From e8b0458f16747a5c1cc5eea361da945241adb105 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 21 Dec 2017 14:04:05 -0600 Subject: [PATCH 001/188] check for overflow and underflow while choosing proposer Refs #919 --- types/validator_set.go | 45 +++++++++++++++++++++++++++++++++---- types/validator_set_test.go | 44 ++++++++++++++++++++++++++++++++++-- 2 files changed, 83 insertions(+), 6 deletions(-) diff --git a/types/validator_set.go b/types/validator_set.go index 134e4e06e..9aaa6830d 100644 --- a/types/validator_set.go +++ b/types/validator_set.go @@ -48,12 +48,17 @@ func NewValidatorSet(vals []*Validator) *ValidatorSet { } // incrementAccum and update the proposer -// TODO: mind the overflow when times and votingPower shares too large. func (valSet *ValidatorSet) IncrementAccum(times int) { // Add VotingPower * times to each validator and order into heap. validatorsHeap := cmn.NewHeap() for _, val := range valSet.Validators { - val.Accum += val.VotingPower * int64(times) // TODO: mind overflow + res, overflow := signedMulWithOverflowCheck(val.VotingPower, int64(times)) + // check for overflow both multiplication and sum + if !overflow && val.Accum <= mostPositive-res { + val.Accum += res + } else { + val.Accum = mostPositive + } validatorsHeap.Push(val, accumComparable{val}) } @@ -63,7 +68,13 @@ func (valSet *ValidatorSet) IncrementAccum(times int) { if i == times-1 { valSet.Proposer = mostest } - mostest.Accum -= int64(valSet.TotalVotingPower()) + + // mind underflow + if mostest.Accum >= mostNegative+valSet.TotalVotingPower() { + mostest.Accum -= valSet.TotalVotingPower() + } else { + mostest.Accum = mostNegative + } validatorsHeap.Update(mostest, accumComparable{mostest}) } } @@ -117,7 +128,13 @@ func (valSet *ValidatorSet) Size() int { func (valSet *ValidatorSet) TotalVotingPower() int64 { if valSet.totalVotingPower == 0 { for _, val := range valSet.Validators { - valSet.totalVotingPower += val.VotingPower + // mind overflow + if valSet.totalVotingPower <= mostPositive-val.VotingPower { + valSet.totalVotingPower += val.VotingPower + } else { + valSet.totalVotingPower = mostPositive + return valSet.totalVotingPower + } } } return valSet.totalVotingPower @@ -425,3 +442,23 @@ func RandValidatorSet(numValidators int, votingPower int64) (*ValidatorSet, []*P sort.Sort(PrivValidatorsByAddress(privValidators)) return valSet, privValidators } + +const mostNegative int64 = -mostPositive - 1 +const mostPositive int64 = 1<<63 - 1 + +func signedMulWithOverflowCheck(a, b int64) (int64, bool) { + if a == 0 || b == 0 { + return 0, false + } + if a == 1 { + return b, false + } + if b == 1 { + return a, false + } + if a == mostNegative || b == mostNegative { + return -1, true + } + c := a * b + return c, c/b != a +} diff --git a/types/validator_set_test.go b/types/validator_set_test.go index 572b7b007..c65f507fa 100644 --- a/types/validator_set_test.go +++ b/types/validator_set_test.go @@ -5,8 +5,9 @@ import ( "strings" "testing" - "github.com/tendermint/go-crypto" - "github.com/tendermint/go-wire" + "github.com/stretchr/testify/assert" + crypto "github.com/tendermint/go-crypto" + wire "github.com/tendermint/go-wire" cmn "github.com/tendermint/tmlibs/common" ) @@ -190,6 +191,45 @@ func TestProposerSelection3(t *testing.T) { } } +func TestValidatorSetIncrementAccumOverflows(t *testing.T) { + // NewValidatorSet calls IncrementAccum(1) + vset := NewValidatorSet([]*Validator{ + // too much voting power + 0: {Address: []byte("a"), VotingPower: mostPositive, Accum: 0}, + // too big accum + 1: {Address: []byte("b"), VotingPower: 10, Accum: mostPositive}, + // almost too big accum + 2: {Address: []byte("c"), VotingPower: 10, Accum: mostPositive - 5}, + }) + + assert.Equal(t, int64(0), vset.Validators[0].Accum, "0") // because we decrement val with most voting power + assert.Equal(t, mostPositive, vset.Validators[1].Accum, "1") + assert.Equal(t, mostPositive, vset.Validators[2].Accum, "2") +} + +func TestValidatorSetIncrementAccumUnderflows(t *testing.T) { + // NewValidatorSet calls IncrementAccum(1) + vset := NewValidatorSet([]*Validator{ + 0: {Address: []byte("a"), VotingPower: mostPositive, Accum: mostNegative}, + 1: {Address: []byte("b"), VotingPower: 1, Accum: mostNegative}, + }) + + vset.IncrementAccum(5) + + assert.Equal(t, mostNegative, vset.Validators[0].Accum, "0") + assert.Equal(t, mostNegative, vset.Validators[1].Accum, "1") +} + +func TestValidatorSetTotalVotingPowerOverflows(t *testing.T) { + vset := NewValidatorSet([]*Validator{ + {Address: []byte("a"), VotingPower: mostPositive, Accum: 0}, + {Address: []byte("b"), VotingPower: mostPositive, Accum: 0}, + {Address: []byte("c"), VotingPower: mostPositive, Accum: 0}, + }) + + assert.Equal(t, mostPositive, vset.TotalVotingPower()) +} + func BenchmarkValidatorSetCopy(b *testing.B) { b.StopTimer() vset := NewValidatorSet([]*Validator{}) From 69c3a7640bc48957ed3984596da276264b3f1038 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 25 Dec 2017 18:38:35 -0600 Subject: [PATCH 002/188] add safeAdd & safeSub plus quickcheck tests --- types/validator_set.go | 39 +++++++++++++++++++++++++++++-------- types/validator_set_test.go | 35 ++++++++++++++++++++++++++------- 2 files changed, 59 insertions(+), 15 deletions(-) diff --git a/types/validator_set.go b/types/validator_set.go index 9aaa6830d..a9b986590 100644 --- a/types/validator_set.go +++ b/types/validator_set.go @@ -52,10 +52,15 @@ func (valSet *ValidatorSet) IncrementAccum(times int) { // Add VotingPower * times to each validator and order into heap. validatorsHeap := cmn.NewHeap() for _, val := range valSet.Validators { - res, overflow := signedMulWithOverflowCheck(val.VotingPower, int64(times)) // check for overflow both multiplication and sum - if !overflow && val.Accum <= mostPositive-res { - val.Accum += res + res, overflow := safeMul(val.VotingPower, int64(times)) + if !overflow { + res2, overflow2 := safeAdd(val.Accum, res) + if !overflow2 { + val.Accum = res2 + } else { + val.Accum = mostPositive + } } else { val.Accum = mostPositive } @@ -70,8 +75,9 @@ func (valSet *ValidatorSet) IncrementAccum(times int) { } // mind underflow - if mostest.Accum >= mostNegative+valSet.TotalVotingPower() { - mostest.Accum -= valSet.TotalVotingPower() + res, underflow := safeSub(mostest.Accum, valSet.TotalVotingPower()) + if !underflow { + mostest.Accum = res } else { mostest.Accum = mostNegative } @@ -129,8 +135,9 @@ func (valSet *ValidatorSet) TotalVotingPower() int64 { if valSet.totalVotingPower == 0 { for _, val := range valSet.Validators { // mind overflow - if valSet.totalVotingPower <= mostPositive-val.VotingPower { - valSet.totalVotingPower += val.VotingPower + res, overflow := safeAdd(valSet.totalVotingPower, val.VotingPower) + if !overflow { + valSet.totalVotingPower = res } else { valSet.totalVotingPower = mostPositive return valSet.totalVotingPower @@ -443,10 +450,13 @@ func RandValidatorSet(numValidators int, votingPower int64) (*ValidatorSet, []*P return valSet, privValidators } +/////////////////////////////////////////////////////////////////////////////// +// Safe multiplication and addition/subtraction + const mostNegative int64 = -mostPositive - 1 const mostPositive int64 = 1<<63 - 1 -func signedMulWithOverflowCheck(a, b int64) (int64, bool) { +func safeMul(a, b int64) (int64, bool) { if a == 0 || b == 0 { return 0, false } @@ -462,3 +472,16 @@ func signedMulWithOverflowCheck(a, b int64) (int64, bool) { c := a * b return c, c/b != a } + +func safeAdd(a, b int64) (int64, bool) { + if b > 0 && a > mostPositive-b { + return -1, true + } else if b < 0 && a < mostNegative-b { + return -1, true + } + return a + b, false +} + +func safeSub(a, b int64) (int64, bool) { + return safeAdd(a, -b) +} diff --git a/types/validator_set_test.go b/types/validator_set_test.go index c65f507fa..dd2a59999 100644 --- a/types/validator_set_test.go +++ b/types/validator_set_test.go @@ -4,6 +4,7 @@ import ( "bytes" "strings" "testing" + "testing/quick" "github.com/stretchr/testify/assert" crypto "github.com/tendermint/go-crypto" @@ -191,6 +192,16 @@ func TestProposerSelection3(t *testing.T) { } } +func TestValidatorSetTotalVotingPowerOverflows(t *testing.T) { + vset := NewValidatorSet([]*Validator{ + {Address: []byte("a"), VotingPower: mostPositive, Accum: 0}, + {Address: []byte("b"), VotingPower: mostPositive, Accum: 0}, + {Address: []byte("c"), VotingPower: mostPositive, Accum: 0}, + }) + + assert.Equal(t, mostPositive, vset.TotalVotingPower()) +} + func TestValidatorSetIncrementAccumOverflows(t *testing.T) { // NewValidatorSet calls IncrementAccum(1) vset := NewValidatorSet([]*Validator{ @@ -220,14 +231,24 @@ func TestValidatorSetIncrementAccumUnderflows(t *testing.T) { assert.Equal(t, mostNegative, vset.Validators[1].Accum, "1") } -func TestValidatorSetTotalVotingPowerOverflows(t *testing.T) { - vset := NewValidatorSet([]*Validator{ - {Address: []byte("a"), VotingPower: mostPositive, Accum: 0}, - {Address: []byte("b"), VotingPower: mostPositive, Accum: 0}, - {Address: []byte("c"), VotingPower: mostPositive, Accum: 0}, - }) +func TestSafeMul(t *testing.T) { + f := func(a, b int64) bool { + c, overflow := safeMul(a, b) + return overflow || (!overflow && c == a*b) + } + if err := quick.Check(f, nil); err != nil { + t.Error(err) + } +} - assert.Equal(t, mostPositive, vset.TotalVotingPower()) +func TestSafeAdd(t *testing.T) { + f := func(a, b int64) bool { + c, overflow := safeAdd(a, b) + return overflow || (!overflow && c == a+b) + } + if err := quick.Check(f, nil); err != nil { + t.Error(err) + } } func BenchmarkValidatorSetCopy(b *testing.B) { From 1339a44402b7e4f343b1051658c9b267a0cd970e Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 26 Dec 2017 14:13:12 -0600 Subject: [PATCH 003/188] add safe*Clip funcs --- types/validator_set.go | 80 +++++++++++++++++++++++-------------- types/validator_set_test.go | 47 ++++++++++++++++------ 2 files changed, 83 insertions(+), 44 deletions(-) diff --git a/types/validator_set.go b/types/validator_set.go index a9b986590..3876c19d7 100644 --- a/types/validator_set.go +++ b/types/validator_set.go @@ -3,6 +3,7 @@ package types import ( "bytes" "fmt" + "math" "sort" "strings" @@ -53,17 +54,7 @@ func (valSet *ValidatorSet) IncrementAccum(times int) { validatorsHeap := cmn.NewHeap() for _, val := range valSet.Validators { // check for overflow both multiplication and sum - res, overflow := safeMul(val.VotingPower, int64(times)) - if !overflow { - res2, overflow2 := safeAdd(val.Accum, res) - if !overflow2 { - val.Accum = res2 - } else { - val.Accum = mostPositive - } - } else { - val.Accum = mostPositive - } + val.Accum = safeAddClip(val.Accum, safeMulClip(val.VotingPower, int64(times))) validatorsHeap.Push(val, accumComparable{val}) } @@ -75,12 +66,7 @@ func (valSet *ValidatorSet) IncrementAccum(times int) { } // mind underflow - res, underflow := safeSub(mostest.Accum, valSet.TotalVotingPower()) - if !underflow { - mostest.Accum = res - } else { - mostest.Accum = mostNegative - } + mostest.Accum = safeSubClip(mostest.Accum, valSet.TotalVotingPower()) validatorsHeap.Update(mostest, accumComparable{mostest}) } } @@ -135,13 +121,7 @@ func (valSet *ValidatorSet) TotalVotingPower() int64 { if valSet.totalVotingPower == 0 { for _, val := range valSet.Validators { // mind overflow - res, overflow := safeAdd(valSet.totalVotingPower, val.VotingPower) - if !overflow { - valSet.totalVotingPower = res - } else { - valSet.totalVotingPower = mostPositive - return valSet.totalVotingPower - } + valSet.totalVotingPower = safeAddClip(valSet.totalVotingPower, val.VotingPower) } } return valSet.totalVotingPower @@ -453,9 +433,6 @@ func RandValidatorSet(numValidators int, votingPower int64) (*ValidatorSet, []*P /////////////////////////////////////////////////////////////////////////////// // Safe multiplication and addition/subtraction -const mostNegative int64 = -mostPositive - 1 -const mostPositive int64 = 1<<63 - 1 - func safeMul(a, b int64) (int64, bool) { if a == 0 || b == 0 { return 0, false @@ -466,7 +443,7 @@ func safeMul(a, b int64) (int64, bool) { if b == 1 { return a, false } - if a == mostNegative || b == mostNegative { + if a == math.MinInt64 || b == math.MinInt64 { return -1, true } c := a * b @@ -474,14 +451,55 @@ func safeMul(a, b int64) (int64, bool) { } func safeAdd(a, b int64) (int64, bool) { - if b > 0 && a > mostPositive-b { + if b > 0 && a > math.MaxInt64-b { return -1, true - } else if b < 0 && a < mostNegative-b { + } else if b < 0 && a < math.MinInt64-b { return -1, true } return a + b, false } func safeSub(a, b int64) (int64, bool) { - return safeAdd(a, -b) + if b > 0 && a < math.MinInt64+b { + return -1, true + } else if b < 0 && a > math.MaxInt64+b { + return -1, true + } + return a - b, false +} + +func safeMulClip(a, b int64) int64 { + c, overflow := safeMul(a, b) + if overflow { + if (a < 0 || b < 0) && !(a < 0 && b < 0) { + return math.MinInt64 + } else { + return math.MaxInt64 + } + } + return c +} + +func safeAddClip(a, b int64) int64 { + c, overflow := safeAdd(a, b) + if overflow { + if b < 0 { + return math.MinInt64 + } else { + return math.MaxInt64 + } + } + return c +} + +func safeSubClip(a, b int64) int64 { + c, overflow := safeSub(a, b) + if overflow { + if b > 0 { + return math.MinInt64 + } else { + return math.MaxInt64 + } + } + return c } diff --git a/types/validator_set_test.go b/types/validator_set_test.go index dd2a59999..9c7512378 100644 --- a/types/validator_set_test.go +++ b/types/validator_set_test.go @@ -2,6 +2,7 @@ package types import ( "bytes" + "math" "strings" "testing" "testing/quick" @@ -194,41 +195,41 @@ func TestProposerSelection3(t *testing.T) { func TestValidatorSetTotalVotingPowerOverflows(t *testing.T) { vset := NewValidatorSet([]*Validator{ - {Address: []byte("a"), VotingPower: mostPositive, Accum: 0}, - {Address: []byte("b"), VotingPower: mostPositive, Accum: 0}, - {Address: []byte("c"), VotingPower: mostPositive, Accum: 0}, + {Address: []byte("a"), VotingPower: math.MaxInt64, Accum: 0}, + {Address: []byte("b"), VotingPower: math.MaxInt64, Accum: 0}, + {Address: []byte("c"), VotingPower: math.MaxInt64, Accum: 0}, }) - assert.Equal(t, mostPositive, vset.TotalVotingPower()) + assert.EqualValues(t, math.MaxInt64, vset.TotalVotingPower()) } func TestValidatorSetIncrementAccumOverflows(t *testing.T) { // NewValidatorSet calls IncrementAccum(1) vset := NewValidatorSet([]*Validator{ // too much voting power - 0: {Address: []byte("a"), VotingPower: mostPositive, Accum: 0}, + 0: {Address: []byte("a"), VotingPower: math.MaxInt64, Accum: 0}, // too big accum - 1: {Address: []byte("b"), VotingPower: 10, Accum: mostPositive}, + 1: {Address: []byte("b"), VotingPower: 10, Accum: math.MaxInt64}, // almost too big accum - 2: {Address: []byte("c"), VotingPower: 10, Accum: mostPositive - 5}, + 2: {Address: []byte("c"), VotingPower: 10, Accum: math.MaxInt64 - 5}, }) assert.Equal(t, int64(0), vset.Validators[0].Accum, "0") // because we decrement val with most voting power - assert.Equal(t, mostPositive, vset.Validators[1].Accum, "1") - assert.Equal(t, mostPositive, vset.Validators[2].Accum, "2") + assert.EqualValues(t, math.MaxInt64, vset.Validators[1].Accum, "1") + assert.EqualValues(t, math.MaxInt64, vset.Validators[2].Accum, "2") } func TestValidatorSetIncrementAccumUnderflows(t *testing.T) { // NewValidatorSet calls IncrementAccum(1) vset := NewValidatorSet([]*Validator{ - 0: {Address: []byte("a"), VotingPower: mostPositive, Accum: mostNegative}, - 1: {Address: []byte("b"), VotingPower: 1, Accum: mostNegative}, + 0: {Address: []byte("a"), VotingPower: math.MaxInt64, Accum: math.MinInt64}, + 1: {Address: []byte("b"), VotingPower: 1, Accum: math.MinInt64}, }) vset.IncrementAccum(5) - assert.Equal(t, mostNegative, vset.Validators[0].Accum, "0") - assert.Equal(t, mostNegative, vset.Validators[1].Accum, "1") + assert.EqualValues(t, math.MinInt64, vset.Validators[0].Accum, "0") + assert.EqualValues(t, math.MinInt64, vset.Validators[1].Accum, "1") } func TestSafeMul(t *testing.T) { @@ -251,6 +252,26 @@ func TestSafeAdd(t *testing.T) { } } +func TestSafeMulClip(t *testing.T) { + assert.EqualValues(t, math.MaxInt64, safeMulClip(math.MinInt64, math.MinInt64)) + assert.EqualValues(t, math.MinInt64, safeMulClip(math.MaxInt64, math.MinInt64)) + assert.EqualValues(t, math.MinInt64, safeMulClip(math.MinInt64, math.MaxInt64)) + assert.EqualValues(t, math.MaxInt64, safeMulClip(math.MaxInt64, 2)) +} + +func TestSafeAddClip(t *testing.T) { + assert.EqualValues(t, math.MaxInt64, safeAddClip(math.MaxInt64, 10)) + assert.EqualValues(t, math.MaxInt64, safeAddClip(math.MaxInt64, math.MaxInt64)) + assert.EqualValues(t, math.MinInt64, safeAddClip(math.MinInt64, -10)) +} + +func TestSafeSubClip(t *testing.T) { + assert.EqualValues(t, math.MinInt64, safeSubClip(math.MinInt64, 10)) + assert.EqualValues(t, 0, safeSubClip(math.MinInt64, math.MinInt64)) + assert.EqualValues(t, math.MinInt64, safeSubClip(math.MinInt64, math.MaxInt64)) + assert.EqualValues(t, math.MaxInt64, safeSubClip(math.MaxInt64, -10)) +} + func BenchmarkValidatorSetCopy(b *testing.B) { b.StopTimer() vset := NewValidatorSet([]*Validator{}) From 70ba60885057c9bf351b1a92db660d96448c6967 Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Tue, 10 Oct 2017 12:56:18 -0400 Subject: [PATCH 004/188] config: write all default options to config file config: test the default file docs: spiff up config config: minor fixes & comments config: simplify test config; use a seperate config directory, #556 config: update docs & parameterize file paths config: PR comments config: use the default object fix a rebase error --- CHANGELOG.md | 1 + cmd/tendermint/commands/testnet.go | 13 +- cmd/tendermint/main.go | 4 +- config/config.go | 35 +++-- config/toml.go | 207 +++++++++++++++++++++------ config/toml_test.go | 39 ++++- consensus/test_data/build.sh | 148 +++++++++++++++++++ docs/deploy-testnets.rst | 2 +- docs/specification/configuration.rst | 195 ++++++++++++++++++------- docs/specification/genesis.rst | 2 +- docs/specification/rpc.rst | 2 +- docs/using-tendermint.rst | 16 +-- rpc/core/doc.go | 2 +- scripts/debora/unsafe_reset_net.sh | 2 +- 14 files changed, 543 insertions(+), 125 deletions(-) create mode 100755 consensus/test_data/build.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index f9f0809d9..392b7e6ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ BREAKING CHANGES: - Better support for injecting randomness - Pass evidence/voteInfo through ABCI - Upgrade consensus for more real-time use of evidence +- the files usually found in `~/.tendermint` (`config.toml`, `genesis.json`, and `priv_validator.json`) are now in `~/.tendermint/config`. The `$TMHOME/data/` directory remains unchanged. FEATURES: - Peer reputation management diff --git a/cmd/tendermint/commands/testnet.go b/cmd/tendermint/commands/testnet.go index 2c859df2b..f5551a95e 100644 --- a/cmd/tendermint/commands/testnet.go +++ b/cmd/tendermint/commands/testnet.go @@ -2,11 +2,12 @@ package commands import ( "fmt" - "path" + "path/filepath" "time" "github.com/spf13/cobra" + cfg "github.com/tendermint/tendermint/config" "github.com/tendermint/tendermint/types" cmn "github.com/tendermint/tmlibs/common" ) @@ -35,6 +36,7 @@ var TestnetFilesCmd = &cobra.Command{ func testnetFiles(cmd *cobra.Command, args []string) { genVals := make([]types.GenesisValidator, nValidators) + defaultConfig := cfg.DefaultBaseConfig() // Initialize core dir and priv_validator.json's for i := 0; i < nValidators; i++ { @@ -44,7 +46,7 @@ func testnetFiles(cmd *cobra.Command, args []string) { cmn.Exit(err.Error()) } // Read priv_validator.json to populate vals - privValFile := path.Join(dataDir, mach, "priv_validator.json") + privValFile := filepath.Join(dataDir, mach, defaultConfig.PrivValidator) privVal := types.LoadPrivValidatorFS(privValFile) genVals[i] = types.GenesisValidator{ PubKey: privVal.GetPubKey(), @@ -63,7 +65,7 @@ func testnetFiles(cmd *cobra.Command, args []string) { // Write genesis file. for i := 0; i < nValidators; i++ { mach := cmn.Fmt("mach%d", i) - if err := genDoc.SaveAs(path.Join(dataDir, mach, "genesis.json")); err != nil { + if err := genDoc.SaveAs(filepath.Join(dataDir, mach, defaultConfig.Genesis)); err != nil { panic(err) } } @@ -73,14 +75,15 @@ func testnetFiles(cmd *cobra.Command, args []string) { // Initialize per-machine core directory func initMachCoreDirectory(base, mach string) error { - dir := path.Join(base, mach) + dir := filepath.Join(base, mach) err := cmn.EnsureDir(dir, 0777) if err != nil { return err } // Create priv_validator.json file if not present - ensurePrivValidator(path.Join(dir, "priv_validator.json")) + defaultConfig := cfg.DefaultBaseConfig() + ensurePrivValidator(filepath.Join(dir, defaultConfig.PrivValidator)) return nil } diff --git a/cmd/tendermint/main.go b/cmd/tendermint/main.go index c24cfe197..17b5a585b 100644 --- a/cmd/tendermint/main.go +++ b/cmd/tendermint/main.go @@ -2,10 +2,12 @@ package main import ( "os" + "path/filepath" "github.com/tendermint/tmlibs/cli" cmd "github.com/tendermint/tendermint/cmd/tendermint/commands" + cfg "github.com/tendermint/tendermint/config" nm "github.com/tendermint/tendermint/node" ) @@ -37,7 +39,7 @@ func main() { // Create & start node rootCmd.AddCommand(cmd.NewRunNodeCmd(nodeFunc)) - cmd := cli.PrepareBaseCmd(rootCmd, "TM", os.ExpandEnv("$HOME/.tendermint")) + cmd := cli.PrepareBaseCmd(rootCmd, "TM", os.ExpandEnv(filepath.Join("$HOME", cfg.DefaultTendermintDir))) if err := cmd.Execute(); err != nil { panic(err) } diff --git a/config/config.go b/config/config.go index 5d4a8ef65..1585fcd0e 100644 --- a/config/config.go +++ b/config/config.go @@ -7,6 +7,25 @@ import ( "time" ) +// Note: Most of the structs & relevant comments + the +// default configuration options were used to manually +// generate the config.toml. Please reflect any changes +// made here in the defaultConfigTemplate constant in +// config/toml.go +var ( + DefaultTendermintDir = ".tendermint" + defaultConfigDir = "config" + defaultDataDir = "data" + + defaultConfigFileName = "config.toml" + defaultGenesisJSONName = "genesis.json" + defaultPrivValName = "priv_validator.json" + + defaultConfigFilePath = filepath.Join(defaultConfigDir, defaultConfigFileName) + defaultGenesisJSONPath = filepath.Join(defaultConfigDir, defaultGenesisJSONName) + defaultPrivValPath = filepath.Join(defaultConfigDir, defaultPrivValName) +) + // Config defines the top level configuration for a Tendermint node type Config struct { // Top level options use an anonymous struct @@ -66,10 +85,10 @@ type BaseConfig struct { // The ID of the chain to join (should be signed with every transaction and vote) ChainID string `mapstructure:"chain_id"` - // A JSON file containing the initial validator set and other meta data + // Path to the JSON file containing the initial validator set and other meta data Genesis string `mapstructure:"genesis_file"` - // A JSON file containing the private key to use as a validator in the consensus protocol + // Path to the JSON file containing the private key to use as a validator in the consensus protocol PrivValidator string `mapstructure:"priv_validator_file"` // A custom human readable name for this node @@ -107,8 +126,8 @@ type BaseConfig struct { // DefaultBaseConfig returns a default base configuration for a Tendermint node func DefaultBaseConfig() BaseConfig { return BaseConfig{ - Genesis: "genesis.json", - PrivValidator: "priv_validator.json", + Genesis: defaultGenesisJSONPath, + PrivValidator: defaultPrivValPath, Moniker: defaultMoniker, ProxyApp: "tcp://127.0.0.1:46658", ABCI: "socket", @@ -279,7 +298,7 @@ func DefaultMempoolConfig() *MempoolConfig { Recheck: true, RecheckEmpty: true, Broadcast: true, - WalPath: "data/mempool.wal", + WalPath: filepath.Join(defaultDataDir, "mempool.wal"), } } @@ -299,7 +318,7 @@ type ConsensusConfig struct { WalLight bool `mapstructure:"wal_light"` walFile string // overrides WalPath if set - // All timeouts are in ms + // All timeouts are in milliseconds TimeoutPropose int `mapstructure:"timeout_propose"` TimeoutProposeDelta int `mapstructure:"timeout_propose_delta"` TimeoutPrevote int `mapstructure:"timeout_prevote"` @@ -319,7 +338,7 @@ type ConsensusConfig struct { CreateEmptyBlocks bool `mapstructure:"create_empty_blocks"` CreateEmptyBlocksInterval int `mapstructure:"create_empty_blocks_interval"` - // Reactor sleep duration parameters are in ms + // Reactor sleep duration parameters are in milliseconds PeerGossipSleepDuration int `mapstructure:"peer_gossip_sleep_duration"` PeerQueryMaj23SleepDuration int `mapstructure:"peer_query_maj23_sleep_duration"` } @@ -367,7 +386,7 @@ func (cfg *ConsensusConfig) PeerQueryMaj23Sleep() time.Duration { // DefaultConsensusConfig returns a default configuration for the consensus service func DefaultConsensusConfig() *ConsensusConfig { return &ConsensusConfig{ - WalPath: "data/cs.wal/wal", + WalPath: filepath.Join(defaultDataDir, "cs.wal/wal"), WalLight: false, TimeoutPropose: 3000, TimeoutProposeDelta: 500, diff --git a/config/toml.go b/config/toml.go index 735f45c12..56a5a1304 100644 --- a/config/toml.go +++ b/config/toml.go @@ -1,25 +1,37 @@ package config import ( + "bytes" "os" - "path" "path/filepath" - "strings" + "text/template" cmn "github.com/tendermint/tmlibs/common" ) +var configTemplate *template.Template + +func init() { + var err error + if configTemplate, err = template.New("configFileTemplate").Parse(defaultConfigTemplate); err != nil { + panic(err) + } +} + /****** these are for production settings ***********/ func EnsureRoot(rootDir string) { if err := cmn.EnsureDir(rootDir, 0700); err != nil { cmn.PanicSanity(err.Error()) } - if err := cmn.EnsureDir(rootDir+"/data", 0700); err != nil { + if err := cmn.EnsureDir(filepath.Join(rootDir, defaultConfigDir), 0700); err != nil { + cmn.PanicSanity(err.Error()) + } + if err := cmn.EnsureDir(filepath.Join(rootDir, defaultDataDir), 0700); err != nil { cmn.PanicSanity(err.Error()) } - configFilePath := path.Join(rootDir, "config.toml") + configFilePath := filepath.Join(rootDir, defaultConfigFilePath) // Write default config file if missing. if !cmn.FileExists(configFilePath) { @@ -27,26 +39,153 @@ func EnsureRoot(rootDir string) { } } -var defaultConfigTmpl = `# This is a TOML config file. +// XXX: this func should probably be called by cmd/tendermint/commands/init.go +// alongside the writing of the genesis.json and priv_validator.json +func writeConfigFile(configFilePath string) { + var buffer bytes.Buffer + + if err := configTemplate.Execute(&buffer, DefaultConfig()); err != nil { + panic(err) + } + + cmn.MustWriteFile(configFilePath, buffer.Bytes(), 0644) +} + +// Note: any changes to the comments/variables/mapstructure +// must be reflected in the appropriate struct in config/config.go +const defaultConfigTemplate = `# This is a TOML config file. # For more information, see https://github.com/toml-lang/toml -proxy_app = "tcp://127.0.0.1:46658" -moniker = "__MONIKER__" -fast_sync = true -db_backend = "leveldb" -log_level = "state:info,*:error" +##### main base config options ##### +# TCP or UNIX socket address of the ABCI application, +# or the name of an ABCI application compiled in with the Tendermint binary +proxy_app = "{{ .BaseConfig.ProxyApp }}" + +# A custom human readable name for this node +moniker = "{{ .BaseConfig.Moniker }}" + +# If this node is many blocks behind the tip of the chain, FastSync +# allows them to catchup quickly by downloading blocks in parallel +# and verifying their commits +fast_sync = {{ .BaseConfig.FastSync }} + +# Database backend: leveldb | memdb +db_backend = "{{ .BaseConfig.DBBackend }}" + +# Database directory +db_path = "{{ .BaseConfig.DBPath }}" + +# Output level for logging +log_level = "{{ .BaseConfig.LogLevel }}" + +##### additional base config options ##### + +# The ID of the chain to join (should be signed with every transaction and vote) +chain_id = "{{ .BaseConfig.ChainID }}" + +# Path to the JSON file containing the initial validator set and other meta data +genesis_file = "{{ .BaseConfig.Genesis }}" + +# Path to the JSON file containing the private key to use as a validator in the consensus protocol +priv_validator_file = "{{ .BaseConfig.PrivValidator }}" + +# Mechanism to connect to the ABCI application: socket | grpc +abci = "{{ .BaseConfig.ABCI }}" + +# TCP or UNIX socket address for the profiling server to listen on +prof_laddr = "{{ .BaseConfig.ProfListenAddress }}" + +# If true, query the ABCI app on connecting to a new peer +# so the app can decide if we should keep the connection or not +filter_peers = {{ .BaseConfig.FilterPeers }} + +# What indexer to use for transactions +tx_index = "{{ .BaseConfig.TxIndex }}" + +##### advanced configuration options ##### + +##### rpc server configuration options ##### [rpc] -laddr = "tcp://0.0.0.0:46657" +# TCP or UNIX socket address for the RPC server to listen on +laddr = "{{ .RPC.ListenAddress }}" + +# TCP or UNIX socket address for the gRPC server to listen on +# NOTE: This server only supports /broadcast_tx_commit +grpc_laddr = "{{ .RPC.GRPCListenAddress }}" + +# Activate unsafe RPC commands like /dial_seeds and /unsafe_flush_mempool +unsafe = {{ .RPC.Unsafe }} + +##### peer to peer configuration options ##### [p2p] -laddr = "tcp://0.0.0.0:46656" -seeds = "" -` -func defaultConfig(moniker string) string { - return strings.Replace(defaultConfigTmpl, "__MONIKER__", moniker, -1) -} +# Address to listen for incoming connections +laddr = "{{ .P2P.ListenAddress }}" + +# Comma separated list of seed nodes to connect to +seeds = "" + +# Path to address book +addr_book_file = "{{ .P2P.AddrBook }}" + +# Set true for strict address routability rules +addr_book_strict = {{ .P2P.AddrBookStrict }} + +# Time to wait before flushing messages out on the connection, in ms +flush_throttle_timeout = {{ .P2P.FlushThrottleTimeout }} + +# Maximum number of peers to connect to +max_num_peers = {{ .P2P.MaxNumPeers }} + +# Maximum size of a message packet payload, in bytes +max_msg_packet_payload_size = {{ .P2P.MaxMsgPacketPayloadSize }} + +# Rate at which packets can be sent, in bytes/second +send_rate = {{ .P2P.SendRate }} + +# Rate at which packets can be received, in bytes/second +recv_rate = {{ .P2P.RecvRate }} + +##### mempool configuration options ##### +[mempool] + +recheck = {{ .Mempool.Recheck }} +recheck_empty = {{ .Mempool.RecheckEmpty }} +broadcast = {{ .Mempool.Broadcast }} +wal_dir = "{{ .Mempool.WalPath }}" + +##### consensus configuration options ##### +[consensus] + +wal_file = "{{ .Consensus.WalPath }}" +wal_light = {{ .Consensus.WalLight }} + +# All timeouts are in milliseconds +timeout_propose = {{ .Consensus.TimeoutPropose }} +timeout_propose_delta = {{ .Consensus.TimeoutProposeDelta }} +timeout_prevote = {{ .Consensus.TimeoutPrevote }} +timeout_prevote_delta = {{ .Consensus.TimeoutPrevoteDelta }} +timeout_precommit = {{ .Consensus.TimeoutPrecommit }} +timeout_precommit_delta = {{ .Consensus.TimeoutPrecommitDelta }} +timeout_commit = {{ .Consensus.TimeoutCommit }} + +# Make progress as soon as we have all the precommits (as if TimeoutCommit = 0) +skip_timeout_commit = {{ .Consensus.SkipTimeoutCommit }} + +# BlockSize +max_block_size_txs = {{ .Consensus.MaxBlockSizeTxs }} +max_block_size_bytes = {{ .Consensus.MaxBlockSizeBytes }} + +# EmptyBlocks mode and possible interval between empty blocks in seconds +create_empty_blocks = {{ .Consensus.CreateEmptyBlocks }} +create_empty_blocks_interval = {{ .Consensus.CreateEmptyBlocksInterval }} + +# Reactor sleep duration parameters are in milliseconds +peer_gossip_sleep_duration = {{ .Consensus.PeerGossipSleepDuration }} +peer_query_maj23_sleep_duration = {{ .Consensus.PeerQueryMaj23SleepDuration }} +` /****** these are for test settings ***********/ @@ -69,13 +208,17 @@ func ResetTestRoot(testName string) *Config { if err := cmn.EnsureDir(rootDir, 0700); err != nil { cmn.PanicSanity(err.Error()) } - if err := cmn.EnsureDir(rootDir+"/data", 0700); err != nil { + if err := cmn.EnsureDir(filepath.Join(rootDir, defaultConfigDir), 0700); err != nil { + cmn.PanicSanity(err.Error()) + } + if err := cmn.EnsureDir(filepath.Join(rootDir, defaultDataDir), 0700); err != nil { cmn.PanicSanity(err.Error()) } - configFilePath := path.Join(rootDir, "config.toml") - genesisFilePath := path.Join(rootDir, "genesis.json") - privFilePath := path.Join(rootDir, "priv_validator.json") + baseConfig := DefaultBaseConfig() + configFilePath := filepath.Join(rootDir, defaultConfigFilePath) + genesisFilePath := filepath.Join(rootDir, baseConfig.Genesis) + privFilePath := filepath.Join(rootDir, baseConfig.PrivValidator) // Write default config file if missing. if !cmn.FileExists(configFilePath) { @@ -91,28 +234,6 @@ func ResetTestRoot(testName string) *Config { return config } -var testConfigTmpl = `# This is a TOML config file. -# For more information, see https://github.com/toml-lang/toml - -proxy_app = "dummy" -moniker = "__MONIKER__" -fast_sync = false -db_backend = "memdb" -log_level = "info" - -[rpc] -laddr = "tcp://0.0.0.0:36657" - -[p2p] -laddr = "tcp://0.0.0.0:36656" -seeds = "" -` - -func testConfig(moniker string) (testConfig string) { - testConfig = strings.Replace(testConfigTmpl, "__MONIKER__", moniker, -1) - return -} - var testGenesis = `{ "genesis_time": "0001-01-01T00:00:00.000Z", "chain_id": "tendermint_test", diff --git a/config/toml_test.go b/config/toml_test.go index f927a14ca..e98719f6f 100644 --- a/config/toml_test.go +++ b/config/toml_test.go @@ -4,6 +4,7 @@ import ( "io/ioutil" "os" "path/filepath" + "strings" "testing" "github.com/stretchr/testify/assert" @@ -30,7 +31,7 @@ func TestEnsureRoot(t *testing.T) { EnsureRoot(tmpDir) // make sure config is set properly - data, err := ioutil.ReadFile(filepath.Join(tmpDir, "config.toml")) + data, err := ioutil.ReadFile(filepath.Join(tmpDir, defaultConfigFilePath)) require.Nil(err) assert.Equal([]byte(defaultConfig(defaultMoniker)), data) @@ -47,11 +48,41 @@ func TestEnsureTestRoot(t *testing.T) { rootDir := cfg.RootDir // make sure config is set properly - data, err := ioutil.ReadFile(filepath.Join(rootDir, "config.toml")) + data, err := ioutil.ReadFile(filepath.Join(rootDir, defaultConfigFilePath)) require.Nil(err) assert.Equal([]byte(testConfig(defaultMoniker)), data) // TODO: make sure the cfg returned and testconfig are the same! - - ensureFiles(t, rootDir, "data", "genesis.json", "priv_validator.json") + baseConfig := DefaultBaseConfig() + ensureFiles(t, rootDir, defaultDataDir, baseConfig.Genesis, baseConfig.PrivValidator) +} + +func checkConfig(configFile string) bool { + var valid bool + + // list of words we expect in the config + var elems = []string{ + "moniker", + "seeds", + "proxy_app", + "fast_sync", + "create_empty_blocks", + "peer", + "timeout", + "broadcast", + "send", + "addr", + "wal", + "propose", + "max", + "genesis", + } + for _, e := range elems { + if !strings.Contains(configFile, e) { + valid = false + } else { + valid = true + } + } + return valid } diff --git a/consensus/test_data/build.sh b/consensus/test_data/build.sh new file mode 100755 index 000000000..b0e1a934c --- /dev/null +++ b/consensus/test_data/build.sh @@ -0,0 +1,148 @@ +#!/usr/bin/env bash + +# Requires: killall command and jq JSON processor. + +# Get the parent directory of where this script is. +SOURCE="${BASH_SOURCE[0]}" +while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done +DIR="$( cd -P "$( dirname "$SOURCE" )/../.." && pwd )" + +# Change into that dir because we expect that. +cd "$DIR" || exit 1 + +# Make sure we have a tendermint command. +if ! hash tendermint 2>/dev/null; then + make install +fi + +# Make sure we have a cutWALUntil binary. +cutWALUntil=./scripts/cutWALUntil/cutWALUntil +cutWALUntilDir=$(dirname $cutWALUntil) +if ! hash $cutWALUntil 2>/dev/null; then + cd "$cutWALUntilDir" && go build && cd - || exit 1 +fi + +TMHOME=$(mktemp -d) +export TMHOME="$TMHOME" + +if [[ ! -d "$TMHOME" ]]; then + echo "Could not create temp directory" + exit 1 +else + echo "TMHOME: ${TMHOME}" +fi + +# TODO: eventually we should replace with `tendermint init --test` +DIR_TO_COPY=$HOME/.tendermint_test/consensus_state_test +if [ ! -d "$DIR_TO_COPY" ]; then + echo "$DIR_TO_COPY does not exist. Please run: go test ./consensus" + exit 1 +fi +echo "==> Copying ${DIR_TO_COPY} to ${TMHOME} directory..." +cp -r "$DIR_TO_COPY"/* "$TMHOME" + +# preserve original genesis file because later it will be modified (see small_block2) +cp "$TMHOME/config/genesis.json" "$TMHOME/config/genesis.json.bak" + +function reset(){ + echo "==> Resetting tendermint..." + tendermint unsafe_reset_all + cp "$TMHOME/config/genesis.json.bak" "$TMHOME/config/genesis.json" +} + +reset + +# function empty_block(){ +# echo "==> Starting tendermint..." +# tendermint node --proxy_app=persistent_dummy &> /dev/null & +# sleep 5 +# echo "==> Killing tendermint..." +# killall tendermint + +# echo "==> Copying WAL log..." +# $cutWALUntil "$TMHOME/data/cs.wal/wal" 1 consensus/test_data/new_empty_block.cswal +# mv consensus/test_data/new_empty_block.cswal consensus/test_data/empty_block.cswal + +# reset +# } + +function many_blocks(){ + bash scripts/txs/random.sh 1000 36657 &> /dev/null & + PID=$! + echo "==> Starting tendermint..." + tendermint node --proxy_app=persistent_dummy &> /dev/null & + sleep 10 + echo "==> Killing tendermint..." + kill -9 $PID + killall tendermint + + echo "==> Copying WAL log..." + $cutWALUntil "$TMHOME/data/cs.wal/wal" 6 consensus/test_data/new_many_blocks.cswal + mv consensus/test_data/new_many_blocks.cswal consensus/test_data/many_blocks.cswal + + reset +} + + +# function small_block1(){ +# bash scripts/txs/random.sh 1000 36657 &> /dev/null & +# PID=$! +# echo "==> Starting tendermint..." +# tendermint node --proxy_app=persistent_dummy &> /dev/null & +# sleep 10 +# echo "==> Killing tendermint..." +# kill -9 $PID +# killall tendermint + +# echo "==> Copying WAL log..." +# $cutWALUntil "$TMHOME/data/cs.wal/wal" 1 consensus/test_data/new_small_block1.cswal +# mv consensus/test_data/new_small_block1.cswal consensus/test_data/small_block1.cswal + +# reset +# } + + +# # block part size = 512 +# function small_block2(){ +# cat "$TMHOME/config/genesis.json" | jq '. + {consensus_params: {block_size_params: {max_bytes: 22020096}, block_gossip_params: {block_part_size_bytes: 512}}}' > "$TMHOME/config/new_genesis.json" +# mv "$TMHOME/config/new_genesis.json" "$TMHOME/config/genesis.json" +# bash scripts/txs/random.sh 1000 36657 &> /dev/null & +# PID=$! +# echo "==> Starting tendermint..." +# tendermint node --proxy_app=persistent_dummy &> /dev/null & +# sleep 5 +# echo "==> Killing tendermint..." +# kill -9 $PID +# killall tendermint + +# echo "==> Copying WAL log..." +# $cutWALUntil "$TMHOME/data/cs.wal/wal" 1 consensus/test_data/new_small_block2.cswal +# mv consensus/test_data/new_small_block2.cswal consensus/test_data/small_block2.cswal + +# reset +# } + + + +case "$1" in + # "small_block1") + # small_block1 + # ;; + # "small_block2") + # small_block2 + # ;; + # "empty_block") + # empty_block + # ;; + "many_blocks") + many_blocks + ;; + *) + # small_block1 + # small_block2 + # empty_block + many_blocks +esac + +echo "==> Cleaning up..." +rm -rf "$TMHOME" diff --git a/docs/deploy-testnets.rst b/docs/deploy-testnets.rst index 89fa4b799..658330fe5 100644 --- a/docs/deploy-testnets.rst +++ b/docs/deploy-testnets.rst @@ -13,7 +13,7 @@ It's relatively easy to setup a Tendermint cluster manually. The only requirements for a particular Tendermint node are a private key for the validator, stored as ``priv_validator.json``, and a list of the public keys of all validators, stored as ``genesis.json``. These files should -be stored in ``~/.tendermint``, or wherever the ``$TMHOME`` variable +be stored in ``~/.tendermint/config``, or wherever the ``$TMHOME`` variable might be set to. Here are the steps to setting up a testnet manually: diff --git a/docs/specification/configuration.rst b/docs/specification/configuration.rst index 74b41d09d..62e35738d 100644 --- a/docs/specification/configuration.rst +++ b/docs/specification/configuration.rst @@ -1,58 +1,151 @@ Configuration ============= -TendermintCore can be configured via a TOML file in -``$TMHOME/config.toml``. Some of these parameters can be overridden by -command-line flags. +Tendermint Core can be configured via a TOML file in +``$TMHOME/config/config.toml``. Some of these parameters can be overridden by +command-line flags. For most users, the options in the ``##### main +base configuration options #####`` are intended to be modified while +config options further below are intended for advance power users. -Config parameters -~~~~~~~~~~~~~~~~~ +Config options +~~~~~~~~~~~~~~ -The main config parameters are defined -`here `__. +The default configuration file create by ``tendermint init`` has all +the parameters set with their default values. It will look something +like the file below, however, double check by inspecting the +``config.toml`` created with your version of ``tendermint`` installed: -- ``abci``: ABCI transport (socket \| grpc). *Default*: ``socket`` -- ``db_backend``: Database backend for the blockchain and - TendermintCore state. ``leveldb`` or ``memdb``. *Default*: - ``"leveldb"`` -- ``db_dir``: Database dir. *Default*: ``"$TMHOME/data"`` -- ``fast_sync``: Whether to sync faster from the block pool. *Default*: - ``true`` -- ``genesis_file``: The location of the genesis file. *Default*: - ``"$TMHOME/genesis.json"`` -- ``log_level``: *Default*: ``"state:info,*:error"`` -- ``moniker``: Name of this node. *Default*: the host name or ``"anonymous"`` - if runtime fails to get the host name -- ``priv_validator_file``: Validator private key file. *Default*: - ``"$TMHOME/priv_validator.json"`` -- ``prof_laddr``: Profile listen address. *Default*: ``""`` -- ``proxy_app``: The ABCI app endpoint. *Default*: - ``"tcp://127.0.0.1:46658"`` +:: -- ``consensus.max_block_size_txs``: Maximum number of block txs. - *Default*: ``10000`` -- ``consensus.create_empty_blocks``: Create empty blocks w/o txs. - *Default*: ``true`` -- ``consensus.create_empty_blocks_interval``: Block creation interval, even if empty. -- ``consensus.timeout_*``: Various consensus timeout parameters -- ``consensus.wal_file``: Consensus state WAL. *Default*: - ``"$TMHOME/data/cs.wal/wal"`` -- ``consensus.wal_light``: Whether to use light-mode for Consensus - state WAL. *Default*: ``false`` - -- ``mempool.*``: Various mempool parameters - -- ``p2p.addr_book_file``: Peer address book. *Default*: - ``"$TMHOME/addrbook.json"``. **NOT USED** -- ``p2p.laddr``: Node listen address. (0.0.0.0:0 means any interface, - any port). *Default*: ``"0.0.0.0:46656"`` -- ``p2p.pex``: Enable Peer-Exchange (dev feature). *Default*: ``false`` -- ``p2p.seeds``: Comma delimited host:port seed nodes. *Default*: - ``""`` -- ``p2p.skip_upnp``: Skip UPNP detection. *Default*: ``false`` - -- ``rpc.grpc_laddr``: GRPC listen address (BroadcastTx only). Port - required. *Default*: ``""`` -- ``rpc.laddr``: RPC listen address. Port required. *Default*: - ``"0.0.0.0:46657"`` -- ``rpc.unsafe``: Enabled unsafe rpc methods. *Default*: ``true`` + # This is a TOML config file. + # For more information, see https://github.com/toml-lang/toml + + ##### main base config options ##### + + # TCP or UNIX socket address of the ABCI application, + # or the name of an ABCI application compiled in with the Tendermint binary + proxy_app = "tcp://127.0.0.1:46658" + + # A custom human readable name for this node + moniker = "anonymous" + + # If this node is many blocks behind the tip of the chain, FastSync + # allows them to catchup quickly by downloading blocks in parallel + # and verifying their commits + fast_sync = true + + # Database backend: leveldb | memdb + db_backend = "leveldb" + + # Database directory + db_path = "data" + + # Output level for logging + log_level = "state:info,*:error" + + ##### additional base config options ##### + + # The ID of the chain to join (should be signed with every transaction and vote) + chain_id = "" + + # Path to the JSON file containing the initial validator set and other meta data + genesis_file = "genesis.json" + + # Path to the JSON file containing the private key to use as a validator in the consensus protocol + priv_validator_file = "priv_validator.json" + + # Mechanism to connect to the ABCI application: socket | grpc + abci = "socket" + + # TCP or UNIX socket address for the profiling server to listen on + prof_laddr = "" + + # If true, query the ABCI app on connecting to a new peer + # so the app can decide if we should keep the connection or not + filter_peers = false + + # What indexer to use for transactions + tx_index = "kv" + + ##### advanced configuration options ##### + + ##### rpc server configuration options ##### + [rpc] + + # TCP or UNIX socket address for the RPC server to listen on + laddr = "tcp://0.0.0.0:46657" + + # TCP or UNIX socket address for the gRPC server to listen on + # NOTE: This server only supports /broadcast_tx_commit + grpc_laddr = "" + + # Activate unsafe RPC commands like /dial_seeds and /unsafe_flush_mempool + unsafe = false + + ##### peer to peer configuration options ##### + [p2p] + + # Address to listen for incoming connections + laddr = "tcp://0.0.0.0:46656" + + # Comma separated list of seed nodes to connect to + seeds = "" + + # Path to address book + addr_book_file = "addrbook.json" + + # Set true for strict address routability rules + addr_book_strict = true + + # Time to wait before flushing messages out on the connection, in ms + flush_throttle_timeout = 100 + + # Maximum number of peers to connect to + max_num_peers = 50 + + # Maximum size of a message packet payload, in bytes + max_msg_packet_payload_size = 1024 + + # Rate at which packets can be sent, in bytes/second + send_rate = 512000 + + # Rate at which packets can be received, in bytes/second + recv_rate = 512000 + + ##### mempool configuration options ##### + [mempool] + + recheck = true + recheck_empty = true + broadcast = true + wal_dir = "data/mempool.wal" + + ##### consensus configuration options ##### + [consensus] + + wal_file = "data/cs.wal/wal" + wal_light = false + + # All timeouts are in milliseconds + timeout_propose = 3000 + timeout_propose_delta = 500 + timeout_prevote = 1000 + timeout_prevote_delta = 500 + timeout_precommit = 1000 + timeout_precommit_delta = 500 + timeout_commit = 1000 + + # Make progress as soon as we have all the precommits (as if TimeoutCommit = 0) + skip_timeout_commit = false + + # BlockSize + max_block_size_txs = 10000 + max_block_size_bytes = 1 + + # EmptyBlocks mode and possible interval between empty blocks in seconds + create_empty_blocks = true + create_empty_blocks_interval = 0 + + # Reactor sleep duration parameters are in milliseconds + peer_gossip_sleep_duration = 100 + peer_query_maj23_sleep_duration = 2000 diff --git a/docs/specification/genesis.rst b/docs/specification/genesis.rst index a7ec7a268..7e36c1315 100644 --- a/docs/specification/genesis.rst +++ b/docs/specification/genesis.rst @@ -1,7 +1,7 @@ Genesis ======= -The genesis.json file in ``$TMHOME`` defines the initial TendermintCore +The genesis.json file in ``$TMHOME/config`` defines the initial TendermintCore state upon genesis of the blockchain (`see definition `__). diff --git a/docs/specification/rpc.rst b/docs/specification/rpc.rst index 33173d196..f8e9bd3a9 100644 --- a/docs/specification/rpc.rst +++ b/docs/specification/rpc.rst @@ -18,7 +18,7 @@ Configuration ~~~~~~~~~~~~~ Set the ``laddr`` config parameter under ``[rpc]`` table in the -$TMHOME/config.toml file or the ``--rpc.laddr`` command-line flag to the +$TMHOME/config/config.toml file or the ``--rpc.laddr`` command-line flag to the desired protocol://host:port setting. Default: ``tcp://0.0.0.0:46657``. Arguments diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index 9076230ea..75d49544a 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -24,7 +24,8 @@ Initialize the root directory by running: tendermint init This will create a new private key (``priv_validator.json``), and a -genesis file (``genesis.json``) containing the associated public key. +genesis file (``genesis.json``) containing the associated public key, +in ``$TMHOME/config``. This is all that's necessary to run a local testnet with one validator. For more elaborate initialization, see our `testnet deployment @@ -153,8 +154,7 @@ The block interval setting allows for a delay (in seconds) between the creation create_empty_blocks_interval = 5 With this setting, empty blocks will be produced every 5s if no block has been produced otherwise, -regardless of the value of `create_empty_blocks`. - +regardless of the value of ``create_empty_blocks``. Broadcast API ------------- @@ -196,7 +196,7 @@ Tendermint Networks ------------------- When ``tendermint init`` is run, both a ``genesis.json`` and -``priv_validator.json`` are created in ``~/.tendermint``. The +``priv_validator.json`` are created in ``~/.tendermint/config``. The ``genesis.json`` might look like: :: @@ -263,7 +263,7 @@ with the consensus protocol. Peers ~~~~~ -To connect to peers on start-up, specify them in the ``config.toml`` or +To connect to peers on start-up, specify them in the ``$TMHOME/config/config.toml`` or on the command line. For instance, @@ -289,7 +289,7 @@ Adding a Non-Validator ~~~~~~~~~~~~~~~~~~~~~~ Adding a non-validator is simple. Just copy the original -``genesis.json`` to ``~/.tendermint`` on the new machine and start the +``genesis.json`` to ``~/.tendermint/config`` on the new machine and start the node, specifying seeds as necessary. If no seeds are specified, the node won't make any blocks, because it's not a validator, and it won't hear about any blocks, because it's not connected to the other peer. @@ -358,8 +358,8 @@ then the new ``genesis.json`` will be: ] } -Update the ``genesis.json`` in ``~/.tendermint``. Copy the genesis file -and the new ``priv_validator.json`` to the ``~/.tendermint`` on a new +Update the ``genesis.json`` in ``~/.tendermint/config``. Copy the genesis file +and the new ``priv_validator.json`` to the ``~/.tendermint/config`` on a new machine. Now run ``tendermint node`` on both machines, and use either diff --git a/rpc/core/doc.go b/rpc/core/doc.go index a72cec020..d3ec5d3b6 100644 --- a/rpc/core/doc.go +++ b/rpc/core/doc.go @@ -11,7 +11,7 @@ Tendermint RPC is built using [our own RPC library](https://github.com/tendermin ## Configuration -Set the `laddr` config parameter under `[rpc]` table in the `$TMHOME/config.toml` file or the `--rpc.laddr` command-line flag to the desired protocol://host:port setting. Default: `tcp://0.0.0.0:46657`. +Set the `laddr` config parameter under `[rpc]` table in the `$TMHOME/config/config.toml` file or the `--rpc.laddr` command-line flag to the desired protocol://host:port setting. Default: `tcp://0.0.0.0:46657`. ## Arguments diff --git a/scripts/debora/unsafe_reset_net.sh b/scripts/debora/unsafe_reset_net.sh index c6767427d..3698e5ace 100755 --- a/scripts/debora/unsafe_reset_net.sh +++ b/scripts/debora/unsafe_reset_net.sh @@ -3,7 +3,7 @@ set -euo pipefail IFS=$'\n\t' debora run -- bash -c "cd \$GOPATH/src/github.com/tendermint/tendermint; killall tendermint; killall logjack" -debora run -- bash -c "cd \$GOPATH/src/github.com/tendermint/tendermint; tendermint unsafe_reset_priv_validator; rm -rf ~/.tendermint/data; rm ~/.tendermint/genesis.json; rm ~/.tendermint/logs/*" +debora run -- bash -c "cd \$GOPATH/src/github.com/tendermint/tendermint; tendermint unsafe_reset_priv_validator; rm -rf ~/.tendermint/data; rm ~/.tendermint/config/genesis.json; rm ~/.tendermint/logs/*" debora run -- bash -c "cd \$GOPATH/src/github.com/tendermint/tendermint; git pull origin develop; make" debora run -- bash -c "cd \$GOPATH/src/github.com/tendermint/tendermint; mkdir -p ~/.tendermint/logs" debora run --bg --label tendermint -- bash -c "cd \$GOPATH/src/github.com/tendermint/tendermint; tendermint node 2>&1 | stdinwriter -outpath ~/.tendermint/logs/tendermint.log" From 69d8c2e554df7577c2e1e02724fb9214287a9d19 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Fri, 1 Dec 2017 22:35:15 -0600 Subject: [PATCH 005/188] fixes after my own review --- config/config.go | 2 +- config/toml.go | 25 ++++++- docs/specification/configuration.rst | 103 ++++++++++++++++----------- 3 files changed, 84 insertions(+), 46 deletions(-) diff --git a/config/config.go b/config/config.go index 1585fcd0e..25ccf0f57 100644 --- a/config/config.go +++ b/config/config.go @@ -386,7 +386,7 @@ func (cfg *ConsensusConfig) PeerQueryMaj23Sleep() time.Duration { // DefaultConsensusConfig returns a default configuration for the consensus service func DefaultConsensusConfig() *ConsensusConfig { return &ConsensusConfig{ - WalPath: filepath.Join(defaultDataDir, "cs.wal/wal"), + WalPath: filepath.Join(defaultDataDir, "cs.wal", "wal"), WalLight: false, TimeoutPropose: 3000, TimeoutProposeDelta: 500, diff --git a/config/toml.go b/config/toml.go index 56a5a1304..e7b00dd6c 100644 --- a/config/toml.go +++ b/config/toml.go @@ -100,9 +100,6 @@ prof_laddr = "{{ .BaseConfig.ProfListenAddress }}" # so the app can decide if we should keep the connection or not filter_peers = {{ .BaseConfig.FilterPeers }} -# What indexer to use for transactions -tx_index = "{{ .BaseConfig.TxIndex }}" - ##### advanced configuration options ##### ##### rpc server configuration options ##### @@ -185,6 +182,28 @@ create_empty_blocks_interval = {{ .Consensus.CreateEmptyBlocksInterval }} # Reactor sleep duration parameters are in milliseconds peer_gossip_sleep_duration = {{ .Consensus.PeerGossipSleepDuration }} peer_query_maj23_sleep_duration = {{ .Consensus.PeerQueryMaj23SleepDuration }} + +##### transactions indexer configuration options ##### +[tx_index] + +# What indexer to use for transactions +# +# Options: +# 1) "null" (default) +# 2) "kv" - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend). +indexer = "{{ .TxIndex.Indexer }}" + +# Comma-separated list of tags to index (by default the only tag is tx hash) +# +# It's recommended to index only a subset of tags due to possible memory +# bloat. This is, of course, depends on the indexer's DB and the volume of +# transactions. +index_tags = "{{ .TxIndex.IndexTags }}" + +# When set to true, tells indexer to index all tags. Note this may be not +# desirable (see the comment above). IndexTags has a precedence over +# IndexAllTags (i.e. when given both, IndexTags will be indexed). +index_all_tags = {{ .TxIndex.IndexAllTags }} ` /****** these are for test settings ***********/ diff --git a/docs/specification/configuration.rst b/docs/specification/configuration.rst index 62e35738d..37359885c 100644 --- a/docs/specification/configuration.rst +++ b/docs/specification/configuration.rst @@ -12,120 +12,117 @@ Config options The default configuration file create by ``tendermint init`` has all the parameters set with their default values. It will look something -like the file below, however, double check by inspecting the +like the file below, however, double check by inspecting the ``config.toml`` created with your version of ``tendermint`` installed: :: # This is a TOML config file. # For more information, see https://github.com/toml-lang/toml - + ##### main base config options ##### - + # TCP or UNIX socket address of the ABCI application, # or the name of an ABCI application compiled in with the Tendermint binary proxy_app = "tcp://127.0.0.1:46658" - + # A custom human readable name for this node moniker = "anonymous" - + # If this node is many blocks behind the tip of the chain, FastSync # allows them to catchup quickly by downloading blocks in parallel # and verifying their commits fast_sync = true - + # Database backend: leveldb | memdb db_backend = "leveldb" - + # Database directory db_path = "data" - + # Output level for logging log_level = "state:info,*:error" - + ##### additional base config options ##### - + # The ID of the chain to join (should be signed with every transaction and vote) chain_id = "" - + # Path to the JSON file containing the initial validator set and other meta data genesis_file = "genesis.json" - + # Path to the JSON file containing the private key to use as a validator in the consensus protocol priv_validator_file = "priv_validator.json" - + # Mechanism to connect to the ABCI application: socket | grpc abci = "socket" - + # TCP or UNIX socket address for the profiling server to listen on prof_laddr = "" - + # If true, query the ABCI app on connecting to a new peer # so the app can decide if we should keep the connection or not filter_peers = false - - # What indexer to use for transactions - tx_index = "kv" - + ##### advanced configuration options ##### - + ##### rpc server configuration options ##### [rpc] - + # TCP or UNIX socket address for the RPC server to listen on laddr = "tcp://0.0.0.0:46657" - + # TCP or UNIX socket address for the gRPC server to listen on # NOTE: This server only supports /broadcast_tx_commit grpc_laddr = "" - + # Activate unsafe RPC commands like /dial_seeds and /unsafe_flush_mempool unsafe = false - + ##### peer to peer configuration options ##### [p2p] - + # Address to listen for incoming connections laddr = "tcp://0.0.0.0:46656" - + # Comma separated list of seed nodes to connect to seeds = "" - + # Path to address book addr_book_file = "addrbook.json" - + # Set true for strict address routability rules addr_book_strict = true - + # Time to wait before flushing messages out on the connection, in ms flush_throttle_timeout = 100 - + # Maximum number of peers to connect to max_num_peers = 50 - + # Maximum size of a message packet payload, in bytes max_msg_packet_payload_size = 1024 - + # Rate at which packets can be sent, in bytes/second send_rate = 512000 - + # Rate at which packets can be received, in bytes/second recv_rate = 512000 - + ##### mempool configuration options ##### [mempool] - + recheck = true recheck_empty = true broadcast = true wal_dir = "data/mempool.wal" - + ##### consensus configuration options ##### [consensus] - + wal_file = "data/cs.wal/wal" wal_light = false - + # All timeouts are in milliseconds timeout_propose = 3000 timeout_propose_delta = 500 @@ -134,18 +131,40 @@ like the file below, however, double check by inspecting the timeout_precommit = 1000 timeout_precommit_delta = 500 timeout_commit = 1000 - + # Make progress as soon as we have all the precommits (as if TimeoutCommit = 0) skip_timeout_commit = false - + # BlockSize max_block_size_txs = 10000 max_block_size_bytes = 1 - + # EmptyBlocks mode and possible interval between empty blocks in seconds create_empty_blocks = true create_empty_blocks_interval = 0 - + # Reactor sleep duration parameters are in milliseconds peer_gossip_sleep_duration = 100 peer_query_maj23_sleep_duration = 2000 + + ##### transactions indexer configuration options ##### + [tx_index] + + # What indexer to use for transactions + # + # Options: + # 1) "null" (default) + # 2) "kv" - the simplest possible indexer, backed by key-value storage (defaults to levelDB; see DBBackend). + indexer = "{{ .TxIndex.Indexer }}" + + # Comma-separated list of tags to index (by default the only tag is tx hash) + # + # It's recommended to index only a subset of tags due to possible memory + # bloat. This is, of course, depends on the indexer's DB and the volume of + # transactions. + index_tags = "{{ .TxIndex.IndexTags }}" + + # When set to true, tells indexer to index all tags. Note this may be not + # desirable (see the comment above). IndexTags has a precedence over + # IndexAllTags (i.e. when given both, IndexTags will be indexed). + index_all_tags = {{ .TxIndex.IndexAllTags }} From a6f2e502e72f483ffc847230b64edbf58d8b4101 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Sat, 2 Dec 2017 11:26:51 -0600 Subject: [PATCH 006/188] move genesis.json file into config dir --- test/p2p/data/mach1/core/{ => config}/genesis.json | 0 test/p2p/data/mach2/core/{ => config}/genesis.json | 0 test/p2p/data/mach3/core/{ => config}/genesis.json | 0 test/p2p/data/mach4/core/{ => config}/genesis.json | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename test/p2p/data/mach1/core/{ => config}/genesis.json (100%) rename test/p2p/data/mach2/core/{ => config}/genesis.json (100%) rename test/p2p/data/mach3/core/{ => config}/genesis.json (100%) rename test/p2p/data/mach4/core/{ => config}/genesis.json (100%) diff --git a/test/p2p/data/mach1/core/genesis.json b/test/p2p/data/mach1/core/config/genesis.json similarity index 100% rename from test/p2p/data/mach1/core/genesis.json rename to test/p2p/data/mach1/core/config/genesis.json diff --git a/test/p2p/data/mach2/core/genesis.json b/test/p2p/data/mach2/core/config/genesis.json similarity index 100% rename from test/p2p/data/mach2/core/genesis.json rename to test/p2p/data/mach2/core/config/genesis.json diff --git a/test/p2p/data/mach3/core/genesis.json b/test/p2p/data/mach3/core/config/genesis.json similarity index 100% rename from test/p2p/data/mach3/core/genesis.json rename to test/p2p/data/mach3/core/config/genesis.json diff --git a/test/p2p/data/mach4/core/genesis.json b/test/p2p/data/mach4/core/config/genesis.json similarity index 100% rename from test/p2p/data/mach4/core/genesis.json rename to test/p2p/data/mach4/core/config/genesis.json From 9da5cd0180c44df64457ca8c1c2ea4f41902e985 Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Sun, 10 Dec 2017 17:32:21 +0000 Subject: [PATCH 007/188] rebase fix --- consensus/test_data/build.sh | 148 ----------------------------------- 1 file changed, 148 deletions(-) delete mode 100755 consensus/test_data/build.sh diff --git a/consensus/test_data/build.sh b/consensus/test_data/build.sh deleted file mode 100755 index b0e1a934c..000000000 --- a/consensus/test_data/build.sh +++ /dev/null @@ -1,148 +0,0 @@ -#!/usr/bin/env bash - -# Requires: killall command and jq JSON processor. - -# Get the parent directory of where this script is. -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done -DIR="$( cd -P "$( dirname "$SOURCE" )/../.." && pwd )" - -# Change into that dir because we expect that. -cd "$DIR" || exit 1 - -# Make sure we have a tendermint command. -if ! hash tendermint 2>/dev/null; then - make install -fi - -# Make sure we have a cutWALUntil binary. -cutWALUntil=./scripts/cutWALUntil/cutWALUntil -cutWALUntilDir=$(dirname $cutWALUntil) -if ! hash $cutWALUntil 2>/dev/null; then - cd "$cutWALUntilDir" && go build && cd - || exit 1 -fi - -TMHOME=$(mktemp -d) -export TMHOME="$TMHOME" - -if [[ ! -d "$TMHOME" ]]; then - echo "Could not create temp directory" - exit 1 -else - echo "TMHOME: ${TMHOME}" -fi - -# TODO: eventually we should replace with `tendermint init --test` -DIR_TO_COPY=$HOME/.tendermint_test/consensus_state_test -if [ ! -d "$DIR_TO_COPY" ]; then - echo "$DIR_TO_COPY does not exist. Please run: go test ./consensus" - exit 1 -fi -echo "==> Copying ${DIR_TO_COPY} to ${TMHOME} directory..." -cp -r "$DIR_TO_COPY"/* "$TMHOME" - -# preserve original genesis file because later it will be modified (see small_block2) -cp "$TMHOME/config/genesis.json" "$TMHOME/config/genesis.json.bak" - -function reset(){ - echo "==> Resetting tendermint..." - tendermint unsafe_reset_all - cp "$TMHOME/config/genesis.json.bak" "$TMHOME/config/genesis.json" -} - -reset - -# function empty_block(){ -# echo "==> Starting tendermint..." -# tendermint node --proxy_app=persistent_dummy &> /dev/null & -# sleep 5 -# echo "==> Killing tendermint..." -# killall tendermint - -# echo "==> Copying WAL log..." -# $cutWALUntil "$TMHOME/data/cs.wal/wal" 1 consensus/test_data/new_empty_block.cswal -# mv consensus/test_data/new_empty_block.cswal consensus/test_data/empty_block.cswal - -# reset -# } - -function many_blocks(){ - bash scripts/txs/random.sh 1000 36657 &> /dev/null & - PID=$! - echo "==> Starting tendermint..." - tendermint node --proxy_app=persistent_dummy &> /dev/null & - sleep 10 - echo "==> Killing tendermint..." - kill -9 $PID - killall tendermint - - echo "==> Copying WAL log..." - $cutWALUntil "$TMHOME/data/cs.wal/wal" 6 consensus/test_data/new_many_blocks.cswal - mv consensus/test_data/new_many_blocks.cswal consensus/test_data/many_blocks.cswal - - reset -} - - -# function small_block1(){ -# bash scripts/txs/random.sh 1000 36657 &> /dev/null & -# PID=$! -# echo "==> Starting tendermint..." -# tendermint node --proxy_app=persistent_dummy &> /dev/null & -# sleep 10 -# echo "==> Killing tendermint..." -# kill -9 $PID -# killall tendermint - -# echo "==> Copying WAL log..." -# $cutWALUntil "$TMHOME/data/cs.wal/wal" 1 consensus/test_data/new_small_block1.cswal -# mv consensus/test_data/new_small_block1.cswal consensus/test_data/small_block1.cswal - -# reset -# } - - -# # block part size = 512 -# function small_block2(){ -# cat "$TMHOME/config/genesis.json" | jq '. + {consensus_params: {block_size_params: {max_bytes: 22020096}, block_gossip_params: {block_part_size_bytes: 512}}}' > "$TMHOME/config/new_genesis.json" -# mv "$TMHOME/config/new_genesis.json" "$TMHOME/config/genesis.json" -# bash scripts/txs/random.sh 1000 36657 &> /dev/null & -# PID=$! -# echo "==> Starting tendermint..." -# tendermint node --proxy_app=persistent_dummy &> /dev/null & -# sleep 5 -# echo "==> Killing tendermint..." -# kill -9 $PID -# killall tendermint - -# echo "==> Copying WAL log..." -# $cutWALUntil "$TMHOME/data/cs.wal/wal" 1 consensus/test_data/new_small_block2.cswal -# mv consensus/test_data/new_small_block2.cswal consensus/test_data/small_block2.cswal - -# reset -# } - - - -case "$1" in - # "small_block1") - # small_block1 - # ;; - # "small_block2") - # small_block2 - # ;; - # "empty_block") - # empty_block - # ;; - "many_blocks") - many_blocks - ;; - *) - # small_block1 - # small_block2 - # empty_block - many_blocks -esac - -echo "==> Cleaning up..." -rm -rf "$TMHOME" From a92a32b862c7051253346e6402a5e8a77be46a9d Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Sun, 10 Dec 2017 18:01:19 +0000 Subject: [PATCH 008/188] config: lil fixes --- config/toml.go | 4 ++-- config/toml_test.go | 14 ++++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/config/toml.go b/config/toml.go index e7b00dd6c..3522170df 100644 --- a/config/toml.go +++ b/config/toml.go @@ -35,7 +35,7 @@ func EnsureRoot(rootDir string) { // Write default config file if missing. if !cmn.FileExists(configFilePath) { - cmn.MustWriteFile(configFilePath, []byte(defaultConfig(defaultMoniker)), 0644) + writeConfigFile(configFilePath) } } @@ -241,7 +241,7 @@ func ResetTestRoot(testName string) *Config { // Write default config file if missing. if !cmn.FileExists(configFilePath) { - cmn.MustWriteFile(configFilePath, []byte(testConfig(defaultMoniker)), 0644) + writeConfigFile(configFilePath) } if !cmn.FileExists(genesisFilePath) { cmn.MustWriteFile(genesisFilePath, []byte(testGenesis), 0644) diff --git a/config/toml_test.go b/config/toml_test.go index e98719f6f..a1637f671 100644 --- a/config/toml_test.go +++ b/config/toml_test.go @@ -20,7 +20,7 @@ func ensureFiles(t *testing.T, rootDir string, files ...string) { } func TestEnsureRoot(t *testing.T) { - assert, require := assert.New(t), require.New(t) + require := require.New(t) // setup temp dir for test tmpDir, err := ioutil.TempDir("", "config-test") @@ -33,13 +33,16 @@ func TestEnsureRoot(t *testing.T) { // make sure config is set properly data, err := ioutil.ReadFile(filepath.Join(tmpDir, defaultConfigFilePath)) require.Nil(err) - assert.Equal([]byte(defaultConfig(defaultMoniker)), data) + + if !checkConfig(string(data)) { + t.Fatalf("config file missing some information") + } ensureFiles(t, tmpDir, "data") } func TestEnsureTestRoot(t *testing.T) { - assert, require := assert.New(t), require.New(t) + require := require.New(t) testName := "ensureTestRoot" @@ -50,7 +53,10 @@ func TestEnsureTestRoot(t *testing.T) { // make sure config is set properly data, err := ioutil.ReadFile(filepath.Join(rootDir, defaultConfigFilePath)) require.Nil(err) - assert.Equal([]byte(testConfig(defaultMoniker)), data) + + if !checkConfig(string(data)) { + t.Fatalf("config file missing some information") + } // TODO: make sure the cfg returned and testconfig are the same! baseConfig := DefaultBaseConfig() From a8e625e99dcf19b8c3594665d8f3b70163ba3487 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 10 Dec 2017 20:43:58 -0500 Subject: [PATCH 009/188] config: unexpose chainID --- config/config.go | 13 +++++++++---- config/toml.go | 5 +---- consensus/common_test.go | 7 ++++--- consensus/state_test.go | 4 ++-- consensus/types/height_vote_set_test.go | 4 ++-- lite/client/provider_test.go | 4 +++- 6 files changed, 21 insertions(+), 16 deletions(-) diff --git a/config/config.go b/config/config.go index 25ccf0f57..6689adfcc 100644 --- a/config/config.go +++ b/config/config.go @@ -78,13 +78,14 @@ func (cfg *Config) SetRoot(root string) *Config { // BaseConfig defines the base configuration for a Tendermint node type BaseConfig struct { + + // chainID is unexposed and immutable but here for convenience + chainID string + // The root directory for all data. // This should be set in viper so it can unmarshal into this struct RootDir string `mapstructure:"home"` - // The ID of the chain to join (should be signed with every transaction and vote) - ChainID string `mapstructure:"chain_id"` - // Path to the JSON file containing the initial validator set and other meta data Genesis string `mapstructure:"genesis_file"` @@ -123,6 +124,10 @@ type BaseConfig struct { DBPath string `mapstructure:"db_dir"` } +func (c BaseConfig) ChainID() string { + return c.chainID +} + // DefaultBaseConfig returns a default base configuration for a Tendermint node func DefaultBaseConfig() BaseConfig { return BaseConfig{ @@ -143,7 +148,7 @@ func DefaultBaseConfig() BaseConfig { // TestBaseConfig returns a base configuration for testing a Tendermint node func TestBaseConfig() BaseConfig { conf := DefaultBaseConfig() - conf.ChainID = "tendermint_test" + conf.chainID = "tendermint_test" conf.ProxyApp = "dummy" conf.FastSync = false conf.DBBackend = "memdb" diff --git a/config/toml.go b/config/toml.go index 3522170df..92ceb7de4 100644 --- a/config/toml.go +++ b/config/toml.go @@ -76,14 +76,11 @@ db_backend = "{{ .BaseConfig.DBBackend }}" # Database directory db_path = "{{ .BaseConfig.DBPath }}" -# Output level for logging +# Output level for logging, including package level options log_level = "{{ .BaseConfig.LogLevel }}" ##### additional base config options ##### -# The ID of the chain to join (should be signed with every transaction and vote) -chain_id = "{{ .BaseConfig.ChainID }}" - # Path to the JSON file containing the initial validator set and other meta data genesis_file = "{{ .BaseConfig.Genesis }}" diff --git a/consensus/common_test.go b/consensus/common_test.go index 6598c15eb..d5514ee18 100644 --- a/consensus/common_test.go +++ b/consensus/common_test.go @@ -78,7 +78,7 @@ func (vs *validatorStub) signVote(voteType byte, hash []byte, header types.PartS Type: voteType, BlockID: types.BlockID{hash, header}, } - err := vs.PrivValidator.SignVote(config.ChainID, vote) + err := vs.PrivValidator.SignVote(config.ChainID(), vote) return vote, err } @@ -129,7 +129,7 @@ func decideProposal(cs1 *ConsensusState, vs *validatorStub, height int64, round // Make proposal polRound, polBlockID := cs1.Votes.POLInfo() proposal = types.NewProposal(height, round, blockParts.Header(), polRound, polBlockID) - if err := vs.SignProposal(config.ChainID, proposal); err != nil { + if err := vs.SignProposal(cs1.state.ChainID, proposal); err != nil { panic(err) } return @@ -430,9 +430,10 @@ func randGenesisDoc(numValidators int, randPower bool, minPower int64) (*types.G privValidators[i] = privVal } sort.Sort(types.PrivValidatorsByAddress(privValidators)) + return &types.GenesisDoc{ GenesisTime: time.Now(), - ChainID: config.ChainID, + ChainID: config.ChainID(), Validators: validators, }, privValidators } diff --git a/consensus/state_test.go b/consensus/state_test.go index 6beb7da54..97562febd 100644 --- a/consensus/state_test.go +++ b/consensus/state_test.go @@ -204,7 +204,7 @@ func TestBadProposal(t *testing.T) { propBlock.AppHash = stateHash propBlockParts := propBlock.MakePartSet(partSize) proposal := types.NewProposal(vs2.Height, round, propBlockParts.Header(), -1, types.BlockID{}) - if err := vs2.SignProposal(config.ChainID, proposal); err != nil { + if err := vs2.SignProposal(config.ChainID(), proposal); err != nil { t.Fatal("failed to sign bad proposal", err) } @@ -900,7 +900,7 @@ func TestLockPOLSafety2(t *testing.T) { // in round 2 we see the polkad block from round 0 newProp := types.NewProposal(height, 2, propBlockParts0.Header(), 0, propBlockID1) - if err := vs3.SignProposal(config.ChainID, newProp); err != nil { + if err := vs3.SignProposal(config.ChainID(), newProp); err != nil { t.Fatal(err) } if err := cs1.SetProposalAndBlock(newProp, propBlock0, propBlockParts0, "some peer"); err != nil { diff --git a/consensus/types/height_vote_set_test.go b/consensus/types/height_vote_set_test.go index 306592aa2..5719d7eea 100644 --- a/consensus/types/height_vote_set_test.go +++ b/consensus/types/height_vote_set_test.go @@ -18,7 +18,7 @@ func init() { func TestPeerCatchupRounds(t *testing.T) { valSet, privVals := types.RandValidatorSet(10, 1) - hvs := NewHeightVoteSet(config.ChainID, 1, valSet) + hvs := NewHeightVoteSet(config.ChainID(), 1, valSet) vote999_0 := makeVoteHR(t, 1, 999, privVals, 0) added, err := hvs.AddVote(vote999_0, "peer1") @@ -59,7 +59,7 @@ func makeVoteHR(t *testing.T, height int64, round int, privVals []*types.PrivVal Type: types.VoteTypePrecommit, BlockID: types.BlockID{[]byte("fakehash"), types.PartSetHeader{}}, } - chainID := config.ChainID + chainID := config.ChainID() err := privVal.SignVote(chainID, vote) if err != nil { panic(cmn.Fmt("Error signing vote: %v", err)) diff --git a/lite/client/provider_test.go b/lite/client/provider_test.go index 0bebfced0..91d277fc2 100644 --- a/lite/client/provider_test.go +++ b/lite/client/provider_test.go @@ -10,6 +10,7 @@ import ( liteErr "github.com/tendermint/tendermint/lite/errors" rpcclient "github.com/tendermint/tendermint/rpc/client" rpctest "github.com/tendermint/tendermint/rpc/test" + "github.com/tendermint/tendermint/types" ) func TestProvider(t *testing.T) { @@ -17,7 +18,8 @@ func TestProvider(t *testing.T) { cfg := rpctest.GetConfig() rpcAddr := cfg.RPC.ListenAddress - chainID := cfg.ChainID + genDoc, _ := types.GenesisDocFromFile(cfg.GenesisFile()) + chainID := genDoc.ChainID p := NewHTTPProvider(rpcAddr) require.NotNil(t, p) From 96e0e4ab5a7b74a3918cf51d001b0800309afc51 Mon Sep 17 00:00:00 2001 From: Zarko Milosevic Date: Fri, 29 Dec 2017 22:12:04 +0100 Subject: [PATCH 010/188] Describe messages sent as part of consensus/gossip protocol --- docs/specification/new-spec/consensus.md | 197 +++++++++++++++++++++++ docs/specification/new-spec/encoding.md | 21 +++ 2 files changed, 218 insertions(+) create mode 100644 docs/specification/new-spec/consensus.md diff --git a/docs/specification/new-spec/consensus.md b/docs/specification/new-spec/consensus.md new file mode 100644 index 000000000..5c6810565 --- /dev/null +++ b/docs/specification/new-spec/consensus.md @@ -0,0 +1,197 @@ +# Tendermint Consensus + +Tendermint consensus is a distributed protocol executed by validator processes to agree on +the next block to be added to the Tendermint blockchain. The protocol proceeds in rounds, where +each round is a try to reach agreement on the next block. A round starts by having a dedicated +process (called proposer) suggesting to other processes what should be the next block with +the `ProposalMessage`. +The processes respond by voting for a block with `VoteMessage` (there are two kinds of vote messages, prevote +and precommit votes). Note that a proposal message is just a suggestion what the next block should be; a +validator might vote with a `VoteMessage` for a different block. If in some round, enough number +of processes vote for the same block, then this block is committed and later added to the blockchain. +`ProposalMessage` and `VoteMessage` are signed by the private key of the validator. +The internals of the protocol and how it ensures safety and liveness properties are +explained [here](https://github.com/tendermint/spec). + +For efficiency reasons, validators in Tendermint consensus protocol do not agree directly on the block +as the block size is big, i.e., they don't embed the block inside `Proposal` and `VoteMessage`. Instead, they +reach agreement on the `BlockID` (see `BlockID` definition in [Blockchain](blockchain.md) section) +that uniquely identifies each block. The block itself is disseminated to validator processes using +peer-to-peer gossiping protocol. It starts by having a proposer first splitting a block into a +number of block parts, that are then gossiped between processes using `BlockPartMessage`. + +Validators in Tendermint communicate by peer-to-peer gossiping protocol. Each validator is connected +only to a subset of processes called peers. By the gossiping protocol, a validator send to its peers +all needed information (`ProposalMessage`, `VoteMessage` and `BlockPartMessage`) so they can +reach agreement on some block, and also obtain the content of the chosen block (block parts). As part of +the gossiping protocol, processes also send auxiliary messages that inform peers about the +executed steps of the core consensus algorithm (`NewRoundStepMessage` and `CommitStepMessage`), and +also messages that inform peers what votes the process has seen (`HasVoteMessage`, +`VoteSetMaj23Message` and `VoteSetBitsMessage`). These messages are then used in the gossiping protocol +to determine what messages a process should send to its peers. + +We now describe the content of each message exchanged during Tendermint consensus protocol. + +## ProposalMessage +ProposalMessage is sent when a new block is proposed. It is a suggestion of what the +next block in the blockchain should be. +``` +type ProposalMessage struct { + Proposal Proposal +} +``` +### Proposal +Proposal contains height and round for which this proposal is made, BlockID as a unique identifier of proposed +block, timestamp, and two fields (POLRound and POLBlockID) that are needed for termination of the consensus. +The message is signed by the validator private key. + +``` +type Proposal struct { + Height int64 + Round int + Timestamp Time + BlockID BlockID + POLRound int + POLBlockID BlockID + Signature Signature +} +``` + +NOTE: In the current version of the Tendermint, the consensus value in proposal is represented with +PartSetHeader, and with BlockID in vote message. It should be aligned as suggested in this spec as +BlockID contains PartSetHeader. + +## VoteMessage +VoteMessage is sent to vote for some block (or to inform others that a process does not vote in the current round). +Vote is defined in [Blockchain](blockchain.md) section and contains validator's information (validator address +and index), height and round for which the vote is sent, vote type, blockID if process vote for some +block (`nil` otherwise) and a timestamp when the vote is sent. The message is signed by the validator private key. +``` +type VoteMessage struct { + Vote Vote +} +``` + +## BlockPartMessage +BlockPartMessage is sent when gossipping a piece of the proposed block. It contains height, round +and the block part. + +``` +type BlockPartMessage struct { + Height int64 + Round int + Part Part +} +``` + +## ProposalHeartbeatMessage +ProposalHeartbeatMessage is sent to signal that a node is alive and waiting for transactions +to be able to create a next block proposal. + +``` +type ProposalHeartbeatMessage struct { + Heartbeat Heartbeat +} +``` + +### Heartbeat +Heartbeat contains validator information (address and index), +height, round and sequence number. It is signed by the private key of the validator. + +``` +type Heartbeat struct { + ValidatorAddress []byte + ValidatorIndex int + Height int64 + Round int + Sequence int + Signature Signature +} +``` + +## NewRoundStepMessage +NewRoundStepMessage is sent for every step transition during the core consensus algorithm execution. It is +used in the gossip part of the Tendermint protocol to inform peers about a current height/round/step +a process is in. + +``` +type NewRoundStepMessage struct { + Height int64 + Round int + Step RoundStepType + SecondsSinceStartTime int + LastCommitRound int +} +``` + +## CommitStepMessage +CommitStepMessage is sent when an agreement on some block is reached. It contains height for which agreement +is reached, block parts header that describes the decided block and is used to obtain all block parts, +and a bit array of the block parts a process currently has, so its peers can know what parts +it is missing so they can send them. + +``` +type CommitStepMessage struct { + Height int64 + BlockID BlockID + BlockParts BitArray +} +``` + +TODO: We use BlockID instead of BlockPartsHeader (in current implementation) for symmetry. + +## ProposalPOLMessage +ProposalPOLMessage is sent when a previous block is re-proposed. +It is used to inform peers in what round the process learned for this block (ProposalPOLRound), +and what prevotes for the re-proposed block the process has. + +``` +type ProposalPOLMessage struct { + Height int64 + ProposalPOLRound int + ProposalPOL BitArray +} +``` + + +## HasVoteMessage +HasVoteMessage is sent to indicate that a particular vote has been received. It contains height, +round, vote type and the index of the validator that is the originator of the corresponding vote. + +``` +type HasVoteMessage struct { + Height int64 + Round int + Type byte + Index int +} +``` + +## VoteSetMaj23Message +VoteSetMaj23Message is sent to indicate that a process has seen +2/3 votes for some BlockID. +It contains height, round, vote type and the BlockID. + +``` +type VoteSetMaj23Message struct { + Height int64 + Round int + Type byte + BlockID BlockID +} +``` + +## VoteSetBitsMessage +VoteSetBitsMessage is sent to communicate the bit-array of votes a process has seen for a given +BlockID. It contains height, round, vote type, BlockID and a bit array of +the votes a process has. + +``` +type VoteSetBitsMessage struct { + Height int64 + Round int + Type byte + BlockID BlockID + Votes BitArray +} +``` + diff --git a/docs/specification/new-spec/encoding.md b/docs/specification/new-spec/encoding.md index a7482e6cb..02456d84f 100644 --- a/docs/specification/new-spec/encoding.md +++ b/docs/specification/new-spec/encoding.md @@ -93,6 +93,17 @@ encode([]int{1, 2, 3, 4}) == [0x01, 0x04, 0x01, 0x01, 0x01, 0x02, 0x01, 0x encode([]string{"abc", "efg"}) == [0x01, 0x02, 0x01, 0x03, 0x61, 0x62, 0x63, 0x01, 0x03, 0x65, 0x66, 0x67] ``` +### BitArray +BitArray is encoded as an `int` of the number of bits, and with an array of `uint64` to encode +value of each array element. + +``` +type BitArray struct { + Bits int + Elems []uint64 +} +``` + ### Time Time is encoded as an `int64` of the number of nanoseconds since January 1, 1970, @@ -176,3 +187,13 @@ TMBIN encode an object and slice it into parts. ``` MakeParts(object, partSize) ``` + +### Part + +``` +type Part struct { + Index int + Bytes byte[] + Proof byte[] +} +``` From 4e834baa9a4cb7638539e6ce0bf30c51e3f6e3d3 Mon Sep 17 00:00:00 2001 From: Zach Date: Sun, 31 Dec 2017 13:54:50 +0000 Subject: [PATCH 011/188] docs: update ecosystem.rst (#1037) * docs: update ecosystem.rst * typo [ci skip] --- docs/ecosystem.rst | 117 ++------------------------------------------- 1 file changed, 5 insertions(+), 112 deletions(-) diff --git a/docs/ecosystem.rst b/docs/ecosystem.rst index 30ab9a35d..39e6785ee 100644 --- a/docs/ecosystem.rst +++ b/docs/ecosystem.rst @@ -1,122 +1,15 @@ Tendermint Ecosystem ==================== -Below are the many applications built using various pieces of the Tendermint stack. We thank the community for their contributions thus far and welcome the addition of new projects. Feel free to submit a pull request to add your project! +The growing list of applications built using various pieces of the Tendermint stack can be found at: -ABCI Applications ------------------ +* https://tendermint.com/ecosystem -Burrow -^^^^^^ +We thank the community for their contributions thus far and welcome the addition of new projects. A pull request can be submitted to `this file `__ to include your project. -Ethereum Virtual Machine augmented with native permissioning scheme and global key-value store, written in Go, authored by Monax Industries, and incubated `by Hyperledger `__. - -cb-ledger -^^^^^^^^^ - -Custodian Bank Ledger, integrating central banking with the blockchains of tomorrow, written in C++, and `authored by Block Finance `__. - -Clearchain -^^^^^^^^^^ - -Application to manage a distributed ledger for money transfers that support multi-currency accounts, written in Go, and `authored by Allession Treglia `__. - -Comit -^^^^^ - -Public service reporting and tracking, written in Go, and `authored by Zach Balder `__. - -Cosmos SDK -^^^^^^^^^^ - -A prototypical account based crypto currency state machine supporting plugins, written in Go, and `authored by Cosmos `__. - -Ethermint -^^^^^^^^^ - -The go-ethereum state machine run as a ABCI app, written in Go, `authored by Tendermint `__. - -IAVL -^^^^ - -Immutable AVL+ tree with Merkle proofs, Written in Go, `authored by Tendermint `__. - -Lotion -^^^^^^ - -A Javascript microframework for building blockchain applications with Tendermint, written in Javascript, `authored by Judd Keppel of Tendermint `__. See also `lotion-chat `__ and `lotion-coin `__ apps written using Lotion. - -MerkleTree -^^^^^^^^^^ - -Immutable AVL+ tree with Merkle proofs, Written in Java, `authored by jTendermint `__. - -Passchain -^^^^^^^^^ - -Passchain is a tool to securely store and share passwords, tokens and other short secrets, `authored by trusch `__. - -Passwerk -^^^^^^^^ - -Encrypted storage web-utility backed by Tendermint, written in Go, `authored by Rigel Rozanski `__. - -Py-Tendermint -^^^^^^^^^^^^^ - -A Python microframework for building blockchain applications with Tendermint, written in Python, `authored by Dave Bryson `__. - -Stratumn -^^^^^^^^ - -SDK for "Proof-of-Process" networks, written in Go, `authored by the Stratumn team `__. - -TMChat -^^^^^^ - -P2P chat using Tendermint, written in Java, `authored by wolfposd `__. - - -ABCI Servers ------------- - -+------------------------------------------------------------------+--------------------+--------------+ -| **Name** | **Author** | **Language** | -| | | | -+------------------------------------------------------------------+--------------------+--------------+ -| `abci `__ | Tendermint | Go | -+------------------------------------------------------------------+--------------------+--------------+ -| `js abci `__ | Tendermint | Javascript | -+------------------------------------------------------------------+--------------------+--------------+ -| `cpp-tmsp `__ | Martin Dyring | C++ | -+------------------------------------------------------------------+--------------------+--------------+ -| `c-abci `__ | ChainX | C | -+------------------------------------------------------------------+--------------------+--------------+ -| `jabci `__ | jTendermint | Java | -+------------------------------------------------------------------+--------------------+--------------+ -| `ocaml-tmsp `__ | Zach Balder | Ocaml | -+------------------------------------------------------------------+--------------------+--------------+ -| `abci_server `__ | Krzysztof Jurewicz | Erlang | -+------------------------------------------------------------------+--------------------+--------------+ -| `rust-tsp `__   | Adrian Brink | Rust       | -+------------------------------------------------------------------+--------------------+--------------+ -| `hs-abci `__ | Alberto Gonzalez | Haskell | -+------------------------------------------------------------------+--------------------+--------------+ -| `haskell-abci `__ | Christoper Goes | Haskell | -+------------------------------------------------------------------+--------------------+--------------+ -| `Spearmint `__ | Dennis Mckinnon | Javascript | -+------------------------------------------------------------------+--------------------+--------------+ -| `py-abci `__ | Dave Bryson | Python | -+------------------------------------------------------------------+--------------------+--------------+ - -Deployment Tools ----------------- +Other Tools +----------- See `deploy testnets <./deploy-testnets.html>`__ for information about all the tools built by Tendermint. We have Kubernetes, Ansible, and Terraform integrations. -Cloudsoft built `brooklyn-tendermint `__ for deploying a tendermint testnet in docker continers. It uses Clocker for Apache Brooklyn. - -Dev Tools ---------- - For upgrading from older to newer versions of tendermint and to migrate your chain data, see `tm-migrator `__ written by @hxzqlh. From 1acb12edf5e8aae084c0f6e9b257d7a2f9dbfe13 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 31 Dec 2017 17:07:08 -0500 Subject: [PATCH 012/188] p2p docs --- p2p/README.md | 119 ++--------------------------------------- p2p/docs/connection.md | 116 +++++++++++++++++++++++++++++++++++++++ p2p/docs/node.md | 53 ++++++++++++++++++ p2p/docs/peer.md | 105 ++++++++++++++++++++++++++++++++++++ p2p/docs/reputation.md | 23 ++++++++ 5 files changed, 302 insertions(+), 114 deletions(-) create mode 100644 p2p/docs/connection.md create mode 100644 p2p/docs/node.md create mode 100644 p2p/docs/peer.md create mode 100644 p2p/docs/reputation.md diff --git a/p2p/README.md b/p2p/README.md index d653b2caf..5d1f984cb 100644 --- a/p2p/README.md +++ b/p2p/README.md @@ -4,119 +4,10 @@ `tendermint/tendermint/p2p` provides an abstraction around peer-to-peer communication.
-## MConnection +See: -`MConnection` is a multiplex connection: +- [docs/connection] for details on how connections and multiplexing work +- [docs/peer] for details on peer ID, handshakes, and peer exchange +- [docs/node] for details about different types of nodes and how they should work +- [docs/reputation] for details on how peer reputation is managed -__multiplex__ *noun* a system or signal involving simultaneous transmission of -several messages along a single channel of communication. - -Each `MConnection` handles message transmission on multiple abstract communication -`Channel`s. Each channel has a globally unique byte id. -The byte id and the relative priorities of each `Channel` are configured upon -initialization of the connection. - -The `MConnection` supports three packet types: Ping, Pong, and Msg. - -### Ping and Pong - -The ping and pong messages consist of writing a single byte to the connection; 0x1 and 0x2, respectively - -When we haven't received any messages on an `MConnection` in a time `pingTimeout`, we send a ping message. -When a ping is received on the `MConnection`, a pong is sent in response. - -If a pong is not received in sufficient time, the peer's score should be decremented (TODO). - -### Msg - -Messages in channels are chopped into smaller msgPackets for multiplexing. - -``` -type msgPacket struct { - ChannelID byte - EOF byte // 1 means message ends here. - Bytes []byte -} -``` - -The msgPacket is serialized using go-wire, and prefixed with a 0x3. -The received `Bytes` of a sequential set of packets are appended together -until a packet with `EOF=1` is received, at which point the complete serialized message -is returned for processing by the corresponding channels `onReceive` function. - -### Multiplexing - -Messages are sent from a single `sendRoutine`, which loops over a select statement that results in the sending -of a ping, a pong, or a batch of data messages. The batch of data messages may include messages from multiple channels. -Message bytes are queued for sending in their respective channel, with each channel holding one unsent message at a time. -Messages are chosen for a batch one a time from the channel with the lowest ratio of recently sent bytes to channel priority. - -## Sending Messages - -There are two methods for sending messages: -```go -func (m MConnection) Send(chID byte, msg interface{}) bool {} -func (m MConnection) TrySend(chID byte, msg interface{}) bool {} -``` - -`Send(chID, msg)` is a blocking call that waits until `msg` is successfully queued -for the channel with the given id byte `chID`. The message `msg` is serialized -using the `tendermint/wire` submodule's `WriteBinary()` reflection routine. - -`TrySend(chID, msg)` is a nonblocking call that returns false if the channel's -queue is full. - -`Send()` and `TrySend()` are also exposed for each `Peer`. - -## Peer - -Each peer has one `MConnection` instance, and includes other information such as whether the connection -was outbound, whether the connection should be recreated if it closes, various identity information about the node, -and other higher level thread-safe data used by the reactors. - -## Switch/Reactor - -The `Switch` handles peer connections and exposes an API to receive incoming messages -on `Reactors`. Each `Reactor` is responsible for handling incoming messages of one -or more `Channels`. So while sending outgoing messages is typically performed on the peer, -incoming messages are received on the reactor. - -```go -// Declare a MyReactor reactor that handles messages on MyChannelID. -type MyReactor struct{} - -func (reactor MyReactor) GetChannels() []*ChannelDescriptor { - return []*ChannelDescriptor{ChannelDescriptor{ID:MyChannelID, Priority: 1}} -} - -func (reactor MyReactor) Receive(chID byte, peer *Peer, msgBytes []byte) { - r, n, err := bytes.NewBuffer(msgBytes), new(int64), new(error) - msgString := ReadString(r, n, err) - fmt.Println(msgString) -} - -// Other Reactor methods omitted for brevity -... - -switch := NewSwitch([]Reactor{MyReactor{}}) - -... - -// Send a random message to all outbound connections -for _, peer := range switch.Peers().List() { - if peer.IsOutbound() { - peer.Send(MyChannelID, "Here's a random message") - } -} -``` - -### PexReactor/AddrBook - -A `PEXReactor` reactor implementation is provided to automate peer discovery. - -```go -book := p2p.NewAddrBook(addrBookFilePath) -pexReactor := p2p.NewPEXReactor(book) -... -switch := NewSwitch([]Reactor{pexReactor, myReactor, ...}) -``` diff --git a/p2p/docs/connection.md b/p2p/docs/connection.md new file mode 100644 index 000000000..72847fa11 --- /dev/null +++ b/p2p/docs/connection.md @@ -0,0 +1,116 @@ +## MConnection + +`MConnection` is a multiplex connection: + +__multiplex__ *noun* a system or signal involving simultaneous transmission of +several messages along a single channel of communication. + +Each `MConnection` handles message transmission on multiple abstract communication +`Channel`s. Each channel has a globally unique byte id. +The byte id and the relative priorities of each `Channel` are configured upon +initialization of the connection. + +The `MConnection` supports three packet types: Ping, Pong, and Msg. + +### Ping and Pong + +The ping and pong messages consist of writing a single byte to the connection; 0x1 and 0x2, respectively + +When we haven't received any messages on an `MConnection` in a time `pingTimeout`, we send a ping message. +When a ping is received on the `MConnection`, a pong is sent in response. + +If a pong is not received in sufficient time, the peer's score should be decremented (TODO). + +### Msg + +Messages in channels are chopped into smaller msgPackets for multiplexing. + +``` +type msgPacket struct { + ChannelID byte + EOF byte // 1 means message ends here. + Bytes []byte +} +``` + +The msgPacket is serialized using go-wire, and prefixed with a 0x3. +The received `Bytes` of a sequential set of packets are appended together +until a packet with `EOF=1` is received, at which point the complete serialized message +is returned for processing by the corresponding channels `onReceive` function. + +### Multiplexing + +Messages are sent from a single `sendRoutine`, which loops over a select statement that results in the sending +of a ping, a pong, or a batch of data messages. The batch of data messages may include messages from multiple channels. +Message bytes are queued for sending in their respective channel, with each channel holding one unsent message at a time. +Messages are chosen for a batch one a time from the channel with the lowest ratio of recently sent bytes to channel priority. + +## Sending Messages + +There are two methods for sending messages: +```go +func (m MConnection) Send(chID byte, msg interface{}) bool {} +func (m MConnection) TrySend(chID byte, msg interface{}) bool {} +``` + +`Send(chID, msg)` is a blocking call that waits until `msg` is successfully queued +for the channel with the given id byte `chID`. The message `msg` is serialized +using the `tendermint/wire` submodule's `WriteBinary()` reflection routine. + +`TrySend(chID, msg)` is a nonblocking call that returns false if the channel's +queue is full. + +`Send()` and `TrySend()` are also exposed for each `Peer`. + +## Peer + +Each peer has one `MConnection` instance, and includes other information such as whether the connection +was outbound, whether the connection should be recreated if it closes, various identity information about the node, +and other higher level thread-safe data used by the reactors. + +## Switch/Reactor + +The `Switch` handles peer connections and exposes an API to receive incoming messages +on `Reactors`. Each `Reactor` is responsible for handling incoming messages of one +or more `Channels`. So while sending outgoing messages is typically performed on the peer, +incoming messages are received on the reactor. + +```go +// Declare a MyReactor reactor that handles messages on MyChannelID. +type MyReactor struct{} + +func (reactor MyReactor) GetChannels() []*ChannelDescriptor { + return []*ChannelDescriptor{ChannelDescriptor{ID:MyChannelID, Priority: 1}} +} + +func (reactor MyReactor) Receive(chID byte, peer *Peer, msgBytes []byte) { + r, n, err := bytes.NewBuffer(msgBytes), new(int64), new(error) + msgString := ReadString(r, n, err) + fmt.Println(msgString) +} + +// Other Reactor methods omitted for brevity +... + +switch := NewSwitch([]Reactor{MyReactor{}}) + +... + +// Send a random message to all outbound connections +for _, peer := range switch.Peers().List() { + if peer.IsOutbound() { + peer.Send(MyChannelID, "Here's a random message") + } +} +``` + +### PexReactor/AddrBook + +A `PEXReactor` reactor implementation is provided to automate peer discovery. + +```go +book := p2p.NewAddrBook(addrBookFilePath) +pexReactor := p2p.NewPEXReactor(book) +... +switch := NewSwitch([]Reactor{pexReactor, myReactor, ...}) +``` diff --git a/p2p/docs/node.md b/p2p/docs/node.md new file mode 100644 index 000000000..a8afc85ce --- /dev/null +++ b/p2p/docs/node.md @@ -0,0 +1,53 @@ +# Tendermint Peer Discovery + +A Tendermint P2P network has different kinds of nodes with different requirements for connectivity to others. +This document describes what kind of nodes Tendermint should enable and how they should work. + +## Node startup options +--p2p.seed_mode // If present, this node operates in seed mode. It will kick incoming peers after sharing some peers. +--p2p.seeds “1.2.3.4:466656,2.3.4.5:4444” // Dials these seeds to get peers and disconnects. +--p2p.persistent_peers “1.2.3.4:46656,2.3.4.5:466656” // These connections will be auto-redialed. If dial_seeds and persistent intersect, the user will be WARNED that seeds may auto-close connections and the node may not be able to keep the connection persistent + +## Seeds + +Seeds are the first point of contact for a new node. +They return a list of known active peers and disconnect. + +Seeds should operate full nodes, and with the PEX reactor in a "crawler" mode +that continuously explores to validate the availability of peers. + +Seeds should only respond with some top percentile of the best peers it knows about. + +## New Full Node + +A new node has seeds hardcoded into the software, but they can also be set manually (config file or flags). +The new node must also have access to a recent block height, H, and hash, HASH. + +The node then queries some seeds for peers for its chain, +dials those peers, and runs the Tendermint protocols with those it successfully connects to. + +When the peer catches up to height H, it ensures the block hash matches HASH. + +## Restarted Full Node + +A node checks its address book on startup and attempts to connect to peers from there. +If it can't connect to any peers after some time, it falls back to the seeds to find more. + +## Validator Node + +A validator node is a node that interfaces with a validator signing key. +These nodes require the highest security, and should not accept incoming connections. +They should maintain outgoing connections to a controlled set of "Sentry Nodes" that serve +as their proxy shield to the rest of the network. + +Validators that know and trust each other can accept incoming connections from one another and maintain direct private connectivity via VPN. + +## Sentry Node + +Sentry nodes are guardians of a validator node and provide it access to the rest of the network. +Sentry nodes may be dynamic, but should maintain persistent connections to some evolving random subset of each other. +They should always expect to have direct incoming connections from the validator node and its backup/s. +They do not report the validator node's address in the PEX. +They may be more strict about the quality of peers they keep. + +Sentry nodes belonging to validators that trust each other may wish to maintain persistent connections via VPN with one another, but only report each other sparingly in the PEX. diff --git a/p2p/docs/peer.md b/p2p/docs/peer.md new file mode 100644 index 000000000..15870ea7d --- /dev/null +++ b/p2p/docs/peer.md @@ -0,0 +1,105 @@ +# Tendermint Peers + +This document explains how Tendermint Peers are identified, how they connect to one another, +and how other peers are found. + +## Peer Identity + +Tendermint peers are expected to maintain long-term persistent identities in the form of a private key. +Each peer has an ID defined as `peer.ID == peer.PrivKey.Address()`, where `Address` uses the scheme defined in go-crypto. + +Peer ID's must come with some Proof-of-Work; that is, +they must satisfy `peer.PrivKey.Address() < target` for some difficulty target. +This ensures they are not too easy to generate. + +A single peer ID can have multiple IP addresses associated with - for simplicity, we only keep track +of the latest one. + +When attempting to connect to a peer, we use the PeerURL: `@:`. +We will attempt to connect to the peer at IP:PORT, and verify, +via authenticated encryption, that it is in possession of the private key +corresponding to ``. This prevents man-in-the-middle attacks on the peer layer. + +Peers can also be connected to without specifying an ID, ie. `:`. +In this case, the peer cannot be authenticated and other means, such as a VPN, +must be used. + +## Connections + +All p2p connections use TCP. +Upon establishing a successful TCP connection with a peer, +two handhsakes are performed: one for authenticated encryption, and one for Tendermint versioning. +Both handshakes have configurable timeouts (they should complete quickly). + +### Authenticated Encryption Handshake + +Tendermint implements the Station-to-Station protocol +using ED25519 keys for Diffie-Helman key-exchange and NACL SecretBox for encryption. +It goes as follows: +- generate an emphemeral ED25519 keypair +- send the ephemeral public key to the peer +- wait to receive the peer's ephemeral public key +- compute the Diffie-Hellman shared secret using the peers ephemeral public key and our ephemeral private key +- generate nonces to use for encryption + - TODO +- all communications from now on are encrypted using the shared secret +- generate a common challenge to sign +- sign the common challenge with our persistent private key +- send the signed challenge and persistent public key to the peer +- wait to receive the signed challenge and persistent public key from the peer +- verify the signature in the signed challenge using the peers persistent public key + + +If this is an outgoing connection (we dialed the peer) and we used a peer ID, +then finally verify that the `peer.PubKey` corresponds to the peer ID we dialed, +ie. `peer.PubKey.Address() == `. + +The connection has now been authenticated. All traffic is encrypted. + +Note that only the dialer can authenticate the identity of the peer, +but this is what we care about since when we join the network we wish to +ensure we have reached the intended peer (and are not being MITMd). + + +### Peer Filter + +Before continuing, we check if the new peer has the same ID has ourselves or +an existing peer. If so, we disconnect. + +We also check the peer's address and public key against +an optional whitelist which can be managed through the ABCI app - +if the whitelist is enabled and the peer is not on it, the connection is +terminated. + + +### Tendermint Version Handshake + +The Tendermint Version Handshake allows the peers to exchange their NodeInfo, which contains: + +``` +type NodeInfo struct { + PubKey crypto.PubKey `json:"pub_key"` + Moniker string `json:"moniker"` + Network string `json:"network"` + RemoteAddr string `json:"remote_addr"` + ListenAddr string `json:"listen_addr"` // accepting in + Version string `json:"version"` // major.minor.revision + Channels []int8 `json:"channels"` // active reactor channels + Other []string `json:"other"` // other application specific data +} +``` + +The connection is disconnected if: +- `peer.NodeInfo.PubKey != peer.PubKey` +- `peer.NodeInfo.Version` is not formatted as `X.X.X` where X are integers known as Major, Minor, and Revision +- `peer.NodeInfo.Version` Major is not the same as ours +- `peer.NodeInfo.Version` Minor is not the same as ours +- `peer.NodeInfo.Network` is not the same as ours + + +At this point, if we have not disconnected, the peer is valid and added to the switch, +so it is added to all reactors. + + +### Connection Activity + diff --git a/p2p/docs/reputation.md b/p2p/docs/reputation.md new file mode 100644 index 000000000..a2a995e5d --- /dev/null +++ b/p2p/docs/reputation.md @@ -0,0 +1,23 @@ + +# Peer Strategy + +Peers are managed using an address book and a trust metric. +The book keeps a record of vetted peers and unvetted peers. +When we need more peers, we pick them randomly from the addrbook with some +configurable bias for unvetted peers. When we’re asked for peers, we provide a random selection with no bias. + +The trust metric tracks the quality of the peers. +When a peer exceeds a certain quality for a certain amount of time, +it is marked as vetted in the addrbook. +If a vetted peer's quality degrades sufficiently, it is booted, and must prove itself from scratch. +If we need to make room for a new vetted peer, we move the lowest scoring vetted peer back to unvetted. +If we need to make room for a new unvetted peer, we remove the lowest scoring unvetted peer - +possibly only if its below some absolute minimum ? + +Peer quality is tracked in the connection and across the reactors. +Behaviours are defined as one of: + - fatal - something outright malicious. we should disconnect and remember them. + - bad - any kind of timeout, msgs that dont unmarshal, or fail other validity checks, or msgs we didn't ask for or arent expecting + - neutral - normal correct behaviour. unknown channels/msg types (version upgrades). + - good - some random majority of peers per reactor sending us useful messages + From cd15b677ec8339e0ac4992290aa103b524232b25 Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Mon, 1 Jan 2018 15:35:28 +0000 Subject: [PATCH 013/188] docs: add abci spec --- docs/abci-cli.rst | 2 +- docs/conf.py | 45 +++++++++++++++++++++++++++------------------ docs/index.rst | 1 + 3 files changed, 29 insertions(+), 19 deletions(-) diff --git a/docs/abci-cli.rst b/docs/abci-cli.rst index 9a5ba833c..ae4105683 100644 --- a/docs/abci-cli.rst +++ b/docs/abci-cli.rst @@ -289,4 +289,4 @@ its own pattern of messages. For more information, see the `application developers guide <./app-development.html>`__. For examples of running an ABCI app with Tendermint, see the `getting started -guide <./getting-started.html>`__. +guide <./getting-started.html>`__. Next is the ABCI specification. diff --git a/docs/conf.py b/docs/conf.py index d5c49355f..92c5e1201 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -171,29 +171,38 @@ texinfo_documents = [ 'Database'), ] -repo = "https://raw.githubusercontent.com/tendermint/tools/" -branch = "master" +# ---- customization ------------------------- -tools = "./tools" -assets = tools + "/assets" +tools_repo = "https://raw.githubusercontent.com/tendermint/tools/" +tools_branch = "master" -if os.path.isdir(tools) != True: - os.mkdir(tools) -if os.path.isdir(assets) != True: - os.mkdir(assets) +tools_dir = "./tools" +assets_dir = tools_dir + "/assets" -urllib.urlretrieve(repo+branch+'/ansible/README.rst', filename=tools+'/ansible.rst') -urllib.urlretrieve(repo+branch+'/ansible/assets/a_plus_t.png', filename=assets+'/a_plus_t.png') +if os.path.isdir(tools_dir) != True: + os.mkdir(tools_dir) +if os.path.isdir(assets_dir) != True: + os.mkdir(assets_dir) -urllib.urlretrieve(repo+branch+'/docker/README.rst', filename=tools+'/docker.rst') +urllib.urlretrieve(tools_repo+tools_branch+'/ansible/README.rst', filename=tools_dir+'/ansible.rst') +urllib.urlretrieve(tools_repo+tools_branch+'/ansible/assets/a_plus_t.png', filename=assets_dir+'/a_plus_t.png') -urllib.urlretrieve(repo+branch+'/mintnet-kubernetes/README.rst', filename=tools+'/mintnet-kubernetes.rst') -urllib.urlretrieve(repo+branch+'/mintnet-kubernetes/assets/gce1.png', filename=assets+'/gce1.png') -urllib.urlretrieve(repo+branch+'/mintnet-kubernetes/assets/gce2.png', filename=assets+'/gce2.png') -urllib.urlretrieve(repo+branch+'/mintnet-kubernetes/assets/statefulset.png', filename=assets+'/statefulset.png') -urllib.urlretrieve(repo+branch+'/mintnet-kubernetes/assets/t_plus_k.png', filename=assets+'/t_plus_k.png') +urllib.urlretrieve(tools_repo+tools_branch+'/docker/README.rst', filename=tools_dir+'/docker.rst') -urllib.urlretrieve(repo+branch+'/terraform-digitalocean/README.rst', filename=tools+'/terraform-digitalocean.rst') -urllib.urlretrieve(repo+branch+'/tm-bench/README.rst', filename=tools+'/benchmarking-and-monitoring.rst') +urllib.urlretrieve(tools_repo+tools_branch+'/mintnet-kubernetes/README.rst', filename=tools_dir+'/mintnet-kubernetes.rst') +urllib.urlretrieve(tools_repo+tools_branch+'/mintnet-kubernetes/assets/gce1.png', filename=assets_dir+'/gce1.png') +urllib.urlretrieve(tools_repo+tools_branch+'/mintnet-kubernetes/assets/gce2.png', filename=assets_dir+'/gce2.png') +urllib.urlretrieve(tools_repo+tools_branch+'/mintnet-kubernetes/assets/statefulset.png', filename=assets_dir+'/statefulset.png') +urllib.urlretrieve(tools_repo+tools_branch+'/mintnet-kubernetes/assets/t_plus_k.png', filename=assets_dir+'/t_plus_k.png') + +urllib.urlretrieve(tools_repo+tools_branch+'/terraform-digitalocean/README.rst', filename=tools_dir+'/terraform-digitalocean.rst') +urllib.urlretrieve(tools_repo+tools_branch+'/tm-bench/README.rst', filename=tools_dir+'/benchmarking-and-monitoring.rst') # the readme for below is included in tm-bench # urllib.urlretrieve('https://raw.githubusercontent.com/tendermint/tools/master/tm-monitor/README.rst', filename='tools/tm-monitor.rst') + +#### abci spec ################################# + +abci_repo = "https://raw.githubusercontent.com/tendermint/abci/" +abci_branch = "spec-docs" + +urllib.urlretrieve(abci_repo+abci_branch+'/specification.rst', filename='abci-spec.rst') diff --git a/docs/index.rst b/docs/index.rst index 3ad3c4c59..b32ba4841 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -53,6 +53,7 @@ Tendermint 102 :maxdepth: 2 abci-cli.rst + abci-spec.rst app-architecture.rst app-development.rst how-to-read-logs.rst From bc71840f06af0aee7bc9ec17f2dc71e2bbd65f26 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 1 Jan 2018 15:59:53 -0500 Subject: [PATCH 014/188] more p2p docs --- p2p/README.md | 3 +- p2p/docs/config.md | 39 +++++++++ p2p/docs/node.md | 25 ++++-- p2p/docs/peer.md | 55 ++++++++----- p2p/docs/pex.md | 94 ++++++++++++++++++++++ p2p/docs/{reputation.md => trustmetric.md} | 13 +-- 6 files changed, 189 insertions(+), 40 deletions(-) create mode 100644 p2p/docs/config.md create mode 100644 p2p/docs/pex.md rename p2p/docs/{reputation.md => trustmetric.md} (51%) diff --git a/p2p/README.md b/p2p/README.md index 5d1f984cb..a30b83b7c 100644 --- a/p2p/README.md +++ b/p2p/README.md @@ -9,5 +9,6 @@ See: - [docs/connection] for details on how connections and multiplexing work - [docs/peer] for details on peer ID, handshakes, and peer exchange - [docs/node] for details about different types of nodes and how they should work -- [docs/reputation] for details on how peer reputation is managed +- [docs/pex] for details on peer discovery and exchange +- [docs/config] for details on some config options diff --git a/p2p/docs/config.md b/p2p/docs/config.md new file mode 100644 index 000000000..bc3c343c5 --- /dev/null +++ b/p2p/docs/config.md @@ -0,0 +1,39 @@ +# P2P Config + +Here we describe configuration options around the Peer Exchange. + +## Seed Mode + +`--p2p.seed_mode` + +The node operates in seed mode. It will kick incoming peers after sharing some peers. +It will continually crawl the network for peers. + +## Seeds + +`--p2p.seeds “1.2.3.4:466656,2.3.4.5:4444”` + +Dials these seeds when we need more peers. They will return a list of peers and then disconnect. +If we already have enough peers in the address book, we may never need to dial them. + +## Persistent Peers + +`--p2p.persistent_peers “1.2.3.4:46656,2.3.4.5:466656”` + +Dial these peers and auto-redial them if the connection fails. +These are intended to be trusted persistent peers that can help +anchor us in the p2p network. + +Note that the auto-redial uses exponential backoff and will give up +after a day of trying to connect. + +NOTE: If `dial_seeds` and `persistent_peers` intersect, +the user will be WARNED that seeds may auto-close connections +and the node may not be able to keep the connection persistent. + +## Private Persistent Peers + +`--p2p.private_persistent_peers “1.2.3.4:46656,2.3.4.5:466656”` + +These are persistent peers that we do not add to the address book or +gossip to other peers. They stay private to us. diff --git a/p2p/docs/node.md b/p2p/docs/node.md index a8afc85ce..9f9fc5296 100644 --- a/p2p/docs/node.md +++ b/p2p/docs/node.md @@ -3,11 +3,6 @@ A Tendermint P2P network has different kinds of nodes with different requirements for connectivity to others. This document describes what kind of nodes Tendermint should enable and how they should work. -## Node startup options ---p2p.seed_mode // If present, this node operates in seed mode. It will kick incoming peers after sharing some peers. ---p2p.seeds “1.2.3.4:466656,2.3.4.5:4444” // Dials these seeds to get peers and disconnects. ---p2p.persistent_peers “1.2.3.4:46656,2.3.4.5:466656” // These connections will be auto-redialed. If dial_seeds and persistent intersect, the user will be WARNED that seeds may auto-close connections and the node may not be able to keep the connection persistent - ## Seeds Seeds are the first point of contact for a new node. @@ -17,22 +12,36 @@ Seeds should operate full nodes, and with the PEX reactor in a "crawler" mode that continuously explores to validate the availability of peers. Seeds should only respond with some top percentile of the best peers it knows about. +See [reputation] for details on peer quality. ## New Full Node -A new node has seeds hardcoded into the software, but they can also be set manually (config file or flags). -The new node must also have access to a recent block height, H, and hash, HASH. +A new node needs a few things to connect to the network: +- a list of seeds, which can be provided to Tendermint via config file or flags, +or hardcoded into the software by in-process apps +- a `ChainID`, also called `Network` at the p2p layer +- a recent block height, H, and hash, HASH for the blockchain. -The node then queries some seeds for peers for its chain, +The values `H` and `HASH` must be received and corroborated by means external to Tendermint, and specific to the user - ie. via the user's trusted social consensus. +This requirement to validate `H` and `HASH` out-of-band and via social consensus +is the essential difference in security models between Proof-of-Work and Proof-of-Stake blockchains. + +With the above, the node then queries some seeds for peers for its chain, dials those peers, and runs the Tendermint protocols with those it successfully connects to. When the peer catches up to height H, it ensures the block hash matches HASH. +If not, Tendermint will exit, and the user must try again - either they are connected +to bad peers or their social consensus was invalidated. ## Restarted Full Node A node checks its address book on startup and attempts to connect to peers from there. If it can't connect to any peers after some time, it falls back to the seeds to find more. +Restarted full nodes can run the `blockchain` or `consensus` reactor protocols to sync up +to the latest state of the blockchain, assuming they aren't too far behind. +If they are too far behind, they may need to validate a recent `H` and `HASH` out-of-band again. + ## Validator Node A validator node is a node that interfaces with a validator signing key. diff --git a/p2p/docs/peer.md b/p2p/docs/peer.md index 15870ea7d..5281a7020 100644 --- a/p2p/docs/peer.md +++ b/p2p/docs/peer.md @@ -10,19 +10,19 @@ Each peer has an ID defined as `peer.ID == peer.PrivKey.Address()`, where `Addre Peer ID's must come with some Proof-of-Work; that is, they must satisfy `peer.PrivKey.Address() < target` for some difficulty target. -This ensures they are not too easy to generate. +This ensures they are not too easy to generate. To begin, let `target == 2^240`. -A single peer ID can have multiple IP addresses associated with - for simplicity, we only keep track -of the latest one. +A single peer ID can have multiple IP addresses associated with it. +For simplicity, we only keep track of the latest one. When attempting to connect to a peer, we use the PeerURL: `@:`. We will attempt to connect to the peer at IP:PORT, and verify, via authenticated encryption, that it is in possession of the private key corresponding to ``. This prevents man-in-the-middle attacks on the peer layer. -Peers can also be connected to without specifying an ID, ie. `:`. -In this case, the peer cannot be authenticated and other means, such as a VPN, -must be used. +Peers can also be connected to without specifying an ID, ie. just `:`. +In this case, the peer must be authenticated out-of-band of Tendermint, +for instance via VPN ## Connections @@ -40,18 +40,27 @@ It goes as follows: - send the ephemeral public key to the peer - wait to receive the peer's ephemeral public key - compute the Diffie-Hellman shared secret using the peers ephemeral public key and our ephemeral private key -- generate nonces to use for encryption - - TODO -- all communications from now on are encrypted using the shared secret -- generate a common challenge to sign +- generate two nonces to use for encryption (sending and receiving) as follows: + - sort the ephemeral public keys in ascending order and concatenate them + - RIPEMD160 the result + - append 4 empty bytes (extending the hash to 24-bytes) + - the result is nonce1 + - flip the last bit of nonce1 to get nonce2 + - if we had the smaller ephemeral pubkey, use nonce1 for receiving, nonce2 for sending; + else the opposite +- all communications from now on are encrypted using the shared secret and the nonces, where each nonce +- we now have an encrypted channel, but still need to authenticate +increments by 2 every time it is used +- generate a common challenge to sign: + - SHA256 of the sorted (lowest first) and concatenated ephemeral pub keys - sign the common challenge with our persistent private key -- send the signed challenge and persistent public key to the peer -- wait to receive the signed challenge and persistent public key from the peer -- verify the signature in the signed challenge using the peers persistent public key +- send the go-wire encoded persistent pubkey and signature to the peer +- wait to receive the persistent public key and signature from the peer +- verify the signature on the challenge using the peer's persistent public key If this is an outgoing connection (we dialed the peer) and we used a peer ID, -then finally verify that the `peer.PubKey` corresponds to the peer ID we dialed, +then finally verify that the peer's persistent public key corresponds to the peer ID we dialed, ie. `peer.PubKey.Address() == `. The connection has now been authenticated. All traffic is encrypted. @@ -60,21 +69,20 @@ Note that only the dialer can authenticate the identity of the peer, but this is what we care about since when we join the network we wish to ensure we have reached the intended peer (and are not being MITMd). - ### Peer Filter -Before continuing, we check if the new peer has the same ID has ourselves or +Before continuing, we check if the new peer has the same ID as ourselves or an existing peer. If so, we disconnect. We also check the peer's address and public key against an optional whitelist which can be managed through the ABCI app - -if the whitelist is enabled and the peer is not on it, the connection is +if the whitelist is enabled and the peer does not qualigy, the connection is terminated. ### Tendermint Version Handshake -The Tendermint Version Handshake allows the peers to exchange their NodeInfo, which contains: +The Tendermint Version Handshake allows the peers to exchange their NodeInfo: ``` type NodeInfo struct { @@ -95,11 +103,16 @@ The connection is disconnected if: - `peer.NodeInfo.Version` Major is not the same as ours - `peer.NodeInfo.Version` Minor is not the same as ours - `peer.NodeInfo.Network` is not the same as ours +- `peer.Channels` does not intersect with our known Channels. -At this point, if we have not disconnected, the peer is valid and added to the switch, -so it is added to all reactors. +At this point, if we have not disconnected, the peer is valid. +It is added to the switch and hence all reactors via the `AddPeer` method. +Note that each reactor may handle multiple channels. +## Connection Activity -### Connection Activity +Once a peer is added, incoming messages for a given reactor are handled through +that reactor's `Receive` method, and output messages are sent directly by the Reactors +on each peer. A typical reactor maintains per-peer go-routine/s that handle this. diff --git a/p2p/docs/pex.md b/p2p/docs/pex.md new file mode 100644 index 000000000..a71b97174 --- /dev/null +++ b/p2p/docs/pex.md @@ -0,0 +1,94 @@ +# Peer Strategy and Exchange + +Here we outline the design of the AddressBook +and how it used by the Peer Exchange Reactor (PEX) to ensure we are connected +to good peers and to gossip peers to others. + +## Peer Types + +Certain peers are special in that they are specified by the user as `persistent`, +which means we auto-redial them if the connection fails. +Some such peers can additional be marked as `private`, which means +we will not gossip them to others. + +All others peers are tracked using an address book. + +## Discovery + +Peer discovery begins with a list of seeds. +When we have no peers, or have been unable to find enough peers from existing ones, +we dial a randomly selected seed to get a list of peers to dial. + +So long as we have less than `MaxPeers`, we periodically request additional peers +from each of our own. If sufficient time goes by and we still can't find enough peers, +we try the seeds again. + +## Address Book + +Peers are tracked via their ID (their PubKey.Address()). +For each ID, the address book keeps the most recent IP:PORT. +Peers are added to the address book from the PEX when they first connect to us or +when we hear about them from other peers. + +The address book is arranged in sets of buckets, and distinguishes between +vetted and unvetted peers. It keeps different sets of buckets for vetted and +unvetted peers. Buckets provide randomization over peer selection. + +A vetted peer can only be in one bucket. An unvetted peer can be in multiple buckets. + +## Vetting + +When a peer is first added, it is unvetted. +Marking a peer as vetted is outside the scope of the `p2p` package. +For Tendermint, a Peer becomes vetted once it has contributed sufficiently +at the consensus layer; ie. once it has sent us valid and not-yet-known +votes and/or block parts for `NumBlocksForVetted` blocks. +Other users of the p2p package can determine their own conditions for when a peer is marked vetted. + +If a peer becomes vetted but there are already too many vetted peers, +a randomly selected one of the vetted peers becomes unvetted. + +If a peer becomes unvetted (either a new peer, or one that was previously vetted), +a randomly selected one of the unvetted peers is removed from the address book. + +More fine-grained tracking of peer behaviour can be done using +a Trust Metric, but it's best to start with something simple. + +## Select Peers to Dial + +When we need more peers, we pick them randomly from the addrbook with some +configurable bias for unvetted peers. The bias should be lower when we have fewer peers, +and can increase as we obtain more, ensuring that our first peers are more trustworthy, +but always giving us the chance to discover new good peers. + +## Select Peers to Exchange + +When we’re asked for peers, we select them as follows: +- select at most `maxGetSelection` peers +- try to select at least `minGetSelection` peers - if we have less than that, select them all. +- select a random, unbiased `getSelectionPercent` of the peers + +Send the selected peers. Note we select peers for sending without bias for vetted/unvetted. + +## Preventing Spam + +There are various cases where we decide a peer has misbehaved and we disconnect from them. +When this happens, the peer is removed from the address book and black listed for +some amount of time. We call this "Disconnect and Mark". +Note that the bad behaviour may be detected outside the PEX reactor itseld +(for instance, in the mconnection, or another reactor), but it must be communicated to the PEX reactor +so it can remove and mark the peer. + +In the PEX, if a peer sends us unsolicited lists of peers, +or if the peer sends too many requests for more peers in a given amount of time, +we Disconnect and Mark. + +## Trust Metric + +The quality of peers can be tracked in more fine-grained detail using a +Proportional-Integral-Derrivative (PID) controller that incorporates +current, past, and rate-of-change data to inform peer quality. + +While a PID trust metric has been implemented, it remains for future work +to use it in the PEX. + diff --git a/p2p/docs/reputation.md b/p2p/docs/trustmetric.md similarity index 51% rename from p2p/docs/reputation.md rename to p2p/docs/trustmetric.md index a2a995e5d..b0eaf96e5 100644 --- a/p2p/docs/reputation.md +++ b/p2p/docs/trustmetric.md @@ -1,11 +1,4 @@ -# Peer Strategy - -Peers are managed using an address book and a trust metric. -The book keeps a record of vetted peers and unvetted peers. -When we need more peers, we pick them randomly from the addrbook with some -configurable bias for unvetted peers. When we’re asked for peers, we provide a random selection with no bias. - The trust metric tracks the quality of the peers. When a peer exceeds a certain quality for a certain amount of time, it is marked as vetted in the addrbook. @@ -17,7 +10,7 @@ possibly only if its below some absolute minimum ? Peer quality is tracked in the connection and across the reactors. Behaviours are defined as one of: - fatal - something outright malicious. we should disconnect and remember them. - - bad - any kind of timeout, msgs that dont unmarshal, or fail other validity checks, or msgs we didn't ask for or arent expecting - - neutral - normal correct behaviour. unknown channels/msg types (version upgrades). - - good - some random majority of peers per reactor sending us useful messages + - bad - any kind of timeout, msgs that dont unmarshal, or fail other validity checks, or msgs we didn't ask for or arent expecting + - neutral - normal correct behaviour. unknown channels/msg types (version upgrades). + - good - some random majority of peers per reactor sending us useful messages From 528154f1a218b9c884ea0de2402304f002c601a1 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 29 Dec 2017 01:53:41 -0500 Subject: [PATCH 015/188] p2p: PrivKey need not be Ed25519 --- node/node.go | 19 +++++++++---------- p2p/README.md | 1 - p2p/peer.go | 8 ++++---- p2p/peer_test.go | 18 +++++++++--------- p2p/secret_connection.go | 16 ++++++++-------- p2p/secret_connection_test.go | 15 +++++++-------- p2p/switch.go | 18 +++++++++--------- p2p/switch_test.go | 6 +++--- p2p/types.go | 14 +++++++------- 9 files changed, 56 insertions(+), 59 deletions(-) diff --git a/node/node.go b/node/node.go index f922d8321..7f845f902 100644 --- a/node/node.go +++ b/node/node.go @@ -96,7 +96,6 @@ type Node struct { privValidator types.PrivValidator // local node's validator key // network - privKey crypto.PrivKeyEd25519 // local node's p2p key sw *p2p.Switch // p2p connections addrBook *p2p.AddrBook // known peers trustMetricStore *trust.TrustMetricStore // trust metrics for all peers @@ -170,9 +169,6 @@ func NewNode(config *cfg.Config, // reload the state (it may have been updated by the handshake) state = sm.LoadState(stateDB) - // Generate node PrivKey - privKey := crypto.GenPrivKeyEd25519() - // Decide whether to fast-sync or not // We don't fast-sync when the only validator is us. fastSync := config.FastSync @@ -275,7 +271,7 @@ func NewNode(config *cfg.Config, } return nil }) - sw.SetPubKeyFilter(func(pubkey crypto.PubKeyEd25519) error { + sw.SetPubKeyFilter(func(pubkey crypto.PubKey) error { resQuery, err := proxyApp.Query().QuerySync(abci.RequestQuery{Path: cmn.Fmt("/p2p/filter/pubkey/%X", pubkey.Bytes())}) if err != nil { return err @@ -328,7 +324,6 @@ func NewNode(config *cfg.Config, genesisDoc: genDoc, privValidator: privValidator, - privKey: privKey, sw: sw, addrBook: addrBook, trustMetricStore: trustMetricStore, @@ -371,9 +366,13 @@ func (n *Node) OnStart() error { l := p2p.NewDefaultListener(protocol, address, n.config.P2P.SkipUPNP, n.Logger.With("module", "p2p")) n.sw.AddListener(l) + // Generate node PrivKey + // TODO: Load + privKey := crypto.GenPrivKeyEd25519().Wrap() + // Start the switch - n.sw.SetNodeInfo(n.makeNodeInfo()) - n.sw.SetNodePrivKey(n.privKey) + n.sw.SetNodeInfo(n.makeNodeInfo(privKey.PubKey())) + n.sw.SetNodePrivKey(privKey) err = n.sw.Start() if err != nil { return err @@ -534,13 +533,13 @@ func (n *Node) ProxyApp() proxy.AppConns { return n.proxyApp } -func (n *Node) makeNodeInfo() *p2p.NodeInfo { +func (n *Node) makeNodeInfo(pubKey crypto.PubKey) *p2p.NodeInfo { txIndexerStatus := "on" if _, ok := n.txIndexer.(*null.TxIndex); ok { txIndexerStatus = "off" } nodeInfo := &p2p.NodeInfo{ - PubKey: n.privKey.PubKey().Unwrap().(crypto.PubKeyEd25519), + PubKey: pubKey, Moniker: n.config.Moniker, Network: n.genesisDoc.ChainID, Version: version.Version, diff --git a/p2p/README.md b/p2p/README.md index a30b83b7c..3d0e9eebc 100644 --- a/p2p/README.md +++ b/p2p/README.md @@ -11,4 +11,3 @@ See: - [docs/node] for details about different types of nodes and how they should work - [docs/pex] for details on peer discovery and exchange - [docs/config] for details on some config options - diff --git a/p2p/peer.go b/p2p/peer.go index cc7f4927a..91824dc8f 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -77,7 +77,7 @@ func DefaultPeerConfig() *PeerConfig { } func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, - onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKeyEd25519, config *PeerConfig) (*peer, error) { + onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig) (*peer, error) { conn, err := dial(addr, config) if err != nil { @@ -95,13 +95,13 @@ func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs [] } func newInboundPeer(conn net.Conn, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, - onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKeyEd25519, config *PeerConfig) (*peer, error) { + onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig) (*peer, error) { return newPeerFromConnAndConfig(conn, false, reactorsByCh, chDescs, onPeerError, ourNodePrivKey, config) } func newPeerFromConnAndConfig(rawConn net.Conn, outbound bool, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, - onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKeyEd25519, config *PeerConfig) (*peer, error) { + onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig) (*peer, error) { conn := rawConn @@ -216,7 +216,7 @@ func (p *peer) Addr() net.Addr { } // PubKey returns peer's public key. -func (p *peer) PubKey() crypto.PubKeyEd25519 { +func (p *peer) PubKey() crypto.PubKey { if p.config.AuthEnc { return p.conn.(*SecretConnection).RemotePubKey() } diff --git a/p2p/peer_test.go b/p2p/peer_test.go index b53b0bb12..a2884b336 100644 --- a/p2p/peer_test.go +++ b/p2p/peer_test.go @@ -16,7 +16,7 @@ func TestPeerBasic(t *testing.T) { assert, require := assert.New(t), require.New(t) // simulate remote peer - rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519(), Config: DefaultPeerConfig()} + rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519().Wrap(), Config: DefaultPeerConfig()} rp.Start() defer rp.Stop() @@ -43,7 +43,7 @@ func TestPeerWithoutAuthEnc(t *testing.T) { config.AuthEnc = false // simulate remote peer - rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519(), Config: config} + rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519().Wrap(), Config: config} rp.Start() defer rp.Stop() @@ -64,7 +64,7 @@ func TestPeerSend(t *testing.T) { config.AuthEnc = false // simulate remote peer - rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519(), Config: config} + rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519().Wrap(), Config: config} rp.Start() defer rp.Stop() @@ -85,13 +85,13 @@ func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) {ID: 0x01, Priority: 1}, } reactorsByCh := map[byte]Reactor{0x01: NewTestReactor(chDescs, true)} - pk := crypto.GenPrivKeyEd25519() + pk := crypto.GenPrivKeyEd25519().Wrap() p, err := newOutboundPeer(addr, reactorsByCh, chDescs, func(p Peer, r interface{}) {}, pk, config) if err != nil { return nil, err } err = p.HandshakeTimeout(&NodeInfo{ - PubKey: pk.PubKey().Unwrap().(crypto.PubKeyEd25519), + PubKey: pk.PubKey(), Moniker: "host_peer", Network: "testing", Version: "123.123.123", @@ -103,7 +103,7 @@ func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) } type remotePeer struct { - PrivKey crypto.PrivKeyEd25519 + PrivKey crypto.PrivKey Config *PeerConfig addr *NetAddress quit chan struct{} @@ -113,8 +113,8 @@ func (p *remotePeer) Addr() *NetAddress { return p.addr } -func (p *remotePeer) PubKey() crypto.PubKeyEd25519 { - return p.PrivKey.PubKey().Unwrap().(crypto.PubKeyEd25519) +func (p *remotePeer) PubKey() crypto.PubKey { + return p.PrivKey.PubKey() } func (p *remotePeer) Start() { @@ -142,7 +142,7 @@ func (p *remotePeer) accept(l net.Listener) { golog.Fatalf("Failed to create a peer: %+v", err) } err = peer.HandshakeTimeout(&NodeInfo{ - PubKey: p.PrivKey.PubKey().Unwrap().(crypto.PubKeyEd25519), + PubKey: p.PrivKey.PubKey(), Moniker: "remote_peer", Network: "testing", Version: "123.123.123", diff --git a/p2p/secret_connection.go b/p2p/secret_connection.go index aec0a7519..f022d9c35 100644 --- a/p2p/secret_connection.go +++ b/p2p/secret_connection.go @@ -38,7 +38,7 @@ type SecretConnection struct { recvBuffer []byte recvNonce *[24]byte sendNonce *[24]byte - remPubKey crypto.PubKeyEd25519 + remPubKey crypto.PubKey shrSecret *[32]byte // shared secret } @@ -46,9 +46,9 @@ type SecretConnection struct { // Returns nil if error in handshake. // Caller should call conn.Close() // See docs/sts-final.pdf for more information. -func MakeSecretConnection(conn io.ReadWriteCloser, locPrivKey crypto.PrivKeyEd25519) (*SecretConnection, error) { +func MakeSecretConnection(conn io.ReadWriteCloser, locPrivKey crypto.PrivKey) (*SecretConnection, error) { - locPubKey := locPrivKey.PubKey().Unwrap().(crypto.PubKeyEd25519) + locPubKey := locPrivKey.PubKey() // Generate ephemeral keys for perfect forward secrecy. locEphPub, locEphPriv := genEphKeys() @@ -100,12 +100,12 @@ func MakeSecretConnection(conn io.ReadWriteCloser, locPrivKey crypto.PrivKeyEd25 } // We've authorized. - sc.remPubKey = remPubKey.Unwrap().(crypto.PubKeyEd25519) + sc.remPubKey = remPubKey return sc, nil } // Returns authenticated remote pubkey -func (sc *SecretConnection) RemotePubKey() crypto.PubKeyEd25519 { +func (sc *SecretConnection) RemotePubKey() crypto.PubKey { return sc.remPubKey } @@ -258,8 +258,8 @@ func genChallenge(loPubKey, hiPubKey *[32]byte) (challenge *[32]byte) { return hash32(append(loPubKey[:], hiPubKey[:]...)) } -func signChallenge(challenge *[32]byte, locPrivKey crypto.PrivKeyEd25519) (signature crypto.SignatureEd25519) { - signature = locPrivKey.Sign(challenge[:]).Unwrap().(crypto.SignatureEd25519) +func signChallenge(challenge *[32]byte, locPrivKey crypto.PrivKey) (signature crypto.Signature) { + signature = locPrivKey.Sign(challenge[:]) return } @@ -268,7 +268,7 @@ type authSigMessage struct { Sig crypto.Signature } -func shareAuthSignature(sc *SecretConnection, pubKey crypto.PubKeyEd25519, signature crypto.SignatureEd25519) (*authSigMessage, error) { +func shareAuthSignature(sc *SecretConnection, pubKey crypto.PubKey, signature crypto.Signature) (*authSigMessage, error) { var recvMsg authSigMessage var err1, err2 error diff --git a/p2p/secret_connection_test.go b/p2p/secret_connection_test.go index 8b58fb417..5e0611a87 100644 --- a/p2p/secret_connection_test.go +++ b/p2p/secret_connection_test.go @@ -1,7 +1,6 @@ package p2p import ( - "bytes" "io" "testing" @@ -32,10 +31,10 @@ func makeDummyConnPair() (fooConn, barConn dummyConn) { func makeSecretConnPair(tb testing.TB) (fooSecConn, barSecConn *SecretConnection) { fooConn, barConn := makeDummyConnPair() - fooPrvKey := crypto.GenPrivKeyEd25519() - fooPubKey := fooPrvKey.PubKey().Unwrap().(crypto.PubKeyEd25519) - barPrvKey := crypto.GenPrivKeyEd25519() - barPubKey := barPrvKey.PubKey().Unwrap().(crypto.PubKeyEd25519) + fooPrvKey := crypto.GenPrivKeyEd25519().Wrap() + fooPubKey := fooPrvKey.PubKey() + barPrvKey := crypto.GenPrivKeyEd25519().Wrap() + barPubKey := barPrvKey.PubKey() cmn.Parallel( func() { @@ -46,7 +45,7 @@ func makeSecretConnPair(tb testing.TB) (fooSecConn, barSecConn *SecretConnection return } remotePubBytes := fooSecConn.RemotePubKey() - if !bytes.Equal(remotePubBytes[:], barPubKey[:]) { + if !remotePubBytes.Equals(barPubKey) { tb.Errorf("Unexpected fooSecConn.RemotePubKey. Expected %v, got %v", barPubKey, fooSecConn.RemotePubKey()) } @@ -59,7 +58,7 @@ func makeSecretConnPair(tb testing.TB) (fooSecConn, barSecConn *SecretConnection return } remotePubBytes := barSecConn.RemotePubKey() - if !bytes.Equal(remotePubBytes[:], fooPubKey[:]) { + if !remotePubBytes.Equals(fooPubKey) { tb.Errorf("Unexpected barSecConn.RemotePubKey. Expected %v, got %v", fooPubKey, barSecConn.RemotePubKey()) } @@ -93,7 +92,7 @@ func TestSecretConnectionReadWrite(t *testing.T) { genNodeRunner := func(nodeConn dummyConn, nodeWrites []string, nodeReads *[]string) func() { return func() { // Node handskae - nodePrvKey := crypto.GenPrivKeyEd25519() + nodePrvKey := crypto.GenPrivKeyEd25519().Wrap() nodeSecretConn, err := MakeSecretConnection(nodeConn, nodePrvKey) if err != nil { t.Errorf("Failed to establish SecretConnection for node: %v", err) diff --git a/p2p/switch.go b/p2p/switch.go index 76b019806..fde216429 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -81,11 +81,11 @@ type Switch struct { reactorsByCh map[byte]Reactor peers *PeerSet dialing *cmn.CMap - nodeInfo *NodeInfo // our node info - nodePrivKey crypto.PrivKeyEd25519 // our node privkey + nodeInfo *NodeInfo // our node info + nodePrivKey crypto.PrivKey // our node privkey filterConnByAddr func(net.Addr) error - filterConnByPubKey func(crypto.PubKeyEd25519) error + filterConnByPubKey func(crypto.PubKey) error rng *rand.Rand // seed for randomizing dial times and orders } @@ -184,10 +184,10 @@ func (sw *Switch) NodeInfo() *NodeInfo { // SetNodePrivKey sets the switch's private key for authenticated encryption. // NOTE: Overwrites sw.nodeInfo.PubKey. // NOTE: Not goroutine safe. -func (sw *Switch) SetNodePrivKey(nodePrivKey crypto.PrivKeyEd25519) { +func (sw *Switch) SetNodePrivKey(nodePrivKey crypto.PrivKey) { sw.nodePrivKey = nodePrivKey if sw.nodeInfo != nil { - sw.nodeInfo.PubKey = nodePrivKey.PubKey().Unwrap().(crypto.PubKeyEd25519) + sw.nodeInfo.PubKey = nodePrivKey.PubKey() } } @@ -285,7 +285,7 @@ func (sw *Switch) FilterConnByAddr(addr net.Addr) error { } // FilterConnByPubKey returns an error if connecting to the given public key is forbidden. -func (sw *Switch) FilterConnByPubKey(pubkey crypto.PubKeyEd25519) error { +func (sw *Switch) FilterConnByPubKey(pubkey crypto.PubKey) error { if sw.filterConnByPubKey != nil { return sw.filterConnByPubKey(pubkey) } @@ -299,7 +299,7 @@ func (sw *Switch) SetAddrFilter(f func(net.Addr) error) { } // SetPubKeyFilter sets the function for filtering connections by public key. -func (sw *Switch) SetPubKeyFilter(f func(crypto.PubKeyEd25519) error) { +func (sw *Switch) SetPubKeyFilter(f func(crypto.PubKey) error) { sw.filterConnByPubKey = f } @@ -603,14 +603,14 @@ func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch f // TODO: let the config be passed in? s := initSwitch(i, NewSwitch(cfg)) s.SetNodeInfo(&NodeInfo{ - PubKey: privKey.PubKey().Unwrap().(crypto.PubKeyEd25519), + PubKey: privKey.PubKey(), Moniker: cmn.Fmt("switch%d", i), Network: network, Version: version, RemoteAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), ListenAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), }) - s.SetNodePrivKey(privKey) + s.SetNodePrivKey(privKey.Wrap()) return s } diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 72807d36a..1d6d869af 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -200,7 +200,7 @@ func TestConnPubKeyFilter(t *testing.T) { c1, c2 := netPipe() // set pubkey filter - s1.SetPubKeyFilter(func(pubkey crypto.PubKeyEd25519) error { + s1.SetPubKeyFilter(func(pubkey crypto.PubKey) error { if bytes.Equal(pubkey.Bytes(), s2.nodeInfo.PubKey.Bytes()) { return fmt.Errorf("Error: pipe is blacklisted") } @@ -232,7 +232,7 @@ func TestSwitchStopsNonPersistentPeerOnError(t *testing.T) { defer sw.Stop() // simulate remote peer - rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519(), Config: DefaultPeerConfig()} + rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519().Wrap(), Config: DefaultPeerConfig()} rp.Start() defer rp.Stop() @@ -259,7 +259,7 @@ func TestSwitchReconnectsToPersistentPeer(t *testing.T) { defer sw.Stop() // simulate remote peer - rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519(), Config: DefaultPeerConfig()} + rp := &remotePeer{PrivKey: crypto.GenPrivKeyEd25519().Wrap(), Config: DefaultPeerConfig()} rp.Start() defer rp.Stop() diff --git a/p2p/types.go b/p2p/types.go index 4e0994b71..63494d9cd 100644 --- a/p2p/types.go +++ b/p2p/types.go @@ -12,13 +12,13 @@ import ( const maxNodeInfoSize = 10240 // 10Kb type NodeInfo struct { - PubKey crypto.PubKeyEd25519 `json:"pub_key"` - Moniker string `json:"moniker"` - Network string `json:"network"` - RemoteAddr string `json:"remote_addr"` - ListenAddr string `json:"listen_addr"` - Version string `json:"version"` // major.minor.revision - Other []string `json:"other"` // other application specific data + PubKey crypto.PubKey `json:"pub_key"` + Moniker string `json:"moniker"` + Network string `json:"network"` + RemoteAddr string `json:"remote_addr"` + ListenAddr string `json:"listen_addr"` + Version string `json:"version"` // major.minor.revision + Other []string `json:"other"` // other application specific data } // CONTRACT: two nodes are compatible if the major/minor versions match and network match From f2e0abf1dc23544c7ce5cfb0bdd0fd46dc96ce1e Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 1 Jan 2018 20:21:11 -0500 Subject: [PATCH 016/188] p2p: reorder some checks in addPeer; add comments to NodeInfo --- p2p/peer.go | 1 + p2p/switch.go | 20 ++++++++++---------- p2p/types.go | 14 +++++++------- 3 files changed, 18 insertions(+), 17 deletions(-) diff --git a/p2p/peer.go b/p2p/peer.go index 91824dc8f..e2e73f0f3 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -304,6 +304,7 @@ func (p *peer) Set(key string, data interface{}) { } // Key returns the peer's id key. +// TODO: call this ID func (p *peer) Key() string { return p.nodeInfo.ListenAddr // XXX: should probably be PubKey.KeyString() } diff --git a/p2p/switch.go b/p2p/switch.go index fde216429..d4e3b3484 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -232,10 +232,15 @@ func (sw *Switch) OnStop() { // NOTE: If error is returned, caller is responsible for calling peer.CloseConn() func (sw *Switch) addPeer(peer *peer) error { + // Avoid self + if sw.nodeInfo.PubKey.Equals(peer.PubKey().Wrap()) { + return errors.New("Ignoring connection from self") + } + + // Filter peer against white list if err := sw.FilterConnByAddr(peer.Addr()); err != nil { return err } - if err := sw.FilterConnByPubKey(peer.PubKey()); err != nil { return err } @@ -244,9 +249,10 @@ func (sw *Switch) addPeer(peer *peer) error { return err } - // Avoid self - if sw.nodeInfo.PubKey.Equals(peer.PubKey().Wrap()) { - return errors.New("Ignoring connection from self") + // Avoid duplicate + if sw.peers.Has(peer.Key()) { + return ErrSwitchDuplicatePeer + } // Check version, chain id @@ -254,12 +260,6 @@ func (sw *Switch) addPeer(peer *peer) error { return err } - // Check for duplicate peer - if sw.peers.Has(peer.Key()) { - return ErrSwitchDuplicatePeer - - } - // Start peer if sw.IsRunning() { sw.startInitPeer(peer) diff --git a/p2p/types.go b/p2p/types.go index 63494d9cd..860132902 100644 --- a/p2p/types.go +++ b/p2p/types.go @@ -12,13 +12,13 @@ import ( const maxNodeInfoSize = 10240 // 10Kb type NodeInfo struct { - PubKey crypto.PubKey `json:"pub_key"` - Moniker string `json:"moniker"` - Network string `json:"network"` - RemoteAddr string `json:"remote_addr"` - ListenAddr string `json:"listen_addr"` - Version string `json:"version"` // major.minor.revision - Other []string `json:"other"` // other application specific data + PubKey crypto.PubKey `json:"pub_key"` // authenticated pubkey + Moniker string `json:"moniker"` // arbitrary moniker + Network string `json:"network"` // network/chain ID + RemoteAddr string `json:"remote_addr"` // address for the connection + ListenAddr string `json:"listen_addr"` // accepting incoming + Version string `json:"version"` // major.minor.revision + Other []string `json:"other"` // other application specific data } // CONTRACT: two nodes are compatible if the major/minor versions match and network match From b289d2baf44ae52ec9ee44b83d4f9ce2c56919b4 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 1 Jan 2018 20:21:42 -0500 Subject: [PATCH 017/188] persistent node key and ID --- config/config.go | 9 ++++ node/node.go | 16 +++++-- p2p/key.go | 111 +++++++++++++++++++++++++++++++++++++++++++++ p2p/key_test.go | 49 ++++++++++++++++++++ p2p/switch.go | 33 +++++++++----- p2p/switch_test.go | 4 +- 6 files changed, 204 insertions(+), 18 deletions(-) create mode 100644 p2p/key.go create mode 100644 p2p/key_test.go diff --git a/config/config.go b/config/config.go index 5d4a8ef65..6018dc8de 100644 --- a/config/config.go +++ b/config/config.go @@ -72,6 +72,9 @@ type BaseConfig struct { // A JSON file containing the private key to use as a validator in the consensus protocol PrivValidator string `mapstructure:"priv_validator_file"` + // A JSON file containing the private key to use for p2p authenticated encryption + NodeKey string `mapstructure:"node_key"` + // A custom human readable name for this node Moniker string `mapstructure:"moniker"` @@ -109,6 +112,7 @@ func DefaultBaseConfig() BaseConfig { return BaseConfig{ Genesis: "genesis.json", PrivValidator: "priv_validator.json", + NodeKey: "node_key.json", Moniker: defaultMoniker, ProxyApp: "tcp://127.0.0.1:46658", ABCI: "socket", @@ -141,6 +145,11 @@ func (b BaseConfig) PrivValidatorFile() string { return rootify(b.PrivValidator, b.RootDir) } +// NodeKeyFile returns the full path to the node_key.json file +func (b BaseConfig) NodeKeyFile() string { + return rootify(b.NodeKey, b.RootDir) +} + // DBDir returns the full path to the database directory func (b BaseConfig) DBDir() string { return rootify(b.DBPath, b.RootDir) diff --git a/node/node.go b/node/node.go index 7f845f902..0027c6802 100644 --- a/node/node.go +++ b/node/node.go @@ -367,12 +367,20 @@ func (n *Node) OnStart() error { n.sw.AddListener(l) // Generate node PrivKey - // TODO: Load - privKey := crypto.GenPrivKeyEd25519().Wrap() + // TODO: both the loading function and the target + // will need to be configurable + difficulty := uint8(16) // number of leading 0s in bitstring + target := p2p.MakePoWTarget(difficulty) + nodeKey, err := p2p.LoadOrGenNodeKey(n.config.NodeKeyFile(), target) + if err != nil { + return err + } + n.Logger.Info("P2P Node ID", "ID", nodeKey.ID(), "file", n.config.NodeKeyFile()) // Start the switch - n.sw.SetNodeInfo(n.makeNodeInfo(privKey.PubKey())) - n.sw.SetNodePrivKey(privKey) + n.sw.SetNodeInfo(n.makeNodeInfo(nodeKey.PubKey())) + n.sw.SetNodeKey(nodeKey) + n.sw.SetPeerIDTarget(target) err = n.sw.Start() if err != nil { return err diff --git a/p2p/key.go b/p2p/key.go new file mode 100644 index 000000000..aa2ac7677 --- /dev/null +++ b/p2p/key.go @@ -0,0 +1,111 @@ +package p2p + +import ( + "bytes" + "encoding/json" + "fmt" + "io/ioutil" + "math/big" + + crypto "github.com/tendermint/go-crypto" + cmn "github.com/tendermint/tmlibs/common" +) + +//------------------------------------------------------------------------------ +// Persistent peer ID +// TODO: encrypt on disk + +// NodeKey is the persistent peer key. +// It contains the nodes private key for authentication. +type NodeKey struct { + PrivKey crypto.PrivKey `json:"priv_key"` // our priv key +} + +// ID returns the peer's canonical ID - the hash of its public key. +func (nodeKey *NodeKey) ID() []byte { + return nodeKey.PrivKey.PubKey().Address() +} + +// PubKey returns the peer's PubKey +func (nodeKey *NodeKey) PubKey() crypto.PubKey { + return nodeKey.PrivKey.PubKey() +} + +// LoadOrGenNodeKey attempts to load the NodeKey from the given filePath, +// and checks that the corresponding ID is less than the target. +// If the file does not exist, it generates and saves a new NodeKey +// with ID less than target. +func LoadOrGenNodeKey(filePath string, target []byte) (*NodeKey, error) { + if cmn.FileExists(filePath) { + nodeKey, err := loadNodeKey(filePath) + if err != nil { + return nil, err + } + if bytes.Compare(nodeKey.ID(), target) >= 0 { + return nil, fmt.Errorf("Loaded ID (%X) does not satisfy target (%X)", nodeKey.ID(), target) + } + return nodeKey, nil + } else { + return genNodeKey(filePath, target) + } +} + +// MakePoWTarget returns a 20 byte target byte array. +func MakePoWTarget(difficulty uint8) []byte { + zeroPrefixLen := (int(difficulty) / 8) + prefix := bytes.Repeat([]byte{0}, zeroPrefixLen) + mod := (difficulty % 8) + if mod > 0 { + nonZeroPrefix := byte(1 << (8 - mod)) + prefix = append(prefix, nonZeroPrefix) + } + return append(prefix, bytes.Repeat([]byte{255}, 20-len(prefix))...) +} + +func loadNodeKey(filePath string) (*NodeKey, error) { + jsonBytes, err := ioutil.ReadFile(filePath) + if err != nil { + return nil, err + } + nodeKey := new(NodeKey) + err = json.Unmarshal(jsonBytes, nodeKey) + if err != nil { + return nil, fmt.Errorf("Error reading NodeKey from %v: %v\n", filePath, err) + } + return nodeKey, nil +} + +func genNodeKey(filePath string, target []byte) (*NodeKey, error) { + privKey := genPrivKeyEd25519PoW(target).Wrap() + nodeKey := &NodeKey{ + PrivKey: privKey, + } + + jsonBytes, err := json.Marshal(nodeKey) + if err != nil { + return nil, err + } + err = ioutil.WriteFile(filePath, jsonBytes, 0600) + if err != nil { + return nil, err + } + return nodeKey, nil +} + +// generate key with address satisfying the difficult target +func genPrivKeyEd25519PoW(target []byte) crypto.PrivKeyEd25519 { + secret := crypto.CRandBytes(32) + var privKey crypto.PrivKeyEd25519 + for i := 0; ; i++ { + privKey = crypto.GenPrivKeyEd25519FromSecret(secret) + if bytes.Compare(privKey.PubKey().Address(), target) < 0 { + break + } + z := new(big.Int) + z.SetBytes(secret) + z = z.Add(z, big.NewInt(1)) + secret = z.Bytes() + + } + return privKey +} diff --git a/p2p/key_test.go b/p2p/key_test.go new file mode 100644 index 000000000..ef885e55d --- /dev/null +++ b/p2p/key_test.go @@ -0,0 +1,49 @@ +package p2p + +import ( + "bytes" + "os" + "path/filepath" + "testing" + + "github.com/stretchr/testify/assert" + cmn "github.com/tendermint/tmlibs/common" +) + +func TestLoadOrGenNodeKey(t *testing.T) { + filePath := filepath.Join(os.TempDir(), cmn.RandStr(12)+"_peer_id.json") + + target := MakePoWTarget(2) + nodeKey, err := LoadOrGenNodeKey(filePath, target) + assert.Nil(t, err) + + nodeKey2, err := LoadOrGenNodeKey(filePath, target) + assert.Nil(t, err) + + assert.Equal(t, nodeKey, nodeKey2) +} + +func repeatBytes(val byte, n int) []byte { + return bytes.Repeat([]byte{val}, n) +} + +func TestPoWTarget(t *testing.T) { + + cases := []struct { + difficulty uint8 + target []byte + }{ + {0, bytes.Repeat([]byte{255}, 20)}, + {1, append([]byte{128}, repeatBytes(255, 19)...)}, + {8, append([]byte{0}, repeatBytes(255, 19)...)}, + {9, append([]byte{0, 128}, repeatBytes(255, 18)...)}, + {10, append([]byte{0, 64}, repeatBytes(255, 18)...)}, + {16, append([]byte{0, 0}, repeatBytes(255, 18)...)}, + {17, append([]byte{0, 0, 128}, repeatBytes(255, 17)...)}, + } + + for _, c := range cases { + assert.Equal(t, MakePoWTarget(c.difficulty), c.target) + } + +} diff --git a/p2p/switch.go b/p2p/switch.go index d4e3b3484..344c3c1e1 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -81,8 +81,9 @@ type Switch struct { reactorsByCh map[byte]Reactor peers *PeerSet dialing *cmn.CMap - nodeInfo *NodeInfo // our node info - nodePrivKey crypto.PrivKey // our node privkey + nodeInfo *NodeInfo // our node info + nodeKey *NodeKey // our node privkey + peerIDTarget []byte filterConnByAddr func(net.Addr) error filterConnByPubKey func(crypto.PubKey) error @@ -181,16 +182,22 @@ func (sw *Switch) NodeInfo() *NodeInfo { return sw.nodeInfo } -// SetNodePrivKey sets the switch's private key for authenticated encryption. +// SetNodeKey sets the switch's private key for authenticated encryption. // NOTE: Overwrites sw.nodeInfo.PubKey. // NOTE: Not goroutine safe. -func (sw *Switch) SetNodePrivKey(nodePrivKey crypto.PrivKey) { - sw.nodePrivKey = nodePrivKey +func (sw *Switch) SetNodeKey(nodeKey *NodeKey) { + sw.nodeKey = nodeKey if sw.nodeInfo != nil { - sw.nodeInfo.PubKey = nodePrivKey.PubKey() + sw.nodeInfo.PubKey = nodeKey.PubKey() } } +// SetPeerIDTarget sets the target for incoming peer ID's - +// the ID must be less than the target +func (sw *Switch) SetPeerIDTarget(target []byte) { + sw.peerIDTarget = target +} + // OnStart implements BaseService. It starts all the reactors, peers, and listeners. func (sw *Switch) OnStart() error { // Start reactors @@ -370,7 +377,7 @@ func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, defer sw.dialing.Delete(addr.IP.String()) sw.Logger.Info("Dialing peer", "address", addr) - peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodePrivKey, sw.peerConfig) + peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, sw.peerConfig) if err != nil { sw.Logger.Error("Failed to dial peer", "address", addr, "err", err) return nil, err @@ -598,24 +605,26 @@ func StartSwitches(switches []*Switch) error { } func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch func(int, *Switch) *Switch) *Switch { - privKey := crypto.GenPrivKeyEd25519() // new switch, add reactors // TODO: let the config be passed in? + nodeKey := &NodeKey{ + PrivKey: crypto.GenPrivKeyEd25519().Wrap(), + } s := initSwitch(i, NewSwitch(cfg)) s.SetNodeInfo(&NodeInfo{ - PubKey: privKey.PubKey(), + PubKey: nodeKey.PubKey(), Moniker: cmn.Fmt("switch%d", i), Network: network, Version: version, RemoteAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), ListenAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), }) - s.SetNodePrivKey(privKey.Wrap()) + s.SetNodeKey(nodeKey) return s } func (sw *Switch) addPeerWithConnection(conn net.Conn) error { - peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodePrivKey, sw.peerConfig) + peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, sw.peerConfig) if err != nil { if err := conn.Close(); err != nil { sw.Logger.Error("Error closing connection", "err", err) @@ -632,7 +641,7 @@ func (sw *Switch) addPeerWithConnection(conn net.Conn) error { } func (sw *Switch) addPeerWithConnectionAndConfig(conn net.Conn, config *PeerConfig) error { - peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodePrivKey, config) + peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config) if err != nil { if err := conn.Close(); err != nil { sw.Logger.Error("Error closing connection", "err", err) diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 1d6d869af..6c606a67a 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -236,7 +236,7 @@ func TestSwitchStopsNonPersistentPeerOnError(t *testing.T) { rp.Start() defer rp.Stop() - peer, err := newOutboundPeer(rp.Addr(), sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodePrivKey, DefaultPeerConfig()) + peer, err := newOutboundPeer(rp.Addr(), sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, DefaultPeerConfig()) require.Nil(err) err = sw.addPeer(peer) require.Nil(err) @@ -263,7 +263,7 @@ func TestSwitchReconnectsToPersistentPeer(t *testing.T) { rp.Start() defer rp.Stop() - peer, err := newOutboundPeer(rp.Addr(), sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodePrivKey, DefaultPeerConfig()) + peer, err := newOutboundPeer(rp.Addr(), sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, DefaultPeerConfig()) peer.makePersistent() require.Nil(err) err = sw.addPeer(peer) From a17105fd46ec6c6926ffe27487790f83446eecea Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 1 Jan 2018 21:27:38 -0500 Subject: [PATCH 018/188] p2p: peer.Key -> peer.ID --- benchmarks/codec_test.go | 6 ++-- blockchain/pool.go | 33 +++++++++++---------- blockchain/pool_test.go | 15 +++++----- blockchain/reactor.go | 10 +++---- blockchain/reactor_test.go | 12 ++++---- consensus/reactor.go | 10 +++---- consensus/replay.go | 12 ++++---- consensus/state.go | 47 +++++++++++++++--------------- consensus/types/height_vote_set.go | 15 +++++----- consensus/wal.go | 2 +- p2p/key.go | 17 +++++++++-- p2p/peer.go | 16 +++++----- p2p/peer_set.go | 24 +++++++-------- p2p/peer_set_test.go | 12 ++++---- p2p/pex_reactor.go | 3 +- p2p/switch.go | 2 +- p2p/switch_test.go | 4 +-- rpc/core/consensus.go | 5 ++-- rpc/core/types/responses.go | 2 +- types/vote_set.go | 7 +++-- 20 files changed, 137 insertions(+), 117 deletions(-) diff --git a/benchmarks/codec_test.go b/benchmarks/codec_test.go index 631b303eb..209fcd3ba 100644 --- a/benchmarks/codec_test.go +++ b/benchmarks/codec_test.go @@ -17,7 +17,7 @@ func BenchmarkEncodeStatusWire(b *testing.B) { pubKey := crypto.GenPrivKeyEd25519().PubKey() status := &ctypes.ResultStatus{ NodeInfo: &p2p.NodeInfo{ - PubKey: pubKey.Unwrap().(crypto.PubKeyEd25519), + PubKey: pubKey, Moniker: "SOMENAME", Network: "SOMENAME", RemoteAddr: "SOMEADDR", @@ -42,7 +42,7 @@ func BenchmarkEncodeStatusWire(b *testing.B) { func BenchmarkEncodeNodeInfoWire(b *testing.B) { b.StopTimer() - pubKey := crypto.GenPrivKeyEd25519().PubKey().Unwrap().(crypto.PubKeyEd25519) + pubKey := crypto.GenPrivKeyEd25519().PubKey() nodeInfo := &p2p.NodeInfo{ PubKey: pubKey, Moniker: "SOMENAME", @@ -63,7 +63,7 @@ func BenchmarkEncodeNodeInfoWire(b *testing.B) { func BenchmarkEncodeNodeInfoBinary(b *testing.B) { b.StopTimer() - pubKey := crypto.GenPrivKeyEd25519().PubKey().Unwrap().(crypto.PubKeyEd25519) + pubKey := crypto.GenPrivKeyEd25519().PubKey() nodeInfo := &p2p.NodeInfo{ PubKey: pubKey, Moniker: "SOMENAME", diff --git a/blockchain/pool.go b/blockchain/pool.go index e39749dc0..f3148e6c5 100644 --- a/blockchain/pool.go +++ b/blockchain/pool.go @@ -5,6 +5,7 @@ import ( "sync" "time" + "github.com/tendermint/tendermint/p2p" "github.com/tendermint/tendermint/types" cmn "github.com/tendermint/tmlibs/common" flow "github.com/tendermint/tmlibs/flowrate" @@ -56,16 +57,16 @@ type BlockPool struct { height int64 // the lowest key in requesters. numPending int32 // number of requests pending assignment or block response // peers - peers map[string]*bpPeer + peers map[p2p.ID]*bpPeer maxPeerHeight int64 requestsCh chan<- BlockRequest - timeoutsCh chan<- string + timeoutsCh chan<- p2p.ID } -func NewBlockPool(start int64, requestsCh chan<- BlockRequest, timeoutsCh chan<- string) *BlockPool { +func NewBlockPool(start int64, requestsCh chan<- BlockRequest, timeoutsCh chan<- p2p.ID) *BlockPool { bp := &BlockPool{ - peers: make(map[string]*bpPeer), + peers: make(map[p2p.ID]*bpPeer), requesters: make(map[int64]*bpRequester), height: start, @@ -210,7 +211,7 @@ func (pool *BlockPool) RedoRequest(height int64) { } // TODO: ensure that blocks come in order for each peer. -func (pool *BlockPool) AddBlock(peerID string, block *types.Block, blockSize int) { +func (pool *BlockPool) AddBlock(peerID p2p.ID, block *types.Block, blockSize int) { pool.mtx.Lock() defer pool.mtx.Unlock() @@ -240,7 +241,7 @@ func (pool *BlockPool) MaxPeerHeight() int64 { } // Sets the peer's alleged blockchain height. -func (pool *BlockPool) SetPeerHeight(peerID string, height int64) { +func (pool *BlockPool) SetPeerHeight(peerID p2p.ID, height int64) { pool.mtx.Lock() defer pool.mtx.Unlock() @@ -258,14 +259,14 @@ func (pool *BlockPool) SetPeerHeight(peerID string, height int64) { } } -func (pool *BlockPool) RemovePeer(peerID string) { +func (pool *BlockPool) RemovePeer(peerID p2p.ID) { pool.mtx.Lock() defer pool.mtx.Unlock() pool.removePeer(peerID) } -func (pool *BlockPool) removePeer(peerID string) { +func (pool *BlockPool) removePeer(peerID p2p.ID) { for _, requester := range pool.requesters { if requester.getPeerID() == peerID { if requester.getBlock() != nil { @@ -321,14 +322,14 @@ func (pool *BlockPool) requestersLen() int64 { return int64(len(pool.requesters)) } -func (pool *BlockPool) sendRequest(height int64, peerID string) { +func (pool *BlockPool) sendRequest(height int64, peerID p2p.ID) { if !pool.IsRunning() { return } pool.requestsCh <- BlockRequest{height, peerID} } -func (pool *BlockPool) sendTimeout(peerID string) { +func (pool *BlockPool) sendTimeout(peerID p2p.ID) { if !pool.IsRunning() { return } @@ -357,7 +358,7 @@ func (pool *BlockPool) debug() string { type bpPeer struct { pool *BlockPool - id string + id p2p.ID recvMonitor *flow.Monitor height int64 @@ -368,7 +369,7 @@ type bpPeer struct { logger log.Logger } -func newBPPeer(pool *BlockPool, peerID string, height int64) *bpPeer { +func newBPPeer(pool *BlockPool, peerID p2p.ID, height int64) *bpPeer { peer := &bpPeer{ pool: pool, id: peerID, @@ -434,7 +435,7 @@ type bpRequester struct { redoCh chan struct{} mtx sync.Mutex - peerID string + peerID p2p.ID block *types.Block } @@ -458,7 +459,7 @@ func (bpr *bpRequester) OnStart() error { } // Returns true if the peer matches -func (bpr *bpRequester) setBlock(block *types.Block, peerID string) bool { +func (bpr *bpRequester) setBlock(block *types.Block, peerID p2p.ID) bool { bpr.mtx.Lock() if bpr.block != nil || bpr.peerID != peerID { bpr.mtx.Unlock() @@ -477,7 +478,7 @@ func (bpr *bpRequester) getBlock() *types.Block { return bpr.block } -func (bpr *bpRequester) getPeerID() string { +func (bpr *bpRequester) getPeerID() p2p.ID { bpr.mtx.Lock() defer bpr.mtx.Unlock() return bpr.peerID @@ -551,5 +552,5 @@ OUTER_LOOP: type BlockRequest struct { Height int64 - PeerID string + PeerID p2p.ID } diff --git a/blockchain/pool_test.go b/blockchain/pool_test.go index 3e347fd29..0cdbc3a9e 100644 --- a/blockchain/pool_test.go +++ b/blockchain/pool_test.go @@ -5,6 +5,7 @@ import ( "testing" "time" + "github.com/tendermint/tendermint/p2p" "github.com/tendermint/tendermint/types" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" @@ -15,14 +16,14 @@ func init() { } type testPeer struct { - id string + id p2p.ID height int64 } -func makePeers(numPeers int, minHeight, maxHeight int64) map[string]testPeer { - peers := make(map[string]testPeer, numPeers) +func makePeers(numPeers int, minHeight, maxHeight int64) map[p2p.ID]testPeer { + peers := make(map[p2p.ID]testPeer, numPeers) for i := 0; i < numPeers; i++ { - peerID := cmn.RandStr(12) + peerID := p2p.ID(cmn.RandStr(12)) height := minHeight + rand.Int63n(maxHeight-minHeight) peers[peerID] = testPeer{peerID, height} } @@ -32,7 +33,7 @@ func makePeers(numPeers int, minHeight, maxHeight int64) map[string]testPeer { func TestBasic(t *testing.T) { start := int64(42) peers := makePeers(10, start+1, 1000) - timeoutsCh := make(chan string, 100) + timeoutsCh := make(chan p2p.ID, 100) requestsCh := make(chan BlockRequest, 100) pool := NewBlockPool(start, requestsCh, timeoutsCh) pool.SetLogger(log.TestingLogger()) @@ -89,7 +90,7 @@ func TestBasic(t *testing.T) { func TestTimeout(t *testing.T) { start := int64(42) peers := makePeers(10, start+1, 1000) - timeoutsCh := make(chan string, 100) + timeoutsCh := make(chan p2p.ID, 100) requestsCh := make(chan BlockRequest, 100) pool := NewBlockPool(start, requestsCh, timeoutsCh) pool.SetLogger(log.TestingLogger()) @@ -127,7 +128,7 @@ func TestTimeout(t *testing.T) { // Pull from channels counter := 0 - timedOut := map[string]struct{}{} + timedOut := map[p2p.ID]struct{}{} for { select { case peerID := <-timeoutsCh: diff --git a/blockchain/reactor.go b/blockchain/reactor.go index d4b803dd6..701e04f68 100644 --- a/blockchain/reactor.go +++ b/blockchain/reactor.go @@ -52,7 +52,7 @@ type BlockchainReactor struct { pool *BlockPool fastSync bool requestsCh chan BlockRequest - timeoutsCh chan string + timeoutsCh chan p2p.ID } // NewBlockchainReactor returns new reactor instance. @@ -62,7 +62,7 @@ func NewBlockchainReactor(state sm.State, blockExec *sm.BlockExecutor, store *Bl } requestsCh := make(chan BlockRequest, defaultChannelCapacity) - timeoutsCh := make(chan string, defaultChannelCapacity) + timeoutsCh := make(chan p2p.ID, defaultChannelCapacity) pool := NewBlockPool( store.Height()+1, requestsCh, @@ -131,7 +131,7 @@ func (bcR *BlockchainReactor) AddPeer(peer p2p.Peer) { // RemovePeer implements Reactor by removing peer from the pool. func (bcR *BlockchainReactor) RemovePeer(peer p2p.Peer, reason interface{}) { - bcR.pool.RemovePeer(peer.Key()) + bcR.pool.RemovePeer(peer.ID()) } // respondToPeer loads a block and sends it to the requesting peer, @@ -170,7 +170,7 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) } case *bcBlockResponseMessage: // Got a block. - bcR.pool.AddBlock(src.Key(), msg.Block, len(msgBytes)) + bcR.pool.AddBlock(src.ID(), msg.Block, len(msgBytes)) case *bcStatusRequestMessage: // Send peer our state. queued := src.TrySend(BlockchainChannel, struct{ BlockchainMessage }{&bcStatusResponseMessage{bcR.store.Height()}}) @@ -179,7 +179,7 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) } case *bcStatusResponseMessage: // Got a peer status. Unverified. - bcR.pool.SetPeerHeight(src.Key(), msg.Height) + bcR.pool.SetPeerHeight(src.ID(), msg.Height) default: bcR.Logger.Error(cmn.Fmt("Unknown message type %v", reflect.TypeOf(msg))) } diff --git a/blockchain/reactor_test.go b/blockchain/reactor_test.go index fcb8a6f86..5bdd28694 100644 --- a/blockchain/reactor_test.go +++ b/blockchain/reactor_test.go @@ -55,7 +55,7 @@ func TestNoBlockMessageResponse(t *testing.T) { defer bcr.Stop() // Add some peers in - peer := newbcrTestPeer(cmn.RandStr(12)) + peer := newbcrTestPeer(p2p.ID(cmn.RandStr(12))) bcr.AddPeer(peer) chID := byte(0x01) @@ -113,16 +113,16 @@ func makeBlock(height int64, state sm.State) *types.Block { // The Test peer type bcrTestPeer struct { cmn.Service - key string - ch chan interface{} + id p2p.ID + ch chan interface{} } var _ p2p.Peer = (*bcrTestPeer)(nil) -func newbcrTestPeer(key string) *bcrTestPeer { +func newbcrTestPeer(id p2p.ID) *bcrTestPeer { return &bcrTestPeer{ Service: cmn.NewBaseService(nil, "bcrTestPeer", nil), - key: key, + id: id, ch: make(chan interface{}, 2), } } @@ -144,7 +144,7 @@ func (tp *bcrTestPeer) TrySend(chID byte, value interface{}) bool { func (tp *bcrTestPeer) Send(chID byte, data interface{}) bool { return tp.TrySend(chID, data) } func (tp *bcrTestPeer) NodeInfo() *p2p.NodeInfo { return nil } func (tp *bcrTestPeer) Status() p2p.ConnectionStatus { return p2p.ConnectionStatus{} } -func (tp *bcrTestPeer) Key() string { return tp.key } +func (tp *bcrTestPeer) ID() p2p.ID { return tp.id } func (tp *bcrTestPeer) IsOutbound() bool { return false } func (tp *bcrTestPeer) IsPersistent() bool { return true } func (tp *bcrTestPeer) Get(s string) interface{} { return s } diff --git a/consensus/reactor.go b/consensus/reactor.go index 9b3393e94..3f6ab506c 100644 --- a/consensus/reactor.go +++ b/consensus/reactor.go @@ -205,7 +205,7 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) return } // Peer claims to have a maj23 for some BlockID at H,R,S, - votes.SetPeerMaj23(msg.Round, msg.Type, ps.Peer.Key(), msg.BlockID) + votes.SetPeerMaj23(msg.Round, msg.Type, ps.Peer.ID(), msg.BlockID) // Respond with a VoteSetBitsMessage showing which votes we have. // (and consequently shows which we don't have) var ourVotes *cmn.BitArray @@ -242,12 +242,12 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) switch msg := msg.(type) { case *ProposalMessage: ps.SetHasProposal(msg.Proposal) - conR.conS.peerMsgQueue <- msgInfo{msg, src.Key()} + conR.conS.peerMsgQueue <- msgInfo{msg, src.ID()} case *ProposalPOLMessage: ps.ApplyProposalPOLMessage(msg) case *BlockPartMessage: ps.SetHasProposalBlockPart(msg.Height, msg.Round, msg.Part.Index) - conR.conS.peerMsgQueue <- msgInfo{msg, src.Key()} + conR.conS.peerMsgQueue <- msgInfo{msg, src.ID()} default: conR.Logger.Error(cmn.Fmt("Unknown message type %v", reflect.TypeOf(msg))) } @@ -267,7 +267,7 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) ps.EnsureVoteBitArrays(height-1, lastCommitSize) ps.SetHasVote(msg.Vote) - cs.peerMsgQueue <- msgInfo{msg, src.Key()} + cs.peerMsgQueue <- msgInfo{msg, src.ID()} default: // don't punish (leave room for soft upgrades) @@ -1200,7 +1200,7 @@ func (ps *PeerState) StringIndented(indent string) string { %s Key %v %s PRS %v %s}`, - indent, ps.Peer.Key(), + indent, ps.Peer.ID(), indent, ps.PeerRoundState.StringIndented(indent+" "), indent) } diff --git a/consensus/replay.go b/consensus/replay.go index 784e8bd6e..881571077 100644 --- a/consensus/replay.go +++ b/consensus/replay.go @@ -61,21 +61,21 @@ func (cs *ConsensusState) readReplayMessage(msg *TimedWALMessage, newStepCh chan } } case msgInfo: - peerKey := m.PeerKey - if peerKey == "" { - peerKey = "local" + peerID := m.PeerID + if peerID == "" { + peerID = "local" } switch msg := m.Msg.(type) { case *ProposalMessage: p := msg.Proposal cs.Logger.Info("Replay: Proposal", "height", p.Height, "round", p.Round, "header", - p.BlockPartsHeader, "pol", p.POLRound, "peer", peerKey) + p.BlockPartsHeader, "pol", p.POLRound, "peer", peerID) case *BlockPartMessage: - cs.Logger.Info("Replay: BlockPart", "height", msg.Height, "round", msg.Round, "peer", peerKey) + cs.Logger.Info("Replay: BlockPart", "height", msg.Height, "round", msg.Round, "peer", peerID) case *VoteMessage: v := msg.Vote cs.Logger.Info("Replay: Vote", "height", v.Height, "round", v.Round, "type", v.Type, - "blockID", v.BlockID, "peer", peerKey) + "blockID", v.BlockID, "peer", peerID) } cs.handleMsg(m) diff --git a/consensus/state.go b/consensus/state.go index 518d81c58..56070b03a 100644 --- a/consensus/state.go +++ b/consensus/state.go @@ -17,6 +17,7 @@ import ( cfg "github.com/tendermint/tendermint/config" cstypes "github.com/tendermint/tendermint/consensus/types" + "github.com/tendermint/tendermint/p2p" sm "github.com/tendermint/tendermint/state" "github.com/tendermint/tendermint/types" ) @@ -46,8 +47,8 @@ var ( // msgs from the reactor which may update the state type msgInfo struct { - Msg ConsensusMessage `json:"msg"` - PeerKey string `json:"peer_key"` + Msg ConsensusMessage `json:"msg"` + PeerID p2p.ID `json:"peer_key"` } // internally generated messages which may update the state @@ -303,17 +304,17 @@ func (cs *ConsensusState) OpenWAL(walFile string) (WAL, error) { //------------------------------------------------------------ // Public interface for passing messages into the consensus state, possibly causing a state transition. -// If peerKey == "", the msg is considered internal. +// If peerID == "", the msg is considered internal. // Messages are added to the appropriate queue (peer or internal). // If the queue is full, the function may block. // TODO: should these return anything or let callers just use events? // AddVote inputs a vote. -func (cs *ConsensusState) AddVote(vote *types.Vote, peerKey string) (added bool, err error) { - if peerKey == "" { +func (cs *ConsensusState) AddVote(vote *types.Vote, peerID p2p.ID) (added bool, err error) { + if peerID == "" { cs.internalMsgQueue <- msgInfo{&VoteMessage{vote}, ""} } else { - cs.peerMsgQueue <- msgInfo{&VoteMessage{vote}, peerKey} + cs.peerMsgQueue <- msgInfo{&VoteMessage{vote}, peerID} } // TODO: wait for event?! @@ -321,12 +322,12 @@ func (cs *ConsensusState) AddVote(vote *types.Vote, peerKey string) (added bool, } // SetProposal inputs a proposal. -func (cs *ConsensusState) SetProposal(proposal *types.Proposal, peerKey string) error { +func (cs *ConsensusState) SetProposal(proposal *types.Proposal, peerID p2p.ID) error { - if peerKey == "" { + if peerID == "" { cs.internalMsgQueue <- msgInfo{&ProposalMessage{proposal}, ""} } else { - cs.peerMsgQueue <- msgInfo{&ProposalMessage{proposal}, peerKey} + cs.peerMsgQueue <- msgInfo{&ProposalMessage{proposal}, peerID} } // TODO: wait for event?! @@ -334,12 +335,12 @@ func (cs *ConsensusState) SetProposal(proposal *types.Proposal, peerKey string) } // AddProposalBlockPart inputs a part of the proposal block. -func (cs *ConsensusState) AddProposalBlockPart(height int64, round int, part *types.Part, peerKey string) error { +func (cs *ConsensusState) AddProposalBlockPart(height int64, round int, part *types.Part, peerID p2p.ID) error { - if peerKey == "" { + if peerID == "" { cs.internalMsgQueue <- msgInfo{&BlockPartMessage{height, round, part}, ""} } else { - cs.peerMsgQueue <- msgInfo{&BlockPartMessage{height, round, part}, peerKey} + cs.peerMsgQueue <- msgInfo{&BlockPartMessage{height, round, part}, peerID} } // TODO: wait for event?! @@ -347,13 +348,13 @@ func (cs *ConsensusState) AddProposalBlockPart(height int64, round int, part *ty } // SetProposalAndBlock inputs the proposal and all block parts. -func (cs *ConsensusState) SetProposalAndBlock(proposal *types.Proposal, block *types.Block, parts *types.PartSet, peerKey string) error { - if err := cs.SetProposal(proposal, peerKey); err != nil { +func (cs *ConsensusState) SetProposalAndBlock(proposal *types.Proposal, block *types.Block, parts *types.PartSet, peerID p2p.ID) error { + if err := cs.SetProposal(proposal, peerID); err != nil { return err } for i := 0; i < parts.Total(); i++ { part := parts.GetPart(i) - if err := cs.AddProposalBlockPart(proposal.Height, proposal.Round, part, peerKey); err != nil { + if err := cs.AddProposalBlockPart(proposal.Height, proposal.Round, part, peerID); err != nil { return err } } @@ -561,7 +562,7 @@ func (cs *ConsensusState) handleMsg(mi msgInfo) { defer cs.mtx.Unlock() var err error - msg, peerKey := mi.Msg, mi.PeerKey + msg, peerID := mi.Msg, mi.PeerID switch msg := msg.(type) { case *ProposalMessage: // will not cause transition. @@ -569,14 +570,14 @@ func (cs *ConsensusState) handleMsg(mi msgInfo) { err = cs.setProposal(msg.Proposal) case *BlockPartMessage: // if the proposal is complete, we'll enterPrevote or tryFinalizeCommit - _, err = cs.addProposalBlockPart(msg.Height, msg.Part, peerKey != "") + _, err = cs.addProposalBlockPart(msg.Height, msg.Part, peerID != "") if err != nil && msg.Round != cs.Round { err = nil } case *VoteMessage: // attempt to add the vote and dupeout the validator if its a duplicate signature // if the vote gives us a 2/3-any or 2/3-one, we transition - err := cs.tryAddVote(msg.Vote, peerKey) + err := cs.tryAddVote(msg.Vote, peerID) if err == ErrAddingVote { // TODO: punish peer } @@ -591,7 +592,7 @@ func (cs *ConsensusState) handleMsg(mi msgInfo) { cs.Logger.Error("Unknown msg type", reflect.TypeOf(msg)) } if err != nil { - cs.Logger.Error("Error with msg", "type", reflect.TypeOf(msg), "peer", peerKey, "err", err, "msg", msg) + cs.Logger.Error("Error with msg", "type", reflect.TypeOf(msg), "peer", peerID, "err", err, "msg", msg) } } @@ -1308,8 +1309,8 @@ func (cs *ConsensusState) addProposalBlockPart(height int64, part *types.Part, v } // Attempt to add the vote. if its a duplicate signature, dupeout the validator -func (cs *ConsensusState) tryAddVote(vote *types.Vote, peerKey string) error { - _, err := cs.addVote(vote, peerKey) +func (cs *ConsensusState) tryAddVote(vote *types.Vote, peerID p2p.ID) error { + _, err := cs.addVote(vote, peerID) if err != nil { // If the vote height is off, we'll just ignore it, // But if it's a conflicting sig, add it to the cs.evpool. @@ -1335,7 +1336,7 @@ func (cs *ConsensusState) tryAddVote(vote *types.Vote, peerKey string) error { //----------------------------------------------------------------------------- -func (cs *ConsensusState) addVote(vote *types.Vote, peerKey string) (added bool, err error) { +func (cs *ConsensusState) addVote(vote *types.Vote, peerID p2p.ID) (added bool, err error) { cs.Logger.Debug("addVote", "voteHeight", vote.Height, "voteType", vote.Type, "valIndex", vote.ValidatorIndex, "csHeight", cs.Height) // A precommit for the previous height? @@ -1365,7 +1366,7 @@ func (cs *ConsensusState) addVote(vote *types.Vote, peerKey string) (added bool, // A prevote/precommit for this height? if vote.Height == cs.Height { height := cs.Height - added, err = cs.Votes.AddVote(vote, peerKey) + added, err = cs.Votes.AddVote(vote, peerID) if added { cs.eventBus.PublishEventVote(types.EventDataVote{vote}) diff --git a/consensus/types/height_vote_set.go b/consensus/types/height_vote_set.go index 0a0a25fea..1435cf421 100644 --- a/consensus/types/height_vote_set.go +++ b/consensus/types/height_vote_set.go @@ -4,6 +4,7 @@ import ( "strings" "sync" + "github.com/tendermint/tendermint/p2p" "github.com/tendermint/tendermint/types" cmn "github.com/tendermint/tmlibs/common" ) @@ -35,7 +36,7 @@ type HeightVoteSet struct { mtx sync.Mutex round int // max tracked round roundVoteSets map[int]RoundVoteSet // keys: [0...round] - peerCatchupRounds map[string][]int // keys: peer.Key; values: at most 2 rounds + peerCatchupRounds map[p2p.ID][]int // keys: peer.ID; values: at most 2 rounds } func NewHeightVoteSet(chainID string, height int64, valSet *types.ValidatorSet) *HeightVoteSet { @@ -53,7 +54,7 @@ func (hvs *HeightVoteSet) Reset(height int64, valSet *types.ValidatorSet) { hvs.height = height hvs.valSet = valSet hvs.roundVoteSets = make(map[int]RoundVoteSet) - hvs.peerCatchupRounds = make(map[string][]int) + hvs.peerCatchupRounds = make(map[p2p.ID][]int) hvs.addRound(0) hvs.round = 0 @@ -101,8 +102,8 @@ func (hvs *HeightVoteSet) addRound(round int) { } // Duplicate votes return added=false, err=nil. -// By convention, peerKey is "" if origin is self. -func (hvs *HeightVoteSet) AddVote(vote *types.Vote, peerKey string) (added bool, err error) { +// By convention, peerID is "" if origin is self. +func (hvs *HeightVoteSet) AddVote(vote *types.Vote, peerID p2p.ID) (added bool, err error) { hvs.mtx.Lock() defer hvs.mtx.Unlock() if !types.IsVoteTypeValid(vote.Type) { @@ -110,10 +111,10 @@ func (hvs *HeightVoteSet) AddVote(vote *types.Vote, peerKey string) (added bool, } voteSet := hvs.getVoteSet(vote.Round, vote.Type) if voteSet == nil { - if rndz := hvs.peerCatchupRounds[peerKey]; len(rndz) < 2 { + if rndz := hvs.peerCatchupRounds[peerID]; len(rndz) < 2 { hvs.addRound(vote.Round) voteSet = hvs.getVoteSet(vote.Round, vote.Type) - hvs.peerCatchupRounds[peerKey] = append(rndz, vote.Round) + hvs.peerCatchupRounds[peerID] = append(rndz, vote.Round) } else { // Peer has sent a vote that does not match our round, // for more than one round. Bad peer! @@ -206,7 +207,7 @@ func (hvs *HeightVoteSet) StringIndented(indent string) string { // NOTE: if there are too many peers, or too much peer churn, // this can cause memory issues. // TODO: implement ability to remove peers too -func (hvs *HeightVoteSet) SetPeerMaj23(round int, type_ byte, peerID string, blockID types.BlockID) { +func (hvs *HeightVoteSet) SetPeerMaj23(round int, type_ byte, peerID p2p.ID, blockID types.BlockID) { hvs.mtx.Lock() defer hvs.mtx.Unlock() if !types.IsVoteTypeValid(type_) { diff --git a/consensus/wal.go b/consensus/wal.go index dfbef8790..88218940d 100644 --- a/consensus/wal.go +++ b/consensus/wal.go @@ -121,7 +121,7 @@ func (wal *baseWAL) Save(msg WALMessage) { if wal.light { // in light mode we only write new steps, timeouts, and our own votes (no proposals, block parts) if mi, ok := msg.(msgInfo); ok { - if mi.PeerKey != "" { + if mi.PeerID != "" { return } } diff --git a/p2p/key.go b/p2p/key.go index aa2ac7677..eede7ce7c 100644 --- a/p2p/key.go +++ b/p2p/key.go @@ -2,6 +2,7 @@ package p2p import ( "bytes" + "encoding/hex" "encoding/json" "fmt" "io/ioutil" @@ -21,8 +22,14 @@ type NodeKey struct { PrivKey crypto.PrivKey `json:"priv_key"` // our priv key } +type ID string + // ID returns the peer's canonical ID - the hash of its public key. -func (nodeKey *NodeKey) ID() []byte { +func (nodeKey *NodeKey) ID() ID { + return ID(hex.EncodeToString(nodeKey.id())) +} + +func (nodeKey *NodeKey) id() []byte { return nodeKey.PrivKey.PubKey().Address() } @@ -31,6 +38,10 @@ func (nodeKey *NodeKey) PubKey() crypto.PubKey { return nodeKey.PrivKey.PubKey() } +func (nodeKey *NodeKey) SatisfiesTarget(target []byte) bool { + return bytes.Compare(nodeKey.id(), target) < 0 +} + // LoadOrGenNodeKey attempts to load the NodeKey from the given filePath, // and checks that the corresponding ID is less than the target. // If the file does not exist, it generates and saves a new NodeKey @@ -41,8 +52,8 @@ func LoadOrGenNodeKey(filePath string, target []byte) (*NodeKey, error) { if err != nil { return nil, err } - if bytes.Compare(nodeKey.ID(), target) >= 0 { - return nil, fmt.Errorf("Loaded ID (%X) does not satisfy target (%X)", nodeKey.ID(), target) + if !nodeKey.SatisfiesTarget(target) { + return nil, fmt.Errorf("Loaded ID (%s) does not satisfy target (%X)", nodeKey.ID(), target) } return nodeKey, nil } else { diff --git a/p2p/peer.go b/p2p/peer.go index e2e73f0f3..35556a597 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -1,6 +1,7 @@ package p2p import ( + "encoding/hex" "fmt" "net" "time" @@ -17,7 +18,7 @@ import ( type Peer interface { cmn.Service - Key() string + ID() ID IsOutbound() bool IsPersistent() bool NodeInfo() *NodeInfo @@ -282,15 +283,15 @@ func (p *peer) CanSend(chID byte) bool { // String representation. func (p *peer) String() string { if p.outbound { - return fmt.Sprintf("Peer{%v %v out}", p.mconn, p.Key()) + return fmt.Sprintf("Peer{%v %v out}", p.mconn, p.ID()) } - return fmt.Sprintf("Peer{%v %v in}", p.mconn, p.Key()) + return fmt.Sprintf("Peer{%v %v in}", p.mconn, p.ID()) } // Equals reports whenever 2 peers are actually represent the same node. func (p *peer) Equals(other Peer) bool { - return p.Key() == other.Key() + return p.ID() == other.ID() } // Get the data for a given key. @@ -303,10 +304,9 @@ func (p *peer) Set(key string, data interface{}) { p.Data.Set(key, data) } -// Key returns the peer's id key. -// TODO: call this ID -func (p *peer) Key() string { - return p.nodeInfo.ListenAddr // XXX: should probably be PubKey.KeyString() +// Key returns the peer's ID - the hex encoded hash of its pubkey. +func (p *peer) ID() ID { + return ID(hex.EncodeToString(p.nodeInfo.PubKey.Address())) } // NodeInfo returns a copy of the peer's NodeInfo. diff --git a/p2p/peer_set.go b/p2p/peer_set.go index c21748cf9..dc53174a1 100644 --- a/p2p/peer_set.go +++ b/p2p/peer_set.go @@ -6,8 +6,8 @@ import ( // IPeerSet has a (immutable) subset of the methods of PeerSet. type IPeerSet interface { - Has(key string) bool - Get(key string) Peer + Has(key ID) bool + Get(key ID) Peer List() []Peer Size() int } @@ -18,7 +18,7 @@ type IPeerSet interface { // Iteration over the peers is super fast and thread-safe. type PeerSet struct { mtx sync.Mutex - lookup map[string]*peerSetItem + lookup map[ID]*peerSetItem list []Peer } @@ -30,7 +30,7 @@ type peerSetItem struct { // NewPeerSet creates a new peerSet with a list of initial capacity of 256 items. func NewPeerSet() *PeerSet { return &PeerSet{ - lookup: make(map[string]*peerSetItem), + lookup: make(map[ID]*peerSetItem), list: make([]Peer, 0, 256), } } @@ -40,7 +40,7 @@ func NewPeerSet() *PeerSet { func (ps *PeerSet) Add(peer Peer) error { ps.mtx.Lock() defer ps.mtx.Unlock() - if ps.lookup[peer.Key()] != nil { + if ps.lookup[peer.ID()] != nil { return ErrSwitchDuplicatePeer } @@ -48,13 +48,13 @@ func (ps *PeerSet) Add(peer Peer) error { // Appending is safe even with other goroutines // iterating over the ps.list slice. ps.list = append(ps.list, peer) - ps.lookup[peer.Key()] = &peerSetItem{peer, index} + ps.lookup[peer.ID()] = &peerSetItem{peer, index} return nil } // Has returns true iff the PeerSet contains // the peer referred to by this peerKey. -func (ps *PeerSet) Has(peerKey string) bool { +func (ps *PeerSet) Has(peerKey ID) bool { ps.mtx.Lock() _, ok := ps.lookup[peerKey] ps.mtx.Unlock() @@ -62,7 +62,7 @@ func (ps *PeerSet) Has(peerKey string) bool { } // Get looks up a peer by the provided peerKey. -func (ps *PeerSet) Get(peerKey string) Peer { +func (ps *PeerSet) Get(peerKey ID) Peer { ps.mtx.Lock() defer ps.mtx.Unlock() item, ok := ps.lookup[peerKey] @@ -77,7 +77,7 @@ func (ps *PeerSet) Get(peerKey string) Peer { func (ps *PeerSet) Remove(peer Peer) { ps.mtx.Lock() defer ps.mtx.Unlock() - item := ps.lookup[peer.Key()] + item := ps.lookup[peer.ID()] if item == nil { return } @@ -90,18 +90,18 @@ func (ps *PeerSet) Remove(peer Peer) { // If it's the last peer, that's an easy special case. if index == len(ps.list)-1 { ps.list = newList - delete(ps.lookup, peer.Key()) + delete(ps.lookup, peer.ID()) return } // Replace the popped item with the last item in the old list. lastPeer := ps.list[len(ps.list)-1] - lastPeerKey := lastPeer.Key() + lastPeerKey := lastPeer.ID() lastPeerItem := ps.lookup[lastPeerKey] newList[index] = lastPeer lastPeerItem.index = index ps.list = newList - delete(ps.lookup, peer.Key()) + delete(ps.lookup, peer.ID()) } // Size returns the number of unique items in the peerSet. diff --git a/p2p/peer_set_test.go b/p2p/peer_set_test.go index a7f29315a..609c49004 100644 --- a/p2p/peer_set_test.go +++ b/p2p/peer_set_test.go @@ -7,6 +7,7 @@ import ( "github.com/stretchr/testify/assert" + crypto "github.com/tendermint/go-crypto" cmn "github.com/tendermint/tmlibs/common" ) @@ -16,6 +17,7 @@ func randPeer() *peer { nodeInfo: &NodeInfo{ RemoteAddr: cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256), ListenAddr: cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256), + PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, } } @@ -39,7 +41,7 @@ func TestPeerSetAddRemoveOne(t *testing.T) { peerSet.Remove(peerAtFront) wantSize := n - i - 1 for j := 0; j < 2; j++ { - assert.Equal(t, false, peerSet.Has(peerAtFront.Key()), "#%d Run #%d: failed to remove peer", i, j) + assert.Equal(t, false, peerSet.Has(peerAtFront.ID()), "#%d Run #%d: failed to remove peer", i, j) assert.Equal(t, wantSize, peerSet.Size(), "#%d Run #%d: failed to remove peer and decrement size", i, j) // Test the route of removing the now non-existent element peerSet.Remove(peerAtFront) @@ -58,7 +60,7 @@ func TestPeerSetAddRemoveOne(t *testing.T) { for i := n - 1; i >= 0; i-- { peerAtEnd := peerList[i] peerSet.Remove(peerAtEnd) - assert.Equal(t, false, peerSet.Has(peerAtEnd.Key()), "#%d: failed to remove item at end", i) + assert.Equal(t, false, peerSet.Has(peerAtEnd.ID()), "#%d: failed to remove item at end", i) assert.Equal(t, i, peerSet.Size(), "#%d: differing sizes after peerSet.Remove(atEndPeer)", i) } } @@ -82,7 +84,7 @@ func TestPeerSetAddRemoveMany(t *testing.T) { for i, peer := range peers { peerSet.Remove(peer) - if peerSet.Has(peer.Key()) { + if peerSet.Has(peer.ID()) { t.Errorf("Failed to remove peer") } if peerSet.Size() != len(peers)-i-1 { @@ -129,7 +131,7 @@ func TestPeerSetGet(t *testing.T) { t.Parallel() peerSet := NewPeerSet() peer := randPeer() - assert.Nil(t, peerSet.Get(peer.Key()), "expecting a nil lookup, before .Add") + assert.Nil(t, peerSet.Get(peer.ID()), "expecting a nil lookup, before .Add") if err := peerSet.Add(peer); err != nil { t.Fatalf("Failed to add new peer: %v", err) @@ -142,7 +144,7 @@ func TestPeerSetGet(t *testing.T) { wg.Add(1) go func(i int) { defer wg.Done() - got, want := peerSet.Get(peer.Key()), peer + got, want := peerSet.Get(peer.ID()), peer assert.Equal(t, got, want, "#%d: got=%v want=%v", i, got, want) }(i) } diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 2bfe7dcab..17b9d61ac 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -265,7 +265,8 @@ func (r *PEXReactor) ensurePeers() { continue } // XXX: Should probably use pubkey as peer key ... - if connected := r.Switch.Peers().Has(try.String()); connected { + // TODO: use the ID correctly + if connected := r.Switch.Peers().Has(ID(try.String())); connected { continue } r.Logger.Info("Will dial address", "addr", try) diff --git a/p2p/switch.go b/p2p/switch.go index 344c3c1e1..4da9355a1 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -257,7 +257,7 @@ func (sw *Switch) addPeer(peer *peer) error { } // Avoid duplicate - if sw.peers.Has(peer.Key()) { + if sw.peers.Has(peer.ID()) { return ErrSwitchDuplicatePeer } diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 6c606a67a..7d61fa39a 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -28,7 +28,7 @@ func init() { } type PeerMessage struct { - PeerKey string + PeerID ID Bytes []byte Counter int } @@ -77,7 +77,7 @@ func (tr *TestReactor) Receive(chID byte, peer Peer, msgBytes []byte) { tr.mtx.Lock() defer tr.mtx.Unlock() //fmt.Printf("Received: %X, %X\n", chID, msgBytes) - tr.msgsReceived[chID] = append(tr.msgsReceived[chID], PeerMessage{peer.Key(), msgBytes, tr.msgsCounter}) + tr.msgsReceived[chID] = append(tr.msgsReceived[chID], PeerMessage{peer.ID(), msgBytes, tr.msgsCounter}) tr.msgsCounter++ } } diff --git a/rpc/core/consensus.go b/rpc/core/consensus.go index 65c9fc364..25b67925c 100644 --- a/rpc/core/consensus.go +++ b/rpc/core/consensus.go @@ -3,6 +3,7 @@ package core import ( cm "github.com/tendermint/tendermint/consensus" cstypes "github.com/tendermint/tendermint/consensus/types" + p2p "github.com/tendermint/tendermint/p2p" ctypes "github.com/tendermint/tendermint/rpc/core/types" sm "github.com/tendermint/tendermint/state" "github.com/tendermint/tendermint/types" @@ -82,11 +83,11 @@ func Validators(heightPtr *int64) (*ctypes.ResultValidators, error) { // } // ``` func DumpConsensusState() (*ctypes.ResultDumpConsensusState, error) { - peerRoundStates := make(map[string]*cstypes.PeerRoundState) + peerRoundStates := make(map[p2p.ID]*cstypes.PeerRoundState) for _, peer := range p2pSwitch.Peers().List() { peerState := peer.Get(types.PeerStateKey).(*cm.PeerState) peerRoundState := peerState.GetRoundState() - peerRoundStates[peer.Key()] = peerRoundState + peerRoundStates[peer.ID()] = peerRoundState } return &ctypes.ResultDumpConsensusState{consensusState.GetRoundState(), peerRoundStates}, nil } diff --git a/rpc/core/types/responses.go b/rpc/core/types/responses.go index dae7c0046..97d227c1d 100644 --- a/rpc/core/types/responses.go +++ b/rpc/core/types/responses.go @@ -99,7 +99,7 @@ type ResultValidators struct { type ResultDumpConsensusState struct { RoundState *cstypes.RoundState `json:"round_state"` - PeerRoundStates map[string]*cstypes.PeerRoundState `json:"peer_round_states"` + PeerRoundStates map[p2p.ID]*cstypes.PeerRoundState `json:"peer_round_states"` } type ResultBroadcastTx struct { diff --git a/types/vote_set.go b/types/vote_set.go index 34f989567..a97676f6e 100644 --- a/types/vote_set.go +++ b/types/vote_set.go @@ -8,6 +8,7 @@ import ( "github.com/pkg/errors" + "github.com/tendermint/tendermint/p2p" cmn "github.com/tendermint/tmlibs/common" ) @@ -58,7 +59,7 @@ type VoteSet struct { sum int64 // Sum of voting power for seen votes, discounting conflicts maj23 *BlockID // First 2/3 majority seen votesByBlock map[string]*blockVotes // string(blockHash|blockParts) -> blockVotes - peerMaj23s map[string]BlockID // Maj23 for each peer + peerMaj23s map[p2p.ID]BlockID // Maj23 for each peer } // Constructs a new VoteSet struct used to accumulate votes for given height/round. @@ -77,7 +78,7 @@ func NewVoteSet(chainID string, height int64, round int, type_ byte, valSet *Val sum: 0, maj23: nil, votesByBlock: make(map[string]*blockVotes, valSet.Size()), - peerMaj23s: make(map[string]BlockID), + peerMaj23s: make(map[p2p.ID]BlockID), } } @@ -290,7 +291,7 @@ func (voteSet *VoteSet) addVerifiedVote(vote *Vote, blockKey string, votingPower // this can cause memory issues. // TODO: implement ability to remove peers too // NOTE: VoteSet must not be nil -func (voteSet *VoteSet) SetPeerMaj23(peerID string, blockID BlockID) { +func (voteSet *VoteSet) SetPeerMaj23(peerID p2p.ID, blockID BlockID) { if voteSet == nil { cmn.PanicSanity("SetPeerMaj23() on nil VoteSet") } From 7d35500e6b8f8d7110cd6c64d6204d84c87fee25 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 1 Jan 2018 22:34:49 -0500 Subject: [PATCH 019/188] p2p: add ID to NetAddress and use for AddrBook --- p2p/addrbook.go | 34 +++++++++++++++++++--------------- p2p/addrbook_test.go | 5 ++++- p2p/key.go | 4 ++-- p2p/netaddress.go | 10 ++++++++-- p2p/pex_reactor.go | 19 ++++++++++--------- p2p/pex_reactor_test.go | 2 ++ p2p/switch.go | 18 ++++++++++-------- 7 files changed, 55 insertions(+), 37 deletions(-) diff --git a/p2p/addrbook.go b/p2p/addrbook.go index 8f924d129..6ccec61f7 100644 --- a/p2p/addrbook.go +++ b/p2p/addrbook.go @@ -89,7 +89,7 @@ type AddrBook struct { mtx sync.Mutex rand *rand.Rand ourAddrs map[string]*NetAddress - addrLookup map[string]*knownAddress // new & old + addrLookup map[ID]*knownAddress // new & old bucketsOld []map[string]*knownAddress bucketsNew []map[string]*knownAddress nOld int @@ -104,7 +104,7 @@ func NewAddrBook(filePath string, routabilityStrict bool) *AddrBook { am := &AddrBook{ rand: rand.New(rand.NewSource(time.Now().UnixNano())), ourAddrs: make(map[string]*NetAddress), - addrLookup: make(map[string]*knownAddress), + addrLookup: make(map[ID]*knownAddress), filePath: filePath, routabilityStrict: routabilityStrict, } @@ -244,11 +244,11 @@ func (a *AddrBook) PickAddress(newBias int) *NetAddress { } // MarkGood marks the peer as good and moves it into an "old" bucket. -// XXX: we never call this! +// TODO: call this from somewhere func (a *AddrBook) MarkGood(addr *NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() - ka := a.addrLookup[addr.String()] + ka := a.addrLookup[addr.ID] if ka == nil { return } @@ -262,7 +262,7 @@ func (a *AddrBook) MarkGood(addr *NetAddress) { func (a *AddrBook) MarkAttempt(addr *NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() - ka := a.addrLookup[addr.String()] + ka := a.addrLookup[addr.ID] if ka == nil { return } @@ -279,11 +279,11 @@ func (a *AddrBook) MarkBad(addr *NetAddress) { func (a *AddrBook) RemoveAddress(addr *NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() - ka := a.addrLookup[addr.String()] + ka := a.addrLookup[addr.ID] if ka == nil { return } - a.Logger.Info("Remove address from book", "addr", addr) + a.Logger.Info("Remove address from book", "addr", ka.Addr) a.removeFromAllBuckets(ka) } @@ -300,8 +300,8 @@ func (a *AddrBook) GetSelection() []*NetAddress { allAddr := make([]*NetAddress, a.size()) i := 0 - for _, v := range a.addrLookup { - allAddr[i] = v.Addr + for _, ka := range a.addrLookup { + allAddr[i] = ka.Addr i++ } @@ -388,7 +388,7 @@ func (a *AddrBook) loadFromFile(filePath string) bool { bucket := a.getBucket(ka.BucketType, bucketIndex) bucket[ka.Addr.String()] = ka } - a.addrLookup[ka.Addr.String()] = ka + a.addrLookup[ka.ID()] = ka if ka.BucketType == bucketTypeNew { a.nNew++ } else { @@ -466,7 +466,7 @@ func (a *AddrBook) addToNewBucket(ka *knownAddress, bucketIdx int) bool { } // Ensure in addrLookup - a.addrLookup[addrStr] = ka + a.addrLookup[ka.ID()] = ka return true } @@ -503,7 +503,7 @@ func (a *AddrBook) addToOldBucket(ka *knownAddress, bucketIdx int) bool { } // Ensure in addrLookup - a.addrLookup[addrStr] = ka + a.addrLookup[ka.ID()] = ka return true } @@ -521,7 +521,7 @@ func (a *AddrBook) removeFromBucket(ka *knownAddress, bucketType byte, bucketIdx } else { a.nOld-- } - delete(a.addrLookup, ka.Addr.String()) + delete(a.addrLookup, ka.ID()) } } @@ -536,7 +536,7 @@ func (a *AddrBook) removeFromAllBuckets(ka *knownAddress) { } else { a.nOld-- } - delete(a.addrLookup, ka.Addr.String()) + delete(a.addrLookup, ka.ID()) } func (a *AddrBook) pickOldest(bucketType byte, bucketIdx int) *knownAddress { @@ -559,7 +559,7 @@ func (a *AddrBook) addAddress(addr, src *NetAddress) error { return fmt.Errorf("Cannot add ourselves with address %v", addr) } - ka := a.addrLookup[addr.String()] + ka := a.addrLookup[addr.ID] if ka != nil { // Already old. @@ -768,6 +768,10 @@ func newKnownAddress(addr *NetAddress, src *NetAddress) *knownAddress { } } +func (ka *knownAddress) ID() ID { + return ka.Addr.ID +} + func (ka *knownAddress) isOld() bool { return ka.BucketType == bucketTypeOld } diff --git a/p2p/addrbook_test.go b/p2p/addrbook_test.go index d84c008ed..07ab3474c 100644 --- a/p2p/addrbook_test.go +++ b/p2p/addrbook_test.go @@ -1,12 +1,14 @@ package p2p import ( + "encoding/hex" "fmt" "io/ioutil" "math/rand" "testing" "github.com/stretchr/testify/assert" + cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" ) @@ -102,7 +104,7 @@ func TestAddrBookLookup(t *testing.T) { src := addrSrc.src book.AddAddress(addr, src) - ka := book.addrLookup[addr.String()] + ka := book.addrLookup[addr.ID] assert.NotNil(t, ka, "Expected to find KnownAddress %v but wasn't there.", addr) if !(ka.Addr.Equals(addr) && ka.Src.Equals(src)) { @@ -188,6 +190,7 @@ func randIPv4Address(t *testing.T) *NetAddress { ) port := rand.Intn(65535-1) + 1 addr, err := NewNetAddressString(fmt.Sprintf("%v:%v", ip, port)) + addr.ID = ID(hex.EncodeToString(cmn.RandBytes(20))) // TODO assert.Nil(t, err, "error generating rand network address") if addr.Routable() { return addr diff --git a/p2p/key.go b/p2p/key.go index eede7ce7c..d0031458d 100644 --- a/p2p/key.go +++ b/p2p/key.go @@ -12,6 +12,8 @@ import ( cmn "github.com/tendermint/tmlibs/common" ) +type ID string + //------------------------------------------------------------------------------ // Persistent peer ID // TODO: encrypt on disk @@ -22,8 +24,6 @@ type NodeKey struct { PrivKey crypto.PrivKey `json:"priv_key"` // our priv key } -type ID string - // ID returns the peer's canonical ID - the hash of its public key. func (nodeKey *NodeKey) ID() ID { return ID(hex.EncodeToString(nodeKey.id())) diff --git a/p2p/netaddress.go b/p2p/netaddress.go index 41c2cc976..8176cfde4 100644 --- a/p2p/netaddress.go +++ b/p2p/netaddress.go @@ -16,8 +16,9 @@ import ( ) // NetAddress defines information about a peer on the network -// including its IP address, and port. +// including its ID, IP address, and port. type NetAddress struct { + ID ID IP net.IP Port uint16 str string @@ -122,10 +123,15 @@ func (na *NetAddress) Less(other interface{}) bool { // String representation. func (na *NetAddress) String() string { if na.str == "" { - na.str = net.JoinHostPort( + + addrStr := net.JoinHostPort( na.IP.String(), strconv.FormatUint(uint64(na.Port), 10), ) + if na.ID != "" { + addrStr = fmt.Sprintf("%s@%s", na.ID, addrStr) + } + na.str = addrStr } return na.str } diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 17b9d61ac..47169a1b4 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -107,6 +107,7 @@ func (r *PEXReactor) AddPeer(p Peer) { } } else { // For inbound connections, the peer is its own source addr, err := NewNetAddressString(p.NodeInfo().ListenAddr) + addr.ID = p.ID() // TODO: handle in NewNetAddress func if err != nil { // peer gave us a bad ListenAddr. TODO: punish r.Logger.Error("Error in AddPeer: invalid peer address", "addr", p.NodeInfo().ListenAddr, "err", err) @@ -154,9 +155,9 @@ func (r *PEXReactor) Receive(chID byte, src Peer, msgBytes []byte) { case *pexAddrsMessage: // We received some peer addresses from src. // TODO: (We don't want to get spammed with bad peers) - for _, addr := range msg.Addrs { - if addr != nil { - r.book.AddAddress(addr, srcAddr) + for _, netAddr := range msg.Addrs { + if netAddr != nil { + r.book.AddAddress(netAddr, srcAddr) } } default: @@ -170,8 +171,8 @@ func (r *PEXReactor) RequestPEX(p Peer) { } // SendAddrs sends addrs to the peer. -func (r *PEXReactor) SendAddrs(p Peer, addrs []*NetAddress) { - p.Send(PexChannel, struct{ PexMessage }{&pexAddrsMessage{Addrs: addrs}}) +func (r *PEXReactor) SendAddrs(p Peer, netAddrs []*NetAddress) { + p.Send(PexChannel, struct{ PexMessage }{&pexAddrsMessage{Addrs: netAddrs}}) } // SetEnsurePeersPeriod sets period to ensure peers connected. @@ -258,19 +259,19 @@ func (r *PEXReactor) ensurePeers() { if try == nil { continue } - if _, selected := toDial[try.IP.String()]; selected { + if _, selected := toDial[string(try.ID)]; selected { continue } - if dialling := r.Switch.IsDialing(try); dialling { + if dialling := r.Switch.IsDialing(try.ID); dialling { continue } // XXX: Should probably use pubkey as peer key ... // TODO: use the ID correctly - if connected := r.Switch.Peers().Has(ID(try.String())); connected { + if connected := r.Switch.Peers().Has(try.ID); connected { continue } r.Logger.Info("Will dial address", "addr", try) - toDial[try.IP.String()] = try + toDial[string(try.ID)] = try } // Dial picked addresses diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index a14f0eb2a..a830b6c44 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -10,6 +10,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + crypto "github.com/tendermint/go-crypto" wire "github.com/tendermint/go-wire" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" @@ -197,6 +198,7 @@ func createRandomPeer(outbound bool) *peer { nodeInfo: &NodeInfo{ ListenAddr: addr, RemoteAddr: netAddr.String(), + PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, outbound: outbound, mconn: &MConnection{RemoteAddress: netAddr}, diff --git a/p2p/switch.go b/p2p/switch.go index 4da9355a1..8c89ee01d 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -325,6 +325,7 @@ func (sw *Switch) startInitPeer(peer *peer) { // DialSeeds dials a list of seeds asynchronously in random order. func (sw *Switch) DialSeeds(addrBook *AddrBook, seeds []string) error { netAddrs, errs := NewNetAddressStrings(seeds) + // TODO: IDs for _, err := range errs { sw.Logger.Error("Error in seed's address", "err", err) } @@ -373,8 +374,8 @@ func (sw *Switch) dialSeed(addr *NetAddress) { // DialPeerWithAddress dials the given peer and runs sw.addPeer if it connects successfully. // If `persistent == true`, the switch will always try to reconnect to this peer if the connection ever fails. func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, error) { - sw.dialing.Set(addr.IP.String(), addr) - defer sw.dialing.Delete(addr.IP.String()) + sw.dialing.Set(string(addr.ID), addr) + defer sw.dialing.Delete(string(addr.ID)) sw.Logger.Info("Dialing peer", "address", addr) peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, sw.peerConfig) @@ -396,9 +397,9 @@ func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, return peer, nil } -// IsDialing returns true if the switch is currently dialing the given address. -func (sw *Switch) IsDialing(addr *NetAddress) bool { - return sw.dialing.Has(addr.IP.String()) +// IsDialing returns true if the switch is currently dialing the given ID. +func (sw *Switch) IsDialing(id ID) bool { + return sw.dialing.Has(string(id)) } // Broadcast runs a go routine for each attempted send, which will block @@ -454,7 +455,8 @@ func (sw *Switch) StopPeerForError(peer Peer, reason interface{}) { // If no success after all that, it stops trying, and leaves it // to the PEX/Addrbook to find the peer again func (sw *Switch) reconnectToPeer(peer Peer) { - addr, _ := NewNetAddressString(peer.NodeInfo().RemoteAddr) + netAddr, _ := NewNetAddressString(peer.NodeInfo().RemoteAddr) + netAddr.ID = peer.ID() // TODO: handle above start := time.Now() sw.Logger.Info("Reconnecting to peer", "peer", peer) for i := 0; i < reconnectAttempts; i++ { @@ -462,7 +464,7 @@ func (sw *Switch) reconnectToPeer(peer Peer) { return } - peer, err := sw.DialPeerWithAddress(addr, true) + peer, err := sw.DialPeerWithAddress(netAddr, true) if err != nil { sw.Logger.Info("Error reconnecting to peer. Trying again", "tries", i, "err", err, "peer", peer) // sleep a set amount @@ -484,7 +486,7 @@ func (sw *Switch) reconnectToPeer(peer Peer) { // sleep an exponentially increasing amount sleepIntervalSeconds := math.Pow(reconnectBackOffBaseSeconds, float64(i)) sw.randomSleep(time.Duration(sleepIntervalSeconds) * time.Second) - peer, err := sw.DialPeerWithAddress(addr, true) + peer, err := sw.DialPeerWithAddress(netAddr, true) if err != nil { sw.Logger.Info("Error reconnecting to peer. Trying again", "tries", i, "err", err, "peer", peer) continue From 6e823c6e8735c5e351f054f7f608b0ddc81d81c4 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 1 Jan 2018 23:08:20 -0500 Subject: [PATCH 020/188] p2p: support addr format ID@IP:PORT --- p2p/connection.go | 6 ---- p2p/netaddress.go | 63 +++++++++++++++++++++++++---------------- p2p/netaddress_test.go | 14 +++++++-- p2p/peer_test.go | 2 +- p2p/pex_reactor_test.go | 2 +- p2p/switch.go | 2 ++ 6 files changed, 54 insertions(+), 35 deletions(-) diff --git a/p2p/connection.go b/p2p/connection.go index 626aeb10f..306eaf7eb 100644 --- a/p2p/connection.go +++ b/p2p/connection.go @@ -88,9 +88,6 @@ type MConnection struct { flushTimer *cmn.ThrottleTimer // flush writes as necessary but throttled. pingTimer *cmn.RepeatTimer // send pings periodically chStatsTimer *cmn.RepeatTimer // update channel stats periodically - - LocalAddress *NetAddress - RemoteAddress *NetAddress } // MConnConfig is a MConnection configuration. @@ -140,9 +137,6 @@ func NewMConnectionWithConfig(conn net.Conn, chDescs []*ChannelDescriptor, onRec onReceive: onReceive, onError: onError, config: config, - - LocalAddress: NewNetAddress(conn.LocalAddr()), - RemoteAddress: NewNetAddress(conn.RemoteAddr()), } // Create channels diff --git a/p2p/netaddress.go b/p2p/netaddress.go index 8176cfde4..d804e3488 100644 --- a/p2p/netaddress.go +++ b/p2p/netaddress.go @@ -5,6 +5,7 @@ package p2p import ( + "encoding/hex" "flag" "fmt" "net" @@ -12,6 +13,7 @@ import ( "strings" "time" + "github.com/pkg/errors" cmn "github.com/tendermint/tmlibs/common" ) @@ -29,25 +31,45 @@ type NetAddress struct { // using 0.0.0.0:0. When normal run, other net.Addr (except TCP) will // panic. // TODO: socks proxies? -func NewNetAddress(addr net.Addr) *NetAddress { +func NewNetAddress(id ID, addr net.Addr) *NetAddress { tcpAddr, ok := addr.(*net.TCPAddr) if !ok { if flag.Lookup("test.v") == nil { // normal run cmn.PanicSanity(cmn.Fmt("Only TCPAddrs are supported. Got: %v", addr)) } else { // in testing - return NewNetAddressIPPort(net.IP("0.0.0.0"), 0) + netAddr := NewNetAddressIPPort(net.IP("0.0.0.0"), 0) + netAddr.ID = id + return netAddr } } ip := tcpAddr.IP port := uint16(tcpAddr.Port) - return NewNetAddressIPPort(ip, port) + netAddr := NewNetAddressIPPort(ip, port) + netAddr.ID = id + return netAddr } // NewNetAddressString returns a new NetAddress using the provided // address in the form of "IP:Port". Also resolves the host if host // is not an IP. func NewNetAddressString(addr string) (*NetAddress, error) { - host, portStr, err := net.SplitHostPort(removeProtocolIfDefined(addr)) + addr = removeProtocolIfDefined(addr) + + var id ID + spl := strings.Split(addr, "@") + if len(spl) == 2 { + idStr := spl[0] + idBytes, err := hex.DecodeString(idStr) + if err != nil { + return nil, errors.Wrap(err, fmt.Sprintf("Address (%s) contains invalid ID", addr)) + } + if len(idBytes) != 20 { + return nil, fmt.Errorf("Address (%s) contains ID of invalid length (%d). Should be 20 hex-encoded bytes", len(idBytes)) + } + id, addr = ID(idStr), spl[1] + } + + host, portStr, err := net.SplitHostPort(addr) if err != nil { return nil, err } @@ -69,6 +91,7 @@ func NewNetAddressString(addr string) (*NetAddress, error) { } na := NewNetAddressIPPort(ip, uint16(port)) + na.ID = id return na, nil } @@ -94,10 +117,6 @@ func NewNetAddressIPPort(ip net.IP, port uint16) *NetAddress { na := &NetAddress{ IP: ip, Port: port, - str: net.JoinHostPort( - ip.String(), - strconv.FormatUint(uint64(port), 10), - ), } return na } @@ -111,23 +130,10 @@ func (na *NetAddress) Equals(other interface{}) bool { return false } -func (na *NetAddress) Less(other interface{}) bool { - if o, ok := other.(*NetAddress); ok { - return na.String() < o.String() - } - - cmn.PanicSanity("Cannot compare unequal types") - return false -} - -// String representation. +// String representation: @: func (na *NetAddress) String() string { if na.str == "" { - - addrStr := net.JoinHostPort( - na.IP.String(), - strconv.FormatUint(uint64(na.Port), 10), - ) + addrStr := na.DialString() if na.ID != "" { addrStr = fmt.Sprintf("%s@%s", na.ID, addrStr) } @@ -136,9 +142,16 @@ func (na *NetAddress) String() string { return na.str } +func (na *NetAddress) DialString() string { + return net.JoinHostPort( + na.IP.String(), + strconv.FormatUint(uint64(na.Port), 10), + ) +} + // Dial calls net.Dial on the address. func (na *NetAddress) Dial() (net.Conn, error) { - conn, err := net.Dial("tcp", na.String()) + conn, err := net.Dial("tcp", na.DialString()) if err != nil { return nil, err } @@ -147,7 +160,7 @@ func (na *NetAddress) Dial() (net.Conn, error) { // DialTimeout calls net.DialTimeout on the address. func (na *NetAddress) DialTimeout(timeout time.Duration) (net.Conn, error) { - conn, err := net.DialTimeout("tcp", na.String(), timeout) + conn, err := net.DialTimeout("tcp", na.DialString(), timeout) if err != nil { return nil, err } diff --git a/p2p/netaddress_test.go b/p2p/netaddress_test.go index 137be090c..0aa45423c 100644 --- a/p2p/netaddress_test.go +++ b/p2p/netaddress_test.go @@ -13,12 +13,12 @@ func TestNewNetAddress(t *testing.T) { tcpAddr, err := net.ResolveTCPAddr("tcp", "127.0.0.1:8080") require.Nil(err) - addr := NewNetAddress(tcpAddr) + addr := NewNetAddress("", tcpAddr) assert.Equal("127.0.0.1:8080", addr.String()) assert.NotPanics(func() { - NewNetAddress(&net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 8000}) + NewNetAddress("", &net.UDPAddr{IP: net.ParseIP("127.0.0.1"), Port: 8000}) }, "Calling NewNetAddress with UDPAddr should not panic in testing") } @@ -38,6 +38,16 @@ func TestNewNetAddressString(t *testing.T) { {"notahost:8080", "", false}, {"8082", "", false}, {"127.0.0:8080000", "", false}, + + {"deadbeef@127.0.0.1:8080", "", false}, + {"this-isnot-hex@127.0.0.1:8080", "", false}, + {"xxxxbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", "", false}, + {"deadbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", "deadbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", true}, + + {"tcp://deadbeef@127.0.0.1:8080", "", false}, + {"tcp://this-isnot-hex@127.0.0.1:8080", "", false}, + {"tcp://xxxxbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", "", false}, + {"tcp://deadbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", "deadbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", true}, } for _, tc := range testCases { diff --git a/p2p/peer_test.go b/p2p/peer_test.go index a2884b336..78a4e2f5b 100644 --- a/p2p/peer_test.go +++ b/p2p/peer_test.go @@ -122,7 +122,7 @@ func (p *remotePeer) Start() { if e != nil { golog.Fatalf("net.Listen tcp :0: %+v", e) } - p.addr = NewNetAddress(l.Addr()) + p.addr = NewNetAddress("", l.Addr()) p.quit = make(chan struct{}) go p.accept(l) } diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index a830b6c44..22703746e 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -201,7 +201,7 @@ func createRandomPeer(outbound bool) *peer { PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, outbound: outbound, - mconn: &MConnection{RemoteAddress: netAddr}, + mconn: &MConnection{}, } p.SetLogger(log.TestingLogger().With("peer", addr)) return p diff --git a/p2p/switch.go b/p2p/switch.go index 8c89ee01d..22d3d5a5f 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -12,6 +12,7 @@ import ( crypto "github.com/tendermint/go-crypto" cfg "github.com/tendermint/tendermint/config" cmn "github.com/tendermint/tmlibs/common" + "github.com/tendermint/tmlibs/log" ) const ( @@ -622,6 +623,7 @@ func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch f ListenAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), }) s.SetNodeKey(nodeKey) + s.SetLogger(log.TestingLogger()) return s } From 488ae529add8d90c7835991978450a55e7da9a28 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 1 Jan 2018 23:23:11 -0500 Subject: [PATCH 021/188] p2p: authenticate peer ID --- p2p/peer.go | 12 ++++++------ p2p/switch.go | 11 +++++++++-- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/p2p/peer.go b/p2p/peer.go index 35556a597..ecf2efce5 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -92,6 +92,7 @@ func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs [] } return nil, err } + return peer, nil } @@ -218,13 +219,12 @@ func (p *peer) Addr() net.Addr { // PubKey returns peer's public key. func (p *peer) PubKey() crypto.PubKey { - if p.config.AuthEnc { + if p.NodeInfo() != nil { + return p.nodeInfo.PubKey + } else if p.config.AuthEnc { return p.conn.(*SecretConnection).RemotePubKey() } - if p.NodeInfo() == nil { - panic("Attempt to get peer's PubKey before calling Handshake") - } - return p.PubKey() + panic("Attempt to get peer's PubKey before calling Handshake") } // OnStart implements BaseService. @@ -306,7 +306,7 @@ func (p *peer) Set(key string, data interface{}) { // Key returns the peer's ID - the hex encoded hash of its pubkey. func (p *peer) ID() ID { - return ID(hex.EncodeToString(p.nodeInfo.PubKey.Address())) + return ID(hex.EncodeToString(p.PubKey().Address())) } // NodeInfo returns a copy of the peer's NodeInfo. diff --git a/p2p/switch.go b/p2p/switch.go index 22d3d5a5f..e86acfad7 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -239,9 +239,8 @@ func (sw *Switch) OnStop() { // NOTE: This performs a blocking handshake before the peer is added. // NOTE: If error is returned, caller is responsible for calling peer.CloseConn() func (sw *Switch) addPeer(peer *peer) error { - // Avoid self - if sw.nodeInfo.PubKey.Equals(peer.PubKey().Wrap()) { + if sw.nodeKey.ID() == peer.ID() { return errors.New("Ignoring connection from self") } @@ -385,6 +384,14 @@ func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, return nil, err } peer.SetLogger(sw.Logger.With("peer", addr)) + + // authenticate peer + if addr.ID == "" { + peer.Logger.Info("Dialed peer with unknown ID - unable to authenticate", "addr", addr) + } else if addr.ID != peer.ID() { + return nil, fmt.Errorf("Failed to authenticate peer %v. Connected to peer with ID %s", addr, peer.ID()) + } + if persistent { peer.makePersistent() } From a573b20888d0079dc771e9bcf1f206a247b1200a Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Wed, 3 Jan 2018 01:23:38 +0000 Subject: [PATCH 022/188] docs: add counter/dummy code snippets closes https://github.com/tendermint/abci/issues/134 --- docs/abci-cli.rst | 87 ++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 82 insertions(+), 5 deletions(-) diff --git a/docs/abci-cli.rst b/docs/abci-cli.rst index ae4105683..efbeb71be 100644 --- a/docs/abci-cli.rst +++ b/docs/abci-cli.rst @@ -53,7 +53,7 @@ Now run ``abci-cli`` to see the list of commands: -h, --help help for abci-cli -v, --verbose print the command and results as if it were a console session - Use "abci-cli [command] --help" for more information about a command. + Use "abci-cli [command] --help" for more information about a command. Dummy - First Example @@ -66,14 +66,56 @@ The most important messages are ``deliver_tx``, ``check_tx``, and ``commit``, but there are others for convenience, configuration, and information purposes. -Let's start a dummy application, which was installed at the same time as -``abci-cli`` above. The dummy just stores transactions in a merkle tree: +We'll start a dummy application, which was installed at the same time as +``abci-cli`` above. The dummy just stores transactions in a merkle tree. + +Its code can be found `here `__ and looks like: + +.. container:: toggle + + .. container:: header + + **Show/Hide Dummy Example** + + .. code-block:: go + + func cmdDummy(cmd *cobra.Command, args []string) error { + logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout)) + + // Create the application - in memory or persisted to disk + var app types.Application + if flagPersist == "" { + app = dummy.NewDummyApplication() + } else { + app = dummy.NewPersistentDummyApplication(flagPersist) + app.(*dummy.PersistentDummyApplication).SetLogger(logger.With("module", "dummy")) + } + + // Start the listener + srv, err := server.NewServer(flagAddrD, flagAbci, app) + if err != nil { + return err + } + srv.SetLogger(logger.With("module", "abci-server")) + if err := srv.Start(); err != nil { + return err + } + + // Wait forever + cmn.TrapSignal(func() { + // Cleanup + srv.Stop() + }) + return nil + } + +Start by running: :: abci-cli dummy -In another terminal, run +And in another terminal, run :: @@ -187,6 +229,41 @@ Counter - Another Example Now that we've got the hang of it, let's try another application, the "counter" app. +Like the dummy app, its code can be found `here `__ and looks like: + +.. container:: toggle + + .. container:: header + + **Show/Hide Counter Example** + + .. code-block:: go + + func cmdCounter(cmd *cobra.Command, args []string) error { + + app := counter.NewCounterApplication(flagSerial) + + logger := log.NewTMLogger(log.NewSyncWriter(os.Stdout)) + + // Start the listener + srv, err := server.NewServer(flagAddrC, flagAbci, app) + if err != nil { + return err + } + srv.SetLogger(logger.With("module", "abci-server")) + if err := srv.Start(); err != nil { + return err + } + + // Wait forever + cmn.TrapSignal(func() { + // Cleanup + srv.Stop() + }) + return nil + } + + The counter app doesn't use a Merkle tree, it just counts how many times we've sent a transaction, asked for a hash, or committed the state. The result of ``commit`` is just the number of transactions sent. @@ -261,7 +338,7 @@ But the ultimate flexibility comes from being able to write the application easily in any language. We have implemented the counter in a number of languages (see the -example directory). +`example directory Date: Wed, 3 Jan 2018 10:49:47 +0100 Subject: [PATCH 023/188] Move P2P docs into docs folder --- docs/specification/new-spec/README.md | 1 + {p2p/docs => docs/specification/new-spec/p2p}/config.md | 0 {p2p/docs => docs/specification/new-spec/p2p}/connection.md | 0 {p2p/docs => docs/specification/new-spec/p2p}/node.md | 0 {p2p/docs => docs/specification/new-spec/p2p}/peer.md | 0 {p2p/docs => docs/specification/new-spec/p2p}/pex.md | 0 {p2p/docs => docs/specification/new-spec/p2p}/trustmetric.md | 0 7 files changed, 1 insertion(+) rename {p2p/docs => docs/specification/new-spec/p2p}/config.md (100%) rename {p2p/docs => docs/specification/new-spec/p2p}/connection.md (100%) rename {p2p/docs => docs/specification/new-spec/p2p}/node.md (100%) rename {p2p/docs => docs/specification/new-spec/p2p}/peer.md (100%) rename {p2p/docs => docs/specification/new-spec/p2p}/pex.md (100%) rename {p2p/docs => docs/specification/new-spec/p2p}/trustmetric.md (100%) diff --git a/docs/specification/new-spec/README.md b/docs/specification/new-spec/README.md index a5061e62e..8a07d9221 100644 --- a/docs/specification/new-spec/README.md +++ b/docs/specification/new-spec/README.md @@ -9,6 +9,7 @@ It contains the following components: - [Encoding and Digests](encoding.md) - [Blockchain](blockchain.md) - [State](state.md) +- [P2P](p2p/node.md) ## Overview diff --git a/p2p/docs/config.md b/docs/specification/new-spec/p2p/config.md similarity index 100% rename from p2p/docs/config.md rename to docs/specification/new-spec/p2p/config.md diff --git a/p2p/docs/connection.md b/docs/specification/new-spec/p2p/connection.md similarity index 100% rename from p2p/docs/connection.md rename to docs/specification/new-spec/p2p/connection.md diff --git a/p2p/docs/node.md b/docs/specification/new-spec/p2p/node.md similarity index 100% rename from p2p/docs/node.md rename to docs/specification/new-spec/p2p/node.md diff --git a/p2p/docs/peer.md b/docs/specification/new-spec/p2p/peer.md similarity index 100% rename from p2p/docs/peer.md rename to docs/specification/new-spec/p2p/peer.md diff --git a/p2p/docs/pex.md b/docs/specification/new-spec/p2p/pex.md similarity index 100% rename from p2p/docs/pex.md rename to docs/specification/new-spec/p2p/pex.md diff --git a/p2p/docs/trustmetric.md b/docs/specification/new-spec/p2p/trustmetric.md similarity index 100% rename from p2p/docs/trustmetric.md rename to docs/specification/new-spec/p2p/trustmetric.md From 0430ebf95cc0ae40d61778d60e92bf9c8401a3ce Mon Sep 17 00:00:00 2001 From: Greg Szabo Date: Wed, 3 Jan 2018 14:58:23 -0500 Subject: [PATCH 024/188] Makefile changes for cross-building and standardized builds using gox --- Makefile | 59 ++++++++++++++++++++++++++++++++++--------- scripts/dist_build.sh | 28 ++------------------ 2 files changed, 49 insertions(+), 38 deletions(-) diff --git a/Makefile b/Makefile index 2aed1acf4..bb1d72d50 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,29 @@ -GOTOOLS = \ +GOTOOLS := \ github.com/mitchellh/gox \ github.com/Masterminds/glide \ github.com/tcnksm/ghr \ gopkg.in/alecthomas/gometalinter.v2 -GOTOOLS_CHECK = gox glide ghr gometalinter.v2 -PACKAGES=$(shell go list ./... | grep -v '/vendor/') -BUILD_TAGS?=tendermint -TMHOME = $${TMHOME:-$$HOME/.tendermint} -BUILD_FLAGS = -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=`git rev-parse --short HEAD`" +GO_MIN_VERSION := 1.9.2 +PACKAGES := $(shell go list ./... | grep -v '/vendor/') +BUILD_TAGS ?= tendermint +TMHOME ?= $(HOME)/.tendermint +GOPATH ?= $(shell go env GOPATH) +GOROOT ?= $(shell go env GOROOT) +GOGCCFLAGS ?= $(shell go env GOGCCFLAGS) +PROD_LDFLAGS ?= -w -s +XC_ARCH ?= 386 amd64 arm +XC_OS ?= solaris darwin freebsd linux windows +XC_OSARCH ?= !darwin/arm !solaris/amd64 !freebsd/amd64 +BUILD_OUTPUT ?= $(GOPATH)/bin/{{.OS}}_{{.Arch}}/tendermint + +GOX_FLAGS = -os="$(XC_OS)" -arch="$(XC_ARCH)" -osarch="$(XC_OSARCH)" -output="$(BUILD_OUTPUT)" +ifeq ($(BUILD_FLAGS_RACE),YES) +RACEFLAG=-race +else +RACEFLAG= +endif +BUILD_FLAGS = -asmflags "-trimpath $(GOPATH)" -gcflags "-trimpath $(GOPATH)" -tags "$(BUILD_TAGS)" -ldflags "$(PROD_LDFLAGS) -X github.com/tendermint/tendermint/version.GitCommit=$(shell git rev-parse --short=7 HEAD)" $(RACEFLAG) +GO_VERSION:=$(shell go version | grep -o '[[:digit:]]\+.[[:digit:]]\+.[[:digit:]]\+') all: check build test install metalinter @@ -17,27 +33,46 @@ check: check_tools get_vendor_deps ######################################## ### Build +build_cc: + $(shell which gox) $(BUILD_FLAGS) $(GOX_FLAGS) ./cmd/tendermint/ + build: - go build $(BUILD_FLAGS) -o build/tendermint ./cmd/tendermint/ + make build_cc PROD_LDFLAGS="" XC_ARCH=amd64 XC_OS="$(shell uname -s)" BUILD_OUTPUT=$(GOPATH)/bin/tendermint build_race: - go build -race $(BUILD_FLAGS) -o build/tendermint ./cmd/tendermint + $(shell which go) build $(BUILD_FLAGS) -race -o "$(BUILD_OUTPUT)" ./cmd/tendermint/ +#For the future when this is merged: https://github.com/mitchellh/gox/pull/105 +# make build_cc PROD_LDFLAGS="" XC_ARCH=amd64 XC_OS=$(shell uname -s) BUILD_FLAGS_RACE=YES BUILD_OUTPUT=build/tendermint # dist builds binaries for all platforms and packages them for distribution dist: @BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/dist.sh'" install: - go install $(BUILD_FLAGS) ./cmd/tendermint + make build ######################################## ### Tools & dependencies check_tools: - @# https://stackoverflow.com/a/25668869 - @echo "Found tools: $(foreach tool,$(GOTOOLS_CHECK),\ - $(if $(shell which $(tool)),$(tool),$(error "No $(tool) in PATH")))" +ifeq ($(GO_VERSION),) + $(error go not found) +endif +ifneq ($(GO_VERSION),$(GO_MIN_VERSION)) + $(warning WARNING: build will not be deterministic. go version should be $(GO_MIN_VERSION)) +endif +ifneq ($(findstring -fdebug-prefix-map,$(GOGCCFLAGS)),-fdebug-prefix-map) + $(warning WARNING: build will not be deterministic. The compiler does not support the '-fdebug-prefix-map' flag.) +endif +ifneq ($(GOROOT),/usr/local/go) + $(warning WARNING: build will not be deterministic. GOPATH should be set to /usr/local/go) +endif +ifneq ($(findstring $(GOPATH)/bin,$(PATH)),$(GOPATH)/bin) + $(warning WARNING: PATH does not contain GOPATH/bin. Some external dependencies might be unavailable.) +endif +# https://stackoverflow.com/a/25668869 + @echo "Found tools: $(foreach tool,$(notdir $(GOTOOLS)),$(if $(shell which $(tool)),$(tool),$(error "No $(tool) in PATH. Add GOPATH/bin to PATH and run 'make get_tools'")))" get_tools: @echo "--> Installing tools" diff --git a/scripts/dist_build.sh b/scripts/dist_build.sh index 587199e02..e7471c4d5 100755 --- a/scripts/dist_build.sh +++ b/scripts/dist_build.sh @@ -9,32 +9,8 @@ DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )" # Change into that dir because we expect that. cd "$DIR" -# Get the git commit -GIT_COMMIT="$(git rev-parse --short HEAD)" -GIT_IMPORT="github.com/tendermint/tendermint/version" - -# Determine the arch/os combos we're building for -XC_ARCH=${XC_ARCH:-"386 amd64 arm"} -XC_OS=${XC_OS:-"solaris darwin freebsd linux windows"} - -# Make sure build tools are available. -make tools - -# Get VENDORED dependencies -make get_vendor_deps - -# Build! -# ldflags: -s Omit the symbol table and debug information. -# -w Omit the DWARF symbol table. -echo "==> Building..." -"$(which gox)" \ - -os="${XC_OS}" \ - -arch="${XC_ARCH}" \ - -osarch="!darwin/arm !solaris/amd64 !freebsd/amd64" \ - -ldflags "-s -w -X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}" \ - -output "build/pkg/{{.OS}}_{{.Arch}}/tendermint" \ - -tags="${BUILD_TAGS}" \ - github.com/tendermint/tendermint/cmd/tendermint +# Make sure build tools are available, get VENDORED dependencies and build +make get_tools get_vendor_deps build_cc # Zip all the files. echo "==> Packaging..." From f67f99c227e66c9bdbda2f3e34b5c7fcbc6f67c2 Mon Sep 17 00:00:00 2001 From: Greg Szabo Date: Wed, 3 Jan 2018 17:24:11 -0500 Subject: [PATCH 025/188] Extended install document with docker option. Added extra checks to developer's build target. --- Makefile | 16 ++++++++++------ docs/install.rst | 13 +++++++++++++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index bb1d72d50..3aa5e051c 100644 --- a/Makefile +++ b/Makefile @@ -10,7 +10,7 @@ TMHOME ?= $(HOME)/.tendermint GOPATH ?= $(shell go env GOPATH) GOROOT ?= $(shell go env GOROOT) GOGCCFLAGS ?= $(shell go env GOGCCFLAGS) -PROD_LDFLAGS ?= -w -s +#LDFLAGS_EXTRA ?= -w -s XC_ARCH ?= 386 amd64 arm XC_OS ?= solaris darwin freebsd linux windows XC_OSARCH ?= !darwin/arm !solaris/amd64 !freebsd/amd64 @@ -22,7 +22,7 @@ RACEFLAG=-race else RACEFLAG= endif -BUILD_FLAGS = -asmflags "-trimpath $(GOPATH)" -gcflags "-trimpath $(GOPATH)" -tags "$(BUILD_TAGS)" -ldflags "$(PROD_LDFLAGS) -X github.com/tendermint/tendermint/version.GitCommit=$(shell git rev-parse --short=7 HEAD)" $(RACEFLAG) +BUILD_FLAGS = -asmflags "-trimpath $(GOPATH)" -gcflags "-trimpath $(GOPATH)" -tags "$(BUILD_TAGS)" -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=$(shell git rev-parse --short=7 HEAD) $(LDFLAGS_EXTRA)" $(RACEFLAG) GO_VERSION:=$(shell go version | grep -o '[[:digit:]]\+.[[:digit:]]\+.[[:digit:]]\+') all: check build test install metalinter @@ -33,16 +33,20 @@ check: check_tools get_vendor_deps ######################################## ### Build -build_cc: +build_cc: check_tools $(shell which gox) $(BUILD_FLAGS) $(GOX_FLAGS) ./cmd/tendermint/ build: - make build_cc PROD_LDFLAGS="" XC_ARCH=amd64 XC_OS="$(shell uname -s)" BUILD_OUTPUT=$(GOPATH)/bin/tendermint +ifeq ($(OS),Windows_NT) + make build_cc XC_ARCH=amd64 XC_OS=windows BUILD_OUTPUT=$(GOPATH)/bin/tendermint +else + make build_cc XC_ARCH=amd64 XC_OS="$(shell uname -s)" BUILD_OUTPUT=$(GOPATH)/bin/tendermint +endif build_race: +#TODO: Wait for this to be merged: https://github.com/mitchellh/gox/pull/105 Then switch over to make build and remove the go build line. +# make build BUILD_FLAGS_RACE=YES $(shell which go) build $(BUILD_FLAGS) -race -o "$(BUILD_OUTPUT)" ./cmd/tendermint/ -#For the future when this is merged: https://github.com/mitchellh/gox/pull/105 -# make build_cc PROD_LDFLAGS="" XC_ARCH=amd64 XC_OS=$(shell uname -s) BUILD_FLAGS_RACE=YES BUILD_OUTPUT=build/tendermint # dist builds binaries for all platforms and packages them for distribution dist: diff --git a/docs/install.rst b/docs/install.rst index 64fae4cdc..9edc051a6 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -6,6 +6,19 @@ From Binary To download pre-built binaries, see the `Download page `__. +From Source using Docker +------------------------ + +If you have docker running, all you need is the ``golang`` image to build tendermint. +If you don't, you can get help setting it up `here `__. + +:: + mkdir $HOME/tendermintbin + docker run --rm -it -v $HOME/tendermintbin:/go/bin:Z golang:1.9.2 /bin/bash -c "go-wrapper download github.com/tendermint/tendermint/cmd/tendermint ; make -C /go/src/github.com/tendermint/tendermint get_tools get_vendor_deps build_cc" + +You will find the ``tendermint`` binaries for different architectures and operating systems in your ``$HOME/tendermintbin`` folder. + + From Source ----------- From 7b524994638fd8989859f96a5f1caa9d1f918542 Mon Sep 17 00:00:00 2001 From: Ethan Frey Date: Thu, 4 Jan 2018 17:06:49 +0100 Subject: [PATCH 026/188] Start writing mempool specification Include overview and configuration options. --- mempool/docs/README.md | 11 ++++++++ mempool/docs/config.md | 59 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) create mode 100644 mempool/docs/README.md create mode 100644 mempool/docs/config.md diff --git a/mempool/docs/README.md b/mempool/docs/README.md new file mode 100644 index 000000000..075bafede --- /dev/null +++ b/mempool/docs/README.md @@ -0,0 +1,11 @@ +# Mempool Specification + +This package contains documents specifying the functionality +of the mempool module. + +Components: + +* [Config](./config.md) - how to configure it +* [Functionality](./functionality.md) - high-level description of the functionality it provides +* [External Messages](./messages.md) - The messages we accept over p2p and rpc interfaces +* [Local Services](./services.md) - Interfaces with consensus and abci services diff --git a/mempool/docs/config.md b/mempool/docs/config.md new file mode 100644 index 000000000..776149ba0 --- /dev/null +++ b/mempool/docs/config.md @@ -0,0 +1,59 @@ +# Mempool Configuration + +Here we describe configuration options around mempool. +For the purposes of this document, they are described +as command-line flags, but they can also be passed in as +environmental variables or in the config.toml file. The +following are all equivalent: + +Flag: `--mempool.recheck_empty=false` + +Environment: `TM_MEMPOOL_RECHECK_EMPTY=false` + +Config: +``` +[mempool] +recheck_empty = false +``` + + +## Recheck + +`--mempool.recheck=false` (default: true) + +`--mempool.recheck_empty=false` (default: true) + +Recheck determines if the mempool rechecks all pending +transactions after a block was committed. Once a block +is committed, the mempool removes all valid transactions +that were successfully included in the block. + +If `recheck` is true, then it will rerun CheckTx on +all remaining transactions with the new block state. + +If the block contained no transactions, it will skip the +recheck unless `recheck_empty` is true. + +## Broadcast + +`--mempool.broadcast=false` (default: true) + +Determines whether this node gossips any valid transactions +that arrive in mempool. Default is to gossip anything that +passes checktx. If this is disabled, transactions are not +gossiped, but instead stored locally and added to the next +block this node is the proposer. + +## WalDir + +`--mempool.wal_dir=/tmp/gaia/mempool.wal` (default: $TM_HOME/data/mempool.wal) + +This defines the directory where mempool writes the write-ahead +logs. These files can be used to reload unbroadcasted +transactions if the node crashes. + +If the directory passed in is an absolute path, the wal file is +created there. If the directory is a relative path, the path is +appended to home directory of the tendermint process to +generate an absolute path to the wal directory +(default `$HOME/.tendermint` or set via `TM_HOME` or `--home``) From 17b61db40a3e4f24a86103007a057af3f6ed2f2f Mon Sep 17 00:00:00 2001 From: Ethan Frey Date: Thu, 4 Jan 2018 18:12:48 +0100 Subject: [PATCH 027/188] Document p2p and rpc messages --- mempool/docs/README.md | 2 +- mempool/docs/messages.md | 60 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 mempool/docs/messages.md diff --git a/mempool/docs/README.md b/mempool/docs/README.md index 075bafede..3ad1213ba 100644 --- a/mempool/docs/README.md +++ b/mempool/docs/README.md @@ -6,6 +6,6 @@ of the mempool module. Components: * [Config](./config.md) - how to configure it -* [Functionality](./functionality.md) - high-level description of the functionality it provides * [External Messages](./messages.md) - The messages we accept over p2p and rpc interfaces +* [Functionality](./functionality.md) - high-level description of the functionality it provides * [Local Services](./services.md) - Interfaces with consensus and abci services diff --git a/mempool/docs/messages.md b/mempool/docs/messages.md new file mode 100644 index 000000000..5bd1d1e55 --- /dev/null +++ b/mempool/docs/messages.md @@ -0,0 +1,60 @@ +# Mempool Messages + +## P2P Messages + +There is currently only one message that Mempool broadcasts +and receives over the p2p gossip network (via the reactor): +`TxMessage` + +```go +// TxMessage is a MempoolMessage containing a transaction. +type TxMessage struct { + Tx types.Tx +} +``` + +TxMessage is go-wire encoded and prepended with `0x1` as a +"type byte". This is followed by a go-wire encoded byte-slice. +Prefix of 40=0x28 byte tx is: `0x010128...