*-Wf1gPFygC35kwZIG{%azSg8MBz7@1`o<L_(vj*YUk*
z&jgnuyaqG=5#IJ-+RwunaF5e_g?JCxiKXgplF|>?6+T<FEzj&H1zSno5X)FGz<78q
z(29Adc8WI*h#y3wJH`C|AGj{ukH3x7&fSfq?ulQopVzl*oKZ5A9#Ac8t~bG>L7i(e
z^-T=RW`!8x-{a)7c7sG4;aF(Xtbc9im>5G6`J=tgO}7i6{8D)KuB-p>6fiNH87`>p
z0}_T_9tqrJKQ{s~=ixz2=lKy=Gl5LY?2<jo`(k-J(&-nvs&KwQ0?YZf1NXj527|TO
zqdihBbEbVX(VHP#aL_lMfq?@p>#pA!HLo8JKKlx94ef6i#D<k}40=ggjFAW<yGw}y
z@|fR0(D2y_l-5@A&Bzg;r_3>a5QBI=GmNgJfVpQZyu}vpJ#w!LQ4zeE71XAH_36D6
zx3|GKluP)7Gvqq&WuBnkVL@|-Gm7g8JfNZ+-TnE+{+or$?b;!#*J2*=B|@HkN$hb^
zcYy1NACv|J3fM}91=Y?ZDgb#UlLb-4M@@bgKq=;j&TNmIQ(pQjHUT6ArDE)zm*)}0
z;>xi2vGRqmRFSh}DW<9tdMfuwhm#P~y`08QZotY`u$rq-<#kb|*6`(t-3J1xX53M+
z+LjLi>D*EpU++&5l#-a`==iVG>%;qxCPoMUeXjP9KABvE=vrR$yOw#a@OW~{3<MfD
zr`Pk?xZ0s5D7&|xY^+$Wk4!lMjI%Q4TaN83p9W)(RLt1z%E$Tz_?$WhmwC0)yy<B_
zki}^Jv6WnoFIyQUwM0=iW=JemtoXz`m=ip^AWwbLb`Sc4sW_1@vhb7Ur@9xFaWko`
zONN}J=&$Hkm)97M#?R)UWMX_(&9II=YH|xULFY~vTDL+Rz$aUzWUneRMt9zyqpBZd
z8hMaf&)G=IN~EK6oNj%yURk6T`AEUuMQ|GZQQk+G9dDt!cen}51_r{$eCF2rltc{D
z!#_!%Hk2AgcAh3R7wAZg`@p;^TIF7&K|*q{)g-J@j9(&nb;i7g!Ej=R@tVrq^qU$A
z%RO#XhaD`Lw0F8N+;0OSG8DbtkQuPA>(etdi5vVkT%9>|^G{1gKP{xS`)&C;Pq}L+
zeklwxuqoeX0QXZ2JiQI)L7gCu)N<_OJ6qH`b<yL!Wv@IH%~*%7pJ+I3{YbzU<ZYp+
zurBGwL6HI&jihEuwu%;)TSkNIF)K|t2h)n~VlZ8XUNm2GH7_(f=?T1oL8-*VV+n<M
z*2wb#8=#I*d(k0)JQ0l1631zObu{P%T2eOy(ulL*Oj4cJ*8rrpntCdw(@SVd-3*zx
zr4hs2u^P%}K0{*jTZh!(7-_#J@)9dP*LM&rL`rJ3Hz&|2MFnBMqm2||NcgbLz6BS_
z<5I&b*p5jlAdX|J(OS{<S|KW=HMlNx9+ncz4KEG7r(SM&LIeelVR==ztAF0!86%SO
zvyAuuCywf9<Z}EMj)HvI%D>|%T{Yr6$|{f@@?LL+Ez`KPaWBQgc2E|a=vn{<IWG5e
zKgX&5A0e}RXQ&JcY)cUJNZd4HIR7$Y-E6RnxuW=Hrp`qIAXrlQ*t49^#xMnC=YB!p
z@;9dQr~x(BnwB4+Luh@R;@HmI=<em7HlmBM(lC@FhWytNGogtOdW8t|p508h(j38X
zE@bxYRAA?%6vK^<#B;+(8Kjz&O+8o#OEZEChhHitr^>3shbD2+g*#y>H*Rwtv%axa
z8$z_pH!?|ohq@-%v&^(S@ME<F0Lc95BVPIeq(e#(tNipCaA$ot6b!pr8b1Dj@O)9o
z8Kdy3d;#Dqr=C#lnRT3=wLDFJKb1{SqGbbfbEk{X=^clK1Pf%5+=Uf2${?i&<E@>I
zK^P@av2IxY+<mE3^52es=;wnb7~ySobXiW&HdwG_9!Qu!lfrn`s`D2pVA;XHTNY_V
zFTnmYE`pS%1);Yrh$z1ty)lhDdZH%Dka;p4w5Yi+B)PR_{YEOtjGtvsq{auXHWjP$
zJ&|99hYbi^DCgrBTY2FNwHbxMy<qR8nB_Ll=j8qdRQZ%y%IPLe5^zoq)+}Z|?Krwn
zm(fcGELHtN??!m!iQ~!4F(Ks&Iiq?xT|2HY-$Xo6(w$ULTWE`uq!R~PUKtHRvW2#<
zMfS81@B$(ZJ7}KXYtNk1U)|7C_<8{!38<}l7HbUd#>}&CZ_>{A;a!De&}VnjxLwkW
z#aPr%!F@mi-P+v8`0AZ}4GftI3OA(=h`c}t0&XbkUJJYTYb+i&Bg`{*Sj5%<R<|E~
z^M(61QMQ9RI$FICMlh|!E9OhJ;2hpvQR<3qT;8&A#Jux4w&(#>5RzDeA@sORPNeB!