` followed by +the actual 40-byte tx. Prefix of 350=0x015e byte tx is: +`0x0102015e...` followed by the actual 350 byte tx. + +(Please see the [go-wire repo](https://github.com/tendermint/go-wire#an-interface-example) for more information) + +## RPC Messages + +Mempool exposes `CheckTx([]byte)` over the RPC interface. + +It can be posted via `broadcast_commit`, `broadcast_sync` or +`broadcast_async`. They all parse a message with one argument, +`"tx": "HEX_ENCODED_BINARY"` and differ in only how long they +wait before returning (sync makes sure CheckTx passes, commit +makes sure it was included in a signed block). + +Request (`POST http://gaia.zone:46657/`): +```json +{ + "id": "", + "jsonrpc": "2.0", + "method": "broadcast_sync", + "params": { + "tx": "F012A4BC68..." + } +} +``` + + +Response: +```json +{ + "error": "", + "result": { + "hash": "E39AAB7A537ABAA237831742DCE1117F187C3C52", + "log": "", + "data": "", + "code": 0 + }, + "id": "", + "jsonrpc": "2.0" +} +``` From 9cb45eb7df0fb0ad75cc9dbbceb77ae0c51956cf Mon Sep 17 00:00:00 2001 From: Ethan Frey Date: Thu, 4 Jan 2018 19:08:03 +0100 Subject: [PATCH 028/188] Add skeleton for functionality and concurrency --- mempool/docs/README.md | 2 +- mempool/docs/concurrency.md | 8 ++++++++ mempool/docs/functionality.md | 37 +++++++++++++++++++++++++++++++++++ 3 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 mempool/docs/concurrency.md create mode 100644 mempool/docs/functionality.md diff --git a/mempool/docs/README.md b/mempool/docs/README.md index 3ad1213ba..138b287a5 100644 --- a/mempool/docs/README.md +++ b/mempool/docs/README.md @@ -8,4 +8,4 @@ Components: * [Config](./config.md) - how to configure it * [External Messages](./messages.md) - The messages we accept over p2p and rpc interfaces * [Functionality](./functionality.md) - high-level description of the functionality it provides -* [Local Services](./services.md) - Interfaces with consensus and abci services +* [Concurrency Model](./concurrency.md) - What guarantees we provide, what locks we require. diff --git a/mempool/docs/concurrency.md b/mempool/docs/concurrency.md new file mode 100644 index 000000000..991113e6d --- /dev/null +++ b/mempool/docs/concurrency.md @@ -0,0 +1,8 @@ +# Mempool Concurrency + +Look at the concurrency model this uses... + +* Receiving CheckTx +* Broadcasting new tx +* Interfaces with consensus engine, reap/update while checking +* Calling the ABCI app (ordering. callbacks. how proxy works alongside the blockchain proxy which actually writes blocks) diff --git a/mempool/docs/functionality.md b/mempool/docs/functionality.md new file mode 100644 index 000000000..85c3dc58d --- /dev/null +++ b/mempool/docs/functionality.md @@ -0,0 +1,37 @@ +# Mempool Functionality + +The mempool maintains a list of potentially valid transactions, +both to broadcast to other nodes, as well as to provide to the +consensus reactor when it is selected as the block proposer. + +There are two sides to the mempool state: + +* External: get, check, and broadcast new transactions +* Internal: return valid transaction, update list after block commit + + +## External functionality + +External functionality is exposed via network interfaces +to potentially untrusted actors. + +* CheckTx - triggered via RPC or P2P +* Broadcast - gossip messages after a successful check + +## Internal functionality + +Internal functionality is exposed via method calls to other +code compiled into the tendermint binary. + +* Reap - get tx to propose in next block +* Update - remove tx that were included in last block +* ABCI.CheckTx - call ABCI app to validate the tx + +What does it provide the consensus reactor? +What guarantees does it need from the ABCI app? +(talk about interleaving processes in concurrency) + +## Optimizations + +Talk about the LRU cache to make sure we don't process any +tx that we have seen before From ed81fb54ec15328be9bc21912face5ba5c55c5e2 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Fri, 5 Jan 2018 13:24:16 +0100 Subject: [PATCH 029/188] NewInquiring returns error instead of swallowing it --- lite/inquirer.go | 12 ++++++++---- lite/inquirer_test.go | 9 +++++---- lite/proxy/certifier.go | 7 ++++++- 3 files changed, 19 insertions(+), 9 deletions(-) diff --git a/lite/inquirer.go b/lite/inquirer.go index 5d6ce60c7..9d0d77e51 100644 --- a/lite/inquirer.go +++ b/lite/inquirer.go @@ -23,16 +23,20 @@ type Inquiring struct { // // Example: The trusted provider should a CacheProvider, MemProvider or files.Provider. The source // provider should be a client.HTTPProvider. -func NewInquiring(chainID string, fc FullCommit, trusted Provider, source Provider) *Inquiring { +func NewInquiring(chainID string, fc FullCommit, trusted Provider, + source Provider) (*Inquiring, error) { + // store the data in trusted - // TODO: StoredCommit() can return an error and we need to handle this. - trusted.StoreCommit(fc) + err := trusted.StoreCommit(fc) + if err != nil { + return nil, err + } return &Inquiring{ cert: NewDynamic(chainID, fc.Validators, fc.Height()), trusted: trusted, Source: source, - } + }, nil } // ChainID returns the chain id. diff --git a/lite/inquirer_test.go b/lite/inquirer_test.go index ce4317543..97ad60e3a 100644 --- a/lite/inquirer_test.go +++ b/lite/inquirer_test.go @@ -36,7 +36,7 @@ func TestInquirerValidPath(t *testing.T) { } // initialize a certifier with the initial state - cert := lite.NewInquiring(chainID, commits[0], trust, source) + cert, _ := lite.NewInquiring(chainID, commits[0], trust, source) // this should fail validation.... commit := commits[count-1].Commit @@ -85,7 +85,7 @@ func TestInquirerMinimalPath(t *testing.T) { } // initialize a certifier with the initial state - cert := lite.NewInquiring(chainID, commits[0], trust, source) + cert, _ := lite.NewInquiring(chainID, commits[0], trust, source) // this should fail validation.... commit := commits[count-1].Commit @@ -130,11 +130,12 @@ func TestInquirerVerifyHistorical(t *testing.T) { h := int64(20 + 10*i) appHash := []byte(fmt.Sprintf("h=%d", h)) resHash := []byte(fmt.Sprintf("res=%d", h)) - commits[i] = keys.GenFullCommit(chainID, h, nil, vals, appHash, consHash, resHash, 0, len(keys)) + commits[i] = keys.GenFullCommit(chainID, h, nil, vals, appHash, consHash, resHash, 0, + len(keys)) } // initialize a certifier with the initial state - cert := lite.NewInquiring(chainID, commits[0], trust, source) + cert, _ := lite.NewInquiring(chainID, commits[0], trust, source) // store a few commits as trust for _, i := range []int{2, 5} { diff --git a/lite/proxy/certifier.go b/lite/proxy/certifier.go index 1d7284f2c..3dda935ea 100644 --- a/lite/proxy/certifier.go +++ b/lite/proxy/certifier.go @@ -25,6 +25,11 @@ func GetCertifier(chainID, rootDir, nodeAddr string) (*lite.Inquiring, error) { if err != nil { return nil, err } - cert := lite.NewInquiring(chainID, fc, trust, source) + + cert, err := lite.NewInquiring(chainID, fc, trust, source) + if err != nil { + return nil, err + } + return cert, nil } From ba475d312819078d35695467f22bbf45585e6e75 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Fri, 5 Jan 2018 13:25:58 +0100 Subject: [PATCH 030/188] Fix formatting --- lite/inquirer_test.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lite/inquirer_test.go b/lite/inquirer_test.go index 97ad60e3a..510059674 100644 --- a/lite/inquirer_test.go +++ b/lite/inquirer_test.go @@ -32,7 +32,8 @@ func TestInquirerValidPath(t *testing.T) { vals := keys.ToValidators(vote, 0) h := int64(20 + 10*i) appHash := []byte(fmt.Sprintf("h=%d", h)) - commits[i] = keys.GenFullCommit(chainID, h, nil, vals, appHash, consHash, resHash, 0, len(keys)) + commits[i] = keys.GenFullCommit(chainID, h, nil, vals, appHash, consHash, resHash, 0, + len(keys)) } // initialize a certifier with the initial state @@ -81,7 +82,8 @@ func TestInquirerMinimalPath(t *testing.T) { h := int64(5 + 10*i) appHash := []byte(fmt.Sprintf("h=%d", h)) resHash := []byte(fmt.Sprintf("res=%d", h)) - commits[i] = keys.GenFullCommit(chainID, h, nil, vals, appHash, consHash, resHash, 0, len(keys)) + commits[i] = keys.GenFullCommit(chainID, h, nil, vals, appHash, consHash, resHash, 0, + len(keys)) } // initialize a certifier with the initial state From bb3dc10f24917601ce1a1b25882eecf6ef0a79b0 Mon Sep 17 00:00:00 2001 From: Greg Szabo Date: Fri, 5 Jan 2018 14:22:13 -0500 Subject: [PATCH 031/188] Makefile improvements for deterministic builds based on Bucky's feedback --- Makefile | 28 ++++++++++++++++++++++------ scripts/dist_build.sh | 2 +- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 3aa5e051c..2a4b14e3f 100644 --- a/Makefile +++ b/Makefile @@ -14,7 +14,7 @@ GOGCCFLAGS ?= $(shell go env GOGCCFLAGS) XC_ARCH ?= 386 amd64 arm XC_OS ?= solaris darwin freebsd linux windows XC_OSARCH ?= !darwin/arm !solaris/amd64 !freebsd/amd64 -BUILD_OUTPUT ?= $(GOPATH)/bin/{{.OS}}_{{.Arch}}/tendermint +BUILD_OUTPUT ?= ./build/{{.OS}}_{{.Arch}}/tendermint GOX_FLAGS = -os="$(XC_OS)" -arch="$(XC_ARCH)" -osarch="$(XC_OSARCH)" -output="$(BUILD_OUTPUT)" ifeq ($(BUILD_FLAGS_RACE),YES) @@ -22,8 +22,13 @@ RACEFLAG=-race else RACEFLAG= endif -BUILD_FLAGS = -asmflags "-trimpath $(GOPATH)" -gcflags "-trimpath $(GOPATH)" -tags "$(BUILD_TAGS)" -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=$(shell git rev-parse --short=7 HEAD) $(LDFLAGS_EXTRA)" $(RACEFLAG) +BUILD_FLAGS = -asmflags "-trimpath $(GOPATH)" -gcflags "-trimpath $(GOPATH)" -tags "$(BUILD_TAGS)" -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=$(shell git rev-parse --short=8 HEAD) $(LDFLAGS_EXTRA)" $(RACEFLAG) GO_VERSION:=$(shell go version | grep -o '[[:digit:]]\+.[[:digit:]]\+.[[:digit:]]\+') +#Check that that minor version of GO meets the minimum required +GO_MINOR_VERSION := $(shell grep -o \.[[:digit:]][[:digit:]]*\. <<< $(GO_VERSION) | grep -o [[:digit:]]* ) +GO_MIN_MINOR_VERSION := $(shell grep -o \.[[:digit:]][[:digit:]]*\. <<< $(GO_MIN_VERSION) | grep -o [[:digit:]]* ) +GO_MINOR_VERSION_CHECK := $(shell test $(GO_MINOR_VERSION) -ge $(GO_MIN_MINOR_VERSION) && echo YES) + all: check build test install metalinter @@ -33,14 +38,14 @@ check: check_tools get_vendor_deps ######################################## ### Build -build_cc: check_tools +build_xc: check_tools $(shell which gox) $(BUILD_FLAGS) $(GOX_FLAGS) ./cmd/tendermint/ build: ifeq ($(OS),Windows_NT) - make build_cc XC_ARCH=amd64 XC_OS=windows BUILD_OUTPUT=$(GOPATH)/bin/tendermint + make build_xc XC_ARCH=amd64 XC_OS=windows BUILD_OUTPUT=$(GOPATH)/bin/tendermint else - make build_cc XC_ARCH=amd64 XC_OS="$(shell uname -s)" BUILD_OUTPUT=$(GOPATH)/bin/tendermint + make build_xc XC_ARCH=amd64 XC_OS="$(shell uname -s)" BUILD_OUTPUT=$(GOPATH)/bin/tendermint endif build_race: @@ -63,15 +68,26 @@ check_tools: ifeq ($(GO_VERSION),) $(error go not found) endif +#Check minimum required go version ifneq ($(GO_VERSION),$(GO_MIN_VERSION)) $(warning WARNING: build will not be deterministic. go version should be $(GO_MIN_VERSION)) +ifneq ($(GO_MINOR_VERSION_CHECK),YES) + $(error ERROR: The minor version of Go ($(GO_VERSION)) is lower than the minimum required ($(GO_MIN_VERSION))) endif +endif +#-fdebug-prefix-map switches the temporary, randomized workdir name in the binary to a static text ifneq ($(findstring -fdebug-prefix-map,$(GOGCCFLAGS)),-fdebug-prefix-map) $(warning WARNING: build will not be deterministic. The compiler does not support the '-fdebug-prefix-map' flag.) endif +#GOROOT string is copied into the binary. For deterministic builds, we agree to keep it at /usr/local/go. (Default for golang:1.9.2 docker image, linux and osx.) ifneq ($(GOROOT),/usr/local/go) - $(warning WARNING: build will not be deterministic. GOPATH should be set to /usr/local/go) + $(warning WARNING: build will not be deterministic. GOROOT should be set to /usr/local/go) endif +#GOPATH string is copied into the binary. Although the -trimpath flag tries to eliminate it, it doesn't do it everywhere in Go 1.9.2. For deterministic builds we agree to keep it at /go. (Default for golang:1.9.2 docker image.) +ifneq ($(GOPATH),/go) + $(warning WARNING: build will not be deterministic. GOPATH should be set to /go) +endif +#External dependencies defined in GOTOOLS are built with get_tools. If they are already available on the system (for exmaple using a package manager), then get_tools might not be necessary. ifneq ($(findstring $(GOPATH)/bin,$(PATH)),$(GOPATH)/bin) $(warning WARNING: PATH does not contain GOPATH/bin. Some external dependencies might be unavailable.) endif diff --git a/scripts/dist_build.sh b/scripts/dist_build.sh index e7471c4d5..f1d8779f6 100755 --- a/scripts/dist_build.sh +++ b/scripts/dist_build.sh @@ -10,7 +10,7 @@ DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )" cd "$DIR" # Make sure build tools are available, get VENDORED dependencies and build -make get_tools get_vendor_deps build_cc +make get_tools get_vendor_deps build_xc # Zip all the files. echo "==> Packaging..." From 92f5ae5a84591434311b92148b14edcf6551b7e5 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 5 Jan 2018 22:19:12 -0500 Subject: [PATCH 032/188] fix vagrant [ci skip] --- Vagrantfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index 80d44f9c7..12cfce475 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -44,6 +44,6 @@ EOF chown ubuntu:ubuntu /home/ubuntu/.bash_profile # get all deps and tools, ready to install/test - su - ubuntu -c 'cd /home/ubuntu/go/src/github.com/tendermint/tendermint && make get_vendor_deps && make tools' + su - ubuntu -c 'cd /home/ubuntu/go/src/github.com/tendermint/tendermint && make get_tools && make get_vendor_deps' SHELL end From a0346000249541406dc9b84458af567ef8a58f2d Mon Sep 17 00:00:00 2001 From: Jae Kwon Date: Fri, 5 Jan 2018 22:35:57 -0800 Subject: [PATCH 033/188] Revert "Changes to achieve a standardized build process and deterministic builds" --- Makefile | 79 +++++++------------------------------------ docs/install.rst | 13 ------- scripts/dist_build.sh | 28 +++++++++++++-- 3 files changed, 38 insertions(+), 82 deletions(-) diff --git a/Makefile b/Makefile index 2a4b14e3f..2aed1acf4 100644 --- a/Makefile +++ b/Makefile @@ -1,34 +1,13 @@ -GOTOOLS := \ +GOTOOLS = \ github.com/mitchellh/gox \ github.com/Masterminds/glide \ github.com/tcnksm/ghr \ gopkg.in/alecthomas/gometalinter.v2 -GO_MIN_VERSION := 1.9.2 -PACKAGES := $(shell go list ./... | grep -v '/vendor/') -BUILD_TAGS ?= tendermint -TMHOME ?= $(HOME)/.tendermint -GOPATH ?= $(shell go env GOPATH) -GOROOT ?= $(shell go env GOROOT) -GOGCCFLAGS ?= $(shell go env GOGCCFLAGS) -#LDFLAGS_EXTRA ?= -w -s -XC_ARCH ?= 386 amd64 arm -XC_OS ?= solaris darwin freebsd linux windows -XC_OSARCH ?= !darwin/arm !solaris/amd64 !freebsd/amd64 -BUILD_OUTPUT ?= ./build/{{.OS}}_{{.Arch}}/tendermint - -GOX_FLAGS = -os="$(XC_OS)" -arch="$(XC_ARCH)" -osarch="$(XC_OSARCH)" -output="$(BUILD_OUTPUT)" -ifeq ($(BUILD_FLAGS_RACE),YES) -RACEFLAG=-race -else -RACEFLAG= -endif -BUILD_FLAGS = -asmflags "-trimpath $(GOPATH)" -gcflags "-trimpath $(GOPATH)" -tags "$(BUILD_TAGS)" -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=$(shell git rev-parse --short=8 HEAD) $(LDFLAGS_EXTRA)" $(RACEFLAG) -GO_VERSION:=$(shell go version | grep -o '[[:digit:]]\+.[[:digit:]]\+.[[:digit:]]\+') -#Check that that minor version of GO meets the minimum required -GO_MINOR_VERSION := $(shell grep -o \.[[:digit:]][[:digit:]]*\. <<< $(GO_VERSION) | grep -o [[:digit:]]* ) -GO_MIN_MINOR_VERSION := $(shell grep -o \.[[:digit:]][[:digit:]]*\. <<< $(GO_MIN_VERSION) | grep -o [[:digit:]]* ) -GO_MINOR_VERSION_CHECK := $(shell test $(GO_MINOR_VERSION) -ge $(GO_MIN_MINOR_VERSION) && echo YES) - +GOTOOLS_CHECK = gox glide ghr gometalinter.v2 +PACKAGES=$(shell go list ./... | grep -v '/vendor/') +BUILD_TAGS?=tendermint +TMHOME = $${TMHOME:-$$HOME/.tendermint} +BUILD_FLAGS = -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=`git rev-parse --short HEAD`" all: check build test install metalinter @@ -38,61 +17,27 @@ check: check_tools get_vendor_deps ######################################## ### Build -build_xc: check_tools - $(shell which gox) $(BUILD_FLAGS) $(GOX_FLAGS) ./cmd/tendermint/ - build: -ifeq ($(OS),Windows_NT) - make build_xc XC_ARCH=amd64 XC_OS=windows BUILD_OUTPUT=$(GOPATH)/bin/tendermint -else - make build_xc XC_ARCH=amd64 XC_OS="$(shell uname -s)" BUILD_OUTPUT=$(GOPATH)/bin/tendermint -endif + go build $(BUILD_FLAGS) -o build/tendermint ./cmd/tendermint/ build_race: -#TODO: Wait for this to be merged: https://github.com/mitchellh/gox/pull/105 Then switch over to make build and remove the go build line. -# make build BUILD_FLAGS_RACE=YES - $(shell which go) build $(BUILD_FLAGS) -race -o "$(BUILD_OUTPUT)" ./cmd/tendermint/ + go build -race $(BUILD_FLAGS) -o build/tendermint ./cmd/tendermint # dist builds binaries for all platforms and packages them for distribution dist: @BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/dist.sh'" install: - make build + go install $(BUILD_FLAGS) ./cmd/tendermint ######################################## ### Tools & dependencies check_tools: -ifeq ($(GO_VERSION),) - $(error go not found) -endif -#Check minimum required go version -ifneq ($(GO_VERSION),$(GO_MIN_VERSION)) - $(warning WARNING: build will not be deterministic. go version should be $(GO_MIN_VERSION)) -ifneq ($(GO_MINOR_VERSION_CHECK),YES) - $(error ERROR: The minor version of Go ($(GO_VERSION)) is lower than the minimum required ($(GO_MIN_VERSION))) -endif -endif -#-fdebug-prefix-map switches the temporary, randomized workdir name in the binary to a static text -ifneq ($(findstring -fdebug-prefix-map,$(GOGCCFLAGS)),-fdebug-prefix-map) - $(warning WARNING: build will not be deterministic. The compiler does not support the '-fdebug-prefix-map' flag.) -endif -#GOROOT string is copied into the binary. For deterministic builds, we agree to keep it at /usr/local/go. (Default for golang:1.9.2 docker image, linux and osx.) -ifneq ($(GOROOT),/usr/local/go) - $(warning WARNING: build will not be deterministic. GOROOT should be set to /usr/local/go) -endif -#GOPATH string is copied into the binary. Although the -trimpath flag tries to eliminate it, it doesn't do it everywhere in Go 1.9.2. For deterministic builds we agree to keep it at /go. (Default for golang:1.9.2 docker image.) -ifneq ($(GOPATH),/go) - $(warning WARNING: build will not be deterministic. GOPATH should be set to /go) -endif -#External dependencies defined in GOTOOLS are built with get_tools. If they are already available on the system (for exmaple using a package manager), then get_tools might not be necessary. -ifneq ($(findstring $(GOPATH)/bin,$(PATH)),$(GOPATH)/bin) - $(warning WARNING: PATH does not contain GOPATH/bin. Some external dependencies might be unavailable.) -endif -# https://stackoverflow.com/a/25668869 - @echo "Found tools: $(foreach tool,$(notdir $(GOTOOLS)),$(if $(shell which $(tool)),$(tool),$(error "No $(tool) in PATH. Add GOPATH/bin to PATH and run 'make get_tools'")))" + @# https://stackoverflow.com/a/25668869 + @echo "Found tools: $(foreach tool,$(GOTOOLS_CHECK),\ + $(if $(shell which $(tool)),$(tool),$(error "No $(tool) in PATH")))" get_tools: @echo "--> Installing tools" diff --git a/docs/install.rst b/docs/install.rst index 9edc051a6..64fae4cdc 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -6,19 +6,6 @@ From Binary To download pre-built binaries, see the `Download page `__. -From Source using Docker ------------------------- - -If you have docker running, all you need is the ``golang`` image to build tendermint. -If you don't, you can get help setting it up `here `__. - -:: - mkdir $HOME/tendermintbin - docker run --rm -it -v $HOME/tendermintbin:/go/bin:Z golang:1.9.2 /bin/bash -c "go-wrapper download github.com/tendermint/tendermint/cmd/tendermint ; make -C /go/src/github.com/tendermint/tendermint get_tools get_vendor_deps build_cc" - -You will find the ``tendermint`` binaries for different architectures and operating systems in your ``$HOME/tendermintbin`` folder. - - From Source ----------- diff --git a/scripts/dist_build.sh b/scripts/dist_build.sh index f1d8779f6..587199e02 100755 --- a/scripts/dist_build.sh +++ b/scripts/dist_build.sh @@ -9,8 +9,32 @@ DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )" # Change into that dir because we expect that. cd "$DIR" -# Make sure build tools are available, get VENDORED dependencies and build -make get_tools get_vendor_deps build_xc +# Get the git commit +GIT_COMMIT="$(git rev-parse --short HEAD)" +GIT_IMPORT="github.com/tendermint/tendermint/version" + +# Determine the arch/os combos we're building for +XC_ARCH=${XC_ARCH:-"386 amd64 arm"} +XC_OS=${XC_OS:-"solaris darwin freebsd linux windows"} + +# Make sure build tools are available. +make tools + +# Get VENDORED dependencies +make get_vendor_deps + +# Build! +# ldflags: -s Omit the symbol table and debug information. +# -w Omit the DWARF symbol table. +echo "==> Building..." +"$(which gox)" \ + -os="${XC_OS}" \ + -arch="${XC_ARCH}" \ + -osarch="!darwin/arm !solaris/amd64 !freebsd/amd64" \ + -ldflags "-s -w -X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}" \ + -output "build/pkg/{{.OS}}_{{.Arch}}/tendermint" \ + -tags="${BUILD_TAGS}" \ + github.com/tendermint/tendermint/cmd/tendermint # Zip all the files. echo "==> Packaging..." From 13fa23c56854a855631b22a1149780fe64ec5760 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Sat, 6 Jan 2018 22:24:58 +0100 Subject: [PATCH 034/188] Add error checking --- lite/inquirer_test.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lite/inquirer_test.go b/lite/inquirer_test.go index 510059674..25bf51c4f 100644 --- a/lite/inquirer_test.go +++ b/lite/inquirer_test.go @@ -37,14 +37,15 @@ func TestInquirerValidPath(t *testing.T) { } // initialize a certifier with the initial state - cert, _ := lite.NewInquiring(chainID, commits[0], trust, source) + cert, err := lite.NewInquiring(chainID, commits[0], trust, source) + require.Nil(err) // this should fail validation.... commit := commits[count-1].Commit - err := cert.Certify(commit) + err = cert.Certify(commit) require.NotNil(err) - // add a few seed in the middle should be insufficient + // adding a few commits in the middle should be insufficient for i := 10; i < 13; i++ { err := source.StoreCommit(commits[i]) require.Nil(err) From dba48156165817c03682c54af42e63f1e46926c8 Mon Sep 17 00:00:00 2001 From: Zarko Milosevic Date: Fri, 5 Jan 2018 11:52:58 +0100 Subject: [PATCH 035/188] Define requirements of the proposer selection procedure --- .../new-spec/proposer-selection.md | 47 +++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 docs/specification/new-spec/proposer-selection.md diff --git a/docs/specification/new-spec/proposer-selection.md b/docs/specification/new-spec/proposer-selection.md new file mode 100644 index 000000000..a83cb65e1 --- /dev/null +++ b/docs/specification/new-spec/proposer-selection.md @@ -0,0 +1,47 @@ +# Proposer selection procedure in Tendermint + +This document specifies the Proposer Selection Procedure that is used in Tendermint to choose a round proposer. +As Tendermint is “leader-based protocol”, the proposer selection is critical for its correct functioning. +Let denote with `proposer_p(h,r)` a process returned by the Proposer Selection Procedure at the process p, at height h +and round r. Then the Proposer Selection procedure should fulfill the following properties: + +`Agreement`: Given a validator set V, and two honest validators, +p and q, for each height h, and each round r, +proposer_p(h,r) = proposer_q(h,r) + +`Liveness`: In every consecutive sequence of rounds of size K (K is system parameter), at least a +single round has an honest proposer. + +`Fairness`: The proposer selection is proportional to the validator voting power, i.e., a validator with more +voting power is selected more frequently, proportional to its power. More precisely, given a set of processes +with the total voting power N, during a sequence of rounds of size N, every process is proposer in a number of rounds +equal to its voting power. + +We now look at a few particular cases to understand better how fairness should be implemented. +If we have 4 processes with the following voting power distribution (p0,4), (p1, 2), (p2, 3), (p3, 4) at some round r, +we have the following sequence of proposer selections in the following rounds: + +`p0, p1, p2, p3, p0, p0, p1, p2, p3, p0, p0, p1, p2, p3, p0, p0, p1, p2, p3, p0, etc` + +Let consider now the following scenario where a total voting power of faulty processes is aggregated in a single process +p0: (p0,3), (p1, 1), (p2, 1), (p3, 1), (p4, 1), (p5, 1), (p6, 1), (p7, 1). +In this case the sequence of proposer selections looks like this: + +`p0, p1, p2, p3, p0, p4, p5, p6, p7, p0, p0, p1, p2, p3, p0, p4, p5, p6, p7, p0, etc` + +In this case, we see that a number of rounds coordinated by a faulty process is proportional to its voting power. +We consider also the case where we have voting power uniformly distributed among processes, i.e., we have 10 processes +each with voting power of 1. And let consider that there are 3 faulty processes with consecutive addresses, +for example the first 3 processes are faulty. Then the sequence looks like this: + +`p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, p0, p1, p2, p3, p4, p5, p6, p7, p8, p9, etc` + +In this case, we have 3 consecutive rounds with a faulty proposer. +One special case we consider is the case where a single honest process p0 has most of the voting power, for example: +(p0,100), (p1, 2), (p2, 3), (p3, 4). Then the sequence of proposer selection looks like this: + +p0, p0, p0, p0, p0, p0, p0, p0, p0, p0, p0, p0, p0, p1, p0, p0, p0, p0, p0, etc + +This basically means that almost all rounds have the same proposer. But in this case, the process p0 has anyway enough +voting power to decide whatever he wants, so the fact that he coordinates almost all rounds seems correct. + From 555f560ecd7906d29112c5dbde4ef4952b15c63a Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 8 Jan 2018 13:13:47 -0600 Subject: [PATCH 036/188] fix broken `make dist` target --- scripts/dist_build.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/scripts/dist_build.sh b/scripts/dist_build.sh index 587199e02..337fbacab 100755 --- a/scripts/dist_build.sh +++ b/scripts/dist_build.sh @@ -18,7 +18,8 @@ XC_ARCH=${XC_ARCH:-"386 amd64 arm"} XC_OS=${XC_OS:-"solaris darwin freebsd linux windows"} # Make sure build tools are available. -make tools +# TODO: Tools should be "vendored" too. +make get_tools # Get VENDORED dependencies make get_vendor_deps From b9cbaf8f10da417e4939f7e1e9b2d10aa1120181 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 4 Jan 2018 13:52:41 -0500 Subject: [PATCH 037/188] priv-val: fix timestamp for signing things that only differ by timestamp --- node/node.go | 4 +- types/priv_validator.go | 120 +++++++++++++++++++++++++---------- types/priv_validator_test.go | 60 ++++++++++++++++++ 3 files changed, 148 insertions(+), 36 deletions(-) diff --git a/node/node.go b/node/node.go index f922d8321..fde8e1e0a 100644 --- a/node/node.go +++ b/node/node.go @@ -185,9 +185,9 @@ func NewNode(config *cfg.Config, // Log whether this node is a validator or an observer if state.Validators.HasAddress(privValidator.GetAddress()) { - consensusLogger.Info("This node is a validator") + consensusLogger.Info("This node is a validator", "addr", privValidator.GetAddress(), "pubKey", privValidator.GetPubKey()) } else { - consensusLogger.Info("This node is not a validator") + consensusLogger.Info("This node is not a validator", "addr", privValidator.GetAddress(), "pubKey", privValidator.GetPubKey()) } // Make MempoolReactor diff --git a/types/priv_validator.go b/types/priv_validator.go index 31c65eeb4..3577049e7 100644 --- a/types/priv_validator.go +++ b/types/priv_validator.go @@ -17,10 +17,10 @@ import ( // TODO: type ? const ( - stepNone = 0 // Used to distinguish the initial state - stepPropose = 1 - stepPrevote = 2 - stepPrecommit = 3 + stepNone int8 = 0 // Used to distinguish the initial state + stepPropose int8 = 1 + stepPrevote int8 = 2 + stepPrecommit int8 = 3 ) func voteToStep(vote *Vote) int8 { @@ -199,12 +199,9 @@ func (privVal *PrivValidatorFS) Reset() { func (privVal *PrivValidatorFS) SignVote(chainID string, vote *Vote) error { privVal.mtx.Lock() defer privVal.mtx.Unlock() - signature, err := privVal.signBytesHRS(vote.Height, vote.Round, voteToStep(vote), - SignBytes(chainID, vote), checkVotesOnlyDifferByTimestamp) - if err != nil { + if err := privVal.signVote(chainID, vote); err != nil { return errors.New(cmn.Fmt("Error signing vote: %v", err)) } - vote.Signature = signature return nil } @@ -213,12 +210,9 @@ func (privVal *PrivValidatorFS) SignVote(chainID string, vote *Vote) error { func (privVal *PrivValidatorFS) SignProposal(chainID string, proposal *Proposal) error { privVal.mtx.Lock() defer privVal.mtx.Unlock() - signature, err := privVal.signBytesHRS(proposal.Height, proposal.Round, stepPropose, - SignBytes(chainID, proposal), checkProposalsOnlyDifferByTimestamp) - if err != nil { + if err := privVal.signProposal(chainID, proposal); err != nil { return fmt.Errorf("Error signing proposal: %v", err) } - proposal.Signature = signature return nil } @@ -250,36 +244,82 @@ func (privVal *PrivValidatorFS) checkHRS(height int64, round int, step int8) (bo return false, nil } -// signBytesHRS signs the given signBytes if the height/round/step (HRS) are -// greater than the latest state. If the HRS are equal and the only thing changed is the timestamp, -// it returns the privValidator.LastSignature. Else it returns an error. -func (privVal *PrivValidatorFS) signBytesHRS(height int64, round int, step int8, - signBytes []byte, checkFn checkOnlyDifferByTimestamp) (crypto.Signature, error) { - sig := crypto.Signature{} +// signVote checks if the vote is good to sign and sets the vote signature. +// It may need to set the timestamp as well if the vote is otherwise the same as +// a previously signed vote (ie. we crashed after signing but before the vote hit the WAL). +func (privVal *PrivValidatorFS) signVote(chainID string, vote *Vote) error { + height, round, step := vote.Height, vote.Round, voteToStep(vote) + signBytes := SignBytes(chainID, vote) sameHRS, err := privVal.checkHRS(height, round, step) if err != nil { - return sig, err + return err } // We might crash before writing to the wal, - // causing us to try to re-sign for the same HRS + // causing us to try to re-sign for the same HRS. + // If signbytes are the same, use the last signature. + // If they only differ by timestamp, use last timestamp and signature + // Otherwise, return error if sameHRS { - // if they're the same or only differ by timestamp, - // return the LastSignature. Otherwise, error - if bytes.Equal(signBytes, privVal.LastSignBytes) || - checkFn(privVal.LastSignBytes, signBytes) { - return privVal.LastSignature, nil + if bytes.Equal(signBytes, privVal.LastSignBytes) { + vote.Signature = privVal.LastSignature + } else if timestamp, ok := checkVotesOnlyDifferByTimestamp(privVal.LastSignBytes, signBytes); ok { + vote.Timestamp = timestamp + vote.Signature = privVal.LastSignature + } else { + err = fmt.Errorf("Conflicting data") } - return sig, fmt.Errorf("Conflicting data") + return err } - sig, err = privVal.Sign(signBytes) + // It passed the checks. Sign the vote + sig, err := privVal.Sign(signBytes) if err != nil { - return sig, err + return err } privVal.saveSigned(height, round, step, signBytes, sig) - return sig, nil + vote.Signature = sig + return nil +} + +// signProposal checks if the proposal is good to sign and sets the proposal signature. +// It may need to set the timestamp as well if the proposal is otherwise the same as +// a previously signed proposal ie. we crashed after signing but before the proposal hit the WAL). +func (privVal *PrivValidatorFS) signProposal(chainID string, proposal *Proposal) error { + height, round, step := proposal.Height, proposal.Round, stepPropose + signBytes := SignBytes(chainID, proposal) + + sameHRS, err := privVal.checkHRS(height, round, step) + if err != nil { + return err + } + + // We might crash before writing to the wal, + // causing us to try to re-sign for the same HRS. + // If signbytes are the same, use the last signature. + // If they only differ by timestamp, use last timestamp and signature + // Otherwise, return error + if sameHRS { + if bytes.Equal(signBytes, privVal.LastSignBytes) { + proposal.Signature = privVal.LastSignature + } else if timestamp, ok := checkProposalsOnlyDifferByTimestamp(privVal.LastSignBytes, signBytes); ok { + proposal.Timestamp = timestamp + proposal.Signature = privVal.LastSignature + } else { + err = fmt.Errorf("Conflicting data") + } + return err + } + + // It passed the checks. Sign the proposal + sig, err := privVal.Sign(signBytes) + if err != nil { + return err + } + privVal.saveSigned(height, round, step, signBytes, sig) + proposal.Signature = sig + return nil } // Persist height/round/step and signature @@ -331,8 +371,9 @@ func (pvs PrivValidatorsByAddress) Swap(i, j int) { type checkOnlyDifferByTimestamp func([]byte, []byte) bool -// returns true if the only difference in the votes is their timestamp -func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) bool { +// returns the timestamp from the lastSignBytes. +// returns true if the only difference in the votes is their timestamp. +func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) { var lastVote, newVote CanonicalJSONOnceVote if err := json.Unmarshal(lastSignBytes, &lastVote); err != nil { panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into vote: %v", err)) @@ -341,6 +382,11 @@ func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) bool { panic(fmt.Sprintf("signBytes cannot be unmarshalled into vote: %v", err)) } + lastTime, err := time.Parse(timeFormat, lastVote.Vote.Timestamp) + if err != nil { + panic(err) + } + // set the times to the same value and check equality now := CanonicalTime(time.Now()) lastVote.Vote.Timestamp = now @@ -348,11 +394,12 @@ func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) bool { lastVoteBytes, _ := json.Marshal(lastVote) newVoteBytes, _ := json.Marshal(newVote) - return bytes.Equal(newVoteBytes, lastVoteBytes) + return lastTime, bytes.Equal(newVoteBytes, lastVoteBytes) } +// returns the timestamp from the lastSignBytes. // returns true if the only difference in the proposals is their timestamp -func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) bool { +func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) { var lastProposal, newProposal CanonicalJSONOnceProposal if err := json.Unmarshal(lastSignBytes, &lastProposal); err != nil { panic(fmt.Sprintf("LastSignBytes cannot be unmarshalled into proposal: %v", err)) @@ -361,6 +408,11 @@ func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) boo panic(fmt.Sprintf("signBytes cannot be unmarshalled into proposal: %v", err)) } + lastTime, err := time.Parse(timeFormat, lastProposal.Proposal.Timestamp) + if err != nil { + panic(err) + } + // set the times to the same value and check equality now := CanonicalTime(time.Now()) lastProposal.Proposal.Timestamp = now @@ -368,5 +420,5 @@ func checkProposalsOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) boo lastProposalBytes, _ := json.Marshal(lastProposal) newProposalBytes, _ := json.Marshal(newProposal) - return bytes.Equal(newProposalBytes, lastProposalBytes) + return lastTime, bytes.Equal(newProposalBytes, lastProposalBytes) } diff --git a/types/priv_validator_test.go b/types/priv_validator_test.go index 2fefee606..dd0ebff71 100644 --- a/types/priv_validator_test.go +++ b/types/priv_validator_test.go @@ -173,6 +173,58 @@ func TestSignProposal(t *testing.T) { assert.Equal(sig, proposal.Signature) } +func TestDifferByTimestamp(t *testing.T) { + _, tempFilePath := cmn.Tempfile("priv_validator_") + privVal := GenPrivValidatorFS(tempFilePath) + + block1 := PartSetHeader{5, []byte{1, 2, 3}} + height, round := int64(10), 1 + chainID := "mychainid" + + // test proposal + { + proposal := newProposal(height, round, block1) + err := privVal.SignProposal(chainID, proposal) + assert.NoError(t, err, "expected no error signing proposal") + signBytes := SignBytes(chainID, proposal) + sig := proposal.Signature + timeStamp := clipToMS(proposal.Timestamp) + + // manipulate the timestamp. should get changed back + proposal.Timestamp = proposal.Timestamp.Add(time.Millisecond) + proposal.Signature = crypto.Signature{} + err = privVal.SignProposal("mychainid", proposal) + assert.NoError(t, err, "expected no error on signing same proposal") + + assert.Equal(t, timeStamp, proposal.Timestamp) + assert.Equal(t, signBytes, SignBytes(chainID, proposal)) + assert.Equal(t, sig, proposal.Signature) + } + + // test vote + { + voteType := VoteTypePrevote + blockID := BlockID{[]byte{1, 2, 3}, PartSetHeader{}} + vote := newVote(privVal.Address, 0, height, round, voteType, blockID) + err := privVal.SignVote("mychainid", vote) + assert.NoError(t, err, "expected no error signing vote") + + signBytes := SignBytes(chainID, vote) + sig := vote.Signature + timeStamp := clipToMS(vote.Timestamp) + + // manipulate the timestamp. should get changed back + vote.Timestamp = vote.Timestamp.Add(time.Millisecond) + vote.Signature = crypto.Signature{} + err = privVal.SignVote("mychainid", vote) + assert.NoError(t, err, "expected no error on signing same vote") + + assert.Equal(t, timeStamp, vote.Timestamp) + assert.Equal(t, signBytes, SignBytes(chainID, vote)) + assert.Equal(t, sig, vote.Signature) + } +} + func newVote(addr data.Bytes, idx int, height int64, round int, typ byte, blockID BlockID) *Vote { return &Vote{ ValidatorAddress: addr, @@ -190,5 +242,13 @@ func newProposal(height int64, round int, partsHeader PartSetHeader) *Proposal { Height: height, Round: round, BlockPartsHeader: partsHeader, + Timestamp: time.Now().UTC(), } } + +func clipToMS(t time.Time) time.Time { + nano := t.UnixNano() + million := int64(1000000) + nano = (nano / million) * million + return time.Unix(0, nano).UTC() +} From 32311acd01e447f42bedf3e44159e01945df643e Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Tue, 9 Jan 2018 17:36:11 +0100 Subject: [PATCH 038/188] Vulnerability in light client proxy (#1081) * Vulnerability in light client proxy When calling GetCertifiedCommit the light client proxy would call Certify and even on error return the Commit as if it had been correctly certified. Now it returns the error correctly and returns an empty Commit on error. * Improve names for clarity The lite package now contains StaticCertifier, DynamicCertifier and InqueringCertifier. This also changes the method receivers from one letter to two letter names, which will make future refactoring easier and follows the coding standards. * Fix test failures * Rename files * remove dead code --- lite/client/provider_test.go | 2 +- lite/{dynamic.go => dynamic_certifier.go} | 51 +++--- ...amic_test.go => dynamic_certifier_test.go} | 4 +- lite/inquirer.go | 159 ----------------- lite/inquiring_certifier.go | 163 ++++++++++++++++++ ...er_test.go => inquiring_certifier_test.go} | 6 +- lite/performance_test.go | 2 +- lite/proxy/certifier.go | 4 +- lite/proxy/proxy.go | 8 +- lite/proxy/query.go | 21 ++- lite/proxy/query_test.go | 5 +- lite/proxy/wrapper.go | 8 +- lite/{static.go => static_certifier.go} | 38 ++-- ...tatic_test.go => static_certifier_test.go} | 2 +- rpc/client/interface.go | 3 +- types/priv_validator.go | 2 - 16 files changed, 246 insertions(+), 232 deletions(-) rename lite/{dynamic.go => dynamic_certifier.go} (60%) rename lite/{dynamic_test.go => dynamic_certifier_test.go} (97%) delete mode 100644 lite/inquirer.go create mode 100644 lite/inquiring_certifier.go rename lite/{inquirer_test.go => inquiring_certifier_test.go} (95%) rename lite/{static.go => static_certifier.go} (54%) rename lite/{static_test.go => static_certifier_test.go} (97%) diff --git a/lite/client/provider_test.go b/lite/client/provider_test.go index 0bebfced0..856769d9b 100644 --- a/lite/client/provider_test.go +++ b/lite/client/provider_test.go @@ -35,7 +35,7 @@ func TestProvider(t *testing.T) { // let's check this is valid somehow assert.Nil(seed.ValidateBasic(chainID)) - cert := lite.NewStatic(chainID, seed.Validators) + cert := lite.NewStaticCertifier(chainID, seed.Validators) // historical queries now work :) lower := sh - 5 diff --git a/lite/dynamic.go b/lite/dynamic_certifier.go similarity index 60% rename from lite/dynamic.go rename to lite/dynamic_certifier.go index 231aed7a4..0ddace8b6 100644 --- a/lite/dynamic.go +++ b/lite/dynamic_certifier.go @@ -6,9 +6,9 @@ import ( liteErr "github.com/tendermint/tendermint/lite/errors" ) -var _ Certifier = &Dynamic{} +var _ Certifier = (*DynamicCertifier)(nil) -// Dynamic uses a Static for Certify, but adds an +// DynamicCertifier uses a StaticCertifier for Certify, but adds an // Update method to allow for a change of validators. // // You can pass in a FullCommit with another validator set, @@ -17,46 +17,48 @@ var _ Certifier = &Dynamic{} // validator set for the next Certify call. // For security, it will only follow validator set changes // going forward. -type Dynamic struct { - cert *Static +type DynamicCertifier struct { + cert *StaticCertifier lastHeight int64 } // NewDynamic returns a new dynamic certifier. -func NewDynamic(chainID string, vals *types.ValidatorSet, height int64) *Dynamic { - return &Dynamic{ - cert: NewStatic(chainID, vals), +func NewDynamicCertifier(chainID string, vals *types.ValidatorSet, height int64) *DynamicCertifier { + return &DynamicCertifier{ + cert: NewStaticCertifier(chainID, vals), lastHeight: height, } } // ChainID returns the chain id of this certifier. -func (c *Dynamic) ChainID() string { - return c.cert.ChainID() +// Implements Certifier. +func (dc *DynamicCertifier) ChainID() string { + return dc.cert.ChainID() } // Validators returns the validators of this certifier. -func (c *Dynamic) Validators() *types.ValidatorSet { - return c.cert.vSet +func (dc *DynamicCertifier) Validators() *types.ValidatorSet { + return dc.cert.vSet } // Hash returns the hash of this certifier. -func (c *Dynamic) Hash() []byte { - return c.cert.Hash() +func (dc *DynamicCertifier) Hash() []byte { + return dc.cert.Hash() } // LastHeight returns the last height of this certifier. -func (c *Dynamic) LastHeight() int64 { - return c.lastHeight +func (dc *DynamicCertifier) LastHeight() int64 { + return dc.lastHeight } // Certify will verify whether the commit is valid and will update the height if it is or return an // error if it is not. -func (c *Dynamic) Certify(check Commit) error { - err := c.cert.Certify(check) +// Implements Certifier. +func (dc *DynamicCertifier) Certify(check Commit) error { + err := dc.cert.Certify(check) if err == nil { // update last seen height if input is valid - c.lastHeight = check.Height() + dc.lastHeight = check.Height() } return err } @@ -65,15 +67,15 @@ func (c *Dynamic) Certify(check Commit) error { // the certifying validator set if safe to do so. // // Returns an error if update is impossible (invalid proof or IsTooMuchChangeErr) -func (c *Dynamic) Update(fc FullCommit) error { +func (dc *DynamicCertifier) Update(fc FullCommit) error { // ignore all checkpoints in the past -> only to the future h := fc.Height() - if h <= c.lastHeight { + if h <= dc.lastHeight { return liteErr.ErrPastTime() } // first, verify if the input is self-consistent.... - err := fc.ValidateBasic(c.ChainID()) + err := fc.ValidateBasic(dc.ChainID()) if err != nil { return err } @@ -82,14 +84,13 @@ func (c *Dynamic) Update(fc FullCommit) error { // would be approved by the currently known validator set // as well as the new set commit := fc.Commit.Commit - err = c.Validators().VerifyCommitAny(fc.Validators, c.ChainID(), - commit.BlockID, h, commit) + err = dc.Validators().VerifyCommitAny(fc.Validators, dc.ChainID(), commit.BlockID, h, commit) if err != nil { return liteErr.ErrTooMuchChange() } // looks good, we can update - c.cert = NewStatic(c.ChainID(), fc.Validators) - c.lastHeight = h + dc.cert = NewStaticCertifier(dc.ChainID(), fc.Validators) + dc.lastHeight = h return nil } diff --git a/lite/dynamic_test.go b/lite/dynamic_certifier_test.go similarity index 97% rename from lite/dynamic_test.go rename to lite/dynamic_certifier_test.go index c45371acd..88c145f95 100644 --- a/lite/dynamic_test.go +++ b/lite/dynamic_certifier_test.go @@ -23,7 +23,7 @@ func TestDynamicCert(t *testing.T) { vals := keys.ToValidators(20, 10) // and a certifier based on our known set chainID := "test-dyno" - cert := lite.NewDynamic(chainID, vals, 0) + cert := lite.NewDynamicCertifier(chainID, vals, 0) cases := []struct { keys lite.ValKeys @@ -67,7 +67,7 @@ func TestDynamicUpdate(t *testing.T) { chainID := "test-dyno-up" keys := lite.GenValKeys(5) vals := keys.ToValidators(20, 0) - cert := lite.NewDynamic(chainID, vals, 40) + cert := lite.NewDynamicCertifier(chainID, vals, 40) // one valid block to give us a sense of time h := int64(100) diff --git a/lite/inquirer.go b/lite/inquirer.go deleted file mode 100644 index 9d0d77e51..000000000 --- a/lite/inquirer.go +++ /dev/null @@ -1,159 +0,0 @@ -package lite - -import ( - "github.com/tendermint/tendermint/types" - - liteErr "github.com/tendermint/tendermint/lite/errors" -) - -// Inquiring wraps a dynamic certifier and implements an auto-update strategy. If a call to Certify -// fails due to a change it validator set, Inquiring will try and find a previous FullCommit which -// it can use to safely update the validator set. It uses a source provider to obtain the needed -// FullCommits. It stores properly validated data on the local system. -type Inquiring struct { - cert *Dynamic - // These are only properly validated data, from local system - trusted Provider - // This is a source of new info, like a node rpc, or other import method - Source Provider -} - -// NewInquiring returns a new Inquiring object. It uses the trusted provider to store validated -// data and the source provider to obtain missing FullCommits. -// -// Example: The trusted provider should a CacheProvider, MemProvider or files.Provider. The source -// provider should be a client.HTTPProvider. -func NewInquiring(chainID string, fc FullCommit, trusted Provider, - source Provider) (*Inquiring, error) { - - // store the data in trusted - err := trusted.StoreCommit(fc) - if err != nil { - return nil, err - } - - return &Inquiring{ - cert: NewDynamic(chainID, fc.Validators, fc.Height()), - trusted: trusted, - Source: source, - }, nil -} - -// ChainID returns the chain id. -func (c *Inquiring) ChainID() string { - return c.cert.ChainID() -} - -// Validators returns the validator set. -func (c *Inquiring) Validators() *types.ValidatorSet { - return c.cert.cert.vSet -} - -// LastHeight returns the last height. -func (c *Inquiring) LastHeight() int64 { - return c.cert.lastHeight -} - -// Certify makes sure this is checkpoint is valid. -// -// If the validators have changed since the last know time, it looks -// for a path to prove the new validators. -// -// On success, it will store the checkpoint in the store for later viewing -func (c *Inquiring) Certify(commit Commit) error { - err := c.useClosestTrust(commit.Height()) - if err != nil { - return err - } - - err = c.cert.Certify(commit) - if !liteErr.IsValidatorsChangedErr(err) { - return err - } - err = c.updateToHash(commit.Header.ValidatorsHash) - if err != nil { - return err - } - - err = c.cert.Certify(commit) - if err != nil { - return err - } - - // store the new checkpoint - return c.trusted.StoreCommit(NewFullCommit(commit, c.Validators())) -} - -// Update will verify if this is a valid change and update -// the certifying validator set if safe to do so. -func (c *Inquiring) Update(fc FullCommit) error { - err := c.useClosestTrust(fc.Height()) - if err != nil { - return err - } - - err = c.cert.Update(fc) - if err == nil { - err = c.trusted.StoreCommit(fc) - } - return err -} - -func (c *Inquiring) useClosestTrust(h int64) error { - closest, err := c.trusted.GetByHeight(h) - if err != nil { - return err - } - - // if the best seed is not the one we currently use, - // let's just reset the dynamic validator - if closest.Height() != c.LastHeight() { - c.cert = NewDynamic(c.ChainID(), closest.Validators, closest.Height()) - } - return nil -} - -// updateToHash gets the validator hash we want to update to -// if IsTooMuchChangeErr, we try to find a path by binary search over height -func (c *Inquiring) updateToHash(vhash []byte) error { - // try to get the match, and update - fc, err := c.Source.GetByHash(vhash) - if err != nil { - return err - } - err = c.cert.Update(fc) - // handle IsTooMuchChangeErr by using divide and conquer - if liteErr.IsTooMuchChangeErr(err) { - err = c.updateToHeight(fc.Height()) - } - return err -} - -// updateToHeight will use divide-and-conquer to find a path to h -func (c *Inquiring) updateToHeight(h int64) error { - // try to update to this height (with checks) - fc, err := c.Source.GetByHeight(h) - if err != nil { - return err - } - start, end := c.LastHeight(), fc.Height() - if end <= start { - return liteErr.ErrNoPathFound() - } - err = c.Update(fc) - - // we can handle IsTooMuchChangeErr specially - if !liteErr.IsTooMuchChangeErr(err) { - return err - } - - // try to update to mid - mid := (start + end) / 2 - err = c.updateToHeight(mid) - if err != nil { - return err - } - - // if we made it to mid, we recurse - return c.updateToHeight(h) -} diff --git a/lite/inquiring_certifier.go b/lite/inquiring_certifier.go new file mode 100644 index 000000000..042bd08e3 --- /dev/null +++ b/lite/inquiring_certifier.go @@ -0,0 +1,163 @@ +package lite + +import ( + "github.com/tendermint/tendermint/types" + + liteErr "github.com/tendermint/tendermint/lite/errors" +) + +var _ Certifier = (*InquiringCertifier)(nil) + +// InquiringCertifier wraps a dynamic certifier and implements an auto-update strategy. If a call +// to Certify fails due to a change it validator set, InquiringCertifier will try and find a +// previous FullCommit which it can use to safely update the validator set. It uses a source +// provider to obtain the needed FullCommits. It stores properly validated data on the local system. +type InquiringCertifier struct { + cert *DynamicCertifier + // These are only properly validated data, from local system + trusted Provider + // This is a source of new info, like a node rpc, or other import method + Source Provider +} + +// NewInquiringCertifier returns a new Inquiring object. It uses the trusted provider to store +// validated data and the source provider to obtain missing FullCommits. +// +// Example: The trusted provider should a CacheProvider, MemProvider or files.Provider. The source +// provider should be a client.HTTPProvider. +func NewInquiringCertifier(chainID string, fc FullCommit, trusted Provider, + source Provider) (*InquiringCertifier, error) { + + // store the data in trusted + err := trusted.StoreCommit(fc) + if err != nil { + return nil, err + } + + return &InquiringCertifier{ + cert: NewDynamicCertifier(chainID, fc.Validators, fc.Height()), + trusted: trusted, + Source: source, + }, nil +} + +// ChainID returns the chain id. +// Implements Certifier. +func (ic *InquiringCertifier) ChainID() string { + return ic.cert.ChainID() +} + +// Validators returns the validator set. +func (ic *InquiringCertifier) Validators() *types.ValidatorSet { + return ic.cert.cert.vSet +} + +// LastHeight returns the last height. +func (ic *InquiringCertifier) LastHeight() int64 { + return ic.cert.lastHeight +} + +// Certify makes sure this is checkpoint is valid. +// +// If the validators have changed since the last know time, it looks +// for a path to prove the new validators. +// +// On success, it will store the checkpoint in the store for later viewing +// Implements Certifier. +func (ic *InquiringCertifier) Certify(commit Commit) error { + err := ic.useClosestTrust(commit.Height()) + if err != nil { + return err + } + + err = ic.cert.Certify(commit) + if !liteErr.IsValidatorsChangedErr(err) { + return err + } + err = ic.updateToHash(commit.Header.ValidatorsHash) + if err != nil { + return err + } + + err = ic.cert.Certify(commit) + if err != nil { + return err + } + + // store the new checkpoint + return ic.trusted.StoreCommit(NewFullCommit(commit, ic.Validators())) +} + +// Update will verify if this is a valid change and update +// the certifying validator set if safe to do so. +func (ic *InquiringCertifier) Update(fc FullCommit) error { + err := ic.useClosestTrust(fc.Height()) + if err != nil { + return err + } + + err = ic.cert.Update(fc) + if err == nil { + err = ic.trusted.StoreCommit(fc) + } + return err +} + +func (ic *InquiringCertifier) useClosestTrust(h int64) error { + closest, err := ic.trusted.GetByHeight(h) + if err != nil { + return err + } + + // if the best seed is not the one we currently use, + // let's just reset the dynamic validator + if closest.Height() != ic.LastHeight() { + ic.cert = NewDynamicCertifier(ic.ChainID(), closest.Validators, closest.Height()) + } + return nil +} + +// updateToHash gets the validator hash we want to update to +// if IsTooMuchChangeErr, we try to find a path by binary search over height +func (ic *InquiringCertifier) updateToHash(vhash []byte) error { + // try to get the match, and update + fc, err := ic.Source.GetByHash(vhash) + if err != nil { + return err + } + err = ic.cert.Update(fc) + // handle IsTooMuchChangeErr by using divide and conquer + if liteErr.IsTooMuchChangeErr(err) { + err = ic.updateToHeight(fc.Height()) + } + return err +} + +// updateToHeight will use divide-and-conquer to find a path to h +func (ic *InquiringCertifier) updateToHeight(h int64) error { + // try to update to this height (with checks) + fc, err := ic.Source.GetByHeight(h) + if err != nil { + return err + } + start, end := ic.LastHeight(), fc.Height() + if end <= start { + return liteErr.ErrNoPathFound() + } + err = ic.Update(fc) + + // we can handle IsTooMuchChangeErr specially + if !liteErr.IsTooMuchChangeErr(err) { + return err + } + + // try to update to mid + mid := (start + end) / 2 + err = ic.updateToHeight(mid) + if err != nil { + return err + } + + // if we made it to mid, we recurse + return ic.updateToHeight(h) +} diff --git a/lite/inquirer_test.go b/lite/inquiring_certifier_test.go similarity index 95% rename from lite/inquirer_test.go rename to lite/inquiring_certifier_test.go index 25bf51c4f..db8160bdc 100644 --- a/lite/inquirer_test.go +++ b/lite/inquiring_certifier_test.go @@ -37,7 +37,7 @@ func TestInquirerValidPath(t *testing.T) { } // initialize a certifier with the initial state - cert, err := lite.NewInquiring(chainID, commits[0], trust, source) + cert, err := lite.NewInquiringCertifier(chainID, commits[0], trust, source) require.Nil(err) // this should fail validation.... @@ -88,7 +88,7 @@ func TestInquirerMinimalPath(t *testing.T) { } // initialize a certifier with the initial state - cert, _ := lite.NewInquiring(chainID, commits[0], trust, source) + cert, _ := lite.NewInquiringCertifier(chainID, commits[0], trust, source) // this should fail validation.... commit := commits[count-1].Commit @@ -138,7 +138,7 @@ func TestInquirerVerifyHistorical(t *testing.T) { } // initialize a certifier with the initial state - cert, _ := lite.NewInquiring(chainID, commits[0], trust, source) + cert, _ := lite.NewInquiringCertifier(chainID, commits[0], trust, source) // store a few commits as trust for _, i := range []int{2, 5} { diff --git a/lite/performance_test.go b/lite/performance_test.go index 835e52f91..28c73bb08 100644 --- a/lite/performance_test.go +++ b/lite/performance_test.go @@ -105,7 +105,7 @@ func BenchmarkCertifyCommitSec100(b *testing.B) { func benchmarkCertifyCommit(b *testing.B, keys lite.ValKeys) { chainID := "bench-certify" vals := keys.ToValidators(20, 10) - cert := lite.NewStatic(chainID, vals) + cert := lite.NewStaticCertifier(chainID, vals) check := keys.GenCommit(chainID, 123, nil, vals, []byte("foo"), []byte("params"), []byte("res"), 0, len(keys)) for i := 0; i < b.N; i++ { err := cert.Certify(check) diff --git a/lite/proxy/certifier.go b/lite/proxy/certifier.go index 3dda935ea..6e319dc0d 100644 --- a/lite/proxy/certifier.go +++ b/lite/proxy/certifier.go @@ -6,7 +6,7 @@ import ( "github.com/tendermint/tendermint/lite/files" ) -func GetCertifier(chainID, rootDir, nodeAddr string) (*lite.Inquiring, error) { +func GetCertifier(chainID, rootDir, nodeAddr string) (*lite.InquiringCertifier, error) { trust := lite.NewCacheProvider( lite.NewMemStoreProvider(), files.NewProvider(rootDir), @@ -26,7 +26,7 @@ func GetCertifier(chainID, rootDir, nodeAddr string) (*lite.Inquiring, error) { return nil, err } - cert, err := lite.NewInquiring(chainID, fc, trust, source) + cert, err := lite.NewInquiringCertifier(chainID, fc, trust, source) if err != nil { return nil, err } diff --git a/lite/proxy/proxy.go b/lite/proxy/proxy.go index 21db13ed4..34aa99fa0 100644 --- a/lite/proxy/proxy.go +++ b/lite/proxy/proxy.go @@ -18,7 +18,11 @@ const ( // set up the rpc routes to proxy via the given client, // and start up an http/rpc server on the location given by bind (eg. :1234) func StartProxy(c rpcclient.Client, listenAddr string, logger log.Logger) error { - c.Start() + err := c.Start() + if err != nil { + return err + } + r := RPCRoutes(c) // build the handler... @@ -30,7 +34,7 @@ func StartProxy(c rpcclient.Client, listenAddr string, logger log.Logger) error core.SetLogger(logger) mux.HandleFunc(wsEndpoint, wm.WebsocketHandler) - _, err := rpc.StartHTTPServer(listenAddr, mux, logger) + _, err = rpc.StartHTTPServer(listenAddr, mux, logger) return err } diff --git a/lite/proxy/query.go b/lite/proxy/query.go index 0a9d86a0e..72c3ed297 100644 --- a/lite/proxy/query.go +++ b/lite/proxy/query.go @@ -51,7 +51,7 @@ func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOption // make sure the proof is the proper height if resp.IsErr() { - err = errors.Errorf("Query error %d: %d", resp.Code) + err = errors.Errorf("Query error for key %d: %d", key, resp.Code) return nil, nil, err } if len(resp.Key) == 0 || len(resp.Proof) == 0 { @@ -79,7 +79,7 @@ func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOption if err != nil { return nil, nil, errors.Wrap(err, "Couldn't verify proof") } - return &ctypes.ResultABCIQuery{resp}, eproof, nil + return &ctypes.ResultABCIQuery{Response: resp}, eproof, nil } // The key wasn't found, construct a proof of non-existence. @@ -93,13 +93,12 @@ func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOption if err != nil { return nil, nil, errors.Wrap(err, "Couldn't verify proof") } - return &ctypes.ResultABCIQuery{resp}, aproof, ErrNoData() + return &ctypes.ResultABCIQuery{Response: resp}, aproof, ErrNoData() } // GetCertifiedCommit gets the signed header for a given height // and certifies it. Returns error if unable to get a proven header. -func GetCertifiedCommit(h int64, node rpcclient.Client, - cert lite.Certifier) (empty lite.Commit, err error) { +func GetCertifiedCommit(h int64, node rpcclient.Client, cert lite.Certifier) (lite.Commit, error) { // FIXME: cannot use cert.GetByHeight for now, as it also requires // Validators and will fail on querying tendermint for non-current height. @@ -107,14 +106,18 @@ func GetCertifiedCommit(h int64, node rpcclient.Client, rpcclient.WaitForHeight(node, h, nil) cresp, err := node.Commit(&h) if err != nil { - return + return lite.Commit{}, err } - commit := client.CommitFromResult(cresp) + commit := client.CommitFromResult(cresp) // validate downloaded checkpoint with our request and trust store. if commit.Height() != h { - return empty, certerr.ErrHeightMismatch(h, commit.Height()) + return lite.Commit{}, certerr.ErrHeightMismatch(h, commit.Height()) } - err = cert.Certify(commit) + + if err = cert.Certify(commit); err != nil { + return lite.Commit{}, err + } + return commit, nil } diff --git a/lite/proxy/query_test.go b/lite/proxy/query_test.go index 234f65e55..6fc4b9730 100644 --- a/lite/proxy/query_test.go +++ b/lite/proxy/query_test.go @@ -58,7 +58,7 @@ func _TestAppProofs(t *testing.T) { source := certclient.NewProvider(cl) seed, err := source.GetByHeight(brh - 2) require.NoError(err, "%+v", err) - cert := lite.NewStatic("my-chain", seed.Validators) + cert := lite.NewStaticCertifier("my-chain", seed.Validators) client.WaitForHeight(cl, 3, nil) latest, err := source.LatestCommit() @@ -117,7 +117,7 @@ func _TestTxProofs(t *testing.T) { source := certclient.NewProvider(cl) seed, err := source.GetByHeight(brh - 2) require.NoError(err, "%+v", err) - cert := lite.NewStatic("my-chain", seed.Validators) + cert := lite.NewStaticCertifier("my-chain", seed.Validators) // First let's make sure a bogus transaction hash returns a valid non-existence proof. key := types.Tx([]byte("bogus")).Hash() @@ -136,5 +136,4 @@ func _TestTxProofs(t *testing.T) { commit, err := GetCertifiedCommit(br.Height, cl, cert) require.Nil(err, "%+v", err) require.Equal(res.Proof.RootHash, commit.Header.DataHash) - } diff --git a/lite/proxy/wrapper.go b/lite/proxy/wrapper.go index a76c29426..7d504217d 100644 --- a/lite/proxy/wrapper.go +++ b/lite/proxy/wrapper.go @@ -15,14 +15,14 @@ var _ rpcclient.Client = Wrapper{} // provable before passing it along. Allows you to make any rpcclient fully secure. type Wrapper struct { rpcclient.Client - cert *lite.Inquiring + cert *lite.InquiringCertifier } // SecureClient uses a given certifier to wrap an connection to an untrusted // host and return a cryptographically secure rpc client. // // If it is wrapping an HTTP rpcclient, it will also wrap the websocket interface -func SecureClient(c rpcclient.Client, cert *lite.Inquiring) Wrapper { +func SecureClient(c rpcclient.Client, cert *lite.InquiringCertifier) Wrapper { wrap := Wrapper{c, cert} // TODO: no longer possible as no more such interface exposed.... // if we wrap http client, then we can swap out the event switch to filter @@ -34,7 +34,9 @@ func SecureClient(c rpcclient.Client, cert *lite.Inquiring) Wrapper { } // ABCIQueryWithOptions exposes all options for the ABCI query and verifies the returned proof -func (w Wrapper) ABCIQueryWithOptions(path string, data data.Bytes, opts rpcclient.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { +func (w Wrapper) ABCIQueryWithOptions(path string, data data.Bytes, + opts rpcclient.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { + res, _, err := GetWithProofOptions(path, data, opts, w.Client, w.cert) return res, err } diff --git a/lite/static.go b/lite/static_certifier.go similarity index 54% rename from lite/static.go rename to lite/static_certifier.go index abbef5785..1ec3b809a 100644 --- a/lite/static.go +++ b/lite/static_certifier.go @@ -10,62 +10,64 @@ import ( liteErr "github.com/tendermint/tendermint/lite/errors" ) -var _ Certifier = &Static{} +var _ Certifier = (*StaticCertifier)(nil) -// Static assumes a static set of validators, set on +// StaticCertifier assumes a static set of validators, set on // initilization and checks against them. // The signatures on every header is checked for > 2/3 votes // against the known validator set upon Certify // // Good for testing or really simple chains. Building block // to support real-world functionality. -type Static struct { +type StaticCertifier struct { chainID string vSet *types.ValidatorSet vhash []byte } -// NewStatic returns a new certifier with a static validator set. -func NewStatic(chainID string, vals *types.ValidatorSet) *Static { - return &Static{ +// NewStaticCertifier returns a new certifier with a static validator set. +func NewStaticCertifier(chainID string, vals *types.ValidatorSet) *StaticCertifier { + return &StaticCertifier{ chainID: chainID, vSet: vals, } } // ChainID returns the chain id. -func (c *Static) ChainID() string { - return c.chainID +// Implements Certifier. +func (sc *StaticCertifier) ChainID() string { + return sc.chainID } // Validators returns the validator set. -func (c *Static) Validators() *types.ValidatorSet { - return c.vSet +func (sc *StaticCertifier) Validators() *types.ValidatorSet { + return sc.vSet } // Hash returns the hash of the validator set. -func (c *Static) Hash() []byte { - if len(c.vhash) == 0 { - c.vhash = c.vSet.Hash() +func (sc *StaticCertifier) Hash() []byte { + if len(sc.vhash) == 0 { + sc.vhash = sc.vSet.Hash() } - return c.vhash + return sc.vhash } // Certify makes sure that the commit is valid. -func (c *Static) Certify(commit Commit) error { +// Implements Certifier. +func (sc *StaticCertifier) Certify(commit Commit) error { // do basic sanity checks - err := commit.ValidateBasic(c.chainID) + err := commit.ValidateBasic(sc.chainID) if err != nil { return err } // make sure it has the same validator set we have (static means static) - if !bytes.Equal(c.Hash(), commit.Header.ValidatorsHash) { + if !bytes.Equal(sc.Hash(), commit.Header.ValidatorsHash) { return liteErr.ErrValidatorsChanged() } // then make sure we have the proper signatures for this - err = c.vSet.VerifyCommit(c.chainID, commit.Commit.BlockID, + err = sc.vSet.VerifyCommit(sc.chainID, commit.Commit.BlockID, commit.Header.Height, commit.Commit) return errors.WithStack(err) } diff --git a/lite/static_test.go b/lite/static_certifier_test.go similarity index 97% rename from lite/static_test.go rename to lite/static_certifier_test.go index 3e4d59271..03567daa6 100644 --- a/lite/static_test.go +++ b/lite/static_certifier_test.go @@ -21,7 +21,7 @@ func TestStaticCert(t *testing.T) { vals := keys.ToValidators(20, 10) // and a certifier based on our known set chainID := "test-static" - cert := lite.NewStatic(chainID, vals) + cert := lite.NewStaticCertifier(chainID, vals) cases := []struct { keys lite.ValKeys diff --git a/rpc/client/interface.go b/rpc/client/interface.go index 70cb4d951..6e798c379 100644 --- a/rpc/client/interface.go +++ b/rpc/client/interface.go @@ -33,7 +33,8 @@ type ABCIClient interface { // reading from abci app ABCIInfo() (*ctypes.ResultABCIInfo, error) ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) - ABCIQueryWithOptions(path string, data data.Bytes, opts ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) + ABCIQueryWithOptions(path string, data data.Bytes, + opts ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) // writing to abci app BroadcastTxCommit(tx types.Tx) (*ctypes.ResultBroadcastTxCommit, error) diff --git a/types/priv_validator.go b/types/priv_validator.go index 3577049e7..628f58cfc 100644 --- a/types/priv_validator.go +++ b/types/priv_validator.go @@ -369,8 +369,6 @@ func (pvs PrivValidatorsByAddress) Swap(i, j int) { //------------------------------------- -type checkOnlyDifferByTimestamp func([]byte, []byte) bool - // returns the timestamp from the lastSignBytes. // returns true if the only difference in the votes is their timestamp. func checkVotesOnlyDifferByTimestamp(lastSignBytes, newSignBytes []byte) (time.Time, bool) { From 170777300ea92dc21a8aec1abc16cb51812513a4 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 9 Jan 2018 11:04:26 -0600 Subject: [PATCH 039/188] update docker Closes #1087 --- DOCKER/Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/DOCKER/Dockerfile b/DOCKER/Dockerfile index c0d09d951..c00318fba 100644 --- a/DOCKER/Dockerfile +++ b/DOCKER/Dockerfile @@ -1,8 +1,8 @@ FROM alpine:3.6 # This is the release of tendermint to pull in. -ENV TM_VERSION 0.13.0 -ENV TM_SHA256SUM 36d773d4c2890addc61cc87a72c1e9c21c89516921b0defb0edfebde719b4b85 +ENV TM_VERSION 0.15.0 +ENV TM_SHA256SUM 71cc271c67eca506ca492c8b90b090132f104bf5dbfe0af2702a50886e88de17 # Tendermint will be looking for genesis file in /tendermint (unless you change # `genesis_file` in config.toml). You can put your config.toml and private From 48638eaa20dc62ef7ce66138d0ad87f3b8ffa4ff Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 9 Jan 2018 11:05:15 -0600 Subject: [PATCH 040/188] update docker readme --- DOCKER/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/DOCKER/README.md b/DOCKER/README.md index fceab5feb..06f400eae 100644 --- a/DOCKER/README.md +++ b/DOCKER/README.md @@ -1,6 +1,7 @@ # Supported tags and respective `Dockerfile` links -- `0.13.0`, `latest` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/a28b3fff49dce2fb31f90abb2fc693834e0029c2/DOCKER/Dockerfile) +- `0.15.0`, `latest` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/170777300ea92dc21a8aec1abc16cb51812513a4/DOCKER/Dockerfile) +- `0.13.0` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/a28b3fff49dce2fb31f90abb2fc693834e0029c2/DOCKER/Dockerfile) - `0.12.1` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/457c688346b565e90735431619ca3ca597ef9007/DOCKER/Dockerfile) - `0.12.0` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/70d8afa6e952e24c573ece345560a5971bf2cc0e/DOCKER/Dockerfile) - `0.11.0` [(Dockerfile)](https://github.com/tendermint/tendermint/blob/9177cc1f64ca88a4a0243c5d1773d10fba67e201/DOCKER/Dockerfile) From 03a14d834284900af5184b9c7f2e261ecdbb2ae2 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Tue, 9 Jan 2018 12:44:49 -0500 Subject: [PATCH 041/188] docs/p2p: updates from review (#1076) --- docs/specification/new-spec/p2p/config.md | 8 ++-- docs/specification/new-spec/p2p/connection.md | 38 ++++++++----------- docs/specification/new-spec/p2p/node.md | 7 +++- docs/specification/new-spec/p2p/peer.md | 32 +++++++--------- 4 files changed, 38 insertions(+), 47 deletions(-) diff --git a/docs/specification/new-spec/p2p/config.md b/docs/specification/new-spec/p2p/config.md index bc3c343c5..565f78006 100644 --- a/docs/specification/new-spec/p2p/config.md +++ b/docs/specification/new-spec/p2p/config.md @@ -6,14 +6,14 @@ Here we describe configuration options around the Peer Exchange. `--p2p.seed_mode` -The node operates in seed mode. It will kick incoming peers after sharing some peers. -It will continually crawl the network for peers. +The node operates in seed mode. In seed mode, a node continuously crawls the network for peers, +and upon incoming connection shares some peers and disconnects. ## Seeds `--p2p.seeds “1.2.3.4:466656,2.3.4.5:4444”` -Dials these seeds when we need more peers. They will return a list of peers and then disconnect. +Dials these seeds when we need more peers. They should return a list of peers and then disconnect. If we already have enough peers in the address book, we may never need to dial them. ## Persistent Peers @@ -27,7 +27,7 @@ anchor us in the p2p network. Note that the auto-redial uses exponential backoff and will give up after a day of trying to connect. -NOTE: If `dial_seeds` and `persistent_peers` intersect, +NOTE: If `seeds` and `persistent_peers` intersect, the user will be WARNED that seeds may auto-close connections and the node may not be able to keep the connection persistent. diff --git a/docs/specification/new-spec/p2p/connection.md b/docs/specification/new-spec/p2p/connection.md index 72847fa11..dfe0d090f 100644 --- a/docs/specification/new-spec/p2p/connection.md +++ b/docs/specification/new-spec/p2p/connection.md @@ -1,12 +1,14 @@ +## P2P Multiplex Connection + +... + ## MConnection -`MConnection` is a multiplex connection: - -__multiplex__ *noun* a system or signal involving simultaneous transmission of -several messages along a single channel of communication. - -Each `MConnection` handles message transmission on multiple abstract communication -`Channel`s. Each channel has a globally unique byte id. +`MConnection` is a multiplex connection that supports multiple independent streams +with distinct quality of service guarantees atop a single TCP connection. +Each stream is known as a `Channel` and each `Channel` has a globally unique byte id. +Each `Channel` also has a relative priority that determines the quality of service +of the `Channel` in comparison to the others. The byte id and the relative priorities of each `Channel` are configured upon initialization of the connection. @@ -14,12 +16,13 @@ The `MConnection` supports three packet types: Ping, Pong, and Msg. ### Ping and Pong -The ping and pong messages consist of writing a single byte to the connection; 0x1 and 0x2, respectively +The ping and pong messages consist of writing a single byte to the connection; 0x1 and 0x2, respectively. When we haven't received any messages on an `MConnection` in a time `pingTimeout`, we send a ping message. -When a ping is received on the `MConnection`, a pong is sent in response. +When a ping is received on the `MConnection`, a pong is sent in response only if there are no other messages +to send and the peer has not sent us too many pings. -If a pong is not received in sufficient time, the peer's score should be decremented (TODO). +If a pong or message is not received in sufficient time after a ping, disconnect from the peer. ### Msg @@ -57,8 +60,8 @@ func (m MConnection) TrySend(chID byte, msg interface{}) bool {} for the channel with the given id byte `chID`. The message `msg` is serialized using the `tendermint/wire` submodule's `WriteBinary()` reflection routine. -`TrySend(chID, msg)` is a nonblocking call that returns false if the channel's -queue is full. +`TrySend(chID, msg)` is a nonblocking call that queues the message msg in the channel +with the given id byte chID if the queue is not full; otherwise it returns false immediately. `Send()` and `TrySend()` are also exposed for each `Peer`. @@ -103,14 +106,3 @@ for _, peer := range switch.Peers().List() { } } ``` - -### PexReactor/AddrBook - -A `PEXReactor` reactor implementation is provided to automate peer discovery. - -```go -book := p2p.NewAddrBook(addrBookFilePath) -pexReactor := p2p.NewPEXReactor(book) -... -switch := NewSwitch([]Reactor{pexReactor, myReactor, ...}) -``` diff --git a/docs/specification/new-spec/p2p/node.md b/docs/specification/new-spec/p2p/node.md index 9f9fc5296..0ab8e508e 100644 --- a/docs/specification/new-spec/p2p/node.md +++ b/docs/specification/new-spec/p2p/node.md @@ -39,8 +39,10 @@ A node checks its address book on startup and attempts to connect to peers from If it can't connect to any peers after some time, it falls back to the seeds to find more. Restarted full nodes can run the `blockchain` or `consensus` reactor protocols to sync up -to the latest state of the blockchain, assuming they aren't too far behind. -If they are too far behind, they may need to validate a recent `H` and `HASH` out-of-band again. +to the latest state of the blockchain from wherever they were last. +In a Proof-of-Stake context, if they are sufficiently far behind (greater than the length +of the unbonding period), they will need to validate a recent `H` and `HASH` out-of-band again +so they know they have synced the correct chain. ## Validator Node @@ -54,6 +56,7 @@ Validators that know and trust each other can accept incoming connections from o ## Sentry Node Sentry nodes are guardians of a validator node and provide it access to the rest of the network. +They should be well connected to other full nodes on the network. Sentry nodes may be dynamic, but should maintain persistent connections to some evolving random subset of each other. They should always expect to have direct incoming connections from the validator node and its backup/s. They do not report the validator node's address in the PEX. diff --git a/docs/specification/new-spec/p2p/peer.md b/docs/specification/new-spec/p2p/peer.md index 5281a7020..a172764c1 100644 --- a/docs/specification/new-spec/p2p/peer.md +++ b/docs/specification/new-spec/p2p/peer.md @@ -5,15 +5,11 @@ and how other peers are found. ## Peer Identity -Tendermint peers are expected to maintain long-term persistent identities in the form of a private key. -Each peer has an ID defined as `peer.ID == peer.PrivKey.Address()`, where `Address` uses the scheme defined in go-crypto. - -Peer ID's must come with some Proof-of-Work; that is, -they must satisfy `peer.PrivKey.Address() < target` for some difficulty target. -This ensures they are not too easy to generate. To begin, let `target == 2^240`. +Tendermint peers are expected to maintain long-term persistent identities in the form of a public key. +Each peer has an ID defined as `peer.ID == peer.PubKey.Address()`, where `Address` uses the scheme defined in go-crypto. A single peer ID can have multiple IP addresses associated with it. -For simplicity, we only keep track of the latest one. +TODO: define how to deal with this. When attempting to connect to a peer, we use the PeerURL: `@:`. We will attempt to connect to the peer at IP:PORT, and verify, @@ -22,7 +18,7 @@ corresponding to ``. This prevents man-in-the-middle attacks on the peer lay Peers can also be connected to without specifying an ID, ie. just `:`. In this case, the peer must be authenticated out-of-band of Tendermint, -for instance via VPN +for instance via VPN. ## Connections @@ -49,8 +45,8 @@ It goes as follows: - if we had the smaller ephemeral pubkey, use nonce1 for receiving, nonce2 for sending; else the opposite - all communications from now on are encrypted using the shared secret and the nonces, where each nonce -- we now have an encrypted channel, but still need to authenticate increments by 2 every time it is used +- we now have an encrypted channel, but still need to authenticate - generate a common challenge to sign: - SHA256 of the sorted (lowest first) and concatenated ephemeral pub keys - sign the common challenge with our persistent private key @@ -76,7 +72,7 @@ an existing peer. If so, we disconnect. We also check the peer's address and public key against an optional whitelist which can be managed through the ABCI app - -if the whitelist is enabled and the peer does not qualigy, the connection is +if the whitelist is enabled and the peer does not qualify, the connection is terminated. @@ -86,14 +82,14 @@ The Tendermint Version Handshake allows the peers to exchange their NodeInfo: ``` type NodeInfo struct { - PubKey crypto.PubKey `json:"pub_key"` - Moniker string `json:"moniker"` - Network string `json:"network"` - RemoteAddr string `json:"remote_addr"` - ListenAddr string `json:"listen_addr"` // accepting in - Version string `json:"version"` // major.minor.revision - Channels []int8 `json:"channels"` // active reactor channels - Other []string `json:"other"` // other application specific data + PubKey crypto.PubKey + Moniker string + Network string + RemoteAddr string + ListenAddr string + Version string + Channels []int8 + Other []string } ``` From c521f385a6fa7b4147e1edb55ad3ab7ca0df26cb Mon Sep 17 00:00:00 2001 From: Zach Date: Tue, 9 Jan 2018 20:35:47 +0000 Subject: [PATCH 042/188] add quick start guide (#1069) --- docs/examples/getting-started.md | 139 ++++++++++++++++++++++++ docs/examples/install_tendermint.sh | 32 ++++++ docs/examples/node1/config.toml | 15 +++ docs/examples/node1/genesis.json | 42 +++++++ docs/examples/node1/priv_validator.json | 15 +++ docs/examples/node2/config.toml | 15 +++ docs/examples/node2/genesis.json | 42 +++++++ docs/examples/node2/priv_validator.json | 15 +++ docs/examples/node3/config.toml | 15 +++ docs/examples/node3/genesis.json | 42 +++++++ docs/examples/node3/priv_validator.json | 15 +++ docs/examples/node4/config.toml | 15 +++ docs/examples/node4/genesis.json | 42 +++++++ docs/examples/node4/priv_validator.json | 15 +++ 14 files changed, 459 insertions(+) create mode 100644 docs/examples/getting-started.md create mode 100644 docs/examples/install_tendermint.sh create mode 100644 docs/examples/node1/config.toml create mode 100644 docs/examples/node1/genesis.json create mode 100644 docs/examples/node1/priv_validator.json create mode 100644 docs/examples/node2/config.toml create mode 100644 docs/examples/node2/genesis.json create mode 100644 docs/examples/node2/priv_validator.json create mode 100644 docs/examples/node3/config.toml create mode 100644 docs/examples/node3/genesis.json create mode 100644 docs/examples/node3/priv_validator.json create mode 100644 docs/examples/node4/config.toml create mode 100644 docs/examples/node4/genesis.json create mode 100644 docs/examples/node4/priv_validator.json diff --git a/docs/examples/getting-started.md b/docs/examples/getting-started.md new file mode 100644 index 000000000..d7447428d --- /dev/null +++ b/docs/examples/getting-started.md @@ -0,0 +1,139 @@ +# Tendermint + +## Overview + +This is a quick start guide. If you have a vague idea about how Tendermint works +and want to get started right away, continue. Otherwise, [review the documentation](http://tendermint.readthedocs.io/en/master/) + +## Install + +### Quick Install + +On a fresh Ubuntu 16.04 machine can be done with [this script](https://git.io/vNLfY), like so: + +``` +curl -L https://git.io/vNLfY | bash +source ~/.profile +``` + +WARNING: do not run the above on your local machine. + +The script is also used to facilitate cluster deployment below. + +### Manual Install + +Requires: +- `go` minimum version 1.9.2 +- `$GOPATH` set and `$GOPATH/bin` on your $PATH (see https://github.com/tendermint/tendermint/wiki/Setting-GOPATH) + +To install Tendermint, run: + +``` +go get github.com/tendermint/tendermint +cd $GOPATH/src/github.com/tendermint/tendermint +make get_vendor_deps +make install +``` + +Confirm installation: + +``` +$ tendermint version +0.15.0-381fe19 +``` + +## Initialization + +Running: + +``` +tendermint init +``` + +will create the required files for a single, local node. + +These files are found in `$HOME/.tendermint`: + +``` +$ ls $HOME/.tendermint + +config.toml data genesis.json priv_validator.json +``` + +For a single, local node, no further configuration is required. +Configuring a cluster is covered further below. + +## Local Node + +Start tendermint with a simple in-process application: + +``` +tendermint node --proxy_app=dummy +``` + +and blocks will start to stream in: + +``` +I[01-06|01:45:15.592] Executed block module=state height=1 validTxs=0 invalidTxs=0 +I[01-06|01:45:15.624] Committed state module=state height=1 txs=0 appHash= +``` + +Check the status with: + +``` +curl -s localhost:46657/status +``` + +### Sending Transactions + +With the dummy app running, we can send transactions: + +``` +curl -s 'localhost:46657/broadcast_tx_commit?tx="abcd"' +``` + +and check that it worked with: + +``` +curl -s 'localhost:46657/abci_query?data="abcd"' +``` + +We can send transactions with a key:value store: + +``` +curl -s 'localhost:46657/broadcast_tx_commit?tx="name=satoshi"' +``` + +and query the key: + +``` +curl -s 'localhost:46657/abci_query?data="name"' +``` + +where the value is returned in hex. + +## Cluster of Nodes + +First create four Ubuntu cloud machines. The following was testing on Digital Ocean Ubuntu 16.04 x64 (3GB/1CPU, 20GB SSD). We'll refer to their respective IP addresses below as IP1, IP2, IP3, IP4. + +Then, `ssh` into each machine, and `curl` then execute [this script](https://git.io/vNLfY): + +``` +curl -L https://git.io/vNLfY | bash +source ~/.profile +``` + +This will install `go` and other dependencies, get the Tendermint source code, then compile the `tendermint` binary. + +Next, `cd` into `docs/examples`. Each command below should be run from each node, in sequence: + +``` +tendermint node --home ./node1 --proxy_app=dummy +tendermint node --home ./node2 --proxy_app=dummy --p2p.seeds IP1:46656 +tendermint node --home ./node3 --proxy_app=dummy --p2p.seeds IP1:46656,IP2:46656 +tendermint node --home ./node4 --proxy_app=dummy --p2p.seeds IP1:46656,IP2:46656,IP3:46656 +``` + +Note that after the third node is started, blocks will start to stream in because >2/3 of validators (defined in the `genesis.json` have come online). Seeds can also be specified in the `config.toml`. See [this PR](https://github.com/tendermint/tendermint/pull/792) for more information about configuration options. + +Transactions can then be sent as covered in the single, local node example above. diff --git a/docs/examples/install_tendermint.sh b/docs/examples/install_tendermint.sh new file mode 100644 index 000000000..ca328dad0 --- /dev/null +++ b/docs/examples/install_tendermint.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +# XXX: this script is meant to be used only on a fresh Ubuntu 16.04 instance +# and has only been tested on Digital Ocean + +# get and unpack golang +curl -O https://storage.googleapis.com/golang/go1.9.2.linux-amd64.tar.gz +tar -xvf go1.9.2.linux-amd64.tar.gz + +apt install make + +## move go and add binary to path +mv go /usr/local +echo "export PATH=\$PATH:/usr/local/go/bin" >> ~/.profile + +## create the GOPATH directory, set GOPATH and put on PATH +mkdir goApps +echo "export GOPATH=/root/goApps" >> ~/.profile +echo "export PATH=\$PATH:\$GOPATH/bin" >> ~/.profile + +source ~/.profile + +## get the code and move into it +REPO=github.com/tendermint/tendermint +go get $REPO +cd $GOPATH/src/$REPO + +## build +git checkout v0.15.0 +make get_tools +make get_vendor_deps +make install \ No newline at end of file diff --git a/docs/examples/node1/config.toml b/docs/examples/node1/config.toml new file mode 100644 index 000000000..10bbf7105 --- /dev/null +++ b/docs/examples/node1/config.toml @@ -0,0 +1,15 @@ +# This is a TOML config file. +# For more information, see https://github.com/toml-lang/toml + +proxy_app = "tcp://127.0.0.1:46658" +moniker = "penguin" +fast_sync = true +db_backend = "leveldb" +log_level = "state:info,*:error" + +[rpc] +laddr = "tcp://0.0.0.0:46657" + +[p2p] +laddr = "tcp://0.0.0.0:46656" +seeds = "" diff --git a/docs/examples/node1/genesis.json b/docs/examples/node1/genesis.json new file mode 100644 index 000000000..78ff6ab3b --- /dev/null +++ b/docs/examples/node1/genesis.json @@ -0,0 +1,42 @@ +{ + "genesis_time":"0001-01-01T00:00:00Z", + "chain_id":"test-chain-wt7apy", + "validators":[ + { + "pub_key":{ + "type":"ed25519", + "data":"F08446C80A33E10D620E21450821B58D053778528F2B583D423B3E46EC647D30" + }, + "power":10, + "name":"node1" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "A8423F70A9E512643B4B00F7C3701ECAD1F31B0A1FAA45852C41046353B9A07F" + }, + "power":10, + "name":"node2" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "E52EFFAEDFE1D618ECDA71DE3B23592B3612CAABA0C10826E4C3120B2198C29A" + }, + "power":10, + "name":"node3" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "2B8FC09C07955A02998DFE5AF1AAD1C44115ECA7635FF51A867CF4265D347C07" + }, + "power":10, + "name":"node4" + } + ], + "app_hash":"" +} diff --git a/docs/examples/node1/priv_validator.json b/docs/examples/node1/priv_validator.json new file mode 100644 index 000000000..f6c5634a1 --- /dev/null +++ b/docs/examples/node1/priv_validator.json @@ -0,0 +1,15 @@ +{ + "address":"4DC2756029CE0D8F8C6C3E4C3CE6EE8C30AF352F", + "pub_key":{ + "type":"ed25519", + "data":"F08446C80A33E10D620E21450821B58D053778528F2B583D423B3E46EC647D30" + }, + "last_height":0, + "last_round":0, + "last_step":0, + "last_signature":null, + "priv_key":{ + "type":"ed25519", + "data":"4D3648E1D93C8703E436BFF814728B6BD270CFDFD686DF5385E8ACBEB7BE2D7DF08446C80A33E10D620E21450821B58D053778528F2B583D423B3E46EC647D30" + } +} diff --git a/docs/examples/node2/config.toml b/docs/examples/node2/config.toml new file mode 100644 index 000000000..10bbf7105 --- /dev/null +++ b/docs/examples/node2/config.toml @@ -0,0 +1,15 @@ +# This is a TOML config file. +# For more information, see https://github.com/toml-lang/toml + +proxy_app = "tcp://127.0.0.1:46658" +moniker = "penguin" +fast_sync = true +db_backend = "leveldb" +log_level = "state:info,*:error" + +[rpc] +laddr = "tcp://0.0.0.0:46657" + +[p2p] +laddr = "tcp://0.0.0.0:46656" +seeds = "" diff --git a/docs/examples/node2/genesis.json b/docs/examples/node2/genesis.json new file mode 100644 index 000000000..78ff6ab3b --- /dev/null +++ b/docs/examples/node2/genesis.json @@ -0,0 +1,42 @@ +{ + "genesis_time":"0001-01-01T00:00:00Z", + "chain_id":"test-chain-wt7apy", + "validators":[ + { + "pub_key":{ + "type":"ed25519", + "data":"F08446C80A33E10D620E21450821B58D053778528F2B583D423B3E46EC647D30" + }, + "power":10, + "name":"node1" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "A8423F70A9E512643B4B00F7C3701ECAD1F31B0A1FAA45852C41046353B9A07F" + }, + "power":10, + "name":"node2" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "E52EFFAEDFE1D618ECDA71DE3B23592B3612CAABA0C10826E4C3120B2198C29A" + }, + "power":10, + "name":"node3" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "2B8FC09C07955A02998DFE5AF1AAD1C44115ECA7635FF51A867CF4265D347C07" + }, + "power":10, + "name":"node4" + } + ], + "app_hash":"" +} diff --git a/docs/examples/node2/priv_validator.json b/docs/examples/node2/priv_validator.json new file mode 100644 index 000000000..7733196e6 --- /dev/null +++ b/docs/examples/node2/priv_validator.json @@ -0,0 +1,15 @@ +{ + "address": "DD6C63A762608A9DDD4A845657743777F63121D6", + "pub_key": { + "type": "ed25519", + "data": "A8423F70A9E512643B4B00F7C3701ECAD1F31B0A1FAA45852C41046353B9A07F" + }, + "last_height": 0, + "last_round": 0, + "last_step": 0, + "last_signature": null, + "priv_key": { + "type": "ed25519", + "data": "7B0DE666FF5E9B437D284BCE767F612381890C018B93B0A105D2E829A568DA6FA8423F70A9E512643B4B00F7C3701ECAD1F31B0A1FAA45852C41046353B9A07F" + } +} diff --git a/docs/examples/node3/config.toml b/docs/examples/node3/config.toml new file mode 100644 index 000000000..10bbf7105 --- /dev/null +++ b/docs/examples/node3/config.toml @@ -0,0 +1,15 @@ +# This is a TOML config file. +# For more information, see https://github.com/toml-lang/toml + +proxy_app = "tcp://127.0.0.1:46658" +moniker = "penguin" +fast_sync = true +db_backend = "leveldb" +log_level = "state:info,*:error" + +[rpc] +laddr = "tcp://0.0.0.0:46657" + +[p2p] +laddr = "tcp://0.0.0.0:46656" +seeds = "" diff --git a/docs/examples/node3/genesis.json b/docs/examples/node3/genesis.json new file mode 100644 index 000000000..78ff6ab3b --- /dev/null +++ b/docs/examples/node3/genesis.json @@ -0,0 +1,42 @@ +{ + "genesis_time":"0001-01-01T00:00:00Z", + "chain_id":"test-chain-wt7apy", + "validators":[ + { + "pub_key":{ + "type":"ed25519", + "data":"F08446C80A33E10D620E21450821B58D053778528F2B583D423B3E46EC647D30" + }, + "power":10, + "name":"node1" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "A8423F70A9E512643B4B00F7C3701ECAD1F31B0A1FAA45852C41046353B9A07F" + }, + "power":10, + "name":"node2" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "E52EFFAEDFE1D618ECDA71DE3B23592B3612CAABA0C10826E4C3120B2198C29A" + }, + "power":10, + "name":"node3" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "2B8FC09C07955A02998DFE5AF1AAD1C44115ECA7635FF51A867CF4265D347C07" + }, + "power":10, + "name":"node4" + } + ], + "app_hash":"" +} diff --git a/docs/examples/node3/priv_validator.json b/docs/examples/node3/priv_validator.json new file mode 100644 index 000000000..d570b1279 --- /dev/null +++ b/docs/examples/node3/priv_validator.json @@ -0,0 +1,15 @@ +{ + "address": "6D6A1E313B407B5474106CA8759C976B777AB659", + "pub_key": { + "type": "ed25519", + "data": "E52EFFAEDFE1D618ECDA71DE3B23592B3612CAABA0C10826E4C3120B2198C29A" + }, + "last_height": 0, + "last_round": 0, + "last_step": 0, + "last_signature": null, + "priv_key": { + "type": "ed25519", + "data": "622432A370111A5C25CFE121E163FE709C9D5C95F551EDBD7A2C69A8545C9B76E52EFFAEDFE1D618ECDA71DE3B23592B3612CAABA0C10826E4C3120B2198C29A" + } +} diff --git a/docs/examples/node4/config.toml b/docs/examples/node4/config.toml new file mode 100644 index 000000000..10bbf7105 --- /dev/null +++ b/docs/examples/node4/config.toml @@ -0,0 +1,15 @@ +# This is a TOML config file. +# For more information, see https://github.com/toml-lang/toml + +proxy_app = "tcp://127.0.0.1:46658" +moniker = "penguin" +fast_sync = true +db_backend = "leveldb" +log_level = "state:info,*:error" + +[rpc] +laddr = "tcp://0.0.0.0:46657" + +[p2p] +laddr = "tcp://0.0.0.0:46656" +seeds = "" diff --git a/docs/examples/node4/genesis.json b/docs/examples/node4/genesis.json new file mode 100644 index 000000000..78ff6ab3b --- /dev/null +++ b/docs/examples/node4/genesis.json @@ -0,0 +1,42 @@ +{ + "genesis_time":"0001-01-01T00:00:00Z", + "chain_id":"test-chain-wt7apy", + "validators":[ + { + "pub_key":{ + "type":"ed25519", + "data":"F08446C80A33E10D620E21450821B58D053778528F2B583D423B3E46EC647D30" + }, + "power":10, + "name":"node1" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "A8423F70A9E512643B4B00F7C3701ECAD1F31B0A1FAA45852C41046353B9A07F" + }, + "power":10, + "name":"node2" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "E52EFFAEDFE1D618ECDA71DE3B23592B3612CAABA0C10826E4C3120B2198C29A" + }, + "power":10, + "name":"node3" + } + , + { + "pub_key":{ + "type":"ed25519", + "data": "2B8FC09C07955A02998DFE5AF1AAD1C44115ECA7635FF51A867CF4265D347C07" + }, + "power":10, + "name":"node4" + } + ], + "app_hash":"" +} diff --git a/docs/examples/node4/priv_validator.json b/docs/examples/node4/priv_validator.json new file mode 100644 index 000000000..1ea7831bb --- /dev/null +++ b/docs/examples/node4/priv_validator.json @@ -0,0 +1,15 @@ +{ + "address": "829A9663611D3DD88A3D84EA0249679D650A0755", + "pub_key": { + "type": "ed25519", + "data": "2B8FC09C07955A02998DFE5AF1AAD1C44115ECA7635FF51A867CF4265D347C07" + }, + "last_height": 0, + "last_round": 0, + "last_step": 0, + "last_signature": null, + "priv_key": { + "type": "ed25519", + "data": "0A604D1C9AE94A50150BF39E603239092F9392E4773F4D8F4AC1D86E6438E89E2B8FC09C07955A02998DFE5AF1AAD1C44115ECA7635FF51A867CF4265D347C07" + } +} From 179d6062e4c385b67af414129d6c3cd9b09cb79a Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 27 Dec 2017 14:16:49 -0600 Subject: [PATCH 043/188] try to connect through addrbook before requesting peers from seeds MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit we only use seeds if we can’t connect to peers in the addrbook. Refs #864 --- node/node.go | 38 +++++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 7 deletions(-) diff --git a/node/node.go b/node/node.go index fde8e1e0a..f8164955d 100644 --- a/node/node.go +++ b/node/node.go @@ -8,6 +8,7 @@ import ( "net" "net/http" "strings" + "time" abci "github.com/tendermint/abci/types" crypto "github.com/tendermint/go-crypto" @@ -379,19 +380,42 @@ func (n *Node) OnStart() error { return err } - // If seeds exist, add them to the address book and dial out - if n.config.P2P.Seeds != "" { - // dial out - seeds := strings.Split(n.config.P2P.Seeds, ",") - if err := n.DialSeeds(seeds); err != nil { - return err - } + err = n.dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect() + if err != nil { + return err } // start tx indexer return n.indexerService.Start() } +func (n *Node) dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect() error { + if n.config.P2P.Seeds == "" { + return nil + } + + seeds := strings.Split(n.config.P2P.Seeds, ",") + + // prefer peers from address book + if n.config.P2P.PexReactor && n.addrBook.Size() > 0 { + // give some time to PexReactor to connect us to other peers + const fallbackToSeedsAfterSec = 30 * time.Second + go func() { + time.Sleep(fallbackToSeedsAfterSec) + // fallback to dialing seeds if for some reason we can't connect to any + // peers + outbound, inbound, _ := n.sw.NumPeers() + if n.IsRunning() && outbound+inbound == 0 { + n.DialSeeds(seeds) + } + }() + return nil + } + + // add seeds to the address book and dial out + return n.DialSeeds(seeds) +} + // OnStop stops the Node. It implements cmn.Service. func (n *Node) OnStop() { n.BaseService.OnStop() From 28fc15028a16ed866354ca8f4be853effda14ca6 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 28 Dec 2017 12:54:39 -0600 Subject: [PATCH 044/188] distinguish between seeds and manual peers in the config/flags MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - we only use seeds if we can’t connect to peers in the addrbook. - we always connect to nodes given in config/flags Refs #864 --- benchmarks/blockchain/localsync.sh | 2 +- cmd/tendermint/commands/run_node.go | 1 + config/config.go | 7 +++- config/toml.go | 2 + docs/deploy-testnets.rst | 6 +-- docs/specification/configuration.rst | 2 + docs/specification/rpc.rst | 2 +- docs/using-tendermint.rst | 10 ++--- node/node.go | 41 +++++++++---------- p2p/pex_reactor.go | 2 +- p2p/switch.go | 28 ++++++------- rpc/client/localclient.go | 4 +- rpc/client/mock/client.go | 4 +- rpc/core/doc.go | 2 +- rpc/core/net.go | 16 ++++---- rpc/core/pipe.go | 2 +- rpc/core/routes.go | 2 +- rpc/core/types/responses.go | 2 +- test/p2p/README.md | 2 +- test/p2p/fast_sync/test_peer.sh | 6 +-- test/p2p/local_testnet_start.sh | 10 ++--- test/p2p/manual_peers.sh | 12 ++++++ .../{dial_seeds.sh => dial_manual_peers.sh} | 12 +++--- test/p2p/pex/test.sh | 4 +- test/p2p/pex/test_addrbook.sh | 8 ++-- ...ial_seeds.sh => test_dial_manual_peers.sh} | 14 +++---- test/p2p/seeds.sh | 12 ------ test/p2p/test.sh | 4 +- 28 files changed, 112 insertions(+), 107 deletions(-) create mode 100644 test/p2p/manual_peers.sh rename test/p2p/pex/{dial_seeds.sh => dial_manual_peers.sh} (60%) rename test/p2p/pex/{test_dial_seeds.sh => test_dial_manual_peers.sh} (75%) delete mode 100644 test/p2p/seeds.sh diff --git a/benchmarks/blockchain/localsync.sh b/benchmarks/blockchain/localsync.sh index e181c5655..18afaee82 100755 --- a/benchmarks/blockchain/localsync.sh +++ b/benchmarks/blockchain/localsync.sh @@ -51,7 +51,7 @@ tendermint node \ --proxy_app dummy \ --p2p.laddr tcp://127.0.0.1:56666 \ --rpc.laddr tcp://127.0.0.1:56667 \ - --p2p.seeds 127.0.0.1:56656 \ + --p2p.manual_peers 127.0.0.1:56656 \ --log_level error & # wait for node to start up so we only count time where we are actually syncing diff --git a/cmd/tendermint/commands/run_node.go b/cmd/tendermint/commands/run_node.go index 0f37bb319..5b87a4b82 100644 --- a/cmd/tendermint/commands/run_node.go +++ b/cmd/tendermint/commands/run_node.go @@ -29,6 +29,7 @@ func AddNodeFlags(cmd *cobra.Command) { // p2p flags cmd.Flags().String("p2p.laddr", config.P2P.ListenAddress, "Node listen address. (0.0.0.0:0 means any interface, any port)") cmd.Flags().String("p2p.seeds", config.P2P.Seeds, "Comma delimited host:port seed nodes") + cmd.Flags().String("p2p.manual_peers", config.P2P.ManualPeers, "Comma delimited host:port manual peers") cmd.Flags().Bool("p2p.skip_upnp", config.P2P.SkipUPNP, "Skip UPNP configuration") cmd.Flags().Bool("p2p.pex", config.P2P.PexReactor, "Enable/disable Peer-Exchange") diff --git a/config/config.go b/config/config.go index 5d4a8ef65..2d38ed916 100644 --- a/config/config.go +++ b/config/config.go @@ -170,7 +170,7 @@ type RPCConfig struct { // NOTE: This server only supports /broadcast_tx_commit GRPCListenAddress string `mapstructure:"grpc_laddr"` - // Activate unsafe RPC commands like /dial_seeds and /unsafe_flush_mempool + // Activate unsafe RPC commands like /dial_manual_peers and /unsafe_flush_mempool Unsafe bool `mapstructure:"unsafe"` } @@ -203,8 +203,13 @@ type P2PConfig struct { ListenAddress string `mapstructure:"laddr"` // Comma separated list of seed nodes to connect to + // We only use these if we can’t connect to peers in the addrbook Seeds string `mapstructure:"seeds"` + // Comma separated list of manual peers to connect to + // We always connect to these + ManualPeers string `mapstructure:"manual_peers"` + // Skip UPNP port forwarding SkipUPNP bool `mapstructure:"skip_upnp"` diff --git a/config/toml.go b/config/toml.go index 735f45c12..59fc46dcf 100644 --- a/config/toml.go +++ b/config/toml.go @@ -42,6 +42,7 @@ laddr = "tcp://0.0.0.0:46657" [p2p] laddr = "tcp://0.0.0.0:46656" seeds = "" +manual_peers = "" ` func defaultConfig(moniker string) string { @@ -106,6 +107,7 @@ laddr = "tcp://0.0.0.0:36657" [p2p] laddr = "tcp://0.0.0.0:36656" seeds = "" +manual_peers = "" ` func testConfig(moniker string) (testConfig string) { diff --git a/docs/deploy-testnets.rst b/docs/deploy-testnets.rst index 89fa4b799..8c66c4b34 100644 --- a/docs/deploy-testnets.rst +++ b/docs/deploy-testnets.rst @@ -24,13 +24,13 @@ Here are the steps to setting up a testnet manually: ``tendermint gen_validator`` 4) Compile a list of public keys for each validator into a ``genesis.json`` file. -5) Run ``tendermint node --p2p.seeds=< seed addresses >`` on each node, - where ``< seed addresses >`` is a comma separated list of the IP:PORT +5) Run ``tendermint node --p2p.manual_peers=< peer addresses >`` on each node, + where ``< peer addresses >`` is a comma separated list of the IP:PORT combination for each node. The default port for Tendermint is ``46656``. Thus, if the IP addresses of your nodes were ``192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4``, the command would look like: - ``tendermint node --p2p.seeds=192.168.0.1:46656,192.168.0.2:46656,192.168.0.3:46656,192.168.0.4:46656``. + ``tendermint node --p2p.manual_peers=192.168.0.1:46656,192.168.0.2:46656,192.168.0.3:46656,192.168.0.4:46656``. After a few seconds, all the nodes should connect to eachother and start making blocks! For more information, see the Tendermint Networks section diff --git a/docs/specification/configuration.rst b/docs/specification/configuration.rst index 74b41d09d..3271cd59d 100644 --- a/docs/specification/configuration.rst +++ b/docs/specification/configuration.rst @@ -49,6 +49,8 @@ The main config parameters are defined - ``p2p.pex``: Enable Peer-Exchange (dev feature). *Default*: ``false`` - ``p2p.seeds``: Comma delimited host:port seed nodes. *Default*: ``""`` +- ``p2p.manual_peers``: Comma delimited host:port manual peers. *Default*: + ``""`` - ``p2p.skip_upnp``: Skip UPNP detection. *Default*: ``false`` - ``rpc.grpc_laddr``: GRPC listen address (BroadcastTx only). Port diff --git a/docs/specification/rpc.rst b/docs/specification/rpc.rst index 33173d196..f637c1717 100644 --- a/docs/specification/rpc.rst +++ b/docs/specification/rpc.rst @@ -111,7 +111,7 @@ An HTTP Get request to the root RPC endpoint (e.g. http://localhost:46657/broadcast_tx_commit?tx=_ http://localhost:46657/broadcast_tx_sync?tx=_ http://localhost:46657/commit?height=_ - http://localhost:46657/dial_seeds?seeds=_ + http://localhost:46657/dial_manual_peers?manual_peers=_ http://localhost:46657/subscribe?event=_ http://localhost:46657/tx?hash=_&prove=_ http://localhost:46657/unsafe_start_cpu_profiler?filename=_ diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index 9076230ea..2ec5624ec 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -270,14 +270,14 @@ For instance, :: - tendermint node --p2p.seeds "1.2.3.4:46656,5.6.7.8:46656" + tendermint node --p2p.manual_peers "1.2.3.4:46656,5.6.7.8:46656" -Alternatively, you can use the ``/dial_seeds`` endpoint of the RPC to +Alternatively, you can use the ``/dial_manual_peers`` endpoint of the RPC to specify peers for a running node to connect to: :: - curl --data-urlencode "seeds=[\"1.2.3.4:46656\",\"5.6.7.8:46656\"]" localhost:46657/dial_seeds + curl --data-urlencode "manual_peers=[\"1.2.3.4:46656\",\"5.6.7.8:46656\"]" localhost:46657/dial_manual_peers Additionally, the peer-exchange protocol can be enabled using the ``--pex`` flag, though this feature is `still under @@ -290,7 +290,7 @@ Adding a Non-Validator Adding a non-validator is simple. Just copy the original ``genesis.json`` to ``~/.tendermint`` on the new machine and start the -node, specifying seeds as necessary. If no seeds are specified, the node +node, specifying manual_peers as necessary. If no manual_peers are specified, the node won't make any blocks, because it's not a validator, and it won't hear about any blocks, because it's not connected to the other peer. @@ -363,7 +363,7 @@ and the new ``priv_validator.json`` to the ``~/.tendermint`` on a new machine. Now run ``tendermint node`` on both machines, and use either -``--p2p.seeds`` or the ``/dial_seeds`` to get them to peer up. They +``--p2p.manual_peers`` or the ``/dial_manual_peers`` to get them to peer up. They should start making blocks, and will only continue to do so as long as both of them are online. diff --git a/node/node.go b/node/node.go index f8164955d..1970bb88e 100644 --- a/node/node.go +++ b/node/node.go @@ -380,40 +380,44 @@ func (n *Node) OnStart() error { return err } - err = n.dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect() - if err != nil { - return err + // Always connect to manual peers + if n.config.P2P.ManualPeers != "" { + err = n.sw.DialPeersAsync(n.addrBook, strings.Split(n.config.P2P.ManualPeers, ","), true) + if err != nil { + return err + } + } + + if n.config.P2P.Seeds != "" { + err = n.dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect(strings.Split(n.config.P2P.Seeds, ",")) + if err != nil { + return err + } } // start tx indexer return n.indexerService.Start() } -func (n *Node) dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect() error { - if n.config.P2P.Seeds == "" { - return nil - } - - seeds := strings.Split(n.config.P2P.Seeds, ",") - +func (n *Node) dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect(seeds []string) error { // prefer peers from address book if n.config.P2P.PexReactor && n.addrBook.Size() > 0 { - // give some time to PexReactor to connect us to other peers - const fallbackToSeedsAfterSec = 30 * time.Second + // give some time for PexReactor to connect us to other peers + const fallbackToSeedsAfter = 30 * time.Second go func() { - time.Sleep(fallbackToSeedsAfterSec) + time.Sleep(fallbackToSeedsAfter) // fallback to dialing seeds if for some reason we can't connect to any // peers outbound, inbound, _ := n.sw.NumPeers() if n.IsRunning() && outbound+inbound == 0 { - n.DialSeeds(seeds) + // TODO: ignore error? + n.sw.DialPeersAsync(n.addrBook, seeds, false) } }() return nil } - // add seeds to the address book and dial out - return n.DialSeeds(seeds) + return n.sw.DialPeersAsync(n.addrBook, seeds, false) } // OnStop stops the Node. It implements cmn.Service. @@ -599,11 +603,6 @@ func (n *Node) NodeInfo() *p2p.NodeInfo { return n.sw.NodeInfo() } -// DialSeeds dials the given seeds on the Switch. -func (n *Node) DialSeeds(seeds []string) error { - return n.sw.DialSeeds(n.addrBook, seeds) -} - //------------------------------------------------------------------------------ var ( diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 2bfe7dcab..d4a8cbf18 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -100,7 +100,7 @@ func (r *PEXReactor) GetChannels() []*ChannelDescriptor { func (r *PEXReactor) AddPeer(p Peer) { if p.IsOutbound() { // For outbound peers, the address is already in the books. - // Either it was added in DialSeeds or when we + // Either it was added in DialManualPeers or when we // received the peer's address in r.Receive if r.book.NeedMoreAddrs() { r.RequestPEX(p) diff --git a/p2p/switch.go b/p2p/switch.go index 76b019806..4deee63d4 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -16,7 +16,7 @@ import ( const ( // wait a random amount of time from this interval - // before dialing seeds or reconnecting to help prevent DoS + // before dialing peers or reconnecting to help prevent DoS dialRandomizerIntervalMilliseconds = 3000 // repeatedly try to reconnect for a few minutes @@ -315,15 +315,15 @@ func (sw *Switch) startInitPeer(peer *peer) { } } -// DialSeeds dials a list of seeds asynchronously in random order. -func (sw *Switch) DialSeeds(addrBook *AddrBook, seeds []string) error { - netAddrs, errs := NewNetAddressStrings(seeds) +// DialPeersAsync dials a list of peers asynchronously in random order (optionally, making them persistent). +func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent bool) error { + netAddrs, errs := NewNetAddressStrings(peers) for _, err := range errs { - sw.Logger.Error("Error in seed's address", "err", err) + sw.Logger.Error("Error in peer's address", "err", err) } if addrBook != nil { - // add seeds to `addrBook` + // add manual peers to `addrBook` ourAddrS := sw.nodeInfo.ListenAddr ourAddr, _ := NewNetAddressString(ourAddrS) for _, netAddr := range netAddrs { @@ -342,7 +342,12 @@ func (sw *Switch) DialSeeds(addrBook *AddrBook, seeds []string) error { go func(i int) { sw.randomSleep(0) j := perm[i] - sw.dialSeed(netAddrs[j]) + peer, err := sw.DialPeerWithAddress(netAddrs[j], persistent) + if err != nil { + sw.Logger.Error("Error dialing peer", "err", err) + } else { + sw.Logger.Info("Connected to peer", "peer", peer) + } }(i) } return nil @@ -354,15 +359,6 @@ func (sw *Switch) randomSleep(interval time.Duration) { time.Sleep(r + interval) } -func (sw *Switch) dialSeed(addr *NetAddress) { - peer, err := sw.DialPeerWithAddress(addr, true) - if err != nil { - sw.Logger.Error("Error dialing seed", "err", err) - } else { - sw.Logger.Info("Connected to seed", "peer", peer) - } -} - // DialPeerWithAddress dials the given peer and runs sw.addPeer if it connects successfully. // If `persistent == true`, the switch will always try to reconnect to this peer if the connection ever fails. func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, error) { diff --git a/rpc/client/localclient.go b/rpc/client/localclient.go index 71f25ef23..d30f7543c 100644 --- a/rpc/client/localclient.go +++ b/rpc/client/localclient.go @@ -84,8 +84,8 @@ func (Local) DumpConsensusState() (*ctypes.ResultDumpConsensusState, error) { return core.DumpConsensusState() } -func (Local) DialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { - return core.UnsafeDialSeeds(seeds) +func (Local) DialManualPeers(manual_peers []string) (*ctypes.ResultDialManualPeers, error) { + return core.UnsafeDialManualPeers(manual_peers) } func (Local) BlockchainInfo(minHeight, maxHeight int64) (*ctypes.ResultBlockchainInfo, error) { diff --git a/rpc/client/mock/client.go b/rpc/client/mock/client.go index dc75e04cb..84f6aa2d7 100644 --- a/rpc/client/mock/client.go +++ b/rpc/client/mock/client.go @@ -107,8 +107,8 @@ func (c Client) NetInfo() (*ctypes.ResultNetInfo, error) { return core.NetInfo() } -func (c Client) DialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { - return core.UnsafeDialSeeds(seeds) +func (c Client) DialManualPeers(manual_peers []string) (*ctypes.ResultDialManualPeers, error) { + return core.UnsafeDialManualPeers(manual_peers) } func (c Client) BlockchainInfo(minHeight, maxHeight int64) (*ctypes.ResultBlockchainInfo, error) { diff --git a/rpc/core/doc.go b/rpc/core/doc.go index a72cec020..1a59459dd 100644 --- a/rpc/core/doc.go +++ b/rpc/core/doc.go @@ -94,7 +94,7 @@ Endpoints that require arguments: /broadcast_tx_commit?tx=_ /broadcast_tx_sync?tx=_ /commit?height=_ -/dial_seeds?seeds=_ +/dial_manual_peers?manual_peers=_ /subscribe?event=_ /tx?hash=_&prove=_ /unsafe_start_cpu_profiler?filename=_ diff --git a/rpc/core/net.go b/rpc/core/net.go index b3f1c7ce5..845cda646 100644 --- a/rpc/core/net.go +++ b/rpc/core/net.go @@ -54,18 +54,18 @@ func NetInfo() (*ctypes.ResultNetInfo, error) { }, nil } -func UnsafeDialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { +func UnsafeDialManualPeers(manual_peers []string) (*ctypes.ResultDialManualPeers, error) { - if len(seeds) == 0 { - return &ctypes.ResultDialSeeds{}, fmt.Errorf("No seeds provided") + if len(manual_peers) == 0 { + return &ctypes.ResultDialManualPeers{}, fmt.Errorf("No manual peers provided") } - // starts go routines to dial each seed after random delays - logger.Info("DialSeeds", "addrBook", addrBook, "seeds", seeds) - err := p2pSwitch.DialSeeds(addrBook, seeds) + // starts go routines to dial each peer after random delays + logger.Info("DialManualPeers", "addrBook", addrBook, "manual_peers", manual_peers) + err := p2pSwitch.DialPeersAsync(addrBook, manual_peers, true) if err != nil { - return &ctypes.ResultDialSeeds{}, err + return &ctypes.ResultDialManualPeers{}, err } - return &ctypes.ResultDialSeeds{"Dialing seeds in progress. See /net_info for details"}, nil + return &ctypes.ResultDialManualPeers{"Dialing manual peers in progress. See /net_info for details"}, nil } // Get genesis file. diff --git a/rpc/core/pipe.go b/rpc/core/pipe.go index 927d7ccad..6d67fd898 100644 --- a/rpc/core/pipe.go +++ b/rpc/core/pipe.go @@ -32,7 +32,7 @@ type P2P interface { NumPeers() (outbound, inbound, dialig int) NodeInfo() *p2p.NodeInfo IsListening() bool - DialSeeds(*p2p.AddrBook, []string) error + DialPeersAsync(*p2p.AddrBook, []string, bool) error } //---------------------------------------------- diff --git a/rpc/core/routes.go b/rpc/core/routes.go index fb5a1fd36..84d405ac6 100644 --- a/rpc/core/routes.go +++ b/rpc/core/routes.go @@ -38,7 +38,7 @@ var Routes = map[string]*rpc.RPCFunc{ func AddUnsafeRoutes() { // control API - Routes["dial_seeds"] = rpc.NewRPCFunc(UnsafeDialSeeds, "seeds") + Routes["dial_manual_peers"] = rpc.NewRPCFunc(UnsafeDialManualPeers, "manual_peers") Routes["unsafe_flush_mempool"] = rpc.NewRPCFunc(UnsafeFlushMempool, "") // profiler API diff --git a/rpc/core/types/responses.go b/rpc/core/types/responses.go index dae7c0046..4d8e79469 100644 --- a/rpc/core/types/responses.go +++ b/rpc/core/types/responses.go @@ -82,7 +82,7 @@ type ResultNetInfo struct { Peers []Peer `json:"peers"` } -type ResultDialSeeds struct { +type ResultDialManualPeers struct { Log string `json:"log"` } diff --git a/test/p2p/README.md b/test/p2p/README.md index e2a577cfa..692b730b2 100644 --- a/test/p2p/README.md +++ b/test/p2p/README.md @@ -38,7 +38,7 @@ for i in $(seq 1 4); do --name local_testnet_$i \ --entrypoint tendermint \ -e TMHOME=/go/src/github.com/tendermint/tendermint/test/p2p/data/mach$i/core \ - tendermint_tester node --p2p.seeds 172.57.0.101:46656,172.57.0.102:46656,172.57.0.103:46656,172.57.0.104:46656 --proxy_app=dummy + tendermint_tester node --p2p.manual_peers 172.57.0.101:46656,172.57.0.102:46656,172.57.0.103:46656,172.57.0.104:46656 --proxy_app=dummy done ``` diff --git a/test/p2p/fast_sync/test_peer.sh b/test/p2p/fast_sync/test_peer.sh index 8174be0e7..ab5d517d9 100644 --- a/test/p2p/fast_sync/test_peer.sh +++ b/test/p2p/fast_sync/test_peer.sh @@ -23,11 +23,11 @@ docker rm -vf local_testnet_$ID set -e # restart peer - should have an empty blockchain -SEEDS="$(test/p2p/ip.sh 1):46656" +MANUAL_PEERS="$(test/p2p/ip.sh 1):46656" for j in `seq 2 $N`; do - SEEDS="$SEEDS,$(test/p2p/ip.sh $j):46656" + MANUAL_PEERS="$MANUAL_PEERS,$(test/p2p/ip.sh $j):46656" done -bash test/p2p/peer.sh $DOCKER_IMAGE $NETWORK_NAME $ID $PROXY_APP "--p2p.seeds $SEEDS --p2p.pex --rpc.unsafe" +bash test/p2p/peer.sh $DOCKER_IMAGE $NETWORK_NAME $ID $PROXY_APP "--p2p.manual_peers $MANUAL_PEERS --p2p.pex --rpc.unsafe" # wait for peer to sync and check the app hash bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME fs_$ID "test/p2p/fast_sync/check_peer.sh $ID" diff --git a/test/p2p/local_testnet_start.sh b/test/p2p/local_testnet_start.sh index f70bdf04c..c808c613d 100644 --- a/test/p2p/local_testnet_start.sh +++ b/test/p2p/local_testnet_start.sh @@ -7,10 +7,10 @@ N=$3 APP_PROXY=$4 set +u -SEEDS=$5 -if [[ "$SEEDS" != "" ]]; then - echo "Seeds: $SEEDS" - SEEDS="--p2p.seeds $SEEDS" +MANUAL_PEERS=$5 +if [[ "$MANUAL_PEERS" != "" ]]; then + echo "ManualPeers: $MANUAL_PEERS" + MANUAL_PEERS="--p2p.manual_peers $MANUAL_PEERS" fi set -u @@ -20,5 +20,5 @@ cd "$GOPATH/src/github.com/tendermint/tendermint" docker network create --driver bridge --subnet 172.57.0.0/16 "$NETWORK_NAME" for i in $(seq 1 "$N"); do - bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$i" "$APP_PROXY" "$SEEDS --p2p.pex --rpc.unsafe" + bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$i" "$APP_PROXY" "$MANUAL_PEERS --p2p.pex --rpc.unsafe" done diff --git a/test/p2p/manual_peers.sh b/test/p2p/manual_peers.sh new file mode 100644 index 000000000..90051b15b --- /dev/null +++ b/test/p2p/manual_peers.sh @@ -0,0 +1,12 @@ +#! /bin/bash +set -eu + +N=$1 + +cd "$GOPATH/src/github.com/tendermint/tendermint" + +manual_peers="$(test/p2p/ip.sh 1):46656" +for i in $(seq 2 $N); do + manual_peers="$manual_peers,$(test/p2p/ip.sh $i):46656" +done +echo "$manual_peers" diff --git a/test/p2p/pex/dial_seeds.sh b/test/p2p/pex/dial_manual_peers.sh similarity index 60% rename from test/p2p/pex/dial_seeds.sh rename to test/p2p/pex/dial_manual_peers.sh index 15c22af67..4ee79b869 100644 --- a/test/p2p/pex/dial_seeds.sh +++ b/test/p2p/pex/dial_manual_peers.sh @@ -19,13 +19,13 @@ for i in `seq 1 $N`; do done set -e -# seeds need quotes -seeds="\"$(test/p2p/ip.sh 1):46656\"" +# manual_peers need quotes +manual_peers="\"$(test/p2p/ip.sh 1):46656\"" for i in `seq 2 $N`; do - seeds="$seeds,\"$(test/p2p/ip.sh $i):46656\"" + manual_peers="$manual_peers,\"$(test/p2p/ip.sh $i):46656\"" done -echo $seeds +echo $manual_peers -echo $seeds +echo $manual_peers IP=$(test/p2p/ip.sh 1) -curl --data-urlencode "seeds=[$seeds]" "$IP:46657/dial_seeds" +curl --data-urlencode "manual_peers=[$manual_peers]" "$IP:46657/dial_manual_peers" diff --git a/test/p2p/pex/test.sh b/test/p2p/pex/test.sh index d54d81350..2c42781dd 100644 --- a/test/p2p/pex/test.sh +++ b/test/p2p/pex/test.sh @@ -11,5 +11,5 @@ cd $GOPATH/src/github.com/tendermint/tendermint echo "Test reconnecting from the address book" bash test/p2p/pex/test_addrbook.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP -echo "Test connecting via /dial_seeds" -bash test/p2p/pex/test_dial_seeds.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP +echo "Test connecting via /dial_manual_peers" +bash test/p2p/pex/test_dial_manual_peers.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP diff --git a/test/p2p/pex/test_addrbook.sh b/test/p2p/pex/test_addrbook.sh index 35dcb89d3..b215606d6 100644 --- a/test/p2p/pex/test_addrbook.sh +++ b/test/p2p/pex/test_addrbook.sh @@ -9,7 +9,7 @@ PROXY_APP=$4 ID=1 echo "----------------------------------------------------------------------" -echo "Testing pex creates the addrbook and uses it if seeds are not provided" +echo "Testing pex creates the addrbook and uses it if manual_peers are not provided" echo "(assuming peers are started with pex enabled)" CLIENT_NAME="pex_addrbook_$ID" @@ -22,7 +22,7 @@ set +e #CIRCLE docker rm -vf "local_testnet_$ID" set -e -# NOTE that we do not provide seeds +# NOTE that we do not provide manual_peers bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$ID" "$PROXY_APP" "--p2p.pex --rpc.unsafe" docker cp "/tmp/addrbook.json" "local_testnet_$ID:/go/src/github.com/tendermint/tendermint/test/p2p/data/mach1/core/addrbook.json" echo "with the following addrbook:" @@ -35,7 +35,7 @@ echo "" bash test/p2p/client.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$CLIENT_NAME" "test/p2p/pex/check_peer.sh $ID $N" echo "----------------------------------------------------------------------" -echo "Testing other peers connect to us if we have neither seeds nor the addrbook" +echo "Testing other peers connect to us if we have neither manual_peers nor the addrbook" echo "(assuming peers are started with pex enabled)" CLIENT_NAME="pex_no_addrbook_$ID" @@ -46,7 +46,7 @@ set +e #CIRCLE docker rm -vf "local_testnet_$ID" set -e -# NOTE that we do not provide seeds +# NOTE that we do not provide manual_peers bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$ID" "$PROXY_APP" "--p2p.pex --rpc.unsafe" # if the client runs forever, it means other peers have removed us from their books (which should not happen) diff --git a/test/p2p/pex/test_dial_seeds.sh b/test/p2p/pex/test_dial_manual_peers.sh similarity index 75% rename from test/p2p/pex/test_dial_seeds.sh rename to test/p2p/pex/test_dial_manual_peers.sh index ea72004db..ba3e1c4d0 100644 --- a/test/p2p/pex/test_dial_seeds.sh +++ b/test/p2p/pex/test_dial_manual_peers.sh @@ -11,7 +11,7 @@ ID=1 cd $GOPATH/src/github.com/tendermint/tendermint echo "----------------------------------------------------------------------" -echo "Testing full network connection using one /dial_seeds call" +echo "Testing full network connection using one /dial_manual_peers call" echo "(assuming peers are started with pex enabled)" # stop the existing testnet and remove local network @@ -21,16 +21,16 @@ set -e # start the testnet on a local network # NOTE we re-use the same network for all tests -SEEDS="" -bash test/p2p/local_testnet_start.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP $SEEDS +MANUAL_PEERS="" +bash test/p2p/local_testnet_start.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP $MANUAL_PEERS -# dial seeds from one node -CLIENT_NAME="dial_seeds" -bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/pex/dial_seeds.sh $N" +# dial manual_peers from one node +CLIENT_NAME="dial_manual_peers" +bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/pex/dial_manual_peers.sh $N" # test basic connectivity and consensus # start client container and check the num peers and height for all nodes -CLIENT_NAME="dial_seeds_basic" +CLIENT_NAME="dial_manual_peers_basic" bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/basic/test.sh $N" diff --git a/test/p2p/seeds.sh b/test/p2p/seeds.sh deleted file mode 100644 index 4bf866cba..000000000 --- a/test/p2p/seeds.sh +++ /dev/null @@ -1,12 +0,0 @@ -#! /bin/bash -set -eu - -N=$1 - -cd "$GOPATH/src/github.com/tendermint/tendermint" - -seeds="$(test/p2p/ip.sh 1):46656" -for i in $(seq 2 $N); do - seeds="$seeds,$(test/p2p/ip.sh $i):46656" -done -echo "$seeds" diff --git a/test/p2p/test.sh b/test/p2p/test.sh index 6a5537b98..f348efe4a 100644 --- a/test/p2p/test.sh +++ b/test/p2p/test.sh @@ -13,11 +13,11 @@ set +e bash test/p2p/local_testnet_stop.sh "$NETWORK_NAME" "$N" set -e -SEEDS=$(bash test/p2p/seeds.sh $N) +MANUAL_PEERS=$(bash test/p2p/manual_peers.sh $N) # start the testnet on a local network # NOTE we re-use the same network for all tests -bash test/p2p/local_testnet_start.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" "$SEEDS" +bash test/p2p/local_testnet_start.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" "$MANUAL_PEERS" # test basic connectivity and consensus # start client container and check the num peers and height for all nodes From 37f86f9518cc80b1d2f759ce09f381ea96730e54 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 28 Dec 2017 18:27:36 -0600 Subject: [PATCH 045/188] update changelog [ci skip] --- CHANGELOG.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index cda150717..1ceddd2ef 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,13 @@ BUG FIXES: - Graceful handling/recovery for apps that have non-determinism or fail to halt - Graceful handling/recovery for violations of safety, or liveness +## 0.16.0 (TBD) + +BREAKING CHANGES: +- rpc: `/unsafe_dial_seeds` renamed to `/unsafe_dial_manual_peers` +- [p2p] old `seeds` is now `manual_peers` (persistent peers to which TM will always connect to) +- [p2p] now `seeds` only used for getting addresses (if addrbook is empty; not persistent) + ## 0.15.0 (December 29, 2017) BREAKING CHANGES: From e4897b7bdd033067d7d0fbbbd25c3f917d35d25a Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 9 Jan 2018 16:18:05 -0600 Subject: [PATCH 046/188] rename manual peers to persistent peers --- CHANGELOG.md | 4 ++-- benchmarks/blockchain/localsync.sh | 2 +- cmd/tendermint/commands/run_node.go | 2 +- config/config.go | 6 +++--- config/toml.go | 4 ++-- docs/deploy-testnets.rst | 4 ++-- docs/specification/configuration.rst | 2 +- docs/specification/rpc.rst | 2 +- docs/using-tendermint.rst | 10 +++++----- node/node.go | 6 +++--- p2p/pex_reactor.go | 2 +- p2p/switch.go | 2 +- rpc/client/localclient.go | 4 ++-- rpc/client/mock/client.go | 4 ++-- rpc/core/doc.go | 2 +- rpc/core/net.go | 14 +++++++------- rpc/core/routes.go | 2 +- rpc/core/types/responses.go | 2 +- test/p2p/README.md | 2 +- test/p2p/fast_sync/test_peer.sh | 6 +++--- test/p2p/local_testnet_start.sh | 10 +++++----- test/p2p/manual_peers.sh | 6 +++--- test/p2p/pex/dial_manual_peers.sh | 16 ++++++++-------- test/p2p/pex/test.sh | 4 ++-- test/p2p/pex/test_addrbook.sh | 8 ++++---- test/p2p/pex/test_dial_manual_peers.sh | 14 +++++++------- test/p2p/test.sh | 4 ++-- 27 files changed, 72 insertions(+), 72 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1ceddd2ef..b935a3816 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,8 +28,8 @@ BUG FIXES: ## 0.16.0 (TBD) BREAKING CHANGES: -- rpc: `/unsafe_dial_seeds` renamed to `/unsafe_dial_manual_peers` -- [p2p] old `seeds` is now `manual_peers` (persistent peers to which TM will always connect to) +- rpc: `/unsafe_dial_seeds` renamed to `/unsafe_dial_persistent_peers` +- [p2p] old `seeds` is now `persistent_peers` (persistent peers to which TM will always connect to) - [p2p] now `seeds` only used for getting addresses (if addrbook is empty; not persistent) ## 0.15.0 (December 29, 2017) diff --git a/benchmarks/blockchain/localsync.sh b/benchmarks/blockchain/localsync.sh index 18afaee82..389464b6c 100755 --- a/benchmarks/blockchain/localsync.sh +++ b/benchmarks/blockchain/localsync.sh @@ -51,7 +51,7 @@ tendermint node \ --proxy_app dummy \ --p2p.laddr tcp://127.0.0.1:56666 \ --rpc.laddr tcp://127.0.0.1:56667 \ - --p2p.manual_peers 127.0.0.1:56656 \ + --p2p.persistent_peers 127.0.0.1:56656 \ --log_level error & # wait for node to start up so we only count time where we are actually syncing diff --git a/cmd/tendermint/commands/run_node.go b/cmd/tendermint/commands/run_node.go index 5b87a4b82..0eb7a4259 100644 --- a/cmd/tendermint/commands/run_node.go +++ b/cmd/tendermint/commands/run_node.go @@ -29,7 +29,7 @@ func AddNodeFlags(cmd *cobra.Command) { // p2p flags cmd.Flags().String("p2p.laddr", config.P2P.ListenAddress, "Node listen address. (0.0.0.0:0 means any interface, any port)") cmd.Flags().String("p2p.seeds", config.P2P.Seeds, "Comma delimited host:port seed nodes") - cmd.Flags().String("p2p.manual_peers", config.P2P.ManualPeers, "Comma delimited host:port manual peers") + cmd.Flags().String("p2p.persistent_peers", config.P2P.PersistentPeers, "Comma delimited host:port persistent peers") cmd.Flags().Bool("p2p.skip_upnp", config.P2P.SkipUPNP, "Skip UPNP configuration") cmd.Flags().Bool("p2p.pex", config.P2P.PexReactor, "Enable/disable Peer-Exchange") diff --git a/config/config.go b/config/config.go index 2d38ed916..04a37c68c 100644 --- a/config/config.go +++ b/config/config.go @@ -170,7 +170,7 @@ type RPCConfig struct { // NOTE: This server only supports /broadcast_tx_commit GRPCListenAddress string `mapstructure:"grpc_laddr"` - // Activate unsafe RPC commands like /dial_manual_peers and /unsafe_flush_mempool + // Activate unsafe RPC commands like /dial_persistent_peers and /unsafe_flush_mempool Unsafe bool `mapstructure:"unsafe"` } @@ -206,9 +206,9 @@ type P2PConfig struct { // We only use these if we can’t connect to peers in the addrbook Seeds string `mapstructure:"seeds"` - // Comma separated list of manual peers to connect to + // Comma separated list of persistent peers to connect to // We always connect to these - ManualPeers string `mapstructure:"manual_peers"` + PersistentPeers string `mapstructure:"persistent_peers"` // Skip UPNP port forwarding SkipUPNP bool `mapstructure:"skip_upnp"` diff --git a/config/toml.go b/config/toml.go index 59fc46dcf..e644445f0 100644 --- a/config/toml.go +++ b/config/toml.go @@ -42,7 +42,7 @@ laddr = "tcp://0.0.0.0:46657" [p2p] laddr = "tcp://0.0.0.0:46656" seeds = "" -manual_peers = "" +persistent_peers = "" ` func defaultConfig(moniker string) string { @@ -107,7 +107,7 @@ laddr = "tcp://0.0.0.0:36657" [p2p] laddr = "tcp://0.0.0.0:36656" seeds = "" -manual_peers = "" +persistent_peers = "" ` func testConfig(moniker string) (testConfig string) { diff --git a/docs/deploy-testnets.rst b/docs/deploy-testnets.rst index 8c66c4b34..33c214570 100644 --- a/docs/deploy-testnets.rst +++ b/docs/deploy-testnets.rst @@ -24,13 +24,13 @@ Here are the steps to setting up a testnet manually: ``tendermint gen_validator`` 4) Compile a list of public keys for each validator into a ``genesis.json`` file. -5) Run ``tendermint node --p2p.manual_peers=< peer addresses >`` on each node, +5) Run ``tendermint node --p2p.persistent_peers=< peer addresses >`` on each node, where ``< peer addresses >`` is a comma separated list of the IP:PORT combination for each node. The default port for Tendermint is ``46656``. Thus, if the IP addresses of your nodes were ``192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4``, the command would look like: - ``tendermint node --p2p.manual_peers=192.168.0.1:46656,192.168.0.2:46656,192.168.0.3:46656,192.168.0.4:46656``. + ``tendermint node --p2p.persistent_peers=192.168.0.1:46656,192.168.0.2:46656,192.168.0.3:46656,192.168.0.4:46656``. After a few seconds, all the nodes should connect to eachother and start making blocks! For more information, see the Tendermint Networks section diff --git a/docs/specification/configuration.rst b/docs/specification/configuration.rst index 3271cd59d..46e4059e3 100644 --- a/docs/specification/configuration.rst +++ b/docs/specification/configuration.rst @@ -49,7 +49,7 @@ The main config parameters are defined - ``p2p.pex``: Enable Peer-Exchange (dev feature). *Default*: ``false`` - ``p2p.seeds``: Comma delimited host:port seed nodes. *Default*: ``""`` -- ``p2p.manual_peers``: Comma delimited host:port manual peers. *Default*: +- ``p2p.persistent_peers``: Comma delimited host:port persistent peers. *Default*: ``""`` - ``p2p.skip_upnp``: Skip UPNP detection. *Default*: ``false`` diff --git a/docs/specification/rpc.rst b/docs/specification/rpc.rst index f637c1717..daafce111 100644 --- a/docs/specification/rpc.rst +++ b/docs/specification/rpc.rst @@ -111,7 +111,7 @@ An HTTP Get request to the root RPC endpoint (e.g. http://localhost:46657/broadcast_tx_commit?tx=_ http://localhost:46657/broadcast_tx_sync?tx=_ http://localhost:46657/commit?height=_ - http://localhost:46657/dial_manual_peers?manual_peers=_ + http://localhost:46657/dial_persistent_peers?persistent_peers=_ http://localhost:46657/subscribe?event=_ http://localhost:46657/tx?hash=_&prove=_ http://localhost:46657/unsafe_start_cpu_profiler?filename=_ diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index 2ec5624ec..2a04ac543 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -270,14 +270,14 @@ For instance, :: - tendermint node --p2p.manual_peers "1.2.3.4:46656,5.6.7.8:46656" + tendermint node --p2p.persistent_peers "1.2.3.4:46656,5.6.7.8:46656" -Alternatively, you can use the ``/dial_manual_peers`` endpoint of the RPC to +Alternatively, you can use the ``/dial_persistent_peers`` endpoint of the RPC to specify peers for a running node to connect to: :: - curl --data-urlencode "manual_peers=[\"1.2.3.4:46656\",\"5.6.7.8:46656\"]" localhost:46657/dial_manual_peers + curl --data-urlencode "persistent_peers=[\"1.2.3.4:46656\",\"5.6.7.8:46656\"]" localhost:46657/dial_persistent_peers Additionally, the peer-exchange protocol can be enabled using the ``--pex`` flag, though this feature is `still under @@ -290,7 +290,7 @@ Adding a Non-Validator Adding a non-validator is simple. Just copy the original ``genesis.json`` to ``~/.tendermint`` on the new machine and start the -node, specifying manual_peers as necessary. If no manual_peers are specified, the node +node, specifying persistent_peers as necessary. If no persistent_peers are specified, the node won't make any blocks, because it's not a validator, and it won't hear about any blocks, because it's not connected to the other peer. @@ -363,7 +363,7 @@ and the new ``priv_validator.json`` to the ``~/.tendermint`` on a new machine. Now run ``tendermint node`` on both machines, and use either -``--p2p.manual_peers`` or the ``/dial_manual_peers`` to get them to peer up. They +``--p2p.persistent_peers`` or the ``/dial_persistent_peers`` to get them to peer up. They should start making blocks, and will only continue to do so as long as both of them are online. diff --git a/node/node.go b/node/node.go index 1970bb88e..a4ea193b8 100644 --- a/node/node.go +++ b/node/node.go @@ -380,9 +380,9 @@ func (n *Node) OnStart() error { return err } - // Always connect to manual peers - if n.config.P2P.ManualPeers != "" { - err = n.sw.DialPeersAsync(n.addrBook, strings.Split(n.config.P2P.ManualPeers, ","), true) + // Always connect to persistent peers + if n.config.P2P.PersistentPeers != "" { + err = n.sw.DialPeersAsync(n.addrBook, strings.Split(n.config.P2P.PersistentPeers, ","), true) if err != nil { return err } diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index d4a8cbf18..64e7dafb9 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -100,7 +100,7 @@ func (r *PEXReactor) GetChannels() []*ChannelDescriptor { func (r *PEXReactor) AddPeer(p Peer) { if p.IsOutbound() { // For outbound peers, the address is already in the books. - // Either it was added in DialManualPeers or when we + // Either it was added in DialPersistentPeers or when we // received the peer's address in r.Receive if r.book.NeedMoreAddrs() { r.RequestPEX(p) diff --git a/p2p/switch.go b/p2p/switch.go index 4deee63d4..1b449d7e0 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -323,7 +323,7 @@ func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent } if addrBook != nil { - // add manual peers to `addrBook` + // add persistent peers to `addrBook` ourAddrS := sw.nodeInfo.ListenAddr ourAddr, _ := NewNetAddressString(ourAddrS) for _, netAddr := range netAddrs { diff --git a/rpc/client/localclient.go b/rpc/client/localclient.go index d30f7543c..af91ac791 100644 --- a/rpc/client/localclient.go +++ b/rpc/client/localclient.go @@ -84,8 +84,8 @@ func (Local) DumpConsensusState() (*ctypes.ResultDumpConsensusState, error) { return core.DumpConsensusState() } -func (Local) DialManualPeers(manual_peers []string) (*ctypes.ResultDialManualPeers, error) { - return core.UnsafeDialManualPeers(manual_peers) +func (Local) DialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { + return core.UnsafeDialPersistentPeers(persistent_peers) } func (Local) BlockchainInfo(minHeight, maxHeight int64) (*ctypes.ResultBlockchainInfo, error) { diff --git a/rpc/client/mock/client.go b/rpc/client/mock/client.go index 84f6aa2d7..469e80a67 100644 --- a/rpc/client/mock/client.go +++ b/rpc/client/mock/client.go @@ -107,8 +107,8 @@ func (c Client) NetInfo() (*ctypes.ResultNetInfo, error) { return core.NetInfo() } -func (c Client) DialManualPeers(manual_peers []string) (*ctypes.ResultDialManualPeers, error) { - return core.UnsafeDialManualPeers(manual_peers) +func (c Client) DialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { + return core.UnsafeDialPersistentPeers(persistent_peers) } func (c Client) BlockchainInfo(minHeight, maxHeight int64) (*ctypes.ResultBlockchainInfo, error) { diff --git a/rpc/core/doc.go b/rpc/core/doc.go index 1a59459dd..030e5d617 100644 --- a/rpc/core/doc.go +++ b/rpc/core/doc.go @@ -94,7 +94,7 @@ Endpoints that require arguments: /broadcast_tx_commit?tx=_ /broadcast_tx_sync?tx=_ /commit?height=_ -/dial_manual_peers?manual_peers=_ +/dial_persistent_peers?persistent_peers=_ /subscribe?event=_ /tx?hash=_&prove=_ /unsafe_start_cpu_profiler?filename=_ diff --git a/rpc/core/net.go b/rpc/core/net.go index 845cda646..c79c55deb 100644 --- a/rpc/core/net.go +++ b/rpc/core/net.go @@ -54,18 +54,18 @@ func NetInfo() (*ctypes.ResultNetInfo, error) { }, nil } -func UnsafeDialManualPeers(manual_peers []string) (*ctypes.ResultDialManualPeers, error) { +func UnsafeDialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { - if len(manual_peers) == 0 { - return &ctypes.ResultDialManualPeers{}, fmt.Errorf("No manual peers provided") + if len(persistent_peers) == 0 { + return &ctypes.ResultDialPersistentPeers{}, fmt.Errorf("No persistent peers provided") } // starts go routines to dial each peer after random delays - logger.Info("DialManualPeers", "addrBook", addrBook, "manual_peers", manual_peers) - err := p2pSwitch.DialPeersAsync(addrBook, manual_peers, true) + logger.Info("DialPersistentPeers", "addrBook", addrBook, "persistent_peers", persistent_peers) + err := p2pSwitch.DialPeersAsync(addrBook, persistent_peers, true) if err != nil { - return &ctypes.ResultDialManualPeers{}, err + return &ctypes.ResultDialPersistentPeers{}, err } - return &ctypes.ResultDialManualPeers{"Dialing manual peers in progress. See /net_info for details"}, nil + return &ctypes.ResultDialPersistentPeers{"Dialing persistent peers in progress. See /net_info for details"}, nil } // Get genesis file. diff --git a/rpc/core/routes.go b/rpc/core/routes.go index 84d405ac6..0bf7af623 100644 --- a/rpc/core/routes.go +++ b/rpc/core/routes.go @@ -38,7 +38,7 @@ var Routes = map[string]*rpc.RPCFunc{ func AddUnsafeRoutes() { // control API - Routes["dial_manual_peers"] = rpc.NewRPCFunc(UnsafeDialManualPeers, "manual_peers") + Routes["dial_persistent_peers"] = rpc.NewRPCFunc(UnsafeDialPersistentPeers, "persistent_peers") Routes["unsafe_flush_mempool"] = rpc.NewRPCFunc(UnsafeFlushMempool, "") // profiler API diff --git a/rpc/core/types/responses.go b/rpc/core/types/responses.go index 4d8e79469..59c2aeea9 100644 --- a/rpc/core/types/responses.go +++ b/rpc/core/types/responses.go @@ -82,7 +82,7 @@ type ResultNetInfo struct { Peers []Peer `json:"peers"` } -type ResultDialManualPeers struct { +type ResultDialPersistentPeers struct { Log string `json:"log"` } diff --git a/test/p2p/README.md b/test/p2p/README.md index 692b730b2..b68f7a819 100644 --- a/test/p2p/README.md +++ b/test/p2p/README.md @@ -38,7 +38,7 @@ for i in $(seq 1 4); do --name local_testnet_$i \ --entrypoint tendermint \ -e TMHOME=/go/src/github.com/tendermint/tendermint/test/p2p/data/mach$i/core \ - tendermint_tester node --p2p.manual_peers 172.57.0.101:46656,172.57.0.102:46656,172.57.0.103:46656,172.57.0.104:46656 --proxy_app=dummy + tendermint_tester node --p2p.persistent_peers 172.57.0.101:46656,172.57.0.102:46656,172.57.0.103:46656,172.57.0.104:46656 --proxy_app=dummy done ``` diff --git a/test/p2p/fast_sync/test_peer.sh b/test/p2p/fast_sync/test_peer.sh index ab5d517d9..1f341bf5d 100644 --- a/test/p2p/fast_sync/test_peer.sh +++ b/test/p2p/fast_sync/test_peer.sh @@ -23,11 +23,11 @@ docker rm -vf local_testnet_$ID set -e # restart peer - should have an empty blockchain -MANUAL_PEERS="$(test/p2p/ip.sh 1):46656" +PERSISTENT_PEERS="$(test/p2p/ip.sh 1):46656" for j in `seq 2 $N`; do - MANUAL_PEERS="$MANUAL_PEERS,$(test/p2p/ip.sh $j):46656" + PERSISTENT_PEERS="$PERSISTENT_PEERS,$(test/p2p/ip.sh $j):46656" done -bash test/p2p/peer.sh $DOCKER_IMAGE $NETWORK_NAME $ID $PROXY_APP "--p2p.manual_peers $MANUAL_PEERS --p2p.pex --rpc.unsafe" +bash test/p2p/peer.sh $DOCKER_IMAGE $NETWORK_NAME $ID $PROXY_APP "--p2p.persistent_peers $PERSISTENT_PEERS --p2p.pex --rpc.unsafe" # wait for peer to sync and check the app hash bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME fs_$ID "test/p2p/fast_sync/check_peer.sh $ID" diff --git a/test/p2p/local_testnet_start.sh b/test/p2p/local_testnet_start.sh index c808c613d..25b3c6d3e 100644 --- a/test/p2p/local_testnet_start.sh +++ b/test/p2p/local_testnet_start.sh @@ -7,10 +7,10 @@ N=$3 APP_PROXY=$4 set +u -MANUAL_PEERS=$5 -if [[ "$MANUAL_PEERS" != "" ]]; then - echo "ManualPeers: $MANUAL_PEERS" - MANUAL_PEERS="--p2p.manual_peers $MANUAL_PEERS" +PERSISTENT_PEERS=$5 +if [[ "$PERSISTENT_PEERS" != "" ]]; then + echo "PersistentPeers: $PERSISTENT_PEERS" + PERSISTENT_PEERS="--p2p.persistent_peers $PERSISTENT_PEERS" fi set -u @@ -20,5 +20,5 @@ cd "$GOPATH/src/github.com/tendermint/tendermint" docker network create --driver bridge --subnet 172.57.0.0/16 "$NETWORK_NAME" for i in $(seq 1 "$N"); do - bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$i" "$APP_PROXY" "$MANUAL_PEERS --p2p.pex --rpc.unsafe" + bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$i" "$APP_PROXY" "$PERSISTENT_PEERS --p2p.pex --rpc.unsafe" done diff --git a/test/p2p/manual_peers.sh b/test/p2p/manual_peers.sh index 90051b15b..4ad55bc03 100644 --- a/test/p2p/manual_peers.sh +++ b/test/p2p/manual_peers.sh @@ -5,8 +5,8 @@ N=$1 cd "$GOPATH/src/github.com/tendermint/tendermint" -manual_peers="$(test/p2p/ip.sh 1):46656" +persistent_peers="$(test/p2p/ip.sh 1):46656" for i in $(seq 2 $N); do - manual_peers="$manual_peers,$(test/p2p/ip.sh $i):46656" + persistent_peers="$persistent_peers,$(test/p2p/ip.sh $i):46656" done -echo "$manual_peers" +echo "$persistent_peers" diff --git a/test/p2p/pex/dial_manual_peers.sh b/test/p2p/pex/dial_manual_peers.sh index 4ee79b869..95c1d6e9c 100644 --- a/test/p2p/pex/dial_manual_peers.sh +++ b/test/p2p/pex/dial_manual_peers.sh @@ -1,4 +1,4 @@ -#! /bin/bash +#! /bin/bash set -u N=$1 @@ -11,7 +11,7 @@ for i in `seq 1 $N`; do curl -s $addr/status > /dev/null ERR=$? while [ "$ERR" != 0 ]; do - sleep 1 + sleep 1 curl -s $addr/status > /dev/null ERR=$? done @@ -19,13 +19,13 @@ for i in `seq 1 $N`; do done set -e -# manual_peers need quotes -manual_peers="\"$(test/p2p/ip.sh 1):46656\"" +# persistent_peers need quotes +persistent_peers="\"$(test/p2p/ip.sh 1):46656\"" for i in `seq 2 $N`; do - manual_peers="$manual_peers,\"$(test/p2p/ip.sh $i):46656\"" + persistent_peers="$persistent_peers,\"$(test/p2p/ip.sh $i):46656\"" done -echo $manual_peers +echo $persistent_peers -echo $manual_peers +echo $persistent_peers IP=$(test/p2p/ip.sh 1) -curl --data-urlencode "manual_peers=[$manual_peers]" "$IP:46657/dial_manual_peers" +curl --data-urlencode "persistent_peers=[$persistent_peers]" "$IP:46657/dial_persistent_peers" diff --git a/test/p2p/pex/test.sh b/test/p2p/pex/test.sh index 2c42781dd..7cf6151d5 100644 --- a/test/p2p/pex/test.sh +++ b/test/p2p/pex/test.sh @@ -11,5 +11,5 @@ cd $GOPATH/src/github.com/tendermint/tendermint echo "Test reconnecting from the address book" bash test/p2p/pex/test_addrbook.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP -echo "Test connecting via /dial_manual_peers" -bash test/p2p/pex/test_dial_manual_peers.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP +echo "Test connecting via /dial_persistent_peers" +bash test/p2p/pex/test_dial_persistent_peers.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP diff --git a/test/p2p/pex/test_addrbook.sh b/test/p2p/pex/test_addrbook.sh index b215606d6..1dd26b172 100644 --- a/test/p2p/pex/test_addrbook.sh +++ b/test/p2p/pex/test_addrbook.sh @@ -9,7 +9,7 @@ PROXY_APP=$4 ID=1 echo "----------------------------------------------------------------------" -echo "Testing pex creates the addrbook and uses it if manual_peers are not provided" +echo "Testing pex creates the addrbook and uses it if persistent_peers are not provided" echo "(assuming peers are started with pex enabled)" CLIENT_NAME="pex_addrbook_$ID" @@ -22,7 +22,7 @@ set +e #CIRCLE docker rm -vf "local_testnet_$ID" set -e -# NOTE that we do not provide manual_peers +# NOTE that we do not provide persistent_peers bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$ID" "$PROXY_APP" "--p2p.pex --rpc.unsafe" docker cp "/tmp/addrbook.json" "local_testnet_$ID:/go/src/github.com/tendermint/tendermint/test/p2p/data/mach1/core/addrbook.json" echo "with the following addrbook:" @@ -35,7 +35,7 @@ echo "" bash test/p2p/client.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$CLIENT_NAME" "test/p2p/pex/check_peer.sh $ID $N" echo "----------------------------------------------------------------------" -echo "Testing other peers connect to us if we have neither manual_peers nor the addrbook" +echo "Testing other peers connect to us if we have neither persistent_peers nor the addrbook" echo "(assuming peers are started with pex enabled)" CLIENT_NAME="pex_no_addrbook_$ID" @@ -46,7 +46,7 @@ set +e #CIRCLE docker rm -vf "local_testnet_$ID" set -e -# NOTE that we do not provide manual_peers +# NOTE that we do not provide persistent_peers bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$ID" "$PROXY_APP" "--p2p.pex --rpc.unsafe" # if the client runs forever, it means other peers have removed us from their books (which should not happen) diff --git a/test/p2p/pex/test_dial_manual_peers.sh b/test/p2p/pex/test_dial_manual_peers.sh index ba3e1c4d0..7dda62b13 100644 --- a/test/p2p/pex/test_dial_manual_peers.sh +++ b/test/p2p/pex/test_dial_manual_peers.sh @@ -11,7 +11,7 @@ ID=1 cd $GOPATH/src/github.com/tendermint/tendermint echo "----------------------------------------------------------------------" -echo "Testing full network connection using one /dial_manual_peers call" +echo "Testing full network connection using one /dial_persistent_peers call" echo "(assuming peers are started with pex enabled)" # stop the existing testnet and remove local network @@ -21,16 +21,16 @@ set -e # start the testnet on a local network # NOTE we re-use the same network for all tests -MANUAL_PEERS="" -bash test/p2p/local_testnet_start.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP $MANUAL_PEERS +PERSISTENT_PEERS="" +bash test/p2p/local_testnet_start.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP $PERSISTENT_PEERS -# dial manual_peers from one node -CLIENT_NAME="dial_manual_peers" -bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/pex/dial_manual_peers.sh $N" +# dial persistent_peers from one node +CLIENT_NAME="dial_persistent_peers" +bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/pex/dial_persistent_peers.sh $N" # test basic connectivity and consensus # start client container and check the num peers and height for all nodes -CLIENT_NAME="dial_manual_peers_basic" +CLIENT_NAME="dial_persistent_peers_basic" bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/basic/test.sh $N" diff --git a/test/p2p/test.sh b/test/p2p/test.sh index f348efe4a..c95f69733 100644 --- a/test/p2p/test.sh +++ b/test/p2p/test.sh @@ -13,11 +13,11 @@ set +e bash test/p2p/local_testnet_stop.sh "$NETWORK_NAME" "$N" set -e -MANUAL_PEERS=$(bash test/p2p/manual_peers.sh $N) +PERSISTENT_PEERS=$(bash test/p2p/persistent_peers.sh $N) # start the testnet on a local network # NOTE we re-use the same network for all tests -bash test/p2p/local_testnet_start.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" "$MANUAL_PEERS" +bash test/p2p/local_testnet_start.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" "$PERSISTENT_PEERS" # test basic connectivity and consensus # start client container and check the num peers and height for all nodes From 1b455883d2a5acfd0705c2dddf5c31eff2b7a01b Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 9 Jan 2018 16:36:15 -0600 Subject: [PATCH 047/188] readd /dial_seeds --- CHANGELOG.md | 4 +++- docs/specification/rpc.rst | 1 + rpc/client/localclient.go | 4 ++++ rpc/client/mock/client.go | 4 ++++ rpc/core/doc.go | 1 + rpc/core/net.go | 19 +++++++++++++++---- rpc/core/routes.go | 1 + rpc/core/types/responses.go | 4 ++++ ...nual_peers.sh => dial_persistent_peers.sh} | 0 test/p2p/pex/test.sh | 6 +++--- ...peers.sh => test_dial_persistent_peers.sh} | 0 11 files changed, 36 insertions(+), 8 deletions(-) rename test/p2p/pex/{dial_manual_peers.sh => dial_persistent_peers.sh} (100%) rename test/p2p/pex/{test_dial_manual_peers.sh => test_dial_persistent_peers.sh} (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index b935a3816..fdf3aea50 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,10 +28,12 @@ BUG FIXES: ## 0.16.0 (TBD) BREAKING CHANGES: -- rpc: `/unsafe_dial_seeds` renamed to `/unsafe_dial_persistent_peers` - [p2p] old `seeds` is now `persistent_peers` (persistent peers to which TM will always connect to) - [p2p] now `seeds` only used for getting addresses (if addrbook is empty; not persistent) +FEATURES: +- [p2p] added new `/dial_persistent_peers` **unsafe** endpoint + ## 0.15.0 (December 29, 2017) BREAKING CHANGES: diff --git a/docs/specification/rpc.rst b/docs/specification/rpc.rst index daafce111..e273ce84a 100644 --- a/docs/specification/rpc.rst +++ b/docs/specification/rpc.rst @@ -111,6 +111,7 @@ An HTTP Get request to the root RPC endpoint (e.g. http://localhost:46657/broadcast_tx_commit?tx=_ http://localhost:46657/broadcast_tx_sync?tx=_ http://localhost:46657/commit?height=_ + http://localhost:46657/dial_seeds?seeds=_ http://localhost:46657/dial_persistent_peers?persistent_peers=_ http://localhost:46657/subscribe?event=_ http://localhost:46657/tx?hash=_&prove=_ diff --git a/rpc/client/localclient.go b/rpc/client/localclient.go index af91ac791..cc23b9449 100644 --- a/rpc/client/localclient.go +++ b/rpc/client/localclient.go @@ -84,6 +84,10 @@ func (Local) DumpConsensusState() (*ctypes.ResultDumpConsensusState, error) { return core.DumpConsensusState() } +func (Local) DialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { + return core.UnsafeDialSeeds(seeds) +} + func (Local) DialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { return core.UnsafeDialPersistentPeers(persistent_peers) } diff --git a/rpc/client/mock/client.go b/rpc/client/mock/client.go index 469e80a67..913812d6d 100644 --- a/rpc/client/mock/client.go +++ b/rpc/client/mock/client.go @@ -107,6 +107,10 @@ func (c Client) NetInfo() (*ctypes.ResultNetInfo, error) { return core.NetInfo() } +func (c Client) DialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { + return core.UnsafeDialSeeds(seeds) +} + func (c Client) DialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { return core.UnsafeDialPersistentPeers(persistent_peers) } diff --git a/rpc/core/doc.go b/rpc/core/doc.go index 030e5d617..a801cd0d2 100644 --- a/rpc/core/doc.go +++ b/rpc/core/doc.go @@ -94,6 +94,7 @@ Endpoints that require arguments: /broadcast_tx_commit?tx=_ /broadcast_tx_sync?tx=_ /commit?height=_ +/dial_seeds?seeds=_ /dial_persistent_peers?persistent_peers=_ /subscribe?event=_ /tx?hash=_&prove=_ diff --git a/rpc/core/net.go b/rpc/core/net.go index c79c55deb..b528e1e35 100644 --- a/rpc/core/net.go +++ b/rpc/core/net.go @@ -1,8 +1,7 @@ package core import ( - "fmt" - + "github.com/pkg/errors" ctypes "github.com/tendermint/tendermint/rpc/core/types" ) @@ -54,10 +53,22 @@ func NetInfo() (*ctypes.ResultNetInfo, error) { }, nil } -func UnsafeDialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { +func UnsafeDialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { + if len(seeds) == 0 { + return &ctypes.ResultDialSeeds{}, errors.New("No seeds provided") + } + // starts go routines to dial each peer after random delays + logger.Info("DialSeeds", "addrBook", addrBook, "seeds", seeds) + err := p2pSwitch.DialPeersAsync(addrBook, seeds, false) + if err != nil { + return &ctypes.ResultDialSeeds{}, err + } + return &ctypes.ResultDialSeeds{"Dialing seeds in progress. See /net_info for details"}, nil +} +func UnsafeDialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { if len(persistent_peers) == 0 { - return &ctypes.ResultDialPersistentPeers{}, fmt.Errorf("No persistent peers provided") + return &ctypes.ResultDialPersistentPeers{}, errors.New("No persistent peers provided") } // starts go routines to dial each peer after random delays logger.Info("DialPersistentPeers", "addrBook", addrBook, "persistent_peers", persistent_peers) diff --git a/rpc/core/routes.go b/rpc/core/routes.go index 0bf7af623..d00165e6a 100644 --- a/rpc/core/routes.go +++ b/rpc/core/routes.go @@ -38,6 +38,7 @@ var Routes = map[string]*rpc.RPCFunc{ func AddUnsafeRoutes() { // control API + Routes["dial_seeds"] = rpc.NewRPCFunc(UnsafeDialSeeds, "seeds") Routes["dial_persistent_peers"] = rpc.NewRPCFunc(UnsafeDialPersistentPeers, "persistent_peers") Routes["unsafe_flush_mempool"] = rpc.NewRPCFunc(UnsafeFlushMempool, "") diff --git a/rpc/core/types/responses.go b/rpc/core/types/responses.go index 59c2aeea9..c26defb76 100644 --- a/rpc/core/types/responses.go +++ b/rpc/core/types/responses.go @@ -82,6 +82,10 @@ type ResultNetInfo struct { Peers []Peer `json:"peers"` } +type ResultDialSeeds struct { + Log string `json:"log"` +} + type ResultDialPersistentPeers struct { Log string `json:"log"` } diff --git a/test/p2p/pex/dial_manual_peers.sh b/test/p2p/pex/dial_persistent_peers.sh similarity index 100% rename from test/p2p/pex/dial_manual_peers.sh rename to test/p2p/pex/dial_persistent_peers.sh diff --git a/test/p2p/pex/test.sh b/test/p2p/pex/test.sh index 7cf6151d5..06d40c3ed 100644 --- a/test/p2p/pex/test.sh +++ b/test/p2p/pex/test.sh @@ -6,10 +6,10 @@ NETWORK_NAME=$2 N=$3 PROXY_APP=$4 -cd $GOPATH/src/github.com/tendermint/tendermint +cd "$GOPATH/src/github.com/tendermint/tendermint" echo "Test reconnecting from the address book" -bash test/p2p/pex/test_addrbook.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP +bash test/p2p/pex/test_addrbook.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" echo "Test connecting via /dial_persistent_peers" -bash test/p2p/pex/test_dial_persistent_peers.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP +bash test/p2p/pex/test_dial_persistent_peers.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" diff --git a/test/p2p/pex/test_dial_manual_peers.sh b/test/p2p/pex/test_dial_persistent_peers.sh similarity index 100% rename from test/p2p/pex/test_dial_manual_peers.sh rename to test/p2p/pex/test_dial_persistent_peers.sh From ef0493ddf3744249a47f20ab49f27fa974b3cf84 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 9 Jan 2018 17:41:49 -0600 Subject: [PATCH 048/188] rewrite Peers section of Using Tendermint guide [ci skip] --- docs/using-tendermint.rst | 45 ++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index 2a04ac543..20c5fa06d 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -129,7 +129,7 @@ No Empty Blocks This much requested feature was implemented in version 0.10.3. While the default behaviour of ``tendermint`` is still to create blocks approximately once per second, it is possible to disable empty blocks or set a block creation interval. In the former case, blocks will be created when there are new transactions or when the AppHash changes. -To configure tendermint to not produce empty blocks unless there are txs or the app hash changes, +To configure tendermint to not produce empty blocks unless there are txs or the app hash changes, run tendermint with this additional flag: :: @@ -263,36 +263,47 @@ with the consensus protocol. Peers ~~~~~ -To connect to peers on start-up, specify them in the ``config.toml`` or -on the command line. +If you are starting Tendermint core for the first time, it will need some peers. + +You can provide a list of seeds (nodes, whole purpose is providing you with +peers) in the ``config.toml`` or on the command line. For instance, :: - tendermint node --p2p.persistent_peers "1.2.3.4:46656,5.6.7.8:46656" + tendermint node --p2p.seeds "1.2.3.4:46656,5.6.7.8:46656" -Alternatively, you can use the ``/dial_persistent_peers`` endpoint of the RPC to -specify peers for a running node to connect to: +Alternatively, you can use the ``/dial_seeds`` endpoint of the RPC to +specify seeds for a running node to connect to: :: - curl --data-urlencode "persistent_peers=[\"1.2.3.4:46656\",\"5.6.7.8:46656\"]" localhost:46657/dial_persistent_peers + curl --data-urlencode "seeds=[\"1.2.3.4:46656\",\"5.6.7.8:46656\"]" localhost:46657/dial_seeds -Additionally, the peer-exchange protocol can be enabled using the -``--pex`` flag, though this feature is `still under -development `__. If -``--pex`` is enabled, peers will gossip about known peers and form a -more resilient network. +Note, if the peer-exchange protocol (PEX) is enabled (default), you should not +normally need seeds after the first start. Peers will be gossipping about known +peers and forming a network, storing peer addresses in the addrbook. + +If you want Tendermint to connect to specific set of addresses and maintain a +persistent connection with each, you can use the ``--p2p.persistent_peers`` +flag or the corresponding setting in the ``config.toml`` or the +``/dial_persistent_peers`` RPC endpoint to do it without stopping Tendermint +core instance. + +:: + + tendermint node --p2p.persistent_peers "10.11.12.13:46656,10.11.12.14:46656" + curl --data-urlencode "persistent_peers=[\"10.11.12.13:46656\",\"10.11.12.14:46656\"]" localhost:46657/dial_persistent_peers Adding a Non-Validator ~~~~~~~~~~~~~~~~~~~~~~ -Adding a non-validator is simple. Just copy the original -``genesis.json`` to ``~/.tendermint`` on the new machine and start the -node, specifying persistent_peers as necessary. If no persistent_peers are specified, the node -won't make any blocks, because it's not a validator, and it won't hear -about any blocks, because it's not connected to the other peer. +Adding a non-validator is simple. Just copy the original ``genesis.json`` to +``~/.tendermint`` on the new machine and start the node, specifying seeds or +persistent peers. If no seeds or persistent peers are specified, the node won't +make any blocks, because it's not a validator, and it won't hear about any +blocks, because it's not connected to the other peers. Adding a Validator ~~~~~~~~~~~~~~~~~~ From 705d51aa423b617d293501b3888eb57367cbf16f Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 9 Jan 2018 17:09:09 -0600 Subject: [PATCH 049/188] move dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect into PEX reactor --- node/node.go | 32 ++----------------- p2p/pex_reactor.go | 19 +++++++++-- p2p/pex_reactor_test.go | 10 +++--- .../{manual_peers.sh => persistent_peers.sh} | 0 4 files changed, 24 insertions(+), 37 deletions(-) rename test/p2p/{manual_peers.sh => persistent_peers.sh} (100%) diff --git a/node/node.go b/node/node.go index a4ea193b8..cf78a8aaa 100644 --- a/node/node.go +++ b/node/node.go @@ -8,7 +8,6 @@ import ( "net" "net/http" "strings" - "time" abci "github.com/tendermint/abci/types" crypto "github.com/tendermint/go-crypto" @@ -256,7 +255,8 @@ func NewNode(config *cfg.Config, trustMetricStore = trust.NewTrustMetricStore(trustHistoryDB, trust.DefaultConfig()) trustMetricStore.SetLogger(p2pLogger) - pexReactor := p2p.NewPEXReactor(addrBook) + pexReactor := p2p.NewPEXReactor(addrBook, + &p2p.PEXReactorConfig{Seeds: strings.Split(config.P2P.Seeds, ",")}) pexReactor.SetLogger(p2pLogger) sw.AddReactor("PEX", pexReactor) } @@ -388,38 +388,10 @@ func (n *Node) OnStart() error { } } - if n.config.P2P.Seeds != "" { - err = n.dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect(strings.Split(n.config.P2P.Seeds, ",")) - if err != nil { - return err - } - } - // start tx indexer return n.indexerService.Start() } -func (n *Node) dialSeedsIfAddrBookIsEmptyOrPEXFailedToConnect(seeds []string) error { - // prefer peers from address book - if n.config.P2P.PexReactor && n.addrBook.Size() > 0 { - // give some time for PexReactor to connect us to other peers - const fallbackToSeedsAfter = 30 * time.Second - go func() { - time.Sleep(fallbackToSeedsAfter) - // fallback to dialing seeds if for some reason we can't connect to any - // peers - outbound, inbound, _ := n.sw.NumPeers() - if n.IsRunning() && outbound+inbound == 0 { - // TODO: ignore error? - n.sw.DialPeersAsync(n.addrBook, seeds, false) - } - }() - return nil - } - - return n.sw.DialPeersAsync(n.addrBook, seeds, false) -} - // OnStop stops the Node. It implements cmn.Service. func (n *Node) OnStop() { n.BaseService.OnStop() diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 64e7dafb9..9e67a6c2f 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -45,6 +45,7 @@ type PEXReactor struct { BaseReactor book *AddrBook + config *PEXReactorConfig ensurePeersPeriod time.Duration // tracks message count by peer, so we can prevent abuse @@ -52,10 +53,18 @@ type PEXReactor struct { maxMsgCountByPeer uint16 } +// PEXReactorConfig holds reactor specific configuration data. +type PEXReactorConfig struct { + // Seeds is a list of addresses reactor may use if it can't connect to peers + // in the addrbook. + Seeds []string +} + // NewPEXReactor creates new PEX reactor. -func NewPEXReactor(b *AddrBook) *PEXReactor { +func NewPEXReactor(b *AddrBook, config *PEXReactorConfig) *PEXReactor { r := &PEXReactor{ book: b, + config: config, ensurePeersPeriod: defaultEnsurePeersPeriod, msgCountByPeer: cmn.NewCMap(), maxMsgCountByPeer: defaultMaxMsgCountByPeer, @@ -238,7 +247,7 @@ func (r *PEXReactor) ensurePeersRoutine() { // placeholder. It should not be the case that an address becomes old/vetted // upon a single successful connection. func (r *PEXReactor) ensurePeers() { - numOutPeers, _, numDialing := r.Switch.NumPeers() + numOutPeers, numInPeers, numDialing := r.Switch.NumPeers() numToDial := minNumOutboundPeers - (numOutPeers + numDialing) r.Logger.Info("Ensure peers", "numOutPeers", numOutPeers, "numDialing", numDialing, "numToDial", numToDial) if numToDial <= 0 { @@ -291,6 +300,12 @@ func (r *PEXReactor) ensurePeers() { r.RequestPEX(peer) } } + + // If we can't connect to any known address, fallback to dialing seeds + if numOutPeers+numInPeers+numDialing == 0 { + r.Logger.Info("No addresses to dial nor connected peers. Will dial seeds", "seeds", r.config.Seeds) + r.Switch.DialPeersAsync(r.book, r.config.Seeds, false) + } } func (r *PEXReactor) flushMsgCountByPeer() { diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index a14f0eb2a..b37f66411 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -24,7 +24,7 @@ func TestPEXReactorBasic(t *testing.T) { book := NewAddrBook(dir+"addrbook.json", true) book.SetLogger(log.TestingLogger()) - r := NewPEXReactor(book) + r := NewPEXReactor(book, &PEXReactorConfig{}) r.SetLogger(log.TestingLogger()) assert.NotNil(r) @@ -40,7 +40,7 @@ func TestPEXReactorAddRemovePeer(t *testing.T) { book := NewAddrBook(dir+"addrbook.json", true) book.SetLogger(log.TestingLogger()) - r := NewPEXReactor(book) + r := NewPEXReactor(book, &PEXReactorConfig{}) r.SetLogger(log.TestingLogger()) size := book.Size() @@ -76,7 +76,7 @@ func TestPEXReactorRunning(t *testing.T) { switches[i] = makeSwitch(config, i, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { sw.SetLogger(log.TestingLogger().With("switch", i)) - r := NewPEXReactor(book) + r := NewPEXReactor(book, &PEXReactorConfig{}) r.SetLogger(log.TestingLogger()) r.SetEnsurePeersPeriod(250 * time.Millisecond) sw.AddReactor("pex", r) @@ -141,7 +141,7 @@ func TestPEXReactorReceive(t *testing.T) { book := NewAddrBook(dir+"addrbook.json", false) book.SetLogger(log.TestingLogger()) - r := NewPEXReactor(book) + r := NewPEXReactor(book, &PEXReactorConfig{}) r.SetLogger(log.TestingLogger()) peer := createRandomPeer(false) @@ -166,7 +166,7 @@ func TestPEXReactorAbuseFromPeer(t *testing.T) { book := NewAddrBook(dir+"addrbook.json", true) book.SetLogger(log.TestingLogger()) - r := NewPEXReactor(book) + r := NewPEXReactor(book, &PEXReactorConfig{}) r.SetLogger(log.TestingLogger()) r.SetMaxMsgCountByPeer(5) diff --git a/test/p2p/manual_peers.sh b/test/p2p/persistent_peers.sh similarity index 100% rename from test/p2p/manual_peers.sh rename to test/p2p/persistent_peers.sh From 075ae1e301c5957dd1954a769e3e09eb270852cc Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 9 Jan 2018 18:29:29 -0600 Subject: [PATCH 050/188] minimal test for dialing seeds in pex reactor --- p2p/pex_reactor.go | 13 ++++++----- p2p/pex_reactor_test.go | 49 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 55 insertions(+), 7 deletions(-) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 9e67a6c2f..ce2bba8bc 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -293,16 +293,17 @@ func (r *PEXReactor) ensurePeers() { // If we need more addresses, pick a random peer and ask for more. if r.book.NeedMoreAddrs() { - if peers := r.Switch.Peers().List(); len(peers) > 0 { - i := rand.Int() % len(peers) // nolint: gas - peer := peers[i] - r.Logger.Info("No addresses to dial. Sending pexRequest to random peer", "peer", peer) + peers := r.Switch.Peers().List() + peersCount := len(peers) + if peersCount > 0 { + peer := peers[rand.Int()%peersCount] // nolint: gas + r.Logger.Info("We need more addresses. Sending pexRequest to random peer", "peer", peer) r.RequestPEX(peer) } } - // If we can't connect to any known address, fallback to dialing seeds - if numOutPeers+numInPeers+numDialing == 0 { + // If we are not connected to nor dialing anybody, fallback to dialing seeds. + if numOutPeers+numInPeers+numDialing+len(toDial) == 0 { r.Logger.Info("No addresses to dial nor connected peers. Will dial seeds", "seeds", r.config.Seeds) r.Switch.DialPeersAsync(r.book, r.config.Seeds, false) } diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index b37f66411..fc2fe687f 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -107,6 +107,7 @@ func TestPEXReactorRunning(t *testing.T) { func assertSomePeersWithTimeout(t *testing.T, switches []*Switch, checkPeriod, timeout time.Duration) { ticker := time.NewTicker(checkPeriod) + remaining := timeout for { select { case <-ticker.C: @@ -118,16 +119,21 @@ func assertSomePeersWithTimeout(t *testing.T, switches []*Switch, checkPeriod, t allGood = false } } + remaining -= checkPeriod + if remaining < 0 { + remaining = 0 + } if allGood { return } - case <-time.After(timeout): + case <-time.After(remaining): numPeersStr := "" for i, s := range switches { outbound, inbound, _ := s.NumPeers() numPeersStr += fmt.Sprintf("%d => {outbound: %d, inbound: %d}, ", i, outbound, inbound) } t.Errorf("expected all switches to be connected to at least one peer (switches: %s)", numPeersStr) + return } } } @@ -180,6 +186,47 @@ func TestPEXReactorAbuseFromPeer(t *testing.T) { assert.True(r.ReachedMaxMsgCountForPeer(peer.NodeInfo().ListenAddr)) } +func TestPEXReactorUsesSeedsIfNeeded(t *testing.T) { + dir, err := ioutil.TempDir("", "pex_reactor") + require.Nil(t, err) + defer os.RemoveAll(dir) // nolint: errcheck + + book := NewAddrBook(dir+"addrbook.json", false) + book.SetLogger(log.TestingLogger()) + + // 1. create seed + seed := makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { + sw.SetLogger(log.TestingLogger()) + + r := NewPEXReactor(book, &PEXReactorConfig{}) + r.SetLogger(log.TestingLogger()) + r.SetEnsurePeersPeriod(250 * time.Millisecond) + sw.AddReactor("pex", r) + return sw + }) + seed.AddListener(NewDefaultListener("tcp", seed.NodeInfo().ListenAddr, true, log.TestingLogger())) + err = seed.Start() + require.Nil(t, err) + defer seed.Stop() + + // 2. create usual peer + sw := makeSwitch(config, 1, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { + sw.SetLogger(log.TestingLogger()) + + r := NewPEXReactor(book, &PEXReactorConfig{Seeds: []string{seed.NodeInfo().ListenAddr}}) + r.SetLogger(log.TestingLogger()) + r.SetEnsurePeersPeriod(250 * time.Millisecond) + sw.AddReactor("pex", r) + return sw + }) + err = sw.Start() + require.Nil(t, err) + defer sw.Stop() + + // 3. check that peer at least connects to seed + assertSomePeersWithTimeout(t, []*Switch{sw}, 10*time.Millisecond, 10*time.Second) +} + func createRoutableAddr() (addr string, netAddr *NetAddress) { for { addr = cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256) From 657ad214cb95489207246755fc65b8fc44b5f384 Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Wed, 10 Jan 2018 15:57:39 +0000 Subject: [PATCH 051/188] p2p tests: put priv_val in right place --- test/p2p/data/mach1/core/{ => config}/priv_validator.json | 0 test/p2p/data/mach2/core/{ => config}/priv_validator.json | 0 test/p2p/data/mach3/core/{ => config}/priv_validator.json | 0 test/p2p/data/mach4/core/{ => config}/priv_validator.json | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename test/p2p/data/mach1/core/{ => config}/priv_validator.json (100%) rename test/p2p/data/mach2/core/{ => config}/priv_validator.json (100%) rename test/p2p/data/mach3/core/{ => config}/priv_validator.json (100%) rename test/p2p/data/mach4/core/{ => config}/priv_validator.json (100%) diff --git a/test/p2p/data/mach1/core/priv_validator.json b/test/p2p/data/mach1/core/config/priv_validator.json similarity index 100% rename from test/p2p/data/mach1/core/priv_validator.json rename to test/p2p/data/mach1/core/config/priv_validator.json diff --git a/test/p2p/data/mach2/core/priv_validator.json b/test/p2p/data/mach2/core/config/priv_validator.json similarity index 100% rename from test/p2p/data/mach2/core/priv_validator.json rename to test/p2p/data/mach2/core/config/priv_validator.json diff --git a/test/p2p/data/mach3/core/priv_validator.json b/test/p2p/data/mach3/core/config/priv_validator.json similarity index 100% rename from test/p2p/data/mach3/core/priv_validator.json rename to test/p2p/data/mach3/core/config/priv_validator.json diff --git a/test/p2p/data/mach4/core/priv_validator.json b/test/p2p/data/mach4/core/config/priv_validator.json similarity index 100% rename from test/p2p/data/mach4/core/priv_validator.json rename to test/p2p/data/mach4/core/config/priv_validator.json From c79ba3c3494cb9b07bf30275af48b35b9b4acd8b Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 9 Jan 2018 12:18:50 -0600 Subject: [PATCH 052/188] document the maximum supported voting power due to overflow [ci skip] Refs #1075 --- docs/using-tendermint.rst | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index 9076230ea..086a2570b 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -127,10 +127,14 @@ Some fields from the config file can be overwritten with flags. No Empty Blocks --------------- -This much requested feature was implemented in version 0.10.3. While the default behaviour of ``tendermint`` is still to create blocks approximately once per second, it is possible to disable empty blocks or set a block creation interval. In the former case, blocks will be created when there are new transactions or when the AppHash changes. +This much requested feature was implemented in version 0.10.3. While the +default behaviour of ``tendermint`` is still to create blocks approximately +once per second, it is possible to disable empty blocks or set a block creation +interval. In the former case, blocks will be created when there are new +transactions or when the AppHash changes. -To configure tendermint to not produce empty blocks unless there are txs or the app hash changes, -run tendermint with this additional flag: +To configure tendermint to not produce empty blocks unless there are +transactions or the app hash changes, run tendermint with this additional flag: :: @@ -246,13 +250,17 @@ conflicting messages. Note also that the ``pub_key`` (the public key) in the ``priv_validator.json`` is also present in the ``genesis.json``. -The genesis file contains the list of public keys which may participate -in the consensus, and their corresponding voting power. Greater than 2/3 -of the voting power must be active (ie. the corresponding private keys -must be producing signatures) for the consensus to make progress. In our -case, the genesis file contains the public key of our -``priv_validator.json``, so a tendermint node started with the default -root directory will be able to make new blocks, as we've already seen. +The genesis file contains the list of public keys which may participate in the +consensus, and their corresponding voting power. Greater than 2/3 of the voting +power must be active (ie. the corresponding private keys must be producing +signatures) for the consensus to make progress. In our case, the genesis file +contains the public key of our ``priv_validator.json``, so a tendermint node +started with the default root directory will be able to make progress. Voting +power uses an `int64` but must be positive, thus the range is: 0 through +9223372036854775807. Because of how the current proposer selection algorithm works, +we do not recommend having voting powers greater than 10^12 (ie. 1 trillion) +(see `Proposals section of Byzantine Consensus Algorithm +<./specification/byzantine-consensus-algorithm.html#proposals>`__ for details). If we want to add more nodes to the network, we have two choices: we can add a new validator node, who will also participate in the consensus by From b40aa91b4101622455ef22cf1eaf31d0ef835cb6 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Fri, 12 Jan 2018 12:47:54 -0600 Subject: [PATCH 053/188] document event subscriptions Refs #1100 --- rpc/core/events.go | 75 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 69 insertions(+), 6 deletions(-) diff --git a/rpc/core/events.go b/rpc/core/events.go index 538134b0f..9353ace6a 100644 --- a/rpc/core/events.go +++ b/rpc/core/events.go @@ -13,11 +13,57 @@ import ( // Subscribe for events via WebSocket. // +// To tell which events you want, you need to provide a query. query is a +// string, which has a form: "condition AND condition ..." (no OR at the +// moment). condition has a form: "key operation operand". key is a string with +// a restricted set of possible symbols ( \t\n\r\\()"'=>< are not allowed). +// operation can be "=", "<", "<=", ">", ">=", "CONTAINS". operand can be a +// string (escaped with single quotes), number, date or time. +// +// Examples: +// tm.event = 'NewBlock' # new blocks +// tm.event = 'CompleteProposal' # node got a complete proposal +// tm.event = 'Tx' AND tx.hash = 'XYZ' # single transaction +// tm.event = 'Tx' AND tx.height = 5 # all txs of the fifth block +// tx.height = 5 # all txs of the fifth block +// +// Tendermint provides a few predefined keys: tm.event, tx.hash and tx.height. +// Note for transactions, you can define additional keys by providing tags with +// DeliverTx response. +// +// DeliverTx{ +// Tags: []*KVPair{ +// "agent.name": "K", +// } +// } +// +// tm.event = 'Tx' AND agent.name = 'K' +// tm.event = 'Tx' AND account.created_at >= TIME 2013-05-03T14:45:00Z +// tm.event = 'Tx' AND contract.sign_date = DATE 2017-01-01 +// tm.event = 'Tx' AND account.owner CONTAINS 'Igor' +// +// See list of all possible events here +// https://godoc.org/github.com/tendermint/tendermint/types#pkg-constants +// +// For complete query syntax, check out +// https://godoc.org/github.com/tendermint/tmlibs/pubsub/query. +// // ```go +// import "github.com/tendermint/tmlibs/pubsub/query" // import "github.com/tendermint/tendermint/types" // // client := client.NewHTTP("tcp://0.0.0.0:46657", "/websocket") -// result, err := client.AddListenerForEvent(types.EventStringNewBlock()) +// ctx, cancel := context.WithTimeout(context.Background(), timeout) +// defer cancel() +// query := query.MustParse("tm.event = 'Tx' AND tx.height = 3") +// txs := make(chan interface{}) +// err := client.Subscribe(ctx, "test-client", query, txs) +// +// go func() { +// for e := range txs { +// fmt.Println("got ", e.(types.TMEventData).Unwrap().(types.EventDataTx)) +// } +// }() // ``` // // > The above command returns JSON structured like this: @@ -35,7 +81,7 @@ import ( // // | Parameter | Type | Default | Required | Description | // |-----------+--------+---------+----------+-------------| -// | event | string | "" | true | Event name | +// | query | string | "" | true | Query | // // func Subscribe(wsCtx rpctypes.WSRPCContext, query string) (*ctypes.ResultSubscribe, error) { @@ -68,10 +114,8 @@ func Subscribe(wsCtx rpctypes.WSRPCContext, query string) (*ctypes.ResultSubscri // Unsubscribe from events via WebSocket. // // ```go -// import 'github.com/tendermint/tendermint/types' -// // client := client.NewHTTP("tcp://0.0.0.0:46657", "/websocket") -// result, err := client.RemoveListenerForEvent(types.EventStringNewBlock()) +// err := client.Unsubscribe("test-client", query) // ``` // // > The above command returns JSON structured like this: @@ -89,7 +133,7 @@ func Subscribe(wsCtx rpctypes.WSRPCContext, query string) (*ctypes.ResultSubscri // // | Parameter | Type | Default | Required | Description | // |-----------+--------+---------+----------+-------------| -// | event | string | "" | true | Event name | +// | query | string | "" | true | Query | // // func Unsubscribe(wsCtx rpctypes.WSRPCContext, query string) (*ctypes.ResultUnsubscribe, error) { @@ -106,6 +150,25 @@ func Unsubscribe(wsCtx rpctypes.WSRPCContext, query string) (*ctypes.ResultUnsub return &ctypes.ResultUnsubscribe{}, nil } +// Unsubscribe from all events via WebSocket. +// +// ```go +// client := client.NewHTTP("tcp://0.0.0.0:46657", "/websocket") +// err := client.UnsubscribeAll("test-client") +// ``` +// +// > The above command returns JSON structured like this: +// +// ```json +// { +// "error": "", +// "result": {}, +// "id": "", +// "jsonrpc": "2.0" +// } +// ``` +// +// func UnsubscribeAll(wsCtx rpctypes.WSRPCContext) (*ctypes.ResultUnsubscribe, error) { addr := wsCtx.GetRemoteAddr() logger.Info("Unsubscribe from all", "remote", addr) From e2b3b5b58ccec6efff6385ddd64806d71e1fb3f6 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 13 Jan 2018 14:50:32 -0500 Subject: [PATCH 054/188] dial_persistent_peers -> dial_peers with persistent option --- docs/specification/rpc.rst | 2 +- docs/using-tendermint.rst | 8 ++++---- p2p/switch.go | 2 +- rpc/client/localclient.go | 4 ++-- rpc/client/mock/client.go | 4 ++-- rpc/core/net.go | 14 +++++++------- rpc/core/routes.go | 2 +- rpc/core/types/responses.go | 2 +- 8 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/specification/rpc.rst b/docs/specification/rpc.rst index e714cb353..7df394d77 100644 --- a/docs/specification/rpc.rst +++ b/docs/specification/rpc.rst @@ -112,7 +112,7 @@ An HTTP Get request to the root RPC endpoint (e.g. http://localhost:46657/broadcast_tx_sync?tx=_ http://localhost:46657/commit?height=_ http://localhost:46657/dial_seeds?seeds=_ - http://localhost:46657/dial_persistent_peers?persistent_peers=_ + http://localhost:46657/dial_peers?peers=_&persistent=_ http://localhost:46657/subscribe?event=_ http://localhost:46657/tx?hash=_&prove=_ http://localhost:46657/unsafe_start_cpu_profiler?filename=_ diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index 1b60ea5ff..735fce654 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -287,7 +287,7 @@ specify seeds for a running node to connect to: :: - curl --data-urlencode "seeds=[\"1.2.3.4:46656\",\"5.6.7.8:46656\"]" localhost:46657/dial_seeds + curl 'localhost:46657/dial_seeds?seeds=\["1.2.3.4:46656","5.6.7.8:46656"\]' Note, if the peer-exchange protocol (PEX) is enabled (default), you should not normally need seeds after the first start. Peers will be gossipping about known @@ -296,13 +296,13 @@ peers and forming a network, storing peer addresses in the addrbook. If you want Tendermint to connect to specific set of addresses and maintain a persistent connection with each, you can use the ``--p2p.persistent_peers`` flag or the corresponding setting in the ``config.toml`` or the -``/dial_persistent_peers`` RPC endpoint to do it without stopping Tendermint +``/dial_peers`` RPC endpoint to do it without stopping Tendermint core instance. :: tendermint node --p2p.persistent_peers "10.11.12.13:46656,10.11.12.14:46656" - curl --data-urlencode "persistent_peers=[\"10.11.12.13:46656\",\"10.11.12.14:46656\"]" localhost:46657/dial_persistent_peers + curl 'localhost:46657/dial_peers?persistent=true&peers=\["1.2.3.4:46656","5.6.7.8:46656"\]' Adding a Non-Validator ~~~~~~~~~~~~~~~~~~~~~~ @@ -382,7 +382,7 @@ and the new ``priv_validator.json`` to the ``~/.tendermint/config`` on a new machine. Now run ``tendermint node`` on both machines, and use either -``--p2p.persistent_peers`` or the ``/dial_persistent_peers`` to get them to peer up. They +``--p2p.persistent_peers`` or the ``/dial_peers`` to get them to peer up. They should start making blocks, and will only continue to do so as long as both of them are online. diff --git a/p2p/switch.go b/p2p/switch.go index 1b449d7e0..95c632aa7 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -323,7 +323,7 @@ func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent } if addrBook != nil { - // add persistent peers to `addrBook` + // add peers to `addrBook` ourAddrS := sw.nodeInfo.ListenAddr ourAddr, _ := NewNetAddressString(ourAddrS) for _, netAddr := range netAddrs { diff --git a/rpc/client/localclient.go b/rpc/client/localclient.go index cc23b9449..5e0573a1b 100644 --- a/rpc/client/localclient.go +++ b/rpc/client/localclient.go @@ -88,8 +88,8 @@ func (Local) DialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { return core.UnsafeDialSeeds(seeds) } -func (Local) DialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { - return core.UnsafeDialPersistentPeers(persistent_peers) +func (Local) DialPeers(peers []string, persistent bool) (*ctypes.ResultDialPeers, error) { + return core.UnsafeDialPeers(peers, persistent) } func (Local) BlockchainInfo(minHeight, maxHeight int64) (*ctypes.ResultBlockchainInfo, error) { diff --git a/rpc/client/mock/client.go b/rpc/client/mock/client.go index 913812d6d..6c4728986 100644 --- a/rpc/client/mock/client.go +++ b/rpc/client/mock/client.go @@ -111,8 +111,8 @@ func (c Client) DialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { return core.UnsafeDialSeeds(seeds) } -func (c Client) DialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { - return core.UnsafeDialPersistentPeers(persistent_peers) +func (c Client) DialPeers(peers []string, persistent bool) (*ctypes.ResultDialPeers, error) { + return core.UnsafeDialPeers(peers, persistent) } func (c Client) BlockchainInfo(minHeight, maxHeight int64) (*ctypes.ResultBlockchainInfo, error) { diff --git a/rpc/core/net.go b/rpc/core/net.go index b528e1e35..af52c81cc 100644 --- a/rpc/core/net.go +++ b/rpc/core/net.go @@ -66,17 +66,17 @@ func UnsafeDialSeeds(seeds []string) (*ctypes.ResultDialSeeds, error) { return &ctypes.ResultDialSeeds{"Dialing seeds in progress. See /net_info for details"}, nil } -func UnsafeDialPersistentPeers(persistent_peers []string) (*ctypes.ResultDialPersistentPeers, error) { - if len(persistent_peers) == 0 { - return &ctypes.ResultDialPersistentPeers{}, errors.New("No persistent peers provided") +func UnsafeDialPeers(peers []string, persistent bool) (*ctypes.ResultDialPeers, error) { + if len(peers) == 0 { + return &ctypes.ResultDialPeers{}, errors.New("No peers provided") } // starts go routines to dial each peer after random delays - logger.Info("DialPersistentPeers", "addrBook", addrBook, "persistent_peers", persistent_peers) - err := p2pSwitch.DialPeersAsync(addrBook, persistent_peers, true) + logger.Info("DialPeers", "addrBook", addrBook, "peers", peers, "persistent", persistent) + err := p2pSwitch.DialPeersAsync(addrBook, peers, persistent) if err != nil { - return &ctypes.ResultDialPersistentPeers{}, err + return &ctypes.ResultDialPeers{}, err } - return &ctypes.ResultDialPersistentPeers{"Dialing persistent peers in progress. See /net_info for details"}, nil + return &ctypes.ResultDialPeers{"Dialing peers in progress. See /net_info for details"}, nil } // Get genesis file. diff --git a/rpc/core/routes.go b/rpc/core/routes.go index d00165e6a..3ea7aa08c 100644 --- a/rpc/core/routes.go +++ b/rpc/core/routes.go @@ -39,7 +39,7 @@ var Routes = map[string]*rpc.RPCFunc{ func AddUnsafeRoutes() { // control API Routes["dial_seeds"] = rpc.NewRPCFunc(UnsafeDialSeeds, "seeds") - Routes["dial_persistent_peers"] = rpc.NewRPCFunc(UnsafeDialPersistentPeers, "persistent_peers") + Routes["dial_peers"] = rpc.NewRPCFunc(UnsafeDialPeers, "peers,persistent") Routes["unsafe_flush_mempool"] = rpc.NewRPCFunc(UnsafeFlushMempool, "") // profiler API diff --git a/rpc/core/types/responses.go b/rpc/core/types/responses.go index c26defb76..bffdd0281 100644 --- a/rpc/core/types/responses.go +++ b/rpc/core/types/responses.go @@ -86,7 +86,7 @@ type ResultDialSeeds struct { Log string `json:"log"` } -type ResultDialPersistentPeers struct { +type ResultDialPeers struct { Log string `json:"log"` } From c1e167e330907f5639c32b4099d393ae3492f868 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 13 Jan 2018 15:11:13 -0500 Subject: [PATCH 055/188] note in trust metric test --- p2p/trust/metric_test.go | 2 ++ p2p/trust/ticker.go | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/p2p/trust/metric_test.go b/p2p/trust/metric_test.go index 00219a19e..69c9f8f2a 100644 --- a/p2p/trust/metric_test.go +++ b/p2p/trust/metric_test.go @@ -68,7 +68,9 @@ func TestTrustMetricStopPause(t *testing.T) { tt.NextTick() tm.Pause() + // could be 1 or 2 because Pause and NextTick race first := tm.Copy().numIntervals + // Allow more time to pass and check the intervals are unchanged tt.NextTick() tt.NextTick() diff --git a/p2p/trust/ticker.go b/p2p/trust/ticker.go index bce9fcc24..3f0f30919 100644 --- a/p2p/trust/ticker.go +++ b/p2p/trust/ticker.go @@ -24,7 +24,7 @@ type TestTicker struct { // NewTestTicker returns our ticker used within test routines func NewTestTicker() *TestTicker { - c := make(chan time.Time, 1) + c := make(chan time.Time) return &TestTicker{ C: c, } From 9670519a211f81474dd3a1b42a0d210e0aab54e4 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 13 Jan 2018 15:38:40 -0500 Subject: [PATCH 056/188] remove PoW from ID --- node/node.go | 8 ++----- p2p/key.go | 64 ++++++++++++++++++++----------------------------- p2p/key_test.go | 31 ++++++++++++------------ 3 files changed, 44 insertions(+), 59 deletions(-) diff --git a/node/node.go b/node/node.go index 7fecf710c..bd3bd1ca8 100644 --- a/node/node.go +++ b/node/node.go @@ -368,11 +368,8 @@ func (n *Node) OnStart() error { n.sw.AddListener(l) // Generate node PrivKey - // TODO: both the loading function and the target - // will need to be configurable - difficulty := uint8(16) // number of leading 0s in bitstring - target := p2p.MakePoWTarget(difficulty) - nodeKey, err := p2p.LoadOrGenNodeKey(n.config.NodeKeyFile(), target) + // TODO: the loading function will need to be configurable + nodeKey, err := p2p.LoadOrGenNodeKey(n.config.NodeKeyFile()) if err != nil { return err } @@ -381,7 +378,6 @@ func (n *Node) OnStart() error { // Start the switch n.sw.SetNodeInfo(n.makeNodeInfo(nodeKey.PubKey())) n.sw.SetNodeKey(nodeKey) - n.sw.SetPeerIDTarget(target) err = n.sw.Start() if err != nil { return err diff --git a/p2p/key.go b/p2p/key.go index d0031458d..6883c86e2 100644 --- a/p2p/key.go +++ b/p2p/key.go @@ -6,7 +6,6 @@ import ( "encoding/json" "fmt" "io/ioutil" - "math/big" crypto "github.com/tendermint/go-crypto" cmn "github.com/tendermint/tmlibs/common" @@ -42,37 +41,20 @@ func (nodeKey *NodeKey) SatisfiesTarget(target []byte) bool { return bytes.Compare(nodeKey.id(), target) < 0 } -// LoadOrGenNodeKey attempts to load the NodeKey from the given filePath, -// and checks that the corresponding ID is less than the target. -// If the file does not exist, it generates and saves a new NodeKey -// with ID less than target. -func LoadOrGenNodeKey(filePath string, target []byte) (*NodeKey, error) { +// LoadOrGenNodeKey attempts to load the NodeKey from the given filePath. +// If the file does not exist, it generates and saves a new NodeKey. +func LoadOrGenNodeKey(filePath string) (*NodeKey, error) { if cmn.FileExists(filePath) { nodeKey, err := loadNodeKey(filePath) if err != nil { return nil, err } - if !nodeKey.SatisfiesTarget(target) { - return nil, fmt.Errorf("Loaded ID (%s) does not satisfy target (%X)", nodeKey.ID(), target) - } return nodeKey, nil } else { - return genNodeKey(filePath, target) + return genNodeKey(filePath) } } -// MakePoWTarget returns a 20 byte target byte array. -func MakePoWTarget(difficulty uint8) []byte { - zeroPrefixLen := (int(difficulty) / 8) - prefix := bytes.Repeat([]byte{0}, zeroPrefixLen) - mod := (difficulty % 8) - if mod > 0 { - nonZeroPrefix := byte(1 << (8 - mod)) - prefix = append(prefix, nonZeroPrefix) - } - return append(prefix, bytes.Repeat([]byte{255}, 20-len(prefix))...) -} - func loadNodeKey(filePath string) (*NodeKey, error) { jsonBytes, err := ioutil.ReadFile(filePath) if err != nil { @@ -86,8 +68,8 @@ func loadNodeKey(filePath string) (*NodeKey, error) { return nodeKey, nil } -func genNodeKey(filePath string, target []byte) (*NodeKey, error) { - privKey := genPrivKeyEd25519PoW(target).Wrap() +func genNodeKey(filePath string) (*NodeKey, error) { + privKey := crypto.GenPrivKeyEd25519().Wrap() nodeKey := &NodeKey{ PrivKey: privKey, } @@ -103,20 +85,26 @@ func genNodeKey(filePath string, target []byte) (*NodeKey, error) { return nodeKey, nil } -// generate key with address satisfying the difficult target -func genPrivKeyEd25519PoW(target []byte) crypto.PrivKeyEd25519 { - secret := crypto.CRandBytes(32) - var privKey crypto.PrivKeyEd25519 - for i := 0; ; i++ { - privKey = crypto.GenPrivKeyEd25519FromSecret(secret) - if bytes.Compare(privKey.PubKey().Address(), target) < 0 { - break - } - z := new(big.Int) - z.SetBytes(secret) - z = z.Add(z, big.NewInt(1)) - secret = z.Bytes() +//------------------------------------------------------------------------------ +// MakePoWTarget returns the big-endian encoding of 2^(targetBits - difficulty) - 1. +// It can be used as a Proof of Work target. +// NOTE: targetBits must be a multiple of 8 and difficulty must be less than targetBits. +func MakePoWTarget(difficulty, targetBits uint) []byte { + if targetBits%8 != 0 { + panic(fmt.Sprintf("targetBits (%d) not a multiple of 8", targetBits)) } - return privKey + if difficulty >= targetBits { + panic(fmt.Sprintf("difficulty (%d) >= targetBits (%d)", difficulty, targetBits)) + } + targetBytes := targetBits / 8 + zeroPrefixLen := (int(difficulty) / 8) + prefix := bytes.Repeat([]byte{0}, zeroPrefixLen) + mod := (difficulty % 8) + if mod > 0 { + nonZeroPrefix := byte(1<<(8-mod) - 1) + prefix = append(prefix, nonZeroPrefix) + } + tailLen := int(targetBytes) - len(prefix) + return append(prefix, bytes.Repeat([]byte{0xFF}, tailLen)...) } diff --git a/p2p/key_test.go b/p2p/key_test.go index ef885e55d..c2e1f3e0e 100644 --- a/p2p/key_test.go +++ b/p2p/key_test.go @@ -13,37 +13,38 @@ import ( func TestLoadOrGenNodeKey(t *testing.T) { filePath := filepath.Join(os.TempDir(), cmn.RandStr(12)+"_peer_id.json") - target := MakePoWTarget(2) - nodeKey, err := LoadOrGenNodeKey(filePath, target) + nodeKey, err := LoadOrGenNodeKey(filePath) assert.Nil(t, err) - nodeKey2, err := LoadOrGenNodeKey(filePath, target) + nodeKey2, err := LoadOrGenNodeKey(filePath) assert.Nil(t, err) assert.Equal(t, nodeKey, nodeKey2) } -func repeatBytes(val byte, n int) []byte { - return bytes.Repeat([]byte{val}, n) +//---------------------------------------------------------- + +func padBytes(bz []byte, targetBytes int) []byte { + return append(bz, bytes.Repeat([]byte{0xFF}, targetBytes-len(bz))...) } func TestPoWTarget(t *testing.T) { + targetBytes := 20 cases := []struct { - difficulty uint8 + difficulty uint target []byte }{ - {0, bytes.Repeat([]byte{255}, 20)}, - {1, append([]byte{128}, repeatBytes(255, 19)...)}, - {8, append([]byte{0}, repeatBytes(255, 19)...)}, - {9, append([]byte{0, 128}, repeatBytes(255, 18)...)}, - {10, append([]byte{0, 64}, repeatBytes(255, 18)...)}, - {16, append([]byte{0, 0}, repeatBytes(255, 18)...)}, - {17, append([]byte{0, 0, 128}, repeatBytes(255, 17)...)}, + {0, padBytes([]byte{}, targetBytes)}, + {1, padBytes([]byte{127}, targetBytes)}, + {8, padBytes([]byte{0}, targetBytes)}, + {9, padBytes([]byte{0, 127}, targetBytes)}, + {10, padBytes([]byte{0, 63}, targetBytes)}, + {16, padBytes([]byte{0, 0}, targetBytes)}, + {17, padBytes([]byte{0, 0, 127}, targetBytes)}, } for _, c := range cases { - assert.Equal(t, MakePoWTarget(c.difficulty), c.target) + assert.Equal(t, MakePoWTarget(c.difficulty, 20*8), c.target) } - } From e4d52401cfa08355bfbe9abf422d4d795d363dcf Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 13 Jan 2018 16:06:31 -0500 Subject: [PATCH 057/188] some fixes from review --- p2p/addrbook_test.go | 2 +- p2p/key.go | 5 +++++ p2p/netaddress.go | 9 +++++---- p2p/netaddress_test.go | 7 +++++++ p2p/pex_reactor.go | 9 +++++---- p2p/switch.go | 3 ++- 6 files changed, 25 insertions(+), 10 deletions(-) diff --git a/p2p/addrbook_test.go b/p2p/addrbook_test.go index 07ab3474c..bcef569df 100644 --- a/p2p/addrbook_test.go +++ b/p2p/addrbook_test.go @@ -190,7 +190,7 @@ func randIPv4Address(t *testing.T) *NetAddress { ) port := rand.Intn(65535-1) + 1 addr, err := NewNetAddressString(fmt.Sprintf("%v:%v", ip, port)) - addr.ID = ID(hex.EncodeToString(cmn.RandBytes(20))) // TODO + addr.ID = ID(hex.EncodeToString(cmn.RandBytes(20))) assert.Nil(t, err, "error generating rand network address") if addr.Routable() { return addr diff --git a/p2p/key.go b/p2p/key.go index 6883c86e2..5a4ab48f7 100644 --- a/p2p/key.go +++ b/p2p/key.go @@ -11,8 +11,13 @@ import ( cmn "github.com/tendermint/tmlibs/common" ) +// ID is a hex-encoded crypto.Address type ID string +// IDByteLength is the length of a crypto.Address. Currently only 20. +// TODO: support other length addresses ? +const IDByteLength = 20 + //------------------------------------------------------------------------------ // Persistent peer ID // TODO: encrypt on disk diff --git a/p2p/netaddress.go b/p2p/netaddress.go index d804e3488..c11d1442e 100644 --- a/p2p/netaddress.go +++ b/p2p/netaddress.go @@ -50,8 +50,8 @@ func NewNetAddress(id ID, addr net.Addr) *NetAddress { } // NewNetAddressString returns a new NetAddress using the provided -// address in the form of "IP:Port". Also resolves the host if host -// is not an IP. +// address in the form of "ID@IP:Port", where the ID is optional. +// Also resolves the host if host is not an IP. func NewNetAddressString(addr string) (*NetAddress, error) { addr = removeProtocolIfDefined(addr) @@ -63,8 +63,9 @@ func NewNetAddressString(addr string) (*NetAddress, error) { if err != nil { return nil, errors.Wrap(err, fmt.Sprintf("Address (%s) contains invalid ID", addr)) } - if len(idBytes) != 20 { - return nil, fmt.Errorf("Address (%s) contains ID of invalid length (%d). Should be 20 hex-encoded bytes", len(idBytes)) + if len(idBytes) != IDByteLength { + return nil, fmt.Errorf("Address (%s) contains ID of invalid length (%d). Should be %d hex-encoded bytes", + addr, len(idBytes), IDByteLength) } id, addr = ID(idStr), spl[1] } diff --git a/p2p/netaddress_test.go b/p2p/netaddress_test.go index 0aa45423c..6c1930a2f 100644 --- a/p2p/netaddress_test.go +++ b/p2p/netaddress_test.go @@ -48,6 +48,13 @@ func TestNewNetAddressString(t *testing.T) { {"tcp://this-isnot-hex@127.0.0.1:8080", "", false}, {"tcp://xxxxbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", "", false}, {"tcp://deadbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", "deadbeefdeadbeefdeadbeefdeadbeefdeadbeef@127.0.0.1:8080", true}, + + {"tcp://@127.0.0.1:8080", "", false}, + {"tcp://@", "", false}, + {"", "", false}, + {"@", "", false}, + {" @", "", false}, + {" @ ", "", false}, } for _, tc := range testCases { diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 6fd0285d3..fc1cbdd98 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -109,19 +109,20 @@ func (r *PEXReactor) GetChannels() []*ChannelDescriptor { func (r *PEXReactor) AddPeer(p Peer) { if p.IsOutbound() { // For outbound peers, the address is already in the books. - // Either it was added in DialPersistentPeers or when we + // Either it was added in DialPeersAsync or when we // received the peer's address in r.Receive if r.book.NeedMoreAddrs() { r.RequestPEX(p) } - } else { // For inbound connections, the peer is its own source - addr, err := NewNetAddressString(p.NodeInfo().ListenAddr) - addr.ID = p.ID() // TODO: handle in NewNetAddress func + } else { + addrStr := fmt.Sprintf("%s@%s", p.ID(), p.NodeInfo().ListenAddr) + addr, err := NewNetAddressString(addrStr) if err != nil { // peer gave us a bad ListenAddr. TODO: punish r.Logger.Error("Error in AddPeer: invalid peer address", "addr", p.NodeInfo().ListenAddr, "err", err) return } + // For inbound connections, the peer is its own source r.book.AddAddress(addr, addr) } } diff --git a/p2p/switch.go b/p2p/switch.go index cd353ca86..eca52e982 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -94,6 +94,7 @@ type Switch struct { var ( ErrSwitchDuplicatePeer = errors.New("Duplicate peer") + ErrSwitchConnectToSelf = errors.New("Connect to self") ) func NewSwitch(config *cfg.P2PConfig) *Switch { @@ -241,7 +242,7 @@ func (sw *Switch) OnStop() { func (sw *Switch) addPeer(peer *peer) error { // Avoid self if sw.nodeKey.ID() == peer.ID() { - return errors.New("Ignoring connection from self") + return ErrSwitchConnectToSelf } // Filter peer against white list From 53a5498fc5022a72b27a38e9583160356d584cd1 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 13 Jan 2018 16:14:28 -0500 Subject: [PATCH 058/188] more fixes from review --- config/config.go | 2 +- config/toml.go | 3 +++ node/node.go | 2 +- p2p/addrbook.go | 2 +- p2p/addrbook_test.go | 5 +++-- p2p/key.go | 12 +++++------- p2p/netaddress.go | 7 ++++++- p2p/peer.go | 2 +- p2p/pex_reactor.go | 16 ++++------------ p2p/switch.go | 10 +--------- p2p/types.go | 12 ++++++++++++ 11 files changed, 38 insertions(+), 35 deletions(-) diff --git a/config/config.go b/config/config.go index 645b9e10a..f93b79241 100644 --- a/config/config.go +++ b/config/config.go @@ -95,7 +95,7 @@ type BaseConfig struct { PrivValidator string `mapstructure:"priv_validator_file"` // A JSON file containing the private key to use for p2p authenticated encryption - NodeKey string `mapstructure:"node_key"` + NodeKey string `mapstructure:"node_key_file"` // A custom human readable name for this node Moniker string `mapstructure:"moniker"` diff --git a/config/toml.go b/config/toml.go index f979af955..e7bd26103 100644 --- a/config/toml.go +++ b/config/toml.go @@ -87,6 +87,9 @@ genesis_file = "{{ .BaseConfig.Genesis }}" # Path to the JSON file containing the private key to use as a validator in the consensus protocol priv_validator_file = "{{ .BaseConfig.PrivValidator }}" +# Path to the JSON file containing the private key to use for node authentication in the p2p protocol +node_key_file = "{{ .BaseConfig.NodeKey}}" + # Mechanism to connect to the ABCI application: socket | grpc abci = "{{ .BaseConfig.ABCI }}" diff --git a/node/node.go b/node/node.go index bd3bd1ca8..5535b1e16 100644 --- a/node/node.go +++ b/node/node.go @@ -368,7 +368,7 @@ func (n *Node) OnStart() error { n.sw.AddListener(l) // Generate node PrivKey - // TODO: the loading function will need to be configurable + // TODO: pass in like priv_val nodeKey, err := p2p.LoadOrGenNodeKey(n.config.NodeKeyFile()) if err != nil { return err diff --git a/p2p/addrbook.go b/p2p/addrbook.go index 6ccec61f7..8826ff1e0 100644 --- a/p2p/addrbook.go +++ b/p2p/addrbook.go @@ -283,7 +283,7 @@ func (a *AddrBook) RemoveAddress(addr *NetAddress) { if ka == nil { return } - a.Logger.Info("Remove address from book", "addr", ka.Addr) + a.Logger.Info("Remove address from book", "addr", ka.Addr, "ID", ka.ID) a.removeFromAllBuckets(ka) } diff --git a/p2p/addrbook_test.go b/p2p/addrbook_test.go index bcef569df..00051ae1f 100644 --- a/p2p/addrbook_test.go +++ b/p2p/addrbook_test.go @@ -189,8 +189,9 @@ func randIPv4Address(t *testing.T) *NetAddress { rand.Intn(255), ) port := rand.Intn(65535-1) + 1 - addr, err := NewNetAddressString(fmt.Sprintf("%v:%v", ip, port)) - addr.ID = ID(hex.EncodeToString(cmn.RandBytes(20))) + id := ID(hex.EncodeToString(cmn.RandBytes(IDByteLength))) + idAddr := IDAddressString(id, fmt.Sprintf("%v:%v", ip, port)) + addr, err := NewNetAddressString(idAddr) assert.Nil(t, err, "error generating rand network address") if addr.Routable() { return addr diff --git a/p2p/key.go b/p2p/key.go index 5a4ab48f7..ea0f0b071 100644 --- a/p2p/key.go +++ b/p2p/key.go @@ -30,11 +30,7 @@ type NodeKey struct { // ID returns the peer's canonical ID - the hash of its public key. func (nodeKey *NodeKey) ID() ID { - return ID(hex.EncodeToString(nodeKey.id())) -} - -func (nodeKey *NodeKey) id() []byte { - return nodeKey.PrivKey.PubKey().Address() + return PubKeyToID(nodeKey.PubKey()) } // PubKey returns the peer's PubKey @@ -42,8 +38,10 @@ func (nodeKey *NodeKey) PubKey() crypto.PubKey { return nodeKey.PrivKey.PubKey() } -func (nodeKey *NodeKey) SatisfiesTarget(target []byte) bool { - return bytes.Compare(nodeKey.id(), target) < 0 +// PubKeyToID returns the ID corresponding to the given PubKey. +// It's the hex-encoding of the pubKey.Address(). +func PubKeyToID(pubKey crypto.PubKey) ID { + return ID(hex.EncodeToString(pubKey.Address())) } // LoadOrGenNodeKey attempts to load the NodeKey from the given filePath. diff --git a/p2p/netaddress.go b/p2p/netaddress.go index c11d1442e..fed5e59d4 100644 --- a/p2p/netaddress.go +++ b/p2p/netaddress.go @@ -26,6 +26,11 @@ type NetAddress struct { str string } +// IDAddressString returns id@hostPort. +func IDAddressString(id ID, hostPort string) string { + return fmt.Sprintf("%s@%s", id, hostPort) +} + // NewNetAddress returns a new NetAddress using the provided TCP // address. When testing, other net.Addr (except TCP) will result in // using 0.0.0.0:0. When normal run, other net.Addr (except TCP) will @@ -136,7 +141,7 @@ func (na *NetAddress) String() string { if na.str == "" { addrStr := na.DialString() if na.ID != "" { - addrStr = fmt.Sprintf("%s@%s", na.ID, addrStr) + addrStr = IDAddressString(na.ID, addrStr) } na.str = addrStr } diff --git a/p2p/peer.go b/p2p/peer.go index ecf2efce5..ff8d8d0ed 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -304,7 +304,7 @@ func (p *peer) Set(key string, data interface{}) { p.Data.Set(key, data) } -// Key returns the peer's ID - the hex encoded hash of its pubkey. +// ID returns the peer's ID - the hex encoded hash of its pubkey. func (p *peer) ID() ID { return ID(hex.EncodeToString(p.PubKey().Address())) } diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index fc1cbdd98..0816a6e98 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -115,14 +115,8 @@ func (r *PEXReactor) AddPeer(p Peer) { r.RequestPEX(p) } } else { - addrStr := fmt.Sprintf("%s@%s", p.ID(), p.NodeInfo().ListenAddr) - addr, err := NewNetAddressString(addrStr) - if err != nil { - // peer gave us a bad ListenAddr. TODO: punish - r.Logger.Error("Error in AddPeer: invalid peer address", "addr", p.NodeInfo().ListenAddr, "err", err) - return - } // For inbound connections, the peer is its own source + addr := p.NodeInfo().NetAddress() r.book.AddAddress(addr, addr) } } @@ -261,7 +255,7 @@ func (r *PEXReactor) ensurePeers() { // NOTE: range here is [10, 90]. Too high ? newBias := cmn.MinInt(numOutPeers, 8)*10 + 10 - toDial := make(map[string]*NetAddress) + toDial := make(map[ID]*NetAddress) // Try maxAttempts times to pick numToDial addresses to dial maxAttempts := numToDial * 3 for i := 0; i < maxAttempts && len(toDial) < numToDial; i++ { @@ -269,19 +263,17 @@ func (r *PEXReactor) ensurePeers() { if try == nil { continue } - if _, selected := toDial[string(try.ID)]; selected { + if _, selected := toDial[try.ID]; selected { continue } if dialling := r.Switch.IsDialing(try.ID); dialling { continue } - // XXX: Should probably use pubkey as peer key ... - // TODO: use the ID correctly if connected := r.Switch.Peers().Has(try.ID); connected { continue } r.Logger.Info("Will dial address", "addr", try) - toDial[string(try.ID)] = try + toDial[try.ID] = try } // Dial picked addresses diff --git a/p2p/switch.go b/p2p/switch.go index eca52e982..da1aa552f 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -84,7 +84,6 @@ type Switch struct { dialing *cmn.CMap nodeInfo *NodeInfo // our node info nodeKey *NodeKey // our node privkey - peerIDTarget []byte filterConnByAddr func(net.Addr) error filterConnByPubKey func(crypto.PubKey) error @@ -194,12 +193,6 @@ func (sw *Switch) SetNodeKey(nodeKey *NodeKey) { } } -// SetPeerIDTarget sets the target for incoming peer ID's - -// the ID must be less than the target -func (sw *Switch) SetPeerIDTarget(target []byte) { - sw.peerIDTarget = target -} - // OnStart implements BaseService. It starts all the reactors, peers, and listeners. func (sw *Switch) OnStart() error { // Start reactors @@ -460,8 +453,7 @@ func (sw *Switch) StopPeerForError(peer Peer, reason interface{}) { // If no success after all that, it stops trying, and leaves it // to the PEX/Addrbook to find the peer again func (sw *Switch) reconnectToPeer(peer Peer) { - netAddr, _ := NewNetAddressString(peer.NodeInfo().RemoteAddr) - netAddr.ID = peer.ID() // TODO: handle above + netAddr := peer.NodeInfo().NetAddress() start := time.Now() sw.Logger.Info("Reconnecting to peer", "peer", peer) for i := 0; i < reconnectAttempts; i++ { diff --git a/p2p/types.go b/p2p/types.go index 860132902..287c88b01 100644 --- a/p2p/types.go +++ b/p2p/types.go @@ -11,6 +11,8 @@ import ( const maxNodeInfoSize = 10240 // 10Kb +// NodeInfo is the basic node information exchanged +// between two peers during the Tendermint P2P handshake type NodeInfo struct { PubKey crypto.PubKey `json:"pub_key"` // authenticated pubkey Moniker string `json:"moniker"` // arbitrary moniker @@ -54,6 +56,16 @@ func (info *NodeInfo) CompatibleWith(other *NodeInfo) error { return nil } +func (info *NodeInfo) NetAddress() *NetAddress { + id := PubKeyToID(info.PubKey) + addr := info.ListenAddr + netAddr, err := NewNetAddressString(IDAddressString(id, addr)) + if err != nil { + panic(err) // everything should be well formed by now + } + return netAddr +} + func (info *NodeInfo) ListenHost() string { host, _, _ := net.SplitHostPort(info.ListenAddr) // nolint: errcheck, gas return host From 7667e119731271d745814b34379844a5a6fe7a29 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 13 Jan 2018 16:50:03 -0500 Subject: [PATCH 059/188] remove RemoteAddr from NodeInfo --- p2p/peer.go | 2 -- p2p/peer_set_test.go | 1 - p2p/peer_test.go | 9 +++++---- p2p/pex_reactor.go | 24 +++++++++--------------- p2p/pex_reactor_test.go | 5 ++--- p2p/switch.go | 1 - p2p/types.go | 7 +++++-- 7 files changed, 21 insertions(+), 28 deletions(-) diff --git a/p2p/peer.go b/p2p/peer.go index ff8d8d0ed..2f5dff78d 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -206,8 +206,6 @@ func (p *peer) HandshakeTimeout(ourNodeInfo *NodeInfo, timeout time.Duration) er return errors.Wrap(err, "Error removing deadline") } - peerNodeInfo.RemoteAddr = p.Addr().String() - p.nodeInfo = peerNodeInfo return nil } diff --git a/p2p/peer_set_test.go b/p2p/peer_set_test.go index 609c49004..e50bb384b 100644 --- a/p2p/peer_set_test.go +++ b/p2p/peer_set_test.go @@ -15,7 +15,6 @@ import ( func randPeer() *peer { return &peer{ nodeInfo: &NodeInfo{ - RemoteAddr: cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256), ListenAddr: cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256), PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, diff --git a/p2p/peer_test.go b/p2p/peer_test.go index 78a4e2f5b..aafe8d7a9 100644 --- a/p2p/peer_test.go +++ b/p2p/peer_test.go @@ -142,10 +142,11 @@ func (p *remotePeer) accept(l net.Listener) { golog.Fatalf("Failed to create a peer: %+v", err) } err = peer.HandshakeTimeout(&NodeInfo{ - PubKey: p.PrivKey.PubKey(), - Moniker: "remote_peer", - Network: "testing", - Version: "123.123.123", + PubKey: p.PrivKey.PubKey(), + Moniker: "remote_peer", + Network: "testing", + Version: "123.123.123", + ListenAddr: l.Addr().String(), }, 1*time.Second) if err != nil { golog.Fatalf("Failed to perform handshake: %+v", err) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 0816a6e98..5aa63db71 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -129,17 +129,11 @@ func (r *PEXReactor) RemovePeer(p Peer, reason interface{}) { // Receive implements Reactor by handling incoming PEX messages. func (r *PEXReactor) Receive(chID byte, src Peer, msgBytes []byte) { - srcAddrStr := src.NodeInfo().RemoteAddr - srcAddr, err := NewNetAddressString(srcAddrStr) - if err != nil { - // this should never happen. TODO: cancel conn - r.Logger.Error("Error in Receive: invalid peer address", "addr", srcAddrStr, "err", err) - return - } + srcAddr := src.NodeInfo().NetAddress() - r.IncrementMsgCountForPeer(srcAddrStr) - if r.ReachedMaxMsgCountForPeer(srcAddrStr) { - r.Logger.Error("Maximum number of messages reached for peer", "peer", srcAddrStr) + r.IncrementMsgCountForPeer(srcAddr.ID) + if r.ReachedMaxMsgCountForPeer(srcAddr.ID) { + r.Logger.Error("Maximum number of messages reached for peer", "peer", srcAddr) // TODO remove src from peers? return } @@ -192,19 +186,19 @@ func (r *PEXReactor) SetMaxMsgCountByPeer(v uint16) { // ReachedMaxMsgCountForPeer returns true if we received too many // messages from peer with address `addr`. // NOTE: assumes the value in the CMap is non-nil -func (r *PEXReactor) ReachedMaxMsgCountForPeer(addr string) bool { - return r.msgCountByPeer.Get(addr).(uint16) >= r.maxMsgCountByPeer +func (r *PEXReactor) ReachedMaxMsgCountForPeer(peerID ID) bool { + return r.msgCountByPeer.Get(string(peerID)).(uint16) >= r.maxMsgCountByPeer } // Increment or initialize the msg count for the peer in the CMap -func (r *PEXReactor) IncrementMsgCountForPeer(addr string) { +func (r *PEXReactor) IncrementMsgCountForPeer(peerID ID) { var count uint16 - countI := r.msgCountByPeer.Get(addr) + countI := r.msgCountByPeer.Get(string(peerID)) if countI != nil { count = countI.(uint16) } count++ - r.msgCountByPeer.Set(addr, count) + r.msgCountByPeer.Set(string(peerID), count) } // Ensures that sufficient peers are connected. (continuous) diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index 2fb616fb9..296b18867 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -184,7 +184,7 @@ func TestPEXReactorAbuseFromPeer(t *testing.T) { r.Receive(PexChannel, peer, msg) } - assert.True(r.ReachedMaxMsgCountForPeer(peer.NodeInfo().ListenAddr)) + assert.True(r.ReachedMaxMsgCountForPeer(peer.NodeInfo().ID())) } func TestPEXReactorUsesSeedsIfNeeded(t *testing.T) { @@ -243,8 +243,7 @@ func createRandomPeer(outbound bool) *peer { addr, netAddr := createRoutableAddr() p := &peer{ nodeInfo: &NodeInfo{ - ListenAddr: addr, - RemoteAddr: netAddr.String(), + ListenAddr: netAddr.String(), PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, outbound: outbound, diff --git a/p2p/switch.go b/p2p/switch.go index da1aa552f..484649145 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -615,7 +615,6 @@ func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch f Moniker: cmn.Fmt("switch%d", i), Network: network, Version: version, - RemoteAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), ListenAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), }) s.SetNodeKey(nodeKey) diff --git a/p2p/types.go b/p2p/types.go index 287c88b01..2aec521b2 100644 --- a/p2p/types.go +++ b/p2p/types.go @@ -17,7 +17,6 @@ type NodeInfo struct { PubKey crypto.PubKey `json:"pub_key"` // authenticated pubkey Moniker string `json:"moniker"` // arbitrary moniker Network string `json:"network"` // network/chain ID - RemoteAddr string `json:"remote_addr"` // address for the connection ListenAddr string `json:"listen_addr"` // accepting incoming Version string `json:"version"` // major.minor.revision Other []string `json:"other"` // other application specific data @@ -56,6 +55,10 @@ func (info *NodeInfo) CompatibleWith(other *NodeInfo) error { return nil } +func (info *NodeInfo) ID() ID { + return PubKeyToID(info.PubKey) +} + func (info *NodeInfo) NetAddress() *NetAddress { id := PubKeyToID(info.PubKey) addr := info.ListenAddr @@ -81,7 +84,7 @@ func (info *NodeInfo) ListenPort() int { } func (info NodeInfo) String() string { - return fmt.Sprintf("NodeInfo{pk: %v, moniker: %v, network: %v [remote %v, listen %v], version: %v (%v)}", info.PubKey, info.Moniker, info.Network, info.RemoteAddr, info.ListenAddr, info.Version, info.Other) + return fmt.Sprintf("NodeInfo{pk: %v, moniker: %v, network: %v [listen %v], version: %v (%v)}", info.PubKey, info.Moniker, info.Network, info.ListenAddr, info.Version, info.Other) } func splitVersion(version string) (string, string, string, error) { From 452d10f368a626a47bf4f5e9736a6b1166c252e0 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 13 Jan 2018 17:25:51 -0500 Subject: [PATCH 060/188] cleanup switch --- p2p/addrbook.go | 13 + p2p/base_reactor.go | 35 +++ p2p/peer.go | 2 + p2p/switch.go | 562 ++++++++++++++++++-------------------------- p2p/test_util.go | 111 +++++++++ p2p/util.go | 15 -- 6 files changed, 384 insertions(+), 354 deletions(-) create mode 100644 p2p/base_reactor.go create mode 100644 p2p/test_util.go delete mode 100644 p2p/util.go diff --git a/p2p/addrbook.go b/p2p/addrbook.go index 8826ff1e0..7591c3074 100644 --- a/p2p/addrbook.go +++ b/p2p/addrbook.go @@ -5,6 +5,7 @@ package p2p import ( + "crypto/sha256" "encoding/binary" "encoding/json" "fmt" @@ -867,3 +868,15 @@ func (ka *knownAddress) isBad() bool { return false } + +//----------------------------------------------------------------------------- + +// doubleSha256 calculates sha256(sha256(b)) and returns the resulting bytes. +func doubleSha256(b []byte) []byte { + hasher := sha256.New() + hasher.Write(b) // nolint: errcheck, gas + sum := hasher.Sum(nil) + hasher.Reset() + hasher.Write(sum) // nolint: errcheck, gas + return hasher.Sum(nil) +} diff --git a/p2p/base_reactor.go b/p2p/base_reactor.go new file mode 100644 index 000000000..e8107d730 --- /dev/null +++ b/p2p/base_reactor.go @@ -0,0 +1,35 @@ +package p2p + +import cmn "github.com/tendermint/tmlibs/common" + +type Reactor interface { + cmn.Service // Start, Stop + + SetSwitch(*Switch) + GetChannels() []*ChannelDescriptor + AddPeer(peer Peer) + RemovePeer(peer Peer, reason interface{}) + Receive(chID byte, peer Peer, msgBytes []byte) // CONTRACT: msgBytes are not nil +} + +//-------------------------------------- + +type BaseReactor struct { + cmn.BaseService // Provides Start, Stop, .Quit + Switch *Switch +} + +func NewBaseReactor(name string, impl Reactor) *BaseReactor { + return &BaseReactor{ + BaseService: *cmn.NewBaseService(nil, name, impl), + Switch: nil, + } +} + +func (br *BaseReactor) SetSwitch(sw *Switch) { + br.Switch = sw +} +func (_ *BaseReactor) GetChannels() []*ChannelDescriptor { return nil } +func (_ *BaseReactor) AddPeer(peer Peer) {} +func (_ *BaseReactor) RemovePeer(peer Peer, reason interface{}) {} +func (_ *BaseReactor) Receive(chID byte, peer Peer, msgBytes []byte) {} diff --git a/p2p/peer.go b/p2p/peer.go index 2f5dff78d..1f5192d50 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -99,6 +99,8 @@ func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs [] func newInboundPeer(conn net.Conn, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig) (*peer, error) { + // TODO: issue PoW challenge + return newPeerFromConnAndConfig(conn, false, reactorsByCh, chDescs, onPeerError, ourNodePrivKey, config) } diff --git a/p2p/switch.go b/p2p/switch.go index 484649145..4ece1a58c 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -12,7 +12,6 @@ import ( crypto "github.com/tendermint/go-crypto" cfg "github.com/tendermint/tendermint/config" cmn "github.com/tendermint/tmlibs/common" - "github.com/tendermint/tmlibs/log" ) const ( @@ -31,46 +30,17 @@ const ( reconnectBackOffBaseSeconds = 3 ) -type Reactor interface { - cmn.Service // Start, Stop - - SetSwitch(*Switch) - GetChannels() []*ChannelDescriptor - AddPeer(peer Peer) - RemovePeer(peer Peer, reason interface{}) - Receive(chID byte, peer Peer, msgBytes []byte) // CONTRACT: msgBytes are not nil -} - -//-------------------------------------- - -type BaseReactor struct { - cmn.BaseService // Provides Start, Stop, .Quit - Switch *Switch -} - -func NewBaseReactor(name string, impl Reactor) *BaseReactor { - return &BaseReactor{ - BaseService: *cmn.NewBaseService(nil, name, impl), - Switch: nil, - } -} - -func (br *BaseReactor) SetSwitch(sw *Switch) { - br.Switch = sw -} -func (_ *BaseReactor) GetChannels() []*ChannelDescriptor { return nil } -func (_ *BaseReactor) AddPeer(peer Peer) {} -func (_ *BaseReactor) RemovePeer(peer Peer, reason interface{}) {} -func (_ *BaseReactor) Receive(chID byte, peer Peer, msgBytes []byte) {} +var ( + ErrSwitchDuplicatePeer = errors.New("Duplicate peer") + ErrSwitchConnectToSelf = errors.New("Connect to self") +) //----------------------------------------------------------------------------- -/* -The `Switch` handles peer connections and exposes an API to receive incoming messages -on `Reactors`. Each `Reactor` is responsible for handling incoming messages of one -or more `Channels`. So while sending outgoing messages is typically performed on the peer, -incoming messages are received on the reactor. -*/ +// `Switch` handles peer connections and exposes an API to receive incoming messages +// on `Reactors`. Each `Reactor` is responsible for handling incoming messages of one +// or more `Channels`. So while sending outgoing messages is typically performed on the peer, +// incoming messages are received on the reactor. type Switch struct { cmn.BaseService @@ -91,11 +61,6 @@ type Switch struct { rng *rand.Rand // seed for randomizing dial times and orders } -var ( - ErrSwitchDuplicatePeer = errors.New("Duplicate peer") - ErrSwitchConnectToSelf = errors.New("Connect to self") -) - func NewSwitch(config *cfg.P2PConfig) *Switch { sw := &Switch{ config: config, @@ -122,6 +87,9 @@ func NewSwitch(config *cfg.P2PConfig) *Switch { return sw } +//--------------------------------------------------------------------- +// Switch setup + // AddReactor adds the given reactor to the switch. // NOTE: Not goroutine safe. func (sw *Switch) AddReactor(name string, reactor Reactor) Reactor { @@ -193,6 +161,9 @@ func (sw *Switch) SetNodeKey(nodeKey *NodeKey) { } } +//--------------------------------------------------------------------- +// Service start/stop + // OnStart implements BaseService. It starts all the reactors, peers, and listeners. func (sw *Switch) OnStart() error { // Start reactors @@ -228,176 +199,26 @@ func (sw *Switch) OnStop() { } } -// addPeer checks the given peer's validity, performs a handshake, and adds the -// peer to the switch and to all registered reactors. -// NOTE: This performs a blocking handshake before the peer is added. -// NOTE: If error is returned, caller is responsible for calling peer.CloseConn() -func (sw *Switch) addPeer(peer *peer) error { - // Avoid self - if sw.nodeKey.ID() == peer.ID() { - return ErrSwitchConnectToSelf - } +//--------------------------------------------------------------------- +// Peers - // Filter peer against white list - if err := sw.FilterConnByAddr(peer.Addr()); err != nil { - return err - } - if err := sw.FilterConnByPubKey(peer.PubKey()); err != nil { - return err - } - - if err := peer.HandshakeTimeout(sw.nodeInfo, time.Duration(sw.peerConfig.HandshakeTimeout*time.Second)); err != nil { - return err - } - - // Avoid duplicate - if sw.peers.Has(peer.ID()) { - return ErrSwitchDuplicatePeer - - } - - // Check version, chain id - if err := sw.nodeInfo.CompatibleWith(peer.NodeInfo()); err != nil { - return err - } - - // Start peer - if sw.IsRunning() { - sw.startInitPeer(peer) - } - - // Add the peer to .peers. - // We start it first so that a peer in the list is safe to Stop. - // It should not err since we already checked peers.Has(). - if err := sw.peers.Add(peer); err != nil { - return err - } - - sw.Logger.Info("Added peer", "peer", peer) - return nil +// Peers returns the set of peers that are connected to the switch. +func (sw *Switch) Peers() IPeerSet { + return sw.peers } -// FilterConnByAddr returns an error if connecting to the given address is forbidden. -func (sw *Switch) FilterConnByAddr(addr net.Addr) error { - if sw.filterConnByAddr != nil { - return sw.filterConnByAddr(addr) - } - return nil -} - -// FilterConnByPubKey returns an error if connecting to the given public key is forbidden. -func (sw *Switch) FilterConnByPubKey(pubkey crypto.PubKey) error { - if sw.filterConnByPubKey != nil { - return sw.filterConnByPubKey(pubkey) - } - return nil - -} - -// SetAddrFilter sets the function for filtering connections by address. -func (sw *Switch) SetAddrFilter(f func(net.Addr) error) { - sw.filterConnByAddr = f -} - -// SetPubKeyFilter sets the function for filtering connections by public key. -func (sw *Switch) SetPubKeyFilter(f func(crypto.PubKey) error) { - sw.filterConnByPubKey = f -} - -func (sw *Switch) startInitPeer(peer *peer) { - err := peer.Start() // spawn send/recv routines - if err != nil { - // Should never happen - sw.Logger.Error("Error starting peer", "peer", peer, "err", err) - } - - for _, reactor := range sw.reactors { - reactor.AddPeer(peer) - } -} - -// DialPeersAsync dials a list of peers asynchronously in random order (optionally, making them persistent). -func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent bool) error { - netAddrs, errs := NewNetAddressStrings(peers) - // TODO: IDs - for _, err := range errs { - sw.Logger.Error("Error in peer's address", "err", err) - } - - if addrBook != nil { - // add peers to `addrBook` - ourAddrS := sw.nodeInfo.ListenAddr - ourAddr, _ := NewNetAddressString(ourAddrS) - for _, netAddr := range netAddrs { - // do not add ourselves - if netAddr.Equals(ourAddr) { - continue - } - addrBook.AddAddress(netAddr, ourAddr) +// NumPeers returns the count of outbound/inbound and outbound-dialing peers. +func (sw *Switch) NumPeers() (outbound, inbound, dialing int) { + peers := sw.peers.List() + for _, peer := range peers { + if peer.IsOutbound() { + outbound++ + } else { + inbound++ } - addrBook.Save() } - - // permute the list, dial them in random order. - perm := sw.rng.Perm(len(netAddrs)) - for i := 0; i < len(perm); i++ { - go func(i int) { - sw.randomSleep(0) - j := perm[i] - peer, err := sw.DialPeerWithAddress(netAddrs[j], persistent) - if err != nil { - sw.Logger.Error("Error dialing peer", "err", err) - } else { - sw.Logger.Info("Connected to peer", "peer", peer) - } - }(i) - } - return nil -} - -// sleep for interval plus some random amount of ms on [0, dialRandomizerIntervalMilliseconds] -func (sw *Switch) randomSleep(interval time.Duration) { - r := time.Duration(sw.rng.Int63n(dialRandomizerIntervalMilliseconds)) * time.Millisecond - time.Sleep(r + interval) -} - -// DialPeerWithAddress dials the given peer and runs sw.addPeer if it connects successfully. -// If `persistent == true`, the switch will always try to reconnect to this peer if the connection ever fails. -func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, error) { - sw.dialing.Set(string(addr.ID), addr) - defer sw.dialing.Delete(string(addr.ID)) - - sw.Logger.Info("Dialing peer", "address", addr) - peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, sw.peerConfig) - if err != nil { - sw.Logger.Error("Failed to dial peer", "address", addr, "err", err) - return nil, err - } - peer.SetLogger(sw.Logger.With("peer", addr)) - - // authenticate peer - if addr.ID == "" { - peer.Logger.Info("Dialed peer with unknown ID - unable to authenticate", "addr", addr) - } else if addr.ID != peer.ID() { - return nil, fmt.Errorf("Failed to authenticate peer %v. Connected to peer with ID %s", addr, peer.ID()) - } - - if persistent { - peer.makePersistent() - } - err = sw.addPeer(peer) - if err != nil { - sw.Logger.Error("Failed to add peer", "address", addr, "err", err) - peer.CloseConn() - return nil, err - } - sw.Logger.Info("Dialed and added peer", "address", addr, "peer", peer) - return peer, nil -} - -// IsDialing returns true if the switch is currently dialing the given ID. -func (sw *Switch) IsDialing(id ID) bool { - return sw.dialing.Has(string(id)) + dialing = sw.dialing.Size() + return } // Broadcast runs a go routine for each attempted send, which will block @@ -417,25 +238,6 @@ func (sw *Switch) Broadcast(chID byte, msg interface{}) chan bool { return successChan } -// NumPeers returns the count of outbound/inbound and outbound-dialing peers. -func (sw *Switch) NumPeers() (outbound, inbound, dialing int) { - peers := sw.peers.List() - for _, peer := range peers { - if peer.IsOutbound() { - outbound++ - } else { - inbound++ - } - } - dialing = sw.dialing.Size() - return -} - -// Peers returns the set of peers that are connected to the switch. -func (sw *Switch) Peers() IPeerSet { - return sw.peers -} - // StopPeerForError disconnects from a peer due to external error. // If the peer is persistent, it will attempt to reconnect. // TODO: make record depending on reason. @@ -448,6 +250,21 @@ func (sw *Switch) StopPeerForError(peer Peer, reason interface{}) { } } +// StopPeerGracefully disconnects from a peer gracefully. +// TODO: handle graceful disconnects. +func (sw *Switch) StopPeerGracefully(peer Peer) { + sw.Logger.Info("Stopping peer gracefully") + sw.stopAndRemovePeer(peer, nil) +} + +func (sw *Switch) stopAndRemovePeer(peer Peer, reason interface{}) { + sw.peers.Remove(peer) + peer.Stop() + for _, reactor := range sw.reactors { + reactor.RemovePeer(peer, reason) + } +} + // reconnectToPeer tries to reconnect to the peer, first repeatedly // with a fixed interval, then with exponential backoff. // If no success after all that, it stops trying, and leaves it @@ -495,21 +312,125 @@ func (sw *Switch) reconnectToPeer(peer Peer) { sw.Logger.Error("Failed to reconnect to peer. Giving up", "peer", peer, "elapsed", time.Since(start)) } -// StopPeerGracefully disconnects from a peer gracefully. -// TODO: handle graceful disconnects. -func (sw *Switch) StopPeerGracefully(peer Peer) { - sw.Logger.Info("Stopping peer gracefully") - sw.stopAndRemovePeer(peer, nil) +//--------------------------------------------------------------------- +// Dialing + +// IsDialing returns true if the switch is currently dialing the given ID. +func (sw *Switch) IsDialing(id ID) bool { + return sw.dialing.Has(string(id)) } -func (sw *Switch) stopAndRemovePeer(peer Peer, reason interface{}) { - sw.peers.Remove(peer) - peer.Stop() - for _, reactor := range sw.reactors { - reactor.RemovePeer(peer, reason) +// DialPeersAsync dials a list of peers asynchronously in random order (optionally, making them persistent). +func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent bool) error { + netAddrs, errs := NewNetAddressStrings(peers) + // TODO: IDs + for _, err := range errs { + sw.Logger.Error("Error in peer's address", "err", err) } + + if addrBook != nil { + // add peers to `addrBook` + ourAddrS := sw.nodeInfo.ListenAddr + ourAddr, _ := NewNetAddressString(ourAddrS) + for _, netAddr := range netAddrs { + // do not add ourselves + if netAddr.Equals(ourAddr) { + continue + } + addrBook.AddAddress(netAddr, ourAddr) + } + addrBook.Save() + } + + // permute the list, dial them in random order. + perm := sw.rng.Perm(len(netAddrs)) + for i := 0; i < len(perm); i++ { + go func(i int) { + sw.randomSleep(0) + j := perm[i] + peer, err := sw.DialPeerWithAddress(netAddrs[j], persistent) + if err != nil { + sw.Logger.Error("Error dialing peer", "err", err) + } else { + sw.Logger.Info("Connected to peer", "peer", peer) + } + }(i) + } + return nil } +// DialPeerWithAddress dials the given peer and runs sw.addPeer if it connects successfully. +// If `persistent == true`, the switch will always try to reconnect to this peer if the connection ever fails. +func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, error) { + sw.dialing.Set(string(addr.ID), addr) + defer sw.dialing.Delete(string(addr.ID)) + + sw.Logger.Info("Dialing peer", "address", addr) + peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, sw.peerConfig) + if err != nil { + sw.Logger.Error("Failed to dial peer", "address", addr, "err", err) + return nil, err + } + peer.SetLogger(sw.Logger.With("peer", addr)) + + // authenticate peer + if addr.ID == "" { + peer.Logger.Info("Dialed peer with unknown ID - unable to authenticate", "addr", addr) + } else if addr.ID != peer.ID() { + return nil, fmt.Errorf("Failed to authenticate peer %v. Connected to peer with ID %s", addr, peer.ID()) + } + + if persistent { + peer.makePersistent() + } + err = sw.addPeer(peer) + if err != nil { + sw.Logger.Error("Failed to add peer", "address", addr, "err", err) + peer.CloseConn() + return nil, err + } + sw.Logger.Info("Dialed and added peer", "address", addr, "peer", peer) + return peer, nil +} + +// sleep for interval plus some random amount of ms on [0, dialRandomizerIntervalMilliseconds] +func (sw *Switch) randomSleep(interval time.Duration) { + r := time.Duration(sw.rng.Int63n(dialRandomizerIntervalMilliseconds)) * time.Millisecond + time.Sleep(r + interval) +} + +//------------------------------------------------------------------------------------ +// Connection filtering + +// FilterConnByAddr returns an error if connecting to the given address is forbidden. +func (sw *Switch) FilterConnByAddr(addr net.Addr) error { + if sw.filterConnByAddr != nil { + return sw.filterConnByAddr(addr) + } + return nil +} + +// FilterConnByPubKey returns an error if connecting to the given public key is forbidden. +func (sw *Switch) FilterConnByPubKey(pubkey crypto.PubKey) error { + if sw.filterConnByPubKey != nil { + return sw.filterConnByPubKey(pubkey) + } + return nil + +} + +// SetAddrFilter sets the function for filtering connections by address. +func (sw *Switch) SetAddrFilter(f func(net.Addr) error) { + sw.filterConnByAddr = f +} + +// SetPubKeyFilter sets the function for filtering connections by public key. +func (sw *Switch) SetPubKeyFilter(f func(crypto.PubKey) error) { + sw.filterConnByPubKey = f +} + +//------------------------------------------------------------------------------------ + func (sw *Switch) listenerRoutine(l Listener) { for { inConn, ok := <-l.Connections() @@ -525,7 +446,7 @@ func (sw *Switch) listenerRoutine(l Listener) { } // New inbound connection! - err := sw.addPeerWithConnectionAndConfig(inConn, sw.peerConfig) + err := sw.addInboundPeerWithConfig(inConn, sw.peerConfig) if err != nil { sw.Logger.Info("Ignoring inbound connection: error while adding peer", "address", inConn.RemoteAddr().String(), "err", err) continue @@ -539,107 +460,7 @@ func (sw *Switch) listenerRoutine(l Listener) { // cleanup } -//------------------------------------------------------------------ -// Connects switches via arbitrary net.Conn. Used for testing. - -// MakeConnectedSwitches returns n switches, connected according to the connect func. -// If connect==Connect2Switches, the switches will be fully connected. -// initSwitch defines how the i'th switch should be initialized (ie. with what reactors). -// NOTE: panics if any switch fails to start. -func MakeConnectedSwitches(cfg *cfg.P2PConfig, n int, initSwitch func(int, *Switch) *Switch, connect func([]*Switch, int, int)) []*Switch { - switches := make([]*Switch, n) - for i := 0; i < n; i++ { - switches[i] = makeSwitch(cfg, i, "testing", "123.123.123", initSwitch) - } - - if err := StartSwitches(switches); err != nil { - panic(err) - } - - for i := 0; i < n; i++ { - for j := i + 1; j < n; j++ { - connect(switches, i, j) - } - } - - return switches -} - -// Connect2Switches will connect switches i and j via net.Pipe(). -// Blocks until a connection is established. -// NOTE: caller ensures i and j are within bounds. -func Connect2Switches(switches []*Switch, i, j int) { - switchI := switches[i] - switchJ := switches[j] - c1, c2 := netPipe() - doneCh := make(chan struct{}) - go func() { - err := switchI.addPeerWithConnection(c1) - if err != nil { - panic(err) - } - doneCh <- struct{}{} - }() - go func() { - err := switchJ.addPeerWithConnection(c2) - if err != nil { - panic(err) - } - doneCh <- struct{}{} - }() - <-doneCh - <-doneCh -} - -// StartSwitches calls sw.Start() for each given switch. -// It returns the first encountered error. -func StartSwitches(switches []*Switch) error { - for _, s := range switches { - err := s.Start() // start switch and reactors - if err != nil { - return err - } - } - return nil -} - -func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch func(int, *Switch) *Switch) *Switch { - // new switch, add reactors - // TODO: let the config be passed in? - nodeKey := &NodeKey{ - PrivKey: crypto.GenPrivKeyEd25519().Wrap(), - } - s := initSwitch(i, NewSwitch(cfg)) - s.SetNodeInfo(&NodeInfo{ - PubKey: nodeKey.PubKey(), - Moniker: cmn.Fmt("switch%d", i), - Network: network, - Version: version, - ListenAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), - }) - s.SetNodeKey(nodeKey) - s.SetLogger(log.TestingLogger()) - return s -} - -func (sw *Switch) addPeerWithConnection(conn net.Conn) error { - peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, sw.peerConfig) - if err != nil { - if err := conn.Close(); err != nil { - sw.Logger.Error("Error closing connection", "err", err) - } - return err - } - peer.SetLogger(sw.Logger.With("peer", conn.RemoteAddr())) - if err = sw.addPeer(peer); err != nil { - peer.CloseConn() - return err - } - - return nil -} - -func (sw *Switch) addPeerWithConnectionAndConfig(conn net.Conn, config *PeerConfig) error { +func (sw *Switch) addInboundPeerWithConfig(conn net.Conn, config *PeerConfig) error { peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config) if err != nil { if err := conn.Close(); err != nil { @@ -655,3 +476,66 @@ func (sw *Switch) addPeerWithConnectionAndConfig(conn net.Conn, config *PeerConf return nil } + +// addPeer checks the given peer's validity, performs a handshake, and adds the +// peer to the switch and to all registered reactors. +// We already have an authenticated SecretConnection with the peer. +// NOTE: This performs a blocking handshake before the peer is added. +// NOTE: If error is returned, caller is responsible for calling peer.CloseConn() +func (sw *Switch) addPeer(peer *peer) error { + // Avoid self + if sw.nodeKey.ID() == peer.ID() { + return ErrSwitchConnectToSelf + } + + // Filter peer against white list + if err := sw.FilterConnByAddr(peer.Addr()); err != nil { + return err + } + if err := sw.FilterConnByPubKey(peer.PubKey()); err != nil { + return err + } + + // Exchange NodeInfo with the peer + if err := peer.HandshakeTimeout(sw.nodeInfo, time.Duration(sw.peerConfig.HandshakeTimeout*time.Second)); err != nil { + return err + } + + // Avoid duplicate + if sw.peers.Has(peer.ID()) { + return ErrSwitchDuplicatePeer + + } + + // Check version, chain id + if err := sw.nodeInfo.CompatibleWith(peer.NodeInfo()); err != nil { + return err + } + + // Start peer + if sw.IsRunning() { + sw.startInitPeer(peer) + } + + // Add the peer to .peers. + // We start it first so that a peer in the list is safe to Stop. + // It should not err since we already checked peers.Has(). + if err := sw.peers.Add(peer); err != nil { + return err + } + + sw.Logger.Info("Added peer", "peer", peer) + return nil +} + +func (sw *Switch) startInitPeer(peer *peer) { + err := peer.Start() // spawn send/recv routines + if err != nil { + // Should never happen + sw.Logger.Error("Error starting peer", "peer", peer, "err", err) + } + + for _, reactor := range sw.reactors { + reactor.AddPeer(peer) + } +} diff --git a/p2p/test_util.go b/p2p/test_util.go new file mode 100644 index 000000000..9c6892f16 --- /dev/null +++ b/p2p/test_util.go @@ -0,0 +1,111 @@ +package p2p + +import ( + "math/rand" + "net" + + crypto "github.com/tendermint/go-crypto" + cfg "github.com/tendermint/tendermint/config" + cmn "github.com/tendermint/tmlibs/common" + "github.com/tendermint/tmlibs/log" +) + +//------------------------------------------------------------------ +// Connects switches via arbitrary net.Conn. Used for testing. + +// MakeConnectedSwitches returns n switches, connected according to the connect func. +// If connect==Connect2Switches, the switches will be fully connected. +// initSwitch defines how the i'th switch should be initialized (ie. with what reactors). +// NOTE: panics if any switch fails to start. +func MakeConnectedSwitches(cfg *cfg.P2PConfig, n int, initSwitch func(int, *Switch) *Switch, connect func([]*Switch, int, int)) []*Switch { + switches := make([]*Switch, n) + for i := 0; i < n; i++ { + switches[i] = makeSwitch(cfg, i, "testing", "123.123.123", initSwitch) + } + + if err := StartSwitches(switches); err != nil { + panic(err) + } + + for i := 0; i < n; i++ { + for j := i + 1; j < n; j++ { + connect(switches, i, j) + } + } + + return switches +} + +// Connect2Switches will connect switches i and j via net.Pipe(). +// Blocks until a connection is established. +// NOTE: caller ensures i and j are within bounds. +func Connect2Switches(switches []*Switch, i, j int) { + switchI := switches[i] + switchJ := switches[j] + c1, c2 := netPipe() + doneCh := make(chan struct{}) + go func() { + err := switchI.addPeerWithConnection(c1) + if err != nil { + panic(err) + } + doneCh <- struct{}{} + }() + go func() { + err := switchJ.addPeerWithConnection(c2) + if err != nil { + panic(err) + } + doneCh <- struct{}{} + }() + <-doneCh + <-doneCh +} + +func (sw *Switch) addPeerWithConnection(conn net.Conn) error { + peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, sw.peerConfig) + if err != nil { + if err := conn.Close(); err != nil { + sw.Logger.Error("Error closing connection", "err", err) + } + return err + } + peer.SetLogger(sw.Logger.With("peer", conn.RemoteAddr())) + if err = sw.addPeer(peer); err != nil { + peer.CloseConn() + return err + } + + return nil +} + +// StartSwitches calls sw.Start() for each given switch. +// It returns the first encountered error. +func StartSwitches(switches []*Switch) error { + for _, s := range switches { + err := s.Start() // start switch and reactors + if err != nil { + return err + } + } + return nil +} + +func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch func(int, *Switch) *Switch) *Switch { + // new switch, add reactors + // TODO: let the config be passed in? + nodeKey := &NodeKey{ + PrivKey: crypto.GenPrivKeyEd25519().Wrap(), + } + s := initSwitch(i, NewSwitch(cfg)) + s.SetNodeInfo(&NodeInfo{ + PubKey: nodeKey.PubKey(), + Moniker: cmn.Fmt("switch%d", i), + Network: network, + Version: version, + ListenAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), + }) + s.SetNodeKey(nodeKey) + s.SetLogger(log.TestingLogger()) + return s +} diff --git a/p2p/util.go b/p2p/util.go deleted file mode 100644 index a4c3ad58b..000000000 --- a/p2p/util.go +++ /dev/null @@ -1,15 +0,0 @@ -package p2p - -import ( - "crypto/sha256" -) - -// doubleSha256 calculates sha256(sha256(b)) and returns the resulting bytes. -func doubleSha256(b []byte) []byte { - hasher := sha256.New() - hasher.Write(b) // nolint: errcheck, gas - sum := hasher.Sum(nil) - hasher.Reset() - hasher.Write(sum) // nolint: errcheck, gas - return hasher.Sum(nil) -} From 08f84cd712e02fb4c81094e50d2c88112d571a10 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 13 Jan 2018 23:48:41 -0500 Subject: [PATCH 061/188] a little more moving around --- node/node.go | 2 +- p2p/peer.go | 10 ++---- p2p/pex_reactor.go | 4 +-- p2p/switch.go | 86 +++++++++++++++++++++++++--------------------- p2p/types.go | 26 +++++++++++--- 5 files changed, 72 insertions(+), 56 deletions(-) diff --git a/node/node.go b/node/node.go index 5535b1e16..2990ba9d7 100644 --- a/node/node.go +++ b/node/node.go @@ -544,9 +544,9 @@ func (n *Node) makeNodeInfo(pubKey crypto.PubKey) *p2p.NodeInfo { } nodeInfo := &p2p.NodeInfo{ PubKey: pubKey, - Moniker: n.config.Moniker, Network: n.genesisDoc.ChainID, Version: version.Version, + Moniker: n.config.Moniker, Other: []string{ cmn.Fmt("wire_version=%v", wire.Version), cmn.Fmt("p2p_version=%v", p2p.Version), diff --git a/p2p/peer.go b/p2p/peer.go index 1f5192d50..9e434b975 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -195,19 +195,13 @@ func (p *peer) HandshakeTimeout(ourNodeInfo *NodeInfo, timeout time.Duration) er return errors.Wrap(err2, "Error during handshake/read") } - if p.config.AuthEnc { - // Check that the professed PubKey matches the sconn's. - if !peerNodeInfo.PubKey.Equals(p.PubKey().Wrap()) { - return fmt.Errorf("Ignoring connection with unmatching pubkey: %v vs %v", - peerNodeInfo.PubKey, p.PubKey()) - } - } - // Remove deadline if err := p.conn.SetDeadline(time.Time{}); err != nil { return errors.Wrap(err, "Error removing deadline") } + // TODO: fix the peerNodeInfo.ListenAddr + p.nodeInfo = peerNodeInfo return nil } diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 5aa63db71..1903a460f 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -115,7 +115,8 @@ func (r *PEXReactor) AddPeer(p Peer) { r.RequestPEX(p) } } else { - // For inbound connections, the peer is its own source + // For inbound connections, the peer is its own source, + // and its NodeInfo has already been validated addr := p.NodeInfo().NetAddress() r.book.AddAddress(addr, addr) } @@ -130,7 +131,6 @@ func (r *PEXReactor) RemovePeer(p Peer, reason interface{}) { // Receive implements Reactor by handling incoming PEX messages. func (r *PEXReactor) Receive(chID byte, src Peer, msgBytes []byte) { srcAddr := src.NodeInfo().NetAddress() - r.IncrementMsgCountForPeer(srcAddr.ID) if r.ReachedMaxMsgCountForPeer(srcAddr.ID) { r.Logger.Error("Maximum number of messages reached for peer", "peer", srcAddr) diff --git a/p2p/switch.go b/p2p/switch.go index 4ece1a58c..05edb8c19 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -359,38 +359,12 @@ func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent return nil } -// DialPeerWithAddress dials the given peer and runs sw.addPeer if it connects successfully. +// DialPeerWithAddress dials the given peer and runs sw.addPeer if it connects and authenticates successfully. // If `persistent == true`, the switch will always try to reconnect to this peer if the connection ever fails. func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, error) { sw.dialing.Set(string(addr.ID), addr) defer sw.dialing.Delete(string(addr.ID)) - - sw.Logger.Info("Dialing peer", "address", addr) - peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, sw.peerConfig) - if err != nil { - sw.Logger.Error("Failed to dial peer", "address", addr, "err", err) - return nil, err - } - peer.SetLogger(sw.Logger.With("peer", addr)) - - // authenticate peer - if addr.ID == "" { - peer.Logger.Info("Dialed peer with unknown ID - unable to authenticate", "addr", addr) - } else if addr.ID != peer.ID() { - return nil, fmt.Errorf("Failed to authenticate peer %v. Connected to peer with ID %s", addr, peer.ID()) - } - - if persistent { - peer.makePersistent() - } - err = sw.addPeer(peer) - if err != nil { - sw.Logger.Error("Failed to add peer", "address", addr, "err", err) - peer.CloseConn() - return nil, err - } - sw.Logger.Info("Dialed and added peer", "address", addr, "peer", peer) - return peer, nil + return sw.addOutboundPeerWithConfig(addr, sw.peerConfig, persistent) } // sleep for interval plus some random amount of ms on [0, dialRandomizerIntervalMilliseconds] @@ -451,10 +425,6 @@ func (sw *Switch) listenerRoutine(l Listener) { sw.Logger.Info("Ignoring inbound connection: error while adding peer", "address", inConn.RemoteAddr().String(), "err", err) continue } - - // NOTE: We don't yet have the listening port of the - // remote (if they have a listener at all). - // The peerHandshake will handle that. } // cleanup @@ -477,9 +447,40 @@ func (sw *Switch) addInboundPeerWithConfig(conn net.Conn, config *PeerConfig) er return nil } -// addPeer checks the given peer's validity, performs a handshake, and adds the -// peer to the switch and to all registered reactors. -// We already have an authenticated SecretConnection with the peer. +// dial the peer; make secret connection; authenticate against the dialed ID; +// add the peer. +func (sw *Switch) addOutboundPeerWithConfig(addr *NetAddress, config *PeerConfig, persistent bool) (Peer, error) { + sw.Logger.Info("Dialing peer", "address", addr) + peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config) + if err != nil { + sw.Logger.Error("Failed to dial peer", "address", addr, "err", err) + return nil, err + } + peer.SetLogger(sw.Logger.With("peer", addr)) + + // authenticate peer + if addr.ID == "" { + peer.Logger.Info("Dialed peer with unknown ID - unable to authenticate", "addr", addr) + } else if addr.ID != peer.ID() { + return nil, fmt.Errorf("Failed to authenticate peer %v. Connected to peer with ID %s", addr, peer.ID()) + } + + if persistent { + peer.makePersistent() + } + err = sw.addPeer(peer) + if err != nil { + sw.Logger.Error("Failed to add peer", "address", addr, "err", err) + peer.CloseConn() + return nil, err + } + sw.Logger.Info("Dialed and added peer", "address", addr, "peer", peer) + return peer, nil +} + +// addPeer performs the Tendermint P2P handshake with a peer +// that already has a SecretConnection. If all goes well, +// it starts the peer and adds it to the switch. // NOTE: This performs a blocking handshake before the peer is added. // NOTE: If error is returned, caller is responsible for calling peer.CloseConn() func (sw *Switch) addPeer(peer *peer) error { @@ -488,6 +489,12 @@ func (sw *Switch) addPeer(peer *peer) error { return ErrSwitchConnectToSelf } + // Avoid duplicate + if sw.peers.Has(peer.ID()) { + return ErrSwitchDuplicatePeer + + } + // Filter peer against white list if err := sw.FilterConnByAddr(peer.Addr()); err != nil { return err @@ -501,10 +508,9 @@ func (sw *Switch) addPeer(peer *peer) error { return err } - // Avoid duplicate - if sw.peers.Has(peer.ID()) { - return ErrSwitchDuplicatePeer - + // Validate the peers nodeInfo against the pubkey + if err := peer.NodeInfo().Validate(peer.PubKey()); err != nil { + return err } // Check version, chain id @@ -512,7 +518,7 @@ func (sw *Switch) addPeer(peer *peer) error { return err } - // Start peer + // All good. Start peer if sw.IsRunning() { sw.startInitPeer(peer) } diff --git a/p2p/types.go b/p2p/types.go index 2aec521b2..d4adb9eea 100644 --- a/p2p/types.go +++ b/p2p/types.go @@ -12,14 +12,30 @@ import ( const maxNodeInfoSize = 10240 // 10Kb // NodeInfo is the basic node information exchanged -// between two peers during the Tendermint P2P handshake +// between two peers during the Tendermint P2P handshake. type NodeInfo struct { + // Authenticate PubKey crypto.PubKey `json:"pub_key"` // authenticated pubkey - Moniker string `json:"moniker"` // arbitrary moniker - Network string `json:"network"` // network/chain ID ListenAddr string `json:"listen_addr"` // accepting incoming - Version string `json:"version"` // major.minor.revision - Other []string `json:"other"` // other application specific data + + // Check compatibility + Network string `json:"network"` // network/chain ID + Version string `json:"version"` // major.minor.revision + + // Sanitize + Moniker string `json:"moniker"` // arbitrary moniker + Other []string `json:"other"` // other application specific data +} + +// Validate checks the self-reported NodeInfo is safe. +// It returns an error if the info.PubKey doesn't match the given pubKey. +// TODO: constraints for Moniker/Other? Or is that for the UI ? +func (info *NodeInfo) Validate(pubKey crypto.PubKey) error { + if !info.PubKey.Equals(pubKey) { + return fmt.Errorf("info.PubKey (%v) doesn't match peer.PubKey (%v)", + info.PubKey, pubKey) + } + return nil } // CONTRACT: two nodes are compatible if the major/minor versions match and network match From 8b74a8d6ac945c86a520bb98d415f0e7bec87561 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 00:10:29 -0500 Subject: [PATCH 062/188] NodeInfo not a pointer --- node/node.go | 6 +++--- p2p/peer.go | 27 +++++++++++---------------- p2p/peer_set_test.go | 2 +- p2p/peer_test.go | 4 ++-- p2p/pex_reactor_test.go | 2 +- p2p/switch.go | 13 ++++--------- p2p/test_util.go | 2 +- p2p/types.go | 12 ++++++------ rpc/core/net.go | 2 +- rpc/core/pipe.go | 2 +- rpc/core/types/responses.go | 4 ++-- 11 files changed, 33 insertions(+), 43 deletions(-) diff --git a/node/node.go b/node/node.go index 2990ba9d7..4db7f44d4 100644 --- a/node/node.go +++ b/node/node.go @@ -537,12 +537,12 @@ func (n *Node) ProxyApp() proxy.AppConns { return n.proxyApp } -func (n *Node) makeNodeInfo(pubKey crypto.PubKey) *p2p.NodeInfo { +func (n *Node) makeNodeInfo(pubKey crypto.PubKey) p2p.NodeInfo { txIndexerStatus := "on" if _, ok := n.txIndexer.(*null.TxIndex); ok { txIndexerStatus = "off" } - nodeInfo := &p2p.NodeInfo{ + nodeInfo := p2p.NodeInfo{ PubKey: pubKey, Network: n.genesisDoc.ChainID, Version: version.Version, @@ -574,7 +574,7 @@ func (n *Node) makeNodeInfo(pubKey crypto.PubKey) *p2p.NodeInfo { //------------------------------------------------------------------------------ // NodeInfo returns the Node's Info from the Switch. -func (n *Node) NodeInfo() *p2p.NodeInfo { +func (n *Node) NodeInfo() p2p.NodeInfo { return n.sw.NodeInfo() } diff --git a/p2p/peer.go b/p2p/peer.go index 9e434b975..57718b6bf 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -1,7 +1,6 @@ package p2p import ( - "encoding/hex" "fmt" "net" "time" @@ -21,7 +20,7 @@ type Peer interface { ID() ID IsOutbound() bool IsPersistent() bool - NodeInfo() *NodeInfo + NodeInfo() NodeInfo Status() ConnectionStatus Send(byte, interface{}) bool @@ -47,7 +46,7 @@ type peer struct { persistent bool config *PeerConfig - nodeInfo *NodeInfo + nodeInfo NodeInfo Data *cmn.CMap // User data. } @@ -128,7 +127,7 @@ func newPeerFromConnAndConfig(rawConn net.Conn, outbound bool, reactorsByCh map[ } } - // Key and NodeInfo are set after Handshake + // NodeInfo is set after Handshake p := &peer{ outbound: outbound, conn: conn, @@ -169,23 +168,23 @@ func (p *peer) IsPersistent() bool { // HandshakeTimeout performs a handshake between a given node and the peer. // NOTE: blocking -func (p *peer) HandshakeTimeout(ourNodeInfo *NodeInfo, timeout time.Duration) error { +func (p *peer) HandshakeTimeout(ourNodeInfo NodeInfo, timeout time.Duration) error { // Set deadline for handshake so we don't block forever on conn.ReadFull if err := p.conn.SetDeadline(time.Now().Add(timeout)); err != nil { return errors.Wrap(err, "Error setting deadline") } - var peerNodeInfo = new(NodeInfo) + var peerNodeInfo NodeInfo var err1 error var err2 error cmn.Parallel( func() { var n int - wire.WriteBinary(ourNodeInfo, p.conn, &n, &err1) + wire.WriteBinary(&ourNodeInfo, p.conn, &n, &err1) }, func() { var n int - wire.ReadBinary(peerNodeInfo, p.conn, maxNodeInfoSize, &n, &err2) + wire.ReadBinary(&peerNodeInfo, p.conn, maxNodeInfoSize, &n, &err2) p.Logger.Info("Peer handshake", "peerNodeInfo", peerNodeInfo) }) if err1 != nil { @@ -213,7 +212,7 @@ func (p *peer) Addr() net.Addr { // PubKey returns peer's public key. func (p *peer) PubKey() crypto.PubKey { - if p.NodeInfo() != nil { + if !p.nodeInfo.PubKey.Empty() { return p.nodeInfo.PubKey } else if p.config.AuthEnc { return p.conn.(*SecretConnection).RemotePubKey() @@ -300,16 +299,12 @@ func (p *peer) Set(key string, data interface{}) { // ID returns the peer's ID - the hex encoded hash of its pubkey. func (p *peer) ID() ID { - return ID(hex.EncodeToString(p.PubKey().Address())) + return PubKeyToID(p.PubKey()) } // NodeInfo returns a copy of the peer's NodeInfo. -func (p *peer) NodeInfo() *NodeInfo { - if p.nodeInfo == nil { - return nil - } - n := *p.nodeInfo // copy - return &n +func (p *peer) NodeInfo() NodeInfo { + return p.nodeInfo } // Status returns the peer's ConnectionStatus. diff --git a/p2p/peer_set_test.go b/p2p/peer_set_test.go index e50bb384b..e906eb8e7 100644 --- a/p2p/peer_set_test.go +++ b/p2p/peer_set_test.go @@ -14,7 +14,7 @@ import ( // Returns an empty dummy peer func randPeer() *peer { return &peer{ - nodeInfo: &NodeInfo{ + nodeInfo: NodeInfo{ ListenAddr: cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256), PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, diff --git a/p2p/peer_test.go b/p2p/peer_test.go index aafe8d7a9..f4a5363b5 100644 --- a/p2p/peer_test.go +++ b/p2p/peer_test.go @@ -90,7 +90,7 @@ func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) if err != nil { return nil, err } - err = p.HandshakeTimeout(&NodeInfo{ + err = p.HandshakeTimeout(NodeInfo{ PubKey: pk.PubKey(), Moniker: "host_peer", Network: "testing", @@ -141,7 +141,7 @@ func (p *remotePeer) accept(l net.Listener) { if err != nil { golog.Fatalf("Failed to create a peer: %+v", err) } - err = peer.HandshakeTimeout(&NodeInfo{ + err = peer.HandshakeTimeout(NodeInfo{ PubKey: p.PrivKey.PubKey(), Moniker: "remote_peer", Network: "testing", diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index 296b18867..20c8b823a 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -242,7 +242,7 @@ func createRoutableAddr() (addr string, netAddr *NetAddress) { func createRandomPeer(outbound bool) *peer { addr, netAddr := createRoutableAddr() p := &peer{ - nodeInfo: &NodeInfo{ + nodeInfo: NodeInfo{ ListenAddr: netAddr.String(), PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, diff --git a/p2p/switch.go b/p2p/switch.go index 05edb8c19..0ff64dbf9 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -52,8 +52,8 @@ type Switch struct { reactorsByCh map[byte]Reactor peers *PeerSet dialing *cmn.CMap - nodeInfo *NodeInfo // our node info - nodeKey *NodeKey // our node privkey + nodeInfo NodeInfo // our node info + nodeKey *NodeKey // our node privkey filterConnByAddr func(net.Addr) error filterConnByPubKey func(crypto.PubKey) error @@ -70,7 +70,6 @@ func NewSwitch(config *cfg.P2PConfig) *Switch { reactorsByCh: make(map[byte]Reactor), peers: NewPeerSet(), dialing: cmn.NewCMap(), - nodeInfo: nil, } // Ensure we have a completely undeterministic PRNG. cmd.RandInt64() draws @@ -141,24 +140,20 @@ func (sw *Switch) IsListening() bool { // SetNodeInfo sets the switch's NodeInfo for checking compatibility and handshaking with other nodes. // NOTE: Not goroutine safe. -func (sw *Switch) SetNodeInfo(nodeInfo *NodeInfo) { +func (sw *Switch) SetNodeInfo(nodeInfo NodeInfo) { sw.nodeInfo = nodeInfo } // NodeInfo returns the switch's NodeInfo. // NOTE: Not goroutine safe. -func (sw *Switch) NodeInfo() *NodeInfo { +func (sw *Switch) NodeInfo() NodeInfo { return sw.nodeInfo } // SetNodeKey sets the switch's private key for authenticated encryption. -// NOTE: Overwrites sw.nodeInfo.PubKey. // NOTE: Not goroutine safe. func (sw *Switch) SetNodeKey(nodeKey *NodeKey) { sw.nodeKey = nodeKey - if sw.nodeInfo != nil { - sw.nodeInfo.PubKey = nodeKey.PubKey() - } } //--------------------------------------------------------------------- diff --git a/p2p/test_util.go b/p2p/test_util.go index 9c6892f16..18167e209 100644 --- a/p2p/test_util.go +++ b/p2p/test_util.go @@ -98,7 +98,7 @@ func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch f PrivKey: crypto.GenPrivKeyEd25519().Wrap(), } s := initSwitch(i, NewSwitch(cfg)) - s.SetNodeInfo(&NodeInfo{ + s.SetNodeInfo(NodeInfo{ PubKey: nodeKey.PubKey(), Moniker: cmn.Fmt("switch%d", i), Network: network, diff --git a/p2p/types.go b/p2p/types.go index d4adb9eea..d93adc9b6 100644 --- a/p2p/types.go +++ b/p2p/types.go @@ -30,7 +30,7 @@ type NodeInfo struct { // Validate checks the self-reported NodeInfo is safe. // It returns an error if the info.PubKey doesn't match the given pubKey. // TODO: constraints for Moniker/Other? Or is that for the UI ? -func (info *NodeInfo) Validate(pubKey crypto.PubKey) error { +func (info NodeInfo) Validate(pubKey crypto.PubKey) error { if !info.PubKey.Equals(pubKey) { return fmt.Errorf("info.PubKey (%v) doesn't match peer.PubKey (%v)", info.PubKey, pubKey) @@ -39,7 +39,7 @@ func (info *NodeInfo) Validate(pubKey crypto.PubKey) error { } // CONTRACT: two nodes are compatible if the major/minor versions match and network match -func (info *NodeInfo) CompatibleWith(other *NodeInfo) error { +func (info NodeInfo) CompatibleWith(other NodeInfo) error { iMajor, iMinor, _, iErr := splitVersion(info.Version) oMajor, oMinor, _, oErr := splitVersion(other.Version) @@ -71,11 +71,11 @@ func (info *NodeInfo) CompatibleWith(other *NodeInfo) error { return nil } -func (info *NodeInfo) ID() ID { +func (info NodeInfo) ID() ID { return PubKeyToID(info.PubKey) } -func (info *NodeInfo) NetAddress() *NetAddress { +func (info NodeInfo) NetAddress() *NetAddress { id := PubKeyToID(info.PubKey) addr := info.ListenAddr netAddr, err := NewNetAddressString(IDAddressString(id, addr)) @@ -85,12 +85,12 @@ func (info *NodeInfo) NetAddress() *NetAddress { return netAddr } -func (info *NodeInfo) ListenHost() string { +func (info NodeInfo) ListenHost() string { host, _, _ := net.SplitHostPort(info.ListenAddr) // nolint: errcheck, gas return host } -func (info *NodeInfo) ListenPort() int { +func (info NodeInfo) ListenPort() int { _, port, _ := net.SplitHostPort(info.ListenAddr) // nolint: errcheck, gas port_i, err := strconv.Atoi(port) if err != nil { diff --git a/rpc/core/net.go b/rpc/core/net.go index af52c81cc..14e7389d5 100644 --- a/rpc/core/net.go +++ b/rpc/core/net.go @@ -41,7 +41,7 @@ func NetInfo() (*ctypes.ResultNetInfo, error) { peers := []ctypes.Peer{} for _, peer := range p2pSwitch.Peers().List() { peers = append(peers, ctypes.Peer{ - NodeInfo: *peer.NodeInfo(), + NodeInfo: peer.NodeInfo(), IsOutbound: peer.IsOutbound(), ConnectionStatus: peer.Status(), }) diff --git a/rpc/core/pipe.go b/rpc/core/pipe.go index 6d67fd898..301977ac3 100644 --- a/rpc/core/pipe.go +++ b/rpc/core/pipe.go @@ -30,7 +30,7 @@ type P2P interface { Listeners() []p2p.Listener Peers() p2p.IPeerSet NumPeers() (outbound, inbound, dialig int) - NodeInfo() *p2p.NodeInfo + NodeInfo() p2p.NodeInfo IsListening() bool DialPeersAsync(*p2p.AddrBook, []string, bool) error } diff --git a/rpc/core/types/responses.go b/rpc/core/types/responses.go index a6bb30682..233b44e93 100644 --- a/rpc/core/types/responses.go +++ b/rpc/core/types/responses.go @@ -54,7 +54,7 @@ func NewResultCommit(header *types.Header, commit *types.Commit, } type ResultStatus struct { - NodeInfo *p2p.NodeInfo `json:"node_info"` + NodeInfo p2p.NodeInfo `json:"node_info"` PubKey crypto.PubKey `json:"pub_key"` LatestBlockHash data.Bytes `json:"latest_block_hash"` LatestAppHash data.Bytes `json:"latest_app_hash"` @@ -64,7 +64,7 @@ type ResultStatus struct { } func (s *ResultStatus) TxIndexEnabled() bool { - if s == nil || s.NodeInfo == nil { + if s == nil { return false } for _, s := range s.NodeInfo.Other { From f9e4f6eb6ba51d0cac2186bccdd7a9f320fe3c0e Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 00:44:16 -0500 Subject: [PATCH 063/188] reorder peer.go methods --- p2p/peer.go | 180 ++++++++++++++++++++++----------------------- p2p/peer_test.go | 4 +- p2p/switch.go | 10 +-- p2p/switch_test.go | 5 +- 4 files changed, 95 insertions(+), 104 deletions(-) diff --git a/p2p/peer.go b/p2p/peer.go index 57718b6bf..596b92168 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -17,10 +17,10 @@ import ( type Peer interface { cmn.Service - ID() ID - IsOutbound() bool - IsPersistent() bool - NodeInfo() NodeInfo + ID() ID // peer's cryptographic ID + IsOutbound() bool // did we dial the peer + IsPersistent() bool // do we redial this peer when we disconnect + NodeInfo() NodeInfo // peer's info Status() ConnectionStatus Send(byte, interface{}) bool @@ -30,9 +30,9 @@ type Peer interface { Get(string) interface{} } -// Peer could be marked as persistent, in which case you can use -// Redial function to reconnect. Note that inbound peers can't be -// made persistent. They should be made persistent on the other end. +//---------------------------------------------------------- + +// peer implements Peer. // // Before using a peer, you will need to perform a handshake on connection. type peer struct { @@ -77,7 +77,7 @@ func DefaultPeerConfig() *PeerConfig { } func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, - onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig) (*peer, error) { + onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig, persistent bool) (*peer, error) { conn, err := dial(addr, config) if err != nil { @@ -91,6 +91,7 @@ func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs [] } return nil, err } + peer.persistent = persistent return peer, nil } @@ -142,23 +143,41 @@ func newPeerFromConnAndConfig(rawConn net.Conn, outbound bool, reactorsByCh map[ return p, nil } +//--------------------------------------------------- +// Implements cmn.Service + +// SetLogger implements BaseService. func (p *peer) SetLogger(l log.Logger) { p.Logger = l p.mconn.SetLogger(l) } -// CloseConn should be used when the peer was created, but never started. -func (p *peer) CloseConn() { - p.conn.Close() // nolint: errcheck +// OnStart implements BaseService. +func (p *peer) OnStart() error { + if err := p.BaseService.OnStart(); err != nil { + return err + } + err := p.mconn.Start() + return err } -// makePersistent marks the peer as persistent. -func (p *peer) makePersistent() { - if !p.outbound { - panic("inbound peers can't be made persistent") - } +// OnStop implements BaseService. +func (p *peer) OnStop() { + p.BaseService.OnStop() + p.mconn.Stop() // stop everything and close the conn +} - p.persistent = true +//--------------------------------------------------- +// Implements Peer + +// ID returns the peer's ID - the hex encoded hash of its pubkey. +func (p *peer) ID() ID { + return PubKeyToID(p.PubKey()) +} + +// IsOutbound returns true if the connection is outbound, false otherwise. +func (p *peer) IsOutbound() bool { + return p.outbound } // IsPersistent returns true if the peer is persitent, false otherwise. @@ -166,7 +185,56 @@ func (p *peer) IsPersistent() bool { return p.persistent } -// HandshakeTimeout performs a handshake between a given node and the peer. +// NodeInfo returns a copy of the peer's NodeInfo. +func (p *peer) NodeInfo() NodeInfo { + return p.nodeInfo +} + +// Status returns the peer's ConnectionStatus. +func (p *peer) Status() ConnectionStatus { + return p.mconn.Status() +} + +// Send msg to the channel identified by chID byte. Returns false if the send +// queue is full after timeout, specified by MConnection. +func (p *peer) Send(chID byte, msg interface{}) bool { + if !p.IsRunning() { + // see Switch#Broadcast, where we fetch the list of peers and loop over + // them - while we're looping, one peer may be removed and stopped. + return false + } + return p.mconn.Send(chID, msg) +} + +// TrySend msg to the channel identified by chID byte. Immediately returns +// false if the send queue is full. +func (p *peer) TrySend(chID byte, msg interface{}) bool { + if !p.IsRunning() { + return false + } + return p.mconn.TrySend(chID, msg) +} + +// Get the data for a given key. +func (p *peer) Get(key string) interface{} { + return p.Data.Get(key) +} + +// Set sets the data for the given key. +func (p *peer) Set(key string, data interface{}) { + p.Data.Set(key, data) +} + +//--------------------------------------------------- +// methods used by the Switch + +// CloseConn should be called by the Switch if the peer was created but never started. +func (p *peer) CloseConn() { + p.conn.Close() // nolint: errcheck +} + +// HandshakeTimeout performs the Tendermint P2P handshake between a given node and the peer +// by exchanging their NodeInfo. It sets the received nodeInfo on the peer. // NOTE: blocking func (p *peer) HandshakeTimeout(ourNodeInfo NodeInfo, timeout time.Duration) error { // Set deadline for handshake so we don't block forever on conn.ReadFull @@ -220,51 +288,6 @@ func (p *peer) PubKey() crypto.PubKey { panic("Attempt to get peer's PubKey before calling Handshake") } -// OnStart implements BaseService. -func (p *peer) OnStart() error { - if err := p.BaseService.OnStart(); err != nil { - return err - } - err := p.mconn.Start() - return err -} - -// OnStop implements BaseService. -func (p *peer) OnStop() { - p.BaseService.OnStop() - p.mconn.Stop() -} - -// Connection returns underlying MConnection. -func (p *peer) Connection() *MConnection { - return p.mconn -} - -// IsOutbound returns true if the connection is outbound, false otherwise. -func (p *peer) IsOutbound() bool { - return p.outbound -} - -// Send msg to the channel identified by chID byte. Returns false if the send -// queue is full after timeout, specified by MConnection. -func (p *peer) Send(chID byte, msg interface{}) bool { - if !p.IsRunning() { - // see Switch#Broadcast, where we fetch the list of peers and loop over - // them - while we're looping, one peer may be removed and stopped. - return false - } - return p.mconn.Send(chID, msg) -} - -// TrySend msg to the channel identified by chID byte. Immediately returns -// false if the send queue is full. -func (p *peer) TrySend(chID byte, msg interface{}) bool { - if !p.IsRunning() { - return false - } - return p.mconn.TrySend(chID, msg) -} - // CanSend returns true if the send queue is not full, false otherwise. func (p *peer) CanSend(chID byte) bool { if !p.IsRunning() { @@ -282,35 +305,8 @@ func (p *peer) String() string { return fmt.Sprintf("Peer{%v %v in}", p.mconn, p.ID()) } -// Equals reports whenever 2 peers are actually represent the same node. -func (p *peer) Equals(other Peer) bool { - return p.ID() == other.ID() -} - -// Get the data for a given key. -func (p *peer) Get(key string) interface{} { - return p.Data.Get(key) -} - -// Set sets the data for the given key. -func (p *peer) Set(key string, data interface{}) { - p.Data.Set(key, data) -} - -// ID returns the peer's ID - the hex encoded hash of its pubkey. -func (p *peer) ID() ID { - return PubKeyToID(p.PubKey()) -} - -// NodeInfo returns a copy of the peer's NodeInfo. -func (p *peer) NodeInfo() NodeInfo { - return p.nodeInfo -} - -// Status returns the peer's ConnectionStatus. -func (p *peer) Status() ConnectionStatus { - return p.mconn.Status() -} +//------------------------------------------------------------------ +// helper funcs func dial(addr *NetAddress, config *PeerConfig) (net.Conn, error) { conn, err := addr.DialTimeout(config.DialTimeout * time.Second) diff --git a/p2p/peer_test.go b/p2p/peer_test.go index f4a5363b5..d99fff5e4 100644 --- a/p2p/peer_test.go +++ b/p2p/peer_test.go @@ -30,7 +30,7 @@ func TestPeerBasic(t *testing.T) { assert.True(p.IsRunning()) assert.True(p.IsOutbound()) assert.False(p.IsPersistent()) - p.makePersistent() + p.persistent = true assert.True(p.IsPersistent()) assert.Equal(rp.Addr().String(), p.Addr().String()) assert.Equal(rp.PubKey(), p.PubKey()) @@ -86,7 +86,7 @@ func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) } reactorsByCh := map[byte]Reactor{0x01: NewTestReactor(chDescs, true)} pk := crypto.GenPrivKeyEd25519().Wrap() - p, err := newOutboundPeer(addr, reactorsByCh, chDescs, func(p Peer, r interface{}) {}, pk, config) + p, err := newOutboundPeer(addr, reactorsByCh, chDescs, func(p Peer, r interface{}) {}, pk, config, false) if err != nil { return nil, err } diff --git a/p2p/switch.go b/p2p/switch.go index 0ff64dbf9..eaf3c22e5 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -428,9 +428,7 @@ func (sw *Switch) listenerRoutine(l Listener) { func (sw *Switch) addInboundPeerWithConfig(conn net.Conn, config *PeerConfig) error { peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config) if err != nil { - if err := conn.Close(); err != nil { - sw.Logger.Error("Error closing connection", "err", err) - } + peer.CloseConn() return err } peer.SetLogger(sw.Logger.With("peer", conn.RemoteAddr())) @@ -446,7 +444,7 @@ func (sw *Switch) addInboundPeerWithConfig(conn net.Conn, config *PeerConfig) er // add the peer. func (sw *Switch) addOutboundPeerWithConfig(addr *NetAddress, config *PeerConfig, persistent bool) (Peer, error) { sw.Logger.Info("Dialing peer", "address", addr) - peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config) + peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config, persistent) if err != nil { sw.Logger.Error("Failed to dial peer", "address", addr, "err", err) return nil, err @@ -457,12 +455,10 @@ func (sw *Switch) addOutboundPeerWithConfig(addr *NetAddress, config *PeerConfig if addr.ID == "" { peer.Logger.Info("Dialed peer with unknown ID - unable to authenticate", "addr", addr) } else if addr.ID != peer.ID() { + peer.CloseConn() return nil, fmt.Errorf("Failed to authenticate peer %v. Connected to peer with ID %s", addr, peer.ID()) } - if persistent { - peer.makePersistent() - } err = sw.addPeer(peer) if err != nil { sw.Logger.Error("Failed to add peer", "address", addr, "err", err) diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 7d61fa39a..a729698e9 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -236,7 +236,7 @@ func TestSwitchStopsNonPersistentPeerOnError(t *testing.T) { rp.Start() defer rp.Stop() - peer, err := newOutboundPeer(rp.Addr(), sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, DefaultPeerConfig()) + peer, err := newOutboundPeer(rp.Addr(), sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, DefaultPeerConfig(), false) require.Nil(err) err = sw.addPeer(peer) require.Nil(err) @@ -263,8 +263,7 @@ func TestSwitchReconnectsToPersistentPeer(t *testing.T) { rp.Start() defer rp.Stop() - peer, err := newOutboundPeer(rp.Addr(), sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, DefaultPeerConfig()) - peer.makePersistent() + peer, err := newOutboundPeer(rp.Addr(), sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, DefaultPeerConfig(), true) require.Nil(err) err = sw.addPeer(peer) require.Nil(err) From 68237911ba03cf16d9d20db2dd95c549311f6b33 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 01:11:50 -0500 Subject: [PATCH 064/188] NetAddress.Same checks ID or DialString --- p2p/netaddress.go | 15 ++++++++++++++- p2p/switch.go | 8 +++----- 2 files changed, 17 insertions(+), 6 deletions(-) diff --git a/p2p/netaddress.go b/p2p/netaddress.go index fed5e59d4..333d16e5d 100644 --- a/p2p/netaddress.go +++ b/p2p/netaddress.go @@ -127,12 +127,25 @@ func NewNetAddressIPPort(ip net.IP, port uint16) *NetAddress { return na } -// Equals reports whether na and other are the same addresses. +// Equals reports whether na and other are the same addresses, +// including their ID, IP, and Port. func (na *NetAddress) Equals(other interface{}) bool { if o, ok := other.(*NetAddress); ok { return na.String() == o.String() } + return false +} +// Same returns true is na has the same non-empty ID or DialString as other. +func (na *NetAddress) Same(other interface{}) bool { + if o, ok := other.(*NetAddress); ok { + if na.DialString() == o.DialString() { + return true + } + if na.ID != "" && na.ID == o.ID { + return true + } + } return false } diff --git a/p2p/switch.go b/p2p/switch.go index eaf3c22e5..3f026556a 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -318,18 +318,16 @@ func (sw *Switch) IsDialing(id ID) bool { // DialPeersAsync dials a list of peers asynchronously in random order (optionally, making them persistent). func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent bool) error { netAddrs, errs := NewNetAddressStrings(peers) - // TODO: IDs for _, err := range errs { sw.Logger.Error("Error in peer's address", "err", err) } if addrBook != nil { // add peers to `addrBook` - ourAddrS := sw.nodeInfo.ListenAddr - ourAddr, _ := NewNetAddressString(ourAddrS) + ourAddr := sw.nodeInfo.NetAddress() for _, netAddr := range netAddrs { - // do not add ourselves - if netAddr.Equals(ourAddr) { + // do not add our address or ID + if netAddr.Same(ourAddr) { continue } addrBook.AddAddress(netAddr, ourAddr) From 3368eeb03ec82de933c9be33ad906ab83823e351 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 01:17:43 -0500 Subject: [PATCH 065/188] fix tests --- benchmarks/codec_test.go | 12 ++++-------- blockchain/reactor_test.go | 2 +- rpc/core/types/responses_test.go | 2 +- 3 files changed, 6 insertions(+), 10 deletions(-) diff --git a/benchmarks/codec_test.go b/benchmarks/codec_test.go index 209fcd3ba..8ac62a247 100644 --- a/benchmarks/codec_test.go +++ b/benchmarks/codec_test.go @@ -16,11 +16,10 @@ func BenchmarkEncodeStatusWire(b *testing.B) { b.StopTimer() pubKey := crypto.GenPrivKeyEd25519().PubKey() status := &ctypes.ResultStatus{ - NodeInfo: &p2p.NodeInfo{ + NodeInfo: p2p.NodeInfo{ PubKey: pubKey, Moniker: "SOMENAME", Network: "SOMENAME", - RemoteAddr: "SOMEADDR", ListenAddr: "SOMEADDR", Version: "SOMEVER", Other: []string{"SOMESTRING", "OTHERSTRING"}, @@ -43,11 +42,10 @@ func BenchmarkEncodeStatusWire(b *testing.B) { func BenchmarkEncodeNodeInfoWire(b *testing.B) { b.StopTimer() pubKey := crypto.GenPrivKeyEd25519().PubKey() - nodeInfo := &p2p.NodeInfo{ + nodeInfo := p2p.NodeInfo{ PubKey: pubKey, Moniker: "SOMENAME", Network: "SOMENAME", - RemoteAddr: "SOMEADDR", ListenAddr: "SOMEADDR", Version: "SOMEVER", Other: []string{"SOMESTRING", "OTHERSTRING"}, @@ -64,11 +62,10 @@ func BenchmarkEncodeNodeInfoWire(b *testing.B) { func BenchmarkEncodeNodeInfoBinary(b *testing.B) { b.StopTimer() pubKey := crypto.GenPrivKeyEd25519().PubKey() - nodeInfo := &p2p.NodeInfo{ + nodeInfo := p2p.NodeInfo{ PubKey: pubKey, Moniker: "SOMENAME", Network: "SOMENAME", - RemoteAddr: "SOMEADDR", ListenAddr: "SOMEADDR", Version: "SOMEVER", Other: []string{"SOMESTRING", "OTHERSTRING"}, @@ -87,11 +84,10 @@ func BenchmarkEncodeNodeInfoProto(b *testing.B) { b.StopTimer() pubKey := crypto.GenPrivKeyEd25519().PubKey().Unwrap().(crypto.PubKeyEd25519) pubKey2 := &proto.PubKey{Ed25519: &proto.PubKeyEd25519{Bytes: pubKey[:]}} - nodeInfo := &proto.NodeInfo{ + nodeInfo := proto.NodeInfo{ PubKey: pubKey2, Moniker: "SOMENAME", Network: "SOMENAME", - RemoteAddr: "SOMEADDR", ListenAddr: "SOMEADDR", Version: "SOMEVER", Other: []string{"SOMESTRING", "OTHERSTRING"}, diff --git a/blockchain/reactor_test.go b/blockchain/reactor_test.go index 5bdd28694..06f6c36c5 100644 --- a/blockchain/reactor_test.go +++ b/blockchain/reactor_test.go @@ -142,7 +142,7 @@ func (tp *bcrTestPeer) TrySend(chID byte, value interface{}) bool { } func (tp *bcrTestPeer) Send(chID byte, data interface{}) bool { return tp.TrySend(chID, data) } -func (tp *bcrTestPeer) NodeInfo() *p2p.NodeInfo { return nil } +func (tp *bcrTestPeer) NodeInfo() p2p.NodeInfo { return p2p.NodeInfo{} } func (tp *bcrTestPeer) Status() p2p.ConnectionStatus { return p2p.ConnectionStatus{} } func (tp *bcrTestPeer) ID() p2p.ID { return tp.id } func (tp *bcrTestPeer) IsOutbound() bool { return false } diff --git a/rpc/core/types/responses_test.go b/rpc/core/types/responses_test.go index fa0da3fdf..e410d47ae 100644 --- a/rpc/core/types/responses_test.go +++ b/rpc/core/types/responses_test.go @@ -17,7 +17,7 @@ func TestStatusIndexer(t *testing.T) { status = &ResultStatus{} assert.False(status.TxIndexEnabled()) - status.NodeInfo = &p2p.NodeInfo{} + status.NodeInfo = p2p.NodeInfo{} assert.False(status.TxIndexEnabled()) cases := []struct { From 3df5fd21cd58db0c8a29c88320410059e26b80e9 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 03:22:01 -0500 Subject: [PATCH 066/188] better abuse handling in pex --- p2p/pex_reactor.go | 170 ++++++++++++++++++++-------------------- p2p/pex_reactor_test.go | 102 +++++++++++++++++++++--- 2 files changed, 176 insertions(+), 96 deletions(-) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 1903a460f..63862d1a5 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -7,6 +7,7 @@ import ( "reflect" "time" + "github.com/pkg/errors" wire "github.com/tendermint/go-wire" cmn "github.com/tendermint/tmlibs/common" ) @@ -19,10 +20,6 @@ const ( defaultEnsurePeersPeriod = 30 * time.Second minNumOutboundPeers = 10 maxPexMessageSize = 1048576 // 1MB - - // maximum pex messages one peer can send to us during `msgCountByPeerFlushInterval` - defaultMaxMsgCountByPeer = 1000 - msgCountByPeerFlushInterval = 1 * time.Hour ) // PEXReactor handles PEX (peer exchange) and ensures that an @@ -32,15 +29,8 @@ const ( // // ## Preventing abuse // -// For now, it just limits the number of messages from one peer to -// `defaultMaxMsgCountByPeer` messages per `msgCountByPeerFlushInterval` (1000 -// msg/hour). -// -// NOTE [2017-01-17]: -// Limiting is fine for now. Maybe down the road we want to keep track of the -// quality of peer messages so if peerA keeps telling us about peers we can't -// connect to then maybe we should care less about peerA. But I don't think -// that kind of complexity is priority right now. +// Only accept pexAddrsMsg from peers we sent a corresponding pexRequestMsg too. +// Only accept one pexRequestMsg every ~defaultEnsurePeersPeriod. type PEXReactor struct { BaseReactor @@ -48,9 +38,9 @@ type PEXReactor struct { config *PEXReactorConfig ensurePeersPeriod time.Duration - // tracks message count by peer, so we can prevent abuse - msgCountByPeer *cmn.CMap - maxMsgCountByPeer uint16 + // maps to prevent abuse + requestsSent *cmn.CMap // unanswered send requests + lastReceivedRequests *cmn.CMap // last time peer requested from us } // PEXReactorConfig holds reactor specific configuration data. @@ -63,11 +53,11 @@ type PEXReactorConfig struct { // NewPEXReactor creates new PEX reactor. func NewPEXReactor(b *AddrBook, config *PEXReactorConfig) *PEXReactor { r := &PEXReactor{ - book: b, - config: config, - ensurePeersPeriod: defaultEnsurePeersPeriod, - msgCountByPeer: cmn.NewCMap(), - maxMsgCountByPeer: defaultMaxMsgCountByPeer, + book: b, + config: config, + ensurePeersPeriod: defaultEnsurePeersPeriod, + requestsSent: cmn.NewCMap(), + lastReceivedRequests: cmn.NewCMap(), } r.BaseReactor = *NewBaseReactor("PEXReactor", r) return r @@ -83,7 +73,6 @@ func (r *PEXReactor) OnStart() error { return err } go r.ensurePeersRoutine() - go r.flushMsgCountByPeer() return nil } @@ -108,15 +97,17 @@ func (r *PEXReactor) GetChannels() []*ChannelDescriptor { // or by requesting more addresses (if outbound). func (r *PEXReactor) AddPeer(p Peer) { if p.IsOutbound() { - // For outbound peers, the address is already in the books. - // Either it was added in DialPeersAsync or when we - // received the peer's address in r.Receive + // For outbound peers, the address is already in the books - + // either via DialPeersAsync or r.Receive. + // Ask it for more peers if we need. if r.book.NeedMoreAddrs() { r.RequestPEX(p) } } else { - // For inbound connections, the peer is its own source, - // and its NodeInfo has already been validated + // For inbound peers, the peer is its own source, + // and its NodeInfo has already been validated. + // Let the ensurePeersRoutine handle asking for more + // peers when we need - we don't trust inbound peers as much. addr := p.NodeInfo().NetAddress() r.book.AddAddress(addr, addr) } @@ -124,20 +115,13 @@ func (r *PEXReactor) AddPeer(p Peer) { // RemovePeer implements Reactor. func (r *PEXReactor) RemovePeer(p Peer, reason interface{}) { - // If we aren't keeping track of local temp data for each peer here, then we - // don't have to do anything. + id := string(p.ID()) + r.requestsSent.Delete(id) + r.lastReceivedRequests.Delete(id) } // Receive implements Reactor by handling incoming PEX messages. func (r *PEXReactor) Receive(chID byte, src Peer, msgBytes []byte) { - srcAddr := src.NodeInfo().NetAddress() - r.IncrementMsgCountForPeer(srcAddr.ID) - if r.ReachedMaxMsgCountForPeer(srcAddr.ID) { - r.Logger.Error("Maximum number of messages reached for peer", "peer", srcAddr) - // TODO remove src from peers? - return - } - _, msg, err := DecodeMessage(msgBytes) if err != nil { r.Logger.Error("Error decoding message", "err", err) @@ -147,27 +131,81 @@ func (r *PEXReactor) Receive(chID byte, src Peer, msgBytes []byte) { switch msg := msg.(type) { case *pexRequestMessage: - // src requested some peers. - // NOTE: we might send an empty selection + // We received a request for peers from src. + if err := r.receiveRequest(src); err != nil { + r.Switch.StopPeerForError(src, err) + return + } r.SendAddrs(src, r.book.GetSelection()) case *pexAddrsMessage: // We received some peer addresses from src. - // TODO: (We don't want to get spammed with bad peers) - for _, netAddr := range msg.Addrs { - if netAddr != nil { - r.book.AddAddress(netAddr, srcAddr) - } + if err := r.ReceivePEX(msg.Addrs, src); err != nil { + r.Switch.StopPeerForError(src, err) + return } default: r.Logger.Error(fmt.Sprintf("Unknown message type %v", reflect.TypeOf(msg))) } } -// RequestPEX asks peer for more addresses. +func (r *PEXReactor) receiveRequest(src Peer) error { + id := string(src.ID()) + v := r.lastReceivedRequests.Get(id) + if v == nil { + // initialize with empty time + lastReceived := time.Time{} + r.lastReceivedRequests.Set(id, lastReceived) + return nil + } + + lastReceived := v.(time.Time) + if lastReceived.Equal(time.Time{}) { + // first time gets a free pass. then we start tracking the time + lastReceived := time.Now() + r.lastReceivedRequests.Set(id, lastReceived) + return nil + } + + now := time.Now() + if now.Sub(lastReceived) < r.ensurePeersPeriod/3 { + return fmt.Errorf("Peer (%v) is sending too many PEX requests. Disconnecting", src.ID()) + } + r.lastReceivedRequests.Set(id, now) + return nil +} + +// RequestPEX asks peer for more addresses if we do not already +// have a request out for this peer. func (r *PEXReactor) RequestPEX(p Peer) { + id := string(p.ID()) + if r.requestsSent.Has(id) { + return + } + r.requestsSent.Set(id, struct{}{}) p.Send(PexChannel, struct{ PexMessage }{&pexRequestMessage{}}) } +// ReceivePEX adds the given addrs to the addrbook if theres an open +// request for this peer and deletes the open request. +// If there's no open request for the src peer, it returns an error. +func (r *PEXReactor) ReceivePEX(addrs []*NetAddress, src Peer) error { + id := string(src.ID()) + + if !r.requestsSent.Has(id) { + return errors.New("Received unsolicited pexAddrsMessage") + } + + r.requestsSent.Delete(id) + + srcAddr := src.NodeInfo().NetAddress() + for _, netAddr := range addrs { + if netAddr != nil { + r.book.AddAddress(netAddr, srcAddr) + } + } + return nil +} + // SendAddrs sends addrs to the peer. func (r *PEXReactor) SendAddrs(p Peer, netAddrs []*NetAddress) { p.Send(PexChannel, struct{ PexMessage }{&pexAddrsMessage{Addrs: netAddrs}}) @@ -178,41 +216,13 @@ func (r *PEXReactor) SetEnsurePeersPeriod(d time.Duration) { r.ensurePeersPeriod = d } -// SetMaxMsgCountByPeer sets maximum messages one peer can send to us during 'msgCountByPeerFlushInterval'. -func (r *PEXReactor) SetMaxMsgCountByPeer(v uint16) { - r.maxMsgCountByPeer = v -} - -// ReachedMaxMsgCountForPeer returns true if we received too many -// messages from peer with address `addr`. -// NOTE: assumes the value in the CMap is non-nil -func (r *PEXReactor) ReachedMaxMsgCountForPeer(peerID ID) bool { - return r.msgCountByPeer.Get(string(peerID)).(uint16) >= r.maxMsgCountByPeer -} - -// Increment or initialize the msg count for the peer in the CMap -func (r *PEXReactor) IncrementMsgCountForPeer(peerID ID) { - var count uint16 - countI := r.msgCountByPeer.Get(string(peerID)) - if countI != nil { - count = countI.(uint16) - } - count++ - r.msgCountByPeer.Set(string(peerID), count) -} - // Ensures that sufficient peers are connected. (continuous) func (r *PEXReactor) ensurePeersRoutine() { // Randomize when routine starts ensurePeersPeriodMs := r.ensurePeersPeriod.Nanoseconds() / 1e6 time.Sleep(time.Duration(rand.Int63n(ensurePeersPeriodMs)) * time.Millisecond) - // fire once immediately. - r.ensurePeers() - - // fire periodically ticker := time.NewTicker(r.ensurePeersPeriod) - for { select { case <-ticker.C: @@ -298,20 +308,6 @@ func (r *PEXReactor) ensurePeers() { } } -func (r *PEXReactor) flushMsgCountByPeer() { - ticker := time.NewTicker(msgCountByPeerFlushInterval) - - for { - select { - case <-ticker.C: - r.msgCountByPeer.Clear() - case <-r.Quit: - ticker.Stop() - return - } - } -} - //----------------------------------------------------------------------------- // Messages diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index 20c8b823a..0c1c17330 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -153,9 +153,11 @@ func TestPEXReactorReceive(t *testing.T) { peer := createRandomPeer(false) + // we have to send a request to receive responses + r.RequestPEX(peer) + size := book.Size() - netAddr, _ := NewNetAddressString(peer.NodeInfo().ListenAddr) - addrs := []*NetAddress{netAddr} + addrs := []*NetAddress{peer.NodeInfo().NetAddress()} msg := wire.BinaryBytes(struct{ PexMessage }{&pexAddrsMessage{Addrs: addrs}}) r.Receive(PexChannel, peer, msg) assert.Equal(size+1, book.Size()) @@ -164,7 +166,7 @@ func TestPEXReactorReceive(t *testing.T) { r.Receive(PexChannel, peer, msg) } -func TestPEXReactorAbuseFromPeer(t *testing.T) { +func TestPEXReactorRequestMessageAbuse(t *testing.T) { assert, require := assert.New(t), require.New(t) dir, err := ioutil.TempDir("", "pex_reactor") @@ -174,17 +176,66 @@ func TestPEXReactorAbuseFromPeer(t *testing.T) { book.SetLogger(log.TestingLogger()) r := NewPEXReactor(book, &PEXReactorConfig{}) + sw := makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { return sw }) + sw.SetLogger(log.TestingLogger()) + sw.AddReactor("PEX", r) + r.SetSwitch(sw) r.SetLogger(log.TestingLogger()) - r.SetMaxMsgCountByPeer(5) - peer := createRandomPeer(false) + peer := newMockPeer() + id := string(peer.ID()) msg := wire.BinaryBytes(struct{ PexMessage }{&pexRequestMessage{}}) - for i := 0; i < 10; i++ { - r.Receive(PexChannel, peer, msg) - } - assert.True(r.ReachedMaxMsgCountForPeer(peer.NodeInfo().ID())) + // first time creates the entry + r.Receive(PexChannel, peer, msg) + assert.True(r.lastReceivedRequests.Has(id)) + + // next time sets the last time value + r.Receive(PexChannel, peer, msg) + assert.True(r.lastReceivedRequests.Has(id)) + + // third time is too many too soon - peer is removed + r.Receive(PexChannel, peer, msg) + assert.False(r.lastReceivedRequests.Has(id)) + assert.False(sw.Peers().Has(peer.ID())) + +} + +func TestPEXReactorAddrsMessageAbuse(t *testing.T) { + assert, require := assert.New(t), require.New(t) + + dir, err := ioutil.TempDir("", "pex_reactor") + require.Nil(err) + defer os.RemoveAll(dir) // nolint: errcheck + book := NewAddrBook(dir+"addrbook.json", true) + book.SetLogger(log.TestingLogger()) + + r := NewPEXReactor(book, &PEXReactorConfig{}) + sw := makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { return sw }) + sw.SetLogger(log.TestingLogger()) + sw.AddReactor("PEX", r) + r.SetSwitch(sw) + r.SetLogger(log.TestingLogger()) + + peer := newMockPeer() + + id := string(peer.ID()) + + // request addrs from the peer + r.RequestPEX(peer) + assert.True(r.requestsSent.Has(id)) + + addrs := []*NetAddress{peer.NodeInfo().NetAddress()} + msg := wire.BinaryBytes(struct{ PexMessage }{&pexAddrsMessage{Addrs: addrs}}) + + // receive some addrs. should clear the request + r.Receive(PexChannel, peer, msg) + assert.False(r.requestsSent.Has(id)) + + // receiving more addrs causes a disconnect + r.Receive(PexChannel, peer, msg) + assert.False(sw.Peers().Has(peer.ID())) } func TestPEXReactorUsesSeedsIfNeeded(t *testing.T) { @@ -252,3 +303,36 @@ func createRandomPeer(outbound bool) *peer { p.SetLogger(log.TestingLogger().With("peer", addr)) return p } + +type mockPeer struct { + *cmn.BaseService + pubKey crypto.PubKey + addr *NetAddress + outbound, persistent bool +} + +func newMockPeer() mockPeer { + _, netAddr := createRoutableAddr() + mp := mockPeer{ + addr: netAddr, + pubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), + } + mp.BaseService = cmn.NewBaseService(nil, "MockPeer", mp) + mp.Start() + return mp +} + +func (mp mockPeer) ID() ID { return PubKeyToID(mp.pubKey) } +func (mp mockPeer) IsOutbound() bool { return mp.outbound } +func (mp mockPeer) IsPersistent() bool { return mp.persistent } +func (mp mockPeer) NodeInfo() NodeInfo { + return NodeInfo{ + PubKey: mp.pubKey, + ListenAddr: mp.addr.DialString(), + } +} +func (mp mockPeer) Status() ConnectionStatus { return ConnectionStatus{} } +func (mp mockPeer) Send(byte, interface{}) bool { return false } +func (mp mockPeer) TrySend(byte, interface{}) bool { return false } +func (mp mockPeer) Set(string, interface{}) {} +func (mp mockPeer) Get(string) interface{} { return nil } From 17f7a9b510ae575d343d11c4e8dc1991cceb074e Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 03:56:15 -0500 Subject: [PATCH 067/188] improve seed dialing logic --- p2p/pex_reactor.go | 49 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 46 insertions(+), 3 deletions(-) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 63862d1a5..fd4e35e00 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -72,6 +72,11 @@ func (r *PEXReactor) OnStart() error { if err != nil && err != cmn.ErrAlreadyStarted { return err } + + if err := r.checkSeeds(); err != nil { + return err + } + go r.ensurePeersRoutine() return nil } @@ -222,6 +227,11 @@ func (r *PEXReactor) ensurePeersRoutine() { ensurePeersPeriodMs := r.ensurePeersPeriod.Nanoseconds() / 1e6 time.Sleep(time.Duration(rand.Int63n(ensurePeersPeriodMs)) * time.Millisecond) + // fire once immediately. + // ensures we dial the seeds right away if the book is empty + r.ensurePeers() + + // fire periodically ticker := time.NewTicker(r.ensurePeersPeriod) for { select { @@ -301,10 +311,43 @@ func (r *PEXReactor) ensurePeers() { } } - // If we are not connected to nor dialing anybody, fallback to dialing seeds. + // If we are not connected to nor dialing anybody, fallback to dialing a seed. if numOutPeers+numInPeers+numDialing+len(toDial) == 0 { - r.Logger.Info("No addresses to dial nor connected peers. Will dial seeds", "seeds", r.config.Seeds) - r.Switch.DialPeersAsync(r.book, r.config.Seeds, false) + r.Logger.Info("No addresses to dial nor connected peers. Falling back to seeds") + r.dialSeed() + } +} + +func (r *PEXReactor) checkSeeds() error { + lSeeds := len(r.config.Seeds) + if lSeeds > 0 { + seedAddrs, errs := NewNetAddressStrings(r.config.Seeds) + for _, err := range errs { + if err != nil { + return err + } + } + } +} + +func (r *PEXReactor) dialSeed() error { + lSeeds := len(r.config.Seeds) + if lSeeds > 0 { + seedAddrs, _ := NewNetAddressStrings(r.config.Seeds) + + perm := r.Switch.rng.Perm(lSeeds) + for _, i := range perm { + // dial a random seed + seedAddr := seedAddrs[i] + peer, err := sw.DialPeerWithAddress(seedAddr, false) + if err != nil { + sw.Logger.Error("Error dialing seed", "err", err, "seed", seedAddr) + } else { + sw.Logger.Info("Connected to seed", "peer", peer) + return + } + } + sw.Logger.Error("Couldn't connect to any seeds") } } From a29c67563c2b63cd1dabd746a80264742d716669 Mon Sep 17 00:00:00 2001 From: Zach Date: Sun, 14 Jan 2018 13:43:26 +0000 Subject: [PATCH 068/188] Update p2p README, closes #1102 --- p2p/README.md | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/p2p/README.md b/p2p/README.md index a30b83b7c..f386c5112 100644 --- a/p2p/README.md +++ b/p2p/README.md @@ -1,14 +1,11 @@ -# `tendermint/tendermint/p2p` +# p2p -[![CircleCI](https://circleci.com/gh/tendermint/tendermint/p2p.svg?style=svg)](https://circleci.com/gh/tendermint/tendermint/p2p) +The p2p package provides an abstraction around peer-to-peer communication. -`tendermint/tendermint/p2p` provides an abstraction around peer-to-peer communication.
- -See: - -- [docs/connection] for details on how connections and multiplexing work -- [docs/peer] for details on peer ID, handshakes, and peer exchange -- [docs/node] for details about different types of nodes and how they should work -- [docs/pex] for details on peer discovery and exchange -- [docs/config] for details on some config options +Docs: +- [Connection](../docs/specification/new-spec/p2p/connection.md) for details on how connections and multiplexing work +- [Peer](../docs/specification/new-spec/p2p/peer.md) for details on peer ID, handshakes, and peer exchange +- [Node](../docs/specification/new-spec/p2p/node.md) for details about different types of nodes and how they should work +- [Pex](../docs/specification/new-spec/p2p/pex.md) for details on peer discovery and exchange +- [Config](../docs/specification/new-spec/p2p/config.md) for details on some config option From 26aaa283a9266fcbdf18294cb5b450d1b2cf348a Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Sun, 14 Jan 2018 13:49:27 +0000 Subject: [PATCH 069/188] p2p: remove deprecated Dockerfile --- p2p/Dockerfile | 13 ------------- 1 file changed, 13 deletions(-) delete mode 100644 p2p/Dockerfile diff --git a/p2p/Dockerfile b/p2p/Dockerfile deleted file mode 100644 index 6c71b2f81..000000000 --- a/p2p/Dockerfile +++ /dev/null @@ -1,13 +0,0 @@ -FROM golang:latest - -RUN curl https://glide.sh/get | sh - -RUN mkdir -p /go/src/github.com/tendermint/tendermint/p2p -WORKDIR /go/src/github.com/tendermint/tendermint/p2p - -COPY glide.yaml /go/src/github.com/tendermint/tendermint/p2p/ -COPY glide.lock /go/src/github.com/tendermint/tendermint/p2p/ - -RUN glide install - -COPY . /go/src/github.com/tendermint/tendermint/p2p From fc7915ab4c1e4780d07dc5380bcc0e638ac87b6f Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 13:03:57 -0500 Subject: [PATCH 070/188] fixes from review --- p2p/pex_reactor.go | 58 +++++++++++++++++++++++------------------ p2p/pex_reactor_test.go | 9 ++++++- 2 files changed, 40 insertions(+), 27 deletions(-) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index fd4e35e00..93fddc111 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -39,8 +39,8 @@ type PEXReactor struct { ensurePeersPeriod time.Duration // maps to prevent abuse - requestsSent *cmn.CMap // unanswered send requests - lastReceivedRequests *cmn.CMap // last time peer requested from us + requestsSent *cmn.CMap // ID->struct{}: unanswered send requests + lastReceivedRequests *cmn.CMap // ID->time.Time: last time peer requested from us } // PEXReactorConfig holds reactor specific configuration data. @@ -73,6 +73,7 @@ func (r *PEXReactor) OnStart() error { return err } + // return err if user provided a bad seed address if err := r.checkSeeds(); err != nil { return err } @@ -166,7 +167,7 @@ func (r *PEXReactor) receiveRequest(src Peer) error { lastReceived := v.(time.Time) if lastReceived.Equal(time.Time{}) { // first time gets a free pass. then we start tracking the time - lastReceived := time.Now() + lastReceived = time.Now() r.lastReceivedRequests.Set(id, lastReceived) return nil } @@ -318,37 +319,42 @@ func (r *PEXReactor) ensurePeers() { } } +// check seed addresses are well formed func (r *PEXReactor) checkSeeds() error { lSeeds := len(r.config.Seeds) - if lSeeds > 0 { - seedAddrs, errs := NewNetAddressStrings(r.config.Seeds) - for _, err := range errs { - if err != nil { - return err - } + if lSeeds == 0 { + return nil + } + _, errs := NewNetAddressStrings(r.config.Seeds) + for _, err := range errs { + if err != nil { + return err } } + return nil } -func (r *PEXReactor) dialSeed() error { +// randomly dial seeds until we connect to one or exhaust them +func (r *PEXReactor) dialSeed() { lSeeds := len(r.config.Seeds) - if lSeeds > 0 { - seedAddrs, _ := NewNetAddressStrings(r.config.Seeds) - - perm := r.Switch.rng.Perm(lSeeds) - for _, i := range perm { - // dial a random seed - seedAddr := seedAddrs[i] - peer, err := sw.DialPeerWithAddress(seedAddr, false) - if err != nil { - sw.Logger.Error("Error dialing seed", "err", err, "seed", seedAddr) - } else { - sw.Logger.Info("Connected to seed", "peer", peer) - return - } - } - sw.Logger.Error("Couldn't connect to any seeds") + if lSeeds == 0 { + return } + seedAddrs, _ := NewNetAddressStrings(r.config.Seeds) + + perm := r.Switch.rng.Perm(lSeeds) + for _, i := range perm { + // dial a random seed + seedAddr := seedAddrs[i] + peer, err := r.Switch.DialPeerWithAddress(seedAddr, false) + if err != nil { + r.Switch.Logger.Error("Error dialing seed", "err", err, "seed", seedAddr) + } else { + r.Switch.Logger.Info("Connected to seed", "peer", peer) + return + } + } + r.Switch.Logger.Error("Couldn't connect to any seeds") } //----------------------------------------------------------------------------- diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index 0c1c17330..c0681586a 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -183,6 +183,8 @@ func TestPEXReactorRequestMessageAbuse(t *testing.T) { r.SetLogger(log.TestingLogger()) peer := newMockPeer() + sw.peers.Add(peer) + assert.True(sw.Peers().Has(peer.ID())) id := string(peer.ID()) msg := wire.BinaryBytes(struct{ PexMessage }{&pexRequestMessage{}}) @@ -190,16 +192,17 @@ func TestPEXReactorRequestMessageAbuse(t *testing.T) { // first time creates the entry r.Receive(PexChannel, peer, msg) assert.True(r.lastReceivedRequests.Has(id)) + assert.True(sw.Peers().Has(peer.ID())) // next time sets the last time value r.Receive(PexChannel, peer, msg) assert.True(r.lastReceivedRequests.Has(id)) + assert.True(sw.Peers().Has(peer.ID())) // third time is too many too soon - peer is removed r.Receive(PexChannel, peer, msg) assert.False(r.lastReceivedRequests.Has(id)) assert.False(sw.Peers().Has(peer.ID())) - } func TestPEXReactorAddrsMessageAbuse(t *testing.T) { @@ -219,12 +222,15 @@ func TestPEXReactorAddrsMessageAbuse(t *testing.T) { r.SetLogger(log.TestingLogger()) peer := newMockPeer() + sw.peers.Add(peer) + assert.True(sw.Peers().Has(peer.ID())) id := string(peer.ID()) // request addrs from the peer r.RequestPEX(peer) assert.True(r.requestsSent.Has(id)) + assert.True(sw.Peers().Has(peer.ID())) addrs := []*NetAddress{peer.NodeInfo().NetAddress()} msg := wire.BinaryBytes(struct{ PexMessage }{&pexAddrsMessage{Addrs: addrs}}) @@ -232,6 +238,7 @@ func TestPEXReactorAddrsMessageAbuse(t *testing.T) { // receive some addrs. should clear the request r.Receive(PexChannel, peer, msg) assert.False(r.requestsSent.Has(id)) + assert.True(sw.Peers().Has(peer.ID())) // receiving more addrs causes a disconnect r.Receive(PexChannel, peer, msg) From 620c957a444e51bcb6124d985f059b43b0273a37 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 13:24:43 -0500 Subject: [PATCH 071/188] fix test --- node/node.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/node/node.go b/node/node.go index 4db7f44d4..6c816a9ef 100644 --- a/node/node.go +++ b/node/node.go @@ -251,8 +251,12 @@ func NewNode(config *cfg.Config, trustMetricStore = trust.NewTrustMetricStore(trustHistoryDB, trust.DefaultConfig()) trustMetricStore.SetLogger(p2pLogger) + var seeds []string + if config.P2P.Seeds != "" { + seeds = strings.Split(config.P2P.Seeds, ",") + } pexReactor := p2p.NewPEXReactor(addrBook, - &p2p.PEXReactorConfig{Seeds: strings.Split(config.P2P.Seeds, ",")}) + &p2p.PEXReactorConfig{Seeds: seeds}) pexReactor.SetLogger(p2pLogger) sw.AddReactor("PEX", pexReactor) } From 9d4d939b89cbe6c589ba16926242abcc8f081d9e Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Thu, 18 Jan 2018 15:35:00 +0000 Subject: [PATCH 072/188] docs: tx formats: closes #1083, #536 --- docs/using-tendermint.rst | 53 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index a7749d47b..7956a972a 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -68,7 +68,7 @@ Transactions ------------ To send a transaction, use ``curl`` to make requests to the Tendermint -RPC server: +RPC server, for example: :: @@ -93,6 +93,54 @@ Visit http://localhost:46657 in your browser to see the list of other endpoints. Some take no arguments (like ``/status``), while others specify the argument name and use ``_`` as a placeholder. +Formatting +~~~~~~~~~~ + +The following nuances when sending/formatting transactions should +be taken into account: + +With ``GET``: + +To send a UTF8 string byte array, quote the value of the tx pramater: + +:: + + curl http://localhost:46657/broadcast_tx_commit?tx="hello" + +which sends a 5 byte transaction: "h e l l o" [68 65 6c 6c 6f]. + +Using a special character: + +:: + + curl http://localhost:46657/broadcast_tx_commit?tx="€5" + +sends a 4 byte transaction: "€5" (UTF8) [e2 82 ac 35]. + +To send as raw hex, omit quotes AND prefix the hex string with ``0x``: + +:: + + curl http://localhost:46657/broadcast_tx_commit?tx=0x01020304 + +which sends a 4 byte transaction: [01 02 03 04]. + +With ``POST`` (using ``json``), the raw hex must be ``base64`` encoded: + +:: + + curl -X POST http://localhots:46657 + { + "method": broadcast_tx_commit", + "jsonrpc": "2.0", + "params": {"tx": "AQIDBA=="}, + "id": "" + } + +which sends the same 4 byte transaction: [01 02 03 04]. + +Note that raw hex cannot be used in ``POST`` transactions. + Reset ----- @@ -196,6 +244,9 @@ can take on the order of a second. For a quick result, use ``broadcast_tx_sync``, but the transaction will not be committed until later, and by that point its effect on the state may change. +Note: see the Transactions => Formatting section for details about +transaction formating. + Tendermint Networks ------------------- From 0a20e8f2682ce4854afaaa698c6bef592a187567 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Thu, 18 Jan 2018 19:39:07 +0100 Subject: [PATCH 073/188] Create PULL_REQUEST_TEMPLATE.md --- .github/PULL_REQUEST_TEMPLATE.md | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 .github/PULL_REQUEST_TEMPLATE.md diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 000000000..902469b41 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,6 @@ + + +* [ ] Updated all relevant documentation in docs +* [ ] Updated all code comments where relevant +* [ ] Wrote tests +* [ ] Updated CHANGELOG.md From f57f97c4bd30a35946a0c59cb1157c36e126ceb5 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 18 Jan 2018 17:40:12 -0500 Subject: [PATCH 074/188] fix bash tests --- .../pex/{dial_persistent_peers.sh => dial_peers.sh} | 13 +++++++------ test/p2p/pex/test.sh | 4 ++-- ..._dial_persistent_peers.sh => test_dial_peers.sh} | 10 +++++----- 3 files changed, 14 insertions(+), 13 deletions(-) rename test/p2p/pex/{dial_persistent_peers.sh => dial_peers.sh} (57%) rename test/p2p/pex/{test_dial_persistent_peers.sh => test_dial_peers.sh} (78%) diff --git a/test/p2p/pex/dial_persistent_peers.sh b/test/p2p/pex/dial_peers.sh similarity index 57% rename from test/p2p/pex/dial_persistent_peers.sh rename to test/p2p/pex/dial_peers.sh index 95c1d6e9c..ddda7dbe7 100644 --- a/test/p2p/pex/dial_persistent_peers.sh +++ b/test/p2p/pex/dial_peers.sh @@ -19,13 +19,14 @@ for i in `seq 1 $N`; do done set -e -# persistent_peers need quotes -persistent_peers="\"$(test/p2p/ip.sh 1):46656\"" +# peers need quotes +peers="\"$(test/p2p/ip.sh 1):46656\"" for i in `seq 2 $N`; do - persistent_peers="$persistent_peers,\"$(test/p2p/ip.sh $i):46656\"" + peers="$peers,\"$(test/p2p/ip.sh $i):46656\"" done -echo $persistent_peers +echo $peers -echo $persistent_peers +echo $peers IP=$(test/p2p/ip.sh 1) -curl --data-urlencode "persistent_peers=[$persistent_peers]" "$IP:46657/dial_persistent_peers" +curl "$IP:46657/dial_peers?persistent=true&peers=\[$peers\]" + diff --git a/test/p2p/pex/test.sh b/test/p2p/pex/test.sh index 06d40c3ed..ffecd6510 100644 --- a/test/p2p/pex/test.sh +++ b/test/p2p/pex/test.sh @@ -11,5 +11,5 @@ cd "$GOPATH/src/github.com/tendermint/tendermint" echo "Test reconnecting from the address book" bash test/p2p/pex/test_addrbook.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" -echo "Test connecting via /dial_persistent_peers" -bash test/p2p/pex/test_dial_persistent_peers.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" +echo "Test connecting via /dial_peers" +bash test/p2p/pex/test_dial_peers.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$N" "$PROXY_APP" diff --git a/test/p2p/pex/test_dial_persistent_peers.sh b/test/p2p/pex/test_dial_peers.sh similarity index 78% rename from test/p2p/pex/test_dial_persistent_peers.sh rename to test/p2p/pex/test_dial_peers.sh index 7dda62b13..d0b042342 100644 --- a/test/p2p/pex/test_dial_persistent_peers.sh +++ b/test/p2p/pex/test_dial_peers.sh @@ -11,7 +11,7 @@ ID=1 cd $GOPATH/src/github.com/tendermint/tendermint echo "----------------------------------------------------------------------" -echo "Testing full network connection using one /dial_persistent_peers call" +echo "Testing full network connection using one /dial_peers call" echo "(assuming peers are started with pex enabled)" # stop the existing testnet and remove local network @@ -26,11 +26,11 @@ bash test/p2p/local_testnet_start.sh $DOCKER_IMAGE $NETWORK_NAME $N $PROXY_APP $ -# dial persistent_peers from one node -CLIENT_NAME="dial_persistent_peers" -bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/pex/dial_persistent_peers.sh $N" +# dial peers from one node +CLIENT_NAME="dial_peers" +bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/pex/dial_peers.sh $N" # test basic connectivity and consensus # start client container and check the num peers and height for all nodes -CLIENT_NAME="dial_persistent_peers_basic" +CLIENT_NAME="dial_peers_basic" bash test/p2p/client.sh $DOCKER_IMAGE $NETWORK_NAME $CLIENT_NAME "test/p2p/basic/test.sh $N" From e764a180d8e60f76554238a225ecde3e759b50df Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 18 Jan 2018 18:58:21 -0500 Subject: [PATCH 075/188] docs: fix tx formats [ci skip] --- docs/using-tendermint.rst | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index 7956a972a..f4b0cb089 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -105,15 +105,24 @@ To send a UTF8 string byte array, quote the value of the tx pramater: :: - curl http://localhost:46657/broadcast_tx_commit?tx="hello" + curl 'http://localhost:46657/broadcast_tx_commit?tx="hello"' which sends a 5 byte transaction: "h e l l o" [68 65 6c 6c 6f]. +Note the URL must be wrapped with single quoes, else bash will ignore the double quotes. +To avoid the single quotes, escape the double quotes: + +:: + + curl http://localhost:46657/broadcast_tx_commit?tx=\"hello\" + + + Using a special character: :: - curl http://localhost:46657/broadcast_tx_commit?tx="€5" + curl 'http://localhost:46657/broadcast_tx_commit?tx="€5"' sends a 4 byte transaction: "€5" (UTF8) [e2 82 ac 35]. @@ -129,13 +138,7 @@ With ``POST`` (using ``json``), the raw hex must be ``base64`` encoded: :: - curl -X POST http://localhots:46657 - { - "method": broadcast_tx_commit", - "jsonrpc": "2.0", - "params": {"tx": "AQIDBA=="}, - "id": "" - } + curl --data-binary '{"jsonrpc":"2.0","id":"anything","method":"broadcast_tx_commit","params": {"tx": "AQIDBA=="}}' -H 'content-type:text/plain;' http://localhost:46657 which sends the same 4 byte transaction: [01 02 03 04]. From cca597a9c05987ff3fbbb0696da65ed6904f3b9d Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 18 Jan 2018 23:12:20 -0500 Subject: [PATCH 076/188] fix and test config file --- cmd/tendermint/commands/root.go | 6 +- cmd/tendermint/commands/root_test.go | 188 ++++++++++++++++++--------- config/config.go | 3 +- config/toml.go | 2 + glide.lock | 22 ++-- glide.yaml | 2 +- 6 files changed, 148 insertions(+), 75 deletions(-) diff --git a/cmd/tendermint/commands/root.go b/cmd/tendermint/commands/root.go index a54b50069..e6a175665 100644 --- a/cmd/tendermint/commands/root.go +++ b/cmd/tendermint/commands/root.go @@ -18,7 +18,11 @@ var ( ) func init() { - RootCmd.PersistentFlags().String("log_level", config.LogLevel, "Log level") + registerFlagsRootCmd(RootCmd) +} + +func registerFlagsRootCmd(cmd *cobra.Command) { + cmd.PersistentFlags().String("log_level", config.LogLevel, "Log level") } // ParseConfig retrieves the default environment configuration, diff --git a/cmd/tendermint/commands/root_test.go b/cmd/tendermint/commands/root_test.go index 8217ee166..59d258af7 100644 --- a/cmd/tendermint/commands/root_test.go +++ b/cmd/tendermint/commands/root_test.go @@ -1,7 +1,10 @@ package commands import ( + "fmt" + "io/ioutil" "os" + "path/filepath" "strconv" "testing" @@ -12,6 +15,7 @@ import ( cfg "github.com/tendermint/tendermint/config" "github.com/tendermint/tmlibs/cli" + cmn "github.com/tendermint/tmlibs/common" ) var ( @@ -22,89 +26,151 @@ const ( rootName = "root" ) -// isolate provides a clean setup and returns a copy of RootCmd you can -// modify in the test cases. -// NOTE: it unsets all TM* env variables. -func isolate(cmds ...*cobra.Command) cli.Executable { +// clearConfig clears env vars, the given root dir, and resets viper. +func clearConfig(dir string) { if err := os.Unsetenv("TMHOME"); err != nil { panic(err) } if err := os.Unsetenv("TM_HOME"); err != nil { panic(err) } - if err := os.RemoveAll(defaultRoot); err != nil { + + if err := os.RemoveAll(dir); err != nil { panic(err) } - viper.Reset() config = cfg.DefaultConfig() - r := &cobra.Command{ - Use: rootName, - PersistentPreRunE: RootCmd.PersistentPreRunE, - } - r.AddCommand(cmds...) - wr := cli.PrepareBaseCmd(r, "TM", defaultRoot) - return wr } -func TestRootConfig(t *testing.T) { - assert, require := assert.New(t), require.New(t) - - // we pre-create a config file we can refer to in the rest of - // the test cases. - cvals := map[string]string{ - "moniker": "monkey", - "fast_sync": "false", +// prepare new rootCmd +func testRootCmd() *cobra.Command { + rootCmd := &cobra.Command{ + Use: RootCmd.Use, + PersistentPreRunE: RootCmd.PersistentPreRunE, + Run: func(cmd *cobra.Command, args []string) {}, } - // proper types of the above settings - cfast := false - conf, err := cli.WriteDemoConfig(cvals) - require.Nil(err) + registerFlagsRootCmd(rootCmd) + var l string + rootCmd.PersistentFlags().String("log", l, "Log") + return rootCmd +} +func testSetup(rootDir string, args []string, env map[string]string) error { + clearConfig(defaultRoot) + + rootCmd := testRootCmd() + cmd := cli.PrepareBaseCmd(rootCmd, "TM", defaultRoot) + + // run with the args and env + args = append([]string{rootCmd.Use}, args...) + return cli.RunWithArgs(cmd, args, env) +} + +func TestRootHome(t *testing.T) { + newRoot := filepath.Join(defaultRoot, "something-else") + cases := []struct { + args []string + env map[string]string + root string + }{ + {nil, nil, defaultRoot}, + {[]string{"--home", newRoot}, nil, newRoot}, + {nil, map[string]string{"TMHOME": newRoot}, newRoot}, + } + + for i, tc := range cases { + idxString := strconv.Itoa(i) + + err := testSetup(defaultRoot, tc.args, tc.env) + require.Nil(t, err, idxString) + + assert.Equal(t, tc.root, config.RootDir, idxString) + assert.Equal(t, tc.root, config.P2P.RootDir, idxString) + assert.Equal(t, tc.root, config.Consensus.RootDir, idxString) + assert.Equal(t, tc.root, config.Mempool.RootDir, idxString) + } +} + +func TestRootFlagsEnv(t *testing.T) { + + // defaults defaults := cfg.DefaultConfig() - dmax := defaults.P2P.MaxNumPeers + defaultLogLvl := defaults.LogLevel cases := []struct { args []string env map[string]string - root string - moniker string - fastSync bool - maxPeer int + logLevel string }{ - {nil, nil, defaultRoot, defaults.Moniker, defaults.FastSync, dmax}, - // try multiple ways of setting root (two flags, cli vs. env) - {[]string{"--home", conf}, nil, conf, cvals["moniker"], cfast, dmax}, - {nil, map[string]string{"TMHOME": conf}, conf, cvals["moniker"], cfast, dmax}, - // check setting p2p subflags two different ways - {[]string{"--p2p.max_num_peers", "420"}, nil, defaultRoot, defaults.Moniker, defaults.FastSync, 420}, - {nil, map[string]string{"TM_P2P_MAX_NUM_PEERS": "17"}, defaultRoot, defaults.Moniker, defaults.FastSync, 17}, - // try to set env that have no flags attached... - {[]string{"--home", conf}, map[string]string{"TM_MONIKER": "funny"}, conf, "funny", cfast, dmax}, + {[]string{"--log", "debug"}, nil, defaultLogLvl}, // wrong flag + {[]string{"--log_level", "debug"}, nil, "debug"}, // right flag + {nil, map[string]string{"TM_LOW": "debug"}, defaultLogLvl}, // wrong env flag + {nil, map[string]string{"MT_LOG_LEVEL": "debug"}, defaultLogLvl}, // wrong env prefix + {nil, map[string]string{"TM_LOG_LEVEL": "debug"}, "debug"}, // right env } - for idx, tc := range cases { - i := strconv.Itoa(idx) - // test command that does nothing, except trigger unmarshalling in root - noop := &cobra.Command{ - Use: "noop", - RunE: func(cmd *cobra.Command, args []string) error { - return nil - }, - } - noop.Flags().Int("p2p.max_num_peers", defaults.P2P.MaxNumPeers, "") - cmd := isolate(noop) + for i, tc := range cases { + idxString := strconv.Itoa(i) - args := append([]string{rootName, noop.Use}, tc.args...) - err := cli.RunWithArgs(cmd, args, tc.env) - require.Nil(err, i) - assert.Equal(tc.root, config.RootDir, i) - assert.Equal(tc.root, config.P2P.RootDir, i) - assert.Equal(tc.root, config.Consensus.RootDir, i) - assert.Equal(tc.root, config.Mempool.RootDir, i) - assert.Equal(tc.moniker, config.Moniker, i) - assert.Equal(tc.fastSync, config.FastSync, i) - assert.Equal(tc.maxPeer, config.P2P.MaxNumPeers, i) + err := testSetup(defaultRoot, tc.args, tc.env) + require.Nil(t, err, idxString) + + assert.Equal(t, tc.logLevel, config.LogLevel, idxString) } - +} + +func TestRootConfig(t *testing.T) { + + // write non-default config + nonDefaultLogLvl := "abc:debug" + cvals := map[string]string{ + "log_level": nonDefaultLogLvl, + } + + cases := []struct { + args []string + env map[string]string + + logLvl string + }{ + {nil, nil, nonDefaultLogLvl}, // should load config + {[]string{"--log_level=abc:info"}, nil, "abc:info"}, // flag over rides + {nil, map[string]string{"TM_LOG_LEVEL": "abc:info"}, "abc:info"}, // env over rides + } + + for i, tc := range cases { + idxString := strconv.Itoa(i) + clearConfig(defaultRoot) + + // XXX: path must match cfg.defaultConfigPath + configFilePath := filepath.Join(defaultRoot, "config") + err := cmn.EnsureDir(configFilePath, 0700) + require.Nil(t, err) + + // write the non-defaults to a different path + // TODO: support writing sub configs so we can test that too + err = WriteConfigVals(configFilePath, cvals) + require.Nil(t, err) + + rootCmd := testRootCmd() + cmd := cli.PrepareBaseCmd(rootCmd, "TM", defaultRoot) + + // run with the args and env + tc.args = append([]string{rootCmd.Use}, tc.args...) + err = cli.RunWithArgs(cmd, tc.args, tc.env) + require.Nil(t, err, idxString) + + assert.Equal(t, tc.logLvl, config.LogLevel, idxString) + } +} + +// WriteConfigVals writes a toml file with the given values. +// It returns an error if writing was impossible. +func WriteConfigVals(dir string, vals map[string]string) error { + data := "" + for k, v := range vals { + data = data + fmt.Sprintf("%s = \"%s\"\n", k, v) + } + cfile := filepath.Join(dir, "config.toml") + return ioutil.WriteFile(cfile, []byte(data), 0666) } diff --git a/config/config.go b/config/config.go index f93b79241..9103de103 100644 --- a/config/config.go +++ b/config/config.go @@ -7,11 +7,12 @@ import ( "time" ) -// Note: Most of the structs & relevant comments + the +// NOTE: Most of the structs & relevant comments + the // default configuration options were used to manually // generate the config.toml. Please reflect any changes // made here in the defaultConfigTemplate constant in // config/toml.go +// NOTE: tmlibs/cli must know to look in the config dir! var ( DefaultTendermintDir = ".tendermint" defaultConfigDir = "config" diff --git a/config/toml.go b/config/toml.go index e7bd26103..bdc9f5a6c 100644 --- a/config/toml.go +++ b/config/toml.go @@ -20,6 +20,8 @@ func init() { /****** these are for production settings ***********/ +// EnsureRoot creates the root, config, and data directories if they don't exist, +// and panics if it fails. func EnsureRoot(rootDir string) { if err := cmn.EnsureDir(rootDir, 0700); err != nil { cmn.PanicSanity(err.Error()) diff --git a/glide.lock b/glide.lock index b83358864..383772f05 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 072c8e685dd519c1f509da67379b70451a681bf3ef6cbd82900a1f68c55bbe16 -updated: 2017-12-29T11:08:17.355999228-05:00 +hash: 9399a10e80d255104f8ec07b5d495c41d8a3f7a421f9da97ebd78c65189f381d +updated: 2018-01-18T23:11:10.703734578-05:00 imports: - name: github.com/btcsuite/btcd version: 2e60448ffcc6bf78332d1fe590260095f554dd78 @@ -10,7 +10,7 @@ imports: - name: github.com/fsnotify/fsnotify version: 4da3e2cfbabc9f751898f250b49f2439785783a1 - name: github.com/go-kit/kit - version: 953e747656a7bbb5e1f998608b460458958b70cc + version: 53f10af5d5c7375d4655a3d6852457ed17ab5cc7 subpackages: - log - log/level @@ -68,13 +68,13 @@ imports: - name: github.com/mitchellh/mapstructure version: 06020f85339e21b2478f756a78e295255ffa4d6a - name: github.com/pelletier/go-toml - version: 0131db6d737cfbbfb678f8b7d92e55e27ce46224 + version: 4e9e0ee19b60b13eb79915933f44d8ed5f268bdd - name: github.com/pkg/errors version: 645ef00459ed84a119197bfb8d8205042c6df63d - name: github.com/rcrowley/go-metrics version: e181e095bae94582363434144c61a9653aff6e50 - name: github.com/spf13/afero - version: 57afd63c68602b63ed976de00dd066ccb3c319db + version: 8d919cbe7e2627e417f3e45c3c0e489a5b7e2536 subpackages: - mem - name: github.com/spf13/cast @@ -88,7 +88,7 @@ imports: - name: github.com/spf13/viper version: 25b30aa063fc18e48662b86996252eabdcf2f0c7 - name: github.com/syndtr/goleveldb - version: 34011bf325bce385408353a30b101fe5e923eb6e + version: adf24ef3f94bd13ec4163060b21a5678f22b429b subpackages: - leveldb - leveldb/cache @@ -129,7 +129,7 @@ imports: subpackages: - iavl - name: github.com/tendermint/tmlibs - version: 91b4b534ad78e442192c8175db92a06a51064064 + version: 15e51fa76086a3c505f227679c2478043ae7261b subpackages: - autofile - cli @@ -144,7 +144,7 @@ imports: - pubsub/query - test - name: golang.org/x/crypto - version: 95a4943f35d008beabde8c11e5075a1b714e6419 + version: 94eea52f7b742c7cbe0b03b22f0c4c8631ece122 subpackages: - curve25519 - nacl/box @@ -165,11 +165,11 @@ imports: - lex/httplex - trace - name: golang.org/x/sys - version: 83801418e1b59fb1880e363299581ee543af32ca + version: 8b4580aae2a0dd0c231a45d3ccb8434ff533b840 subpackages: - unix - name: golang.org/x/text - version: e19ae1496984b1c655b8044a65c0300a3c878dd3 + version: 57961680700a5336d15015c8c50686ca5ba362a4 subpackages: - secure/bidirule - transform @@ -199,7 +199,7 @@ imports: - tap - transport - name: gopkg.in/go-playground/validator.v9 - version: b1f51f36f1c98cc97f777d6fc9d4b05eaa0cabb5 + version: 61caf9d3038e1af346dbf5c2e16f6678e1548364 - name: gopkg.in/yaml.v2 version: 287cf08546ab5e7e37d55a84f7ed3fd1db036de5 testImports: diff --git a/glide.yaml b/glide.yaml index b7846d641..2302a6dcf 100644 --- a/glide.yaml +++ b/glide.yaml @@ -34,7 +34,7 @@ import: subpackages: - iavl - package: github.com/tendermint/tmlibs - version: v0.6.0 + version: v0.6.1 subpackages: - autofile - cli From ebeadfc57e51f3614131ac873fbd9530a452a666 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 19 Jan 2018 00:11:23 -0500 Subject: [PATCH 077/188] dont run metalinter --- Makefile | 6 +++--- test/run_test.sh | 3 --- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/Makefile b/Makefile index 2aed1acf4..5fd599cce 100644 --- a/Makefile +++ b/Makefile @@ -2,14 +2,14 @@ GOTOOLS = \ github.com/mitchellh/gox \ github.com/Masterminds/glide \ github.com/tcnksm/ghr \ - gopkg.in/alecthomas/gometalinter.v2 + # gopkg.in/alecthomas/gometalinter.v2 GOTOOLS_CHECK = gox glide ghr gometalinter.v2 PACKAGES=$(shell go list ./... | grep -v '/vendor/') BUILD_TAGS?=tendermint TMHOME = $${TMHOME:-$$HOME/.tendermint} BUILD_FLAGS = -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=`git rev-parse --short HEAD`" -all: check build test install metalinter +all: check build test install check: check_tools get_vendor_deps @@ -42,7 +42,7 @@ check_tools: get_tools: @echo "--> Installing tools" go get -u -v $(GOTOOLS) - @gometalinter.v2 --install + # @gometalinter.v2 --install update_tools: @echo "--> Updating tools" diff --git a/test/run_test.sh b/test/run_test.sh index ae2ff6b41..b505126ea 100644 --- a/test/run_test.sh +++ b/test/run_test.sh @@ -6,9 +6,6 @@ pwd BRANCH=$(git rev-parse --abbrev-ref HEAD) echo "Current branch: $BRANCH" -# run the linter -make metalinter - # run the go unit tests with coverage bash test/test_cover.sh From 1cb76625d3be9dd25a630b164100436d5665024a Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 18 Jan 2018 20:38:19 -0500 Subject: [PATCH 078/188] consensus: rename test funcs --- consensus/mempool_test.go | 10 +++++----- consensus/reactor_test.go | 21 +++++++-------------- consensus/state_test.go | 32 ++++++++++++++++---------------- consensus/wal_test.go | 2 +- 4 files changed, 29 insertions(+), 36 deletions(-) diff --git a/consensus/mempool_test.go b/consensus/mempool_test.go index 91acce65d..97bc050fa 100644 --- a/consensus/mempool_test.go +++ b/consensus/mempool_test.go @@ -19,7 +19,7 @@ func init() { config = ResetConfig("consensus_mempool_test") } -func TestNoProgressUntilTxsAvailable(t *testing.T) { +func TestMempoolNoProgressUntilTxsAvailable(t *testing.T) { config := ResetConfig("consensus_mempool_txs_available_test") config.Consensus.CreateEmptyBlocks = false state, privVals := randGenesisState(1, false, 10) @@ -37,7 +37,7 @@ func TestNoProgressUntilTxsAvailable(t *testing.T) { ensureNoNewStep(newBlockCh) } -func TestProgressAfterCreateEmptyBlocksInterval(t *testing.T) { +func TestMempoolProgressAfterCreateEmptyBlocksInterval(t *testing.T) { config := ResetConfig("consensus_mempool_txs_available_test") config.Consensus.CreateEmptyBlocksInterval = int(ensureTimeout.Seconds()) state, privVals := randGenesisState(1, false, 10) @@ -52,7 +52,7 @@ func TestProgressAfterCreateEmptyBlocksInterval(t *testing.T) { ensureNewStep(newBlockCh) // until the CreateEmptyBlocksInterval has passed } -func TestProgressInHigherRound(t *testing.T) { +func TestMempoolProgressInHigherRound(t *testing.T) { config := ResetConfig("consensus_mempool_txs_available_test") config.Consensus.CreateEmptyBlocks = false state, privVals := randGenesisState(1, false, 10) @@ -94,7 +94,7 @@ func deliverTxsRange(cs *ConsensusState, start, end int) { } } -func TestTxConcurrentWithCommit(t *testing.T) { +func TestMempoolTxConcurrentWithCommit(t *testing.T) { state, privVals := randGenesisState(1, false, 10) cs := newConsensusState(state, privVals[0], NewCounterApplication()) height, round := cs.Height, cs.Round @@ -116,7 +116,7 @@ func TestTxConcurrentWithCommit(t *testing.T) { } } -func TestRmBadTx(t *testing.T) { +func TestMempoolRmBadTx(t *testing.T) { state, privVals := randGenesisState(1, false, 10) app := NewCounterApplication() cs := newConsensusState(state, privVals[0], app) diff --git a/consensus/reactor_test.go b/consensus/reactor_test.go index bcf97f94b..0fb348bd0 100644 --- a/consensus/reactor_test.go +++ b/consensus/reactor_test.go @@ -31,31 +31,24 @@ func startConsensusNet(t *testing.T, css []*ConsensusState, N int) ([]*Consensus reactors := make([]*ConsensusReactor, N) eventChans := make([]chan interface{}, N) eventBuses := make([]*types.EventBus, N) - logger := consensusLogger() for i := 0; i < N; i++ { - /*thisLogger, err := tmflags.ParseLogLevel("consensus:info,*:error", logger, "info") + /*logger, err := tmflags.ParseLogLevel("consensus:info,*:error", logger, "info") if err != nil { t.Fatal(err)}*/ - thisLogger := logger - reactors[i] = NewConsensusReactor(css[i], true) // so we dont start the consensus states - reactors[i].conS.SetLogger(thisLogger.With("validator", i)) - reactors[i].SetLogger(thisLogger.With("validator", i)) - - eventBuses[i] = types.NewEventBus() - eventBuses[i].SetLogger(thisLogger.With("module", "events", "validator", i)) - err := eventBuses[i].Start() - require.NoError(t, err) + reactors[i].SetLogger(css[i].Logger.With("validator", "i")) + // eventBus is already started with the cs + eventBuses[i] = css[i].eventBus reactors[i].SetEventBus(eventBuses[i]) eventChans[i] = make(chan interface{}, 1) - err = eventBuses[i].Subscribe(context.Background(), testSubscriber, types.EventQueryNewBlock, eventChans[i]) + err := eventBuses[i].Subscribe(context.Background(), testSubscriber, types.EventQueryNewBlock, eventChans[i]) require.NoError(t, err) } // make connected switches and start all reactors p2p.MakeConnectedSwitches(config.P2P, N, func(i int, s *p2p.Switch) *p2p.Switch { s.AddReactor("CONSENSUS", reactors[i]) - s.SetLogger(reactors[i].Logger.With("module", "p2p", "validator", i)) + s.SetLogger(reactors[i].conS.Logger.With("module", "p2p")) return s }, p2p.Connect2Switches) @@ -84,7 +77,7 @@ func stopConsensusNet(logger log.Logger, reactors []*ConsensusReactor, eventBuse } // Ensure a testnet makes blocks -func TestReactor(t *testing.T) { +func TestReactorBasic(t *testing.T) { N := 4 css := randConsensusNet(N, "consensus_reactor_test", newMockTickerFunc(true), newCounter) reactors, eventChans, eventBuses := startConsensusNet(t, css, N) diff --git a/consensus/state_test.go b/consensus/state_test.go index 97562febd..e6b2a1354 100644 --- a/consensus/state_test.go +++ b/consensus/state_test.go @@ -55,7 +55,7 @@ x * TestHalt1 - if we see +2/3 precommits after timing out into new round, we sh //---------------------------------------------------------------------------------------------------- // ProposeSuite -func TestProposerSelection0(t *testing.T) { +func TestStateProposerSelection0(t *testing.T) { cs1, vss := randConsensusState(4) height, round := cs1.Height, cs1.Round @@ -89,7 +89,7 @@ func TestProposerSelection0(t *testing.T) { } // Now let's do it all again, but starting from round 2 instead of 0 -func TestProposerSelection2(t *testing.T) { +func TestStateProposerSelection2(t *testing.T) { cs1, vss := randConsensusState(4) // test needs more work for more than 3 validators newRoundCh := subscribe(cs1.eventBus, types.EventQueryNewRound) @@ -118,7 +118,7 @@ func TestProposerSelection2(t *testing.T) { } // a non-validator should timeout into the prevote round -func TestEnterProposeNoPrivValidator(t *testing.T) { +func TestStateEnterProposeNoPrivValidator(t *testing.T) { cs, _ := randConsensusState(1) cs.SetPrivValidator(nil) height, round := cs.Height, cs.Round @@ -143,7 +143,7 @@ func TestEnterProposeNoPrivValidator(t *testing.T) { } // a validator should not timeout of the prevote round (TODO: unless the block is really big!) -func TestEnterProposeYesPrivValidator(t *testing.T) { +func TestStateEnterProposeYesPrivValidator(t *testing.T) { cs, _ := randConsensusState(1) height, round := cs.Height, cs.Round @@ -179,7 +179,7 @@ func TestEnterProposeYesPrivValidator(t *testing.T) { } } -func TestBadProposal(t *testing.T) { +func TestStateBadProposal(t *testing.T) { cs1, vss := randConsensusState(2) height, round := cs1.Height, cs1.Round vs2 := vss[1] @@ -239,7 +239,7 @@ func TestBadProposal(t *testing.T) { // FullRoundSuite // propose, prevote, and precommit a block -func TestFullRound1(t *testing.T) { +func TestStateFullRound1(t *testing.T) { cs, vss := randConsensusState(1) height, round := cs.Height, cs.Round @@ -275,7 +275,7 @@ func TestFullRound1(t *testing.T) { } // nil is proposed, so prevote and precommit nil -func TestFullRoundNil(t *testing.T) { +func TestStateFullRoundNil(t *testing.T) { cs, vss := randConsensusState(1) height, round := cs.Height, cs.Round @@ -293,7 +293,7 @@ func TestFullRoundNil(t *testing.T) { // run through propose, prevote, precommit commit with two validators // where the first validator has to wait for votes from the second -func TestFullRound2(t *testing.T) { +func TestStateFullRound2(t *testing.T) { cs1, vss := randConsensusState(2) vs2 := vss[1] height, round := cs1.Height, cs1.Round @@ -334,7 +334,7 @@ func TestFullRound2(t *testing.T) { // two validators, 4 rounds. // two vals take turns proposing. val1 locks on first one, precommits nil on everything else -func TestLockNoPOL(t *testing.T) { +func TestStateLockNoPOL(t *testing.T) { cs1, vss := randConsensusState(2) vs2 := vss[1] height := cs1.Height @@ -503,7 +503,7 @@ func TestLockNoPOL(t *testing.T) { } // 4 vals, one precommits, other 3 polka at next round, so we unlock and precomit the polka -func TestLockPOLRelock(t *testing.T) { +func TestStateLockPOLRelock(t *testing.T) { cs1, vss := randConsensusState(4) vs2, vs3, vs4 := vss[1], vss[2], vss[3] @@ -618,7 +618,7 @@ func TestLockPOLRelock(t *testing.T) { } // 4 vals, one precommits, other 3 polka at next round, so we unlock and precomit the polka -func TestLockPOLUnlock(t *testing.T) { +func TestStateLockPOLUnlock(t *testing.T) { cs1, vss := randConsensusState(4) vs2, vs3, vs4 := vss[1], vss[2], vss[3] @@ -715,7 +715,7 @@ func TestLockPOLUnlock(t *testing.T) { // a polka at round 1 but we miss it // then a polka at round 2 that we lock on // then we see the polka from round 1 but shouldn't unlock -func TestLockPOLSafety1(t *testing.T) { +func TestStateLockPOLSafety1(t *testing.T) { cs1, vss := randConsensusState(4) vs2, vs3, vs4 := vss[1], vss[2], vss[3] @@ -838,7 +838,7 @@ func TestLockPOLSafety1(t *testing.T) { // What we want: // dont see P0, lock on P1 at R1, dont unlock using P0 at R2 -func TestLockPOLSafety2(t *testing.T) { +func TestStateLockPOLSafety2(t *testing.T) { cs1, vss := randConsensusState(4) vs2, vs3, vs4 := vss[1], vss[2], vss[3] @@ -937,7 +937,7 @@ func TestLockPOLSafety2(t *testing.T) { // TODO: Slashing /* -func TestSlashingPrevotes(t *testing.T) { +func TestStateSlashingPrevotes(t *testing.T) { cs1, vss := randConsensusState(2) vs2 := vss[1] @@ -972,7 +972,7 @@ func TestSlashingPrevotes(t *testing.T) { // XXX: Check for existence of Dupeout info } -func TestSlashingPrecommits(t *testing.T) { +func TestStateSlashingPrecommits(t *testing.T) { cs1, vss := randConsensusState(2) vs2 := vss[1] @@ -1017,7 +1017,7 @@ func TestSlashingPrecommits(t *testing.T) { // 4 vals. // we receive a final precommit after going into next round, but others might have gone to commit already! -func TestHalt1(t *testing.T) { +func TestStateHalt1(t *testing.T) { cs1, vss := randConsensusState(4) vs2, vs3, vs4 := vss[1], vss[2], vss[3] diff --git a/consensus/wal_test.go b/consensus/wal_test.go index c7f087398..3553591c9 100644 --- a/consensus/wal_test.go +++ b/consensus/wal_test.go @@ -41,7 +41,7 @@ func TestWALEncoderDecoder(t *testing.T) { } } -func TestSearchForEndHeight(t *testing.T) { +func TestWALSearchForEndHeight(t *testing.T) { walBody, err := WALWithNBlocks(6) if err != nil { t.Fatal(err) From 8171628ee56221e73e341c8a8867f0b2049fe7b7 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 19 Jan 2018 00:14:35 -0500 Subject: [PATCH 079/188] make tests run faster --- config/config.go | 3 +++ consensus/common_test.go | 4 ++-- consensus/reactor_test.go | 37 +++++++++++++++---------------------- p2p/test_util.go | 5 +++-- 4 files changed, 23 insertions(+), 26 deletions(-) diff --git a/config/config.go b/config/config.go index 9103de103..77bd54d36 100644 --- a/config/config.go +++ b/config/config.go @@ -294,6 +294,7 @@ func TestP2PConfig() *P2PConfig { conf := DefaultP2PConfig() conf.ListenAddress = "tcp://0.0.0.0:36656" conf.SkipUPNP = true + conf.FlushThrottleTimeout = 10 return conf } @@ -438,6 +439,8 @@ func TestConsensusConfig() *ConsensusConfig { config.TimeoutPrecommitDelta = 1 config.TimeoutCommit = 10 config.SkipTimeoutCommit = true + config.PeerGossipSleepDuration = 5 + config.PeerQueryMaj23SleepDuration = 50 return config } diff --git a/consensus/common_test.go b/consensus/common_test.go index 95775994b..40a320e42 100644 --- a/consensus/common_test.go +++ b/consensus/common_test.go @@ -36,8 +36,8 @@ const ( ) // genesis, chain_id, priv_val -var config *cfg.Config // NOTE: must be reset for each _test.go file -var ensureTimeout = time.Second * 2 +var config *cfg.Config // NOTE: must be reset for each _test.go file +var ensureTimeout = time.Second * 1 // must be in seconds because CreateEmptyBlocksInterval is func ensureDir(dir string, mode os.FileMode) { if err := cmn.EnsureDir(dir, mode); err != nil { diff --git a/consensus/reactor_test.go b/consensus/reactor_test.go index 0fb348bd0..c1e2a4621 100644 --- a/consensus/reactor_test.go +++ b/consensus/reactor_test.go @@ -35,7 +35,7 @@ func startConsensusNet(t *testing.T, css []*ConsensusState, N int) ([]*Consensus /*logger, err := tmflags.ParseLogLevel("consensus:info,*:error", logger, "info") if err != nil { t.Fatal(err)}*/ reactors[i] = NewConsensusReactor(css[i], true) // so we dont start the consensus states - reactors[i].SetLogger(css[i].Logger.With("validator", "i")) + reactors[i].SetLogger(css[i].Logger.With("validator", "i", "module", "consensus")) // eventBus is already started with the cs eventBuses[i] = css[i].eventBus @@ -83,9 +83,8 @@ func TestReactorBasic(t *testing.T) { reactors, eventChans, eventBuses := startConsensusNet(t, css, N) defer stopConsensusNet(log.TestingLogger(), reactors, eventBuses) // wait till everyone makes the first new block - timeoutWaitGroup(t, N, func(wg *sync.WaitGroup, j int) { + timeoutWaitGroup(t, N, func(j int) { <-eventChans[j] - wg.Done() }, css) } @@ -106,9 +105,8 @@ func TestReactorProposalHeartbeats(t *testing.T) { require.NoError(t, err) } // wait till everyone sends a proposal heartbeat - timeoutWaitGroup(t, N, func(wg *sync.WaitGroup, j int) { + timeoutWaitGroup(t, N, func(j int) { <-heartbeatChans[j] - wg.Done() }, css) // send a tx @@ -117,9 +115,8 @@ func TestReactorProposalHeartbeats(t *testing.T) { } // wait till everyone makes the first new block - timeoutWaitGroup(t, N, func(wg *sync.WaitGroup, j int) { + timeoutWaitGroup(t, N, func(j int) { <-eventChans[j] - wg.Done() }, css) } @@ -140,9 +137,8 @@ func TestReactorVotingPowerChange(t *testing.T) { } // wait till everyone makes block 1 - timeoutWaitGroup(t, nVals, func(wg *sync.WaitGroup, j int) { + timeoutWaitGroup(t, nVals, func(j int) { <-eventChans[j] - wg.Done() }, css) //--------------------------------------------------------------------------- @@ -203,9 +199,8 @@ func TestReactorValidatorSetChanges(t *testing.T) { } // wait till everyone makes block 1 - timeoutWaitGroup(t, nPeers, func(wg *sync.WaitGroup, j int) { + timeoutWaitGroup(t, nPeers, func(j int) { <-eventChans[j] - wg.Done() }, css) //--------------------------------------------------------------------------- @@ -293,16 +288,13 @@ func TestReactorWithTimeoutCommit(t *testing.T) { defer stopConsensusNet(log.TestingLogger(), reactors, eventBuses) // wait till everyone makes the first new block - timeoutWaitGroup(t, N-1, func(wg *sync.WaitGroup, j int) { + timeoutWaitGroup(t, N-1, func(j int) { <-eventChans[j] - wg.Done() }, css) } func waitForAndValidateBlock(t *testing.T, n int, activeVals map[string]struct{}, eventChans []chan interface{}, css []*ConsensusState, txs ...[]byte) { - timeoutWaitGroup(t, n, func(wg *sync.WaitGroup, j int) { - defer wg.Done() - + timeoutWaitGroup(t, n, func(j int) { css[j].Logger.Debug("waitForAndValidateBlock") newBlockI, ok := <-eventChans[j] if !ok { @@ -320,8 +312,7 @@ func waitForAndValidateBlock(t *testing.T, n int, activeVals map[string]struct{} } func waitForAndValidateBlockWithTx(t *testing.T, n int, activeVals map[string]struct{}, eventChans []chan interface{}, css []*ConsensusState, txs ...[]byte) { - timeoutWaitGroup(t, n, func(wg *sync.WaitGroup, j int) { - defer wg.Done() + timeoutWaitGroup(t, n, func(j int) { ntxs := 0 BLOCK_TX_LOOP: for { @@ -352,8 +343,7 @@ func waitForAndValidateBlockWithTx(t *testing.T, n int, activeVals map[string]st } func waitForBlockWithUpdatedValsAndValidateIt(t *testing.T, n int, updatedVals map[string]struct{}, eventChans []chan interface{}, css []*ConsensusState) { - timeoutWaitGroup(t, n, func(wg *sync.WaitGroup, j int) { - defer wg.Done() + timeoutWaitGroup(t, n, func(j int) { var newBlock *types.Block LOOP: @@ -391,11 +381,14 @@ func validateBlock(block *types.Block, activeVals map[string]struct{}) error { return nil } -func timeoutWaitGroup(t *testing.T, n int, f func(*sync.WaitGroup, int), css []*ConsensusState) { +func timeoutWaitGroup(t *testing.T, n int, f func(int), css []*ConsensusState) { wg := new(sync.WaitGroup) wg.Add(n) for i := 0; i < n; i++ { - go f(wg, i) + go func(j int) { + f(j) + wg.Done() + }(i) } done := make(chan struct{}) diff --git a/p2p/test_util.go b/p2p/test_util.go index 18167e209..dca23a0ea 100644 --- a/p2p/test_util.go +++ b/p2p/test_util.go @@ -97,7 +97,9 @@ func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch f nodeKey := &NodeKey{ PrivKey: crypto.GenPrivKeyEd25519().Wrap(), } - s := initSwitch(i, NewSwitch(cfg)) + s := NewSwitch(cfg) + s.SetLogger(log.TestingLogger()) + s = initSwitch(i, s) s.SetNodeInfo(NodeInfo{ PubKey: nodeKey.PubKey(), Moniker: cmn.Fmt("switch%d", i), @@ -106,6 +108,5 @@ func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch f ListenAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), }) s.SetNodeKey(nodeKey) - s.SetLogger(log.TestingLogger()) return s } From f06cc6630b5fbc915ee02fafebe9e1a1ad12c061 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 19 Jan 2018 00:57:00 -0500 Subject: [PATCH 080/188] mempool: cfg.CacheSize and expose InitWAL --- config/config.go | 18 ++++++++++++++++-- consensus/replay_test.go | 6 ++++-- mempool/mempool.go | 12 +++++------- mempool/mempool_test.go | 5 +++-- node/node.go | 1 + 5 files changed, 29 insertions(+), 13 deletions(-) diff --git a/config/config.go b/config/config.go index 77bd54d36..072606b43 100644 --- a/config/config.go +++ b/config/config.go @@ -60,9 +60,9 @@ func TestConfig() *Config { BaseConfig: TestBaseConfig(), RPC: TestRPCConfig(), P2P: TestP2PConfig(), - Mempool: DefaultMempoolConfig(), + Mempool: TestMempoolConfig(), Consensus: TestConsensusConfig(), - TxIndex: DefaultTxIndexConfig(), + TxIndex: TestTxIndexConfig(), } } @@ -313,6 +313,7 @@ type MempoolConfig struct { RecheckEmpty bool `mapstructure:"recheck_empty"` Broadcast bool `mapstructure:"broadcast"` WalPath string `mapstructure:"wal_dir"` + CacheSize int `mapstructure:"cache_size"` } // DefaultMempoolConfig returns a default configuration for the Tendermint mempool @@ -322,9 +323,17 @@ func DefaultMempoolConfig() *MempoolConfig { RecheckEmpty: true, Broadcast: true, WalPath: filepath.Join(defaultDataDir, "mempool.wal"), + CacheSize: 100000, } } +// TestMempoolConfig returns a configuration for testing the Tendermint mempool +func TestMempoolConfig() *MempoolConfig { + config := DefaultMempoolConfig() + config.CacheSize = 1000 + return config +} + // WalDir returns the full path to the mempool's write-ahead log func (m *MempoolConfig) WalDir() string { return rootify(m.WalPath, m.RootDir) @@ -492,6 +501,11 @@ func DefaultTxIndexConfig() *TxIndexConfig { } } +// TestTxIndexConfig returns a default configuration for the transaction indexer. +func TestTxIndexConfig() *TxIndexConfig { + return DefaultTxIndexConfig() +} + //----------------------------------------------------------------------------- // Utils diff --git a/consensus/replay_test.go b/consensus/replay_test.go index 242552627..a4786dde5 100644 --- a/consensus/replay_test.go +++ b/consensus/replay_test.go @@ -82,12 +82,14 @@ func startNewConsensusStateAndWaitForBlock(t *testing.T, lastBlockHeight int64, func sendTxs(cs *ConsensusState, ctx context.Context) { i := 0 - for { + tx := []byte{byte(i)} + for i := 0; i < 256; i++ { select { case <-ctx.Done(): return default: - cs.mempool.CheckTx([]byte{byte(i)}, nil) + tx[0] = byte(i) + cs.mempool.CheckTx(tx, nil) i++ } } diff --git a/mempool/mempool.go b/mempool/mempool.go index ccd615ac2..04dbe50ad 100644 --- a/mempool/mempool.go +++ b/mempool/mempool.go @@ -3,7 +3,6 @@ package mempool import ( "bytes" "container/list" - "fmt" "sync" "sync/atomic" "time" @@ -49,7 +48,7 @@ TODO: Better handle abci client errors. (make it automatically handle connection */ -const cacheSize = 100000 +var ErrTxInCache = errors.New("Tx already exists in cache") // Mempool is an ordered in-memory pool for transactions before they are proposed in a consensus // round. Transaction validity is checked using the CheckTx abci message before the transaction is @@ -92,9 +91,8 @@ func NewMempool(config *cfg.MempoolConfig, proxyAppConn proxy.AppConnMempool, he recheckCursor: nil, recheckEnd: nil, logger: log.NewNopLogger(), - cache: newTxCache(cacheSize), + cache: newTxCache(config.CacheSize), } - mempool.initWAL() proxyAppConn.SetResponseCallback(mempool.resCb) return mempool } @@ -131,7 +129,7 @@ func (mem *Mempool) CloseWAL() bool { return true } -func (mem *Mempool) initWAL() { +func (mem *Mempool) InitWAL() { walDir := mem.config.WalDir() if walDir != "" { err := cmn.EnsureDir(walDir, 0700) @@ -192,7 +190,7 @@ func (mem *Mempool) CheckTx(tx types.Tx, cb func(*abci.Response)) (err error) { // CACHE if mem.cache.Exists(tx) { - return fmt.Errorf("Tx already exists in cache") + return ErrTxInCache } mem.cache.Push(tx) // END CACHE @@ -449,7 +447,7 @@ func newTxCache(cacheSize int) *txCache { // Reset resets the txCache to empty. func (cache *txCache) Reset() { cache.mtx.Lock() - cache.map_ = make(map[string]struct{}, cacheSize) + cache.map_ = make(map[string]struct{}, cache.size) cache.list.Init() cache.mtx.Unlock() } diff --git a/mempool/mempool_test.go b/mempool/mempool_test.go index 4d75cc58d..6dfb5984b 100644 --- a/mempool/mempool_test.go +++ b/mempool/mempool_test.go @@ -236,12 +236,13 @@ func TestMempoolCloseWAL(t *testing.T) { require.Equal(t, 0, len(m1), "no matches yet") // 3. Create the mempool - wcfg := *(cfg.DefaultMempoolConfig()) + wcfg := cfg.DefaultMempoolConfig() wcfg.RootDir = rootDir app := dummy.NewDummyApplication() cc := proxy.NewLocalClientCreator(app) appConnMem, _ := cc.NewABCIClient() - mempool := NewMempool(&wcfg, appConnMem, 10) + mempool := NewMempool(wcfg, appConnMem, 10) + mempool.InitWAL() // 4. Ensure that the directory contains the WAL file m2, err := filepath.Glob(filepath.Join(rootDir, "*")) diff --git a/node/node.go b/node/node.go index 6c816a9ef..3012ed057 100644 --- a/node/node.go +++ b/node/node.go @@ -189,6 +189,7 @@ func NewNode(config *cfg.Config, // Make MempoolReactor mempoolLogger := logger.With("module", "mempool") mempool := mempl.NewMempool(config.Mempool, proxyApp.Mempool(), state.LastBlockHeight) + mempool.InitWAL() // no need to have the mempool wal during tests mempool.SetLogger(mempoolLogger) mempoolReactor := mempl.NewMempoolReactor(config.Mempool, mempool) mempoolReactor.SetLogger(mempoolLogger) From 6f3d9b4be3d281feac4d2495889d1584c9ed0df8 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 19 Jan 2018 01:36:52 -0500 Subject: [PATCH 081/188] fix race --- consensus/replay_test.go | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/consensus/replay_test.go b/consensus/replay_test.go index a4786dde5..483bd3a7c 100644 --- a/consensus/replay_test.go +++ b/consensus/replay_test.go @@ -81,14 +81,12 @@ func startNewConsensusStateAndWaitForBlock(t *testing.T, lastBlockHeight int64, } func sendTxs(cs *ConsensusState, ctx context.Context) { - i := 0 - tx := []byte{byte(i)} for i := 0; i < 256; i++ { select { case <-ctx.Done(): return default: - tx[0] = byte(i) + tx := []byte{byte(i)} cs.mempool.CheckTx(tx, nil) i++ } From d36e118bf60da9a952e967daa4638dba15627341 Mon Sep 17 00:00:00 2001 From: Zarko Milosevic Date: Mon, 8 Jan 2018 13:12:09 +0100 Subject: [PATCH 082/188] Add Consensus reactor spec --- .../new-spec/consensus-reactor.md | 355 ++++++++++++++++++ 1 file changed, 355 insertions(+) create mode 100644 docs/specification/new-spec/consensus-reactor.md diff --git a/docs/specification/new-spec/consensus-reactor.md b/docs/specification/new-spec/consensus-reactor.md new file mode 100644 index 000000000..f0d3e7500 --- /dev/null +++ b/docs/specification/new-spec/consensus-reactor.md @@ -0,0 +1,355 @@ +# Consensus Reactor + +Consensus Reactor defines a reactor for the consensus service. It contains ConsensusState service that +manages the state of the Tendermint consensus internal state machine. +When Consensus Reactor is started, it starts Broadcast Routine and it starts ConsensusState service. +Furthermore, for each peer that is added to the Consensus Reactor, it creates (and manage) known peer state +(that is used extensively in gossip routines) and starts the following three routines for the peer p: +Gossip Data Routine, Gossip Votes Routine and QueryMaj23Routine. Finally, Consensus Reactor is responsible +for decoding messages received from a peer and for adequate processing of the message depending on its type and content. +The processing normally consists of updating the known peer state and for some messages +(`ProposalMessage`, `BlockPartMessage` and `VoteMessage`) also forwarding message to ConsensusState module +for further processing. In the following text we specify the core functionality of those separate unit of executions +that are part of the Consensus Reactor. + +## ConsensusState service + +Consensus State handles execution of the Tendermint BFT consensus algorithm. It processes votes and proposals, +and upon reaching agreement, commits blocks to the chain and executes them against the application. +The internal state machine receives input from peers, the internal validator and from a timer. + +Inside Consensus State we have the following units of execution: Timeout Ticker and Receive Routine. +Timeout Ticker is a timer that schedules timeouts conditional on the height/round/step that are processed +by the Receive Routine. + + +### Receive Routine of the ConsensusState service + +Receive Routine of the ConsensusState handles messages which may cause internal consensus state transitions. +It is the only routine that updates RoundState that contains internal consensus state. +Updates (state transitions) happen on timeouts, complete proposals, and 2/3 majorities. +It receives messages from peers, internal validators and from Timeout Ticker +and invokes the corresponding handlers, potentially updating the RoundState. +The details of the protocol (together with formal proofs of correctness) implemented by the Receive Routine are +discussed in separate document (see [spec](https://github.com/tendermint/spec)). For understanding of this document +it is sufficient to understand that the Receive Routine manages and updates RoundState data structure that is +then extensively used by the gossip routines to determine what information should be sent to peer processes. + +## Round State + +RoundState defines the internal consensus state. It contains height, round, round step, a current validator set, +a proposal and proposal block for the current round, locked round and block (if some block is being locked), set of +received votes and last commit and last validators set. + +``` +type RoundState struct { + Height int64 + Round int + Step RoundStepType + Validators ValidatorSet + Proposal Proposal + ProposalBlock Block + ProposalBlockParts PartSet + LockedRound int + LockedBlock Block + LockedBlockParts PartSet + Votes HeightVoteSet + LastCommit VoteSet + LastValidators ValidatorSet +} +``` + +Internally, consensus will run as a state machine with the following states: +RoundStepNewHeight, RoundStepNewRound, RoundStepPropose, RoundStepProposeWait, RoundStepPrevote, +RoundStepPrevoteWait, RoundStepPrecommit, RoundStepPrecommitWait and RoundStepCommit. + +## Peer Round State + +Peer round state contains the known state of a peer. It is being updated by the Receive routine of +Consensus Reactor and by the gossip routines upon sending a message to the peer. + +``` +type PeerRoundState struct { + Height int64 // Height peer is at + Round int // Round peer is at, -1 if unknown. + Step RoundStepType // Step peer is at + Proposal bool // True if peer has proposal for this round + ProposalBlockPartsHeader PartSetHeader + ProposalBlockParts BitArray + ProposalPOLRound int // Proposal's POL round. -1 if none. + ProposalPOL BitArray // nil until ProposalPOLMessage received. + Prevotes BitArray // All votes peer has for this round + Precommits BitArray // All precommits peer has for this round + LastCommitRound int // Round of commit for last height. -1 if none. + LastCommit BitArray // All commit precommits of commit for last height. + CatchupCommitRound int // Round that we have commit for. Not necessarily unique. -1 if none. + CatchupCommit BitArray // All commit precommits peer has for this height & CatchupCommitRound +} +``` + +## Receive method of Consensus reactor + +The entry point of the Consensus reactor is a receive method. When a message is received from a peer p, +normally the peer round state is updated correspondingly, and some messages +are passed for further processing, for example to ConsensusState service. We now specify the processing of messages +in the receive method of Consensus reactor for each message type. In the following message handler, rs denotes +RoundState and prs PeerRoundState. + +### NewRoundStepMessage handler + +``` +handleMessage(msg): + if msg is from smaller height/round/step then return + // Just remember these values. + prsHeight = prs.Height + prsRound = prs.Round + prsCatchupCommitRound = prs.CatchupCommitRound + prsCatchupCommit = prs.CatchupCommit + + Update prs with values from msg + if prs.Height or prs.Round has been updated then + reset Proposal related fields of the peer state + if prs.Round has been updated and msg.Round == prsCatchupCommitRound then + prs.Precommits = psCatchupCommit + if prs.Height has been updated then + if prsHeight+1 == msg.Height && prsRound == msg.LastCommitRound then + prs.LastCommitRound = msg.LastCommitRound + prs.LastCommit = prs.Precommits + } else { + prs.LastCommitRound = msg.LastCommitRound + prs.LastCommit = nil + } + Reset prs.CatchupCommitRound and prs.CatchupCommit +``` + +### CommitStepMessage handler + +``` +handleMessage(msg): + if prs.Height == msg.Height then + prs.ProposalBlockPartsHeader = msg.BlockPartsHeader + prs.ProposalBlockParts = msg.BlockParts +``` + +### HasVoteMessage handler + +``` +handleMessage(msg): + if prs.Height == msg.Height then + prs.setHasVote(msg.Height, msg.Round, msg.Type, msg.Index) +``` + +### VoteSetMaj23Message handler + +``` +handleMessage(msg): + if prs.Height == msg.Height then + Record in rs that a peer claim to have ⅔ majority for msg.BlockID + Send VoteSetBitsMessage showing votes node has for that BlockId +``` + +### ProposalMessage handler + +``` +handleMessage(msg): + if prs.Height != msg.Height || prs.Round != msg.Round || prs.Proposal then return + prs.Proposal = true + prs.ProposalBlockPartsHeader = msg.BlockPartsHeader + prs.ProposalBlockParts = empty set + prs.ProposalPOLRound = msg.POLRound + prs.ProposalPOL = nil + Send msg through internal peerMsgQueue to ConsensusState service +``` + +### ProposalPOLMessage handler + +``` +handleMessage(msg): + if prs.Height != msg.Height or prs.ProposalPOLRound != msg.ProposalPOLRound then return + prs.ProposalPOL = msg.ProposalPOL +``` + +### BlockPartMessage handler + +``` +handleMessage(msg): + if prs.Height != msg.Height || prs.Round != msg.Round then return + Record in prs that peer has block part msg.Part.Index + Send msg trough internal peerMsgQueue to ConsensusState service +``` + +### VoteMessage handler + +``` +handleMessage(msg): + Record in prs that a peer knows vote with index msg.vote.ValidatorIndex for particular height and round + Send msg trough internal peerMsgQueue to ConsensusState service +``` + +### VoteSetBitsMessage handler + +``` +handleMessage(msg): + Update prs for the bit-array of votes peer claims to have for the msg.BlockID +``` + +## Gossip Data Routine + +It is used to send the following messages to the peer: `BlockPartMessage`, `ProposalMessage` and +`ProposalPOLMessage` on the DataChannel. The gossip data routine is based on the local RoundState (denoted rs) +and the known PeerRoundState (denotes prs). The routine repeats forever the logic shown below: + +``` +1a) if rs.ProposalBlockPartsHeader == prs.ProposalBlockPartsHeader and the peer does not have all the proposal parts then + Part = pick a random proposal block part the peer does not have + Send BlockPartMessage(rs.Height, rs.Round, Part) to the peer on the DataChannel + if send returns true, record that the peer knows the corresponding block Part + Continue + +1b) if (0 < prs.Height) and (prs.Height < rs.Height) then + help peer catch up using gossipDataForCatchup function + Continue + +1c) if (rs.Height != prs.Height) or (rs.Round != prs.Round) then + Sleep PeerGossipSleepDuration + Continue + +// at this point rs.Height == prs.Height and rs.Round == prs.Round +1d) if (rs.Proposal != nil and !prs.Proposal) then + Send ProposalMessage(rs.Proposal) to the peer + if send returns true, record that the peer knows Proposal + if 0 <= rs.Proposal.POLRound then + polRound = rs.Proposal.POLRound + prevotesBitArray = rs.Votes.Prevotes(polRound).BitArray() + Send ProposalPOLMessage(rs.Height, polRound, prevotesBitArray) + Continue + +2) Sleep PeerGossipSleepDuration +``` + +### Gossip Data For Catchup + +This function is responsible for helping peer catch up if it is at the smaller height (prs.Height < rs.Height). +The function executes the following logic: + + if peer does not have all block parts for prs.ProposalBlockPart then + blockMeta = Load Block Metadata for height prs.Height from blockStore + if (!blockMeta.BlockID.PartsHeader == prs.ProposalBlockPartsHeader) then + Sleep PeerGossipSleepDuration + return + Part = pick a random proposal block part the peer does not have + Send BlockPartMessage(prs.Height, prs.Round, Part) to the peer on the DataChannel + if send returns true, record that the peer knows the corresponding block Part + return + else Sleep PeerGossipSleepDuration + +## Gossip Votes Routine + +It is used to send the following message: `VoteMessage` on the VoteChannel. +The gossip votes routine is based on the local RoundState (denoted rs) +and the known PeerRoundState (denotes prs). The routine repeats forever the logic shown below: + +``` +1a) if rs.Height == prs.Height then + if prs.Step == RoundStepNewHeight then + vote = random vote from rs.LastCommit the peer does not have + Send VoteMessage(vote) to the peer + if send returns true, continue + + if prs.Step <= RoundStepPrevote and prs.Round != -1 and prs.Round <= rs.Round then + Prevotes = rs.Votes.Prevotes(prs.Round) + vote = random vote from Prevotes the peer does not have + Send VoteMessage(vote) to the peer + if send returns true, continue + + if prs.Step <= RoundStepPrecommit and prs.Round != -1 and prs.Round <= rs.Round then + Precommits = rs.Votes.Precommits(prs.Round) + vote = random vote from Precommits the peer does not have + Send VoteMessage(vote) to the peer + if send returns true, continue + + if prs.ProposalPOLRound != -1 then + PolPrevotes = rs.Votes.Prevotes(prs.ProposalPOLRound) + vote = random vote from PolPrevotes the peer does not have + Send VoteMessage(vote) to the peer + if send returns true, continue + +1b) if prs.Height != 0 and rs.Height == prs.Height+1 then + vote = random vote from rs.LastCommit peer does not have + Send VoteMessage(vote) to the peer + if send returns true, continue + +1c) if prs.Height != 0 and rs.Height >= prs.Height+2 then + Commit = get commit from BlockStore for prs.Height + vote = random vote from Commit the peer does not have + Send VoteMessage(vote) to the peer + if send returns true, continue + +2) Sleep PeerGossipSleepDuration +``` + +## QueryMaj23Routine + +It is used to send the following message: `VoteSetMaj23Message`. `VoteSetMaj23Message` is sent to indicate that a given +BlockID has seen +2/3 votes. This routine is based on the local RoundState (denoted rs) and the known PeerRoundState +(denotes prs). The routine repeats forever the logic shown below. + +``` +1a) if rs.Height == prs.Height then + Prevotes = rs.Votes.Prevotes(prs.Round) + if there is a ⅔ majority for some blockId in Prevotes then + m = VoteSetMaj23Message(prs.Height, prs.Round, Prevote, blockId) + Send m to peer + Sleep PeerQueryMaj23SleepDuration + +1b) if rs.Height == prs.Height then + Precommits = rs.Votes.Precommits(prs.Round) + if there is a ⅔ majority for some blockId in Precommits then + m = VoteSetMaj23Message(prs.Height,prs.Round,Precommit,blockId) + Send m to peer + Sleep PeerQueryMaj23SleepDuration + +1c) if rs.Height == prs.Height and prs.ProposalPOLRound >= 0 then + Prevotes = rs.Votes.Prevotes(prs.ProposalPOLRound) + if there is a ⅔ majority for some blockId in Prevotes then + m = VoteSetMaj23Message(prs.Height,prs.ProposalPOLRound,Prevotes,blockId) + Send m to peer + Sleep PeerQueryMaj23SleepDuration + +1d) if prs.CatchupCommitRound != -1 and 0 < prs.Height and + prs.Height <= blockStore.Height() then + Commit = LoadCommit(prs.Height) + m = VoteSetMaj23Message(prs.Height,Commit.Round,Precommit,Commit.blockId) + Send m to peer + Sleep PeerQueryMaj23SleepDuration + +2) Sleep PeerQueryMaj23SleepDuration +``` + +## Broadcast routine + +The Broadcast routine subscribes to internal event bus to receive new round steps, votes messages and proposal +heartbeat messages, and broadcasts messages to peers upon receiving those events. +It brodcasts `NewRoundStepMessage` or `CommitStepMessage` upon new round state event. Note that +broadcasting these messages does not depend on the PeerRoundState. It is sent on the StateChannel. +Upon receiving VoteMessage it broadcasts `HasVoteMessage` message to its peers on the StateChannel. +`ProposalHeartbeatMessage` is sent the same way on the StateChannel. + + + + + + + + + + + + + + + + + + + From f2d19162d2a0704a5834f10c71b33ef22c8af832 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 19 Jan 2018 17:10:08 -0500 Subject: [PATCH 083/188] fixes from caffix review --- docs/specification/new-spec/p2p/connection.md | 2 +- docs/specification/new-spec/p2p/peer.md | 5 +++-- docs/specification/new-spec/p2p/pex.md | 18 +++++++++++------- docs/specification/new-spec/p2p/trustmetric.md | 16 ---------------- 4 files changed, 15 insertions(+), 26 deletions(-) delete mode 100644 docs/specification/new-spec/p2p/trustmetric.md diff --git a/docs/specification/new-spec/p2p/connection.md b/docs/specification/new-spec/p2p/connection.md index dfe0d090f..400111f4a 100644 --- a/docs/specification/new-spec/p2p/connection.md +++ b/docs/specification/new-spec/p2p/connection.md @@ -46,7 +46,7 @@ is returned for processing by the corresponding channels `onReceive` function. Messages are sent from a single `sendRoutine`, which loops over a select statement that results in the sending of a ping, a pong, or a batch of data messages. The batch of data messages may include messages from multiple channels. Message bytes are queued for sending in their respective channel, with each channel holding one unsent message at a time. -Messages are chosen for a batch one a time from the channel with the lowest ratio of recently sent bytes to channel priority. +Messages are chosen for a batch one at a time from the channel with the lowest ratio of recently sent bytes to channel priority. ## Sending Messages diff --git a/docs/specification/new-spec/p2p/peer.md b/docs/specification/new-spec/p2p/peer.md index a172764c1..39be966b1 100644 --- a/docs/specification/new-spec/p2p/peer.md +++ b/docs/specification/new-spec/p2p/peer.md @@ -1,7 +1,8 @@ # Tendermint Peers -This document explains how Tendermint Peers are identified, how they connect to one another, -and how other peers are found. +This document explains how Tendermint Peers are identified and how they connect to one another. + +For details on peer discovery, see the [peer exchange (PEX) reactor doc](pex.md). ## Peer Identity diff --git a/docs/specification/new-spec/p2p/pex.md b/docs/specification/new-spec/p2p/pex.md index a71b97174..43d6f80d7 100644 --- a/docs/specification/new-spec/p2p/pex.md +++ b/docs/specification/new-spec/p2p/pex.md @@ -8,10 +8,10 @@ to good peers and to gossip peers to others. Certain peers are special in that they are specified by the user as `persistent`, which means we auto-redial them if the connection fails. -Some such peers can additional be marked as `private`, which means -we will not gossip them to others. +Some peers can be marked as `private`, which means +we will not put them in the address book or gossip them to others. -All others peers are tracked using an address book. +All peers except private peers are tracked using the address book. ## Discovery @@ -31,7 +31,7 @@ Peers are added to the address book from the PEX when they first connect to us o when we hear about them from other peers. The address book is arranged in sets of buckets, and distinguishes between -vetted and unvetted peers. It keeps different sets of buckets for vetted and +vetted (old) and unvetted (new) peers. It keeps different sets of buckets for vetted and unvetted peers. Buckets provide randomization over peer selection. A vetted peer can only be in one bucket. An unvetted peer can be in multiple buckets. @@ -52,7 +52,7 @@ If a peer becomes unvetted (either a new peer, or one that was previously vetted a randomly selected one of the unvetted peers is removed from the address book. More fine-grained tracking of peer behaviour can be done using -a Trust Metric, but it's best to start with something simple. +a trust metric (see below), but it's best to start with something simple. ## Select Peers to Dial @@ -75,7 +75,7 @@ Send the selected peers. Note we select peers for sending without bias for vette There are various cases where we decide a peer has misbehaved and we disconnect from them. When this happens, the peer is removed from the address book and black listed for some amount of time. We call this "Disconnect and Mark". -Note that the bad behaviour may be detected outside the PEX reactor itseld +Note that the bad behaviour may be detected outside the PEX reactor itself (for instance, in the mconnection, or another reactor), but it must be communicated to the PEX reactor so it can remove and mark the peer. @@ -86,9 +86,13 @@ we Disconnect and Mark. ## Trust Metric The quality of peers can be tracked in more fine-grained detail using a -Proportional-Integral-Derrivative (PID) controller that incorporates +Proportional-Integral-Derivative (PID) controller that incorporates current, past, and rate-of-change data to inform peer quality. While a PID trust metric has been implemented, it remains for future work to use it in the PEX. +See the [trustmetric](../../../architecture/adr-006-trust-metric.md ) +and [trustmetric useage](../../../architecture/adr-007-trust-metric-usage.md ) +architecture docs for more details. + diff --git a/docs/specification/new-spec/p2p/trustmetric.md b/docs/specification/new-spec/p2p/trustmetric.md deleted file mode 100644 index b0eaf96e5..000000000 --- a/docs/specification/new-spec/p2p/trustmetric.md +++ /dev/null @@ -1,16 +0,0 @@ - -The trust metric tracks the quality of the peers. -When a peer exceeds a certain quality for a certain amount of time, -it is marked as vetted in the addrbook. -If a vetted peer's quality degrades sufficiently, it is booted, and must prove itself from scratch. -If we need to make room for a new vetted peer, we move the lowest scoring vetted peer back to unvetted. -If we need to make room for a new unvetted peer, we remove the lowest scoring unvetted peer - -possibly only if its below some absolute minimum ? - -Peer quality is tracked in the connection and across the reactors. -Behaviours are defined as one of: - - fatal - something outright malicious. we should disconnect and remember them. - - bad - any kind of timeout, msgs that dont unmarshal, or fail other validity checks, or msgs we didn't ask for or arent expecting - - neutral - normal correct behaviour. unknown channels/msg types (version upgrades). - - good - some random majority of peers per reactor sending us useful messages - From ae27e85bf7dc29323cfc73505b040b83293e9990 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 19 Jan 2018 17:51:09 -0500 Subject: [PATCH 084/188] add warnings about new spec --- docs/specification/new-spec/README.md | 15 +++++++++++++-- docs/specification/new-spec/encoding.md | 15 +++++++++------ 2 files changed, 22 insertions(+), 8 deletions(-) diff --git a/docs/specification/new-spec/README.md b/docs/specification/new-spec/README.md index 8a07d9221..179048ddd 100644 --- a/docs/specification/new-spec/README.md +++ b/docs/specification/new-spec/README.md @@ -1,14 +1,24 @@ # Tendermint Specification This is a markdown specification of the Tendermint blockchain. - It defines the base data structures used in the blockchain and how they are validated. -It contains the following components: +XXX: this spec is a work in progress and not yet complete - see github +[isses](https://github.com/tendermint/tendermint/issues) and +[pull requests](https://github.com/tendermint/tendermint/pulls) +for more details. +If you find discrepancies between the spec and the code that +do not have an associated issue or pull request on github, +please submit them to our [bug bounty](https://tendermint.com/security)! + +## Contents + +- [Overview](#overview) - [Encoding and Digests](encoding.md) - [Blockchain](blockchain.md) - [State](state.md) +- [Consensus](consensus.md) - [P2P](p2p/node.md) ## Overview @@ -56,3 +66,4 @@ We call this the `State`. Block verification also requires access to the previou - Light Client - P2P - Reactor protocols (consensus, mempool, blockchain, pex) + diff --git a/docs/specification/new-spec/encoding.md b/docs/specification/new-spec/encoding.md index 02456d84f..f401dde7c 100644 --- a/docs/specification/new-spec/encoding.md +++ b/docs/specification/new-spec/encoding.md @@ -6,6 +6,9 @@ Tendermint aims to encode data structures in a manner similar to how the corresp Variable length items are length-prefixed. While the encoding was inspired by Go, it is easily implemented in other languages as well given its intuitive design. +XXX: This is changing to use real varints and 4-byte-prefixes. +See https://github.com/tendermint/go-wire/tree/sdk2. + ### Fixed Length Integers Fixed length integers are encoded in Big-Endian using the specified number of bytes. @@ -94,13 +97,13 @@ encode([]string{"abc", "efg"}) == [0x01, 0x02, 0x01, 0x03, 0x61, 0x62, 0x63, 0x ``` ### BitArray -BitArray is encoded as an `int` of the number of bits, and with an array of `uint64` to encode +BitArray is encoded as an `int` of the number of bits, and with an array of `uint64` to encode value of each array element. ``` type BitArray struct { - Bits int - Elems []uint64 + Bits int + Elems []uint64 } ``` @@ -192,8 +195,8 @@ MakeParts(object, partSize) ``` type Part struct { - Index int - Bytes byte[] - Proof byte[] + Index int + Bytes byte[] + Proof byte[] } ``` From 39d8da35364f740aec4dd4009bc3c0ef95cbaa26 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 20 Jan 2018 14:54:59 -0500 Subject: [PATCH 085/188] docs: update getting started [ci skip] --- docs/examples/getting-started.md | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/docs/examples/getting-started.md b/docs/examples/getting-started.md index d7447428d..3ae42e27f 100644 --- a/docs/examples/getting-started.md +++ b/docs/examples/getting-started.md @@ -22,19 +22,22 @@ The script is also used to facilitate cluster deployment below. ### Manual Install -Requires: -- `go` minimum version 1.9.2 -- `$GOPATH` set and `$GOPATH/bin` on your $PATH (see https://github.com/tendermint/tendermint/wiki/Setting-GOPATH) +Requires: +- `go` minimum version 1.9 +- `$GOPATH` environment variable must be set +- `$GOPATH/bin` must be on your `$PATH` (see https://github.com/tendermint/tendermint/wiki/Setting-GOPATH) To install Tendermint, run: ``` go get github.com/tendermint/tendermint cd $GOPATH/src/github.com/tendermint/tendermint -make get_vendor_deps +make get_tools && make get_vendor_deps make install ``` +Note that `go get` may return an error but it can be ignored. + Confirm installation: ``` @@ -98,7 +101,7 @@ and check that it worked with: curl -s 'localhost:46657/abci_query?data="abcd"' ``` -We can send transactions with a key:value store: +We can send transactions with a key and value too: ``` curl -s 'localhost:46657/broadcast_tx_commit?tx="name=satoshi"' @@ -114,9 +117,9 @@ where the value is returned in hex. ## Cluster of Nodes -First create four Ubuntu cloud machines. The following was testing on Digital Ocean Ubuntu 16.04 x64 (3GB/1CPU, 20GB SSD). We'll refer to their respective IP addresses below as IP1, IP2, IP3, IP4. +First create four Ubuntu cloud machines. The following was tested on Digital Ocean Ubuntu 16.04 x64 (3GB/1CPU, 20GB SSD). We'll refer to their respective IP addresses below as IP1, IP2, IP3, IP4. -Then, `ssh` into each machine, and `curl` then execute [this script](https://git.io/vNLfY): +Then, `ssh` into each machine, and execute [this script](https://git.io/vNLfY): ``` curl -L https://git.io/vNLfY | bash @@ -128,12 +131,12 @@ This will install `go` and other dependencies, get the Tendermint source code, t Next, `cd` into `docs/examples`. Each command below should be run from each node, in sequence: ``` -tendermint node --home ./node1 --proxy_app=dummy -tendermint node --home ./node2 --proxy_app=dummy --p2p.seeds IP1:46656 -tendermint node --home ./node3 --proxy_app=dummy --p2p.seeds IP1:46656,IP2:46656 -tendermint node --home ./node4 --proxy_app=dummy --p2p.seeds IP1:46656,IP2:46656,IP3:46656 +tendermint node --home ./node1 --proxy_app=dummy --p2p.seeds IP1:46656,IP2:46656,IP3:46656,IP4:46656 +tendermint node --home ./node2 --proxy_app=dummy --p2p.seeds IP1:46656,IP2:46656,IP3:46656,IP4:46656 +tendermint node --home ./node3 --proxy_app=dummy --p2p.seeds IP1:46656,IP2:46656,IP3:46656,IP4:46656 +tendermint node --home ./node4 --proxy_app=dummy --p2p.seeds IP1:46656,IP2:46656,IP3:46656,IP4:46656 ``` -Note that after the third node is started, blocks will start to stream in because >2/3 of validators (defined in the `genesis.json` have come online). Seeds can also be specified in the `config.toml`. See [this PR](https://github.com/tendermint/tendermint/pull/792) for more information about configuration options. +Note that after the third node is started, blocks will start to stream in because >2/3 of validators (defined in the `genesis.json`) have come online. Seeds can also be specified in the `config.toml`. See [this PR](https://github.com/tendermint/tendermint/pull/792) for more information about configuration options. Transactions can then be sent as covered in the single, local node example above. From 949211a137287b209783dfeb2eb03a0978f5e0a2 Mon Sep 17 00:00:00 2001 From: caffix Date: Tue, 9 Jan 2018 20:12:41 -0500 Subject: [PATCH 086/188] added a test for PEX reactor seed mode --- p2p/pex_reactor.go | 268 ++++++++++++++++++++++++++++++++++++++++ p2p/pex_reactor_test.go | 45 +++++++ 2 files changed, 313 insertions(+) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 93fddc111..7313f7d56 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -5,6 +5,7 @@ import ( "fmt" "math/rand" "reflect" + "sort" "time" "github.com/pkg/errors" @@ -334,6 +335,273 @@ func (r *PEXReactor) checkSeeds() error { return nil } +// Explores the network searching for more peers. (continuous) +// Seed/Crawler Mode causes this node to quickly disconnect +// from peers, except other seed nodes. +func (r *PEXReactor) seedCrawlerMode() { + // Do an initial crawl + r.crawlPeers() + + // Fire periodically + ticker := time.NewTicker(defaultSeedModePeriod) + + for { + select { + case <-ticker.C: + r.attemptDisconnects() + r.crawlPeers() + case <-r.Quit: + return + } + } +} + +// crawlStatus handles temporary data needed for the +// network crawling performed during seed/crawler mode. +type crawlStatus struct { + // The remote address of a potential peer we learned about + Addr *NetAddress + + // Not empty if we are connected to the address + PeerID string + + // The last time we attempt to reach this address + LastAttempt time.Time + + // The last time we successfully reached this address + LastSuccess time.Time +} + +// oldestFirst implements sort.Interface for []crawlStatus +// based on the LastAttempt field. +type oldestFirst []crawlStatus + +func (of oldestFirst) Len() int { return len(of) } +func (of oldestFirst) Swap(i, j int) { of[i], of[j] = of[j], of[i] } +func (of oldestFirst) Less(i, j int) bool { return of[i].LastAttempt.Before(of[j].LastAttempt) } + +// getCrawlStatus returns addresses of potential peers that we wish to validate. +// NOTE: The status information is ordered as described above. +func (r *PEXReactor) getCrawlStatus() []crawlStatus { + var of oldestFirst + + addrs := r.book.ListOfKnownAddresses() + // Go through all the addresses in the AddressBook + for _, addr := range addrs { + var peerID string + + // Check if a peer is already connected from this addr + if p := r.Switch.peers.GetByRemoteAddr(addr.Addr); p != nil { + peerID = p.Key() + } + + of = append(of, crawlStatus{ + Addr: addr.Addr, + PeerID: peerID, + LastAttempt: addr.LastAttempt, + LastSuccess: addr.LastSuccess, + }) + } + sort.Sort(of) + return of +} + +// crawlPeers will crawl the network looking for new peer addresses. (once) +// +// TODO Basically, we need to work harder on our good-peer/bad-peer marking. +// What we're currently doing in terms of marking good/bad peers is just a +// placeholder. It should not be the case that an address becomes old/vetted +// upon a single successful connection. +func (r *PEXReactor) crawlPeers() { + crawlerStatus := r.getCrawlStatus() + + now := time.Now() + // Use addresses we know of to reach additional peers + for _, cs := range crawlerStatus { + // Do not dial peers that are already connected + if cs.PeerID != "" { + continue + } + // Do not attempt to connect with peers we recently dialed + if now.Sub(cs.LastAttempt) < defaultCrawlPeerInterval { + continue + } + // Otherwise, attempt to connect with the known address + p, err := r.Switch.DialPeerWithAddress(cs.Addr, false) + if err != nil { + r.book.MarkAttempt(cs.Addr) + continue + } + // Enter the peer ID into our crawl status information + cs.PeerID = p.Key() + r.book.MarkGood(cs.Addr) + } + // Crawl the connected peers asking for more addresses + for _, cs := range crawlerStatus { + if cs.PeerID == "" { + continue + } + // We will wait a minimum period of time before crawling peers again + if now.Sub(cs.LastAttempt) >= defaultCrawlPeerInterval { + p := r.Switch.Peers().Get(cs.PeerID) + if p != nil { + r.RequestPEX(p) + r.book.MarkAttempt(cs.Addr) + } + } + } +} + +// attemptDisconnects checks the crawlStatus info for Peers to disconnect from. (once) +func (r *PEXReactor) attemptDisconnects() { + crawlerStatus := r.getCrawlStatus() + + now := time.Now() + // Go through each peer we have connected with + // looking for opportunities to disconnect + for _, cs := range crawlerStatus { + if cs.PeerID == "" { + continue + } + // Remain connected to each peer for a minimum period of time + if now.Sub(cs.LastSuccess) < defaultSeedDisconnectWaitPeriod { + continue + } + // Fetch the Peer using the saved ID + p := r.Switch.Peers().Get(cs.PeerID) + if p == nil { + continue + } + // Do not disconnect from persistent peers. + // Specifically, we need to remain connected to other seeds + if p.IsPersistent() { + continue + } + // Otherwise, disconnect from the peer + r.Switch.StopPeerGracefully(p) + } +} + +// crawlStatus handles temporary data needed for the +// network crawling performed during seed/crawler mode. +type crawlStatus struct { + // The remote address of a potential peer we learned about + Addr *NetAddress + + // Not empty if we are connected to the address + PeerID string + + // The last time we attempt to reach this address + LastAttempt time.Time + + // The last time we successfully reached this address + LastSuccess time.Time +} + +// oldestAttempt implements sort.Interface for []crawlStatus +// based on the LastAttempt field. +type oldestAttempt []crawlStatus + +func (oa oldestAttempt) Len() int { return len(oa) } +func (oa oldestAttempt) Swap(i, j int) { oa[i], oa[j] = oa[j], oa[i] } +func (oa oldestAttempt) Less(i, j int) bool { return oa[i].LastAttempt.Before(oa[j].LastAttempt) } + +// getCrawlStatus returns addresses of potential peers that we wish to validate. +// NOTE: The status information is ordered as described above. +func (r *PEXReactor) getCrawlStatus() []crawlStatus { + var oa oldestAttempt + + addrs := r.book.ListOfKnownAddresses() + // Go through all the addresses in the AddressBook + for _, addr := range addrs { + p := r.Switch.peers.GetByRemoteAddr(addr.Addr) + + oa = append(oa, crawlStatus{ + Addr: addr.Addr, + PeerID: p.Key(), + LastAttempt: addr.LastAttempt, + LastSuccess: addr.LastSuccess, + }) + } + sort.Sort(oa) + return oa +} + +// crawlPeers will crawl the network looking for new peer addresses. (once) +// +// TODO Basically, we need to work harder on our good-peer/bad-peer marking. +// What we're currently doing in terms of marking good/bad peers is just a +// placeholder. It should not be the case that an address becomes old/vetted +// upon a single successful connection. +func (r *PEXReactor) crawlPeers() { + crawlerStatus := r.getCrawlStatus() + + now := time.Now() + // Use addresses we know of to reach additional peers + for _, cs := range crawlerStatus { + // Do not dial peers that are already connected + if cs.PeerID != "" { + continue + } + // Do not attempt to connect with peers we recently dialed + if now.Sub(cs.LastAttempt) < defaultCrawlPeerInterval { + continue + } + // Otherwise, attempt to connect with the known address + p, err := r.Switch.DialPeerWithAddress(cs.Addr, false) + if err != nil { + r.book.MarkAttempt(cs.Addr) + continue + } + // Enter the peer ID into our crawl status information + cs.PeerID = p.Key() + r.book.MarkGood(cs.Addr) + } + // Crawl the connected peers asking for more addresses + for _, cs := range crawlerStatus { + if cs.PeerID == "" { + continue + } + // We will wait a minimum period of time before crawling peers again + if now.Sub(cs.LastAttempt) >= defaultCrawlPeerInterval { + p := r.Switch.peers.Get(cs.PeerID) + if p != nil { + r.RequestPEX(p) + } + } + } +} + +// attemptDisconnects checks the crawlStatus info for Peers to disconnect from. (once) +func (r *PEXReactor) attemptDisconnects() { + crawlerStatus := r.getCrawlStatus() + + now := time.Now() + // Go through each peer we have connected with + // looking for opportunities to disconnect + for _, cs := range crawlerStatus { + if cs.PeerID == "" { + continue + } + // Remain connected to each peer for a minimum period of time + if now.Sub(cs.LastSuccess) < defaultSeedDisconnectWaitPeriod { + continue + } + // Fetch the Peer using the saved ID + p := r.Switch.peers.Get(cs.PeerID) + if p == nil { + continue + } + // Do not disconnect from persistent peers. + // Specifically, we need to remain connected to other seeds + if p.IsPersistent() { + continue + } + // Otherwise, disconnect from the peer + r.Switch.StopPeerGracefully(p) + } +} + // randomly dial seeds until we connect to one or exhaust them func (r *PEXReactor) dialSeed() { lSeeds := len(r.config.Seeds) diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index c0681586a..b8ee89b32 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -286,6 +286,51 @@ func TestPEXReactorUsesSeedsIfNeeded(t *testing.T) { assertSomePeersWithTimeout(t, []*Switch{sw}, 10*time.Millisecond, 10*time.Second) } +func TestPEXReactorCrawlStatus(t *testing.T) { + assert, require := assert.New(t), require.New(t) + + dir, err := ioutil.TempDir("", "pex_reactor") + require.Nil(err) + defer os.RemoveAll(dir) // nolint: errcheck + book := NewAddrBook(dir+"addrbook.json", false) + book.SetLogger(log.TestingLogger()) + + var r *PEXReactor + // Seed/Crawler mode uses data from the Switch + makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { + r = NewPEXReactor(book, true) + r.SetLogger(log.TestingLogger()) + sw.SetLogger(log.TestingLogger().With("switch", i)) + sw.AddReactor("pex", r) + return sw + }) + + // Create a peer, and add it to the peer set + peer := createRandomPeer(false) + r.Switch.peers.Add(peer) + // Add the peer address to the address book + addr1, _ := NewNetAddressString(peer.NodeInfo().ListenAddr) + r.book.AddAddress(addr1, addr1) + // Add an address to the book that does not have a peer + _, addr2 := createRoutableAddr() + r.book.AddAddress(addr2, addr1) + + // Get the crawl status data + status := r.getCrawlStatus() + + // Make sure it has the proper number of elements + assert.Equal(2, len(status)) + + var num int + for _, cs := range status { + if cs.PeerID != "" { + num++ + } + } + // Check that only one has been identified as a connected peer + assert.Equal(1, num) +} + func createRoutableAddr() (addr string, netAddr *NetAddress) { for { addr = cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256) From 88eb3e7af0b63b3bc059453d95f501789e399730 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 14 Jan 2018 01:40:29 -0500 Subject: [PATCH 087/188] some minor renames --- p2p/pex_reactor.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 7313f7d56..0c3567a35 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -21,6 +21,11 @@ const ( defaultEnsurePeersPeriod = 30 * time.Second minNumOutboundPeers = 10 maxPexMessageSize = 1048576 // 1MB + + // Seed/Crawler constants + defaultSeedDisconnectWaitPeriod = 2 * time.Minute + defaultCrawlPeerInterval = 2 * time.Minute + defaultCrawlPeersPeriod = 30 * time.Second ) // PEXReactor handles PEX (peer exchange) and ensures that an @@ -79,7 +84,13 @@ func (r *PEXReactor) OnStart() error { return err } - go r.ensurePeersRoutine() + // Check if this node should run + // in seed/crawler mode + if r.config.SeedMode { + go r.crawlPeersRoutine() + } else { + go r.ensurePeersRoutine() + } return nil } @@ -338,7 +349,7 @@ func (r *PEXReactor) checkSeeds() error { // Explores the network searching for more peers. (continuous) // Seed/Crawler Mode causes this node to quickly disconnect // from peers, except other seed nodes. -func (r *PEXReactor) seedCrawlerMode() { +func (r *PEXReactor) crawlPeersRoutine() { // Do an initial crawl r.crawlPeers() From c2f97e64545920b98aa4ea48f9669b643a80b001 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 20 Jan 2018 18:28:40 -0500 Subject: [PATCH 088/188] p2p: seed mode fixes from rebase and review --- p2p/connection.go | 4 + p2p/pex_reactor.go | 418 +++++++++++++--------------------------- p2p/pex_reactor_test.go | 48 +++-- 3 files changed, 158 insertions(+), 312 deletions(-) diff --git a/p2p/connection.go b/p2p/connection.go index 306eaf7eb..dcb660967 100644 --- a/p2p/connection.go +++ b/p2p/connection.go @@ -88,6 +88,8 @@ type MConnection struct { flushTimer *cmn.ThrottleTimer // flush writes as necessary but throttled. pingTimer *cmn.RepeatTimer // send pings periodically chStatsTimer *cmn.RepeatTimer // update channel stats periodically + + created time.Time // time of creation } // MConnConfig is a MConnection configuration. @@ -502,6 +504,7 @@ FOR_LOOP: } type ConnectionStatus struct { + Duration time.Duration SendMonitor flow.Status RecvMonitor flow.Status Channels []ChannelStatus @@ -517,6 +520,7 @@ type ChannelStatus struct { func (c *MConnection) Status() ConnectionStatus { var status ConnectionStatus + status.Duration = time.Since(c.created) status.SendMonitor = c.sendMonitor.Status() status.RecvMonitor = c.recvMonitor.Status() status.Channels = make([]ChannelStatus, len(c.channels)) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 0c3567a35..5d9194213 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -17,15 +17,22 @@ const ( // PexChannel is a channel for PEX messages PexChannel = byte(0x00) - // period to ensure peers connected - defaultEnsurePeersPeriod = 30 * time.Second - minNumOutboundPeers = 10 - maxPexMessageSize = 1048576 // 1MB + maxPexMessageSize = 1048576 // 1MB + + // ensure we have enough peers + defaultEnsurePeersPeriod = 30 * time.Second + defaultMinNumOutboundPeers = 10 // Seed/Crawler constants - defaultSeedDisconnectWaitPeriod = 2 * time.Minute - defaultCrawlPeerInterval = 2 * time.Minute - defaultCrawlPeersPeriod = 30 * time.Second + // TODO: + // We want seeds to only advertise good peers. + // Peers are marked by external mechanisms. + // We need a config value that can be set to be + // on the order of how long it would take before a good + // peer is marked good. + defaultSeedDisconnectWaitPeriod = 2 * time.Minute // disconnect after this + defaultCrawlPeerInterval = 2 * time.Minute // dont redial for this. TODO: back-off + defaultCrawlPeersPeriod = 30 * time.Second // check some peers every this ) // PEXReactor handles PEX (peer exchange) and ensures that an @@ -51,8 +58,11 @@ type PEXReactor struct { // PEXReactorConfig holds reactor specific configuration data. type PEXReactorConfig struct { - // Seeds is a list of addresses reactor may use if it can't connect to peers - // in the addrbook. + // Seed/Crawler mode + SeedMode bool + + // Seeds is a list of addresses reactor may use + // if it can't connect to peers in the addrbook. Seeds []string } @@ -259,19 +269,12 @@ func (r *PEXReactor) ensurePeersRoutine() { // ensurePeers ensures that sufficient peers are connected. (once) // -// Old bucket / New bucket are arbitrary categories to denote whether an -// address is vetted or not, and this needs to be determined over time via a // heuristic that we haven't perfected yet, or, perhaps is manually edited by // the node operator. It should not be used to compute what addresses are // already connected or not. -// -// TODO Basically, we need to work harder on our good-peer/bad-peer marking. -// What we're currently doing in terms of marking good/bad peers is just a -// placeholder. It should not be the case that an address becomes old/vetted -// upon a single successful connection. func (r *PEXReactor) ensurePeers() { numOutPeers, numInPeers, numDialing := r.Switch.NumPeers() - numToDial := minNumOutboundPeers - (numOutPeers + numDialing) + numToDial := defaultMinNumOutboundPeers - (numOutPeers + numDialing) r.Logger.Info("Ensure peers", "numOutPeers", numOutPeers, "numDialing", numDialing, "numToDial", numToDial) if numToDial <= 0 { return @@ -327,7 +330,7 @@ func (r *PEXReactor) ensurePeers() { // If we are not connected to nor dialing anybody, fallback to dialing a seed. if numOutPeers+numInPeers+numDialing+len(toDial) == 0 { r.Logger.Info("No addresses to dial nor connected peers. Falling back to seeds") - r.dialSeed() + r.dialSeeds() } } @@ -346,275 +349,8 @@ func (r *PEXReactor) checkSeeds() error { return nil } -// Explores the network searching for more peers. (continuous) -// Seed/Crawler Mode causes this node to quickly disconnect -// from peers, except other seed nodes. -func (r *PEXReactor) crawlPeersRoutine() { - // Do an initial crawl - r.crawlPeers() - - // Fire periodically - ticker := time.NewTicker(defaultSeedModePeriod) - - for { - select { - case <-ticker.C: - r.attemptDisconnects() - r.crawlPeers() - case <-r.Quit: - return - } - } -} - -// crawlStatus handles temporary data needed for the -// network crawling performed during seed/crawler mode. -type crawlStatus struct { - // The remote address of a potential peer we learned about - Addr *NetAddress - - // Not empty if we are connected to the address - PeerID string - - // The last time we attempt to reach this address - LastAttempt time.Time - - // The last time we successfully reached this address - LastSuccess time.Time -} - -// oldestFirst implements sort.Interface for []crawlStatus -// based on the LastAttempt field. -type oldestFirst []crawlStatus - -func (of oldestFirst) Len() int { return len(of) } -func (of oldestFirst) Swap(i, j int) { of[i], of[j] = of[j], of[i] } -func (of oldestFirst) Less(i, j int) bool { return of[i].LastAttempt.Before(of[j].LastAttempt) } - -// getCrawlStatus returns addresses of potential peers that we wish to validate. -// NOTE: The status information is ordered as described above. -func (r *PEXReactor) getCrawlStatus() []crawlStatus { - var of oldestFirst - - addrs := r.book.ListOfKnownAddresses() - // Go through all the addresses in the AddressBook - for _, addr := range addrs { - var peerID string - - // Check if a peer is already connected from this addr - if p := r.Switch.peers.GetByRemoteAddr(addr.Addr); p != nil { - peerID = p.Key() - } - - of = append(of, crawlStatus{ - Addr: addr.Addr, - PeerID: peerID, - LastAttempt: addr.LastAttempt, - LastSuccess: addr.LastSuccess, - }) - } - sort.Sort(of) - return of -} - -// crawlPeers will crawl the network looking for new peer addresses. (once) -// -// TODO Basically, we need to work harder on our good-peer/bad-peer marking. -// What we're currently doing in terms of marking good/bad peers is just a -// placeholder. It should not be the case that an address becomes old/vetted -// upon a single successful connection. -func (r *PEXReactor) crawlPeers() { - crawlerStatus := r.getCrawlStatus() - - now := time.Now() - // Use addresses we know of to reach additional peers - for _, cs := range crawlerStatus { - // Do not dial peers that are already connected - if cs.PeerID != "" { - continue - } - // Do not attempt to connect with peers we recently dialed - if now.Sub(cs.LastAttempt) < defaultCrawlPeerInterval { - continue - } - // Otherwise, attempt to connect with the known address - p, err := r.Switch.DialPeerWithAddress(cs.Addr, false) - if err != nil { - r.book.MarkAttempt(cs.Addr) - continue - } - // Enter the peer ID into our crawl status information - cs.PeerID = p.Key() - r.book.MarkGood(cs.Addr) - } - // Crawl the connected peers asking for more addresses - for _, cs := range crawlerStatus { - if cs.PeerID == "" { - continue - } - // We will wait a minimum period of time before crawling peers again - if now.Sub(cs.LastAttempt) >= defaultCrawlPeerInterval { - p := r.Switch.Peers().Get(cs.PeerID) - if p != nil { - r.RequestPEX(p) - r.book.MarkAttempt(cs.Addr) - } - } - } -} - -// attemptDisconnects checks the crawlStatus info for Peers to disconnect from. (once) -func (r *PEXReactor) attemptDisconnects() { - crawlerStatus := r.getCrawlStatus() - - now := time.Now() - // Go through each peer we have connected with - // looking for opportunities to disconnect - for _, cs := range crawlerStatus { - if cs.PeerID == "" { - continue - } - // Remain connected to each peer for a minimum period of time - if now.Sub(cs.LastSuccess) < defaultSeedDisconnectWaitPeriod { - continue - } - // Fetch the Peer using the saved ID - p := r.Switch.Peers().Get(cs.PeerID) - if p == nil { - continue - } - // Do not disconnect from persistent peers. - // Specifically, we need to remain connected to other seeds - if p.IsPersistent() { - continue - } - // Otherwise, disconnect from the peer - r.Switch.StopPeerGracefully(p) - } -} - -// crawlStatus handles temporary data needed for the -// network crawling performed during seed/crawler mode. -type crawlStatus struct { - // The remote address of a potential peer we learned about - Addr *NetAddress - - // Not empty if we are connected to the address - PeerID string - - // The last time we attempt to reach this address - LastAttempt time.Time - - // The last time we successfully reached this address - LastSuccess time.Time -} - -// oldestAttempt implements sort.Interface for []crawlStatus -// based on the LastAttempt field. -type oldestAttempt []crawlStatus - -func (oa oldestAttempt) Len() int { return len(oa) } -func (oa oldestAttempt) Swap(i, j int) { oa[i], oa[j] = oa[j], oa[i] } -func (oa oldestAttempt) Less(i, j int) bool { return oa[i].LastAttempt.Before(oa[j].LastAttempt) } - -// getCrawlStatus returns addresses of potential peers that we wish to validate. -// NOTE: The status information is ordered as described above. -func (r *PEXReactor) getCrawlStatus() []crawlStatus { - var oa oldestAttempt - - addrs := r.book.ListOfKnownAddresses() - // Go through all the addresses in the AddressBook - for _, addr := range addrs { - p := r.Switch.peers.GetByRemoteAddr(addr.Addr) - - oa = append(oa, crawlStatus{ - Addr: addr.Addr, - PeerID: p.Key(), - LastAttempt: addr.LastAttempt, - LastSuccess: addr.LastSuccess, - }) - } - sort.Sort(oa) - return oa -} - -// crawlPeers will crawl the network looking for new peer addresses. (once) -// -// TODO Basically, we need to work harder on our good-peer/bad-peer marking. -// What we're currently doing in terms of marking good/bad peers is just a -// placeholder. It should not be the case that an address becomes old/vetted -// upon a single successful connection. -func (r *PEXReactor) crawlPeers() { - crawlerStatus := r.getCrawlStatus() - - now := time.Now() - // Use addresses we know of to reach additional peers - for _, cs := range crawlerStatus { - // Do not dial peers that are already connected - if cs.PeerID != "" { - continue - } - // Do not attempt to connect with peers we recently dialed - if now.Sub(cs.LastAttempt) < defaultCrawlPeerInterval { - continue - } - // Otherwise, attempt to connect with the known address - p, err := r.Switch.DialPeerWithAddress(cs.Addr, false) - if err != nil { - r.book.MarkAttempt(cs.Addr) - continue - } - // Enter the peer ID into our crawl status information - cs.PeerID = p.Key() - r.book.MarkGood(cs.Addr) - } - // Crawl the connected peers asking for more addresses - for _, cs := range crawlerStatus { - if cs.PeerID == "" { - continue - } - // We will wait a minimum period of time before crawling peers again - if now.Sub(cs.LastAttempt) >= defaultCrawlPeerInterval { - p := r.Switch.peers.Get(cs.PeerID) - if p != nil { - r.RequestPEX(p) - } - } - } -} - -// attemptDisconnects checks the crawlStatus info for Peers to disconnect from. (once) -func (r *PEXReactor) attemptDisconnects() { - crawlerStatus := r.getCrawlStatus() - - now := time.Now() - // Go through each peer we have connected with - // looking for opportunities to disconnect - for _, cs := range crawlerStatus { - if cs.PeerID == "" { - continue - } - // Remain connected to each peer for a minimum period of time - if now.Sub(cs.LastSuccess) < defaultSeedDisconnectWaitPeriod { - continue - } - // Fetch the Peer using the saved ID - p := r.Switch.peers.Get(cs.PeerID) - if p == nil { - continue - } - // Do not disconnect from persistent peers. - // Specifically, we need to remain connected to other seeds - if p.IsPersistent() { - continue - } - // Otherwise, disconnect from the peer - r.Switch.StopPeerGracefully(p) - } -} - // randomly dial seeds until we connect to one or exhaust them -func (r *PEXReactor) dialSeed() { +func (r *PEXReactor) dialSeeds() { lSeeds := len(r.config.Seeds) if lSeeds == 0 { return @@ -636,6 +372,116 @@ func (r *PEXReactor) dialSeed() { r.Switch.Logger.Error("Couldn't connect to any seeds") } +//---------------------------------------------------------- + +// Explores the network searching for more peers. (continuous) +// Seed/Crawler Mode causes this node to quickly disconnect +// from peers, except other seed nodes. +func (r *PEXReactor) crawlPeersRoutine() { + // Do an initial crawl + r.crawlPeers() + + // Fire periodically + ticker := time.NewTicker(defaultCrawlPeersPeriod) + + for { + select { + case <-ticker.C: + r.attemptDisconnects() + r.crawlPeers() + case <-r.Quit: + return + } + } +} + +// crawlPeerInfo handles temporary data needed for the +// network crawling performed during seed/crawler mode. +type crawlPeerInfo struct { + // The listening address of a potential peer we learned about + Addr *NetAddress + + // The last time we attempt to reach this address + LastAttempt time.Time + + // The last time we successfully reached this address + LastSuccess time.Time +} + +// oldestFirst implements sort.Interface for []crawlPeerInfo +// based on the LastAttempt field. +type oldestFirst []crawlPeerInfo + +func (of oldestFirst) Len() int { return len(of) } +func (of oldestFirst) Swap(i, j int) { of[i], of[j] = of[j], of[i] } +func (of oldestFirst) Less(i, j int) bool { return of[i].LastAttempt.Before(of[j].LastAttempt) } + +// getPeersToCrawl returns addresses of potential peers that we wish to validate. +// NOTE: The status information is ordered as described above. +func (r *PEXReactor) getPeersToCrawl() []crawlPeerInfo { + var of oldestFirst + + // TODO: not this. be more selective + addrs := r.book.ListOfKnownAddresses() + for _, addr := range addrs { + if len(addr.ID()) == 0 { + continue // dont use peers without id + } + + of = append(of, crawlPeerInfo{ + Addr: addr.Addr, + LastAttempt: addr.LastAttempt, + LastSuccess: addr.LastSuccess, + }) + } + sort.Sort(of) + return of +} + +// crawlPeers will crawl the network looking for new peer addresses. (once) +func (r *PEXReactor) crawlPeers() { + peerInfos := r.getPeersToCrawl() + + now := time.Now() + // Use addresses we know of to reach additional peers + for _, pi := range peerInfos { + // Do not attempt to connect with peers we recently dialed + if now.Sub(pi.LastAttempt) < defaultCrawlPeerInterval { + continue + } + // Otherwise, attempt to connect with the known address + _, err := r.Switch.DialPeerWithAddress(pi.Addr, false) + if err != nil { + r.book.MarkAttempt(pi.Addr) + continue + } + } + // Crawl the connected peers asking for more addresses + for _, pi := range peerInfos { + // We will wait a minimum period of time before crawling peers again + if now.Sub(pi.LastAttempt) >= defaultCrawlPeerInterval { + peer := r.Switch.Peers().Get(pi.Addr.ID) + if peer != nil { + r.RequestPEX(peer) + } + } + } +} + +// attemptDisconnects checks if we've been with each peer long enough to disconnect +func (r *PEXReactor) attemptDisconnects() { + for _, peer := range r.Switch.Peers().List() { + status := peer.Status() + if status.Duration < defaultSeedDisconnectWaitPeriod { + continue + } + if peer.IsPersistent() { + continue + } + r.Switch.StopPeerGracefully(peer) + } +} + //----------------------------------------------------------------------------- // Messages diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index b8ee89b32..91e30fea2 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -295,46 +295,42 @@ func TestPEXReactorCrawlStatus(t *testing.T) { book := NewAddrBook(dir+"addrbook.json", false) book.SetLogger(log.TestingLogger()) - var r *PEXReactor + pexR := NewPEXReactor(book, &PEXReactorConfig{SeedMode: true}) // Seed/Crawler mode uses data from the Switch makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { - r = NewPEXReactor(book, true) - r.SetLogger(log.TestingLogger()) + pexR.SetLogger(log.TestingLogger()) sw.SetLogger(log.TestingLogger().With("switch", i)) - sw.AddReactor("pex", r) + sw.AddReactor("pex", pexR) return sw }) - // Create a peer, and add it to the peer set + // Create a peer, add it to the peer set and the addrbook. peer := createRandomPeer(false) - r.Switch.peers.Add(peer) - // Add the peer address to the address book - addr1, _ := NewNetAddressString(peer.NodeInfo().ListenAddr) - r.book.AddAddress(addr1, addr1) - // Add an address to the book that does not have a peer - _, addr2 := createRoutableAddr() - r.book.AddAddress(addr2, addr1) + pexR.Switch.peers.Add(peer) + addr1 := peer.NodeInfo().NetAddress() + pexR.book.AddAddress(addr1, addr1) - // Get the crawl status data - status := r.getCrawlStatus() + // Add a non-connected address to the book. + _, addr2 := createRoutableAddr() + pexR.book.AddAddress(addr2, addr1) + + // Get some peerInfos to crawl + peerInfos := pexR.getPeersToCrawl() // Make sure it has the proper number of elements - assert.Equal(2, len(status)) + assert.Equal(2, len(peerInfos)) - var num int - for _, cs := range status { - if cs.PeerID != "" { - num++ - } - } - // Check that only one has been identified as a connected peer - assert.Equal(1, num) + // TODO: test } func createRoutableAddr() (addr string, netAddr *NetAddress) { for { - addr = cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256) - netAddr, _ = NewNetAddressString(addr) + var err error + addr = cmn.Fmt("%X@%v.%v.%v.%v:46656", cmn.RandBytes(20), rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256) + netAddr, err = NewNetAddressString(addr) + if err != nil { + panic(err) + } if netAddr.Routable() { break } @@ -346,7 +342,7 @@ func createRandomPeer(outbound bool) *peer { addr, netAddr := createRoutableAddr() p := &peer{ nodeInfo: NodeInfo{ - ListenAddr: netAddr.String(), + ListenAddr: netAddr.DialString(), PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, outbound: outbound, From 7b87cdaed8b9b7e4d37a15ee5a64fb1715071265 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 20 Jan 2018 19:28:43 -0500 Subject: [PATCH 089/188] p2p: seed disconnects after sending addrs --- p2p/pex_reactor.go | 33 +++++++++++++++++++++------------ p2p/pex_reactor_test.go | 4 ++-- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index 5d9194213..bd19ab3b5 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -129,7 +129,7 @@ func (r *PEXReactor) AddPeer(p Peer) { // either via DialPeersAsync or r.Receive. // Ask it for more peers if we need. if r.book.NeedMoreAddrs() { - r.RequestPEX(p) + r.RequestAddrs(p) } } else { // For inbound peers, the peer is its own source, @@ -159,15 +159,24 @@ func (r *PEXReactor) Receive(chID byte, src Peer, msgBytes []byte) { switch msg := msg.(type) { case *pexRequestMessage: - // We received a request for peers from src. + // Check we're not receiving too many requests if err := r.receiveRequest(src); err != nil { r.Switch.StopPeerForError(src, err) return } - r.SendAddrs(src, r.book.GetSelection()) + + // Seeds disconnect after sending a batch of addrs + if r.config.SeedMode { + // TODO: should we be more selective ? + r.SendAddrs(src, r.book.GetSelection()) + r.Switch.StopPeerGracefully(src) + } else { + r.SendAddrs(src, r.book.GetSelection()) + } + case *pexAddrsMessage: - // We received some peer addresses from src. - if err := r.ReceivePEX(msg.Addrs, src); err != nil { + // If we asked for addresses, add them to the book + if err := r.ReceiveAddrs(msg.Addrs, src); err != nil { r.Switch.StopPeerForError(src, err) return } @@ -202,9 +211,9 @@ func (r *PEXReactor) receiveRequest(src Peer) error { return nil } -// RequestPEX asks peer for more addresses if we do not already +// RequestAddrs asks peer for more addresses if we do not already // have a request out for this peer. -func (r *PEXReactor) RequestPEX(p Peer) { +func (r *PEXReactor) RequestAddrs(p Peer) { id := string(p.ID()) if r.requestsSent.Has(id) { return @@ -213,10 +222,10 @@ func (r *PEXReactor) RequestPEX(p Peer) { p.Send(PexChannel, struct{ PexMessage }{&pexRequestMessage{}}) } -// ReceivePEX adds the given addrs to the addrbook if theres an open +// ReceiveAddrs adds the given addrs to the addrbook if theres an open // request for this peer and deletes the open request. // If there's no open request for the src peer, it returns an error. -func (r *PEXReactor) ReceivePEX(addrs []*NetAddress, src Peer) error { +func (r *PEXReactor) ReceiveAddrs(addrs []*NetAddress, src Peer) error { id := string(src.ID()) if !r.requestsSent.Has(id) { @@ -323,7 +332,7 @@ func (r *PEXReactor) ensurePeers() { if peersCount > 0 { peer := peers[rand.Int()%peersCount] // nolint: gas r.Logger.Info("We need more addresses. Sending pexRequest to random peer", "peer", peer) - r.RequestPEX(peer) + r.RequestAddrs(peer) } } @@ -421,7 +430,7 @@ func (of oldestFirst) Less(i, j int) bool { return of[i].LastAttempt.Before(of[j func (r *PEXReactor) getPeersToCrawl() []crawlPeerInfo { var of oldestFirst - // TODO: not this. be more selective + // TODO: be more selective addrs := r.book.ListOfKnownAddresses() for _, addr := range addrs { if len(addr.ID()) == 0 { @@ -462,7 +471,7 @@ func (r *PEXReactor) crawlPeers() { if now.Sub(pi.LastAttempt) >= defaultCrawlPeerInterval { peer := r.Switch.Peers().Get(pi.Addr.ID) if peer != nil { - r.RequestPEX(peer) + r.RequestAddrs(peer) } } } diff --git a/p2p/pex_reactor_test.go b/p2p/pex_reactor_test.go index 91e30fea2..44fd8b51c 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex_reactor_test.go @@ -154,7 +154,7 @@ func TestPEXReactorReceive(t *testing.T) { peer := createRandomPeer(false) // we have to send a request to receive responses - r.RequestPEX(peer) + r.RequestAddrs(peer) size := book.Size() addrs := []*NetAddress{peer.NodeInfo().NetAddress()} @@ -228,7 +228,7 @@ func TestPEXReactorAddrsMessageAbuse(t *testing.T) { id := string(peer.ID()) // request addrs from the peer - r.RequestPEX(peer) + r.RequestAddrs(peer) assert.True(r.requestsSent.Has(id)) assert.True(sw.Peers().Has(peer.ID())) From 8d758560d83ebb827168ce3ebb70e6e99d310101 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 20 Jan 2018 19:30:13 -0500 Subject: [PATCH 090/188] p2p/trustmetric: non-deterministic test --- p2p/trust/metric_test.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/p2p/trust/metric_test.go b/p2p/trust/metric_test.go index 69c9f8f2a..98ea99ab4 100644 --- a/p2p/trust/metric_test.go +++ b/p2p/trust/metric_test.go @@ -56,7 +56,8 @@ func TestTrustMetricConfig(t *testing.T) { tm.Wait() } -func TestTrustMetricStopPause(t *testing.T) { +// XXX: This test fails non-deterministically +func _TestTrustMetricStopPause(t *testing.T) { // The TestTicker will provide manual control over // the passing of time within the metric tt := NewTestTicker() @@ -89,6 +90,8 @@ func TestTrustMetricStopPause(t *testing.T) { // and check that the number of intervals match tm.NextTimeInterval() tm.NextTimeInterval() + // XXX: fails non-deterministically: + // expected 5, got 6 assert.Equal(t, second+2, tm.Copy().numIntervals) if first > second { From 930fde056a15b238c10861377bbf2fb7a29b171c Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 20 Jan 2018 21:28:00 -0500 Subject: [PATCH 091/188] p2p: add back lost func --- p2p/addrbook.go | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/p2p/addrbook.go b/p2p/addrbook.go index 7591c3074..fee179cb1 100644 --- a/p2p/addrbook.go +++ b/p2p/addrbook.go @@ -324,6 +324,30 @@ func (a *AddrBook) GetSelection() []*NetAddress { return allAddr[:numAddresses] } +// ListOfKnownAddresses returns the new and old addresses. +func (a *AddrBook) ListOfKnownAddresses() []*knownAddress { + a.mtx.Lock() + defer a.mtx.Unlock() + + addrs := []*knownAddress{} + for _, addr := range a.addrLookup { + addrs = append(addrs, addr.copy()) + } + return addrs +} + +func (ka *knownAddress) copy() *knownAddress { + return &knownAddress{ + Addr: ka.Addr, + Src: ka.Src, + Attempts: ka.Attempts, + LastAttempt: ka.LastAttempt, + LastSuccess: ka.LastSuccess, + BucketType: ka.BucketType, + Buckets: ka.Buckets, + } +} + /* Loading & Saving */ type addrBookJSON struct { From 03550c7076279317bfcbeda944f757163ff19fdc Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 20 Jan 2018 19:12:04 -0500 Subject: [PATCH 092/188] wip addrbook --- p2p/{ => addrbook}/addrbook.go | 289 +++++++++------------------- p2p/{ => addrbook}/addrbook_test.go | 2 +- p2p/addrbook/file.go | 83 ++++++++ p2p/addrbook/known_address.go | 138 +++++++++++++ p2p/addrbook/params.go | 55 ++++++ p2p/pex_reactor.go | 6 +- p2p/switch.go | 1 - 7 files changed, 368 insertions(+), 206 deletions(-) rename p2p/{ => addrbook}/addrbook.go (75%) rename p2p/{ => addrbook}/addrbook_test.go (99%) create mode 100644 p2p/addrbook/file.go create mode 100644 p2p/addrbook/known_address.go create mode 100644 p2p/addrbook/params.go diff --git a/p2p/addrbook.go b/p2p/addrbook/addrbook.go similarity index 75% rename from p2p/addrbook.go rename to p2p/addrbook/addrbook.go index fee179cb1..1f317a2eb 100644 --- a/p2p/addrbook.go +++ b/p2p/addrbook/addrbook.go @@ -2,17 +2,15 @@ // Originally Copyright (c) 2013-2014 Conformal Systems LLC. // https://github.com/conformal/btcd/blob/master/LICENSE -package p2p +package addrbook import ( "crypto/sha256" "encoding/binary" - "encoding/json" "fmt" "math" "math/rand" "net" - "os" "sync" "time" @@ -20,65 +18,39 @@ import ( cmn "github.com/tendermint/tmlibs/common" ) -const ( - // addresses under which the address manager will claim to need more addresses. - needAddressThreshold = 1000 - - // interval used to dump the address cache to disk for future use. - dumpAddressInterval = time.Minute * 2 - - // max addresses in each old address bucket. - oldBucketSize = 64 - - // buckets we split old addresses over. - oldBucketCount = 64 - - // max addresses in each new address bucket. - newBucketSize = 64 - - // buckets that we spread new addresses over. - newBucketCount = 256 - - // old buckets over which an address group will be spread. - oldBucketsPerGroup = 4 - - // new buckets over which a source address group will be spread. - newBucketsPerGroup = 32 - - // buckets a frequently seen new address may end up in. - maxNewBucketsPerAddress = 4 - - // days before which we assume an address has vanished - // if we have not seen it announced in that long. - numMissingDays = 30 - - // tries without a single success before we assume an address is bad. - numRetries = 3 - - // max failures we will accept without a success before considering an address bad. - maxFailures = 10 - - // days since the last success before we will consider evicting an address. - minBadDays = 7 - - // % of total addresses known returned by GetSelection. - getSelectionPercent = 23 - - // min addresses that must be returned by GetSelection. Useful for bootstrapping. - minGetSelection = 32 - - // max addresses returned by GetSelection - // NOTE: this must match "maxPexMessageSize" - maxGetSelection = 250 -) - const ( bucketTypeNew = 0x01 bucketTypeOld = 0x02 ) -// AddrBook - concurrency safe peer address manager. -type AddrBook struct { +// AddrBook is an address book used for tracking peers +// so we can gossip about them to others and select +// peers to dial. +type AddrBook interface { + cmn.Service + + // Add and remove an address + AddAddress(addr *NetAddress, src *NetAddress) + RemoveAddress(addr *NetAddress) + + // Do we need more peers? + NeedMoreAddrs() bool + + // Pick an address to dial + PickAddress(newBias int) *NetAddress + + // Mark address + MarkGood(*NetAddress) + MarkAttempt(*Address) + MarkBad(*NetAddress) + + // Send a selection of addresses to peers + GetSelection() []*NetAddress +} + +// addrBook - concurrency safe peer address manager. +// Implements AddrBook. +type addrBook struct { cmn.BaseService // immutable after creation @@ -101,7 +73,7 @@ type AddrBook struct { // NewAddrBook creates a new address book. // Use Start to begin processing asynchronous address updates. -func NewAddrBook(filePath string, routabilityStrict bool) *AddrBook { +func NewAddrBook(filePath string, routabilityStrict bool) *addrBook { am := &AddrBook{ rand: rand.New(rand.NewSource(time.Now().UnixNano())), ourAddrs: make(map[string]*NetAddress), @@ -114,8 +86,9 @@ func NewAddrBook(filePath string, routabilityStrict bool) *AddrBook { return am } +// Initialize the buckets. // When modifying this, don't forget to update loadFromFile() -func (a *AddrBook) init() { +func (a *addrBook) init() { a.key = crypto.CRandHex(24) // 24/2 * 8 = 96 bits // New addr buckets a.bucketsNew = make([]map[string]*knownAddress, newBucketCount) @@ -130,7 +103,7 @@ func (a *AddrBook) init() { } // OnStart implements Service. -func (a *AddrBook) OnStart() error { +func (a *addrBook) OnStart() error { if err := a.BaseService.OnStart(); err != nil { return err } @@ -145,11 +118,11 @@ func (a *AddrBook) OnStart() error { } // OnStop implements Service. -func (a *AddrBook) OnStop() { +func (a *addrBook) OnStop() { a.BaseService.OnStop() } -func (a *AddrBook) Wait() { +func (a *addrBook) Wait() { a.wg.Wait() } @@ -161,46 +134,40 @@ func (a *AddrBook) AddOurAddress(addr *NetAddress) { a.ourAddrs[addr.String()] = addr } -// OurAddresses returns a list of our addresses. -func (a *AddrBook) OurAddresses() []*NetAddress { - addrs := []*NetAddress{} - for _, addr := range a.ourAddrs { - addrs = append(addrs, addr) - } - return addrs -} +//------------------------------------------------------- -// AddAddress adds the given address as received from the given source. +// AddAddress implements AddrBook - adds the given address as received from the given source. // NOTE: addr must not be nil -func (a *AddrBook) AddAddress(addr *NetAddress, src *NetAddress) error { +func (a *addrBook) AddAddress(addr *NetAddress, src *NetAddress) error { a.mtx.Lock() defer a.mtx.Unlock() return a.addAddress(addr, src) } -// NeedMoreAddrs returns true if there are not have enough addresses in the book. -func (a *AddrBook) NeedMoreAddrs() bool { +// RemoveAddress implements AddrBook - removes the address from the book. +func (a *addrBook) RemoveAddress(addr *NetAddress) { + a.mtx.Lock() + defer a.mtx.Unlock() + ka := a.addrLookup[addr.ID] + if ka == nil { + return + } + a.Logger.Info("Remove address from book", "addr", ka.Addr, "ID", ka.ID) + a.removeFromAllBuckets(ka) +} + +// NeedMoreAddrs implements AddrBook - returns true if there are not have enough addresses in the book. +func (a *addrBook) NeedMoreAddrs() bool { return a.Size() < needAddressThreshold } -// Size returns the number of addresses in the book. -func (a *AddrBook) Size() int { - a.mtx.Lock() - defer a.mtx.Unlock() - return a.size() -} - -func (a *AddrBook) size() int { - return a.nNew + a.nOld -} - -// PickAddress picks an address to connect to. +// PickAddress implements AddrBook. It picks an address to connect to. // The address is picked randomly from an old or new bucket according // to the newBias argument, which must be between [0, 100] (or else is truncated to that range) // and determines how biased we are to pick an address from a new bucket. // PickAddress returns nil if the AddrBook is empty or if we try to pick // from an empty bucket. -func (a *AddrBook) PickAddress(newBias int) *NetAddress { +func (a *addrBook) PickAddress(newBias int) *NetAddress { a.mtx.Lock() defer a.mtx.Unlock() @@ -244,9 +211,9 @@ func (a *AddrBook) PickAddress(newBias int) *NetAddress { return nil } -// MarkGood marks the peer as good and moves it into an "old" bucket. -// TODO: call this from somewhere -func (a *AddrBook) MarkGood(addr *NetAddress) { +// MarkGood implements AddrBook - it marks the peer as good and +// moves it into an "old" bucket. +func (a *addrBook) MarkGood(addr *NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() ka := a.addrLookup[addr.ID] @@ -259,8 +226,8 @@ func (a *AddrBook) MarkGood(addr *NetAddress) { } } -// MarkAttempt marks that an attempt was made to connect to the address. -func (a *AddrBook) MarkAttempt(addr *NetAddress) { +// MarkAttempt implements AddrBook - it marks that an attempt was made to connect to the address. +func (a *addrBook) MarkAttempt(addr *NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() ka := a.addrLookup[addr.ID] @@ -270,28 +237,15 @@ func (a *AddrBook) MarkAttempt(addr *NetAddress) { ka.markAttempt() } -// MarkBad currently just ejects the address. In the future, consider -// blacklisting. -func (a *AddrBook) MarkBad(addr *NetAddress) { +// MarkBad implements AddrBook. Currently it just ejects the address. +// TODO: black list for some amount of time +func (a *addrBook) MarkBad(addr *NetAddress) { a.RemoveAddress(addr) } -// RemoveAddress removes the address from the book. -func (a *AddrBook) RemoveAddress(addr *NetAddress) { - a.mtx.Lock() - defer a.mtx.Unlock() - ka := a.addrLookup[addr.ID] - if ka == nil { - return - } - a.Logger.Info("Remove address from book", "addr", ka.Addr, "ID", ka.ID) - a.removeFromAllBuckets(ka) -} - -/* Peer exchange */ - -// GetSelection randomly selects some addresses (old & new). Suitable for peer-exchange protocols. -func (a *AddrBook) GetSelection() []*NetAddress { +// GetSelection implements AddrBook. +// It randomly selects some addresses (old & new). Suitable for peer-exchange protocols. +func (a *addrBook) GetSelection() []*NetAddress { a.mtx.Lock() defer a.mtx.Unlock() @@ -336,18 +290,6 @@ func (a *AddrBook) ListOfKnownAddresses() []*knownAddress { return addrs } -func (ka *knownAddress) copy() *knownAddress { - return &knownAddress{ - Addr: ka.Addr, - Src: ka.Src, - Attempts: ka.Attempts, - LastAttempt: ka.LastAttempt, - LastSuccess: ka.LastSuccess, - BucketType: ka.BucketType, - Buckets: ka.Buckets, - } -} - /* Loading & Saving */ type addrBookJSON struct { @@ -357,81 +299,24 @@ type addrBookJSON struct { func (a *AddrBook) saveToFile(filePath string) { a.Logger.Info("Saving AddrBook to file", "size", a.Size()) +} +//------------------------------------------------ + +// Size returns the number of addresses in the book. +func (a *addrBook) Size() int { a.mtx.Lock() defer a.mtx.Unlock() - // Compile Addrs - addrs := []*knownAddress{} - for _, ka := range a.addrLookup { - addrs = append(addrs, ka) - } - - aJSON := &addrBookJSON{ - Key: a.key, - Addrs: addrs, - } - - jsonBytes, err := json.MarshalIndent(aJSON, "", "\t") - if err != nil { - a.Logger.Error("Failed to save AddrBook to file", "err", err) - return - } - err = cmn.WriteFileAtomic(filePath, jsonBytes, 0644) - if err != nil { - a.Logger.Error("Failed to save AddrBook to file", "file", filePath, "err", err) - } + return a.size() } -// Returns false if file does not exist. -// cmn.Panics if file is corrupt. -func (a *AddrBook) loadFromFile(filePath string) bool { - // If doesn't exist, do nothing. - _, err := os.Stat(filePath) - if os.IsNotExist(err) { - return false - } - - // Load addrBookJSON{} - r, err := os.Open(filePath) - if err != nil { - cmn.PanicCrisis(cmn.Fmt("Error opening file %s: %v", filePath, err)) - } - defer r.Close() // nolint: errcheck - aJSON := &addrBookJSON{} - dec := json.NewDecoder(r) - err = dec.Decode(aJSON) - if err != nil { - cmn.PanicCrisis(cmn.Fmt("Error reading file %s: %v", filePath, err)) - } - - // Restore all the fields... - // Restore the key - a.key = aJSON.Key - // Restore .bucketsNew & .bucketsOld - for _, ka := range aJSON.Addrs { - for _, bucketIndex := range ka.Buckets { - bucket := a.getBucket(ka.BucketType, bucketIndex) - bucket[ka.Addr.String()] = ka - } - a.addrLookup[ka.ID()] = ka - if ka.BucketType == bucketTypeNew { - a.nNew++ - } else { - a.nOld++ - } - } - return true +func (a *addrBook) size() int { + return a.nNew + a.nOld } -// Save saves the book. -func (a *AddrBook) Save() { - a.Logger.Info("Saving AddrBook to file", "size", a.Size()) - a.saveToFile(a.filePath) -} +//---------------------------------------------------------- -/* Private methods */ - -func (a *AddrBook) saveRoutine() { +func (a *addrBook) saveRoutine() { defer a.wg.Done() saveFileTicker := time.NewTicker(dumpAddressInterval) @@ -449,7 +334,7 @@ out: a.Logger.Info("Address handler done") } -func (a *AddrBook) getBucket(bucketType byte, bucketIdx int) map[string]*knownAddress { +func (a *addrBook) getBucket(bucketType byte, bucketIdx int) map[string]*knownAddress { switch bucketType { case bucketTypeNew: return a.bucketsNew[bucketIdx] @@ -463,7 +348,7 @@ func (a *AddrBook) getBucket(bucketType byte, bucketIdx int) map[string]*knownAd // Adds ka to new bucket. Returns false if it couldn't do it cuz buckets full. // NOTE: currently it always returns true. -func (a *AddrBook) addToNewBucket(ka *knownAddress, bucketIdx int) bool { +func (a *addrBook) addToNewBucket(ka *knownAddress, bucketIdx int) bool { // Sanity check if ka.isOld() { a.Logger.Error(cmn.Fmt("Cannot add address already in old bucket to a new bucket: %v", ka)) @@ -497,7 +382,7 @@ func (a *AddrBook) addToNewBucket(ka *knownAddress, bucketIdx int) bool { } // Adds ka to old bucket. Returns false if it couldn't do it cuz buckets full. -func (a *AddrBook) addToOldBucket(ka *knownAddress, bucketIdx int) bool { +func (a *addrBook) addToOldBucket(ka *knownAddress, bucketIdx int) bool { // Sanity check if ka.isNew() { a.Logger.Error(cmn.Fmt("Cannot add new address to old bucket: %v", ka)) @@ -533,7 +418,7 @@ func (a *AddrBook) addToOldBucket(ka *knownAddress, bucketIdx int) bool { return true } -func (a *AddrBook) removeFromBucket(ka *knownAddress, bucketType byte, bucketIdx int) { +func (a *addrBook) removeFromBucket(ka *knownAddress, bucketType byte, bucketIdx int) { if ka.BucketType != bucketType { a.Logger.Error(cmn.Fmt("Bucket type mismatch: %v", ka)) return @@ -550,7 +435,7 @@ func (a *AddrBook) removeFromBucket(ka *knownAddress, bucketType byte, bucketIdx } } -func (a *AddrBook) removeFromAllBuckets(ka *knownAddress) { +func (a *addrBook) removeFromAllBuckets(ka *knownAddress) { for _, bucketIdx := range ka.Buckets { bucket := a.getBucket(ka.BucketType, bucketIdx) delete(bucket, ka.Addr.String()) @@ -564,7 +449,7 @@ func (a *AddrBook) removeFromAllBuckets(ka *knownAddress) { delete(a.addrLookup, ka.ID()) } -func (a *AddrBook) pickOldest(bucketType byte, bucketIdx int) *knownAddress { +func (a *addrBook) pickOldest(bucketType byte, bucketIdx int) *knownAddress { bucket := a.getBucket(bucketType, bucketIdx) var oldest *knownAddress for _, ka := range bucket { @@ -575,7 +460,7 @@ func (a *AddrBook) pickOldest(bucketType byte, bucketIdx int) *knownAddress { return oldest } -func (a *AddrBook) addAddress(addr, src *NetAddress) error { +func (a *addrBook) addAddress(addr, src *NetAddress) error { if a.routabilityStrict && !addr.Routable() { return fmt.Errorf("Cannot add non-routable address %v", addr) } @@ -613,7 +498,7 @@ func (a *AddrBook) addAddress(addr, src *NetAddress) error { // Make space in the new buckets by expiring the really bad entries. // If no bad entries are available we remove the oldest. -func (a *AddrBook) expireNew(bucketIdx int) { +func (a *addrBook) expireNew(bucketIdx int) { for addrStr, ka := range a.bucketsNew[bucketIdx] { // If an entry is bad, throw it away if ka.isBad() { @@ -631,7 +516,7 @@ func (a *AddrBook) expireNew(bucketIdx int) { // Promotes an address from new to old. // TODO: Move to old probabilistically. // The better a node is, the less likely it should be evicted from an old bucket. -func (a *AddrBook) moveToOld(ka *knownAddress) { +func (a *addrBook) moveToOld(ka *knownAddress) { // Sanity check if ka.isOld() { a.Logger.Error(cmn.Fmt("Cannot promote address that is already old %v", ka)) @@ -676,7 +561,7 @@ func (a *AddrBook) moveToOld(ka *knownAddress) { // doublesha256( key + sourcegroup + // int64(doublesha256(key + group + sourcegroup))%bucket_per_group ) % num_new_buckets -func (a *AddrBook) calcNewBucket(addr, src *NetAddress) int { +func (a *addrBook) calcNewBucket(addr, src *NetAddress) int { data1 := []byte{} data1 = append(data1, []byte(a.key)...) data1 = append(data1, []byte(a.groupKey(addr))...) @@ -697,7 +582,7 @@ func (a *AddrBook) calcNewBucket(addr, src *NetAddress) int { // doublesha256( key + group + // int64(doublesha256(key + addr))%buckets_per_group ) % num_old_buckets -func (a *AddrBook) calcOldBucket(addr *NetAddress) int { +func (a *addrBook) calcOldBucket(addr *NetAddress) int { data1 := []byte{} data1 = append(data1, []byte(a.key)...) data1 = append(data1, []byte(addr.String())...) @@ -719,7 +604,7 @@ func (a *AddrBook) calcOldBucket(addr *NetAddress) int { // This is the /16 for IPv4, the /32 (/36 for he.net) for IPv6, the string // "local" for a local address and the string "unroutable" for an unroutable // address. -func (a *AddrBook) groupKey(na *NetAddress) string { +func (a *addrBook) groupKey(na *NetAddress) string { if a.routabilityStrict && na.Local() { return "local" } diff --git a/p2p/addrbook_test.go b/p2p/addrbook/addrbook_test.go similarity index 99% rename from p2p/addrbook_test.go rename to p2p/addrbook/addrbook_test.go index 00051ae1f..ff8d239d0 100644 --- a/p2p/addrbook_test.go +++ b/p2p/addrbook/addrbook_test.go @@ -1,4 +1,4 @@ -package p2p +package addrbook import ( "encoding/hex" diff --git a/p2p/addrbook/file.go b/p2p/addrbook/file.go new file mode 100644 index 000000000..956ac56c1 --- /dev/null +++ b/p2p/addrbook/file.go @@ -0,0 +1,83 @@ +package addrbook + +import ( + "encoding/json" + "os" + + cmn "github.com/tendermint/tmlibs/common" +) + +/* Loading & Saving */ + +type addrBookJSON struct { + Key string + Addrs []*knownAddress +} + +func (a *addrBook) saveToFile(filePath string) { + a.Logger.Info("Saving AddrBook to file", "size", a.Size()) + + a.mtx.Lock() + defer a.mtx.Unlock() + // Compile Addrs + addrs := []*knownAddress{} + for _, ka := range a.addrLookup { + addrs = append(addrs, ka) + } + + aJSON := &addrBookJSON{ + Key: a.key, + Addrs: addrs, + } + + jsonBytes, err := json.MarshalIndent(aJSON, "", "\t") + if err != nil { + a.Logger.Error("Failed to save AddrBook to file", "err", err) + return + } + err = cmn.WriteFileAtomic(filePath, jsonBytes, 0644) + if err != nil { + a.Logger.Error("Failed to save AddrBook to file", "file", filePath, "err", err) + } +} + +// Returns false if file does not exist. +// cmn.Panics if file is corrupt. +func (a *addrBook) loadFromFile(filePath string) bool { + // If doesn't exist, do nothing. + _, err := os.Stat(filePath) + if os.IsNotExist(err) { + return false + } + + // Load addrBookJSON{} + r, err := os.Open(filePath) + if err != nil { + cmn.PanicCrisis(cmn.Fmt("Error opening file %s: %v", filePath, err)) + } + defer r.Close() // nolint: errcheck + aJSON := &addrBookJSON{} + dec := json.NewDecoder(r) + err = dec.Decode(aJSON) + if err != nil { + cmn.PanicCrisis(cmn.Fmt("Error reading file %s: %v", filePath, err)) + } + + // Restore all the fields... + // Restore the key + a.key = aJSON.Key + // Restore .bucketsNew & .bucketsOld + for _, ka := range aJSON.Addrs { + for _, bucketIndex := range ka.Buckets { + bucket := a.getBucket(ka.BucketType, bucketIndex) + bucket[ka.Addr.String()] = ka + } + a.addrLookup[ka.ID()] = ka + if ka.BucketType == bucketTypeNew { + a.nNew++ + } else { + a.nOld++ + } + } + return true +} diff --git a/p2p/addrbook/known_address.go b/p2p/addrbook/known_address.go new file mode 100644 index 000000000..2a879081a --- /dev/null +++ b/p2p/addrbook/known_address.go @@ -0,0 +1,138 @@ +package addrbook + +import "time" + +// knownAddress tracks information about a known network address +// that is used to determine how viable an address is. +type knownAddress struct { + Addr *NetAddress + Src *NetAddress + Attempts int32 + LastAttempt time.Time + LastSuccess time.Time + BucketType byte + Buckets []int +} + +func newKnownAddress(addr *NetAddress, src *NetAddress) *knownAddress { + return &knownAddress{ + Addr: addr, + Src: src, + Attempts: 0, + LastAttempt: time.Now(), + BucketType: bucketTypeNew, + Buckets: nil, + } +} + +func (ka *knownAddress) ID() ID { + return ka.Addr.ID +} + +func (ka *knownAddress) copy() *knownAddress { + return &knownAddress{ + Addr: ka.Addr, + Src: ka.Src, + Attempts: ka.Attempts, + LastAttempt: ka.LastAttempt, + LastSuccess: ka.LastSuccess, + BucketType: ka.BucketType, + Buckets: ka.Buckets, + } +} + +func (ka *knownAddress) isOld() bool { + return ka.BucketType == bucketTypeOld +} + +func (ka *knownAddress) isNew() bool { + return ka.BucketType == bucketTypeNew +} + +func (ka *knownAddress) markAttempt() { + now := time.Now() + ka.LastAttempt = now + ka.Attempts += 1 +} + +func (ka *knownAddress) markGood() { + now := time.Now() + ka.LastAttempt = now + ka.Attempts = 0 + ka.LastSuccess = now +} + +func (ka *knownAddress) addBucketRef(bucketIdx int) int { + for _, bucket := range ka.Buckets { + if bucket == bucketIdx { + // TODO refactor to return error? + // log.Warn(Fmt("Bucket already exists in ka.Buckets: %v", ka)) + return -1 + } + } + ka.Buckets = append(ka.Buckets, bucketIdx) + return len(ka.Buckets) +} + +func (ka *knownAddress) removeBucketRef(bucketIdx int) int { + buckets := []int{} + for _, bucket := range ka.Buckets { + if bucket != bucketIdx { + buckets = append(buckets, bucket) + } + } + if len(buckets) != len(ka.Buckets)-1 { + // TODO refactor to return error? + // log.Warn(Fmt("bucketIdx not found in ka.Buckets: %v", ka)) + return -1 + } + ka.Buckets = buckets + return len(ka.Buckets) +} + +/* + An address is bad if the address in question is a New address, has not been tried in the last + minute, and meets one of the following criteria: + + 1) It claims to be from the future + 2) It hasn't been seen in over a week + 3) It has failed at least three times and never succeeded + 4) It has failed ten times in the last week + + All addresses that meet these criteria are assumed to be worthless and not + worth keeping hold of. + + XXX: so a good peer needs us to call MarkGood before the conditions above are reached! +*/ +func (ka *knownAddress) isBad() bool { + // Is Old --> good + if ka.BucketType == bucketTypeOld { + return false + } + + // Has been attempted in the last minute --> good + if ka.LastAttempt.Before(time.Now().Add(-1 * time.Minute)) { + return false + } + + // Too old? + // XXX: does this mean if we've kept a connection up for this long we'll disconnect?! + // and shouldn't it be .Before ? + if ka.LastAttempt.After(time.Now().Add(-1 * numMissingDays * time.Hour * 24)) { + return true + } + + // Never succeeded? + if ka.LastSuccess.IsZero() && ka.Attempts >= numRetries { + return true + } + + // Hasn't succeeded in too long? + // XXX: does this mean if we've kept a connection up for this long we'll disconnect?! + if ka.LastSuccess.Before(time.Now().Add(-1*minBadDays*time.Hour*24)) && + ka.Attempts >= maxFailures { + return true + } + + return false +} diff --git a/p2p/addrbook/params.go b/p2p/addrbook/params.go new file mode 100644 index 000000000..f410ed9af --- /dev/null +++ b/p2p/addrbook/params.go @@ -0,0 +1,55 @@ +package addrbook + +import "time" + +const ( + // addresses under which the address manager will claim to need more addresses. + needAddressThreshold = 1000 + + // interval used to dump the address cache to disk for future use. + dumpAddressInterval = time.Minute * 2 + + // max addresses in each old address bucket. + oldBucketSize = 64 + + // buckets we split old addresses over. + oldBucketCount = 64 + + // max addresses in each new address bucket. + newBucketSize = 64 + + // buckets that we spread new addresses over. + newBucketCount = 256 + + // old buckets over which an address group will be spread. + oldBucketsPerGroup = 4 + + // new buckets over which a source address group will be spread. + newBucketsPerGroup = 32 + + // buckets a frequently seen new address may end up in. + maxNewBucketsPerAddress = 4 + + // days before which we assume an address has vanished + // if we have not seen it announced in that long. + numMissingDays = 7 + + // tries without a single success before we assume an address is bad. + numRetries = 3 + + // max failures we will accept without a success before considering an address bad. + maxFailures = 10 // ? + + // days since the last success before we will consider evicting an address. + minBadDays = 7 + + // % of total addresses known returned by GetSelection. + getSelectionPercent = 23 + + // min addresses that must be returned by GetSelection. Useful for bootstrapping. + minGetSelection = 32 + + // max addresses returned by GetSelection + // NOTE: this must match "maxPexMessageSize" + maxGetSelection = 250 +) diff --git a/p2p/pex_reactor.go b/p2p/pex_reactor.go index bd19ab3b5..57665e073 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex_reactor.go @@ -11,6 +11,8 @@ import ( "github.com/pkg/errors" wire "github.com/tendermint/go-wire" cmn "github.com/tendermint/tmlibs/common" + + "github.com/tendermint/tendermint/p2p/addrbook" ) const ( @@ -47,7 +49,7 @@ const ( type PEXReactor struct { BaseReactor - book *AddrBook + book *addrbook.AddrBook config *PEXReactorConfig ensurePeersPeriod time.Duration @@ -67,7 +69,7 @@ type PEXReactorConfig struct { } // NewPEXReactor creates new PEX reactor. -func NewPEXReactor(b *AddrBook, config *PEXReactorConfig) *PEXReactor { +func NewPEXReactor(b *addrbook.AddrBook, config *PEXReactorConfig) *PEXReactor { r := &PEXReactor{ book: b, config: config, diff --git a/p2p/switch.go b/p2p/switch.go index 3f026556a..db2e7d980 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -332,7 +332,6 @@ func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent } addrBook.AddAddress(netAddr, ourAddr) } - addrBook.Save() } // permute the list, dial them in random order. From 5b5cbaa66a4b036abdec06015a71bc1ebf9c059d Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 20 Jan 2018 21:12:04 -0500 Subject: [PATCH 093/188] p2p: use sub dirs --- p2p/base_reactor.go | 9 +- p2p/listener.go | 27 +-- p2p/peer.go | 55 ++--- p2p/peer_set.go | 16 +- p2p/peer_set_test.go | 5 +- p2p/peer_test.go | 18 +- p2p/{addrbook => pex}/addrbook.go | 241 ++++++--------------- p2p/{addrbook => pex}/addrbook_test.go | 15 +- p2p/{addrbook => pex}/file.go | 2 +- p2p/{addrbook => pex}/known_address.go | 16 +- p2p/{addrbook => pex}/params.go | 2 +- p2p/{ => pex}/pex_reactor.go | 46 ++-- p2p/{ => pex}/pex_reactor_test.go | 111 ++++------ p2p/switch.go | 46 ++-- p2p/switch_test.go | 40 ++-- p2p/test_util.go | 48 +++- p2p/{ => tmconn}/conn_go110.go | 4 +- p2p/{ => tmconn}/conn_notgo110.go | 4 +- p2p/{ => tmconn}/connection.go | 16 +- p2p/{ => tmconn}/connection_test.go | 14 +- p2p/{ => tmconn}/secret_connection.go | 2 +- p2p/{ => tmconn}/secret_connection_test.go | 2 +- p2p/types/errors.go | 20 ++ p2p/{ => types}/key.go | 2 +- p2p/{ => types}/key_test.go | 2 +- p2p/{ => types}/netaddress.go | 2 +- p2p/{ => types}/netaddress_test.go | 2 +- p2p/{types.go => types/node_info.go} | 6 +- 28 files changed, 366 insertions(+), 407 deletions(-) rename p2p/{addrbook => pex}/addrbook.go (76%) rename p2p/{addrbook => pex}/addrbook_test.go (93%) rename p2p/{addrbook => pex}/file.go (99%) rename p2p/{addrbook => pex}/known_address.go (92%) rename p2p/{addrbook => pex}/params.go (98%) rename p2p/{ => pex}/pex_reactor.go (92%) rename p2p/{ => pex}/pex_reactor_test.go (76%) rename p2p/{ => tmconn}/conn_go110.go (86%) rename p2p/{ => tmconn}/conn_notgo110.go (93%) rename p2p/{ => tmconn}/connection.go (98%) rename p2p/{ => tmconn}/connection_test.go (97%) rename p2p/{ => tmconn}/secret_connection.go (99%) rename p2p/{ => tmconn}/secret_connection_test.go (99%) create mode 100644 p2p/types/errors.go rename p2p/{ => types}/key.go (99%) rename p2p/{ => types}/key_test.go (98%) rename p2p/{ => types}/netaddress.go (99%) rename p2p/{ => types}/netaddress_test.go (99%) rename p2p/{types.go => types/node_info.go} (97%) diff --git a/p2p/base_reactor.go b/p2p/base_reactor.go index e8107d730..a24a7629b 100644 --- a/p2p/base_reactor.go +++ b/p2p/base_reactor.go @@ -1,12 +1,15 @@ package p2p -import cmn "github.com/tendermint/tmlibs/common" +import ( + "github.com/tendermint/tendermint/p2p/tmconn" + cmn "github.com/tendermint/tmlibs/common" +) type Reactor interface { cmn.Service // Start, Stop SetSwitch(*Switch) - GetChannels() []*ChannelDescriptor + GetChannels() []*tmconn.ChannelDescriptor AddPeer(peer Peer) RemovePeer(peer Peer, reason interface{}) Receive(chID byte, peer Peer, msgBytes []byte) // CONTRACT: msgBytes are not nil @@ -29,7 +32,7 @@ func NewBaseReactor(name string, impl Reactor) *BaseReactor { func (br *BaseReactor) SetSwitch(sw *Switch) { br.Switch = sw } -func (_ *BaseReactor) GetChannels() []*ChannelDescriptor { return nil } +func (_ *BaseReactor) GetChannels() []*tmconn.ChannelDescriptor { return nil } func (_ *BaseReactor) AddPeer(peer Peer) {} func (_ *BaseReactor) RemovePeer(peer Peer, reason interface{}) {} func (_ *BaseReactor) Receive(chID byte, peer Peer, msgBytes []byte) {} diff --git a/p2p/listener.go b/p2p/listener.go index 884c45ee8..01d718330 100644 --- a/p2p/listener.go +++ b/p2p/listener.go @@ -6,6 +6,7 @@ import ( "strconv" "time" + "github.com/tendermint/tendermint/p2p/types" "github.com/tendermint/tendermint/p2p/upnp" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" @@ -13,8 +14,8 @@ import ( type Listener interface { Connections() <-chan net.Conn - InternalAddress() *NetAddress - ExternalAddress() *NetAddress + InternalAddress() *types.NetAddress + ExternalAddress() *types.NetAddress String() string Stop() error } @@ -24,8 +25,8 @@ type DefaultListener struct { cmn.BaseService listener net.Listener - intAddr *NetAddress - extAddr *NetAddress + intAddr *types.NetAddress + extAddr *types.NetAddress connections chan net.Conn } @@ -71,14 +72,14 @@ func NewDefaultListener(protocol string, lAddr string, skipUPNP bool, logger log logger.Info("Local listener", "ip", listenerIP, "port", listenerPort) // Determine internal address... - var intAddr *NetAddress - intAddr, err = NewNetAddressString(lAddr) + var intAddr *types.NetAddress + intAddr, err = types.NewNetAddressString(lAddr) if err != nil { panic(err) } // Determine external address... - var extAddr *NetAddress + var extAddr *types.NetAddress if !skipUPNP { // If the lAddrIP is INADDR_ANY, try UPnP if lAddrIP == "" || lAddrIP == "0.0.0.0" { @@ -151,11 +152,11 @@ func (l *DefaultListener) Connections() <-chan net.Conn { return l.connections } -func (l *DefaultListener) InternalAddress() *NetAddress { +func (l *DefaultListener) InternalAddress() *types.NetAddress { return l.intAddr } -func (l *DefaultListener) ExternalAddress() *NetAddress { +func (l *DefaultListener) ExternalAddress() *types.NetAddress { return l.extAddr } @@ -172,7 +173,7 @@ func (l *DefaultListener) String() string { /* external address helpers */ // UPNP external address discovery & port mapping -func getUPNPExternalAddress(externalPort, internalPort int, logger log.Logger) *NetAddress { +func getUPNPExternalAddress(externalPort, internalPort int, logger log.Logger) *types.NetAddress { logger.Info("Getting UPNP external address") nat, err := upnp.Discover() if err != nil { @@ -198,11 +199,11 @@ func getUPNPExternalAddress(externalPort, internalPort int, logger log.Logger) * } logger.Info("Got UPNP external address", "address", ext) - return NewNetAddressIPPort(ext, uint16(externalPort)) + return types.NewNetAddressIPPort(ext, uint16(externalPort)) } // TODO: use syscalls: see issue #712 -func getNaiveExternalAddress(port int, settleForLocal bool, logger log.Logger) *NetAddress { +func getNaiveExternalAddress(port int, settleForLocal bool, logger log.Logger) *types.NetAddress { addrs, err := net.InterfaceAddrs() if err != nil { panic(cmn.Fmt("Could not fetch interface addresses: %v", err)) @@ -217,7 +218,7 @@ func getNaiveExternalAddress(port int, settleForLocal bool, logger log.Logger) * if v4 == nil || (!settleForLocal && v4[0] == 127) { continue } // loopback - return NewNetAddressIPPort(ipnet.IP, uint16(port)) + return types.NewNetAddressIPPort(ipnet.IP, uint16(port)) } // try again, but settle for local diff --git a/p2p/peer.go b/p2p/peer.go index 596b92168..17c5861f6 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -11,17 +11,20 @@ import ( wire "github.com/tendermint/go-wire" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" + + "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/types" ) // Peer is an interface representing a peer connected on a reactor. type Peer interface { cmn.Service - ID() ID // peer's cryptographic ID - IsOutbound() bool // did we dial the peer - IsPersistent() bool // do we redial this peer when we disconnect - NodeInfo() NodeInfo // peer's info - Status() ConnectionStatus + ID() types.ID // peer's cryptographic ID + IsOutbound() bool // did we dial the peer + IsPersistent() bool // do we redial this peer when we disconnect + NodeInfo() types.NodeInfo // peer's info + Status() tmconn.ConnectionStatus Send(byte, interface{}) bool TrySend(byte, interface{}) bool @@ -40,13 +43,13 @@ type peer struct { outbound bool - conn net.Conn // source connection - mconn *MConnection // multiplex connection + conn net.Conn // source connection + mconn *tmconn.MConnection // multiplex connection persistent bool config *PeerConfig - nodeInfo NodeInfo + nodeInfo types.NodeInfo Data *cmn.CMap // User data. } @@ -58,7 +61,7 @@ type PeerConfig struct { HandshakeTimeout time.Duration `mapstructure:"handshake_timeout"` DialTimeout time.Duration `mapstructure:"dial_timeout"` - MConfig *MConnConfig `mapstructure:"connection"` + MConfig *tmconn.MConnConfig `mapstructure:"connection"` Fuzz bool `mapstructure:"fuzz"` // fuzz connection (for testing) FuzzConfig *FuzzConnConfig `mapstructure:"fuzz_config"` @@ -70,13 +73,13 @@ func DefaultPeerConfig() *PeerConfig { AuthEnc: true, HandshakeTimeout: 20, // * time.Second, DialTimeout: 3, // * time.Second, - MConfig: DefaultMConnConfig(), + MConfig: tmconn.DefaultMConnConfig(), Fuzz: false, FuzzConfig: DefaultFuzzConnConfig(), } } -func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, +func newOutboundPeer(addr *types.NetAddress, reactorsByCh map[byte]Reactor, chDescs []*tmconn.ChannelDescriptor, onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig, persistent bool) (*peer, error) { conn, err := dial(addr, config) @@ -96,7 +99,7 @@ func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs [] return peer, nil } -func newInboundPeer(conn net.Conn, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, +func newInboundPeer(conn net.Conn, reactorsByCh map[byte]Reactor, chDescs []*tmconn.ChannelDescriptor, onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig) (*peer, error) { // TODO: issue PoW challenge @@ -104,7 +107,7 @@ func newInboundPeer(conn net.Conn, reactorsByCh map[byte]Reactor, chDescs []*Cha return newPeerFromConnAndConfig(conn, false, reactorsByCh, chDescs, onPeerError, ourNodePrivKey, config) } -func newPeerFromConnAndConfig(rawConn net.Conn, outbound bool, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, +func newPeerFromConnAndConfig(rawConn net.Conn, outbound bool, reactorsByCh map[byte]Reactor, chDescs []*tmconn.ChannelDescriptor, onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig) (*peer, error) { conn := rawConn @@ -122,7 +125,7 @@ func newPeerFromConnAndConfig(rawConn net.Conn, outbound bool, reactorsByCh map[ } var err error - conn, err = MakeSecretConnection(conn, ourNodePrivKey) + conn, err = tmconn.MakeSecretConnection(conn, ourNodePrivKey) if err != nil { return nil, errors.Wrap(err, "Error creating peer") } @@ -171,8 +174,8 @@ func (p *peer) OnStop() { // Implements Peer // ID returns the peer's ID - the hex encoded hash of its pubkey. -func (p *peer) ID() ID { - return PubKeyToID(p.PubKey()) +func (p *peer) ID() types.ID { + return types.PubKeyToID(p.PubKey()) } // IsOutbound returns true if the connection is outbound, false otherwise. @@ -186,12 +189,12 @@ func (p *peer) IsPersistent() bool { } // NodeInfo returns a copy of the peer's NodeInfo. -func (p *peer) NodeInfo() NodeInfo { +func (p *peer) NodeInfo() types.NodeInfo { return p.nodeInfo } // Status returns the peer's ConnectionStatus. -func (p *peer) Status() ConnectionStatus { +func (p *peer) Status() tmconn.ConnectionStatus { return p.mconn.Status() } @@ -236,13 +239,13 @@ func (p *peer) CloseConn() { // HandshakeTimeout performs the Tendermint P2P handshake between a given node and the peer // by exchanging their NodeInfo. It sets the received nodeInfo on the peer. // NOTE: blocking -func (p *peer) HandshakeTimeout(ourNodeInfo NodeInfo, timeout time.Duration) error { +func (p *peer) HandshakeTimeout(ourNodeInfo types.NodeInfo, timeout time.Duration) error { // Set deadline for handshake so we don't block forever on conn.ReadFull if err := p.conn.SetDeadline(time.Now().Add(timeout)); err != nil { return errors.Wrap(err, "Error setting deadline") } - var peerNodeInfo NodeInfo + var peerNodeInfo types.NodeInfo var err1 error var err2 error cmn.Parallel( @@ -252,7 +255,7 @@ func (p *peer) HandshakeTimeout(ourNodeInfo NodeInfo, timeout time.Duration) err }, func() { var n int - wire.ReadBinary(&peerNodeInfo, p.conn, maxNodeInfoSize, &n, &err2) + wire.ReadBinary(&peerNodeInfo, p.conn, types.MaxNodeInfoSize(), &n, &err2) p.Logger.Info("Peer handshake", "peerNodeInfo", peerNodeInfo) }) if err1 != nil { @@ -283,7 +286,7 @@ func (p *peer) PubKey() crypto.PubKey { if !p.nodeInfo.PubKey.Empty() { return p.nodeInfo.PubKey } else if p.config.AuthEnc { - return p.conn.(*SecretConnection).RemotePubKey() + return p.conn.(*tmconn.SecretConnection).RemotePubKey() } panic("Attempt to get peer's PubKey before calling Handshake") } @@ -308,7 +311,7 @@ func (p *peer) String() string { //------------------------------------------------------------------ // helper funcs -func dial(addr *NetAddress, config *PeerConfig) (net.Conn, error) { +func dial(addr *types.NetAddress, config *PeerConfig) (net.Conn, error) { conn, err := addr.DialTimeout(config.DialTimeout * time.Second) if err != nil { return nil, err @@ -316,8 +319,8 @@ func dial(addr *NetAddress, config *PeerConfig) (net.Conn, error) { return conn, nil } -func createMConnection(conn net.Conn, p *peer, reactorsByCh map[byte]Reactor, chDescs []*ChannelDescriptor, - onPeerError func(Peer, interface{}), config *MConnConfig) *MConnection { +func createMConnection(conn net.Conn, p *peer, reactorsByCh map[byte]Reactor, chDescs []*tmconn.ChannelDescriptor, + onPeerError func(Peer, interface{}), config *tmconn.MConnConfig) *tmconn.MConnection { onReceive := func(chID byte, msgBytes []byte) { reactor := reactorsByCh[chID] @@ -331,5 +334,5 @@ func createMConnection(conn net.Conn, p *peer, reactorsByCh map[byte]Reactor, ch onPeerError(p, r) } - return NewMConnectionWithConfig(conn, chDescs, onReceive, onError, config) + return tmconn.NewMConnectionWithConfig(conn, chDescs, onReceive, onError, config) } diff --git a/p2p/peer_set.go b/p2p/peer_set.go index dc53174a1..7a0680cb7 100644 --- a/p2p/peer_set.go +++ b/p2p/peer_set.go @@ -2,12 +2,14 @@ package p2p import ( "sync" + + "github.com/tendermint/tendermint/p2p/types" ) // IPeerSet has a (immutable) subset of the methods of PeerSet. type IPeerSet interface { - Has(key ID) bool - Get(key ID) Peer + Has(key types.ID) bool + Get(key types.ID) Peer List() []Peer Size() int } @@ -18,7 +20,7 @@ type IPeerSet interface { // Iteration over the peers is super fast and thread-safe. type PeerSet struct { mtx sync.Mutex - lookup map[ID]*peerSetItem + lookup map[types.ID]*peerSetItem list []Peer } @@ -30,7 +32,7 @@ type peerSetItem struct { // NewPeerSet creates a new peerSet with a list of initial capacity of 256 items. func NewPeerSet() *PeerSet { return &PeerSet{ - lookup: make(map[ID]*peerSetItem), + lookup: make(map[types.ID]*peerSetItem), list: make([]Peer, 0, 256), } } @@ -41,7 +43,7 @@ func (ps *PeerSet) Add(peer Peer) error { ps.mtx.Lock() defer ps.mtx.Unlock() if ps.lookup[peer.ID()] != nil { - return ErrSwitchDuplicatePeer + return types.ErrSwitchDuplicatePeer } index := len(ps.list) @@ -54,7 +56,7 @@ func (ps *PeerSet) Add(peer Peer) error { // Has returns true iff the PeerSet contains // the peer referred to by this peerKey. -func (ps *PeerSet) Has(peerKey ID) bool { +func (ps *PeerSet) Has(peerKey types.ID) bool { ps.mtx.Lock() _, ok := ps.lookup[peerKey] ps.mtx.Unlock() @@ -62,7 +64,7 @@ func (ps *PeerSet) Has(peerKey ID) bool { } // Get looks up a peer by the provided peerKey. -func (ps *PeerSet) Get(peerKey ID) Peer { +func (ps *PeerSet) Get(peerKey types.ID) Peer { ps.mtx.Lock() defer ps.mtx.Unlock() item, ok := ps.lookup[peerKey] diff --git a/p2p/peer_set_test.go b/p2p/peer_set_test.go index e906eb8e7..7d7ed1062 100644 --- a/p2p/peer_set_test.go +++ b/p2p/peer_set_test.go @@ -8,13 +8,14 @@ import ( "github.com/stretchr/testify/assert" crypto "github.com/tendermint/go-crypto" + "github.com/tendermint/tendermint/p2p/types" cmn "github.com/tendermint/tmlibs/common" ) // Returns an empty dummy peer func randPeer() *peer { return &peer{ - nodeInfo: NodeInfo{ + nodeInfo: types.NodeInfo{ ListenAddr: cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256), PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, @@ -119,7 +120,7 @@ func TestPeerSetAddDuplicate(t *testing.T) { // Our next procedure is to ensure that only one addition // succeeded and that the rest are each ErrSwitchDuplicatePeer. - wantErrCount, gotErrCount := n-1, errsTally[ErrSwitchDuplicatePeer] + wantErrCount, gotErrCount := n-1, errsTally[types.ErrSwitchDuplicatePeer] assert.Equal(t, wantErrCount, gotErrCount, "invalid ErrSwitchDuplicatePeer count") wantNilErrCount, gotNilErrCount := 1, errsTally[nil] diff --git a/p2p/peer_test.go b/p2p/peer_test.go index d99fff5e4..dc13cf9d6 100644 --- a/p2p/peer_test.go +++ b/p2p/peer_test.go @@ -10,6 +10,8 @@ import ( "github.com/stretchr/testify/require" crypto "github.com/tendermint/go-crypto" + "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/types" ) func TestPeerBasic(t *testing.T) { @@ -80,8 +82,8 @@ func TestPeerSend(t *testing.T) { assert.True(p.Send(0x01, "Asylum")) } -func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) (*peer, error) { - chDescs := []*ChannelDescriptor{ +func createOutboundPeerAndPerformHandshake(addr *types.NetAddress, config *PeerConfig) (*peer, error) { + chDescs := []*tmconn.ChannelDescriptor{ {ID: 0x01, Priority: 1}, } reactorsByCh := map[byte]Reactor{0x01: NewTestReactor(chDescs, true)} @@ -90,7 +92,7 @@ func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) if err != nil { return nil, err } - err = p.HandshakeTimeout(NodeInfo{ + err = p.HandshakeTimeout(types.NodeInfo{ PubKey: pk.PubKey(), Moniker: "host_peer", Network: "testing", @@ -105,11 +107,11 @@ func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) type remotePeer struct { PrivKey crypto.PrivKey Config *PeerConfig - addr *NetAddress + addr *types.NetAddress quit chan struct{} } -func (p *remotePeer) Addr() *NetAddress { +func (p *remotePeer) Addr() *types.NetAddress { return p.addr } @@ -122,7 +124,7 @@ func (p *remotePeer) Start() { if e != nil { golog.Fatalf("net.Listen tcp :0: %+v", e) } - p.addr = NewNetAddress("", l.Addr()) + p.addr = types.NewNetAddress("", l.Addr()) p.quit = make(chan struct{}) go p.accept(l) } @@ -137,11 +139,11 @@ func (p *remotePeer) accept(l net.Listener) { if err != nil { golog.Fatalf("Failed to accept conn: %+v", err) } - peer, err := newInboundPeer(conn, make(map[byte]Reactor), make([]*ChannelDescriptor, 0), func(p Peer, r interface{}) {}, p.PrivKey, p.Config) + peer, err := newInboundPeer(conn, make(map[byte]Reactor), make([]*tmconn.ChannelDescriptor, 0), func(p Peer, r interface{}) {}, p.PrivKey, p.Config) if err != nil { golog.Fatalf("Failed to create a peer: %+v", err) } - err = peer.HandshakeTimeout(NodeInfo{ + err = peer.HandshakeTimeout(types.NodeInfo{ PubKey: p.PrivKey.PubKey(), Moniker: "remote_peer", Network: "testing", diff --git a/p2p/addrbook/addrbook.go b/p2p/pex/addrbook.go similarity index 76% rename from p2p/addrbook/addrbook.go rename to p2p/pex/addrbook.go index 1f317a2eb..93f352117 100644 --- a/p2p/addrbook/addrbook.go +++ b/p2p/pex/addrbook.go @@ -2,7 +2,7 @@ // Originally Copyright (c) 2013-2014 Conformal Systems LLC. // https://github.com/conformal/btcd/blob/master/LICENSE -package addrbook +package pex import ( "crypto/sha256" @@ -16,6 +16,8 @@ import ( crypto "github.com/tendermint/go-crypto" cmn "github.com/tendermint/tmlibs/common" + + "github.com/tendermint/tendermint/p2p/types" ) const ( @@ -29,25 +31,33 @@ const ( type AddrBook interface { cmn.Service + // Add our own addresses so we don't later add ourselves + AddOurAddress(*types.NetAddress) + // Add and remove an address - AddAddress(addr *NetAddress, src *NetAddress) - RemoveAddress(addr *NetAddress) + AddAddress(addr *types.NetAddress, src *types.NetAddress) error + RemoveAddress(addr *types.NetAddress) // Do we need more peers? NeedMoreAddrs() bool // Pick an address to dial - PickAddress(newBias int) *NetAddress + PickAddress(newBias int) *types.NetAddress // Mark address - MarkGood(*NetAddress) - MarkAttempt(*Address) - MarkBad(*NetAddress) + MarkGood(*types.NetAddress) + MarkAttempt(*types.NetAddress) + MarkBad(*types.NetAddress) // Send a selection of addresses to peers - GetSelection() []*NetAddress + GetSelection() []*types.NetAddress + + // TODO: remove + ListOfKnownAddresses() []*knownAddress } +var _ AddrBook = (*addrBook)(nil) + // addrBook - concurrency safe peer address manager. // Implements AddrBook. type addrBook struct { @@ -56,13 +66,13 @@ type addrBook struct { // immutable after creation filePath string routabilityStrict bool - key string + key string // random prefix for bucket placement // accessed concurrently mtx sync.Mutex rand *rand.Rand - ourAddrs map[string]*NetAddress - addrLookup map[ID]*knownAddress // new & old + ourAddrs map[string]*types.NetAddress + addrLookup map[types.ID]*knownAddress // new & old bucketsOld []map[string]*knownAddress bucketsNew []map[string]*knownAddress nOld int @@ -74,10 +84,10 @@ type addrBook struct { // NewAddrBook creates a new address book. // Use Start to begin processing asynchronous address updates. func NewAddrBook(filePath string, routabilityStrict bool) *addrBook { - am := &AddrBook{ - rand: rand.New(rand.NewSource(time.Now().UnixNano())), - ourAddrs: make(map[string]*NetAddress), - addrLookup: make(map[ID]*knownAddress), + am := &addrBook{ + rand: rand.New(rand.NewSource(time.Now().UnixNano())), // TODO: seed from outside + ourAddrs: make(map[string]*types.NetAddress), + addrLookup: make(map[types.ID]*knownAddress), filePath: filePath, routabilityStrict: routabilityStrict, } @@ -126,26 +136,26 @@ func (a *addrBook) Wait() { a.wg.Wait() } -// AddOurAddress adds another one of our addresses. -func (a *AddrBook) AddOurAddress(addr *NetAddress) { +//------------------------------------------------------- + +// AddOurAddress one of our addresses. +func (a *addrBook) AddOurAddress(addr *types.NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() a.Logger.Info("Add our address to book", "addr", addr) a.ourAddrs[addr.String()] = addr } -//------------------------------------------------------- - // AddAddress implements AddrBook - adds the given address as received from the given source. // NOTE: addr must not be nil -func (a *addrBook) AddAddress(addr *NetAddress, src *NetAddress) error { +func (a *addrBook) AddAddress(addr *types.NetAddress, src *types.NetAddress) error { a.mtx.Lock() defer a.mtx.Unlock() return a.addAddress(addr, src) } // RemoveAddress implements AddrBook - removes the address from the book. -func (a *addrBook) RemoveAddress(addr *NetAddress) { +func (a *addrBook) RemoveAddress(addr *types.NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() ka := a.addrLookup[addr.ID] @@ -167,7 +177,7 @@ func (a *addrBook) NeedMoreAddrs() bool { // and determines how biased we are to pick an address from a new bucket. // PickAddress returns nil if the AddrBook is empty or if we try to pick // from an empty bucket. -func (a *addrBook) PickAddress(newBias int) *NetAddress { +func (a *addrBook) PickAddress(newBias int) *types.NetAddress { a.mtx.Lock() defer a.mtx.Unlock() @@ -213,7 +223,7 @@ func (a *addrBook) PickAddress(newBias int) *NetAddress { // MarkGood implements AddrBook - it marks the peer as good and // moves it into an "old" bucket. -func (a *addrBook) MarkGood(addr *NetAddress) { +func (a *addrBook) MarkGood(addr *types.NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() ka := a.addrLookup[addr.ID] @@ -227,7 +237,7 @@ func (a *addrBook) MarkGood(addr *NetAddress) { } // MarkAttempt implements AddrBook - it marks that an attempt was made to connect to the address. -func (a *addrBook) MarkAttempt(addr *NetAddress) { +func (a *addrBook) MarkAttempt(addr *types.NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() ka := a.addrLookup[addr.ID] @@ -239,13 +249,13 @@ func (a *addrBook) MarkAttempt(addr *NetAddress) { // MarkBad implements AddrBook. Currently it just ejects the address. // TODO: black list for some amount of time -func (a *addrBook) MarkBad(addr *NetAddress) { +func (a *addrBook) MarkBad(addr *types.NetAddress) { a.RemoveAddress(addr) } // GetSelection implements AddrBook. // It randomly selects some addresses (old & new). Suitable for peer-exchange protocols. -func (a *addrBook) GetSelection() []*NetAddress { +func (a *addrBook) GetSelection() []*types.NetAddress { a.mtx.Lock() defer a.mtx.Unlock() @@ -253,7 +263,7 @@ func (a *addrBook) GetSelection() []*NetAddress { return nil } - allAddr := make([]*NetAddress, a.size()) + allAddr := make([]*types.NetAddress, a.size()) i := 0 for _, ka := range a.addrLookup { allAddr[i] = ka.Addr @@ -279,7 +289,7 @@ func (a *addrBook) GetSelection() []*NetAddress { } // ListOfKnownAddresses returns the new and old addresses. -func (a *AddrBook) ListOfKnownAddresses() []*knownAddress { +func (a *addrBook) ListOfKnownAddresses() []*knownAddress { a.mtx.Lock() defer a.mtx.Unlock() @@ -290,17 +300,6 @@ func (a *AddrBook) ListOfKnownAddresses() []*knownAddress { return addrs } -/* Loading & Saving */ - -type addrBookJSON struct { - Key string - Addrs []*knownAddress -} - -func (a *AddrBook) saveToFile(filePath string) { - a.Logger.Info("Saving AddrBook to file", "size", a.Size()) -} - //------------------------------------------------ // Size returns the number of addresses in the book. @@ -334,6 +333,8 @@ out: a.Logger.Info("Address handler done") } +//---------------------------------------------------------- + func (a *addrBook) getBucket(bucketType byte, bucketIdx int) map[string]*knownAddress { switch bucketType { case bucketTypeNew: @@ -365,17 +366,18 @@ func (a *addrBook) addToNewBucket(ka *knownAddress, bucketIdx int) bool { // Enforce max addresses. if len(bucket) > newBucketSize { - a.Logger.Info("new bucket is full, expiring old ") + a.Logger.Info("new bucket is full, expiring new") a.expireNew(bucketIdx) } // Add to bucket. bucket[addrStr] = ka + // increment nNew if the peer doesnt already exist in a bucket if ka.addBucketRef(bucketIdx) == 1 { a.nNew++ } - // Ensure in addrLookup + // Add it to addrLookup a.addrLookup[ka.ID()] = ka return true @@ -449,6 +451,8 @@ func (a *addrBook) removeFromAllBuckets(ka *knownAddress) { delete(a.addrLookup, ka.ID()) } +//---------------------------------------------------------- + func (a *addrBook) pickOldest(bucketType byte, bucketIdx int) *knownAddress { bucket := a.getBucket(bucketType, bucketIdx) var oldest *knownAddress @@ -460,7 +464,9 @@ func (a *addrBook) pickOldest(bucketType byte, bucketIdx int) *knownAddress { return oldest } -func (a *addrBook) addAddress(addr, src *NetAddress) error { +// adds the address to a "new" bucket. if its already in one, +// it only adds it probabilistically +func (a *addrBook) addAddress(addr, src *types.NetAddress) error { if a.routabilityStrict && !addr.Routable() { return fmt.Errorf("Cannot add non-routable address %v", addr) } @@ -490,7 +496,10 @@ func (a *addrBook) addAddress(addr, src *NetAddress) error { } bucket := a.calcNewBucket(addr, src) - a.addToNewBucket(ka, bucket) + added := a.addToNewBucket(ka, bucket) + if !added { + a.Logger.Info("Can't add new address, addr book is full", "address", addr, "total", a.size()) + } a.Logger.Info("Added new address", "address", addr, "total", a.size()) return nil @@ -513,9 +522,9 @@ func (a *addrBook) expireNew(bucketIdx int) { a.removeFromBucket(oldest, bucketTypeNew, bucketIdx) } -// Promotes an address from new to old. -// TODO: Move to old probabilistically. -// The better a node is, the less likely it should be evicted from an old bucket. +// Promotes an address from new to old. If the destination bucket is full, +// demote the oldest one to a "new" bucket. +// TODO: Demote more probabilistically? func (a *addrBook) moveToOld(ka *knownAddress) { // Sanity check if ka.isOld() { @@ -559,9 +568,12 @@ func (a *addrBook) moveToOld(ka *knownAddress) { } } +//--------------------------------------------------------------------- +// calculate bucket placements + // doublesha256( key + sourcegroup + // int64(doublesha256(key + group + sourcegroup))%bucket_per_group ) % num_new_buckets -func (a *addrBook) calcNewBucket(addr, src *NetAddress) int { +func (a *addrBook) calcNewBucket(addr, src *types.NetAddress) int { data1 := []byte{} data1 = append(data1, []byte(a.key)...) data1 = append(data1, []byte(a.groupKey(addr))...) @@ -582,7 +594,7 @@ func (a *addrBook) calcNewBucket(addr, src *NetAddress) int { // doublesha256( key + group + // int64(doublesha256(key + addr))%buckets_per_group ) % num_old_buckets -func (a *addrBook) calcOldBucket(addr *NetAddress) int { +func (a *addrBook) calcOldBucket(addr *types.NetAddress) int { data1 := []byte{} data1 = append(data1, []byte(a.key)...) data1 = append(data1, []byte(addr.String())...) @@ -604,7 +616,7 @@ func (a *addrBook) calcOldBucket(addr *NetAddress) int { // This is the /16 for IPv4, the /32 (/36 for he.net) for IPv6, the string // "local" for a local address and the string "unroutable" for an unroutable // address. -func (a *addrBook) groupKey(na *NetAddress) string { +func (a *addrBook) groupKey(na *types.NetAddress) string { if a.routabilityStrict && na.Local() { return "local" } @@ -649,137 +661,6 @@ func (a *addrBook) groupKey(na *NetAddress) string { return (&net.IPNet{IP: na.IP, Mask: net.CIDRMask(bits, 128)}).String() } -//----------------------------------------------------------------------------- - -/* - knownAddress - - tracks information about a known network address that is used - to determine how viable an address is. -*/ -type knownAddress struct { - Addr *NetAddress - Src *NetAddress - Attempts int32 - LastAttempt time.Time - LastSuccess time.Time - BucketType byte - Buckets []int -} - -func newKnownAddress(addr *NetAddress, src *NetAddress) *knownAddress { - return &knownAddress{ - Addr: addr, - Src: src, - Attempts: 0, - LastAttempt: time.Now(), - BucketType: bucketTypeNew, - Buckets: nil, - } -} - -func (ka *knownAddress) ID() ID { - return ka.Addr.ID -} - -func (ka *knownAddress) isOld() bool { - return ka.BucketType == bucketTypeOld -} - -func (ka *knownAddress) isNew() bool { - return ka.BucketType == bucketTypeNew -} - -func (ka *knownAddress) markAttempt() { - now := time.Now() - ka.LastAttempt = now - ka.Attempts += 1 -} - -func (ka *knownAddress) markGood() { - now := time.Now() - ka.LastAttempt = now - ka.Attempts = 0 - ka.LastSuccess = now -} - -func (ka *knownAddress) addBucketRef(bucketIdx int) int { - for _, bucket := range ka.Buckets { - if bucket == bucketIdx { - // TODO refactor to return error? - // log.Warn(Fmt("Bucket already exists in ka.Buckets: %v", ka)) - return -1 - } - } - ka.Buckets = append(ka.Buckets, bucketIdx) - return len(ka.Buckets) -} - -func (ka *knownAddress) removeBucketRef(bucketIdx int) int { - buckets := []int{} - for _, bucket := range ka.Buckets { - if bucket != bucketIdx { - buckets = append(buckets, bucket) - } - } - if len(buckets) != len(ka.Buckets)-1 { - // TODO refactor to return error? - // log.Warn(Fmt("bucketIdx not found in ka.Buckets: %v", ka)) - return -1 - } - ka.Buckets = buckets - return len(ka.Buckets) -} - -/* - An address is bad if the address in question is a New address, has not been tried in the last - minute, and meets one of the following criteria: - - 1) It claims to be from the future - 2) It hasn't been seen in over a month - 3) It has failed at least three times and never succeeded - 4) It has failed ten times in the last week - - All addresses that meet these criteria are assumed to be worthless and not - worth keeping hold of. - - XXX: so a good peer needs us to call MarkGood before the conditions above are reached! -*/ -func (ka *knownAddress) isBad() bool { - // Is Old --> good - if ka.BucketType == bucketTypeOld { - return false - } - - // Has been attempted in the last minute --> good - if ka.LastAttempt.Before(time.Now().Add(-1 * time.Minute)) { - return false - } - - // Too old? - // XXX: does this mean if we've kept a connection up for this long we'll disconnect?! - // and shouldn't it be .Before ? - if ka.LastAttempt.After(time.Now().Add(-1 * numMissingDays * time.Hour * 24)) { - return true - } - - // Never succeeded? - if ka.LastSuccess.IsZero() && ka.Attempts >= numRetries { - return true - } - - // Hasn't succeeded in too long? - // XXX: does this mean if we've kept a connection up for this long we'll disconnect?! - if ka.LastSuccess.Before(time.Now().Add(-1*minBadDays*time.Hour*24)) && - ka.Attempts >= maxFailures { - return true - } - - return false -} - -//----------------------------------------------------------------------------- - // doubleSha256 calculates sha256(sha256(b)) and returns the resulting bytes. func doubleSha256(b []byte) []byte { hasher := sha256.New() diff --git a/p2p/addrbook/addrbook_test.go b/p2p/pex/addrbook_test.go similarity index 93% rename from p2p/addrbook/addrbook_test.go rename to p2p/pex/addrbook_test.go index ff8d239d0..206e3401f 100644 --- a/p2p/addrbook/addrbook_test.go +++ b/p2p/pex/addrbook_test.go @@ -1,4 +1,4 @@ -package addrbook +package pex import ( "encoding/hex" @@ -8,6 +8,7 @@ import ( "testing" "github.com/stretchr/testify/assert" + "github.com/tendermint/tendermint/p2p/types" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" ) @@ -168,8 +169,8 @@ func TestAddrBookHandlesDuplicates(t *testing.T) { } type netAddressPair struct { - addr *NetAddress - src *NetAddress + addr *types.NetAddress + src *types.NetAddress } func randNetAddressPairs(t *testing.T, n int) []netAddressPair { @@ -180,7 +181,7 @@ func randNetAddressPairs(t *testing.T, n int) []netAddressPair { return randAddrs } -func randIPv4Address(t *testing.T) *NetAddress { +func randIPv4Address(t *testing.T) *types.NetAddress { for { ip := fmt.Sprintf("%v.%v.%v.