z_aEX0Vb;NeDWj{=F!8}o*3r;Anb#ED?5BYgUEu9z9s#fY7-axForwQMAwCP!qMRH+
zTRZgFBA6+@Lhq@SDVko_yM_?-@W4?)w<rdg@;mQOGcC5A4ZpZ%T=Xeq@jle6QD$LW
zc3nchMn3BbkQD4_Jlh)XmrZQ+sODRLTlaI*ZX@t|kFH$=0eYCemB@S;S1(c9V-_Gz
zeubo+?GTn!rkLlkjA&BC7l8HtsBbVH0VWHuY1^V%LSI;!du)#`MpYy*v>yBE#^P^F
zHE3K*vVv<V75Yt_P<R6(D3Ev#){tY|DG{3~K<-XiYkP@f-c9bhb2%zqebY?6B&~Lx
zsk6R|OcY{4xsPEMMiDQ%vJOSNnXt`926TOk`>r_q)x`Arw+D!oO<mbKU`Th$%mL8C
z7@c2D1CU1izTLLS@DSG02mxPBgN`)nUpK-`2tfjCp&GaP^>{t72(i@F@_w^5D%_-l
z8U30J#e;LwEf4KC-A4$KuGasFqkoUZKh@D2_5bP8?e8~#B_+9P018Ogx*>BK38*%A
z_J>OVPARXL+|u!fq-jG1a-&J8UdZFSq0Ry!EvF3lgr9l~62yni$buY_l`<MgmD3oS
zYHSFYIFn>x6{ygwoX32ouZS#8-I<ihqnC^2$|Mn4j*IKACH`x3l0Vq0d(iSG2Vap&
z5soy=@52mE4>SA0m6P0@M*b7YaVfp+ZDZ>Zi$|($1a3dbU%5}~gA`XDmRyfl4Tz+)
z&hQ_2)&umKDIl?p@@dx-9p0AGqcUH{Y<2MGFxXnsU~*AS@`e4Ht7pO+^T@yiTA*mS
z<C38Y1KhxG4!h13A5tsl8IatBlS-Hm<_4c_@1<Qdmw;w!cfeKxrnFkjEU{+;?+ISc
z_=5yZ!HO*U)ky>E&RC(Ploi?+($x|5C+PRbm7Rrykh<AsaGS-_U<4BU!lVH?X2I#S
zzA2ABZG)+PkOq0lYHr2>dG9k;@Oj70Xa4btH`%@3p7*T<dg^(9rq8WEg#?~`_RQpk
zM1!`wu_Pb5dc|=<Kn;<$lc6oqq|K%qi0Qf!oV@|Rj)D2BN(i;N#K`ex+cXOS5fp5#
zTzZ*0PHKAvsHRIl@)uPq^MDP3)`=oh__K7M)N4g96=8wRa7YlS2l^%7@I{00&=Om3
ziMnv#s9yd+DK=wvkjy9^@2#e`-Ts~z#{t%{ixO;X`>xI6vl*e!|BEaB8Sx$WfSZzn
z>5)`d$-L*AtRG9Nix@qPwe-3VYkgj}f2v=7hzWi`6I}(W!7D~LtTc){-hs=r$9>?<
zUN<Ryh)*c3w@cPkLQCVxny@Wa!4_(qwckrLlEvEL2c>c&7-s^E3Z7(ha#6As(%Ptp
zUhLJ!!)&CF!JeUt%e^6-WLTmI9YEDQXusZCwehn;Tc&+jG4s^xmSwxGC%5%O0xflu
ziK5?9#H0O+*^YOq?4>FC;28y(O43x~X9MErI@5qa8O!2|WEduR8L_dOe1lCnIBu@;
zsR~M%D}}=*8}tpoxdHPXDwB6$W3e@tIG+BI#RQZ?Fsk8LuuTLV|J}>{W|RGXveJ%d
z=_xx)x{Vl(xL8#`XqsKQ<6GEv;*>@f3ExXtw!15#iNDpD58LqlICq^NxKaj?W_7ts
z{PemyVQQ71oISewl&I`Xe+WrwRtPcXSXAcwJzQr{%Qu^|6ou-7rkEu9UAR4xIGWh>
zhw1yGsbkdISci#yqb|tH(DONkS0RzMca1$S@G3%2t*Rn`KW(xVP_3ettQL7atV)<d
zb%-QE`Vu2v8%}3RQ+v1PFTq!F{g&UF7`Hojl}0I`N4An$Zk9wE-_^bSeC)ep|BS%n
zw(+fz2BCJH6H8N81xDU)&Kas^`J3@P7UY-F0yF3fZj!bs3SjpA%T@q?ag@G?fut8j
z8qV;ux6M_!;5`i)%P@N+{MP6~&5M8D0+1#0(P4QJ<?LSgOx;Lfwef5-*hr%Gi2a#^
zh0axwzg{K1<6*~B@L1bk`8Kg4Wu7T`ol6pME#o;t3O0Y5c|+3(RN%QFgf;(LeKbcf
zQ5U+#A)4zA#?)&4VRF#Hg8umUntDN?4fOrWmWE)k9%!N;9OIo5H*9V!<}PDFw(1!t
zZfNzR-l&vwiBHVVpb58$5c@07am4t00u(ba&3OLq`vzJJbVbXB$DEfHFA*5mkZ;(5
z9%I_9<uK$(Vqgopj6-xn<X&Q2Yrn)0i-V79Xh@NRc&(Q2F&ql-U5|7ZX)})GH{w7l
zc3-p?hVLkPE<P`!V!_qzUGa6t7O0GeX+P^7MC(#H0{<9ng;8xGBiyU__G?IO?%=Re
z;iJTBwIQorFoXu9xXY2c@OVM<DVVy?B0tl6C<&j^7pm{<5H;bSI|pGBK9=fsfyiO@
zFt5#EbCQV%T(VRnhfj%ZBB8CEP#_3ZWO;Vv$yGWXN$pa&CpU(-S!yNl0&%{~?lq;j
zZqehYM*+;CnAmPQVl;xn7}vZ!Q)XHUrLG(BK$Y=4F57G!DW+BtWpzPKF1L`l&3HUs
z^p!rUCU8*^)UL024hTSCfYL@i7~{E|<vS>V-3p4nm2DEdJN_q*epv?KpX%tBt^7NV
zM#Uk1>V3A!@uaAgqD#mpc;~p)8p+RAY!C0^i;rz^PAk<X_ZJp8jg}XyJ%^9D31>&J
zeQQ2vh<CRkO(Fn_E>S_)Yz{oq2pNe6Qb?A=13dmT<~xULo!p^DL(ybLY20R%T&mx1
zdIfwR#6P(7hcu!`^<Xn&Rpj%X0{0_X-N{8pLW-{!L7G>FQ5e&1V^}4DZV}wT?AFXD