%v", rand.Intn(254)+1, @@ -189,9 +190,9 @@ func randIPv4Address(t *testing.T) *NetAddress { rand.Intn(255), ) port := rand.Intn(65535-1) + 1 - id := ID(hex.EncodeToString(cmn.RandBytes(IDByteLength))) - idAddr := IDAddressString(id, fmt.Sprintf("%v:%v", ip, port)) - addr, err := NewNetAddressString(idAddr) + id := types.ID(hex.EncodeToString(cmn.RandBytes(types.IDByteLength))) + idAddr := types.IDAddressString(id, fmt.Sprintf("%v:%v", ip, port)) + addr, err := types.NewNetAddressString(idAddr) assert.Nil(t, err, "error generating rand network address") if addr.Routable() { return addr diff --git a/p2p/addrbook/file.go b/p2p/pex/file.go similarity index 99% rename from p2p/addrbook/file.go rename to p2p/pex/file.go index 956ac56c1..521fcfcf7 100644 --- a/p2p/addrbook/file.go +++ b/p2p/pex/file.go @@ -1,4 +1,4 @@ -package addrbook +package pex import ( "encoding/json" diff --git a/p2p/addrbook/known_address.go b/p2p/pex/known_address.go similarity index 92% rename from p2p/addrbook/known_address.go rename to p2p/pex/known_address.go index 2a879081a..db6d021f2 100644 --- a/p2p/addrbook/known_address.go +++ b/p2p/pex/known_address.go @@ -1,12 +1,16 @@ -package addrbook +package pex -import "time" +import ( + "time" + + "github.com/tendermint/tendermint/p2p/types" +) // knownAddress tracks information about a known network address // that is used to determine how viable an address is. type knownAddress struct { - Addr *NetAddress - Src *NetAddress + Addr *types.NetAddress + Src *types.NetAddress Attempts int32 LastAttempt time.Time LastSuccess time.Time @@ -14,7 +18,7 @@ type knownAddress struct { Buckets []int } -func newKnownAddress(addr *NetAddress, src *NetAddress) *knownAddress { +func newKnownAddress(addr *types.NetAddress, src *types.NetAddress) *knownAddress { return &knownAddress{ Addr: addr, Src: src, @@ -25,7 +29,7 @@ func newKnownAddress(addr *NetAddress, src *NetAddress) *knownAddress { } } -func (ka *knownAddress) ID() ID { +func (ka *knownAddress) ID() types.ID { return ka.Addr.ID } diff --git a/p2p/addrbook/params.go b/p2p/pex/params.go similarity index 98% rename from p2p/addrbook/params.go rename to p2p/pex/params.go index f410ed9af..f94e1021c 100644 --- a/p2p/addrbook/params.go +++ b/p2p/pex/params.go @@ -1,4 +1,4 @@ -package addrbook +package pex import "time" diff --git a/p2p/pex_reactor.go b/p2p/pex/pex_reactor.go similarity index 92% rename from p2p/pex_reactor.go rename to p2p/pex/pex_reactor.go index 57665e073..24c9417f7 100644 --- a/p2p/pex_reactor.go +++ b/p2p/pex/pex_reactor.go @@ -1,4 +1,4 @@ -package p2p +package pex import ( "bytes" @@ -12,9 +12,13 @@ import ( wire "github.com/tendermint/go-wire" cmn "github.com/tendermint/tmlibs/common" - "github.com/tendermint/tendermint/p2p/addrbook" + "github.com/tendermint/tendermint/p2p" + "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/types" ) +type Peer = p2p.Peer + const ( // PexChannel is a channel for PEX messages PexChannel = byte(0x00) @@ -47,9 +51,9 @@ const ( // Only accept pexAddrsMsg from peers we sent a corresponding pexRequestMsg too. // Only accept one pexRequestMsg every ~defaultEnsurePeersPeriod. type PEXReactor struct { - BaseReactor + p2p.BaseReactor - book *addrbook.AddrBook + book AddrBook config *PEXReactorConfig ensurePeersPeriod time.Duration @@ -69,7 +73,7 @@ type PEXReactorConfig struct { } // NewPEXReactor creates new PEX reactor. -func NewPEXReactor(b *addrbook.AddrBook, config *PEXReactorConfig) *PEXReactor { +func NewPEXReactor(b AddrBook, config *PEXReactorConfig) *PEXReactor { r := &PEXReactor{ book: b, config: config, @@ -77,7 +81,7 @@ func NewPEXReactor(b *addrbook.AddrBook, config *PEXReactorConfig) *PEXReactor { requestsSent: cmn.NewCMap(), lastReceivedRequests: cmn.NewCMap(), } - r.BaseReactor = *NewBaseReactor("PEXReactor", r) + r.BaseReactor = *p2p.NewBaseReactor("PEXReactor", r) return r } @@ -113,8 +117,8 @@ func (r *PEXReactor) OnStop() { } // GetChannels implements Reactor -func (r *PEXReactor) GetChannels() []*ChannelDescriptor { - return []*ChannelDescriptor{ +func (r *PEXReactor) GetChannels() []*tmconn.ChannelDescriptor { + return []*tmconn.ChannelDescriptor{ { ID: PexChannel, Priority: 1, @@ -227,7 +231,7 @@ func (r *PEXReactor) RequestAddrs(p Peer) { // ReceiveAddrs adds the given addrs to the addrbook if theres an open // request for this peer and deletes the open request. // If there's no open request for the src peer, it returns an error. -func (r *PEXReactor) ReceiveAddrs(addrs []*NetAddress, src Peer) error { +func (r *PEXReactor) ReceiveAddrs(addrs []*types.NetAddress, src Peer) error { id := string(src.ID()) if !r.requestsSent.Has(id) { @@ -246,7 +250,7 @@ func (r *PEXReactor) ReceiveAddrs(addrs []*NetAddress, src Peer) error { } // SendAddrs sends addrs to the peer. -func (r *PEXReactor) SendAddrs(p Peer, netAddrs []*NetAddress) { +func (r *PEXReactor) SendAddrs(p Peer, netAddrs []*types.NetAddress) { p.Send(PexChannel, struct{ PexMessage }{&pexAddrsMessage{Addrs: netAddrs}}) } @@ -296,7 +300,7 @@ func (r *PEXReactor) ensurePeers() { // NOTE: range here is [10, 90]. Too high ? newBias := cmn.MinInt(numOutPeers, 8)*10 + 10 - toDial := make(map[ID]*NetAddress) + toDial := make(map[types.ID]*types.NetAddress) // Try maxAttempts times to pick numToDial addresses to dial maxAttempts := numToDial * 3 for i := 0; i < maxAttempts && len(toDial) < numToDial; i++ { @@ -319,10 +323,15 @@ func (r *PEXReactor) ensurePeers() { // Dial picked addresses for _, item := range toDial { - go func(picked *NetAddress) { + go func(picked *types.NetAddress) { _, err := r.Switch.DialPeerWithAddress(picked, false) if err != nil { - r.book.MarkAttempt(picked) + // TODO: detect more "bad peer" scenarios + if _, ok := err.(types.ErrSwitchAuthenticationFailure); ok { + r.book.MarkBad(picked) + } else { + r.book.MarkAttempt(picked) + } } }(item) } @@ -351,7 +360,7 @@ func (r *PEXReactor) checkSeeds() error { if lSeeds == 0 { return nil } - _, errs := NewNetAddressStrings(r.config.Seeds) + _, errs := types.NewNetAddressStrings(r.config.Seeds) for _, err := range errs { if err != nil { return err @@ -366,9 +375,10 @@ func (r *PEXReactor) dialSeeds() { if lSeeds == 0 { return } - seedAddrs, _ := NewNetAddressStrings(r.config.Seeds) + seedAddrs, _ := types.NewNetAddressStrings(r.config.Seeds) - perm := r.Switch.rng.Perm(lSeeds) + perm := rand.Perm(lSeeds) + // perm := r.Switch.rng.Perm(lSeeds) for _, i := range perm { // dial a random seed seedAddr := seedAddrs[i] @@ -410,7 +420,7 @@ func (r *PEXReactor) crawlPeersRoutine() { // network crawling performed during seed/crawler mode. type crawlPeerInfo struct { // The listening address of a potential peer we learned about - Addr *NetAddress + Addr *types.NetAddress // The last time we attempt to reach this address LastAttempt time.Time @@ -534,7 +544,7 @@ func (m *pexRequestMessage) String() string { A message with announced peer addresses. */ type pexAddrsMessage struct { - Addrs []*NetAddress + Addrs []*types.NetAddress } func (m *pexAddrsMessage) String() string { diff --git a/p2p/pex_reactor_test.go b/p2p/pex/pex_reactor_test.go similarity index 76% rename from p2p/pex_reactor_test.go rename to p2p/pex/pex_reactor_test.go index 44fd8b51c..439914ac8 100644 --- a/p2p/pex_reactor_test.go +++ b/p2p/pex/pex_reactor_test.go @@ -1,21 +1,35 @@ -package p2p +package pex import ( "fmt" "io/ioutil" - "math/rand" "os" "testing" "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + crypto "github.com/tendermint/go-crypto" wire "github.com/tendermint/go-wire" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" + + cfg "github.com/tendermint/tendermint/config" + "github.com/tendermint/tendermint/p2p" + "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/types" ) +var ( + config *cfg.P2PConfig +) + +func init() { + config = cfg.DefaultP2PConfig() + config.PexReactor = true +} + func TestPEXReactorBasic(t *testing.T) { assert, require := assert.New(t), require.New(t) @@ -45,7 +59,7 @@ func TestPEXReactorAddRemovePeer(t *testing.T) { r.SetLogger(log.TestingLogger()) size := book.Size() - peer := createRandomPeer(false) + peer := p2p.CreateRandomPeer(false) r.AddPeer(peer) assert.Equal(size+1, book.Size()) @@ -53,7 +67,7 @@ func TestPEXReactorAddRemovePeer(t *testing.T) { r.RemovePeer(peer, "peer not available") assert.Equal(size+1, book.Size()) - outboundPeer := createRandomPeer(true) + outboundPeer := p2p.CreateRandomPeer(true) r.AddPeer(outboundPeer) assert.Equal(size+1, book.Size(), "outbound peers should not be added to the address book") @@ -64,7 +78,7 @@ func TestPEXReactorAddRemovePeer(t *testing.T) { func TestPEXReactorRunning(t *testing.T) { N := 3 - switches := make([]*Switch, N) + switches := make([]*p2p.Switch, N) dir, err := ioutil.TempDir("", "pex_reactor") require.Nil(t, err) @@ -74,7 +88,7 @@ func TestPEXReactorRunning(t *testing.T) { // create switches for i := 0; i < N; i++ { - switches[i] = makeSwitch(config, i, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { + switches[i] = p2p.MakeSwitch(config, i, "127.0.0.1", "123.123.123", func(i int, sw *p2p.Switch) *p2p.Switch { sw.SetLogger(log.TestingLogger().With("switch", i)) r := NewPEXReactor(book, &PEXReactorConfig{}) @@ -87,9 +101,9 @@ func TestPEXReactorRunning(t *testing.T) { // fill the address book and add listeners for _, s := range switches { - addr, _ := NewNetAddressString(s.NodeInfo().ListenAddr) + addr, _ := types.NewNetAddressString(s.NodeInfo().ListenAddr) book.AddAddress(addr, addr) - s.AddListener(NewDefaultListener("tcp", s.NodeInfo().ListenAddr, true, log.TestingLogger())) + s.AddListener(p2p.NewDefaultListener("tcp", s.NodeInfo().ListenAddr, true, log.TestingLogger())) } // start switches @@ -106,7 +120,7 @@ func TestPEXReactorRunning(t *testing.T) { } } -func assertSomePeersWithTimeout(t *testing.T, switches []*Switch, checkPeriod, timeout time.Duration) { +func assertSomePeersWithTimeout(t *testing.T, switches []*p2p.Switch, checkPeriod, timeout time.Duration) { ticker := time.NewTicker(checkPeriod) remaining := timeout for { @@ -151,13 +165,13 @@ func TestPEXReactorReceive(t *testing.T) { r := NewPEXReactor(book, &PEXReactorConfig{}) r.SetLogger(log.TestingLogger()) - peer := createRandomPeer(false) + peer := p2p.CreateRandomPeer(false) // we have to send a request to receive responses r.RequestAddrs(peer) size := book.Size() - addrs := []*NetAddress{peer.NodeInfo().NetAddress()} + addrs := []*types.NetAddress{peer.NodeInfo().NetAddress()} msg := wire.BinaryBytes(struct{ PexMessage }{&pexAddrsMessage{Addrs: addrs}}) r.Receive(PexChannel, peer, msg) assert.Equal(size+1, book.Size()) @@ -176,14 +190,14 @@ func TestPEXReactorRequestMessageAbuse(t *testing.T) { book.SetLogger(log.TestingLogger()) r := NewPEXReactor(book, &PEXReactorConfig{}) - sw := makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { return sw }) + sw := p2p.MakeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *p2p.Switch) *p2p.Switch { return sw }) sw.SetLogger(log.TestingLogger()) sw.AddReactor("PEX", r) r.SetSwitch(sw) r.SetLogger(log.TestingLogger()) peer := newMockPeer() - sw.peers.Add(peer) + p2p.AddPeerToSwitch(sw, peer) assert.True(sw.Peers().Has(peer.ID())) id := string(peer.ID()) @@ -215,14 +229,14 @@ func TestPEXReactorAddrsMessageAbuse(t *testing.T) { book.SetLogger(log.TestingLogger()) r := NewPEXReactor(book, &PEXReactorConfig{}) - sw := makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { return sw }) + sw := p2p.MakeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *p2p.Switch) *p2p.Switch { return sw }) sw.SetLogger(log.TestingLogger()) sw.AddReactor("PEX", r) r.SetSwitch(sw) r.SetLogger(log.TestingLogger()) peer := newMockPeer() - sw.peers.Add(peer) + p2p.AddPeerToSwitch(sw, peer) assert.True(sw.Peers().Has(peer.ID())) id := string(peer.ID()) @@ -232,7 +246,7 @@ func TestPEXReactorAddrsMessageAbuse(t *testing.T) { assert.True(r.requestsSent.Has(id)) assert.True(sw.Peers().Has(peer.ID())) - addrs := []*NetAddress{peer.NodeInfo().NetAddress()} + addrs := []*types.NetAddress{peer.NodeInfo().NetAddress()} msg := wire.BinaryBytes(struct{ PexMessage }{&pexAddrsMessage{Addrs: addrs}}) // receive some addrs. should clear the request @@ -254,7 +268,7 @@ func TestPEXReactorUsesSeedsIfNeeded(t *testing.T) { book.SetLogger(log.TestingLogger()) // 1. create seed - seed := makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { + seed := p2p.MakeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *p2p.Switch) *p2p.Switch { sw.SetLogger(log.TestingLogger()) r := NewPEXReactor(book, &PEXReactorConfig{}) @@ -263,13 +277,13 @@ func TestPEXReactorUsesSeedsIfNeeded(t *testing.T) { sw.AddReactor("pex", r) return sw }) - seed.AddListener(NewDefaultListener("tcp", seed.NodeInfo().ListenAddr, true, log.TestingLogger())) + seed.AddListener(p2p.NewDefaultListener("tcp", seed.NodeInfo().ListenAddr, true, log.TestingLogger())) err = seed.Start() require.Nil(t, err) defer seed.Stop() // 2. create usual peer - sw := makeSwitch(config, 1, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { + sw := p2p.MakeSwitch(config, 1, "127.0.0.1", "123.123.123", func(i int, sw *p2p.Switch) *p2p.Switch { sw.SetLogger(log.TestingLogger()) r := NewPEXReactor(book, &PEXReactorConfig{Seeds: []string{seed.NodeInfo().ListenAddr}}) @@ -283,7 +297,7 @@ func TestPEXReactorUsesSeedsIfNeeded(t *testing.T) { defer sw.Stop() // 3. check that peer at least connects to seed - assertSomePeersWithTimeout(t, []*Switch{sw}, 10*time.Millisecond, 10*time.Second) + assertSomePeersWithTimeout(t, []*p2p.Switch{sw}, 10*time.Millisecond, 10*time.Second) } func TestPEXReactorCrawlStatus(t *testing.T) { @@ -297,7 +311,7 @@ func TestPEXReactorCrawlStatus(t *testing.T) { pexR := NewPEXReactor(book, &PEXReactorConfig{SeedMode: true}) // Seed/Crawler mode uses data from the Switch - makeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *Switch) *Switch { + p2p.MakeSwitch(config, 0, "127.0.0.1", "123.123.123", func(i int, sw *p2p.Switch) *p2p.Switch { pexR.SetLogger(log.TestingLogger()) sw.SetLogger(log.TestingLogger().With("switch", i)) sw.AddReactor("pex", pexR) @@ -305,13 +319,13 @@ func TestPEXReactorCrawlStatus(t *testing.T) { }) // Create a peer, add it to the peer set and the addrbook. - peer := createRandomPeer(false) - pexR.Switch.peers.Add(peer) + peer := p2p.CreateRandomPeer(false) + p2p.AddPeerToSwitch(pexR.Switch, peer) addr1 := peer.NodeInfo().NetAddress() pexR.book.AddAddress(addr1, addr1) // Add a non-connected address to the book. - _, addr2 := createRoutableAddr() + _, addr2 := p2p.CreateRoutableAddr() pexR.book.AddAddress(addr2, addr1) // Get some peerInfos to crawl @@ -323,44 +337,15 @@ func TestPEXReactorCrawlStatus(t *testing.T) { // TODO: test } -func createRoutableAddr() (addr string, netAddr *NetAddress) { - for { - var err error - addr = cmn.Fmt("%X@%v.%v.%v.%v:46656", cmn.RandBytes(20), rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256) - netAddr, err = NewNetAddressString(addr) - if err != nil { - panic(err) - } - if netAddr.Routable() { - break - } - } - return -} - -func createRandomPeer(outbound bool) *peer { - addr, netAddr := createRoutableAddr() - p := &peer{ - nodeInfo: NodeInfo{ - ListenAddr: netAddr.DialString(), - PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), - }, - outbound: outbound, - mconn: &MConnection{}, - } - p.SetLogger(log.TestingLogger().With("peer", addr)) - return p -} - type mockPeer struct { *cmn.BaseService pubKey crypto.PubKey - addr *NetAddress + addr *types.NetAddress outbound, persistent bool } func newMockPeer() mockPeer { - _, netAddr := createRoutableAddr() + _, netAddr := p2p.CreateRoutableAddr() mp := mockPeer{ addr: netAddr, pubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), @@ -370,17 +355,17 @@ func newMockPeer() mockPeer { return mp } -func (mp mockPeer) ID() ID { return PubKeyToID(mp.pubKey) } +func (mp mockPeer) ID() types.ID { return types.PubKeyToID(mp.pubKey) } func (mp mockPeer) IsOutbound() bool { return mp.outbound } func (mp mockPeer) IsPersistent() bool { return mp.persistent } -func (mp mockPeer) NodeInfo() NodeInfo { - return NodeInfo{ +func (mp mockPeer) NodeInfo() types.NodeInfo { + return types.NodeInfo{ PubKey: mp.pubKey, ListenAddr: mp.addr.DialString(), } } -func (mp mockPeer) Status() ConnectionStatus { return ConnectionStatus{} } -func (mp mockPeer) Send(byte, interface{}) bool { return false } -func (mp mockPeer) TrySend(byte, interface{}) bool { return false } -func (mp mockPeer) Set(string, interface{}) {} -func (mp mockPeer) Get(string) interface{} { return nil } +func (mp mockPeer) Status() tmconn.ConnectionStatus { return tmconn.ConnectionStatus{} } +func (mp mockPeer) Send(byte, interface{}) bool { return false } +func (mp mockPeer) TrySend(byte, interface{}) bool { return false } +func (mp mockPeer) Set(string, interface{}) {} +func (mp mockPeer) Get(string) interface{} { return nil } diff --git a/p2p/switch.go b/p2p/switch.go index db2e7d980..ec54478cf 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -11,6 +11,8 @@ import ( crypto "github.com/tendermint/go-crypto" cfg "github.com/tendermint/tendermint/config" + "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/types" cmn "github.com/tendermint/tmlibs/common" ) @@ -30,10 +32,11 @@ const ( reconnectBackOffBaseSeconds = 3 ) -var ( - ErrSwitchDuplicatePeer = errors.New("Duplicate peer") - ErrSwitchConnectToSelf = errors.New("Connect to self") -) +//----------------------------------------------------------------------------- + +type AddrBook interface { + AddAddress(addr *types.NetAddress, src *types.NetAddress) +} //----------------------------------------------------------------------------- @@ -48,12 +51,12 @@ type Switch struct { peerConfig *PeerConfig listeners []Listener reactors map[string]Reactor - chDescs []*ChannelDescriptor + chDescs []*tmconn.ChannelDescriptor reactorsByCh map[byte]Reactor peers *PeerSet dialing *cmn.CMap - nodeInfo NodeInfo // our node info - nodeKey *NodeKey // our node privkey + nodeInfo types.NodeInfo // our node info + nodeKey *types.NodeKey // our node privkey filterConnByAddr func(net.Addr) error filterConnByPubKey func(crypto.PubKey) error @@ -66,7 +69,7 @@ func NewSwitch(config *cfg.P2PConfig) *Switch { config: config, peerConfig: DefaultPeerConfig(), reactors: make(map[string]Reactor), - chDescs: make([]*ChannelDescriptor, 0), + chDescs: make([]*tmconn.ChannelDescriptor, 0), reactorsByCh: make(map[byte]Reactor), peers: NewPeerSet(), dialing: cmn.NewCMap(), @@ -77,10 +80,10 @@ func NewSwitch(config *cfg.P2PConfig) *Switch { sw.rng = rand.New(rand.NewSource(cmn.RandInt64())) // TODO: collapse the peerConfig into the config ? - sw.peerConfig.MConfig.flushThrottle = time.Duration(config.FlushThrottleTimeout) * time.Millisecond + sw.peerConfig.MConfig.FlushThrottle = time.Duration(config.FlushThrottleTimeout) * time.Millisecond sw.peerConfig.MConfig.SendRate = config.SendRate sw.peerConfig.MConfig.RecvRate = config.RecvRate - sw.peerConfig.MConfig.maxMsgPacketPayloadSize = config.MaxMsgPacketPayloadSize + sw.peerConfig.MConfig.MaxMsgPacketPayloadSize = config.MaxMsgPacketPayloadSize sw.BaseService = *cmn.NewBaseService(nil, "P2P Switch", sw) return sw @@ -140,19 +143,19 @@ func (sw *Switch) IsListening() bool { // SetNodeInfo sets the switch's NodeInfo for checking compatibility and handshaking with other nodes. // NOTE: Not goroutine safe. -func (sw *Switch) SetNodeInfo(nodeInfo NodeInfo) { +func (sw *Switch) SetNodeInfo(nodeInfo types.NodeInfo) { sw.nodeInfo = nodeInfo } // NodeInfo returns the switch's NodeInfo. // NOTE: Not goroutine safe. -func (sw *Switch) NodeInfo() NodeInfo { +func (sw *Switch) NodeInfo() types.NodeInfo { return sw.nodeInfo } // SetNodeKey sets the switch's private key for authenticated encryption. // NOTE: Not goroutine safe. -func (sw *Switch) SetNodeKey(nodeKey *NodeKey) { +func (sw *Switch) SetNodeKey(nodeKey *types.NodeKey) { sw.nodeKey = nodeKey } @@ -311,13 +314,13 @@ func (sw *Switch) reconnectToPeer(peer Peer) { // Dialing // IsDialing returns true if the switch is currently dialing the given ID. -func (sw *Switch) IsDialing(id ID) bool { +func (sw *Switch) IsDialing(id types.ID) bool { return sw.dialing.Has(string(id)) } // DialPeersAsync dials a list of peers asynchronously in random order (optionally, making them persistent). -func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent bool) error { - netAddrs, errs := NewNetAddressStrings(peers) +func (sw *Switch) DialPeersAsync(addrBook AddrBook, peers []string, persistent bool) error { + netAddrs, errs := types.NewNetAddressStrings(peers) for _, err := range errs { sw.Logger.Error("Error in peer's address", "err", err) } @@ -330,6 +333,7 @@ func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent if netAddr.Same(ourAddr) { continue } + // TODO: move this out of here ? addrBook.AddAddress(netAddr, ourAddr) } } @@ -353,7 +357,7 @@ func (sw *Switch) DialPeersAsync(addrBook *AddrBook, peers []string, persistent // DialPeerWithAddress dials the given peer and runs sw.addPeer if it connects and authenticates successfully. // If `persistent == true`, the switch will always try to reconnect to this peer if the connection ever fails. -func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, error) { +func (sw *Switch) DialPeerWithAddress(addr *types.NetAddress, persistent bool) (Peer, error) { sw.dialing.Set(string(addr.ID), addr) defer sw.dialing.Delete(string(addr.ID)) return sw.addOutboundPeerWithConfig(addr, sw.peerConfig, persistent) @@ -439,7 +443,7 @@ func (sw *Switch) addInboundPeerWithConfig(conn net.Conn, config *PeerConfig) er // dial the peer; make secret connection; authenticate against the dialed ID; // add the peer. -func (sw *Switch) addOutboundPeerWithConfig(addr *NetAddress, config *PeerConfig, persistent bool) (Peer, error) { +func (sw *Switch) addOutboundPeerWithConfig(addr *types.NetAddress, config *PeerConfig, persistent bool) (Peer, error) { sw.Logger.Info("Dialing peer", "address", addr) peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config, persistent) if err != nil { @@ -453,7 +457,7 @@ func (sw *Switch) addOutboundPeerWithConfig(addr *NetAddress, config *PeerConfig peer.Logger.Info("Dialed peer with unknown ID - unable to authenticate", "addr", addr) } else if addr.ID != peer.ID() { peer.CloseConn() - return nil, fmt.Errorf("Failed to authenticate peer %v. Connected to peer with ID %s", addr, peer.ID()) + return nil, types.ErrSwitchAuthenticationFailure{addr, peer.ID()} } err = sw.addPeer(peer) @@ -474,12 +478,12 @@ func (sw *Switch) addOutboundPeerWithConfig(addr *NetAddress, config *PeerConfig func (sw *Switch) addPeer(peer *peer) error { // Avoid self if sw.nodeKey.ID() == peer.ID() { - return ErrSwitchConnectToSelf + return types.ErrSwitchConnectToSelf } // Avoid duplicate if sw.peers.Has(peer.ID()) { - return ErrSwitchDuplicatePeer + return types.ErrSwitchDuplicatePeer } diff --git a/p2p/switch_test.go b/p2p/switch_test.go index a729698e9..ae7e89e77 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -16,6 +16,8 @@ import ( "github.com/tendermint/tmlibs/log" cfg "github.com/tendermint/tendermint/config" + "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/types" ) var ( @@ -28,7 +30,7 @@ func init() { } type PeerMessage struct { - PeerID ID + PeerID types.ID Bytes []byte Counter int } @@ -37,7 +39,7 @@ type TestReactor struct { BaseReactor mtx sync.Mutex - channels []*ChannelDescriptor + channels []*tmconn.ChannelDescriptor peersAdded []Peer peersRemoved []Peer logMessages bool @@ -45,7 +47,7 @@ type TestReactor struct { msgsReceived map[byte][]PeerMessage } -func NewTestReactor(channels []*ChannelDescriptor, logMessages bool) *TestReactor { +func NewTestReactor(channels []*tmconn.ChannelDescriptor, logMessages bool) *TestReactor { tr := &TestReactor{ channels: channels, logMessages: logMessages, @@ -56,7 +58,7 @@ func NewTestReactor(channels []*ChannelDescriptor, logMessages bool) *TestReacto return tr } -func (tr *TestReactor) GetChannels() []*ChannelDescriptor { +func (tr *TestReactor) GetChannels() []*tmconn.ChannelDescriptor { return tr.channels } @@ -92,7 +94,7 @@ func (tr *TestReactor) getMsgs(chID byte) []PeerMessage { // convenience method for creating two switches connected to each other. // XXX: note this uses net.Pipe and not a proper TCP conn -func makeSwitchPair(t testing.TB, initSwitch func(int, *Switch) *Switch) (*Switch, *Switch) { +func MakeSwitchPair(t testing.TB, initSwitch func(int, *Switch) *Switch) (*Switch, *Switch) { // Create two switches that will be interconnected. switches := MakeConnectedSwitches(config, 2, initSwitch, Connect2Switches) return switches[0], switches[1] @@ -100,11 +102,11 @@ func makeSwitchPair(t testing.TB, initSwitch func(int, *Switch) *Switch) (*Switc func initSwitchFunc(i int, sw *Switch) *Switch { // Make two reactors of two channels each - sw.AddReactor("foo", NewTestReactor([]*ChannelDescriptor{ + sw.AddReactor("foo", NewTestReactor([]*tmconn.ChannelDescriptor{ {ID: byte(0x00), Priority: 10}, {ID: byte(0x01), Priority: 10}, }, true)) - sw.AddReactor("bar", NewTestReactor([]*ChannelDescriptor{ + sw.AddReactor("bar", NewTestReactor([]*tmconn.ChannelDescriptor{ {ID: byte(0x02), Priority: 10}, {ID: byte(0x03), Priority: 10}, }, true)) @@ -112,7 +114,7 @@ func initSwitchFunc(i int, sw *Switch) *Switch { } func TestSwitches(t *testing.T) { - s1, s2 := makeSwitchPair(t, initSwitchFunc) + s1, s2 := MakeSwitchPair(t, initSwitchFunc) defer s1.Stop() defer s2.Stop() @@ -156,12 +158,12 @@ func assertMsgReceivedWithTimeout(t *testing.T, msg string, channel byte, reacto } func TestConnAddrFilter(t *testing.T) { - s1 := makeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) - s2 := makeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) + s1 := MakeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) + s2 := MakeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) defer s1.Stop() defer s2.Stop() - c1, c2 := netPipe() + c1, c2 := tmconn.NetPipe() s1.SetAddrFilter(func(addr net.Addr) error { if addr.String() == c1.RemoteAddr().String() { @@ -192,12 +194,12 @@ func assertNoPeersAfterTimeout(t *testing.T, sw *Switch, timeout time.Duration) } func TestConnPubKeyFilter(t *testing.T) { - s1 := makeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) - s2 := makeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) + s1 := MakeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) + s2 := MakeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) defer s1.Stop() defer s2.Stop() - c1, c2 := netPipe() + c1, c2 := tmconn.NetPipe() // set pubkey filter s1.SetPubKeyFilter(func(pubkey crypto.PubKey) error { @@ -224,7 +226,7 @@ func TestConnPubKeyFilter(t *testing.T) { func TestSwitchStopsNonPersistentPeerOnError(t *testing.T) { assert, require := assert.New(t), require.New(t) - sw := makeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) + sw := MakeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) err := sw.Start() if err != nil { t.Error(err) @@ -251,7 +253,7 @@ func TestSwitchStopsNonPersistentPeerOnError(t *testing.T) { func TestSwitchReconnectsToPersistentPeer(t *testing.T) { assert, require := assert.New(t), require.New(t) - sw := makeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) + sw := MakeSwitch(config, 1, "testing", "123.123.123", initSwitchFunc) err := sw.Start() if err != nil { t.Error(err) @@ -302,13 +304,13 @@ func TestSwitchFullConnectivity(t *testing.T) { func BenchmarkSwitches(b *testing.B) { b.StopTimer() - s1, s2 := makeSwitchPair(b, func(i int, sw *Switch) *Switch { + s1, s2 := MakeSwitchPair(b, func(i int, sw *Switch) *Switch { // Make bar reactors of bar channels each - sw.AddReactor("foo", NewTestReactor([]*ChannelDescriptor{ + sw.AddReactor("foo", NewTestReactor([]*tmconn.ChannelDescriptor{ {ID: byte(0x00), Priority: 10}, {ID: byte(0x01), Priority: 10}, }, false)) - sw.AddReactor("bar", NewTestReactor([]*ChannelDescriptor{ + sw.AddReactor("bar", NewTestReactor([]*tmconn.ChannelDescriptor{ {ID: byte(0x02), Priority: 10}, {ID: byte(0x03), Priority: 10}, }, false)) diff --git a/p2p/test_util.go b/p2p/test_util.go index dca23a0ea..aad6fb232 100644 --- a/p2p/test_util.go +++ b/p2p/test_util.go @@ -5,11 +5,47 @@ import ( "net" crypto "github.com/tendermint/go-crypto" - cfg "github.com/tendermint/tendermint/config" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" + + cfg "github.com/tendermint/tendermint/config" + "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/types" ) +func AddPeerToSwitch(sw *Switch, peer Peer) { + sw.peers.Add(peer) +} + +func CreateRandomPeer(outbound bool) *peer { + addr, netAddr := CreateRoutableAddr() + p := &peer{ + nodeInfo: types.NodeInfo{ + ListenAddr: netAddr.DialString(), + PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), + }, + outbound: outbound, + mconn: &tmconn.MConnection{}, + } + p.SetLogger(log.TestingLogger().With("peer", addr)) + return p +} + +func CreateRoutableAddr() (addr string, netAddr *types.NetAddress) { + for { + var err error + addr = cmn.Fmt("%X@%v.%v.%v.%v:46656", cmn.RandBytes(20), rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256) + netAddr, err = types.NewNetAddressString(addr) + if err != nil { + panic(err) + } + if netAddr.Routable() { + break + } + } + return +} + //------------------------------------------------------------------ // Connects switches via arbitrary net.Conn. Used for testing. @@ -20,7 +56,7 @@ import ( func MakeConnectedSwitches(cfg *cfg.P2PConfig, n int, initSwitch func(int, *Switch) *Switch, connect func([]*Switch, int, int)) []*Switch { switches := make([]*Switch, n) for i := 0; i < n; i++ { - switches[i] = makeSwitch(cfg, i, "testing", "123.123.123", initSwitch) + switches[i] = MakeSwitch(cfg, i, "testing", "123.123.123", initSwitch) } if err := StartSwitches(switches); err != nil { @@ -42,7 +78,7 @@ func MakeConnectedSwitches(cfg *cfg.P2PConfig, n int, initSwitch func(int, *Swit func Connect2Switches(switches []*Switch, i, j int) { switchI := switches[i] switchJ := switches[j] - c1, c2 := netPipe() + c1, c2 := tmconn.NetPipe() doneCh := make(chan struct{}) go func() { err := switchI.addPeerWithConnection(c1) @@ -91,16 +127,16 @@ func StartSwitches(switches []*Switch) error { return nil } -func makeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch func(int, *Switch) *Switch) *Switch { +func MakeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch func(int, *Switch) *Switch) *Switch { // new switch, add reactors // TODO: let the config be passed in? - nodeKey := &NodeKey{ + nodeKey := &types.NodeKey{ PrivKey: crypto.GenPrivKeyEd25519().Wrap(), } s := NewSwitch(cfg) s.SetLogger(log.TestingLogger()) s = initSwitch(i, s) - s.SetNodeInfo(NodeInfo{ + s.SetNodeInfo(types.NodeInfo{ PubKey: nodeKey.PubKey(), Moniker: cmn.Fmt("switch%d", i), Network: network, diff --git a/p2p/conn_go110.go b/p2p/tmconn/conn_go110.go similarity index 86% rename from p2p/conn_go110.go rename to p2p/tmconn/conn_go110.go index 2fca7c3df..75e55d855 100644 --- a/p2p/conn_go110.go +++ b/p2p/tmconn/conn_go110.go @@ -1,6 +1,6 @@ // +build go1.10 -package p2p +package tmconn // Go1.10 has a proper net.Conn implementation that // has the SetDeadline method implemented as per @@ -10,6 +10,6 @@ package p2p import "net" -func netPipe() (net.Conn, net.Conn) { +func NetPipe() (net.Conn, net.Conn) { return net.Pipe() } diff --git a/p2p/conn_notgo110.go b/p2p/tmconn/conn_notgo110.go similarity index 93% rename from p2p/conn_notgo110.go rename to p2p/tmconn/conn_notgo110.go index a5c2f7410..bb72d64a1 100644 --- a/p2p/conn_notgo110.go +++ b/p2p/tmconn/conn_notgo110.go @@ -1,6 +1,6 @@ // +build !go1.10 -package p2p +package tmconn import ( "net" @@ -24,7 +24,7 @@ func (p *pipe) SetDeadline(t time.Time) error { return nil } -func netPipe() (net.Conn, net.Conn) { +func NetPipe() (net.Conn, net.Conn) { p1, p2 := net.Pipe() return &pipe{p1}, &pipe{p2} } diff --git a/p2p/connection.go b/p2p/tmconn/connection.go similarity index 98% rename from p2p/connection.go rename to p2p/tmconn/connection.go index dcb660967..92c48c360 100644 --- a/p2p/connection.go +++ b/p2p/tmconn/connection.go @@ -1,4 +1,4 @@ -package p2p +package tmconn import ( "bufio" @@ -97,13 +97,13 @@ type MConnConfig struct { SendRate int64 `mapstructure:"send_rate"` RecvRate int64 `mapstructure:"recv_rate"` - maxMsgPacketPayloadSize int + MaxMsgPacketPayloadSize int - flushThrottle time.Duration + FlushThrottle time.Duration } func (cfg *MConnConfig) maxMsgPacketTotalSize() int { - return cfg.maxMsgPacketPayloadSize + maxMsgPacketOverheadSize + return cfg.MaxMsgPacketPayloadSize + maxMsgPacketOverheadSize } // DefaultMConnConfig returns the default config. @@ -111,8 +111,8 @@ func DefaultMConnConfig() *MConnConfig { return &MConnConfig{ SendRate: defaultSendRate, RecvRate: defaultRecvRate, - maxMsgPacketPayloadSize: defaultMaxMsgPacketPayloadSize, - flushThrottle: defaultFlushThrottle, + MaxMsgPacketPayloadSize: defaultMaxMsgPacketPayloadSize, + FlushThrottle: defaultFlushThrottle, } } @@ -171,7 +171,7 @@ func (c *MConnection) OnStart() error { return err } c.quit = make(chan struct{}) - c.flushTimer = cmn.NewThrottleTimer("flush", c.config.flushThrottle) + c.flushTimer = cmn.NewThrottleTimer("flush", c.config.FlushThrottle) c.pingTimer = cmn.NewRepeatTimer("ping", pingTimeout) c.chStatsTimer = cmn.NewRepeatTimer("chStats", updateStats) go c.sendRoutine() @@ -586,7 +586,7 @@ func newChannel(conn *MConnection, desc ChannelDescriptor) *Channel { desc: desc, sendQueue: make(chan []byte, desc.SendQueueCapacity), recving: make([]byte, 0, desc.RecvBufferCapacity), - maxMsgPacketPayloadSize: conn.config.maxMsgPacketPayloadSize, + maxMsgPacketPayloadSize: conn.config.MaxMsgPacketPayloadSize, } } diff --git a/p2p/connection_test.go b/p2p/tmconn/connection_test.go similarity index 97% rename from p2p/connection_test.go rename to p2p/tmconn/connection_test.go index 2a64764ea..65ae017cb 100644 --- a/p2p/connection_test.go +++ b/p2p/tmconn/connection_test.go @@ -1,4 +1,4 @@ -package p2p +package tmconn import ( "net" @@ -31,7 +31,7 @@ func createMConnectionWithCallbacks(conn net.Conn, onReceive func(chID byte, msg func TestMConnectionSend(t *testing.T) { assert, require := assert.New(t), require.New(t) - server, client := netPipe() + server, client := NetPipe() defer server.Close() // nolint: errcheck defer client.Close() // nolint: errcheck @@ -64,7 +64,7 @@ func TestMConnectionSend(t *testing.T) { func TestMConnectionReceive(t *testing.T) { assert, require := assert.New(t), require.New(t) - server, client := netPipe() + server, client := NetPipe() defer server.Close() // nolint: errcheck defer client.Close() // nolint: errcheck @@ -102,7 +102,7 @@ func TestMConnectionReceive(t *testing.T) { func TestMConnectionStatus(t *testing.T) { assert, require := assert.New(t), require.New(t) - server, client := netPipe() + server, client := NetPipe() defer server.Close() // nolint: errcheck defer client.Close() // nolint: errcheck @@ -119,7 +119,7 @@ func TestMConnectionStatus(t *testing.T) { func TestMConnectionStopsAndReturnsError(t *testing.T) { assert, require := assert.New(t), require.New(t) - server, client := netPipe() + server, client := NetPipe() defer server.Close() // nolint: errcheck defer client.Close() // nolint: errcheck @@ -152,7 +152,7 @@ func TestMConnectionStopsAndReturnsError(t *testing.T) { } func newClientAndServerConnsForReadErrors(require *require.Assertions, chOnErr chan struct{}) (*MConnection, *MConnection) { - server, client := netPipe() + server, client := NetPipe() onReceive := func(chID byte, msgBytes []byte) {} onError := func(r interface{}) {} @@ -283,7 +283,7 @@ func TestMConnectionReadErrorUnknownMsgType(t *testing.T) { func TestMConnectionTrySend(t *testing.T) { assert, require := assert.New(t), require.New(t) - server, client := netPipe() + server, client := NetPipe() defer server.Close() defer client.Close() diff --git a/p2p/secret_connection.go b/p2p/tmconn/secret_connection.go similarity index 99% rename from p2p/secret_connection.go rename to p2p/tmconn/secret_connection.go index f022d9c35..e1a3e0506 100644 --- a/p2p/secret_connection.go +++ b/p2p/tmconn/secret_connection.go @@ -4,7 +4,7 @@ // is known ahead of time, and thus we are technically // still vulnerable to MITM. (TODO!) // See docs/sts-final.pdf for more info -package p2p +package tmconn import ( "bytes" diff --git a/p2p/secret_connection_test.go b/p2p/tmconn/secret_connection_test.go similarity index 99% rename from p2p/secret_connection_test.go rename to p2p/tmconn/secret_connection_test.go index 5e0611a87..5ef2c410e 100644 --- a/p2p/secret_connection_test.go +++ b/p2p/tmconn/secret_connection_test.go @@ -1,4 +1,4 @@ -package p2p +package tmconn import ( "io" diff --git a/p2p/types/errors.go b/p2p/types/errors.go new file mode 100644 index 000000000..ead2a8334 --- /dev/null +++ b/p2p/types/errors.go @@ -0,0 +1,20 @@ +package types + +import ( + "errors" + "fmt" +) + +var ( + ErrSwitchDuplicatePeer = errors.New("Duplicate peer") + ErrSwitchConnectToSelf = errors.New("Connect to self") +) + +type ErrSwitchAuthenticationFailure struct { + Dialed *NetAddress + Got ID +} + +func (e ErrSwitchAuthenticationFailure) Error() string { + return fmt.Sprintf("Failed to authenticate peer. Dialed %v, but got peer with ID %s", e.Dialed, e.Got) +} diff --git a/p2p/key.go b/p2p/types/key.go similarity index 99% rename from p2p/key.go rename to p2p/types/key.go index ea0f0b071..4ce5ee500 100644 --- a/p2p/key.go +++ b/p2p/types/key.go @@ -1,4 +1,4 @@ -package p2p +package types import ( "bytes" diff --git a/p2p/key_test.go b/p2p/types/key_test.go similarity index 98% rename from p2p/key_test.go rename to p2p/types/key_test.go index c2e1f3e0e..f18fb3b92 100644 --- a/p2p/key_test.go +++ b/p2p/types/key_test.go @@ -1,4 +1,4 @@ -package p2p +package types import ( "bytes" diff --git a/p2p/netaddress.go b/p2p/types/netaddress.go similarity index 99% rename from p2p/netaddress.go rename to p2p/types/netaddress.go index 333d16e5d..f0b397e8e 100644 --- a/p2p/netaddress.go +++ b/p2p/types/netaddress.go @@ -2,7 +2,7 @@ // Originally Copyright (c) 2013-2014 Conformal Systems LLC. // https://github.com/conformal/btcd/blob/master/LICENSE -package p2p +package types import ( "encoding/hex" diff --git a/p2p/netaddress_test.go b/p2p/types/netaddress_test.go similarity index 99% rename from p2p/netaddress_test.go rename to p2p/types/netaddress_test.go index 6c1930a2f..0119cc3b1 100644 --- a/p2p/netaddress_test.go +++ b/p2p/types/netaddress_test.go @@ -1,4 +1,4 @@ -package p2p +package types import ( "net" diff --git a/p2p/types.go b/p2p/types/node_info.go similarity index 97% rename from p2p/types.go rename to p2p/types/node_info.go index d93adc9b6..10c486852 100644 --- a/p2p/types.go +++ b/p2p/types/node_info.go @@ -1,4 +1,4 @@ -package p2p +package types import ( "fmt" @@ -11,6 +11,10 @@ import ( const maxNodeInfoSize = 10240 // 10Kb +func MaxNodeInfoSize() int { + return maxNodeInfoSize +} + // NodeInfo is the basic node information exchanged // between two peers during the Tendermint P2P handshake. type NodeInfo struct { From 0d7d16005a256e9080fd8df45e0483bfe90d18ed Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 20 Jan 2018 21:44:09 -0500 Subject: [PATCH 094/188] fixes --- node/node.go | 14 ++++++++------ p2p/switch.go | 2 +- p2p/types.go | 12 ++++++++++++ rpc/core/pipe.go | 6 +++--- 4 files changed, 24 insertions(+), 10 deletions(-) create mode 100644 p2p/types.go diff --git a/node/node.go b/node/node.go index 3012ed057..cab8aa805 100644 --- a/node/node.go +++ b/node/node.go @@ -22,7 +22,9 @@ import ( "github.com/tendermint/tendermint/evidence" mempl "github.com/tendermint/tendermint/mempool" "github.com/tendermint/tendermint/p2p" + "github.com/tendermint/tendermint/p2p/pex" "github.com/tendermint/tendermint/p2p/trust" + p2ptypes "github.com/tendermint/tendermint/p2p/types" "github.com/tendermint/tendermint/proxy" rpccore "github.com/tendermint/tendermint/rpc/core" grpccore "github.com/tendermint/tendermint/rpc/grpc" @@ -97,7 +99,7 @@ type Node struct { // network sw *p2p.Switch // p2p connections - addrBook *p2p.AddrBook // known peers + addrBook pex.AddrBook // known peers trustMetricStore *trust.TrustMetricStore // trust metrics for all peers // services @@ -238,10 +240,10 @@ func NewNode(config *cfg.Config, sw.AddReactor("EVIDENCE", evidenceReactor) // Optionally, start the pex reactor - var addrBook *p2p.AddrBook + var addrBook pex.AddrBook var trustMetricStore *trust.TrustMetricStore if config.P2P.PexReactor { - addrBook = p2p.NewAddrBook(config.P2P.AddrBookFile(), config.P2P.AddrBookStrict) + addrBook = pex.NewAddrBook(config.P2P.AddrBookFile(), config.P2P.AddrBookStrict) addrBook.SetLogger(p2pLogger.With("book", config.P2P.AddrBookFile())) // Get the trust metric history data @@ -256,8 +258,8 @@ func NewNode(config *cfg.Config, if config.P2P.Seeds != "" { seeds = strings.Split(config.P2P.Seeds, ",") } - pexReactor := p2p.NewPEXReactor(addrBook, - &p2p.PEXReactorConfig{Seeds: seeds}) + pexReactor := pex.NewPEXReactor(addrBook, + &pex.PEXReactorConfig{Seeds: seeds}) pexReactor.SetLogger(p2pLogger) sw.AddReactor("PEX", pexReactor) } @@ -374,7 +376,7 @@ func (n *Node) OnStart() error { // Generate node PrivKey // TODO: pass in like priv_val - nodeKey, err := p2p.LoadOrGenNodeKey(n.config.NodeKeyFile()) + nodeKey, err := p2ptypes.LoadOrGenNodeKey(n.config.NodeKeyFile()) if err != nil { return err } diff --git a/p2p/switch.go b/p2p/switch.go index ec54478cf..c9938374c 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -35,7 +35,7 @@ const ( //----------------------------------------------------------------------------- type AddrBook interface { - AddAddress(addr *types.NetAddress, src *types.NetAddress) + AddAddress(addr *types.NetAddress, src *types.NetAddress) error } //----------------------------------------------------------------------------- diff --git a/p2p/types.go b/p2p/types.go new file mode 100644 index 000000000..db7469ec0 --- /dev/null +++ b/p2p/types.go @@ -0,0 +1,12 @@ +package p2p + +import ( + "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/types" +) + +type ID = types.ID +type NodeInfo = types.NodeInfo + +type ChannelDescriptor = tmconn.ChannelDescriptor +type ConnectionStatus = tmconn.ConnectionStatus diff --git a/rpc/core/pipe.go b/rpc/core/pipe.go index 301977ac3..2edb3f3d1 100644 --- a/rpc/core/pipe.go +++ b/rpc/core/pipe.go @@ -32,7 +32,7 @@ type P2P interface { NumPeers() (outbound, inbound, dialig int) NodeInfo() p2p.NodeInfo IsListening() bool - DialPeersAsync(*p2p.AddrBook, []string, bool) error + DialPeersAsync(p2p.AddrBook, []string, bool) error } //---------------------------------------------- @@ -54,7 +54,7 @@ var ( // objects pubKey crypto.PubKey genDoc *types.GenesisDoc // cache the genesis structure - addrBook *p2p.AddrBook + addrBook p2p.AddrBook txIndexer txindex.TxIndexer consensusReactor *consensus.ConsensusReactor eventBus *types.EventBus // thread safe @@ -94,7 +94,7 @@ func SetGenesisDoc(doc *types.GenesisDoc) { genDoc = doc } -func SetAddrBook(book *p2p.AddrBook) { +func SetAddrBook(book p2p.AddrBook) { addrBook = book } From 44e967184a6f44f9d788015f265e9bb1a926688c Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 21 Jan 2018 00:33:53 -0500 Subject: [PATCH 095/188] p2p: tmconn->conn and types->p2p --- node/node.go | 3 +- p2p/base_reactor.go | 6 +-- p2p/{tmconn => conn}/conn_go110.go | 2 +- p2p/{tmconn => conn}/conn_notgo110.go | 2 +- p2p/{tmconn => conn}/connection.go | 2 +- p2p/{tmconn => conn}/connection_test.go | 2 +- p2p/{tmconn => conn}/secret_connection.go | 2 +- .../secret_connection_test.go | 2 +- p2p/{types => }/errors.go | 2 +- p2p/{types => }/key.go | 2 +- p2p/{types => }/key_test.go | 2 +- p2p/listener.go | 27 +++++----- p2p/{types => }/netaddress.go | 2 +- p2p/{types => }/netaddress_test.go | 2 +- p2p/{types => }/node_info.go | 2 +- p2p/peer.go | 29 +++++----- p2p/peer_set.go | 16 +++--- p2p/peer_set_test.go | 5 +- p2p/peer_test.go | 15 +++--- p2p/pex/addrbook.go | 53 +++++++++---------- p2p/pex/addrbook_test.go | 14 ++--- p2p/pex/known_address.go | 10 ++-- p2p/pex/pex_reactor.go | 25 +++++---- p2p/pex/pex_reactor_test.go | 27 +++++----- p2p/switch.go | 33 ++++++------ p2p/switch_test.go | 23 ++++---- p2p/test_util.go | 17 +++--- p2p/types.go | 10 ++-- 28 files changed, 160 insertions(+), 177 deletions(-) rename p2p/{tmconn => conn}/conn_go110.go (96%) rename p2p/{tmconn => conn}/conn_notgo110.go (98%) rename p2p/{tmconn => conn}/connection.go (99%) rename p2p/{tmconn => conn}/connection_test.go (99%) rename p2p/{tmconn => conn}/secret_connection.go (99%) rename p2p/{tmconn => conn}/secret_connection_test.go (99%) rename p2p/{types => }/errors.go (96%) rename p2p/{types => }/key.go (99%) rename p2p/{types => }/key_test.go (98%) rename p2p/{types => }/netaddress.go (99%) rename p2p/{types => }/netaddress_test.go (99%) rename p2p/{types => }/node_info.go (99%) diff --git a/node/node.go b/node/node.go index cab8aa805..bdbf12f82 100644 --- a/node/node.go +++ b/node/node.go @@ -24,7 +24,6 @@ import ( "github.com/tendermint/tendermint/p2p" "github.com/tendermint/tendermint/p2p/pex" "github.com/tendermint/tendermint/p2p/trust" - p2ptypes "github.com/tendermint/tendermint/p2p/types" "github.com/tendermint/tendermint/proxy" rpccore "github.com/tendermint/tendermint/rpc/core" grpccore "github.com/tendermint/tendermint/rpc/grpc" @@ -376,7 +375,7 @@ func (n *Node) OnStart() error { // Generate node PrivKey // TODO: pass in like priv_val - nodeKey, err := p2ptypes.LoadOrGenNodeKey(n.config.NodeKeyFile()) + nodeKey, err := p2p.LoadOrGenNodeKey(n.config.NodeKeyFile()) if err != nil { return err } diff --git a/p2p/base_reactor.go b/p2p/base_reactor.go index a24a7629b..20525e675 100644 --- a/p2p/base_reactor.go +++ b/p2p/base_reactor.go @@ -1,7 +1,7 @@ package p2p import ( - "github.com/tendermint/tendermint/p2p/tmconn" + "github.com/tendermint/tendermint/p2p/conn" cmn "github.com/tendermint/tmlibs/common" ) @@ -9,7 +9,7 @@ type Reactor interface { cmn.Service // Start, Stop SetSwitch(*Switch) - GetChannels() []*tmconn.ChannelDescriptor + GetChannels() []*conn.ChannelDescriptor AddPeer(peer Peer) RemovePeer(peer Peer, reason interface{}) Receive(chID byte, peer Peer, msgBytes []byte) // CONTRACT: msgBytes are not nil @@ -32,7 +32,7 @@ func NewBaseReactor(name string, impl Reactor) *BaseReactor { func (br *BaseReactor) SetSwitch(sw *Switch) { br.Switch = sw } -func (_ *BaseReactor) GetChannels() []*tmconn.ChannelDescriptor { return nil } +func (_ *BaseReactor) GetChannels() []*conn.ChannelDescriptor { return nil } func (_ *BaseReactor) AddPeer(peer Peer) {} func (_ *BaseReactor) RemovePeer(peer Peer, reason interface{}) {} func (_ *BaseReactor) Receive(chID byte, peer Peer, msgBytes []byte) {} diff --git a/p2p/tmconn/conn_go110.go b/p2p/conn/conn_go110.go similarity index 96% rename from p2p/tmconn/conn_go110.go rename to p2p/conn/conn_go110.go index 75e55d855..682188101 100644 --- a/p2p/tmconn/conn_go110.go +++ b/p2p/conn/conn_go110.go @@ -1,6 +1,6 @@ // +build go1.10 -package tmconn +package conn // Go1.10 has a proper net.Conn implementation that // has the SetDeadline method implemented as per diff --git a/p2p/tmconn/conn_notgo110.go b/p2p/conn/conn_notgo110.go similarity index 98% rename from p2p/tmconn/conn_notgo110.go rename to p2p/conn/conn_notgo110.go index bb72d64a1..ed642eb54 100644 --- a/p2p/tmconn/conn_notgo110.go +++ b/p2p/conn/conn_notgo110.go @@ -1,6 +1,6 @@ // +build !go1.10 -package tmconn +package conn import ( "net" diff --git a/p2p/tmconn/connection.go b/p2p/conn/connection.go similarity index 99% rename from p2p/tmconn/connection.go rename to p2p/conn/connection.go index 92c48c360..71b2a13d0 100644 --- a/p2p/tmconn/connection.go +++ b/p2p/conn/connection.go @@ -1,4 +1,4 @@ -package tmconn +package conn import ( "bufio" diff --git a/p2p/tmconn/connection_test.go b/p2p/conn/connection_test.go similarity index 99% rename from p2p/tmconn/connection_test.go rename to p2p/conn/connection_test.go index 65ae017cb..9c8eccbe4 100644 --- a/p2p/tmconn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -1,4 +1,4 @@ -package tmconn +package conn import ( "net" diff --git a/p2p/tmconn/secret_connection.go b/p2p/conn/secret_connection.go similarity index 99% rename from p2p/tmconn/secret_connection.go rename to p2p/conn/secret_connection.go index e1a3e0506..aa6db05bb 100644 --- a/p2p/tmconn/secret_connection.go +++ b/p2p/conn/secret_connection.go @@ -4,7 +4,7 @@ // is known ahead of time, and thus we are technically // still vulnerable to MITM. (TODO!) // See docs/sts-final.pdf for more info -package tmconn +package conn import ( "bytes" diff --git a/p2p/tmconn/secret_connection_test.go b/p2p/conn/secret_connection_test.go similarity index 99% rename from p2p/tmconn/secret_connection_test.go rename to p2p/conn/secret_connection_test.go index 5ef2c410e..8af9cdeb5 100644 --- a/p2p/tmconn/secret_connection_test.go +++ b/p2p/conn/secret_connection_test.go @@ -1,4 +1,4 @@ -package tmconn +package conn import ( "io" diff --git a/p2p/types/errors.go b/p2p/errors.go similarity index 96% rename from p2p/types/errors.go rename to p2p/errors.go index ead2a8334..cb6a7051a 100644 --- a/p2p/types/errors.go +++ b/p2p/errors.go @@ -1,4 +1,4 @@ -package types +package p2p import ( "errors" diff --git a/p2p/types/key.go b/p2p/key.go similarity index 99% rename from p2p/types/key.go rename to p2p/key.go index 4ce5ee500..ea0f0b071 100644 --- a/p2p/types/key.go +++ b/p2p/key.go @@ -1,4 +1,4 @@ -package types +package p2p import ( "bytes" diff --git a/p2p/types/key_test.go b/p2p/key_test.go similarity index 98% rename from p2p/types/key_test.go rename to p2p/key_test.go index f18fb3b92..c2e1f3e0e 100644 --- a/p2p/types/key_test.go +++ b/p2p/key_test.go @@ -1,4 +1,4 @@ -package types +package p2p import ( "bytes" diff --git a/p2p/listener.go b/p2p/listener.go index 01d718330..884c45ee8 100644 --- a/p2p/listener.go +++ b/p2p/listener.go @@ -6,7 +6,6 @@ import ( "strconv" "time" - "github.com/tendermint/tendermint/p2p/types" "github.com/tendermint/tendermint/p2p/upnp" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" @@ -14,8 +13,8 @@ import ( type Listener interface { Connections() <-chan net.Conn - InternalAddress() *types.NetAddress - ExternalAddress() *types.NetAddress + InternalAddress() *NetAddress + ExternalAddress() *NetAddress String() string Stop() error } @@ -25,8 +24,8 @@ type DefaultListener struct { cmn.BaseService listener net.Listener - intAddr *types.NetAddress - extAddr *types.NetAddress + intAddr *NetAddress + extAddr *NetAddress connections chan net.Conn } @@ -72,14 +71,14 @@ func NewDefaultListener(protocol string, lAddr string, skipUPNP bool, logger log logger.Info("Local listener", "ip", listenerIP, "port", listenerPort) // Determine internal address... - var intAddr *types.NetAddress - intAddr, err = types.NewNetAddressString(lAddr) + var intAddr *NetAddress + intAddr, err = NewNetAddressString(lAddr) if err != nil { panic(err) } // Determine external address... - var extAddr *types.NetAddress + var extAddr *NetAddress if !skipUPNP { // If the lAddrIP is INADDR_ANY, try UPnP if lAddrIP == "" || lAddrIP == "0.0.0.0" { @@ -152,11 +151,11 @@ func (l *DefaultListener) Connections() <-chan net.Conn { return l.connections } -func (l *DefaultListener) InternalAddress() *types.NetAddress { +func (l *DefaultListener) InternalAddress() *NetAddress { return l.intAddr } -func (l *DefaultListener) ExternalAddress() *types.NetAddress { +func (l *DefaultListener) ExternalAddress() *NetAddress { return l.extAddr } @@ -173,7 +172,7 @@ func (l *DefaultListener) String() string { /* external address helpers */ // UPNP external address discovery & port mapping -func getUPNPExternalAddress(externalPort, internalPort int, logger log.Logger) *types.NetAddress { +func getUPNPExternalAddress(externalPort, internalPort int, logger log.Logger) *NetAddress { logger.Info("Getting UPNP external address") nat, err := upnp.Discover() if err != nil { @@ -199,11 +198,11 @@ func getUPNPExternalAddress(externalPort, internalPort int, logger log.Logger) * } logger.Info("Got UPNP external address", "address", ext) - return types.NewNetAddressIPPort(ext, uint16(externalPort)) + return NewNetAddressIPPort(ext, uint16(externalPort)) } // TODO: use syscalls: see issue #712 -func getNaiveExternalAddress(port int, settleForLocal bool, logger log.Logger) *types.NetAddress { +func getNaiveExternalAddress(port int, settleForLocal bool, logger log.Logger) *NetAddress { addrs, err := net.InterfaceAddrs() if err != nil { panic(cmn.Fmt("Could not fetch interface addresses: %v", err)) @@ -218,7 +217,7 @@ func getNaiveExternalAddress(port int, settleForLocal bool, logger log.Logger) * if v4 == nil || (!settleForLocal && v4[0] == 127) { continue } // loopback - return types.NewNetAddressIPPort(ipnet.IP, uint16(port)) + return NewNetAddressIPPort(ipnet.IP, uint16(port)) } // try again, but settle for local diff --git a/p2p/types/netaddress.go b/p2p/netaddress.go similarity index 99% rename from p2p/types/netaddress.go rename to p2p/netaddress.go index f0b397e8e..333d16e5d 100644 --- a/p2p/types/netaddress.go +++ b/p2p/netaddress.go @@ -2,7 +2,7 @@ // Originally Copyright (c) 2013-2014 Conformal Systems LLC. // https://github.com/conformal/btcd/blob/master/LICENSE -package types +package p2p import ( "encoding/hex" diff --git a/p2p/types/netaddress_test.go b/p2p/netaddress_test.go similarity index 99% rename from p2p/types/netaddress_test.go rename to p2p/netaddress_test.go index 0119cc3b1..6c1930a2f 100644 --- a/p2p/types/netaddress_test.go +++ b/p2p/netaddress_test.go @@ -1,4 +1,4 @@ -package types +package p2p import ( "net" diff --git a/p2p/types/node_info.go b/p2p/node_info.go similarity index 99% rename from p2p/types/node_info.go rename to p2p/node_info.go index 10c486852..552c464d9 100644 --- a/p2p/types/node_info.go +++ b/p2p/node_info.go @@ -1,4 +1,4 @@ -package types +package p2p import ( "fmt" diff --git a/p2p/peer.go b/p2p/peer.go index 17c5861f6..60f9dceba 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -12,18 +12,17 @@ import ( cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" - "github.com/tendermint/tendermint/p2p/tmconn" - "github.com/tendermint/tendermint/p2p/types" + tmconn "github.com/tendermint/tendermint/p2p/conn" ) // Peer is an interface representing a peer connected on a reactor. type Peer interface { cmn.Service - ID() types.ID // peer's cryptographic ID - IsOutbound() bool // did we dial the peer - IsPersistent() bool // do we redial this peer when we disconnect - NodeInfo() types.NodeInfo // peer's info + ID() ID // peer's cryptographic ID + IsOutbound() bool // did we dial the peer + IsPersistent() bool // do we redial this peer when we disconnect + NodeInfo() NodeInfo // peer's info Status() tmconn.ConnectionStatus Send(byte, interface{}) bool @@ -49,7 +48,7 @@ type peer struct { persistent bool config *PeerConfig - nodeInfo types.NodeInfo + nodeInfo NodeInfo Data *cmn.CMap // User data. } @@ -79,7 +78,7 @@ func DefaultPeerConfig() *PeerConfig { } } -func newOutboundPeer(addr *types.NetAddress, reactorsByCh map[byte]Reactor, chDescs []*tmconn.ChannelDescriptor, +func newOutboundPeer(addr *NetAddress, reactorsByCh map[byte]Reactor, chDescs []*tmconn.ChannelDescriptor, onPeerError func(Peer, interface{}), ourNodePrivKey crypto.PrivKey, config *PeerConfig, persistent bool) (*peer, error) { conn, err := dial(addr, config) @@ -174,8 +173,8 @@ func (p *peer) OnStop() { // Implements Peer // ID returns the peer's ID - the hex encoded hash of its pubkey. -func (p *peer) ID() types.ID { - return types.PubKeyToID(p.PubKey()) +func (p *peer) ID() ID { + return PubKeyToID(p.PubKey()) } // IsOutbound returns true if the connection is outbound, false otherwise. @@ -189,7 +188,7 @@ func (p *peer) IsPersistent() bool { } // NodeInfo returns a copy of the peer's NodeInfo. -func (p *peer) NodeInfo() types.NodeInfo { +func (p *peer) NodeInfo() NodeInfo { return p.nodeInfo } @@ -239,13 +238,13 @@ func (p *peer) CloseConn() { // HandshakeTimeout performs the Tendermint P2P handshake between a given node and the peer // by exchanging their NodeInfo. It sets the received nodeInfo on the peer. // NOTE: blocking -func (p *peer) HandshakeTimeout(ourNodeInfo types.NodeInfo, timeout time.Duration) error { +func (p *peer) HandshakeTimeout(ourNodeInfo NodeInfo, timeout time.Duration) error { // Set deadline for handshake so we don't block forever on conn.ReadFull if err := p.conn.SetDeadline(time.Now().Add(timeout)); err != nil { return errors.Wrap(err, "Error setting deadline") } - var peerNodeInfo types.NodeInfo + var peerNodeInfo NodeInfo var err1 error var err2 error cmn.Parallel( @@ -255,7 +254,7 @@ func (p *peer) HandshakeTimeout(ourNodeInfo types.NodeInfo, timeout time.Duratio }, func() { var n int - wire.ReadBinary(&peerNodeInfo, p.conn, types.MaxNodeInfoSize(), &n, &err2) + wire.ReadBinary(&peerNodeInfo, p.conn, MaxNodeInfoSize(), &n, &err2) p.Logger.Info("Peer handshake", "peerNodeInfo", peerNodeInfo) }) if err1 != nil { @@ -311,7 +310,7 @@ func (p *peer) String() string { //------------------------------------------------------------------ // helper funcs -func dial(addr *types.NetAddress, config *PeerConfig) (net.Conn, error) { +func dial(addr *NetAddress, config *PeerConfig) (net.Conn, error) { conn, err := addr.DialTimeout(config.DialTimeout * time.Second) if err != nil { return nil, err diff --git a/p2p/peer_set.go b/p2p/peer_set.go index 7a0680cb7..dc53174a1 100644 --- a/p2p/peer_set.go +++ b/p2p/peer_set.go @@ -2,14 +2,12 @@ package p2p import ( "sync" - - "github.com/tendermint/tendermint/p2p/types" ) // IPeerSet has a (immutable) subset of the methods of PeerSet. type IPeerSet interface { - Has(key types.ID) bool - Get(key types.ID) Peer + Has(key ID) bool + Get(key ID) Peer List() []Peer Size() int } @@ -20,7 +18,7 @@ type IPeerSet interface { // Iteration over the peers is super fast and thread-safe. type PeerSet struct { mtx sync.Mutex - lookup map[types.ID]*peerSetItem + lookup map[ID]*peerSetItem list []Peer } @@ -32,7 +30,7 @@ type peerSetItem struct { // NewPeerSet creates a new peerSet with a list of initial capacity of 256 items. func NewPeerSet() *PeerSet { return &PeerSet{ - lookup: make(map[types.ID]*peerSetItem), + lookup: make(map[ID]*peerSetItem), list: make([]Peer, 0, 256), } } @@ -43,7 +41,7 @@ func (ps *PeerSet) Add(peer Peer) error { ps.mtx.Lock() defer ps.mtx.Unlock() if ps.lookup[peer.ID()] != nil { - return types.ErrSwitchDuplicatePeer + return ErrSwitchDuplicatePeer } index := len(ps.list) @@ -56,7 +54,7 @@ func (ps *PeerSet) Add(peer Peer) error { // Has returns true iff the PeerSet contains // the peer referred to by this peerKey. -func (ps *PeerSet) Has(peerKey types.ID) bool { +func (ps *PeerSet) Has(peerKey ID) bool { ps.mtx.Lock() _, ok := ps.lookup[peerKey] ps.mtx.Unlock() @@ -64,7 +62,7 @@ func (ps *PeerSet) Has(peerKey types.ID) bool { } // Get looks up a peer by the provided peerKey. -func (ps *PeerSet) Get(peerKey types.ID) Peer { +func (ps *PeerSet) Get(peerKey ID) Peer { ps.mtx.Lock() defer ps.mtx.Unlock() item, ok := ps.lookup[peerKey] diff --git a/p2p/peer_set_test.go b/p2p/peer_set_test.go index 7d7ed1062..e906eb8e7 100644 --- a/p2p/peer_set_test.go +++ b/p2p/peer_set_test.go @@ -8,14 +8,13 @@ import ( "github.com/stretchr/testify/assert" crypto "github.com/tendermint/go-crypto" - "github.com/tendermint/tendermint/p2p/types" cmn "github.com/tendermint/tmlibs/common" ) // Returns an empty dummy peer func randPeer() *peer { return &peer{ - nodeInfo: types.NodeInfo{ + nodeInfo: NodeInfo{ ListenAddr: cmn.Fmt("%v.%v.%v.%v:46656", rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256), PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, @@ -120,7 +119,7 @@ func TestPeerSetAddDuplicate(t *testing.T) { // Our next procedure is to ensure that only one addition // succeeded and that the rest are each ErrSwitchDuplicatePeer. - wantErrCount, gotErrCount := n-1, errsTally[types.ErrSwitchDuplicatePeer] + wantErrCount, gotErrCount := n-1, errsTally[ErrSwitchDuplicatePeer] assert.Equal(t, wantErrCount, gotErrCount, "invalid ErrSwitchDuplicatePeer count") wantNilErrCount, gotNilErrCount := 1, errsTally[nil] diff --git a/p2p/peer_test.go b/p2p/peer_test.go index dc13cf9d6..978775c8e 100644 --- a/p2p/peer_test.go +++ b/p2p/peer_test.go @@ -10,8 +10,7 @@ import ( "github.com/stretchr/testify/require" crypto "github.com/tendermint/go-crypto" - "github.com/tendermint/tendermint/p2p/tmconn" - "github.com/tendermint/tendermint/p2p/types" + tmconn "github.com/tendermint/tendermint/p2p/conn" ) func TestPeerBasic(t *testing.T) { @@ -82,7 +81,7 @@ func TestPeerSend(t *testing.T) { assert.True(p.Send(0x01, "Asylum")) } -func createOutboundPeerAndPerformHandshake(addr *types.NetAddress, config *PeerConfig) (*peer, error) { +func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) (*peer, error) { chDescs := []*tmconn.ChannelDescriptor{ {ID: 0x01, Priority: 1}, } @@ -92,7 +91,7 @@ func createOutboundPeerAndPerformHandshake(addr *types.NetAddress, config *PeerC if err != nil { return nil, err } - err = p.HandshakeTimeout(types.NodeInfo{ + err = p.HandshakeTimeout(NodeInfo{ PubKey: pk.PubKey(), Moniker: "host_peer", Network: "testing", @@ -107,11 +106,11 @@ func createOutboundPeerAndPerformHandshake(addr *types.NetAddress, config *PeerC type remotePeer struct { PrivKey crypto.PrivKey Config *PeerConfig - addr *types.NetAddress + addr *NetAddress quit chan struct{} } -func (p *remotePeer) Addr() *types.NetAddress { +func (p *remotePeer) Addr() *NetAddress { return p.addr } @@ -124,7 +123,7 @@ func (p *remotePeer) Start() { if e != nil { golog.Fatalf("net.Listen tcp :0: %+v", e) } - p.addr = types.NewNetAddress("", l.Addr()) + p.addr = NewNetAddress("", l.Addr()) p.quit = make(chan struct{}) go p.accept(l) } @@ -143,7 +142,7 @@ func (p *remotePeer) accept(l net.Listener) { if err != nil { golog.Fatalf("Failed to create a peer: %+v", err) } - err = peer.HandshakeTimeout(types.NodeInfo{ + err = peer.HandshakeTimeout(NodeInfo{ PubKey: p.PrivKey.PubKey(), Moniker: "remote_peer", Network: "testing", diff --git a/p2p/pex/addrbook.go b/p2p/pex/addrbook.go index 93f352117..b7f60682d 100644 --- a/p2p/pex/addrbook.go +++ b/p2p/pex/addrbook.go @@ -15,9 +15,8 @@ import ( "time" crypto "github.com/tendermint/go-crypto" + "github.com/tendermint/tendermint/p2p" cmn "github.com/tendermint/tmlibs/common" - - "github.com/tendermint/tendermint/p2p/types" ) const ( @@ -32,25 +31,25 @@ type AddrBook interface { cmn.Service // Add our own addresses so we don't later add ourselves - AddOurAddress(*types.NetAddress) + AddOurAddress(*p2p.NetAddress) // Add and remove an address - AddAddress(addr *types.NetAddress, src *types.NetAddress) error - RemoveAddress(addr *types.NetAddress) + AddAddress(addr *p2p.NetAddress, src *p2p.NetAddress) error + RemoveAddress(addr *p2p.NetAddress) // Do we need more peers? NeedMoreAddrs() bool // Pick an address to dial - PickAddress(newBias int) *types.NetAddress + PickAddress(newBias int) *p2p.NetAddress // Mark address - MarkGood(*types.NetAddress) - MarkAttempt(*types.NetAddress) - MarkBad(*types.NetAddress) + MarkGood(*p2p.NetAddress) + MarkAttempt(*p2p.NetAddress) + MarkBad(*p2p.NetAddress) // Send a selection of addresses to peers - GetSelection() []*types.NetAddress + GetSelection() []*p2p.NetAddress // TODO: remove ListOfKnownAddresses() []*knownAddress @@ -71,8 +70,8 @@ type addrBook struct { // accessed concurrently mtx sync.Mutex rand *rand.Rand - ourAddrs map[string]*types.NetAddress - addrLookup map[types.ID]*knownAddress // new & old + ourAddrs map[string]*p2p.NetAddress + addrLookup map[p2p.ID]*knownAddress // new & old bucketsOld []map[string]*knownAddress bucketsNew []map[string]*knownAddress nOld int @@ -86,8 +85,8 @@ type addrBook struct { func NewAddrBook(filePath string, routabilityStrict bool) *addrBook { am := &addrBook{ rand: rand.New(rand.NewSource(time.Now().UnixNano())), // TODO: seed from outside - ourAddrs: make(map[string]*types.NetAddress), - addrLookup: make(map[types.ID]*knownAddress), + ourAddrs: make(map[string]*p2p.NetAddress), + addrLookup: make(map[p2p.ID]*knownAddress), filePath: filePath, routabilityStrict: routabilityStrict, } @@ -139,7 +138,7 @@ func (a *addrBook) Wait() { //------------------------------------------------------- // AddOurAddress one of our addresses. -func (a *addrBook) AddOurAddress(addr *types.NetAddress) { +func (a *addrBook) AddOurAddress(addr *p2p.NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() a.Logger.Info("Add our address to book", "addr", addr) @@ -148,14 +147,14 @@ func (a *addrBook) AddOurAddress(addr *types.NetAddress) { // AddAddress implements AddrBook - adds the given address as received from the given source. // NOTE: addr must not be nil -func (a *addrBook) AddAddress(addr *types.NetAddress, src *types.NetAddress) error { +func (a *addrBook) AddAddress(addr *p2p.NetAddress, src *p2p.NetAddress) error { a.mtx.Lock() defer a.mtx.Unlock() return a.addAddress(addr, src) } // RemoveAddress implements AddrBook - removes the address from the book. -func (a *addrBook) RemoveAddress(addr *types.NetAddress) { +func (a *addrBook) RemoveAddress(addr *p2p.NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() ka := a.addrLookup[addr.ID] @@ -177,7 +176,7 @@ func (a *addrBook) NeedMoreAddrs() bool { // and determines how biased we are to pick an address from a new bucket. // PickAddress returns nil if the AddrBook is empty or if we try to pick // from an empty bucket. -func (a *addrBook) PickAddress(newBias int) *types.NetAddress { +func (a *addrBook) PickAddress(newBias int) *p2p.NetAddress { a.mtx.Lock() defer a.mtx.Unlock() @@ -223,7 +222,7 @@ func (a *addrBook) PickAddress(newBias int) *types.NetAddress { // MarkGood implements AddrBook - it marks the peer as good and // moves it into an "old" bucket. -func (a *addrBook) MarkGood(addr *types.NetAddress) { +func (a *addrBook) MarkGood(addr *p2p.NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() ka := a.addrLookup[addr.ID] @@ -237,7 +236,7 @@ func (a *addrBook) MarkGood(addr *types.NetAddress) { } // MarkAttempt implements AddrBook - it marks that an attempt was made to connect to the address. -func (a *addrBook) MarkAttempt(addr *types.NetAddress) { +func (a *addrBook) MarkAttempt(addr *p2p.NetAddress) { a.mtx.Lock() defer a.mtx.Unlock() ka := a.addrLookup[addr.ID] @@ -249,13 +248,13 @@ func (a *addrBook) MarkAttempt(addr *types.NetAddress) { // MarkBad implements AddrBook. Currently it just ejects the address. // TODO: black list for some amount of time -func (a *addrBook) MarkBad(addr *types.NetAddress) { +func (a *addrBook) MarkBad(addr *p2p.NetAddress) { a.RemoveAddress(addr) } // GetSelection implements AddrBook. // It randomly selects some addresses (old & new). Suitable for peer-exchange protocols. -func (a *addrBook) GetSelection() []*types.NetAddress { +func (a *addrBook) GetSelection() []*p2p.NetAddress { a.mtx.Lock() defer a.mtx.Unlock() @@ -263,7 +262,7 @@ func (a *addrBook) GetSelection() []*types.NetAddress { return nil } - allAddr := make([]*types.NetAddress, a.size()) + allAddr := make([]*p2p.NetAddress, a.size()) i := 0 for _, ka := range a.addrLookup { allAddr[i] = ka.Addr @@ -466,7 +465,7 @@ func (a *addrBook) pickOldest(bucketType byte, bucketIdx int) *knownAddress { // adds the address to a "new" bucket. if its already in one, // it only adds it probabilistically -func (a *addrBook) addAddress(addr, src *types.NetAddress) error { +func (a *addrBook) addAddress(addr, src *p2p.NetAddress) error { if a.routabilityStrict && !addr.Routable() { return fmt.Errorf("Cannot add non-routable address %v", addr) } @@ -573,7 +572,7 @@ func (a *addrBook) moveToOld(ka *knownAddress) { // doublesha256( key + sourcegroup + // int64(doublesha256(key + group + sourcegroup))%bucket_per_group ) % num_new_buckets -func (a *addrBook) calcNewBucket(addr, src *types.NetAddress) int { +func (a *addrBook) calcNewBucket(addr, src *p2p.NetAddress) int { data1 := []byte{} data1 = append(data1, []byte(a.key)...) data1 = append(data1, []byte(a.groupKey(addr))...) @@ -594,7 +593,7 @@ func (a *addrBook) calcNewBucket(addr, src *types.NetAddress) int { // doublesha256( key + group + // int64(doublesha256(key + addr))%buckets_per_group ) % num_old_buckets -func (a *addrBook) calcOldBucket(addr *types.NetAddress) int { +func (a *addrBook) calcOldBucket(addr *p2p.NetAddress) int { data1 := []byte{} data1 = append(data1, []byte(a.key)...) data1 = append(data1, []byte(addr.String())...) @@ -616,7 +615,7 @@ func (a *addrBook) calcOldBucket(addr *types.NetAddress) int { // This is the /16 for IPv4, the /32 (/36 for he.net) for IPv6, the string // "local" for a local address and the string "unroutable" for an unroutable // address. -func (a *addrBook) groupKey(na *types.NetAddress) string { +func (a *addrBook) groupKey(na *p2p.NetAddress) string { if a.routabilityStrict && na.Local() { return "local" } diff --git a/p2p/pex/addrbook_test.go b/p2p/pex/addrbook_test.go index 206e3401f..166d31847 100644 --- a/p2p/pex/addrbook_test.go +++ b/p2p/pex/addrbook_test.go @@ -8,7 +8,7 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/tendermint/tendermint/p2p/types" + "github.com/tendermint/tendermint/p2p" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" ) @@ -169,8 +169,8 @@ func TestAddrBookHandlesDuplicates(t *testing.T) { } type netAddressPair struct { - addr *types.NetAddress - src *types.NetAddress + addr *p2p.NetAddress + src *p2p.NetAddress } func randNetAddressPairs(t *testing.T, n int) []netAddressPair { @@ -181,7 +181,7 @@ func randNetAddressPairs(t *testing.T, n int) []netAddressPair { return randAddrs } -func randIPv4Address(t *testing.T) *types.NetAddress { +func randIPv4Address(t *testing.T) *p2p.NetAddress { for { ip := fmt.Sprintf("%v.%v.%v.%v", rand.Intn(254)+1, @@ -190,9 +190,9 @@ func randIPv4Address(t *testing.T) *types.NetAddress { rand.Intn(255), ) port := rand.Intn(65535-1) + 1 - id := types.ID(hex.EncodeToString(cmn.RandBytes(types.IDByteLength))) - idAddr := types.IDAddressString(id, fmt.Sprintf("%v:%v", ip, port)) - addr, err := types.NewNetAddressString(idAddr) + id := p2p.ID(hex.EncodeToString(cmn.RandBytes(p2p.IDByteLength))) + idAddr := p2p.IDAddressString(id, fmt.Sprintf("%v:%v", ip, port)) + addr, err := p2p.NewNetAddressString(idAddr) assert.Nil(t, err, "error generating rand network address") if addr.Routable() { return addr diff --git a/p2p/pex/known_address.go b/p2p/pex/known_address.go index db6d021f2..e26fdb7bd 100644 --- a/p2p/pex/known_address.go +++ b/p2p/pex/known_address.go @@ -3,14 +3,14 @@ package pex import ( "time" - "github.com/tendermint/tendermint/p2p/types" + "github.com/tendermint/tendermint/p2p" ) // knownAddress tracks information about a known network address // that is used to determine how viable an address is. type knownAddress struct { - Addr *types.NetAddress - Src *types.NetAddress + Addr *p2p.NetAddress + Src *p2p.NetAddress Attempts int32 LastAttempt time.Time LastSuccess time.Time @@ -18,7 +18,7 @@ type knownAddress struct { Buckets []int } -func newKnownAddress(addr *types.NetAddress, src *types.NetAddress) *knownAddress { +func newKnownAddress(addr *p2p.NetAddress, src *p2p.NetAddress) *knownAddress { return &knownAddress{ Addr: addr, Src: src, @@ -29,7 +29,7 @@ func newKnownAddress(addr *types.NetAddress, src *types.NetAddress) *knownAddres } } -func (ka *knownAddress) ID() types.ID { +func (ka *knownAddress) ID() p2p.ID { return ka.Addr.ID } diff --git a/p2p/pex/pex_reactor.go b/p2p/pex/pex_reactor.go index 24c9417f7..53075a1d6 100644 --- a/p2p/pex/pex_reactor.go +++ b/p2p/pex/pex_reactor.go @@ -13,8 +13,7 @@ import ( cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tendermint/p2p" - "github.com/tendermint/tendermint/p2p/tmconn" - "github.com/tendermint/tendermint/p2p/types" + "github.com/tendermint/tendermint/p2p/conn" ) type Peer = p2p.Peer @@ -117,8 +116,8 @@ func (r *PEXReactor) OnStop() { } // GetChannels implements Reactor -func (r *PEXReactor) GetChannels() []*tmconn.ChannelDescriptor { - return []*tmconn.ChannelDescriptor{ +func (r *PEXReactor) GetChannels() []*conn.ChannelDescriptor { + return []*conn.ChannelDescriptor{ { ID: PexChannel, Priority: 1, @@ -231,7 +230,7 @@ func (r *PEXReactor) RequestAddrs(p Peer) { // ReceiveAddrs adds the given addrs to the addrbook if theres an open // request for this peer and deletes the open request. // If there's no open request for the src peer, it returns an error. -func (r *PEXReactor) ReceiveAddrs(addrs []*types.NetAddress, src Peer) error { +func (r *PEXReactor) ReceiveAddrs(addrs []*p2p.NetAddress, src Peer) error { id := string(src.ID()) if !r.requestsSent.Has(id) { @@ -250,7 +249,7 @@ func (r *PEXReactor) ReceiveAddrs(addrs []*types.NetAddress, src Peer) error { } // SendAddrs sends addrs to the peer. -func (r *PEXReactor) SendAddrs(p Peer, netAddrs []*types.NetAddress) { +func (r *PEXReactor) SendAddrs(p Peer, netAddrs []*p2p.NetAddress) { p.Send(PexChannel, struct{ PexMessage }{&pexAddrsMessage{Addrs: netAddrs}}) } @@ -300,7 +299,7 @@ func (r *PEXReactor) ensurePeers() { // NOTE: range here is [10, 90]. Too high ? newBias := cmn.MinInt(numOutPeers, 8)*10 + 10 - toDial := make(map[types.ID]*types.NetAddress) + toDial := make(map[p2p.ID]*p2p.NetAddress) // Try maxAttempts times to pick numToDial addresses to dial maxAttempts := numToDial * 3 for i := 0; i < maxAttempts && len(toDial) < numToDial; i++ { @@ -323,11 +322,11 @@ func (r *PEXReactor) ensurePeers() { // Dial picked addresses for _, item := range toDial { - go func(picked *types.NetAddress) { + go func(picked *p2p.NetAddress) { _, err := r.Switch.DialPeerWithAddress(picked, false) if err != nil { // TODO: detect more "bad peer" scenarios - if _, ok := err.(types.ErrSwitchAuthenticationFailure); ok { + if _, ok := err.(p2p.ErrSwitchAuthenticationFailure); ok { r.book.MarkBad(picked) } else { r.book.MarkAttempt(picked) @@ -360,7 +359,7 @@ func (r *PEXReactor) checkSeeds() error { if lSeeds == 0 { return nil } - _, errs := types.NewNetAddressStrings(r.config.Seeds) + _, errs := p2p.NewNetAddressStrings(r.config.Seeds) for _, err := range errs { if err != nil { return err @@ -375,7 +374,7 @@ func (r *PEXReactor) dialSeeds() { if lSeeds == 0 { return } - seedAddrs, _ := types.NewNetAddressStrings(r.config.Seeds) + seedAddrs, _ := p2p.NewNetAddressStrings(r.config.Seeds) perm := rand.Perm(lSeeds) // perm := r.Switch.rng.Perm(lSeeds) @@ -420,7 +419,7 @@ func (r *PEXReactor) crawlPeersRoutine() { // network crawling performed during seed/crawler mode. type crawlPeerInfo struct { // The listening address of a potential peer we learned about - Addr *types.NetAddress + Addr *p2p.NetAddress // The last time we attempt to reach this address LastAttempt time.Time @@ -544,7 +543,7 @@ func (m *pexRequestMessage) String() string { A message with announced peer addresses. */ type pexAddrsMessage struct { - Addrs []*types.NetAddress + Addrs []*p2p.NetAddress } func (m *pexAddrsMessage) String() string { diff --git a/p2p/pex/pex_reactor_test.go b/p2p/pex/pex_reactor_test.go index 439914ac8..c52e45b47 100644 --- a/p2p/pex/pex_reactor_test.go +++ b/p2p/pex/pex_reactor_test.go @@ -17,8 +17,7 @@ import ( cfg "github.com/tendermint/tendermint/config" "github.com/tendermint/tendermint/p2p" - "github.com/tendermint/tendermint/p2p/tmconn" - "github.com/tendermint/tendermint/p2p/types" + "github.com/tendermint/tendermint/p2p/conn" ) var ( @@ -101,7 +100,7 @@ func TestPEXReactorRunning(t *testing.T) { // fill the address book and add listeners for _, s := range switches { - addr, _ := types.NewNetAddressString(s.NodeInfo().ListenAddr) + addr, _ := p2p.NewNetAddressString(s.NodeInfo().ListenAddr) book.AddAddress(addr, addr) s.AddListener(p2p.NewDefaultListener("tcp", s.NodeInfo().ListenAddr, true, log.TestingLogger())) } @@ -171,7 +170,7 @@ func TestPEXReactorReceive(t *testing.T) { r.RequestAddrs(peer) size := book.Size() - addrs := []*types.NetAddress{peer.NodeInfo().NetAddress()} + addrs := []*p2p.NetAddress{peer.NodeInfo().NetAddress()} msg := wire.BinaryBytes(struct{ PexMessage }{&pexAddrsMessage{Addrs: addrs}}) r.Receive(PexChannel, peer, msg) assert.Equal(size+1, book.Size()) @@ -246,7 +245,7 @@ func TestPEXReactorAddrsMessageAbuse(t *testing.T) { assert.True(r.requestsSent.Has(id)) assert.True(sw.Peers().Has(peer.ID())) - addrs := []*types.NetAddress{peer.NodeInfo().NetAddress()} + addrs := []*p2p.NetAddress{peer.NodeInfo().NetAddress()} msg := wire.BinaryBytes(struct{ PexMessage }{&pexAddrsMessage{Addrs: addrs}}) // receive some addrs. should clear the request @@ -340,7 +339,7 @@ func TestPEXReactorCrawlStatus(t *testing.T) { type mockPeer struct { *cmn.BaseService pubKey crypto.PubKey - addr *types.NetAddress + addr *p2p.NetAddress outbound, persistent bool } @@ -355,17 +354,17 @@ func newMockPeer() mockPeer { return mp } -func (mp mockPeer) ID() types.ID { return types.PubKeyToID(mp.pubKey) } +func (mp mockPeer) ID() p2p.ID { return p2p.PubKeyToID(mp.pubKey) } func (mp mockPeer) IsOutbound() bool { return mp.outbound } func (mp mockPeer) IsPersistent() bool { return mp.persistent } -func (mp mockPeer) NodeInfo() types.NodeInfo { - return types.NodeInfo{ +func (mp mockPeer) NodeInfo() p2p.NodeInfo { + return p2p.NodeInfo{ PubKey: mp.pubKey, ListenAddr: mp.addr.DialString(), } } -func (mp mockPeer) Status() tmconn.ConnectionStatus { return tmconn.ConnectionStatus{} } -func (mp mockPeer) Send(byte, interface{}) bool { return false } -func (mp mockPeer) TrySend(byte, interface{}) bool { return false } -func (mp mockPeer) Set(string, interface{}) {} -func (mp mockPeer) Get(string) interface{} { return nil } +func (mp mockPeer) Status() conn.ConnectionStatus { return conn.ConnectionStatus{} } +func (mp mockPeer) Send(byte, interface{}) bool { return false } +func (mp mockPeer) TrySend(byte, interface{}) bool { return false } +func (mp mockPeer) Set(string, interface{}) {} +func (mp mockPeer) Get(string) interface{} { return nil } diff --git a/p2p/switch.go b/p2p/switch.go index c9938374c..f29d1b273 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -11,8 +11,7 @@ import ( crypto "github.com/tendermint/go-crypto" cfg "github.com/tendermint/tendermint/config" - "github.com/tendermint/tendermint/p2p/tmconn" - "github.com/tendermint/tendermint/p2p/types" + "github.com/tendermint/tendermint/p2p/conn" cmn "github.com/tendermint/tmlibs/common" ) @@ -35,7 +34,7 @@ const ( //----------------------------------------------------------------------------- type AddrBook interface { - AddAddress(addr *types.NetAddress, src *types.NetAddress) error + AddAddress(addr *NetAddress, src *NetAddress) error } //----------------------------------------------------------------------------- @@ -51,12 +50,12 @@ type Switch struct { peerConfig *PeerConfig listeners []Listener reactors map[string]Reactor - chDescs []*tmconn.ChannelDescriptor + chDescs []*conn.ChannelDescriptor reactorsByCh map[byte]Reactor peers *PeerSet dialing *cmn.CMap - nodeInfo types.NodeInfo // our node info - nodeKey *types.NodeKey // our node privkey + nodeInfo NodeInfo // our node info + nodeKey *NodeKey // our node privkey filterConnByAddr func(net.Addr) error filterConnByPubKey func(crypto.PubKey) error @@ -69,7 +68,7 @@ func NewSwitch(config *cfg.P2PConfig) *Switch { config: config, peerConfig: DefaultPeerConfig(), reactors: make(map[string]Reactor), - chDescs: make([]*tmconn.ChannelDescriptor, 0), + chDescs: make([]*conn.ChannelDescriptor, 0), reactorsByCh: make(map[byte]Reactor), peers: NewPeerSet(), dialing: cmn.NewCMap(), @@ -143,19 +142,19 @@ func (sw *Switch) IsListening() bool { // SetNodeInfo sets the switch's NodeInfo for checking compatibility and handshaking with other nodes. // NOTE: Not goroutine safe. -func (sw *Switch) SetNodeInfo(nodeInfo types.NodeInfo) { +func (sw *Switch) SetNodeInfo(nodeInfo NodeInfo) { sw.nodeInfo = nodeInfo } // NodeInfo returns the switch's NodeInfo. // NOTE: Not goroutine safe. -func (sw *Switch) NodeInfo() types.NodeInfo { +func (sw *Switch) NodeInfo() NodeInfo { return sw.nodeInfo } // SetNodeKey sets the switch's private key for authenticated encryption. // NOTE: Not goroutine safe. -func (sw *Switch) SetNodeKey(nodeKey *types.NodeKey) { +func (sw *Switch) SetNodeKey(nodeKey *NodeKey) { sw.nodeKey = nodeKey } @@ -314,13 +313,13 @@ func (sw *Switch) reconnectToPeer(peer Peer) { // Dialing // IsDialing returns true if the switch is currently dialing the given ID. -func (sw *Switch) IsDialing(id types.ID) bool { +func (sw *Switch) IsDialing(id ID) bool { return sw.dialing.Has(string(id)) } // DialPeersAsync dials a list of peers asynchronously in random order (optionally, making them persistent). func (sw *Switch) DialPeersAsync(addrBook AddrBook, peers []string, persistent bool) error { - netAddrs, errs := types.NewNetAddressStrings(peers) + netAddrs, errs := NewNetAddressStrings(peers) for _, err := range errs { sw.Logger.Error("Error in peer's address", "err", err) } @@ -357,7 +356,7 @@ func (sw *Switch) DialPeersAsync(addrBook AddrBook, peers []string, persistent b // DialPeerWithAddress dials the given peer and runs sw.addPeer if it connects and authenticates successfully. // If `persistent == true`, the switch will always try to reconnect to this peer if the connection ever fails. -func (sw *Switch) DialPeerWithAddress(addr *types.NetAddress, persistent bool) (Peer, error) { +func (sw *Switch) DialPeerWithAddress(addr *NetAddress, persistent bool) (Peer, error) { sw.dialing.Set(string(addr.ID), addr) defer sw.dialing.Delete(string(addr.ID)) return sw.addOutboundPeerWithConfig(addr, sw.peerConfig, persistent) @@ -443,7 +442,7 @@ func (sw *Switch) addInboundPeerWithConfig(conn net.Conn, config *PeerConfig) er // dial the peer; make secret connection; authenticate against the dialed ID; // add the peer. -func (sw *Switch) addOutboundPeerWithConfig(addr *types.NetAddress, config *PeerConfig, persistent bool) (Peer, error) { +func (sw *Switch) addOutboundPeerWithConfig(addr *NetAddress, config *PeerConfig, persistent bool) (Peer, error) { sw.Logger.Info("Dialing peer", "address", addr) peer, err := newOutboundPeer(addr, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config, persistent) if err != nil { @@ -457,7 +456,7 @@ func (sw *Switch) addOutboundPeerWithConfig(addr *types.NetAddress, config *Peer peer.Logger.Info("Dialed peer with unknown ID - unable to authenticate", "addr", addr) } else if addr.ID != peer.ID() { peer.CloseConn() - return nil, types.ErrSwitchAuthenticationFailure{addr, peer.ID()} + return nil, ErrSwitchAuthenticationFailure{addr, peer.ID()} } err = sw.addPeer(peer) @@ -478,12 +477,12 @@ func (sw *Switch) addOutboundPeerWithConfig(addr *types.NetAddress, config *Peer func (sw *Switch) addPeer(peer *peer) error { // Avoid self if sw.nodeKey.ID() == peer.ID() { - return types.ErrSwitchConnectToSelf + return ErrSwitchConnectToSelf } // Avoid duplicate if sw.peers.Has(peer.ID()) { - return types.ErrSwitchDuplicatePeer + return ErrSwitchDuplicatePeer } diff --git a/p2p/switch_test.go b/p2p/switch_test.go index ae7e89e77..75f9640b1 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -16,8 +16,7 @@ import ( "github.com/tendermint/tmlibs/log" cfg "github.com/tendermint/tendermint/config" - "github.com/tendermint/tendermint/p2p/tmconn" - "github.com/tendermint/tendermint/p2p/types" + "github.com/tendermint/tendermint/p2p/conn" ) var ( @@ -30,7 +29,7 @@ func init() { } type PeerMessage struct { - PeerID types.ID + PeerID ID Bytes []byte Counter int } @@ -39,7 +38,7 @@ type TestReactor struct { BaseReactor mtx sync.Mutex - channels []*tmconn.ChannelDescriptor + channels []*conn.ChannelDescriptor peersAdded []Peer peersRemoved []Peer logMessages bool @@ -47,7 +46,7 @@ type TestReactor struct { msgsReceived map[byte][]PeerMessage } -func NewTestReactor(channels []*tmconn.ChannelDescriptor, logMessages bool) *TestReactor { +func NewTestReactor(channels []*conn.ChannelDescriptor, logMessages bool) *TestReactor { tr := &TestReactor{ channels: channels, logMessages: logMessages, @@ -58,7 +57,7 @@ func NewTestReactor(channels []*tmconn.ChannelDescriptor, logMessages bool) *Tes return tr } -func (tr *TestReactor) GetChannels() []*tmconn.ChannelDescriptor { +func (tr *TestReactor) GetChannels() []*conn.ChannelDescriptor { return tr.channels } @@ -102,11 +101,11 @@ func MakeSwitchPair(t testing.TB, initSwitch func(int, *Switch) *Switch) (*Switc func initSwitchFunc(i int, sw *Switch) *Switch { // Make two reactors of two channels each - sw.AddReactor("foo", NewTestReactor([]*tmconn.ChannelDescriptor{ + sw.AddReactor("foo", NewTestReactor([]*conn.ChannelDescriptor{ {ID: byte(0x00), Priority: 10}, {ID: byte(0x01), Priority: 10}, }, true)) - sw.AddReactor("bar", NewTestReactor([]*tmconn.ChannelDescriptor{ + sw.AddReactor("bar", NewTestReactor([]*conn.ChannelDescriptor{ {ID: byte(0x02), Priority: 10}, {ID: byte(0x03), Priority: 10}, }, true)) @@ -163,7 +162,7 @@ func TestConnAddrFilter(t *testing.T) { defer s1.Stop() defer s2.Stop() - c1, c2 := tmconn.NetPipe() + c1, c2 := conn.NetPipe() s1.SetAddrFilter(func(addr net.Addr) error { if addr.String() == c1.RemoteAddr().String() { @@ -199,7 +198,7 @@ func TestConnPubKeyFilter(t *testing.T) { defer s1.Stop() defer s2.Stop() - c1, c2 := tmconn.NetPipe() + c1, c2 := conn.NetPipe() // set pubkey filter s1.SetPubKeyFilter(func(pubkey crypto.PubKey) error { @@ -306,11 +305,11 @@ func BenchmarkSwitches(b *testing.B) { s1, s2 := MakeSwitchPair(b, func(i int, sw *Switch) *Switch { // Make bar reactors of bar channels each - sw.AddReactor("foo", NewTestReactor([]*tmconn.ChannelDescriptor{ + sw.AddReactor("foo", NewTestReactor([]*conn.ChannelDescriptor{ {ID: byte(0x00), Priority: 10}, {ID: byte(0x01), Priority: 10}, }, false)) - sw.AddReactor("bar", NewTestReactor([]*tmconn.ChannelDescriptor{ + sw.AddReactor("bar", NewTestReactor([]*conn.ChannelDescriptor{ {ID: byte(0x02), Priority: 10}, {ID: byte(0x03), Priority: 10}, }, false)) diff --git a/p2p/test_util.go b/p2p/test_util.go index aad6fb232..c4c0fe0b7 100644 --- a/p2p/test_util.go +++ b/p2p/test_util.go @@ -9,8 +9,7 @@ import ( "github.com/tendermint/tmlibs/log" cfg "github.com/tendermint/tendermint/config" - "github.com/tendermint/tendermint/p2p/tmconn" - "github.com/tendermint/tendermint/p2p/types" + "github.com/tendermint/tendermint/p2p/conn" ) func AddPeerToSwitch(sw *Switch, peer Peer) { @@ -20,22 +19,22 @@ func AddPeerToSwitch(sw *Switch, peer Peer) { func CreateRandomPeer(outbound bool) *peer { addr, netAddr := CreateRoutableAddr() p := &peer{ - nodeInfo: types.NodeInfo{ + nodeInfo: NodeInfo{ ListenAddr: netAddr.DialString(), PubKey: crypto.GenPrivKeyEd25519().Wrap().PubKey(), }, outbound: outbound, - mconn: &tmconn.MConnection{}, + mconn: &conn.MConnection{}, } p.SetLogger(log.TestingLogger().With("peer", addr)) return p } -func CreateRoutableAddr() (addr string, netAddr *types.NetAddress) { +func CreateRoutableAddr() (addr string, netAddr *NetAddress) { for { var err error addr = cmn.Fmt("%X@%v.%v.%v.%v:46656", cmn.RandBytes(20), rand.Int()%256, rand.Int()%256, rand.Int()%256, rand.Int()%256) - netAddr, err = types.NewNetAddressString(addr) + netAddr, err = NewNetAddressString(addr) if err != nil { panic(err) } @@ -78,7 +77,7 @@ func MakeConnectedSwitches(cfg *cfg.P2PConfig, n int, initSwitch func(int, *Swit func Connect2Switches(switches []*Switch, i, j int) { switchI := switches[i] switchJ := switches[j] - c1, c2 := tmconn.NetPipe() + c1, c2 := conn.NetPipe() doneCh := make(chan struct{}) go func() { err := switchI.addPeerWithConnection(c1) @@ -130,13 +129,13 @@ func StartSwitches(switches []*Switch) error { func MakeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch func(int, *Switch) *Switch) *Switch { // new switch, add reactors // TODO: let the config be passed in? - nodeKey := &types.NodeKey{ + nodeKey := &NodeKey{ PrivKey: crypto.GenPrivKeyEd25519().Wrap(), } s := NewSwitch(cfg) s.SetLogger(log.TestingLogger()) s = initSwitch(i, s) - s.SetNodeInfo(types.NodeInfo{ + s.SetNodeInfo(NodeInfo{ PubKey: nodeKey.PubKey(), Moniker: cmn.Fmt("switch%d", i), Network: network, diff --git a/p2p/types.go b/p2p/types.go index db7469ec0..b11765bb5 100644 --- a/p2p/types.go +++ b/p2p/types.go @@ -1,12 +1,8 @@ package p2p import ( - "github.com/tendermint/tendermint/p2p/tmconn" - "github.com/tendermint/tendermint/p2p/types" + "github.com/tendermint/tendermint/p2p/conn" ) -type ID = types.ID -type NodeInfo = types.NodeInfo - -type ChannelDescriptor = tmconn.ChannelDescriptor -type ConnectionStatus = tmconn.ConnectionStatus +type ChannelDescriptor = conn.ChannelDescriptor +type ConnectionStatus = conn.ConnectionStatus From 6366eb9d99e8539cd80d6b6cbaedb152658ab7b9 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Wed, 3 Jan 2018 10:46:43 +0100 Subject: [PATCH 096/188] Cleanup build and structure --- docs/.python-version | 1 + docs/Makefile | 3 + docs/specification/new-spec/blockchain.md | 53 +++--- docs/specification/new-spec/consensus.md | 217 ++++++++++++---------- docs/specification/new-spec/encoding.md | 71 +++---- docs/specification/new-spec/state.md | 20 +- 6 files changed, 193 insertions(+), 172 deletions(-) create mode 100644 docs/.python-version diff --git a/docs/.python-version b/docs/.python-version new file mode 100644 index 000000000..9bbf49249 --- /dev/null +++ b/docs/.python-version @@ -0,0 +1 @@ +2.7.14 diff --git a/docs/Makefile b/docs/Makefile index f8d1790de..442c9be65 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -12,6 +12,9 @@ BUILDDIR = _build help: @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O) +install: + @pip install -r requirements.txt + .PHONY: help Makefile # Catch-all target: route all unknown targets to Sphinx using the new diff --git a/docs/specification/new-spec/blockchain.md b/docs/specification/new-spec/blockchain.md index ce2529f80..f029d7d47 100644 --- a/docs/specification/new-spec/blockchain.md +++ b/docs/specification/new-spec/blockchain.md @@ -2,7 +2,7 @@ Here we describe the data structures in the Tendermint blockchain and the rules for validating them. -# Data Structures +## Data Structures The Tendermint blockchains consists of a short list of basic data types: `Block`, `Header`, `Vote`, `BlockID`, `Signature`, and `Evidence`. @@ -12,7 +12,7 @@ The Tendermint blockchains consists of a short list of basic data types: A block consists of a header, a list of transactions, a list of votes (the commit), and a list of evidence if malfeasance (ie. signing conflicting votes). -``` +```go type Block struct { Header Header Txs [][]byte @@ -26,7 +26,7 @@ type Block struct { A block header contains metadata about the block and about the consensus, as well as commitments to the data in the current block, the previous block, and the results returned by the application: -``` +```go type Header struct { // block metadata Version string // Version string @@ -66,7 +66,7 @@ the block during consensus, is the Merkle root of the complete serialized block cut into parts. The `BlockID` includes these two hashes, as well as the number of parts. -``` +```go type BlockID struct { Hash []byte Parts PartsHeader @@ -83,7 +83,7 @@ type PartsHeader struct { A vote is a signed message from a validator for a particular block. The vote includes information about the validator signing it. -``` +```go type Vote struct { Timestamp int64 Address []byte @@ -96,7 +96,6 @@ type Vote struct { } ``` - There are two types of votes: a prevote has `vote.Type == 1` and a precommit has `vote.Type == 2`. @@ -111,7 +110,7 @@ Currently, Tendermint supports Ed25519 and Secp256k1. An ED25519 signature has `Type == 0x1`. It looks like: -``` +```go // Implements Signature type Ed25519Signature struct { Type int8 = 0x1 @@ -125,7 +124,7 @@ where `Signature` is the 64 byte signature. A `Secp256k1` signature has `Type == 0x2`. It looks like: -``` +```go // Implements Signature type Secp256k1Signature struct { Type int8 = 0x2 @@ -135,7 +134,7 @@ type Secp256k1Signature struct { where `Signature` is the DER encoded signature, ie: -``` +```hex 0x30 <0x02> 0x2 . ``` @@ -143,7 +142,7 @@ where `Signature` is the DER encoded signature, ie: TODO -# Validation +## Validation Here we describe the validation rules for every element in a block. Blocks which do not satisfy these rules are considered invalid. @@ -159,7 +158,7 @@ and other results from the application. Elements of an object are accessed as expected, ie. `block.Header`. See [here](state.md) for the definition of `state`. -## Header +### Header A Header is valid if its corresponding fields are valid. @@ -173,7 +172,7 @@ Arbitrary constant string. ### Height -``` +```go block.Header.Height > 0 block.Header.Height == prevBlock.Header.Height + 1 ``` @@ -190,7 +189,7 @@ block being voted on. ### NumTxs -``` +```go block.Header.NumTxs == len(block.Txs) ``` @@ -198,7 +197,7 @@ Number of transactions included in the block. ### TxHash -``` +```go block.Header.TxHash == SimpleMerkleRoot(block.Txs) ``` @@ -206,7 +205,7 @@ Simple Merkle root of the transactions in the block. ### LastCommitHash -``` +```go block.Header.LastCommitHash == SimpleMerkleRoot(block.LastCommit) ``` @@ -217,7 +216,7 @@ The first block has `block.Header.LastCommitHash == []byte{}` ### TotalTxs -``` +```go block.Header.TotalTxs == prevBlock.Header.TotalTxs + block.Header.NumTxs ``` @@ -227,7 +226,7 @@ The first block has `block.Header.TotalTxs = block.Header.NumberTxs`. ### LastBlockID -``` +```go prevBlockParts := MakeParts(prevBlock, state.LastConsensusParams.BlockGossip.BlockPartSize) block.Header.LastBlockID == BlockID { Hash: SimpleMerkleRoot(prevBlock.Header), @@ -245,7 +244,7 @@ The first block has `block.Header.LastBlockID == BlockID{}`. ### ResultsHash -``` +```go block.ResultsHash == SimpleMerkleRoot(state.LastResults) ``` @@ -255,7 +254,7 @@ The first block has `block.Header.ResultsHash == []byte{}`. ### AppHash -``` +```go block.AppHash == state.AppHash ``` @@ -265,7 +264,7 @@ The first block has `block.Header.AppHash == []byte{}`. ### ValidatorsHash -``` +```go block.ValidatorsHash == SimpleMerkleRoot(state.Validators) ``` @@ -275,7 +274,7 @@ May be updated by the application. ### ConsensusParamsHash -``` +```go block.ConsensusParamsHash == SimpleMerkleRoot(state.ConsensusParams) ``` @@ -284,7 +283,7 @@ May be updated by the application. ### Proposer -``` +```go block.Header.Proposer in state.Validators ``` @@ -296,7 +295,7 @@ and we do not track the initial round the block was proposed. ### EvidenceHash -``` +```go block.EvidenceHash == SimpleMerkleRoot(block.Evidence) ``` @@ -310,7 +309,7 @@ Arbitrary length array of arbitrary length byte-arrays. The first height is an exception - it requires the LastCommit to be empty: -``` +```go if block.Header.Height == 1 { len(b.LastCommit) == 0 } @@ -318,7 +317,7 @@ if block.Header.Height == 1 { Otherwise, we require: -``` +```go len(block.LastCommit) == len(state.LastValidators) talliedVotingPower := 0 for i, vote := range block.LastCommit{ @@ -356,7 +355,7 @@ For signing, votes are encoded in JSON, and the ChainID is included, in the form We define a method `Verify` that returns `true` if the signature verifies against the pubkey for the CanonicalSignBytes using the given ChainID: -``` +```go func (v Vote) Verify(chainID string, pubKey PubKey) bool { return pubKey.Verify(v.Signature, CanonicalSignBytes(chainID, v)) } @@ -384,7 +383,7 @@ Once a block is validated, it can be executed against the state. The state follows the recursive equation: -``` +```go app = NewABCIApp state(1) = InitialState state(h+1) <- Execute(state(h), app, block(h)) diff --git a/docs/specification/new-spec/consensus.md b/docs/specification/new-spec/consensus.md index 5c6810565..ffa2bd5d8 100644 --- a/docs/specification/new-spec/consensus.md +++ b/docs/specification/new-spec/consensus.md @@ -1,197 +1,210 @@ -# Tendermint Consensus +# Tendermint Consensus Reactor -Tendermint consensus is a distributed protocol executed by validator processes to agree on -the next block to be added to the Tendermint blockchain. The protocol proceeds in rounds, where -each round is a try to reach agreement on the next block. A round starts by having a dedicated -process (called proposer) suggesting to other processes what should be the next block with +Tendermint Consensus is a distributed protocol executed by validator processes to agree on +the next block to be added to the Tendermint blockchain. The protocol proceeds in rounds, where +each round is a try to reach agreement on the next block. A round starts by having a dedicated +process (called proposer) suggesting to other processes what should be the next block with the `ProposalMessage`. -The processes respond by voting for a block with `VoteMessage` (there are two kinds of vote messages, prevote -and precommit votes). Note that a proposal message is just a suggestion what the next block should be; a -validator might vote with a `VoteMessage` for a different block. If in some round, enough number -of processes vote for the same block, then this block is committed and later added to the blockchain. +The processes respond by voting for a block with `VoteMessage` (there are two kinds of vote messages, prevote +and precommit votes). Note that a proposal message is just a suggestion what the next block should be; a +validator might vote with a `VoteMessage` for a different block. If in some round, enough number +of processes vote for the same block, then this block is committed and later added to the blockchain. `ProposalMessage` and `VoteMessage` are signed by the private key of the validator. -The internals of the protocol and how it ensures safety and liveness properties are +The internals of the protocol and how it ensures safety and liveness properties are explained [here](https://github.com/tendermint/spec). For efficiency reasons, validators in Tendermint consensus protocol do not agree directly on the block -as the block size is big, i.e., they don't embed the block inside `Proposal` and `VoteMessage`. Instead, they -reach agreement on the `BlockID` (see `BlockID` definition in [Blockchain](blockchain.md) section) +as the block size is big, i.e., they don't embed the block inside `Proposal` and `VoteMessage`. Instead, they +reach agreement on the `BlockID` (see `BlockID` definition in [Blockchain](blockchain.md) section) that uniquely identifies each block. The block itself is disseminated to validator processes using -peer-to-peer gossiping protocol. It starts by having a proposer first splitting a block into a -number of block parts, that are then gossiped between processes using `BlockPartMessage`. +peer-to-peer gossiping protocol. It starts by having a proposer first splitting a block into a +number of block parts, that are then gossiped between processes using `BlockPartMessage`. -Validators in Tendermint communicate by peer-to-peer gossiping protocol. Each validator is connected -only to a subset of processes called peers. By the gossiping protocol, a validator send to its peers -all needed information (`ProposalMessage`, `VoteMessage` and `BlockPartMessage`) so they can +Validators in Tendermint communicate by peer-to-peer gossiping protocol. Each validator is connected +only to a subset of processes called peers. By the gossiping protocol, a validator send to its peers +all needed information (`ProposalMessage`, `VoteMessage` and `BlockPartMessage`) so they can reach agreement on some block, and also obtain the content of the chosen block (block parts). As part of -the gossiping protocol, processes also send auxiliary messages that inform peers about the -executed steps of the core consensus algorithm (`NewRoundStepMessage` and `CommitStepMessage`), and +the gossiping protocol, processes also send auxiliary messages that inform peers about the +executed steps of the core consensus algorithm (`NewRoundStepMessage` and `CommitStepMessage`), and also messages that inform peers what votes the process has seen (`HasVoteMessage`, `VoteSetMaj23Message` and `VoteSetBitsMessage`). These messages are then used in the gossiping protocol -to determine what messages a process should send to its peers. - +to determine what messages a process should send to its peers. + We now describe the content of each message exchanged during Tendermint consensus protocol. ## ProposalMessage -ProposalMessage is sent when a new block is proposed. It is a suggestion of what the + +ProposalMessage is sent when a new block is proposed. It is a suggestion of what the next block in the blockchain should be. -``` + +```go type ProposalMessage struct { - Proposal Proposal + Proposal Proposal } ``` + ### Proposal + Proposal contains height and round for which this proposal is made, BlockID as a unique identifier of proposed block, timestamp, and two fields (POLRound and POLBlockID) that are needed for termination of the consensus. -The message is signed by the validator private key. +The message is signed by the validator private key. -``` +```go type Proposal struct { - Height int64 - Round int - Timestamp Time - BlockID BlockID - POLRound int - POLBlockID BlockID - Signature Signature + Height int64 + Round int + Timestamp Time + BlockID BlockID + POLRound int + POLBlockID BlockID + Signature Signature } ``` NOTE: In the current version of the Tendermint, the consensus value in proposal is represented with -PartSetHeader, and with BlockID in vote message. It should be aligned as suggested in this spec as -BlockID contains PartSetHeader. +PartSetHeader, and with BlockID in vote message. It should be aligned as suggested in this spec as +BlockID contains PartSetHeader. ## VoteMessage + VoteMessage is sent to vote for some block (or to inform others that a process does not vote in the current round). -Vote is defined in [Blockchain](blockchain.md) section and contains validator's information (validator address -and index), height and round for which the vote is sent, vote type, blockID if process vote for some +Vote is defined in [Blockchain](blockchain.md) section and contains validator's information (validator address +and index), height and round for which the vote is sent, vote type, blockID if process vote for some block (`nil` otherwise) and a timestamp when the vote is sent. The message is signed by the validator private key. -``` + +```go type VoteMessage struct { - Vote Vote + Vote Vote } ``` ## BlockPartMessage -BlockPartMessage is sent when gossipping a piece of the proposed block. It contains height, round -and the block part. -``` +BlockPartMessage is sent when gossipping a piece of the proposed block. It contains height, round +and the block part. + +```go type BlockPartMessage struct { - Height int64 - Round int - Part Part + Height int64 + Round int + Part Part } ``` -## ProposalHeartbeatMessage -ProposalHeartbeatMessage is sent to signal that a node is alive and waiting for transactions +## ProposalHeartbeatMessage + +ProposalHeartbeatMessage is sent to signal that a node is alive and waiting for transactions to be able to create a next block proposal. -``` +```go type ProposalHeartbeatMessage struct { Heartbeat Heartbeat } ``` ### Heartbeat -Heartbeat contains validator information (address and index), -height, round and sequence number. It is signed by the private key of the validator. -``` +Heartbeat contains validator information (address and index), +height, round and sequence number. It is signed by the private key of the validator. + +```go type Heartbeat struct { - ValidatorAddress []byte - ValidatorIndex int - Height int64 - Round int - Sequence int - Signature Signature + ValidatorAddress []byte + ValidatorIndex int + Height int64 + Round int + Sequence int + Signature Signature } ``` ## NewRoundStepMessage -NewRoundStepMessage is sent for every step transition during the core consensus algorithm execution. It is -used in the gossip part of the Tendermint protocol to inform peers about a current height/round/step + +NewRoundStepMessage is sent for every step transition during the core consensus algorithm execution. It is +used in the gossip part of the Tendermint protocol to inform peers about a current height/round/step a process is in. -``` +```go type NewRoundStepMessage struct { - Height int64 - Round int - Step RoundStepType - SecondsSinceStartTime int - LastCommitRound int + Height int64 + Round int + Step RoundStepType + SecondsSinceStartTime int + LastCommitRound int } ``` ## CommitStepMessage + CommitStepMessage is sent when an agreement on some block is reached. It contains height for which agreement is reached, block parts header that describes the decided block and is used to obtain all block parts, -and a bit array of the block parts a process currently has, so its peers can know what parts -it is missing so they can send them. +and a bit array of the block parts a process currently has, so its peers can know what parts +it is missing so they can send them. -``` +```go type CommitStepMessage struct { - Height int64 - BlockID BlockID - BlockParts BitArray + Height int64 + BlockID BlockID + BlockParts BitArray } ``` -TODO: We use BlockID instead of BlockPartsHeader (in current implementation) for symmetry. +TODO: We use BlockID instead of BlockPartsHeader (in current implementation) for symmetry. ## ProposalPOLMessage + ProposalPOLMessage is sent when a previous block is re-proposed. It is used to inform peers in what round the process learned for this block (ProposalPOLRound), -and what prevotes for the re-proposed block the process has. - -``` +and what prevotes for the re-proposed block the process has. + +```go type ProposalPOLMessage struct { - Height int64 - ProposalPOLRound int - ProposalPOL BitArray + Height int64 + ProposalPOLRound int + ProposalPOL BitArray } ``` - ## HasVoteMessage -HasVoteMessage is sent to indicate that a particular vote has been received. It contains height, -round, vote type and the index of the validator that is the originator of the corresponding vote. -``` +HasVoteMessage is sent to indicate that a particular vote has been received. It contains height, +round, vote type and the index of the validator that is the originator of the corresponding vote. + +```go type HasVoteMessage struct { - Height int64 - Round int - Type byte - Index int + Height int64 + Round int + Type byte + Index int } ``` ## VoteSetMaj23Message -VoteSetMaj23Message is sent to indicate that a process has seen +2/3 votes for some BlockID. -It contains height, round, vote type and the BlockID. -``` +VoteSetMaj23Message is sent to indicate that a process has seen +2/3 votes for some BlockID. +It contains height, round, vote type and the BlockID. + +```go type VoteSetMaj23Message struct { - Height int64 - Round int - Type byte - BlockID BlockID + Height int64 + Round int + Type byte + BlockID BlockID } ``` ## VoteSetBitsMessage -VoteSetBitsMessage is sent to communicate the bit-array of votes a process has seen for a given -BlockID. It contains height, round, vote type, BlockID and a bit array of + +VoteSetBitsMessage is sent to communicate the bit-array of votes a process has seen for a given +BlockID. It contains height, round, vote type, BlockID and a bit array of the votes a process has. -``` +```go type VoteSetBitsMessage struct { - Height int64 - Round int - Type byte - BlockID BlockID - Votes BitArray + Height int64 + Round int + Type byte + BlockID BlockID + Votes BitArray } ``` - diff --git a/docs/specification/new-spec/encoding.md b/docs/specification/new-spec/encoding.md index f401dde7c..205b8574e 100644 --- a/docs/specification/new-spec/encoding.md +++ b/docs/specification/new-spec/encoding.md @@ -2,9 +2,11 @@ ## Binary Serialization (TMBIN) -Tendermint aims to encode data structures in a manner similar to how the corresponding Go structs are laid out in memory. +Tendermint aims to encode data structures in a manner similar to how the corresponding Go structs +are laid out in memory. Variable length items are length-prefixed. -While the encoding was inspired by Go, it is easily implemented in other languages as well given its intuitive design. +While the encoding was inspired by Go, it is easily implemented in other languages as well given its +intuitive design. XXX: This is changing to use real varints and 4-byte-prefixes. See https://github.com/tendermint/go-wire/tree/sdk2. @@ -19,7 +21,7 @@ Negative integers are encoded via twos-complement. Examples: -``` +```go encode(uint8(6)) == [0x06] encode(uint32(6)) == [0x00, 0x00, 0x00, 0x06] @@ -36,10 +38,9 @@ Negative integers are encoded by flipping the leading bit of the length-prefix t Zero is encoded as `0x00`. It is not length-prefixed. - Examples: -``` +```go encode(uint(6)) == [0x01, 0x06] encode(uint(70000)) == [0x03, 0x01, 0x11, 0x70] @@ -58,7 +59,7 @@ The empty string is encoded as `0x00`. It is not length-prefixed. Examples: -``` +```go encode("") == [0x00] encode("a") == [0x01, 0x01, 0x61] encode("hello") == [0x01, 0x05, 0x68, 0x65, 0x6C, 0x6C, 0x6F] @@ -72,7 +73,7 @@ There is no length-prefix. Examples: -``` +```go encode([4]int8{1, 2, 3, 4}) == [0x01, 0x02, 0x03, 0x04] encode([4]int16{1, 2, 3, 4}) == [0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04] encode([4]int{1, 2, 3, 4}) == [0x01, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04] @@ -81,14 +82,15 @@ encode([2]string{"abc", "efg"}) == [0x01, 0x03, 0x61, 0x62, 0x63, 0x01, 0x03, 0x ### Slices (variable length) -An encoded variable-length array is a length prefix followed by the concatenation of the encoding of its elements. +An encoded variable-length array is a length prefix followed by the concatenation of the encoding of +its elements. The length-prefix is itself encoded as an `int`. An empty slice is encoded as `0x00`. It is not length-prefixed. Examples: -``` +```go encode([]int8{}) == [0x00] encode([]int8{1, 2, 3, 4}) == [0x01, 0x04, 0x01, 0x02, 0x03, 0x04] encode([]int16{1, 2, 3, 4}) == [0x01, 0x04, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03, 0x00, 0x04] @@ -97,10 +99,11 @@ encode([]string{"abc", "efg"}) == [0x01, 0x02, 0x01, 0x03, 0x61, 0x62, 0x63, 0x ``` ### BitArray + BitArray is encoded as an `int` of the number of bits, and with an array of `uint64` to encode value of each array element. -``` +```go type BitArray struct { Bits int Elems []uint64 @@ -116,7 +119,7 @@ Times before then are invalid. Examples: -``` +```go encode(time.Time("Jan 1 00:00:00 UTC 1970")) == [0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00] encode(time.Time("Jan 1 00:00:01 UTC 1970")) == [0x00, 0x00, 0x00, 0x00, 0x3B, 0x9A, 0xCA, 0x00] // 1,000,000,000 ns encode(time.Time("Mon Jan 2 15:04:05 -0700 MST 2006")) == [0x0F, 0xC4, 0xBB, 0xC1, 0x53, 0x03, 0x12, 0x00] @@ -129,7 +132,7 @@ There is no length-prefix. Examples: -``` +```go type MyStruct struct{ A int B string @@ -139,7 +142,6 @@ encode(MyStruct{4, "hello", time.Time("Mon Jan 2 15:04:05 -0700 MST 2006")}) == [0x01, 0x04, 0x01, 0x05, 0x68, 0x65, 0x6C, 0x6C, 0x6F, 0x0F, 0xC4, 0xBB, 0xC1, 0x53, 0x03, 0x12, 0x00] ``` - ## Merkle Trees Simple Merkle trees are used in numerous places in Tendermint to compute a cryptographic digest of a data structure. @@ -148,23 +150,24 @@ RIPEMD160 is always used as the hashing function. The function `SimpleMerkleRoot` is a simple recursive function defined as follows: -``` +```go func SimpleMerkleRoot(hashes [][]byte) []byte{ - switch len(hashes) { - case 0: - return nil - case 1: - return hashes[0] - default: - left := SimpleMerkleRoot(hashes[:(len(hashes)+1)/2]) - right := SimpleMerkleRoot(hashes[(len(hashes)+1)/2:]) - return RIPEMD160(append(left, right)) - } + switch len(hashes) { + case 0: + return nil + case 1: + return hashes[0] + default: + left := SimpleMerkleRoot(hashes[:(len(hashes)+1)/2]) + right := SimpleMerkleRoot(hashes[(len(hashes)+1)/2:]) + return RIPEMD160(append(left, right)) + } } ``` Note we abuse notion and call `SimpleMerkleRoot` with arguments of type `struct` or type `[]struct`. -For `struct` arguments, we compute a `[][]byte` by sorting elements of the `struct` according to field name and then hashing them. +For `struct` arguments, we compute a `[][]byte` by sorting elements of the `struct` according to +field name and then hashing them. For `[]struct` arguments, we compute a `[][]byte` by hashing the individual `struct` elements. ## JSON (TMJSON) @@ -172,10 +175,12 @@ For `[]struct` arguments, we compute a `[][]byte` by hashing the individual `str Signed messages (eg. votes, proposals) in the consensus are encoded in TMJSON, rather than TMBIN. TMJSON is JSON where `[]byte` are encoded as uppercase hex, rather than base64. -When signing, the elements of a message are sorted by key and the sorted message is embedded in an outer JSON that includes a `chain_id` field. -We call this encoding the CanonicalSignBytes. For instance, CanonicalSignBytes for a vote would look like: +When signing, the elements of a message are sorted by key and the sorted message is embedded in an +outer JSON that includes a `chain_id` field. +We call this encoding the CanonicalSignBytes. For instance, CanonicalSignBytes for a vote would look +like: -``` +```json {"chain_id":"my-chain-id","vote":{"block_id":{"hash":DEADBEEF,"parts":{"hash":BEEFDEAD,"total":3}},"height":3,"round":2,"timestamp":1234567890, "type":2} ``` @@ -187,16 +192,16 @@ Note how the fields within each level are sorted. TMBIN encode an object and slice it into parts. -``` +```go MakeParts(object, partSize) ``` ### Part -``` +```go type Part struct { - Index int - Bytes byte[] - Proof byte[] + Index int + Bytes byte[] + Proof byte[] } ``` diff --git a/docs/specification/new-spec/state.md b/docs/specification/new-spec/state.md index 1d7900273..3594de57b 100644 --- a/docs/specification/new-spec/state.md +++ b/docs/specification/new-spec/state.md @@ -2,13 +2,13 @@ ## State -The state contains information whose cryptographic digest is included in block headers, -and thus is necessary for validating new blocks. -For instance, the Merkle root of the results from executing the previous block, or the Merkle root of the current validators. -While neither the results of transactions now the validators are ever included in the blockchain itself, -the Merkle roots are, and hence we need a separate data structure to track them. +The state contains information whose cryptographic digest is included in block headers, and thus is +necessary for validating new blocks. For instance, the Merkle root of the results from executing the +previous block, or the Merkle root of the current validators. While neither the results of +transactions now the validators are ever included in the blockchain itself, the Merkle roots are, +and hence we need a separate data structure to track them. -``` +```go type State struct { LastResults []Result AppHash []byte @@ -22,7 +22,7 @@ type State struct { ### Result -``` +```go type Result struct { Code uint32 Data []byte @@ -46,7 +46,7 @@ represented in the tags. A validator is an active participant in the consensus with a public key and a voting power. Validator's also contain an address which is derived from the PubKey: -``` +```go type Validator struct { Address []byte PubKey PubKey @@ -59,7 +59,7 @@ so that there is a canonical order for computing the SimpleMerkleRoot. We also define a `TotalVotingPower` function, to return the total voting power: -``` +```go func TotalVotingPower(vals []Validators) int64{ sum := 0 for v := range vals{ @@ -82,7 +82,7 @@ TODO: We define an `Execute` function that takes a state and a block, executes the block against the application, and returns an updated state. -``` +```go Execute(s State, app ABCIApp, block Block) State { abciResponses := app.ApplyBlock(block) From a30315276b4e59bd6253637d8d5e7e8c4a610ca4 Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Wed, 3 Jan 2018 11:29:19 +0100 Subject: [PATCH 097/188] Formatting and documentation --- blockchain/pool.go | 9 ++- blockchain/pool_test.go | 5 +- blockchain/reactor.go | 22 ++++--- blockchain/reactor_test.go | 7 ++- blockchain/store.go | 4 +- blockchain/store_test.go | 34 ++++++---- .../new-spec/blockchain_reactor.md | 17 +++++ docs/specification/new-spec/consensus.md | 62 ++++++++++--------- 8 files changed, 102 insertions(+), 58 deletions(-) create mode 100644 docs/specification/new-spec/blockchain_reactor.md diff --git a/blockchain/pool.go b/blockchain/pool.go index f3148e6c5..164d3b3b5 100644 --- a/blockchain/pool.go +++ b/blockchain/pool.go @@ -5,15 +5,15 @@ import ( "sync" "time" - "github.com/tendermint/tendermint/p2p" - "github.com/tendermint/tendermint/types" cmn "github.com/tendermint/tmlibs/common" flow "github.com/tendermint/tmlibs/flowrate" "github.com/tendermint/tmlibs/log" + + "github.com/tendermint/tendermint/p2p" + "github.com/tendermint/tendermint/types" ) /* - eg, L = latency = 0.1s P = num peers = 10 FN = num full nodes @@ -23,7 +23,6 @@ eg, L = latency = 0.1s B/S = CB/P/BS = 12.8 blocks/s 12.8 * 0.1 = 1.28 blocks on conn - */ const ( @@ -503,7 +502,7 @@ func (bpr *bpRequester) requestRoutine() { OUTER_LOOP: for { // Pick a peer to send request to. - var peer *bpPeer = nil + var peer *bpPeer PICK_PEER_LOOP: for { if !bpr.IsRunning() || !bpr.pool.IsRunning() { diff --git a/blockchain/pool_test.go b/blockchain/pool_test.go index 0cdbc3a9e..ce16899a7 100644 --- a/blockchain/pool_test.go +++ b/blockchain/pool_test.go @@ -5,10 +5,11 @@ import ( "testing" "time" - "github.com/tendermint/tendermint/p2p" - "github.com/tendermint/tendermint/types" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" + + "github.com/tendermint/tendermint/p2p" + "github.com/tendermint/tendermint/types" ) func init() { diff --git a/blockchain/reactor.go b/blockchain/reactor.go index 701e04f68..f8b1fc520 100644 --- a/blockchain/reactor.go +++ b/blockchain/reactor.go @@ -8,11 +8,13 @@ import ( "time" wire "github.com/tendermint/go-wire" + + cmn "github.com/tendermint/tmlibs/common" + "github.com/tendermint/tmlibs/log" + "github.com/tendermint/tendermint/p2p" sm "github.com/tendermint/tendermint/state" "github.com/tendermint/tendermint/types" - cmn "github.com/tendermint/tmlibs/common" - "github.com/tendermint/tmlibs/log" ) const ( @@ -56,9 +58,12 @@ type BlockchainReactor struct { } // NewBlockchainReactor returns new reactor instance. -func NewBlockchainReactor(state sm.State, blockExec *sm.BlockExecutor, store *BlockStore, fastSync bool) *BlockchainReactor { +func NewBlockchainReactor(state sm.State, blockExec *sm.BlockExecutor, store *BlockStore, + fastSync bool) *BlockchainReactor { + if state.LastBlockHeight != store.Height() { - cmn.PanicSanity(cmn.Fmt("state (%v) and store (%v) height mismatch", state.LastBlockHeight, store.Height())) + cmn.PanicSanity(cmn.Fmt("state (%v) and store (%v) height mismatch", state.LastBlockHeight, + store.Height())) } requestsCh := make(chan BlockRequest, defaultChannelCapacity) @@ -138,7 +143,9 @@ func (bcR *BlockchainReactor) RemovePeer(peer p2p.Peer, reason interface{}) { // if we have it. Otherwise, we'll respond saying we don't have it. // According to the Tendermint spec, if all nodes are honest, // no node should be requesting for a block that's non-existent. -func (bcR *BlockchainReactor) respondToPeer(msg *bcBlockRequestMessage, src p2p.Peer) (queued bool) { +func (bcR *BlockchainReactor) respondToPeer(msg *bcBlockRequestMessage, + src p2p.Peer) (queued bool) { + block := bcR.store.LoadBlock(msg.Height) if block != nil { msg := &bcBlockResponseMessage{Block: block} @@ -293,7 +300,7 @@ FOR_LOOP: // TODO This is bad, are we zombie? cmn.PanicQ(cmn.Fmt("Failed to process committed block (%d:%X): %v", first.Height, first.Hash(), err)) } - blocksSynced += 1 + blocksSynced++ // update the consensus params bcR.updateConsensusParams(state.ConsensusParams) @@ -315,7 +322,8 @@ FOR_LOOP: // BroadcastStatusRequest broadcasts `BlockStore` height. func (bcR *BlockchainReactor) BroadcastStatusRequest() error { - bcR.Switch.Broadcast(BlockchainChannel, struct{ BlockchainMessage }{&bcStatusRequestMessage{bcR.store.Height()}}) + bcR.Switch.Broadcast(BlockchainChannel, + struct{ BlockchainMessage }{&bcStatusRequestMessage{bcR.store.Height()}}) return nil } diff --git a/blockchain/reactor_test.go b/blockchain/reactor_test.go index 06f6c36c5..6f5b14ff3 100644 --- a/blockchain/reactor_test.go +++ b/blockchain/reactor_test.go @@ -4,6 +4,7 @@ import ( "testing" wire "github.com/tendermint/go-wire" + cmn "github.com/tendermint/tmlibs/common" dbm "github.com/tendermint/tmlibs/db" "github.com/tendermint/tmlibs/log" @@ -28,7 +29,8 @@ func newBlockchainReactor(logger log.Logger, maxBlockHeight int64) *BlockchainRe // Make the blockchainReactor itself fastSync := true var nilApp proxy.AppConnConsensus - blockExec := sm.NewBlockExecutor(dbm.NewMemDB(), log.TestingLogger(), nilApp, types.MockMempool{}, types.MockEvidencePool{}) + blockExec := sm.NewBlockExecutor(dbm.NewMemDB(), log.TestingLogger(), nilApp, + types.MockMempool{}, types.MockEvidencePool{}) bcReactor := NewBlockchainReactor(state.Copy(), blockExec, blockStore, fastSync) bcReactor.SetLogger(logger.With("module", "blockchain")) @@ -130,7 +132,8 @@ func newbcrTestPeer(id p2p.ID) *bcrTestPeer { func (tp *bcrTestPeer) lastValue() interface{} { return <-tp.ch } func (tp *bcrTestPeer) TrySend(chID byte, value interface{}) bool { - if _, ok := value.(struct{ BlockchainMessage }).BlockchainMessage.(*bcStatusResponseMessage); ok { + if _, ok := value.(struct{ BlockchainMessage }). + BlockchainMessage.(*bcStatusResponseMessage); ok { // Discard status response messages since they skew our results // We only want to deal with: // + bcBlockResponseMessage diff --git a/blockchain/store.go b/blockchain/store.go index 1033999fe..91d2b220f 100644 --- a/blockchain/store.go +++ b/blockchain/store.go @@ -8,9 +8,11 @@ import ( "sync" wire "github.com/tendermint/go-wire" - "github.com/tendermint/tendermint/types" + cmn "github.com/tendermint/tmlibs/common" dbm "github.com/tendermint/tmlibs/db" + + "github.com/tendermint/tendermint/types" ) /* diff --git a/blockchain/store_test.go b/blockchain/store_test.go index 1fd88dac3..933329c4b 100644 --- a/blockchain/store_test.go +++ b/blockchain/store_test.go @@ -13,9 +13,11 @@ import ( "github.com/stretchr/testify/require" wire "github.com/tendermint/go-wire" - "github.com/tendermint/tendermint/types" + "github.com/tendermint/tmlibs/db" "github.com/tendermint/tmlibs/log" + + "github.com/tendermint/tendermint/types" ) func TestLoadBlockStoreStateJSON(t *testing.T) { @@ -104,7 +106,8 @@ var ( partSet = block.MakePartSet(2) part1 = partSet.GetPart(0) part2 = partSet.GetPart(1) - seenCommit1 = &types.Commit{Precommits: []*types.Vote{{Height: 10, Timestamp: time.Now().UTC()}}} + seenCommit1 = &types.Commit{Precommits: []*types.Vote{{Height: 10, + Timestamp: time.Now().UTC()}}} ) // TODO: This test should be simplified ... @@ -124,7 +127,8 @@ func TestBlockStoreSaveLoadBlock(t *testing.T) { // save a block block := makeBlock(bs.Height()+1, state) validPartSet := block.MakePartSet(2) - seenCommit := &types.Commit{Precommits: []*types.Vote{{Height: 10, Timestamp: time.Now().UTC()}}} + seenCommit := &types.Commit{Precommits: []*types.Vote{{Height: 10, + Timestamp: time.Now().UTC()}}} bs.SaveBlock(block, partSet, seenCommit) require.Equal(t, bs.Height(), block.Header.Height, "expecting the new height to be changed") @@ -143,7 +147,8 @@ func TestBlockStoreSaveLoadBlock(t *testing.T) { // End of setup, test data - commitAtH10 := &types.Commit{Precommits: []*types.Vote{{Height: 10, Timestamp: time.Now().UTC()}}} + commitAtH10 := &types.Commit{Precommits: []*types.Vote{{Height: 10, + Timestamp: time.Now().UTC()}}} tuples := []struct { block *types.Block parts *types.PartSet @@ -263,7 +268,8 @@ func TestBlockStoreSaveLoadBlock(t *testing.T) { db.Set(calcBlockCommitKey(commitHeight), []byte("foo-bogus")) } bCommit := bs.LoadBlockCommit(commitHeight) - return &quad{block: bBlock, seenCommit: bSeenCommit, commit: bCommit, meta: bBlockMeta}, nil + return &quad{block: bBlock, seenCommit: bSeenCommit, commit: bCommit, + meta: bBlockMeta}, nil }) if subStr := tuple.wantPanic; subStr != "" { @@ -290,10 +296,12 @@ func TestBlockStoreSaveLoadBlock(t *testing.T) { continue } if tuple.eraseSeenCommitInDB { - assert.Nil(t, qua.seenCommit, "erased the seenCommit in the DB hence we should get back a nil seenCommit") + assert.Nil(t, qua.seenCommit, + "erased the seenCommit in the DB hence we should get back a nil seenCommit") } if tuple.eraseCommitInDB { - assert.Nil(t, qua.commit, "erased the commit in the DB hence we should get back a nil commit") + assert.Nil(t, qua.commit, + "erased the commit in the DB hence we should get back a nil commit") } } } @@ -331,7 +339,8 @@ func TestLoadBlockPart(t *testing.T) { gotPart, _, panicErr := doFn(loadPart) require.Nil(t, panicErr, "an existent and proper block should not panic") require.Nil(t, res, "a properly saved block should return a proper block") - require.Equal(t, gotPart.(*types.Part).Hash(), part1.Hash(), "expecting successful retrieval of previously saved block") + require.Equal(t, gotPart.(*types.Part).Hash(), part1.Hash(), + "expecting successful retrieval of previously saved block") } func TestLoadBlockMeta(t *testing.T) { @@ -360,7 +369,8 @@ func TestLoadBlockMeta(t *testing.T) { gotMeta, _, panicErr := doFn(loadMeta) require.Nil(t, panicErr, "an existent and proper block should not panic") require.Nil(t, res, "a properly saved blockMeta should return a proper blocMeta ") - require.Equal(t, binarySerializeIt(meta), binarySerializeIt(gotMeta), "expecting successful retrieval of previously saved blockMeta") + require.Equal(t, binarySerializeIt(meta), binarySerializeIt(gotMeta), + "expecting successful retrieval of previously saved blockMeta") } func TestBlockFetchAtHeight(t *testing.T) { @@ -369,13 +379,15 @@ func TestBlockFetchAtHeight(t *testing.T) { block := makeBlock(bs.Height()+1, state) partSet := block.MakePartSet(2) - seenCommit := &types.Commit{Precommits: []*types.Vote{{Height: 10, Timestamp: time.Now().UTC()}}} + seenCommit := &types.Commit{Precommits: []*types.Vote{{Height: 10, + Timestamp: time.Now().UTC()}}} bs.SaveBlock(block, partSet, seenCommit) require.Equal(t, bs.Height(), block.Header.Height, "expecting the new height to be changed") blockAtHeight := bs.LoadBlock(bs.Height()) - require.Equal(t, block.Hash(), blockAtHeight.Hash(), "expecting a successful load of the last saved block") + require.Equal(t, block.Hash(), blockAtHeight.Hash(), + "expecting a successful load of the last saved block") blockAtHeightPlus1 := bs.LoadBlock(bs.Height() + 1) require.Nil(t, blockAtHeightPlus1, "expecting an unsuccessful load of Height()+1") diff --git a/docs/specification/new-spec/blockchain_reactor.md b/docs/specification/new-spec/blockchain_reactor.md new file mode 100644 index 000000000..204932205 --- /dev/null +++ b/docs/specification/new-spec/blockchain_reactor.md @@ -0,0 +1,17 @@ +# Blockchain Reactor + +The Blockchain Reactor's high level responsibility is to maintain connection to a reasonable number +of peers in the network, request blocks from them or provide them with blocks, validate and persist +the blocks to disk and play blocks to the ABCI app. + +## Block Reactor + +* coordinates synching with other peers + +## Block Pool + +* maintain connections to other peers + +## Block Store + +* persists blocks to disk diff --git a/docs/specification/new-spec/consensus.md b/docs/specification/new-spec/consensus.md index ffa2bd5d8..1f311c44e 100644 --- a/docs/specification/new-spec/consensus.md +++ b/docs/specification/new-spec/consensus.md @@ -5,30 +5,31 @@ the next block to be added to the Tendermint blockchain. The protocol proceeds i each round is a try to reach agreement on the next block. A round starts by having a dedicated process (called proposer) suggesting to other processes what should be the next block with the `ProposalMessage`. -The processes respond by voting for a block with `VoteMessage` (there are two kinds of vote messages, prevote -and precommit votes). Note that a proposal message is just a suggestion what the next block should be; a -validator might vote with a `VoteMessage` for a different block. If in some round, enough number -of processes vote for the same block, then this block is committed and later added to the blockchain. -`ProposalMessage` and `VoteMessage` are signed by the private key of the validator. -The internals of the protocol and how it ensures safety and liveness properties are +The processes respond by voting for a block with `VoteMessage` (there are two kinds of vote +messages, prevote and precommit votes). Note that a proposal message is just a suggestion what the +next block should be; a validator might vote with a `VoteMessage` for a different block. If in some +round, enough number of processes vote for the same block, then this block is committed and later +added to the blockchain. `ProposalMessage` and `VoteMessage` are signed by the private key of the +validator. The internals of the protocol and how it ensures safety and liveness properties are explained [here](https://github.com/tendermint/spec). -For efficiency reasons, validators in Tendermint consensus protocol do not agree directly on the block -as the block size is big, i.e., they don't embed the block inside `Proposal` and `VoteMessage`. Instead, they -reach agreement on the `BlockID` (see `BlockID` definition in [Blockchain](blockchain.md) section) -that uniquely identifies each block. The block itself is disseminated to validator processes using -peer-to-peer gossiping protocol. It starts by having a proposer first splitting a block into a -number of block parts, that are then gossiped between processes using `BlockPartMessage`. +For efficiency reasons, validators in Tendermint consensus protocol do not agree directly on the +block as the block size is big, i.e., they don't embed the block inside `Proposal` and +`VoteMessage`. Instead, they reach agreement on the `BlockID` (see `BlockID` definition in +[Blockchain](blockchain.md) section) that uniquely identifies each block. The block itself is +disseminated to validator processes using peer-to-peer gossiping protocol. It starts by having a +proposer first splitting a block into a number of block parts, that are then gossiped between +processes using `BlockPartMessage`. Validators in Tendermint communicate by peer-to-peer gossiping protocol. Each validator is connected only to a subset of processes called peers. By the gossiping protocol, a validator send to its peers all needed information (`ProposalMessage`, `VoteMessage` and `BlockPartMessage`) so they can -reach agreement on some block, and also obtain the content of the chosen block (block parts). As part of -the gossiping protocol, processes also send auxiliary messages that inform peers about the +reach agreement on some block, and also obtain the content of the chosen block (block parts). As +part of the gossiping protocol, processes also send auxiliary messages that inform peers about the executed steps of the core consensus algorithm (`NewRoundStepMessage` and `CommitStepMessage`), and also messages that inform peers what votes the process has seen (`HasVoteMessage`, -`VoteSetMaj23Message` and `VoteSetBitsMessage`). These messages are then used in the gossiping protocol -to determine what messages a process should send to its peers. +`VoteSetMaj23Message` and `VoteSetBitsMessage`). These messages are then used in the gossiping +protocol to determine what messages a process should send to its peers. We now describe the content of each message exchanged during Tendermint consensus protocol. @@ -45,9 +46,9 @@ type ProposalMessage struct { ### Proposal -Proposal contains height and round for which this proposal is made, BlockID as a unique identifier of proposed -block, timestamp, and two fields (POLRound and POLBlockID) that are needed for termination of the consensus. -The message is signed by the validator private key. +Proposal contains height and round for which this proposal is made, BlockID as a unique identifier +of proposed block, timestamp, and two fields (POLRound and POLBlockID) that are needed for +termination of the consensus. The message is signed by the validator private key. ```go type Proposal struct { @@ -67,10 +68,11 @@ BlockID contains PartSetHeader. ## VoteMessage -VoteMessage is sent to vote for some block (or to inform others that a process does not vote in the current round). -Vote is defined in [Blockchain](blockchain.md) section and contains validator's information (validator address -and index), height and round for which the vote is sent, vote type, blockID if process vote for some -block (`nil` otherwise) and a timestamp when the vote is sent. The message is signed by the validator private key. +VoteMessage is sent to vote for some block (or to inform others that a process does not vote in the +current round). Vote is defined in [Blockchain](blockchain.md) section and contains validator's +information (validator address and index), height and round for which the vote is sent, vote type, +blockID if process vote for some block (`nil` otherwise) and a timestamp when the vote is sent. The +message is signed by the validator private key. ```go type VoteMessage struct { @@ -120,9 +122,9 @@ type Heartbeat struct { ## NewRoundStepMessage -NewRoundStepMessage is sent for every step transition during the core consensus algorithm execution. It is -used in the gossip part of the Tendermint protocol to inform peers about a current height/round/step -a process is in. +NewRoundStepMessage is sent for every step transition during the core consensus algorithm execution. +It is used in the gossip part of the Tendermint protocol to inform peers about a current +height/round/step a process is in. ```go type NewRoundStepMessage struct { @@ -136,10 +138,10 @@ type NewRoundStepMessage struct { ## CommitStepMessage -CommitStepMessage is sent when an agreement on some block is reached. It contains height for which agreement -is reached, block parts header that describes the decided block and is used to obtain all block parts, -and a bit array of the block parts a process currently has, so its peers can know what parts -it is missing so they can send them. +CommitStepMessage is sent when an agreement on some block is reached. It contains height for which +agreement is reached, block parts header that describes the decided block and is used to obtain all +block parts, and a bit array of the block parts a process currently has, so its peers can know what +parts it is missing so they can send them. ```go type CommitStepMessage struct { From 940145b36871b3ac4255d677f61b94af9a3862bf Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Wed, 3 Jan 2018 11:57:42 +0100 Subject: [PATCH 098/188] Bullet points for reactor and poolRoutine --- blockchain/reactor.go | 16 +++++++++------- .../specification/new-spec/blockchain_reactor.md | 16 +++++++++++++++- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/blockchain/reactor.go b/blockchain/reactor.go index f8b1fc520..c92064d79 100644 --- a/blockchain/reactor.go +++ b/blockchain/reactor.go @@ -49,12 +49,13 @@ type BlockchainReactor struct { // immutable initialState sm.State - blockExec *sm.BlockExecutor - store *BlockStore - pool *BlockPool - fastSync bool - requestsCh chan BlockRequest - timeoutsCh chan p2p.ID + blockExec *sm.BlockExecutor + store *BlockStore + pool *BlockPool + fastSync bool + + requestsCh <-chan BlockRequest + timeoutsCh <-chan p2p.ID } // NewBlockchainReactor returns new reactor instance. @@ -127,7 +128,8 @@ func (bcR *BlockchainReactor) GetChannels() []*p2p.ChannelDescriptor { // AddPeer implements Reactor by sending our state to peer. func (bcR *BlockchainReactor) AddPeer(peer p2p.Peer) { - if !peer.Send(BlockchainChannel, struct{ BlockchainMessage }{&bcStatusResponseMessage{bcR.store.Height()}}) { + if !peer.Send(BlockchainChannel, + struct{ BlockchainMessage }{&bcStatusResponseMessage{bcR.store.Height()}}) { // doing nothing, will try later in `poolRoutine` } // peer is added to the pool once we receive the first diff --git a/docs/specification/new-spec/blockchain_reactor.md b/docs/specification/new-spec/blockchain_reactor.md index 204932205..ded1bc275 100644 --- a/docs/specification/new-spec/blockchain_reactor.md +++ b/docs/specification/new-spec/blockchain_reactor.md @@ -6,7 +6,21 @@ the blocks to disk and play blocks to the ABCI app. ## Block Reactor -* coordinates synching with other peers +* coordinates the pool for synching +* coordinates the store for persistence +* coordinates the playing of blocks towards the app using a sm.BlockExecutor +* handles switching between fastsync and consensus +* it is a p2p.BaseReactor +* starts the pool.Start() and its poolRoutine() +* registers all the concrete types and interfaces for serialisation + +### poolRoutine + +* requests blocks from a specific peer based on the pool +* periodically asks for status updates +* tries to switch to consensus +* tries to sync the app by taking downloaded blocks from the pool, gives them to the app and stores + them on disk ## Block Pool From 0eb85161aa6c5ddece4979e886babff4d28754fe Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Wed, 3 Jan 2018 14:39:00 +0100 Subject: [PATCH 099/188] More specification --- blockchain/reactor.go | 6 +- .../new-spec/blockchain_reactor.md | 69 ++++++++++++++++--- 2 files changed, 65 insertions(+), 10 deletions(-) diff --git a/blockchain/reactor.go b/blockchain/reactor.go index c92064d79..ee84a794f 100644 --- a/blockchain/reactor.go +++ b/blockchain/reactor.go @@ -182,7 +182,8 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) bcR.pool.AddBlock(src.ID(), msg.Block, len(msgBytes)) case *bcStatusRequestMessage: // Send peer our state. - queued := src.TrySend(BlockchainChannel, struct{ BlockchainMessage }{&bcStatusResponseMessage{bcR.store.Height()}}) + queued := src.TrySend(BlockchainChannel, + struct{ BlockchainMessage }{&bcStatusResponseMessage{bcR.store.Height()}}) if !queued { // sorry } @@ -300,7 +301,8 @@ FOR_LOOP: state, err = bcR.blockExec.ApplyBlock(state, firstID, first) if err != nil { // TODO This is bad, are we zombie? - cmn.PanicQ(cmn.Fmt("Failed to process committed block (%d:%X): %v", first.Height, first.Hash(), err)) + cmn.PanicQ(cmn.Fmt("Failed to process committed block (%d:%X): %v", + first.Height, first.Hash(), err)) } blocksSynced++ diff --git a/docs/specification/new-spec/blockchain_reactor.md b/docs/specification/new-spec/blockchain_reactor.md index ded1bc275..7d7dcb38d 100644 --- a/docs/specification/new-spec/blockchain_reactor.md +++ b/docs/specification/new-spec/blockchain_reactor.md @@ -1,12 +1,44 @@ # Blockchain Reactor -The Blockchain Reactor's high level responsibility is to maintain connection to a reasonable number -of peers in the network, request blocks from them or provide them with blocks, validate and persist -the blocks to disk and play blocks to the ABCI app. +The Blockchain Reactor's high level responsibility is to request blocks from peers or provide them +with blocks, validate and persist the blocks to disk and play blocks to the ABCI app. + +## Message Types + +```go +const ( + msgTypeBlockRequest = byte(0x10) + msgTypeBlockResponse = byte(0x11) + msgTypeNoBlockResponse = byte(0x12) + msgTypeStatusResponse = byte(0x20) + msgTypeStatusRequest = byte(0x21) +) +``` + +```go +type bcBlockRequestMessage struct { + Height int64 +} + +type bcNoBlockResponseMessage struct { + Height int64 +} + +type bcBlockResponseMessage struct { + Block *types.Block +} + +type bcStatusRequestMessage struct { + Height int64 + +type bcStatusResponseMessage struct { + Height int64 +} +``` ## Block Reactor -* coordinates the pool for synching +* coordinates the pool for syncing * coordinates the store for persistence * coordinates the playing of blocks towards the app using a sm.BlockExecutor * handles switching between fastsync and consensus @@ -16,16 +48,37 @@ the blocks to disk and play blocks to the ABCI app. ### poolRoutine -* requests blocks from a specific peer based on the pool -* periodically asks for status updates -* tries to switch to consensus +* listens to these channels: + * pool requests blocks from a specific peer by posting to requestsCh, block reactor then sends + a &bcBlockRequestMessage for a specific height + * pool signals timeout of a specific peer by posting to timeoutsCh + * switchToConsensusTicker to periodically try and switch to consensus + * trySyncTicker to periodically check if we have fallen behind and then catch-up sync + * if there aren't any new blocks available on the pool it skips syncing * tries to sync the app by taking downloaded blocks from the pool, gives them to the app and stores them on disk +* implements Receive which is called by the switch/peer + * calls AddBlock on the pool when it receives a new block from a peer ## Block Pool -* maintain connections to other peers +* responsible for downloading blocks from peers +* makeRequestersRoutine() + * removes timeout peers + * starts new requesters by calling makeNextRequester() +* requestRoutine(): + * picks a peer and sends the request, then blocks until: + * pool is stopped by listening to pool.Quit + * requester is stopped by listening to Quit + * request is redone + * we receive a block + * gotBlockCh is strange ## Block Store * persists blocks to disk + +# TODO + +* How does the switch from bcR to conR happen? Does conR persist blocks to disk too? +* What is the interaction between the consensus and blockchain reactors? From 2c6ed302b7fa91371be68e5cc06be655dea16246 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 4 Jan 2018 11:52:53 -0500 Subject: [PATCH 100/188] minor changes [ci skip] --- docs/specification/new-spec/blockchain_reactor.md | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/docs/specification/new-spec/blockchain_reactor.md b/docs/specification/new-spec/blockchain_reactor.md index 7d7dcb38d..5633eb050 100644 --- a/docs/specification/new-spec/blockchain_reactor.md +++ b/docs/specification/new-spec/blockchain_reactor.md @@ -1,7 +1,14 @@ # Blockchain Reactor -The Blockchain Reactor's high level responsibility is to request blocks from peers or provide them -with blocks, validate and persist the blocks to disk and play blocks to the ABCI app. +The Blockchain Reactor's high level responsibility is to enable peers who are +far behind the current state of the consensus to quickly catch up by downloading +many blocks in parallel, verifying their commits, and executing them against the +ABCI application. + +Tendermint full nodes run the Blockchain Reactor as a service to provide blocks +to new nodes. New nodes run the Blockchain Reactor in "fast_sync" mode, +where they actively make requests for more blocks until they sync up. +Once caught up, they disable "fast_sync" mode, and turn on the Consensus Reactor. ## Message Types @@ -25,7 +32,7 @@ type bcNoBlockResponseMessage struct { } type bcBlockResponseMessage struct { - Block *types.Block + Block Block } type bcStatusRequestMessage struct { @@ -36,7 +43,7 @@ type bcStatusResponseMessage struct { } ``` -## Block Reactor +## Blockchain Reactor * coordinates the pool for syncing * coordinates the store for persistence From ee674f919fa165c3c263f03d4f30747e3828fe91 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 21 Jan 2018 13:32:04 -0500 Subject: [PATCH 101/188] StopPeerForError in blockchain and consensus --- blockchain/pool.go | 5 +++-- blockchain/reactor.go | 14 +++++++++----- consensus/reactor.go | 6 +++++- consensus/state.go | 18 +++++++++--------- consensus/types/height_vote_set.go | 9 +++++---- mempool/reactor.go | 4 ++-- state/execution.go | 3 +-- types/validator_set.go | 1 - types/vote_set.go | 10 ++++++---- 9 files changed, 40 insertions(+), 30 deletions(-) diff --git a/blockchain/pool.go b/blockchain/pool.go index 164d3b3b5..bb589684b 100644 --- a/blockchain/pool.go +++ b/blockchain/pool.go @@ -195,7 +195,8 @@ func (pool *BlockPool) PopRequest() { // Invalidates the block at pool.height, // Remove the peer and redo request from others. -func (pool *BlockPool) RedoRequest(height int64) { +// Returns the ID of the removed peer. +func (pool *BlockPool) RedoRequest(height int64) p2p.ID { pool.mtx.Lock() defer pool.mtx.Unlock() @@ -205,8 +206,8 @@ func (pool *BlockPool) RedoRequest(height int64) { cmn.PanicSanity("Expected block to be non-nil") } // RemovePeer will redo all requesters associated with this peer. - // TODO: record this malfeasance pool.removePeer(request.peerID) + return request.peerID } // TODO: ensure that blocks come in order for each peer. diff --git a/blockchain/reactor.go b/blockchain/reactor.go index ee84a794f..1bb82c232 100644 --- a/blockchain/reactor.go +++ b/blockchain/reactor.go @@ -3,6 +3,7 @@ package blockchain import ( "bytes" "errors" + "fmt" "reflect" "sync" "time" @@ -171,7 +172,6 @@ func (bcR *BlockchainReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) bcR.Logger.Debug("Receive", "src", src, "chID", chID, "msg", msg) - // TODO: improve logic to satisfy megacheck switch msg := msg.(type) { case *bcBlockRequestMessage: if queued := bcR.respondToPeer(msg, src); !queued { @@ -287,16 +287,20 @@ FOR_LOOP: chainID, firstID, first.Height, second.LastCommit) if err != nil { bcR.Logger.Error("Error in validation", "err", err) - bcR.pool.RedoRequest(first.Height) + peerID := bcR.pool.RedoRequest(first.Height) + peer := bcR.Switch.Peers().Get(peerID) + if peer != nil { + bcR.Switch.StopPeerForError(peer, fmt.Errorf("BlockchainReactor validation error: %v", err)) + } break SYNC_LOOP } else { bcR.pool.PopRequest() + // TODO: batch saves so we dont persist to disk every block bcR.store.SaveBlock(first, firstParts, second.LastCommit) - // NOTE: we could improve performance if we - // didn't make the app commit to disk every block - // ... but we would need a way to get the hash without it persisting + // TODO: same thing for app - but we would need a way to + // get the hash without persisting the state var err error state, err = bcR.blockExec.ApplyBlock(state, firstID, first) if err != nil { diff --git a/consensus/reactor.go b/consensus/reactor.go index 3f6ab506c..44ff745c3 100644 --- a/consensus/reactor.go +++ b/consensus/reactor.go @@ -205,7 +205,11 @@ func (conR *ConsensusReactor) Receive(chID byte, src p2p.Peer, msgBytes []byte) return } // Peer claims to have a maj23 for some BlockID at H,R,S, - votes.SetPeerMaj23(msg.Round, msg.Type, ps.Peer.ID(), msg.BlockID) + err := votes.SetPeerMaj23(msg.Round, msg.Type, ps.Peer.ID(), msg.BlockID) + if err != nil { + conR.Switch.StopPeerForError(src, err) + return + } // Respond with a VoteSetBitsMessage showing which votes we have. // (and consequently shows which we don't have) var ourVotes *cmn.BitArray diff --git a/consensus/state.go b/consensus/state.go index 56070b03a..7b8c8e08f 100644 --- a/consensus/state.go +++ b/consensus/state.go @@ -771,17 +771,17 @@ func (cs *ConsensusState) enterPropose(height int64, round int) { return } - if !cs.isProposer() { - cs.Logger.Info("enterPropose: Not our turn to propose", "proposer", cs.Validators.GetProposer().Address, "privValidator", cs.privValidator) - if cs.Validators.HasAddress(cs.privValidator.GetAddress()) { - cs.Logger.Debug("This node is a validator") - } else { - cs.Logger.Debug("This node is not a validator") - } - } else { - cs.Logger.Info("enterPropose: Our turn to propose", "proposer", cs.Validators.GetProposer().Address, "privValidator", cs.privValidator) + if cs.Validators.HasAddress(cs.privValidator.GetAddress()) { cs.Logger.Debug("This node is a validator") + } else { + cs.Logger.Debug("This node is not a validator") + } + + if cs.isProposer() { + cs.Logger.Info("enterPropose: Our turn to propose", "proposer", cs.Validators.GetProposer().Address, "privValidator", cs.privValidator) cs.decideProposal(height, round) + } else { + cs.Logger.Info("enterPropose: Not our turn to propose", "proposer", cs.Validators.GetProposer().Address, "privValidator", cs.privValidator) } } diff --git a/consensus/types/height_vote_set.go b/consensus/types/height_vote_set.go index 1435cf421..17ef334db 100644 --- a/consensus/types/height_vote_set.go +++ b/consensus/types/height_vote_set.go @@ -1,6 +1,7 @@ package types import ( + "fmt" "strings" "sync" @@ -207,15 +208,15 @@ func (hvs *HeightVoteSet) StringIndented(indent string) string { // NOTE: if there are too many peers, or too much peer churn, // this can cause memory issues. // TODO: implement ability to remove peers too -func (hvs *HeightVoteSet) SetPeerMaj23(round int, type_ byte, peerID p2p.ID, blockID types.BlockID) { +func (hvs *HeightVoteSet) SetPeerMaj23(round int, type_ byte, peerID p2p.ID, blockID types.BlockID) error { hvs.mtx.Lock() defer hvs.mtx.Unlock() if !types.IsVoteTypeValid(type_) { - return + return fmt.Errorf("SetPeerMaj23: Invalid vote type %v", type_) } voteSet := hvs.getVoteSet(round, type_) if voteSet == nil { - return + return nil // something we don't know about yet } - voteSet.SetPeerMaj23(peerID, blockID) + return voteSet.SetPeerMaj23(peerID, blockID) } diff --git a/mempool/reactor.go b/mempool/reactor.go index 4523f824a..4e43bb0c5 100644 --- a/mempool/reactor.go +++ b/mempool/reactor.go @@ -101,8 +101,8 @@ type PeerState interface { } // Send new mempool txs to peer. -// TODO: Handle mempool or reactor shutdown? -// As is this routine may block forever if no new txs come in. +// TODO: Handle mempool or reactor shutdown - as is this routine +// may block forever if no new txs come in. func (memR *MempoolReactor) broadcastTxRoutine(peer p2p.Peer) { if !memR.config.Broadcast { return diff --git a/state/execution.go b/state/execution.go index 921799b80..56635da1b 100644 --- a/state/execution.go +++ b/state/execution.go @@ -190,11 +190,10 @@ func execBlockOnProxyApp(logger log.Logger, proxyAppConn proxy.AppConnConsensus, } } - // TODO: determine which validators were byzantine byzantineVals := make([]*abci.Evidence, len(block.Evidence.Evidence)) for i, ev := range block.Evidence.Evidence { byzantineVals[i] = &abci.Evidence{ - PubKey: ev.Address(), // XXX + PubKey: ev.Address(), // XXX/TODO Height: ev.Height(), } } diff --git a/types/validator_set.go b/types/validator_set.go index 3876c19d7..7e895aba0 100644 --- a/types/validator_set.go +++ b/types/validator_set.go @@ -21,7 +21,6 @@ import ( // upon calling .IncrementAccum(). // NOTE: Not goroutine-safe. // NOTE: All get/set to validators should copy the value for safety. -// TODO: consider validator Accum overflow type ValidatorSet struct { // NOTE: persisted via reflect, must be exported. Validators []*Validator `json:"validators"` diff --git a/types/vote_set.go b/types/vote_set.go index a97676f6e..584a45e65 100644 --- a/types/vote_set.go +++ b/types/vote_set.go @@ -291,7 +291,7 @@ func (voteSet *VoteSet) addVerifiedVote(vote *Vote, blockKey string, votingPower // this can cause memory issues. // TODO: implement ability to remove peers too // NOTE: VoteSet must not be nil -func (voteSet *VoteSet) SetPeerMaj23(peerID p2p.ID, blockID BlockID) { +func (voteSet *VoteSet) SetPeerMaj23(peerID p2p.ID, blockID BlockID) error { if voteSet == nil { cmn.PanicSanity("SetPeerMaj23() on nil VoteSet") } @@ -303,9 +303,10 @@ func (voteSet *VoteSet) SetPeerMaj23(peerID p2p.ID, blockID BlockID) { // Make sure peer hasn't already told us something. if existing, ok := voteSet.peerMaj23s[peerID]; ok { if existing.Equals(blockID) { - return // Nothing to do + return nil // Nothing to do } else { - return // TODO bad peer! + return fmt.Errorf("SetPeerMaj23: Received conflicting blockID from peer %v. Got %v, expected %v", + peerID, blockID, existing) } } voteSet.peerMaj23s[peerID] = blockID @@ -314,7 +315,7 @@ func (voteSet *VoteSet) SetPeerMaj23(peerID p2p.ID, blockID BlockID) { votesByBlock, ok := voteSet.votesByBlock[blockKey] if ok { if votesByBlock.peerMaj23 { - return // Nothing to do + return nil // Nothing to do } else { votesByBlock.peerMaj23 = true // No need to copy votes, already there. @@ -324,6 +325,7 @@ func (voteSet *VoteSet) SetPeerMaj23(peerID p2p.ID, blockID BlockID) { voteSet.votesByBlock[blockKey] = votesByBlock // No need to copy votes, no votes to copy over. } + return nil } func (voteSet *VoteSet) BitArray() *cmn.BitArray { From 3090b05eb43a31e3c653dc114c0b4d2185da30d5 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 21 Jan 2018 16:26:59 -0500 Subject: [PATCH 102/188] p2p: use conn.Close when peer is nil --- p2p/switch.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p2p/switch.go b/p2p/switch.go index 3f026556a..ccf2c5eb4 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -426,7 +426,7 @@ func (sw *Switch) listenerRoutine(l Listener) { func (sw *Switch) addInboundPeerWithConfig(conn net.Conn, config *PeerConfig) error { peer, err := newInboundPeer(conn, sw.reactorsByCh, sw.chDescs, sw.StopPeerForError, sw.nodeKey.PrivKey, config) if err != nil { - peer.CloseConn() + conn.Close() // peer is nil return err } peer.SetLogger(sw.Logger.With("peer", conn.RemoteAddr())) From dfdfd6c98ea41738864150ac657397775261e26e Mon Sep 17 00:00:00 2001 From: Zarko Milosevic Date: Mon, 22 Jan 2018 13:10:54 +0100 Subject: [PATCH 103/188] Small fix in example --- docs/specification/new-spec/proposer-selection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/specification/new-spec/proposer-selection.md b/docs/specification/new-spec/proposer-selection.md index a83cb65e1..01fa95b8a 100644 --- a/docs/specification/new-spec/proposer-selection.md +++ b/docs/specification/new-spec/proposer-selection.md @@ -18,7 +18,7 @@ with the total voting power N, during a sequence of rounds of size N, every proc equal to its voting power. We now look at a few particular cases to understand better how fairness should be implemented. -If we have 4 processes with the following voting power distribution (p0,4), (p1, 2), (p2, 3), (p3, 4) at some round r, +If we have 4 processes with the following voting power distribution (p0,4), (p1, 2), (p2, 2), (p3, 2) at some round r, we have the following sequence of proposer selections in the following rounds: `p0, p1, p2, p3, p0, p0, p1, p2, p3, p0, p0, p1, p2, p3, p0, p0, p1, p2, p3, p0, etc` From 5f3048bd09112219b1a870c781633dfc74f0df5f Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 23 Jan 2018 16:56:14 +0400 Subject: [PATCH 104/188] call FlushSync before calling CommitSync if we call it after, we might receive a "fresh" transaction from `broadcast_tx_sync` before old transactions (which were not committed). Refs #1091 ``` Commit is called with a lock on the mempool, meaning no calls to CheckTx can start. However, since CheckTx is called async in the mempool connection, some CheckTx might have already "sailed", when the lock is released in the mempool and Commit proceeds. Then, that spurious CheckTx has not yet "begun" in the ABCI app (stuck in transport?). Instead, ABCI app manages to start to process the Commit. Next, the spurious, "sailed" CheckTx happens in the wrong place. ``` --- mempool/mempool.go | 9 ++++++--- state/execution.go | 8 ++++++++ types/services.go | 2 ++ 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/mempool/mempool.go b/mempool/mempool.go index 04dbe50ad..0cdd1dee3 100644 --- a/mempool/mempool.go +++ b/mempool/mempool.go @@ -159,6 +159,12 @@ func (mem *Mempool) Size() int { return mem.txs.Len() } +// Flushes the mempool connection to ensure async resCb calls are done e.g. +// from CheckTx. +func (mem *Mempool) FlushAppConn() error { + return mem.proxyAppConn.FlushSync() +} + // Flush removes all transactions from the mempool and cache func (mem *Mempool) Flush() { mem.proxyMtx.Lock() @@ -347,9 +353,6 @@ func (mem *Mempool) collectTxs(maxTxs int) types.Txs { // NOTE: this should be called *after* block is committed by consensus. // NOTE: unsafe; Lock/Unlock must be managed by caller func (mem *Mempool) Update(height int64, txs types.Txs) error { - if err := mem.proxyAppConn.FlushSync(); err != nil { // To flush async resCb calls e.g. from CheckTx - return err - } // First, create a lookup map of txns in new txs. txsMap := make(map[string]struct{}) for _, tx := range txs { diff --git a/state/execution.go b/state/execution.go index 921799b80..6eb50f2f4 100644 --- a/state/execution.go +++ b/state/execution.go @@ -127,6 +127,14 @@ func (blockExec *BlockExecutor) Commit(block *types.Block) ([]byte, error) { blockExec.mempool.Lock() defer blockExec.mempool.Unlock() + // while mempool is Locked, flush to ensure all async requests have completed + // in the ABCI app before Commit. + err := blockExec.mempool.FlushAppConn() + if err != nil { + blockExec.logger.Error("Client error during mempool.FlushAppConn", "err", err) + return nil, err + } + // Commit block, get hash back res, err := blockExec.proxyApp.CommitSync() if err != nil { diff --git a/types/services.go b/types/services.go index 6900fae7d..6b2be8a5c 100644 --- a/types/services.go +++ b/types/services.go @@ -27,6 +27,7 @@ type Mempool interface { Reap(int) Txs Update(height int64, txs Txs) error Flush() + FlushAppConn() error TxsAvailable() <-chan int64 EnableTxsAvailable() @@ -44,6 +45,7 @@ func (m MockMempool) CheckTx(tx Tx, cb func(*abci.Response)) error { return nil func (m MockMempool) Reap(n int) Txs { return Txs{} } func (m MockMempool) Update(height int64, txs Txs) error { return nil } func (m MockMempool) Flush() {} +func (m MockMempool) FlushAppConn() error { return nil } func (m MockMempool) TxsAvailable() <-chan int64 { return make(chan int64) } func (m MockMempool) EnableTxsAvailable() {} From a745fe2eed41e03d60a004f0d3a493e9edeb0dfa Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 23 Jan 2018 20:37:38 +0400 Subject: [PATCH 105/188] mercy for developers with slow Internet --- circle.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/circle.yml b/circle.yml index 9d03bc46e..fd5fe180b 100644 --- a/circle.yml +++ b/circle.yml @@ -31,4 +31,5 @@ test: - cd "$PROJECT_PATH" && mv test_integrations.log "${CIRCLE_ARTIFACTS}" - cd "$PROJECT_PATH" && bash <(curl -s https://codecov.io/bash) -f coverage.txt - cd "$PROJECT_PATH" && mv coverage.txt "${CIRCLE_ARTIFACTS}" - - cd "$PROJECT_PATH" && cp test/logs/messages "${CIRCLE_ARTIFACTS}/docker_logs.txt" + - cd "$PROJECT_PATH" && cp test/logs/messages "${CIRCLE_ARTIFACTS}/docker.log" + - cd "${CIRCLE_ARTIFACTS}" && tar czf logs.tar.gz *.log From 21ce5856b3441dd6d5caca16c7a22c0ab3b27d86 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Tue, 23 Jan 2018 21:26:19 -0500 Subject: [PATCH 106/188] p2p: notes about ListenAddr --- p2p/node_info.go | 23 ++++++----------------- p2p/peer.go | 2 -- p2p/switch.go | 2 ++ 3 files changed, 8 insertions(+), 19 deletions(-) diff --git a/p2p/node_info.go b/p2p/node_info.go index 552c464d9..72873add8 100644 --- a/p2p/node_info.go +++ b/p2p/node_info.go @@ -2,8 +2,6 @@ package p2p import ( "fmt" - "net" - "strconv" "strings" crypto "github.com/tendermint/go-crypto" @@ -42,7 +40,8 @@ func (info NodeInfo) Validate(pubKey crypto.PubKey) error { return nil } -// CONTRACT: two nodes are compatible if the major/minor versions match and network match +// CompatibleWith checks if two NodeInfo are compatible with eachother. +// CONTRACT: two nodes are compatible if the major/minor versions match and network match. func (info NodeInfo) CompatibleWith(other NodeInfo) error { iMajor, iMinor, _, iErr := splitVersion(info.Version) oMajor, oMinor, _, oErr := splitVersion(other.Version) @@ -79,6 +78,10 @@ func (info NodeInfo) ID() ID { return PubKeyToID(info.PubKey) } +// NetAddress returns a NetAddress derived from the NodeInfo - +// it includes the authenticated peer ID and the self-reported +// ListenAddr. Note that the ListenAddr is not authenticated and +// may not match that address actually dialed if its an outbound peer. func (info NodeInfo) NetAddress() *NetAddress { id := PubKeyToID(info.PubKey) addr := info.ListenAddr @@ -89,20 +92,6 @@ func (info NodeInfo) NetAddress() *NetAddress { return netAddr } -func (info NodeInfo) ListenHost() string { - host, _, _ := net.SplitHostPort(info.ListenAddr) // nolint: errcheck, gas - return host -} - -func (info NodeInfo) ListenPort() int { - _, port, _ := net.SplitHostPort(info.ListenAddr) // nolint: errcheck, gas - port_i, err := strconv.Atoi(port) - if err != nil { - return -1 - } - return port_i -} - func (info NodeInfo) String() string { return fmt.Sprintf("NodeInfo{pk: %v, moniker: %v, network: %v [listen %v], version: %v (%v)}", info.PubKey, info.Moniker, info.Network, info.ListenAddr, info.Version, info.Other) } diff --git a/p2p/peer.go b/p2p/peer.go index 60f9dceba..e427b0d95 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -269,8 +269,6 @@ func (p *peer) HandshakeTimeout(ourNodeInfo NodeInfo, timeout time.Duration) err return errors.Wrap(err, "Error removing deadline") } - // TODO: fix the peerNodeInfo.ListenAddr - p.nodeInfo = peerNodeInfo return nil } diff --git a/p2p/switch.go b/p2p/switch.go index f29d1b273..fb9a6ac25 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -267,6 +267,8 @@ func (sw *Switch) stopAndRemovePeer(peer Peer, reason interface{}) { // If no success after all that, it stops trying, and leaves it // to the PEX/Addrbook to find the peer again func (sw *Switch) reconnectToPeer(peer Peer) { + // NOTE this will connect to the self reported address, + // not necessarily the original we dialed netAddr := peer.NodeInfo().NetAddress() start := time.Now() sw.Logger.Info("Reconnecting to peer", "peer", peer) From 775bb85efbcf29b85d6d553d5b71b160d6e4650e Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Tue, 23 Jan 2018 21:30:53 -0500 Subject: [PATCH 107/188] p2p/pex: wait to connect to all peers in reactor test --- p2p/pex/pex_reactor_test.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/p2p/pex/pex_reactor_test.go b/p2p/pex/pex_reactor_test.go index c52e45b47..82dafecd4 100644 --- a/p2p/pex/pex_reactor_test.go +++ b/p2p/pex/pex_reactor_test.go @@ -111,7 +111,7 @@ func TestPEXReactorRunning(t *testing.T) { require.Nil(t, err) } - assertSomePeersWithTimeout(t, switches, 10*time.Millisecond, 10*time.Second) + assertPeersWithTimeout(t, switches, 10*time.Millisecond, 10*time.Second, N-1) // stop them for _, s := range switches { @@ -119,7 +119,7 @@ func TestPEXReactorRunning(t *testing.T) { } } -func assertSomePeersWithTimeout(t *testing.T, switches []*p2p.Switch, checkPeriod, timeout time.Duration) { +func assertPeersWithTimeout(t *testing.T, switches []*p2p.Switch, checkPeriod, timeout time.Duration, nPeers int) { ticker := time.NewTicker(checkPeriod) remaining := timeout for { @@ -129,7 +129,7 @@ func assertSomePeersWithTimeout(t *testing.T, switches []*p2p.Switch, checkPerio allGood := true for _, s := range switches { outbound, inbound, _ := s.NumPeers() - if outbound+inbound == 0 { + if outbound+inbound < nPeers { allGood = false } } @@ -296,7 +296,7 @@ func TestPEXReactorUsesSeedsIfNeeded(t *testing.T) { defer sw.Stop() // 3. check that peer at least connects to seed - assertSomePeersWithTimeout(t, []*p2p.Switch{sw}, 10*time.Millisecond, 10*time.Second) + assertPeersWithTimeout(t, []*p2p.Switch{sw}, 10*time.Millisecond, 10*time.Second, 1) } func TestPEXReactorCrawlStatus(t *testing.T) { From 87087b8acd523889bde0714c3a8033535fbf47c0 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Tue, 23 Jan 2018 21:41:13 -0500 Subject: [PATCH 108/188] consensus: minor cosmetic --- consensus/state.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/consensus/state.go b/consensus/state.go index 7b8c8e08f..adf85d081 100644 --- a/consensus/state.go +++ b/consensus/state.go @@ -86,7 +86,7 @@ type ConsensusState struct { cstypes.RoundState state sm.State // State until height-1. - // state changes may be triggered by msgs from peers, + // state changes may be triggered by: msgs from peers, // msgs from ourself, or by timeouts peerMsgQueue chan msgInfo internalMsgQueue chan msgInfo @@ -771,11 +771,12 @@ func (cs *ConsensusState) enterPropose(height int64, round int) { return } - if cs.Validators.HasAddress(cs.privValidator.GetAddress()) { - cs.Logger.Debug("This node is a validator") - } else { + // if not a validator, we're done + if !cs.Validators.HasAddress(cs.privValidator.GetAddress()) { cs.Logger.Debug("This node is not a validator") + return } + cs.Logger.Debug("This node is a validator") if cs.isProposer() { cs.Logger.Info("enterPropose: Our turn to propose", "proposer", cs.Validators.GetProposer().Address, "privValidator", cs.privValidator) From 85816877c6775dcffa8eb187ead28eada5dcc653 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Tue, 23 Jan 2018 22:21:17 -0500 Subject: [PATCH 109/188] config: fix addrbook path to go in config --- config/config.go | 4 +++- p2p/pex/file.go | 4 ++-- p2p/pex/known_address.go | 14 +++++++------- test/p2p/pex/test_addrbook.sh | 8 ++++---- 4 files changed, 16 insertions(+), 14 deletions(-) diff --git a/config/config.go b/config/config.go index 072606b43..e34d9b959 100644 --- a/config/config.go +++ b/config/config.go @@ -22,11 +22,13 @@ var ( defaultGenesisJSONName = "genesis.json" defaultPrivValName = "priv_validator.json" defaultNodeKeyName = "node_key.json" + defaultAddrBookName = "addrbook.json" defaultConfigFilePath = filepath.Join(defaultConfigDir, defaultConfigFileName) defaultGenesisJSONPath = filepath.Join(defaultConfigDir, defaultGenesisJSONName) defaultPrivValPath = filepath.Join(defaultConfigDir, defaultPrivValName) defaultNodeKeyPath = filepath.Join(defaultConfigDir, defaultNodeKeyName) + defaultAddrBookPath = filepath.Join(defaultConfigDir, defaultAddrBookName) ) // Config defines the top level configuration for a Tendermint node @@ -278,7 +280,7 @@ type P2PConfig struct { func DefaultP2PConfig() *P2PConfig { return &P2PConfig{ ListenAddress: "tcp://0.0.0.0:46656", - AddrBook: "addrbook.json", + AddrBook: defaultAddrBookPath, AddrBookStrict: true, MaxNumPeers: 50, FlushThrottleTimeout: 100, diff --git a/p2p/pex/file.go b/p2p/pex/file.go index 521fcfcf7..38142dd9d 100644 --- a/p2p/pex/file.go +++ b/p2p/pex/file.go @@ -10,8 +10,8 @@ import ( /* Loading & Saving */ type addrBookJSON struct { - Key string - Addrs []*knownAddress + Key string `json:"key"` + Addrs []*knownAddress `json:"addrs"` } func (a *addrBook) saveToFile(filePath string) { diff --git a/p2p/pex/known_address.go b/p2p/pex/known_address.go index e26fdb7bd..085eb10fa 100644 --- a/p2p/pex/known_address.go +++ b/p2p/pex/known_address.go @@ -9,13 +9,13 @@ import ( // knownAddress tracks information about a known network address // that is used to determine how viable an address is. type knownAddress struct { - Addr *p2p.NetAddress - Src *p2p.NetAddress - Attempts int32 - LastAttempt time.Time - LastSuccess time.Time - BucketType byte - Buckets []int + Addr *p2p.NetAddress `json:"addr"` + Src *p2p.NetAddress `json:"src"` + Attempts int32 `json:"attempts"` + LastAttempt time.Time `json:"last_attempt"` + LastSuccess time.Time `json:"last_success"` + BucketType byte `json:"bucket_type"` + Buckets []int `json:"buckets"` } func newKnownAddress(addr *p2p.NetAddress, src *p2p.NetAddress) *knownAddress { diff --git a/test/p2p/pex/test_addrbook.sh b/test/p2p/pex/test_addrbook.sh index 1dd26b172..d54bcf428 100644 --- a/test/p2p/pex/test_addrbook.sh +++ b/test/p2p/pex/test_addrbook.sh @@ -17,18 +17,18 @@ CLIENT_NAME="pex_addrbook_$ID" echo "1. restart peer $ID" docker stop "local_testnet_$ID" # preserve addrbook.json -docker cp "local_testnet_$ID:/go/src/github.com/tendermint/tendermint/test/p2p/data/mach1/core/addrbook.json" "/tmp/addrbook.json" +docker cp "local_testnet_$ID:/go/src/github.com/tendermint/tendermint/test/p2p/data/mach1/core/config/addrbook.json" "/tmp/addrbook.json" set +e #CIRCLE docker rm -vf "local_testnet_$ID" set -e # NOTE that we do not provide persistent_peers bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$ID" "$PROXY_APP" "--p2p.pex --rpc.unsafe" -docker cp "/tmp/addrbook.json" "local_testnet_$ID:/go/src/github.com/tendermint/tendermint/test/p2p/data/mach1/core/addrbook.json" +docker cp "/tmp/addrbook.json" "local_testnet_$ID:/go/src/github.com/tendermint/tendermint/test/p2p/data/mach1/core/config/addrbook.json" echo "with the following addrbook:" cat /tmp/addrbook.json # exec doesn't work on circle -# docker exec "local_testnet_$ID" cat "/go/src/github.com/tendermint/tendermint/test/p2p/data/mach1/core/addrbook.json" +# docker exec "local_testnet_$ID" cat "/go/src/github.com/tendermint/tendermint/test/p2p/data/mach1/core/config/addrbook.json" echo "" # if the client runs forever, it means addrbook wasn't saved or was empty @@ -44,7 +44,7 @@ echo "1. restart peer $ID" docker stop "local_testnet_$ID" set +e #CIRCLE docker rm -vf "local_testnet_$ID" -set -e +set -e # NOTE that we do not provide persistent_peers bash test/p2p/peer.sh "$DOCKER_IMAGE" "$NETWORK_NAME" "$ID" "$PROXY_APP" "--p2p.pex --rpc.unsafe" From 8f3bd3f2095b32f1e8fdac8044995303d9f590d4 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Tue, 23 Jan 2018 22:25:39 -0500 Subject: [PATCH 110/188] p2p: addrBook.Save() on DialPeersAsync --- p2p/pex/addrbook.go | 9 +++++++++ p2p/switch.go | 4 ++++ 2 files changed, 13 insertions(+) diff --git a/p2p/pex/addrbook.go b/p2p/pex/addrbook.go index b7f60682d..3a3be6e44 100644 --- a/p2p/pex/addrbook.go +++ b/p2p/pex/addrbook.go @@ -27,6 +27,7 @@ const ( // AddrBook is an address book used for tracking peers // so we can gossip about them to others and select // peers to dial. +// TODO: break this up? type AddrBook interface { cmn.Service @@ -53,6 +54,9 @@ type AddrBook interface { // TODO: remove ListOfKnownAddresses() []*knownAddress + + // Persist to disk + Save() } var _ AddrBook = (*addrBook)(nil) @@ -314,6 +318,11 @@ func (a *addrBook) size() int { //---------------------------------------------------------- +// Save persists the address book to disk. +func (a *addrBook) Save() { + a.saveToFile(a.filePath) // thread safe +} + func (a *addrBook) saveRoutine() { defer a.wg.Done() diff --git a/p2p/switch.go b/p2p/switch.go index fb9a6ac25..7b09279ce 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -35,6 +35,7 @@ const ( type AddrBook interface { AddAddress(addr *NetAddress, src *NetAddress) error + Save() } //----------------------------------------------------------------------------- @@ -337,6 +338,9 @@ func (sw *Switch) DialPeersAsync(addrBook AddrBook, peers []string, persistent b // TODO: move this out of here ? addrBook.AddAddress(netAddr, ourAddr) } + // Persist some peers to disk right away. + // NOTE: integration tests depend on this + addrBook.Save() } // permute the list, dial them in random order. From 4051391039735ec919b42c90e7718448ab38bb61 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Tue, 23 Jan 2018 22:06:40 -0500 Subject: [PATCH 111/188] blockchain: test wip for hard to test functionality [ci skip] --- blockchain/reactor_test.go | 47 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 45 insertions(+), 2 deletions(-) diff --git a/blockchain/reactor_test.go b/blockchain/reactor_test.go index 6f5b14ff3..26747ea69 100644 --- a/blockchain/reactor_test.go +++ b/blockchain/reactor_test.go @@ -49,7 +49,7 @@ func newBlockchainReactor(logger log.Logger, maxBlockHeight int64) *BlockchainRe return bcReactor } -func TestNoBlockMessageResponse(t *testing.T) { +func TestNoBlockResponse(t *testing.T) { maxBlockHeight := int64(20) bcr := newBlockchainReactor(log.TestingLogger(), maxBlockHeight) @@ -73,7 +73,7 @@ func TestNoBlockMessageResponse(t *testing.T) { } // receive a request message from peer, - // wait to hear response + // wait for our response to be received on the peer for _, tt := range tests { reqBlockMsg := &bcBlockRequestMessage{tt.height} reqBlockBytes := wire.BinaryBytes(struct{ BlockchainMessage }{reqBlockMsg}) @@ -97,6 +97,49 @@ func TestNoBlockMessageResponse(t *testing.T) { } } +/* +// NOTE: This is too hard to test without +// an easy way to add test peer to switch +// or without significant refactoring of the module. +// Alternatively we could actually dial a TCP conn but +// that seems extreme. +func TestBadBlockStopsPeer(t *testing.T) { + maxBlockHeight := int64(20) + + bcr := newBlockchainReactor(log.TestingLogger(), maxBlockHeight) + bcr.Start() + defer bcr.Stop() + + // Add some peers in + peer := newbcrTestPeer(p2p.ID(cmn.RandStr(12))) + + // XXX: This doesn't add the peer to anything, + // so it's hard to check that it's later removed + bcr.AddPeer(peer) + assert.True(t, bcr.Switch.Peers().Size() > 0) + + // send a bad block from the peer + // default blocks already dont have commits, so should fail + block := bcr.store.LoadBlock(3) + msg := &bcBlockResponseMessage{Block: block} + peer.Send(BlockchainChannel, struct{ BlockchainMessage }{msg}) + + ticker := time.NewTicker(time.Millisecond * 10) + timer := time.NewTimer(time.Second * 2) +LOOP: + for { + select { + case <-ticker.C: + if bcr.Switch.Peers().Size() == 0 { + break LOOP + } + case <-timer.C: + t.Fatal("Timed out waiting to disconnect peer") + } + } +} +*/ + //---------------------------------------------- // utility funcs From 50129ad8aca2517d1d4fbde7d3fbc7ec384f374b Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 21 Jan 2018 11:45:04 -0500 Subject: [PATCH 112/188] p2p: add Channels to NodeInfo and don't send for unknown channels --- node/node.go | 40 +++++++++++++++++++++++++--------------- p2p/node_info.go | 47 ++++++++++++++++++++++++++++++++++++++++++----- p2p/peer.go | 27 +++++++++++++++++++++++++-- 3 files changed, 92 insertions(+), 22 deletions(-) diff --git a/node/node.go b/node/node.go index bdbf12f82..b02012f98 100644 --- a/node/node.go +++ b/node/node.go @@ -18,7 +18,7 @@ import ( bc "github.com/tendermint/tendermint/blockchain" cfg "github.com/tendermint/tendermint/config" - "github.com/tendermint/tendermint/consensus" + cs "github.com/tendermint/tendermint/consensus" "github.com/tendermint/tendermint/evidence" mempl "github.com/tendermint/tendermint/mempool" "github.com/tendermint/tendermint/p2p" @@ -104,14 +104,14 @@ type Node struct { // services eventBus *types.EventBus // pub/sub for services stateDB dbm.DB - blockStore *bc.BlockStore // store the blockchain to disk - bcReactor *bc.BlockchainReactor // for fast-syncing - mempoolReactor *mempl.MempoolReactor // for gossipping transactions - consensusState *consensus.ConsensusState // latest consensus state - consensusReactor *consensus.ConsensusReactor // for participating in the consensus - evidencePool *evidence.EvidencePool // tracking evidence - proxyApp proxy.AppConns // connection to the application - rpcListeners []net.Listener // rpc servers + blockStore *bc.BlockStore // store the blockchain to disk + bcReactor *bc.BlockchainReactor // for fast-syncing + mempoolReactor *mempl.MempoolReactor // for gossipping transactions + consensusState *cs.ConsensusState // latest consensus state + consensusReactor *cs.ConsensusReactor // for participating in the consensus + evidencePool *evidence.EvidencePool // tracking evidence + proxyApp proxy.AppConns // connection to the application + rpcListeners []net.Listener // rpc servers txIndexer txindex.TxIndexer indexerService *txindex.IndexerService } @@ -159,7 +159,7 @@ func NewNode(config *cfg.Config, // and sync tendermint and the app by performing a handshake // and replaying any necessary blocks consensusLogger := logger.With("module", "consensus") - handshaker := consensus.NewHandshaker(stateDB, state, blockStore) + handshaker := cs.NewHandshaker(stateDB, state, blockStore) handshaker.SetLogger(consensusLogger) proxyApp := proxy.NewAppConns(clientCreator, handshaker) proxyApp.SetLogger(logger.With("module", "proxy")) @@ -220,13 +220,13 @@ func NewNode(config *cfg.Config, bcReactor.SetLogger(logger.With("module", "blockchain")) // Make ConsensusReactor - consensusState := consensus.NewConsensusState(config.Consensus, state.Copy(), + consensusState := cs.NewConsensusState(config.Consensus, state.Copy(), blockExec, blockStore, mempool, evidencePool) consensusState.SetLogger(consensusLogger) if privValidator != nil { consensusState.SetPrivValidator(privValidator) } - consensusReactor := consensus.NewConsensusReactor(consensusState, fastSync) + consensusReactor := cs.NewConsensusReactor(consensusState, fastSync) consensusReactor.SetLogger(consensusLogger) p2pLogger := logger.With("module", "p2p") @@ -503,12 +503,12 @@ func (n *Node) BlockStore() *bc.BlockStore { } // ConsensusState returns the Node's ConsensusState. -func (n *Node) ConsensusState() *consensus.ConsensusState { +func (n *Node) ConsensusState() *cs.ConsensusState { return n.consensusState } // ConsensusReactor returns the Node's ConsensusReactor. -func (n *Node) ConsensusReactor() *consensus.ConsensusReactor { +func (n *Node) ConsensusReactor() *cs.ConsensusReactor { return n.consensusReactor } @@ -552,16 +552,26 @@ func (n *Node) makeNodeInfo(pubKey crypto.PubKey) p2p.NodeInfo { PubKey: pubKey, Network: n.genesisDoc.ChainID, Version: version.Version, + Channels: []byte{ + bc.BlockchainChannel, + cs.StateChannel, cs.DataChannel, cs.VoteChannel, cs.VoteSetBitsChannel, + mempl.MempoolChannel, + evidence.EvidenceChannel, + }, Moniker: n.config.Moniker, Other: []string{ cmn.Fmt("wire_version=%v", wire.Version), cmn.Fmt("p2p_version=%v", p2p.Version), - cmn.Fmt("consensus_version=%v", consensus.Version), + cmn.Fmt("consensus_version=%v", cs.Version), cmn.Fmt("rpc_version=%v/%v", rpc.Version, rpccore.Version), cmn.Fmt("tx_index=%v", txIndexerStatus), }, } + if n.config.P2P.PexReactor { + nodeInfo.Channels = append(nodeInfo.Channels, pex.PexChannel) + } + rpcListenAddr := n.config.RPC.ListenAddress nodeInfo.Other = append(nodeInfo.Other, cmn.Fmt("rpc_addr=%v", rpcListenAddr)) diff --git a/p2p/node_info.go b/p2p/node_info.go index 72873add8..205c63ac8 100644 --- a/p2p/node_info.go +++ b/p2p/node_info.go @@ -7,7 +7,10 @@ import ( crypto "github.com/tendermint/go-crypto" ) -const maxNodeInfoSize = 10240 // 10Kb +const ( + maxNodeInfoSize = 10240 // 10Kb + maxNumChannels = 16 // plenty of room for upgrades, for now +) func MaxNodeInfoSize() int { return maxNodeInfoSize @@ -21,8 +24,9 @@ type NodeInfo struct { ListenAddr string `json:"listen_addr"` // accepting incoming // Check compatibility - Network string `json:"network"` // network/chain ID - Version string `json:"version"` // major.minor.revision + Network string `json:"network"` // network/chain ID + Version string `json:"version"` // major.minor.revision + Channels []byte `json:"channels"` // channels this node knows about // Sanitize Moniker string `json:"moniker"` // arbitrary moniker @@ -30,18 +34,33 @@ type NodeInfo struct { } // Validate checks the self-reported NodeInfo is safe. -// It returns an error if the info.PubKey doesn't match the given pubKey. +// It returns an error if the info.PubKey doesn't match the given pubKey, +// or if there are too many Channels or any duplicate Channels. // TODO: constraints for Moniker/Other? Or is that for the UI ? func (info NodeInfo) Validate(pubKey crypto.PubKey) error { if !info.PubKey.Equals(pubKey) { return fmt.Errorf("info.PubKey (%v) doesn't match peer.PubKey (%v)", info.PubKey, pubKey) } + + if len(info.Channels) > maxNumChannels { + return fmt.Errorf("info.Channels is too long (%v). Max is %v", len(info.Channels), maxNumChannels) + } + + channels := make(map[byte]struct{}) + for _, ch := range info.Channels { + _, ok := channels[ch] + if ok { + return fmt.Errorf("info.Channels contains duplicate channel id %v", ch) + } + channels[ch] = struct{}{} + } return nil } // CompatibleWith checks if two NodeInfo are compatible with eachother. -// CONTRACT: two nodes are compatible if the major/minor versions match and network match. +// CONTRACT: two nodes are compatible if the major/minor versions match and network match +// and they have at least one channel in common. func (info NodeInfo) CompatibleWith(other NodeInfo) error { iMajor, iMinor, _, iErr := splitVersion(info.Version) oMajor, oMinor, _, oErr := splitVersion(other.Version) @@ -71,6 +90,24 @@ func (info NodeInfo) CompatibleWith(other NodeInfo) error { return fmt.Errorf("Peer is on a different network. Got %v, expected %v", other.Network, info.Network) } + // if we have no channels, we're just testing + if len(info.Channels) == 0 { + return nil + } + + // for each of our channels, check if they have it + found := false + for _, ch1 := range info.Channels { + for _, ch2 := range other.Channels { + if ch1 == ch2 { + found = true + break // only need one + } + } + } + if !found { + return fmt.Errorf("Peer has no common channels. Our channels: %v ; Peer channels: %v", info.Channels, other.Channels) + } return nil } diff --git a/p2p/peer.go b/p2p/peer.go index e427b0d95..1fa937afc 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -48,7 +48,8 @@ type peer struct { persistent bool config *PeerConfig - nodeInfo NodeInfo + nodeInfo NodeInfo // peer's node info + channels []byte // channels the peer knows about Data *cmn.CMap // User data. } @@ -204,6 +205,8 @@ func (p *peer) Send(chID byte, msg interface{}) bool { // see Switch#Broadcast, where we fetch the list of peers and loop over // them - while we're looping, one peer may be removed and stopped. return false + } else if !p.hasChannel(chID) { + return false } return p.mconn.Send(chID, msg) } @@ -213,6 +216,8 @@ func (p *peer) Send(chID byte, msg interface{}) bool { func (p *peer) TrySend(chID byte, msg interface{}) bool { if !p.IsRunning() { return false + } else if !p.hasChannel(chID) { + return false } return p.mconn.TrySend(chID, msg) } @@ -227,6 +232,17 @@ func (p *peer) Set(key string, data interface{}) { p.Data.Set(key, data) } +// hasChannel returns true if the peer reported +// knowing about the given chID. +func (p *peer) hasChannel(chID byte) bool { + for _, ch := range p.channels { + if ch == chID { + return true + } + } + return false +} + //--------------------------------------------------- // methods used by the Switch @@ -269,10 +285,17 @@ func (p *peer) HandshakeTimeout(ourNodeInfo NodeInfo, timeout time.Duration) err return errors.Wrap(err, "Error removing deadline") } - p.nodeInfo = peerNodeInfo + p.setNodeInfo(peerNodeInfo) return nil } +func (p *peer) setNodeInfo(nodeInfo NodeInfo) { + p.nodeInfo = nodeInfo + // cache the channels so we dont copy nodeInfo + // every time we check hasChannel + p.channels = nodeInfo.Channels +} + // Addr returns peer's remote network address. func (p *peer) Addr() net.Addr { return p.conn.RemoteAddr() From 260affd03773c5bd6e112e110d48fe2e3cf72927 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sun, 21 Jan 2018 18:19:38 -0500 Subject: [PATCH 113/188] docs consolidation --- docs/specification/new-spec/README.md | 27 ++++++---- docs/specification/new-spec/blockchain.md | 38 ++++++++++++-- .../block_sync/impl.md} | 44 ----------------- .../new-spec/reactors/block_sync/reactor.md | 49 +++++++++++++++++++ .../consensus}/consensus-reactor.md | 0 .../{ => reactors/consensus}/consensus.md | 0 .../consensus}/proposer-selection.md | 0 .../new-spec/reactors/mempool}/README.md | 0 .../new-spec/reactors/mempool}/concurrency.md | 0 .../new-spec/reactors/mempool}/config.md | 0 .../reactors/mempool}/functionality.md | 0 .../new-spec/reactors/mempool}/messages.md | 0 .../new-spec/{p2p => reactors/pex}/pex.md | 0 docs/specification/new-spec/state.md | 38 ++++---------- 14 files changed, 108 insertions(+), 88 deletions(-) rename docs/specification/new-spec/{blockchain_reactor.md => reactors/block_sync/impl.md} (61%) create mode 100644 docs/specification/new-spec/reactors/block_sync/reactor.md rename docs/specification/new-spec/{ => reactors/consensus}/consensus-reactor.md (100%) rename docs/specification/new-spec/{ => reactors/consensus}/consensus.md (100%) rename docs/specification/new-spec/{ => reactors/consensus}/proposer-selection.md (100%) rename {mempool/docs => docs/specification/new-spec/reactors/mempool}/README.md (100%) rename {mempool/docs => docs/specification/new-spec/reactors/mempool}/concurrency.md (100%) rename {mempool/docs => docs/specification/new-spec/reactors/mempool}/config.md (100%) rename {mempool/docs => docs/specification/new-spec/reactors/mempool}/functionality.md (100%) rename {mempool/docs => docs/specification/new-spec/reactors/mempool}/messages.md (100%) rename docs/specification/new-spec/{p2p => reactors/pex}/pex.md (100%) diff --git a/docs/specification/new-spec/README.md b/docs/specification/new-spec/README.md index 179048ddd..5b2f50cdd 100644 --- a/docs/specification/new-spec/README.md +++ b/docs/specification/new-spec/README.md @@ -1,7 +1,8 @@ # Tendermint Specification This is a markdown specification of the Tendermint blockchain. -It defines the base data structures used in the blockchain and how they are validated. +It defines the base data structures, how they are validated, +and how they are communicated over the network. XXX: this spec is a work in progress and not yet complete - see github [isses](https://github.com/tendermint/tendermint/issues) and @@ -14,12 +15,25 @@ please submit them to our [bug bounty](https://tendermint.com/security)! ## Contents +### Data Structures + - [Overview](#overview) - [Encoding and Digests](encoding.md) - [Blockchain](blockchain.md) - [State](state.md) -- [Consensus](consensus.md) -- [P2P](p2p/node.md) + +### P2P and Network Protocols + +- [The Base P2P Layer](p2p/README.md): multiplex the protocols ("reactors") on authenticated and encrypted TCP conns +- [Peer Exchange (PEX)](pex/README.md): gossip known peer addresses so peers can find eachother +- [Block Sync](block_sync/README.md): gossip blocks so peers can catch up quickly +- [Consensus](consensus/README.md): gossip votes and block parts so new blocks can be committed +- [Mempool](mempool/README.md): gossip transactions so they get included in blocks +- [Evidence](evidence/README.md): TODO + +### More +- [Light Client](light_client/README.md): TODO +- [Persistence](persistence/README.md): TODO ## Overview @@ -60,10 +74,3 @@ Also note that information like the transaction results and the validator set ar directly included in the block - only their cryptographic digests (Merkle roots) are. Hence, verification of a block requires a separate data structure to store this information. We call this the `State`. Block verification also requires access to the previous block. - -## TODO - -- Light Client -- P2P -- Reactor protocols (consensus, mempool, blockchain, pex) - diff --git a/docs/specification/new-spec/blockchain.md b/docs/specification/new-spec/blockchain.md index f029d7d47..93e4df6db 100644 --- a/docs/specification/new-spec/blockchain.md +++ b/docs/specification/new-spec/blockchain.md @@ -10,7 +10,7 @@ The Tendermint blockchains consists of a short list of basic data types: ## Block A block consists of a header, a list of transactions, a list of votes (the commit), -and a list of evidence if malfeasance (ie. signing conflicting votes). +and a list of evidence of malfeasance (ie. signing conflicting votes). ```go type Block struct { @@ -366,10 +366,10 @@ against the given signature and message bytes. ## Evidence +TODO ``` - - +TODO ``` Every piece of evidence contains two conflicting votes from a single validator that @@ -384,7 +384,35 @@ Once a block is validated, it can be executed against the state. The state follows the recursive equation: ```go -app = NewABCIApp state(1) = InitialState -state(h+1) <- Execute(state(h), app, block(h)) +state(h+1) <- Execute(state(h), ABCIApp, block(h)) ``` + +Where `InitialState` includes the initial consensus parameters and validator set, +and `ABCIApp` is an ABCI application that can return results and changes to the validator +set (TODO). Execute is defined as: + +```go +Execute(s State, app ABCIApp, block Block) State { + TODO: just spell out ApplyBlock here + and remove ABCIResponses struct. + abciResponses := app.ApplyBlock(block) + + return State{ + LastResults: abciResponses.DeliverTxResults, + AppHash: abciResponses.AppHash, + Validators: UpdateValidators(state.Validators, abciResponses.ValidatorChanges), + LastValidators: state.Validators, + ConsensusParams: UpdateConsensusParams(state.ConsensusParams, abci.Responses.ConsensusParamChanges), + } +} + +type ABCIResponses struct { + DeliverTxResults []Result + ValidatorChanges []Validator + ConsensusParamChanges ConsensusParams + AppHash []byte +} +``` + + diff --git a/docs/specification/new-spec/blockchain_reactor.md b/docs/specification/new-spec/reactors/block_sync/impl.md similarity index 61% rename from docs/specification/new-spec/blockchain_reactor.md rename to docs/specification/new-spec/reactors/block_sync/impl.md index 5633eb050..6be61a33a 100644 --- a/docs/specification/new-spec/blockchain_reactor.md +++ b/docs/specification/new-spec/reactors/block_sync/impl.md @@ -1,47 +1,3 @@ -# Blockchain Reactor - -The Blockchain Reactor's high level responsibility is to enable peers who are -far behind the current state of the consensus to quickly catch up by downloading -many blocks in parallel, verifying their commits, and executing them against the -ABCI application. - -Tendermint full nodes run the Blockchain Reactor as a service to provide blocks -to new nodes. New nodes run the Blockchain Reactor in "fast_sync" mode, -where they actively make requests for more blocks until they sync up. -Once caught up, they disable "fast_sync" mode, and turn on the Consensus Reactor. - -## Message Types - -```go -const ( - msgTypeBlockRequest = byte(0x10) - msgTypeBlockResponse = byte(0x11) - msgTypeNoBlockResponse = byte(0x12) - msgTypeStatusResponse = byte(0x20) - msgTypeStatusRequest = byte(0x21) -) -``` - -```go -type bcBlockRequestMessage struct { - Height int64 -} - -type bcNoBlockResponseMessage struct { - Height int64 -} - -type bcBlockResponseMessage struct { - Block Block -} - -type bcStatusRequestMessage struct { - Height int64 - -type bcStatusResponseMessage struct { - Height int64 -} -``` ## Blockchain Reactor diff --git a/docs/specification/new-spec/reactors/block_sync/reactor.md b/docs/specification/new-spec/reactors/block_sync/reactor.md new file mode 100644 index 000000000..11297d024 --- /dev/null +++ b/docs/specification/new-spec/reactors/block_sync/reactor.md @@ -0,0 +1,49 @@ +# Blockchain Reactor + +The Blockchain Reactor's high level responsibility is to enable peers who are +far behind the current state of the consensus to quickly catch up by downloading +many blocks in parallel, verifying their commits, and executing them against the +ABCI application. + +Tendermint full nodes run the Blockchain Reactor as a service to provide blocks +to new nodes. New nodes run the Blockchain Reactor in "fast_sync" mode, +where they actively make requests for more blocks until they sync up. +Once caught up, "fast_sync" mode is disabled and the node switches to +using the Consensus Reactor. , and turn on the Consensus Reactor. + +## Message Types + +```go +const ( + msgTypeBlockRequest = byte(0x10) + msgTypeBlockResponse = byte(0x11) + msgTypeNoBlockResponse = byte(0x12) + msgTypeStatusResponse = byte(0x20) + msgTypeStatusRequest = byte(0x21) +) +``` + +```go +type bcBlockRequestMessage struct { + Height int64 +} + +type bcNoBlockResponseMessage struct { + Height int64 +} + +type bcBlockResponseMessage struct { + Block Block +} + +type bcStatusRequestMessage struct { + Height int64 + +type bcStatusResponseMessage struct { + Height int64 +} +``` + +## Protocol + +TODO diff --git a/docs/specification/new-spec/consensus-reactor.md b/docs/specification/new-spec/reactors/consensus/consensus-reactor.md similarity index 100% rename from docs/specification/new-spec/consensus-reactor.md rename to docs/specification/new-spec/reactors/consensus/consensus-reactor.md diff --git a/docs/specification/new-spec/consensus.md b/docs/specification/new-spec/reactors/consensus/consensus.md similarity index 100% rename from docs/specification/new-spec/consensus.md rename to docs/specification/new-spec/reactors/consensus/consensus.md diff --git a/docs/specification/new-spec/proposer-selection.md b/docs/specification/new-spec/reactors/consensus/proposer-selection.md similarity index 100% rename from docs/specification/new-spec/proposer-selection.md rename to docs/specification/new-spec/reactors/consensus/proposer-selection.md diff --git a/mempool/docs/README.md b/docs/specification/new-spec/reactors/mempool/README.md similarity index 100% rename from mempool/docs/README.md rename to docs/specification/new-spec/reactors/mempool/README.md diff --git a/mempool/docs/concurrency.md b/docs/specification/new-spec/reactors/mempool/concurrency.md similarity index 100% rename from mempool/docs/concurrency.md rename to docs/specification/new-spec/reactors/mempool/concurrency.md diff --git a/mempool/docs/config.md b/docs/specification/new-spec/reactors/mempool/config.md similarity index 100% rename from mempool/docs/config.md rename to docs/specification/new-spec/reactors/mempool/config.md diff --git a/mempool/docs/functionality.md b/docs/specification/new-spec/reactors/mempool/functionality.md similarity index 100% rename from mempool/docs/functionality.md rename to docs/specification/new-spec/reactors/mempool/functionality.md diff --git a/mempool/docs/messages.md b/docs/specification/new-spec/reactors/mempool/messages.md similarity index 100% rename from mempool/docs/messages.md rename to docs/specification/new-spec/reactors/mempool/messages.md diff --git a/docs/specification/new-spec/p2p/pex.md b/docs/specification/new-spec/reactors/pex/pex.md similarity index 100% rename from docs/specification/new-spec/p2p/pex.md rename to docs/specification/new-spec/reactors/pex/pex.md diff --git a/docs/specification/new-spec/state.md b/docs/specification/new-spec/state.md index 3594de57b..abd32edba 100644 --- a/docs/specification/new-spec/state.md +++ b/docs/specification/new-spec/state.md @@ -3,10 +3,15 @@ ## State The state contains information whose cryptographic digest is included in block headers, and thus is -necessary for validating new blocks. For instance, the Merkle root of the results from executing the -previous block, or the Merkle root of the current validators. While neither the results of -transactions now the validators are ever included in the blockchain itself, the Merkle roots are, -and hence we need a separate data structure to track them. +necessary for validating new blocks. For instance, the set of validators and the results of +transactions are never included in blocks, but their Merkle roots are - the state keeps track of them. + +Note that the `State` object itself is an implementation detail, since it is never +included in a block or gossipped over the network, and we never compute +its hash. However, the types it contains are part of the specification, since +their Merkle roots are included in blocks. + +For details on an implementation of `State` with persistence, see TODO ```go type State struct { @@ -77,28 +82,3 @@ TODO: TODO: -## Execution - -We define an `Execute` function that takes a state and a block, -executes the block against the application, and returns an updated state. - -```go -Execute(s State, app ABCIApp, block Block) State { - abciResponses := app.ApplyBlock(block) - - return State{ - LastResults: abciResponses.DeliverTxResults, - AppHash: abciResponses.AppHash, - Validators: UpdateValidators(state.Validators, abciResponses.ValidatorChanges), - LastValidators: state.Validators, - ConsensusParams: UpdateConsensusParams(state.ConsensusParams, abci.Responses.ConsensusParamChanges), - } -} - -type ABCIResponses struct { - DeliverTxResults []Result - ValidatorChanges []Validator - ConsensusParamChanges ConsensusParams - AppHash []byte -} -``` From 99034904f81a368ce152e041a1ce2b3bb9b00e27 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Tue, 23 Jan 2018 23:40:33 -0500 Subject: [PATCH 114/188] p2p: fix tests for required channels --- p2p/peer.go | 3 +++ p2p/peer_test.go | 20 ++++++++++++-------- p2p/test_util.go | 18 +++++++++++------- 3 files changed, 26 insertions(+), 15 deletions(-) diff --git a/p2p/peer.go b/p2p/peer.go index 1fa937afc..67ce411cd 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -240,6 +240,9 @@ func (p *peer) hasChannel(chID byte) bool { return true } } + // NOTE: probably will want to remove this + // but could be helpful while the feature is new + p.Logger.Debug("Unknown channel for peer", "channel", chID, "channels", p.channels) return false } diff --git a/p2p/peer_test.go b/p2p/peer_test.go index 978775c8e..a2f5ed05f 100644 --- a/p2p/peer_test.go +++ b/p2p/peer_test.go @@ -13,6 +13,8 @@ import ( tmconn "github.com/tendermint/tendermint/p2p/conn" ) +const testCh = 0x01 + func TestPeerBasic(t *testing.T) { assert, require := assert.New(t), require.New(t) @@ -77,25 +79,26 @@ func TestPeerSend(t *testing.T) { defer p.Stop() - assert.True(p.CanSend(0x01)) - assert.True(p.Send(0x01, "Asylum")) + assert.True(p.CanSend(testCh)) + assert.True(p.Send(testCh, "Asylum")) } func createOutboundPeerAndPerformHandshake(addr *NetAddress, config *PeerConfig) (*peer, error) { chDescs := []*tmconn.ChannelDescriptor{ - {ID: 0x01, Priority: 1}, + {ID: testCh, Priority: 1}, } - reactorsByCh := map[byte]Reactor{0x01: NewTestReactor(chDescs, true)} + reactorsByCh := map[byte]Reactor{testCh: NewTestReactor(chDescs, true)} pk := crypto.GenPrivKeyEd25519().Wrap() p, err := newOutboundPeer(addr, reactorsByCh, chDescs, func(p Peer, r interface{}) {}, pk, config, false) if err != nil { return nil, err } err = p.HandshakeTimeout(NodeInfo{ - PubKey: pk.PubKey(), - Moniker: "host_peer", - Network: "testing", - Version: "123.123.123", + PubKey: pk.PubKey(), + Moniker: "host_peer", + Network: "testing", + Version: "123.123.123", + Channels: []byte{testCh}, }, 1*time.Second) if err != nil { return nil, err @@ -148,6 +151,7 @@ func (p *remotePeer) accept(l net.Listener) { Network: "testing", Version: "123.123.123", ListenAddr: l.Addr().String(), + Channels: []byte{testCh}, }, 1*time.Second) if err != nil { golog.Fatalf("Failed to perform handshake: %+v", err) diff --git a/p2p/test_util.go b/p2p/test_util.go index c4c0fe0b7..dea48dfd3 100644 --- a/p2p/test_util.go +++ b/p2p/test_util.go @@ -132,16 +132,20 @@ func MakeSwitch(cfg *cfg.P2PConfig, i int, network, version string, initSwitch f nodeKey := &NodeKey{ PrivKey: crypto.GenPrivKeyEd25519().Wrap(), } - s := NewSwitch(cfg) - s.SetLogger(log.TestingLogger()) - s = initSwitch(i, s) - s.SetNodeInfo(NodeInfo{ + sw := NewSwitch(cfg) + sw.SetLogger(log.TestingLogger()) + sw = initSwitch(i, sw) + ni := NodeInfo{ PubKey: nodeKey.PubKey(), Moniker: cmn.Fmt("switch%d", i), Network: network, Version: version, ListenAddr: cmn.Fmt("%v:%v", network, rand.Intn(64512)+1023), - }) - s.SetNodeKey(nodeKey) - return s + } + for ch, _ := range sw.reactorsByCh { + ni.Channels = append(ni.Channels, ch) + } + sw.SetNodeInfo(ni) + sw.SetNodeKey(nodeKey) + return sw } From b6eb275b22daab5583a0c4a30e9252db67a7c5a2 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Wed, 24 Jan 2018 14:27:37 -0500 Subject: [PATCH 115/188] p2p: fix break in double loop --- p2p/node_info.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/p2p/node_info.go b/p2p/node_info.go index 205c63ac8..a5bb9da53 100644 --- a/p2p/node_info.go +++ b/p2p/node_info.go @@ -97,11 +97,12 @@ func (info NodeInfo) CompatibleWith(other NodeInfo) error { // for each of our channels, check if they have it found := false +OUTER_LOOP: for _, ch1 := range info.Channels { for _, ch2 := range other.Channels { if ch1 == ch2 { found = true - break // only need one + break OUTER_LOOP // only need one } } } From 3ae26bd6e6fdf4685e32960d9959da026c0ac435 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Wed, 24 Jan 2018 23:34:57 -0500 Subject: [PATCH 116/188] consensus: fix SetLogger in tests --- config/config.go | 2 +- consensus/byzantine_test.go | 4 +++- consensus/common_test.go | 17 ++++------------- consensus/reactor_test.go | 2 +- 4 files changed, 9 insertions(+), 16 deletions(-) diff --git a/config/config.go b/config/config.go index e34d9b959..6395c60fd 100644 --- a/config/config.go +++ b/config/config.go @@ -451,7 +451,7 @@ func TestConsensusConfig() *ConsensusConfig { config.TimeoutCommit = 10 config.SkipTimeoutCommit = true config.PeerGossipSleepDuration = 5 - config.PeerQueryMaj23SleepDuration = 50 + config.PeerQueryMaj23SleepDuration = 250 return config } diff --git a/consensus/byzantine_test.go b/consensus/byzantine_test.go index 2f5f3f76c..38df1ecc1 100644 --- a/consensus/byzantine_test.go +++ b/consensus/byzantine_test.go @@ -33,7 +33,9 @@ func TestByzantine(t *testing.T) { css := randConsensusNet(N, "consensus_byzantine_test", newMockTickerFunc(false), newCounter) // give the byzantine validator a normal ticker - css[0].SetTimeoutTicker(NewTimeoutTicker()) + ticker := NewTimeoutTicker() + ticker.SetLogger(css[0].Logger) + css[0].SetTimeoutTicker(ticker) switches := make([]*p2p.Switch, N) p2pLogger := logger.With("module", "p2p") diff --git a/consensus/common_test.go b/consensus/common_test.go index 40a320e42..c27b50c4f 100644 --- a/consensus/common_test.go +++ b/consensus/common_test.go @@ -267,7 +267,7 @@ func newConsensusStateWithConfigAndBlockStore(thisConfig *cfg.Config, state sm.S stateDB := dbm.NewMemDB() blockExec := sm.NewBlockExecutor(stateDB, log.TestingLogger(), proxyAppConnCon, mempool, evpool) cs := NewConsensusState(thisConfig.Consensus, state, blockExec, blockStore, mempool, evpool) - cs.SetLogger(log.TestingLogger()) + cs.SetLogger(log.TestingLogger().With("module", "consensus")) cs.SetPrivValidator(pv) eventBus := types.NewEventBus() @@ -285,14 +285,6 @@ func loadPrivValidator(config *cfg.Config) *types.PrivValidatorFS { return privValidator } -func fixedConsensusStateDummy(config *cfg.Config, logger log.Logger) *ConsensusState { - state, _ := sm.MakeGenesisStateFromFile(config.GenesisFile()) - privValidator := loadPrivValidator(config) - cs := newConsensusState(state, privValidator, dummy.NewDummyApplication()) - cs.SetLogger(logger) - return cs -} - func randConsensusState(nValidators int) (*ConsensusState, []*validatorStub) { // Get State state, privVals := randGenesisState(nValidators, false, 10) @@ -300,7 +292,6 @@ func randConsensusState(nValidators int) (*ConsensusState, []*validatorStub) { vss := make([]*validatorStub, nValidators) cs := newConsensusState(state, privVals[0], counter.NewCounterApplication(true)) - cs.SetLogger(log.TestingLogger()) for i := 0; i < nValidators; i++ { vss[i] = NewValidatorStub(privVals[i], i) @@ -346,7 +337,7 @@ func consensusLogger() log.Logger { } } return term.FgBgColor{} - }) + }).With("module", "consensus") } func randConsensusNet(nValidators int, testName string, tickerFunc func() TimeoutTicker, appFunc func() abci.Application, configOpts ...func(*cfg.Config)) []*ConsensusState { @@ -366,8 +357,8 @@ func randConsensusNet(nValidators int, testName string, tickerFunc func() Timeou app.InitChain(abci.RequestInitChain{Validators: vals}) css[i] = newConsensusStateWithConfig(thisConfig, state, privVals[i], app) - css[i].SetLogger(logger.With("validator", i)) css[i].SetTimeoutTicker(tickerFunc()) + css[i].SetLogger(logger.With("validator", i, "module", "consensus")) } return css } @@ -395,8 +386,8 @@ func randConsensusNetWithPeers(nValidators, nPeers int, testName string, tickerF app.InitChain(abci.RequestInitChain{Validators: vals}) css[i] = newConsensusStateWithConfig(thisConfig, state, privVal, app) - css[i].SetLogger(logger.With("validator", i)) css[i].SetTimeoutTicker(tickerFunc()) + css[i].SetLogger(logger.With("validator", i, "module", "consensus")) } return css } diff --git a/consensus/reactor_test.go b/consensus/reactor_test.go index c1e2a4621..0fb8ecd6b 100644 --- a/consensus/reactor_test.go +++ b/consensus/reactor_test.go @@ -35,7 +35,7 @@ func startConsensusNet(t *testing.T, css []*ConsensusState, N int) ([]*Consensus /*logger, err := tmflags.ParseLogLevel("consensus:info,*:error", logger, "info") if err != nil { t.Fatal(err)}*/ reactors[i] = NewConsensusReactor(css[i], true) // so we dont start the consensus states - reactors[i].SetLogger(css[i].Logger.With("validator", "i", "module", "consensus")) + reactors[i].SetLogger(css[i].Logger) // eventBus is already started with the cs eventBuses[i] = css[i].eventBus From ab13806276dc75a7f38d092c2ff255b218ccb958 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 25 Jan 2018 01:01:27 -0500 Subject: [PATCH 117/188] consensus: print go routines in failed test --- consensus/reactor_test.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/consensus/reactor_test.go b/consensus/reactor_test.go index 0fb8ecd6b..f66f4e9e5 100644 --- a/consensus/reactor_test.go +++ b/consensus/reactor_test.go @@ -4,6 +4,7 @@ import ( "context" "fmt" "os" + "runtime" "runtime/pprof" "sync" "testing" @@ -410,7 +411,15 @@ func timeoutWaitGroup(t *testing.T, n int, f func(int), css []*ConsensusState) { t.Log(cs.GetRoundState()) t.Log("") } + os.Stdout.Write([]byte("pprof.Lookup('goroutine'):\n")) pprof.Lookup("goroutine").WriteTo(os.Stdout, 1) + capture() panic("Timed out waiting for all validators to commit a block") } } + +func capture() { + trace := make([]byte, 10240000) + count := runtime.Stack(trace, true) + fmt.Printf("Stack of %d bytes: %s\n", count, trace) +} From fb109db33dd446eee4911f237721f2ebccf54de5 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Thu, 25 Jan 2018 02:10:01 -0500 Subject: [PATCH 118/188] update changelog --- CHANGELOG.md | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0205c427f..a378f4a00 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,11 +29,30 @@ BUG FIXES: ## 0.16.0 (TBD) BREAKING CHANGES: -- [p2p] old `seeds` is now `persistent_peers` (persistent peers to which TM will always connect to) -- [p2p] now `seeds` only used for getting addresses (if addrbook is empty; not persistent) +- [config] use $TMHOME/config for all config and json files +- [p2p] old `--p2p.seeds` is now `--p2p.persistent_peers` (persistent peers to which TM will always connect to) +- [p2p] now `--p2p.seeds` only used for getting addresses (if addrbook is empty; not persistent) +- [p2p] NodeInfo: remove RemoteAddr and add Channels + - we must have at least one overlapping channel with peer + - we only send msgs for channels the peer advertised FEATURES: -- [p2p] added new `/dial_persistent_peers` **unsafe** endpoint +- [p2p] added new `/dial_peers&persistent=_` **unsafe** endpoint +- [p2p] persistent node key in `$THMHOME/config/node_key.json` +- [p2p] introduce peer ID and authenticate peers by ID using addresses like `ID@IP:PORT` +- [p2p] new seed mode in pex reactor crawls the network and serves as a seed. TODO: `--p2p.seed_mode` +- [config] MempoolConfig.CacheSize + +IMPROVEMENT: +- [p2p] stricter rules in the PEX reactor for better handling of abuse +- [p2p] various improvements to code structure including subpackages for `pex` and `conn` +- [docs] new spec! + +BUG FIX: +- [blockchain] StopPeerForError on timeout +- [consensus] StopPeerForError on a bad Maj23 message +- [state] flush mempool conn before calling commit +- [types] fix priv val signing things that only differ by timestamp ## 0.15.0 (December 29, 2017) From baff4bd8cc0596b9f082cc5ff828740ebd90c835 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Wed, 24 Jan 2018 17:14:38 -0500 Subject: [PATCH 119/188] p2p/conn: better handling for some stop conditions --- p2p/conn/connection.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 71b2a13d0..83d87e58f 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -189,11 +189,11 @@ func (c *MConnection) OnStop() { close(c.quit) } c.conn.Close() // nolint: errcheck + // We can't close pong safely here because // recvRoutine may write to it after we've stopped. // Though it doesn't need to get closed at all, // we close it @ recvRoutine. - // close(c.pong) } func (c *MConnection) String() string { @@ -450,7 +450,11 @@ FOR_LOOP: case packetTypePing: // TODO: prevent abuse, as they cause flush()'s. c.Logger.Debug("Receive Ping") - c.pong <- struct{}{} + select { + case c.pong <- struct{}{}: + case <-c.quit: + break FOR_LOOP + } case packetTypePong: // do nothing c.Logger.Debug("Receive Pong") @@ -470,6 +474,7 @@ FOR_LOOP: err := fmt.Errorf("Unknown channel %X", pkt.ChannelID) c.Logger.Error("Connection failed @ recvRoutine", "conn", c, "err", err) c.stopForError(err) + break FOR_LOOP } msgBytes, err := channel.recvMsgPacket(pkt) @@ -489,6 +494,7 @@ FOR_LOOP: err := fmt.Errorf("Unknown message type %X", pktType) c.Logger.Error("Connection failed @ recvRoutine", "conn", c, "err", err) c.stopForError(err) + break FOR_LOOP } // TODO: shouldn't this go in the sendRoutine? From 0a7a190cd1526fe31cf66e4e5896632d0bdb7c7c Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Mon, 22 Jan 2018 13:40:32 +0100 Subject: [PATCH 120/188] Fix vagrantfile If you get an error, please run `vagrant box update`. --- .gitignore | 1 + Vagrantfile | 30 ++++++++++++++++-------------- 2 files changed, 17 insertions(+), 14 deletions(-) diff --git a/.gitignore b/.gitignore index 22a6be0b9..b031ce185 100644 --- a/.gitignore +++ b/.gitignore @@ -17,6 +17,7 @@ test/logs coverage.txt docs/_build docs/tools +*.log scripts/wal2json/wal2json scripts/cutWALUntil/cutWALUntil diff --git a/Vagrantfile b/Vagrantfile index 12cfce475..abbb719f8 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -21,29 +21,31 @@ Vagrant.configure("2") do |config| # install base requirements apt-get update + apt-get upgrade -y apt-get install -y --no-install-recommends wget curl jq \ make shellcheck bsdmainutils psmisc apt-get install -y docker-ce golang-1.9-go + apt-get install -y language-pack-en + + apt-get autoremove -y # needed for docker - usermod -a -G docker ubuntu + usermod -a -G docker vagrant - # use "EOF" not EOF to avoid variable substitution of $PATH - cat << "EOF" >> /home/ubuntu/.bash_profile -export PATH=$PATH:/usr/lib/go-1.9/bin:/home/ubuntu/go/bin -export GOPATH=/home/ubuntu/go -export LC_ALL=en_US.UTF-8 -cd go/src/github.com/tendermint/tendermint -EOF + # set env variables + echo 'export PATH=$PATH:/usr/lib/go-1.9/bin:/home/vagrant/go/bin' >> /home/vagrant/.bash_profile + echo 'export GOPATH=/home/vagrant/go' >> /home/vagrant/.bash_profile + echo 'export LC_ALL=en_US.UTF-8' >> /home/vagrant/.bash_profile - mkdir -p /home/ubuntu/go/bin - mkdir -p /home/ubuntu/go/src/github.com/tendermint - ln -s /vagrant /home/ubuntu/go/src/github.com/tendermint/tendermint + mkdir -p /home/vagrant/go/bin + mkdir -p /home/vagrant/go/src/github.com/tendermint + ln -s /vagrant /home/vagrant/go/src/github.com/tendermint/tendermint - chown -R ubuntu:ubuntu /home/ubuntu/go - chown ubuntu:ubuntu /home/ubuntu/.bash_profile + chown -R vagrant:vagrant /home/vagrant/go + chown vagrant:vagrant /home/vagrant/.bash_profile # get all deps and tools, ready to install/test - su - ubuntu -c 'cd /home/ubuntu/go/src/github.com/tendermint/tendermint && make get_tools && make get_vendor_deps' + source /home/vagrant/.bash_profile + cd /home/vagrant/go/src/github.com/tendermint/tendermint && make get_tools && make get_vendor_deps SHELL end From 2f147ec000a0f5f4394224c716845a50d4aff1ed Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Mon, 22 Jan 2018 14:55:58 +0100 Subject: [PATCH 121/188] Remove upgrade step --- Vagrantfile | 1 - 1 file changed, 1 deletion(-) diff --git a/Vagrantfile b/Vagrantfile index abbb719f8..9213f32f8 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -21,7 +21,6 @@ Vagrant.configure("2") do |config| # install base requirements apt-get update - apt-get upgrade -y apt-get install -y --no-install-recommends wget curl jq \ make shellcheck bsdmainutils psmisc apt-get install -y docker-ce golang-1.9-go From fc860c3a07865772a13c4cb270f7ad97532ccdbb Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Mon, 22 Jan 2018 15:33:09 +0100 Subject: [PATCH 122/188] Final Vagrantfile --- Vagrantfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Vagrantfile b/Vagrantfile index 9213f32f8..3979c7792 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -26,6 +26,7 @@ Vagrant.configure("2") do |config| apt-get install -y docker-ce golang-1.9-go apt-get install -y language-pack-en + # cleanup apt-get autoremove -y # needed for docker @@ -44,7 +45,7 @@ Vagrant.configure("2") do |config| chown vagrant:vagrant /home/vagrant/.bash_profile # get all deps and tools, ready to install/test - source /home/vagrant/.bash_profile - cd /home/vagrant/go/src/github.com/tendermint/tendermint && make get_tools && make get_vendor_deps + su - vagrant -c 'source /home/vagrant/.bash_profile' + su - vagrant -c 'cd /home/vagrant/go/src/github.com/tendermint/tendermint && make get_tools && make get_vendor_deps' SHELL end From 4b63b3aa0ba915607a3e8a20cc96f2e3e306d8ff Mon Sep 17 00:00:00 2001 From: Adrian Brink Date: Thu, 25 Jan 2018 11:35:14 +0100 Subject: [PATCH 123/188] Switch to correct directory in Vagrant --- CONTRIBUTING.md | 5 ++++- Vagrantfile | 1 + 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 787fd7180..5b9800716 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -44,6 +44,9 @@ Run `bash scripts/glide/status.sh` to get a list of vendored dependencies that m If you are a [Vagrant](https://www.vagrantup.com/) user, all you have to do to get started hacking Tendermint is: +In case you installed Vagrant in 2017, you might need to run +`vagrant box update` to upgrade to the latest `ubuntu/xenial64`. + ``` vagrant up vagrant ssh @@ -97,4 +100,4 @@ especially `go-p2p` and `go-rpc`, as their versions are referenced in tendermint - push to hotfix-vX.X.X to run the extended integration tests on the CI - merge hotfix-vX.X.X to master - merge hotfix-vX.X.X to develop -- delete the hotfix-vX.X.X branch \ No newline at end of file +- delete the hotfix-vX.X.X branch diff --git a/Vagrantfile b/Vagrantfile index 3979c7792..ee878649d 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -36,6 +36,7 @@ Vagrant.configure("2") do |config| echo 'export PATH=$PATH:/usr/lib/go-1.9/bin:/home/vagrant/go/bin' >> /home/vagrant/.bash_profile echo 'export GOPATH=/home/vagrant/go' >> /home/vagrant/.bash_profile echo 'export LC_ALL=en_US.UTF-8' >> /home/vagrant/.bash_profile + echo 'cd go/src/github.com/tendermint/tendermint' >> /home/vagrant/.bash_profile mkdir -p /home/vagrant/go/bin mkdir -p /home/vagrant/go/src/github.com/tendermint From 4a99a2a07d47407dcfdc7d8ae4adf979933efe05 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 26 Jan 2018 01:18:33 -0500 Subject: [PATCH 124/188] update contributing.md --- CONTRIBUTING.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 5b9800716..b991bcc4e 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -42,18 +42,18 @@ Run `bash scripts/glide/status.sh` to get a list of vendored dependencies that m ## Vagrant -If you are a [Vagrant](https://www.vagrantup.com/) user, all you have to do to get started hacking Tendermint is: +If you are a [Vagrant](https://www.vagrantup.com/) user, you can get started hacking Tendermint with the commands below. -In case you installed Vagrant in 2017, you might need to run +NOTE: In case you installed Vagrant in 2017, you might need to run `vagrant box update` to upgrade to the latest `ubuntu/xenial64`. ``` vagrant up vagrant ssh -cd ~/go/src/github.com/tendermint/tendermint make test ``` + ## Testing All repos should be hooked up to circle. From 4529fd67870edf8e51cb9d418f762b9519156bfd Mon Sep 17 00:00:00 2001 From: George Ornbo Date: Fri, 26 Jan 2018 14:44:48 +0000 Subject: [PATCH 125/188] Fix documentation typos --- docs/deploy-testnets.rst | 4 ++-- docs/ecosystem.rst | 2 +- docs/getting-started.rst | 4 ++-- docs/install.rst | 2 +- docs/introduction.rst | 2 +- docs/using-tendermint.rst | 24 ++++++++++++------------ 6 files changed, 19 insertions(+), 19 deletions(-) diff --git a/docs/deploy-testnets.rst b/docs/deploy-testnets.rst index 89fa4b799..a872c90f9 100644 --- a/docs/deploy-testnets.rst +++ b/docs/deploy-testnets.rst @@ -32,7 +32,7 @@ Here are the steps to setting up a testnet manually: would look like: ``tendermint node --p2p.seeds=192.168.0.1:46656,192.168.0.2:46656,192.168.0.3:46656,192.168.0.4:46656``. -After a few seconds, all the nodes should connect to eachother and start +After a few seconds, all the nodes should connect to each other and start making blocks! For more information, see the Tendermint Networks section of `the guide to using Tendermint `__. @@ -48,7 +48,7 @@ Automated Deployment using Kubernetes The `mintnet-kubernetes tool `__ allows automating the deployment of a Tendermint network on an already -provisioned kubernetes cluster. For simple provisioning of a kubernetes +provisioned Kubernetes cluster. For simple provisioning of a Kubernetes cluster, check out the `Google Cloud Platform `__. Automated Deployment using Terraform and Ansible diff --git a/docs/ecosystem.rst b/docs/ecosystem.rst index 30ab9a35d..80dd663e2 100644 --- a/docs/ecosystem.rst +++ b/docs/ecosystem.rst @@ -44,7 +44,7 @@ Immutable AVL+ tree with Merkle proofs, Written in Go, `authored by Tendermint < Lotion ^^^^^^ -A Javascript microframework for building blockchain applications with Tendermint, written in Javascript, `authored by Judd Keppel of Tendermint `__. See also `lotion-chat `__ and `lotion-coin `__ apps written using Lotion. +A JavaScript microframework for building blockchain applications with Tendermint, written in JavaScript, `authored by Judd Keppel of Tendermint `__. See also `lotion-chat `__ and `lotion-coin `__ apps written using Lotion. MerkleTree ^^^^^^^^^^ diff --git a/docs/getting-started.rst b/docs/getting-started.rst index 26f6b7897..b85e61cdf 100644 --- a/docs/getting-started.rst +++ b/docs/getting-started.rst @@ -40,7 +40,7 @@ dependencies: Now you should have the ``abci-cli`` installed; you'll see a couple of commands (``counter`` and ``dummy``) that are example applications written in Go. See below for an application -written in Javascript. +written in JavaScript. Now, let's run some apps! @@ -49,7 +49,7 @@ Dummy - A First Example The dummy app is a `Merkle tree `__ that just stores all -transactions. If the transaction contains an ``=``, eg. ``key=value``, +transactions. If the transaction contains an ``=``, e.g. ``key=value``, then the ``value`` is stored under the ``key`` in the Merkle tree. Otherwise, the full transaction bytes are stored as the key and the value. diff --git a/docs/install.rst b/docs/install.rst index 64fae4cdc..734be1629 100644 --- a/docs/install.rst +++ b/docs/install.rst @@ -9,7 +9,7 @@ To download pre-built binaries, see the `Download page `__) have had a monolithic design. That is, each blockchain stack is a single program that handles all the concerns of a decentralized ledger; this includes P2P connectivity, the "mempool" broadcasting of transactions, consensus on the most recent block, account balances, Turing-complete contracts, user-level permissions, etc. Using a monolithic architecture is typically bad practice in computer science. -It makes it difficult to reuse components of the code, and attempts to do so result in complex maintanence procedures for forks of the codebase. +It makes it difficult to reuse components of the code, and attempts to do so result in complex maintenance procedures for forks of the codebase. This is especially true when the codebase is not modular in design and suffers from "spaghetti code". Another problem with monolithic design is that it limits you to the language of the blockchain stack (or vice versa). In the case of Ethereum which supports a Turing-complete bytecode virtual-machine, it limits you to languages that compile down to that bytecode; today, those are Serpent and Solidity. diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index 9076230ea..d0bdc9db4 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -33,7 +33,7 @@ tool `__. Run --- -To run a tendermint node, use +To run a Tendermint node, use :: @@ -41,7 +41,7 @@ To run a tendermint node, use By default, Tendermint will try to connect to an ABCI application on `127.0.0.1:46658 <127.0.0.1:46658>`__. If you have the ``dummy`` ABCI -app installed, run it in another window. If you don't, kill tendermint +app installed, run it in another window. If you don't, kill Tendermint and run an in-process version with :: @@ -54,7 +54,7 @@ blocks are produced regularly, even if there are no transactions. See *No Empty Tendermint supports in-process versions of the dummy, counter, and nil apps that ship as examples in the `ABCI repository `__. It's easy to compile -your own app in-process with tendermint if it's written in Go. If your +your own app in-process with Tendermint if it's written in Go. If your app is not written in Go, simply run it in another process, and use the ``--proxy_app`` flag to specify the address of the socket it is listening on, for instance: @@ -118,8 +118,8 @@ Tendermint uses a ``config.toml`` for configuration. For details, see `the config specification <./specification/configuration.html>`__. Notable options include the socket address of the application -(``proxy_app``), the listenting address of the tendermint peer -(``p2p.laddr``), and the listening address of the rpc server +(``proxy_app``), the listening address of the Tendermint peer +(``p2p.laddr``), and the listening address of the RPC server (``rpc.laddr``). Some fields from the config file can be overwritten with flags. @@ -129,8 +129,8 @@ No Empty Blocks This much requested feature was implemented in version 0.10.3. While the default behaviour of ``tendermint`` is still to create blocks approximately once per second, it is possible to disable empty blocks or set a block creation interval. In the former case, blocks will be created when there are new transactions or when the AppHash changes. -To configure tendermint to not produce empty blocks unless there are txs or the app hash changes, -run tendermint with this additional flag: +To configure Tendermint to not produce empty blocks unless there are txs or the app hash changes, +run Tendermint with this additional flag: :: @@ -160,7 +160,7 @@ Broadcast API ------------- Earlier, we used the ``broadcast_tx_commit`` endpoint to send a -transaction. When a transaction is sent to a tendermint node, it will +transaction. When a transaction is sent to a Tendermint node, it will run via ``CheckTx`` against the application. If it passes ``CheckTx``, it will be included in the mempool, broadcast to other peers, and eventually included in a block. @@ -187,7 +187,7 @@ value for ``broadcast_tx_commit`` includes two fields, ``check_tx`` and through those ABCI messages. The benefit of using ``broadcast_tx_commit`` is that the request returns -after the transaction is committed (ie. included in a block), but that +after the transaction is committed (i.e. included in a block), but that can take on the order of a second. For a quick result, use ``broadcast_tx_sync``, but the transaction will not be committed until later, and by that point its effect on the state may change. @@ -248,10 +248,10 @@ Note also that the ``pub_key`` (the public key) in the The genesis file contains the list of public keys which may participate in the consensus, and their corresponding voting power. Greater than 2/3 -of the voting power must be active (ie. the corresponding private keys +of the voting power must be active (i.e. the corresponding private keys must be producing signatures) for the consensus to make progress. In our case, the genesis file contains the public key of our -``priv_validator.json``, so a tendermint node started with the default +``priv_validator.json``, so a Tendermint node started with the default root directory will be able to make new blocks, as we've already seen. If we want to add more nodes to the network, we have two choices: we can @@ -388,7 +388,7 @@ connections to peers with the same IP address. Upgrading ~~~~~~~~~ -The tendermint development cycle includes a lot of breaking changes. Upgrading from +The Tendermint development cycle includes a lot of breaking changes. Upgrading from an old version to a new version usually means throwing away the chain data. Try out the `tm-migrate `__ tool written by @hxqlh if you are keen to preserve the state of your chain when upgrading to newer versions. From 4b4a2029c4c1682822f92de3b5fc730c20bb7b92 Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Thu, 25 Jan 2018 02:11:07 +0000 Subject: [PATCH 126/188] spec: typos & other fixes --- docs/specification/new-spec/README.md | 12 +++++---- docs/specification/new-spec/blockchain.md | 32 ++++++++++++++--------- docs/specification/new-spec/encoding.md | 11 ++++---- 3 files changed, 32 insertions(+), 23 deletions(-) diff --git a/docs/specification/new-spec/README.md b/docs/specification/new-spec/README.md index 5b2f50cdd..f3b9e3c29 100644 --- a/docs/specification/new-spec/README.md +++ b/docs/specification/new-spec/README.md @@ -5,7 +5,7 @@ It defines the base data structures, how they are validated, and how they are communicated over the network. XXX: this spec is a work in progress and not yet complete - see github -[isses](https://github.com/tendermint/tendermint/issues) and +[issues](https://github.com/tendermint/tendermint/issues) and [pull requests](https://github.com/tendermint/tendermint/pulls) for more details. @@ -24,8 +24,10 @@ please submit them to our [bug bounty](https://tendermint.com/security)! ### P2P and Network Protocols -- [The Base P2P Layer](p2p/README.md): multiplex the protocols ("reactors") on authenticated and encrypted TCP conns -- [Peer Exchange (PEX)](pex/README.md): gossip known peer addresses so peers can find eachother +TODO: update links + +- [The Base P2P Layer](p2p/README.md): multiplex the protocols ("reactors") on authenticated and encrypted TCP connections +- [Peer Exchange (PEX)](pex/README.md): gossip known peer addresses so peers can find each other - [Block Sync](block_sync/README.md): gossip blocks so peers can catch up quickly - [Consensus](consensus/README.md): gossip votes and block parts so new blocks can be committed - [Mempool](mempool/README.md): gossip transactions so they get included in blocks @@ -39,7 +41,7 @@ please submit them to our [bug bounty](https://tendermint.com/security)! Tendermint provides Byzantine Fault Tolerant State Machine Replication using hash-linked batches of transactions. Such transaction batches are called "blocks". -Hence Tendermint defines a "blockchain". +Hence, Tendermint defines a "blockchain". Each block in Tendermint has a unique index - its Height. A block at `Height == H` can only be committed *after* the @@ -48,7 +50,7 @@ Each block is committed by a known set of weighted Validators. Membership and weighting within this set may change over time. Tendermint guarantees the safety and liveness of the blockchain so long as less than 1/3 of the total weight of the Validator set -is malicious. +is malicious or faulty. A commit in Tendermint is a set of signed messages from more than 2/3 of the total weight of the current Validator set. Validators take turns proposing diff --git a/docs/specification/new-spec/blockchain.md b/docs/specification/new-spec/blockchain.md index 93e4df6db..3f8849b15 100644 --- a/docs/specification/new-spec/blockchain.md +++ b/docs/specification/new-spec/blockchain.md @@ -5,7 +5,13 @@ Here we describe the data structures in the Tendermint blockchain and the rules ## Data Structures The Tendermint blockchains consists of a short list of basic data types: -`Block`, `Header`, `Vote`, `BlockID`, `Signature`, and `Evidence`. + +- `Block` +- `Header` +- `Vote` +- `BlockID` +- `Signature` +- `Evidence` ## Block @@ -31,7 +37,7 @@ type Header struct { // block metadata Version string // Version string ChainID string // ID of the chain - Height int64 // current block height + Height int64 // Current block height Time int64 // UNIX time, in millisconds // current block @@ -55,7 +61,7 @@ type Header struct { } ``` -Further details on each of this fields is taken up below. +Further details on each of these fields is described below. ## BlockID @@ -97,8 +103,8 @@ type Vote struct { ``` There are two types of votes: -a prevote has `vote.Type == 1` and -a precommit has `vote.Type == 2`. +a *prevote* has `vote.Type == 1` and +a *precommit* has `vote.Type == 2`. ## Signature @@ -184,7 +190,7 @@ The height is an incrementing integer. The first block has `block.Header.Height The median of the timestamps of the valid votes in the block.LastCommit. Corresponds to the number of nanoseconds, with millisecond resolution, since January 1, 1970. -Note the timestamp in a vote must be greater by at least one millisecond than that of the +Note: the timestamp of a vote must be greater by at least one millisecond than that of the block being voted on. ### NumTxs @@ -226,6 +232,8 @@ The first block has `block.Header.TotalTxs = block.Header.NumberTxs`. ### LastBlockID +For the previous block's BlockID: + ```go prevBlockParts := MakeParts(prevBlock, state.LastConsensusParams.BlockGossip.BlockPartSize) block.Header.LastBlockID == BlockID { @@ -237,7 +245,7 @@ block.Header.LastBlockID == BlockID { } ``` -Previous block's BlockID. Note it depends on the ConsensusParams, +Note: it depends on the ConsensusParams, which are held in the `state` and may be updated by the application. The first block has `block.Header.LastBlockID == BlockID{}`. @@ -289,9 +297,9 @@ block.Header.Proposer in state.Validators Original proposer of the block. Must be a current validator. -NOTE: this field can only be further verified by real-time participants in the consensus. +**Note:** this field can only be further verified by real-time participants in the consensus. This is because the same block can be proposed in multiple rounds for the same height -and we do not track the initial round the block was proposed. +and we do not track the initial round that the block was proposed. ### EvidenceHash @@ -361,7 +369,7 @@ func (v Vote) Verify(chainID string, pubKey PubKey) bool { } ``` -where `pubKey.Verify` performs the approprioate digital signature verification of the `pubKey` +where `pubKey.Verify` performs the appropriate digital signature verification of the `pubKey` against the given signature and message bytes. ## Evidence @@ -381,14 +389,14 @@ The votes must not be too old. Once a block is validated, it can be executed against the state. -The state follows the recursive equation: +The state follows this recursive equation: ```go state(1) = InitialState state(h+1) <- Execute(state(h), ABCIApp, block(h)) ``` -Where `InitialState` includes the initial consensus parameters and validator set, +where `InitialState` includes the initial consensus parameters and validator set, and `ABCIApp` is an ABCI application that can return results and changes to the validator set (TODO). Execute is defined as: diff --git a/docs/specification/new-spec/encoding.md b/docs/specification/new-spec/encoding.md index 205b8574e..97dbf0477 100644 --- a/docs/specification/new-spec/encoding.md +++ b/docs/specification/new-spec/encoding.md @@ -5,8 +5,7 @@ Tendermint aims to encode data structures in a manner similar to how the corresponding Go structs are laid out in memory. Variable length items are length-prefixed. -While the encoding was inspired by Go, it is easily implemented in other languages as well given its -intuitive design. +While the encoding was inspired by Go, it is easily implemented in other languages as well, given its intuitive design. XXX: This is changing to use real varints and 4-byte-prefixes. See https://github.com/tendermint/go-wire/tree/sdk2. @@ -52,7 +51,7 @@ encode(int(0)) == [0x00] ### Strings -An encoded string is a length prefix followed by the underlying bytes of the string. +An encoded string is length-prefixed followed by the underlying bytes of the string. The length-prefix is itself encoded as an `int`. The empty string is encoded as `0x00`. It is not length-prefixed. @@ -82,7 +81,7 @@ encode([2]string{"abc", "efg"}) == [0x01, 0x03, 0x61, 0x62, 0x63, 0x01, 0x03, 0x ### Slices (variable length) -An encoded variable-length array is a length prefix followed by the concatenation of the encoding of +An encoded variable-length array is length-prefixed followed by the concatenation of the encoding of its elements. The length-prefix is itself encoded as an `int`. @@ -165,7 +164,7 @@ func SimpleMerkleRoot(hashes [][]byte) []byte{ } ``` -Note we abuse notion and call `SimpleMerkleRoot` with arguments of type `struct` or type `[]struct`. +Note: we abuse notion and call `SimpleMerkleRoot` with arguments of type `struct` or type `[]struct`. For `struct` arguments, we compute a `[][]byte` by sorting elements of the `struct` according to field name and then hashing them. For `[]struct` arguments, we compute a `[][]byte` by hashing the individual `struct` elements. @@ -190,7 +189,7 @@ Note how the fields within each level are sorted. ### MakeParts -TMBIN encode an object and slice it into parts. +TMBIN encodes an object and slices it into parts. ```go MakeParts(object, partSize) From 8cca953590599b3cb85f46746c08fb72b9acde43 Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Thu, 25 Jan 2018 03:25:09 +0000 Subject: [PATCH 127/188] spec: remove notes, see #1152 --- docs/specification/new-spec/spec-notes.md | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 docs/specification/new-spec/spec-notes.md diff --git a/docs/specification/new-spec/spec-notes.md b/docs/specification/new-spec/spec-notes.md deleted file mode 100644 index fbffac741..000000000 --- a/docs/specification/new-spec/spec-notes.md +++ /dev/null @@ -1,3 +0,0 @@ -- Remove BlockID from Commit -- Actually validate the ValidatorsHash -- Move blockHeight=1 exception for LastCommit to ValidateBasic From 5b368252ac50bfe60c54c88c2ba642a988b174ab Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Thu, 25 Jan 2018 05:02:26 +0000 Subject: [PATCH 128/188] spec: more fixes --- docs/specification/new-spec/p2p/config.md | 13 ++-- docs/specification/new-spec/p2p/connection.md | 32 +++++----- docs/specification/new-spec/p2p/node.md | 16 ++--- docs/specification/new-spec/p2p/peer.md | 7 +-- .../new-spec/reactors/block_sync/impl.md | 1 - .../new-spec/reactors/block_sync/reactor.md | 2 +- .../reactors/consensus/consensus-reactor.md | 63 ++++++++----------- 7 files changed, 61 insertions(+), 73 deletions(-) diff --git a/docs/specification/new-spec/p2p/config.md b/docs/specification/new-spec/p2p/config.md index 565f78006..4382b6ac4 100644 --- a/docs/specification/new-spec/p2p/config.md +++ b/docs/specification/new-spec/p2p/config.md @@ -1,6 +1,7 @@ # P2P Config Here we describe configuration options around the Peer Exchange. +These can be set using flags or via the `$TMHOME/config/config.toml` file. ## Seed Mode @@ -22,14 +23,12 @@ If we already have enough peers in the address book, we may never need to dial t Dial these peers and auto-redial them if the connection fails. These are intended to be trusted persistent peers that can help -anchor us in the p2p network. +anchor us in the p2p network. The auto-redial uses exponential +backoff and will give up after a day of trying to connect. -Note that the auto-redial uses exponential backoff and will give up -after a day of trying to connect. - -NOTE: If `seeds` and `persistent_peers` intersect, -the user will be WARNED that seeds may auto-close connections -and the node may not be able to keep the connection persistent. +**Note:** If `seeds` and `persistent_peers` intersect, +the user will be warned that seeds may auto-close connections +and that the node may not be able to keep the connection persistent. ## Private Persistent Peers diff --git a/docs/specification/new-spec/p2p/connection.md b/docs/specification/new-spec/p2p/connection.md index 400111f4a..071b8f1b6 100644 --- a/docs/specification/new-spec/p2p/connection.md +++ b/docs/specification/new-spec/p2p/connection.md @@ -1,32 +1,34 @@ -## P2P Multiplex Connection - -... +# P2P Multiplex Connection ## MConnection `MConnection` is a multiplex connection that supports multiple independent streams with distinct quality of service guarantees atop a single TCP connection. -Each stream is known as a `Channel` and each `Channel` has a globally unique byte id. +Each stream is known as a `Channel` and each `Channel` has a globally unique *byte id*. Each `Channel` also has a relative priority that determines the quality of service -of the `Channel` in comparison to the others. -The byte id and the relative priorities of each `Channel` are configured upon +of the `Channel` compared to other `Channel`s. +The *byte id* and the relative priorities of each `Channel` are configured upon initialization of the connection. -The `MConnection` supports three packet types: Ping, Pong, and Msg. +The `MConnection` supports three packet types: + +- Ping +- Pong +- Msg ### Ping and Pong The ping and pong messages consist of writing a single byte to the connection; 0x1 and 0x2, respectively. -When we haven't received any messages on an `MConnection` in a time `pingTimeout`, we send a ping message. +When we haven't received any messages on an `MConnection` in time `pingTimeout`, we send a ping message. When a ping is received on the `MConnection`, a pong is sent in response only if there are no other messages -to send and the peer has not sent us too many pings. +to send and the peer has not sent us too many pings (how many is too many?). -If a pong or message is not received in sufficient time after a ping, disconnect from the peer. +If a pong or message is not received in sufficient time after a ping, the peer is disconnected from. ### Msg -Messages in channels are chopped into smaller msgPackets for multiplexing. +Messages in channels are chopped into smaller `msgPacket`s for multiplexing. ``` type msgPacket struct { @@ -36,14 +38,14 @@ type msgPacket struct { } ``` -The msgPacket is serialized using go-wire, and prefixed with a 0x3. +The `msgPacket` is serialized using [go-wire](https://github.com/tendermint/go-wire) and prefixed with 0x3. The received `Bytes` of a sequential set of packets are appended together -until a packet with `EOF=1` is received, at which point the complete serialized message -is returned for processing by the corresponding channels `onReceive` function. +until a packet with `EOF=1` is received, then the complete serialized message +is returned for processing by the `onReceive` function of the corresponding channel. ### Multiplexing -Messages are sent from a single `sendRoutine`, which loops over a select statement that results in the sending +Messages are sent from a single `sendRoutine`, which loops over a select statement and results in the sending of a ping, a pong, or a batch of data messages. The batch of data messages may include messages from multiple channels. Message bytes are queued for sending in their respective channel, with each channel holding one unsent message at a time. Messages are chosen for a batch one at a time from the channel with the lowest ratio of recently sent bytes to channel priority. diff --git a/docs/specification/new-spec/p2p/node.md b/docs/specification/new-spec/p2p/node.md index 0ab8e508e..6410cc769 100644 --- a/docs/specification/new-spec/p2p/node.md +++ b/docs/specification/new-spec/p2p/node.md @@ -1,18 +1,18 @@ # Tendermint Peer Discovery -A Tendermint P2P network has different kinds of nodes with different requirements for connectivity to others. +A Tendermint P2P network has different kinds of nodes with different requirements for connectivity compared to other types of networks. This document describes what kind of nodes Tendermint should enable and how they should work. ## Seeds Seeds are the first point of contact for a new node. -They return a list of known active peers and disconnect. +They return a list of known active peers and disconnect....if? -Seeds should operate full nodes, and with the PEX reactor in a "crawler" mode +Seeds should operate full nodes with the PEX reactor in a "crawler" mode that continuously explores to validate the availability of peers. Seeds should only respond with some top percentile of the best peers it knows about. -See [reputation] for details on peer quality. +See [reputation](TODO) for details on peer quality. ## New Full Node @@ -31,7 +31,7 @@ dials those peers, and runs the Tendermint protocols with those it successfully When the peer catches up to height H, it ensures the block hash matches HASH. If not, Tendermint will exit, and the user must try again - either they are connected -to bad peers or their social consensus was invalidated. +to bad peers or their social consensus is invalid. ## Restarted Full Node @@ -58,8 +58,8 @@ Validators that know and trust each other can accept incoming connections from o Sentry nodes are guardians of a validator node and provide it access to the rest of the network. They should be well connected to other full nodes on the network. Sentry nodes may be dynamic, but should maintain persistent connections to some evolving random subset of each other. -They should always expect to have direct incoming connections from the validator node and its backup/s. -They do not report the validator node's address in the PEX. -They may be more strict about the quality of peers they keep. +They should always expect to have direct incoming connections from the validator node and its backup(s). +They do not report the validator node's address in the PEX and +they may be more strict about the quality of peers they keep. Sentry nodes belonging to validators that trust each other may wish to maintain persistent connections via VPN with one another, but only report each other sparingly in the PEX. diff --git a/docs/specification/new-spec/p2p/peer.md b/docs/specification/new-spec/p2p/peer.md index 39be966b1..68615c498 100644 --- a/docs/specification/new-spec/p2p/peer.md +++ b/docs/specification/new-spec/p2p/peer.md @@ -62,7 +62,7 @@ ie. `peer.PubKey.Address() == `. The connection has now been authenticated. All traffic is encrypted. -Note that only the dialer can authenticate the identity of the peer, +Note: only the dialer can authenticate the identity of the peer, but this is what we care about since when we join the network we wish to ensure we have reached the intended peer (and are not being MITMd). @@ -81,7 +81,7 @@ terminated. The Tendermint Version Handshake allows the peers to exchange their NodeInfo: -``` +```golang type NodeInfo struct { PubKey crypto.PubKey Moniker string @@ -111,5 +111,4 @@ Note that each reactor may handle multiple channels. Once a peer is added, incoming messages for a given reactor are handled through that reactor's `Receive` method, and output messages are sent directly by the Reactors -on each peer. A typical reactor maintains per-peer go-routine/s that handle this. - +on each peer. A typical reactor maintains per-peer go-routine(s) that handle this. diff --git a/docs/specification/new-spec/reactors/block_sync/impl.md b/docs/specification/new-spec/reactors/block_sync/impl.md index 6be61a33a..a96f83b32 100644 --- a/docs/specification/new-spec/reactors/block_sync/impl.md +++ b/docs/specification/new-spec/reactors/block_sync/impl.md @@ -1,4 +1,3 @@ - ## Blockchain Reactor * coordinates the pool for syncing diff --git a/docs/specification/new-spec/reactors/block_sync/reactor.md b/docs/specification/new-spec/reactors/block_sync/reactor.md index 11297d024..c00ea96f3 100644 --- a/docs/specification/new-spec/reactors/block_sync/reactor.md +++ b/docs/specification/new-spec/reactors/block_sync/reactor.md @@ -9,7 +9,7 @@ Tendermint full nodes run the Blockchain Reactor as a service to provide blocks to new nodes. New nodes run the Blockchain Reactor in "fast_sync" mode, where they actively make requests for more blocks until they sync up. Once caught up, "fast_sync" mode is disabled and the node switches to -using the Consensus Reactor. , and turn on the Consensus Reactor. +using (and turns on) the Consensus Reactor. ## Message Types diff --git a/docs/specification/new-spec/reactors/consensus/consensus-reactor.md b/docs/specification/new-spec/reactors/consensus/consensus-reactor.md index f0d3e7500..69ca409b4 100644 --- a/docs/specification/new-spec/reactors/consensus/consensus-reactor.md +++ b/docs/specification/new-spec/reactors/consensus/consensus-reactor.md @@ -1,9 +1,9 @@ # Consensus Reactor -Consensus Reactor defines a reactor for the consensus service. It contains ConsensusState service that +Consensus Reactor defines a reactor for the consensus service. It contains the ConsensusState service that manages the state of the Tendermint consensus internal state machine. -When Consensus Reactor is started, it starts Broadcast Routine and it starts ConsensusState service. -Furthermore, for each peer that is added to the Consensus Reactor, it creates (and manage) known peer state +When Consensus Reactor is started, it starts Broadcast Routine which starts ConsensusState service. +Furthermore, for each peer that is added to the Consensus Reactor, it creates (and manages) the known peer state (that is used extensively in gossip routines) and starts the following three routines for the peer p: Gossip Data Routine, Gossip Votes Routine and QueryMaj23Routine. Finally, Consensus Reactor is responsible for decoding messages received from a peer and for adequate processing of the message depending on its type and content. @@ -41,7 +41,7 @@ RoundState defines the internal consensus state. It contains height, round, roun a proposal and proposal block for the current round, locked round and block (if some block is being locked), set of received votes and last commit and last validators set. -``` +```golang type RoundState struct { Height int64 Round int @@ -60,15 +60,23 @@ type RoundState struct { ``` Internally, consensus will run as a state machine with the following states: -RoundStepNewHeight, RoundStepNewRound, RoundStepPropose, RoundStepProposeWait, RoundStepPrevote, -RoundStepPrevoteWait, RoundStepPrecommit, RoundStepPrecommitWait and RoundStepCommit. + +- RoundStepNewHeight +- RoundStepNewRound +- RoundStepPropose +- RoundStepProposeWait +- RoundStepPrevote +- RoundStepPrevoteWait +- RoundStepPrecommit +- RoundStepPrecommitWait +- RoundStepCommit ## Peer Round State Peer round state contains the known state of a peer. It is being updated by the Receive routine of Consensus Reactor and by the gossip routines upon sending a message to the peer. -``` +```golang type PeerRoundState struct { Height int64 // Height peer is at Round int // Round peer is at, -1 if unknown. @@ -92,8 +100,8 @@ type PeerRoundState struct { The entry point of the Consensus reactor is a receive method. When a message is received from a peer p, normally the peer round state is updated correspondingly, and some messages are passed for further processing, for example to ConsensusState service. We now specify the processing of messages -in the receive method of Consensus reactor for each message type. In the following message handler, rs denotes -RoundState and prs PeerRoundState. +in the receive method of Consensus reactor for each message type. In the following message handler, `rs` and `prs` denote +`RoundState` and `PeerRoundState`, respectively. ### NewRoundStepMessage handler @@ -196,8 +204,8 @@ handleMessage(msg): ## Gossip Data Routine It is used to send the following messages to the peer: `BlockPartMessage`, `ProposalMessage` and -`ProposalPOLMessage` on the DataChannel. The gossip data routine is based on the local RoundState (denoted rs) -and the known PeerRoundState (denotes prs). The routine repeats forever the logic shown below: +`ProposalPOLMessage` on the DataChannel. The gossip data routine is based on the local RoundState (`rs`) +and the known PeerRoundState (`prs`). The routine repeats forever the logic shown below: ``` 1a) if rs.ProposalBlockPartsHeader == prs.ProposalBlockPartsHeader and the peer does not have all the proposal parts then @@ -246,8 +254,8 @@ The function executes the following logic: ## Gossip Votes Routine It is used to send the following message: `VoteMessage` on the VoteChannel. -The gossip votes routine is based on the local RoundState (denoted rs) -and the known PeerRoundState (denotes prs). The routine repeats forever the logic shown below: +The gossip votes routine is based on the local RoundState (`rs`) +and the known PeerRoundState (`prs`). The routine repeats forever the logic shown below: ``` 1a) if rs.Height == prs.Height then @@ -291,8 +299,8 @@ and the known PeerRoundState (denotes prs). The routine repeats forever the logi ## QueryMaj23Routine It is used to send the following message: `VoteSetMaj23Message`. `VoteSetMaj23Message` is sent to indicate that a given -BlockID has seen +2/3 votes. This routine is based on the local RoundState (denoted rs) and the known PeerRoundState -(denotes prs). The routine repeats forever the logic shown below. +BlockID has seen +2/3 votes. This routine is based on the local RoundState (`rs`) and the known PeerRoundState +(`prs`). The routine repeats forever the logic shown below. ``` 1a) if rs.Height == prs.Height then @@ -328,28 +336,9 @@ BlockID has seen +2/3 votes. This routine is based on the local RoundState (deno ## Broadcast routine -The Broadcast routine subscribes to internal event bus to receive new round steps, votes messages and proposal +The Broadcast routine subscribes to an internal event bus to receive new round steps, votes messages and proposal heartbeat messages, and broadcasts messages to peers upon receiving those events. -It brodcasts `NewRoundStepMessage` or `CommitStepMessage` upon new round state event. Note that -broadcasting these messages does not depend on the PeerRoundState. It is sent on the StateChannel. +It broadcasts `NewRoundStepMessage` or `CommitStepMessage` upon new round state event. Note that +broadcasting these messages does not depend on the PeerRoundState; it is sent on the StateChannel. Upon receiving VoteMessage it broadcasts `HasVoteMessage` message to its peers on the StateChannel. `ProposalHeartbeatMessage` is sent the same way on the StateChannel. - - - - - - - - - - - - - - - - - - - From fe632ea32a89c3d9804bbd6e3ce9391b1d5a0993 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 26 Jan 2018 17:26:11 -0500 Subject: [PATCH 129/188] spec: minor fixes --- docs/specification/new-spec/blockchain.md | 10 ++++------ docs/specification/new-spec/encoding.md | 2 +- docs/specification/new-spec/p2p/connection.md | 2 +- docs/specification/new-spec/p2p/node.md | 4 ++-- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/docs/specification/new-spec/blockchain.md b/docs/specification/new-spec/blockchain.md index 3f8849b15..d95d5d330 100644 --- a/docs/specification/new-spec/blockchain.md +++ b/docs/specification/new-spec/blockchain.md @@ -6,7 +6,7 @@ Here we describe the data structures in the Tendermint blockchain and the rules The Tendermint blockchains consists of a short list of basic data types: -- `Block` +- `Block` - `Header` - `Vote` - `BlockID` @@ -232,7 +232,7 @@ The first block has `block.Header.TotalTxs = block.Header.NumberTxs`. ### LastBlockID -For the previous block's BlockID: +LastBlockID is the previous block's BlockID: ```go prevBlockParts := MakeParts(prevBlock, state.LastConsensusParams.BlockGossip.BlockPartSize) @@ -297,11 +297,9 @@ block.Header.Proposer in state.Validators Original proposer of the block. Must be a current validator. -**Note:** this field can only be further verified by real-time participants in the consensus. -This is because the same block can be proposed in multiple rounds for the same height -and we do not track the initial round that the block was proposed. +NOTE: we also need to track the round. -### EvidenceHash +## EvidenceHash ```go block.EvidenceHash == SimpleMerkleRoot(block.Evidence) diff --git a/docs/specification/new-spec/encoding.md b/docs/specification/new-spec/encoding.md index 97dbf0477..e0317b7ef 100644 --- a/docs/specification/new-spec/encoding.md +++ b/docs/specification/new-spec/encoding.md @@ -189,7 +189,7 @@ Note how the fields within each level are sorted. ### MakeParts -TMBIN encodes an object and slices it into parts. +Encode an object using TMBIN and slice it into parts. ```go MakeParts(object, partSize) diff --git a/docs/specification/new-spec/p2p/connection.md b/docs/specification/new-spec/p2p/connection.md index 071b8f1b6..9b5e49675 100644 --- a/docs/specification/new-spec/p2p/connection.md +++ b/docs/specification/new-spec/p2p/connection.md @@ -22,7 +22,7 @@ The ping and pong messages consist of writing a single byte to the connection; 0 When we haven't received any messages on an `MConnection` in time `pingTimeout`, we send a ping message. When a ping is received on the `MConnection`, a pong is sent in response only if there are no other messages -to send and the peer has not sent us too many pings (how many is too many?). +to send and the peer has not sent us too many pings (TODO). If a pong or message is not received in sufficient time after a ping, the peer is disconnected from. diff --git a/docs/specification/new-spec/p2p/node.md b/docs/specification/new-spec/p2p/node.md index 6410cc769..589e3b436 100644 --- a/docs/specification/new-spec/p2p/node.md +++ b/docs/specification/new-spec/p2p/node.md @@ -1,12 +1,12 @@ # Tendermint Peer Discovery -A Tendermint P2P network has different kinds of nodes with different requirements for connectivity compared to other types of networks. +A Tendermint P2P network has different kinds of nodes with different requirements for connectivity to one another. This document describes what kind of nodes Tendermint should enable and how they should work. ## Seeds Seeds are the first point of contact for a new node. -They return a list of known active peers and disconnect....if? +They return a list of known active peers and then disconnect. Seeds should operate full nodes with the PEX reactor in a "crawler" mode that continuously explores to validate the availability of peers. From 1c01671ec6c827de5121952bc1e240eeb2e47673 Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Wed, 31 Jan 2018 16:00:15 +0000 Subject: [PATCH 130/188] improve vague error msg, closes #1158 --- types/vote_set.