z5bYn^cSDI)FAtKEwnHt4p&X)14y_x~rg`O#h&mKi=+MqNJ+AAdToq$i6@~*(-}&Jh
zFuWz(a{g0aovj5)1jeiVbcuN#S2yquhIHpsipxZ;$2))l^toLCef`O0j(5emVU*k%
zn}_bTMIzAX-0qheM&8Lj8vkB0qc51Q)7zslIU~_r9Zj7&bUv1KqJy4n^~MsS+^=4U
z-+9EVn*y48Q9Z&>&bSc%XFHiMoo8#W(7(1933{1E=+}-%d?>+!7ac3VXLzZWLDWaq
zO@Z7@kKC@B1*i3ao2(pH<7YYRT*Z54+9e$EbxKGzjyTL?+{;zcn}n}V=hJVLxI)n>
z#t5>cZ<gwF3g%%Y;!kfgG6z1vF%=hUy99L@TayX^7us+C*m&B_BsdX6JBRUoTTlg_
z+k)=uboFnlT=+33T94K9B4!l`8&7$l8{6me)u~uxur0oWi(HKi-@_#eAJV7BHuP6F
z3?z8fzI5aMw^{2Z$d-nsHDzjcH=ZToMgvSF-fgaaFPtC;I^4PJFjU3;!NAu5<F!j}
ztJgj%=eM#LQ>AYLWIrS}QW&3>;MhW=C=cK$9OxBriGg6!zqd6U4rD4JO+goKJ7q*-
z{PI38h-mJR4M5*-Xjo4yASi9xOfKR7lP$eHpp1lMj^OonPX4MbB+KM@%=qD*_?4&=
zZ%dKYTq6mFP@9tClmlZt<;Jmrvd^o}oZU#tU?i5PHr3M*WKs}(J1eI(0!*2mK>MLE
z_W1}3+@?rj`}2hY7K1)b&0bNb&`9=Ps#L@ZJF-Caw{g{=g_s`vQ1U&}L!V6eHe1ev
zQ0jNUrH=|$Y9X>TbZWR55XSa$iEYQJ5!1zjT?0x~-`Kbzlmu)h(ZCyVRivEn0(FZ=
z@p6W*$FwMc!sVzC%;^qhlhR_>Dct!DHq1M|Y5&2=l}wK~jvJ^%J_o6FvO*KqX22CI
z#C1S79sC(@&K80-RRHr7m|>p#(f>-=<ssOFcaJ%B$8IF0MGHq|79DA~7izk*R_bD0
zp)>wCxZrsnD5@DOC~%Tr11ys?z}REFjDF+n3DWyz-pWyOSU#T=s_<7Qs%$qs=gZU9
z%D!0agS00ZNUGHe<HJt}v{<wIwywZffG_6<l)gUQ&l8jK&9Kqs>+kziR5~i=Qg$*a
z|H4tHuM8Lz5XD#D=)G!zg$v5`N9W~E!GCAh!9o6>mVYSq^Cu99(7#2)T>eJG{&^bV
zjl+Y)?DByOPBM!Ud5n964*cS)$^GxvzXJ5%D;4HQKx5F=Z~;w$u1~5o1ZtTx;>PvT
zDR)1OuF}BH0#;81GPa9r=D$O|k|2bTG1jjz-XZ*Ul;#1xKyTyeJ%WW<HiF?>m<JxE
z51r_1BH1WqC%yM@QaZ(!Wtqp&tLK`=or~pRLMV+^qn$bL(;|A$Y0B?oK6%2a=;g6{
z;R;?1p_ykvT`iF*I(@>NC^AL9nOewf{AOOD;wap%@e;>y)vfQ@O0AfzmpwIS<zB}4
zp6eyVa>kwl*x5wrcjlFwFGTSOL(Lsgvn{PYd9y2J|4mhQ3{u7Uv)F&{)r7d_@Cbjz
z4)q6RZLs}o*C{yyH7;9$sEg+gnK06tP7;pXOBgES;$+oit85nocz7DBEP(EtM)cMb
z7Aqx;pA&FVPjXM&(D=+w-sxaB19(^2Y1yJ!*iUU8zMPWqX>n{w<?T*6h|l4k3?I;j
z$trfeA~z)1aHiXdjeNvb{97)JVca(P3>1ojUr2^ai<~L%VaRBX#BDai{7m-b7w9`O
z4+?5SX64gmp_PY;c?)?TZ5JfC=IGSu#`IaTx=J%xD$i9{QPQfX{I|mq@mygyGxFZ0
z09APX?+p6n?rz6XA8mTcwQQ5k)+dx-lgjtkYwod@!VbS3<_?c1jB4@A{WPCs*KE?e
zEoNTRp7;Sg0?w6moB#opE+!v9r1875_B)Rp0pdG)GroD?X|)f+kVPp}aBt_b%+bij
zuLeH7O4fB~i>%zQi)s=QJm@13Tyf?t<M(t>=-{|8m<cCY?a1{ba{`9FTDtc8m(>^+
zrc&C1F$DSh#kSnKnY3i>j@f7psHBytAK_CySP%Cznc{A05{xM^{41A1f6Q?o!@ZSi
zcO}ZSAMOhGPf~~^Az;G3@2d1}Y3|DKcT2m85WUrbY)=k*1MlS$JtXTDoA{c{p0Jf6
z7(+#~s;O!TG{w3y&$J}ty3J%#R+eyT;WQo87XjugaBpK4yf9jX@c(>kERu}(70U;g
z4VzKXy390<I4sRJLY>7*>v;a7Z99FsE+pFghipwDFizjgK|7p;4xBKY_mO!ltymif
z`7~MtnW*8H?h8;)ub%XP`lP0Ii;%%LR=Tjn0h;s}GV<KLwoWvXTf-r@Lko~ref;-j
z^pa~@xi~*E{&a~GuYeoa->pPZhkb^WLdd+I#)Ftq4LW4L5-Rkdr)$>sM<#)dR0LMA
zypan4g4UhLZ@Mp7Jb{L8$sySi>IZcC<I5w)ha-F}n`4{6ii8MOJ1=ieXEGXyP>z3A
zfO{Ef{VUBz*ED4?b9!Knz|2~a6i&vKBb&zzQRT^}i3W)pzhUj4H5&u8eTGX)CrKBm
zm<>$PBe7%70F1Z_K;2wt^`gXG>N;_z|CkUT)RzgJeNb^lB^$GlBwRi}XQB%Auv!%P
z+#C2`r{Gl@-bQJq{ZLxYJB^0Xa<u_3j@n;s<<o0+8W@F`STY3W&(?HS^{8Dvx^YJv
zf28X)x*irEg}@9aw}&yNac(CgrLZzJT;N4qL0LMPHw{9)iiMn0E2;J|kC=o}_L%s^
zonDV3c4WK?GY6cGytK6ZT|GT(n<#;w4nYlPpGuxk4@~S)wz9uZF-I(ZAjtZDWV4b`
z4XCm5=B~(2NnC4bL$pGuL{w8Y`EnOollirE)9!LgeQ7Ta^$*6?Q_r(COs`4Jq(CUj
zieM?g1QGAv1C))Tf^7$d1iK8})_KW;`M9aeF+~!^*pE@N>eSeypzc}N^A><LoyI(c
zKaNO_icwsA0r+b1K|zEUx2TeGpQN;eL*00W3`W{ay$;_XwSD1jVZ1c`?bF(}?6b7B
zydn^(2K5u3WuSVYcVQ{canx+bKoceF`EzRm+<O^YELFUA-cQqZVOmM;vInQ|fuclL
zN7c8=@qKxwC>C^ul|Ow55nZmeb93I_>KGz2_rRmKp^=ij_8WkP3f|>L$!M5BRBOm4
z9@}70Bm=uRD|g6>cx{+Tuv6?sl%<+s;qWeAOf$rEZ}#n3SOSRVD3zWABxEd&xu2^O
z2GcvvW}UQ`9#qm@*~o06U{=737v`|~U+~KJ|1}{#sDGID%Y^=&X&b}8{)N9v$b|ey
zo0)ZflUBCj6s=u|b_SCeKa#N3kteZ@;<t9rys46pLFPMAbjpYQ((@?6VEWzP;-H9a
z#sxQ#aZy(h^=4w?fhvY<)j{;YIo@qftaYdRx%+bQi7Qp}RCaKxqM}`9RielXB~6o6
zv<ukVp1&6aRG1);pC}1F*I)e}Hbb*q8eG?UBz+u3UQtu%PMIyo($sn>E?MI@>vZPw
zfLo}WmI*vyFE-8g!!1d{zSXWmu`v)G;gvO#|7I{@{|#qs2Zn&b#9w?{_61*YvV8e;
zqi{H5CG9|ihnSqVm%1(lg;j)d1Gdc2;V3RzkRnlMbY|R#iwDHVz_pVek)3pi9Le64
zB{o*?c+KOIXmo{q^4#R`S1G+;6BYt(#~bW>qqne+MeOkF@!6_N<S{8F4^@40x<Ck)
zb`aY%GU$4P$;%<9#j9}BiH7qJmr)|(tC~t!@vh&Cf#Wp29b8<CFCFc!OOD(?&)v|A
zm-(Ay#Ah~Oy<wUchT1=4Y0_!N%HC1LeKM9tGZ~4ub7G(AO}VrEBPeq!oeINkwnG*?
zVHHe02)muDD(kCi0ac>{j>v9s{FCDY@E@NzN^eej`rE{{+@TxgqWF|W^$l-o$j{#m
zip9Y2L16HOOD=1L$+^yn>kcF&8Wtx4fI6tq$sQibY<Dm#AH@I4iIMks-IttHdY=H!
zb6zbMe~s#Kz9{c#1!F1)v}*#hI5NrhIjpstNQBO~J$C3Dvyu5o?rt*!!CAzDgWF0*
zqh{{MtTjjq3x$F@977yiUs`2i6@X_hm+N;RWFRf}`o6@`Ek-GXeq%x*M9AmtJxD%=
z^JBB2#k|5k<QRx}RX3>-;i`KU@S`BJp8Xv`DTIaBe#4naZyP5Qd?{o{OUm5)M$3v)
ztXM);Z_8FD@%;0*Wn+);0HQ1hd4VN~{rjDq<1&MG=%&);=h<U3^SkU#rA9Ow$$puZ
z$V6HkG1nBwdd3wCXpY^muL^jQ;uH%9i)SIZnli0<u-O!8uSB9smI7toc_Ok_v6ihy
zLg;pf(~a+z@48Pm--j$C+xX%gctf!2uX+T0Njt(bzMFBYPBgr{VP<~~M_ag_D4}H~
zrT|iC>r4X2-*Lpkw|JA;YzWhgM2<X1O4eeHW0I#oI*l2lI3}2vCz$1sf~cjG9h-d;
z+pF}bS!bzG;pjPyo?r{7;#{mEM5q(c7RG7pt`+|%&67gJyH*?gsa}i{pE-EESpA-^
z4<S4sF+YUf{Ce8Q;@ll?(sLaaLY)ESYS68-u!6y5SBNnpZ@R!7ecNO=SW?*dY1z$Z
zYDB5*Q)+g!*3!g-8euKYcVo6;^&Te>VY3Mtk<WO-A5X6p>^^2k|G#9~zo+H@=2HI$
zrd2civ|Lg}*N}BW?1^;2tUs%-hXx1vyY;UC{r3vJG7?aFl!xKoANzc2iJ-Ru0w>%X
zyLNThcdyfom_Ux^*R25yL=E`u=)@xsAb$x>zk|ouA)0xRGI$@%EN$<>rby0hsp@R|
z+#Te=2X?cKCxnJZ3VQSFV%im_z`Y39g`Jot?s`RmfaPR3INoSnm@GFQ&nYbqY)SmQ
zBp(wlr4QpvOM8dD5w>H}3Z}qmx4>*cqzx>3_1||gj`2*@bwNk80Ya(VAXy5xJqbw*
z-|wD%T#NIUlmO!ye?Ya}KQ2UTdt?#f5k3pUV5B03S-FsK^7~U3WK%tbEDMH}b-4r5
zO7uv4w_{Y7HiyK=GBC4@OeeVeLsC~Z&N!wy11&xPqB?Q+xaV|P`0umIXK#j>+21cV
ztN2;S{XW-?QF2@zaN=4^V2cT|o-@L7sKpI>hZ^&FB`Aj^D_st7R4_8OrqMHF8X~dO
zNolm&uRB2YGgpoduWscN+94h4(lFv#6MvN08ij$5?2xAMB;c%bQfNS#y{uO=hXUlC
zG|U?roQ?$c->+Hv5SWy5@n)~17cMNw&B)SGYWD`oc1DV(yjGk%ck=W^=Cl9>db!2L
zPdq(!1l(s=glyjaGq-NI{<K1!JO(Bo;X+$Ht*n~1-_OaQXC?(<Gl$AE=x&Y2=#|Sx
zQ9i|gG<0kt%<d)C^yS4zhCV2nhul)qz!=d%5q&)r=w*?IYpJWLv5ypnPgIC9jDz+P
z*O11Dz_#D_VK)@kC7GvB{Bi(wO4^D7L|%EHuU96^1=H~fjDe8E->4z#f>FJiS1yE5
zq5ZV%VvtIws`qB>x&B6fOyjiip0?rML3p7#73&}v$3AV2zD-zHrE^56#1VZhAHISw
zXuiZh3N@YUN1Q*HD(N}anacPnkV@%P-piB%H2Wv!v7x6n8PXQKCL@)CgXFFTB&(8M