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/types/vote_set.go b/types/vote_set.go index 584a45e65..2b5ac6316 100644 --- a/types/vote_set.go +++ b/types/vote_set.go @@ -172,7 +172,7 @@ func (voteSet *VoteSet) addVote(vote *Vote) (added bool, err error) { // Ensure that the signer has the right address if !bytes.Equal(valAddr, lookupAddr) { return false, errors.Wrapf(ErrVoteInvalidValidatorAddress, - "vote.ValidatorAddress (%X) does not match address (%X) for vote.ValidatorIndex (%d)", + "vote.ValidatorAddress (%X) does not match address (%X) for vote.ValidatorIndex (%d)\nEnsure the genesis file is correct across all validators.", valAddr, lookupAddr, valIndex) } From 4cbdbbaac93b7a0baa204cbb37be0119d1bd2fec Mon Sep 17 00:00:00 2001 From: Zarko Milosevic Date: Thu, 1 Feb 2018 15:21:09 +0100 Subject: [PATCH 131/188] Add BFT time spec --- docs/specification/new-spec/bft-time.md | 42 +++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 docs/specification/new-spec/bft-time.md diff --git a/docs/specification/new-spec/bft-time.md b/docs/specification/new-spec/bft-time.md new file mode 100644 index 000000000..cbb1b65d4 --- /dev/null +++ b/docs/specification/new-spec/bft-time.md @@ -0,0 +1,42 @@ +# BFT time in Tendermint + +Tendermint provides a deterministic, Byzantine fault-tolerant, source of time. +Time in Tendermint is defined with the Time field of the block header. + +It satisfies the following properties: + +- Time Monotonicity: Time is monotonically increasing, i.e., given +a header H1 for height h1 and a header H2 for height `h2 = h1 + 1`, `H1.Time < H2.Time`. +- Time Validity: Given a set of Commit votes that forms the `block.LastCommit` field, a range of +valid values for the Time field of the block header is defined only by +Precommit messages (from the LastCommit field) sent by correct processes, i.e., +a faulty process cannot arbitrarily increase the Time value. + +In the context of Tendermint, time is of type int64 and denotes UNIX time in milliseconds, i.e., +corresponds to the number of milliseconds since January 1, 1970. Before defining rules that need to be enforced by the +Tendermint consensus protocol, so the properties above holds, we introduce the following definition: + +- median of a set of `Vote` messages is equal to the median of `Vote.Time` fields of the corresponding `Vote` messages + +We ensure Time Monotonicity and Time Validity properties by the following rules: + +- let rs denotes `RoundState` (consensus internal state) of some process. Then +`rs.ProposalBlock.Header.Time == median(rs.LastCommit) && +rs.Proposal.Timestamp == rs.ProposalBlock.Header.Time`. + +- Furthermore, when creating the `vote` message, the following rules for determining `vote.Time` field should hold: + + - if `rs.Proposal` is defined then + `vote.Time = max(rs.Proposal.Timestamp + 1, time.Now())`, where `time.Now()` + denotes local Unix time in milliseconds. + + - if `rs.Proposal` is not defined and `rs.Votes` contains +2/3 of the corresponding vote messages (votes for the + current height and round, and with the corresponding type (`Prevote` or `Precommit`)), then + + `vote.Time = max(median(getVotes(rs.Votes, vote.Height, vote.Round, vote.Type)), time.Now())`, + + where `getVotes` function returns the votes for particular `Height`, `Round` and `Type`. + The second rule is relevant for the case when a process jumps to a higher round upon receiving +2/3 votes for a higher + round, but the corresponding `Proposal` message for the higher round hasn't been received yet. + + From 2679b7554b0358e39bae4dae5845cedd4479c896 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 3 Feb 2018 03:02:49 -0500 Subject: [PATCH 132/188] lite: comment out iavl code - TODO #1183 --- lite/proxy/query.go | 24 +++++++++++++++++++++--- rpc/client/rpc_test.go | 13 ++----------- 2 files changed, 23 insertions(+), 14 deletions(-) diff --git a/lite/proxy/query.go b/lite/proxy/query.go index 72c3ed297..ed4ad9136 100644 --- a/lite/proxy/query.go +++ b/lite/proxy/query.go @@ -4,7 +4,6 @@ import ( "github.com/pkg/errors" "github.com/tendermint/go-wire/data" - "github.com/tendermint/iavl" "github.com/tendermint/tendermint/lite" "github.com/tendermint/tendermint/lite/client" @@ -13,6 +12,20 @@ import ( ctypes "github.com/tendermint/tendermint/rpc/core/types" ) +// KeyProof represents a proof of existence or absence of a single key. +// Copied from iavl repo. TODO +type KeyProof interface { + // Verify verfies the proof is valid. To verify absence, + // the value should be nil. + Verify(key, value, root []byte) error + + // Root returns the root hash of the proof. + Root() []byte + + // Serialize itself + Bytes() []byte +} + // GetWithProof will query the key on the given node, and verify it has // a valid proof, as defined by the certifier. // @@ -21,7 +34,7 @@ import ( // If val is empty, proof should be KeyMissingProof func GetWithProof(key []byte, reqHeight int64, node rpcclient.Client, cert lite.Certifier) ( - val data.Bytes, height int64, proof iavl.KeyProof, err error) { + val data.Bytes, height int64, proof KeyProof, err error) { if reqHeight < 0 { err = errors.Errorf("Height cannot be negative") @@ -41,7 +54,7 @@ func GetWithProof(key []byte, reqHeight int64, node rpcclient.Client, // GetWithProofOptions is useful if you want full access to the ABCIQueryOptions func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOptions, node rpcclient.Client, cert lite.Certifier) ( - *ctypes.ResultABCIQuery, iavl.KeyProof, error) { + *ctypes.ResultABCIQuery, KeyProof, error) { _resp, err := node.ABCIQueryWithOptions(path, key, opts) if err != nil { @@ -67,6 +80,10 @@ func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOption return nil, nil, err } + return &ctypes.ResultABCIQuery{Response: resp}, nil, nil + + /* // TODO refactor so iavl stuff is not in tendermint core + // https://github.com/tendermint/tendermint/issues/1183 if len(resp.Value) > 0 { // The key was found, construct a proof of existence. eproof, err := iavl.ReadKeyExistsProof(resp.Proof) @@ -94,6 +111,7 @@ func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOption return nil, nil, errors.Wrap(err, "Couldn't verify proof") } return &ctypes.ResultABCIQuery{Response: resp}, aproof, ErrNoData() + */ } // GetCertifiedCommit gets the signed header for a given height diff --git a/rpc/client/rpc_test.go b/rpc/client/rpc_test.go index 9b956803e..165e4ec26 100644 --- a/rpc/client/rpc_test.go +++ b/rpc/client/rpc_test.go @@ -9,7 +9,6 @@ import ( "github.com/stretchr/testify/require" abci "github.com/tendermint/abci/types" - "github.com/tendermint/iavl" "github.com/tendermint/tendermint/rpc/client" rpctest "github.com/tendermint/tendermint/rpc/test" @@ -204,16 +203,8 @@ func TestAppCalls(t *testing.T) { // and we got a proof that works! _pres, err := c.ABCIQueryWithOptions("/key", k, client.ABCIQueryOptions{Trusted: false}) pres := _pres.Response - if assert.Nil(err) && assert.True(pres.IsOK()) { - proof, err := iavl.ReadKeyExistsProof(pres.Proof) - if assert.Nil(err) { - key := pres.Key - value := pres.Value - assert.EqualValues(appHash, proof.RootHash) - valid := proof.Verify(key, value, appHash) - assert.Nil(valid) - } - } + assert.Nil(err) + assert.True(pres.IsOK()) } } From 061ad355bbaaaafedf452eba6803133aee87aee5 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 3 Feb 2018 03:22:56 -0500 Subject: [PATCH 133/188] update glide --- glide.lock | 61 +++++++++++++++++++++--------------------------------- glide.yaml | 11 ++++------ 2 files changed, 28 insertions(+), 44 deletions(-) diff --git a/glide.lock b/glide.lock index 383772f05..f663a732f 100644 --- a/glide.lock +++ b/glide.lock @@ -1,32 +1,26 @@ -hash: 9399a10e80d255104f8ec07b5d495c41d8a3f7a421f9da97ebd78c65189f381d -updated: 2018-01-18T23:11:10.703734578-05:00 +hash: da486c9bf3e31f481a2b704f0602fe395001e03dbbab580ef13241aa452f1b37 +updated: 2018-02-03T03:00:02.112396533-05:00 imports: - name: github.com/btcsuite/btcd - version: 2e60448ffcc6bf78332d1fe590260095f554dd78 + version: 50de9da05b50eb15658bb350f6ea24368a111ab7 subpackages: - btcec - name: github.com/ebuchman/fail-test version: 95f809107225be108efcf10a3509e4ea6ceef3c4 - name: github.com/fsnotify/fsnotify - version: 4da3e2cfbabc9f751898f250b49f2439785783a1 + version: c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9 - name: github.com/go-kit/kit - version: 53f10af5d5c7375d4655a3d6852457ed17ab5cc7 + version: 4dc7be5d2d12881735283bcab7352178e190fc71 subpackages: - log - log/level - log/term - name: github.com/go-logfmt/logfmt version: 390ab7935ee28ec6b286364bba9b4dd6410cb3d5 -- name: github.com/go-playground/locales - version: e4cbcb5d0652150d40ad0646651076b6bd2be4f6 - subpackages: - - currency -- name: github.com/go-playground/universal-translator - version: 71201497bace774495daed26a3874fd339e0b538 - name: github.com/go-stack/stack version: 259ab82a6cad3992b4e21ff5cac294ccb06474bc - name: github.com/gogo/protobuf - version: 342cbe0a04158f6dcb03ca0079991a51a4248c02 + version: 1adfc126b41513cc696b209667c8656ea7aac67c subpackages: - gogoproto - jsonpb @@ -35,7 +29,7 @@ imports: - sortkeys - types - name: github.com/golang/protobuf - version: 1e59b77b52bf8e4b449a57e6f79f21226d571845 + version: bbd03ef6da3a115852eaf24c8a1c46aeb39aa175 subpackages: - proto - ptypes @@ -66,15 +60,15 @@ imports: - name: github.com/magiconair/properties version: 49d762b9817ba1c2e9d0c69183c2b4a8b8f1d934 - name: github.com/mitchellh/mapstructure - version: 06020f85339e21b2478f756a78e295255ffa4d6a + version: b4575eea38cca1123ec2dc90c26529b5c5acfcff - name: github.com/pelletier/go-toml - version: 4e9e0ee19b60b13eb79915933f44d8ed5f268bdd + version: acdc4509485b587f5e675510c4f2c63e90ff68a8 - name: github.com/pkg/errors version: 645ef00459ed84a119197bfb8d8205042c6df63d - name: github.com/rcrowley/go-metrics - version: e181e095bae94582363434144c61a9653aff6e50 + version: 8732c616f52954686704c8645fe1a9d59e9df7c1 - name: github.com/spf13/afero - version: 8d919cbe7e2627e417f3e45c3c0e489a5b7e2536 + version: bb8f1927f2a9d3ab41c9340aa034f6b803f4359c subpackages: - mem - name: github.com/spf13/cast @@ -82,13 +76,13 @@ imports: - name: github.com/spf13/cobra version: 7b2c5ac9fc04fc5efafb60700713d4fa609b777b - name: github.com/spf13/jwalterweatherman - version: 12bd96e66386c1960ab0f74ced1362f66f552f7b + version: 7c0cea34c8ece3fbeb2b27ab9b59511d360fb394 - name: github.com/spf13/pflag version: 4c012f6dcd9546820e378d0bdda4d8fc772cdfea - name: github.com/spf13/viper version: 25b30aa063fc18e48662b86996252eabdcf2f0c7 - name: github.com/syndtr/goleveldb - version: adf24ef3f94bd13ec4163060b21a5678f22b429b + version: 211f780988068502fe874c44dae530528ebd840f subpackages: - leveldb - leveldb/cache @@ -103,7 +97,7 @@ imports: - leveldb/table - leveldb/util - name: github.com/tendermint/abci - version: 5d5ea6869b91cadb55dbc4211ad7b326f053a33e + version: 5a4f56056e23cdfd5f3733db056968e016468508 subpackages: - client - example/code @@ -122,14 +116,9 @@ imports: version: b6fc872b42d41158a60307db4da051dd6f179415 subpackages: - data - - data/base58 - nowriter/tmlegacy -- name: github.com/tendermint/iavl - version: 594cc0c062a7174475f0ab654384038d77067917 - subpackages: - - iavl - name: github.com/tendermint/tmlibs - version: 15e51fa76086a3c505f227679c2478043ae7261b + version: deaaf014d8b8d1095054380a38b1b00e293f725f subpackages: - autofile - cli @@ -144,7 +133,7 @@ imports: - pubsub/query - test - name: golang.org/x/crypto - version: 94eea52f7b742c7cbe0b03b22f0c4c8631ece122 + version: 1875d0a70c90e57f11972aefd42276df65e895b9 subpackages: - curve25519 - nacl/box @@ -155,7 +144,7 @@ imports: - ripemd160 - salsa20/salsa - name: golang.org/x/net - version: d866cfc389cec985d6fda2859936a575a55a3ab6 + version: 2fb46b16b8dda405028c50f7c7f0f9dd1fa6bfb1 subpackages: - context - http2 @@ -165,18 +154,18 @@ imports: - lex/httplex - trace - name: golang.org/x/sys - version: 8b4580aae2a0dd0c231a45d3ccb8434ff533b840 + version: 37707fdb30a5b38865cfb95e5aab41707daec7fd subpackages: - unix - name: golang.org/x/text - version: 57961680700a5336d15015c8c50686ca5ba362a4 + version: e19ae1496984b1c655b8044a65c0300a3c878dd3 subpackages: - secure/bidirule - transform - unicode/bidi - unicode/norm - name: google.golang.org/genproto - version: a8101f21cf983e773d0c1133ebc5424792003214 + version: 4eb30f4778eed4c258ba66527a0d4f9ec8a36c45 subpackages: - googleapis/rpc/status - name: google.golang.org/grpc @@ -198,21 +187,19 @@ imports: - status - tap - transport -- name: gopkg.in/go-playground/validator.v9 - version: 61caf9d3038e1af346dbf5c2e16f6678e1548364 - name: gopkg.in/yaml.v2 - version: 287cf08546ab5e7e37d55a84f7ed3fd1db036de5 + version: d670f9405373e636a5a2765eea47fac0c9bc91a4 testImports: - name: github.com/davecgh/go-spew - version: 04cdfd42973bb9c8589fd6a731800cf222fde1a9 + version: 87df7c60d5820d0f8ae11afede5aa52325c09717 subpackages: - spew - name: github.com/pmezard/go-difflib - version: d8ed2627bdf02c080bf22230dbb337003b7aba2d + version: 792786c7400a136282c1664665ae0a8db921c6c2 subpackages: - difflib - name: github.com/stretchr/testify - version: 2aa2c176b9dab406a6970f6a55f513e8a8c8b18f + version: a726187e3128d0a0ec37f73ca7c4d3e508e6c2e5 subpackages: - assert - require diff --git a/glide.yaml b/glide.yaml index 2302a6dcf..90b845e1c 100644 --- a/glide.yaml +++ b/glide.yaml @@ -2,7 +2,7 @@ package: github.com/tendermint/tendermint import: - package: github.com/ebuchman/fail-test - package: github.com/gogo/protobuf - version: v0.5 + version: ^1.0.0 subpackages: - proto - package: github.com/golang/protobuf @@ -18,7 +18,7 @@ import: - package: github.com/spf13/viper version: v1.0.0 - package: github.com/tendermint/abci - version: v0.9.0 + version: develop subpackages: - client - example/dummy @@ -29,12 +29,8 @@ import: version: ~0.7.2 subpackages: - data -- package: github.com/tendermint/iavl - version: ~0.2.0 - subpackages: - - iavl - package: github.com/tendermint/tmlibs - version: v0.6.1 + version: develop subpackages: - autofile - cli @@ -58,6 +54,7 @@ import: version: v1.7.3 testImport: - package: github.com/go-kit/kit + version: ^0.6.0 subpackages: - log/term - package: github.com/stretchr/testify From 4e3488c677689ee48530c1f6088c771e8afb935d Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 3 Feb 2018 03:23:10 -0500 Subject: [PATCH 134/188] update types --- types/block.go | 55 +++++++++++++++++++++++++++++------------- types/event_bus.go | 11 ++------- types/evidence.go | 6 +++-- types/params.go | 14 +++++------ types/part_set.go | 4 +-- types/protobuf.go | 8 +++--- types/results.go | 12 ++++----- types/signable.go | 6 ----- types/tx.go | 8 +++--- types/validator_set.go | 8 +++--- 10 files changed, 71 insertions(+), 61 deletions(-) diff --git a/types/block.go b/types/block.go index 6aa97c2d6..b9b541a96 100644 --- a/types/block.go +++ b/types/block.go @@ -12,6 +12,7 @@ import ( "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/merkle" + "golang.org/x/crypto/ripemd160" ) // Block defines the atomic unit of a Tendermint blockchain. @@ -179,20 +180,20 @@ func (h *Header) Hash() data.Bytes { if len(h.ValidatorsHash) == 0 { return nil } - return merkle.SimpleHashFromMap(map[string]interface{}{ - "ChainID": h.ChainID, - "Height": h.Height, - "Time": h.Time, - "NumTxs": h.NumTxs, - "TotalTxs": h.TotalTxs, - "LastBlockID": h.LastBlockID, - "LastCommit": h.LastCommitHash, - "Data": h.DataHash, - "Validators": h.ValidatorsHash, - "App": h.AppHash, - "Consensus": h.ConsensusHash, - "Results": h.LastResultsHash, - "Evidence": h.EvidenceHash, + return merkle.SimpleHashFromMap(map[string]merkle.Hasher{ + "ChainID": wireHasher(h.ChainID), + "Height": wireHasher(h.Height), + "Time": wireHasher(h.Time), + "NumTxs": wireHasher(h.NumTxs), + "TotalTxs": wireHasher(h.TotalTxs), + "LastBlockID": wireHasher(h.LastBlockID), + "LastCommit": wireHasher(h.LastCommitHash), + "Data": wireHasher(h.DataHash), + "Validators": wireHasher(h.ValidatorsHash), + "App": wireHasher(h.AppHash), + "Consensus": wireHasher(h.ConsensusHash), + "Results": wireHasher(h.LastResultsHash), + "Evidence": wireHasher(h.EvidenceHash), }) } @@ -356,11 +357,11 @@ func (commit *Commit) ValidateBasic() error { // Hash returns the hash of the commit func (commit *Commit) Hash() data.Bytes { if commit.hash == nil { - bs := make([]interface{}, len(commit.Precommits)) + bs := make([]merkle.Hasher, len(commit.Precommits)) for i, precommit := range commit.Precommits { - bs[i] = precommit + bs[i] = wireHasher(precommit) } - commit.hash = merkle.SimpleHashFromBinaries(bs) + commit.hash = merkle.SimpleHashFromHashers(bs) } return commit.hash } @@ -510,3 +511,23 @@ func (blockID BlockID) WriteSignBytes(w io.Writer, n *int, err *error) { func (blockID BlockID) String() string { return fmt.Sprintf(`%v:%v`, blockID.Hash, blockID.PartsHeader) } + +//------------------------------------------------------- + +type hasher struct { + item interface{} +} + +func (h hasher) Hash() []byte { + hasher, n, err := ripemd160.New(), new(int), new(error) + wire.WriteBinary(h.item, hasher, n, err) + if *err != nil { + panic(err) + } + return hasher.Sum(nil) + +} + +func wireHasher(item interface{}) merkle.Hasher { + return hasher{item} +} diff --git a/types/event_bus.go b/types/event_bus.go index 6b6069b90..4edaea588 100644 --- a/types/event_bus.go +++ b/types/event_bus.go @@ -4,7 +4,6 @@ import ( "context" "fmt" - abci "github.com/tendermint/abci/types" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/log" tmpubsub "github.com/tendermint/tmlibs/pubsub" @@ -98,17 +97,11 @@ func (b *EventBus) PublishEventTx(event EventDataTx) error { // validate and fill tags from tx result for _, tag := range event.Result.Tags { // basic validation - if tag.Key == "" { + if len(tag.Key) == 0 { b.Logger.Info("Got tag with an empty key (skipping)", "tag", tag, "tx", event.Tx) continue } - - switch tag.ValueType { - case abci.KVPair_STRING: - tags[tag.Key] = tag.ValueString - case abci.KVPair_INT: - tags[tag.Key] = tag.ValueInt - } + tags[string(tag.Key)] = tag.Value } // add predefined tags diff --git a/types/evidence.go b/types/evidence.go index 3ae3e40b1..9973c62e6 100644 --- a/types/evidence.go +++ b/types/evidence.go @@ -120,7 +120,7 @@ func (dve *DuplicateVoteEvidence) Index() int { // Hash returns the hash of the evidence. func (dve *DuplicateVoteEvidence) Hash() []byte { - return merkle.SimpleHashFromBinary(dve) + return wireHasher(dve).Hash() } // Verify returns an error if the two votes aren't conflicting. @@ -165,7 +165,9 @@ func (dve *DuplicateVoteEvidence) Equal(ev Evidence) bool { } // just check their hashes - return bytes.Equal(merkle.SimpleHashFromBinary(dve), merkle.SimpleHashFromBinary(ev)) + dveHash := wireHasher(dve).Hash() + evHash := wireHasher(ev).Hash() + return bytes.Equal(dveHash, evHash) } //----------------------------------------------------------------- diff --git a/types/params.go b/types/params.go index 90ab5f659..0e8ac577f 100644 --- a/types/params.go +++ b/types/params.go @@ -106,13 +106,13 @@ func (params *ConsensusParams) Validate() error { // Hash returns a merkle hash of the parameters to store // in the block header func (params *ConsensusParams) Hash() []byte { - return merkle.SimpleHashFromMap(map[string]interface{}{ - "block_gossip_part_size_bytes": params.BlockGossip.BlockPartSizeBytes, - "block_size_max_bytes": params.BlockSize.MaxBytes, - "block_size_max_gas": params.BlockSize.MaxGas, - "block_size_max_txs": params.BlockSize.MaxTxs, - "tx_size_max_bytes": params.TxSize.MaxBytes, - "tx_size_max_gas": params.TxSize.MaxGas, + return merkle.SimpleHashFromMap(map[string]merkle.Hasher{ + "block_gossip_part_size_bytes": wireHasher(params.BlockGossip.BlockPartSizeBytes), + "block_size_max_bytes": wireHasher(params.BlockSize.MaxBytes), + "block_size_max_gas": wireHasher(params.BlockSize.MaxGas), + "block_size_max_txs": wireHasher(params.BlockSize.MaxTxs), + "tx_size_max_bytes": wireHasher(params.TxSize.MaxBytes), + "tx_size_max_gas": wireHasher(params.TxSize.MaxGas), }) } diff --git a/types/part_set.go b/types/part_set.go index e8a0997c0..d922e34d6 100644 --- a/types/part_set.go +++ b/types/part_set.go @@ -96,7 +96,7 @@ func NewPartSetFromData(data []byte, partSize int) *PartSet { // divide data into 4kb parts. total := (len(data) + partSize - 1) / partSize parts := make([]*Part, total) - parts_ := make([]merkle.Hashable, total) + parts_ := make([]merkle.Hasher, total) partsBitArray := cmn.NewBitArray(total) for i := 0; i < total; i++ { part := &Part{ @@ -108,7 +108,7 @@ func NewPartSetFromData(data []byte, partSize int) *PartSet { partsBitArray.SetIndex(i, true) } // Compute merkle proofs - root, proofs := merkle.SimpleProofsFromHashables(parts_) + root, proofs := merkle.SimpleProofsFromHashers(parts_) for i := 0; i < total; i++ { parts[i].Proof = *proofs[i] } diff --git a/types/protobuf.go b/types/protobuf.go index 43c8f4505..bac5b799e 100644 --- a/types/protobuf.go +++ b/types/protobuf.go @@ -23,15 +23,15 @@ func (tm2pb) Header(header *Header) *types.Header { } } -func (tm2pb) BlockID(blockID BlockID) *types.BlockID { - return &types.BlockID{ +func (tm2pb) BlockID(blockID BlockID) types.BlockID { + return types.BlockID{ Hash: blockID.Hash, Parts: TM2PB.PartSetHeader(blockID.PartsHeader), } } -func (tm2pb) PartSetHeader(partSetHeader PartSetHeader) *types.PartSetHeader { - return &types.PartSetHeader{ +func (tm2pb) PartSetHeader(partSetHeader PartSetHeader) types.PartSetHeader { + return types.PartSetHeader{ Total: int32(partSetHeader.Total), // XXX: overflow Hash: partSetHeader.Hash, } diff --git a/types/results.go b/types/results.go index 29420fbc0..8e79e1ac7 100644 --- a/types/results.go +++ b/types/results.go @@ -47,20 +47,20 @@ func (a ABCIResults) Bytes() []byte { // Hash returns a merkle hash of all results func (a ABCIResults) Hash() []byte { - return merkle.SimpleHashFromHashables(a.toHashables()) + return merkle.SimpleHashFromHashers(a.toHashers()) } // ProveResult returns a merkle proof of one result from the set func (a ABCIResults) ProveResult(i int) merkle.SimpleProof { - _, proofs := merkle.SimpleProofsFromHashables(a.toHashables()) + _, proofs := merkle.SimpleProofsFromHashers(a.toHashers()) return *proofs[i] } -func (a ABCIResults) toHashables() []merkle.Hashable { +func (a ABCIResults) toHashers() []merkle.Hasher { l := len(a) - hashables := make([]merkle.Hashable, l) + hashers := make([]merkle.Hasher, l) for i := 0; i < l; i++ { - hashables[i] = a[i] + hashers[i] = a[i] } - return hashables + return hashers } diff --git a/types/signable.go b/types/signable.go index 2134f6300..bfdf9faa1 100644 --- a/types/signable.go +++ b/types/signable.go @@ -5,7 +5,6 @@ import ( "io" cmn "github.com/tendermint/tmlibs/common" - "github.com/tendermint/tmlibs/merkle" ) // Signable is an interface for all signable things. @@ -23,8 +22,3 @@ func SignBytes(chainID string, o Signable) []byte { } return buf.Bytes() } - -// HashSignBytes is a convenience method for getting the hash of the bytes of a signable -func HashSignBytes(chainID string, o Signable) []byte { - return merkle.SimpleHashFromBinary(SignBytes(chainID, o)) -} diff --git a/types/tx.go b/types/tx.go index 4cf5843ae..db42ed8e7 100644 --- a/types/tx.go +++ b/types/tx.go @@ -18,7 +18,7 @@ type Tx []byte // Hash computes the RIPEMD160 hash of the go-wire encoded transaction. func (tx Tx) Hash() []byte { - return merkle.SimpleHashFromBinary(tx) + return wireHasher(tx).Hash() } // String returns the hex-encoded transaction as a string. @@ -72,11 +72,11 @@ func (txs Txs) IndexByHash(hash []byte) int { // TODO: optimize this! func (txs Txs) Proof(i int) TxProof { l := len(txs) - hashables := make([]merkle.Hashable, l) + hashers := make([]merkle.Hasher, l) for i := 0; i < l; i++ { - hashables[i] = txs[i] + hashers[i] = txs[i] } - root, proofs := merkle.SimpleProofsFromHashables(hashables) + root, proofs := merkle.SimpleProofsFromHashers(hashers) return TxProof{ Index: i, diff --git a/types/validator_set.go b/types/validator_set.go index 7e895aba0..0d6c3249e 100644 --- a/types/validator_set.go +++ b/types/validator_set.go @@ -54,7 +54,7 @@ func (valSet *ValidatorSet) IncrementAccum(times int) { for _, val := range valSet.Validators { // check for overflow both multiplication and sum val.Accum = safeAddClip(val.Accum, safeMulClip(val.VotingPower, int64(times))) - validatorsHeap.Push(val, accumComparable{val}) + validatorsHeap.PushComparable(val, accumComparable{val}) } // Decrement the validator with most accum times times @@ -150,11 +150,11 @@ func (valSet *ValidatorSet) Hash() []byte { if len(valSet.Validators) == 0 { return nil } - hashables := make([]merkle.Hashable, len(valSet.Validators)) + hashers := make([]merkle.Hasher, len(valSet.Validators)) for i, val := range valSet.Validators { - hashables[i] = val + hashers[i] = val } - return merkle.SimpleHashFromHashables(hashables) + return merkle.SimpleHashFromHashers(hashers) } func (valSet *ValidatorSet) Add(val *Validator) (added bool) { From cd0fd06b0d8eaecfc33fa64c664eda22ec54307e Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 6 Jan 2018 01:26:51 -0500 Subject: [PATCH 135/188] update for sdk2 libs. need to fix kv test NOTE we only updating for tmlibs and abci --- blockchain/store.go | 2 +- blockchain/store_test.go | 3 +- consensus/byzantine_test.go | 3 +- consensus/mempool_test.go | 6 +- consensus/replay.go | 2 +- evidence/store.go | 4 +- glide.lock | 205 ----------------------------------- glide.yaml | 4 +- lite/proxy/query.go | 16 ++- mempool/mempool_test.go | 2 +- node/node.go | 4 +- state/execution.go | 27 ++--- state/execution_test.go | 13 ++- state/state_test.go | 60 +++++----- state/txindex/kv/kv.go | 47 ++++---- state/txindex/kv/kv_test.go | 29 ++--- types/canonical_json.go | 10 +- types/heartbeat.go | 3 +- types/priv_validator.go | 6 +- types/priv_validator_test.go | 3 +- types/protobuf.go | 12 +- types/validator.go | 9 +- types/vote.go | 6 +- 23 files changed, 130 insertions(+), 346 deletions(-) delete mode 100644 glide.lock diff --git a/blockchain/store.go b/blockchain/store.go index 91d2b220f..a9a543436 100644 --- a/blockchain/store.go +++ b/blockchain/store.go @@ -254,7 +254,7 @@ func (bsj BlockStoreStateJSON) Save(db dbm.DB) { // If no BlockStoreStateJSON was previously persisted, it returns the zero value. func LoadBlockStoreStateJSON(db dbm.DB) BlockStoreStateJSON { bytes := db.Get(blockStoreKey) - if bytes == nil { + if len(bytes) == 0 { return BlockStoreStateJSON{ Height: 0, } diff --git a/blockchain/store_test.go b/blockchain/store_test.go index 933329c4b..16185ca0d 100644 --- a/blockchain/store_test.go +++ b/blockchain/store_test.go @@ -42,7 +42,6 @@ func TestNewBlockStore(t *testing.T) { wantErr string }{ {[]byte("artful-doger"), "not unmarshal bytes"}, - {[]byte(""), "unmarshal bytes"}, {[]byte(" "), "unmarshal bytes"}, } @@ -76,7 +75,7 @@ func TestBlockStoreGetReader(t *testing.T) { }{ 0: {key: []byte("Foo"), want: []byte("Bar")}, 1: {key: []byte("KnoxNonExistent"), want: nil}, - 2: {key: []byte("Foo1"), want: nil}, + 2: {key: []byte("Foo1"), want: []byte{}}, } for i, tt := range tests { diff --git a/consensus/byzantine_test.go b/consensus/byzantine_test.go index 38df1ecc1..faf65ecd1 100644 --- a/consensus/byzantine_test.go +++ b/consensus/byzantine_test.go @@ -8,7 +8,6 @@ import ( "github.com/stretchr/testify/require" crypto "github.com/tendermint/go-crypto" - data "github.com/tendermint/go-wire/data" "github.com/tendermint/tendermint/p2p" "github.com/tendermint/tendermint/types" cmn "github.com/tendermint/tmlibs/common" @@ -281,7 +280,7 @@ func NewByzantinePrivValidator(pv types.PrivValidator) *ByzantinePrivValidator { } } -func (privVal *ByzantinePrivValidator) GetAddress() data.Bytes { +func (privVal *ByzantinePrivValidator) GetAddress() crypto.Address { return privVal.pv.GetAddress() } diff --git a/consensus/mempool_test.go b/consensus/mempool_test.go index 97bc050fa..d1714a741 100644 --- a/consensus/mempool_test.go +++ b/consensus/mempool_test.go @@ -129,7 +129,7 @@ func TestMempoolRmBadTx(t *testing.T) { assert.False(t, resDeliver.IsErr(), cmn.Fmt("expected no error. got %v", resDeliver)) resCommit := app.Commit() - assert.False(t, resCommit.IsErr(), cmn.Fmt("expected no error. got %v", resCommit)) + assert.True(t, len(resCommit.Data) > 0) emptyMempoolCh := make(chan struct{}) checkTxRespCh := make(chan struct{}) @@ -223,10 +223,10 @@ func txAsUint64(tx []byte) uint64 { func (app *CounterApplication) Commit() abci.ResponseCommit { app.mempoolTxCount = app.txCount if app.txCount == 0 { - return abci.ResponseCommit{Code: code.CodeTypeOK} + return abci.ResponseCommit{} } else { hash := make([]byte, 8) binary.BigEndian.PutUint64(hash, uint64(app.txCount)) - return abci.ResponseCommit{Code: code.CodeTypeOK, Data: hash} + return abci.ResponseCommit{Data: hash} } } diff --git a/consensus/replay.go b/consensus/replay.go index 881571077..ac7fcdec9 100644 --- a/consensus/replay.go +++ b/consensus/replay.go @@ -423,5 +423,5 @@ func (mock *mockProxyApp) EndBlock(req abci.RequestEndBlock) abci.ResponseEndBlo } func (mock *mockProxyApp) Commit() abci.ResponseCommit { - return abci.ResponseCommit{Code: abci.CodeTypeOK, Data: mock.appHash} + return abci.ResponseCommit{Data: mock.appHash} } diff --git a/evidence/store.go b/evidence/store.go index fd40b5338..7c8becd02 100644 --- a/evidence/store.go +++ b/evidence/store.go @@ -99,8 +99,8 @@ func (store *EvidenceStore) PendingEvidence() (evidence []types.Evidence) { // ListEvidence lists the evidence for the given prefix key. // It is wrapped by PriorityEvidence and PendingEvidence for convenience. func (store *EvidenceStore) ListEvidence(prefixKey string) (evidence []types.Evidence) { - iter := store.db.IteratorPrefix([]byte(prefixKey)) - for iter.Next() { + iter := dbm.IteratePrefix(store.db, []byte(prefixKey)) + for ; iter.Valid(); iter.Next() { val := iter.Value() var ei EvidenceInfo diff --git a/glide.lock b/glide.lock deleted file mode 100644 index f663a732f..000000000 --- a/glide.lock +++ /dev/null @@ -1,205 +0,0 @@ -hash: da486c9bf3e31f481a2b704f0602fe395001e03dbbab580ef13241aa452f1b37 -updated: 2018-02-03T03:00:02.112396533-05:00 -imports: -- name: github.com/btcsuite/btcd - version: 50de9da05b50eb15658bb350f6ea24368a111ab7 - subpackages: - - btcec -- name: github.com/ebuchman/fail-test - version: 95f809107225be108efcf10a3509e4ea6ceef3c4 -- name: github.com/fsnotify/fsnotify - version: c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9 -- name: github.com/go-kit/kit - version: 4dc7be5d2d12881735283bcab7352178e190fc71 - subpackages: - - log - - log/level - - log/term -- name: github.com/go-logfmt/logfmt - version: 390ab7935ee28ec6b286364bba9b4dd6410cb3d5 -- name: github.com/go-stack/stack - version: 259ab82a6cad3992b4e21ff5cac294ccb06474bc -- name: github.com/gogo/protobuf - version: 1adfc126b41513cc696b209667c8656ea7aac67c - subpackages: - - gogoproto - - jsonpb - - proto - - protoc-gen-gogo/descriptor - - sortkeys - - types -- name: github.com/golang/protobuf - version: bbd03ef6da3a115852eaf24c8a1c46aeb39aa175 - subpackages: - - proto - - ptypes - - ptypes/any - - ptypes/duration - - ptypes/timestamp -- name: github.com/golang/snappy - version: 553a641470496b2327abcac10b36396bd98e45c9 -- name: github.com/gorilla/websocket - version: ea4d1f681babbce9545c9c5f3d5194a789c89f5b -- name: github.com/hashicorp/hcl - version: 23c074d0eceb2b8a5bfdbb271ab780cde70f05a8 - subpackages: - - hcl/ast - - hcl/parser - - hcl/scanner - - hcl/strconv - - hcl/token - - json/parser - - json/scanner - - json/token -- name: github.com/inconshreveable/mousetrap - version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 -- name: github.com/jmhodges/levigo - version: c42d9e0ca023e2198120196f842701bb4c55d7b9 -- name: github.com/kr/logfmt - version: b84e30acd515aadc4b783ad4ff83aff3299bdfe0 -- name: github.com/magiconair/properties - version: 49d762b9817ba1c2e9d0c69183c2b4a8b8f1d934 -- name: github.com/mitchellh/mapstructure - version: b4575eea38cca1123ec2dc90c26529b5c5acfcff -- name: github.com/pelletier/go-toml - version: acdc4509485b587f5e675510c4f2c63e90ff68a8 -- name: github.com/pkg/errors - version: 645ef00459ed84a119197bfb8d8205042c6df63d -- name: github.com/rcrowley/go-metrics - version: 8732c616f52954686704c8645fe1a9d59e9df7c1 -- name: github.com/spf13/afero - version: bb8f1927f2a9d3ab41c9340aa034f6b803f4359c - subpackages: - - mem -- name: github.com/spf13/cast - version: acbeb36b902d72a7a4c18e8f3241075e7ab763e4 -- name: github.com/spf13/cobra - version: 7b2c5ac9fc04fc5efafb60700713d4fa609b777b -- name: github.com/spf13/jwalterweatherman - version: 7c0cea34c8ece3fbeb2b27ab9b59511d360fb394 -- name: github.com/spf13/pflag - version: 4c012f6dcd9546820e378d0bdda4d8fc772cdfea -- name: github.com/spf13/viper - version: 25b30aa063fc18e48662b86996252eabdcf2f0c7 -- name: github.com/syndtr/goleveldb - version: 211f780988068502fe874c44dae530528ebd840f - subpackages: - - leveldb - - leveldb/cache - - leveldb/comparer - - leveldb/errors - - leveldb/filter - - leveldb/iterator - - leveldb/journal - - leveldb/memdb - - leveldb/opt - - leveldb/storage - - leveldb/table - - leveldb/util -- name: github.com/tendermint/abci - version: 5a4f56056e23cdfd5f3733db056968e016468508 - subpackages: - - client - - example/code - - example/counter - - example/dummy - - server - - types -- name: github.com/tendermint/ed25519 - version: d8387025d2b9d158cf4efb07e7ebf814bcce2057 - subpackages: - - edwards25519 - - extra25519 -- name: github.com/tendermint/go-crypto - version: dd20358a264c772b4a83e477b0cfce4c88a7001d -- name: github.com/tendermint/go-wire - version: b6fc872b42d41158a60307db4da051dd6f179415 - subpackages: - - data - - nowriter/tmlegacy -- name: github.com/tendermint/tmlibs - version: deaaf014d8b8d1095054380a38b1b00e293f725f - subpackages: - - autofile - - cli - - cli/flags - - clist - - common - - db - - flowrate - - log - - merkle - - pubsub - - pubsub/query - - test -- name: golang.org/x/crypto - version: 1875d0a70c90e57f11972aefd42276df65e895b9 - subpackages: - - curve25519 - - nacl/box - - nacl/secretbox - - openpgp/armor - - openpgp/errors - - poly1305 - - ripemd160 - - salsa20/salsa -- name: golang.org/x/net - version: 2fb46b16b8dda405028c50f7c7f0f9dd1fa6bfb1 - subpackages: - - context - - http2 - - http2/hpack - - idna - - internal/timeseries - - lex/httplex - - trace -- name: golang.org/x/sys - version: 37707fdb30a5b38865cfb95e5aab41707daec7fd - subpackages: - - unix -- name: golang.org/x/text - version: e19ae1496984b1c655b8044a65c0300a3c878dd3 - subpackages: - - secure/bidirule - - transform - - unicode/bidi - - unicode/norm -- name: google.golang.org/genproto - version: 4eb30f4778eed4c258ba66527a0d4f9ec8a36c45 - subpackages: - - googleapis/rpc/status -- name: google.golang.org/grpc - version: 401e0e00e4bb830a10496d64cd95e068c5bf50de - subpackages: - - balancer - - codes - - connectivity - - credentials - - grpclb/grpc_lb_v1/messages - - grpclog - - internal - - keepalive - - metadata - - naming - - peer - - resolver - - stats - - status - - tap - - transport -- name: gopkg.in/yaml.v2 - version: d670f9405373e636a5a2765eea47fac0c9bc91a4 -testImports: -- name: github.com/davecgh/go-spew - version: 87df7c60d5820d0f8ae11afede5aa52325c09717 - subpackages: - - spew -- name: github.com/pmezard/go-difflib - version: 792786c7400a136282c1664665ae0a8db921c6c2 - subpackages: - - difflib -- name: github.com/stretchr/testify - version: a726187e3128d0a0ec37f73ca7c4d3e508e6c2e5 - subpackages: - - assert - - require diff --git a/glide.yaml b/glide.yaml index 90b845e1c..c2726708f 100644 --- a/glide.yaml +++ b/glide.yaml @@ -24,9 +24,9 @@ import: - example/dummy - types - package: github.com/tendermint/go-crypto - version: ~0.4.1 + version: master - package: github.com/tendermint/go-wire - version: ~0.7.2 + version: master subpackages: - data - package: github.com/tendermint/tmlibs diff --git a/lite/proxy/query.go b/lite/proxy/query.go index ed4ad9136..06d7880a0 100644 --- a/lite/proxy/query.go +++ b/lite/proxy/query.go @@ -86,11 +86,16 @@ func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOption // https://github.com/tendermint/tendermint/issues/1183 if len(resp.Value) > 0 { // The key was found, construct a proof of existence. - eproof, err := iavl.ReadKeyExistsProof(resp.Proof) + proof, err := iavl.ReadKeyProof(resp.Proof) if err != nil { return nil, nil, errors.Wrap(err, "Error reading proof") } + eproof, ok := proof.(*iavl.KeyExistsProof) + if !ok { + return nil, nil, errors.New("Expected KeyExistsProof for non-empty value") + } + // Validate the proof against the certified header to ensure data integrity. err = eproof.Verify(resp.Key, resp.Value, commit.Header.AppHash) if err != nil { @@ -100,11 +105,16 @@ func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOption } // The key wasn't found, construct a proof of non-existence. - var aproof *iavl.KeyAbsentProof - aproof, err = iavl.ReadKeyAbsentProof(resp.Proof) + proof, err := iavl.ReadKeyProof(resp.Proof) if err != nil { return nil, nil, errors.Wrap(err, "Error reading proof") } + + aproof, ok := proof.(*iavl.KeyAbsentProof) + if !ok { + return nil, nil, errors.New("Expected KeyAbsentProof for empty Value") + } + // Validate the proof against the certified header to ensure data integrity. err = aproof.Verify(resp.Key, nil, commit.Header.AppHash) if err != nil { diff --git a/mempool/mempool_test.go b/mempool/mempool_test.go index 6dfb5984b..5b04e9493 100644 --- a/mempool/mempool_test.go +++ b/mempool/mempool_test.go @@ -185,7 +185,7 @@ func TestSerialReap(t *testing.T) { t.Errorf("Client error committing: %v", err) } if len(res.Data) != 8 { - t.Errorf("Error committing. Hash:%X log:%v", res.Data, res.Log) + t.Errorf("Error committing. Hash:%X", res.Data) } } diff --git a/node/node.go b/node/node.go index b02012f98..cd1248f49 100644 --- a/node/node.go +++ b/node/node.go @@ -274,7 +274,7 @@ func NewNode(config *cfg.Config, return err } if resQuery.IsErr() { - return resQuery + return fmt.Errorf("Error querying abci app: %v", resQuery) } return nil }) @@ -284,7 +284,7 @@ func NewNode(config *cfg.Config, return err } if resQuery.IsErr() { - return resQuery + return fmt.Errorf("Error querying abci app: %v", resQuery) } return nil }) diff --git a/state/execution.go b/state/execution.go index 8104c58b8..8d54840a6 100644 --- a/state/execution.go +++ b/state/execution.go @@ -141,13 +141,7 @@ func (blockExec *BlockExecutor) Commit(block *types.Block) ([]byte, error) { blockExec.logger.Error("Client error during proxyAppConn.CommitSync", "err", err) return nil, err } - if res.IsErr() { - blockExec.logger.Error("Error in proxyAppConn.CommitSync", "err", res) - return nil, res - } - if res.Log != "" { - blockExec.logger.Debug("Commit.Log: " + res.Log) - } + // ResponseCommit has no error code - just data blockExec.logger.Info("Committed state", "height", block.Height, "txs", block.NumTxs, "appHash", res.Data) @@ -198,10 +192,11 @@ func execBlockOnProxyApp(logger log.Logger, proxyAppConn proxy.AppConnConsensus, } } - byzantineVals := make([]*abci.Evidence, len(block.Evidence.Evidence)) + // TODO: determine which validators were byzantine + byzantineVals := make([]abci.Evidence, len(block.Evidence.Evidence)) for i, ev := range block.Evidence.Evidence { - byzantineVals[i] = &abci.Evidence{ - PubKey: ev.Address(), // XXX/TODO + byzantineVals[i] = abci.Evidence{ + PubKey: ev.Address(), // XXX Height: ev.Height(), } } @@ -243,7 +238,7 @@ func execBlockOnProxyApp(logger log.Logger, proxyAppConn proxy.AppConnConsensus, return abciResponses, nil } -func updateValidators(currentSet *types.ValidatorSet, updates []*abci.Validator) error { +func updateValidators(currentSet *types.ValidatorSet, updates []abci.Validator) error { // If more or equal than 1/3 of total voting power changed in one block, then // a light client could never prove the transition externally. See // ./lite/doc.go for details on how a light client tracks validators. @@ -293,7 +288,7 @@ func updateValidators(currentSet *types.ValidatorSet, updates []*abci.Validator) return nil } -func changeInVotingPowerMoreOrEqualToOneThird(currentSet *types.ValidatorSet, updates []*abci.Validator) (bool, error) { +func changeInVotingPowerMoreOrEqualToOneThird(currentSet *types.ValidatorSet, updates []abci.Validator) (bool, error) { threshold := currentSet.TotalVotingPower() * 1 / 3 acc := int64(0) @@ -424,12 +419,6 @@ func ExecCommitBlock(appConnConsensus proxy.AppConnConsensus, block *types.Block logger.Error("Client error during proxyAppConn.CommitSync", "err", res) return nil, err } - if res.IsErr() { - logger.Error("Error in proxyAppConn.CommitSync", "err", res) - return nil, res - } - if res.Log != "" { - logger.Info("Commit.Log: " + res.Log) - } + // ResponseCommit has no error or log, just data return res.Data, nil } diff --git a/state/execution_test.go b/state/execution_test.go index ffb10f17b..25d88fe41 100644 --- a/state/execution_test.go +++ b/state/execution_test.go @@ -12,6 +12,7 @@ import ( crypto "github.com/tendermint/go-crypto" "github.com/tendermint/tendermint/proxy" "github.com/tendermint/tendermint/types" + cmn "github.com/tendermint/tmlibs/common" dbm "github.com/tendermint/tmlibs/db" "github.com/tendermint/tmlibs/log" ) @@ -105,11 +106,11 @@ func TestBeginBlockByzantineValidators(t *testing.T) { testCases := []struct { desc string evidence []types.Evidence - expectedByzantineValidators []*abci.Evidence + expectedByzantineValidators []abci.Evidence }{ - {"none byzantine", []types.Evidence{}, []*abci.Evidence{}}, - {"one byzantine", []types.Evidence{ev1}, []*abci.Evidence{{ev1.Address(), ev1.Height()}}}, - {"multiple byzantine", []types.Evidence{ev1, ev2}, []*abci.Evidence{ + {"none byzantine", []types.Evidence{}, []abci.Evidence{}}, + {"one byzantine", []types.Evidence{ev1}, []abci.Evidence{{ev1.Address(), ev1.Height()}}}, + {"multiple byzantine", []types.Evidence{ev1, ev2}, []abci.Evidence{ {ev1.Address(), ev1.Height()}, {ev2.Address(), ev2.Height()}}}, } @@ -161,7 +162,7 @@ type testApp struct { abci.BaseApplication AbsentValidators []int32 - ByzantineValidators []*abci.Evidence + ByzantineValidators []abci.Evidence } func NewDummyApplication() *testApp { @@ -179,7 +180,7 @@ func (app *testApp) BeginBlock(req abci.RequestBeginBlock) abci.ResponseBeginBlo } func (app *testApp) DeliverTx(tx []byte) abci.ResponseDeliverTx { - return abci.ResponseDeliverTx{Tags: []*abci.KVPair{}} + return abci.ResponseDeliverTx{Tags: []cmn.KVPair{}} } func (app *testApp) CheckTx(tx []byte) abci.ResponseCheckTx { diff --git a/state/state_test.go b/state/state_test.go index 61b3167b3..ff17eac9c 100644 --- a/state/state_test.go +++ b/state/state_test.go @@ -77,9 +77,9 @@ func TestABCIResponsesSaveLoad1(t *testing.T) { // build mock responses block := makeBlock(state, 2) abciResponses := NewABCIResponses(block) - abciResponses.DeliverTx[0] = &abci.ResponseDeliverTx{Data: []byte("foo"), Tags: []*abci.KVPair{}} - abciResponses.DeliverTx[1] = &abci.ResponseDeliverTx{Data: []byte("bar"), Log: "ok", Tags: []*abci.KVPair{}} - abciResponses.EndBlock = &abci.ResponseEndBlock{ValidatorUpdates: []*abci.Validator{ + abciResponses.DeliverTx[0] = &abci.ResponseDeliverTx{Data: []byte("foo"), Tags: []cmn.KVPair{}} + abciResponses.DeliverTx[1] = &abci.ResponseDeliverTx{Data: []byte("bar"), Log: "ok", Tags: []cmn.KVPair{}} + abciResponses.EndBlock = &abci.ResponseEndBlock{ValidatorUpdates: []abci.Validator{ { PubKey: crypto.GenPrivKeyEd25519().PubKey().Bytes(), Power: 10, @@ -122,9 +122,9 @@ func TestABCIResponsesSaveLoad2(t *testing.T) { []*abci.ResponseDeliverTx{ {Code: 383}, {Data: []byte("Gotcha!"), - Tags: []*abci.KVPair{ - abci.KVPairInt("a", 1), - abci.KVPairString("build", "stuff"), + Tags: []cmn.KVPair{ + cmn.KVPair{[]byte("a"), []byte{1}}, + cmn.KVPair{[]byte("build"), []byte("stuff")}, }}, }, types.ABCIResults{ @@ -378,44 +378,44 @@ func TestLessThanOneThirdOfVotingPowerPerBlockEnforced(t *testing.T) { testCases := []struct { initialValSetSize int shouldErr bool - valUpdatesFn func(vals *types.ValidatorSet) []*abci.Validator + valUpdatesFn func(vals *types.ValidatorSet) []abci.Validator }{ ///////////// 1 val (vp: 10) => less than 3 is ok //////////////////////// // adding 1 validator => 10 - 0: {1, false, func(vals *types.ValidatorSet) []*abci.Validator { - return []*abci.Validator{ + 0: {1, false, func(vals *types.ValidatorSet) []abci.Validator { + return []abci.Validator{ {PubKey: pk(), Power: 2}, } }}, - 1: {1, true, func(vals *types.ValidatorSet) []*abci.Validator { - return []*abci.Validator{ + 1: {1, true, func(vals *types.ValidatorSet) []abci.Validator { + return []abci.Validator{ {PubKey: pk(), Power: 3}, } }}, - 2: {1, true, func(vals *types.ValidatorSet) []*abci.Validator { - return []*abci.Validator{ + 2: {1, true, func(vals *types.ValidatorSet) []abci.Validator { + return []abci.Validator{ {PubKey: pk(), Power: 100}, } }}, ///////////// 3 val (vp: 30) => less than 10 is ok //////////////////////// // adding and removing validator => 20 - 3: {3, true, func(vals *types.ValidatorSet) []*abci.Validator { + 3: {3, true, func(vals *types.ValidatorSet) []abci.Validator { _, firstVal := vals.GetByIndex(0) - return []*abci.Validator{ + return []abci.Validator{ {PubKey: firstVal.PubKey.Bytes(), Power: 0}, {PubKey: pk(), Power: 10}, } }}, // adding 1 validator => 10 - 4: {3, true, func(vals *types.ValidatorSet) []*abci.Validator { - return []*abci.Validator{ + 4: {3, true, func(vals *types.ValidatorSet) []abci.Validator { + return []abci.Validator{ {PubKey: pk(), Power: 10}, } }}, // adding 2 validators => 8 - 5: {3, false, func(vals *types.ValidatorSet) []*abci.Validator { - return []*abci.Validator{ + 5: {3, false, func(vals *types.ValidatorSet) []abci.Validator { + return []abci.Validator{ {PubKey: pk(), Power: 4}, {PubKey: pk(), Power: 4}, } @@ -450,20 +450,20 @@ func TestApplyUpdates(t *testing.T) { cases := [...]struct { init types.ConsensusParams - updates *abci.ConsensusParams + updates abci.ConsensusParams expected types.ConsensusParams }{ - 0: {initParams, nil, initParams}, - 1: {initParams, &abci.ConsensusParams{}, initParams}, + 0: {initParams, abci.ConsensusParams{}, initParams}, + 1: {initParams, abci.ConsensusParams{}, initParams}, 2: {initParams, - &abci.ConsensusParams{ + abci.ConsensusParams{ TxSize: &abci.TxSize{ MaxBytes: 123, }, }, makeParams(1, 2, 3, 123, 5, 6)}, 3: {initParams, - &abci.ConsensusParams{ + abci.ConsensusParams{ BlockSize: &abci.BlockSize{ MaxTxs: 44, MaxGas: 55, @@ -471,7 +471,7 @@ func TestApplyUpdates(t *testing.T) { }, makeParams(1, 44, 55, 4, 5, 6)}, 4: {initParams, - &abci.ConsensusParams{ + abci.ConsensusParams{ BlockSize: &abci.BlockSize{ MaxTxs: 789, }, @@ -486,7 +486,7 @@ func TestApplyUpdates(t *testing.T) { } for i, tc := range cases { - res := tc.init.Update(tc.updates) + res := tc.init.Update(&(tc.updates)) assert.Equal(t, tc.expected, res, "case %d", i) } } @@ -496,14 +496,14 @@ func makeHeaderPartsResponsesValPubKeyChange(state State, height int64, block := makeBlock(state, height) abciResponses := &ABCIResponses{ - EndBlock: &abci.ResponseEndBlock{ValidatorUpdates: []*abci.Validator{}}, + EndBlock: &abci.ResponseEndBlock{ValidatorUpdates: []abci.Validator{}}, } // if the pubkey is new, remove the old and add the new _, val := state.Validators.GetByIndex(0) if !bytes.Equal(pubkey.Bytes(), val.PubKey.Bytes()) { abciResponses.EndBlock = &abci.ResponseEndBlock{ - ValidatorUpdates: []*abci.Validator{ + ValidatorUpdates: []abci.Validator{ {val.PubKey.Bytes(), 0}, {pubkey.Bytes(), 10}, }, @@ -518,14 +518,14 @@ func makeHeaderPartsResponsesValPowerChange(state State, height int64, block := makeBlock(state, height) abciResponses := &ABCIResponses{ - EndBlock: &abci.ResponseEndBlock{ValidatorUpdates: []*abci.Validator{}}, + EndBlock: &abci.ResponseEndBlock{ValidatorUpdates: []abci.Validator{}}, } // if the pubkey is new, remove the old and add the new _, val := state.Validators.GetByIndex(0) if val.VotingPower != power { abciResponses.EndBlock = &abci.ResponseEndBlock{ - ValidatorUpdates: []*abci.Validator{ + ValidatorUpdates: []abci.Validator{ {val.PubKey.Bytes(), power}, }, } diff --git a/state/txindex/kv/kv.go b/state/txindex/kv/kv.go index b70f3699f..90e64043a 100644 --- a/state/txindex/kv/kv.go +++ b/state/txindex/kv/kv.go @@ -10,13 +10,13 @@ import ( "github.com/pkg/errors" - abci "github.com/tendermint/abci/types" wire "github.com/tendermint/go-wire" + cmn "github.com/tendermint/tmlibs/common" + dbm "github.com/tendermint/tmlibs/db" + "github.com/tendermint/tmlibs/pubsub/query" + "github.com/tendermint/tendermint/state/txindex" "github.com/tendermint/tendermint/types" - cmn "github.com/tendermint/tmlibs/common" - db "github.com/tendermint/tmlibs/db" - "github.com/tendermint/tmlibs/pubsub/query" ) const ( @@ -27,13 +27,13 @@ var _ txindex.TxIndexer = (*TxIndex)(nil) // TxIndex is the simplest possible indexer, backed by key-value storage (levelDB). type TxIndex struct { - store db.DB + store dbm.DB tagsToIndex []string indexAllTags bool } // NewTxIndex creates new KV indexer. -func NewTxIndex(store db.DB, options ...func(*TxIndex)) *TxIndex { +func NewTxIndex(store dbm.DB, options ...func(*TxIndex)) *TxIndex { txi := &TxIndex{store: store, tagsToIndex: make([]string, 0), indexAllTags: false} for _, o := range options { o(txi) @@ -87,7 +87,7 @@ func (txi *TxIndex) AddBatch(b *txindex.Batch) error { // index tx by tags for _, tag := range result.Result.Tags { - if txi.indexAllTags || cmn.StringInSlice(tag.Key, txi.tagsToIndex) { + if txi.indexAllTags || cmn.StringInSlice(string(tag.Key), txi.tagsToIndex) { storeBatch.Set(keyForTag(tag, result), hash) } } @@ -109,7 +109,7 @@ func (txi *TxIndex) Index(result *types.TxResult) error { // index tx by tags for _, tag := range result.Result.Tags { - if txi.indexAllTags || cmn.StringInSlice(tag.Key, txi.tagsToIndex) { + if txi.indexAllTags || cmn.StringInSlice(string(tag.Key), txi.tagsToIndex) { b.Set(keyForTag(tag, result), hash) } } @@ -270,18 +270,18 @@ func isRangeOperation(op query.Operator) bool { func (txi *TxIndex) match(c query.Condition, startKey []byte) (hashes [][]byte) { if c.Op == query.OpEqual { - it := txi.store.IteratorPrefix(startKey) - defer it.Release() - for it.Next() { + it := dbm.IteratePrefix(txi.store, startKey) + defer it.Close() + for ; it.Valid(); it.Next() { hashes = append(hashes, it.Value()) } } else if c.Op == query.OpContains { // XXX: doing full scan because startKey does not apply here // For example, if startKey = "account.owner=an" and search query = "accoutn.owner CONSISTS an" // we can't iterate with prefix "account.owner=an" because we might miss keys like "account.owner=Ulan" - it := txi.store.Iterator() - defer it.Release() - for it.Next() { + it := txi.store.Iterator(nil, nil) + defer it.Close() + for ; it.Valid(); it.Next() { if !isTagKey(it.Key()) { continue } @@ -296,10 +296,10 @@ func (txi *TxIndex) match(c query.Condition, startKey []byte) (hashes [][]byte) } func (txi *TxIndex) matchRange(r queryRange, startKey []byte) (hashes [][]byte) { - it := txi.store.IteratorPrefix(startKey) - defer it.Release() + it := dbm.IteratePrefix(txi.store, startKey) + defer it.Close() LOOP: - for it.Next() { + for ; it.Valid(); it.Next() { if !isTagKey(it.Key()) { continue } @@ -376,17 +376,8 @@ func extractValueFromKey(key []byte) string { return parts[1] } -func keyForTag(tag *abci.KVPair, result *types.TxResult) []byte { - switch tag.ValueType { - case abci.KVPair_STRING: - return []byte(fmt.Sprintf("%s/%v/%d/%d", tag.Key, tag.ValueString, result.Height, result.Index)) - case abci.KVPair_INT: - return []byte(fmt.Sprintf("%s/%v/%d/%d", tag.Key, tag.ValueInt, result.Height, result.Index)) - // case abci.KVPair_TIME: - // return []byte(fmt.Sprintf("%s/%d/%d/%d", tag.Key, tag.ValueTime.Unix(), result.Height, result.Index)) - default: - panic(fmt.Sprintf("Undefined value type: %v", tag.ValueType)) - } +func keyForTag(tag cmn.KVPair, result *types.TxResult) []byte { + return []byte(fmt.Sprintf("%s/%d/%d", tag.Key, result.Height, result.Index)) } /////////////////////////////////////////////////////////////////////////////// diff --git a/state/txindex/kv/kv_test.go b/state/txindex/kv/kv_test.go index 0eac17607..4fdb71a04 100644 --- a/state/txindex/kv/kv_test.go +++ b/state/txindex/kv/kv_test.go @@ -11,6 +11,7 @@ import ( abci "github.com/tendermint/abci/types" "github.com/tendermint/tendermint/state/txindex" "github.com/tendermint/tendermint/types" + cmn "github.com/tendermint/tmlibs/common" db "github.com/tendermint/tmlibs/db" "github.com/tendermint/tmlibs/pubsub/query" ) @@ -19,7 +20,7 @@ func TestTxIndex(t *testing.T) { indexer := NewTxIndex(db.NewMemDB()) tx := types.Tx("HELLO WORLD") - txResult := &types.TxResult{1, 0, tx, abci.ResponseDeliverTx{Data: []byte{0}, Code: abci.CodeTypeOK, Log: "", Tags: []*abci.KVPair{}}} + txResult := &types.TxResult{1, 0, tx, abci.ResponseDeliverTx{Data: []byte{0}, Code: abci.CodeTypeOK, Log: "", Tags: []cmn.KVPair{}}} hash := tx.Hash() batch := txindex.NewBatch(1) @@ -34,7 +35,7 @@ func TestTxIndex(t *testing.T) { assert.Equal(t, txResult, loadedTxResult) tx2 := types.Tx("BYE BYE WORLD") - txResult2 := &types.TxResult{1, 0, tx2, abci.ResponseDeliverTx{Data: []byte{0}, Code: abci.CodeTypeOK, Log: "", Tags: []*abci.KVPair{}}} + txResult2 := &types.TxResult{1, 0, tx2, abci.ResponseDeliverTx{Data: []byte{0}, Code: abci.CodeTypeOK, Log: "", Tags: []cmn.KVPair{}}} hash2 := tx2.Hash() err = indexer.Index(txResult2) @@ -49,10 +50,10 @@ func TestTxSearch(t *testing.T) { allowedTags := []string{"account.number", "account.owner", "account.date"} indexer := NewTxIndex(db.NewMemDB(), IndexTags(allowedTags)) - txResult := txResultWithTags([]*abci.KVPair{ - {Key: "account.number", ValueType: abci.KVPair_INT, ValueInt: 1}, - {Key: "account.owner", ValueType: abci.KVPair_STRING, ValueString: "Ivan"}, - {Key: "not_allowed", ValueType: abci.KVPair_STRING, ValueString: "Vlad"}, + txResult := txResultWithTags([]cmn.KVPair{ + {Key: []byte("account.number"), Value: []byte{1}}, + {Key: []byte("account.owner"), Value: []byte("Ivan")}, + {Key: []byte("not_allowed"), Value: []byte("Vlad")}, }) hash := txResult.Tx.Hash() @@ -106,9 +107,9 @@ func TestTxSearchOneTxWithMultipleSameTagsButDifferentValues(t *testing.T) { allowedTags := []string{"account.number"} indexer := NewTxIndex(db.NewMemDB(), IndexTags(allowedTags)) - txResult := txResultWithTags([]*abci.KVPair{ - {Key: "account.number", ValueType: abci.KVPair_INT, ValueInt: 1}, - {Key: "account.number", ValueType: abci.KVPair_INT, ValueInt: 2}, + txResult := txResultWithTags([]cmn.KVPair{ + {Key: []byte("account.number"), Value: []byte{1}}, + {Key: []byte("account.number"), Value: []byte{2}}, }) err := indexer.Index(txResult) @@ -124,9 +125,9 @@ func TestTxSearchOneTxWithMultipleSameTagsButDifferentValues(t *testing.T) { func TestIndexAllTags(t *testing.T) { indexer := NewTxIndex(db.NewMemDB(), IndexAllTags()) - txResult := txResultWithTags([]*abci.KVPair{ - abci.KVPairString("account.owner", "Ivan"), - abci.KVPairInt("account.number", 1), + txResult := txResultWithTags([]cmn.KVPair{ + cmn.KVPair{[]byte("account.owner"), []byte("Ivan")}, + cmn.KVPair{[]byte("account.number"), []byte{1}}, }) err := indexer.Index(txResult) @@ -143,14 +144,14 @@ func TestIndexAllTags(t *testing.T) { assert.Equal(t, []*types.TxResult{txResult}, results) } -func txResultWithTags(tags []*abci.KVPair) *types.TxResult { +func txResultWithTags(tags []cmn.KVPair) *types.TxResult { tx := types.Tx("HELLO WORLD") return &types.TxResult{1, 0, tx, abci.ResponseDeliverTx{Data: []byte{0}, Code: abci.CodeTypeOK, Log: "", Tags: tags}} } func benchmarkTxIndex(txsCount int, b *testing.B) { tx := types.Tx("HELLO WORLD") - txResult := &types.TxResult{1, 0, tx, abci.ResponseDeliverTx{Data: []byte{0}, Code: abci.CodeTypeOK, Log: "", Tags: []*abci.KVPair{}}} + txResult := &types.TxResult{1, 0, tx, abci.ResponseDeliverTx{Data: []byte{0}, Code: abci.CodeTypeOK, Log: "", Tags: []cmn.KVPair{}}} dir, err := ioutil.TempDir("", "tx_index_db") if err != nil { diff --git a/types/canonical_json.go b/types/canonical_json.go index 41c67c24b..d3b7cf2fb 100644 --- a/types/canonical_json.go +++ b/types/canonical_json.go @@ -40,11 +40,11 @@ type CanonicalJSONVote struct { } type CanonicalJSONHeartbeat struct { - Height int64 `json:"height"` - Round int `json:"round"` - Sequence int `json:"sequence"` - ValidatorAddress data.Bytes `json:"validator_address"` - ValidatorIndex int `json:"validator_index"` + Height int64 `json:"height"` + Round int `json:"round"` + Sequence int `json:"sequence"` + ValidatorAddress Address `json:"validator_address"` + ValidatorIndex int `json:"validator_index"` } //------------------------------------ diff --git a/types/heartbeat.go b/types/heartbeat.go index da9b342b4..a4ff0d217 100644 --- a/types/heartbeat.go +++ b/types/heartbeat.go @@ -6,7 +6,6 @@ import ( "github.com/tendermint/go-crypto" "github.com/tendermint/go-wire" - "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" ) @@ -16,7 +15,7 @@ import ( // json field tags because we always want the JSON // representation to be in its canonical form. type Heartbeat struct { - ValidatorAddress data.Bytes `json:"validator_address"` + ValidatorAddress Address `json:"validator_address"` ValidatorIndex int `json:"validator_index"` Height int64 `json:"height"` Round int `json:"round"` diff --git a/types/priv_validator.go b/types/priv_validator.go index 628f58cfc..020fbc43c 100644 --- a/types/priv_validator.go +++ b/types/priv_validator.go @@ -38,7 +38,7 @@ func voteToStep(vote *Vote) int8 { // PrivValidator defines the functionality of a local Tendermint validator // that signs votes, proposals, and heartbeats, and never double signs. type PrivValidator interface { - GetAddress() data.Bytes // redundant since .PubKey().Address() + GetAddress() Address // redundant since .PubKey().Address() GetPubKey() crypto.PubKey SignVote(chainID string, vote *Vote) error @@ -50,7 +50,7 @@ type PrivValidator interface { // to prevent double signing. The Signer itself can be mutated to use // something besides the default, for instance a hardware signer. type PrivValidatorFS struct { - Address data.Bytes `json:"address"` + Address Address `json:"address"` PubKey crypto.PubKey `json:"pub_key"` LastHeight int64 `json:"last_height"` LastRound int `json:"last_round"` @@ -96,7 +96,7 @@ func (ds *DefaultSigner) Sign(msg []byte) (crypto.Signature, error) { // GetAddress returns the address of the validator. // Implements PrivValidator. -func (pv *PrivValidatorFS) GetAddress() data.Bytes { +func (pv *PrivValidatorFS) GetAddress() Address { return pv.Address } diff --git a/types/priv_validator_test.go b/types/priv_validator_test.go index dd0ebff71..08b58273a 100644 --- a/types/priv_validator_test.go +++ b/types/priv_validator_test.go @@ -11,7 +11,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" crypto "github.com/tendermint/go-crypto" - "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" ) @@ -225,7 +224,7 @@ func TestDifferByTimestamp(t *testing.T) { } } -func newVote(addr data.Bytes, idx int, height int64, round int, typ byte, blockID BlockID) *Vote { +func newVote(addr Address, idx int, height int64, round int, typ byte, blockID BlockID) *Vote { return &Vote{ ValidatorAddress: addr, ValidatorIndex: idx, diff --git a/types/protobuf.go b/types/protobuf.go index bac5b799e..e7ae20e39 100644 --- a/types/protobuf.go +++ b/types/protobuf.go @@ -10,8 +10,8 @@ var TM2PB = tm2pb{} type tm2pb struct{} -func (tm2pb) Header(header *Header) *types.Header { - return &types.Header{ +func (tm2pb) Header(header *Header) types.Header { + return types.Header{ ChainID: header.ChainID, Height: header.Height, Time: header.Time.Unix(), @@ -37,15 +37,15 @@ func (tm2pb) PartSetHeader(partSetHeader PartSetHeader) types.PartSetHeader { } } -func (tm2pb) Validator(val *Validator) *types.Validator { - return &types.Validator{ +func (tm2pb) Validator(val *Validator) types.Validator { + return types.Validator{ PubKey: val.PubKey.Bytes(), Power: val.VotingPower, } } -func (tm2pb) Validators(vals *ValidatorSet) []*types.Validator { - validators := make([]*types.Validator, len(vals.Validators)) +func (tm2pb) Validators(vals *ValidatorSet) []types.Validator { + validators := make([]types.Validator, len(vals.Validators)) for i, val := range vals.Validators { validators[i] = TM2PB.Validator(val) } diff --git a/types/validator.go b/types/validator.go index c5d064e01..dfe575515 100644 --- a/types/validator.go +++ b/types/validator.go @@ -7,7 +7,6 @@ import ( "github.com/tendermint/go-crypto" "github.com/tendermint/go-wire" - "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" ) @@ -15,9 +14,9 @@ import ( // NOTE: The Accum is not included in Validator.Hash(); // make sure to update that method if changes are made here type Validator struct { - Address data.Bytes `json:"address"` - PubKey crypto.PubKey `json:"pub_key"` - VotingPower int64 `json:"voting_power"` + Address Address `json:"address"` + PubKey crypto.PubKey `json:"pub_key"` + VotingPower int64 `json:"voting_power"` Accum int64 `json:"accum"` } @@ -74,7 +73,7 @@ func (v *Validator) String() string { // It excludes the Accum value, which changes with every round. func (v *Validator) Hash() []byte { return wire.BinaryRipemd160(struct { - Address data.Bytes + Address Address PubKey crypto.PubKey VotingPower int64 }{ diff --git a/types/vote.go b/types/vote.go index 4397152c7..7b069f2f6 100644 --- a/types/vote.go +++ b/types/vote.go @@ -9,7 +9,6 @@ import ( "github.com/tendermint/go-crypto" "github.com/tendermint/go-wire" - "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" ) @@ -59,9 +58,12 @@ func IsVoteTypeValid(type_ byte) bool { } } +// Address is hex bytes. TODO: crypto.Address +type Address = cmn.HexBytes + // Represents a prevote, precommit, or commit vote from validators for consensus. type Vote struct { - ValidatorAddress data.Bytes `json:"validator_address"` + ValidatorAddress Address `json:"validator_address"` ValidatorIndex int `json:"validator_index"` Height int64 `json:"height"` Round int `json:"round"` From 426379dc47b8d179583f97305c21b4731dbefe04 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 3 Feb 2018 03:39:14 -0500 Subject: [PATCH 136/188] remove use of wire/nowriter --- p2p/conn/connection.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 83d87e58f..451f35bbe 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -11,14 +11,11 @@ import ( "time" wire "github.com/tendermint/go-wire" - tmlegacy "github.com/tendermint/go-wire/nowriter/tmlegacy" cmn "github.com/tendermint/tmlibs/common" flow "github.com/tendermint/tmlibs/flowrate" "github.com/tendermint/tmlibs/log" ) -var legacy = tmlegacy.TMEncoderLegacy{} - const ( numBatchMsgPackets = 10 minReadBufferSize = 1024 @@ -316,12 +313,12 @@ FOR_LOOP: } case <-c.pingTimer.Chan(): c.Logger.Debug("Send Ping") - legacy.WriteOctet(packetTypePing, c.bufWriter, &n, &err) + wire.WriteByte(packetTypePing, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) c.flush() case <-c.pong: c.Logger.Debug("Send Pong") - legacy.WriteOctet(packetTypePong, c.bufWriter, &n, &err) + wire.WriteByte(packetTypePong, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) c.flush() case <-c.quit: @@ -681,7 +678,7 @@ func (ch *Channel) writeMsgPacketTo(w io.Writer) (n int, err error) { } func writeMsgPacketTo(packet msgPacket, w io.Writer, n *int, err *error) { - legacy.WriteOctet(packetTypeMsg, w, n, err) + wire.WriteByte(packetTypeMsg, w, n, err) wire.WriteBinary(packet, w, n, err) } From 7a5060dc520e1b014570bd15e3f15c4f6f3f8d66 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 3 Feb 2018 03:42:59 -0500 Subject: [PATCH 137/188] replace data.Bytes with cmn.HexBytes --- lite/proxy/query.go | 4 +--- lite/proxy/wrapper.go | 6 ++---- rpc/client/httpclient.go | 5 ++--- rpc/client/interface.go | 5 ++--- rpc/client/localclient.go | 6 +++--- rpc/client/mock/abci.go | 16 ++++++++-------- rpc/client/mock/abci_test.go | 10 +++++----- rpc/client/mock/client.go | 5 ++--- rpc/client/mock/status_test.go | 6 +++--- rpc/core/abci.go | 4 ++-- rpc/core/mempool.go | 4 ++-- rpc/core/status.go | 6 +++--- rpc/core/types/responses.go | 15 +++++++-------- rpc/lib/rpc_test.go | 9 ++++----- rpc/lib/server/parse_test.go | 20 ++++++++++---------- types/block.go | 33 ++++++++++++++++----------------- types/canonical_json.go | 8 ++++---- types/genesis.go | 3 +-- types/part_set.go | 7 +++---- types/priv_validator.go | 5 ++--- types/results.go | 6 +++--- types/tx.go | 4 ++-- 22 files changed, 87 insertions(+), 100 deletions(-) diff --git a/lite/proxy/query.go b/lite/proxy/query.go index 06d7880a0..1da2a0cce 100644 --- a/lite/proxy/query.go +++ b/lite/proxy/query.go @@ -3,8 +3,6 @@ package proxy import ( "github.com/pkg/errors" - "github.com/tendermint/go-wire/data" - "github.com/tendermint/tendermint/lite" "github.com/tendermint/tendermint/lite/client" certerr "github.com/tendermint/tendermint/lite/errors" @@ -34,7 +32,7 @@ type KeyProof interface { // If val is empty, proof should be KeyMissingProof func GetWithProof(key []byte, reqHeight int64, node rpcclient.Client, cert lite.Certifier) ( - val data.Bytes, height int64, proof KeyProof, err error) { + val cmn.HexBytes, height int64, proof KeyProof, err error) { if reqHeight < 0 { err = errors.Errorf("Height cannot be negative") diff --git a/lite/proxy/wrapper.go b/lite/proxy/wrapper.go index 7d504217d..02f2f318b 100644 --- a/lite/proxy/wrapper.go +++ b/lite/proxy/wrapper.go @@ -1,8 +1,6 @@ package proxy import ( - "github.com/tendermint/go-wire/data" - "github.com/tendermint/tendermint/lite" certclient "github.com/tendermint/tendermint/lite/client" rpcclient "github.com/tendermint/tendermint/rpc/client" @@ -34,7 +32,7 @@ func SecureClient(c rpcclient.Client, cert *lite.InquiringCertifier) Wrapper { } // ABCIQueryWithOptions exposes all options for the ABCI query and verifies the returned proof -func (w Wrapper) ABCIQueryWithOptions(path string, data data.Bytes, +func (w Wrapper) ABCIQueryWithOptions(path string, data cmn.HexBytes, opts rpcclient.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { res, _, err := GetWithProofOptions(path, data, opts, w.Client, w.cert) @@ -42,7 +40,7 @@ func (w Wrapper) ABCIQueryWithOptions(path string, data data.Bytes, } // ABCIQuery uses default options for the ABCI query and verifies the returned proof -func (w Wrapper) ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) { +func (w Wrapper) ABCIQuery(path string, data cmn.HexBytes) (*ctypes.ResultABCIQuery, error) { return w.ABCIQueryWithOptions(path, data, rpcclient.DefaultABCIQueryOptions) } diff --git a/rpc/client/httpclient.go b/rpc/client/httpclient.go index 838fa5249..2b3f5ab28 100644 --- a/rpc/client/httpclient.go +++ b/rpc/client/httpclient.go @@ -7,7 +7,6 @@ import ( "github.com/pkg/errors" - data "github.com/tendermint/go-wire/data" ctypes "github.com/tendermint/tendermint/rpc/core/types" rpcclient "github.com/tendermint/tendermint/rpc/lib/client" "github.com/tendermint/tendermint/types" @@ -64,11 +63,11 @@ func (c *HTTP) ABCIInfo() (*ctypes.ResultABCIInfo, error) { return result, nil } -func (c *HTTP) ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) { +func (c *HTTP) ABCIQuery(path string, data cmn.HexBytes) (*ctypes.ResultABCIQuery, error) { return c.ABCIQueryWithOptions(path, data, DefaultABCIQueryOptions) } -func (c *HTTP) ABCIQueryWithOptions(path string, data data.Bytes, opts ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { +func (c *HTTP) ABCIQueryWithOptions(path string, data cmn.HexBytes, opts ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { result := new(ctypes.ResultABCIQuery) _, err := c.rpc.Call("abci_query", map[string]interface{}{"path": path, "data": data, "height": opts.Height, "trusted": opts.Trusted}, diff --git a/rpc/client/interface.go b/rpc/client/interface.go index 6e798c379..6715b64b5 100644 --- a/rpc/client/interface.go +++ b/rpc/client/interface.go @@ -20,7 +20,6 @@ implementation. package client import ( - data "github.com/tendermint/go-wire/data" ctypes "github.com/tendermint/tendermint/rpc/core/types" "github.com/tendermint/tendermint/types" cmn "github.com/tendermint/tmlibs/common" @@ -32,8 +31,8 @@ import ( type ABCIClient interface { // reading from abci app ABCIInfo() (*ctypes.ResultABCIInfo, error) - ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) - ABCIQueryWithOptions(path string, data data.Bytes, + ABCIQuery(path string, data cmn.HexBytes) (*ctypes.ResultABCIQuery, error) + ABCIQueryWithOptions(path string, data cmn.HexBytes, opts ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) // writing to abci app diff --git a/rpc/client/localclient.go b/rpc/client/localclient.go index 5e0573a1b..be989ee1c 100644 --- a/rpc/client/localclient.go +++ b/rpc/client/localclient.go @@ -3,11 +3,11 @@ package client import ( "context" - data "github.com/tendermint/go-wire/data" nm "github.com/tendermint/tendermint/node" "github.com/tendermint/tendermint/rpc/core" ctypes "github.com/tendermint/tendermint/rpc/core/types" "github.com/tendermint/tendermint/types" + cmn "github.com/tendermint/tmlibs/common" tmpubsub "github.com/tendermint/tmlibs/pubsub" ) @@ -56,11 +56,11 @@ func (Local) ABCIInfo() (*ctypes.ResultABCIInfo, error) { return core.ABCIInfo() } -func (c *Local) ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) { +func (c *Local) ABCIQuery(path string, data cmn.HexBytes) (*ctypes.ResultABCIQuery, error) { return c.ABCIQueryWithOptions(path, data, DefaultABCIQueryOptions) } -func (Local) ABCIQueryWithOptions(path string, data data.Bytes, opts ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { +func (Local) ABCIQueryWithOptions(path string, data cmn.HexBytes, opts ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { return core.ABCIQuery(path, data, opts.Height, opts.Trusted) } diff --git a/rpc/client/mock/abci.go b/rpc/client/mock/abci.go index 4593d059a..7f4c45df3 100644 --- a/rpc/client/mock/abci.go +++ b/rpc/client/mock/abci.go @@ -2,11 +2,11 @@ package mock import ( abci "github.com/tendermint/abci/types" - data "github.com/tendermint/go-wire/data" "github.com/tendermint/tendermint/rpc/client" ctypes "github.com/tendermint/tendermint/rpc/core/types" "github.com/tendermint/tendermint/types" "github.com/tendermint/tendermint/version" + cmn "github.com/tendermint/tmlibs/common" ) // ABCIApp will send all abci related request to the named app, @@ -26,11 +26,11 @@ func (a ABCIApp) ABCIInfo() (*ctypes.ResultABCIInfo, error) { return &ctypes.ResultABCIInfo{a.App.Info(abci.RequestInfo{version.Version})}, nil } -func (a ABCIApp) ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) { +func (a ABCIApp) ABCIQuery(path string, data cmn.HexBytes) (*ctypes.ResultABCIQuery, error) { return a.ABCIQueryWithOptions(path, data, client.DefaultABCIQueryOptions) } -func (a ABCIApp) ABCIQueryWithOptions(path string, data data.Bytes, opts client.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { +func (a ABCIApp) ABCIQueryWithOptions(path string, data cmn.HexBytes, opts client.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { q := a.App.Query(abci.RequestQuery{data, path, opts.Height, opts.Trusted}) return &ctypes.ResultABCIQuery{q}, nil } @@ -81,11 +81,11 @@ func (m ABCIMock) ABCIInfo() (*ctypes.ResultABCIInfo, error) { return &ctypes.ResultABCIInfo{res.(abci.ResponseInfo)}, nil } -func (m ABCIMock) ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) { +func (m ABCIMock) ABCIQuery(path string, data cmn.HexBytes) (*ctypes.ResultABCIQuery, error) { return m.ABCIQueryWithOptions(path, data, client.DefaultABCIQueryOptions) } -func (m ABCIMock) ABCIQueryWithOptions(path string, data data.Bytes, opts client.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { +func (m ABCIMock) ABCIQueryWithOptions(path string, data cmn.HexBytes, opts client.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { res, err := m.Query.GetResponse(QueryArgs{path, data, opts.Height, opts.Trusted}) if err != nil { return nil, err @@ -134,7 +134,7 @@ func NewABCIRecorder(client client.ABCIClient) *ABCIRecorder { type QueryArgs struct { Path string - Data data.Bytes + Data cmn.HexBytes Height int64 Trusted bool } @@ -153,11 +153,11 @@ func (r *ABCIRecorder) ABCIInfo() (*ctypes.ResultABCIInfo, error) { return res, err } -func (r *ABCIRecorder) ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) { +func (r *ABCIRecorder) ABCIQuery(path string, data cmn.HexBytes) (*ctypes.ResultABCIQuery, error) { return r.ABCIQueryWithOptions(path, data, client.DefaultABCIQueryOptions) } -func (r *ABCIRecorder) ABCIQueryWithOptions(path string, data data.Bytes, opts client.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { +func (r *ABCIRecorder) ABCIQueryWithOptions(path string, data cmn.HexBytes, opts client.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { res, err := r.Client.ABCIQueryWithOptions(path, data, opts) r.addCall(Call{ Name: "abci_query", diff --git a/rpc/client/mock/abci_test.go b/rpc/client/mock/abci_test.go index 0f83cc5f2..5a66c997a 100644 --- a/rpc/client/mock/abci_test.go +++ b/rpc/client/mock/abci_test.go @@ -11,11 +11,11 @@ import ( "github.com/tendermint/abci/example/dummy" abci "github.com/tendermint/abci/types" - data "github.com/tendermint/go-wire/data" "github.com/tendermint/tendermint/rpc/client" "github.com/tendermint/tendermint/rpc/client/mock" ctypes "github.com/tendermint/tendermint/rpc/core/types" "github.com/tendermint/tendermint/types" + cmn "github.com/tendermint/tmlibs/common" ) func TestABCIMock(t *testing.T) { @@ -37,8 +37,8 @@ func TestABCIMock(t *testing.T) { BroadcastCommit: mock.Call{ Args: goodTx, Response: &ctypes.ResultBroadcastTxCommit{ - CheckTx: abci.ResponseCheckTx{Data: data.Bytes("stand")}, - DeliverTx: abci.ResponseDeliverTx{Data: data.Bytes("deliver")}, + CheckTx: abci.ResponseCheckTx{Data: cmn.HexBytes("stand")}, + DeliverTx: abci.ResponseDeliverTx{Data: cmn.HexBytes("deliver")}, }, Error: errors.New("bad tx"), }, @@ -98,7 +98,7 @@ func TestABCIRecorder(t *testing.T) { _, err := r.ABCIInfo() assert.Nil(err, "expected no err on info") - _, err = r.ABCIQueryWithOptions("path", data.Bytes("data"), client.ABCIQueryOptions{Trusted: false}) + _, err = r.ABCIQueryWithOptions("path", cmn.HexBytes("data"), client.ABCIQueryOptions{Trusted: false}) assert.NotNil(err, "expected error on query") require.Equal(2, len(r.Calls)) @@ -174,7 +174,7 @@ func TestABCIApp(t *testing.T) { assert.True(res.DeliverTx.IsOK()) // check the key - _qres, err := m.ABCIQueryWithOptions("/key", data.Bytes(key), client.ABCIQueryOptions{Trusted: true}) + _qres, err := m.ABCIQueryWithOptions("/key", cmn.HexBytes(key), client.ABCIQueryOptions{Trusted: true}) qres := _qres.Response require.Nil(err) assert.EqualValues(value, qres.Value) diff --git a/rpc/client/mock/client.go b/rpc/client/mock/client.go index 6c4728986..6af9abb27 100644 --- a/rpc/client/mock/client.go +++ b/rpc/client/mock/client.go @@ -16,7 +16,6 @@ package mock import ( "reflect" - data "github.com/tendermint/go-wire/data" "github.com/tendermint/tendermint/rpc/client" "github.com/tendermint/tendermint/rpc/core" ctypes "github.com/tendermint/tendermint/rpc/core/types" @@ -83,11 +82,11 @@ func (c Client) ABCIInfo() (*ctypes.ResultABCIInfo, error) { return core.ABCIInfo() } -func (c Client) ABCIQuery(path string, data data.Bytes) (*ctypes.ResultABCIQuery, error) { +func (c Client) ABCIQuery(path string, data cmn.HexBytes) (*ctypes.ResultABCIQuery, error) { return c.ABCIQueryWithOptions(path, data, client.DefaultABCIQueryOptions) } -func (c Client) ABCIQueryWithOptions(path string, data data.Bytes, opts client.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { +func (c Client) ABCIQueryWithOptions(path string, data cmn.HexBytes, opts client.ABCIQueryOptions) (*ctypes.ResultABCIQuery, error) { return core.ABCIQuery(path, data, opts.Height, opts.Trusted) } diff --git a/rpc/client/mock/status_test.go b/rpc/client/mock/status_test.go index 80ffe7b7d..b3827fb13 100644 --- a/rpc/client/mock/status_test.go +++ b/rpc/client/mock/status_test.go @@ -6,9 +6,9 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - data "github.com/tendermint/go-wire/data" "github.com/tendermint/tendermint/rpc/client/mock" ctypes "github.com/tendermint/tendermint/rpc/core/types" + cmn "github.com/tendermint/tmlibs/common" ) func TestStatus(t *testing.T) { @@ -17,8 +17,8 @@ func TestStatus(t *testing.T) { m := &mock.StatusMock{ Call: mock.Call{ Response: &ctypes.ResultStatus{ - LatestBlockHash: data.Bytes("block"), - LatestAppHash: data.Bytes("app"), + LatestBlockHash: cmn.HexBytes("block"), + LatestAppHash: cmn.HexBytes("app"), LatestBlockHeight: 10, }}, } diff --git a/rpc/core/abci.go b/rpc/core/abci.go index a49b52b6e..874becae3 100644 --- a/rpc/core/abci.go +++ b/rpc/core/abci.go @@ -2,9 +2,9 @@ package core import ( abci "github.com/tendermint/abci/types" - data "github.com/tendermint/go-wire/data" ctypes "github.com/tendermint/tendermint/rpc/core/types" "github.com/tendermint/tendermint/version" + cmn "github.com/tendermint/tmlibs/common" ) // Query the application for some information. @@ -47,7 +47,7 @@ import ( // | data | []byte | false | true | Data | // | height | int64 | 0 | false | Height (0 means latest) | // | trusted | bool | false | false | Does not include a proof of the data inclusion | -func ABCIQuery(path string, data data.Bytes, height int64, trusted bool) (*ctypes.ResultABCIQuery, error) { +func ABCIQuery(path string, data cmn.HexBytes, height int64, trusted bool) (*ctypes.ResultABCIQuery, error) { resQuery, err := proxyAppQuery.QuerySync(abci.RequestQuery{ Path: path, Data: data, diff --git a/rpc/core/mempool.go b/rpc/core/mempool.go index 3f663c376..1dbdd8012 100644 --- a/rpc/core/mempool.go +++ b/rpc/core/mempool.go @@ -8,9 +8,9 @@ import ( "github.com/pkg/errors" abci "github.com/tendermint/abci/types" - data "github.com/tendermint/go-wire/data" ctypes "github.com/tendermint/tendermint/rpc/core/types" "github.com/tendermint/tendermint/types" + cmn "github.com/tendermint/tmlibs/common" ) //----------------------------------------------------------------------------- @@ -192,7 +192,7 @@ func BroadcastTxCommit(tx types.Tx) (*ctypes.ResultBroadcastTxCommit, error) { deliverTxRes := deliverTxResMsg.(types.TMEventData).Unwrap().(types.EventDataTx) // The tx was included in a block. deliverTxR := deliverTxRes.Result - logger.Info("DeliverTx passed ", "tx", data.Bytes(tx), "response", deliverTxR) + logger.Info("DeliverTx passed ", "tx", cmn.HexBytes(tx), "response", deliverTxR) return &ctypes.ResultBroadcastTxCommit{ CheckTx: *checkTxR, DeliverTx: deliverTxR, diff --git a/rpc/core/status.go b/rpc/core/status.go index 653c37f50..a8771c8f7 100644 --- a/rpc/core/status.go +++ b/rpc/core/status.go @@ -3,9 +3,9 @@ package core import ( "time" - data "github.com/tendermint/go-wire/data" ctypes "github.com/tendermint/tendermint/rpc/core/types" "github.com/tendermint/tendermint/types" + cmn "github.com/tendermint/tmlibs/common" ) // Get Tendermint status including node info, pubkey, latest block @@ -59,8 +59,8 @@ func Status() (*ctypes.ResultStatus, error) { latestHeight := blockStore.Height() var ( latestBlockMeta *types.BlockMeta - latestBlockHash data.Bytes - latestAppHash data.Bytes + latestBlockHash cmn.HexBytes + latestAppHash cmn.HexBytes latestBlockTimeNano int64 ) if latestHeight != 0 { diff --git a/rpc/core/types/responses.go b/rpc/core/types/responses.go index 233b44e93..79904efa7 100644 --- a/rpc/core/types/responses.go +++ b/rpc/core/types/responses.go @@ -6,7 +6,6 @@ import ( abci "github.com/tendermint/abci/types" crypto "github.com/tendermint/go-crypto" - "github.com/tendermint/go-wire/data" cstypes "github.com/tendermint/tendermint/consensus/types" "github.com/tendermint/tendermint/p2p" "github.com/tendermint/tendermint/state" @@ -56,8 +55,8 @@ func NewResultCommit(header *types.Header, commit *types.Commit, type ResultStatus struct { NodeInfo p2p.NodeInfo `json:"node_info"` PubKey crypto.PubKey `json:"pub_key"` - LatestBlockHash data.Bytes `json:"latest_block_hash"` - LatestAppHash data.Bytes `json:"latest_app_hash"` + LatestBlockHash cmn.HexBytes `json:"latest_block_hash"` + LatestAppHash cmn.HexBytes `json:"latest_app_hash"` LatestBlockHeight int64 `json:"latest_block_height"` LatestBlockTime time.Time `json:"latest_block_time"` Syncing bool `json:"syncing"` @@ -107,17 +106,17 @@ type ResultDumpConsensusState struct { } type ResultBroadcastTx struct { - Code uint32 `json:"code"` - Data data.Bytes `json:"data"` - Log string `json:"log"` + Code uint32 `json:"code"` + Data cmn.HexBytes `json:"data"` + Log string `json:"log"` - Hash data.Bytes `json:"hash"` + Hash cmn.HexBytes `json:"hash"` } type ResultBroadcastTxCommit struct { CheckTx abci.ResponseCheckTx `json:"check_tx"` DeliverTx abci.ResponseDeliverTx `json:"deliver_tx"` - Hash data.Bytes `json:"hash"` + Hash cmn.HexBytes `json:"hash"` Height int64 `json:"height"` } diff --git a/rpc/lib/rpc_test.go b/rpc/lib/rpc_test.go index be170985f..8c8b57612 100644 --- a/rpc/lib/rpc_test.go +++ b/rpc/lib/rpc_test.go @@ -17,7 +17,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "github.com/tendermint/go-wire/data" client "github.com/tendermint/tendermint/rpc/lib/client" server "github.com/tendermint/tendermint/rpc/lib/server" types "github.com/tendermint/tendermint/rpc/lib/types" @@ -47,7 +46,7 @@ type ResultEchoBytes struct { } type ResultEchoDataBytes struct { - Value data.Bytes `json:"value"` + Value cmn.HexBytes `json:"value"` } // Define some routes @@ -75,7 +74,7 @@ func EchoBytesResult(v []byte) (*ResultEchoBytes, error) { return &ResultEchoBytes{v}, nil } -func EchoDataBytesResult(v data.Bytes) (*ResultEchoDataBytes, error) { +func EchoDataBytesResult(v cmn.HexBytes) (*ResultEchoDataBytes, error) { return &ResultEchoDataBytes{v}, nil } @@ -174,7 +173,7 @@ func echoBytesViaHTTP(cl client.HTTPClient, bytes []byte) ([]byte, error) { return result.Value, nil } -func echoDataBytesViaHTTP(cl client.HTTPClient, bytes data.Bytes) (data.Bytes, error) { +func echoDataBytesViaHTTP(cl client.HTTPClient, bytes cmn.HexBytes) (cmn.HexBytes, error) { params := map[string]interface{}{ "arg": bytes, } @@ -196,7 +195,7 @@ func testWithHTTPClient(t *testing.T, cl client.HTTPClient) { require.Nil(t, err) assert.Equal(t, got2, val2) - val3 := data.Bytes(randBytes(t)) + val3 := cmn.HexBytes(randBytes(t)) got3, err := echoDataBytesViaHTTP(cl, val3) require.Nil(t, err) assert.Equal(t, got3, val3) diff --git a/rpc/lib/server/parse_test.go b/rpc/lib/server/parse_test.go index a86226f2c..0703d50ed 100644 --- a/rpc/lib/server/parse_test.go +++ b/rpc/lib/server/parse_test.go @@ -6,7 +6,7 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/tendermint/go-wire/data" + cmn "github.com/tendermint/tmlibs/common" ) func TestParseJSONMap(t *testing.T) { @@ -31,7 +31,7 @@ func TestParseJSONMap(t *testing.T) { // preloading map with values doesn't help tmp := 0 p2 := map[string]interface{}{ - "value": &data.Bytes{}, + "value": &cmn.HexBytes{}, "height": &tmp, } err = json.Unmarshal(input, &p2) @@ -54,7 +54,7 @@ func TestParseJSONMap(t *testing.T) { Height interface{} `json:"height"` }{ Height: &tmp, - Value: &data.Bytes{}, + Value: &cmn.HexBytes{}, } err = json.Unmarshal(input, &p3) if assert.Nil(err) { @@ -62,7 +62,7 @@ func TestParseJSONMap(t *testing.T) { if assert.True(ok, "%#v", p3.Height) { assert.Equal(22, *h) } - v, ok := p3.Value.(*data.Bytes) + v, ok := p3.Value.(*cmn.HexBytes) if assert.True(ok, "%#v", p3.Value) { assert.EqualValues([]byte{0x12, 0x34}, *v) } @@ -70,8 +70,8 @@ func TestParseJSONMap(t *testing.T) { // simplest solution, but hard-coded p4 := struct { - Value data.Bytes `json:"value"` - Height int `json:"height"` + Value cmn.HexBytes `json:"value"` + Height int `json:"height"` }{} err = json.Unmarshal(input, &p4) if assert.Nil(err) { @@ -90,10 +90,10 @@ func TestParseJSONMap(t *testing.T) { assert.Equal(22, h) } - var v data.Bytes + var v cmn.HexBytes err = json.Unmarshal(*p5["value"], &v) if assert.Nil(err) { - assert.Equal(data.Bytes{0x12, 0x34}, v) + assert.Equal(cmn.HexBytes{0x12, 0x34}, v) } } } @@ -119,10 +119,10 @@ func TestParseJSONArray(t *testing.T) { // preloading map with values helps here (unlike map - p2 above) tmp := 0 - p2 := []interface{}{&data.Bytes{}, &tmp} + p2 := []interface{}{&cmn.HexBytes{}, &tmp} err = json.Unmarshal(input, &p2) if assert.Nil(err) { - v, ok := p2[0].(*data.Bytes) + v, ok := p2[0].(*cmn.HexBytes) if assert.True(ok, "%#v", p2[0]) { assert.EqualValues([]byte{0x12, 0x34}, *v) } diff --git a/types/block.go b/types/block.go index b9b541a96..3e800e722 100644 --- a/types/block.go +++ b/types/block.go @@ -9,7 +9,6 @@ import ( "time" wire "github.com/tendermint/go-wire" - "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/merkle" "golang.org/x/crypto/ripemd160" @@ -86,7 +85,7 @@ func (b *Block) FillHeader() { // Hash computes and returns the block hash. // If the block is incomplete, block hash is nil for safety. -func (b *Block) Hash() data.Bytes { +func (b *Block) Hash() cmn.HexBytes { if b == nil || b.Header == nil || b.Data == nil || b.LastCommit == nil { return nil } @@ -161,22 +160,22 @@ type Header struct { TotalTxs int64 `json:"total_txs"` // hashes of block data - LastCommitHash data.Bytes `json:"last_commit_hash"` // commit from validators from the last block - DataHash data.Bytes `json:"data_hash"` // transactions + LastCommitHash cmn.HexBytes `json:"last_commit_hash"` // commit from validators from the last block + DataHash cmn.HexBytes `json:"data_hash"` // transactions // hashes from the app output from the prev block - ValidatorsHash data.Bytes `json:"validators_hash"` // validators for the current block - ConsensusHash data.Bytes `json:"consensus_hash"` // consensus params for current block - AppHash data.Bytes `json:"app_hash"` // state after txs from the previous block - LastResultsHash data.Bytes `json:"last_results_hash"` // root hash of all results from the txs from the previous block + ValidatorsHash cmn.HexBytes `json:"validators_hash"` // validators for the current block + ConsensusHash cmn.HexBytes `json:"consensus_hash"` // consensus params for current block + AppHash cmn.HexBytes `json:"app_hash"` // state after txs from the previous block + LastResultsHash cmn.HexBytes `json:"last_results_hash"` // root hash of all results from the txs from the previous block // consensus info - EvidenceHash data.Bytes `json:"evidence_hash"` // evidence included in the block + EvidenceHash cmn.HexBytes `json:"evidence_hash"` // evidence included in the block } // Hash returns the hash of the header. // Returns nil if ValidatorHash is missing. -func (h *Header) Hash() data.Bytes { +func (h *Header) Hash() cmn.HexBytes { if len(h.ValidatorsHash) == 0 { return nil } @@ -246,7 +245,7 @@ type Commit struct { // Volatile firstPrecommit *Vote - hash data.Bytes + hash cmn.HexBytes bitArray *cmn.BitArray } @@ -355,7 +354,7 @@ func (commit *Commit) ValidateBasic() error { } // Hash returns the hash of the commit -func (commit *Commit) Hash() data.Bytes { +func (commit *Commit) Hash() cmn.HexBytes { if commit.hash == nil { bs := make([]merkle.Hasher, len(commit.Precommits)) for i, precommit := range commit.Precommits { @@ -403,11 +402,11 @@ type Data struct { Txs Txs `json:"txs"` // Volatile - hash data.Bytes + hash cmn.HexBytes } // Hash returns the hash of the data -func (data *Data) Hash() data.Bytes { +func (data *Data) Hash() cmn.HexBytes { if data.hash == nil { data.hash = data.Txs.Hash() // NOTE: leaves of merkle tree are TxIDs } @@ -441,11 +440,11 @@ type EvidenceData struct { Evidence EvidenceList `json:"evidence"` // Volatile - hash data.Bytes + hash cmn.HexBytes } // Hash returns the hash of the data. -func (data *EvidenceData) Hash() data.Bytes { +func (data *EvidenceData) Hash() cmn.HexBytes { if data.hash == nil { data.hash = data.Evidence.Hash() } @@ -477,7 +476,7 @@ func (data *EvidenceData) StringIndented(indent string) string { // BlockID defines the unique ID of a block as its Hash and its PartSetHeader type BlockID struct { - Hash data.Bytes `json:"hash"` + Hash cmn.HexBytes `json:"hash"` PartsHeader PartSetHeader `json:"parts"` } diff --git a/types/canonical_json.go b/types/canonical_json.go index d3b7cf2fb..45d12b45f 100644 --- a/types/canonical_json.go +++ b/types/canonical_json.go @@ -4,7 +4,7 @@ import ( "time" wire "github.com/tendermint/go-wire" - "github.com/tendermint/go-wire/data" + cmn "github.com/tendermint/tmlibs/common" ) // canonical json is go-wire's json for structs with fields in alphabetical order @@ -13,13 +13,13 @@ import ( const timeFormat = wire.RFC3339Millis type CanonicalJSONBlockID struct { - Hash data.Bytes `json:"hash,omitempty"` + Hash cmn.HexBytes `json:"hash,omitempty"` PartsHeader CanonicalJSONPartSetHeader `json:"parts,omitempty"` } type CanonicalJSONPartSetHeader struct { - Hash data.Bytes `json:"hash"` - Total int `json:"total"` + Hash cmn.HexBytes `json:"hash"` + Total int `json:"total"` } type CanonicalJSONProposal struct { diff --git a/types/genesis.go b/types/genesis.go index e33f60258..b7e4f6452 100644 --- a/types/genesis.go +++ b/types/genesis.go @@ -8,7 +8,6 @@ import ( "github.com/pkg/errors" crypto "github.com/tendermint/go-crypto" - "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" ) @@ -28,7 +27,7 @@ type GenesisDoc struct { ChainID string `json:"chain_id"` ConsensusParams *ConsensusParams `json:"consensus_params,omitempty"` Validators []GenesisValidator `json:"validators"` - AppHash data.Bytes `json:"app_hash"` + AppHash cmn.HexBytes `json:"app_hash"` AppOptions interface{} `json:"app_options,omitempty"` } diff --git a/types/part_set.go b/types/part_set.go index d922e34d6..ff11f7d35 100644 --- a/types/part_set.go +++ b/types/part_set.go @@ -10,7 +10,6 @@ import ( "golang.org/x/crypto/ripemd160" "github.com/tendermint/go-wire" - "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/merkle" ) @@ -22,7 +21,7 @@ var ( type Part struct { Index int `json:"index"` - Bytes data.Bytes `json:"bytes"` + Bytes cmn.HexBytes `json:"bytes"` Proof merkle.SimpleProof `json:"proof"` // Cache @@ -58,8 +57,8 @@ func (part *Part) StringIndented(indent string) string { //------------------------------------- type PartSetHeader struct { - Total int `json:"total"` - Hash data.Bytes `json:"hash"` + Total int `json:"total"` + Hash cmn.HexBytes `json:"hash"` } func (psh PartSetHeader) String() string { diff --git a/types/priv_validator.go b/types/priv_validator.go index 020fbc43c..062fe09d2 100644 --- a/types/priv_validator.go +++ b/types/priv_validator.go @@ -11,7 +11,6 @@ import ( "time" crypto "github.com/tendermint/go-crypto" - data "github.com/tendermint/go-wire/data" cmn "github.com/tendermint/tmlibs/common" ) @@ -50,13 +49,13 @@ type PrivValidator interface { // to prevent double signing. The Signer itself can be mutated to use // something besides the default, for instance a hardware signer. type PrivValidatorFS struct { - Address Address `json:"address"` + Address Address `json:"address"` PubKey crypto.PubKey `json:"pub_key"` LastHeight int64 `json:"last_height"` LastRound int `json:"last_round"` LastStep int8 `json:"last_step"` LastSignature crypto.Signature `json:"last_signature,omitempty"` // so we dont lose signatures - LastSignBytes data.Bytes `json:"last_signbytes,omitempty"` // so we dont lose signatures + LastSignBytes cmn.HexBytes `json:"last_signbytes,omitempty"` // so we dont lose signatures // PrivKey should be empty if a Signer other than the default is being used. PrivKey crypto.PrivKey `json:"priv_key"` diff --git a/types/results.go b/types/results.go index 8e79e1ac7..4a02f2857 100644 --- a/types/results.go +++ b/types/results.go @@ -3,7 +3,7 @@ package types import ( abci "github.com/tendermint/abci/types" wire "github.com/tendermint/go-wire" - "github.com/tendermint/go-wire/data" + cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/merkle" ) @@ -12,8 +12,8 @@ import ( // ABCIResult is the deterministic component of a ResponseDeliverTx. // TODO: add Tags type ABCIResult struct { - Code uint32 `json:"code"` - Data data.Bytes `json:"data"` + Code uint32 `json:"code"` + Data cmn.HexBytes `json:"data"` } // Hash returns the canonical hash of the ABCIResult diff --git a/types/tx.go b/types/tx.go index db42ed8e7..d9e2e2ebd 100644 --- a/types/tx.go +++ b/types/tx.go @@ -6,7 +6,7 @@ import ( "fmt" abci "github.com/tendermint/abci/types" - "github.com/tendermint/go-wire/data" + cmn "github.com/tendermint/tmlibs/common" "github.com/tendermint/tmlibs/merkle" ) @@ -90,7 +90,7 @@ func (txs Txs) Proof(i int) TxProof { // TxProof represents a Merkle proof of the presence of a transaction in the Merkle tree. type TxProof struct { Index, Total int - RootHash data.Bytes + RootHash cmn.HexBytes Data Tx Proof merkle.SimpleProof } From e7747f7d6633451b637fd26321728b13af297900 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 3 Feb 2018 03:50:59 -0500 Subject: [PATCH 138/188] it compiles --- consensus/replay_file.go | 5 +++-- lite/proxy/query.go | 3 +++ lite/proxy/wrapper.go | 2 ++ node/node.go | 3 ++- rpc/core/types/responses.go | 2 ++ 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/consensus/replay_file.go b/consensus/replay_file.go index 26b8baebf..979425f87 100644 --- a/consensus/replay_file.go +++ b/consensus/replay_file.go @@ -280,12 +280,13 @@ func (pb *playback) replayConsoleLoop() int { // convenience for replay mode func newConsensusStateForReplay(config cfg.BaseConfig, csConfig *cfg.ConsensusConfig) *ConsensusState { + dbType := dbm.DBBackendType(config.DBBackend) // Get BlockStore - blockStoreDB := dbm.NewDB("blockstore", config.DBBackend, config.DBDir()) + blockStoreDB := dbm.NewDB("blockstore", dbType, config.DBDir()) blockStore := bc.NewBlockStore(blockStoreDB) // Get State - stateDB := dbm.NewDB("state", config.DBBackend, config.DBDir()) + stateDB := dbm.NewDB("state", dbType, config.DBDir()) state, err := sm.MakeGenesisStateFromFile(config.GenesisFile()) if err != nil { cmn.Exit(err.Error()) diff --git a/lite/proxy/query.go b/lite/proxy/query.go index 1da2a0cce..9c9557f8f 100644 --- a/lite/proxy/query.go +++ b/lite/proxy/query.go @@ -3,6 +3,8 @@ package proxy import ( "github.com/pkg/errors" + cmn "github.com/tendermint/tmlibs/common" + "github.com/tendermint/tendermint/lite" "github.com/tendermint/tendermint/lite/client" certerr "github.com/tendermint/tendermint/lite/errors" @@ -78,6 +80,7 @@ func GetWithProofOptions(path string, key []byte, opts rpcclient.ABCIQueryOption return nil, nil, err } + _ = commit return &ctypes.ResultABCIQuery{Response: resp}, nil, nil /* // TODO refactor so iavl stuff is not in tendermint core diff --git a/lite/proxy/wrapper.go b/lite/proxy/wrapper.go index 02f2f318b..e8aa011e1 100644 --- a/lite/proxy/wrapper.go +++ b/lite/proxy/wrapper.go @@ -1,6 +1,8 @@ package proxy import ( + cmn "github.com/tendermint/tmlibs/common" + "github.com/tendermint/tendermint/lite" certclient "github.com/tendermint/tendermint/lite/client" rpcclient "github.com/tendermint/tendermint/rpc/client" diff --git a/node/node.go b/node/node.go index cd1248f49..acf51a908 100644 --- a/node/node.go +++ b/node/node.go @@ -53,7 +53,8 @@ type DBProvider func(*DBContext) (dbm.DB, error) // DefaultDBProvider returns a database using the DBBackend and DBDir // specified in the ctx.Config. func DefaultDBProvider(ctx *DBContext) (dbm.DB, error) { - return dbm.NewDB(ctx.ID, ctx.Config.DBBackend, ctx.Config.DBDir()), nil + dbType := dbm.DBBackendType(ctx.Config.DBBackend) + return dbm.NewDB(ctx.ID, dbType, ctx.Config.DBDir()), nil } // GenesisDocProvider returns a GenesisDoc. diff --git a/rpc/core/types/responses.go b/rpc/core/types/responses.go index 79904efa7..e13edc843 100644 --- a/rpc/core/types/responses.go +++ b/rpc/core/types/responses.go @@ -6,6 +6,8 @@ import ( abci "github.com/tendermint/abci/types" crypto "github.com/tendermint/go-crypto" + cmn "github.com/tendermint/tmlibs/common" + cstypes "github.com/tendermint/tendermint/consensus/types" "github.com/tendermint/tendermint/p2p" "github.com/tendermint/tendermint/state" From bb2bdbc0e1297fa5624f331bfdeab9a42bfe36f6 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 15 Jan 2018 10:52:17 -0500 Subject: [PATCH 139/188] add missing element (tag.Value) to keyForTag encoded as %s. not sure this will work with raw bytes --- state/txindex/kv/kv.go | 2 +- state/txindex/kv/kv_test.go | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/state/txindex/kv/kv.go b/state/txindex/kv/kv.go index 90e64043a..ed4fcc8a6 100644 --- a/state/txindex/kv/kv.go +++ b/state/txindex/kv/kv.go @@ -377,7 +377,7 @@ func extractValueFromKey(key []byte) string { } func keyForTag(tag cmn.KVPair, result *types.TxResult) []byte { - return []byte(fmt.Sprintf("%s/%d/%d", tag.Key, result.Height, result.Index)) + return []byte(fmt.Sprintf("%s/%s/%d/%d", tag.Key, tag.Value, result.Height, result.Index)) } /////////////////////////////////////////////////////////////////////////////// diff --git a/state/txindex/kv/kv_test.go b/state/txindex/kv/kv_test.go index 4fdb71a04..ba2830e81 100644 --- a/state/txindex/kv/kv_test.go +++ b/state/txindex/kv/kv_test.go @@ -51,7 +51,7 @@ func TestTxSearch(t *testing.T) { indexer := NewTxIndex(db.NewMemDB(), IndexTags(allowedTags)) txResult := txResultWithTags([]cmn.KVPair{ - {Key: []byte("account.number"), Value: []byte{1}}, + {Key: []byte("account.number"), Value: []byte("1")}, {Key: []byte("account.owner"), Value: []byte("Ivan")}, {Key: []byte("not_allowed"), Value: []byte("Vlad")}, }) @@ -108,8 +108,8 @@ func TestTxSearchOneTxWithMultipleSameTagsButDifferentValues(t *testing.T) { indexer := NewTxIndex(db.NewMemDB(), IndexTags(allowedTags)) txResult := txResultWithTags([]cmn.KVPair{ - {Key: []byte("account.number"), Value: []byte{1}}, - {Key: []byte("account.number"), Value: []byte{2}}, + {Key: []byte("account.number"), Value: []byte("1")}, + {Key: []byte("account.number"), Value: []byte("2")}, }) err := indexer.Index(txResult) @@ -127,7 +127,7 @@ func TestIndexAllTags(t *testing.T) { txResult := txResultWithTags([]cmn.KVPair{ cmn.KVPair{[]byte("account.owner"), []byte("Ivan")}, - cmn.KVPair{[]byte("account.number"), []byte{1}}, + cmn.KVPair{[]byte("account.number"), []byte("1")}, }) err := indexer.Index(txResult) From d34286c421db76c4d4ff2b17f80a66386563c621 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 3 Feb 2018 03:54:49 -0500 Subject: [PATCH 140/188] minor fixes - tests pass --- consensus/byzantine_test.go | 2 +- rpc/lib/rpc_test.go | 4 +++- state/state_test.go | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/consensus/byzantine_test.go b/consensus/byzantine_test.go index faf65ecd1..38bb37474 100644 --- a/consensus/byzantine_test.go +++ b/consensus/byzantine_test.go @@ -280,7 +280,7 @@ func NewByzantinePrivValidator(pv types.PrivValidator) *ByzantinePrivValidator { } } -func (privVal *ByzantinePrivValidator) GetAddress() crypto.Address { +func (privVal *ByzantinePrivValidator) GetAddress() types.Address { return privVal.pv.GetAddress() } diff --git a/rpc/lib/rpc_test.go b/rpc/lib/rpc_test.go index 8c8b57612..cadc68f8e 100644 --- a/rpc/lib/rpc_test.go +++ b/rpc/lib/rpc_test.go @@ -17,10 +17,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + cmn "github.com/tendermint/tmlibs/common" + "github.com/tendermint/tmlibs/log" + client "github.com/tendermint/tendermint/rpc/lib/client" server "github.com/tendermint/tendermint/rpc/lib/server" types "github.com/tendermint/tendermint/rpc/lib/types" - "github.com/tendermint/tmlibs/log" ) // Client and Server should work over tcp or unix sockets diff --git a/state/state_test.go b/state/state_test.go index ff17eac9c..76b713aee 100644 --- a/state/state_test.go +++ b/state/state_test.go @@ -22,7 +22,8 @@ import ( // setupTestCase does setup common to all test cases func setupTestCase(t *testing.T) (func(t *testing.T), dbm.DB, State) { config := cfg.ResetTestRoot("state_") - stateDB := dbm.NewDB("state", config.DBBackend, config.DBDir()) + dbType := dbm.DBBackendType(config.DBBackend) + stateDB := dbm.NewDB("state", dbType, config.DBDir()) state, err := LoadStateFromDBOrGenesisFile(stateDB, config.GenesisFile()) assert.NoError(t, err, "expected no error on LoadStateFromDBOrGenesisFile") From abca9a2d6134206e0e145a675c2bad6c15fec155 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Sat, 3 Feb 2018 03:59:16 -0500 Subject: [PATCH 141/188] woops - bring back glide.lock file --- glide.lock | 205 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 205 insertions(+) create mode 100644 glide.lock diff --git a/glide.lock b/glide.lock new file mode 100644 index 000000000..801c9f4d6 --- /dev/null +++ b/glide.lock @@ -0,0 +1,205 @@ +hash: 78f23456c3ca7af06fc26e59107de92a7b208776643bda398b0a05348153da1b +updated: 2018-02-03T03:31:46.976175875-05:00 +imports: +- name: github.com/btcsuite/btcd + version: 50de9da05b50eb15658bb350f6ea24368a111ab7 + subpackages: + - btcec +- name: github.com/ebuchman/fail-test + version: 95f809107225be108efcf10a3509e4ea6ceef3c4 +- name: github.com/fsnotify/fsnotify + version: c2828203cd70a50dcccfb2761f8b1f8ceef9a8e9 +- name: github.com/go-kit/kit + version: 4dc7be5d2d12881735283bcab7352178e190fc71 + subpackages: + - log + - log/level + - log/term +- name: github.com/go-logfmt/logfmt + version: 390ab7935ee28ec6b286364bba9b4dd6410cb3d5 +- name: github.com/go-stack/stack + version: 259ab82a6cad3992b4e21ff5cac294ccb06474bc +- name: github.com/gogo/protobuf + version: 1adfc126b41513cc696b209667c8656ea7aac67c + subpackages: + - gogoproto + - jsonpb + - proto + - protoc-gen-gogo/descriptor + - sortkeys + - types +- name: github.com/golang/protobuf + version: bbd03ef6da3a115852eaf24c8a1c46aeb39aa175 + subpackages: + - proto + - ptypes + - ptypes/any + - ptypes/duration + - ptypes/timestamp +- name: github.com/golang/snappy + version: 553a641470496b2327abcac10b36396bd98e45c9 +- name: github.com/gorilla/websocket + version: ea4d1f681babbce9545c9c5f3d5194a789c89f5b +- name: github.com/hashicorp/hcl + version: 23c074d0eceb2b8a5bfdbb271ab780cde70f05a8 + subpackages: + - hcl/ast + - hcl/parser + - hcl/scanner + - hcl/strconv + - hcl/token + - json/parser + - json/scanner + - json/token +- name: github.com/inconshreveable/mousetrap + version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75 +- name: github.com/jmhodges/levigo + version: c42d9e0ca023e2198120196f842701bb4c55d7b9 +- name: github.com/kr/logfmt + version: b84e30acd515aadc4b783ad4ff83aff3299bdfe0 +- name: github.com/magiconair/properties + version: 49d762b9817ba1c2e9d0c69183c2b4a8b8f1d934 +- name: github.com/mitchellh/mapstructure + version: b4575eea38cca1123ec2dc90c26529b5c5acfcff +- name: github.com/pelletier/go-toml + version: acdc4509485b587f5e675510c4f2c63e90ff68a8 +- name: github.com/pkg/errors + version: 645ef00459ed84a119197bfb8d8205042c6df63d +- name: github.com/rcrowley/go-metrics + version: 8732c616f52954686704c8645fe1a9d59e9df7c1 +- name: github.com/spf13/afero + version: bb8f1927f2a9d3ab41c9340aa034f6b803f4359c + subpackages: + - mem +- name: github.com/spf13/cast + version: acbeb36b902d72a7a4c18e8f3241075e7ab763e4 +- name: github.com/spf13/cobra + version: 7b2c5ac9fc04fc5efafb60700713d4fa609b777b +- name: github.com/spf13/jwalterweatherman + version: 7c0cea34c8ece3fbeb2b27ab9b59511d360fb394 +- name: github.com/spf13/pflag + version: 4c012f6dcd9546820e378d0bdda4d8fc772cdfea +- name: github.com/spf13/viper + version: 25b30aa063fc18e48662b86996252eabdcf2f0c7 +- name: github.com/syndtr/goleveldb + version: 211f780988068502fe874c44dae530528ebd840f + subpackages: + - leveldb + - leveldb/cache + - leveldb/comparer + - leveldb/errors + - leveldb/filter + - leveldb/iterator + - leveldb/journal + - leveldb/memdb + - leveldb/opt + - leveldb/storage + - leveldb/table + - leveldb/util +- name: github.com/tendermint/abci + version: 5a4f56056e23cdfd5f3733db056968e016468508 + subpackages: + - client + - example/code + - example/counter + - example/dummy + - server + - types +- name: github.com/tendermint/ed25519 + version: d8387025d2b9d158cf4efb07e7ebf814bcce2057 + subpackages: + - edwards25519 + - extra25519 +- name: github.com/tendermint/go-crypto + version: dd20358a264c772b4a83e477b0cfce4c88a7001d +- name: github.com/tendermint/go-wire + version: b6fc872b42d41158a60307db4da051dd6f179415 + subpackages: + - data + - nowriter/tmlegacy +- name: github.com/tendermint/tmlibs + version: deaaf014d8b8d1095054380a38b1b00e293f725f + subpackages: + - autofile + - cli + - cli/flags + - clist + - common + - db + - flowrate + - log + - merkle + - pubsub + - pubsub/query + - test +- name: golang.org/x/crypto + version: 1875d0a70c90e57f11972aefd42276df65e895b9 + subpackages: + - curve25519 + - nacl/box + - nacl/secretbox + - openpgp/armor + - openpgp/errors + - poly1305 + - ripemd160 + - salsa20/salsa +- name: golang.org/x/net + version: 2fb46b16b8dda405028c50f7c7f0f9dd1fa6bfb1 + subpackages: + - context + - http2 + - http2/hpack + - idna + - internal/timeseries + - lex/httplex + - trace +- name: golang.org/x/sys + version: 37707fdb30a5b38865cfb95e5aab41707daec7fd + subpackages: + - unix +- name: golang.org/x/text + version: e19ae1496984b1c655b8044a65c0300a3c878dd3 + subpackages: + - secure/bidirule + - transform + - unicode/bidi + - unicode/norm +- name: google.golang.org/genproto + version: 4eb30f4778eed4c258ba66527a0d4f9ec8a36c45 + subpackages: + - googleapis/rpc/status +- name: google.golang.org/grpc + version: 401e0e00e4bb830a10496d64cd95e068c5bf50de + subpackages: + - balancer + - codes + - connectivity + - credentials + - grpclb/grpc_lb_v1/messages + - grpclog + - internal + - keepalive + - metadata + - naming + - peer + - resolver + - stats + - status + - tap + - transport +- name: gopkg.in/yaml.v2 + version: d670f9405373e636a5a2765eea47fac0c9bc91a4 +testImports: +- name: github.com/davecgh/go-spew + version: 346938d642f2ec3594ed81d874461961cd0faa76 + subpackages: + - spew +- name: github.com/pmezard/go-difflib + version: 792786c7400a136282c1664665ae0a8db921c6c2 + subpackages: + - difflib +- name: github.com/stretchr/testify + version: a726187e3128d0a0ec37f73ca7c4d3e508e6c2e5 + subpackages: + - assert + - require From 202d9a2c0c0168a7c2dfcf60e69c80d16090a78a Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 30 Jan 2018 12:28:05 +0400 Subject: [PATCH 142/188] fix memory leak in mempool reactor Leaking goroutine: ``` 114 @ 0x42f2bc 0x42f3ae 0x440794 0x4403b9 0x468002 0x9fe32d 0x9ff78f 0xa025ed 0x45e571 ``` Explanation: it blocks on an empty clist forever. so unless theres txs coming in, this go routine will just sit there, holding onto the peer too. if we're constantly reconnecting to some peer, old instances are not garbage collected, leading to memory leak. Fixes https://github.com/cosmos/gaia/issues/108 Previous attempt https://github.com/tendermint/tendermint/pull/1156 --- glide.lock | 2 ++ glide.yaml | 1 + mempool/reactor.go | 49 ++++++++++++++++++++++++++++--------- mempool/reactor_test.go | 53 +++++++++++++++++++++++++++++++++++++++-- 4 files changed, 92 insertions(+), 13 deletions(-) diff --git a/glide.lock b/glide.lock index 801c9f4d6..61107006a 100644 --- a/glide.lock +++ b/glide.lock @@ -203,3 +203,5 @@ testImports: subpackages: - assert - require +- name: github.com/fortytw2/leaktest + version: 3b724c3d7b8729a35bf4e577f71653aec6e53513 diff --git a/glide.yaml b/glide.yaml index c2726708f..238110c29 100644 --- a/glide.yaml +++ b/glide.yaml @@ -61,3 +61,4 @@ testImport: subpackages: - assert - require +- package: github.com/fortytw2/leaktest diff --git a/mempool/reactor.go b/mempool/reactor.go index 4e43bb0c5..66f32dd9c 100644 --- a/mempool/reactor.go +++ b/mempool/reactor.go @@ -2,6 +2,7 @@ package mempool import ( "bytes" + "context" "fmt" "reflect" "time" @@ -101,24 +102,39 @@ type PeerState interface { } // Send new mempool txs to peer. -// TODO: Handle mempool or reactor shutdown - as is this routine -// may block forever if no new txs come in. func (memR *MempoolReactor) broadcastTxRoutine(peer p2p.Peer) { if !memR.config.Broadcast { return } + // used to abort waiting until a tx available + // otherwise TxsFrontWait/NextWait could block forever if there are + // no txs + ctx, cancel := context.WithCancel(context.Background()) + go func() { + const healthCheckInterval = 5 * time.Second + for { + if !memR.IsRunning() || !peer.IsRunning() { + cancel() + return + } + time.Sleep(healthCheckInterval) + } + }() + var next *clist.CElement for { - if !memR.IsRunning() || !peer.IsRunning() { - return // Quit! - } + // This happens because the CElement we were looking at got + // garbage collected (removed). That is, .NextWait() returned nil. + // Go ahead and start from the beginning. if next == nil { - // This happens because the CElement we were looking at got - // garbage collected (removed). That is, .NextWait() returned nil. - // Go ahead and start from the beginning. - next = memR.Mempool.TxsFrontWait() // Wait until a tx is available + // Wait until a tx is available + next = waitWithCancel(memR.Mempool.TxsFrontWait, ctx) + if ctx.Err() != nil { + return + } } + memTx := next.Value.(*mempoolTx) // make sure the peer is up to date height := memTx.Height() @@ -136,9 +152,20 @@ func (memR *MempoolReactor) broadcastTxRoutine(peer p2p.Peer) { time.Sleep(peerCatchupSleepIntervalMS * time.Millisecond) continue } + next = waitWithCancel(next.NextWait, ctx) + if ctx.Err() != nil { + return + } + } +} - next = next.NextWait() - continue +func waitWithCancel(f func() *clist.CElement, ctx context.Context) *clist.CElement { + el := make(chan *clist.CElement, 1) + select { + case el <- f(): + return <-el + case <-ctx.Done(): + return nil } } diff --git a/mempool/reactor_test.go b/mempool/reactor_test.go index 45458a983..3cbc57481 100644 --- a/mempool/reactor_test.go +++ b/mempool/reactor_test.go @@ -6,6 +6,8 @@ import ( "testing" "time" + "github.com/fortytw2/leaktest" + "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/go-kit/kit/log/term" @@ -91,18 +93,65 @@ func _waitForTxs(t *testing.T, wg *sync.WaitGroup, txs types.Txs, reactorIdx int wg.Done() } -var ( +const ( NUM_TXS = 1000 TIMEOUT = 120 * time.Second // ridiculously high because CircleCI is slow ) func TestReactorBroadcastTxMessage(t *testing.T) { config := cfg.TestConfig() - N := 4 + const N = 4 reactors := makeAndConnectMempoolReactors(config, N) + defer func() { + for _, r := range reactors { + r.Stop() + } + }() // send a bunch of txs to the first reactor's mempool // and wait for them all to be received in the others txs := checkTxs(t, reactors[0].Mempool, NUM_TXS) waitForTxs(t, txs, reactors) } + +func TestBroadcastTxForPeerStopsWhenPeerStops(t *testing.T) { + if testing.Short() { + t.Skip("skipping test in short mode.") + } + + config := cfg.TestConfig() + const N = 2 + reactors := makeAndConnectMempoolReactors(config, N) + defer func() { + for _, r := range reactors { + r.Stop() + } + }() + + // stop peer + sw := reactors[1].Switch + sw.StopPeerForError(sw.Peers().List()[0], errors.New("some reason")) + + // check that we are not leaking any go-routines + // i.e. broadcastTxRoutine finishes when peer is stopped + leaktest.CheckTimeout(t, 10*time.Second)() +} + +func TestBroadcastTxForPeerStopsWhenReactorStops(t *testing.T) { + if testing.Short() { + t.Skip("skipping test in short mode.") + } + + config := cfg.TestConfig() + const N = 2 + reactors := makeAndConnectMempoolReactors(config, N) + + // stop reactors + for _, r := range reactors { + r.Stop() + } + + // check that we are not leaking any go-routines + // i.e. broadcastTxRoutine finishes when reactor is stopped + leaktest.CheckTimeout(t, 10*time.Second)() +} From 11b68f1934c1cbc038d06c6538a0ed57ab84788c Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 1 Feb 2018 18:33:33 +0400 Subject: [PATCH 143/188] rewrite broadcastTxRoutine to use channels https://play.golang.org/p/gN21yO9IRs3 ``` func waitWithCancel(f func() *clist.CElement, ctx context.Context) *clist.CElement { el := make(chan *clist.CElement, 1) select { case el <- f(): ``` will just run f() blockingly, so this doesn't change much in terms of behavior. --- blockchain/reactor_test.go | 12 +++++---- glide.lock | 15 ++++++----- glide.yaml | 6 ++++- mempool/mempool.go | 15 ++++++++--- mempool/reactor.go | 53 +++++++++++++------------------------ p2p/peer.go | 6 +++++ p2p/pex/pex_reactor_test.go | 1 + 7 files changed, 58 insertions(+), 50 deletions(-) diff --git a/blockchain/reactor_test.go b/blockchain/reactor_test.go index 26747ea69..9775d38a9 100644 --- a/blockchain/reactor_test.go +++ b/blockchain/reactor_test.go @@ -157,7 +157,7 @@ func makeBlock(height int64, state sm.State) *types.Block { // The Test peer type bcrTestPeer struct { - cmn.Service + *cmn.BaseService id p2p.ID ch chan interface{} } @@ -165,11 +165,12 @@ type bcrTestPeer struct { var _ p2p.Peer = (*bcrTestPeer)(nil) func newbcrTestPeer(id p2p.ID) *bcrTestPeer { - return &bcrTestPeer{ - Service: cmn.NewBaseService(nil, "bcrTestPeer", nil), - id: id, - ch: make(chan interface{}, 2), + bcr := &bcrTestPeer{ + id: id, + ch: make(chan interface{}, 2), } + bcr.BaseService = cmn.NewBaseService(nil, "bcrTestPeer", bcr) + return bcr } func (tp *bcrTestPeer) lastValue() interface{} { return <-tp.ch } @@ -195,3 +196,4 @@ func (tp *bcrTestPeer) IsOutbound() bool { return false } func (tp *bcrTestPeer) IsPersistent() bool { return true } func (tp *bcrTestPeer) Get(s string) interface{} { return s } func (tp *bcrTestPeer) Set(string, interface{}) {} +func (tp *bcrTestPeer) QuitChan() <-chan struct{} { return tp.Quit } diff --git a/glide.lock b/glide.lock index 61107006a..333314c1f 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 78f23456c3ca7af06fc26e59107de92a7b208776643bda398b0a05348153da1b -updated: 2018-02-03T03:31:46.976175875-05:00 +hash: 94a3f8a3cf531e0cdde8bc160a2f4bab6f269d99a9a9633404e5badb0481f02c +updated: 2018-02-05T10:04:25.7693634Z imports: - name: github.com/btcsuite/btcd version: 50de9da05b50eb15658bb350f6ea24368a111ab7 @@ -116,9 +116,12 @@ imports: version: b6fc872b42d41158a60307db4da051dd6f179415 subpackages: - data - - nowriter/tmlegacy +- name: github.com/tendermint/iavl + version: 1a59ec0c82dc940c25339dd7c834df5cb76a95cb + subpackages: + - iavl - name: github.com/tendermint/tmlibs - version: deaaf014d8b8d1095054380a38b1b00e293f725f + version: 51684dabf79c2079f32cc25d6bccb748ee098386 subpackages: - autofile - cli @@ -194,6 +197,8 @@ testImports: version: 346938d642f2ec3594ed81d874461961cd0faa76 subpackages: - spew +- name: github.com/fortytw2/leaktest + version: 3b724c3d7b8729a35bf4e577f71653aec6e53513 - name: github.com/pmezard/go-difflib version: 792786c7400a136282c1664665ae0a8db921c6c2 subpackages: @@ -203,5 +208,3 @@ testImports: subpackages: - assert - require -- name: github.com/fortytw2/leaktest - version: 3b724c3d7b8729a35bf4e577f71653aec6e53513 diff --git a/glide.yaml b/glide.yaml index 238110c29..da72cf178 100644 --- a/glide.yaml +++ b/glide.yaml @@ -29,9 +29,13 @@ import: version: master subpackages: - data -- package: github.com/tendermint/tmlibs +- package: github.com/tendermint/iavl version: develop subpackages: + - iavl +- package: github.com/tendermint/tmlibs + version: 51684dabf79c2079f32cc25d6bccb748ee098386 + subpackages: - autofile - cli - cli/flags diff --git a/mempool/mempool.go b/mempool/mempool.go index 0cdd1dee3..ec4f98478 100644 --- a/mempool/mempool.go +++ b/mempool/mempool.go @@ -178,10 +178,17 @@ func (mem *Mempool) Flush() { } } -// TxsFrontWait returns the first transaction in the ordered list for peer goroutines to call .NextWait() on. -// It blocks until the mempool is not empty (ie. until the internal `mem.txs` has at least one element) -func (mem *Mempool) TxsFrontWait() *clist.CElement { - return mem.txs.FrontWait() +// TxsFront returns the first transaction in the ordered list for peer +// goroutines to call .NextWait() on. +func (mem *Mempool) TxsFront() *clist.CElement { + return mem.txs.Front() +} + +// TxsWaitChan returns a channel to wait on transactions. It will be closed +// once the mempool is not empty (ie. the internal `mem.txs` has at least one +// element) +func (mem *Mempool) TxsWaitChan() <-chan struct{} { + return mem.txs.WaitChan() } // CheckTx executes a new transaction against the application to determine its validity diff --git a/mempool/reactor.go b/mempool/reactor.go index 66f32dd9c..98c83337c 100644 --- a/mempool/reactor.go +++ b/mempool/reactor.go @@ -2,7 +2,6 @@ package mempool import ( "bytes" - "context" "fmt" "reflect" "time" @@ -107,30 +106,20 @@ func (memR *MempoolReactor) broadcastTxRoutine(peer p2p.Peer) { return } - // used to abort waiting until a tx available - // otherwise TxsFrontWait/NextWait could block forever if there are - // no txs - ctx, cancel := context.WithCancel(context.Background()) - go func() { - const healthCheckInterval = 5 * time.Second - for { - if !memR.IsRunning() || !peer.IsRunning() { - cancel() - return - } - time.Sleep(healthCheckInterval) - } - }() - var next *clist.CElement for { - // This happens because the CElement we were looking at got - // garbage collected (removed). That is, .NextWait() returned nil. - // Go ahead and start from the beginning. + // This happens because the CElement we were looking at got garbage + // collected (removed). That is, .NextWait() returned nil. Go ahead and + // start from the beginning. if next == nil { - // Wait until a tx is available - next = waitWithCancel(memR.Mempool.TxsFrontWait, ctx) - if ctx.Err() != nil { + select { + case <-memR.Mempool.TxsWaitChan(): // Wait until a tx is available + if next = memR.Mempool.TxsFront(); next == nil { + continue + } + case <-peer.QuitChan(): + return + case <-memR.Quit: return } } @@ -152,23 +141,19 @@ func (memR *MempoolReactor) broadcastTxRoutine(peer p2p.Peer) { time.Sleep(peerCatchupSleepIntervalMS * time.Millisecond) continue } - next = waitWithCancel(next.NextWait, ctx) - if ctx.Err() != nil { + + select { + case <-next.NextWaitChan(): + // see the start of the for loop for nil check + next = next.Next() + case <-peer.QuitChan(): + return + case <-memR.Quit: return } } } -func waitWithCancel(f func() *clist.CElement, ctx context.Context) *clist.CElement { - el := make(chan *clist.CElement, 1) - select { - case el <- f(): - return <-el - case <-ctx.Done(): - return nil - } -} - //----------------------------------------------------------------------------- // Messages diff --git a/p2p/peer.go b/p2p/peer.go index 67ce411cd..cff99ad1f 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -18,6 +18,7 @@ import ( // Peer is an interface representing a peer connected on a reactor. type Peer interface { cmn.Service + QuitChan() <-chan struct{} ID() ID // peer's cryptographic ID IsOutbound() bool // did we dial the peer @@ -331,6 +332,11 @@ func (p *peer) String() string { return fmt.Sprintf("Peer{%v %v in}", p.mconn, p.ID()) } +// QuitChan returns a channel, which will be closed once peer is stopped. +func (p *peer) QuitChan() <-chan struct{} { + return p.Quit +} + //------------------------------------------------------------------ // helper funcs diff --git a/p2p/pex/pex_reactor_test.go b/p2p/pex/pex_reactor_test.go index 82dafecd4..6aeb7a3c7 100644 --- a/p2p/pex/pex_reactor_test.go +++ b/p2p/pex/pex_reactor_test.go @@ -368,3 +368,4 @@ func (mp mockPeer) Send(byte, interface{}) bool { return false } func (mp mockPeer) TrySend(byte, interface{}) bool { return false } func (mp mockPeer) Set(string, interface{}) {} func (mp mockPeer) Get(string) interface{} { return nil } +func (mp mockPeer) QuitChan() <-chan struct{} { return mp.Quit } From 84a0a1987cc80fa1fa509f01d86ea113fc1ba1e6 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 5 Feb 2018 22:26:14 +0400 Subject: [PATCH 144/188] comment out tests for now https://github.com/tendermint/tendermint/pull/1173#issuecomment-363173047 --- mempool/reactor_test.go | 70 ++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 36 deletions(-) diff --git a/mempool/reactor_test.go b/mempool/reactor_test.go index 3cbc57481..9f0b5b48b 100644 --- a/mempool/reactor_test.go +++ b/mempool/reactor_test.go @@ -6,8 +6,6 @@ import ( "testing" "time" - "github.com/fortytw2/leaktest" - "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/go-kit/kit/log/term" @@ -114,44 +112,44 @@ func TestReactorBroadcastTxMessage(t *testing.T) { waitForTxs(t, txs, reactors) } -func TestBroadcastTxForPeerStopsWhenPeerStops(t *testing.T) { - if testing.Short() { - t.Skip("skipping test in short mode.") - } +// func TestBroadcastTxForPeerStopsWhenPeerStops(t *testing.T) { +// if testing.Short() { +// t.Skip("skipping test in short mode.") +// } - config := cfg.TestConfig() - const N = 2 - reactors := makeAndConnectMempoolReactors(config, N) - defer func() { - for _, r := range reactors { - r.Stop() - } - }() +// config := cfg.TestConfig() +// const N = 2 +// reactors := makeAndConnectMempoolReactors(config, N) +// defer func() { +// for _, r := range reactors { +// r.Stop() +// } +// }() - // stop peer - sw := reactors[1].Switch - sw.StopPeerForError(sw.Peers().List()[0], errors.New("some reason")) +// // stop peer +// sw := reactors[1].Switch +// sw.StopPeerForError(sw.Peers().List()[0], errors.New("some reason")) - // check that we are not leaking any go-routines - // i.e. broadcastTxRoutine finishes when peer is stopped - leaktest.CheckTimeout(t, 10*time.Second)() -} +// // check that we are not leaking any go-routines +// // i.e. broadcastTxRoutine finishes when peer is stopped +// leaktest.CheckTimeout(t, 10*time.Second)() +// } -func TestBroadcastTxForPeerStopsWhenReactorStops(t *testing.T) { - if testing.Short() { - t.Skip("skipping test in short mode.") - } +// func TestBroadcastTxForPeerStopsWhenReactorStops(t *testing.T) { +// if testing.Short() { +// t.Skip("skipping test in short mode.") +// } - config := cfg.TestConfig() - const N = 2 - reactors := makeAndConnectMempoolReactors(config, N) +// config := cfg.TestConfig() +// const N = 2 +// reactors := makeAndConnectMempoolReactors(config, N) - // stop reactors - for _, r := range reactors { - r.Stop() - } +// // stop reactors +// for _, r := range reactors { +// r.Stop() +// } - // check that we are not leaking any go-routines - // i.e. broadcastTxRoutine finishes when reactor is stopped - leaktest.CheckTimeout(t, 10*time.Second)() -} +// // check that we are not leaking any go-routines +// // i.e. broadcastTxRoutine finishes when reactor is stopped +// leaktest.CheckTimeout(t, 10*time.Second)() +// } From 945b0e6ecafaa8cf974262e518e21f0d1f19d8ed Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 5 Feb 2018 22:38:31 +0400 Subject: [PATCH 145/188] cleanup glide.yaml --- glide.lock | 8 ++------ glide.yaml | 10 ++-------- 2 files changed, 4 insertions(+), 14 deletions(-) diff --git a/glide.lock b/glide.lock index 333314c1f..cfb28d137 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 94a3f8a3cf531e0cdde8bc160a2f4bab6f269d99a9a9633404e5badb0481f02c -updated: 2018-02-05T10:04:25.7693634Z +hash: 8aeec731d864d5d3008b4403c3229800148c9b472969ef6e5181a8c93ac1f4c8 +updated: 2018-02-05T18:46:05.226387951Z imports: - name: github.com/btcsuite/btcd version: 50de9da05b50eb15658bb350f6ea24368a111ab7 @@ -116,10 +116,6 @@ imports: version: b6fc872b42d41158a60307db4da051dd6f179415 subpackages: - data -- name: github.com/tendermint/iavl - version: 1a59ec0c82dc940c25339dd7c834df5cb76a95cb - subpackages: - - iavl - name: github.com/tendermint/tmlibs version: 51684dabf79c2079f32cc25d6bccb748ee098386 subpackages: diff --git a/glide.yaml b/glide.yaml index da72cf178..fe8747817 100644 --- a/glide.yaml +++ b/glide.yaml @@ -29,10 +29,6 @@ import: version: master subpackages: - data -- package: github.com/tendermint/iavl - version: develop - subpackages: - - iavl - package: github.com/tendermint/tmlibs version: 51684dabf79c2079f32cc25d6bccb748ee098386 subpackages: @@ -46,17 +42,16 @@ import: - log - merkle - pubsub + - pubsub/query - package: golang.org/x/crypto subpackages: - nacl/box - nacl/secretbox - ripemd160 -- package: golang.org/x/net - subpackages: - - context - package: google.golang.org/grpc version: v1.7.3 testImport: +- package: github.com/fortytw2/leaktest - package: github.com/go-kit/kit version: ^0.6.0 subpackages: @@ -65,4 +60,3 @@ testImport: subpackages: - assert - require -- package: github.com/fortytw2/leaktest From f37c502fd82e581a21e668c4d636b4c7d0df9fc9 Mon Sep 17 00:00:00 2001 From: Luke Schoen Date: Tue, 6 Feb 2018 16:00:51 +1100 Subject: [PATCH 146/188] Update getting-started.rst with Python 3 example --- docs/getting-started.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started.rst b/docs/getting-started.rst index 26f6b7897..0122d08bc 100644 --- a/docs/getting-started.rst +++ b/docs/getting-started.rst @@ -147,7 +147,7 @@ The result should look like: Note the ``value`` in the result (``61626364``); this is the hex-encoding of the ASCII of ``abcd``. You can verify this in -a python shell by running ``"61626364".decode('hex')``. Stay +a python 2 shell by running ``"61626364".decode('hex')`` or in python 3 shell by running ``import codecs; codecs.decode("61626364", 'hex').decode('ascii')``. Stay tuned for a future release that `makes this output more human-readable `__. Now let's try setting a different key and value: From 15ef57c6d083134cd3be0920a31139ecf9ba4bfc Mon Sep 17 00:00:00 2001 From: Emmanuel Odeke Date: Mon, 5 Feb 2018 23:34:11 -0800 Subject: [PATCH 147/188] types: TxEventBuffer.Flush now uses capacity preserving slice clearing idiom Fixes https://github.com/tendermint/tendermint/issues/1189 For every TxEventBuffer.Flush() invoking, we were invoking a: b.events = make([]EventDataTx, 0, b.capacity) whose intention is to innocently clear the events slice but maintain the underlying capacity. However, unfortunately this is memory and garbage collection intensive which is linear in the number of events added. If an attack had access to our code somehow, invoking .Flush() in tight loops would be a sure way to cause huge GC pressure, and say if they added about 1e9 events maliciously, every Flush() would take at least 3.2seconds which is enough to now control our application. The new using of the capacity preserving slice clearing idiom takes a constant time regardless of the number of elements with zero allocations so we are killing many birds with one stone i.e b.events = b.events[:0] For benchmarking results, please see https://gist.github.com/odeke-em/532c14ab67d71c9c0b95518a7a526058 for a reference on how things can get out of hand easily. --- types/event_buffer.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/types/event_buffer.go b/types/event_buffer.go index 6f236e8ef..18b41014e 100644 --- a/types/event_buffer.go +++ b/types/event_buffer.go @@ -41,6 +41,10 @@ func (b *TxEventBuffer) Flush() error { return err } } - b.events = make([]EventDataTx, 0, b.capacity) + + // Clear out the elements and set the length to 0 + // but maintain the underlying slice's capacity. + // See Issue https://github.com/tendermint/tendermint/issues/1189 + b.events = b.events[:0] return nil } From 6c8d7a8c19bc3cbea627aed3b81bf1b93a96d445 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 8 Jan 2018 16:41:23 -0600 Subject: [PATCH 148/188] deterministic tooling for releases get rid of gox build target builds inside docker, dev-build - locally Revert "build target builds inside docker, dev-build - locally" This reverts commit 8ba89d5e8c5668e3839ff49952a9166d1158f6e8. add build tags to make build/build_race/install use tendermint's fork of glide instead of tar.gz remove TMHOME unused var + set length for git hash get rid of GOTOOLS_CHECK fixes after review zip needed for distribution --- Makefile | 24 ++++++------ Vagrantfile | 2 +- scripts/dist.sh | 54 +++++++++++++++++++++------ scripts/dist_build.sh | 51 ------------------------- scripts/release.sh | 6 +-- scripts/tendermint-builder/Dockerfile | 12 ------ 6 files changed, 58 insertions(+), 91 deletions(-) delete mode 100755 scripts/dist_build.sh delete mode 100644 scripts/tendermint-builder/Dockerfile diff --git a/Makefile b/Makefile index 5fd599cce..c765d078f 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,9 @@ GOTOOLS = \ - github.com/mitchellh/gox \ - github.com/Masterminds/glide \ - github.com/tcnksm/ghr \ + github.com/tendermint/glide \ # gopkg.in/alecthomas/gometalinter.v2 -GOTOOLS_CHECK = gox glide ghr gometalinter.v2 PACKAGES=$(shell go list ./... | grep -v '/vendor/') BUILD_TAGS?=tendermint -TMHOME = $${TMHOME:-$$HOME/.tendermint} -BUILD_FLAGS = -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=`git rev-parse --short HEAD`" +BUILD_FLAGS = -ldflags "-X github.com/tendermint/tendermint/version.GitCommit=`git rev-parse --short=8 HEAD`" all: check build test install @@ -18,25 +14,27 @@ check: check_tools get_vendor_deps ### Build build: - go build $(BUILD_FLAGS) -o build/tendermint ./cmd/tendermint/ + go build $(BUILD_FLAGS) -tags '$(BUILD_TAGS)' -o build/tendermint ./cmd/tendermint/ build_race: - go build -race $(BUILD_FLAGS) -o build/tendermint ./cmd/tendermint + go build -race $(BUILD_FLAGS) -tags '$(BUILD_TAGS)' -o build/tendermint ./cmd/tendermint + +install: + go install $(BUILD_FLAGS) -tags '$(BUILD_TAGS)' ./cmd/tendermint + +######################################## +### Distribution # dist builds binaries for all platforms and packages them for distribution dist: @BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/dist.sh'" -install: - go install $(BUILD_FLAGS) ./cmd/tendermint - - ######################################## ### Tools & dependencies check_tools: @# https://stackoverflow.com/a/25668869 - @echo "Found tools: $(foreach tool,$(GOTOOLS_CHECK),\ + @echo "Found tools: $(foreach tool,$(notdir $(GOTOOLS)),\ $(if $(shell which $(tool)),$(tool),$(error "No $(tool) in PATH")))" get_tools: diff --git a/Vagrantfile b/Vagrantfile index ee878649d..ac8da0cc1 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -21,7 +21,7 @@ Vagrant.configure("2") do |config| # install base requirements apt-get update - apt-get install -y --no-install-recommends wget curl jq \ + apt-get install -y --no-install-recommends wget curl jq zip \ make shellcheck bsdmainutils psmisc apt-get install -y docker-ce golang-1.9-go apt-get install -y language-pack-en diff --git a/scripts/dist.sh b/scripts/dist.sh index c144c7fdd..40aa71e98 100755 --- a/scripts/dist.sh +++ b/scripts/dist.sh @@ -1,6 +1,9 @@ #!/usr/bin/env bash set -e +# WARN: non hermetic build (people must run this script inside docker to +# produce deterministic binaries). + # Get the version from the environment, or try to figure it out. if [ -z $VERSION ]; then VERSION=$(awk -F\" '/Version =/ { print $2; exit }' < version/version.go) @@ -11,22 +14,51 @@ if [ -z "$VERSION" ]; then fi echo "==> Building version $VERSION..." -# Get the parent directory of where this script is. -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done -DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )" - -# Change into that dir because we expect that. -cd "$DIR" - # Delete the old dir echo "==> Removing old directory..." rm -rf build/pkg mkdir -p build/pkg -# Do a hermetic build inside a Docker container. -docker build -t tendermint/tendermint-builder scripts/tendermint-builder/ -docker run --rm -e "BUILD_TAGS=$BUILD_TAGS" -v "$(pwd)":/go/src/github.com/tendermint/tendermint tendermint/tendermint-builder ./scripts/dist_build.sh +# Get the git commit +GIT_COMMIT="$(git rev-parse --short=8 HEAD)" +GIT_IMPORT="github.com/tendermint/tendermint/version" + +# Determine the arch/os combos we're building for +XC_ARCH=${XC_ARCH:-"386 amd64 arm"} +XC_OS=${XC_OS:-"solaris darwin freebsd linux windows"} +XC_EXCLUDE=${XC_EXCLUDE:-" darwin/arm solaris/amd64 solaris/386 solaris/arm freebsd/amd64 windows/arm "} + +# Make sure build tools are available. +make get_tools + +# Get VENDORED dependencies +make get_vendor_deps + +# Build! +# ldflags: -s Omit the symbol table and debug information. +# -w Omit the DWARF symbol table. +echo "==> Building..." +IFS=' ' read -ra arch_list <<< "$XC_ARCH" +IFS=' ' read -ra os_list <<< "$XC_OS" +for arch in "${arch_list[@]}"; do + for os in "${os_list[@]}"; do + if [[ "$XC_EXCLUDE" != *" $os/$arch "* ]]; then + echo "--> $os/$arch" + GOOS=${os} GOARCH=${arch} go build -ldflags "-s -w -X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}" -tags="${BUILD_TAGS}" -o "build/pkg/${os}_${arch}/tendermint" ./cmd/tendermint + fi + done +done + +# Zip all the files. +echo "==> Packaging..." +for PLATFORM in $(find ./build/pkg -mindepth 1 -maxdepth 1 -type d); do + OSARCH=$(basename "${PLATFORM}") + echo "--> ${OSARCH}" + + pushd "$PLATFORM" >/dev/null 2>&1 + zip "../${OSARCH}.zip" ./* + popd >/dev/null 2>&1 +done # Add "tendermint" and $VERSION prefix to package name. rm -rf ./build/dist diff --git a/scripts/dist_build.sh b/scripts/dist_build.sh deleted file mode 100755 index 337fbacab..000000000 --- a/scripts/dist_build.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash -set -e - -# Get the parent directory of where this script is. -SOURCE="${BASH_SOURCE[0]}" -while [ -h "$SOURCE" ] ; do SOURCE="$(readlink "$SOURCE")"; done -DIR="$( cd -P "$( dirname "$SOURCE" )/.." && pwd )" - -# Change into that dir because we expect that. -cd "$DIR" - -# Get the git commit -GIT_COMMIT="$(git rev-parse --short HEAD)" -GIT_IMPORT="github.com/tendermint/tendermint/version" - -# Determine the arch/os combos we're building for -XC_ARCH=${XC_ARCH:-"386 amd64 arm"} -XC_OS=${XC_OS:-"solaris darwin freebsd linux windows"} - -# Make sure build tools are available. -# TODO: Tools should be "vendored" too. -make get_tools - -# Get VENDORED dependencies -make get_vendor_deps - -# Build! -# ldflags: -s Omit the symbol table and debug information. -# -w Omit the DWARF symbol table. -echo "==> Building..." -"$(which gox)" \ - -os="${XC_OS}" \ - -arch="${XC_ARCH}" \ - -osarch="!darwin/arm !solaris/amd64 !freebsd/amd64" \ - -ldflags "-s -w -X ${GIT_IMPORT}.GitCommit=${GIT_COMMIT}" \ - -output "build/pkg/{{.OS}}_{{.Arch}}/tendermint" \ - -tags="${BUILD_TAGS}" \ - github.com/tendermint/tendermint/cmd/tendermint - -# Zip all the files. -echo "==> Packaging..." -for PLATFORM in $(find ./build/pkg -mindepth 1 -maxdepth 1 -type d); do - OSARCH=$(basename "${PLATFORM}") - echo "--> ${OSARCH}" - - pushd "$PLATFORM" >/dev/null 2>&1 - zip "../${OSARCH}.zip" ./* - popd >/dev/null 2>&1 -done - -exit 0 diff --git a/scripts/release.sh b/scripts/release.sh index 02899ad5d..9a4e508e1 100755 --- a/scripts/release.sh +++ b/scripts/release.sh @@ -25,9 +25,9 @@ sh -c "'$DIR/scripts/dist.sh'" # Pushing binaries to S3 sh -c "'$DIR/scripts/publish.sh'" -echo "==> Crafting a Github release" -today=$(date +"%B-%d-%Y") -ghr -b "https://github.com/tendermint/tendermint/blob/master/CHANGELOG.md#${VERSION//.}-${today,}" "v$VERSION" "$DIR/build/dist" +# echo "==> Crafting a Github release" +# today=$(date +"%B-%d-%Y") +# ghr -b "https://github.com/tendermint/tendermint/blob/master/CHANGELOG.md#${VERSION//.}-${today,}" "v$VERSION" "$DIR/build/dist" # Build and push Docker image diff --git a/scripts/tendermint-builder/Dockerfile b/scripts/tendermint-builder/Dockerfile deleted file mode 100644 index 2d3c0ef5d..000000000 --- a/scripts/tendermint-builder/Dockerfile +++ /dev/null @@ -1,12 +0,0 @@ -FROM golang:1.9.2 - -RUN apt-get update && apt-get install -y --no-install-recommends \ - zip \ - && rm -rf /var/lib/apt/lists/* - -# We want to ensure that release builds never have any cgo dependencies so we -# switch that off at the highest level. -ENV CGO_ENABLED 0 - -RUN mkdir -p $GOPATH/src/github.com/tendermint/tendermint -WORKDIR $GOPATH/src/github.com/tendermint/tendermint From b0ca8a0872b27c1518bb66f85fdaded40fbe6267 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 7 Feb 2018 12:01:01 +0400 Subject: [PATCH 149/188] With must be called on log.filter, otherwise "main" entries get filtered Also, we should allow "main" module to log INFO messages like ``` I[02-07|07:57:25.074] Found private validator module=main path=/home/vagrant/.tendermint/config/priv_validator.json I[02-07|07:57:25.076] Found genesis file module=main path=/home/vagrant/.tendermint/config/genesis.json ``` Refs https://github.com/cosmos/gaia/issues/118 **BEFORE**: ``` $ tendermint init ``` **AFTER**: ``` $ tendermint init I[02-07|07:57:25.074] Found private validator module=main path=/home/vagrant/.tendermint/config/priv_validator.json I[02-07|07:57:25.076] Found genesis file module=main path=/home/vagrant/.tendermint/config/genesis.json ``` --- cmd/tendermint/commands/root.go | 3 ++- config/config.go | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/cmd/tendermint/commands/root.go b/cmd/tendermint/commands/root.go index e6a175665..f229a7889 100644 --- a/cmd/tendermint/commands/root.go +++ b/cmd/tendermint/commands/root.go @@ -14,7 +14,7 @@ import ( var ( config = cfg.DefaultConfig() - logger = log.NewTMLogger(log.NewSyncWriter(os.Stdout)).With("module", "main") + logger = log.NewTMLogger(log.NewSyncWriter(os.Stdout)) ) func init() { @@ -57,6 +57,7 @@ var RootCmd = &cobra.Command{ if viper.GetBool(cli.TraceFlag) { logger = log.NewTracingLogger(logger) } + logger = logger.With("module", "main") return nil }, } diff --git a/config/config.go b/config/config.go index 6395c60fd..5a15cff47 100644 --- a/config/config.go +++ b/config/config.go @@ -189,9 +189,10 @@ func DefaultLogLevel() string { return "error" } -// DefaultPackageLogLevels returns a default log level setting so all packages log at "error", while the `state` package logs at "info" +// DefaultPackageLogLevels returns a default log level setting so all packages +// log at "error", while the `state` and `main` packages log at "info" func DefaultPackageLogLevels() string { - return fmt.Sprintf("state:info,*:%s", DefaultLogLevel()) + return fmt.Sprintf("main:info,state:info,*:%s", DefaultLogLevel()) } //----------------------------------------------------------------------------- From 7640e6a29fd43f4eef1f735487d4b59d62b2e7d3 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 26 Jan 2018 13:41:29 -0500 Subject: [PATCH 150/188] add some p2p TODOs --- p2p/conn/connection.go | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 451f35bbe..c23ed7f82 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -406,6 +406,7 @@ func (c *MConnection) sendMsgPacket() bool { // recvRoutine reads msgPackets and reconstructs the message using the channels' "recving" buffer. // After a whole message has been assembled, it's pushed to onReceive(). // Blocks depending on how the connection is throttled. +// Otherwise, it never blocks. func (c *MConnection) recvRoutine() { defer c._recover() @@ -449,8 +450,8 @@ FOR_LOOP: c.Logger.Debug("Receive Ping") select { case c.pong <- struct{}{}: - case <-c.quit: - break FOR_LOOP + default: + // never block } case packetTypePong: // do nothing @@ -494,8 +495,9 @@ FOR_LOOP: break FOR_LOOP } - // TODO: shouldn't this go in the sendRoutine? - // Better to send a ping packet when *we* haven't sent anything for a while. + // TODO: don't bother with this "only ping when we havent heard from them". + // lets just always ping every peer from the sendRoutine every 10s no matter what. + // if they dont pong within pongTimeout, disconnect :) c.pingTimer.Reset() } @@ -691,7 +693,13 @@ func (ch *Channel) recvMsgPacket(packet msgPacket) ([]byte, error) { } ch.recving = append(ch.recving, packet.Bytes...) if packet.EOF == byte(0x01) { + // TODO: document that these returned msgBytes will change under you after Receive finishes. + // TODO: document it in the Reactor interface especially - implementations of a Reactor + // can not keep these bytes around after the Receive completes without copying! + // In general that's fine, because the first thing we do is unmarshal into a msg type and then + // we never use the bytes again msgBytes := ch.recving + // clear the slice without re-allocating. // http://stackoverflow.com/questions/16971741/how-do-you-clear-a-slice-in-go // suggests this could be a memory leak, but we might as well keep the memory for the channel until it closes, From 2b2c233977591dadc3646844afe61f1c7f579d49 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 8 Feb 2018 13:07:40 +0400 Subject: [PATCH 151/188] write docs for Reactor interface --- p2p/base_reactor.go | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/p2p/base_reactor.go b/p2p/base_reactor.go index 20525e675..8217d46bc 100644 --- a/p2p/base_reactor.go +++ b/p2p/base_reactor.go @@ -8,11 +8,23 @@ import ( type Reactor interface { cmn.Service // Start, Stop + // SetSwitch allows setting a switch. SetSwitch(*Switch) + + // GetChannels returns the list of channel descriptors. GetChannels() []*conn.ChannelDescriptor + + // AddPeer is called by the switch when a new peer is added. AddPeer(peer Peer) + + // RemovePeer is called by the switch when the peer is stopped (due to error + // or other reason). RemovePeer(peer Peer, reason interface{}) - Receive(chID byte, peer Peer, msgBytes []byte) // CONTRACT: msgBytes are not nil + + // Receive is called when msgBytes is received from peer. + // + // CONTRACT: msgBytes are not nil + Receive(chID byte, peer Peer, msgBytes []byte) } //-------------------------------------- From d6d1f8512d1ecb96034e081bd0cbe9d802b6faa2 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 8 Feb 2018 13:08:11 +0400 Subject: [PATCH 152/188] do not reset pingTimer don't bother with this "only ping when we havent heard from them". lets just always ping every peer from the sendRoutine every 10s no matter what. if they dont pong within pongTimeout, disconnect :) --- p2p/conn/connection.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index c23ed7f82..6b4912502 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -494,11 +494,6 @@ FOR_LOOP: c.stopForError(err) break FOR_LOOP } - - // TODO: don't bother with this "only ping when we havent heard from them". - // lets just always ping every peer from the sendRoutine every 10s no matter what. - // if they dont pong within pongTimeout, disconnect :) - c.pingTimer.Reset() } // Cleanup From 3f9aa8d8fa328fee897d0295fb8024f1cf67c9f4 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 8 Feb 2018 13:09:46 +0400 Subject: [PATCH 153/188] document that msgBytes in p2p/connection change --- p2p/base_reactor.go | 5 ++++- p2p/conn/connection.go | 8 ++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/p2p/base_reactor.go b/p2p/base_reactor.go index 8217d46bc..f0dd14147 100644 --- a/p2p/base_reactor.go +++ b/p2p/base_reactor.go @@ -23,7 +23,10 @@ type Reactor interface { // Receive is called when msgBytes is received from peer. // - // CONTRACT: msgBytes are not nil + // NOTE reactor can not keep msgBytes around after Receive completes without + // copying. + // + // CONTRACT: msgBytes are not nil. Receive(chID byte, peer Peer, msgBytes []byte) } diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 6b4912502..7727ee321 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -679,7 +679,8 @@ func writeMsgPacketTo(packet msgPacket, w io.Writer, n *int, err *error) { wire.WriteBinary(packet, w, n, err) } -// Handles incoming msgPackets. Returns a msg bytes if msg is complete. +// Handles incoming msgPackets. It returns a message bytes if message is +// complete. NOTE message bytes may change on next call to recvMsgPacket. // Not goroutine-safe func (ch *Channel) recvMsgPacket(packet msgPacket) ([]byte, error) { ch.Logger.Debug("Read Msg Packet", "conn", ch.conn, "packet", packet) @@ -688,11 +689,6 @@ func (ch *Channel) recvMsgPacket(packet msgPacket) ([]byte, error) { } ch.recving = append(ch.recving, packet.Bytes...) if packet.EOF == byte(0x01) { - // TODO: document that these returned msgBytes will change under you after Receive finishes. - // TODO: document it in the Reactor interface especially - implementations of a Reactor - // can not keep these bytes around after the Receive completes without copying! - // In general that's fine, because the first thing we do is unmarshal into a msg type and then - // we never use the bytes again msgBytes := ch.recving // clear the slice without re-allocating. From cf1f483526a28aa1f722a8000c56971475145e86 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 8 Feb 2018 17:20:55 +0400 Subject: [PATCH 154/188] add seed_mode flag (`--p2p.seed_mode`) --- CHANGELOG.md | 3 ++- cmd/tendermint/commands/run_node.go | 1 + config/config.go | 13 ++++++++++--- config/toml.go | 9 +++++++++ docs/specification/configuration.rst | 9 +++++++++ node/node.go | 2 +- 6 files changed, 32 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a378f4a00..24f8ae24a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -40,8 +40,9 @@ FEATURES: - [p2p] added new `/dial_peers&persistent=_` **unsafe** endpoint - [p2p] persistent node key in `$THMHOME/config/node_key.json` - [p2p] introduce peer ID and authenticate peers by ID using addresses like `ID@IP:PORT` -- [p2p] new seed mode in pex reactor crawls the network and serves as a seed. TODO: `--p2p.seed_mode` +- [p2p] new seed mode in pex reactor crawls the network and serves as a seed. - [config] MempoolConfig.CacheSize +- [config] P2P.SeedMode (`--p2p.seed_mode`) IMPROVEMENT: - [p2p] stricter rules in the PEX reactor for better handling of abuse diff --git a/cmd/tendermint/commands/run_node.go b/cmd/tendermint/commands/run_node.go index 0eb7a4259..76d61671d 100644 --- a/cmd/tendermint/commands/run_node.go +++ b/cmd/tendermint/commands/run_node.go @@ -32,6 +32,7 @@ func AddNodeFlags(cmd *cobra.Command) { cmd.Flags().String("p2p.persistent_peers", config.P2P.PersistentPeers, "Comma delimited host:port persistent peers") cmd.Flags().Bool("p2p.skip_upnp", config.P2P.SkipUPNP, "Skip UPNP configuration") cmd.Flags().Bool("p2p.pex", config.P2P.PexReactor, "Enable/disable Peer-Exchange") + cmd.Flags().Bool("p2p.seed_mode", config.P2P.SeedMode, "Enable/disable seed mode") // consensus flags cmd.Flags().Bool("consensus.create_empty_blocks", config.Consensus.CreateEmptyBlocks, "Set this to false to only produce blocks when there are txs or when the AppHash changes") diff --git a/config/config.go b/config/config.go index 6395c60fd..abd573116 100644 --- a/config/config.go +++ b/config/config.go @@ -257,9 +257,6 @@ type P2PConfig struct { // Set true for strict address routability rules AddrBookStrict bool `mapstructure:"addr_book_strict"` - // Set true to enable the peer-exchange reactor - PexReactor bool `mapstructure:"pex"` - // Maximum number of peers to connect to MaxNumPeers int `mapstructure:"max_num_peers"` @@ -274,6 +271,15 @@ type P2PConfig struct { // Rate at which packets can be received, in bytes/second RecvRate int64 `mapstructure:"recv_rate"` + + // Set true to enable the peer-exchange reactor + PexReactor bool `mapstructure:"pex"` + + // Seed mode, in which node constantly crawls the network and looks for + // peers. If another node asks it for addresses, it responds and disconnects. + // + // Does not work if the peer-exchange reactor is disabled. + SeedMode bool `mapstructure:"seed_mode"` } // DefaultP2PConfig returns a default configuration for the peer-to-peer layer @@ -288,6 +294,7 @@ func DefaultP2PConfig() *P2PConfig { SendRate: 512000, // 500 kB/s RecvRate: 512000, // 500 kB/s PexReactor: true, + SeedMode: false, } } diff --git a/config/toml.go b/config/toml.go index bdc9f5a6c..e69cf37fe 100644 --- a/config/toml.go +++ b/config/toml.go @@ -150,6 +150,15 @@ send_rate = {{ .P2P.SendRate }} # Rate at which packets can be received, in bytes/second recv_rate = {{ .P2P.RecvRate }} +# Set true to enable the peer-exchange reactor +pex = {{ .P2P.PexReactor }} + +# Seed mode, in which node constantly crawls the network and looks for +# peers. If another node asks it for addresses, it responds and disconnects. +# +# Does not work if the peer-exchange reactor is disabled. +seed_mode = {{ .P2P.SeedMode }} + ##### mempool configuration options ##### [mempool] diff --git a/docs/specification/configuration.rst b/docs/specification/configuration.rst index cf6002908..d7c186007 100644 --- a/docs/specification/configuration.rst +++ b/docs/specification/configuration.rst @@ -112,6 +112,15 @@ like the file below, however, double check by inspecting the # Rate at which packets can be received, in bytes/second recv_rate = 512000 + # Set true to enable the peer-exchange reactor + pex = true + + # Seed mode, in which node constantly crawls the network and looks for + # peers. If another node asks it for addresses, it responds and disconnects. + # + # Does not work if the peer-exchange reactor is disabled. + seed_mode = false + ##### mempool configuration options ##### [mempool] diff --git a/node/node.go b/node/node.go index acf51a908..cd2b4bcb5 100644 --- a/node/node.go +++ b/node/node.go @@ -259,7 +259,7 @@ func NewNode(config *cfg.Config, seeds = strings.Split(config.P2P.Seeds, ",") } pexReactor := pex.NewPEXReactor(addrBook, - &pex.PEXReactorConfig{Seeds: seeds}) + &pex.PEXReactorConfig{Seeds: seeds, SeedMode: config.P2P.SeedMode}) pexReactor.SetLogger(p2pLogger) sw.AddReactor("PEX", pexReactor) } From d1fa44e8166351e981363b163beb6a21dd2db842 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 7 Feb 2018 13:22:41 +0400 Subject: [PATCH 155/188] improve "curRate too low" message Refs #1177 Note on labels: KB - 1024 kB - 1000 https://ux.stackexchange.com/questions/13815/files-size-units-kib-vs-kb-vs-kb --- blockchain/pool.go | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/blockchain/pool.go b/blockchain/pool.go index bb589684b..63f4a2d32 100644 --- a/blockchain/pool.go +++ b/blockchain/pool.go @@ -1,6 +1,7 @@ package blockchain import ( + "fmt" "math" "sync" "time" @@ -30,7 +31,11 @@ const ( maxTotalRequesters = 1000 maxPendingRequests = maxTotalRequesters maxPendingRequestsPerPeer = 50 - minRecvRate = 10240 // 10Kb/s + + // Minimum recv rate to ensure we're receiving blocks from a peer fast + // enough. If a peer is not sending us data at at least that rate, we + // consider them to have timedout and we disconnect. + minRecvRate = 10240 // 10 KB/s ) var peerTimeoutSeconds = time.Duration(15) // not const so we can override with tests @@ -88,7 +93,6 @@ func (pool *BlockPool) OnStop() {} // Run spawns requesters as needed. func (pool *BlockPool) makeRequestersRoutine() { - for { if !pool.IsRunning() { break @@ -122,7 +126,10 @@ func (pool *BlockPool) removeTimedoutPeers() { // XXX remove curRate != 0 if curRate != 0 && curRate < minRecvRate { pool.sendTimeout(peer.id) - pool.Logger.Error("SendTimeout", "peer", peer.id, "reason", "curRate too low") + pool.Logger.Error("SendTimeout", "peer", peer.id, + "reason", "peer is not sending us data fast enough", + "curRate", fmt.Sprintf("%d KB/s", curRate/1024), + "minRate", fmt.Sprintf("%d KB/s", minRecvRate/1024)) peer.didTimeout = true } } From b0a55882b2c2c8c6ab62f3c672827ed431f16597 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 7 Feb 2018 21:15:39 +0400 Subject: [PATCH 156/188] lower the minRecvRate See https://github.com/tendermint/tendermint/issues/1177#issuecomment-363720118 --- blockchain/pool.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/blockchain/pool.go b/blockchain/pool.go index 63f4a2d32..95956757c 100644 --- a/blockchain/pool.go +++ b/blockchain/pool.go @@ -35,7 +35,10 @@ const ( // Minimum recv rate to ensure we're receiving blocks from a peer fast // enough. If a peer is not sending us data at at least that rate, we // consider them to have timedout and we disconnect. - minRecvRate = 10240 // 10 KB/s + // + // Assuming a DSL connection (not a good choice) 128 Kbps (upload) ~ 15 KB/s, + // sending data across atlantic ~ 7.5 KB/s. + minRecvRate = 7680 ) var peerTimeoutSeconds = time.Duration(15) // not const so we can override with tests From c8990d06d940e774912ea0038600fff145ae8809 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 7 Feb 2018 21:22:24 +0400 Subject: [PATCH 157/188] remove curRate != 0 --- blockchain/pool.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/blockchain/pool.go b/blockchain/pool.go index 95956757c..110c5735c 100644 --- a/blockchain/pool.go +++ b/blockchain/pool.go @@ -127,7 +127,7 @@ func (pool *BlockPool) removeTimedoutPeers() { if !peer.didTimeout && peer.numPending > 0 { curRate := peer.recvMonitor.Status().CurRate // XXX remove curRate != 0 - if curRate != 0 && curRate < minRecvRate { + if curRate < minRecvRate { pool.sendTimeout(peer.id) pool.Logger.Error("SendTimeout", "peer", peer.id, "reason", "peer is not sending us data fast enough", From 0c1b91b7622356d2d276955554c6e25fa9a8477c Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Fri, 9 Feb 2018 13:02:44 +0400 Subject: [PATCH 158/188] revert back curRate != 0 --- blockchain/pool.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/blockchain/pool.go b/blockchain/pool.go index 110c5735c..6b40a8e73 100644 --- a/blockchain/pool.go +++ b/blockchain/pool.go @@ -126,8 +126,8 @@ func (pool *BlockPool) removeTimedoutPeers() { for _, peer := range pool.peers { if !peer.didTimeout && peer.numPending > 0 { curRate := peer.recvMonitor.Status().CurRate - // XXX remove curRate != 0 - if curRate < minRecvRate { + // curRate can be 0 on start + if curRate != 0 && curRate < minRecvRate { pool.sendTimeout(peer.id) pool.Logger.Error("SendTimeout", "peer", peer.id, "reason", "peer is not sending us data fast enough", From d84e4effce1e43781605f0dca21ac76543c357cf Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Fri, 9 Feb 2018 13:47:51 +0400 Subject: [PATCH 159/188] update tmlibs --- glide.lock | 6 +++--- glide.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/glide.lock b/glide.lock index cfb28d137..f71c002fa 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 8aeec731d864d5d3008b4403c3229800148c9b472969ef6e5181a8c93ac1f4c8 -updated: 2018-02-05T18:46:05.226387951Z +hash: 0b9520b856bdc25eab90c39bbd32c4bf2139dff8a63774c81ae5ab812a60f914 +updated: 2018-02-09T09:39:56.355310643Z imports: - name: github.com/btcsuite/btcd version: 50de9da05b50eb15658bb350f6ea24368a111ab7 @@ -117,7 +117,7 @@ imports: subpackages: - data - name: github.com/tendermint/tmlibs - version: 51684dabf79c2079f32cc25d6bccb748ee098386 + version: 52ce4c20f8bc9b6da5fc1274bcce27c0b9dd738a subpackages: - autofile - cli diff --git a/glide.yaml b/glide.yaml index fe8747817..832123b98 100644 --- a/glide.yaml +++ b/glide.yaml @@ -30,7 +30,7 @@ import: subpackages: - data - package: github.com/tendermint/tmlibs - version: 51684dabf79c2079f32cc25d6bccb748ee098386 + version: develop subpackages: - autofile - cli From 2f8372d62966895caeff20faf060bbb809166ad7 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Fri, 9 Feb 2018 13:58:36 +0400 Subject: [PATCH 160/188] update protobuf --- glide.lock | 6 +++--- glide.yaml | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/glide.lock b/glide.lock index f71c002fa..5d994b0e9 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 0b9520b856bdc25eab90c39bbd32c4bf2139dff8a63774c81ae5ab812a60f914 -updated: 2018-02-09T09:39:56.355310643Z +hash: 41f411204b59e893053e59cda43466b3a6634c5fc88698d1f3131ecd5f239de7 +updated: 2018-02-09T09:56:16.586709479Z imports: - name: github.com/btcsuite/btcd version: 50de9da05b50eb15658bb350f6ea24368a111ab7 @@ -29,7 +29,7 @@ imports: - sortkeys - types - name: github.com/golang/protobuf - version: bbd03ef6da3a115852eaf24c8a1c46aeb39aa175 + version: 925541529c1fa6821df4e44ce2723319eb2be768 subpackages: - proto - ptypes diff --git a/glide.yaml b/glide.yaml index 832123b98..0fe66f3b4 100644 --- a/glide.yaml +++ b/glide.yaml @@ -6,6 +6,7 @@ import: subpackages: - proto - package: github.com/golang/protobuf + version: ^1.0.0 subpackages: - proto - package: github.com/gorilla/websocket From 1d16df6a92222f6438065d912c03cf624dd6cb21 Mon Sep 17 00:00:00 2001 From: zbo14 Date: Wed, 1 Nov 2017 23:13:18 -0400 Subject: [PATCH 161/188] add test, TrySend in broadcast --- p2p/conn/connection.go | 14 +++++++-- p2p/conn/connection_test.go | 31 +++++++++++++++++++ p2p/switch.go | 59 ++++++++++++++++++++++++++----------- p2p/switch_test.go | 33 +++++++++++++++++---- 4 files changed, 112 insertions(+), 25 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 7727ee321..d44ad0750 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -2,6 +2,7 @@ package conn import ( "bufio" + "errors" "fmt" "io" "math" @@ -22,6 +23,7 @@ const ( minWriteBufferSize = 65536 updateStats = 2 * time.Second pingTimeout = 40 * time.Second + pongTimeout = 60 * time.Second // some of these defaults are written in the user config // flushThrottle, sendRate, recvRate @@ -84,6 +86,7 @@ type MConnection struct { quit chan struct{} flushTimer *cmn.ThrottleTimer // flush writes as necessary but throttled. pingTimer *cmn.RepeatTimer // send pings periodically + pongTimer *cmn.ThrottleTimer // close conn if pong not recv in 1 min chStatsTimer *cmn.RepeatTimer // update channel stats periodically created time.Time // time of creation @@ -170,6 +173,7 @@ func (c *MConnection) OnStart() error { c.quit = make(chan struct{}) c.flushTimer = cmn.NewThrottleTimer("flush", c.config.FlushThrottle) c.pingTimer = cmn.NewRepeatTimer("ping", pingTimeout) + c.pongTimer = cmn.NewThrottleTimer("pong", pongTimeout) c.chStatsTimer = cmn.NewRepeatTimer("chStats", updateStats) go c.sendRoutine() go c.recvRoutine() @@ -181,6 +185,7 @@ func (c *MConnection) OnStop() { c.BaseService.OnStop() c.flushTimer.Stop() c.pingTimer.Stop() + c.pongTimer.Stop() c.chStatsTimer.Stop() if c.quit != nil { close(c.quit) @@ -315,7 +320,12 @@ FOR_LOOP: c.Logger.Debug("Send Ping") wire.WriteByte(packetTypePing, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) - c.flush() + go c.flush() + c.Logger.Debug("Starting pong timer") + c.pongTimer.Set() + case <-c.pongTimer.Ch: + c.Logger.Debug("Pong timeout") + err = errors.New("pong timeout") case <-c.pong: c.Logger.Debug("Send Pong") wire.WriteByte(packetTypePong, c.bufWriter, &n, &err) @@ -454,8 +464,8 @@ FOR_LOOP: // never block } case packetTypePong: - // do nothing c.Logger.Debug("Receive Pong") + c.pongTimer.Unset() case packetTypeMsg: pkt, n, err := msgPacket{}, int(0), error(nil) wire.ReadBinaryPtr(&pkt, c.bufReader, c.config.maxMsgPacketTotalSize(), &n, &err) diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 9c8eccbe4..3bac0bd61 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -116,6 +116,37 @@ func TestMConnectionStatus(t *testing.T) { assert.Zero(status.Channels[0].SendQueueSize) } +func TestPingPongTimeout(t *testing.T) { + assert, require := assert.New(t), require.New(t) + + server, client := net.Pipe() + defer server.Close() + defer client.Close() + + receivedCh := make(chan []byte) + errorsCh := make(chan interface{}) + onReceive := func(chID byte, msgBytes []byte) { + receivedCh <- msgBytes + } + onError := func(r interface{}) { + errorsCh <- r + } + mconn := createMConnectionWithCallbacks(client, onReceive, onError) + _, err := mconn.Start() + require.Nil(err) + defer mconn.Stop() + + select { + case receivedBytes := <-receivedCh: + t.Fatalf("Expected error, got %v", receivedBytes) + case err := <-errorsCh: + assert.NotNil(err) + assert.False(mconn.IsRunning()) + case <-time.After(500*time.Millisecond + 100*time.Second): + t.Fatal("Did not receive error in ~(pingTimeout + pongTimeout) seconds") + } +} + func TestMConnectionStopsAndReturnsError(t *testing.T) { assert, require := assert.New(t), require.New(t) diff --git a/p2p/switch.go b/p2p/switch.go index 9502359dd..4a2c3480f 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -200,9 +200,44 @@ func (sw *Switch) OnStop() { //--------------------------------------------------------------------- // Peers -// Peers returns the set of peers that are connected to the switch. -func (sw *Switch) Peers() IPeerSet { - return sw.peers +// Broadcast runs a go routine for each attempted send, which will block +// trying to send for defaultSendTimeoutSeconds. Returns a channel +// which receives broadcast result for each attempted send (success=false if times out). +// NOTE: Broadcast uses goroutines, so order of broadcast may not be preserved. +// TODO: Something more intelligent. + +type BroadcastResult struct { + PeerKey string + Success bool +} + +func (sw *Switch) Broadcast(chID byte, msg interface{}) chan BroadcastResult { + successChan := make(chan BroadcastResult, len(sw.peers.List())) + sw.Logger.Debug("Broadcast", "channel", chID, "msg", msg) + for _, peer := range sw.peers.List() { + go func(peer Peer) { + success := peer.Send(chID, msg) + successChan <- BroadcastResult{peer.Key(), success} + }(peer) + } + return successChan +} + +func (sw *Switch) TryBroadcast(chID byte, msg interface{}) chan BroadcastResult { + successChan := make(chan BroadcastResult, len(sw.peers.List())) + sw.Logger.Debug("TryBroadcast", "channel", chID, "msg", msg) + for _, peer := range sw.peers.List() { + success := peer.TrySend(chID, msg) + if success { + successChan <- BroadcastResult{peer.Key(), success} + } else { + go func(peer Peer) { + success := peer.Send(chID, msg) + successChan <- BroadcastResult{peer.Key(), success} + }(peer) + } + } + return successChan } // NumPeers returns the count of outbound/inbound and outbound-dialing peers. @@ -219,21 +254,9 @@ func (sw *Switch) NumPeers() (outbound, inbound, dialing int) { return } -// Broadcast runs a go routine for each attempted send, which will block -// trying to send for defaultSendTimeoutSeconds. Returns a channel -// which receives success values for each attempted send (false if times out). -// NOTE: Broadcast uses goroutines, so order of broadcast may not be preserved. -// TODO: Something more intelligent. -func (sw *Switch) Broadcast(chID byte, msg interface{}) chan bool { - successChan := make(chan bool, len(sw.peers.List())) - sw.Logger.Debug("Broadcast", "channel", chID, "msg", msg) - for _, peer := range sw.peers.List() { - go func(peer Peer) { - success := peer.Send(chID, msg) - successChan <- success - }(peer) - } - return successChan +// Peers returns the set of peers that are connected to the switch. +func (sw *Switch) Peers() IPeerSet { + return sw.peers } // StopPeerForError disconnects from a peer due to external error. diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 75f9640b1..3c91e0468 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -128,10 +128,12 @@ func TestSwitches(t *testing.T) { ch0Msg := "channel zero" ch1Msg := "channel foo" ch2Msg := "channel bar" + ch3Msg := "channel baz" s1.Broadcast(byte(0x00), ch0Msg) s1.Broadcast(byte(0x01), ch1Msg) s1.Broadcast(byte(0x02), ch2Msg) + s1.TryBroadcast(byte(0x03), ch3Msg) assertMsgReceivedWithTimeout(t, ch0Msg, byte(0x00), s2.Reactor("foo").(*TestReactor), 10*time.Millisecond, 5*time.Second) assertMsgReceivedWithTimeout(t, ch1Msg, byte(0x01), s2.Reactor("foo").(*TestReactor), 10*time.Millisecond, 5*time.Second) @@ -324,12 +326,15 @@ func BenchmarkSwitches(b *testing.B) { numSuccess, numFailure := 0, 0 - // Send random message from foo channel to another + // Send random message from foo channel to another with Broadcast for i := 0; i < b.N; i++ { chID := byte(i % 4) - successChan := s1.Broadcast(chID, "test data") - for s := range successChan { - if s { + resultChan := s1.Broadcast(chID, "test data") + for res := range resultChan { + if !s1.peers.Has(res.PeerKey) { + b.Errorf("unexpected peerKey: %s", res.PeerKey) + } + if res.Success { numSuccess++ } else { numFailure++ @@ -337,7 +342,25 @@ func BenchmarkSwitches(b *testing.B) { } } - b.Logf("success: %v, failure: %v", numSuccess, numFailure) + b.Logf("Broadcast: success: %v, failure: %v", numSuccess, numFailure) + + // Send random message from foo channel to another with TryBroadcast + for i := 0; i < b.N; i++ { + chID := byte(i % 4) + resultChan := s1.TryBroadcast(chID, "test data") + for res := range resultChan { + if !s1.peers.Has(res.PeerKey) { + b.Errorf("unexpected peerKey: %s", res.PeerKey) + } + if res.Success { + numSuccess++ + } else { + numFailure++ + } + } + } + + b.Logf("TryBroadcast: success: %v, failure: %v", numSuccess, numFailure) // Allow everything to flush before stopping switches & closing connections. b.StopTimer() From 5af22d6ee63efc507f207a702450afdaec171945 Mon Sep 17 00:00:00 2001 From: zbo14 Date: Fri, 3 Nov 2017 14:22:50 -0400 Subject: [PATCH 162/188] remove SwitchEventNewPeer, SwitchEventDonePeer --- p2p/conn/connection.go | 1 + 1 file changed, 1 insertion(+) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index d44ad0750..0cdb56a30 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -320,6 +320,7 @@ FOR_LOOP: c.Logger.Debug("Send Ping") wire.WriteByte(packetTypePing, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) + // c.flush go c.flush() c.Logger.Debug("Starting pong timer") c.pongTimer.Set() From f97ead4f5f189870876bde7495dbdadc72227af9 Mon Sep 17 00:00:00 2001 From: zbo14 Date: Wed, 8 Nov 2017 18:22:51 -0500 Subject: [PATCH 163/188] prep for merge --- p2p/conn/connection.go | 1 + p2p/switch_test.go | 33 +++++---------------------------- 2 files changed, 6 insertions(+), 28 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 0cdb56a30..c0f7efcd0 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -466,6 +466,7 @@ FOR_LOOP: } case packetTypePong: c.Logger.Debug("Receive Pong") + // Should we unset pongTimer if we get other packet? c.pongTimer.Unset() case packetTypeMsg: pkt, n, err := msgPacket{}, int(0), error(nil) diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 3c91e0468..75f9640b1 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -128,12 +128,10 @@ func TestSwitches(t *testing.T) { ch0Msg := "channel zero" ch1Msg := "channel foo" ch2Msg := "channel bar" - ch3Msg := "channel baz" s1.Broadcast(byte(0x00), ch0Msg) s1.Broadcast(byte(0x01), ch1Msg) s1.Broadcast(byte(0x02), ch2Msg) - s1.TryBroadcast(byte(0x03), ch3Msg) assertMsgReceivedWithTimeout(t, ch0Msg, byte(0x00), s2.Reactor("foo").(*TestReactor), 10*time.Millisecond, 5*time.Second) assertMsgReceivedWithTimeout(t, ch1Msg, byte(0x01), s2.Reactor("foo").(*TestReactor), 10*time.Millisecond, 5*time.Second) @@ -326,15 +324,12 @@ func BenchmarkSwitches(b *testing.B) { numSuccess, numFailure := 0, 0 - // Send random message from foo channel to another with Broadcast + // Send random message from foo channel to another for i := 0; i < b.N; i++ { chID := byte(i % 4) - resultChan := s1.Broadcast(chID, "test data") - for res := range resultChan { - if !s1.peers.Has(res.PeerKey) { - b.Errorf("unexpected peerKey: %s", res.PeerKey) - } - if res.Success { + successChan := s1.Broadcast(chID, "test data") + for s := range successChan { + if s { numSuccess++ } else { numFailure++ @@ -342,25 +337,7 @@ func BenchmarkSwitches(b *testing.B) { } } - b.Logf("Broadcast: success: %v, failure: %v", numSuccess, numFailure) - - // Send random message from foo channel to another with TryBroadcast - for i := 0; i < b.N; i++ { - chID := byte(i % 4) - resultChan := s1.TryBroadcast(chID, "test data") - for res := range resultChan { - if !s1.peers.Has(res.PeerKey) { - b.Errorf("unexpected peerKey: %s", res.PeerKey) - } - if res.Success { - numSuccess++ - } else { - numFailure++ - } - } - } - - b.Logf("TryBroadcast: success: %v, failure: %v", numSuccess, numFailure) + b.Logf("success: %v, failure: %v", numSuccess, numFailure) // Allow everything to flush before stopping switches & closing connections. b.StopTimer() From 9b554fb2c43e5e1683658684acb1fafc9bcae0ec Mon Sep 17 00:00:00 2001 From: zbo14 Date: Thu, 9 Nov 2017 01:12:19 -0500 Subject: [PATCH 164/188] switch test modification --- p2p/conn/connection.go | 2 +- p2p/switch_test.go | 10 ++++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index c0f7efcd0..04ca4228d 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -320,7 +320,7 @@ FOR_LOOP: c.Logger.Debug("Send Ping") wire.WriteByte(packetTypePing, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) - // c.flush + // should be c.flush go c.flush() c.Logger.Debug("Starting pong timer") c.pongTimer.Set() diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 75f9640b1..9c8b763ec 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -128,14 +128,17 @@ func TestSwitches(t *testing.T) { ch0Msg := "channel zero" ch1Msg := "channel foo" ch2Msg := "channel bar" + ch3Msg := "channel baz" s1.Broadcast(byte(0x00), ch0Msg) s1.Broadcast(byte(0x01), ch1Msg) s1.Broadcast(byte(0x02), ch2Msg) + s1.TryBroadcast(byte(0x03), ch3Msg) assertMsgReceivedWithTimeout(t, ch0Msg, byte(0x00), s2.Reactor("foo").(*TestReactor), 10*time.Millisecond, 5*time.Second) assertMsgReceivedWithTimeout(t, ch1Msg, byte(0x01), s2.Reactor("foo").(*TestReactor), 10*time.Millisecond, 5*time.Second) assertMsgReceivedWithTimeout(t, ch2Msg, byte(0x02), s2.Reactor("bar").(*TestReactor), 10*time.Millisecond, 5*time.Second) + assertMsgReceivedWithTimeout(t, ch3Msg, byte(0x03), s2.Reactor("bar").(*TestReactor), 10*time.Millisecond, 5*time.Second) } func assertMsgReceivedWithTimeout(t *testing.T, msg string, channel byte, reactor *TestReactor, checkPeriod, timeout time.Duration) { @@ -328,8 +331,11 @@ func BenchmarkSwitches(b *testing.B) { for i := 0; i < b.N; i++ { chID := byte(i % 4) successChan := s1.Broadcast(chID, "test data") - for s := range successChan { - if s { + for res := range successChan { + if !s1.peers.Has(res.PeerKey) { + b.Error("Unexpected peerKey: " + res.PeerKey) + } + if res.Success { numSuccess++ } else { numFailure++ From 91e4f4b7868f5ff7e7ba8449aa9aab8384fff12f Mon Sep 17 00:00:00 2001 From: zbo14 Date: Thu, 9 Nov 2017 14:27:17 -0500 Subject: [PATCH 165/188] ping/pong timeout in config --- p2p/conn/connection.go | 13 +++++++++---- p2p/conn/connection_test.go | 7 +++++-- 2 files changed, 14 insertions(+), 6 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 04ca4228d..b49a45db0 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -22,8 +22,6 @@ const ( minReadBufferSize = 1024 minWriteBufferSize = 65536 updateStats = 2 * time.Second - pingTimeout = 40 * time.Second - pongTimeout = 60 * time.Second // some of these defaults are written in the user config // flushThrottle, sendRate, recvRate @@ -36,6 +34,8 @@ const ( defaultSendRate = int64(512000) // 500KB/s defaultRecvRate = int64(512000) // 500KB/s defaultSendTimeout = 10 * time.Second + defaultPingTimeout = 40 * time.Second + defaultPongTimeout = 60 * time.Second ) type receiveCbFunc func(chID byte, msgBytes []byte) @@ -100,6 +100,9 @@ type MConnConfig struct { MaxMsgPacketPayloadSize int FlushThrottle time.Duration + + pingTimeout time.Duration + pongTimeout time.Duration } func (cfg *MConnConfig) maxMsgPacketTotalSize() int { @@ -113,6 +116,8 @@ func DefaultMConnConfig() *MConnConfig { RecvRate: defaultRecvRate, MaxMsgPacketPayloadSize: defaultMaxMsgPacketPayloadSize, FlushThrottle: defaultFlushThrottle, + pingTimeout: defaultPingTimeout, + pongTimeout: defaultPongTimeout, } } @@ -172,8 +177,8 @@ func (c *MConnection) OnStart() error { } c.quit = make(chan struct{}) c.flushTimer = cmn.NewThrottleTimer("flush", c.config.FlushThrottle) - c.pingTimer = cmn.NewRepeatTimer("ping", pingTimeout) - c.pongTimer = cmn.NewThrottleTimer("pong", pongTimeout) + c.pingTimer = cmn.NewRepeatTimer("ping", c.config.pingTimeout) + c.pongTimer = cmn.NewThrottleTimer("pong", c.config.pongTimeout) c.chStatsTimer = cmn.NewRepeatTimer("chStats", updateStats) go c.sendRoutine() go c.recvRoutine() diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 3bac0bd61..5686af6a6 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -23,7 +23,10 @@ func createTestMConnection(conn net.Conn) *MConnection { func createMConnectionWithCallbacks(conn net.Conn, onReceive func(chID byte, msgBytes []byte), onError func(r interface{})) *MConnection { chDescs := []*ChannelDescriptor{&ChannelDescriptor{ID: 0x01, Priority: 1, SendQueueCapacity: 1}} - c := NewMConnection(conn, chDescs, onReceive, onError) + cfg := DefaultMConnConfig() + cfg.pingTimeout = 40 * time.Millisecond + cfg.pongTimeout = 60 * time.Millisecond + c := NewMConnectionWithConfig(conn, chDescs, onReceive, onError, cfg) c.SetLogger(log.TestingLogger()) return c } @@ -142,7 +145,7 @@ func TestPingPongTimeout(t *testing.T) { case err := <-errorsCh: assert.NotNil(err) assert.False(mconn.IsRunning()) - case <-time.After(500*time.Millisecond + 100*time.Second): + case <-time.After(10*time.Millisecond + mconn.config.pingTimeout + mconn.config.pongTimeout): t.Fatal("Did not receive error in ~(pingTimeout + pongTimeout) seconds") } } From b28b76ddf74280c3ebacfcf003d931977478b184 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 10 Jan 2018 20:06:17 -0600 Subject: [PATCH 166/188] rename pingTimeout to pingInterval, pongTimer is now time.Timer --- p2p/conn/connection.go | 38 ++++++++++++++++++++++--------------- p2p/conn/connection_test.go | 24 +++++++++++------------ 2 files changed, 34 insertions(+), 28 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index b49a45db0..23c8edc9d 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -34,8 +34,8 @@ const ( defaultSendRate = int64(512000) // 500KB/s defaultRecvRate = int64(512000) // 500KB/s defaultSendTimeout = 10 * time.Second - defaultPingTimeout = 40 * time.Second - defaultPongTimeout = 60 * time.Second + defaultPingInterval = 40 * time.Second + defaultPongTimeout = 35 * time.Second ) type receiveCbFunc func(chID byte, msgBytes []byte) @@ -86,7 +86,7 @@ type MConnection struct { quit chan struct{} flushTimer *cmn.ThrottleTimer // flush writes as necessary but throttled. pingTimer *cmn.RepeatTimer // send pings periodically - pongTimer *cmn.ThrottleTimer // close conn if pong not recv in 1 min + pongTimer *time.Timer // close conn if pong is not received in pongTimeout chStatsTimer *cmn.RepeatTimer // update channel stats periodically created time.Time // time of creation @@ -101,8 +101,8 @@ type MConnConfig struct { FlushThrottle time.Duration - pingTimeout time.Duration - pongTimeout time.Duration + pingInterval time.Duration + pongTimeout time.Duration } func (cfg *MConnConfig) maxMsgPacketTotalSize() int { @@ -116,7 +116,7 @@ func DefaultMConnConfig() *MConnConfig { RecvRate: defaultRecvRate, MaxMsgPacketPayloadSize: defaultMaxMsgPacketPayloadSize, FlushThrottle: defaultFlushThrottle, - pingTimeout: defaultPingTimeout, + pingInterval: defaultPingInterval, pongTimeout: defaultPongTimeout, } } @@ -133,6 +133,10 @@ func NewMConnection(conn net.Conn, chDescs []*ChannelDescriptor, onReceive recei // NewMConnectionWithConfig wraps net.Conn and creates multiplex connection with a config func NewMConnectionWithConfig(conn net.Conn, chDescs []*ChannelDescriptor, onReceive receiveCbFunc, onError errorCbFunc, config *MConnConfig) *MConnection { + if config.pongTimeout >= config.pingInterval { + panic("pongTimeout must be less than pingInterval") + } + mconn := &MConnection{ conn: conn, bufReader: bufio.NewReaderSize(conn, minReadBufferSize), @@ -176,9 +180,12 @@ func (c *MConnection) OnStart() error { return err } c.quit = make(chan struct{}) - c.flushTimer = cmn.NewThrottleTimer("flush", c.config.FlushThrottle) - c.pingTimer = cmn.NewRepeatTimer("ping", c.config.pingTimeout) - c.pongTimer = cmn.NewThrottleTimer("pong", c.config.pongTimeout) + c.flushTimer = cmn.NewThrottleTimer("flush", c.config.flushThrottle) + c.pingTimer = cmn.NewRepeatTimer("ping", c.config.pingInterval) + c.pongTimer = time.NewTimer(c.config.pongTimeout) + // we start timer once we've send ping; needed here because we use start + // listening in recvRoutine + _ = c.pongTimer.Stop() c.chStatsTimer = cmn.NewRepeatTimer("chStats", updateStats) go c.sendRoutine() go c.recvRoutine() @@ -190,7 +197,7 @@ func (c *MConnection) OnStop() { c.BaseService.OnStop() c.flushTimer.Stop() c.pingTimer.Stop() - c.pongTimer.Stop() + _ = c.pongTimer.Stop() c.chStatsTimer.Stop() if c.quit != nil { close(c.quit) @@ -325,12 +332,12 @@ FOR_LOOP: c.Logger.Debug("Send Ping") wire.WriteByte(packetTypePing, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) - // should be c.flush go c.flush() c.Logger.Debug("Starting pong timer") - c.pongTimer.Set() - case <-c.pongTimer.Ch: + c.pongTimer.Reset(c.config.pongTimeout) + case <-c.pongTimer.C: c.Logger.Debug("Pong timeout") + // XXX: should we decrease peer score instead of closing connection? err = errors.New("pong timeout") case <-c.pong: c.Logger.Debug("Send Pong") @@ -471,8 +478,9 @@ FOR_LOOP: } case packetTypePong: c.Logger.Debug("Receive Pong") - // Should we unset pongTimer if we get other packet? - c.pongTimer.Unset() + if !c.pongTimer.Stop() { + <-c.pongTimer.C + } case packetTypeMsg: pkt, n, err := msgPacket{}, int(0), error(nil) wire.ReadBinaryPtr(&pkt, c.bufReader, c.config.maxMsgPacketTotalSize(), &n, &err) diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 5686af6a6..5570331e7 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -24,8 +24,8 @@ func createTestMConnection(conn net.Conn) *MConnection { func createMConnectionWithCallbacks(conn net.Conn, onReceive func(chID byte, msgBytes []byte), onError func(r interface{})) *MConnection { chDescs := []*ChannelDescriptor{&ChannelDescriptor{ID: 0x01, Priority: 1, SendQueueCapacity: 1}} cfg := DefaultMConnConfig() - cfg.pingTimeout = 40 * time.Millisecond - cfg.pongTimeout = 60 * time.Millisecond + cfg.pingInterval = 40 * time.Millisecond + cfg.pongTimeout = 35 * time.Millisecond c := NewMConnectionWithConfig(conn, chDescs, onReceive, onError, cfg) c.SetLogger(log.TestingLogger()) return c @@ -119,9 +119,7 @@ func TestMConnectionStatus(t *testing.T) { assert.Zero(status.Channels[0].SendQueueSize) } -func TestPingPongTimeout(t *testing.T) { - assert, require := assert.New(t), require.New(t) - +func TestPongTimeoutResultsInError(t *testing.T) { server, client := net.Pipe() defer server.Close() defer client.Close() @@ -135,18 +133,18 @@ func TestPingPongTimeout(t *testing.T) { errorsCh <- r } mconn := createMConnectionWithCallbacks(client, onReceive, onError) - _, err := mconn.Start() - require.Nil(err) + err := mconn.Start() + require.Nil(t, err) defer mconn.Stop() + expectErrorAfter := 10*time.Millisecond + mconn.config.pingInterval + mconn.config.pongTimeout select { - case receivedBytes := <-receivedCh: - t.Fatalf("Expected error, got %v", receivedBytes) + case msgBytes := <-receivedCh: + t.Fatalf("Expected error, but got %v", msgBytes) case err := <-errorsCh: - assert.NotNil(err) - assert.False(mconn.IsRunning()) - case <-time.After(10*time.Millisecond + mconn.config.pingTimeout + mconn.config.pongTimeout): - t.Fatal("Did not receive error in ~(pingTimeout + pongTimeout) seconds") + assert.NotNil(t, err) + case <-time.After(expectErrorAfter): + t.Fatalf("Expected to receive error after %v", expectErrorAfter) } } From 5834a598160928eefb50530ed408656b6ab98948 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 10 Jan 2018 20:24:31 -0600 Subject: [PATCH 167/188] read ping --- p2p/conn/connection.go | 2 +- p2p/conn/connection_test.go | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 23c8edc9d..7c7cee344 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -332,7 +332,7 @@ FOR_LOOP: c.Logger.Debug("Send Ping") wire.WriteByte(packetTypePing, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) - go c.flush() + c.flush() c.Logger.Debug("Starting pong timer") c.pongTimer.Reset(c.config.pongTimeout) case <-c.pongTimer.C: diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 5570331e7..863642113 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -137,6 +137,11 @@ func TestPongTimeoutResultsInError(t *testing.T) { require.Nil(t, err) defer mconn.Stop() + go func() { + // read ping + server.Read(make([]byte, 1)) + }() + expectErrorAfter := 10*time.Millisecond + mconn.config.pingInterval + mconn.config.pongTimeout select { case msgBytes := <-receivedCh: From 4e2000abfe50b929a6a62f8131e7d509e66d3aa3 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 10 Jan 2018 20:24:42 -0600 Subject: [PATCH 168/188] control order by sending msgs from one goroutine --- p2p/conn/connection_test.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 863642113..23b7078e8 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -339,8 +339,6 @@ func TestMConnectionTrySend(t *testing.T) { go func() { mconn.TrySend(0x01, msg) resultCh <- "TrySend" - }() - go func() { mconn.Send(0x01, msg) resultCh <- "Send" }() From 860da464df1421d608f37b68bef4f182dd34bf6b Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 11 Jan 2018 15:32:25 -0600 Subject: [PATCH 169/188] remove weird concurrency testing --- p2p/conn/connection_test.go | 4 ---- 1 file changed, 4 deletions(-) diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 23b7078e8..8ab865bf0 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -339,12 +339,8 @@ func TestMConnectionTrySend(t *testing.T) { go func() { mconn.TrySend(0x01, msg) resultCh <- "TrySend" - mconn.Send(0x01, msg) - resultCh <- "Send" }() assert.False(mconn.CanSend(0x01)) assert.False(mconn.TrySend(0x01, msg)) assert.Equal("TrySend", <-resultCh) - server.Read(make([]byte, len(msg))) - assert.Equal("Send", <-resultCh) // Order constrained by parallel blocking above } From d14d4a252767c227bc57381d30bb7824bf18ac6e Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 11 Jan 2018 17:15:04 -0600 Subject: [PATCH 170/188] remove TryBroadcast --- p2p/switch.go | 31 ++++--------------------------- p2p/switch_test.go | 10 ++-------- 2 files changed, 6 insertions(+), 35 deletions(-) diff --git a/p2p/switch.go b/p2p/switch.go index 4a2c3480f..7c09212b3 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -202,44 +202,21 @@ func (sw *Switch) OnStop() { // Broadcast runs a go routine for each attempted send, which will block // trying to send for defaultSendTimeoutSeconds. Returns a channel -// which receives broadcast result for each attempted send (success=false if times out). +// which receives success values for each attempted send (false if times out). // NOTE: Broadcast uses goroutines, so order of broadcast may not be preserved. // TODO: Something more intelligent. - -type BroadcastResult struct { - PeerKey string - Success bool -} - -func (sw *Switch) Broadcast(chID byte, msg interface{}) chan BroadcastResult { - successChan := make(chan BroadcastResult, len(sw.peers.List())) +func (sw *Switch) Broadcast(chID byte, msg interface{}) chan bool { + successChan := make(chan bool, len(sw.peers.List())) sw.Logger.Debug("Broadcast", "channel", chID, "msg", msg) for _, peer := range sw.peers.List() { go func(peer Peer) { success := peer.Send(chID, msg) - successChan <- BroadcastResult{peer.Key(), success} + successChan <- success }(peer) } return successChan } -func (sw *Switch) TryBroadcast(chID byte, msg interface{}) chan BroadcastResult { - successChan := make(chan BroadcastResult, len(sw.peers.List())) - sw.Logger.Debug("TryBroadcast", "channel", chID, "msg", msg) - for _, peer := range sw.peers.List() { - success := peer.TrySend(chID, msg) - if success { - successChan <- BroadcastResult{peer.Key(), success} - } else { - go func(peer Peer) { - success := peer.Send(chID, msg) - successChan <- BroadcastResult{peer.Key(), success} - }(peer) - } - } - return successChan -} - // NumPeers returns the count of outbound/inbound and outbound-dialing peers. func (sw *Switch) NumPeers() (outbound, inbound, dialing int) { peers := sw.peers.List() diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 9c8b763ec..75f9640b1 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -128,17 +128,14 @@ func TestSwitches(t *testing.T) { ch0Msg := "channel zero" ch1Msg := "channel foo" ch2Msg := "channel bar" - ch3Msg := "channel baz" s1.Broadcast(byte(0x00), ch0Msg) s1.Broadcast(byte(0x01), ch1Msg) s1.Broadcast(byte(0x02), ch2Msg) - s1.TryBroadcast(byte(0x03), ch3Msg) assertMsgReceivedWithTimeout(t, ch0Msg, byte(0x00), s2.Reactor("foo").(*TestReactor), 10*time.Millisecond, 5*time.Second) assertMsgReceivedWithTimeout(t, ch1Msg, byte(0x01), s2.Reactor("foo").(*TestReactor), 10*time.Millisecond, 5*time.Second) assertMsgReceivedWithTimeout(t, ch2Msg, byte(0x02), s2.Reactor("bar").(*TestReactor), 10*time.Millisecond, 5*time.Second) - assertMsgReceivedWithTimeout(t, ch3Msg, byte(0x03), s2.Reactor("bar").(*TestReactor), 10*time.Millisecond, 5*time.Second) } func assertMsgReceivedWithTimeout(t *testing.T, msg string, channel byte, reactor *TestReactor, checkPeriod, timeout time.Duration) { @@ -331,11 +328,8 @@ func BenchmarkSwitches(b *testing.B) { for i := 0; i < b.N; i++ { chID := byte(i % 4) successChan := s1.Broadcast(chID, "test data") - for res := range successChan { - if !s1.peers.Has(res.PeerKey) { - b.Error("Unexpected peerKey: " + res.PeerKey) - } - if res.Success { + for s := range successChan { + if s { numSuccess++ } else { numFailure++ From 3ae738f4533f5eb541d480fb678a5c556b5908ba Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 11 Jan 2018 18:06:33 -0600 Subject: [PATCH 171/188] increase timeouts --- p2p/conn/connection.go | 6 +++--- p2p/conn/connection_test.go | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 7c7cee344..25aac3012 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -34,8 +34,8 @@ const ( defaultSendRate = int64(512000) // 500KB/s defaultRecvRate = int64(512000) // 500KB/s defaultSendTimeout = 10 * time.Second - defaultPingInterval = 40 * time.Second - defaultPongTimeout = 35 * time.Second + defaultPingInterval = 60 * time.Second + defaultPongTimeout = 45 * time.Second ) type receiveCbFunc func(chID byte, msgBytes []byte) @@ -134,7 +134,7 @@ func NewMConnection(conn net.Conn, chDescs []*ChannelDescriptor, onReceive recei // NewMConnectionWithConfig wraps net.Conn and creates multiplex connection with a config func NewMConnectionWithConfig(conn net.Conn, chDescs []*ChannelDescriptor, onReceive receiveCbFunc, onError errorCbFunc, config *MConnConfig) *MConnection { if config.pongTimeout >= config.pingInterval { - panic("pongTimeout must be less than pingInterval") + panic("pongTimeout must be less than pingInterval (otherwise, next ping will reset pong timer)") } mconn := &MConnection{ diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 8ab865bf0..4fb8d3412 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -24,8 +24,8 @@ func createTestMConnection(conn net.Conn) *MConnection { func createMConnectionWithCallbacks(conn net.Conn, onReceive func(chID byte, msgBytes []byte), onError func(r interface{})) *MConnection { chDescs := []*ChannelDescriptor{&ChannelDescriptor{ID: 0x01, Priority: 1, SendQueueCapacity: 1}} cfg := DefaultMConnConfig() - cfg.pingInterval = 40 * time.Millisecond - cfg.pongTimeout = 35 * time.Millisecond + cfg.pingInterval = 60 * time.Millisecond + cfg.pongTimeout = 45 * time.Millisecond c := NewMConnectionWithConfig(conn, chDescs, onReceive, onError, cfg) c.SetLogger(log.TestingLogger()) return c @@ -119,7 +119,7 @@ func TestMConnectionStatus(t *testing.T) { assert.Zero(status.Channels[0].SendQueueSize) } -func TestPongTimeoutResultsInError(t *testing.T) { +func TestMConnectionPongTimeoutResultsInError(t *testing.T) { server, client := net.Pipe() defer server.Close() defer client.Close() @@ -142,7 +142,7 @@ func TestPongTimeoutResultsInError(t *testing.T) { server.Read(make([]byte, 1)) }() - expectErrorAfter := 10*time.Millisecond + mconn.config.pingInterval + mconn.config.pongTimeout + expectErrorAfter := (mconn.config.pingInterval + mconn.config.pongTimeout) * 2 select { case msgBytes := <-receivedCh: t.Fatalf("Expected error, but got %v", msgBytes) From 161e100a24ef54cdbd630a241086400d3f8c7261 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Thu, 11 Jan 2018 18:24:28 -0600 Subject: [PATCH 172/188] close return channel when we're done Benchmark results: ``` BenchmarkSwitchBroadcast-2 30000 71275 ns/op --- BENCH: BenchmarkSwitchBroadcast-2 switch_test.go:339: success: 1, failure: 0 switch_test.go:339: success: 100, failure: 0 switch_test.go:339: success: 10000, failure: 0 switch_test.go:339: success: 30000, failure: 0 ``` --- p2p/conn/secret_connection_test.go | 2 +- p2p/switch.go | 17 +++++++++++++---- p2p/switch_test.go | 12 ++++-------- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/p2p/conn/secret_connection_test.go b/p2p/conn/secret_connection_test.go index 8af9cdeb5..4cf715dd2 100644 --- a/p2p/conn/secret_connection_test.go +++ b/p2p/conn/secret_connection_test.go @@ -4,7 +4,7 @@ import ( "io" "testing" - "github.com/tendermint/go-crypto" + crypto "github.com/tendermint/go-crypto" cmn "github.com/tendermint/tmlibs/common" ) diff --git a/p2p/switch.go b/p2p/switch.go index 7c09212b3..f1d02dcfc 100644 --- a/p2p/switch.go +++ b/p2p/switch.go @@ -5,6 +5,7 @@ import ( "math" "math/rand" "net" + "sync" "time" "github.com/pkg/errors" @@ -200,20 +201,28 @@ func (sw *Switch) OnStop() { //--------------------------------------------------------------------- // Peers -// Broadcast runs a go routine for each attempted send, which will block -// trying to send for defaultSendTimeoutSeconds. Returns a channel -// which receives success values for each attempted send (false if times out). +// Broadcast runs a go routine for each attempted send, which will block trying +// to send for defaultSendTimeoutSeconds. Returns a channel which receives +// success values for each attempted send (false if times out). Channel will be +// closed once msg send to all peers. +// // NOTE: Broadcast uses goroutines, so order of broadcast may not be preserved. -// TODO: Something more intelligent. func (sw *Switch) Broadcast(chID byte, msg interface{}) chan bool { successChan := make(chan bool, len(sw.peers.List())) sw.Logger.Debug("Broadcast", "channel", chID, "msg", msg) + var wg sync.WaitGroup for _, peer := range sw.peers.List() { + wg.Add(1) go func(peer Peer) { + defer wg.Done() success := peer.Send(chID, msg) successChan <- success }(peer) } + go func() { + wg.Wait() + close(successChan) + }() return successChan } diff --git a/p2p/switch_test.go b/p2p/switch_test.go index 75f9640b1..be1d96e9b 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -300,10 +300,8 @@ func TestSwitchFullConnectivity(t *testing.T) { } } -func BenchmarkSwitches(b *testing.B) { - b.StopTimer() - - s1, s2 := MakeSwitchPair(b, func(i int, sw *Switch) *Switch { +func BenchmarkSwitchBroadcast(b *testing.B) { + s1, s2 := makeSwitchPair(b, func(i int, sw *Switch) *Switch { // Make bar reactors of bar channels each sw.AddReactor("foo", NewTestReactor([]*conn.ChannelDescriptor{ {ID: byte(0x00), Priority: 10}, @@ -320,7 +318,8 @@ func BenchmarkSwitches(b *testing.B) { // Allow time for goroutines to boot up time.Sleep(1 * time.Second) - b.StartTimer() + + b.ResetTimer() numSuccess, numFailure := 0, 0 @@ -338,7 +337,4 @@ func BenchmarkSwitches(b *testing.B) { } b.Logf("success: %v, failure: %v", numSuccess, numFailure) - - // Allow everything to flush before stopping switches & closing connections. - b.StopTimer() } From 747b73cb95dab52ee1076ce83dcc92dca86ef93a Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 23 Jan 2018 13:11:44 +0400 Subject: [PATCH 173/188] fix merge conflicts --- p2p/conn/connection.go | 27 ++++++++++++++++----------- p2p/conn/connection_test.go | 6 +++--- p2p/switch_test.go | 2 +- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 25aac3012..71d8608fb 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -97,12 +97,17 @@ type MConnConfig struct { SendRate int64 `mapstructure:"send_rate"` RecvRate int64 `mapstructure:"recv_rate"` - MaxMsgPacketPayloadSize int + // Maximum payload size + MaxMsgPacketPayloadSize int `mapstructure:"max_msg_packet_payload_size"` - FlushThrottle time.Duration + // Interval to flush writes (throttled) + FlushThrottle time.Duration `mapstructure:"flush_throttle"` - pingInterval time.Duration - pongTimeout time.Duration + // Interval to send pings + PingInterval time.Duration `mapstructure:"ping_interval"` + + // Maximum wait time for pongs + PongTimeout time.Duration `mapstructure:"pong_timeout"` } func (cfg *MConnConfig) maxMsgPacketTotalSize() int { @@ -116,8 +121,8 @@ func DefaultMConnConfig() *MConnConfig { RecvRate: defaultRecvRate, MaxMsgPacketPayloadSize: defaultMaxMsgPacketPayloadSize, FlushThrottle: defaultFlushThrottle, - pingInterval: defaultPingInterval, - pongTimeout: defaultPongTimeout, + PingInterval: defaultPingInterval, + PongTimeout: defaultPongTimeout, } } @@ -133,7 +138,7 @@ func NewMConnection(conn net.Conn, chDescs []*ChannelDescriptor, onReceive recei // NewMConnectionWithConfig wraps net.Conn and creates multiplex connection with a config func NewMConnectionWithConfig(conn net.Conn, chDescs []*ChannelDescriptor, onReceive receiveCbFunc, onError errorCbFunc, config *MConnConfig) *MConnection { - if config.pongTimeout >= config.pingInterval { + if config.PongTimeout >= config.PingInterval { panic("pongTimeout must be less than pingInterval (otherwise, next ping will reset pong timer)") } @@ -180,9 +185,9 @@ func (c *MConnection) OnStart() error { return err } c.quit = make(chan struct{}) - c.flushTimer = cmn.NewThrottleTimer("flush", c.config.flushThrottle) - c.pingTimer = cmn.NewRepeatTimer("ping", c.config.pingInterval) - c.pongTimer = time.NewTimer(c.config.pongTimeout) + c.flushTimer = cmn.NewThrottleTimer("flush", c.config.FlushThrottle) + c.pingTimer = cmn.NewRepeatTimer("ping", c.config.PingInterval) + c.pongTimer = time.NewTimer(c.config.PongTimeout) // we start timer once we've send ping; needed here because we use start // listening in recvRoutine _ = c.pongTimer.Stop() @@ -334,7 +339,7 @@ FOR_LOOP: c.sendMonitor.Update(int(n)) c.flush() c.Logger.Debug("Starting pong timer") - c.pongTimer.Reset(c.config.pongTimeout) + c.pongTimer.Reset(c.config.PongTimeout) case <-c.pongTimer.C: c.Logger.Debug("Pong timeout") // XXX: should we decrease peer score instead of closing connection? diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 4fb8d3412..d505805ed 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -24,8 +24,8 @@ func createTestMConnection(conn net.Conn) *MConnection { func createMConnectionWithCallbacks(conn net.Conn, onReceive func(chID byte, msgBytes []byte), onError func(r interface{})) *MConnection { chDescs := []*ChannelDescriptor{&ChannelDescriptor{ID: 0x01, Priority: 1, SendQueueCapacity: 1}} cfg := DefaultMConnConfig() - cfg.pingInterval = 60 * time.Millisecond - cfg.pongTimeout = 45 * time.Millisecond + cfg.PingInterval = 60 * time.Millisecond + cfg.PongTimeout = 45 * time.Millisecond c := NewMConnectionWithConfig(conn, chDescs, onReceive, onError, cfg) c.SetLogger(log.TestingLogger()) return c @@ -142,7 +142,7 @@ func TestMConnectionPongTimeoutResultsInError(t *testing.T) { server.Read(make([]byte, 1)) }() - expectErrorAfter := (mconn.config.pingInterval + mconn.config.pongTimeout) * 2 + expectErrorAfter := (mconn.config.PingInterval + mconn.config.PongTimeout) * 2 select { case msgBytes := <-receivedCh: t.Fatalf("Expected error, but got %v", msgBytes) diff --git a/p2p/switch_test.go b/p2p/switch_test.go index be1d96e9b..745eb44e6 100644 --- a/p2p/switch_test.go +++ b/p2p/switch_test.go @@ -301,7 +301,7 @@ func TestSwitchFullConnectivity(t *testing.T) { } func BenchmarkSwitchBroadcast(b *testing.B) { - s1, s2 := makeSwitchPair(b, func(i int, sw *Switch) *Switch { + s1, s2 := MakeSwitchPair(b, func(i int, sw *Switch) *Switch { // Make bar reactors of bar channels each sw.AddReactor("foo", NewTestReactor([]*conn.ChannelDescriptor{ {ID: byte(0x00), Priority: 10}, From f4ff66de30232bb5c3f70d390843bbcab5543e8e Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Wed, 24 Jan 2018 14:41:31 +0400 Subject: [PATCH 174/188] rewrite pong timer to use time.AfterFunc --- p2p/conn/connection.go | 42 +++++++------- p2p/conn/connection_test.go | 107 ++++++++++++++++++++++++++++++++++-- 2 files changed, 126 insertions(+), 23 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 71d8608fb..4e461b35e 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -83,11 +83,15 @@ type MConnection struct { errored uint32 config *MConnConfig - quit chan struct{} - flushTimer *cmn.ThrottleTimer // flush writes as necessary but throttled. - pingTimer *cmn.RepeatTimer // send pings periodically - pongTimer *time.Timer // close conn if pong is not received in pongTimeout - chStatsTimer *cmn.RepeatTimer // update channel stats periodically + quit chan struct{} + flushTimer *cmn.ThrottleTimer // flush writes as necessary but throttled. + pingTimer *cmn.RepeatTimer // send pings periodically + + // close conn if pong is not received in pongTimeout + pongTimer *time.Timer + pongTimeoutCh chan struct{} + + chStatsTimer *cmn.RepeatTimer // update channel stats periodically created time.Time // time of creation } @@ -187,10 +191,7 @@ func (c *MConnection) OnStart() error { c.quit = make(chan struct{}) c.flushTimer = cmn.NewThrottleTimer("flush", c.config.FlushThrottle) c.pingTimer = cmn.NewRepeatTimer("ping", c.config.PingInterval) - c.pongTimer = time.NewTimer(c.config.PongTimeout) - // we start timer once we've send ping; needed here because we use start - // listening in recvRoutine - _ = c.pongTimer.Stop() + c.pongTimeoutCh = make(chan struct{}) c.chStatsTimer = cmn.NewRepeatTimer("chStats", updateStats) go c.sendRoutine() go c.recvRoutine() @@ -200,13 +201,12 @@ func (c *MConnection) OnStart() error { // OnStop implements BaseService func (c *MConnection) OnStop() { c.BaseService.OnStop() - c.flushTimer.Stop() - c.pingTimer.Stop() - _ = c.pongTimer.Stop() - c.chStatsTimer.Stop() if c.quit != nil { close(c.quit) } + c.flushTimer.Stop() + c.pingTimer.Stop() + c.chStatsTimer.Stop() c.conn.Close() // nolint: errcheck // We can't close pong safely here because @@ -337,12 +337,13 @@ FOR_LOOP: c.Logger.Debug("Send Ping") wire.WriteByte(packetTypePing, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) + c.Logger.Debug("Starting pong timer", "dur", c.config.PongTimeout) + c.pongTimer = time.AfterFunc(c.config.PongTimeout, func() { + c.pongTimeoutCh <- struct{}{} + }) c.flush() - c.Logger.Debug("Starting pong timer") - c.pongTimer.Reset(c.config.PongTimeout) - case <-c.pongTimer.C: + case <-c.pongTimeoutCh: c.Logger.Debug("Pong timeout") - // XXX: should we decrease peer score instead of closing connection? err = errors.New("pong timeout") case <-c.pong: c.Logger.Debug("Send Pong") @@ -350,6 +351,9 @@ FOR_LOOP: c.sendMonitor.Update(int(n)) c.flush() case <-c.quit: + if c.pongTimer != nil { + _ = c.pongTimer.Stop() + } break FOR_LOOP case <-c.send: // Send some msgPackets @@ -483,8 +487,8 @@ FOR_LOOP: } case packetTypePong: c.Logger.Debug("Receive Pong") - if !c.pongTimer.Stop() { - <-c.pongTimer.C + if c.pongTimer != nil { + _ = c.pongTimer.Stop() } case packetTypeMsg: pkt, n, err := msgPacket{}, int(0), error(nil) diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index d505805ed..acfa8032a 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -24,7 +24,7 @@ func createTestMConnection(conn net.Conn) *MConnection { func createMConnectionWithCallbacks(conn net.Conn, onReceive func(chID byte, msgBytes []byte), onError func(r interface{})) *MConnection { chDescs := []*ChannelDescriptor{&ChannelDescriptor{ID: 0x01, Priority: 1, SendQueueCapacity: 1}} cfg := DefaultMConnConfig() - cfg.PingInterval = 60 * time.Millisecond + cfg.PingInterval = 90 * time.Millisecond cfg.PongTimeout = 45 * time.Millisecond c := NewMConnectionWithConfig(conn, chDescs, onReceive, onError, cfg) c.SetLogger(log.TestingLogger()) @@ -137,19 +137,118 @@ func TestMConnectionPongTimeoutResultsInError(t *testing.T) { require.Nil(t, err) defer mconn.Stop() + serverGotPing := make(chan struct{}) go func() { // read ping server.Read(make([]byte, 1)) + serverGotPing <- struct{}{} }() + <-serverGotPing - expectErrorAfter := (mconn.config.PingInterval + mconn.config.PongTimeout) * 2 + pongTimerExpired := mconn.config.PongTimeout + 10*time.Millisecond select { case msgBytes := <-receivedCh: t.Fatalf("Expected error, but got %v", msgBytes) case err := <-errorsCh: assert.NotNil(t, err) - case <-time.After(expectErrorAfter): - t.Fatalf("Expected to receive error after %v", expectErrorAfter) + case <-time.After(pongTimerExpired): + t.Fatalf("Expected to receive error after %v", pongTimerExpired) + } +} + +func TestMConnectionMultiplePongsInTheBeginning(t *testing.T) { + server, client := net.Pipe() + defer server.Close() + defer client.Close() + + receivedCh := make(chan []byte) + errorsCh := make(chan interface{}) + onReceive := func(chID byte, msgBytes []byte) { + receivedCh <- msgBytes + } + onError := func(r interface{}) { + errorsCh <- r + } + mconn := createMConnectionWithCallbacks(client, onReceive, onError) + err := mconn.Start() + require.Nil(t, err) + defer mconn.Stop() + + // sending 3 pongs in a row + _, err = server.Write([]byte{packetTypePong}) + require.Nil(t, err) + _, err = server.Write([]byte{packetTypePong}) + require.Nil(t, err) + _, err = server.Write([]byte{packetTypePong}) + require.Nil(t, err) + + serverGotPing := make(chan struct{}) + go func() { + // read ping + server.Read(make([]byte, 1)) + serverGotPing <- struct{}{} + // respond with pong + _, err = server.Write([]byte{packetTypePong}) + require.Nil(t, err) + }() + <-serverGotPing + + pongTimerExpired := mconn.config.PongTimeout + 10*time.Millisecond + select { + case msgBytes := <-receivedCh: + t.Fatalf("Expected no data, but got %v", msgBytes) + case err := <-errorsCh: + t.Fatalf("Expected no error, but got %v", err) + case <-time.After(pongTimerExpired): + assert.True(t, mconn.IsRunning()) + } +} + +func TestMConnectionPingPongs(t *testing.T) { + server, client := net.Pipe() + defer server.Close() + defer client.Close() + + receivedCh := make(chan []byte) + errorsCh := make(chan interface{}) + onReceive := func(chID byte, msgBytes []byte) { + receivedCh <- msgBytes + } + onError := func(r interface{}) { + errorsCh <- r + } + mconn := createMConnectionWithCallbacks(client, onReceive, onError) + err := mconn.Start() + require.Nil(t, err) + defer mconn.Stop() + + serverGotPing := make(chan struct{}) + go func() { + // read ping + server.Read(make([]byte, 1)) + serverGotPing <- struct{}{} + // respond with pong + _, err = server.Write([]byte{packetTypePong}) + require.Nil(t, err) + + time.Sleep(mconn.config.PingInterval) + + // read ping + server.Read(make([]byte, 1)) + // respond with pong + _, err = server.Write([]byte{packetTypePong}) + require.Nil(t, err) + }() + <-serverGotPing + + pongTimerExpired := (mconn.config.PongTimeout + 10*time.Millisecond) * 2 + select { + case msgBytes := <-receivedCh: + t.Fatalf("Expected no data, but got %v", msgBytes) + case err := <-errorsCh: + t.Fatalf("Expected no error, but got %v", err) + case <-time.After(2 * pongTimerExpired): + assert.True(t, mconn.IsRunning()) } } From ac0123d249c0220fadc8359d7da8b4f8d0de360f Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 5 Feb 2018 23:12:09 +0400 Subject: [PATCH 175/188] drain pongTimeoutCh and pongTimer's channel to prevent leaks --- p2p/conn/connection.go | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 4e461b35e..b02e1ccb4 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -352,7 +352,10 @@ FOR_LOOP: c.flush() case <-c.quit: if c.pongTimer != nil { - _ = c.pongTimer.Stop() + if !c.pongTimer.Stop() { + <-c.pongTimer.C + } + drain(c.pongTimeoutCh) } break FOR_LOOP case <-c.send: @@ -488,7 +491,10 @@ FOR_LOOP: case packetTypePong: c.Logger.Debug("Receive Pong") if c.pongTimer != nil { - _ = c.pongTimer.Stop() + if !c.pongTimer.Stop() { + <-c.pongTimer.C + } + drain(c.pongTimeoutCh) } case packetTypeMsg: pkt, n, err := msgPacket{}, int(0), error(nil) @@ -764,3 +770,13 @@ type msgPacket struct { func (p msgPacket) String() string { return fmt.Sprintf("MsgPacket{%X:%X T:%X}", p.ChannelID, p.Bytes, p.EOF) } + +func drain(ch <-chan struct{}) { + for { + select { + case <-ch: + default: + return + } + } +} From 26419fba28fd91bcf5dc90a4ea3135d7b600e4ca Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Tue, 6 Feb 2018 12:31:34 +0400 Subject: [PATCH 176/188] refactor code plus add one more test * extract stopPongTimer method * TestMConnectionMultiplePings --- p2p/conn/connection.go | 24 +++++++++---------- p2p/conn/connection_test.go | 48 ++++++++++++++++++++++++++++++++----- 2 files changed, 54 insertions(+), 18 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index b02e1ccb4..6fbb425e7 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -351,12 +351,7 @@ FOR_LOOP: c.sendMonitor.Update(int(n)) c.flush() case <-c.quit: - if c.pongTimer != nil { - if !c.pongTimer.Stop() { - <-c.pongTimer.C - } - drain(c.pongTimeoutCh) - } + c.stopPongTimer() break FOR_LOOP case <-c.send: // Send some msgPackets @@ -482,6 +477,7 @@ FOR_LOOP: switch pktType { case packetTypePing: // TODO: prevent abuse, as they cause flush()'s. + // https://github.com/tendermint/tendermint/issues/1190 c.Logger.Debug("Receive Ping") select { case c.pong <- struct{}{}: @@ -490,12 +486,7 @@ FOR_LOOP: } case packetTypePong: c.Logger.Debug("Receive Pong") - if c.pongTimer != nil { - if !c.pongTimer.Stop() { - <-c.pongTimer.C - } - drain(c.pongTimeoutCh) - } + c.stopPongTimer() case packetTypeMsg: pkt, n, err := msgPacket{}, int(0), error(nil) wire.ReadBinaryPtr(&pkt, c.bufReader, c.config.maxMsgPacketTotalSize(), &n, &err) @@ -543,6 +534,15 @@ FOR_LOOP: } } +func (c *MConnection) stopPongTimer() { + if c.pongTimer != nil { + if !c.pongTimer.Stop() { + <-c.pongTimer.C + } + drain(c.pongTimeoutCh) + } +} + type ConnectionStatus struct { Duration time.Duration SendMonitor flow.Status diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index acfa8032a..270b4ae92 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -145,7 +145,7 @@ func TestMConnectionPongTimeoutResultsInError(t *testing.T) { }() <-serverGotPing - pongTimerExpired := mconn.config.PongTimeout + 10*time.Millisecond + pongTimerExpired := mconn.config.PongTimeout + 20*time.Millisecond select { case msgBytes := <-receivedCh: t.Fatalf("Expected error, but got %v", msgBytes) @@ -174,7 +174,7 @@ func TestMConnectionMultiplePongsInTheBeginning(t *testing.T) { require.Nil(t, err) defer mconn.Stop() - // sending 3 pongs in a row + // sending 3 pongs in a row (abuse) _, err = server.Write([]byte{packetTypePong}) require.Nil(t, err) _, err = server.Write([]byte{packetTypePong}) @@ -184,8 +184,9 @@ func TestMConnectionMultiplePongsInTheBeginning(t *testing.T) { serverGotPing := make(chan struct{}) go func() { - // read ping - server.Read(make([]byte, 1)) + // read ping (one byte) + _, err = server.Read(make([]byte, 1)) + require.Nil(t, err) serverGotPing <- struct{}{} // respond with pong _, err = server.Write([]byte{packetTypePong}) @@ -193,7 +194,7 @@ func TestMConnectionMultiplePongsInTheBeginning(t *testing.T) { }() <-serverGotPing - pongTimerExpired := mconn.config.PongTimeout + 10*time.Millisecond + pongTimerExpired := mconn.config.PongTimeout + 20*time.Millisecond select { case msgBytes := <-receivedCh: t.Fatalf("Expected no data, but got %v", msgBytes) @@ -204,6 +205,41 @@ func TestMConnectionMultiplePongsInTheBeginning(t *testing.T) { } } +func TestMConnectionMultiplePings(t *testing.T) { + server, client := net.Pipe() + defer server.Close() + defer client.Close() + + receivedCh := make(chan []byte) + errorsCh := make(chan interface{}) + onReceive := func(chID byte, msgBytes []byte) { + receivedCh <- msgBytes + } + onError := func(r interface{}) { + errorsCh <- r + } + mconn := createMConnectionWithCallbacks(client, onReceive, onError) + err := mconn.Start() + require.Nil(t, err) + defer mconn.Stop() + + // sending 3 pings in a row (abuse) + _, err = server.Write([]byte{packetTypePing}) + require.Nil(t, err) + _, err = server.Read(make([]byte, 1)) + require.Nil(t, err) + _, err = server.Write([]byte{packetTypePing}) + require.Nil(t, err) + _, err = server.Read(make([]byte, 1)) + require.Nil(t, err) + _, err = server.Write([]byte{packetTypePing}) + require.Nil(t, err) + _, err = server.Read(make([]byte, 1)) + require.Nil(t, err) + + assert.True(t, mconn.IsRunning()) +} + func TestMConnectionPingPongs(t *testing.T) { server, client := net.Pipe() defer server.Close() @@ -241,7 +277,7 @@ func TestMConnectionPingPongs(t *testing.T) { }() <-serverGotPing - pongTimerExpired := (mconn.config.PongTimeout + 10*time.Millisecond) * 2 + pongTimerExpired := (mconn.config.PongTimeout + 20*time.Millisecond) * 2 select { case msgBytes := <-receivedCh: t.Fatalf("Expected no data, but got %v", msgBytes) From 45750e1b299f1cb230397ca6dd246cc993a32b70 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Fri, 9 Feb 2018 15:16:22 +0400 Subject: [PATCH 177/188] fix race by sending signal instead of stopping pongTimer --- p2p/conn/connection.go | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 6fbb425e7..938c3eb2c 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -89,7 +89,7 @@ type MConnection struct { // close conn if pong is not received in pongTimeout pongTimer *time.Timer - pongTimeoutCh chan struct{} + pongTimeoutCh chan bool // true - timeout, false - peer sent pong chStatsTimer *cmn.RepeatTimer // update channel stats periodically @@ -191,7 +191,7 @@ func (c *MConnection) OnStart() error { c.quit = make(chan struct{}) c.flushTimer = cmn.NewThrottleTimer("flush", c.config.FlushThrottle) c.pingTimer = cmn.NewRepeatTimer("ping", c.config.PingInterval) - c.pongTimeoutCh = make(chan struct{}) + c.pongTimeoutCh = make(chan bool) c.chStatsTimer = cmn.NewRepeatTimer("chStats", updateStats) go c.sendRoutine() go c.recvRoutine() @@ -339,19 +339,22 @@ FOR_LOOP: c.sendMonitor.Update(int(n)) c.Logger.Debug("Starting pong timer", "dur", c.config.PongTimeout) c.pongTimer = time.AfterFunc(c.config.PongTimeout, func() { - c.pongTimeoutCh <- struct{}{} + c.pongTimeoutCh <- true }) c.flush() - case <-c.pongTimeoutCh: - c.Logger.Debug("Pong timeout") - err = errors.New("pong timeout") + case timeout := <-c.pongTimeoutCh: + if timeout { + c.Logger.Debug("Pong timeout") + err = errors.New("pong timeout") + } else { + c.stopPongTimer() + } case <-c.pong: c.Logger.Debug("Send Pong") wire.WriteByte(packetTypePong, c.bufWriter, &n, &err) c.sendMonitor.Update(int(n)) c.flush() case <-c.quit: - c.stopPongTimer() break FOR_LOOP case <-c.send: // Send some msgPackets @@ -376,6 +379,7 @@ FOR_LOOP: } // Cleanup + c.stopPongTimer() } // Returns true if messages from channels were exhausted. @@ -486,7 +490,11 @@ FOR_LOOP: } case packetTypePong: c.Logger.Debug("Receive Pong") - c.stopPongTimer() + select { + case c.pongTimeoutCh <- false: + case <-c.quit: + break FOR_LOOP + } case packetTypeMsg: pkt, n, err := msgPacket{}, int(0), error(nil) wire.ReadBinaryPtr(&pkt, c.bufReader, c.config.maxMsgPacketTotalSize(), &n, &err) @@ -534,12 +542,14 @@ FOR_LOOP: } } +// not goroutine-safe func (c *MConnection) stopPongTimer() { if c.pongTimer != nil { if !c.pongTimer.Stop() { <-c.pongTimer.C } drain(c.pongTimeoutCh) + c.pongTimer = nil } } @@ -771,7 +781,7 @@ func (p msgPacket) String() string { return fmt.Sprintf("MsgPacket{%X:%X T:%X}", p.ChannelID, p.Bytes, p.EOF) } -func drain(ch <-chan struct{}) { +func drain(ch <-chan bool) { for { select { case <-ch: From 22b038810aee12a0e4c647abb7ec1499c409c7b8 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Fri, 9 Feb 2018 21:58:02 +0400 Subject: [PATCH 178/188] do not block in recvRoutine --- p2p/conn/connection.go | 8 ++++---- p2p/conn/connection_test.go | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 938c3eb2c..46e363017 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -153,7 +153,7 @@ func NewMConnectionWithConfig(conn net.Conn, chDescs []*ChannelDescriptor, onRec sendMonitor: flow.New(0, 0), recvMonitor: flow.New(0, 0), send: make(chan struct{}, 1), - pong: make(chan struct{}), + pong: make(chan struct{}, 1), onReceive: onReceive, onError: onError, config: config, @@ -191,7 +191,7 @@ func (c *MConnection) OnStart() error { c.quit = make(chan struct{}) c.flushTimer = cmn.NewThrottleTimer("flush", c.config.FlushThrottle) c.pingTimer = cmn.NewRepeatTimer("ping", c.config.PingInterval) - c.pongTimeoutCh = make(chan bool) + c.pongTimeoutCh = make(chan bool, 1) c.chStatsTimer = cmn.NewRepeatTimer("chStats", updateStats) go c.sendRoutine() go c.recvRoutine() @@ -492,8 +492,8 @@ FOR_LOOP: c.Logger.Debug("Receive Pong") select { case c.pongTimeoutCh <- false: - case <-c.quit: - break FOR_LOOP + default: + // never block } case packetTypeMsg: pkt, n, err := msgPacket{}, int(0), error(nil) diff --git a/p2p/conn/connection_test.go b/p2p/conn/connection_test.go index 270b4ae92..d308ea61a 100644 --- a/p2p/conn/connection_test.go +++ b/p2p/conn/connection_test.go @@ -22,10 +22,10 @@ func createTestMConnection(conn net.Conn) *MConnection { } func createMConnectionWithCallbacks(conn net.Conn, onReceive func(chID byte, msgBytes []byte), onError func(r interface{})) *MConnection { - chDescs := []*ChannelDescriptor{&ChannelDescriptor{ID: 0x01, Priority: 1, SendQueueCapacity: 1}} cfg := DefaultMConnConfig() cfg.PingInterval = 90 * time.Millisecond cfg.PongTimeout = 45 * time.Millisecond + chDescs := []*ChannelDescriptor{&ChannelDescriptor{ID: 0x01, Priority: 1, SendQueueCapacity: 1}} c := NewMConnectionWithConfig(conn, chDescs, onReceive, onError, cfg) c.SetLogger(log.TestingLogger()) return c @@ -224,6 +224,7 @@ func TestMConnectionMultiplePings(t *testing.T) { defer mconn.Stop() // sending 3 pings in a row (abuse) + // see https://github.com/tendermint/tendermint/issues/1190 _, err = server.Write([]byte{packetTypePing}) require.Nil(t, err) _, err = server.Read(make([]byte, 1)) From 106cdb74e507932926db506fb7547333b82d5189 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Fri, 9 Feb 2018 23:29:24 +0400 Subject: [PATCH 179/188] do not enforce 1/3 validator power change leave it to the app Refs #1022 --- docs/app-development.rst | 7 ++--- state/execution.go | 51 ++---------------------------- state/state_test.go | 67 ---------------------------------------- 3 files changed, 6 insertions(+), 119 deletions(-) diff --git a/docs/app-development.rst b/docs/app-development.rst index cbb39fa34..18477eda7 100644 --- a/docs/app-development.rst +++ b/docs/app-development.rst @@ -409,11 +409,10 @@ to update the validator set. To add a new validator or update an existing one, simply include them in the list returned in the EndBlock response. To remove one, include it in the list with a ``power`` equal to ``0``. Tendermint core will take care of updating the validator set. Note the change in voting power -must be strictly less than 1/3 per block. Otherwise it will be impossible for a -light client to prove the transition externally. See the `light client docs +must be strictly less than 1/3 per block if you want a light client to be able +to prove the transition externally. See the `light client docs `__ -for details on how it tracks validators. Tendermint core will fail with an -error if the change in voting power is more or equal than 1/3. +for details on how it tracks validators. .. container:: toggle diff --git a/state/execution.go b/state/execution.go index 8d54840a6..9dde52174 100644 --- a/state/execution.go +++ b/state/execution.go @@ -1,7 +1,6 @@ package state import ( - "errors" "fmt" fail "github.com/ebuchman/fail-test" @@ -238,18 +237,10 @@ func execBlockOnProxyApp(logger log.Logger, proxyAppConn proxy.AppConnConsensus, return abciResponses, nil } +// If more or equal than 1/3 of total voting power changed in one block, then +// a light client could never prove the transition externally. See +// ./lite/doc.go for details on how a light client tracks validators. func updateValidators(currentSet *types.ValidatorSet, updates []abci.Validator) error { - // If more or equal than 1/3 of total voting power changed in one block, then - // a light client could never prove the transition externally. See - // ./lite/doc.go for details on how a light client tracks validators. - vp23, err := changeInVotingPowerMoreOrEqualToOneThird(currentSet, updates) - if err != nil { - return err - } - if vp23 { - return errors.New("the change in voting power must be strictly less than 1/3") - } - for _, v := range updates { pubkey, err := crypto.PubKeyFromBytes(v.PubKey) // NOTE: expects go-wire encoded pubkey if err != nil { @@ -288,42 +279,6 @@ func updateValidators(currentSet *types.ValidatorSet, updates []abci.Validator) return nil } -func changeInVotingPowerMoreOrEqualToOneThird(currentSet *types.ValidatorSet, updates []abci.Validator) (bool, error) { - threshold := currentSet.TotalVotingPower() * 1 / 3 - acc := int64(0) - - for _, v := range updates { - pubkey, err := crypto.PubKeyFromBytes(v.PubKey) // NOTE: expects go-wire encoded pubkey - if err != nil { - return false, err - } - - address := pubkey.Address() - power := int64(v.Power) - // mind the overflow from int64 - if power < 0 { - return false, fmt.Errorf("Power (%d) overflows int64", v.Power) - } - - _, val := currentSet.GetByAddress(address) - if val == nil { - acc += power - } else { - np := val.VotingPower - power - if np < 0 { - np = -np - } - acc += np - } - - if acc >= threshold { - return true, nil - } - } - - return false, nil -} - // updateState returns a new State updated according to the header and responses. func updateState(s State, blockID types.BlockID, header *types.Header, abciResponses *ABCIResponses) (State, error) { diff --git a/state/state_test.go b/state/state_test.go index 76b713aee..02c94253e 100644 --- a/state/state_test.go +++ b/state/state_test.go @@ -375,73 +375,6 @@ func makeParams(blockBytes, blockTx, blockGas, txBytes, } } -func TestLessThanOneThirdOfVotingPowerPerBlockEnforced(t *testing.T) { - testCases := []struct { - initialValSetSize int - shouldErr bool - valUpdatesFn func(vals *types.ValidatorSet) []abci.Validator - }{ - ///////////// 1 val (vp: 10) => less than 3 is ok //////////////////////// - // adding 1 validator => 10 - 0: {1, false, func(vals *types.ValidatorSet) []abci.Validator { - return []abci.Validator{ - {PubKey: pk(), Power: 2}, - } - }}, - 1: {1, true, func(vals *types.ValidatorSet) []abci.Validator { - return []abci.Validator{ - {PubKey: pk(), Power: 3}, - } - }}, - 2: {1, true, func(vals *types.ValidatorSet) []abci.Validator { - return []abci.Validator{ - {PubKey: pk(), Power: 100}, - } - }}, - - ///////////// 3 val (vp: 30) => less than 10 is ok //////////////////////// - // adding and removing validator => 20 - 3: {3, true, func(vals *types.ValidatorSet) []abci.Validator { - _, firstVal := vals.GetByIndex(0) - return []abci.Validator{ - {PubKey: firstVal.PubKey.Bytes(), Power: 0}, - {PubKey: pk(), Power: 10}, - } - }}, - // adding 1 validator => 10 - 4: {3, true, func(vals *types.ValidatorSet) []abci.Validator { - return []abci.Validator{ - {PubKey: pk(), Power: 10}, - } - }}, - // adding 2 validators => 8 - 5: {3, false, func(vals *types.ValidatorSet) []abci.Validator { - return []abci.Validator{ - {PubKey: pk(), Power: 4}, - {PubKey: pk(), Power: 4}, - } - }}, - } - - for i, tc := range testCases { - tearDown, stateDB, state := setupTestCase(t) - state.Validators = genValSet(tc.initialValSetSize) - SaveState(stateDB, state) - height := state.LastBlockHeight + 1 - block := makeBlock(state, height) - abciResponses := &ABCIResponses{ - EndBlock: &abci.ResponseEndBlock{ValidatorUpdates: tc.valUpdatesFn(state.Validators)}, - } - state, err := updateState(state, types.BlockID{block.Hash(), types.PartSetHeader{}}, block.Header, abciResponses) - if tc.shouldErr { - assert.Error(t, err, "#%d", i) - } else { - assert.NoError(t, err, "#%d", i) - } - tearDown(t) - } -} - func pk() []byte { return crypto.GenPrivKeyEd25519().PubKey().Bytes() } From 2a24ae90c19677e1b94c6163081a552533de90a9 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 12 Feb 2018 14:31:52 +0400 Subject: [PATCH 180/188] fixes from Jae's review 1. remove pointer 2. add Quit() method to Service interface --- blockchain/pool.go | 8 ++++---- blockchain/reactor.go | 2 +- blockchain/reactor_test.go | 5 ++--- consensus/reactor.go | 2 +- consensus/state.go | 2 +- consensus/ticker.go | 2 +- evidence/reactor.go | 2 +- glide.lock | 8 ++++---- glide.yaml | 4 ++-- mempool/reactor.go | 8 ++++---- node/node_test.go | 2 +- p2p/peer.go | 6 ------ p2p/pex/addrbook.go | 2 +- p2p/pex/pex_reactor.go | 4 ++-- p2p/pex/pex_reactor_test.go | 1 - p2p/trust/metric.go | 4 ++-- p2p/trust/store.go | 2 +- rpc/client/httpclient.go | 2 +- rpc/lib/client/ws_client.go | 6 +++--- rpc/lib/client/ws_client_test.go | 4 ++-- rpc/lib/server/handlers.go | 8 ++++---- 21 files changed, 38 insertions(+), 46 deletions(-) diff --git a/blockchain/pool.go b/blockchain/pool.go index 6b40a8e73..d0f4d2976 100644 --- a/blockchain/pool.go +++ b/blockchain/pool.go @@ -534,10 +534,10 @@ OUTER_LOOP: // Send request and wait. bpr.pool.sendRequest(bpr.height, peer.id) select { - case <-bpr.pool.Quit: + case <-bpr.pool.Quit(): bpr.Stop() return - case <-bpr.Quit: + case <-bpr.Quit(): return case <-bpr.redoCh: bpr.reset() @@ -545,10 +545,10 @@ OUTER_LOOP: case <-bpr.gotBlockCh: // We got the block, now see if it's good. select { - case <-bpr.pool.Quit: + case <-bpr.pool.Quit(): bpr.Stop() return - case <-bpr.Quit: + case <-bpr.Quit(): return case <-bpr.redoCh: bpr.reset() diff --git a/blockchain/reactor.go b/blockchain/reactor.go index 1bb82c232..2ad6770be 100644 --- a/blockchain/reactor.go +++ b/blockchain/reactor.go @@ -322,7 +322,7 @@ FOR_LOOP: } } continue FOR_LOOP - case <-bcR.Quit: + case <-bcR.Quit(): break FOR_LOOP } } diff --git a/blockchain/reactor_test.go b/blockchain/reactor_test.go index 9775d38a9..263ca0f05 100644 --- a/blockchain/reactor_test.go +++ b/blockchain/reactor_test.go @@ -157,7 +157,7 @@ func makeBlock(height int64, state sm.State) *types.Block { // The Test peer type bcrTestPeer struct { - *cmn.BaseService + cmn.BaseService id p2p.ID ch chan interface{} } @@ -169,7 +169,7 @@ func newbcrTestPeer(id p2p.ID) *bcrTestPeer { id: id, ch: make(chan interface{}, 2), } - bcr.BaseService = cmn.NewBaseService(nil, "bcrTestPeer", bcr) + bcr.BaseService = *cmn.NewBaseService(nil, "bcrTestPeer", bcr) return bcr } @@ -196,4 +196,3 @@ func (tp *bcrTestPeer) IsOutbound() bool { return false } func (tp *bcrTestPeer) IsPersistent() bool { return true } func (tp *bcrTestPeer) Get(s string) interface{} { return s } func (tp *bcrTestPeer) Set(string, interface{}) {} -func (tp *bcrTestPeer) QuitChan() <-chan struct{} { return tp.Quit } diff --git a/consensus/reactor.go b/consensus/reactor.go index 44ff745c3..b63793670 100644 --- a/consensus/reactor.go +++ b/consensus/reactor.go @@ -380,7 +380,7 @@ func (conR *ConsensusReactor) startBroadcastRoutine() error { edph := data.(types.TMEventData).Unwrap().(types.EventDataProposalHeartbeat) conR.broadcastProposalHeartbeatMessage(edph) } - case <-conR.Quit: + case <-conR.Quit(): conR.eventBus.UnsubscribeAll(ctx, subscriber) return } diff --git a/consensus/state.go b/consensus/state.go index adf85d081..aa334fdd0 100644 --- a/consensus/state.go +++ b/consensus/state.go @@ -541,7 +541,7 @@ func (cs *ConsensusState) receiveRoutine(maxSteps int) { // if the timeout is relevant to the rs // go to the next step cs.handleTimeout(ti, rs) - case <-cs.Quit: + case <-cs.Quit(): // NOTE: the internalMsgQueue may have signed messages from our // priv_val that haven't hit the WAL, but its ok because diff --git a/consensus/ticker.go b/consensus/ticker.go index f66856f91..b37b7c495 100644 --- a/consensus/ticker.go +++ b/consensus/ticker.go @@ -127,7 +127,7 @@ func (t *timeoutTicker) timeoutRoutine() { // We can eliminate it by merging the timeoutRoutine into receiveRoutine // and managing the timeouts ourselves with a millisecond ticker go func(toi timeoutInfo) { t.tockChan <- toi }(ti) - case <-t.Quit: + case <-t.Quit(): return } } diff --git a/evidence/reactor.go b/evidence/reactor.go index cb9706a34..169a274d3 100644 --- a/evidence/reactor.go +++ b/evidence/reactor.go @@ -126,7 +126,7 @@ func (evR *EvidenceReactor) broadcastRoutine() { // broadcast all pending evidence msg := &EvidenceListMessage{evR.evpool.PendingEvidence()} evR.Switch.Broadcast(EvidenceChannel, struct{ EvidenceMessage }{msg}) - case <-evR.Quit: + case <-evR.Quit(): return } } diff --git a/glide.lock b/glide.lock index 5d994b0e9..2a77da549 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 41f411204b59e893053e59cda43466b3a6634c5fc88698d1f3131ecd5f239de7 -updated: 2018-02-09T09:56:16.586709479Z +hash: 0a994be202cfc9c8a820c5a68321bbbf5592f48790b9bd408b5f95cd344c3be5 +updated: 2018-02-12T08:29:16.126185849Z imports: - name: github.com/btcsuite/btcd version: 50de9da05b50eb15658bb350f6ea24368a111ab7 @@ -97,7 +97,7 @@ imports: - leveldb/table - leveldb/util - name: github.com/tendermint/abci - version: 5a4f56056e23cdfd5f3733db056968e016468508 + version: 5913ae8960c7ae5d748c37aa060bd35c99ff8a05 subpackages: - client - example/code @@ -117,7 +117,7 @@ imports: subpackages: - data - name: github.com/tendermint/tmlibs - version: 52ce4c20f8bc9b6da5fc1274bcce27c0b9dd738a + version: a57340ffb53aefb0fca1fc610d18fcbcc61b126f subpackages: - autofile - cli diff --git a/glide.yaml b/glide.yaml index 0fe66f3b4..d93a80d76 100644 --- a/glide.yaml +++ b/glide.yaml @@ -19,7 +19,7 @@ import: - package: github.com/spf13/viper version: v1.0.0 - package: github.com/tendermint/abci - version: develop + version: 5913ae8960c7ae5d748c37aa060bd35c99ff8a05 subpackages: - client - example/dummy @@ -31,7 +31,7 @@ import: subpackages: - data - package: github.com/tendermint/tmlibs - version: develop + version: a57340ffb53aefb0fca1fc610d18fcbcc61b126f subpackages: - autofile - cli diff --git a/mempool/reactor.go b/mempool/reactor.go index 98c83337c..58650a197 100644 --- a/mempool/reactor.go +++ b/mempool/reactor.go @@ -117,9 +117,9 @@ func (memR *MempoolReactor) broadcastTxRoutine(peer p2p.Peer) { if next = memR.Mempool.TxsFront(); next == nil { continue } - case <-peer.QuitChan(): + case <-peer.Quit(): return - case <-memR.Quit: + case <-memR.Quit(): return } } @@ -146,9 +146,9 @@ func (memR *MempoolReactor) broadcastTxRoutine(peer p2p.Peer) { case <-next.NextWaitChan(): // see the start of the for loop for nil check next = next.Next() - case <-peer.QuitChan(): + case <-peer.Quit(): return - case <-memR.Quit: + case <-memR.Quit(): return } } diff --git a/node/node_test.go b/node/node_test.go index eb8d109f3..ca5393823 100644 --- a/node/node_test.go +++ b/node/node_test.go @@ -41,7 +41,7 @@ func TestNodeStartStop(t *testing.T) { }() select { - case <-n.Quit: + case <-n.Quit(): case <-time.After(5 * time.Second): t.Fatal("timed out waiting for shutdown") } diff --git a/p2p/peer.go b/p2p/peer.go index cff99ad1f..67ce411cd 100644 --- a/p2p/peer.go +++ b/p2p/peer.go @@ -18,7 +18,6 @@ import ( // Peer is an interface representing a peer connected on a reactor. type Peer interface { cmn.Service - QuitChan() <-chan struct{} ID() ID // peer's cryptographic ID IsOutbound() bool // did we dial the peer @@ -332,11 +331,6 @@ func (p *peer) String() string { return fmt.Sprintf("Peer{%v %v in}", p.mconn, p.ID()) } -// QuitChan returns a channel, which will be closed once peer is stopped. -func (p *peer) QuitChan() <-chan struct{} { - return p.Quit -} - //------------------------------------------------------------------ // helper funcs diff --git a/p2p/pex/addrbook.go b/p2p/pex/addrbook.go index 3a3be6e44..95ad70fe7 100644 --- a/p2p/pex/addrbook.go +++ b/p2p/pex/addrbook.go @@ -332,7 +332,7 @@ out: select { case <-saveFileTicker.C: a.saveToFile(a.filePath) - case <-a.Quit: + case <-a.Quit(): break out } } diff --git a/p2p/pex/pex_reactor.go b/p2p/pex/pex_reactor.go index 53075a1d6..5aeca8f76 100644 --- a/p2p/pex/pex_reactor.go +++ b/p2p/pex/pex_reactor.go @@ -274,7 +274,7 @@ func (r *PEXReactor) ensurePeersRoutine() { select { case <-ticker.C: r.ensurePeers() - case <-r.Quit: + case <-r.Quit(): ticker.Stop() return } @@ -409,7 +409,7 @@ func (r *PEXReactor) crawlPeersRoutine() { case <-ticker.C: r.attemptDisconnects() r.crawlPeers() - case <-r.Quit: + case <-r.Quit(): return } } diff --git a/p2p/pex/pex_reactor_test.go b/p2p/pex/pex_reactor_test.go index 6aeb7a3c7..82dafecd4 100644 --- a/p2p/pex/pex_reactor_test.go +++ b/p2p/pex/pex_reactor_test.go @@ -368,4 +368,3 @@ func (mp mockPeer) Send(byte, interface{}) bool { return false } func (mp mockPeer) TrySend(byte, interface{}) bool { return false } func (mp mockPeer) Set(string, interface{}) {} func (mp mockPeer) Get(string) interface{} { return nil } -func (mp mockPeer) QuitChan() <-chan struct{} { return mp.Quit } diff --git a/p2p/trust/metric.go b/p2p/trust/metric.go index bf6ddb5e2..5770b4208 100644 --- a/p2p/trust/metric.go +++ b/p2p/trust/metric.go @@ -118,7 +118,7 @@ func (tm *TrustMetric) OnStart() error { } // OnStop implements Service -// Nothing to do since the goroutine shuts down by itself via BaseService.Quit +// Nothing to do since the goroutine shuts down by itself via BaseService.Quit() func (tm *TrustMetric) OnStop() {} // Returns a snapshot of the trust metric history data @@ -298,7 +298,7 @@ loop: select { case <-tick: tm.NextTimeInterval() - case <-tm.Quit: + case <-tm.Quit(): // Stop all further tracking for this metric break loop } diff --git a/p2p/trust/store.go b/p2p/trust/store.go index 0e61b0650..bbb4592a4 100644 --- a/p2p/trust/store.go +++ b/p2p/trust/store.go @@ -200,7 +200,7 @@ loop: select { case <-t.C: tms.SaveToDB() - case <-tms.Quit: + case <-tms.Quit(): break loop } } diff --git a/rpc/client/httpclient.go b/rpc/client/httpclient.go index 2b3f5ab28..bc6cf759e 100644 --- a/rpc/client/httpclient.go +++ b/rpc/client/httpclient.go @@ -338,7 +338,7 @@ func (w *WSEvents) eventListener() { ch <- result.Data } w.mtx.RUnlock() - case <-w.Quit: + case <-w.Quit(): return } } diff --git a/rpc/lib/client/ws_client.go b/rpc/lib/client/ws_client.go index 79e3f63f4..ca75ad561 100644 --- a/rpc/lib/client/ws_client.go +++ b/rpc/lib/client/ws_client.go @@ -335,7 +335,7 @@ func (c *WSClient) reconnectRoutine() { c.startReadWriteRoutines() } } - case <-c.Quit: + case <-c.Quit(): return } } @@ -394,7 +394,7 @@ func (c *WSClient) writeRoutine() { c.Logger.Debug("sent ping") case <-c.readRoutineQuit: return - case <-c.Quit: + case <-c.Quit(): if err := c.conn.WriteMessage(websocket.CloseMessage, websocket.FormatCloseMessage(websocket.CloseNormalClosure, "")); err != nil { c.Logger.Error("failed to write message", "err", err) } @@ -455,7 +455,7 @@ func (c *WSClient) readRoutine() { // c.wg.Wait() in c.Stop(). Note we rely on Quit being closed so that it sends unlimited Quit signals to stop // both readRoutine and writeRoutine select { - case <-c.Quit: + case <-c.Quit(): case c.ResponsesCh <- response: } } diff --git a/rpc/lib/client/ws_client_test.go b/rpc/lib/client/ws_client_test.go index cc7897286..73f671609 100644 --- a/rpc/lib/client/ws_client_test.go +++ b/rpc/lib/client/ws_client_test.go @@ -132,7 +132,7 @@ func TestWSClientReconnectFailure(t *testing.T) { for { select { case <-c.ResponsesCh: - case <-c.Quit: + case <-c.Quit(): return } } @@ -217,7 +217,7 @@ func callWgDoneOnResult(t *testing.T, c *WSClient, wg *sync.WaitGroup) { if resp.Result != nil { wg.Done() } - case <-c.Quit: + case <-c.Quit(): return } } diff --git a/rpc/lib/server/handlers.go b/rpc/lib/server/handlers.go index 1e14ea9a0..1bac625be 100644 --- a/rpc/lib/server/handlers.go +++ b/rpc/lib/server/handlers.go @@ -484,7 +484,7 @@ func (wsc *wsConnection) GetEventSubscriber() types.EventSubscriber { // It implements WSRPCConnection. It is Goroutine-safe. func (wsc *wsConnection) WriteRPCResponse(resp types.RPCResponse) { select { - case <-wsc.Quit: + case <-wsc.Quit(): return case wsc.writeChan <- resp: } @@ -494,7 +494,7 @@ func (wsc *wsConnection) WriteRPCResponse(resp types.RPCResponse) { // It implements WSRPCConnection. It is Goroutine-safe func (wsc *wsConnection) TryWriteRPCResponse(resp types.RPCResponse) bool { select { - case <-wsc.Quit: + case <-wsc.Quit(): return false case wsc.writeChan <- resp: return true @@ -525,7 +525,7 @@ func (wsc *wsConnection) readRoutine() { for { select { - case <-wsc.Quit: + case <-wsc.Quit(): return default: // reset deadline for every type of message (control or data) @@ -643,7 +643,7 @@ func (wsc *wsConnection) writeRoutine() { return } } - case <-wsc.Quit: + case <-wsc.Quit(): return } } From fc585bcdecffc7f0854435c26ec68acc04915b08 Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 12 Feb 2018 17:04:07 +0400 Subject: [PATCH 181/188] do not block when writing to pongTimeoutCh Refs #1205 --- p2p/conn/connection.go | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/p2p/conn/connection.go b/p2p/conn/connection.go index 46e363017..9acaf6175 100644 --- a/p2p/conn/connection.go +++ b/p2p/conn/connection.go @@ -201,12 +201,12 @@ func (c *MConnection) OnStart() error { // OnStop implements BaseService func (c *MConnection) OnStop() { c.BaseService.OnStop() - if c.quit != nil { - close(c.quit) - } c.flushTimer.Stop() c.pingTimer.Stop() c.chStatsTimer.Stop() + if c.quit != nil { + close(c.quit) + } c.conn.Close() // nolint: errcheck // We can't close pong safely here because @@ -339,7 +339,10 @@ FOR_LOOP: c.sendMonitor.Update(int(n)) c.Logger.Debug("Starting pong timer", "dur", c.config.PongTimeout) c.pongTimer = time.AfterFunc(c.config.PongTimeout, func() { - c.pongTimeoutCh <- true + select { + case c.pongTimeoutCh <- true: + default: + } }) c.flush() case timeout := <-c.pongTimeoutCh: @@ -548,7 +551,6 @@ func (c *MConnection) stopPongTimer() { if !c.pongTimer.Stop() { <-c.pongTimer.C } - drain(c.pongTimeoutCh) c.pongTimer = nil } } @@ -780,13 +782,3 @@ type msgPacket struct { func (p msgPacket) String() string { return fmt.Sprintf("MsgPacket{%X:%X T:%X}", p.ChannelID, p.Bytes, p.EOF) } - -func drain(ch <-chan bool) { - for { - select { - case <-ch: - default: - return - } - } -} From 0e68638af3fcac7af3289c3c308302b56d6277d6 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 12 Feb 2018 19:13:36 -0500 Subject: [PATCH 182/188] update glide abci/tmlibs to develop --- glide.lock | 8 ++++---- glide.yaml | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/glide.lock b/glide.lock index 2a77da549..67db261d8 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 0a994be202cfc9c8a820c5a68321bbbf5592f48790b9bd408b5f95cd344c3be5 -updated: 2018-02-12T08:29:16.126185849Z +hash: 41f411204b59e893053e59cda43466b3a6634c5fc88698d1f3131ecd5f239de7 +updated: 2018-02-12T19:09:05.878324979-05:00 imports: - name: github.com/btcsuite/btcd version: 50de9da05b50eb15658bb350f6ea24368a111ab7 @@ -97,7 +97,7 @@ imports: - leveldb/table - leveldb/util - name: github.com/tendermint/abci - version: 5913ae8960c7ae5d748c37aa060bd35c99ff8a05 + version: bf70f5e273bd7dd6e22e64186cd1ccc4e3a03df1 subpackages: - client - example/code @@ -117,7 +117,7 @@ imports: subpackages: - data - name: github.com/tendermint/tmlibs - version: a57340ffb53aefb0fca1fc610d18fcbcc61b126f + version: c858b3ba78316fdd9096a11409a7e7a493e7d974 subpackages: - autofile - cli diff --git a/glide.yaml b/glide.yaml index d93a80d76..0fe66f3b4 100644 --- a/glide.yaml +++ b/glide.yaml @@ -19,7 +19,7 @@ import: - package: github.com/spf13/viper version: v1.0.0 - package: github.com/tendermint/abci - version: 5913ae8960c7ae5d748c37aa060bd35c99ff8a05 + version: develop subpackages: - client - example/dummy @@ -31,7 +31,7 @@ import: subpackages: - data - package: github.com/tendermint/tmlibs - version: a57340ffb53aefb0fca1fc610d18fcbcc61b126f + version: develop subpackages: - autofile - cli From f4feb7703b584209e69e40b06c981ecc86b75291 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 19 Feb 2018 15:32:09 -0500 Subject: [PATCH 183/188] fix appHash log. closes #1207 --- state/execution.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/state/execution.go b/state/execution.go index 9dde52174..64db9f31a 100644 --- a/state/execution.go +++ b/state/execution.go @@ -142,7 +142,10 @@ func (blockExec *BlockExecutor) Commit(block *types.Block) ([]byte, error) { } // ResponseCommit has no error code - just data - blockExec.logger.Info("Committed state", "height", block.Height, "txs", block.NumTxs, "appHash", res.Data) + blockExec.logger.Info("Committed state", + "height", block.Height, + "txs", block.NumTxs, + "appHash", fmt.Sprintf("%X", res.Data)) // Update mempool. if err := blockExec.mempool.Update(block.Height, block.Txs); err != nil { From 0ae0155cba7b63b0e6bdb453348f211b74fd45af Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Sat, 10 Feb 2018 00:05:35 +0400 Subject: [PATCH 184/188] restore mempool memory leak tests --- mempool/reactor_test.go | 70 +++++++++++++++++++++-------------------- 1 file changed, 36 insertions(+), 34 deletions(-) diff --git a/mempool/reactor_test.go b/mempool/reactor_test.go index 9f0b5b48b..3cbc57481 100644 --- a/mempool/reactor_test.go +++ b/mempool/reactor_test.go @@ -6,6 +6,8 @@ import ( "testing" "time" + "github.com/fortytw2/leaktest" + "github.com/pkg/errors" "github.com/stretchr/testify/assert" "github.com/go-kit/kit/log/term" @@ -112,44 +114,44 @@ func TestReactorBroadcastTxMessage(t *testing.T) { waitForTxs(t, txs, reactors) } -// func TestBroadcastTxForPeerStopsWhenPeerStops(t *testing.T) { -// if testing.Short() { -// t.Skip("skipping test in short mode.") -// } +func TestBroadcastTxForPeerStopsWhenPeerStops(t *testing.T) { + if testing.Short() { + t.Skip("skipping test in short mode.") + } -// config := cfg.TestConfig() -// const N = 2 -// reactors := makeAndConnectMempoolReactors(config, N) -// defer func() { -// for _, r := range reactors { -// r.Stop() -// } -// }() + config := cfg.TestConfig() + const N = 2 + reactors := makeAndConnectMempoolReactors(config, N) + defer func() { + for _, r := range reactors { + r.Stop() + } + }() -// // stop peer -// sw := reactors[1].Switch -// sw.StopPeerForError(sw.Peers().List()[0], errors.New("some reason")) + // stop peer + sw := reactors[1].Switch + sw.StopPeerForError(sw.Peers().List()[0], errors.New("some reason")) -// // check that we are not leaking any go-routines -// // i.e. broadcastTxRoutine finishes when peer is stopped -// leaktest.CheckTimeout(t, 10*time.Second)() -// } + // check that we are not leaking any go-routines + // i.e. broadcastTxRoutine finishes when peer is stopped + leaktest.CheckTimeout(t, 10*time.Second)() +} -// func TestBroadcastTxForPeerStopsWhenReactorStops(t *testing.T) { -// if testing.Short() { -// t.Skip("skipping test in short mode.") -// } +func TestBroadcastTxForPeerStopsWhenReactorStops(t *testing.T) { + if testing.Short() { + t.Skip("skipping test in short mode.") + } -// config := cfg.TestConfig() -// const N = 2 -// reactors := makeAndConnectMempoolReactors(config, N) + config := cfg.TestConfig() + const N = 2 + reactors := makeAndConnectMempoolReactors(config, N) -// // stop reactors -// for _, r := range reactors { -// r.Stop() -// } + // stop reactors + for _, r := range reactors { + r.Stop() + } -// // check that we are not leaking any go-routines -// // i.e. broadcastTxRoutine finishes when reactor is stopped -// leaktest.CheckTimeout(t, 10*time.Second)() -// } + // check that we are not leaking any go-routines + // i.e. broadcastTxRoutine finishes when reactor is stopped + leaktest.CheckTimeout(t, 10*time.Second)() +} From 8bba7c64bc23e2875cf357c1e4de96b694c5843a Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 19 Feb 2018 17:33:41 -0500 Subject: [PATCH 185/188] update version and changelog [ci skip] --- CHANGELOG.md | 10 +++++++--- version/version.go | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 24f8ae24a..12a41975f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,6 @@ BREAKING CHANGES: - Better support for injecting randomness - Upgrade consensus for more real-time use of evidence -- the files usually found in `~/.tendermint` (`config.toml`, `genesis.json`, and `priv_validator.json`) are now in `~/.tendermint/config`. The `$TMHOME/data/` directory remains unchanged. FEATURES: - Peer reputation management @@ -35,25 +34,30 @@ BREAKING CHANGES: - [p2p] NodeInfo: remove RemoteAddr and add Channels - we must have at least one overlapping channel with peer - we only send msgs for channels the peer advertised +- [p2p/conn] pong timeout +- [lite] comment out IAVL related code FEATURES: - [p2p] added new `/dial_peers&persistent=_` **unsafe** endpoint - [p2p] persistent node key in `$THMHOME/config/node_key.json` - [p2p] introduce peer ID and authenticate peers by ID using addresses like `ID@IP:PORT` -- [p2p] new seed mode in pex reactor crawls the network and serves as a seed. +- [p2p/pex] new seed mode crawls the network and serves as a seed. - [config] MempoolConfig.CacheSize - [config] P2P.SeedMode (`--p2p.seed_mode`) IMPROVEMENT: -- [p2p] stricter rules in the PEX reactor for better handling of abuse +- [p2p/pex] stricter rules in the PEX reactor for better handling of abuse - [p2p] various improvements to code structure including subpackages for `pex` and `conn` - [docs] new spec! +- [all] speed up the tests! BUG FIX: - [blockchain] StopPeerForError on timeout - [consensus] StopPeerForError on a bad Maj23 message - [state] flush mempool conn before calling commit - [types] fix priv val signing things that only differ by timestamp +- [mempool] fix memory leak causing zombie peers +- [p2p/conn] fix potential deadlock ## 0.15.0 (December 29, 2017) diff --git a/version/version.go b/version/version.go index d328b41d8..fc2ac7254 100644 --- a/version/version.go +++ b/version/version.go @@ -1,13 +1,13 @@ package version const Maj = "0" -const Min = "15" +const Min = "16" const Fix = "0" var ( // Version is the current version of Tendermint // Must be a string because scripts like dist.sh read this file. - Version = "0.15.0" + Version = "0.16.0-dev" // GitCommit is the current HEAD set using ldflags. GitCommit string From ec2f3f49effd226bd0570ee1bfde8319d4f8188a Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Mon, 19 Feb 2018 17:35:46 -0500 Subject: [PATCH 186/188] changelog date and version --- CHANGELOG.md | 2 +- version/version.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 12a41975f..3456fb58d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,7 +25,7 @@ BUG FIXES: - Graceful handling/recovery for apps that have non-determinism or fail to halt - Graceful handling/recovery for violations of safety, or liveness -## 0.16.0 (TBD) +## 0.16.0 (February 20th, 2017) BREAKING CHANGES: - [config] use $TMHOME/config for all config and json files diff --git a/version/version.go b/version/version.go index fc2ac7254..a45095428 100644 --- a/version/version.go +++ b/version/version.go @@ -7,7 +7,7 @@ const Fix = "0" var ( // Version is the current version of Tendermint // Must be a string because scripts like dist.sh read this file. - Version = "0.16.0-dev" + Version = "0.16.0" // GitCommit is the current HEAD set using ldflags. GitCommit string From 7c6c0dba53771cad539008a241ddfbcb455276d3 Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Wed, 21 Feb 2018 03:32:02 +0000 Subject: [PATCH 187/188] glide update --- glide.lock | 14 +++++++------- glide.yaml | 8 ++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/glide.lock b/glide.lock index 67db261d8..2e864cee3 100644 --- a/glide.lock +++ b/glide.lock @@ -1,5 +1,5 @@ -hash: 41f411204b59e893053e59cda43466b3a6634c5fc88698d1f3131ecd5f239de7 -updated: 2018-02-12T19:09:05.878324979-05:00 +hash: 322a0d4b9be08c59bf65df0e17e3be8d60762eaf9516f0c4126b50f9fd676f26 +updated: 2018-02-21T03:31:35.382568482Z imports: - name: github.com/btcsuite/btcd version: 50de9da05b50eb15658bb350f6ea24368a111ab7 @@ -78,11 +78,11 @@ imports: - name: github.com/spf13/jwalterweatherman version: 7c0cea34c8ece3fbeb2b27ab9b59511d360fb394 - name: github.com/spf13/pflag - version: 4c012f6dcd9546820e378d0bdda4d8fc772cdfea + version: e57e3eeb33f795204c1ca35f56c44f83227c6e66 - name: github.com/spf13/viper version: 25b30aa063fc18e48662b86996252eabdcf2f0c7 - name: github.com/syndtr/goleveldb - version: 211f780988068502fe874c44dae530528ebd840f + version: 34011bf325bce385408353a30b101fe5e923eb6e subpackages: - leveldb - leveldb/cache @@ -97,7 +97,7 @@ imports: - leveldb/table - leveldb/util - name: github.com/tendermint/abci - version: bf70f5e273bd7dd6e22e64186cd1ccc4e3a03df1 + version: 68592f4d8ee34e97db94b7a7976b1309efdb7eb9 subpackages: - client - example/code @@ -117,7 +117,7 @@ imports: subpackages: - data - name: github.com/tendermint/tmlibs - version: c858b3ba78316fdd9096a11409a7e7a493e7d974 + version: 1b9b5652a199ab0be2e781393fb275b66377309d subpackages: - autofile - cli @@ -200,7 +200,7 @@ testImports: subpackages: - difflib - name: github.com/stretchr/testify - version: a726187e3128d0a0ec37f73ca7c4d3e508e6c2e5 + version: 12b6f73e6084dad08a7c6e575284b177ecafbc71 subpackages: - assert - require diff --git a/glide.yaml b/glide.yaml index 0fe66f3b4..c1b0aef55 100644 --- a/glide.yaml +++ b/glide.yaml @@ -19,19 +19,19 @@ import: - package: github.com/spf13/viper version: v1.0.0 - package: github.com/tendermint/abci - version: develop + version: 0.10.0 subpackages: - client - example/dummy - types - package: github.com/tendermint/go-crypto - version: master + version: 0.4.1 - package: github.com/tendermint/go-wire - version: master + version: 0.7.2 subpackages: - data - package: github.com/tendermint/tmlibs - version: develop + version: 0.7.0 subpackages: - autofile - cli From 3cd604562c0438b3339586a60269aabee1ee367d Mon Sep 17 00:00:00 2001 From: Zach Ramsay Date: Wed, 21 Feb 2018 03:43:47 +0000 Subject: [PATCH 188/188] RequestInitChain needs genesisBytes --- consensus/replay.go | 4 +++- consensus/replay_test.go | 8 ++++++-- test/app/grpc_client | Bin 0 -> 19250971 bytes 3 files changed, 9 insertions(+), 3 deletions(-) create mode 100755 test/app/grpc_client diff --git a/consensus/replay.go b/consensus/replay.go index ac7fcdec9..2e6b36a22 100644 --- a/consensus/replay.go +++ b/consensus/replay.go @@ -249,7 +249,9 @@ func (h *Handshaker) ReplayBlocks(state sm.State, appHash []byte, appBlockHeight // If appBlockHeight == 0 it means that we are at genesis and hence should send InitChain if appBlockHeight == 0 { validators := types.TM2PB.Validators(state.Validators) - if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators}); err != nil { + // TODO: get the genesis bytes (https://github.com/tendermint/tendermint/issues/1224) + var genesisBytes []byte + if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators, genesisBytes}); err != nil { return nil, err } } diff --git a/consensus/replay_test.go b/consensus/replay_test.go index 483bd3a7c..31fb9908f 100644 --- a/consensus/replay_test.go +++ b/consensus/replay_test.go @@ -413,7 +413,9 @@ func buildAppStateFromChain(proxyApp proxy.AppConns, stateDB dbm.DB, defer proxyApp.Stop() validators := types.TM2PB.Validators(state.Validators) - if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators}); err != nil { + // TODO: get the genesis bytes (https://github.com/tendermint/tendermint/issues/1224) + var genesisBytes []byte + if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators, genesisBytes}); err != nil { panic(err) } @@ -448,7 +450,9 @@ func buildTMStateFromChain(config *cfg.Config, stateDB dbm.DB, state sm.State, c defer proxyApp.Stop() validators := types.TM2PB.Validators(state.Validators) - if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators}); err != nil { + // TODO: get the genesis bytes (https://github.com/tendermint/tendermint/issues/1224) + var genesisBytes []byte + if _, err := proxyApp.Consensus().InitChainSync(abci.RequestInitChain{validators, genesisBytes}); err != nil { panic(err) } diff --git a/test/app/grpc_client b/test/app/grpc_client new file mode 100755 index 0000000000000000000000000000000000000000..ff72d18586c146da4e2e5824acd3bbfc38274f80 GIT binary patch literal 19250971 zcmeFa33L=y_CMYsG&Dl2pdvv*8f`U(x)l`o+`n$VGktuT|EJNC6m~Kix;Zzvgnbph1MnO2 z_44(=b9YHo`C+8<&%Ks)lSiL>^%bkck#Va-FnUax?kn{!Cu+>O>pb&x4`$zVE6f-!MQlBYC7}_ZBgT>5`FG)xR1Vx zsO+sD-u9s6g}14C#SXu^6&$b`IAf5(`q^R+IYlp#YjD)b&a=7%bDn&@v8c>(a_a|2 zt&$SKQKno=obtV$t4lXGy*96Yg;T%6sqdp;;g9v%Mt=RvQNOFJ>pHjn@MzV3c(iJN zEGy&BZQm{DUZ^+}!&0V^#h7v8w)T z2RZhie=h#+_??e5!gT9zsZsT})TsLNuVSt2Uod+scjPi}{f1{%{f1{%{RM~SR&d*Q zQ?JacU%XP)FJ7tYyXD+#e*dq@s~>dg2c7!8XPn?xm1{8P$>%EtK*G$7VMZ@5mXalT z4Z8Td*K*`j_TBofUUc=Ps~7X>@5=E}dF|JZ+9mDQj#BNr?MNbi+-LVnJ?q84-l<>j z)K5O?a;kz5RF}-}LAdkQ4{rNb@`Br5lIvp{bF+WJ?5*69kBE!g|1Dj6Bz;TQ%W}1k zb2&>MeL;1}{0_ohPW|K5WUo&+TTWluIW!A^*7*896;{ zaE*^wq{^W=nR#VVg1z(>IrMr}|Ih+e|HZR&TlAJ?1Ha9yzwWtSQe<6qC$oLW*Y%RC z`;%XPB{IBed-@zKk9!_jBUOyYa|z=u%L1G7>d#%&Uy97t-;ny@VwZE}F{dr2+>d`R z%+BRQJ*HYJbQjs{L1w zIZ5idKi;xT>xTrUxm@bnd#)Ym+I#z}Pwhe(bnClzpKA|RxD}mi?r8XYvpscliZ&l8 zs5TT4y3cnM{(pxQmz!Mu-Hdcs_Hdi|Yp~cepYQQpqnS@#%J~j z_)mHw*{JEp*#SMaG%)GX4sCE4X`eQI@(Q(?Jpe`0TeQK=c<@zSST!L7!~WBqeqY3R z)$V~JYChGCSIx7JX9MQBCAvAj*qj-tHqR}Mnr8=f^Nd^ zHl`Goq3IICo^)x|yi;DGA!UDq2fHT#Is7^v4L&xc-3N{=w!4sN_G`goVqMdbLSNk)ZZO*# zxda#cQnp8o!vud4!C^OwO%*7ha5W22cSw;fdJU^ zQ6A4%AycJ)#Q#g-K;ne*=a$3%}~(s*57V9*S|q`0B#(5#z7A@t-e*M`^^lBw~Ct zRnf&rMUD5P#@48@!|n+{v7Nn}j@OOJp+NcesL`djbVwbC4)#CaLh~)V!`FoinmQKs zCTSqiN}j7OtGXQA+$;n`Bf9amZhWp=HxriqV}vIX$tFL`cNm@a^Mqt9(M|t?6TlbN z@Xkg9J*y~B+J8ot{R8}D`=eX_A07t!n8Mt>x?DX4J{Bc+c`+27eg9^{{H&{A5y@k` zYrh4X4h;s%lhAiwdQ!K2`wFc}l0!F!ZypRv9?JTOq;7OHp2zB^5=X0%?D?);DG%{b zpcs{o1G6GgH%5d0%s_z>*0%gl56IxzO#~0*>9ALA0>@R@OQp=nuV$jJ#xnGE<~Lnk z>3ilwUqp;=D3pu@>DJ^>t!_OLT0;Z@`fcghJ4`RujgMcUnQU*6#CPra0@K0r9zK|m zs0g{$cn6#tHQv*W+JJ8LYeR^~e(&3^uJUz82SiT6VSO-r3EDYYK#iQ1LGQ1-yTAiW ziIk(Pl)fg_M;j~bDXb9N*#&(AGIxNfRKC4=BQmZO;)5qh<$yhg4JBuj1p*y*1Qf}X z*UcNCiqCqUqLVraM(%^o$@wSgDdY}EKnRF1s{h@}ry@)7GOi0!Uw92_w( zF0sz;(zRbNnVB};L0RP3Z77NCruQP|m_XFnel&P|cTM60BOZDX5Vd#-YC)R0+TY(V~C|_p}Q0+G!gz+Si zJVI-qumRlZOaCJ?9v;QSz40SetVg=%)xW9n+J=AAqkw zzqI%kwu+}Rr?CpBvBr-nmlb;DS}pMlDH9Ea*%0ipBwFkqvd=*nNjC`%)a$Sp&MI^u zA(NPj*D5FjlP>#5D6X{u$#}ApJZ4n?-}@ynrn(6Z$(s-?a{9sBPOcJpbyk+dnB`|kN}?yHh(zdq6LORa#iQN+Wq zL&nT=ic?4C3FC!cV|2(_W;9f?P1l~T@oD#B@>ezYS)Rp>_HA1GXkS4)2kNu@zRPy0FJJ8RP3V_PPa0B)cihs@u_A#PlaTWKP8WL3-ty#^Um1YYu$DQ&7YtUTlvC zp@m1%8|>5A@_o{B1~Z3dx$U35ul5aa0{ZFj4*O3~I zp&CW=Q3lDynX$ItoxYzge0UMM@SDB(SDW(@Fxy8PUuwlZ?cx>MiS122H1i%5(oRe^ zb-QUY*rU5ruV%Q+Z2c#4jFs)X2DiNT*&VHqt$n|Ir7>R;*HFqT^z!BU;vv7g=*RzY zZIe$gZ`T*Sa^;;b{N%F>e7g4M+br_CYQCsI!kcA=fF3K#Tu@>|jRF$|dOh z!L-yQO>2wv-`*ZrFFYO+1+DE}9MKkXWv(Z1wxgsSOxRn2It>(&}S%D8OhaXuls;wO}4a z8F!Ewm73A=_dE{{1IHLnznW(35Ug}|6l9VCfnFj3?8)UgNqWxnV_D%aOcL?oMwV-|6k@962q5_YR z$1w|NZJ;uSO>65_v0S^ChKg&Vsr-db{=!~UD{~7-KCK;8H+$t}LcdDBm_uX>vzMM% z#K{M1PGJ6FdgVqK`<&m*u>rlZ-NmLnncl(qOUiS4;!QDb0?^6Yz3tk=$sz5nIi@9x ztMXLeQXV$}D)IeSaN&o$6Smt(EuTuX6IZzvwG)?U_by?hONOlVHY@efOgO-{+(v8p zRDzZ>0C2xg2s!dGYa(Q$jJm0mx~Y`lphPqFWmtFZ%Z-kGsZ*(xLaCG?Y~UziN;vf4 zWQ6ASTHx zxb5wz*>`)|oB{jMH}G?R0>VOjjf3O4uJIbJE!_XHVB>LAaZsvC*GAQMH~~$oU-cxfrr-iCm9dzqL3_j*sup-dCS*~_ zG^-GYV_3(*+|kmv{B_@&qV0Ck6t6^~DONg~Lc}N6-_ho9`_R7hHRyMplG^{LH2l;1 z`=Oz4;&;$+XXSorIB3jXG(3I%zG*na5E|ZeE@-$cL&F??*XCTO=oie|R9c(=iEix( z?`!dQgoXW&IghK=;{(oP5|7LL^YBz)`mgH2hhabyhJAN zN|iS-n|FOCZw&HMH!&z<`Fr>DAQ5zt;Elbdfk^mM=$jr}UVu)$!&}q;ZZ_qwD&>uA z%1V{8Dw~p&6t^>WDuNMdbVdZs3(1)dg$RWTQA6NDx(Vrljk8j$A^S({3$jG0g8Ez$ z)naJXl8*1F4@K?NKQ^~MrnWK$O8TnF3>utG6B_2H?}N{qg$f@BRU#(F)w^4131@+E zzLV%5gG1w0m40lP#ON=~f@n1XaQHm=V z@8(dMc5zaVb#7zvZ7jacKDW`2vATwQ89WHLKp$~5heRMXRW#DVyqnEChI5+%54W|r zWf&Z{6L8zAZtHM6Pu)%?B%zW${v5U=aO1M5M#9&FD$`)TOCzMR(?$RwniYs*+&XO> zf?KDJ65Kj%47Bxx0v*&5kDiZeS!ZDvonG(Hn(@e}q`)Do7)}r9>qf`SWZUeEMhc?~6 z&no*yu%ji5U}_?D8;#b=B{N&8Rm+45xT$b&!tRak-qgyC<*zJO!z65rCB4iP4*Z2k z5I_g*TCTxjzz+%89cN<@&X#t+tD7Sfn$peGA!^Lj%&vYhei-fPlo|YBtk(8jER&IV z#=syfbmg|&tmvDOGV`t%5%r5L>1N1{CvRL?yqh^_X;%^=`3$#%CN^sccqkCf+xckr zdra~k+QKyR`Z6wmh@)pb&7|zWBE&>$1a-4@C(CxhJHGhs==;+n} zQuR*!U~yWRPxkS}g=j>Wo@^I|HpB1->?w$RBe@vx2fAg0hp4iULx{y~fPxYOQKFV? z$1M>Ru&TLGk2O4d#-roU!5(WDLcIE*Zym)I=m(PKe>OoIZIKo5V1WOyfI3OGNEVHFRQPU$S6 zTqRJN;4=vX2r6R$;R>y-=%1gqf>w=V5E=_Ij%ISfFib%!$%LLLf{LpkU}({2PXYPZ zu5Z5m&`*^u+5mx@-GMbRFzE91bMx)y+ziuy{yN7CpPi+E@1EBx43P8YLh`dLuZbCKXE-8}wV1gyb-B7()_zhbr;L_mfP0d0XS zKXRPzq9W~DV#t*vr<;A_z-=OMoKX?)fl)RKbz@Y8*&-vFy!G@909DzV*kwFKD6y{# znhw_5T9dfPcp(NDE`H~0vK6rqTUQMen0pp?7og*T^wZgFd;Xc|+i^;++&Lw$e|M6N zW1oa6UqBH*rvJ&^pcQ&|9`n#!=opd|NLW~Cx_uVLd74b=eYrFIIa_^sA9u7B+P!OdS6Xo-i>MHx-P7RZM+)hq^N z2;~H}e*r>Zb^W(@1hsoRT4n17G&T4l&>9W(1;ZS@iRwl;7^4Fo^VuB&lf8;94Ksp^ zxeArgA0P&Nrh+GnVYXX-d*fb}=j2pw{t|G9(R>?Z z2^%!XK)UfnXeW`ioGYY&vn&a@y}emWbjQmeLeYNO+_lh&&ASfL<{pa@&Aa+)2@n89 z=ON^%^d}ci%2(*-y|N~mzK-Jvy2%)TmkrDjq&gHqaRKWwTq8qZJ`xJzUZPmK`CO<} z9vUI8XGp&lR!SgfA$4KDQZL=4{w&z28>@7KdmePNE{p)rcC1D zQF;DCi;b0W8a}~9zB%$jTq4FAeds2={o^9N@@p-IO`^y-8t4Pdw4wo_Z2YFCj#u=+ZcHv~f6JBXn1Zs0d;1P!sGmG`g&u_jx zwM}a0cR%;pL(8UY_d!b!+l>M(SR1+ZW3^r%dzY&Mp}s6{ymjuVR*ifE-a zZwgpDb*;>-7RKw65*vL5xbrKKc zPiI4ZCRrJ7iies7F_)p7h=Jv=%QWW{5y&%~7QqUXD5wQ8O~C%+%zUsk!?ImaTLytq zfd{M<5wM5v2kiL0z%IxG`xu`s{~ya-;>1HzM8Gb6QPC$K+izy%WBXJdSTQjz|9B5r zDI#F6alq!2{kH2aTp(pd8FXyx6|LUYH(o#gAYx_ZZj6&M-KXqUJphjB{OaA6%@6~RblP!W#RaCE%7J8-@o8h zxG}Vd?~`X)-Yegn?kSrKx;jwfXBX*anQp$^i~><}4qJ>EYonE`Z>X%PYzMr~aJ)-P z^b%2iSr9YZ9%Nw@IVe*3d8Ww^p;^+uE8m{}yu2&DQtwn-TTv2$lX!@{!aqv4bgN}4 zfpwH8VVGXcX*jXDsr38S(knY=pyR7%z7Bd!ijge+Ci8;b&OH`$um%v%7M1NeDB(anY0JmBw znQ9ntK&+lVrB3g$F8vs%(5Fx)iYuv~PkF&df~~kq!-!SIzjLs*r+xtojT&nKAp+59 ze0a=xK%B!r`gm7fnJMyd1)9%L(W8NXeyytmTxhei&>V$|b*JO90B0+JeI0=LDk~xY z?NOJC+?`tnxw{`zz7jZMfE8E>1K$hQjduEli58-67TvIfg0g~3jaa5NdnqAl59kz< z^*_5nH(}}J3Q0R9V0czYng*l9{spA*DVg0n907TqPhkHQ81cKoy|c)@*cW`;bz+hZ zx>lYyYO%}J^DWI}^5NI@I@~s);)T=R}#CmjC%%F9))i{h;8G$VvC&HpL40BX_5YX*_r$mU8Ae%(h&QDPKozs-*dbl6vzVI`%XFp0+y11sOhesIlgWa*xn`QMUXGo zKDwC6AUddgmM2+|3?evCD(gdKEZ_hjhog?3!Mc`rB{p4AqUhGz`%c#P@(0+#PfI)@ zQbJ>s$UFm?a@A0Lu9Jl}k@Y|}t7$6UpaM_Srz1oH48X_=unX%Z2sgoF8D$mj#SXNf z-X)b$7Dn)7R4mv;Pa7(DHugN<{3Lth#Ld6+PVo|dL4W9@>F5LKUr$6DR0Q#nP%~SF zYdPmtPIK@a5eJY-s`78zoIfBcp^ zu+O!&SyRHzd%9_H?l#bkdlf~EoqGFc2(%4vB9wO9uMb_OTjzA?v5yKtyB-lM5&&## z81`#n7NtX=wUtGT6~?ahTO)|D^w6IFFf(gjUyy!X?^+I>+R677Azz5+;U;vh)g4O_ z=SlzrZ0Un@;c#rzu^jp`FeZe?K?+`0Ga52h%MeD9SDO9>=CVtUU~C)ppDKl3>Lkx8 zf{g2{MD&9^_LLUtX;?+tKQNG}Xv8tmcQBod3GucMUyUMqx zelPQFILL}3+p~!fEdwP(_R(k}TSqs(NS!ZLTvY907b(r28!ROe>Np9u+dUW#Y~RvD zAKI>rhynz)9Ag3={ug3Y=mpz^xaHen-F4Sv%V6caqs16z(04353zw!Fw6@b38%V5} z)kBZ9?@Vumt>c@yp0-g5;^Bvo0_X@s2v#4g73pRlv<-d!L%dew4i9EgCng(I(FWJ9 zDM94?kaPmW^87$&SOy%6VOhQQv$RPHs0e08;Jx!#i8d!pfrx$5Kou~JDqtELnw?Q` zyM^PqqVR|#`_Kn(F;VFQnc1lil1SSQ%Q$Y}Mgo)wM?MV#Fx>K7s2O+Z9uWWNP(%u6 zhxN)`T1=FQIlC-s_Kd=GJqa0Qc-KuY*rQkOo`rWYcSeTp)Q9elRxY_=Df==FV%yMx zbiDeP{yPa*MiCMu)UplDP-6r*0V{?ccIY7!Jr|b2#c0E+BUUSn!`gH_3%+?5;v7ZN zZ*N>Q^-*DIc}XtA*CR2JbA;;Ik+8QTm_)d8 z0(MZQZt8mJb4Es7S3E~d_DJZ*#f)N7Aq`|wGFXGbX3oub9<^)4q^#)M-Iw|`+~Jl;qz#7f5|LxL#ftQ)&H?($ClOp{3Uc~y-qT^PK;Q0 z_M7lhNW~J;83Kis4%&)$i1VWSnZww4{5G@{_nCvHZb`z?ZNQ4r?0R@)=j+DoVr-tB zYSfjOgCZ(3h>ZStO)sb$aCQK=E-QYbB*dG7oCoaRW9J#$2My3Pl(jJoEQ^u0Ehoo8 zinyfjCk7w9t1v(#&<^3^bhD}i{b$$hT`6^$j6SQwqDN1*a$GI{$j7IHQqbLhb#^8S zrh*5U4nZKaSW9ITu&;Q-K@!auT_w%eqSIi-#0qQ~HtO&|!V$;RX9RB?A}TmwcfRdZ zO}~Y4O8ro^{llQ^viN^@sQY5v6Ds0i`B#49;jaFmyZ!W!$z4Et#_v6g&&M$9e#x?L zJqo_e?TYan4F_cgoiLrsRDRq^q#BDbBsnBR)O_s=c+-=C$vTwj}Y}^Iakwh0_jnysNOvBH{&as&NOQW;=TLR#J<8!AH+oQ zX5{9^BJlStj5vIh^-U$q;-MrU0}Tgc%Tl%ktG3@~o01|6b9*3O2=>P~m0@K9GnVXE z!JIK@AuB2zOno4Ix#=j2LKPfd`-B0^=cEY)6L=9SQ`%iRrnmJH!orO5K81FH_%W<8 zTQ|TqmoCC`^?ne9=sSJ|h#I!tM6uh-j2AXpcK zfawshK-3D?Q7<-d@nyb*^6zz=X$V(mSQ!*xJB%LQt_TMd^hZJqa09-q!+x0I&%H&U z&-2}1O4hWfbvvgU+C%kGtF{Az_J`(o_R<$~nb2Oay}A5DgsMa3z_WWala+mM*yV zUUDd(g6N>nzAsKZp@+= zoq}_i+}WJzlsO8tPu@Dt^#7bCl1)SP&QZz`gV@?vVKc2Wt}sCI8Be0d9xZBrxRGrG zMQ9huQ<*+=IoU(hEQso}6D8~q3*5nO)n{^%>9c?DR!=b=pW)Z=KuXOV5F~Y_47qu&25UQd5Z3!0g0hKf8et z85qk&>|rN8AF-H|{yh-88yZmYr{Z9S_kIT)2&< za%~fpRjG_GmWP>z>aH@ZeKw;E_ZAwfsPD&gZ{~%XNgTAffLAuG8~?V7Ou{=@bZCf3(vta#N_VmaudY?5G?-g zTBR$Y+ChawkO*BFl&4bBEq}l|6w19Z%VRL~X8X;E_hV(@>ce3bRKt0qNiapv*?)Ef zNSS9M0NpU6;6a&!IAK0OJTThel@clhX!65&$PKWeDKznKNi_c;M-hh5c@8rxJ#3DH zmR;8rRBTHV5CI#}KcQQx5M9H<{s&e+bTcCgRnR;DpT?;V6ewaOwQ}Ac38#Na=OD-y zp%o%%CBsCtsex~?9R*sZzwHgt@dqhTo#7x-eW_zb*-FsKD{KQCQ!t#On`HmsFp%$6 zC^509a_Bc});?*cd<++_zBEfp6mHmJ15=Vj1bT3JVLaNWr$}D0#C+^!F(1$u5~G^s zs78*Cl0F%7-9G?0(V@v5&wm#m4;~m^>@6ief3)|3571Ef05RfoAKo(Y;L~H@_-J!p zr%4g}1j-z<5=~Gr52rs)Z1+lDQWU-2_@rvJ-m%i6$m|Srdp?d>O83*P)USEm%yVKLj-zpQ;q!?WZ?(aC&9w=9TqO~ z*a_)5Y@}3lWoCNVxmGn%n!1V%GPInuAbDgR7rcv=lHYQqb=6su4B=SWb{hKC^dF5D zVRQ&XLbEvxsb+r}bb!mW*Xp!alG$%vmPZkEJwp+hAQeS0YM@BuKrcmPFBDl@GjeIkrI@&HL01|GcUpH9wX>tZ;*cB5-Jg1rAp z7OjQrQipxY4#39=(DHw9P)5xUIKWlHCrxm4`Lb+ox|f^VS90yc4u$OXbDb}*=^2^*9{SHD^4Do|@5%S7vU9b)^bahnfQiU9 z!hM6x0ZcdLU@7K%4Kopmp&YCm90yBKP{rq9SsW#>DQRIXZIhK^n;;@3V~xq9frg9l z3uVZD{EckG!mMJSKn-N=lQKXANZ2PUblNA*Mhpy#{p25I@?VYu1uz0u@JjoB0c*4@ zCCQ)$C6ojQjFXQjY@`(1KZG)IyG&URr>=kmWC_@W#XnC|qq0rW-e6Oxp4${OQPxG& z?dxWfdCAWI!bSY>^(2^Bxrp=%H;8-S(2OCM&a79c^L2>7NQGy_l`@_SH4_()YdPEF z4mOB82nSA*oEqRbgun;#mF@pZMV5S=ZgYA~KvA>L z60iV>Vam<0hh=IT)Ygu@i2YtpdTlOA{Z8_1MHm$dl1bhE7?MpA=8f`tCt0DL>E(+~ zat_vyD4p!A3wS8{C-E*Fd3AhCH3xFE8U)t9IN+k3R#IQl1+wzIPlgf@b1IWGj_!Q+5&JE|)J`_-aeU3ltm*`fm&6LT=HHZpS+V+K91S#SRt z8aTbwUW5f5-Gt2ni0nh^61aFW0XR`aol(So5+y%gvWj`12;yF1j#{E0ZXF!!*2=T$E z!wlkmpXgbP%-%i;m<=I#szJPX3(}F>`2)G zKz$mzv>la(5a0MQidg=OkmB&?1Za7sV zYLON0f6UErC3(Z~fX3BuZdlw(R9nuUY{>D%pBdt*GyP$OqNXI+#xmX>I0*fEI^ ziN+^TBaquyTAV&<**?!!OQu2hHEM_E7ooZIy);5|+dFe_a}+vT5fZ(E(h=bHoUatz zl3a7t-g5xpK9MnQ_kurmZ}{PT!9T`@ueC)(17sR&J;3dQvZ3v}+17$w{4d=fy)MMc z$o}X>yIPNJD*${9Hpav5|527~VEK&OJ(x{e-tOhm@4UVH2eNq?k&RV2joD}Y(;=gD zll^Orh9X%%!TwV(H28?OL3RS7oW#+T+$#-~J2-_FLz12I3!QxI|H1pfdlkr~*D=5s zeVz`Ga9?05Q_TZkd-yhLR3^oi7I)ak5RawABd5ML=YoCc8;QpBrN)g1nGG8dGB6R7 z$qeXWti3%BT+NY3E~TAtb_r~Rv-QriOV|V57yw&KIwMER@U&U;6oi%kP@a@SJ-2C3 zpMrO!;+q>EAY4ePJ2;fpphPgDBzR`RJ$H#Kv`mJy$QTFgQ=D|v@fIH_$XBMH@beE??RAHLq3-y#j>5ZsTn0Zd0CsIzMPrgl zpPa;tVZq@N9G3S@|8S(zy;LutDtF$TUpE+#z!P^o%C3^f-Xm;uUYE}EhTXAGAEiWf z8lnLHI+igrrip)$?YwabIR!(Z4q058Cag_(e4Rsty@7eq&|+$fu5@iBP~5)Ym_pTy z77$n+vEhUY%=z^WvUA5{fKnIZ$3ChDhU6U%NzNaLgCU*{6d*t)AkHKlP9Vhj0l?-H z2j>#}x(9YN(Jt4m$=wQYM79mzO|yPaoJY!i>@U3M+q%~9K_9Wdla~SfprN>r7h+Wq zwf0EKxw5gQ{lh}tKY*6vjtx907r*U0&(eor$5i)Iu+8%p?5qQegAC9`)DG?M7gBgI zAD%{1`-=r7GNn}=D8R8NUH(^8AEttr6lqGJ2!e2pzfM1c8Xuy7gmV3F;SPs6U3IdA znzxqo;w4a)pDQuKHx^<_L`rtk(l}`m=#gVL8(5{hv>j9{zbeH3v7=lDp<;n zAYf|a4M+V-|L2R7k_SCg^p6fFZ~BAC6A)NEK7@DRNYOIX0U{$Z$5bwFd>_<3uf}7* z9{^IT%$A!>p8dfI;%iy{yI=EA{7{s#e+qqr zWw0yo-NDpL`3l?{izT5w`YIl(2lZ7*mCF%OS<0SyLf-4tE$0eGl{X0GTs&Af@Sijm zw~8vOuk$_Mix`_&cctm`Q;wI~=AtDQF~@pQMLMnFPxoh}IdibknI};><0uR)kuGOR zi1iwQg|%A~u~MYlPWm>L9)!(T%Jcx6fmV=rPTe&{E9=;+eHT4g3q&p9js48WO5p(r zM+ddb1j;-)FrNCTgwHKYNdz2=a5MGK@X5JI8z(wQn=X=3j5x*-ngvUWX04#t>YyzO zj=mIMJOtX0NxE|CGfSaROQJ;fh4Y@&zlAd$F`>|8vNe6f3~l`1tWqwyYKDv>z5sC# zLXd|}QQ4&=SQ)oP*+V{6jf2IboP7QT!3^gm@YH9}R`y@N#U8;svwF)F^8NE8->FgzpZ`o!6uiCcK3g=SdT*h3`7GY0Hnc5j^pAO8@ zt^31=umTyV5Pd-P;+&Nq;(PkObgx1G^&W(x01BKOCA_FRAizVZQM^9@Jf6zJ10O6` z!uUgo6ogU4$9O`8u^^03NvBoJM%Fj_q8#`Tz@zx4#k${Li6Nyg&mLfbK?xP@pf@eG zx*}8oi@@^7aZ!_Xb5u|_`h?sgbTPuv{=i#MR_toO0M)>`O7Sl3ET>v;s3WFU(E~M?=Mw%GOwSU&@ftOJiT^-Vbp1zv z6T&y0hf`mxc=T&8EingKUuu1;LnH7Daj{1MQ)Iz-`cj*il#a2 zZicEsM{%fn`dM`JWV_Jm=*e1Jl3Zx78;7z#W7%4ib+J>O+qMMxQtj?UShtIlS zo4W#?8hN5sK1WOZM)mvhXimSIZpl_3&=^tG5>K)<%l~W`Wh>V-9jBW(2ID~{LLO$@ zlOh~+ap8dE2}E)Ol2VVu;h`k?_)_8{p=R9KCrMe?$wTq2=d=GTelz_ehvKSFH@TR* z$(cS)W6t_BmprAZ*C(x_`#0rD&Le2ftp}{j*U3z>0z^UVE> zqdB1Qd{ry)AzQWlpNv(*2!j&CxR!~~4XqrVyI_Y=eEA?8SI^PuO_X`=j~dKXur|Z? zR20RShxIEJZ=TAM?;$bu97?+VP~*sL2!ex~oax?=m~(8h$7@1U?f&;(!tO+M24VpfNom}5EQ(H(C^Y!)PcW8;RM8WdUKSL2f zshHtRM5m|OJFAt7nI>Gh5)-=JgwCXNtgkpKW-7Wk%wCOx+QRD4Fm0h4(qFJ_gk=Y! ztk5KFue?&L__Odp7XD05PxFj_O1+hQHhBgp2#8$*V%EEfcEdrcu!QOqv zex5q!1^pD3V~1s7rPLmYjda8o-eOXlH;CIhEFDb1Z4|KB=5}XFEZL1_ne`u_36H3s zdzaimi?{Ly8~M2Xd|4(CxLl9zDbx};^a8M-6L(WvIHGK7OV^2|T4EBCp{ROv8}S1z z0Tl%RbZ78B8>kKZ*62HMNYdBv&e!W!pCf49iKPw0m?Ra%huZNHFXDfY@z=X$5VxwB zfwKU9uIL@k`8|`SGG{8GX2ra)cvVgpY8R39rzHa>Y3(G=ccXV>ITgTe+t;=O4%N zL8*)8E!SjnhlSdj3|Jy+`}rp2N(b?I#ctZXuY_gea>A8>g6=9s8ueVPbBjlX-6pyQ zx(vD~AqxL(c0a>78R z44Ab*T6s=d@f110ErRY!k&LC}Oft|#YgiSMyMP_X26oM;>T<7!&UiV0AfMPakyM{YtOGDW zV|t9=|A5?9=mz8#H(^m~98u^wCmK~^cg=8F7a5rH-KusQUKL5l_iq1cv=7zFeY9vF zKmO!yj~OFz%uU$yz&0F(iWltgN;&lixU_<8Ku~xn26pU>Q|dx3K`^G5&9+Y=3N5dR zQ--gnz+o$9oGXVO+MLfR=Q%jx2a#10xNRvZl zDX#QIt#boa@d8|m)un_Nvv;(7d1P@_zimIA|4GHi5ms$a4vswk(7~JTFZ%US$0B7( zl`QR?XNC@smVbzZFZA|hgCj4#xo+0ZC+}DtL&`s^UMfZ#=b6KfiE%14 zSl{Hj!Yia$Y*%;fwt8|Tk1?8axVpou&a&eYHD?`#a~vN1EoeXl&5=J>w_it1{{y&< zq95r;b&H?&#CL0NMhjN7e5Y<6u9t7nUvLS4%2?Ly7_2XH34oLi{giI{^PVC&p&&U} ze<8O>Pn1*{QllW}QO-6PB%g+J$%g#py0IKb=LDG!w$ZbE!Bae~XkXxWuwK6AUpJo9 zT6(@y{Tr!`^P1Y~n&iZ0cAKFtF(i6bxO>0v)^P)G_??|c%Cu8&RDSG)f zt*uXQKneho)^-5yioXxc0`V?HFfhqLU?8kixVVF~g5B*TR!sOP)4hiV*dGH8@dd&e zd&$FYs3XY3Y|1EB7x@E4)=WlW?BA+`^iGCV$;}}Tv#g0dA=ZspHNhz7NyYHRHC)j_G|yHmMl1dlc*e+AR~D*47VL1JqH%Opgkxm347k^bYpz6+0R%&x;72b z4Xgp9MHjf72fSK0fWYolKjBExDqn^p-qCWRT_^_(~F^NpF14^G4#g%$$c!~ z@`PR*FEIP{M~mEa7eKQh1U7tmnoU`p+@vcgVc#STsQT%@0rIAPQx)XCfNc6#{gSX? zL4)i^WEzq;7`;GC2^4rvBT_Os*+aaL*Fw>caK1EoYgx5<=Re7h#>y&uY_dvyZL(_Z z`=iTORvQm6%NqN+Z1!0He)F#2fUY55cde`@bN&bB(JZ5-)T^l&7J95Vp(nWTl$NnFH-RNXi&6Q)EHZwDv*fkh!EfS4%oxL z8^~W7#dL%a+#e?S?WgY{rr^6AbY1R9EkGUnTYLa1Wg}R|xto7^^JUBr7DtGo=!1-BP3R`MN|0p0u_}>hKOKIj!y1euB^38S=DQmV&Es&!csW zZO+*pUs5Y3h9Mbx=uJ_Pd!VMG3^l&V!##FL0h%0($U96@bzbx)sZw_!37f$DSZv2u z7f#Ldjz?Y*jp#77h>E1{z>nXnff;dowf_-}l%81i3GuLGSE|TVLy# zUZ($~N0QKp=a(Y3k@%GqxVUuLn1J_;`S1R!>&1Oc|Hlst5KJ2vmq5nx!II1ITH2Tr zwt{Pr*QuRju-QU4UJNzkiL2&`W}mcb=7J(^`&UAVIhz$V6QwvHHw*oo-}m-0G~P~L-=Ml8b`(SA2^R! z=u{tgMjqQg{UOzUMfyz~8>FvI<4~;vz1MDcjOvrtHP` z44F9)pIT46y%?PxwnM%haVfQhu_1LauZut!=R}&dko&J@xDwndv0#)J?x5Sa>drE{@;uaTt!F&&R1_taa z-K<&iijjjZ)S?}2pWtTwZoDV!KxQ4}W|jZUgT_#1?LhPraTZ8OscoJp z;nznOd+PHA0Q(?pg0f#KLoOmFWlRYpj$%K~6w5#HB2RfP@7wR6hFpue7~4{k)z(;H z6O!z|s8(*&J+);6;j)zas$ z0E|yx|55WU=%p3atUn^Ov~XPfU2X{wHL67Ai%?;=(7rE%#NqZfTTwc2w?lcL0Cbf#MV=N zsl6HSO46U`#+T{a6m|<|P7r5_oAqd(;vGy-9^1T9M^imn{>y%wguvy&Sd-ck zcV5?SO})Y^R^0bd+VTgE_OSC1@=)oKWM{kYX7JF9P!wvWSHF4uH1a$6Db1mA-Wh!t z_ZfcTJVc^_N&dI_iM&Lf%HgN6Y=1xeBpdEre(H;YESKq&);SFJ zC&gf^f3=?~mj72r=5yJS!NO&aZvdD5F2iMc{MAG87iQq;@LJ(-hDnV&(O1+_E`KeN zd#-Dkmq0~Lf{H@?1x~!#0GSb+Rwm$KP*JCMy-6To3gL*MI10r`L7s zJZPs?`VdUE*nF%lyk!Dpd9_|Rwm52zDyhLc8Yj?13{-7zhmxuw217bfWOu|GSP?I* z(%ME;bghPA2sL#ObKC8T5#47N;w$E&q5kIOs6~5ol-70`mD47z?Ur#koO!G@xiA15 zxDm?WaG7h^3-nQ`C|DO66$K^is;EOVDhig2s6F&0-O8%aQMr1G>pv@9J%uQ2v@iA4 zK=Kqwg(*nZv$&W5W(dQ9)#1P{Prt7%yo`Ek0D>l2EyXV*3?V1M?3#woVcJ7Yx$)HA znBr$dn(r!W-}W~!%G()6agF4%9Yx_Gt-3bnJ!t+bB{Rtz&ukO%rO}TwTm456o{?r-pWn4m%xU_hISs7)c`(DeF0Y_($yZJ zwI2H|I3iwnj@EWa@AIsIy{jwMG@dg$zOLyVT8tZ`*v3UnMr&tObmX z1O~1GkjX~{(5@EeHz8`wgZWB#E!hJdCuh04Hv7P{WT=5>!??_K3U6?d>b;=_LbXRi z&2nwTW_#fn{M6HCmTy^wQ~aBmOzah*B{Gj|x)I~GYGY&7OCY!}vi={?I5h*d*BGDG z4Ed@iu}7PCIm*ylk7z%5m3|to;->{#GJaZ>cFz)wTH{Sok$O5XR~$md&1J=XsJ6}e z5X2TQ>!PkQXJBT;!El)GQB?(}w1u;%=ibo^@kSRGnRArZu{f!`YcyWjH~<8~qV5F; zH19&RjptFS?o_cm!O;UYj~?>&)X|k6J9uJ?A}N~qK#S9*6y}T?Q^*|dz+Ey93rUIJ zavZX0W zR#gy`{nBlUXm~@GIxb-L`-vsdF~kf}2}RS*s!c{!-Zh=l=?{p+Y=9Ar>{$+&*%>e) z1?EVA$q^E+UWcP5yKbyb^`(M@e2Rz38^ph)4J4&;I1(K@r}JRW0JVOxef7uWuqh#| zBY+rAK18QBf<4=T8moF~Zj%yV!{YnbzGes5a8^Jrrh#)Zz(umRzUZA~@@I4JQ87$P)CcH>ZQWsuz5 z6T^RVsDd9GaXz<)(>^)zI7SINL8CIJX6Z zM{pI4qpvp@N7oY1F|iXrDzBbmtHZy<2li@p>kwE=b(ljM#qr`I%3%XEXPVRleT$#G}p{{&K(mNeNC6Vj?fSReGXofwhCuPc%;oGM(sF!a}jTYftlL|{6 z2^L7$pMD`(T8SzAar+3wKSbgre&l>ry#SI89| zM;LQmBTnn*B;ItMSu}Gl`Kt-)3k z^I5KC7(3ec3~u@GvpZTJTl-P@4&wz$gjmn$g|qqx&N>x!hB$#rc*$E89Dk_dTdD`_FiH0uENHEY=_tu!0e34 zyI%CDJ3e9wWd>qcoRs3Wa*lO+A@urPk2t#&#eR@!>sn_NRVmu66{%H}Cd>c#!Onu# z&u>(aFo&tttO#)AI0e8sH~<@~S#C25z)wURsrOLEemv$>XE+vyF+c})Uj=SJ2hIX$ z)4wZDc$oX4m&7q#qXA9{ zXiY#;?NRR(*0w!h?*WTaZ&!%@DiuHr2;GVR*_(F3m0dkdv(1&j7j2 zNd`A~VgJNQ7JDt*Yc0rvVnzgraCAI6mEfw6t0ber{Epbo{M>) zPB(8A1vopk4r;TiYe`izgO|_XA&SjQgbTj|p4%jSbiw-3##>boA=JJW9^zIwb!pt+ zLJx8G`PRT4Rk06xj=?NGq{di%zBPSh0IuE{aP_t~{2 z_BfpSomkwdK#N-2xrqK^P3$;%I8SEe{eJ+6?Q?QfoqFbkMSH^BF1 zH@;D&>_p6`V`VFpzJ7}vT3L>db?8Sq5tuUU8g2Xm_hVpaKp-IwY-JT)D9S5Y?j(y5$kW1*u;D%$YJmInId!TiJprssk9>!MMLM5gpxcf&put`>tf|Fhm zvN-8+Qh>N2oA!lcQj-sn0OoKLpav{#t8jXY4?Q&=Xcnz#mYM1_Xia3fWR8YT>S}M* z!ANdpwORzO%5#7X7%`%nif_ea^^$JD&J@?fhiCabFdys0`w)Y~z6FQ^xw=%jSQtW4 z(M|{uh*}W??|`ngwCfNUZ`4RS^aCYRcM5eBQZ(caQ0N0MTENORqvt;!^+vFsPVe3E z0l9l%c`hO<@CjbU1F~wz;%8E?(G{Dt1WsK>er*X9 zLghWZy=F8#fSV*<3SZQ>1HU&5$JuLG91$&$mJc(3OU=>~la> z*9vR}D4fY4*@kE#UMTKt2h(>&x{}0bEIf^BV?{2^6*WUv*5K8){;**R%9H46#7Nd~ zAI+Ln5$a-vKmBnOpGPtNo?ckhwJJ3giEi`WM$!+NMd_PGy3cj(P=_v*oHfXTJ_x`} z#fb~9eYy|n&djMN-UQ~yHz^0_882N%SU-a^2dN!_DKOT=1bZ!3l{Fv-~EKz zGiUvfM;p}&iFF~dJ^&FWIr_MynOg@R6q9uVrFup<*8YuW6|iPNGBRZ6SZf60b*DzK zPeS|i4(#UeHAAt-WYMo>&rZxQ+T5>z9pdplv1hMPZ`sv?M=f>Ie5P_F+R-p9nu773V<+2-s`!{=^1zje)i6$c}B~!yrEP7tSiXN!OzU zWW89;15gh5OvT#9A5lbf@u6|*DBb9ScAYVA91|ide1{a8gHF1Mil0WItn5LBifWmj zS>6-5WPH=0c}N{G@29Fc=m?~zm*WVBrQFeB>`Yw_F43(!Zsn?bd#We;y$ju#c^UdV z=SfeWXGW3oPf$VntIj{O?(hWxxbk!EDE>UPgL=ohqiZnITHf<*!Pz7qh$@QGcixct zCm!t2F}QH$4p5gub?Ng8c!7FzuXwxocZ)d1=I!^9&~Y(@1tY?cC*MnPx1>1w2>TM? z05H~xMecp>Nf|gj6YJFOX=gNG4~DKa%5XD2%L2ld!msaDu&NbCHpd22$-t0Z<7oJ4 zy2aQL_m(3MrdR{MCl>qgoACC|g2uww>)kj5mcc0K1*t~du)3f#+&a5gxV0f*4xjeZ zB)DyM2|cN5G7M%a3>iKgYM|-PFeu9{C}D0vf&C^^G!W9cLVFI++DL3~#JAvniZ6TM zMLh0NoCPT6$YQ|d)9a|N8`lGEaVUoGoQ-s}#rU*){1i^c8X~{}^JEx@rBnc`Q4pHKRM;aWhC-NHq62j}r~Ys&qeI+((H+$jAT;DU5L+2&tqr8U6qjTpe8>WBn(ejG+1=7EG0bO?i%|SB7P9=G z{@4@Gki8*e3PsPAy$Ieu4uu@v=4FbWbKc@z9Fo1xmjUC{_5%BHdqU$iBm+7_D+(Pl z*5>%Y>$uQtU4;3KFE$MMf+Q%m&mma!6;h9bK493$*Bna_X9yxHkApNoEew*dovSGh zLY?%6u9fLK?HgVI;unCbUVN?UP^)@bFVGv%TRz#zMvN!a%R-iO#dN~Bs~lKj;o~j% z$QO4_U^W^vf!2009%_swnEl$ZEL8~UsHccb!<_mm=G2?P^HKALvZ{DtjXA5N+IX)@ z6naFqb<_;_pk~NNP{sobo$VRhq@#K;Qi+M&!UMkS2i=GS%P4>|5yf}W=DdXTsId!Y z*YNbA+8~G$j8=Z#h?}|+g&Ed^&a?Uy!u`Rr>cA3#K4T3(SaF6~w5Um@%u6AfB>;ua zK`0?NhnoE!MV4bb9_b$G2F-+c!VZb-IaFy`N@5|zgF(zN`{y$WO3@3SGB$>J^4{>~ z-3g-r_(zO4Q&nVjoJpazU0!>h6)I3v;|pZv>tGj*F8`F9fW@L=;53SdHE4OP6)gxv ztjTW$u((1CsWf#8!cSN%)Y`_>Vt?TUk%CTsCoVI5YSyPomx>TVxC6#a2nly zxJu7uPSlv~E_m@}!B)0r{6=;?6Lr{i>c|_g&1|quC)j3_AFit~N_A^v=$O&m$@v;I zKauGciS0y@3-L%ROrBy#0Ve|8Ai%|#e zawa2g(51@FD@Td(;tMW99Y)FKp#W*L0M9k%nXuePMvXHfICKrr#?<2H)(fHq?a_kW zbU;B?)t88|BWhrcZdr}7(@jfV$|)2q6JyePOe76;^M9|=Po-m2 zJXGnahX27fQa>hab4;1)5Z!O^G)ITpv)F#?f0ByMHb+tpBg6nlv3=ZXXZ6e-4i0<7 z0wR#VrGkx8kU~Vo^ZObs3=)`y%#7vGvoVQ~mkXnaDwRfJ*qa=`9t<4^bK^c%1ODgx zW{RCrBnrL!AP1c#)`ZH^D&7tJ{C0!G&u1bjV&E_jho7HCrK+_ z6mi)lV)g(><3p*Vp*!#~)ScvKyezv%_&QSXMNPrC_4uL!LdumKtQ_pkfk zYnq?ylU?@0&?VBztfW$d{ZDijb}VQ*){gqOV)egAiw-a>On)C8Da*%@cPMq#51 zxC%Wm60%%|F+0#%9mN55IloKThdLc*x$`2lXIm(zO!r$t zFlXk8>A^+J?HxF4=wPrkd5iW3VxZv6NU=rQM4~@a0*C%*D^`l$Rm% z6sqDz$ZC~=eW?)X)J@K@5IQAbjf}k7=E5F}wM!G&yUnHXFqukd$K7Qd7ptL56EjT^I z@kYU(t2YvrT2!jEDq^KALKtjOgGrFv>$T2RTU%OdYoEtf?EqpG6R=DUOb!SwMR7RS zs}&~(wdVc));{OvBmwp5^MBvZ^Z&ejH20jdr?uBwd+oK?UVCjD4W{n4dfQh^iS)d| z>+|S;AxgkR?j7UYPjXXwN0aJ1m~yf4@=>XvYGB6 zE$V8sKR~k8zXwNPV&bF)KM6rwms?L52q{C`TD!%Y&mj_oml>UiFZlWx?k?isAlAI( zzFzmb@@=gR(-NF}+M%)~UiM__V)x>T4s(x#rJW=Zm~tO}K;2!+|6(&IFc+Pk?N?1> zYg5^Nz1gnqjRV7^4F>F3>?f%-wiIsA#pf@#7zk_Hp32RlHvi(k+hX+__Jfjt)&3DB zzm&fF-`Z|DPJa+x`T6%lCBK7yKRtzR&rCE4{hhtZO10x=S{@Rvx2S_-jBe{PmK**<>x1^R@EC><965r; zhYAKz9rtaGT2-|-_!gL3(a?2KkYU?TmXo;iJECg{r$xzwLb}ArDc$RvucjS zhtv7wb364X8=KWT2Z=Y`HYXK7`?cRu*y3k95afPFmzHqfyn*yt@w_t$ASRe+OPq^FT)_aP9q1XKbE{-# z*Y&7MHhtCPDFz3OCC8ae4gB|I!;m>f#?))Y${Fs{{gxb~@I;(iqjP`RaX&1{>@Trf z{ob@!z3jk}rtU1XG|6WDv8i)c4>fcMkr> z7EW(5bQrcHB??}a%ov_|wj*1NFGV(X6NEd)B)lo<$fEn-J4jH0rPx;LL!8q$ag+P? zZ0d#$yl30;=X<^lYrp`<=--^c^E-e;ilrzMD?;`|+pH&yE!Y z^pm>ordGCpH88{Rhr@vzf0u;x8|mn`5>dFnQ+ybL#1@VW!DnqGM2DaW32?qes~8v`h7d3U-I9l-{&8Kw?V`!t_aZaf8P+C&l=VEuQTY`SbA$`a{iX{L6Gz2 zUqepC1gZUp-#Iuh>XY{M?ie@eQRHIhwOdKVeIQYA^{#DVvb#o7$5y_4$XZYgF#tb@{ zGn4f(bXQb)3}+}(G@#SY)$8k-Iq@~{(mhyiW6SZs`_~?Tg}%aJGVa%tb|!r#pVsqO z8}Pgjvx%24oXKb^vDGRQ@JtC|5B;M~u};Q(uf;GN`8s^9EPF-jLvRd^5R&xa_})!D zIh)d3XGvb+=rMuvdvLzwjBKh~Np0rLl4SJ;!T(`?S#745OjHwV2~F1Y2ACR^DIS&C zZ&dXXm*LksbwJ-gu4O0e<53yXdyT@K!%C+)OjBy{4u3*+5|L@NF?Z*eJMB+}zy-p15(=nxm$Gx_KEqC1OklbRCJH*@FM*D$%O()V3 zLTJBEXw&IM;&edwDf~Z6wEslC-yqtfvY1;zy=eb#{oyh~LHmBtUS_o^OWJ8~2MJmB zN*4#=!}3kLW&l=UyJi3ijg2oj&mF_zZi2``oCF7Pju!T_v9Elmr8ASjr*6lPgTQu- znd5>AecRrC`~kLTn|khw?L^>xsP~0QyQminGme3vXeB7x2lU`!Ayj~u2o@$SE?}Yl z&+UzZ2^|7it}ma$^%v}-VP?BGJByTaawbwv`XwUe5xfoBMM@`mqDuvLCr|n*Es!TA zJQw820QX|@Wae(<$tqZ=gFKmMJoSHAo*cl={l6_wmNpG(04UQ53v%V-ZwI6eQo%qd zb-K!zi~c9_<-^aGFTEsU{@2NuT^&yjQh9zDF{>t`;v={K@v0 zq4Nu=^oCI!fH>cj3p?f=Z`Ss^mpKlA&c^|T-IwciJngg2+oUD7PjH zekh6fEz6`cP4Uv$wM~Ef=il5+St-lLr}$ct-}OieK=$ zpIxS1nRcu3@D-dUWXm|WKb?y&_<=iVcOOL9#Ywx7)o%yT#hWi6KQ^R8IBi!y+MIf| z4>3YyhdJC4I_(={Y%y1JxWS)rj;6EV{9Hok=PXc>X}^jR#Uz}&Kw3eX4RWgpx6Z=f-|CcnO^fOb=`0oEOqL9z0}jwZY`g|wRwvWxu2)8z$|{Tc%m zTIrlwxpJb9$WbU94Y?8OC9j^97MlFr*0!uSq56^#Gd&g0+v zUpf9qed_oROy>XBkN>m&2jl;NU5$V5|JCuo;olhlU$yan=D#uiM|T+iU+*&h{}zt_ zE=ilhq_5pv82>Bh7RLWNH~tBBw!87q?Pr?*XUe`YS@w;|9^00-7Ly8q`JjCnf--@e zaz53&)B=LYgz3maJ5&VR25|fN(hj;nH>Ts<0u+ow@PcCzsiq6`>y4LKZv`(nrDO1d z1|%cC*a}|oDr&(?^2?Tfu!i6TZzR*iFt~Uq9vQE5n*LB^1si=Y=I7O>S0-Cu!We;1 zc4`2k;@lE>#mMwhTfL>8d~3{*U=x}dCw^*fN3|S`IA6X;$oyFn-MA#1w?~S;>TpYm z-{VgOJ#QL22{zT4b1w12sa{J{oPEp&WKl$@M%&7XT!|(kaNa%B{rD?0vwz5sd zu6&5WAU44VQej+d0>vAquog}(>SK7SC5R|MXFEg`C}Y!8^W1oa6S$uFD3v+eg%fxm zw5KwAn`-022|UY}&r)q}CQmrwM#Bj#OcX?0r*Hy7*xteJBciR)wa=;De2oURIo&|7 zgKz@ROTpQFI01Rd*}I|FJq~UzdNxDL#%1q>~1^ z&!+#3$iCqCy&Ik#YRa8M{~{;wt9jkMJ~S2pp((nb6e8VV#9MAp@u5?QLNGe$M5jF0 zQ6{=R-X^~ez|(_Y6ci+%Os zl97Ngc2uTp6b`S*hFNTIBjbSmlwqQSIJv~XqE5|8btO07btL{Q3AS?D)=~Jq8Oyqe zPkbYePXq<%KLwWdD7NBtvT)zdQbzG5HY*-Lc7Q-GT|8$cCK#B@!N-fre7AFj?X5^R-$6fIa7kcv)JeGvF~RjPgDEFH~V5s0dwp=>O9dS_Af&((pb z`f`_~b(Z8mnuZl;n5eQ%i1zs`TR30-RVnhjk6&gxkqX+Jsl!PUXOWN1_E(5M*3Y~v zN5iCF6)L>Twl$A>raRFZyfquW)_m1v8{eUH)dnVnAz0E}-Pb4p zXS_*dNoC^6>egxbRAw|AgDa-Jj0fpJPU>E&YclQ=yR~rEsd?kWJQiV6*xOl_LFnL^R^=%q z+d0j6b2HxxI%>K^kMs0N=f1%MT`nQijtjCjH#MY}uj`rscT$2ngs6>!RDo0ZkU#_R z101NUKpvzP{qr*SyA@0r-)y%OkV88)wnHQ1R-YPGAtS3L1xpnhx9=p{Th5IJmGSv5 z{2fkVp9(^zH@LCx`Bxp}ZU8};NFONlo^a#e8Wc%NXq?&Dn=DP8MBwTQ*u+JS7l=}*9V%hvb#K&EHSG6lraKj8O z;vYX{Ia1BYn;*AtF?5hO_qp?87w!Qlv)^1VZsJ_RYW-$|UpQ~G-VwaPSs%m>&ssYR zwW)y){Uy2`ySP=(f5Gkane*@^p4>wRdfE7jU-xcI)i)Jx&1zA#Oh5F9m>k1d2`X!_1I#rfxKAzFbrQ7RbYR{K+9fhedCAWemK;`Ctz4 zkw4Ic8DusBK;Dgl9kP}QW##_g?{PC}1v6<-q)&(HXH`bpFEKp?Qqz4L+vD^1+P1iO z+DN^O;DYzC(Umr*A)>@Sp{$5BIx*5{Pb-{Xst&cIjOdE4Y%ml0uLk3`Qs~;OK4izV zR>-k{-TTbZr=I9etlCML^tjdvj>|%?fVc$=hnx_^TwyUS50~nH#ItEcb}Dn)2qGmW zQq?cS8=uw(IP77=mz|JN-qzQQkcoor4#;6(wRn)4znkjd(32@~ykXJ;=+0}04#18t0H!u`Jt(M|HV0aoX#W|ZCm54U z69aAP@Rf!dFj25kYJ4VHcKHf!Epg~4+?(Rg%U^}*f1{iJH+XBf^zV(T%huZTzb3tc z)++<>#w+)&uSgkXccPW88v@8luhU4ax+u9_bw8 z$ef4*))JWp1o=pkk|DgQ@p)9wB=CbV!6dMDn5*2XyF-cOMEGbPn0{Ofd3CTl-h8tq zxfz*Mn-1!DU^*D>vS~UPtsYnt!Hkd~3p2t{mqjxI6bLP@-mu)SR4w3&dZAD#@w3&K zR@0FrSEZ(bDI_VgK*f(bC@Pgp{Veg%ilpbh?q-T(M$ix8?p{_#xrYL-vw@KDhKXSQ z#=?v&MCHC>_8ceVbHCS1HdeAWoNodx$=ZAOQJYZmoVBzmXVrg1wBLS!0-f6IU}2UE^X(w0qxlS+BpM?lr#YX+4(EdW=7@@&6I@>MMJbnu)D0gCT7+ zDmODzCIL~Au>?;zj|;6>BP{c(w_o+uRHi$2XKxT;M5Yn`+RP?QE-5fH!EFrsZ*s0i zOlD+ewqfT|GH#gcCKYn&D$oB86_6?yBXO^Sm6Zb?BrlP_{-}dDn#IWb6G_A2ZTN0w zW4}8l0C^yok$oe9;lx`)_*4v#(8~YQRp3MMaHGiRy8jpWtHP$y^{M$cHp?w_cnfz+ z(DibG1klV9;uJrIvr;g2OwI=bhrWfvZOh(~90`pD#!rfVWczz(21DlOhYNTcfi@M( zYJ=jMDLoZF(^#2r1d#ZZYMT-m8cv6Z4I^q5oae?-1rLm)o-VzhRwejMpcNOKFH`D^ z-bDOk43+YgaSJmys42Qu(8K*R(dzP(>>DsrhepNmfvPv6U9F;Zr5qHdIJF8M5X3;v zFz{oAM01rR(O-ne#EAoE;yEi=Dj$QDi3_l=x7#85B?}ObqBj?k` z%k-)A9db`nr}W2gsKYo8vxZN*(6-oLQsEkgWrLoQ8cb;FApFFT@KZ;-Y*y4WNL8Rt zV>&qYmAewq>I2X&_9F2kre6j;bX13ofCqd+)A)jt380BDv7es;QfUj2tw9^A;fbWe zrN|U=EX-oDtjO&uSergwZD2`t>X> z)D3u-)-%0m`!D|MGikfoDATe1UG?8XV2Axb`7`=ovI_`$cYr{iuCD)rp;Q0kbM8_F zU3enF`n~|fegP0r*u+5x;u^)|!MzI(nteb76;!D(Q^NZcVUjYAnEkQ+#|1S88&9D$qG60_$Em@{6 zFuKb!r57Gy+h}y7TsO~|ZC~AxlDiJEEbLU|XZx>DryD0*H#)#SeR@~iGjHw!n??SS z0XU@FJff*cIW;w>8J9H0kd#E&$vF>47hZQgB+n5*R|uev@XP=n5YrvO3c@iF~7UFAc2`|OG- zG>stGcH(D1U<0)sf(acU2*&6l|M7aT@ck&eccf2z&YipDcX-0##Ib1r)Heg5cEkCd ziMe*a2v%H0;c%VtmGLs3L!h-!>KaPy00Z=Y1yp1)To!1c%el3I5)l z!7sx{!$};)P_E-*#|OXM-i>=Zbz?}O8ySCux^ar@Mn``9{(onD6#3T-2vG{@8Lm44m>`i&jG>N=-NhdN*57xfkc!y3Xkhq57T zu`sO$!yTOUllheyb!Kp*aQW^Fv0CsTt(^j|vj^t?3dS}^pmSFM_?Q6j4)~1E(K%dj z3J{Z!(C7fLvL=`ayj}s`@k$#jASOn(M7zSf{B^fxF?e@V2zZ-{yfkXxhdm=|pAm_! zi&EMC7mf zOWM^wr)>C5zc;lnI~m;G7g;8C!tbx$c&qHBV+p^+SsDDr-=ixhd>PS9LwzPI zydB#uD~vfMV1@q*)T=J6aMq!p$_huiB)wF@g;=`0A>ei!^b z9btv8`es4j+Z8{2Q}~0sBKRxzuX?4O%JrYcB%ej%&twvR(Rb*>r|ElUeCi@EJPl;w zs7`DQR|jIE%zw<5hFHwB@AP1$QHb>5#)fkA?7nvKu#P55_%zCU1N{v=m>q*^FoWZUa! zk!&T(X63;+t&;8ICoJ3F?~7#XrEEtAwIMjk_NuEbeqkgVL%YcDLpFaqrZn2xXH_J% zk5Yec`#JuPF9+Q>8>@?Hp`Ek_;^C!Nd#xXWx0mtB-%ofN5WkfRTk8q14_cOp0n4bT zh`Mru7Jp;~AnVZ&An&8ye%M{zTIBoCPH^d$6mt5Cd`_27$&kUM>P)kwc zN5%0QJ|XqtPz9~XZBS-{xn_>wsKc~@IQEwu67d5`f zA7F5kbj(*HNp`2{Cl6ScUY|&pj*xihEFbQn0{R2zhBhx344y7ks!P-M?*PT7>xA&o z(uJ(+=N||6(e{!bMA~-u$8zT%wCR^_u@U!Pi{*Ry{K%LRHT}ED=Qq1rj=CsP3kr3S zf4u9#7u5sZpVB@YEWYjE9Q;T_Ng>&kI$&SguC@s8QnpO#KVEy3A9IVlW?{qacQ6iY zEy#j4-#=iax?xMNeT(d5)H)aT9+BCPpurB3e!$DC~J!TynsV?{6WPjL#?&`arfPa~c2BgEQe zXRRYZoRG%}(S-$n|F>UNfA^AXiUs{8$F94Y_`F?xqsh8@i`BiWuJ*F7qJO#YB|(2f zM8=!N{{FMS(BRixCYXztixTB|)+Q^xDm;N#1O4!J==WszOZ2)r=!P5fA*ql?+Hmbc zl!Svc_lmF}NT;O&B74J@&MpwyE#&w0Ya$>KQ+j#)`tO?1z$TdCQX&`n$BU4#1A+IR z1%c;v>UF2_Hho&hvDS%K`+C)@xk5HGd$q_1xR{+K9@P#H&>e2_KSZUFvsW31$e5JF z!N?f=&Vdmo>L)CJ;`Vr6zZfQxvqC3$;&XnemO8B0I>DszQ=eiEAY+k#!x7y;rGesL z0_%clLIkD*!^~@rB8o479tfatS3wic#s+>A5dwWx@z)%nCkoJW+qpdoZ+7I6&CVYp zF5iOLZ_cBj{2}hpZ`S?B7sPHjc45(k#vNtx=BJqS{QYk$*1>Kr4(pRJf1zyuiR6ec z7Z5r4j0>qopX^XrQib#%M`y5-~gspD#nvp2F zR|8@nVmmzfJ;i~ZX;j9%jXSQ1|A@<=O~80Wp{Vp80m`Blf!b@eQS{-WilT}peGm$9 z0333N^rkZZ%JcXJk~xalQvYiM!?u+d77Aovmp7*L2dsS-`3_V@C+NCUXKacRE$YqDjEqz>HGNpIuXFJyj(c9(*rX6@{+&!ud zVoMDT^_L2N)PUm1t?}&t&ZT|-N1h-LT+?-wF(YMuZl$Wq1caLX#5}Sxxxu~u1$aJq z8P#rTz$_Nl*`sq8&ZWsoL$*quZ}tCqlk$A0h>f(YHpfgCT@>OXe~?1j-KgGYxqpET z!SP&Mjf5snU%i&fs<@Fr_t~E-55ju90)1M641oiW{;y_kQlGuFt!;09UMniv+U8X+ zopBjqI1We}iGO){={ZCs z^^5-`!E7baaNlD__5b-t_lfd++N@6-^~nv<3jY~>S)nfv)5{`bBITT~?+=AJDi0tAmVi!*1Ytbf=-QdP)4cM#G6DSN3?~1n=;w{^4aWZ1Wy( zN9;#4j`cEkI&5z6xHc4xbm}1~*M=8UXT2}l%#fa~T#;t;*GY~$jlu*vlPYg?-aq?n z^#v)D8*lvpg#22Vaj73+MywEw=X-3>+&m7ByPJu>1H%d9h~c_~7k_laqJ(-AAGwK` zO^K@}aJ!bebtD&Sjljiy>esw%{gK7q_N6D0ZCWfuEj*wc%>b#EZD6LwR{22AG( zuBSti*Gw=JHKt{X2(MVHp$B;^*_o%sJe$Nz|^NzB*GFP;D% z+hjB0`1t%a;ByYp#2c$@_U1k{kg^&au^zzFs6q>BI0~>F z&Ldo_m@OMSfdE);ZcsCNg2kDGVDN-y3iymVx1XyiE-=xL>R@cWHpK~ul42OQs1u@;@3(g(iwq!#3TtIn`OD@Rx$qZKcb|efB+PM}tTODsC zG8G;jxl{)zp>U&tr_R@c(u$3(cx1or8_2quLizZ6N@M?eg7NesR6 z3G`l^tBxRqVN-AiR2Q)&U+lT@I$zY6Yc!huD{;Ql5jWrtBe0zmx*mH!+Nu$TfFHsWk#pE zPo$QZS>6-tPU-dgXzRD$+}s|tq!snY5fHe)@Epjg*fs2%iSlKB3@QfwY8uj_{GIf% zg-l#U`Nf&i@6oV~NaxW^JMft^8GtvNrj7Nf>1YzY%nv7u$+cW_PZYbpyDJtkfZVyB zn%kD7?Nse-S|ERVRIw6HpjDE zCu&F2ReMO-UA-@t$Pm}!wq-&C;z71cv43LjtRY{K;GXQw{-~&dyw}ZTC1JPDd8j@J zDelTXktYOHxwm}@P@o7G^C8*T(lgn(c}H!wPdS%1l+E}q7h09+dhtt$kIaE!?w-kT z7ZvAx(qk(e=oD@TJ!8GkPHjs+By?cj+O_cq)wG55&eQ>Ih%6+<-DV+@h!rc0WD$Z| zyo?f*S(boRRMrK3m!dq;BAQgc8*l7MRt3aMbIdo)kUpDhsvKvD`a)6y!SrRj%um;^ z9g7SczE+Af7_>iZ-}wtC_24|}=sn>RC`jZknq*d8)*zzlUx95hH>$JQ^V-sPSg${{ zUe9jfBgax$PSlvmD-*kYZ&%s(tg=|!ArFh!uO1=~O=JA()_CJn6jMtRGi6BF>|?xE ztxVG$xqh=$8jL<*92xe{Rti-cq{*Z$MKj@-X?g$n{MaqWw+M*dnb_T>YP>!*yalIk zyWle+k5)n1g$}{m*6cds&BA1ZK2y#+_hnznIC>-#`--cz2W!v!SX{kaF%uEVd2}@t?|R+c(Yua z3uZ%euAiS;a-Ui`z3Z;!(^x=C`>_nNQoy%H|DZ zAl<$Cwa4gnFhr~0op#kD!-O=zhoN>+i~42T2>uh5^3wdISLRXzApJZcj$dN%@ag&ddTCrE^0U1RV?a{uO=7y_ zKGgMH;ws?)g|8&$FDLH0K9yNu@7zz7WBU>YP|>tfBtds1!N<9GII|IdWD9nI*LmXl zIlg|9+sHH0#odZl42Pt$r}Rv=`rVVWcg&`Oc;g9-DeeRNRpmlm`qD$!g)T>=a5Gwe zOXW5#?RzE&rM9;QmRBse{syac~n>`h>gzzzQr=q3Wj48b$76GQm7T;~KH?P9>;=kC5^S7$vCL*e<=CMI9W!2+3?W z=;WI127}Pk_wr3(pa0&EgQWY8jOZ{&C~3VV`K=%zmxA}B3OxcQx_&%> zzOsHqU_|{T(4^-URgi+1zIHQJYH+vurGYW2-o>dhg_iG|ONDO}X#U~vXv!Wr7Edw|B@bV<6&lKk(F291A3 zSQ;8T;BWc~9c`_y)h=#r%eg>7Nq`@icq>rW@nkuWs`I~#lBeT-&UC!lqI*-Sq{2(X z+|z7Lr+!mqrTXahnEa>Cpvp(utLy-8e9rAcWC#1Ou&86Lv&M_7LHvH`O@pUmB8Y8G zVM@#NSPvV_IGH60>vx?kVg2rw*IVC@^eZ7CT)(`B3yWJM_F8ZIdtUn8{6cD6bXwqT zkd2*PBdZ`i@OxcvgJLfr&(%`09eAEP!2db!H}Jm@V1{`oK(-5k@Bg6|%yhcn;M9)z z^-nZDvxS?fqZydXSgTT47y4})FY%jC5z7{^evaz?l>nzgTAl=9Sd3CM*8MTYsB8)fh)g zp736BVbQzsvL37WlUh|0|N2^0zxLhu*wydG$1P_SuZ*)U3EExqZv0%@E-U@xN7qsA z+~s6k!+UJY$9f;PntT)DUtT@^D?AYOMwOALtpDl%vivJu`JpXsEzkwIE9^9KmqWa4 zaekGzChrlc&g=DFdvjx3@)>Ex%?ghjs$=ct{IxU1Htm=+d)Qs-e@A&n(GtG4t9H`y z%EK=e;RE`K%Oj0OE6Tn0bJI|nrW6}zKs{2kvGIpZO*ZxdLja}_2_=or?MXNFSSiL; zD1rPhpAL`j)*q!jKBovG2u&tcjvn0`Bx!{xR6-bcz4RGZ^vN*vAKwQ6G&gCcn-dEm=UtdG7Uy?XRlI z;NScYNk_FO=<`IBFYRf~vfFgO;LOI}{y4}xfxNjN>m$vNP~8>Q2ydKs5e@AVwT;NV zV0!x(3|BwaGxy0_lm%RK!uqEF-AQJ29BA(Zdv?%Vl5^Eo#C2f26Tl_My9Quh>CJ`C zFVwinJtWN=(S1!sIl&}ZZ4gY=&rE%QaAg-CUp(zMUizpZ{uWm8I0&TSg!MdH95w%ddYkGlJ%Sz{ zglM<oe*aL`@u8ELONc8NG@)?YZ&V=MmNp2K|F(5N{N>;X=1YXnBsIVvh&jGk#Edt~ z<$>2ad##@&5+;QD61ROj%)6&k4R$M!Ie#^1pU%b*%;vXi!5ZT)_KJ@58|Tno&}{F?v$76a)Ihf-`nwk@_?3 zd>)(ZQCAiVp^?5|q)2JRhkbe7R@yH9aYRuaa8{skGRkJ1jX zN~5WN6oBP322TXPY8ivIw=Y+W)qmR#V5F$T^+#H|G;S$)eh*H{0P@nKl zA}AR&Y6b_*kt9)Ej1o?<{w%@K+NmXuN3;3j8e@xF;&lv*8iUR*Yj?QRU%0$|z4AHq zKdZxF@QWdfkQC~Fpstht7oQWXeOCZ{R2>O!5j zojr}`y~dY&qBHdr*EY>lHtn~~;E%qGT{y*o<()rA!?QR=j`cP zN?5XTyOBx#V?~cLznKBOUlwr*Af3MyIlBHq_(F9d75>I15PRTXLRS4OHE&FPIbv|%`x>T=a{zIf z$5abn1dhdFHfSYvfThg8yI%Yp(nzUfE3n51sj^}Zmw8xV^iHs|F6d>5)6Xy5&t2jd z?C^7i{q+4q8uXhDeltx&=II?H*Tee79q0y}-^jSqsZ;i>ag9Ox4&|U-rq96Eg|*a+ z&p%1DG8+d*!pH0ymA3jVBA0~$nGwmT8`&eJ9QRJWOW!sOgn=u3eA_ML`DUeh$Gc2bzFB5cf_7mzmo)SShrauMF6sCnDs&;H* zt(Eu{oJ-O7#O^B!Trr3k)J_Lgf1jGA-f~&@D#W6d`rHzHhKSJFKX7l2K#-bSE$NKO zN8svT7m!8tRtxzgDz^XYF#h9nwyJEG`)9_6B5jIVn<#^LgECgHx%zyRTJFrC=^Oc? ze_}Te!OAr*fSr(zK%wzo+HvPhH}bdu+cDiooHi*SNp(cauguR2aY_Zj(1UmZ!Y4Zv zfnsWvj0Qyws)858m&m1;Vg5)H`8L6X#0$ancd&j}aFl&Tn0=L2B=q(f!N~0RNkWGXPfIW#wRqJpPWdC7UQl4121nRO_W6$>lFZae z?4>2V>>0($b-p(BYX_{T9lSi1*2ghNu=&5(ZT_YrTXqG98?)_T#jfcSSx4*xLj3jDnwH&q98^&}-zdL(b`baDT7n67ErGYrZ;;!=T5s@bykGLa+hq!2c*h~87ZZ*B(oQ9U`MCe8 z8?Vk~5)mx{s-syvw+mRcrnS9=*!b=nz zo%E~toWYJCD>eS$3H`~$>eL)k3bJUVSGP_%kyX;k2E>}FM`*`56WiZ1$s`riim7e6 zN{qk|MMSrkyN6V(09BPtP_Z6Con`*YAKJqDfd?a|S=6B-|IAypt`0@ndpBFQX@7`h zGeh{HK{n%l|0$R4^`Vh$qL|-3$W|u4^Y3-ph8!Nr#xlFe|JyBi2P|_S{r%<$XC0)} zs~g<z*w?!C; z!K9TLwETMNtKKm6&r*-@2W@?$6zZ=e5TBPh;Ys~ee;99kOFP7wqn_tfNIeqc>T<98 zqj=+E^ip5gE;{w%oRK!7)UcO)BnYLS0) zkgdY99p$o3y(N;(Ts+1?|oIB>-}qxZK7qn)Ma}un$1Sf&&cMdU0Z$5 zj8w9R@avihbR%j)qWC|>$so74sJ0lF8$hf&ATsC%2$4xudK8uBMls}4nK=!7O;s3a0T+^_l80!F^4&+mO!8s<4zwK3h6kmV@-oRXZY<&J16Yxeesodrb z{t&6`RY@FuL!&1B53J-!uk|LqEIOeyx7N22VXt>jKRQGWd*P5McpVo;X4OYt=A4Pl z*;7t*4drR5c0fyN@DhTppE{0vi3}oWK=tDI zwI2yhnb@66v2Kb3U$*xWr4z2Hrwi|d1NO43QmIUFt+Svdsp8ez%#BisQ`KvyzL?B3 zKzQ(NGcEQ4w-7{6OI4w|N-tB)RjC%CWQ={uH5r^m-d%Ij;=|_Di?F$QpV8cArAL|z z8&*)L{H+#iYM@QXVFF0#cb&vBNO{Z@oD=%kJL36w?tNg>BHWW=rTiq}0i-#`0SR=8 z@UPNfGSd%@WNm#fFZ2EKWcALe+~Tk@_dP59NQ3oc=hQd3?cw4E+;O&qT1)1HAI_oW z);Hj1uF?5=o7cFxI|lt}Gk~=RF7=S=ovGvF^Y9z(9_U8LIyN3Hi1*hIJ)ISGWr0P5gxNHq0Vq=O1iGmzqsx z@!X)zeD+Xn_RZYYtS?k{=6S{~|JPDrI4 zZ_QiKL)ZL$?all5T%f_h@cHSIh=8dCf&P8AljQWG&dN9rwDRqhQr+tBAqCJpHrKtZ z2FH5E>*-fdPyOQX0G~V*=y>CQQY{Ww&A0IDWhWOm?P0D2_=k+Znzo0Rtr?MDX_{nw z{yt5Mr}bL1S-xD$^GxZc$FrzL!`#=9n#%U*tNtWvIbM9Yf~mFR|FImRj*WD3s+<7; z4Jxd;{BI!`eB-dDf_|3#`DZK@(>8a*%?cRStz>p3FW7Ek44-I24HC!?LJqMt@TOaN zCgRO^($Dz((tGmA4YqI^)a{H{F?=nDNPBpVizzo5%D+4H!f=6bR($>d?uZcAO|{ds z6%23OTD87{p(f%7WWg`Tv+aXJkOjE_#~9Y{g7C^R)-A>WsDf?}%-^vlALX}p(u-sL ziB(2ThD7Zz-V9ovh>8NyYMdM=;t~dnv{k13;{#7g`R4k!N^Z-{aWiO#0}A1n2jr21F6+VB5Gr1l}I{ix~2j@0U}_^SgAfK)%A0i;=?q%v~cPkM=e z&o$QA#z!MH8JvfzvFB#*8qQKBKCHxS?7hn)aGFQ&+b9bDT|v=Gb#cV2Ru= z{tD2qrouU%*sA2riNX;}xwY{*Pg5;=v2#0ERx^xOwCWn2HD#-;W(3b(@U6~%GkjCe zPu|C&5MCAX(=7YKq(cUDO7g@C<=$_#4>s)*Bm?#caTHeJX_e9*c!N_o`zU#Cw;C@k z;vmxUX&;C$gH@2up25Du(*1_G}z>K1#4>W1GGhL7(lI{d20#_%94C ztVbMR7+t3wtj7vLQi4}_oblGUW$WAljK&_?xUF71z8;7^QA}T3 zz1Dwr!)>m6GW}w*>YY@YqZd0;?4VVznev<9h~0zH6D-!%!aeB08ctfVp5Kx^yKV65`1}_3g72gn63e{ets0S>MM!VWe-Q9!C;lu& zvF)s4DO7Xghb8f*1j_{>cQQNXMu@Q(u)1F(O>>p{!o2_L)taQ=jwP#hB(pP_q!j@D z!?JkOZ&*m8)}FF&&9)W<>{wojt|@FxOjftV8;973(@T=ngS%mM{JJ%)_mb&%xu0>= z@K^GO)MhU)p@L(Q=~dkIlw9|ktTn0h&e{QOwS%|U_WIasTUwjW*Mg*Hp-~b-j?VVM zGg@`kQ&(-eHD8fTKbcCma;H>s-7C)Av#oaU`?bB^1pB>IZ{v={^bN%Oj5mD*M0hf` z*8HU!jPkTGnf~j@^m=ZW8oqWy&GxPF`Kyy$NTumCy{5)yzvQ~j1tU^xZMFu`o*2G% z)bJMg&%6<~FzwKbBRGm_yV1$&58}-~wYdlj=0r?w0=@xIilBB=zzqvB+ z!$S(@Yo~qt3BsrXnx;LH%W%YLYa2Cp z=!s}^Os2~|0k24vRGNFe@Q-Dj*_X!6aj$eMMN`=;dL*ki#T!dt?YVfXzSSc|@ahY7 zKls$s;`6&DvHYdq33>@XBnL06?e#A@Q>;20UjuU(EXA<%G|Izr` zA4m4umJo62dE-ajW|Tc_tJn1QQNy?8R>)4@%H>tr%RaFH6<&IK3WTJjkf-0vH7Q*@ z`6{(1)5}t6pWD|o8*Kx*sqDly#=r+&cgMXznLCyeK$#oNFJr}si$Rs^!Eu48&0YZk z|Jl7Zdo`I_ZL|}kyS8d)GQE9tw*EgT@~$hzEoKaSy3A-EzM>W+K0*bZl55j1xg4o9 zmz}oceoPi_HA2GT9X5_Bjh!BJj}jAnCT;XoVJe81J++6aDE=YzEyB&nB~3U7#^?8Z z1Y3HM%@+eU4&Kmf^<3hghg=_@zXx+e<8pSz_x;O}%D07iWx%$Z@Imh9^e-|OKVJyE+-bhJ zQbxJPH^<99$i|=kup@aRwc%SUZ6e-$oZ0Py9V|ACY>$W)WK$oBJ-KMj(L+JSL1(0# z?K+MK9}?k1pz5&qXI~Tt2yKMPekOb?`I+R1a@BkC^qM12FNJ9yCRs+HnK@WNbte9Z z+3ck(0;-~XIWxOA`^g5L=Z-sS80^@SX+#tK?2q(u$`=@_l~Z2KaStPvd{P;2e3B>S zhcbg9>%@<;mJZeSmwZbq9rIjI3Nba^P?n zCe-z{X=k>MfIlX>u>qpWHPQGRM2&D`53Z}UJy#xPDh!5p5IABWkx`(uZC~l=yEET1 z8C0Puz3AxV+;|G0!=C~ znos_ru9-`oi8OPV2=UTHg9Wqb?;=UIMp|k~{sV&V*@hw zv|nfgHxmp6K}m1W+J$@y(wY8GZD;>cixK}@&q=hxC2sSw(!3*!67lP9Q%=+St5?Pw z8+cpVquVd=LYO{TbT|1^CizuYsGK}Dz{}N&KT&VgT%k-zI+hUe`Tcq~eE5rLds6|z zrK1mHHWoi5f)NWc^ruUW;MrRHnd5%mc0Y4DfRWn*hk+)9Rf(4#8tj(^tA$EQkaF31 z%1}gxufUe0Wq#`pEr6z+Dd{n-&&avm7>5c=mVZT47y1bUU3vv6sq9&8HBH@W)60<| zJ(7(tk+wo<$z_Y-$F@`F_SwryH!l7pe=izfTz8c=zH|+t=4;}QyxcQ>t(;7g+ZSI$ zp?LGHLWwpybg#)yo0Ff(S-2O$a;%Ls9I1NX!p^qvi?ZW*#V_Xf1Qfv?016Feyd@g2 z3a87B?CM!bw8I{=3njVD>BankEHFBDiF!Upx}pQFlu)Irzvcg^2^)<(zX#X413KFF z)Jy5jAq5rYt=hqF*7n-m1!b#h(@%7)Kb8G9C>w=dzB$?YCOCTqoIT}m_E+I-)ZB~v z7Zs3pLv4CZl9f+#duvaSGkvI#m|XXg)3-O)4t}w=7ndFO=?z#Y1Lz4}npM*axkn*9 z>UaK)0&;OZD&ls`e9u(&%${5>PfZ8brvH{~+;UAa{d9_U)@>;)4mQ>HddCszm7Y_c zu`AWXg70)F_)N4Qn%qaVy|6lpx+=)kwePsK$h$TqnU9(uPt_Ft|JTUa1{SRyK;7Ulp(6CLC{G$J0VB zS(0{a0Ynz(D@M-U4@JKu+1RoJ1}0<4)HiFZ02##!^>T9(-_I0Sq7NcexQv0Cer>NM zwKBWGc=b#3AZi1Mf>cjB)~DV#AYKca{>oa^y~Z6qrf$sNQ`@|4`d3rwcWUhPQGreX z{8F;bZLx!9_$1tNr>AY3*&)4>jUQLfxE$cM zpnJ+X@z+9SpngYfFF%#-!-DQ5u)~7RT%x3AB-5=A8*b9iN{4-ixox>SvW^ARV0kMw z_zkiAU=}2(o-gNKGX7yr2~V}cMQOU3%gx~{v}1)~wA%;T^$_jE#*ThHl5LAczgKg| zk+-%gCk)1$--j}_@EvIDUYmXr8PGGCezvyiSuQ$H24{Mko*)yo?S)lh2g5t*0uIy; zfXz1;{R3e2UfXMRZMI)8s9Bp$4FRBcq+sU{r~ClJPCGk8&U|gJ^^#<5&uCoV5hkS1EKA-%M5@o-&&Uqhi-x3y#hYH_Z%tE=A*aUY58TVRE1T5nHMx#s6k-sy zWBm@sWzcSIcA)xwMmDtHx3*i zU2>0r8-FP~AC@%Xr}-0`d7exxC=K8HJyUQt*6^d?ee{>y#L0}N zUC3!5W4*1mM00kFWq ziROulCI09EOq}Nd_-^!z>Bo10^?0`FP21Cijy7R%p-ve557~%=dUe<%E$?+nQ?0>xkqXa_WHhctOKRJ_$-l3S7BqerT!c71s)Z0 zjUqRA9c@T-icoswN_2`8br*tS7D6o2WJ0UJ3gM>q1gfcZVdn2?Un-Ynf%m1n}jceN;>}u_$k?%>Udm$Ff8j zZJ-Dy%I&wE@t)rY;CB@-77tI2kA%j@2#pWa#gTGl^-5Ofy!fIO$P11tY#)^w)R77RcaE-n1J1r9>b)8N|czqIuf+yALWa)E7ro?)LU9dzlUBDBwex!?0D zqk@hQ)oA^Jb)hmdb!@ig6T-su&tB0+jMAxNgRryl=Ed-dlCNy5{-k~>wkR}9VMe~; zW0^S(Y_#qQ53UMO!wTQ;^In)Hm=3s~)lo|!8P~}EKX?-OI07U$U5@ZjQB4JoUK4F4 zeX5|e&bkc)e7Fd+vY~3dw!HSVE}V-lcm)jmUcBjF^h3S`)z8P9-cg?}qA47x2@KnM z@-Rh{v$f{oo7lYZni(clgM)J6S-X|-GS2N?pyPqD^;E+%NACKT zKFjmcnu}n_nqh{z#?39^DyGCg;{_-77<_iWDOp&FuJM>h(qmy7`3%ElBN%#$W4wVY zG)|u^GYhPlI~GCbrzV82_b_%k(rq5+Lv}~EF&q?jX`a4U# zf^eOrL@}=}vFg4sYghKm7Fbi=_&JqoH+FxApetnyWc1Y0DAk8}^vf?1&R`t7GQ&m& zh=a4u%B7~VI_wAZ=Y-O^WcR29DkDi zjKaA+H<_us)BN;_Fwt?oR?nDm0pEZ8*ACOemL@J@qnT=6HO=lTrLUK1wSnBy^GjmX&z4U(!?c9*(sc&SJbl+2G~N<$Fz_s{ntwvdTkMj`9nbv0up#3nEXENqHnpp_71R~33( zIHsZGkoBiGLPUy?w~LURZ>)2QmjD2%a4(~wj7E$6A)Cy$m_RUvBXC%pXPXA;{{@rniF*77aSAA+vM-N1yMz5Pc zQ<^`MCFzyX8IJlTYL;dUb;(=gj>yBJ|Ig}$nQd4dB+>$e)Bl{`SzZm?70wSo%pv&Fm&)|M?V6H(s9d} zzmRzqm{M%WByVa!cewXk%``u9J?- zR_+*R(+}gT-Q2LwI&|#wdLV;0R0brH+zi{ElH8g~xt8j^($U-*Nm7^e2U&xJcA#^&>3r z|A;Ua?s#Km?tIPOKkEaQav?2+Acz-5Mi?K7IsgW!y@jYHMF$COBG*D{VXlBb{dbpy zNFZONEAd8Y#^{-)^`~KJ|3bY5i!98E4nO`A6fpGW8vW-&TngvTFiwb; zO0+jLs=bu*4ka%kbL@m>dgbsHCQp#ld;KM%U9g1Y{)RJ6=zP!%Mx6|!b{N0Y$90`6 zS#`~IF?|F4%fY62H4!vL4bCpuS)gEIgiI2+!G?>_VkZxNjI_zG_Zw(5e}m(L@GlL5 zph;S#=?}zbVsrci&udtp7I*vv3Ojt?ivt6aS9l3=s5h*yV}FtzWv8l#x1#Lo0{b3e zLCp;MM= zS400dK@>aK0lkDO>W^#}Wm7wjcL$zzDy-Pw4(NGI^K`WEZHskh5XVZMUlEph}8wz7+7dD-CVYzJHJz8*b}FSW39a3kCSv% zvh(;zTiQ?epG--Bkkr2mtPfg}e`gE|4+$vTiN2S1v+)8QCrOO+ClmYPV_LVzn};cl z711K8E&y13myjB}_Q%+6P@(%|61Y=e5^pxuFcUk^eUCS@u*HVc!(vMZ{B9N9xlt9t zz5XFgs~+@3(!>r{u}tYxxAT)`5f|G_AJVbE@PWncq{VX8pLQ;4)&TUVo7OGh>p&il zK8uvO1NUKNsSWPLRmX_d4?i6U9&dZjE5@VlLo`P&4BB~;i@kTVP9aob*8V6q<-r_Q zSK5xvQ`;7Fuk<#1Ed7~5Bd6!sE%qgLJwIBDH152_IUbpjVr#sWMMAbunh9@td1lbn zkAu36@#en>1xy_b6u#?eyq+pE{l}4m*!jy*#_E@&2+mqw!2#Zrlx3o_pr2VJwlO5~ zRHtthOJiUD%i~<*k&RvTXh4j9Mhp?H@d<@-sh1$dFWpNM!V1(yh{J+Yd(hcxF{l38IU+V~8 zrZl$@g0Gl10837`^l!WbZ1GUv_^qu(E40bj&4{6@$wF?&wGKZ2#0>=S{+qv@n63HS zjC0%ZfrEzc?vMBYX~DVwJH%A!`<*vU*8RHsx>Jrmuv7nW;J`~`06P12^*8qHE#P8V zYz061$H1NTecEs)^GxZ}@DuPu{n#(bvNZO@!;aDVSv~Mfw)Bwc5?oqlA(BjiU@=nO zPj3|_pvo_C;tq}llH4RIO4-u0)N(j~`R_jhW6cxp$HOD@!IV+87OINB#=Dsnjvt%5 z9}OIhYiN4Yb?26$r=#%Zw-ORY8rO-i#N-^ zBo%~ZOlVx~UVcHw+^-1&x+tfM0IQuN`gOp-dH7;ciX3paU$9X+`4n z5r1dvTPqMHts^-9QUP6BHSFlp$kvMRVT2xX_c9CUfL8-ALeEUGiU?_a_eYytZVHki zej(-PKw?uM`uPC+3^cjZRdWVmOI<1GL5yJr?RS5~Dm^w)yadb@B4Ifk_+@ni^g|+K zEYA`0i}G^65FLjM%e`n2>#Uk9LhInB#QznVVZkejrj$I{TKChIL<9L>36jYv`lyEz z|9e5oZktQt=QJ1Gq=EWHvkW^H!3}BkSOxed5jAsB>f{b|Gvp27)D8 zrh%s3IbDt;8n~)gEl{UE4IL{jKhY{e$}kkU2;kITsh}-YDBTf-c;e>T%;ITNj5I5o z>*Rlv?LTyWATJKSSyjYt{gLKEix*LYs4Q*Ldo~ucY*6&4w>S{%l!=;DC(3|rr;N{x zEz6x}O)baDp1TP9C}sDH-fd@#o_%dgilm=Mb(VcWlK(M*2boQttFoU>cs}QHXy4&- zBBJjjALlvw_&g3E$j8l;mwa5WU*w~HGqJs4K4~*G5~7gTSE|H7Go>`n8RkZ#o~ng# z-)7JH#~!>eyRA=6j|pXYLvBc%Yh9a?M;~enA*M7m@>ZLydx%TUsBY7 z#Gy014x3;u1c&Ku{*-=+ZA&>Kd^S}q@>F5=_)m+`mXG_DPvnlKM(+b{|_&eRd)2O6e;@pk)OC1N@B*3KQAWW(YvQQk1^tzD>*ivHt zdokXODT%VH^?j~=4;m=82ExwM*=KHSue1LCu%6sN$}h4$-zWJ)ysl>)3GPsB*>)1l z3*PO!u=n)#uGkCvo9m{^!oig-{p}wRMH)nNtd`Qg0~Z!?_ArxvP~dA5;LFCtXCmi0 z{IX#NNB_>8spH7Z6*o1g5FZH%ag%kD?_lC4Lqzc1z~Va^`AzeJ{6FW}h+VyI>MflK z{aNq+-CvZPk_7i(zQN%R3TrAtJR(2kB^zR0nI0=-vh;#Z*#Dj}TG%nONwSw6B;b&( zOt&V~-I9O_G~0jgOQntJBtIF4$(-ZV7#dCZi(czyJW;3SJue+t5By)BXyWvmAr4vy zb5sG4Pk}aG$kYki56=Fa&|Wg(Q=lyipf!c2PU6*+Ab$s9Nk|3EY&K*_zyy^xfJ_?* zSXoG&7-TAQNN-2#8J`!-MVIUzOxV5GjY=K~M!|XAUf|q+_Em@J@oE!QCdBmd0qlUa z=K2tJ1G^opeQ%3mugXYhi(#oq+1M2`U2BfQWom8uE3P$^V9mM(Og(eFVJaJY^?-<7 zxkg3)7$!aWTEt{0SqSh)v?D7X0`lyyA}}5%7~glBF@Jv_1)zkPAyfcZfHACwn!j%QS_!Wj zhH)iwLar%4yhC$6ZcSL^-XwIQuveWfM+pX%6xtv<$%KLQWN%vKy~9tnYXSCclNb7$)z8??;5t4mOcxu{%#*R0J6m-8%N%FBE;c zZ|u2ET4Kd+U$Q{T?X1f~?-@n3e#!F4b*8NJJHNcHh%na6rw=E9_0SgC*(m8xP&XeE zZ68+6`k$m{7iujK8cGO)-RcUNot!KUUa#eOVyt3f-CXRg$$7n6gLY|)@YdJ*2dHON zU??2Eo%?654js=wa}M~;hzXRT%>LNh&P;3+z?`z9J0V~f^qnyK!|zR)){C%H-5Nfe zP=8#zWQo1q&0^@wk)R)r1bZT!;F?K{jz$7BL4jcxtCJnR04MrLn8*L-R)9}Mf$vP8 z=~qCTN@=MGKKm0J_{2Bbi7Y(&hpu$6!+QvMm`hBBePq8^t|g~dlp~fq`w3$>;0|(d zzcXv!rLnu7Hw!@lswdwDs_6x&I`PX*s=EWfz$P3t-Ag{)6YeN;=kr6{=f!>ac{>9hdH-zG1L@uwxIt?b}uviU%8j% z=Gv>ifX(gCd=P3Gm%rD}W~Tp1s&4k;qM|Z@Ts^fXrEXQJ*nCO}(Dl*ta+f5e`Pit>AT%NjkYD*Uqu6>S_A z!_HWAm1G|RdfFxc`|}1MI;^;}Q{L_RoEfxz2|wnP7yps`zCXh;uO<V_R|$lIowFXHXx`Q$e=tq0{)jg&t#?X`o(-$(a(9GqK&@ z{l~{JQ+`x?zS}W|oC_ zMtB$X?+=9XMv8xZBO>C^_0+SD8VCLBPSrDZ1JC`>1djiQxi^8Yvbg^L6T+iGx!#CG zaRH)DHHfvriV`a|(Wo~VG-|6st)imhP9Z^BQ4WsHuy^$*k?~5hjGz30>Ok>3PSBue zOTq=gUWXXJU0)aJFgE$PUySVA1O(1nhE`-;G;<9gxjWwFhv3%kS7N0Q-gc609%KSX84J7$Zs)SgZ`Db z1>lno(3?9?Z41|spjO&bb#bZP^5HZmvRLWL+GdL^re@1hGXZ##D{I}yy@@t9EbA{f zt1N*Icc4?Z0No2vHG}K+KX*l6xND@fG*$+iE5d4uPsr~rCQ?-M52X>n?F6_c3m6K_ z#~k1%#SuUgOZR61%UzC12iWvxq%tO$8UPF~92J&NkJ~Y8*iz4LT-rdfELFBUb@AVv z%ht_`wI8G}GI3Ne`2L$_<)r^;0;pTFTo!i5RkX#L^pGuMv!bDPdHV0zooOzwb*S78(Us(vTk9vE*PZ~94grt3dt11-}_bc6wkve)W$ z9pG#2vs%eMH_>slT{2=*gbbpyE7^Cx1hD}&!}-u2TNxi@tfmR*x)(9fGdK+5e#6^M z{59{PI2fL5ArgLz%q~V*+b@}F8PB&S`}SfHD_whFnP+)T>I#t)mCCQOFfGW&o6U~u z#|A!#$|1lj0rX=jKK;QyzdGLRY{G1xq7ooo42=@dNNJAPpAjSW^=oMFslqRLbgq`~ z3mY)pEe@rLj)vN-;^j9O-sm~jZ4-9(2^k`)rTM=-0rD*L7TuzK6ZPi64V(#d(W8k? zS6yAcdp?>tG%qJ(lUF%|Io-&RI?o|Bz6VlMf8$}cucOm^h3c@e$HdGR$bb4;r z+brIQI<6}~$6{`+5Nu8FL?+w^fkN<%TR8gNI{Nn<1WI?8HT%VR(nosCH%#qDv|D{~ z4YL7qIkGF(xRS0J+v!%gk&9w4H*Sp0CQy7cd#nMPvY~sT2A_SMX##IBLYOv?cfHLk z*2ZV%1F3n%3yjQPKE4P(d+UJbYq~=`hJjv_7Q6T;S-8EGe&a2!^oxxN z2k)TLnWM!Yexc_aO>+@9O-uFPi6aQ(O}Jx_+H-ay@C0NICjusOSA>#zb-aLzpAIp0 zEIf$3cz;1;Jb-sU7L1_E%j*UZ;?1G@;uSY70E2y03T8F*h|fB?|D?z^2z_c^m;kHO#DV`xRZ(OND6&&Eaj<+@dsb_68N4ya^uZB+CChZSpDzlwD7gWh7aAe z@J*d^Icqn|?yK|wo~V6qI$n@vM}Mf>tJCYW5@H)nQMW%PBui5p?R05*!krsnkoXx; zGFRFiAh7tp#(!^JEB+g2TIs=a^nUtUy6}pr`SF4k>HWweUa&fYD!MxJZ|H|E6ABt{ z$Awe_f*=!O53y%UqNxbN&$V}3e;EADA2dV5avE&@vFQ^_%_$@_SL{eVf~zrRiJDHW zyYC7J?x)$?eAu z?4#-km=*eARw+S&lTy@vfMJ)6o_%a5b36;6v4rLK4%F5~I2~sb4bh4yM4|xPYxS!R=fmH0C-;4AZR~jeFdUG$IYAio? z#f?rinemOfy6-g#5ZTTU)u>Ji=9dt}uq9t-?<_@gFQFa~i^1z()`rd*^mE&g1d!A%KQ9xu7F@QM{4=rYd3%;*Od+My?_|- z+YftrbH*X~*DP=)Ct_uG;wk9~B#wMzX$jj~N`eb@>7`^^0`&$|1zXr7e>Wt(S-qB;Cn4{ILp*m|)s zR2S(Bw$eQF*^8C_yQE9Xn;xbMHbeFF(F6u}zXkuzrsIDP{|!du!hiHK8SBu$3L-Sy zazC}M=!yXBs6+dk7ibPYSH#r?&ez_eA=bZTl^R&SkV(FyS3KAMpzC_)I_~o>H=Q!G zgYOm2aZMlNiBfb=n|b;X@!)k%A)E>ONo}o*2fvsUVS}aAzvSMK>o!;RQR)d@sV@mr z-%M9?O79ePI&rV2#52b6WeQD;x2-ZELYh(iKtJ{ZV%AR6*eeU8_9()5J9YtfMs>>B zuDCDRf-if>-?pz2o>lq9TTe8x8_DCHfEGGGZ#x3g!x&W8=7IlvlaD5C(>XXW}{K2JMVWD!Y2 zvdyN8YcesfJE)$Z4)3RTQz(BOUPbs8yvXWa@P~84v}FA79Azw&@~P3k=20^Kfh)rr zq+X*2wFAT2`>}tJkJjQ)7V^Ah_TjbJqwpR*Qr=MeqVjtk)rXpjt((}7084yG&rF{Q zIyxQihSu~Eyar$Il%=e9rpxXuJ$&zS_cfb`=8|=6;BsTf1@Lp`rl1KKm>#NrR<;lQ zY+K%%HgW3Sn{>D*V3(ZqDh=B#Rj91_dQW**&lmb2H{-}Ca;m+Uv3@(FX!>NJ{n#DX zYLKtnmTjs>xvX;Q*?Ak=!GXJ+gOGAp#$hsKiZF-Y3Z&|x*Zhk$NnHtvf4vF z1$G>(A3OVgS;|+$?^5y)nNM>v#Fw_RGRTkp3_JlHHEabMsX;6S!Xc+q_j)5dkuX2@ z$u(UFpDZAWeIcB12$w|>KF9&|sXx+>J!0t$;h~m!Y`u)YAUxC|oa7pa6=d|VdR-Rh z|7!Nm8eu7jf0jjj#$CM;e+e*$_!8d!7Xsb!O>in3|I_VVE@()&6R+So~9ww=4zWt$rAN z>aN?Zmi5DZZx2HK*lvnjHf5J=?V8yRLZfCoEyjnBEh_VVa3UMOY~W9Nt)xO$tmY9J zj2O>58Z_$28tKQrpcf=kbC&UegYyL-_4q%e#Ye>USiODM%DeV`P|MZoNo)x8 znZ^G6Lk#Q{p)9Jb<&+1K?SWvk@14?SWI}8?v2Y^UrYl5MTv7l$(n=#b*px!GNfFeN z&1;tOiqtaw1FCHmP46m+@)0PducPlq?dd5z+(ez9Rusf%eu0vVU45090hdP>5JAp8 ztrFvWRifS7@LQaQO&n3PY76weN}eXeXOW8)+u|*w4@!nl><)UAAR6trt*Ws%1>}R5 zF~hq?s4PxIXuma0A(5P2JPo{>8PyuQ+QmCnxu)h?E8y5T9|-aNtJowVQT*>}qejJc zXOCN6iztwvSBpYHWx)Lmrg9@x;uQ5Y_d)yMj=iwN;FDE0wkm3mAttSDWme7u_fVldyw(RSi@9f@e-J3(<{StDxTRW06%3B5cU+fKsEr z)JRo1LI52NBB1{K*vUy3@p~c|$eN2^C#hrEcmEBqZSLRQq!WW56$nGnINN+A3NOAD z_D9H0lq(Cf@4Ue$DkM3$+8!fE>v4W-&Wc-qs?#7-u@|+9%mB@hp7MTdTZjIWm{sa~ zOE4km{Aqvij!Kgn`ItfO(e8T-!l=~XJ5BKzh|$aQ6`kjOaEprbuF%)n-UIsb3m54z zyl{aY@rRk2+dX%K=b=h~VbVRW)59Nmo57Bp?O-`jLC$%(+)1(o&>;#<4&Fr%e`Jw% zEDZY(GyA<;NXrRriM)|J5!lPh@G^62EyH>nG;{9oYG*i=4I|56=b_Q#Zs5mWBd)V8 z8Cxlsl=pWcOl~}l!wBoHibWlJNU^@xo{ha&H#2p3kMXTP65gAQ+Us0e>zlb}B1~-_Mz#C1u)F5<{<$|VGD^I-B z+c7FyvDZVrH`^soLNu(8xjj`jqZ$kx+p#oW8M!C$&G0&fV70X`ThbbaqtZ8n4Iuai`N zdVkm6+xrxJ`kMOshJ%uWDQtHXeQ60Z7u(SWx3k%R;3Rv@Bw*DNGzUwAK_z$T2)tmPpT^^r0hm@CEHs0l3@e36=P5$r(gc}2>*2)~)ytj?KcxMKu zsHl{;^!W&($&&L^X@THHL&Ubgk~EE95$C_S6u%xCF&i-q<^&Hb#jT2^9cq*be|oQt zypNB(PmH`z%D#hsxu~KHXycC=ef6n4_{``t&-;5As@w?uNBF4>RsTs!p&T{3&$g`6 ze-SdN@9kzInEHQ|_!1 zaw#FbSt=2ethzN)pPN5Xd)B&Si?>MjPBF<=gt%L|Ed9H3DK!1C@;ckAvW;t5ffSo; zpR73tj1;kKY1%^AB9!bA(?OdS?f{$BPj{N=*)43ZYw~(1Aof z6Mz8`ylu(&t`NFQcE0TLz3rJuzJ_x>kimHB&-CNbxz5+4K?OdutL1%EGzATx6C9xw z`;#IV=E(N(O-%NZ2Sk@SWG{;T z6S3)9i4wIA350+NNl?rQetfly5d!JE*TZTr?SiI$A#b79|C5QzSK~t-u<5^i*%dR= zjL3>fHxe_17-(}s6E=yt|Lw9#OyL#MC*O~tH&{h~z)3wg=)TlJdBGRmHa)cD=zR21 zV407W%AUvY$&XD3_70xaR*I%Jjw{Z(fnAmGchuVOW&SDsxi+Hi(u9AjTV#E!{%h$nEl4^eUf`exYhyeV4W5)7l`GrIIFyLDgAShkJ;S?(f~mi~b}}%z?8gjV0Tr zdG4r#U_(2#I)Jbq^PS4#jc&4YGOWsE$9OdPU~z-;VzQ%WWRjpkLel~_*^oE8U-<7v zglp=SWqe@BnDHA1T1fq6ey9~*KmAgAE!$&Pc zY@0D<*kRKZ#dl)^BF%mLTQrViaki(kICH_>;rWmS{<0p54wW2}kK#P#8qpCW-gdt< z@~wSJgqGGJe@I#apu%m&2y^K`4BUeX$Q_G)k!{5-5dy(WQf9)uRf=0SPtCE0MWw2> z{Xkg8glot+{;x{?=M2-1q&>~4fi0L6iz2(j6*hrrHdjpv=U^FAtc2gU*c?Z}YGTTa z2-|fo_Xk(=&Jud_28s}$l*7%5J2jKiMl9-5tGZ0eZY@$}802k&f#3I?8~{tNIDEP@ zSTxelf>XlMl(^iS?~&Qm6^DN)RUOcdVD zJND~Y@&Le0E#dEbU;8wJCZtc0gYVS?;}=eGkWF_GW?5@0R%;2^ZrQ9snJG_luA{Pe z#@`M49%vpH{?npuW$Nh8%4CyX<(aWleBqs~yf?pvt3}6AW&;oA|I5~^!{r}X$O*a5 z#YwZS8v{9RKqt!b59J;Yqqe1&VK2bsCj+P9m_AvZ43m8QUQnVLK_e?spDbxI*?{!B zsz}pU*e+kyTdHt;R}|+dL6op4=W}5^I`cvVpxd4n_Q&ki?9$YwR8qH`pmVyCLyz=2 z+4ZD0ro8n($%@E#iBA897MZ>e;R+WWiFJT%9$c zJ`xxW;pp-XeNF;%&aRG`#a6PfWADE=ANHI_;u5u}2TclX16lb~=hlVNEX>59k zu%N|Z_VN5kK}=uR^jymLXTY$fwKj|la+lRm;I?w-yA9d*ULZWmMd*edF@QPxbJP4CSwxJ^M-mn=#?;CKQ@W6=souOBL0u! zU4OxQqd>oJandUxgswKXCG2V=ETvbW;5_ee_c+2mD)mr*><>`8*Pl;Gh#6CzJ>(Pm zE^CbBB!kwhg?t88FkeIxV;A(zrqi5@L`*fxaY)jL150Dikx)K9=aH_9JcjH*yh&7> z0tE**O;j-tN)ooluVvj=_^+N7qPEnKI3bI~W-@5^uHzGfqB}hI?AR-pF%n_SO*Ihf z9I@j~&B`bhYk8N9{DE!F3=X%NUlZqm+Kcwl9Fy=*#eeCodM>5D)%i2ocl?GW&G?X@ z36uENX(kF8lI+Ac|GG(8(fBdt**)8w(!cU)fO9g-AYf&^2v~ni@WNuNOtUJ3J>o&o z^u4L>>st3!autC|FUc1vw{s~Y$4mvg?2bdyr$IxU$DiP~Gb}lD`}QPy_-6=_pcuwa zcSxLMxsdjxKOIQ$4JLNHVWgskI=nr2(Vy>qJCk)X@_7|!JTsC8&+GudZbyQ4F9)#P z^rwiu;GkBrnZz4~Pr4?;>ZN28Ebzi!@aI{Ps2?jTWl_Po8MsRQHflc#H5aHIy-j3B)Na|RM@gl1*~ZCk>G0P)gRhSjyC6uk{{DWzk(Au- zQH(t1C3J(U|95cGBamk`KeBR%erzePhzzWzi#W;|PSQ6#xEqCf*{DMe)oh}6Z}YF< z1vv5(o?WaXg1CbZUK+sxD$kR_rl>!P3E9W;!dAavT%_TKku508HQ6sz6dO!bmu${fH2z`oA4(yG5SqOrSGkxBkCj$5IEe_=ggZrK?XV<8bRO?LqH=zD)#N= zl!6+Ks}yjVKl+8U)tT4mhWO^Td8!0|p^4*)qimQVS%)RN!2qzjxF;$?iQR^6dQn$> zUzno$y5g=SUFK10vvam~gN@@v_9mUWnezUttkr&98T^(E(jQBt`h7ZAr7z+wxQSCO z(<8*`z1lP8+LJL`8_a0WA^^JmkC?7?t+@pMp=y%M8K1tlagq)H_0ZL3cTB+C ze){G<&GOGp{nm}Q7z#P8{Mbf%{F=JyQX;!CUa-G7JUiCzd!`k0?Ww0WI`qD`;}9>}~Byo>)*=HafgZ2;Pj zve~G34pHg-=~cmnPw*y1*a?Lm^qP7}&;Hd-D^u13DAM#*(Uc$QK3@(=jU4_2Hmm*{ z8Cr?}4GKELQRl3VNR;WgUw*5o;O#{q^Xsn84oV<^w!a^WH2>8t5~<^9X_mpc9Z-9N zc`eY@!V)I7Yf{BL{$d#>LTM{!v;^p--1R|o*R=rQ%Be2I-=pCPVf#XlK ze7TFlpXI9bMEq16ZkmVR`)knAJYf%g=eX3(mkelf>k#=|!wl6r>#m|TX<#n@W1h_( zr|#q7v~!Okv_ey#2~*xtwl&5Yyx1HSi)Cm%EfDsICF&VWw~nQulvsFOmx2>9Nwu6N z%XEVI2fo~<1=ru@XF$v_MB3ef*w1K>KW^g@3Mq;C*Atm%Jq z`KZ!`0JX&wa5et0QzT9knzM@=fa*pwIA@(T$R&RfzjZM`P11w^<1=5S)4+nX=SAdA zdr$y%LQE8i7Bn$7`ByplrGK@L#An|;_tUT`-qhF=2Qm0f@d(SjH#N?6aB#9963NY( zRSEyZB3-!4{`Va$>>XWAmHaBh*)=%JFs@t>Y|tgbC;uBv`RM zK{pZ- zc!lGed?16}l;E#n0*AuULScYV_?IhY&w>a!_EM_*HW@im-rNr(7z|ZZ(xQUNkHPyf z`i&Dr;cqYgFLCmSN?jz;s~=Zku>suU+SOgZWfjjb2!xAh@CWm_HFbw^9I{`_feCNb z4fRhg@lPn>=ovOz*zzUgB81BiK0t0|mi7wlq#rPVg^4{f%RCNCS*{Z~?FUv`Qh!qR zD7)UQ&hUBXJ`Ac{)L8geURXiDMvr9SB0bRK>KBDNs8%>%NJqksij!Kg)cLUPduBwFb{zexDwibSk4 z*bz*xc@+ub_se`>%ajB`$n|wQB>XFhdu=k(xOg75a_KG z>bqysQ@3GGpPzZpBWq)~Do%uf)5=4UB9YDDRuBwq7Ad4mK_?o)+Fpi5kf9}jmpzI>GI)4)G;GLt*tO21G~5r_C?-1k9ckkQF99iP%Skvxuf*9-YLf{#)$67NUxe!TT5 zs^R(+BN9e>aCJ_B8s+F|oMWZupnRKm%2k!+KQ3BuuaR z%>Sf%Anw|8;cO-h$MYn!ufnT7l4ZY!?f{slV_$0RWEx3s9F;kPvC zk;EMB$NallXTd(sqjR;|60q39I?5|scIAEG`2g?8Ip4egXCV@H0=^GiIV{DrC5r^} z%44EPXhu`ExC;r%cQ#x5^E6LP44*fr3kh!S2b0{x(z+Vcv z2J@;vUUv&$eQ)6Tn($wVJoM6M8=d>Ylwr(V6gAW~jmD-q@4 zR63dOoq3jqt}7SC3p5-a_@uo6+HAc zu_gh9<-=%0!L177DDwr81bxXaSgqLUVS*y7*0;F?o$nH?kGf9bK9&>ASAt`RrGSCS zR!i}sQXK43+`TbUggFdcq7=IlE7RakEui!wAHlW`{`uU9fU#wcp9wyV0bTF|1b@5W zm47h6Rebj|!zLI&LsPFGMUT;l3(Y4#H7Rx7-}Hd2dq_|ON1)|__Z}hM1Hqfro%cjg zHmW?`#}-)zg>awb7~Bb`L{K&J;`P7HN;Ok-H>+D}I{{97O z-WKO$(06|{>DioALYmre-g1!%h5PD-o7V;p(+dnXvP3U$`_I^NXj5mO$@yg~<5#~# zhoA>@?(wWekfW?4-t;g}G7ZXLPD#<5>{~8Yy3DRbLUI(#1CungmrJD8N>%l5Z7{gU zOlbPonWGG#3@=E|VQPB6s10XBb*!7^PF@4H5#%Bq0D%JD{!z8x1)qn+?YwR2S#P0{X`>6({ks8=! zZbxchGS+|0dX;~j^XT~A8gyi9u+~Nz&23W}ZfqsHHkT)-6H{2U26jOc!fj1@5`*H5 z&ieBZ)Yo6)MzFyILHkb*Mid??+J^Q|W)Fj}HK8Sg4Qf^rH$4uLZ+nkqu@yjD_b4_ud`sO_9O-iIiu01pSTyaJmJ47ukI1Fbyk=iSl?n;XrsXM zgA-t(^gHyO)Y0FDo$;;(1ieU5@R!x<+|>1+6Cz!Y1;?D=DO<}4?p58d30GyZy>E;8 zN3*coV*XJhb5Yy71FWSJsXgcmbtuufuX0V|lrc0>|3s=8^yCI1-8gr3qU^J&`&yr% zYgoU42qdGqRhvOUGgD1*dXddOSfb&?cNG3?K=5DDJeGe#M&wc0nO`mukV&ftez_}^8}4(}df^hcuWvx!!eDUpK7&ubNuc!EV^t7ia@Q%LNSrZr{J8R0ig7b&@{N| z9;mC{(ObVbR&uK8lZnzV#%umCp6>Me1+MGvOr-Da`-R(Z+r9RdDm;lWmf`Td&~!?E zs>ZTIj}mFZ`B15dB;7FdyJF>MaXf{eFCe>eZZIc2ew$nWethA`3&uU4Q{KEj-u$_d z_Hh$h==U8am_wl~t7NJv+neA}+WXRj9IeaglS;%Q3zlcO!_MT3WAV0Y!2Kh`t)ECR zE*JDCX(I%C%vv2;Jy;QMwxiwrF`*X_>uc8*D7BwlC8DcW=kU$$H#0HS=%_>H zLUXj1B5$4*+PNf=bZ^Pci4E^mNJmhi>A+n#)r%EMEF*Iw*4Xq=%;tuUkF^aWV zUr5c-!ynxD6okrK+$q-4paA`8gyO#97Q>B$4mp0brIm2@XABJLtcGM{WJ`0aTxZaL zU6t#Bi?t8xegdR~?!p4Kt>cu#k%=Y2Y)%Qp)#1wy*Yj#JcdDxtB^bcF7qqs;g*3#H zxHJoLxINU-KmPrh; z{zBtPeIbD&tNv7M0^-yx2_Dw|W53%m@Hj-et=8cf_!Hjc7|6k#G_Os_r5+~fK~ECI zc&Km`pI~|DqF+lPj}R)WuOIt?LvH~e!t4P`XJz%%{WScWdk;0udd_{9%Ma5?$!k+j zRMMw~Lf;l15e)bPEk6;*Lvk-u?jnrCPq+z3hu^Rezml*sw5l^ypXRz)tFo_6MLz&zhmva5kd~gYXR1nsrY;{lX3W0@ZXQVU`QC z|I>ma*%$2))Hwzb|0bv}$;u|*RUn}QAi=;Mqgzmqu2c`3cxvbii0i7N^w-^rzW2mQ zHb66+1|w*rba2KI=xcvArlotNyo%v! zEsfv*{5eDOm~2efi2X9bVYT2uJG=n!Jz&S;;A-?b@|X}^#ITuIzb_HKfBu(A_w4j; z9|2bKHdsktgQatZcWUElF6x$1-4_!f}iAX`F9N+P-5DMDSUeoXCXp*RW zD42RNvY|k-Az!kAAFuyePWKA(SRIE)`)0qFoM;o{|DK7iWDcfYiX4Awb1CD^8Oe` z1Nm}(*geERT^B9wtFI!7pWtCeZ{>hW-KF@lNSb=wutj@oPbBR(Gmxo0%AgvDw3T$yM|y!{Qlj8s{Fm^53KY_^pvPrl-W>!kkq^e zU6HuCCU~)!%xJyho>2N`GZmNIE2s`D#FbZACLB|@x)!$!;_V$lIg}Wd%aXC3dC@ky zLN5$K^Do?Vx|+VVt{gP3+%qHr`$ETg2O~gTHB+%K7%|=U{FL{+QivKS?dSSImmAMt zh;iM>dw|!>gNfua_Kb5RlsPVBn!8@@>}Ml79qp#B%wY(ZS@6J(H0#K0vv&8V6t~z& z;Qq7%J>XZ;0~$YZCY=Y}hU8TEWHvsJhDBRi3WYQr-o&SyVZ@($uYbJhT&z~^yYaow zPu;;6v#J5I!%{SOb{C5kp}CO|%pNSTXlraTAX|0F;|ONZJs$(96hVY2?J&J~5~LKr zeI^<7S@3qNhC1Y5Dt76wc*S{PlJZMw8v!5FEc4mncAeR7GdLSo=mBXN`a8*u z-{4OBqHC38UrGVIDv=7aM`&|57`&a0PUt0=&Bg}VD?}kRWfa~W)MH>Hzw8EUZx9{n zvmt#Omx}C&9~dDvy&EpwN%L@qNZq9LC;(E&f1~qsW@_5nv}v38j2~D0m!j4@Fn z1V<@=9b=D2Ah%Wi7aOEZL8|RtZk$|D7QxVlC8hT(izkFbUpSubIWv+SmCp%=02lOg zXche}l1q_dTi;MUyDD>9kIEeJzM=S4R2i_!tk4h}Y0==<3P^c(JQgY4Dl^|8vz1xn z#@M$;MbNOyC_R-qEv(D~4({hOBH3AGjt4F{)S-1mNhB93yulZ*_o&SH9+jE8&QLt| ztVk;M>*fUCh{DmzJm^Ti>d{E)R++U1nXQcHklbO5$|yaR86Q?=tb?1?9Ldfqquv`_ z>d<=s%-(42ZIua*gWJ;=NbTtQ>lPHL%ItlIvzXT-oE#&%dkzx_r#Vzmb(?Qb8D%lB z*xsGof0Yg{EY{LL0;<+Z>*kOsjQEHzQl z63G?rHSMhLGolq)ai9#`^9ALfGAc3rloAbXmPI!v`#3u z0?%$WFKsf(SK%NV?kSZB3Z`tYJi}TwE>&gCTMT5~90k-P7zcUbj$CJ^8;w5T=OaX~ z`3Y}w9%~^36#oOU6U_dGcPt1g6l3Dpa>3et@HsoQsUT=*aWt$|c&qj7;syhi`5&0A z;9!k>6*N-3!-3=NLL4|CW(yqd1TW!mli?TQa7nmJobtmW&+cay?s1>0SXM?ZI(a@qmB~8<$X^@zuHrVwY08(Dn z&mvrG9eaKd7EQ}S)nL_!2DoZYq%&YbU_Jn#=rrEI?ss61-WmOFiEwM=5;wq&M98{&=b(8&! zx}ExU1nC`=;D|6mjn(a+|1_}9t0G{=f_sEuln)7>b6^{{0Q(Z!1n)ZJR_`1^PTfDa zdF^+RVDzI~XOcl;5(r^yM{HRP{)xbQ=knb>N+DyCwSWcB zxmvt^U8GcFlKM5@MWNjv`9Cqq36#v9zhL!ShT#?4M>03ws0}gfU8Qn`r@TF*%w+Ag zPnZD4(@G+Tzp3%t+|c>f6%ooBk8D((p#aPZ*sTuil`X(l0~S2vkbG!h1W7A%3e!bq z%BTGnZTjR*T|-v)cxC%Tm_liO3O8o$xflqhAL-6gI)g~yqgJT~H>jy~s0#Hto;zF% zPQcJJatD6pxLq56>Z2U~_u+qD*%$F9w3-}Iv_KIVJ0v=rTI{GKQ{wT3^ICypN7xK4 z;n+qm4%zw3@n&xt!fuB@@mk5Hk4;I-k7EesV|LMdlAeg3_*3uZP2PszoXj1;QHNtB zHcM#z_Sx8+49AIw#jfl_qQ|tOn=JJt>K@>xUvNlOoH8G5N z6E~yX{2vuc{WGsI@tQxAIo*a1F|XB-Ww&nnP`O0%iz#d#c%&5oEtAaHNGppVrQt9> z^5`1P#8^OiL@{Aj&6nxJA7K#_c(3-4D$oVMGY;ir#Ci+Ijnt*YoI;)lx?v|c*Hcon z({h1T&kw- z=A?@>E5R0Aq6!oR|0wSwG$Vkl+^NTn9%0s5EPze_(*`igFP8>3F3s*7}VuE-3?vkt0`zjZuT=^qa+gA0vTfi!2>Jn{{UJ2~j zRHCywd2B&d<0feuQ>KjZ>)H#_eqS{0i$Hpq zL9a^xMk~ONKW-9=tz%JZnpxeRc*(l%-JBPiuI{x09PPi%gV(A3d#wM`f1jyv{Z}^T zUj4UPtqdb?V53D>Umlc+iPW$o?ipxDk-j)bEaP(%oE$c^l2P`>6<1kj#*t%=?VDmf zZji9>ceS-S<4FH<{0}?hGZ?^fut90f?vKie6^@hr!S9mJAN@AJWt*pr2)p{|6?|h_ z9_o)?>SA_Ln_4HI^$*7p1!?T7utEj+tkNJ~uKrnsF^>H*S)D65Um6?rpr&2SKOM#_ zEJCiylmX)t(Z%QzLacx%m!;RMfuKY|hFu?Uz*WPQ6Jo~5;%Eft6&NXOyG=FQ;;Zq# ztZLk7tn?GWHy5P01I-a{rSq(_kkNW$Oevm5=k7e(DKS{^Xvhj9?evY%0IO~oJoJLG z!mF1u@z8CjJ?)+GnU}cspCtJ`QTB$3*tg1Gmzl=Y!`PwrZv7~GFDs7w@h0;DWXDb0 z$N2I-W7>Chs_!lp&B)DxyRai{n?&lQ^2`fI;v3elswVq10iynRQLYxkRd!W_ctk{qJ0J-|Abp$>9U>CM2(8%* z9kWKa3KrNZ7A#dHb*My2yfHW*rDEz)!ApHvFSyoaw2fu-xvi~<&nCiWla>VAHPJ2W z)fW2e?vKp>-gW1FOx2*;_{n^cDfwXWJUvt4lYOwSYMd;**B-ZrGdK>XWA-$9DuGo= zHX*SEW7s>1)EThj=(%g3g|@Nlc#KUhuHqWUv2tzcM=4|cLp!SdqbF)uX#R)IR7@M@ zlnXdgi$3w0iwLgvj~i5-I%80E*~`wipF0_kJF7z1CeNr-Je7xs!efA-)U;|oTGXhi znaU=!ZB=8dUdUVH*;SY*iC6t|HBodKClIRI!Dss%c#w z`+c@!_ZT;tuRanPD4!zEJ4Re}#+w=7aw?j>%5z=j$kgGv&~E#xdQf=Ag9-yDUY%@?clL~zp>1#e^*_$?6Ub)Wvi#$Ha7V})v*7JEn7W#j`*<_ zBr3BPT34F@)8Hje4URb4^@<`femFqVEk?oh%;A^o4oS#I933JgVFSe{{B9D~RwS2+ za5d?np&$~+FAx+3Tem-+%s|WSnQOWX0PKLRmc+zuTaq+) z6R)5cvUuat`4q7PGX}yV{W3k}NCs(1I;fU;O82>6$w$xJSbb4$J+r9hSdbF|4Q4(V zO2{AY647(b&g8e7gq&ay!Nph6Idz(E)W6J5ipr+cNB`PCKo4F%zYgzXcL{+JV?5Pgrl31ZIDkl%$JLw?j z3Ji6!Q-Y4YX^tjF`Zq>uq_6*{Ezt*)uB7tY)706@_mEFk|L2i!J@p0UTAH{Y1u-W+ zV+PS|bG?OZHSX22|D#6yH!+c1$=$JeRXDdbeY9;AzJAF~6;HtxITdTyRizFc(abGB zC-B|8Z3P3!h)R9iQn`O3a`UVF_zbo;k!f9VBEIlvWLZBTDfOO`TCCB z^7xG%<;^G!Om4wZNq*0p6|#0+)25_7~tdV$!H+#2Q?rt=+O}18X!UlCIthqJ9`}+Mwc-m2cAM zq?1p`DFuc^=C3$I;b=Xivu#aA#jfA;i}gziC^j=Ib$o7eWpZ`J69q<+cZKenial3- zR++yI{GL$%LrR5ZiV8@PZ7M~Fid0o@#hSoqvF6A-VFCUE&LmIZLvwHF~l$~)%vNM{>N#e&mcRT~#JYbJGuo0I=z!;kFr>2L;DIdy?DU;Ew181EdJnDW|b6 zr%%R5TEY~=S41sxawMMWa+N|~u$QA?M&g+&@K>&^uP=+B^PMDa7CE8A zGv?;!D?{}`#5?Ph$sH6-!&Z%3kjAnMJxs37@k#9VP`h3_Tbf1-(RQ`8?4 zeYo@`X+1;l8W zfLWG_<7$G3mn)wxL!`{G8d!sa9i3wrMTlb!J46wf(Hp3a*e7@vD-C4q8)bTtG59YA zEM=WAu$ur2R)?iwtVi4XJz(5NeU?frXK}@4iA~cyB{gcByQH~oZL5?i@BZi!v6!KA zf@{K323aYk4w;#MiJ;w2VCVHfrk?}bKWe#)39LK>bIdk*l@;3Wl}K(T9d-@D9P1wA zz;@fB(9c!pe=Kukz|Ac&p#=xK=H-)ji!WrO)8O9@eFh4Ryj%}vG_!vOCkKNC7M zg**-F!F}Xr{%|_OS(IP9(jXUK5JAuS!f#aWIoWbia3;nVmQOg86QWj1tZ3o4T`x3a z3ppp`UQZh^vf#kq*RHB%-Jt1G!8Cp)zp%-BBvO+awDS|c>qi=tsOyiyTcG&yUoN%yWV}!vrNpf>n4N zknb+PihzMG_WuyfG2gCGD)_l@pr{gcB&#>aR~#BVg!V-i2X9f*fn*U3wL~GE80(6p zs+KS@*7+2{uUy)JlX@4wQ3bwFZ04?@+5z>O76GD<=UDp%&nZ@Urk9Xov(92+up7@r z4d>e(UDB7M^30OXQ~piLA3k!}rOQa4Xj|8pI_^w+n)RSRPBBb6gJpkpb*~lGLHbVPodU1>g$f#0*Z{qB~y4Mx@>Qy<|NwVui$DrRc9 zRLnXIwBCjG8gITD+(RvKWw4?CuvopSu z?m0WKxN}D1&2I7Z6c$h4s(TR)8B^E#I@Cl{KO}$= zzOafk(By$zn^sH=cPtb^F#1zyA4Fc)N#mYcu=QjrV2}h&I7!pk;AN)`HHs~DleK>T zwbQAd9cILfi`wOCoAK%0L-i178m@6S$oQT*Ola9CoeUGaKu7p)`k^Oid?f=p&0=p# zw0jp&5G%*t>ctu`V{7yP&r-K_AbV(3JavuH6YFAj>wv3>4OK=w|A;|`SU!&SAnh1R z^no;|6eZf;$4q&`MA~EOXnBgg&gmN?)+9D;NF=cnW+%=@CJ~}2m{aMdZ&v$KCnqk1 z1WNoGcC8N8-A&(u198ns$BB&8U9Y|Li>=nbd&@_|2OJi`oF3F zr2j$vryfe%7pU#?)%N*1UF`=ybf>HB&NH|ZiIngWlJ0c1cTUx(pqu0_x$07#uh)~n zz38hcBxS(K7tu8+qlA6HNP#Xet$)Y~AE&lkiXn8$`>h`0=RKMIwA&}#7;47E|7Q3s z;w3`g<*YOU#)S!R$oiR0T@YI~=a&+Lo8BNhkG6ODb9XK$JZB>S@?rKIJ*)*9IwdaY(l)sZ- z_z-WIKFQCMude=>yVyHdYZorkIgq9~brNQ$w#sBHi61?_HhzN{2`-?FD!-ygj8P)9B<-G`6WA^78q2hWVjLxi zkxC3B)(?Vbty-KDjQx%4)n4Hn``&hb>?Bxp#`3G!62^pH#}9`m->wKxzNM6j>IiHn zT{_-|3go``8T+P$Ksi$LKnSIVN7NM#vUi4s;MiwHBQJGNWGJ^;(%($+QPS)Y>0c}{ z&>f;$`3_>?2f9E(j*TqKx{|cIBu|$|ayLccvM>qVkbb3o+#qp8R71Df14lvWrU)9| z-N#beYJi;`5f#NW{(S%p2B&_Q$ZXb4*9y#ndt<{SlfLD?_Dzi)?(I%ait0 zzn-W(yQ$AeQQY$L;-QsLz9{(QX~X%7^CC20T+9ikpeISK8Je9i+~de_`sZ&-HR@x>O z*@775Wp0az@NRKo@`N^)Jc*Rq4S+mxa)edD0sgJe0Lojw-PFCh{z5<2@DzPO>X3g* zZP^QT$E7O1O^xgPEdJ;zbXyLKt^Xk%WRJ`a!AJLVHw>>1`0!fJs>`T>9g>OUz_2?X zCTzOHyWdjY_R+&Z_5v_#8rJmJ=N{?4SB^&O^&Q1HRxRy|Yh ziR*8iTWRJHr04wbN!A*|visvsDfJ&0m(EyUzq9|i5n_FPe~#ACM0UnmWbY52@+8|f zb?g}i{Z-0l;gu80Tc#HeFK_5%)#ggtvC=;ZId@Fwk=Qh5T&w`-b6|Yo=zWGfho=Fi z)RVRm0j?}!E87zCb6eT`6G{`Q=Y(SOwpbyLI;*m!vUu-m|D=gp20{Q`S0c$5o&{I! z-zm^czv|>WRmrv0$%JNH>a7-B$BH~tf|`YdBQ)brYgAGM z`xR6)AIY-SKgY%&URTxhPfW)zS0~dI&x_M5)_z3!`xPA7{7s!#gWmL5f0^-YQ8Ve?ww|llK_`p{sH>V#* zx*`5JLskzKKT!(2Vz&q6dQsj#szx4>B6~ZY+B~?s-Z2yJiccthfs2168~=nN`9rhC zNX{K!yeB$YSjoP&Cj4Vr!DsDoKP$$qe#RF*V`an__A77RgtI%z;tOY6Si`1<`ty~S za0&D3ffiBoyQB1~q(VtaiJ!=JyNtsf2PN|2{^+%PK{3|nL`FA=CYMQesjc#Z`g24l8(MEDZXnC=YqNArd4#Bn z9Kzp`qkfhh|Ew8VuwyuF%h#66y^||erPsI7$KFTfI9F=v3%qD0a}}xEk2ojyIf$GS zUv&BSisZ&&9p}Pd`<+`^)*7F+G|x7R?yCb)hMk){VtgXW*3hfj^U@`A(H3S~MtEzC z(mZKA9!aI-2VR2{yV>s3gODhD*b)64yahu(F7h^S)0`JybXxI#@kN`f{fddz@rOIA z^JbO~P~WfzgCy)#0h3mcGr~Sy?P!H04$Djm0`|`i7ePA$QH(xJdePF5c~npKXis1; z9gY?jpYbCI;E$_i8haq#0W*f^6KS4YI}5#Q(a)(qvSOxPSFo_Ic;E8%?X({rd{C{q zxPd38f%tRl6HVV9f!COo^2}$CV3CS1T9e5A3W?;t)Z;WNkDf`Ic+&zww!MqPLgA46 z7(qDNpk^n6sGIfP_`+tpJqoc`N7VfNJEm$BcfO{5!{noq&|M-sqEfq zAV7cS%3`T)zM`Z){US>b8BeIb^&a=e*%b@3!@1+ z4-qv;gdCpL!uG(x17yJ;BU+PbS4*TY`Qet=;7b4suQOPK822t_Cu`h{Cgw@@$~!left84 zjkmjMG4A(5pX$GMK_qGqMg7d8f_?COP4`(Z9k5&fGyT@CPUvxFqNd1KJ)%1nm!BKo zzpZ|oxSs{a%rW?vNh3f4nTrLzj1;V23@2@3Si6>(u4xhuhhV-- z_|Op>N*#l*x1%6P%ITQP>YlJv-Zu{`EcT~kv`}BTL0`i#W-II5)k5hL1!ErkCsg}o@ z-pfs_&LsN15azx1^LXu=%$>pfKlKqA(i~et4K89r(Zs=>sWD-u>W;^PP*KGASD?O%+NCY8c1jzvGBenE(aT?8(SajST4ipfQY9h+ zD#NPy)f}y#lStxym;bqg0)W+UYRq6M0a~_V@{{KCTJ}c$X^GYECpIhr^UiwjX|>NGE~k00(aimcrtQ!z7|P)+Dt=H{JdTyJiX;U$i}MR9$!hf@Je;C~CNl#n%DR%A9Z3TNtt zd>Kglik?kNYeT!VKQ5ou4XPsV#iT|DIZr=-jhp6`8~&k}0y}_G{o8EuX<24|u={DW z-ce!eZP9*$UKFOttP9#sVJ>~w_mvl)`QcXS3q|v_5ZS!I zNDOrwzxsyP_>Ai)d4=k&&8j?ke_Yv~T2Gkjw{Yf1D#qFYCh`Fi4qpg6im4A61#?jL%ZQ zEKBo{DHiG$empDq`)I+nAJ2@gA&t48!=~P8^Bsd>5^Tpo40J!-KcvBg3P2#iUMop1Z~x0)W?(qtSNr4JJOh0B6gO@E3Vtm@DWIdNDj@_=#B$U zF^KKDA0UJ$DLZS zRou(Lx3!m)*l!EXd)@8U_%Co|Waj=Zsn>(wzc2q@w^96ZKt!q!q&mUXF8>R^C;#}& zK!aqD^-C12ReMNRLR0%Sv9`QW&kY|EQuJhv7|=bo*?@5Vc;CJy*JNTI3E!+Q@C)y>@7wKr%8!{T zZ8v>)eg|H$ZScZe@O}`5djcIHNcnu-$(MtY+-7q+vFskrL)LOE= z=yIb{l)Dt!GpE{=Vm4vHd9I-4`$r10g~1`V>I5=_m_O_hJUrjBpBvpFYlJ>X*}sRH zO@*^35uc^(Um^^IPTc~bzDn`1OOZvWR4FzS7QE^T8np#NshiZ(p-_QQXo!Q$*#e>8 z-A^txE_<6#(#Kc-fv`gzLMtAK$PlB@6r~u_6QR45;sPObq$}tTKk7}PuWvNb^Uq@u zJ*{-L9`YbQ6Z)zDzyw;YqW=^Hr(hOK_--sl^+a{yNTjx}4r6Q9VTs%~6RW>U4C5l1 zafIsteV)#jeag{d9XkGLZy?aMNiD@;5}K=KCwjpyd-h@g6D9#9;tbydca4Mz& zwQYhK(=g-e#Oh7#CeA6M0j{~CkKpC+fIOW>-k3LBA=&p9z3}JGgl1Bhiv5yR8zssQ zesY-OMjMBw**HH^Ife*k(d)YENd@ttJc%=8{W-1%^Q;C;3$DFISZ_5J&1#x93pS9x znldb(6Z*!~mMsaVvGg%(aeD$TVd%>0t4;-Pxyi0h=eqhv{ESQ{!l|hKQIj zM~TUEOiY|wMMr8!5<8LBOCFEbRJW&mpi-rD4{nPd$%+&!uMK)Br49Vp>4*x>7@bG} zJ!TRQtS~cLWdqDp}oQZW0A=QMUpn) z5hD3n_}bC1u{$s)i&^1$F7JF{My3@^c9}b$KSY?#QD}QZL5SHPo`#uTmO)*=aF|P7 zL;#qT@K7etN@#U7C^SSuG2v@z_v@(ewWFcDJ1`Nx`h_p{v1->4V5lkARN>o$4K;tK)!=UcKqVUx(yu)Q)LV$4krE*QS=(D|{l;2#}k~)=nq>29b`Xb)*^Ibue`N&D( z(VSmkLGFD}_B}NwS2r61GJP=}r~qi|Kzh+16&Mu0Qowju0PD85=WD^XIj`l0{90ZV zFx~=GlHOe6=KP7-cOWKpLFg?DF)jPIyl)ajiq3)&^+y>Dh~r5+Z6 zdPz|CY2ro8fi|FBl+W!^N>}j5Ux&m<4Dq{<|cInEXT4c=& ze=!P554tTJmV1Z)1kM%BWg&3Tjs?374~>+ZxwcDF-%9!MnXEZ~$M{B`oCnuZBDU7n zH@|S)W^U0-Rj=qwbgoEjSd-XuwexK3PZLG=~!sWp7+|Iz1x{x4uI-u22mL zvU4hMU*;_EF{_eYH-eV@= za7t}?{DyW8=&9e;U^>gbty`kg3Q(9XLK-ybI#jr1l)_-RY;Qk>MP)TqZMI=YxrQCU z@mC73p#h;pu-9vjZ&2yDY!L*l#hu^rO|Ll*6#S0sj#Hu{wRveGcbOR5)WI6*X~F2f zxlAkwAC_fPb_CEIAyMgeOBX^aC5hrpcBPp`R5M*nte!GY2ZxtKTCKn@@Zh($g)F>cd>a3RAK<4=i+3SB6Vnq+)VYxg9<0 zC{0j}?#enfME6A8hDhM3D-4+*Boe9SQjKdNng_zYoL`Fq8qDk}isFmZEQUtevdP!= z!dN&42Zyah3)7TA%PJuX?po0wprk#r;3%F-3Rl9@xn?YyVU`%dj0>$hT7EVGXCA{xyKDes93I^P33DUDjIR{AN3AbHi3WZC~6$^2N} zm(NkHy0b9nPgmB%W3g|Ld5xO_=y8Sjq#g*uS}S(&lgbd&%Z#_KnqYqFOs3^Z(T0zM zo-5)7t3HpP&WXu8dLH@kzJm8yF7FWTp3gk1|CqPu2IfWgi4aIMfy z!nzd~&BLEtL<7vKsdX>5b%J$swo2Tvdc1_O2_KDR554XBKv8@7gxqsG%E!Ydcqi7h zB+d%m6IU6*kT`Ac;iQ$A*j|2a4uGej@s*#ax6@T;sXPAMCzQA5YqC2f?NbZ5$Fm%K zq3ALIf~a2=9;-LMW?~|*&`-&>QP`}9UpPY#1G!vp+Om}@%x8m`7TH*l<@(^puNpvU zip*39h8uQtJxb9rW3MqB!`spAl;$k7_Ue!8 zMExG)lk^L!L@+PX`0b@A`%;p9Db2o&vX_*1z^=~DgvE~>9BV@;gkji^8Gw-VvO*bCk0O+Ik(^sH=<5;xZ8oSBZ1rRPJylYk;Lw-4# z+0>jI|An`FrXyI-W}bAehUsYiIiG9^$W#APjUOc%KTP6`3MI~^91f#GM+rN}gqCww z#1sU0ni)0}>AG^=32-_y-*O|AV)T%=N?slc$rbDe zPaTt;6U9@{BO$4}nhkkR#Sa3CQOEQ{Mj#Wk8}Qy$z9rfP->@k! zKBGoSyDlxqV0X2x%ovgUTFhx2^6QyAh73f{GM}W5@=1<1ba#eo9X>q#7N-GbVk6dP zwml}v(FUD3qrEx>o#II;c-4NR6gvH5wW6J#QS#uu!P$SY(~Q6j|>Y96CHR}qJ6 z{2k@_R*&qOy-pt*_G%(IsmLTCS%zEyujt*?x}$uWOV!Y#Cx6UG=eRe7A#C4KUh0C& z6XCPQo=L8DmtO!%LV05NHC;OM25xNc?3_yEb4DY7rco?a)j5_e8BIwkPs!6(ZtNAW zxN|M8@5)|LH0hXBb-&JP!TdCY;dqyGS`z29A2FeiF~5JzB=H4&Ee1hqp6g^vaIH*6 zVqd`W66idMbiSmhk+KGO>$b2x1V7P^@b{+oS5rwN@sFS8y2UCkzBot09TkpX@?2D2 z4@(P5(o-2_^MgLZj>05N*tDWJzRC^2wV`wbomDAGB+a&LYXCMw>B?qzWkYRhjqY6| zj~e%=a*xC9fh2!;T*Op}lAaSBZOMpQ``bv=UW(e! z<>BA-sA{oa(0wNP3SK9 zz=4R=t*L&fck!SiSvX!M+T-G3HjwsfAhg1-P;}b`| zDM7EGZ-txKNOCH&;i-_sRY>B#n?(YGL!U_pJ1}Y4uDhnAsJ{?otFUa}VBe|j!tgmV z-BsHiWOIL}Edfitd0=y*AZ7kd;F^{SiNR@%F(9|4m&gU`eu`<+7JDK4=kg&Z`+6vp z|D!te^-MjN2D4*AX|PbI36n1<$%DRN;w4Z*_oPaBD7kL;I@Y~p=7k#!w}*dmrHI@q zem@v%4r3rWy<7rgx5<)VXk)7YZCWKbP(Vwdk>x{h3E0HYH8OHjF(@)ZKY(XUFniZY z0(MZ-*(`3@QnfG+TpBf{x>Fzgg__R(!tt`uh5jH_)cSs%Ej0h2UynTyA9E)1vX%B` zG%vHBp5bd#mt<{i@*c@6rz$t!W#7G&?v@i+`E+CO>C_)z!*mvXJec8y3(x3Gz9`43 z!rPMQYjs8J76VWmJ_@2YM?z-JAOV(TY0g1;Jw8>eS)x&%3J$?V z%L>x*lKdvlW6$>@;HglEPM_Uvw%6B>qVcth)P=@cxLJWTABRoeWlEa5koCW7+3sga zqhDBOF&u@_gCivHgZ8vE^gD4rI(|N5N4$gtzsZSH_?;4)fBqS<`4^qheQj0i1!tHK zG2qL1@-A--7IQQh`j0dBe**ilidrQvIluKMoa~tdlk^reJn9jFI?L(japm!u1%#j$f zB-Z$}iP=7D?YQU11dTR=&S(euyDVusM(%qKsiUS*Q{r7u2JcbeJqo<1pV9rTs@4m^ z`x?VETl*p9!&AeGpzf+zBiCR7Qk^jG#eo=yl?M?VEvEzLhFsT0o)Y)ywEqVp)F5W^^C)(sEu*-E{zJg*)XxX2lgQ=ZF8|~nKw~bB$2rZ84h7k;+|uPq%8@E zw|zib^(H|faqC{C*_hJ8Lg^;6%Iw`*VaHMXU{U&ye08_j?q@2^3bSp1Qa^ZUDcYCr zh7p{xo&%wD`mSlK6!kC>5@yzpyFPuQyX6_mP^Q8TlkTex16H;R95;&oT^8Rx z&i{wqek@^06a9m7;rBh=&+2BzP~n(i00Z68Lfi7QkWbDD8<<(kKeIGWv4a}LQzqvagh zeoXuDwa<^(e#P+ZzZ)@R(WInEQ96Pn`RU)P6R!*(@LEu6636bcDg6(isNKM2ko8aP zj}_UGwb3L`99|l4`wX&9;hbaQS-k?X-r3ial@e5KVP3&)!#=DAl2UH>F%M6CmuZM| z!`WNMhCvBlA5UTZENjVyG>n8cG`@++Jq3E!3o_l)#K9@V$0@ z%==#8QpM>Uh6|^2=vTE{PTF0TjF!Kz@NDcdU3MVWY=M1t|<+7gRv+jI&C@WnL=fMS8+1%xN830v2Yhz<5s~P9D zGduv5xvaf?*6L1Kp9!)K7Qxxkmp|QQjW@E%eM7ZxB0#R8h-;dxCM0x?oRuf)mbf_KoDD~f5LQ#`Q>H7S++VzF1&pAb*>VB=UlyG2j}4v%9C9Vdja z>xZo&30{68iUc*hw%Q;;d#H{n(H-}cO46HdleyokhWuuk9y$c_U|-zL^+vd-)`U8( z-9?W*Bx2A5JB`4N@fP*WMCJ#f2$y(R0kp`IhKo`WST} z9r#uJQ~ZK*GBZpv!93{5lD7SLAQbU@J-eyZ`Eqb9yghP-)th#}>I_ph+P#UMsgiG?hO)i{Cj4Rp`@}!6#3l-uhG&eDW0P zqEDZQ5)||l`izCeZhvyQ-V?346JH8ZsF#|1W~@=@{_UaA+d-EEhb;_#oK(6*@f;RK zGjoZsd@bE3LSBKx45nP}gMRCY{jFZx3zeIoOrXBoO7$~u|Lp$GSj*NL2R43;WN7L& zJKr7G=pfnK)iI@o2WV%za-AxDl|KwaqMYxylQqFPN9~If*RBFdo5HjXTK(bj`M%?& zHd+4#HRi&$Oxrr{-S|}_(c@Na6(!l>eH9|SD zq0yED^gVx~$p31r(Qe&I_H7u?dvf0i`r&wbtu!IpIONrd?7!&wtfYih3Q%{*D-$;z z^pqd_CFjfl3w`=TN0)GHN&S22y(M=X!W_QVvoG1)o@bhHmQ>r%=KYY-XF3GHI@r4( zygqMSer}l%$j?Y}1@d#N3j9yFLrN%$cXb?M1_!rMW)V+ z%op_^dlC7v{$0g4kVX!;2+79p*~0&SB^weiOoVx}d3I(+ZnOXEYQxh6IU%V&KM<06 zW=#5y{G$oUZ}k%rk}ph1p6({wX6t(qDUa4 zfsm}JTY0rDPr3hjJIdma5Gb_Q*{%^xR3vhK>q5bSY1edb*1p;H?4WL}+F=|Nk@+{Q zdVfy9x|{Aa*8PTe1vw+*l(1W5UrUdite<4$VEfVFMV?HwQm?7V-z*Qc7Qz02pyVFM z_@hzN3WTDk!$5a z*e&u)OOG6`pJb%Me&oOzS+>zD=ek-R$dVRmAxAmn;GVDClbgYc2s=0|KV0Yt|6e-8 zpNdpwYyOPoZ?v@P@&MZBb_(emQ+Ux$EGH^(hQWYTp>ITY<(|sT@_LdrWp}O3=}EyA zBdN&rt3z(qPQc_|^ph%&vUkVM-N>SVl=k#zdf9&QD(PpZ@eXS{;yq@pFRq(zVMsfz zL?fUC5mI1_OQTBMPz4!NkwdcB6?<$yx-8(u=1SNt@*3~Vcy!fUGV-3@Jbn_(K~jr1mTi>d`!jsaqCaq&@G^DDsoS@uJf4~<9!R> zO*V!oVYf&ZOONcPpJb$`{TRIk&yQMFl#2Y(@&M0&z$vXWo%y)_x{z~eqm%PaHk(|# zHAKD<%MOt{(D#*%_~)_#?3Efus@u9VK$J)Olaiw&(UOrNAWnNZ6j*kr8@ zD=tkRYOTT4^nQBkP-miZbv@#VSE=z)EO5TYi3e$319g5ieUlPWk#EA=Q#Y6Wxavd` z?Q@6P&zb(`6#rA}e@^X%*!K+CcG;K$`Jcq@=Z&sUcQ0v$K3s=GVm(~oGS|Od2%zwzQ@VWjBy%lQaWiuU4o6tmx%_4uM$IZlII5vD%%ms|?6 zLHn|S(Lx7tTFV09uFXUqNSX0McGnJf9cczCFH z=|_uhlAm=tWef1!*6_@7tbqTqmU{$Wr~ZX#=G(;d6;IQE?~Hilt^kkn5XzKHMW;G} z%(%jB5zMjE8$^#<&R5F&cyjb$d(C#5Sk|hnml+S!Wz>dvyI2yOxH#%!=3Q3b(codkjzQgA21Z-uCGx z@j)BnL!O@cDiMyIsY$cfquD^f${D49&?8>FA(wM4v((r%mD^0^5=-L?uGn^);~wdE z_Cv$b-?bkwU$uGstmpeNYd<{kg_h+tY|u-ru^Q;A5fzwU*MIQvWVg>5h6WQyw@bbV zZ|Tyqb{IRcg zPOoOt=qPMVk)Qpja9wC#qnJw0wZo#R9FhpBge+4$gLO?PcT5TZiD-I^Iu*+o9L6hI zMZ!2#O-G8h0y4|qo7NlX=4E3IXt%`uIk28|&v7k50b~>jko}52YkD+IbK3J|rhy4L zZdvc%pE;*Fnttql(f6vrtK%d&-o_H;E5{sOa0ARDU22-_wnENxGIF~AnCOWu6-=Dp zRZrcKoA~adgVAg3F*wsVhY~rv*5lnouE^({$z$e4zHO5K_WkvITgVv&>BB@HwtOoZ zrGI(y$fT`X*IOoSw5CR3Qi(f+^}&LvG#TCcDNXd$Z$tNgAJrkk|I&{JqzBPoWd>qc z{-Q6UixsYCc}?aO_v!wo9v}Lj@%BR_i-vVHfb}CSz~Q1Kf&t;R6gJ+txWtyiE}7OZo;)BvTK7La4qVGEHZ#tXcPrP#PMB78R-*($= zoPVt8;Qh~f9%^qgU_~M_iR2}biTo9<@5+{a;P2sn&(-$CnzVQj3fn)XQ~Tqxb-ciA zC7V0ScxUORPWw3~n^ap^{Wd_eB=YGKj};YXR=Lb(GeLXS{lMqb+m1I!Zm)GM+4;eZgYaYyd<=e*uEv3$U*93OZq z@N{%ZMZBxx!u;o@k{9UAe_ptHNC#!`f9bH2avGzf9#&G3eW=Vn47LX^Bk>Z9o8GuDEL=E-&o5Rs=WYT2w4Kc#^dv@7mx2=oX3A2_+P6sdHn5o5EMxG z>zc_I9t%kD6-IdbbH435;7hL5Xj>x!l;#Og8YVz#m;j|=0+f~;mP?0~W(iQ5B|vGI z09DYk4O;XvDx4%Lq#_3cxgl~G!XouAw;{Uwusc-w5)U}sf2ErGbI@hGKeA$$YGLaD{)Qj5>sUs!e<*9;eLZ0pilYV$HX5}DP08T}?l zBB-2xV1Q@`j^0y|SE=1sC){&q;%=7e9pj!5>hhv!x`kIu)>bCFuHN5-TWv#cY{9w@P#8>j2baKZFxQXp`o5rt+ zuU*fz-)mP5dOmTlO2mhJHyy28mu6uFKG(Vj;TJ1#?PY1^Q#tU9bs=_X-ft z^9#;bD(?Y9S;upkWTD|>FA8^<*h=3dDwGK3ds0*TR~0JW4y^e##q*o?<_apCSJ90V zYxRcwnVg9%Xl2z;X=S&|LRtwMqg_Q|3CG#jdaY!vA+3DVYMtdx0_mc!A5Epqb!4ca zHacqMi*{5+mucK0*8bR})X(YL&8nzS-?H+W zY9x)3Z!$XjQ4`kbNBqALJLZxL1pYu!?I`dJLyFvN`D!mo4kt?vzvv1=2L^JOMGBC@ z@yvnZOk;SxQ^=KWb^+N+`9-wkouh+0;IK2(iJ_NOleej^W(-?2GdsG(IM=dz`c-b-#-uaH0SOa2z)BK#d|WdG7i2vi(F|` z!MDK@!79~=BSBx3MS|^ijLJ+zHF?65H-Ih0T^W01#|-J+rI)G5<>9M;HUlsBY!cB3 z@>vJ!=5>Ln59IA~2YLqkLBG)Oh8R27keEK;KxCE+REm ze2aako=oJWD+&-PcT0{XM=Da?3E&Z<#SI&iplK2!+Jt>#mz_hL3UOJD-l!sNKG6bOu`Bp^wTw09|T4;*6%4E;KUCp2XJli(SU zho`F2-zF`pT=G!Bm2KdPB)Ap{)@5MS`tmGK_yQCF0V~%{oAzx_l!Bc0VCvxxX=aOo zmT|fY56-_&3`G-6obD8%LDHjqswex)UxlDH?z9HkJa=|I!H~PPQ#O@%)wGqq40&{2 zijd5o-wzUN8SeGHO7e--w?C074+fMt@2U>+iGQAxPj^g>0kZU%5L&h(d6ggpt$18~ zz0||o{$)qB?hdlmShnM8t+wYoWm9=quePYN)bbv#J-~>HZ=gGKG)gm3i6biO-tnSh zx{ruT%Y9jiF7iYIOr7&1qB84fYj&$}vnDEAs@V-nwW6$z%!|tL3jzXt3V|dl^o^{6 zaF=g@<#d<1(MH(6w)vt}lJ>&>A{8mgR@Z*T&(ZsxqYTtjYdX?k9^d}Km zcb6}4n~!{qs#jJQFIQDRNEiVUfy{^J!c8}NDjpt;*%SX-{p=Z24O*@~aU9sO_6FJ6%U zo!Ya2V#Z(-kHd$%Tn7Xvxd4aYIIGjDXnJAY&Oy@<<&^itKeZ|n-Tf#*Zrb%T2^)KI z*U>k#Y2xPZA;<(HNB}f0S=ZDj4 z9i^Y8GxRY?x2trzMqjN4i$wH!{VbiKk3qWKz0)H4UD%yR96Ex6+VO-RmL zUbMNIylO^D3Cs*rq8&Mla_B)1H$kio(hUYgsmNOMoc@!}Pn zTQZ@*A;V0$eU7BIRHPynlBqtl;2tLOrE0t-`^0zL!@@nM5O7xo*(!}SLH|Dfla6Y7 zF4Ed zfG`z(Lz$N3 zG#dh*I-V3KLaY#F2JwpIL(Q*5Yh2cUc-jj;&=!7YStU6;#6f4_)foc>@UIMDiub!d zgv+i<+Af>aCw#Hcj!G)>Xr{jfO?honkwW=84BP-O7w;9(5d-M&PD|#wkCiqiF*~d! z=A^zqOQ|Z?s9Qu@Xd-iy>K9%*zytEs9b^###H5~`o7J+j>nGH2k(UV?158G*jq4}Z zf6n*udd++w7MHQGh9W8f-#JO8`T1#^J}8yX{9D<%opQEBi0@M!wl5puEx<3-j1(Z( ziCGOBgZ=r9!TzWQCWC1lWyp4eKUE=@xOigpFk;xX2p#KupA`tZ!Eg83*KnSr@UzCT zBmZM9*QmHLww``Dm3>U#B1jKgl?bXiZ!LmP!~NYhEKy zC)qk%NTuf54~saZ8L{RGmZkxz-dKxH&N>aCH%wrqpk6r_h_}hHW;|QoT8-05K2qSa z2HCXaUG|Mzs%+O|GJ4#dwppins8UnWo*y-+8jJ*`5^+U%&S%)hV@)!;3wZ&zR?VA) zB&uo+n?!sJh+{3m`R_a7Rl^vQQF-5(9%MsfNU_S@bL)?0u4=3as+yJHGwWFp1qhOp z&XE!s$cWb58IZ9Yzr@e^u}C_&)v5|j(t&P46HuYZUCeHb%$mY)=jhuL`X)%&HKQ;v zQo18h#c2t32Gq=@*&GvcIf^ZZ^pI>d>5)i??5;OLHwDXTYSLdJFZMkZSxOAiC+pAv zUyKDR?XY3`@yY1h|MDcaP9_!oo8>Mb`G)rclJ~xkye#sp)hVAV04csPlJ7~MZml3W z#$K^|3JoTsb=FpW9ef;W?Re1&@&yO#q@pQnuyrmiB%@W<=Ik4I!3Kfo3_W^Ax89=1 zRD6o@dj5_mN-T@GS>-E(l{ht-X9ZG49ExLrpZG9Kk_p)icBiVA#CuYW%6;#XrEn_J zoGW%fHd%4xiu7}8v|&RUXktxU5Wq_J;!p0&m&_HWzu=F%aiB(hz<_b8C8&Gxb^)cN zajGi5)J}g%-$m{YN$Gj|mPNKZf}M=)c!#Z+?dP-R51x^!_Z6mVgPJ_cfKZJk{7aecqMvx_mXet5rXNF>k-Fp&Y&n4piQTfnd3S(ulcS zVv*PNCI9fcj)C)fm)EM>%@PKBS8k1DGv$@DC7cO=%7Qt^U@}jL(}BgB?^CnMIkT@8#mDErKAB*(k4&vL^w;A7h zd+77BkiJL~4Ba|Nz+~1y-LxmxUAQolpSQt5QLFEP1(qCVwvXW3iqZVu-LO}TcAJP#7WgKgi~>;*wv2o^#o zVvvEe7uoNUOQVA!E$7s#aOQ=BWE$#PGPl}8tVtIW+X_>+`6rNq!(X$cFnV-!=*(m8 z*?$2Lf)HLDL!i5R#I9rpI(=NSD@XIGywAI@5R3p;Ql)@>MndUH~lE zmFRK4ydegH2qG9VYqro^#052KTZJ0A7tfvWG0x)6R(mJ@9k~&GMrc^Gk~*dWD_7I_ z{p9*?yo`@0_rgUejx{|a%$mQAHGj>+poNbKQz5w*$EPmk*6})K1h7Ez;6}1?;3TAL z(={^UfJs6L@2jJV7>V1Gkxi+9KDB&1y;Vebb4!S>Xlg?-cSc=}>$*(-BY%ryc4Kd? zkn>s?n?JOSMtb^rJ6Jp?v$XO13H3Y0lSA=d7EasLIFWfzc;Le}_-<|?KJ3EGb9~IC z<4c8sASl?u#A>`RLvgL`1XjPjq!S=8`JbVrUP|g_N$!)6kde6|8QF+@vH7owy4%FATHN${-RssRL67<_&<7HRSTaW_Q-2Vxs=R-SWx`jRKi!+hDzoQ^Ih*^JbJQE9wJ)tk zW3_`-m3N+FmyPo;Sm0W-z)dIW!_um;CeaBtH^?3cc(?p|Z~Lo+eb`EHKa4tW;PF;M zEghqlRvOM4rY7fj{yrbO>@EA)!NkX!uGZ(JCI+3GKDuMmS(8)b_6av_meo_D`r@DN zC@Rsv!Fd;xmWx~;`uI>sVc$yh?FrkM)kNoX5`blPL_V)#WiV^z^F4xFZFCn`tmahY z_E8<}_ChG&KXhD&o8_rr$t?p!qj81&F4&i-PHOli9&s#Mzha3&*m?kaPFRqYWyhG&%i)TvofCk0*0b)1Q|%(L#R_mQeS zkk-6y(NlqZ#abQ_yah4_@I^%>%rETRRc8#8BqF!oJDG_wID=jUDNnX#P-7p~=R!ESd%QO_~I5VcQ8uqZHH!;^$#`62tU_sJ9DO)Q~|^D^hh=JuhQB*TYu7%x|w;YVlb_lm%;i?`QK#k z1$WP9V=>bSc?TLtdL5_{2`+X|BYO#}l}lZ>Zx|KBGhC8^nM)HJGD`=wXBKF#-hf?L$Eg!4 z#K8Ax{3crr;|*jovg)oZXG>?$ECYgG?kY}95G%o~0%6~*aorE~C#hiON$GJV`G{?# z`vvA7Xqx)hh-%4zdJRvAm{219mbxa^;VN1GI%aWkj00x3cyAFV(z-0+c)8{LxU!t<~7; z=mEeyL8K}DTz*`U6(R%{g&2o@p#!SQkwOosr;yX8*5;?CaV&y#AmM!kCGlPhIeRK^ zspaKC2ukb9_3NgWd!yk;y72|i96RbSH|)7!SbS~T4&q(UcCYXH1joKtvW&fG`Lze= z{G!vI4g!QYHxdkLG;alHYLT9vfy5}-)2Y$!1&wAA4SvCw3ddmuz!%*Dhb&IA0>akn zr`Dgq={B~dQw%AZYO_Rfd;@lkrlNN*)-<(*QcxQFkO#sBeYpF4b(f+An^5i2BK?(O z`@$g@^ZFc~U;PTu;;GR5Y8ehjtmO@TZuq#OoFBBjT)$|!|DD>u{6X1sKflTn%W@3| zpqDxTG8#!K;kJQZxRhl?n#Uzpw0+mF?W4ZME85m|m9;)dRZKpQu%Bue^m=AH?M7() zpt$&}_)2c4-@wqM{$s!0p^dQ3G?vBgmHCMKbo9g*?GBjr=I=L_RV zzltMllH@A=BFXwqVrlu&sado7*YcFaI02w&u_BVN><6g#1#HqxM=xxNaZWkm6 zCh%+1Y-t2g8PEgOk5-UT|D@D#38TV}+*MJzeqr^?S(MRYRRV}oA=T(fuVvR3Z^S1G)&mub(b)LSY#&aFv zv$4iI^&*Zl&$Ear!|yk#?;cO=I|Z&~Zsc{F`oCf|n>K|HHJ3dio`YIsMDRE)8JYB_ z$BKRfr+UT{2kpw|^x5)5a9ofaydjKJFTNUW*lktfUbclg)?hUz0PD>VMY)-0D)q}9 zk+`;XbgzzkB$vfkt`mIb!d75qIAQ-rycdWy&;R`6RcN*XH7%gmq@AG^W=->;*wzwv zGMgik-TEgYL*_`r^u1B@qi0e)^Mnj^LHStA9-iJ+sv{e}j>J>ol8g@54E|PA(BOg4_i7Sz(T0NmcNR*z+T!Q%;!R8}YapEtx zpbWb;n4F?mJ7(I`T8<7 zSBX^jmsD@5uN41T2vJT!_~F)J2wfR5I9Rc{|JimGtl;b+KjJB%=cH}n2NW5Istx46 zdHT+Hl9xs{MY%QXt1@LP=wZq#lS=P7`9(yuzm+b>(#=bKgA@obZnJN(g$DgTQNjBU;_Ao{~3 z0J29WvsZMu{-G-SP>Fr(Bjcv99$7ij9pz3%+M2!Zf!`8+^BMUbIG+ku`k!QUS@03X ziS{~VjAaBpP_sJHw6l#<+JRA_E3@vTJ%VB$-#wQq8s^4$?{H&5b|_;{xaW( zw5q~}Cqy;8;@+>1QZz<7lLEqdS1|!UmJ@oc=6U}|Efz7px<57~)EXf5G zf~3dR6n10SzLyfV0#U^SVde+;YXm>&>JPwF7%)GL2+h?70<flr2 zJ(4pXAuElCSH>9_spz_*2P|A^Q(~A1Vr7yZD2POtxDyNrPtnL7&yFEUnwN^)5I@zP zOWp5|w?JXP7qAhd3T#B7ebD|%%C*;nyuH1Adk6e)?adnH@zYNZ z^!#!|zf3 zM6ss<+7(PvXzKP(lxU~Hm|pm zKH_iQ<`vkFSj#aQXLbsC5o+dhClk%kU`vhM+TQN6bXYg;?-4NEz}UDhGWA0eyJ`j) zUvlOz;SLd!#`Td{V~IGWkKa<~L+ZSUlorhZrpBB6%R0C+c@zZPl+EQ`Np0Xeg9u}B z-*aw!fbO~%p5Awd#u~4+kNaMI6CWSw^}FQMSp$a?WoUb+OLP0Q?un5-2ijh+A+N-m z|4A)=+|aP-VhMEHN1IZ))_=tsZQeQ6_t}T7@-2Pkc9~~t-yuQetfBt&?+_&X7bb4W$5;6nPwl$}+5CcuhDGiDgw~p(w?&b@3w(wzfZVJ%o@8a3168bptfGTt z-B&6e<7B69=~pmay3i8=({NVO>Q=D=8CK4`GsMa=z;>tXLIP5aSQ6xzvy)|e@VQXr zBBE@AgKShswzGYky{-k|z!A&Y1-Z@E{W2AVp^ zuYMl@rU-!X0$_a3AHl7gq2^CpCbKZJ7_}Jm6tD-oXyHw{7w20I$Wip__uisM9VODV z30`KZ&u}|tj8i;TkKsst4qize^a~r=J@TAfM!v_cF*CLAsoJH(*01B&svSF=yfd{$ z6qy1HELMdOYHIKq`d9eXC`|n%qnlF=^Wn5K0SkIz1w{QdcbHWqBWs&w4=Ia(LwxfH zvY3PAHxP>A4>_Ve)&JDnkL0Q0<5tm@ zAl(f8rh?z(BmHOVJ$ZP!tY7n%GPKFVeXQ+kar(4P%`CpoGo1o9lnePNkyn`HaHMRG zm$H$Jgt}-f)Dtq%4FT%%F`&DAY;|hb@>&syMS@?&nyRTT8TnO{)?~$+d-K+LlWEB} z>b}tAiOw8bQFD4R*gKx~+~U13Vj^ z5c;-@FrO~vJM1MoN}^{Vz7eJ3$nappnH z>z57ON0m@ttO(K**2fxUp|xbFHvNW#AQipfPA{`#WunKcu_=-vUNM^kmxz|xa`Axe zzI>et(L#jCb@Qjp|ItLki$?l8iB+HQm)Ff?hKDDG@uNwd{i&KyLl*g$ROY^mnnivW z!0@N?;zYb}BjqPN7Anucq{uzw%irkB7di*jmJK_w>mkLlLNYFcCC*7sz)sbP4{LR= zM)NlM2(8LQHH-qPp4^6OA*~F|)vt4uX(-41kPg)Y38Vasz z?p-#UNcO_DT7^Z0jzA7l&-Ma-#ac3=V&li-)n#G1_>-NkN=43kSkVKuwUl!Nr0)MR zMj)Tu`>AVE`PP)MZ}MW<%8}v(8g}Qg#9TrQ232AVgcHu}HrZbTP^koNr&3DYz~AW@ zo9RF;q3O_es7gEIS`H?)~COuZ@=5sse;V zN|KS*i){rd!QLYv;)=8aLaG+v1dGakGfibjg4t>+pL|{bC(S}`wapV~2;vKW>zgUl z`YdB-IhV^aOb6xk`%=kdRS0$~O0&b{h+9__ncFK5yL~Ki`~DQ{&rC0boi48<>_hUf z&vtj%&`Qi~d}93K+0IsKBLn{3?arKOdR@p2bdZNnWiC35`E8jDw}Wat^H*u`TzoR9 zl=>{>$}ttd`a!%n*8{&z#3=WH2_4!jd#Qm&`;)=^Ol&^)5iP9W-Hq^7y>fr3Dg=u2 zV=-Lrais!$Daf$Uv)pGs^p_!%!n|dXyIGm9AeA$VY0PQ;iu-a4gK~POsxMIP)5)FQ zOZm241WCSutfnA&dSC?J_LF5dfE@ks4K$^G*qp7D|0R3QU{%taTH26BvF1;R^C#!L zK@mApx7gbw!P|DcNgxJOV1+7GmJLKLlZjQz0-ew2P0q-8-tA$EfAAhj_E}wH_F3M5 zJtt@N_kFq@{x+-sU3`rvX7!(;UyVz7RzZdcJXiOp2mHfS^?E0CV)GB}_8T1{ zC)BHxhn82Tjw~NRY#}mqN!9knSmuu}!U(61E7NSu;qj%1mXi^L4=vL#>CY%Vd1Qss zx2U$WySb(F1KgwFq?iLSztZ5nFO*u+Xy#2FlUGyd&h@rbGwY~)&NOeh!0R%c$YG^A zK>Mx9LJdr8JI0bjy9wG~8?;B3tI0SZ#hPE1`AcwrZeTZEGQtN4g}Ks4dxdA_SKY%*I0h@&dvLl(!H_lL&GzV}`T&*<)Y z2!N$k<)RnAMmO$*B2|o0!%r(EL1EiEs8~aAu?waR593-^{%D<#1W2sf3RTE1#C~m( z@xC}28DJ9uEGp24P zdvL6R3|p&#a3^qBI>QMC{-w7PN`)nUn=5g-QV=g$ZcTg~5Tw+m`^cc@ za7rBjq`hA2!?J?01=(@Lml}@pZ|Cwv;Qj`Fynl2U`6?yvJ2DnV47e0&#r6MOD6ta?p3X9xO0I(R&r0YXT5*W9$CAr6O%_w?b zI%JK_updSY%?%8ju?U;V3R zg_<`ulw0%u=79F)3A-6ZF_EP+)Q{;Ol~!IFDh9$uE=|=yeTi>$@`s^D4eIV{^lPR5 zB=5b67A_n(re5e3N)1UK%#5-m1Mf|)>X7C2Z!f7TXO>Qmu4XmNAID;crlPE2 zoTpMb)A+*nCvxRofnNTeof>jxN^oWZU?@R;{K|21kL^z&Rj!U{3yD?<00#$5(J@yM z{adaj6PP}lu>f)q+oKOQn6Lor9_SLbG^)3eh58-*8;#cpD;Li1SY-u54cW!ruYq3Y z0TdQ+DI$Fc#XbE)TtNYfTrVU_@RxVcksrKQ_QCBPnfxvZ?pdk}bBO!&7E&9LqaI6V z=*i?^u1s;(tUk<3$gF0a#jF(M$!F_P22ueiREp$KOn(3pGaH!H*=9}Y&In84?8i9_ zA5xcd>&^r+jYkrmov=ycIDd+e6{gAS~PCK{g|*JJo0V;I>e0XfXbHkPX19he8q>{t6kI1)3Nm5P z$VrRI$V|&|@#@U`8iVHD#pli==5!rLhS$|Le%Ga*{dh8tZ__FrSdp6{zn)Xf=Y?o# z-Rq{XzJa)A7dmRV^rVxWUHed2|ynzY+OGycF76k z9Q6F4*KHWV3KTe|2{W{>((U4*{50$sAh$*C-{z8J-Fj+9vE__h&3D%jc;e%;+KooX z<4LdLR9+QN&SmKm4RJ5FTMT2M#Hhs~Z32Df4}&($qjVqp&U2Se*>()FRhgtc>9fVd zJ+N{9hn$BYfxOOV8+1#kQRDqf@*);eB4-Vg(fS6Ku4{^7_CgVlJz%SW{vmNBHh+fB zyp#LBkoVa9h2UC2**vZ6?QA=4 z`8+7S=$t?+)A0?t0mrGNvvah#eHnv{T_|3`%8{Z8TOr&=mp3zBS;nBLoR0YKQN=}> zcd6`6${FE*I1GhX_lQfh_9$J~4u@Iyn-{qen^63K-1acj^_1j#wBhgSgS;;O zpV6r1S2XtlSk4UO(21OKz0a{s8|~La^ID_VViQKLElDTH;kvFid*AbJVAzijd3&D? zaIi833YKWFr_)j-Jlqyow+TB-ON$mKXRqSJZnNbo5(3P9mC;}z_<2@pb@Kh}6)MZu z*OF#E;q{7S!)!k8)c#p}I}(^JPaJT3oa8UmNHH!xp63ySX?+=b|{~CEG zA0nkFj}K^5gdrXuur$8*t$15I$y^Xkq_MjAIW2U(+>W46e3AaO1n+L)N-yQT3b*JD zW7vtz9;82@9nY`=`b;{%&|M=j&&*`27{*z}_RGCspYzHA+^yED;t`hxIk?PNIn}fe z#Cau8MaKUjP`a7i3nQT~$voqp{x|SU0^W_mQw==$I9d0&0G=EK?H&T%|744wyu*yj z6=mCdU>HjMo*P3`nd<^U&C6@}JXUiw3gkm@Rv}Wcrmqbti|cBnuWv$wgTneL^$So?!#-m5py*_H9cv+=dB#@p7z)a6WZv9wEF&XAX< zAEg%X&1e)@2K$z+(b(JGT$Iye`37eD<}~+M{3_ZuxtbBbPs$1cGgg^@1vPokoi50b z875@V8@G0nx0+dhG+We7f6ZiQvi~V%GBYiIIz&=vkf-OQ0}AEIvAj>#_Ot6l*2rvO zZ$^I3q(3J$?(REa*PWrd_4xDk@8RoT(5e3W>6+aQO3l}Q%zv-{tU~xT@jx89Zg=-2 z77s*Rc|d>6>$m$6cW z;LO+_7^~lq8oTsh{ViSgWvq4~pE=@nXZviU^W&fA6O#4;R90er&kK9-yD~P@X7?Gn zYK{$G8N~E}+1z$F%h0TtQS8z#{H4jr$P-)mJ-Lmv6_X;$w!7W5Uh!o-HgIJ;HL9|8 zbk9B<$Heq5pLSjJWo$Gcl}667f+s9vxx%JXpVu5npVsRB+fhTGJ+xPP$1`?AyQb-^ ztNy#|oIDovEZFRo8^<5iCnZDZb!8foR0nW^^2S z+jm__jm=+v)>B%Q)0Xae&Qly1_VR$`sUs?Ba%YrkzBX|Tcsg~YKJ21dey+hquYjWj zf6VAmst5NT9&+AzPTJfs7Czg7&zZ5$meEOU%K9Q`VrVvv(&s&vP0Z*spH9%{-hKV& zm6J1rp3?gW-j$(^ax07^U%|JPqUr?J^2CevJyr_J%hH@~Pkgd1^SL`-alusNx|>1* zWYV@8@4-E#)V!VF)n`7TQ|7ysd0s*0*zwP&)5xFuMz<=kvGImb3uG^HQ&s2>1%+JM zt?2!66zimqb%pxkuJhGK=7p+-H${$(yAms;?#tNbI6e_-v-b-B{*70elm8kjh*TH3 zkNN9fQMGwRZoLI~Ci*TUZyyM6tn>3RA5rk9)7%Img-yV|Z*=Zo8$?ShxVfo=f@Z1P#1{Bw4dMIi^=ch4K~ zzw$pH`=4+A0S`Who`v-9uwO^?qhp8kPX?s-zKfer@r~}+xkRKaTpvjt40}}(Pqlg~ zmp!W>r`fa0?89Jt@J*8LnMZcqbd}+Wkd@{Oa6Br!!)vl9kKiRH&?FjFjHBX<-Bv>H zRB2oRezBI@)o9_GIx05@1Nd@t;w{V}AzIP79YrfjodO4^52_rDRUq4c{@gK}{8wf3 z#4GdJp6rzEak9DF)E0Rwt;%r$q02#}VzC=>6Nn7Xd7okVwfJAc<3l@gW-$q+ZaIq^ z0BTUD){Y5)f|S7CRd1=tFFIx0HOK~u$@Yea{k^L@qNwujQ?-@X$mJzv z7>85i>U!;xQOCr~g(y%ray?U;K&`eyt`L{0l zkb(shS|7mz>k=1x$k$H9r>QvEyZU5&{M0q7UD3Id$Q(~tW65ZxrOkd@ttM;PvlMII z)zatsPX-^O##HpMKQiECh6=lTEk9Ps~{1%^TfwEpH){zry>_k7)@^Kl@CA#?AM>_R~>LM z*YuMZ6$0i7RKWVqQ}%g8L5V%iW2?@>x?>puM*G^@_gK>!8Dza;by-at!5*;3Hns;{`_b$OC+zd&8uc89wuC{vKJ>^cvRuJj{h)q<&Nqi` znLB5@{a*88U4s&`w}*R$4as0s<>roJ{*;s6+h@CIVNM%`YZkX&S(Zz8z=csuA3q>- zC-GfK#nWuZ5qr-s3q>k-5)fy9D0@v(ms3M=Dw`TQI-B(55uqfDq3)AS`h~oKti0GJ zo^7&8A6yVhvI)8k9|Udn86QfrS+I94$vwjyUO0Zzaek=4zIMEyG++(5oN-lF<{zFc zwq}RkZXEUh%>ASTB!&g!i)18$5y&+w^?44maUl4s$8yu%KzA*2V0x5oU5W!^$s#p` z^E|V^e6gw5JPMikUb(ko>3`)_RbEY&Y~($`H@l~Fe2^D>p6ereQL#j+RMXLjQduv( zm76Hl(PA>P0Y#>|%l?1`cY_E8QS_KML#EWGK^EYuxW!-a=Q^^a_g5d2iuA~~CJ)Q? zuSKA$eaiX24Kd3mdw=!5_3{0#gINzDn8C<{ABYzUP*CjwSBewp>kjioCxtE=L-Thz z!p5zC`Lm}#eZe@oVC;2yfkh4GRu^UGR7T&OvWRtxo zSmwF6&?=F*bA5OsF`PXW~H zou%G;giS>~-%p!@Q*)KcgqzHI3waZznP#v0b#U8xX9UB>ag=fE-_0Z}G3njD2Q;qRP1gqt8 zoN|2{qfZrXjSLnTh7h}%gibCuO{id?2xPg{WC4lN!Y0-T%4d8!*-j}Mj)PbuJa<)tLT%G=%Nz#FSDCWLDE)TZ__+i5FS7=E&oq1?UxrOYsr2NvF zVxTjJJ8-UXv*-CGb%`qlRkHV1v`KsY;)zBB3<|KQJVzZ?=A~;53Y#CPMxGdt&JbQW zX~uqcn!%-X6oYi%LgqffG!_{Da-uiHn!RHEXpnoXfh`M8Wt?vmLQeHeNn^#OB)<(x zyK#kVGir(*s|5_R;+~D3x+k=Ak8Z57yEiY(*D=Ok&VG?d#Yn%p`a;b4@^xyMlExmg z&wRnS7x3vY4NqguH}Nebk_g}bsYyxP*Z&47wD$kx)Lzjs{L*7H4nus!JzF^491@gs7T(2hg-T659 z{jKEdz*o~Y_A}3h{O&IdBeGSeZxi*Ic3{97`SS9tklCor7Ic`9)gfd%9rfRZ?CxU= zg$(efD6~evEs(VIaeBaiVb)Y}7e_s%pUCM5ZJi=xVgH!(eR3b}jlx0KubORc?J z!V4l41gDd8S|t^-7DrjGW4M-Z6`$G{C+s(#JO*nzQdaI-b#Yk})>O=H_*BwssjZm3 z*US9FUVt~mnwt>TLEp0PAk(!v@m8?96(y`rHY!hbGN}^P$tzXKh{WRIgnWi`4#3cTuD|b#$rL#&)kxoKk9Xt#ym4xx|$p?M2TM-jFi_1jZXp z00-?d*aO}vL60JJwzt&?bWwk3M?rXFq_NmCHzYDy@GX?~Lrj23i zj+RAcVR*9dOJoq!Pc|c=`)h|`-4c;URWKF#ceebKjIt#|GsL=NRzW?d<{GC`6WCm| zI(GRb%8?p{{Wrx;MlQA1`mBUV$K=E?(QW1bo&8A$=Tc-3TriI$kZpC_?)DMPP2C9W zTg)oZZ`*yTc^r&Xx%Ba% zeNoZ+4O3}V%0k=RSgX5ou+rhTK?mYVF4#ZAJM!y7&RA&5{psWSA@hJkLsnonDs*4H z8YEqCZ^+;3tE5%gq-l{*DUCYaquHc2FNR8$E9vjqq?&CDi^4v+qJR;h8>q+>dj zI>wT6mdQUXP{*i=0vxPvgd1==bBAweF<;)KD8AZxKU7P%jwpS!%1HIX99*#fz8~s{ z7dqm7n=gOm#>x-GKSW|Q`cte5M*NT(V_g=He`{*tQG7f6IRl|aRXkRRa0dr78M$a1 zA{NQ$RDNt|!Ke@05>&K$dDu%=O`Xag>C0DdwET4&D_@Af)h~1$&fWTopbx+z!4*LU9)82!#X^S-rpP|Xx=))G@gx0kr(-pJ|^hC z@odyRr=pMXHLvPbG$>WasUbPNqjDn_7ltIv0vhp`O*{q>WlPWdx$#e|#ll(zW1zg5 z1j&k}k;OF}sI?24x5dYt6?D?y__GXS=590#ZEkUJ;fXdmyXr$(+56#N$*^c2qJBTd zJjfLmxWs6=a}LbWLkmo}I3*D|?{MOIdlAHR=gw!8ziJ^*jX>@`Wt9_p3uPnQ0Y@^j z{b6<&GyCGA_r5B@!VJp!WAzL3!?S|GpXh@WsvL^%TEP;sm1^>`7X#J{nD(i+gBPbq z7I0=;kp!vhR0NA$tan*he-a{b_Esnk&pQ%f9mO*<+yF3eI4oPJ&DfDk9uokO{gp2_ z?&JFaeNf}6$SIaZ!qUVUeVJ9%-=8sWD)Q~GLuSS7>y>`;XDYXPrjO4vt%H7CDb+1F zPX?MC4P~PJ_&a3T#i8S4z`d7y1LuwQZVWG@HX%8Us2AY$(y4v`>#ih3LdK~-gwz#p zq{!`0Mz_;yOWk#+kgTzsl=by5n5^mkMB6*t0p44@KI4jM4FWbzi`24fQji-?v{0Bh zPB!;9CMAs7aBpzeh6PlgntkaZ-wsdA(bA2BCOz7HKI?)T^rFu|`-`KbA3*<2xuR2B z>s6%_R+<$V#t`Egy=R!D)DkB7d4qq0EZyTHC(LcR z3f>Jde>{ayB+Qg*9ZWeoJ1jmAG^S1vWhpJ!8xLiAaQm~BJk6HXc2|_->43cK$wYVH zC({X%zbf%_u=qI`{93CXwLtdks+ZPr*c6MPX!g?ZQI*Mi%{yO`u-}GvY~9!TZn5UY zDuknsh@dhLqK#StjeOwemq2B)8Flz(}zFZsXA`blM+r=Wecq0k)`+MuC#nYrJV0!Ms6Q7ukYrFf@V8 z6+XBJR%~*gYwkFVD|bgL8lH-b=^fG{g*V*GM68T*s@}EgEfu-r){rX7`nWrTY~_~i zop&tTM|*~9vskyv!-hV=(!d9OzSE|LsuPLb81lIzEkchS_e=wN0&sq@AMlsEzu;8? z%)DNqRt)AH0$?f(m>1Vrwsql^tp@Y=N&p%U^X?v&9Xr9S^5iNDV2=2FcV5&H<~zve z{_J7;;@A*O7L-5AJ4XApBFKj@p6wvNcAj~md-BZiKv(bWBQ<>V;K#6~5A%1(vgyMb z*OyN}U_m*wN=EM`BZqS@o4zw7;(X-D71@&8{F0KK(~JoyS4U8avrx8}g&!{`mSvXk zyTJW(CIIPf<3fF!G!0!Ugy+C)tveb#yBj>ad3cT#Jck%OGB?pe@Th4p?`)n84Cen1M6aS>F#uP=Ilx_S^7HMK6te6X?$0 zj&;2fEUwc#g2Y}@5jx5iX|3Yk-H27#i#;Z}UNzBDp$1YdrTR%A`|~{by_nMi{xVkD z;H3>7vSQi=9NMajT4Rl71X6w1=oZQ(_mL6@DX&f*j*d@?k4Vl?jnzYz)N^_efsuW` zI-G1AioQd2vPDx5)rrX4d}28L4nITNmkmoqUJ3I2D$(MAHQUl9`$3uvi)bVNR0e^! zJ6sWuy%~3p-J{-*3`-6ViK5L#Eq=y2#(9>*{i7L5-+*b&+XL2ByKpf8Zn6|6+I!hx9fDTA6&KA9e_nF16c$Omj-TKq@Jd&+r z1a&w^tJx0+TBTXZa6dKyr$UukiRb|D-Eg4L{sT}=s@0qGuCbYC&_N{HY*{ai8#!cA z{SGXjp)-qr9=rQWbqidpv!tr&Tb+HEHL#XG=-Z5QyT4>+z{z$O`uzlh0KE6m-Z> z!{g1;|M>g1ypg{qZ{*L$kps4iVj+nzgZYIT0XUDsjlRjHH-?%tgSkA&<_+c#uUl=A zT|>2*kym*t%NqF?eZJ|FLe&`t7m?4MDVWHeH}afu7&7wn@#28_fnS7LF_;eufbmBD zvo|c;mYrbUssQG=hvnC-<&n~ugKjXZJW%uss9x^#EwAqg^HTD;dpt~|$A?5=AMxa@ zr%bcD`1Fx`h0@KFP6$ex@pL}G!~AXd94Zr)-+N%PqSDm^^JJ%d`}=%ZQF-0>;k`Qn zy#@K)kE~cI5EZOaSX4^m$&jdMeFJ2#vFoD(LK)eY2$&oSQ#@$%{uZK>iOTgsHZLkG zeXsc1E*;6P@>EtDko{Jl@3^{9btWn`F#Q_KY?6H}2cLYwCu zb9`$%Y#M6KI1yiBSP!}wtb2xRxokSf;<}DQIdI;^=P_)!=^1OBLA?yBQ)ko1!1KZM z-&IKN={yh9=?@H=a4s&J#%WrV(Vn4Z^9{&T8=F7p382?qPa~;DySg&0TSwx8p@*A) zmG8Pr)pb#Xjd$yMOq;FJQfcPnFX zD;o#Q^P+)6xd*6Q{btDrm7%e{xbAdj2I@v=v{dG9$mUG7K7onIrKfFq!tZmbb6c@ynZK!e7CS|{PiO!TI_dFKJ#`Fbl`dDu zRw?N1#=XW3UFtVo(jZzg1n=OQ4dg%rv1bVXpsAuew3A{0n&~!Gx>79JiI&1Je_UG=DK;H<~|*&#DX#pFP1Q7-HAf~H`elZP2O}~54mK9hJ`qi z-0!rxh)C?#^nwCAP?DMbhpFZv4JmY$m}cFBpyAbG@GehK=7N zuHRCGl8dZl-6S3t`p0uv%vKt2_+CpG>Q7cE;BXs|y7BC*&PqF4?)iT-54eLGW={77k z5sz&WQUxk2a?OFmgRKMB{k%(dVt6IAbw(!#*?gZh+jqy;l!t0FzeVLiHQO1D_4&3q zHzey&qsYa`=e`q6HK9ff=G%g7 z9_BZE*Y|wCP;CaY%2Qd^KfKT9J9%8FI)nK{^0~u2OcQ<`s>O8s$H%QJ`CtlN$Q06}*2bHRngxcd^}i(i;Wb zFVArw_bJEyGFOBnh=JR@TL@~SzHQv9eKeOpvY22!4g{PX7`;nl|m z^BqAp5A$l`9n|(>-%xD^v&vIh*3+Kv^Nl&XBg`j}&&54Vw@(YzVt2%~KWf}}Y$r== zJu_B3&lnrOHp-+Fj9&p~;jrM&t@gJImVNjQrSvAPD=5bO--9&UGJ6>>ELq)IHUsSa zAuOrLvF8Te>NfQC*tNGyUGhsskTp zD(jMgKt4X64N%4|zg`*TlmTzqenB*%y}M#o-FIhBB=P_svjKpcc_si*6ijJU`RJ(~ z{i#)6OAqPU74VXgM)I{UOGGZ>mqAoPwAte=+deHl?A`@ zsNBUblQ(_!Lmc>*pkB(_*C_7~k{@m9-JNIlocAET{_$jFI#dv6%>$D+)`xf(KeB_n%K1yF5i3tKKzw!E8&p~RlaspP_8 zHH8^Rb5?O-MwA&ri#+SlxD`bofz|X z9LiQcPKRGHkv( z7*F)PR%W(qzM(0xJJsqR8TN>%^EiB(eHoTYH`)?4X~)J-p0!B-nkS6AE*J~%d;srg z5`nTrp2yG;FhhPTGjMVfW5~Yn16>4{^1@;lypU4GVq4vs!O+o@n>8D?=fMra3$7Z#`r)#wB#-~tgFPc~=rvSeoIZ(Q zSus{vs=FVW=!Q{FG9+KT4MOcbdaz1-f$IkP;U-fX-SIcXqZ?NV$3xFmij~G--BhCl z{cC=)sa8elUvQuLc)sU%4i9T>p1mZo19;^H$1?0?&!tUt=j!ca)`Zz4k34SOdF#b= z=U<&Q(bk?QPELK1k>o#(hjvC;OBhez+BbHzH5fy3#)@#6&_XDRn)j1VXM|bVS%Usp zxzpoEQIVhc=kCwi0C)#q{lsvIKRTY-oKayUtNW8kVMzQdfYGwRw5~!D{aV54HJQGr zT+48_saLlIzx*NsW+!j&`Gmwye$zoVA`hN6t%lRCn%@pCu2Rm#)!;-He<(b+ zRN7z&kzNMc`)!8NTLc}s$=TItiXRrHO2Qc-JNuL#2dUq1C3>0 z?W=a9x~{--Q=e9d3tP*GjrU7S!}0zOx;GlUirsiW$xfWljrZ05qe719Wc7tM^!ILw zjr)wvRqVo@n;5^VR)nid{lj~({C+t5FzEnyepSIpT0`s}Tww{f2Uym%^@#_Yt|M_5n^Y@DoG!w1M~(M!@k@qJIGWDFWI9UWy4m zUcmopJag-Ko=K#vi^5@8RRm}3j=^|SaMU=ft}vc%!}Mo~w!`#iAY{Yzdpzi0_G1mx znZ)xUrs56QSZ;>Slr26OneBxx1?GmcV-jjdbtfM+2@U?BA0Xb}JO%;9(C?2J#1exD z_CskI;KW5Sz+DBn*a80gMApZPHE|68waTo`AN~ex2bCVh_zp#uZ@CwU`Y!c(PCS;u zZN54W=PN346!96Wd#UGoz}iwsnZ);dhduco5zT&L5y|*-(*^T+sQWIjO6z%VL@=k* z+pX%Jl-sQ|_+Xnny5hCgv|!x@=&gb9VAK@*ZP%U;-1qy3vmXDI?HJn}%roh0jJ zJuno4dQ0$N1q6o+3Kf`prpiLZ@>LSy6VQ=yBwzbL2U|5Kv!$r|QZLORJuSQ5F|>la&Nul?&4??G-h3e8%;BS*zDAP;gIg=k8JNSnf8#4g@9M}%?!az{-`)gqC`~xyQ~1TswrY$83SG*#>tsKI=_8Zry3Cj_h;kS zIz4%X!O7=fk1W26Erc@Pg}Qt+2Dn^fhgS3~>IPh7I4 zLgNa?>WBLt_q1%X%4nKJqXwtnX$Rxc>`uWK%yF|Hh`7JIL3*X5e6_#tg>xV?1z(nE zp}b+i_`T@5?!+E+hdzbD@e~Oy3OSR5pYHt|#|5n%XGZ~EYQuO){bI#hXNvwv7m21! z!d3)@6w&-bkY!Cfci&4pc|U-bw6#}qW_ZpE@D~1Ebqj;N<__4T6ddd}uub1*3Ld@d zH0Y|aK2vbVDYf=oA^VYTQ^;~bS|5pNNP8714Gh%AwLJG@+As=4fmf18QU$*g_=OR@ zvF>+z4G>FewDf>~c#(d@H{O#xbyBaoF=7otfPTVDiPz+e$&4u1_-X?vEr3Xa*um%* z?IDPax#Bd6er5$s7oRlM$a+%$`bC`_RJjemkF4dJfM@WFva+w~T73=O7DeTIz(ZcL zv9nFAZI`66@hV)DAxyyl!Ej)l_29!Q+3?Dk=!i@Vb(Aha@(W(w5#eb}7re-?h|dhN z;He(!VdK+q{lz&Vq;WJ%zD)p%$}BVbxJFAQEVAzqB|FUYMFjsq2#<19;*Zi77&8tn zQzq%Q5KoK4ZyXIz%|U&%Ei2_0dRziT<{OBi0@Ksx3@!W{HgKmr2)}ViN1}FPMI% zo5{cqQZ|`_--*7WsWCZvatRYuNn08Eox5=FIh)pQ4cTn|Mm9O~m^>BsR%B8V-rij$ z)NN$Frd}8^dz+A)OUPXP+f_%(M$Yu@0>pEmBMy1w&_T)B3x;4}Zih8}%ShxRQ*=E) zEz30-PB!1CJRnylBwRcej*V?-fJz9Cx}A&S_0(Jw@zsOdyMqXu-?n<2uc6=yS8)H< zg01gk+P>}lr7$_w)}z|^^F)+UUK&}0rq&1CudyN02$|`cVmZDA%HANy8R~GKr&q6Eiorr?tU}_n2LJ z=qMQN0t77ANA2XRCJ*fEK280~{M}jc(ozEi7~Ynocccc7M*34Kqc<8p7Kv$5Ve^4O z|G$Nn1ge%(Q=@sZ-Z-a2;b{67zRGseKiW59m(Wn{$AwUyFWFI+Gz0e=mm0)=5yaeY zVi5F8ZKLx50lN2wSP~+u1Vpx}Ru5K_nViB(?a(ADKI5-EQK(tnZD#xuoX|gzNqqHs zY~6s_f2ZKXzlN6o74OE9w9h|yAxion9!+E(fQKz9xcLlvX|(I5HtKCjjp(amA9MfO z^HTJ&T5PS$S;0j!S@sDJM)5DjT8@3J0envGo{uk+n6 zdXvBMOur(iOk$n^!-$849YZe4%YYlZ-Xj)Z$0n3>5}UC-_Ojd>dhl7UuL`_u`%HJx zohADW{|-3e`i}A+w(=u2DZ7+WB+{X~G6|G6%a;i+x3iK`RCBJcMQ*#QZ869A*E_X3#@F*4I>wU?3pJ1tgv>XU8yxV}Pv&V< zh1*6}-$Iwej&GfGYOBU4wKU*-+i0CkdT>rTUhan zw%JV`1K>|EkY6-|SHI*M{`Oy;tkdZmP}utBA@Hn)m0j;}UZzJP~lvV32Zv-}H*S2Unf zrf@J)eng5U%aDV~qxr8mBy$Htxz(j*i$m_hY(H@urDA1Y>?bDj9aZlU)vVg zFPdy6%lBq(xAD9heJrOLQ638Wca@;Pg0s~_<#H`#=02q+k9zD z+Hd8+BU?E)O73+#^-k!(2pV@@}Bs4qE{yOlJ)_G_I2gHY>wCel$Z zc9e8XGJ&{$tuz}4L^R+9hndV~%Xvc@W|JCOZC@M*0O}2+PG?o&_lgaJrD11U;;#*Z zxQ11|pPosv(H@jMyyF^o{j^LmW4MEk$<@?hP;`^qpmaDx-F0-IJ9WMKUelIeofC^d z>`!sQkNClYk4bH%18q!+ZOU>1#0>nosL?bO=Vr1NPLz2DbR8SZOvGD?ikX!WwRHa08Ey!HL^~gMkZn7fwK@ekH7-8v6@m z#;=RzHk^N)6J|7I9@1MTu`(W|Y&gFjf;pTwb-4T#--~8AD?eC7VGZv-WW}Y2#%eX3 zrvevT>TnwC#fB6!7R&w^4n)7ZCziB}8e3pV!M7(OQoBf`+Q?IK>Jot9?=tasO7=&p zwO{E{anV|VXs*`3kz<0x#g)t~V=h$M2%Co4SPx^PH(G*X@zSfq9M2WoPKi=62o{4| zn#q_kXB3?DDf=t;{6<6-26ed4Am|l4#2RA5=HT1IHoiR~mSkSuo|Y7Btu~fW|9_Ha z1$-9rHfvlHlV?wH0FpQD7oia1_ZV zc>8jgso1PAHzKVi$u#bpJV@j2Omnw0c$oW+PoT#3Ups2#%+)zj^0CdRVa|?B{C#wc z2t7bID7`JD&)L6?C7D^VnI#2Z9uIvK{`Q~fGXZw{75ccwNzT?wmbQ%e=cwj%EVVCW$=}20w}xFaRm-n)-X!`yd_hz%%k!J~N z;m1qm!kx%HygUyr_lp)4G1{g-0E*ScKm z?qfWVADr7Z@en1N1enL!PVhkEclM7jX7TU%;_O%SOECO6dg%9Ud#F`jnV7D3=g0m? z%;vA0Q_?EEu;PU5ja^wtTDjp1x~M{@TX1Othb{2G9~Sq3{wtF8@{;?BBfHCZNj9YQ zCSP_KBr{$$!O!F1XTK}{I7a{6F&62rr9%}s{ilV~br|WC-#a34(ISS9>cCZ{nkcW! z;L^c-8K4Qp7-*5*Rt2Zsxf4t3OYfv!YG`{lMI~nrzlJ|(Xr>~s5zF-*L+H^Y5Za5+V?-dcKW?5KI*+D{fIvL1)n8^c*zF)85r;*`F@;W=%MKa>Gea? zD?}Y#{C6wg((BW2@cvbLr6(h`hEKX(qTKKP2OJgVpP)el@UK-s(81Zq=&FbsS@YfD z%^Y1aG#@_h|5h^dpc)nJ^7=TRmrTizV}%jByx79ET&fdk>ce@%EL4Y+qbi#-;qN5P z?s*{B5^@os&3(;VNwc6SUL$}2!!oh8-s?+iR2BB`j&MC{wm@)Ed{CBWn+9xP0u6YK)A!^6*EkaH3;S8+`qhb1R%_h`EI|&}zkA?d-7OIU1WX*?8n06Dc=b!B z^B3NzyNPdxm%K0e%8*GET0`mF4V=B^Cm!Kd#9xjKs7W54>gl%7OO~hj=ojoE5Z+Gb zEja5)!D-4|iH}O#&~L<(YLwgLY^&hmq$o)R2U_=pRANC(WMV;U7e}zDdrJNRJOtaK zWf_&s=tXHr`kuX)Ww*tYFe+!~AOn8ljD+~6YG*$&(w@c_nQ4BI>cfw!R{TU2!J+>S z^Qm|IqF0pe!W#$}>J}XPU6{<&KD_ah>DMf4Gc(DPpnh_0(Uh(%JFQgsNYMm)gn-sB zMah?N;`v+KwDS$oR9v(9xgraSOCt|G2QIf+hh(>O#Oq;iw^0;a02db2kYF9BNE*Lj zA}M~+-F(cP+|vKmWW8c71vi($@-qsCr zbRC6&%u^*Ic7Zr9%FurI`|y{rQRXIk=2*AoTg5SVbf zYb1(xu+Fk8IEhTw{53{Le}7EWJeH-lt;Nfobt-wXM>;{BdqaF*VbHELj3cXqN(%T0_N*4f|l1@`Y0{PtYI z$=HylpQv1rdU%}E?lxi5$6p}JN7_<3H}TxhMi%RA;Ql+Oxx#V;IgHa`;56oex^Rek zg46#MlMX)QK+icf#uFpqi6blvBJsi+H)?V08*RA(s{L0?LQJR6D7{mH)y^)m<+xnM z58!qrAU^4>6` z^=q_zVI5mf|3wDaDSjgJ^D`RIw&gB8dm1k<-ud}(0YptgxfDbn!*Ei^(Fn$}cc1MD zD3+~SV`X;ALz@GN36TT+kFUWoN7AsK@i}a}_TAK>eQjFQI%7St-HbKZ)I`&Hwo9rx zPh=%u8Wvn`2kf|Z1lN5EFMLj?UpOtx6aF&!Dq5#3jOI+-kEW+IH^eNL zp-@$=>QgzbW5znD%x9EV-@-YX`c8b_^?VA|Erj$BD`JYu#iG!{0O>8doWwOs2zXpAg$WwJe(MRMWJ5u>c7DNC5#wy%m-=q(nLNs zZ)u3n4lTVhzaZ*MSX3mEZOjP z@s4z;!rATNc~P2vy0rH){hXq11fiHwR=p=XtkxPB))pdaBl&cTAN*Xz8^aQE-QtQx zd@>4iKCX>X^tvxf^Qco@VLjplp<@(iS3efFwrelyieKKzx}_}T8i|8`){FGYIAclkwocSU@; zL(u{>*fP~6%B*ds6an(Z{%audafgtC)Vc+l?;n1P&62A4;+Q&10I3j3X# zr*dd=EaCSgSPLyRdxRC~F(;h0mcr1MI*HyoWjdb4edx99k>c&+4~4aKW^r4FXvYtK zQ06xLV2yOE7|{w4o5SA+Z!gCOl6%JoFF*T#;)6_LOp7}VFgSjtYbWt~@lkJv(i!!J z|H7z;uDOV04S0!jc<>YF@mJ^BouOPDeXk#h%T364aMs2+W0ARx@wa-)F_j<06fT8{D~ ze$o2VHV*EY{bI#A{R>?1SK$P7>Q~mEzQLw~Am28{avRQ*grzbX&igu?k2@^}W;mZ1 zf;pV0&9>4e$5*oqXXU4`X#MF-2e(-VoHqe3_`>0|`1V+3-6S9PPLbXWW*q_tSGMEe z)*iw>AJ14D*N@0*k1tGCG3G);&+Z?TJ_)tt7S|(u?*)A*y!p{~_Wm!F_tN_I<;}P8 zJXhW!uDlP3U+7rg!5#3MZFs`*HTesC zC@eZ3WV7I+i@&s_WJ8uxLbqa7VdUmn^}|!<=J5*-{YFX_7gWZKBDoF;sYcOOlv6Xm zHEZ?DKOqKoZe?au%l4=SR5`8owk%Whs((vr8ujBBt^Hc1k0gX?Y)Xd85&$T=OsV{) z-0v@5h+gy;%WL=4IxMBtvDUW)wfl|G2(3 z+4N4Ccodxe@hI5vQSkZ~h7!{`tw%h1{y%Jp?BZq4D6j9r=BV@;43Vd>SmkAIu%ynt zS9)oC6si1M6)U`95$e1p+3+`tZknPm`lrRJ(ADW-li08re7-Hxa|QEQ@wCC#vrr)M4Qv|kuSSaG6%Q*0 z$X2LZupwiC@J$sX)uA>`R6u;iaArHzd5eNG|H^#*yQnDpZEGB~mW~-#DD$rE=3=DM zHn1$I(NqfKl=V7ePi7`CnH15fp-mLw#eLQ!0yScSK|Uo0M+t`jJrHus|dz znmWcNj*qBvXPinW_{a6&fL*X!Qq#mMjba|uE^aj}hBIXjuK*^Vy*|%O=V?cG^9%M9 z4$G?H-ta;otk8~^N;|_B-YM%D4iE>ijY2p>CAgOdXsNjmhetc&uq7yy$nF(_=eGry zJHuvE_=O#~J29VIsLH||Z|vWuf?SS=$dUc0YQev}cL;pnuK?Ey_y$9XtuuryP2tX| zmaNWdYGo<-iB6LHiouINk>xR)*}PiDL8{$j#ARgWNAhNxGgOGjWoNW>#q?|A1+^OUKSKU%4WY6{r3LBm(|&A zn$#*HigAfNg4VEttG^aYn1wHRBPklKZf)6@*l~4j=$wHFcJGjDT>6#Ke`8N`$w}a zw~`fF;n#3!5|f#N$kISD0jW>-LAQy&qfb*6`R07 zAyGzk{$R5lqs%WUmr=;k`JAa1O6X;Dbn~sbSBbg>Yvwqf9uK#h%HAH)R^H&w2R}6K z>>eCY#+Y>nJCRyNE4U<`_v;?=yRN~^T^c+HK1ZF`6x0cJ9sri0dew0ng~><*fyNn*SmH&cvlvdd?(7nu@}L;hHFzEO2#5`!b|dbKT5Zd}Y&?6_N;ZMw=hZN)?3aKdnwLpihu!s9Yn zKUhE>3!iFZ8pNB>CY-DJT|X_-qAwWf8%}{gqZ1Q)?;6stEJ8KArAC`f;?t=y<7o>j z49=~Rc|_8R4oOE_Qp9lZ8~Q^YZTL-xr#No+i>7`4RHs^&tXi&4*4wT#^QOAJy#yER z8XoYogDLMQru-DAx04M%NT9LHIoa%9JvP~~%RITSv6+OQnDrT>Lbwc6VT5rpv^bKI z>Y|<{unStpM$4q0P&PW}#&iZFDB1&sur<>ttvDrFj((iH73LdsMFm5sx!pHI?^p2> za157-T`KUy46 z+7Qn%n_!)8z1~?5hz?6y%X>5zeuw8U;z&J{ubmPj|7~X8Ad1RFMRjjCRXeN=MXzT6Sl-GPma1qVSmgPq44()qM8s$H#)Jj+% zf_Y|o08Q~S)4#s||LEAep*h6#if4_859mEc#M^j}i1-JdV?-=Y*53~zenFC^V=rGx z!v{yjy=Z-+zD8t@P#2?}&C)XeJRiFUd$L>~jI+h8NKpotEqB_A)<#<&hQH3>$AlZ< zIhU13l@&|fU#WkxE|^B;W*$zBuqayKy0h30Rg>!1oM0YU>mL)z*FI5mS621su1I|r z-*ddXJ+plHILTVT!>%d1k7vK=0sdhB%XykZM7a4Gm!G%TBJ%7h7^)L$K!a+;Qr^lZ|_ZiKWo|hG<96YZB12_R|_F6V?-i^@Nz#o8j)c)Zl%fKxG}=YU6%*&z?Wq?)l>;!P_Y# z@720Ro7TPmUF{F6aH}RWAIqHwIfr9y_G)LZjFMOelYnz{(MshZg4f=5Rd^jQ&fUvF zlF5d1!?M&*y}Z%O*#Dj~!>*?p&*lCM!-SmIbz>m+GTQ$hc?;!E=?8*Ax8J&cVB|8= z>2Ri6YknqCKKeAn_I!A%$Br6|F-D1Uq!abyCpOhb9r`w?!qW!hLGTvVveGE0ZozkU zLTz|AsDFUxPXz8@;HYH1axu4AE1%zp;k34a008PZdAR4-m);3-(LQS*S+aejDxFk? zz+Hc{01&v{{E~aEj7Q{_BSAm%GOpHZdY1bd4o@YM*T}Q;s(hd&6W_rHO4uDC-Q+8| z@L!hXE=RZMbnK`?dmw`LwU10?Z4(_=OkcUrx%A&&gf zSMwUOpU=TEJI-DVoXc^Ja#*OmMy`V`q{^BE2WJZ{k)<|sCzV*DI6J)CGy5kw7}Co< zkqtgG1!@S7hQQ`>fsR1~n?WGiaj*+6rTY8SdlA`i!>VK0{k(`DY+XWNpiK5wa}!24 z07C)9`68TAO3jye6l#a5*kZl~R$t zTJ!Eq;=MjGf22ifeNFjhaIfo-^j4I#aQE2muY=UwXI&EGcT>#*K7gZ&?`Bt*(IKLM zIZbagz~HJ~7)egXD$i-`cKZ4tsf;%Ej_?kT8a6fgy-BwYyMz2M+HrRqJ3$n}s+E$l z*i%*ojne+C^#y!P&zuKxtU$UqHW&LPN5F|vD`zNIx>hNE?RWgeNn^it-&G`M9B5@G z-dGnJLl-@c*|w!$@Gm~-1FFMHE_w}NWfz>o;}QL6 zS;E4%(l;Ag+|I@N`Qi1OV110Y`YbfaFS>=Sq;OMK!5MsSu7$!U8UPd)9|fC+Q9GMPQ;Z9u^?7 zI_D3h=DZhD>0_uAH}xgGa6)jV<&_BFGA_=}Xd~KZe@I8Dvpu5;Ql@7a{V zIsYo|OD`cI=y#s^(s#illYJ0%kYlcn^92PJ!CxrjF$fOEKt*;RV<<$dwF@(LL$_b> z@mdxCs^Y9%&rQ{vNaI>VS@S*t-iyPkdHT~}*R@K`R{5ce{!U0C^j zHENZi`5zH5+oOvp{Etz_K9By?lD$zq=$G8=0IJ^=k_V_|g?`CDRtZxl8E;pg>80nG z;5g#qgb|TFUwa3tFneY9Fk)3;{&65X_hlwAd*CsYtGE)2h9}I@XLgi1Bvnn;ggXgy zP+{}48qUPs`N4}}e3Uh~u=(0xH8axe^AQ`h(@)2VS=#C+?DI7tb&h?+X@}?dAnovk z66n=XJBX7uz)9_tLr6ovWX_v85)k=fIsyfC3pqk+=mtN!aR^7H`bEcCtsy^Elht)_ z!NGjbPH_FUufaqdwf1$_dF9!YNwz`~@j}X53;FlIDC7WF$a_4uvgK{LLb@wiou}nV z2E2%(6C;R_@FcpRwoKyMu&Cg9DAlSVg7fI6>@2uL{)v=?6VBvM%u<&#REwu|@BN&% zhgh0SAEjYFTKH-)Y>`^z7oGVA1kK!H>(nc&Ie@k{TBBC%&>%~lxfc4uz6JPr^r(NF z{;AgF#_xMLeWCep;xF17U-Z0|1a)v>^FyK1Y0DgKaZDTj8#^bb+(jjt^@dGq{O?Ul z(WEk(G~@OE)TE0o^?%Z&*NCY3#U?#PLf9lVSQ=tgL9H=Ba7nS7Toh*yqwlT7ZRFz@ z?ib$bz?jW&D9sM88D-k~GUk09?ibzx@?q5UVq;6M(qOF^%;%+UasHy|>aYCpYM!%h0Z(wX|rxZmVS3zA#amyY6- ze#eHtHT-hc(+cDm19e~W$C$@B1>&Jprax`GQ(rnyWeWBi%?6pfGgZA;-*BbZ`FtaW zFEfezZ%$eufm$ztS|2<{$gk&P{b4^ZP?i6XqnQZ1YhP1d7vjKX#AN+qd%tRe*U*xz zf5KkIkF}Khm5)=DBsa;1>n+L8mu8fPn_}-$RLOcyt!KZf4lZ5j)qS6uT;TbAR!~Ou zXL{u}HKES1F_PDcWM-hUqPs`s)Q#7;j>#exa}2tSYOni8_U}jRrGsw&znO zc>cJtoV8VvtZQ-Qy+nC7v?99F`4Vh1DO7T?-cnXhX3zp}!zwq7@UfqLG^;?Df7n5 z%r;i={O-&lZ?^=+Ol~cbf!-)}t2&BE;N^nHX05k6DO9|Je15l?3au}lV6Wk4zboFK z8TL)qu$$Mj6G?1?@+*G@Mq9?A+%j{gy`s*`6dcR?wwGphLPLzb(C(B{sSYtcFMS|# zRZvE7>6SmmPJM9NjPDxV9FK;4U%U8b>RjYsACM}mcaRMn^`&BY&>tG2Kiyu#&msEy z)&~8^c3r&q)R2JCM?|+}?)gG2`=m_?SFt;ZU9BxF2W_r!)}`4>Ga$p(V5x+?r3OQ3 z6QDW5LHy=)Uye0+C|B8P{V(u^CSJjNHanIRi+QM#FO;$7DdzKGJ!H!H;hfUgLxIqvPJZ5U|1SiDKw z@ybsWzbpk*b!2qhaNT#Q$;ZGNRT?b)?v1iPK89&hm*XBU+R2vNHSmj3Ykpf|>c-fRhBghbLW7zk}p7q*3{+-T%%7m`-H zq^b{jJ~DiMi|50`=a+F1l~aanC7C;Vjg=5=y)|8ZdK}kZz;_pP5cp2e2r*V8#8}3l zWzTf7+ryL7KHd~vF{8AGR-xLjmD96!qfS@l+6bQ2;jB@f-=sClWP^O2!H&Z;z+iH6 ze#UF46AcL`sTc{>=+zu`?e$#B9)?w3my$gNkSO9Xs(?dU2W8F_G)v*wJ!a2LqLp^q9BQd7L zsj$Xv=F*ZD4Uk$deWr)a|LwOjdW5w3X9lU8ibE_6@l4<2sV#e!X|B_>$uqIAHuTE( z&n*o>k8(;V<}Cj3fDdf@;w@2O99UPA&x8K)Sjb}ykABJ1>dnlYPJECz;%`dl_#R#v zH@gna49{a|OiVt5MjnUqSv3j(G32WAQ+mi$ts3bMyqrRY;sa}3hqj(wsBxm9rJDN` zPFOXv`6&es!hwC9mJ3!}_)LhY4uL3ZzFF-)-!wn4`N4+ge^eN7I|_^_7rmjZ3lho| z=;Cq00_~zMbgdjY{=l17FcE4>54@IN|EaZ!PTWgd_kn);H&vZ9C^MlY{ghrSl5?T| z(?0|}S8~n(;FalV^Jqt9CNYS&LG?87JMOmaqa;7km!Dzu?(L-abm?At;LbcXr#=6v zK$AsSVkDrQl_OW!*UMvteas6G0Y55iD++tZrBm2Sp8SEY@mDQ)iC?d&P6g{9b!aPY zWv0#@Q9yjB){wnSox0o17t~I^L?zgaldZ&1OiQO5GZ1F>i_B2;Fp@_ot}z4hG(sh& zryDaY<2-$i`jw}%Zet>unJy&Ix+$;my?i~CVLjxVg^-(}kUg03imN=uB@q=KysT)N z7e-kdcyL@qP=T`VpzMC%o`%Jw7e->I!9%CLFtWMc_B5CW_BKMF)S8qPW>*I?x_M%r z;LNY1mNr#*Rz;d2?#cC%J+)tN4-9i!upbfvb#%N)51nCLUs|I#v;^a1<^nZ+^jkTx z?~9>GBZ)BT`@%kALquK?KFPTQKUw&6r;2)P)Y};B5%vM0uwRX^KX)%>di{S$)_=%D zcA^;uvI6BbTfsSFhFA6u3 zkz(|hUhU6LSx-<_e_}au)t$@hUT@P>WXP93NB|wV&$1 z+_w2FKesKFG2Ul=O`GqHkH_QPngruk)-hpok?RAL@NXu zLF*PzScHkBqu>v(ph*-*5J@~-#9lQ9xzxlDdx1_$bo+ZmXzn z!+Hw*8mz-}-5gklrk7-&W`qORpw~(8!R5RJoey&M-+}sJykdx_IUsg#{Y7{pr< z#G(&k5Zh6Iux7YHG;M|{v5-T3+u1wgPsDb>R33v(gYAF?tqFp#A3|=}D%{z?+(2Y4 zCg>eP+x`Wb*84eYnt5!(trMU9mNtDJoJ4)iH=148%A2;I8xvdhO1bJpW$`CgOD>u832t&Z0TIYY&OS@|saI=AV`tS;F z6jP7M*b1Y28@?6irmD7J<eHjSU9jWrOY$8e&v6x-Z2`FH)t9 zRNvzd0j%~1XHJ+%tFqwFfC1Ir8@<2)S2(~=&xw_1`)wwKX?vEUW%VyYFx0&l7hxf;es)8(#8I@>mSy4)IY=3KL{j$ezAX~SKhXc zxFu(fy{LBxS7C}>lQ5WuE`rRk*aolvE8NEBU%^Q>?^a*nU(t;Pu@DUG%R_WBuC zY5B>q(kxKU@&m@80ocB-w7oijofuYHW?-8-uq``)S$;}$oHWW+y7|WToT>c5m%lZX zp8qz6l5x^~l_4j6xh$4sM>w5<|1jDneY zEel^q$fQkN#~Xg1Y5nc3fr|Zt%lVsL*mJ30aw$(eSLqnQuwX#6Vqhkp7mPh$RwdAk$id#lNY-}mNcG)Y`j-7Pt{@9d|Z!P@z@ z>SE9DJ6&b+eIE;7!ppJs%0gr6Se(<}$YskY5`JHXo|0V!IuNz|I3XpINMq|6h^@hI$%87K*2oRM$x zbQ5Z^XFG%HgnB0|n4@tk>h$NKf~JhJtbW;&Iv5bMq-Y8I)-bj8JcnUw$$A?g{DQ~$re&y|39wBWvPFO96X!eeSIc;}g#e?#W)4Wn!su{n z5+gTkn=&YfaT`2&^o4J(3J2~xV~Tg>dlZu3Ki-Qi}}#c1Oi<4x3IS#S;~ zQvj98j|CFg#-?UA2#F({rYRu+7_f^@h&9ag)?&bbimvbd#tln<`ntWUxgEG*nyc)R zg|SjhpB!pvgLN^C*&Q>qFnAH8h8mL{5IfG*m>W)~xGJ}cUmq@g5%hF`cqSAW&M5pP0;V4*|or#)g6!`|!^Ogu`o56NDB{wC$TJdyP8k`NlDvkUDPz8ZHZ<~9goE*5S;#=tey@AJ$0z3N2fCN088cU*3;o0% z4u|Vjpzx5xg^E~8)<5jj-;hScOvLOpTWb6xUX^+Ysq>IJM7>}g-z-RT`v~^V8^w9d z?;j^`qu2P|VP0c!n3uQITk)M{pSEitvzuy=^W%GxKRJwfZlSkgBP?)BSdI|S4{nf% zW)e>?2obsahR{8EVN~x0JTPl$N}R@n{>>8=Hg^R#__x&2EeGKj z-8Q-P%(+WZyfmP~GU0mLfs0R-WP0h|EtCf|VYLnVT>7km1bv63+QwN21 z9-bOawdW z2~!V$jot^q23AFOIhL(oaPwm#Yt^PK9^7jm>g>a0efR?(nCUOeq8Wh+4|8F5ZV%f76Jov~qY(cd%qb?~{1tJCu z(#(rQIYPl~m3?eM&b6>G$xtwdlxA2VzI1)NyucHzjK=K8O!oam z_8HkM|M>Pc#|CtPo;g2MAnH`zNn`2VJ#dUG{Z;ym_7Go%5C^ zec24J!A(Cf3mqg~#`qNa7Hs}DND|Q|zFC(Io6oms7uAOWlrNak%e~s~oflyfy=O{R z>Rfxj`>VFFxS9sT^4-16xRlKWIO9T&iuz6baXkj5*AMoOE+57L)mx^=F>aY28`rP- z77cJ^_;@g?H64}mx{WDWv;YI^EPq@(#D z%|ipS%ww<*^O6l(v=HHn(;Juvr-t_bu4=3FxKu>9GP@CuxmcN3yTrABlG^|CRS50R z*+ItO$5qJfu{GV@C-lFKM?Jrxo9UKjkCxlqx09TiZC8D&<<0(YRDG~y>H@099eSkg zI&OYd?qxY&)U>Qt)9EHp_PmR45BA-|hRTCB!d`cgZ1*iuMK22&Xl120=7^OhU)IV- zmsLTw>$cCaP}M4b9M@InRWE11%dg8lLR?P8m2=nT$IOp4AKVQAn{LkqY zYy?7e3R;-FyAb}x`Eq7(=_(g2Fkgos*M4diDZv7FQjV8#zrjnk7Z^PWx8t%Xc={1j zK61<^=IEJy!%v2KaQO^$+33VB^YtEjrA8O5wq&=W;uo#AHyyG#x@4(6pT?R`-`DN2 zit)%Fc(RH`NJa%$V_s1~#pW@~$L6q`$RLB0z(~UZ3p$L?^WN?=_suD5c09t{kYzO9 z+6Em|qok||M-nBy8b27{d?8QEDjJ>G{bALKKKt}o1MD3?rr!+48w5y|=Ns7b4(xAz zVwi0P-GVV8nA47TII!32V_;heY)A+;!AiT_fjtsGHbsv9U?&5sFRkIlAcr}~L`AGX zdaqOPwHk<%Zh8c{8<4?2W!lZHFSUsS5%G&Q)nJXfYxIlue+VAM)qSI>J8o?b)!kpQ zE#cMoby~1fcU8*~1Ju~K3V*)VQ0SXJgZ(MCjsjcsP(<@z;64k^n8kxXSJNlVH}(-s zvB0^I9oUB$9i;1@g8n;=!@rNi!Er+A*x>pjjq*Eu8na$8tvUtU(=-TQ?v19KQ87bt z2ho@74~WsgXun>>0n*WaR|oc(7X!1NTo!^k+W#=jO1uBm7?{!iE(43veuabdo7*Ee z0Z6K)u?wt|?sb5_Jv3INb<(j8um?=rr{~hNgTBH+Z{7iVmk@zmmkxK3-+vrKKtdmE zpsB&SA+3E)1*}b%?95s87Qp^23b4hFau4A3P{^YyJ*Gr$ww#)pxKe268zP{_UeE|FTrjH zY;%p+>Pt;1{KVfHn8MyCMum}PQl?m@!W%t3u;*|W&1iSBUi$XZ8hsu;XO*Q^N!iR> zV9%3E$5xK6QFw^fTh6Z>ZQ?0aX_9&KL){ zU*{O_n9AEGEYGv@hB&YXhQz>(xj&_QRIO7}J2|jD2E@RO6Q2*koTzMIfTR&qj){Sp zOYsf^bLZ5mUX?sjLqUE}r=(2c=dEIS&@P>V3&WzFc-`)bUf2Qbh_L7y@>r9`ImlVN z#R^0fA^#y{P7XW=+5M0hq_ygEnk!psJ530VgNZ<}Vc!^(sflGF)V6}^<)E(U0Cl%W zM{_F-xz}-BP}tQU#QM)fZxUd^?+zDi$eDgkvFXAERcEqfWF8BDrY&OmH{Ywq5}JId zf2wTks(r$}A2J7}4a;Q2aI~xKM#?5-Ha9Ia+3jM_je2fg@s#~M3qn8L8;)BiG-x`R zJ%p+$C*{{lO6VvY$FrQ*WVRa{{6`Fl^kcT0i~2P-sQ!^bAu&3XdHqMRMj9{wK?IKv zE=%0Nd{GCgT?8aVD-Lzr9S&~y_hTg**@lEAI@H=Q)?Ti6AO9ql$3$f-S9WP6DuZ0% zOMA8N;DF8oiBtrLDXVrZTo)_Ruy_u@;Qk6VP7_CVo-r@E3+u%%`ip-0FP%J?`NKlD zBzenP>%Em#J^kzF8PUijAB1{z3;#BK%U+E&YTc8q=4rll)EiWO!aZR}{f3U>{jq2Q zc!=Kp(CVsPtjRK}Ac4+LHSuHT%q?|&2-sHpjc@pgTFVh*syu4gFGv4QJHeF z{)=_IFB26yhjmo0+({*5(W%1lRQZkzeu_+yyseCmoXDI$l&YFq}0x z)x9?BgRB`)j+`hT(6xTSQ-5)OlPquPh3Qx8HnvnHZrQN0IYI1a@0EBQxQ^l4hn2bt zOe=7uTze~T99Mqr_59Xutl{rfi6`}g5s`TGAr)V}1&*WJc+@{yI)g_k>J%pkIA$%H z$fuTN%>$8j7PAu<3L-ixzu+``vpqN6%-Fa6e~eEE3cNvxgz-p<1&`-cuFZ#Cod>8fQ2MvjDS`)e}&RjjoTTvGaDQk+IjS5saz zOCAXFfBd`a$P~-%z$P-hN4;3fbL7;U%rh=`i%TnHN>nV_T5w#<1-ct02jllQ^v)D| z7b3Gc^q2}V*!k0C_WCnr@p68zf^hsfdSNQ|J}2O9p{Ur|x@)&^5fNk?TC=z3k5%fO zHvR`4;EU%hS^tod)Z>~RL*7~oBC;+_zp6`lZ_x+49Au_S%ui<-GfooD54hQ4|uM1mRpgW`v$sYg@U0nN9Ikd zb{eJ(v-7I=3V;1(v*Iga=KqO zY&=;DZoLC3Q93r=fT6RrevOZrW)_yOTWZf>j zSWFwy&@)Q=3Bz<{_hP0`Y%F?IGNp}fr@aHe+OGWmjhB_->5Q_!4FEm)T5&zIEy6u& ze^9aG7H1`*^cjAe#KZSXNMY}rCYv|6I}}~ah;32fwW>n@Se#oTKt`F7UgjTR&FLHT zfJ^v((zGa4@Mj)~1LAMqQt7W-l!?oH^`lBwT*aBc^`#yyK^{V4*Dh8cAQdI20H^4K zq7gha|1E^1_O_70UPUG=ySbkp?x)CpsO^gGG1;=^g&p=Y_$~p=@tOHdV&b8A+d>I^ z6u=?3SjhTt_r5|LzZKj+tCjoLcz##YQ7K|h<3||BS)a3Y4#=FsiN0TY{$pRL_tVQ; zyPKOqt5(S6YempVVNk~@$O?Z*iRvmk_C3P6jlN1wwT*i1bXFziS4;+bzM5XMqPgc9 z98ag${#--Rm%nY!S%os9EmHMe24}h!4oS{kaExEyC`<=uy7l9I*)i#^FSab`zkb|1 zKx_;CgOiWcI(}6HW`jQ-5GhJ&Hi>c{M432LBbIE*Q#4V^$AxEh+`}ok|50d?+*BL7 z;uB2PV+om-FJpTWQ#CLUFEW63UkX|JArM9pSDn7_A@(KM`6K#xbzHs2Whs8NnI@@1Ta{N(c_||nalUB9>4Z=P6RChq#qh_8pjn#fp5O99a_(w* z?I6ePYgB-aH7oO<6|s75L>`t7loq_~plLUmHp509F3PzPOs04Im8K1knifK268&C` znL5QJ2Nk`HvwMC>tF;+TJOY2T1|5ZG^Ra1Wl@ZEa?=ZRoiqZ*oY{W0Yvw=bIzncDk zDespCSS~V~q&p-Wzq{V`6WiYYjHr0kN1V&RqhHYbZ%=jVQm`L?TN?W>z3QKBP|uxI zhoV_Z_*XPoTe-2}w_P>ufH}WG|#|+@EjJRdt`9FBLLMHp3`5V}jUw zY#P7rph9({^Ne=mgoIooD_zq*APF`bECw4~+BNuscL4Hfbh6<|Uc{PX3F|>4aom|d z5<_Dwdg{tNVu7yS%FFzQwN0;(x(27a-P(Mo)CmeYG4#OGOyQd7iM3F0=Ix(UnhI{e z#g$to9LvSwuq@`e$E|yQ(Y|+J9ImY9_=Y3k5zc#I>H!YTH;7?|s~AuDMtbRREDvVf zuIYmk`A#B5DV~B%ybsRin?#E?bsXCkT(u5XeKIbfK;?r(x8}{$OVh8~ZF6sd!Iu&_ zG2k!i=MjaTe{wN5EBKf4G?5YTOE3L{Bo&pjzb%G-!rq331caxgyGInd;|O1o;-)1j zH`mQ6T}JN@!%kK+p!JACO4_0B`<5!k$y1>7a+Py(SkAiyrzkRM+Mr^VTvJ}=@I0?^ zt?j0m#_rnpVhjWRP_mc#=T$cNat7PURBOs~ zh}G}Ca?pnL>6Mk4%I!L{P<7R?%JhPvJ(pMZT*Uf(rmA=6%1qboyq;evU#c?Gt@p8+ z!FgSW_Fr%nv79Gt*V*g2-0O+iFt~SXL#ZTe8ih4K8H#$;+LZ-rZM*UFD4A95;|X%E z2F;qDVB|suDVxnkY933R*SRf+ULljCX$x=*CZ}Cx&OyuqY_$afgMsq{onJ3aRH)JI zRDqB@-G~GijDQPH_QVO=Z+NRJlED|i5pN<1-&Te$9b)sVw$>$#Unc7=0&1vV?xp*{ z3L}u+liBEztUuN=f9KhSjo$+6Pb~BD-c$*~=IG3%O`+3<YaS5glIQYL1p@cL)6$Zv{z?OL0MC-P;&oQlG7|mz*HB? z5Iux08Jd~+vsFe#bsra6LuMHDD>V(}a3@Ms@PKX_pow>?4P?w8+W1}Z^7G9St z7{!~gk=Ju^$*x|@5~d2f<~5~Tyv=@=UKy8Pk(|9mVQo!PETg>S{I#iZY!;23N#kXv z)L1ha;7+Py^YVK`nfQK#F2(IOn4cWirX3fG?v4w~Scs0N26kago5G>lC{GzNJv0k3 zMqLn=P#Anf3E@nwnz=i`4VY$8;I|Wu>;}!QqK}jnRD5rS5*<&EXfgR`K~RIu&gG)x zF`mO}r&7Z^b|?&4QudjLGJD8Wk`ttfc#RB09x8-+usyY8Z!lzH^b5XZEW%sU?0!zz z%-;Ux-rjIOhq;eS-P@nt+kE$SgS|1lj(a?2hgp2^yj`uVKflf3b~}`cYt%OSX8cLN zJe=iw<~KniI(eHBeeDLDd^gvA7j9UW8pjMfH%G|S)(BKIt{ev|d=TtT-OV>pahv** zQ@X8+Z*_9 zcDX^WP?{n8;(tP~;uAx99eYhHz4p%hKho>My>j&We1_3$t^EvKp&!;Z)FBO7VDxDZIQ`Y%cP?e~i z-P8$mcEObw5)%w2uu6V#Dbdr75}PjK+_q);n$lFB4q_MFAk0am*$!_ z^(Uv6NWr!{f-h0r)AbMQ=uci3_ASqU51$KzdopTv$RSi9#!VMo;0uSuh5Y!5K0==r z>f4OBiiYq}TY$0b{DN~R2v__>(Cni{V87^&3&@)3@q%`$cVmU0RpCW%sE$N;73vox zROkr;w`pOa0y{WUe9>hiy~g*uA`si>`-uhDgKVbH_IOV>VJO?ac^1Pu6azHqLrj+n z$X*dz(ET7?g-Cb*H6iIVMGd+EXSbvUTX(fC-0@Aia7m8k+tE*cr?&J9cbpbneeE-y z@)~tvGn&2Vne*E;kdA$u)|V5e_`sebb~jc*mRjGME(nIq_$3POX{aX3_~CxNS&qW@ zI0|>+V?<%}xc0i%ks=!V1z%?3$dtE5M$|4^VbordHfle?&wrt|m+88_-}e~d@NG!# z24g^@_LA#DYG2%*+NY@o<6}|#4&bt^60`(=>1@>g`|D8q<{Y&<=#vN0>Cn5MWCrT# zPg9~h{Ir*-(3HsIQUB=I&LO)Z4n$4U#@+WzV~$BSBBqVWe2~D`#wMX zj)HdIx7T++ajU*(3U1@aCZsYvw!&+SY1)9}6p)h31)^=Z&*{A>F`9QFI!}K>cpN{; z`g(&;93}X=@AgVIjC3Ckbsw0&9_2plll!ovKFs3}-anqSAwH2*sv%?Fm=rg>MS3e3 zb>cg3g~(g(?uDU67~+7V&(yXh@C%y|N>8~Amgo7 zDi&rh47Oo450za!uzxv)H(bF)%_nT7c4P0?^nM}l=kEz9&9X(Ui)(?pTO73AYJQfW z0jT@#=VU{FUgqug$U8p^`QbPNHg^xShoRdI$obTURM9v+1S_Zg7}?axhBabnN*k_b zkOTcnYk812LMM_Ac7{@6a9b=}{ft~TpxGI=l=J-fL>)$C{pRs+-g;11$vxNSyD84=wmc{1pN5dRFmE*7B%U%OW zxj9!BFFr4#fE>LoUnUEAIxo2|!(Y-TZnKkq_YXmIuXYFmAPa*4HVWWdh^Jr8Tq&wt zMSZ2B%EOZW)76_20s6H3Fa`K3yG4vcn|riITP`izV4&_lzj%(Vb#R@H*$oL`mQ7 z8B4NUzm1ZXcSt%UO1i&8QYuOs-l48Ulyq`QtS&?2lV~aBuZ6KBi(GjnN;>V0*b=!! zDR?YO8qgu>mME!5hoq~bq^nMn_4bIwW~f(x47W`$S2*c1YSfO6t-fX#?JK z>&g#aY>&n}QPMHH$EabQ(r8J+{V$_2Ux%k`+SjTt5&iGnV&ia>15T#tG)s$(HTuoC z-=@S<*I?@Kr75u@e1fI+{5*z-MK%59#UE`VP%OPr7+Y^W-}aeJlp;V$U})faHvPdH z&f=nd7N{s4K7z0mtEOPyQh-r5DP_(4$Tvj}yLl9llwt8(vg4g=SSJQx{&4ufC(o%g z?MTg)c454<8RsB$Lb0Ee(KJtJ=?o8DZ@~^6d`YZ&z36Rt%YtKfS)oeDYF9?xcUy8F ztz_Td-+S(&b1xb@?vnE^AjrCU2V5z&KaV+g+*zD*{KU9!=hgmPb#Ai0t6)L2+%2Ba zY`i>upSf&4PN&4P`XSL9!gA@R_-u-Ywlv~qOlB6N6)JsPH)j-9`sd{j?Z3Estvp5* z3bY%grcJW*O!^zVO5EJTkKn5r!`I$mJI$kMQ3*tvD1td;GQ3h2s^?GEw)0_ ziPvstS4NJWcCKUW^(m;Knq6=G*%&kIt=W3%&|6hBH#2}Mjo-3e9N%SaPfRA!f9Lkn z@zv5e!#XTA%{!HH{lvtZAMcb-96yDbW8#@laJ;`Ln0#WZ^J>38YfSZd z$+;ss*L**wdeeEbFE~b;%Br{Yx2paA;!7?*m)Q9QT2E20i5|Bt0SR!*^;!?ic1+YQ z8rOENTiV&qw9xTaowBFW+wO^|>=u>Ue6Rjm_04}w);FjAhbC)g*|IC|V!msM{A zMqO*ZKfikOc~V^2tzGs_s!IfN*##H>uDT-m#E7ooKL*MAOiWSt9Y?bN7C-};cv)4l z!Q(9iJNF_?9$x2Z#K>KP`TTFyr_vNp&ysVm5}N8F3dU9ZYiOwEqtURdx^0l z{gdrW;lc2wbn)JNi*>OmC8^7QQVVq~+^~z7%dVGA+S?nw-h1^U9en3)-{S4^GydyI z?|VJJd=?hyWC^M5TXy+5?<>$8y@1)nr0rF|?qR6fqzM=^CsI^=HBR9$p>w(r*-F_` zXh;1%-RbuWXb}4SJ4%p#U$0;EyZ!o!btf}})JlTlMC_bGE#_4eDiA%eEIQ>5UN|3T z+CFv8ITUE93-wB8j2RkAD{7j;pmRDN6=lOWg zz4X(it4PID-*BCkQcSQ?rr^x+ZZ02;x7zB%A}K{?r$5uR;AU%>Ut@E$G)q^6Jo$+( zR4Ru_4=ZmgHv2-eQ63ksgW}CprqzVoty=2=jxf+_#9C5VN*I=Yp}D}TTZD1DurmGT zu=F}j=Q7vXFs5Zprsb&0h(fc&pzGU9my^HJ-?5S)>p46Q%bcAz%zr>lAJ+e+`D;0Q()+D)H;UoV88DP$n3G10n3Mo2HG=tY`WL-%FId1t!57M|Dk3M^KVl#hqCr@ zooT?#fU7IhRU7je9yS&Z_Di}^PGzRg#vz=uwOM7l*T(FDaEvg$*QyNH83=E!vG+a< zCHQTFbFNl@hLOy^gH|Wb1WI&Ly9g91t>IU6y3>BaT}vp_?S{=x}rUrwT1}iPz zW)fA$oCM7xs6=JDO74y&f(J@4~X9m32LeIMNhP{ zRj%~)Ho znD}aZsCGXQ@i`~)iZkg08DRx$m1J@Pqg3dL^}_9)zActTmh!d9ct=Q77VJoIA|o%J z=;gdde!`~^zV)(;46jm&*a|~c2P3;*P!-hy4C`mRg{AA<43y4>*z`&P$=Lh{g$*?<0Ki1gr}3>m2Q%9B zB}j1NtDiUwOq4H$5p*#g@#m`5jKtE3A*udD0gL~o0)D=-wSa9YU@8SPCC2a?vpC~@B|LSDjW7I*E)_LiXodwX(%NU7GirqgTHU^m@N7y()}ei$i+#`&D}3LEa|i z_uXu~EuxKWr57V);;U+r5_*ZA{a{{BAkvTtQ6ZYS!3S>xDnhYtaXEGofn6R_9DzZp z!-#9qE8pGtHr!EgPsO_|j?L-|D|=^0~<;ddqZ2t^Iu2*{ocTCyuGB?C$cRepPwC z&Ng^a2OBK0&T)Q1(@~itN2*JMeTO-eQEH){8g2zz8Lk=Ev^G3A>_ZzSwH{~(NOk1@ zR~-J3M*{==kC15^fK?WG29h&05V;|lc$T_IFW|B1^Ba#dJ?rX}9=1m4q|n`mT5C>~ zisfn9ReMxs2DJ?Bzx=Y}1}C2w{F|SNM7->%V>4YVhBmJ4I?Ny3FTb+?lBx`Wm#(EB zge@&I;d8Yk{s;i&+ciaMr;CROPWr&wIo$o6`~=O7#dEjD8;_qrU$tv1$ky~j3*hM7 zf;eH1p%4s~BhpoS@;(yRYt_fJplY4#l*}N9;1N+*aAFGlr#R_yCQK1dUIe!zaLwz2 z#dAUGk~Tx5*$A!tl&LSZyUOhThxhQ#;1U^Y^Z5tuRDUlM{xbEMz;|3pDDds2z#IM` z@TU6G8jU6D4W6e*&zTW4d3Nap-jzqsf{UItIo3D9YbLEUsfr3srVOPhiQvgr-9R{W+o8&r{|kv&v!=8{zR;#rwuOo#6+rp+TfyR!Lh%`zG=>^@&+Mo zc>cCI@2GSy@4O-DZo@0nt18p$hNV})JtGKsT`~Ebb1MDrc2vkP|G4rY{;gk=Wk~v+ zL5)A`JgD~l&##?+@1PYQ4C(#Okn~+j8b(_b67er7c2OT+l!gV7!c?MXT1fwsz50tG0-UwgsUq zS{1N$ui{d@)Ke8J&En@0GN;x}H6VZReA6O157;L7jb1 z_S3sF>wl-dcHQJ%8*2YDX+f?wEHIIu$+jwfS@R9qi_I0)0|e^56wJRn;|uk*pCsE# zDR2VVYOb&STe58%X5cB=3EwWMU-owzn{aq(L*}hqJ^U_TikHR-uu`2tW|e5KENSvL)vtTIK6^s1bnS*@_D(Bz0!{Nn_Dz~Ye%hL7knUbZIBe~! z$+miadia{WWpDRIMI2q)piDza1;(qcB=DI`gAB-#*VL1#L7CFEoyoS}TB94Sz=v26 z)H-rBokd$w=5)VA!qC zEVV!yd2*1B+s((~Y$lsjF`~(}ZF{ zD3W($GW$MDljw4rx+U8l!|au$ib~+8?+La()4)1a+Z}w8V`;hsrumfY-l+B0`wBL^ zUe1YmO15f1I`gxtiBRwqf5KjH<2~m10R@8~z<`f{vx|6_ ziCE3Kx4^E7o64hM4L~V3j-h#-woGfBoEPHUM&fW~s#3|VAV>wOgX`Eyqgp2_+3Cl-_mELf{Oa;KC&ris5#+9O-;wQT}|pWC~d0J0N{s;f948}2UvdAC#^c^;2a>7 zNkj3H;8V^VQzhf`Y&@A4BB#F6ja(UKd<~Z|8qHT0Kw1!jbk44T^b#QTLGqi1d49iL zlMhX-;F5(8ygn1lh1(9PCz~Zwiwu*}pf^0tkt7=Z*G<|} zX$29?O;^S8GWd;{bn>}lT{wvt__^dm)5UGuygt**U7wB1u7b<{JU&i4wviZ@QAHP* zRRaJJz-2Jt|2Hms=EGtx8>cS7F=IZbx80`nggsRDLOgPOG#~1)6Rt1h(J708+ z^F=FeaTE8BJ!9vuM}r2Z4b-R`+4=U6TKM8#0;1j2kAN9(Jic!DM;a)^@R|j&bE9*m zrYMcr_{r=)8C4iRl4*JQFy$CzX)Ur;B9+XraM5lRj0JDD{9a-_U4z&}wXwxI{%BP* z)t}^#*{xInRPZB6mWyU6L=qO0OWxuiT&ziAW2vAWY~$Iy5LyID5yqLuQh(4C%Qdl5 z(+h?yr>GkIel?2be2|65bOzonXf#bk(3qy<&?BAxkt3)eo%Oi$BH7_?>0THvZ%pI} zOXv?cb?v>z`2BY!rwq}K^^A4(nO=1mC^Z!q+evzx=>;e09sAZdthRDY?T(+4CjT83 z(2=WabnoKTsdV<_l+4K{ebo(X&+(bs@3E3i73u6H<+L*8L@$GEWllh@j;D|=+E^_< zG(yG3MTQ-RQAa0{CZa?-^LXxP21SkDjWm}wMI_;TdYltZrAjl1nS^&!Q^5n_R|B!f z*YAa2Ek6Kh0CNPaG}5c{YPgxEKlrFHd}NMCB^{s2v4aHoZV%x@ z@oPv_j^MD*gt6>1VSMjG*T4S&BMOV}M2&0J|^706(I)Fu<>^WETUV5(*5^nA>J6a>aDqIRtn6bj)4gu&{kP zJ`sNX4>+1h!~U_m8*oNPn6?`oVa($jb7vWR+oR*Su$}G0IQBDPJmkNFktG?JC{D+J zHh&fa^q}K;5hG}r4j%Zg3U|{ux%W`O1_F{K7IBhv$^TH(9I0}As8XAy!9hE&A*S$h z1FR4xOF^I`WvNOwobRwv_?iu)jZ1?+g`awGLGBJB`~3d>FOU|#-x+!fZKIh~;LgNi zbI`7m^$!o+h}&D8Dv4wXtE=@fdCN7hkyxRiAZ^60(64F$EeYnZTS+7HQvKqeM&{ML z_Z*pLtcynG#Ot?cWOjw(BeMz?M&`BlBwNi5(Hn1M~>G%KF`M8C_$qHhE;yCf$Xv@I2R$a?HlV^r| zn#Uv}+5S6H{391rlAB0M)7ep#>FkNRcL{gsDARvDE6GHSqnh;0GksWqr^-Q?vgbUv z@SYhN(_kN->u9YUrrINV1TThPs(XA{8h&xzbN!N~qSj=^3Vyrm+wY$UJ9`&#v2<1# z&_6j(o!Ns0v1*luRv8eFnHv?yz<62tfsv%fM<$*>sQLV<|8QKh1)et+E|*c1nWA zYqqL}SzSU?EwmU8|JbjbCpCSxbQ!m+jrPb*`GHkIqMs}g+m6?T2h|!MUL9z{%xaZm zRB$cO&m0_$BEaG=;QhjLL=gvL{L``=>doLrIiuf)lF61IRd02(^}k!)hYt zw>h`GAv>*NEOYC_8ZtA=8#3QT{zf~aWYy>jveE(9)%wgPB9wA}GG(~1U^2+DQyScU zw&SZt;W9J|)S^>#SBGE6M_&uQzbO17D7*9HiT1@%9TF}?Qa6P5#Cwio2|2L)%5&7c z8QO~8;R8thsb)M!IZW&0%O7d0gPmDuyk|bx+{#wJ-kz za9UbXWKfL$|Cg#9UzkkDj0@;kBnpbo5ysQ-n*g?OMkDy%{2Jqb;nK5(5fS?z$&Rd{ z zXKtgJ68D&y-Cc}-(6l48%(O5616tZ>%t?HWBz^+`e5S;I0G;C!e?J9`0oL<^#E(C- zyTlLLk;LbAv2GU2_~NhklySA;Wc;@9Yfrvt4Zrjhql@j!|A3nD7&Ly__nSUL#;>rC zXQo0KPZeZ*sM%rz!{EF(zP2M7Ut?eX2jHH-H0mznSN~tCDq`OaU^p)0!uSqlyyNSi zDdQL0=SyoM8D|Z|>H6Hh26H6iPgz_@dpPY6J(0A_ewHv|gn8wE7DStDy3sJV2rqS7 zYeWLSn~Y!3RptLI;~P|KXcMHF@v4=WjMpIJtj;p`xlAKHF*`p^;S6?F|Cp7X#eB`qCv>tD_?2!rV zisdRck-ZzOr;si8j}Kfe|Cip#=)xH9(WSmUy0icc1`TYy^L%+OBA+R|C@X6^RuPxn zaC*^5R_R$(S~aG&nnAx4S61>NtvY==V^`MdC%ux}3w5du9WeS_p%DKCRXFcv?uFNB zafK&lvb6fpJ||pD$9yJ>riK20pC)30gGJ zAMl4W5EuS~)FF%!>J)NqQ$C=MgZIRD~VTMCK`ekLN{T(RNMPc=Tq?8t?C^8MJ7{j1&!lEBbV^1 zRJA}`m9jB{W620oTJ9}Ap)NIf#x?tKdFr#?=GS#D*}50`xU+ZZ`j6ExM?>M;u8Gud za>)ixF8!OaU;p>hOzWBD&$)x&!`Jhz*JQTbByMO>`qHUo<^s4_nKP$D0ith-Cn7Yj zg^;RjV$^Pr;uRPP(yyxW@*H=U7^W0oU-5FwjhOAnS8c6QLeqwW-CChyr>{e6VDc`Gs>Gs#VqtKo)5ZXT{&8%#!F^M~`*-Nkl zSAXIdvKclXZ@ZF+NVZcQ)IupWlmw6aVGH>`7h-W6>8(XUfEud#`Vdx4?+7aI5kKQx z_HFsp)I7w?&0ww;^eKE)`l`{kuR5Y@SVEbPBs1gp;XK5`A!OOaqTj_L?MzAjgmr$D zyG1Rn>4Oe$2+!CNw_7*myvZx4Wons7^>{vik+QZPyov>VXLUZC27LH1S4cNZI zrw2DR8aII$*h3?AC=4x}sR$&f0m)4MkM=9SSdYs1YQ1q@$vnq-)%iAMaM0zg=Ut5y z-m-}=&55xHK_Ml<)z2A=TrwXP`4Sw(d5_?r)Zc>$gMAbYt|N2zbB8y+15=duTCTtD zXwshil$<>p?<(|f7X8EXu7GU17Sc{T>G!&l*~MIW*``WP(**A=m|Iz`FrZT8L%9r8 zc^QlrTdlK2vvNRXv`$snlclBcoC#Ul-Y4ykD%A$#UDEzu4Vh&PnYEnMmux={!Ea!x zI9-a2{DMw#ffhP?do<{jyXL+VwKIgn82IgF`qV+v zj8{`H3THe5Mz7~PYk{eHzbVy_^-{96uno@q*1hUlojTLH7OVQS+i|lh_ zgLwNj1WSEY3j1j~r@nWILD6x_$}e~`6wnQk@jc*^*kTg81(u@w5eQ|xnF z_}MSpSa0B2lXaw~Gn6TN(WN%l`x6@*vW+bIoKb};43B!rOl-7kd*r9_6TcxZ0VRjl zuS%taY@UX6o<;f4SYC}&Hl|TZ zY*rdHhwU+^)L4gPQ$8HddQ@UzJcR}i>MGi^Rd+F;<{t*!*5e%#Xl6TkzbeID$ou4H z=H0cBSNjWo@|k)6h=%v%@T1SA!IYxBNLd$_as+J~GR2^!L48+V38TjLSYC!M@(v99 zHfRTVb8GSBASfIi*$9;x^u?*y_=C)t!@j zmdc$4_jHYFe*G~20mXl2HZS}1fSGT-M_lN-w})@eJZy>6Yy7gyX#-tmihyId5IZj= zZE^wWbn-$pi90XCU>lDZr-Yo8e`bw8v8MKesYh`#X9WS?y3z5>a-AF7VFMQ0rBt{G z9zv_;iDHO;Z)Vj)SLsDU*wvvKV+y>7n$$jb+Yb>f9(R9923TBw+pT(d~=*BCICBt8GF-6?{ z&gvKoX9QI!{3dVv*PEqGD%C9d8v{+EL-`X;RUg@c-Eaj;y|V?=rN*zXsePK=Me4L6 z`f&7P{^73QPtjcd?x;utHi7K^iQ*T|n3baUIr2Dr8Qj9*TmOdH{KU4=(%H$5HT>el zYtz?$;!RTNTFT2#Drap^`<#wp4KGC|a*e7CpW)Ct%1W&oRb$D32Ej48#bJ%8`6d?q z=$ehuUZ!8nZ(cUa(Ri5kp`h?Ts&mOjn*G%M>bli9D(@1R=D!6z%6+BNa?lYtUgp|T58>@25dK4bAox(pLmqvfX zNkw}vKQUPqL55Zv%xnEoHJKA?{KPp1;3+BHo~O@8+UIF0KQYREso)FLNp}3*#_?$| z%SR0Hi39EP$yVq`_UUR0mAOK&+9aLm+HtZg1hZM8f7S^duF%e5ALZCKClXhZYsk$0A@`t&}>Z7C!z;yz9kzzudEh$BPPVr-fWM)ZJQCpgZdB zEaVk5-~PHEDDve~ki8>Ssckqt5rxn-uFJe()DM0>5}Wuf3ZcwV z=rR#Fh5&K?0GX*8?Vs9SHY2a{ z&M)L`A@5In=GB0U#wZjRLxD5~lf&6%J18KTv|$=9QZt{J6r7`7CKoYNnp69zMD29;}DrQdz6<054hKOKEXx6k; zjPVcp{xNPDi(p!JQel0jKE*=sHKY^L!TvFm4sPNyX=|)t--%@6e7@Ib8TgP12~d4z z6f#jys!}9C1Q#-Pbt?0hNcOVR3IasXDVYaa>VFoX55L@9fFiRc5}=D}dkD~66QD<2 z!5#v1gbJ7dHA{dNkZnf-RI02o0oqdIcmOi&K!BdzPL4=`+%U4RXAZGYWhg-Eme?@6 zgKQFtlnIbU4_Mv{!o1E_>tf~lFulOy)voU0pH;VJ+SR$eP2d!7n;9BP-N#4w=)8>M zVUhxPjxHE%R$fw2llz^Mg6nHzQn0tAV1ru@S~CMF=u0L^!D5KUNQK^#iNzZW8DMOjJF6wau^^2W7)(b;Tdww8BPuk_|tf$VYR8C{2AOB4qi&O zbDVOCf9w~jI-MPDVcWN;j?CzCf6#uUGJT%rWkxYJgnmBM#y(GN&-bm3%vF^Pvn9dA z4WWM!^KXh3HPQ!n{axuoi1S0HMV(WJc|#uaq&#IcgSL`jW6P(V`PE%&zw#)i-B&OY zq%#g5r9l}oR zENIshD`FMI0#?a$E34YUI>8-hIyTz~l_nphu1>6wX0ua~qloL!h31#e@%pMD)!_3T zV*tXw`F-`?bYW7?1ul1*vB?k;yLM2Ch=?q)Yb-n(E1S)uH)gwWXG+fc$t%J zj()x%93~tD_d#1faW@$em?26hWH{V8!S^mA?em6+q~5jZP*3ikRcqaOg-h@>usQ#JK+<`Icj=i8pTue`)^DHTDSK*ldvAs+ zKQrI5&a2WhxD?|MT($o!);-p-(AVlW6}a5+^Yu?#&NY|DavCC5k~4Tf_4H_u)>^H# zbd?u;%0&h=b!3mGI;<%q+vMgD*Ukk!+Br|{)bFSrH^kw#4{mntynbg4Q0vm5u$`2( z^G9Y6fU|XcESvS`BLE0qQzhH$&)l#-!-B(IJJHKkVPjZ5tp1_WG$-3|)_rEx1>eY!6)s98UY- z-<&NA2mGW*Bkf@$up^Be>>6qA(a5=K#M@CLXb-mt8{FjDN%d%FptaLp)oRQ_Q;$4u z5N*1sxIg~_hTw0iXM6pDtZwstaHwnQbFi>aOh3PQA5bW*d#WDD+6CEGz-#zrREsSGwPH7Kv^(au$2JC)YX=Uh8YJ=*!I+DYxG z9XAp(fe5m$ojrQAvv=4IVhqw2xiNg>g~k2(2LJ@mtCAl5Nj{XZkrh6;17-?7@0uEL zbF2>IgS*uUiYu43=DF5p^=R!Hwf4;&wf3l$4_jOKM?>Jv-!E?MnBvx6bi@1JJzCpC zt$m_;3Vq`y*{oOH-YfY~>k@0tK^+|LTKi6q)}B;X;(eRoTKmNXF}RE~?j&b$owXL4 zCNo!vPRoN@CcL>S4pESS)XhFh&fbHv%%{*EG7}5-e|K}{2IDK=4FGr~za@|8{+xET zMQ77zSTbWBFMC$C4(hu04)rTrcE%tr7HW=}Eo;80)!v6aTxuU}F~8rgUiJ)T=$t?& ztTbXec|JDrT-R7+wQ90ZX|kiqP%wxsJ045V&^M)7k64{+K)n!YYB*yg9HF$*c0hrQ^= z^{Ti;TDCpHYzP-BaJ0*||6MUqZ7TGR*$q)RSU)$~tvolD&E$JI*@E8)B)T8==!Rhu zUtx9z4j}&qQG;LCT_`Ua!UW@)&CYES?fWQ=t&U0vp5<~Ly4KvIm2=gKM=J%k_RIc# zG*=?{sbR@Qt!t=6SF`HAEABt%)S9c{%aX|lvYtBl_a(Z;{#!i#vL7DyNXcPk<9M%K zebxTKP8|5aY>(0LBr?ZpY>8Dsgu$r z!A(?>zsvLsT$sC19r<%#CqriSvY>ZP>zl#q#RkYRFU4lqRdhc%MSy%+U>5P5 zo%9{CSMKL>2#2W2-NKJxs;lt|Kh`xHtN)Ej5vif2hMdFPu>RMxVp)yh*ON8)Jr(6@ zSWyY?yqA*B`b33<06A5Y`?a>QGn;oTB|L2^a~doxksH}9N0eI8EmfSHoOM4dqPeA7 zJPny6Ge0m^V4~oSt4BA?EtS+k&}NTQ;P|ag3HlA!ooVVNG{ojs=tEW+feDpn+N?a7 zZl^>=;G*z<`Nt(C52G8|nxux!k06Qj{BA=pDz8%Pqv6o)44?=t$C>!{hBzvMFMQ8@ zBnP|40q#*v40-NAf^~}RfvKDW+HL%Vx8N~(^BV}@V}Jg0*G&)R ze$oBosV-xJ4f(p%tXcz;C&lqAFv5)>i9xzJgc~^cspQE#-NlM+TNn>HLYz^`4G*kR zgF`zkSYzW=e_(7JF@O>AndFkU`c8Thq!1w_cN++h^ny`q_*}gP) z36GVD^GWQLJCXO`bH z!rl^hVQ=L8)?8_iekQ{yqp)9g<0i0x97&*z;-$fR$LT<$#2xkp!$2z`G*%KE)!c&LJ{x`pq1^Gz@81fHZ_|xn7`VV3@_%Ifha0mk(9$zL<}au{l_#iCvx+F(rH1 zMD|P(6OLZ&h-q$KPIUt&%zAdnP%I@N$;1Abd1$YLAcasKcCGLh+yEO9?|&Ot0_1)U zhE0Hq>`g97Ew<0;WQ97Z-d090)zQl^y#NHG)09*=0i2>KylDKvA)_lU-{5+SIj9cq$bVPwh&XH#wW-l~N zK_$eRzMQ7>ZNX13px+#T?fUJsN0Gffbu_$1@d^0Rv9-&o6ur**ANYTx0DL>Ly&PMj zVtMp=3qy@M;ZlQI8p{7NYydy*V)YR}?)`dZ-P06RdsQn*$vvD$R?j>5je1?m14fai zUCpaQC4C{TPbG^!BUJ5E$+q|PgCkN}RT2O6 zKG(h4`~2wL+Mte8OTEK5J1Dx@LK0bHM5>LFI8RpjdTsVHSCkf#XRe%Rcp$=t zxL^J^dKqFZtxI};(aYSRs_b~#x#=n$@Jlv8mJzlNr@zLDCJK~$Gq)a&HIQuAZHSt^ zIYQeYADzU)1R^|Y!ZfxN1c1{;=pH_fYN|{34;)g@fGpR0KurZwwYJ?3eX||D} zI7iY>VFC9$|>{+3G=3eNZ4yrHzX`zN*{c2 zEBfCSz$G8ZXq$&AJA6%UqSf7{O(sgUthL5j34r?qNZZ!^ryLwjWLgajp?6nK*)8S> z&UoXK^!!9qPQfNqf!*1rxX|{-n_n_TL+8SR6JSVmZj5(@0EF+^#jk{p7V9B*0NfEQb{k&OK z`Ip+ZmL@yyAX`^ey`l@-m}X56_Kx!Ut=6o}#?|D{EX8W${Xvz@_N5PH^$R1fLgY|@ z`J|?@iR-==ZJ)N;yvFQbzwS&2;I`dmpjGB}@Ww4RS`W=IEt?rUI2WL&!3}L&cT09m zwjtj2nQ`~G;0aYQGFZXG_4Re^++Hmh&h%?#{x885bJP&Pom~@~k7)~R zaLrHbld#R)&!!y^r83z0*D^>G(;8w0?9Pho7P?j{jc&t!XW72lP(0PTglxfSu9A1- z?v8|7-DL-@-T)iWYOfxxR&;B1$!{&&hw0*0-v^xFWmn169<6@wjt~te_vR>8aW^Ao z>7fE>x_t^RI1>Yc$i{94M0bM$OjSljDOnQyaF$uvN(>%AM#2oi&%f7;_?uh#^DX_k zm_JB3tj+xrY@_V5Cb~vH+uvX_yl(d;Qe%yoz0#Fp#aVyi#YGd9tJyERW@~sCiI-1WMTvKl7~vQUt&|aa5b>~dig_(l+J5c4c~j0-BdY74zy_QFqhK&gaKbe!oVAKE zn|Sr)R!|2H6hGx2e&TTwX}2a5S*e+sVv-5)RGaRZD7*pAc@CV8%V6;Qwa$p2T*=($ z!2@I_@BO%G^L4ocOaP)Pf`{5gyI|?pArPw~aRPP2-_$C|1p+jyMAwwk71U-)pwlM> zM=21oTYWn9;pAS72V;Ln4d%7<@B^I*V)AQVd2IVaS-)0KNubgxnK6J zJ@NMt6=n(}lQ=_V72;W3q)%6o8Y?p8yIv--DX{D-du0F1utE#Fxa>p7{uJ56k%LBt zo#e<<8azv!l{)MWG(czlT=f*<2TOio@_NwZn7kTQ>h4Eg-@Pjoprxi#zWp20o+pj&Jo|b~{Tw1R zCsks=-Tc|)D(!buEK8-b+;h9J%1vJdKJ6JSqVIO#8{n$ym{bhkPwu0kba(ik#A_7P zIQZUpC)Rki8vm|JT*24itFF@XFNo=yT4m|y;M;V@e+}Oi%;mtw-!ChMua{c8=a=2^ z_XWXs3u%;?nvB6`0hLb+yD#!Jc+ge4@$6U@PPb>jJUd$uwXa6-btk5oXP3WA^=J%J zdTB@*O`Vd#bsP05nkhw@^kk&hXjq0#oPR!=objao8VM{8fBulsP4?#?htVAWTFGR# z|Bbi~LKTr*G-%)5P;3NF9-xo%SUXR^pmc?D4fOr}6;}BeU5YJ)Tz^lv5JIrG?8QoX zK^nt(50RFd|qLL1R?(G-KCl(yYB7-5V zP{RY;tAX;gGy&Svex;hLP;=mSSmrSnAv?WgA0Ou}%OB%$TNppKvC_4z_vDfOISVSd znr&urLbxyHka%)t3T07n)#eN@-Qa_NTOQo~%SUisC*J*S{ZIpZU;35xLX zkb2mS#Iar&IL4?IIE%T+c&Tjt8DB%oq`0e0?%{LqiX4hNPd=JeWpM!P@Q&D_cNaUP z{T5>ftz(ru^Y-TF25Uvp3zY|6EZuUfSQU4Xv{iys; z02Rx#vTbW~vQ1sjJiaW4d~RhWdRG;Meq;sz{@(sknbnzfA$^i};?cT~0{K2;GHd;o zHjcg>(^jhFSs9Y+GVky5XAF`3mH>yi%)OC=YqOtpX1vfeKnLxoJqsyS&kTXr-* zmI#HMlCei}!7|2yzo9OxZ3J-MLgr#qzGPa0{5z9>`1(TTDLY$XHvDE23wH%jXb^n- z#wVTmC7QfFnEygiW%_BOhO4{iC$(I5M)7!lyIZ1}a=Ee8)oEDj)-Gx3p+EL>_>QUM zoDA7)T`weK^2pdye?T&$@+Z4!(PGxnKN#n~mAvzb$?G>iJNT7M%dDZcV1ZyeW$*Vd zrH_n7-x2Qme@wy1fj+>UFrsyjdq^(uBD~)jyz>^8Z#MBgJ}|PZO3da({}5T$MEhT< z0@-tBl@9-C&Jk+WiE*E+-eB3{1S&vXPdRY0WAy$Vg-{W!g73<%-DFnYFPSG5MS8gFL%>0Me_Hm>rZ@$q!;Ms zJs1WDPo79Sw|R@Gy6;+P{~B#(nKw^`*rGVctZhuJ6!&mmbvAdsP5TCeQma{!KGYBp5p>i)3ZhWKMaor^lTPAo1}7qMGLdx*#hI_ zhsTH8DuA*hI9=*d7d}|KIeGn2eAHg2>Gd%BkGrJ z?OmT8IGp1Nu6k33WU?a-!+JA6E}`aR+d%hY3)AxCob@K6%Xh{o=|hg0G@WcaPc>(c z{O6!WSmOha@Y+5e&81c@alZpdd}!c#>C8&bRj$vxSdZ&*UY^QC!(`hxRbe)<{`ioN zqTG{w)kfPIS*}EC)a`p$YqH~U+On;Y^lH3e*irDIf5s`u+TX=};Jr01mvcDJacqIpB~Mo$=zf=@1YPI@nYzqUE1v{34{dor}yWL{k= z3EuoitV@kMtnS{hI+)dlJavvv0&~h6^0;+0*ot3UFgKd0b#ZWgX5H}h^_$<%;d<=! zW-h-5UoJ%58KQ1AqRtZ8vq!!#!if4gN7Qe-#4(~YM9m$n!r9-IRFaoFz-H~^D(ggj zc{ATA*}xp4kCNK9;Q{@l(6{Uj@r~oG8(+{LACqKjOlGVrW=tp3dN z^-?bNn?Fb+ESVMQ%v$=D&b*O(OeES)w-oA0-CsPSTiw5KskcUT=YN{cey^mGeXzAJ zPP)0MW3y@2%Y2agw_-@RtX9N;z-vs;Sr$mwd|EXvDKRsnFeD z{4lBLDG=Gj`^Ob@;K4PK4m?MGLgxFI+2dsQIKe$q?osO=U$O^^;_j|`o;o_JXKz=} zpfTvu#RQ#1HY=m_fgUq?Zs}yGJG}QJTJM2{>BOory-nb_>arJxci*d?BQxIdDDzKt zQRXNUFV6CGxd&YJtc8k5uu4%gJ9+B@UEoBB#k3Di)LkS=kv?A{R_h*8qEM3LqScs< zeUojtZ4r>y1naC`G#~0G20Y?R<<{$^40vPO_$VDCt$~_V+GYF6bU}LrhwLJIUL%?o zYc(O{w&doEaZ_~2W@Xi|T0V=8zwkq6#d%9gz=ZeA>#bW;-hMB6gIQ>798a$XlC{F? zg(7)|!w?vSkKjW!iQ~Oq>sVrx5KrQG8tg(TAQWN0FjU}YpK~CPuG7m1Kw00?VBXcn zY5~*v*u|N~<`9yWq%ejKi^4bbv$CkhpAJ-wr03UroWuD`di<@=#q1?pQTPJO5VqLx z?1q@TifFx(V9)4NpGC1xyX({DxnZe){U-LwmgZl!Pr-xVG5-8R9qcs(br!K#vHgW- zSM;UFvKVYi?;hckL&nGKQZ-2r3|`6k7cMS=pxa^H zvQ?kTi@Y}w%FvP_bdwR!`odai?r0g-7kt}rdX_zC;$S~U&B3C}`OZM9aT)7UAfE`7 zF62XnxO`P4XFs8CcE^7IZ!fo|WoI$ir{N(lGomVJdnW9HIJYK08kv)6^a> z*#-vf*J7tcHkcAw?+sq-I;vgWykh(~W;S$9yWfd8;i8*E;`|ok2zb*Zl`7lFaMIf$ z$y`G7dPhh~!F%5F;DB!#lEx1KNpCpDD8kRfjvs~zKh9+VnZ`#={&>CkA%BwR@9s!R z9E6>Ee6aOtOcl;n!;u|DWAQ+*5UoDtX@U{<5McVJcfqB9ol8gdolH~)h1e9aXsxh6 zc{o+>8)2W0-EKwmzXOt2J_#OOQcGMQsO)&|!~?a{aUgZ@Q^!U6{p+_$T_igcXLD>xtIYV_dCfdF{H1)~ z&gJWZV@1$uo93QVMVDq)i`57t0mCF|`MnrPe7hi8ES0ZV) z?1N3}Dxs{8gLFq{j09Sh3uQXN^SxHfjGn8S(Jtdb#Kh%(Cg3;zj_)TIJ>eADI)PzQ zw6K@s;>~h}qYyvv{QbEEClssOO`%-#R>6iyv^&p z!K+E86cx~9wrqekB#Ey+JltF^AWst2S__SBkBUHf>o1E3);3mYG5pTC#2#O@2N@?E z85;!bjM%d*BcHxFD)z}1i;jyvo!evRsB+ae9E1d|Mw%lDD$)=CLK4uQU`8`H&97tf zqlq?_3wj^8;D_gJkMosktpx2RMiHEl#jrl3*=%g4NklM}L?7D^w0!o^(tBH125j158QH z+>D6f|A?|(_O!C8ADV%>I1d$l8WGuMX{Eu9y38Mwt*`~e&tJIm&;KESiQ942#;=|xVw){^qc+Q;%>ze6v zWrjC@&;&gq)5kCnH+}v9Klx?-HiFVMiWw@~G+nG88kcmsWA}*bf3OpgD+!ob;2^x5 z*egN2$gV#PMO6CdnSZ+#=-^j>cGyJKZW%DS(aj9X7V0zHUm6J*>VeY1%X=Xx*~Cp& z8ok!#3S9$b5oI9g~*L15&Ug^u7z%t#Nh1vo01M(A-ciD|cz zQkK+m14(}*DY#8pvx&=p9g`TdQcu0wMCDMcKRD1elTDo0BV)B?q>g^2F^Sm+oCamC zj-x)0SiCQ>h|5EHa`qS}4{+K9)CKa;EJ9A_z!=Uu_V>(A+L=>Gm;G~4uV>p<^4iB6 z_mMaAQ)*5n=jb9XZyd(CxixHwQ>&ZIP@0rMJ1Sav@qD7&6v}o*xh9#M`h=ULL2`DZ zqEG5;*Xzb7jROqLr_{CgtvbaYk<QYX5rLV5jMr867rdwsgGA^E_FsydwKV{x88$o;?E$i8&)@oE1e9Wkr3B~kCo zf`$Wmu4$ZKVIp z1u?R*4Xz}(`Fh7I!^A5pTJ5;=YNf-SUySjJOp)LlVSyTBu6VdlbTMS=d;7~v{Hs&=W8Kr$$w!UV=}td{(wwY%ps^-S^pw%_dq+FenOvkv~FE@YcENvp86$hE|d6 zocrtU7ve*E0KG8+^Ku@i_LQ(;FFQ$i0x;A=Y4F$PumUlE52sOtWrwQV5NY=iZ@E`Y z_o8BU7y!OquxXt5)ox(F4^bT0ZyR|+YcvG=0k}(G-z_eS!2Vnj*v6OicRsay<3j5d zZ)7({aT6e_@UmeJjVuu(N|51UJMvc3Plim8O>9VT0d6cm#&x-y5vLtdYe(s#Qb@(f zXCAEns*oRAZR6;jOv6YEq3dlH%rRlXH5gH-m;2(r6g#SBC*PueMtI|v3OB(~_*Tex z)DbZSlMu%L77lXFmM!VB?fd1J3K^(ui^6Qvl}#WwIsNt{rDqfG&WhE$n+kM<1)P3+ z$PJmlI53tCPAmz|BU`|Lp-OIhDE5^Bq$DV@RVX!AjG+XuUBuQ$fH-A41(VYXt9xZidC(`#b&8n=HxEa13(O^3m`xH6W_xP2nog0o#O z?pYZ7Y8cv+jd0kdfLF}zi%)gjULktI(}-@=fY1 zRTp>ZZw?24i2GFyniXLIBuI1AA*;O%TzsDE+Vlfr^&9bT3bVs|WINhryR1jH?~pAx z(*b#6+|6rkmQOZj-%3bRu7$~y=7a*8X|&gLqiQqYr2;v4K}e8m71M;3QVJT^>JWw&O6}r_3vJ@fIS4*w$uFd!NbaGwK7eP_-|r z4;<|;?Vl&*f49SPaeEa;QF*jLk~MoAD;Y5P^vdKz zQ(4>i)T{m1w1e4WHhD1Xms45sz?^JbE~HK4g1jdtCp_jB_%J`v4G6E~U$w!xK-407 z>ZDERiMULVV@Q9XXUg;E*653z_zL14zCJI4c$j)kx(>A;i0>!)C>wFZ^*i zxd8@f`@LqAYUdj|49asxDi&v}fxs3iie`xKyYn4~#&UIaq7YZAK8*LWE~LWU#lAs= z-6+Ct4DLQ%{bIyKXF#d0+Y@Q%c4ra}d0y7Andgzcm3h@0LU;hT8zdKDdDFV~NBqn> z5OzfL&2}BWQW`wOOkE_NF0dv>H-PcpZ0`oD*8P5brXbo;EqjD3xrVGBZH$Y5&3cul z*(x;zn2}ri_%uW#+)Y`#ZgNsTtYfC;$jCuM>IAIJq$c()Ob6QWUIwC=rON?3Gncu* zOt(pJx`it=)~Ftl>_S?m%?vUAt`ntTZ9x@q+579dqKZae+WE8(q9?T9s$Q2^D zp&_1+u1_~v^|B#0DOnyYD-^N}c*k({4iL*{6Z_v78v$)0@^o7e;?uPFMQgS#p~kHh z4L%4ddNk(i)c8hsv^>pBc$wCoOP_1i zX1+UK6h{7<^+f*kL}KF$4yS^HXWDzE{n6$1Gq<=ssNYiQa9Wu5XNtaQe%`OAj*`E7 zS6%sz$L}|Fuy-jBBc8QIDxg|d_0BrS^c4dR z?{>e8v4d+b*)dY61`VxN4|@RIl1}@nh8}mG28+JC`x%3Y0cN1S0D|{06_)@Yzcf(1 zcBgDKhjw=GJ;n#_h%3w8Z8f`eS59U6f+JV%?w?{dv0hqE4B>OJ3YJ?1$@Z@R;mTH3 z$787;VJ+0q)%y2-*wuPhD}vCqGCBsG@D)=JS!ry1x*G|hiQ3;@6(#X1M1xn~inSSr z2CsX~^ZWnvgM~PV)+Og;Y<6#PS`os;0}iD7>3FyHAk0MjKRWqWGx;%t+YEt`1Z+SmuvoM(pRo2>lDignK> zW(|mC6PE^G3bQp@w!gS+C-um-TbRwWZ1=isKkWg{n-0ter^cGGx!e=_;74x%Z@cmz z?ib5u(EKdSHr|>!-evoJk8Cr-Y>u}MaM>mt9;?l!*k7}3?QSc%keyIMHt|jmWDn&- zuRV&5QVJo@Mku^wu*Py!VJFyw_U~&aFt7CrR=#7Z2z+XAlGA6E! zb(ArtBoID>CRfb|3u0f*vy%LVO@XtCRaeAX_`C{!7%iv#^~qQ%oBqFGpZvM=$%pV% z1>*?@0(l3-y;9ctdq`jbZ-VnjO2{TIZI9JyJozU+zywuVVkO_ju0QYX5zA-1|3mTx zbJbpf9EQb-!5aj{Q1#96h9_j*Ve$kiPz5T!_$p`o%ukR_#08C%+Dj)6SLzs2>i^!;BLOW^^Tc0-PD` zvN4Kcez#XC8}HNWeb-}#VpCpdu?6-~<~*A0c2_ydt0~Pm*+?9)k43A}*@VuE|>^BXg z=^l0bS)BtT!whlXnPk~E?Gx*&VdUqQEsQD$_TUVMl#9L=%ejkyx-!h^;3wyyF6X;7 zv78vmoX;2Llm%_Am$;m7x5RRq9y=t=DUD}2pLKAS^o!*Lc_qQW`49w`Iz+cBJEjb4 zYoXY0R7xoJTlC&FdmiF-iM@S7c1w&Pj#5@MqEtnJQb=}1u=#dXn>Z>S^-)Fj!QtnJ z`e^)zF-R>kbT9i9e6lZ-qSE~3pTVyvw^4h#YtiPl5MiU{r-RYi^XGIe*?cf zf4;G*KWMkLTGV_I-=2If#NiGh8h4$y?j3LDwi0TbbSnNV79Kw!o_ixIgrJJva$CWg z<_~GH&3GY%k^({J_883nr$CIncmMTUHgQPrVr~E6xgp|Tt&V-NwVm7SQ_!{#h`-K! zJT}n`{}kchcld7>qcq9Q!k@(Ar^7&)_kLyZdQ-j3MmZ3_>G{Kw4^1bqxpT_9lHF=; zaYl*g{5e?~-`(f}m7qbY8mz)JWxxJf_ehds-c{xDo}Buoa?5R%?VtDy;UHK(n84JS zzs?I|#Ah62I>O=xETa77XB0Owu(zgjWbWHLccCWD*+icR=of#Dxsy$t{t_7_$%nd5 z&_%nIh)59&(h_A9P4dWlK#@)KH83R#Y3T~Nc(P^J=LM_0z(0S(^{i3fD*^b!7ahPU z46-Rd3&9;Q!w^x~1@4nBTW@M3uw8v=%s)wU4=P>I4HdNTgbN}Hp4=O%HN~igbF*B; zp#uApxO3N5SMs#IB+yE1XiXh3;QwkQn)8&3~qQnT1uY z0t0TCPM1a=LKv};5n%BA#E*zt{#PE-D4{A1>`8ZF%9IbNqD1~Kz71TeyFSWOxO$L*X zlST?Y`HDR@*#kx&dPGb=nGL%Q_9o*S937rJxktcC7yoL1{MWYU+m}+!8fs-%FbOV) z{mcVt+na-}q4%~@=tD)>I=rUj2utVyznI4J3nVk$+hZ3|&$Wb}?a825!xd)PXL_^; z|3(g^LX#hq)8q|B?Va=AwI>tB+A~{azoPacCu_7XsL-TNc*h_ zeZ2&?hJMrtzoBGDW?C1POa4>)$=SbB&E5A8fY(M+t-&UHK@?E4Y^W7MhsonTl32pZ zYmSm`MkCvl!PZMmW-J^|tbtTX>dS-8Y$Fl%D^ZozZm%G%l&W$!GQahpv@k;vd(pPj zepE6zJPFg*B8vs2cEe|Kc837p4i5qS`D(zEH~5-i)6PV}K2oX7M1lfiqq>5gFlTs+ zi%5wvthy5X1nf)aAkbPdrrQJDc^;mTa zMTgi@oAnghh%V=+oTB5Sg~V9AroX$pKO0dm@yQt;Z5sWG#;*L z?OZDiu%@N&bF^(_aiy|T2i#!oiKiJGQo}zQ-kINdOs3x>Ugs(f1DtW8!a17>q3k!T zZsyijip?lv6lP?d^g>QQHTG1eg?9&V3jogphB3ezu}(P3bb+3-i^;6&{6aN6QE;Hq z+N-Qi#0Vx{(Fj4H#j!>U<3xrpApyn&jdodC@Lr9vVpFX>-ro(XF!}GskzMpbrHA&4 znGV~xR}jvT^o&qdTL9w?LCT*IDtV`LnIdM-s2b^IaD++BBkid}R7+sAis0);wXj23 zcTL}Tog)C~mBPJeEBE*^nApY~NsUzo=BKO1 za)(OfwZg1{F4JQy%SBg-RO97F!G+@BN-IQTB}e3X%eEYs9=tkS@=Xu12ulPAYL02a&-Yqzu{{`l`s@qzeUcDqyy z=&T4Pt`>*|;jCRf4awI2BC<6*mVuj7aI?2ur;@6b;27&yiHVfK<7ZgnZ)6j#}JF46;^3@-x}C*%JF7^S1|CPwdBe5?eX4;B}XH@hc=g)bB)r4wv;S?(gxx ziTWFnBE`rug$<9^-@^C_Im3VnK2$SLMC{PlE-w>tbo$ijFG{)?D`lxDy*-uAqQX-Dk>%) zfRHvH=xa!u-|9Wv2yNbhHrpI+%n_6w^y8P*=e-9IQw?qMmUGbKFRR~spDwwAHlb4G zTWCA|>YifSu*|w{%I5_^qnH$ilyN3Mi3uJ=iiULA1*UGZBX03BBf2Q{;E|DKAcAY} z-h4--cOcTXh)9Ee^FbHDBGRBiA+WiVjUe+KkscF~9&^VrWam2~y>3K0L`3qwWJId7 z2XmHl;zt9TGx+$l<@jO(`knY$^m|Y^>t&ms{bFr;Y0Cs51u-LiO*nvb z=^50HM$?WpQ!fzK(EyD9%B$j3raE||xNMO9Laru9Xhl)Ltf<0JUEmmA#*1{)3~m?? zP8@E1JH0P`;~2>pZ^~dS;?Fl+|7f|O9}FbfiwpS{hCWDHGI3p(%+9mM03UOT5Ui`J z8pk9T?L4Mt<&5Trv*SD{4;Q$a@I_;8a8(LvN zLjWos>DF+*m{UBHi)`q&S%9*Ez?4Qe&)Ur2Ph+`p;t8RGr#W3hT~WYJL45>c`+yCd z*4(ZCQ%{GsAa{avi~cwwIJy}6jV{LUHgq&P03U*7l($lL^$(Y_o6J;mH6st3PhViy zTK@Z?nXYVvQGrhA0ht)kl8g3e-S!1`x(St?tKsC(D)8Di^kN(5!(`-;BR0M5Bo|GF z2)k!yT$o%mvSLj3gtc|8TXvZ?wtn%g?%#fCPURt#a>OF}G}gTZT{=(9UUdrRQ*WNU zRM;^~o@r4feuU5bNlfOKTK4c3)4Kk(>b##lN$ew634?TnD(TgulEuP4|E^K~zU^zc zq^78u%xdvZIp)@ zOS-fe)7WrPu3DD|&wN2*r}NgT#ZdSZ^(O*2_?ddnFBmGVKFF{Zv+E~sX2odU3(Gpd zLWsKKV+hq(sCr^_>`&s!hhqMip+FLR^8_dVi~;#&-Q|5M0@AHK05JqOd;+%2-`$2u zQ>*eeu22a2sTw;;&H>a7p5*Mm3NPK`Z?lQjhg?{qT7&cNcSA|oX^vG$&SU9;`fVHi z0PnCtdq0dzmR+6j{N%GF{;*fP%`e#rOKoqI%68X2BrRV~EceUSEU|5k92;*a zG@MlcZ6&fIVN-w5vZcYWhh6jK`RA}sdS5lj0+J6KbjM=a?09KvS=4Y}FVi$#+NCCc zi@}zEI@k*vG`BlcE3k&WboHP4&Hc_FJ4BK_^WC-T8LOgLsf@_c^UgpO^qVuTKh~vS?B0u0e#J8Nc9V*XCyCY!6#DQ4(IN7W`OxvZ;I4 z{?->Oc^NU7fi? z7+6m792L~?Zya?u;g`upE;awlV9CEhtelfY__X=MpK<-cPZP!C%z5n3qqer#9fQ9G z=WfxPsLte~QcjQWxKw3v*cwI^DZIs?i#&H6OVQLc*Jf@JgM8OYgxile4OF|8H^1O5 z+j<-u7-8Dmt6J3)BG+L|@WuHPa)sYQy=i}^v|o1eqDM;_YFD#Ga_N}4qgg+9zPkqM zO8cibHxNF1-TBImfH&Ikm*)f+t_=D)bCa;r(akmp@Sya3wFeoSqpIY+ZuF>&P~2-) zc&kP?lcS_wqBKiz;K={9+X#ZVtgg>`pE4}>8LQCP>&P!cG^u@n&`2&2J}(g9lTwlT ze#=zg!aoq=A44zEQZ2_WrZt0&iozIEgRS5vOsit&FQ409wb62mfNdN^pgu7RT$B9q zQpSgJiw%>$LN#1f zRf=`dv9l`5TwcwECw!@cQ6c>dNVc*Uegl5{l$Jj%L#$`*V^hl%kvLKOp_LbMP>OoB z+W|F$h6&9whRceQ;1`w3qZtSgRGNlCBAUI-XrhX01zC1-N?^Pqd}K~aWlnGO{L$2T z5)d){lOkXQHqU+#RJq!;`>|z`U$$kTx~5>1>{&JFAEu3?YCL}wt(`~}Y$5?9be+T& z`$_c}FY*Fh40&%K2!=xFnlp80h)j*}T@xdM+_q)l zbv3GLRoxjdQKz;lfB+gOwFch$tqPMr{|fShD@wWzP=Y74rc$d36w=?(m44#o-wC-Vl~V%)-s$CF z)i#a(cX=<`5`1n8 z+Ypt^-rffi&U_aq1mwQQ1s*WuX&9H(Rq*VtuzOWS8l~N+=X7@a z-m1sf^)?eRX&SMV*Cemg#6z{T>e;0nh8z-A!5Ia96AOE(ih9lqOU~MvTIxH|0UQ@# zmO|wiKk?Jwg1Le=Poc%fg2d6-5g^fRf&THbxu*RDt_HfI1{WV3H5m46<_dKfrjl@o z{7;#I<9d|8+xN}@{CQIN4B0ho{u#GMhkTWk<1Vo%WzJpk&)Kz~KVnzNGt|Fo*S^ep zM)>JnOQ{Z4ZyZLax?H@H#Nb7a>JY`i5wfTI;!>P5v?9?>p_LUtU0~>qq$VXE_P`^E z)byQZnvg6H$$|qU03?t1#*N~WLaBjOE>JG5WW`zIf?BTR?7Be=*sWUi(BuS`EG z=9k0N5XhP?iVPhP!xk(RMzUv*e5P+VguPtg$2h`nuUaZpARQ`-L`6D zjBsDT0(6E#*j3}AtOZPCntm=rNoYUahNI(XN5_Y;lWLGwd?$Jtbl|qRE)P5@k0&~? zNxX=rG6$%}tnfSwDf8fL3%WsfDO0n`lq+YW3QiXv1hs`6_7P0pWgR%OygMde_LZiN#`lHQGTo8`V*2!SQziG+&XL(1pnC zMX0hVv8yuotPQB)>bQ)J`x&Sd!=O<||MafjMDJ!LD7~md!O>j$ko%VjN0&S(KH=Ey z&5zkkk%5;d?d~vGs*YBQ=c>hmD51h+`Bm_hzqi|jv8#RT4GZevU&qRY!((Tk%o zlGh)hT-mb-uw+MOcHp!AvDg0^cIpfdvCQ;)*1uscdD#8(Yc>YWx9qptgQQzT9z<{E zVu43aJr29UfJEg26ta6Vr};o5nza>3L^m@_Rr-l4HMMjK5_zrF=+9be^;~<4)pM;A z4Mr8KXD8|ru`8&D%2dy_x2T@7mwzSu=e9cp=Nh(bWM=7Ad6C3*x%b2qs0C4?G&t^V zRYU1K7bAu?mJMCOLD84oB-t=lLIZf2rJG|LEavj6E}OXI)iXnO*Yt?qM!d>d!@+Go zCl9s5t2Sn9_<`F2=k#*F|4`rsd;55qKAKHxjq7=3Y_eI2(^;^N*9G*oce%bdE1PFk z#cB z+(3$`<)RjfSfFB|Nn5d(lug`J`uLVg?KMv!SfbJyLHYtxLn9tWTaKuk{7;nvN}^ z${yUKsMJfrp;{7CZ_%(eCpKNJFXxEt5diP`WuM6Q!B4kWH;Wz2-hB)6j%JWN3nQ>6%mhhJmGxb(`bKU-N04-%`3ifenYA z?2jfW@T$%D^u?1l#4x&=?57^7UPmqAlE@-E!t0+sv{J^dmm2H1N?%#w3ODQdRK-NJ zra1W39-Z4_mH6@&D}+xzJGLlU$zFIB1jl4Qw4u#M-*>CwCEz~iDD;k*YKPw14RFMs7i zGMI9~Rse5{^=|T4L6nJX3v9mCTqRXQ6Xn4`*n3mRbI+Rt7=a1OE`(@)?gah z{vjNvphk-&SVBgfrPWKwEck{ag(QHpf_Yys_x!J{&sn1$P0nDq2Hf878|&QO9akW$ zOO7Y?Ct<3C?C5ULtsQ?pfh@C>B^|rvMKzZknx=zCQE-pGo@oGNb4vabf_YL1Q#7#> zCuVrWz*ZSaRc)@_h$bMLi0HjJ}+qHU} z<$UgiLVSBcPC0Yi>gpA0FY9YM_Q!t3R;x|FRrQozB0S~l61oerX?#_k3=E{fao~Po zxHud^j;|tsTRgcJ-y1nPrJ&ya>@i68mU!|%aFV*#0P?i1OqU#E1k;EgtmANls&rsA zX?IM-ON%(^5my!_y8IzHJad;pjD%84CTi9d2E_`P(cs|8X+@%zIYvgE-`tEf<5U?3 z<`#?sQj?FIJQeRaf_E|y>*2Y0a;SbVt3KHug3+@!-m#~B?VJTDS?1OlfAKVa62qcK zeEk6LoRPM7F@0lNH-1H}3X33G=`KDdeB#exVG3%RpnE9hQoZ*X;rHN|FRd)l%BJk= zRXbTX+H+}Pk=Z##wvt5>w%MN7RtG#ea8=smv#|VJ>#1TzXDe|&TX|4!QjVo^KQ5P( zab?hn8-kYes#wnJ7%uxJY)%iI5)M-HS8D8H&9ZX}Q2I#IHpza5JV+-P&S)8{6fJ6P z0f~Fb7yKGe8CddHy*Z~t4uDL-(e<$8M%=?xbuK$E;j8QSy_Ds5%94)#?C&|EAng_W z6L;g_mJopIa&j83h#TWPr7SO!C0OpzIR3;OG~lYD;Nm09a5!l%d(_*5>JD6*lhNWh zj&~UkbQ$+`kMb!0Wgq0^w?h~eF8@D<8sInFW21XKXOH-@<4e@gY4K$z$E1a)F!t{z zBYIMN*=f7Wikui+e6%%x-i0{|@l!%v{?)+}+^o<{W5Yv@S078-BGNn(r->fHTqS)k zOqyaz7b)rdFlmw{O;pmC!z3nr6dbQ4!4JOgPj5_%R*TACU2cNAQR6c5ejC<}jf#tPI!%NTypizj%bD~~7tMM3uB_b4fT7c~u<)2iy;y|lzjpVFIp(ngv;3ACLN8M`mB8!s*C z`C9Lq@SC}sWxu^NqoiZa%vbOb|DNXqYF24#4S^}Af89l}X5G}Q+cy1Fi!IfEKAzgf zsgH4~tyrhik7{JFYw}CV8|&83c%A5@a7Yb!7>Cr_3mg(|dhfoci9(S*&>s^Ua)jkj zG6ylYyR)IpGCu1b>)hkHjr3zX17JS=(+$-d-DKi2EG#AyO8}(#zu5_C_e6U>K(adE z=Vs4ikSd!d`yH0xPKa1Qrt~*3u|F)I!+~S!P*VJ*D}s!W&Om`guiEE^17zF$KngWYDS+kJQMyW zH0Vr(e6~~4G-6$1#IubY`q}c5*WHU}>$8dCCwqoQ@EcPr8u9-ijyR$*(enrEu7+#n zGK1WYb#p)gEcc*~$pxw}=VE?%DFHVFSoYQpZpi)f z`kWz`4lN4iTbXERIaK3CI(FY-IYS>4nWEs#5Oh}vI@sn$-(?$f0K(BlL2a0`Gt4O@ zXu2tIqXc>}xXYpQuXQ=489a)D_cS{FeWZrF@HBDO^#L9T4f48Y;tS2ZpwI7AHH3j> zE|+CT#nT!=#EvJUou7lBV?R7|hhY@jw5E17E()@!p~J?-u8@o@sJXaJI-Y z84eItgDc(Ox#Uwh*^Ed>D;wb4F#W8{Hnd+G_f#9Vsje*k_=$_JK_;3#*>c{2n%!O7 z-Dz5l{sie#wRFdFvY=F?VDOX^lqY!gn%#|&TZC>#>uF(WRBC{C>dsdMilb$0+tsp% zAA9E-E!?$C-9-USExG`fS&paUuJWa0wQuK8$}Fir9%3qU*dTk9*~9Z$EQ5H#DVSMw z!ycOpOZ`<8&C++~Xv=or6NNnVYqAB`J0OcDvYI(Uhf83CeV=!RNi_OPH-SGimr-P%NRzuH!?hM#$sdGI8gcN7SNC)U zckONsU-~?D(d7l>^Ncw=ssDJIK1RV}3t*lIOv9+-xqMSe$e>qXg)ByB?0TqR1DAx<4yl7cDsv$$BFeabeJT|C#21);*)feyGX}H;BU_6`UDww#F$C`qq?#xACHIOB zjSyRmxR*6;`b*6Q43Mx2!D_EltYQr8!TKx%b{V9bNxN9Kj@J?Lc zg4c+!fXrop&msjai{Zq@GlP@u~TQ~=AYU4}@eQ7PT z;W>}kuCKq>^h^CAS1R!4g%ED6moC}Ec;uXC3+X*e^T0MBgUeWkI91eF2^bywUt<(J zQ(}Gb;pY@-2FIDnPL5C#k||zBeqF4WNs$firm=ColpTc^Ejtb-sg{ zBvH8b7aAy9heAJ-4iK7z4w$mSh%e}(zR-7IgH+Z(-1wRg@SiDtYY&Up+D({z8k-%b z6CU^rhnceb(xe=9R!)sUcdgTj6CHdLc@6l#PIa}g{e%UUt zY>ophXQ|6MykE}aLV%uSds$<5I`-b`!g?#o1|7zFlTlXeqyDRMpa_>4wWo zd=!k6TnIzI(<>ZKC&u`|bPUFA=d{;VrtNP~9 zz`_G*&fZcr^?c3IZ$h}n2hsEy)gb+MZ}J4@$){h#I>R#rz8EmQg)Jt%TuSnnN~}G@ zy0srv(k+bZ`&6ZPsyuk7+Ir~rhjLh{k}884^hj{97!7o4tTzu;(#0eNji0m*LCpZ8 z=ZC~w?YTDiC#N7Y2YqaN?|1rljM~dClKxPGry1sgALtuRtj8gqEi*jQ*l?8X%+&`9 z?6G_N@()4IZum{TU>DL(R1t!L+JgQFMKj1A&L)1#H<6 zKE1sArRV&fUqva#qgC;R|IzCjos68=$QFiTYob{O4&_4h5nDX&r*tzKPj`V2V;NM^ zIbyR2iy%9_iC>_U0_%rrSyGW*`HVPlP*WtYrx3PVxIbz3TksGCwCGM{LBuIeQo-r%6pJ?6W|9`3O>hgUQ3KqPpfK1J9{z0?u#B>#gwlEOGSYE9~o#P;1S zeF+CzyET=6cKQ*VSQyhl+>ddoZOJ$0rQUt!jX@ud`=Gn6^|=PxR0DYk1__kp%F-3V zwI2zU!tr7<)m4gjFnjq!eKj3jv$?B6W5G~l;xKV&!&9Az=l zEpAGWUfQ^K&LqAHf&}%IHe`+9&~(qj9gi2!isACl&w)g}IP1#$_|_-herl5PYND>2 zP^3v}+Kc^)Pb|`gaJ*xP5_N$PkM#FS`@7P-@^8MdkQ@vrtLK+MUKs}%cs${zaixCj z3154%6Dp~`L)*7B>*s&a*6_GWFe$O98XRpq>>=%6PpI-MZn6Sr)F5BqBv%auetD&K zZy5kyKF{sR0-ImcHDP7{H2lizWwuBw?t`z&V^pU_EmKrgWG0>yr{HoqKiYf?9ii51B0iu>;okBU!Rt@JLMz2W`Q<;8&%Y{P<;p`qE!mgaLP(ZPgPR2C z;gA>m!&7_*0OYT~66gE@`nzs*>%pp^Ru!nrO2M%x_{mYOlcEz6d^6)F9UJ%UuS0&i zHdxq?bp8e zf^fW;s5Ul>=FMu-B=bz@STko&cRCXGnTH=I{ZTf=YS7yrdh;tj^z}I4Ej_q1g}~(T ztC%0~<79Rv%U&eiFI&(l78?Bw(%NyWKBh{zpcSQob#epdTv#dM+|{}d5knVJiin|; zd7a~4Kga7ddvyV#nqh>AD^|tMBCVLS#{d-p{=P!eDefP5+ef`Ue_a(DO9tS_4(FNQ zQ}1FX_1w8CHr#TgV+V&hf;%T8PwieR+CiJRz>#`V#&d!+b5-Q8qTOx{6Y67nqNTbj zc=K}P0V38&_85N6U9#du+>-r@xeKM7TDi|W_OSev<*~xjAQaF1DHJ15pz87ZxWO`D zC|Ps<(&2FM1hu~B55cBC?r^-wlZW_%WzvHE&)gC5EL}DDlJTM{tj34Ue<``t+x$A1=scbv1=3QlC@slKc*Smb$;i`%5xBy#c9C)b`A5Zf9v(RVEyK!%LccI8Lx;j|>&5-{^EYV|% z@uc2r^ky~*zy|cLgQ^c%F{t|P*IhAWpzNAYU%~*Rg^i96=GIHWB#)uEe{600BkbiitlcUfJ4HfBq_D*+F0i_e zJ=5yK@5+v9`1^W~Q%JQ|crHVo9(8|G_X%p2l8J`jD-8^(EZIw<&3$TPH>hV;B(%#h`mvdgnHv1Zb$o*N}1o`!E1 zd@D0Qn@8yaBhDFWOibb=1>%@)vWn`+L~UEYE%!10qD` z_qNInfJ~{>OUDOu&RZ4x^a4~S9W|7v^=LZw*XuMxL2Zh&%e7-G(_@%^RY9Dh;45ra zQe;DiD-u+25AmwlOZ+Ud^S7R_agM<-6IVrk*<14v$c{Dh7OUs#SH+f+mBY51(R}v_ zNILc#9_XRRW48$k|4>PD^+}TV74c3wcBTDxOjmCR27?**GM9)FkFPT7+Zoq%>`PHr zjkdvU*fE(e@jdv&KTVo$ecv88xyO&(^qzwB>%;MjL4ZMq@KeF-!)3R~l|Hi?}aD!Y5Glw&>n zZQXO4Ali-m2K09+4Cv3Vik-(BIbvTnaO%2r*>Uy``SuZL#1r9?1(b!&4TaC}KlcHX zoL_CA5cQe=e2l(1UGiA4z8Bk^v_`&b5AB`c7?R{nxv>-)!qnsb>m=C>F_L)cO7`lR zA++hcNVJOX)(aCr z&Y)Br*d`g?f8BUw_yia(6}6W@ZW!ec;v-gW>NQEAHhUgWY4; zN~nKTA@vLF+xUV5r8kpr<=JboX_p)QFR_P|xaj|ONPpCM4*gLlS^6hZhbB^NVn3_R zgpNS`*KQ7(@c*|!e+cJ{jRCjYF`CVB2?ofrTE z4M44BQXmuosB{3%EorR#Q#`FGgYo3&_={b%4#qr<0EhsVm?iL`Oe=zu{2tSf@}eS1 zT}gYgKWyVE>5`4c4fv9y=+9GsmyJX!66s-E$0J)OqCvNMsW12ym88<&gHBHEzcI59 z#5WymU7nupx*Y9nRAFz^x=b;9sxogvf9q)V`xskQa4voF#yYK_sB+NduDmTJgk3I3 za(7UdJ2N$rdcG<3m&~Dt%G##X%1pfPRr^I@h5@`brT*ANtc_oRO8ELSUV~TvVNCOP z_xPK8Jn0^*-J{z*)^@{5e~8YM<>|A+`BiWrYci4Qt`xrE{AvL(b~L{#n4bk3Y!2;I ze{T5`cT)Z<@Gc5rDmn>Ur79SiTb>>%g;$3Kol)xHvDV9^2Gvy(LSD3POwS-&LbnPF zl$Zj~c7g5>Z5Ef;-t2jKibrc2sLZYzgj8jw;ilHG6IEmvF8tWl;pf5V+b{BtzWp0| z`w%6kuxo~YMLZO{EX*dIzFYL|rmym?zj9>=IL5NCX$5Lo&oYP(U&hY0tg*>@q+|bX5#kiQ#;DXs*0SR*UoqiL zv&0S#R3jSU`s@t6umA8*2+waMWX0_G{6;X_%&n4YF^}e2grzv36CAXzxl+m!%1)wD zqfM2|0uJn z9pJyO(*kyx%L;GAI^Hl^xxncks4OqV$zJwtuQSSWt>_vhhE5>q>BaSJ9}S!llYLf{ z+S2{{ZX6$X`x)Z~ZT5WbgqiOwQ3MSYokR zqjy)g0f56!TFGVdD;l!Ire$>b2r$H|tDGfjIT5Eyd!Y$cfjd4OPOoW1)Zow3h|ITP zC5IUGNelG$NjSAA)+Jqo&uQ!PcS}on!2}rm_ zKO(nWT-O)yj4!)xGh6^mcO1!2UMuGbyQ4(Y)xGe!Y+K$a znVo+^V5D014{ue$dnbrQ(K?JR^SiR@8WF#53)DOW6EggSq+zi1cvregX|*=>3f8@0 zM7#jQJF}8r-@$sC5hqXI=Frc>Cu%*N()(D-p4zZS58o+1Ls||oO+u?dpZWKE)6X=I zJXtkr?M}x|nZ~e4BZBlPS@ldon7RfD(9CJH<;W`>+)LyV6N9X_EwC?Ve4D3#o+NkxIX9mDR~`S=3I}MQKYr}qi#6Jyd5GBEx3b~kV-|54eDy>5xE&;qY>O94 zud!aRriBq|ZQsm)nL%QAUw$`}SFn(g(#QymmL8ga%>md?*{_3XXY&HS2}gndI8G&TC7h*1T@cxe?@*(@*oa zw*mLk!JM_1ro8mop2Nb|>H9{xl~aI#oYa0(HNomx@;<;G+1mT{|KDBzBi2(?*aoI@4n%v2uS_a_~Uv(-A=i!!MuXQUEP7&>8zss^tX4S?(lsuQY$ z8Gxo_jaJL-7$-j_VkD*Lz)ye4iP%K_%4!IJg-$B~vmmcJT+1873rl?gr^d4oe+RXM z*hJ3z^>$laB?k#)Fk1rGFw4~^$POEC)jSxyAete-#duhfb z4j{%A9VgYW6?1r1sYSPaX|`Q3P%nSsgH-$3YpcAJTs`%KD8_q_UgRidO$%NQ8(Pnx z&Swk-kv~bOT7HeT1{gseBpMErfd8>L3aU`-KNUP2o%tVQX|p zAG$47%vFP?*02%P4}`99;HKA!4QsvPXUwimHXQ0yh+cO*`ZFh z7eh{3$MaHlM$hXps=erNFfSGGdvRW_K0 z+M+jtSbIq-G+24!pP)RJMk}?Wo^Yqro0B!ez%J=E1 zosCyB#)A)Sj%*c(X7iR(>)l-tZ6B*SvKfMXsi@~Rt0lj^{oxP#uR3MfX2;3SCJC0` z^IyZ?wnUm|5{B%N9A7Z#$YMzHELKs}St?9=6KfP(<@TzoNB!Sr6s4cL(xx_o!gnW6#XEvGzcR7E_Dt#*K-UOKRP2g=DROgl% z4Xh`3)w$=q<%k?A>T}tF`PluUTR;wZnK=6-YUHWr`u)QYE*LNBv!E&TL;#yZ5`i7 zc;7V+2vQ24$^*PpBjiKwb?>0H`J<*xP50;Kb*-^1&_c~Jy-M%;CFV?$_K zKjzN1)-NPC&g(3xcH<3Q=@vvIG8fQ$Rgl|gXyxX|#>KnnrmHAs_4WK9xaJPH;2Wls z`>54#{M6|^`fTUpQJWKD=`8E%OZ@-X$#+`8DlSTrQ#}{I6S>Pg(S% zT;dek7dw!b{r@Yb*)42NXs_)~Wjm6W_=5iSfSS=P(_~Lpux>sJg;uwE&VW%}eT<&7 zPS(FmCP0@TSf7P!lG%>g0Ws||d(Aa54^obpviY?Y5>oX5Yi^`HbGk2Id+zgkZubTI z-Ue}ZU=RHNJHI)w4_De+z7x^9=ry4#R%9TCOa5=?H;3O!TeT_e7^$zDq>pr7XD9QU zL$7udcuC2@eVFe`NbY^rQ8}E?-uH93>SNC9fSlx;VXx1AiIr;;mUZCP2Ig5m`6gzF z@s-g~!jELJ-%9o`6`ar(c3nb6bK@=`vUP#J>muIo_sY zKd_<=tW?sslUyN|8lw_DXIgzN6I=-3D~hiZ8LoB5yTRL%t&EG*85R3!Sj-ecy5c>n<63tL zo?@097L%5aid`NS+vsZhc~~s4pTtGcGc2aGsMs+omaaJcDYgGv7xp?`@%FV2*R5gc z%{ir&7L|^jAzEO>0b>3SRmS#O?CuLkjhZOy7s9M8EmbTC>4r(Kg|?7zW1_6R%9^gI ze?mCvEO5GFYzW*_iTbF77nOKzqQj$^tiwa#*vHxm3xQ9JvR>hUPqqeY-!@(G&W{}C zvs7YQRAN?CqS=)g75|2jsLg0nu~$f}aWtWpT7xiN!2r9;P{629Y#u7z%!({FvcC`OAO>m202>=FB4sg6Zq);I=%2u z$4r;ln<|xX1J%U5+2oS|1*?^fsY|KnM*_EB?=!N|%C)s+H?Tk^YufykYOzh`>$RzG z`U5!+Wigg6J5S*<55qbE!fAKG3$Nl89YcJ+h}t~{T0X~mEz*HEH^3-6;fdRRT-Ut|7!G@yv4HYs4q2rAHxdy{K=VokWp)iiay+A_Gw zpITkonEX#~OOLpy2pIL9v#XCuq;9pCWeTQOYZW*alP7Qj)=;HQ9dEZDM9?i&Zb;Bx zA<>xZBGi_97y0$gIO69I6fkwX{d~4Jbuv&*md;Ug)$GkQU(N0l^M_XPg|l9YhAhbv zR`TI6#wRqyR(`u11;_A~krzZ0fx(Tq-!FF&!V=^YhD~)FT3%^Pe%RacBDXjTSCxr( z+(BHPL?6*w4weIZ$IC;My41DfSQnanB%IWg8ogqCI~{3f4A{-`_el6h&pquCydIyR zn08#D{FUqVlKv7WEQr1)Hee&>`K^F%9YpQ%_D}G=(cdrOR~+?a?#AeNJKnBCZwZ)M zWKmbl($l}SdU5#MNQx@bZ~fD^CE+(U(9~4;P48Xddt=@6T)e?-?vD-brsh)EBO#yB zwJfYCpq$kR2~^{F|J-5YJ6?^q-w-Y%&QeUpa=s+sl^T1tS5M?A&!tJav3e^%Iuq4j zh!BFw;_aJ_{D&m`BOjcg%RgR=cbr4gxJPIuMf;+)HB)+gJ0-58BZPOu;^AFhgbC{i(?;C$=R$^4AEJVCQMDMMh8_FtorjH5=8p^0#m;ucrq`|*zbEs-eu zG)W~g^T;lE?X~=}zCM5#$%N?6*_wD-CmRf+h@mf=El0Qjw#cGNH|jDQD83PLH7a5; z@YnMmoQ5wDO7yLuP>DW=N3wtgMqre2sjj6@$F?`-=xp;WxF^gh*e0Z>xSUU2odXjF zEeblqoT}M!R=b?vxFRQ~dNeqToWY60E!&>@nvCspg`#F#jr7e%!ScDofYw=y+VIZ- z&mTUV19Nx5+&!#)jL4(mWtppeR6jibt`Agfu$6PRyWYMxcObGB{Wi>*ZP95i=b}_j z?bf0cIfEAA24F)0)uJJ#AE#-RihBmbm@$Yz7j1BA7 zsQ=NUtCf#ifOxEcLAZ*M3d9^ezwuI!XI8^NQjhCYo?_0naIu@@$=-mjhBf34!SK$; za>!XW);E}{v1xAP-DN{_#t7gwBJs8oS#!c*G4IRT?BZMGfpCwxt$Xph)bY8jSX_8V`iH2Wb>8$N_1|xkqKm zqYh4`b>8vP%%Yjf&}#w=EG{bv(}1tEUBV9D3WqhwpU~dc);QNeu^s>LrL7mYT=1Q5 zjU=>i>*4Ig&)@#-?@l|XwJN@R!jSXlZ@>70){6MD3469}pWHg+ftVVVF3a2^-jmB5 zb#I3Gg74sOBP8`hobUPe719LnIZN!p1%>?j93O&}VZnQiBJI^4Pi|;CRy)SSR!0gY zC=0V~6atc$#9I_z7^b!vT8b<00Enp{5J26X$?a|z6N+Vz>D+IPA)>5Us<#9WVZ$NC zSLNbGnWA8v@H!#{Eqp|El{2@`;Br@PpC9G4M|24WsoX#L8hq1b8QBl?>%#geWf|+T ztnSExVp6<WZ#-={TsSygiHaQzF@KLI(~{*H!A~YCOWvB-AZV56Z37f451o3HLSaC}itJ58^>(Bp73DC*J6z?ht|emU<8b7nPQv&;F6UkGzym{TavWmlJ&r`d?oXSY27!2dG^gn|^6rEW5F z6j+8?dUE@Kc=|VNgk-*@sZ2=Yo>#L(jRu;19ny~^bC3qJqTpsx0I(bRA?`HN;2JGD z9+ja%-%&|EsK+xER3+Gsm)k?_BOzs$VV%kJjY*~3;RC~F4`tF9Bq{jjLlzr_`Iu8R zB2g&?@zoidnJ2cO`geVPG zE{${_MYkHq;nS$O;*_8i4MgMAWfs`-px1XPzr5b6tsvM-=tu$_9e^m z)ys3T7za#HS-=W$QBd!$F_O5?I>@{AE4CjWK%gO#xRae#@Xz^$@ZZJA2wqg}04|`0 zf?Vu^8ecVPs4vjkRej}ew7&FP2A29Im8tjTJ3CBxIK%()?})dCF;n$Y>r&5Wp58`y z^4=#i^*lA!6~~jGvpMFD``q)GslHK~mW%9xLKo#B-+r*+Gy~Ip?UQTh-?}_gf(J|0}W%No%KQGb?kg+?DP!~~bVl&LADZ6uySyoCSv4g9US z7DZ!=&U-{RVkvHx3>(erk*6m-V#UacbJK~f@$~KVMIs#=e$1J4m|Fo!q|1)Kd>%g+ zRZpRT;~oNc^4w_4Bd7ZN@102B>b|s>R5uZ;wD^UP*^{4Db*ZzT;Qn1>!ANWGg5?@h z@9)@L)K$kJCuCOPdjyu#zW|o$vRmiR3$emWyXV@*-X}6wVfV^j6q6!WZ*XDRY?4BL zJx5k?x;YqJY(E#JzS&>R2kRGf@qcP&mkw1fX@PC#&`m~tnE zedfo?#EiC6(!#&YWGjU_l$cQPUOjUfm4Hn#elhJEI$Lr_j5)>wX4czo7Avy`Vv)`A z|A!_{q}Yy3ehKuB`!Exz#gQ!ty`p!?pkbUF>Ky-yObFk z-xw26G_z`wc&reuzSUk=a z99jpv#fHq4XS;)n&4TvX?V_0O~lkktd*nn<{cYJ~*Y2PAR*5uEvZSs%P&&~SDB?BFA!YwZS zQH^j-j2rEL;HA<38VjxLMTsK*H&~tgiM}WNpKI-pUs?&2=Hv7;ox&%r8#I$!T3nn( ze}qZ~1Grqwx7l(rlMJ@pL!S||k&!VWx1Wa6QgNwqD_zM2vZfK-icfYB+EuT~7%?m& zEs((@t1r z`yT@`B|Odk19;|U`I4Y|H>#F!-A1crvv6iIg9V}ndnPttnPm(2ZBbLps5h6xBhN9OZ(MzXdzaQxttSn4Mdya zY!kX-LnFxHE?eWmoT{yvPg}NjH#~}T#V+SvGjnoUGw&p4aE)t1MQ#AzL)CL_qfCWiuLDt3EV zY@=m`R^wl^3g*qo$!WBjP0rxkuKLFPbE;<*tSC5etE@9+pAOfjY0;;6 zN6x3u>(f{4Q}D&hk>c;+L9zq?1UsMo2dUXSe=2b%2Ze@slb^~4XjBXYS#d>eEyEQO z*=}BhMx@AHJ#vE5*0l9mc#5$!xH23(naXIzE4gi0OACMZZ5g7o!Da!h?YYMa*{)wY zR{nL-SQ;Jcypp*^QE>fFvonmA)k1F?YOv)%3l?Q@FZN?~vUQ50mH6e|uMG4iukE=* z(3?4;SHsR^&tC+Q@djV#oVqH$GFEkIqNTd5LyzpMtMyvdHAaAHGAE&`ITc&X!_7^# zCSWTscZJu(!TF(C!*V7b$ibyg87rJLK8I;o)GP|NJe}x&LQ+4tGHK zqF^;2g5NrDD+lL*E7#WxA2)gZavNQJAQQZ7SKG^ZUUa@O&6u24YBw9w;Y$> z9qwF3&)L;u^0%)(#ML(1rPhdTL`)k=Wf*B5RRtni!2A>h8T>O0Ig>aFWJp`vo1||7@m~I3T9P2 zeY7C?qqGCo&du?>yA2m^pNOZmxvz0h)-1ahEkile<~GK(lGT_Ry`I6CQ2cz>#>`LD zJGIPpKc%5?45@5(y;lAZWuIpM<*^1n9oBN8ml|E|jd)4JBi=2G!c_z2%E5D}7WFri zbyh=!BL)e6j}(h9YpMR!p!f7afFm>`?6P=-QQB%VgN*@O2r0eylg2HrO*#BvCzozm z@7T*&JsA6}Wt(wHAyZ8!Tks75ffT~Z0)e+b-3lXf`;TE0GQ|9qZT#etmD~>PTNepx z_7>`4pL7Qg{?Zuou{pq;!)zyyA^Z5z^v{W^2R;;!uw9BniT zpr5!=#?*-%3tG#hf0$yf6a<*S#8RjK$!=1mp~qlJ&J|ROc$>^Y!WD~_uD-gQvo!Zh zw{SbAEg)%-%c`;!KaJ|9l4<$?q0lkG6@NAgcjqc~vuK8j^gxo>VFUY8LDxI;2lV`3R}-jCrXLC=XJ%I?SpB-t?7WHc{8lzyzlg zQ~LEk8IG6stMWT$9LX)i07oJne8u5d)33nTuz;rm!Nm-u!SFte=`!_IUH8nI;8IuT zzb`Iq<~A&q;8nh6xZsHvHB{FJ<6Y)Ab2Gyl#1D{J13791xn5x&RPXt!_otNUxz6KO z(AR+zoc4YA?WSGw+l(g0I#@}L;V>FwgEd$r1&NSf8gR4$CwMIEv780ZD?v#d7y8M* zbQwzMrk(Tm|4n_?`UCUp`|hslOSe~BfHu?b=Q+8WWa4vo^+aPI_av&!u_rC%uv5HU z*Q`kZ+VojxAlLvo+`qbrpR5lZ%;qLT?bC`?a&@V)@IFL7eTr|phy=e=b0Ut(GG|O~ z8yN36(*Z()DTzkt)bHe`|44IA(K}PVY4!}ir6i`T6=+>(mVIb}@{qre=o(dOsK$nu z+VjGfF;Pmry)Ys4g2gX7L1@N4XvH0wMQK112)bx`f^p$ITq2^zreLB=wDrdf*N8KJ zrD(Mxcm%_VLHLq8bJQvan2UlFu-$@@*oQq235sitIESSiL)?}K+QU{D|Ad77-&>Ph zgEti}V8QQS2wRjHE5%QXtX_1Q)frMaa})gk5J(g)yt+iV*m0KoN_oYXFjGpIvT=31+EGu3AkvyR(>uXkgOuMjB{Nt88~ykQSqomAiPX*Ple+V~$lfsh z{t`$bbEv?n@-(wQHuK?lzG+bUAq5jj*!p7rnnhv#O5a!63$3WhH%e~#xr)({bj7pZ ziUS!|V z#)QT*QHwVyY5N{(9mFXR15!Md38MQ!nuV{m2d(AK3I)S|ZsYSILc1wMJFCMA@Hf}S zy!incqNBw+-`hoP=!#KpP(nd)g5vt?NR;DQoB?+lYrNShf}dJqpPp)Y%`dy{grzjD zo;z&J{Y(n!8n`jOtczYDRJeHzq8}LUU`3QfaNG?}9E=jSSsm|~U<_ZdVSPm3hV{XH z8`ebjbsN@%o|i{6K64Tm;2%K{k-2+6z>gxLc%Ztn7#kZw@-adK#e(L$id>_fR_VEF zOmb`KoX_cZ%Lu*CJxIQgb?X(AWL)XkahL8s_RRQ?x_a*5u>a5b{}%rLiPh9|t(T&C z^jT@C0O7TLkH*Sq@}tDy#%o0pu{IJ?E250)+nevXf;owzOd22xVtH0v{A~e=W;JS3 zuw|Og+3W;J<|qIZc2suzKeGXm@6HTJt$qp?ki1eoi*?X`^8)H4r> zI$rwN{ij^$STZ>7X47omCGhBE$D;-O`IOiwPal)P=`+7<*m3<7(vQjS6jF5`B-n_q zvy)54N^-t6gNuFdDd@d;$9v*GycX) z<5XHa{ZnJx;ff9eoDGU5GMjx%|0LGcZF-WZTha1FgP)W}AD7&^TMG-i$r?%}{IZ`> zSyNqi>riHmWj7u6h$gS`_7mL4bd7xkGnF*;6AqIWF$PtO_iszQ0j8)1@PPQD^VF5U z?lRUGGdYJf0LcBX@JvwE?bwLXl{UU-=9I=-Ge4Mia6J)of#+I==G%z_T8`btXa{*J zgA+MKECw}&#{jJXT|~(|LC*)34y#vlZ&m%Au(}1~Ex1BoDeJIW#CBxQQpnQ-MMR## zuJv|unB(^*x6-DcV%N{kFm7H5h zvtnWQmcD{ry_NsH;#BQohmBG=32FWn5rYt;`S;CuB%IESHeC=WwelKJAJ}x!; z>tu0MUVLuYu%-w$l;1XP>Sk3tD*_X%zW)NvF*lIM>_ulXwaX3b^Uh{5R!$Ae9`>9k zg9*Abf(4rd+qy8>RVr0bqeJA$ZB=vlRn9=#`f#5C^q;Xy2yzIFhbeD9)&2uZoi9KL5o!wI%yoblC}re!*W3jIf9pn>IeH?^vyz2 zoUeQnLLjQx7FVVRzjg&4I4`GwjY&s~sMZQ944!4A1Mbj%aQ774Z305xN^_zTA^ZvW zpJGY9D{%tRNqr-mk>HLCT{~%AxTZ>rwXlF9p!AufE5=oM2sk_XhONGi=(B3(H*&Cs zghjzTeE<{3822$^k?p8{*(Q=LI04|94?!^a#lx2G-Zyi=;R(zAm&$hx3>566%$kMa zSd;m*H0R0-;S{!n`Z&e0OrCre-aqKa&N+n8!Cf;(g4Y$_;EC3TvbXxEa0mj z`}4tu)0qJK;OoLkUD&Z^Myn*QiYz2C{Z^k;I;Q5$P^H7lR(u%Z&x{fVFTmfKGdsgS zO_e=VNi>f>)91_|*&sjp0th@3QfEccUh?S6om0ZDfBY)nt1(Q(yldH%6H~xc{JNX- z67Cnxgw%{YT<1OPgU1H6jFjbe=~zXWM1;4j_qw+p=Os51Rh|UNBO*MeuTvby@*yWJ zD09f)J_Y0_2zk|ohl)4sgYM#ZyVjTZv2XI_gW9$Yn|Wf}w!LQ7v~3&OGMqOq9!Yjl z3#hK(4ILA{L3+KlZQC0UtYnu{z{=7beb{Fv04nS&YA7rg=4)d+Cf>Gfc9^s($3DLN*-`mt{*za} zWk==X3yRT3;4n%0mW_V?K+kF7-G7-H)zmp%@$D<_FT&FDe{io7nWPd+JpA=`VVdSL<@=x_9FXUoov~T{}w+nMgy3v>`ndd>~QBzI#VE>PX|pmVUyS zcBQIc6b{~dC=3TEZ-c7NMD=Ivs3Dp^*g|owKz~MO>c&t{Fn+n|nDgJu(J>->@F%R9 zVCI81lb9B{6nsf(!gYXM9ctM!5oQFXq&-r|OuZ0@L{# zoZ`^hXvqEP)@4A29kmYRSiu6kv7+XQ0-iVhp>+%8~5k-5F9%T+!5n! zr=??=Pv>lrj#R6Ux?6fgS_=%>bPBrfH|$>7oP(Y9fhX+Vhcwid?SoAkP&YVw{UY}Y zL=;F-P@y7S`brr`f#0aWuUvsOU(2b3{x1q%RdcTj3pfhQSAiEv3YI&}US66r+dEjL zF22ij;n!Fd&AfuwWubhbUf-&cY*b1%Duqmqmm*p$@PUzIVKdnx5iKe%>qoV-%C7Zbf|IGX`tD znl??$(2N96v`wPCpGar$Nljk3zp5uI(3|${6X+?1!8y4Yh+M&EvQr)?(4lMKg4w?{ zCi?R~ayr1E)%Q9wO;= zB_UL~UNBbR02Npr7BE%|9#Vk{A+=f6&=e5K7v#*_FmpjSje0t>3G+!d#x%Z~G)En1 z`+=}>u%|=(n{VeJZq)vv=u{6Lxzw%|CWkxJKfpi}MQzq#B73fil!d6fw)RRVZg-^I z=k%Nc^mI`$N(EljS1NIBeL@9B03#@Im`%H{P-Gvz!_-bX_VT9+HPRCM6r?60&0O4M zmQDV6`?2!ev@>}g4bUCPbAyxTX34WBc}Ai%^+=a}HtA$I>p(0(EaKPZY09jOb#Hz!C`OQ64oRmdqf*9unNVf)&(_g6mCQ;SC%& ziHQD4V^wetmn_4Sm%Wjd;e&?t$?znT;hXNu(IO_p7pW9&9wUp_$?yaB7Rxho4wIM+4^ffj`brrm!@p30TU~+ob9aqRhF{Q- z_c~vLZimJ%=l@qSJkaI-Aa|qRMDhv&JUYa{@%3TC;1GwwC;JKg87fc`7I1w10Yh*w zK}a2;YG_J-8Q!2ihore3wZ_RXx*dfxZjwIN1ZQv%6&0c{-6*ttJk4^+`+ZeC zgG7pq>&_vs39ZJ{V4}WK#^HLh3XFFJ&S}mmU_v`v1r7@fIBE=6ffka2Q$x&tRVcK( z-5Lt*M~4&&ZO_kb2>#322<{-j@nwU$Hsa}GUbx&=d$mX zE5ZzGBSr)e5w1~|LSo>}8k=>1Ut&1U|57=93n|J@vPe83or3FsnH>XZ zJm=SS%^T>N?53U=)oaTt;$&TadDVTuQgnp%_B4Met-__pu4?dONAAr&1J-zpm)d`o ze}dw+Q(^3Hd#YowuH=IemMaa)qZzTJc@pvYsWt&90`>c4oAzRrX-zBGgvSbfr`B(Yn<`F;bHmIo7l5z;Z?GqZ9%o0%)T{N?JK zM0%mkX1ML=6t~O6+~Xtd52Y8%>;lLv5%x|aP{a{+Ix6q_f5BG1=svJ%3I9s5_IQlq zH<8{%*2#LIve3gZ!z_}7eyTbcKRuFwtUo~6!FymG`4xNFK5zlpMPYbl)GO z3v|a1Wyd4DK-acn?E>9JhNxoF(Oj%QLq_;w8VX-zWVn5CAs@W-3H12cVjjtYctDr0 zeP3DV6&NAxX5Gx|;xjRsT>G}{xp0#Kpf*I6M=zCn3C_PXY98DpAuz3gbUk42Ql{$r z;1t@Wg_lY>8@NNZVQeU>UZT8|7x8I;wF$K7_=?*@96;Xn{rKf!-?u}YnsTvjyyM3q z00X4UVwak$SbMBOZ zvCn=;w^!GToHic5pimj}->Ns(zB}}64xgawS$cbQjh-+=v;AIFU8^VlOmBuPk5-;& zpG2qhQkP#$5S%yjLt8?u(h}lIW)7l41h%pOtc`@}inc7+YeTTc-8WWSe$#0;eLu_B zS%49KMA~UTo|@vzn)l^qmRAmnFS}&lECu2?+|*^&wVGwU89Fp2VR)9TwQ|LgdV$f>sl&TwO3D~F|;lu-u#uKDSgi2aHEWL zyUDjf*JytM+y9Y&@1xmP2q(px&En+5Jfc0jYnNodM&c=k2+s*RHjJ_E%$0k zs6C(iD?7evYH8ZA`VUsI32+j>e($N##jDzPV@eQTb{U@@=hGp4denV-wte^bassF= zbzvf5cTXcnkr9PWeO)f{S!UVQ6PxUuZO9!Yco9O<#Vn(R5YQzm%pIC@PCLaPvI;XM zp8PFs)Ce^3WWVHb6X-+=VWM@8FQrtsG3yDHYU`Cd>#*z=$5*K1LDz)t_Tu>RiAT-f z)H_cE!4qux=Hm65+|;d#FB~PpkJ#*`Z!Rj@%pG|z=s)?3biY2(J9vXv{BC^NnZrI< z0a>;{tcM-UXW9qGmtT6+{MQ}K(}20X_&rSv>Yk;maLiUK>a*j^i0xvZS}(oa)w03c zvcc>Ah+5vDmMvcKhjNFPI%5^%Q2Ap_@zOI*jn_+ZZGgdYKv9J!1nXAK;e_beckOED zZ&-zL=kQD3H~M)gjFvq5J;*9zM8BJNM!ztfit`2G;W40Q-iHs`+wCavNA2x7wBhgV zjrFMBoxvSDEZ%XOtdU54$a#Y<4t{RuxMj{Ezn$VnSO;NV6biHBX>;+wz6x5x?1--f zF)PDQ{ZBG%)iDwTw|&P68|tm4PlkODnrADnx1dDp5Q#{uaQ+?IF0F18x;EHGTwkDd zbZP8774)Y8an=~G?)`YuJYCbHUusOTwYOBpgbPSp~cqMgXB69^yud#%}eyI z(tG8WzD}u>?y|3RPYH*aL)d0-74(he$7l*(lzW}wVBJT>)3mJCae?&2E|h5X)NBXD z+s9hwXkbN=>J0pUQ~S-?eEGGzE7EqZ!a1oJsqlFF?bh~iatEAQenWAI5gDFcZ3F?O zFIx!fkl5?2NG`Dxdz7Fe;m#-^2{f$A79rJ&q(Va>UqCAv>O%pIcigxOVcMCHeN1{k zq25{kJR$891O(RXC@JPep<+e|gGnrHMv8@Vd!249Ez}@=Kp#k*w!*W^ku<>juJ;X}}Kax`n_v)_|Tz`>;em z^}*j+)4vs!M1LIJSGFE$&$bZ#u^RubouJ0>`P$fh;|qTVD~;W!_0$|7Adm&JGt^)G zSBUyf!2gfne)uuq##XjQwo*TC8atejh50HTGGx2RsZk645E^Hw(StpotKB|Uhdy7Z zL(gCp3QcwvaYgG*filBM9;-xDTN|X55)F7tiEgx~7V`a)E#kCbWKWJ>nbmK^X;T4| zmI3fbv+j?c+-@hpn_(5TE746CUK@69!(-)k zziZ3?dvyy7<=ap@Q@3GyKY`j={;~VT+h<}7XWHrHofXzjS&RuqR$lv|BZKQsDB~AL zgPfb!As+{B%*qG9in8-2GB#(WWxY|=#aZ+BvdK{-?c(O=U&@8?NH_*YcH8Lys(Y&S zNcE!u!ng}3ST?rGI4eCb+mG>%3~S3fBgn_3?~Jhh(u4D-*~I&s?lI9lCb-AR?(tjq zxZ6FBc8`BtWBW$qC+BSFSmcA&o7nED`Vmm&hLhZQkg1A`{!J|+2$-zlwvy)U+ooNbT3 z9gf`o#B8ofZk;z1HzV~as{spi*SUU`cXCA>ROTnYL;4>p>deHqOu4yuI=CL>ZXu7Ct%qi(11ID!%pXl?@rQe6v zw|~&G`|s63Jx?_HE#;-B_zeTf6C+l61E(=uPAl(ug^UAQ?`!h8PBbyFo`6-4_xzk< zI1kEPQmmr4^um$;8o%uL?c8mXZmyCx^t?0|;$n5zb1N>$<35&1*H6+)Nv#%*j#074 z>#L|-&&u#QF?>$abJUvgc+wAQ?0u{;MHp{gUFxC`ET(V*cCKnfXLP^J_R;=vi-Mk{ zG1>>Jqyy_p*(EF|40vqbWd4@44(PdGzgn9b`~!Zx?O}FhUT7V})=E_(wWj9=GY@2B z2ZOh|6~0O8a!*S@^|JLa+G(ZsoNBdbRF&XsWzPxl5iIG!E6reboPYFRwuswi)w6h4TKp8@)-Ow>>g$u; z15#@|RxcK6&(AnUAZ#Ud1j`4^jnY0 zRBFK)9uoZcg>ZbBJSIQ+@GzN) z8Qq)BJuIqkr);0O2$t!?Avkx6>9n)lj|l_L-||>-QM_XfE%hf1@y|flwP484El;FNhSq)9GTfg~ zPES2aLzv`{=>Ag7TiTtqs%J0+flH9eqYt3t>C=UqUtt4#Fq`#ky{sozT&o*9{}h9 zx9b6CdYpq*yxDR7uxoT0?`7T-{)EbL?E_LzC(`?$)|C2tBWrpm5pZR{lJTi658KZxUMGeN-uk>FJ_JW?iP>s6+Sfu(*9@hgYe8AmhiIYJohUh& zlHhKO`jEcbCrxFIZ!M}q<;uWEqO#N0cZ{|XW+4gFCTU( zXKm>!Sb#t_gq+zW3OWWSRKZ*80RHKJW4xI_ql9ycbGcg5PJgvZFN}dFqCy0(ZvC8A zE*oKhx~w$e4`}dDE{DDz^sOI{mv2jBYGp%ebz|zOQBRNC@*Z7N_w;m>J&hLc0a?_b znWRAt^=9TsFbP{@5o(O2nP26kem4}0X)xa`c7~$UV?phCCbNUSWsjpi596hoPDY|z zV2`95s<*n$J3Fd7|1A+v&Ma+uro$(**2Vgr+MG~f zvQc&oTNwNaHl52Sb8C@#Xfh{F+QUkfN8Kc$uhL}~Z4gUq$ona32FWY;(qRG9yni$; z6=E}grI4h}`M-k`IS!dQ7`o)_PjVh`Mgy`{Bb=&)6TRpB9%p<~+*)hZ>NujTQYtGC zp7^eCR?Z~OO~Ff?HspGn;Am{B+jk(pGtMp4eaE9zP!z23!8>PG`j=MumsL0T$Jh9$ z9pPxe%B9o}JwL30td+>t{=q6vnF~2EG(RpIp`3CF){dt3&Zraf^atmr@_o;I>Q~hw ztZa;V`fQ%Mtj*oB^!_+j}#=T ztGLu20x~sOS-T?GQ}x}LTc29V)^4YEHFX(Pr_J^8J4)G`j&==k7y8(F&O5|k1%2pn zg1%}ftP*T(x5?|~*K(X6_oiSl?@Fe&pI*pUYBj0^`y&y-zDi2RuItJvP_6=}sKB-b zu7Gi9(6fl76DbfJ++n3&yg6rbU9D2_>SawO4B_BBoivF^%hJ5%$WXQe$n>LQ@hwY~wwtItZPj^B8_b>mCn+jX|=J%|% z&j^vi@`qDDcu!Rq>ks^h?_RPC&CXb{d9`awDa^qUsdq;K;nBXP*js*kb`5VyKD?iP zJiH^puS)n;3O^Y3c)T2)ymU$h9XMRB9r}{wm|<|LApR~7!+iWCFM0aK@g{&zW|`y6 zN{-UuY-jRD7aRH#a&%69$HPIV79YyBlh$Fi&3c>zhh_wZgwf_@icaB%k@h zIr#Mtd;M7JTbS3XkA=9sBn?o3?ui67Oo_C{vu}Rb+w*eJ3^tkX=QDI3KJf*wIr*d+ z(lOvftH8;4`ZUOJ-JQz7)Qngp2Ta=ck)rk&S_a3LUH1=?c|B-Vo8F2&>^P^eW(ST( zoWj!L;fvTkUu?(ug|lnxJpbq~*!#QFSMq-1e7STTdlHXEVk$5t=+2aRb=#(oM2$S5 z(%da~MkQPO(_@KLch6#iwX{*865fd~Ydo)wne*#Cy9fU|TTG3-Jh*3$!!zAq6l|Yi z{C>h`AjU^oJ1%010(#s{iCyr7+E^ZVZKg=xKRidY_ES|)ve>4saGGbnex+mge=ogUEqTy|h-@U=Ih>P$sA6WSnB&|-7;%}fv9N#35c#Jd?qHj$~5 zBpU@3{0D6y4ukp$ndIPYD<7GE$N_Epq^QgD)M9fP5-zM(4>#e8CN3f&4Ky)X5lv40%Tm z(|{tAN5AI1{gEWvn<`g6ejnH6s&`*s{)`Fo@jrd2NVopPF5tyGJa&{Gsn}V1__49} zfJroPq{@!ePtK`dq&z@OcMD?H-n;VCAm2zcB6YQc@xEZZHt%SGdaPW^NTaxo)+Yd} zP`)`5UoiKNbUzY}?TbJ|S$SJGg0CU%7?C<#q~(Zh5&W_Y{lTt84O`b-sF9sir(=gc zpQCH&2F`z8V!CGe2%2@NHOmo~iGRnMxm+;aO=9n6FRmCfYe<_@ZU;dug_uv}MJx2T z*p71Sz~0!8_JHXTOiYfb4%R)W&f`aNW$B9G6)Npnm)HMhf9KH;-A&)cCha8^0}~N|T(ocxzpRy~b^|*0=ZlfQ zvuxX@hwV0IsjGS&rdtNCmSum`-Tf}ELOlM0!{ACx1JXjPw3jNoO{RQ8Wo9xlrK8}+H(j%&Lu;#e?DP5S2jk+zUWI37D6eT&q_WnpUOhZG7P z`qcl&-kZlqQDyDp38bM_LNy8+m8I3FVcdcPLqO0*qE;|yRMd#5abr+X80i3`K!RCJ z+q9yCj_Zu$zK<&+;+Oyuz%76yD5D~7)wW7pMm8nC=Q;OQbyar<^NQd1pWn-ebZw{Z zJ^MZP+@+xWC*VxBH1+G^O->4dpZ+jw|fO;$jWT zoJ!HSfGLvW^nn~J>u$vugxL*3A5xBY-~k-sf4|UL^&hOkNc4qt53*ijhcn{a4<}Jy zZ~V43MtnVSl!`?MyB`Y&4K!pu*$A__dI5^#KP;r#$RZI@_A+BP^EQ};rE3v6M^Z7C z`w{?HLlaEoNt`DlKxCqg$oDVXO%2Iso))u+vaDfuX&P9+xquuIokslOw@!UX*?b{9 z5E7s;s&J5FWR(MxE=G#VWl`VW`BPisxs)fusI`1@2e9e4D%GR*R%2I}q9YqGgiu{WKyC);K&yL0||{GU;8q{$lqIr@vdGS>-qb~+Ta`gWkm84h*-#!2*cCY3lg zFb}~A#E#z4KDFyBLn2_&h&9j%HVgZx?<_gZ0+l2auMT<;d%&$_D`0Af1kbZuyD39u`S=Q}=HtvG^w)+497T@6qkF1ygPkKs58VmvDgVe07&X5I{*HL()@n5enJ%suxC}dL?#Sp;lq5Z;>wq(2>O_xfJw|( zdy$H`$N*48E@0i6gYUtu3f~}Cw2CCSD@s4i5D3lOA0Cx`;6~sEoyQKteXe2^=p|oI z*%!guLrbjHL8#FYP$-*~a`ezQ_00D8sgp{^{Hue=K^&mW3LSt@19Fc@L-erzg8egy z7?eAWqi3V)#I5P|8TFScdpF6?5cwIha}Y)J+{(ijL{Dd0lRF5iHpz^h3m%c1FiNZB z1!Xem<24kpJVu9|a~I}vleygIc+d};NBF@b=Q3IXcJ{iO0G)RS=mY_+mNN9(ipxFF~_NV@i5;88vbw#ed?LM1w6pZA1-C~it*+C zE73YuO_q2C`R(sa<9Ch5*(-QlVFX&fGtO`N&gkKL55?eoCC+pI%_4yW8bD zc=-E3woHM@BSqE=-ze@2oV8XsLT1)1HQ^9fCFWXd`a=9%UFQ*hihcfK{`VE1YC*JZ z&O)I(i9e0{KP&lGP`+5Uh98%`a3<4!&^NY<^K4ntn0{ zK+XWn{v}xIcKtyt4xv8CoS`-=EhvV)9ZLHuqvH?36K^3$@UIjbBLhB~yZk+L^I~&b z<=&Wli3FN(VMcD}Ju@;8^Y0&1ZI!4LISxkC>51Px(C zTVo8k2G-ARA`rrgbq5`s5*_}F<_-c%XdHUsCQ;x&nrb-&R)OJ&V)Ugca5n3FX5G3L zVaEr2pd@_h6WG3|hTn2hUZfJw*_keqwWrqSSjvTghL4a?iC^xKx!2yIAZhtVJJ-hg z#Sb|w0F(2q#6QR=Cx1KxRkWW!{uSj%z2*1bS@}l2q)gIjfavnfiw$P<1SJYd|6C<7Fz^Ew_CkoMbQS12!NSsXp~-<@w6#D@$qaTYW~& zW?*B+dX^v!)iMD}(NcjCwU%;Oma!cRa}vjuW-l>UZO0C&M(i;G?&D*T(dS=hR8<O5y^cgVC&z}Z#0dRvCr1XZR4b=3OMx8yAiIGui|9 zN3T1(yx`z4Wf*Skrt6oX2XwZwg1{B6$#qvyk!Clw^&@p3XJKw|T=IuCO@(Ub%A-yY zZWgG+%?R(~Pk6j(N_=b7w<`WZol^7D&_wNz@ByC4nndT)$ZD9aSgiDNp(#bQFNBB# zVY@S0F{Pon6}D5_I$?BVWl7W4<4T(1$BoWjRkCX9Xe2vtWY1?bR#ReIUZZ9LYCa`8 zrg;nPA#_S?T=SOV=)rHU=B%(!D=!<>T-?lt30$7hI-z99R^$4k@CNLrwE~f1I8@sy zI_U3!He=TmAQ8G-Y2@?*#SWOG*q9YqrPN%E3T-wJX6`l=9{@&{M%Kjp%TdBVq~rLF z`lODpY4N@+b0cK^Btaqipek#evhJMsw3=V>xO%UUE5&!LB7$W=fa965L8q*vy)ODt zyDd4QSv|~*Ob3iKmbG#dhVv|8X*e%E!4mCUHk}3P~_~y0mse@DMbB~>Ybk&|iKLXag3e`^Op4$sOQTB5v+l&7I zl$S^R!EE{Q<#$v0!=zwG$qrsl7jq9{`I3XBw>;(}{buBF$%m4DjA|m8hKZI@+^b<) z^ssH{ceh$giBMWT^7rk~XVa!!%Iz|qMW)wq)b%}#-6vku7K~&;c;W}0ZqJL3 z!c0muD%O{n1p~3%P~Z}a3{?FIQ=dr#7zC}_O9dIg?w88bzq`MA2Je(*y*5_#t~*GHV|rRLi1*NwVSLR>xX_mI$7@tk7n3U~ zMSy#Am&6v0!}E?yhQN?C}ffW>ffV33bN5YD*Dyl$zT9RqiIMST12b@Z=*O;Xf4DfA4vG@ zVi!k5h9f9?=nEVI^yQPw1?-0$7nVZmei}@1WRU`UGY#x}@&KhNj@+7|G~vh_8ceyJ zs}xuyt+WR<7>EIGCn>P^-C~f^W&zB)Oc6NmK^Nu{P6x|{zn7uI6n`L7zRIZ2$X_r~ z@fRm$MPw`3Sw5LP8?avZ>u6k|H5Olh27fmnpUU5liM7L#n#%-iUS}7U!rz4&OmSqK z0=qH|>@ONjNo!Ds(u5-uHJFlCcLmlzt+W#~nBwmjm=g;Uu5pV&O6vBWMNJs8TLQDe3ml$h`T$B4~{{m7xc302XpStuR{NJ9^6xAbZG~@CMGB zL)F-?cY>#T*{3^bWl&}}C|-ZZd}V;PifkEwq`hOBxcU(iLS4QBvu&NyuhOOK;j>qf z=iX_)^7wXm0aipXobpkNo!(bO(KAMn#)md1yMSX^$s?KZ$7i+D@|R>YXE4arxUA^@ zumX^%8*lW*(J+!U)MZtDPK~!G-B_*ga*4m$HL0VQUnAS0hulYFWp(ceK@nE-u&%~a zzER))d=*aIqCD=xv`kTis2RW}=y`1`uzi(0IpBU3mj%&m7q}+wMN42cqBNL`9l1G3 z7ac3(;1aj5;XM@l>3ynL1S$;yLf{Pu140`6fO^7#)F}OBb2S0@4{5PQdqBb3ov(uB zWM9D{aj*dT1-&{RvY~YC@#t#`n5|+9fXZgjwbOZ_TIu1?gJFM<)2StVy#}K$)+p4N zxZReLhksLllln@|@YMG{av1+l>wC{j-{tMphuF7K%@5v(snOYAH9`W+cP!vBrjB4o zGMgT4SOoWgkGVzU#P!T9tj&)0YJH8pfjbHzO@0kw4uG+j7B8c@@5r;c8(4OK-oP_p`@vnRbHmqz zik>|`--bqJM(Vd{ZyiMPt_0)ktTK~~)np2c1Gr{c(@%y1Igg{cEqAwM zsn;Qvkt*WTaW>a#7(t$E#htyh5fvcGZl_|u#FUvh7Q)IrB)A52f=R6KmzamdEQ-JOnIeOF^vItVCdM_Iczw+4EB-%dZOS9m$wcD>ZP zTo1Zcz$;EzVlDl>V0{DzvD?X)O8)9|Pzaw4y|Vk%2sr-x%F9{9vZuPb(Uo1Tz5c)g zm-*J>VYW#hgMY16(pU`cy}j)_BLL0gc*~Gi=|+5u-`AU}#eB`%Y^RXRWUsUu5#KZa z61bsBxW77ZpG`@^%?6xRJA!70R$E4lu0j>oh#lM7tVNGu2F4%#2=lHRf}bPC<7W%z zzAf_|2}Chp!s)gy#!$O_Wyx+T)TW z=q?u=Ov01S>O$eOdEv`h)x*EVZ+2xa3dnA$+0cdGIRk0$;%?S5UkeXtF^-vqbut*g z#A2qc$fWf|N~5g>W6pOqgNyhAqi-@>>BtDMaYSC?DDd}yw_n2il95?immr>&DH$>x z7xnq^z#PttaMwuA!9Wsn$UPkeU4l?ZP2Pz4u6v73lpnh(>%Lbq^ zP@^%vsLYIPgF|myTaM@V$a5FdT&Ef9FGuNTU`vY@qqbHs-3#a88Tf48?YJx*(uf)H zF<(7Qj@mQmNoH>&*c2>M;lkBn%Ge^aCIRvEs+$Y>M)ooz|FN-i(abufc+g?<0mU_k zipVT9wTd1=J(Urcm_rolXaYhY_RY>_bV`}~?&bO}^&~P9auyddl1$f3i%fygAm+%4 zpkt~@2!Nglg07l?k!WCLPeZu4=yYr7dIUhw%Fal8@ZVSuOR*K^Ij-*O8*xPcS;A@c zgN`HmJ6nU($i_C9P}>GvhUAj_9O82J)@r;XcRsZ5(D>!f3@Dbs&?Cv6{V>@@-NA|6 z;Vdw92U;t4&O+Ow?f_}I^Mi9IsP8~~lDCdTf$9zrk~?1|?{rdk z9^1`<$x(MEpogH}@~b}P=Cl%e+6op;M8BP>Mx`Jk|(HtqNo1v7)7K05a=|Q zSf3!qRrSNWWU3!lC+kV4&TMyVTyf)%+_LcAEJXQp^j^@ylX_Gm=*}U#u7`w^{EF4)PbZ79f32YGhl#R# zOH*a{R*qVLf^rZKfU-{>);CqBKY!1e0lWXiyOpO;53W5<*&w9z=3ZPiuek!3*WE6 zO~IEBfG-Y9thJaxoWz$;+QFAEJNUw@3BEiMUmiX9;s)^*I2&JFXnX}6_$HxI7 z9cJUp2f!DHCDx%HeEFmue7Csqg=Z9ec_h9(dho>!;wx}AzPQl%3OMjhLJ?m9cHuh* zq8I-10r16Pi8XDjo4BkAGMLl16{9)Yvz!G)$rz(G$Eiu4Gui=IPldiVhJ;IPE%;h~35c7dMj zY30%y~M3r&xJgPtT5=@DQTJ@pWU(8C9y2ZtrrpRfmJ zk{&+U6?!_^^mNkn;3)Lq=%uHVqK9w}J)InS2u^w&D4~bIE_&v3lLyKNU_wtP(DM&` z&w@~hFiNtkKd-puj#>2=)uuTk6+P4IENm;Ll418j{_z25ZFb}-VQx@KzjV3C)-O8 zp6rTzu(KNjK|dNCWj{CyJve&l2`G99=g<>y=pi`iaiD}A0=wu@-%qE$;Q{HvLO*K& zc4~CV2Tyi|o}f)nP}75>(1W9wo}i+Ka1K2|haQ5H9tTS3A+U>{sSt(IH#{IcLC|v{ zwj6iSgD1N}PspYxr0Ky?=)uuTPe{>2IES8)Ll418j{_z25ZFb}LlA|c2MPQ9gK-wR|IrL;@+wBj*Nsj|1^bpuZPZx(C zJRm(;+1Q`s8xK8rvP<-IvgyG%u+W1qo9SZ;J)IOifJ@TT$)N{1ccI6IQuF}WMb96g zT1wxLq8EBPEwK(rp{LWX(UW7-lcVX$(e&h`$|pzB1GpqTISxGl7kX?cMGt^o^o*BX z?S)%8ik_S$)@fgR<&(2(^!ROh{F)x*{iH?=pL_Mqujm0>k{-W955R>U8%ogwU>7~N zK@?g(enpRei8cExFFn}4&DC+&U51YK7dmC>UOk!wO%GCsLQf!-o`9kUa7lUs4m|)D zdTb~~4}e|tEQ2UCJ?NCtez3pIGuRT_68(2|Dxu zTcT(eoojq3H=KdV=WxVB2grJ;7b0CuGwT()5HhJ)u;3LW&;1CFuz{^Z;Dw zv7r<_0Cv%HNRpnAq9=s@PYOMuO!RPg;`_NZR(9o9$rF2$#n4G6@u2ZCz4_uTW^^Kw zU^R#5`>@}Kj1XK>s)q(jquugHN6b)Z37+801)lIeG3n z)cA;$AKB;>R)V3i@RZTfP+>{55GFB9jUEiy5k9{pIvEMN9pN+a#F~ZPH`3q9!3E?e zk*w4;ESpL6w~L)O9Lx(3Y-_{xe_Uw*U}ld_d|_rc zn^6=HVL`LF0@WUmkg*_FZNxwZGKwf+86jFx0K6}41K0O$x3 z@0eMVAB-Ok@g%Xa#}A|Yv?Ag?OtOn(u)+oLy)g@_HQrd-l=HnYxiM?JF=_dDW0Noc zftPV!^q)qI-UP1B4_9$eXDWX~MmD;G1$wrL;}G#;9YT zadzp+5>Q7Fe-l_)*uMe4Go;E5ct4K6@9?*s;Ggp6YySMmpSF(Q+w?ig*o42&fZ%~H z1SfqAL{Z74Z}GPk0J(SFNAfrIx?dgpJg$xhKc|jIysVCcmZ;*e=T`Tbgcf0W<<4fstG{F zKa?1Ht7D&hbv*cRbv$CAIu079j>C)P*dZ|#`>V;}QvX~Y#`y2$VVwVI9(Gk0-1P_R z%RuD+NF>ntEc`(?L^Y@xU=fSpFXd0ei@nP&!!^Q_SaikS(!3?yP z2!af@J!m=5n8mLK7}gsFU7J6p!FQJh?f}n=W8MtGvF%L?{()GYnCCpYsOz9#BW7lg3sN{kQ!$_R}X(} z$D}U!Gw^p-5I+|LU;8=y@oS%jzkKcA>wkFd=e6&qzTegsUi#XWX)FQY%=?AHrIT?0vvfVzJ^c{n;-~a2wf0A5JjdwN63Qt+O|%tR6n`R*1u>eUdHxKKQ}?z|`}> za*+u*jYfTKlR1bSt^6HmM<~{ej}cgb#5=gcMDgar#GW_{;w%V4G=ym^T8FK=Z|K%{ zXt#dGUmML>&I#}XZ6%Rx!D8wjX0(eLHSqbAN@G;CxXYGN(bBHq-g0cOY%Dj873P2@ z(|BctxyCYUHXs3%e1BA|+iM_!Tn(S%;_IkrxC{AeuKC=>+ELLNC>N|<^Mz@=Wg2gr z12%{ELD6p$wB~abU1_5Rl+6Lyc7KiW_eN|01@jppC}(DfQP&GE;@OGR*;4~vb{Tb> zFlf!EROVBIsZX2rQ!4nWRB#uojXG{J2xf{>gWVwr2I1LxxEtp#*ihoV@z)Q3tiL8YbCsCi|Fuu;=DrlXZO}k8G+YC_rP{NV_gLa36dM z-jWxR^=*nDLts=0dqIuz-674MHSvC`pun^N(5ul><+nK72MUIeXYF?wIj1ojwHLeU z|1fURplY`Cn|6U+KVB;KwMrow-cO>lG0xd302x=*ib~d@lJA{Lc1W>`$d}?Zs*>Qe z{!m$k+s8QD=e4iH??G9=Cu;D#f3#)zN#Zmc8-Nx2Hppuk-q<7g22EmI(FT~q1{C>& zF0!W$uo&82(%hN#(6c8hs)tXWOCMN=FFwQKwseCk0u3`(85qBLS*u~xV&XH+nD~bG z`L?9F2?P3BCH>JJ4ZYClRyqVrgRuLmIb`$I=phWf@RT;*n|7y(o#@Q$w@dr4Er}fC z@#itp0@thjG$q8HFLv`1NGELvT8Fvv$((0ujhW~3Pp{qBeUl4eedY+J(CCmYye!!=Ah zjbpQa)#2M0Z*+IP5q@jP`%_kyL;}*g>r1KAcdd%Nw`OD0mjP55eu7V{hv(iTtR0Wi z1${V=z8jWqoH>2DEks=Gv%c~W;1?_%^3e>dH1d)6(HK;pA0{FH?bSAqy56fEeq2nXd06|>q=1sdQKGXx#ZP#sORR)} z;6QUfpb!Kqpm@YWYM>(6t~2``5(!Wq-gsj`V^Y?%nPh$k$v~{5WcrG0n{BAM)~Gvw zZkubHmzr;F6>iC|GCVD;CJihi3i3qVZY5iZ-S&mVEt2#rsaURZ$ zT74Zb>Tkj|(v^)8eALVCTkPl8NBPF=?bUF{Mm=BR_s{sQY>`_%d@GX7=yEa^{NAYQ ziocW4eX2SMy`-v>&>5;aDa4;L{#5X1GJdXSaXik|$9whhX?<+e#}<9uppUIMnzIu` zz?|Kz4uZ~<>*8I}r{q2Ct7Wy09vey#SY@E9oLN$TAs=Ru4- zZ;{`f!)B6FaldMLbFTc}E5A?6Z>DnXhCv^-K615zq^_uuTssB*f=0ft&Y+PWsxxTh zS2#0jb%qHVDY9lLT)$btKpQce5rWs+7<6mn<+%9KS6M4D%>kVOHe|=tq0|LL-A4WH z=*LwLKb4Owdqi4y+wv%vx`n%7tnm8>z-fMPqceh-uHTyv#!rPNnUQbJ?Dy~qj;SxJ zr3^p2fXtdr$c=pC2k=i&4CYBN0Qr&G|HJrRc=v`bHFT|AnS%xJ1vQJL7M3&$h(yCM*f5%XBvgcCyKsQL@&7;#Bg9dt*ca&KyIEAKukEM zF9bVjob&ut+^iZSnlUZ~^sFEt&o9K!C4C{mNfZ0F;5RG<% z0kkSC#m;EA*zqBhcU2jFrdHr*)?{YFi~Fi9d0&+!@2j%peN~nmcmRZm;6O}pXcv_~ zqWG#wD86bMim$3-@lbyj54Ny)5YFPO#`RXWBh^vV1U`s80!X5dT-iiDC3&PbJVkihmPU0u~* z?^Q)r{asgA^>CxU^G{t})r%YSomX3Nq8+svn=gJc_9_oXjD4^8m0Vqb^_Ts>#n)(z z>z>e-gz1L%?s?t%BHIJzTvm;rKg~6p8>?9+Js>;a; zwUqW>&y#b=?nxK6q62tHDVGAll}h6Flps#d3gPGc3Nw4zYd^zH|6Fw{d}-C$@TFB3 z;BGU(r@d`rzsT(EOPgj@9SBzp-dzD~s;11v&$X<+YNW{dWL8{thDiBb)>?HjWE|_( z7idm|`jG$^#zf1;mFI3m@vRn{M$kXH|KigAYf7`WPJg$X6t508lh<~plu*+K}8!mT}4Ezgtb*8gf>C6>NKHE5Usipv_-an zo+I%$H308~BHgcqlT_T`-h}O04dj= z@_7ftXAaNCe7>o^1$eIwa|N8vDaw%d(QM)UR4}zZSmke3fq80)cp4--)-HUQ6Jh;% zScbkcSia(&k1}92^TRKNjyJM4e``i^@?~4;%^PKI#DF$@&Uy6-16G$rHsDjp3%b)B zFc{*Q*|A`u&?0jwSiXJT%tX!tW>Pex_z?dV9ID{e^JCMVJLEHmowwkSQ~-CpL4f^L zaiBu+#7iI6q3=HvyDHRR`ceJ>qz4D)b8ZTzb)a<2gu!cSH!zzfGd3)Lz>jz>eA{y} zpC>0@ATL`j`)y}t6NKS8=Zt>W#sW~#Wo*F>L0 z{=%s;{yh%4ZH7|d@WR#=dUm~IBA)o_*+0Fkfp z)gHS5bErPyoGfrM@*liZl%#^=TNv2HTX;3BhriA=BcIvuU!9j!UC{^BSH}9V3YtHd zZG$;S*c*=@9WCTHT=BipFcPnr^98)dpj=!+a$>M=UkE3Hxl(vmit4b#C*kppR$$8g z^$?MUcxGZrXqncJsBhI6Y!ra?_LD$PY&gil`Nhe+6t2c1BUQ-TrO^hqrkF@`JT~5z zToum$fF0l`b9T)UrO|3Xo{t9T0nvsW0j=Bz+p=GYI!a@?ec=F5%b}>HZ9_bOtD3g` zD}Nl&D0{S*#`^TR=H;x`5ymrnRDO)N2FqK%bqHVa@_?tf=ZEjhVSHJbg&#D~hDhtp z&We8^9{x)^0Ls62F>SgSDb@T1SQ?$wgf8ah7H%{oa(2pVN8S`SiWtbkidfh%pfU-l zXyKcY-eOAmm?2fHxQszYe6!OoSRY;b*4)Uo>5hj=QA``Y9ehyx)?+f&?pTm2AXy(M z$OE^ym8Q!D$#c!Fp45J5j%HWEf|UXbdI}vf9QKMQB&@xe>?QdH3%Fqb2%>wT`4pnX z{sCitS>eM=YPM#D57FMR1iLDf#HLqR=L3E;HmJCyRPS41b$hR^ZA9BUuTH{~1;eDc z#CI+pCg}k!HL5z*ytKXTF|L&ZtjG}4JG`oy%K09L0KX0svM^a^5hMNA1-{z zyajK_W6-YsFZs3L-}cSG61nEq9pYcqHQ3(`FJtF@mJqjrr38oHd?xC=z;Xk~^X6p; z$v}?e%@>&RTw^$(Z9zA=rdlFv47+x%H=h7^<7N-US;%IO0}w@AF0XdJVjy5$_l`Z? z4-b(zZo)U#yNR|dAkO%-&U1iJo%kBXMC+1&Vfp!W?)BSTZ$Bx$epIVx3<48uC%68} zZL<4+0Nd6E1~fK!ilukO78i{`MP4HMas?7F!!;l{J^F$Aen4JgvGu_#=mkuN-?63o ztN77{q+Y!yg&)u?H$QR+G}-}5;l~&tLVl?BL5)yH_Z#wF@yf&SmDe|=Lx>TW!28m*forV^KTWNuRR+aZzO;gZI z5>g7-&vLa*cM3_f7lF4EUA!fd9{w8jobmu1ffQOMHgRZ3rN!g~P@p6Y)D)Z_V-9&M zeAR#z_|^)FFfnjnhR56}KjEH^%xB% zC=Fu+h^_0X52b9#rE1ifcy7Ro#6L3uzmX0c$EKET)?Z!*wQSEEQOJph-l-k5FHw~P zSJ`|O!PMXrcpiNc=KtJc1EnxO2k2zfr@c6uB%3JOEK*ve(e~hL)ZeS*(@~#rm4i;Y zG97(!ilRZ8Y(?AK`wSbvdubJi)59q|h1NU_v&Ba$)~Dd#1)epdet`wpIUTe5+3~Mi zM>1v7F}{bw8;$A))TGGU{i(OAeJ( zR`4IY<6(>aj4scMf69I>7y$roMTsNm&M<8ddq={fz{&MoLCyUz?v<0@!Z(Y51|&QPzAJ@&DHmg&&+wT;%vkT!&B%vl(xN%YWT)IZu``&$lvTi?9lkxA@k z-c6cWzYD!4cyo*Uv9yp39IS`E#msJ6Cvdtovl@hBvTc*6^|fxA4;34#3^B7m5xYu@ zF;d!iK}6`;@o(K!*ESlp)j*9hD#X@-)j}ABi;D;^#v4aARgSx6tTBHssWRr@!9&se zmDmz_?kaVMhobkx>0yIU5r`-uHd~#t`3rzferPC=Xn~<(s6MeAe@m@LUI3W~DKb;! zbt7@~?2kx{;XYLi1-Ayxu?{`oB?mNn?lyOi)MqX?x#>L5du}&rt#O_~*Wq+HxvhrV z?{9k^*q&(%B?aG;Gx|s9z0>}pDBb>kYt*)aJi0lf_9GESYC8-NenD4(%uyh4lx0B_ zg5$Mlm){DXB95|HIm$CoK3C1aPhwv)B^fi>W-EUuxd>V)&Dbh=M~NkvSOamqZAQ@7 zRh?ex{?dOQA|Sd+2Q^sflZe89UY`kg>l&A{RlxCK;1~QS=NV>tWm$$-K8LngvFE_- z+i_+)*%W@)k|$~U54A{(v88$MyTWVF_{OKxW-hL9DFfqg^#9%QCfChaA1t>ENb$d) zJ_|%Iu(iU*HZ4B8yB&O^@N4P=&ur(|9>TNnTVj)OoDP5YQFs`|oFPPyjRK;Kz-k(C zq62e5Hn3V-d*Tfj(;;{3#7h|TL$b6cXbY-V?V;71bexo=!^7{6wr4)F>e*(SRd6fh zCwT4VX90m?4p0g|=RKp^GjILlGss%APJ;X6jrj=f=a0=PdM|@lim6@s$tmEXIVEU( z-r{hIUdh^HCJPfgpO-YFIpD64kLKl*JgGjEsG8q4C_ z*`L0H{RO76tnZfE_-p-zyL9WXh~-TOD22#(o>KZN@-VePRCru@5VX_}E%g^EIl#mj zk!9?Jdimc${6+VUc2Lv!r`TU3df8U41C)Y)PmRB~{Ng#mvmU}e zn~8a8_SR8=KYjnfCc zz~@)KFbukf`ouVHX zq}N|4#ehU8GGph&>53vaA=ON$kS%WR^Hf40@ro6Tw{2i%?vZJCWs@EcZ0k8Y7pSlMj2t zO#EIu3iw?dhU9c59Bh%WoYDzeuiS>sc=2+9k`9ccj1S5g(IYX-?;wv7{H%)~0l8O! zTw-bx(;J9sor9@5@#5RT_C(UW8(*W9h@0?4yJJRq8*! z`4{{LQ`5i+9s>*mb9g~#LbeKWS#}BV9|M8UFZKw3LqwrLO<$4-MX+d0Lf%hWUNC}O9X$!B|~K7*Fp z?`=EP^WN+x8P@cuj`*1CoVru^7kLn(%GZYM(cetpyHmm!!3zznh#H{iTk7ag_$op& z_Yp!L748scB_U)zmRFWta|&;pykklpWau?~94h0TGP#p~&4JEpf{0LL$8RXjPIA#< z;qOcQeU874*1sMADMQ>o$wN;^<7>JO>-2@TtWx-O4l3C-eUtK6FUhQL+wN~y-#UuF z=<_WvwS)g1tYFveWzTl-AG+)KOSf(Hf_CtK58u;v@TZcY`-T5Zrbv1`^Qe>d(_Ve( zpnooAnMDgHXg^!L}`_|2|AxVsRD<3;Q56Lj+puX*t z!*pGtnf<Er z!N;htg_3)5Qkp1H0i3*4Chb8E&7nJDCj#UVYYx_?%E^Vn$$sXwP_297dt>;(i>a9)~gOP8hT9#EX;N37w(1 zfLj@h(DZfPeSo#G80M;-fGBpniiNBrF#S=b;Qx&VX%+t7#NP_*V4_X3)R@~$Ahu-o#nD3GDkH?6<_?Oi9hs9@(e>&jNe@@do6pNL#OodyYKHp zeK)7{H~-|dJ*bw)A9R{I!uAKKS@{BZ9Sp&WFNk$}T{(l3fP!c#oWZNV;0&$+9`UJ; zp?USI1O4CEVG*=B9oE(~!AH2ouKK@EwHt& z_|+gc{ZX_eInwPiYq0ejYYJ;l<^R}J{?o4&B@S0yZ`y!WAkr4B6C_mq;=$bF9$pVk zpMfC*Z)?zr70&hW*Ql4s*VD%ba@e(lZ9rR-8Ch;hX)`ZLVgT&)ZPTx0jq0Q8@01>W=7`<^P+diVaWTHm*Z9e84YnbM?Ko^4vR$sd6dAD4p53N zKmQly554vOPx66BV`_lb-3+7RV2mpTC?d17gH#Vet`%e5QUdaU`M~G5%?CdFh|QlA z(qFm-r0;ru<7gZElz4b7i*F|${^fWm**E&`VH^Ln_Rg9=)OKYlw0&?hDsMj?qJF`d zd&UD)ZX_gw)x|Or8a*AV%z1*CSm|_YOm=Hj!!E6X+9%bSp;C(xd&*KzVzI^$k+gh9 z2lcxfRrkAxQs_sp;`Y@N7{2KMr7+^1xtZ#}D7|gVOxf?d*IDgSDW(+hnm`g#!M3>yE8O$rlJ?%|0bAahUuZ|t z^!eHsI*7kE%jkGGBb21q7@56}rx@Bj_jWLW<-u>2k2fiko0ch000&i~DW zi@>Cn%+t}yHH9^L5_{nu2dzTle6AN~4}bqh?cw74Y}V|AfA=^* zDg1k2P9}Z3ykq(%?eT#ap||zzNYOXNE#)uBvdX<=eW%yn=rcsw4kQNEzlwhGSBnv5 zuv!R6^^a2gWdJMNta}`wRQjVC=r`*1{Lccm8Q7wWKhm;$$I$mWhL(OX%ab%Fp=m4Mh$g);rKwbEW1j~xVV(@4w{u-@q zH$ZF7w6(^|uU~Fot!sa;*d(5u-N+O+Nndm7y*4jX*fbNB@1%XjepzYltBMR!oqO%a zx8Z}tw%~*U7;SIIoKzo&!F6(W{Qklg2{5H=&ea|BtK+x3!BBd%_exA4 zUkQhUF>@@od)trC5WHP7q!phe1?Qo5P-U#0%hx;E%Yp)~ap{H01yqh820J84QAn+a z!i|AEK@*BDUV=7yakvIqiSjJA(TGPeUe8NOQm9Mo@dj}254Jj`OEQaEdu9q zib{s8!*-BB2qv0iTW6TVFymmI(=cN|TW96{;8B^_ADr#dBHCY>*q^$z4g;dD`LkaB zoSB(F{V5Z)EGmP&*o+{FDa`49R627Gn6WCAIWN|NIk$>V!%x7ylAp=-F9*!bL*^r= z1wY-e8!Ogfbh`F4;GJQ4ONu@Gl031SLTdi^aq%Bsd3H{hXAV(Lm*+BN4_<#O`QJjF z|E<~5*@(?0nAij`5XbA1DjjbT9j{3B95Sm=ysyjgI-28Mjc>CI!Z8HwzR#($+zdpV2%9Nd{BKClLg(8psekdRj&eu=*s>?L|wx=Li= z?*rFmb<>@G@)R!ozE^!9ejE zxS=s?{0t${K1m4K({7*WWMzf)+P@|F^_O30pQ5wCuM-`&w9Ecz`yuK2)FoY?dZOB2 zrB7Xc1ATh&o+N*Msr|lU=1%nKSNNm#2dDFAw{-seFymM9XSd&gKYztoe@E@@WFXpZ zeAB^vpseTGcrzIz!wZ;?lT12V@oT{fJ0B?VjOrn%^+$Ue^FvsYH7cjbv%bX+=)L;f z!TcUpu3-M7gAW3L4CAqW0v+K1!4};}4_)9b1gvFz z@%w`pZgx|-z`4_zWrXYQz@?~1uRp_TD$rH*=%-O%i1pmwJ^>XT&4-TSAt_YC9FoZA zMhv2B9Wm-&1`Y!nG16K$-8ma%pVjV13{h5Lv_Y7OFu5ptCr^>Qs{1dF(FTjZck-9_ z-pA35-XJWE-Yy5;UL>Gf1eCwL_ke)P-cn}tPGK&0Wr*OmF~5OZN*VL-QGfiMQM}!2U!L*kXBhglaWx{Y- zTrFIw4zj4h0mS|Da9^=K)}R!W6=@4lH(&u2f+*{5HfC{7GPGa3oh)Ie&3;kc&@YNL zv|zklq!&NU^|e^?h!OKl`0u{!`0qyk-*D z^KiJGP$ff1ERh`L&k#a->FuCC97ufjY!9D(-S~LR@1Q@G@^8U7d?tP_#4yP&>a(mb zIK93dexAb$c1a(k{M8r%&xHRrWaZn#zk~i%V!m7IZ2Yx9Md#QZpou@d(g8|wI$>gA z&!45?}3-L^Oh(+$SoYldwWULJ9rzkaosYeBciPRTwYhN`7l@fhsbP zSY|zdC@0f+hqec2au>=#+~jPJ=*>?$`E^v_9xpAd#X?hTqXqt2>Z@Q3yJ8qAWnpsr zlGdNwXnH^slN8vYiefQD6p4;=QCQFXwl%~Au-Kp$AOQ1QWq5~o0Si#>f>r|N<>a@m za`g^hzj7!2&tt)FATg0~B7aa=o(osb9h7?*o&^}BF#3B|Nzj_5_=NmbC_M3m-IwIi zE6-mj|ERR`@A=kKe)nG}|B@7a5j}`vdCTkgI$(HjvKM%-9MITm8qf4F<}I#W9p0Vz zYo&6W*5)(N1(OjU7vW4!LUIx_{k0exfv#b%*<9d_y|~(p zI{C0(Iy7iSN0*zv#rn*DssbNIK#!sp{Uds6GrDI(X+9G4wfXn54v;h5#FytEk&C|={P3s2`Z>l_EK;wWF16G@nIr&es_(*O30vsFW&nNL=L#`lf7u7EY>(=>N$K>cn8Pe?L&T>fNmw_>x+U3PQu(a#B@ zkXDi1>rHYue57!eaw>%2jxwY3L{Dh?)&#^i1jSuEj?YA&MiU=?%Z)%eFO-Cf^DA8R z!fgl!xo`bQjNs*gOu0hl@f&qBAjqh?MPJ}mTsREu<-y?$=^A1J?q=zkVed-RU{ZO? z;!ALgiV(jBT`t+z63>eGEEGQxx2&Se;F6a7l+quI73bfs?B^WhyI?;Sg$DcCz$5HO z9eulZA`S3Gv-h=I1aJ+Knv>5Sv>8Fea7aEj<&Ks4>+ogcL=JA^q3Q%Glisj$0>MftXt~usB#@-D)}) z6iX6>4GTGW8@Nrz4LO-ECpJi$w$EY#8Q@FlA;wT~`~2~-3Z?BOQdtjUeu-Z+0|dk8 zBx!17m2fMHrn~c(^Ex)@k3ZOoFK%U#asZseVhyu<(MjDmYTx5)5MoFO+84ZI;N!>Y zqajrJGV#VdQvl_{To(&YLb`zdWdqBZy_AXr|B^)WY2L@RLQ}aGhliY_q|M`>-`nP4 zyD+pL*1ongtj&t%zHxwr9Jy?xfsJ40uMusH9-ED#AQcnOA|rIeu0A%X}-wPVlc%R3mh2v}Km58lPQx*NqI73UwtB?SC9u$%B|DL+Yg1FvJg z<{jsP-!P$L_f{qZ>w#TRSdcK>2x5uI?$O+jf;6MCVn&bh)yVPiW4?yHE>N$x^>SHY zVKn!jfJZ!r?KZ@{phztw7mrW=F3Dp-54;apFW6p)Jf5J65gr$k#|E8@<}q%N$M5vr z-WK0X2P5~jJM&wMaG%@aaYg{)o*dcsWq{`{}rLx5UX@i_lw)jt$0>1}dUgY1_7OxU_$c95yiuWIbOyZ+~srbYf;Pz~v zIGNm@9-l3@JnxJLE;Ipb3T@POm*-yX9ZWHv6=Ll+^!dw`XA%Rd_BL)a4$MIt_i>^b91moHCQ7J`d%UJw;lKDePazepZvJ(|6g>Lsn9ii%Veo%9T~ zsBf-f3(*J`?3Wr_t&j9>Xi1(%U4o_{l$EFxzlXfPkafeq%6dn=$LC_k3$Z2GNFHn!hjRuJ48kc|d&jMKEYYb#rY zhw!|#IRq!t{-U{LAE*GGFt4pd{n|WeS$M=A$$C^WU^ParK9@FA^;UH2`>eE?t8W>=P00kWE8;Z6GD z_*gu!g5%KUy}s4c<|W$?X`gSSYG;~b4z=i2_Kmd9M(rp ze#cD4D`s>AZtg}u0uKfmqOq^Y#?OVW)#5C)jD_-~oF|0h&xJr|BAjFmzInhpLM#Ij ztM)Wfn!veBV-saV_^pR}D!Mhvq%K|{I{uqsW?eKE(i;s;vzvZ7Cgm4%@;-bS9#NdimFP{`M~c3*6Ct0X?IQ&m&LG4j4wkD7y6O&U%lAgzzJTQp!N{Z5t~cu5q_nWF z;{?=??__RZm!Oqhf>!HpOdK|&SJKT+{)B2n&PZ%r%zPhu9@YeePKoYjOm0BU3v_39 z0yC&*(+f|gdyM9(B>rw>HxjFZsx7knt;%Bd90&Xus{Jv%(COK-67>Dp7$OYVKm?xW}nHTMKU;rW5YV0Z69LfV8KspqZqtuHr zI<(vFw(L3y;ZzBU)nZ&Hxs1ysCS~#+-~sE=lz+xhi>st@8-|BzsqtrMT<4B~aUG(J zE7iV?`b|V6Wsg$u9&8TEe0?0EWf=S_&qMFdsC|jx(LG^v#+>_kj(URRegP=~rwZ}d zW?n4!pSM*2M7auKrr#R(Ui)DfWCiI0-g;>B*0!jxwL3W0SlN$UHPhKP5p>pI1r;9$ z$#fzDj}7BLF;}&(W}<~=uHe9=kzk-zf@E?02gsQXqQ~AJQTA>sdtZl=nC}(4M}Jt3 z5a|ZqCzUa9hEa`Q8*&*Qh%T1PNouqBy6PA=>qa648j4g-voC|$PrDU-quI-c&>5*n z_`{wV>Z_f`5-=1O^WFH7ZQ3$6MOt^*J!h3KjqnO z$vz>f@yj=RL`_gEZm@IFcMo(fjuWfW@}0euVi%o)g+ZrSoAu-FfLjffL7uCQhZXS& zI4FCQC~{nWdAvw&c?+`EmqFWZ%WQwLKQLIzh6v6(s7R0cxnmNUfG>1KRzc*INFBJ; z8)IDm-3V7K0=TwovYlIz(#|32^acU#HRVOFHg6>H;#4|XLGoYH9wfe>MAi1h_j*m3 z43f3lgP2BL7679?Fygj8^5KBCMCVd$^@Id_Ucq?3paMUx+lIk8(AW)6X*8l#Sa6kHZSfBFr$vBH*M=okGLmJ zQ2?pKa_avAsMTn41^x@reQHZ2tlG64NQMw$M0sX^?1ROR-Wq>zOhl{+@@yEM!EOmq zBwySBbK)DJQlW-${+`s=U@?BMYXQv6hb)h6F$eKI=nmd9=7ZhFe8LlHemt{hd=AQB z=(i_=!XpqQ?q!{gx8M-ed3`$g6@ZSRcHvw@GIkS3xZOn1XjpX!*`i|+s)Wx_S;Cm&EQYFfPa1TE#LirHlp-^tw$3w!(Bn)^yCkN@V ze{=Yx9A@&=Cn`}Qt&p^FjJWdX(t_3j*`B@NAtdCwS;qT#h_Vt(nSN9(#W?o)C{&GOSMJRRipQoO zxxdKDcs<)cI#~}z3p?Af*n3n!#dK?F30SbnX%?LZD8)W1lzxP$A4Sv;kVv_Zi_fra z!j-54>;^~aeIOGm=F$uWK%>;>(HtT@*H$rWd{ld(PP^% zia%pKrUDr?)kGxnK0audW6Jum(tUw8pg=>A;)l*j90WqQXmu1kp}ByFbHW25Ofv$A z6ImLrpkoNiWcvUC<2-=8#N#rh#tDx5cS11J23c80Rf>Nq!gypH^9nNfry+{};KoE$ z1^$BvlJsPtPE0ZF2D(#Vy>k(H35JL!{fH~fse_J4s09oMY8nFk03a#g{N&g&;!Pu7 zDeQnhqObA8egZJBb!N@hws2ST4s-KXB>pz9!(^VOja?~SaA!t-L1`>!pAohAR(0_{ z_)IsdDkU?9Y$j_&71+Ovj@up3;oV`p*Fpeo#+>ow-H?x_oW|&&=?e&8+_4~sUGC_> zW66Aou$XVz*iS_(&MSmuXe>!%1<9X4{V?H0%CMIl)+&5%eK18hIzKFjkFZWJ{+ME{ z)^Lx0Pd(S$mRUDmsJSQ{(lhRcv`pC>y9abNv)8d^P~@~p5h&X49NBvxS{I`B#7&N6 zsS{8AM*TPy-%Y1{CsV$Y-D7*!k;EtF`>1Up#0=JchyVxIZ_71Xj~w0p_=XK<`$I3X z5K6_4#wSo6>y-+dAnipQnvCo2r*7euGFXLC`!LDSU%{{r8L0w!NQEMZ<-T@(1z@|0 zdIhXQx3g3oEWu`181-{>VHK1Mj6!U|_FUjn&QI)*voPDAUC&gjc6KJUv1SCzAfv(k z3Nw2-#}??}=2}x{sn&BcWIY`%Mz0gLBCL+~`GXt=9m+%OS~Lx7tByBgXFzv*?JxIw zei$9zKMS6?trGp6ZXd??6$cC-2{irI-*zZE;c*qN@vZcsG2gALNiWSQO#dePj8N;v z@fT?Fp$RfEQ#$;;p53w_E81%jM1w3tKQrRH88$i5-I6=AbIPr?3dNwmIo9Sl8T%!tAmODWiv4J9Q%tGO(i@}wml1QuB^f{bEI6qh# z>o#}<=TqejhWOwgN(cLkqrL9ku`ufdj-0(Bx>h_`nt{@2>0o?QeazrMX>8o!z-V;0 z#-Rs2SbESr39^jhXzqpb`ijc#yvblGD~^d{ZKaXkuFS(5KPictcGc@GK%0HUT?99OCMoKA|QtRjER@MDC`ft#gKT;IKPviju^EDsxiTGdW zB)ueCg@J2}qrQiFEN%VzGfnLJ(q9>v z7KWnyR#Ya~Bl^w;6?#to#p{sQo`FxaqJ>-CO5U@Y8cb&b!!MZaVt5e6Tm8^Ab6!r& zvyKDq@lhWB;k_Yqxnuzf$O=I#c$S=H?xAn$AsP59+^vM+xU~OW$SkpxOzPnKw|d{d zE%Wol${ej+ zl#_Vb(e@O1I^SPHA*2;$q7gwmh_)DA(9Me}kIDQH!VZh z?^+xoUjqShCo0GE&Hc&@fGHCM>|onGb)8ABZ#hz@iF?4bQF9!Y9#?3ybkLv0$scW3O0X+pJl#7@h*~UHn-72 zZ&?jPfi*jTsrF>lS1Wv7{)R>jt%pn@h$0C)oz}(bTc*$wDFMo^=)})evN{HX1gBC0!QPRFPQ$;=u3K;j9BHW0U`rW|%9yDP9m^mP*XTg>I!mHEaD+!p&*lSXC<(2Jbzy&%uQDM;sY}() zJQH}yS`k=6giLUusxmXuO;;_@Kv?{DJ5^g(4~D2dfV*;RnI|dys!{y%^fzQFlFntJ z8#pH)Fc@xKkJT25D-&Blgz?5Xu{ z5n7py01<*J*1ySGIg~&`5z<4AX^OF)=+3w+2l-I@l{5E5`-2SSki}DH$6sfaLsrf> zgb4+fPHj4+^Swi)n|5R1Ol$Wm}4~e@K&Tw^va)SgcVF1VYMiA0O&KnjB$K3!nCP9zW~c{1`cBo zCiVadtq0{*JnYS;PvekS zMU9x=?hNhZYbX`X2GJ9BhD}>ve68p#l1!tu1!EiWHOlf*?5&=7*L;;?Z(xm*sYnv6 z(2@i%gapbIy@ViMhF(FW_DLa6tRfmQAfb(tryfJiZePC2GOW{y<$1p#-{q_^1z%k< z$0KI*v7Pq@&u39)phgJ~)G&F8TM#TohcoD<DwkUbu zIk&3&R#)NjfB*ORX{zhgt?!=u-E+@9cd4qSkI{4v_IFkr0D8rOl)xUnQMi>n4X6lq zK+4jKT&X%a#PxeDFdT^S=%0R$>K2Yr$om}hx2Jkp%S0JzVe&>Yp1ju`xOWk%f=VQs z7nDfT7c6M{xE|Z#0__YnmQJ;pKxs1&aV}m+S5<0nE8!)l?L&h~+Mk19&e%0)JgN1x zzKxtHb#I-;4}7~+58@L*fe%M_x)*vxYmwgteJ`9hf+>1xwc7s%|0bGPi46aqLqyJfDrqcweW5XANlxCwkKbWQRjy>vv0K<6U33$>b2S`&$BtY? zUeq<==~=8G8~M`0QB#-^Jjk1S*@L`A2S^dqUncr zKej264)EEuqKPcxYP<2x$v87y7e^qHxv3u8Amn!`r{~X+54T28Zahw`dc-s7de^~e z;(osdwJa>Y;_>Syz0s`R$2zP{d_kjov?o+_ARc3Tp*5hTI~F}eN@SovUvwu8C;5@% zTakYb^#ELFXk5ffCOL~3>Z+}EM!m1<&5l;%F<8O@CV=*96O6%xU@?vl|4DTgwV4j6 zh*?mP?FO{)&Kx6n(-L~2V6@Lc>H$Oi#eYQkRH^?%`Cy*dNaRg-(#9|!KXVdaNoJLa zwXQ|k^lKJvz$<={Zucgr-g&5wJSQoD(g&hW(I9z&6UMrS3?+^(;|7jB_&wU$F={v! z9PF@nVaK8``v!Y0&JuTJ`q54uC0{cIo9F-vvJ48)Ds-C*+^Ib_nQOVrbs*!C=+q=W zgz;kNIh}r?6ruyiL;_xNfNify)eEmdhHr`tU(hpjiVVsBLuqUqr;S(i^^SN9{)q!9 zW$xt4>2sO6nC9V3Xa$cc&8B)LL zp;wLVjry%yf?$e?U#DTDXZ8 zvS7PZJD5>f^a%Zeee6++c^QyiGJ*Hyd8gpM1vHFUK)#x$`e7ej>o6P)4LGWn?cql0s6R5KvC2`d=Ylnx+Sw;jqD$rH@UL+h`J=+9A(IcSyW z&(Sn_CmjWxd8R!w)A=vrwt2vrkAQi$HOC+eya@RUiUu=7sud@nRQx-tSm=Ah*BjLGXpU zkwes85)!A{KmHZ$Qd=*qf&&FTgn(7+ zLoC>yNH212eFx_XlhKArxndB-#N*Lrbh3@HZO&8Xf1b1SKQ1eMO+e|e;O$D`AvPt3 zK+*W=N`1Q1*LwA68XUCncKqrnjV>OFq^%80=muZME=OpsmMRbbW#RvM(RgP-xbo;> zx?YcQDulj#blX|c-l0AM(8sdw@8QKxW2N#cj9hd^C>Q`OuG&JPjVm3Uv-bVBfl6=P zl$7yx-0D|!q4(L6#@OvTtuA%UEuu&=gjoD^|uX@mm z7C=Vz_P>na1vQU`rCTe^QMXo%T00*6oNn%*+a%p5oQPrnPHG9Tf1V4_A85fzf_CIP zaO!gm{zQMlP~W|RV^js1sXk;>MPvLYI7GOHhrh_hqPl!hH})c{*`f2mosTjRlPr5{)7DHiDe*k`o2g7D3@W za?$ew`=zMK(yI<&T{Hry>2p@~9P)Re#ow${cPZW{offO6`flNQqx3XSS*qu>>baEW z*@ej>#m6HiI8E3H7K({K(8+NjR*+S^TL{1z{2nJHg1_$An+-i+tK`D|j;|iujLuq6 zy+e&zaArzj1*y*!DqJSpr(UD8sLGMc6sPdY$Oq9Ocv^=lRd+~-1yFrV&sI}1y zW6YN6>cX^MgZ}i7+}_*bCm5H?rn#?yrM&<@DYsTjJZJ0Q63gxVTNUp^rcu#v__w+( z|3m*4LEgsaIB2{;?bhAD;opA#m&L!m9RFwio9kfEzm3Nu#DBoQH4yPr95qfSHBKki zdq(XGuJS?w)dg5ZZ_W6Hcp+3hGkK7B>L}-M#EwUNvP5b*hWV-rD z6AdBiz6xy9iE7Q|QbUn6A)o3n< z5jmOque?9-{i$Y^zrA!ANd&LgKYGTV2CknP8?`I#&5l@KzWnz>b1^oR+9owD^ci{t zK^v01+2}$CV;^2lVAXImtQRBg%dHw>T1+4Gk*i-=WnKjYrvC%&Dri-U*Pg=H{%Jny zDt?=f7~*49U*V}NeEhY;Z}FiNd8rZnVNQlz=2hMZEktKc5u5J5qFJ$jV}YEPh5TR8 z1fs;$xLsDJUe^AL>E_xDW-2s(wE12!p5diAN^JS*j&X0>a@emoswo}dKY6a7B8NoM z4Mx&a|9(Mm}R#61&R zzK`e4TD9}kxUroWQxf-=`teNyyt(G0BYUA*eFSM5{O~T)^lyi`?UwYNxbQ_im6A!} zuEaChS75hC9AYqCp~M4of1o*;Ma`6wlfyRW1&b-22q?v&!r#bwVoT&RP1>d>LMw~*wV8yh66kEZz? z*Z%k2un~ADC z?1Nqh6fDL6o_$;B*W>NPsO7VWr~{~apWN$ z{9k1Kl8Xh%Tv<+A->{nf3$__7jKC1pmvIR@x$5cdwhP**N#$aLFx+Na_xGh}@C7+X zXmh`>822GL2C2m*1i_5~L!opv9Evv(BiW)T>JHDF7>ia0*$#c*tpU1N! z?8@Q6ono>joR=4{ZT~<{dvKItSRXwv1ih(TZhYJiE+T`vkj$V658coU>g%CG23beQ z9VRefNnl#mjm-FkWIp^T4t1^2Q{<0QYuH_e!b^1X1r&h>h_9R+nVpWE;RjaqgdG*|J%4H%}-Y`6Ad9n-4^`8>oG z^kQyQ(5o8s(((W^A~qd^UX|!gCwhel^!nY%QYCIfl0y)!bPPt;hbu{3MZ@o~3xZl*Qht}6ehvlW=xnWYB22}0~=Pi*bVYVl5$tND^5wc%>%eXa|7HE zH{e`MK2IAtjAhYymkpr10oB7UN4mca40B>F@?Q+mWgPrMi|=H3+17OQd>L zpP|(QIIZCg%;2v>`EXVoPKtxZ2SMcj3V)j-|F8H{k1~I)B0*nDWVkJVH5UH%Q55^X z%bzn4Y-wAEFma!VLy0(S6o=RNV9%fMO61Qlb=;gR&P|OPL2GnDoo;qVm6C&qfR{8j zBAnAoVGV4>bI5%ZCfBfKDkc$Ek}q|Yo@@vktykUku(-pJsMW_{acz#g8#WRar-a|A zlnhY>V>=Z$Z3rieiw;jtteZQNj0_QMT|{nV8XnG{1-ru&!4YcGE@7NX$%2Ro_x1u; zLH)4&?nu}mXD=T6Y=G~LXWs$%hz9O01qBy}<(1J806s(-9{f+wg5wY^b1-u}NgQq! zhtcAY!Ut>n{uBImZuCFqx8(5ue}0`NM*qiW62D=CnBNOYeE3lu{NnH(A42B`Cc+&! zsqc@WzCVUKtf6r6VT-SFmsYvYH&Is6yC@Q<`!t>rh>GxSLZ{t47M*LP_HPH-ItIz+ zWZKf^m=|~oO~w>&@cTrhSOfVba(?-p;bt-2GpzwtVZ-p(3dCD5T)~dpgK)s>_~Zj* z?u}Z{ht{vsfo8HOh~O!L7>#E3NFygSl5W?|G(%tgJMR<8n+HB5{jeyC-o@p|ULy)p ze6$=*3-0t~cKkqiSG5qYKH(W@4*jr%!QY!mWOAy|l`=Wlv-$~Il=zOih(qWUB{9Mh zZ9J*>pfoWd+)W67^t_N=eHr{+9ij7=Dflzj+%tH9Bv5l*&;#4m+)nJIy8QD(1z`7b zI=I~Dor`<;)N}3&4f7QgFaazXhJ$N4CrHMH7REG`I?S9sL)X$_m;YN->?bQF6$=dh zLX0a8DjNIup^P-2lEyL5m5XyZ9#J-75ffYQ5f_wV{cYhbcofj3Y#K6mW>VeU0V&F+ zl(`WzQxQ}o+-O9Of9P&mKI*7R$o8|&L}80UtTo+R?Xd{`f~b&r+Uu&-%N?Gx)B*EeWFzUXiMh_?q*Ze3fS3!F+kgdmE1QPW48P^fvbd-`ds1V{?KWt9H_;Lk5 zX6MVs(DfU|&5wKe`cF|d<;?vB3yQ9!bBoe(hZEZWHzw)OLTW`Sw-{se z0xuYFc(m-S(R*+Vf2Rf=it1^Fl*ZE|GdXD$=F4r8k_!9@L+!JET;7UCXkQrG(2y~t zy!v{bb;Z%c293RK zlauz@5Q#xNIt};^bY24Sv^^qg>wi_dQjoKzFLU$?wwC_xdR<<~_jXWj(ZA-$ivI3_ zU*6;X&V4v@h!Zc1GCMl>L*HYPKg`mrI<&KmfiA}PcFfM1DhHN>DNXl2Vi~TeYIPlkMT1k5PAl%e0c5PNmFH$pO={VZ zh%w$)Ez-bZ!!f?`&o)d}q9f>Ktay|iqU5CAi<_pPSx2TM9aw}0xqHE1Feg4Z{ATPk z@~XbH*oNM;C6O3fV$izi>Xi81?jx5}_u=p+TW<6w?!tt?;Bqhk=6XF!VOwFac?#hR2&JqiAyy zEuJ!3Z5tn4KEKcO{G4Vm$`8YpFwU<^6f88q4VqjHI>DZlCT_bG0go`VIYmK}~j z2iY(pIjMAEV^~w4aQ}z2&%|@u{|>y$!YdVbA!T3oeT1^9d0%|BYKR9S19 z#EzURP;R(f(%p@35g@8%e~L0hny;X1?;BwjWnYig&Nt7Y0dHzZ#v|jH&a_#**k#-y z4wJ=UMmQYETTn-@NW1z}itfu~elv;R4B|Hf>;12P5M1xifa007-oK6wew)LKi}aT9 znsxfC7tuH(V~GmpwbPLW_{Gc{It9mQhD0}p@O~IW!t=sGqzm_px1atb zA; zd0>5q$+*|(xK1>DJFfVNVwhXaJyS^SIW3^bzGMj zx4neB>qQ$LI-inxV0#!S~OnUaf@Z#**fm2NhW9x)9r8zthn1}NIbmpzThFtjN4MeZET0z-HQ95jC-q&8)n8WUl6p1 zjcaUp`1*v*FY|DfjC=7tq3`3jnRswZxD)Mg7g=#XyHn!fWgXXP#_cEJ)<0*XZ=4nP z9vOF(j{Ej_lfM2(f;_xxhr8Qv;X#pce|%T);4L^6j$2^HEuSB(x0BD<@NkV4ccP3tNXLyf`p@D=u%no;Xt&Ge3zAEEBrsF1}8IJVk`hXGdHu`+I79k(>yr0)y~ccmTf zVG|Fm@40Cb4+l019tN0jX?)>vloVs{oX;_kaWR!eV-pV|Qk${KxE4Al1^F(FO>WJm zil=dful3ngRN&y)=`bI@%8R&Ua`tu`!lvO}OvfE^)X@$9-drN#A=U+%ta()_FkR z*$rgeMua;>#=Swu9c0G6O2S=Zhdbw58JD-nHjr_@e^c;Kd9z91?GFWc7;cB#uceHO zJqBUghN%({D|Fn+X54%U*Z;H)4_jkpT-JA-j5|QbJ)UOLx0{6flpSuy&lWqYnvw}Pfw!e(x!(H8xNUUYH*PZVkT2n8+u@E`ChL18>3eXZ#KWhr2_6QSaR*Ac?d@<6{A$tH zE#uDAaVtlf^gT8w$V2%`8y*&z`f~2yddRp}=(v;3xT_`H`|NNFJIOq-oz+Z`cqn;Q z@Nj&DN#C&&Zc97d?|!lH@Q92%O~;*Y#;w0E$iqh~Y#ehzz(xVy-C8|u-t}+=2jkB%D87=5j@N`96SIxbK^n1P}AgxV|96>kZq9!nDycZZ948xuGT=R!X>DJKXbUWn7LQ&ggF&74h#{!9#a5 z?l1|rpB-*`W0?oGhcz+U2JRBHo(s!bS+rtj`Cw@}c7$38pJtgDj>A17axZNb&nj#w>Cd`ugrPWYv zu#9`Pj(c&CN#DJ91^Io%4);0J_=5ZSqc=-DYoPsVMdhP%~QMq2zhN!|{P8eK$(DE$whyS#ckcai{6H^Ub)^CESnPHau+XDeKGq zW)~T^k&fHcjH^hvGwg83{zvwc+z;&>CGqgq8o|SJ157-8c1MukW_GyWnAS$w9D?t72g@X*dQZsB&^UdFxjoX~gk^(KA0Nw`z&aG%;E^T7R3d8)+2dL4I^ z8Fz1HkcS3#xL1BB<1)YZ$+%;5+ynhh`W8#L8_w-S6Eb@vutAeWS05hu#wInZ-6d95=1Ga=lHF zac|IZ2bpmXO$+k7#t!!xD{ccB_xsg?hsr)CeOF7k!|ibAnC7{d-wh)r9#-hMlg+p{ zNx1$+HasjgjW4(zkCSl+=(xudO!}U?J;=jTcDT2g=8d?&s2d^a`^_rB!+bODs}k;D zJKV+HWcy|RyH3U}(s7%baVJW+M;F@g@S17fi1i&U zf;p2S@v!GFf`{&A-0f3?{PwfM9Wh+SjiR_@jf}fU$KBk^q;I~2dvJjb4?j$kaXIcA zF5`C9aYvbPyGgiiJKSMD8JEZN{^1f2Up*~&IB=aw-@Q|UJoK=`{rI02|L~NIo2TQ> zHsh|8aBCj1;bE2)cd(3mwT^qSr%B&o67C~*xG^y@4v6%ub8#jfZjx}D z+2P)IgWTTOPiD)w6Lj3}X54cVgFL*KZ^Ofbru8B2huX`ymsSdWH+M7X`>KRH#SS-W zrmSxZva|9VBp%l5xTDOt6D8aRcDOs7GA`?TpNu<3$34*1q;F#hcSD{H56ST|F1L%8 zGVa+Gf`{2=+)WdL{EoB3ZF9Gb%RGEERN~>iMy!d4d7O!{_`aEIIB#+k+! z?AJF8mUvj9<4!i?9vUCy*Pm^}!^>S|ec67;$+!b_+~e1n^xY`oK4phH-XY_%KdT!g z>HCdW@G#$uJ6*yZY=_&=wBEw@yH3U}(s7%baeGU+N9Wq`kULt|S0TSMTE^|A<388f z#KXyPL4LhK$bP9}Y~-x}n%haK(- z)BFy%GBPEkPc-*x?TCBG((YW3P<+fR5YFj9V<>?tIXOhu2K=JIrrC8Mlp&`$k6-4-+Na zY&+a6Q#{Fj^56i8hfj+I4};9OjV0XncDRq5*1Oq$-7@Y>9k;TBN#9NBL4M00u;C%n zs&5Y&_X-_%vKjXt3HLrb+(F-1{6o$45)UOsf`{YnP5NFX;kLBH?QGhQ$o2M!j5|%o zoo~k7J~qh1NB7(C@I}3>FZ=Z_GHxRsx2YL7U&5VXhnxOy8JGR!&i)b)Z!Hx(JlD>| zLpKSxnH_GdRo`qGcY==F-Hf|;Opu57=GgG?wP}8bd1x==UMdv&ZfuHzgm=ectOX#c$G=tu@Y|GY#V*Uthh5|+>tu&V`kj? zv>*@b>~O!>D%&rQW1GpiKRhaUXlKUVDB+H_!+pTCKF{s=y*^UASf%5>fu%WV{$aX= zd*)sn9%4=VnAm=&$hbG?xP#2NiiEqy4)=4@o_f}|fsFh862U_ymMA5CKN}t7ceowy z({(bxtnY>diH8+B?qoCWVhPtj%Z3NfCo(S26O5B_2k5xRF=Z#|J5a)X$`1Ew(|#E4 zkL!9%`hHU&c$ja-Jvl1K!(cny!VhJABPdQ?C*v0BxTmlMGN>=@i}yGl&EP%tNADpX z^gZ|4|)Y;*rnAlVQG6Mwn)b}*aF>vgx$U6PFSd=xzq?4mr zO0cYB8B*-M#AEmLx&>dyt)@8!juAHXk~n-$$Nd`HCxc~m%#d);%?#Fg0JrornL}=? z(`DQnb=WL>UiK|7%D9i}xZho2(szo4duWCY z59y}4A#QIs$++Eh+#ECR1_`&=4mZlQHya%w-Y3vq;$inAf`^7?+;LL9^|r&k__WL~ z7y`JCLt3;kx zI~FhTP&r@l@II)Q^evb8?PiDj!6I2-bbw*nN*Q;qj+s&z|uCl{TF+C&1{4SPp@6>T$L02O2utCE8Y`P5(2TXI)>?ga)xJ`B3{$|{D67D^A zxVKcuJYWDFrtRt~@$hcG;9)DeC`sQL60Ty0`-15iA?6`p#+|I=jyL1BlyEmqv*DrR zAvu2F7`Ky*8=>QVhf9*aXNCpqZMq$9^ca~3Zg1PKm3Vj~PwH_N!p?>#c^C>{5GP$cO)T*7_T4!2Q;jEkT#OjBgsA9Dl` zDQ4Wd8-n&Q)(&@ymETQWBp#mAaW^A`4eCqry2r61jbr_DQ-}vW)~ATc=K0x{d!$$& zZ5TMFn~vO(s7aofwd zm*xt6KgA_U-v=e!DR#JTz9Hi>zvZ1J9@gu)W6ZdnB-{pexK~*9y-&s+qvIN%;}Gv; zqBo9t9DPTzEp3=2*%FPEZER_KjbuxB&sEgOAw;CGrP&M+v?bSexvU(|?{!LL-TaW? zkX|7raacDvST|QOq_Cwp!JLQ^w7`Hi$`Y_wqO{s`QDa4)^PySQ0Pd;#P^LU_mqG_ zD*uS&9jx+oB>(#v3yzoML#*;_l7I1|CH)kVPqoU2ll;VKOZpxpUtpEDBzbeIyzV~8 zpFd^6IZE=LR{2hne|*xC{ymbXS>D?rsW0l`W@?ZXINk5L{%dPUkB=2CA zcOm)TPgro8L5`NRJSEtYT%skNo{c+x^jq%OPx3sgyo}_Htn$}MzUsII=LwQ`waOnR zc}cA${T(D9X_cpve2->H--qNgt@5@cKYPrQKAhx5R(b8ckhihQt4Y58dkfBoBp+av zzeMtF^x;Ia*Y%Kmf>r(y$-n>3l714&^Q`h@k~gx-<4L~is0F75$-7$R7iK|Ta>SDU zTau5o%6E`_&$pKJ?~r_^RsJl=&mOjTz|;ItrlSF8NO-H?}jZAt$v$wyk{J4n8##*+RW zlFzitpC$R(-InxANM2->-%Ii~R{1R?Utev(Nh0|GtGqMGw^dovHzD~1tNip`kbl3+ zl72tQ^Q`hRk~gx-UnlvhuPiuEki4r^{xHc)zOG)V`NERE56Nd*^YVyp2_U3(41)TX2#{KENvPO!948Ea{t&e1cVe`VPpyFSDfIPx3sgyo}_Htn$}M zzN*xM^90GeTICOuyyP=W`a4KI(kf3S`JPWL>HCm;rd8gS+WLd4g5G zi{zzmS<-JJdAe2pBFPWGX-Qv9@+_sbXB!B#G7M#yW?zGBZCHdR0SkkW~xyvfgCwbL6 zOZw>~&$P;KBKfJ8E$Mrcyud2IisaE&c|G1?SG)El3(hf;Cs^gXNM5?ul717((;?Ts zTzjd$cHWD@uM(KPXQ33$qDfoRH?oW`R%rAEXG~c}()WEI9e@)|@8J!f;`^AVfN>rbpbnhiYk9GqI#(`heZP=Ja)LX>3DhoK=9qw!ATro+YM&Bf!&m@@XJ3iG z5lHAMLmtlB%=-Fze5>ko@D9!OA}ZsNOTo$r{T@%=2-HQS>gma!6UUb!hD_iuLo^9| zpb8&`cd@N+~9&#C*1x^W_x=UbwyC zeX+0*L;l=FMR($R7IEd;2-0YsrM#o8_=y4^8kuv$WPUW~vH6or;uG=42jTQAj{Fr_ ztd$8QfN0eVpmhA7fuHymQ&LraFEzeg{t9q8e+3w{sPS89b;3#Csl~Dgs=>WAvRu_C(b-)j`tUC;pJm4}x1ucExTlfJP+--n?a@MWgb9RAL&Q{A5IM4GS#8LIad zT%3f=9s;pv)TDijQ`GQNQ~}qko@B`BZu(3MLEuIg7Wkq3b{94w^U=x2Kr$_J2h{_L zeC$L9iVPFU(;_hn4!W{& z_DE!!w?UeBbWCc}1*P~Gs#Aa^P{HET;&-LRf2E%LMlHKEEVc9L(Z2rSYSM*8GpH4~ z#H*llfQIj!MQh8x5cll0+mLE%Vqexra7+!k~>R$CU=k+!SVD8$h z{Ej=^TkGJ9yZq1KW2r7>l$EdJ zl2ZI0-3rs+4D$*r+?|sXwE8d=A0sRFQUVx7d?kG|jz1VzO&<mQW9oHi zkDfNCQrHGA(ksbPO&NgUMej`h0n>G&_;E1ZGyV@40yjqT_vVN#=t`uL!nLze>^?jC z?5@2XKeW?ZnULe+;D)W#{$TFB;bH!t^8?jfk!n(z!B0g9Kd0eX1N;c9Ph_LuJ&an~ z4v8PpMHu`Dq9lIGWqyucB$N6reyYovpGt9POGNWig&CpUdf{63s__TZB^SexjpADm$Tal%Y2jN8 z+4AG$+z=0>d2vaNPJ>fVP1>y#$FO5w5Sy45zx(EZ552i_<;~$$YEq4|;&r+ay)wFn z{;}kf;heC^K=W@G1kVd}s&IpFq}59CCwvQ9geN`P8}($m*e5ZZHK1Oc+=|}Wu>&TT zivR^Kcmby=j4eP3RBx7(`W<`>?Hs=2cLCo~tW2yvH^m0ledq>aHv5zzC z^4MqiSQxvOjOEwvMqEJ z!$dqbdBcJX$P&<~6)yGs{ zFd zDF<^r2$!U?>J*+CKe+8-T*Bu*$H+Mgp&@luC$`kpqdU79Ub^gi-AfB%*y7;gwP#fk z6{5-!A`pdfbgxQv0HYcooAJ1I{TFqh!w3T(*RD04Yb8&jBpeTh=s%Hc!hHf*bI5_y zALI_d>TeS3pQV=e?HXc3Qp@LPjx3uK8-97_FhGIfeQYzum1U2w84Fg@1{ylSG|j3 z)bQ=92M2WM192s{nTpT&dQR02gR935sI(-Qs<-t}I)Kbs#A6oa2jd8;d$|if$M_?9 zW%(S>PB6OEVY}FvUi*{}$xndv*I~?KJoKaT5RF9)7|%8R62-#kc1}(TvCs zQEOp^J8}|4oQft~nXM`%U}ITx-UgLuRDg?rphO}hP(5fwsGvv!&`$kCRM5^Tuo>rn z7a`0J|7+UApRoEz#Nm<0QHo%E9isnT!hX;Lk?p~L5&)$REdac-ybgbM_jCfO5xLdBhq>MsJ{6~dQmApK{9;jwD>6fKyAgT z@ii*Gbb9U}f9$k#jT(-x%ytmvqsND+HtAcKF*f-F*($4qz*zqT?0}ToHeedm@)Wg`^+s z66i-J1mKAXbZ<>8*Y5q8`M*;frijB&D^LxKLyXB9k0glth@<+D$MBbL&vP%^no%ql zf=}$6BehvcTebCY%jD??nmu#{8uWvUow3-MEaV0IQmNb#>axGe|3U+^au2T%HPt~Q{!Kw)o*5| zpYeg)_XM|ahRCTWPsotTpgFmmTz09;_GV#Zi2jp$mZZIlMytLdebL3{-=rq(%D++d z%)@0kuV4rM6*};KAsUh|XETOtLurtu8IeBYBIrl47fguJ4$@ok)w!6aoXkb8Piq?M4;!pKL z8NG{5RK1g7T1bO~XB2&Q*F|Qi{$^H}=kxi#%%=|rsOW;uth9&}fQyct`$0o%?aU^& z&0ijaZN3_8_aXd#LO7N&BS==A^cC{{AeSP{1&x^n{5FV(5($P9qPGBHdMDv?wE6mW z)HoujsKFx4qLvjo3O9J8HjkjV7GA*@_4()Y=oEUVsB0Izi(lw~s2JcbfJN+b6ZS=| z=F}9tHBJ$z(f+Mkdn#a8v{_+Cf2w>r{R8D8Z-4?fR_k|&2JoBZ8&IQ{@47)!`9^a2 z4x|Li*Y8uKd?OzD{qi|DHI=X1@L>4{dw#2Y-9-DCN9`kv+DDe^)rSF~Unwc%7@s?k zD=8@&56qEl5r&G!Pu~KE6PYFYGuU$`Ja&F=pR;}N-S+cJaVd&KqnHc|pi~;l=)RPU z-uaR6rMRd^;edD1$uo2tPH;zI>{|UKlTKdKPiE1{+k8SwySL7R>moDuMO`?Ufjpaw zo)Rh8(4&nXG5iBXaB8JDP+*HO7zJ(Y7`RyJR4gu0X6-;2hL-UUZVIQ1!Q{umroaXh zVlVo91xPXbn-J%XS&HIv(u~}6MPQtDnkR;#Iep2VCb!6Xl@gGG8i>)V@VRGV#YyBt z>02;MGc_U{j4y<`G{f2P&0f^ZuYZdVNon3>Ow4S_AD@;~nm-n^GiZOw+(D(rSEb=A z*yr}8mYv6ZSXCNDt5ierRg`Huafxc7`b6yk-S7(-2=_TivvO;-y4XQk z%p=QWi7)DkKDsG_Q=y_Zda%$gj(Aq7gfW6_7@d;}fD%q6WpijK@NsMbut#8Fr!OrQ z#FwRdb_C3&BF)#TvEEEhr+E;K?!hO_)1U*JFoLJE%8FaiY;X3d;c3)5(!5WzYByuL zz*j+9gVHQw6IzSBc=}hRI2KaqyZ{Y#A||SI!&}Y@sYw+|aSL_`H2DC9DQr^Q=Lpi* z>Q>So=997q0BL&=Zx7j%;&p_%HiwNsK-Ym99daFlX@l{|IjKr1x*Dw4zQY>P^cYPb zqZ~*?vFpSegg;B5NrwVT#5r;%1m)j^>1oAXj4Pvktz6K&nl!IQ#{H|kLzfMMN3GB8 zfl^hcCY9xnR6Wai)SreUyPANPp$c_xodsV)o{Hw}4h|K0b5&)ep}x}noACvC|35U> zJKO-0#9_NxK^f`-?nm51r!i`Msr6p%n~ltA{-a=V3wvG@e|eY@I)Un*gN)G@ zVTjyih`f-go)_ne0_wS<1U#;0N2=RcoHm1B(WIAB`AaE0(L8c{i717uT>EJWR{I_e zi7)eRNB$_YG4>>2s3Y=M1NpNioIh*A`E&W5nvd(4qFU7WUn$dBl&L-vTTGeyL|~%- zMTV%ao`LZJx&Re3UHTkEw7&rbAWL^F=zuBQ?0BW5e=}F&p4{V9#R;kx_qi#^r|1in z2I_T**6=N2S}vb2C00`hCr2wq)5+;AIU!og-^F~HPd~!@l~Ng?{)%Dj5SEKR+I=BX zS(yq6rngrjMQT#1;&bCi8rtv&INpTuLU{6$iv{?-(3x6anv%39cfX4HKXy!BJ%c4% zDc|xmPjeV6DwJ$8T3b5wQhf>xFox{ZNj|s~smMLN#>esGTAzA!OVxBV+$6 zUZ<*5d@FESaX(CIqiF>00BbFmTq?lDg>62=#W1v%A=ETnaKyF!m^VH6pzdZj>b?v%)Tw!Is%eGc_z3w}pcXok5*D!!;3GX+#SB2G1^&^pnpNPJjg zQ+@1E=fs|(c5q5-x{)G<`!RwcgT}>lN|r^Is;AI6mbgExur%i$qEFDaoEhu08x!6b z$klH_@UXC_QqtD*O{w3ZlpORu;{5+9Nap>fOLi{OLt#;)^9m zsoT4$y(>j)@Pr|n02~#0YNP*U<;i9Cpv$1?aiWQ)ls_ZW#g*lE(+@Z&PU?%wjkk2n z@AfmMIbmTLnBX^8eb7YLHAjnL9O$8M&j1@_2n$zFM|-B0MWc%?OYyeuo46Tm`FYWihVL7JiB5Fvn8h6JX;mf& zL6a{!1-D(hi%Y;A0s0&$1XDy?))wh6%S#WaMF0W40_v~^MrQt(2?2Uilb{qCE0( zL+zO;4}8U*PFy5Ros1AydLbW5X?Xks!(8~?NDNE0Yk9OVt`eOfPy;Wv!- z7bpt64UM7bAGKU6F#V(7rTj}SxR(AJH`V>G^5I5two{z-7iVA2M>AG`F-FsJe=_(E zbR{nky8A>XwciYCzZt|AnzQILg;|gY1%;m{J1?MHgq;VC9;E3*MqI&kHB21IP)qvQ z5z<5rt0){?xQG*#I7ufLu$BS!p2FY=)tiC7F|%B2N<|m}2h1MGokgrSVK8mnsm6i24r%A!A+^dyNthT|W9SI{yMw{z}o4r2FM{ zSTI}lV3bfntMM~LO9s5>2w!YJiX`6ysxPP1hcD?$nL{FsNq*3Vu4h}= zGY_2ILY#%@+lUClAsq_==cyUz&2@Yhsk32iFC{~E`FFSCzE_`7JJ~&$^9hlREj^QAEY5g z=P+4HfF)vd9mawz_9OEvaq=N`Xv`gp5I*E zUPeJt?FL*KT3^peiPqZZgdm#krFD^7On70XL!@3vzfsR?ae?PH%7ejLT6ig&VEkV4 zyl4fa>zpa|2rMxuPlK|~+VkXqlXm7`8;Bjy@srD>Atd(?a2)g0C0h$1E7y9h-;!&z`WK~WH8JWw0ehVTg3wsN5;;TazHi4hWyQ6W0t$lZN>$ld z!RC*@)!0!~pVL@WVtCL;#r>qaQOD#l3D-#$ zkPxVCc((n@3XXbkmy7CHHR?E%T2-XrZ9L|Pxk>ojvuhEIQm8)2xT01crVKF4Ua_!O z{{3{b3o{yIQ;D=c(O5{skWu$hNo9-Q#r&B6O+rStMrWY!Jb*BfgdFXm9@62!GvEw% z)~1tD36jcdFTn=1r(dE<01@p!*NN~s3X+V4(?;*=SAX3axO!{gswRf?r?XLkX#mqh zQ)~U@-4)`SeU4vvrJWodmw@=fFElf~A7IZEqkYc1U-YRx?!FT!2^i*@W(N}(i_U@~ z{vx4;$=}-KpYzA^AMt1M*XCX(f2HU{Y8sat6H~)y_kyMc26*9@CnKiD#$b`h8K#Zl z_?>!mnrawMRS4fwkw1;>F`fIXn!rj5W{@1iJHoS}IsB^@FP>I$;E>cJ@{St|1H(Y-5oV-yEMc`-FXc7pawL{eXWNNPvn z=pCq=XJ*h)7oa(MCs5PSEiFNx$5Aozgwm>ixpvP;o z=yuK)&vqV78MD`j(aJfr4Y7Ez$Oa;~3#83wFCLPX!$uB`IqEm)&_7dZ(@|4tT?3n`z_^170M!rM{Y2iKHDNvl1(E z*U}~SXWTG#vkmaGS8CDW*p}WZ#A5f4Gv-gwBl{nx7L8d$vSNcQZR8p*{@4dl{HAj8 zL(Bh9OZiE+bn0JM@E8oUX~YHvXo`C+r4}WJBT`CoBI`xb7t9pZi!ghh>S-=!rntpx z_f3>na$(JJ9`X(2i5rBEf(kTxY#*s0g1{0iD{;TFG@r_Z+$54Xg!G*9Z?Y?N*>haz zQQ|P}ew6(RQ`xEh(Kt~fJ;i(>m~)~?>CG|t>^GXWXE#n1atcOQ~a$C`mf!c~v(xTvEf%51K5#TiV+Z5ClmW&T{ zFqTvWm%(j{6vuO{0E>;(j*wG9QKD&nERg~(eQNAW?C1|pp3(FUC6iNZ&{Lq<&p}8L zH*T89dU_yhUsQQpvYp66tXM~OqnU^FNUU0OwQk@8-r08DuQ}kOcfNs?j*N!=w7Hr zs~^AM{z?6Y{hofI@hbEHMS{O{Ha}7g6p?;DN2fc*w$T{v zXM0URzD>OP!K};1i?2|7w~TkV8->5*uvecuL+^y3=VLYyf1@-{Wg0eL!)+H1A&8~e zwbze+pd;lDgt`U=uMlO|ZX z>CI9~+K`8FQ_!cB>{jb{rDB#rUuSb4!%dge`kl#GdMum+BS=ZwqWIoL+7!^$lV%TG z6fh*x0A5XAa-Q^B80Ws2yr7Hw;^f6wySF&$mO@&I*(OFYY+Pa(gWD6(CbXS*aeor& zZ;pD=KGDx$!U;(gImw`?XHwOI?~NKb_FV)w-8MV616j)P#)`^(()L^m-l3BGMkS|8Iv$zJRBSj6Mr9uP+&>3l8k2Wbl zGYv`A`FC*6C}L{-j+;G|fhUo6P_~(A;rjzqud?}Ix;@!bib=CENP1S@Qg_4tj?3x)ZAl9hBd}-J-@Qh(l6l`kDd?Hl!ZQy1GF&`H425??psXCp;?{$a9j(T$=uXW5$<`7= zfJ9W;+bke5Z^DcUc#lDqU`EZD+!9myG}lI%_o=5{2W`@PW5Y+>Tl!RZSU8$dt3e~e zv2kRVnsjbqQ|yMFd${%xvPU(gpw+mNG2vg>hWcaAIoeoL1v6 z(N*^<(!ZpCUuEOzm$Q)I@QSw$4z2A&KMN=Qf(%UID zyox+mYCLvA@DvuNH>md4a;Y%_BSUu5oFDN(6K06tu{&Ci-*bC|5SsXLSqY)}H+UXm zg$!7&r7bj~wV@NY%mNuR=}3fBa_=6Ppv2PJT()JtdX9UtVQVhoo&sBg5h7L%%20Q7B5lF}@CAH=}J9dyy_RsSdk#`3CeyY4O;tRHu95w9eb% zUoiVf4vYN-)jXUA=;I-yF=2->j`m;d_S0)zS$c#_0~BQj2HL(`!d2g-7QCUm%s*81 zO>IUe4ai5VXukKFdPS#T1T*n4MLRo!X z87FaC=~6ML#*g52BBrrqk`f+Hq2r&iI(^7!xrG`*7ISIzY7&=efms813{-oJcFQuM zjuU=q!3grOSz~++F<3Ban8GSlB^AxqBFOOvD!aCWWR}*ZqT8$Wg5j>vH;rDo36<5E^=mUiYqkob@Q7X|?sTxsc(Iz=?3x=(*Ii4#IE4}&*jmZ0tB z8{*|lEUZN-3Bv*m)6ItEp)gIiMpPv0B#3}c+AG+~Mz-zzO=Ce#p#?}TN}IEsd%d5% ze3&NAj)}8$ah56$yM=JDIQx1U`o~TeEd66hfAvjR^v7%9lJI*EQg?~n<1J{N?MG~)SfKIvc{9nex1##I zvT-+B(V}K}heKHQNo8ZD|2WMpp-i#1&&SiV2K-p&f~GVT5KR?_o#ho&PSX?hR8p7% z(uyk~{PR;RHqX>F+$%es-x}tgA6tsS6`y**rAHOtHyeic)kE00Sodqi^d7> z3r!N4XOs%+P~g#PrP2OEpPs-f6C2e8=E`d2QxBQZ;2xUGbr*}{xLzLW)sB&JM?CO zCg=zjE}(fRaQw!K*Z=m_2zD^Sx&MlzG!^ySki(0|Ap>nm7 zRs!DX|46Hx495RrFb;B2_dNsq)%bZ9;nm5e(R9S~BR#XzrRPVMQSS|HoLn~ih~po| z+!09lBAj@O`UHo|J|B`$OeSD%uOapSK5(HTN;C&KqW+;1a+A!Tw)HQ*A6!1VPUrIB zrV^LE0N{=4+B&djKcc;{Xa9-OzrSby>voiyD9mmtQ1MK{A9#j9yK53y?rm{L=J^q& zD9+ZtVbMfBp6jFbzJ)mO;DHTmTX%npYj9-!_%WF4Ro@r{A8L&2&prQwrRw0)we22v z?dPE(!#k)Lc>V<@=OU8SV2g)IWI#2TfYC^TRpxlR9f)GJGmuNvXddm+#7Z2%7C4G za=&3G_on{7ovh^4WGACr1noq6(u$}_FiM)pKTy6H_z!2fHgF;e)|ZVXq&zvoJ}z(n zXcZt33uNsbG#=#GVXC}#Fry_mBbOT`qfc6>ghpm&_Y`VxZAJZnsyQe&{F96P6MD)(_e||rcu~BM0MAGB(~`58YLJs<{Fui- zz>*6lp_VJfA3(qlWraMNhKUk1jXYQc?OYQNsi7O^F%^fO)XjPt>d*W;$tKWe(sMwd zH4**eVl3OzJ{##7=%jr)4%kgjTdHF8DDtYE&gx=5aEN=??K^JF~JN^UsV&PXk;ACaC6d}DLNz_)1Sw?fltlBUAYP5S0d z4C#AOUSthTZ+nK`CqSVro)_WwtLZ+%>)8A~d-sp%fY(4Z6u~a+gxlDV$JsJQAb0;$ z$kH5t+=!MkiZJuqVon%}N8?2&nEc}kMv&sB*Kb`|L=bwrRJ}JwB3-1|9=0&1Fw9d~ zT8q8VJG>2-DeJ1}O>Go{W3KER-C`=AQdB7F!$sAeNbNTffS`@aNt!_C1lp*xW#Jf1 zezaIpSAZK9w!_wIv?1)V%KZ+}O?o)dt}mN<4BOy zB3i*%{8>XU?8JVfuH^MlD`-=Z*o7RXJ^HPPe^CY8CLE`~+Z5(?_?yA(O7V&-Pm~6M zw&6IvV6HV#BdF9OKLGB;MF!+*9)TFlU!zT3KT%{IVdO;Kptf2n7-+PPrmTKQ;P}uMD*hR%L7U3 z{Raaj48i*V{S*G34?%%F8YqD~#Sh#Mk2VKofIiX6#8PCP7VDg;^eW43qQ;uaSUUWlVyZB?pH>v z%DWe5j$bb=K|Yfz)a|8TfHB~rs=fGsGtTf&DWJFBd;}c)J3LHna)A3o+zNAMqTMM+lpmjX7>jWygPztrOUWqRA7f}93kt4LLR#unR_CXGpEsB{i@Fh79 zgD;iJNqo_J-3a|=feyZCiOb+Cnls5Djf5LunvT!c1WkAAH^=bJC#wO}vF9(W<^iQ> zsD5=fhyzvCL8^F5JB86=+>3TnX(HqK@NgnyNgduCS+6YTF%~*(%-$|aN6uUFt__+N zQ5M6r;xFt^QZ|qX#s$OVMEDz$Xh|J0zi#|4OE5bk7_gx63e?w~s>epE8h zo={ThZf(yfxE{Ox-<@DYFk#6DLMg}Iiv*2!pC}BGq84aIC;9#Hw<0%Yej8+x7VF}_ zk|X4-ZKTnTTe+ksp&;6__I@*i3eJeQXq_NZY!MhUm6Me==+rl{m&Dp+nbu#uRy6Qu z*reTc{j*1@zGYw1lLhDYb30RO4y#y1QQIC=JMW`KaLglHXS{g>NVBPTQ zRsKENv#B6&D@=i^-rRqM#78IuTN_nVO`xtt0hNin!CYmobN5_ zZ`dn|5DH%D2klzq$?=gXKc%R~!SywdTyz$>=q%xK#3mZ5Ao4ovkctRZE^s}HC3jq` zp^MqLh~L%pd%Q?^?W*%^h2N4aUdXO{12-dGEy*roX$ilv@>79d%41u^ImVqI@cFyq zyj)q@6YW@etSkN^Jzi3`2x~C-g~yS5i(hd69q|k5UFYH)PS%3zWZ|A8h{mHSXSNi#}|NkII?kOOkD?F6UT4bag52()lYiTd7w zgqRh_qkB!%YRo$0T~_;P$b~3pr|SL|rhs8_SL9lO5pe{LrEq1qr*+*~E<#ma1yshy zhzkE_*i7#Kx2SiqFo$Aq$s35&j*eWsX=RxFWZk(})K+7S8dniXK^R;}&qCKcubg_o z8YNn*{V#h$WE1V!gG_5%!#g8AXvsJ32O-hI)JRiYL`$Y+LI%f03%JTnPy`@|csU*Z zTGHWysNLFbtVM0@F|6f_3_R#HD2|FmgwX*B3u6o5k8D7g5*ujJGDQNJVeYvSSu6ZS zeG1hbf`6;GKVQY$xnjvI6b0Z$fK;rVe=Ex%IdXdF` zNNSYTWr=0EEo~Gv7bt-Xgugc0x6pSI!j%gvN80PdMAoN~K`q`t4Sv8i{!w&{u`|Qr zuMONSr`~-(XD-_IgNfk$?+whM@Rid$Z>B*)DzP0%gJ>dPXCgW{-4tC zwjysDRYYCKzcY}25}$VrIgbiC|CMo!^ck$@2NauzmoMs#7#Z$;Veb$7!)Vl+qr?eH zOUQ5?@_-D}Y`ItVDJ8RlSRba)P!7{{=JmsZp;_lqZ@J1$Wl%HtxbT_E9=-`NPNXr~ zsb5T$;yxa31kJsN(<}XYkOCAh_T-=uh1^mWPHfks6f>3aU|x>}p#-b)#TNxb!%X=_ zTqZwk-N764=y4JJOF(uzvxjhY^k+BcIa9f<3O^|1+)@Ud2?*DsJFYoJdEbT+-vqn- zYuB7M4S;Ju`q6y80WTdij1$LD`|P|=ybc@WV$a9Q6xg6_t=I=L2F@qJ zMNVbRZ9=wXrV@vKciKK2kK+1wIG(`qzqs%EBR_Bx_!*UQ{SVUb2)=g`%dZx{zo+z@ zr8Hkjzjd4+fb$>H=YY5dvL_MYhjIKD^;#pTMf`t&2{J-C4=Ikv&X?=fxJ|8k?&zUo4=DE)^&pd-^Sr%4PE6cPG44*@q z6y(8ZHS=1l^SOFeWL^3y0zik%>g`+OHuE;j7>8K4q>&RW6SofynUz%NYjPLmuBliD zw^=saW?Gi<7kqC~zar1<&9_r7#>i7+!E%_M=wb=&XOs3btbIC;8Oc}0XXtIIM6P>` zhC`sFn$8i5;A%S0HtJpjRBAdsM*X9>2)mzf$neI|OuElmD10C3peFdMXvon01GDAK zFg!)oWC1^Fq5xMl1~E+>h$iH72{zY>OPe!W?a_v7$aPVrO6srL7k}8jk@hQ>Dbq){ zhEZ@}Z0%_Gqx=5q1<`$nt(#zi)gb{U3;=Wpe~-CCjlb&Fp$U=p(IMpC=&I?wyb{3zDUPS# zHF8w+TY_RE@|IDD?ci}1MXvM=e|zXzP3LV!-HUj?rt{8<2ZC5A={g#&?DUIZ93cAz z`7EBl(x$Ab$!2GSbP@Ws)>w3v5HgnN5h_@7c!W`ZI&QoKVoqS*H?kh`nyxo2^0?u< z1`o+@KL7`wQ<+sz*Ht;l46JmcQPaON3&pE^HMAClnib(MFy}@vXWvN)^??xf$?oaUaeOd&hD|QW^cq64dcm!X7A+$4TdKLe96bh!j->bWLgx=(Sx%q z;k#_1% z1QT2bvO~UF?gor)+MfP%%2)diRotSApQ_>-RZNm1N;`C?UwXTZMNL}tBAFgG4FMzf z;>L@BenQSp(yWSRoshG6Le9W)6lkGMbz#LC#0|&bk6^WLFx+T-Wk+tyh%0#N+EcvHCQe zO5q1SHz1z%u3~FqB9bC8s@?ykg8!|6Ki@7i?tg7U-_N}M4Txk9?GRFZ2!jz)ZN!Ci zeHMw!=R(&(ssj|M{)7(^p$5%pSj_!s_}=B;6;=H-ss0NCHhrrcQUwSU7e6W0^3hIL zwlSXsO>#9F9>kR*SxFWIlAVj1Bv}BfjO~yaa4Hb0Z?YNT58CD_d^lv2?w+0yRe;$0BcERi77sh=DT?z`*v}EBUId0c`>r(nCl+}-!VMcf**z2(xFz&(CAMUy z*Bl-_{SDK)0?U4qssabh(4gFBEc_itECEZsjOGU}kJFd!t3`8XW&2RAvS)Vtx<*A+^!c)Bb^KY;$qOref1T zP>va^K)@W*WoBT5M{6baKyynmvR(zor$LH&hw}=_N}5%I6^{Z4KvtZws@NLW<;`nF zd@HdRYy~NCr3GyR-qJQ2t#7Tw2}gi~znPi0SdnP~u^TM(8KcXyL&yljSQKoW$YS@M zOse)kJ&Y`NJe!fTD6ztQb)qcng2I93U?#t+5PlUlz~V%mpE-Aeqns;tK%QNSJNEh; zgxB86ferN}{8C}gQWvrIRO%Zk2pB@YF@jZQyRGP9r&+(vsGm%_s^4rZ98H!|>oltz z17Dn2({^)a`7fbw(Q9=y510TD?PMAablbt@KX~rh2&V~cC!r5|hlN%8DXk9Q$!Hli z4{eVrM(>!yaSd&>ITEa6Q*7%`(9R9!e(D)+N_&gTOUBGkc zP$`8IK;^BF79tWGog9o#4xVuy-Zs_S9v0ZYleclk-Fz7@-q7RAJ$DI4Z~RA)28et4 zKsJ3hY6v!AdfF6x4w!Px-?*{a{eCJ4?5&EgC-YYXiE;S*yx&prcddgz=D^3t_QQ1% z!QXy>(0n%@f7~CX@t0;asKvdGesj+Rkos>E{C&Mu@OMD)Hv}!CA@BTc`-wcP0P$z) zNAJ`o2=4ZCCcyEX1=OFV{Bf+%E*08ly^nUEVS|A|kFs!3hdL?q*<_@F7}WIx>iP-l zexcsJlZ8edU#{H`)b;do8w zl-Kk8JGeu?=zI!W0FC;$s0X2^%Yhj*h^^!3y6Ic9m;L}9_H`UqeI@J*!A|8Oqwo>+ zLCV~~QvF3JPy0?dubgkym65>0FIldel0l1byCvHfbWm(bzp#9XTcdy!{KZa+vvZnq z)&h8SncHL>b(y=QT$pLI4Cpb}t|lm21j_mF2i*V9GPDhWzwliZ6$52}Z9aSj0pujS zKx&Tt0ur$s^?#PJrv6E0y%>N4GBZ7pnuF;_8m9?Gmbz*O0(t_2T38_Z zIFS0mC#+kVCEMivC0Q~Cb|(2^G941O;qyU>+4Li;iRk_@d)PhIGs=E!3JRl-kQo;J z{MQ0)EA{Yf&a{cqBOgaz4{~~guRZv(9{N4+L=Am;%+SwAS2^@mYUqEJ2IGc)f(%E7 zJ|}MI?{Al(Z)D*waR&zN*`tTf!(#kqmLhnKGb^>vSYmpiMqOQxs51p79Mo_@MyUL+=z@UiQ2%2Knv~wfb~BF2>F#u(Yf2c7)qS% zki|u+rDSHX172kJU03RA$#%!7_);`Gm+nphS?6Q_Qx zXhPDZSgHRrlhBN#i6b9{+2Oi4ns{le(8LoggeEpiU9f|k2xx}cA@$HjPbUO(1#e^n zqWt_16~fq~(3b8f9~}MsUd;wyiO-L(AKV>zUGkq(tQ4?m6L>feco-?~@LRZ%X77Q( z5tstwMVUi!$W|mDo=GA&k3=vsm;&J)5kA=AM&ZMM+y+MhB-e35XrFN%#l5EfV|>ZJ zDhmb}f@I?iuo(HjJS_h=DEY5s`x8nmLH>()f&fvnQqelQte~8R(8M_T|6?uxzf$sl zo0k8xWn9+FnKiiRt^#@^iq}yA2(?h(QQriFsRGnT3F^_sWD57uT zD`6dQ_U;%R@bHW<(W?g`F`YeM+f}R3O#gdOVrRQ4kJS!iLOTJfImxv z!tarxA1}j+=zyr9?`)T$zs^GVefO?zIv|2GE46p7(g6x}bv>dkq61FXgJPE>Iv@fQ zSJd-p9kA;z2P_}Hr@+D%!a6`T5YHElAW@OGN7Vtg)&X*;Aw+)}*g}+n7)sCq(?kc9 z9aRV1-}My01P6$HQAU&wSfX_RUKAa0r>>T4e>D^z2lxJ@CUq%?~{THOvpS z&uXHW{ZJs3-g00fheL_u}O&HF&07;Z%EyU5^(q-^{dg{ zlt7M{YSTp+H!b=R8P|VX_CrAlRlxL+ z#WZe5h8HCZOJdowz!u-iOl*u6P@w_(sOWn*dJA?#28Kd&G&&v-rp`7sc^OJAQ2W{A z9E<;n%w;U0yrhKkTF&2UFCP>E7ntaKyJ`mSiswOMH$_X(6#{Le-nb61nC@14e}?M) zJu+Y{5F+=zX^sA0Nr@Sr$xKD`z1qOyH1PuoWQS`BkYNr)#JK|$vYA!9GR%4hJ9Y_s z2sQKoOXn09jIV(3R3Z6@0TKa`&I@}_f0d>bz4Owsqw^o2sV3F~?JQ$iyP7a*u`hK4 zesl~)!%y&k9+n@0fAqqMZ{+x;A8@_YbDe%=0h_|zMwY(LL}TG*^0-cQZdx;rn7$*Y z8V!q~?6Ec1cetNXUr5FO%7ed^f7s^qCOlM8Ub+s1hr;oOg_?pcrXZ<7({Pa@%l;ZK z4s^-eYFKXrsfMo}U&0DNO6~;f3al4&_B9%6@t`mlhpR}UGaOv(E5IGB^{hw5b)Lkv zp1ifwT{zcd=2O@gTk!@ZNb1j7tZ4xWVfiM!;}M7f8V9X>vJBuyG~ttPh6NetqR{GG zJq@H@yF*E_mH35;!CNJ>C)YgiW>iHIR!pA)(?RfQ9}3wXPf zQyX3Y&kGgCtke-XO0OwucBt2hYEq`GFd4b=@@=Za!CaG8dygmlk}MZhxk> z;)0{;Z$${c!su4)89KP%YaySWe=kyBd;P7!235Iowv+S7Sb=T3N3ts?l8EPCZ>*TZ zHJ;g(+4$YNYS0U5_=a-a(uezHa3mWDxW=LDprG^A2wuTWyj5DUPTER&A(?NXI|-q- z7w88-ti`K*6#9_XhdmW%-YPKzJcE^;BWDK<@RNwRbpZN5EfsH)Fw>P%Z|xVAhS(&D zWb-L@ObzNkg_|=$ti9fFh!u}>K}yMi)PHOxq4I=ZOjR)3!qHS#>X7518js^(AWh0l zk>~Q5RFI+#y0Q?mio32^Cu6-71rWWN)&#Obbs@Uj-fxO;>2;43|NbE)3Xb%Njh{0X zyr$+6H8LFL(SS+;0_qfXV~x+H#Yxne6jLaJw0v<^&@*@setw*+<>YVmeTW2O?Kxcq zjaAIKqnngjeg!89(P>XG&~$qMgVG`4-5j?DA_Opwmcgn`KT?o2?4M_Y+i>P+eUKjn zh^G-J6X^*lzRw#(65WGXUeiZaw72)H$tqsTpDAMePH##D2w8to_9Sp&DE^8^_ApXrdc3%vb zi|YWn>i{{UZX)3)RE7hjM&UU5-b{Xhfr#9SW@lV;aQsKsjttOpUHsQF^e8FQK7XA< z%jh3>^C~E(zW0_Ay#M6OR_d_J!-7|-ObXr?QAZ12WRQ2VTgr55)*6!YpmG*sJ}#2F zVm^{%vN(c*=#E>de;c9XFU3({!~kS@pUE`AD_&ZIri&jAxvO!5IUCL9U|Q%rj0V$a834ibi|}Iy zOp5x0(;=G}J#k8pQbK|ef}1G-kh;qcsS$jQKP=blk7-!8tcikUX#|#cY*w&jC?-hm zub1@z%S%y5!?H4tO%u9dbK8{CK2LBVI@T(uX{b?G9l*4X|sGc3pa0wnQ!Gwbe?`7IDnHo@XPKua( zN?s&q4$)R#E_9$^Z(2H2bo3Uq>JTPUBKOx>Rlko{=VTW?|ia zifD{V8vz(qi5YlFeWuG;d>&;n!g>}kR;#ra>=|rxS}=@1#wDJEhNR}f_e^VUFVol6 z%b4HE2J_xD8ouO(Rd^&Sb)auoFP%G(tH$Uh0!ZzDi<00}%`y?&&dCdtUH*-?acDF; zj3Wz>?oFTljXaZ_^Dy6JRc5(2(7>U1YCBjM4V8Qg!!f;itL9cP>so>6GU_S*O0x%F zqV`6cNV*^^r92tlXqdy6fOIVR12nK=-ZPtz;7qjrFk*NUP+35{cms?0>0*xTQoQ4-J*2vF zA$}AOZ!Wf$?1HRg22qtnv^WE&leT*E*3LyvRhc``>kUltSDL-ED5`@6CiCM3aYlC+ z4$2H+7PdxwR~)g#1R4#mbD(*9jYSJ%0ku0Vso)(wIp8-mWR6fYpSR9v zsNuUXwSb`JSu^Eek=Af3%8euf5JQJZ1?B}5;%D2kHh}j)^0Y`3+k)Ud$n4hObc!j< z^-L1koxBdwF&hvO8$uxwu@J#W02;e(tk|T@s(4Wq&!{3_6@OC2A5`%hRk&3#L=~qF z0Nbacy_gkKjw+44Lq4-mpVp)Sh~HpjSJhYSmb(SQ0F-eS#3}x>Zm5sxSHVGACg2q0 zA3!i*|8FM|JL5EXffAv+vMaVAdbF~?xkf@ZF*J+~jrh1}q<##C)Ls63&RVg1_yHK2 zq#|57g^5U6VHs?1L}1Nb*@$f!3PC>}Go(%U?#$tgxLEmy9;{^L|G;eiv^S0fyVu;b zhuO@0htsF84$WjU+2)#B_Fme@p16}5hYm0U_wW|s;n!Df5JOeNAb-+lK)T9Jj5aA* zk9|5)sG9+4$n@6=G5N7qOtRgAH{BRJGL`xB1)cL%5io$31E31k(>QtjFuAOUE&ZTT zH)2wDh9IzJFjH$12A2P-1covw$iH6<1JL3@v;7N(ognJQQ@_`!AHf!NSZv<@>f^C( zo1>imeDEATsYmqden27A5ACfmH+{n3UjGrZ{a>E?j*1Whd4;L1%euV7!ETXwUbFoZ zWRpbBWTpu{$!kr?zN8UCrK`o$)jY`>`n$`lit9FdRa}`jue~}?f7tLniO*pK1ABYW z>-H}YPUXosti{Ci6+u59n`pq?^dU3FV!~8^U}hdi*#3pbzmL&Z;p)|CGp;dxt=Z!m zM z-y5uHCE+OFq0N-vP))B0`8%rPPpkk%fe~HZjKLH!VFpDT)U{hV@;MKqEyVZ2`xRvI zmIs3p2#_wKP0_ki|5pA;1kdq=uM%)_3Ipl<$Tq%&R7ZRs>txM6mX#eVz88|eqIa?ZD z2|-lxjBYseS2N%fh$e0{{pxBAe^)_7%1?P1@QK`zI!c1T%Q6#oDz&?g+an+)#>pO& zD^z*DD$Z5K1FFbS#hFNY9sC%SE@To%A2JJ!Nzp+e?}jRr&Y=4f6agbC-Wj3sRBc%% zSchm%W{xvEAUuRMdRR`Y)yuv^`SaeETGWL0ZJNu{z-8$zRcD0u_0UX`c4n{{9M{M` z_ztbEQq6GY&6eH=7(&n5rTs7>I`uH3xbe`J1{MTSP6fk(-btwF8%}V8<;tJz1BZk$ zDxsdYvHD|E5HX_)Ie8Kh30irpX<-iy&ZmVJ?H-Z^8~|uD1%?PM?5+Gtq%|b=JQvfY zum(H_iy_HfzEv9!tV%TQUsboca&_e05qLMW3d+{Thm8AHg?8Dq&le=#rHZ@zVsxjg z(Z!8#W^s32;0}*X3oMKc=0?=m{8}MF6P+W0Lyl~-4SXu}`)KjeO@2xCm|qfLfMmGQ z8@O*ALGz*yhim9v$pe0CI`d|H(zU7)r;TNU0~J?#R5b z@Uwq9nxKj5VZ3}ruawp1J2cQ(yc*3)Ue=)!^={?=j)JvUp|5G9+BY$Dwj^j>SDhKw zf%~el!9q-z>Fa_Iv0qU5O5b2pWYw48VQ5JRK0sBE!_?u?d7G;DAlM#m)+3{_oMin9 zG_$ob&secU(~JxHFVun-=DN)&6KN!(C=$ESsmDPdO;||V7WxCE-vPE`+}9NPTqcqr z0WiJ(qdq16Qv4oJ?$T=z991X!(!`a2pryB zb^B%3)xEoN4yf2-Htp0c&RCC~7M_g#XvdqeTOy>_dHe1#RurTmJo+rm+hU!7lF6el zq%x+UMOgfVk_?Lq%%na+<4#1k7iog(_f?+cg>~uQjvXWj_{VI^>)#=Y1GkIu#z*$E zE^zUUVY4obFp4A4Ec`~MA9FrI0AggTGShjc`|yLN|89h%S7f>i8mFTklb5YE7OUCX zn*#J^9Y&4j+cbSa3#!1A1UNn87n5=6-Km7$N*j=n3xYL`l)04No zVmRb1;;1)Mux882mkbUs5T>O!nR9U7DQ)p!wq3EwY~J0=v?gNCa^n%ahO>@CkoLXM z7j^hBP$mR}JKR>#D67GMk>W_`C4`)I%JO^z5Vy8X`b&uq0&4&96`4ZQ0T(BK6SCc6n z%^wcX*_BOv%XlPbk{bXA&eK$*ZvO%Dn(^cYP!NiC{6{JeHP%EJ@mn!r!M2G_{vH0q zX5tR7@nox~*>-yqS8)q?4Q}ZQ5_m?r-y41MH3QgYvg$#ce7J`)AZEV@1G;Wvd>wcB zG5ZSSvV{5*U4CSrcJPV=HX5%3Zh7#W^^8QXV{*YcfAbe(V9Y-XVy`w-Y)8aYu^u{4 zsxqm*@9?$N?^BYx$!SQa^ wxWQcrzOEAu>o!U+>&DONXYm~#X!v&GhSzdk`|i^T zp1@Fqj^mIn*`gglh;kPyJcA0JKvD-F*T&xZv2gT)wn$(>bX?29WEs9{wk*brl~e$? z=Y+4H!8mckH626EyLwX~V{9qP&=8!eB!R*U5T0r`fHEcKLY6hDA)s|YiTOanW{|Hb zi62c4FEOk&Gun8kT=Gi$R>8cc?=CO{so%EDo60Q#dvfCaR3al*n14yDk zKu7Y7n=k>L;{m=+72!Qs(cCPpvTTgSD*I*(d@2ox`O+a?ug@GQ3NskOK4-*Akk*F zj9mwD1){ zzPE>{9AzWZ;X?nmV$Lpic``b%feAZBm4Ok$?#-r2)<8`8c0(l&G^`u(@#4I7Ge6-@ zq}gB`*qqHt}HMJ|;1Zm-|2-#qioLjPNZ|D?yO z*m&|YPxI%e75hJ%aL4EUiiUscwaU9ZzHi*qTY>}deI;{&*=ZjC>QHK7WBzd-YXank zh~f@+^%)-jYu@3z_=@4%MkyQ^=?&bSJPun&&&u`YbxdC$Y^LnBiZXWzIgd*(hKBNA z>7HbHQ+8oSZ7dpw3Rotnznc~5v#+0qD-F(*=^~oYc#BK#_3}Urb~Smr)_VP0iv2s# zz}zb|xQqSm0D9reco~-CN1lwYi}QBR%77;i4yrxy0nrT2IN}Z5oa_yp>CM|U{gGf7 z>f-dP8Wf-q$1iUB$E8#5`L|IzXLOi-_mU!&SDxIMPE*Kj%PvP1cwS+W;->`fd;xrf+3agNvn$@0-E?NU{V$~h7@0^;tloY9{Ghg-@PpSCi8@-H`|nBVN)lV)*I(gj^kgEwQ=(ik>8XBP9i;7 zg9kAptp`ro=?^rMrwhoRn?8WY-Dud3;hMyL|1f(b|;e^u? zpbPqng&+(EU%{dbq;p+I<1Lm79 zU|l>djXbRmKOHYmZSNrx(;YH513N-N zO6MWTH%^n=YWU`$DttcKNWPI>@iwYpy0K=wn}Z^#8po4Km*AJsPZ{W^yv0jJb-a!? zrFcP$ItDRt9e}reF3t|c#?|fNZMK-DzGwQgaZm!(GfvS!fMN~WU zBx~y56Fi$f_V~VrDt#9Bi}T)|xre6oQA?NeZiJq?4$lQ| z=Y6csu_*TMDIWe=F_a_D9^Oh-g6-6+%*0M_-i{gdREi$z41V96xEI%MW5xKi!p3n~ zUg!~J@!?@EJD$c(*6Gkt#Tl!;{#zi9K-yVQw+VJVJ_Xv!%x=^{RFDvg4vPIZr+X83 zMYk-@iO_K#|4uI7SVLdM(uXorycsPXXyM|(sl|cY(>;0L7`_il0@j@D@s0Us;Tgo; z8jl}^l~ltNgY6&U9jwoK{W~#z+~&=DZ^mP)=Uh?6tVvc?rQ?pHfG@}-4X6SoP}yRb;DTxGF||1IH+vCYg|GxK^Tq+*hm0(=LZ@L@faALIei*hN3JQ=rO8DP#~-|)B!_Q;}^0R$QBA#5VkMsSD(#g|DayzC+< z$4m+JXkd}lcr}|>+4hOx82&VsEr6zS!$A>{UO*xzIjEX$m+p=UF+u2Ljr7P7YEIzH z3xr&7ET$RupnV{Y1YE_9|31FhZTw}XKS`*ioF4>Abbr-wW;?@C-&G@WA|ho_n&)L) z7x4>dAU8ZN({w`PoycLtO+GHwoSxf1{}TP>F8)Y=t-4H`Gd|hh{4$V$Edmb^X#OWM zm$0;S3H`j0zp>}RsHZmvNI*a)Zeiyg_X>M6tI(k;xJ8bv$F>_N0hk0JZ1@*8aHS0n z0hPKy){vW!js`knQ?Y-&r#(nLBN-_^fIC#lcTfArO8e~eWW4LKeu~hHcfA>$YZZ!j z!_&T}IAf0o$uK+rwGHH<%r-)xerKWaP*V{I|88SpIrLr4p(#dPsa#xYH1NRYnnM$e z`hmFcT9+llgJKwqxS)$@XQtb_pYRINLz z;D_oIygfv0IzHuQ$1-RWWU=Sj#CooMAt4R^GQ$jCLYh&Z*R+Q2^h{%#-VsyT0T}Tg z<0}&Y4(B@Axwf#qlh4sM@y2@PC@J%JJuT|mmbYbsOa~j@!46cGf#cSj7ScvGxGobI2}Y&qlab$c?td-Izpx>VjXxET}nj zDNbst-&yHWD>%rev>mrSD0v2a&7q$gb*ts#*2+&&FSG^muFN3Daiuxq$91~ChPCbH zr3skux#>^QrW(2p8WOdHH5U8MJ<4TPz+JT9NE!i9`&nFpDItSGHiO976hO2QWg{>r zKlRQP$eNY-UC{V!W)ttD7g#cXC&T^{`}GKF?9@{!o*l#h-m}WUk(J|!qS^dBrpidigjh-~5u#AUI0!`a z>D^m+p%GsQGXFIeu{RKRSXo!iz#)pOHZ&M|4p^&L20_40g8CyPFsb0j>Nn5(AG~{S z&7oT>R)>(1)e)E9#`&zpmdRN#9gy4uKd5Wj)j7DptSnCHk{A^u;z@~qH`o3PuL5*U z2E61-iJ?7KdGL^y?3hSVL`$QSDGzY!u>Jv~Q47Xzl?$hSpKf3~m3$3!4b7ptK^qG{ zR5w5kn$F?RA`l>wDqvQ5F~g3PMwq%B+u*%@5xB7}_(wWdeH{grXGhr)1N43u0D1|b zZl$)jJe3e!jv1!icd+(jEXfOdIo^K9@p8;ju8=w#2F@v{?ii-Jyu}QpoQ|jks5>;x zX@l51&%iW*y`wfqKcNz2z}~TW8!T9ZKJcFjB}Q`XuEeIDsMQ3Ttzk_+iEm-1n+^}K zPqKaUR?3FD%xvD_g5=W7EMBT5KP*3Jz3+#c|IhERgAfJye)n(L&bQE78k>L{_@QPf zjCsbwZ9t>3VrgbN?$>leTUO&nO((P^eUQ-~fent>M)oZEUDY#bOLwCV2U#EO`{mB} zp&HmjLZ}I)#Ae{S&AG<-m+?93ZDdK((!XU}F@AT*Z$)+q91DBIiVS7v4_F--7zPI> zU6?rpcX1uj*7ALSSX+-r6u#IJpwJR>HQ@keF10`8@WG{JyDgZs992v<00ceU=FXq`v+EX`yM1g3bPnxAl88m)s#~Ww9B;Sj2#MFBZGFdxWbdB&9}aPU(JyJk5SIJfyad z=k1t>jgQYt?^~0OKfST&c!=j`HE^`$4CApwMi~tp%XR7K$V5?%o+GC4l&J(~5N`W~ z2h>C{ix|kJS(=L=!(I*_IGqa3&xgD^0G7(1QjwZ}t5N3%C&|1W_1aGE9#G^SVs zlG^?l+nr+B;@E&}KeP)1pie{qMED;<4~bi}et%TSfn_8>{}Y)H$gEbE=*V*Z=3?q) ztOxWo38h|vq@8e0aKa5Vt>ir%PY&3D;qk-SkuqWdHDB>s% z0P9oCQ7KEyP=o)dRm*YRT>_tjxLT3G&;hJ10!X<`-Lgvt)?czc^i3r%RR@zPBc)%k zA{b5OC=sUtd-7W`^_{RYpN184Cunx019}50@6Fc%4<>v7Fnz;M_f0qY2aa<+-GG%fvx{am~1CVRp&?OB;1hOEa5DWdm& zOAu2`SvQFkd??d&ZWQu{inug<^!zg&7^Yl^1b6QK26q{`+0To1Ylu3CP3zwnl-F7+ z(7ptrx+frD-l%KAU70sd$Zav|{()cYkTJg&SF%sCZf8Xwrf|NZZfE5P@i!>`hQ2^R zhq3}(Z*x4Fz-m{M?%?5xt}#Op^KCWm5}3r+D70oL7UjM_L#2-n-UY$p#YYh=P+&Z? zCU_HmV=l}7u+!5G)4ChWPlt`AEy1(-Y^OMYoIw}9l#M|JU3eledsTi)>eTqYLs3OB z!49MDZBg8q^dbPL3yV6zjdCNlyA;PnW6V~F*edqAzT!r1QN`=;fS)huk)Mk)JCw2h zceYsjnUZu*WY%B|bWXCQ`SCbP98OesJ*xrVBKEB-;MK-t3(rVJi}#5aMa?c+lai6~ zRL^@E2C`lr>bWnNeI?(*#=-?>p-E#!UkL`zd(T*0jEapZ01VtdQU_5AIegi=24Kf$ zw!r*qP0E&ua2sn#Oz#oHdX9FP??|Gtcsb};B}C}gnv}+Lw_FU!+c572g}nFY+MH^^ z$wOPgO13w4{qgCiECBV@T zA_qJB8P#*Zas%X z4!c|(7a0YN+rIFg?nCx9L$OK%8P%Im1Nw4{Vf~5iTIdUMVfZ(C!YjZY|0d5t+nczq z*x%-9K7`P&&febP>%3M9!gD@A_zgQhm>nNDw$Lg;|Hq>Ldvz8);Dy^T%i%%&=h<2l z17ko=Y)_Y9zDZYYj0RTQL#NRJNVsw5N_pshbh5Y8$^Kg(nKq{1)g7VwF?I z3UQMqxdxJO&8BswPB^+IsIwNgA>svrYWlMJD3j z2hEhm!w8QUGNf^jG)~O{6FQd0*@hsV4!28!zl2D7g&QP-S5Y{@)RYR==)uzdsO~&O zf(kC`PEcLV{-0895 z{opD_)d5-Mq`ujZ7iW&>QC`s5>bAc@z$UdbU`bICB__&AsrU>Uq0*G0UqVHJ4Q%7( z8x@$pSgGsJjA_0i#^(G(r1=P{D2XE@DGR=XHC61Q2;L#BDkx)K1v*H*Gq!PA`JhDt z?sD6OJvDw;BK-wO#ig-z0~&up)Y_%|jOF^FG|Ab)vkKsfQzIlsTY1mIFj(UIEr3A! z4S-E!On=J3MDQs*v~TGxTJ7^*QXGJ`4Cdf|R6GrAAFa>6rX_PUeWq5C=yLrltKp-H zh8a7wRO_=%#^OSGs19{&P3nEN!%=);Bk2p)?P8fgT7^(e8;!*kpuX0m{$QXe<#ioN zQteeT7E8=qQtxxHm84%mWBz%Fr$eG3?%}pxW|I(E(sbe)Zu4CDFz#`!o_fxkx5luz z(~>uqOQ~|Uc(IG#_YF7&3()zwUh9%XPu|A44^x?8e?S$)1MmSg=bDk_$QQapaT9C- zKRd;b+rA_~{K#epnaf}?SCScll1swl0sT(nLc*nTfRETVp+%}_AlupK7H3#{rF7=p zamq)@_0*5gaHw2*1FygIMiJu5Uw7+`z>uQc=}qt%PW=3>p?V}`_>Hti@guDX?a3Mf z$98)Utsy+z;X#H+kaoqI;4vIr=_Hm3Wul~sW!@2^;SYQOz#-}>9~+LUz^(``YEaK{ zF;|}Ja{wV5m+?iUAc)u&0J{AWHl9#IKop3>Lf3;WwFLD;uvtJt3}63}z1qk&^7d9= zgDun`vn_LX5wj*WHS7e}AAS^r)X2ce&v)S<%{ZhwV3d!S!e;Te1-&B5xvp=yEiQnL8;d+f=^b$B=Uy3 zG{_Em*uDI|dK0^-FD zo_e^Uj1N)))&^P(=2LJH`8x83GiRq3#9=ajh!H93K(!9;i=wbZyN-$n zJqKdLkqodAmP^lc`n?{<#P2Gc1?R9I&JX&+?aMoa054U=E*#z#+^Gdu&-C&Uk$6;k z5h=M)P&pR^7+u2RpK2`~bpw>Af~qJe0W$RT#{6v4~e~ z%_0#M{aE!~;E0uls1fSZ=*|Br95C?T-D1qIXS=X|vEdvFai!y}VL0!>J=j#>;`V|& zHs4|*lM}X|&=FbNDT>r5i_h3qjV-BXWZuriz24+Re67&%4PzIqt21vzN|BS03F44? zgZmM@)}$ktJ*6aL{jSiM|4T4d@Don|*oi&jdUQS@`w^H)!Wz?h+U<0K7hRw~@DFLp zn|UKbkdt`;R6k?>31s@(BkEHN*ra71!M>IY@EConz@2f8S0^7KjNT*RTZIhWz@scY zYAs5+;cPl!KOh+4MwJ9WeB98BZ2|R70;_dAW6jrGND)_prHxm)?GoGOoNQ>@IF)86 zxIec+0-hn6#q#5g=h#cQ8J9_8lcE2tl#@(9o$EzOH);!waybEeS!nI5iYf?=3|K;G zyq9m|hshru{DD;(ng{&H>tyE|{>aC9uXZ&l4sLu-sYK^lt~Z8|9bw|)GtxoahgJ|% zR~!|PtM&s`WJmF@Xr2_Q3gx|2K?G9U47w>T1zM6i$1#_1#;_#ZT*tq3O=h%3k5j$` zOVobkIi(uh6xdlDfX$KMAFnxD{^K-cc2pJK1Y$z3~HEz>Wi_quK=-$DQ~y5W~B$k@-a3cJ16n8T%4 zGk)m>QG2b_U+5m?cz~1X%R|?)J2NJNBhZyWlcXyHN0KpSj5e(bbOZZ!*o`(>m2oD+ z!B;V@v#sp7Y)xK|3;-Tr}^1})cn z&pTmI6^Y__szz92a3wrnTD?ZeQ<)#^A~D=qi8Rk4%jT=#|Sfk(MriPcqrBoW`K;dW4Jz6>WVUN!v(gz6=mLzi!<$O z*e%q|4qG1uVH;UB>bMTef<1nVCCUX{JezAJ%WxM<9KBh4iF8&kG~mR*b_AM+W!VmF z)Noz^A$tATsD*SW3o~o@7Tjiwwu?A(=H#jw2jFpe3+)D64XQo#_X6}cR0H2K8$Q8d z8_3JqYz}rY?P;NMSakRVP41mDd-w!$R%*o4+l(a*2P~uC8dshW>_t&-xt5=(850em z>ki2(7p4#Gl2dZE%gdo7MHyj|0b~gxwWx#snZeUJ1M^3Fbcz6)bZ)L68Wq?wjGFk5 zgrhg}WczJF9(Q9?JFqpkGXlWn6n0u7Q=qw^9g&(tNCZ$wwqN}7k**@VkjBk&KwNA` zIRq#&yb<5!;N_6Uun_2Np7$d#3&>6fZbR`bN6$!?qBOy(so)l1?6tJhIiYTuJSSd+FrC}5ZP^`$DN-=^u z1Llix zI$q$9flkGc0sm1rImm@Pg>{U&Q&JNWe1|3*b%SxiDwJMytv=pA zA))qA4PRJj!}H-g)Yn-2OdnqKG3snMsC2X1G6lp?WVKKjH33b_H^k(w4ZANyf& zTCR-c-Ng6tUwqTG67g#CC8-XIkgu?f(D69K{zSO+kemqGoXH4{g^#i}wsOHtGY@Vt z`(k07>AH%*=j`$XoI}#yQRv%+P?G7`={#uvnDPW{Yfge&@W|XJIf^p!W(jxFj7P6t zIzC3|iG3=Ni_?-60It!(GGaGcM2oaDn z9GI(TLwLBxIv;nysAx?jubAUp-0LfykY#w-OrKUf+Y!)2q&3eKtNilze(Y@Fky2b79|qGXu4Ux>7dC0zorZlOL_3# z@5Ia0c%I4!FL&pulx*n^b{RZD#LyN9n?x^u`c0Q65`S}(4TGo&`~rjMQ`rZmO)F&( zZMl#JQPOcVhy?Qpy;@uYq;eUQ<+#Qo+C<|MeILLeg5{LgG4F)J#uOMEtH6{n4}&LC zZGv)0Y|!1{snlEhD|mIYfv6KNytBK3($z$}WIV+Sn+g41Gv~?D5TpmdSc3;@s6udY zX3s~z=-w(szOZK)2hP|>zn2GW%LLX+eX-v$Ah#aP(^;8CZ4MJi@m9EDBDXjOxd@X% z4}~ujU^mU0%;Cu>m|Fd=WDZCBdI3Ipkho1V-2T6IW4PVeArfvuiAfcf8@vaa9a`(l zz8na(mTpa1B(X-s%TvP=O>8+WBnZ;rEhPW2*!a#7tcP|X;-%-#NWvpHt@{WNzHyWh zyeY8`!_GaH5p>?6cspWX^~I9B)RF4niJp_VD0NiyEPA}#;A;0AZE)EPAF+ll>2nN& zyZ-k7GXnb=Y?PyqpzX14BX|{Qe#6us!yB#~s56etX-uk3g1oRsk#j0k7P{ zdAq|S4pPFr()H(VL-`6DMS32}Bg|T24eNa@L)lRN?L+wwM)0Cc%#X(Hmv$e)$fJ(n zg99>xLf0`MBjr0r0Ih77rqdS2bQ_suQ?yJD9{vg+i3l_3e$D53o49d74Fvj}Mx%H} zfR$xLD(tk!rF0JYi`Z+!79|}+mw$3=80g_ipPr|Qa{D#={3!MzI(^QjAv_b3!(vh50H5tmHp+@c0-FRsy6)<|~UO z3_x3Otx3mChW{6H{cZD3Z%i4?fl9BP4ucw&%P1lpb*zWf#$N0zz@W^)i1VE0&GnH! z3ifF(bU9Nv5~0w*LRd+KPBY(TRi^aNoW+5~SRlc(FmQX>PMQ1vRu!kJBA|*oRaC2D zrYe4^igH!lq>AfQag{1Q`#YwwmtrTip2pr{I{Q)KkDXZp-vLZfCUC^u6~>Wd0wNZ< z)CSZha{(^xR33YNLV|rR4wU92cxB)X6LX$agsBu?_Av!y6}}gGFfwP3`JS<$mN@C= z|1DLNqdm3B{De#v(s(tE-@z9p$^#gZB|+)YnF;pqb&s;yBUlu&7uumfXJK0l4s=pG zXtzEApm2j%T>Q#0!y{3_Ei69P0!gy4co;YD`YM}uFvL9EW=^v6gI${ ziTmIlPn|3=FC(rO~ zm*(BQ`vRVadm(@nQ)k~Id>yNT{e7()eMkDtd>4m}?7W5t#-+Z40)%a%1(LQ`GLpc9;;D&Cp;LyE8HF)0!SbY7@#NDe>i7t@UTp} zT{BgqvyP?F?m({ToNP2~6x9FNsDHw_V7&3lWPlJ^%Z!ER;#ba2brq) zR~8L4!TmBA$Z#tq^`Bsw8w=roo#icDiI=#UxpF-yVbj$z^35o|bL8DSiB|s?t-5BV z;OZ}`<h|t-iYmM-U-%YG?sZI%`Oz;f^fX$d!HYeY3d>qM!p|k2RgMEBpHQ z0fx`Rfl~`OrX|cv@$aJ#I3f55ojL*6k5rdWI+iYXM;01*_bM6ldno>kG1qifR`y#- zvo<&z9b}jL$@vMg_=DWAH_KhHz4TXz;>F3Rj!}Jp)sULbn~+#X-Nsa(w{aRDZr^Ow z-z9Dx__Z&a9pH1+-R(hm?g9{la*#0bqEdX z3J!}@f;*L!u9r$v!o8rc8@HJ~rl#}G@NGExc>8SC1Ec;eTZ3zpAx5|n4Xu~q%OaiP#fYD#FKjz|QlLlW^LxC9 z=klFI(Lx);T40~P)5CrutBRKp|$dt^qbO}3L<_TDChKyiEOh_I_O(-p_ zIUzr4i{ZNi_p!Q_+*Odf&!}&q*U5J{(U|XLeXA7e$(dJ&gNo!dWcZ*}V>O*+M%@%B zm&U6zFM+12=v&iyhEab!m7QP%OH{yWT0eWJd7A{S-);FM1=!mz9%EIyakopG-$4-q;?H%8_St|P)Ti|^3JfrlR^!~vuJ-w4ZO%i(S&jQg&D^Z{Sc-xJr3wBoHXA2_38(vWjp6X3jLjy{dc9qF82y6ye|X19=mX^9xSm&Orn1wAjt z@JoW@&_{-{ox;9ajPb%#7kh;FN|>wyi7t;@EC|5IBPjvfz8`7tBigDK?eN- zON8iTaaP}rI0a1h9t{vfBRA725Y;&aXFb_uEJ0fDZZy3Fyq#uG2A&*#te*yCsw`HfeL>_^ zXAC;1?^wrx*+b=v(yQP`EL_m^qb=lc}jTPdISu*Iml`mh0-hnzS7$$@i8MKECE} zgy-#yE0x%U5Yu8a9n*~CU~YQ-*y^L#)${fn*8O}BOLmm&G&xTxtm#OtxZ7)ausgAN z-f>ua?H7W@hbR{=mtv11XUo>GH~+;>Fcc>uXdpw?*4jVH=S5aKGf=O%Eg4}SqEGlp%m?fhvi}jzm;WR7`QD^f>=9BM%i^e{=42MsJ5u9> zI7qFJYNf;cUad6q^+4*=-=h`#Piw@I`GYFXP(}8Guxm!d=9Hse#tce33z9)#$XC(= zE2SFiyQ6+kkh`JsU!Zz-VhjHwdN?XywDG(|u2CFA;X*&PV>$#U#TFH@T8$kiTXC8X z4|Af&q50E`xvhUwrLDc#J(L@u$agG8MnS z0}`(hL_bDmf5&5-bl0eD8cb)yn`(4sd{995o8n9f z*Brz64#THHH&W*mt^k|KZtp?2%C+Q=7u^z?ek2 z#?}~s$%Siz2{V*vFbR}yi|$|6u|cVsLJ?3Z3nck8kN~5$FpM6?^FY#lfY7tG@XPf| zsK&9(;=5LmDp05bq-1`UW+C}mR~HO50XJZmZbN)Wz*g|>V4H#bF%aC{LAE*ipoTEz z*;`hLczIJ5ZK`Ni#k%_;W!}ce$*!^fR%3zWXp31Rz^HP^bb(do-3s*lbS%*@=yEBB zUCbgzKPkGLC3c3;W$F*r8$(&(=+cvCoD142Br#3FzR#uHp$lX>>k06Jd;vjLfR8x0 z?7phsC$QheU{UF}^C!+f`8n|x>$#cf*I$G&PcLDcHX!NWwm z{t6(&a@mM85n`v-KLKsoQxOhJ%tD4y2K!xq8~1!d!1eZ|7ZQ-H@pjXn`bXTrtHHie zuOdn?!On?)wMJfjP`!$_QfJ{ttLw?jUPwSXnXn7da^1)#$#dj)`%v+ruFy7oA~)vt zZr)yCAHEM@Im&t5Gp7R8qAS6&S;cM6*@vbMiYP1H`fra*_!P(O+<5>@#08 z+H!mek6i4$C(;SsPX}n-E%xo~P^E*XIQ;BY_`$b{Ui1lkE(E~iL;zz6*1^FaI2I)D zOOU)WRSd%9Pa zJ>GWdy@1Gm$m)20JNkZD00j~sIFKpeNN6#8-(w2kARNsyik9s|_Z)3M?96eoyg*p% zW^n~1fD$;xl=i1T#j!%II2@^)e~`^T-Xp&qYySt39Y!9l|9RiL|I+@`%X{wsjwMI$ z|Bc<@qo6|hq(nI3lg$24|FZ*sJj8iCJd4p`hV%2Hn4uuT%l1$C@qh!oZuq|g-;d*k zT*=+bbxoXQlefLH2#2bI;;#fxl%nJbPV0LjZAuG=v=#9tYJj*y?V#^B?M;h8hE)z@ z>ORHr=gc3+!Xu}NQZF|&oFoU9<7%EYbiNY#6it7~<+#PbWCeuE`#SnpiLWpk3fJPx zq5I{FBtZ-XuQ;jqe4YKPPug#!B`v|9lzWVGnk#$F*#jkzo@hBh(9Ttrl<~oe3TBy_V*_}!x!0f2tI2dfHs*h z9tdBXwqxvxV!p(}cudtB98ffj_gm=mJ@NYdw@TiEmZ!2^`~fNSCHx_Mv30`NF{b)9 zle@8iT>Kd-tB#PF`B*JETnV{4c>~Z@wE?>`iq?Vtyz6jkR!8NJ*kh=Yl+3u8Q9FQu z0E!VeR#AQfpp+z#9l$TEbBRudLO4I|i_zyG-E^85QG9=RT_?szEWEDm4zHGl06__7CF$JsWjoI1c{%Hld?^QJS zKm*@@Jilh7VjPbpcOTFGz){DO{Qqh^#sbMm(M^VxvcDxDV;~#rz)0>=h4t3$vu-1m znX)e(5niruqTS3UpGsJCn2rZsAhc~y=P94dVwCQC0CAhs`Z(9 zl2kLh)w6>uWT?AUu~QXqNdcpA{f=wVGPHx`+B?_Ty}3d;9A3rLE%>Q2Of-NZ@PRkF zO|7T=jmr|XpD7RO6MB_FmzYa$lTmBWDrR(T^7|q2s^%P^-^<1wI*@lssS+`VGCT}P zZ^PbSIiDLlTlahY?|J-RW15dNiN*d8xCvWcg=_M0HmdhIF!h}nl88E}lN0o?^LEh} zoa&>dbO$vWfUG#L}5I=322uQA=p&Jk28$8=u$E*Q)CboYM-b$v01>h{h;XW`cV};9wO}p)f^Eu!u zHHFG%i-_7%n^Oe_7{L-5EZUUAig7}8@Fwjt0z$OA6uA<>Ege!bvJ@a2_W{kvc^_P* zHt=ic;&&SGO=t@r;&;0I)kQ{vPz3*Y~L(moRQkA`eV*p*}-wkJI;lF+V$ zSUV49K)gL+ENEgkWAigvuE%q(#~9UIC>b4xiy4r1F4B2nKl-q;@ZEvb?H6P2zZMIP zY|HQ3Hy9E=;A+Wbk-C}%O|zWML3$B!yrG%*z5!LJT>oR?`X5snBst`A)ezQy1ySxg z&FMrSbs1Y!yewJ}Ym4?rAE?P{7T102*>J#BqCRXHx` zb~^eD&P@Y(j|2m$!9h1eNsou#L(~;S7!>t7__07{AWa_FnT=e}V+FvYWTGg*v2Por zh&VU&PxSkaYz@3Xsy)c*HySfJf;2XZA#yJL^yeCayoa$TtNcAk{V;={fGX8_x2)9v zm4=+j)uH@DUBL%Iw|3W)g5P8x@Ov6=bjR;HgdE&GKT6>h@b&_pl8`%Dn9aWW8*VE6XoS7hq3x(4R*({b|+V}Y1>-_jIAeYzZ&}ll>W(v>pOG}hKMf~tb|z2%1@0Xu z_m0E8<8Uu!`jxnsTz6bxMzVieGVY{J&%>P*-bwLKOEFel4=egm+RUMiaB%J7zPHU1R(Vzc1QHDqyQul<^5d= zz@e;ZxjsGhW;_67J~*3tgW?bNz~gvp%9?~Ud_&^iz#P_~i|@g4o-~xCZF|>9)de@} z;3RA4+_@5Ctj!HHDjnxwXluA}q24@BBSCW(kN|XWUEEJkkbHp32_r~n3vM*PuD-g2 z-{*7>#u0nS0cG25=d*p8!%=gwA5XX-QfmHq7z08ltklytl8v;+Qhn$((%~fxcNrUV zxV&637Wy%b5vowKeP!~Yx3E~_@qKMyQDRpV-HoE_}g+$f(gGeCH#s;kiFc^L5Thm)vlpR znP=3$P2f{!-i`~LW?$R+>eauPj_?=Ww+7v^7@$SwnEFTX+o+$wN-E$4a|NURUGxFJ zSF`XWLB-Xt$EERnUFORur(l{~aWnp6j?H8ZB=heidCYeoCpznJ;4r)38gK!pzjbm7 z>Jt03XQ|FK3)QYBXNkf30KUgsY@bB6ME@pRaqy*lNWNkxdg7@icH1*OG<|Gc9uwQ; zE$2sfdD?&9?#GYCfMP*RyXif&`vQiIwD!jeY!IYC8G(_MElcdxu!4F5?=pfDj37J! zQOFQ@EU*fc^>j#V6PY+UQz=fG%hW7N#E0-Msn6kE`~Dn-9dM4gMd@ZDpT0;$aX073txB3#5RMvx6Kf|!GRWdNj zKgInYVJ`{EN8N^uK)+^-eB{+MUZvUd*b9tJbcLH;$tFY~Vm4PAmzw2QHbX~Esc zN+Oo4>`yU7_~m)g#C_lL9(sCAV_v99Z>c6d&-ZT0krAA4bR**bs83Ey&-KvK68nF9 zxci^sd7&Qjk9%mzE_g%?raV<_u7s`e``GBBX#3X+=fC`tWLf)}XcqqyN)f`?5QPYm zZUWj#I4h-8{yyq4)Bk?x6z}kD-r+ku{>|FIi}SLP-3=Z-FVE&)qj+%~K2Q|ExyoQn z>kt?d2`cC0)S^huf8?oz2|1f5W0!Z8Uh;LFnmH zFQzfD6NR;CV*xic=oSC*x=~%qHHnq~c%L$!|9HJju6SNRS}$XOdf)4RREXOPQO~+w zK!NqV)};v8+h#20Gy#XVyn4Aca6?hx^fl+ckT9YCqslS#8r9(0<^F*iCR$Y+l0C?o z3DwGuL}}yxk1B2KL9qFPbzq?2G>nj}CkMS0Py*5?@Z^g(;BFGuSZK0Xs&h)d6rHP# zsZu3az>;MY9VSI(0W)bKDh99#Jwzu%IokS}Zi`=mjB@g?(1GT*uQ`*fE*o_vmJl+? zIqx9m0}_+OxaBU*^&2rT{v#x}sY|)urLXC#wQ)^I?nOy%5<1e!E`ieCIJe|$`Vbc% zfcMO6-M+Wj|Apt^yPoE6aHPq{X~otpsUV599zRacX({&q8?MJ75(mKTqcf;NB=g&p z;Ja9&FZ?F|@tWV|zxZ$4?q$LsLsaqfbnwULPF##Lr;5xUz#rR`F}{P=TJ2{t4ow** z_+y!TLs?|T^JbED#oj5t&P1c(8Io(jOhbS|x&$a-24u{)*a|2bd21ru#nQN|!&`|I2O0+OaL`N;yHnwh9k74ii(xi8-BHlEe2G?1dy9IQ0u*j_dNz% zs#Qop@_(LpX3y@qBm`Rh{D1i=85zY4dZOdlE5*RhJR;t2fzd4Yf3-opGH#@t4-Y@dIc%I&@@Q?K4X3jk!<+NGihY7*FgN^8;DZ@Cl1W;1*Z(m99f&b>J-kSjvtsd zs(MrTp^&bDSTEdc%sCB1neZ&pTXi_J4{}&SIfTgfQmcrTaWaM4PP&uPu0BZ`vJCl_ zTrU9WgQ%7?KF;p5&!uP)D*PIsJrck`2@v?gEG*BiB(#{XS*i3$hyM1Y8bQdi#+^vn zck*bl80C|*hoaz+{#ApVk!OdXI=jcKGjPeiYuR@#`VN1f^P&oQA zG#Yom4-bKY`WviC$Ucv2psR7$U8;fqL^aS=H-Nj}hnscGvp))gy=f1sxPnOGXa315 zu1G{r>y*W!^T(^=XjL4piVRgeaWf1-sx}0U{!2dTL+m2K9_i}(nZ?v%7;8(NTY$ka zO*0aBbc%JT=WP?N2NP(@5w~){fnOZhiV41Uyc#Y_1e?oy;@Dt*?b!lp{1m1~ zAbaIv<`^Qj6;`P8R3wPtXzJIs(Ue`xpCX^Q1E!pR$1|h*{u>*pvZk(WEI|N}b=#H5 zp2@B8rDAf{CXTs1(J9122Y4$9OcC%~y{~dnDU0NT4bgKdMVM0=yVm;fKH>1&s`z*c zh_MUWpka%lM|W@m`~<0|(BtwS5ErHf#wRkTx@PA2m{aYBⓈKkxFdZl-d_F|v(FA}+I7Tjg*UNggfXg+&0T^;Pu;mzq9Grxn55#bQh6(sX z32B1zKbUnD5%y9T1WNrr7yU~A$gn~l0!m&9{SdHoNgHp?pz0Gi{_&cS@y`Wa@YTjY zT8~Wz)wYsqG4vAIP9XmRjfgBn(~|E`qf^lUU?awri7gn{oPcrJG%T@kBn@H~OZO3~ zI>L@yW91o;FQ!)lLbfJYKi(@mZn+U)j&o0+y+&N28~6{IQlu(-%5+kQ;-BA8Z_yL$ zYLVwRY)aaE{}8hS5);{s-9qF!+t+n;3&|VVNTj9`xG4Hf!#7Z(&R2l=FXkK{fHwIu zz}7_M@d{%J6N!{XLRbx_kx?=`g;^<92VG<&9ihuVk?Y(zPm8(~(fu>O3zEPoRmi%i zpWQzsO7}02uzyZ*W?Cnmsk+UgxaF`GtOuurzz(%!U`=PYD!(hbKc3%!=B7Yi(Vv&< zZubY3)BT}25f#A)J)-9l+{v;^b5zfeeIjhDLMgkSVZ!ZKf-D5X3&k?mT02W14tGY0 zL$v%(n-!z$E_ehAp+Bgq;VI!2;xhKNkOKK%_D4PVK$9N$YJrUF?<<_tuKEMV(w>-&*Ho%`jCQ{E z8lMLn{M%>a%#5;M?P`#!*!e+4MvB8OKF5iSJW)e()ngmr^I=SnPy9H#{oaxG@xAn} z#tWZzG=ArFh3+h=FYuOkZLrw02;*8(I|FjlV%s5G$D`oSa<|{f|LJV&Btk~bDV|0p`MU8zRw<``9CvS-ht#$ zunIaYRuCQzgRY^ZKtjc|PK}lXC?VvXGm6z8l^udH!qDJpd|8V=!r@A3JYq0jo(Ofk z5wJNlVb|y^4PV3{SEpY#X@j?G3cR`bs{j_s1+f|vCz7Ytm;K-r5Bv=7P$WQ|5a`L8~4P=cXg z{3+lZ{s%2HFn9nxxxP1L<_!QAaW4;JK?s@IU3Rj)IukS;bR+`ADO1CZGY}rkI@8~P zZ@CtAuWa^~AF|%tJ*fp}#MfsK+)PMx7C{v{@nxkV9Vdi`Jj#Gp5k=1q_W(_#qSqy2;)sKKQ;+;g-|Xn~J1iSwUVm?;3_SG8tp(996P zdPK<{53fkTRY%xk_0gC!SSBT+ViYjZB=-KM6k{%D;y9)=0?(px-YcID_}1^f2I7jb z&rjXdv=m}#Glc?);1--rK{^V`u^r6h56xgVMApzIJh_$bP0m#gONxyVdK(XzGUEifAQH;E1~~KB?vctcx|M zkWL>ktizGnp(|1XZy4D;HH zQq5pdnz7;{2ze0_nlI{HQ`8+rmzttOK?x}6_-|iVI$p zrg6(igBW&IxY0C*JcFmUR}8HWYh^5Q+tu(TPw#d65-OVG@8HUos`8OB@aY9J~dUZPuIhL?mFYU8}m~!&FuwCXg(7(a!g?zo@=Y zf8b|vM%Kd8g4D)b`bzn&Y7h8P zC5oX@0S3d@op{VY4rO<%OHg#425MnKpsdZ~!Kmx(8G$JNEK&TC4+B>1*v^*0AK?