znsss=D&wrxCv#eXl%AsVQjA}0u~svi3QHb%V^vayOmI`wa530A$-{_K`JG&AG-teW
z1mnjXd>B^I8cp|(bril}OKKJ`fTMI~iX5#O&YJW+ljl12&Ol0G<JfUEb|LppPS>3E
z6=GAA5hG4zonW}e`pCe|xL(Tk;Rh@(ad%VX9KPxlfYn@i{CKu>BeVAWB956uZ%eX8
zn5eBo$t|wGkNh>k6)vKF?!|}pO}{1K<|N&hZWy?YOqI;XHV((A+>;}Fi_p@SLU%Bk
zMZ?+^j*?b_YqG6I|1f)*lubHb7rXF>_65-#xbE30+OM)6-G~>@SBZSQB*L9>d^)bD
zntLbZ9q_?(!emLo4RGo(iuxRKs&12Zy_AM&kW>?okUDdfqAVHF2FN8wvAyO+6$It|
z29<f!gmpX}#$#T57{wFKhl32Fve1aVe@ti&@ymqz8@x2R_Gk5-v@El6G4)#b+^~F=
z&SlgCGZv1+;Z$*2P}-`H2T$fRle9>_^Gno>g9&_I0z=~m-k#jmj+QF0F=l$GUL>OA
zyQm3=6A~GvpT34Zo~!8Ps+)_TP<Mb@yPtMpo}2@qWo&dR<qo#=pG}GIF>*<F&*!Zm
zmo=TLHUtjw@qQVFvMK%g)I0vJIjq^RCbJUDB1?41RyuMlrrww{*~ngWD8M#jEy1Q`
zRkSG^%?LGmH%{lSEtWcty=gb-%ZQv&*E%fq%_C^iqAvlL1qvSW!$e<yt#w;ClYzbr
zAO4#Id=fp8DOLh@<m3V|`E-tR+^+fWaP{ino5?_~Q&)oO=k3v3(umT)P%ejJ4bu5h
zU(;pPEzMc1@C1X;T-R(5qC?n>HoeJCrzEFSkb^VoWM@s4Kt&YZNY{;o^=myeLw+=t
zkq0ojCw%T+vj=2zK|u00;~T#o7)EvNVcYj1^{78zA1l)4sjslJvQ~VTB70j403OAX
zK6b<z-(*@c4>FSu6bjNH_GgMVt3cRh!DA{r@iZYtAwj{6R{%y{D6DXmG=$JzdZ_YM
z!5V(3s#3?qCiue#ZPr;Qb-_g66=E~-+!n1NlPecP#U-rfQa4_&*^XKR%L*ec{p11)
zXf;(E4i&ce8arz_8cP`g4b8}IC$x}I^uJ_UBk#HY>IVORQmmp!h@Zmy-?{&I+yxVk
zf(jBi09qsQj<qy29r8W^8&z19d3z3=rt?!<z(Eduj(~o8V{7%vEb&8K!qF}PB}+!y
zOq^kG4JdP%jrU`l<5j$qxfh<#_BxcaaeI;N6Ds{Mt?f36T#5n_iP+Su^<s^r2*$dQ
zL5)_dI-o}zUw2Koc}cd{Lue;k$?E!dRR>9X=qF%Z^&p?SjxpyPmD^{^ARsb;$?SyL
z=&jy2r}qFu&xV5rSeB&9pSCkjr5J7)hiv<df?gJ|ZYSN<uDVJgw;e&KB)3fD%-`e7
zaLSR@$)DAlOlj5HxkPkQiutqRG^>4&72nm`x9!E4^-#eH=+LNmIZv;)a(c3qWPA0n
z(uENES(zNQVx2`v&zRwHeIXfTB*u!wOmcgrDB3Sa8&}GD885{y8?i3+E$L$LIEVM_
zt`hV3={%L-THcq6Ar^PpXk?|K(F^2@J_0+NWFLMn^9p)!wPA9yNzmuML@4+hlMcbS
zqK&T0gB(zxamQ%Ra(JPyA0JDVzLKb_m$0){y1R#W-RSLQE$+jB0j6(rMcU`pvyl&C
z-q^ZQ0TOEYkyt!+YhYOyH0{*U51i|2z@>+kSMDFC8P4tP+eEr<{jvDckhnWKyn%U@
ncB#T?;P3uCeF5>`CgoG}$VRunUBX#|#?Ojc#lmgz*OmVt`{I>8

literal 0
HcmV?d00001

diff --git a/SOURCES/openvpn-2.4-change-tmpfiles-permissions.patch b/SOURCES/openvpn-2.4-change-tmpfiles-permissions.patch
new file mode 100644
index 0000000..8adb700
--- /dev/null
+++ b/SOURCES/openvpn-2.4-change-tmpfiles-permissions.patch
@@ -0,0 +1,9 @@
+diff --git a/distro/systemd/tmpfiles-openvpn.conf b/distro/systemd/tmpfiles-openvpn.conf
+index bb79671e..9258f5c6 100644
+--- a/distro/systemd/tmpfiles-openvpn.conf
++++ b/distro/systemd/tmpfiles-openvpn.conf
+@@ -1,2 +1,2 @@
+-d /run/openvpn-client 0710 root root -
+-d /run/openvpn-server 0710 root root -
++d /run/openvpn-client 0750 root openvpn -
++d /run/openvpn-server 0750 root openvpn -
diff --git a/SOURCES/roadwarrior-client.conf b/SOURCES/roadwarrior-client.conf
new file mode 100644
index 0000000..dd12fdb
--- /dev/null
+++ b/SOURCES/roadwarrior-client.conf
@@ -0,0 +1,38 @@
+#########################################
+# Sample client-side OpenVPN config file
+# for connecting to multi-client server.