@D zqsj`{ia7o}Tod8XP@6xBVv0Xzgg=O8I4A{<1fD-KEz3)+WqhI2h%izHv$zBf_6_wn zl^S!g%M{hgG;j{>fofja86feBv>C@aFXuo>7;++sQU~IsNx4vEaANw=&fFCAs@82s zb>WRnXO)i@;Em|9{0I9fe>$XqKr<;KA%}cwZbEANPh#FB5 zGY=yn<9`Y4>;b#P7z{S7S!bhn)IeAzLo@gEoKAT6KQ% zx1GQ74o!-BC!jPWNb%FkClUxvED{w0gRJf6v3V_oIkfC5Rp%)-2i=rzu3aw5XsiI8 zCRMkT7Y=B_0urer851xN#nRw%?7P8hSVJg9>BI9G@*9IHDKY245~4ke_$ESMG;@flNWH|l?$}H1Q*Dtn$?{mvWP!WH&1+k7BamC4{=o_huMf&zTGt;-+@l>nWI^)>{F~tnS*#-gNMnsHq0#+w|FXBe z_8KCQ3EF`J=s67+)~OrS+;a{Smc@q^*F;Y!KX?f`Z+-vr0r#I__YeD?WIeNCfBpAv zyZ@VkKj5B%=r+WEKvRe|gcui~i?~WH&KZ_`ZygWpJyB(u7%gL$6Py6_iJx3!6Mmd( zO$rqOKyDSl(czK%*4-CFC~kL87_leFnylfBNLwrG50T%Py@}$NG3Pbq*DBFA!Ja{| zXHYJwLj2=(yYmWig3?+Z@Nrd5Uiv z{x_wzq`fgQ4@N>D1f#63$=q*Y-vBKEGG!CPzZ*=QQOp)gX~>qygYliQ?uhjuYfGg{ zG;ZK+yA4_QA>%`y1#gT4kV+b$TeM>RR;W!Dz!`&nljBUgT?~9{d;io0!}5>H&nKp( zW-yaEC1g#+bK9X6*p!GJ3#?az%o!tBtJYQGO&B!=0h$9?*2$eY{$=NO$Ly-{o(0x# zMEUL8yzzV6ES+HUlRni#CC+bSgLuDB2yakyh9 zW8|G@3B~9rbZaaC6*E*U7f>N?w<(7bdxi=Wl%O~h z<~SxSu)0UJw7^P<`fd5|Q2bU!bs^ZE0iPPfZ_WxP@=3$0@xbth_!uh!+`1I%nY#-6 zsB4jWTRRfFm>>XH+Qz3gg4>i=fRQ5MZ5tNqnKtoyylv-CU?%{6Me-+(8{*0g5MNfL z=mcHV6NX~1K!dT4cLgwwzp+;MfXzTL>y()^Bq^lgA<`Q3=={oN(@ zk5BRAdi%#a_|e7w!A!@Su_n~G+VTTj!q-TAvVcp;7o9Y&`Wf)-Ood zEJ{o+^)rXE4x29@rsQgIL<+3Uqg#)s4lG!F|F_22 zO5o&`j6t+(QaO|@5IhmrZYt|R8Hb>2p|-7v4uh<1r@9COqY_`&da(ffnAQqE{@3uF zmAhYfPHqjJ(8zb`)B+@uonu}*hE*aXNmLQd@~Zrc((?e;`lml}3A^D8j zpFk+409y=3Owy^6z3HK~iqvB)4;+)7tmlIRGRkpC=Z7 z2Soq?L!meWNJMpnS>#Nl+ow-a_~%e1a#;<$lfhWTo!!Z96V2!Tm-ERS1X}%d|JwYZ zYmuE&mpk8sFFpJm{d1+>div!3^Z#e+U*W(1{`ZV%9e-oaLSO-(0Bb%4{DXdjl8h<* zyE~V6G3wIKXj+ML2Fgd-q5zrDq98(%VZEjy5DCbliOQssLaSw0CB)NrR5*Gc;-p}A32t&spbd||Y&prMMgPX`?jW<`mu*j44VBFR8bJotha1WY`? zX3Y65EqUzu!8DP|8c~0=(IefgH{Nl@)Y_nPCGQwEqoh}|SqTQlHF87*8c;S?6J8V> z9zoBfqTNhfF9jom^`v4J$()0qGJ?+Kh4rJ`b=eHqVW&7dsz8$++CvX{t1PgLr7^VW+Nrxn2pP9)#mjgPQnb%{W!8QDc{CT3)CC)oh4;pAF8 z>xQ@;UF)nX+aMGzX93nF3>OozZpY*})&)1V#k$7z($NkSF4ldi?tXB& zDclI2M9pS`jrBsPg=(3^4Wi}6Cl10xqGOa8ex6RkMxWOM`vnzIo@)k4n`T|UH8C5v zN!K!TlKfn11Jtgga7%nyl(D1ERmv;imo-ptDaKkncD2vteVz(;DW<7vJzu^;Dy4tL z0_;!L|0SBbG4|D%bF!i@=r{#bg?}g| z5mbv}upR4GOwtV_8C+yaBOKzB0laM$DebsjOjHwzya}Vl3KH8Xk(YBSQC(T9Un4K7 zHoa<{Na9^AK;tFC8T(v@xR1TUy3$nbEpcc)R?+&tSK{UU>4>S?vsQZ9i=uH+#8myD z?*7QTcMZVz%eIDRz(iT0GeOjqE~3WB>+2#W?lBmt)?p1@0vWg?_B)do*82X6 zB1+b(_>8i4VfnFO{_O%w`W-CrKCsf+_i*D#d*?k$S&9pDEoBd_i;}X2h?E_on(RpQ zV70ZBC8@i~y!!_%V`4S#ZtH=3V0>7_QODr>sel@_e+Kww@h%vw7?1$pcXc?MMOl_) zm%swPBdE|{T~U4_Bw+R$;Y}qAJSvX3P)KQHi~(wRfqsYU9macEJIz|MHkR>ujVmII zPf?9`K+*W82;=uQNS8mMXsi{+HwLVG^FV_Xp+OY>(?-BHp)&@<&>gJ0re=Swao3Sl zJg+~Lm^KnW4?)|FPejIOQSBRZ63f#?x{p@nX<8(1rtON6r@n$>`bjK6r`F`@uh%&Q z)$(-VnpWhguAWp&UxC6UPs`NZXL&awPv@V}mOQ;l%%bKnNYg8$@TFj>P)J59N`nHC zNI3z3CMB#FTSE;*K^R76;vEpfzBUGKodIsx*L7;y?+w2(nf2HINz|fw^{0B&9YI)Q4 z3*Z$~ZUCcpc9~WW_tpbt!G6!TPz|dMuwdiMPl86g^b*O_b2SS*Dy0Pjvz?s?dZI)d zv9o^d5Xj3H(yWhG#~ZQb5hFHCwSN|h#y>`k*cs|>9`DvDBUWX-bsEU~=y^&774dU-dZejg45-aTyx7K3kM`#L%r-*_8-*okeRyXi$i zcQXs13sNQY*B2MZq5H2@t)P3EYVvXvE_933-HUiPf^Opgpxdgy7F!Xw-?fBXyZZyd zny`Z9>W2*Ux!?vAGKfs3b<_z8^(@DA%SS`-PznAuJj*tH-3uf_&sSLB5oCT|b|pK2 z?AJ&~u@3y~YaDub75hJVF<$ncjmZ88)y3H;8Xt(r{t$I{DDPIQ$cB4CDyOAgdmal zFoAwm>s}J-*VyMp;I3c+Ac|YjuTQUX2(0yM)(fo&+?Ok*$*)kj1nv`ccRTM!1n!Pg z+t9Bw=!Et=e!F*VV$b#o=>pM%IdYHRQpB@qQ!H*x3{!@7cG|63w;rcBqi7a0fXh~> z9M59E1GvY>$5C$N^HG#@25?WV5XwD;!sWLfRd*lb-S!UPj_D7=J{4oIW8|sb`Yh6m z`4(8CXnj8aSX+K0p?D&F{!bmz>iGkU_UZG~D;=VFl|CCQ+tTM-RTooHxb%6lx;uq; zqxJcNuWWtZbxHz#4voy#`J3-kURuxJWGG|?RkXE4uIYC>G$fYE$!rW1K;U7|ps80^ zMqb^B{f=~oDyC7(I-CXMLXOf+@SvFXQ+xw#qn<{R6(2NfkA+0GB;qy`Xm$u7wB{$C6i;_s3YW-*Y0J{aHZl>jh>zYyYY2O8&NUE73lKw*R}r;iC!w ztn=!kg#Wq7xbo@c()=?h8Xt;`E0?OfPw;M#pp_8!;_w}`%W*SAu~5X$AVoj7_M8OX z^SnnjggRLL0Bb*L*M{doR!TR-0Gn?OHg{V%aU>LSEw%OCYTS_xS~f3)$hA_bdR z0I%X!{Lw|1I|Rs61o-FQq6Eu{_bydUUWUTuk1kYqi+DHUkG{zPvaQ8?iN}{$wT3Tb z70@&6$?n|-!tXsR2*1w)wM&R_DMNwi@n!L4aR~qP*H#dosG7VEg$v=U)!l1&H-d1} zi9ooO@#Xu(EH2&?oFuaMXw1h7{i&N?UbzO=C+pmrgq+^COc4KsMHJ%putrTyU4LmD z;;F46K3O$61%(Uo>(t#zycWE7-i_dUC4(o-x4&iPUUKGelEfJ{E@@OS?`-xM>#? zXRi8-(C#G`3F6FRj1@{EQ@Fz~j-%kmPe)PEi8Iep4Ua_OiZh3)yJzvP#F-|^P?UI~ zKy_|Ce;f$>NaFdC6B5u@PbqQ8xJLwwQyQRDH~AqMcTpiGNoq$lSqWCa@-c-#DEG4* zF!d=?vgd6qKuHy~&C6cGUg2byO79c^MNzdJ@NJPpQDx(--~5FXjb6EQmIHP?DZPA) z!nGXmmAd;i@4A))FsK~!F`Vo^5YL)=EXep$BoNUvx-s#{fzXrRpJYe^X+9u&h7W5O zJ&#p59mk^G^nCEbIC`G>R9p01{C`5v2T{1_d5^k#FYiXvGxZ~zp2r^34tge@zvEb) z66JWcVrs8@{%%Z9RVB*_>k`f1{q%%@zmEl404v&@zngV|Lmsaf4C|;TW66`(=*-{E zRPE0~;hMjjuI|p@-N^i1_bkw3fAe=oD}4o=QxJy09wO9s*7J&~ra788Gqgd|>TJ_T zC?#{kZRu<^(qr18v#Xa1`CewxhK!X!XG>uPmCoiDIz-eu`|cC5L@a7_bT&`*l8?eA zV*}OQ(|Fesr~bxxte6~6Rr3F&!LJQ38SQykCO`N&$B=Spm4%?VT8}Y zJ5LGEwxz_|9!WMj@$e|s*d{u|NO8w@NF#~ZlC|$_3Xj>Pdo3_+bZog z!Eq4Dg!42Nj|uH&ve>WxY#AL#!NvNkqiQVfT4?W}8cs#w@}ECFD&6fv(Qf~FdoK{U z75~{m=_6P^1=a}qDC-qaPma%lvnZh?C1CwZsDMyL%a{ZtVzWfZs zE~R@(-CfPQZl$~QD9~s-lrF{}wj=+*HbY{(B*PXKO(CTTB_tC-yU z9JLYut_%WI1acsX7R*E_gg(V2gwRK5 zmTCQ`v#J8(*cm*D;^&wCNHX+X%>pfe%x%WcXPx5^!pj%1{{2v_^>oM2!&Licp>V~| zXQ;b*yc>z1-|7Ks>@R-S^Z?>hIQh+gz+u5z{I$r5%$y;D)f9jhY~ z@cmS){ZTY7jZDCwsP5+Q?(dWW)mm!~{h!j~wEfeg9^*2SGa)^GzgXz8kVV_{IATN` zJ?b88g&w_Ct4E`7(c^G+HCgcLKOUxqoYP&FAjI83pJn$j$It9g6`4R3-?PeFQRY-Fw525=Xlo@z+lGY*jF*a z{{&Xa@^%BoA86A)>GQdPw>y5uA(0^VH$p-NBA_P{-hiv@OpBW=aXC8M5+j2iMxAp= zD*nl}{^n6MO=!)3ypK4h?_v=f3PN9_t@-U|ITX|m@304=rO>RRx!?U)*3Oc>_S#j7N1-+i%?mDlJbcoeHHCZKRFc#Ttc zujF0Vf|vE(uRxP;qopa%-|de+{r69wBazM94*IOUSLm~jMf>P8VrU$Fwk>LlK3>(u z2ox^*oT=^(;axX<-b!x=eU6BaFCjJXV}i0sh)4|#pu_{MhmAd3){3q@l^vI&(!Z2gWvcZFxuQ?IAo*VZG-$ zJWRGcTYqY?Nkf5!eI$uM$Zd)ANzBH z`jiKR@9?ppZ+yzy=Q+v*;RD8*Y+zG)CR!|i;kl&so&kUXr!d&i!PH!Z`)05!`lbVz zjtu(7_tDX|mk9^fR_L*;V&1N_ZtnuB{6|y8dh$IUXu;15VRtLyXzXbn#qT-sn>55L z&G4ARl6SVWOv{qB0GKm5jzWeV@(B$@Jy!Kc&G_^oI?rKOxvZH-#H=ZN;E?|{Ye;;5 z{3J^bj}*)0hmas=alLx&UQMAEKiq-Aie=cndfBVVUW=sHA3wBvZ69h!wT@aMtXv31 z$9YQ(=fzw#qd{m&Py~GAL^*e9ylwYpwO{ zVfch}7i)7T=E#o!(h@6)3GJePj7Ej@3VhPnH`YTvNs&lj_z?PWjjJN0kPC+%+|POr_yLKW0_O;Rz(YdD%%ECp z%oAN9<1@GtW}SVsQaGrYtShpO^`k^;-3e)8GGTz1k7IC)%%@fSyN2=-Da4UF*gk zQAGQgM0+nnv}k-NGgD2t0J)|qU6sZGFW`e9+D6?u!22YA#Z>#d_~_+>=yZ-5oh23&+D zhn4;ksT3oW%i(((?{e!G>32nf{&5yKt$LoZ;>bz)ACzSb;1>*B2;mD*Vt>+bx*9H^ z93+ACZeS^2NYMD2bq+iHZOndOo+p=BzifQ1SO2oh@sGLqkWfZ6nl}^8^+(#Yh(Yu9 zRP@^Fd3MH}KjCe_0HwD5H&p=GDV)vPakv<0*3L*X^Y@e$4%mdRe4k^i7>y&W$7VR> zFx}2{ba#Q!Uyl-=NXRjTP$p$Z$N|;dXa)ztvC0|Zl5Jgqw4-5C#ivXSzyRGF=UE+r zMfhy^FgL#v=xgW9~w7DkkgJSJ%Wj7a+@)Fwr~qH$Q{ zD-=;~0Vw{<>KEPJ%k1t2S9fjqhdp81{~Tu2B}Kl;;X>ziBMO~2+5YBsw;x5XVa``Q zTpdh_?%=@ab#4Uy!7h3oAE6g4c@O8SAWp9&9sb{L{qt8*=q)39PrA`-n|@LJQePSA z;e2Jp>CgURN7$Mf-QfZ93u>VGb%qPy6W#cB(_blZcaF?kd@dvmjJH{P)1xqcnixB~ z<@O_=d6E84tW7fNHu~|Ell>q(FS@_g?C*IOh1=AJOC$Y_jP!SE)K^k^YSPjYI4DOx zn6k0)E9ZMDZ&)o|qmcg-fm!SV2AAwHjc4AW2*3QyPp+YfRE&Cl>R;oYJNVGvkBhdy zn0jCU-H1c22`*1KR1_yVOF?Xj#9vQA6ADQCS^yvD~aw_sh|vbUvi zK~#UnocYS$!f8%HyNIcB!F2>1J_M(s5y`5pnK&0tof!xF2bmh5k!IEoLa2kY@)73e z;a6%NzRQYli=j{W4}LL~mKNW4gm=IRm(~wh^rz>^3e=bX38#7%CDB5|eXPq{%b#-i zr}}9D!z-~lSXAnAV{9R0c#+=Z8=!3TY z2h@2FDFQZi9^MaiYJUQCF4NSBf%jnOv**!x`gDw^PY-l^Q1t2eKcLSFtnjy&K9l!G z(FXzpImE~)g#X1FLbfyQuZ!TzsG&VrX~X9QGw=bNLB{+#PDA?le*8c-Tm)-3TFoLZz55qm?srbI;5*^LMER(o_Q%@}1B) z4RQ1xQl-(Jvyq{or0i+VH`>h+PKleKEqN@D1@ObEwfyl>K}98`WD_ zKQt~GyqtNV;eQs(dZcNxu(0|uKE-FfJLoSpWf=Y%)EH^hrFIyRx3kOwr)Hf8wNcJ6U_-Nijv?p$AA z49IQH6&$nCmt4;pF`QeSh4vbsX5&Vnh=D_m=uh=;343T<3dQeeGc*+_zG3)pbs;!l zD)r;^X>LF#;R`Mz*CSBTzy3|HQTLlff3=x17?VF#yAanFqlLCJ z&BVb-yCf;$8%%w-n!#5iXl^!>w`h9v7~6=ZgvOn^0qL3W*fK=1nZ6dLnC<}3a^gN?vF>T0x6 zovEy+GHZwM2hDE>n{>@s&C_OW^aP{&OUQt2)^0Yc-xZOV3giFpia}=ncgEbcT>XPA z&wT+GwL?>?T1HQ}xxD;ve8Pdozh%Ny9_>{@BcT9Sx0D?Xzmw@-`%vYc zBc@|;`fr!QUX8Dx#mJXzyG$U`(d?2PiTK`cM03q!-Y}DQYDtQ=xoY7%FNzM|Zu4|gV z;i1Z=Bc_js(@Dg z_?OuGP(*wrG^1FT=0!IzsX%?3+=PD9Ox~T4&~Jt@ngx7shR>BU%1astDCOgf`R^&& zE-IgDTUbm`YYV#t>xZ_rDlBu`*3P>C1Nr$Fml&h5Ig~B7SIfs4)qmr+kD_9tBiJZg z&%lM4qH%4-L?2Pg?3n0fTjXA6(8Wg9$toXXBD9h)Cc0QP;EIWY_RE#Ha3FBUL|=$D zyJMn4`=ybtm!e~$+qG&`V8R}Tqlf)Q7hGty7?(?(*RfC((f_~?twhs0Qv~xM!Xj*R zX)lwadpzu5U&OYg_VyTIRCrQ+Saf*%+wt$Y#;E>=^>y&zh&DYe4G*HDmVr@JKJ`Bo z$2%YlO%JfZ-th3sU4bE)gmrax%K<`Ry6Ho zQ*iq}6r1+;QzE(w%dRCx{vsE!f6@ygKPZcMqqK_&v zRnbiqomKIB)#hGRRI4JozfyJc1691GiYrwyMinoq;#^fcql%@f_>(H`m%^Uai5)Lu zl8B_i#7CB#6g=QZ2IK3^{Pi>Qjk=+yArQFjEXLylN9JuP`_lhr)(HQ`EL@j&g^*5Q zgxhk*wAV4H&rOQNaQuZC5AA)drALyO3WAvVnE{l?sC;5I=TX$yQKsH8-2>3Zn)zFd z&G;wVbLDVVstD6}qZwSoW#fk3@UIPgQer0Krk$Cfj~l_+k_#wF_~QYE zOh@1!XMwz!1;R0EwVuiccu;|-bMzc=PfY>LDRg0Ma{qaVW; z06h^u1^N>EqLddeV82dMt{ZU5d1AYrmhVCilE^g{xtACSp32`$5eFz#o0B!6d04y zjRXsf_aaPb?7TiTGZ){*^mH8)aF4{*y|SfO25Tli3D&zEA;(#CO3pZ{$lh5FgX-NRII{gCB7C>0gWE z^YOXpg5VZ&*N0|9GbHFeGynVP*Wn*yZZE;A4B42F;TdK!Mxy{F;_OYa?C!%BQ$xh-QWlt2nkk1!b z%V*$Tkx|#JvbmqJaIH~&FYmRub=#LL;D$zU<4-tr^(`o$sa|YjE5V9T>^Z_aOVe$vf3ZHoSLun>y ztachM&aUL+kY~!7R6Yt4KRy`oM+76w8vY=aPxOx2GB&XwWF|fulzlnXgYASl?}Wzs z*o{FPU=RezXm$Q}F>ZwzKwm>6@%7;$BOs*nIpC<;v49i{KBd?g(xnYJNeFf? zkvgL*23$M3hHr-BYvIGqU28zp79-G= zDgs`E3Zy&Ql}@VPGD2VS(XJ0)?58^_f>}5Ze7HAHGZlSdmIak?kzrqC+80>>Ajul{ zfU>Z#(+%cUi{Zq|MUO5&eZ)1TL37tr>PEn`A8%1KL4WqBbCB3uGisl9idD6=aR#k;Vj!%Mj*USG}!>okdHX zqamTqw(FyLFq)1KS0=AAEOV=RNehat+lafAT5D0PT1N?m{qw;Zga-fabP54eDjc^; z`4hK#-F;C_f>jD}Kvf(*1oVrc8(vZf6DjM&A4xVHm**1FycbD{@ZF+t>4!_#2o@l$ zmAJ1=0cDWe@ zFO2)#xXZslf43|BJ(U7ewPT6&{ge(TbqW35$onC)GYq@e2&rEc*<<+?7I>wdT$SBv zZAJDlzo7HH7qxM$UPuCvqD?Kqae7gF!%{S1H4RnuzRe?F7d$|ib7VyY9}4T7Vv^E_(=8= zX-+-$A$gk(`tWJ;v1r1Frg$)#4`@+<7*>x}dJB(it@=z^C z!bu7nj_9wREk|}ORv$11mU8YIuoQ?Hq@2zQAXX9jT00g0PhI_}LX(&4OJ!3WHx4H0*`@Ywqmp`&mKo9aPQ0 zzTASo@0lxuHR`Wm*S~zp&A#C70!}G6G<$q~n+p);O@3>r*%u6aMC&08DQUYz)3lg` z7r^y+b%e3vZL_MGxEu4o#9<@&!6|-Y{xe)~^*8r1<_~~X!&OfsaFMJ_ulWYQ5UriY zUm!$18b_pURKJOf0{@=FjOqv3U+8KKgsSKz>kpNUZxQkrLK-N0z+`+P~6=0jW4*9jn%WUXECf;MRg&|3nvLEW2UT z=w&D0lJF_m3m#2|bpdlh?q86>z3U#C{EB zzM$_`&IiEwkuVa((_2IcbLT%JgsISk373x9%= zCR&gPc}7KdYb&p~bt^NbTPUw0k&Z2t{X;9tD%ibf(`wXHTUuYUE%f8vi zLbEWu*Xk5}*BAV*AQ;iF@E^IJ2(@`%5pC`%QAD$$rw(RW7bOCgIpCSD7Yy3^rYd}Wxc?2 z(#fq5m(y22g-BcqgtAC(b1s;-O;FWiBFTs{>mNd-#py=uhV7f$Yq@3J#kSndAXSXz zrl=I{-%N}3a@0KDOn)0D*JI4Ib^?=sgsI?^VBcLdWZI&Q;lL}(qCFvPP)tEn+tj-W zd(f;7H)FBTrS%u~O~_iM^~cVO)0+d=`WcCM8>RKPfw#8ScNeX`Zcu?>j_jBX{|g$Wl^k-SqZg+vbaK-3zJd0Oq=T_M*0)=E6iRYHWErr?mi z_XIMDLt_oGj2B_J;KyVLL!Y}LsF($-!G$B60*Jt+6(~2U5dIa3P1?rYMFRkMcA##>#vP6cfrNH_MESP>k?d-LPZj=cd-}-;rAO zQP1~qVK_%WlvQ+Tf8d8ljifV$~*i?b+2=(|q8Q`L`D`SBS3 zEePGip;rMWSGIm*uAF%3jK}X=)%Xui^EG_aoddHoJ7Ki-wljPy*wyGu{tzfJ=FIT* z{SZiXH2ha{ywvbnD$LI4@N=LGa?%S!gHEIIBz4W&9vO&JjJXRTYjSZs-)PN&!)0JS zX*`7Nsg$2z$a-M+Elo)d0A;jMNqq=;CLGs>{Twuh!WD7kA} zGE?2e8%{;9NRYQhY`R;zRCFJS=bw}bfuF_u?d4EGh7q=8JAH#hN!F?8+wF9P9RC~7 zTgkqwnwk2ARA&5pu%b#arMN~!wZQ;yl&C)Rl@?VIPyZgcn8kRC;d+OtsB;mJm8f$T z-)&21InI(vP3wDX@A$c`)=Nu5))bIGgTNIgi@RAw)F5Hwrzd0<9 zkm1#BKN}f(HKOUNW=@76g^_bLRn0tL#+bi}+^TBs#2*3ixmC?fpE3d~z#6++^-y?c zObyQLP=JJ!m0jL@xO7xaFKQLrio_X&7`dk)Pd>m6#KS zDRfiRS;rBqx&y19iK5q9@!)Du1?mF?7nmej*M9V~F=6@FXgZ2izTiZy<3g&hKm6JH z&ST$I&CF>w?(V{A>Z;}p5rDfO_xQm?VRosKoT#3F5l?$$=0xm3Xan)#E8`IVzaJIiiXBL)&@w~W zIY^m#m6KywB8p;nJp?q|=?jsWNr$&V$oxAZkwKi7_&H_fODb&ZGV?}V9O-WPp>@*P zGIQr)ZJ>I=?LW87MBBv}7xL!ce>NAA#bHxbGqXmGfb7w!YGx8=c||ltKACxpjJAdW zqMs=!y&IDT(S1AAfM_OJ4evy#A#x{6TCrB|pfn=fJ+5yDZ|QrK)3) zvt1^uu^wzs0@{OL(NBB85grJRL2vh4ud@t@^-@bPH57i;}C4M5C zdX-w$52X&_A5{%-=Zudgc|3RX?zt%%@!cml6qHC<{WVXPQ7qPcw0DWWm3w z-ieUl3v^w|9O?CmZXh)0|7yT0!kf!VA;p_=SI9q1d6ePaj_rBmhF+kQ+jZHj+>rqwwQ5E;9Vu31xs_3qY zJ5`aYiknn1Nfp6)=y2?*ES4KNKgigp$StO*;r3TroHF5SO zK2vuU%mRL3BDyHk3@uhGj|}HRyzyBXG;pS!totMC73S|aA^^Z!l5lO?E*+><*35YFJwA0gg1ZXS)Qo^`U zVUORY0LTSs{3wzi8fyG5(GQFGu#`Wbsx?yTd0;y&FBDJ!$qFN}K`1O)m6^P-zIsf7 z58^PB3au>Dt*n$Tw4@;|3qN5TY~dQuyj_v3+ny$^+9g>}JQ2lpFBoDfhA8o55Ufm^KM|W zdCxo+=qL;Q;5U&H-2ec&R24`Lm<%$&@F3USzh+BibEoMqW6dXd_RUP@%nW=~b_yE$ zR|(tey^}?xJ-iDFJ553O)*5whDIH9ZD$lxjfmtDFBTrz$g_jq2@rq>s+AWoPI!&L$ zMzGJrsQU=TC8|At{XW%T)R{KpE7Y@lGQiO0^S*w z%~@q1E1wUXveY4nj{TDS_^T*BQD?5O1F&2t3W~btHXg!_>quRL`MO(X`|EPCvp);j zEZ7Ecno&2zo42d{WP#@md!Mg{Co~#P!aildl$#$kF2l}&sn?VE>9?@}`=BGDVv=eu z)812{#eN*<#|L03*J7*Rn$^juJB@vpgM##4;IZ{J?XU<6cp<=N@_|S#B%%ja!=#BZ zsLN9=gnqo2Ndtyzcq@E_cofe^lLV}fS?mX_2+&}6G1*N4D3J@K@+si07gs=>=b%%S z;21;yC44LT{CogYBBWn9zTx3TaAf6R^C>a7UO`MOWNnau*+`Kd}1s2bbQ}nIfbwGi6II;e3M#TT^ z9gG&LcBIj@!T%+(4CxXubB2IxUzt)al$-}6-V8}8Gn z`+)E=fnu>3ai$37;{M1QU-mW33ZxSoiL=_S7PgASj(T26EEp%7gs_B1LniVFF0Yaf zWLN8(I0(;}`-eg3Cx3%6cOEWi|0@L`Rgb6$7I^|4)*t2J@<=Z1M!ByNSri5^BG$i| zDF%{d@hO-iZ$K#dzJ$W21UeXtz{V`x z00~sD0aO*C8zgVrAGRuG7 za~QN5D~w51O_z=_svqaCx(jh&z&S?s{T$EMrjI)fI^kdcQ$cVi@&HYy68gXDU?%S) zS(hY%jsTE+#jegV*;nJ=@nBQ!Bf=&oM=>(s&_Q^Lcf@g{+=6$xuu#ka8&tG{(Y|gH z91${tGD2*m=vIHIsS=ooTrUL1pI$iu@26&4c@x#?iD_h{a^PAuf@WH6`Uf}j_+X=Y zI^PGZqCCMgUQ%DopqW{lz8saXevrY6@{u1rWu_vYLVi$_F9*$>+VtP3npv#5jVR!$ zS3S+*wSwEst4%LfHFH^0PItjm!6t~%Z-dvw%SpBAXR2CWZ0NcKcfGvJEuUWWZeN?O z>mvI)lsvebFxRl7X>7~7Y6?lEsML6$Ji{*q6lHjr z>v?!AEjV9C6@?+I9OJi3@APo6H5}=|Taf;u8K^Fm{;|Y0oAEtso6>c;5vnD;H;#Dur8{7~wqvZu0 ztn6u?OvJ`{G3$S!8653xpX_+fd4;kQ(6Y0z71=?oEB5vH8_5CHZR3MB#~r!x;CZ-{ zOBft^`Q`?fFsu?zE0J>KWrMrQEeYl25qFhirOHq>*0#bp1fT9XgWDl91F(|J=_W74 zsPeR?MXb`d!F_5<17|TzP;qogNiZZ+5~}O)Z*ee5fxrG6 zI0z)lH`77*n~)d(o?Ia-Y+f~}iJm)-sN6lS{7zr!TqH3yU`3IuhXwxa$sk}yvv%0P zeq5|qt^kB?6V_mpO)Uq^HXTCvn5Q%N{4YWyCGB)B-j}SC5e-m|fQjfR+h3QGyM8!)kFk_qE zW-ZxGw0GpqrFLLXi!f_};x*2cV@rh!HusJ#!A!=0tEfZ8fW zcNTeZQ$vJqOmKq=kZ$2OXr%m2$XmaF@ru8xw^6;41V!8>vfFUQFD^Kba3i1y&ecDe z!ENTQk4$EY`9DWIx5o#M`$q^(D81>yNys_-5J5jA%NKk%{5ORG_MDtWGWeU0G^$5Y zfc*P92`)d3{l#&4AGyD7J)HW>gK((=;SiVtqxyDIMk}Q+bRNzdS&tKR{_VufouHV7 zNV>pTf}CJ|qcFHNe2)?mY-D&=T^(+yLk#`>=PcC zgpu&p@STdxkmNqLM+x-ARrn$P{AE4KVE`O%H_NELoVwJ|l!3!Wa6pa_^5IK=aYD|K zWL~{nlk?6p7mOe#!+I_U0Kzw5RP95MiYX9y2^qh_jMJ!raw^(F4(V~n;|7n9+8sGa zP6mr~5ga!LHxvXnwPpBia~>ZgxV->|!S&L0Y)oUjpYU_cwDs>xnR(kU%-Nyn*r+oq zoBEem!$u`nHsu<3@qC`jrhH@WEw~u43Fji=SQi{lG4mL;hyDARnTCJ+apDt4<|iZE z%AI-${>`8EuB-wGH+aZ&#H%CbwT{Bs1QD;DOU}s52Y9qxJ6acK?nLV`oY`f^O2V1< z3IJ2^)q`V>-r0cZ#bUy!m@|fP@E8v5qhsB0CUTlEZK1Ys&Vgv)huV3t7F@NTRF`mT zRITSf7h)EoHvLN}dcMnoBU27e7;qz8senj=L|In&IW7iHAsxy%!-5HCu6$zH6b(VF zOe8|OeUgaQfuuXC9wOTtJwIL`P=75&&z&q7a>-Z_L~%oXngg{1u)zPzL0yf+qQX!O zb02Zs8#aW@Q*4n`^}u??7M1e5mFF4OdWIKXh4kj&iqL> zE_y~53TFmO(enfrt;y4UfBXLh;1-i&BUZVpN!AS(@?$0$)(K3df)q;V?luCUQX0T6 z)26NV&{T$o-SQ+uJNWZ0iNw7i_)6P0H%`)RTWbcf32YmeHSBS29^r)%TEdRu9*QAL zjREMjBsQFT(%?g2!ZA2wsXYhx>c&r`6YSxZ~fKDt@u{f?wP(-i$n4 zSaW~FmP#BYGBylKv;dq+ zJm$x#W{Egsi+$VdNjTx~40CI%n$iG*QT+wEQT?NF_eZ!e>iSgfLHNPl@Mh?0VC5PT zVD$^TpnK^kpsGodjkUbheNKcE$QzQ4Z^KIR;rC2RdbtByMcl~K%7WY6I28ofwGW*( zq|K4DEli<>oKe1PlioPj4DJb^1x7)LBxSlM#kH}6}zHm zcx2(S!9Ey}3zvFK%~P%6)V0v~n@3g5Fss%~VSZvo zQ+lh`Y(c+`b8IE9ew9N7+a@8ACnL#vfLS+DqLD>;&%tVOrg4`aGO?OE15-2{A-R~M z_uGOw9@fQrdPWxG^$vXW01rIg6=u*LVU6`&8)sYJ!b_NO8)KKkWlB_-VP?$dJTk1& z4;b_+H~2XvxvKtqxv@LhnEN(|95&w2EqPDt#{Ep=i6Vdw$o#v9Y64(tjRd%Rd0V!) zbrp$;v$nG}hzJOffOGMN`5|!@(S}(F;KoSu&NW6GKWP=CuErcUOQ+oTKf#D=kOzX% z>tD9QQgHF#5iSP6Tu81YR96qCwXn^>8Rjo;4vr+qp$jk=axL&9TcOEVF&t;2k0>mk zjFWq_uO7jP{>Z%Qh+y+5&Y}HRi))-MM6b4=UVxNZ^jK6_p3dX*I3qVQ`dI+YMp`;Zu-S2cmW^*1xs&=r{F(E#Z%C& zW?T(Y-#yH*Cdf9E1Wpx(W9rP8X*4i5_xRtaVzDlD{~{4%G-~#vVvc_;Wxl4rIi=!A zl_}D{yqi&XTe5%s7Nm`IGUnVXEk&CX&hpmdKFs@p*>=|=04J~628WUgT4$A54~c@9 zV<07L+wKlOpO@^Jh&{*#WT~%Ci)ssdTLa@goO_l79W!!ss1P^Se3K4`Oa1|V=7^Av%$woIiM33>qDxRtPO7`={9(?PzcmA{}trI|MjYttP3mkP$K{&5XizmwpOF9 z5vmp!{x8Gf!L#~t+1G66`fa-Z@pi8LhdkNRG6pNw)jnq}w(%Yr@q!}~8govKX6x>&MHuzOp@HcC&j4d zmzp?VQ=-pK;*@!Vbyi{WMl3j{6f|s4DGa_^*temOX%%yL^p~@_nuzn`ut%N;p9Kb?zIfCCma=~6f*-wsSV4ZhG5<-5ByizcE?2s$&%tBfScV$V zFJz!})Ey(#p_d}=OLId>c*v1?iphQy7MuN_(~EX zls@_;YAsH|sPekBwnp%>S6-2})AQK#p|v=wO-@LF`j-mEIGfc|W2%gJYq-0GC3tSs zrGFl(1b98)k)ro2QVgzR5geOl28%LknC|n+Xk`+-LKASp)pPn%{V<6S@kI43_Cj#b zDM14Ah7pup*ntsQENgpC#><$`%^>L97jFhf5avNP%(cTc)_^s0P9;F@nSlb)Ru#|9D+&U&m!TZ46%opwz?#^HV3EM|vyzsa*~-r$K91_V0on8swrDhH;W#;OwVbPrA4M^|)P59^Ain)Es)Y0SC^P~~uxp(W zKbBw-%djcf607WCRDs^%^u>A}sTf8UH*P332>*pYLN+P8X6y66)2!D|0ex&;52gR{ z5i)UOdCLDg3%ybuprL~|tuW*wKeVl9{F+o5Nwdmxj4@XB(zYt)4`@L{N(5hM zr=a~;R=;Cs+v-0!K|uzf+*aSB#y|yjN{KlRmZ3nlx(^uvi^VNrU%$xf-%nyYc7-^% zFu6T$;RVO|LwzZ%*W9F_%OZ5J8!`=rgPN#>`8e&qBb!C9wm++|O*@l(*Z z-+l=8kOz6su^*}#O%yy<)ey=Gv23;;r2T-!3+$sD;C!w+9bUel?{ZX?>;=6lr%6Y3 z`$*-ep5kj!j_Q*U+ELvjEqMCOrM*wjLP27}9br5o?e*R}hxZ15%OZ%6b_dVSs2QDE z>*>YDVVMW9@gTnBZI2DkPOJ5_oTDE8N7@KzM}?_FEgfit*8=heZzgI%zP(v2Ytz@@ zWt`0^o_u})`t1BJcK-To@-|VqT2K^QUGS7uJ^^bHtGhC=B;4onzPfqHB&p) zjO!ebo^@}zy0<*l+Zfeb4uiJCRc|@w^8kc@l@j+pPj7-hI4bPysx={SfCw+lsYBdV zo8C<|QN$+rCIE(`N`K*@|L25EJP@7J8xp`M4ux}pyW_Y1=6>{6#5wV;MR*jxNNyoI z2ZKw6p!8caOG5 zm`G*34^qqhd(sX6^|W3gPxBYcl4^S_!pB@V+l%`b;{M25-=e)EaUROGYr@-@rqR%p zR@irI;SHM>fYv_jfav>LVf7c7y1}W(;b&MQxCP^k0rlZOs~^7FiP%H&2j;|I6L_l( zpUZ9PTHYCcIM@*G&%A`-#>Vf7E(g1f?*ou-{j|L)8SJt*E6H0_%M=5^eD+RW6}vvF zpQw?QuqsDYLV)|laA!Dsg|3*To@T%X=;7>YRZE7mJyB1sto2_x)QM2oxz+Z?T^j?JyG6 z$zVpL2hCAvP;<_a=Q?LtBN#qfRMI^J?j_Y!0)6=JE*(_FWlK#%RTN0hg%?N_dTjR) z_+59Eb66$h>3*_i{|%?L$^On~DfYLyo#D%24*L^rXILuS;dX`>RZS5AdpkpkFxSi? z&2YDv7r2E;VvpD-o9u0FYO`C^elgi^_$E2!-;u>Fx7hs5e_$%{VR#(JIj>qC@)I0t<_n5f z+pVhkoRUj0DnAzwtC|b1_snYyBxWn%65$G7HsBlk=m#m(P8MAa@7vZwDjVtUz*Bc0%TRC4_4PC^+ne{yz= z;u9-l;5b9QaBMmxBJd(=;3Kh}v6F6iWmCVhPL)k38`Zy4@9mA-S84`H0EQfw(sh6U zFbR^tz$~-sx5`brx8Y2<#wVygK&)1NC~++&E6GJKc#luj`J2A0_?ixI_NRP*EVg2B zfKlwKlHjd&-LkqUqCGMbM0-;cEut-P^qVFsu_KrIl0$ugD*`uVI)q|P@bct)UijAd zKEYxPhK-zczUve|&tHT5MqY%@h6{HM-;pk{(G0@S%kcfV--BZ!FlZ1&qaUREtYnkJ z_*tIYMsrylO|ShCY1sHoVrPCPF_czxk8)F_2VJzN(X9ij20{kc;^-4)S zEUT}}#U3wK4S7a(;}kO9klNk&TC26&*Kn=pxRbfEm)?T~-YF6o61*(?T_gq0hRP~^ zLZrKCsT3&{;1Iv?uyYEIAHe@M!7>NDHQ*zA&B6%%1$`QIgEB(1u;kQ& z44nIj*~_|}uGr8y`vS=L173dnJT(65E!aCba}8!!r=KLSm#_fHSvKqv{qRn%+yOE3 zNH(uo3n2XK(y-OtGeo_6%7MR|zj^vFN-71~$nb1CsS^8rZA#6&6kpiP7#TWGeb0Vm;G^=d3Rc==^5w6e)$v7$ zZc^hGd@;HX)M^*IC+k)9s3muWao(;<0rZ{a&En9hw{`<;6MD{J(igQN8+Le`%(wAgl}Nm_+U}~ z#+ipgs_;?nef`Ti>E+DnUrM+4!#SXWG4}{|1kr%T*=uEL=mKg4)N%dTuUikIVkEld zgmI|c6>{AB(ykCWS^_Fy23yFqw!XUyHbJipz$}!Q2{s2?Y>JzMk;%%Xci5-Xy#dVZ zCv&tyRAv*WV1s*J_idovQr6MD&)l`I(SylA?A3wEDWQWAuir10IGY-c#XpdnE1DW z?F-)!G!~(<>;o2vC#A94DtQ$PqAAE}hIPG_DNNYkyHXmlN2xnxcU)Yec?MyqzMShX zplUH^1p*eWzM%II&VzV%ap;b^_0Wco>?ci7$=}SWX|K%%$3w zc{t$!4uoA87C{Ky%d&2}P7Pq7y#cip2^K=^)ha8#828uuEAd{BZ0m^=?f4y(SR~kS z*mm(i#_i>2F{nR1fPh!R=-3s&!Nrn0ly@ysgF*swGa= z-Ic3iVLokq)HN=<@R9>SbKXQ3ni5dhXf6;Sd%pUzMsv*xE;Qw#?6#gfz(G^q$4={L zG&fy;;ApCrh~@*QMxhzpA|C^Ep<8_M0igTfwJvmXNmm=)WeVMoS8H_NMifQ|CF5*) zDCkz?I_S##ap-A=xdEfL+P`bVMbjJ8J|??w}=@S+(=foHrC@=VpA<#RR>yJZ`e zS}QBvo;6)l!K8F$YAO^_wrdm>-hD|^;q`167385%VcMw<73BRmD!g;ufm1=XL@GSi zuN5kkJ?W+bK9kj!3NM>r&p`mqB~sT10}C|Mh;yjtzgB59zdFu^rqmQP=l6Helvm== z{C47jqp4aVnlGQ?M$;QWe#E)7hYr{M7rOD?kIAYpb_w@xjjx!jO8yA-Yp^2f(1(gb3)%Y{ptvkBXKf{jbV<$@cHL8hRd=d7)mY`z25kf9rUDr z9C|NIIB@h-OGIy8UpIOr^Am?|H1R4LaO%m5UA- ze`!uQ0 zkn=bc(DO;?(uc8U5GgS-xrqCKiUt~Q=PD|4cqV`xo*b*9 ztO$bG!=Q4gT)XD~Ja1LcbWbK6d;EX%f%H|!TklnGz4cbrVcT1xz5|Nj)kKC z_z|);azN$4B_;0mfqBs`-yTc(Od~d|I#(Lp_qX%47waIzzi&kc4<~=;MT7> z8nGdO^elysQaMJNr~(uw5dw$e{8HGSPI$y2V*3GvI9LTQEniS-AbNIcLrI!dfH-1+ zuOZ~;m7dQr6GKA#yX(O~uZn9R1)qxV^h0?F&A8Bh?s!E)0VCUtawz1?n~(xPB!NLAO^aM1 zO!yOyLS}37!cEm+0Ea~JpClc)0}|(ZwEblnOrB?dyAjDd*|%Q@Kra(Owaj?%J^GY% z@`8%(E(z>Lr9{Bwh>2Z{LgTa2m1i`3rP>ef91aXa9w2`7PqR!Mjhmzx1T=TkEY0lK zc6AgefCrg^973CUVN3$&94!+Yn69X)LYDWgB4dLYtlX0iC4o4lVPi}Q?*Jw$YK~)O zU>`FSmI-D6i3dNRl(-<$&vrl)$hLSuJb*)L^64qs1k8`WNA>|WFO$0X?Kg>UlkDS% z0j2vTQ0m3!<-lhF+n)5z!|RwkDPPgP!0C4sPFQrevvvY0%n+j29C)IrlbFjg9b)Fk zg_y5kX>9y28t={}S%38AJafXYtFTVf2)_)6tZAVGz0o zntCk8yhR6kNg@bAUcnp?pecn_0tv%^U<{&cs;+7}cQ8S&fMWuI4mY;ZO>rmyV^{A$ z_m_VW7&KCfLrEsxHGU)f4Bs<6LA3G&_>ZSySN|F?2U9DQgbV9f2c8vL5F9FX?ghFn z-v#&3MxY|l#Rw|4Z+3bUfSFIzc@c}GIgM+hZDVf(Gpgx2VLr(%egx82JTP*_#&mMU z`hU41AP?6@`}uUa`()soF{zy09bhPDWg~R9T3&$_ziIVsPt;bL(Xqf$*{`<@V|;uS zzcY563-f}2R$gHJwuxg&06w}4OT5X_&ry4wcc0owxg5MfgG6eAFG|&vLWjy2kKhBZ zoHa*lY~)Z?NP&!VO)eJC>BfzdMak+tv&&o8z_x(Gl`)>U+i2hSNE&?Zjl3i%}n{M6A?|}h_+ml@-6d05prB;qn|nk{T=_HG2nIZ2yQ?Z$VzLm+i#Z= zy8<_3FRng}DJxJUh|1|1bVF5CMx{_jey|KaGDW4Nz)h9hBof$15ahuLT}XgE@Qywv zojwGt_BF+n5l8LWpACU(o8KzG(ZI8SQ3e_~oczTqSQcKPiBvSmR2eVk)D(CZzFD+4u^P7f3Z*bI@p6-RJTcj|Of8~i zCD0(EtLSq@Zd4A)?K;r^Zb8xI6pncQx$c6e$RjSj~a6L|DmBfz~wUgT&3s2O~) z(-|)GXT$f4PH_LjWiY|6qzr2aO^hY1+>wK*8)V=G<-n4FPd_M!2{?dQ%EFK=TQUGN zdtf(JaA{m-<7(;RPRR!v*P@6ax&wZtDXhx4wX2nd727@8kNx5aXk9Q|zC7M@Gl62&iqjhy9gcJ%|z%PLI zf>Bvq2?7^t0(<5C1ke^5ou(pW6$UP_fpB(b;AIGg_#uSxmc9B`nZ&kbXb5W$%!Pz172iezY`NPe)?_m`oql* zAG;zGJ76M~6N0E9{xRk&g}=aZ1>9%4`=XQu81?tEYAi}?-hdeSZxADoUBwV1Kb)zT zu14x3%r}!^@+-IyGbNnl;m#6+ zVA923bZ9kkNThrM*+Kq=r#zRf<8NkDI!2{CAu`L~yuUe&ma^tgkLP8P1 z2u41M-GOMs|(W)l3!_E>NE;>OiO3RmRHJ>hF=T6|Rx*?an*luCbuyQI=w7G{^u zLvyixk0$%4>B;`Em+U%cLcl!oYBU_C^l=qswvsZ7{*3*rWnzipj!s6y`)nUHaS&Iz zDR*v^-2lrCG=zqrw#Ht>k|s}XsFdvw#WUI5Tp&|FqbfvEM{?wP(L& zZsZI)#NU}mUxZ=FvTfS?D<#i@)d!#E+Lq8*(MOR0Pn>FNc8x+lJHa_KOd_1GDjz!G&AP<91zD$F^;nD^K zACS=b((NfsCMXzx(8L~L)?u$+I5cB690&|RnW`{)Dlyu%0vLVW!KeqHqyGqAGrhJu zP^-o&6$BXV!1#i9d5E&h&$O@TqHrqoETTp);nynS1Wg>o=?KTnwIBTh3<%4`?WyCB zz&_TWVgCcFi!c?aT9b91!nz(y8Q<({`I+`uU4Bt&`O7c;uaw_Sm#?vwgnv|;@)Q0_ zKts0}^nvgJGAkOD5=x!oRj97 z+hV4b)zNI;o+lAf42S7Q4a90gaLL&pUjklg+h1ukJV)e+emuB(j zW~imzEk~KwxtViNGn$}P5Jr!p;y`oN&tiZbUn8EoC9vR7MPx}F3Qewy0jSTYzefuA z3@g0PS?}a(|QJ&(NR1L!4Y1zRiYL=|If=qSxB7pIN+vC*B4l z3j)Q9a71qP;bLRMnV!v4e}5)LBU@(oL`|{p`Ov&G+brIR6W1Gs0Gm|}=y74e#}}a- z*ka8p{oBG0a`?)k*mNmrb8Hf>cFRRz=ikGXo>WmD{b)42!KSr3Kc;Q@LtKPrJrW}+ zSXcqR0ZT`hiBMAJd}Fs>_swNXP2sAY9o@{r(eAKiTx80_V_8mQvicFP{3tS(T9|)4nQO^*(>r-zJ1dfYRn`RfUmS45jxs27pp*t5iqx#rPV8>Q{J;8G+?s`Hnw(s5D;<>;PMaJrXNi6s6gkH_*0>H@O){Yz9@P4e3Yb#xji-VRc(Nyub}2YFMVrH1Nk}F;EhP~^ ziQgp_a44pws=Y(X4U#O(p*%iDgDg?CE<@)Ewg{~N1Pl7*oOgq}DseS^{bs4EHoq|wgur1C#G*ivL4WBT%3PvC^XsThQ;&7WiKzEC4fl zX7mKT9w735+_p<DNfIP*GFTFRnX=|l zhe(AB`sKC2RQMqNsa=1IfO@-J+!~Vt0DvJON^Ps>IUim$_`zwvo83>D2i@2br20Ua z#hU6;>xj>nP#MvYfA%Q^vFy5rB7<3I1hGaqOPib34G z^T^cl=VVlzw;h_Ff$Fe_KhSl|b=NT_Z5`(9OTMr9{+O0OJ*3Kn(Tr69%{z--(9g-3 zHoHVl6m7fo!nCCme#{<$RO34(Fo(z>g+!P?h`isSBky-Ok@v+o?;MnO@T>A0Q`M45 z!G0SVv1+9keaA4GVOo{FKN7tFZa?5$RN3-z7+SDc_x3Jefq61hB_FJ;gW%a6d8BD& z9ZFLUu4CkpG_zqz@HbvRJ21K$rMSe?e;W;D)D~VJ{_F&=05zp#7|kcmJG<#2j^-82 zpP?RzLIKTm<-^SUa>7nBk};*3X9)*TtAT{GXD@Ex9;%pr@-4xey-wt!j;8FN%u zXm6EmJ7plA>Kr?Ztw2vov9-FjgBlxm8TO~ReW2qpbM1t*hzLMh7Ni`=c!noV=;yBwVXYUnxa6_xBF1^*r!N~qWD5oWl;N~5olEGG@uw74Cf4-fIHhb54!Jp zbZ1EkOu_Hj?55NBL;y+^htb_rCK#%3B&afAg^e?p<~Rc9vcW9lOL0fw-XD8VqT5W^ zPHv`YH9P2Hj#l5mj^3#ZBP`=c)V){J8CXt97V=DK$S@kNceH@i9ZOY%akN>y0-N24 zmht$zVagA|+9{!2sqn9TsdP~(G^5cZY75GZSOVRgd0olHuR_`)`!wuk%jl^R?qM*2 zjF_4pR*Nc36geGEC~O3ItTwf6R-mD7MYk2}|z$;9kizxpf z_(O$t!Wz!$jBhD3n2kv=t=)^;prTHdRC_bHJZX~T)f-MqlQZEG0TA#;O_Oh2$i#Py zy2i_A^~);#Qv3DIAx(s_gy5Ch!w+>R2o(DXEs%8W||eDx?5ZU`8?9 zK3|$4GN{eF0#Y1E70<3Hwn1d-DFN}T=TWYU83t-&{t(nx7yaPbl3HvJP;6URs zv!}cqvu8xt9JRIUi{Fahiw5<9?3lHyX4uMCe%}tB4IXP@E{&P97Y{xlW9I~>hQ|t? zChQcr;Q&lnLjQ=NgAD^sY+N~P@r#(tWA8ir&ZXfaf4Be2p;G=@QfKLx$b@-}oI6p? z>l7+`uHwBMEAg z0OIQk7B?$j*T;e4#oRS9ybL7L7BaRBB)vkrdKpv2`GIXv(1V$8bm$(=>zmy@Y;M~? zi;8o)J20iaGmB`l&d-G5gS}E#GqdHJ`RH_PnbNN@Yrv2u9IHAO#O4%&999CQ5-eV5 zTIXeIHg+!*#mZ`w@_#5Ln$;L2r!S4qqYv(j*l6iXSqug++}K1$@Fg4~l6OjzmM{_r zm>52~VDVgs@aS^H3#fc_u>+9;hc00i;QpS1QJgARZaf9sXAT!Dx>PQTFH`gneWqa1 z0?G`mas08r9LGU)R$)Q~zFBw6>PJn64&n4v1XygF2LM_yr5Ek;%iA+DX!1a`xf{~9 zJ8yv(4(mS`X;jgofr#i}(5P<#(=$YYW>RXDg7~oY{D>=?9XSJ%)elvQJVAbe-c%E+ zxGhsDj{@&Fd_)0&8u@}Ne85-faiwFWU4@S&{Fv|wVI}o}1lr0y=u%E;>AmPA7r4{A zli+b_=MI4!U5^vFp?mp!){alqpHQM8f}j8(B&tvCFJ2~kz4k1cLDQ-FR={}UB_0@2 z;@-npL}&_}I1+$@+*I3mi%$YxTUMpz`_#HLgK8AAbX?Cm+)|S^jS==++#B@k>7rjg z!4=CM5yDa5oHu7=#5XJUOl_}@4>ZZ2e)1=}3{l{z3~)tS1_11pW&}o>dlFRvcQ#xt zEK5iON=O6Sn3!X_iufybOE0v<8z0C|Y54KjwBV#d!R7;k_SJ0CS&O*H7EwDnu7~vaE}@Gqw6TKtE+@Xr36R7mhTHKQ zBrn=!|2H5JWlN0ue$e(}eGdh}Pa~@U-R##}@tqOw#GXOVttSmYWk0~Y^BuH8v5;Mi z@Nk8OXl}oj@t{(d(|C#GA<_vab;68LJwxea6FQkY<(5n?Z>QcBO*Y%BcLkHnv(&r% z$tGM>OqVyg9DK)KC3~{DKei}kY5oMyzu&wAX*(dTB<+Z#lCsm}@*HDUu<*3V`$OeL z?&NZW6wv7k$6g&|61zY{3o9p|b5ARdKfb?D-J&f-X=r{0Xd;%x`>}tDWh}O;?2G{+ z5{rsz!~R}dltn~*(#eNGtCe*iT%l+eTchSR&`qjY4er#@#F{7U$f$#HZ{5uY%lFAd z9bUH}=Ad|?Kl?a*jOLE|X%?4v2cbni`^UAwwm9Bu@l6^~#~b{dM#{aF`}T1R+SFDf z>^HX4)kdHQqD!@qJ3$JC=CkkLqAE9W5HGwBM))e|27n40<@Zi?e>rKDcYw)Exe{& zgem=N1b$_#P^cqXAX2pysal%bf+%|AKb0Yk!l3LBk!jTT=ey8$!>Ip&0}^f&5!$)G z(a@8nMF(b@#{0DHr?FIP)VAaijoDa9&?6H^_-qSsznq4DqM&H7N2Y<9N31Le&D)wh zG7~4S;wX@YWm3Q5+%R@g>UPA?=6TuCQ-^Gsg~Dqga~SAyr}GSgve2K0N>!f^wFdz* z-u*yMQ4Q^wZ`7+X13t9sc8+#L-@D0fN4}M&AUqsc@JHU8u5N|NaFERW zIy}QN>FwI(yKK|8mN|rnXaa&953%<8}uU@71UyFU~ z2shGHK=kr|pk_sY@h9@d*LX@D@Rxh1T)K>r3&*uE9;>h~<^;ZooQ>!HdH%_xu!-j% z2nIY2Ux{&#Et1a8CK;l>GxUdN`C%cjiVOM+6WP(Pvi4Tnc6LG*aI|dOd8L$Bkq7Ai z{=L@z#{))e+d1|4I&6-STaODQZnQidRx3}8Ux*ws`GV}pS9X|uZpZL`PE8UxhZ;*! zEY!neKT1tST+s3lLKYdZr!6}HbUCb(Wk$mc80^t5S4t5TqzDteV($LI|1zC_ z`N2i!4&uS^(0SHU5WEBF!n*a4Dfd2F>*kMTMLtKU%YN?)(o&6ONVkw8BB z(dZ~QW-%RoWwAvJwXuBt$Lc<)?^=gV(FYX@#eV!=g#RR<__{|`A7teYhRm~zp%$Qv zfEs{Zj7$1uU@pDPDUyx&IYq$1m-w5g_0!vQtsj2lsOWn0{1Q^Y2pRBd_`A)4j?n|vc$;MjGOV(=lzfz3ue(KUkT~1S% zGkef}#clyfd(+cjjUEZx55k*bYXh?)%TzhMtEBSDvzvbgLGf5Xbto2e5jm!WZa!FO zV&2epgf&xZ;^gi+w42MdCi4mc`e6rQR{Z%A0L3+C0+bh?3c!P+_R61=fHB{`MMsqg zWJQD)AQK+cs@*j`QEU9JR{pqw%AXCOha)*UYvhqIMB+d%6d|GM?~-<)ae4M1Rwzv5 zn|<<*g%LCHUN+J4{pnWCb(gMoaa{>Mg8p&g^$Wr4zqTm)qkC(_H~u^}Bi>Jww=6XG z{O;*F)0x^%3d7S3pJfH_g12aNL6cG7EsPpQnY$L~$sI>Gb*46z2g*89x zGDTgex|WYWV?kE-krZ~~gS;c=64v)j)XaiK!)2hAJ_7m$>hhkDal*i|K1`=-0hm7h{ z*!0)|poHCU0ua~?RHpg|>J4a4TC~u7tR^43DQ=+27g>_ONS;O+h?jXb-(R=#*)}jaKltyz# zbK3Rq);?~@OSHnaj{|jvkUFjSdlljE^0yPzqv)i&6cDNvA3xUB8_mN6U}p01fd{im znvY?XXV^1FsupRchcttkQ~200BjSG+iIt78uR6w?aHqZKTJY<9Wx zSqv_QG!aAj7?pUPtObOs2%NNnOQ+y6UqlG9;|tUKcTA2TLmPqa;gAx@%Lpp**`yL3 z>z!nPsk=67FpjudX;@!#goshpwv}cJW)og`Ui}C+B4#l!(7fwRvjro*o$XCT&02$@ zLuVA$vCQIC2%o*kvNjok{%F9MmRC zktvl8GH>y#6ol5{)Y}7f?f_yEFcP*NWF{=k-?qwZ`8es73Bbj)?T277FoE2H5FgQF zjRYjB>k8lzfryklx0WegZ%;dJ8QBLV(kqKAb%(B?$}%Nxot%m;nGS9KWUm z0MSGMV3|`n;cx&@eP{qd*b0DyGyu=CtfXg&lS%|2fZ~}Qa3~}ktN>Uh01WX0;IKph z(^dokvr7&JFx{dt@TBO-K=Dr`EikYgvjRKwjVU<-fK!AbfdH^o1Hd9ch0dBK+T$!N z^Nn|JJTSK(nZnBI$|>cgcHpf}pFc68Psh)n2t+;&Y+Hw!tNjCLj+#dc6n{Ek*e{$) z3r02smVO_MtPVsz4{ZAu$$;rk(YmVx#h(ut_C2S~`dfoe%@`2*SD^VvoYwVgp!vIY z1B(BJ0$vCE1v9rG8Rx-*nHvxnjtQU-X*QzM^9QXHudAP)aZYsj+Zh9fe1Cz}^SFTK zZAfTy{ET4cE^s=g!q&D66n{N{^I(~hc^)7NVxZ*5hWvqTKL#^*GL!~~fKjG2a7Z0~ z74^#87mw>I=P_XSu@B_*lx&)P2cG&{{Z4=h0+nU;D``Pc0>h{W3|q+<=>Z^rf2;Gs zK}?EeE-~N8IQ^J!k)=*f@9D>G8!Fj8IvZs|LnqAw&M_Eau~(p1kqp5x28e0FQb~8RN)B1Q(s%5?;}XIaAEeG-XWLiKQ6zfWe~!}Thvm!cS_j0D zJHD%wG3KTt(eq&oE!S`|)jn$>l07jTikWc6L{q+Ln77*{Vqp1^-bf8cn5o# zYzBm)Q1PF`Xe5;IvO1w3iaU@5>4bH=DH4+p(fiY8rU^0-|v%jz@`}no9!a+rQtZ68DY+>~ji0 zgF4Uv%$RLPPDsSNg8r#`1}FZBMouiw_smvlB?HN|){$wpeYx!mM6!37&@6^U%lo37 z$!JC9gk5}RSg$al)$_OPJHyNI5Lq~zUudl>Cjk^oIa?ve4R0@u+uL6&nTH4wC`JSrcMXI#Wg-xReOL*}UTQ``lMuHq zXQ(p&tgY#2mTeyO{5e>e^cMfj;)F{j)G(SQJK4ZGtsa9GBl<(fuk*o^=)AyO~$W$a=ki!7wp@o6)X33`~9-K-ac^D}6H>HeYLa zP?3EOauK?0*;B&VBMthoglbd)W@n)M_)D(BTkEqcmH(_&n_0&i!J(=Hs8Ejf@Q38| zXhk`P8sXRFVT7L^<06EOkIxN8{U#!Ej485mC0YR$GonP~XaU(h+Fm}&va`r0a7kbe zTEgG>_f*! zl)JhUtLlWRf}Qe#KA^=9v^3q`(~P#KKtZa+3(IQRqai3jes%2h%2}fufY}OXKpN(y zG4m5e6&IuM%h3e#0FsxoRR3h@KjFZk%GU?;9v%_|;<0`# zc`>2bc#9u^VK7Ic_7t$}@#l$v)vC+Q>N2J)xV&DRX|4HBTxMqX1C?%{Sch-k0KH)dW0tbb{Qo@6pc!F}VyQ6U}kaS|4W=a;s`v-lVG+t@;+ z8+EHUP0csNK4_Alu$1e^xe&~FG5o1>#~nc>o-DWKJDM2oJiu8Ist1^fVp_klFF#js zG)P_kcqou#gA9(8Izo*$`ioHg{+I~P(}!svV9cz@#vuzEL6yABdHkCUe9{GY^qJA{ zgp%)CxBnnqSVt(yzrWI!1plIo)o*zW9$2VSwfs`F{C&f^M8q8Pe$f&6X4w`abdGem zf@ZLF*X&?4t1E3)TE4-uPio#HJ}ZczDzYKC56V$uSYeS*mf8V4#VX$(Q<^y6t>%b? zXB5^+rC1$Ku@b9ESgUB3ltY3u0gv`HV}yyiAP0`)5c_W)MAI7S3wV++=tK`Uq!XE{ zS;kmE743IA^7K4CST?tMcU5ntoPhOBh~{}_Bw>!i45D1++cObSKvu;Wb=9+2sY!%R zLqqxYyvfRuxFB5k9A3fQk{rc&&`m}Ixn(cld%DAG)BY@RiD7Mj&q}OzO8+ ze5@SgMR5xuB{+78P&VUg=0y)X9xypu-Gs0^P3BUVe|aXti6TqifU_$j_D7(BQjC|B zV!FH=oDwNkdGWv7_jCrnmOxBW@bx?j0KQ5|!xGZ4g!nQA@lY|aJF)O+?zr=Kycaav zrUZpqjj9ys!2*;rzouIOvlsCl=q-AJ@>!@Sb_|L)#u+#&+c%ID1d1%*!jg!d^kr&m8ru?2Q)gMfyDV?XIIi__s{b&1) zgPiLg1@w_U*dyrI&V`4Cnl}fOhWSu42R^PhnqYxPb6?;E?RZurhM@}6iC&b$;g1>B zWSlU6G9F=Hg_R4cd38IIKw;=^O^Sz9ojCW#`XvXM_YpymedI75P;g)F+yg8>!GXHv zcY?=npkoD-B*5AoNL~L8kcjXlf?-SqAp8?utZMQM-DJJhec5M*bv;ij+LtEdn5`ba zFh>#Fz*=x$;@o3irvUeiIpB9To!`*pQYIl}E9Cl+24#lAe)KH`B7K^7bX0{_F$WW) z0>bayw~_}15{hU-60`Zc_S`a-IoK1j6#C|vD^Rw>uwotdt#}g!(|X=*p%?69p|W6^ z;879?o&s0#A{~$fdqCNThV=qEfPEp*IXxDi(_-`<2OtnpdM7oX-YbpeL?za2?dT>P5I@6{AErwylF?mg6C@LQSXx#Y|8Kr*GHl zz#Jm_zzEBJ&meT8fH+r;2_KT0Pf#46itSaLcesQ4_tNuR`P@gi;l9EB9a@1*>=x;;?hXY(Gwfot zf5#kY{{~(>?cY5FiJk(|Md2H~=}#`<8{6a(zDk#6B;zFr-zK0A!q+)yT?GSE%q20L zz6?gziqy&A5c;4F2`P1cp#`L_87Fi|C!CNvmPK$RDJB8AX(5O#uOm6_S$jE0K%xC) zE@y`58k{kBGBnacZl>wS)(YcB`6rKsKL;bYTC;5DxWPtf38r+YVKY$mImXP+dFOSh5b6R8v&6kDTc6&@5X+1%$#eU#zjuJf^QGV$7{NBU)D+DKE17oTnD25w5Bp zi|I}24>saxwQQ+j87!a6`OzlmAb~g9`v4OT#J?~EI0!QjgL9+)B|bni66iqWR=?VJ z7bF^wCo@pCgy#g$z;J~QzYC&S`wfVkg~MWl2V@V3o|QKsIxs(o`a)5p=ojsBIzS#^ zT~>~IeZkD;a~QH6hy==GSE5ArZB$r68Rv7fb6>MUTa^MF9HJDO2KZfM;%~eIU<^BN zw*V$1RE+utU@KV-RIm(d=LcZ1L=PlLHX)JkYf*HXG$0XG9C?lEjX&N~#mRlDol0;a z1A;?fJKJ8QozEgRdvDZA}eR|;*piztEvH@(WHFz;seUo7?ZMjQ~Y5tq752O zKPX!#uN&6i4iS>E{LG;7%6r^-9P7U#m<3JobttQ%Mnh)%*ZZXTrG4ncV(WmiB*GDC#~iUrnrG( z7ROBjfeuxcK2R2$IKh{V1eHv{1vM*TA8`+K7WBGP&{HV|VaMt8W%Wi`dN6?vKG7Xu z?*02MC=TZiy(awA^6I|v4-_TFk$QAsRmi;?8=uvGA`TCikJ9z-H`$!4kae%2Pv zy<^`ig)1ddsoZ-jg;OO_>1?`G;97~@f_41%1tsDHJ5OEw>QbgIC#%cx>To=Izg^BJ?DY*Jl_qzpmLqnagnO+1Ql>=4ifB&ugdHc188*TQZy{pXi9Em?e1y8CQ!WDg zQk+hA-cK^oh{1dGSX==Lhb~kSXKgS`cobb;wa5(ww+>%dp1nkI;#{&1`$3f{9UzLM zhJ*5~CGXcsLE8NgbzFl<7n8Wn=@zqmZ~k-*>ZI!t5EP(sx&e448WXL6+O&;L%GfGp z3;eO}>;|4kIkmX>q=dcXk3&ei(Vx>-vLiMKa$`fbA{T{49J&~PeV+j$Git?ga3$$$g$uI@kodR$P6y3|jkTmxXrfMv z5`$=pI{en^(l5YhV@xabn(o+8XqTjv^Y+%gA+FtiY;CF33b0&=vU2-weirN9-LS2AujDf0XGK5ms^y@RH4YEBDatW29*~ z?*T;TIEQ#g-kE9Cm23Na)K?Ln}QAC7yJDO6h$#3 zhk3g1C6PlT-&=Q)MwArN=sopHd)e&pH~lvtuF7Lr-?B0 zB^MDSr4ZpybCN_522zI}PIH=v^{+psBf{yY@0kdyJQ5)?OBqj9C^r5mS|DiZQ{LaV zA68ugCC039VGcfWk@aBk!vVMlGxGQ$@ZS~K%leRkjMCyf5(?y>JbUY_s`1c2`k-&o za$uNpptX$iv`$(&g3+fv>?vz<{tAREAhc6Kx-K2J}ZHRc!C=)X92 zRA_ZaZoF$)-H;5q7%)0<3=$%|*A80!?ZCD#0$BbW2(8Hvu+OkIV5EmI0Ho|@ObkfM z^VbEfi`QuzFA(~s8=_fIwyg{x)Fu#Gdw3wU6DcQ3 zN=~a37!$t({6TB*>Yz1bbzs{+0?q$K%5?>S&@QCBKvJ$m%HxcQGbQDa&yXr;UH6$z zd0Zg$FTnX*Nx5!-HS8q3ILVke0jUFJUm25XCENAO0^7a{H2({Qe|u6O^P>TouuTUY zd{UrnnK6kDK7{!Oi*>ix7!vwfhrZo^Na5Rdg$HJdHJL6@S$lHQ88a8NK z1p!sPy>fq&FpH#3twf#!XT=m0``-8LMjM}G?SnSnvfibQ8#Q#$PTDbQb?MPpW4`D) z7v?3UXyc`?B{5%;7W2Q`kPh?D_1H7!Re8kxu2(#m2lK2ZtfE~0fDt67yC&=?@82F) z=N8IWXnQt99o7Psp&;EFxLx)Quh@=gJ@^2>;T$fM1IM43paJG7h#Y*?%kJ8t?OlzD zH?Rb&d_9I7>yvBryF!y7=i9I@nDYvdp4o0?#pnSjvr2y*%k1!UO*&l48Tbt$P_^S+ zg&B$gu&e-nRuP@DT}J&Wq8>1mhdifBIJR@Ld;BIL;YN5rsWO2KDA&J1(h_YBHLv5O zZ>R}j_dC$$HQj(1K)wZZf;NVvR>G3F>3lLVe6m0lm5{5u>i43HcUSNm7`=epu|ytd zfPv#xZ{y}&+H36aSO-)CQRFZ%P9H-5g^I5@9O6Q^!;N?ChMOzz*avPd)T;+es7I!0 zc!iryvZmE#$eEg(2S4rNW=SdB-2Rm$H%pdQw#A>nOUKPCVT0|-z*FUsn@@Z>m74{F zVhASZP=xw|bRaR$u2`e6R6rUOQEv$DY4)(S&&pNV){S=mbnt*Tsd9{2SqH{iMB6JC zG-h=^CDv13Jfu@}?i!0Ro?T~&c8ooQ$8(~EIkB%X&2kQQq{xZAfV*>%`Op}b_Tnz* zz}VTmi)M9*<>98UF{^iG3=8*MXM+3Qxx`IS*sNfxWIxubA31ceO0N2mT%Ej)ek5zH zs~__&v8)mB-ee^P;=8jrQwla@*66kTL81>T;L5MAap%F5}c?w7T4+E>-IC zXLT8@E*GoI#?8B0V*A74qX)pr@voe3*_lo?Z+t&a!u|Fd2oi=w7{g?9;AlU6!NWc|&Bz9rLN&p67dxi5nRvs3U}GLM;)#v383~%B{|4M?!kQC3#eeZF{|CsK9>wK>W||H zXJ+4az0Wr4568XQgw|nHq6p1F&A#I+702cgZ~1U2WY{l#@6lA8;9yJ*fq&u!0e+MM z{`Hp=z`x4dWN^rPM`+*|`tHUTbf3W8P-a%R>+rMSu9~^rxEmtH2=3Nv12o%y2bN2G z1)6;HVTsoNUJ@o+zl-R-%bxKg_~sL6LdS8^ihrzrh1-?$WHOlu!9herCq1bw_e& zRcttj%MYiU(aXR^r#|-CVAw3HYK}6auybG`-90b7(n)+K6JtFAJe%A)4l{;pk>y5Y z!R-nf5cdf*G|6W_C#3Ghw+cpZn(me9P(nif=%tvhZb3?oKSbr=70@D4VIXIs462nM zo>2;|JpK~n)9bnMq)Ufx^>`x=;zt*nR0qSCD7?VlvNB=eFwhJrfi|VX$m(+X=~{uF z^oUD=mMR7M<+D!fWUfq&Hc%>m;Iv*}YwgKLw3;nU*E)1QY@L+BrX8%CHUdqfV+q;# zqoE8!MNPNSTSshzFR`0(6fgK_VO{GoR!f#b2QjsIQT4tO+RY(x6kfI zWxT+596n~+N3Z_1#UAm>KU?gT-(rT(@{N0z!VZY30B{CWhJDdE3aS`+V(#U3fADq4 z`J2xWJw|{9adfoRySeADo)Kon#-Yv#*8HME0K_knB@yUD@-P{qJK_ zYG00&(cC^d`yDF#0+oHz{XFVi1D{Q7q7^JgZt{6!&&yV%E+BV+334xzOfZh|4Dskv zxtfZHju@&t=_bCu#L2TT19HoTc5|u%Wx+61Ggg;C>#R?@vhw&3WLovZKDvPq9Za z>iZ%UxfrzaZQ`+w*p6khi`isTj%&v#X474J#5ejrFq>})M1^InBk3c#!|)Q>pFaHB zB(q^t%M80HHT(XO{Z5@ds=`WIYq#k<3Yj2??dRtgI8e26drL;ArepX8XL9q) zL7p!;{L)cEzk+7{0uMpnn@qftJ|8xP!{`=)2JuLDv<~n1GeVKhety&`;F# zC57oI<+;StGQ0DAs2p$gtOFV2|xY9azAmkC$uq-EdjIhk8Vjd zdkpM|CTD_RNjW&hbJj+b*iy%Av^qW^{ZSj&-p*dG_sFi2}libs@cK zCIUuTvX^N7p5U!bz%cAUm3+ZICjYfP9Mv`6dB5iEIzQ zr{T9Cq0b|C!1h8Ij$)PZvNbBmsyR=l;@diCWJP?LJ$bW(LE+5j$(c`SD3bWYcxvzE zje;NomTmt&F+&I~=9aeurCR&Ab$cgotp87t_aaJ30i^^@lva4GLf<{*qz1`F3G@Is@sFQ}v;;_!IUI-#{~7=H?m?yra)<6JOE;Iym8S z8++pRHgFO_CGls{@Xbf)T}wpq9Qc4e=COCUcn)ka5IjdW0XxM`so&6FIp2PS zPl%Y3PKo(Yp7U+F_gkphpWtJAR^l6~aEsKc)!>J+Hu=G5c#P&xXk!Zhf*jlk7GTJZ zO`~w%3v0iP@VQ7%9yY?KirvJ(!g3@Vh3jqLXC&DK45=hv6IW5Q2uZ-Dqj0^gK$0*3 zL?xM`k^toL5+uR(wi2`K`Dp{N=HlMQA99KN|$(M>%?-bdymDjQ$<&|EJ2%I?6K&g28w9laBj^lKgjf07aN z?1OgvD$EAbQH|goI4VfDg`R%t-XTxfU`+fc?$~DtlZkjb5j+I0 zR$!&4p^ljVIKb5b4tM}#CtWqA_M5s%U^ziHcR_)hKzUE56i$;OoRE6L7s3X9_RleC zm!sf2 zde88s^g<$O&W_(?K}g$ZNE@^>$qT+j7o|9uHe!@dshj?k(ZjcN4UW+`!gTF~jZMxL z*Bq*jH-l`5nF6kM21+zjXzf6+EHZJT!BYFY?}%iQzDRgf?TCC-Y>47fr*G%g%daPOP8`S=8Lz<{U zUAo>LE|oi~y=FSK)C);<`Crsm?b>YrYSsR~?-~DlWsjmWOxr^`_NZMNRh$TYAEa$3 zyZMNX%FPMTv$zeQ{tCLQmqSwaWRH&C8~D(9{~Pw%It_CP3FwCJg|7vB^Ox-fd`81x zX^wjL=umyKQD4tb;HC=pd$1_mv^2EMh<=%n036^^+s{Sz*r^J);4w~^0JpFQcN?H@ z$5tu&vjqcm-;L#Fu!V2n6KvsYl6FS2|4t_lM*V}j6||R(aDzOx(Sw`ObT(7^lcmrE z&<*L897S+P#|MfRoZ%bC6M9Tj%5Q%4%`vL%_R>m6(2V*&=(b&$Y@649O5Z+lSODFs zefLQHZMM%h^FquASh=%oT%2=L2x#h-eAPwikB{Ntk}aFC22h@<22I+Xfe&q&_L)x9cB2kmgHFb0S-sYz0m%Wjn-SDLv-`GVu3JrX@XZgPVAHsd%Pxd4~Y5cQ2 z$oTNjHdUi47>KwL-z-Gq1ijl{)c5-faQs@#ZZGu^A@Hm8;*Lv4#hd<{_VSUs)u^1~ z|J~cmH7ljnQ$I$l_tIWY$B#9&#DI)VFdxt+AEuMD5@%rIIeaE*1p=K~68*?VS=jCvWDC*&ujvTzf#(cx>LW(rw~>XzqUo<- zgk3dbSDYzF`$PfUKKDcL(Vq!4_`96^J%M_goaM45y!s9Pg8vx)M-ppU{!RFASRr!I z@WKBZ_*ea>@c->|fq%jK|8L;`_~HMMf4=`r;NS1xgMY8=tv&Y_&pxeMu~+>?F9q?S z#lZM~#U9)Mx91v|5Yf)u zQX(^(N+F*;J}{;`I{TELx1+ z{mBpttILifhh`8EHSNbKC>mfIEX()aiTupY3C5V(N6tS}#Z{D2+xhvil3A*#&(vyD z`;UJY?2TRs>e`M@N07o~R1TwzAo zw{UK0*Eb}txbT>!r3q-y9E<%~2x8Kyv~B@LN3G9OdPeF0QucJp#|G~mHW#Jc(}D%x zi&)w?^aVk*Fv|1q4yA5K$+u%y!u`y$&uapLrR0u}h*QiH0^5!2Ii&(BV=FKO5sHCF zZXLw3)O2T#G1J6!=ivO(FRCNh)UG^(Fe|4VAHgrqqum`%kXaTNJEYiud%|Btu3_vCwN@n@yOUk8Oho=zRwo-^)`;#lR@C(`gM@_@yjKm)dZMdW8Gp0Y{< zWh-iqA0+C$Hbsl2wG$L!B*aMb!%?Fk)O)%NM@mCuBTz^Ar{N%RA zPZ-sv;jca8C-=XApJNdsu($YGIq$!VpBGl|mHb_eYKb3;0VocBbGAba?aUkpjRLuX zpLbQwvE204n0a%yzjSL&S3GpULkB+O;sGbQ-`vq(x~lp;ut9zX_k_*QOrA!aV&Cmi zpQNGpZP&M^cXn%f-#z!=q<8jzf!?PhBw%mp9dGu~8PzgCQZqBwhjZq<(r~=i+ z@4$95w*&*lSlQb*+bmvaM#khtb9+f~dase~!OTUNyU8^p68D#n$;1N0R&yW@wzMBb zf${ZJx$293zz@ZBhj!I3RI)EVoC&H5!ZpTvuuEIE>8 zSCNxNZTXGGQ9K7+pyWot85w|xITrybrGldZ;HZc=Dis{5N8l(UFM*?Lo_25)|EJ*S zr+0uO1{Ne)S?)aeYQ6uxjQkJOXsP}kNVwfgxi#j5wLA$L3j#9L%wG}tB|*30Mgpca zPdPCCLBUi>m~KmSO|9WE8iI;`E_;MQO(r8uJ_KrrCVw~+kuce_8HM~NP@Tcuu{6SA z&Y=UX1{swV0^1|rJ_su&T4ucQUB<|4?k!$NFA3i>Zp^q+~s0+D7MRzRAU z`Hj05@-T$?1L_x5LpZPx#Kp&uZemoi64+s2chtmf$_nBSf;w(vC1_>!3e<0^KAXEi zMX>+SC-G@aA_Ob}J+XIfqAfXUlNdAxKZK*}?Y;n6jEiqT=|c`kVD*J39js>VBBk+l zdv4LCBy~pPYgFK3k+A9rcbYhgh$Vs5*_9q2{D0i3ChfW9?3q*$*n8Z69IRag`r^E2L@P&g zU*iRu1$-%rC?P9R-!zrtF-8$da9kA96s~~1R9H990jyWJ zV5P$Gz&rZfJ;3_03)YTFmQ12^05(;QueTdeRs6|TX-_?EerS88#Gnf_7=~(Fe=^fRE9rDlI;~Q2gPi&7fn#u)ty@ES?Ak zw3hG0XSkOQ`}!f*t2GwoD%=XJ+x^|`(7^ac;fJ$)F=m;t2(XW0VjMcTo-3_bj4%!h zd8x03tkX0jnUszSM>;CyCQ+6> zeiks?(Zg|Ge(MK*gDxA6Ho#s&LuhdzHW)UUpi_m}n-T2YI7+t`>pEBqgq9gXjKa@H zHSwpV`%K|yv?)#bFhrWX<)dw{EnrI%WzL_8GG9%VkMSrEs2C1Mjf!s(+g8f!MogFj z8E(oQ5Vdgv?6Gm^$4Q3obX(B$tU}5@k6OvLSECEpC=eAd7)DtHOO<1v2(V&RE{uBd z83cUL5yL?*z=vL0szluYDSISfaw^NS)%kEx(WE3;!ChGq@LDp@Zh9R!ctqjV`MVGG z-Qub5HT1cJXE*hg@2NhcVF}7i*G72PK+_u_F%SNVRhmGneb+UL*Wu6dXLm=wXzrOK zWW~?Xn8JHGo2!t(cDc_#O)-%eD2fAct(s3#i4Y*o1W6qPji%hFmwCnKvlh0^NsYgN;o;E3(5dAt4oD;oWQPnW1v)Zo>Eg|^ z2Vl`SQ$V4DZS8ktTRoMwh{IYO18JalyS=095Gj;{0)>-xiGG%i5~-7MSK2zjzzCmD z$Z)tDjwoo}aD?eO^N+ho9>wn}&H&4e?{3Dzns#bu89QMuo`cl3*k#O z19UHJzq};{-8ERRsI3BSV3^O+tla#EY4i~#2dvtT4GgKnm`dX8vkGzVCtB>)qgC|3 zP)|6{WVZ4~d+2w{m{C1hqkXC8SuqxhK+4{pFZM@&L$mYSvM-E=m1)~sj<+&SQ0~2{@7^vh~V!vz2C(ix1RRbAmY3=y^9`n+J5*y zr0xDT+HRjw-xkHIzxB5GYR|Kq;^%w5*ehQ^iw{Y(IHkSw(ze%+w?c2l=&DJe_a{H5 zws&~C_Le^2wD+Wy(%#cN?X_!bRVyL*VloNop$i-Bsq4J0yxsH6Rtl3K<<*`q_Rr6w zl?7;JO8cg&_7!<;dOs|OteP7Is%S=^p~Hq>Qv-d7eq@3FI2=O-SfEZ%hG)Toj-;+4 zXW9i?ywjO_1yFoA_8!V1RahL`UdoR@Zl6z3FL4Osfp_#!@LmC7b)s-+8zrEy9~A() zG#yKG2cMwA^OP#>*s_#wG)B>1VH&q@9xA~cEW1Zw4*JD$E7%L3L#G&~40!4{8pLOx z7KRAuKR%Z5v9xw&yjm{C+iSd}sS{?}G?n5pTwuIO12lf^qcv(lDAcpR-nBT%Agx-E zg%-rlbg<}1bF233n>_!hcaBNuv-I*@aj(PQ7p&O5JU>O>Tcy8RDe%d;s>R&M2A z6Yc+;?KkQ-=s{2=3?NJ{=%;c_b{{vHhKG<@3>_FH#qM4MCJ6F7`(-mn5uLHUqzHx= zPuPJ<{kQu#djR3bt2kT-GHT{$F297YlqOn*if%v>(2x7>$z1Y-mn#w!P}x9Y)NVjV zm_54@ew!`g)FdM#ie)>PQG|+`}3G#!6wKUo4(7Z;w z&|7sP6>eHFNu&J>>=ddG1!$wa-t*j69ZjB8_Q0pWxxo~ZD@FhGC*4CEE2#sW^@-XZ zw+BM|kn%1LmEk2`RXKbk_6r(co5D9PHW}e&6NL`46_mPTL&5=O|AfQ2Ss6G+T*l}U z$UCLXj3~i`vF+z~up0QQ8_^ZQ(b&=hb&3_J#b_|$Git0T2GK?099Ip{7&n`A6k z+QcRku&7l10k#01V{R?2^v6giN3usuQWpGzozej!X$RGy5744^Am^wRcc;EHvsD$h-ZN>Tr(qtqkL67qn&o23!L$ z1PeDJ)me$Q5nb!G@&$C{L@Ln}z51gscN-;LG&eciBWh1CmjxS;Dim^3q|rVT<`)^P z3Jf+v^b1fb`sEeqm+k@4FGu1Me++8FjBLgMn(A7wuCm#QzLns;2qv_sVq_`fUa?9m zpq~HI4OFB3fam$&EAvuM8TNP6!1V`-rb+TUyyQ#t;g;NQYQjc^s~6SwVwS#w<2M0! z{1KGx>Q?S$i!1#;8w|%E)8x7CWz!}7zQB2p;VtPQg7Mb3N-%`dYDCU+TsQ<)X*{y= z%Tz};)_tO6;{jLV1Pe*`>a3lHge=sWQX8rq_Gh^AxrL-j0An8wAz363T1b}21BC?p z*RGHUY`|qgU=$X95C+(iD6rU_|MC%!Fq$3DKdp2%RE_Xf)c7zaq_HRCG4SS>gVVbuT5+aYkeHN-#^WAlhP}w@Zd;4cISFk zwo6I}A_oFe+f(JDCxAIHuqcevLQa;Fg!Pv55Tgk@0j1xVdJx}RYyuW<-=1wi@9}_?8{lY4W)iV(PmvG#ESoZ#U}YSn25Radra4 zbQ^(#fR~5&XLLgqPcIt)NgGbP=}cBpk3Ay5&JU?xJL>zSuke2pFW?8Zm$F21HQIy! zuKE*gMLD_fU8Pep*l3@el1_XHR}`Ai2xo~#;KnERhp9xVKAyclj6XJ%P@`S9OdJeF z1JI>2Ttrg&V`otAS|trSN##@;RRD9w3`x%NnWts?&NviecrE^xdE`3V2TwX?ZfVeELKAn)A$#D zM}G9iuLHU|5RyMnZEo3wJffq3JP!Cu$&9P}d`|dH5-54hXGvD>tCJjge0GtN$D5GS zC0!Mcbg50;xr{a9k**S!?2@kQrKW0hN))X>@(H5l-<@bxrWGyKi{O}5N?n1yqDBcC zgj7Oi=)Hl9f9lh02x#c%`C8yVYDQi3S}s`tc6P*LA=XNr_OzzfJMJ*?)L zM!V-yMJf}fU^yK0&iPTP>2mfm-MS^7@(5*&LtY$L8~cPjh&NU7&5ib(-h^&yw*vAn zp0sw|eBq}ei{(UAN6~s@Kc}G{Pe0& zSBNfTe0#_7XIbKi;oUw{pMQb#FWOFpHJ+L1V4_(uGlFLC86Yi8LM~A~)nP*;WJ+ zlgZ>5M4dR5&wybVv4K^s`0N$oGYv(;N$m8T+S;dNB!vUL+4(zK(H#iH8h(dT*uIVD8YKf)rGc1K}jZAh^ANC>w7V-9|=T zr8kn5&9`ADsQ6c`p$xZoI6fFX50(OKjHgh%G4njlx7`ZuE?>K_tOn3xLx69w1(>LI zeI%5de&Em5D2YsL+nW7WoW;X{sCy2kI*a`?+DF1O-g9w zm;*H%xa#Bi@Lan{y4sH$^N zm9S{_>F_u?i>M2N9j4*hXjd#&T<2K8G*{74_z8VE{np_BVDx-CpQ>T)o}ctv-?-9+ zWFn#_2bR-)w+zmR{ir)}lkN4Jk%a-A>w6J^R0B$Ee_!9CJdsxJwajoN8vsFvQsO`# zGE)cWNc6M}(5e-8!Af&kv%AMho29A_KiMty_LSOapWu1k1LoVTCAEL~Ou{G~Pp*CK zRLIZVbn+u(AMYMtXlMlx1x&%_aBiyP2J{2wAqo)Q?4rSlr? zwVr1JuUg^C(&R~E543=ljbN+fY+bAQx_c;w-k2zqtgwNb5e|Nol&H1@oKb(yr<})!o2h}5KdcO#OWdI_$gPciIVHPp6Q|28ttRKxf3{cRnX3p z#Qwi1sCPjM^;*$y9&yHY?Y@)gjp` z#0G(-Q{o90U8D%2sgE{5YA|2YXrF-*1ew-}lR3%r%tS~DfoQZld%oCD-GSDoi6{7o z5VdNbY8H@K?rq}qJ6*4k@i7a#buKeSphTKKKv@xQf;0SbT$HUK7(K` zx?9@M^DO9KOOf(8&lmg62wK`ke2AdLs7Sr`^!Uy4f7#>dNq$zJ30!jDq%c~d%mnSG1HFE7m&d}83^!6&WMXgeIc3zB(h z2mc3F$hi@@tJ(eRM&ugL7klJnAo4H>t6ROL##dac^jisWT11>8P9qft-6UZ4FRAS{ z>Ur*}r_I?)Mm`+vwE2x$O06y92evywFg*)jAftvSw93>}G>Q)NQ~Nf=d{s z%T+)9yd^>bs?v^L?xGC!R`pB~EX|!WVV5P5+PcY&_TAnT6kpA+V?19P?dv?xZi1A1 zzSwITK#;L18Y{(~-8Xs|dryykH4Z(Fo4Hr?2rcnQ(SJw}pW9$)O^;(_fr6tK)6pZ# zo5Dqp4ez*V*=T?1d3MvI$@9e?Sifg_^ilr7D#}MC<)gAq0}{p=dtCm=lrTFXF*kgm zu;?-b-q8|+1fEgD9r zO$Qk;V<{pW>=-#Kw;=YWu=@OP{a{!apCbh}D~F4xx`(6~D5kh}pJVjMQCHGoUJSdC z!dMC2Tm@GkqE0wmFr|TBWdZNPo4Suq=!xos31c~j1tvha9w0E_#PzBIuVNo@{9yG7 z^8Q+yFii->4b$ytL%*IY*0c6)k$YtK!||@XY9un?%_AVtw#7c z{57NJa>C=v>p0;7>(i2V`y&wG7^8lP@Ku*gPc_p2fNx;Bd`08P7FuF2zmMu|35 zqcZ;aWXujkKDtuaMewY}Y)@uGO<)x@?BtIU{+J~xE<35#xDEtw5oV~?MWN7jL<)7X zZvL@pSB&vKQ@*P2teJmaPC&&whCb_W(+ItuiPg35!CG{vvK^Qqqv(n_{fH&~88?KI zC|u^FdI{nPT_7T$MjXqs5fR;3(U(*ga^EjdlH9#Qbv<-4PPmX{E+S-75Em$dFIlpe zNrF~k(q5suHB18UsqQ7m=j}k(zqTbx7wOhqL7IgDbrLD+H@4h|*3^_So@W7bVA2<_ zhDe@57C^tDppvEn{$t`e<+nlfVtV37dqGL|_De$CX8c=?A08M%^c3K6O|lkVFW9b5;++5{t9o3{AY%}>wUk;G$!Xe zz7*$*i9p77u!7GWO!fyqXUBILALlG;gOACqKq1UGW|}+N;N!`s1s|9d5T86Trhq*9 z!T?Aw!Ix}j!61c=u(D71hCX7RVyg2Ud>Jn`KJoqbVq=Lf#W{Zhu)#Ub|B4^ZX=>B| zj=~^w|LFFA_U`k;@g4HR`WO5d_{jI$i-ASH6z6y2cZDBzPd-j*++}<`eyzdB^rvr{xq;7bi6sokB)!(etXgJm@mZ{a0}4U+D2U@>xCOI?}4 z$1P9nK7Z_Sd`Adb_`Dw>vwgq42)W0X;v9VQuJFh1;Uo0VUB*Yn)dnBe&f0x^jO~y? zW$O?E z%DcP15wneJnI44+?$efq76*{#=JAcG&c4cEZNT4&wNQPvC$oQSp%$rH7$`ZDv|i7q z!BI2iy;#l;T(|%E3XaDQGaD1(L^cyTOh5{hv2zie!aW)AW1i*r`ghsI9j&*rPY~X?Yv5|3OsD5f1az$|-S-*|_TH`C>Ru|ST$}VhOJbcjWA$u(DYP$0Ey7}uyMBjp1%Fu4;`G9% zuhY(2hJ)^qH{~olGru4<@UQ*mr<~5lS7BgqPV^`QWw^4dB3M}SD{@6bcl}vL48^Rq z$iB9H@OAi$FAbS}BR^G;$Hi%X>@ zc*-)gLFX(U9)Q+BatljBF>y6KmT`K&HSrB}$78|s`*2N7)-XPRF^Uey78DzfCnz#g zomKF#te6(CnkAGw46F45bUSd(qvo6r&zf|nbE`Uc4m>Z@3-C7M*>uXaWVynEel3vZ zASlOp4ZehRaJ1PXTCTGA8W<1v$13@O<$ffsGyiA`kHMP3lg1vFmIzj`s)SgHzr&s* z!hs99QLhzG6QDF>o(aZW8LCYIIt!cDk|ex&Ez+D+p$x zq9P2n%8O!x6e2Oz`Enqx;+{GRmvZliYcZUq=ism$JMhp8 zR|!u@%qEPgoqwh#-Bf&3Hg76E^eB+OvGQ8nQhYEzpy>K6Ptl$%dV6xwb^EYr%aKwP zj22vl4@(0J4%4>?D^O8aBfg8S1O3yTGmp@>2*2q2d>lVFI7Q{a*4L2E_QuD%dOzin zg!i+0DiFA%l<^3Ca0QSPzX6ji|JD7JQvc<5sY54|@29+j)z31c+9diu4#+^?2z z$8PrL=j(RXAG;vu0p%agfwKbt&>^;l(I)6D(36H=Ig^UE^JspAwor}L%n$tsMy1_{a)$Wp6;vQNXgx#wr~@a~ zQ^^ld=NX|Ge!wAg<{zZakOY@VtQ0l$TVvKlw(QU4VU5gej{`G}2c7Lp;fZ1LdxaI< z$}g5RXj=&DZCRl#uGF?rafUG1TvY|mc#fTozGv08(4(2AY_GY99HxU-ij^P_7H=~= zn}L|x^h>Xlb#ZD(nZgibyJ#TK*?f@#A2vyxA*y;=T%c<=q2LS}5;1oQTY5(i5EdpR zli9LJ2oOe7ZACLt6F_k`rXx0t;VI5ktJsH#FJn{XW=~Iiwa`OHU+I>AAa!xp#I|te zCNVH*ZD{fRr(o6vWp9RaSc?hkdSVN|3W8Cs0cHmamlKL>8sJ>ZM&!D*RLy5Go^VESvrsxT7 zIs)j>GwcI86E6^7Wr{AX{4<3K@T=OABkOIa`1j)gK!s1Ww}tj|E!(eI;^46u5&+Wy zNLTS={hEphAzZ;9AQ*i>ii1=SGO3+DGxTnmxw2cPO^qlocDsJ##5q>1@BKX}_yhlh zN6S;DrItUNRU510Q{ZMe8P`I_kL)PEY8T|JRq{QZny6;|Oaah1Q2L3k&f<5Q}YW!&(?n~S1L3pcGQY}$Ov@B^ERQX!~=bA})OS`i%}PJKWSIN5@qVG)$|y#P(u`@= zuL;$y7NB*9JQWqihGiEGS~lTOD|Ry8G2lBpTon6#_HekrlllWA!v`%2HRJ&u@f_lB z*|0Eb0v=ub;uz7`@1c(_0j5u;o^7zzC% zb@E5!L~JA`)W}>$!Ipk#tQr)=&lUmD`#>S+Q_THGWi-LV=}@Zvn?Z#c1xk!pYehJi zE7%$Q(McrN^N&m{+NoyAO#H;!*x)C7k#Dm;m4{JEYWo^RqfttEs|J6u>V*DJu971e zp5_j>s^5JWHw|jm8-_r>a^eokJ+SFEH5PF0+{Y6Yn9PbXoa=^XEO^{O&{e>oKx_wl zEVvS_f)rAXg@dAdB7QSeaPJ1;WSu#ohtT@Owg4Joqu52~)hf|oENBoM;Fumy^#(^T*o z48zOkO3+#aC_#T{_94VHK-5Z>aScd6;sPgw2X4E71f^>ZG|M(%eB7f%eaz=a25FF` zg22O#a9;hL(wHUeRVihsS~BSEIp~|(!|ilO-{OY>U+w#=cd?Xze--+NTIJRh^uXIc zd`5S0NeJkTe?&P+FKBU1zwE$pUvCuP;={prbNZa80M94j5q28Ti-sDFzSUx{k#pe{ z0C|K4*-!65fHh27K=AkvU?wYmx&u|;3{Xg z`~^2sG~)k-sJrD+05a3UQkFkEPn3dRGuz|WP{TdD)ZZ?;zo3JPXY)jAF4*Zi1Wm99 zebj=TPVM(KmQ^2QM^;KlKC_}!v*e>#pn?g~k@NO89cgklUJ8)8>c=k+yGox6B-lv~ zYL7nAGko+3whwbV^ugKYy!^mJpMQ1lfId$%LArHoPt&b7^hp6ApiftJwq5#+y#>4o z=A$J5FXErT8%JM?ieW9U2)V8TbTT^%<^)DXYvCq7JD57F6j=?b?cj~`c(^ACXa}!5 zS50hWJ1<|R>IoBE%VTxMTmrDJOK9eH8l(h#>CVKX8Ci$ELtS7Ney`<; z$A_Y>mL;sgCvRdO+mkit^dQAaDj~q4&|!?wMXi+uQYA`G^B+2}k7KbzyIpN}{N`sg3D+y5_RnrT=2KeD6#pPj@%fH2Ab zAkY@Op5dIE?!mdRLopFk;^B!)*wPHe3F=>#2iIX0hPJ)>8pLZF9S$Q>o2BkV6g83G zwlX-Rpdp7V(or$V51al3FZED&3uGi})A#Y1^vWJhPI_owBNU*?YAwSQLu+fxdJVLn zo;-g#8UNT|RNI(Nu))-Uk(0E%b;d2x1V-yXAV!RVN2NQFi-Db_^QS%i4d&I4&;m&D zP`&WOb6$t^3LN=4m%au2@PWn!zziqo)yzV(2vfas{NzP|>H$MD4G-!7$pJ#5eT=s^ ztMT?oQm$q_eR{^zs`<3_6Q1={{-(|AihMvlYAVJ5qoPf)&TE+kV?2}XV!5qtEyJWR zM%Ua{*6*Eo1|Fe#D+$^`HJEHjNvZ6ypex(3gDW4rG9`W*^Kp&oiFj#>r=x?|;Exm0 zB)W&K&ChpN*n#v>MH&$8tf@=A*nuL|V4{Yw^TseQcBok4h;I$3jeViI#mue4A`BEb0O5vCdI=}!|7fu#{Wcr!w$^3h(&bB6M=@A zC@VT`IGZq=F*PTtgmJ%m{kM^_z#4Rd`J~ry9MV5UBFyXI04U$ zP|m;R0iZ*LS%Sz=hp;GD>Vi85qc9jNaO}rdsB(vP@i-6VjH0OednksEVvKK($QhiF zF;?JY{Gf)aVUaBIjvSy;{|IXbUJ!n3tjKtgRAaz_RZcpSmmL#dzf}X%Lx1x zJO)Rt^jL624~br6AbNq_P&%kVWQw){GAW<@V+3cWys;Hxr)Ehteq)9ju@*8Uc@g|Z zNBvIiB$c(yRcaAjSPXy~uGayVzAiw>U&?3;VvUHlyqdvi3ywRsgHvU=C>XY^C?hSi zkfu*3 zEj|wHETaQMvPoF&U=Ph?9VNmMMOkXXQ2qKBe#N(uJH61kU`-QD`myNEXa^?T&TeRy zwgcNkx5>|$?4%d@PQeJU^s#8k7@GF%ZKz=_Ik(OF&=Nr!7`0ShK);B~>nE`UNWo*h zZ+HlvJNf>qG{Z-r*nTJ!3+^2fit$+QH5XomY;=Jqo=))T!;rjFo$XV+tCjdMS7ZC{ zQij;RD5&br#j)PD1=K=qT2YvzA9^a(;uowA^ldsC22_unNne^o3}F=s3}gK`h=9dj zz`H@rZqh0IZ3mzI2cUt}VD@HZsGe~Y#XYgEq56ke7dB9n_GmHPxflA4b!dMBTb=(< zffd*?>RNW98o}so5}hmd^>(tizmu^*ZVCn?vEbo+08StSF`22(4>2DyfPOz6raEu? zbJ&6J9@GT*vQrxZ+!J&OP+4LK@Y`vA0!;AN=pn#RDZ`$BxTi}18R*A95ho{bO)IxG z1TW&lL(?OCRZeyG_5B8Y1{t99yg>I6uKBpT3-p#z252h@=;k|oi1Gmas+1wnISHVh z{Bt1-os}&3^!wO9wBv8$ei$*OcCdJQDSBoGY@i3?ncxb%Wb?(z7y-oKSHAfikr&9J z9tgcs3|G(gNua;|v(SE+h9x;Zg<8qYDbDyGpe(?48RQg11KVp&N370eYY+QcbMMCl zp{#s3_IV;JBv%`M7yjldO5>^c+qwPpG)v1 zY{kxlPLSz&abU~@gE8yc69n|qH|2tgA459v#hG=Y@(xfJeL<+t1?&RUZliQXcdcd# zd%W1`dJfp-3-CBm>7!Su;g3pRma|`F>{l6yQzh>AV5Ief7xS9TtfVt1wFiuOHJhOp zF=m24fGpD&P{X;RKd}mDh7ig<15IQU;th-qKzR&#L zgTIkmlnPDj>r1t*U$k8fn1FGgX}z{9MJ`nTG=a2(ho3{INz7}N6@y08v-D9bI~F_{ zc`dtyUcqQAMHG62R8}|^JXn&7bCHD0szt?Hxu`F8sZz4}oY8nd5TWOtK?h+m$P0X4 z9w4fn1+fn4&SlyuDs5R{MH%hK0K+MAKh_F%?O@f}1eh|PXVTPJX(G82c@9kcnK}wm z zQ|w!4_vy#edRS*+YLjt}F$arPlSNSogzPZGd1DNXC%C{&=b5Q~v*3dUS2nA0fC5#J zP2z@~#m5p-ItU;RbPt11;597HppdX#-3y#k*uY(W@ryZZMp=uTQ;gW=)E_A{&7r!> zL}&t~=C^EmMy66`FM-h9zgP>6z0D&uKQo+LMWAiI{E z8;sn5%PBW40dZa_Hz%?$fI;NucO#YDM2Im_xnLZnx6H(6JKifw)A2b}`(x!e(%BWA z9`46#EjmL4Y>Lh=ot2F*kLQzzJzRg<4@Pu`{`QNCY-`c!u}PS2hVnX^!K>i{3Ef+EOF3=K%Nz040msHM?h*5*5n~(AFLN5r79UL{v zXu?C?N@X?VyCtTVJyrdwB^0TqQQ zS2fZ|(obJe<7&9zE89CC(c93ONx0n*2>39+p8a zqY|;;+EkxXIqm!%bK-Nzo~%@~F}`1tgbzijP}k5HZ@<7}jKv6m5tVY$P7$n;X9S-K z_eBOMWW<%Sq8z@1SE(#?KUQm{GG&BevzaDMD;3gJBLzgwimxXLh~2L@CzJw=a$r6c zb1b+3kNAsZQz-^WBJn5rleF>H^om>4L!O$vmbr_l7gjJr>SJgEHI&D{!_R(e`fZfE znkWv$3jZjg3NvOEofk7${~<7D4IqpWn(BA3~QbM#! zwP-yy;=i!hV}Dg(`|R~)?nfh9{RC{<>(fnI8+(0koKi(s_wHYOQWd=HdrDQ-<#_DO zUSIE4Qsk**H|+KKF>SAle)JH;W3PYyRS`tn>n)9nAa-ECmozDRdP@o^IhczDU(zMD zy`DQ}$E1uQdy>80+~3&i>m_l=_WHH+cF$fvxz*6pW3TTsAHDW^%Z)};j&+kg_WH|L zO!5Ut-feq*&$psP@5Mve>$|TLdwoP?2lo0|8cF|o=1{v_+!v~=aV<6WeaTsgS`Why z5;I){(?J{U%-7a3o3bCKS7~&8KfwoHd(D+zvhz(flEchLZg9>ycM82ae!Z<5{#sSMGO` zB&;C;a7)Yi%f(;^*okUX&p+CU$@0{(aahn23};K-;VeqheBQHJ!CQ>A$gUqZ!TngL z&F8nL7^+`p()3{p-PI5n*!stpM#i81!7t+zT13Vt;t_vUTh2TgEX8Hbd^AzX9d0FM zo=QZ982A~Jj z`S}@R28U8@|Pu2?YmzK4U|Tk4rzrPgkD;=&rN|~O1ixE;w#4U_?pRA zac^bv12l%n!CoQwA-%c)d+uCFWk#xw6TR#*B#^+{fyd@*xthM-BUhOBi=+pTHx@i~ zlai}Hv!oqdHq4bPw8Y@hfyjVq7zT$fAxh|r!e5s_79}cGrE{b!?i-pGr}UcPRIn6J zz*9~Ria>sFUln|1LXCWspYwiEaOJn)CMuPJ7MPOnrrd2s;Tqb(BLp}a%04Dd&K70- zv<&b|5Vu@j+~%AfCxJ3JsZvv>9r}#D6ucB+>@T0OKZr>IqYLy#&9)=9kim)>edNQ5R$N?2DdZclgY6A{CWsix)MQI>c8Dnx5Nn0GXAg7zVo@Mul@O3k>C z0Q1^&&vwq};R69kD^&CzB1|ljN_CMdJEwwufOZ{&CJeNL7>$sAPB)CI#T) zF-Pr^?8VL-gHX>)i4OST@9=(c)e#UAFRU`d`APU0NK`fi-#~4SrqEU{+QR+frEDu{ zeTTojQvrW2;SUpjP(Zjzu0YL4jp@$O5)jj^WUv9?lSD-;I*7kDAFXt>A5FIW)UK~$ z8|7@Hd_gscjvF>su4P3LFyl2-&QGzT#1~prog4O@y7n2kB`uVU6tP)uNpKhGtF0=^ zx>V@0qI(Ev*r|S7i8c5@Dex8?Hlyy2NPXQxWt1d)htgygQcP< zSS1huR5;nW$?rwaa5F3$+Ulq$i_LyLe3# z-U&bdK$V{?<<`yQPfsY?bip_DeSd?3y^I&+F~z8P^3aPWQC8_Gn#I9eC45=#~$?m!DkO<47n0` zgkn&rhdtVMbufXWJ?L)Ic5V++2ky)s zgc?RsOSQ8eo_-G3Ai9zFO#A?9N~5pgPHnN}pY3zg9yQCAG5@TWyo)veEK}Y^{bk@X z1@N0dzNlWg8&K?ATg4V0qa;Jv!t5KgaMm+x;2L4ocb&zQSk^@I`zPUYy+#hkBWvz# zk{7|Kr@ruzH-zx!U1ce)anf1czaZ}POzVaTi9=nIV-ou|aIyCjJl4Y3gb#OPP( zl>lXgznr?mg6`nWAxiM_`90nF!?y~$2#vl8ep>Fw`?a(kAkdM%N0~HPt}MyK9&mBX zYTyRuHp8j<%I7o(thM4$7UB_C*K-Lrf!BDm_`Hy4UCH@wCC7Ox5vLjWhfEl-P2Q%KbQ++X9@gtPqXxK~Gqhi8R zD%`TammjwZgQR1{XB3tRpn?#BCqja^4ChpAglA!GfXQ!v)BFaL%CQ^v1AVCZ?JUJ_ zdzs(7!jPFFBqN-qtb!*szn!GlZHgtd68!f0dc|)KDSkU|kjrnSZKfgTBd_MSk%r&E zFf;=*BuV%U``H8l;kPushM_yiH!QoWPpyeDjTBIjf~P!E*1pAMX{O zvV+g%6F{=uizZF&j-&qPcc7=sD#LPtFZ?X`-p7i*c*Orr9s{UAD10e3Z1Ys|*$1YQ z#?KR#2+N@ac`Qepcj3Uicm?YN%T=M5Vxiex{&~Bs=hCbFpJQ1g6<~iLVDFOgwjB$` zyWeFzpMMoXes9v+Xtl@RGu-j$x&(JHh(3n8KNh?RkDY0?+uTb2;Hl()uhm+q zJ!8QXg7g)c>n}%xxt?&D3yx3{f936fzf!&YwbrZ8oUt{Et008*YTLDyxBuJERp*)C zZMbUkUo}_V_Hi;-!D7ROJ;bXzRcHoy_kx{FMKg=BH!V zB=eIBwS4fUkDmtj-vK{8g}fbTsi~6GmY+7Cv`hT7?sEm5kDuOfKN^1eOFzR;&ziJ0 z{Iq?A;iq3e^7GRh)a9|@n|SPupFVUeneVCOf6q@BDv&NBNIa&?*__)UKfTHLfj_jh>Mk zg6eR}25YAb4iMcPJ8<*HOW>JcRql#a9`=$5xmxj1^|@lN&naeh@bm(gz2N#Wl6L_z zsF9nwtzP^?M)TaUcWx}0r?Q1HO^tNtHx0SdYLlRO^KNlV38?@nG`vaSTJh`FFDQdX}X)7PR|K(0ft!k z=ZhCW@0d__By2^y=d`Zi#!g&Q5UMK_pREnq9D83yW>UeFDy3=ObXDm=*OTcP3C7FO%nG`Pp9~x>1c!rxS1jOc(g)&ZiO|4IU zgg@-SjX!BQXnwDKG?uSbXpEEcc5sN)FD`?YgL9C`S7jp_ag2+R z13S1vW)6wSJyZ@N@+h=)!P+{JA39p+4VBZdHnv^*elzMr(%-{7MWlN&$$*h zZ{g^1;EAU|%K{t|MpfrPrpdYTDb81q>d0lwO4@m@Il~ahO}7HumfACUJT+vz25k)hpiyD!RjB$aM+n}fj1?eEKy9ZxoTM?Hx*kf#fvG< zk7a%TvDofB9;ErT04mcq#d*w=SJx@l_f6!$zOVY{m>NYe2z|8!ryod3U~hrE4Emr{ zOl5L*@Wt4ZqB;z^6!HzVr9-PcT2O*Q;0zg@+QIW~`8|HqJ+^}zGjEaiY-g|>pCn;& z-(-w5fQ5h0utxMoQ8Lx(^N6A(o$SiHO>;|!TB$9ysx`9U{o2vVm)&zRtVT5@ia&2Q ziGnCO#hd*~o}L+VAQ*EvMB5uK_0w|^^LM4>AkrVwD~p%8^u6Zw6a)&nUM&M;&vrIqaj@=$#0_ME9o|G2 zu`Lqy;JmsWc=G|enqbx?D?H39VHY)Y8NEj7z-P!{c5qIZoFzIC?b8=H3mJ42x10n5 zd}>w?g2#Z%kt&^0T$v}2;IqWtt5GBWQ0t_A?JK!<<1g2Ks35gCPp%Xh+9Vehn-uRN zid2D^imacTJjCcZAYYXwvd|$Anrb1{3Gl2Nd<(nbpdEMt3QXsR{lS3PqftxEgS zLN>pZGd1jFk5!NW2(1mlG%^Y^qZM9ei+q9B?@rqy>L~A?ap$>0`O{5l+c)M#nsDgEhDV8XPZlEOnVQ4^+rs z>^$5XSlGe-xKP7u%AU62(I|up#8&L-birNQgiY8(O^sEGvJ>eS?j&RT3tj$Pn?gA# zRFSEV4f-*K-ok2q?JgKCm*7M5WL4d*b>R)mJ-RTDa~W!Yz0bduF4Rk9J{jQZLI6yo zy767tsLE0qz^0697%woY@2hloY7|Y&EXK)4Q0he(W!-?0FJmYLM2vsmQE=rYmdc<7 z>bRhrVx~ri3UJh5KdjWH)YPaPmXsN)PZi%>BQYHRk@^Qpw!~=LQh9MjeMf1|Gy8ze zdZPx{iSos+|Cf9GX{=+8U|eer&~BHwQcfonwSIN99_$o2e5ATCL4A z#FHcd9)(9p@}a3RJTsi*g(h@w(J%r@*yH>T`;H6%L&=7M9k7;(#ku!Gg|gIZaImt zqv}KTa>cG4_|(?k?)$HL1k>ZBOkAM^Q+9XT!OjV97ucd;{s9@Zw+l`YqCzn3U_ho1 zDVis#92Ct%kuYP04CUdW1Rpt62`AvC@k#VA3NO|UjFFra!pYi&inL&Jobqr%HKtte zroj6E8SP-{0px#*=XoYAUPS8e0BO$Ohsqk0JoPwSJ^E)t_S)=EfWW0&QH*rl0h4V( zmx9Avy5XcpgbSLj=!aJQ@`-z4@z71zgy!|>R=w@miqEaq<>2L3EHzp_eh8D!&`Fiw zSglR?Fz#6EaFktaZCYjFBv$LdCd*Ef11-QDa=tEFt>yR%d2mR`m(GTWfPJ%ijFE>= zUdLVra8cU$*Ut5WI8Iai4ljXn84X^xlwMZW<#@z`Q{E!QE75LXD8GX$+RwIwd6H4f zmh_WGnS1Zc|5& zmUYexJyGkNw)&?)`RiVthZ6Zhe7r;yTU;P6pcZ%NJ#n>8O^*ehc@w>Z@P8@Rt{aZn zE3=|F;v;s)1ELP5%fhXiEh(=}KPhzkbIi5ijq@&gaOSZK3M^b}u_?}*EtXp#HrTTyu%XK;UDn!dHY6|vnTOWp0T>ta$;Iz`WB#?VV^yWO-Wj>`?=9*7iG7~l3Z->MVex|(kp{6=S27r{mtW8q zq7F`z+~9=x9{BEz$bfV|yc2&v)UcVphPcqcfK$}K!02O?q(1(n zS-V8uHT%omk98uacJQ(cqokiUX==?rL>L`_*5PRh5nv69oHb`qFNl;oEj-ND4x}ws zji7HFBDrOpyuH99Eq)&H>DN%hKNWuz zQ^#4##bptNomcukV zkk_Eu;xKQ$vcyoa#oNt_EhPGB2eD{b%YNKE z!w^Y$wS!;muNb1r4F~~mCQP7gGzya^UR$b=kk9?NKI{FgNzoUuhyg!cfCk;2yWM0S zAx1h!gntzF$QgJ;$AD4iJsd#>41L$AxS~wwCa;3l%7H?}s+#P9KN491>zvgcL_QQM zL7A{!q3`5}G<_dlxXbkYH`Z?us2$O_xK7je3~#-jC8Xak_0jj3Udi-*3mJAq-)B_% zF3>lv@2=AKnpBm2*}$vda-FPntEd%d#T^!;PE9nn`D+je3)^^Frs z>4-()rbLBd^k^B8GjoDU)^Wd$f`C%ZgU7fr55ExUA=`(YgEy-s>$&7o5d|m-$~{<5 z1$m@$Y{&*TLQa@1gGH0GIZt#&4|tOTIW&nsgKhPXhzB=~En(GwYyh6}l5bujd|9wJ z{%P5Ba#5cFmVFxR=Sm#T)@=+xU1TkIQ%S=cR`gwK(>kl^o6c5k6Lipkd#sgTS%?2% z)o#livm`zVRbc#;c@qwLZOWTmlr|uN9&5d|=|i6Gf`92T9oTHy1;{|9K&+v&+!eIO zi>EMA1d*mPc109&{l+$8+UR(}w43bQJW$-=G3s$^IvHnxahxsiGV^W+4&OkTfqDcr)3H4!#kubdv;@G#mV{|Xz;@GeSe`2dSeDBr z>Z4*q0GT8pKe#uW4cozkw%&}qRJ7SAsAIo|F*6P$$`4)8NQ1V425p104ohj(K}4n= zDr&LEBqe!YHdEmxn=j7h`3kr^^0WX4^J0LjO8_^EfPho)6zAI>+G-79`A}`T00P%3 zG;d^&*6MBDaFCr!n)H=m%^YVbE*7!iwmoH|5<4_2R!!lWI3b>iZ{mo5d^b3r>O6i5 z2OpY3HA_f1jIx?rCRsM%X!)7B+oRf4=h}8kPIX4K^R?qT4s9p5)8jbd>*@XF@mK(S zeW%|UN!AB#&NIILNIl+z?7;Gj2DxfE)cQRtYv(-UP{UqClK(t@pw?3Of^IS|CFZ4+ zFO0M|wd^6MS8jkl=pM4=25vhmboG^p=Je@Qv#lEWCJe(wMkXR=x!a2(+5-gEeGta=mXT+ zmaZ=ByCq=15wJIHhC+J<#Z%t>8rj3A_ih||;AUJxP*qUB45z=N8=+dRtC&18 z&1#vYem{!eOAFGhqX|1hZGbcZJAy`loo>u0jY+VJ2w?<~^?jkhj@rkao6xaE&`T6y z>A46&7cBL-#de{@iz#F>QuPzsnq8tPP2IFkLohl2$msS8HD!_{|wVd}Dv~S!*mK z={R7yqc(MUwSEE>n*6$Yw|*d!*GX_;k~AU;6WU3gVr-z(?coSzJGkhm5rBwBxwcUV zCQv2pFEn7aQue(mG&So}sI{Q%HxtKD_Ubtv$KLwXY1%PbouYyg(!>#()am<>Kufj> zJ-vzF$=hT$t|XI;L=V4);qs^QB^RlZFOM(It+>;kNU$X0dNyII-F#@ME>oa`2*aFS zEpvlPix(3i=}y`d<;96XVT`8oD4yQCw9Ys-Q!ovTx&W^__)+(-W(m6uPSV${fY;U% z9y{<^Z+%AT&Cj`BvcAmB4gBxFkPdC-NTB;;3EY7Vrl@P35a5pmx4$g@EboMY`qEWn zB!m2q_54Rl{0|Zk;Gn`>k;}f6yu=1oTexK*%8mvnxPiez-sHR79zwyhhy0_WW-sL( zMnNd4d#dvT^}Cke`KEPiYy4FsKMDTf{VEqi*Mhf3b9g8J1pab^$JEQA%r7lf))d^U zttn6;cY}s^K@};^g!!fRq;c5T!mk{?_7T6OinI-m=ynEfdc+{k;CA= z_~<+hzOrH{4Bmk3(5qGsY;aGO3I3C1VDE~hOyIjG(cx&;COl$+M|6GrN?PA{^4B`b8Az3nbjg#|`nH7lzFV|H!;X5e#;GI%D^X+F$@yW&B;(N0AC5hq( zOYuq^?-nRiMOVJ%7Cp6X(Ss939e@ap&=*DfqNtM|Z*5%~cw^4Iluij2hRCO|-Y6V< z(Qv2EL%jN3eBOdPr4yfzEf#po5e8BZPc5t3AC66f+k>U*71|7AMix~a-=~n0pbde(;=qK@} z;I=4sgWe*ruit^1W3;JYL8vhte@UNAQ2vj{e(|Q&Hbq>#3ro@Qah}Xj<{_J9A|zl~ zg3!)$TLIK)J?=FY+6P~#;bk&kM{695l#`h5OahEtke7i4c@qh2zKSq%Y!|yI&x)1f z!!7yNpzRgM_gh}KoY%uxOo~{8KCIj?G%sR>=ACKfH!G*cB9OTNGH)^NwfPSJf1~U6JG{>OoHw_ikGY;c`uaDv7<~&9|FC%cCw3tw zFV|E8G=>G?Bj?6aKn~~lpFKnn4+2z>Mp>$s_cNWg2M+Sw(;0~dTc&fAmun3=sS+W% zgK=w9;xEy@Z=y@J3w9=<(e6I66pu#+z>ZRLQ_e>LHpBWeSpQqBe|e&M4}a}S{o0H4 z)Ia{esb3Z{3jCR|6yt?@DnGzq`AP!sft{}j{K$FtcPjq#(MTe;N=85h%E;emdgLG% zGLn&ykyvsX>N4_kgFlTC7+0Omab+us(6?*?OPz06DhXa0;?XXQ zWDWWuRM&#;Q6TiajJPrjZZxvpgy*dwFtXg|W|3e}3=;^k;xMw{d284j^j1Zoh}0=o z>?}wck3hz$%CU}O!)Cq*egeNOApzEODsvC8#fkk;wctphvN71jTD z_j^nIw__rmMk@J!?%kQH8^D;L&RSe!|=Pu6P73MDZ z>rR>bhaT-PxAXE3VAf$qe3R`>os!?3_+%$c_uz~^S;F2V_@RH7Bz{OJ7s)h>{19|A zCGkTh!MxN3)761K`i2_h*sM1Ah7F*-5%)_SY9E6+fHCA%4KnltAIUUI{zGd1E+qgFXyRYpPpb+19>DEC$?-E{6jB8O*Z7Gw@l$fthz|meq9x3O(F$OP|K`lfOGOcckQlX**ak!k?)MaZ z)%>)aGAY2g%8Zl(%(?>t* zuHz2X&0;>?TdYt?57kEH%M@t_=d`7VZXbc;syQQ7yY>LYu`)xG8YP0UxksqJ8i0W^ zJuCoF#W*gzDwsnrtNb{ap>g1P7MYzD4j|Ml%~PKk{UJCCb9CUmm;)wM-QwTV^QghS z4@4uJGJUxMs)A(dKpof{2%e_GVJNL|$`$l;HBRZs#1?9t!eK5#WmQE0KHE9Ots8ZQ zDJtOd8LF-*>zJXVfkGF3YO@-82q~p)IveN@@kH!HG_Z%1KkRdHj0vVSoJ%lZB+o~9 z+0tC_E23LdkpunmbCmuL6#Kt}CVPkKW-y>Z>ZmzK9}Y3WrP~J!z-FjzX7ByRHj-FS za3@>@%qLiInnoA-7YT|5-I`)KV%MRp2m{SKMff+!?=zB5DiP8Ye z{Ct4PBk6;%FLsOgitZ)bzz@|+ zLeR4`S^_AU*H@tjZO)6^6TsK=nl^uDI|P2{w~A)a6gt`}yy@Y05HN8y zf`UZxsz-;+&|QNVIp42mjV5$Upmj7{Xo4RP5ViOLv+LtyOk}X1oU?(W=KN`^X5)_N zjnWCJ_I8jQ>C6HPX=+wxcO(IXAc5REO)c^c5)`$lTSq49s+hY2sp%DJn5#6|KB2lv z>`d+E-l6(N*=Oa2whiyyf^|U@9gv{_n_QN+>_zoZX4z*#I`KtxSzpbsWrQx#^&Km; zh$b-9R)WAHlrr;xR-o$IBk+zCTA5O4UkIrw@JdWs*DfkF=_<7#h?Sef2+0b~#?|Gn zLgSq@9g(v`()jSz2Kf`VX;x_~z&1E3W|~R_&ZGc#zr&_CGC%KkhsJM~_Y#aEM`Cpr{8uHk17NThYS(CdPI?iD zM4_crAZx-8#pVTPghp|Mf?rG^lrdF;UoPfK96XQaWJ>~u+-iiT1P)w}6sD(K%64*{ zZD1Hmc7&>>n2S5=PGxNvJ=G23%Pz4FF{GN}@-MWjnvxYHu3ApQ;(0@_)h;o!~_FfbZ_HhHzbb~yxx&d4=+2|L!%WU zD7zx>&RvOeO&sb;QLI26v^dmo31u02X#uN)lszledYxPE7#|X>{D%rqX~6*=aArz5 ztt@BB4|9*xG`+NChQ7#VMoz9YT9=cj8_(y{9@u3px6&*1S1n0Ye|DXe7xm{njw|oP zX9>+q;ow?Lj+mPi>vB?93@DavK=Y>S-vSP7GmEv#`q*im(4Cs~tJtgP?3@+SJN*RAYx$cR{8Huv92?}ra)kH>HS2-B ztT_cVQnqFZtHLrQEiudv36;UwX8j|>x#3PTz<;GpPUoF|E|-XFDyvqCxDZ)_DRL#= z30)wK4M&L?jQ`X|dRGB3OE8zIbBo-D87Spn1IK41l6K>(i zs~QAg6=7CU#VSgyD5GgKzOcaPR0S9PkhMR?b}>~@3V;|=8qp69WQigqC*z29F+wH? z5}vu=AO;iU%Pf1LIPP4wR=aEir=K@iHvVxg?V^{iVeJ#;kblhG$Y<@c6`rgc_Asm5 z0w0diJj=yBs)$~QNF8c{FO*EfS~+iSQjzO05deJAJ>ZA|P@>y<13RJtMZ^iQj5i>K z$if?tA`v*oy3klY8*^^?CZP%2I_~D4n6~KnuAAK=DZTS0B8{Ay;(8u zRQ4LoJDE=eZ{-Q*Wp5D9>>8@=uep~(jN_j6nLGkfpD6oeR1B#}EI66_k&qe{hmik6 z^N_ptvjeQIxKdIE&U8)eflq#nJrIL_!Wl=x*W^pXG~i@{0iduvGNSEHeTlH z@DKIu+?<(Gh#^zD0qkQog(2*0eVesvu>mF;nGwA!BU+l}hem7d+ES~w8GBFblx2Zn z2+eAikd#m!BPkSYPMy*(0^)SLN8toXO1UVN4PJJ>zgr~%Q>rKNfefdKuoANrFy}Rs zDZY~Gk1D_pyc*|C_Eb=I;KJiCmv_X&E>?>t0)NZp6$og~4m`L-9ae(9!BabnC^66?5hi+z*$8-3 zh*h(MGz4$X(Ccrhyz6vX677$75kBo8Xp*Yhm^xgi67ZHs6=$mJC=_!Z?MYYr~m-%;=5v=8vI^I*Nfj~zVc9Kj3woojSK9wj{%95B`3iI>^9 za*wJz>ag~KM3{`9#4g=(r|NJ9yVS_8Yj{yt5r=_*+gw42`C15>h0~7)yr>&~yjziVvsZRrv|;Yqo-ysere3Yp2kpTkwuI2*gX|8Gft3 z1|se0jbIu;!F;*qqgAYr$KipGior*t4dx%aJ<*K| z5`0u_Fkh}PKiKwTUh3OPA2xXUpz^a1x5pG8F|{q`Ckvd4SxPkKSMZzNchCxr`3*G* zkbf?6S--?!Ug{8jX_(@NT58$})Q$&gm7h?*afgDMsesxJv@E8F(t*(1fh9Xi28T_R zJ_TO=MjtBK$L$m9T+2jkE`afa%hD8+Wx_b^CV1Y@+&`G!lBJAl@KpH?pVB!>!zcAZ zFG&^Ap|CB1rk^fAA(}O2+XC-Mys5a- zq_(kB9ddLI&Fk8YhsHCK?<`Y z&ZRQ>2Qp!-RoSP#oUEW0_f%1(!;d?c(Aej8s_XQU>Of|Xrq9w}RvqZmyX)%E{C5C& zw*YaLOBi84OdZbJw}6&Yy*FPQH;Jl5r8%V_$qKr>NEc5jFzo`!Lz*yrZ~sSpjM_QUF3pWbzoW z=Y_vno7N!fDOT<0ovl0}t!5D_>POUl*2Eg%4p)HBEx(As8r zqe)q_gcM$k^Js9=0{Wt}w_uy)_IMgaJ^HR8T3im~wgW@@xC4zvFPecyZdVy-9JqNC zSB&qg9<}PxT|ENov3(P>B=#c)*6eu|P;A5@On?E&Og`}yVh09y(qB~Mhi(up;cofH zMxgx+Jns1E%=47h!tk&N+9-dm$pD1cyP94Kuk1{7!;YR{Rn zAh~TAY6e5>KtE60@-f|c>s-}#2HO^;Aq_ZtNZU^6HHh6En6ghOv?P5@szV<~sE_lh zkMps`ru2Fo1{4dPD-YqWMH3FbX`X{t}Y{){~) z$+iHFFqzhQb&oBr1PT?S30LEP*NkSzGyiCC-qzcWmGB-BC+voa5{MbhgsWZo&iGg*` zaYx|a9u-h|TY6S>gRvL-WZ)d-#t6GDZ_sk;ZOh*9BWl%-R7n9LbxN;stRqX(OU&0q z&Mo_Jd-9gvl`~M@E#;<@YXDw~e@Cp3{-K6>WUIF8IkDm?c1e3FOJf|MN08F6vYPhTD=lW-!l9OPnN8yDn9Z&Z1)ghPTKTYC8@) zjc<$uy5F4TKM7-Bz7&jow9D9Rt(DiI0?*zQfyBSm$>ZWoZYB+%kcobB)43K~kN_tH97UdJ%~~!4Eb-!E+V_ncuyV ze(xjmNeYLF(q_H5D$DN)ezFU4Rw)1EYvrFjD;=M$d=J|^1N)BGd*kfjUGLNFCh`#I z7V`$IWjNU-YUM68577pL9p;ovPgZN}APG<|i>s(QNxoO$)o>YdYExY*STPMJOkl_x znshviVWdH0%1)Mn^ZKo6Ify~XYJRiNhB>HU;Pes%S(yRQNN&ti*_Y5+f|pZj#=|jW zGSK2`LQ)AkbQC9Ga%fg+SV0F3TKwl3+>S#>h0z+gA{pFO!pp~~BO<$?XYFe8H zd=*3obmqiGw4yVA7U7wWX9Umg@l)xZ*nPjdmwo4&!3u_AD?lo;4uvC|gbzD|1p`=7 zK+MB|fUZzYqV1OZRC~ZzvA_`LMjiS|Q>EYfK333nCV$(3OD`IsP;DptgmmZ6XZmHx z7*Q0s^Jc?~fzJOnLqM0s0I4(kQsw*$FXkaax$Q!fBZ;&4H1*km zG6AWn^7mE@8)nZ0IOlo5nWEP|=;_zw;^a)xRdyhJ5eLZZ^;M_I$oJCk#2t)k7Yzve z?Lw2~G?nEeoNy7}(SIkWIo(`73N{RTq6!8v3-2NlyfbJm?=ba!)R=aP zWJp+hm5E4UW{x&nPxQ~gz72~_kYnsi&~Fk0|<`q zOv!*Ee^5_Xgjt&%_^}V;G+w=mV^>jYhU47iF|lAeDjWO4R4zNX>s3xzG_6A~U0pM(wDskY!j3csRTXcz{75LvYa&fha6lP(RS!L2FPv(62?&QPAzBLI;^@5Z#X1lOnqm8dG5aO+Ul) z{dU^4*&ESp=n!`x$R1);!^9^MV`%@OHEUaM!x)`}IXyIg<>{%-cr*^j9aNJ}s(mVn3A%gwQ$oa{)Z!j zhacEnl)ChEth2=kVJY~hu?UB{fyK)U2W<}7ocAKrD9358EIBEP?Nx-RULiVp7ny*p zUS#(jhI96cqJ6p*#16T2?7S4PQn&Qe>%Slm6?IE*d4xD`@9K1A?YXk1)4&N;=6!hY{>8G$-rgy;^dJ zBdVPVDiWrsI>Zgt>lVWNtg1w`1507^ocR|L1u|4IYc9d-bQo#1`E1sptl-nmdOt`{ zAEW=HuT_|Z?3k@v@M|8w3U|^XTTY@_R54Z!7|>woCJPAudc;Lv6zC`6P1Knk_-VQE2kpQl zX@HJV-@)P-4f|4tpr@!uzIybN2h_-dbTf_%eET;uCVLD=ULyK7dp>-Wt8x0J9#r}K z6RI`kpIiv_0RKdB!fdrE5dO(jkO+QBsE1~1cn=HIr=;aNw*dLZRUv&nu1cux2o6kO zIh|v%sE~ZC22dX&Ut$1NoMv%D97j;EO8yb_;I$C}M^^)L7)I^SrMu;Y#3;xqD#yqZ zkX{At8%ZnTIBF`h&wSg=nHRf6*b)|(Nk44EK+UX?&Cn06|f zV~aH~sDl)sn781ex4|VS=hAQS#5tzLIlyp`-|7t#3hC z_B!3QD6x@1Bh-<0_=rQsJMh33YE9t6e4=idDjEBo7V2%YbCdJ+)cKgjU@^kJ zCA$B;=J&}8i^)iI4p}GCcc*$BHWxy8yTo}D@+b3cSbN0yP#&w!rPrTJO5@y02K+F| ze6P?KqVsc0LUbxd;nWsN5wlvrhw~NIsPWhC$IQai@G>@zkiD!#+>0Zm2$~1`_K_AEA4z?{lc;Rd$kJGICVY>W`7hpVLy)hIQN8A9x69HSkLjIni zdRe&QDYJJ+WtPJqWtl8#Bj2>~`P`kf(aR6hoSo(0$DhA;$NBBRsi`hHuYSZ3@o0%) zILAK==4m^h`hYUF*mFZ;>+lhst%pVW2~z_bD1THxbaqu>V68{{q+^-1v9?r|36{ea z&}w|37*Q{7mUpNMCsTIDi`9|YDy<<^W>-UY`_xn{;XMV5frG{*DgWwEOnwc1%@X#C z+;(t^i=NyW20eRyD?Gl>KY*Uk;Cv*-b0;hO$Q2ef>lN^`m3FrE6Zi>x@RQpvejF^q zHTWSmefXIP01bYKUa_h~R)+ooF;;_8rer%O%J~TpY}Xrsd4aB8sGV{bd2fE4XjL2& zcrS#NSqUfcN0-7w$mwno-MyM6>^1TC`F0aq4CFs(@b^}W;O~Q{fxkt`_(N;-8YJE{ zp6%7FFO@FMR(q^~!V>-l3ajztA3>Xp_qHtd*AEk&DPs;d_5>CqPFW3m$v+nvwaeCe zdUu(rLvv#}ivg!FTy>r;&)4ja&(NGuGTNg9g2Qf|38On&vwdhDdcbDk`6)zC(M+;X zaeP}u_j4siXQf9;a5Mr)8^v!fIk&G-7=Vd)m=k`Ips!{Lu}Ts}esf9m%byL2j{HVQ zG+;JJbg7WY)#ZFi=yMx^FPC1U*+R{FX#gsrSU}THAexxtAHl7{ds}+_f>phScZ^hD98uOL&j51&F zP;^jP+39|msBCWeQig{ubDWRg7ifolzz4eY=2o{$KmN&dX~EZ$sp$!HX>gLqlHfP` zE7$DMf5@sl(rd+Qp6RP7T53G}zH@)6hxkhoV#M#ce6Yps zbsx8#MPEs;U!S!De`&}5S?`Y8yE@U{!ut)D&r|JP{GYeCcjeyj&xGRs{%zXq_HU%y z-e+o*-}3j4`xk1MvUC1C+wkWJUjDTD<8mZ~D+y3&{)$vt69`wjx46q%E3S=r*Gm1ceHonjR?IFs-@l~J(!-6dSGXZ5U5&ouP4MTOj*o?5{?;k z<#wR!%igvzAp$+?NiKV#<7B7bUxABXlT>UHKm3iF+qXVK!cF8q8zEk0=T>-piXJPC zo#O%tT(i=R0O?f{7%l?*bAi(fBi5i*6TV=GC5-uFglynn#0GRyQ^MG@F?Wq;#GH?Q z$uKt}FWyxq`Jwq1mQyw%U@Dsfibyf8R>aRTR$s27MisbMlr9WF2*(Oi)6gE=99d=u z3f=FvhPscz2c;`lyH*s{gx)hi%fJ{QR55=w^CL)m zo@$VXn1NGr@l`sNColEOxkmI{U;?p8%u%?V$|KD9hapR(p+;r3<44jvVHe^D;?24I zF_3de5;@KJ_z@rkgNwx;ezyy9W+`WMHHnPPnuG_=%?dtk_0-fZr$<8nt1ZF9SPg9) zo3$*-wHMcj!N(E1qypx)QjXRHfmQP2<%;q|=ui9{`G@g(1kX0G6esMO^5-yx zXd<4ooqmgwB7ZCy=e>3GkJn0O4&&UFjB>aS950#Rt(J7x@w&vwg+^pMgSC@%7KH39 zU_>H+LJMquMP-Zicc4nsXeZyD$XlZG3LgPuq-npJ z9~7!r3xpx+iG{&fe4Ls6GP0$x{l(a~Ibr`$Eg3pAZ}8rc>ehoQ_Qby1F{y-x(lT8(*-jX3>|`RpM*AEil9Tc@q44i&@(tfnr{mxl2Yk(c_7 z)a4VQ%Yp0A{ISsGOFnG4boyOTR ziFL{QC=_$StzhWyTQv5{Qlhr$Gu4Nv70 zfT<2>Cn3a*K~*_jAIMl0@2ZWeT`Xhy_>JHk=aA{(jSb)p z4?ke-9hpkvbwzsu^qTdJq##&gflyLCMFF9Cegbze*1l|R*Z4vjVyMsaW8ro!mQ zyfPWd(g2bb1=POrqUaBWxbEGahC3j*K1lJ7iZ2xbgAS^v7Oi5{(Z^+xQNiS*oZHAC z5?PAzRAYVKMeIVT&l&pAlzuFiE}a@OB$LR%+5u(v;Cne|ey92lKL97QR2;!j*KK5q zY!(5SY?71A0s?wXc8vd~^vAb*oAXx^OFbYs(^PxV+ZoP9+jaf={1t(O*GT~IwWzA! zJKW-g7U${~RY;I{WQ$x$#THwRB1UK74eP+H|Hs>#fJaqiVZ#K{L!-nSB!PgSjYbX5 zsKGUHZ6N54G#V5&;xf^3iHaH_fjEPZ*a@VkxqyPoC~6#ahH-a9L`6-2K}1Ca7uJ*Ba)BC+*6{d+CRsw!5M zil2OBke`=@Bk}U0Nb!0r`UoF5Ij5f%&)*<@GBD#GujlIPF^!*8hsL0%>_M_O;VCkY zF3!)mba?AZtUtO}5Hl}DgWtnRdU z^@i->?6s_D9Anti;^Q_1M_Eh8_a7epc%Rbf_x-Gf%@~<7m#AFoWE#=M9DX4M6%UZ5 zs`e$q@f}v<1sFh+Wz)broaZo0Z&Ea0rLKT&0w0J=SQ1OgHWXsTbW_$^OU~(!W^sPy zfEpaI9+@b^VO%w2%0mG@fXS(AStz3tI#M)!PygwkgXjN!kT?Nzyj+ z7w29*qShf3VnG<54NMXC^kF6(@)|J+a+^-szB2-!q(Jcb~HHIYtrjFI%Td5Xp zNwuJQ0UEH-HHi|^2fA+C!xcdFT@^!oJ1(QwGkL7Q}eRGW0uF@$4kzG8P` zsMM8pz0?JfMb`jhfkr!Z7OXkst}OM^q5!^EO(V0=oxo9+(IUk-!XWyqctH&qx!uU} z3$iUy;z;%B_j~A1cMXC2_t;exD_v}J5O8f@9uylp8 z3pN3Rd1J$bzYeXi8a7VjY|IP+Pzlo;reh838r!)J`Er;vm2yZ}m+y{Sy%hCHML){| ztoQ>9j{Nv7O8F6{=Y~O+sEbO{JL=?=*r!N0lu`ik09L+1;%fSiPS!lB?^j6rJ12E1 z>5ofK5_s?djvDlomEo6jiRS@xrFdcqhyjl^)a)%OuPa%#eSOsoxwJk#K0 zK_E~OjbRg^f&Vp^4T3mSnbO#rQN!LHHSCj7!@iIjOPXe>bCA<$;SOCU!>@hS&jZiM z-QwABxaZ(lEB|0Deg3tIJQ4qU8hhgU&DoSV(3F{R3{mn|``;pj&>T-&z&v)Io&E1C zp4K`C5{d}3tM4g&Kb%C?93LAd+BDk3-W|5JJqO{M(>Q*Ho72{9xOG!YNv~B*UUWF5 zi^PYABk@wWWGgHzmd67p^W4+oIjvM=g2g{xlRx|$)40BR?=jAJcw`Hu06enO>5wgl zLx$`=6fwSG1O|-vrKr1cvJA!+3Om?2HnSkuLAEejFjMXs1ma*3QY4BEg9O#W$iS^Y zS^^CiQyIgQHl@G@>EzC)Z1DeP zs|h>!D3CIo3}oZj=r4Vx)8fICs}KtgQ6kVc@*h-&iKVQ6vYz7AHHYv)p&di4YaB@` zZ8=#@x|t$213~7OQ7jr~L3Hk=3zM1J@4FX*S?Gw}NmyHieCy->3M{5Tku+2n+rIt( z+LW=`p^QzlF#18|yTRDd98hZ(;Wuvofji!v&XP{nt-}{s~fiGyxqe3`M!1|TVxW(`yaCZs1 zS|@AA(`TSm`c#{a=KzOVl)2?!bi*+%m{qJ-o^a2?mXTZlA+%P$09hhiZ*hxjtmCQ* z+RmSG=~cTOG#~K2x;xiZU0%w~PV*i(?6|W$E5X@(u!&(e} z53Q*~nb`1x7l!`<7qFm#k|U>e!-^1W=%K}?EE}GH4fdX_goNI>@Dvw$yl~_A7xh6_ zOnuq$z?&nuU(?t^Od^6;sxCV=yb$uS*NNnnh)UVt{IUmL-F1t{D~=hqdmkkcu|%NpowdgBlh_}6|a0+&~pS1B5h));RJS{tS2{rHZ~|v}?-uHJz(~061dj3E)yX?| zzzmp(Pq5CECV~QzCprm1%ZA?M+Rnrb=*{IXVg#LGEjeb`c02Yp(j2CK3b+eWcUMTW zch-#8Nw7{fkBPZB2ug_A)GR+7&w=bF_=&@JYW@gBoER)4z=5i+W;PIWlSl(x6bM4@ zxllXyE!mK}u-`Va#|j*LtC9#3rS)TD8_&k6aFV{X$D4G@QJ)joFv*0^w=bvt$D=K8 zcyI6X-o7hu-A@`oG%IOWjnPlqSDF7?_A~h3z;{m8{Y^Cftu<%(u+w%e=pKwnrC^8X zP~W9gm^3uIphzi-$v0}29*7*M^@3D*<|9Leu}U}%30JPVImy2a5As{FCA4tp)Ym-@ z9qvJ1tRNpj$j2lhR~%x4uw7wp&{S>VLe~CB>)CR&pJAl_P2%goS);~_e?C13*y}el zs6+qU<}bQT{?Y-5TeF&!Nm}9$9yXR(1$2`6kU3W4R)i68)>~L+Y+sWb6$juZyWBE2 zx&x&iK<7JbJydd#noD!ef;(v91(In{PB7xvhVA07E$3qK@T)-6S{z3AjTK$ViqWfu zIhJh^@VN66vy|XKSH^RWRsA>&(E(2xLu4A@5FvgJ0wtWqD}K|8UL&>X*%tWq;y$*1 zin^+?)H-KxRTsLjcb1yE;CH%cmVX=`Y*Ckt`z4oFvp_P%WtN&dL1DUp{Nsmo`{WwH ziIajrDAr~(mt?*aw4NM`DahsM3Fj;K5^jL_iWpt60S+$NI>&&l81$+}-VSmA5_i*T z!}`wUYX+r&4(dSwjHJtRdn37k%7rmS^(*Wo1aDZVie#3Jj;O{!$b&uPJ&UdvYr?!% z#v{9Bitz^`!aH{PJDxQ3!c*y;LsfU*LX1LfCiKdF=a3dN;h6Yd^6&@FbbLqo)u6 z4WHBZ;zxAf;Cs-(qk2VGP-erU3Ir%49W}Z#cgRUX}LRX7i=7r$+oyo^yduv@uAGI|7j;4mCb_n^Bx4kP!E;sCHKP-{D;EwFX9 zzIgyQ2`0E}LZeY_2RuT9nXfD{ShC0a04mw#3d6nhdhA8S4qi#K{6a!xI6lOVPleZp z$tfZx?{ekpzkMr>DLg6dARQO)r zC&0*4_$#%-6Ggwmmv^P`@BWg)U-FP)10YojKTJrIs_?7P82?D~b?P#ezAWI^HWs2# z@;T`&_aHsM*U-!MHAej7LDHUZD1JckF8;Sc7^rMCsNlNIT>IsY1(KNKM~PF( z5h(qjpHcc<8G~I}<6V_^tN$tP*H!B0P4)9f^;52XF8nhbob!@Psl{VS`YYmpsubQ% zd(cp^VGvhWWBM7a`D~RTmdV;IH2w)Vgw>zpWsVUB)WVQ343bR1fGw)`s3EI^c%Gf% z{sfs~@0fPxGi|N-?e6vdmL6}P&+1^+Om(hv9dIfFfsGrMhL6nRrRL`{u7u9`BsNk` z#9*veSND~}GV6qY6JW%mde<_Rs!&5AT%iL1-0o$6Fz0As<4dWfsYSjV$FgQr0y$)K zMidD0CemAJ$8S?bna%{Gw{rt)5X%XH6!BhOy(idQhYE#o8WxCo*eB**(DH!=o|sp! zHqbQ7w<*xTRC5d@`088~R0$Xcc?l_aSHO`)y{@K?eI>sDQpto8RD+(GWQ(f^J)lN4 z25aFPx!cVR0Sd)k-3Neg3LE#0Dd1ZflrqULrzF2wIm>HRGD#befU_)01!q~5PA%qN zz?!kBf06!Os(+PPY0yra_6B+W-kGSRHg*P=W2v>GHV7~Rp=YW$Rv{AAf-)|2NPb}6fV zRz1MtgmVhz0XKI=sxP;<1Sgqd34`GZj^blOuddNqVvq!u;X!}%S->mE(L8&NelIHp z%%kgBCq+ac^`2r$d$%Fba3N zGF;sNIAG9>s9)KJTMm8XFhjT*>M%o_c2A)Lb87P41QYvbFj=TkhO#6v0a{&PVk=Cp zkS`1ZM20c2PMCay0L8Du1iD5H!H!f6_47`c@9H^q#JxkuDVcZG!)jPBl+)>IAiR6M z_Z|R4gM1{r$a^KqRorUM`2le0u=ypz?X^O&78;%;A?TS#LU&VY3>Cd^9l;Yhk-T~7 zKaF8Y5euveQN&CbH$!n67{$F>eXRqO^w$66l>>SZ3u%!eYQWfa>jkED2xS99?z>_c zW!pVvjYkfeZjgA3pb73A>b(LC6_CnbOX7dDsyb7ovW6m4ALuZwy=_%+r-&o=#1MW1bG#sl%~( zcLc&f-)>Ai^DBNrgUvr)H_H{L`Fx+VKHoLZKwZ{}1XD+O7x?vxw7KGSOWv^xsJhQJrlLH77KME=o|R1>dW zfiT$dN7NuPrH1v)R1jYu5^F6{=WREQgYm3`Z)HqQ!xU6&bcn{3nT0g#XvSm$p0@`5 zzDbmxx;C35G991KSz|33xOGK_)p!U;l)%AVf47lAku8qFPm($flhqh}5pd@pDgCIr zOm)dw!0(c?5K-rI!Y21nU-aqXk_%-FF)~#=;H1v5+%KP-%v=QvyJh|nmKM3fwSV{} z{kFH3$3!~JubE?HDu40YHHVW+fQp@9#G8eyk#El$zG=mlX#^rC!PT0 zy=%Kq7Z@^!oK&APQi${i(I-sM646e*Ai|tABM_4fBO+A;cVsv()X8rs-l@FCzZ0Gc zAKi=ol8L|4>utfp--b^GvYxbks2L#RjV`e=RvUuu9{kL&qjJD2X9No_(XZ=W*L>~o zcy>jj-zq!q#|vaY`kwmv@0IZPv%$}cZQp#d_V?eR0k7ZOCJK=1@4K7t>5$M{h#npk zic`CgAqX0s<~Recs!JHQb=c0**p@M|*2H$P=<;5@V~<$D;O#mz!L>a$lMu_;o6rI! zbAu-2SC+=smNIOoI|TMRV-UY~xaet2?5#0Fzh-a8?y3~ab4y!4KatAI`v{I&c^ zciceMj4Q+N#(uLnK>)J=k)Mi*3CWg#)lPJW86%0RJnQ2``id_=AQB&=KVf&un=zcK zQ<#E4U6MmGuUD61A4RlIVz6ouUK19m2~7bXB88yonBp%j=S0xTigKAq1c}mY3Ftm< z&{chbpnd1xQ_u!jG{-XKiZjnau`cNV*5|p8$2_xWHLMlD0E5c$WOe|yU&d7MLIE#+ z(u|U`?8YZWL=W27BA|dB?oa!2Ue~w@x)d5= z-K`_w_X`^F;V&MQd&0NT>*@uY}3FIF|LT6&8U40_v&^;u%AVAX%l%!@kfyW1tN&FyCIYmtZ18Tj> z4`o7bpB`!H9c?Q(wQVvTpqJUM^PQK~3^gT}Dg{Qf=0=NT{YpwIlXNnNU;^C9I&*Jk zajTqpe$}F|xZrB;vt01l}z?CYjWFkje9H>= zyfij;oKWysP@7I2{9Dyx({Su7Z|n<5{LX+*1_HCu&aIgL5j0r$o*=k@+icJF?Fh? zrIUVK_4RMjkEU}@Up4%UZi&_C8JotItr|YITjEaXaH(_*OFp!h>QD(q;u75#FA$LE zy&5vI@4Z2angjw0e}gude0#BeOS@zknE04+5+`fp71To7G;tgufbPwMka6`GyEZ5A z_VYxOA|&HCj4It3Unw+0nvQ01i`vPG;}GeYJTqY61iN4Qo6;{~f&Y|~=DROJGlYOD z5E2|UlS1xyrz#dE}!6o`I;4$>4k%2#BKSENFUxI-(@f0rOlzEl5Q;q~7aGjv|RIV1x6pqeH{ z|4n00A*UeokJmJ){Nqrs9M|k9KgTLaoCx*&UNok;wnbd$E3t=BrPx!ug8apOGrlH| zZF#;>P1ZU`^tGcuWm>cU!n&eA1+Ceqs;g{k_7HUy!Wn2mc^kH7zrd^dpXvz8oC_J| zcLJyWMJ;D?|6@@usXmTf^fb$m7fbnz&aWB24Lz`leLQg9K)nh6(WovGM<@*S)Z(*A z(7XvIlY1e?@XV`Jhm{lnZdqHJXhKDh1}5)z8y+8#-Rg2CY@E7ehT56xGKkBwc!}S$ z8GCY2N~t%6N!$Qj<-Vta2!!CLRBcYFRt_+B2^6;s}wFrxqa782=8-q5muyy(= zWK;_)K#2;ojpei^euB=cjniqr@9e*opqJ456_fBGO@b4+ zkhd?bErF18{mSD0W*-16ihim3}>9+smlF`>Xv}u*bA}w`Y4Jt zKvy;uewVdmp%T+~aqu_%NMxpp&5EJBX5M_#R#))2B1gD}z;(KC8`r|6db%dC=GZ+lQEMkqY zl(p1QRv&TB0LQ;3$5o9SYk=d`5Gg1B!;<*HMg7U~FKT*4V!c01^ah0^v3vw&VQ$?A z;TVB!06|r))=r4bAV2pi!}h7{$Rw?znrvsZ^{_q3_NgA*5%iAWxKLI`X#mUhXp$&< z80uz#*+qW@yXD02==XN#iE~aa`%6jCXB`&o=-$Tcdz}@jMxDlB3)Pz*|6Sfcv4uDyW!z8 zFt$Nn_*pV&;Mv521ar}cP<&k}cM|*zijRc%S-{Etn|%4w_1ChQD%vS2N=H)r^T0!N zUVL3pT}{4YGcpNBwx+K^G zXYn**5bPo(6%!NytP@9^tPikw7~6|LK1z7nFoad{4Rcq01wFBRIuIuOT_A1Jw;_S= z+^n1ras8kHAfF+_x?PdMavG%$O$sT8W10X|9iMkiicxJzQrt~pk+MLGT9$YYaq5%+igA|V#pTNU|o zqVa!Hie$6M_gkf*(Warlrxc;CCpM}gu4!m`N)h%_i6>YD2+*!FiL;?MFPyPExr0Nr z14Yy^pelzC5}XY+$bk^u)XaCFN^<*@{#GLcf5wqaJk65@#Kuu-oIu@|XW+* zF)XtA(qxf3uSh>Bg4eIy=e63IX<_EPKXnxfmP0Txwc^+zgoenQJ$rL=mJL-Ifkc<+d zXX@tOhUFg=#cVK6Z*yriYy$sNwz|YIR5%TT$4~_c3Vek+d<_2=akC~|Js-wD!GyAymy#QF z4l>ilX{|<;NX4HyRNko#C*;9>l13m(bKL)Q)N3dL!zP04XkgKZpyuGHwAcGLJxo+>t@g-D7$K;I1SS!mJw&s2XMG zR*3BZUbVV6LKOfmStG{{U-e9_(MXxDw48LPO*n+wkd9>gTz4|CNy4lgR7^QYq1xya zs_}R;k5NF$wllCODurexSbf4~49!pA9Ck;7P zVaSELHMuUJ!EgfG?$I>@Hl%J)B%l`B&t8M0jp=6>Q6vhC_|k@Vh$1MZB>LqXOopk< zlrt)FZDO7vu*HsT$7UvpS8-R$Z8&hG*PM&dA&gj+`MaS=%)?=~*uBlhlc#Ognz6j0 zyY*!GVf7!I4RdiaPD{o{{8L(tZC~cn8v;MWk)bUVy0TJdf!a9tU41BdDYkhj9kMZ! zfh_#_`E9H;iXCJcv!M`bvxe`jIZr^bS7q)I!uE)#Q`T&cOPv^WPrYK0%bJ`rC&W7Z{U3#b5J~-=s;Hu@VZBXh*~31Ju@&)4T8f6>>TulhP#`t%q`uPSHTqvZ}9r z9&kO))JQoM$4JX5r_}b9nv!xVTp`JUyf6(C3gJ{lr;w6WiG^a6HbOqJN-^;+?9^_V&=Scln8(WN+#;za3LV z7E^}4+>X5@YfuCR-8@ef0%vRP@>w8ls6Axt?x_|i9S5U#iP1tK7@HmKbDu5(8i~h| z1&ZqX`KwPFI5re=6B(UpuD1$eH!emkaRw?| zWtq#s1{f`vLgvQ}b_tUP#GuKZ6gVxqzv_jFdL=Y@)eqyr{|BOyX4}k`azzxz6%Bo$5l2^|tXkQoMHJGl~6C zW2sY>fpMN4$MzJh|Lb8F|1@b>1HhAFnBB>?q5%}cp45AnVh3nx632RM53m1{XUkSU z507rX9UmyPB7)i_vzAQjkDY>nz&`*Qu7JU8~G3a`NFUHCjlgDl_rsD4sY4$`dOwPxH(|ICRT+Z_kof*6d1VqfpZi^Oe{ z(U#6fadHn@t!91Q)^C*(K_FBr@v3mHSludwD6J)t{A-$Q^f2y|!}T`sP+& zPWQuDe2h#{k%@F8NX#3l5Jf^L9z9AGFJK2zNWRjvNEaAJKX9SEEC(y;hMz5;uvL}FBNFK-0A5RoM0;W2|&q*wmJuv!<)qEr~^Bw9j$%})z45?tPLVw z4&<#9c;hBxqXVZ5GjXq$>0*tax>|nzt$rR*KljQHzPvs8WjF838S2aFs%)((drh+J z%0ko1cqxmT#wOq1;=Mgiy(JBuz@cX(gLf=ijminu$&=vVGX zL{~y{@{g~7Y4FA8w$f_uDn1u@p#*#b4e5SLzT3Slj=A$@ki9?tr)ZdAhKLB>QKIX6OZsKB5Vqp@p|rohnSulx?@w5Aoa4mz=)l@K~*eW4cvnHf*a<&e0wlij>~Gz zK1@4mK4H+Vj?aK^8-9f@7_Uk>Jlle2{Nwu$bqRU|Ub098vRmi=QKQ{ARw`SkK~UWw zeH14!ek%zm@?nit@_|wf`E{%tABWtfayXle*NB{xJM#`@LUnhFdfX$lML~RS^=!-tAzo!>ymJ#?MGA zPc?=Y`qHdg@JdNYg9>;+D%Rl{|0p3eX#4}I|CN=LkQP1?33+^Zs!Pd!fQ}MADEiiu zkS|X4NeE$75^~Esq^u4S6hcBSx!p*JsmI;(6`u%(eo;bn2cfJ0Mfjqv{9fy;rch#s z^b=YAE>IGpdQ0Gw?atfA;z}|SyQ%Kv)!PUac&_B1nNU+-{%ugv&;&jkleD9MkviF8 zpBCCt_nl*5ByotdGLk9wF-$NdA9$(CCkl&yf@~}PI{Ftl+PF`SiLw0l3YG`bWh{sl zMt%G{;WR8`b`O*%OzDTp+5B~K!(Wqc6uQAroJ#^Rj_NGd#hBOo+*+S$gxsmA=SGWD z8cv|?Og&q6t4>RWL@2xC1I221D@b5DGzeLZPvIt>y=^(Ym71Y;ybK1R95#3=ki!K8^q`HHOI8j&DcVxg{KtobOJv35&Vef9`p?jc2x*Z8t-C}Sb2!@sZ@78p^go(8gk_o zh5&!ooe2gAru&mYs_8kEWK)mb)4ZZU6AGpG6BiZF?R%r&NrAlpa60uI0|cm{S`$MP z8G>ctap|W^dMb=N4}B~T9BT=4YZWt9IM6%4P2Zr zE=fc8_~4l+7jZ^pW8~NEvGdA_+*NkG;Lv0pOs&s znNTUe3-hb+8^QZp-eV9eJvH*8af`jQ=}OQyS@i|UYlgZ?&=U7EI~$*7OB3J-nrkD? zwiGHg;O`Oe7P>lUQdmZ=u2})%ko?7Euqz3Xg_n;|$jYsc;Z+wicI)Ja~l$m&d z`@s;U!eLfdlqlllMC=G4K^e&qh&)5(feYX$qKOe0>RL<6`$u1@Ybr-z#4DL7z?Vlsu1M#iUuceY`uxhm{(NT zH=b1XQ1l8_QIVlwZk7qPWO|PM&);B_R)*Pni*e=0G1o4 zkHfAaz_J`z_7f~+Y!QsDj4gJLe%dqkYV51w>;^EjXe;Tpyea2cHL{?& z7oOFxBr6fKT$W#l3lQcXMmm%=!$6WIR9my_KKTX01QS9Sob5fK~Fw*NmwWF^98J`q`1_cJ1L&Bwn$iJw0Ee-@F^ zpDIn>g@|wnsuiIMA!9QH-D1r-nRddN1Tm@dl!0PGKLi`-y=p||W$2!W%4a=?$Na<4 zl3r^@H0AVA!lES-Ge0trg+#I`C5@#?Y3$#nG;*5am!vUqmADf+Cg=qAn{Eg{6*d*- z(Jz8qH~j+P8$V4G!51ik<9cZ7QC^3=;xwl5ta3$Qd&s6*@&_sNhIhkKp`q zZJsi|QNGardSP%_WkBhP3Y@(L>oN7w#3qUQk8j7uMLnz;SpUsA{{h%PS@u*r8~2Il zSVWG6gXKc50`jlMVKn7ro(=%9!s9cuYm_ZGq&RNnR)p<*1A(sL4=M2QJX_X!C3 zNpxi%))n(HnCXA!1m<3+WycBZpJ)2qzg#M?H(--2=`NB}4{7rclApjX5HJ=IM#Lfc z51ii+p2BNGqjG`P!)k&%R8uYDVm-a7Cr+=!TU-Sv7Vx1>sSzlFqP{BE{S@nst}H^A z03ZGBjY=zm$}K_JupI+0;l`p41{q)YSd|E~qP+Hh@TZJzPQu0(Y$@JL8f(8%-Lm2K zM)Wh&YCVeV*WXa&@=Jsw6AuJMcx+(`MN;@>&Ga_}8 zz`yF|zNtYhCx{hvee2|_bP(Oa2Y{$NRL~GLg`ShIOP8(8e3)+3f3zn85Qx>o6+yVK zZ1sU6BY_d-5deVRdwGhWjus^+FzyZoc$fsYNn5IndhJGGlH{x_1DX0wfzO)pBtJ@( ze@eR@ZQDnQ7LEE<^)1V!Zq2~LV1 z*9MFIBI^_t3AQ70ikj3NJ?aNOP+#WpSqO(#px(eqHqUBci!8F>A`$4j^MTL_r29{M2yxJA+(d;`kf+7NfAPj2m`6p-u z7r*X9uuRbkQKNX)xgRDGg!=ms6k`x{*SxR3EVEw-XQOp!N!Fz&6F=AhP&DW+y-@Ju zmR14<2mzhS%vXhT*QHGJt6{tu-+)%PzQN%SIRmLEJ^_!N(2Z z7%VBd@yh#2Zj_~P19z0A2)VKBRQu=S#&Z)papT;7bdKcA6R%uAz8VoYp{M$WB9-j2uT|RI4K|W2Wntz&~LC`hc1dgz@9%i=>#%3L=|^$ zyT!-uB0eu*ljsXMqa1Cku%oN{@d-qMb%=xD1ftg((gljLP1kp|f@Vqx&@fHdzdnfY z9NPsv1cJO|AgG)BvUcn+Ma$_~z+>8UhoIK>NBqVI*D3f~GZvx_v;oW}AOZoL^N2=~ z*9NCx-AdC2AG@bqZSaTsfkbu9tOLeDtsmr0szJ__ks8t)qf9uPA{ZvWAowNpXW3Mg zhg>;<$|{dE2U~_TXQRLRG%Qj^amf>8hHYi`J~AvCE?~W+KO~7GK?urX zJrRN+tvsABVO54vJMejFw4;~Rcrxndl8Y^PGA7=q^qG+tPMC1UgvnAaZtRyq z)!QJVGTuNEiIcO=!3%57k@9+eemB03ZBQFpEzh%eazm@@`y%}`+uruVKH!nn@Oyap z?VAV{N23_ALfG|2a&odxLw-sl7^X_C9D_bbCL_8XZG!{EDXbPg&_i9AGj1^(S6izl zS97=-=b;cpBSeBzb+vzjX)}I~A-cjDLv%DIRmwcYcBJw1JJ`quy+=xf;ow<%-cC(M z+wt+RUsO~WQNXZR&kS%&dXkT8>>CF{g%Tf7M36LiHg+p$l)c%(TaVm(Rr<*NsH9;e z-+Ck$-=jhUhCYE!!o({8P+bb?hOQ>$i-;ruL_t8~_PtV3qmZ{%tO4N9QrmOEDu764 z*Cw@JhaJOuTwtX_2i54pH|dT>HyqE07)7_w zDAuA9`%G*@fvBKkn?fYSwjCMR7<8TE`ceN#)JX9QRy3D70{RGqPUdtXA;O8Bj)5#! zpvKR`p2tXC5J2LYt>l1$kZ@!AOVD($I>%s!_Z>nTEn8dUW^94PX9P8V1c*pTN;Mh+ zwby&H#qAOkhfrXgz}C;0Fr=s}4CD6ridu{hocxL}Tn7@#biGcqzz)zeH%Wevnaf6| zI-7K|nx$4s8QoPN0T493mBI_XweXST!U-`2=!e`3WlX308c?i_7&7VlO4%$ZGpyJT zE=YT^aR^vBIdDLr&hg_%u7@YS(`t+a@fCEnLdbyExUQ7zanO2De6`%n(khVD9rwbd zW2E15r^9vVT?nVAfcJaFz>>Mbg{0wRYqhF1XuzCze3qe!k0GDX95c-4e$Nn-x$;JD zUCbPStC@`y!!Y-1xQCQbFqRtZr(3_&vV`ym@%R2v}?d z$J#ir58Id{_Rx?K59Gauv;>f`K)yXU$W*>#@y?D7SPJUtU6V+s_Jg_fP_cIk6la-A zAD5GkFx^e$GdgT+R_f&5b2%VG0kJGt$mYn>9MF3yOMz4y%xXsfM@liPg&ldsoUjUNj28idgZtL1WK2tcn3Q@zJdE+yagnmyzzLNBO6 z^@JJDaagXmOeXZXj<3+Y?kZFOCfa0Tn4SN`GUD|p06~^WZtPV^?)sVme5PvBGo-QJ z-4jz8Dxju{MgLNA7E_BQ&XH(>!dHswx(PIh3&C;Ulx*0v?}q5_lwf8ORJ6Tfy~sA_DW|sQWQf3R#pK#wY66h3bda_0E!55ysksOn5Al+o=3pLp4h?ry{Y14^hKCMqVY*PNOcl*a!Gdo`>IU1O z5`=CY-Xx~VNLPWs_LuR<^t9M)z@Eei-TD&L-S|_Ww zd*tpoH~BUCz6R~+s9{uM8g`#ge@G{5&IPEieVu8oecmWIE@!2kA6=DkO+WG*d*b-<0@`XO;dksp7b$qPDoj=XaM zi_iCBKD~atUcL;vcby__ERZ(b3~7-R*&;lw>qh2+2V$%tS!Tm6&zw_qppdJj96S#B zy-9tBu>)`6c$i)Qh{L6W$3&c+BbV>T(36*P^$61T)zRSdwaW^P7wYKUHRvkw9<3M2 zFFHMW4|w(Sa(&;S?<@H01^OWw@*L7Cv1QIo@gh&AsQPYG{cwm3Dqt%c1%CMD{Kfg! z=NSr`R}}l+^Qc4O^%Ff%Nz92`QYxf9zDU>yn!2ep6(ao#n%b!}E!zc6D~XwNrq6$8 zd>ha-L{V`CesE0DbnkPMG*z!i)1?sTu4uaDWT9!|D50qbL%=Fi(J|kY0fkrq7S5

fs=)L{oB*EPYd~%KfD6qZ5)cmS>yDIti z8Sm|5=Ix^7TgQ7lPu{u!qIA|AbTWgudPJ=j^-H|I2`H;E;sZ#ceXw!8;|@ zUmedT_4r8MvUEbW&{f|V`9B&fvD%+WT8Y3_k*+j!sX(MPv_;>9fW`0?ehtmV8~5IC zm4-rq*nfgNwX{lg{K^Tud6v-zJt+`$CppT9r0eDbBgKf^dze1q+6OMq5#2~t5Dh9gC{v>5p?gH)wM}{e?*!s z?D5+me5k3w!YnG2RFBk|c}Mi4!w6g3_F z?JsCW)QTn@ftVZ#8go7gv6e!%4vEDsSbu#gEyi`u*`Oz5TziVmGNU_8W2eQlE{1*J z0Kk5ZDl6EiV3us(7ehd$1hy*L(m~TW^9_P2dKpiNbtv$Yu?|28YzMjj?ylgflFT5& zJ@hqG;Mf*{ zWm^6QVnGD^s_^#59WhCa9s?-D8 zr@yO$I+^srj9+UCnBuczXp8~ z$fM@SDQ}n+RVh+JZvYt^s1{DSZI3FpNgo6o7!ERtEuPi%3~2dcO>czIkGhpQ7;J}X z081z90J*0R^$iZ#X}^$dh2@XTafqKY zA0I26+596&vW=Wke`)l1;+Nz*$7;Zy*q~WQznaOC5_&m-gnUaz+tD;OVLN_04j>!nMum5WOK((>qjcdQYAxOtap3}H8s z0IIApofK#RI@1@cPvmOy*aj?%VdSc(UB9Ld?PG~;b#I!mGCTTlh285Nepyc7D@Yd~ z@`#+ZAnhC5hzTK8GpH9ECY1);XY+9iW0&sZXY6h&@X_}NFqVgtCS{#hY5YA_@wc-M z8vBLQY;Pd&XtPj_Kf>^GxoaHcw#TD*PL2Z!uiHGFNkX z`2*=(X7Wos>xw0wI$e9eQYW>l+sV36?#bde7ORg_=vcM4pN`8_=)nm*HQM-Vfm5+5 z1_24W_sU!Mp&g*|A|I90=z9TOlC=C~?e$@06#53z-{%+5(GB82qHgZTuQS-l4qY5u zL>!ug4`vHfM48)R{osDF_v0FP9G;7w+Z_mK$gT>c{(~o!VD3;^P4g-T+DQ;?nF<6J zcc_ySiBwn^5y9d_^o|6V}?6{#Q?=wtXfB6f6XxP@a8m%iJHgTz6hAw>n$C=n0TN-q>@lI`Bs zoAL!rnE=tortq~cF46=F@)3#yCinN^gfgIrWQKfW*U~98gvV1!C$(xkM&$ zK<``y>!Z`b!8XMj5ed|9yg9t6BV1@7kQk?rz)YiKfpTDlz#$X5CY3@Th=sB8Qo+h= z2wCf;o(R6{8W9{KaUA!c4v1hQV*H}$N%?ac@>5Z20b z5Zn{Li`U~*tP|Y=Q20mxr~|*;l|1@Fn=kPAF7j_x;ITnZoRe`npbv2Y3E(1119Utd zz&bIKAdkaO){gmj&_h@6tM>z>va?=pA796Es7A_TtS72~PlW!?VjW@iVxjlwPk9VQ zOg{C4reaj}*alZ)=(HRH0$I95o;A%_(E2=FEuiQXTX{)%x_2yjgb zgKKs2k=otf2G`QQ`vUp%{Las{Bq)Z1TBoW6t~9Q#W&^O4ifb~Gq^^N=1@51AD7j1H zTAkEm1k~hKXv)>EBteC1EXO}`jlyiMJ#K<)LT&wxJMUX??NndSp!(q?|HR*1&nkE6 zZ)R0bf@8G@r}|+a;c9jhC(lm0v|{7nWS+T)?iC-rx9eVU+#_DEc=bK1S3JUwfyYkP z1#(XoKM%*LeXukJ|FWCsRr(tQBx2~H5#m)I+uz@5I>W@PyyY7p--nKN8opnV++Elo)SNFhOP6>$s^_+sAJ{!``p*dQR?)Apv!b_(te9S{K5wk7(d76^sfPXi+C>YhsBsSb+=&4)wh?PdEO(Yo69UOyHh=#JLH}` zZP#v63e#rf`kA)zPzi!LfmcU(-ORlonQrE3^Y*di+sWSBh34(NXU2;eUcpzG2cTKc= z?oKC~8a$7F&>IBo)}#gjGlU1C3)^P$5$X2${m=z${wh4})KIh|v-%hS6Q~}He}7lg zxT}Kly_$9O11gWL=R4Jl=P8VOzptNBhaMu@RkQ`7961zXv=?yS+VC(&BPYiq(57LtY4H<1=&+ zS%U?B28>|0-D?gO_-p?M_(#$@q>V==p8?xYMA!=%4}d=E@fR<|p9}H|N(nMy2hY3= z_YZ6b&kEG&3#=>W+X~{R!YXbrG}nHsGQa8e=w&5;sBr=sK$~C^15}(F8G?6AW3Fm= z5d$~9GV6Lil+5g9(y~|?8P%@P5ucozYn4LB5MiSz(S&5Xhr?}U-Fc|HS_blfQ7vA? zgG@D)6c18<93SRF}zWQ?$Jyb#6|C4zK6a6V^GEj@*I`lKgJ>EUvcc-F>6 zp7d;3ohm&mgeK6w@*lXnMF0`KIs{EFz@b7r23tT+I0uj1@j5_VfF6+{9&{l5G>Ub= z?!%iQS_`#k$xljq){Mcsuy4A*qa4G2>f?m8d*k1{ntBDa*o4%Qf=t)XyTtbG7C*MT zALqlw4*;qads3hszY$q}Zq7eYxOqnc+${IFnP%Uu8HJ38)Nig68ccv$f*RIxjJ&{5 zg?cA5mLIJkSbFpv$6-uh4XlqICBw^C&eg*FX89DW3E*DA*n)u|ZLgc3NxzflD@PGDj~{bt3T2NfS3{R^(KHBmTEv}THa>y;Z? zv_R6a{hP++A1y^eZH1Md9aD9%AAjIkC6@98t3T->939<+!NF>>Kx7K6#14MZ?p&cl zsRS2wV=?GGcocL$(JSt=`4QA0Yu*xiiDZtRpI4&nwj-&K(o(>J(8mb05H*yMiFp)T z$`$rvmKB(_1m5k?b%#v~vwVgxbPN&l5oW@K^LLSJaXRo>h89GXc!4Ys2qK&Svo&gi zGEWTWJA<$Z2;No`T|J(URezXW5)W){=GKJ0Ka4ozJ`9dRupG(ly*~u(9|jZS**QQ? z764)%P)x1Ck+Yg2BkrOoB0hqriU-Cj&~?n0x7ynZr!<}DF7=AsLg;t9#S?ntCW$Mf zSWTx;7}8_Yq*H;6DzG)G8iyFB8Yeyn+Y-%{oDosFiBBN#LkZgI*0n;y}nhE5bV} zZ}DoL_h#5QU+1LguoX<#MphcvqF=v~8X?ogFbtqf;ZdZFSSd`lBrbwRxsg6%xBvSw zRIC|+t)zZQeBv5PL3A^W?*vF7jCBE_DH8wqAJSNaQ@xw8Qt<#5rTD$LuYwuIkaCLT z( zGmlKI+p02I5gD$zUcpHS+HZxEdc=?VSl75tID~q!LxYn_FE5^T_?@1+^P22q5o|Zp z2CZ^Wt-VwGO8hPxpFuFPj`^M6Nu3qaPHOaU&q;0CV4T#e&D%?oZ^wIY%jB(l&PU)y zweCaH__300c3Qt(z%j+Kq)8EZF{!W5pY?`$WX&O1b4$Vq@{lR-r4#7;gC@`wH+lL) z|IPE__q@X+Q2w*2UVM(+lR(#NKZxHM0u2cG33TN?B5>84faE?->mk4xXn~_Is z|6jgA{AjzDp#$dnWT=WVq~Zu`Z}Vj6s&`Xm=zO`S3>E)Pea!ES4876aFGB|o78xr1 z5Hj?V@(YX@CFO_t1;?k2_aOQ(WneX30hwl-`jpa$kny?ES9`;|S3kh;?jcjP{HD}z z%{ZJy>mr`1^98I%#+D#S{2*O(ug&uneJu(+~^eFl`l^z9hPkLOVU6B-e z?AFaskMnR`9kz|Qq=&_z1JW zEwUZ>_OLym#U8R8o1MuO)`cOSyp|aRNmZ$SoGM*R4k~XxWi`-5HeiwF37N5cYR&yTieglV>{>(m}37tJ)$k3 z$3}49&||~rq{`1wq2pUkh125c%Aw5KwwpaFJo;uT6`JLqRJdq<7gYH1M?V!#%M&V; zzXK}tP<>;XepD-a1J`E)yfAcOFjq7Vsqv1!*3AD2p%CR5#saob8W&~cESShB$EHV> z>4Tz*_r=PhE5nFmcJ!_J6MN5z#k>6YUhiYL9zA3rm|BSwD1HUU45I3S1}IqI_xi4a zTBsXx0(X3)N&9WgN7_R67%Dkx;e3y@*WIB=d#WJgWL+-zByCUlbnQncqfou*H!up- z8~@^LJ4#eL_NEgXATar%z~c}N7J3FTSeO6c=gBkugeNOEf+yGbB~x_^Y5bY3;AFH zFa>R*2O10a@*^w`SWhVgXMx;UN$g@E0=w152Y+!B2TN6uum( z20WiGWHq#tP$&fWdkfYehQ=D$0Bd)|!=89%<`eTO*l_qr(uK3YkXOEyWp9|Qi{uYL zXDK^30w&qP6eR^l42gBhj2hv50q;pH(#g%yZOHR5)1xR5lptJS{Ug?`kyL4reV`wMNWxGN zB5*2kF`ID$YY*@SEg!EkgO;cIiUury19J3is<-9$*JZqT11T2WZ2!FcYuf>qV@&dn zzJm;QE&s$rWFn7O5OdL2iCVz8Ks#`d8;u1GiWd6ZyN2@c~ArS}@6)?d<6(WJo^_+yP$_5>k5Gy81PtC#n6x)CRMKJQf zRkj;^z^6HE1f+$`Fp-9#7pPITd-01}d0;S_2^ol24t1!&{urvE_M0IP&*pmq@%2h0 z5Q|jI;IR!LGS6rBJIHDD{*F~gH3NTH~wCOq$jBuz)5U z67-0%roKYjkV-{;FP8}|Lvid~0=)D*7L)_DcL!m@kRX8M5s6&%oOlQ?E0JWLd+2OY z{Ve3ClOAQDM>)a`WGi*98BS39r@BT(d&nhekJs7m-Ef`TU%&$4G6Xp=|UKwS6_0E3Ky6h}UySSWX5a3Gi6+_ev?2#0h61x*4aCXhH4wIAARzdK#t zUsUuDv5h>oAvz>h!F^4WTkfO{PS?3tpbY{7f&q{Sa>#fm@&y3vnpq=A;@|zvW(oYG z`cM=VksFT1?(fe6MO$k2=n~&A;=dB#aevkLo;$?D_t92^ z?@4yeZs-^*G25XvW*Gt#2s2^`~@h443_c$Up(ur zze;b%1q%l~k?J20lzTdHBeVwyA)^8-U+n#_{l3_tSwfbgS3#Cw38-))DPu zrC|NpSAMLEdkfYh)&lFS6yb*kq~R~=OkKnyVvvVT_bbs>_|s&8#mKIy6B+90UL)IG zi&#TN#I|^n&;xONNQ`>fl+li1Wnj~1ngB)9(g~nKs%=dk0d7*MHtiSLfCOT2gWQt< zqu~^_j|L=}%1WpvF2xF=zW`S}55N`kn#SXc)#Kk;jkUb;UU5+oGLhv;3N`<>#ZS%l z-GrLoz6@$U-^o0u(sMFa>~w9PZ~m8RC~2R?b{_Ii^|%1e0$||GPw|>5m;%8{RVbD+ z)gaxagFU5x=~<)nV-;lM2^r3%P0#0LJnJvJf+x^5Ja_&h2@fDp@Jt1t0bTK$=>!a5 z`T%=nkO$ZZ53r@Zgk-HR0k8=MFx}~=$={i3JW)w|R6%=GLBB;LjEv_HNG5j!0$B2m z`?`KW2Zb`?uF#-YrTAU)8WSMmZ^7?slHzG|zulJk{VoP7l782qeAWL;4+W+L7(lrow){J8EV^{X?K80k8{p)4TyqRQ(cJ%x?`xoqF|FCan4R*gbHW3D^ z{S|2T%O7c@xZic@Mv;Oa&w4598O3L3sb0Yt#fRjcM)9Z{v{BqG&G=nL0~hVs-ES*t z_~f9#Xh-j^jN;*48O4TnzfpWMAR7MR3!w4+DMm3xzb9Y0EBn)UucB?z9x^iK?)`W5 z7$Kl|)@wHi=I{k&Bn#>A439{Sj8^Fj7S+=?a>o*ysXu3Lc5R=(yC)qUdLr)ZyVYYT zJ~b2L?s(uBf~8$l)9-0R9izs0VBHPx24FqC3Sf0@pRE}`b&jW?0+>Uyo~n=4$QdaN zHnF|Kk0uag`Ws0d0+Ynf8zbm{9xUh=0_H zEI@&T50C}G(0-dSAHa-iaH#nXUKbO%`;j!D&)#b!E)U1?5eUEp(zRH# z#1M$J!@jPwNE?HN>cwD?hu*VWH_!uTMsn71pF zZ_n}GK4RYfBl-6C-rF1Ht$W)F=*NFCU)k08>>!G6bTeqdATay`h=h>Qrypwjed@;t z(z}X@P3lLP5(4T+v%H@Q{o+}(H{p&e$*M}Rs%=&S?&PT6zpxOrC1gn5t4b?M-J}#! zgJhNDdWBC>w9<&8VB(eo6H%1Fv=l`NDMdM4D~j}gS}+8?6fF^716rbk;4z~m!>1~6 z3Z?Drq0eJsX|>7xgjJP+3w|edvGvl2*TStCFn3uQT;+(z2y=UeeRWPKhP*EGkaZC?-ev3g6XQV)M*vcb^uJ>z!Tq z-`0#@H9t{#o9ZPiC}{36x2wA{C3e~m1Off?6B+J3pZP*lAkwd%pSa?A0KKdEiC+cp z(!crP{i}w4m+%sDNC=sMD-i$@3;3)$o}A(SC!w)vGHUF_mY;s^XW)H9$zvhyTQXnD zmfVy8-pSH|=(}Vax3+`K6fwU}r$p79#5opN7^LTIw4ztAvevd9@sjSD01bkOB(4X( z`$-RRovag=KMY|&iW4C(rx2SADUmdk9=uhRRylp&qg`(^C2rHgHQb-#Vfs!=FA0Fy zNvR|+Q-EaC1i}4-ulbhNT{Q0m?vqzCTGIZLA3VH&OBI()N5H(WNh>B4`BPI})B{&IW97b@riWQgEx>c(-TGt@RrdU8l#Jack zJx5zt)=Iwr|J?hQnR%H>L_dB%GBfXPXFunjyFA(;Ym==_(U-ZdDcb#E#}sXlN>Iwb zd!_$;$SHkJb+P0Hu)R;5ZqdOd*rPKP|BDjyae4zgGcK5M$ZQca4x>q~ox%$=S@lA#4E7Z=UGYQ3h|s!2YINs>)bY|1q4ETXxmoF^2s?;}Z|!ywBLc|@XZ zM5JRY9|YFmZZJ~HKNge%GMMx@w54a=ae%*9-G2CsnTE_oI;foDadOY7EN%qGQ34k0 z1HT(NW~;F9#OFbOZU@$h2mO&i|5d~|cz@gh)OM`$@V!3GtcIV^Q&|dNUR;vW(d=Gt zYdTN3%tvQgz~mGnlG}5tE1C6+;wAGU`As6%>nM)x9Ld~G&~ha6f-PDk$MteWa{hyk z(48cu)@jcH>3#fDAP?W@2WvnTvZQVo@G zv8CfVQT+}LiomtVfeV+ce*38MscJzDp(L0n3*X{w^rrS=RJ>3--x7MsGIcizyqcY!^*H=InV;hsr3g9$ovd-05e%-P#AK(HCvW@cOLOEbI#j_P=Gv2~mo9g=S@ z-qFpBX6>tT|1cWPln_!4#wlDRyW}j1a?AV%{e~8JS;_2c6(A49a|vCAIr-M>Ib^C# zYb8*V;8F+X&{nxZOw(UYe31lf6cM36b2EYr_uXY#Ok}OMfD`+z<~(%~8{kI`fBZ@R zDB};2Wt3F$hZ0)>Qt!otL9T_NXjnqBlPmUj;Cnm|oCQrfY}8ULrG4oDfR$vVq6~ZJ84Ds0t?a z1>6f#JGeb|5yTAF$*4mG6_KpXxUpk12wAsTU2nn*NThO+Kq8961c(*-SV4$YeZFRN z1hhTcfG^(Q7*~&0YnE=DQBL^*S*O!33{fggcaX>D`PPYxRez8p!VQqYr15l=Pb;3{ zitp=~c8l%LYubBWm40)z#sPL6m_bmk=6 z+UT}+_5ISzR!FUiMxpGO8Xya*>Wh)Xc z)e#_(E&vID9DB-F3cLFkY8c3ZR@f35&=o;f)}#&iqs*ZY#$gswD;Mmw^%2vqVD{`1 zfN<=Rvn#_o@kxlz8~&-VL_nVWL`M{Uq&CY>+XdvE{ly|7-J{xj=udzpX3g6$Sc7P8 zx4J&~ySLGNr^p|VNnXQm5Dn{?sN%#L>CQb@SuM?as%G2iOISHqR~Dlh#_X|ohN2oM z>7)%sytLzhgtbY(*dFz9yEC%^fhjY0_VvjOj!#2o9Dx+E@g!2Qh|DUoHsTZrc`tYw zO?wkGV67}Wq=HLvct0I<87OSWHHoe(1t%MfCUvZ3p+4>QYcp~!8vGXUPiG2`saZ&e z=`uUgsJ09_;^`<8l%K0I!*9tVT50ga!XN`!EIw#b0dnF}oAC~r1 zPrxQ@H^XbFk0h!60v%v9`>mBaY(Avg4V$&lV@^lrMRM0%>PF5l@1Y{+Sps`B_i_0R zwp&9lL6#k=3}GssN5EC!YS%*aG0r4soF(UVI8Kc>&RKe#o1)f_{) zX|?}zoqziA{1+0Z1NEAOdc))D-7NL2g@1;cUhHH)ljeuZD2++$Q^jVaWf4e3%LHzF zZ{HA|ls&%~zf2O_awr7~f}FxiW1hTzkJs^k&*stW!wwlQ;$S^+t|AY*HY?dL~GWG>^8=1pjs4+4xlDoM^ z7(3hycVn*@Q!5418|0+3R|sMaSj3`I2jB{-W$D11=K^;Me~vZeVzB2)HU?HlzdQjz zQ7{po_j2y-KYy^kn?HYtO6a2Wu{)i>XP21pEtL9%KiYNd^VP*aj1Q*OQ*##tpJO`3hT>kWBG}v`C` zRY(n81L{QExLWVA0>31j5~hiLm#JmkwT@Qf!+`j={@HvI|Nhwl|2R*(A7w^s?xp8E zmBAM)Mp-qSeF1((a_cV=4Lp-zfNi;F;3-i8t3;Ui4IA|j=lRRzn<-Hd*oivJlyVY; zFoZ2&`V}r8f>Bx0p&|eVpo-pjfoozgXl#Lu9Sf7$Wq?gKU6{_7O8Md{x>ffOXaR?x zkj_bz=S}RVgY&2A0+tp>{(ymNIC*`3coj}%Z+fMm{w&zHzK=n!;RCTBXJh>ZgulS0 z3>qR(dGl#cOL$!RL zyVaHN18#HVyZkemD~!QwZ0#=-DU_h^s}+5UXk)Ofz(0`CVwu<9%(7^1zelOki|f%+ ztF-m+DhF3!B%<4~B7-z{44@yT`9<|IeiOA;xXaZFE?>Emh1>t83QRCQp)SXD*APQ>jb+`Mf-Yec9Z zD6sB1)^3NYHHSQ0fY)5F!&X&=dgtT>Xo-(Hz^mF6(^WUHHyVn4`M`}Cop$h~4rmZn zxNq<6c>0LRN3DulAS1(8M-OU=ih=`CdhDOxib6dqNwQC$JP+fd?pQTeMxu%%)c zOB=Y$g3+bwLBAvddkHLpi}R>o;ZwPwgy@#Bfa-wO<^YL8)IhPvy$(qlZ=NeFuQ1HS zPUrztasRnoh@hV6E6^QyASCaep|!zY&RAB1N)tjNenc?c;J8VFjo%UTGQtk{yT zKqmRnXO4BSN~Qeze%OiAyg*xK!%6;Bw#syL-;7e)e-m0TX@Pt?NlfSN31?>D9raiw z^`260=LOA*V+-5YQ&>TL3Zx&8Rid7pur{wVnqHOGPPwWpBNI0^yn_|+10tal0{8(M zI7}Cd*G)y#V1kH-#PrVm%~5Op%3+vh?;aN1RAXVe2D$N))UnZVmK9x&O~1#!zw}rLNEe?#4M6Q+~mI!-42rf(Y~kddy&YO zS~fpW+A{PNL4?Rv@f$o{--*vC@l*@wJfuvjm2lWHYv2MUa+L%{#IS~?wQxq9W3_!C9%=su#O<*=?XSM4M4t@}pDp=5hcW6q}(l<2r`@e4O;z06;sZTUviJ^U8d;*aA_ zc^TG3-2Cd^fqV(eL42&`Iiv1XH(3dy1a`zR3qG7J;9RhZhuVO#Y;SciU{7qU!j6QS z)p1SJ7vbPO#ek=Do}f1d^+F*C!IgMBgc1Tcp=LRWp~mr`!iqQLr<%!!Fq$0aYf`5R zPn67ruo5+1M+Brg6`|784YYM%P$>!_a}=Zu?oM63fTJoB9&nIL!g@Wj?2?IQXWo=d z2!LH?A5X}z@BPN)@@V$1cI&c@l-t-4vjOV``Zr7*i3MLnxYK^aMDc z71UGqJ%LYu7w|N+7~-}yb6Rb{s994-U{pZ0J$q`Q8F~dZamCx*E7i!~E(oH++ksD? z33y5@?E|H+(OHFyRQu}Dk_5R9uB zxW=zoKkUSbGA)vQyk#=HeG?m!-O_rLZY`z(U4$1&Yft=m1?VA2g67ouI~m1JqS+75 z52De>0Z&6)!Bb1jY8)oOFH>n>svVkgn;BLiTLW*?ON z)Vk{~Sj+X>oQYk6y=*1NS zexbMpHv^AG#3uG0b24tJL4zW*$1Co+TDlL|EWOr`9_n9{wiCm7F(kIPW!3kP-}s5^ zGPdQ^KPo@5t1ot+^~#+IHX{e6`{M6-w$@j0O!|#k!lkv-{A0~&7iuK_vO#Zuy zU{3vOP8Yjn#9p>`{0=yj`*BEs|LH*fKs8+cz?%l}=hl(Q@aNQ5ID^aKGIe+i*I4VL zW)3>Y#$a9@%&+P=e&zYmk-pIzkD@(o6%w;w`7sOR&+7_53^@sL0p^hKcCui^NX*IA zTep9uG)Hs=v6rkD>8OD5N1pYz-ei_f*de|Zh)EcEux^oxio^Z}%so_d;Q+ny#Z%mm zY89__71UX!6uYCNL%>sP9>^RC`>&D<=5$IOLag>!TZi5Oy!ZC-PT=Ref%rC<1P&o( zBa0;ldO$BncZ~8UdY9eKpiJaziF}cDy1t_p*2%*c%I{zph`a>H9`e7s9mx0ekO#|u zH2(id$MR3^P&Ixc{7?KT@V_k`{t?B0&~*~T6!H#P9l?m0{AYHH%;&c%e#^7Y(dRg- zaAp*`=MRTj3nEO5jBgNOOiQc*F!cOcz`8}+T8cu+OkB?w!7;Vj*_v@HAg=OpEP-EL zg?GjVHGXH|oh-}BoribzEvezXv5WNm;T|8nV!9jP^ZbK9{&bl`L7YCFLsYL z{AOT<99f(LPQXtRNlE7mI+pjz`an>;{P2<~(>Qpsylp|$BZ(zhU1UkqO#q(TMdG4| zBzvX(Z&_#cb;jF1dGhqNdFAvmoj~IFu5pHUORcqG88UHml-GS#TkJ0Dfg6EedjBhn z7G2=a>V-c1eEPzRxPuvUnO^?ytVN0~0N`i3j7gBEg%Cf)s}P_`aPF|5@bF?bmHiZ} z>4U?1>_!D|HSMRsTY$gXj6$4{RuG}`*-&-}p9uZ1uF$YU#dXTBgar+5N>5*5!=R`P zD>S&>=TL%wiVJ?C|9iZP@SpR01wWF0`XmF!&#~4wt9%Ng7fzy>9U)+Xg`i3!Mnsfb z@S!xl>nNQ)A1DpcC?)Wt%lPm$Mt~~;pYA^zpGWonsV=Z6d_%|hEa@VD4!d08Bf~?) zB|YnKN*4KrKXlFe&s03qia4V3caDL3poBE3LFc-vjl!EQ}`jy@WgT}9z z(u{yeHkCTTu#*jS&X~KA_AB#%;s8(60_PW9<>!FOo#y9+#vjYiE#LSC0n)NopW3Xv z9r7z z$KDeH3BZ;6qH6t?4_F)b5Q#%cwI6F>9_%3(F}?h)>4B6bB!QkbiW zRBA6JfsQ;DU;^1lqk}r=!kbzu0n3#D(Vb*E%1xYg_jGs9oS+C@7Q-tyIaW0Ht$Au= zj9jOP0cpSJqa6a2Xxl1)!{1w<;w}S;!KE(F@7(DviSPRF>J0Ip*4@3iByLS?0p~`8 zpNal^H^nb-oE|?R{t!+G1M~_B-WPqBo7Jw9dqKe%Wom0VV2-u$10^(h1V7)5GPMEm zffN6<+U(Vjm4MwmMMK=2CrdnTxIt<_c2tj5(jy;14mf#i3%dfzd~u?1HyBdM?Pdj^uisEpzbB?k|vo-DO&L=Jqp}NQQrj80a|ppL!@{ zKcBS30;l}R{>MAca!~f-I%g}w@};uyvt|x<1iTaxNx@$9Chv?aFfOWDMPkF3J~wlr=KaJL9xSMF!t(nwK*ol6zy>Uo%dN?wN5C5E=}X z&l?%8%fPYxtMMF<`iudI_rI? zNX8XYBOt$Zc%>?S=2uXXV>en){6*p41pKo!{y;Xz3?GV3FZdtvQ04tPS7B=zSc86W z((;X~`kIm6Ujc41;wv+P`k|#cORRCyt0QG8`}<|2{{pwW-6Or92=`tP?*D|>SD(1P z*k{WA4lthSU+H$(*LbFP?Zj~J%8B9rwO*gkJwdEH1>b%~YyUjAzdelB-o-7w^IG~B zd%aDH>n&;iyIILkrRj?o9iond)ffY|;C4|+I!-HXHbM`fK6zAKUiy_0x{Ix0ZNO)_ z8I^&KI&N47nuE)Xkd4Q;LR)qv?;!=?v1Pe@4^!-!$a2g&hNNvZ9)~w)n3#zxG<2>v z&w3)h9d)1TLJ=xa7V!qD;d+^9_T)ERb2FvZF*j9hB3FxNL$0tO8kZu7vjr zO%d%^kze4-AaHeggL%=lNi8UXbm3hIkYvE(;12Negh1Aw_idH+;DXp2mWhF5w+C92Ifevhj-|zd6 zw*XZbrX=d^eaW%*>ftm{b;Yz$E~43|4iB($%~vrgL^?+S=!&uv05fgt1w zf!f*G;T$+i*gph7YAC1GBxjWwhPCo-2FbB{N_?h|$W>AMs%2X&XaYe*%bJZ^^fgeop}hXGYaSX%)4znw-!Z{D&yu zMgcgx0kH<@0~0^A{ua__zN-cC^l1QmWrPn}%s(2w%LpG1jI`BN2EkY9!Ur%Q$=0rb zkDG;nASDG>0YEw%+Tmbo31|tpShmE9v1z!%A7KlS$hJW*mZh-!0TQx zfsXVmeYbu;bpgh>tcm!Mhg)DGBXbaT%3D$Mm*B+^oALkK4(NM%F#peY`Hu@cc=038 zm}wbsl5*B{XH(U*p>T*Q!Xbw|^xg!`{v+oKRZqJHRE3Iq?7x*%UEqS3pr2!g!Nq89mSBQp0-rCHD~|M0M^PJ*Lt+b*t3}QEt%lzKoQ_b6 zta+LX#Y!c?1=y3goPe_vb`n?jaC@rgq&W9S!NNyrbIKaLLpPFQG z_Tc{kpM_n==WijwXWi5;<0I!2U@ECQu)m|CNx90*)W=pUXJD_-7~=)GtUbtO-*&zU!Tzx=yI@dOb$HlcS1v zZsn+d@x(u2eA;&ybk072KL%6yS8;s4G_DSibZCDtzFOgv6*H`xVU4d$*33-8r6x4i zFBDuu2-kIl3n`DG^}i=vzXM!x@-?+n_NW7U{f*G0llHoKwovQ$b)C0IjE6hruY=(u zNyTyJTSW*E_!IKRZ~{6D9=I_D%x4Yhr~UPNjRNU+R{_#={<=&0*@539U@7d)>l*eh z*qeP621gKsuG*XHl>LNL@$#ukM(Y(pA*16u^x>?cLL?Wf0_*x~6!k%P2AQBfA{nu) zax8^6FM#@Gu$5S@J!h6sf9e##e!jMql@#FFw3AnRcG6L?czOP51 zUfBtGnL0i={-_|i#QqKGSpPqn?&-htnr$^(vkp=)lmUj=4Xy=zm^%Llhfw-nvHs%8nF^|WN}JzbY@IF;><$Rh`HP*27q6QY94}s@hQIj= z44*DuyfD~bjHSGYzc{vId3gonvtB;+4o;8pKcZQ`ulVn^LWvxLGRO55_fc-{4wRRv zfCs(MSo-HrmvB~63DY5GTC3y>MwS^>3J4o#gF<-0Kt4SgULVgt_*Ut&#-kL36EBCf zT&eAW%$}kIvL(@$s~ z6FyIp-bs52pWh%_D}6fa>1#m$2f6*@=3n%$Z_)F0pBvx(-`V{tU-t>|z|QE~b)cV; zw*-9)Uo8Z@Z&F%)>ykgs369eULJEI6?>Yr#7yRkU27&*R%OHbY^QWDQuYgFNurC}p z-#ns8K?)&CKi@l0!FU{Dq?e>XNjfC;eE6sFm)0BwX{X|=Yo`e{Z@Kj6w*Q~ZRZu0{ z|EU7O?tmbT{Ws?P4Drx0Ek3@ci-$%jSSMZrYW;|KXlL|!ox56{pwEA+7y7NMNlU+} zSHfQ)+Dps_!l=<3A(lkurGxp7Om*-o9yo-2`Hpw+;Cq2}C*Y!;E`pt|qN~s;kNp)` zLjjhJsfnioH__-t1O3@W!T$9O!YBR}N3=VL+XW_0zW|?g=Jg7u0>ESvCOsLup-xEk z;Kd+Sv+H2*B|r-mK%RZ)eCL8-cusfW!Aq<=fJc!Otjf1GbO23;f@U8=GuMUYenRtm z$0z(8@Ki;DsZ)EEP$xXG)9~z+JOc_6Dajt#Qv{4|1S3uUU|MkegKUzHc7D?#f2?oj zDJqEPfs58VOAy|=`AsZ7RYQVmd;w5}0`8)VAl0@00B9cBHaEe4cV<2hcN3J~P$*D- z_)TWcu;+R{S7Z&DPwKhK_SY+gW^Y^wu)5%Hem?jfkP8@H`1&gN4(}p-I}tz9B$a@9 z`Btgyadz{=*VhWE?!N%yl`h`@`RJ3SfzrnE`zr*fJ^-pK{Oe5qsss7*+e@EqFR(`5 zq$Eq5%-<@=>L!3(Y4cY*F`pI~cs!0QTd!fz^XYdk7wUXD|z2>FYA-)|F7|j;>Ryn<4;IG{?9*uAeS1*C0KE1 zM>P3{AF>k=C1qBQhTqir|4Bl>`_6-|b#eai)9`c4t#SO^dYQnpJK*{Mk*5u}#f^Wp z8vmwq(~sYo{6`1&hMYpGLi;l$G#NX7pdrz==D(K;C2|N!XYwCE%Y0y?z{K^3PUJ_2 zDTvQJ2eQ=l`9PQSBSoB4=!0F$`K|&XPiB=N$X>mTq0b!ZhY7Eqcif+ z!TiEn=N?h+FhBP98iCCEZ71bp>dwT6Q}ov4uEmFkDiBWsh@FTJI|E+|eNyWwWN($| z6TgWp6j>KK&?m&N^DY(={$X6F;M*B~-UJ8;5aQR4@}2Dy1(3;R2)+Z@Fa#G}(Y1nwD`UIB-3_c^rtN|J3t9 z`?&R|WZ8-A_*U2p3Rf@{wHR>vWgv$#Fb5$|pbSLMfDwpz!^iV~>NSD9*B*_hr}($-u$HF5%woQlPSU`{CEb*Rrxu2>((UI9Nz(Q)i4>zlD44tJ>dpws)snlfnq z)m}89mtn7;w?kJWmN|*#Tpr4oij$*GMcr#)eS08YWTPqsm+zIPy!-sr?Kh=q|Jlx# z-{g*uM0`HZf}5e`YnTZAiVJ67S*vDkg+NTs@S|s!-HdIIs9%s=|IUE=IK@+&VLx)0 zGn5d_-=XXkB-uUs|M2^`+8yxItN-FXovCk6T;x>qk1xlJ?C0Dv0_ZOff-kOeKz$J- zHY^Z%TK%9iuwb9I|H*&qOnrNqTP+Y?d#{I_Zi34vrYUdjusi|3VGlb41>gtz7G&7h zyymashewrzRgQQ^ z;DZ{!`2J5w?q7F{j^J$J#p!3I|87{%ch+zH-5<>Eu@h7M^V7$bKYOnhhX#S=tf=hQ zV{XNi{Y?y~?9Vr8$7Gq+kGKkcLLce)8KpOdD1 zeTU@<_?`2BGmt_rPQH}=zVlUo6+b+x{F-H{%a6eYwYu{J`Bn10F|It`{&ph%jcrxa zIXC`=f%eD0d|8?`r@8~%A03%0{x#<4`vOzP;ADSZF$B!ofpv260l3BWT#~97rx`Gd z!Jb3onQ_HD(r_Z49DyH4;D;Be9`4(Ja|*Xw`v#=@(F6 z`Ikf7sg_VQ4gF_yD*xpgL3@}x5lhLh;Cz+xFUPpKFm{m+zPQS)pT@uZfL*;wgq-X7 zT((c;UtSDqfANiu_@wnOGXmPX{^dM34X3G>9-qU4`=f?t*e@qW2g&qIu)l{T`RgEm z;S$+i-KqNaK-Yl>^3$H0rhHkN^1WOKpV)r_es{YSHHH24m4Dgztjo*<`BUZ3{VjF* zHP59ehkxn!yuZB5{^gJ_Q~MVlMzxlm-hqEvJ?tm-FUMhB|7Y+og2N|RUzfgp{-qDV z@67yVQ=LO&KYuB<3Gr~W-l-TM4{m+?qIO3DmzYGXy@A{W^uOE$0 zT7S738+jA)ar0y6B}NCy^h~h7t2-4Rc=Vr~;*JCqqq8YI>;CwsqFXIC0L;R5+yUd+x2}J|( z_3X!sjSgW_(ch~-!<~qws&5Yr%vS&#p?`@N?R4v-t!_7g{IlwxSY`Heo6=aC3o;o>R)DJt^H^4FM`AVPTxNNa$0fc z{L4`_4vqc%qi!b5Usk&n1LVQ2Z_l|TWql&1Y>J6nFSJASZ#S%uBTNoKJO&evx~{pzP zB@_*$muEkIxXJ-675%;XFS--4RQ2tNZram7zVa{6xn=CaUmhSIKg3mL{WSh%#_0is z+|~2BY@f=%3=3-i@A&owQ1OoZ%MW9c$9Mh9hYbnTPLI!H!TmK71pD~J=pdP%3HJ9f z*YT&~pG#zWRFZ!W@<(acM>o0M1oGQH*$n`K%WvzjJORG}UL>Fp^!KOy%ec5re97g< zEb=ocxqMrya`=}!@9n6)E8lkOc&CoPf4AI6|8ty*srY4gKi8=i*q^=0?IyVVvo!73 zrzu~ybLAeslifsADtx{Ahs9gFWcgR~>-BCmKmN)d9ekxjI}YhD58%h-xXP@b#vXln zTCzQ`r%iE(WcyV1=&_*oXL(ke?F(oOI*4~C2efzX(Qgv1d3t;X1oziS5bVbjt#vXz z6ZO@ztcu}j=>KA;>f3v{hBmN2dt#dM)->hauXY%i*na|kQMaN(FHXLcJz5pFNz31# zDu4JcXDoJ+Tz=`o6y>l-J@4+Q+?8*8V3kwH-@jYVFM^o;qFXTlAGf|e_3V`W*%Q;0 zpE)jd`;*g@AGNdPo;?eW*ZQ3rpwe_C zkZhmIK1PGuAMK`dWc&gerw;7nsDSpaef(9TH%gDs4`wnx=&z9=*z;XCq`8;Oj|BVi zLz2G@SB|If&AlX`**7=43sAy z{;K?Xckd1{PA(sLdy4k3kDqr~PO_@_q5J7hAO8N`av%NOii-Sk@VNEuGsmXv&ptU# z`B7)2Za*+h`CdC)?%D5P`?&3-WHqpB(aL8A{PWpW0ri!Ae9uiK2u0J-|FDZ3!la_V z$FDCtRo}kNHPZg^m3{o&E#r{>a+lxUc!#-(00+J__VF=n*iEvJM|)X$cAd&TP7Z3n zx0{YnYah8`IB|T}J{pPM2>7SL=Y8zp4d_qV$17Ynq^Xlk&jkDNev-fO*@po7&+t5p z8X}Ni_IkHkaQQ&j!3392O;f(C!}0|DMkRV6|9IN|E%1wca`~lkTSk)0556fyd)UWS z9hSTFwLcr>^x^N{Eq8^&o^hH}(UJcke%VL;#;F$ApFJ>5`CgT&+jmb>z9~)rY0F(V zKzkRkA8un=vKrWxu=*X?$A<&zEBpAon@SLh2GYx;e{Quym{j!l>aXrpeS4~Fr2XS7 z`?$(2tKS* z&rDPP#}3OA@H;Hg1Np~O_VLoVO^M0nBj@>5BDuV0G(|b=~U0qKS9UxJyDFdA~ zqoj*dtlM62E>%gmE8v{GRO?A{|5nmjQT28!Twl}A#QD!kb>lGJoroXD|Nrpv=4y1De3;AC@o3c9nc_G5B7&Q z;0(`XUo*}z!;96}V|jV<_&i)`GX%ro26Mc+v;@DhO3F(&)DPsC;BJwadh!5=Us`^1 z+=I{7na_71zjx=RlwaOQohZLXD=5GN%&q-OL}Ga{Um2c_!{-=?@tTe#R&M#h`z)=a zUyhSlYi~l)EE4jg@Xrza_wN}0sekPV|K2I_zYO>n^L7O1{YVLST|s3>D3t}`kt#)q z($@ms>l&xB6r6l(_@P=#VsAnS|8DIDSZush#kV^+-e21~uHH-gS1 zjMm|OPQrQi%ZEQ(jNfMI4r6X6o1(_tEqGEMe%BoIt-1LJC~|NxsDCl#-lRz?v%kkJU1oT5tj&Yidg5q#FK~HJ z@DckggjEUje{>fRYW5e6K!q%5APX9t+ggoQGY7Yq<-#N6o6ReY=I>cey$~6w@S3e# z3h&^vX#d>^H<$;Q8gRMR_GvSCo7&uy*guFx$5!b;kkRf?X7HE-Y6&|Zl zL>Ka+$l>UG1PL)bFOvPvQZS^g9xuQ~iqs5?xoR+HFKt90U<|HPPzC7C8oC7B`GCa7 zaM?eMCqu}&I*#Prl15+)tTiu_EqntQm{7z%fEC+0Xvynqhd={J5d|>1ip*0;3x82{ z5ui{=JiduY=&No?v_qg*Mr&oyrgcWsK*}WAl<{>Iz`07jp!jJ`!DII&i7G21C*Y;w zJu6C=8*@oo`SLZI^8Mo`-?v^{9?jZEaB_hXD#F@Z9~|SOA|x=5iZ?D1DuP1}6`f0Y ziIlz#Hpd$GKjKR<2qy5x#UL=KPBD#UFZ`_{Fd+khVNLam(s50fb;V1Y+xd3wk_wO& z1a>GRL=XzFlZYk(I8kZ$Cbh$47@g}I+ZF9wNMa>;H3@>(Qwtui@Wb_c-%e}5A7k#T z!jw96531He@QeVGQScrq^^vS5fn?{tA|!(bD3aNqikig<+^V+k+U?imxsti?I7jB> znmv&@zQSE(Zv2asIjz7T35{K{%$0%)*4Mul_5ECZe5yXCcZV_`4HgB(FUFjEeky%V zA}jP6WGxYWCPkr8)aQ=KI<~||*6IYZ?z*`1`h3~Tetkad>=d-kcp;ItUDjvo(C?B} zIPd>cg@1t)Effnego!Hr#><^j;oG;QR^h#0@~iN>XQfc#N1xkC749XlIGPU&C=ws% zJCbCriz;j#=_6U93g7iodKKRF#RL^zc4i7O``zCX#jHaWKD<~|_#pLBpg#WA4JtfB zt8kn@o_Y!5y8=35_5Mw6w<|_ya~K7p$PB|QMzhCeT_99c*GtMthoQoloAK)olyFd-NKYP``sY8EwRLJfM*ll_8~ zB9#SZXj_(X!&YpdH>2Zvn4#?>jQM}YujfZ#oR|2=Xl>|S*3@n^UC&C97YZBk(8P{k&zwY@yN%?$n9sE7_Y zbioA~!;RKshmI;;JmqzJ3A$v3ifG^6b;&U(F+%sF!09p8d-$>uJ=%-eIl{o^bu;^v zN6&7rC|xq;Gy5u3ERT-HuUCxFdH5l955c1y^5`V}XvY~wYgM0?@r6e(E9(Q=gAIe$ zBiJ%Ge_$@&fsk^&nfbLitnxu?=>Fi}k>#@%Y*KGDIhq!}p=EddX)VrebhXB{+L zd?*}UHRFMj@Uex~V;A$C@w_sn4f8o6J=(&Ip`3x9N#6m}peSj-M7M)lu*7D&N#s{D z%0TVvWh3(1@&2=gLh|PKjOap=e)%%czTF)3H7n1()eA}3>!3Hv!(X{by&7@bFBj@^UikRa)O3W3WMIAmo53PRc-7^htvSa068yxsZbtK$;3o7pwoiHZbu;vFW<~Up;t?&Aj&3hs`$a|g z(C+_@YW}Bj!xRiz5nelL&?lox*UU7^k#2`#{C&!L`)V`-%E}%M zCuD@S`EwvwUi!Kb8iVo^U|t56HMSQUO)L0Zw>CnDqY%~sV}Xv7&FER^bd?e6hR4fB z9Nm5xI_|UVL>LD=o%;?500UHblo{?1^;u(vmz$e6n2Wc-RID*GzY=va2d(wyBi2RV zC{uA1IaaAnMHx(mxx{Eay%z@E(;ajUy62#W#KI`cMcLkN*#)|+z`m4n9^Ph8z-QCC zitxYf5%>n2^Xi9{hqmV#b519ph~Y^_>q(fi{T(WdM<=xaO+JVE;?Y1nBIY}Qxt-~D zwiz0$y8RO0Kye$}AlW@gTFQ>W_I`@(yLxP2{KYOV-*b%Xc4t$~`!{WomeAIo^<&sL zj|{E|e`JQ&LQY16KZmIFG_Ly)3dSbo;icxYt91}OJp8t~`D1hO=Mde+#TC&ZHkxKm3-;MMB9qaB zHc@rrFcBsy#O zX&6^}@e-(J8N4{JG>2bAYz9q-Bgx^TJZsZmw}5Pt*%8vS8hwTg6MK*_!TZb0A>!Vy zEtO&)S(^?N^3LA^Wcxwqw4CE3&i>2$k^w+`J}`{<1S|#(D2w<8??9l|Lfbepq(H8R zXGjs=6JSgFfHfZfnl;#4Xld~hD-XlRZt%wDx47|*ITH|42Ih|zkrBw^HRZ7eQYL@m z17u4$l{Z?)^=Nv}XcF%g8CSrI@}nQpUm-?Y`>DBk32<&VZnz(hjMgc+Wlfumrfby? z*l+x(mddZ0i$CsWMl1G#rGr8fO|W_jyxOKZyzzAkmMh+vnQOFO(^LH1c35jOg6sKb zBE@ntNOKf)Yh-WemeI5vWfcIk4dBs88gm*k#HeUxw+h5i&*CYph{VkZ*LnF-iCC%5sknMGH9yAC=;N;|1_Fv@d$p? zxPj5;sOW^u^3wkq^WTR-L4SJ{pyC*SgAn^=JW^nMgTY2c#};N4ji!$QU`6Bsq4KEGkBrdMXm+yEdT7Q;;r|S8`!WlyzZ_M%+6YBaa0&_z86Nt~ z7*+a)5xQ1JxTYJP4*7L?Dd^7k1ynFBg0n6>WkgF|;mJ_Tzmz-H1-Ud9=Si4bfmpY| zYI;;nieP7W^E9(+714%n%=s(=Y)T9@`>6%B%nKpgr6^9LT;&kj!2{Ib=te7sx3TFJ zVZZ~DEE5D@Cv}lJVp@*)ba$HBJq7v;3u^>=0KUbH1N=f4aJ*vBdhL+_z$-n#o7>XD zuH>U4!XX7_8%x~n;1In87R-f~)d1v*ctAV~UI;)=2m+)Uxz0{gu-c)Z{b#r)jBkIc zKi}hLq+3N8Z#E1!4XW7N(FNnKU%at6Iw+<5C9=jplId;Sntt7M?=suL9oFPKjfHGeM#Z;r(_G zr)Ge^UsrMVxnY(7p)%DzRu(_!avs`msS+m6J3uP^kMiDbf*X?YB9j4kL~H z8r+2aJN$xOq3Nm1GDAzcc|{>9A_Wr(Msh0Cis7;`TLsN;L!)iYtjuq-?F-F&sreMWNO%03k77F!j>-xraAC#>#Pq$a983HcPyZhNytm zWmqv9Fy9)027W8CZj_soT>!588UQrL;cv`YMpGD&uLzR{&KtGF4bIaqprfB#zL}`u zpag{$?hp|nguXXiQuB)d7TJuVrd`1BUS#-h#ka>HG=i1jY=prDR?CR((jCyyjvi45 z<}lI_s6gj1D#L?(Yr0%_yWb2uS$zln-pa*W_nxG33we-L zycWkv$?0k&g53?K(~OQ_!~g;!*YxQGAW94XWFBY@L+*4dl=G-szX%Sn!}h;nwtIW z56A;>z%nctMn@Ns=0#0VSA;nvGhDiee;zpqX!5Ov@2Oly0hZcFOoRNRtr-T%@CD6X zsL?u~jjZSYsi4*`3a#j`;^F@Q_)1VO0p7P2yy(&&k5(qZiv-SS0BW?J-K*)nx-(pW z(L4d*Q?*10sE|0APzoD3=8r&0>U_)4usYGIrb2S36HoAo8TuPbOW=0u5=VT34s+;mL{g8!6d*{nh)ej#Hn!Ic3_cFb9eVxx86#_fmH_eMLg z%V@fkO{BL+rSx3%HWR&-BQWcpkt@Co^Zbq4yU<2zCSg=b|jPRu|AdeY#P716PUrw@OgIbKX| z+Lv=huF4Fn1R$sK(chpl{AA&A!yEs1czw?BXW2OR7Ji*n*9(6ys>?RpU*p=|^umS_ znAVOq2W>qqTG*o^tOBp{@T=yaEp9Gj3vwBwO8+r!3jP>#9|oiqoFr9*)tcz3(LIsb zkDFi|x3AK+T8Fe;{1eO&Fv2Qq1$Z1*r!6bMfJK0j9-aP@)Ank+fJO@Pu>enK?Kbc; zn!Wq+D#&0|f$$U-m(b)_gc)4@>s~Hnz!yZ;-E^a9IwrFXhy|5EI&f;B6bNP*0*evtYXDbyw0{o{Myi>mON_Z^ zA;_06{{xJ)4sf@c^m6_LG0MbFM0 z1+eE|2@x&lMyT+~IVZLp+tWmvL^5jPRgq?S^nIFRWkh6!xJf2!q(m*X7#YvSTaRb* zkvKd-a%8SmZ}=V$?nLYMfGjx+&`s(*;?G9c-HaR$?@h0Qa8#JQES%kND z73F%munprdhdBnC_3Th*5Kprps#LE6D}q7jgE5E~{4A9AX882HNZ)?<1L1Y`2bkeq z=vZnHI~%R&xIDbFJp2kp`74ZN@5Lz-2)#lh*dm|wX(Yf!_i~1zOQE$=il%L-75kGf z&=LwDG_m#&!AKx1U-kr3CMf2)s+MoI%~>%DnVMwkdh)GS?_q#vIk^A+v;D^ z9yz=t_SCZO1@;YCRfY>Tn#SPEvTlc%;q~??S!tdpajN}1LVWA--6c3HQ6GcV$DQiq zX7$luee_iyebmR^|3YkY1bRrycWnoph(D_t&tYcEKahQ>4;Qo%K|4F4O!ZF55^hMD zCOapdV@s%I87(|kV4R&3dcKuIE0|{u*jqVBv?r_e1|GDb=~#1*n2y~!WToB)RfSYt zwYC^KshDFO{d<^;k7=IDpuSs=R_e=vF^qT`cR$MOcT!q#H4@zogj0}VJHZB~!L$)u zw_6wPCZzn~Q&7h81?dU#?$1r1ANr=C&lA7zBz^Y2+fSc&k4izGM}McZ38WDsbwr;L zc|xD}KS@oWmz4ZeQGUGrj@7a+5V;v{*+d*_mVPj+A7-I&dsRrsV9b^*^}7pn*Rr0o8dI|y@vNtWz2?eX<@i#^6hyj>if-VnQq#?Dj{Lvtub_p7_q4ptFH zNCdiwy>4y$7$_bHnUKIgf&V?}=;P+&FxrhkdKmv0^A3jbrD!*p5xhh;ayH~qUeh_) z41XBgby?QFaJEY-qNik)WA*Nwis*^Rkgl2eZ`K02vJXGfVU+|;SfiC$HS zck;pTA;hnUmSt)H^r-9yoGgpoEIaE?XM9n*#+W;jfI&UMnXw?mplxROO>^@`bMZDT z+HEs4zY!DW&LII$9tO>~#;;ZaS-}3wOn41^%6net(xxdj3ZDQxM?!=9Ec7H4BO%K; z30fYK4FL!R!81IizpKAfBverftUnvXx)QO*OvuKEv-+A*OfkY|=d@%Yo9%WH&F(YA zp$|MY(E)u#Ea(_MzAaEJ8kC#9>MjwBz9JS#l)d86E&Oh50fDNfbinL5(y{J$N;;~E zF^GzUN9k{?@chM6xR`J&msY&ZjeFt)qse0eAIjt_uOsU!PDDgmEQ2~s>h zU}`a-$(+{*#8hT(5P-5`Fi zA0W+;6sW-dVQJnRAdEu@*~n*TTE%BmxGPksnerjG&k!Fd+KCuX-MAqIH;cCjE>x^-dz zNvG*#-f}h5AjeF6XK2ZPl!U-Qq0enFGcS-W3>4P<%CQ~+fx`Var41DFDH%h1hyi%( zJqQTioaAY~5{U$T`7fc1qo=h|66Bm+$!k#QD@3jlB{s4)WsD(Xi~f<%9}Dykm|<^s zc9HeLwM1Tgb{UE!uAw!BL|!Sb1L`79MApW~axS`OVfz|3Dd70<`Z^5=W-uuR!%#_6 zS4KN%wF{`MhKb7}f*@?ek3Z=ju$Rs>+F^n9w~ZjpcbYT_^bkBkUsU}j1urF0e@v><+X214jy5~zw)NC=?(FDn#VGdamZnc!7Ml%TU-zF1Mwnd&>? zhLuBrPghni0p3@MXXp!{ISE}M9yYChvToqxACRG40wt?8^CYyD{IN{`Wi?v!xyU;B z8bwEdhekRmk{%c#D}S~;s}KWcSTk2DmzKb+VqyjsVc})GK%-gINN9mR_~>N633g~{ z>+_a!U*7tj)f0^TJu481MwB!czh_ZS~VYvSO!F88v)bg z(Y}Z5Uj;4$^8Lfg6bt1bVP;Mw_l=vO{VVGSu?6shkIEgoic;aIgU&QS-Wn0p_Xl*F(?Gn_3HAqwypV z8?p^XWiPA|T|CK3&_#>~zstcO?phZ?HO8e6xy%+m0|RhVWJM>x8fc%(Acp1=YvFo; zHO*s40zV#6@`uq}eR~+YOwEXo9{`{OeY1{>D1rbJh*fIc+J9L(-OA9*Xo5~Haff2j z@BkgHRjc0yIwc-DiSbf^d~N(b0iT9+^40M3%GW+Z;I7Kon{WLn`8sx@$k)IA^)t!W zu>`A2@-_0i1b(EDum4=%dHH%}NjmvjBqIyqX;6dYYx0|^<%_#Jf0Vtp_IL-EFJMS9 zSVh|IylI9$`6af!?^(A$T}UH)cWv)N6@|pv-ZIKAEC?4J!qib}CPNNukI#0e?F>58U`#3V%q6NO7z4rK`X?fP|ZzXCPCL|$K2vsrfd#%DjZOPzOns4)iDGok1*#H|hkhr5 z!9z=PFzv#r#j+M=nt+n;d5SjH)jPg#H+pG|JbM@&QMg5|FMh86J>ZV{eGxmBsUd*R zvxe`kf~f*>0jvnC)yAyC_O+xm$SP)7=jcwW6S7jwz?$Y*k-X+MXAlBtuVvm_y~Ja3)VM2^Tp ztfcE4>?Dr_)Z|cy_4PLDz4f{J2(5-`+kpv}Yue;XoIQ9#*@KgEK!n*}tPxr~s#cU> z4_4r}aaNnLo3jq47J-*FK7|4-!U=7$SA^5R2(ZS9($a6R6v)MWe)%`QfVMSUSbc(> zN3(jFVc6(s_UJZ0d0|H~tTFA}11yefo?4^U*?hF8x^`<(>e`3hg2B=w&NhRp`1KLG zpw+kT`kYqAS+C~Z1`ONsRhsw>WBzg6G7ue!b|#d156CxmPedwlU>n;=|3iz0RYNfe za8zyRm8vAad31w^s4(d`YRzMKew{L4z4Z(jLumuHL7IsH6H@^Ccm`~Lc0mKyCK~`8 zM5Y(k1lX`)ILVTVC|}M|M7fVv(MJ>~Tdd5OG50KfuI#Gjr|BvU(0u@_^B`Q&bId?P6U~5QGic^u3D{9=8BFxS z0!0TV`iI6eP|Rx!&pbGnp(&r%sjTAv5#4ZUmFOkL`mnf|- z>dGR_PUpu-=UinLr;qNjPL@4kfTAXo_XttqZT69ZN0QBMpv@MN!g|0;;$i{25yo`z zIvf+RkD*zOm?d&o!6ss&bXx2sWY*K^`7ESP?_lWQ?2{1P_H?@Gb-zxF$(*@8wfG+1 zMDeYMaH-@QJh0s)#$FNX4k0fIb<1_6s;2(=QiWNOX!fc79U&V}vWSq$Y8?&dzO$6! zgqF){onsc*6p>u5eGuJaq_P;&U8MYqBdXR-Jy@h8K#-!ta7EGA3s*onPunkZ!j;#= zv_Q)%AU4D+K-+(_Ej78?uT$C{6JEI_gCavivE-qb!m#E1Lh56>`lweQeO^V-ffZmc=F0dP`&tjC%4{e!H2R>b3G+!a+vZLCKZ??DF=ccM6aDfEaP~^dN>u7c6 z-UrvofXm(!J%zShVa&fz2y$WF>HO6kqY8Eeu?&!tFu;)H0se&(Q}$D7d+M3c)8~~* zpx(uvaNQn2y|Vs9a?3PlLyhw?rtO;uCX_J8>Pae<$k2YyUV!9{y`S_mwH|&OM24hR zVqxw=9#Q6(;~f29sgKcw5)w@wmnQ?b4Ju@>5RaLK=)-9V+0M(fR%7dw{Rj$WjM(o( zTN;e!Fe|5|FqOm4!gaq%qDzRwjz&+`);6facNmBhkU0Isc{sYqxI4NqZe?i8DLCbY zF+y8Tsvl08mSBH+XtC%4wlRY?-x%1#46jFW)9J$)# z8-qUUOS{$;BE!(X{YcUeNqBZqpumCp! zB%Fsa=Eyx0iTh9JRSDPp)1azR^Ld_4pDWWAkQ*mIMxWX;w(t})vX86^;w~<1K*7F~ zuZ;P1WM}j&1RuyhC=TH)2%9Rr1n$Qww3k zva(Y#*%V(0KAYjJLa9zasH($T6Jkg~zIC_L%0E4YtMo!yWL#A!+d^33upvL(>*K|- zTc7mDv9wlJ>sKl;Lr=2q7I#n7C09!jiz6bkvW06uMiidXGW=9}1ZT4f0~oyknPaV( zMpurGVsBA)P3Ud&ZgByHAnHc3Rdw{s62KyJ$&O$j*p42{{uNk_9!`w!VLC~L9@JK! zy`+bPkVH=0Fb(ym28l=dNj&m*#3N2LP8jV&X{x{yOmX4@l5T&kL0_5~;Jff+Pe+l*?+=0Eg z(wNUV3O(kjFvQAjmY88Zes_#db|`y53i=e6KVezKoH%N0EnNk;kGb(u%-Ru*{f0s)sNT$DHB7Lt8F1n%i`$hX+3t;hZzjOiA2QSVC#gcj?u7cj*~( z>$zv1_vw9xKDl3A1>cx`LC=wHr6X*TgI9|0utqrV{e^G##UY)oBsD4lHM^dAj$1l7 z2S#(%Cv4L#vV~R>NFTslBIY!XCQ_XiArV#?Cs>hCtB8~%eZJc$ zEMm;1mdKZvKxCf!z`#YX6&F&fGU)(#-7D ztCt7P@s!lirjETzY^p!Czl5p%rouL%PF%|9nJd-YPKsbnVNw?g$8okOntO>02u&1N z49hO5VP@BlO$W$pQv?v1Y&wz}#(u?j?MrB;0noD=ph|DDIZy*6MF0rqT?6#IP%%0V zIU?R5z->X?sihJ`_;NYZtLRiI2a~_i-hdav9?d=KIf@lxV2RQtL3ECtTC8#jeOtYp z{!m>)D-u|xB}^4l!fI-fS>M1A1Ec32+|%KskWc37;#$Xpd_PQbU8{IUN72|69!)2R zl1Au`5nL0X#nAqiyPK#{u(5yb;rR19@=W}>EU<9U78w-DIy&_t_M^0$O&zNygO|#F zspK5?-n24a4*R!*S2{*0hVv&TOakZ)K~aR}^gz#Ka|ex}tKtOOoda%crP+_SIwpDn zp&h^+v-7SImDCeDK-A=!o#vG@TX36X1ung=KnihGbTm#Qy)tX}Q8 z+^nN4R5bh69EU#B-NR>y`qT;cn#*C&Wer+y+=mQ^C?Z9V~ZU?%4|-T9M?G*y`)Gy%2Ik z1P~B98Td_;6hMj-egpPAU3=4G!l5SRCt)2v(!a%<;kTuK7l_x@r_*ph&$(kDt#H;+ z-Go7!)nh0J6)MO9kJax!AGZrsZ5h=OM;+5y=eHq_ z3dIlR#(NH}XtU5zjU_lY>9L4tH2ajYq?vd4W%PRp`bGFzcd10#&me6iQQ|a-@swVB zQ&*0lP)j$QeSFez{Wu)r_Bfh3n@VAaI!U%q7b&uVXR?Kqkbte=qk`56g{_01#dsAM z&&v2fCJkHPmyd7MN8|~_q*D<|CC(qBBMQG#@o1DjYW5ckD0JaR)y7!Fqb*tppOEK^ z&Co}`L~igu*uIi!%*|jMfU-ym89&~lm!jMSgT-&_T_(Voni<-9;jA-4TdV4S#maX` zLvBz2W{meZVcpaEM~sBigU?<{n3jaLPN;hwt?R^usfJmFBICn8!Mx({p{=#E4hwC) zqVA9QR=<%XW-ZLjD?;C7wutqi2f#>H4C|q>yF**28qJ5p<@)MY^5UE|`gm&@E)91# z`Z^mtidcv2I58|mBk&AZIq8c-Hq?Fe;E0}@qr*sX@%YtC7)Kb*t0g{H-5^BO!3-9$nF4Tv znR8i*QO%h$GB!HU4s&E*F!P6d{lN@cWLOJ6N)1Gr2I5Ux5l~EeBoN$ui{OB{T+)vNDJfir+jGO^L3TNP zK{WS`3@5ho+#c-`Vvhpr-V1z&u$WjP;L%5{WgVoLgZtNq;B8`eP;48h`jwu4xox5{ z`3*D8AzK(e+mPWqSQz`{{D6fq9il4guoKR;>@(y5Zg$%a?XF2A zjsZ_AB<4irW^_kMgc0$tib+o*4f{{@1s-Y}kS6Zc5?Jd^QPrMQG+wBrqLy7keU)s* z7GnmCC8g-_GBeEBAv^Y%e>$5@z4-oqIFTmobq}mP#C8jY^v z^C#M0?E{cI@>fx36&T0As{i}FkQnBej#DkH$Ga9P7ue5@)PQsmAQc+n`=8`HRp{Lv z@#b6H$r5pgp)GqEO~Yt{(1Iu%tt~uPh8y9U$Iw_t%yKNJL(0Y$p2uOT)p;|V#WGP1 zS#W*2%(r<6>g;XIx?M~!HfH@Gc5XZc_UXb#Hgys=(d<1J`uQoQw=a&*P`c1ry!}Ue zvHuq+JGUqM2kg?LyLpJNOE`A!GIC6lRKd6_afyR*j@V+r$Qw{8=0Px)tnkB#JXVHv zB^F{+!MLA>aToCdE{w}&lfv-9RCM8irjII8sUAJ=N3_m2GL1t`VFh8j#)zPHx+| zD%+x{^TL)C)S3TVQYQr~xE;qDv`#GK{_>$ko&mR(_#EqwPozSos(0rDu$`~MJSVId zMBV+)5n86;{mytb+#(<>={EL+Oy-8Ju8sSfzbg6^g9crrqGIWgN#{E9En4& z+^Rr(i+Y$<;=0EE0GrzhA7!%Gt&+_ezC1eiz~VSOL3;_U%7w8hQc=tZzVm2+PSFuEaU1 z1S6uhLppnW#3NGS&||)JIIdh zqWi39wB*JSYwQfVhs|`*-NlD)v4d_|YIKiB9I?PU`@JA^PYifU(P;V)EQGxYe?nWa zdi0Te!9v+P@&)0@8!TUsKd|nOaCXm663#t-9VDDhvOo%!R*{L7J3*S<-Di+AOuSfY zL=uiCV_>J$nKcX$Ckam0eWRR(c#6-n~dgv=Ah>C;YBRPXR&J8B`i3{lX{ z<#^}S?DjX0d*umZ?#nQvxS=sR;P~0P!k_URy9Bx!O(A?Eu@!e1EEXeFwKl(xflez@vRDl^Gw(mC>!k~rWuXWsSaRBA;cT7KWM5g9mo&2fLa+= zFHkjhGeOW>R#1{xh7wMVtS>P|u&03i*l2HazXvO}z?`GBxApP{l#a#I=h>CKmO)`F zYg)70Kb(1ZiP5|P)TxMOe`1co)g16Yf8lR=E!Iff4YoV3+Y?d>iJOs{!8~Tzt&o;`jgm`!H+mwcho< z&;5Dc=e-q?w22#0P|ne^>fc5I9#wECA>jZVJc|s)!F~g%0A>Tg%_LXma)hpkrEHdu zmf%DF!lrVx(JSY9;Y}4tsHHe?hL!D|coj`0C}~k!_`rBVng`WUJH6YD{+l3RIo61xkVcPw!yWf5}J_tlDCo->5|scTIAq_r8syGD5CatOt;sDQ5lg zHOMJ9JnVuwnz%qmbSkqFsm!kLqu4)DOiSzaAfyH(St++iIs>LwVfeLo*|!E<5)EgL zT6ME=gHvwqIr$E&zJ?E--cNm|LB1LVDoc#Ds2@O}o!$>X3vH+AlND3F3h7SK~Ob#tkiX+>FAH+2|`Ho8TVQ9&*}M;RgdMi#OTixG|<(wO!)uwoXS&cTcvpYd8iOY zZvIpk=?9|JWBXZQkbQ|y>1=`F;dcSUU>63?B66(@*vH-vJB2l96{RDp(}yU%7fKuU z#dV`8TyJ~-^cRICr+gy~TlMT~3QHW^)VB6(+~bX^Nr3E91KE`nuTyGU1>^d^OID=! zX&W`zeF^pqJ_A4;!b+2m&F=t?sd%f2{H_q!dMOjRl`J;KD|VZ1i#sj_*rs`LKZ_1@ zizZJKUOata>joUvBjE3S{i1iR`dZ@T^gb}9p~T?@Ju64mwo1Wz`UJcjp42bVC&o)gG*|E>!8*4|Hit$`YgmzBe7Ten?%_ExL@2o3R?|LB*8kX`j* z4_Y`6U$7@}vgzI)6z>yI>sg=VnvQ>DDa?K`oS7}?STFmMk;`;x)41A-`pCb9cwla&CK=+ zbMn<^^gg9_d~jg5p3$YcyMV{A=zsyf888&dJN<3~ zzEdr?Bi!qTJ9be0c+aWJx9Kiq%imLvgoxH|CwaaV0J!FqOq3`4HKb6@Apa>9*&RT9IN^=mRLSC!Z&b^MTy>v^xFd4xv`KX z-jvl|bMkFz{d{z1pU!88)sBxZwBv7MGf=GI<`ED5`r%=$rMoq4%l>k=k2USET)FFN z)vxKoPo~RQEs17BOx>5siJP?5>WbNPxGFgmjbVMX^)%PCV zP}M4dW43_M&|yzmp9e|^cyTPR*6=WRp8gk6Tl2t$+CycIVZl8T-$M{2K#UK}Z(SQ? zfDt%Cgt`TBS^@shZ89cyTg4mhHcffJE$}b{yoKs5gbeHkioDk@rTAmM!4A1|)x$1# z(#oY#)944|FL8w+4u}quqh7>74e>z20+|7l70gN_>j~pog3nPbBD_t$Nj(KQedg5} z=D~#Ug{Y%&<(F&Qem=u|P8~JV80&dJR@?NfHFGlM!%xv-YEN>S@HW_bP-M{^(XGpH z3nWps+^ca6iVjMNg-ADtm@{tg4~0(AyM5R_O%5I7|W@*?+X#MmA< z>g9(tB@9H#UiBbqm8K_xk%kcC2oM^+f_obMicR(b$jYM=p z7yg$D3H{LqM39Df(Ue5gQKz+=nAVtcR^Ce^B{99fOtirm(=s9_uML3cfj|`+smMT8 z&xxS50-se^?Cinv@)qUgts!h`zF!k?Fu0^|B0xlXT+~L~olwK)E>6ea&s(F<}&|abYISt#R!=Iy;!K#&J={(u*`)pYO$DZ z^o_F+>NJ66AZqXkc2lkTuOz$dRw}93FzXk$H9?F69;R(ZVa;4A#=+Z=0uzaoGujx3 z?NNq_i}@^#P&TaI`CGt9z|4uk3mOR#MagXJ%t-V{@0v(T<(REZ{t8svv*SUNrS5qk zU?b!^+6dVS8_J(9_fc@=?ajyk@r$=PBYpSWvM#Z_#{W;f(BZ z&~s9;4d2eBEA%JB)9p-}LchrQ z5A4H`fHbhu$D*+TIS9_5cLvU;Qv{sA+I%rGA4)dBH!{s4^sen2X<%}VjJ$QN_#$$0 z7mUnQxL78XFy6ysj0~?wuwhSD-K|Gv8(H-SxwWif`0m>SgR(lu2#L1`$sSHnR%Hb5 z2u!qN6FW9C?++JQm08o;YQdIdL|JXb_UK`H9M8A|C$#yaG+AXZMbkkJMby%hDJ#LD zJguRwGtpQlyGyW{sUgdU1~ep_k_n9#4S^`t2)hu%(HuIVs|*zE&bcBY8bc8|NuYqT zn5}Be*I;p>}$*R^t7O~ zz`bOt*5`IbS{@xrX|d{$F;g5piPnKz6m;h`*D5HAF%H^ zmYfHT5jH-ZUtxa0N5QDGPP{2l-GV`Gl>Q4Leb9f2w46ge!M+9fL@-2q*b7ltZvsp3 zb}n0qHAm)@Timh|4O*@|H+!J=B)z6#_VJuecWK~2 z9W6md#6V(^ESI{j;FGFgk1IVq*e6GRYk5iXph5@{ga-eWVdcdoSb6cr3_ybjLWvT^~Vga$8p>*DqNPQbn> z*~H^!ozQvj?f~q=cLw$ggMT;J;T?nBCX!Ic2i*HJl9={_iaGDNN+N2Gpdzry@0#P% z7x~rcbc7Ll+9B7SON<63krWz~geedz2`zi_EpftWNyb;3{vY)UXQ3hK6;2M*D!W#5 zv8ZJ`y~2r4?useydjgmO7c2|A0;U+ZyAX{w-{wW5R(+EwK+xO<_diQhgqxCKQpyQ+ zT)P8_`taDDD8d!Ti$v)#++8t5Mse61qv=K!RGKO*Ez&A3Z^2-B>#Bl;;hNRE5=HMz z9dmnp+E1d#hhB>G_!?`2{!yanudqgB=TY>n#bk<}4d?pCokr0ckIRUnA6xCxwvv%! zdK7*0K+;xvd=g5#Y}=(Mx)x2zVG+UTxk0ErJ-?h(cS1*)*4vGqv(UN;oK1gIz6Lks z>wvn^=P>>f_4-x%S83`sXtGu>^jy7p5|roZlE~0lxtUKry> zrVU@MCw7Ie&mAXxP3y^Dwh@ZZ#*pnJZ>$Fmu(-)R=X`nz>lVk|R(&?e+RZ!ThDdoo^;{2@I#p zh|(UtO8|XzY+L5Wxg}&9<_^W&!Q@}$)oeqA+~3|LbG>|oL9fKpmeN)l?oSpFPWyctr9H-yGZAF1_>3z)szD!w1HUOI9?|67{Z_SIeM?d zc>HXvWj||LZ~DMk%f429E)PtlqHkb7O5&VKRyq*^^yGbR#}GyogVa7)?K$t{eWoYo z>%{gFnQFz2ZLJN~sdBwutQmuomy-;!W(-LlX~a_d5^PYKsK!hubW%oRznaaHOKsPvnq4+=p#bE0^#Ruy;{==J@~q|8^#iYLej-$ z^b=7Nj@*fl4IKlqUW0=S^or+*)cy8|I2g2!oR`MnKErq+dxFsOHcBbCyXz*vP9LBp zQQqQH+H|+;jE%HO!MYU`%$;#;10RFO&Ixl*u*kBmkA=ULR=quT&f>d_fRPc z>5iZtNLaZTY9aNRoGJO4BVZ+%phbO<%4Jdf937Hn1fLA{H2`Uj@#8yOB><)6J+s^Q zG5OEzc7quOpnO^jOJzmoeDRr?nQqE1Psg*S9n1H;`H&;;#*owEi?%x*_7geA*;ZEs z{UaL4Qr|tiD>nUah1#Y+N;L=SkBAsyTcaVPF}=O6);!)hQ`Bh84kRByeI}U`Bg!aL znoPn1cK{!{01~quhvwE1p`;0f9v~GVy z=QNh%iqgNyECe01yD@w_v3uh`cZFP69;L}8N7eb{${4(HM>Az7@#B+yX^fHoUY_P} zE~HWL^WTT=#3*b!Qj7w=fyaN{?G~r*ATirdcbsvA)_r*k5@reI%m|yekECWeGC%47 zQ(m5+ym+mHB&VzAx>D?IR^mIZ=a;1!I>Bk8>$n^Y7Nv)rk_<=HQj5n#6UDnB=c!_k zO#5FWVGLm`>QgL08v zz?fsmCgE^}Wc}NWUUv(QUgIRt2xJmOQq z>eZz#Ru>Yh^i;}S{dOYA{WMm;CzVonsK#YGsT3!4jDg7bTR+hNXQ1}j8AP`qCUibh zR0|92+c*03ztH%xu!za1f-!EM*+-kT9Qg%_lo&F!wA*I|us@U&d|L)eeg zBhuh4q|=3~PK_HuOLYKU<1G6&d5K35Z97sAEka77s zU{<7dm=&U!+#qpF3npGhFby#|jB^pwgV)`f6_LIPC^{&8^EZgp*~}AH^RGn|C8_37mH6*l^o!EY{ObjK`?kEn; zDX%<=y!5h55i#yU5d@@~BDWqyib$SEGCn(?2&oEr%2A{4gFL;qzKvWSJJO{5T&qov zamQp|7`vz%tiwr8=f}>F-w>a7m~bZUT5uP_-WKT7WeEFRZ0bj0N2KQJKE!}<$RvNi z>Tc?ghf(!_ws1K&?5GN!Eo)SzoBE8F4U8XO`8z7DNrN|{BCK?dRJu67Ml8iZnVX_Rb&;oowI9-N zkzD}c^fXkyJ<7bLL!%7H#KM5_lzL3ZC;1s>gWH%G>d&LzbdavRz0Z@iERNPRENnSA zZIF3UHMiQ!V^?)&*LN6T5snO?0;K4AC<*gMmVws~} zSmLi0Y74}z*u1xGr=MLuE^d%>t9Yc56m~0^@SHuD%$LcUe5km zDbB32oI_B+iX9=s(_}Yo=)m5yZ6|u+?B(IR!BKTT|KG52#cQqEujqw%n6X(^%nk*} zdWSyQYMY#F)rTwp?A9iRgJWTvDoCViPWIRPq}%cDQyUu2$v=u-qfl!XrSQDP0iO%Q zFC8MC-f=2m$A0TD;XI7hiyfP=AE)79gC&N`*wzr&a#?Ofd&q`$h^=1r=5)jD-rF>> zE7uAi)oC?O7KyLGSr{oCI)r>dN@aZaVkKcg=T#6)&0!}`FT@+LW&naeHrEUNA=Tlp z!iwC>K>P-T6+-;B^xs3%-{$(xD7&^%wu`f7n|HUSuOJOkW$E*zW@>l4^%cAL70cmr ze`{f{t~EbjRFxu9MH)&FOVXo4dpr)Slm1HaM2DN(c}wD>5c`H>Ct~iIS-i6HK$b5@ zb>P(yWWI*ykA-QkK&yl#h65GtR*(Z_(%vJV>%C`H2-LiKa5I(wWY)8@0_w9%L8^}f zq!N-{YNxG--9}K;_6H|=r9`L<@;X^>u`Y;Ex+(xgwP0g*`bD-S_5|yo6oZC)*8F@y z6}rms!pmaw@gm#q4}_Q5Ti4l5%{aPzg`K_1j>9~$d#2d??|E?@*vcvr>)&heuHVlI+zz-sfJa0``n0rku*5vP|f z0gaMD8fDODtCpv7$`f|<;U6@Mwq<+;GbKfN{i$c;S)PL{&+-Ow8(^&jJ^kUbXU`2r zPH+TSY7rK&uv(Y_S&OZA*20(ES>>t&7%*A&KO5vr*&T@EOeSCrG_l`37WM^!!h9tG z3Q-1dK&_-K zxHWCu|BTy)goo0GgokWnytLtmhv{vc1|d+^Op%HleR<%|5RQ#VY`C_D*Z=SGapyU0 zc#2*Rjp6P_0dLdaTNFu0k;@)`04)g@gBs*0dgMP1_&Oa2KiC zV_9@mcIq8I<$XzZYQ=EpwENL!4{MsrLz07WEs!ap|702jMbW#w2X}zZE*ainm*PA5 zF%myU=cJJAhu93-Tuq;=@P6FT0LweW6AR^56GC7J@7 zrkM66G~F_(3OS>ytE`1LmP8wFEL}FV1njtRB<@Eq8#)r|w#ABdga+76pF@?OHmW@F z0H|^=95*V4Tn1t#+Y(mSJWsA0rIHQ!UD5)fDxPg}2hsV+X1F zgJp6!y6i&vRhF~2WF#4+IOj#{cE?UKHi}}U@sJU6O`Hd;u7fi-v$hjAU`9Jmk3=^5 zQGUvsOQD%1kdiEslEoqiBb*M9D2e1fSm^Mcm<`)IUs1!%W^ zpd~StkHoZ(I1tz$D_Jz#Xy(cYOMmF)db{c8lcfiI;5yF_WUm{rJ_S{JS`VH$r-D_L zjJ*GZ+6_2H2G~b--rxW)1g(t9pvPPEJnvh=T?a=Isy64FQ=v(g~;vB7h|cs|U&C_;_M;?W@V5(&)pVi7&5&eVx)}C-$`~fedbs zo4i_L1G7Ck1Y{P$_pIu*mbR*!1S#{@IPTPo0tX=0jGz@BV#>=CBfN4LI$dljbL-kr znB`|qXu~7gU6>)Y^pV}CIuo6V-clS^fl6sVT!T(6k}9D-bMZWRFw7s$QD3j=1<8jU zMAqN6gZg|an!h_)3vYVE3J@}lg=+`b8NuJJEGYPr_5Wq+t_c1=Ey{yFhg4Uco!svi znsCi?pJ-k7B9XPGCx4KEXEPG+Sz-Tpvluqb$X_cG!qE!i+xZ(iI4v_j(z0qn3!UimmGNUlfBxRsgZAodNz!hzk z7Uwsj5JNRK!8HeSaZT0|+eDjwaR!BT!WQzo8YaLJQgFJroM z1bu`{8y?z`{O4rKKdSUSg7{6qK}wR+kKmfz8W@b`Wy3~fCpY}S7T6s^h0>1_eKLebRj{GP<3f00 z93dC#bj~w`r*6Od!O$BKQ#n#_lez>NL*O@T1iBGO*;lgrwG7!=Yu^FdOho ztYss$ESr(0zW%-e+XoXhtiT+#ooDU+ajY$FDE` z74!)RoU)Xv*%f}>)=BskCi$dF5{J;*Fbz_Ge zGfT)|RJKcyQ&G&Ab@Lp_*RaYCIgZ1sI`O>3kYTEz21fL&~^}aTN=|mDk`p!s#$r zd^iM8FP&4vChrQ9zUe4TijqmJQ0Ag=_yU?G7OWUb(?q_(8k;1Hk#v5-=rei6H^f*w zdR+&ZdGH=&W=2)Upr;;Vcuv46n2Y2(5#w7<=*9b87jY@=Gdh=a%VrJWtlj90k-?LN zfNuM=jZ#JXK%!nwm@B6nW{V}jOq|CP(!~@;odca!-&afWFQqU4)t8U;23BxCgy9&nXl-O> z45yWvb*nr(?_2@^XJaE@hCyJA8{zB^u#09WQB1bMPPJNf{iNJP>b%~Bo}8%0?wD3x zHeQuDxksGwc-DwS?OZY@j@hiM*eJK73R|-qG3JSOO8^At`W^?}<&?#va3x5mvRf^4 zDP1p+;53)lcgcdZN1AwCBwSzqeqQwB7i zf@#`6GmLLE`%%o(A(uJIM*U(#F1GrE6#n=G+TRN zcpa|iv7s=jUhVQ+ADL)^onoXaWY868MTr)C3NjOk0i1s|;}Z%Ml9jW_zr<-UR#r*k zkFa6qV;Sud9$+>U6VgxPGTN?@UgwhO`7=DhqG!sBi`?u0(S+m$-WOG~&W z(ILb5g}?3u*Hd;AT(Kq(Qs?d*f-v65n(fQlV_5-NvngwW$7|}zQz1z&`jVs#jW16! zzhNzbj%_U9cxZ&$LqG%JyqF>UQSob{%sCpwg}o zAIky+Cb0Q3*w4J|EY&4X^D|6{g?kPZ+IDbyDrsz%Uu+vsjll8?Jcoo;roH^weJO2B zm*j!gCb;kw(jdo{@MD$v5mr?ty4i>p4bZKCq!Kp;`V}$>G)w3;$H)|X5gG^UDoI@r zvU1b7I!4BKM9$o88C@Rv=M74gKvYT9hD5bXNx3EJ%%LFnoOE&r#?wLXRhr%xYI@HX zZ02eHg5Io!f}v?l#$q@&Sm?b@TBnu9n+@higg=A;khuc&dZ`8oBp(jSf)h|^9ePocp|)<NBFf=wn>2|~=3*4-Sq&lyR3z}pD%YL}9xOVsixI59;y;mf<| ze;uodZG_m216I&~{0SA@@<%8d4nXR&+13B$(VSyYG?Dwp&s6`aBcbx;{Vqi@nKEVL z9fUde$fIcmB-Y_%9VllQ1}h>4E00y8On>=|>Y2AqSD%-9LFE&~F*~(aB@~s|MxhfF zhXxUpDZ>ynCuX5D8yfbNc#46zq)nL;2mx9J`BF{Lj4e&rFh8YmW2+}M+MMS@2Xz)G z!c9_9IUb0*N!Esri^+IyhioT~ed|j!R=lOMH|i`W;!tv)C8GP zkzgz+37gQZtORB9)HUCK?{0%tiJ4dkTb7+#m<<>XCk%yJe&EoGQZw6mn7kh3ldtT= z%>{Prayx!=fwl1F;%FUWZ(6`u^PX1ynYdxKNgFq6-btW4N7sx^Bsqa`wA4NkC`PL+ znGr|gVMO0IjfgAqVh*7Llg)ufYN( zddI#XDL<$@)cZi&Jc%GK1KaWG;rLXfDhjE>+&Y)0AZHhkoI_cWkTbH`BWG0?kAg+1 zdm$KQKpw;*fUHXW<3!MbU5S8i;B6Xy6E0~l79wsx8r)*dt(AMB@gi0oLDdCI@T(Vb z0{0>RiO~1|1$>Fz&v^j?IT}_fA`10Ny`p*ml+-i>M|%6`WauisfbfD}jKxM2*zs=p zt=OFwPnSgt(F#Pn6_ZME0m_BsB5#W1##2u9$Y3;hhi)*vy)kGH#2p9V!OKE^T%bQ5 zPIDw~T-ZxEoX~euwc)T~+ar9PqdsafI!^kBg#<)e<=-fA*b!_xVQ}Rot$l0iV+1*U zeytN~s5ka$@N_>mRb(Z=X5i_N^5Yk+P0f^9}XfXBAEVVlAg}V57pw6@51KfP$4KOc{ z0)#*Vf6!DIb|pJ&(p6A_`ESgJjCNmu3r2xE+Oeh%cIy)KCnlYg7=SKe2Ux%k@qyT2 zePI4&#hb?Wu%4~V-wk)yzXJ;tLHdyO#+K$S;ZIbxYd_QAOXJT3;J6VK7>Do*;N}6` zNF3VDR0I3;Ik8RINJ2p6SR%GGyhM#Fh5$eBSD9YlVd?deG0=++`G7YkOErRnfvOH< zRWJKh$z57~*3?$=ysiI(ro%72X3eY>nXn^uAdX&T=s6m&RPWvlTPkKC(g8OrwOb3= zE1ffjDiDDJp3qy_12C40V2!0TR1i?tV?si#g=a+?IDH1f*rtF(0I>d=B~G&;c1R^0 zsEr+jJP-NhEcMitx>E>y4%o#?VL~wSCLnM*RWm~cyyjKQaS*is8kdzppQo6+ZgbvG z4H`_?`5@4A?(Z63xpj5i&W~-IJbBO}QUf7b11^lOX7RdQ$5XhK`?_SAH@Sd8+Z zx&s}NFlua=TtE<_bGZ$}aP%ZnTeqRD!8O*DvvC!up)qon@D|Jq$*bFg3zDp9kKrxT zDd35?9MNOZ=z*p`N)8C;hwR_tMjKZBx1a+9>>2bxBMHao!yOQv*nf9! zU`emo+vsTZ$s19;>gK=Lux2LB$i&DKSX$x{ooWEMi)2EY9flknZUog8Pk-2-Oevx0Jx9v`Ek3?~no*05^)quzKr{f z6&^DVdvQuqTTfUCDhb9fkN-22ZZ%FzWDA0t6M8w<#ABct^a@Ug#l^elsiR-nA_@*~ z=EmX}@0~!gC_>1T$o=%2rx0J1<)FJalH0~Jb|`PKkLUHz4R*1Fn9HL!z>H$*anxK( zd0iGQ%Eq$-+zT{gNv0@VCZl%K^-*~yd@D-*1DqURf1$?h(a&5?0x*CLP|g)lN(l-M znloYE@@PH{Ex3E!U%*q*o%o)K-2PJdd=|z)Cl&)^=#9q;>4rfBb!Un#K-W^AlPVAe z+6>VlzOI(nc%GVL$K8&F6S{TfIf6@`djBbquCuBb0DkXp9Fg(c8T@{e_@~J)ZE7LM zE$aCSje`C-cd)i43r2bJ6(E`p)|QiW5aJ6qk_&?RF?gB7r$Bl35=sI+YwmePV7=H% z;F72I{DPw43ZHtUNZPmtNw7==btIp`x;*Y`5gyfTl!hL%3LK|ms2Yuvl$8ZQq8A=gpn>Y1 zt*Z_8RhaoJ!i^7};S2!z61Cz80DiUxJcA#v0fOzx z>wy@#NA+4>Z$&`>11d9W0B1Bp1PhPz)DNH$fk7DFIB^g;fc;deED*3v`YEoYlG$jn z5yZz)uBZ@S=cqv=LE*LhNse|(`&^VS@HszJUjVk$r>s5jT77aj5bc@9p)`CajNcxv z$70F?nkTMW3ERUlFMy+UFNb4GeZkknanP%$7*Uj@;U(> znvKvXnh*5%AV>y&-hcui2=AaHU@?dt&Q^;}SR6^mUR}yI{@x~kag_G=W7$SI+bAE< z$b4}F7UqkHjjRG-f%OR;IwfdyIV}qhk2qdG)afKl z28ZzZqc}zUA>k#gz8Yc+ovAKDTeMNH3Qu8egTY9fx^k1dw{m{xpT5-g(<1_(iumfXiO|GGQH-m3@kp-@z(m8;y&e*% zb4J@bKR_5xr0MbI1{LK>AYI#CLnrX!miDX5K`v1{tB z?%F0rSZ4t-2HG680oo?wkgCwCI?Gs+?ZYr1B|H&8d?uzw7k6?y|2rtbq_~P;CT{W& zlv9InM0IjAO&zSHyolH*|2;4f_A1_lA3CQe=Ue#N-C(k0@d&@JOeQJ6k~^>1r8 z;JC9!{)n|i?H+6F16R3sTi4jwpDd1ENcndRc5Od$v+@3pi z6In&UosxPH%Ukx=UlowXg}z$(pobL^L3?5>RR4SsgYi>4`f!l;pQxs-k9Kmq?-!&o ziemg7ldxT$)alLZU7zmcez9+x@*7c}khwj8S>a$2G0)FoxtS|!M+Bt2^$#p6fdX5rJ|yJPN*{vmqtT2 zAC~f=XHs-K>dS*bLTt(2MxJtYKD2`L8%uc_3m;vB8e+|t;Mf%7(W)t5s1rHq!#Q0U z^pHpD4504)LU6$^=}nZJrHf(_4Hq~aCIQMBh383^!lcq-KmWn1|D0TOD}|{V-#tiV z@(qoLv(y+&EhnWT>J+H!!{;V7HAE3{2M5@ca#XgW}=kQw)S8KH9H zuHUPLdvop0EVMxbG!}|ju_O?Kg?k2-tEUtbV*tR2L=hp5s2?pJIS08B&MiZ(hHDIpg0(3nOoK&Y<|(2@4Bv)R*q_EoDnn0+smVk2Fq{Kl zK@v@P>XBEy&bCmwi}XlbeK|n#66RM>U%DIH4d|&V z)RKUL)QtscV?R%@>KI54ST70`5MkjI&}l%oS3Pg4`duPi|C=7=X;*|F5Xo{Un*|(6 z>=ihY4>26%I+C@D?gZ{*$AUX=T2OEg-k#u=r?1!(^@CLAd0bWBayQKF3+`xnO~E}e zD7flbaow0*VJ*bWQIcHh3@0C?T%jFX8!JhDcp~KFewf$3xGzU<)`)vmu?HRWiZoBeb zto;Ej2Lm4XgF-gJ^sUZ1#yc>hIHqe5Em7X3$T%4%Xw}P}WAdFYzu9V2em2VMs&$c{ z(h!y^uMJiyY3o3h`&|~Sl0Huj@yl1e6Rf*STJyA0s=Hsd62m=2QN!`_|Fo$$X=u*w zS6aRQOtWDe#Zxc(Wh=2WgkSHsdj;zi{BA|rV3FZ%oBoSmo!hj`B$g;vJd-xjl-aQB z8B~re4W;uHSLDhwoL-wK7RoAVr^TTfSGYe3@51BkSo>mA2UJ z8$20YI@vC$YH|I-r zdjT?E!W$%*PG&+!7w>}kQ)rmjL+gct;uVb5cIUeQ6vH46N%MC|40!aQG>!-Pf$RlETVo3rG-YI zk`5Bw?Fl5-Gc$=1DlC#Jrsp^EnlK!zT}nnG5tGKbzwX(Fa}OXR9eg-ECR zV7|!D`eT*X>)vvM6&m8~6}ke5qq?J2hf5;DMSLG&%m%#IRE~n+?jcaFwd(H^hP_^e z*8=6W;l#0zuHuN@4S86?a1I{>LY&s(LnzE7gtOMQYHCD54Km$?^f~IicMP5K@Ww>8 zFz#jOA(SHnEU~imIS0#EXn|pG<6C-k4*)!&{erg>8oO%%Kcsw5*;Sc&}=)4 zf!Tf9!OIm1cM^wYC1g)s{=Q47)N*zH5J~EvtuGt*fnfLZ!kx@~%1E-ijeLu!P)wx> zC->D6TA6h^Sn^m-?tYT&Cg&mlIvv~x@=pzybnt2r!Q-m#Jbx!gm>5x1UCkn1X-%y) z>7+1uRjNe_%?qzUxwUrFHtde_^~rYjhxY1iR2Q3n!sG;M=#{UA!2SybK}T%X8)f4t zLv_TRw8EQG5eD8B@h(qw3Ver+bt!Dx8n?p(tQVB0H9)SN*J{$rZ^j-&?^`qXV_7Wp#6*zrvJS@_lma;e^}cKB1tp@yy4;Q)^{5uMP!m$-}h zByg%UlEA565tV$k-Nk%0bz*i!#W^8{ z&q!X;bM^WPZS=?TIbP~XgQ;g@&E;0T%yt}}KRmUci-z>&v{*bn9+&kk)3p6Bq<& zrpr57)42btOta+B-%_>>!2=0Qs#txFuXX<2d~*Hernt^*MP#e1PAd?`M`2B{J1}6^ z=~_JM<5dJAeEjzy5wPwmOZ~V?#*Ly9{`SEKL;TMHI#{E}LU zwQ$TNsfTm{$1cQM&zRxnQaf#bVn_39EcsPVdsa?DRS39EpJ0#;IMWE78E)usod0SM z)JjJo8NyE7N>CP}K#*Y+&&;dCX4~h1ch|yrW7{;n82sjEfH7t#vk!nR-^REaJdw6s zG#J@7u0O{9AFs5d!LrVW>igU>QC}Q5Vbs^G|Bio<91WU#9tSpu8X9*sx9h7~bG5CZ z`Kn00ta0*^0A*Mov!?1q;twFd*%lO(9u$-}-XiVMBf<~35N(p>9^zIGqsJKoZij&3 zpWoqa+NQArVVKbdrf?%}Kh6DECH4f@*yq<=^ZDh}+3&QHJ7U&ul!>zOd3vh| z$6TTDvRjXvV{&r))t(D=0v*u3EhonXLiEm<2bI7;{o@`@903j!!!a$L>-&evs>C|| z6()RK4@%XxeD}%9G1j!6*o>sM<;*XC>w{x0u&-5ZOLfcoJe+KSfUdS>?YL!GR{eJv zEJdtwYVn!qWnjbgclp~iY}HN0Fa1^30mz)pEn=xAtNv0cHC@27>bmh483M#Kzz{sO z|#xoL(gK(dDhgPlGJP7&#K>7I$>$G?ti+jHB7I_DQ%|W>1KzyQjy5kH55GYrf}@> zxfCX#s23CE*sagK4 zv7LZw*oKZHNB@w#%|aNjqViH(&2*|AP(YkHFDr@ux_bw{3RL&Dp9h| zq1B*YhhE`J5SS&x>acDBKA|a&!G;#dv$1zMG2{*y1T~6Y z@5Eb}C5RHC+NG3znXXYTU!rI=TLb_SaT3>=w#y4)ZlWejXn}=>t60jA-?&tW>7MuK zkXU<1ItGJ1jnY9sYV{SuL1skBr4pY->hYBbQn=SOScoG8|HdlN()K~zh{7xpA&wB^ z_RmW4LA?C#9e_Cbhg|@1PlCwlKHHP6znMW5A&+PlSWH>+SuCsOMdL&Sp*iZW;8*e@ zR_j!3!8HDCYw8qYA8XtUTHpjBjyOv_z6O4WbJ2pxk0`X`z7oJ#Y0<~D%;{S6U7D-< z&4hor-wT8A8Qw$q$ot)o1w3y`Lel3CTqMR^7rm2?ym}vrfgm;1Ad`3z87?Jjpgq%N zgDH~1&_g^D15hL#&?b zSxGwAbzrULpb3u$=Fpr9(u2J8d2rP!={gcEwBxRV0I(hKV1OCM1T|=!-P{K63=d`= z56DIkvh+5$4*%cs-Pu4+?TGLDlN#?zO4R3j&~)}ho{F)Hh&N!T@uJlilHd-ogAs^T z!fJ9M>XP(oI{e3Fz`rx4{ph8j(soO?D=Rmp1v?_fA_@W1ul}%%cxTu?H|P%(3?M2I zeiUt~2EQxqb`!FbPh!kgC#vplCWB_{Jt=okSA=y94%S6;8qZE%j;fx=%dBL7RHYqy z5|avX+gy3n0aiVi6T`gL3@}lEtSa}SfM4*Xi6iQ}5f&$R-@Qt8B=8>IQ3&bxt@@uh z4hO6^$4oYwJq--_K$U}i|_jAMIr?w1wHUgUD6b8?_a3KwR<{j2L2f-48&k><*;LOv28 zxlL|YZ_53PRsUZ?=ybo)rPxY=SWBl>SBGDU4kVFyl-}v!LL}7xk|* zKy-3PNvWo)fZ#0P8;~GJ1aA9+BT70dDCqnG&{jk80)o@LePn%7hJy9T7m&cCP?6^N za1Yny5V`HX?6SFHwMr_CEqWrLA6DHM{Hkr)=kar&NBY(2-nXMEbz-0t4f>Hk-1eOmw5Tj-%NaW$YiUzfaUt9(xu7pHsYKTEsnH8nE<~L-_A;UGl za9|tP+!t9EZy+LvG8^!X+BI)kk^WTe{bt64YsLTg3>McM1$^pq1Tos7uwH@;HP}Mk8LSV0ZNpDpwcHiS`RvKGchCG|Qu=ThFTUt|J5;>a&HHy^T)8m-(!mz>X4LY%foEEcg z=)Falubd{F&7E`~3A>`|CVq^bk92IAhmcH0?qz(&F80FmIFB%-x}-QRLG4Z9Vc)A9xR7NoY25EdcZA5eRc?UGtp{(gN)p-L!8FdH*ToTThnX=X^4EXbJrtttQ zzCQMUuC;ZRdhp2LHY&5!U({Xp>}_NR0H^ z4Nc4jRC6<7(KpU+DEg?G<2+C=j8=lKg|U`Bqt@-qNaHdgC=e)&HdN;KW8w_t6*0t1 zqJHS}9_m)z#fYYeK0Y%>8;jbGM7@QvZF|CD2zRiji)19SH*u!O)H5Mt$vWmN`8M@A zcBB=0qsxoxAA3gA8z2<$_Y0t&p>*Z7XsLh;hF9TFWr&LvF&&f1JLhbSuLQx6hKoO( zG@QWOe5b1~G1aH;_nyHMom9;UtIT{rjPm+IjMR1Dd+P6OFm)T#&;6KwuAzYWm|D(1 zfWI~EB~k$Zm+hSPi$Bz~CxuCGm{@f2<3M!HA`elkt`}H}wxtMY3;GXOKj5e2rDD5X zTxy=yq+&f$+OIJwIi*iyda-$nmJVnA*LjC%q)=D`hR2l*o4xJSIs2{oT z4O^E5Yd(B$AZdi}3+2S79+Z9HUqm8d22(Gb`y*3V^xh4n!O?+26;dL zMbd~TI~y*RB~RjAo9flx2Z%}UtS=q(<=#y&Lk&OsW+=m--Y-K98>?x5%zOikIn4)w z`H%Q5(zkNo=-xZ-+`2SdZ@=N%`k(q}Ti;Erf*CV*Y=8};1N)Fi7Q>0l32?L65=u42$9}oH zidOc3|LxVoj_bp_2tgi`&SABVN1-EBqgaURHMe+F!$%1lP1|S*s+By5Ce7`^I-!5= zA6zjlg+O*VtVELHQ7?)9Q(lQzv^32-AYQ{|oo0pK7m zbJ+xja`I-WtbW=>w>wi|bA8aU%OHIzs!FXu3nghSv}p5yhY+D;Lhu__ie{q8efa}H zjdP=DrwR%sVO77WnwJj4VEFFR<-K2=2mr2>X%ma-c`S~s?|^6=Nk`WLZuT*{E2D; zNEr6!Q&yh3iCeXZv{U)xp(#@qWF-QC!0h(yvn%3`)<;KfGY#s4+-GsaW+yWy|DHh%W21b#wM%-xbXgEThu;~p3dBUkT(Eos00;JCA zxVkYX<||~WPjXm_>;og=CeUK)4%G>uCeJYfmLXrvvb6_q8qL&Kvo)z;2}vr@Pu+YufS?0HKb< zA-(t?l|oc0Qs5ng3llI0{FLf4yrJaiZ0zJY0vr3-#cxeI(OP)I2y6kg`pY5lmT2R5 z9irC4))J?C^Vo~ChG4$M@z_i3I`lUOAI<5eLt>v=r{Or;u6FVA@lU6^+N(b$^Pp#F zF}5^kiBfxu;r&!DzNocle;?QKRz`nOD)}F3VY#)i5p)<#>lsA}$xYaDgY(~xFf+lB zoxoyvkW2L&XL2?~7P>=d@B-b=&;$DgtZ5%sh0o-z9`0jc!e%%VCQF@!sGL+Q&{RVm zV_91T4O1zQD_f%W$JkMFkVp7TdV}drc2hH^iYrVNUtzCqW>ma-0~a));~#6mhtk`HgwiZr2E_=8$8pT^WT|dezTG@37PI^A2)5;OW zE5;|1y;0PsvlANG`WRdWhzB89j#%S_b;v;i5j-mOSd41#N425ryWs9oU3Ka~+`sHS zea$>|aAL|S*gm#C*vOZ^nMNR9*t{b5z4zN`1gN5sZK3Ne+?ht?ObGl$JLZLHM`rq- zGGGmwN^WEnhwes{O=_{h4I?~|-3TdimMu5HIVN(y=EV~NI;~O?{nh#5M-x88Ud+AS1Eh`B;$!>Np6Rr>?$Bhs0qaIi)T_ffLhLpmB)91mF=q zFgje$zz1R@>kcl&2e_-?vjX)SdWK%Gj@ASf7$bLv1@EG4Dy%M96BvR*QyH@hjkF)} z8KgbzNqf*=K#w-)$%Pb7OfH;D+~f0f65MgGZU+c4{v%RA?3?Lv2o26#>(RhnN@K`i z({2eFU>ka$c`V6DfAP8;!PS(6hJ9eKZZYJc1L=Kdpe}J{E=kM0xd&_{TgtwJ+fa6ZQmSgE%DCB(7VdV5&Ft{#k9)fzbu!Lw@d(5({~;GS@g7o|4f z!Lm>S6{bh26?pFPMBR<~WT|!PsZW5)Ndd{zDwl@OgfoFlgucV{H8_hHC(>XtHf=Z< z)!$l})quW7y-e3Iz~xY2V5q4TFzmWVp$^)J*rT&L0qv&##(VuLpaYJ%GF3YF`R*u*qz_-|lZ(nmn?PH}vXq6X6X$EeKX6-+Sdv8{Tj4`#|IP zf{&#(-W0IfjQ1ETTVJM#EIZYh4%KY~xYo2QkN zf={{e;}Wb%2t6h~A7``+g-?29??D=2jL5*4VTA3R0*ehgVT-+19>kn_wvy<5%w5of^;Z2`tOg%J z{vfo~h>R=ong7ML<_kOC1(uG(N>1+eduvkWY12*h2U9*>ik>q}nF>2D;!f@xV2&Nn zsl(2sO?P^|XKt)SDvkcMVZUr=8zaR7_sB%Y>P(WSB`4A zT{jnzN>h&mz;g@80|HFz?ud5L93Oe7E{b@{KN^{|OZJ9ltGCxf$M+1HtMq(`HT6BR zzMb`fawv$*FLh5;zyKi@g3MugfI60hA$(v4L{L3sp65yLf=RtY`2^q=x+`uZXhimS zPdRd3`gd~jh~7qq=2v#Ga!O^C^*mNy&C21V+@z+YB)QmLs1RyA?+<7Ka6pvdRGJFM9VYCV`qkOFj916)e82^|oA7w|@2~BaohJfavbukp_rbFGg_50RDXx;5#G{A|t z1B#F>J0fQ)u@Oj@@ptN^*}D0{z=j-&Cxz`Xv{3t-KFv5En%BS4?ao;C@Y)$q6%Y8J}nh(JI+%)FXexcGFB9oUw{snt{ zpPR#TZDGnsWACuqZH)^m_tJZ@A|e=b1tht6N!7Jjl~p;WcH2ec?|-%GEXd9f`3@S6F~|kfHzHqGc!w8NwdUAYeJcE#w^-Cn2RTnSKB0 zOD2Sck~u5~ZubfDM^~YaUI+eQ4V@oL&>^MaHvub$g2zX|xX-&7#-9Lfd5PWaabRW) z2SBL*z7MzhO2+rrR6`$#=s3U%!wi6-7MYk&n5Hq0LIq(pvHb={(=fS#>)lKrSCi=D zxGpHqp_!~OCL7gqL4p%<=AS9x(L0J#sS6fRg>Ju1t56wt!!REf-O&coUTyU>vYQ03E!pn;JkQF#i7EH(i~& z7{^ZoT1@xQwhEM^CX2qqmf`#lL~x`)1QaM(GD|h3{Z?na2lz+rkiXW{+X!fT=UG5U zv6Cyf&;fH*B!QBFl!zRliGu2X8O%TdL?qR7StTqYcusSIM_h5D!yw+M=WqlZkt(3< zigcEf`eTWU4O~i>s5{;T>>Q^K$RnyW`+LMWJhT1%J;agISqzgABfSTNFL7Wu=-;89 z^w;kobO8)BT#WskY2~GpzF6?86-?mIhcH z?!os3sgZU9o2w^aMn@DFyY6nKAw9`CCW>LV2h71*B9IXDhVu695~vVd04roawKY|b zCAwcR6OqiCs*ABHQ3U)FM}{Wx*%%0|wNQ8TnB`*sWEM+g?$Ke6@$ym0o!yBxRNN4I zr_W&6kGXt=6qFe@qiPZ6V2+WD12gk~t%N-;i!$Pi$KY7lSyWd&PdlVbnGF)qg~S7f zAr!$J_}?J585Ip;MUX~~;Up1@46K~cPY1g>snBD0-DIl$R3{9+UISVE1IC(ZKGWrO zuI@h%50OM0HwZxUbYIaiSM>JsAS3+8o}Z|SxtEj`?}3bxD>#qXbQAAETD{RY9>Hso ze_#j5#;yAXaFz<_Iu<1%R}=Fq+Q!G%{l-P|5IeLwm*w!!b{6YSe0nHtyG30<&~2T| z;s}g1FzyU+bLuO?+Og8C?L2L=0$#*?ZMG-wim#VQ1Cdw3% z1yPx{1whNFwCYtk&D;by0rz#ta@T!5*!qJ^A3K%2kP3{It-F;pLHxVOAX;4GBYLlo z=x4XIkLc-Rc7*8Soc0kd6}u{M0440_ZxDqPfQCTS32lDX0QAUYAE0^I`pi)NOdp^> z_>{-z@N}kYq+Y!AXGn5CmSnvc>H+mIFb_xG$&Q~_l-!-6px8y4xEV4T5e1Vev1h~C zk4R(4I5S<*PTf9BebTW#CkjUjiZCSs3cru1b?7EWB@hhnWVwMu1kZZSB38l(Yq zM>y4(=8u9))8`B94~Tv;1y)Ud6Q=fVxDGM3@`n{d18wlJ)JDuAaty7N$^k8Ot{|AN zxztXZpK9hyR?{C>Fn+5b{56zNug)^m86=Hb1U%U;z!&XsKL8wb7qI{1}qf)EA61PwK# z=2378{pr#oP(IjWdU6sSO?n4`-`#x?RkUuZq%AF7@$#rdx2Y!nj1V?IEcv<)VaX%9 zoH^UK%80m?P`iVM$mvk5q)HpeLlNuyBYV!}^eq_zFamg{qP=VaFb%F+ITo zg39eF(&86^Zz`3t%^3~0&+9T_aQ{yR z5}xEGvSddRxp(XL1$YmFiDn?&cXEfGr#Uy4w1e7@1Bqfh%?6;7bVC0el|pR7pLwa* z-8aCME@ZX$=2rI&@Z_6k-8V9AfcwdQnEZ(b-U-d?;YE_QGu%k>P8d52J8Ohy_;1hl z-rgW@)sz+B5*Jka#;+~EUeoeaL3x7q^ABJLvq7;8+tg0Zbj%OFZ2|-2JR8yydrXR< zf_#-i+aQHH)lf!>D+k=E837}+uQ1oxCfxx{H!_R9$uu%G`~*fuj14$37M!S9qGn>F z)g7IuVohD3@hv32U@HG;sW)IlL85l?hm{DGKmqh<6C;2a6$X+D0bUlO^6yZ}moPGk9j_*E8X9zZ?+Dl##TxI*IB4{xzT_eaK2 zH)}U85~9!3iEqbT;r$xVJOhD+aYU_p5nu$38rU`ZXy1>OG ziYbEecc(qPd-oh9p%O6_uran+dY1-T+%+jccK2H zPG?6Xw~!aVejI}utpCdYef^Wm1pXRc{Q8j>4%WZt_UpH%PSXA-pc5F+-0Q}6#xu8k z|AUNYZn}ZvnLoad;fDy8<*WUXR8{A`2Pf);E*}{%Q)8wvs7hdG7_;`?_#+23 zFT0u1fmvc1&wUvW@%g6v&jcO_&Zb>w+*KlXFiRqJG*>ttsvjjKm$@Y`@=NY5B{8Et z9=b-C+HjAq&yO|!Jx9-Bf?NB15-YCijp9Wpt}elv(`BK(fnD0*YVQ853!+8>=cp4W zB3M}q@75*labG@m@c4_8U}+1FB}EA2)}PBaP&?|8`tc^b=>!XGJ!h z%-BGW&&q&gwGlzGp$PYsq_YM2TM+?tT}3jEiWtfMa|3x!ZUM4ss1`?JYM$>9h^ z4u>EfoNDx0l8*mKvT51

x~yU*YS7(xqZmepvM zxJL`O8w;CEFSzoE5X|i*sVy&nE43b1?j?qI1?fe2c-~=}eo!sqI<|vS(9^trxp8>} z49$*>X`K49B8XWz|Nj{>9SEJNsKYQvPTP_clyXzFp^(?XgU*|Dntq)|HH~b_fMo-R zX9G^hqup3p;a5^KD@#*TE2{wpLlZ#@QOo;pUZ-OQT5@B#|MT_!e6Dk|4fOl_{~rH8 zj|aQXIoEZ4KJWXx&)u(}gSL){RK>0ZeGz}&#b3TBd(tXCqTZyL7?UoeQ(j6Q`z2Dc zJAYXU&&T1-5cb>j7`i58#N#GG(av~u+f-z|FI0a&kyM)XF6ePYgwp=v1Lf1%4Lf55 zp^!kP2W&#-t#`AqZYdJGmmj3(@2h9C-pnaDH22^@eP9Miaeg9;7l@6#^xGpzY6V79vd`hfmoODv%-sox-KBON8R zSdO+9f(lcb)wiv%xS+BkNKc_V%9n}s^m@LHAo^M}Z-V+n1E)A4*4CVr;lEKsm34G@ z#~m2KV3=s)EVsU56Qi$T?*mBWr(B&W;s*plkTIJX{u_o4R|-~4D&8+hZAw1UwQTIT zVCCz3F{PcuiGsyDC1h9b#mtZ^pU+L;GIxJHkvW+e9HuLg75?}u$_c`HySN_J2e{#j zCa=?y-ds)4zbXMKlCNH^b*WFj${g;-S>x6vCOjUDe4DYOy%Lb8VdcVeV)q}{*wx=P zcRf#xTy%hW5da}GfRNi@8OCk(yghlQY{5%5yPD&u)Z`0lG8p$(FkwqD5)?H1G;@*x zTg!PvERPQGxp6Wo$+nS)*(j9i0x z-781|>Q)&U6v-Is?Mr}NL%%vz{g_(Qzsag~Y6}x2-=Hz@tATH7*W9n`7iM1U9Jy#B zb&0E$RiwwX*+mmEXdJ1^SD_JsdSaZ$)$>M7EnBdj+5e>=+97$g2#BlPyU?OVv=DV# z?L)o|agZKt?8!Fq^iv0158iR^N{9H^4 zkbj9&rFY{C*|GCbC+@^tA%9 zS@rH~RUDGs5+R%c5k}(U7j_19NbHk3rAy}rOxU2M6g(5KOl{HmQgxKahvb3^HZU3( zevCyXYS?b_Y~Mnr`HUH6`0QV%i(vpRt)fO-!H9BRTk4VA3(S$n*`&+=!RT zN*e{pYU65V%=TmTn&kIapLfky=YAco|2Y&d**|}vy{A5$mn_5zkxLU-ZCp5UZd2_3 zv3m#oD3U{I_kZ zhlp8=f$Uj#^%t-J*X;E4{L;lm^qdTU=`n}TF?t>bJs;0Fda{4sEsl%`S4qUGuLwQ* zpBeLgds<|idzovsGWT%M57W^L2rwxkK)roH#C`HO`)(+G)F5+FT0hA9k6Ot$PDpQ#+X*H$c~u&(I|c?+;?(eb?NN2ANawU_m90ZjIpsbd6N&j6FdFrqjv1CYq_} zD=`(g_|aHC6|btlJz)7faGhTnlrivfex>z+fHjH?yKFztr}AH`o|PVRCl_9Dv#H2P?E7ak67RnYLhjOk`0)lLOO$sxzsVTn>RGo?a&g&qFBcbIR3sNVc_KaL zeV66sV*aC%TzqN8yURsjPfIR7)mo4X6AG_B;I>QQIOS*HG{ksAY)QMTuMWZ|Pe++M z)i=#?V#zdHdf|M~Om6dNUiDu^XgYK9p-c1TWX~yibK*#!8I!u%;alKI{i zoP7Rs5xx{e0=^ZN;Auw{or|W32xpWHAGa@nnF?X*fql4%yp5Vw97=JvY%cWO1q47gkw(2Np<;a6Fvzs@Em zdok?)F-cY??>h$ZYknvF7wb}{eEA9I8#dutpNeG5w1}k|?0@hX6E1weh$*Mr=ppp% zrSp0LHBdp^^OC6qkcoqpxm95c;MwjzMG%(IC${9Pnq*dTzG{BHi;}?Y#p_x(zCfsv zU({M}Z|)o(>)FX@uDXPc3I>6VMX%SN#jlgs*?LtH%;cKkDa`g(3n2TTdMvp`uMsD% zd~pQ$R#fOUM&vW6u^^W1T^`Zx;(P5QsCL|+dRkkbBBjU;okjCeKsfw)%)tS}r4pGj zTh7r0E~a?AdR|29%$V=(l!`*^ug{L=5@^RDo3Q}+lpVhccp|bJbXH?QkaBYXnjHII z^$}B$dt6I#ZEMm@dD&;(B>S)<>JEVSTsFEwLCfMDnjhG?RilAj>L7E*J2E^SEYFVJ zKYaSK5zJXR=N*!&&bT(yNv_uH#MGvMwYx!jD!Uk+y&r>=PsEn|ST{IyBXPQWYuqe*&4Xx2iUE%+@@D0_GHP@{!o5-r-H9FE2sXD7^`defs7WhgDAtMRhdxvVGj5a4Q}v? zpMO;^N_J?HOP7hLKMFJN3By}%g9=|jvWl#CaXi4h2*3WJrvkpehxHFX+Dr1`w^&M_ zfgDlZ%y0+~v!T1Y%5~Gt_ntvfaF2L@Z@gji!kTyk`y-vt-A}L|!Ek*`j-f-ojooWT z{l@mEcxqmUeqZ{!br7!=zKObC)e)(K;YH#TdS_-vP-==4QI`8bubRN&Cz)^?9(Ma# zCKg9WOR90);V`LLdcb6SW{NJehL~%E<%{(kYJTOunlAmCe7lU3>tzblX8@Mw_z>Tn zsZ-(T$&Kmq zFM%c@NxoH-wkN-{&fjO z$+J?A#J4>iU%BJs@#KqTi86vaM>|`YBB!iwn(1aou=eC?zLTNMp&`s|EjI9Me#OG@ z*xHk8?Hc*vgcJPt#!_~FnG}AMnaEjAPr#gZ%EEWobg5xANTiB*Q9xVlBP5ih_~*;~ z&&{HNvECCgA??q8&TKRIc8!nO5?qt;$nZya}=O<~!%hZk9fr?J%%Sx0R`) z{oy8i&I&W`VO!;jsLhJD+nRlbv%rl(f1hjsB4;`0G-SdDG5x*i{r~eRk^8(V*4xBc zy-=mo|DweeO||KR|6=#AsAbXnXjU}T5|L#O)2!~4s_+8kR0Ab?hdy#lHtMb6C)I)bjhRXOIT%88<RT4jSg8*xSWGR!ZM9QdwVhG;$C4)s2=kDweRd2I4}M(oWOg&s1TV6`q*p8tntdJ_ zHZx`qGrf2Ap__%V&NLG&?lpr-{G=u^FnK1XZDxAxD&A=S0&>@R*6j`V)OYEyx3fGn#3j&Jf>i$ zwIt4_R<`qG!}?hACQwR`8F!v!eCivRln)`AZ^%t}?6fNpO~`6RrZIcCDYQ62Tj3lF zt)gCNIER~=hQO?DmcYb%eq`@Pn~zMRC{x}y)r0u_EUhd04o~LYUx!d;YSvX@snTNM%yO1Vn}!`H(hn!v-*j)~A zm#f{S!(Fa$mz{m~UL6LbFn(-v>RMKNT+8l`xr+o$w*C*0#lV zm$Op;3{vl8N0|axQAUL-)Ua8~*OWk-T4jdn+2E_@C^_Lk=BiP)CXt$5Q<31=N`0yd z+Zp|bKC=~IsVQWki=JiL8>IlKsdu-bT{F?O{J@X+BFg(_I#*?~-=c?z30k=#DdV~&5Mz%yY0dP?CbmCYlW17qnTuzd zhX)N$E<7lfd{Vq-@RMCs6Y0b_+895M0pQJA8r+7fyRRm&ZXa?d%8>3c)(VEVG@RZY3SG%o9`YU*FB`61mkjfS$eZ&gJuv;U&i3RlNsXe=K* z&4sH~3OK68YHZzd_mYLHXEmnBq|cHyK5LSSx;INAQYTL${GTOBs*f`b;I#DUJx@zd z-xFzK=vR_gZAKEotB@0^4C)xBvw{_36cTHJl|qVSFTU~H^qCgt*x9Mb9O0g2g+3%?E$&z8L;tic_eS?| zn5t9F)NWfK2cDc)cvUnxjnFOkkP9s{<&}T)Iksb!Lrx z0$MawDbTYw+zmayaq4@c=Mk%no)6#fp6Hnp)Ftyf@;kg%c5%+?5F z0{VPZtsn#g_&>(!6AjOiLfD`3*6*H$Sz(_1Mbjg5O&5(6s4jn16h(yd5tn1BN_8j2 z9WDl$;Q@Hk#QcFt8%}c}pRqQzx99*xP{2(2yxUcE6LG*5#q|`T8N&@57G5dR^0hJW zi=nKlW|^6Ce_k#e&3kyV2o@-*VQ&azv^N>PCcRx&q;WN-~36crv~Dwo6HGB?w1f(+sMyRfmb?wk3Wz;r8hnw9=^B@s-l z=PLcEEFwv>iS%t&xF8joID*|l=N!>AD?K-u)$sbfa^|Gve!#c-S?MoNn$_^HSaK$B zoSvTek6Ar`Z+}s3ES+qi!IgwBxF@1{zE~(CoAEXAx>bqP6Y*`&#Fmkm}mMYbcmRzV7MZj$wE2^x09mRTP4?8#`oR*`)8_MTB{5jW~26aYfyBX>m=tPJCo@+!?<{66ox$BqU~d z^V$Kx4UI&CC?>Tdk?PAmRWHjL~nG&Jz;$FDX#S@26_!5Yg9(GCx7Rr@H-h0)bWGzIwkgVi?g3k%a|;F z?W;!QJ6+m{{gk%4*^sJ+q@K&2D|?5c&ba0YDxpN(T0ztn zq~6Y(hP6r*RtSVL^4y1Ny7ZBUprj^>UC6GBA|QjTY`xR{4Ouy3L1wHCn=bvGOc5e) z+Sc$)Z0XOuZ3+Z*bC8)bTrkn++I;P-Pd07^9VNIWfe-##bnkAH)F z{1nfO-dFNrY!rBv;arx96v)TK3|?)E!e{8z1~tuIzP(^SWtbgoC>~pK8LFKfVIW#; z?929<^0S}!u@>+^%7R<&i~`sXo+O{_^VQly*J{W5cKmTIYMQ*SF=xuRKR0CCmfwgt z)!~|HZ((6@Dk6Zj-32uqrTGPPJcVI@n}8rmb|lQM2P4gtJte=c9b|by;gpyJ`GAk= z56h5aOVieDyQsmpf9e~2ZV?n5g0sbGMN}NOa7LoK7b{?j<3I?cdvw&QPtZP!cfvVW zl}0YnM!Zq6!mG>ThowDi{W<2@zxa@>i120^6f**Rb@-!3HQDZ*ZN2*P=s}rQJ5^Q8 zSYfzCwY;dr<;!Te18FDwL|M1t0S}m&i@8gMyOg=hcT=c;ImXa}&Vv4%efy(CXYp%Y z*4Z3rM##yZ@=t!W5HvZvU6znYynrclLrSCk|Jh>O!p~=*~8kJ_@ z_|=p?2s#pFYjv&XsurMuy@aLNuE(7MZiy}Zur+vrvw4u~T8BEPU!-ILh{j0%1454I z2qez^ddQmq2FYb#_!H^>`y_^W{Xfv_f4zwo(d_?ieO7Cs0IkSYU z2*;8N_K4s#Y|RnXu%zbO3arr5yN#Jqtui_-RD50huow-6qkYYyhoVL5#Sb~STp9!k zWkKk-QJ+u{n-v@d0YgFbo&X_jX#*ly;-`&3=+?X`;tM)o{-gUMZ}0W9BAj0-$A^~} zQ!2C963~SE-e)?nx4Yc71gVb=tX>rRKa+o-Z{bg)F=|Py>ZnWz-osARlK?eriDi-o zC&h~Hy(G8Igzlq<@n<9d#~(MN{?Yag8buhZ-#Gz*!3CAlr!N~lJokVJkSu?FWOn35 zkx954rWVK^*jT7mGJqC*HGwnVNRQT^OldunlR%J@UlngyweWyxR+#(% zS=0Ecc*D*sU&wyWbkxj8w6RVUT%S=bw*-yyHW*Pe+nGW=DVH0ei?f7gr=GE%d+A#D z4OF0vU~89cdrDBVZ_8V;>wclN zW}~!ifPXP>Fywee!H`FbC!d`BmapMXAGucNchwl9M@&9FGotadbfUN7wDgEx<|s^y zeY3ZH^UTcIqxy3j8@q|)zGFgHe$gf$m^ih-G=x*@ozNj*3Y$@`YN-l5mBR5{i>693 zjV`rTvo=ODYlG@)BK3muRk3XrY{~54gVH*vFl<`)a3xQYAw;ld5A^-D(=&6vK!!f$ zZ>Oi{{H=oVk$H#7Brnk++|!qRkO9Sb>fy*~*nr{&CZXrPE-Qe5m@&l-BpR}@>w0Kd zfH62aN5!PEj78wT^sO?S#VVG(%pz!rjB-3gCXt?9(-g0Jm@$R;wm-*L{+p!#VI`)m zr)Ea5s7O%}K?jIiv?a&uF^mw4u!^VtnEe;5j;9{W&Xt(tr-4PntBAEKJmZQ;pUq?; zW=;d52{O?*j`Bfw$Bq0*tlS7s`1(&xn9lu~UAA-~MZYe!*#qS1m(Kol$X??c>`(a} z6AQtLQ*9rtIJHx-vOf+ZAFPG2z8F-}HSE9%m0BWvkm-5=t;*wXD1(exFRGB(Fky^$I!$^SG<%*(K|aTOTbPmf(FdV#%cC^>au?)3hv>#0mo8?#}ieB}#VE|9ysv8qA@ zu{iX`YCfkA{yHxNnY%0bqB$#jNR@b?m522kBZzd9*j!mOl=ly&=JYc}xIc#^9j&3m zI`MBikE}^hVrY1-lS8JhM9rC|+j3(Psj<&9lAK5}0c)*h*y2@Dx+Mnr6cJw z&b_*o@w~rGOjt>wVHPW%j`#n&AUx zQj$RG;*G9_RtT0fxhkByd>aUc6)4iQZ4^mTVWIS30W<~g)DNf>Airsw|jb;Cg z8U(2kJRB9+!8m+um(S0YI{o&CrcMvIOZ6T0?MLq0zV6#ku0qFdkJ8;gpiIzlB6`Yy z;4<5QS&(|bjY^~uYrlr|*b9%)*+*YM`T@v~AZbN|iEk6bQV%?;`vXxTYUyaucYjf-wKf;QX5$^`@CxtpZr z1LA)ha2?3VDXsa{yWUL^4`u50I;MCTsFEc7W8I)6;o2jM3|f#kXqYx{&>9(nfsP$= z&0RE;J21#xgqxD$QB`L>yY41Z&&yeFNDDj=?h4+4N9B7%y7SYNb#r zQyZn=9W$7wxFDVyTXn*J`iBjh*Aibly{ZBaFf3g@g*I@+mE^zGS6(dLtIF;Nvl6M% z8lM}@Z%)I$HyI7fl)rriKcK|W#Rqvd52aZ_oq({Ej_01_x$GmjYt(a!6(nU;7%`$* z>>TqSX%B>^_{L=Y2exRY!Z&*oFd?9es^bkC=YAp1f|Hr4&XE=I%=nS%6TWyfNc7J; zd}eA2^NxIKhSPV^ps#V^{G+sFJTMUIhHED|t6}^%);H#UrwNYN|IVyNU-ki6gS&5a z`tL6L-e%u^G9Uf_1h<|1N-)qtY|G>)Fvt4^nJddKeU`c}3m~TMQ}(t5reRfQXm#md z>33$4Y}_8Z>j~nZMSI77^}?{Z|A^i7NbYZtsS2izFWF9DkiJ*3sVW*p>fw63qCel; zDD}3Lyr7e<7FJ&Qa_*S-)M+)HV!9$7{q-$E(;>&-*+I$vyRX7(^b?1m+=2KQBc+6& znSI^g)IBHxRS8W24_lxrWahuhY}NIq{35jt<}9d*?PcC;tAsU>cr;2_YJ*hdpm?9) zfOOV5r9+NU4{}OW*V|dDqQs`GPyMkdd&B(ebF67oJq+P%QPejH^I6XZfi{vN6M_~y zvHs_$Bm1F*tmN^q)<_VpY=_hTMwIi!7)X!#XF&_RxrR@m1^6neO}UQ1#nJ@dB|@S? z9KThC=N=v50o`uWsi+8{-cPchX&9&9+_!zFCG`J4?eD!^)UFN_U`rsv1 zo013u zvdkhz3?MYa>bV0FnREMRT)Ix`sOnn%jIyT_lw2B~Vta;$ZB%?dNguR15y7mThGB5$ zMKrt-TRKIsFvqcOQykTfYQmcmWozOL5p+K%CFp-dQ^g*cCT(Qpl%-T`Pn6sW%)VO= zTAWfjy=;Ag^{#QosFUltN4`I{VtVYZjnnHkv4P7&2^N|y{h1JzZdgcA2-zk)$tX`% z9(&OTT3DhY89S7D4a!K#L+2d^;uE=#fJ(=iHi|QO`E`p zcW@7rlm7`=>ZjAulpv*fj0$6EpS~@>#EOMK{92*!!;AaI!P&5T)bDhFn&PrM9y5u; z!4!Jhmc3h<-w;562tCS9cqME0{i{s*p+f)d``O!Y1qsSGJXC|Apu_3RoJ%27PRv`J zY}IHE2rxqMQUdXtJyHaB`07pOD%#xTQg?a6T|VV5v)eE(|Hy}tc@r~0KcA%nM4g+ zB#o{KKHcl6x8yS}>Ix#NqVUq#(>~&;T0H=o%(7wC{r!t~^dC|=Z2sLt^dvxNj4li! zq_IMr3o}fE%d@Enz3`uxL+_gh81oW)l*zBx`iN9~*Xy;cq=13C?f@}|^x_VP%j(#Q z*!9)?LYY*jV%xH;Bp;Nnsp2W+E}P~yLt0o(9dLTXrgA|qGO6m$PqH#LkId>XWd09a}Fl(wb+ww$pocmUg+R4hzg_k-P>z~5_?YH=yE*@C8 ze~`JV4D-VAT)an}(l)XQQi_)>PgJGzi4P+U?UDv<*0nnba`&mq+e^z%JW4SW#RQgd z&!nLF5WZ#Pb#NpLmh1SxSgT!mG`=fMF5Uo>)Hl7e|E~jBm*}JiR)4acl&RA#OOOo$N;0L5mHQ#Yz*#P@+ zw7l+s`LRA_mJ3}aNroIeIKQt&)x@1C8ri657=NY+vMzaYq7)@;zOWyaQt?e5K&**UI{lMwuCPz;vry4Lc{2BOcIofBOfI+U&pcc@eA&h^Bg^DR_f9CwvF)#TN7oEGr2Fpk{nX&$GYC` ziY0BNB~$*N2ci)=DlYP7mEm{CM|KR6!+V)2UhYA-&wej|n|Muez@d?{!W~S~LZ+Ie>yn_3f!8lthoR*rs4+Wo^eWs^BvUGxur~CW7 zV`iqN?h~i18-crU|5);4uEVkFaO^%ax}TW$@~li#8Kv0lXW)m{Lu~-E1km@{wFa-Q zdeq88r05yBl>hw~ULKHq=%h|06H5+?WCH!|aJC2|g?%;O z<|fIi5O|-H6P47j(US1wy;{RfX;6`##N?1^UE2}AyUDN-*Iv5+F6WfM3KJT()9GKG zdr(6W*1X#JESW?sIa}?3OtTeNr*-Y5kyG%=H1b5Ak@oiQZ6)wWcs`Li1GYX3oeOK< z9G&-K;zI2Dr6L{`GFFt0Vy(`IQPb0hB@U73Fg<*4qwM%maoY#%hWrU=lrm-38@4X2 zjwOEy8i;KSm7049p%Pi@_;KCO3XPQ-#bD9h=0s{^_DCr@Y?ELGbqsD7GU4^iDLmGN zjw<*4duDOb6CyOGSZHv2vkoSNCB$tXms6wu>~<2coYu@JV?=grRm1~NbSPZkEFlEy z>+x)`jhNDx5=hNc0UPHt5-71W zaTi25#`>i{O}n;~gql1St}VMm4j8ny3vkf7+t5a>Q?z&^R{^QF1e;pR^{9~V=-cgC zS^n*xd#e&5AOec7jOAI0fO%Ho2M=^}R2@qd5&Hpe-%K6=5s$>GS!P8YWnYs3Aq=n< zDx8`bzh8uJWO=~*m`_UXj2E8OV!rITXq@F#Lu@nC%H9XhVoRSE=Q8J&CF<5NmB))f ze8Lv2F~wr|p-k1;j>IVVu>bqnp8^X4{mJB~jFLP#8@>EpY;?3>z^4WhL%F57HYqtH8Z3F1qHt zZrGXEsYkOD%>mKQTZj0_jA^AtaIYnkpWUYQrrU#ez!jPvC@KYBAV;b)1FB zuF%5sA)XdYgI}4USAJoyINyT=OxADT=eKY{+Ctr7?sBQST;eXduh_j;+~qIs@(FkE zardpyT_(F9f91ZdzL0S51DxxY4@K=mAzsc*ujzHc-fY#z7QfbOe7n;rOU7T3M`Hjd z_r$J$$7i42kLiPc>b^mrY)B&#oF@YcpdvvZ?J;3%zeMJgGVL2hs&rxn+oEW!zF}== zn4kBPDPI#EBkg2F<%(PPbuONW&u1DaqF-vlNdJ;MWVp~<;`L~#eYx`l(SGt7?t~K#hJ;L^6YCz!I>rC(EqpX!i;xn)7gU#Q!l#=xTt71zn z^Cz2bEsTr#sYZ|pG@O};GyIO6cF{t-uCSQv3HcP^Jge-b1W{P1j}76Xs}rd^y*evp zjMfMl26Lc!%rH<|1ojS8)4LAKM%~P9-DLtI2z1dZ6@q+ufN`3K9Hq@S3i0(BL_N7=$pjS86{CH5 za#2@|S zqNP-W?UCPaYdcZwF6y_`$jiOe^;JmfB$+Gq0%XGSx@ds9+#aqr8p}-4%}j^tql|d4 z8%B00a2|0rzs69+i#UvOSWk*f2x@mNt7Gr zdBbmylP4@a!UNSR-ZAp^bnLqC%h1BpM%gUWuawinf)a4IGF6^H1|T1@^AtQ~5}!EGC8|Z0J6XH#D!}Sy}0|D^WcxR3~&|T_not zU}b^jWooAGaZUf(R=kGN;L@|oDw)gNeWe2vU&}vQR`+sUS9O@s2Kjjb-e_ck*~~X?jZ4rvYqogji|^>VapT5DO29C2uzB zl#oKA+M3lMM^Ep<4@hoW)uaP~5fpmrqm1dQ&Z)N+HgR{=zLH_^%XYaM&*nSRZ0ZqyHm-f}zhSg>|YpSy+>Itnu-XZ6k zH!;MH;y6hY+7fCG0SyLcG>;&>+m*a^MjWPo-|2As@hFH`f} zHddhCOe}gD5cE*1NmW#v2_`%$eUlg`%J6tZBbrTQ;WZ2a!m4meW2w*qR&ifXS^co+ z7s+H}wpTwBUY~1M<+}OG?>8!ohL5s$u|pNp@t@U(LSEB7O&EN7g15t4yUYPBcb9Lv z%Lm+Lsk?N!%Sd;*(p~mG3m@@UxZ>j0*+J3#mHAE7PjQHI5SfhqDIcGh@5S4XKUWwg zCTii$G^4LZ^=kbV2%{zyoBd>sLyYCh&3Z0K7MSTbK&DS`~hb(bNpHkE~(r$7mf zSvAo+DvKkv4+Sc1T4c=p;u-KpTfyvtUa=*AaPR}LChx$bNuC`Jej`5|lBpRAer7Vx z6_7fjVQ#0MW4rtD!&S~2uf-p>%?Ypr2hI2S|ne1jBD1jkSm&yloT1(`yz$+UdlZoUfu-4egJ~E7a zjieEhIBw>jxNE=@#wFQ{0w-QO9e5V(3Lc%WRIDGngGaJc7LFIgc+9k;STT}xl>2_^ z_)2Wa3ddjMP!kW}Z+#Sz!Dwj~^A_d^-CEfjCND&B*g~G}puoiJX^X#1_6WW#57)fu zmioSV4+xT4z1}L6-J}GwZv{KF_vj)!l>3>aRl^ogHhLlKI}IA0>}XWNue^Q@kWbcW z^)C8cBzOzjJOZX~5+L{(COM`R=qmM8l^9o@l1!V^1P=!}_p0#+!ly!m#?AE`=iRFJ zi)9sv^Ybp8_=fYpY%&)U;HCNnLo0&RL^mGIo7FJDRJ1nwFe&;_Zy$gW0mC*hPijKC zb9pt%S8A)_c{4xt0>;!HFJBZ!u)9l5&jB`FK2R0bIqsY@WYNFcX_na<)_2LzAE$aLIm4;_&-<$T#WBlIw#vr>)#>Lj^`-8sk=G?mQW2Yk6L#_Yo76k{{ ztVZ;4-Z+sOzRLbZ8swa|ZZt6+qWv$TYY?QoB@Mr5*?8VxMm9L)oRbpEYtzG&l)*b6 z2i!0d2rqIrqu|{J&3F923-9kN;u{R_58oZ$SK{vh-a+va+a@ zJf5PGK{L6%@Ry{TfvTEI^m+`F!Zac+b9tb6%z~sWbTqF zg$PaZvo?QB=42Ka_t?NJb<^v#Fes`SCK{fKE&VIeW4vxB!-DzEpmqv}4#t1kgv2KS z;hRSm1yF2J09DRbbf;Ahnwj%81)+6MssPX!)IF82BRr)UGA)ewYkvOH&+}BFcap^O z^%~?LRxMrw%PK9Ch_aPz?78T2?Xd|3r@Dwq-zvjPzT_xpfrpz$F6wLE%sWO0(NdL4 zWyz&w%1%^YHA+8Jq%vhQ-b7`}CcFNb!@F5f$oB&<2?c;5*WI-J?&K;MY(&L2J_$c) zGB1&YAR=J)SMp%m3g#5STemf++Y(ivCu|AIDDArRJwXv=>7mx|_F1Ww@ok&q?D?LU zVEbcqXrGLRb&D7WHcKg6*eU6fjGovr1dSSvMi!|@**UC4oGgJc(aD4MtO2nhZy*BQ~)veA+5+)#+@z;ka3^M&qj{* zJZXt*q!>%+$WKF%MKRH53VwE z&2lkGqbx-1{=K_)@N^$K%gh-jpcmDbk}vV_GaP{1)37y`(XI!iH4|l7>czN5KNGYj zxno-AA;}%*Uwu$=Wi^j>pNRkyxpiO;=OA`TCWXV^Nhvm;+Cq&0Evv|lPBAL>lK%#( zlN$Qkr-1Fmh7FysG;EM7mIdP%>>S{#x?i8&j`$8}S?}c5r`}AhPd#lXkGi6(Y=}a( zyFOeTLmN3&<@hDoP{Am|b^-%Ps(NI`j-$TCS|d7T8l9l9ZjD|NQz#cX|1$?Rt`f?E z&sk{%bL0;U+$h+a6Dq(&+|-7Bec5(X#*O|I;f?~e@;z7~PKZ>6OD^#unR_z))fY|f z?sb>MNyyd@i9>u4!Eu*+m))!Rt(2Y0|MvDh!#)nS%n&Vqj?YY-9hQ4zH}S?#%1s^# zCFKGMZ(H+TL5^*P-PSnVPO~n4@|Rrf_52XKey;tz|9tvVP42o^B&j|CH;*Ts3%5N| zy6^(*{qPQ+PcCF~zcxQ$*~RH)GcN7bvI|XnIc^3vih=!xZ3|g;@jS~eo~AomoFWOE z#)%c(Bh?>Eb@xcHibJzOU!t`_6QhrwQHI&a^1Y+G$*&9O`==ZoyKCz-)>LM$C{rtT z7@B*^_R9JUPtD@6g}SXaqs$$-Fkx%FY-7CP?RnpvE~U`441}Xy%XU?*R3Q~}8il9W zIF?z4zir8zmU$Bqj42X+Nk$O`9x@6{=Ptu@G@6}^MmdGRyhSO1i%(cmlHFIg{ftLG z@@N#j2r#B-6DX@BF#w!)z&WZ2oDb~+9LErWGc|jQWY%{DT}{P(pu`EdvFjRS&3uVD zcK<1>BVxVOg)Ep%>YIF>)m8r*2>DMUc(SC%zd7<-->13eH@8NAM`8IvX z3^56o*o^5|+DX+&;Fz&qUR*?XN%-xJhbdQAhWGt_h4 zhT?u#iHjXL+Ct|gBElD!jwzx{qVjrP5hb&~9R$lw4jt``CM>E9=i>s^fEH(U9%o|6oWsfjTU4sZGrEXcKpRq8 zof??5stBAn8pIVczg6KC7e^EsjMXk$jK*H10_N;3>d%K9M=@tX1tHcvwR7IHqZJH9 zh$9_}ejP|$r`kmefCxU2s7M0TTR3TUM8#bKT-sUq+@)sQKj$tj?y}BZR=LZm?sA{I z%$kb%uctU3+4KSN#kYmbpnR9IHkFaRWA~5wpPly%V?Wj7C0{spWPlHiQc*Y{q34q) z{|DDd!X=O(hjWfnSrfD(LePu|5hZ-#uL@Ksc`y9h@xY#duo3LK0&GQ)n&{U`qSE%yE=CVmz2_VE44Yaup99;$I7!WG-d^FT%Y@FF^6b`oIGB3kI1Z*h zkXm4P^!NC4Fq!(A^7Y(e>X3gY4AkAX905xEyJ#Rj%29+2B!W-SDSY&$t%eDdmM==K z1l!SGU8w(6Qmz>mt~uQmkE+CbG(V5&V-0kjc3ls~H@3v~LmVW3&I{<9iJ5X;B8C|<7iEXMxx z`(x0d3h%ds2Lo@mxk%>zxAao|SG!Sg9{6byO+4Y~-4iaH|6)Yc0ra}5es}bm|9SWY zgKVfte~_>eT0xNMCXnefAsT0N+ackP`XI81GEQP`G&k?wrZszOmwOVTJs$1@EZNQ? zT8M$A^!O6+U=8K~g=+71z!*mr%@JTKVz-|GuYd#}>or7onj|H_CUxgiRk-bz$aFv| zuu>w=jTT8@s~m8fcowI#{%8uK&Nsm<1@$4`$~{HG}lukYlGo^cX==H z?~TN+`FH>GyWrnnKKB0~{}!K9%D*#!WjFlGOs7C?hi^RT7FW2~!cE8uGX9FgS|J~y z=zb$|Ex)T6lWO_0vulnO@tb4k_6EtdTOOX3p&2fK;k4Mg{aXaty&MRlPo*d^9t>r-yg~YhBX?N zAFsk#auU4|nvNJZt!w*H^M22Uz&3+akCMznGka=}=&9Uh$k)!=PEFeCd3Mn>M=?!+ z(Sc9}B1RP&J1gpb=zG$d5ql0rMVHQs3!i|VyJ(=rH*jPgp8^}A2HG2U@$&n2`?8y*Oz8uL8DFr;T_bXw_l%KoAp`yIS*I}o; zCse>f3Kn&YXf3@*DY!(Av?D@A(VC(1TZ^@JiON4UUV*BBN-;0qA93NRQs}j*3DAG1 zXAmRizv>uKCHTysS35HfH#%h6VT7+>6+sUpMjG@5M#yVe8BmNEwtMLRW#v8?!Ddoq z|y@yM|5OQvzLW%(zV?A?BXC5+hVjEg@pKHH#$}q7z<6Kh-#_7aF)}Fd5hV80w zC=H*yW<&)#<=@xzF!xc5sMz2Lv(!Q@&mDLinWb2Fg5Rt?cAsgVqEF5!M8#aTLW(6d ziTLDYQ}-FF^;^WkdX59C`BwXu?LszR_Opj_dDSi zM3_7Mk#tjS7HSW`BIIy%gG{&NFi-dFGN(oRN!P z%=IB9$4$_7O@2IzyjQPtdx$2MJ1ugCF3B?(Ivnvk155?$9xxSSE?+F^i_!-H9-jJg zk*TN_IJMqp3+>&Q3OjTX6wGFSBuJH*ia$}RQL??lfQ~{IY<8BZtccsAx%HEu&Hh54 zGv$fu_l9kF(fO8sH@nM==h?TJ?%R{@+aKKJ_wI6}yZ3o7xXTspa+$k)+FdSimruIOZ{6h-cWGk3jV$vtixcRQ_&v7dE27U3IfbYR zZ5zdk3bv2@@F60RQU&rGt)3hfUh|-2TKT>!fHfjT3z+Q1ZZ3K<5bv674%DMX%eTrl z==WwR60)ZpCaFD&${oc2&9)TT^NLfB0r39G!3$i4oMXDIhDP91tJoxJFI(y$L(CRx zhMp2gP5^vWz%n~>vw}yqK`TBHfsOD-P>uv?M!lR;b%JZA{OAt|Z{_it>tcA%e9Yl( zN;b*K9YhM*lHW`4>Pdq;U@UB>CwiNdS0Dwhamu;c|X(Fk%}w zB>>@*ZwzE70%pOM8cMPaSh%H@Wbe9s*F*8^dqTdXW~8dl3s%(`C8|_gMToM_G0m>5 z6F#r9&j0+K-Z{Bq#3hIyAVJ8A18FNv{Lej7h7UOVI}ah{$2bOnWPq(F~{w3 z9_=!Gcg1FxFnf9(Y-{FQS3`L#HnAgT@pIWm# zVo?Es6frqm14D7`lP|iyDsv=Vz~WjK-;U4UxiLKbLtyve5}g`=pE;2M`<*B{wKnDc z)tmb5&?kuQy|dxYmu2EFUv$3SJKp#56~GNuNDyB3{sO%k!En@YPp@fD7166nZ+Loz zFB-ir&`;=!(d&===IQle{oV*^MX!h6FM37uvxI;zpW zs8*i8^Yw7t;ZW_5Ua5pT1n@;1i!@+XVNbyU^t71{$=4v@9PB$f*W!tk+*i_WAR+x`uU7g_P$AvqCr2bQ!~RK$Z&omD*JMi%LQ><@*i+P_%i4<}O@$j{^u; zd~(?qq$y8cSz%G3ati>0sz%W129PAkj+qm&y%3e+>B%E`3WuTL1tiRP0B8@1Dvx{k-Va>OA$t zx-*Ju%MAlf%Xo){HNiV9r9x=JXAVVt{)bR@D0}#-UMjICqRS-nUw5gUsZ~6X78RX! zS^fvFE&Kh^K?=1^5uGVXkNNd;rWh3%l5@ow(;>~0yv5xZWMM{)drubT%|E;T%)&U^ zL(|ftr}KAi6ptDK+XxZZhrGoKH+~R84BYQg=)O07g4%xl*(X z7&UvQcmb&jXJn<1rK@J7l{vw6hl9(+D6g27p#VUUV%AGBOYo@FX(A&6Rkz7Xx@brL z^jU^j|MIJEv597!Gvy7dA|3Eui;Jpbx-O;L-}>3msAbA8El~p!UeusqrVNDvnsCqz zIf97#THh$;FX`InV-jR;h=F`W|MwH$N{Loz36NPgnvR>6x|4M(^DJx;16n1HZAJw? zbl3-Sxhs5mCSwt)B>1Tx7NKhfqfPI3p!TCz4oR#ch{H>NTJ*L-V3~}^OhKh+&9|HWj-|VfphNWxo0pIv7TS~X9Bs{@F&I;XOQG@_wMrs>6+s1 zs=0H;SQ!>Ntj%}mOj4CPlSzu@dvQSzq&FwNz}}Q1!i5&O0GAdyg*2xtwzc>Gt6D)% zNjUV0{GA)4J3y~@CUPfxtQ5(=0p|LBtbd~_`m?iSe?|Ij z_||+4C0=JpfRL!euT3Y0i8-s{a&U`8a83w>jvpUA%9Xt8MQ@Ys7B$i;&;x?OCiXvm zKcJuOvjBAr9Pc%rwWY!(=UX71H-e-*ZcmTVs376t>msK001hUthEfyKdhf3b4%TUb zcd$+i%E>%Iw2e*z^MiiPhmRE(ZyyybnHgN19;GN4_Xi$`o4W&WW#lYa# zbyebHPw+mr%TN(nihb;$dIf~{^v#sN_^ZfOcvlPEdB3nGhWWnU(G0{WQ-0dmVpl;` z-NH-SRzV4CG{C9;o-<)_Fqh}METmp^S!7DWM{jpTtP&CF*N6O?E|5MGqMDT1z>rj1 zxzBfAC?;ii&^W~9Uy-Dj*gMwji?%?dZ3d`&rzE`IF=y^*@pZDx{jS6HP&a&r6SoIPzH zW;0!x2l=HP4*91SKdhHoUeWD#d=QDD?ic;(F%|ah=lO4N8gfSbeA=(I;3uz|PMs3U zNcTVD!Ga!cF$ldLZueg*!)3RXh)~q9py{%Q%w_p#swzD1IhZod>rrSA0PClVO#zWv zQHaWCX`=qY@MkV8#AmHeP#(Cc2msKC^vlb6ru?%HM5^bHDwcc+K8FPGg{yBZY6FgX z>d@g&M;5D|%j^p3G?ez8avXu$MIdB$MzuujOsr>?q3Btp4v488NxdP+lN14}n#*h9 zW9Sti+7XyMmZOx3Mg2IvZ!%f@)1-pl$GUCfJXq3ZWJmgVNS5a2$?hpws%SeBOB{tw(I=Go zOTHZ^(^1;sla;hy%TE@Ri{Z-((2;yS$W{OJxz|3q&wWLoH$GwAynYCDnyWIue; zuT?X`VW7P84v!D@pyFD1-Xf~PeP36~?0?g}?`n;9-t1tj_8iGa1w&h-N1q0|dztYW zp20pC*$ay1eky7!__NIPnq|&je;N0Sy>{|`r&9*(wUh!3<%v!2&nNpey`RW0!d>G) zgi>ZP@_D=lNnDJVFR+c~C(f$FI>`2C|1ADN41`xEIn5ZgoFKgG;EsuJmpQygWGG41rFEh3>>*NvoMPv7LCoVmC)``p_+%V#Ny=a zmh+lY_Rao#g^}6sm<2B?{de;}0NToPkTR+VWXjK4+T`iz8-eH*VP+61aX}hW&6E%S zc|=FgX}ut}J37k8TvY6*s*OuV>`eJldlu8tl}%KjppBvE_}61l*FSl8A|Vl~y#r7+ zi&BKDSr%;FjY5@wvU@A+6Q48XmnF2J>gV8;UT$Lm+`^#N@mE_lU_4>O0sjX5I(aQcKV93(AJVTmbHh=Wk2~^A{O?3-1_% zq53oib)bFP?(CCo6T0{{*VvskU1}8jq$@-chGv#jh!)k1p##m*3Z5EZmW2=8Kd4ft?)fohNHe)^md7KjT%)<XD4#%^dMRoz2=u`ZHzp(R^m+ILeattNZnf;I2C|XdO03stVhMi}(ej!Kx9iK>_T#;y4bLA_!aefkk1y7btM@drHT5n^( zSL`kS1`-}ry9|JLrGqz6&eo`U1b@o!_`3^X!r%Scks4Sv0!_)mEEU|Xtk#QssM3dU z(;@Cb*r9ALGp1+Fna1_7(>GDixD1qq&MHkLcUCVrDM+0`nR=Qv#s2?m7}R@W9-~+I zJ0V5V*GTdnFsspuT2a7o)x+wGpK?!yuODleE*%A?A2dt{;P;Zid=K+CF8fal@M_#l zIH4%R!d2gLfl2ZFjo4C~F~KTjU}`L01JoywqP=?RovByilo|6rYg%DVzUj4V2RFT7 z;x4BRKvNi0G9@7V=f@25zq`wlkr1Fv1Sr9O{(0aI^CsGI5JuLg_6}Yz@r+5!n({-q zR~G*HU<}T-SGVJ{GqKW|r&}W4YF|T23P|@>Qskp&9zJ2+H_{+qZNk zLjfK5NxxKu+y5bU>;0rwxBPOfP0)X0FTnk(z?~#;?-aN{9KgRh^iQ+WZ2F%R^?#B2 z*QA#A=@5yCTBSqeSMEkahj8+vNe%t$QNhLZ-Z!+-(*;-xS&oVz#N z7tnThK7-_Y*3k09`5`7Gq(u+;w8+af*0D;gLf_4>%f%KX=jL*#aZ_GoektzUSInJ( z`gP7g{gPUx5EJ7CT~vgh|9KIAu*^m4m%@MiG`a^!#j19I0J%Xum)M)wlAGWreZD82 z>})^Hc!CU{ijbZKU$he|{AqZPD{}6tDOu4`#JhH)@0Aa1HMY^FK`*v_HT={F*!GFM zS1f`5y~y+NcSkhYjXZA}w+ngx%O1Ox=XnF=rBt3L<>mRQf;=P3Ml-*#uSk2eyo>k& zqtNb+Lip4B2hwCx?!oXBpt92?2Jmyf_9q*{J~xP>Xj>x|QA(XE44m`b><`XSQe3dk zFXKsa-_Kj;-$-^J9N6Ex>&vxF*HrKCNngIGKL0oR!mOZTd#|J%ACqHCcG*!o6-Yb$ zmTfjAGW~J(%^Tb*rMGN3+{qCQ3J?ma`$`$0U`b2lEw;pB_7Z)8X)I?{#Hyo(Xlr4! z)cc7Z4|DJAgEUs$T!5q;QRW0h^qx)HOwFz%=YFqNE5Q4ws+ z2_66&U!&*`svOfS2WUcL@9Q zEoXl)pBBpMkD@MqwUDGb`cNBvm=t}ew-1@}UvtYL01Qp~1awx6F_Bkt0A^^S2GRJ0 zd&Zt-Bp*D>dQi*K0bgI+MBPS1_VJ;qlAYF{L==4Un+5eFf52r9n9(N+DUjKkFWaqq z)^R$3+O|kj(U@gCmRlg+U_8DszN^tflX*Bo(7JNbN4;hd052A68(-X zIZQQzyYOowmNy=M-3hT?6tM=#+hj){ znpAp(KABWN@c`Z#NlehR@F^1hdV|uYr{dINJtkOyoPP;o`*&38e=?*do*O}^nqUNTE7GV%#TELbqlp|~mAW};jK#co=+ z-D<*b?|_{5nCz9%bN;8%-6C2NOPt_DgpPsZ4E{?TGE=IY3?WT8n5oEuk{u!nke%v9 zz+xHRYr>~@;+i9Zh2!Wwx73S$p?_SUuSXuE)uKb!BUOJ~VRq6Fs%1DWaw8iM*kYzf ztpuWSU~)%o?D}YrBr8CsMk9~z%pfoS=3^y^nJ=S1TAawA>hQb1SZv*3mvj4wpP(u8 z=zE6+fqum_ZCr?L^K&xN=R-X43AKV8QEw8BeQQBA~Lq#^ujnR9!c4Wuft?fp4U_!HCXjDI#@|Cg7i&Wk;Lgd;!1MMhoGt&kI z+NHH-+a7W?USnnCBz`QwTbwKsq)jhE8urUGb5JU<(Z)ak*(6Y}YWrC}ILNa5nAG~o zuxw|Z+*ux5&f3mv(CA}Hd-&-2Y#klkSflQx*H(O8?h4s>Mfi6z*{kU%YN z+eT3LIicAlcI`hBWKAw|ZnDUkcAK2Of$d2pjT^Q_^ebg`#16;mLL2d2Q7qU6#ehQ& z(9pGT1pAU5ZDfmNL&m`$nP3LRu>h=%1vhv$;#W5aKYsV~O!4oL?Q>Lj2QT` zA{7Ov;%{H)HdTOkixYHpS-JxXgaVZ>@m^fePT(f&*UY0A+^Xn$|(j6kX9SE zaTdfZ-}+$X4tSeAL6OtS9js}Sjn}rLm_dxstr399lMUWJAgm7o|^g04EODg*%dzU=Y(%3ZW7|EgAlI^M%7W%mBn zznCIVcOI!Rs{_EjjTWQ53RO6JVwhauE59x zec?rd)0C*0Afi^^$V!@b3MAy)$5=pE98a4!<9VkB^^T+#ez+G5C23PGwR@1iWGfBl z;3kqvM8CTQDH(eG%>4GD@<9!Cf>#ivFr=2CKoCn6sJ|w>t-(f_F%zE@9KieHs8{J3 zKY6Nu&MZehSF8|3b0Ix)D^x1j%6-pZ<96AFp5Ckf6>NObIG|Nw1LXM`b)S5#S@Mj( z&>zP&vCmf+D#BxD{Kwde(DjzVY$Mcl=!v6C0LL>Qb^Xl;R*P+ZvM;WKoCHPx? z5eO7o7RCOJpp)kTp8&fwWVV~@aSAl8z23QMh2E^lQT%hdr5W`3lDg|M%#qJuG^z!Yi~U5$pkj6 zpSwTpy#dYfIpg0bwAOb})Y<@fnBPkCU|U>U2*h&)SlF7>@(FQKx{xXVuMW+uM^-YH zb;GPMjk-7@KsngSO{m9uU2`edV+8U~1e$f<{im@fSE`&7UZ*le9-^llM1Ya#fg z)!`4u+3@DiUPFF%J)bwW#On`IDQyHs?5*fy@&hB2_ejBf@w5>}3(hIS@s7h)RcMLp znd^8a&NK0JqOxLEdNiOWhO<7R>xcK~NP4Z1o193E9zHY0>*?}K`I)uE@0*#TAwYH& zqXgE)f|Bs*AFy=zug>{l#%t}wS*yk>xze5@oG-*Pk{5vlRUlif;GxukM(4g2{-Da? zpWD6u{BPyu^7(`0lWmX}-c$imK7jcS0TbUw4jxBj>N|7_l%{-2#cbpMBz_J7;o z{%`bu`QZLPwTu35HJ4w&f5`q-@2r;W5iaQuEJR71zd>&b{swu(&N&mxjVQ+q4>tFs zSCbmT{%sa4cU|v{EwMQ~CH1)n$I=82hgPkGU_}f?j8-wqC!E}5zuKI5nvkYU<6IBL zBMloCt#N9dlFJ$J5*i!s{9Av&b&~UDhX$G)E`_Jt(eE-&Xv@bmHyC2(nPdzzBW!hh zi+W(NqHocC{B!^xI#HUmB4aCl0Fwd)$JM&AkPg)rT-vb+v51(YZHpA;TW0i>Pux|P)Z8e|o5U&R zzO4%lV2N|-d|aQe=Mi#1jyCIsdC86>L z3l4i$+xHF3Mgl?Z8#QPhGruvGF(feTjq1x`G#88%HDuVPY2!Z>_;=_JrmYA&8~>qv z=f;0PhX$3kDiV*1DeUQAD0obAjk@p~^sGQrik@JCEJUn*SO0zxYMBvx2OC35UnIe+ zV%OcL41oN&?m4zgmT@*9+fK_QhI6uY0tq5M@Tm=`8C4YC%Sv}>UnxWrv5cew`^^yC z!cPk@q^@kV86r zQlHY}Q87ZvtO=KNT`yLLcUWjqAd>A;*I^NHX&c3fC$FQv77{2moNmhG$(bj($O_ec zgO(?ywrPKB_HW_f*y-qW_?1`C?!y4V0?gS#Nxt~DnjI8VVIwTFGF|2)$MtPg+06`M zU#wdJf#W2Y)-IYVlM)0eMc3`JLn>*co(k%S>lE@K-4ISj=yGhOWRNIC2EVQ^N7-$+ z?`Fovd^J9laUL{LsjwL8~pD(_BQy>#aHuQv7yUPNDQ- zH4lk}qt9{uX1;~xl0p!r2B3@qA}4H3WiFtsnnJYrz}S?PJB`K#O1Ysao<}#c^Sw0K zSA+ymvzOR!`BB+QdDSpijV&|GVOAqiqEBHZ`Uk z<53sv!Fbf$8jn)41e(o3O8!`+atdKZjl4gO)^}kIX^u|nT_?Q2c+|6uM^ROfew(C> zz<+x2LODH4=t2CFPd9-t3_|(AP(-gCxM`+3e6uhJMKRp)>3M76a#24Z44`mu@e7dU zwIW@R0L}h?sQdExD5@;n1Za#%te`~W-e}a|8fH)v#W5ggMT15~jfxugsHg}Xj1Eh% zJ4@4)gNh@LI)geoE{x(bh>lBw$mWc)j0$dmYqeoU1eX9x-uIn*Z*^6t132^EA1}Wj zRCU#@d(S=RJLjHz?q&z<#X7|wNY?Mul^8<65^5f556-6qWHsEy?@&qGq{JtgQmT>i>IUO59Vt1+Fr40z(A*xh;S+ku&`}9OURH3N&xK=t#m6^gDF3zn3Cd$t7b zI6xq!;AEo4DOuH`UDH7nJGofI#z>U5LI9H*ahZT4u1w|tp%P~2+#-@&jc?4RMgf*% zHaxK*#Clu??_ru$ z^bifG_-Q!XIJzZNW<9XLLIu+YW(Lv+qQOc^7!-w;@nM;U3roWPqxM2hut0wIG8UR)7YeqqNp--2pAQk%Ze7HP8yqS=LEle8{;Oj zbti~JPLw3E;&aP8Gc`3*@;7g!ghzn#Q&g3C_<5s*ss#ey7h@wd+BU-ZREy+S;%#ck zNE2kb0n(2WE3%_wBU`1D?{{_L~R^sGh zj*a|z73}n-xD&4@_1~3tp#5^G(!u#-A|P^(y8ZuXd}M(TFWuBdG#qslRam!^5|IA? zWqjlxGQZUL3~GENE-jB5AK}5I&M9yag`s+UL}ome2$UTgqarCd(@pX@3X#_cdX*A6 zq}+*WY4ovr0k5l+PH4@|VRm_JF$&z1WD8A0oICA(U}6jWo)jF?;?qMQ1027Rzq?fYvK^J`EH$51?3 zMLI)Ik#@DTTf)6kbQxVU9qygeUBaCQyoU>#;FM{lkKvQ}|A=b0>xTEuW zmR>!X*MiVj4%f2`I{#;^UHK6Ah}Gh|D8u>ZqnwQAiws8o1@!&$=o_PcYCXyTiUqai z!h$TB_8d1eo>=Q(!HfHkNXn) zck|pIGX|r@xEjZH;OL3=e}RxjvH;*Xq4r_2;6crTUrvu+&A}B$gcX~95FzA1e@IT< zyQ(n>^QY~D)tQQ(njNCYhb$xagIH(m_tFyCO)&+frBL+k8rGK8gkqggyMonxJ5|37 z`JLhAhZP_iOmuilmyA8wPV`+$B?W3^Agaeo#;Igrq$pLUlO>8WE?D&AEcy}Q@HWe@ z@XE&ut6=%4>b@u+Jt;GAwH_E)YRC6opDNu_rMKgB4`0QfWa;X(p0xgyoM#KEr20|{ zZ%}@&gxWbQ``MIw1^aX3ZUo+;EveXs zD*rN;k6vg?jRn-TI&gcega*5VWtKr|eJ~rxO#Z)lf!!%;= zOU&RO>xIyJB7(Z*=nIn{mHlh9nRiWtf1t(eYI?_%{~`70bl01g{Ic!M~!mI}uM6 zrrr6GFzv~Az_c&u0RvMI3YZqsO#2y6Q_zyT0RR3c{k!WkV%^if?uwdyLCucq-$|L< z)1!6mCCZ6KM8Vdyn5F90^sjHDxTjci*rgL{ai+mRZS(w94%T-&>y;$v#yNMo4F#w< zbdj+&{WVM8-g+gT?*#Hw_Dzld0i+p9z%u~Dj0w{6!KDa113e~oiW?+mW2gF7dG5o~ zTleH~_dfv(p6}%6MkoDwTIo-~21@iJ!<-lt3B!DrteDBccUihbT(Ab{1|k2d!?+F$}-OSNkz3A1oC12 z+`U0U+j4hzl6i?C(-T4(y?Q-T8ojn!PeHQ5aXp8}PaWt4#b&A@CdVKGqh|Xd5?hgj zNbDxW+PQ(6M4`p&A>w2LGs(qsNQ|M@_(0$6Wz4i9%c7iOarRrN!1mT7?WFpXsQM`6 z1%88GbWBp~L4K*l$d+^qL2y4V-DWDR1 zN^;8aDuV3%6{#l~P-Hc3Z2gISnbEAA8uDdMkUd)^Btdo;2o1%Jg#HQr^r`)=gg`U`RI z>z};17`8`wRDt}h#$A*=P@7Sx8{~ls693V5oZGXM%7OY84_MB#cII(fb%8Z!-#+zQ zdRZ}!$k%VlwPFbZcnxL`wT!zc%Z_8J*ZX?T5J-oIyRg0trJRUV+)G<&IV5bfybLeg zd$y=nzW_52auy8DDeGWpXYwYFzl{HeM2HP6#(@(!CUfB4%_ED;X5+b2?QpZ4BP zm$&YN3sGN=gBpVqsPDMyPIdh#qU*X*&-2-4U3==fE~p<0nlUaFlRBq}clQMWZBtC? z>GRSxPAHzYx(Zi8753}x8;Z$XpmwsqP_rjC%)=%^BbY!>e^48CC zhVQ(h!l~?5j&*0zEvU%g7(W@2*KPRD9}JJLC~y6GxAN$xC&@`ra%|N*NOVeb-(82} zjN;+(kIGxydY4B(V}gAP$}z+q{Rt3`>fMlH$q% z-H-xgtBw_qPB|@~@X zi_P8a{u`jn5ALZoT^dNXKJIO|nggAX3z{Zr!L_}F-J!37=Cg*)rx-%j1mZc=gz-iM z*2282<6RNw-PA*B{88-Q$k@2q85j*irOH8?2$Yt`#-fbR3fwE6S7acs3fjB0?XF<1 zsvzs?H&jv1$rzhvrC&=``ah`j?wHcFIaP1ex%Ja-NgiA1ZkPvC<@ijq$RLgXpKwSp zuzxUzhNMCX><*OJ%XV(YUa=oq4OcQHx>Yr@j16=5?Wj9aW9?X7{1ZLrcMz zTZ`okG+ub>+=Tt)QM9A`1X>ClXN21^E0X6j7aj~aj5j#_DDjF~YSDi+r}F=}8lyTV z+5J}A*{CNn!&lbS1V{G3aqv==&mJC_t%$(H2XQ{Cp{mYVMKQGO7v!bnDXuaL!%aaJ zZy?+-e-$BHd0fmJccx5%G%K;`u~z~EXN&Z!S-f()k%K=kxY(HMrM)BY!JO&QE0O!m zc=lkehKFgM<3qsTUNqMY*Yo$nA;rij%bT$SIjE2U7cB$XWo^I0Y^g5TvxUzkdG=}? zCThpmb9z*K6C4w;i|fJc6SGh$%ejyD@r9|@p&WC0e*6aPEk|V8rIgaY=ci5?p7@kREXcu8Za| zkR-bED?Nr$V!xEac#@pNwodcx)^w`Uw=lT~*VMcS zx|}IdLp(BW3&}`#)QG2BB9!-AnOJ;|9mkp7I64J8At9p*R0rw~BCx=O(~mGQrEv`O zD#<2?^r5@H zT*(HM1D(pjv5I>aX+^SdXyYzu0=kb$Cck4T@gdj}0|M7XV6(l)@tA+yc#nkek4}Up zMs>){k~6ctsu_9pl0j~unFB3x^x`N*cY^lV@LbWHEaAKloO?QxMQp!lw2TnfG@-`; zT%l;d56Lr_7xG|U{A0eX3KcuZPq#;#G*vgK%hl>~sk&6D%i6Cc$=9#K4u;h3eVzK} zf2Ifn^LZ&G=o^gQ;>bQ;G@eod1FFfyGDy^hUB<$ihQ$*dA!Dwc#qk6SmP5!}R1fvCz;{5o-R0e1Qc%NPp43^OTHKiFGMsR+98 zOUVYKBBI^UkM+0kyn+jJF!{c(=!h{{@F+RP) zy~aX&m>g%s-f&>BK#~?mS}yviam?Ig`*l}R#FtQ)!dD>0lhRu=@qfYMQD84RW6)Z} zMm>(zp32|gFubv~a2y7MWl+A9c_A4|FpRDP?3AqiC(~f_C=|##2eQtCteFknEq)*L zJ1Y913Et#=k8fMoB3?|owcrAVwHJPHP5$j^6T?? z^qRrdfdUNMT@8zg+)BQH)|#-XyW(XqbX)N&XQ(-U`#rUuT$DCGOIdkG zT?e!bSWHu(v{P%VH@V@RVFOx*$6J%nLm|pL-mHjkDv$o$!*aG_LQ@5%FUR`h#){s= z{K>Jwu^xq|@PN(==hkevv~S~IMenluO&yUw@@4cyBpuRRaYSL;GlT25_Non)cl@*M z&$!Kve2>Hn2BX!azQD6@xE8R-SJ_tMPcWsp>lVpLCVAVjaCqta6ZWv8U!nYy;f$Ox zs8=L8C^zy2o?EeN*ic62n|GK>)UW~VOu2JvHv9E06{Snjua7=}1oXSR*P}P;)}vqg z8Qxe^k3-s*KttBx*N{`|^J8Rb>Bgnlt`rC~<2=`~ybi za5DJx!WPtkqH?alXWZ`LB3#+LmjR-Mc$rlJ4|uLz|16H%umS&0=F=KPTecE;Hr()I zS3HT2fNOvX0B1|G`^l>B4|^oBGKmpRm+iRGRV+NHdAiz57)|LKxJvI^J5vcQJb@G;Mi`O6UuzykSUS zb&P2^m!iBNm3pURP}>ESJ*)<9cB5!u2hM67p{VQzVh+hl4ua9EfF%=kg<&>FTbU-% z%spZ&mehr9dS@I0R%)B?@FQ+BW%_vp{X)EMi+jv30>1j?s)p?)kplN2}a7lywP^ zRPNgbM@76nd8SNPVq*rH>rm8_OH)#=Q$;oDqW*`9kPlKs6^c03S45R6qVRt&VtB*9 zRq&8TEwcY$_)+2-w0G3@8Sd0VQj5gwB&WdHspyaO54tDkgyy_s>KrSq7jaO2(@y%I z$ufmLI16dw_hc>4@xt#qionf;APzBU}4N_Kg zfgg9&TJaLTUn7_QsLNOCvPNB2smpS8c}rd9tII#1M=O|vo`-3o)B4BvkoL6rgmK~_ zaRpV%UXTR*r1%RBG<|xBgPU1y;#Z{>e-yiMS>G?(Dt!%cw@in^IOj%>N1+jCSis$# zly7T4Fqm3>K3^kR15I8lE9_;T z>Wz_3#1pJL-3)IkG`MG{*vkGjCa3{rgSSCD1j#isE0_l;2(6W4!YeR5kMosurSU_G z#E(4p%|}#5(mI6Iw@5HkQX?>fd&yLNDdPzd+9BQRL#gDscws2A*gaTwJ_zy{ow{m_ zd)#sb=XI*wUXYfIZB2`m^g!Vvx$0vgV3Sw!H`*X!-sJh@DcnQNEgfNPO=7=~RS34C zSJ1aSxeR9Co&Sjd^x|hBwJM(*o5CC9wNmXTUIxz(@=~msr78`1&6J`|&+^VnHpGeh zY+jsa)FLAdbRdkZh}!iZ4SNEyz+L32k=v2jz&fwqoG|{d)Kp=&wr_^O0sQ zGGr_Qmx-adydXqV8bhqO#cC?u*}Suwj^sTzJ4jqm%%DrTGdqi>{KrqYYz+US<51CW z0Y(dUEtOtOMgJB`Jx?zOG6SVyq7XUA(3XMNIeCfv1FvUqW^4gAz24c5pI)G6xr%nP z%f^1p9oH%gSwp}PoymptY|!5+MQg2UH5aY8ofsTW%n)n5r32Yf00#=g1_Qxofu=r* z{AaI2cmYy)j~s{(MrQ@m+3%_IW+SZfK?GCx_-JQZ&80}eKkAMEPFq0&Zzi8lo=MFUPzEwdG_4*f!nzW|1X&tmqZxI!v9&pC})J8Tmq6ZEu^W&%tAt zGiULsz#xuRU)V9JhU`!owyk8kQ^^MNJn*xip5EE-ceT*cb{?{Zrnc%NnL3QN3nD$UOz4c(lSL6m}(rZ5xT%@!b>o z$6l*gznU_MpN_t`U>*f#EjYO(TgS$lo|BG9R5WX0vOFs_jt*vlG*lTF+3qMbNI4zGpS< zM#9iVj;q%^1YXi7@<)O+@A&#}VRneH2SGSeNFEJ8Of0rx7>Frii+JK6@7Ks3?$dDv zNwqKyrrY!eX+l%O;z?Lqz!^TU0n2NFX{^0ah9cQl2X0cpP4nJ66<``b1FgcVQ_!Lr zuS*Ugw4iA(5hZ{aO|8HJ#MR3^HFVuo{7x(9O`@FA@}xs|zNC{^I&r%Mu9oVC4Hg@> z?dZ89z_Ga~g|P|Sph{bpW8>`DjJ?zh3tUdE>7MJY^S7hZ`d1xJ4vluosxX=TtPJ*Cm?^Cu*ZaB z|8qI>msdLRI-*)yR0B*2{wHn*AP2&4G9HeE{WuW^_+BJ=axEzEigW>Bw*7m@fVtud z0<+e#;{YXxAKpt2(u4y<>4YDn3CAl%IF5`BGJRnA@vw_kc8saT?ED`dF5m*U@ zRnvH&K6y9~%P-q)+S%8cRYp7e-Q}I^Z0&Kz#{OdS>a%8olS3|}9D&=m=V5@79I$rp z`j?7-s!L2=CaB9eb-77hYSiU2b-7SoHa-SV^N-kV%Jgj1HRW&0{LX`^=bhH;qVZIA zUJrIvY7af-XJbvc_Or}zS2*QowOx-BQ_4G9%S&4)9EyO){(~{^CDMlfdojYcERriD z_V$Ef)dwS|OK59tA%;?>9@5 zbG)JaT1+FS3+nVJWAlhjG&pS4>Z04!10&Pz-C0@zIt=2cVitkCMccDT+8+6g2~sjk z$;*iq$^!fo2IpCgpHXg;*KtA&kFc!f6PO?=oAmQDrkQin4{QQQQy{<& z_aPxCR#=G#iQFr6_MA;+$3p{E_QU+yBS$zWl6xxWM>6DmY9QyGCFfe~z8CuPsM%Qy zLg!y7v%`YCL=0{b-bzIXQ}^#QbUjlCi@J*6766f^<-t5UY z58#b^mp_+oz)FF@! zhne3+x%tgQI4J~k#b16HGmK_XI5NZk1y1>W#uOi%A3pA6lwZX1!z>>rK;{_&L%4yz zLhS{b@`gcT?vT0a;0CC1VE&m~&I13UO9<9)Nay@@wq8kI{_|RYP~9F(MJ!{r!l)LG zd-?hyWdFFSKq`MHRu~4XRF``SQ8am-=n?cuAyQv8QzL9%MB%_!?4|=I8VoxD><-2( zdzrANW}d-wAcWmdS5g8BzBV4#;UN`N%9=c%MZe+h_q531SkRn2i_|%BtKEwmZlfYk2b%Q*h|7yL(D9VEi1R`faYs=5jQ_`x>Vyh#D6q-U;HQvi+ zU7Xu+>*?anm~zhgEVx}yN|UZMvyXDY)pa5dwF<tU2~!)|?9uD_LbtZ;dUEoQ#}`@nJD?isTL8!DJHtmZkLj>Kg0X*tG3<XgP+UVkC_RQdJ zn6FPW$R4rEl8bP0OoD8I!kK|osKl5eMq8R$3}RZ+T}xb8f(T|=r`ars?k$pZD&m(K z+!t&a#miw5u)Kgb?$kyTVF#%wN}mmltOz8wCqxkfgllktqiJKA9l{0N15}xhPSrLH zLS?Y-6dHm5*fA7MfwaOYx1m=3A<(5rDHTmZ@|g6LVpD6e1-mmw)(Etegqs>?@g4bHE+=JfT@rtA!z|?kG9S z-Md-U7&5PbSp~PMnYxB9iH#<+Qrv%#yn_@>I@?bHcN=7$9tDSWreH?Xb}4W|gCtuL z2W-_ywjP1*oEZ?qWQrk;|Kk{7iLM(>y}+n2|AUK8l=F}GGt@13XF_l=IpC+j*a`i4 zOs&wL;~uzZV+W1f?#vQuTF(sP^d0qp5txSazW;4D(FHfdgePi_T~*c|fVozX=qvon z`&x(onk6gNO=OKyWYGou?0?_S4KO|D*U2CG5f41Y$>!(Srma9h#daJE4ztdo!LH0f zSObbJ-Uwjkk3JmK#FpdLf|fscX}sX)no+lE9Y@S7^CP6@IQP4=CkTUSz%@cZOAJ_ z_1rOI)y%8#1}jgul|>t@J|b2z&=tfNbBS^Va`YZ_GwuxPi>wDh0gN@EJXi!NMwJJ2 znDTm&oiy=MaQUsO;36_VOvnR{6?8YmlrWBgVzK6krwR3Du~WR}F>U_|(oOVBv>3VN zS#$c-Z$8p$SWY7;=iZnpKv+ePjS#HtxDk7luQ|DBA#SWW*@KF$hNI<^lhKsVvwvJE zp^NAme6k3`VBN-_XU)l}-*i;%8Spi;>o*mT8CJik^p-Mgorp<5OUwvG6jS4}7q#sv zd;2dlv0o{9DU&rUpO`Bd6^{ww`*H6xZ)+-jU3q+!)$j-M$~g^Wyp_r|8~aLPh!X^> zC51h51|42|4IEe$-Ws5GJ#&owh9oQw5GFN=FXNO>kdRlunIvo`2~e)-bde#7Bh>l} zOxOtn|N7UUBO_R4j-Bq;x3$)98fL{V7Kdk9+ndprcLwF$GTe4DaBW*muXcR~F)2eutx8wH&QUI9R{T?((j zG4X0NCC^<;N#G~=LZ=$@Wqa6(awubO)iragVG+?Yy!I|Y^j=+VpggNlJlhOqY7>Jz z{p&*Gq@=Tva?jV46nGi~CBL0UDiJziI8EdqXsX~JW2AQqZ?Qv&jL)!%dE#^gZtipE z-3j|b(FHh^M(+_+g0z?mLoJEsr9#8BmAudmX_MdFw+OI|aq&-LY{BHMABXpzXEn%N zT<4erCZi$2bn=E5Br)d9TMg5At3saV7bo(^SCITmi!kB_18^owS|f?;T}gOqSt3*= zY0fV}{R)rJ-yG-S2XQ2q`qdG3dk6pT?~pwkHKe{3jb@&jW4{W!YQj`xVXUX|1Ab%jA`h{ zAyGjjqxx{;)Ns$2I0;A96Q7J$s6jhcFC~e+mEi;#e>3r9yWt0`p+QoZX%Z82?Eb6m z_(Ux799eix{g&U>R@#a4!q}iFYy+!M&YTH)H$~&$#0qCh7SiLpF>O7Q<`I3( zl|-8H7QLNMSPy|z(@OfHP93B%UXWzR-{}%biq{YPs0fDOX_(MhS4qf#p|Vs-RR9WR zwpRftb`=6J{pfcka{pvgxvRu|`yAI$a!E~VPWtGYnd`78VzP7>P zD%hXJ6Zgcd3T!$3wiW$G=&E?Do%UL6t63A0mf7*YtgN)JGf^t>2ftRd)r;kELI+&K zN~41Aey7j?DP>8v1Ddo;)gF$)2h|EemGj&(Suuq7(lDCOsCjgzaxj4?%RK@PBLRhA zB~BlTJx?y zk-V@*q(9I7J*N0!gfozI#|k@QcQjUa{x@HKdK66a2&((a7e(C%&y~vuQ=mU@!bFHg zPSc;R;*$ZMuG|vf>63=1h(3d-r<2`qBD56nQheJyb5p<@cRFXZIH6ZB8X%8}5362W_1 z9610}wI*+VVPwY|tKm{`4*mZJKBzzLm`wA>@NcZ zs-rRf9rwPKB8^w1k_ zxP^D@bSefh7`sbCb)bv9(qg9~l{H5}n&*8T$*;fz~GRLmrf5g zM7km5mMGvi_xrl1?P6Ivr&RqH>g(*qiWJye>Dbh-L^bVrDn^6DdXA+;Ds7?%H&v=4 zxRbi)xhGBuW`UuIA_7G^CA0HF(hG=&M{066!{f((V#qTiu}A{zoTm@*Tk^N;tBt6R{m zJq0){bM?Cx^A712`RHJ+A~mP?BP%HwP%iL_#b1g}7O~`;d3>4`5tCNSO~< zRKO*`gPD%GmjX3_QO2slX@HlUEYtp)u*IiiEJZ2WDNO+Y<3$mtWk)}S{n)%mBy+Y& znrX1dCRNpR7)wO2$Y=h_bB|7uR{M$pA9g{;*(B2H%77FyNRH7KA6Zc`B|GK% zqV0QHv5%w;F_wuS(bh@O2AqIO;$+`@JvnQsai{JZI(=|4vq{Rs2uWD*JLs zazI700MhfN2SZI@{yAU+6RrWqezV359t&cnIZSYbVUJp zkb>OQ6R6t=h40F2r?GtCI0D9Kt)4ue$_@|IU(d`1tZeaB5nMB!6aXy`8KW&l&3NO! zz0{XdGXv07HDCj$mQoVz0oVuIxVop%#+^g@1H^4Z2tCm%n%XCO>MuQ`MTIbQrV;!g zrX?p|llE!*d}x`_nb8x*2Z_wg!Jc<_{?eK{OIjU&xtXiz+zdQKpy~%a>#OFCoxaXo zb}x@=V1EY1wFAof?s!8m;>&6l-$@LGKMq6q+iU=n84mHCW)g2Eihu&=DA+m+v&BffD&hjLy`;^+Jc}JvAML)RC+Lx8!YK znMCfu`!GmnZqaEl1{fbR%v;z%M7F*SLz_l-V)o{eeQ!rSw$H~9< ztqUO`3<92Ug!0RC$o(~}{KB#vbm0)I*?6p)0r?o8Vv^tO)%XNTYWQknmgGA~gHe?N zn3c=ne>_Eib;}2n8;%mhPK!Dp8tgVlBa2 zRSI<2T|H1mPe^$ireDF#I=LN_Nh!qcw)kG_VU=16s*~m5d zkaV_EZK1o*>EH*j1Xd8JuyIUQc_Tg||^~i#{Txpy07#s+aU={!U)qOzY zY#pRH+WBvVbg1b)7(+I0kv{JL7)BjuM!gLW;3LBn&(^jbPTv zZrY1X{AZDiHEtM9@_#Bx4Z>HZ&d;fwi zB0}vn2V3%6G#X;>*;lw=Cj5l`ggox!wHvcg3Z5Y4iQJ;2X>6ZggCFc*A7ioRck?Hi zLct125V9@zVhco1S)s3A2v#WG!Vgi0z#KxbNtJm!eW*m}g`-&JAC}?=2cjO^mETO^ zPmKXBW^lXCt0$^hL(G+d3}Q}26JC)9kN}y<=K#nIA#C+09CJ3VAF9wKuEKs5gty$hRr)RfO@Gx-c| z#7}?otyMXP>7A)M4S~b{7K)aRSC}{MyED}J>P19WF*Qy}C(y7|uU5^dGQ#aJy|1%4 zR7xdArPx)HaixEK%Ct05(e@BR@JtAI-)cC+|H(oLaf1M$?ztm~fN6pNpia8+3+wrl zfA&Hd(C2L;w@D>kgC7Lwt7PNCdj8~}Su#gcEC>LB3IWmwctyblOcS_dq<)Ve^@~^l z$Hy9$5DDg!1f5S<8NQ{Cntr1D{#wN-dBeT2p{Y<;t!9a_xIdu+TaA@>EW%<-tEmL- zR(a`qtLbRm(AE-+c7JS8_=5KI*XtGicE7i6r!N-PVcDe=+qba1{~}_Yj1o&rP0w@Z zpGHDO=T*p-6V4%6as8&NMuV1%7Mu)_QqC#BWmCOY25~i(3nFE#&_%L}BclUs9rMOqxU-?=DRq|+w68T^6?SK7+?(TR1 zOyn*JN$BYLw5@z340e9- zt^5FE4dWkuLkR>(lU79nRQjbbgdi4@ffh6;zzE4=BjLUzeNr^R+7?KZ`vGnDRV!ml zV%^G&&NR@#EbDZZfE_xd`bUZUkh)=<(0%10G)6D!P=q1~WCCW29>~v)f4W7R5>=P{ z;vSUne*NT9UoUwvAjI}m*u7MbCs;A=1;zrmC*fnB4gk2bgi$o|HtZcY->??~dR)rT zxSlOPgxxwAW7J+cWY}jw_#mv)n-0KjgqVz`BTl2+YP$WXQZb_8CE4z080cnAq%;zO zdnpVuLo05=-qigPY_m(<7dIhHoi9oruluD6rp+_SG+24XWi!7YlXvZ{i0$^U8XqOZ zqAduV!+ba0N*BOP`bJrcq!PN|77>8)M)i*Z_u-4oOnmTYn&uH|G*wUjH)w>_%nMHN zEI3`yEF}QZ^?`}UED}+M$9ZLCg@AOVyxwZWvJKQr7DT-}^LNVM3v=JLdvwm~bxaya zsNJB~QfgNqg%XnQeVbYBj?$6N|3>YG=utqQ+9hL*EIOe*UuG{FVUD-=_VuE(C?X>i zC-;QkS1Y4HOPYr{7+@6UU~8Iz1;cpw)$YMnN;sx4^m)XloQ7%L{SQ|C@h0JUw-mdF zU^P!~yu|d<0`x~u;~NE_A!0&uq%5B4=JN=g&;=K;GfuFG!@KwUY#h^!a2x?2FE=E0 z2Oh+lDze%hmIi`ZxcmB^%W5f)1NeMLV7bc$K3F!BVgVUoIZf)@H7u7^bP3Cu!tJhL zS@il2z*4dhSZ>0M1RAgaEY)i`eWch49XvY)OL-)%!Aaj_hUL9F!1v$4@+ocV3{ub< zB>&AAq7$lrQN!{$JzNh7qpur;<)81)1WRE&Xcky1#uJuzoZB@l?>cZBu&l+)UkJ;2 z=LKLH{nw7b^1*OsST^{c2VtpP5SryaTIZl2x=jX8P1g(Us+W>_A_`R}3PmRl%3Ci# zXb_{hUqXtGE$}xfX0MW*CSgF!$|9t zl`s)1_~{vtl)E!89y8qAmaD`35C_l%ncj&Z18t`;2mbzSki{P1Owh_6;S5}pr5kh+ zUhm}C_Yef2Q|@&xh1I__L6l$Q?mJDDUqfj~dN8e6zQZ^=dMwyb zW_>wkWocdxXsL)VPF};Rd)`yY--C4!#IdI-P@$@fyGo@1)C7FchqgZknw3QEr<;hD z{Lgstkn2_~MM)q{X~HH1yHxjw^eiHos4_k4sq! zj##cJJmsj#eMl3CeXBQOIz^!qT*~c@ntXj$Aol$f$oDwM9;_hUEVfRK&CXOei^o6GQUhCL*fKMMh?Bi37pHHLZ$26}qCA}nRqridqOpRVM z4@$YFy{sm)q-}eua&sgV&cl4$n2J_`welhGAQ(X>cyw}MQZY%$)6TU}Ck!Y`i)azA zfRQSH8yzC)YYQgOnQ}kHK!389VK;UIW5?_GpcI*C7AAluRjP5wH8bLxq3*LVQc?{&xzCRzIiX%Krr$6EEo2gpk1`vf62 zNoIeh=`+NvhHR9`tHsaPUAG$jBhMZ9r|n4n?!RiOpSEk4QvaqPAoUCDGD!U`r1=F> z-*K`xZTI#KWh_u=>vIGvS7n{ir#D{xiux7JwF;aiU_gYK+0kwS)VsTYsu(TM{ zZ0X4wk1CBC$*Y!9O_)ezn;OY0Bk#Q+RK|eoq{SS`15S?pt8w>3*B^WvAj6vU`-99^ zpAwhLK_fBTw?EFL4Gj0CuUA<`qndGjIGT_O&dmf$yf~)yPjVYZfvBv)YLm>f-J1W6 zOpy#Hs4dbd`(SGoe04LHjjX?=8vESca*<6dhSR0667a_lW&6{9Z(uJ}Wv}`#;0zV` zh=P7u$0=^_P|j?VP?WY$+TVPa%u9^IuwoPo#@)td;lTkHfd{={SW`T>(l+CrvOeAs zrmw4)wq+EC5*+>qfHdQYHK#cX5<@7oVS|>m*C#}?q1q|>DC}UD;RE-^lJ*X>{FU@_ zEvW#&37vc*MaF5ePH6QmN@msMlB|D;^=AQ2?u1L!dTTI#C@SORAMvDCv(I{YYBm%@ zsHuMbIgQoG*pT7%^QA_@y%eQkY^)XRP>tYB;nUE`ADXXJH7?(wlTY!**~32!Z**7c zTt2q(7`}#?=2r%wpo`zt>|rN#T{$(@OldJeFtT~_{CboI1ONysW5W0}@s21z1>K`~y^gh!v zzzBrt---v}jY=W+FmneYxYH*8c%S3D&-2|En0qI;r5l9^FgS)#`jao?AZ^MKm}5T$ z3+gxB zi0y`&!BqE4X*{@!19dK9cdvv~CCb!{ehhO~a)jBIQ0NDRAb=hiP=S3@#=-87^c&| zoAvLN`nO{LHWl&Cdv;h6*AUmF28u{XnEUm<`*w5hts=p0435@JH>H6IM!UW@J@UlAb~ESph&1 zc%(YOXg^cBv-Bn=1ZG&wyx4L)@Ht!0Aw~sL+FJmV zVzwpFS_a6pKz{rqd=~lcm-_BkntLbI{uAK?=EKek!K}HvVO4s2%xr1TnWY~-%+?Pd zW)1jEXwCp1l}BdyAf=cT1+<}!aj(@AoWt7}bUirDKMK0p zcR$T{Kf~NRA!|!Y(25`mdgqntc7oZmaAxTjG_&;!nps28(;G7gTIG>h(1(swf;Ot` zS30i|cU$L-^+fE{qIyQ%H zMeQUsz}-%-MrC3CHJ{`3D9*uq?NMMmF0O9amlg5BOuQT{SqcR5kU!W&@$nb_w`tvp~n_ z!b-sK7a?jh`;!q#735}+2y93#4-1BiD(euDT%{MUw1A63Jj@pZt(|G?2gw%0-Ku9ffA*7vIpH4#hqKAt56aZaq zMo1snMo0^MuSG~f0YPL1?htb8Da=$+MkF$(7FOeYtguMFDbrV!{Z7uskNQnVTCqz| zRJ3(z{idC*#H2%@L+rIls-+h(2cX9`OZ*0kQJ;Mk+0Qd0a>9&N~vRr2AwA@g|?JINg1NFJHn zk8^L_0hy0}0m{~&^98rft{Tkarse9gJz4mBZK@{zn88%3k-3Aqd8X>d%c@cNwDzPs z-v0tqHR9NSse1HzROJ#Ly4A^49iNrKRJB!;1j=R~-)pt4Y=9YN`G~kd#Lh)&OXKsG zeDn;aCokpZHfR`%$HHyW(XrJ^ME}5;y`tvv=>m)hqH>F5%4Nux->WnR$}B_77jN7t*Y5z7 zAAOec|K87f29<;J;PML7CmhAjAW_>FfO}QLc2r>g-C6~H`&}m$=z$0m>zV5!lA&-x z;!LPnNmh4_mF!@Z+~os;q2}po3Y|oo-`n~uowGVSF4M`BwP3LMRlLx_W_V@BuBdqP zXv$UQSf3VFf(z~XYig17tJw>C2XILiV5*C_z~1NVlzb;nh@ycFz6mUU6U;Z?NkGTgK zg#Y7aR;#n{SNooO!kE%+yUd{dXFB-PU))o|zT%m(7A0 z_T@HQKoq96y-j%k3)h6>KbRNUp(Pn0=wB`h57t+4i(bDew zpH9;DnwiPhQpT*z4m2~@AKta4xv9MiOLHDx`~pk!mm>m}rshci=2@QeC2fNrFlzlp zXG>En>oU}Hu{0RD)Km1klw?ZvzPiL`Wg2%A(8vk za`<=6i}!<@(vDM$~~YShsr0Ss8s z3XpN>+%@bq!EC{(EYLfwA(nQs^q#mcjzrHeA*%LbuQw+_3sOb;3fv2|z(teLTNAXg z8x&wv#uj?Z*5d469Q&2Tv0uH2?r=d?L_+ z^C@Gisp%2L?okbd2B#3fZkE}AF~?YIG4Da|L{hrQYI+ZjFSVdWa#JIu%KnOXXc|l= z5hA5@5Ce@sf$nuz1A}Ar1Vc{|RV}Gfy&i*L&yn}!5zp5&r=F=3H^H^!hdX8j+#6(V z^)?LhKbka9sksgdfqm)>F+(1lrhtwE!q_RB8Ou=lqf8ZI~|0~$83|3zpx{onu^dOrd* zoXh<=I-y~JtY%3=!+U2NH0sx^F#DU53j1Bt%){L?!7BbyQjh!YXZ!BwntLa-^Cy%Pw9YZ>%Bl9<|E?sZ z)tf}(6Bf=a{gPs~en~NFNa~JjeSsz;DV0ZNN%gxxNvfCz1)V{Ew~>w;Et)&)PtdRL zv79}DoqKPr9W}~oc%E$uPN3x&r*pE(SEB+;NE(JF!}bQ!Q=;lz0~Af+@}uZgv=+X^+zciHeeUZreS|Y<9UEKO2zoh99~+k1I0wM` z-TO?5>3pCBbNV!4eA&9DhaK;`lkJSyDQ9RR^jPxQtYLIo?v|`a?gXHu$`L-uE*m#O zyID~pFDC*Rv}0S&pS7=O$bz)y&__<>zbLM<*akLc;rpRH~`j)wXI)Ln>!n^4 zepHSgBjI|DL5{oRb0GLOA{ft1&W_4?qU0>0GII8tdy%v1ikYOI0r?EdqzFc>gyEG* zPBHT5dbG;5I7sh($d#L494y70_!{=;jc3@dm+j#?Q8 z$+u!p`4QS4JK0CfHIxAPAlY~n@r5=CVHSZ?SWto3^2iya3bvDAcS6tBnZ{kFj-v?o z3>=9~fJ?o>FcVwJ%yDK^!YnHT6-|T=5Ylt=gmlqkSRHrrbX9HW1wN4|>Yy7VxsY&d zC+JA>1S$$#cJh{gyq_s|oq6njcaCVu#UteM!y!^-LQLjAWn&c>+R)Hn$Hexi9GTTZFXw$|U^gIsj=Dy%zol5@E<` zUj>##67H%=G2*`$5={zgi3prsg#+;7&EqFDAucDi?t=rq=L%nv18@!v1mD5iH1mc-F zGK5IcjAJ82QBIt{<+z9&TG9KE6;9#WwXD8lq!oJy&u|C()uQgg*6ok0yZW&qyJJDy z>vsQ*SVixxk=tlz1 ztk4XgpulRigSH$HMY%%W6?lv|XKam3a0*SiMXR}qfks<D0$nC73#pT_RPbGc=v5SE&kRVCga z{pb?4uOa*+=NtB0fXXtmyrjYz(q2)zz;cTC81JLKga|sMLIgzB3{i1+2#Rc&HK%tL zrv8q!8s0>Iu>#I#dFdw08IK=UbRnoc1zVQSI`>SZw!M^mmZ>DY zOp;kD$rzo(Q|fiDdF`mz5&gPBz24cpzEQodH76+R-K+cKpfm6I$$qUB+4v3P=DDd9 z^zCpj31M_|roJW34_#&FEP!o9;b><@R#8XC+-9!3BUR1(F65J#)b_ zyFU&AdfPjQ40}(!qO>x5lPY$pvciA~&im2D0`>!Oh!3)|qC=4ViCG`vcIt6*y9T!o z&oXRX+bfh+*wL|bt1~$ZBfX+(=pM3E z^%&+v+&Hwm(h98V{i8;Fw52z54Kr7ChX!KSRc9UG=BFCN$#2kv&87CI5wn;PkpGI9 z3QY`XVD+4V=*Mo82I}hQB*r)tA;}Mbi2nut|I4?4IxK4&n2kGF*0t)cek_(D<3Pk& za3e)uah3(t^*NcgYap}(hz<8pf)d`8aWZxg0>kLWia`QTfP+OG^ZZdA1=|maUlAPG z+3j{5rq9CxQTc8!U)DRy_Oj$R0Q3LCFnVmtiRBz8#BXjkF5YQ9I82u^`&X_|W*-(` z1GInug91eGC2ju0P#4x7&I9`mrK=`Zu-&YO4D2|2T*hA(-;@?${h6Mr=U%m??b^VP zq=Ptuz3!>)FH}&7F)pxcLI&PtKr@jWM#XpVlf%u z#4Cy3UPxn7Y%^|>Ku-~;LMF=cfTUYScT%S8r7WXLjIA{Bgds8>4Fbh)u9F+j8|J$z z^RC+5)W{7o8ciDOe9rSg#fpFK4OZ}+MdL%K@nac5AB?}P?%ZLi1 zW;$+;n$vHF3dt$B4ZqPUR6}aOEVeC9sPz5|6nmF0@v*nsuvZd;Q--~~lkOy#XtY~Y zcB<}$%3y)+ilQ9wJLQCxxF1dc?Vz%Z`Cv4>rS=B?tnMrotLY!CXS$iAWVGkmAD*i@ zvE>D&uU$Apo5JANZ;eN-o|YbEMXVmL)pX!o5i6Dkx<*nmIF?X`VM zUfdHWRyT-B1j@G>-({`R&U2I=9{5w4;*r_kNDKv_MMi-<)Yc1yo(-Ze0?|mif&j$F zL3T#|M$!#C`wI;8c}Vz_s)Ltd1S?tn+}49Dd-0{M+n-ea7F z-EwU)2w_wwa6+otDMXm$jy=eX$+6MHcf&?NKAK|eU4SOG~HDY+XC_(|^_W1YYFYU`+0EIqaEZ|TP!A^iDv_5JPV zZ>s{)_P)1_0~LL0<;2j86wEH#P7YSX)4I*d_lM`S*DkrZAu zjst>{mm)j&*4+W99%5b7^k>`z;0Z-}x}#)I-lg0K8K7dE|1wG+iVkfT(JB@LD`YVq ziP8urEBQ=RqRObm1yl(+D?9~#clB2-FWrGcJe>iMR+*v!w&2@!$`<&Zy2D5r;S|t6t8qDXI=ZfgJgcU@z?jmT z0j6W)_%4Cb73?3ikU?QENC*QZbxH{)KKg^exrp?Kg_+n6;Xr)x`KK7+L1(*R1am<< zTQ3B&fav_1H;`i9V^xx;TRP9@mQ*4h|2V$|FWdwCZ>m@ZBmo}52<1T0v)oTspankB?9)*QNRAL9o z`?08b?jRYbMwt@pMpD!q;IW$IFi|# zE)8sjW`!`E%*BVo*BscOyli(ck|#nRz6ILxhC3#Yqj0KFDPF+}xXkx6?|sV{+Stf>7(tiq+s7RX zyDM9_kJ|&RUz$_~1!D3VIP7PY@#&RrrnJXqcp7cb#Q;&Xeb>mZ@PD7$-;-^{c3dF^ z>;@Cv++u2~Hgo>+6QLzDC?WxmM^z#;E5lPtqA8~8+BbqhT(mE!ArA)MA0{zVxsP&x z#f;^4rm^&pF48)oOTOyN4IYDeHcBrL8gS~=ABgx2bzin`m-!x&fu9+2m~?m-Ii%7` zv%?1EipiO`2Hp6uD8%Qyq!a>*nc5mOb{BOum8Wr(XvVVK+Ys90%K})_{l6qXv{Jj_ zUv)vA6B?d@aj614qMxo;M576(u& z`HJYvzVH)$eHX|O)l2TjOr6j;`6Pf%cU~{pq#F=3OgRU*3$(}MPK0d&@<%}r&=$kA zP@Tas=!6s6WtVCJyy|Pg{A9UX$1v>2l+pPmZ@8DDh_=6Woxjz1CGA35dv9V4#zltN zS}6^nv=>xI6NM8_g3)f{-pVTplkX60{<-5vfHn>Zd!EbX_bcNMzezWUVQyWZmIkpq z33IxXHIz)~_FJ)@EEf$O0@q&ih#bqP=V(|xf=n-qb{6px@#B#s&;9FZ#$Ccsw2Aae zkO91k{N=xAlnIA0Eq=*32}mPN4;nX2ExCEVH?;(Ng^RC2??AxD9YD@f?|J&*lF%+e;Y4>Tb#%{xOg+O~b$$Qhx^rMyNIkojp zNE?2A*d28>0j?+K6nnF;bW)(?i=0jHH)!=v z6;j{1kg=%&pq*84RYcDKqjuuq81;nEsbmNl=YiDpB2V%j*fN%s3y2gTFi70jqaI9%cNMZ ze5#=cKS!$~K}HQ|`|fUy?zTBTbXRM50^N7Fdg#86Pixe~DFt(&d#rj-bi?jQ2$1O3 zaST)n06+8l0Kki}GBkOZ58%)v(Cp5AU6D|Y!DtO|l*TuI^xiZWy;T@TQxVQ~e|H6H z3IP<6fa2s5X&9AydsZ;ivs$>}vx4n6D13X2bA5*=qpI-%nL|NJ#D6H}7`wm^7Ku!@ccz!G8X<3skh zeG^Q{Hi4Rs%ESsE0v+syy339ux4gI~Qo`*9-{+24YLtOQ`>g%OwGYN~Q-OQKjT((lt;P6Il>Y!(UYtRkh7FP($H-^K0`aIaYi; zKNC6$vvCj4GAO%8z9ct`-BWFihrfpIo$yz8y~3XgK)b8D0en0vjF#_8+sp@dh8C_@ z^G~KJqo)8hOSN8(zCu_tMJ5DYDy|N@WKO1L=wjSj;`OA*`%9>ljL_aEEMfI+f$@@sGI1nwbsDb@qIG90l(;2uP9E6`;K zImQZk+=zhtI|MlFgl5X*`Q(+@%NkY+=pMn=R3-;U0Ji|w%m|%^_-tV(Yc*|%sg>8o z)r>>ClmFZu8s$$s>q9y0gMlf4e#R?7pu>(R7okc4{V4U`13Iv%jHs%z0KM1x0MOgM zRzMe(E1>|(lJEO~uHk&;%ZjMcDWIcp0{t}e#sfMF^YHp^RwukJsv%y3ymb%C0&36b z)L^IZE8}+`lbHb@m8hy_@Ah%N0+=$O3fv+8D_85_Cjuj9GO6d==1$5cm4qwDHpI6* z5LD{Sl|QJQT;F$SG;$7fkH7K9j<(gl$7ra2CH{%YE(FTl71wy#VH`MBxXR>vG$F~~ zz)-mRbbQ~D?1?+&x1`m7CpHYxPVq8u+pz_jRWX^k582R8`5kBcP<|@)@t9l%MQ{cx z$aofLl<2x_49+KEZsy`n9iS%e6{YN;H3!=R<6Z2-TBtswD4oOi?)fS_?XB2aSy;VfC?Kbn*IpTr~lQgFCN)DPf?xKn1d z!2Kb|a1}VI(d~^M9Cq^OPSKY0rdgil)XgnOR8-Lo$a~RPPpjc;wt;x7Dg*LOU6ehA zF4^Hk?k98P3)oW}u&2LJ&89M|%C?JHeZDPVR;SB$Cu%5IX=g0kI==<%Kz~g!;|OGk z-}(J#kv-om!_%d;J*`AHDF}ODlbzAcWmdy%unZ|fXFe&6oM$yo#go5Zg#^tb3(vRX zprDfugQ;j2@gC!)aA}39Y?<9BG&7-P>_kGFN_d|4`Sn|{A>iR+V6bL!>R!BaF8IkV zeangt1WicP=O;<@11WPZ_*q_Ybq8PlT)*W=t6_zDwN+kiMHYOuwSG%6YN1|X)(JBF zNM1$ybd)tm`fOzvb17cO7T1oTC_KJ`;2gHIc{C6O?v0lzEs?bPM0si2^xQ+DMty6{ z%LB0DZ7X$CEz^Kygf=}{tu#q8O+enGWmnBv{4KpY=&j`Wge88TsjsK%>q)p$I^{|_ zORcCZfrxGn*A{QEE}XX!GJf;1TeBcutLaqOD?XSn4={!ISUmVUI@MXp0p8uAxT8W5 z0qR{oo&X<igwrYUVYzEJ)mY0RQe+< zWF?iONu_oNuO!fSjA#2D6W|$y)FM2CGXe!h8K62q>8L^=|18lY7%@qc2z@h^!CuPX z;wQX4{2)6~3qK&bl-)f819YI{*PF2^_tLDF007AxE>eYd7IBl~K8&>y^!M`M9Uf;m ztKC>I1j$(e+}Vn>ZrJ{?6OUEGSYbU20SA$Gs&cz96=)hB@{d!2W~f`3(fqwmA&kHw z$0#X`p8NdxAdHND>u?mtKl*e22+&2#e*m*}Od5g=PYa}~xZ#Y0Ece-c(pSc}@GF+= z$;SQY6DajoFxtKAJE-h%sIuR^^7SXhA79QK0{*z>5Y<&;JK`JY*(`bPgK!LVKQMAM zlX@CFi2P zhzGy)i1AwRx>!QNS3hk$m0B#RR1sicPZ$a{adJbS1tMXGd`t};h1NWZRVXa0NaPAe zl?X}hpS5dL)Hc_hy8*R3h_(Aa%)JSG6jindoB%ChX)7*hP|(JS8lI?$pe7Kc5zuPr zKv2}6sBw=YYLo<`f(DZidYVFfgAVSvjQc1mB07#Hf~+nqBO<7vj#_Qwf~agG`TqZN zZ&g=!C*b(r_r5PbrK+p$a`toXxl1MG2kIqAP$v0p#voI-ltFN~MMaLEfJt_ap{T%f zr5X(4Z?R8-U#7~Gvpgq)u~rJMyS!lI8x*~GuP`8~31N)Fo3fBqCZm*ctS@$I6|FTa z*)hsdHG+cNQ6yB28O@~SwJB%T4VZ|1U7rOu9@z}!&wj8c_Tt>}wdhwDa|YKaI$f&G zPpvY9W+B>QIT4}LS`Uch!pJ#8y@-vEN zzTy}pFo?dut1QL$Y#UML5_Km1Df_u-E~F*V)qp$UBYT))xG1+t zu8VR932HVujKp})3!1pnfypM}7L)etA9L2CLmtXl4=qr)Q4cL>FJSe|n96ZYk6imN z4>=YB70Ov5i17)e6a!&=IWs%j?c}F%$PK=ilSMr67z}fmR0jS^qN*$}+S8A6VJnz} zRVEEDlEH4Sw=Ab%WBkA{+J>Hvu23qG2qJl3viX=Ic+0xK*C_RB{1~Mlp7{8RD_`YC$t^yw&lqeGDccmo1wU!hDUld$G(9S zh9gh|YJh#=6N(e%QZM!{Mbz@0+Duc9)iB>Z;4sSaANV{;qSpVQQEai}rg5y~8sFObc}kL3m!5jblS%;sbmaqD8ZF|ESTUTv1~s@yEvZCEz22}jS! z3P(pm&JK}r?=8%&K$I%O+D%btO?r_U6JKa#`(dlceIp~`4cQ~D+zlhGKKQ?C15VW# zSo%0m)o3vqc&f|D$iW*%Muu+43P*Bt?Q?LhAwdC=IWFK_b_tnejVJ=UUq9>Gdr3LAOX{l^UGO{_9^|iN}nLH@D(U zr!paPn<~Y0bzhbe5Ou~{R3pM*r(4-aNvV~heX~h;B7dn>c(ysSe)@Fz6B>$ zbTookKLhOIALITk=icf$crIJMUk4}7Hf%~HQhU+S1 zd=g|WB@@MtFJ&Nt>R8|bp;FKyq`zN5J}wug_N10|Y;hhbVwvy=j3%&q4j!@;XUH4Y zOie5JOPzJX`3~SoA>q^UW>8>t9o1>rJfPxDT@1wq9r(5!sWxAISUlklyEs*#mor6L zJX|0-``AC7g9!jGFZMD>MK>Se6$hH-Y#hfz;iA6WhZ{XUwS3oooi=*9WK?=R``LrU z*uVT0jC}yx(k?fh`9T@aJ;XlJ&JQrL#!$?N&<$FprjUh2usD&qLdC?)viqrPnXUoR z(LfLeQjcHMvKw97kzD)pwM3pnSI8~~NdAZW(5qq@?wq@~wnTkrJq(kACSY)2lCVhU zI+lim&xDekyij}K@hHpZ&;)-rbXR-eZmg_4uxJcK4)GH@D&w$8pFf44dCF#BY$)nv zU#lapy!aY|qI*R1_Stw7Z{RvQqrN*$twM9JbgCttqTO;PBfSyr*_{{K8j3%#_O1?V zSVB>-d>=Gbp-d8(_RfEScSG@>5p9BhmU}+Rp(>w7o#)_9dWCbAD+EtD1m&FPX0VKQ z&dSu$IsdZVIH{h;+0d87bw4N{?@^s?p6$ztA=-1*b!3nmx{GKs zLI(=vL?OVtpcpUS74k0M9^OMKF=;@ivhhkyW4L8aq9e0_LrlT z?$)vqec%f$7~*cM*;;1)-Nibx&fFdc;wQB;SMQQzX|XT2`SW(M4kDAju7U&29`xa3 zo|XxPI`hwtk^uXfsDJwdq8+j}y@5RfkS^boQlF23?er64sVh+T#a>9H&cPn3gJEm5m})lo%F{3%Bh0SMoG;k=1m zC77uoFJb>aPq%+USuOXPhW6{9L3x%YqTGc3i2aj5CM}-@Rw+J~X*Bgdt!(>UXFm;+ zhLX=RU5GyZEDfUfL*(js7_B-imsBFpjiMAm=^;I@#g`y1MmHQ(S2$U#tC_WOw|}Vi z?9H2j+i{?d8tTfwDfoS$>^l$|k3Nwv0KeZ7LLVP|xRvYoPvuMPv`#eTG-!bArWyC9A(nkCVlqFm=;wv9v z_cDwsWo3^M&v%S?1&L~csHHM`g5asq6ADmtp1emjSC}y3=#g(`;th;=8zc}l%_8oq zbki7>V$9}G5&Imq&40aCoc`us%rj@ zQmtE-RC8i5(mziT-mM!^Ug7#zl~?fKZGZ78n7_aF3JC#7;lG?^o%a3oawW7hJr~%2 zEK%0DLa{bsykv+%<5{@PNwtCwg$2uFQ?)ecDmeZ^`862D8qxtIpsAbpjj9KqE2IVC z^un`zj;G4a2tzv|o5Zv_v?Gxah)QV3o{$%FLOc2led=Bzwzy0=jvXQEw%nM>jizKQ zT6I!Sv%@_atx|?H3f32 z!kto&`4J)3nt}qu+E3lG7$P7*LWAK9MYesSgblm^=|M=64@#>ytb;TC^pFYo zfe8pp_HAKr-3atMc`a;;e*J!V_+nX#JRIf7!#&Ytc?jK|CJzh#rsd&Ux2)yA^Fdc0 z4ndXQBM;ZjR$Zsd!x+4QJY2hB@A4p_VcMR^GUK()SrbN(BZX%40A7P;1ZEaDV2p&L zGFA}IXx~@v_&%AjaebfK^{bm24GH+2ZN*=-=Y9la26(yajju)DzgO}Nr5F!kg8#%n zzV#K%i6F4~KH}jN@*5A$CZ~*s`&kQswV!vxeKyen89$I>r85%jSO(E>Uk#+Y2wSkR;M z)ZMlCIprF&r5PI7hy7#d=R0g&xlmN*HV;P$IuSen@;%PvVfE8!v=6|xpLs{^d(6Tr zv%8#!U#&{PEQcX8RmfkBnvyswpY&nxdlc+nTOaUaG&Lo*K^9JRJU*b5ajsT z@eC>SC{giMCFxN?dQ_&%nm8CiLj6%6}Cu-$WV@FiM_=3fRtztlGB-?$ZE6hb9@AN*CEvpu+c&`4?gKNtEI`^ z+8yAVb(m3&FPTXoN(bPztf)=Pde3?S2j?vAn==M^DjR+hT`qE5RC@mLexACOdj{A1 zBWvHUoi>j;^_(I3dsAM6fT-S1?81Zp%* z+&C7VE}fHU^|`gYC*S6){8!NrQ*LG3@*LAVDhZ~*an}iOzLQDX=u2~19qP&)7R8kt z(z~%;g~kj)BX$ajj)#&hlq|~(-LMMT#h8L^F+U4}&iO*7*(${q)#RGGnABTjKk!db zdyY%(G<}z|-_z#5q1_lOMpl@0pF!ew=2TyU2Ot6LkUM&&w{OwQx*^3J8G`l@!_xy% z-^4p;5YOixoj#-Sb`rBy z03OAXe)0`8fF1#jELl(cY zV1$OiyZjzJ)YIT_lwsIieTa-b@+~LrLaU*%AC85V)lT2btB-<6fI5=eqxHcZY$W5l z6cGSP?ROFHz^Pfje;(zm#q#yO?oRJ$ z^j9I`dmPqy0(zKKCs8#jxSjcQ9OfZrg9&6G8ZhdfWHaazih!vdV?n?6!P-5wMqLjK zhl9p~J?7MwT1c@`SA&9K%eUWSPs;(0g~RHXSK-*qrug6RDR(u!k4HwshmfnV)$Jmb z8;sL8`v>b=s@HQ>L|+bbPBI$v*dw5*Fe7khJi}q9Pr?G{foGg#%Ksqf|VujG3=(*fXu3u@HwcD1A1RL_c@gGzlaNU zrEk+W9gGEQ%%T-W-Jg+h!~w_c5TZdDbz^p5kkp&1>fPwntNYxL!%NRol{zO^il4?x zRUoA`5?+|*nKT8_RzJcouPlq*2J_^0!ZGVOdx2Ea{qoUu_M>!^4v$-cRB;4Gx1oKgBFjgdN=k)Iy}dC>#?aD?Soi{i*CTy zMqm;oXVp!c!(;DI}K$7p_iA#rc;z@vR2> zx`BCtjEt(|2KMF!E?a2Vp&*HNcRdW+p@~BIUM@rfhfi{s7D$VUkPTB#F&bYJQ|1Ul z@3m&+Q}+H6{O75a z5Smo}7prEWN{m-<@}^e?-kqyt0H64h&Vd0fXwfQSfO8}TNiYz;AepMGSg_K}T&4Ab z7z72p1O}%`#?BG_{fI$NU8Hqr25D%%#llvsHl1?PBy4ST+T;0%?s2=laHyyBkCQ&x zfyA>-CwnMJDLKmic7XGU4wM!M?U^ReBh~8&VFYmk^WySF_UK(d;v5Ql!%n#jQNN1S zJC%cx4o&nuLiwHPu9Zr%dD*4?fKkY`b=JP2|&JBI$p{MEQY$l*rggJL4}A~1fCz|uCe(u~k%z8{M0Ft=|qn_HlD@0*#MXf3nEmO|lF zApYw~%5)B(>FlOW=a&G1rt@WyHy?>M_OwOo}wkmaIY>*;AX;4M$_VjkZc{hfAK+1p%e7!VL%<|>#o*7Q&?SXt8(lr_bg4630w5ZVEfr#U8E+DfLJYs}2u8YDT@7$9NDXLt01qzv;I?FbU4 z5Bw_ChFQjkFwEsJ%oU65g+GZ!9;_};tIMP6(nnp6R+pLTa;Umwt4sH#Fw9ljFsH<; z@6+TY=bOC)Zj4nqAjL)_vu^2T8f`sf{RK;YWytCr=LqP*PV!yFiA;s$FI3UFRu3>c zk8ew4?|}xPa-AMdFtd_*+ABZ8hHSPf44)MW~MPzKqB$eZ@$4A-l(#7XbqY!`HQE z`D>a0pgz7K+M^x0j;woCyDYLC1H{S9&beUra=^5DwBv%qCbSu1Td&|I>R(d(LPiN% z#7e<-m<}x;9_@-2yS5wdGzbz-riF1ET!q#2DrbO22E!vA@Ev)mHULQK_G!12MrZ0` zV!23GHe!@B@|6oR6c33K4$srC6Z#3+sH@R&?Fvz#9i#>@7qlR+SGOq3Y*`w{ z(d9);r<@s%wl|C3n{Ztyvemri7cBH1a}vv*R2VM$aLVBmu#~yqo>0*bRm+U~o8Y(5 z7<#N*oV5rFRtSdaUu>fX8vr0^0DzXsim;sTN3rwy1Ql205!Ss<(n;Zi;PdK=4z$uHx8Gj}kLWzrDgk3~yypRQtm)-{-n z*&+R4sRc^%cSaT)$Fd3jwtQ!f<(go`3``41s~l@NH#xkq|FHQ7^0mirD7s@4iYmTC zQYq|~zr%U#qU&C}X!6$M0xBZP?=JF>_vN1Z3VpBk&sejCB0MGEQmYmVupUnJ9y@w} z3|@&fs)XvAAPU&3iRMEs2xH*_;P~DrRkHCu9Knj#w^;fIbQ)%Y_#b}sj&PS%n6R2I z*ZH}!wmI^;UR*j`n#VK%>AIQ0rCy3`^FEZnWMrxgrfN_%DqJW}lD8UcHNCCQKMu0*0}G)vBOr-1o4;r;p{9M5NPWGor<2I^0|f^VXe|%`PSx-F7P+xZxB%r9Ft9*he&buJ z^82MG5i2CtC55flC0{^Wh^nf}3{@1E$Zya*U!IA698b(=6Ld zD;eLy@lm9ngY7M7nqHr~j+Fqn5F68QcfB=zb}kR!H|l?Z_!$kN{wN?qi(Ztx-k-t^ z2&X^-a}B5!B;sCud)k$QppM9ax*7IB2NER8F8PpoNT{M1C)h2yo_v-(cD3RaEW1~M zfg=vOh66cTU`?h63H)>fHf#v56(g{2RsR-QK=Fn8caFe~#n<|`P!{i(>E8~;SK&A4 zwH_Dl%_QCMQ+-ww%YIp!&I%zC=s#cKkub2o#1#Ve=%1;flK!aAtrZVjg|RX0>~wL5 zF3O8_4brnht8=+rXY0@Yj?FZS78!SJCj!=B*#Ra6u327TS{*t^dk&j~nN{pzd5$H} zjC2?2&>27;AV8*cIoj#c@~s%1FzHP~Atq$t(3DB1{XO$jZGX)uqHUanJo6u*3HwoC z&d^|%s;@A0g1=Mo<(RBF)Ua%l%&N+oOXPEeelGG$zj64TXiX8pK^~Kj*mHA7lwERh z3pl2bM+A#_GuqRfNaU+=XfL!>T1WJ0P0kj?Q@ShjbQjRHt`wqaySk8Hm9Tt2J?li4 zLJb%eX&Az7FRw=Q_$D-Om6YkH44V>sxBwVHtm3iT-$1LxAp=AppHXBXAs5s@5{4DA z<7vY!|8!}`HQn`^d+h5%^c6c#9OcQEBzK1q3j5UE&8~F2TE9GyiTgfO2A8aqo4Z|Nb_=HkPc^Kqud&NeN@DU|)%km#2H9<63U{#Y2 z0g;HR3EyK^e(u%;;aQCVSC*J9{z7AgDPRQ^SPMqB0hW{(u=;wzf=*N&!**-fF6irs zl!zE(yj5moLk!z@y~J&5gSe0tcx{Xu>9tt~S~Cy#=`r?+So$o+5~#2=C5$Brin4~d z>fhNKWn2GN))0P1|5nxzvAX`PIEB!Jf{*r8`yRU|9VP7E9xS0JEcRF&L+9GP9IxFA zB-_1rbPcvH1e2v}N)LHh!5vQ!c}Rv(@frlqR)_XOqyDlRx$kFr^{EV#*+Dqcp*<8n zM-)D#ldGIg6bsZo8GJB8r~ykNSLh?JmhaammD)4giPlu}qT2Qv*8CaKm1fiT*-RNJ`XhlHUj?PT4%GwVQ@b={_DQHy9+PTsJVgzZ>L500{NBF7B z3b#C3TZ6)}=W$#p(NYa5f+V-12@=+kIBTWqeyqcfs+Bp?KT@zinvvazH9##rK%_2y&EpKE9cq!Czi5weq=MDJt}qwEL9 zA-t#Ayg**2nay6;irF+8{-sG!DPW4}Y%iv>1`j+y_t8Mpdx1jJ*(|Zb$a*VDsK}zC zu`s5+t#eTy=|wsa#2k52UULG}6j&iQ84upoyA$to%VVum`Y0X>-fZTY%AnqueKqO$YfTtiXR zHGsC%0NduFW^Aj3Vm;SA!s`1l^_f?-Y3fOen3{P?(JOQ$bc1|MC#ak!c?<;O2k#p1 z;|&6Xc^u{8k5pQS`}Dxz5Ufj9T}RUisfmDm(^1h}bg#Di9dOcFDQ z=au?-jecIsE6&5|%Q+xrXjKs!+K-Erp%vc+UgJH}R(9?`lx>wxz)|T05UEb;bF-MG zKxf%CQ&lSQx`LlyvTlkgJh!1)Md1~3|E&S>Jt7NlI>T;+*$U^P0xPIiNi3L zlSf&D;PD^GW4^$M8;oa&Kyz~leT9H2wayb-|T3GUHfBo#wE%Cpm&zC%@ zlHcP>y&h!w!1T@XV_fM9v=v=$K#z1ulDItV+7 zuLmz(is(Ql2b!_dc1alDL+3|rnKj0$R2qClwS%)lk)6yZRE8oyhH(f?LW-Zn3VUVs zSd#2gX$NK!5~XhUlnUbXhTFztZ2)LD3<=nCOB$9>fooY8tC2v(H+Bj0FbYoxM~r5N z%VSqpPt;A~%ZcRxR+znt*Qtw1I84E;D~YU#Ve488I+#4V1fECEj3_};VtAAbu2dJ8 z1L`97oV4`7{2rFd6EocboVI3x?jVFOH{Uj*1gCgRyIcB4Ud{oUpMp`$@iaJP9}Qy3 z)~9c`iu(KV*hRfxazkmTgIS@-TQMI{x5s}dB7cRtT%;~nJq;nhT^86SPfepz0+3)?_{ zpyx`jgE$IPMqFcK^?YI=V#A`3jD~-(EQD5E45;}eTZgtwU;*u($KUj8l3hg(NDAOb zwmsw>cQB2$t@80Vej31N7@X851k`Phc4e}h`^Y&s0EFlcP2mtAqyAelR+1EAWmr-Sq-q3zC}k~g@CPRDEF%e;NCF%Y&YiH0Y^?Rtj*r4IE=V^#SWH5! zHX24s_d_v_%a!>>{DoDkOhia}4Tgs8WlN8^$>EJX_iZav zKb{>%n57t_ri>xDdU3Q+^+IG3;s=j9*diDQZY zt_&kXNCQdACm*}4@Nm9fo~<_}TfV0T5C$@aE8!%`4bbOEf0M!4&}x^nk~il{Wi}{B zg>Si3HrL>w{4nROvtp%`VQFoso-DV^E?9F)KuE7Jp;@&ILwqXc2-) zVIj!tdWa$e0hoLO!*wJ))u-ph1ZHD(H3!h;W(3p4zAficVrUk9&HafdSr?T_dJY*r z84lbm-#T5&K7K5hst;vtB!8%F_c1 z397aRM8TR^F^fmL?LLQyQ^`TM%2-!CwZH!>?9QK%c@x(s{}5vF^;sM#MLv!1$0Qi$ zPm11}GRRm^gpb$PPUv0t^`@cLnQsoR-O+twM|DKmdb}A?-SO{0JtMvnKhCb&7Uy@u z9=TO*whS!7fyYM%>wkeFTE35ObDrXdQS14!!F@x3F8BI-W7?ObdeZuN&hJq)K%N@% zxq@O_88-y%CK-RM#SEz#oy?^-*y?d3nt->~>d#g`y5M`!wG+-CR@hv1=-|4| zn}%7XKyFv}Nhc4k`)t#&!e!NmnJp_q7}w}krgfiZay6%QQA_-8I3#inqA?zVSBC@S z(w|Vy@`obqIFaNBr{zpAamr%TXhJ3XL({o1;#pED?mF9O{0sW1-8G{6(t-cg zDHOFS z7@(wsi~g#+54;V;sk$fqZTgeiUDp`(S3tOHcTK2T8viuC1gL%Mf$5L+6F75+cJ^zl z#6zC_C}eYw_{4;CVtq@>dJEC}d@OUImP_^=ncRY3D7K3bKOuOUGSXOpC5`V*xD;IP zaMIAirBz=HwMIPzmUo|Y7$lht=hJtwkRk{!_EF0!PzExvv-`x4lb`b!;MJv)-`Upt z1l|L1+whKT3*KWjyaT9Z1la-bKLMnJ1|&s)3VotKl?;O_7&Aj%XnEu_fu%X-ah+)+ zOt`)wcX6D8;}y?8ON{{FD&YU3{>~TD!W#{D%b3kyH<`K%_ZQ3&C0H8F<2CC4d>pq! zl;yLmoQSeRA#~&_^A}fymXU|0hBVSe{~|;TZ-QMJuO-jK=b^`yTlIdXW0EZ$pXR;j*$g~OK_p$ z4ssT%;-KQ^0g`vQwlroJ8&dBsRqt-6o~%5?#()W`lDjcLRq7~}B&IMkdFtVy+TEWU z4G%Lcu`01N%2~9#$FOe0L!4Nb8G`Mr>xt$ZRIxZXoRLYxXEdw=3TDwBqwe1*jSUl3 z8SU!6+Jik9PhyFIylb8^7++pz2V!U;7)-P)QX;>TSgN=(oC(**sb+4fpflkyMfOko zC6n;K9`}+EQkh|I?I@)9)6qi0s9d->9sSheJ)k-WP+{-Gdq&+EfCR+c&so5$=<>Z^ zb%I#SMD!o#AdfK{b})l+LMUv0hb6=ri+q!fz!@1pj2- zNZq1o+JidoD+C>cq`W~G#{lM}OhsIf(`4wF$G~SUn?UUGB(I+8;*o(~EEjQxLzdXp z%!X;)w!>W%6+u*5Be7=yk#`USu*v?W12+N05hyU3 zq3ExQmJ2o%fC_Rp+kO*8St4I{Npk5hq;@I!ptkDT`xD}^@XM}8N`d!M8pqbY*Nr&Z za{WP&`~U9H{$O}G*&pmWSNVe-G`W_4!o)WG!5Wlv{J}hy-HShf13!YHO1WvB2VXlG z`q;9R)1vPYT@Y%gBSvP?PQ&_|b_v8QWe{aT#ZMu9%8dn`r-yTK7Ihh_qcSesQrRIF zPeJj%m|}Gn*1!%_cV!CX6mr6h-%ceo>Sv0X3Fn@|FW*(Om%1H3qy7?gmt{13t2Gkr z#3&2xo+1N8=6>1Qsl^uoni?E>zYdgW}gb@u@F_DLg+l! zPKHJtfjR{aL4gExvCl-0yaj&tdMHX-!2TSMJazt-R;SrphXY16#1qd0Hy z_9TIHzcx0A?+Aqgsfr-!mC^ttfGAyh;y-!z#Tu$pxp@Md1&idX1jV-)^*lzdc#2Vf zA&4EDDa6tJvhb-C5&I!{Bo9`96#K*RAA}G%P%D!_{12$svXq3=)O&?S3vJ>o7zN~W z>`B0V40q1cIr3EGALITt4CPQs`~|nolbr{XoljFOc>xFwP-?(ETy#g*|TX<_*%-RM}{YWFqHx@obe{RMUiA1F;b4}3iJ zC+&QTQhxOLk+YOt`7aj1Ia<55og)5R=4kzNHoY&0|a{J$R zffJK(r#(W7KPaJLZk-Rw$R)@TU1jbYT%xq)PpnPL|=1_l%PH=izSMj?Pto1b|(P1|Ef>fz&dT z&U!qlkQQ)L>D<()8x?ZOJ+zwrQp+VWPe=^FETm1)_<^X9wg0z}1B-0+oe;-5p)=7m zZH0b6f;t=qqHQCn&7brM?tygFp}ml8-|R|KxO;Q}R2u6o4na)c@=-zo95l#r@b2aza+UF3-~5r$M;*ML5Y=d#nCFmGuv3tzH^Mb0jv1;F8j zmOuB2a)1vcB$GTEfmdlZg2WT1^033vdC_kF3eyUV&Br<5`=<-{Kq0D0&G^(G)Qb!|OLM#DbzPSE^CF>)#N{41NQ+Y%r> z;R5gv{d<0KU{aUr@v=1opHM0-zOWjr^CY>gBecI_zLH?Uj8KyRP!0eJV4&nJb+G{3 zN-2_>>zfl5i#t_!l>WGP-np&AuGrblv72C#?6YS9htqJU4Yj_c;PbtT-z$huIq^Zz zi#P!I9Aq>+iT1#$^FO*x_lW&6s8uEYzX^+)KfLW2(;AHh z%@~+1?XVJz6!%h#E7naUv8W1`-trClU=;9#eUf|(^b6vP#X^ic1NMIpZ@s z=?x&)I4Q!6oE?aE%OzZEstq$T1eK6sSdS!wQrc2#YLKWL^=IlZgU|624aE`S zift^baBSm6x>RNCFi3Xsbw(qP_A0*8L*QpjS9GRJJ%kv05yQ)+3|ZX{Z9@#N!>px_ zlZC(+{NDCnJVV;6^1x;!+8Xy8U@LTCyHd4vi_y@_3)`D#D(1gO?pgl8RZ6rK^D)XP zgEBhI-$dqPU4NvE%wK^TF7rhYTyd2#FqnV(T8H^e0x9M*?iJ?Wb^6|ze=OlzgHJxW z%#YWR%?ZxKuR5In)39{TV-O~sA9-}_IJrB(ZG7!6F$I5z&e;wjZbDXS2F`HBm4>_%)ySZCD9 zg36^s*X|Iz2Rvnr?tE_?+OQW7a4q|XQl*t@)dOh!uB9%x*j~(Eg6%oDvj@B)>8YWA z0@4N^B)fyuc;Rb>e?I*|9{oWc{XtOqgU1s18x8gN0sB9U&=!jQA0~>|llK1#ZDWVZ zq@q}s#8?Khb%Ye4*3B3KEy3<2nZ{AfLC8WCLr8Oe)Zcfg zpx+PZufI&t$0P;Rjd^2GP-I{ehdvH>y*Qv0>dlpUjAAD0;HfbF8q(IeL1fYclSUd1 zqtL*c6f2xZRCQX^|HcrP=GUlB>5)>%K^Q>u;ZlG!&q3>;xpfod^?jr61T>1NzZE-5 zxV(aVMR)zH&qPxzM24gOa})iny)?mFR7~gXi&B97%o{BIpnIO2goL1P-TvhszGjoJ z_i<-1Xp+j;5cmBwbO*A4rjLdO6%c7GJKe?lWDhi8RXQ{WyU-jZ(4es?MnjZEi#FjD z1r9JHH94GA;$rsdGo${iRr9^Tk^NQk!buX=*Gd=u*d>mUdNZg@Sz-L$sQ)O{48D8k ze_u*u#s98Z@uvJHi7eEJKgP!niT>4C?jaG+UbJhv5wTWD)Xr$&Cy9kbkca06yOcRj z^(pdz;4_^von0WZ2*f(HfsEVjESf@)GSw;x@@siQv`LVxR$BJ2mqL`|=LUHQa)4@v z1bIU>;}YaK`AvdMMvY{G49fQs=ljnV}d=Pah_+eRIr4Raw%6?+`R zEc}MSP`^3s!tc&OWA@Tmgrl(wUleQl)eCa@z8)521$;`vs3zHui5Dl^4sA=Tx)yh; z%EF;79f~_w%Q(t(hAG;nrI^E#VO|nI8Zzw5L5TQb`&vK{k0!cLwddPOgQR?ng28LJ zZyMwZ%`q1zlv~J`FtZR*D6mfokWp&~QfP|Dc|1UVqM?)b)zHCiLw`~Y1t#Fw%VaNb zRd+Ai*ae$mUwa_%X+;%8%#$IuN7sQnTlQ|>`#^bGqtB&A<0ELU_(Y?T8IdGM7dp+Q z*SQz%gI*^~0n+QyVxiZGRj;I?`FJ{ar^%Mzbd4__XVh2Gi(P8e^MLL6OU2hsI2PcXpbT2o`(^7 zIe#DcOqBw}=ljCnf=|syY4|Mhw}H<;ZrwXR|7u--kU~i4&hjD`mm|jR1D9XRSb(_v zLE|EskwjyY6ODZ&WiecaUk4cJ5yL{av2~}CFsX{S-;rKIz*1+}|ImvP0x40uJ%0)a z(UPzuZRp=LMGsU@%C~v#Ngf9uFBiHrIWU1np@W7_wkaRB^*o0rhKmLgqOMrUsx%-gWo1_3` z_WF}s6SGCTy<&C@#q30w$5{15L`Ldr2^UY)SAunU40Oe(nz?^E9?t8>5FOsc22IH1i<)tT) zXj5J$jzMgbs@q!D)qF@Y;|NJY!5;p;b&lIl)*y(#TUo#q{&LN3EAdqEjUIpSYG0RD zd(Pemtv-w+ByleVwCCFZeD*Q{M8=#cb??Jf6Bh# z@8-gPc0p_K4^4-^e_QYu{14#QW>{=nQ3C$2M(>0EZ%YBv|IhiY!GFfnY4pDtNrzTt z^@fSRpZ=G4=zmjzOaGDkg8z6I{pzaRby9{6{j=)(WTsC~fyfD|D7XP?j-{cm|O zjsE@Hg1_K@0DqGFC*c2T>E)8yxc8-G9iN%DWZ3;(*3ebE19DIoISD*V&`ng;(a zx}etRzx9Uy9r$YriFuDwyu@6W zzwToBE@fWSUxadM0UdTZMN0EIIX4%5l8T(Csl>E@4W|9Md;?R7_C3A9Ieo-FIT^uk zP9K-Y=a@1=^FJ}1gku8vTD*(#h-$m;dPv)KX#>U-{^;-PVPbhaW*fnuQsz6$i;p$x zzW_MJN8u0_f@Ots!)Bx_=4P7I@VMUNz3Jx%d z^WZ2Z{Dqhip}NIo+!D9>a(3b@Omb#n+}B53?S1V`i>TN3efLS~y5Dsm=f1zM_aL#W z+X7I>LuNrw&;e;lEC?#ZLYFHDWF9t61~LEDn^I5;DdOkEdtjc~gp^zu5*5Jo3KmPU zcHQC}h{D03E;drwGmllG4k|Fc>_0(@lkru~8`%Rm@eMr}ZTU8y!Y$R5n@gS%O#XN+ zFyYjmgrQ0DFcCPX!Op3ksJ}iB;70MGtmV~*m=RzV6k_Llp`;8@VC`cxl=1cUzsDn1 zzc&%_k{nq}YPrEVlO`jne`DG}I^U%IhOAI(MyJn04Kq4x4li7ZwS#UBRIs1cxuYx+ zSB`9KSf*Vd>&<0_x}EKe#sN+ZTYGph0zie*$0qknRO44-u@odakJiAniVxv#oyIvV zfGNPnJESQJqE!Qa;wk0q}w^LPRvH~FCqL^v3P zus|1TbMT0NQU4KAa1Qsg5}@N*c4;kt@(;HeZqaSWu+2F;@SH_IR`2x2 zsiIlB)u?*UpZo)j1j$UC#;Wcj#kr&hjMvu_IRV^z94z5+$84HMtAjn*z+)^p z5>{(Eo^dyBMBPPaDcq2IU3rukqdEA2bxZ?bNO zBVy<~bdJ9!`T&p|q1ds7B)`|m({+$r?kRz3nK@9;HK2s$Y zlzubnyPdrQ!fd-d=LgxogU?1+V}r5qOoSG7Vsf_1Uij$UBv37U493o+DOPppkg*Jt zPT2{Jl~dXXSIn3domOEFn{NogiTe8qR9HtTJJ@RU7B0OYzcl_Y!NB!8ryQYWP1q7U z7v@t6SiXY?QR8W74ooidZ!V3y^-eK3hh7eY^WUL#%-E3Z!}f--t09OGUP!5H(=@ zMA-VZA*@r~zR_&njZeaCFd0HXb@efM60ti+v;!ilBEUj*?nsMHz$5NBY~Rr=`oU=Y zmO>aA0$^t3*2+CjwBr?q-w{lH3)J$BU7&+o_GPaA+O!%8vy#C+InF{$Q5tj_AWVhq z8HlK!adQi3z4g}X=u9v|qcfR|#y|+1A3R$T5_M$D-(VD{0!9Yo%a4) z91L+>WEwqGBKSth*TR2}bR*bUt;5$Tk`m0M{b?Kun zZ(jn5nkVYb!7r-gd=T&1AlPEpy>@q?+K>Z4aMH)Wum>TKxu|wG7P_lLLB6Tojg{`| z{?ppsSmL-SzK*4wu{tA!6nTA$6i@zMi{Osqd`>2T%ZL~xj{|K7#R^7mm8b|u2l0~| zFfAX}q;OGUsOP&yhI$~04D~q7vadT!aSIeCqrjs))eBfwPTuUbZTq2eP^rIi^eWs* z#b**Fww3QC^4y-!2r<8f$#sbojH0zhqXfsiIYrcrBYc1X=41IS5UwP6kP|B0!`NxU zXEg-A0NoePa$6Ir%S5rA&H1iZlOsPn*j>igy_(RSwUmxb|ui;8iaOMGJe=msrcr>Dkbm=Q#38QIFpNvwK2T8aAq zc9?`<$1zqtoNGuKtLBVmlcY z&&#PetqAWMr^}=kaoTc7Do%7nE+OnK;~*5!l$wy|PHQFDJ`o;Z?#=~L5m?4`D zI%C6m!xOBC%%3!nkl<>BB}&Xv1&;iQ&wy-aaff>AWqc?T<552Xl3!2UD*;yq6S^Lt zx<1M7p|11fdcWRyJUh3EzoXBpFi(G=3E(%>$@5fj_iGyz>PKt?#fjGBb}S;N^g&~_ z?FLXB8)8?c0%f)aC3O#UGAQX3L$2lQb1Wl&puUK7z zTSy-TB-?)KTR;fFghp6y-c)q~(#7qELyU{w!aP!B1&-2RI#}r}OfiAwAI&mp$3N0> zpK?%69Cd14E2$H;D&GkEwUBUz(40CK!?fB?(%(6wu8}d9_^~-8}qdCDt5e+hq5&;WuteB0T$o4bSm%prwHD2 z`?(`=%b}zYyl{&mcz}{1@CJE^!Ca~EXK4o~B9aNWnq|gYkr2sswY^pN-b~fU$iie;e zv14K3a3DkD&om9#gC+yJG}FMOB-xRs`qAn08FV;Nyg{^7fsQ4=k2W~4@ zo0R6TJdPh-fm{PAf&a+m{p+YdS|}~wK|bb!wT1YNNHLf%Wnf%^_AYwRiACsHp>m*= zyT|DTzY}_ci1|7qam9crM7s?<5T0gD^`T~@j>s^JfyTMrE!J1WpMfRXh0Bnb3i>S! zx=V*H<$R8ps#$#HLo`Re$r*u7;J!clMM*v4ed;aM7& zV?38`n=+AOU{ul|d&u^|IBP6+jI1>3P8G1iD|R5>5Os)77mh|}37c_-21jb0St_C) zY44$@PbQ7lY?ZXC=a~3O>tx6)2dn>Igc7#iK&ZR$HS zkn@D-mzfbq^zYU2T6wbQzp6z4Wyc+F6PkJ%2V?d-+%e8*X}EevYogylL?4In{3oJ+ zf`GLz(a&V5-z56Qwvju^nV`(>FHaKDIAq)-JRL_x5>Ea)m!Cq zl=}6I`ZXV4tBRe7FIIU6Q@Brzr>vp5JJjLDKarYKw@ep9_iS!0ua>^T2hHMdtxR=0 z+8cLFV0rFkI}tYvIm|&&bwh1ASi%uMguQ~_4Vr@&(=p%v>SxN`i}#1C6)(W?y4CHp zO?poLu1rriAk34%RwCEII*)n0T@wQEsIWF zOj7D;ScVH7I}@BJ#h+BQYLhPd=J(p$T@iTZV-(-12 zz2EP)6Hv;BQpc%Mp`9qzpkG%1b0PM%uyXK|i!)?0AEi51-Np2L^(zZ|sFyv)qRwd4 zvF{iKA^9dTxJr_b0heS?3?mnk$FVjj%zq&5`C|5mu_^q*n3-`jV&-golTL<~&Zw$( z=Y>^SwL7O6cQwVo#DQs_*#UGHe=u1f6Y_}ujA{G=9Qq8f&m8udgY#n}&9Rw$jx)ld zH$um5MlNpKlq-$8NAMJ1T0atd$O6?TIU6^t*O`%fDFNK_ht(2*3gy5-CmDc&pIWdk zd(%2fz4#K@n5KWc>g-C3KhGI#1Qn3u(cdUJhJz!{;3u4(bQHTBu?R9{`H%_8>+9jA z>c!5vMHIBxNKl(WyO#nf_%9`(N$b5ymRib+?|zN0Bg1v8H7jr8j>ckX$GX>~n_?L&hlUFRkv6a>hi z5Eg*Iy6Cpdp=!C@B*yG>ZWeqCN`P;Vz2hrcv$`#a>BggZ@LT#Qr**0C0JMlj8SMps`CaydO7&&Kk6p;*ZKtw2l(>KUcL71``_vYATSi`_P0KWCYc@3rmL3u>DXeU;n zM5RX7YnaGCl*%C`g`{mB&vcI80ZFO>pd<&DHhIA8LcDmR z$vKK#41=Vdq#jzerzXCrrU(4!w_VhC^?onFMxCF9v^W?$JS!eCBb+#bWZR!~z#B!7O{#bV2;1;Xu5N{StjCGj&@a!p{06;#>FmaimzI?lZ5Y8`5NCn zK!KbDzBsl*#D`#6{$Y&qaHuiVR}!g*!7^o4U4=K#ys1x!2LZE0MeUjmo&(tftO0;P zh;pAxh)yI#j0X)QXtBCIXd!DE*vH?gWN+}F_+O~Q(8DSS2xSl$;ujswMf&J>VQG$# zPsnys;ZXpy@maQ<6QJSOr=_3YeUS>_CD!Nsr}eXf#h~TH;qH*ufH_ zPk}?R43KGQ0MkXrBs74rB0bCDDgwN@1UE=!wQE^L(Nj|Zc9{uaCMd&^49~5pwh;>j zqQe0bnNalBg!4@6;QxlQttORM!&P8!KaQB5FvzqzEWod3JQ~^@ka-(|1rl*82XVT6 z&>vNHo(UlJNp6@T#{}BvREy}naV8+UT0y4NE(tzkTAh+V@RwNwWs2k0q_~I01wYp@5@qrDV1YQ~9XE$gS`Pq$<=(tW%*xMkN{pY zt1nd8{&Jn-QVx;GHY5J|A3ul5f{~dFLXC#&kOnd%z9;Yy)z`nQtgLjj`Wux?Z>+j)9w<4Cp)!9zslUxdUtr?apuD}d5b z|68oPy!tBe;g$CVqIpieuYXF^izey?rQV-ZJ(w0>BkC>jZQM0411o%;xEOt1&-TD6 zMeo?J_-4p@JT6UoyoQe>AjIkoEKU8Shx|Jp$4;fAuzY_>dh;;f$l1%5&q{jJ$Ty>) z4XE?yq&L^{%{I;(TmB+><3M#b-`s{b_SHk6OY`*#u@rlEFHlbP5o2L`ummc?S0HW> z2DR!sHF2s;AdDWW_kVFp|Nrxz`;18H`FQr+=J_;oK2B=<9{C?({tmtu<-z=K z#sA0s_qiac|KtC!`=4=PQvZJ&@PCZ|_=}VJKmPx^|9@j$rkDTy_lp0ykpBS3LMoR> zoys#s0K*)8FrHcY#rJ4XRF8woy5{UeWc0lI4!T*$Zgoa&9lM=Pg-g;mV;VDp=o4*o z=!WrE9^1xHh4Z^I_(C)I+F%r49NJnnvS2w*zaNUXcy%^Z{sLTsIcCu+oz67br?Vu7 zIf}$ICR~zz{rP%?6km%3=ldo%LSR%5>*7rM*kLIm`452u8Mt`VJ_PW`U_(;QTc3CV zUtgp^3crqF*RAnuj^bAm&P25}e(kCX z3BLy6EwJTSTJx-Ez2=t(YY{U_m@vcsDgM1$YaCw>R$*l&$IJ4z3aP4f@>YUK>787< z%dRX0mtb$b8MXwyl0I~$_;j2SWbg_3AomDqj0A-LebjfW?43i&4)Otc>;cs)$%iH4 zJW}O(;#H}#tok{R{S;CjNDD}_XMC^{gH*oG`O(PMS{3-wI6zV};^kz}>`1jeUVyP1 zP6dPN2ov%s1F9b)OtK3rfiLF+=ueY$OTlxF3(vqbc%E_KQSvE4I_MFkyEVz1(u9uL zpAHd8-F^z7X>g%=n9$s>D3lBj{cD=+MCjloH%$9-%_fh$VnE@sFA_gxK?3b7!)ibW zR*9Cns&g$NY1_ZvoJtQdQ?9LnIJ&mx7?Ir`N^VDh^UI9coH6m37zpNf9>Ju1NIp61 zT$&k?A!#2OkN8XWnv)@&%osYNBiAJQ7}H*AL%)(~bmpf?G_ppcV<(>!{Ve4j?74oI zpx-eg9QuLq$Q6zTQ=A6A`6Q`+z4+mQKpm?68H6iKig zxW%Id%j1pszs_{h<;>V++ugsWY176Fkf3a=4@id%A4lV&sEyQ~&U!Mnx8Uq#iDH#? zOrK5Z3%XCoog-99^p|*Y@A@V(!9jq1U?@o@>X3VN`Mz$WBNHin|MjH3>6MK=JxGW2+X{uqI=-$tV%6-Hmh3PxM;OJSn2Ek~@cX$-h1ynPQB&$0siD}T) zmH2b;ksKeGIKJ!%=1 zpsn?&Vv&u8(^w{|7i)4ht%p2N&H^9Vdy<62Dx$hyd2`L03NzZH9rMA6nyT7~tRMzq zsDNnX2Sy`5*juoCUVR6*M>~EVY#yqHV8`mXw6Wxxrizf&HDhShKYh!*jA2Nfl_N(D z&(t+LWL0HIlfV{>U_4FU<1`7okvBYo;wXS%krTIxjwiUKl9yd6$7=Zw{R6*!1+&jg zJ|AYo-$VK=->*mMH}Ht)mwE^~=J77uUWGF8XY89Ul$7zM1I72;k`I1PlU&*BxpPSz zW{qCp17wY!@~B3-y`6Y1WE19%nJZ8X21EJBa{5QfgW+H}?Hv%lh>4UKM2|d8EfIPQ z8n92hCXos+qo33>BnyfK*7vc%BX%=&9Grsv8Bl#Uh2~C2d2vn15B>MP{bfRb&l=XY z{vNWv4gDPmh}!m-|6l6wBFw(aq^ye7UHy%o(1!k!UYDoZ8pY2sZoE^h_^G9jycAAT zym+S=YInp680j1SzSI-$eBWQ#m<15x)7)_95%TZ>&BOncfA)QA9oC2|ZavNv1Yn@?FrgOy7mNgLOwC?EPYAya zpIY!sK}-C=ur)Fh-y=Qvq+tcChIU#S##TRkeYPteb?6JXe&eQi|Lq?}b_AQg@6c;U zq`Ap%*K1j%d6nI3nLfn=@M>F4EeV1YFjxAC-FGalNV2{e(`4E#?TiE%hA?CUKtht3 zwdPmR@QKJZoUjDQQ08Hv#)0?*=)oNa_gXWo)9N#(cik`4(iAFcnquH_*Zl_f`Utl7 z#*gDNZIz8_tDHslb7ceqcJHr~^%_L%2ijHx@#Ii(*41L@?l}(R8>2l|l6)D{{!K4Y zx21+QtdcgYl1`*nFf{}GI_q@a!*Z!_G=cUMY0Ll9t?aNXc%T-3(R1P@#=-XT&D%uS z@>mw4!l(u|8bpvScK56A+F>W-%!%wBb;{TQJDw$-N%RCZ+819)2efy1urbL2g<5Ej z(7lVO!^`R3P4*6m7&KZvCq7q(j`5v(zh1K-c$IT?d#!+g<62()avr9oO0zgW_cuPo zOGOM?bdIX!WvK|~pugmfUi?Hfrd>q=oF@#OKpAC2_jLa8A!c_S% zHc6qR~pw{epa2SLla~hbTzs8!{wODMC>G%r_(ba@7ZjL3rx4(^Q=_*K^M` zzI7?c^nTBbY&W-mYBuk|=H~ZET)`)EiSsGlFqC21W(o)wT6|gKseWBL24x(AVhLLRhT)ur)ZJx?f}VUKK{9(S%+@ zz1M`cZwNK-f^}LGjy@*C(vr;2O&pLhGbqgz!-z;Y!hqngb0~>)5-?S0SuNg<)uJf| zi&=loPT?LtfVoG{y%%{;Qox7J z)roWAOxR~dmM}h*)OeND5KjkEl5)UBa1_)XUfuvSi_GY4Fn=8&{6`_#8s-#-iM<@u&S<0Ni+nkWRNX$ zGFYE$_Ffu_>~arB*^%Jf4jL>6D>wqKiW|&8*VzPN=DDYDD6DDn(0Wk0J=$^b5t2h` zgD?RkSag=i;WIRi1dF}nXwt=P6O~IL-DPl1m1tib@q*LAP#XPNW=^!*DI2jCX-)MY z`MOx727Oi{UJUT*^6G=b5qvo~`fP433F&M;04r)}h{?z-yWu0GIyO>z0URWnPa)~_ zJK(r|C0-{WVj+q>ciUBB#t5737D_yn+=V?aEQaPOb$LWx?vo1){85#zZMy0!$2R#@ zuH`GI(686Kg-&t{+2f?$tw+FsjgwPS{`dXS!Pp-|C+qs72?to{s*x+doMpwPJFrJpU}O9&Os^|MESQ0 z!>IxZn6oJM+4hn(Y6zI4LDi!_XeJd15vM43VhAV^IfDpop_BqMI2wmNBoM9!N4PK$ z&w|)PpY)(2+aBw72D(F%^@y*ORF)o1jQAEmQkEejzQf;D!zVyW>xdqORuPQ&nm$a7 z__*>q!9q3SgVj?5Iq0Jqi27%#^4ZYIYIa+O$6%To8bU+EYQz`yU!@A>p&;fe)IbmW zmV!Zaf{~KHu@gOhoBWI+KJ{>D?iyJ!m=r%6)1ITjPTTKMhQ5NZf*`1P zL}dpNOyYDSIT2RGr1$%-&E6@88?7~F%6fl<>j@KY_s6yq?T9eC<_KEOY=HuXU{Mpp zQ;-OK!b8Ugnk_4_WO4Gzp6x|O-FKh?HWv+OSrVMy@5scQ(Qc#e9rdbju>O}S?B0+w ztImfU--y0$&I>V?S%UQiw@qQh-}o$v2?<64E}sX-C+3Hv!vkSVL4+|cK?jNvjkr=O zM(>rO$VcueNh{6F-D0FM9HZ4naq%V{a$E3$5C;b{6FySGfv;n)R69hAKALm{_7z|Y z)agOM0FI7_1lDoKNn}IpZSc|l_6#w#6V>HZ`NRQkWB;wR-NC*di$I+i-FloIn7)TfZUUS~B5_xw-TA#@aajLXi zlU28fK$J2m&VeK(g&N0dGcSP@u_L?`1w@wHLXnSM0oZ0{;>=4Cj332bas(W-U+PJQ zGMxb#u0gyt>3l{_Xtfp%Npy;g;sz6OvDpjJDfcjC{>ag)#Gr`4r%eG<;~0HnCHXlz z-%$}ef~Ek1qBacJ?+g_Id0SoHP?z%#g-HA;J-oR{>BVBsaLo-gpRnal{P>lKMBMMLEhy z^~ZDS_vw#)k9+(vAd>Wx(eM%7``+y#_Eu&a4M($}<-6`RWfbkVmw3ENh3i$Kqh&v0 zb~bT`>&lTEAROSYJm+z~+~`D%7D&riaFRYjv%=eWncFyBmVb4^W!)gY+?%9yR6uzp zY|=fzSTHuzSa3r-W5G@Bkq95$0sn-2_-FKf_-AZK{Bubb{<*pn{<)zu{<*0Ois8$% zuspc&^QI6t`=g#=Hh*4dHh+F!nVsbLxKbr$C=0iDyVCkU%>{uM0{@KofvD60`g0gEM?((_nAVx?gk=`b(C9_x>Kz<-G=GLdp8?D5$mZbotM+Cmq<6NOtG~jJ&gSZ!c={3T}~*{ zgja*iPCtZJ+ZaM;R!=fz%NKC?EL?ztaCc@Kb$^u>J_A1EI_H4&oq^BAIN1Pn{sM4( z0XQ6RF__-wg1Z~<0LM0{8tP$o)inF=PwQJ6!v5O2-Py+NAHW#IIBOh^EQ;R=S#I|j zgAm7#>d3RLt?G$jGm;u*bk+e@S?m^A3^e@IIK8`W?jlD?u;~KHJ8Zfrc~6EkLl6X= z_jWn@$D(`%0$xL9RN_$X@jcfLdk>Rjv zB5jl47i8G)gtX52By9y}_Hl#6VCJgJ@dv_EmU+f76xJ+H{#WcF)jjPzd~0a#GPOVd zI~td%TNaW6k!RI`B$mFyI5qLP

=iK{zn5MEC(lL~nwgv$Io4dXN+o&)E?vM*X8(Qow`7N#O%2 z+GoatGgzyiY5X8twN)38D30gR{4OfjF+EA;x-(gLz65pfk8Z6+t}`^H3Uj7>cDH@E zu`@a?Hlm*7kG#_+tAD7b{#8-`swj<(QkCkT2s6C1=%1t$*f(_t{>kd!&%HlEY&%W9 zfgh>Fx5VrDnTo8B6sRoHhtKR2M;7#CY{=erNZ6cG#twF%A(Os?Eq0dj{tS8mDRgyoiwjgVU( z|53SRQ8)9IjcH_08%eb#*6jIlYTB01eNNWi(yJcYfx+?kTP!v8ZTS>$_mQ{ZZ+y!- zVLLnUq|x`rdcGd|9DY2@9~f%|gc}JVHXWJyaW>htR0b=2!RLxcHV@pDDmk)w^sbp$ zshVu51rAv1tbW>3+)5k9#|$-B_HT)Dp$-Kikhz++noD`Of@kPzpED4#=LZ$xxBWxc zoS{Gb7{kX=Rx>}r>L0FLq=}>vK&Yfsw*Ag2#m!j<`kfKQ&E*Fob<->dbiFnl)76JYp10znLYna`;=!UfC|dIQ7t*zUj| z`{Bn}Hpa+gtWou%? zfC?~t8hi7KeWUgkdpP)qz7jLOF9+xW!x)nEJ8&5zng<-?ch0~ya10td19a%{Z*c>P zNFcnD8_5I!I{|?BeQMrRgqPblmWgf3L}Dz<{0)d=!T*95xK2 zQ>ICk(eNduZ%jFsNlL=BGOO=JjB9166Xr_>HUVz|&2Pl0^3)Y=D9WVhmNV#tkQ6na zr|pwG_ZRx1q@ik?(J5=cJtjeDRgEQfiX)I1&%OPlK5UjDxg4W4k`1;xErv=}S&R{Kh~dS~tn^7$Ru@e$1fi~Y_yxQ;H) zthjdF@W9Y@KId!*SsTXt&;mHOuNo1wunii6=SG!aB?y6TmJ?91=OBWBjL5>6jyKRK zAP9@ptpUBJl=_{Kl&@^`iYZ^&IA%9wSiH!vcxieTLpp0IucFJALyo7@ufc~Io{;pb z%tPVu#Oejf!xJ2acWM!Wp)Lvvxoj<<%;liKu>r2bmY3lNMFiOJJUpkNo5d@}Ka(4- zW9L^IX6N_9bPfB^uvX8p1XdGgDxqKlWUE4@4M!^_+FBM}$o#tF$u+GqW^O_G1W&B3 z6YX`6rbAm)S*X|4!p}vtwUeoBMo;3nnGj5JF&OwBM z3c^ZdL)2VmwJdrMhmFx0z#x?&DELCMfkL03ZUw>)RG3+1Us{DY+pCfN6-qe^t7Ms?d;D=ZiTh=>a5iovlQ_ z#Q-5$TV*Al>rxfLoE&MFDR(;;z#_`%Enf%b+8(B*vxrjQjpWm%rZ%osTSZ`I3gxS! z{RIde46%fc!{KQ<%`hHf0+K4J-YMtpEL(*sQQ7j5()rj0p*8@KQiODVD2Y|5&Jsaw~ z!2=}eHuwu*yAQH(CIuG9*MWbhYRP=6T3~??TKAe*V0QO1SGYTFPvHw|2rXMwC>bz^ zOI|R9?t6?~*bG=|#BWRQc!t?=EpPQSE+BZx8_LEMY)q2qgSC6|dvu=szSF)hm7VwU z9=E?2BJ+mwm)YN+U|zfgZqhb(s#$*^a(_5D=f7+fgFoKT!E&by5WLf-k(BH>;VJ*9 z&o^=+0Eotd=9M{`=4btEAI!Xl+-19=TT}a-+?7UZ!{=@G9#yUvu&^SLSHvz2yiQ#~ z(qa*9A}vwBlx2Vgg66va`%d?Lhh7`Wbv%ck5(md6@B)tKmr3BDIKlD3a1az?L@+FP z1V!$@A2_wIZN}6JNH|s`oQ7!}8|!2m#}~Zpbc>#Qw3d5+NG*tIK%?0@>wg~asQ{3a{d0GQ{lzKGqkB)t!PNP@I-d7N#AQKWQ8dF1{|{tgc5Jb6GHC{Uq;~HI zlLjkzyiMoRASLOD*%C)5B2Y)}J<{?B#Frkt0yIM+ON=QFX5h6R;*S2Zgh5(J-&1Jh zU1Uxxi-a+s8#9=xf$&oDhP#h_$ajE4KTSBtLOUo)=Zxf1&KyofaF)vX4a^m7WUgqV zdl)9$+Y=dzSPp%m*f}E&U@HH>*xa8p85GiUwV}LxHAG)M>WTBbmSQ0K|8-pw&+*C5 znj=LqcHW30Xy=e)dMf~~lN5kSwZ^EDa-u@=hw#=INa$-RgTShiu!BO}_bP!x*_f4Y zDb&hWU<3Dhfx%zaNC)v8PGv+VnadE&5CyvJoH{rdPuU71HXjTEnw+gO{BRbuH*}V? zWAfvUC-lf!C>_gYQIa0GUlWyLZHow=m8AKsQUWSe*@7RK2fL>q6G{RIm%>{aXYeTl zyg9sLmXK4!ZXo=2o4iOg^O$}@)^~B4vG~v#{!?aHI`}06d-tl(?D-$SugpMJOhd3y zYL}$RY@Ou{VOJL3jMQYj63FvX)7Kha*twP>E<9-?m|(+tUID+bB`&bHV(PwSN48-{ zu29mF&hgCrn0pJcK1M%4EyJB~x&;^{EQ-5PdIVn>LV|aRKk>7TIy<|s+?J>eIfMcgIOrd z?PivJoW&TGBH#~a4IAZ@@19*A$s6{^1sSI{t*$@K9}WzYiQb_Oc7wWAwjCIM$Wo2q zkNpJYYDnr;@5V3t+TP<_5sOOBDz+9r$ zWB@n5N?!CzsF4lHcMCsP_#rUe4W7ll7nevU#6U;wVZ2voHUTbA>%9~p#7_i_-s@x( zPVipDJkfjIJhzMY%B1V~(Y@C__oVk;1eD&3fYW;sz?k=1D5|2{@Y4^p@VDccd~95s zvZIU9DKqhm4gU*eG?89JxqsI|(r$G&4@{=qRx zrr_^wKhzX-M*_F)8LNwG5+vM&3L2iRk}FnLDbGd;Tri=IEkd3xy5>jWSxnU%kT7&`UVKik*Ut&O^>zF;KtmR{#0r6u&%!~Gx zUva?mzPOoyGe`E`tQg?+vhkzDgV2p?kTROzdra1v4nho*hbmwfiOIPP!|Ymde=hci z@8flDgFI95o6!vaplK^#)&y81nP^^_oytqMJP3G|q4Jtu)D2#l$WU(h%HEEKk&p$6 z{&tl7!XoHxeY`U{mv++bz6e%N2DcS?opC0l%@wma+Z+TpLytFfJP#LB@D&~{LU_)t zAv{b(!@}pwo}t%DJ=Qry@_aX0!e2SFC&J^Ugb%$Cp^J@Ch!Oskso0d7gx^fyBO~wv zbLqKt7Kjg}E)tw{+hlg&O5`_sb-X$r=cqVtT9ml$b44PpyT~5c)vN4Yf(+hwqb0?d z+j}BK-KV`K#X0RsR>H}fdZf{&U6mA|0Z0Kdpi9$2`3P>yufM<-9%#ckcEXpw$p+D5 zpx-P|Zw;=ZbCA+U*^z-n`9_L16bq+DTg08pAA+0IAF)c^~oD7kDi#(6OUS4wC#9SA3@QH1^1_{{{H^J z{oEsi1fR%7PzL!hUhDb##tKwUOivtxGgSL0zI!Y7?!YeZ{uz7Mx68W+V(&h=h;_P+ zZ5W%l7U#*tr{^Zjzji`}1so5R@rgS)CNOnFwP??RLfJjjF;{R&@(T=@_`HF88j(#CINEWx`N!(OO3w61PH%4#zk!3^Bp?G{GfX#;Xu z3RHlM}bsC-bv2O>5zbXRlfHi_Z?INuJAK*}NNd0$@#USslhXgKrM z-F}RufS@LoJYXs@s=}5eJH7QEDvP<^#i*Pc{|@323D54vnlaKWaIUWFCm1&!B#*Hy zO&+h4$9v(-aE6{>cx`i_@CKB`qqU4(a4bO6^Af~#hhP$n*X7yX1PHDP7t^n62KBM{ z9s@wmwWtpZ2y%5%oYy&w^>;pJ*2wK`)_{1YPr-y7SsQ_MATm!XJ%y71*f21O($)mJ zD_+ojk8(rc*i5+lCFo`Y3gp&72&@S70_j|D)8{Z$OStip5Cf+ZKH7N>?hzVXHcgE( z#%hq-WC>Ufg$O!~`&!|@j1SH*Y?I!Tna<^4NuiX8rN55H@&kzyuQEyWDjLB`S|VR8 zYb7m(&(DwKJur)li6<9ehDy`7lF&G_fce>`C-@_B8svhT!`RJJuylGx;Z#A++jNLn zIHYU{0kfys@?f{8@EhOijPej>`eITIvU(5(JjP8f?`TtzBo#(tqAgA64VY$M>`qy! zl2<~w%M@-9r-XIG1eeLxBxN1XkfOM+(<1bBk?JI02WBe9BeNr(zs{7M0djG+$0=Op z55qKeceQ#8g_P*l@d}67LPQ8F?py6WhP$fxe(H*9TrfW#*on$~ER(jisrH8neeJN- zQ9a=y?iL702$PY)-mWxZ?o%2Bw`xhD0!j>sGaAG}cFVo&`Lx85kPpPEHN6X(v`Epfa}e~>SPK-<2hykfoEIAWaHlel)XHXoUT; ziZk7j=17PX;i(i!$%Nn!_E%E@)O5%InTiZ(ulb&^t0^j7)3NZ^hB6Z;Ob*^PL} zKM?u_(=l-Q)4bYOUlp{+I|lL^%*}SMfiw3-*mZ_nkq!kukW`cAC!pxPs;Yn&7c2XO6=b>#Kis!ITt%J0>Z$}%61du3F8Q08BFeu zy~=F_zAM9(8`^_%p#arJuOkGIImX%igE$u5ts|oy{Apett*`EIaylKL^zF0N!W5tSC`QMmC&osky?USq3$E&B=tz_%7Ep$?p1GDbC3EppfJ5UjVds7&BhoC zLYmY{arGX?Z`DfGp^^`FOR`c{Z{2+lOnMF}LgEZHsf(jFyKPBY362X4(j0^s$Wbz( zaWwd#XTE!U``6-U3PLUQITR6s5xrm|M zRsj_TIz?}8p?94ZiK(uELh@1t%y?yj0B**6kzbl@pE2xlzSzj$ z=S+mQImeB9fx;Jy65hx3c1bEdE~)(Tu7k-5eiPP-K(LSUOL1TbQbXTNB=`gA7}L1}X03S0KVr5@Z&4^2 z6L<46FmeR?G7-*gUMOx@7JTEIVP2K?jIyVz6Hupnc2<^=G`yqda#C70Ll z>K^^YXAq&4o^lk)bce0&=yb^#@h2c|QdKhjyE(M0ap}C0X(O)SHi^PoNJg6}I}k@q_#a;+CIv({W==+g>z14+m0vya}@yG zKK6tq{_>xu5Uh{Xu;Erhk3*ZnIa^1|*ZV$&^B(|}y9XypIi68xD}~&tsWsH%1K_VU z9Do|G!h@Bb&2*nEg@eyeXbCcU|aZ%XyepOW5G^3A=R0`KI^ z@Ub@2w{?%_8xP*Nfq%kMU4XP*m-ReJ8~A2t5^mn`O8AI4gELwkG=g=RWNGy=;45ZV4_YA8*7#IyWDHg>+l7 zzq@zwz@M%D6z9cd4_Y_mZSP`^wPm*d#r<8BhR>byBD&%I>8Nsjr6+ouIPmWaA1phC zc7Y$~Uro3Ld!3ZgnPCAN|A`15_16#wEUId$I}1CZ19P?mMjn(f#^qkhNBrKM^gJo>)HvfVNLh@CUtx z5A@|`@nz_WkbM&Qip4cn7;u}-cmSYmQ^n0oj{TWt#;}&29x(>raE0%@-obY{=vPeo z6_I{LmVTqz5I4!I8xHz`b_CGqijB|*jB5D48Xmh4a;)8Kz_4F5eT zJo${J;>droA_@65ME<^E>>S5HeOe~XnK*M9t1M+B$YpXB=&A*atqik;^6kB zN#sqiCu!PCgkOxCXrpD`u;kiP;ivpw4}C+JH6E$~{V%rqKaO~mQU9@wkNm>_>Fkq_ z%n|!k$-4xGxnJF_Y$}E&C|T}4v|NPtnZ;n!twzbpXbiC1?7{7`;yB0YOZc$oPB;6z z1z<}Uii*-B+{|!CzS17IM`(5#WNLsh_OuKKvC#gpLV&l7a#R2Su_I?8AZx!ZW&h9# z4PDzuvveP7PEbFqmiGVf?~Qh>q8?rnb~&Mb5)>W;`>N{K7}3;Uh^S-0RofccpL1vb z1C+V}l!}u^?vm-_1AO`9ABMX5kMVycYz`j1r4B5Cc|q{>;9RxV0zeTF$6P<2SkeDE z;Y=agYySgnbOG7&4B7G|T1;+lY$`p}-(u-95kh;|p+nkJd@ZhJ#2V1ih~qBbJx!pA z5r6tJfnnYvz;HWZC?*UzYU1GbhkC^SqV({LiotVC_x|e-bFBXYNT65@nyoDY&7Op2 zRt%a2gyzpF^!UHipV_f)~B%Eq?>)n+S;nR1Z)z=c=M4>+310`av}f!{(p`W5{TIIFZ-wgE)xK zVNa4wm%AHV`?Jx*4;5+fuCl+g2I-m~0u{M;4;``Bu%7>rZojn1MgZ{%4E* zM_i=vi*0r=o*d?|0K2hQj@5VKiRl}Fr11^zsMxy{y!QZL(bV(9lHl`Bdkigir2!l% zJcR6Qy05SFEpO9pEGCgO!=9S}#xJwcFRJqodl6H~PR1)3YWA`&!u6bdY@c1%)rF96 z;_|qihP(VSNFyhwwzpwR*?(!rMsj@|Jb6goN_w4)AS~^_#R)`rxF`M~1USXn=WZ5A-+ zC;L0eCLr$IafVDt)6d65A|Lo*`zQQ~72o!!TL2hk2U;tPxc*@JT$_eIp04zH@Ufkw zkLQQcXZWSPr%wi8?4CYOs4$;M)gU~=t8GEz)wf%GGam?5i}adcO_=e}E|?@mJ4qMIiL zP-_Mnsfc8ASDF&uIye&z1M6kD_lGwH!jREe7CgF6vtV3!#KQb27grgHm+K-kJu&vl z;)G9XQKTYrcN^fVh&<3Lmxq}>u5kV)znn>#6*y3M=7*R?TH#!rSrNXQug`MEK8Ame zc&9va+@>qJ0Bf_i=@%#yh%Auy&k7&$&Kb_ccL4b!Gfg4}z;Q7E=E~fQK;%K0pAm45 zJnh?285O1N-lkpHUSx1#Mdb2AoXfomNvVKYB^!ufk^$iMWBX`t(_*}-z=_?#&OY9z zhvmm)khas~ZMs)~sh)l@$2e{YJ~~_~Jhm_Z#%8+{FK5CrKJ_4*#K%bA92BMT z!J#3_S#pYG=gvg4@Df;8ZX1;m{S28h0ix+c+@bk}c!}nJbA>cdux<0akNy*-0pO{xEzLjA}*r z@?Endd0$*k2n%<`5^`@vc<`=Fs)fIa4i*3l4S-_>K$U)>2gf?*0TCbANh0+?pJD*m z{%|0C1nQb-y4(S7%fx;+_P@F`Dfgh(7Q^%8K=|C;NM0oX1aMfA(f9i`ZRQIHAcSS$ z)BLTYpn)&QUQ&ul^fL$nM`1dM33RVnt|nLKUUivrMc#t%@|H6P09uquLeROYB64e` z5*p^=O}}$CF1ldc?_3~6pU4{!z0$wzldLntmzQLZat4+_Hg5R^RqvyE@0sDjh+l;4 z4{@qvc%UKsf5#Dmog@2`9hU48jF9%&4J=0XQJ3^Y_NqwUTbBvh&+~;(@%&lRUvg4X%$Y_CT=NMA7rALN5IkqQ;)MA|&po1QeA=N*KA@^@i z&ye-P0GY^<%8juy!y5~_SOj5GgUq0z9^52)@Hgs4MdZmwz8AC8pv1=|nfQ}b8}4Aq z82ux8*H$mcIMXRCp%qF{hu>kUWgu*=&{~;Cy>rxm>G4MZf?QF}gqoKo|OXn;71}B;`W` z3X};&$^=;2I1{i8aLOD^Ju5u;Bx8`UPzA7M z8G|%hz}Pts6n$kmKr@5@i9K3$egGZ)z>^pDz=3m%ApZ(n733dXmLEX=`@akR zqo_nT7!EKxVmx2dl>--!RSrlIZ~#RN2beDd2l~fs5Q39iOOyk}$^l&B9H1w*PN5{G z1I8&_c5zo5H0$d`r?3i3)-2%Pj}Fd}4{owNNb3}itLljdWs$rUV`C~%{QcTaQGxvc zNTLc@Puyx401KC@0&OybKV+5$1UNpHtO9#@o36wp+KR~EW}y~Xqj^#pf}p8${#vuicGV6=6O94mL@im_x6QC*waB+k;&e4 z2K?by{oxg<{fOvoJgN)keIY@Eaj7I`0%zDpJKtWQM3f>RB8sSNV*nFz3Uj+vGhne3*$S_W_PpV1s)3!9i~zG>bprGv~;4shN5W zw#Wvt+*GW{eH>j!CYXw`0jb)^f(rsR67kn0o>=KBaiNx8< z-k?sXkwc8kCcN0qI)G+sxL+Tj&v?ybaU+LQ=2~1vr*a6 zCe6+aAF-NA1L`h2|6+k0&vzR}fgK>HGehU!L29zyyAGz1Kuw4yTp(Jd4Q>D>)?kWV z`I>^raR;NNrp@*JAZKd|q646TQjdNwld$oDEFol~s#Z?aWIvRoRVFfVc^yh}7vNes zD^rij1b!kF&do?(EiGIE=w-X{5JAV+^ZCFTJO4fBKZGmZxqgk||sZ%+3(z3Yd!JIoT@xU~HWxG+Si0TNrQmV;uaVnH+`5fE_@N zf1DVYf#UW)+uozzGS&;tllq}_CDM*bB_Z(07gC4JCgz?gMY2I^tz7cP@q$7{QV5lp z!X>!653)PT7Wfb?_~bfU*EWJgiV-@@kce)OIjhwm1D+BY_Opoy+awaKewIOCj$F-R zaFoxLax)A9vn>K=DgtLI0+oV5Cz!}f)m;*k8K&3&Ts%Hc~EffUW<&w97 zm+laFk6pMQ#(`h2*f9dt27wxbKyA+m_!WUsioh8?A#lJB5ZK6;Fp+R(9YY>EV*B7a zfn~1Dm7uH0M*(pzunoxKAH{U;9Ngmol_I8eYkA-KoOl)7@~D*X#z1&2LW4jUXQ8b0 zIvN6Ct&Y53WD=EjIXqIx@*F!?@EXC4M6)TMbF+*CWC&Garv4Mm&6lNl0Ioy6#Qbkw zF=Wst*G1|f?e-r-{tD?-0^0@ETSS^P!`DJzD8Q+k;`)xPnp1OBh97y9EE3-0VWdvwQWR4NIeGQ20~uDD5S*cwk_dIW zuT*F}K8ql@rV~^|>4NtvmMiSDNSkr*Q&$v$v&-qG7vdxS@qUTD2VQL`K*+ZK z7kpI2kBFmOjSu=g`)%DAkm!AghuBOD+c3?v+IwK-8mvW0fi=q!YnJIH)&p90j5Vw6 z1=i;tC|Hk{OWt|BbcgkPIbk_{>=XSR0wedzS%?R}KyoHA9xN|hufd?~=RS4AJklh* zz=ZaC)or3%@TPrF#_?r7XB32XH05<9Wu zOjuy+7UGaV+gl4A1GQSISxn$yFrK<%9!f7a&%yEJ=k7r>LBoGS!xDP4spH?{F+ZS; znA-W)#4XaSo#j~qO{B3!fMUmp$rIu)W&nsG;D$Y@;-hTdRr4;_tvUKDg*|01^Q_we z(XW6@0z{Yl?0PBA4?GL-!1x@2K>i3!x%BiuRo2#E0s$TcS7dWh&D;OfMKzz7b5Tv; z6^P4KM`JzB$OpdaT z04;Y9+)4-ZJ5fyRQiXz(>aXSlOsZ#>K83&DX`j&YrJNtiRa=0hktjm|*+Zu6 zHRIZj9RW#D1Ehurw?x+?U?(-F%DBimC98d=&{mMDPynKw`X$(NAn1 zTZp;)7$n0kTf6a)t5s>|>G^H}+=A!?8z^Ai5Jb8n z)LX`Voi1dRtef*;Sdl=36-+Y^;RCLS7>FX=apJ5HHbMFifW;&l59_On(E{6Ysc|qw z@h(2LKMwgm+8dJDK`Q4I{W^sm^Q>KiuFB54GWN4TW$agOT znR{53GtLe{BKosidR^Qd_G_rew@e}={3RL`3TZxhoh!#gbhh$n?k#O{L||}zrY{q0 zYg&$+<_wqTv!VH)f zCgBXZZS6r{_`UYccyY0}iTl3~+Z??P7x(_fl07Msiz1z5PrcJ#@c@|={f{eY12$yC zkwlCLi8N9TGzRU+$FB^8TR;Tw?Z>f#rcQ5Y6Bj`uyQI3QC1VONx(<|}#z^6ndlzSp zXzV!I8}i^I+>P;uzC^{i8|!U)A9pw&3R5|j`M0$3@IpU`9{}-#9hr5LD`0S@ZN+z} z1QqR4UeZ#3w9h#mHtq#WM`6}RzjI?JH$dL{I50WkaHuzEjD*sea@$B?otseImIQQ}NNlKZ24Di@H#qU45(Z`jj8!p= z)g@)#*(<$G$I&zgpWBYHGHaHCAAr^`K|RaJD;Qs$e!(3*PC9j1%c;X&;g``cq}NW|kZLx07o!H6Iv)s4Y6BQUK)Oy@~ZfFtV;3BOm) z=F3Z8nBpB#+BU^(&2$c^O;2-j)Q3BuR*r}d1Y4FYG;z1}9BG4^3TP4X(K=d21A(~hnKfc-LX`l2O`pC22Em8vEwhhp4_X3Je>lp8d35^ z-C$to4|m{TQ`iV=l>^~*(Gt^p=t&RaCm*Kj0nVh1wqc?Y^x^SiL?8ah%MSISJNT)| zQ2(Rr>f#!aIiA}eib*zJzO>al-9s6{5igk6vgIu~L3K!L%tB>u@Ho}5G&&*+uik=1Y7v??>aLw>g%zHG_(F{Y>oOefpPy6w zO26<ZA_S+t zy8V9n_ihm8`J;s}D{=Xrgb6Q?4uZjP_xh_aZNXIV=c;(GE6yJ$Hh%aO4Sx6IhiW?* zSJ}Z#j!~`2*6>j_FpY@mw9Y5BX!hQyABu$-oE=uMuE3gk>I6a{npqgurrlYOleb^p zMY_={9b%&}jl>F@j;nh?V%x)w-2^cWd{Eoa-4s0As}M#r0kvI1#kkiq5j*TF8b64i zKssuMZ64OCu7`O;og0b+m~-ia8vKa6!mlH)=IP5o1;>EGBqOl?G7x^(SNfXQ`GWu~ zeQ~?#Vz#Vt6ELJpVJ9FW^dkjoDG?a57Q$d`lwPaYz0vri5;jxDaz0Y3l5$qX&O_)@ zFq$z>i?oQ%MC5AsyD?`!LGRb|IXZFkcr}B$9E5D)@7P(|x*r8e-X_nHUF9|9JKBgA zJm(+p*(U#Zze;aW=ML%sQ5*SN9n1K9wFTGJbZ-c z#v{D+3K-2)P~_IL(Nu&?7seN++?u2T7?#xSGl>>#!3GD7O3*Uo+1?cM#$6^NCu_aZ z@M|a8#89e!AMfIyvd0IrA{lB3Tl9VUQ-)xrYrWGC7ty5@o@zV zrkmyy5yw+rA~{yBX$0Mo#iB~157C6Me=kn0vo{|aj-U>tJuNMW-8+2K3e$_sX#4sys~L! zS{dr0Nn$XQJ7s>%o@07Fsy%9dP&d+n^Pow^RFx*e;;jbU)GcQ6W9X_l0IQ>IAY0~J{%oTtqf zNtU!mcK3u0g@H6X%7&R;Ut~68lMw`3eVSSKYHUVDx)czwA~pm2kMMpBYA2~~p;ZO{ znt?U{cuxuCAMfYrt=!ME_u!k7)|d^bN(8w_09pe3L8HT-C zB{Vhm0ooV3SoZ2yuZCC{nVyrA$+sPxOp6MUU7Td>;uC;Uh(G?c@6 zL{!F+aYb6FZg2q52bX~^r+OD>4Pt+?{#oS5qK87<`2nfV4`@lG?CrK}`)bg%4oiF| zN+>rOE6NQ4u|g|!ub5SnL^Us1A1UWAZSw|8P|wJfS-YeoEy0fQ=sGAGAI!s-wuz*g z-U1U@(@`;O<4j7Zi5oTaP|M^VYthrsqaR54W<&v4DRqp!Ed7$H%yQI2TIPe6M(5vO^An?0XkhQZNjv(4AVa9r-4{uR~0$g!`q zjX1Ig9K$iAXB-zX{{j^Rj$N6zpT+9v`XsElUJY3Ndu11_9xqDpAV7^BL2yj5vV)S= zVOp$giqA+9^l!Q-elk|@q#9t5bB8_DBj;u_UM5!F;Pzd_u$1@jLsj;M)*@8{HKnxq zyiI=*rCh3(EZB*3f(|t4vN*{}-;+rKYkq}VMyaFztKM$)21lTUQ&whWLvKw*n3jqT z7z@~xzSsE#5ve!0JIY#n=nbvGGg~Ecmvukm57NpSBz9C;O$82r3jPyW@>80J?~$&V zyD89RWz7?j9Yr1dCT62h$1JI1)g%aO6KXl#yLdqMh?1@Kd-$COgcb^G^lUnG$FqHf zvXv8KG5H!XsJrgaABU}S1X==Hhx-^H#o2nU__4GK3G^6y_`HjOV|0zE=JIw}X6ZaD z21K2x#!$!D22lPBoC73zKq*}dB{{~P=s4BS{xOsh6|tj^{eTboarE;r@k~asp`RzD z=x6mGx|L*;7Vt$U86{mopB;KkQl>`KFly3Nfd|pM@DE-`4>s5Rq?GA0A~WZwAygNF zLCGo+Y6F#hVT6q*jRi*{X=W+{wlJT*nhy{;G_nM=5#0jG2Qhw?*p!_gh(^BqYT{zY0(r(F1+o3S0Fc(g z?-0(RD?t|i!>q|eB+EX5*hQ3ZkCfh&9j2pw+9)vC-kOQZrmkqiW0@eogzrJ77P*@F z9eop!86e0Yp}ea7E*7K|#)el)TPF>|CU$)qzd4H17b9f!ag{!2nYE+RfkI5~UUTq| zqj0w+@)^rYx!ZSpQEK|CMIy?1>WFVR0iX9BI2(UhtOxUSdJAf z7Lk}Mf8ZcRq?fK-S~CVK22JT2@APv85!1UWeS7ke>dJ*+bO?ihNLp7OJxZ2et!aO4 z*t+PYytli+flcd)oSGl@BpuI$OEv7*oDkZ~aBsLMffeXCn0^qXrh{LjtFww%BQ0+2 z-I9g4S}&XC$geT_>m&VDp}*GZuh;d`s+VEhh4o_E z`<4Ex)5~>wxl%8e>ZM9A%k(lzFXvthaX1OHNlfD3T&PnBnM7kqCo13agd$zXza1aA z0R^W2dl4P+iM#tsm)-2gfn5C>w;f&oDQ7d3F1uwI1C{@eySD+4s=D^Z6UgYGq%%>h zK~X}D8mg_Kq6S4B5cG^rFeugdaW$>H8kI^E&|Hg}n1DGQMzPwKw$`TAUg?!uY%N7= z-zEknfM^0LASyu=cMJ;n1&EUO_gj1KGiN4~@X>pp|MUFwz?^-~*?WEMwbx#I?T;fZ zy2u&c>YFJa*6bv5unmF}cd+m!-Ym8XYf69l3kufIu;1f5@Z)G3ku7G)*aA=@hv>*c z4R3sR&Q0m#yPo{g1pYzP0j(EIBYce6{Uc@Cg68yZc!!C@AilA3%JhwVOvx-qhZiiv>B-OQ8TrAGpF6wU7x01SgK-Xi1hy z1SA~dMP-sr3a3JZgG8kyk|LOP1DM95zqIz9R-a#yp_KVOtdhI$SXm{9sJ)%tnsKoD zt0>1yfgABMTm9jN&%0Gw#kOvB72<#DvXj9>B5>n*zO&YO(x&>Se9*+JWjC;35YON} z;aiAEH{l#sH}^3-K+*TU=_|@F#;AMKi`Gifu3=IXy<2WI9$k_uQA1nF8i zURZ#Gd)MOesFcU2^6_jHyB=ct0G)FW`;ze1ht6k*lzDw9<26m7mVZps2jU;o>?`=k zG~EmSG2J04r15>~XH74P3Jl77_&4H#pt{5A;-h^%Y5`kC5$n8IawcXLmgvuQ4`{bNmtb7ke6Gyi1m?+PF2~qLmRD@Lx8`MuZ2UsW2k^TX`X6AwW(*sJ1(@o#db(GkDf%wwS;DYP z0X2|Tgv}1koQ!(QP9fhgm;S3y#H;qY3lTo}fYsq7GK5gUc3MgCR?+xYb2U>9=|r=M zzz#Vr>f`G`49~OljA{x!q1g{pwd%Hjh$#>lXmVJ=m4E_OL0sM@s&zs;zc$^#1pW;5 znhj8e%2LydYzQB<0FR7)FN5TY`H>@%oE8{-nN@<&Ls|*`YJf&48`XJ<1_cdZ3>l!X zoMzSZsfhX~a)(Ukx0n!yz&m88lNQiBC#b+r$z)a^GKBbeL;_?8@!0{wGvbNPRpCci z&6G*qk}^2w5g_osM(LcLwft9Sh2~U4x+9w8l$W{conNPv=tGoHx*8FMjwQ`ikEIk< zBY%jR;}`Y3n$wB2`WvF_ublOVUXVXfr3%W839!eOL!BA}okDYBo#9!&`qWI>m<9x? z>RF71LX{V%7U@u`kS|0e6=3FAAhdk-{9s)Fb1A4vE+93Ec2)-N*77eqt>m9b@YQ&xHdJN0io(aOn#*g?LE?p0Kvm}6#T2^gA zAJMrqDaWMzU|-Gt=Mx~BeOkYew2eXa(D9iS{Aa8YNLaUPNM28Ay|?W%>1D%wC#ET% z(t&9buT)k~(t$!lE@ulb<~X%NWTebaR8s@Vs#4?(VFWkR}82s2L@ zPo2d#qNk>yf>BMZZ;%8{XOjS$xd6dGrYT$gIf-K)X7Ju?F(wELrDk?krBp-Wn16mA z#Vy9!7;r-wxmf184}51GLI}`QV8ted_BXY&2Rg`0SI&6vbcGxi|=7EYP2TN9=Ts5}DW7iL@7Unk4T4Z|CbZoBvTnfDd zASlv`+Fy4q)A8j}BMiuooqi&4u^|k}&my2iz-r{|9kTLBZeVy0O-T%5AJshlWD+Ne zMoZ}#7Cc0QPFki4Sf)x?CU!jXiUh}x*xa9yP%pT~s!u=?>kvUg(8)lkH1lXlJOV_JRvg-q0KfkfyNpuQsNS3|5Nl1hp*NFy@> z;{B6(a8yKD70AJs3ZG5rIM?|j`nm4uS2^t)o#xJ=&T}>QJiR8D(6KlU^_Z`|^|gkZ z@7&nLu8~X^IJFy5>|E!%Wn3xVA8q~FtgNHX?&|-S-{FB&nCGn!FU($Z*PqqtSAn|` zD4DK*D>OeKkN!6J!A~InaLi7-)W1Wp4lnTFVf4^L^>O6Au_^cZ!C8T8KfPr%kPX52 zX7Cbj!~49T_SDI_vUG0<7Gt${J~#H-D%T19x!r00aP*C<$i?us054cQP6X#9J~38Y zWQRq8x1Hv2-MzOYUY2s>fv_U3ryUq527u!^g`M1`qn^1>yv5Qh!6=WV>{);4pLXi` z-0$iBNh{=n!WzmTVXo-X#nh7F9c*MaBIwy-ongc(9B<*iGorieTgfahuuCnIShq|= z(Zv>MwO@u$L=+(*6B5vlh?4yqpq{lV4n+m15FfG9CaP?rS`s$2hT;{BuL)rE0F}v6 zHg;$tE893456%UU8)@}ow4gug>I+gsVzO3*t_Z|a!8)PYN?Y?#&JV6Znew#?GL!T$ z$QgbCIB?CcfvnWlGpzH1`a-uWBMFYY#Tx?Q4t0dhBd9L@TyFxydPRPk!p0aEpEWH)tw>lyu(0!bkzB#DWB=UB+Y` z4jb$?m0r7qx&ZUD)^T?^?k8O<)n~_$6>W}!oqNzjsqOeaVCMo~Uqu~Dvk#9^PRSxQg%Iwz}YWPzyq}GNlJSq=zw9&I5S&RkBwKeSpe%_KE(FV zQSCGC)YXi_FjUkGZT2_tHMAtGRu1sY{`68-Ycb(fIBs@4@N^z^U}6w~hr^}r9T#VA z`rKStVyc8dRfmTWAK2)7jaLzp$~>T-66(fy3H#`Rmq9o@fT?HwzC!v_>o-0YNVz=f zYW8?Isz!7G)E7$>DL$}2F!V>BC@4vOpAT%H40FY=#7lllo%_W`y)g|zHL-SVJGABdnkH@(S*!O6@#{hsQ+x?cq2KL-XycEd6yKJ?fKfYgf->GP;mwX=~ zrQEv_O==j7+e@*^OFi{3ynXftZp3{3(3Fjs4}*%-?=kpxdfM+CoK9xA9B%sYnk^9& z+D-|oMT}=e5^)e*huxs+Se^!*Ji@(+2dDqTb`5e(^1F}tGWdOthwrJ1eaA=nR;Br` z=6ep;kvoj#nx;Fx?<;5};YuD}0qJ+Xo`sALp)@g*7H22s>Lq+mTb z0f-bDst{$>UaUb8-=MvdKB#FG^Hlrv(!B&EavPfi649j2nlYCo#`j)d;%th398HUw zZ?&QzRV#u#13Re|*jaU4*Na8~sr*mR%>NCB|A_EY=J71t3(vwm*c0w;lTG6uj7to_ z4F8i2vtc3xFwHN32T0;iNFp(#MWXukxF|_4?6lec{u%n>UgDcL0=-&Bbu|@)IKc7O8mgalSOsRUZ70s)Y`S1H^s}9j0pkoj;E-iYziV zuoC;f3;j6ou0Tujn~U^w>bBnV+62Cwc-of!i!X-ae3;^)B=tkaoAX&LWqtsi_WTR= zDR1hx-MZ6;9+R{9MBrOBqhiD|Qh^}hvgs#?aOkZ-$FkI(UuwEU6C!NG1+X@HJ5Y%& zKLF+7r@YwpdT7xAeEwj7v$Pq?-QCs6E#6sO@1{NeseT++H50%N_p_U}$xD(S)af?u z&!3_F`MKoHT_Ec0B+M0cB2~ybVZ8KXpw#qC0_RUf4d;K@V>t(>aAa~HmNyvC#Jx9= zNrVH~#e&C%Q4F5iB}Cr>O{^46tiqins&&E_>4jF!<4fCK60#H-T{x9n-Tb;wq(y)S zw+`|yv+&AoqCygh7@ZfYnAdCu{J{sI0KBw1`nVPKudh8Wb%SdJ3|-RdT39U?Rc3ty zBq}kDTH83(VF(6OeW9XWdod1wSj{4kL|}qohC4Vu9kVE+(453v=En^6vzW0&nytyA zQS<(!F{4Qv+XNVBwwbFWv?vIr8)%fSGaG)LC|KtXI`ut@6_!th9U0x4;sMam}7bYwY8fD-yr?5r@i)z8BtwGWp^Gx;fp=_m88@j?Onoa3C z0M2xrWxDG?X$^@n86POvAaJa%C1lWpTB2?OmP0obkiC^SA~^Iys>R?29H}LCs@jLTlaMojq3$acNo3q$U;;6|7oG5PVpHv$qmnZ?tu_=b@5 zD5YMA#aH9_nYjAGN<+Db0b48T-=R&5mjfPVr_(53Y$?A0nS^q)q6{2V3FVBy_d)p+ zKh~62k#a%lYRbh_x}TFQ#vfBKIq{tjG?xf5=x>HkLLCOWCpNzH?(3g+_s)8pH+U&n)b7ZXv>Us!#b&jIPUbN(In2#VLJ}1Grs;9<+0I_W55D#+s`KgEm}JRiz8i0G$KC)D$7{q zs<#(*KFzp?+pfP*i^8HLJt)mJly(4AXEBOEeL7dMS%cVC5y~^-6v22u{eUGFRp2Bp z0u{Vo48)C6dlf+#wFhP7(|H zu&I_S;ZNYan5V+9M(ZVcix``S3mwrNv)gmjo1ywrd7-}o6^ow-D|8X8(50|KSS(IV zINi=zp--t9Wo!U7Kph+PjJ^f6!h)u9UTs^n`4&5Tk(yb5yz}BEGH)Qp0 zg-EQ|D$0a%Q+FAx5atrb=3D#OD3rH^9xzsjM9&wTSRCM4AsSRt&Pg}X`ea)kW+;!O zTOkdFl)uvbBty@$GFc%K>rt+I2-8G-Rw$$WoJV?S`8zUbiM3WJ#}JFg zBmoeZB36Lb;GR~9z(}kpZEseHZLue@Z;B_PK^iOcsj))O7%POclr^z;|HMib`r;%e z7?XMVj*sP3XKUYO1&8rpK$KP96vKh|J%LiPVk2Ppn<(M+VvW{y#$b(bW<(hJgaJam z9I%O`qLe>8E<$(J)@(phG75JtrRUo;C}3twfk4+XFw6=C1F_#m%fOD1 zpT$Z9Oe(@m&3X_??P@!u&5nKRzQlP?7vdf2q>AWBPqoF1bd4|FVAF{?k~uk8^};VD z>n#oJ_XLyCIW47CQQ1+msU0n z!kO6;ULk2ixK=Yd_jf*I2?wQR%tI?9SKml=C~1m&Bh?g7Yc4W#yXpfCa3tZca5)D; z1z6c6&dN=6FMD^hp8Jt@5D~fX4^ssMJ(Zij&_32qQN7eLD#;8j3O69KYpPfG8vpfE z@??heu5GM<&t{~v{PlrevWN)8{?6TdmLHic>Fq*$PFCga`?bcUrD|Lio;ve8R$sgf zO^M%Oy%nRX|Agl~2A(%Y=_Ga3C!q&^21ShWylFdqj%5ZhEV8+Ox-=cX|0-kAjqtqL z9DXoG3l`BAgVK0`jl?RR_cuP*vh5}=$g4@j!&yqLw4NuZh2j&WW{_xZx?eNbAy9o; zl7c)^+JLC23DLy8)$ZBzQ>*QWbSa{(KjHzI2qoN*qUGy8<|YXiq2oH#b?!5-JI zVm$i=PNH;PgGX{EY3C&GWe8IpHr{7yTW!~2w+G_{zS zzCevg%o{esn?Oc2=Buj+F|FogsYQku_XY#EfVhg-m@9~|(l@z$GFi9)oSQkNB>jo{ z!g4&<@$FGTV8!=jAaqVC74VwSSNJwrxD^*6$b?CUeQ7o{c@Ch=tog6kUvU9hW(ag` zoH}9#APs~Abt-0lJ2&J)Zp^P9hwlZ<9Rd~J6AhG2)8g4Q4Wy)jxdRD{Sz1{V^ZR0Z z4dxo=>lO32>GdT7b>B5H{W~{#F@0?;N`yi2dk{DkoHVU}5yd46JF-}695&AQinsO< z9)PJPlo4^ZGJ!w(wzN(BW17Z?e-4;x;+0~773c+XWxXfXag5H3-g*8DeX`B2&S75C zRp=H6408qCA6%kiq9&wKPGW5W`$Rw@;_Udqkrda%h$>LAyGZ-AKsg-rv z(Prx>jKU5U)^af^adfDNb2j23Y}sPGFNqO)5hS38l#J_Tbb!-rTW4e5g%pnZi7!s6_|VZoqQb*6EpKRrqr-Z(0e-jq`z1dYOfIxrIzM1 zfj`#RLY? zsJ`zx2(JN?WI3#UVHC8|BlchDpER*pXUo1SS+V{$bxn_g+=gNc=CWX~68fR|RALgX z(omsLCQB_^p{0i^vF~&pklIe8P!%4v_dyI6sove)vx(KswzUb7RFf>tzgMdSeT`(Y zT4_;}EYXOeLKa5l6uWO!oB~O?;={>!#zOG05y@~vKZr1k0PY3PMm6LRJq zAXIeD!u(AdkV-t#K(66@P_ID78z7aPE8za60eK3KG?2%|H|&j;XBU z=gaF6ywn)3mPr+}OxhT%xu_o9>s_;%tr1qUa|_N}pH)I&(#yGj}Xf zYUxREGJcP5C#B4vk1MRv&c)Sir?p$OW3WJvY2aM!1TnCuYjF{~*}(+ihu~}U<;`T*u`Xrb){&u^A^sw5Bf;%v z33IGg0v|F2j?PW^k+Z~06PISUZ)T;i1@XXOcj*`xhxoFYp(4==Uy)uTTK8ozl=uV7 zK@ZA#nE2&%2FSiPUzi``R1+j{H5|yJ=l}ys0ZSK&>(6t*FL&Rm+f-AtyJkiW=TvoR zESoS>mU@O3L3p}yvUP?-m`a9T#N-#yk{5{&pw_;lF_aKPgcxwt&Gf>{JC9>S?tTF$ zCRn~=qnhvfCW}_EXcdl4J7oNbRh>oB;(O=ep!F#{z#eJW$Bv$i64frDPPM2DhC~1E zMYHqkAJ=o<1mE1@T9%0HU7=XYU=`6m%D@l;mRf)^R5#r|-btS!0u+;n`4)9Nfb)g; zG;n3cv3|H7CQjIO+$;M+5mxlp`26c}h35Ru$uREFfBFb?uBl&iu6e}<=unC)2 z#-S8?t&Z6if-~2-GsLdn!7_YkuY5LB^x2emWa4<6sF>_Ho(?%e8`(T%5f8MHjHg9b)s=qAZX;k^Kz*L z6_S7ssshU(XNLF!3I|_NAD@}jlSoqV>=bD2i6_hu2~bFffUq7(!L+niqynkW&Zu;o zw%Tk|LI$UHO#_-YD_gNRWL?dhZRQ58z<#^Oer(gUYIq1#aBO;~-a{V@Y_#PLK1UQn zAR^Wyzz~hxDbLM3Ao7WgN`o_ES?5@^MK$gcSz9}%a$Lk>qWHHZpjd#QNSwikfP zr>u&&es%UYjSdyF&7o!xZ+$5{M^`5*T5>>Y@IV39x0xakznPv}SAyhrL)~$CIX>$4}?gu=;9unN-|o`f``P%svhkHxa7n zTkk6MC8i>y4To)%z=_{5;*?WcN!X4jRfJ5H6ws{OSP8TeKW74zqA};!?9K_z8YR_3 zRjG|16cqZr0nHaw>pyHK*&-YwQ|R<8_HZ^|Rkc6Gtm~pxsvb(nv`FFypzS z-+B`EyR4YK%{45X$UW->o`K^)E`k4g5*xP?fy;*&t(o8f064t(s_JTFWv|UK-gJrv ziF}-%nx%d(frY?z0KsozqKAtg@ydEcN3g(iqv#a^-hr=+OKRM*e87L}C?lWMucpf9n|;7P zQPZ#fsOc~F!7sqd{bK;T02{ko@!nY)DXNh+Z}*XjpTef27Ow5;?pl+)Z^XUq&P_f_ z@DUdm>qiU*-^oY!$|L9qi~{1rd=!#LVonE9cV0VAAGH)z4qoHID3Zg? ze5|#=qe8T8ILHDNr7XGPe@c)rw8tzSjf1ie5X5cSglZ4+x|Btl#|8lB)-c7L& zsq~+y;cxpdqyIkme*JI5d+PrH+CA8P{{~yp|JT#>ANT3{&qrzc&qrzc&qwL{zplX3 zf4qkNk0Ci}`p<$||Bv1W{l7g1+n>+zAWW0|1O~ni*=miN_}MK;vRR$@3f-r`;y+Nk za|gHa6b;yCzAU03!tiVITU6Uo=wcrAx3;wQmI2=*uX*@3eroakeWlX#-5zJ-0GxfPqvUA)1Nl$ z{&eH9UVr+HH%U?8;3JGu?^$L6=qg$f^*73Kw$Vs`dP%L=lNIZYn!_cqN?yMx(q(Z}QPk zy)K)EZYduP^}1|6dWMg9I0CW56_hUf$RXBb{S2?c(m5nC)nxsc1@qZuKln|UtOY5f z)pYwY8EvbG_NsvP3O|9X+dTX6yRFuK+_4PyBM}IT;Sk63#W#qUwru@xwVue}Qe+Kk zV|48aunwCSRS<-9&DM6ziBp&;S(RbGt%>KJ%+{1So=f+(0@W*iZlz6B*@PJ>Af#lU z6xl?vO|WS|^CbvJX9r7YMEzNV_n)F)K_~R9YVXxFzCr+|hQ;ycAmYjqsy?CPbsZLu)mPlS3`baCySO{>UVREkaHb;5nV_gE_&E;yQmqg9?u_bVIi`_ASnbBA zC%oKR1?KbnX8@q3rfIa(Qy7z~BEv)Sy_$g{AQlI|HsRBC!Mh4UbwPYmePmSo^e)7{ z=n|vxrp95-b8PTReXgE39GdYcKt-6zA(&&C*Pai!hWQ7i>~PfdQoP=Tv4eG z(GerkWYwlQF=f*gzO>ShCI2>GdZ#bV&@ulAlZwJWrswLUr04n4jlOh|uWYd|%_ueh z2q)r8x9Z38yv>(h>q~cdX+#^DrhZo0M72)%^cyG`AhXZIzI47XUEoX4*V%=Pg}(G+ zU%JUl_ueSHMvgjU)!5e9A!#<$_fNu8yj6f^-zx9zQofBN5XdKXlJaHT;7CRU%<5ev zO|2j$fGBYbXq%*o=5B+A^0jYwdT%QX8p&_bP)-KTN|XXCm3SgJf>JUEgDe5m|9?qnYDQ4BRvb2|R)iH=0@=wuu`}+|@9-m=UUEU^b#=9FdOFZYGkx z45DY#4Xa!nqvXU9G7ztTu{AC!W-x}!iP_LdJ%X%NxX6w@VP7*lBdi&nbtKwZ=TZ2< z`b)%iupzw(H{D(DE+*?;>-A$Sk&?%q8_?6qo6gtS=b@q$k)#2=3h(5j1p5Z`I1lJx zq}0P9n1roZ-InS;`{Fe)SPj}Zd@d|**(nlUpu@#54%>JSHQ9TE(t3#Ol7B7}_+#05 zIw|Q!UwXcmMzE7|3KfwnM6Upif2;-~;2+b(!at_7P{yX`>!dti=u0p5rJKC; zKHKY7ugJb>ZG$gAMb1BxI!`Ah-RPzF&0bR!RvSd-qARDJfTz#`GH%~Ch%jLS)scAX zHY||oVk(Snfi+X$by-qj5%X9o z%rQ4oVKgJUXZ!UrNclAh=>~zFT4ARaAYV#_l?#kHW@nm_ckL2ZLyMX`02Q|P^Nc?s zrquJ?AcruXN{!{)M1f5dNdkRMSmc8+e1*1;(+(vcGueet=Sz$noCJQKY_`sTR!(SPIEzUdXL(g3Awl#kk9?<4C zH>==)X1BGuGiN|6@A~nsy%RUk9hSnH0q zx{hoZ(@Kuu$}oZ}Z&Bw5A)W2$SLM7U8R`WY{K&@#0FJ27uFtCP=OjkXi;wUIZbzTfgPgcWpLJ)z=N2LK>&V#@X#6CXV!S_1UpR&dzc1fxj9TAM|u-=+Dbb`(pv?z@1L_OHSRM z;9cJUki_U?ox1MOZEaoOHhkZeGvbS`4aTDyC{w0EbvU&T5;d{C_fD0GsgDkVU>$Tb zmWMR@mt>^BxDWb^@SW}NlMs9^^TPV<_{axY71QpBqgq0L-hpYw8H0uD!%6kD@>o1) zXDs_A#~rz|tJU|SgfF6rkyY~MDK5LI`!WdD)^|Og###x9OtLmWv(`^vc7IP8%^{;h zeT*80d*}yPJDOw+YQ-te?>ziCAdg((^vAc{Mz(V5x^7o+=7wj#0hC>Ek|(uxIPoE^ z4%FJ|k1tAGjeC4$g_$Y{Wg?o!m!VMIZXt0}D@L2Ua4P{RmK%;^O87J}aktL6f*ApJ zEy0HVj&t}o4K$F~BG*^Ub=!TNda5B3L2eL;L9T2W=z?>8bsJj7$Tp|>;~`G}Q?WRr zEm)5c>yS35b`#hSxkDZ_vYfffiHDt&$|8syhW=g_X?}NL|A_D-lQAToKYX>D-`sgD zY{v?im37SSh0wzN!!D0p zOX@r9xGdX}@%q_V$&M~ko9qQT{E#qL^mm#4B)HuYSXtX;bRhZI;W}0zE2KF*G z^IR|8huiM;;Qkf&&lh%}Y|p4s_!JX0f*i=6?k?t-{iE=b80}drFBlhkjT?9TStaa( zU{)mDO~@%d36T}{JyhnOSY(`p+Y1%tJ}QcnxqDJ^ilL&|Cl0?l8X9cXBpYMC z8VN$ILZVmkmFkJ6l|+NtB8}!Ct&m#(d@AD;ydTqYuIB}U9{JZwyQXEhL8OwNCDqvY zLEZt7miU6bz&_LvU!aNq0f>*+YaiWZ1F=|*cMn|_HMUE&5xP=AS&?jdhuS6VG+NX{ zUvKU1d=&awoY8Gk879X?KV0I;bAha2oBSu z41L#+ckLezYu64#yeuc4Kj6(n%YyD39J##Ve$xDLaKIsjqjv3H4&V6A_v&tDa;01Zq&pc{Zc+&jtP{?)1s^;#YJJt+) zW5AwauejSO)lc1g0CZQ>Zp_-&9Wp*kSbHqP;i-h<&LCa~VMRBu`KU);htS#0#|WgL zMV-7GYL@Z5LuhUVMofCh|0kU80e^;vN-%!JgC-pKGjfGyRX}VqfULBMDx0XbiHJ=& zHc@610VzajS8+B4*2=jgEg}(G+Uz+1~{xRmjc!y0h=wZ|OzI2CvEcul$ zz0H^2=}Xu6$~O4YbA9P~zI25zO~;3Sq^-)AuJ)xFV6b@{Uz*_s`<&*(rVD)OB44`L zmoD+8Yjjbep~07)>r2n`r5kNoOeW4px~E&XtI)WGFp6cOJvoKy2J9?`nF_)bB02(} zPhMbo=Y-^ok>xI4;JYST(PUVq%%0R$|3a35Nat?Yg^*h@JBw8UIb^qqljz z(7_oBIUXk6VLWWu=K9z*5ECiu@KL5E)CXnqy}`6X6@4JN%^<0VYvJV$3-;WTgT*Z!{i@W2Y4x=hWAT9A3cpbo#Y#bYnRcI1vLnh1lY|6$3_RZcMZi8#>KwoZtw(~^EYN^& z{a|>&ly9MfR5zdbDk@1bEJsqrSikNkov*YANGS}Dri;zvG=DzzcTsvP5Lj z>UfjO0w*lbczLk&p8X^VgzE^|epu@Q8l$I{fK@5EAT|%yUwh=T9he_hLUI{LsCEhc zBbjCPG{O@ITL*45QVs!d6EU>GX-^Vbz#HBE;H0aIsMDC9$!A`J0Yr}Md=UW$$frbZ z7W;3W#ErUiI~=?3Vr0?V_#pxOaD%mf_cz!i_;(RefdzUuA^bb~2As*M01=X?w23O4 zsJ4lSO*l4DW)tN)fewNR{L#nRC;vicm;Cd6>4m=ZVlRyqJWP||BAY0-i4vXg`Izuo zTJf-_&oX|94Q1IT0u7-{X50n4=a3e0AWlDV662DVlWtsweD5jd(-N>owj!C;?-w+I zD7rWKYU>9YctOSz72>m~ZzB_I$`M?F_ijTB@w3Jz`S zePno+DS$v|yt39j zS@2;sFCDz4C8B#XCmrTeR+66{TcAQ0I5NG!&rtv}9h};yU@K%wrvmG36h!?WgTb*J zLmpbjrqj^WQ)AvV$h@p+#Qa1Kt${r-pws|OjP2myGqKmG$x7)p(82kXOF%--8V0TN zNJ8~xQGXSMw2G@~NY-IkoeDA`0xrjkfN|eC%rW$MCONFbl1d*{ywM%HMTGY*3VCNX0)pjn9fJ$@6(B_>(9T-NLlYvSOU%-Z*fDJBh#kIJzW4M>&h+>S_%rj}kBI5*WxiXt5md%L8mav?g8N{6 zA$vvqsPGQC>Oec#KDNH!(wtx6Syp}a(wtvPB5P^RJSOZU=UdpJjBUk1NVD@!{O~Zl zGRMV&T_j9s4}+t8-WJdqD^h=Fm=wy?NH9W;(!_ z(`>nszKDC_*WwNL(iiijuMW9^gTUjy$Qd{GN7N6DW5&D|Yonx1MVDc#_bz^W+Fi%} z_7_D~ear#H;AO*JLAV6ld}BNXK&`{F2I^~v4^EAR6Q6`!Y^HxTxkR$Uqjh_{EORBx zI2;|3a41iU_KU8p5`s4iSIg^JpiJ^ zx*YN!G!CEZx@bH?ZLM?%*mJ=hXv3vN-O!0Pz-_;2^HJqq|Nf*_;UeHpKfj9IWdvZP z-*jxE%qGfhqQEAKY@%o1TEkcP+qeFGA5RA19;FqcUy;6#A3mNW@HT@N=cuZ%$%<_fuAHqn=@i^ zCVQKF^(=Ej8^w8}=Gx2_tUvP{0qg5Jz=o!WY~0Uo4Qx~h8+fH*^3^nXl`N#u9k8Di>tI@kNb0Qt0v{?HvGqAa=KAJZPPobsevo)yAuo;3LIUx+LLxe;S zOPgL;<{sp@2%4b)O7V~bmV$eqr55&8ir=2-QB08iXP?D@q(?EqHnz`V12Ys8Y=`z) zES#a3V0#U^(yK(yAC#e(VEav<#UTI8yj|}rR_2b8fO-T0bsTfDeiJnJATW{cPsn^t zyRLuquT!8mn6GhIJtvbECekgcwannGJRWR_6?bNex1343;#e&yG6- zHO$eHBFwWSMVMz|2{bOFaM3VJB*kZENJ_&TlnV27OjBr>r%8%1M@ot?PsQW~F5kmN z!yF+g!Yr1QhB+h^<|&x!&@jI%DZ>0tJTjzN4MI11GWvs-w@rWW+)us!0F4dC?qqE+ zQ5|6{*_C?9XF@ezq#LNT`U*~>IH>co7WKhK)cIjj=V|kE8TS(x-D&s#d8n7#{q$QN z;kLGv{q&nRUy)_@)1N;D+m^8Z&(gl-~RG*`(JWAoTPg_S4@D zY^nR{7rbS}@>m+^QGI~k;RxvYH~T;zCyeyiPam`J&r5^f*3VCR#F8GS;D4dvI|4tR z+xlzB2u2U)yT^X|E$a>ao93p9W?>)j&(QGIO+NasBa%e9?ElmI>Gl3U3%@Q6{@m=| z>0fh!$fv;%zrTjh{eRd`?-XFeUnSmi|6dl31hmV)pO{^4#V?cliFsd!`_4-AOpeR_ zdfaw*HXo(#C;m1crS2y_l8@5&6W{Y5)eQZ&+DRuU5mUd6|PcT*`s zG6(n_25>l83=#DNztDz_R?IGLC_NVb(IsVBo9571(h1}6jB2)@BL>hoHmd^K1J|PI zIPQuOUyOi|(YdlS#wSSEh3-FF-k2|axT8&ni_h>#r>iD~>64B_W_UxIW(*W~L&S8? zvUtV4xKxHAp8u_BXAUWb8H4+mWA-()NWZAtmTj{nOjZEV(#Sob5>*zDq5{NcfK##M zJZ-ahL{cbm45x9e@NBU}?iri)89wT%gx6^5^@8w3?w!TvfFBsdAp2T&RAK3KANZ+0 z&Y4vpq6Llis*JHk%$5{G>`&Q30JL5H}qT6x6kt zT$R{z5n-?D{H(0Sa9y*ys&R165@*L+-|;og8w1X;W(qUNip*~I`3e|6k|_4XtO+2+ z@zv(0fKM`^B&q7_@ub(RmZ@v%hsld@DDfuCCLE~Xa!#4SO&uM&uQrH>b2Zz(zyU{&HpVz}o)Cy#2XZw> zSh)-X$cbF^B&`r$q9_FD2f((}N#ukmL#P4A_99Y9Q<|W95<^OlBe&VZJNu95FFXHs zuzo8tj5jn`=k&416wPycB^4NpVzTw0hTA8hGcXnv@4SeTLfXm#_rXThT&Av!K zL>)A&)erlJW}hMt%`si>1kgItu!dF&J%CP=ay+MQ;8uUwSrp-e3pAB&A{tsmYPje$ zx*-&1g=+zb{`0^i=(&>Y+`rLNw+4+Pr-5U>qcxv7(i+$I9?*>opa>L*phsq(QT$X| zr`eM@E8>37iBAhcCm@c|^58azV;X8}7i4jqegauc!-|hx5X2$!#17nKb)8+9c^kM# zPXd8}I}k+7;EtmaHdj7_XsEudUg%$zdineV63tpqG-!p@6g&nm&llFnVK8= z2uZ)pn2G&V$h}Ja?lC^8r^&N7MW;LqNK`Xb8n)}eiIO7^%@(H`fMoqeRA&S!1b-U& zByrle+f(|3Q?M|fyVVh^zBLuQd`6d}U|5nARiNhx$VE=#R#?w>9CwEt8iycv^PY1Z z9vr8`p*%Yd+Fr~kWeI;G>OV*ecx)govR<{|t|{#O>A*{?}BRt&WKrpRZ%3P=K&((4Rw`-#svXyq%hV-RRL@fHzB zMNj8I(ut@#K>4Ns4Hsj@gUGF(8Z2k2*E~;&ptgfY5hdl!#SON9U+1eWd zZ+ejxL#bu#Bh0c(c#dJ*inqu>760ft7WmRdHXRQvx`zH1zIPAknBCBYwIMP-8A(w) zMrySAo%hMg(#|uv;?rHx`H#FFu+cB?D++VcieslVqH+CDHINWP!l}zamJbC02Y5D8fO%b z(d8nRcc|lz{?w^^A;@s}s8{ZSsXx;h_0nw$`%*9*(mRig7D0KNJK$?myygA0uU*tN zU&S7PXMWR~)5@?G8-g8JqUIO@WcuN#Q86pnl zm?;RHB`B=w>5OOsB9QyOhr{vzpvu}Igxy{!N&-@8@_3j$r=Fn_4|H5b>a#pzgnjk< zGkkOpBHeh-U?`|609E+Pdm`|omrcW*T+4VdS}Xi1M-_TMYHao{@P;s-^yeU#Y zWON%+tR`XukAk8BWv{@5j@#zTmQgSwIWr(k&f5av9Ag8;MCfn&h|i|B%hBr4E!_#w zOo&2q|2PRj9f`Y_&J>PU5naevLj^)|-cRvlcou~`oC0F0q-hsDPZdniu$`~udzJCP zd*#>;8P9!PE=Rm17qRm2KT|l=*x4W8ae);~k$x;2@M%e)h!NFzDhQ1STn+k84f9+XFpbK$Fp>5f00<9Qh<7^b_{maqzT^>1WZ{_@I2Rby~=M+pK+5 z2J4?Z3r|RdJ&6m?_Oa$!*AcxEMISwTx>WokU@2Wy!~PW4Z^P!PN5y2ymgvkRWfD@<8AOj$*X8uT)x z(Vc2LX@t_`QBHWZTWSQz6j}`afJ+BYL?pc$oj%)hqX0CagZbu01hdfG6sch{3m^FM zP$QV_KlTZxib52gTo|u|%$BdcH}TPC%TKzISYmcY?MF-BE<0laUrv&i-X)hK-jd6| z+tL^DFspdrw;J?Z4Z7BV{`Xq?RRa2du%(}QG-)M3HcB0k@++Y35sV3k0#?HptwANX zsJY9agK?NxulMuoANs#m-T&Qy76m2LfEMWf2K}FCN+R%_btZeXJ@x9{J{Mh-1#Pg1 zX0L*F92T8NNGFcDLqMdPPqt$JU@Iw4Y}yx0W6O~!O%);C895I zWnm~We&MGSD!BY3jFl7-E!YGI4EY=5LhK(F_RHp4hv8Cjs~i8^-fw7g#jpO z>{)wXY|j-Qg{_ z^Yw>`arS#2dC+IrBe6g5#|19zk-i2FF&}VOW0JHQwm}53kP~k}3$dc6lBa}$d>aa8 zv=()^R*KAIW$8s-y1rg8_0=e^A>0)Em(QmjKIv%92pR}sFOmq0{0NKv2(dmbi7=vu z4JSyu-;=eO^vl7*!^ST+YNE;N(Pl}PI@pk|h0!M@s)Vnpt~^20Akf7pwaQF)y<` zNRRsEaY=bp9hf{W0|;$aB_vj9nyqxxR9B?C(n@Na&L%MxYI>AS2*@01d zmZ8*~WD)*1D7B3^O{SvzkE8OeQL8>MN*}Z#87zj?;vjHVyF~+EpfO_nAea+@Lw;+fKeKN%W1V>JqG?#ihz||OrcF0+;(3_B zNCX-$GC9{&GN+j+Z6(c#(~eu2GEutlgRRK&BatX`AeNEHz2{H@Fis5347+ZL&Z>uh zq(`rCj_V6+_$qEfAFw_q^s$(a6UU4aC}#AU3S~kP3IjwI1iD;;sM|F#bpP6%tgL@X zDU62~5~7PWIgq{Z0dWU$#G6@kwgLMZ>G`8H ztHKId^~M_*ZPp0A671)&&@#sHVG(^y4chD$a441%B0&&qI$G@y{Ges*=y%^yT)-!; z{7TC+HA)9qKw*OjoSs0;4VlOV)J< z?=F2d=)r(8^^&~vYlZfcy}a} z_@lru{-%VsVCV2fzdfP*XB#p+RY7S@5<{lVAAs4JVD`V?--?Z%okw!!YHviRwo&$N zmIv+WSRV9rR2D+%ooC35*pANI1irE2wM*85xE3yfI3BSinA+)Q!(_WqI9fDy`xLA* z=ERTMvO$(0yss~J{{?->GXJ4ilO4O>ATh3Rt?oZ~z7+Zo-8vU&tw;aSNO>dz7f!*# zZt7kla9`YhA>{l2hf4@_7@I3)XWwE>3I)cvcJAuYP()ONiI~K3Sf^=yqD<6VZKZAS znkvaASR{$|O`%0A_|ezq&VzZvC-t(OI#KD=zLZVbU?I}5SDazHLyOisJQVjGr@hO; zzC|Y+H@*RdT4&m+)Mbx$NPVl~HDB;7DfjaoJC zdm`2@+p%-8Ru4q^*#%WOb?-v_lh|;L^<>{j%UD6nSg!6b)V0zes>w~Hvg)AhV4VjF zS;IF2%Ms>T64<-J}hX4R5{N8NsmrZyu4JPIdh~prJDEYt{^<}8;w@5HdNh44i zAJ`Vf5@L6IbTy>0@!VMA%IxT<-P7)h#wX#}*B$Rf-Iwv!S^aJ_F}<*fDp|KD;tc-6 z8TLsmdwFQls!s0e>WOFCNIwoPQx+W9m$xkHu8O(KI}c$wEVgPSVYN%<OMkEzfIlrQnW6v-xX z7uuIk_+QQ?#fjX9?8~3{UkW>k+}rKTAIVESl|bdz5n$R4Sr%behCt7t(R#YN0`S%G z9myUCRYU_V*%<6=-DNyo3_?-WB)Bga!mZb!Qephaz#w0J!4RSJ0%N#=!8+~> z266Pp%lk45t4$4HfOB1e6QS~Of5q*krK7y0b0t3Lifixc_v$=3cX!Q5Sqd)`J0Cqh=*ha>6T$TnvHGEnP>RT#rzp16N|Ft~LtPAKvp5pz&>J+5NQH?Ss z4TT&_iYMz6zfTX(G89^!@a4{+wYdk%&)zCw@^PRNoyC5$yEnjx8o-9X8XtcdbpAW* zQrd7t3~H~s(7jgYZp#Akbvv<{<%NSa8?Ai8jUaHenwX{)M^y!FRcRyUi!ACEA$gIn zND|GR=g?JzXGH(JxibJyJ?gg7Q?Fav?CgL?`D$z!KAo`nTxY-@dP?m$VFWHVHwyT@ z%FDiionw1Q2b7=&*Urz__C1XNhZ%@7i)G-`Wg^aP!5%J9)XE)QJKER>R^a>sP1aIp z*r(2b-D#r+v!9|^y_8Gr#&hp;$WW0SG7JmqLVXwjFw_L@dg;Yk8M@9Hasb0=%N08c z_KF~LliQ09I&ikC#qU;kF_Z|#HI=KJPA!5u=;6s27ZGn)DXNb6B9WoJ*WDpt(o@n0SYv(KuiU+-;rTG7F>kziz%Vo#FnM zeBppgHXLxt2?tzqkSVDR^}lHf+dH@s7uDrtFp5~f+XADw-Wk?{VJn8QBbTNfYnWFaoTNr36J6d`k#3*z$kNFfNrPqkSUC+|>8MFiQB* zQIn-V>f10{0&FbV_NB&sG~Ed($za@R{9qWz!7%PZ+vU)IA+L5F+2bo@=>Hpi`MJLQ z_E8M|55f7b$px>;@jv$yU5vHoLB~BA!Ml?SLyH0fzyD;`=~?$oHQomn_dogpyCk zh3=kQSa$vR(AJOeQ}tdJes6#O(=nl`ORf)XIEaatk(dx>>NTV;D`4s^q^>Du>OG{c zk1(|bsawiE4NV<^|Nj{V=&550_!}+e@5BgyuPD2IOlbXQ{P_x~)-U1D%lvtbKY+XS zCH#LC8Me0ZXB~guz#zNy>!T)xo zH^kh7Ax4Pua)|QUd<4EYZKvgr%~IzFqdPW7-DX6Ua1-WDHY~xatSB0I{QP`*fRA_a z!E3Sj?I>z;nTKmkuF`CL3JJNgm*~u|BXih;@FE}L0IAXu-KE*fO7m8g=B+Qyd#^O_ zBPVZJv~CUb`5GZeSQ+}2X})oAlZW{P>4mY3%3j^;IK z^4nu>TdBJS;ZkNg(aW^DG;e1#4_}?4KvtEG_#)=6Ep<0Un>R6E_hlC2+S0sT9`z{H zQJU8o&08ML`!rhjMpmi2q|{v*gFH~QPIbqQ&V8Om>)yQ;yOK*se3T-^lRTb`6r*{sMeAPA zDjm@ji{A=;5NtTEK}14zAjZ<{FXe$%CO#+P(rg?TMm6bGeWH17i->#nU@+A3=xjlHUW;V_9 z3?%oFUs-K|)y^E{1YyIscH`&vFYxo_p6kbjZrO%Z)fZVX>P`5+4F6Z*|9bpK*Rk~@ ze8f16F7DIup{ZN>^FFfg*-8+b(T$ve|My5&a)ERu7fV-ixpXDhVjQ!y0zJb4b|)CR z&Pbr|=!gFovQN2$eae;WQ+~)k&D|GUZl=sNb(8EI0u}mMhQ26JYF}BBliZwXUs=m-dx`&D>kn=gPO#iO`hejk z+06ugs-LAhU{u0;>?=!hlA9^^RgeBAX;xz=9seCh6f$SkK;Ude&$~i_> zK80@9&yuc?(ON+Tr--Pw`%!(GMD=B~ZZ%N75FNZ4&Us&cckHA<84$rgnkbheE|JSI zmlAv3UcGO}-Q#qx2+cYPE0$8mrz4tBp%{xr2Y(eE{JBGS#9bY8*Oj^*rEX`m?uG8y z;m5pkA(6b66+8SpE09F!B^v{_)%d>-gSHO*?=(PBDd<`lmvLD^(H$S~Xf*M)p%kdF z54>(iS0K6}^Pa+HS$*%gugg91D=DvgEB#o&U)Z}|O02~3jRIbaxk`X0apN99dz4lJ)L&YF;xT}3(Ln78)Pb(KZ)5!$ zhh~$b5OecK1y1(5Xr3}dI7YG1u-uhc^~Ox+noQB`)@WX*qeqM)_@Ev}`=qXrTHqn^7(hMsiNQ zAsqN)o&0!y{R-0zi3q54*p>nEBe;~-IO&c zXxJTCTIBHx^@9pv7>`E=G#;U*@Mw*bx75jdBc+C3xL_Y@=r<-)pEXo%GWA(Qmzqqy z*3diAyjNp+OJjMMz`}5swt08d{VM8y9<7ra8UP5Uh7KYy)DUXr4gBALTKWM0KW_2w z=d3TR=As=rud{&jY_(g0GFQ8xP*!1KNu69Vn-S)71mWegH<%QXIbB5Qc|1Z4%aJPN z{qypf9r)k<@&6)vqJF-TUe zW@6D~EIzW3&k^jv0#82ASA+N*03!yVV*v8-D*`O%6*)o4Os-es)^^;MtCLK@4k1|| zYDh}9$^8O3rIX)j5K5^60?1H`s4tHaFr{=@2Z)ZKw_4V z^oX3RNlZMDizMQh0m_8k z>=3-b#12zjxjv8ti{Nopj)5ywL)jc=hTzNOs#!-1Db4nUL81Gl?i+{)#@r8L?#I!( zkI@O7{a<6*EH-30N1yhXB-hf!e1iYGqoJ{1;s589aU%gkSLVz0@xq02)pek5!m%MF zxk(;AU)YK(Np6!XHUQ$P#xoOZlL`fr=gSq4bv@DY;XflQ6`iy9(`foyF^$IC^#*or%Go-D>l{3H{CqNC zGLXA-~3T>{wjg(Qrs>e{psfip*)tTvtNXTYUCCD zsa&BO3waOaXq77tY{C^4{y)`kPMrw8rd|QQrv3nYO}()U%z1q&(t5Qr5_-)x5|0-) zf@LJkJRWyFfhcLscpuBHt_Hf)1xpluBh8XGEGv$O`eE|AvDcGoC{^%q{)+S!op zmL2s3c8z7U{P*((+M2XlKxeBZ^eO|Ltu|x-Is?Zeiv5s`#uA~RSRz!&VkwxRI~*dU z?4>8$f$x1Ghkk>dm$2+el}0J+ckphym=#HMJXIRSRNpU4-|n>SDP*qdkQw*m_0Lbr>MZ z0NEy2xEs8p3lXWHg@{zZwMYeA^D~L+7e*~2A}Vxfas?%FMTf>KfCv&}gW1;$5&$6* zb%_B|V1N`EAjJkqi2!-V0MTwI*&z^Wt^oN6li8x621um=Qe}Wt8z2?JRxjPod;_G0 znV<=o)oD@>FLJN#>S6*0sag)bu<&hzJO&>5aS&Xr^aeZ=YeHG&%sIPt!Xq)L2Lp{gnpbE_T4t;T|$s`6Mo;|QZs z2<@c<|2e)P%m!6sG6|Q|THMPp1XtC}OzbsrBW6yn+5u#TM^Wq>cSDoh4e5nDn*SOi zfDIruH2l?)0ry=N%nX?$TW6TSN; zouh?b8H(mhGIP~5vCh%nT5)B&Ym=)!W@c|XqE0btEkK~o0t8n90(D;tVCq-q^QaxT ziMipJTaG0R6}VRBr*;pl8R$VJ^`MG+P_3>(*}b+KS2AUY7ZjvmE<-((qZ%qu3zdk3 zX@dx&&;pIo#Xtsi>z^L*#RIwiE|z{)^c4m8j^2#XoV71@T&%B_>3b~uL+lABL2v;u`-oLSW@?ZjK ze|1YDEh-P>bC# zQ$DTu4mWdvJ~=~T99K@puzMb~6hTzQEo#;bi0UB{QbI!hOhW#l_sNOh6zYFs=;;XW+r-P2TPXa0Y<6A9Mr!*NDJpji- zgx>oQ78-7Oc&pZo`ljguVohP0Ie$z|T}UFTu>*YiCTXCQS)?yXn)m`Eo$dIq+jJtgYaUa|E8xNbyjHBG(K>T>%3V@HHDuJ9o$$Uz_v8OF-MR4#QO_h562il}S5OWG^BoCrWa-E}( zK>@D~ysuqCx>{6!&Fhd`!K<9vka%7bLtcMqc)c=(SF)T^|K|LK^#V8Z`3sicX66CE zLKEws8`b;ZIoz1!*;cvm+{AL^Ia%dw!2sPRZ*1$dhZSiRP_Ka{W+L;Hk;vT)5;#+% z*9Z=?wHmxP@gBUl%5y_d?Gn=2 zqBi|M^4A6{=RzDgr7d5LP!p1l$8yd&Zy!sIpn}zwhUL&&-)HiGE+d@5}GH{&QW) z+1};ZpXc505Zr$p2i#B8xX)uk;(n>d{o**>DIc__Zu>9^oVAge6dBRSVUOd!8(2t@ zi!x>3jC|firr_iomSg`8NuSAN%$UQQ$drEZ>0|VFtQ@ed{qZb~C*zg(&>&_QVS8!7 z?mrS?T5&I}_$FHM_Z{-ic;r&}x=dQ%40;h{R{nk<%jH2Q<-e73mEVVdrEmTEZl#*y zTl48QGT=5cS6Ee2q4n^saIte(Zw~8yh4sE@qaR;C);|*Y`2F~84O14DmVxReK89y- zC|Kb7bc|NPJH$v@Pw)UVw4KC5W>iV=ki!QhwhS!rFpu@)3-GWvI)W3ouAHlIH0bk- z=pvOU+O}sbf}3h?vv1xmQuUXykg6<^swn`NA~isZ6!_^BfEYhXf9$Za6LHO000a61 zB1Qk}Nq-;d4*;S#8&RAAk&X+Cd6!`w`M81?*mA2RyenZqQA+M0G-}9){8uRXzXgy^ z){y$hp!><7yKM%=!558(P&LL?2&2!2aVlXfB8=BLU=(=V`~(0rjHLo2-wD?MBMltB z=2+u2+`wF7E1QX0rvbeW(Bo9%6BP946MDu&6t5zobAV6q=eObtB;w$oGzIj{Anabk z?lo3-%ErJ2dTCrWgU1Qu-PXh39BAPO%n;y*>gb0m{Q+xX`C(-AL#h6NZ9Mp)Ao^h# zKLBVifX=}F_csGt9cS3|CGwz8?Rw^|-rw01oWZ*#TOV`PU;XIoSpMfWmK^rsl(T+& z(!mUCWr?oQ{=+IKN~`kM!cw zyDom^Zan1}OXlCRe{|ZZ-9EunuCe6lVF#A=F2KSJt6c{%}ik$seYK?e88a zHT~mg;GZ}Yu>`|5}uc*>8ACj+bZ zdsuVdy(j-TJ1g&asd@Qm|C*<+x#Dr8Le0Zpx@`O{i|_w6o>23fU;9QJJvsjYJfY?t zEq5>2etr(0Q1gBLW?Xi{v42>GC)E7x;$Yt&A4)zMPpJ9HzALLfJ>|9Tc*O6Vh?4Ks=8P^|AsB_m@eXcp@`(e-E33YCm{?*^6 zUD|y(o>1p;W6wW%W~u8DJfY58-W+i7xsR%k!xQSfJ?qY%N59*66`t}VRhW`u%L1?Q z@;a)OJvLpRzI>S&0PBN{=x#97tJRg1Ad%S+j%9d;BXg$f+ryp~sm`I8d8uR2tf+xb zLPudt(-jmySN|xx{>u{8FRH=%Pf+!bYq$Q&G5_`YKYhu@|EL7`iv|k*T)+zaJGYDf zf200UcKw$ns$YzW;IHZ**KYllHy(<=wgNuNWg&LA}XZn&2%p1WUUPIRNe zEul4v+Da&wZocwb-#p0BPeCAcq1l|HAdp90SIx;R1U>@3b)Dy~yQIjsjgzq8svKVB zB+P76XCSif-F#VMB=5E%ooNAHwJ}1a(Qm)!E{@XBKV}k$d~PEL&r}Xw0W0|m!1<{@ z*j>>Y%5#zdA>0-_TKcW=+;u>TTW6evCGw+K{R%GEtv`smKgN39N+!=YlGlT9cb>1o;E`3n`Q_ifY-;e)#e@iO5w=hjTPvkuqt-C0@6P60O!nw4nzv%ibaX&*5h0y zQ0Sw`vv_G8eXlHiJwja$SC>xe^62$&d9^SGwvCI)pNS)*Y3gPEz*U`4Kh7NzMyMH1 zhN-W>jxid4Y@p1;6=!N=?aq2iZ8N2|*&1|Dtj(atkiazE43ZuXecom)N8kH&4gjKJ zK-ewWdDAQhjSx_P>e2G2*r^d0mJ&+nrYHCrVPXu)Hztfb$Xmqa{PXyt--gMPWt%wl z;JIsDD&9h#49=k|xV^4G6b9pm>hysB+;jSKtb3FO&&C{ zsv1Z`99`FEN25S5}xfjHuQ-48*t z_s^gy18P5yCT*7WUu|NaYjxI4Xl9$NR#6g%`M zb*WaDDe97b4eU@QW;@2&pNgpcIhmT-#?UQnP6k*_n-jAK$>Es2Q3JcmMM7lIm;Xj~ zB?#k4{??yVa-7G?FO}GQVH$$mGEa36@xb-7xRHnLNgv?55PXlR2K5|1C~C1!$B;Aa zK|U5=q~@({>Z=Y@PesRft!xy#!uY^K6>7V~=GvNGtk^Iw#tx2K@!mV(J(?GRU8=JC z)ocghW%6is4VWqzO^<`k`H?$RbMP##`EoX1EK!XroMRAAw0A;^3V9ow(gxT1dtHQm zOWXx!Q8K-_`7X;0XJ8^dPJIU+2YjCD5|maD!cp)|`L&~ZA+i{mEc?V(`|!aZdb^-L zf~GR&HKDlElKtkzDFr~;Q+-S{Urz0)(^8NR1!8~MYWixGFOykPk)@N$@)5qMsxpwJ z6SBBemL<_FUS@G2OJ|jZZbM~pBTHvwIZU!lKMsP`G>LLR$q@h@!jL=DmYw)j#D z>LKOMHT%~X9%Wo+t$RqaoURJ!t1c_Af<7%okQ=8@8Bu-eNwlkWil;=EIoU{muC8j@ zZoFu`beE=yGnN7UW`V@5Tz#=4X)y{`4RyPV2Tq*xiwraNg8iY&jZ(JpP(g5@sa`%* z>W2)g5$F9n^I7l1V32td4Zzn%qk(Z+oylQ|Hjv2q{Sy0oSmRvPKvJN8Xe8*i1{^*# z9%BE`RK(&rtS6IEO(u2(>D=SFBn&2D)n0Vyi#jh6GhX?42Q&t=diMNu^8q!)fSHH^ zaf0nH%(VzqZdzk~Hv-Vz3?|ypwQ7%gW=s=y#O+yfz4y>POU@E0S>?JA-;%9;pB`wj zdcKW+e^}a#@iEtk3_&Unx5L!!@wgp=+gevTvRD^l!p|y~8@I8&O)vnq4S%0m1%wh^ zz5->O{57-HDe>f<^Fam-QHUYM$N;a9Ke>i6JCn}{(>R4kcHFJsewbnQKawNn61`x* z>6*t`1{gR8iTvRq_$$OL^eZq4{c6lXzX6jRZp9pj0H!!h1w;OU9S9818Y46$$yj>) z3prcn{O(T!v51GOd6KcFXPZ&Krn^71-KbxCgps#KUaULGpA|9kmdi?=^-Px4%x}rq zw;dTjFzVm$?GG*YXJK3Lb;tWd_5Q34MjjRfVTTrET8p3Z!JLLxMpiFds*O!3zSjO@P5lA^@}5pJfR!&HfPP zEdT@pbHI;nhyj-2qIU0P}%AYrO!oRaPzl1Ol_&pVg#* z+2+TV(HfZT{!l~#14c)I`2+&P4MD;e<|trtjHO4fcP-l0W7i09&>z}Ykc^dMpecbl z5Cw)r1~3pmrV(H^`m@#uFzfwXNdXWD%*Xz$9SWF_MBWu;K2|CK0S2R^zFF2T2M%JDZb32@T7sqo28&#^Hj&5x26P87%>v8@e^#9U17(8( z0t5mB5YaZLHsL$Spnw5>Q~>}3Mn{492m-_9df^N66)^e6(u}HGKmPC!y`KXIxoR>Q zn1ZGR=IbahBr<>j-2n_%+(CfX`?K~5Fvx{fSO9^*tn+6<$qCF_A%g;Do#+IC0i&b9 zKyw?owlI95PXXgImJUoweQM6Lhv8F)*%?CtV;D=9jV~LLd{y-k9cX8Y6fi}`(wQ%R zdC9V1UUmoCnPLS@v9WafD=iG;qcyUVX$HlYLUOsN8<)L8n` z14o|w(@URMcA%XpQ^1rNOV2!F^$GJkfBHxV+L;OkOog#@_HS-_zkJst@L3&YXNI7Q zj~=L}v@F-2r}pB%+6^;?zCR;xy|DqqQ}C2Hv7mmf+ejT^h`IW}NWEJ1Yy~SBE-u}8 z@vg_}Z+ZkPpF7G*4XH?oinnc4ilV5vrIRkm4pw97juVFE&$wvWcO7Tr6ipK`CZla^ zilf+g6*khWTKejTGsCMMt@m`CkyK<&giU7K*px)E$xzrx_wCXf<~~39ohQ1%C6q zU_eO=jR7gLXR#pk>SaBuKd#+BspFhYP$-)SAvl#b{EadmHbOpyP@N$3+!r@~d+G4= z=X9LQQIt)D5L`=J2#Ni$5i%4)YXl+hX|J4e>#Dp39q4$3vWXCacWDbDF(EcWMGB$y zg3tw72j{FgF?C@F`W~TdB81>z+Cpd^fwvJVRtRksgud+l-LlowM!eO5?nfw_2qE~G zwh$8gY$H^n5NZ^Jmfy4Bygi3EqB-7C9TGvIY$Al_5O?Q zo&RA6Iw7HKB81>++CoT7w2e@iLa12~8b3X?arpJ?I(MKS63Qk(=+R0-*d|VO@>RQ{ z3Wd`?zFS&0u6x%pC!N%*16`32HxW*??c%h?fs;aCJZus={*9$S{%+%i!LF~J*ntj7 z=$izxi#$ z$RBU*TiAilN$8sht$FRD)#yY^C?IIbFyzuN{{H7jd#2@I)`2ccjW-|Krg(HgyJ%TX zwC3?a(8?4c{QUYC!Aiw|Ct#4Gqx$QDLf=Gat!Wo6u{1VXLIFX`CuogM-Q|D6dh5v!^jkvTL};yV z7cH?gHd;afLCX-dl5+>XG4#e`I^i71;)^^bnOJk!Y6cDtE1g(1?+_%0gJQSm@ z9W}Zd6#6DYtFc|Q#M0Pk2?YeLVnHi++2x&|8a@`IlpWTyC-hB(mhwz(#qMHhY_x;| zf>w#3m2v5Jn~%2c+t7i2OX!;jE#;ZoLQ5=-jh0YA&?*(QynnsnitNr0ZSFw7CG<^% zmhwz(p(U2aMoTClXq5?CzsTC)VLhnnvG!avzS>$t=Gme4m5 zTAA&lRpLZTC?IIf5wsQ1O1lJHxXL-?V?rTL`x_jXe|`9 zChoX?^00Mtuj)X*CG<^%makp3DxGKv1q7|dg4R=uU*5cD{HdiK=(mKviO@3IMXT0{ zmQX;@suQ$+eEGYpzny+hc?bF}p>HCzirPhMmJ==`|4c;(`YoYv zBD9LzMQe@|Euny*wO-Jg@Lcl~y(-q!bfDi7`X)lFq+PV;Infdd2wGbOt)2ZwALCA0 zJ+lM-me4m5TBYrxwZMs%P(aXX6tr@Vz5dq+T9(b~!1k8VHxXK8?V`2NiIz}6(6R)r z$eYtYZyHHCzD%wSBu@fz!fS}bZXrgByp?O)b`eoN?^2(8L?(W-Nz zB@_^}_6b@iUp8UK?uy$ms@h@wghJm$Xw|lh)*2^TLIFW5iEAj9&b{_GU%z+$iR(Jh zZwY-9p*5>rwAMS(5()@fvYLJAVaw~XRxh4`E}D*7I}sH6CPHgYyJ&57q9qg%w7kNt zW1AY^-8}W|C{xWCHlPjlQ-?an% zme4m5T8rC7Yo8M>p@5*3D`>rtwtrctIT!TkK))sQO@vlmyJ(4}vAaKo0)ke)p!KVZ zdiOl@@Y{aXfqqNqn+UBn?V=@?#zsphAZYmnt(vKwe*OLAPjWiYZwY-9p|!qUw8YZb zXbA-bEkn?{KYO+Bj_1~$)`5OY=$i*<<}X&~FKS z6QQL%Q(Hp|Vrgu&gaU$Av7qHo^UiG;(`Qfz`YoYvBD9oeY6~r~G&Wj70YR%o&{{O` z{I{2FTIugVza{idgqHG5ZJ{NW#zsphAZV2eTED&Xh9BpiG_3>IMh1nxiO^D>sV%g` z(%5JT1q7`!L2KuM&F4Hf{_Sfz&~FKS6QPwv2-_atlCSpo7Ojh*RUv2{ReaIKGmjoT zw&VPkUO}FU735eP?oY)k@(}(~v64K5zf`Oy58*ErE6PLoOU0`45dKoJvOI*p)T#OY z5LTF1t*Yb*`nfoD0El^}hw8D|9m~^ei6(Zv#bt$c$}w0QZ`H+C@MA*(>=7`Qo09M! zcEZ9AUvd~8x1o}yTiXxw)V!WXsvY1)BiL}Nvl0FSHcGezOWmfzw49(Pt8wS`P29l8y z;|ue?FU;E_-?|rMZNVe&n@=o+RAhZonD><=>y0$HF9Q zZS0JN&kchPHd`n0e=~sN_F-MVz`34$u|q-kzI^OX(C~84iG^9KadfAVwVKc|8K8R~ z_l2QP3$i}7q1)|G-d~t}pdk4G=&`XUpxb>4i1N|O^S)cbH|Oz9s{N*+{_0JQ0BI9I z5^6+F@~2|Y3u3?P2&2pD!qDmh&p&!x@mpGj;m9)H)9nv0cjE*?m5B$nKJw& zlaOYcB9pLr519A`c2DyQD+}{h6XIRq=68SwTP5&un}Y0}!mLlhM}IOXbpYbL^21F- zGPQ(V-FdZ0*lJ4H%7z_S?>bjVL@n9Vb&&_V9gLO2w6e$zMqjWixT#NHzr|Mciv=6n2-RZ1LhYp@u?R{{6|jAYKqML)iHX zBcvh3yxDP0KY&p#n3E~w%y$elCcqhO}1T-Fp+yE zBOePw?-bYs^HU}FL&&hZ1tjc4O4#>K3Hy)|_I+y!yCUW5WQ zum(!lDw>4%M8e)nEMXmP!ZW;zBB5@F+BpnJNVqztBG!!4(AY{=I zf`l@Nm2@R^iaMG>IHWPz*4vJSq>^_S_DBfG5J<;1`&x%LM)gXcj!x{DMS>3%`8r}0 z;w6F0ZZJsj0v(8#1URS>(F#Kt@xKgbh?X6*r~t!`J0yNk@hcdF=whEns}XgG|7Zs7 zLOzFyf*l3pRyJ{Tt z6x+NFciaKaU4zZf(zgFlq&L0eMsaqk*#2qQf6g-_pRMQWouzCtmaxfK!U8Ic5HzNJ+mjL0?6|Aj@`}tvCW!JfP4MX+Z!%$vw2g3!k z?9-o6b%uOIVz*Uv(ND64Cic(cdw>L(Wq(-N`?=L25Bg|KZi=eFc%>B>*21o6d_U*d z+z<4R(HHRO^Mtxci@lBWgzPhne4vp!G@JWmx2z}aATmTMY~&bb`tGZ_StHMk!WJz1 zFEHvO=W(O#`u*Gj6e+paA@?}6mb~?ipb5-nV{Jds#0QXHHsR)W#MmO3B)7Kz2P?#4hjI7{7{1PS1LqCDp3i4aXVoHFv=o-WH9Jf zpvhwTDbnn{NPFY{1%QHN+J3bv8iL@5VDU5FBL^U`TsNzacn=uy3f&`VmC?MLM@By@ zY7k^#s>y+eQa&W2iSSpOjwuNH zaJofN3lz&Ub2pLix7<^`SEw+!exKoaa}D-a#a@MP))}kOQv{Rb8N3GS(gQog@=O%d zzO_e9VopK=`)wX;ngQ(?%n-AupZ`&|8i&s@@6U#u6v~!%-lNgscgdse0Uyx?D&aw&BEU zx$)UIhTK5B03^jrI20A4%BxffqKKe#nkR)6>y~YGeytV7AZH?D6EgLD*lrE=)^oQI~LiTmShUl4hx)x`G0>JEw5j0LzA#Jt1)@iRRGb9KZq)jG8 zz(>&nMP{qxyI_ej1Sqv}d8XXUp?EkRKtzT`W?D7xD@!D5kSkjer(@S)>y5cUF|2g7 zl$E%d31phBks66wduLna;}tKE#t;yot-Z2aaDV`HRo-ccVEEjG(MJ;qa?oDl4rbzV zs`w$9as_0`G*`|5rzJ(cSL85go-2T?vVVU6Sbb1u2$b8FBd>jvAvZt+HQAb;t7r#$ zd!~<|SH%~}or%Pxj@Me%mj}=2Lka{^WTIyae&Pwf%DwhsjTTDsnd-8R*F(`xjX+nc@Qr& zTR94ps$_2>_@)jVHNxlG2bucA7eN-!$Q}@H@^Io6cA~Dw7T$Sld0SH^`|QKoHNl5H@7tdf}F0G3)uV1X{6rY3w^ z?6A2d4ovJL6N$`G+O#{rONhXa59<=*KWZ|3bFC`AM3W(Ky^tVq6hSB=0CgaS3$MZAJkbs_{c*~R*Kv3@R*XKk6Q8fdUrcow;9)|PiMR$~MR`;6bS z1TT}CYSrs*`gLRim>^#wrJ5a;QYOix+32?Zt%>Z7d`{>PG7&KTC@75U2&@1JE(mZ? zl0-m3#}~{-EEP_Bh!VFBVpZ5uF?|g^Gzm9pJNz@Xz^}uK)#zrJXXhsSp*Lsmq|LyV8+=Y8^3j z6JAMIqt6%+WNNf`r#V8Zg#v{%9Q9Fpun?KnUT(w=>~jd|0;Vz3292d11i&DM%0_z# zES0A4@Sue-$5FeODQ=2(F+^_=9*7s3B+5+K?i6;hCcBcApk%2`$RgI37Ubc}qZY(& z+(Ly&HfE?}MzM&h{h*7|6cVn9(Gz1d%vn^eHjM}iu4Cim1sm@idfz9tI3u!A=#n)88}LztiFS!ia8Yj2elQa z_TR}~|iRUJ6wgK9OP zP(*x@bKr+S#Pz^f9K=@M;77aOD0k}KvhPi2Xl2_TZAa>mi1hGUM^|YDjhqH2;aPM{ z%_k)I3L*I6IKts|A$T(GJd1ibxv}(s&5eb)vzqt8&i@K`jt10dBi!u-n0~aIa6ZFj z=o?{`EfVrxt7V=I>gp(;oVfMkc&R^_N-G7uX>c_$KWMlFd3eP+N*{ zTIS!MO$x3J;ABKsa5{Xv>FQR-wt`OHoyn)vD#Sn=s(Z*4p1B|??E1&c$XXY`i?r!@ zvC5SRFmbknjR4BJ8SjZWJ`c*)l&nAW>LfLHCD7e52J!0L1MEvfTnZzRwLLRvtY1Yn@> z?EVqIiMwKDJaAXSJAlh$0&$l~QmWQQ4*8!;@|Dq6Rgi|Nd)f+p55UT)QaEGH;E}Vl zc;u|2YMlHFKT*h7m?h{N%2e2N{due(OtR^bAHy9Y!Z->TD?4Nz&dUDE$}(BmN>)}E z!#Ez_n@}GL8wyC9j?t)k?n%!sH`Ns9wP|i7*w#XaEB1`UNJDRDnq( zRb;kI$t==U@Gd7tHDF4YX9tD|)5Xt%iatP#^M_aNh76Zz8AiwGxq(Um9I0rnZmsOo z9~0}_t%Mx_OO&IuO`sIW1xkTjpakTxL%|@_trgB5jnVDfnA#mdka;RHX)J0NB8_We zyysm!|E~tTxrgdsA>qxJu0X&H79^l_6fgj+wGTK+S6o#4rtJdHO~NDE_gBL6bbIjd zd~&dfUIV;`G%4N>Bs}1mPxB4%hztt-ij_19Jht|gIJECTGk};wAVmAxJD+^g1*kuR z_1pem)&D!z4`@`UyhD!MQU9T}&tzrKu`zY6XSUL-;DYohOPB)B zZnPy9d_iTceIhvk*A@{#sI{+xEze5o668ZG;O_4LS|vdf1)NLJ9*mcVUvU06YA6Ow zfJ=HuwFN|d0#i(KMT}MOO1}Y_o<(rlQo}j&(e5#fs^R&7`M+}h_b-SKo|A*_qINj%UploBAN=iG5V4*3;6dWiN`~X&gOT9jX-2pL@xgoLhQtTw!>B?3 z5ytm>JHTK8v@1q@pn?U^4i=-GU;zQcSJHJU@j9Xgul4&U4h|v%5lUCpERMe{|DoR zL4@mnAYLF1KwQOx;wTSFw8herDl#kfRAgK18SK1GHSKrWju-y?HDvg|9xw1bKp*YD zJ$+yKn=;ye0PTnu1UBHJV;R_sHf?Rl_6Ipy=j=`hyPqf;secgx)I1N60xu!M40?qs zhr^1u55GKK5c&$d+FwPXifJEk(k%xatq%h{|4Z@0A)FU@Z0##`Xx};uK>TmU3x-4c zu4ZMwJYKjpalB9xl@}kR9e-M?h5jNrkQXgE88NAbs7t(H_i4tWU>!2N^-svhAGLf) z)bIf1oeSe5}IZvI{7&|xtV=Bd;#gk+q9eR@*_F=Ab_r@1u)dTY8h7F!79?gS)k-a zIH?9ho!KnGba}^Irs`S!K(y&V36e1TtE`(5M;-a++^^^x#p5cys zCPRgc@mUI)W}W_+;!1I(4j-+-UqWQZ@ji;Wnt(&e}BO?HtfuK-B~cwWK)r3K3$(I=Tpxb76|bQxxeiS>Oowv5G;5`>+b zJ&*Mx7|pPT4LDS|YmQXv5#yPW50?1A5-3<19N`~vT=W;yuES}|n6Omr3%hC`0};*M z8$iReNkamP?grbf0q9A8R_w+XyMtZhU)4aeK!VVtrm{kQtyOc;&G;r|8Jb-V5ingV z-qd6g6@pxVCLHl#$GLUoLyid&kRpB3JThNqgww4@p+g%3M;M_&`JAnX6^@~;Y5>5F zcY&TgCyfeZ4FLdzr;P9Maa49uQv;yrbG=siP4}q;ZUR{hE0TJjnsH+-wZDYZ#H9zyH;p_wYmwNu7`9|{xAkb%P3q|!`g zQguilmmVubhFnZ%$zkcHtLOS#feL9le92CsX*)uo%n0CN`uc}qMtIJ!YCZAQ3wR~u zi)`nZI+B$_)*v}TTdL_yNx}Dg7r9%K(XN}Ws;Zy23RC|bfmL|zk(gEJ5u*$Y!y_C9 z2Qf;dS}_dANR5hmkvs6+%4vjc*n{DYIC~)T+ahFa_09_Vt1|j42$<$mI7Ri`ilqj{ zsSxEH;lUBtBxUFtZ@5n%K;}0u%Ak;p6Cs(LVT6WdhSO3Bv-$fR%3DAAa#4;E>Yr_0 z{FIWKN))2~;_vT?y>fcOYbs-cq`Ct{kYZAW^Q|u<2ecvPC>dw~Q(csw_etb20do|( z6QG_@ny&PM23|S_Wbmfgep6!Kl*$bo)!{OzbvZ2vG%o6v@Bo=82i3#H81MPS^Z1Hd z@zC8cAt=iF0k5l(1)q3&Fe%e8i{Tw?U>j479%KBqE@oe+B%EmATO#LDqxDB zb0UDgImA_wKeA8@Ts|?zoN!1TAaYy3l0@Q6*?_i_k3n+lxX&R72jZMW%s;UIzx2?) zh+NI1zncWg?$)NH!N@GT(`JxF0>T~ICw$JZZX2$2JXerP)ktLmshkzo?9UL$PIvkz z);|RGyNys^kg;zzjsSmbwv23bF~WFN-QecH*4N$Cz*ZH$C0o6p{0=9B2XG%d8QeOX zg+C*nFdn}<65uDA1LYJ#x~)h46gM7ZVn8{{fR@_0Z-?{+LClk^hj*()(1W@?Kyx@SYuG*U{XnR#X-VGNrdL%uYCjTtt$&(_q>FHv z+gkPsP&~#vRtJGd1QV_#joq_Sy$l63358 zV^JOC0y$_KL3-E^Ol(b=Dr2px)uTLe2&zwH=ndfJNzFXYt3(b!q|h~V3W*|staTi@ zO?UtWhCC`i2KDZ6QqKvGIXHWPo?oQmx2<9?o>w#MO?`!Rv7}Tz8>8PEPcXprW?J6B z;YmgmPEy-?;U33QfKp}lV8o&Za0k<96rjCly;8{QrAk( zS9GpumbV;PDwzcSP?7?B<%4KxMZ8FX{%E_fSKt`7$ByQN8^{`9Bu)mwu5KpS<{4KR z5Vz9WUT4?(&rYr#d^XILp7+H>4T4)a+zQ_AlWMy)g9^&-8m??jz%+X4i;^F9rYLR~FVPgAC?LBso)0U8QZAsb-6X3~xBixL?I%9_GiF zM#968jFJ&DGI;|TH*&&heUKFHErVWug@7&XJGPp%0EQT@&(!n33|~0y>-!{2E@lpt z^NV1s8)LaBwTQ(->5SrV+A@_E&E&wTd|iUqi2Bq1GLqA8waQsJ-|PjKwE|Q%P%o6% z1P_pdftu@Hg?d>NVr}?So67Rh((8fBWV}v&mq?B|-;REyT~n%TlY{}@bJ6dg(#1ZX zDpLfXkqd&nxhFCVhsc<&d*7OXTb6lOFG)0OGxYseh|r?e&8hDapRH5<2^Eg`%yiZM z>k3sSun^H?p)A>JeHK;))PC>;3z4%hgwo1CfOuX0K?XkOgwI@t&jse~nM}f| zF9o6Du=zyFbd|kVtf&B&;f95aHL9&GC#C`;8G>VwMd2I@<{^>+b~VcdDCv9ob3M9G zYQ!>d@OpR&y2H?T>a*%skT1k$!D^%p48j--zG4{WQX&GqM%nrPeycszzXni#v)eR3 z3|8^bkbj+fXz22F-l1lZ|RB8PU~(9juZy9i4tHqRcp-MN;*q8 zznfLZDq*=z%NZ6ViHptKh&k*dfebD_5lDJ)SO)8O6e84(d@MDAFuoX!RL*EJYX zexYD!nqra4HjUYU8T_l=p+XtL!#vc^FTSY7h11f}sp&d8pW;NTNEtF+T|QHC?zO%{ zt&w-xJ@Mxxk@&|xfW#l|3_#=jt!KtNtf_h@tjkzR5&sE9{Gy0^_5=D6Qi}2eO3W1?uYxN4#N1 z`)B?PX>O~31}Y!zX<<>d9i}0s9U<&(v;HgeW3B%0nM~0bwxB2;^lf39vKRA5m>E^RZL#T%{U>t^pduQz6~EZ^oHYEI$$!e|XsbqxgsYB^G0YGRPfj_PUDVkmC<$ zZ$P-W0SU`Dco8NdOQ?L8cX0TW8vu*nJY&O<;5VLN4=Qmedlys%X+!=ENZ}e}L%WP( z7wV4=Bzm<9jIAE@RDXsngCPZZDfsWtOUD0Rc?JBk0$)6fru5*4(LMN~Z;!#Xee(v_ zj?PQ=)lNZ<+Fp3$$G6(SJrD-KqlJCwWkwhd6VKn*qY zL%bPP(~Kz7>xZf^?si)X<4R*nXi$8Sv}6(sA^3*bwrgPgT@;aJA*QR}dwPW~DuX15 z0irK^=}%5zm7v=NM7G0-5IRH*5-K9Hhw1tDT~(By7Ln}&uXRgYDa-&M;Thx0lcquB zVw$S24>n=qq_sm`K2?_w)#dZ|pv?tNj~%mL0DP;8&&wG2SM3zH5_&#+9tFtMR}g=p z*fHIp(+h2>DyK1qMH7s1d6EcsGa#(oEPWQ0z89NKGLbLiceg{Y49MEL}T`4FG zPuYZ&@N2vS*}$^GaP}rYgx!x$5I@EGc4RB;x8GBJ6Z3~FiXgLyZ}DZg{bc}eU?FOb zlAA9*H9tTl<;{n<@rRzyt^^{3Jd1jt4D;J9XF&c(fg^`_7WMB5xz6?u$^X$4ydNp? zzPu;iceCHWJi@ z-_jQbzw`tfVL;kK+`472n4i(=a<#f#sV>9R#ZZ?4>T-^{3|a@%G){H$w%wlCNVdnX zXAZlXOA$kb)3(Va{cBzz+KBul;=3Gn-E{ryQnt9*j**yEfGaay%1I=5-Lb>UhdPp>8WTPT23uTIQ9OM6Nhn}_u26f4b@l0yDQvr zio4dI(j}ah1WYe6dvyh-XZb_DQwG+ScXbb}9o4l<*!5*K+6EZoyExR}(U(NuDq*yB z`E-mpeMLW(BMqL~QQ1fNYRj{a+KG$})$lg?I9reA) zROT8`sR>bj+wvj7PJ8ruAW9z@hw22%6oHK#uf-g73W(|*Vh336Jll$qYJ?JVMm9_w zM*ihsX+MZ8J*1sr7G#{2g@C)10r+nw^IA=hI|@OEdA(;YXTg_JICQ^R{=WphJasu| zHLyIvj<{R#zafGA+oLA{rc{a6gD3aF7 zXiNXK7gY<$Z9UqF?H*Zeh8{FEpaPQ7$O1bb^@Z9sDVkSaQUQ8iVr!ScAe3c)!%!*F zx_lL|JkG{4#?V&yexmR#Vr-3y@Gq~9)fYD%AyQ+QTxvl4%z@wn8$kWmd(0YUQ#uDW zdln7o0+RpEvuL=x_VR4>#2ig7!$7c8u$&&ToQ)bdNb!Q~wW~x4^p+Xc0Z0McOIVX! z9wx_;Px&*xJ+)T3Lf-!l_c9>_tknbPSP4YW$KQ>(rz55(v%gz~D?tXggAA?kp9l{Q zdj~>~MZLfu&TlXZCpkd|(1kH4@Ghpvd972b6tEcp)`KQp34&>6s>VJ#?dN=|I+`=E zib)|D`@Ei-mjE#P;sZm=PiFVS3^Bo|+rZ+Z$^$aH93?tM{8B7Nb1r8ieupvpF1j+z&3X#Krel<;|Vd36Q&QU+7giXVSd{D25hd%+JVmWaIK2k_DS z0B6XLcWdnWfGx}e+ZXH$7{qc!d5{cgSq3x|TvQ@i5*10PGy}7mHVXPm+x!>6Pg;C#v3E}@t zHj;lbTGkpZ>k2{}jlCZm^#|~JJ6^9hTHeOaUVgj|uD$aDgst5%Yd!!0wC9!AUZ{Tt==byQhND=%W#OTiB-NKcgd}4CMe`J2?pr zN5>cwv@D5qj`A7rii8c3zk*{{-LIgleo;c8d(=ZOpq$=R3xq)kc_V*_1AM8U%m1bn(pc>g~E|R z#_suwGG@9`j&!VPI~?U%ThH5t^;N(FT68udmp@7hC?b0zCB>wx_5fks48RgE*Wb>c zpR_6|d6xC#{w92}6%WPx(pwkb&yhI*tK%v|X6S87O)_XQ?FbB|e-$+N+BM8~D zaVezD1<1gO71QpJP%D$F;bkvqlBf-wwds0&pd+)FnFrJhVN-PGfhu!OH1k5zGQ^2c zuFuaS@!_k(Mk%gk?4b7%qI^f89u_+DB}Iu$Hi*2ye_tH_Vb}dAYLzcFxoL-C+cInN zs69epFA)7JsvFE(0L>NIk4}ME*5G)!s}H0Gj`h5jdgFQ5j|p`5EE<&3e>|4wMP5K+ z>^3xCUFP9pR3AtQcqHiHN2Yo3a8tQ zXa3mC(EGj5~ zE8I-u4wJ*#e#LGCREGtQ4If^$|Jre*Cj@$VUK`r!#;X0}Zwesx9@@Eb|LF2(Sa+k; zZ4X+(#L!p3F?vT?t1$abAz!_(rTo{tg;P+V&$4QNNCZu6pi~OBMT!NUU&1HVj?wL})ugGp$Zr9V`{NgmK6GyRH{ zEDMfV%EHiRk~K74#i^NKr<-{pc2b}C8Wf~fu%Men>ER>AQQh_guS5}K7Luv4nbYwC z)6MW-$Eg_a_$2R#ycT-fG_1bC7;&9Hgoe=HtJ2E$J8pudS2B6^^6hQBXG*J}3J zXfvIKc=b#|Rpt-(U{}sO!0b1NWBBQyVZI@Q!Uds!`9l!NXb1Kin4Hg1W51pX#a37a zQ&%FhVZNe=lB4NoI?^)KGsRZ>Lv^g8v}p}0NeyIqUh8pV)dA2LE$ZPZtfaeCqVk;8^dPgI z-PGKQxX0~2l(=nLF6&z8HpvGs=Lv4s*eY$d2bgtmZ{6s2Bz;bjrr&%PeXyRS=QhGf zOE-^zGH??oEi_89xq6IWyFsdgm%5T+9bXkS0s-i(&DK_g6B-Gtg|+B(hH?qhBjeDG z)rtVe?n*>}IAe@G{*f!*HN^N7*@HqMz`bmXgt#Y_^w|V#u#dxaL(nk03bxS|=n+2b zJP`!=pNl&6pICl8_l==e*Aq$o>}qUMvp#jGP*7{z~m6DFbE4X!Q6sCHfCb!=H-(@!~B3^yt#>#aI4 zas1e8>12!Gu?|cSCtK7RB3?cUXPW>xlq)=2lCsF-zl+Q?% zA|B805ncTZo*NS-2~i{1*?>Ni1x_nP*sN+s^FM1W$F*fdN%8xF-h8X;gO zZ1V;P!>3pMblpwkMtg$N!-7PCQAT(`24F&aXkVv5mvFKO^&v4#!#4>C7Dx3b+ex8> zxH3@+f$cuR)>9eQc3~s%hrpJTs9X)3l9|r!q)@u?<<127#mh{6q9k!7c)Xnys+y^Z zQkXinlpqNYv>{?6(Jt`v-gKSvcvraq+nHPY)0wi{Eb);Sqq4P`}i^DU%!1HAI3txK=g@B({6xPBsDA^aMH( zc(M0>G#kwHd5@<8366f6dNH<-cO`s>*hxDZ2EZp<`aqOjFT|!>g{NNyGG?rUSos+x^x%=Vx4_Gn=R-(W4Axvq6(zJ zO%4%)IweYIJ@dIx`Z0Am`z28NN$InQwReQR-4uOM=vWkpHWer&J(8>=Iud54zw*5^ z&_$%3WbM8^>MuPtCf-Qr0$fFrebZBJ5P2FzAqObr3JUo)3O3V50+sSrJek6%(>CAJojfOOat!@iJsx8s(9Y^~R z^qO=D+MkJO#SS;&hv}NU)oF+k)L_3H8?bm{SdYDkX6W2@DXS`K8?WHZ4 z(1W9`elj?hw{T>7<(*6IhkhqjkZ)?RogZ&NoA1 zrNYp7z?_fV6W`J=&5-RDGEay3N~ynsQ>ynfASV1*y0JYE4ZL)8*3X9Tc+DTINwD6wfSt(8JZ*M(<=lRY27UOA)p>Vg2Py7O8hS4zJMX9ZwC<>IfWU#vU+27&x4+9lFTf3G2Ps$1_z51%g6`GP+J*}S!EGm>1W zK{|)oyDL&8I~Uo_k25eFBML{wce7*EOF2T%e_$e$qy5SO0=!4=Q5fWqdH0xIAHGVc zkAE0vqlCaRF}xQ3K&P!7K+h6#Spq_9j3koB^Mtqdo`Ux7X=5S2)!eim84M!?M&ky; ztZf}|pqW77s84oOLVeaM3B6@lN@{>M>IIH6UZn<2RADx!q&%DHg!1Lr|Bh zgMJeP&ZPt>jhmURBw@DFdPFePdj8lvS*&hhf^0ANI;(BM<~%E!YS6v8G;cmWroGM! z(z8tdct20>)IBWzo6}_WowA}wbL|9wJ-DEio0?FQEgno(?QgZIuB3^j$Um-v% zlnTe>$BfQze3(5>ZLB}l=2gkAtt+~p?;Pvcv376+R+^m=*3z(v@kI3OF{g`o?o0KU z&y%Z&uRTGD+rjX8Ackt!-&E!aF6YxCrGzyb1A}RNNqQ2cj#rR#4X*t0e!aSt`>pmp znz5C*$8iR`u{gt1(}$Lt368Q8uy>N(8E1KFlK2tumJnWeTGt0} z$KaKhZp-(-0J+xwmXuHEomspRkms#dcLqFW7fRNXNejl&^Z+8EUcR zV3lL;1Qnm-7}F&9r_@Cr5>p=)!PLlEfB;)>L;A`m1h8+OLXj{9#@$qbh=duc_qhX@ zrqRQAoiE2sxb{{~-K(ik-_UJ%9Wk=MmtA}PE&Lwz%BcfgCj7NpS%(#R+7L;(f&RIf|UEixexs7RnjQ z2tf6Z${ltsR6#qB$#5GyHEN9CcD?izw(-}_0tJe*;9BSkR zGZAtsznCV7pD${kU>Vl%<1e*MzsTCmZr|F3>LX)lH;8AXH}9yDus=3wmHio+Qh5+E z!az?F!2YNNv_Jd^LAiq;Rd~ig&2(M1I%a>0NFBFTck2I!y;Sx`ONH1TYs`A_TP5nU z|4F#7!TVJ^-QmArf(f*om$9fPNRKJL&~px%VTucS3G@|gV?)q(VRdpZA?EDtt@0qD zCVFV~Lk61MnaS1$>7*i$Az6r-^sFP9@DNO9g(z9NsOam0A7jLqTDAtIg!3>WaMQJ8 zp^ozQm26pc#>u#s^M!QsoC389pIg-;hA4O(ohROt3Gh#IrPsp~ybIPYmWZ={!JDI= zQq!ufahEENxG9F>m;iuOg*klTG|$y);n;D^hA);N=q5g>!pI1xeKSf%q-8LAvuG#s zi;Npy2JYy?#0ggXfC{(~0gF*M@9z}&brjz&Rr`r=0IT7#f{f{yQF_KrmvN<zr${Wo-g<1v<&Wa?!60$2|jJ{-}33_C36^ zNC2kyA`jvK1mJ`zgk}MFrfQ%>-#L=>Q(v3zM)zPQ20*=}zVhy62=dF}jev^k-2qGwriC2_CSt zj&*#F6pE?Rqz!R?2*)##4y54#NZwoQEr#lGd|@S>>9f@DUjlvXD#3O(1)(2|(0&}O3AE2Ah?;J|Z9EujY@@+f&{`J!e~2z z2@e$Wlq2_D#bC(oh)imbeJBQ4T`I3dx%DXw08sc9#t~2G!Xq6GOhd5qz$^mK+1YhK zf%;ghI&={DYnr{dQphD~MHc(wpH|Y1%v_Hy(T4uqV>4H!%_uz2a z(^ov3RA^rAcB3aT(6t~m%I%i@^!*@3iIo0|ZqKT9@oHu{Cqf;-jww_IZGbu~08KjL!f}v3ZAPgb!CKmuz+k8p7t=lci7+9gB(Yxl5?8J*lv| zcbCE8^d*;()uXzA)f)pn3qs{xpb|gvDAmxK$b|rg8eJ?^sR=EVfq5)T@Gl3?J0oth z5qtJ?z-so{!3$WvKq}Q4U;m}s7^l^c(?A8U}E8_XyPgOWU zDttxGdW!U+Z-z2reQb>VnKp=rsT@9Mj8OokH+;e1_mEVMr1CQzJ*fah=8( zUk$?ZbU}wp%gl=)4PZWyDMT~&o>{n|krkb*|0fi`+c|^7eV!XmX&8MDq~Vi5dO>LL zIqp!iOe$Vg7+N1W3-Hj=7ol9r!5o$X`H<2=*$9H@?td5tcWYB#Vj7nbA(uWGcJ9c_T1X_BOfQU@iX7=;g3KBBfQs_M_uBCA4%L!Tv`!4y9 zS_-$%1wkRgDtP;)Erp(i30ew&f5~ns{L3HvEG-4DQw@$1A#pu;F3uQ{!J@R;ybb+K zqbeF{Tnhh(O>#ujvD`;D-Jphb;1>NLC^%CE7-sqtvov`#1`!tMC8J6qFBESLb4aUt zNueS!J6B>2Ex14(=SXX8HWE2oV-gPi^43`TBfp%+s%V;#7iAYe1+#9A(SnhP(j2?T z@m+QjXIRI!p&zk$Tx^a;7um~Sdo62PGB1kvgCo|p)00*72~y|~m9?`7GK5#NPya2{ z*fU?{1zNX{nN8PMcvLYm16P(9`4AH`1}s6Qq{w32B5N`dMP9}|Yt680J@|IY&)2$Y zv($P)e63}wRvL8{huA!FO{~@o)&%>?T91%gYh>3PuJyD2eD5!)wMf;vmX{c=2k=P8 z;+87WDEKlG*#lgasj0v%=<{bJicFCEK3!BX)0q$J1o-87e2KL}BW@fqj*+PRe5y&> zNxb}*TFq_fFg$NFSyA{6i-!u}f$msd=JVw*szr$s6)jOS&pPHFbnl(8Q%}Qj^zRL} z*YB^S=(MqZAM6GpbjwcT8p7y;MzQHB6*aQL{b#M*W7IlI*JU7Y}v% z0l}>9tP%J5dqJFT2_^&4v}{-~N_GCOmn`GFgl_8-uXaWzvJhJG5L8@Q{6#ED8@` znzlxG$hC&@H4^5tL?3x+u*0H=ww}Qi(U~JxHBP~1A!Blm{}y9rK*xyn(og#is!CLb*g+MQZv#@q-ro7tfR!et6wtlZD3*Sdon^pH_;6{?a7 z#gb1qUr|AkJRdr#=TUTUv^QyB62He!8mQ^c#S-KT%d~wI>~MuVk3`QAX8vTlS#awS z*WqZ<^huY^i_v_Bt-N2h58KN~3aTy8cnCW?E%%x?d)mnu5zLp_8=1u&IeW zVB2nn zIgW_M$HWK-2~Rlf@F6N%8O^t5+GzqZn?&pQNC49eaWtD&<#&1-p-ZnJ5S) z)vHuF?Ahn^Z+yw&7hH3B4W~V>Qsgtm{pw3Tzpy+p2_bGcce_djZUlz&iy*^&lFmLy9PItuaKUae)_ z>G-CmRmFY2#`!s&%B@RR#9`_Eok`ZSxdR~to!8BvXh2r1W1J~Cjfa+|kyHUfm2%Zn zb4=H<-|)bB#uxeA32xXR@I`bSNs|CSI<|thrIMg_U<#q{VVJi=56Td(jAkJg zv#2Z=ZRPSl=xUb93_URbj@bbiOuP(}88AEGTa=>~3W@yzj?sP<@Vk*XqE?hA$rP_;C7}qbvW%oc``74;TuepKD^U>Tx21MU6Lv}a+!$W zIu#Y4&WE;C20ac+SI}<^SY}zh5<&i7p}n=8J?CM#P!by!jI-!KY`upzifROjMEY@G zDfeU}9%}Ui*CUq)Zbc#v_oO_N46%TjW-nC^I~q{3*haf#=B*G)D(R1`Vmmz4Uj$_y zKcFDDwdDL*(~*RwqOipwa<3&ka*<>`L$b!S_s(CEbvuV%unMdCa)qAo%LWY)c&!I7 zI23|N6|;r=9G)^iDYB6L0?^@kqy)|%7@>H%JShrkZVkSidJDHcY$B{RE<%|2VEa0MY3 zCz*XNI}er12#?w4xPuqUeI{ix$0}L!12B+?7x7YLGsnXrSh<9d>KZkpXP>9=KlDo< z`Jx7OBRp@HqdqxOz-)cMFG4z0@3waLSA}HS#RCDAl1$ztUv)u0!HQxPNnZiTUQxwz zn6m3LgqlGh6w%AVfC9{Mxm; zv^seJsZdZR@6Gg@+bG{4vo(Drx3jlvRc(vNDLB1smUY+biOfii-jp>Kf6ii=sI*eB zFi=aSa~gsF(ecQ14h4sZ!cqCYZ^&#=u17K0grknM)I(9)*d(#wK?I zSaeSaND{qb(1)S|#-bNU{%siP$|Pi0{|) z88(>>UH*8V>$uN%-23c%fSrMRiSOU1M>Ab#jnJ?~RjkuUd#iKsstBZavv@OYbUEdX zamJG`k^`RLBvr)UFK=B${Rl@9Xk4Xv2Qqv_&&`RsR6R-uRAzxHc*i&{P5}$lh$p(f zATBfYNG^lMm(O7^QG|ILp5PZQ0E4glgdS@DV!;WU67#+4Dl~G#X;W0LOl-Z6IKIq> z(FqC5kJKfoUMPw>LPk}Z_?luPROF+-K@^UIMnG2@H2!$sD0k|fy2~HmH>+E@-{-ie zi{OuGC}8$I&4qoR;kc(wlK0?MBko0R0HG!Kr2g!Aw$*{YNF%G1E)sSJ>mlMa<-p$* zpSsJ?)L=v_N)=?=3!*qX=j7986QVg|p z<9!y2#aak#vluJ-TpA={VhHhLZg*u7F*@U^$#i~-x$1X3yIUfi_>H`_O%Qo)-&4Q@ zVl^#+vO%*&$Z4`>S!-WWCVV}qhV8v^!D@*ZepD_4G;_=K5d6MA8!a6<>A^DO;hn zQ|Gc3l+G_hig7CFJ(uomiOfgbH_LkZ?}rj;mUVZ6w~LdW+SVh|PjZb*@SPn{b66E3 zr&)5f4}4KAU1c$89~R2|aNDIT$1k=*tjB%&t15$EWz7#WPS&4lrFiuTc9x$;;Zwxq z0_KpaPMLUq8lZF0Kt;MD$t>#y#8B+?Y%LlwrXaSWSg`D zfG60a!P%9{+0SQZRn<(KMM^F?1NpFoH|%Bs(CZ#eF0+4$ow8gPer!raQx2Thrb zcSPN)SAhmoV2)dG=rFb?M^DB+Ie9_H%l(=?W={eFYLyXNWj5wU)kaETn^Ow_*E%EF zJk-jzglJ=UBHZyCDk=_PF5_lH3%)gYERPTYBN#z8i!%n<0Vl@x0px6*hjAy#FM8A{ zMeE?YQXbg8fa$HUI^`>GB>Dq}+Fc#&mP2Whm0=t~%aLlhZ{0}<(9lhw+f0NA?PKMgdV3`Gt_)L7{UzdUX&WsA!)0v)}^gmt3yj& z_K}V$hE^H*eLnBI);{~>QflV^JpVj&@3Z&XYrX5ezwf$5y*PbC;0S$7A1!EHS%v-I zjH1N$OPEBjZguioiB6Y0@zpxZ2Q(yCv2Wxka#mN|)Z`6=(?@~Z%+~7`l0`)q3+0Fm zw2&z^Ne9g0Vqiv)B~gP}_5`d&y(jMP==Cobj2N$f6@K`d5)$kUen2#37JH>7bs!|U z7#60+d=0b+!*1pVJt-EQcI?@VYtcHe+c z>q&JsCA#@wO^If)Ld?3jnyI=BqAHtD5@X7+{=Zx&NWY4*@Kt4k^itLm$LWK9O7sbN zTPi70SKG+L1)#_Bc};|;X$ho6tH{1)HDKh>P>-C-tzWZbPyW0crl4nXJZmX;bzS>J(fpgq& z->Ym6^ORtTH|aeE*Ua8)lZ=^$vGK2>GCV~d%1ky+Pn(ROPz!WWjuXifZ z9Vj<)Q5(YELm_@TkxOl9W_t050>zVZiZ4_$M;kJ{PY+0|cv7(BZbBfIWY%O}ddacD zlCKM)gp|MIb1E?}k^aFxc#)LFAHLd)<)^fUooE4tYVvr{X$We}dd);u|Gwa0q*ogb zq`gjLm27%Yf3F~k?MJq}n|0>5tfN$hE#v@rXo6-f z2~IKRsl+*S@uHTbl*-UWla`Wrv`aU@4KKS+hb~lmX^hk4H9p*hW~3~G3R)@oYpu)z z*L0K_x=3TFmjdtgd|XizB=cW_uXO$v*pa5uiw9m=rI%ci;+4qdmRHURluS;vCDayX zUGfbmjS4fpS^KE(z)e~QV7zwLw|J8XKa7j)*2hjwC8mH&b}sp`ND~;-RP{!0szFwD zR)?x`Wau}%CoZy=U#F_#Qq?LZnEr+&tM}^VaOVz3s>zJ7r}=Z{yj5--3V%*Of=fP+V?vMi%RbY#|D61-`cA7;H!0ru4_lAMF zI=k*inc;kM6P&iXAGg2j!`@i2LkG?s_Qo9WUg6qEK+Gg4@7ndJ`Uu=_&71-l3&W_z`Qv^0W#l0P@w~e zIr^f+8ZjonY5yM-2@f6jl`$Rn--0)?W`Wm5GsvLtZ6r&5J z*@>*(P*yB9V58}64c;GMowT`U&7J63YTbE{P+C|;DCn!GFFOwpICWpj2xv2XX^H2zEt zR+Sn>L29aHdCtDnGwkKP$tPuafAn8+=85C0h&uoI`&P8E>-!~E_|NlS%Zg6)hT!rq zC;&~~3xDYhHj?vPbZS_$QMlh7+VT|H@dGUG5x&#u?bVZ=!gs2x!Q!y}W#uX{>a*K} z9=c*f84vU(|6ea*Ls%?-Ov=rvIVi}6CNl$eRCFuNl2w2YM=9P6&t+BxC;lOUve)hb z_NyfO?Sk$m!i)D+_T#uF4AMZypH$gQbjT)Fr&TEX-G#DZkidSAvOL`uH*~?j42%D5 zw?G>K7C+y#QKoI&Qn3{lKU~^?Q;Ig!yJvFNXYp)#tt>7B^>_v7IJXM-=YJU-cfeY?D-iKJIG9?z4< zroPzcSUXR(#C%bi{0|uDC6K>IvJiJ81Q*GBkp@w&PliMQbXkH5z_9iwC;-sMM}Wvy zA5#F{6#;+}+g3gNr{w_wh&c%kjbnUo|E>gJh7o{iqO_7%15^q?-H$q3o;&?vHqBj+ z6GjNBYCRRwNaNdl`^yFO<;l8CEL~8q7}OPRl{k;q!8YA7zI>Z9P=tiko^BmV&ucF|g z)xSA~>2$hi2mV1K;85~7)YRlXes5PyUc?DROi^Nb!gIr&Uv z8vc!36QS$Zi+46^BW4+hJcRPTp`@cX3Wgh+G?@ZIXpnM`qBiI_Yt1}WnKU- z$#Q9l8;+ratK>&jZj2v0_yKzXBJsvMYCgCKJwvCund!viy68eQ@jC>UDmkHjKR4=g zqS@XSuo|L6OB2FGc<-ocX`T`UDSv*FuR#@94qE+ZFVT4t&JSQYzhA+bPVZ`|JPvJf z>nK=)JY0Cq=QR<2R!gLGrytsz$Ve3DbS*{2If^YwXN>M#$BOVrW9sQGp}zYv(!x%c z!ZHCCfm1M>*SdwzYzZ(m$VB0CLleiU#AJK>W12X5AW90>vJvn?9{W6% zKad3)jkA;Mwx}oj1e{!Gw9q5eN?6eKd;X3ui!>aMo4PH!xbHA26fS?5g|N_PS1GhQ z(r_Lf4L7v7+!*+y2KdI;xY)jpU!SAg6P8cH`7z(duOe77ssAOEvGe4X8tz%HZ`sG% z&kU2kyK|tKSuEf)=|t1a#mb}uZs>wZ%L2{p*)5YEqNRjMS8E%2xCl$v@+y98e=Q}9 zDl!E&6g=}BSU3FmC1f`m`Sp89-+W$e)+!{lU59)Ab>P*F^6}5()n=0W( zq^`pk{7XZyuLaEFiB4L;rmj88Rs>;`U2mn3$RSy zv0rr6g-UcGSs?z_GM$rlp;Wmnc|NY*h;v}3&V=elmt zX0ER*1KXYX6uW6MzkCR{gSiO69Q6*C{>i8e+#MpIK(-BK7cuhUL(ge@Wq@`+K${E+ z1E9<7&T(ksyV-#zSg|(2#-iS<1Bk-3CI~sn0jHp2L$b5=acJr9Ythnvfqu*gHqx;l z7j8*jNWASxez1*>9qHYy(N*fXT$s}hl{Qm}K|_&IGch38!z;t85<8GbLH2biv09^m!T}Z9UkN>-MauD;f7B=y_8!_tq_S=yg>(TTg`J)xof$GoZphM^-HCc1@8r{2 zB6CCD8r`M{&^VZI5sBP%J4FOA*P^}1a}Lh&!hEFv+fCJtxWqN&L--M9m=C_EmOXt( z^09ZRDT@*|Yi5|bl76Zw8<(lya9e$DTDb8vwHwkcj)yu zT!n7?Q$Uu*?Gz9@kY;z1#4xBoP76qy`MIA2lTCiitW3OAS8j%xc_D*yM(d+j8seMm zw;g|T%{ZdZ3K^^)Jdw>C@6eI|8!Cs|{$ZS&Ui|`2jkpqUY6haMMEIeB>N`y*2yXZj zIYK8RrL5_B*Q1R3PU;J*N~hPY42VyK;mCw??}kgygNX#)$&aKid6CvEjSoR9@{d+W z!~KXjUz(PsFASCLhEEcZXfzUm*WzAy-!;mdzZ>;(gI=oiGN}wU%n8`Afc+}UZBgTO zgU%0V0oXKN&-03SORfOTQmLS#i<41UmW5Tw?B-#gN9 z8I!^s;rI%Q9($=G%330oVuuu5lNUpXitAf5i`(aq##oHogx{kR=Vpvf3@UMlzH;yV zSi$~9)%!d*qk;$}C)?v+c`7f?QRS?8uo6O2m9yf+NThmm?GbsAxz5hxaac;#Sfi;W ze6yU+`4=5v;-qez@u8J*>3Ibp84gHr>;sbZwvWk?Vm*w`;)x|VM4JeLu@DB5eu|j_ zR@hky(7mh--N7NssZKJl*yz2;+*oF0uKJ|o84LVV5Jm0hmcq<%YnsCMBGVh?@f;Ou zIbU)j#r4R(jyth0HuMO+xs#lZ%@IMf&p;e69GqAI=;L4Maa{;dn+;5*)O(Jdon9+X z$&R~cVyg!O5Dg!Us8~7u68jyx;f$f=ivHkZ0}salRc)irZ1yU zqn1jB=E^w!kT2E_3qk6??-y}(x(*njByn_%V+0`n@ddi+P4Xf*$)m}?w}=FX z?)}e003qBYm*S`s$GR<obn=u?Km}R-U5WSw+lc)-Q*}@u zX~KdkJfv(xCG=y&DxpZDisv-rtuujY*D*SI$p34}C_?uu_-2(56jNcKt~TSIf4uL3 z=Inh&;GR0$KF_xIZg|pJs?wr(M3t7uD^!{QQ@5}MpZMXuHc1|OH_U$Pyq@IsA~CA< zR61B>PO!)jDFVd@zy*htChzybA|Fd+V^)%ZlI#an1N%^d{EOP01|642KM64Z*k=MQ z_Z4wWT`5|zMP$#2|jkE-SfA=KdhKS`(^f<=5nx#2P2+Tb*~L!gpR#7PWY__o38#9jfsHUXbZEht|1 z4l7=B6t8E?miZk7;6MFSc$HbqXmeHO)r^!zVH z|)`P>T()AkQ2k)L%!vCo{OBqMU#%iareJ<3SYnaM26&t6uBq9 zG@|yqU9at3zc@P5b@WG{5%n$6qJqU$OEEb=A8diT>lbD$;4fI;$Oql`ibyxM%l#5%u>`a71cYY7mx}!#HLOpl~OnjfIwPiCclA7^xnFT*bSbaDCdc6L~ns| z_+b;^le+u|On}S+*N4WJ4q4OI*J*Ec+JUnL5%&p{jyyLcR{P`NYR_>E_8*X^C7JED z-wlp5+`<|qLqQk0aP^d<7WL^h*blcg_LV3Su9|n&k?CPq5gl&Ie}bUYFLW3&Sm_9~oj4F1fmdt-$N)Ge0u745v?5A>#u%80sYYe}!GGcOGB(=G8ktPxe7xr@*I3 zHQehMc9Sd~I35|P+gjQ_#7Thfdqo0DCwj>7(VfoBbO=NNfxt+dj3MnY-*FF}&k4|_ zPT?C@pOOfV?fVEE(>_~D-2PkOgzb#6GEAx4V+%1E1t#<0Cjn_D^>ZkWU#A=Ncpufi zKmpw!%D+6n1JBzQdiPu_2z%&wAnYVyuoJuoQ4Bksw=VF;gnuA$Z96%MLL>!o(C~uD z+$jTjcuC=ciJuFTwOuI8wQSO0CvoI^MUlD34J_%osKo8_9<pv z4#B~A*EsPbkVJXUN$eJxdj^hKs{&01eLy0Y;&fsszSh~a#%cY2xKqDA!|C}R7JedW z`yIq?^7UM@GP%lZeL#)@r-93h7=|2*{djKP0#2gN1h&xyl;GKo$+OXMVk^oofgeU& z7=!e#G%g#Sr{V52d2XxFd1fGj9(wGZQ4Cx@r_2YAy8!H?^XEk#$0|NM$fE$6N3hBW zb3S1!XPCpm>pNG{{Okb@j_KK?afY|u+q!a1lsQP-9}tt;Czfq$7Y@bvFyy+Wgwnx9 z;DyU4VN`uZr2bV(ui!Fq=rT}bK`|C1wqlCZ+-r6Q?ZD(eRxK(nY>C_~Tk8r|2u#T! zFx$KKu;{&)I&ObV%k7_AGN?tGCdM+omn8X5OiHV4r#Rk{bM;QWP$`8u4xa_aM%hD$Z%L?p-dei6SxobfE7qm+z~4{Sx_p z&3ISnavG05i|3H<7q1rVEIzh7`QAbig?*5TXBdkEZ z4+aGrA}hI5LqMK{D`jA#?b%hCfT; z8SV83MF%yw@|q&@>WZ#KXW+@3P!*9-&n;~luM))FIueNE&W=9GJJ7p=>Du}YmBe2K z@dwBna%%-)m_YUV4S}@GbHufPhZTlAq*tcs*=ZRNdLowL#YHUWhFWLRECPBNfnh_; za5J&s{b7qP*8?Gn*k_KTq4zPebT&n&tS!Q( z&DB{J1`yPQ(IY_fjC4kHQRvpCChQ7*qi94YB%M7DO+mlhJcghP_6azeEEA1I;Lr|$ z^L7AoWTiGURb_^NrP5D$zIci6$pYu!s^z!8F;jpqr^hUki z3=Da!9e_}Bi4~nmL`CR^7A-PzJnYK=MPn?CrXk0>NYj=tfo@Pr`fS_sj+q#c|OfPTNOc;cz86WZwPnQl+ zVVcFC5GDzhk$J1-Z-1Jw%%Ow|!g2|zg`hNlr>#}CJw}R@^Xq1Qg$7s~|9HP+VuwgN;UlfAU3SDD~1Ua?_7WTytn?((_{yu+*H7lH7N_=JBX)aJlF{Q`OJhP?Sky3hHi z#Su8Y1#cY;+cNu}zA3@V3LUat)R4PBUP76NFZ_zMf|IvLu!`qdMIu~!*j2b>jld-` zH>X4{LyzG@j695wS7wfnm+hPg-?xe6h%}zTxh!!gZHyYAdL5o|#!5gbnq*yK1msE* zD?3pbYf*!@(+^*YLG#!Lyv+92e#IwdDhc$nx|7sv!$GphAp zSLjmIe4<4h2}o}N>&Rn^bam`dIBlx;XK*5M^Rd_&2(na6r_4@xLn-!A>JnQ9t3tr3 z>9c)f8>O*nk&hXFa#+)VnD6cNkWL%|7!2Mhr~ED^`;8Tf2{FzNMo^kjHP5g?NC!Z( z*^rCzBLVi?ixpVigw42kl5Dn)8?(*+20wsKLN{0>EU~(T^JCYsKHx#b1XS6`-|!~% z`68#)!^x}bhC2_#lf(gN93gh%8@oMt^=Q7|7e$8yhcjB}7WKp<@3m_f^8kyWNx66M z7NsZnLy$?`W~Tz{ta1`-l>udmfY{m*ls^bMmpCgvbXt>pIWMHnfL-BS{7R3dcm7TR zan5gHc#Mfm3!8C4;z?pIN$X|p@Y+N0`j%Erf`&Np z#Ruj75Z31_E>LH)^ckatz-f~=waYr;ZfOUyGFgrIh$pmpvMQe|>(JNGDKFtoB77V! zSPuxvs$u6U+on75)aP}t0wVc568M}8^WI&HH(1Ysi_Wa{Ye*g?5r-XOU&8ftmrHuV zdhb|Ts~(XrrVy-VAu)LMo#YCj6BE?uBDlXq$tUo?3mx_AoXe|oL4m}5S()&S1du7DKdzh8>QJO*x&dT)2EahJ}XZx zW;(&%y`l?uj)who z;;ONhOaH0Y*8GdT&{c`a*Dw=BiqNs~T7s`!yz*Wj3OjrqRwDQj(*=&r$GJth&#N*1 zoaUo$gUaV)xh?DkjImrnRFV#7IXXN>?-3N`p|CwRMp}PQ&54F9oWyC+{&$NG9?~)d z$IEO=Mo_Q_yf|Sb=PD{+X$dF(juU@_YM2#6f-6Q8u8P#Jp-o9(C%Z)9NVh-N?>3BL z9q}bYR&M$_zS1fDDpG%lJSobZ;Iw|!2es~kc4hEw;4TzhH4CQ|kTYY{+sn~{1Iee_ z7BwU@DPSqr$qVG{C>UyC$feYpOoirgrV7m<(=qwT+Rl&x@$p3{UEt+msRg?PWpCUw z>`#lOS4EI!Ozgo*l2@v+MURu&fa7c5la{R17{yHKgr;H(1OS~*1y+!2?)5502%tnG zbFpJRP(B_{^1Nwlv~6@xrrglMMfp-DiUH3=q>=zxKH#a^ot>D8CPpWUvqxiUalhjF z@30v3LdbCmxHUs~YF_%#K4!2)<@wz@7Xet!m*3OW7lE9%5bC;xWS0f#AX7Iq=Q(A1Z`pb)g#h7sRt0GcoeaXIA^xUq=B zYR;Szl+pFwTq0$6z~xQ=+%F_vnU@$kNQ%@%8^7gbojJz9WA=)hwd0W#=hozTqU(zeP-Z3J8(~_v}N+_J)~8ob6%IyIb>z>Oc)Vw?wJy?HJv4wza9*u@NYAR z@q&~+z`RR#U*fZmplD$dwDQMP6~H90VUTsd!Mc8iL2QNsg=iKEyodM0$DJ}uIzh1j zpSEr1)Gx~9fEZM8jCJ97G?z*ptKV?)%Z|`ekp`L$niHxnYW3xEHEAHoxK4H)nHZBj zqHas^?gK_+H*d6!8QTY6!Mi)n^%|#(&9?X`^ z$gRwIzbLh!L$g^Mtr4}24AXg!mm@R-)mPya|9HPn?)2UZ+;0rrZ?^YfRIS$f*$l#< zS=XTeZB#jbuonJ6GLs|6oNJ6E*YxG`SgmAHBJ`z4k?&KB5!MA9qd1Eek$_>S6~ojM z7i2i@9Ai2C$T9yc6I(JclKPag!1ISyJfI@yPF$S$a;##cz9v!4_C~3F0h;(BC_R-| zH?-scWiJ^Eaa_|gAT84y=1~+)Py`W_FHr6CthR>i>*mDeb2a+X#lZAQG4{-}j9X7W zm55H_QOWP?uzH1&>35RHL2yURL)AT!Z_$rM{tKN+9*+AFh|T~}5%koqwVEpsX~<+3 ze2)3zLzRXoNe=UD0uL~ZO#I9_Y#IIcq5JUyC+OCHQ6`|#XR#LOFWLP?LPoFtY$BSq z)Nk$|x#?(fWDj)Ujba*)ej{52%@CGp3H( z5l=AFo`;`J9UCFX(Y@dw@3%=8fvNc|d5qr?zEb|666=ED7PAe&N~(b2YCr9Q;aFc9 z!%4-dRK-iDcgt{T(zyAwxDlePs^e*JTC{@usoDmdiRC19i9iY z--f&3_?6)Mdk8MZjBD)PoeMpo3faq2b(KKKeXRS|8N=OwY1 zw`y^q64%M&f~Nt|8}w<;2y{+LLj%ZjyXDg_ zAOS@mqRTDSn8Xn*7#{&}#RCBCKSaSM?|^fds~{KEEo2|ydx=*-q=>d=yEmp%$a`uH} zcvvlJ6Ba4|6!LM+7|b<@QZTY97+?VzD8cNNIK=>9DImM->Th0I6~UxJPReBQ`h`)M zqX`__pWdUnU$nRV(KeT^|E~Eh+C!ZaKoGPCej&{hrakNYdSyG(Oz?gE!t4d!X{>Rs zsWAmVz-w0Lx=@|#b)W{<2hqiHTyq7}s{K)>RpUpwT=2FYPMFDD?3~{GBy{gb%T7q zoLyi;_j3t;b9E_JkIcwzksq=+a%sf<1GSlT8e#m{h+}7#*h2u+I&b7FoBG)-Kal!i z{WDo5&;}w)PcWLmAsG5EB zM+XE%v!5@DQ5}7xWO_33R4+yCXru(oGS9@Rb2Lr` z$HefQi_07V-Ee>1!gYWFrrQq7*v%K`7^A04uUN05&}J{px-yzxUxKKT9)C|gxLK%{ zoo|w>?YybgEa)OXNUh*Y5+->N%o_U7XNXx0Iz9f_4-o*~l*C(#8QEYa*LRqiSrT8C zoX28Z6!xVP-%=7^P!fN=B)*m>ze*M$5qfk9bMCT^U>0wUa;4;2)&Zvhl}0$+tn2=4 z@;Xh+*%?!^8F2U#Bzc`7Yc#Jj*St|S%wQo^BV6&+ABA)^fv#gx3D;$pKbdYoctD?$ ze+(5E(#t*O?U+0{smgwIO;y;*H0nfFvqKtCn{`a8cNBE0y$!1ZMYu-5+p;H2!~^hv zMZ>1_tN2fK1TD>9CBl%FY{5!JozQ*tX_Te{9E*+_-QN$cK8#jX90N$=?SoZ~>ckd| z&GzuNe5z;7Mllr>m8xFTYs+!GN4P@O-I^O3393};b3@o=$6YE0~{LIhynQ{ zx{Y4bN{z0K83I-F*!WC=(&T*$zm80+7i)PPwoG_8GCj&4IJ}$EJ{2XQZZmjb``7PM zsSV_L?U6>>7G}>08)j;vPulqsB%Ki9M6Groi3J4P71z(lN?X7*5vwMVeR3zGlcN*+ zj80sFoYovc#)eTnSMWOfHqsgD;KfG&)hB}k&`W5>$4qpx;hcezMVyqj{@6M zAf7;!pjH?Jgx_Mn&vRKV%7E}E2LpyXUo{fQu3wF*e!ZX^_08^H^Vo;`?kf%6BJ&`{xK*N)eX;s-$Jn1 zuUD5V52IiHY&9%MK~G~H$zwKavO6)M1Tk3)fJy{=R&&tqJ&To4)T}Ld8#MZ9ve9KD zJHfOOG=!cxQ!Yt^T+EU{j!@0pxeLf$2pRfOV>!&{m0RG_ckB;vn*1|2h;c*jEN4S~ za=pi2A>70hxJ|VP7xSL-7EN3AFg_K15zk=kYv^k-SX3=GgC+MJ>5THTScV+xS47=< z^Gd}Q-(ovW)VCRT{Np`Mq`jvhmHUo$oBEJ(zk|t{Ur>d&(?~HMyJf?8ylita9qgNI z-&nr^j5h%?kC+7iglZlfWjYl)c@|v?!JmYIbS1C5LU9VsmBCOt3iku*ziJ@KT+Y%E zPS#YvuvDT$@HR+s-aBdmKnfDxs(Lr;_svx3kZ?cLU>(ZOfF`xh_4KNjOns{d|7u1uGf@d=sLQ@0@xPnj@fj@iJX3IO4aLQiFg z9|}J6DNvMo-cp%CCQ8vvh$<6BC_~cYfPXeGaxW;iZQE?98~WpT6+Y4{LwbgSncgAG zI$2j8$zfe>d(%8p*ql_O~LN1GXC8gnuZ#ij}!@Ocd>ZGSz+pHd-$2fyH0K z<^W`lsq&2ujey{IQ_dmMpJx#@seNG|UVek#LjS(B53pT*lm8UIA4g_N z-B5uv-jy&N#u(sw0F)#ykX>ogt%v?c~ z2L{L5F>!cgVt5tR**q0-Y~Jm1WQ7V6deo8vT!jTMJ~!MnLUpTY9C|0p4{FGJ@LSHL zlB63&9reQZX@E*uxcm)rW&(83OrV{A)J@HDr}yMU{_**2y_I|N6aP|b!H&(F4U5p* z8ouO5#1LRHvWg!S*7q!zAw)J#Whbcc(YNLLRb8d;_!IE2{Dk5bb7 z&zMSca;nIX)d#Y6ahw>qxe+@=L(Aq`bw=ZM;HxTErS!KPf>Mjxlfzh*n=@HH)FhCy zXO-_-`Yu@UV#*N_kN)Me9^bXBkUhry4&qfg315+XU%aFvK_c;0p{Bj_hN4MySKCRA zz*Z1_9=nX{%lTuY{79cj3 z*T%$wu24wO+_kKS?8P5b%@1&+Njl&SOiikqC~bD0cMc0Gl8mW|5pl3LA_B^Pv~uJ< zsB>x2d#@T*&BDv<-=$JBDJ6?hy+4VYopXihY)+8$UQj3JEbKRY&YD&?VQ}u zA)MG5M@g)!`@On2DG$gy^izQ9hK89!-p8*=vUQ~VHY9h$d&*BFTlak(uielG>yOhq zX?oFm5AQ(F6LKL&P_Dt7QoP{dc%?mi>;Xu^-r2McsAbBF>e)fFG^kqunhAFanK45} zdPG+Zf}!1G;C#`)lqaJ6t{Ih+sk2ijG?Q$UTq22fp2#y>_Y@#yz}XV=D*l+H_eMnK zj>N+%3Xh%RPM48!ya52*gcO1NkU>HlTZ;9XXMB20UK4%>@q>QA9z;XJgtjunBntK_Om+Uj<8tpG4Fg&C8pCJz|; z0@rYDe&`jM#u-^7hkQJ8$Uoaglpu&@tE1hEusM>J8WDecbbP^RBmqsc#qo{Bah$}1 z#oCKHf+khE@4+ceArTgqz#)AAr(v4-kxUT4d6*&D)S{^qauK)RZ6@l?(QF>HdJ|ye zADyI`xaX>d`o$Xqs&&VLl%wRar0_3<9HrH|-2DytP3s~zl<^Jf6Qd3{iuDF6{O#{j z6;9?g$_s(XT04qa~7OqYei$JC>{HhA8A*PvG4GM1ZT=Axidq*<>iG_pi-LU@` zlBZ+3zVSd7>i8wMtwab0JCC)mGO3>v)P}JARe;9k@7J?W=z0(z$Slk3TRj8He31OB zl(deUiB!Oh71HT6LWJM5k`IYTh(8ePnK1*GorQ=RX%r+EZi(DXYeQiX?DN57#u{87 zSIrx6YH$4b02!&1CqdwN7h0mbGsw=?QO%3W$6_3S>ipeYPF#IdMm2 zfH%Me5bd3~SlI+KM_a0oCPKy?uAS}|> z%67^rMm+>ARWMs_=q!PR3}bjq?Kv3*y@R6-PWAF|94UQ3FfLRS4PZGHW)1lms53PJ zpt2-)!yei2&q$+3pA>^a)9)b1*0*BT+kDxVrIEh@#X7m#Y00XvDDg2s#|^i{voc;K zkvtXUsU8XhdR25K*we2Bd-@qoG&(*Wnaq6$Eui!DaisA|z%V*KxF~T!ZfOzHh~uEf zN{}-cm)u8(2HP_+H46s`HXcN1?JuOkX8r@N6M-Dr@7bu{{1SI5e2U!vx>7zgwvkH4WvB}>6pa9@CD{A0wk zgs{{tT#m~EzGMCJ4)?NnkL7SL>-Wq(+u$Fcvwpb;UfBj=QG9AUo!Y>A#gnQq#VAym z7y6oLVtNAH2T3i#R1%pz)B!KD84mYpWK&udKY#Eg3YKZylFAY#U>%zQZP4%&)wGU8 zUB7U;!KH7K%+xUqpXzl%O^Hb+5f^c%Lp6> zv(I`QPMMCToz7b*mB1`%ZHZp4^#I+h1E!kMw4(|$3txZ#V!oH7ZFk!QfC_l3H#eNv~zz)~41?CJKke(7l*h>Sx z6+^`i%!zadsT(rHHj1HlM!sZ8|J@6r!yAx_^l+(Tyu`_y9pa_;V(gfW(;yw}_e_?f zf8gCvr2Q5l`!D0AgGFkK7?+y$fn~I`D1p)m#{aizw)K@lxLPawAe#H(xpedKH z#8Kk(tB*)eE8xPOcA!Th5HrFBlM3TXEe3o?$HNE9>)*qB>mOQij1>c4%$^9USn)_! z44h3h&?5;ET0h2QEl~^Po209K&Sor8wuxm?SCsE6Ss|PZq*yeE$(q_SI2*m#Jp%y* z{0Nzg&Ru^>5`9Y&CuEekS?3gUJ~?(py&V9IPK=0RB~2bT*P-FSr7jx z!K{l;3hVj*qz))I!a<_0lk2wi!~5g_Y5`!G;rOZ%sm%aieP8c0y_}{{O<@L>Ha+DY|xs2Xz7bdCj(|=jzdodjK>nbTpXi)>w)#DUxnzy zpd3!rSR9K%o`Az?W)23NUfgG*0QnNa9Y-~1o zw?by*LT`{`a9@FSqVjfBC7dpJdN#~Drjjf|>@;~VAEqlJg<W2wCfRp8K(HWZLR}2re5= z&A{xBT@$~nYrp!!bFZq7MCRVmXMA1z`4y3dhZxk=|F~VG@i(w2EOJF<)y0uU+80yo zipwL7+wPdR-}jBUqaiv&+G7pvkw%O~(&Na8V1(I!C|f(%f4_ai zeTWUQB!-CbY4vXsd)9q_)fH9eR__s+dp7#_ebt54*rrcuy670EXR<<~aQmRRXYy1& zU~M zu8E=VJq>g6ZS?>c+g(!~Odd#Zp~2Ok8HwqtwiTX2J}-$j>ZG}Ak}jh* zM&2jtEq+`bw>)Y#5R)S?K6S@tCbCW;3@fXD8BY{pt z$xDzZYs=~G9Fvy_^+iV^fKy$-ttg$=8>-#qFF%U0;jOjz!|TXFGOS9$bBHNn%uX zNn&iY1d&DkC9D(k3X0<;J&|>|?8%3FoPb$~@WZwr9q-dq&VlFjE+z2?kCTNZHZom; z9jGOa&Fs455k$P1t0Ui#jgj>ZefFs`V<79jPF5#E;-~{4d+ga(D?eJO>iZ)CjKYz8 zQLKXjMrd6HXVVQ`)xVR9ePtlW5U6!9)#d!Eyr2c*CZGWe2b))SlDTb#ogz%e3$a`3f^Pl@k5NH=d9izPBob$&a zC9hPUN=JVx>y^oB_(9fo7LSMm2wwAeO=Mk<;*NV-HuM{&l8nesuKWfh^u?v^QMRBT zC+Es58<5kbw@omXXpy4&wr!f_0?}h?6tE`u<4#=g-dYuye0Cu(xf5w@+dGc!)o<=w zeM6$>unAXOacT8ck+~!Kj2~8Ai8ulME_2}e*{;P$fNrE9p2bI$C$jE+OuAN@@}hw8 zIl0a3f6tAk!==d&C2wT)!6vO+^TnXfVU4$1n21Ie z2m|3^Dmo|_crr*1-ltWAsAHjESGCP@;f- z;fbo5Cb2&_2YLjC3pT*zq;Q@`2di^)F~1*#!K$Usrq$S9G;M2WM6I{}frZ`UxuJBV zejrN2vh?EC^wm??u0sYZz!+Qo15{Cnflt4OXf!ISKvh)VhlT60CwU3Kkjbvb zgDNFAREw+JBN%=vQTHn&ofDw8j&7y9Hnz{u8 zEGl5gV&|Rx3Q2SKG?0ispqtaMBTcmJ*H$aE{YoB3qPd|LcO!}{L%645?xxncqX4;W zb;=Y)K`#uD9dR3o;rJjVr zNvRIG>!3e!K=SVRtEYEtkiWwB3M};2$X^1B8?Nm^;xLVkhj|jW!bJm%^=n^YSZpgy zwCAptKFUNpTPE86hhS(T)pp0rX-xE5wyjW^2$7N!=j$(6p+#iqXCabI|N0L26x-X4ygv15IzCVQgdlamXMVdr+zLLoQBYsl#iB%U3|r4GxS>c+ z(DlvO8cNb|{BT-@t|RmGQDOMnwZRU-N$s9lEq7Q!&GPG1x`7dtZc`;=ux)fRg4+5k z+wl&(u=KkiFKm^$e4(PCdV75aUg+oZg3k|J>tQ&e13&2Oimvpx(MpKbXr`Wpq*7e4 zdb+wRZCm{@d54Nji5Rs+yeut-7ru5wZAN-JF_BNld%UrqqA!@5*+D@Fe|O)Xf03wN z@^^ZFKEZ&7?aw9M+K_wKr}rw)_Ue(gs!DzC#8_*)H|P^!imB26A-!KlpkVRS6}=ljO2>>(@0qK*z|8ks^x@X%eg4P4 zgx)`wf4{+^qOJAk*$=zv&pvB{{Slqvh7R}{{keVpFX_*cZvClr{@pj#AKjNrJ)||h zhx7}*rptB?a%X)D#9x*1WB(4~VXHdH7h-M^vxi@yD!CG?IP1S=g;sHHwL)LX8Lw%{ zP8LY5)3J4~_$*lG&oiP%8CP|vv&hyN3vIi1XS}9phdN`n&g}%5+tzn_O~7aWwLwO8 zoqW;HP#^C5?0W}med8v5*h%nw4YHguzZ-h?16!@46!NV0ZOL0fl&Yr7IY6rAIA8~- z>X7z#C}sJ{D^RW1v<@P$d%BPJ6Z-ql>hB>+ngAya@dP|IWJIX&XXz~R5X&%XD^NO;y6 z@3Oayyr|c^^ANabCGlHq$Yy%Wp~t_|@DNm-?3*2#J1+OgK{$a`Mw))>B+kfiZ|FI` z@Vm&3H?bUW8$-4v583Oe%zEV$AhS;{-UZr7!dAhkjYbNInJPCt@jaEN zK#0+u+wV&lZ8Yk9v%jrVC2SunVXFkrZBquHt1_6?7X@5Dnj8<_8+f~j=eGkZaMROOaqCxOWH z73@2dVVP`h)OKiW>X8Gu9+1bYFPW6h^Wy3`(l7#thvFccudezanU9~vn5f2*D8nCgwYG>Ktnh>ydRNeMxs@57DN>PjE zMbnw&P}h%HVSI7hty0e;_+n9?0q8%@Yyfd=HKG!?S`CR0UVs_md5qWdu51z4$#VT; z*A@ACpGpR0nD?uBRVf}AZn{#|*~t<+4m8w>_60@SUi5y|SMqcby=3U6r(U*%)mty}y}p4W&h)uIyY(SuobH4YAGbD0H<)L)K& zITBVm5>&!ezS5qfS<%?U_XN=x{Sz8@v-ZkL?|9C%BZ=vnyCUB%j4cl*n?E zdEMAH`xkt+%?E~&MA?_JdWu&@FrK>)Z#%2bJd680qG5GQw1vw zAHYfZ0KyCKL`DxeyeawB7=3e0@D1n?{tB_13ujUJ17cBix!=^P-ykWxiys!u?utJt;6f&A0U9T>mp9@(FxXogWEdu%&Dn0RPPCnNz zl^YV7kU!IV`Yi2SHk*t}F^S4hTP4d1aRGqL?VXXU0B}_XhQJj7s8jDB*cd1sfM$WT z2(}kBm3QnZo`EMAvY~r1XV40qECvXqWDIo+cryRl4b6Vf;v@xYy+!ORKC=S1dm2BD09XH7hfdoz*yvtBv-A>4BM$7lN*J}3U=&}Uq;&E8Dg^PHXD zK364R3YXfc2576?NdSH{1Fe$tK_wZEGiR*p?TtD^>jv-=gt4&jK#G3oaf*IIS?#f* ztoE3c-7AgRXwPHVroQShuzEulm#Ep9ROmf_%o1GbGC?rG^OgxJ;l$Qpav&$J8Mlf* z%K1aT(Rn3P?JlLHqkQ6qcbA6D7A5Es8nUY*^rJ2sf=k$pw)saFjZN?`)$Oz|@!YoO z{pnS3+RQ+d(ShGKYJ3svoDXutPknzZP-5}zhC{8YxHQ><4<&w%3M7np;AcZr-)_IVOUE4Z;-sr-c zU|Z1k^C!~#?$332s86u(89xioYSigXeFZ}CwJxDb$pi8}=KQd|!9d;ZzvPDQ{McyY z71vp94DGud&GY16PP-eE(fZL2I7BRa`}fAjOM6A0J8eM2nyP+vOKVX`pN!cV8`kXz z#oDWGDRU&|=}v*C5F7I}Gw>8?CG)gb;Aw4pJD*Z#QAq)WD0Pvj!Nh5Kq(Tgbk;Nnf z<0P&tU}#P?f-`(dOYjwSWC_kM=jM+Nb_K;|9ZVY~ibXv&<1Nkr?Sr#G`{K+n912<# zFYSlZ8@@m!P(pnTrps84sW!aHqj8HX6B!pGjb&j87hKv zAUzOX6q^HxM9!m3X@MU0l8LwAOiC@Sb@4h7idayJAhE#NX@(oU+|Cj>*P-F zJ#!D;zLB?1B7L_c3p#9|f{r{6K);7Y0eTrXcqM8`GNkc#fD6=r2i47-mJI$=z{UE{ z$*q;|s_5m+Gp@iy3;11}0t@qQJ-+Ij{}+J68BxHoaccnZ3JW;-%SjvxsVD*PT(*L4 zZ5!Ypaq8^<9B??*3b-60+H963Vi9q@gK;pEIz5x5(-v zbHRX$xAF0Q@OFER-_+WpHgZSn)Z=@}&(`D)k-4up^&dtUNZJy8q(r9u*-L)zWPkRQ zpF5kMwLRqL0RGf!Fc|6d(QddoujiElCgbmVO*N`Aqg0jX7?*gXcT_4|=7AZ@`H9f( zlNnf#jdJeuBhQ!_Q+4c1aIJtsT?Jw^7!k;@fO;b6cC39kR~QX6Ey_yc|thfvlQI5=5gkj*atg;f0pX`<*_@^W zf0~x4{JJvn2(g2Bap9Mw<+Y&YmGD14BP|OOId@-2T2>WUS{7JZ(xj7?JJhHaPoXg) zXzWDGukKExj4Y3alV9+k*iel2(SC^{+wh=is+^C+bymSTdIhy}gj*K|kAT0x^pDrsBawWTIi)y43eg8)6iNP09uX9NwFPcXvXzT3r4$pt zpYhRgc+{Pa@IH9~&eiO1+uPIpspaZVwIc|GKQ&vr|Cj~^@TX?+H~5ztN)~+Nzih0O zfVT28<)BRRHqz!MsqSW7{vz`_09ArFNuH2+v=C9~+`As0h7C*}5$DvFECQiqGcxxiJZpR-M41#EkeQ1G9 zXCnyAWylr+A=6?WTg=C<^iN6WCB<)Ze8CDq{{$y1@^%b%fVRlV`Z$DcGz7daP;@{6Oj)tuTn7>mTccphXWUf)HJlf}uF7pqMhzZQ^P$ zlTvA*yqL$fdtTW+V7bEuxQFeIq!o9gQ5mB$=Nx8 zy~59J+5o&;Or3s)!PJV8U1KW#Nq3lPmM)N!tP~6OgUA~FXeVU-(EyDYvKwTT0$EtH z3}odCvffM1Wp1b|q#R^+>sQ{v77{(YS03nq6w5pCMUA!>duYc>=e%;kA6 z{G|grrW>l26CI*3fes8lgz{UdKVS^p{wLvoY>P%gxn+HKoz-tmXDd4k%9w{cb@opN znDTBr8%1ZaM-@6-W@yiI;Jk&;LP4(W7=3mczrLJ0CjEQ~NMjlHB<)4ZS%}vX1|oSM znY-I~p0)fd(NPZC#g?X2X*kHX@hia*_JZ)ZvP2TA>2;YJ==;nhX8m$z_To! zxDsMeScLV(JL8{X?7DsuHm5ip%jDmT)XVy8*w}nz(u#5i}tE}RLtYv%uz#KD9?8A1gRr{cP z?tz?Unm4|1Ni~8{G{v9$<7cE{DDa6{rWF8n0`yuvPRrm=bSC(-!`tqEdV7B;d4c`s zfHKu~T0zQwVSS>UcUZu&24Ic z7>AeuVm=@)Sm6EbnSXYB-eKgXR#KvV13sNVW5$2brfB1Qtm!UGgqB^-5OGX7cEZ5q zFv5eS-n>CeBd{v?QGL%DB$`!rCx56IPtzhymMr}I_e1c>jH zaLRz$ax4OmG_C|D^eE6W*q%x;!Hq06WX+IookWcTen;OXlACA+t#Wlk^$)1nst$p4 zpl=KdK?smB^tyRnKx?hLgMqPuJ%p>?$5#o=afrhcgo7&Uq|rwJ zIZc-1E3b2`j64BlLVpAqiiYR7^AR^vadTdq3DX0G(Rimk+X<(zV~?u-87$y80deSB ze4Y%c_~edm|d0|o#A5{XVk;4SjfxFw+9a{166J^g{x+BO^; z>6bd#koMtl0%t5} zzy!TB`79BddBj7wm>u8UtSg6ONEX@ThD^S8Lp|fi0Zf=9@EH&QQ}#wYu(|wf0_KL# zsAVaj+%NTTsuag{(SQ^MDL@+{-ko8Nt&yNAm0Qe%3`C{YoWI{giDpc+``XXjnMS&h zgG3gQA~C2~F)7KrR5ie{OfHlCw^Kt5`KUclYrn{^{h*uM+S{aFVITC?+kfA*J>S^& zC~>f})*aXdr?J~2qqxb`NyzCO#;8#=!VdJz>o@m_+X8a6RH&X1_=LTMay*)+oKQr%6c>1%6c;K0ib|7r!DpXC_ZcDckI9r-6=vR| z8(O~T1R=P0(b?J>7}5-IEskYihb>H9>VL7!?KusUKT!5T7af2^9XG@HR|R!@DR%*c zc-i@onAPBhXS{S@kK}0SBsH&feAu_*i`ber)b^HeoEv^a78BC{*+2ODHWn088ANj6fH2^cfZYY0n%+#g)c)VzHA8a>6zUUAaM~15NW(aJ_$ecJ&grAZ^rqA z4i}+}p~D!yk?J{br#ryi@W1~~p6kdpgS&)V38*QEr z0h{BqvAwS!^E&89V->w`?)B{YiAY0#lG3VzL@b|OR83$vVg%#Tp%9LM-hnmDdS*D3 z9i|~S#EG~>*4OzE=EC_^M|F!7FptX6G$TXNkGrBG6r@_2tXZs*5t#SsSqd(8Wvl{E zhCUra%@O_#m$vETR)MXotzM92KHrrP%I6OSJ|BS3FFFZt65$G5REGQ-l9Ds+j;z2@ zGka@$g5R^uZ`BGXtnb{TCa<82r=sG0+a|a);Tyn1C1z(wr2&@1NLq5y9;XX5I7|2$=R?{$4hmwb& z#U`)*qt0C!vL+c8aO`F_Upw(1lbJvl_MSlU4@IpI?z?PD$?*a z_nAt29rIs9%|B;eM$>Q8cU*<%UE7`4;N5gWUt>-D_4IlH?hJ(8E> z-rM^DL>|+y(9Rzm$4x5!U_4yWAvSeGXD&8jCHNp;nU;<=QH!uNFO_QXrW9$-RA35Ykh=-K;vP*639&J(A6Uv> z=)b#g;_$h|r>XKSTmNMBaq#h$5T##^?`n2KFypSdM&% z&#BO<7+4Rz|AJwUs*?ijQA+k;ERzWDah9;h>0pnw_ZwG}oG$Fqex}bJd$9|Ss19_n zfWJyH0qjrD!0kU@d_LtB6rmzG*~~I7ZCh@5rA}(67AW-J&5%Q|uvY55~V$wm&Fwn zYa@-ajWmYZkKjphnA&EYEF1UQLkx7f07uuCu#xm!3|&IdAM7B52WK+xg#&>=q9gul zNVK9fK%(-L1YdWCkmv%C=-;v=RwNkTQ-aULOC!O9NE9dwNH9p`@K+_%4i$`-%W+cr z#-~86BLl<|&645GI!zlcZ(C%DHO;I8&+w-C?{0D8Yn`}wSUg$AyX{^O>#Q_lrP0eR z%3Wg4pI~5Ix8Zp~{bQOfKt4#a1~4Bjc%CAi;0~A)(k+)y4Cz*xALyPv-GCV${P4`1 zJpR~de&lMDO@H~2DqFP2PuT#!Tb|Uw!oI{d`~mu`HLg z-YnJOydl1U{f3CIvC-{6}Y%QeM*#FbW8j;4EyPc7W!%m2mj2K5>!fE5kp_|#^y|D+ef|1t8L9(c`}*}>yfmcgM!ybwqHF#7&B@waO257=BVW|7tNnK!_3PTZ zeoDWdO0G^jKa{$pCMBM=r_5EXjy1gIC(f6ly*i`Dik5tjkuvNpE0zUIx0X5QKU$Cf)@Fw__TO) zu5as%A{~I2L0SY9sT+RoF+d1t%hPO~QJ)tZ&#TPQ`fRaJQsV^qI`H&yLe)!Q9^YE*Qx&z)JPyN4Lsjhb zYh5q3kkEH*(#=}+2&t=CI&oSZqvUD@c=|Jq;y!89ZSZg5qPpP=r8$y$eDHOxckN72 zy5oMLps$&~`#F;V-OS$weOIAXrLT8u-?UscI1t2?g=bap{xRuIw&pJ2L4pn0GPp&pIm_9$#5QNPWpNZ$BFOwIEgM+;;TH2=JADlMX)}SE+%7V=}Z@^#~!%6w%yK)5J z1$ktWT<^f+EQ-*4j7+8?!GjxS%%57Chg@=Ytn z0XVkd4ls+_*{P*)&}30tDH_GuKd1m2#3@aL|8I<7PDT-AhbUlgs-VXKG#In!`;kUL zz&M2)nT)eotxCAjkhV`O|0xe=3*s9uwXl&){8nAj4gT@ImH^l+{L4q!EWCA41Q0(0 zF_X+7H{K=KnvER=tkz9{wBVkyF42L%H*%)m3DlNNrVya~$u6jEk5p}vGGSFRssW}5 z)Fa;qzN0v6hh@MsHA;jg8BBucQ7`%-v1)pXeyt;bz#2J|f4ryu;vbVZOL#Rii2omP zZvr1xb@q=ZA%g)KZcw6eK?aQ)TrePLK+uTyZ$e}+IH%--+I0I@P%Z1YD;aoEZ+Td#}vY^KAYP1K<4gfwcN< z=~W}yQ-~Sp`4D9rzaagh+$H2HZlpMrhFIP>5b;!7fR+k~Dh54za-EwO^!QnmB583qzFMKJV z))*m39jiiqs9&7GNei?FdSk2+FObRSMpd6BN*+VbVA?!S$&38OgJsCniU;@bnqewR zJ_zTjNw~2&HjR&E^QmF)qGLtBmgcJB3yF!XDI|pZiI{`<2gLa^37Run&jWM+t0_z>x z)YPdts$J=dYs-wN8eRdr%Q_3uH`G9+bt`K_m!XTe_`nG~{ivov$>}~Cgy_n`Ucr6( zA|f=n9{74F=Fxz<42JeCWNI4VJUA0cVqb*^oZ!?y!UUkbG6GZH?EYmHBcsWfmZDHT zb8-H?_TWP8FK7x4mljE(9cL==LhZE_iBdt=H`W%+5nP^9XR~{D%5Qg5GiY^5l2+Zw z<4uZQz~p4Qru;|RFnVwdgOYfo6|op(4#0S%8$k~d8bqJ7(%h#35{r6rVMU)4oMX9> zLc9|=^%0HpzlD7`$I6dz7MI$^gEJ-w&f%p5pOcejrD1$eoR=e0(wEBfGD>N+ppMywM9l}d;Y zydKRbQ4cDGU^A`grvOKm=kP}xVZ@n&!{uWNKLN^iFTOy1EV>pw)N|;yERLR-NSlt} zfK$+P^6NuWzt;1cf@hY>hM-l|QFy4#fewZZ1Xl1d83RzGNSA8{1IduCq%n9+$GK6*IO zylm>$Q;M>!#v6D)SKa1H5rYNlW^qS7-N9#>ST}5}gi$~#AX`QfU_@Zu#+`-l_J0Uy zF|OB$rSfy3y3IL0X8Od3v7t8b3wZ>8!UrnAig=N^>DU2u*N`t{3YmxMM_=O>xp?3L zl*1&_czNhe4LCS6dX{8IRpl`f5Ej*~ET-qe=($p05lTOK2Voxx_W(oLT(we8G=bf# zfLyZDGhCzN1e%BPECIVHpE82^&p)Fg=LU>1oeYX!nIics=4CO14ixNbE%H--t zxqa}^0BaHE4v6pI$ zQ=5)iKL*eE54R}&06vVWTfM(KpQF9*6d>FP(XKxtd`LI5o5U@D%+)`#-8T>} zR)|I;)Kw&@z*~cX^Zi4}@E{5hT)<3V1mM!u=oV03#}L=8Smxojm|??)L*RhSdSY%0x&jBwHay+)^z}X~N%> ziN(pQf6-OAu;!CQ+I52~G_ft#3zUNs5N1Zr3&a52k3 zBzUAJGYh4?z$9H($z|YB{ZsL4AV+?3S~(UNsnZomk3c#e*hi|Y9?j~qRdso~P#A?m zl8z=#%EKp9p=h&Tx2zJM@QRu( zpUWxE)BF1xX)JcLzYnAOl@J{MG2F98B_+MVq@BRqr>nlZzZfRN^5yay6ip7xU%S~1 z%S)bC!}9GA1NU_~tRnC`en22S2Jjf}298)a z9yO8O#HWC(<+h&W>yh{5;@nd9%>BHyr3SJ(Ce~Y})?0&waD`|$dCI+HU&F;ExGTqB+!Lw!FY-g8v z;8A4N)br}VB%~hy$S{PBe@wSX3TfP*8-7^O<-T@;aA= zB+ocgfm&H0%T{~7zgw26x`)K9An8g;U=Td8^-U5yg;(Yb_jrXm*D#8o^_>AP%Xi%{ zislI6611YZ1eC`R*?o1iiq(L9w4?w(Vg67&DT1Pi)9k+ftiQitjx}WXy+YNmQa){V z>r#HZ``rpwdeO&9q5zZnPwuZ1(^;Q#ekt~a9QqL0I_F+Ks06T$2`gJxn|s*X zRK*kqUQRaC!o2Q3i`cz3oc?@L2U^-Y^NH(;I zTZF>{r=;uSe(pL>u_drhyds2%@j86SQ70=Oasa`@QkNzbx?K^@RkPv;BOl(ioGSY+ ziS7iy`Zdd7YHLL}gg2<avuSyhR3jb$#TPV38E&#Q| z@!&$0jnH$otW$ziVQvdZ3X=oC3v#-MOtuYJ8AaTFqZkHwPbedTp5>;EP(3Vb$2ukC zm@td`$#9e5q-Lx(8G2s=KEgd#(mSe|C%x?bWOM=z;sl?W$t23@+s*vEiP2so`u79pd0M}MS zy(*#c9X#%EsOEUi@q7s4Pm!_^&R46?z{%V;u~s9*ffA}^0)JFUWI_G`1>@@L@qU5HNL(X`^%HB9mv^kma{_h0A{I!KL%eLc1O(UyK!X|$ zP5wJfH<@?{G;xDB)1G3~X?(!{iM-|?j$VV!;FSE|%WM2Q%|jpOch5t2oR}i7M>VkP zJ|4Oj`G$wIypC<|%tPZ;p*_g!5vs)QYo z?T$9HipL(g(Q;lAWrj5}cI<7=7j5Bu(H8f14BYMbFVYZB99SUX#Om|y*b3XBOOh;h zi7pn2BQBs8wBgvF>fg}MYhle$ne*}FAJb2%BoxVH_yhGk&lpA|mx?k34YqI_`(Vb% zj+k;N8+Vq*55`3-4Ko-rooJ6@ti0e*@<;G-KF~^wX$4TQb!ut0oNU$IF%>9&P&$qt-=#RHKQz zP^~+9xHs8DyNynPSmNTr1^^d@_Va1;7w>~H2ZntNjEtRpQwBJSw{Y=VUjy5+`P}u~NZq7>Q6k=g1)teB{rU ze9lD0xDRWV3a7%ZMkA6lN3Z+U8R$Sc{D7GQ^_Ycj0u5?5PzU;8n8buTbGF-o`_GSu z@<5f_nCF}W9|t}lBXu8;$zvB4pr-G3orxrDoN0PDHI9%PZ%D1N(5rEZs=5qj5qUtZ3|qI}AW?M&yu+yv!4 zc^YQ&<3*4kT2Uu(^BgXQ%&0Hh*TaliI=#0^9S zU8*4OAU?5D?J>h?99Bavd8nK39_jks8Skj}zyh+^*(_Ho&5Gw7d>mP!8f==C_^UXb zAO}Hkn~y=*@M*kib_0*9k-o@C-7<=fnnmX@$Nf198vG_|qz-aBvm&fxf4d$;~xsC1%yO&A=Fok6V^f6yMfr{g4%z#A{%`!zh ziO7`%U+?Qb2K6y?m%x-_Z+1)3# zWETuHyZ?IFUza=WdSLg@pnB)=<53Eq;PJ_@Ho#{AkyK{TSSn}~CUXLVj{ANz4#1XN zpyS(PRZ-VDUeNe&`JIBsQ?4>-eB^h6#%g@`(!oYf1OL#UNUsG&!k|!$oXM+xEj1vM z24v>QK(pCRJf!-r4v--p@j0lE1iq$Ee=_DT_*0PiTxxOC{bu)plni&+FMz`ri9`S2 zm9`h(#e^g^fUG~5gt074nwkk(pr(Cb(q#Gvg0~+T({Q6Z|Fh2_IRJ+eC{_V1A~7DC z9NuuXgXJN=HFivo#ht)i4SKE4-~pa9sg|5#e5X%OSbeneC+G5eCz$af-5_98R_Sq4 z@o^M@^PY>**oD*>Qc&;5f(y{hC+0MypLNUFeZ9Cx z2crc2E5&WnYiI8k+Bm_hUobA(BfjhemupE0QNp5h6W=IwiSh)dU|NZ;LOF(EJ+&Fi zhKH`>%9^1a?Lk~5kdOQ6BC)sSTDw)2^G6h-9|ef1IU`Ou3%fvQZfF~EUseQ15++@* z|6-v$Ee;Kbl*e}~i5PsaMxG1xwj9q0y{bRK$xzX}*HPx`qWWz;tmt8AnaOOcp{D?$ zLbnkZ!A&T|>&zN?st5H#1!tod<1No>FX!@-GUE6td86Ddepdk`-(@RTu-Z81bgf7mA@j^HCe|>;47c(8md}SGht@uQwmwt4%JL6js@W z@uuT}vs-3w<@bPsaN<0xo|qW#fpsoNg747E9KMB#?o{7wuRaaH72!-GmtBdBY^?&E zs-F{MOG{$wN@DP=by%(`e>61vt;tY2l6>)QxcGpb*wS9-)Mr7v4d*rya-R z0wLVqT5ZVp8z|$KZ>fIo<@>B(?!A1gs;OSxLCO=?xbr z&PCuP5?dFEy_z^!@bV>A%O@;J8W%~&B%%LmjsDB+21UHmBOY9RcnXRd4)9P^i+uRl zK+&Tp<3~}m%E4;5sPGtm?nwn6d-L9-NL5V~{Wa7LivFErQ1p;5TTtZw>DMyH`1sW@ zLQObh!q}js{gL=OFJpm!1Vu5KY|Vclv*lRsVmsMtU)k9L5 zNM%Zj<@!iUSeRpi*njkJxAg#p=yLlC9C0ol3Aj9L$9hvd3UG#cA;-X&tl$86X-EdZ zRS>k1Us%p<6i?87>h&mCS*ZJPRf8%+>wqm!h!4(9#GT}MG85k$f?_r z)}!hPKC^mMJ;Z149#y}e7+W;V@UexdCQ8kGD0QBFHXX`sMt=k!$E{cx?G+BvH@V2C5WeIk{%xn_2 zQpbK$w`Xw-37lhc!hPpFHCY5bC^M9TQ!CeE%s~00SUOfO;Ps3r*lSu&GgIX>s zjX^1ivAyIl_7F9+uk)6YAtX==C$ns+`{J*Jtrn@r*;j(Q9!;6TN%EIdoVP(aHyJcg zb(@vxSfEvwe!{sqKzgQKZTGc*eV=oq7NnSCx)rle1oE}dF*8j!0ILm$6>NF8>q-aOljcm8)r=4A#d=eObP8I!}_aGh=C)nMm z2nJn5!bg8++|X7#HXM~r_gD&H4e~;W4L~g5FS+MSG=Vc(;4rW}M(FX%+#MfLuX_%Y++Q{bL|V>KKNtl%X@5`2xDn<5Y+>JgeGSZ?J6vS(xv ztKl-rD&}PKi6Tci#y0eYo3^=&TR&9LXa-v-b0{Do?}wBr;k@v-s8uWiEJ-?pnPm|i zYCHROd9A}~ve-EDfOufmLA0Nd1F{h47y$)>W4G}|IZ4)n4@@T+`6hf5W3LeRno+Ji1^X#e=yoKAsFC=AZ3mL!w9=^{Aa?s7h?Pp_*TC~Q;gkq^&Y`>6y$Mbf4XFdJ zka>4he;P|fT?v@pf9jNBh@u6)M*5l<46I9M*<_dwJ5in(LKcNuuf-3dUgW_EjF_gy z`1PPqjGI{q#z*(iHupE2&>+>E+6t z8`z|eP!B0yf*wV5;#Ec}UrAg7uYn!;-cA9>syB1G?TulmM7oRx=IKS9^8`b@n2^Y3 z!aX`$`HwL6#gIK%Jvab5xC5$%C_?4NL|Th3!AfShi>!wYxcU9rLGlAWFXQL%OOwm^ z<#P-!22@@|A;CU_hkJWMg2{Y-P>!(`xJQEN9Au5lQL-XOvjcb3Y&sGJjb{r-m2%D_ z9y}ODwa8pUG>g#D_{C8n&LxBR+Sna&>v%f`O#*rlWhv!Lpo!20_sI>}{n zHT#_Vdh5$M0QjMW5_lW&fpK970jS5mgQ-pe&%mlZ2lyI|k<3&)@Mb@Hl zI(}wYjc2N#b_Ra-uo_Rn&!*zMlbRxVBT$Ozlkv2B;KgukU5G9qH339dYF^aWN6j#i z3S4L^7Gk5)16v9zIfD`cCV?8Is;x4J`Qi@RK>B?3+xl3Ie?T#YqfcgK zl}%^%!Rw&aNXL?|Pii_7=673PtMNMhW<=AOeeuS!8qbwC#d*Ve}8eGBn` z9tx9{BP+xg6-a=E-a#47LfHIixJ`Eczwo=g_l*?2$qWaGGpB%RU!wRynkO@C&nDO^ zQ!Vg{txw#d{mV7L1plbA$bJ0l%z;B+O}q=GhUM_c>DrrFx#iW zQuNmrt0ir$e!f+-1#t9v{;z<3dFI z3bOH$Us*FVnZOXH+-N;}@P`c1Zv7C4QD@q19jDoYc1F@+{4l9S_%M-2xo`&T97dl3 zpg|)DBDIT{Ab=pZD1l=BCVaseoB~lvK5}-&Qv70e!)HTcHxO< z&I8@E@gjxZ`h4@N)MUdZ0L1fI$YwU2Yk2~8It%<`Kj<--G%dZP!MiRJ!W2kvku=%< zhTiEyM+~uuTrTgrGr)ohAsFjtu`K3S$C}BUzk^R1`7LERRMx61b|;}}a9lBdr)G>o zhV1EMBWMX>85Oz5NOl}9&in~6D^zNcx+Dy4#+{5VVcS)!9?~LySuctH-M{LRdljD-8m!%EW>6Ly=cbEH};~Ku}zS z!CKU-c6+Gmq}uJhs)pL!_#F@D(%)7eb7?SZ;F1v@bGV&@-PpU4*iya21a`Q7dzRHO znIi#EZlyq>C*K=ht(uJ6WKriusFPhA`9T#nZwpVR0IB?aeOD7O@D3WWV>{btlFHJv z7?@sJ8-y?@n7Qs@H+nlQtmq1uKy04q(-g@p=10v0L;~SDDiFsqfg5q~=od38@IFH} zYE}_y#1Cg)C*T`*fC|Iu)5DIz!cmW*>NM{9Omly0DdgAiw92+^IK19H%}!rwuiZwg zmJ0)hpd45ACPJ*y0ZT^HfOy`}5r!e&`KR$fQ@4hAO;2Trfhnprd;oFPTCo&{ID5;3 zpxTIjd;sJ-MGphxbJ(Gz=)T4Az?G;6hJCV1{n?O+Wb76F`#m z{-)2U`***;iF%8F1f1RDAJdy8MM|5fA?aaE2>If}9!j>Mu8ci8QQM;?e4MmLZ;v+i zC^AFYqi?8Doxp$xDBY-+N+VkuHiM=wGmLZ_kwqgS<)EVBRP1xUBi(1Oz~oSNdZxLU zb^roqRHaNN=mP}ck+`M!QpywjENz^0FrtO9z#p(_j}8`l#2ko<X_# z3KCqz6u&Wqg_1L_@s$5P)X-QuIrB~?lo{qC4yR9nAR|@tKhR4d0Gh2^&5vHdysfcr zpGxh2I;(U7ea_U{@*g|Zijpka$XX)D3EuEIxus8@yWGnJZV?}ciT)Z2mwZ9xZY?^v z36_PU!1wXmT6A%G6CzMD4t!m`$Y?6dzzd87pI0w>G?n$hi%hHWQS~CTsSJ~H+XGhP zz3N4vsVsmOJ*~zj^`d7}Sx>y!$7;Muz1XLz450@Y_r|N$i>xN>WUJra%W7nRA8_<) zD(i(8y{*P#^`duES#P}9*J?abz1X*@Y+t;95jtGG=+jgNyR#ib!G7vRu&E4YXFEoM zJVgwZ_H8PI)!B}L;OEd)cwse_VH~LS^op@su*OO-B0i!d0270oVZI|$V?uiv+Dd3( zGBw=(*$v2H%&>(e+BRk41k|@?KY(CjAFPVa>4onnI+v!ww5+Q>q$GwE)vEY0u`PCN z2YsEZU|8s_!R*6#)-fX#V_Bv?-7@ z&{p6Pi4zBpb92gtU*6GfTzHw%rynmp5@|_kNMR*$q=+2>q9R+K(FGt~?gMRIl$X|7 z_!75@(J!D;m`Wr%$dOw>JnETt^D&b#z*Di)LL_8IcX3$02#VUl0_4vQV#d?B| zky~yBwdu8yTuKAcx9asv*S0>>ZlK#&#!A9E#xd=DzPd=qH>QR8>tY?-n073G zUD9+WZUkp^0#JZY7&AetlB=5GvEd>$sKEAm*Qyd!WT{8GdhD1gFMEs!Mm_^I%}l*| zcEXQrlCR&4>b>=MPN3#KAAYFYX|3e0A9vz^4StfSX=t5xxwQz^qUj*?IDOg#{wQj? z2nuLh#-46JpnbOWm^O&N#x`99&pASiB1__^7tu4dUd|n*;6G74j#G~#)nmvR z=+sECve&6j{lQ5dq&G-1nIge|fIUn$ZwpoRvB%V+Ggiab>=NL&sYqwF@z=;UYqq$k zPVkraDy5s$;$!H)w`~K=c2q9b{k)(X?e@T;K_35A_JC%1xp|5t}#0;S3s4PCA`@@<;q#9%J6;gF`jZYgC*0?#KhF z)PZVTCbR!y5R}2na$jFTQQd;D59xtdf)}(9xaMQZXz*HjzMr4-z=&)gyf^O=PCd;>E-%9igBXA)j( zR_*qV>V6FO)^D;#k~h)e`DZL5sDD`l@Ye8Az<2RS6GYs)$VwNJ%U1qy(&r{y{lWe zy6w%bYTcXG(Y4)vMLf9Y{6czjaTvYfU7vJq}8cby`dOSu0EPBAF zX@2^JXqq$SF=hfE92`)|gs5}!-8ZogTJ%8umUQl*cm&uR+8S-Gu9AOo*qun^uW zehiCq(Qot(K!;8D7GB_d7$Cm$`P-}&N)%E*bR7-YD>$2KMqg{uq5Y!oRc%3tE0o4t zTtn$gyOpoE760XvULo3FFqWF}!DUdtk<4w`RY%fX+4v>qs?;Qu0fV^;!KUFhQ+x?? z3p{h2g#-13*kA?3SKRZ^1L+@(#Gj=kCbN1|HT)5YeVMoq3$Oc-Eo@d$Dvk`Q4CD3J zd@ZtRnv(T{o=YOdQj54xj{&-ZXf{Q|bmG^U%Kv~Z;u1IXzm%|50Qs3!7mFGjOyric z6E)sQ4@D~Zqe=S6kLs~Fj!@Sq+^7+uNwb)wfht`THIzeDmnMF8WaQrSfG&(Sdw=RTcz=%Z1|uUU=_8pnt^Ud|>kPR)yCX zhy$6*qBv!{+1NwF?#cw;v>JM{GP!3rsmZ-*KjAAgu{W)Rzs#iGwBh_UTsyugr~$>h zpawHsza$R_uMr*6Q$0E=vp=N<3YN+v=NvwSses*bB32x@0uZ|p z%pNFGrB7F-$9_-g^_!*cx8#xYH$HY-HyCLT&Y=RpedXtZyw^qnYsveG*jY~>^yG?K zPbC~wyR)O}(@rX(lRRY7zI5@QC=b|y@V3_9;9(CfMV7K?fh9XW2$yCoxEy>VkgPIv*L!J%f6r->8$eev&=TkW+PS;Dd2a+d!eq3Cm+Z5g*9OCF_Kg1$+OeD$qq=c@X;rRGjs-3_x&i zcpp*^Oa^qy6~+1|5hm{*hj8#+xggFD0@M*PxC`uVv@DK|O)kQqCHdg<3{CdWHp66JpfeHZ7v{7#1`nKXZndi zO_=W~e21_cf-!|s(DMT3=w&-}SuaLZfSm*b5OR7JS7VTIf_ zjO&fsFTqx7j9qtR&p4LHG}gZdJ5p>d%Ir4|zCkXQc7sz|t@>r^b#d=>ysvr<7s}sy zGH1dDV+GI`_TUffkzd|=NCd0X>RU4~ZG|n^_#xFEg1M~r-^=YfA4X!U+TT}6gg3cj z`b&O`l|0t$VT5qSE6{pa=%m4u5bb%&z)b=7h&|mi?;-HQfG7Wke*5y#cto7yyeSld z3&>Ly*0Y)WUftH31t!OFvJ@y$@QAItH(#f@5M88s`*XdrkR`7F@|T5Mr^~jW>12rf zT*PlMeR7LeR*E@h{q2aKl}>@K@mA~>T|s9C+q@BneTo%fN`A3aNV|<6t-AL4I&*{0 zgfg9zw@GKV@QL5sF+eqKG64THYE9D|76>T8Lw{)088`cF=vuu+?0Xb9V0 zyNMJ8$;E$il}U!qh)^TzkQo$36}C)vwD&1)ii}Ff`ot3FmUPC>ilJ+Jj*GPwwYr(G z#H~g3A6XG6=Tq#ofSK;oy9C;M>P02csB1sLi%d)#y*ag{xG8f~#2F7ETzTW;?KoIa z^E8ADfC$e)ySbkaN<}8e1jsG-MI#sdM6mMAP@p3X@}1(}OuGSnhZIbP4ur3dPSJP7 z1oWXY;s9=ha%GZ$vz`xEk2|X)aFJu4u_BTLIa_$dCaTcRCEk@195A%`)IFYXa9O({ zOA0(z<9?Lj)Oa^4EEiijhwR3I2plT9Uv&fzu%ORASisvP)Rn2QcnB0q(lt0yYXS`{ zD4EYMD+zH8S-zIlgW;-6}CTY$6!UB;2UcQ26U4<-sB}J zXfh0P>42H`vzc&LhZKYUFOlqiI|OXAmflw2;AuJhEF^`% zTtYq6CMbLhL1KOYHYfe}#4!E?AD@NEXN*R~gP*&Cil2eFLvQZPW9yKqdF*Hc36TenIXHigT$D2W z_k=;S5Q>t8LI8w)47abeiAE>*T8&|$OfPSin|nN{djyO5WrKx z^-WPnD+M#k;$Cs8hicCBW>#4k-qi?`@6CWE=QpoCh{6MA%40+`A8;vi^?(IyVBF)* z_XaFFvQ|S8^4Bg=8*~>v$H-8{Y9PF1M*Ry!mqClDO0p}^72-Q#pL}-(Rx5JYQqX?C zE~%N&jIdCSMj)Q^=_&#E19^;ilMnc30Qgc=2y2n=-eT(VLV;ZXju~J{H3cYA8b}?3 z0*ew*-2n}({*~_@U>YI7^qa{D-PMM708UJ&*V~PgbZ-&m@xkV%9}BkF+-b_s{Gqm1%jrr?w=nH9zasfO4<{A05*QCwtMh_4wVtvWzW)99sUpeIPh`*(#T9C0;# zOFkplA+p>g(W#5lRdi}fM!2ae??h|S%{{_R)ANQ>PHm%EN}0et7h_(15Rc#xJZSMP zN0td=-~v=}uL!g%J$alTb*VzeNkGPV^ zfUn2i5JGn{po7oD#qGs;@OX;zh9PkV69q_&SKk8gyBVC`2f^G18E`90#Y#C$q0!Y0 zl-yL1?Vj}?ANl6ACeFmCMT@D}l_jF!V>7j?tNmVt>F>t>_mGYdGR5X1W5VX(38H*^ zBDGSU^P(%2qvv&{s3H+Z79fsxf!G*TdhT$zn+1F_+&q8fcef^HgP+}_^TFA}gtOu7 zWZALfpd9f(z=WKMdxvc?9KH9Jh}BZewqjl9(iy<#NbF|msB+r_a5C3^68?5YZS^tC4Y6vcW*k6PNTSJ zDe^Y03gG5b)bI+RP9Di>6oAwYysIX<=7{X#5X zk$LLUWTw0AD4>grjyl_iX*cf1e;o+xH{uxD8tPzluuKgZj327)S)Zhmf*g_;-p6(H z9vPrPyK!N!B{aN4tt)=4#@S+yQr07&S7F=iy(!DKV{BFYc*dNkf0EK5G?kn$68)GQ zB+-ZXRPe+t!1X0?zdJIkucu+F1{H`hD2`IrR;GsKm>Q~}?yn^FbYQlNIud-KdXe*T zlc+F>N=YQYukXmlG4gD4mR-N%YaC2~|Cjek+(PpHZ!7PN9K@-r`^q|OxkY>j1?_*? zhPxyW1UnBkkzgtOjPZt|S9kWq9VAjto)%OqxuhQiB7rsZStcL^V?-GLL9q;n3{R)6 z;pTCzhLm2P^RE;-Gxk>tM6<3!90XGhxO6q({ONfJ>bAD`DCua$2yn(pB_r2Ny%H+4 z&pst1H%z@4ss25&wgS&X)5Z;2Kdx|N)mzJz(nO8Mdg(VkAycs>1 z4iTBqPYlYzB@SRaef6<`OIiU)~=od>ljN(q6O zV9gq1F8l?;GAej8q6A9jp{G=6k3Ug`G8m{v`$edWN+Qd%LV!jr72pR)(BFXaSB-Hn zr6+UIKba7qJs6E?P}P`xV}?%nOqo0?29yRbp)|&dgL2quVg_Om0=ME9?-fI11@3Kn zpCVXNw5~ah$ebbB6)zQg?%5E}T6NPii5p?mx_uM*R_l5&g^o?^whKS$zlScoV5t$} z-gUwKGz7+M^7(|FT*W7PayPr3E)3WM1MDVK*^hNA1R(q;^I5!}XGqQC$+9jcMbND}X}ade~W z;LjhO@Pzz_6vZ^;rCN>eZS6c|le^1|iwDP-v!IbYIFj&-;TsR-8o863c-)3FV)KpT z!LiVb=s>3h<85!5SQvoABIUk@|u7OM#OP_u6Fa{em#-sxLCE{MIBxbcVK%{^j* zXx2m3BS$^@s>e<0k$o7L`&b`ycePhB1X1DhKsQYWi@*oNKY^wx#4(grR~%oqUf~#+ z<@ggg7S#b8LzM!(g7J(x5h{v9QRZ?Z9M&N#owhKq7C2KUqSWuiRc_ZJ8?JrdqT21F ztcFX~ud~wC&x!aMaVG3S^uA>4#*((}r)J?Kouw}u>Tk1rTO@t!=wT(=_g#2q(aU%gvnm&G@=u5el|5z zid0xx^NgnAzWBA)nn`$(l_9$2ZJ%!8jouGJ zOTn7&FL*2!m9;C~ik`uga~9@cFdJWv3NW*^e>%i!|Mc1&!1(^mN4teA;Jiq+;GDIK z=ZtRMXanJP{YUAM^fpenRb>H@iFx#3u$Z4Rdj^YRC}TM?DCEk~`-n!Tw4=S(xTfNM zur`xA?2)UcBiOXw9*l)EJFWWlK#=X+mtt39h|In;sO zu@YMYruPOWZu~640|3nV8{DGP!iGQ>*w60viXz8m&SEJ>p04L{%g}Cf@rHj)w@6B* z=bJQnho90HU<=*V!>(R0()uG+_+tU~W7PwZiLJs4TOyz^@i4urAFb*yh2auQpp~S0 z+C4{ZxdtO*gn^9@4Oa;#PQmUAOq9;X{z32urbCpQ1&7AH&>xJ?Cimh-2$Yh&dpxq) zT67L3FpHdflPjU}LtsZx($5!>IRgat1<3{zkPCc$vkIU5K0`<8302u6x!Q31PslQJC=t@FdzZq(2 zGI$I28VqKj@-0xjjSCdvMplJucaEz5j~&yI2}G~4C3l;?A`Ts-j|A(LPje2%C$1%( zMR@UWD zi`C+n<7oTpHcQ`Q3-Vf7ucM!!+#3Flk&5apDRx7yoISz46HDHRAgtuYm9rm-1=fXl z>+I`djj;E0wW;FXbIW_+-gH1eHe_FKXfe$;X{RWaqa0*weVXU z3%4Kq{Jx|hR)MXBSH#y&;Nkvy6W#BZc@s6-9Ign7jX%}_ykMFmrq@=f*H0B%!sJX&4(dJQg#C%*6v2Gb@ z3tr&o_IQ+J3C5r#&d2zH2WEc``{WRC4Y!U{D&fJP89;ahL!0mbv({u@-K1xfFL zj+L1m6%Wx&0y_hi_alL@QscWb#XQe1`K@evYD`8&8qGniVQV$s>ErR@hm2o1_{M_*v?>2~>o>&C=&h==1hLQId>* zq%Jo_OL{k?Q!SBnQ{_Z(<(?&v>`_3I3X^>Ka$_q95X$^W?0^2j z{}c8UIhG&$S z2oGSw#|+guf!i_^kjc1|`-R?nSV$HR`z#cUlU^)=8p>Hi1r3&d=LF*Wsk+M9;R+ZJ zfNiqfoqd6uo}ST3+8gwL+GXfFfaEj+Y-@;$S7L_HzUVd&yTawvkSb0C7fK*Bq~{x` zuNiA2p50Gg)yqUNK?Uep6K5sd+t7Bq;@mKB=vuG>KLOB)C;lWG+PLz3{ z8oGW*2Cle8%6hiP)nl%yRMUc3lszl{Ag~#{jIB^malVDLvZH4xYr+}8qzG} z3n%x1z7mCNVolXIJ-;tdp$h!(y(Ioh$cu4q?N zUi1SiGL}`s5#z`e)x)2lYYCYyMUS`KsSh3>|D0!6$&xUt^kuRBXPGjphY@Ti_(X5& zVZcjc9`6TpV8a}g@~S21DU`(?{cOgP;Nzko<}#&F848u-XDB}4_o`4nPgtHUg-X$@ zUN|AC!j6{!i=_qeoSUUkSt0s(5&R#Kb->J9C4VAWrBvC#p>mV}gC3WoAz8SebJKpf zpzeLjA#ED60VCPrN$s7Lx4))zDX{O}=e_)m9n%`hZ7?sTv-(gEW->fqk(zk`WiUp0 z4$kUD46)W?QzpSJX_RQXQv6GiZYMC|B(k6mdpUv4ZRA1|urdS$Bl6}~w{I30@n$27 zG(4U7@#Q`8<9(g^QMN}C^u6TAAvu5__!OEHkRQRB%FtBTaQrgT8^=32Qzo)!=9C9@ z1TR%I)iJv$4xEoibpXJx{E#L`^KVaI>REU&iG+LQDy+bMvov>K^KAFr-R~8}-3KY| zUbD|0xcgsiN$!>sIYpKu2Ka%7A-JFjPE5}B( z0#=8}cm~LdHc$dI!%OQ%0k;ahv;tnKf8ED;Ax>c3^Gb-iV-$!|Uy9NP=@6wQ z7)5(yl%zb#_{356qQ*C0sIjCa=&H^pBjl4HVKyT{&Fl$&hzlc>!4Hw37M&Av@6>XV zuRIbEQ;Z1w8HD^_A|K)#aZ<{?fDJESxK~(o#K7@XBUMQcW=NxE^M*frY|f>8;PC(& zjR%i^LGk!V#pBJE*74f?>dfQ2o=@`lzXfXYIQFIDsJy;lO zK0>JMf_U&b$u8wZyHku7FJuD!B7fhf^6A5Xza=;b=5~Uw^g`#r*zU zUHqGi7}TxXT+52#a@Wx1hEhfQQY|D34yyCmhLHq6iY9VLMbf$$zs+aEM3(d zORrG*Wa&|Umj1k_kEIt&y|eOK_Af%WCmXhl@R~&d_dK1@*P!cg@xABF*oz zQz)s-*Ld&4DO|nSyf@|~At7bD0ZwqnzJ{xRWr`)91TV|_+Qd&aSD(ZRaerc+CQi=d z-4o})RzXoY$}^X~@s(4Yw@J-k^;iC93#*AO zP+o|mpHM|qGg=k>gF3~pie`zDQTjz;Ne2LwbZG0@Dm82CDbPY|hlr9jItK