+#
+# Adapted from http://openvpn.sourceforge.net/20notes.html
+#
+# The server can be pinged at 10.8.0.1.
+#
+# This configuration can be used by multiple
+# clients, however each client should have
+# its own cert and key files.
+#
+# tun-style tunnel
+
+port 1194
+dev tun
+remote [my server hostname or IP address]
+
+# TLS parms
+
+tls-client
+ca sample-keys/tmp-ca.crt
+cert sample-keys/client.crt
+key sample-keys/client.key
+
+# This parm is required for connecting
+# to a multi-client server.  It tells
+# the client to accept options which
+# the server pushes to us.
+pull
+
+# Scripts can be used to do various
+# things (change nameservers, for
+# example.
+#up scripts/ifup-post
+#down scripts/ifdown-post
+
+verb 4
diff --git a/SOURCES/roadwarrior-server.conf b/SOURCES/roadwarrior-server.conf
new file mode 100644
index 0000000..be3db15
--- /dev/null
+++ b/SOURCES/roadwarrior-server.conf
@@ -0,0 +1,67 @@
+########################################
+# Sample OpenVPN config file for
+# 2.0-style multi-client udp server
+#
+# Adapted from http://openvpn.sourceforge.net/20notes.html
+#
+# tun-style tunnel
+
+port 1194
+dev tun
+
+# Use "local" to set the source address on multi-homed hosts
+#local [IP address]
+
+# TLS parms
+tls-server 
+ca sample-keys/tmp-ca.crt
+cert sample-keys/server.crt
+key sample-keys/server.key
+dh sample-keys/dh1024.pem
+
+# Tell OpenVPN to be a multi-client udp server
+mode server
+
+# The server's virtual endpoints
+ifconfig 10.8.0.1 10.8.0.2
+
+# Pool of /30 subnets to be allocated to clients.
+# When a client connects, an --ifconfig command
+# will be automatically generated and pushed back to
+# the client.
+ifconfig-pool 10.8.0.4 10.8.0.255
+
+# Push route to client to bind it to our local
+# virtual endpoint.
+push "route 10.8.0.1 255.255.255.255"
+
+# Push any routes the client needs to get in
+# to the local network.
+push "route 192.168.0.0 255.255.255.0"
+
+# Push DHCP options to Windows clients.
+push "dhcp-option DOMAIN example.com"
+push "dhcp-option DNS 192.168.0.1"
+push "dhcp-option WINS 192.168.0.1"
+
+# Client should attempt reconnection on link
+# failure.
+keepalive 10 60
+
+# Delete client instances after some period
+# of inactivity.
+inactive 600
+
+# Route the --ifconfig pool range into the
+# OpenVPN server.
+route 10.8.0.0 255.255.255.0
+
+# The server doesn't need privileges
+user openvpn
+group openvpn
+
+# Keep TUN devices and keys open across restarts.
+persist-tun
+persist-key
+
+verb 4
diff --git a/SPECS/openvpn.spec b/SPECS/openvpn.spec
new file mode 100644
index 0000000..0f3130d
--- /dev/null
+++ b/SPECS/openvpn.spec
@@ -0,0 +1,377 @@
+%define _hardened_build 1
+
+# Build conditionals
+# tests_long - Enabled by default, enables long running tests in %%check
+%bcond_without tests_long
+
+Name:              openvpn
+Version:           2.5.7
+Release:           2%{?dist}
+Summary:           A full-featured TLS VPN solution
+URL:               https://community.openvpn.net/
+Source0:           https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz
+Source1:           https://build.openvpn.net/downloads/releases/%{name}-%{version}.tar.xz.asc
+Source2:           roadwarrior-server.conf
+Source3:           roadwarrior-client.conf
+# Upstream signing key
+Source10:          gpgkey-F554A3687412CFFEBDEFE0A312F5F7B42F2B01E7.gpg
+Patch1:            0001-Change-the-default-cipher-to-AES-256-GCM-for-server-.patch
+Patch2:            0001-Allow-running-a-default-configuration-with-TLS-libra.patch
+Patch50:           openvpn-2.4-change-tmpfiles-permissions.patch
+License:           GPLv2
+BuildRequires:     gnupg2
+BuildRequires:     gcc
+BuildRequires:     automake
+BuildRequires:     autoconf
+BuildRequires:     autoconf-archive
+BuildRequires:     libtool
+BuildRequires:     gettext
+BuildRequires:     lzo-devel
+BuildRequires:     lz4-devel
+BuildRequires:     make
+BuildRequires:     openssl-devel
+BuildRequires:     pkcs11-helper-devel >= 1.11
+BuildRequires:     pam-devel
+BuildRequires:     libselinux-devel
+BuildRequires:     libcmocka-devel
+BuildRequires:     systemd
+BuildRequires:     systemd-devel
+
+%{?systemd_requires}
+Requires(pre):     /usr/sbin/useradd
+
+%if 0%{?rhel} > 7 || 0%{?fedora} > 29
+BuildRequires:  python3-docutils
+%else
+# We cannot use python36-docutils on RHEL-7 as
+# the ./configure script does not currently find
+# the rst2man-3 executable, it only looks for rst2man
+BuildRequires:  python-docutils
+%endif
+
+# For the perl_default_filter macro
+BuildRequires:     perl-macros
+
+# Filter out the perl(Authen::PAM) dependency.
+# No perl dependency is really needed at all.
+%{?perl_default_filter}
+
+%description
+OpenVPN is a robust and highly flexible tunneling application that uses all
+of the encryption, authentication, and certification features of the
+OpenSSL library to securely tunnel IP networks over a single UDP or TCP
+port.  It can use the Marcus Franz Xaver Johannes Oberhumers LZO library
+for compression.
+
+%package devel
+Summary:           Development headers and examples for OpenVPN plug-ins
+
+%description devel
+OpenVPN can be extended through the --plugin option, which provides
+possibilities to add specialized authentication, user accounting,
+packet filtering and related features.  These plug-ins need to be
+written in C and provides a more low-level and information rich access
+to similar features as the various script-hooks.
+
+
+%prep
+gpgv2 --quiet --keyring %{SOURCE10} %{SOURCE1} %{SOURCE0}
+%setup -q -n %{name}-%{version}
+%patch1 -p1 -b .ch_default_cipher
+%patch2 -p1
+%patch50 -p1
+
+# %%doc items shouldn't be executable.
+find contrib sample -type f -perm /100 \
+    -exec chmod a-x {} \;
+
+%build
+%configure \
+    --enable-silent-rules \
+    --with-crypto-library=openssl \
+    --enable-pkcs11 \
+    --enable-selinux \
+    --enable-systemd \
+    --enable-x509-alt-username \
+    --enable-async-push \
+    --docdir=%{_pkgdocdir} \
+    SYSTEMD_UNIT_DIR=%{_unitdir} \
+    TMPFILES_DIR=%{_tmpfilesdir}
+%{__make}
+
+%check
+# Test Crypto:
+./src/openvpn/openvpn --genkey --secret key
+./src/openvpn/openvpn --cipher aes-128-cbc --test-crypto --secret key
+./src/openvpn/openvpn --cipher aes-256-cbc --test-crypto --secret key
+./src/openvpn/openvpn --cipher aes-128-gcm --test-crypto --secret key
+./src/openvpn/openvpn --cipher aes-256-gcm --test-crypto --secret key
+
+%if %{with tests_long}
+# Randomize ports for tests to avoid conflicts on the build servers.
+cport=$[ 50000 + ($RANDOM % 15534) ]
+sport=$[ $cport + 1 ]
+sed -e 's/^\(rport\) .*$/\1 '$sport'/' \
+    -e 's/^\(lport\) .*$/\1 '$cport'/' \
+    < sample/sample-config-files/loopback-client \
+    > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client
+sed -e 's/^\(rport\) .*$/\1 '$cport'/' \
+    -e 's/^\(lport\) .*$/\1 '$sport'/' \
+    < sample/sample-config-files/loopback-server \
+    > %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
+
+pushd sample
+# Test SSL/TLS negotiations (runs for 2 minutes):
+../src/openvpn/openvpn --config \
+    %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client &
+../src/openvpn/openvpn --config \
+    %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
+wait
+popd
+
+rm -f %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-client \
+    %{_tmppath}/%{name}-%{version}-%{release}-%(%{__id_u})-loopback-server
+%endif
+
+%install
+%{__make} install DESTDIR=$RPM_BUILD_ROOT
+find $RPM_BUILD_ROOT -name '*.la' | xargs rm -f
+mkdir -p -m 0750 $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/client $RPM_BUILD_ROOT%{_sysconfdir}/%{name}/server
+cp %{SOURCE2} %{SOURCE3} sample/sample-config-files/
+
+# Create some directories the OpenVPN package should own
+mkdir -m 0750 -p $RPM_BUILD_ROOT%{_rundir}/%{name}-{client,server}
+mkdir -m 0770 -p $RPM_BUILD_ROOT%{_sharedstatedir}/%{name}
+
+# Package installs into %%{_pkgdocdir} directly
+# Add various additional files
+cp -a AUTHORS ChangeLog contrib sample distro/systemd/README.systemd $RPM_BUILD_ROOT%{_pkgdocdir}
+
+# Remove some files which does not really belong here
+rm -f  $RPM_BUILD_ROOT%{_pkgdocdir}/sample/Makefile{,.in,.am}
+rm -f  $RPM_BUILD_ROOT%{_pkgdocdir}/contrib/multilevel-init.patch
+rm -rf $RPM_BUILD_ROOT%{_pkgdocdir}/sample/sample-keys
+
+%pre
+getent group openvpn &>/dev/null || groupadd -r openvpn
+getent passwd openvpn &>/dev/null || \
+    /usr/sbin/useradd -r -g openvpn -s /sbin/nologin -c OpenVPN \
+        -d /etc/openvpn openvpn
+
+%post
+for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
+do
+    %systemd_post $srv
+done
+
+%preun
+for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
+do
+    %systemd_preun $srv
+done
+
+%postun
+for srv in `systemctl | awk '/openvpn-client@.*\.service/{print $1} /openvpn-server@.*\.service/{print $1}'`;
+do
+    %systemd_postun_with_restart $srv
+done
+
+
+%files
+%{_pkgdocdir}
+%exclude %{_pkgdocdir}/README.IPv6
+%exclude %{_pkgdocdir}/README.mbedtls
+%exclude %{_pkgdocdir}/sample/sample-plugins
+%{_mandir}/man8/%{name}.8*
+%{_mandir}/man5/%{name}-*.5*
+%{_sbindir}/%{name}
+%{_libdir}/%{name}/
+%{_unitdir}/%{name}-client@.service
+%{_unitdir}/%{name}-server@.service
+%{_tmpfilesdir}/%{name}.conf
+%config %dir %{_sysconfdir}/%{name}/
+%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/client
+%config %dir %attr(-,-,openvpn) %{_sysconfdir}/%{name}/server
+%attr(0750,-,openvpn) %{_rundir}/%{name}-client
+%attr(0750,-,openvpn) %{_rundir}/%{name}-server
+%attr(0770,openvpn,openvpn) %{_sharedstatedir}/%{name}
+
+%files devel
+%{_pkgdocdir}/sample/sample-plugins
+%{_includedir}/openvpn-plugin.h
+%{_includedir}/openvpn-msg.h
+
+
+%changelog
+* Tue May 31 2022 David Sommerseth <davids@openvpn.net> - 2.5.7-2
+- Added additional upstream patch resolving BF-CBC issues (to be removed with 2.5.8)
+  https://patchwork.openvpn.net/patch/2504/
+- Removed BF-CBC from the --data-ciphers list.  This is no longer available by default
+  in OpenSSL 3.0
+
+* Tue May 31 2022 David Sommerseth <davids@openvpn.net> - 2.5.7-1
+- Update to upstream OpenVPN 2.5.7
+
+* Wed Mar 16 2022 David Sommerseth <davids@openvpn.net> - 2.5.6-1
+- Update to upstream OpenVPN 2.5.6
+- Fixes CVE-2022-0547
+
+* Thu Jan 27 2022 David Sommerseth <davids@openvpn.net> - 2.5.5-4
+- Fix systemd related scriptlet error (#1887984)
+
+* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Wed Dec 15 2021 David Sommerseth <davids@openvpn.net> - 2.5.5-2
+- Rebuild of 2.5.5
+
+* Wed Dec 15 2021 David Sommerseth <davids@openvpn.net> - 2.5.5-1
+- Update to upstream OpenVPN 2.5.5 (#2032844)
+
+* Tue Oct 5 2021 David Sommerseth <davids@openvpn.net> - 2.5.4-1
+- Update to upstream OpenVPN 2.5.4
+- Added new man page: openvpn-examples(5)
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.5.3-3
+- Rebuilt with OpenSSL 3.0.0
+
+* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Fri Jun 18 2021 David Sommerseth <davids@openvpn.net> - 2.5.3-1
+- Update to upstream OpenVPN 2.5.3
+- Fixes CVE-2021-3606
+
+* Wed Apr 21 2021 David Sommerseth <davids@openvpn.net> - 2.5.2-1
+- Update to upstream OpenVPN 2.5.2
+- Fixes CVE-2020-15078
+- Replaces --ncp-ciphers with --data-ciphers in the server systemd service unit
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 2.5.1-2
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Wed Feb 24 2021 David Sommerseth <dazo@eurephia.org> - 2.5.1-1
+- Update to upstream OpenVPN 2.5.1
+
+* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Oct 28 2020 David Sommerseth <dazo@eurephia.org> - 2.5.0-1
+- Update to upstream OpenVPN 2.5.0
+
+* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sun Apr 19 2020 David Sommerseth <dazo@eurephia.org> - 2.4.9-1
+- Update to upstream OpenVPN 2.4.9
+
+* Wed Feb 12 2020 David Sommerseth <dazo@eurephia.org> - 2.4.8-3
+- Rebuilt to be linked against latest lzo (RHBZ#1802299)
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.8-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Nov 1 2019 David Sommerseth <dazo@eurephia.org> - 2.4.8-1
+- Updating to upstream OpenVPN 2.4.8
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed Feb 20 2019 David Sommerseth <dazo@eurephia.org> - 2.4.7-1
+- Updating to upstream OpenVPN 2.4.7
+
+* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Oct 6 2018 David Sommerseth <dazo@eurephia.org> - 2.4.6-3
+- Enable the asynchronous push feature, which can improve connect speeds with slow authentication backends
+
+* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Apr 26 2018 David Sommerseth <dazo@eurephia.org> - 2.4.6-1
+- Updating to upstream, openvpn-2.4.6
+
+* Thu Mar 1 2018 David Sommerseth <dazo@eurephia.org> - 2.4.5-1
+- Updating to upstream, openvpn-2.4.5
+- Package upstream ChangeLog, which contains a bit more details than Changes.rst
+- Cleaned up spec file further, removed Group: tag, trimmed changelog section,
+  added gcc to BuildRequires.
+- Excluded not relevant file, README.mbedtls
+- Package upstream version of README.systemd
+- Fix wrong group owner of /etc/openvpn/{client,server} (rhbz#1526743)
+- Changed crypto self-test to test AES-{128,256}-{CBC,GCM} instead of only BF-CBC (deprecated)
+- Change /run/openvpn-{client,server} permissions to be 0750 instead of 0710, with group set to openvpn
+
+* Thu Feb 08 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Thu Jan 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.4.4-2
+- Fix systemd executions/requirements
+
+* Tue Sep 26 2017 David Sommerseth <dazo@eurephia.org> - 2.4.4-1
+- Update to upstream openvpn-2.4.4
+- Includes fix for possible stack overflow if --key-method 1 is used {CVE-2017-12166}
+
+* Fri Aug  4 2017 David Sommerseth <dazo@eurephia.org> - 2.4.3-4
+- Change to AES-GCM as the default cipher for server configurations (rhbz#1479270)
+
+* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed Jun 21 2017 David Sommerseth <dazo@eurephia.org> - 2.4.3-1
+- Updating to upstream openvpn-2.4.3
+- Fix remotely-triggerable ASSERT() on malformed IPv6 packet {CVE-2017-7508}
+- Prevent two kinds of stack buffer OOB reads and a crash for invalid input data {CVE-2017-7520}
+- Fix potential double-free in --x509-alt-username {CVE-2017-7521}
+- Fix remote-triggerable memory leaks {CVE-2017-7521}
+- Ensure OpenVPN systemd services are restarted upon upgrades
+- Verify PGP signature of source tarball as part of package building
+- Build against system lz4 library
+
+* Fri May 12 2017 David Sommerseth <dazo@eurephia.org> - 2.4.2-2
+- Install and take ownership of /run/openvpn-{client,server} (rhbz#1444601)
+- Install and take ownership of /var/lib/openvpn (rhbz#922786)
+
+* Thu May 11 2017 David Sommerseth <dazo@eurephia.org> - 2.4.2-1
+- Updating to upstream openvpn-2.4.2
+- Switching back to OpenSSL, using compat-openssl10 (rhbz#1443749, rhbz#1432125, rhbz#1440468)
+- Re-enabling --enable-x509-alt-username (rhbz#1443942)
+- Add --enable-selinux
+- Build with lz4 library from Fedora
+
+* Wed Mar 29 2017 David Sommerseth <dazo@eurephia.org> - 2.4.1-3
+- Splitting out -devel files into a separate package
+- Removed several contrib and sample files which makes is not
+  strictly needed in this package.
+- build: Enable tests runs by default, long running tests can
+  be disabled with "--without tests_long"
+- build: Removed defined %%{plugins} macro not in use
+
+* Fri Mar 24 2017 David Sommerseth <dazo@eurephia.org> - 2.4.1-2
+- Various cleanups
+- Use systemd-rpm macros (rhbz #850257)
+- Removed the deprecated openvpn@.service unit.  Replaced by openvpn-{client,server}@.service
+- Added README.systemd describing new systemd unit files
+
+* Thu Mar 23 2017 David Sommerseth <dazo@eurephia.org> - 2.4.1-1
+- Updating to upstream release, v2.4.1
+- Added mbed TLS patch to allow RSA keys down to 1024 bits plus SHA1
+  and RIPE-160 hasing algorithms (based on OpenVPN 3 legacy profile)
+- Removed no-functional ./configure options
+- Use upstream tmfiles.d/openvpn
+- Package newer openvpn-client/server@.service unit files
+
+* Thu Feb 09 2017 Jon Ciesla <limburgher@gmail.com> 2.4.0-2
+- Move to mbedtls to resolve FTBFS.
+- Dropped, re-add once openvpn supports openssl 1.1.x
+-    --enable-pkcs11 \
+-    --enable-x509-alt-username \
+
+* Tue Dec 27 2016 Jon Ciesla <limburgher@gmail.com> 2.4.0-1
+- 2.4.0.
+