5RgL zCY{kj_g)+rPIVNfk*%OS!ZOj$z_^ssEk*bjOVwn@0!)okbICJSZhq2{wk^JzcUX1XhFe2_3IN7HqHIy*xw}qZmwNPLryM7C4-No&re~w7{;w zDeE%l=qVI)+^(8Jp>sZ$h3b~I;Ni`7sR}6>;irio?R4I6lo()Q<`KTk#6>B>k>$@i zI7L1_6+cH~8_*M*Y9OYx*^}NlZKwq z=_8f!Y-5%asQN@0SAZ_;zTOmKI{O+bte#GDWlswh#d_>i_xSdeY}+zB>I5ge8gkRq@gRkAU)LiGkS zu#$kJo2djF=j9-b7)_6dvxE%j*rN*{0)Jz6>5E3-19Fqi9P!v--zj%a&KciKL>a7Y z9q_Qn@|;S5pP4O~3#+p@gD?J>d|!>jUS)~{nx7Tm_Jnxw56IG!cyQiiGEr_!ICC`d z93j`qT5Atlv`26X6~BD-q-wclu0EiGOO>;8}*%{4gVRE>wVg~rUh9@_8Bj<5GfPq{h1?V9foB>Jl&x!azlTt^!KN~1>wby+K{5}NE?~Gsg5BmO)fy#dnBL)9K=N}Mp%ud-cH+}Q~_Q*VG=M?Xmw4CQovosnUH3tvU}fo9yv zS^BwF!S_Aj;~5$1r>fvl3xs2SLUh#%Si&@=idhatuGYdha8Y>(;3e%IiFDf(!-~WJ znn$gJA&<1#H)w~a0(-oLX-o@Lf9HCc%|%KNze7EY8=KESN1@t95C8Wwt%ujQbnZr~ zGM@UF@}OGT1;AG+%&$2Bx8u#gc|{OE(i&X8Qec*TsF65!TeRRyoSYr|p#C2gZgs&L z$DRFW>?2=c!}ZA5Zu>gi`dKCxGiO%mw@>Sl=xTfLM#j~iV%vj1lv`nVBg}_(`aAZ> z)wg2m3APD7p-?c}-8zWNvIH8E4J&`aixr7-!QdCzYc9x=J`hv+kEpJzYXQJ(FQJ{Z z#2qja_#xXj+`P{rMlYwh5+YDZeFb^a>&fz!Jgp?Okf&BYAy4vz04ZKX7R6jI_98j? zV-w5bM>c=B`Um(Sc}ojKN-v#3v3&jz4+uXB+>WypyH*I|J+XrTR*^DT7S5$Dr4wN- zu1!jdiRvUZd#yAK@0vbPk#d5p23|seqd=}r$4T9EgpR{++_+{%qYyxpGLku_2_+&p ze7B*Tl6g8Ey*WCLJWs`uu_`SWd0cB9lIJXSUJ#^_2L@46TM0v*TDVo>oGy|&AMYrs zXL^!4<1sC%%Vzi_wUYgZ=AM<;!djf112$`6{q%Ppmutn=#bvrP)GQM z3cdm*w9KB$64Hp=SY{@XOvu_S^wT@KK!zIfF*T}O4y@$ar&HZ|;tna;+Mh5|&5nz5 za;N+9#Zf3yzRlf~?R{)#JW!+Ttcdr3b}imt&odqG;%43ZuqdcPcBNSwLTC5X1Kd0V zwxdo-9FAt$px6juXj2CT>&*w*sP4>T;FXv0OdMeLpdM2?PgSW(>Nu`ZU)|Lmhac_@q@p2>s-+EIMCFL9r#Sr*YV;- z-#~FAXx$>+={{a$6pv6@ydvO@WFwn{;f;rd#aLYOmF}K*s#@|@Nc@541=V_ou+0E- z!z8xKD>52pgJY~`55Br?Cl`Lz3IAxKGZKB0yjZBoG#o~9q2e|SW}w~JJ|Lo7ecOG? ztqzf@ih0;BazR?&`-3q_7{(Y-)7x|c|NPelk}hRV866z=w}X)l9tWdqrwj3LEQO28 zXWF510t;_bR}Z<5VQEx6aMd4R0`Nf=mIs|e6;~_8ag>@4gMoaT@QQyVrK^(orgM-+ zT)sZ&q^X0B-EYJhLl#T`zTRNIhNj)b8ohW>r`qCyf8Hr9^fx|IzBCaz?N)S#16P$) z4@?r}cW4C{ePq<`#Nx7_P|35vfu=xpP-S9ySrIbX=rT}cZYE}<->MGz#Tt|m4<)e8TKMQrdEcGMzC;x(oBs^o2A|J3f z)6R#j0slT?Tz-e*Lr`ly@iraX|L@bX>UGqI<Y%)~liQ@oH$3<3bbhIDhGU+#m-elT)^V^`3*(&T64v$S>` zL5*k^ayHH{H_Lf(0?D$_QunEk!8T9$YxnDO@sDopmY(I< zJ_bE2hq*(r%B*MmU0t^W$~JnSl;76FYT(?PdS7*g)xZT5@Tf9scR(Yr!Vf}NVL+`U zU1ZD4CGKzkq%ws#_wz8KvspH5%Gy$vuS$iQkd?x9*D1MiKhQPjQ{I6XQGQzS`50r* z)qS+qR3}UJ(9)i(!#yZm7Mp(cnCdIJEVd|PG%&%%L^v8}G+6;9+W$_FyXo;L_mMxQ z^f=K=xCdyJ*=D!*M__}i3>&1--)iJN^56krXEMwYc%X1-EBkJ@???9nVa5qyVJ>Or zzJ4TdTR{tRCoO-R3py zYixls#EyEhx5^@7zhZ1Dr{;05>lW-^0mEq3aCg#E_*5XMt)ij-#cLp~%jT1j5*z#E0N1TKf6; z!9XrZg@s$F5bDE>xM)PLnTvJN&>#Q{jO97F7;IL^Qm^*kK?dJ?egZ1tr{*GaI4{Ih zHfsg1Rpo`;59e_Ay|`{-!1Og&{>stu#Gzmdo|$k);RY+ZnNR{Af{ZCMphT~KB36FS zmq2JMpS*7HOc4XwMw_VDT?2a&IEHfkG6lXw8b7H@tn6AUY zY_Ur-vJx+f7|K{5I-lDo!DxVkI@tYm4jov$r`S};fzWcrhdIQD`z~wXDxJTWJk}pP zrYE-fHPNi^u|};SxBORr9%E%N8HAmkz=yQ}mVKy6l!yuXexwY;MgbC`Bo5WOs$&f$ zIiEMLJStMF`Y#w^C&F@MsSMU+4RSp2_U#V=`N0+PC<#%4bgU&jfZe$IIwoF@URoO_ zN-y2UJ500*U94o?dBXfUoo{nFn0f!($X6AxRAINIs3Q=|$8FYLf2?ky>eRgf*vol=jV z2;(OKyv3{pbg(`NWzb3%5WJ+XR5e0Du*S>W!6`LL8Pr&2ceJKd8fT@{LS#o#*Z5J+ zAEG+hoOkd_r{+umTKgJc-KRhy{*k2@t0XF)3|X${Q70)h^bP3YXlz+|p->3B#=x2f zv5t7)>c7HecXBSrLn-ADbwWN-UqEYINNXIXZnLRal(EtF0z%fpT3~$U%Tvt*(UcOh zy@RT#JE+zy6R2Lr7F)j4Cn2+PAR)@| zXk#_s>{m4IE!N*|3QgBnrFj`aa-w2w~US8|4TCk*8-6}t7q0d$K(GH3csXjob>4qnoI@FcWwWlK?BH?fuuJ8xo`2~2-hSMN7n-! z$o+Q>b3SAyGBC#XlUdW=zzlhoto@1)3L z^=MlIui%B0(^u-mb~KyOoLfogIG%x zI8sBFJZON~(jZtq*cuTdWvbKR}=>s1A*yJC$3HLlqLspThe`9L&0-!dhYmu2U19_)pT!zVuwa)bCqN8lwcETivoSUSWu093e!e zz&I@|54O#6YZ?iW%5A@sDW!{C`bC} zc>@`Ritwui?@InX)JTk2tAzsh;m;I;MAXAXP$?M+f+(RRjI;qAdrSHW9pnj5TAnZg ze0HJNPBkIb@Sa-cAbT`)SKBwIkO_22s=9P{#R4C}0EOOG4}C!si9t(rA394Qmy6Ex zkLfKcDQV)Ee|(O3@xWoXNIb%lM@||a=s+t9umh}&)M75Ntoq0symaz`J=+9bLw12D$;!1`gbS|KE`dS4C`V_zhS2{I@|QQ#lb6bF-T zHfeB@5{o&z5euch$~9zJ?vgsyu?oJ?#)al&KB`U}j#Gt(t{eJZVj)hy_qzPO2Gj z8ORftz~`}|AEKDm@Vc){25hV0apno=m@i+-vn6S48&2Ve(l^e)9nW881}=mjJ_}oY zAW=fg$|(`KUv6jOZdL>;SF%mAIb#s+bgkNSXUW5)FSxmiE;syIv6gagFxU)QNJm#t zQr5AoELSo8_VPn#eG0qS}&`*{eFfhi5^b1Se)aBA?~^VaGT=rNB8k*S|>jl9*w%1H<7o_l|!n zzmB;xSo=mUOn{en2alMe5Q;V=bTyeAe3Qd9!&YL+?3N|$FvOWvBR|c(NP7p_WV#9pm6+c$N*3gf&Wkf(_yNjY zmCv#bL`=B7YK&RK_mD@i+!5*pSt&Q5KomAM0GCi;b3DiL zP7x2;&9IzPL_LZ&%9(u{x(L$ArkmZ9E~IdbrCooap99?)c>h#bc;~T(X+t;-gl1iY>oXi#}Cpeb1hCn9U#CkKuE{ylNmrnm&kXmLt#hK8?n(&0s z&Hj(7R>K2wWz!jKkS%yy`!7AHf}rJNPU5=90v(kkKD@B1A1YZ*kx99 zgv!DaaVFw9_m3g=&^09-%5_~H?vtL_SCwpk3pL?PEN9GuhbN@9KjuETS;Y4D>T!>H zG^@wGFGGlnp^zxVN%@uaFfWqY^_w9elYuOU{{T_>h-Rv7Lcd`?C4dpf4xXGg8E>#% zC>oI*lCFMRPpe@maez-t<5_jvCtowQ3Id8(*0bTvtH)e*z18psT>#rzTC1nKdGFGE zXXarUhK&5nNkIfxD^Lres9%=5)SbQ2EA$>K=eJeR5n-?x1v1trPX(kvP|Uz~`kdTT z4k_wfEmm`gEaUtBn4aStUl!;1AO7(ecFHBe!c-_{c;IRF0K!&PTOUvDKs9VVS z#a->Mr+kAsOoN2o^}>DnKSJ{7Uj%iJ0zWDh-HE=kkG;F|7Uq&1F|wE$i)-IS=?d+; zh{AwM$)(#NP9r=Ph}R2wt@1s57wVIp9hfL)5ua-pHUdc^qv)lPKln_%+O;3S^2gekhP-Iw?6+D0APr zUok6mW`q_(&-+k-sV=w3Q|}r9A-sL&?pZGY**yNGdwaN2*~3E^1*+Su8egCwLU2hS z15mB3UKX591XmHvHGD%&b+o()T>guP@IF{BkDL-dFl){XBVH2U@{y1oXtSDIVJPP@a%o#r; zqZ3|5Eol`ba~FRKTjT`lR=40ggEljq()(@TWs2cv-AK!jl4+<W7? zhUVl@(^WQz9~%Td4*4#>-Ej5ltt!yqNGnGTnu~Y;~s#q((RbKoKL#zSM8)Z8g-u z4f3!?w)$4FRc_gXWUF5C$k~q%7(=Kp8DLZ0iMPA}rE%*`)1`T*;S#}g-hOy0E)m2v zh|}}N@a+8_IFmnbG!;{YbQy_CCU61b@u)Ns&l!S83GVu`ob%YULq814M&E--o{3@` z3pMX)s0uf=6z83aL^Ts*keJ5AXe4fuZ{;*$3P`ja&5*~M<;l3S6L@4A5otRp(XeTwsKI3n0-7j}4FXm$Xh6k?Tim0=V1xuwQG!W; zo~9U7Tt-pi!Y4CssED{HfGj#{02jaw#iiQD5m&a+{O^12y;aqnPGtP%`}=v4uC9CQ zF6X>wx#uqB95!45MKnqo7+p0NOKX8gvxHoK{g&%FE*T{`X*kRbd0(Uc+YmqrntS* zNCIxdWGA|q^YpVC{(Z`QU93mB9{k@Lp9KFa2dBdSab)-p;eSE{yZ@iU|DB37@PB`h zf&a6)8#6~F)F*ZH7TuD_s z;2Zfm>0kU3dna~|V{~VDluihY8+`| zChO+AiaMR<+V+fQ-MA~#u#R(uvEY8!Cb90xnpD<(U-2KaZptgahjm@ANyEB>q&?JJ zJI8s+!a67GSy)lVbz1tP8z>_+Tc9n*62$xm?Q$}D4Aepd%!OqxO5_42ZxUe8HDpg` z0ibEVWf%88nIca6g@J;2{Um+Iuhg&%hY;X_=@OoC^9rX>Q8pK1IM-ZR84Z=gQuQ; zsU9_$RashP!ka0BZ(Xhzbm<6xmUH%>RVzvp&r473;Ehr#8CYo2;x{np08LiS8lcH$ z;F}*_&sLWZCR4={(lCAvyd`JiCh=86&w%kA{qB=*JOYAlSN_xEv|m%Vuyn4EuI4xV zC;5gH-Ob;$R5p+23DvC=>!zk1-6&7p-^B0)o_KV0#`7o-B^j$>+@PH7OUPFm;+()K z~ADG@0DH@GrLh>E;`p#qGX(Za-l(|;ifKMV^fSpu5)Q9O>Zus zv;aRAb(*x45S2|2cHr74HAJ0@eGr{Qi1IzvvEb~nN(H^iF51EC_E#`9v(8`@L7~LO z@J%Gf4jl0?qc)Hkk}-@{h^4I8+4E>Nr8&rw?@XGf0x}UcRfcX5gTcA6KnM-MlxH?Z zX~$!lQ)1N%Q3gMt%);mEQHdD^=y?w~oYhR8x_kz{AP1ZhBg{u#&0b>bBv0Xku-n1^ zk#{pP?Kq^x57Fpn4MhABeDlNW2D!p@YVn$`@yCGr=S3iPD3g_0wT~BHJd^imz!Wy) zXK2$!`X%109K<8FJ%BU*hzNxp_-KI!cl8Yc@an>Z1Fi_`8?^9&D73)ABtcf_ap?nFGCEMSxM)wTu=PASkG9GZpnB@ z?Uf2#c@B+mBn;>DGF}4fYFwX9jFgb=A|B;%Yfe0tr&qzNA9axrm1WFR!U^SAaK}{& zmI6N9hB3)v|D{$@pYJ1wR-Yr8BAwJ4l(6H6Ty?SJ=e8ZZ`?-2FK`qlJzE&|i)Sh1K zCmO{!NOHDcsajf=xL--Vw28R-*rdp;h}RS?>&~pZ=x$Ju>HN-RJ$B&w%TGo1FdZcq z8VY#5WB<#=a$uX0>6xBo7m3o{5|Pv0GS>|#pC5Leed5R8FBwGA44QJ;h3>iwrHOke zwbguv;)ClMaxFfqrwU*%J=!3y;7!zror_@l*j>oKnNVabGs4Ljs4=4x%siIaVQV(m z>d8fy6VANH0L!Z(8t!o2hfjM*?|Nl#WEehm%O+{=W6Dc|y;;xSvA_{W%*R)7*Kq_U z^+I619IC{AQDw6Wj_#@SXRH1ZcA7!i zLDonc?4!;*J$k;Ab$awNCwoY&=ebub$T;2Z?F_~2>0YNtJ2`P#mjk!E%xp<2j`miA zMdu~$9!ck=-=!pBnd&FBYc=YOH$%G;AKUSRk|{$igiK_%2xxZ04Ydr6eMtB0xpCiuz|UPoCA*5I`R)= zjD|qAt?U>eL}w9dV(n#0O^Q~5NGsZjrj+VMQ$CJNT2so_g6+~^@`>1jj_|oIW zdLm3cZWQO)w;9EW4nrzA^FtNdz;>Y_cgwddBVz;vJKZnPN_AJMAsL>GkW{1@v=2|S zy8lv9t!H~GP^(tbf}kNC&=0vL9n3Wezz_3~2y)$m5Jr)t>e%PR0aK}J0h2>wF^+BL zd|glfkFKkobH&AA7h@4zd9hUp+C%R^0THM@?3``~4OJVJKW3QH2zuS>O1z=5vuLIV znP3N=xELYU4_tzV-p7K`O9Ugb@T{1R0!*8vZqg2|_S*XKJg==U zl(}ui4noP#a6I*;+t#;!E>dm%hAZY6&U~L2XtdHw0sBiG$sFQuqlmQ~YYB5NFp1@Q`!}|RKrKJKlXrlasO(ALryvJ~UpM}ueJW6I38`n=6B`Lb=i`$s5fzDUVm3kr#q-1K zeBX6}?>geUw#+s3b_uSzmeHFtd|{2!@|JDZD?nV}e`i&r3Jxm>Oy{1jzD5+wtdmht zl=g^OVm9PLi_kY-I6LDl^Gi1+KdNFU#GHB0tVnsr8Tv020?ucNlpaT#*I>nb-33Bt zMF`3*1&UTIOTHJW(~rC!j(;PgEEg`KWGjt5*-_Qjsj8dMcD(N=aA6i^1LmPxKfh1*w$opKO z2c2wW1p;IOTz3u0(jv4ho7n&lW)Cf1q;_@T&0T+FaEohO7WEdb17RTJNF8b%S!5{R zbJMF^J7;}Ab`~#P+RTAAHcZDxqO(QWk=mcDLRNGIkA_=?#aMWO<=sN>c5`Pqh$-EoXp<%5=qN47b1I@=gdVm4?*3U*RkXE%#BX->G)MLT7~!u9%DK8 z9*$npG&md1`bq+txtM!B5DxAJ_AeIPC|_>x)cJY9pI{wJO(C5iouXPiBc=3j22lC2 z^cz!3Kd}fYvEV@Ya!ZT9D$Md1d7JofUW30r%rrR9E3yj50Qeso!H4jE5|$pNuJZX2 z{Gqfrbe2=IRH4S-YQZ$3KXLX1u>x6$<~jm zRMncvcFbv^I{@#{{qXpiA3SY5#}i+L2q#OLd^ zY|8wwCTKJfdJY|8z(f2*WI-X_nUjS3~H3`BjcKVg%q;Qx{@QIJ*c7gj`p(xs9HGYO&{%|mhqMbU&f+wB3 zAY+7mR%bXLpo>0zW_{&qksW5rt_HiIVgYwpolyfUnW3qW%NTW!-m7##@90E z#@A(pQhOhm9>Rm(&{(cK{>%E1H%aW2{U>HDuV8n#P>*gojv0ZZ16quJ=hk8y!Y-zr z)Z7dMHtjWD+kqbU>Y(E7BV4DFAs#oVcw(uz*f+qV>X@P9-X`9_(06yF>k&yIVLw~y zS0j>oT=Rox7tOB+&b1~5K!nMN3}7aEd6_%rP!E%?XN^|PDM>6AalyO5ni(Er#|lhZ z{8~|aTGK+$6HNS2=d%WW7%|bcfEeXUExDmt+`@n#M50tzGdq3&9A2~}%payx1XqHaW3-!T9}M#;5T67CxNj{JQ5>+LS~pH)34>|XPrZW;ja0|_IbYs`MqUhJ zC+j0UKOnGbeSScdsT7hzr?gpf&CuTH0iiv4#|{bYm*^j8zwv!I!-F5IbV>n#H0d7^ zXNK;u#STLwalM4NFo?{Qa}99?g%xZ!Gk|7|#T*?t!WcjbOFjgn82Obmm>jZpR{ags z*{oQY!as3uYqpe9MPY87{}kI4|AcE&L z*6*b3JO)28VZOX{nX^AzJTjS|qF????L7=T71=AWEE#gYv%Oc`{eRou(U=MNZ?<>w zUH`Z3-J|<|x4nC$X|Fw`x1;=xy*MnHx<$$EV|u7>z5}<&D-wWbj$HQvWF4niwGKL! z!5%2Yy1$Dv1ejwoDvPj&eXipMC_Lkou29QR$B7p%vXI%^Sv#ELEK$bdM8TO&^wgq) z~%`5HAiF;c0Q3_#w_btj%KyvcPmEw>+?g1#<2}PpRB} zhV6=sQvC=s7dpdn5nuc}bE24?Arw8m7bb#3Tag3Ds7FBw*67@#pBD2QhWV{MSwEJ~ zHcYbg`Ee*hkGT+^8_akN+8oRI;ZVBJEU54YH9p|MC$(Racz7I&x#3r9+j^^U`^i?# zCTZd%tKBL#HDc8?{>rA6VZ_*tV^&cQ_9KY=qztA zhF1n44VtUxxXRN z_?5$WtPPpS6kLE11l*L5Rg=Ld3Jw4lW&&74Zh;Z7UM#j|dHynI6xxxfzRdEC5A^!~ z`;@#ogi7==@#Z-`*o5D*nRYTubY13?u^gGsc&PKK+i6F|^f8vg!*RLxj5oJSS!}Eh zjIh1@AqEjY(BxVjir4;=7gj+^SOy7V5ZsNc=wkr^8Bxq~mRUx<|0fc5x_pD9q5 z-k^kdfz|=#7XAyNGsBZA6~oB$`*7o&LNrxgrZC$^yT5KT_q*v z0@OV|*X=s9WxFz3X;=CGs$Jr_B{eEf8io6b2iYYmJAOF!q_7k7H7lEZkT1rvVHtng z#&c50Rw&oVme8g_wt+c>(t~-JKMc(C_`|?F-#M#;?>ylMAq3W7d>rqBSt#euze0x$ zN;5yt)%?lhJLfNNGEic;A&oPOhzOP=*QhuOS_V9X7I(&>;LqPQiSv8+VLKG-qCCJ2>pP z91n_M{e}mO(=ZmYKDTvFr&-_xdThqsm$~{>{9y^=)NBFz$3obk)5|FglR}HLIG!GZ znw_t)u95svWYPRlv>|_DZyWwF_AUOk>OZ;TaRRjPI3YYz@YKGf-&l%P%}uigA6(aou`tr+G0>g z#hZ?rH}z7xUfG1!2rm%6Q?1gQ7`#?Rl~h*CQ(7v;lQB|hNDl0qDMXAJoxI74I?^=A zUh*DN)Ti2E5NoJo4wlq|Ot&4569Yyzt7Qu*_;?ivfV{TEM+SnqS9!2dJyF!tJyDH- z`CzUEx{tZec^8p0GW0Db=4I=Zj+a2_6sgSGDZ@bL^3}gII}QK*MeIfv>aI=ZsnK(~ zZbLW$nrf8*%?L9c54er0RfzjL0f-}8mCslb=&DH?pAgQI8wlH?MA z;VUpw&FhunG+dfii-N_Kgc8HioLfGCRf0)M8ayT`xglZgz#V4{MII0zG|u9`Y-iL- zZm?Y&2M|0=#*`DQd2CdLinp_*M0alEB2?k5U^cuI$1iMUMsV;~HU`U;cZKW#x>Fq6 zqd0bY7T#rZe^Wi)WrLZ++0sVCEu~Sp(x{&0*@5>?<@O4AkB=X({5QEDv%vb2e6k;H zJ`N3cWo7*vUlh?tM?Vr)3Wg$#`nJ1Ie73D(NiF78moU29;HDr&?JPNVx3<#Sf%P0 zA(7fdIRWncIFP(FOsZ99`{1{dC^T7cVyrao%WsLB;->xqQUloh0ZmblZ+>{az+A&i z79Vfwaza`t$|u#+sGF5LKxe!lDiw!I})v z0RuZ;I93IbO)$qGNb#FwC90Cq_%LwWdE_aMl#3}3cHo{>3>>f|J22}~>>S5+wzE8o zvt5o|3$?M{_l8(c|Jp-(>-~GL5!}DAe~)#cd#l(`sSH1w^bc4$6Y14s(@i=>se(|3 z^Xx^bE`zcqvi=6AJ4vDCu8OvUpAR33dz}D5_Ds5TaiLG(ML8IOuW$u^k`j2LQVF~$ zm1Kd3^ohWii@^Vcte(I>j=fAG@Ux^%p1`vl3cM1(z@asITIZ#HO5WstOM$=Ok0S8s z83aB8L1&D}6YvU##%eh49?LlvSt;PsGrxcjND}aS2PO+R`mUbQ9=eH18v*~5&aWD% zQuWJ?lLY*s6P18V^$=5sECl{UX1D4eAf1j?Ko~R7Y_r-wvhMq{zj&;Bz}0! zg81PzMTQ@);9yx)PArFl>Mz4t@`MlWk1q4zKCjHc{oR1T{r;(ddspR2Dnprs_XcGg zpHg^lkh&jJHUY+Q34gm7S9oudJcOVR;=;mBIwhAWLM(t(;k|u^^V<1s;C-2NR&=Ab zc6PA8)dKI=9_Pb*J*#UQ?+0?)n1m~`D{xvq4miMRn^C+N4{Q7}sZ1NEAm2d~yP9P} zOA4{oyz*?R1}kR)bp^znja|7c4hzuN;01C-1ZZL8Am`;(^@tbY-Sj62wczf%X~Y21fVZ! zj#|K}FJuFB5q8cX)-5IJNA+vcjgca}X%erJ$Mju0rz0MVj~AIrQQroKemvuvs+=F< zQZO=gc>{imaoWlRe3I~tXI$ApnSyCxTbYF9GMo<|CALM=;e4V-58KNwFxcMFUa-CN zW?=hhKembRBz&(|`0l6hO_jy?WIexuZ~4{`0d+;6OMgVgBB6m9scJnb(E7Ydrzm`9 zXET)-sUr?ez*pdE|UP6;%NR zI>G^hMN=d6HXuSr@75iym+wVt$Pja!39LTunB$-?tvf1v%zNBNW*&_+7&_X|CI~&S7c_LFeKVIsKLn` z8d}^?g#F2(nl(rmVUKKAZ1-&X_vnmMarjAxqQbSIzfMIR!)9b=jlf$bYCa7O3N7xm zcM--|v&Mmv#b|TMjAFd2#12k<)2A|+kj)S1qAm3K9uqTJ+)7{gT+Axz^Wj#2bWs%WHCG>l+Pt_YN3!60=Bs(XJI zs>>FDa3QDN^ND}5OLWaB9~fPkn&9j^Q`6N{BvXmvET^eySiBk#DvGX-BP53vF_~%w zWpe4x-Q}taVM0HTa+L&9fKrDkp<k9@;?ixAiB*e5ho-ZrK~pz4KjIO6+U!8A@sT=M8Y)W_PE0H8a= zpZUaU+;y_GW~bF>qh945c|eFrm|3vb2(L#u(6Vp9N#zLW6xB3zkeGo?7H-5Vh>Ef5 z&h@G;rdYs=vU|maD?-!nVr&I6R6-eoVpGHoEw)TxcWw%cglh(!80=VmoPaIhW!hbdQ6gcxN+3bGi=4}BvgaLN&)kD%OH+u|u{2O2tQc{+i0UK0j{17J#)g?92(NpTtiiXtWzy)T7-%U7#nhfvo%4%1Oqn*D2RpYxDCBf08NGOZH zi|U=J^`fh8P+yzX*I4!SuKF4`0eY;^7asBHGqJyap)yKY4@y6R#`j95VUY<$>W)SR z>JQd8*bOwJLWR%RQl;w6&;=~bbLmap<AeC)EHEb*j6rjsHa66%TlT099ha!;VzwmDfz+ zjZHVVf!>`*c`exx)h17TE!&Zd zv)kt;;jA*R6`XM%))_qxIOADEsrqm$A(Q4ERMdxWYB;(2@E#9e&W|`kQgIsa;r9Nj zE)*MxGMA|VE3jqD3$Rd~gGAg5Lo_me&@egYKp#x-riMtCf=P3pf{ARAu!Ga9T$n^! zD7kgWYn0q;t-<68l}TVy(;7^ol1X4P!oUP=rji>cNdl8xaxskC=wc%}bNfW#LtYIU zRro*}wb&bnslMeU-uLja*uD9nhmQx$O_m%{gIZB>)MB;Ci3fXH?Al6$k1~@-9q?%f zrrbkJkPCL;Plpi@GSO?80j)CtKys|HK*JA8>nI-LSW2A3#V;sHBMr$I1^kre#(M6DynJjxZEu2Wk&d`mZ`E6A(|FJEN}x z;-5;R|NhVL)aAL~#?#hsG@efFnjTNz9+HHosTa3_r)9|7I-cfB>Tcj^vdWkaPZvv4 zOFTud-CaCAi7k6n5J`Bt$Gw??r>Q0(9iA>rPW0jFyfTBQh{>~?c#7QN;b~y6w(zva zmH)r-H00Ue##4Pl<7wOe>G3qLR}!B3UepGjCLnL?csg5BcLPsHsf_9H)LD{R;;HbO z-Nn;I2c^N&aQ9{kp8A@Eba?8Loan>T-WM7?ZPji|WH<4&^)?SrKOWc?o)%x$3ZC{; z_AWwu2NT49;)>Eg6W`4<+M(K)J^zedgpp*xX;6^YuUO>szMIlSO!<370dSh zfnoxQoO6w33oFa^z9b29WMqzhh-GUYTaVfpnnmYeBuTCsz6o8MHRPjN%j>B+nV-Nr zkvY($S=-OOd1ta&+u1|sCjG4VSxIjEN6Cpfo>_b6JOi8OO`iBawOK1gzr}|tlMAn% zcHpJi>;gkLc3@QxVkW64FlhVIg{!*+fN6q3OYx8X3wZg<1!x;U))rol`%2@*-Zwp7 z2J}qA%gQlr;AJo5Z5=O(9s&dLgxbW*Qk5|sULKL8mUwyl>fOT2_HJqLve~_vf|u7# zLOQ%Wo}B2z%fsgyyhKf&-NDPuSsq^MyS0j!v&+)sMV2nqY_X_cBGfMtvL0?~mKDY6 z!l%ETG|I!!nA_8;x+;W1(#j}2aO?SC&2me|d*Uxc)EIWR1ABj=p>l~njuItvnC(Wk zI(Ao3F|h$rx8kIu87YyikGpwLX*D+Ryvo#eY+#OLN{$Vn%^dVyFG+$Hi4BBByMQeD zj152w2k$D!*l#<9St}M~p<;O(N2rp11&Jo5Sg3zraBuoz1M|&If}|vVL6TCLk(}s{ z4P0PAa+%2^u>q&*Lhv_?7NzKed2PgxF4N;BIR}O@mI^Qz>o?oW{n9XQU?7Cy$rQ0G zrTP3(d!_n;;5>L*+vNk<7<~`!F)C~$X?IwlnoC>MU^nkVbdhmhN%h4goE7D&s=PEFmii$Xo zkgf+kTK3@9G$k#9i2@vo#M6|?D-72d?C}WXJbxarJA{KXd{XfHDYK@DPsL#GV-aYq zoYD%Q@|Z}TLkAuxYlyS7Tb1s!FY zSP2RUThUDOehs{4$qr^nX$U2N&5D)IO(;#ao{|5k6*>>g%+r)M2&DmbO|lXlrA1$V z9_`JL^M9P@#()Ct!RFu7fBHPF_5ZD3TJ}HwyZc`)r6utxa@r?XZAEg4RS8)j7Nd2A9k}~eC1YwuZkC`!RE*dIgDG>w= zMA}*kvlC=Xxh&tryi)MGxRv%Iz&0hd(JE#t5h$)(@iYc{gDydD`g${FR*T-)fqpIe zK%j#XkYs24sq770R-&>5+cNFIQt?S!5yN9k(KWu6&U8(_Wv+0UcPsUGQvWAj0$Gjt z#ws2+9{b$ieg+ZANQ>Qs*oZCQ3ZjpO`n4caOWCC|Qb+mn&R@>KKHeFoMQBfMMsoX- zekZlheIGH*$XHYkJb^l_gX1Z#97fO+hOh+WccJ3;A-H@h`#?1g$YkTBzzpZ;I74*71+HO%49H|3+g!7} z1g=&~1uc3>l^GYaWh^i!5uL3=6mfN#Y^*xB*A6TY?~_9fbgkSdXjPGuI~vH)?;|F; zvO!Rz8l3SG(6F0Xh06egczH=s%A%PClOn6-IDZ@Bn7Z6pY>?1pOXJ zTwf2OXJY=2DWsZH@QG4k;FNF)iNX~$t(-Y+=S# zK6;=(`h2Rxxc;M+^Qkb0zm?6zT=RBmF5C>9Qm`kEGr)1VOXWy{x5QxsX7vsbb;C{gGPHo}%&lWxf`xtZ0HMJ$?9 z5!<2ISa)#W4>+gKV@_Aps&(a7Ecr|)>Z?35u7vAtW}^l!ZD37BHQVqXz00-nOES}Oxw_3%I2#vbDa)Yioit<03Nj)&=;X1&WryGo*nyDHDGA0-Jq%4 ztHxbCv8oSxGKf9de(_aRJy|0*jYm2CHcR&ayY)T zstQKLIv2e-?wZOguBjS#*@(h*l}qJ*ml3gcMbB4`zy9JYFTQHrh{DFoe7N}mepR$21VNsSb&l}kp7V~>PvE-{BmwA3%%z^|72r5wbA2#GO)vcLtD zDK*I-_y11XFPa3LlJV`@%JI}EP&U-pa9+>R>#*wEnP3O{k}pRIjOfGxX-O6a#W;#k z9>PJLD7$>NGw3foK*OjN-i*)(Wc4VU)z9mw3XI_OX}FOG+mOqa+JUN5{sgtcJb$X@ zVJ}tvakKv7dZlYng2+pjbCT{DKqqy+8THpW+j%+Zw{v<4$j8Z*^!iAjPbK5M|L}Y& z=XQN0kXFhdCFn^D72^;Br%hH7P%yleP$+ib$Fnt2Ps3Vek|c}dLo#+4Z13n2wHNO~ z0gnw1$5ewD$$FS`iq zgpsv^4^3jtc(M~1CQsAu;|e?!1MAKlevQR=>;Sr}Ele5SZ66C9E4>(#1?KgTci6+y z)U)9&I$+ki%*KoxF<6#Z=RABmIE77C9;Xz`lI&4v+Fw~=;Nkf$91|H$uV_3kx&4~_H^Gd7m?T~#Ko`O-zJOMhjV^y3OET@((ATJ}7bM*Us zaNBjx7-T?(Y~Idw4%b^#^GFHN<>-WXrHlu`3IpgU=3}eRI?Ar{4oOr>C{t)MhtD(ge zVQgxy3?R%m<#0KvcP+~k7VCxkGrR>sy4Ym0Q9OifTTfIY5U^OpL-%FnV7mVqFMuf- zi3go-*UPfLXHElZ_Gtn5B>aS?J)`(vM*c&MxZ}Yn0EB}*WGo6;u?Y|)Z21n=UC2kI z<2*w-#uKuEkiw0V`&oR7>#&%N+mLWso9O8PbhR3-Bn5ReheInX2Jty*-}CD;Ea74$ zz(US{Y;D7q6f9`&wa#j{LFoxVEthx;JNxD+PZZRk^+59qIP93YNGjmM%h&`o9lH^% zcH6DOt)c0!GDUV627dZ(K1TVgDvPj0t?+ww4TP@O=i@+0p<(DoRXzk~J2;}g8cs~Qz5(c}_&IxYu#u^hd%Saw}= z1*efkLoa9Gb;8|ui@@D{a5sgYm$c4LGNpoT$#U-6$7iNNBia_M@~CUar;#J#d~phM z0N8f0+kL}u6J0VMx$4gkzp4|u!41C*7qB$QwV3*zH!tMjLOpsr&+hoDITpAk6NZSe z5Mn{>CbCfxD+-wsBhE9-L_rRMXbxg-dn6Tpf8K^54$4|FD2x&r5%jNO@Gs@^VM`e? zJjYJof^A|#_r#0R9aS?^%1uhV3L?vXD)pXbNTX2ejJ81jsT8gh`bz*e&3f3V(h-{e z+X`FKAKb?fcWvdVUj4205clcS^TXj5l@f;(_5AkrUMNdY#;}$T3~V;%$%~N^t)c}7 zJk(HxES`tIN<5VuH7-y@7f~~G!4J?@+bgXk$rd(!)tzP_ZWI{d6b| zY$m^DNszcX#_CAR%w8y3LOFDR^+V9UyHg8VGrA01@*mFc*`?$Ro%G8YxJu_5eB&!$ zpem!=61m0LGGs+}6l0k;@2nK5;nr4|UO6CmlAM^_OT=7EY$cQ?8;ngxxidt|n_)Zz z9y?Ezoq{TKHe-<+vyytDnJb3`or|KGeT(b}-h4i$ zUA!wL6dFY+)qvEG3*T!q#cQ8RdamLNIHX_%oJY) zaB^FK&84u|sDl5p9c7u`j#Auf1*@qjZnpyd(1Zz~xz+epCam-cS+Snc=0~_o_XNDo z<`0mf6RhS&tFZC9VU$(MEk#Djtnt9d!aJB%m5_G*ThSK)d+2U0d2kX7J{yHlTwp#=s!5g zKQ5I>*B;uai;(59Ir(HjsgfChu$+oV2NVlYdt$nl7!ov#oyhJB$7daVNCsJM8W>vK zKRZ(WYyS9S@xSo8qp)A;-kKFnkl>$jd7(9R7dV|Uxk(1cyd>7c2v6o=-zQ)pvAtZ7 zQylX!FLWY(B{y?BUo4YNYOOt&vpx3BO_A#6y{^mSMp(3Do7L_I(~$S2A*{wNJ7bxB z^E^BdxGv;AV4r_r$HW^oD_%vfy!+@9??1zacS%=}ICyTszD6hUFEs5A)}MUFBM2P9 z%Q4#DJdR{8K)|Lw<0MwWMx4fn`{OULqS|^(RDLJGO)6wFyG+=GYuDl}^ff!$hvqaQ z+Q|KdBgxM^fHI#eQojaeOGsXvwddZK+7b^q{}?AgJY^6tcY3P2Otp_XUfBYJbqzO_ z@ib9j(TTE;rh$kJn;D3l4*dyC`eiWD*-#z$g)R_@VdsZGq(-^{Xc21zOey>*UAV%e z(y7VWoa-a#N!oa2Xj+i!Ejiu_DwfiFs$I^a(K2jJQx^s1BEpL$7}sVb_MTDP1F?rw zpv2aIODke2#(Nk!LL+dj1#zwUrDRN)o(zs*|nrPb#<1l78XUmllp^=h_vnQ#M> zXB21l_sC;yp}K{}!~ez|aGF5yKlhSseKO}hm- zitW?d)oco3qxqD^(HYn`o7ujo@VhC28JXP@PtXKH)gfZSovrBNDYwzuLiGutIB4Xs z0=sA7N;v!fM59Yb7C40Zg_$gtomPAn?JN(|O2^>jRI82fXQFG!hXXZ&@->EM9eELy_ZsJ=|X)nV$0XOXv zT0Af}Qt*D&x7Zb(_*%wcsrt2M3z~2g1`hZ`?+`n%Fl^G%t85mv8a$o64@}~O1E6&G zjugCCg`y1g>Un$zI*Tqp%x0)5<$c+Bo z5+C~71Yu2S59BpWa%bacVzkBcQffYJXSI9XYF@=dLFyWA-aoXsTlKDR)t@D3UHd^* z6Ivf#&m?SmEp5g-VJ6^J<(1jZ(DmV}gI}SX@B}k#eboVYFcB)*is^nK-(FRFO1{K< z_|eh)SdAaSNNCQA#H-c2kVR@t%&gvp9O}BddRH(sXPJypoR#H4j%(F~!u`J5TjT&LHGfEwp5l%`0lFD_U50!55PW8tGjSR#tm(V-FmfZpwQ^g?He zHb!No>=tM(t%c8zTUop%{p;vt`TM8Ozyyj=CSJRNy`FIr4I+Zw!|OxS-{CKm06NGl zIE2eBj|3^VV#hYW=Qb

a&VD^Q}Hu{pf`(aIOp=N8AG6xzrbGiO)%*7^v!?ktUH! zu-;thrKqWVF?2}WCQ2->V5+5FeRMHOBZiTHLiFMoT?o{5N{rI2z-f1-=v&nPTnI~`lj;-c6~6VdFv#9+1_8(J}TgK^tvHSUCQ zLX58xNNM-I6$QgMT9B{+V|PU@%b*pQMT^gDC1kWv2r!`nmnSuv!%jCW%_A`d&7oTH zn9vw77p(qPGZ#8tWWWy=rwJ}6pY$~z6;Hvzc;tgZObLsb#&dV#@}k6~2Cz^7KbcKf zs_+VVRnCT1km1TtW~r(JxImvY!=+=w@D?SdD}?qLeG@1 zZ>gsn`Zgr~<&{DMwXu9il z9cosFt-`k^3}&?Y*rB$C+dH~mmpQ1WAv~mDW##KofcY7&e&#QjVy&%{)0|P4vXvga z5Xsl?C-^Ia0Ij~CU}JO`U<;grRaqGrPKo!*3+Ks1n`3(wHQ<(ZEBZ-7%xMX^VR2+$ zO{PP&Kpid8GX@Na!vz4)^c`rJGEU3ZBkzcq1(iYP88FNy+;WRi%mO6wZ9;?8n-;?? zKcAG%W8vUCG~xm+c$4^i1qBzgI|HGJQ6a~{c)#q*&~zSEYUY{c#+w zPJOLtCv?OF8ANiaH|nqf1ku(DKb((FQA{waI*L+X%hO00NLq*j_~G>ubt%^k<{Fi( zVmcaxhU(MzVvngIw?1!Q)h-!C+;V>U02QKF+0MGJ-0&`sAVnMElUX&$$F{RXHi5;1 z%I3|DBG&pC2Q-Wg;D?QDQkQrlwGA|uSUfac<3i8PYdu!kJDWtyC3VA&{q@()B(cop zf+c(uZJR_6ffM41k{vKFrEwha+U#_{ScGX&KL`_F8}2u@xc2ZX@vH7CepNyJUQYdv ze}SU2>HTZO%DnVpZ>ilff*XjhjJg06tek*D2F3mzr}L}X^XOYvpAB@Z_;QEqh@85$ zHy>cx!{IM|7pi#(cW`D$`{wE$M^!Di>`vWydwLx+Mz>jg-eNdt+s9VpuP_pC72BQm z7y(N^jgt;=@$%s(orKAh=&y+xtYG@d@*H#zX=c%RFQfP7n>Rr4ixynm9-ft|JbkL9 zr$%u_0aOxJ7~<#z(M!}~rYE3jeqs(2EO81Y(Aem`^Fo~VGEsU^;2;IO!|xf}xH`1B zNA}cRB*#sNYm9GKv+Jm;&C*^2CH1Z2LD1Oc@BwfRHjo$*%1e6%mwSJkXa=8iDRyBt zMpOWxfUJrCAre(tdXV6i1qd>QAHs3Ax&$0eZO+yU1uAj%HC}yvpuR3sUw`fk7_IWb zCA&pn^b3=jxqDhU#*7gYNZGKM~ul>I*MitTE6%qqz5xa)?KJ z970*RE@W>&yE*Kb+FZ>m`&RtN001h!X;97fy{;QOmBYx$gbV)kbH{euYF0KCZW|w{ zX>OkQ>Jo@=GnP>uQ`v{p`jLrv2?{kwq_TsA8bC^@_)?*Wiuu;Ajy5DdmCWP!LS{UF za$-&G>cq=ZR^n-@?h+KiSO^Zt1u4~o7&#uL_$CULUd)-_fNzt@xAPU>KnC=Ud?PE5 zk`ZEbt1K9+-gz{ZJEWn^^PpHp{A0*9i53N=;%oTB-wa>-omY+lyLh&OEA<|~JbQJ8 zS|24t(Wq8Vw)qa+cc)MKgQ(xR`wQwpaYHHi(8_h&sW*VVYNR7TlZ7uRj=vsgR#^lt zQm@o`f%%|9nU4f=CU0&rsh9{SA69u!3exq zXBbx0v4tu)eW+B*taSOV)xYozOb^sVmV-Ci>g-Yvf@GnYlc?;GTI$YdaM?3%_@vNeuZj26LG-#;4j8MR_0h3>$fvSYr?t@{EsE7AlCwh&Z7KOzZn~wN}6N{I~nBy$o8{Ps8 z5|c5I51z4+?J`t+>MmUqxmAFbCgcE&5{qITiQCYX9`cB`B>(|*5jbWpa(Ut84mSm{ znW$&_hq|6v&g7Tbe@YdKL_cAwc@^PRuJZ@e1ip8=v-1d!Z>mB%9SAfhx+?CTRw7M9 z@z}rjC2K>L#K&x~75@b4ZML%+UUI6bp6$Gu_U?0O?m7>iE86r(^)*L*9eor8a#CyS zt0vwI-HEQaV=FuG&o3WAe?c!hFtUe{rUO1v@U|2vXam?4HXm>m!PE;(a-A0eWF|nU zg#S8J57G%$^vY-*s-JZvn#XktY4nBo2LTFCavMoAg1lA%I*a;1o$vFcAl!F80GbIA zb=E&%yazN13X!@V>v%D*D`#Aw3o^QQ2S(^onD_FCpM`q6(}WKcNWfOg^-Bls}#A!R4=?rh`i_!lnP=fD1LNt6Bc<@Ung0@5jqak7~T^_kJo~_7c3j_-PVe z%Ez{$U;c``zloQtRi?J_GE_39#mfz3Ict1?FZtyhM@{ zeRvu5C!=0^m^=nAC!Xoy<;qW5#Y^U)yM>q2m3}Fw%`D@175@UIN1+NRTTGy=3f1)z ze^0rbp}HNSV`LKwjDk3?v&2r>10EQF$FP2|?hfR^xth!gJs6>$%%_reuE|jAbSi3* z0zC?)jRe?RCr3k0lsrtWj+aEZFt-!^dxV2mSkVdDIMlRo6zh3IAGiq*r5|2U?^^|! zvMKE^HYf{3|7Ne#fR&}8x@+VfW`Va~ z5UQI>NZWx3c?Oa@SAI%=Fejr$J4`S@oI^F{7rgpn(%@k}SsZ4|z-*bR;)sC3wvMWz z_dn7VT__b16m)X7Qn0fqpL14LLl(|ghUOz z;}p~gJPiY&4K7J=Pq<1PhSduJYb8iYROscg+J6$)H_Q3QM%9Y)#Pb@D*-|N;omnO= zegjKZ@|)QkgT}0O&YF4ul3Oxhkdb5U2U4Nd0c9ZZq4$&3BKDMjM)vK1Rj3K@NmD8T zlutVS1D62HZ*U0^Q3SXeiGBi39SdZKrBy*IMwIT45jr#3fg=hu zbsFDJrH+EfRU2LETrtq4j@C=XNc2-j>7``qIQhFn9j&fn>r>(J-HFCnU1QP|b?R2f zy9oeuuGr(WjQBphMvOz^B)>^4XYhg0BQIkLDaqqW(I;bQWRl}$aP1?)13R!!9#0$w z(CF^>z)h#;I|{Z2qZsIH!+kQIyIZK}LGlBFW~6A3P;r-~OaN~4Se&!xT3;z@O*X?7 zwNjE9&ad6z%Or+!+I%Smb~BP?MNPgVHtKu~FknuT!Bh638kuK1b4RNUGbW%`x!F1i zi?=dv4j_c48XlSLOiaqf`%L``A4n3XT-HkhCkx)&p=cobJda8gguu~q z-%x9VHvqGGUX`VvZ!*t^7SHXy2|s2auIt>eFP;%riB{%Vb|{On1JzCX-KN+5(?}As zh@iM_L--~%XXy+KIk1K~o%31*b^VaruB@Tx62b5_5-FIrL(%lYs< z${VylS}%uNAomh!XNkop9bO}`wo2S8{SF15Rq=`BQr%o2*V0XW-n5uK#%S2mtvWeO z-2rmV)bF!_pXEHt7Nh$S8Uxsw)s<(Nz#`R68Pg!jK=GO?9G(I>&1qK*#l|-)dM&`^azol_)t{Yk`J)Oh7WrBjWlIE?SIb%ge13v1@XVqzHl-JtX2?( zmUJFnt7N0Zh(vrS^7UOC|2LNrpjFBXGrOvC&b(7ubSyikG3)ZR=56swDpu9_>Xn_L+{FR{v^fnBo%;9PzFcH$p$_YJ2zhfTZ~F89nwRe z)1vL6C|*pkaOZ?po6uSEtT>5twdRur33IhJ=TbjB1EG^?HCc+oIU2Mfk5JEdzPd~u z(**Yz(^pjQ7N5YF8@0SDicrPO~lQ#+^kCTRr^`k@r0mHIwxAZp!5O_B11r@36ng)W2MTHYF1juuSCZKPy7 zr>{~d6h96wTtgLtH(FRLxM*06nO?1e_m3T^hc;g>H4Yi%@NSlk!7sEM2EVa4Wpq=C zVeG!y?&xNc8vBhyq8{D!V}GmpD968caKGO5xHP9yC`oETcTs94@BscgkH4X~&o;Q@ z-+Mx4fHTXNtY1sqHfNp5onfO6*y(!Ep1zm({#8`gDeqe%jf`0LM9`EJbioj+>%m6= zO6e=lm;y}jfRD*DgbHmk`DH3y+K{&djyb=~QdZopnbcHTSiI1VYB`ez47JO1Qppgy z&y052fm`}$W_E3KnMsEdoK)k~#y5nMmxDRy_i;Ii=NZO$7>SybN3cgFnvKN=*9#j3 z6aYs(tHp@gEbvfMKgdn)eY;xKT$XrEbdeqWA;Ah+AHTN!{m~;vKuXd zs!YdAyvpP;!Ue-d8Y8n1Tqd6ZB7%6hn?&frsub%tLS0&xe(J1l4>{!m*uYu5OtM;{``=It-uaJV@#WUGr znKUIiPF$`?1v#E2;ErRq0s0xKEXJ8;rCMFI90^wBFnF#iOms9+`3e`}JX#5O(z3Pff<;<>nT?%4}U%&!+JdW57GkOInMEX>p(yaCnOv z0>bvdf@oa@Tw0js;vsAjYo}eZ1Dkqj!MN^upI}62p*y1NSn#0bA{Zk8_fx$Sk)fMt zq1z)-3&y^zyg&=aKf2XtB&uog*dN@b09>vex=7+90uBZK?4BQ7dIgGSTRf_E zb*Wm$9+lJQNJCOPtV!B?NqUn0bE!+xA4^?bqe=QC64R0NoUR~gO$tf()oztX(ubr# z3enFEs`d!>k9OP>1p2}d=)XgsVM~7}eg1rqrcdT`>FM)Wqf4K6&Pk=uUy+!OKF8;# zq0jf)W%1}!BL$K^@40CYI9~_appQOpLi8VO33*P4)9$#ig2&xCEazd)26-b?MpeEUxXVa7H`UaO|4~$MF+4)FJN3zTV(va-c zR}5^7l$J<=B-ul5+5_G|@MJ_hoxf*-fUTT2@gLAnZB%vX_d{(8{YG)l?sw2{XAe!k zTNkCLU*W4R{VtZ3`C=%wNcKQtI{GcoNkhLWFQ?KkTM8uoE_KsV>33C!*6Am2=4oLs z(&7&zLs61g|EiVb!kQEkhOpl0_mJ?p?wW+BKa-w>Kfmmf@W8WDA-DmF=}0)WOBxam z)IORgwQruu0!hNKo0dw#!`g#{jnr`|`fZr9w@~D5ls*EvG zX^hvuplY%b?}{3;gI7txr148`+TUDC#S=8NOEW;@`-~kiBPR6V#T{pZK^&uih`AW# z_|LaZ;YYpVM+Ny&PJY0U(pTkR>LRAOr=sO5PoMEPFhAS5{Vg@B!F~D&=v$Zx(8p?I z0N)3bX0Hfi2O|@_+D)%;tfE|DsNqN+^P)J}L?|258FNMK&* zs%v)OqwiHWR?RG8}=x4VVgfpP7LAzeGhU93GIy*5D5_35hq2h#Xpe5f)^@pbYgX86t^+Ku-;y2sth#`(#PUM9hIB471 z8P5}vZkJtx=QQ5P0Y%T-X3R$_2y5qDW7p$SNGtF#p?Jny)gVCDq3OXHMq>F+Crx=l zWC@vr4)N$8j9x5|B2*_wg0p;g5Y=b zd(T;V3L1-T26YqIRdBSP-2_J$;F}*_FI1Q4r@QC`ck9hv5QDk-G;{iLaUN@m3899b z>wLx3ot2kX;Yfgy?W=cIU=u)e6;s*rcs-y(9G0;|km|sd;d+z_X|S~*WI69lS2_ns z;fzXBBTPVDPi=cm)e+ppgO#U%y_r>ROgGk<&8g@gs;#7YLt3cr23+a;$AxOo$FKO6 zOf-djWUdq#IUcrint!BFbKb@1F6Zi=YBN9>IGQ5kYU$+v$hcbZD$ZBMOEGq!`vqs9 z1Su^L+Q8`qBK)-}IA?xuXVxxAQX!snF`a_vPf7KbG6my9jVKGkAX$JBcK}r0C}&R+ zm3HuyzhNaC#L9W$QI6d!7sC*Mv{`U0<*-GlK%D3l=rM(?kZ~BT1A1wpN*U^u$b~C? zR}_g!&dPi?aP-MDXwJ>p=(Emm;BOGYz8k47g+55GW&Akw&7(3V zHy?V`-7gGjW;SUm`dJV^P-<+nqUMdpu<;s^M;(UF8}nudE`OS!Ozk;v$uODo?Ka@@ zYQK1<`j4_;GkHB3o1yXf1)<={XQ=jReIp9FJoYT*u!zPJ4A;tbU4SsmE<%U{_fOWK z`{@xM=01Le8ma<>)8U;3e0+>BCD0b2A-YzIJtC z-?Z}nM2(++rQ(NYU0Di0jHmM?!Yn8H&2Pi!rz#DfVp$GDcNbLl!RNb#d=~sY9elbFJ~=qmBHjBo|10{YR6E*j>6_&fG+?^VORsO1{XGdVXMfcO zVD3WR-vrEfm8osOjF3!e0duS*wFJzVZMy}S8tuU)>6>xxO&?&+H8;}%W?*un4>0|{ zG=Rx9d3Fad-Mf2$nes?Fz=*#2e9QkgeY2q#l@Q06t(&X5Yc+g6oSPm#wT~phXa6tS zfKMs%{w93-sZ4FdXCKLw7Ct}x4=ZU2pYA{H7JP|$GA6r@abl5ri0Hf4{Noh z5`FObakGKX29sxZ;PWA-)~M=fuB`d#;3N8G{@3aB&BU7!+sLPHlSkhM{{k~>8MZ)h zw!^(X#)f0TXXcZkRY$Sm7~p2Xghe~)on((3q!0toKmuSass=~rvLKzGhAcyOEG+jD zFFPT&>S{RWZulj2e0Okq|4Tv!&8gN?UOvmVZ|m+uFh*mHA91nqR6cDl z-z_j-_n<~$0=r}wN?_FB68EMpH&HADD;Z9aNnn*${4^QNnPK2j$%*QG2N~)8%k|u| zOrH2Mj`ZO1mT8y>N{1zV^X%@aCF0XT?_lQX{>w6#pyI27Y=n4bGO1 z-i2z{3p{|I=ejaQYd{}<ZSrKhzr_VehE{Qdjq8Z8DHDOo9T^U>8V)-)8NH|IcKy$sCbEF3ymhN8OHD|Gof3t#^W zV9F`~0_fs?0;s7JeC?s|1%=3f3Unx%PZh|J=4SHTkFSLWU)v5~3TKBPQ7ZH_Nz#0w zr$esR(7NFcpK9`jo(`^8(2^;9JNS<+F0>*o;+;Rw^HkGX5{U6m7h3BjRYB`^Azv%1 z=}DC_UEFDoBzfjF42{KL=S$xxAOYiT#ht#mPjxaW?$qSogn0$Jz&WLno-+xgUqs#w zw3@DxhbR~r<- zYTH@SPGV=vB;G)xl=Dj9RUwr*XXPiYHDGx+YRKg?2Z9@cg;#3G?RmQoauEO}i&J#5 z;FI?$$jPb)J2>bA7jmU7Vh}aRYqZ(B0y)1nyIfKgasyRHLhgK{&Cp*PR;FVbmreYAt3br`cXdfq%Smmj&G49RVlTkOwB(Sp5_{b#n z)jK&+&U}c99qhi5R1*Kk)!a(10JpN;lOGWP}v(CV@9I?8wf3tmv2@^3`)C$DhbZ?UX^zV;d!~obS@$r$!YY?OSCqH8PNos5U6YytFr|PIO z@^mWrPijU+Bj($CSVJ5B(?0Rt@}G|Xo9b=Y_)p~S!S2lz|7kCiK-~EKCz`!2ck7~5 zqR)S7`pDpBmC57tpMYQJ5?LwX2H0HfWd~mCq@Y8;>D<4i^PBdj&YJZxaI@O4vpoD@ zZdjl1yAHf;?R;O%fiEC#WmW8b%!v8idfYK{(xJMWfI&Sk9jdDkB{oM*XVWJiz#Hhu zB+U6eQa&I288G9|^|+-yOr^-s-CX7hJCAl|9gJ;(ntAl?3j~`lYi(A>Y~@VEsue_9 zXZRy5kK13CU814eZI%zZ6@;#G-Im_1pgWKS+re{x*3dOm@>Xsvct7$0 zP}!V!{E=kPod@nb`x>02a^*4C)6C_%Zfa5xPXE~|3)S32w!Oq47u}(*8=%tBqpE>S zhkl2ygW_0%^7uguM}A50>aC+t6{~nV_Ly23;T{026d<0b0vvaz>U#xV&7#AzsF^8e znH2SIHYU2}x4=z1L3ALCRErkWv$<~icDiXw4R-y>zu%i4r}y)_Aw&AolR^$6v> zhh-$P%!0UFC2a5c?_TvFs;uofADS8Dt!7)yl%+l3#xmllKi)SPOOK-)?o>D`RXFM_ zD;m&HKaNHtkHL{_p-zjVe3eUZ^cGv;!x5Us!DCQm0ggg-;>rOl&=b&t7(dCB4sDV) zBf{tpE?3RYC9L2v$gB5;19D66V4KDea>rZI!6|49Y~DV@{X-99&&m=oD&srcXDYs+3u!oIehvfFRF+s1KYGD!FV0plp7}g74l=kXDV= zx(DzS<+>N3BftpbA}!hKS1r zETSH09J1^)H{}*lYVl8mu~;Wj+upMAVp2R`fT)ulEI*OG!W8~RGfc0v!-0-vE5{>K zb?8`DP@t#eVKP*Q?BJnoHCUEhsJ7uzwr!Z(w&z{|y)x91kR|T}KW_j@K94^MKNF__ zJ18P`Y*-1;2PD?(@oIKvPT7w*umCnd#|$jkMa69NJlh$3w^?8b@TJYqBDgWcE5dpF zJv6Z#(q)>M)V|QPH<>*>zHi2m1&xGCz*sR>0T@gQ%OXu|#mOTxKu%dZ3rYzjL8)w- zSfH;GhWdNFs*X7d$btwZ0@#!Vom}zhD$=i&9wEHjpIIp0*2ArVHF8!r8g5|+S61`D<3e@sGdUKxcf!N? z3eJ_Uocs8N-lNZY?4FGi?^YHNpg02Il{y1ZBv-lLggOEzOJ8(ulDiRgXD25L@CKxkQdpCLdv^rG{F+JW* ziNQE@X&Q!-;QQ}wnj8x*x#gM+26|thNO4~|M>Wpyc5>9vneTwk_d`StveMF<(gJ!% zQpX>Fe-!9OYn1d89;GB?w$t%Rg&QFkx)0*=eQx=+AK)cz$Wg`)my_NV>~I0}WQ2!; zto?`viDC;eU^2+8SN8(H;x5C9bY8qk6_1j&|CrCrrc`;YfGO1(w+@}`p4xALNnu4rj@!{)h5)S+a!&bHdXK**enu30Kt8!7Geur^l29nHWgyT zm+Z87DVAP?3QFj4qw4DKtkW6D+EE0ATk4dfrj^inyD7aFaj80;VQWFBPYDK(KDK+_ zR3AhS+Bk1Y{Iw_>?46wi-kEcl7`(^%Ck;XtY8QLJ;dS+3HI$4Mdr6;gB034jPV#jh zO~}gkArw%lM!+HH3Sa`?ct=_=+;lcl2|U~^CA6LQ_fwcCW2Y+!xpFuR5As3dPyR>k zn_m0BXkYc)E!uayZXW^xJau10-89tWiiS?juJ$4O3E~pEcoN@^vWgw4`x)ox#BRnw zz8NdaB-yB5klt0`P7FzU*J>qfykFjLy<~p*nSl)+g9}EyO+(vT$Cu>=bxRZkz{C=cM(| zVcBjWGReCSV*6S(J1@ndUpT_8?mWmQJk(0O2e4MoC&N?d_{`p$>A1L?0gHd^sL$R?#Yw*qcS*Xp-;tr)yW!FfCEIf zO5t6Ukub30r9gC~944+3CsGbLGN&HId@EEZ@Ge|Yb%Vtn4YAX5!M4imz71IOU*=P+ zvG!JMIK*)jq!8=7Z^R`y1mS~)!W&u$vOJ5@0g(djsKN6dP}>Lc6VG6uL7D6`P->b# zK|rHl6kM>5GqGIF!oWiMEl@TT%v77VJ7Ur*}g1AZkFbevWk1vo1oY_YM&JS zEdCc-Hx})LZVqe3hRT56g9jLY3PO+0(W?f*dQvSEkYVgmgzW-B`EZSFlz=n6d7;4!5#Z2b*|BO*#f;kq8xC}`lv0{sKb()%Gm4^S>}z?6E)1qORZ zqhYE9X3R8Gag+^5<(@sj!_}WNFhNfNsilnlI4gsS!H@&G8X!#tpn-E}bpxP>1Dh|` z6XhFkZnFCZT$aecpu#z1{g3G+i$(xfi&fbR9w(k*xlV@2YH|i-4%%# zl;*-OPTJ_+_`$rEyRs+Os2aTei$N)n9&wqQmb!oOiq#-vy8VmQ?LnQIE#;Kqvj0cj zmj^~wCGUo%u|?XBVl*yD)TqG)1A+!oX%M7gg2p`}YE;CiC{YrP4r*c&Oxs*V2S;2+ zqqyLRiW}g@1VO<);^^Rx&gk4Ws0fM(BYEFfbV6p1ta;I(3#h zhcYaXsW3}2Ae&4k3jG4YA5L`EzTEcOor9wb-aK*aT}_897%uk$;tEjQ`m}Kft_R#B z+6Px?z8Af4dDiQQ*XM)qY0Yb*;R9Y>6V49BubPy#CVbYS@M*8{+Z$`brOWVg(7V*V zpa{g+J#7>jQ%r>?{uP)8eUqg-fydU7LpUW|j{~AGBL(L}Cx2mh(ETbO53r_cdGJ)7 z@PNkweYC5`1EePpZbP8qLCSGJM}36yJX9NF0@}0;3XF$(>)b$zh`775R!c5zwZ{Qn zCIyij$TCtv%RvYXvE1XLX$XCcyM3$&Xm4|7fVBdQ_2R3Z zD8OP`_JNaD8v1;5WoG)^dcDwxexT3idi04XeX0;>=p%lhQGBN6>Lq3q25@q*sig-( z(I~g2#?r(3fu187lOE4_VRyL8UIjYO(|HKw`M1BQLcGu7Yo>}R&#-*eVaT7OhTHqx{QK{+s5 zfrC?xzh{3_`ydmDy-=$BVh0H!3X*Brio0XCHghbYEn_oG=}_&B;Fqe3iRgM*1J_*w z{{A=pJ^yxHW`EB~DEL3??>YFTj{QB~9m<)NUiTmOAP54*fP1V@YQn3Kc5D4T_b`+f zM3xYY=#Bpy{+>^-RQyB;hayyV$L^@?|4o0-s_|Rv?|G%H3_({qwCzQ={9}yj762KF zk~T#XfX6?AQ7x_C=I>cGKC{0kzHhz1=k7018aU*)y34&9`zomI^I)BBg}-O(KFPsE z?|bcF;{6daQn+UkBfxV%V@&rqQLi8vx^Ql7;nADn+Z12=jf8S8zGw9&AAwH?QTx>*5fodBSE#CScV-` zdGTKNXe4nFRd2lvE}~aSBy37vUUfRUedr^0ld`OPmIPt={#q3beqHuO9oRbjLP6so zuTIXD%kITx9h_*PUPN$-!r_T(ZD*PF)}v)`r}xopN{0S)8|+8sTkZ3q!6|lbd1|0< zQ}Q%1C7A1Q8^>%)R#qu=eY(R5{EmxUR)si$Rnuv zdxvU8_pTI5C)9$jwnKD(b!8IWGBn8K0Nt#S1l>1ERWqRbE{P=Q#=-R|=&q3I_xrk6Mpp~d(acTy%(iCW=hILgD3breG+dB@@PS?dn z+&maB8hg=PQeawDyM&FE)$MB568(+bZfQ^Mc*abUzGxW2s|l~GKj!Ti6kOWr6OSaJZ{~&T0%t% z4kyVQB^&JCf!?VmYAZiymsq9siV&>dU9Li;`(ILl0#VwYqV(B(h|+U*Zk!WZNqLg_afkBI?);e= z6lf&q{B#M*^GT4h#z@d~*3wFla0Wj_f|^W7o_mjxlLGd~kQ391z@EXB%R)iEF;dFN zUrESgknRwO4*dLA_LY^i2GoM-d!&JR!v!A9v6Y<`49A4=(7~50#s^6Tq3N%97_VWa z(v6r+mnAX&H6w_cr^5-PST;=J$bkrkn+T{tU zH`R6;q`OHZg|sXrVgrQ_(*L}ac?hJjM&BONOEsL3KEe;_?_cymdVv&fd)j)Phllxx z`Q0To2unwGXJfXNQ(x}{6V)^0-H8V83B82dqPoTV9!Wv<0{h)|Cy9+oR9~~mqWTsa z&Fr(p1hd{H2vi@&4B`KFxM5Dtd6}8>(k05A(W-CqBy#~!M&{gv=$1J@3w<&$=R%33 z%#r;e!W?fqBvj5wi6Q)%V!JBQI!0J9}#+GHEc>&7%`3h3z)Q9{B>}Z;4A- zca-GRK4UMo+UFVNQ*x~-=pJPQ6BWV|%c_07@4Dp6PL~#F$bR=&^=*<>%e~Rn*T$+T zPhjcPED9fiZjOqFIO8AK_5EjTj4uD+=iG}`@hoGgA9>I{f5o;&_lddCJvXLoa7^}> zus_XxU^}V(*~DyOW^o(#r>F?1BB~jqivFJ7drtH9o}v!XM+!VtI*k3SZP9v+(&k1^JK)&zEFE6_A}^QN@$jrigV{WLKMR@Rdexo*Q6CHWIE-cXy?*m@ca26d7{ic8&51p5 zWC2<#wk62oNDbZiVX$5zu?ZBKNFl;IR zQp`{%@D!EWPl8U*OWS1=I|fm$l{Gt0Z& znEseRu-B}$Y!2s#q>sn>Zv705N1f?|u`~ z$q(X@b2%Tel1MzKRN_&Jxzk)#_)12`A24v$vux=!Gt$(d1vw`4wf8G|vjlg^es&$j zo1PYPt3l@FUgrzbO*^I|hR6}aXZynk2vFHk8-*)Tj`TGIbfvEA-&{uor}@Nih3 zIDt5g_j+X@8tn{x=!hmX$q0cCGLSn47s)%i^2pZ$caCwzg4CN`w1qMiyP6yXnj1+Y z5JxqH4<@fFOs4#xFo7}8bvY;S#vukKd!NxEOqQOnFey`*d^bA-OlBdDg^6yKwVkZO zgrf(*WQs-;n267U(P9N)>`HMmrmj0xV~MV7V2gk`kpQFaw3Y1j57L-acS9IU+T9*A zBc9$G%qVj;3*o<5K?XaI+1_6(!tf!!aI?*eS$G>Ydi%q5wkaJy|2kK7DCIKoS5aP~ z=x%)2;^!lOj7E!}B8h4)gz8Air3(emRg zL$HlKPr-JHg01$U3}8D9aV*$$V__=TN)>EjjV53d4?=*g96_)y)W`?aTF;fN1ZsD) zwg6F$)EYgj6DWRz?Iufnn~&Ui{k8g#P%&xD)NYJ^GIvUbseUpmks<$(;R|z_p`9l) zU2i(0M0*iopNa{h+1qh~=^aJ=yoB(?DV}DcJtW^Blyr(*b8&Av@~-zsS(-#%_JbCA zW&RkyC-T*-#v4D&Ht?>}?WbD-1a{bwp9 z%74m#=6deZCN^I)8v(OP$|yOUOO>35g_nif8vmJ}PVw+dLlhlqHrWez6F#y3rHmln zqW{dLhz1?D4oj2z{gYktKpFhqnx#Rn~XA1+RblR$O`IEYWKNgrD zu-ubYY_2<@?N_N}gff~JjhkIE76$CuBf{>FxjZ40enBLOA^h#?duHlvfXv5QgR{Y!jU zs&22smyZ=BRV1xSP*A2BJTJ%++7j{5Y{WELd|$?vlIREtwj()d28xzbTB{R!z_ND6 z8j))JCu0v)x4ur)B+I0>Tww!cmU}39n58G)V7yma-zDlC11hLgV`9b$?ILXiDULhd zwy~W;UwgVVuP=+LL58w4EUS5kMPu~t^Qs+_%fc%X#bP6fve6o9GS=`gTf^2Dz(u`6e+aV{_E>#CW-dwE|36%G1NM%bym{ ztIdyWMqF=xpz`(RMs+F?{Ln>5*-T$=?xesricqU|35mG4 z80lx?Wt1~agk=HVDJ-KsVYzLr5tdI5@(GK8RfI*9hLiJlmJybK*&Zf1o6Y97GkNYm zjes(zR0C8jR6u1G7mTkhC=ESAvAGNhjMyAa6iS&QHipvp*33*W91%&uXt+jxbDj>% zqO3=vMNp~oq&ZNY9u!MP#~r-4RspM3B48VQ;W9flR6TF5mE2yGj<9~4s54R;+=PNe zuokxQ@)ro!PrvI>umFN z+Mrpo4U0}@9ZVbV2D1KwG+BweMea5v?xftkbSLDl(Kln2ls{P?J&7o4e_v5F9>fe( zgdSDDB2TI>Y=6OMkfI%p4=q#yq_w6_0V(_GlJu^B zh%tb4!7>)o8cx9nFrr>v<~-8Fo4DpDC4HVpdN4tDD>Ya4XGMv3{_(w8-pGdf)Ls|F zF*}sN#cJbiL|oM%g{NqhbHZjrAgExlTZfp8hFTaUGllka#@_D?wqhl7FQ33VlVIIjR^uuP0g9=mA~e1EITIY#9VWpCdJMQ zMk?cD0A!FAO;m>&*NN#xUz@`{i8d8 zaUPj$M<_$2QXat&&$(M86>zCWcK~O&uj5LIlzJ>ND9-upaS|lE!@vj*#yFYngzE1m zrD>C+0jN}RWXe91+E*C%Sh2P<<=n)X-bb?om@CnB_9IJ)_;vtulsh3c(6xw*n~trTaRb`fkg3S-7*oOU|&& zczLNf1urA+*bH87LEJ6kWuivfJYGghq>OkuNP^nq<>WiJ3NP1;&VZM4@1qYdC)tmg z@N!scpbszmh{B|~x}%M=HF(Kcn8Zt`-*t$W&u-oVUjEzu3w^0U#rF9x_%9UhWYBoS z5FZ-LsJ(Pj_K?vjX#DPG4~?+n(zdsDL0r29p+oShQ zRd3^L$$ud(8-~mn%n3}1>NbJ7rteJkUpUSI9{)G}7YW3m4Y|vj0{8geIv_Ke;Ze}g* zBr!Vwj{Fyf8MCdu|3ZNcN%LRG_P(e3FRUMIq=2XQBvOa|3)f5V7X25_&}bBcbpM5#8_-hpz~$_LU8*VkDC3XS zqO*Rh|3b~-q>nK=@3ozFwTjJozQ8p9g{VI$)qmk&Ul2uvc7or3;d^hK*2Nd|-|}Br z^Jf*F^=v!tLod=^dvpE^PfUUQbmYGv>%srt{c8K~tBA&;3Z$Q0$(Ge(dp}447Xb56 z$+J2cXg+(82Td+gVax+p2;lO}!xfjZ+W`k>C1aL0g3=-((YIL<}hX>ldI|XtGy#ZGSta@zuI^89$N?gzQao7n4K8CM%LDipEYuQuUo0O>z>zuG_d&WxXS_p9yMc08(w zU3FClWX4agfr=k>QV!J_p6PVW-YF>Z5(^Q+Gm5C1Rj|ABIrFV;ia5KCXvFh68VG|MV=EF@{ppd z4CtDCsG_SpnFi>R`_+QgK-YirezgnsV%5wZ6jL*{t7K~ zzuM^Qj9u?76#`)=f-t=L@sEgWRa5)>)v6^_p|#oj)sEMQgcfGn_3B5nPB=h<1X?NU zgyU)yNH8fjw@%nlsEtfnC#>*3Vx}Fll;E5K=`npB&=#hUxdKEs`LCoLu%%WR|8A*C^y*IH@f~UYVU;rXNI94n@L! zwVf&Vt8F;geoVVx?F$<~5~km;wj?!hN0}#=sqhyjTGTb!I9qwYTGM?BJi5jGqc4G% z-X362?pK>I8Q9BozgiHxYp|aK(l-$kMGpS~kf0fMb9_bq$GzPg;rd4e5a`WL>!tcB z)qbkl)tDAy7bx<=4tM`2%>6XSp-p6KcXx~?}^I%6LnmhzHogHPra1-Ty51 z_Ll+BFVlG+(@9wP>*0nlMlllf+K;aBL zC94TsV{2hF5=PmCOs?4BZsYDu>p$fT3JM3*+-Ve4DHCw|_KBYisJiXt163J8rRMtM z2P&wBGNlt55i_9j{4n7^d?VsuzE%8(WnIEfwxryNHeO>Da0juRMQlOkgtnbeYSS%r zh(=<6h+EOjzG4F`^t_x!*+Zjn_&7-P20ll*U#tm);vcG6bQLqS2TYjh5Xe@$nJy55 zYOA!5w!W-&p4wx{O^-o$uno*`Fwm|f>_R_GF7Qp{|tzq7%-kF*ALmy?{KxJOz4H=mC7UEdueM{bS7x^ER-kM>QQ7)rLk704+ds+H?u?g_tt}c$*eczCWh)eFL?!YujRL-g z8yw-O%w~z}><-h}2$G0>mq^mJKYuM&Q8q;ry`A)I!y@s(`H~NuW}Bvio{yJKPt8qGHzAAL(hSVl(t(ClJwH{cz(4pzRD8$8F@a|3;#07^E2u# z&j)+KJoZc+V}~)Gp=e?qx8WalF?xbd8(^y@^*^Z6to|>zVmA*ufo3);Hb>Wz9P`BV z)JlGru3#J^BI6bKlI#j*peuMDOhnM#>fBPd5&cGm^bpU8?@RpX+P3i*o-;ArFp35W zC|G0SyL@s-^*aKCXLKqJ&K2t=0C&UWBY+MJGO>iqV(JNnV$?#Ou^#z+Z{aue8bM!Q z0}9i51;x=s!7tGTxbmY2p9I#GWX+WP5_)!(y621`*^J8+x>JG!7jPUzC6~*LB(G`4 zBc@(GVz7630l(KSX~qMFk@1{C8Y!G%c;|c)|F}CiC4Sw8&Xrgb3H)mZYNF7$eEgR3 zNV@OAZ=&s){3aHG9qTitsFARErWr@19{Fu8yhbNj&%ODUtA>~C$ZI5tO{!V-Ya7w8 zIdOx)$@)Q=gAh7MLAMxkE-_jX9V0bZ&8)$wWDTH|GUo>m?~fDMq7O!7jzEkNGl>>P zs@vGD>Ii~s;)Rnds|v&OukAXaw(a~&tM>H}W1(cy@#Fy3C-FSfFYSuCa8%9-eDFC1 z3iKgRvbX0)y;EjfexAGksd|n(tX*+Ykj?F8$;QdK@JXKP3|Ex0T&oeGU8lX-+ghj}*&DLt7tY>w?H9 zA*!NoeXwc|Pyb(V`8k(F2fbI-{dtIBR^oUb=foZYW2uxL;=QUIuZKWnSbtfGy%{;( zVu5`oi$T<|Ry9)3?Yc&lEc7ewK7VVG#b%pn@R(rl=hjYu(kjMz5dHynQh$m4D&9fu z_pigq`oq;AD{q!)A>AO>Md5}=goK=j!TkvrnEMm{yt8r*eS&Vdhu}kvh_}yZaB%cq z!of45vCh$@!*Zblv*Lk)_!xCYXQRK^51FmFfan>Z%OP>u*Mh@L`_hh+g^cmxQ z+*A7eE zH>%KohU%N0t?`RVlLxveqCI(RPcGX7CBr_=&y%1PL8<1>wy3G?95vRPj=RvZN8YAVHqYnP3!*CO|R3|6z9n8%(7ma*;&F zOT@mY$hXhOz3?0~m$oAHA}W1hP7|s?uAnKXB-)d73QD%$8J@ph?Y$-JX=+zBvU;%h zYWRe`Cr@;{($Qd^2t79Y8nGqBw8D=j#>Ef7z>Z&GNV^aHMSUAUDY}e6Y9moBB%}Ao z6^JtVGz4YFtKqbN!mvAsh8x6-*g5LEN($NfaKrux4ma$^ip7t`6jgIoe_n=@w!sOO zO|w*BhFPOGm9AaFwt&K7{L_gXBrd0sS4KNR8-$!A;1Z_0a>c%2Hvn3du*zsGdu%7? zsB;Ja^yM?Ml|7~Dy+Q?s2SCAq-30}wvR44vOQ8L8ap&|b(i+9*7+HcV6zE;B5iXZynYqqN9#a8bql+%eBWhjPQP{HPORXg zH>3OIIDpTAC=qtvUlM;}pM6et)vYR}zAd4?g}7k>7;v-x-7#UP8GmphakzXKS`>{z zR4@632CNiy&c+VBjqNe!i)z?@w;J!&S*&>fXP7ned) zu%RONa*Ukh)N-&LtczKx$qZiP~m8>;%f#hL()mR zltN>vMfEJfc;MkK4+5#7nS8(u_o(D$*p4poz&@I0r>#!oemE9D=xVf38vl2u>dAQi zIWt!Ja1H_9#c3E3-71t5Sep24}+=wU?0Ek^9xs+u&Vg^*x%JtX5!n5>Jb93}W)ow;YY@|Kl@W4+Ir5M1%k-7ly_Xw|P+$v#oWS~>6uar=09`a8 zI6#Hk!4<^r6;~y(doNNR_JG0eTig1uyMWnpt;J$@(oTZi-H6@TB6NReU4jaLLN$n) zh=HXf6FO3hu(yp_RNndy<}B7{3A_?~bkrz7OEjV**SE)ugX zFB;R93PXbK`C@*-x@c_{9%wUpzA|!yWZJauxKq)({f#kTKS^2jK}0YXMwuQCvD=9t)%zXj$2CeXRFGRAphF_yLJg^dKXQcq z5dZi-U0;C}84yyx!~=J|lO&wz8=R-s!xApsP=W$Lyl;X@;zgiMu*CwzgT)+rBZYWx z1tn=I+HepWyZv1wlps)C2eC~-xAku+v#%c6|A3T8apbO+xU^Lz#Z{VTIr5}VfBw#7 zo&_4?_73tKqItTxHczjo+E??eMxLCqnc(Hg-}o4Gk1=_QGJ?_t$F%<2NDHSR64^QD z4qF?Ko!fSh@=2sjyg;MnJV8Stl8?ET78UXaOA58%Z$3&Tkey9e{v{?M1GifVF!2Lz zlQj8hAgkNWH^XL#LKEOzu4`!Tf^)%oQ9DJ^T5dUrTr-SiYb&AHQ4_J>pqJd;uh;7& zi=sy{=H%W~SGlj^v?bC5`o>NmKgZzK`R>>$GU;{R@u=cio?f>Du$1~cYL@#%E+fKUwI=*3j1XujeS z0=<;b6A)IA5BO3|Eg-^z0`ic5R&)XX2lMvj?T7o)%=vCpHrVNce)H7njM~6PrXvRN_=@^b9Ac9G0(UzC$eg^EOdd5b;S=^ zOa#?X)p~PuBlM8_M=*{x6KIx_j(OpEn4N1pIsY^cSAlPP$7v-wYyF1(gqVY@6 zBohtM2^vOimgh6+NnDJWB?-tZQ9(Vo_Yr#TSheVLC~D9UV|PwcRum6fblur(LlZMx zw6ZHk-ra)nUI#*+i=7_b8a}SV#LrIM5`Sk8XdV1i-B&PrMa<-8N@L&f|S{p zCFV#ndqg3DQ1Vv2KqfhapkUx}&n7hNCf~sm0h0(tdDd=6*#E6}X$XV{CDp(i-NR%{Y9~$bU?W?B+}-D5-=< zcM_RPhT(=6F`42isdz*vS0Eta_7J8J7L>4V07WtTi=2XwAHXWn>y_8xeIk2#ybmDd z2w15IKuyq6O%S!O*5{Wqi0Bo_)h;0tG1EXH6xEn>pqLAo&~PvOJL5)b_y59w%Fm|>(ZV?&@*(;9+W0imk!3#H}Ks(N!QFUg2YByG% z7jC!!Um>=gYc^I?^^CrNUs)X7;{wQFqPIy~wO?4`<0APzd~pfh9c2K+t~I-w=zVoJN=2lVKGY)+u>;X3=5OMFwMpgBoe zf@n!v7P?dVt05inXj!JKHa$^+s56$M;~`iwlzlLyF#phiAB%OWSBb64*1)zMv7<4& zx$wAO*;>p!w$2sqJE2zZ(#ZY@OURKtU_)XqyA#8O#4P*>*Z-3xLyulFr0P%`6yJ^P zsTdHhFJ}UTh8zBbH}n0laD54WC2nM($*uL%%CrphHkXsU491xZ^hTG#%wSYX1|*@9 z9|)#`L|=Exa8jKUjMOSJ=bDYJ8!;e4;atq_9OFP#7X9E86*SaZ-;jwQOLKCb zC}f8Pv&VhE!fk`*ZrDZiwI~~^5l?))o&!}CZ3Zr8yKQGf^vEydT}Yf3P@k~5c8Z#L zijNASp$eknv%Lz04wDM7$2{3oU>SLD7Pcec(iNXFP$q#*ZtDH>T866 z64B1}ox<}YohK}6M%HGfrvr*lcWW>t;0Pf(=l*YGGPqqPPT=sxMmrt1+DGzoYNsBo zcxc@Q)lMx!_t2*g5Sqaxd2J_cl=@7eAR*ucruWaJotjJx(N2mT7=!L-2dj31l9#yz z*%dJwP7zh8fM_S4$iaU4UEVnQX|XV;zf|PR{F# z%#7|A-=z>6aiUS#vD5gAQrq75RkpRX&hPgdXnpxX={-TY_5|Cac+(Sr*4h(z>c9zn zb8IGB|Ko~`v?e`A{hUf`G!!jj$RP+x>`ncL{f!scy} zMA+FFyusKO?Lw_*cfwE?))+ve0(MAm?3n2$B+soe69Hn!h`uRe=TU+PXb)yp6e3V) zCCnV`&^F>b+xTQI+sG=^Eh$^B?dPx ze?yLfKr#RLp6z?532MKKSz+Q7_`b8#vT@k0$$LDo^P99bQ)<6Y~53qxqM=sJ5*K^G01U~9w`kNE{C2A)jEEKq+7_bV2)UuVS>_fI2m+V8pSg}p* zAZ&(o_3T4lFyjcxwp};!c^_N1kf~c$T6~Tx>9>H@JzuYKGQMCFaNRGRs#;0SQte{G z^(`O=yP5Z~)C6fz%e}r67lrCOM`IYFvoYCh3|{08E_cnI%$_YqPSup7JjJ8-i?T)T z?))00iJyTu9N9a)uKAga#@YHyUh}O6qT}^h3V2_JRQ%)j7JZfX6~6bC_8sL_vmb88 z2ND!oafYrQ;YWl&m<45=$=SM<5>t^(WDvzf1rZ!|PVa{R%;y+E%fK{JYc3@92<+h(QqPe%9gzCEZ?}@vAXFyJ zHr@So61zF0J8PG$234>)Ff@Kpu4_I7p<~FD4)p z6ThiziDK$mOekHu3y|9e(>YvsIfj;)sqEBNv!QQQ$o4dee{zgzbt{k;q}>e(mV z9&mf)Yp;*)hqFT9tQ3d3vbfeqr@OmlXrh=sXKQ`J^@mCY&5+2LJyiZgrEgLs$|9sL z6)=0=TVTwdZ@%&rJNr1qfq-+P@-3^?>=AcXe6FC`13D;uc(v{%#8B_bs;XoUfL%-A zmvjpRDc&jn{Np?2$iB0w_MOd@cPEs4H0=qiv~^Bmy1V108CV^I>hxF$O1l${5m%nL zl6DMWz!stEv~Q000_8GX>_0hIjU0jt{Q2AWYUGf33Hq$ot>09&59VYZ{{(6^9=ey0 zw2CFJr`|~#L%Wx@Glmu{OgDz4JY*yV4HaYP&`a7kZ@Swn!&i4^nJh)zcPI>wyMInK zI8y8lvtL_|%kFr;wn{AtWrvU?%Lt9`SJgRsk3bO%HM(Bk$uXxmaM=rZm>!vr@tB=h&I!gORNd~+l^>oPJ- z0?x^=VUXFZ?cU!X%@1wH-h$*30rM*!Q?9CZHG6F7UD5n45>dPK`|55`iwQVETNEjlf~T9TW&-x~8H585D?m3Kmu_p-LdUfrSn zAQ4Rn;2-B^*#)$x;Lm4T?YsG^q7G%uWrfKlIm3Ie&B3u35t|OH22p8pK$GD<>B*>( zWBYL;qL_T5)!E1=>z$GigB#5HC0ce2oUPTf3C^uAnKOcFODZ~pOpy6=6a zeTTknV)>BC*?3|mZ7zcdI>AWo5<&+Pz#xjyBc5{r3jmO_-SWSuP5_tBmkHnt@o23j zI;5s0=7#QM4l|cfoiK;}d^vCq`0KxkzWFB}X42QoWG`acC#mI>Iw*8q9P^1?krg{s zK+MMq8X!>cdVLi)c+X@LVN{SjY&uE9Zjxl-f(}VijNd+z$mC)QNsv#q#7D#Mu8^nH zc3P_%BtkwFvG6=Dhvjmy32b}D6pQLea@aQV1kmKU`C>7Vc3)p8fF79pwPVG!@s?ly z=lsv)zmt*wF74#sEOetiTPy#)Jo)do)$)J(|5*NQ4v=GNhiELL{7-5x&YPG2%i1R> z>rnpFBD;lG_~k#BT(9FI&#!y~l*;9~wer8n$bVeqHmB|>m4Eb59mu~2bVVFwo;csE z%pb-~MPe&IPnG$~r$y$g@W4WkC-abhpUQZ+*$VtXUvdikPw$DqufrqpJCSft;0w1_ z;76X3L`kDG#I6w8egEd-I!L-oyedOVx{BTm5j{hQ-yrF`e4j4qun>5W8*Rkt0L1mRwC0EGLHG~rI2Pl2WG_3y`XwgU6!Qpg-tNa)|I1wmG!Q9)VlLUXWY zTV1aAn>bu<{0k-``h5)NApW2Ov$0pia}$^HW9JoQ}b!Knji z2X0I$Cai@bW{p;1pf@)ts`{T+Bf` zh7_m=?W;mqAO!@46WVK6tAXzAq#CFN0sNz=P&@FC?P`Ss;OxDkkM%ieZ92))*$}a&!LtqESr7F!|;&RZL=-%qC-5HBfu5 z?|p%N2ML>58YE{Ko{*Rp2GKAPaMvy&=2HxlTUdZ7sdqj~RZ{OfE=sBe4>e4rrWNfB zleQPEo^pISP*06{NA%QjczA}1$;28a$`CU%0nX25bzzSt1dl%m~2DpALfLbOwS6cX)~LLuZcQ{odu*4!hH!DxsIP=OcO z7vqY#k6(FYWC1M~(Pyw>Dly_gL1bG;6`^IbrHY7pj}!3 zA%&UygK?j;`y*!D-v0yD2C#+Apvg`-IHB(z=R^Y~glNx}Jj`Y&e1!#Oru_5VX+3rR z0j;FM0`aE{u}5P9VERg(0FdKn=~8H^Mz6xj2sB=WXEQ`;t1Cey5C1wuwG$Z7S4Z9o z?irh>SPaIBR|HMVsh_d!T37C?z$^er7j!T6eNPm#cfk6{!z37{gF3z6j$n4R|Dn&d zrL$ORC-mX{Bp;Ardkao>T#q@ z;A!hSw68sXkNv3@JMi~_UZXVgk7#I?H+`p6^N-(K^i|%eDEJ3;bJo*TL~N|A#*oE> z+rILxTLgNtFXQ*~PSjO|di0(PB1qovH6CWvZ(VCI&Q?UC@BWiMYG`T+ZIg1g7qb!T zv27ai5x#jadtKxd0bzfx8i99!jydyRw)@w=X_o+@G_z!R6tJk$4%)Uv>M1fOCIN<7 zv)Ksx*I}dHT)bnhBhTIaeYKT9a1l81Ahb?y<_b{RG+Vd+$8fzIfTko>gonfN)~J$|gtaf$l# z99l&EQWx4Xi0B8*F8k`%o1(acy$>-hv!16=^+FO@f*5Ff`9GN1Pm+TS)Y(tbkTv{- zmcdwK^PHUJvy385wAhA&wH1tGT0i|`)e84YQd_&As0As2YT;r;GHT&WQ41O(bD*RW z|2jlI&VT5mYC)OQ_hnlhOmdanuY=@Qx@L|71iHDq%sD6&X0_MOu$X9l%H3rtGkDB{M`bP8KrY zAT$UXrgq#$cz)1N@Ni^R#+SqJat>bx;^kbv48Y5IlJ>c5=FX8;CuV0=6o?K@9C%E& zNh;@;F(TeY<$1D@xAPa`;nNaTU9}Q zfSFGILs>P<80`)_`%3uwu9bb*So-+`K+_q_sRnssQiD&3WjVyMLVSm+w}gLZ;Mz;r zFAm7GGQaE{wFL@D2K3BgQFC?^1c^rDy@JnCPzG+x$DlRWPN4=V6O`!wd&qw0 zAny7e;i&<%BRmfhNrIO(j_!faq3~30x#Z`=8b^olW&7|{?m^<0fsLcL$Cq$;>a+4? z97JktI2vnVbx;WyB#G6+`VSIQ#1IbcB`r#^YBs&CEkV^OJ4lK)nVnu3CFu477#PL2PmBV{Xd`S;u-!A1~|U z1$`{ZB|egV0#=14^(XLg#nHe9`lE^H)qxHC3mmzJIk}+cYgYK3(8w}&X=3zXW`@SY_=KROm z{MVWtT3Ff%?cY)TkN(a1@3HF%N}oUY^53ST{6E|Ix6;Ss@1ef@JFNe;zd8Rs?lGgq z_g+o%_lC1Oz|Wq)Isb9F2A`9C`R{*b2l+3|`K|Q1+veZXm;W{$<$u=Z^AAtGkz!l7 z3WJ-8&?=BIs1}iRcFD9CwLhlaj5pYaMma!v$atl*THtxAS}^V^ zJ0{HJsOo;ksO}d%wPBp_9^VOC;dH-6l{~3Tr8xa}iadv>eyQ#8>x_7y?ABS(snJgL zuT@?E56i|k9)cr!Wq)_|co?wQ<}&Owfi#Vx;4#R+y%Jjy-0LsEzcbILjqB-?g_`1y z1AHltWQq|?QNk1lB1P+);dw0L0N2q31ODi9irkM0c4C6wOt1k_TJLht)0mI0^2O}O znBQQFfcw(~{A)p!#HFB)JGCe1)QNOTYd=j3@DsG32rhu1V1@Ky(n9y>jXG2Wm!aNe zd>X-v*wQl3%^ghOqUint_nq^EK`y@ucP&h*)~{J>w1NH>+y?*l+rAYBeDBn{B$?KY?11{7(NTS!;rT5(KG+T| z#`r+&yVx9^R&dM{*3dH0LpHW!e9*#o*rVRSm#o7AaY5?b`}CvOX~W^skscpyASY^& z7*E{`F!>~y2B?GKh=1t8IEX5PgIvD2ADogB*-S5FnrolqkLmUutM&&c+ADX4J=3YG zcQkIAR=b2PhP`ID9zvP4eu0Up+1a4mdoXTN`fH~?UtBk2zsFi7SsouCSuUR-nLOje z0Q%7p;=42&9~&kAN}}=0f$Xc{t2rz@oQjRax`l8Cvz7weSeY$-|cF?o3 zvSa;~vA~AV@I2kx3a?8>#wx)rcwm3&i=s(Wng55umicx&A*?#oBaQzjkfqkHrxeS) z2-^(MNHwzE$4_h@sf0Dm#QG-%QOO+L!qO!7s~~`eKebE9w#9;mgQ9Vg5a?J5i082q z<%;jtcfcxqxViwWD@=?98~}}PLx6_sGaFO%-xU*}`@joIFLWRJB3h?%#Fj7$iU8_P z7!;pe7LA`#%C>;3o={h!Wk`fJn%)jEII|X)j?QWYx7+sUx9d~w$)r3BDm#{E(b48C zVPuZtWg5e7p(iVnyIN75db2(vHA;?*bHnrNWl#A8WK!rp{Wk?Aux||fC|e5PS5ge7 zmiqcCGz_XXyg zV{a@<1RIMF$I=S3IFVUIool;9ab9KJbBNG5Zs#uSim}NU>k(WoM{SUu9m|^LG~9#F zXu{|7OcS(AFf*2M^jD*TRo6)7NA{!G6ibJ9BHHq|>rRRe+7!NFI7%yqPyG!#4-SZo z>a%*(&nrePT0dmeUaNoSbcL=1*K`D1jDg?%(uY{Np=RrZ`M+S|RCH*jrdi3Fy0gxZ zu7AlupRIr$?pf{uFo@iNXW?J=I5$H|o?DXj0{#d>(E%Rd$l;0Rgy|g`x4YAu5_A*LLD@mFaY4YQX=!7SM>y_+_O&mlc2nOUZ~ZRZ@GM*Jgw`D{ zK(D%-opBAS8*aD@A>sKVsLo^v)Yae>RwD;(x^A#Ytbp0L<&nn9o}e?O4L%vcgoD|s_B9dwwcgBwptBOQQK);>K$*tqtdEQJ@#6sb_^m#^ z*2m}iSfP)1^>M^DP;~p+8Symz76^bXY4hP$znR$?s<=;ybI`p!sp6(`5!=ee2!=aH z4G9>z_`%49*bWW*OKR-h<%|zCj9jR}doxH4tGl2YolOV~*NuU4!(!9+#m?~Uq3%|M zZ~mHzVDX|itOQ`&7IF2|2|Y1(1U|!LQfPDDYubz2=Ys>%tC>xK=!>usnB7n*u8e5i z=Gev_S)s1bihvy$lIb1Jtc>k#)htKDx%V8gE=XU=p zizQa}w2v27fU7~b8>8%iMIm<;a>-B!)UZtDkUfodBp^D3j@6d|8+G=z2dVTWX#hDi z=WN5Sf{!$3A9t(Ar631=dgi%u?Aoywk41rWU%mEZ^06~f;q zTz9Boa57}=gK*t`_z|AJQ|}3jUJg!(;Yd+W>aNOIt~>q|pA<(Jv%S@IyijWSCOcTB-%l~pWL&{ zwreaAx>EI2qLS^KVtaeu*Me&Q@VKe=t&~0}LP~QqetHl`2!|V9XC#^vM;>Z=d;tcI z!ZtnrO^7W$egl&MBN2*fvez%(>(!{!b!Rcrv|E}xP`f3_DauIp_^+y>q~!SI!q;ze zPD1(c5Nc)mZMtB%Zyh3P@>P8tQYgO`=&vXB@n?PX>R4)P6pZ7 z*J13$0U^!3CQkRO!%093EyPGrp*M;^JjcC6;0`auBlN zO$SGA|L>I;g`TE|xlcL_dQtQ(bQAUM0^}7330x} zV@MJ2aug_pGeny31J=z~kET(mlFp={Fo(m@I1f@T1!nPjImlGWI;I%2KP}xtYsMR| zz;>;<_yuVVa_yctn054O|HX6grrwR8P!C}pS25yRrJ0kF&!! zTnG@=Zqz}E-hMW4%psKVSHlfO2(t%1;VgS*(hUk9#mee579`HaV2MT}nh8~(WDVzG zIT=MHqS?|P63$4N=Q`~?@W7d&vcQ)%7%CS_tYHzrm z?$?*qTpVt=LCCFSN8-3W!Ui^r#R|$rt{kl5gz8HK?FSY}?Lp+hJ|eUB-4eVLt#;!-Tld~K z+^{1Y9fg)DNxKOh*uZ0=wcQ+dW}&7biMs-|O?Xwta;t9qJYp z&q`e6aWSE&KI@hEAFK8R{;xhzR8m!CD)uK~1XH_l_I@AUDY14ku|_6ih39okjFMP7 zmirp-VDkY7h=f$Z_*A_SZg>+R;rUsK-SHGkw6;pETA$Yk94xe_Onk>vc07$c=^3us z*2%OkP4U8oYy%O_*t7T*m+ zKRvLs0Bb6R*jL^?9%_8%At=7FLG%YZu?uHX^du;9`;&idYsIXOX_x!mQ$Wy4cN?~4 z7{KeVKZ>8L>lva6YFD+enwXql#wRA{ z^suKOO_=PdWpY#o00ydrC)`uH3xds_N??-n1aj9hn1}ensS^8AYG2Ca#R=Wjb`J`d zWdcqxW0?FJ#gVW|enk$;>+-Ph&CY#OdkgSQ%*fDwWz;lQYbxz8K zF$H4$4g=i4gu&c^V8$a@hF>6wCSn4;c1aE1p$F_V$aYV#Iw-MqsmeWRw(fEJahkNS zVK!!DycXTXAM=KGJ`%^o@pPfYjhwFmC0aiS*M~ucs@~!GyW*ffHh&$83(q?p2mRsj zxF2a7kz@_0NrsHX(*Q?Fj*Ns9M>01juy?81nX~JIsRWyj9Jz?tC{IJMQncI8SY@Ng0IAA_NCJIWQr1J@xYD3@m_mxog49I@4ud-pLVQmLgJjB@uy?_(Vsn%EKa ziN-i(Mw8tM^jf8Tl)5*erCIJEY}#N&^RO&-U6}F#d;wbtT1N85oU|znOz=RyaJ^j3 zjGcU8M+{k^YG)8%NnbTS-0+=8dQf!DjR0Rw-OVvJznMTz=4%%v}{(g>9wZu}Dc%0yUBvmnHc>9LCiX3VHZ{Vjk(`W89*(e#VIjT7z8~ z9^(KpqYr$XqSa-;W73Ia6Aqr6hKdE>_%jz&?6bwpZ=}8D<*ATqWi#y<0vkggQxjHu zx}Bs+GSt8{t$WVr+PM|5PUt-`-As*H0hDwbHUf=Dzv{?GD%e@o#D?-Cr1|~h zzB0!%d^ObS6YZvR()X);z$#?auN?czqTA(pn4LqNa^AfZy`PjLXk?G0Q=nX!*Itq8 zUn&m;2GUkSAtOpD=bfW+lQZjBX1WhKLpczyfq810h7dNP(KJnZG-!IeLEWAiE|Vr! zVT-9`W{%Jqc^cIn_B|-D`SU9{PF0hsd|RP|%mTnstT$2oV zkIFkcd;BOdKeFB1pKkB|!zQx-lNkc{wx`<1K!;s_Q;?b0n?h^>Gfdw8EZ}IAdxU!? zHpmeLd9a0`gIZ+X%2WmGq&LJ&el=40875!$H6S$WlkIlTP!)?)!jBA{6YV z(Eyz<`C_^c;{~C`ppU{gY;Ve3#xhYvd9=@a9Hj_-`g{InhgaY0EB6u7J5kiydsJ< z-{@W~Y`fIB(`pd_P${{RP>BO#nM%YP^cD{?_1M%M1$4`l>?vP3H7OLHR}`sfI|Jv) z!upY$!EqG4A%u`b=~Ik05z1pA++&<`v&V3KD}*H686O0M`N#Kc-#gX2{m$JL_MLln zFXxJMv@CC8V;H;1H%0VNIyb@Oa>`huP)zh~eP(H%4$yn7s#=a#_jZ zSl2f&#(4vo+S+>Oa9y^$8R#Ic3OuGZ!E?k74V4P_K!s*OO*o7LE>jKt@+AzZ&%^y4i4!gFr-*5kt0p$>ob%xecy~2|WHF_<%BK(H%;g zPiV@)1{6j!;whG~SwIRyl`4u6y?Rva<-|nN1xZ#j8tKEgSI}p$f%&y~pot^{7rCd31~|#k~!qV(%8m;34)yG5r*v z7!v=YO=7i~6DYgUZ-4B_s)E8R`2?dOUdAfNk39F?53D@`TFjNWVwZ4xlatf4|7awF zUt{+>6!w5RLuC9pZnFGx0y$cKq$%@(~?0hj0G9znp+)GW) zuep!qXlUz`fZ;9uSOd(GG|sd&SQ-iLhKj~R1GNJEAhtceVw)+zO&|Wo@}1B-|6pPk zKiOaWQyxuGA<^NY)POE@Ju(zG%QU&}#p2k?IYls}fL=8HmM4zp$*9n=rD!t$_+Dn; zu~RFBBDfx>(6scP+kGv~M#6aLclQga+0vPp*_O^*@ta$Eh9qW7V@*CnqorF{O?P=u zF+AVU#}a+Kq>p*}ctRhuzk+2p88>la$Ui=6{S%$x)?aTBta%uvDoJzln@AuSWAc>Q zTC-Ue2GdPHiSW)4l!fQ*RW)w`@8`0Qj(Vst#F4_q3{d=bGikEgiFrr0^9pz5MwmnaaRk89n_BEBS zz0Fs76@$LX%HR93t^6Gy{I<%UFDY61N%y2wK1y-a%B!%dBp@cc$Y!Ap)UR9qu zH|IrD%NA3~vFkxsAPH$X74jo=b}6RRn5KxZtvW-MkoU2ly#J1vU$8g~!i z_;J+7c(L((djN4Kik}`I4fh9QX;vuzQ!K18I|w%apD--MTV`d z|8z^kqIpix$LKGhT^>ZgCliXqQ7)Uzmps0tdaxw*5B=RrFxOf@BIc2ZdAc@4YX!V% zcwim)emW15v!ceks*g`^A1T`*)qp0K%*#;kEpEj zkuPp73kI109Hm#O5kdi!>4nSrE!Vwm8cAa;-U47V59kFnY0z592jwE59Ikdm5>Rvx zV{%?)44fkIC2?>39Qb+`HgbDM*`I({o z9*6!GJoQa2|K^nPZ~1IX<%g%!JW~X?8 zM94AlQUV9T^Z)Qr){&jAkb4cGk(ZP%uG+?(wH@{8tAUXS?Bt#j__57xy6F2hH~tC! z9rpe=ZSJC`);4$IJKwgsBXifbxof`ruFd_l_s?za%;yns%%+W0Q^)>`GrQmoq%es2 zo-Fsqoz!sy!}GR3($)(%{FFoH2P%G^1t13g{(&!vOf;XCO!B5lGFy|3(Ij(+(bzJj zgjh;`GRYk#$r+mD08KJ{S6>p$MrOG`^z!dBe-_ch}kfp?vNwQ3mN=>pzlWh9b*L>M^QJPHh)@@3${WZxwnxxyFzEY$u`zDjz zX_9;d`x+Jdy(T#=H$BOk9lhpXV3IhRq*RmKQtq3EV8z;NR`=U=3eY^t40KUwoFqc` zlA?;;oQQT>*w7LQV)%f8)tVXFv`rW$BVqhqk^w3!u&XT>VjHDUs!EqW>8&BYeAx1M z=+7pfyEUJ+d$6I*=iLkJ1XxNwuz<7NhW7cKYw|fl^U3$}iDk}*t#FU>=R+FBL%W%L zR^ZMqwCkZSY`cbf`H)l|eFX789qntE(q}mYk-{=g^Qmdke4yWuIPgjN1C$--JRgrp zj|@B-^^=cB5mc#E68U)~u)ECGp&qR`*_6HnW(ktKzw|;w)!l80;7%mT9o{Lqu~J;^i>L%YpkSJWPsz%{l%YhMOE- zhqgs40wxEb5y=8)O%OCzFYzgvUD*yt?p;7{%sx0f8Vh}L%>&@9?dOk4W+jH*4EBZ6~E4s>$nXeS(bC znFP7!2P4Sw(6c6!do`0QZWRKym2Ekb!O2W2OePV{WDqjJs2s)){PE-JXknTT<0%N{ zjch4m#@L-}^cNEJ=iVN+R0{I5}5I|H~-{js&GsDl-ZoFS;~~It4|2dTml? z!F<&*#;NU-?(0iR#g3%+XG;3S>+IERsnVr>Ggwt0OQk+W(hD*rt!bb1313q5noN37 zrlhy!P*d1a*=@R&zNAOsLp*TeH09Ko|HIt3z*#k}|5w^fG4`Ngq8JRueLBR zQ+qNIMskeHVGxF9YN#}0_Dr*_R>cV+#Bm8ZLX!JTr7KFIl0zpWl2wwbowmyWaP?KhOKTmnCz)GGYx}f2k0BRF#L|f?kU;r@iW155aRl z@JGh-B@mpEv5>RnOAmTq%En9AIWLK6w$eZQ%1bYCSFijvMz7uq>D7)v!06^UTq;`P zeN{+3&UuyI_A(RrBHrlF$yL0Vt)i%=F&tQyycoux01>>}Khdl2wj`G2dG$=yYu7}tUf#0Tb3CsW zsaKbej%fqPr2sBk;{{kEtNlE$%Dk8rn3Cw#<66G@ac&G(88cgf3lqJ%Wp#^QANIWZ zu>$zOM6b?k`RbLPSGmy}6#n9t1h_74Nv5McuU@ZuossC(^=n%Iyz%51u3xBLuS@jm z=Pi4E(eo;OHvs-iqF0Yv=XNtEtMjV#+Sz%Ps`vGHrFv6gOI+1MXoUs>yI=fh2m8!_GsBPABoeqk z%_}9M}!QNB#>t*Wo5AhJa_X&GqrDOQ|KjL4X zBCo$&r-0v2y*{3=!`V94lLPDy_RSA}C%H!rITJmg)2cD33w&`g19iHc7f~O6a}mp| zz`MtJu#mySC-Mmb4-KyqFwTwR%C1p2xUpR^-A99TW*2Vft(pWN9l}zxJY^p&?mMVGPSMo7SmbptP z9DT4C;5j}=Bvq9h?<@J?Hk7>hi?r6;SF)NV z7psy}d?l~5Bp@ZJTkF`5c6#=|Sn|xzY%O)QuOz~fL8_$pjox=|V9EFV?2MJVyRYOt zmfWpM8q2)zoWhb*RmnZRl7m_D<&VaOBOasYlXg&=5Z*wS(O~>EBP-=j!`9BKl4Jc zj3t;UA#BTiCC{R)kA;`)Agq7P`XacLS4Ph9=6?UbJf+N$rzH~M-z>;I>n^7DIJ@)IWyJ=-ZiJ=>BW zKRsje&`k?cJpKLjiOIwJg^BswTKyqKiR=5}iCS80l9h+++9^L)TlM|$N1thD{dd|a zKi{?`KXLMqdXXYytMrMl-~&zL;?JWTP+KOa93bK#ks z3&*BG{%2l@O=#;XPNCFbnE;oQV*rkG8WC_gN04GTjEM^wjB^P925@Rarv2G#n16qW zyLq#Xyi+P(H6n*L&G|$9A$OESe>b+>-w5EBPyCSK<$oGKEQIcdSwo(BQ;?(1h}36k z;0YH4N-h+4CA`Zp5Jfk?$9FOfV4ux8lFKONkhF|-DoF=@Z0*`t5xJFfjRZF~lN6Il z3R868577fd!X)T%Df(@L{#Sz@XlyvZ2R(qg;`fEbEkDL@+z#QaDrY%xSLD(|Cvt8vPO0C-Fa%TVJuVc+>4% zi^V533)1G>U%voc-%8*=TYG=kA2@C8zW+ok?+5E9GP~hh59q)^mk6iEGz;$F>Gc9% zxO-W?p;xPC+TR?eb{k|fHh?wI>(Jpt%jrYISyk-ASzU?k7n9{TzR@e!*;&(h1+Xd) zZf|=Y>(PYd+45 zTv49Zs{x;gGT5hDF0R%)%Q^}jP-fU~uKY$mG?m%33WtU+_ne|DOaDVy#5zr?V27U$ zSpYzjXApL-5Kha5%=w_DKvC{FaWpg(91k`H0X zwm;4t!~HEOM&9ONcsbA|4}xKJN{w@nbs2b3iJh!Jl#dk_jlfAJ+1PFmDwg3|naQHw zQgk%FoPk3`hvww2tvCSt4tfRW4Cs}+I5;Jae_+se`1g&6NpiXwnY4KY`KXx$U;$~< zqrH|iO;1#LY0Jv;Nf3PN>Kq2qBE98ML+)?nPDkvAPVmZZsB8ay7D)Os*Bv{5K6w~< zA!zB71r`4mP?-32=ki`kcDXeMItw9@7#Kp5W}kEI?;@NTkYnKFvT^Ba_$cr0_7~4W zh3;Uyi{nvGsd$F*?u9eMs{hOX*ZuE}4YK^yTMPVORrvqA4g701fQ83k zdIkUVxC4iY(W-*(Cpm+UnyqOShv92pRa=`Yx8PX+LX3B77NpFF;C+vO zO?IJlPO3w?PpNp8RDa6hJ+C{D|D9UH{}qM*Gi~6{{XTz2{w`~!{{gE1%m3H?Ki^9K zOJ7#_&rAaU>!E+Jx$)!AOO-K)9Guy@{(XL(XDJ#C7f&dFMKx%`i>Rl?R7ySi?5%(r z1fZff(~3Cb(7PxhlVcL%laFBC<;va`6GpW^K+9^dR!;DQyz=W6!SD&JD1J`a3LGs{ z4#&1Ft)e@jDkVT=1g(-#Dc9a>C61bd*nZOX*XsJq$Kp>+bWrR5mpc32ls}=FML#e} zOjVdYhYrB>l-c_tUh;mpbvPjbk?6Bze||Y^*_{8VuS6qbv1N~um(y0um+Fjq^`*Lz z1$^Xur4A?8;+OMmGK7V;rnUCHgtdLU>#0dfINiPbOXUu@4<@l8h+#oYe#8tQLhX3yJ`&PELk8H--l1GTth8JJPRT~Q zts^7~K8 zUlQ;H6+GEV!*dDv2d~4}5Bw9o%rPkTqKpt7tZx|P8%ub{U$HU4-3VLA^9-^P_R|d} zA9xI;QJG>TNPhXbC0-vT6m`d9XvrOm9WK#)kKjxBX~CBUrd^3G@QFfrYzVO-!phamhd=l=5FA4gLF5EGFWFg^5#54)%GxpIP(I;3ZW9vlY zrGzxh#_!w9PZpg$7N7fp&JKmn zE~}sd?;U(;z}~GXFo=gSIQi=zBadkGD>295kJzUIUfI9vC~>>#^=iS6>4hCA9qc&> zITF(A_31mN*Z)v|1+d@W+@b#dt-((;rN1cv+RfN>>5}pn5|yVME*`-K8_dd*1R8NH~?zl1#JCrXPRS zVW(gIgLO|P)>nf@4ISkwGe=d+B;U3pT2OpLA?*u*=fHu9utNs=7;g;*fVxa{6$7FU z_UrxzY8ugl*Y-#+Q{75&w&$S-LFm7>uFt``-_c1TAFT3Wpw|BK$v5V~H%y@F>KPZ;FLyY%~XtTKuMVzy9rmO#y%|%iDI4+OO5G#rpJiE zfN5&hG~h-%jZAc7*T3!x9kg|^N`eWOITqVi1h!&)Fg7}D1Ms~Xa2NiR!~mL* zTB8VO%z(5ie~%xdF(`O97^eNDtOvs~(lQ5@Adz2;EHSQ?7&LAxFA!BY%`gX+qKPv2 zbzCnhGx8b}<@l-ll661=-%dklEE&Y6HPD0i6^UFu_z{7js|Ns)nf<$<2X}aq#_lx0 zU6{>xLsV5cdM3!F(ZjpYm)`CJ%K%5&lh{1RbkXbyYrn>fw*VI9(Z6=aeIR~~Qn5Jt zKSdJ8+4PokF!!9{VL9BscRpcse3{3@zS%$Sy_g)@|MHjBG=kUKvfAU_GKdk3pzAUQ z-3v_eK!(=*gFZh6{dnUO5Y&yA(VR1;2!>CF_$l!?T;;!Dw2ELtM&LRch7}U@nJYmn zMBD~uLxM76^9qQ5Gj*zN;l&aYG9bJ*^gyjVBBKZr12(NsH zOQKhnW5zxHm4_&Sci#iPB{)ANnfbqbpA31&pLX+UPFb9s9FG3}FUst>2kL$j$WJY`aeOhNmv8W2EB$$m3Vrc z1o#ust3C0ej3VECN)Zq0A3q+o?>yB*SjLhWu1}1`ixCh#TK6KU5* zpodx910%B|Od}IvB8I!&%>h|vewH(`g{h)3t-+aS9NBV!hJRn--{&49;7*n<#oW7V z1OOQaYPZAh)!CE(3G|NkTJQMr?alB-@B{Jr#Nl*Gr8f0 z_LBZDjSoRqFb6_n7gjry3&Kzo6tSR~DCvyiM>y*W+5MmH1aSNiAV(qy9!{yaogIDJyMR3Lc=iq)<^@4|YBDI1#CSG={A9cGvma%=X3OvK6UFv1(upfb?^2MKDAAPv z|DZg5FpaRg%_fph(yMPve!>)S>`nFvYsgPYP2BdFBTsRn5}5=7J)vQa!OQl~XxY9a zFU~3#xBX67ARyev41q^d?4#H`Rw}5!So;a+eW*)soSmN!uF7nLqqB|o`)GpG>&cyMoDJg@@9x46mhoq&{htj&>`&R{zcNk=K zDR3 znuEi0_ruqwv+!|MWMy#Pdsc{}9{X8TCdo26W4a#zMh$#(Ae+$Q6Ucb8sm8wV6`3uq zxlgoVngu;v#CTDg)nM({5^Y zvvfqMVfI*ISSPNaP=K7vN1Sh_Hl6u6z8uhb3qB>V1%kLYq-li_>9NIQ+aX&Slt6Iw zL`WKwbN%(l3-Cx;7m>~s`&c}0T40|vSI|31(6e(*u<-=V#vHIQSj*W7AS+{>R`5+g z{~g7({{&)BC#s1#d$iBrb zi}Q02*8}X~aUn>|o(MnYP>ov7?_oiW1kN}wITzvl1W~pD(0y+>?^&NZAXC0&ZWiOp z^{HzUr4^t^ZtjY>XV?c}p+e&EmK)9ghKct0Xx>CLKi-}<9_Sq#hn~k?3VvaQUp8%e zt8>i41DTf^q|ZZ5#Dl$aTIGQ>AR%C?+dv#Mx)It-;-PI}|K3W-54d+7vqEV0$g)p9 z3393Pkzqj*b~_g;4i0ho6sB2_L&A^I7_F4c|;Q;1?Cs_AULi&U1^a9R-l=e%2$)&$6Q3CED zxlsc87n2_7a0GsgE++kB%eY~Xnch7Y*NaMxy!R5RiJN_+D;71`f=T+sYT_o#K9DM! zBY=d-UXvVA_sE$s%&;ehfqNGRcRD84apvDB#yKE>oKKMJ+~hkq25+KAZ~irw{cQQZ zzcyPea^5eN_n-E^@1uVb_R?-T-otaIK|mxuZDud`m(?^vwlKsK<)NL$5k(#BYY-L@ zYskJoaKEtz#A(A`E=3D1Z92Fu_A-0Ksf= zrdk|6;9#uKJvg^fjk>@(XZQ(Es~3k89m&4JLfS#G1F)pT2S6|YeiGXEm=U2ANxgE^ z`?@#ng|A-pa>~Q4w*lquUU~5IBgy??LgqI2v+jk?+Sm`3WPdQ{&W=gYy|w+b4_CL@ zUlRLyz*CIOK-wae#XDVo3jkS? z@*9fx?`pj(R=LV((SYH?I6B!4@hirHBoA^xo6WKED;#6I=o?+d#Zw~-68E3S{&SRU zngy_4j{e513AA0OX?56eE<1nN?fi9iKKBpx2YpDQzc0ol(cf6$m(Tbq*SG$)jQAO# ztKe8fX)JTKwNhKJDOpu?X3BuYDJ)*d;Z{3Y`HYp&lclEfF0I2?`BE(a3@{hqc>6ZTmd?H^vg?``P+)nt~l7ARKZf0?)CiL5x z@=tiLLHM*YvV9W0 z!R@qp$=f^9AM8$+9;-$sL656I4{(mDYj6Jg0@4HW#g!i+I))ubvkpCkTkwwZAt(9D z85^$QX(as#O%26f($)_VfB8z5AOE)C0Vq2Mo);^23Oq0sI|rV_l7pu$`Hk7HohiTd z<;lu#66?KpU**ZqKsw^b+>%$@6lrD5{rd>;t@ZsGNvtqw0exe679lDDh=}6SeCY3n+L4$AX+in64s{Hzz1icS<&x1d6ZZHr`N-!Vy{r*mF z20uN0+WWGvmh=wRRWq<`nSW-?MIPqU_@vlJpic+qLE4saQ85`U$3qOok8^9PU4dSOq+xdHY_Z1#`Fdqea=zNr*X=}VI~N?!90)9E+11sncQO157|o) zaVUi798wn3SZfjyQ?pu)Avken55;-|4>2KI%k0Am`d|{&PtPRe>(zHX^o*0QNf{ne zdF5-)4S!0$7NO6bDPLz{34n(r_I>~_p?oDlkEh>hogU-%YlR+X29oXLK7E?*;4RAo(`!*#&@K(>EAiMHQw_Dh(`xUaI*UsNrbN%m!tOM^eeR zpbqL4K}$#AIvQHKqv;)GJ~6$68yHlkzy-y#u#MHikwzkNu;-rm2oRo)ANvaPVL+TmeKdpn?; zBOr17z42PW*M_})B`JG53NUK^RupruK)LI+z&ZM6<+YTtP1bAuaJx^7lpnNU$LS;K zEs+G$-iMqPLR_rh$%u|33npFz6p!?Zu%G@(*rNlMc<3KzpTFPRLt3wW-WUD;8UK$y zccwjh0u%adPp^x%M_moFB=Y||as0dw`uJ1%LwaTWWBd?tMrguzC?c%~q(Gtvov-{? zX%hXlHU5Br>io&h9Dk$$wEyqp=YL+61U=dsuY$lkXM7kSH2;Uj&lOkh6nKhu7JdHv zkEGyfOMZ+0C-Q3mxa8zF$@Qx8ft;1MI6f=RFRi@-wD?o&Ri*uNF!wJ`KW@G1Eo|Oh zuS&1ttOtlr+ONsytl_tP<;$~nT>k8#J1iG}4TtLa9>VK~#l7L{@68>z7k#rOJU;&x zth-(LZ-Y6qeCEiY(P~a=EPImkPA=QwnISNQdW~lZ?+~r&Q)RO4jnmX>Pk269X{?mZ z%A-{-1Hminhh*K%v0Xm$XE^udzcSoC?$+CT5Y&fA(#EKNjjk`62tkFVAb%CQc2 zj*R0s;sR&1&Ui2%qHka4R*Ew+OUyu4lwB1lcgDw}3?1J`(ZlhqB2i0xQ>j`Wmd8q3kVWbvWC_f8g=%Y%beqZZsl`+1S{Td|((R zj$bjmb3rm1zBMIe?rP+%t{6bzWD`Ja<&(@>+v_nUFJU|eSWpR!)_KwgjgjFT_mRp4 z&0OY;99MZgHboV6Ak1nOgFidQe%fUhgN~#KdQ!2$+i&ver1yLodtSh? z!9bq&Im3u}^;H^p-EAOFUl$Amte5yp$#u z%UX(OmoeCvML$6O)BX4`f zfwCheIA=`Pl>FT76+!;QE}0=+yX5EoSiV4Z*v;qv9p{ts>W^aR#!ugOjf-aD;-^be zTa?G>VfD*eVVrV0Hu;>6ITWLM!z}7jWM-D=l%=m`IBPDS(<);rWbMje?RPlZsMit$ z-&zeX!>wUX$XX*+bosq3UkS83j?GvY&azR4O1i!31?&d<-LQ^W)^|ZB?ad9FWXUAA zhKxlB7|vQR??7nyMc1QMhc#Pw*x&>WD9>1u-Q_r!`ay5Q3jj<#+C?}RmK7(?{Z!uI zkI$#e9RYR_=kZ3gPL^JdK_vpp>-mBhu$w<4^q%T45E%&jK(PY6c4MPp}chh0>^9!N2vt2 zWrUicS*5yBD@f$tlJJo(J)G6RT2ORA7S39%e?TF_Su6C94Ex%7iWiw^+>kblP$oCU z&P|EjShT6GNr7Buv+XpyV3ukD_C^w%e#XF6Gc@CL&g7R>MZ8D&v>1`5s-X_vh7k0& z+R$0jkjnvJgkFRR+%xQW8a_(1U!AY2wd^#hKCQ3U%n@9-Hf}f&hY)qAtf8w5z3#^9b#URtcp(#781on+n1i zH>FkaN`*w|0(`d;n=5dt_a0iLq6>a&Zho0NK%%eUE;whe@JbfWqr64W$D>!IFoe6- zv^6-Vi?_v&Zi`rJ-E2o{WHZa1=fm_qfCrALl55P~$bO0GfWvQtgL48u@9}ttJ{?DP zjd}Zu-RxDhY;|GaLlkzje>t(K*)G|<83UQXk};moo*sw>?XSO5$D@LxT!b76eD%%0 z@YU3!z4-Oj3Oq>t4<0NG+>W+jew~;CZM}u(ilyYzvq9|6Sz|9g518}?d4NF-eyd-W zt?cFgut%_$G#j*+lX-=`lq=XaoxgeJ>;%#D3Cf_FcTDDM=DkySsa+SGbQFqvt?adq zKf>>U36#G4UYmL~_wUuvzt@ufy;k<`wXT1!FPr`r0?d^KHE$tiDbFe?XkHkKd{YqF zS`b-U5Sd>P`Iyot-9ksid^5!#iYzLKYz##<8F`-stsHa^GWQPQK&6mbno*edO|WJF z0YsL)gu5aQBl4QqNA6H7=6cLI5ECt$FVhJmai%@KD|gLv znWtzVdPQox7~RVv6d6YWqNdwOky&UYge8h|<*IBb=|b}vicAyB8Nwm1qO9<8A_dh8 zC>+YmnHQEA=8dK78CIzr@@e&)v-vDQrY(%U1_y<)?@T$OpHY&Zo6#@$HClLJ8Zfql zCelYp6HX9)S6fZo!zSS0hz|dFPn7t_`v$pF_e70e)- z5;+IzL#smr5Yr#g|BZY-?mSqP7IBWi=kW(}HuTUU2oZ!58w@ngJ;!Zw$VP2__-U7H z%148pP^c#CEvEsu`l2NnZ6F4N7-6--(y^E)fn1hz&EBop(R*f^k@xF}3rJWPVr01s zu;)~XkDM(_FLnFn9XfCnfWw)}AA?gYk&r$g`3!^6SqaGDq+Q~E+Be)Pbg3K+g8ZZ= zregH4TzfJ>#a|SeMD}C`pVOY4$$HT6=~7Y0^7egbSi={r-AAf8;=`c32$RWlJI_;#*o1>&1HA zT`8A0s(7hw4oJOYilrg06t=EH}(ckdQ|8!O|K@F{S%Zau(`yD zoVd&-nOT4?7+qMYy`>9AaemM)K+fuB%Fy{;=vdf#v0?R|dN*ytG(PdC7Bn6_V+S;zo-B=#lH|T1>(rG$ zvWGrdAzD@X6!@KfH0D6nervAVS4$F4?II)wgFPfx!Wf%u?P9PNg|Om(l>0Jw%zl=&Z+D&0Ze)JoP~>zYy{3ysJM0e)@dr}|-8r_q2-?83Jr8dwT( zn*H&GDzeQW#6ps6BAzJ*Z!M9N@1^7#HQRSD-;H+ew5CT4^W=iLefys?q~OegzM;H@ z6<-Hm8kKTo_4d<;RD2wqGpcKT)%N}sD`h_%%vo5n^5#hxhgD!-1r-8)=aVr-$V{MX zE{Z^6S3nchg0$KPKhNH&m;em`Eh$ItNVJJB1IQu)Cz>W9jMx!}5BqMT!}isc4e!w} zVXS*?ir$1*6dKk z3;ODqfQY8q(>f@V0OVu|h{VS_N0>=6faW|mUAFUH1UVg+W%O!p+Rdn0m|`?9f~y!? zhD2GRX&8lOQBk3pj{t4;h|wXd$GAa}A!}0xMf$Bx8)S7}+s{n@H1K$b{*d2Y2SxT+ z+w>ZR9#lq5r;ga5(++i35}Hf$fchE$m?(yRh{^Js!i2n%2jeT@j*+MYBr2V6XN(dl zJ$L{p^|4DSMjPIE1O9crir1gRQU%28(|c2~X|$q08a)0^-J!80n| zn8BhIGNwSFVV;hdK0UPVT-1a})--ey8^iz7?7((gNCc=Ukq`sGDE6*zCQMyN?bZjk@gX-zY!YUlyB5~CS-hjQpb zen-ExW(^V{I+_;63apr1pjfkLv%{K2`6;~sftgy4PH^1FsgS;_4?iE(FjM1+;;qzG zxewy$1fAy586E^GBK6e^rlXblgr|(Mk5&$qR;Z#+c2HoIHO&mp`CERtndyQ>0I50J z8UMWrigbu>gWegD9$9wN#4W-}kdc8527<@(f`m}TY)Z41DLd2uLyNLTGu?=N_xN%g=KLG#kb3@Rc_C2~N zRTbs_ouE-`bTQN@#XjR5)h%oe6~U{GZK$DrR+%`oe09lFmoxgpy&b!?)qEQKTZ8g% z57C`eZ)hNN@NeRo;NR3W(Dmw&Kx#`Xsr9fAVwDyi;_1u3iY%^wj|cld6lR-et6T`9dST}f%a3?;6E@Nl|MXHU$* z5Tgsh%>sy#h>&FG_J{x$|LA74A_o1yx*7PvKilZ9ZwV+$1#AaKGHXDqIRa4RsToMeV7 zKx0$RWD}NC2P({`jNH%}n8+LZiz|K*^8jv=>HuOr9`ld)t};U0lon1%tc9(~{dQ{4Z3F=FE>Nv-aKCZkQ!>=Ez9h=?-t10x{7=w zlD=*cJ4v0r5;H2P+W`%t&b=_j@-!YW^NH{p2j{}@+{XtI8Vh>ED-i26eX5`nowNdX zNK0TD70&LfgP}~}aMLvVoIapXAp%U7HoS?!5B~D=3d-djsD^YBox|nvgfmXT@EW|J zA-I>~BCj2!D9~^HS%6NBzgBEu?5VexO`QyuN2MGpLX zA+4=;1ZL_J@>AK5j*l^3K@dwo8K~HeAABbguXTv_>mD`<5hhXi$NLoL9_BLHLvZ~jnChUTIO@#+FizKI4Szs|i2^aM)nF*V<#lXx+Jv%^VOcb1BsRnr< z=N{NHd})Xy9@D%5Pg=iMVOV2E+zy+iv=4lk!4141SmIu1LrI^sb z&dk(K@{=A3quqNwOpsM`eco@ugbo}$gYX;iKL2>{dSozx&uMk}j7;EfmkA|USpg7* z1V}*=`!*R;LWYn5-DPm>a7GxR*@JG^uscpN>7Y=r&?t>@XT|Dx?!cIGhNX68YmDKh z2WE1nvvDwJmRvd1;*jYQNT{B=h-Zwv0LJizXb))xkrgGd=^*A_SFoX)g%Ff67{Xc? z$P`ZzWpJaQ`XA{Cr&%ERcs5l=UeNMp7UW7ahhMnQwcO=xhqjWJ9=CjQin4& zgh-i~e|kq{5r2hC4X>+6cjVuZ>F7@!k!r_Fq%*0<5U*@p1v}hxB3SMbV2a(WUO+R7 z$x0{ELY}F1$*u4a?Q8&zvqNbdyk@7=e|E@7GrqG1R3y1dqK9g*r|Kug(Fq(u(wYIN z^?WK$C5Wgn`U`WbwB)YkWbE>@L`^#6cpg>kPA9>iyx#iwiRYtS3V#c34d-+r|8s?) zA9KVa8=OhP9Ry9!2;zHt0;c#~H#$U>5{d%Eg-58sF(PHXAb-9+x;Gqh#Pw+&f7UN+ zx^iZRqyWL{4GPbhN)h4AL?NxfQw@bcA2Ctme?6Y0L11u#4#vdVU{LJ%Lz!|)wv~F; ziD#e*H!?2ms)W)|!b)HBZ~9ZvS~aUOlC@uY{S)2CWAXs1#)Xtv+e9wVnTw6I2cN+< z80&(mlA8-h>2F|Ags~8($%NVpY(Ac26rl9omkvsRSoO`OF9fx3L>wedOJGj5;|uRR zpr#8lDV)j(IzyJh(7kE8ryg0&Fq6VRwbrJTB$4_NCqlXHKD8uAy5&dg;BAn1wh;7C^e;H=ey9N^QsQSR(BpjZuIl-=(>wjm;^n6Ex?i}yo>1Cd(M;cvP`V@ zs9jG(?3nQgPc@~Xkq@_A1cr@ff-yMZ1=hk`ZOt~J`>;>AWb7xS@oO#_TW2hq56i(N zV?PRX4ZQIXgna8Ck9*d)=h>ILi3ij1)7 zZYXF_noMbkwq!XdM#@@DyYe6qW-`) z3U&1qbOH1;qz07B9w(&=jwXCg;?wBvkjP%^qWF|B1mQ%fuC$KTi*#dEY`{?+ttHW| zGPQ|p5qeNq^Oc@EdgXDIUw!gsEf~|+dj#V+bYi9!Ho1bad~+hfn0au!1*1+HB6Y?^ zeS%>H4s<|C_kz+xK$-WA3(95v6M=GY`$6e04H1-|Z67H3)(Il(Y~)tp#&vWpfsFlh z9}?fO($VwiO(7bK0VDr-&rpef%3@dnyF!^2dpW-U?7j<0bJB-8y0QX;-ymWT6AnU- zU=x;VTDed>6%lkJD7)~y_))p5w9rzetrHS!tM4EyQ5&R1bP#8yA2WxL(1D=Sw8I4( z*8%R=Lq%(#jVu(Q7l#&>A%Y(^io%4H-npMR!UUBoQfZiGTUdAswXjU5VO)5v)RKeR zDNCvuvak2o9`?0I6e z{|E3@0V~k|d~dze_1ovltdi4HZ~gR}Uf#MV^QjXcU16Ae9EMCT<`3NY+Y9JTTbaLw zwQy}VOv+reB?i@gA>H|4BIf$S_2O`y@m_rj4Yyg9#tVzTgJC2=D)kVzlt#OlX0%Eg z#3~k)rpO`wcEL~h^rs_f=wDSqF?oTPz!3Yz?vyYm;NiqAXWBSShNp*GayW}em0Z7M zsRrcaJtvsS3z?^5u_t0ItY4TYpY8Fi&cu36Mw$)`97_>k_<_LG1HB9f)*b941(sO1 zuSp=p#W*GWutjM!NOEIs#FcJ~R$xl8Vv*9HGtdsvQKTk2@k7xXVr4JNaMGG+4@#xu zNXI_F+lWPXW*r^4tw7Jqsih9IAjDL(iYkEW_q?jEfTEGJPuBPYA{qU)(KT9EJ`@4%%v03r!W4WJ z=wKowC1!n@2y9g)FI-HsEIO2V)L4Zz5@JqXFPAEtmxycVX%no#gdQzq;nZb6q7fOj zfTB&0+8<}bsNh?+PS!1^f3n`^Gb%>S1{k~H5IBsHN(n+0IYGU7j>WDgze53iuK>+3 zH!Q_>tdPsSYk0xqiK+4%nHX%|tZksW=F(K>mv_drj);PR4&aJloSmCu=cYt%AT!{z z9s=M;5zy^;vlIQwaRrbn`@v_G5f}FWu@e21R88Q}YboH`Rh^4Q4U27}ipm~Sb;M}$ z#(uHT@26ZpbMn_-KXWW!LKEnU>HcTa@PETW9Pl4hClTRlD#5Hw0$D=AQ>SycaKlTECY2qaY3bo( zGxt}RD5oTZ2D#vZA(D1eH$^i?m->N5C@mwk3{b0xPU$9TmPL?}GHKQ=w!09U6M>gM ze=PXyNzsct!%*Q941YlAfRDjr%_b;@EH#d7#5wxG@$a%wphU1A`Op*ZbIp>`aT|jM z73w282fbwFA0)y4X#J0F{zeW;ln+V&4c|?NCJte5?~NGFe)EwJN)heE!m=)Xj>ATe zs;&6HF?VtBE`I-}gfwus7OHi~v7aJOt^S1Lao)Ap43_BP^mF9$Q5ML>@2H9kj_E(t zVXDec?8)Rn^#)r=Ff(gCua>?-(l+w9S)WN0ge<|Nr)0D`L5)C=NV*j3b(@)#t9e68 zrl{P6Ib`V;tonsPxe3fY2gp?xh0J^-WExm6COU*Qlk{|u4AR!|a<+}-iOikJ{Nh@1 zm!8HQvWLd#wPF>7j${WkvycicT z)q7-#xDs8lQi6DzJ$Swgd9d~j5Xpt!tj`fHP0r>8B5^C?=>A)KCrJU;hry{w@zs9BH|Y~vY#&ZlXv-e zYd{s)QR4orEDlrpul$whzh1|mK|O*ROwjtTrU96VU(eSa{kH-$1Vt@J2oBaf1{f08 zwx9b5*ln4dMQ*Yxbb@T`rD zDmL2vv6$B|uY;)!XG#3XZ?7@ud~FI|Wr)cpum&4@`MDysAOo6;m74RgN_jpG<{XRV zn13c45wwP1&tEAcQtn0GSedCuCHZM-N3ukf!on@`chweo&gY5i}`j za;zKJMNOeKqNYF>skfi@iaC5K7IzkXgt&{xz%*D0R1lE>_A~HW$W$T`<>Huv$Tql+ z!pP#n$a~RmC8O@-X`HPLl4gR-Kr=Rbh4iM_b5^noT@@v4n6xR2o+FK@`jylVsb8n- zvxR6Q9hJ7|H10KvHgdSA4g0J8v|&e$VxnBLXoaV^*ewn;K5`bCM^~=(L0HS+LWOhq zA@74G8Fp`camq0JAxi`bN;oVKJLb%p{-m%&d>9|A`B0cMHlKl3#kgh44T_bCrV_|z z12hfcV6+P=K)M;|LBxw>ul8UfoRm*#!?w86py(?wIG%uXmQkdAB+|CTRs4A-hTau> z>TO|>6;Z4&ND`Jd{997^KxRY+;FNfcvz7MoYXOW2WFX#CSwSt*Q64?Il)ew$2=Rsf zo;cDB44o+sdmt}RFV?l&Ku815CgbOKi~}Nvm!B3uUg0IF z7I#cp`{s1SO7Cxq&qqM$7Q69M9Tp2AUYaXN&&--7Nb4)4#O81A@rrQlg{g9>N6j7f zCP@ytC9RY{m1zz=i;74|4ztiM3nHAuB^lIPIc5Nd2q>>v82LDQsPq!fD#bNqRl<}j zix9HP#6Z$gQ7MY)3d-b%)2?cg3&R@FG<|p_8v&^FN+Hx=ELW^OlIM?RRmpXxMh%7* zzYBO!!Tu}&jC1({oIRl_FoS}+*u$-dDKCW$*}-r~k2BdFDWjaA9{R&XvO94}Y!&iK zu+>2d$`=(_w{|RuG!#UZ6hu}QMAj8VekR%uC4s6RMRCd+3mAXF0+bhQ=@bNL-96^Z ztq-9F?AJ!Wg=PiJ_g@RlGcyX!k!b~ai-I+ETxkp}8}K5XIpM=e3){&~(z}1JO(9Tq z1#TrtV??xpM7s)Ml+Y-{#WQmbO0SnE7_*09g|qFWzEcvCOV%;uEI*XB$PZ3st8uoM ze9`wQmgv7k8k(TYF7m4b^ww68ncR|X*eaIbPR_q9cH%+2S|!lI;Sw}NG~$2tAqiH` zmkQVtJhggTfEW9QbzRaY)Bjv#C_l#FbS|)jXfbt?V;8Sb-b#vrRH=dQFx2$skOPR( zIT}`vd1mjTcMyCcL30S30Ut?Ebc=<5>evQMokOl)Q>4h-9-K54uR5}eCN3(7gw{X{ z5Wu5=Kd{1Kk2U?w)J<D5O^T0TWPlhB#sOrrpI&5R zBuRsS|KP*Mz=vu5jnT^?lO}|k0U|>{XGJAi*Xc{WfC(QJd84mTLQt1d4ZDQ?*xvcc37=2 zt7#BciP^Aj1Y@19V!fb)+1hZ$43#oaYATzCiY>FJe7QcFl`B`J!BoY1u!Y)@qdQNL zt5S&q9PniQl`m)mMkrK8teM8pO$=D>!5#zFM;kC@xD*%^V}e0}A{YeQ0iz7RlQ3W< z@>&8Cgd*QjB$c7kSi|l}cUWs=aT}_~U}5FY-(axPV6bpz49;>{6d?MVe7KSv41a}O zu!w|{E{1Rpz<1F}Dv}6>jJMNCJxI<9sTQLmpGRL5!=nuxDxl^RT~pHO^lTu>dUMN0 zP9_x&K?7`rouUnpLnFfE6+wX?B1j#KR?5;ICl@wNE$M>*We`c6e_+IHl;VIuF$SkU z0GJ!B1f5=Aci|D&UzjR-t@=Gu= zdMznB1^P0lBxYy`hOSo6L!=oxC5{+S468=B1;mxG?${~KU*b2GW#W|XgqtQQ*AowM zO0On6eo2UcTw(nQb$DvqOu3NT3X@C*o?zv9gJV0b3oBSU~|biF&aj1A9H?4uU2D+dP$eAQ;tGY*+j z*bw2gx6NmL;ijfD0AO+SNytYba$OU*f%>oFUxzpNUqt{pLXP35WNkz>s?-*_0t&JV zgh`PrA_iffj>D@L%tbY10(BY-d9AQm29RwF+9l8%dBvb%I%@KdxHsUQq1|M;Vu`9; zkz$Z5W^Q=30+-1WMHoK|lK@gg>^9saxLNz%6;_Lj?Xby=(~jq0*A1;dr|erhovDD$V1h- z!0Ri5YKy_sFT$r+$IVg>`f3LCn1*zUnOf2~>cW`0$3_fgT{oIWSiEXvHU z?{h-a$L`uNp(7ilGGy3K|LkiO1!XL#B;$*qNyS)KJ%rEb!`x?}BtPG!Vq%F9pjh?| zjnQUsFoVJdZp(-R*y|H^a7P2&A<83~>_a<)!2br%{REED7ZjMQCZmo;;DqFg5H2z^ zt3l|auMnyA{Ea1z!3i67!5!GW22XHMX4STfg0=7PnNnE`OS>s-T{hx|4(SvA9k`+mA5?mU+ zOhiHHdQ+2q;;~}OUq41J3!9_O(dWPt&;Dbv*LP7I{O4C%fs{|2F%K8{l0d>SJM%?n zSE6DqC?36+?qoC&3=JKYH`GjiwS+q*u&>G45R*o5l3W8%a|vDsz{{L(@Su1r^|?d-1$c&Zgpzi~_GfXp z5*j)6>~X&Xrdxn*%tv|r6Od$hA?qcc10ms}I`9&inYD##V(Ba7It|Z-M3_X&z&)qg zVpDAA9T{6Yk-`?RCO=sFqo`Wy=-aVd*-RfJm!4yJfg#GLjEOlh1nIlR{vt>t1XI&= zY9eoiro6jm!VBxrO}OVZ2~J?fB#r%B4*FniDXft~4$8``a;$XmT1mdEY{VW(r9 zc6%?cC#dg!1~KZ!r;Ps{?Qs%)Yu|5X6pvsD*L%r0xQN3z{}8X zOAiof8tiRVe%q-nz5U3^t!x!Wlnn`V2B#DB;B<-_oI+>!4u&ryNlYAg8<`(HpZ9<- zTV!aq%D2W)NI%L!A&@q{(1lNG3w%Rcfv;05@X=miT47zq%^cAbfhy>JOjfa9MxR3v zFVX`aB57onuISI&uk4M}{wAY|1ZG!21--l9C0| zH9ZWPL?vgc0vixqCX_hJ1STVIHe1hTxaIjyxd$bMqMk{M5H$|Q=;qwf6%emt?}&I+ zoDstgiAwwDkumJTd2}EUm`VzaA+kSHMSRXyPM8Hg=O07THM}}yR$#xd5`6o5y;Kgc zFwO$RxzgGcowV2K_gGxaxfUz+J?TZrz+Rqz+uO^b>;)tM(1w9E&xi?%iwz;I z4EPABnfgYZD8ZX@>Dj=G0-K|0@F3fsc96T48pqD=h-|vE5_E=6i_2PcwpWdGwzph* z?!!x5XUA8#Of3H=p$9oq&>sHr0LgM#ApPIZ#kzW`C`2W+|>x+W`9}kHWdu_ z)AE4k9Ae;@(ikx$vlc$h zJf*XCtvrnZ9qU9ZC?>5>C)bNvxCdy>$mws)H^0SVO!cY0_o< za$pMu)n$7oDkB=v{^Yl=mD*}8nWRht1~kwD27AFzFzv@?|Ltg%c<}10+#|Q#C#S-KHKhcQ;c`Ds|C0nH<_!N z%u`MNRho3h?yAW-H@Zz$RFG2|Lh-pAuiz0NRC>}y+DYvym-OAGIlrD<6>F}1A9{T* z8wXay5mNHd3wfl->U)HUB)%5t=Xqoo{s^*9^+fS;^xoEPdOv-u(0iI(PPKS(C(D%y zytm9HPOx^AsGdupge)voO1X5gSd-<4*tf~qOPysbD*mv9!dse%tKfL4pS||`A252|!Q1v3 zZPr+^wyidf+X(T9B8+pjGEP1|Bw^ytCl54?CeukRGj%5JohS&w&%jJZLHQ~QVhxOi zM^RPtiF^?bF~%T~>&@lUKo|qw2wfQiszf{o+rwQUxhWH6T9?JWGAKLsdY5bE6R2gm z3|XoGCC0e*xX2i{7+O;zxiXgUPnU{ns8ahc-vjql-(V6{h{OMByz9>=vr}-AJ%ere zY@9cS+*pA<-Z%@i0pBcvjRTZug&Lp$bII~bGLp2h0$+c2o~n%&Qch%3cnzeY;lQH| z(PrGxfpxH}y7@Luq88{T6Ln5%*uMBXAeHMu3Z49Xym#v{2Ndq^@Hl)&UY^MI%D3hi zQ-FGM!n@iWWa4BMWofbASu|hp2CpIQ%#Yu(ulD}fYF8W+d;8^Yqs>j@wZ!@8J(AzA z1o|{`$R|KNNG7vhEsmTlYbDJp8O);_*mx&cM?gRSX4<9H1#(G$ix;v1RR9iLg}wKA zDh-(fa3F||A+?VJIIVoYGFUgAw#GM~K$uDalSG;|TX*4i=G;v{KZCgL&vKSH`++_p zbItno97JNtSl8eyp9O-5X5{HqUby@Tc#OD>S&-B#coF7;&6NaKC;uTsB?dlzByZwV zxIEa$yg3{D+bct6q)Hw~s0or~rV{0_9q0+EAy1!^=SB=rRU}R-o9^`H3w%w@aJA!M@7L`Q*v{o@EJT3VCGy$Ckl~=|ZWh8N4X^ z2nhsxPztpwi7>?88DNVyS5}5487vVt;72BZ2pjPun?Iy|{K&E8%u=*x=m^HyTc|c! zkhR((P5%aXoZ?YlpFOhrWzAB_t@F6Xv3kP_0ez-gZfEH$dX~Xi&6bqlq_4Sz564Ob zC;gjuoJVHRU3Y<(^&!#)OP6{QW(^ixy@;6k=3A0sm z@g6?WP`$ls&lSg49Ee35Kdr(UT6v!aYhUMPB&&omssv|CBX93D#b~-#}8@t35z|=?xV%3xC3QI64K# z-$^tOT36x9KO$QRL6DRQtuE;7j_`p4R9DN~7S?uTj%hpo03E_=KLmcjlxkVdx8KN8 zV_w)l(e(*xZ56ndEpTZes$M|ZLRue6{3koN@9(0z6zR{WOvq@gwJy!THDkp9Udsz= zsoE0~0w`-xqEFCDVD?RP(F)vNrV|C9-J|?21ksrr!^#w)7lytN9z`x0P)yL|qJzfy z(O>!U5%sSr6hyp$2csFDN>(by94U(RLOiDv$TuP!R(KlEalT~j%5mdh#s=r;bCnDi zutoVPy#bJ!`pd&u?6ahz7dk&>J!1kSj#Eq4Jb=442nO651Sc3RD|P#)d>JU&Crl^y zs<7#KIS7I$P!p`ps4rjzC;mfZOq(nrV1&j`Pai^hfQ*iJ(v;=IGe{pCuiep9Q%4xx zR}jA&kJtE>-t7<``0;~+W@>s2zop$A{Hj*B8$U~4CVuD2Rs|P7C=Vrte^exjv)m(D zwV2PeNC)Snc|X^<1)`%q*Z3Xo;=bkB&n^5bCCmy;K29Sz{w@!KN1%B#^~C8e0|%8m z2tM>-yAj+=UM7M!J?LW~jMk1+;Z0&2y@|7)&P22oIOuw<3Lj2!0EW2CAUz=dNvXoL zFMO&n_GOzOZ zyx(s8X35LM&zR=J@BfD?)E=!793$)LXeWT+k%Hin54a4xyT(Cq%BprFc%i&Z1h2Z^ zhhQ5fQK`b|+#O{GdW;fp(vz1qya^UL9gNv<222%QU&b6mhv-+>WrRjP9Vv~h;H8bu z>3$g`XKf?Cw8;`tf8Ud5d*FIRpb;#CZ7m;wB~ly@RWhCin*0yWg4)6j&$EJIcg)-dl=G$gD1rOQe_=#C06Rz<)Cr%;AFl`Y_rb)uWs1#%Bu=rDV!3 z4WXo-WQTzejtXcEAD9UD2py%WR|*O~>D^X;vl zfJprC7>NW{&pnkwE-HW!^$>KFaC~irC8Sd!{3l4pB7{#N?va@)5;?3XOnthm5zyJm1qV>5jDSd z!eUOwvNgYAIB>Q^wNC#=3EP+@ZD5W9O2eO%=OSfG}uAow7TvnL;bI^Kxa6a)bk6Jx`@MP`!YRLHw%^3lKd{Jy#l~ zJz6aRjw-}XA}~y04HTItfjkm%&(8^PVjJP zDhm+Vq1Uo9N)F&76 zG~&3h6`UZc`N#My*SSZ0CPMF$+!-1|#vMJUZrPVh%;hXpQ$cDKTa(iMx|DcDIdU>0 zssV)q8#u&ULmzr z#mNdB;ed6Z7pzPHYuQ~cSbJu+1=fM>2kYg7*eJpJL1Gsdtk!f1oK{LSC9x8<_Fl3Q zf&9;Ku3^SfqM%+T2epb#^REY4MBktZuua;~Ku?sRx&LZk0Q=g%6C0Y9w0s^z^XMU3 zGVYH!Y6C-)Ei5pmxGcEg#!LHVpxpoOH86evt&BOfZ z!S572SD!|lq>Xpc!J4LLxnO~&SwhpF?{sN8BGeX5&sx%MnjR>PlBWCLL7K#9st-9e zahwLev(Cd+UWakg4CYUlaq?1^?Wyd`-_Fqku=B>NP8APQ z%=FH{mr)Bud0N(Vkbnd8uSvql?%`dKN=2RZchDw}NMX^FQZx{jdMTgM$5`j4!4gBz z`=*(J+458m>dY=E%)lDOzBs`eCONS0Qu5RZIH##(O0o(_ODYCo{Ujoxz-@X`EUXyc z#h&NU8;N=3ME%M$Qsl^A zfCDbrk4k9((8!oX|A4DZecx|6UVJpM<=DbOF)hdMGUcT@3C<}_3$H8R6BC;$7$>I% z!!nx-elbnKKZw*Ra-48jolT*O(o|7KlvIWF1j5cFauF-pjFp#d7D zobY^*>C%aQA7HcH=#>ybNWt)eCS!@16;PvE+SWq3P>*c4&maz;0rckHAKj&`IL z#TdF_kdXRnE$w@-cAmWDB$CAbk$u$hdR_rL)r!9->)%R~kl)n5MM+RTUH>M#S$~H9 zO)=o_S^Br4IB24OH|X*P{hPF6{l)xkrQY$XaxN?QlXyzCIMajY9i&__RcIlDkIQw; z!_w%1Vwu_}u#Rp})(EMi8qw2btKeBMb5yMhvL((T?bB2|t9fYe^)i{HQ+9I3p{z5& z+7<3t6k_K65S%18kQ|{tcQ!?a?S|Rh9=r831AB&f&QU|f6=3IXF#+^wL_uUR&Jd$c zliKl0*BTBK7g(SEq5x{g}_VfVIZ7Szjic2<>K_1YXeC=r{p`CFF)biNh6m^6mH z-6*e2QwUn=O&L53711EbC@89h36N>M8Vu3DJ@QtPYK&GnT12cuP^UtQ5CT1E7HyDR z>VzyCqk<1n>AjJ%_;5FW8J0+XTJS;G8Yl{W(7O)`lV?pHqvG*qMQC8Rc zcp@1IN|+!-!Gex8Xi)i@sI;J>6HIVMCK_7Qpde8ZQPHHBC|V#1Nq}(}L5mh!QQWPi z6{}ThT@pxGM3lt^P&5eWI|dAHETYN(dCtA>tna`CZKa>zKOdO;-us@ropbIv=WgeH z%k6~_(F!JtgB12P>Pcb+4 zD?y>pJs_?Gg?YXS=^9=M3akR?c%7gG^A{agf&%q04ppKg1P;l_`$!2vZ7@UNAe<4> zBw)L!<=GypB({SdqgX%f2i8j!#rmkCR6P)gh?B*w>VdT|zl%1j|5$FyT}%VjCTCuy z61(%*6@S`$V=3Js+y9GJoImaS7uzXO{b~KAp)}Wzn!-*gaT~aRT=(B>JgBli>>G2I zVD|8~={1Ej2lW>*f0#?jE%S#LKo#t#8C=B$12i%8o1yLUi}V8WTeq5o1Q#Wd`cR8I z3C!ic5zv~ygBXLA?=6J~p5iH>G3>aLShyE<`Y`B+5s>!$mSUj;fLXqba{wfpB3Pu` zm_@)+h%s|lvsmhQZk#Y$=>TMN`Z7`_OKCRO^=c#w4ov#)DHPZTic}VtWWhZoZ&8si zMeqyU0CYNcvNL6W-U!Pq=JSOl zv@z3-MXOX9zDSCo;^fs$HzS9vcBX8CC*fqcH$xd4G%_}tr3?v_@iUoy>elH6O z_z-5A?~rO(j7`F z@g=?uX)=&+hA_8pb`$IH%@vOKV$L7d*|dd=%?TQDB&E|BSuw}D)1RJ*qDa=?@PRc+ z7R=2VAs@K>>V6k0GP)hb9oHJIJ0gKpPXP2qR|TX*%8WhI*x5T(n+*wG&|LnI3_b7t z9EiS*Z|~sveu#sUEt>aBRPMc7jnx^cY>IETw8%F%U0Qj+8nSn36)EsTDn7SK$^I&EX3-CiK z;{Iwep56E+wD+U1Lmu;RgkD``*TBf+kW82>O8A0g49jw(&f@mX-2;dMb;!TKCx`qC z{BsQ^`mauQ5B$(R>rMwM^^bsK*}1$5P;k?V0Ym-0j>z-%esv~?q{^6Atz z)v(>BhTTFk7e|lqs^SJyDhA$=EV$wiAeve8C43>X3BWYJWKjBT?$dZK1ml`xQ*QBy z|0~YO9mdEBG*RWiDQCD4y#q)#;cf39*j-dHJII>~Y1rdx zk95eGb(1L#QD_|tL19jE4VqXe;e(kjhS8$wpDQAcyZmZ)m|lf2Hcu3fW|`EWE2X8X zlAIM7uJBBPb6k5n+5J=HRS}ex6BnhpZ!!5e+_Hz`f)9neTlPRDoo228Bs5fbbZ`XEF+iJhf-&m=X%l_JKmC{EFqDtv2MxUB}K&8OS4Js?hJEf&&T5Boz zPa1Q9qWvFkFq;k9H)+}{n$J-*2OA47gzP9TA^6iaJZP#V(ZOfmZLN-u6xy#X|2^4Q zRRBe#&l81)NF_%Ej4qB8+iSN{ZTw*(B3M=E>+<^e7(EV5VqgG)9#iCuFedP_tkQV` zyQP_ZDVY7Q$(l}&jx#$9I>FEZoi0Ij*m9=oAMCWE)8GHnZaVEfp9PUlRbuK`(+PIn z{;Y}WeO>J}_Y#4W!?pKw^}}y-p0D@I-oM`L3TT%k>>3)kGG2iJp{0ylv4MHy(4V&H zg$UYBnQ2YCW{ydStSil7k-M~#cX%PN(Q;G>4}x9uXUyhpumYbuwZJQ%gMu^7Tzro% zf5wc`{g4ebdxKvk@Z0Q3nl^_AI|SNf3vHhNU63|^pJ_##qn>UzZLX7oNSkdX#Na{E z2D#KQnW=}#96d}l3(_)$|AB4jA@l+!FE#4oj!%}}F)(GU>D6^;j51p6lW43%i}1K- z5vTY~KmuLh7IHm+D!~JT-o;7(Y~<&nuan9n2@$vVpG~BLx7I-5>wiZnjr`j6h|s&a zTR>iA)a|`*k3c@bFN*jwE>Vy>2?;ChLsaAT&SSK|dtW+03cUUv0@(+UZvQ+wmLueJ zKo)o<3VB_AiQ8ApCP37epO0r&!sj#b%wqU_GL1@6FyXqmz-xr`T;O>eSBBfVjgd0# z0AodTJ~Xq@^%g}_F(|>OM6`*cz@=Ca@R&;6`1EEgP!sDW!cAN&GzSdPzH{{IQOL)C z9r~q;o`hETEQ+SUS}wiUxzM^M=0dunty$IMnRSw`s~pNItM?smpLJJ9Ag_AgarPRz zd6u-=3Z9Gh+g9|_BE9a~FtL!T#X>?Ned%2hV&VE3)?#6<&=vGg;R6POssv&kpJk;Q zLEFU?ud0{s!fhnKU;L~z1vjK|X^f5cXp#rkleGL~hkTFHnI$@dQ(G+9 za3957rN8MBwM5L3j>%6Ek>;CSEWzAyg3g7K=)V)v8Ixj)kSyHks~Fm8lD!Xr~Bux;1C2pJmY2G>e4XViQ#aGosQDo4;|E$Facp?$uzmK%dQ?8|4ZblAm@v|EQgEd^1Bogfz6LFq8Rt!$vS zC48gJW`n+abe9tn8f*R@F(l5YQ9}YMjYA?h2Y8&Lp93Ua#DG}|Px*lPOTq43{6dGg zM3-((C1>yqfiG>|jByyi8TTV-TSI*+11^iJTMo4i1J#K=P{prUtjY!(xxI@9kiF7M zZlKm$l!XYF5r(68m~u19&!*S*lHLXzg!+n5D2HNjAqJ}4{vtLM&~#k02ZZfN)uI%( zXf<1eEOJSgE*E8E2rY7kwa6tcnp-F>+BA+Wn(LGnm0#=jR`QYGBs@Jdi=HvV!NfQ$ z2-frA6bgsq9)e+CKymUb)|`y@VscV19ewaxsRj^Fm}(OM^; zHqz`AkYwoLCDSS>g8iE6XVgRtuXUBy!)rFR6^GaNdU&ZyqIL3#oD>za{^}*NE-cFo z{=(3)0XP7svc8+eXq%HNRPw+ZE!mAY=iy;!sZ#75VCd3^I)oonkc>Ho;d_~S4P!;V zfWZYJxnl*1t~A&^*`jVA7=Qrxqnr%wQ37d}p(ay4SzdqU1$=7ER6#W}{AD+O^jP zMakV$taS0>2ih%4@}(f^;`^@VFh3|!;%n}k{O)W2Pd0qUSIoo zgs^yWlC=RJu_mJ`09VDV$;>5ldaLJ?wzgBQku{mwi0CyLKE@-8T9bj}5AdJ4CNohi zqp&rZV|MBecL{blIPd@W)j>KPJ=uy*$IfjxomNd^L8Q|Tv39KKgz+vGVH_prw>i?a zP`~`LFgmR!YlCS`p{{JF2d&pl=S_~FQ|q19LVY{Sq)-8L@V_Nl`E&9as6%&OnRx;$Yq%tr+p1``XQj`|dXx zag4Oani2PJd+;ox-inZYUfT_)%e{pwB*+-b04fl(F!BO4VwUm#2|+Jo<)5|wvu65heruwL=AIT#Ce!cNlF7O=g6TU=3}bpHxfK&=@Zy(bLNfg* z&5f!OD{d?{x$#tjVu4_%SS@dbEhjv?MlUDe?QFiq-kE|LZ+?1qrU?R;T1b%UeTSDn z5^nqq5XQs7A>G}%62dt&L$P~;3e#tMuAjO;B0F!E6lX{n#(6joI{2}V8;m6aDhS@ z3QDV{N7?&?Nd4rgLh7d^$atDT6sgA?7bLa%4gpaWm`A&;oix93Rs_xKNM+ybbwN;OISHlW7zJ zVooMS><=FRR?JEwsuA{3;N*?yb-S{g>p(Nr=8I{m7`KUeWv&D1w_1+{s`yoK0RK2JVHzx~?hbE+}@m#SUqY?55<;(+8Ihq8#+pvGmFsvAmic!ga+ zIY!TSK@P-V$kC92y$AgdMJw60gvL~0KI6V%cJN)Ol6X+Ypt(S|wLfSyzfK*d?MLRQ z+FmCWE>L?1eiia-YHBa886L`cY{h@k06yS+|6r_*>GNaw+@Sw$$)1Ndu*aPIKodGq z$wa-MrKl3LE{m3#`&k+cG=)Z<#49i_Xc7j2PYnW#Z&{keSnL7*wB(|B0o2uKqX)}e zY};yS5|+C-+gmRY+}<#ZjG*mduQ>_&8{UGs3WWaX-d8o$A}OW$7l$z7Bu!xK*PMqD3y-{2 zdri-k83U`JrCj<-w>7YS)b%P)U0~^X8;v)Xjgd6yty|#l^!!o?U7W4T60CO1zvGIb& z#)Im%DUiHS-qZ00Hu!6D&?mRQ2<|*_VsP4ncqeDEaBCF1BXjgOV`i!|W5D5Z;totC z^sj0lTi{463-jAf`A93x6Y@>z220C+~c}{SM zi9AYMB``Fi`iRx01{NnEbP|PO3Ax%m(^z!BDR9ssgIo%ZS#ripM=0c+GKd4l#1vA^I$-Jr)V2y4(_!G2*_gX%3C^!J+f zH>l2RP?Z=-p$2Wl&egwpcn|%uwE*|?8X8?`>{aQs1sB# z{b}!3&%;RtH0TWZj!z!X=?Fg077()7;-RXjam{bLe1kCymqYzWkj;vW{NF2oRp3|Z zXL=HYW8s?h=$3KEZI+;oxINgOzZt^q?9vxm~%bmRZ>wu-}x z9{k|Rt(5-0-d`OjU*FmyLE3f(U{xh#)u+9hZlVYq7~8Bg|s@vNl%X1Q%^R zNc1w8B~WB6B247=c+C{K<~2>dtP4?;lCk&#bNUMKEXo`73cb{GO`rp2=p11vemWV|B0to%f5HH_|4J-ys}empN9=Dw zc8{+M8G9o1tH*zFD*IN6XWXXrc*7SSi*<9kL?yt;luD&cWJvgeWDG+}zpyL>;gw#8 zgpbQt>{u^#f_c}EGx*igB$Zy^UFoh5obRsRe7<{kJ(#OaxzBU2+2XEmKHmMW%8KXS zr+HtHypnmzLvn2xp}T4e;Lm5Ws2$kdESi4=QJ^@M#w@sMD9rZxdLWsfQe=1^gc>?*t>yn?uF29g+%%rnPVntn(k|8wk+#Sng2U$m;BPtBN z4(#S|M`;F!p>M__R_}$J$3mO5WD@0L&_rCOhlAn#l5;OKi$I`$l7w^A4lJt55(ZWG z4QR1v>-a)}!}Vhwm-_JjX{2K%#Z}*oWA0ndckN!HNV^qq?ln#BdgFN4zfID*lVwMj zWwFDOx2j2zR&VrzTr8S@1W};s_5d;BM6q((REmJvt>aBPUZ~@Sj;}{3NA5od=Y0as zTg>K__0?SGNyex0;L!q5GCg6ac#X--O#WeE{3D225#M=yy?^(Qo6#PKdP)!so{19n zzXr)+*mwU+O9w#A76{yvjpVDxO%SlsP7z1&D<&aiCuR~HUa1n+WTtawfp+yk$Uh=P zPUD~wJ;5F{5hfbmKfrO;(7FkQG-(#JHabpZ#ZAYKmVbP`9F zcw{h(vzOY=8Y4ZV#WVGZ9zA_R3$rCXCDZ71g!wH{w6~I}qAq~M84@XUl9B-lEfI_|sSf+G zI$kQ_mB@herF{1HzfevQorMAZf&!COp+}C2L?!R{0GC)Ez|}fY)Ic~RdvpZ7!=i;$ zmq#3fD|7@{*G)wM(8qe#>4pBpGh3m$R76x3k~%I@2Z$_#Jyu&+mPei}!T{tSpNqqu z$C=N-M=73VKZYS@WMWC+%Z6y8d_bs}_6*AakB!5#((XIM2Gq)bXcj}uOs-@uGY63r z#g&c!G`aGX%pxKKAW>t`@uCI+))xuB;N?X^Y~(PM?;2xCL$cex{hQY7U~Z{gnE2x( z6-9t(GBMFd^TU|FSTVOw2l{|;tb~xcg-eJzG6=CIN?$^V7KF6^CNge;tpj14c@@TS zY&cFCPE$hy<1ReMVtmnaCdSiV?aCF5jK53J`(Xw^7>i)DnVsDzWC$kM3C0m(;(1Tl za}wT5x^Kn|kuS4F-uNmN-OQVz&`iRg&{QnYZ>w0QjY?phWs6a1+;BwXI4~FKyVhHa z6f!MF7bJ&n?l=j7DTX|F`7s(t#xEA3i0Q9{b21A>=#5Br4O~)jn~R^S2Y%%xZb-WP zDM$EvKX^W-J0IY~63DL5l5zy>33WG8;U_38-+Nx+HSlM-Ka*CxfJ~*EPqC>Ap#9MQ ze5^W`30VJu0tRWoO%XC!I`IH@!&PpNUTVlV;AOz@oB}7e%qhk)RW13&Qx@jLsI8~B)+us&XdXHrI<_>&sTHh zMC6V?t+q@p6sWr63@G4fu5gviwA&sw7Yd5bWkb}<=DUp%&&q=OHB&KtTJ=@r^eKEj zGB0zFnmp0_Atq0dM|C=D9w`KR$C&j(>cvlPA__tNb&OP-C8sA92nT5?xJ5 z2$xERRSj$=8j`0b+7o%|5uZ=5xCJI2kLVwpirv{4&*ip!uVcAGn}L1#V}tGSc-P4% zmB^f>+_o#?76xt!nVYvqo};K*Oc^3CmSol0V%5JENP*kW66wZ4H&H$I6DGP``iZZpH`GTO0 z=v$6-{_&ZJ;$JkfjLR#*3Y=Ys``eTKlvN~s^>&Dx@sRm`{McW#z4NOllFm)O4IkZN zVs%5-lJbtmW5QKSZ7C^6NfS^qfuM~u3w@LQV zlD+&!mpASE?vgdLA}lK}Eg1if&iV`>eYQ-M6;d$m5hN_N-O~SwBzWgEF^pz-StOew zI=OnlwzlT=NWM2Bc|4P+A^E0=I&sXzd`avA)0` zA3hidZ7`Uq%A%cg3cu=yHW-RW~@67@P0H;?t4Fca!n?zPZpL zC}H3^m)ZiT5;r+N_b6CN*zhZln!U8J~I`X^o4zsaX2y z!;_j{0z?Nu@bfY#`qim`cnoPNNaFzpqf9WFJ#ZQS#FaP}nNIIKBQ{5>YRJ&M1FtA+vZ z=Z1eIM7l4+8aOgOxma<$;0J>w4_!bz!WwC`Oc#z%MMF3SCjrOc_(w^cdAd;{`nPYq z&B4dB*h&#t*5mDWs`k6?Ol-Wd{wt&TL*Zj6YvNZT%JAt<5Qeu8O;)(_w_y#D;UXO zB7_gn!#-_Voc59ma-~_u%xE=cu0SI0cljn_%zRvSQqGE+75M76&j}8_sE2Fda{C;P zqA#o{J9QR0f$h-B@rcX!Rn7lfnxtX?kpubXH%X`I3k=23H!TPhMc?jdTJuzV z-v>QUwZACj!qv882W%+sCIiTK5vZg|(qjoIv0GXl*q+VGL8ebM4txeZc$sc66$ zUttP#L@|6XqwbNu(#~i{k#Ax;K3+RK&*$u(2g()Z;bw3ipy3py7a5N0v$Ih|zVFyP zWXsFC+EQ1F0U?_0Uv_u&m5*~h(n-Ne$Xk(!zN+AU)o zXXc?UNABxq^t^b5}1r%md(Yd9eC3 zbCci7&-psHeo1;>^2a%Q>+3rQQ&M#b9D`0mEy?fa=X{@A-;kc4+?1EIxPCDpby6ym zP-Tjw10H%KH+g-2PGfF;Bj5vhIVt#+Mtp;0zIj@$sgzE>{H!ZpR+_N*C{A%J=)rf zsVH%0eog~>m6!ZkPOH?aQvfF^fLTRW&&x6D>(YVHl;p)ZYXniNBrR3NJCYcgB!h#v zNGBCL=XzJ?dK-!9F~njqvZtc3ULHioxvSf{+h@|R5((X%0GYW}%Sd7tgXOL{awsH! z#@V^`Evfl4?o1|379#109A-v(Aku*m2XZU6n3Q=M5>s?G8(*HLvmI_mm`!M#j%+3i zWg{_FXX`}BY@H3>tW<>Aj%1`WvXR%=*0YeR0E@p(;?0Lyw=FYe%9o$$S zNX1jvJnxse^Ml(>*9046f}N+p&Zm%^hy{*H$f+g9W2KOjA7Mo;O!-CF6aKu+)oT4_HrEBKwyPzA z1?ni1-weUOTrtJq*hyi!)0qCCUM z1R|Z!%+INJ4SZ|DdjTGl%GvcgbvAqpL#>?EBQJTG2i*nX&P6FpF*Z?3%A`+NRTHbM zUWy*>cJ2PiRo{BPtNK%?D;YB7oyg)Y%IR4mQZ&Oho_}`)q9+irf@Y`T7cW(T#9j_ znJ{snA{7QX1A|oADFt9=V|3<`1z0!ZxWNy|AX%<_$Xvu$>toyitz$N1mv#WXY)8&6 z$sTxtd#pH+`n#|yX&^upqDrhkOO>41JixWjFrq2qC@1mUPg12eACWgBCCAmagftqs zbaGGoi|3G5w>pFdS-ClTK(GlLn_(Gf-l}R?h)R|i#-C)taoC?F*r;M#ZU+BejN?l2 z_?PpOeAq)U!%mY`0jxZo*+*8MV4xt06MQT@oidNbF0~zvcge=Ni@t1IYC8hYSUk}{ z#_g!9`H5J2%RcQnVxf9_Arb8&|GUWT1CT0g@01773VKJFB&)bX{(`Jb)BxZeu2A@xj=8{x_fpCtz5;pbcM>S;>4D z{w{R7aEbBMc;Jq!2~qakZ3U6`BTJzfJ_XD9oa{i`VK&YQ4f{Z)NCAk7I{_N-O1>Voy)t_|mc$?vP?t5(67j*p+ z)g=|!7kqn|yZ(#A3X%<-y?6)e}iY#B)=D{GJskPNPBW1p+~1GxF$*uiZdT!;S~ zxJ~A8cW|b=yW!&)-i|Ks=+q^e?PcnSkC~X?0F^k))Bqv-7hI^<Q%M`>Eld!V+x=F(pGD2-a?ki$sr;ZdGJc>-t9H&MX*cJl|TW|uP z&wW7brb_ps7XJOVJ6_fc?S5OAt9h1zv-dGiQA%J{?aI*GregE$5P54{as$TIUBR_c zk|+ZIhSI0275){v7N~>v(5JK6JQD%}a172c zdDS2OLuJOzRT;w#kcvv_E6CN!@WzXxfhsy-f+ey-3~~zr7x`?-D`# zNcvMB;rq%VePpDwtwAMo6bfiw9pV>R&yoAzk!zr)@PQUvfo=jBkhdio=8IE7Za|^S%E>3S^ZtdTV)qUEt1agWFF4~urHZp zRI36w>qG&Yd!YdPi^DUIKj96OU_JaFXKk=7PDQ zcYNvIVdR_x!LF)+N$(p z%7lT`Y7XDA-VtX(U#3p@rSFOq?}!0-?mWScbH(0Vtm&SntOet(d&LAgkI_rE7(x^Za1 zDgasKgdKrhUYZs&HEWAaq4^sE6cTr)K4Jqx8gjuE_nq&8FId>f*!Fbw zT`WpLe5bqoI8{qnbil%Pp$Hnlrr|X#4Y4_D^pPK$B6wY>UyBGT(h(6s#X3@CEE|a; z0NW%r)u=;Yh*#=(DIpOz#m_{EYsyqLkWfn?>a$yi693kp~`td={HDiRucFqs^uCjJL7;?!@PjJR|} zP+zDcf_jq5%fJ;W3` zIK| z@6QCx423Z;7u+L_(wFr5e&qIkX--a0_{asz6QD_gi?cBP){_h8OAasz&lBLXjk(p2 z^;Mamr}I7LE;5H;6BSLlTrA@d><=a|iRPg(HZ%D7J21gabx07fMaEMojO(?tI~QD#~L$j4N#FQ!l8W^_Xp8UGf}VAKFpO{Qk7`=P4g_wG>(D z#*XgM^5JO|5|j@MC8Eg>`A|g4q_Q+E!?WaBW>=ICQ$+IX3QayT*$14X%6ml>fex{< zz)HEpvl4sGNO1%U4~=<|6T*R}oERWbT2451#KHV79T7QEs3X~Yqxgf?AtHhil;&h) zoCXs)QK}U$Ih20R;y7> zyWRh1N+bWwOy0{A1_6(fSwr(?<8d%43n0b#$7fQLe|%n~9_6{td`2Z?X(gNnum<5S zvLHsT+}V@)p94UwOO0%aab(MbKQvFvHo9zAvP$TWMy9fnra6$#2+e^(6h1TuT16~r z(L!EE4emsk0nak1oLVvO$GQ9#STZ9 zy?{n#Ys~fF5OZ+6D-OkG5mCUZ*x78usl1Hc@vK(cKv$u3$Ys~A=+AZeJ*kYOxav2j zP^45cH%69Vz<&ka!FH){2H?nJ83Evy6hwN${FLJZ9F`rss!Jj{B8fIv|!Z{Td+Kxj-CdX6J=I#h*UM{T>aeY}05jPy- z1g7WijjsCdV2-XPmDjVbUSt1rt@USp^$auucVUs^GdJ2+%t09)#Ird71N-{9L5ur)n{dxU=Oj#v}xx zD-q{k1OuQ~S;VBtlQ**rjOt?HO06-&xN;?#-@zQoSTEa?ZuciK2NV#a?jx#7GerTGzDa1VV`?dVe^?Af9wXuF#q_xP(8}? zBJ&xQ7{9gY#MA-1Ij6j5a0$ImJ zFff(E@~v&MlTrT#pvul<1W=zs(3PEmp;pGeVu{u`u5%cR7P(9og^bfIDw25M2K(LW zCc+%OdZ*Y__z^fmVH9-F%^;iRu^Fb6lVk7kq@0XBN;&Maick};<{YoUrjTBhO`&$F zE;}UDjuX{%0HO93B_B$YZU8xIxQ7X~H$*hX7iy150iv=X(NNMJQV5orLUY;SJ9(2U z34H2?T|e`2Ja}N~PalJP+%lrL5R2c#1n8qWp>P>I6r*$4QBcE0q*SylRMv+mMdLcS z(xb%hE$_QE(t68pBseB=GXe2yUs|2=U7CEX! z7BU$S3|~a%kP<*Y9M#5=kH9-(*RN~FdBC>=-zZ@on1N8q^L)tjMd_$CunTh8II&VB zdoL9{Q6aG|D)vVeOH#4DD)yBMe7}KYKPk8`9Fp&{9{CJA6>-K0)9a0$EY5SUt745y zZLi>EvaxLh&Tcn7h%?z&ZWVoaZ!aEB#aO2JqcdsalTVa*NLPsU+LDubuz6@2k5rfU z#=+)2NslENfBhW(Qfy;UYUJtW5Aae76pniWH<6mx8LtgPX9flr7qLu-4W)vd4+?U& z;ycP|_FBq$kFTr8H^PRSxINs<8pshYUp_X3mbrI-;`TPW;RA&6-CMAAggv39?ym16 zA=T}zBS12CoUxJPT`Ot3x44s+$sUyb*@lAT_uXBw=k$4j_v-@h_wMSg_yp1q?&@vd z7kHOqOKBOllniVseO}P@Yj^cKxc&QGLDwaG!Vgyar#`^eb?EBp#*cx$gH10twwwY$ z(9hgFIo5|JCfRGAMH8{xRgkl*Ag9ffyrRJV_!p_}`fb?rx}&Wi=Lc8Y3U}LzawFJF z4F8|G_2$-@EZThgPK*=PSFiJLUb5%DwT-Do}XoF;fVJPEW z2q{-Z%wQx_%+Pw6h_G_dqQfx?>@|B%V6poufi(NHuR0|qeQhtXtthxT>FZp3Nl`j~ zOC4Y5+e=*8WAPgpYp)pPz)yMh*gSiMpZVO&>T!!ZX{^0<3DR1Y<7YrpS|iFBn`>|V za;&}OBP5kJNKgi~+va)DPkSqo@_}ukL@M%;QZWkq$!ZD8=tjktuiupq@d8V?Fbad;rx1nE321686Fu*4 zClfttogqFG4bvGCW+JC`hWJd>;%YAwZHkk_nu(y$wUUnJjdER1JJ{(O>nySCbP)D{ z@STXot@67=aS(z7@SWn%wJHGTk_+2Xpp@8)Vi27NWAhY%ld&-Koqg74 zus$IiYzv2g{E*L2t1x3eLx|Tte^dz+=B?N9=Vk}f@oR5|aJRQkroL>=mtT?gts;qA zMH07)ByJT+%%L;c`8DLqc^LLB%f7Z(bYyHwI-?&WIyznA4#syQe!D~B)Xyz%QF(%2Yb#j2o&oU;-O*;8YCcng( zB=2N0#Atz&>9ZJh`Cp`xb@^YHpsJZcpo+%<@u9E2@J;8mPrHmKKunY8##D*aA+vqj z-{9ydP}h|vE;f*n)zeLxO=9c*+*V?N_uT^TM+M%`+|{4&bIXaW4?7gt2fvH|AL0LJ zo(`9$d%BJ4;leG8WsA}LB+r>gd(ONnwV=~RmpyMWj@`{Bb}+ScFsy2zHMxWq-}@I> zT6~r!$W7;R5WpUZH9-pb3ar!2pIzXGlJBgo!>3RmSSxYs@P6wIAzeUoGTflZ*BOGk zU@PiV_NOu^wnk+*%Q{0y7cfJ(L9t~p`Ve7IYztPQ42tbhIo8C<5z+<75u?xJ2viuq zks3VG6wYT|?ZNO_)*0escuTITAz=)!wayS9!&S`CE)18%$q|iVQBy(96%WHvx=QT+ zGqL6Yvf7?-qHRzG^Hi8|A4A}K6Mx7EtvmQb)4g>mf8NKKXdU!_167wk=5(P7c_2me z`4cu>_`C)3s(K%$+bb#4s+-e29gg;NyGo|q6n!V5oZ|8Kd+mClfL(GWe>C<&`v+sv zb|QDhbEQ41Dg9T26pJT3 zrQd9wAwr~>;x05ViL7+8br~4Ian=#WTW5%_R3v~|X^K#y`Zny4xvTch2SMz$bS}w( z{)(tOnc&lu!yqmw*sy;Rps;g8v_p|G#Xerd%Fq!y*74(#9+G zNh`5LtiqD}Dp4T|&PeaC806AIysXE6Xtfer{3UPjecH~mGy@fz477RYp~X5DZ1eAP z+Q~N0SZ9c!V1%w8p)(|`iCoqhSc6(TfUdV-%(LxklC5Xdm^?@F>YB6L+0#1f4Dowf zqBA7i)2pmAME5juG_dnZIhs99aSvQ!pL!2;UvPXJrN_sE)M((%IVucIfx_lJ1;u3F zOJ&}162<*3GH`Bl@Oer$hDpnt{Gr}#p~`G|pV|%ouTRHM1>q_#&&GgrVu;~?g)=Zw zji-!WQg4Y&xJqP#RWi>UP`zKzQ3GZa2h5%-V=z&y-y#7)uf3rZoc zVav|PP<1I0;kIA0!d1O_Cx+r7KL&q2pq-p~l68joocS(w8w{R=IkUk!Lj-3=*xR=< zL%XcOtK;Ng9clq@d!pl9mego(>t!^om_?5LcYoDR3^!P3h>zi0b%um7e2sO6_!#cW z4DG^j8x@vCj%W-YP`;23dJW0Mu#!2CV3-GG&M&#)Sha5<2BCfGnV7tKI^53@>FM^+ z(+CcUX*$|hhqlI!Z7TN%-Sh94b z*Q>Bd<*I6~1Xi)=qk`8N1d4YlLp(+LWNnB)eJcBJwZC$=dSkV?aVuY;g_ip(m#LTW z_E(~H1j>nBAiwtvQ~(hgw671e%Ti^XAtXYgcUiJ^hM)*J&@RjI))_(~Bzl+SE$Yh% zfpDN*mRI8B2#JvW?Xp~@bGKtze5iGnm}T*hYB*H3RxG(@WOh5bW~g8gf= zxh7zpAwJj4WrlWf&9pc<662aIox2@elVP1DhHFAQI0v)kAUr3^GPpQJqvK$=RX7_n zmFLvoV|zsw9S+4gqs%XOZ<*@J-4E;l^^~i^jDZX>f#{R15+d{z(yg_XIaz1U18=iX z_2?}YK02s{c8fyN8!Oz0kyQ=O9}-kG zGeAd58u-JNNi52vf&ypYY^*Uh?zz3OwZ!%TR9C~`$yb!7^S9X1uo%DDjhkBgJc2i- zIWuh`4tXHrgw)x2w@^vKWb1|SD1+=GtUXW(rmC|rQZ~NBNhApEo zL5<8jJSKD8dfYLf(e-o=t4E#pI2pXz_(QAhZ>OL;X|3pa?^g7DQ>*m6VN2SO^@lZX z`=GbH|Dj@35|iq>HC!-i$T!`BCqe8RF$Qy1c(B~(2`%?sih~#LHw^y6uCI8Yt6}lJ zUF*zKU6-adEdJ}R#RbXlH4J`i*OG#+AG@npC%NsOI~sB)m%PQF z_xSS>(ynvzX*+)!`15_^4<&*r@>O4!v8grf1cu+XX7psZqqTQeDZApjVlb2(hCz7W zd@vTmd1SC?)CmVP)L+^fXs9n}{i>lpzjdF>7Z;u6$;NM6RyFQud9QI>%g4f>y-;bx zC*?_L-Q?lsq>Llv;ku;W$#_6+;21CD`+t8T!p7D?-!K%#)xWjC(b%u`Qb%JSY-<30 z&|?{`H#;H9@|}=nld0AqguiW7LU>2362jYBMF^W1#M%aH#@dE~K&@@W6}|BY93s|1 zA@SO@A$tyM!0*m(4NFE1X*i7fc5AmrTg!QkKeP;SP_a21d$)`&hGsh-8ty^|Rh$z) z*B3Wz=|7|qIm(B8i!%BT*@iO8@r#^dn<2BQwlYyeH}qhXqS>g9msR-~bPT!0r4-8266Hd?@RGm8i--?VmVE3xhNX+3eF+ zb&^P>L>^8O%pIP-bEnE4iV}W2Lkx zeJO6m*f~9>ky`$%MuvlC#(>7{&xYd@?$28>pwaya%EYMtXxS%+FfPa56J*^|$hj{d zc_HTWoA-8vHQ$ub>s{u-X(okRC`gX`J&tS#TcDaoD!(`MSMrp7E_Imk{RUvzQ z^jl!K>U|FT)N{z4)y7-2UuraNS>~Kk?%02@m3ZC8W(SU37Qz*j*9_}i??;hCXBb`F`&_S z3ray{8Cv2k!WtC0I34?A;L+ZxEdPhrC6JHJumQh@-M723f9u<@`rfCM+(IeY+>kp6 zAOL@$Cz*Iu>t`~NrQB2xHv>Aju<;In5*DDeIlh2ky?MxT2-bc>c0sV-JY;pZz@uWN zmh>CT(k7R{5S?5C%kzg4e;wokOwP2j*i$fm@JV zjO*sI-*r8(cocXpj*2`ip&5EqE>B7R!H`rFd&4aEo58ZtDglVMOm{7@GWtru>^) zKck_%l5!qXMa-Vx!K6-Bt}&l}2UEK^bL3Smzk-s#%+WZgWr!07!DYoT4u6e#-Q}EN zU+6^a^5V#?dA(mBScZ)#3{%@RY?Qf_930{extN)S#yO)6fC>)w?MERO2K!cqu)scK z_=ClwafAfmERhlbYu|_e4@iOO>{Mb>U{VZd+#!=g(8Pw!Nim?|Lngvr{GcmJP0U_g z9RrF|f1JJeb4%|SY4>J&!lbK@0gX$#+X$K%>28VvjY~QQK@%fgMhs{)>4GveVUv|o zwT9=rM5=zrr~e75`j;+18>H$Z46(%e0K<@Um8I2?h?P}Us|8hMTXWs=dy%>8Ww-GA zZrGYSuCcLY3f5;^uEK(B%M{AiV`yu6t%+f4#lw{67(;9ee%G00TS#~$n%jc7x&Cu2T`_v1wuHFw7PI5{ z4EiJMfRD%nrrdMo0s9%V*j31V4s{O9csq;c8vIYXpBTDT{$F2QN*H%{AE|LyD-Xck zBzXYtZpA~pai;}tX!}dcN-oW+y;v>g_P^cupWIfo+!Rlkk@7of1fDAoK;W7300f?bheQw<(f*&3k)kx| zL2V1R;lmSqQ|vQ8#exgxyY||V`urEB!?KpWc_$WD>@{A<{GVHN^1@kg&N8$k&=2i; z0Yhlla~NU+^Gt?OTJ}e6U~-;w=*7c{u3Ukrt7b+n5goY@}o)U zG>$3%Nrf5rGUPF3uS&2yrX1@CCiZMHTmy`iB4Rv=z5Q%k8;%Sgj{jHTW@L%FL3wdD zP722yI*z$M33$un%CYB+FXvsG65h(GxRAGUDn^&WLs%s&g~&TMJWEdTytDAPHbuR$ zQX1FtRXn9JM7@lsG%Q8Oy=-B-?*CY4h%Y*_b%umR$MMz~;){;As4UwhI$nvBBQeo& zmCoG`(J|CION{97bU4P-ZM5tQ{ltpnC-7`VryrI~RPcQ}ndn^W4Dp$$d7r8wVJ6yW zogqFGd6}VIOmusk9M((}x}(Ed!kzZnbvf-|r|-X0jg86@!%hctzVWBN4rF>+3uEn{ zfEPpPJeWR;`x-QCmVucn)#}i_Kq%De1uD!qhauJK87je2t%f-pI2b2u5aaE>{X^Lg zPi=9OYK%JmZ`}c^T1veKbuB?v@D7l*o_@{VPCd<1MNhBR4=*+8hu3%FLG&~A^s;)m zS)-1oUs3ZC(X3nPiVbW0Jj{6ks@7oC;kO+Xoac?>q0e6-KU8(vxk>|D`b%kQ5!R@< zwD3^lXfSZNH?o&@p`qd45w;^X;aeD{6O=cyZBZGXw9XKcnaE(}jwHO&!PaHOuQbOx zLv*ELP6s`M9BP=SE6G_qxK~eUSB9;63X@&mh)@yVjLHPRv@kG6n}!?YrS(B*vW9~@<0xmPqfZJZU{PLj$rb&Uq>kQGDmysTHk|h!+a`4Mw>tGJHyYK+6 zvw6QnhcW1?R2Wj&VOrXBe+pev62~PFZ>_fQ)@qB)6W_+1H0BB}6o@lS?F7ESl#sK% z!=-BLA^l7M&BMep-jKdazZaiCRx`gFG{C6RL!9%RJKM>5r(0);&v_qF1BWZN199Fe z>kJW`7vc725;H_h1`gzA^Ts$iSjUfc`*Vm>{NgX#N%29}8RAoXI~87gDE@(UhWHe} ziy7KQ@riMAL{t2L@{A%b+6|G&xNbb0LWAN@dhzdx?Pw%q+&mR#+^52jth?EP*I@!r zO-oF%#|h1-(jO`OnEgk2(1E0ka*76dS}F2W`P5M!b^>!d$SlFOuz9@Y#*39FoxH6? zkmYtuU%o=y59lVi67`YSg8L^2vRO*3GsNfS<8+3EHD{W2hWOn4%ID}qySVw8I60!Z zIVCg&i0|)z#s1v{AIG}dgW)vm4Dm7i3YBGhKIc!ixR537%r0Z4eW;sW9UfhQP)F+yr;rth)3u-2`8OJg|MD-2^ZBBj(cZ zBOCT%p5TJz&%dg}uL4ysOP3Gx@a(^R>ITY{aF?kO9*oDj?Ne5bwcolSl}~RSLau!w z#NNdJ&p#D@+J zK6XW^>YyV|Kc=XNc?G}sH(TW8ee=O&=D|mO_8@c+Df}kM1uP(RhCIgcNI2}TV_+lC zGhG^XBdM7U2^~d_@m~@S`*93xMzmSIdj0o>4n<8P4kAX!!rn8Yvs7I9_>zXL`R+n}*BCbW$ zO-Jo`M7bHEQxR)A{{EB1=~xm28=sCR5;j3P9uor_pN=b`yAq}2>oKs2)A3s7O^}Y4 z$H2y=BM#rmB_Q5t!o57@pCfc@&h*t0q@!{mgIqy6Du+?mW1@gNn6^nxXeN%cl`+I| zw($&coNWxlpW-+hFYRo_MV+)EO}J~xt2>RGKIqej#pBSleAJUixr{%|VuNsr8}2Y1 zI0a5;PuDx*UhskY3@6T--BwH=4wV!-@Zm6@A-rht2>R{C_>p~kq&&qp`#ZW;$DHsA z(ZmoXCZS0z(ZLX2A>=*0LdbiREALS*-*b_NK~=K^{udc&R}>dqH)OZzhGNNea7Gc_ zMJT|BT%^C^+zOp`qCPkRL1oO3#=lgo!lx=3vJ(g+PdK1z9x{NS<&lG6+1rkmND|=f z)9N7d`9>mN_f~HJZlCu16WN3k+r*DZj34JT>zhp|14?2$L+FRC3~@UCLx%f19d9jF z`mjj}YKNXNu<@nJDmEuUsZt*U8(*rF6E;EZa6=4i;!-7zc@vZ>$uY2TrHbibO5KzE z3AMwh4-=>3uo&3*bhHsRK|1dJAR0D49sfqy1nKxl3~b_b%xB&N={PV3HZC210_~9S z5%sAXVSdsx-5v6PBkHB{02}6dJhc0W`cLKRtGXo}Vi68^k^=lVEwBIlaRb`(BL!SH zmH`2GBtrykU`o>IM6(UmRn6B@e)U01xpz zyd*-EkkhM>Y>qL{W9;e}gZSt03)n?)0G_m&So!{aq6b*{8V{Zhm%~HN=>Oj7-IghogwBQTN(Zo^AA&og~{Lj$l7>v zGen_-VR>;#bx2<4!9d%Ifwt%8@sAkiF7JQ(E)mO@In|GJ1E~D}VQxh?fc9DU!Vloj z$z|c%?Pp;UneERD;$DJ>=8F4s;r&GnsGedd2ZP~jgO3q3G{e}R7sRF)s+4DY8)N|ic)`^?;V+DbMh>{W!J4p7;npC zK;zo=+k_apO03}_f*9!kAzh~09Ga3eTmX~KOzCk8a4&!GjKpZ`z^-43(k5v#CrKJQNR4019K z{9`!vvo!(%Y4mj8o38CQwXTS_(-l~TX$ARwZ3D9WP}1)WhMM1zUzlEdDGhS|Si)ej z@+y@_TuvTJ{2`h$f+NmiOA{LfePckwI3m&w>PJgZYGUGfT?{BnHC>q>O1Lw}*8ZGa zMoO6VixbA}su<9?xSdMS#Bh6i3}^&y579BK_SUUuI5MiAF;Cs*V0dFx+fJ_sO0bx9 zGQ-f~Rmj;|xIfGF@Q!wHzSS_#u7rv+-B+qpuyN(b)~}TOxVH|CGB-gI_Gj6Pxgbfp zGsLz>XH|+w6v&?M4yBP1D^)&v9j#7Gs;r9vjm!Bn2$~q@PmTc%4y?)!-&N@aum2^hZ4#^yo|n^Lir#aQ{KTcAfkWA5F+{phS-_DTFTzf&h()q zDT1;)5f_ym(KFfnZv7V@u)X%JJYaimJ02+UDW5qK)gcRh+cEOvcjmUxPwApE0-yh7 zzuIE)C4#%=MH+XX$OCYUTkp@wbEVU6u#9~ z@K5v%x+|X{bk`t;*sku+FiMC01l}LzOL6!#91qcce;9o&J8&=*%M9F1=6B?#@ThBr zQ{GFQr(Tu!<^ROD4A8I4k&5-9JE2l|>@;D}G*{qe|u8f}5Y|E|10zWJsv zFEiEW$?R-@)SH)??j4!g-RsHh;T@jYYss7Z%UNMhUX53&Na~Cv7c;ng_~%S_)z+2S zTm$RNk8mwRW=ye?mbj2TU1gR08s3#?hLAtXbFNOm?N(Ryc8AM5KC_3*&mUBtRg>gP zyT9adSPq4$wJXYxb9r$u$C>I{=FDOXTxe{z%SY(y1_#s*v$<4Lt`_S)Bg8;>^`q^n8x4Z4&s{JE(fhcZE zf??|NBJjCTzq1D$?j)sMM6?5l&RXIDjy*_9HN4{$jt97qM9z@nj0rkfp+1;=rA|hn z;m~=(LfFN??Yxxb?Ti{o#gjuXrPoA)4;>C12QZ`WKR~}1uyAOB&o>o5(X{c%1AHPQ z`vQih_uLUOsBFjd_kfxynZ_;GsIDkdxiC;%F0ZSHFD>I{VL%5m)pleiyeh;ipvS}F zx(Ypfy?2a%JPF=$YU_zmZ!&nd_eLa1h5`MHU0wv}d=W984U7)}YfmEko~2p)sGC$Z;xjC;~F)mR=(SDgWl10ys6)Npyy0>U8>-KA=vf^@1d!2;Vr4qw{GHwA}n_o!hT zs09R(=8)z~cBjs+l0rSo(&^6TdgI)MAoeku*sVojSR2L!$UxZgec>I`z|K`RR!f!^BCj1@9fl5jEv^OOA z3J|_D9Wv!)Av_T80!%dZi%IilD@6DUb#|2`1e0P<*Xb@0 z{(`@Q@LfWL=U~TQl>GdYqJPwQ#~>nVhhwA;Tw||QT%hDJxFD@Z4!NLnrcrWLG#8L4 z;DV!7eDKa$psC;bPFzcD)iEl3xEpNT4{m_7f=%vi(&~%Fk{LB5YZh@#3=gRqv!{& z9*=%v{6YuiLDFja4G{WiseSe7T52yE8BI1~5o8;Ey|7^f*+@|#8wxcC@2>$DCABjp zt4Qte!J8(@v19|o#gI)zcNPY3whUfJh-{Z%ry7hTHF%Mo2s~e>gI7J71HuPypWvHF zvZV#nEy%WWOc)oSyByx(gBPe^tt(8hAlZscvZ>Y^%bo$*ej{XyqL+NOZrHV?KQE9L)5-O=jahd?O{3{%t|hR9j(;yz+k$hfo$Mc6dbq+8aHHi9Tfy) z_Mm;WPn$5RwqWvBovc_cn7m3SgJNbiw5)mrUJ)s68emVx0~-x6qjs0Q zb{d6+cc4p5-2M{?0a}WQi?`pmgF#TEFUL3NbQGbOBpKrw+>l*!xG$}z6g-8K4=~9P zD<(08v&kg4U9FfT%Op8y%%OIbq>qGICQJev!HT8o(c@odQ$+IR(LiIilXbc)ic{>t zbWjhdLcz)|&KKM4Ty3Bm+PG2KgS20xlcQMTWu2_r9)x}@SV*ug4_fF5Jg+&0=4q-i zDIVBmSmqP7(DTt-mu5hF@rk4_sch-R1ioKH~RL`4-JNrKvTC!@N#q%N%(= zTjAA|Evfmnb@tj>B3!z-d>}Di_2(=9#bBO7^}bcO=d$>dq+1~*-g0>n_%N07<)DzA z#g8YUa0;1l{@H+Jm%m;7^Q+O;{BxY7$K{_kZNEhG&u2P4nt$F7rUz*n;vWy#(t{zG zYCIhTi;y(;MAQ~!lsk2D6#rZsECfAWmR`Fwt3>VSl|}SQk0ztjEDguZMGz zB|rT_@l*Ts6K(Mreu4}R=cgW^chcw(KT#HWyg`22c2yKVecKLxA}>9T0xWpRkK_aJ zl4)_6vgmVd9R-;J!k9v3t)y#(6(NR9dkWGgVs0^Cm*k8RLoY!qeR z2`M=%n!8dMr@Pu#y1dI>-Zd`o zMi<`RO{qiSB$^&m(_!eHNbV8n{YdJ0wUpy@`3FtSqIUQ(H3F(bE}FNM zBgqVfV&3-9Ey1W$<}Erc=54mGcM;%d-mV1?>P3ls$x8DUYE+Vg^V3u0RnWv8XwFZ^ zp=20Gxym>~07Re*NKz|MK+iO#xd2-eUeh@;GagD^Bt6X!1>IRY&SD`@i;YE_} z$sE`GXlSXTzXsMU=;73tOBKC?>0q_&fJgM4sXmiJFJ)1N5O#r3s}#TuE8H+bHKa%2 z9kvoSUJ;D+;w3I$rvSB-FYV+j1+molG3yp-(zD^5uA>`L;0#@$N)rB%^irKZuDRZ* zc^HiLa2TU0aTTrq1}T0kBEJ=q-ykV5jWYS|4NYY*AeM*7Z_n~R$5~5fU=rc+8WEM9+5@NBn8aSH8 zUJj;Xq@jD{qM;FdHrE28ODv!L&IAjr(|lG4J}UyBxl;q9gwb9riqB}>HKRF0jCQ;( zQ6&ju2%~k>>BV5QU(5reJsD)Q2zhqf=-9Po3@i>u%s15t`-M=LE9OXpU0a{!^6CM` zNk%#sca8i1u|<~Efje1E9S>IGqOdXVL8GnNr+J$}ME&+@3&;d9>)YAnZy*}t4)V|BtzE0gtLW*G@=AgA!*Dg3*c&8Z{JcgY}Xq>IAv$!AXsmqfx1imIGGXywoOu+^h;{711hQs(TDoP%8nd{O|jHYt1DD zwWsHQo|6Y=uf49{`tIwxp@%TtT`vO$_i}!tx$)b02|I2LRN)PH-dyZd>}fcD19p&>M~7y6V91$8iO{>m6phpM_a z1F+=FXn7J@VYrKv^nyzvCeW>xb2GD)r^~RJmIcHXeg0sIvrQEztwyz`}D(NB4J@W)= zbs5T=QBoGXw3D6NPQ|_5U-XoZ)^LlQ+gef}QU&tT+RJ*)l9KIG4~k`!8Me-p@h&c@ zZtX|PRih{tXRs82rvz$kpw0&BCE!ggnckYmtkX52wWNsw{5fk{OX3=oaC=60fepLh z$b}^xcy+udN*3|y8Zgtnx^1n6aAC<>WMPA?5>hx@OEw^ue~jO(K?!fo2>T}d=+Ou~ z&TkEj{3O|o2i>6J;L`k{lYr4qyu8WB4T%L~4_`NC*xHt@xsd3?My`$omwrM4F7OLa zAh0xP&|?14xDlRQ4eqJ|>Mh#oFcF`@r41#A;Wop98xM8dCraotwH}D-!#52c4zd#A9b`p@JCk(Y3;47qYapM|GVW8Y`=az&}B?o_)hH$(kB~8+y z6hn+jWjD;zyox-v(!X@o-}VL%_G|Bj2;GuW-NKP+en&62D?eV(R+_hwh7S0VbR|E^ z6T~mZI}nbsxeb)sK$!%9m<|M5QA*Z;GSzz+3I3(vLXqv3tv$dv=rN|`^p>r+wXBWc z^>o%<2?1h}CjsEa^X za4kG)e>AqwF$WT?V;02ME7FBTz1Wf=|E^<@2vjU!%`Bp|(?k3P5$qa_Hm@S0SNbb{ z2xiZu2h#17TigAse2#tvwC>l`GUgajvXSpkX+K!pdOmO@1L z(@cjTc#swiqUfO-8$#?68aoiN$7t-Ki2bU@4r+Nb7YQdL!AV>YLfwO$jqjoA!N_x< zW-mf8sM&`g?_nBy7-Ems*kZ(1-*rA9$Qe%%oY>C81jt2KRU0Y9d`ftWOZ8*J%o|X^n9|+DqRQ+f0K(F~m&_LJ) z<11)tDB_e<{&uBRXtbGN1b;2={UTk(f=1$4Lua_lFNjyB!l8I&KO0{hugtUIaJ(|# zhD+m>0UIuhR~|qc3sSt9*Yal1$PE$!=0U}Qc;$i2$Z%mC)6gbd6tC=W!$aehm_*k+ z$HglTw&9cFl>=BYu@AoMWW|V}672H(#VZSK_@H!q?OIW8#$< zxoY^U@k*#k4WAsZ9K=S#&c-)e-u!IjiueV1hlW8L2gWN0+i);mS!Bb9#Vd!{@X_(g z!)*A3c%`^oEc^9%<>9Qi6u{@Vyt$pgBZB(8%g>Kj9$~`+;+0>q;lc4r_<5S=$av*Y z8!m}g9%aKP#w(AerPqmB|A4z7yBn!l)BNJKmUPm^78Ab#CI~9ElY$SGx|~m_RC&UT zMexo)nlvXPEVkLi*JQ-kroyn_TJTHQZ&Y5FD%e_5pAnv(5pK!|$5Y||snJKH+X*55 z*t;GLN;oG~d8;@uHV>_w4X@RpoFjyvnu#@13X>Q2|2}7;;)57GJ))Lk%soq?Z zlc_bmQ)!9((GttWO;(2jT9{hOop0)2w48N%=a z94%V7>HD@u*GNt1ZTnOaV*!?*kMhd_K~DFv^ra(CW^biGH?RelNmx8<=?TnuiFwFd zeKv`D3H5+|nw)FOu+^ioTXptr^`A#+tB$sMkhV&$?4#BBrfN2P_YugF*$GfUi?QMV zLbVy)#a5CG;!1a0OvB~c@L+8?g?#2AQEinW|CrtlN;RXh8^Ru?-VGgL8Y;``VaFHu z@L^tTnOPmc(PHf3O5Ajr(ZkZLoC4ZUc^9TjJu3t~S$kNVV#7?1_2!$ZiQ4i$8rEWL zctUo=;e8t}H4TTg;Ys^Jt*tWTuPN@;Q-S}DBeQylK|ycS{s}qQ!{V$S?n6V1w2*&g zpAAiCHTzV4b)T`ZK4VYoGd9dvc&KYrD7PID=2B~+BipC&!B%>#q^Q%psuPcue#nK@ zI~d2nGd$KT`&Z5Ju-LzAS-yE&nY8p!NhzPOfAYlOr=0KZO{I=|DP~E|FORw7BQf`U z$4P9*`R{1r>8ix4s>Cx+USRHcUL#lJ$z$kjc^r3}JWiU9hm&_xwUc*gjgxnNZ7gqm zT`ceXdS}G=>ez@&Yhok5T^k!Qr7kw&x_X_b!|D^&Pl!vt#oTQeW_L@uEL9f6NU=PY zm{byp!I^VN$5LnKB>W^+bIM)bH*RHA8BeTdN0mntE24?#Gjm0viB-|WUoxYdXkv9V z@e-rTw4&S<(ScH`%+b2bqq(c11ErLWirAy_fYP~U#qliZI5;jpP@pR3JBqE24n)nI z^)h)PHcv*J6V2_6vK%)rU9(~k%cB0wIITZwAmhxm$%nE6+G8Ly{tnD>f)DN}bcVf% zYwWuUqr)~tbJrsHJc665a@QmHHw0g(%6%2Vod~{ImHU45n&$>NxmfAk;dCXx5zFmD z`6w1O8aEul|H5a^mf_N)gDFvGy zozk&N9@C6!^>h?^qA;cj0I*e}(^06)!Y3pq($fVkX#k%sXroY z*>I=`1u#>Prtfy4ZwW@%Y9`IdftjrFPDiC|KsqXA1kzC{E1;uV+LtuiDQ_fnK^pBg zDrFjMxk)8Z-IhNkm(|p1Xmdp9*n*{^#z+g6m26bXip&>zx9piRB-zoh2bNh1Qmxo3 zHAY&o+-Z>yplvxDg{mxgLJvWSEoZ3$=xjL~g{o{h8-=R=uQBI`u|!u@;%T@8RdD0- zigM1PMla08BbGOG_b5J&`$!%qZNtOKYk)7AM|RF5J0lc{<&m9XluBuo%3>qvWR9Sd zIf71R;wBivIZa@mSVAn0lTeG3xOV|LDsgXzJmxKuENUDQY8(=39Nh8Kot;xK{8d*6 zZ}doh(S!n)(`{T_;?z&IaqSYPj;f7g)7Iq?;B0+{Y8ofaNR>)CHzQhVH9W2cRUDLG zNT-ZQ&S6>9tW_x2+$(XKmvvZy$cz{03`^ZBnM8bkp=~Ow*?2fb(x&A%#j57ldj3B! z-M{70egQ+c;w_+89mI~IxyA`S79rY_JtKOtL@VVpqL)jw5wL&S6>9tW_BLOPuCq9X9X18S$*cs+4;rlhRY$H1s#| zq`&4@eRD5gR6m;d|7-LYhY>n~NP|w0ekbOzJF$d9?=I8M(RsrVW#^QXRZRB|mJ}nE zDJg@f#NBy<#ix0nk}`%iB4r9~M9L7_h?E&LoN+FEryw_XXqa#GA(lS{(s>bq1I;z%^H62xFi8a5Z2{L3| zqk0RXZeuV_Sf3=$oB$L}D4V2np$R4ad>yq4?@q!FPSfS===wC+?WWG^be%Q|&1jv9 zYJjXtOkYulg=;~&jtmYYLQM(bIY48Jn0Hk1|3S_DTaN!t@cYNZ?LQx0Kj!`tm%``Q zZ3NEF&J>m|Ezh;;uzlxo(`-U+S2VGKB~(`&_brn^L~wdX2ll9HOez5-aI+*9 z=>&<#jYuV|aIV>e38fe5zF{sghS?-|ZngB`FrCQRqy**|6X#=+X?!gp#uU?~m|?o9 zE-fDqDjY^ckeU{c2Nib19^oe!3D5QMB4YI`dsnui^;a-uO*RaR0orc+|nPLHp# zHCtxT7^&HCkj6;OhOsq9YBoHGsZ`gQAZs9*Oo8G*Nlk6+~8*jwq{P+E=$$8AvV?$dpHz(kD6n|VCj&N`w z3p4MWOs1$@q7#bZN?Zl=uL5+5P9Lg@zY6A2Rnh^@&S4p0B$#P$B(Si$l6-;Rpp40v zu#>=9{gRWPRt$T&=&q9RiiFRV!E z&7`YBsiK@ig<}AKOwmhh3@S5#6ia2MI9{%TJKl@u+F1SaxD1$&+vWa`n_X53SM_0{$Cox&y+BJ zZYtw9$j9T8wbz|rjh}DV;^(@0{QRj2s)~v8+7aN_zBlsc75@BvkaY!3O?p z;m_Orc^?TMY{$^jZoiap}tL^7K9jloQ{<%pym7!R<4S%aus%# zTbfcLTHZS}x@Kh_x*AP<9PQc$tgja0yr3^DFgq4a{8?YRs&cnty^Al=VVzaEZ&YbY zbXZr_HE$1!<-QYb>CV0B579OJzE)1O;=`(7>@Do6tqP9C14}Mr--=b>Tf%(ETXg5E zv0+=QhP@dZ{-QH{g)_V>I=nMFyvs?P?j!&=$PIl0a-W~E^GO%=GU)9>a*uZsYH1IU zS%t}vceSJD9U{Lnn!v_J^A4%kYo5(}7?(dgTo$7|qjc`d=s@Jg8%K|mAudlv2jW&} z8v%h?<8VPtB>s40!LXn!IuN#=V$A|3okGlX=mzog_iwS_gL@F%S(Urfx#oFz z5?HmuLKS6mJ<8Kjk(VuyP$QnP-1ktU5zkoeZV06nPw_>t4hG>3f=F4i2@XuJx61ys zA>at8_!_EsJ>S8-m9^Mac|I;8_+Z;u%n@Kardv3*=cfo_y_|bA&zD6|KXRAZLC!7f z5PX=2NC9@ePjJ@cmw?l-WLtR3Ef<<{*rXW>FcK5AFe%uq<$wK(cd;#&>!dFC_9L#2 zHN!a~G%YxrAkYMtc5N~ zQ=CT=zkcR}&t83O0nYd3JC9Dg_~g*`H#Wija|Yl_s2Vha&3%ztd3uFYpBRn0sG{bI zV^1LvfeZPSM`dUia3Pnpp#U7M;Y)0U^oD-_!241AM97}YJDw1NL|}kNWm8L*u1gIS zaoF$9p-Z2RNWHF$4c)qz)FYeVt|coe|)p_NmlF25OHFeV5<52f3T zebEUBxEb%_1uDyoaq&{@|MQg$#u5BQP`~u7oCt`Zg@O!dC9=T(%l3@JMIp+yLTi>- zdqIo)VZdxZ&E5|y_UTTx)w0bYn$VQ|1gaz2BX$O)Fj}#eAwX}{j$dg&7hNT~zg$6w z5g=ut?*dhirV))uROKIGKo{K&L<}mx5a`ADh!&>+^{Ts@tv|#* zpo;YHiCdIi2h4~ws%``=4k+2X!4O64pmm=8xBgS?!~W|BYxJo6RZy&&x5b4n50y0W z3Hg&Jh)ItbXDh6L;P^_=`={i=8G!^&wP1Uva;x3m=*n1D=Y&i*PRTM)xC4&s5y=@-;wygTexK%T3s^q!kWOs^zr-sc>cCU+E1eVk9x0kGjo(h@ z6%PfB7xHJ{Ls2*LRdSb*;I}jri-KRJi^1=5spRwVYq2Q!-6{nPek~RSzZQ#vUqu*Y z2_VUuFfhL#{DRC)tQ8CFL?rPo_=SYa3NG-i`ydzUz7K3YDJ3p|f5BJtDx%Tge+%)y z`)c5yx37tZvVVT(eT?+C{)h5(H=2RJCG`V>edX0l$HnE05od}nW$vv;*q@#4(EtvSJ^6)|sIezc`$zzv&|#|TcS2zZI&g`n2I zCs=y+jRs1p+90Hn>sJ;U!4f03uw<)A0pS-K!J0_IFEoNRk%Wg*!tjT)>995Rw48O! zAsq$bg^<{VNd%0=Vavf|;Ru%Hj~%&wT>Rn#(CszRy`9mD%`-#5N3hDPMz41dxZ&mQ zQpfBpqCrqbGwjn#JpI3TasusHeY{jleJd=|mwY~?^de*JPd-VnPNsuiBBhCcjb5X( z>Gf|5YMLrSudM>Qp_dA(q1SekBJ}DpFG4THUk1I*A_IEb#C)I{=r@t{YasoekdDWU z)`=N}j2*eDd+_++(nMo`i29( zg1fr)kPLUVoMj{MN<(hpoWmc4#jP&J{R~$!8bzIAH3>qBmR$p8o~?Zl8?Z89 z-~MA_TiTWPCVBT0-vahqjlxaKli>e;#XqVSSBpPr4fj#>goCZeG0_XW{NLjh9~%lS zKGsAE!hp{$oLP)J7jP%(i+IDZbjE!bAuHw#3g7Cq*$8R2F{gGVJV8^8~-|{$26g#CFl2F!3wq zE9KMm!msfK&mN*Z40q3OXyiQ!-PaNEpbz-bE4+UJyGM>HG8xO0A@#aXDKtI$^#F?` z6ol;}Bc~3`(0L34D8KOzfA7dne2CR6dTa-P1veHaH-JV?!VG}@759nkJbeYIH_lM6 z*L=>j)AqHGP*pNH6GfNujl)!6{H&C-ISrL|FQEbM#SiCU4zid34gA$;7u@VRTY3fu z+xGOsA%{}pS@49mk@;f!aTkJ;*07{10DFmXF>0z-PEnJ9A+m;`OMN^{2lSK$=PW_> zY&=zI1XqSQ9?46O6m4Q&2zV|N2>NPnzM3!b#b6B7Xs|uJbVwEkqVNpv@ZgAGg zrfGDATZG*xU{CwJI`sqrk&Xj!bxuu+MQq0X+VWCv=+^DVuMLRQ9HOmi(0gtuuoS3VN=Kokj$DhP?Aw5%;u-FAn2Ah zDc~ZL9W07^c>vwL0$ENe*(>J|Qf&cD4w8`##;1V_ThtzXS!}z{XepzFSM-ESS~4d} zmn$b^5p)9uIHO3qL!d?z`vXo0ku)OU%0>SkA_NC$2Yt8WkGW=)VRlBQ)W~u&UNQ$G zS$|fW$m=coXwXMt4WxGgPKKN5xNLcw1}^W*zXdWtrU=ksJ0h%J${}e;)>`}}mqLPn z-%EbKpgxdzzx7S(v%aqZK9FxJ$b+#sz#@mry(oka_|f{9)UqnH(m#r|JYoB~kA9i< zJ=7OreVKEQsrnr9Ky`{6YLpugSIbZa2ZfbQl|j-k|2&F3cTJTXMQx|~(X50X^DWFaq5R0wuM*sSLE)-Mx4TgV}`5crn`Uj2I&3cy)@ zB+u~g>PWx5;4=6ilf@ByJKh6ekEuNMj81^H*Q>6(a+ht(y4fQW@T{M$&)KqH{$Bf!u79qfR;s%<6&|Ym|O!L z_vGNRvnN-qX-v|Vm9C`EL8k{3uc?q~y>x#tzhLIe_mEV5&zC#6=!Oi(n|oT;Y$s~B z6Sdp@LATo3VY8bFNM>W=cr&1mP$h;&Y3xLR!o_H^gi5=1banU_zM#3deX)SmL5^47WVHMW<`d zV&<&UoB+uwbBl&*N*PmzXbNP=DR+zVG^Ly=uhVN!oCkb45w|FLkhB|N$|6mPAO*br zoTkXdeb;LWqMd5D=ntAw%`#_bN;Ohy+@c?AN)1!;GzGYDYJrS8^a9H8B5W`^x85zf zUUSwm=M!|E6Xzk9GaX280@FB&yZLa7qMC0y^WCKRkS89OJgz+4c)MghO0u@_g}G0Z z+%8{(OXGCqAkaJ2l?#jfh z8`pVRR~~LWOc>mzQUS%~n_Kv&0@igmCRKq2Kn4%se(;In5oEr#D_e(V68o4nQ=~47_VEu$~gTQ0R zo-Bpe!YjvVTnqdMvJ)3WrD!5m!L01W6S5NjGduA~IPB??PIh8_R^o{4#1UDEhh!(d z4M#s+?T$c7b+9YH$x3`7J8@c8;}j+1{U21 z@VhpcqsNVFL60}<2A3Yu`btCcQSdXG4z}JP9B)=wA-Ju2>sPZ{mb4xASNErJv5T8= zN{2NqZj*=uygh+1akq$3!W9WBtO|(4i3F`{gb7gLK~;;`A9i)U)ZH5gR%jN&4eEZ* zNxaJy8R>LdDNXu;_Se4&pCqSK5T;WA4V`idPBA%P;eNhrw6?c<7ng2lz#~XJQPLq; zmC<{u(BA1**X^_RwWgW9!#^zgHM55dx~IEiKklgD$aEWryfsS`H! zdwXwk5ToGDZeSHumCX!rXA$luYunWDpTsh|*$QBZgREJfFf+py3Nzrpaj07SGJGej z5!X&Bk0eJx5!jd2P2@6MqSXt%Zc)QuvERuZ+K5NDo6)FuCpABALbOUK?Rq^7_Uc|R za$T~E!~bI)h{IBjkO%R15~vLRP8n%ZN`I%6TwRXdrTrJ^O!zO~IZ%634y!=y zQ9Tx0CZjflG8euBGJ!5$-VD_Gb4@XL>9P(;9}Xdyc~R;zmBLnA@Kq51y77Sdavc~N zu+#pTH>SkgKRH_Em&E0Ii`Xd0uRMX}V#ec6`__Ll;1z!NyAzNP`k!RxPsso8f4&16 zaKRg|Q0<(dM1SC7$hh7dhxVisx-vEL6Ru#;l6A*oUVbFnwKbn3t<6B-1aDM7$6I1V zCdH?hPE$VRl829MQExf~pkA&_Lz`MJ6A5svVs+5_C8+_2zLu=dB2J=*9(i1XIKPsr zyT7TM0#(PhHA^Zz*=S@0f(gN^%P9J+N%G(Lh*G)Vi!B$}DuAb2qKF?A2+rCI_D%kn z00Hs>K%T)XcHjqgIpqLl7oc>mS+Wt?B-Y{Zi*UMuXLBf+caonVBW0|T2sHxA*RApj zHS`^+&`{Z26e%K@DnlVI-22wv?lu098)W6d3l!d?S_KN`%>g)+K^E|PX35N0?pSc! zLdZ&{grxZm@-gjV$VQmB!*GT_!ZPN5@2}GXPpr_{18_WSzT;Av$W9#@5eUb#oXm=N zfqT!IlGDA`kB@<%-lMH%w|7OK?PWTXkTTJ-ZR;8iC(A-|Wu7vtDgXHXqz_#l5lpZ= zrdRp zqySf~VMub~KYz}#$my^nFHYCRL{v#2_=i~cWX>neH48b4p)_{LCQ!a0pI3N~l;_Z3 z%5FtbUH9*W@7;cO6BcL(RYJl-A07dgZ!Ag+po&@Yr!eX%Or%;id!bTvq28rY=)T{E zl65HP@0lvf?_+&@dJc4858P*~7JBJ}2_m`M>ZuQ4XXGcac{3Raed6?wpn=mrHc-rf zzht6zaXKfB-`)LlpsE^N35!av>KP$B)ByDeIMKl_fI&IMqgon(Aag>QlXF8vE5w(^&Vb6s_2QKyoFYENv?Ug3{cGro~- z+pT?8<5;)CuDV;lLUg!#XDX?ve!Dcw9Uhs2zCS&J_(dqdKWLKA-mL`4l=jp`k$YAt zCBY%2fz@DEZoRB1|c$;vm(}a43Q^kuR*Lg+Xk{0j*(p7(F3rq&ade|4dfCJ42 zLD#TD^D1%)X1z5N!eXXm+$V*y^ZA8mf&t?h44CFW`g=9-eSm?C^@M+Z%r29nftLqQ zL6GvcQ-BM!zsE6J;hpj*x{D7ahlx-@8PpqVYQb4FfBqS8zV6EOx4`e4mET8Dqcm?5 z+JfIZ2srqiPya}qSitq~C9N3GY@uAZfong#hRt5h2b!v7qmvv|hmhU2Q#f~32P!El z^yvRWHdCrvsQup`*zu1rC1?|N5=Cp1>_K219&X?p|A5lz47OFW(L~{cOmhRjkw?)_ z`0y@2fO@3HsaP4D^CpFm0deYtu3%T%NtC)yvgcO{BEdEb7)?wPtPpn=`5)tuh#_$x zB8>>`1EUaj1OE*w5SYu^3M!C#6M>*)40NpQkm{i93+EyX#f(LjE-aU<5G_1dO5q;m z8%u+ay_0{#TaJ6`3qJdE)?e_5xq%n)h$eP$Ga5>+?q~O(jR`J03jdFtJhtMkhKIV} zcD$Rg*7Fq%)^0nLVJC6w-6%S_GI8V&y62L;t0w~`<0z_ecG3&Du8u(D+tB>-8jh~f z=s@@5JW3`Vz%C*!MGmTTi+&GLXxr2{927YL5lpNOE|bci!zngJmND{4`H};u-^4~i zVh758$Ga$%pt2{=ek8t)Rfx#Z{Tl~T)WHJHtH^sR0qq~94A>nNE0XE2EJNAk-JG}Z zPJR4#_J_tQ<&SEAVA}m}zOQ@*wIL2RxFh)vq>Y)Uqxvgt^(^ey3P?yv{)~Ct!k_OZ zXBREt1Gt>ZVi<*tDVdrah8+IyCW$d|PKOXbqEj1L@*AAJl-+6BR!bR%KH(2otQ@hT z3?nw+*g&-epj)OBO@Q0t(9BlUF&g^N?D&IMAGqlHivb>RM45`BJRvM+zP>cC`>ia^ z3mOSyq=bVYw%}_^{tc(0S0};VT31Y-JkkX<3e&;EPPqLXn@h0M7hJj$i-y?T`|M1l z+>(o(u6bk1I~(7Pl<#hQb2X+ma#!-#?lZQPX5nkv=sw4r{LT#Mz!f38a4R6dH%T2` zfM(NSt^e4m&}@tTC-nnoU!wlYKc{}UUi+R`OYPr?P-dKzA%ZE9Wj5}fLZ~?1dYA}C zZ$*W2!5Y0Q166Q%?bTDzyW4H=GW9p@#pk#0{4caW@!x2_`hTJQSHJN&{SVHbN!8ld z_lulbF391#BX#1V4QD=RMj+h@yM-^l&jCSwDaQgkC_#zpQj7)aQD!=Fl(~gVG)FnU zSBV&CO=f*ivzFWQS8kz)Y#1b6ifSr zv;$}#2JNw^o*0$3oBku))Q>Cc{sUbg5q{R||Hvjdn6wThWeg$u5&n-qGo2{Qy3C>D zYidyDxFRb@@)Ky;;L^a_*P#Nv!tYPe%?dz6;nm0ApX21NC6|J+Es*}1Cqr#aMk(dd zZ29K?CZIg!&p?fZALUnFFr%_}9Vj#7tC+sSiIE$>0`*c5@h;DePb`Qu?cUq)dWQ3| z=1S^asJsWC(FSW(inEWf-?wDRvqf>WB%V1bi35&jbXqd6!EY+jtZ7;QS9gSnfo zU`rQYAe#8D#>5bM`;n7)&KbVLIg4)F%v++E^xV0zYuC|Z@x`g*u^Swx_PahidR%a6 zNx#a(Ux$5EIqc&xBj4Kj{IHkDB)VgX7poGRqZPYm4vHo|j17ObDzUO^_}XYi=MAg6 zFA6SQ$-At9v(m)ct~c_Btxa@wZSBX$#;wEFcJ>^IqsB120JddS0gi(A{An+sOWwk9 z5A=H}UUHyE%K)&+<3IW>?XNu2`1V>$idjnTkG>LzfZ@{Vg!n@xwPb(KJYiy{^Igx~ zK(hizyRkp>Se9w&+C%4I15uQC*4g>8)3xgyr{#@+llw9gWO5sG$MsUfEx395+%gV( z+fF+O-wcAGHESja?!k;;u=Qui#0``rM+~Nj6R*5Iwp!o|y#C{H zNX{=2UxjW;$e-G!pS6N`a!3HG;agc)h?24JXhh6ckjTrN(-uNQ&_i4g(q1%B>czv9 zT?(?ZLG`{l0tjD2a+?khu=;|q`jE~KWy5}Ot zv0&8v;Ot7IRmLZlu$OUezRJBN z6m`#xw(JEtlTb3TitgZ?trFM}obwU_{GwEkVBda8YOb6_iNu$bJb?HpHd931da&fQ zaFuR5sB#y?ky7O@ZjyoxB{)s- zRXf=T&XQ4i0s{_uc$7OZg5Kh*>K`v1ECM*dJn2(ErT))ycql?C?RfDfshHC^ExU6Y zPFxMY4Ahj-U7P{@A+8-kd~L-@R`V(f91iWz7hFP(HLkIXG)|(OSmf(gJ`?Tjc(_I9 z`Qm2ZMvqs4H%%KUg*Xr@(u`SrKD{xy0rm~+4TBhMfJRn-#_qj)4Xl{#F;fdIoyZQy z55O6iQ79W`Vw(9C1Xexz9XQ>M5QKlF>rl*>->f@0S)0f;0VU`Zc9JFJ-}}cth5CIN z>dn>L?Lo^j7H~&LgbOxMn@c?+;?U!B?_z%7Q-rqy3_j`rL{L;tWB@&0OKkDpj=8EB zaF++_UC!8@Tb!=l=QzVwa9vHb8m^H*Vu+1Wp&co;8%^ik5@|iKayePMQqE3N(XkY@ z7~7{76B>Ev%9MeFG_FjY7iq;P4Kx&fgh1#A8{2ROg$SaCP(_S!`mVg-tZN`IOsHpq z=hO&YM7gmnv|f%MHDwh&4n%dnL7Cl4nnn{Y(qQ*-3H&ZmkE}L+-WBn4C$bT(0e&{9 z6JmoYAkhxMSfZ%HP_a0LB?xwyFVb1Opzsq$(awOdpoVhFF^JZ{am!r!J`ba-sSaui zSup~&5=9M;q|pIvb~ufNaznWCJDY@!(%lfaJ&yQqmhUD3|xQ>|14GyED9x z_zB)Ad5(ASkX)zYr5TveP-Df_x;yS=Hw~`EFzSJnxu)M2Kn|7|UjP=0^bZkz!nul~ zQF5#^txJWGs4m`M)sPdbOQjA8)`w@Kl`f<89-M?hp1NRI@-|N&aeeI2$9wv? zNOQibZ-3Fpv+{ru`;TdwwEwXmh zvaOC|pjyrc)sm8NAV`L#lug<-I6A^|ExU~9?Xsc=4{!KJXZZ8fGEFEJ;~eM7LN&9j z1D(soTrY6dbOW<2>)@{=Te~}b!s(Ni>5mjAHg|9o$Q@MhK)GGg}<5@ zIsA2J=j%?_Uf9UjV<=u9%YDwN*dDy&CsIUaG3aNJRMObPIN(8|N$*gghV6mhC(;fy z;7h(3!QH$!5+5~ECXQCmJkY6l?S}5|%ZPz`n(KDfjF)P@ERYxNHQzg=S^Eu2-dlkVYtU2nSOY1fTKTmcrQ?%1KGFX$i^?rXHk)k1O_Ls|6N8C z3($Nn+@$;P1O|;5HLs#{L3YjFPcIPqetINPDGmWCa&Y;z&m0 z9;Z41GFivMy#Za+F{Y_ocn?wJLo%I{yFs=8&(I3+a2Z5!&OiiW-g$ef66>QoUyfp4C5m~KXznhWf;N{`p-Lhv=0ziwt+|ztK|FFQ zALp;|{#u-PAj888$l`g*#eX4AkU&P5YaxjbaxNK>_f3%Wn9RUuBz?z+N>5D|X}7oP74Zo& z4k?$4alRA08DbdfDDyyBCV$$|8l*T(VP}7+OiKCEX&&HlidV-G)~McTwjnSoI<{LD%;( z)}*elFm@lVuT)Ie*Af@Fg|ahnLRA#|2hah9Eq2IFTLpYsRM#mo`T-God7C9gD6`PG z%Q!toZe1WLBq_$#IRKeDpQ6a!`kZQONBEoG;6tjsiw_OZ1{U}O4HB5mY9_Y^kS$TU z^ll9}70(6dTqo%kS@osP@IBGQW+Oq)usyijRbBSsy99N*K8iL82V=lzc7K(4QR##7 zK>U1zVdzPjs8VPsB>0~J4M-uK^cqeFST6?WY?LlrurO>Gj(KSKTw=^{Rjo|8(i7!mB-_^&} z`nWPt&|#*GH*7x(+vbY1PL}3oZW)`5+dKiWnU3oVcmjUT-yDd|EqBV(z$58`_A6}{&wch zKEDUCsL?j{v|O!I@p91nBQs*<=%7b)phU48vhfYX&*%Xn?we};cyPIJq(ALhyI%t0 z1~o~Z1kpifk#cT=aKGWWw-h)PyKb#D^Dh)vQ3v#Q2IF)JB@{*InI|gISy?r%47q_d z&(pza#NI1$r!jFj6{6gdac(K1Ht=hku)X;WESGfuIGx8YF9sn#QcpSy|H0X^^7S5_(E^_15uHV zTH_7@F$hD&m!tPLgq%D&&=nuu^c^R`7;b#8_-N)(PXD$3fWAMlUB_zc+1qkpBq9e~ z>i|iHm;9yD{2Rsy-&~`Q{KJ5==M-oA<=^0JI*8yWaOYHjit!`ZP>2X{t;fk-iLc$% zNc{m-VdphpbaHp7;;qqWGOz=%+sh!#vijr;$^F%45Cx5bj3h)IM&44tyGovoDs zIvWNexIFoM_acAcxzejshoCzVpsW}DpWGk(4t9uCJCJ~en+Z+G9XfjB&!NVzM=yU6 z#+mSwokYFktf>r3s|h${@G0nyeBkcKLQYR$E}Q~ z+xJ>a%87cJUwGhfV6SDEvo<4(1;aMVn6mAzfOFkRfK@stnqd$BWUg7EQbsS>1TLFmp(iWU|<(y zYJWcaEnOBa0ijG`G6@h=jG;}ApJN!Ll)1w)s<{@MLsOZJK8Hs;dr>hva71wF66sr{ z>9Zk?{hRhQVdmsel)%&{_I4l-Lj8iXZ)EOeH|I|7T7%IgmPuw`u4z~>t(LS2d6T=k z(2x0o8f-=yea6_<&W1tQJU5{{=3Q7mc??{^wzER067-2Um}_-V>AdJ67>G$wP+zfQ}ox!tDMynS8Q4kZBG;XwGTWs{wuuoJPAl9A6*a>Fj*X>G}+l zgF77Wlz~q3o}38r`3B}acnf67nUzgFMZr0nz!?Y)4z^wbKS$!)p5`#9Wlz6gTLd9Y zD<72GisLw|gsBG{)U+$N@iyzhw&uEprB7RJx=_*OJ|fPl_c$L=t07gZEqqOWNDN^V zA%n`4F=$vv%0c8P3glXZ#aV+a7xu?b;qgUh)RaMBDtBa=@#9N|_1c zy03{8a0jVd*t{Mjz)1coHsKYv-bf8nfKcfP+(m<{2nw%67NYyi;L=Ul&m7F-mYOY? zC=_9lnfnB+q9GVo4!xplicuIoyYNXu&ZfIXLr@P6y>t9XqCbrGadcLPlcry|0B|^w z*S*dnuNTrV14vsWNORnlQbO&zQU_S8mTbvsHa;;$6XCOY6%`aLznKLAmZew<%ZIF0 zENiS{xkrE_mbb5As&<9DRZoE-VEkr@H@t7sliz@ma}t=lqpk4&AXyaS$ycd1Nkgyj z=o^S+h^l{gW{x>x(~NK-Cw9;j9OQ?{zo0v14AUJD9I-gybBkV=fV+ju)~3dFBjLuio3;=R@S{Cr9@KwEEO&PCHnc?n#_J4mhPvOj^rO??Z)=^>jsdl z{`LXDFO1gzLPUS_3jsJK3xMA~rTmo*fVCo(<=ca;&15&LS5qh{`mzu`vHFWp@-xvd z79~ga36UH&Y~$vM;8Ia&!L~Z`vtd55B`3ec2r#BHBF7we6Lznt=NO1Qj_pukdDfc9VPb0+OOGX^`E>1sk9eI@FHMdijfHY=!%Go3i*!D+Oo9inTE`tR*bgHhVvc0}U`< zaJ^f9p zIC$_q+@b^f^Z;M+RbL@z(NKZ^0i!ZO&Us&soU|h(-?i9INH`TRg{ixf^W$M@<`nEb zB*MpY%^T{xkST5La()ke_SL0TE*XPV;L6+}J{5*kC`KB--vEnSA|APOKc9o?2F z3TB*gd5P>}*)NkHC>8(fOg@GS&*oxivBpHvgifM}NdUbQo#XO>RJuB6*xn|;W)R~DrYZhx?iF#U)VL)tz*0UAV2u9_j3!2^t?!_DdK-)7 z$$1#BXv_VaejlvG=|F`1(|?#T-41iE{%qSUmIASbRn^6YO9ghUcM|bZK;afW(@Byn zF#Log^>%wvyYkgs;|R^)k0S)WLIVmO`KC~MBNIki6Rs@gVjtk$yFt!U(9xbEn8?ia zL-x{_UfO9~4wF$O&=Glv2Wja2AGQ2Vaon*7wgKl=3%}14oNvM-`GWCzq!y5FD{4#r z36V{EiW&lu@{bx1p4_}QCls7@I4@oRMCujo=AZ}X*QNs@{A0K&BOJG3+>G}ePatbn zo9*i?;^}0)vb&($j6q$TP`waiHta92ffvm~6~Xa18(@H_$nozj z)iXe4#8fFESj2ezF}yearn3d6^+93IoE|ER-We2z(xUGg@)zR#2=Qer z+l)#`VOB~CZlM zh@reF#(s0O^C4qEwNC15)<>KY5J41p;z3h^|McuEoFO}#Bpulta?UQyI6hWE5J6jl z%c}Z1L3Y{ky}73r4fBtktIG)2+b~*X9=6JKw!pN{=bkOBF#)#b*h;zQN*pd>PiB(e~=FZUQ1aouCRxaUi|i0uNgJuP8f#Qu*e14$|r z@do7TUaUNHq_KgbBhgo?;Bo#<+$;iIwgYzlF}xrn++o9B;EWqp1v9J7R>C4cF|&O> ziqk4Mh2lMBiejk{^eO-+5XEetC=MytlnhCum{}CX?;9TdA{9LO(OxM2(kgfX`v!Ta zNek#NmnnWF2?AP^DWGJz<)#ca#T7mD!+pGk{;(S~#ibN1IAd7zfKlGRw@{t(79Lp6 zZe)22+Sb41Eoc!C-hX{5dlKW^wrxURbg~PjB)9zCm8vm=H=M(68F0YEc%Z)Uq>$ZG!`ZtU;^AB-jP z(8fCtsVG4#!6CwWk%Du9X1CB?rn6p6M7mdazzAv=m;^Iq_3k8~*jC~dz47-SBk9gk zyt_j$Mlr{GxC}2??13ZS%pf-j)C$D=Gs+Y)qVB;zC=&=UUQrwB?#4!Ubj&N9^;N>a z{@t39E6EY~s3F1D$9+68LX&S|7&z@@dMDD-XpnnEy?{T)pyBmj_kjkgP`9vkX%-p+ z{r8K8E!#5CP=#Xu4jS%Xl7)s_QFjUr%>@<>H)Z4!G^80sRZzA6F|lsg20Fwm{ODYE z8aHXZ_p3fSeT;N^-XF3$J+OwlsZZMftvjRBH7NG)bb8SvS)ERx?o_9}O9=yMKPw}b zc3QY2@S`{I)p;axGe_C@{trvKErkS8V^Oq@d(f!2iG+a?I=v$8{ zt$xo+y+Z#2J3D=Qh?QB6 zn$&&JrX?%H@fIgNtBp~Uf~|99Oq9ZTza%Gy{rFB0@?3=WrQdIeo$UJvK>!D_LWyb# zkO-8KIMG063yYxS{(_bi4WX}u0cf_^?z$(YD5A#+4zN^gnm zIimvx7Qu808fDGZ?fw~Me?zrXVXj(Mm91>|znb;#KmG|ia~g1!?VC>)2_oBaal#Yn2d@Qvz&f8L2o%bjcbWnv)eAd z09QTYh{naDu%`7+^NK3Y)?q7xyP!w1FW$}vx4hOM5Nw^zS1?8y{XF!PtH|gsmSF>1 zt{R6VTBru=22O#SAr>3M-dZBBj94m{otO08-8;h~N|)oP)qN6d-t8miwy+cY-AbJ6 zMb~Z(ESDYvvzXbi-Rz_10Abk@RrqWQa8XyFJt0WQ-(no>uuzKfQi^%bqj8BGI%BVv zkpg9U_9}TPIn)dM^t63z6*7bBeygoDwRIP}b{npC+zH{#T5*bW=LR-h<_zm{yh?C} zA|m-ASsh=!d{0>3PB}0cus{VRuVTW!ga%-BW9{H0@aYqF=ha0gizb}-G1%)DU`}PP z-uh0iU1`Za-vBAZ)yqBL5AHiYOXwdjAc5fJH09vw9XU|x?k>)e_~ks=7W10;#tAsw z>9Qv{=eNwuK%;O=16ST>fFNG}A;by0h50K|MHkutgU0dfi1zc5tp6LH{SV254%G`2!m;AAsaYefYR_s6#`U4(H{I8?9W(2 z9tM1Y7snZlDi3pdf-~IgblCspFS(hE8y~SYVpEQ0Ak%WVP zt6RvJ=qj;}W`It^l<0H~$Xko$O&VFDBp`AK0f-E0LwKmtbNmyG9|+;5V8 z)H9Dtngo=+Br?^8pT7eb{T(ry{g>9?-WdCR)9-Sp{eHf03I^qPLTX32Q-i{|oWS58 z-8zyv%VeS7@a?|21v&x!g9I5aM7(e-=8#~)LM-kT1=mjo#xP{`hlXjvf^Gka84=dI zSn4;6B;el;yyKMF$^f8Fse<yQ$O-_%bd%MgieE*B9M!tx0m#oAL4zY>QmScvJ^{Boicx;3A9YH>>P*6X-gBj)m) z0gfN+!tsNC$P%sC5uCG&u(Yhk-sc^5??%fzfmrTp*{(5OHo#N^tue2eWBy98OUs^u z;2jikd*<0JkMM|5$nOfPz6D0Ob&I=Ofl+Rvl%3Zv1?SwxCWr5Ku(8@)Br)tc#~T1! zIgxnZ61?L%G6Fb}ywo9Kp%P~fuQt_#BdKYHEMm+^7g6}t>$6A#7=Rjph97E0asFJo;ufU~YK%vXo6b-daHBnMa1^j%Z@4`Lr(fMJ9RgVl?q`ay5n>FoRMRMS5W8R*5GvKMRX)i)Z9SaPdiPUS=0^=~IE`n0gnIi? zkL~{El0K-2t_tV*w=Yw!0eg|Puw(TqsKkr&Fz~5Z-`E&j3fR(2CeHl3JG2PcPgW*A zmxnIzvvu?~IT~C9|G%$vpc-z*bIZp9o0J&bhf_OF!Xf|V@5@lOU$L0(J%`ETV|~oj z$25Ihr;j>)T&0iiy$8$G2vHHkG|92wgO>5_c9J4%d`lOp39{<^Sez88J}ld5 zJsRnmC-mA@#(VL0s1q(f#utfRXT_0oEZ#G z<9`qZoT3}zKVs~W;W4n~-9*2Sa{ObM#Nr?IR*yXGmQMp*^D4qDw^#OE&Kx;H`5Zz3 zO}Byd*mB&J{|TohVB*u;0dZeSaQ0?IV`pD57u|t%TgO~oZ-s(O8-o3uu6GKY{;$ay zvf00rjIm&z(|?CLT^wlUVk==W+@5avZoyVI3Q>ySh#G9&0zut~1%k+m=Pj}nORh}M z_CnU|7cyj+cN;e>+CQ@F=C=KGdcR1v$THW>^hVa2rp2Hx|57}l9l?%Dcd=03T`qh; z!#IczmN)odnxi?bbO0-M2j|?vK%!kbKK!}V`RrZDc?iw_!H%{9#j!Uydz|E!@wF;Z zY(_eyY1e?@oT)I(+~PRrOn}5u+M#%2-(|3kjuo`Y59d{*A(RpTD5ZhWGBl}bE0K>OIF8~1*e~btC@ZZRHoG=lkg5aB0G`6J zRWwd1V8Q|c!tA&M!6`lbBhye4B;1?8R@9A%9^`l6xGQVhitJDTVHDK;2LfHOT~-+C zba38maT(I#HJ$?kGq`^SwbE=qzS&DEfvZ}&EO9m~3)l4AZ`7$dzu(9!dvsx8D2UP89szV(X=Z+*!mgTY1(zL4(iBW zt-q3%?dGKWwtYD?R6g*(jRx2UGq_8kVe0+t2K_xV+7>j7tJ9Ol{-<}RdpVM57(lnl z3mo?yli}5j451^Cp_~4P7g#mfWOzIy!w1;6kX(-pO}m1@Is9lv)2_mXE1Py5(l`ud zHau)_J13*enZ)fqTIq9B&r{@2PGx{VY(+h|(4`y~y5!{r?_Lqdmkzwba|z6qT5jjp z%w+J_zPOx=mG|WF0^{JDs+)F&8ot`J3r7t`Dg7UsWcu~iU1`kR%eFq`6rUIP_0=ZB zii`}WF#|ug)U;~|>pM5twoMT^%HrwnjO+&zPe0T8ZpkwTa&E}Ta6Ex*W(GLdf8#L& zBV^V7EnKky<3{KK)KF*^13&y@c)128+?f$xYr|gPSEY9L3-iP>eDLSgX*L4k;hiz>TM^9_W-Z<0BXQ_O;3)sM92 z^^}q6-4FUt6pH&eRv*9B$Lad$&_~5qxJPfBbC_v=(Hm2;UHzjWRPD{%+69(}R4>6l z68-dLXat^LfU@qLr7&AK*1|{du{U#qvu0p$>)p^Vv0;1g;fE!9{t8US{zV3W#50(9 zFZ{}4HjVGhzhwQ&{|M?l#&M`1t?;4d=9-;$FeP-|IoI(VTeU{PPWt0SEbC0bi|x;k ztRr0`vK-mTFWLs*K13U&m5bO&bZ?!wNOPDz_O^ zMLfe)Z2&xKs*LL_qc0qnEQQe`uH#q0I)H;EF%%_8pSUdqG6yuSvI0?*vzRoLm3{{h_Q`uP(8`XkU^tAJlv8&2d zL%_p+mDo13m%!kP1NYmd;f3l*c#jA^aa*~oxVv# zCR0e=K>r)K>9Fu1KA`kE*;PQU)Sg?^2gDiWakuQX31~~N@X(LBBy70FE6m%#)yB0} zjkf!vzn~^^Sa#c?K1#Ivy9a+hMEmw(Z677t{onTy+Y2*m>IE~)`LI1RW})4`p^x(Z zr(2*q*TSILS>Uw(l=1dkl=fa{6fqqQl#BVOkpQGeB-{UX=DY(m7-#;e!CF|07ifAH z{sv|{+rGwkmV%B6QO9&s|H${J6U7XYh5w5I9>i-4X(|>5@iuP*+xDEn6yGvYfCaZx z0digq7A0dCU$@a}zjykp_G@KXHoQ7wyoM*_C@(yaV1s zWUm4WrI;ZICG(Qc+uj$8Ojih^(z?OC)yi~Ln4AyFfG1(-!*i6+@s`EsP0w0B|Lg$e z^P5o%4slc%IV)xBwOFQ(iy+=7588R^Ovim#r*}RHwk_v7nj)4D^Ea%_A`bWl)BEgM z#$=LCh3K3TK2Ub2^m-XR<#ex65Z~_M8nAq(ArpbU5Yq1d8IDor@^}Wa_sQFlo!6D! zT#oywb_bskE0q4@q6PP690~6ib0-wzqHLTMXFObh2#siYZ1{7yHrq@fMThM;&pQRV zL6B%g4-Tsf33xLMqUzW^voU}xIcFCrMarSPAhFbU_VxlZ@cUd2apOV>_X3o?40mU2 znQ@NewUg+r{oJC5+o^%@O*waQ9f9zc^Fgw`DrCY{1&O$%tZ8CB{DYU$#Li(l4zuM3 z1{{0BG?p2V<0VSZqKUadnG^XUOo^AH$tb1#CM&LdZ0VU4oc9T{Q3E8GLps|16X8c@ z(8p~zywvz>IkfNg$IREQ4+NL?Z`xJVcrVeVywuv&i>GFJ$N*6w0ce2?;8Oo9CLXjzJbdl~K%C>}o9NnP5;`)LSd%>6coI!a#~;t= zsxa!Le!E|d@kD0d0#j}gds@TC=W^|ktdi~i0lnTo8IW0XyZ=tsyZ=&-407t9hZ4F4 zvSW=gp1t(ZxnzWFdkl&}veRP{PKSW4k4$W6S)Yq>i6+UoWHZoqBn|Sf*?+GRHdL%8 zY{jZsMz^Tj-`Id<7F^y7LX?W9NsJ5X{jauJEo81+;}?&Bd;O-7v7<1QQh7CNsL3>q z7<01KYF3DHRK020o5Jgh+g=WOOdkguK-Jx3%?)`kpNLa^{hTfF+uWMn-wc~%hJtnueG}Q z>RjsPMr^4;am8}ONkp7qM`|F};0_glw=vt??mu~u@=X|i1#UcX1Am_^{d%8|jC}WG zO=-&P3R0r`=x%XN^3e8_tL!s*oIipgFKAwp6q&&@_vs z-9Vd5UHK!{2pkW>%mjn0XZiTWrmPL!?P)(ODQ*!IfA{O{{=}@t{J%d3Ol<~VSP|^S zAI&t+z1E*#*wBjj!=$8;vL?+R=oa{6(rt+-8!S-1vk|B7s3g`z!YD?JqN0fOtCke1 zYxlo?pmL_J(=j_ZFw^SXVa_Aeba&zk5T~`Xaenep_B(;gOe$ZYCIecNH;PU(!xu6{ zfq$`-Wa8Ok00G<^uk5G43*zF$gGWY}C4>9cRgkKSoATQI>F^3EPzG$Yhu#l{)evH^ z^%u?VKkW{902#=WPf9#kBKZ$apF$(l3T_Y(R&V!@>{Yj!767vPWu>(H9|p3Z@B-Hl zwG*F#$@4jZNk}F_bIGSxE=s4Cr&7wKShK+W4^pqO|_ zCI%eOJYmMSvJ3cgJpIUY@X}7FWzANq!0l9l+xX>@wnGR{e|Mn)$5SI*giqftGEz~iO>!3z_ z8p*9eQM>WaY_h;49@`+$*nN5~aUACS$W~Tp$mMw4x|k-`9oQC6^tJo#dE_ud=;l?V zKlTyFY12{LSDiqTAz;$XhJzQ_G2Wg+_pZ}~yW>va9|(VO&g2ykzIMO3k9Pf^uLF-> z38}G`M4!FviD2}L{EbXQypQ8?@DKXt#cMh(FD84)i=2?83ztHFL?{P|m%Dvn>)ZYF z`>BYkyV35SllAUzSc@*5i7sb!saJpG>xbF?={`z>a5!m^Die_!GhMrZw=9u*@K3fI z$4EDVZGRT%PpZN*FrPb9mAAI(b5v|Ri{ zJJWLIqdHT88lgek{ny|iWz>jBa5mt=TDO#;4nCt<>*h?07kD*fntcAIj3$RmlTGO+ zcTTZQb}!Fv@|yiNxl+oo$u&)xO@7xlS^NKp`x5x7s^fniBoLJNqJj+++n^D_H7K-+ z>kEtA2QL^5)<99C(ip4OutcLQCS)Pkn~SK}qE#E0R_f2TsL0~dCV&C4RuF4Zs>TiP zGt{EC64v~`-)<$Idf*_%*;6_vB|Tg$<%n0o0s`bmUn8h z4Vq2Yy?jv0u*pgBCK3PAp@3(7`4RWVOl$`E)pwdvar$$sGdEC3$$4h==^zqZp-a^W zB7l((6akWgsWOV-=k&sT5pM?FyO0&PPNgu;u6MYyjaO;SdkdpBIA})g_?r_(?Rb24 zQa4rzp$x;If3@A;6fuv z(^e&BEM~}^7vT7z;7a=ov|0=`F?n?lD6^CTa{%FE=|&i1x{9rkQY$S3dA(b2W5h%P z(xAhDOwGMF@Q!3K#BBqzGWrrSad~Ei%(2xK@-AG?8P4T=iud4E%q5aj8Lov%md2iz zOA(mVrKeLcEZbxyJYod7uJdyRSEQac z{rYZoDPUeOny>&4h-5=d*#VsBuy-Cc>d7Uv(>&FeFyw+{K%2~EV_yV*Q!?RqmXrLd z`U{~^yut|!Rf74i3S%G)WmBgm@R0sg`(wPFp%_zbF4yD*ulZEft z>6MMd>Gw;mdi$5u0@lb=r$6b?;WB;vliwZ1Y9`BchRrkkJ6@s~&)Pm#W` zBcNuK)Nz-R8#n_;{>r)3*f9@CJPiUm<`=1zH6rxrk9~#JpltFbr zo!cXXR_yT*F{6r{_b65<4zY#{jF2NRZS_liZ?H3&D^nh zPX95yi8nWAU)d)(R`8ni;@rx8J$lSMGSB(xklf&NA9kPd8kkQJuDmOZI0gB6?&JXO zbh!Q8JU2Ihvup~BN7?6%!<_)QHx+Fx*AC(6cGm;o!Iik?Ao(ZbIhRt$BH>-Ywd^;E zmB$Utmr$>(&7s5yR=Wz}A((f;l9N);qUL-usUeXO+a{B%CHj=`UodA-Qd>N~<>-b0( zqmWJvS5k*rgJ?v?GeqH>*OiGT)LUul)pDqJ@D|OJp%ev{ z0b=AfGxqLm=5~{>UU3n;$7_Q%$MKmvcNWW00KuAhDWs8+5ZdE_vW|ptY@9HHHF?Mg zLJ;~O$#kX$5KC2G?@LWJ_bHi{ne}^iqA)2OVwXEN~W6^c_Y^WW-J>QkskR4 zznA#GfixBtjs)0ik1~?<54kEy0jFRI!K{)^iy~+5KT?av5`YqAIIDHF2^}}Qr34dV z$>0y~)DJ!r83oQIHo3#=jK!dm=27Q}pk;Yo4we>T4_rQG%*g!W(K>SHDOJc|dSh{P z0f#+9T$GnfSZ}onR#l3Vct9Z~fbCs-Yrv2R z{A0E>{65%F@{8?pLy3}(mLl1wNW~D$!W0Zo!4NXijo&#VIiwl#40D6zU#w@@pv5e{ zcQLm+0(c!l@6|TrABT%*U&;D_08Dc5N=C2^5c%P+=KFLAhrO7jD}nHUvvjyTP`N1R7}=F zK|sz1-YQg^&L7^-&eOWU*vN#~-qeJ;nk#6u0f==`B;TycOGY15B@4&EBa;67k`l6+ zer)!)CXa|NtlO~WKwKNahy6g@rrih_w%Uwm?DlM*$JXT*Hs@M0kw{y?l~9s$r*JSg zpfLaVdz1egW~pVY)L*-aWtq|wtyye95XGihQdlS+R8^qIt93r9msN{S#F3pn-2S_?M2jR|I5HZ|8k&nPpxxsC_wapf z`%2k_lT>{W`T3}pFfK$ba8Z>FXEr>yA(`MjK{eVY!P8$u$$nKBHL4UtyfHv>(j+K zJ8$k|@BA|!x<%jH)!uG5x9)^85q$=~iIj5EE({@*&oLq~JvhSat37z|584A}NRa|E zN5JXLgV2Rm1%cunKZgj65zg0+(dOp>UbkqATx9++*^l{!z3ScXw*A#acPOr`sk+(*1j}{@TZoOr#KSP%2S2za~QChYp z^EH{x(315A~(12~M?tW3vo(=8co7;4EWL%sO=_)tp`8R`QMfBT`<(j1gc*L57~e!E6YS|cx zQo%m6^hcJc1cIASKKn@V4#-9lrJ|_U8ZTWDE4?i-i!E75C#<+J@l!TGxye)83=1x} z(jOPF;0%nQliKa)F&2Ey7rrI?`i5^gByQ?pDa;YMKp==&vfbo&cA4hixFVtXd}+S& zx>)m-|Mn%oj^BLi=0{6mHvgAv6A0pIC-sNgLK>LLVu`V~LQyy+bW9N6EboZ9T2qi? zAAJltyv2Wj^WtLsO7NZWX9xdB^3|EYBx*pI!|`P{^s^p=P{2)|{V*_$>mqBmV^Ga9yHqML zavvgY8K@^%Gl3bL8IbfiRw-9 zRiUjV4k@%Bp3d3i3vH@flp{uHw=PNGGQFNZBT}Gnv8iQ(H!fR1y7{aVV~B~gSQl#U@#z!BpcuF$ zZ8WG$*0pK=k97Xl5ptMva}vun5E3`F;# z2V_oa{WM|^CP3&?#DO$r!$akyPRA!dw(G~{v((7&E|@$*Y+WuUY?mj!xs{&PQ}|K8*RMwHk1xwXpH z2e>?`eVpTutZY_zCC0{uo05hg1u_;A^b2edpdrXR)zVG5&lU%mll%ccxIVDXVzg`?vRt>B7qDR%-|{m2%<)k|K~*^@z( zfbGS_3UYNvE)M!C88nq03AG{nM3hrB$-zaOSk3@m7mL}&8X<0v|F{861k-pKYr(zo zH4lr=)2|j`T2ejKex$*gnf!`IH}Nfy0WpQD&XGf!zM!KI-BDW#I0qfmG=XEj<18HS z(-M_YQlrB=)fXEYf>RnGC>s3B)bAi7BhKAKQXVE^?Fj=ob~sK`{3Nttqy98;kFiyO z2;U$W5Y{9>`=Qfl$@eI=(HV#gLc5@BFPY0nAS5G(V)Td38P5GDnA=Uxy`PeMQ?SMr zSK?Mqu@Vqpu=;v1r(rL{rtO~pz(dUR58Um7cVQc&{B#hdDJ7A$u0B(Y+-~yXwp_e5 zc4#nL<#GJsT{p#-#DEt7QS!3qgFv;--H)OORor4AMQTuf6Cdf`!fSD`2F}A`BV@qm z(%prADy~%+NuP!3Kop}vc;qmCtBK%TWgl48}DWq8}I7_=TLW$L7! zF3{x{Azmg6Z;SX=4ECG}<~LOn`3-}tDC#lw1bU$_>b;rJep=U&)Y_zrFshjG@+Ubd zAm3~KJpnbjxZwd5EjewUqA@6(P;sNmh%XaY+JgudXB&qi!yA96KU>lC5;l#}7$##} zcKhA&DL8@+&AoD>uU(+YHmQY1l~bn1^)o3i`q|>UzrB8@rKz74PhnFr{S1&TA~FC4 zAy4rxGT-GbRdS#>DknI=rp}cQ|ER;H;kW8AI}>!6YY`u;UK?MoB%D^UI5Puo!l6UVc`|}809>3& zSGik7@I!cnB7D^y6v4PwYayOju@f9yovo085Layk%$+_&;+TjK^spNX$313S|K@iM z>Xs1Dl9C z9v)}NYH`dG8;v*>%K7WaE+pWXJuK&yNfmqp>W~&hZHV_zT8pFY;a3%HaL1L@MKZ7R zJ}On#+#q#y-9g>~zZBo8#Vtchxl?nJfM1_!NeW^TT6n-1L6;jg0bB|?-cr}R(cYTkg>zLsmq_?{GvWuZ*HI9yg6!!PEqhh5qk{iCBr4o zwQ|v!z|Ev33L<<_P{|SSpzw+&VJx>mCwMBn5mJUrDTP8Q8kA+^XFla;A?0Tg$2E(C z1ftEB6m>DB_If{2>gqhD3gNXq!f}d=NpHcGKz?G5HzkL_PS%F`23S>caiL{oqsUbw z?lZg(p6V`<umW%P&q$ugOn|FSbMmvCDMT(j3kr{L~)(0WSeFVq> zY;8Vl_}vYJ%Rj9Qt9iPH*KPb(@O~Zb8kSnf zndNa;vlT#FGN8y1}OscYRmG0iO zxPoxgB~Eool9!-<;S#U~viBgytw`$%d*G;qeg0+JRUal< zfwd51`*@_s1{8qC4At}Ej0kS(Ug${4fx29m;6d-JjbzX9a6gtofGji}ZNRc8;)eEy z0%#)J%6>q&6%5>62&)|;1s@PNqW>fQ7;sJ0r8&S;yf#s6{Mt>8rjFJZaUN~-Mq1gN zu^Aj{MQ-Xntwb&vaDF0kZ^-l2DIdAI_&E+?4b9yRa=S|)Sx4mJY-BXYNV8|2=HohU?zR0>g+h+J)u$Q^ZwAon=plFeFn ze=HAy-{=7GBPmk#3z7P0zN&B?YQ=C#ji!zSzIH=2T)Y>Vr^WbwN}KNbD1 zYpFunr@?t6E>>(4ifDn@gfXBpOgL2tDW%OO>1{{E9^u{pAli15A6-Z-SEaialrF&B zDYY0?L8<`nP4^zXTtOC23#=U;Qjp3jps`!@NpX`QDC(Mpoe+8VWd@PbVFCj886gIS zaDM&C%q~#GjS8>hzzNRCPW|$BJ)y8+Tv3)okU`x9GjUtl@g!iacjIbw4YjImBYHsG za~LTBU~$(H<7?@3`~z&e+6ZAIfAFl-eW-EV`n+K0IsxJEsAP||vU+UibgCTT zZTR(f0KplFL5y*?XSe&@tq|NztW;e0EVPun0iD#dfLMqQ7+bFE1@0EWhL<)Rt$HaQ zh~z}kF&W&g4Wi>Le)GB8ba1yeh>qjrCFT@I0|;JZ=(YvVb(0Sk9j{n!sfdnEBK#qm1t zI@As>Cp7~H%-Q-ZMF>0ypbH%JEbV_0y&k?=4aT@!YCim+iybv%sgiXZ`ygR#fX}rRV>IV1&`2RR!M$5If#D3vqvyOg3 zLei0Zd*6q8+~i}}6T^@QnN-W%%cN%qF{EQAD|WsaLxSg0vA+$f_}6hS?G@S3t6}uY z9kJrJu&nwBc(hxzy}fd;D9AKLPpPGXyd_w@0w+Im+_*Y9)jN9$+JQE?6-D^R-!1-c z^s0zmbnsu@Qhs$R8kk^4vH$^OW}xN!FDIy&7W24%o~~8QQ&w~i06wfpaYwv$Yq(qV zR3TSiQd&SNM57Z*4?9nhk%yhtvf_2bN5K_0B-tFWS=h;8o&fh&rXj1f?z&P0IjNDd zEYPolwF@K7;+LTV0HsYnT&2!hK z*#(aHwy~sREMo;S-*PY%ar3e}Vp+=wnh*?yeEtM>+wI(sk zO~^tPF_g7AYRGUF(X1hQ`LWV6PDt|gl-}ZIkhk+NC^ti{;WXtPoEFYSUe|$>CHHwh(UjO zdYJC^{GlbLKyFo>a|_9o;Z=9c`<9kKH}yg(OgvpKTAMKhK7BB+cxSNywY?(FD@y%w zI1I1YK8ctXy9Tuh%&x=E37=P_y@z6;H_cq%CEaAx(az$s$c` zP3CJdTa#Iu+^9*hCRb`wsL4c4#%VH2lk+qg;~<=*@twr;Yg}+n@;ZqhIgv5?I08Xf z>65DRyCwxKZxvcfA!0-qbn-z~yw{^NJ-G5#7!)h&K%EiYJRNZs(e?&cK}N*68k_>| z0_S@C=1!@f;`clho`Av^fgVR^mK59PffQ#MPY4%yxL^V*8r=&p&`+by3VXsLu+D`d z$Y+sm^CMs{g`AQ_-jLBMuM|o>SgVwhu$&X40Lg))Eb(~Msg1gDH9xOoH zONu-%&TQa!2rRPSi1V0O^dc}0k=;e?C&jrRLH&*Lyj;A@5w2h5`2~sHAYbFcm+fsu zN;q2NS&x#40G@nl?*)l);B$s~Zeue+}9scB5Nv^8K|m(Rl!&nVtq^HVItNaI^rB<87CrA z+MGj0`UL~P92((XFmW++s0p6a{*TVB01#Dx*a{fXa^qf@n8j8ssg?Rvy>ZxMzVjhn zK8WBj;T7x|zYtThUg87M#0TjqqI8bn`BHv2LAgW)Y?KJ*#ge83n~^U+OR9R*jG zqMO431dM%BA;^*s-OK~Jx!kz1$WEQJI^Ot%kO!&Wuh~Z=4lTudQo#~QeVul>QU6|u zt;s6*9blG7K5VT+nx|KU=T`T?j?O9B#bfOIv++7?-_6`kzf~g{9dJL#h3nJ)@=YGY z_WVW6l6)_+gx$N@I*rm?U4-pB_!xHQbJkaP%f)t{?BZN|zQ?!ra}=gd@>D5!2c;c+ zU{{3gr};C_z9S@`&)3hEem*nLp3k46%b*ti@i%Lf-E}3QNYx|7ifK}q+yWQ#1Nk? zK2v7ncbfeEj?=@;40-}&O2ivqW7)63>)%Lx3S7V^!9f_@m|-tRC+tU9;{IyLkyX3n zVTseM4)?88a>P5H=K-;5L5peN7i^Ka0t*SuqKSAn8S{>@{@cpZhBe}jl>CH4A9%rm zQ;M#aBU4CNKBR>RXD%{*kwF2H=ADdSNp7~uYF&+xy=T442<6on?ZkLVIiI#?iojPw z4_T4r@*lugDn4-sTd^izQVoy96j`xOK`hO-vcb4_lBz9Eg!z8+d@^$|7oK-zn;v0H zkZf?{892^3lzADaTd%l-IT`hGMlxEIE*Bya=BWz2M%gUjHMnAS0gfnWlsCVoSi#=G zVD&FxZh#kvs@}paFe8Vm!S~nT2VFyVo{b;#PKns_Nd!*nix+U+^>hjzxae!+wR_d)3nY57M`x)8~c8KaE`xOs+mzvcgzD)$2jDH@#=WcH8Gn)cjiy| zMbRb0iA{WLonVMmc49|v@KeK z({IoD?7}hvLhkjde5+G{m1<-POee8`4vYieX+S>oUkcyD3bFLO1^4So-Db6e?m%@2gtE1@W4O*CMf(Pbr#`ZJzS_5Th+dLF8CHs zKIAHweCtI#8x#RAdT_=hIWe$OFYf@>kH0Zk zZ%k!Df^}>hEa5OV9d|J--Mc`r^w0)_rF+jzz*3fgGcpd&A0~AGXKCp-#nLP(NN}pN zV_0GgOg5UpR%EO>Uor652afuma!>ISpGFta2O5)q?CS{J+35s^& zIiE2(4e!6J0ri4WE|Ek-D@8S!ghD_VEIHC5RZn^s)0q!HhVX~?yWho^&j|Svi9*ur z!QE>Dj_q$vJGWLaJ9@pr?73$oVD?N@hW#Viv4Jih-vP4|Zu+K}y-*4gv#0zxj@j7w zK3gMD{JGgc@$BgdP++euptw2?g}t}~6dQi=O`*t_f`sC+9~}h65#E^!MYa#cnTb&7 zT>R&cW4P$4XH@yzX5=@9;?-iG=zkE0!aHjYl!SM%8Lz_*i?}}HR%d3AL(BSj2YmpQ zJBldZu=XotiuJLiP*Y1p?txHrxkp8f{Isw4VhIVrcO`bZ9t{EI#<$^JdN=cNu?D3K zLRFkZ;APYTY6dZvn|$<43>FVGNRm=w%H4pW!d2~13fPK*p*&=CvCnPuwpZV&51yn^ka zpo*b*6p+AIwKjvAJt5D-DcHDbG9%9^91_9BVb%9aL4&T?lu4-)Vm*4DA=Z>r6NvRR z6me3Y9U){wOVjmd39;f=#tllRbuwz^SOhFVWYj9xaWG|1fX7zR8j74Dg-Nhqp3O$E zcELv+iiO2ui)1rr5m9%?b0=$s)I#=31g3fIkuPLaar-G8AvGtEoJ`mKTUq_^&Kg#Z zZ`uf8iPgekNcXDGQ`D9VrI~HtIUDAUXCW?Rq-p$KB~X$nl52T?{U3}ql^A5pq-I1pohd`2SxEF07Rz9j`!Vp~~%LZ$7i{~vywHPJi8&d&vv4;*mj?H7H=uUNtK zi?^-`+qo=;TNrnPSh(x z$_Ah)8$0CTY1jBH;&NP5l_m(K`7E9Z}f^??I*g=$pUtl!G#1JvcZ~Z z%*F_rEZ=iM0$?K9LP@ zz*Fnnsw{VQ22W1gMWDuyDze;4*5Hizi70dUY(N!#i6d*BriOdJT zrWd=&v0r8y%`D`rzm^;;9uOx}hk71< zrF(`f$p+N2HONGFmR4Whk2bx#R{>&CY62yMYohEG~WMB@qj*MC9H0eWdViiv`n!5`koTwVZkAS@G5Qd6Cr*nn))DWJjPB`On8 z8d4NC9Cf@iL3cRsH@@zmYDPA}GipYNzvF7g<&XGTznPjLRiQ&MHKS8~sir<})dh!9 zGcfk-GRJ<1q>I%??W3})5k#_BZMcvNG^0=*A--fg)K)1(0W6w7q8!AV>Gc?)jS?-? zZCH>MX+c;=Rukc}W=PZYdJX_06rTI3<{wXptUv&IBN& zaW{42x?E(#FjO@rnI_Q(@6o|sOa5sf7bE$l0+IUuPQ69|#3magMOTm>Hu#T2$KhaA zk(}mv7BMM1t~d&5-hQD0zry$^D0?)cf%1*gV6_Z$v>4McZ0~G+hFI9jFK+TjYuQT- zb4UH=#gn@3Wj$ojLA_MZqA%HvP6lQ|mi?`I2`<*5m*10Ks_TiGr%$A;ID$S1&4Dsh zrSOSa`xd9}-0iO7M@rJ^d-acP9KMr{N#-bOYYyH;7RPS!{3g^vx*6tvDrc z<`qFX!$!sNMR4XpU_fe93C`g7fb)_}xk`XFEX})J_AL2ahX-ASNDXX|L&3)4Gp35Y zbdp<#QX0xJt`y13C9ji$Z*})bzrj~q=gn5c5I^D@8@eOJz;IsAkIgMLV$^o>=Ip3E&G=B;TxI@BnW zIyH3;GXOnt{(86GFN)a=O|I8unkF~i2r*RGr9B=PNMZFNf38dcqAGWk6XW)ix?q6( zDdjWpS0O2W8XeM^I0WYT3?5sYYqz!bwA$BN?akN^I`@az5Pf7WBZ7MU1%54Sf)>AB7ZDmTqa~7p1q*bBhAP*Qv>9_O0zv*T<$GgpIklLoy*+~S%jDOZ{b74k{KCkdR^Ux!-XF2ow5}WtAJgTbx;dFsApjnIc09TR z9`f7(#kMe0IgCoi-RG(}nF^h5;5a$qbR3@Zmh@YhZNx1R9MFi(o56A&Xq-B=a$m2b9+flrU);Nvo_N85br;C#VnS=>eB`PDlKC}4Qark<{u>k zhg*JwJqg<|LmsYLn-1O(;d$mGdJsHz(U?o}oNLnZoaHFl30f0 z@na0!YS-sEj}rsos(pd7D;R1)!q0PV$jr|}q(EUFj$-{DBOwG0nEgb{u=ePuvVMSd z3AqX3H-Q#7pO$&~nCg#arRF(*(pLBPm~{u#fTFNlieuT|4Z81MrCRQ2CpGItp2UHfc(GLQ51PtYCLwp&&n;t*-Uq9XL}qNQMbw5* z2m?T6Poi@Xc#atLq5&P=`>%GmXaIbX`!vcXC>^0LvTuPEB$dK;K~fFu1F#sQy3X_# zw%7Yq8=Wo~tv5C#c-y70ui)s?EZ@5oxAL(_1;26z)!i2rSt)Fyfp5V$z?_VvrwS`C zFUcT8jrCS?h0=ETcC=b;Hj|q)@m* zx8re){YLakE>_*-&zC93QtY_ZhPEg&f0vQS!@8ydpY22|w7N%3b>8ZJe)oMY{|zUT zck$h#nOK^zT#EHZwsCdZ+KkcdT*4~=G_92h=Ou}~3RYCwt1!qnz$FS83K{QEpGgR! zPvW0&Rb!gfzCHq4DW&z%C9{Ez8Z0b5lC!1kJ*v0Z{tgRK%;CtOE36Vho!AfcgQpuHQ z9TFXeZzB1YOUVzYwE0F5@2$`Dw)zZ#Vm|8w6ho|>4Z#JA%~O_TLvum76mR4BJ%*b> zTRNBETg;!|+Jia>DD+s%od}pW&MYwSo-ylV7R6#HLN3EjSMge3Kv0PKA)LT{`x)XV~7Vg<;Y0SaMeI9Qj7SaqjLJ$TF#(poiy2}`v_;z`|heKtQygOwuH4;@R)crGgNN2F3e$ZCrXGYuM%0}#n0~m0d8w%0 z9q3r@q+>yJJfs3tR|=~8F6OKD3=Ya0t{W>>S)r1P!Bs>BOJPri-!O)H5rRdErYv|vonHfjYpwAh@ zMtCA_pJ5TwG>E+R2^0%A?ddhTuJ2Luk_@I6H(PfLZ~kC(-K3+y@2o<6$saRpTWjjr zx>@~ugmM2xo_jfn=asoGI&2> zVQ;VWHWj{vy{*lGv$c+=_>dczg{P$8{0HzPOTRdLvUm6`RE7;;ODL=9Lb|gV0eoOt z08^}qo8XaiN4+PTJ#n) z0)nADVgTsljIeN)2(tq{ExeP@r1q1LFV-twFp6G5cxg`Q)qfc~dWg|{9p7X$-Fa|& zV;tKt8$L;jxJfyf#rxzuu*Z=nY(vq(7!S+|i-@R~a+7j6lQ77MGbs{i(m`IPoOuQLku!$1B3hurD6sU5ybzO1*DVQf9a3#>SzE@ap@bZp3Ox*aq&KU zTFrrW5<;-{RX*h6?kPdSDtW?$GLl+o`2qUC+M7dl(;>c8g3An>i}!d5dR~hW=5B-- zoUt($UC&t}V&7RMi`$&Hg9|^wg3srUs=$c79@e`Y>M4(gx(V)0iN)KZX-JEiUV=5IeB{q=hxvQp=)7n5Us+VXhGw1 zRWn9%SA5=Ky8bQVj@%P*Bua>T0P2trn`x-kKp>47_EGC}Za^WC=DC-qMW9WVQ#MIY z=CCKPh3)-5VGY_%6Vg^>4!gr4?`FZA;!f)c8RtuJ1DWCb+^fPCVLyx5|K{3)@aE;b zqW9G0Ij7_~Gvs`l+NGEd+=&B?S6hf+{ZN72R2Z;P2XR9bKKT@2gm!e@k0S2vkX!GC zLGt0MPawB;K?i7$E#s-Ws)%r);GHw4**DcYbxpKGPjZTyF z%jnM-LQ0x^iXi(!=0QH>22KR^wy*`6k(KO*FFFi{it!Gj0|>feU#E$OKpYjSX5vXj z&MH!qmGkzzX@{6}S1jl->9mwT>2`7ksmcaYg$?aXpZW*=je9p5S-IQi$L!(l;$qp- z`YY+4^vLg?t=%JkCV^`AZe;hW*5YbrBOOf_CnR(+Y;TQEQ83*;{Uh!r2sM&w@`%R% z$PIgDk1&|;=(>SWcjQ}GINW~$K0l7G!&)N#1w#4_evu+m`}c@{f%5PSy9~=EXS^IW z$B81-+Ng9~MU-=qp3Q2LU<;8xIg6M{4LwlR!CriqXCLg>9;2%YtTG$HKzuDaInKB? zkWR}nL7 zXKbhfVmNFQK;M;>?C$6SxkzA3>n}NoKbMCuEksQngP(c!E758HZEyc`28u)%$tfXU zM3;X-ntp58w&*fB;le*M@BuT0d>?PeDdfFzyDXD0*W@RfT&#(u$y1t~qsgP1oTkZ1 znk>}hdzz$a(p!`6n(UpY>v2u~rO9?p-qU2OCYv?csL5JQOncAj(;qc?T$2V(?$hLM zO&m?CHJPi)&6?b#Nr@&`X);BV0!<>CjM3x*O-y@P`ZQFN6Eyk0CVe$A?e)~B_PNsc zHcdX)92T!NIKyF5wS*dI)vm?4#+{XeW6ADvh{dC|Z8tC6?gtj-kK( z_s2@^Y%6Dda6uZ24sElB0+=^_>)RmsHTs^54tEdMUxVDil>^T$ZdwbLLe_hs)zo^S z71(QS-b;SF`9s7^T0`FhOaWZrhwNc@GM2(ygY`ja$)GRhZ7~v4RS23Y-Q-)%z|rW6 z^(^h($0a2gR$xY!_(7jz6hJK*RpcZ;+?%K?$Y-|}$ZegtL6a+04w1^`#WHxfLlDc0 zTj2a@o?A?%Z1eVrdlA<6n}St61)0V@RJjle<<%t`Ck(@`Y4%S%7087 z*7_>G=O2Dj@i#xS0aR6gh`me1%vXv`HRqXC;5b)V0Vqdnpe;b z%f3St8b`iKG<^M&eD4;*lD;;$;1_Il=vE%EV-%V}YeD+3B!RxGBgi_ekq1DZ!a_24 zFo%WlQe*i$N1qzY3z-!}`_T24jpdjwum`o#^R*Q3BLN_B3)eZMC^|x0Bvm?~<9QRF zMUw$`cTx4MPNs2;%hdW0VKNG?3~=zUy|Fu4cElaKFVB7{ZjVcv;0_N&+}rkr;jOQ~ z4<+cgCYZP%7>Kt;`0u2 zm}FmPoLK&tM!~&!^U!TbsQK$yYDAf3(@sp6W>a@AV*Ia44bk2xawsqk_1?1Ij(+bu zlp_+$PN4%}5CaTqIrByaS0n|_3j`N8)(MAU-OmFxFcW>o-x>%kyIqv0p^_tT+BQ}K z_;sY7#fo34Wt(*zRsey)=eBnX&L;s&I~AC%VG6j~oAE1QkYM)AX$sa{kBo2_4||pI zJ#;gz5yN+r2SK^X+Kg!o!Nz~myz}>eEQ?=ErwIL{5^3ZMHoeWj8>ozD3WcE=>dU9yh~$vHcjpypDr9~cIoCsEK?bP`P00os;fzgYuQ z(dIa-0AJcfW)-nFhI88HUP@0$?E*3SN_99=o3+4tl%7X{c>_Mtw!OK9=4y3uOiaxF zYm>bQw@tr2qc%F6GYlhflI({Rr;6_cHPMeWz3`a&!TxAAV%7@Pi2VTvP}Y3O=G@e$?xO-}+=Mz@3-=ywxEfi`zGnjxC;8X_ zwUK*P@g1Pmv1{HNSHWPI(GV9aZ~&giTpWC^nX9B8kOD?+&0fd{9P%Sz$U1HksOA%F z)`-p3cVy|jrga-jur3(ZgMkuwf+s00_D zXW}f5ffKFvHL#{*+QhV>s!uR&V4Z5jw0RA#;<>}=d#=5K7Vj$Bn6AbzoJr40F@Xpl zWD$34C%zO3>}(Bl9}lb%h(_{- zuL@n-H7mLi89I@9kdBJYw7g8 zdG?m@uD9WwyfAOjW+I2ciePI3ys(8N2ro2>Tr8}RR$Ei9c?&FZ76kOu%;g1=_(~48rmIV zGDcjDBQ`EYop^icDo_0i(< zXPsSk8ai-$P?v2Wy|<%Vaj@|rdw+fa8bLdabFe5>ZzJT?H6Mc+oo{LvWSEy@j!U5Y?n?3K`v&ps0&~Vgp!8COPM1A#7U}cW zjtiS;F$}D7-Vx%Fz__t3?5O|4W}@qNDv2}PNvr?USO5E7M6;w?s9mvY3;!3@M(>dW zhYcpNII932WHH7AB6T6t_TNOXJ0l&l)n8~vH^OB2Z3)1N3GhYIjxxFE)&Ke~Rhf|& z(8*ZNH=rw>7)vDRM(M}c9L+L0nvNr94+Xtt(wA`)jO; zkl_MWhYS_SACY)nSe|&n6wU`519cd&{)H)spiK|AH(l&b8UPdO?m4Yt)QlKFSRJNP zec?G-_@@X~ZG_b^xPq##JNzNbjT|+EGq6PFBNY7$>wS}bF0?36l&-qcKU3WV>thpE z$3XaC?Pussb2oVY7*_YTbS)vQ&cChTIezfN>ipXZ9>Pm**@Mc#sS*#Xn}-h?R#%!7 z539QhZ*h77Lxd1k7m*spMJ(Ri#IU-h;Dl5*sTg2EiLg3ynK|srEUes4|G9eLbbd1a zG8R_%Z=wb8uw<8Eb?cFVil>E*lEDS5@$|J}b$^CsCuTWdoL+~px|`VI*M`**9){In z!J@Yf)@Gp`mM)*dXWADrHGC}|)1&cT!s=ig$iGBvptWBCAAHw6>{{5Wlb~DlnBWfV z9dWPT&$tF``uJCH;pGTD$*cJ&Si2gfs4AD|*?)(UoHC}aZ*OiF3Dz#bmoarW^bVjt zcpNr#Fp1HHy%&vJ1+vqkC#n;F@>CRxg_v1<&=50(f}JfbA&xf>_Kv3A=u+6Yl8?a` z1Wq9$un|VTrUav(#^At{91`_^#g*&jg7>{(&7Dx9nFIk)!ojz zovRV6eoDA)0DxU&^z$M~8!}Vo*b++#Pnl^lA#e$KoF@ z;zMpgAIZddq&6$PMaPgd?R*x4hpP6sK}Vd>9vq+ z<><9ooGER>)f3<2FlbY}QT(LPggatk8rz_(`zL-hvr@`BI)9o&fn)Fl7A8R_E&|43 z(duv|&ppT%sw+n@DFepmu`0NA85V^rYpQl5nDiRS0lDTDzBXVanRP79S9biSk+pm#wG^c$50)k z_9M7Cn>}9zrh`xtWzNulh=2$2&gWYi$pn$xf`U{hz^^puhHgs&HySq=!4-PI@Z2y0 zlEZ&L2X?%049OG492sLxK`^2y?^VdNKSVqlSXaohM?#B> zFi311g2aB%3PZrQG6@nB-fa&cxr(&}KxL7Cf?Ttig6)esShe2tESojuQPimry8 zIAVX0$8f*5qHp3VG!4v|0J8`TZqXSq5J0Jmj*%#yH=`fIf-ww6<+r21!7qZX-B@h8 z@j#c|@J^j7%JcG{O7aIyey7QAG+Cm_U7FmXNtGr$G%3^M7n)qFNs%U#HMvBS@tTz6}Lo^wriD~axed?o$Y45-kfqIuF9ozdrUvAUn4NYFvq*;@{XtGL^r!;v& zlSef%?Imlo3-zUGuR@=0)ntYy*K0COlglN6syu0)uPP^B_urp`sz@;xUN7KVr(=zB z4dSgj?-yF4@hw-;LtVK;DNU6R3yTw(KcGO7@)F;&1@0}fFis->&J>z@G`?k+M`91w z%#d8VKLxi!9X`Hg-zPK}#p7GLqj1OgmaSYm`SC5U@Im5Re#=%E-|_%|bc}C#9F-m- zzGW;cuyL3y<6EY%=po}<;7bokZi52wI^q0~GZY3;bd$~%2Rp((a`Ukl?A-2klP_t` z#s1axxkbpqv_w+(3WVkQ!Ph;=0xI~~J?~iZq^+!0k5R=uemZ=pIgp6&6VU}EY-*qe<(FqO5L{# zPvoDCNTpyqmjdhM_Hn!d%5g7G_3L;UaYOqN7z>B=lXwcQ?0al+6K-Gc9GnmL$6hc? zc&l)K>Ccg~H64f!58W5Bw}*HA6QR0Lbw9zjtn(qxpfR1v_84zlpDNW#t-+PE;bvbC zH~U3U-`2%-9=O?0gA{AT832fRTAPBhKqHaCr55Rx!5I~JrrUi9(&DN;@M`RXR)Js1 zWoKe}d;2lKCn9Oq2Wzh)BR>k5h8==DSeS7O)5>)olC>z57OcJy+6F5s+Zf6DB)H%U zBDbm?s5lBA;0Ed2!{7q4Gq!;S!S<0rD;m~)*`S;J z=^G(*15S0{-o+pE$8__4_+EmS3zqpwbP@Zd7ARN??ayM{&Joa30h$eAre{cHRRt~`q&4_(ErU{@sU$X7`A zM!0}>2J0vCfe}f~99XOf%E^&JT=~NHVouL<3d(W*HNl1}jH8$5=EEtx@%EqRA@n<9 zJN$I9n-m&n&svi*&YrU-4ZG|&e)veY32xst*lAyO%s9Kx8u|xovp9s8pfMWR)r>dn zgP6SZ8#K702a3vDX)A(El5gD-0*H)a5Sb5T$4_&BZ7j^NM!`Aesp%Nur!@YUuzs-5?J%3y^2eeqYUPk_Cdk#2?|-#|}lEhk8%- zL6|qTe!%8O3{xlDB&l)xR( z{OKsyA`~}6<85ohp|JLU^&ZUY#Im8}eSK6K1fu(( z1sta<&ero7A=TjS0@KUDa@w-@MC?{@a`BMJ^2(wy!4+e$2L3Bn`bJQMt3C?k1$J=j^3+m)xXl(wnbI8Y34L{qCxh%*m|Hwqr?AL!XTl*f2d7wJx?*QI z9Jz}DEso5AH_a-tnm$ZIy#pZU`V4SJSnoklBO|OZ2&Ksz3X{zwn5GWn#r>+Rw`HF< zAo?nd83eG%?2+-$mM}I!Z{9mP`3WCeC?cAc$piM(L>Gz|)jtSDw#X#^be8YMjZ=2a zi~HGIhv8lYB~HJ&?+WVz?->O|n3~aWA$OUPd+C9M(Jzeuwt-l|nhMU@&i>mq|5Vr| z3lM`W$|%Ht+a;Gk{9@StPuPAZT88BZ$c>K4pYu{?P($?=_M0^KTL?eCsl8X^?25kJ zu>ylff{ev%r;NphBIq0QSqc^_#Nt*Pmw0Us-bqtN#D(tL~bDZm8^M& z0}Zf7d2QRYC&D{pg#GR2`?u%Thnj_7^IjZ@E$D@>t9(uVgLE5{|Dbw0dI~>!I{_!q z24l+rOzbwcj=`>w)M&{drmc96&-0D~C;A8D5Ra)jUS(nvF|>cX>Z8X=wU|%7_T-)N zzo<59s~`Ok)N4q>=JcHf!uiWv2}nxlfvk~$AVrjxir$6=*`dY?%t8%y-VNWN%IIsd zhXzn!x=I_ONeufYMXx~7LqXx)6p{5~i6&QRGDVXQ$IG{fKK)&vF3_hRYm%kOP)*kS z0ISfsa6xxCF?E{d-yh?S&fKZ%(Gcf*<&H%pC+P1YPp}?Ux#GtL!pxG7|BbV33DsPl zT#d^|Xry?z^(Y)y2yJx@4yRhnSgf2^;2py#g`n|$GTmP+Cm|w9g32OUy+mu|KWW~I zEy_1TG_@e)tS@EWrlvvB?Rv109JR5ZA+^g1w$_u2ep^; z19U++6Y9ppmjIQdb|l`_jlvS99fr6wB*P{c;?n90V2EpnAx`f2lZsO6M#0$G4r6DV z$U8I5(327hzoNSFJuUYl=sr#H7|>okP{F+nK~st?oU@)mowg7M*`(7gF(u+m``nz=qK$Fm%Qd zAqL?e0dxxVrhRFn>oQ=w1;W&D_Mb3Jl%wmg5EJt-{S;>F=u{ff;Ar3gVa*_Z2Z-6x zbw%AH?)3fPUGJhOHj{4e5e_sX=6Zi#&L{KE>~v<8*Dr8o%s7yl4_@6@nv=4?O?t}H1+7=K4$K|7sLV&ys#=-P-)<(Oil>F=EV zJ{$B=)VhM}od&64v8l-%N8YI>uUlBAlx;~eUz6FI%+lmWO^P+SQj2>-#5%FL^3>!mAOvib^vUw1Suk>5OE{lYha zE?9j2Knh0B1uwApteBb9v>mr8%}#FmB&GK*JooH_6iAJqY$~ zj1XSJJd9w_&GaV!Ffz0yGW3)9mS$KC;NKoS^xbg#8f;On`ReAWv>D794L8n!+@=rH zkX{|gZTcu>Oz(f<_mu8qdViS9Et@%8XQYm?{~69%ck>g`5O)!sfFNHu1bau&dk&cuFuO+Bi8L@SF1skx(XXqJ>$NZfd2+v@| z0dX>w3(|S`lxRv4%Zv@xtpnlwiVSUz3~dVAFB=y`WKa{%JBr{La}M5_wxGL@RZFZE zYC>1RSFll{wiZvhO)W&kI3VJEAYy|AZ`R(R`NjbyO=H~L9%JlAm~n7yBKKB=>5dqM zA9CitQ;;5UC+~-n9^SPL`&u!_KExc`5<#x2O;0#gT`!5-$FXKKV9ze2LUSh3dcrn

7p29R>F|s7M%_0e1}!OKYBYt7Y@~ zo6O{k&15EJgD7dyT7OQzk{I(ZC%(bO*A>Du!od@eICA4QDcPV>2~tJrR&bG>t@DW# z)DWTgkgH7m8oa@yWT<|qNxCLSYck+C4ArF|8)2NC#%n#%QMDtTyM`)M{lRkZ-0TXm6=n~u}nLqg^7 zpRP+s-?>O(w+mkTpuP2deil;nKPzg`9`l@uJPGjm_!$x{#kBN>^+QJo;#Z=C=+xhQ z;nq9y*TjU^ugV5m z_K|E5Q$r}1iVw)%!qDeq=nXg_eg#YeK?$@WgcB)es)*7_$M01LHt6;o|A}788qgX5lF7)a6a&a> zxlm@&TbjJC$t#+y)8s`>R%r4kO;#NP!n+5&6ol7_-YSXruFi-gKQsIS{U^Uz^QtNz zC$I?635;-#CBtijH`GCJsEq8WMo;Jk$ztk^xC7Me3l&3`BfHj1iXNmQlPSN^T%rv&p3I8*5Cp=QmPqSDgwy3=n#W-d{Qo`v&iUY9V zG&xW3pgNQ@088Wy{SHw+`WzUa_r0SrKvxS3>@YqzUyHH9l(+%N1~0%r$q!63ODTc| z_X-dVPR}3S^yaQ+`OO2HyW=$HN#yYnaCCr!xz5U})@85t>dzONx;G7{cUFNu*h%0F zo+0eugKchYBC|S}e!inTee;?w<>{YZI-EQO%l-c>Pyd~J7jc+VZ z-#k}F?KMp{Xwsy~#-k1+PvvyaZzfM)e_7}I{UkEXcklz1sdF(c1C}m0x?5OrSiNzw z-0U7!?_DBobJk<7b`ZG>P}O%3xh?Cv5V?n!z<)pyk}w#)301|61?%(r0eCCU#mO*+Y6Xif>{k0jxNFn_rHj=U-+a-kZ=MD9mxx|)o^+E0Pa=I*$- zOGR#m3ei`IV_)8YWvKXr*|oIeWnC11h?I}T44bKq@JzbL@^#S7VBH}yY z`&;ODBi9S`U#s5@K)&xlY%^c#g4ldSfcA-qi;<^G>Jt5K;*sd&q4hi1+gjA#_8%&F zl{*?_(AEEExh91*K&&5~g43^J5!&1I1l4)Tt0lq|=!ce=yx`yq4~R=&xLs` z1rxL_*=lM@=9w25qT%N5qaYEm zlsR3X;0;n$Yftc(Gdw;O@d>rP`O%N_=JBam?biMa6NSg8x>&y?`VVma$9cyhwgG4G zVV`Cra?zw^jjro60C}-X*I(;kZ{c1#vxt;DXG#XFT-f*gR&YTL%V1P6TX51Etwt4s zPYtGxO(u}A@sI)kAokcXoisb1X|@yN;hTN4Q*mI`9!ukJb4h#i-4-VL8_zdt!iwc&SKWQbxB8)qQIs6`)qW|0&Xf@dFzDe zC7?|g&zQCT?Rvgn+dnwokWl5i1~g`tZGI#k$#>BjC0{fK2ICu$5YT3CjNR2PCO4pL z72!1zDwfl+X792QGPxTyS*^)PP0rP1xF)A-GFX!{Q^l~0pcMA)gXkDkppo$fhw&pSItZWHi5xMCoVJjM3z_(3~z z%=I3O529#rUe3FM0U?@MT$ga}V7_GezD~YL;hQv4V7hm8;ttLXB?Eh8hLdcsAw!yy zPHQ%LLX*R}2+SGAZWqGuo`j+ku>Y@VRuGa8@kmhJ zLQvhTwR{v6H~yILl`s`?egJZR;j*Zag)nL(U5>J5?j*SHhD zEHEZ)c90D@SXZ_pz#rkC;&W&o=g#Sct?Td3X%!!}}QUPvU zaU&CPY8}^wIE!O)jBi4AqnG?A%^UK3*Rq?@&&}OaA+o^>H%WyFW*z?+>1F(o$OpMf zUW}LK7-{XEEVki{m?gQz;!e+pVOBg;8p1!}v;v&WN#PG(n6UO;EiAXg+BfoJ@+KdN zKv-214yxl|@#x`pDc~RET*|e17Y8|$(ZJ@&<67aq;9e*T<#0}ONUU3ocg6wE+(O;7 z2fl>9N2y}I81Hea-cj5dg3b9Iw}!~^kr8ZxK{dEWXd4g3y(+-dp2Ijf7900F1e_s+ zs|n+Zmo4yb%*{ZM!qox%gTqD;<)0}H4P~phtd0ipB(K{stwoB&wvx!9xxw1^@PSA0 zYBLEtN&IH8lLTi><-_=lr8j}Qk~>E#fCj|DsLKXtc^+yHNq7)8mhfoMz^if0bNP-~ z4B^?B@}&$}fcS~+9@!Ff8S#+k6k+!Wwo{>7xJJu3ZGhB4ic>NFVk!ePh}{T6nF!VB zy6NZ)&j{gu7Tw9hsOm^SPw7NAvLZQO%*!I7ms5#J*eP<#2$f!iWU6ukVeL^+j-!vE z;;{W@E8-AvNWEQ-n~q+45iIuQvQsS^HR(YCaq07d$_U5?nYfkfIG-VPC@SfkJ>dm% zo6dM>T>-m#Gy)buiwW;eW6bpRkO_3#EJYQZ11g0c=&}Vbe5UZ4*UymT6;0M@@}edy zH2ISzOEq~|lOweFJ^ECyNsT7+G`U5SiU7FTxrif*FBcN@S5U@Q)U@U4Q^SXMqm^bc2CX0b)@jx4o$@50Ie z;eIvGY6f^QDasN&Jm42^!(maD4rBZ#0D!s;M7X99k84%V?VR@>?WT+$#6&xDaSR zj)T8n5XivF#)6e0qUmJTAW@dd_!V5)=ZIn)DTfUhI36rv0|o+WzbM|-6zGNvIw`Ke zp@J(vmsraO`5Z$Ump#6|`RGK)7ygDaa7WXc=M6>HD}Vy=Q1)(S#!TUk!( zmCq4t1=&y-YX(XyqoAve3K4698|g0C3Q>q1sV9x8n|cn|EiS^6V}uee;sX3QK&crl z0`Z#b=Z3|3wHtLpfPe>&&jv=0mLu~%!b_TZH-Ca%emUybdRa1#N5%qXoQx>Z4KwbJ zK24b9Y!V)2YYyjP)4sA>^?|hO{shQsWGr(1Nh05jhKd>P4{<3D_}Mg(#04!QE_(m) zj89y6XAxH!Dy-3Spw7gu@zniw-8l+yP+Rsv#KQ&6s4NwPLYM19g}@kWWuYQTeJWJ) z!GcJs(&_ikDvm&5KH1z7WCdTYIh8G~59Mn~8q%OcVNB*^mbdnZ*q;)$3!`A(ikkKK zg;@1o5~{A_((!mFsF=+Ma)T?|7_eJkf$We!g^)i*xK;pih6gph5xnzWw8sG5h@D?} zv6~bcZ_il^?_Xpsynp>h0M3iu%(c)Y!$Wr?#Lt%kgLaQ|&pToa+!?*c+kMwYr;0^c z1PDEMSSBq(y>j>g^;d7s3UX<4P)H0delQ`*aRx~dh`7>ds;MqS(Szy)|8s;@Jo0!5 z1H$zc7M0?EqBu=wbU}vq_ow}F#gM`{BX$IzX%rMW{idx18+;x2zu2Ro;IUc^Hb)?a z>=KFogI*EVb53Mn4aCtc5Gb6JB5wg2>ZsS^K7Dz2KdU{JEPw)86oA${55*%7^`0v_ zm`9bf9>iFwZ^sPB15K-m(E44A{!zr=E79TV=iH>MkOCGrgXPt%{j*F8zfk)VsjK`!J7HvLJ&GqK!vwd`s~ zpiAlAL(0jC^b;X5sxchyj?WTu8mpHx^)f;)!}Rhiy$sSzwq6Er1L4iqVL0ES>_mUh z0`Z`~OvXRb8UFy;`O)l-(cI&oQp1rGN=PcOyl6G{4$b~K-gL4WIVY$m<^)xIhmA68 zzh(C@Kmz~I?+zY|ff$MP9TdKylfNUK9FoDgW1+^OCt&yb!}N%Z9`feG6H@EO9}Xo4 zB1tx$WGw);ZG)XPtvu9tJVpyJ{E2a7Zql{_me#w82p`B`GtDd5R#WrP!)V9#upq}h zNliQ+79?j6kKu@3$ANi9H7H`1KG99!mZ^ai;*Z1lw1U{RE%7U$z&d^G^r(`C)6zw{ zUV!40`am@oM-=KA_b50@XknCI&i)ELd~9;~BgtP7`64@{Rd+MKpN7Z=`kKds!T6gX zeTr}|NDsluj7Kbr5(s=}OkZg=|KPmmN4px8^d!$m_Ejld!3|#IJR{Nv%9(=gFt|n; zqw(GZz$5t88;!3p@`Rm>Bw*%m(h$QHW~LZQs{?#ImuKdNWCqVAG&#tyA3E&oM9=os zc`9GiRDyl8>v<~o9HU&GLoP4!xE#fj%SS(v;BqkjUXNNl_&2}fl1D9Mo{Gp48DZ}* z?%_@kOLtzUmomLvp_fbba)Dkh`wzPM$PQiIojwut?j1j0`ndA*i$raLpZkVp{}FFG z@pG~lICU~UrYVcvh_jKn58~J4CT|q(YjTyHk%|gB4ve6Kyb<$VPkfoMV9)%udlt$> z3Ei?#e=wta_?N)s-#turkcZcv)kzjQfocC%rRq+3Pz%LQe-#g4Rz+G3=$Kp!(<=vl ziVTeB%8f4u+{eH8xV`OuU-;sNaP8fAw^Nf7(A^6G6DudpaHhBqNJ4q8r=_nX}y_h1%gQd8#sR#FqR%K-1bLzfA zYtUqeYF6x37S0I^Sm!Gpl*t=+alRHFX6*=up`Z_#z;7rZdn+o$nVO|v}N?jGf)DaxX%5LJ1_qpCZqA1eIRV&%| zuo^TSJxHdZGw@&i?)T8?qZH^w2h`jFrup9kFx%`WppER(03Uz{5AO^>t*i+16FiyQ zCBfx_5}zF6z~)|%!;(|9pd@mT`L|vlNmr+?suWuGd)yr`vP=DcX7_mj?v5meoYASu zsRbTMSTRuFPrvO%eN%A?nYJtbvUqX-$8_+2O=k#UsaWcsj@|MtkkX&S$4eHTxKGGy z$j4k?KCa|h2~}Gx_J3>vEI0OpxdLy6LKkUX+(qQq@*bdOh!g2`Bfp>qRTxECo)eh< z{zxoyUV#a^e8#rfV7smCV}xrM)wGB7`wNsDLKdt63)Ip$>ug;*Q=FeBIU{@k2u;i; zM`vPK!_K$F?s|zkGhpwN(BgbRAmbh7KMF0L$2v+l^ZrjvP`lx|RD`w44+t&3{Y&|> zVQOG$PrNEYWU89ya}HiJctc6d%H`n6tRMt$zS4M-rYpSh1y1Fw06z|K~5 zIAb7u(OycwJY=zAv1Gw~`D3?i)5-$)T zQF~?sF4!+FzKrQ`PHTSqN}QJ&avsDp;#5B`8JYL5sULIT75V?zB$vh|xFEpT8(ZDs zbY?5>-H>yYq;KqvDC$)AIVK;lxo%9@vd5sZ31yZ&wiE|@AjfiM;<@e*V}*aH@uWyi z`_wp+rH2+5<(9-S5b9+7YnU-;A(Yd?tdm-SH}0bk(5Urj!~zavQ}zo<7#L>-T40%v z!R)`me>NThl-v=h3foK|iHR@UVRt+D^D-+kt ztC+-|kY~;~$z#HqX3O%7;)mIwr<;(L zNQe{G&amt=BWPbK0H1!6!U5M?8jnD;JsDkfLn*qe7>*YHPb#&CeEbk=zP^auauWw4 zVq;*2L+%xfW91$ZVgox8Z|TD-48v4DWDTlqAW^r}Wq-kJzk@|0R4uITywHMVq}C5H zU}44X=A$5XCZFw5@D3~Ggt(@1EPEP-P9I%}{<8ok>XfsPvBNXbX9x2H*rEzLO2~;yvLmFhryqu>kS>*A0=n9bT>pMMEu?J1i*$%i(q?&53?#2_>jX4=4EP@; z;`DEOh~*e(Q%J_$UZJKZia@)0etb5Mj~@d8;1e#9w+3sXq+* zl*(pMevuOOSDH297Dw<}x!7=pb{X1KLYG^{ zfehmSk#61D+Rhx>l{Zia_!U~P)Ua_lhcVGFXb_I)#SlJ*SoRoZ!35!N##Pzd9%Q>y7j9W_A{9 zB@eJh8crQ+tI-`sPyq^=Cxy_|@B08N(~oVB`Xqs51TNdX<=+C_9ltcd-EvnFaJd59 zuM@z%@L6Zz=Dohpz+Eqe5V))V*cmwCUzv(A0V3f-(#}{=pINCxs(s@DQY|F_{CtpW zIVi*@056CSqKludVQzMs7}$H)X=aTO&|QhfLyrg{wr`-V0OO#kJR72|YR9PGjeL1( ze_(pT=2KuJv`odkD&?eAk)u-MzvT!sUNo@`gX==~h%L%+T5<$}VYZHDqh0OmSOeN4 zK8r5&MP?zl6f{BZ0o8WC0}=2Yi0Yaeb_n{Mnr$GzIf+HW>3mE7K=fUhH*Vj)p8+y) z7QtjbmF%js15)F?F<6j< zx$qmrTyt`wqf_JWF|gkSb01{&qbOI{~U3H86K-s7f~w+c<$M57_Z)~i z!HkDy8w4GAYZ8Kn2!fuw*GJI!*E=KVh;{pnphKh(BIt{I6fQ*&4k*1JJ2vFwKpO0B z9gV$-y{&Hw!5m4?kMV5g_^QBpaWC?i_vi~{xd@|*)lIN%scW3TML8z=So>Q=40N725wkVwgHB~3lxO>4 zTe_H01E;Z2$TL>PqPml3J$wBSHBgeb{@Md#>&1JE+t};@oAz#nR}#P29PTRCECh;M zEfEgG5%hcQF&2S`jNm-azU`Pd!$#s28b!O4KFA_M4yMlVrK9n!%9-;0<4L4=Af?>S3%(O7*i3kHke- z;DfdYc=ZyoXWT}yk<|5zj}f`zO*Ju-$&kE>kfKXyW)-?ef7p?|7RuLza2H93hLlP} zI@xxeO6%+X>jSF81lhn2*|46DgEzYc-{wmV?0r0_?ts*GH$TLzo>$`Q8{kY8S@$4B z(GVF4a+lsoQq=ed2=4+`n}=QFO=QIDuO4y^!+LPcYCS}u2n~}i+g&y8w9Sb79Euz! z?vsf3$aq$7dNoyBDy1mQfn=l_CV`oV!AZPhBB93HpT&2&NYC|Pl^lJ+`LO31Ui#}T z%J+3FMBHW2gk|5`DurIi`8F}i1V%e%9fuMIV|3#`p;^^ZSUG(mnVU_n7kcLOpAlGb zLaY|E$4S(pWrVyfCKCe%IYI4iE{0r~HXLe%1!iY#x|6P}*5cCQxAee&s|R8(EmPmK z?BNlD=iYOtQjftvHp=Zmw-1b1PDrO=@#y0HN&sv&(;Fv@#x|5ZgcD*TZqL(_oUj@} zrPm9zYl(9^KLTR`4<-(Q0frqtFiHd)dT@CFj#_yJ$gduGWnOs&b~viU1Gj46OW=f^ zyStYtu-8|@j{7@bLyZI zxa{XjZ4zga#?Yjc8$sWRa~O5vM1ROWpvc1=bE7A$cubv_u844-?WOYpHiA>$hMUnL zLYm+gXGB(=4j!GUOtYORjV(}7fZ(Wz1XP?Nl*GVSAqYUaw<5Io;F8#wLa+y4r-8^U zL~+oaV{;M30ToTM>>=UXC5n^FD9&nOjxlJCB^TtK)FSC zDgA?-OtT%5m7^2Cl18Au4d@7z9eCz8vdC=X^o+@&Ls*ISFnF24syzf^oh|}Pxt6oY zI93zA;jG6^VKqIx9aEF`TE+N3YjDPwvBZaok=59Z6+bWyR2Gc&n*lP_@TPM!Ahd$K{7;J*bTI)(9R)e<$~5j zweJdWe)nZV^o1=O!Ad(HF~m1-{yn;aFHt-Ly9hAH<~9iIb<_-Y@REAAcrM^$*zHTunl) zqZmY3{36ksS{D^L>tRfzV;y_?4jAb75%qbw1P1oeQr{2_1CCb|Gfw&|N|hYGubD)CwXo;X-!tn(63T zMtw220_-qf5NIK?8CxgGLp4YBXCb4Z5o6Sd)n7o)7N*zTQjZ72sF^;ea}c5vqdsvP z(~(TUsGC^6$EdA*NDLK^?cp)%0dtg5<*Wcl8Fd{JlVUII$Kp&$NsQX5uz)FyNwrZ$ z5zD?$loh654eFkO``_-6oF|nr>bv46sHrmpKZ#Y7ER)~}d8UgT0!=8c(MmAzPv&+? z^(od(B=v}<`syC0B71@#!ChiOz$TKSeIBM&tIPmp?+&N4gFHYo$Ke@H{+45$PT>48 zXDCDm&M>BlKxF!wWut!^Shlb-M_b_aP7YhK3E6i4duOxZlQY@yTUj6%b;WSvLFH4O znsTIRiWC(CgI**l_N^H=(39!dj2$wXpFm`&F~1CkOYQnhf{d7~h$bwzKodfX$74_i zd}|-x{wm86;wqHJi8VDFJ1Iy@A-u2#MDC|Y7$0Uo6(|Q_qcf~yDZ);^9H+sU3T6PK zBV-1!g_dd2D1p)vl9duMRNHna3I-+C2m^qoBT~Aj;}AQ>%B?GY%-R!VB4ad^AKI7h z=G*nV=0#T&qW_B!1cRlv=@9*w@KB-BX;u%(T0&r%IM89x11{f$x^hRVSw2ONHS_3J+3=)Aqm_@ur7Q=hM zr79$6wtUg7v}G`g0UiTk^Txdl?oB7E_=01mN#(eOZ)qCCG-QCkbxw1fK@M8sJBH{# zL2vEF$*DV`Y4!>H=mgg;r$6#WsP@NvrlYQ`1Cu(PFTfY2PjupoKDQ~P%3{=-g{U9H zI=)Lve@AF#O2o1oMHF#eLajq2fSQS;W8G6~GWt>|Z>}%#Rj=fF41XUrA;#jC<@Xl^Oil_7v6x z^a2f=P!|M;N4LHRLw{vO+c@S>t6`Sn3|X{--GYODpXPVW$HdSNee_W6PvnK?$(sx|HuJ+AGy6sq z3VywZW63c8l!`qcm&=1>SjZi9E5Fwm$q|8-q{4>opqS@^(5G9_1);^)L;g$y+&~TR z!!iJ-#0&5Sv}wYIpcIX712vS_Xr_n~6j%-)k@DnGjsnyAm*N#(3M!I{3}j(F3pQZ9 zC>*s*P|CGAQTrO)Ux)jfbGSqf%Nke~z$wI-mpPV1BQ~lxVEa+TWphe`_5pc z3}XVUVuDrb!(fgvj>(C`cJStz)C_mfdSJ({jbdNu;pMQTRy%db$f9jvdRYzft#CrN{&TRi!) zZ7JjnzSM9cJ_SsrT)iQSj-vipw_-gJ<;8&_VRDn^NDTQ13cXF&os4TXur4wbG(vhV zz#-j0;c>inlfQxwRcEql5h4|0si_>hFJbn13#Kc@`_Ky_qets|FCU$)Tv1!kp&kOpXj5w*F zTB(!|PykW_lm(`@f?lw_YsVu0V2TVi&X%r0jHi_M>@M72;jV+&5)e&+Vl_f&iZr7| zfcF&l3;DhF&GP-DIOQH^E!_s!kbsn;rBRRDs3xQru(!qq=u9r4z&p|i4G0M=sd1%! zTaLbcVAVF6K!S-5~Bkc`0qrkp5Z(5V0-Z`Hm^rjjxCSqaWM;5o+8IPUr#F>SmZ1?eRPi7uS!Z#0TN7 z)5iu-hkm>pcaV!5FAvpnoe{+BG0&Z%Vs@D{NGCRiY9GQAw`eOTRrc_jv!gtzIVVbU z9=X|XPGzGl7h`?zo`RNqSeKwe&YfP6-I;#t=!l*q(g2+fb~x? zr~=O9Np(W{2#P6niZk4vEt8g>niRa^` z>Fufg(bGepm7bp3m%BWs#J|VT@8GZFU*m$0N8)4KR_Mv|{${1LwNU@!4W38wc_WR` zCV~%MT7oOo@8MVkN&du=p~LF#RJJ`N3meBFveCb|fKw8OTq2iYm-3PjoM?8Y`+~hw z7%B{g8cOVj1v{S9HPr#TtPXIzu)so9D#1gID#7C?bNJc`T)MwuxABvc=yM2wvxB{F z68fZ-fBI67J|{iBkNV09_Lj^f-4Qn?k?vEZ@EpO+BE=AzGGCt6UF+*ES|hH=u*D;R z1aLJHsD2Z(-OEiA4qp_>(AVzsF}0Dx?DA|@quLdVTSZQHHnm>SUjLVzAqV0VRSe?n zHgOF$kYR7m&Z^+G6U>Ef3Sq`uO=YUav!n(nyDD{|lu9*;#<_>zpqP@kl)8W=et?Wf zt4QY75|!NmknP^wl4SUJZ3h67dRGA0r-zBB?dW)P_rxF3ODCUOy+nqJOm|04O+}LG?J`K^Ltd69=37eqbTiPsd%oC{RchE4 zf-Ohz;<4@bSeOLa()+1ITN*sX5sR9-3)}WKZGlNaj~t}1d!zVu%FvW}E5=#TRj|fl zuVSF~Tp42DQ{MmOcMd6lBl)9x&BVPfJ!(zThJSI5g2njqJsS3Mzno~qY-n+C!xdMi zl*ke+6qk!4piIR<iJ#j{Aky)ixJ9_q$vEDvXS5x%3~* z3s6_ceCU}Xx!##&NjaRs5EBcKF4jB&Uz;L6L(MZlB`RBIy3>7nIvbdj;!;ULrwDxn zvAZ`R;{(ML^W!vh;l6BRpY5p=5Xk=Wn(qKn$NG@3R9XcgYg$)~t86H{$3nRsAPP`H zmr;En`vpSR84p1x{t3syFD&am6!|(F*;PHTML7lCay)bvbl!GW5Ad6};GEm~QP5S( z%NjEy&O4b%52%*y{;&|;-@>n#mHH|M0z}Y7&>cxDLA~vpJM3B>!%`FJI`%0|HR(bX zbS~e?vd|NzilD>h)%Tl2*C6QLz<~zw{Xb=osFX{Qyp(cxOi?woPD;JgOuEv%ZGY!6 zu2U)9IwJL#!ETY-=Nd(7n4|;x5$%C}4F7<>Ta^l=at(cq9ok8Ia1}rIO62w_K2o`g zpL->amX|eVipy*>`%w=Ml-2#6w8vW69u(T63sP;tQU|1-*rrHr=?1Bre5AfJC4tm5 zK^>5aRW{4xH@FF;>K7vQ6fw07$X-`Lbx4V5J5#njPvl-Ls>6$07{%X7b!5A9ntp)7 zcLKkA1G8IURk;_H8ks~3U@j_O70HBP!R%D&jN7#J6LJw^LjZ9s45~8xFUqm|e>j;D zuCg%0hz|%p5OQXb7d%L+ND?Gh-oSp<;w43%r0B@lXgkH67mCK1gCF;WMi0Axe_53s zAkncW9f>8F@d+Oj)q9dCC&Ijf$a0@6Q@UnrkTP&Z=o?OZP-f5s^R$fgpc;J zR)2hVxT#qh>f;y_S_#RIKSXix9}ey`-n&V#0)^>bI*EXLU1PG%{Q&;Rn)pZWV_5f# z_djS4?eBi7mk;#vmR|m)msj+%S}#p{c~&n^>E$uKJgk>L=;e`TFk-y^J?ZV5le{u}1KVX7zr8*e4(MFa5FF43 zxzx{>%LF)mm%=0%i;(VBxW^uV_64|~4()Rm?6^^g&yC0`EfLqR+}}h8B8H*f4uNOH zzLVqCvNs$S*|T4Z-MZf=L&@PjS>-NAGQiXZEVMc6c*TA|Dm`G`vbK|1423nRwRucAseM8yz?R z%X9bl`Qd?3htK(^WH z!r~#!2Lj74=xH;<(g5LCPRvT>DlrCsJs78eH(|jZ;anowL72FDkt;?qO8JbOO}G{~ z^N6D1H9axJF(J2PWNcn8p7Ue3SK?x4^!@#VOjCykh8ho(Z}ONQTUswkKDqiqtQeX% z*Ce4~ogaIOkNM8+>u{;*f&Hq+=9UbP-R|;jY(@?cZwDTijJN0F0h38C%8%W`+k)6F z46oRMTjldD46Wevpn}*8-g4le6{YaUdzL8oAf^`FV}=>)l=V8||F|2k(ittVZh*@) zcQu|#LTn&OwN$Q(jM+N9nENO4`LjeUrj*!M9OsS9V1LF8vQ6pW$F9O$qfq+w6;kf*t$2g+&?0Ll>$ z;tq}Sz*%1^m~?OrktFiFRL;;V9&*eBB#(NZWEK>9Qv1fvwS-wqy{QG-a*-%jFbF95 zzsMkLCOS#D#A_x-d_9gW5&&eo)%#79un^7ESV?Gc8O9Ky*3cmlX&HK-4=LsW&0J*c zDb8%Ok8gjStK-7lya=q>kp-ESv`^G%yJ!1xNrDl-6!Bg6w@*NYynyIhhv|MD^+`I_ zvFMXB)hA^F&jO7bL!Xdv*$AZ~(I>571q%{~BiM(y|GrNRB6(}qNw?Yc*~~^}ZVNEK z7r(&@+s3iuIM4QXVxPl$xtjhf8W|=c(QsNJpd1~(mz^P;z`#dFVkmf1sJ55ng1M&# zT&Q-USWO;yIwl|}HDdy4(i}ew`_|jWOSE?}CQwR~1p@=3iOftdG}UrQl^77{RNib; zp8IQKa#a#HXs)O(^cqzbO>9A5^$Ms`RV!Hhl!+NB*etv#JBod8YwnVS5IelWsv~l< z-Ebq2gZ6Jj`)TThFY>I%)sZxe$Rlw0k5WHy__K?=z+vtK8aNap@s)?^&8n5`WSJg7 zjm3fyhWhk3%uLy}|L;^L@gt@OfVZgVsDqZs70L-$hJ2E=zLdi3Vn@1%R(>J9nj@Y@ z?NQ>mcp4RiZ>$lzr?o5;Xwgali(d-6A=AD88vR};l&FguP3WUqZtNtTr;jO-XZ(Ac682`-0XH4mBYwNq3KK-QUf z)b43_y~d-yl))Pymz}vwLI>ycZr+WU;bwARv(vbcnqp=@DNV#o6Cj*AmGt1g`bXdm zKvzg=${NH>c1}cAykt5dAWi}TJ;`Qww*BI;+ z?9DcMzayi$FZ@efrp0<`nhzCqRYw(dndSRCBeI%QIsKGIS=AP8oEr3;9J|C|MQ92W zTQO_39zrpZjBGD#APmq)m2x%vY11Czvt7SXE^`&qg-w#kj0e*+l4n>&a;2V;5$SWlk6+DV ze&G|N7sJ$x;E!_7gphS3QB33!eZ`mn$5kw61Sbc9-j6XeIR!PHA)m>DnyLQ}_DHuT1(2KEtEXR96vxRdUQ4AUibA~r=<#UR$Tw)9}N)ZR% zLbZS}b}PPX7(1CJKVR<|C>{uE(@>6h^Bh=561k@R%gdsJ$^JZtxda6&)X)g}5tQsX ziAgq1r}CB<@^@EEL4Kg3p5-LjG?h}WIfWbe5qk@CATrHEol^)ZxnEsoyxWRA-p&u) zud!yEG=ffr*bE2+(~-(_AOD?J+R92$sR%&GQx*VCPp3eyHvr3!A(}f)zq}PC4!l8sEJY z@;pj2R)`cJF>u|9)#xTv*+3W}sutq9+rd5}f|e?a;;EewDg9uV!3Jh0rMod9Ij_J( zC$V5wAf1K$P4cW-D}Dyl2M^(V+OyuFam&7DD`CEMw6*e!x^Lx2D6dN^*O*E~(xH_q zOLc?weQIT4r&c~BjG*BpTEQemVr2=h=t;JcG|h?`@@U1CltK!PharO4+Q-<}+UH6f zo%`Hf@QP@}KkMa>dbvk04S#|(+x7nbD3Ll@{I|O~e{!$lf!RWN7+>HuR?p^;RkzCH z+$KEQL$14!7RwTLDA#J~@mp19mFLQMlm`JM_0hj`!?i!f`sDn z;~SlQX4D;d7@|ZV+XP{hW1jE*y@&$nHVJY;k+HS)%uF|$SFF{nK3hh{J@IIy8>$VX z^r+M8-4S;1(hD9;8A%y_tU%D~U3$1R5#!qkT0zV7+>Uii=2HTBG9`jKy`sGtkuZQM z`VuoDFO1LwBPux~a-g(MkjHTRDn}8ULm5)ZZ_*qP7s(C#X9VIjxM8M#cedvvqDn~_ zyU<)bOP+o*EgYwczc_JO0{`Z_V0@)zcys-koIdX~e z&g6}I!gKEl<%C&cE(>vj7fU{f<=y1_c4<<+9L@Jh6UTqxFI;q%qNagWIaa$l(A%nh z543xyhGuat0{XRBz-A-_vWGIp9`arh`Vj0mjIkOJuK*Q0p{A!jWEDO|ozrDExo-pd zS?Z2qk~z!`su?vm)+N~vQ`dO5gHEV}2NUrItpP&4fZ&}AV!SN$v>*}R8_ajXFrMf0 z8PL}8>I5ejaBLEdzM{Y<$zb5DEAdkHLNx*rl(z&K@K30)$-4*l%=NH@!kchE7<=ky zaII|&dvgiDqrxIq$Q1yHyzmy4iqdpHAI%}{8cpC}%?<7)6OJw5y;Oi)EF7wSn(THI zmePRtBqNFVOG4bA)+*xMi*C{}bC_1L6$saP!-&RF0JP94EI7e{Rb``uXsl95GbRp! z9ZWx;Vpe9PGU+$MZ88?4J%RPK45G=wb%0W!rS(L7`Q&0BZrM*um)Q3;upL~J^bg!% zEksqj&MtohkC-eMp2^we@Nh9z5X~_`Fi(-oSdbmO@jQ|Jl#uXNPlbvQVF@&E7bGBP zNjTAMln(syo)SXtyGV&ez8Bky1eS~)(ZhM@98!hu=S6CE@wIJkRlDqygssJg9e*2l z`*}B1GgcxGDq4T;?$7NAP-7{e;g9!a-aQbl-3R;_d$_WJiNM3mK+a-f7$1%6DQ_XW z$jfIijpL<({N>wBmdYCznd0_n{LL-xu5gV&Qk}MPdQszbjHwKWc ztfmVfUpJ_})vu~=HODUXZFXU@zCDh`0(Zb7_3e2xRo}u~F&?h;IS^6Dgigj??-_kN z+wz5*`6&8!$hd^QT_Nv@y`%$ z5!Htzxqgx#n<5$rDu|?*Up$2bCT+p{_#KjUQ~Y9yx(x+s!M68{c(ssF+$qEse;d;$ z-SsQPwB39+tk{uwAwGG+AD8_(u4VoX`;Uhf%a8{{4A9y+*op629LtcF-`{)= z!}6$oAchhTDjALq!#)syay#J5w+@%q1-$>69b7qipI|7e&tj$6Cq2gvBN*riFmv2qp;B0-qVWP?jR^f z6U5p{C`jMNxksV7y@tZiHf=dd5?YC`vXzW}Wjo@-@riq>V&$-xOWqH}djbT&J%HTP z?n1v@jf8%zgg1%)aYlIO!LHO`Ndwy-TVT|(xq=2n0@-y!kWRf^sLrmD(Hd_M1nbNf zkIyWr`nD%#5(W9m>ECqOyp$Jki&9}V$h8~+EW3)`2@9fras;1}%`Ndi2aYCldiClq zl$lh!VMfOw{hr;*{B}%=0aKT9>&Xxn%pEcTTb5(Hrlx2Nr^sPaLO#yyavY?NI%lS$ zD-Ipr{C*m)7pIO)-JGBI#q^ix@)jfOIa#CpGhCg(*OLetl!qAXC<)djL@+xz?8XE> z`Z~76Ag~B8>hQF84`c@J0B#}uno3rVbj9dz)Db_A{f)AUSTwe)3D`5DQk8qu2xW6c zw=9rB3FBdK|XnB_J>vzeF}J1cAlZ6vdt zi!zyXh$KA^$dt4VfX%Y+)e2(^`4qb-2c_rQ!E-cQHnY7WLf|~KSF)*oy0=Mk$67R- zg=~d(u)k)DFxxE67NPnn#AmcZw!t~8)DC`CK&Z|uV!D%<4xcKJ2CbDks2c#92st~Z zg6twBm{W=B>|mp0zXYFQK$q{o>F|Ba=wvD+5WPEmf4R%|C&ZLE(J1!?UB3So-ys)LdQLv6YQ^_Z z_uJkKEq>Fg{AP$6C+ z%;!Cot8F9Q05#qj6&1NSW=@a7IR3lxnzQR79PVk4YCPbL|GXXKmcAy zm#duK)|=%cXn<})TK;(7DtCJCdiPK^TlpQqqwTzcQKbv3Ry*rqs~xH=Et@<0QX6OI`|YXdxb}D z)ZWbT?t(|4vL!x(>~9Co(ZbLDFBR_A%myo83~7;IWw}e(FR(AKy%Dx$n2tMki;_Qq zxBg}N;nkr@{V)JHu!EInNI(1(Xgd8JUG(S#+ioI`MMI4ssj-;qm0`4vZlWSJLsAo| z{}`#Irnjwh-?IVYM2O&I5EJk@BfRsbzgKxOS9)oI55ql?Ir;7dwxnFCVO2G!CKb^9amM2dCTvjhgxzD# z)!prK$f+DF4Aovs!3I{=`XCf2U=YkWQ{H>KAkNdzw+ll$Lw;Gs7{EKB+J#Id@&j^5 zG?`@^t%)X^-SY$kfE!Z8?KPLn5dASApvF?0ixCyIJVYnb7IOlR^fgPYpFhc?iiEgZ z^L7Mv)0LLQ*!m7NK)N#G{fASv2LuSIKbuIcOd+^uhHW5m{{-0m(!6R zU)ewZOeJ1ea_l9mc}H3uP-8wzSIx)wI(ic3C1>SgTfESWI%e#AVBJ=Xr9hFapMIT? zCJ+D_OaU#>{_{D;tpsnLq$f?IsZ9h6Ux2+Dqri-~$MZUV+?7NC*9)Qg=PSR|R>MN- zq@l1qSiSqqX)0{wtwB(HJ4GYPU4o?i@xDp!^u8tOo-pv|4)I@vO5mLpF5UcnnXWO0oj2Ia2ERxGcxu{V^MeGDV3ZD+p z!MEjW5I!63I#>5+XiTu>RDVHR8RK8A;@n`dx`=o zP3u96y_-zAA=stqT8Kyo@C)@n>aL*1twbuHd?0KKA#8D`;axLN@? zKtxR>Bg>ya=H`gtN8rd}fs~lMasPd?$FJxNSPvAN(slrmtq5@XX9kJiep&7lze>Vy zvEp}iq!$rvJxdf5xj-!Rb)*o*qasDHBDO*iYq8uS?5mcJJ*=>@LvV^e<mAdN3@(U+a|cpMPxfPM`I$im|}(}S$Dd-Y_W=jTujwV z56$=+8-Z>`U(hk}WB?@y9+am^#pjAv=iyt9wKXw{fflj~3}Jv6KpIoFO6-CTZYGb< z1fekuA_8d|iaEv94ye4D1|%sw%r$^S_|PB^?A+>=WuWA3ZHu{}{5a@V_su7T<;rV7 zAl!{FS=r*g6TS3cw-gb*OPp=21s5;Hb|n0OvWMP08f?$mjGU6kv@gSjDD_LnD@ z{wMLGtRbUHoTYeofxk{XRPz~lR*D&l4WE94hrvyQ*DQrvMQk4aXewD66oFBH>Rm zD%xPm2F05>N_k&Sn-3kFyIXqlf~N^$%JKUKyxPDfd82BmLOO0CU+zlcf}u?xA_cpc zKc;SwJH4NubkEZGqi9$nS5H@YB@OL0^*}*z0H5RYAR>ka%o~i8rNryh{{C?7NE8A_ zd-HgYr&mYPjzkJOST{`UKG=xCF-twW?>|%KVZbS#&+O=$B4G$8m?H^j>b-xm7F5)> z9x}PcEC0si@^zAKww8YZ%KzK(zJ0$>&3A&o1w6aPLNbW?QU^gi)dz773G(`(Jrgrw zD$#V0$vwUnCa;$dWb!fwe1&yIPO6ABtl7Ey(TD6Sq4GWVzAso*$n2v2blH-EqGPY? zPb2Vqtlu3~xeI-J4Vkmc`KP5a_vko$^E9T}I=LCgQG}fPP-&=fLMjfD4K-qwQzZA> zsqd1Dapq`w7B)%+`{DrOthx&+P69jnQk(=ol}pB(yeJw<4&HK- zP=5}n^EcNCbs|z+k%GsqWlD0DEY36O62*cm!13roCzvG}Npde6lO(t8Sr&u6bN2+E z`|NadMmhM5qPvs4=29Q@2SnRMIvMywc^xjP-hOELjrf~ceir^7HuY!j(U*NK#0naw zhd|{A0CNCDE|AXL5{8E*kc~2dDtzP(69}?2fqT_&_of{8wM+LZ+1odvZP`gaV4{5v z3||TtnZNTt+|;gWOAE;_wm=u{Ipzvx*~IslaS7>Pr$ce|+t~<=*lL~MI}7?WMYC7jMu7Q~zC zZ~BL7i}y$QPT;tUIf@Ut`Oq(X%GnDm9lgGZ*u{?(3H-9P@L>{F+REulpr|qcfUVtN zYZ(@R*kR9PhM5sJVcxhKN2xoRt873mI)fzuGc17}4I|r( zyL#gE?lOSSRXs2@L3h-IR~}Xm{Hp^zw|sJ{d5d+|oA5SL=dEI2fhV8u07|6+C6l0- z*-J=`bJZ&lC4JXwZbz{2lU`Qp#;7y=yZpSZp*cA+uSv)1qy>U1nx5|RztQqj9EBRK z9x!%(kJBqks=k3ORDBI3>EI1@=VV<&4z56r{8d`QVc9=Vg-eyil-NbW6+O3)v+YFr^mX)SRQ*YADl`Fy%lIDIhbgXL- z+4f38gR&OlJLiv4?6Hm|c*al)$$CUqkGey$Xv0OpYYGGj1!R@3dJ2Tb8+Ri{Cn;tD zv5BKV*3y7QV9}!Sip87=VGQcSI*mDs{;&i_Gph*g6wL`(S_NkRq_;J{qVVltb)UDt zG838&2f#a_t>$#j>_G+DQt)gumqC{vL&5Z@{5CaIQw~F?@>^)~R@$=MDHr7E9XI6! zPreLujkty2ujI3l9WrV{5fZA|pYKsgt6&hb19(MLR`tFYh`G~L&Nb*}rj678;#;W@ zz^sn0453Y$=04j~8*ipqY74IYFvrhv)`uQhKAsGZpuPl55@n(eEY2MLjCJ`LNmw*S_ z1>NpmQsVJ2u#+NvNTrK!Wytzav-YApFWVD@D7=i`pB)@^g6PmwDC;C=r|ET0@Zl>| zmvVXpv7g4PZ6tiv$`(`y$EL>2Qek_&lBiX$9n3oQYulfhE?r23gJMp=`fe1;gp6+g znFktckQS(r=V-a`^^D%AcPai;mTi40BKcTyrMx--$2!QcWAq?Ixll9zq`Qlc^Sov> z8GS@w8T>0X_))IYj!#6nrV4ak#L9&KvCwVKIr2ffGgIzK8|aaA_xQi6JW{y1g0v7- z6`>}>?Rl?++Z8zIcK31=3;%`aqJh6VhD6+;|U=n3@*rw-Oq zz6H-l>aNGe87p>r09Aj0yl?23&NtJ?Sut27fKK~N8cgSRIF`TgwW3j{6H(ZbMEK)9 z$wcnEkjlok`Bv;(3%ed&D5HEY#c}E-T$LJ~yy3|k_hhm7%v;lG@yn1D&dqj>&0BpN z(6(ScF7fv{xx)!O^8%?IB(>nD9!bGn`UOC-gX43A*oVRH>ve+f&TI$j1yU!tq+}my z-3dPD`z-b^lSus$fO4z{%7A20$h&s%l|eozJ!KO@897M;)Hq#+i{1MA}!& z3@BTUP6B0^fO79IeWYFBbO*|I%*&wZv)8i92_7s35tOyZb?86Pu-6?_&syZ7?!_N? z!KF;F>$d_>%bu%3c;R+Fsf#3`4n$n)VB`(|lDkNX(lE|ZHh6vNAq?I89$T6kc@Y2g zHuO#s98_ou$Lwz5z>M>Fi)>H_osB}uJUQil{&Q^`#Y}tyjfM`z?g3+V|95+n(K1?b ziGPoS%}T(fZeJV;#%4g^QCUH_rg4Dw0>Ol*zBzXlD~K>YlOxdRX0dEZp*+*N0QOB# zks+yvEOk(zB@K28sVX5(F&~9dIZUYr?zn`3&B@1U&iS$YOgnhPaolWSJgnoX6ANNk zTZ$P?za}2ECY9YqQmcqEFZ$#*pUE1%Y4-6Kd2(9^{CM4eXSZml=+egBX=bLG@mcJ- zA@l&XE}=uW^jPf%Ne#;-m%u3yjiM z??8@QC5H?KckpDUnH*9f3vrZ-*Bvq#*L ze|IaRKY?|Ypui&ZLm8wvXZ)})mh&sr=t7nTNj+b#o}_MXv0|$eQ+&`rTj`4+$aT5| zoZ*yU)~DOgh;j5Y#W)?fgQVO<9JZe2f+(eYdqR$eLx^|^MXmiroNyvahN@*c5K6E$ zg9Qzt6zvcE*<(>Vl!y%GQ}d$s#I&6>K1ijs+xeh%;QRxbo&x~9@tfJEj(ljG&dE>= zFy#cVd?5n#z(THW>Vx@CJq`Fkg?nn)^E*&tgEW)=2bva9CjJ%bT|cI zF%gE;2O>thJ~T__F%5i4JbG*3E7rDmtmd7kS_57oFGBUy;L~sOa|I_`- z4D!{ZS*QsVt5SqI!{UQj@SwH5p;{}puI)ZZs59Fo3OtmT{{opZuDnx9{FImfLWyqG z-6FkjkPGx>>QZ(TSv+ve;45(pjp=TAL=v5=X+JB4G|z)IY@~T|JlCno$|Z+Nyz@1N zwyL&Rq{P?)6I?S_P-cZts1fNnvoADzEHZ=|`&MFi$J*5hO@XO)K zuphm}GF-6>Lp2UTm|22caQh-X3$VQ|=JSSb{SETwT+h7bs)bEd?i2jR&?On{Mg&Z$BPbF8+A_XiE1#nZ!?03ocmi$ zhAE7qL32s0CL|O^n2IzMjXi8eP?hycs&_znj7=jP+ry#SHE=PbvD2{I(gaMf{m)Tc z(sf!kgOr!bm$5h`Z#2(m?BTh$C#eV93lXFXGgEWdVhvGml;#xd%m?Lfdjs=HAp76z z5v3!$YNrDGS0te&IrA5c@K*1HCww&SQ0`$R!!Z>xzj{TFe5{GA9gBqA*sVxfMM)-{ zkW5+#2U4AO3pR0P}|Bs$n6ny3LXA4~q#%#DFGyz{A&}7Em0ezY3JDQNQ=FzaCi_vMCYO;L%U8 zkRvpX5&FZ-qI}G#DTuw4zwM2DpfjK7gv22#3gF{&LEe6}Pml?76@X+Ipd`pph-lVcF~p zPzZ*P-7&Ltic^H}TQt+N$@i5gh(F%fdG}DA5!^$mS-41~iRp-9rlHd7@ZAYK{kXA? zAI*Rbhirsu zy^{;HOcY>_x8Phf4EEPWBoYE zOymE^{_2OYOR(1yjXj=D#wl{I;+23EnsYg&HW&*G>|qeShkL~$2^GvzDoT@gWxNB) zGNu~5%s-JLRC^J_O-^9^0@KFAA9=V&8+9oD`~H3#>*g^I12ZyMdd@z#@l46gHlExs zxs9R5bQ~>@iBQYYsP=e2{L!qm;NNVVWeyX6)+bK7~b}%0pzoTk^nhI0J*Q9kKuK$ zhvDA)4#*vnnSi`;crqZA(!>*^J>7~HJ5c$x7%G!^0Wv;OP!^uGxj2N zLG07mS}YBUB8J+=112DpC|T3oKBh&KFf?2#&uM0g(Mv&3#ZVlzAJ${D#z?IIjk#ZX7<9k!;*V}*snxQ+;_Bs z3X~?g9Hx6;D@X)fDi$&h|AcnIj(jz9*+gX8gmmnbb#jHs122QWJ>%UN{FU;RiV5MW z3VH}(ck;;^aDteCr($Oue>lbifHXm#GbLgC@7t4?S8s@$7x3 zrTZi^X{nEab1R^yUI@JMrQqsCUiOTu22Fk2-lWF-c5d$o)^mpkyEN^yL;a?G|AE)E z@n`LG)0!kRn|9ofli37K`_C8Bv=4dNL(|;$I&pSNV{*AfFBA0gfqvU^0X(2S2 zXVqktLdmHAvx7!>)fP2t7ia(iA+2-~G&N%8;s^rF$-oSGZlbBa!X(;3Fzf2kFZ}VI zl7~OuH^`mdQ+Dyka8#LhQ=vC18@&5E-rxttamp|glzPStP{Rf_zAnyBlaC0z&-FjT z3d$Ccb%7jbkZ^F3nbJg{c+n0>k?tmT?9A%2PT*MPhj9^>axF*`9M4Gq$l=hX<@g~e z^rn~`?hY&kVGga4BEy+&;u8S&CruiAN_<7q6akJlsEJmkyAQpn>G%mTDpQ0+mYxd( zJ1_7LqarYLxZDU$Y?3$L#6&tu&aewN(~umRL#)uF}OsE6qsSwx(!&s!q?i)8ubv+Bx$@Q{Udgt85%%J zg|Qd;uY9+}ZzR3Fcjbsd9bUV}fLzk6eMwz$JBrH81MA9W; z-fg8hiGm|u!MG<>{P8^%k9S|>-J=o$MOG(3bWl0~V`rT7ZxIM5;}SmsRfyKS{Eegl zAoL-6jFGfMjAN25MKSh=;S#Kx`zc8kRcsoYRGldDVS%`sH@!q7c1s?OpjBv1*NB~SfJen1e+V_hLMc{~1_DZ1 zved?i-OrnoB6h_|5xXbZUX9q5c8SKO4*gjM>DzA@t`O-G4aDjxVB2%%(w!{w$0nh>x2q z!DL?|Wt7t(#>r9gFpcgjCck69A<1v;cA7kBrr3&kycE{z@Dh7h#P65#s0DqgIvPt^ zymG;d9Wnz}3lN%Bu>cPfenma-4jgSP?xgCNkhW^;f`{ud=P8_NS2+_RN*8$tpur0*Eb@|&i6NxcoM2pr3C0yG+%s<$68~@vNc>2!vmXi9n-1ff+tnC+lSE&& zMfxGOKq}+-CMyN^jP@7_vbmM7AijkmoPK>}0v`XQyFcoqk{6Ut4eg0tU|fhs_i*7s z=W{Gp2T}r)fiTg!CYGuM%98$Ctx{AfK{-X(Z#y(=5OZNL1yoaP4aDN~H?8JxF@Um( zZz`-*T#dVvw<9#?Eg>b9z$%S}{->e%(WZFO09-uAAa!&6RM=vvsn&Yg_)jQ;!!}Pz zIV)rxe6xEht69IDyEMy$P4|hg0X5B)))?k)kOyJzMP>kwq{Y}2QIJhM0S_`m zLe3|dhRr%?;&7%x1SdL98+bXK=xCPZj@6k_&pi|Yvb1Gdm9z{x#jOwc%8yYnuM5Cr ztciJ0P@3UqGpQ2DgLd1@gXhgy?SRe1fOpYN;kPs=JT~{{v>$Zb2M$+r};e)p$bbh?mzQSskDFA&# zjVI#__Q~(Hg=r^MGDp=)k|~U~f5!U>1FVfN1eLoV-Y8^WFikF_^m3|RHk}1t=&8Jr zpntB~?KU%9S8Moi&DzbP;%S-VQ;9Td1;gPzbInuGO-@HGDefFQ+7Qci% z4VsJ?>OnIE_t(8j{i$WZ7Xl&YTJ6o42(W)>)-fhev5^>X6zF1RVh9N-jZ|@e`kIy? zOwJCVWhq>Z>e5MnO-v8+L@&zj5-_(wlQ_HS-c6?5 zfCRKrU;ayt0>qX$@xkLx$PeL8Fp98)6$2#KUP+_W>?FBo@DcGwrU6%}C0nYPLB$sD z&{~;j!I(JikQUVal~lm7WZ zz|r}!W*i3%;ULUWwXz-ntZ>h$5GfGR%bM%tX~Sr6odZLACSZmKIzknS1pQ9=LfN7gz8=sAk0CsZ` zdqIwg=$UHn%;f}L^b%jxHF2PG;$yQ|G6fFH!q<*v{b=`}m(7a^T&OkmV9zZ6%Phgr z!hB$;4N^4;LmlvQ?Mc851lmOC0LV)$+W{CQXeAq%D`e+BMyZU)bUvaZnYMam_6m0_ zN^e`3C=c?kRps3lvUJs!1~vuqPUr>lPOpKN?l%zogb9)rMg$jcVjg3NVE^BpA4=Wm z3MyDI7D(QljDZ>28aTmLYP0&WM&4X0(&SDh9{^lxIlW-jsCr!|07=);E;;B%rOsmV zi~!&qf(VM4T@ERN)#sZ-v&v`~_~ss7wDScd0Er2^7-(H&9HMg4{E!J7{s_U} zn;vNjX{SS4m4nxLn;J7hFM_nj#3&7Uc$-@}!H0yf8QV(KCOij1l&M4< zBlx{wPvDm2HDakIsHqY-i(6t=U|0wb*d*>uDHnKzu0VNI1ZWh{UykyQkn$+Mg#kbp zlFOqx`tb2PX`VbYML6tny__)$jK-ZMJL!MJ4;vXP+a*6Ny*H8|4!{WHCtA>vA8!6u zi3NSepJBut0Ek+}K@-LFL9^eQr$!7c8L zZ@k8%z%s=ETBbZ>RPJs#rKgDE|0<`1|0$eu5H8@99=rfFQI#A zN~tv(OGYWo$MH!9YokcdKrLr%FfzsWrE*;$lkho#szRQ16(VJS9iEfrR=xQ?SFRY4 zmG51o)mL{#0PY^7RnvA-um~yn3uc1RKfq?j5B{FENB&Yu$q+CiXZ+Jp&TwpNl zmPvWyr!gYs+g3&*h_w0|WbgL5Mx<4WUUvLmp1#yen_fQD%iDT+T`&LCON(Bb^|Dki zPwOQ*9HOreDls-jl08t9#hpdfBsg3}AbX1@K@P7l3FMj_T6dO7kLljxtx0P_Gp?p| zx*GHJw69BO!PP!R*#rH$jM#^9cGee3E|e8oJX`335qAn0(uRnA_jR*CQ)E9dM`_BT zvC)!(wg$4e3!Bx#msC(`(got~iqi}?YmT2nKH3=t<7tC=0hMJMTz7_?BCjWU3tS(% zMjJy0FZ7e+0rJj_S^L3$v*r;C~C3lEokgSqKSV12AZ9Q*gO8`M|=|(PYF{roqAE5 zF2Q#%nvR^Z5)|LZ?qyalZeNB0^rDig9o*UH7s4PGN+`52OSlk+DPi8pn(_*&{X*7V z2_!|GUMJBau((P7tUu$8++4-Xuwl`S^opHc2U#&XC}Izbtuzhh&JJ4KXz(^+~FSnTQU5%(iO}K*`pPs z3{>o1{MCEy2tI?lBH-Ntw?+Ub5&+CJzDyU(n=J~v|MLZPnW!COc>}e~2d$Gp0P3*f zeW(R^&b(ci{lj`J2U&A}K-PE>Y=3vZQqgx0o&*~EgGLP#4sj=XJAr*uy#;8V2=)QJ zc06y-6MzYzKFdw7pTFjs+;3 zrU1pUDWGXD3UD$GxQc?7`8^k%H<>xi43M;93}9nrieK^WhmpL6E}jU2xHbbS(6tl* zV4E!_Mxx1g@^4 zG_f@pumenxS`|BY3j1L#5dcU;DnKBf9a7$fK)j(DrG9Uz55@Ifjue{l5;M-2RDhGw zR+@~uY|=%7KoX0xlt3DUZ1ymq+A$M(6(}h6QIJc#gJ?v!nusZ<;ebG>wuKFZKul$w zTj`x^BfZrjPTsNN4y_#d16nBr0!=NO+G7uL{Z-_#SMq&)}F~OvXrW5rbbkTYc9QYV4)WK;pH83=)qVVl+KoPgx>Jj!K4bTT zHP`Vu=2-v`c+wU4pz;T5iC990p#wruHa= zQ$1^f0w$wMtq7o|CAJm<^0=m)ei?^OGWkHf@gd9ydSraaj@rSJWehQ8{7x?YOL@T; zUAMz2*%2buVrPJENYi!?Zfs*@u!luFDo4SDhU*i8QB5!rrKamoP9I0EZa#xGNO{67~ zOdGaQZ0=#T%mk?iedd0#?R$S$#Um*Ia!6SbuWqldIA>{doxz|wmG!*;CGOt? zT=dN-^7-TaR=q{d6T#2by4zyKbt8rL+-u(Pf+(22HyTOpV81v#!8KEdAVv_lQq}>L zpqN%E2JdbScO#W1Xo|d+-RXY{u8Yww{6iXQ&gx?=Y{Sy)b5GD zK;I66Ly&N_{DdvP8~miGE?2O$V^Z#C;ieL5_=5&?mj;n1OL#=i%h-2&MmitZ} zuCmF+SCV8luH3r$EL@YfZZ0om8LU&vz&-2r?z^Qoz{dJ_O=xED8pg2u<)a$CMwc5s z59tKlduC5zg#MJz91Jq84Ui1H!9bz{i}N^ozojM~$e6AJ zFoIGv8WdW50+%7q{1OUC&qW!`SF$7EM!bvEP2z^EJ@5t_vcBM_n$*L*#kLZE(sbC? zbqb*TrdMcY9o}F=5o`-Msh4>h2+h2TZ-JOxD(X^7aqI{^DS+rRCU$b{-|RwC{c&#& z@;aw|!(eSu)IJlw#<;Ws%n6(Gi7>bqDL+wHsM6X?cTmv+n#eTL!#AL{yTJoT1n=5nHej8&4wx<~yfh0;s+eeB6z<*c)+w?2UL2Kh&t@F$lV*aAWcDR9k%O8A5n*uRMK5! zVNHmZ3}+vrx9BCCeJn7yo4sIBqea*$V3hK#G8E7g$0vVhCVl5uw_^K`mZ&q~yMnw| zrym!MabYlo2un$KW9Jd=3@=nSp|csGKu68&0kg4fL_utG+dq{VjU~W`9A7Nq0n}jP zvrt2I01kEsd0|CCtT}!VWSHA$jIdFCpW`}2fmJ#TtrarT?H>+yh%mUBoRmI-1rmct~qr=ZH&*${}K#l7;N zGyd?8Q^Ao3WR)~GrHRPmpLF;2jUA#+;3G&5Icn`pkoLG7?PVUV(_vo~M&&W}{R?}@ zNPvq4&S7o`GLg&|I~@|o!yJxtV+0VSW`Rfcv)WfjW1mK2*qLZs$T^0|tG8p1o4#bX zP-AL-b89B9`M7y6yJd2wIrnp>SYXA4uxqzyib%!`XmMR_ZzmKK5PIK0nQ}Pvx@4nnO?uiKvVK zE|jJWRV8ORrvZM?oTFC(4ove571JeTj8l!q#! zExO4Xls#LJ*xGt|Kf1){@Ez)=$4ul1DTLjb`|HY-9AR8$g)}k~51fpa6588vL0 z7z7UU6_yrGXic(;sz1Q%WlDaj*i@N30hs~H7Vld|F^w{V5Jy^3D>5mJfbv_Xhdy!K@W%w-TA91ZS&c64o?}u+hQnP5wv( z>`}RgAtTbr>(#v>kpIWryTDmF?f>I5)y}B4Jtzj{>=d(Wd^;w^Fd7ytyX$I2g^Pl6+*xpa!6916v;=UUwp0iS4HtWj2+gaU)5CU1(%0IU4=V24h#dS(^g2(xzf_H1KQ5PQplz9XfoLW11D!5%0x*oc$!J z&s8^lt^H#jdUPC4_Y@HY&%lXk+C#hjGPB{jqHxHb2rL`aGpAX11q5VZE#t@9Qw0oF zTzu`5LcaBSMrrY>IFVzrA7`7Q?(WcS?7PBh$S=gMMnA2t+eDlr4kBgmTgYLGOxT;b znj%obbrZ0IFJ}pzaNjQ(Q(RU@FPX2Mrq?C%Cq&3D0*u2>Z#Qu9rGqj^wwk}pc7uSw zN#HZqKu7$@qN!LMK-K_rX&DgER-uj>vv~(}!5Z~g@^o@LaW+jH2;$cw;Z~aO*c1Qq zKdVy*Q>l;ti);BF>?=<7aDADkFGsY48?A#IO~#`#K0Kb7r_AqAd5W=I3|s*Dizw}&gU`ycpG}w z{Y2(1$sd|k2fQR-8rS_5K1Y?6*~IUpJX~*la7@$VgY{@ZFTjKxc#wP<*lkbXu;(Ax zg>5zlU*|0P8r!lzJI(o7j>-$wJT1N01_xhYUzGTZ^G4Og=RXJ%G`_-)Gf!%3SU%}9 z=+$Y+DBZo7r-~ge?-YW;49d&kf^nuG7*y;;X+w7GLSEp9HYj>~{E*-STmsIA<{3=e-R zki&3{^%a7U_UNX0ZqSr{I>1M~F$43s6?ihKYDHCx5;nf*I%pzA$UXSkHh7JKTP z97#e=vSRI8y+e&I&LRQT;us`SD56$(_~vaEmPN?mZc;eItN|zn@$~k!8<$10;m98+ z3T*1OK7R-u;*7Gu`0`;s{f8Ep=_ptt59v_gRg#e$dq}uF>C{oVls|M>losPbMnX2q z`8MMtzQljL7pC$)JvM}GLi{o|1?w?@ksjS`cm3DwcoD)Vr9PK~eP$9C{t?`4eG71O zH=xsTeREIhvK^bG-(WQ=%uHP48H@+ml>^nOED-BGdX*LhSXalADwY5#umy~dKMN~m zm%xT9^&7vep)j8aRR#&B4jP_D2;^@%o!qPu*ajPDD$b>*cFFuiKTpf&}RBY1nv6b7}44ap977 zH?Z;ee&}9E-~AqaB0CcI_Z6C@EK1CyIymS2lG_*xG30?wo zB#!kYcl<$&4G`mDG9bDl@g=@eFo_Qk0L+($acIK!_y~?4p6e-HowE%qZ4`P!tdqD#>^qDu}22Q&E?Jalk{Q6fOr+g?`t!rjBLXj!&axTq&g2a`UH+ zk^%SWa!)b;FN%@v^+mX^^nAM&# za=;I*KoWyfciDeYsdLp=l%30@foZ^p+sPI;GLrS+G-xHPDh7@Ll-41SoEG*KOEaoS z)g;B6tzLpsP4To{Qk-Plb>S4Y&G3LU%{KK_E2!OFvJlN@Ul{A~lQ5!hZyW@QaO4e6 zjiA0&@d|y@S7hAqyCKsTon(zmAFAb4FW=)JmWYh^~ z%oeH0f(hViOv>Ojv2);$)}dM+lvo(st6;(D{m&X!FreUcPWRQ0LbEuEeP9;Pc<(bT zRC~5Om^ZLhpQ>N_hidx~Ex5Kaxh|B+WRBBI@Vn4GH?t6vrG>E)m{}yJpvMmrZ+6`A zNIAZw*CDtkOdJv&wJmE%^!#nv1#Yix{bKEITRJPFKfasPu^`%F8#z%$4xkC)0J37_ zNPLBKcD;J;pVu@*nTz7{CGZ%tHOd}DGlNLj0p&J3ubZUGE z=A-Vohv?!Bp?(o20;A>4vkGw3f4|rf7cC*HzNpx*Alj>WVYIF=`blB*gZLb1Iw`Fa zN_DKl#K=ti)~SRE@P#idVwcxAvXmgbMUr>KiSHAYI$RUeDMW4f3w5f&4PI9qK?CT3 zQCaJ&beZT}$VTvz3DF&|lb7Oj(TOlglux2919pXy*MC9-egOhW)Z$yfKi^M|YY45B z(r_iPGjR^>;edU$tY#ZaoGVvIM6Rh?hQpW>2jZMP&azQxr~(!jM1KL7{WeLBq#jh^ zDxEB-g$}{fs;&EL+l102GbEBm$FYpPu)f%db$4PnVIe_1Y_L5Z6vkQ>EGRmwV0fQl z{li0gEUIV^`x_wkH@JUA2or7tXnP})XCw>iFmWM;eHBTmu5S~X_D^E$4*Zel(NB51 zEq-)fUJ%`3rYQ?L{!*B^te|>F8=!)k-F}MHV7{=AXt9~$cW;3@Vqw8~nEcjS$!WVg z`1zfrR(=VsJij}%vVC`G<;ps(m3t3~w&*S&x1usC;mtznJE)A(mmsVXds9b9oQG(H zs6#2WR17JQ`2Bc0$rYl)_lW`F%04X$fQmt`e zkK&Mb!Cri8>P#SRzF5G=HD_W4B|ZQ!X-CyQtB*qv#9D5Ls&5D46bO99<68cXE(z5R zX3`SOlsF7R5H#Hm2X4jkKUVCB@=&c_B4Ptbdx$pIgNy{8=Tig-?SHsZTZYVS)tn&4 z8hEF$zer3iebEN~SZZ}N(2WJhyuq2DQ0=Eg-VNUMv{`P2Z+-y3hTZdFSRSln-{8C- zxvtxc3~;#R!yjR6=eD~K7p!wfm_i8jFxv<_8K#_aybY^lm|BPt7%GdZ4y+_(YwJX|3OlryXyDX z^f-lu@l1xx(2W(W$#2X+GOOjjK%zVFnd9$LAD?UQr*rfpNWLc#EU*Y-NJj+ukHb46 zDfbvXSCKZ0s2ezVuo2n5FZe`u0&2&CZ!Am^*^2F+$m$vu*>za;Yed$3d#cD18$@JZ z;G#uF2#ttrN?v0k3)74s4|yp`?nqnN#}TQTta7rg^5;bM@efvHgI-M&8P}6%#Q%-K z=%gJ3uIT@EsCG4DeK)ZBr`|9l1YJLh8Oh1j5U)12X~x*vU3DIKqN(AljZibyT3HG;VbdMUOG#AEvz2|+NY!MOd|PFA z)F60U4}m#Rvm}<@V>pxgOsz4g&mL6WjO75KdF7qL?6-FnUJ_0+*o|L-ECr4?EWyS1 zv^jGZ08)j@GSJ_fu~{|eQ1wK!33+2f!9IRrymiIVPHcbY4LiKY`Cb({p;yk%!k5_l z466u+=AGTDYDfQ2%|r(&?$%)Bj~q+NjI zC=dlA-6PG^m?To*>q4#fACKtX z=hlc};0;gu7ZZ7`Wr5Wbeb!s{sQ)ILu?<)hd;NXRj6p7UH5A7@-|D?0vqo zY6u2avhOaVJD|>x*O;<R)Hz$p@fdoIlq+>p~G=)0?}eyZZIUI zl7TNsNRz@qpEnsrgv6T+;hjzB#74rK9FOnGwhm1@mIdxj|8aVJ8k#bWGpn6<`d8F{ z>bUJsEvWvbb*Scb=t;MYHOQ}P=W@5KJYWi~NDMFOT#EUdgAZK!PX-_M-VI!HZ_>Fq ztjcViy5eRnVT>@D)~BnMG7PSGbp!1O_?$}x!Me6ivU`#C7>bVr#7~Y?(!yGmIYojdSf?+deJ9A5_ZJhj$a3T*E<7OM@#5!wUDb6Jv z(41hiK2AJgEBiPhRg;{kwpDi9X{Xr6)%~nc?fAQOL>3w9iT&8E zb4`iukuemPT!Jy2cm|vjzQ6D*V>|ooNB(dFANDlDSpBF^7$=G_Zhj_37?ZyC990## z(@-C~9_k5W@#m?+_{Uo!jK^>>o}T<|=%@yCOsZwF&)Z~#!DfBJILKD^2}7zTh4GVT zBD?AHQXSR3ags_$wfEC$!cco1D)Xjg`f{bdH2Z!_eZ0e$zPUwCGA8GHWWCUJ?69i0 zIwT>&6@d|k5Jln~;X8`;7#iua5+>8K)k9D0guJ{w8gpg8(WNx`lJiW;OFH?6)f5}) zcxvm)hhbKE(vFK}O=`n^*Bu@h%mMw9iq3RqrNp3&K~N=Xi~FnM4gPWcPQ
MWVG zV@>s&t18+cg*9V6Q*VpQdGgcr9!8O-%=9Ue-mHAW(^RC2Q;BOAyxX>#Hljg<_V&{u|Lp?kr2!$FtDI%JCaA@D zW}&;IT%f#RmSPIGLslLcih~X(K5Q9^V#p5b)w(>zl@nOqv$6uyG_r~fD<|CGkFH*p z22-H$JXPb*TxlAj%;T>tRcQjM+{7}qbt{NFDmkN{VsGQRf;J#H8bcu18oKAcz~038 zpgcnz`zTkbu&5eGpR0!fEwRvB9FT6m;}Cf?fESBIQel2LD+T5t!klkmrsCHS9&j84 z{u3tIA4Q@%nhI}6VwdnjlcRJFY2OPX%`|KTUy%p|!}&3rsJ+`vRivCbw0@S|_=5K! z3va0cTvCxtL{V#ScJl45CCrh*C)a+o^`!K~)m7NE4jQIEr3U{}y$u)t-sNX1Z{mUGDx->K$d z_FLjmipLu0>sf#gqZtho0(>D4iiHeq#lb0y;&cQ3h=J#1$tY=R!7|-cE}F_)q7DX8 ziTf=@XaMTf1*q{q=Cc~c1P32rV*(Uo@kzY?N|5ADTMR!a+24aW>-MF26PL#TyLxFB zmw~3(PiXRkoV-Xq?{Hq=@R_r4hQ_#7^q$uf93*KlREP zgr8&g`JrB2*b;vh{1uCW+`w6-r)xcj`_IauM&c$LSGnPX4E1b4JJc{GlZUmj$HAEf zbL34JAjRdl!#W+OgNKa$tc%7R7Slhm;4_cuc+Qc8R4{uGL&+=xY6TSDyTYKL9W#A> z650#<`k-O*56~_$&^Af3F1T=-2dyojO==3-C_l7)1lqm^TBU}z>O2oxJ3#B+6tn~U z&@jOc+?G75Db3cW}< z+6lCy3^d7@yTOv#9yHi#pr9#eUHs5Ar611Hl&;T$s<^@5l9V0|Xge=!g3?by4JeHn zXk{AOtV=!Ijsdi1nu0dn5A8sqw6}qlrJ)_O)PvRq&@O5UT3>Ru1p zae!9Q6trSLG%ZtlDNtZQVJsh?Ujq0;M;?KXj(%C8fbMK?YhAkMILUW0PV`ApcVR|vG8&ge&g zabQC;O493zCuYdYC%^4ZRMFY9|^)XlYUO$qrpPc^s`xQif zro3Kp73h8k4}kdj4PO1NERF8Bt#hjFgK;-5|&J42|4cuURppQ zFjjU@f(JKTMTAfWF+$cX>B@K7B;WbzO8ZV*mfX)wzJ|7bh%MQ1KT7hFC6ngZl1(gG zA+x7~LDylnWEo3%yoiCe_%mBFhb6yoa#go;c`FK!xZTB)>B*9+MfROamgFW&0{^fj z7qW!g)C{x%1-7IgONx^v(G1(p(Ja};<+Y!V)K0GINYAIg%xtcwVK(;EbWRqzy|dlO^jX*^(dbMM-wDWa+84 zWIan}V}4Y9`w<3!1>1cCz?AXJxWO2^ggF+<;rJ}aiH!(j1Cu@%AEPzyDak-G07FE( z(-lv||A-39{s+ESjjueaNoXwb2nS)gPLG}yuQ}1f6Z8J7_Fx@*(B8g{wdcejw;HX& z@i${%`i8zTWK1bP?)C=dsrU|UoIiaCh0Dv!JBQ|FOvQNiKiBBpMi}TzhDs7kl9%$> z(^qY(54Be3Z3LGd@VN9cxir^~X4A%(#k z9sx_6zs3KrohTR4mowKTij8&J>VsdmU^=5vrz3zaT1h;iW_<`_IzO4}6RcD8B{ca? zjc+mWMO4K<+NMIaRV;$ulu&Oja*OY$%OMLC}lwzX)FSb#Y@z?TSVqxtq103Nq05@?f2*zs=Z#)MTf_) z+9f^6^_cGu$e~5M_#U$H7&kMGCD|?zcaabWC4eiy2p)SZz>RI>#x|w)(%BZZtfHThp!NTABNi8PuX3Ev1#$uS#l>@H!d|~(t9hQ%gX?~MzWIZu^jW^In@etl$&E1S&yz*WvTgQY9Hm|{1YQ@j z%(y!Zsn~4nzJpuF`sUbKIY?fXXLq9>`J^>KIYfdSH!>_L0Ych{ajQEIIAMAF6e z=jF2OC?BGfWM9PIIC2x~qSK#h;%3?%X#)RyR^Ur|ho{a~q|q0e{1_poolhV!MyU2K z7NPxOwm+VCB~FxGi%D|BsdI7(3Y8tgcU3Dd$6b#44QHOQKsW;fG6zjS3*=0RX`QMF z7LH`9Tx|;eCF5AkjzD-wea3*Avq@aZKi5GcBH~IW03-U568?%F9xoO>v0YS({6do- zU@MKqP@!5u0GLXga1G-B@7wnWW(XEkwH_71zeln<0zxc!&+QyZRUCowM)47hjNvzf z8UNI?dgx8a93ZWAOL#&^sB^T`W=H(lGz~R7u~fbPsZjOZT2M8}P{p7uR7-zPsxC29 zrP1@hk(YX6fR++$Mr_Y)@i0<~aSs`Ks!GbKiX24NUCYb(acr&99YF(m{q~7a){d0@ zX?cws1zF|O|00XUKgJG*QKKT%!(L5vU6*B=u4{dT4z}RQO-O;bXKDTtb&*D{at%x$ zgUShj2{U<=X7Z3xpd`Q1zt-u^mt#5lp0u@2I5Ee}h?%R69!9VZ`q&k$#C=>R%L8<+ z>}S!%N?)7oXXj^VWcki&0W2QO?o$>6((5}&1e|V-ciaP{l-&0Ymu9yWaY70|GT1QQ zDdrEot4Or7##^me%90#Yt&BhPawO^OYs?oZYC2UBEfnTSO*_?6qt{zPBP5(adBl`c zBh(yBB=e=2^71r2b%q5cbNL%D=|xe~^tvjjS215k{4k&8la|)uvP8Y|ktosX_n<^q z%UFJ)W-Kk_UKx%b9={z|zdvile;!A@5&y|7d}5m(faNfT2s3Nrc%HMrwCH)x2@Wk5x1H8ZQ9vb zM5P^>;3q83Ix%&;G^qx^3uD=n@sQiElQ|FIT*`D8=K)xI=`C_M6T-BYL*xNE6(4d` zBvA~Ymdzhj59&6;1!HRX5$2EoAKQ>xKVI8}?s4q-VS8HsX@UAUEZ_JXJUdi3+rB$HmxRlVRp}a$rAEpYW#Xsn1n1BI&r`@QN zx1b6Jh5>FCtGmHR7GWtK0)Q;lVaI3n_z>eD;s@s-4CoV%1!`-_fT6i4JILVPCwIEK zr8!Qb*%e`%5mqHOPFEvRDygqmf|CB0lBB-6-uU)2?N4+BVuqToxx$r?0@4x|m)e^$ zxxpfqnJhu?!>(yQXY~?o@G+G3qn!Gcj(d7Nb{({u&>P!VocZq*vK!CtlURW=?z^E0NoVs=M&FJ1B2z zVGEF9?Hv0XqU-o^>*~dAIq!~sxtkNaAsd^@x8eY89Aa&b(Jt&*=kQ?XDk9CBfAa>Z zk4kO?Mz*5Op*ouA2k=w~eX9A;pF{%TxMf#{wIw5xUk@z-6+3kD`-G z9jyyYT}CDAc`Kzv&_!&-;n+2T-gEmQ5m6eGi^1w0Vg+4B?5LLA!c+&(0!Ek*Ly)k` zGC)WM5T3kP6h91-R>S}E8FOu){wSCA`m%XB6yZ0s4$b;7pFSYcz`Hsm>m3AZCT-QB z#~kfBp%VF!02Y{p_N|e~hgZfqyvj;zbQF3)H?8q*9gJ|(uX_RxxiAMU#`1B>dv+m~ zSrztJ7Mju%$p*Pu!lfkmVs{1r79x_FP3gETLQd42cCI(n{|&h*c1YrzArWaWN{QHY zL=;N@TPYMAYQc3DC?Qahjfs$AML9S~3=_{8p_)(l_tnn=q3Y|Twh5XLJV|s1I!fg2 zyLEtv-=*fa#CZ5E^`L~QN0gO!w`Y^Rnmn5fhyNtu$b0&TGCr1{So=<}{6`jMvng}@ z1CI+a2WOzRMrwwM@G5gcuYQ#gx^)dF(_@vOZaF5Ku|ISMXB4?P_^BNJu6YvxL$7XX z5vsmMN^11}Qnv_PogpV$B$_+*t9W|Y?Ge_%R?}*3iVDp;VgE?gAIDW}cIp@N>6GSV z7mhxUF0;oWc3ds1$6%6f`vbV2T}uhZ7|V2e?8F((oI~UdcVbb>S}-^p2gnt;ZJ_js z=V^ShOZ_92g`ttfEMfe~N_ zOnjMMogh6yEOo){BjAf>`2R|Ke^zQh<(jXgkf$ejOzT%z&6Sk$q#R%Rqg+pLkz?50kY*au%WFMOftz!RfE1^HKTfFe99a^Lw)NtLGFT7jx47$x)f0#m?Yg7-M(taSyn@7{5BcR1n%5Fg^}gda4}pma@4rpFmn5i!bo^^ z7%n1bIb2$7w=Mkwc&H2yr_0syaPSS9hf)e2N~z`H%P_nh`&qPv3Ymlw*F=BvPQ`A} zI$xs&Hw&~D)6y<9cD~7=Gc^UBg_Rl|DFr%GYSDQe=v?igBL|g;A7Bno+}o+UL+70v zd|a~XCR~~*wr=xJ(>hh9pml^nYdxO=Eh)8VVU9G#M`T@|?jsz}M<7bI?$$^^lmg4K zGE|1yGHiTA1Ka*eJfUaXSi_@z1Y%TX`KesuBj#g5J=NFHN0@FFzGfeRGuZf=gFQIK zX>iJ#gfkJ}N4W_wD&Y+d4qIhT8l5p9kXtMUqa&kuJvHAAJf5ARRnkj&VjMqqH(J%Q z(kDiod%oC`D<5N|vahC~z?MqS7psfMY1NVV#m4UH3?ijTLVq@_Bo6vE(lDc^D2*pZJekVd)?EPyOpgeYz=eL$(1-g*O+S z6E8Z9Q~h)R99+VT)k{}06=8-=;Dj$5vG4OX8*xXR*@#f>Ff%eBaCY9#&x>+!8>)Q; z_TOzKjzjCV5py^Bc!plCERS*T{k#Wv!EAaB=Kj$`!!b_WQCf^tLR5K@B4A?V%}~sU^I5i=hZwEaj+ix}c&*i=?wo z(2;QjT)4Unn|7QS=hGlZAuHMk?eyczeIl_yyK<;AC?6^+XlKp(lf{7gbTA&B z(}(fXOxG>FAOuoE_Gn3(R#a?^b|O***rJM#a_QAZ;+)%cq3TnN;gad0dBYB_uiDWn zRJ#VA$vfLn1EprzBns1CT@7%No{>y^s(3Vd2{-U@D^iTtpf_1!#*{eBm{IxMYe+HY zJ*^oFu|TralN*LLW$|~!HNgr_HC8ZRv;z-bU!fDNVNQ}m8e}P6$-y$3zHFp8IYrlx zk+@YJYzwHmc0%R0ZhqkI>)qvlK9pc1J&RCcfO6cy_va{kw*ORr#Nb zH<_g`r_6)n_%~u-aTrN|!Tjf?=D#SV<(0b|FBB0Y+}U5;YbZ$cAt)L9I_V{D}wJ9yM%F9WS>p)b4gXTBmDVO?a$h@$L$YD zZU4TPcG3Rze~SK(_qhFKTNy5vRRd4a{#YEcTlBq*nGYeVFU2bv>Z3k zp}FyYE=%wb^A|nnkj22IF99ZKAxr%L*Mgky&gVhSNgkV1_#2wMO49>WM#Eu%9(XNr z4w@dJ0zSk{PNO}z5xX`)Jc;cZF)gU3e_$0u<1JlTA;})bezkF8cgo1rP~)(5AsfsM z9};_zM=X>ojov>iKldYRlW2ZV<(F$nYD9h)WF|>6^4oE8 z<0Kvbt;nzE++E9W+)c3MFlA@fE5mK)L82LCqn&hGby4G!PDej!!@Sv_%B0hw@|NU= zL2TZ16-M}%oL!o(vQvJmSCVlt%%mH{GY4!-H(&UGu-5-Gta%SapryVcZ=oKp9u4gGR)&d2TxxW-3P$w zit)dni>p$8tMi@(y2Cv#rs-?b^NHVG&^UHydf2`5adJLU)R#QOe8`Dc%6wv$olk^= z>60~GbxpxdOco*&?~|qOyh6_>?wwLeJ@^a=Xkz0YRa5G8&O#4U$x9DMnJ{s_FFF0f|I)1O20Yph16pgl2X7(ki57 zA|;8BN{9&>Hjz?Ty}nj(`lFY|DVI2b9gX9ZXK*qd+@v|XwU0l=pUm}w%k>7Arup-@ zjG;XK{O9S$_=E34YkT-V@#ujyg4c$gd%~kO#LM=)7u}x{5flN*_<5cwNJx-o56d*Z z@T?>a{Z(FQUZC)jU*;w%F%P@>uiTU1W;Db}R z^=je8X6u#41z_LAb0=y?Pz9qn8KW-w2dM3kN^OJw%A5yMMtU*+;UBbGi9t95wcdSSXuA7g#<`8N3%#7$b1FjbwY^yBT^iO0U#nP>F}* z9?}o)z@Ca7XvL`_|VUIp$X9fFL!$(YrwoR!$Dw$FwI zOiGOh#_g{Cvm3PE<-cuzY-8=;xLg0E&fD>oXc{C+g01-6cK4pc<#o*NP*1toLOU<8 zDXdPsH)Ze-{uPsdCFGECPoF&r$y~D={o}drz!AQ3G~-YHf&KxO_MwnGqq0|i-35++ z$kA99M;=m;#1SesD5zHm=8}ZGAd1!2do<$tBsap^r9`}ph?^zKor(A`gSd#-b>6J{ z^`P-BxhODWiR(OqU*mpooz+#p?mg~nLdwRvk>;UVW`=up2~9Z;SGVZXsvVj3rCy!N ze{zd9RPAUv?%Q6+g{FJ}WO^MLnlhW$PFMv=+^c_WHW5dJ{F+&QGVd#n>2+L1tNFAS z>_Ny`(yM31Uh*rktydR&yQSA@*lUycL>4SAksneS00ICINda)2eQR5<)9me*UZ)5E zywI||4gT&`@uDWwfIKo(!_~`)huorngQC!6^2RM%=cn$tP|c}$8Xt#0y?T#7$SqnX zRXfY?P)$b`j=&$cXpt0f*1Ok5<#oMoDPJfHi{*_Lp~>$c8`JB&P|ZJiy#Pn~;Tm6s zKftU-sODk*d<}oZd#CxcaTo7a-$j{a%Bn9p4rPNIGwA@>Joi8(l^NO(?U00^r`E0i z4m*#U*8S~c#H93MmhoH@F=?w#LCrC#LVfL4hYvU58*s?lQ1VWX^&xjB(y^iHo_q;S zN2U(zbTU;E8v0VFnWz++*Q;fr+oB~C%1)%J{)kZRlT4VpmCbk*qPqpYv(R-i3wnGQ zs{RJF;gb!8Ei?POLs$2y+OceO0(goJ5!($3N#;iLGaP?*|5@5nwZOq z=xdm~0;Ezxg2Om^$J#0m;87gZ}5-P0xRTdQmZi| z_eo2s21_(sxWhSqJpS}^&wQj$)vtl^dqWaW$p;+p=uPj@O4;(<9|!oY2EC9ZYVQb) z5B7Jje2RRGzo;MM4fA-VJf4Bayy^2gk&3(cNv+XGj2Rk7zL%sC{XS`&a_s+tMj!_? ze-Dfg^>@cS1;yzf{UQD)QlTgSqNZS_DR_bfsDsay{Y~G-SK->vy#hdf3xp=~P;dOg zoBUObUpzYspDy}&qs&Ej#23}K!6`JqC9pt9OAivS|Y9Hv5G9cciL~D#h z?b%tW67BDf0HQks6%R(y65ob&>g!|^ zIA?j7LoSfs<8$1hde!xfrj+9`N#*Z5Nc47;KpZJhY|86S_=v`X^YN(p92ZZLe zZ3%;c|9l)I4sna%GB<>(@6%<&=rTu&TO5B83Y$scjkd5^fAX9s;+No7R{h|W+r$h|ZM1jY*#NAVgb@(ePEWcMKmhh|8Z=fNqJg7ACsl=W5 zE2_gvBUdIS(eiHqZ-DJF702P*IxQ;>lIFeu;(f6WCd~GrM9f7=!BSIjOk#`tW+H09 z)V6{b>U|GS;KgeG4s0wFhd| zOxA%J&X?x-)|llA30eNpqY>UC)3^PsLjAxI(PVm>)a77-)B6X^NX;~4XgdKLJFrL!HBsPyx z9~LO`xy-iM`ial&oqmTe#D^Gj-CMr(`YTi)_WF)o&X(?kf3j8eP^(q=nQv5! zA-C8qRIrTSqvP67%*osB#5+T-Ov=OF(fyX|Pq0q~Gx~?-waG#E7!K9)6U_V|6RE~wO!scqmnF*r~s|LCzMR3lr)Ay){JK^6j# z>MKbJ@G4u@q8YXX7H9Iv{F9?UN9w+95ed!vsn89)-JvL>50<22PWY`*H9tj*h3DCs zsNAgjs}M^73MJX5q#5R^u|jAC8v)HSv#+V-2b@Tfr6In9wh4qv{37Nnz>t%Tn0u~% zL0-T(rO(v12Nk;KiNqp>oK^MMmkt=84ig2BKfo}+a4f#Lp(lX2sM$H{wA)fVEMl6O zXqOf}n^!1)CHAjW;U10JG`%%@>xq4p)Vs^XrkCqWoxUv4mlyQqwFh9Z%g|A3`ys|z zNI&2|8n&1vKL~BhVUX`EkqHQqtx5LK( z>Z)GAgl!nBr`m_+jSSap#OG^)4g#h^Faew>h6^Zx;Y#Ny_SrWZ8_1ESfjdDZ?MVct zl9^2prX6Afc9Cu!cknHeD{1%d7}Fx`+u(_~Bv06oOOSc0>l7^@v8RX}CZKM-9}En@ zGKGO@^lt?K&<`$+21Ga?&}EkabX!a7!_w+iA$J<;h32)-cE>(~HP;7?`^p{rrrdnu zj$MtLy~p>4%~z}@Qu)9MT>%1Zxd8`^W5lCkTUH`B;8PCx6kbxb^O*8Cs&*b*zMyJn z*YcODcAgTd-GnN1B(-9ZZlKR*WMzKS$V*v-rA)z-9lcj@bS`Z zgVotg!GNP;TDo_&P{&_Rh$4y-Rsn!TeqpRI!od6Hqx1HC5uiw&gF<-~qAC;3z)hvx zKt)Y&e&=FwR=4TP;rD=%Z@^g^MmFH5+Ye`K$j4k)=}umH@8}%8#M3ob+x^ljpa-8x zeo)nrecUibTY5HyoddySAmI|uR0XC#fXxf?Fnqq^cx-_Cl4VxZJ?m}oYIcTt7pVjq zIIP^uY4BLVkVN?mUU&}n8Y%%`7qe=q2ZCs1BMXtCj`}X$2?7^%k8BsX2%F1kQfE}g zf`iWFRL?DCZ08(-JfKYC1CoUJ;OkZnT7y|%+|Qb|9jU>*=^$glmVm+cmykVf@U2J4 z8R(&9n3EI3xr1z{C>z6t2`ssvb+J2-q(b)G#`mVK!fkxmSWZVBMXnb?E4wfL1MEW{ zr$eyoYD}z(Se9KfIyVXtUY)@ewGmv(Qoj@uaXo}Y=0FOQ#|vkv^}ce+cnVA1U<)CG zer2A&#u1F7u!2qcR3JB(nBiYaZlM82y>ymZT`i!DFkmi_gN*aNUV4uq3fqQ(NH;KG zZzH4E`|eUkmkiM|;^*YR$D6U<7mnxnGhdosPP^N$K4D=%1F($iWSz zL%R{t_4XCU%Y^ab@~@Q12a4tpe~qrFp*r6Q%WrEUlC=KxBI@+6^3_5zVA2*dRbN(Z zXp1#F$v@aL42f>d4XoVDFhA1AV?G_0XB}#==KQ0Y^Uug^3amr37@S{@3WoDn@G&e? z+XdR7T|BAF$@ybho{z_{3m88jQkX4g>0T0cWPGrLZo9}c1iU~)_^v=B7)fB|yEYLt z#gcz}B~y*^?1Fzs7jpB>&-WS7?7bgIk{_ZJjTS zoFn$*z~9o2Xr?Q8#l$nhL!G**foEBfMM49wzgP(7!x{bSG#{_w*i8Bkx%W`*9juFZ zxekCr^A4`sd341!kVXUog|8YpNSK`uX7;2%xs`T+MWk?Q>)A5wZxgQk$9tu30nlJL zX(E4NP7VA6#J$vY-T+@88im)-)<=v1P8vtohqd>yM( zw;>B1K5-pnw~#vul1~_abY9`#lDC2yR_SD}z-PWQLp2xUjc#={ zfc71Hy%S}`&DE)HU|W?Yy+QvcTX{H_2tc_+E5eQ^pX36;;ia*5?>m&iEhVJ!ashi` z37vWsI7`}~Nx;@+@6v58b4weg100?u9n&TJQTzzfvoaR(-YDRjXH?&#eesrU_XDHXm3ux2Afjbn#9FAira#Trvc<=dIP-~Q^=v^Dd5yv-Um}Y zQxM%2|CI3;Uxt&?i&Wjfi?{f76}pn44#R2!PBMULR5*B$DmG0ejsF7ycxayf5^>Gi z@+^XtWyaONG{1R2t#LP^4xg9#n`=%GIQ-mr1#KF9s9wZ${w|v1Y=)?I`FT!sKu#?1 zN`IQi@N7826A+|jQ<46(ZxYu1emeOLk`k{a=?T@uG@5s;Gb6Uir&w?5jo7*a2e`=I zaFO9lIKIM&&8JfMp7Kq)tKUReaGrFO4KxeSXG%FN#tnXOu^p&gCV1(>#1kSdx->-9 z_e`LqIF^R^B&t@b<#-_a+RZ1cnis_7Ks5g}H_Y zv9*Q=x0-d5pfi%y6}4i)E zn=t`lHJZH`RIKzSzee++D#8+iU8q?66*)>)GLqVbI8jEVOgw&Q!j@ukb}FHZ4UCpI zXoK3_XEtnb;$SNnxa*2zhDUSd-b}$e@r4wBp-(MC-OHYUq zQ2Z%Oi#Snw)N*mn58T**u<@ADXGS!vVMs>@FIyD9jPGi=IG{2K|caS^m`K_5@+R<9&4(k(Bi@=t5s6ahr7OGw~kwN9P?q70hP(U&vy z<*QmmaDCAgrp=F=_-!nE>|Muib;3Ca)COgg1}u9~WdqCJXFsbzuxuV|7n-()LtsvK zfnzHOsmGeolpTE78Oc)YWZi&WtjOVDMU#&3oJ`~+jGC%%%m5l)F?&L23Ur2Rn;2;v zFNMR{(AvoQ1!0SdZAAUQFp%JqMe~zvoV2>CbI0SzhPa@dYdroHW>~FPpB1ozk z$vDLS9&7>ugZQ?<0(ludw)e8m7##R5HN@uiyr^R)5wTH6iMA245-savVo&>2zXw9S zbOGw;3AIcKk{r=SV2m!#=Zw)BAQCMP+V`I{0d0pc#g3Y}W5x|k-#HL1AQ&Hbg6%#4 zv69HZDLeRj)VHTnm2s$qP%_QnlEoUOsDYu++o)lNJ{M47wAne?%OYWHld_ZXRwyP! z2l5iHY$8~AWQ8mL@qU}W1>+it*R92paJ9LY#=0_bm+%&?TVCP&v$imPCVeshueN~w zT>$Pk+2;sehzO6dAQBA__+P+iT(dk8cKx^s5k4)*)o2$Fh2RqUcYZY@tU2BjVNIth zL7z25in+bTA)Vp%5A;Zp98`k0YK=l8zY>l+4l6zgeZG3*8S&1q z=u1%*-161vJ$)(7#>Us%n)c5t*rbfFuHyI#M?i;aXA2r;#yCoEYF&c_ukUZrdX?un z8n_&Bs~gL){&N?`0YlhCxL`aP-M}DVFf=L-Ped?)!}|P3n4WObEg6Pd$2uOKZo3<< zZ_u~A(AxGb>{b-$Xwa?bFNJb&%)UitYIoJa*s-bYXkN-E}sz(-7BqxgS^I@8!MxxE2UFAEZ{&Gnr9JD(N(R0nz=#CQScL_5~6vLuy5G{>*b^ zh`4LGf)c0mI{(s~4eS`Dp-h|>VFD`YDS%0aTE4!Cw&dVI0EUNVCJP=*I0BasHm~rF z$~!LdI!gcG+@t8?UANMd(%s!@6L6##rUErkI^XOaqETi8z?Tv|;=moSmh=px1l)zm zqFhpvr^a0EpS<%rr$4K`yR??wA-*ds+s%7M0PzkoGisc>jSJv;&=H$%9hl7o%lMD> zH(TGrYy!*Pwrd1zJi!jMq`B@hB>c#x8PDXa0LNGHTBw5KJw$@+0uGjEHUy!^!&4dH z@kVA!)rF68tAG~>?UGgYB-Uw-%h(OPywt?kbIg(__E=f^J5nP~lJ1OiksUgFBily1 zcYObR^q$4qQ-yMn>IPTj+EMOAiHmfPn|RREcFPeMCAbuP<(dW|<>UuB;E|Y4n@{{) zxPA59lhPf`)|XlO@}RzSzY(3ow-^BVItSb)`v>f|2~ED8j-WyQ8|u$+U4k+jU=lg? z$-kN~^sa;jlYyZOio`lJJCT9F_4&0ML$zCl8-4QyE{sP?z0B&44HWOOgTezQOKIgOfr?^K zpgLp4f{Z3>%$vUSPz_wjE^SVYV6vE&9=Up+Q=dh zTuhO1wS*~-+OhS^cy7AC3dt`!vZXE+Ia`~MxUMEc-M&_15GGIHHipT_tlU88F4>P^ zByS|>yguUe*jDj{6Sd(87zYuSLxh*#mlPqEvS^OrwTKXeKNPBmwmNV;Sp2B4IE}yZ ziRF|tP_geGt19Y5Xza$_r^o^T6m+qjsC~1lon6L{sM^_Se7~xl9n06^uKXRlq*=(E z@}9R|sbXKEhj$ApI&2P0Jc==2M3@=|&vUV~;)wFw-LV_6N~7ht+Qhu7oxR8BxMP>$ zH`eNp0Z;HGR8xwZ!~<13BcYlLb7)a5~yHF`ia;9lxa>CM&E8lW7Pxp&yAw zd`)Q5ucbjrD^SC8H`u>advxvg5Y1(%P9N*7m;i{aSsW9;hv)c_3p>^W zb~)=X+M<(^&r5*;P}EQxa|&@4$xi@ZTi z9BVPy0s<|SLKx+)A>n{{yod8((Qqy+02%gIP<8D`7ho*InB(DbXJ#a1;haaw;p)rHNlGe#Mj44D04*U|G|}w+ z6z>S#0|5FvB7>^gs$}Dr^>SV+Xet#_--1tx{~-fi{HZ{=)cK=9E`K-Z|O#E zVc{Xh1U15C$`ZU2(0t)I^&j*}-V5bzc`IYBeD-3I_-Skc&x9l>*e91YP_QK%zN}9y z_bO3>$Ej~OX}T>es7m}}%v;d1isS3NyOq2XjM!DuT|=2O)OV))50d~$(PN3HMnljl z+boXvH6YX}CTtg6RTopi6GlXhFh~{0f0vMSs8;_v{R759F~AX`dBmpd$G%y z9GrX_D*(Oz-Z>ZEJa0);uc_{&;VA%Ri@VQhcjkX^xQT70;PKgucH^y+6=Pd7 ^O2?=8D zRqp%{{#Nbp2@BX#nW5V72~;uITO}P&j=I>M^#gN9{(30n0vn(UTO7LMJ<@<`MSRO4 zdJ$*Q<`$fp)I)*t)_CWH*0J7ScLsg+ruRf~mArWZK1L9DE@2UoVHh0^=m8>z@j!%( zpTFKR9tfi?F0K{#%cIR>1iuoCsPPEMplCGugKAmZszr*YfUJHv3XI(BL{9(@?I@7X zH{f~vIzt{irLlNNk4D$u_1pbK6b2h#iQXWkq+K zq4vYa(KQE{FFQd(8`8~gtAxKOX3poG%^&FtYQc^&Clkj&*HyHmeu*GVMqTeafHsx* zPsajsNqio?(2oxtggUFUKPPslggO?VmHcJ#S;!x|!Ur^#QjsA^)0&F@lO3Swm+95Q zTBB>%BCiD8r<39E@P~T|Z%j2+@gWo+G=TRjoap!QaqN|&tC2WMd`z_|BfA}fMw8n1 z&@652fd5sK&C{AhL-Yi0VANOEj?AHicn)9ScWaJzYqu@2n%;<8+e|9KE_fap*s~iD zw^mLL!l%VfJopHX&U>}y!juPvDdnVB9NH&e?gk6-l}NCuFV=ZjFv>PQ4R%DI_DU!5 zX-Ct@fC=dE^FLj?zLOY1^Bc9v@0N$d*WuhjOmS;z@ZtA|!O@*-99=OS-L?fyIJ)Y; zH09`u9!U-zV48C3Wk84G1wxE$0mL;6O~9wt`LS9+n%&^CVnna>+g|} zWR1RDRSK`s$a!vVO{XxCmnF-8=Qw84))IDaa2Xt@J8&6t1%FEUo1=v@SkDc#jBB~5 zhjMIBjVzrc-C?6r8{-_e!zc5}5u{8!Pe~u4#&@vMH@I6&s&km_s}o|33oLQmg`IxE z6P)+&R4?B|FTagmew$kPR|dD&0Fe%_e?dgh06IcxR!{otH+ghKwz};>tr^k|+^J?> z;&2BHAbgsZI`NUlDpB}&ZHBIg@lefkf+9bPcL?@d!+*Uuu^*jKodB9Z&7;p=w5bKO zyBT}zX8mG;lMkDf(I1|yB~WdanCx|i>RALj^5qhyA)xd|pl*l1zhW2%eq|AjYyt+C zCZNyE7xs})&|R zhafTY!_Ak_MZn(7BoDqQiWP2iiB{}%ddrN&Dn=MKnFA%>&oQ$zl^ho6hMRU?e({~ZCKQ)>@aG14cn6h9{ zCXQs9KHNTL9Lc1m^e;>b7F=;=h77P1YdJH(+Wg1+N_(I7mTGpVc(uP>3U_vrH^Lg_ z#M&Hz1u<9z)34KN?aXe_&WyT4XEvKxI5W9I^@Q(mX0^9VOk&w({0~woHA7fHjR*T+ z!-2x#n%~JO27I5vMmJVlH0csYFXmRpZuQu8oY)IXN3&%|Cw4D#N1)pS1Qy1!3UP1_ zwku{#TQD(y&Tu^nDnN4 z-lNdHFmp(cB@@Rwi@t1uy^SYl6}oLt?iV}apB?CNzNlye(>NI$|8zFhoKstf4!MjL zRa^+o(woUUwWlLDvne12%9`vWEA5U_x(Hu&s( zKe$@XK-W@}B%9SWR67dyjyoW;ut#0!jsy7vOoGLnoCU0ro1fL5fk)eunLOk92+;YH zS)y06!JUvr*`RF5um>eH35sqE90`R#1vDLP_J%We1L**Z$qDH33a zwrSN+yRiD~3~SN4iL})QFb`4aNlU5c7~tx~uLOXlu9DA!*RcJr>UXg2s7ooz`|$>4 zP$ENIjJ!{Jp0Z;=n<6^`3#*j}G?1Mnv>~AQQ*(^%5*}q0;hXpW5EiHNaCXyl-YiR>_*Kx)HEjA?y0jh zD}8Lw+-gmf>337T$BOa8J?Dmp;wr_=K`T0i8XZ#M2mGS(6~cwHhmZ?&Z(v-We7{rG z$HXO-PLs>U`m*CfIH=34gJSJ0lc)*Z!*2&?CpWJ)9B)o1Ne%Kt5m7Keawrj;&#{us z5PZE62Nr2}pty?wLAZiYgcH#iKALO~kk8jbCXDW^CNKc9h;J6lo46^F8}CJxONw}g zMMHcS(^IDBze{g5n<^&mL!~S4R8rG27C8POm>XOGe8YrJ5&GZD#m#zQT{qW+b-)UE zqtm2i9?wcZ9gz+C-WWb}Aw!4Z*wwHphnb#G?KkuVQ5+|UqsTDkx{};d&A0e?gf`7+ zjf7@fLUVYd7RaJcj?&Rgn7uLh%^sJ|AI!;Cdws59;W?~}EY&$;lWMQH9XHG~R@CAK zDRN}*Uj*b>;8bAfxM#@P{8~J5mJbNy!fPI{u|RuWBNx%(8F-p&N+Y`Tj|1iXe3TxD z(tIhEP%()EDFadB)YJtBXpTqt^&NjfKd)d`YQZtKAby2JNJSA6f<2r?NJ+1)7y`CK z7$ZuZ=!K=R4%Y}m*l2;dfnjv1(cvg9LZW_c#bKyghN_jQS{dumS63}#)xC68lp;AB z8h2;zn?OJp~2^p-HuR>vAiARIQKFGNJWhSW+Z zHPzay0ck>EWXA=hi5vK7iKY?U^7S0`rrBA7w#2YK$qy)VU8Mz1H^LSrB&PxaC8(X6B5fHp1%p6g{1jRnsuZz` zL**7LhAV@|2%K#Y*4-H&s>PVs56zRkK*AvzJK@#%R?!H!yzEU{4$yk4II_40%?IxQ zFL>KvG60_uVbgEQ3#MmHDCHDG`j_G%q?96`aX5S~CBKT-VZRRkM?jjD|5UbtqHMOC zLn)x2kr0wO*=o)kZ#fs5@YsI|e>N4MY528`!VgWpSnF5BH$MSDU^j3FvS2=(gq~wt ze2Z_&EL8I&iPBD{(HAaIcc#AZH{k+dGQ+uXZ{?cR9&C5~C^?*9 zPuqn2bohoF9gQXNX`)Phg|Bqs==Dwda>Fo4qgt~Mu*9b_jlt)fc7jW+69X`x^%)x!a1$v zB;mcC7#>wG&012iml|{{g}E%Sb8j9bJT3F9dNuG0oF@DO5_amL*YQ(ff5)=GMwCOr z&5Nq~EO7nKG7niCrg&ENsW5nRv9#eU>+-yywb1SH5y z=Z&yH&1#YIDQO+Lm9uMS&;a4)s58d+{3x&ldWq@XRwkx3R=H!t%JDu>2c?R@k?oE3 zujfHN5D2?T@B)~Rz%XKC#b62qs~GC=30IDTc=VA~_+w^M;hXGii!YE*iH||Ei8~yZ zn}vJytazH=sDC2G9>@I`?GN64`|Hn__P;-Kx9#)1^c4C@Hc5qk!cWn_ul~jAndoea zex8|H=GRX;CRq@m23@A}usPIe$k2;Ph62B)zb6oyEFE@(@i^3-QW1RxM5C|omR}>v zcxhvLdV~}m!V{`O^9G0WSKy3YBm*4cqqP&s!f&p<@lAvV2R2LMH|Wf!KGImxoV>1F6S{0&QQ-8;SE60efVOa)NAs4VI2w*1FZ zoTfx=hJdf!Dc*R0cLP%sd#XR7nnO`t`@0}tj17jLLqZ`|234cKTNA2T0XlS*S12nv znEmW9i)v+KtVHK@gk$sY4jkdT*hJ{PQ=s30(iTCL#^QPt4wOTc7G9O@+S3-H3bb=9 zt~Vi+fivdWO}gcoxZ^s%(7dyY^U?4${YoibDZwka-c*8D%Fhs`?*}@{P*e%$jO%%o z*e}wUbEbz&j?cMb=Dn+_`WR0o*1Gdag{U-oM0wNJ9~*i;GxRuUHB=+{CeY*t zZ(Np!c9DlRJP6UA`l3Y}KQW34F3*SvrRw2dbqT1ErC$#As19l&iw$)>Ex$lDV{@!X{$~o)Wa5@l6XwdR$Y-QTa#YzY%eO{WhO9N!z~fPtMAP=cm` z$*>c*+{XzOTDOFoHseTI!>aQ4&mq5EuX)=7IjX;&ErOjh0D>K81Y0J8y+Yi;;qi-b zO^f$0Opm8TmdGrFD-uthL_2nalb583PZBo9R3lpFe_TL*d9hMJV{<65LGWus%GnGl znbk@DOR>jsX91tEfBd2G=}UZap;zTtk|P3CqdtbV;wi)?4qnD5sRN5iX9-6h><=97 zCl2V`dRE|Yq{9=>c?hJo-#3jPZlL)a9Kl1Vh!3+uP!Dp3>Y}b+qX+UlHxzxNNBYrh zZ?<>R&IsUJpKU2`3wxl(PhFs*7Nf?9Z~Qw`C?asnz`e z`B@8DUsK^9oappD z;)W1~m=A?y`)*CA2wjM*59)=m4eNs<^a7Yt&*#;(*TB!l4At#FT7QUH@!2#!OtCrg z5^%$ea*^D#mv=k-bP`3u<<^je&Rad3=}Y0@Oz^!l1bK^DoM-vKuG5>vAD|JoX_hGZ z8xy;HmZkzr6#ys|&(e8CgH5A?V&)>ISF>xd%;$QX!{kBr_92qJOxza(s@bd*su{?t zXhKt&;w?(HS=K{5P;7e`k=KJ$KIc8HSF8xPpd@;seeLu5=}d88gzDcYx!0ZmZe{=% zljU^b_Xdb5I3F1JS9&L71ZV+2fS}s+GyRgJ2MoS2+=k1t zj>p);EX(@x$G(8s9%#R$*N|Z(gNF5+GPY6M%eATix?YOPR?76Uto4R!_3#aiRie=G z+6=wuh|98G<_j_oGt06*nAndi$^>ByrO>}|(T-l0l?hBv$i%X&nZM2SmStu7mt`He zbCX?`^-`xQLB?!fc007bi@XDA;7pd77-54wT$%N-aIjEkHS$PNzAO_1Qw8BV!ZK^N z&3uvhnt*4!0G6!|7;YD5t;QP(i~#HxiS@!I(POi4sZ0ue=N{2=#Z4akOYB5!{r`qsrLj?}2rRJ%$NmYY3 zRSM74L6{r&%x92{bIckXsb~6ctjGUm56q|i?1ruPRs&4y65g8D9o_ohu<_NjUXH^L zjhm7>_OuWR7U;?g+3M9Nu|MP{<4F8gdYJn3nJ=-14&iHaC;AJejmQg&$l8mOldSp- zS!;pQz?)C{qYCT~xr;>zm6_Fl99G`F`j7L=yM|u)6h-f|MIro%_wqdgd4)TV7HeWGgN0UeF zY-XCD8TrKf%*YalXBd!bPAAZ@OPXf?V^b5w-uOAG+)iq*WI93V7MI8Oz_J!U4yL}wwGn&BR8?}NOhb&&m$UR`u)ciJ z6LIV#K+hLz@OG4A*YC-E@Nz14>Ut6=5_)*uv6hJbs#mhfQ3P95Fz6eX!gAeSd%n%p z7eABbSX>u!XX8#MExPfUI|ySUZ#t%Wv)*Y6;1sC3$iM|i`fzrdx6>T4w&ogin{#W- zAplP%Y?!k=lGTMq5*+r^Ob#LNwSeHG+w>s-_zqteZuXavp>(LD;UKEz7*!b@qggjt zF10DVStfXjB$hHFDg|7bUn!Ft#BAneH*l0ijh*?1ZEWQ+yQjLN)MjH(Z`V*sHIy@-l0Ya6-Y`Ok z%pkPjTU{6`($>6C@kOjH@TNHPsRMcOcJ$Isvu^9HhMLdgK5F(CYNr3_v99Y^Y!HD$ zaOcsxrzS&clbVlz@TgJW=R@V&r(|FJ`tD+_EAf^1+GztiCvD~Nl8mo2ctw0ISNN)I zc}^Rc)+tBs(HQ0<7aT)0*>ih*x%ww<+hNQ&*H^%?)#x|uoAhq$TC*85JVt>A-v(9y zmaC_>qJA&!H#xjfuMN{24HIGNgU18AK()bE9Yav&8hp{90~w%SlW%TJ>y#ld?(UQ; zxR@(~$lGNPgiygTyBoMT&yJz?G8{4fhJK-vYm7aTPXf{;IhQO!EyjHq;3EPw{UO+Z zebb{PNRw2BUUpB}m2k_rk=wg#nt~H}Nk#eZ!C+Y;6 zMuGt1{f6fugIm+dNN`CgrCYp9RL4AUgEPM*`zc=bX6WyA!yJ*JwH%dkw_!c)45Vdn zU-uP81e$%eSDB_8aocTGgvk*OR4ElEcmeXj5cT9=F_OnPI2WI28xKyu^8c877x<`( z^Z!4AtOg`*tfJA1E{ZjHYp|f8s6hjsXwaxs@m5o@G`85Ll3-NOU;<>j97Uyy_0m+o zZP9AIBig z|HQQq5K5X|cUhZ%JZ?A;us^k>A}C*3m}a+y80UJW<%R`lJYB7h08$NRIeMq`4uH!swr?QqjK) z{Rpg7fgR;$l1}GbmC`hKf3S{am(;y;RJU}#LonG7Gj0;4 zMe!_^zlprSQg7PDaf~SH>T+C@RY|ac>eO%3i2OFT;dfp5eUI$p$7bB`0-wR|Z#yjG z)Ki&0VwBy%b<6SjHKg&n@p;Mb--_5H#2%6bjoEO?nnmD(Q#G4WX?NSYtd)?34`r<_jB^@=SBDaus>cAMo#HR z1CKRWDGo+kI5KNfs9x2o&#Dp*dZ0NBY0wF4Sv?A_T&U7?AhSye-2}Uz7VRiS+Z*)?EmR?ljK>~-_;#rMP^P8Ul7)Yzx=nZe z>B>+hLX8SsmBploCB()?y=0`0rSF3yZ-~a8e*Qo;TDWE^*4$&YK)%Y}&QRo%5QCfc zaKjSRx8U^qAO8&?ZnqT>FHr^cN-D%f3-x<&iwqk45#kq_ah-_tKb;*M`jh@oB1!C9WtxMfl|!) zj>BTV)Kn#CjRcH-KpE0eX)2m)LcfPB=Mc|TM0p~OZ-|vc5Ip`KTIJtzdnI(Bxj4|| zw0OwGvt88zA0W)OG+N-iVOW9sues8pifH}3 zn6WfxQ8(JICH3MLRo!4W*+Fiqc>3o}jS~-SdYz1!qLIU!Z2fa3oQNVL#VgA_XUW%v zd&25rvU;&qgXTEG@iL*EN1G-e_`}H)&Oe{jgQn@3`_i#$7Kp_K9?W(Z|vK>77 zdNc}Cmg~g?DH;*T8U`G4{q5LroFpugEoP_!2|XW=RV(!{UXU_|AVpg!sWc*R<2hM~gC6*?i|+`1q0(?e8MGi>coO7Wx|mSB)lU6@Rcxe2okO={hqS%oZO`)=XE_c!l%Hoc?dSOyv&{R|X#?Y}-&T9L zBbCs4*TN)(|B%HdMtHXVyFfRGjx1?BXk=f_YYHjQg_`YvPNZU-%mPbP=3lQEEAP|i zC>jdV9QSk6?2x9|DF&&9Un&So>S2Hc;vI zk`nTMZ(p-`AvL@vRau4*l~#{fAD?9>bcH6fX7Hk1W_r!QMPA`XVY0YpFgsMp*nzFG zU_V>RXvAFeDtXx?@(x17q z?iTt)Bnj4^;^Lp<>~gZZtZ@(D`3`I!$C=5g0=vuU13!CyoW&NVzduJUCGT{Q`Qa5? zHP4BxqLgh}j%{lsgP`Kat%?*F)eskf zIU7x|B%_pQmOXB+ zS6D5nkAW0Ds*i!RGF@j{#|#8s{#=Ah&cJIi$uYw=J{azQZb7@@>M2l@(hRJhIR{%-^Mf4hE= zfL*plJZQZf5@H?wH}~IyD~`@X!f+vBeEI{JIk^2q(^t2;%i(*Ws3!8c?Ioqn%=}Bhdc1WQWihKeU`O|9jB#oziok>^D4#P5H3( z=_jZ^Hs$Z$;1xQ1EIgrW;FF$Tw1d~WsdxNJt?hr9X5fktU6n$W#}imQ@>u-XkPD*_ zf)#_Kf*0ny(S)fypY^8;JSz z+*x`Uq=onTllC;Z#~97gZwyPc@!D%?rQ(31-+-dnMa7^e{a1Xb)}{2mD;A$+dq(nb zsRk~}h`2yVWJBsk^$Ffs`L;KBwOMohQyP5w7nkdS@(R@$7E*Q*4OVYkS9l}V#{HE5 z5^p`5%BnbV`$$gQ-X}iee|T8qpIBJUn7j2b_pav1!qNUoQ1FXB7oEe)UiNZ8^s?7z z|8!n%>T}V6QJrrUjqdY$HM=sj{+pUOmA;Up>)GR{cP2$Ky0|H(gYQqjJ+q2`pUD1R zo>@G4$ePTbX^28!SfP_{&s@!K3WdLyXQq#4_<1q-vL>#zCi+Jg4gMrI^ZFG-DAI`loF|I_V z-OEC=95giO#;h0);|+vBPN3Fg-=(A{5Z4e|BLzXCDj3_v{gD(fV?5*7n6MNz6 zVvOrWMT;@M`9DtB;f5&JMWPXjqu;;OJ_A%gI*3A`-jV&xBnhk-oC$Qqo~wv2OGjjl zryLo6n0%WY-gLi$vXK!FH=LlN@oIOqV557EOyMq5{C3@mQiA$7U!d+dxK>zq1lPB+ zaBZbKqw+pml>KbYZ4nl>=+2y%zOg&c-$!?d=fB)x9S8pUeLk9~Vb z=gbucH^A+9fit#6M|=1y&BA|&N&!Ko@G###=|5+s+E+gZ%$TGu%K`EqaAh?>3AVr6 z`9AP#sMYX-;%zs|zhwUYu_G}oo$(nv$?r|!t(^fiPB!VURc-iaQS|tQAzj+Lr<1*V zmYOE~9Wd0S3TxO)wFZe8KX$~*rnO=mJTfDlm#);A0nrWC~RyW zfr7-C!lydiGc`|W(Y$*yXzHyM(_>ONJxTDK;6nx%@)u3cr!SHCGcq(q6eZP#D3nj< z`Nv~)SH`b8Mxx&Nc9Al5V6>@w6sL~3_AebM^`bpyu(jwrhWy6{wdk50xrbcW0)0bI zVLwcX zjV?9Lq{2in=SA7rMrlvQO8A~^K%x^qN${7^it)gV0R&jaoGM<&qE7$nXKcIpXS zzr=r5vCwdYtGLjS^7F=pJ_kmiAo$`J4vC3yg+-(7pJ^&2RMF{1B^&v%N~=sAHcc+w z~xbd>44u=dj6H>;dsF?TAF z{y@n^Lbx9rX_bg|Zd}Qn;C@g%>;g4=^&Wor@3hd_O&KSa{Wn2n)Yj0TxyVf7+So;Z6As=GybC z2F-ECKO^-v{e5T2?hJRh3$IXRqfn;?xOY;l7EW1{hB@W?n5xt)#m`j_U9Lk*ml?ie z|1OTS^e3a8mL6)l6#b+LMxu1<6{TAr9K`6tO)kdz?5i1YMXjj5&bbMG?2`{C*wbc- zXbZI$0E(_mS^5dgYgAN;!E#MhJ(B+XAK%rk6pwL+!=wbZbuw-ZQpopg` z%Yu^d{9r~L+7YEn8bli?(tc<$1fs@V_eznZM%0k=I~Hp?a~ZJVv&V7S>C?5mO`oKW zu^#?WabTEtj5nc@RH3!T(bztG3Fq!SCrFNUk`k!g^d(}m#oBqLvN&_9>2L>q?0nTr z4@-k%m##HpmJt@cL+izsW$vF7jOwADIl=xtJk8=HxcMaWlCP_@%T?|&Z$~8Y6XzG_ z!kJw(%bQFv%oPxih zhpkJ7YnlIqqt&ISV@13y41U-7ZdWkp0#^8+xi4$|r+oDHuAp!=cT->G?zA0v`!T0; z2S;>$+!d7X_z$V?cbYdFfd(huCLxqm805*4A3Smk`5X(Mce9X(2)JbIBp!m9Yi5H+}Gl3RTNK4ND97HzawK|8P^v)o!F?3WC=UimVG1fo>(Y+ecYV-2eW5`8JOF3xdxsjlRJm?ZT5($*SjE zCkF@szog%X&MNt_Ga?wkNx4xOyE$RYI&aOdlUXI|ygaPa&NlN)_WyoV=Qcgnx#N~~ zo{(Rsx|=H5Kdf_2e!TO8slAI@Go<@ep}-4~bS_1)F^>a(uzt4ueSys{yx z^9McE`Sb1a>ok1+KEF=UDOJ)M*7+k>=fJwC&b~d>dDS-gb<#EV+s?1k!TH^=PD{`A zOSbtqs&m1UJ@ozAzWH?;oL^m>*Y~)=xduj+@k+{O_$8}mM|GatQ=OM?S?3-3bvnAw z3hT6^=lqh9woN0>QEdC3>fC?JI#127v&7*1URdW{`~uE0JN;O7KGGTWUF?qx@UUb} zA9W-0!mRJT^6PXwzjnF$-gE#Td@tkrjr3DV?D<=6DG2IFw|+Wy+fyCdCnQomCXTFw zv+{BT_S3Nhe(XlRuy?Koy(#5Q=Hc*zABV>%7YCm&WrqA1Gm_@J4X~{j^}$-b`HKvZ zWZsXBNeL*uc}j2G!bN+t-TLUwANA&Q%MP(O3(t<;T&*{$+?%dXqc<1n&4ApSzh~c^ ztv7c|i8~0IPl~=dMsG&t-el6zo56Zx=?Z?yJ`V~Dk?#=Kn_&w0`z7D*_U2zt^G0W2 z2iuikj6TD~bY9wK_Q1HZ_5C{80}_Pv5BO~`=(uTi*m-C_c!HlOUcE#C*a)H-MK$t@ zV*v>B#Au=3M!dnUmM{`oumAcSiCdS#JUyQyv2?l`g&e>{qYzMcKyB_~2sZ0`r$o{S z#NK9WYL8L%|H(NLcRU4`z3C-~(p=l17Kw+k%r!jkc8}3*8_U5Hy=$^5A<29wy@iab}}8^>;F0RgNaGth59R1 zKd>{LnPDRsqlcP=s=IZGw>Y@Dn9epw zou$X!;EB)N=;+rVnCbByc&-9vEQE=g+=64w?FRsYHq3F0gNc9jO12Iu~m@0 zcNzP=+i+3*6^?&k1|lj!`C)Q7RXvcx7Ai&&tE4im4dA`xvzbLf%eEjV(@nfL$B(i( z87j9}rzW9)K~b~xPP;vUa+zI;T(hQ+N%2fvZP99t&}f7`)( z@{di}N|oISS~YkO* z=hKS*G&sM<-5Qmf8Su66+XxMZY89;?TY7p#-YDuNz{&)9BKY-VVbn`~fJR8N@IeRl zvGo#E)TQ?YLLC*|W&T3MXi<8@O^(t2BhV-$F4dplpXYAvz9YJabJa&JuTcNQ!P&kA ze>m8Nmz6R2=ULo}oO$TZKU20U@597bbhTWhpwnB(`=_7&SMq*W(Pr|F!hzfe;9c=Q z4Z>V_iHvGFWb#Qy@zb{Fu*4l&HYFPW$!uHWKbRBM>eThD7QJjY&u?Jy*XTi23R$p|GW$omaJg%~Y9Sxr}$!ZF!QN09&RyM5*emunR zx4uG`JmmfVRzGcXTExK8Pr<_fclxP)*ng&<*7f>2{p42-TIAw+@5NxI>F+Nxe!VkX zwjExh5KR(Ql?YQ&${oKUUvPs$(5T5`TX$8Znlv4}Nu%QETb&$tafP@4#Y8f?3gcJ( zoADZv5Yx=fUaGk?DP(Ay&37PQFYjw(?+3Nv9s6}3za;S_Q+NigwQl~!>maeB}t zFc85G>zZZ_lOrP)CQX0jP#0W4PlQX@lcVU9d7PsXsn~~);Rm7J?1&~HarKM>5!a)&MXnre64@4R=MJ_$Rv4J7=)A^NIheuEj9sjBm`t6T%dY4^O={fG7A$~7Wu~X+~K7kL@c!D_QC!k&Z$rP=3x4;pK@AM^$c*Gpt)(CTxtyl>OvyTmNL(}NT zYEKTy0r-wq;=gP}P1#?LG`l<~(rAMmG(jF|B5@6CL{~JpgB74ftv;<37q$!dB$!dq z4z@1{j=k48Hbw>zpx`?rf<1Gn31=`Xv-4wjN;eUgnYkl1#255xU6yEF^qY~pUi7R! za!rUSZAf84X&#CEm|a6bwbl|&P;o?87+B$?INZ8UzyDKw(=GRXxM>LW{ja{K9euAq zwYl2e+Word9-a{G<#4Unbu*d=qxLf^d6>H_9&Ep!`|_Qx^oDHspu4{jpZSz3>K4;x zBRsZ?m4D%nDirgAA@hYT=RTOdFq}uxQ>erq;3E@_FO2Nd_>7PZGXNN;pU+r6%}#}d zm2EB|JJeE!Jzw>M)p1u}y8Ly1T~=X9l*+vi_q`nNq0`FQIdJlx?YkeWlg*KDW?w67 zb8RF?MR9+j+6zaN#2V(!R7fk*38i|8rkG|t>*ZH61ggKn`C*ql#w`g=MYDCn8s(4X!X*&X+Y!!kWX93(mt zhZbF@FHy%(fey6zf|Gi;j~jGU%NL2pJ}qAy7@x5p81j<+oc;k71;HQQe%I!cjv9HO z+cuSrw#^vTh(9c^Q^PDdIwmk#l*Ha%8Aka`O)6?C_2W=t&U0iHgqnu;Hb)JlmG9xl z{`uTbB*+Ybj zC@ZA(=`S_*tMrl^qIGSp9Qzb@sHV`e^f{i%c>!a6udBNC^FA(pZxmb3FWm0c+ZvAO z`|54g$(OthX&tZG`NcNX$!ERJ&yVs3KU2dzV%q}Y$d6UU$5@AhN5d4zVs(=qactzrKWP4<=ZgSo%cv_@(P|IJ-BVZp@ zfD?)!Qn@VkrQt??wGJKwMonjCRr}s&q=KI@`KR8(=R+-1y&-d)-*2~?Gp;mj8`$raUhB5F2yWUk9XxUHD?xr zTu=%kEi@Bs{0uqY8;@|y@lPL=BKi#$nj{ZP|IoE&V=d^`Vn|Up-%*MNuPl~e+?5c9 z%Vp6KU3pwHK5Mjyjl^lIks6$BQ6U$xVYMk6?No`BS)-qmmm3e$e4p&G+=_(NZ22tm z_-fyA@&OR?#wZ3&Nv7Z2lm4@n0b7b-c5j zP3Wc%1E&vTP9M%QXzp~B{F!Jg&sJkunB1#2kow%?JUCmC2p}Gh$8TmVg zQIOR_BcqtF-aGPSwD*x7GM8S(=gDVvJTA*!OhuaBhxxQI!Zjjo9yr0uj3Z&O&;=H< z@it{pCR7^8>V-jg9MzK5+_Y8@ydA=yvp-OrJseWJRO@`mH{9^C=;g&d<8q(j^ z&CHgoCyX(sFA={imX!1zO&&rF^Pr{6u1d*^Sx**SEK>DZP4rmST6L?&j~(1M)QGp= z<`lotwJy|%^iLXb?4LR!jR%aBqpovT7ah`+7}sak{~@ip{Gy4cBax z3~sp7)!!gg*EtfYs?0;dEgvH=uQ|=)WF{vsmY;9yFgM$C)1p%NPdmiuryuJZ_2bPj z+Yb1U^;F5#cQKY)-c+Mzp?Yy!VXFT$o_YT1#Y{fz$zT&UE4ibW`VlGs*kKZ+Y-Qtr zFDWNVx@+|xL(7<Xzo8r2iQC36|BG(Ga9TO()i6M+W;^uOKcEB0v=_k!-3LEk*Nvj4 zF%flhY;p{veCV>3j;*kuTONYbf8OHBo%STQ?pI7+OsIO5pWLy4>R2=yd+UO)VI+gNdH0N zE`@;T49`3iwujzp-4u(@&}@~L>VLd|OO=e|lKzn%(Fp3;mMY`xa|4EB`>2%EQPBIh zxg4?``Tk7zeT}|PSe5#eW{0PDu9@1yiKx!X+;IXHVa8+@MXE+@Ln_zzGz*SaN6 zIep`2KIlH4p~56SNQU@b0OQd+(}n-30}i1EpRxn4+IDgJ7)GP|8i2Zi4MC zf*TG5T$N3X(>D(mb^jgAdms3ffU&uMIi&$zSt;LgxO_{LbCvwOqCvr5vfdCFL*WbK zQq_N(^(n9dmoN#3n7+)qnG`{X+F}Ho{jwAU?cxMa42LHw7YF?W%S8?r>F{p&4E?u% zBPon$d-C5nfjZgA>;<}fJ?GxzcndCI#>o%|wi^eAlR+4mVCq}qCSenRfx4Sh^*uF2 zxMJ7%f(llJ9n?gUEz3aLR;m`3fp#s@2bG?G1}S}wG&ACp%g@YiZppeN+T8^i>9-5J z!(Q=ww>vDL744Ef%NUEaSB1&yGz=S`!{U3k)I!gxb-c8EeR_ZUAe_tAq}fY{=c0Gk zE&2#0$WFdcs&DSOI6Df5Q*37_Bso zhFej9J9M5SA1M|4-PKYZPd42lfROztma!9jq7X|emQo35QyQFqb9c#nSZ`7T9^n$6 zA*m_|)3$*2^!EWZcsC7~yor|T&L3g^@_AZK^v(IpL9NOe?FsN-wH8aLokq;=N8#9T zNHZRPtJgWl0x+JH7~NzKaPT9MJ>3N7ZsWX^gwWKXSKt@o*$~Ao#m!tIww$r(vNAVw z_Cmb%URq`Ltklh(trNlPJuRfaTHY0Sb0iVo)GU-O4cdzx+zGWnn1Tt6Mb=&v842kM zN1i?USw|U0w8F>R&c!jGSJ_o;I zC>3(bf{s_C@u=wxLj)Z)zuoWO>uk{Pbx(c$kE+bjn)se(lV7ciSJ|R3(_&r%-@0Dw`4c=(yZL_UDu39Y50Oq32g>~OExJ%50z)Q(lWr1u zl_x?+D#U_WU0CVX&6sme)bC2=bg7h=?XJcu)_<3+KR#L*+`5h&etPZVeyL$Mb$~ZW zbd%vIBGC{i^yC@;3kv<{#E5@LNQO($GnHB)MI!BCYGHZPcXFTsnMM`xlHYDGf&4;P@gT7y!iF6$+;Rg_9GkDK(GpJa>8CT~2kEbKb@bT|%j7 zw3+X(*!Vfz9|PR0k-cwgr#;XAL7}$i;l9$-CM(&v?!fhWSnDaKyHVR$BtJqOU3P|u zSE-7z3g(TUC50o*L;@rg-Z%IQ$!dZ;!CIHzQ{&;0l*8F0Xvz#0K=6jo%%@NnTbI`;)FV&=GnUJqlXlhT2`<0*gKFj})KzOR$3v+ARFx^ynX$)>Kxgu7HLVMB&jwspnZ-s4*i{{0r8 z{xE)p4w2#Rk|{sqP~bmtH|oOq{Cmblw|c&fEKvWVf~l5ZeaQ3WVjSopo0;rZ;tlJt zNs3A!4NiH5t3p8q9`=&v#i|_&bo=(2Z>+r~tle0FrbAN|>LMZ9)!w!y{ay1Ow^jhG zoOj<11w+`$)KtdS$^}1L2dPe{OqSu#^P>4C=`(98?UQV z+b)b)JZ(aJ!4Sscmrpy<^N)D@-Wx=(Lo3@pYx-+e1!dV#)qo*T8GLTbAjON+TCQi~ zMU*;qxB_$z2c1XErMe-XW$wiu4O#PNz2u^pf6=w!6R##Tp*7v_9)?r9W=tNrrE!5SIu2ZE+h8?`~`Mk?6$Q#nnjY1h= z`86CM{4Mc2HdhBoNHlbMMC-)+A6EL`UW$2eMN2rq*s~yS@$JMJT_deULLJ!Ozcg(1Q~5 zIt)TXgmixEBGVgu5!?A7H+Bmi55EZQA6WBLYb|Bgf2r^}9hH&TmS#Oa>~St2uXhQ0 zS`fV4tJ{Vk)X^XsG>bKyLJsczE6DgV9~tn7&}d)*fw@amxHv1_yx%N8&~+`dOV7I? zt<-3F=lFtBW?!4mwWvNDJg!p4puO7N^G_mU@R`XIIU1+1i?qU~-A#R?ZvU!|Cj>P7 za)8SOB;~MaTc_Xu*0QN@bicA?Qwe%Lvz*;QnzprOGS|0!!FzX~YWafqPi9(!yNYFE z^7@mL2h&$C2(R7pAy{9x@|xWGx^fgsh1S>g-cB_=9lM{Gg~6~6meCa~WAWVKzho`l z&X4eO)XY!2f|@ZLsC#_}EA8I;=lfm32VZ@z#W3HwQd}R>(l`jhl}0yZx(W8$xYn82 zRLN=A8OIM`;Z55l7Tz36g#PK+2wJv*2gGS`mAg zDwZcCMlKfr9{i!>UsGk+;ZD>_#G0SAxOb-Iu?v$B^j0l`7$9JJJ}(UUobuDn`Bi<> zT#ZamYB$pSwR@~g(8)Zs^HvB)KfATlK%=mPluTLBx#1nl0trt84X%C_!I>HfPN*|- z^3zQbx^w6D7qUr;TGY53PCF1FJ0d^TC$c&$*!3OZT?l7a;lrDrl`uRVsia)}>Mxo) ze|-tIR*23V;HtHVfKrAOy?_Wb!~O=B3$-?QQqzPavBFac`k39xBKm<>K=d_R*gqf2 z(IyNN`D;-=Sh?kc$)caFO&qQ5acF|nS*3JzC@3doi3HT){3;q=Jz_N@QravRWMQtU zLL!U;%7W8KV2E}rxs3q@IRUVM^VRf|=xOvb*bYF`r)H_p4L|Xj1D$_aD|m5I_(%1Q z_q`P@WTwn~i|+W|6D@2RG*feHzV{pMFWS3x(e3P`S|?_$=ds!L>}bS;6>Dw3(#`C? zUvki3*=a}+Ux3?Fa`|$`uo~@Kv?2D7pD4KjLQrjSxvK4Mq2+a&h1N~5*OwX74i%zS zIo+q&36{PL4xcnjzZw2M5J=tZomjXMp6L~zeY;-r zlin7$Gm+Us4MHyz&c?=xJWK*Un*^dFk8kC-&`p zv#3ueeW_Jn#?!VTtIlq+CAV4yA>=uiDo|W0Yt#Z6J() z(KdWkTDZ7%V@cz`S~n&d*XwsdzVm~S=J4mY4YC<_^Plf!Q8WItZCZo>tUEkDm zK7J~jKDdD4Sj7ek2&RsXFDPSAvm@ed)A&}KqQz(Y4lGu+qYfD9zna@`g5!x+cq!^g zjUjpbgz{>3u83c;j8)3jUCU~cV-jQiQKTS^DX&VEyySNjRBu>a-MR6o>eh9IHHA-( zhWJSIsZ_h1Xj5VOK>6G*+1!QnYBUzoASf7Qn|+6YzAPrXb&FtW=0U(MiMMGd3GVuG z{GsmrOV=^j`ayi=2sJ>~#tJb7f4X1oZozl#s(mD$?lnVt#(gD!eJT{uFv{e|Hocf9 zrH7~zD5(l1c+QmuZFz!v@kS@8z;?PO5%vL7U1XJLUGbupeAKQN^HJ;ZE2~D<79TQ)0W+A9* zJOV5=Vgq~TF$J%(j8g;SEu+Fwj~>Cl=?^RKDk=re5(YZecj$wJ!e3OY+qJfv)ALVZTjv6hs^Iw!YnqW6hWjAK@kSb$3zd8BF5G zVYkwwfE6vn8n3o6`YdxNzIra{j(XvhgD!Kcm%5BxfH9>t{t4J(Rv>pUuTvAvP^7jI z{t@lszQIv*T$BxfLdup36nfSO0Z7cU?k0~-c*%3hQ?V7l#0_V1r9|^Y$nRda&XSwaA5rrC|$>wx#3UPHj-8cqZ{ZG>2DrNI9r-0#O zD5|%cVdP8$yQIc0{f{u{EpR5E3AB_4$#Ee@wC?aZ7*mo$%2mAWzVOEw{rJ1}Ba#)5 z7HbpufcP!i6ZDPCzsIy}FA_)-6PFh4P|`PC#nD|eKjzdeU20C(xlODNALxeWq7%|; zkqLYlp*Rt2-E+=hR=f4oje2NKd;!NaIOa$V7-7{9 zJIpRe9B$P|93$Y$gF|!GH~m%~)_Bc?&N$hWZdN*(9({?K;nYb~e>!jvtGf{YhRMyg zjRF9aJ3wZ;Qg=|xG>LpvaJNqW?K`&Lr>Q8@Q=D%&$*#=9F6L{e1?=n6B!W4m8O3ca>GJZ zD!_!;;QdwsWUoDgraeT?V+z&hB#eGJN6v{*?_5 zck^#G{v5~H0Ht>TTynr5B4LkQZjmq+2=SNNYxd*B2pE86AY)>%yn+WoAamDp7yt^&{z(wt$*Oe;l>NxR650YxH`I4;OSCIsC<*@2~cw*6Hup8U^ljn8$xN3V_}E z2)o=j{zTvP%jLUi^s`wgaF_h=O!fOEix-c! z?}AG%av}?zTslswWZx^0D>6)1Y$sgJ4#yP5I(w}jub50M*6S<7*H&Yacm<-Y-Z@bQ zm1Rsr2o(J2J0Fz!mqZ>1??_u6W?#3tlf-;f5fxLQUSQOz7NmB()y9z&`|PC$=I`c` zVNf!%^r-=}E|6k-E#5X>gCK!6z(zw1C1-E%J~V|y$^>WAOCP%iXf2Zx%^`fW_AtsZ z;M>Z0^esgi#4q3|+!WvMf9n_>>j7*d!fj>@fdvM64aEgUwTy}%+vUD_6qT+ldG2}L z+VD4;YqmZp??q`}SfE63=o~jYS|0MFf@5^G0)^hl>1Lra#rIlg%sgP0;hPf@^C~F|b*$K8@Eo%u1x$%|5oL;VG1Kq3sjv&`ID=+Y$Z( zboaqgh|hY1L0)!RZ7}ITE23fHz>l>Hp=j+5{zM%@z~F`8>Id>Xg@m3}W)&Z_HXTU} z&YVVnz=ZRoiJd4BNPZ+iB4{<0+U_6V*fwF2GTUWH@jCGEdi*L&Xn~JPjeq8bv!r1{ z3~>TE1vK7R49^Z_bJ;^sF!J<&WB3d=xlInG!(oP+=GWCB&QGilm}QqqyqY-rb9M-!HI(Ja^rsBxj9+NpbwMuOz-h$e@ndk` zdG73mp7-H-`ebtn!xsHvv7O|yQ4%a0=+MA?2waq4-o<%@sF26ROqzBPbe~(K$Bs9l zyGK2JLP5IL%wTNMPhhiDNvAIPN)1Fiv7c>+>&*!^Y8U+4z zhK}${ew%+lO;U+-f(Lu5!H>OARZX`L&8IHRQ(DVZ6`b6lEuK;(=TCFm>oX0g=+h!= z3GJmH9aeUS)PQ3sMb=!YR@W} zB0CkFw#{}Ti=c)>L4;Q^Dw1#!+31MRXwU2cFV{AznB`+z^jO#N*3dv*ICxA+7`JO2BvQInx>P$+r@1B>GE=a=Sse^tg)AUaH>VHOM^TP|qRqe} zL-pgh%g=I-I5xB(NS)_0u&woSnIXm%n6^GZBGn8gvNY@ ziYO)X9V;7-rWm}RC+4sZu};dxN>!pIqAbm$D^szDnmg##8N=~T_GB!>TLF?hnl3m= zGXYIsZf1d82Qhf?E%V!4HOjw>l5fME2zqEU%NRet4d6G^#|A!?m?r0A>oLEbKHdkX zZ3~UgGQ;Gu^sZq{HS6PoJF6u7aqzDmKHjYP)kc_H^XtRkuKC~hRD%hPVtB>ofH~cs z9&Y0)No1t?g{;5ZzIRRwrfsK{{PwdD&kehKNRRDBIf&u84u(!?y;N-b2~yf{RPg@K zvPxS9K5|wgz3)Cvk7vxJm!`77lW-@32ygn+y?U;{Il=r-x5VF^;F=zuIyP?$hsaVn z?>9;ZxR%mqej51|kxwt&EYB}eMv>sqz{Y$P?y~$5MtMcg5@T=Gw~pr8J} zv3T-Mr}i2AnEH=8seEN-EWIs{{k`#BZ8v>^r2e00hZ@^#p>IMUr2hDWwOzInBW-E0 zt&5AjE)oxIa3^a!;+1JX^HPV`q>e>&F0UkL+xWW74RXv{-WnVR8R_ES=N;Ym6kpWH zjBDsu+fh_}&IdAAe7aKa60A-$J|{m5siXkqGpjuZ9G=LHAFTy^dlMRdPi{J*E0+*| zR#VAR=0iS9SBFm8BFHL%HOqjXWSE-1L!|9I4^LpW1+eP{SA%qVvn$#*s6{vYX>?vo?0_Q%9Ro;Owyi$kr7JAWAmN9JF); zB>2NaknCh5*_Na4?h}BU(er6l)I-cdyIpDYrPG0cwUp2%Sr=dQai@}2^3*JzXE)h+ zh4SJao%r($FF5eLA2#YJ(U;;2s*77b|6$W|I-3x}kiuACLn}J&$G-cJlEP#P!F3rv zW zGUddyDKgyHKNb6pUZ+a#8GVbwoZIu3x+3;>YE7(NOwzmCUe#0h8DeQfmmC>#cKT-y zTRe9Xff(wumG)dk(RX#)`>QfDGg$KgXnHqNKY9Az^v{=D!%xVfK68xn4sD-Sz<_7q zA%+L3YCtzRlJmtK!ek=@O)zp-<|TI;)P>3oBXi}#7y8T=vmMW%`P!eGE54tX)MU`{ zpvmb3xoYi#3bCA{YZgJFez4S@D(N1Hy8MOJ7dV8_aeGM{nLA~2TlijoTdy;C?0(Rr z)kRzIHx}U@XAkYz%IWW~u$u04THcSYv0sjtkpmXFuGX4d*XYJnVlZ*VT4Sk%`cMzs z4O?+MAE9TTo3O4c6`T1pF^0GhO4cfxc99}YAg|s_7P2rtcAiT3Cl%}6;r1?CCc(lJ zRWv#L0Ah$cRqj2x^nUF8S5V(PtYtxcc`CM>tEob`t5dQ0=J{7c90nrv!;h`LF@IUd zuJk3SnxDt~sIHBrP5bDBM}E=t^Tr>YcVL57^RaFgXdb@s{GT=c@Z3p1Vr_8aFm-~K z!vFz934|K{M4H~p&uh!dZk5(uDx4`WMrJl04U9C@y&v2hZ(7Bvu3PoRJ+ zouX6sh!AO!p`$_MN{UfJvlSJVP^qGIUQ%o+c^vgqu_eXR8{scKLx@p2u0lC;ds+#e zXMRidKRot02gSl4I(~+*Rq(lAvb0FiA3ik}1AJ3f>PK+X#Jt!~Le1Gm7Y#zJ9JFTV zpsi34eZ7L{>w~Yz^EC&J-Zuy=1U8gCK୯`29*N-`>3Suqfin_It#-iw+LZ0Ht zOMYtNe1PyqrI@8={%=&>*@pkIHfs3E^mL)bFS%fh`b^L0Ddp{3*f;o*VTQUhT5tIX ztrfUIZW8yvu=}<-C~$SUO4D$_w@#(_6U<^VN&R|VH)k%@fgiit%7_lvXY0DxhGdRN zh@M_vl6~38%OG_(3gZ>Gm>ZqZ%^t>QKA}3h=Zk}(dYBZs>?5*OP{QapJi4ijZoKHG z)^6w~%xSJ1^8LN1=p}WTRVo#siGDBFasfjco|QBu34*MxNevkG6Uebf2gI6=-VqO% z&XlV#Ok!$9Y%1;f>w3p+f6dc&xNHv>=&cTCz zUgz|4N~&-A`yF6SixuYSihi~$be^x@Apu~C7Jg>7W7=IKO8vl|k=u-KTp>l6VyijD z5S2EMI%C_?QJ^j4(BQ5*Wr*b0X*~>cMChS7K6P;e$Kup;bQ@OqBzAE)y#jk#S(B>c z|9YM^jIW_!Z4HP7N8;#4sebII&T}IuCk$z3xQ1sHiUJK6h8X#rH^>WaH^}6^g2Z}< z-fVR46iObCk1@2q10-m#GzMEi_A^(o4#$#&9zfeLq@k$9|>KHoB5BUk|o}ncP zhtNW^7Ua-+ad6K$ED{Vy zyQ#rQ*i*6jdP!ePgPG@KN7*{cIQEL(q)J}3OVrHK<5RJ-)y$$Ma(0fZ%luKGnsySX z2IBKS5;MCmmqAM|G%9eZTp)!Hch2oT2^>1osq_<(B&Kx)`5rw!cm|_W}R4)rC$B z-E+)`c*yKWDx_41ZZQz#ViGWJw;zqj3+Y*o7nD&ktSZV$qT1Oy*jGF|p7n_FSw(_@ zC5~DMY3}G7-e3;$UE^uTwt@H_nv*Krq#(O$x82)*U^Rr(4I0Re;ejnYA>)l@f_?Q~ z1NB!WU#*+i1mb4h<;jvudWOOdN;zqo_!1u^EVvO=d^ekA5}%>?t3J05(utWz*^Ggc zO(o#kw1s(f;;c~Hf-370swDWuz77YBJ{C=#lI#CJg=AQ8xWuEy@F#;fH^ik33qKr` zS^X^*T$Pb|k?kTvOrcrewlX6w1I5s9k(%33~8kR%4PbO3_!S^8QEk;LAZZuz{V z@tu~>`!=p^`TRfvV__+8>0;!zEB#ZsL&gsp1{yat$_Pp; zQXg$8fWaMVKn{=b7RBnsZRJ6qd>~#>M$Ugp{@9*l&CDcp$*%)KI~E8-&OI~QH&XV0 z#RF@wCzIJu0SAg5^?PaQ8w}u3=@{T)N@$P$wDNr4QJ(MGmQBV0A;LojxLTGeOPBPG z{0xS@WSaTUEA8@-yCmGh+ug7G{s*l+mS}r85_XsKyu5hjl(W#?mHGZ(?EU?fJ6H07 zF3HdeGnRSqPK69ZGI~bF;D-&&%isamLVNRo$J}O3154vBHYkaB}L1H;;pDMtl`-n30N%Hlz!M2@%d-ndYlUOF*GeClrE&1g7o7da{+0j#KSS; zB3_H_fVa)LCeXT>hbCJsy5SGrxMA#(&<$SkBQcYcb!|9%OP^)g;2rcp=%D+tS%>7M z8J1f;Sw%rJWr9t-mC#M_>auP*h6rlFWBm!X^>&>d&H;veGkuBJiL3^9UXD6K7ekE% zF}kzzbyvGlH>kDQ#n4Ox?;KT5gY&rRPxl>m$Gsmr;^SQ3&9bYB;MH6 zTVn<;kU6;heW#D$#gMthqD?9SgBluFt5@#*R?nRT6Yh#pV~p5K}Rx`tw*0{XgIKhb<`Dz=0e zH$3!|F5SBL4f2;H)X}aaj4U&uz|+T2X|TgB7^wGomv14u*{Ar-J&^y+ZB&)I?$PsF zuH(U(g(4zP$3wqx2(5O6G4{ zc03xD!%^tibv{MCDfJ>c*6;U}h2 z5~>O~H1N?;Dzd~2MHB7CXEPUWd%nK$8NW4BIb3qwN_mZcJh5!fq`Bg|su8*J)V<;A z2D@x>w8y21YQGtYyObqwv9+gmu!3o=*V%QH*ZLld<-QuNsEIkVN!2b6z|nlLC;rcf4Z5v&Cd++Q zZEn8@wH%Z;;SLaQG?Y;9VlC z=$D+kg8cc}BYjN1h+0qCrMD^K0YXLj;TB-IiFRtpMg}D}Zae$y0au zE(Jc|P#gsQN3b1yB+q2s`w%LFuPzH;z3xn2P}y)r(D)MvDL`t*0Z51IMRV2%Cmdo9 zD^gWyF`8idb-+6*gtu1kwhP|Yt-$MGi_iF#xC8irNURM%5b@P?v&K6lny1Ly9kFs+ z0w-ea5l}5vvW|=P-L%0=IE$g21ub_YM||*W$|b_Qc4pQ{=W9iPj!n|Ai?bLqck!^7 zJ*3X);XLY{XVu4&Ry~_oGhN2+5QoQSoUKkJ_qM%6yY(ht|Ae?^&eQrrg2(=HcyYj3 z=Id%|dRqv2BfpC7^i%#s5Bzn3>QqF&ku;kEFZqpp_U^j?%r|uKoB8Z^?R30d@Z?;` zXS*T+ElcbUZ%PWcwN?!{C?rIqhp z-*fqd-fr1Yy7!NJE?;W3?Sr5h;5q!}tyGHSg4s#QCwTp~S}2Q}O4v>6fbe+1_6{LP zM1&I$XM<$W@>GbHT>V;~bSm^qY;J#yTsCbdU32MCYmGFf$;r0qghz0egwEic>^puA z&l#-XJJ({M=BmkV?Zs!#15(;7SDOjRJQSC4v*|6GusqJT%&&rmYv8Ekk)04%TfqO{>|b*Dk;0#%SQ;JK>YSZh8WH|cYr)MZua zC;9Nv&!83<(`SASe&RD9bN+{yuhXTj2l?IE$(xJgABrIp2YH$V{Czv&y2JZOj<@_n{Ers0|qi{rD5s)L_3;Fo2A zUsheXk)^*ET~IS()yc$K?Mx(XWa%kxkMa`Nl94N81Q zbGE*)NFl@N@7Ix%uMnoKbMvF?V}mw={)exkyF(Uz;{7qJG|e$^2_5UjA)z0(&!eFq z#z6Z~KGL5C-HYswd;c*PkZWC<|Jj4&0lP%q{u8$u4IGF#TCv#1(A<>jCOEuGp)Q$T zr~ zJ>?>bRj3@lg?N2e8UA*CWY-h@W|~6nX>!)uCjdS3+f=%=H~;W?Y?~qx8f{_xrDs`; zuNmb+sbvbyHVacI`-G$yU954vG!4mJ6IP;HldRPE^+-3MEmlF)oHA?7+G;7@5y#pH z<&8s&Ued$%UF&X^hMgt$~>BCyot}7^ue;_Z@zd)q~-&<&EV`K__@oF}mXmfkt zEYft3$M~^@z4EbX#EYcWugqc-{#8ouGhq)*;$-_ruOPJ%0I4f;`Gn=D2%uMlG5DHDVThc|BH$z#Ku+ehdQhL6W5R0 z@Y<;4GgZmutKMaLbM&sus|LO>D*4gG&JT;@4}DhS52&1KJMRwt9y=B-KbC3GT}O4k zSzOiU1$Ga+aCWAidJ76Cm-zP<(B~&0Nm<;Aa%L z(9cTaLpX;1h+H=w<8V-EeN68r+FZZDXw#8|Hb2ej@-6(C_{@Gi(Wk61pFV(;2vppuc6P$RmSQQMP&Md6x0^8ht$y=PULm6y-spN z=eygDO0Li1w`AQVHxwMr9=h9u-$mfJsCZQ8I`I4S#N^OjCoZkpwO0&bJ%^1$R!x2Q zKR{jG(OJ|1Li$pnZc@AWIft`u_HVUf!)E`MJNq|326C`}9lB!wbVXiPa3RAq?zgEJ z(zS>OT3a~bCFz)DDy=O+exTPAUQ^ah>+!npe7m=jLbTYGU0wF*>RMX0M-gCM?w{T@ zVs-q=-z)V2zrIciJZC`XlLYK6;bVh3MA6)<$L@2lEHazv)wPIfuDUOzX$@B+Zf$fk zUN?}ohUEUj_{_U$FLhZzT(Mfx!u#>CSA6ERJgiEM*{Obd=aI_WfK>g~EPEDQLQ01S~H70phzXpX}XS@jv zdR#Z+^Tz$VmURjY$K*MZZvBH=W()0`@u z)Hq$mv2*vpT5TMta7IO2Z~qr?Bu7AgwL^T?8N7dj{|hq3(DD%uuwBYlw?k?sbXFVA zbyUolR8dRU@|p?DIVKY_B55$rxb8sJvOy*( z)0aqa7AH6Pmv+@mc+pj-r4A?h{gQNZb^}|nUA``TIC3bAoLA+a*)?{;n(Ed~w40`& zatbS|NGIG~8HeTY0G@ovOtX!dykx&Y)tzr|bDTeWcPA4X{lSQ0n$n<%B{Ci!dqt|I zt&Z*9CM+k)Lgh0Ar#~_o(pozc6u`v^DY!~}DvYI*PvxXYti|IjMSij>1u&{{c={l~ z=FAUekOlqjHC5bX7tHFHFCPhRu(^Khx7GFB%BsHCX@%C^W0%+5qWl?G3nBr-KgOWWygDoY8Sihs%bW z2sLeY%}OC~JfT?MYZd{eJKIH(!5nq;LKJjQGJ}Dl9QdqEN3&PRj-xhUWKdf@c%#O( z4AvmB%`^qSl(rD1ReHSWSRQ}qEZW049zLWiGoZTjtzHw4N$y_CKjTV!d96>goNwtU z|7;Ggf72VWblNF3sX~%ri*W>YuJX^o5m-~5e6A{qJMgzvZ<{Z$rfT4tQOPwEJ2UtK zYij&qLmSOj?Ji$n4Yq3c?~Uqw8(Xzz?1*PB^fUB!h2WvXAT7yA*kK}l54@uRoJUZj zc5(3hpNu6Ax!W!;PKQo9yCWB%*okT&k_6aH~_3tUs)U7&T zbQ0zx`jau6FT`h!Rs|^%rbZ80G?s`Y#9dlc-L(i8X4=oIQoD?1En&jWbK8lMW0TLK zPPBP;$=r0?qlrbrtvB@Ro zksY(Ns<+j;ZftTT-p`0n;;r)pE#$@??uJKRwVTyYJz{x$))Zc$J9=Gy1U}u)l31L8 zBYPDVOicDW(rbMZGIrLCu!FlfTrE`*f9No8#M%pAN$czcA-N7D*W(I{4zOUYbO{d3 zyg6bye04n}PGY__!J^=9LryeR5BX}%2Q$x0WlJ^cqAD_N&=RUe`Dekx4Wel_upkap z!G>%Tss(NhBidAIkbWOMgS`ghMOA)z?nCKk#`y= z{?1(va+iJGCE+f+y2};r^6ksv*;BJK6y5mM&R?U|N%S6G1%08I0vii)_%)oH(p2m_ z4oKUT6|JGgEUVsDh8CSR5cj!K2e+z<)+J?7RI0-ijMQth9aDf3&nyjQUj{gN=dY=l zp+4Ld9^onWk_Vul`QNHA#En=s`CyC(-WgPmKU8Ftt{@gO`P*X7_(T16n+P{wvxv!W z#(jL-%5GA@_J0(%a?-lxe)CXQgrWYUv-PLW>Qxkfh+~hCL)v(8^1kLQ)EriX1}Zvi zVpX!JSF)y85pM5c$+HeC%C&dP9hM|uRVP2^`B+ZOen5#HZO_|SW}^mmkSrS#jYnW6 z7X#8>8Yr!NuiE1Ly@`w$)w1Dk;R&hP&#CF-{gI>ayDo>hHv4Z|AZqf>Epe^(JAg&(n| zF(CgL9GqgGHvYAiHN%B9J~nY|vgkDiVxIQ3>cic~*%ADJJ${;tki3Lfw9}5GI^QZD z)#u|;@rORH@lRQ=PX#LP5VaN;3@w z)vMldJ^Ntnz`xfNeyG)v*yw57UifPIer{@#opw-gb@Eeh`nz3xl4^XYxbwrJn$+FJ z#CB>@4{3A%nh~GHTc^sn`$MOUO*Q_jxSD?osyn~zli6cTa;M*W{_z_|J?>ikyKAv) z?7)AIEqs6Mh)<{8aN(Ntp?s}O6Us1U5_0PFC1PMkt(_Z;5S}B1x9dyZz!j2G)Ie=l z^7;fYM7h$$PZsW_F#_(#N~S_Ar1I+mxrHq8z_p_SvAsySR%nL7Aw3Xgu{62dmxyprHP#Z zKJ6mH-F4^d2qQG^g4b|pcf+6UvpD|HVzR}yl|SQo$rt6Qho4(oFOh>vDS!&&hSueM zlQlDy|1j*Ca2SM^!^Uf9#y_Qje}H<`77BQ~bt5&$fodye8s!f$Go#m` z=`OFk%PMzy&Rw2zmp{A9L+-Mu36=gRF{wzIa?R;e8^8TZOubo-g_O1Sb7=j%_vCX0 zPjLNSjup)4;CI=C(l1w+!aOB^tmuGwe!Y$#q&je9%N4ryQdj7;26%sxZm-11=)`0B z%yPM6-xY?bC-WDk{>YM&nwi_#-o8SWdS%IHI@7%^0YZRu{+lp(V&y-QD_h^{y`dA0 zQV?&`&d3Cznx?YVlIGk00}cM9HUToyS-T2q8IwJKE16SF!LbO4*NUe!z)9zmK*Y+~`h`j*rU`P5B9+Ep%A|rPwiJNN- zeO(iyX?PClAMq>bJsIXbAv-RJSa>u3y}*7$YG4^iF%{wXZimoEPZg-(wdIw=~AR%5+?+-LdLC$Eqxf{X|qr%~_;R3{!pG z77w`W?XJ-B##^GQ;jwExzrCHpZRqs&d9FSE_EPuEx68r~U06gh>p^MN5iiDP-D&D| zp}ilx!5jRMY+;x#IPe8BdcNnS=GkYdd*;~JpCDFCTl7eO-0EBXJ>7B-cZFVZq54{r zY}v>qHK6Q3G}{^>yglGSIxXyi7Dy)Lq9NOi{T*iyPuqTMu(m~Z#VvIzQ7_SOv;3kd z=`+v7ulxs1>ZLh!m98?gH`2_jZgT-Mp-NzY#(VMhB|hr`Rigbj-Rr@)KUO}~ z|Az;3kbUa%CI^1x6~0Ci{h47O@^H?eBcxl4kp!CJLt08&cew2ZJ*%Tdi(=Q?Ok zq2$7Ffd(A_){M`FO6lzp$KbV_P5r*)E{cXqgPDXd}o5>>p|lzi)(dwTv2g_4Nrn>6PeziJVaj>%U# z{}D^pmbJdc>r2RD>DnWH)i|4tv~~0>8W%q5nF9K7`(y+B*gzkjhN&77o&W6H`d-}g zFDjA_^f=S;euFoHTNS|3Ft}=g)Smo>T5?Ph)tv1acIbECb{z^eIU5l?u1vvYs)~-S zuqwNEs3z6Y0%=FJG5JA0Qft?a@z(Q!xyJAR-my0nj7{zS1@UPfsw1OX-`w`ZWWUu_ zsmiiZok8y^?Nw&SqeCq|aPO89$i%Ln*O_^?j z_K&-wgNim9H7NRq5j9cJMxzuOoZvQb87Jxt#u1$iBp8(?p#!8SN^o#N zMTyHeIBuvI0U1pQLI9TlE-WgWOSR2tfDr;H`9IIOw|YxJedqsuUw%qeSKa08_uO;u zJ+%RTcWU?^P{%)MHK779g^)gfl{^&wgaCQzYFV?*f60Q^14L0|# z{XVbHauZK1wAvT@^6w2W@R_pq8$56QFt5*tW-GSiW91=R5+7lY(}V#$?uUVNxqMNy z&dA*{?kK}rB)E1q1`*9so5L$P|H8!3Y|?3QFT!w+i3l2puX9GFj@sDzk+=mzcB?^M zu*vv2O^)#j+qBShwQ71zMXYIgBu#JsA;Dkx85)5=-PK_nut9NPAvq=N!olLpII@NI z9+6yz>*Q}Aj(;9T{P zcp;xXD3_1bT~G)m*TKArlTBJgoLyb2%1cc zpcWj$Q6}d7&dA^l#hR5amw7d;n!1Y~pMBk7(8Dz}@Kwj+7Q>Mg!ZuG+-B~ll&$VV% zvz9e)mRywU+!tR9L&Y#9k&gRj-0*X%jjp8;NY!LWq6F|pT6(YUSbtB3Xj?3shi0}7Hy6(p|;8o(j627p(m!85OvN3C^+sqU-?6ts`3imysV z=owS&@GE|X_2^up!)=|DiG6O9f66%Cn3eLPFP1%#{4@HIGUl@Gfm4l-N=MeK(r&Iy z0i;I|9_lA`dAqD~9-7A#pt70WmA!-EoZO!eFw6od_^cSnz%UH6vRBAGigA5_D=2@E5%$OubmH#xlxCO?AF(tQ($Kxn^5V=!D)Bi={& zpbZAUKjGJ5@GpE-Kw}Wvb^=$LYB%EJRi9kLNZfHJ)PLtOM**EtbdUENCa?R`{Px?V z8hj@Zs~WtoLbb;zM^#8&@i5<6k14rZKjA1)QS{ZEDk=^?Vn2dXhDASuvo4&^DtGOh z%)%%Np6`@#L*Eh>NMh8O<9{8RpBzUt0Tq=Z{3q&FX#eqkdym57fU!DESt>U|+ft3S z+rY}8(QCKSM?U8e#G$+>XIRJ;8yQ?l8!Q_sA$uA7Arpn{-Dqi33)!OHzYg|e1a@mw zhPh|$cN8*se0hDAxqRu1PnC`eybUEuS^G7fw|>xP57rO5?1EP(PmQ%-D|}jwK6?;( zIX^XgiA?Af1K^T-Zo50ifMRmR>r`z&Bm;gp?$;r4&9TA&<;lR`eJGw#0oTOh;)hbz8SB78t7oYIFl#e@V44qA)pPpxRFwgXkB(6ipady=Hy64G`9QUC zM;fa)8=k%BWFd(dev;BTs5@Wvko`QKO?V<+et4q1>*>DhXm}pS+Pk=v;SutV3m8%_ z&G77khs0?@O87E)*V}#PF+8_^j(4zcDd98a9Vf5jy7phOfU~3UF?{BttOIBz2%x=P zMnumgX6N<(HXi1uqf9$Vg)Qi0oofNtKwGvRR!Wb^m`q+3~O-(|KW-c%4 z&;_jW{SN{ojKDMsm|x1!M(^`oP9k`|VzJC7W=XBSpBmWDrjHBv*=HbIlBEWIYk{&J z2YxnirGj+kEE%kQFW=SG;0A>M67VjTr$V<-Ln`U5zM z&uH2IGHM7|h4?+UW(cf8ZF?RGCHdG?3=tH3`kWXAmsd36JtQ3*NhYTIH5!+C#{ef1 zMmf{sGW<@OBB_5mO1-2%8JP=tjCUi|Tt&yeoYz)Sr|8R}F_sU%CRypVtnK$te}um= zqnsgfBVoZCx$1-@;arDwc+hMCl zGWf%PV5`cRQ5~?QEDvVzf_cCKf&w&(7z$_pWP}Z5+RI%}cF&Xd@d!5tj@gbfcL5@W zGUP4cb3)w^E@6;{P} zSM_*(*ikhA&~*yCN1a0A5?We!^F0M&#D}Co#{SWOO)* zH}=G8yycWeZVYQG1rdIa*aPb|VK{cZO&KR<0sHYv#Voug@B1RrAI#Q=(IEONx~tYy zB_^&%N1Hs6kNAgMR^{KaiSz(5lX$I}eVU6}aIt)=deo474t~%kb008B$e;e&iA}ih zTcn?&K44ZIO%-5(V&6u_;_jEFE^ARW%H~@W1){wc4crTpAw{we>ICIy9|eH-)5 zWm>KB`_vn$dlAuMv#7~21#z#Rg@2-g|22W%b2#AVsn2D%2K7} z*>Yq}R8Z>5@DZe`n^D;EtdQqZ>+l1Us0<7hbNbU1PUI6t>0LR3v>?tT?@ac!JrcCySFN(gXz?ZbmdX?h#V2adPUix)MGfHL2`+eRbn$5)aAzC!E`K#yQ3Es zlI+JN%6_1`kqA-2ew5J2RsisX=z(54ONs-K@3LmpLa)PGpuz?_v1BId8NY5O10ceIU0&!Qk$3Pz-<|LMtVUv6h{6L$8aI`o2xj~SpU7G|o7E*$Md9(|#OwQAR zIIEOJ#=Jaf;S`O>QI6lSgHGE`1SuaSCtkCN>X!m%wOSGLI zy)o+rY&=)Z znRZ~|rko)b%90m|`SfivuuaO%A+*G>(-5?tDTJ_Imv(b^QpII(Lz^&BA=c&Jvd}!- z!9-a~#orPY_hqHmkVX!nv0tyl1*AFwq*6~jo6n%ShWH|$aNLa^rCw<_>R}!qiHq{0 z)FEB3$D0UzgPFodFl#z<&-rU-Hle*L@NOj_!)rm1J6u+CJi31hpW@K+6v;@OyWBs8 z(+9(ROUnHppu&m%8kY(*)XD)-BtSf9KiTX%iWf5^qUG7qO)5~HVAo*pEZ$n4_43>j zIx2hjO22jqDE4lqyd$Cd`;@)Y3rkKP{B|V?zFm~mUE-dHi^S@E8ori?A^uV!rlnY2 zZdRA;)n(U}Ff^RoX+zV#z4$un^2AgNZF_d`jpf^kOXL-T5nzW| zk!LhWNbP}LgeJcNX$018mH5-fJ{t}%$iUJkoG8RgPvb{F8Y)2+lpXYr(7Lb}cM=rVT|bG{g+5 zm)kvp!>qK`L#?Y7@4K9|Ab?U>^x}D_R)9L#>aoE5lr84&9D`*qz#JYz;ekd@ zdO&cwIGrrQHW1IXBVuD9xJBt4y-|&UitEHV7#;b)IlKm{qg=$gvft>D-`&Gxi63xC z)MMj$zr)mc9*ops1Hs_6VPR|C;6C+v+(2((TRq$&^J1)1r^(_j+btBH;-*M$qRa&; z^33Jo!+@ruj9Rt8?3}7QUzR5qH7rOv8imUC}kwq;gEk5nQ zp^F7V*bVQ@LYtA=WcjiFnvNx{FR*>gUv&Z^9fn<%S;FxYbB#gG2(kMod-=F>dkRCd z=8Ksv3~<`+)${6M7ptx@;-^ayk)>&w8S;ap(UV^&mC2%rK|L_LqdS?!Zm>Of9ocH1 zUHl)e)io~6#7MHs_&b;9pz4m6Uoga~4WiJy(E)6tY`oAX{$O^QHSJINX}64$L>lH5a{1qt!a5tf<^@*WDh>`; zfFaY45Is{p>1PvfBr%s)aA;*A03yvJP?tqMRPK|i_sb||KbBGfmBM+`DaQ+|aqwt< zW;V-Va^XfBcJX0=53$0d>)U7=G@}z_a@OR|{hYUOzJq2an-f&BDYkM#kYH_*2Y7jO zX~SL5&jdNZHwNVzzsbvt-I9r1Xn?;Cc((kc+?{tPFtU#(IGo)CwE_}ZjN$!0R zw5eTvJE?Jx$RcAC;^XfRQJr&Nr(w(V61_V`omo%`uNb6oKelH3_8dD56-Y+3XV~s{ z{HQVg;_8Geb!1hv%kEioF03AG>Ll3~4{}q{%J8AM;rJ}fz7(J^wkzi1dne3F2|vLA zs_l7y%TNK$$^3DXun7YW*I{hmS#wA+z#tSO6@+5AalEN*DF&{9nDR&6s>YqtiKaNQ z{o~zQY@xXoD8XP2OH$Wn@EWxgI$VU`%2?=yQ}oh^a^R^X#cp!%Az#?@2S2xyFz7c7 zLs#IXfg}C$p_ci&pQr|1;HoEffIEun^_xkHII61_NcCC|IfYIlA9C1C2|tG_PTk#N zk{7DWm6yRX|0{8~ZPNa#nuNpQo6!)>rm}MC>hwbc;L8uaC;?c@oVG8HFECra8$7hC zfD-(5qy_Oq+{~|xP#EjmwW_OWzkq}Rs#raDrPaXH6nbgdo)yc+jMARtPSt7hjzq_n z=Y5v4@@X(1D5nr$BI@OIT0R(HJ}S>_&ndf=dO4r(WvxfzYKaAAt>`+Wf6})!Q|6=c z%JvLDk=9nNMYeBC&&5V&WttaK?`TacsgX(RwQ<%ILn-q73W~C}OUo1_+=JP5k~O`e z+_k2v)j?trr_CXCbw}#aM6cM=%9t&!RCd5MEU3X;ZB*_C2$(tx3wn!rbD{l37SHxv zDZ2)ACSNED!>tAko`_53(#_}#iP${W;|H~DML%s7sf`<5$v?oO&6-T-u>ZdUw1yv= zH)kqz)`yu?fU**#5R!Oa=gL&-0IEm6K({?sv~Sa%kh2g&$RhFc~6|0WkbydJa$m?*X2h=)&TLusBtx1&R=By{xr%p ze>$`aGnj1tluF0UA93JThZSmqb=-R$CR3=z3WCbHpSlcJ5k%a zlhCo{`Mh-wl#J89BzxB=CepQc=j_n-?%)4mt$)PTYR}$XttxAKcXRIqdso=jcN~H} z#>w_hG&6Cx36utoqwLtmhE~fHAQ);d3kk#E>!cU7y+gt1*mo1Q)+_HZ!QOGBMv}d| zhlE<*#@=Cc^|G+*J1!B9#(YPiJa)CfO-yIGWZzLtS=4tNH43Ai-x8 zUp~=cy#J>;i4NoX@ME-yVjxZJYB(+XX?##!EbF3%B+ClcaX|UaPb?)73Gg<2p|-5S zn4O#_?YKtU_Ou-1TGof<4eExcCRo<-cpmPTU|H|rqiysK;e3h0*}frXBw1GKUR%pr zgVpWuROMKfeyT0&D*e4-QD{1r8y-BUWqoCL+W`wUk2aEjbS!7!+Sai={7%=hy36N! zjSrS{7Hhh=xRw;ZmHp6Ll+jBQ%7O9XSgv#LF$9WZ`R;yUBpgfEV~tu?LKLT5UtyQM zC|As~7JrgtS&0zGv2^G6nq`TO|mCWPz=k3KES%bH9TIf#gi{c-^>iAB(uE<*J{ z5nd9DbdDCGuAvAoiA7=^5tgxELc{*2+mis7UVwWRUnUuR&zlV1IQ#I~ANoClOXX6c z*x-D10cg?;6^M;DvR*04$P;29$Zvhw4|7rmrXpw*4SAGxcFwwsG+yTEhnK0&*;gTh zbwO|Dx89F`KDiCatNWaeG}dFEN8;-t9r5g<*9k{jrsZ3(SA^jTWM2Ds;}a=P<9zqc zlj;pl!Fe|F%@;2tzqn_`f99lMZ{bKCZ-EZHjh9AD|KWT@upV*i^xy3=qWXxQK;I!HTw1o8<;WStPn!A_z4E z;c*?wO^!dcgCBB%Y5cB9hG!7rv2N_n#0Y>1CqR*zMJGnc^Gjj`KNBN#H}kqPF+#3+ zV{TduzDc(We0L2^AkhrMXZ>>c4o&~=iH-jP`rj7C7o1=oKo~Ni|H{!9D16g_1JAT! z2U|at_#j&+KIqCc6xm#3PT~a;A4I-$9xN7w#~BF-Pbb1t;}JfjeEgr|#}Bs&cwY=j z0Pm3eVEpq+#6JTDJRPjk@*kbU`XbUXi$VU=biQe)>TT*Qr3phSG{xPBN;So~3}n@J zZkEoSd(T63bQTZbXE9sye3IyuD2Zb9VgGINHz>Uv$({`MKiuVGG;>1FK==5>4M)?E zV!Y2FNCD@Jtmr9j4Ix~i#KaAYE+vhewYe}8cZuhMfFmKDN=PR~Ayqet@M7hgNQ$JI=L21tacg;oe?br9D*b!Rxxmd%^3jjA`^A~ zY(I|ZLy#e%$cnPQEZqvGS(l|@>h>UWa%41MjM}5&PJlO>j}X+MH3g5;LCEs+cTaRe zJ`fIM_FBFS*jq+U-xXSVOjuQn0@L@*NvZaH{QVs4SSY>3X#l*I=ij?fR4sD-<`jBM zp3$_yakkoXix_1NQXan);Z*e!Y~GKobNk*C>w7jET)_>Eo?fhId%itc+C3J(B1jbA z>mcp9zTb~@k8ICR%Q+xOCyS&!JK2nP;Syn~Z>bb;Yc1m&X2WnkI~QzkHy@#lhg(U4 zR#Z0t>!2G5I5m_cpqkhKVDSH!FgRZi0L50r{Y&Kc zn5!Y{uv>%`wjtX!vMz9fXOP$lz=p|T-jSN%dwTr|xsmQl|Bcu;3eIg|eBmk;O-xj18=?e&mI*ILke-_ZbR|!fR`)Fgj zhDm~&54=kkx^nvrMqV%|{bdd%?l0Mp=tbYy`n4J^!Mi|)8kAMelXdW9f zJ!dySx@^yZ=XJ>+wyD7YCI6{Qa#DbjM@mTyK?~ zEz}a|RoABhbN+rN0(+PQ2uIYI!`dy2&r;eSJ{@McGS{F{z^BjHio(>bIg4Yp@m zhMV+p=U>DH+TR~MKZ>F*f3fip*O@1cz&HH@XDK=xdzNu#=dXI2ukFz-TmwWNpgNY~eplw= zkW}DO4aX2kdc<$wQI$f;SJ0MF_O0J8;@@x z4DMHpk;-wJf-QA@Sk7)CoTFym^D`@09i5i5bIcooC?8;c&8HazC1BW->!=;E@0Xn{ zGLhOyWXAM%a_Fs9{ z)tP@ZSJ!`=!J@3Wsy>XGE7%Zgt~A#t*4)6CY1RFk&JuI21HksH!DeEy!(F_s{JKt# zZs-L!?%BT)`*|xHR5|QYTWuiSWaT~<^V<(W@WOu-&DNa3Ql0P*^rx&Gn&gGlnm7`Q zQpZTHUdNGKvRlTLm%LsvlB?J8B&T#bjUWg}{=nP+uSs49Xt2!XrM}0LoGKPoE|OgD z;I3>?MPpPKWwfWG0Z}BGn!r(}2xmA<^KW55-qVCIRwMg@`I*J5`!RG^eN3FkSNsY0 zCot_i?}g{if$PP_?2!xX`}pxuLv&;h*AU%)hZGuh1`N?SH_oqzpTzOkKY0?NN%lAW z+r_oK0>-F|y1f{~pg4&C!qkF>7URe*jyQ58&REFjf-gnEe$0N-}*W9KW#C8B9Io^?B@rw;7$wYcoSDc1L1xk_ zX0t>g5~$rh4yL&;n8%<#4UhJThka4FQNbFWc)v;!3TT#z4rhp zGxVQ$FY-2HkKAJ-XQIYA2f zMt*2d|FJy|hkENrIxA-M-yP{yg*0a8bAw*%vi{41{@PY+;38x?>)(P{%h;_@LBNN0 z67cm;o<{hSaV~aoerH2G&cZ7f@l0Au0Fw^nPVv|7v~LRt#KPXNuT4%P+z_xfwccLs2a^8B@zcDmH6n#f@+@2t*v?y(jx;#if} ze>vZ#$y*F%gZsCbAIg|GH6@*|>j#@H_1~upkx>O(%ldQQ8@32~naN-3Wk^A{2-3~; z-)n>#;3I5ueT2|9uaOF`r4A2~*S*E-pMD+i2Jo2RcY{jAO=57=n@$QOPWvema6ur` z*^b2!P$0|I6*cLhe#YTXqD1C8MOmQj3yB(#KwtTOR!(d_f`)^p=;}{zy1I&I2AKxQ z)AJCSLKX5^z!`?t@toik#mz{*J{8)~_WM}}@9&{s*x%y%A(`kVw+Jw!e-%vHITEbE(kin~sx zoA@ldOh@$($l051D~PM8*11MtzI)DKh4f=?4ed$HarVI=eZ)%vMSSIWl#d- zoR--vKS;DOUe4U(@smpl~O=N77?uqqQxixB>a=xj3^5fn8e-Iu!~S{6aQ0J1B&IG zm9cF2GP+`>yVL9j=|~ApxDvy0l&!Y!f4a_M%oXPkgmH?)Wmg(;8*VQFG}Tw57~&oZ zl8Xv0&zOy*#q~w-OpvAVvLXXnHBM&R(Qd!Q9!|FoGGEx9lWO&bihG;*MtI58YqrlE zO(z|$40Oy(kBT?xym4;&xa~fbU$miO(d91p+%0NuxCOi7N$99->#b?{t;GB1H&m2x zt6J#>8Q*_Hy{Hz>MKx=N{EQ0HgRbUcL&Ynkk?lMBje~Be=&D`p5_hZGovKPzSK2)K zds-62^A$;04^oHoU}~J{$HOAs3n#>#9lZA*wN!iuZ*}DiNN9AR)WGF{&n!^(+vA!?68o$$@WY%Q=OlAk+P5=Tm=!fpx9PHp?u-}#oRrLVmao`01BlSGpbWxYpi2qGunmp{BjR7*{ zGSRrPnZlE?C$_Y&PIi9FyyI)Ox*dHAC2*!lf8${!`$*qb@HoN!*u03%QG zKv4JnQO_Ag98t!wWTHvC_raPr8+`h2q({bRZqkI(WD}U2 zd^?y*dV<<)fPLlRIa+SydqXX{xuN>RMxCkYaZ9p+*cNu3feh+J1>qkJb&cGS2+#buO-wk^pQjgw(kE3vmwOfrUCJfp@O5r~xuR!!TVd z0o7#n7-taL72~RO;i)g#D;Eh+Et`ivC*>hRN7Gn`g2=s6flI~S6H3oSbmoPZg|@SK z0bBtp3r4LhUNOqeLs2(_9%@!fO{;7f?kCEvaL%4^w4zXrbvBIP^;~~+#H_e(Y z3~R54LWu*FVY6Yr22ZGcXWykq-L~bh3PKIr;!*gG(?P78~|;B|NBC zwSo_A-%(ZS=(Sc@NWOE{KNJ(t6`f3ws74wvg+G*zX4G_323U?agvQFUfBw0kap zQ*-iy=Mp(7RxGMlY)>qizRAK>*j2-;NskRZwc?axmGDPiC)x}2@=w~F`(!m#lgKl3v9UDvLa(Gd$x7nP`Qn1lY(l`EW1 z!)lCLSJG8!ulF}b9UuGst>-{0Sq%=a?z{ZoeDe;MDI90p7;if4L_MDNM;@r{X0|3m`)zU8>6W6|a0 zM^WUFIF1u^%lGWF=Ok%viv z_|Wd0ztVM)A+sDM2|+-)7veQQS_?QgsFQc2iwx^NX!=;zmpRngLtiJ&2V^>RPaTxz z(y)y1Xx(7zB6Jw_vFhyn?u%rqQ`>H4JpY$bUHgz|wm6>fr^<=|3GZ2+KzQFZd}Dd8 z#YJgbg~q%%LE9AVv!02gy~2dF2X%l+)HTJ>8gK@E-iG>QrK(h=&MrYEP*2Z8@dHG_ zL>c{y4uqfI`}4Bze02o8i+ND61bY*cSF7i=rrZTs@RcHr zE+Mc^!^Rlp=K)j5y)}3&nN*V6Wb&?3_3)@d{Ok@3(PHkd(sS@eJu;;L3{sO&PO}SU zXtPjGQxG5L#7|7c>2J#v#q-Vr0!M9nVrf*)aGnf<7C{jpu!RzWAU|W?*$liD@2n8s zS&_mI^yQeo>lJDhvfTXn$zPyVv;$stCF46d>vY_hq*F*DE3owJLTIu5ph{dQjJpDq zIh91Pd>dEE(0e|T11NgQb3uXQLKE8nN!H2L72;&lXnkxmXm?vlT->*+=g4fze}%Ni z?3C0wMc1CUNz|VDdr3o-uBAspai8ED%XdF6;aqV7+(ywv_*DIbh+)jcF?in0BEH0X zDz2#9g(lVNxlgovhG5_G^OcmzGGJe=u&+>}0V#@M|8s(&XY{~Rxh!z3Xt|yA6$*Qy zH)vB0I3lwxV{Gnvc#VX4d9WPM=%RA2&9sFxF*f4#I-%g7aC(v z_;s0=}4hT;M z@Gquuh@$a#67ik0&y%_52VF5NgfW0bC!MkJf%~(u;*+o*jZQ&+8u=h(hEok#?4vzfSYS(IZ~F#BQiVZTgp>Z5w$R2Rd-qY%E(2}T_zqP5KPCf=nw?_CP^EDs!L zb&fc5Z>w{L^=+$D+}pt^pGWW>gwhqAi`nY~aq$k>Zz4lZf_xBXkO1Ta3v-mAJhk=< zQ3$~|+pvd25M8GgI+;$J=PWrvX-x(zVo9YQJk#n;0b#D46z7R(ArK}=!YDR6&vpT0 z{s5cnGNwKH_$NPvMiS*&^N6QW0G@n9Wi;;3N1~q6OZ%^=T2VUCUwb*WsuiT?tSsw? z`|h~!p0gTXt+JQ_Cy4Vy^=hYo96;dIcliHX{ErNb12JNh(!&PNouP|4_KC+V;({NlxGPmAa!-ia52Ce%#^Z=Af7RaaRIe&4Mc z3y^*RaXMMnEDWHrx9Wesu|1iaaO$`}TLBnZ5D=&io2o18Ynaz%Q4qv-0|@7|o`jZ$ z4oDVI1l0PQ5-H3_o$`9ZhK3^eydUL^4{yc8Fc(kd5$Xe5m__GuKJSd@&dr^{foXBN zO%aOG-_FaNtNiipbZ{%Ta}=dNPNQzv`ij9|Gk-4+7UP1E-!M4rzltj4fMo=&f&p+^ zCZ3KbnnSSI#c<1u;4_w3B?GuOPQguULHE(A?Sdvnv4lP{z;bzqJ(-smBmYtf@^e99 zvC$WcF#bueb>y3?io~l0OpcV~Fo1JE&^~J2t0CgfZV%fP)5%yp=v64oVNrTrRbu(->qxJwWG!&A zyt%jt39V4_a#R@_Fs!S<7MUOeAW>hLqR6Z$O($JLDM~DQV8m2KlH`my{GSZLP74NB z{Llxoh-q2^_EeYP9L6{WE2>tK``gzf*bCW>l7kjrpR)yt_sTh3x(fz<6-i5JQBw|87} zl_8FIaZ$JlsuF{?V?4BP$SZh2X#Ouz2AdodToIydW1*rwF`SKK0V0OeCFvEKp&0%p zyh37Q?)RP^%&Z_SAcNI%ov-ITQE9$LH{+7cx_&@DWR0csZRJ1?>zFz;R2LYWyUzb` zefVZ+-<=)~FTrs;2*6*VL<5u&;e-y#Lzh?SL!!&;vNo!be|X!~NRsTTqVN+EYvZVf znXl8dIF7*+6JEU$|LR;u&$za46#|};B8(z15b-cM4{3piBr@6~;ur1JQN7)iJnG521}RX&#OP2(NbyRw^4aIggR8lu>GOQ5EhfKhY*3JZ)OL z#cl2HNv)NhikV@{gVeJtv8}F&v!NMizgkZuFp3nwK`MlPGLaspj2;-MvXz{fupG8g zaKeG=(So`K{RZoA?i(i~735m029ntLL4SP+d=Id0B%}zmN+&h}3mc)ZnwPtB%*j?k zFn9H6d?z%Bu>xs9(=vrCIav8%^XY&vqrqGq`P6wM1>V>*3F8ynzaX)FG_M509Gqtj zACSA`?zl7K%LcQHu9@VI^D$2RMYcINvDp_n?zw*n@cSo=oowg(ssNS9Kn}=l$RLCZ zzRohJN@xCr7%-^wB!?vzs%+9ahXXyf3a=V{s=szXM(BfzVD$iyh_feDDJKIeG~t85 z-)L~2?&R7jid27zeZ zMm^dJuiUzNITE3nxvT{;$WRM0z$WCS1r0b@It1?3jaTZ`=@|7%cmfK@7>qsb4F-fu zDG6e(Eu8~r0X|6<%U6M%b zvhzDZ+(j&Wu6&C6sK(KdMW^d&BAh*c0>L;yCduOzw*Tw&$3yioS12+2J?jIdcu`4G zpuo>6P;p;@@vlDu#v79qC<)%<==LS)50!|&?x35MvnLCy9M^K)F_-VSQ0tbz}cM8)(J-C$_l)y?s0-qALf>Jj60NHkq#W? z*~hn|E|;Aixy|EOU;;hjw|a|^TDM??Re8;@r%vu`6nGwQ2caN6%+`gIZUP=?RTP<` zo0@Pk`_$hp;D{iO1ilePi%)~AG!6ajzTy!5t$6ik`g@de2kr2@BF#_>Bt@ne6j4_3 z__^LNuAR2*LJ(1gL6Vecgcm`w_zX4+MjS|i!s{m>83657k52r~6^X_$lfr3s8=QKc zD8OLkj{}AZqbvv2uz6lPmV^Dt=54?cnTh;<5TfPqU9=TWlAo0ng#`Iw?GnQz5yXPh z?Kt-=(p$8Z&#+h!dQn(FZ`AB6MIjC1G9ojSSPeC_fUp6_K=-U3uN3Sc&h|>5RDKjI zCp!YpmHkzx@wF%(7>oQN#=R28BW=8+1a%WUMuh|o16F0>0ILjxd4v^cX;?|q+2YG3 z!irwu1`p^(8AkV?+>@0})(wQMQwrAu8dc1XE z@;XDuZxRR~TtZ$_5n#aG@XVjcTo@1vMlVifQ>Z3y+e2mZaR*05d8f|5b_121IGat% zc~!@le){~iDFe?_!KiFWJCTI%<gQWoND z3rY#?MVR1ltG!CitlP}G&CVSs>e;02Ngv|U#x*-s?thL`UiEC{;o*pCCpit&p(e7xPl-BT!4?GOt4yiXxj#rwAUT3-#Mswl)WJb*{ zFyrw!W`O95A7~IX99+(b&{BY$OKnS!CWu| z4X@(`7?CYbA9Np?<1$)b>1K=Md#eW(pfF)?= zbxtQYqmVc+?nI}HVx6L#>JDV5*d?}q2HM8}FcQ=NzFrg#5WNg@@Bs42kwlVc+>0qj zdV}*@HvX?z;|c9SmvlUI8J)yK$3roDk4AoeHh4I@k2Wd%?zoMQFLgv_1X>J!Lx7PJ zET=EU3}3Oqofys56D4s5F~m7LZcvggC>HR5AsPwt$OE*Zh|0j5V)v%Ry(yO)OK&KP zuBXeez|k0QltplNxQTNiJMP`}bAFdx!MXUK8cy4t?l|T#3N9Hh1Rk`w8J$WFFn(*Q zFg@SCD0L{JQqwtw!p?fk)C;{p=+^<7zSJK5A1j(KIITdU2UQ{$fonD0G|}-v^{}G z)u{!EPa3u+D5N;uIr|0DK%uR^6oh>Kv-BYcunF2Kp*GB7)vo71J{NUW^pp@zgBtHFYK_R8za2tv&bAJClOh`t|olVpq z|Kyp(G~s-;0VOi9CH`XY#Js}lirwDu0xq*l8^8z&6-Vj06x;D7@Cs|2k#9qzhjzpo zY(t>$2D2a=0%{dxTZIF1H;jP_gxJ{}mY*pOk<$de3pa z9S8(rIYxH@a|##%4+`*k2YJruL=)`i3};kAOHRjcVWHmsF>dN8ik0A>_$PN${xA@u zg@ca*D^IHwlNx+Ygv3AnFv`{aON0?>m(@XelW~^jjsLMWyjlFL@a9JFW=Ca|H`!z? z9v#0?@g|EXW`j4rj2Lg^q1V|kN;L}J==lu@CCg~8k!Iz9X4N$5gsfWgw5k_~*z`jR zq)Xfs%1z9|uXI2-a=blyZKATanZI(!m%r+Mt;momtYyJ0$bR5nBOFI<_B;s%R?$Tb$O-1wLE!*&GMbi3(8lp0RCc;xV9*+ zLvEdLL{xf!C=_6#LcLm}1jHpV=pHVYVl>5iO~uQyLgaGNDZ@EjgAMGJeO0?9xwimo zhX}6WQqQ1z|Q-Z842)7m#TW7!i6xm*0XzbZw)bGPLcvmAg%cR|9=U^BpbT={{ zM8!btcp%p@9%ph)r<{K~N1;&^S(rePpQWageWVP-E53pPq-mcl$zJSL_5w085ok>zn;m{ET+RzI65V z&(IbGw*&sFXGtpC^YNM5guM5V!UiTh=uO8<%Xd#r)Py{DSJZ^$;2moEHh!W^NH!S- zljd1@WXy!fL$CA5U8+&xV+IQrl6GJr5ei|^i_fwsmS}OXbVAZje^S-Uf(fC>{tpg2 z5q~I&cnR&bla>i@$D1aR0T>8;FG#OGWv~*=)X!A{l~NqfFRs){dLl6#Ir$9m4&9TJ zi?YN*r~&zo4vkT2IM1bvWW2HslJRYvw;n&=wW~6V=@83#`%CDORBo3Y8Rm;Bi@&X} z@M`4jPt+(B7B5T7#6my_%X8Zk&*T6WHsSqT{>J-x`aRp^2*dUa6Qc*p)X6;+1ao8p5I5~OrMsez(@XD$0Za2a z)K#fNjo@Rp;H|}`aw(+=n#oNpXuCq115*^j=*0P6{0&Va$VYj25A8P!KoS_J2I|$Q z#y{TAP`5NVU;1NKqL_ufPURg++g&T6>QcT~4|PhSb=+61cHW?H$&$hj{0#idu&(XtRb)yeOpEQP`O?8^rDgx=$q2BD&2E**IS{#cE04Jz|tjz z8X-SQcDfqS{@fW&fxZH*);q99>s_Edy*q=w{}Qo68ONnL?wj>J&SwXWODO3d!fp&+ z0D1|*Nas8R?r!53t|y;Gn*ul?-8$tX6dSyvJfN|bxQ5$RV3bK`%lKn?N|W51RP0i4 zF1uL?3kab<@8Bvn+lv$3JGvz)Hv1-rMJHeg=J7W~KB?YWx*joI!X~3?6q{W&>83=D zM6{t55O^IDLJUS2V{(Z}3?>aXJrP=&+d!;l59YCxo`4JO-Zrk>+~pxT>qq%0vxjpOp`n*^!DyThMErk2kWb+Y5PZ& z)Mp>4M`FcD3}qOiVTV(EuKv?%1E84x8$#}BnFT^4Eyk5gDc#V2wm(hn0;R)qu=bZ> zo4xFGTKFy5>MDT(Tz&cz4=G~Oq?q=XAExfAqG9eY;A%CYp_;Y}4d8|d#vImJXpeuC zuo}6;z3rKFxNBZq!$nhZ!fotMkGvUdhSkXrRz1#q&HgiSo6q44brKFjmUKC&8AHoQkaNGugRhBdlIJ z_QJ*No$P=42kFw@o_{s-z*)2#A>z5K#-E6Nae=8aH|WEQn16^%34OdQ_;}ffS*V>* z6FySAhOxoCZG1YebO97dRudtB7?~k>RHs-R?HcUZSK&rvUyi))RBiwc10h855v>?L zb{>}W#CUIqfWdexQG8K{e)Sc?D2%u00AW^zEs1cJJk)sCXwzAGgH5<)f0?s%Evn?< ztVBMxkW7}3`P!bFPSS4oHB*&{iQ9b=h;I2hJS1-SUGRvf59Bf{-o;J0Y~RhRl;>R@ z)d$-%%^7G*h)v5-t}dmC2dx zU_o|4jtDSr*vv<7?T)WoMaK$gG?Wf0-w8zq!*@FULHbT*{mI)R*KZ<3{3C|6>HIU2 zAwvbIKCO||q-NgrH>^y(P3f*d4UXwDA|%yxZd(V**eQN=OddqON6;1~obRAn&$bI% zEB1BvPw6YBQtg<;yh)gj{bl~zvj%!cAM3AedC!CXzI7GU{6|G(z8`8mXJ|?aNvbZ|{Q+6k^T37gnlq=A3e0SahTaKbkDk>^(_|;4Q)=%PhCFD9^85fK3SZ-dTKNY|@r{??BngyRw>b1+m% z^5}R(9?>)-y_oL<>bQX|UOjL>kF>-e%Pdg0a$gsB-xzn_MUSJDI9-}WrQm1bQTy=Z|YPCm|8O|JELU0)TtU#g`6Oo6q zsT^yx=YWx@=a)J84EOmb9ZAF}>I|5mbu=H$(AR)mZQnnn83|d)-Xu^Ds~ao@D|^f; zu5QrE&giHXHA=0&X)+grj zB_0(aa)f$ZG(e@24B3b^l;zzlM}2n~$g1R$at9L_%h=Z!iD_icLLoS%L9JGb5M*)u zsgd4Y`+F#I0E$AQA@IV@u3$~TPk{{oM&^%H`{fsDYF?zNc~Jlb0Ox<94v>jPwgGsl z3NxIS507W~4Cl#&-<-A0Lb+ho?$QgnYj4U$91mPdfgE0PC!GY!aE@4VXqvczQHFc? zN%LFISTVe#m|BYUnwOzR`O9E@;iRTL$v zB`R}JOp9G&RVKHdBdz=T9;$Wp%GUWu2o|VYxvz8Y+py*6#GZa71JFUyLsK1$m_g{l1wzb_ixMI=Cz|2hp3s|f{ZE_u*)~RGL_+Xg$KoKW zK~S6vu9R;-ohwD0rVlY9?2kYF+-5w;q-rMZH}rUKeF6u~sQtzLH=1AcZw(&@i;-_` zGFRoBt1I?<{S!TSkY``sGSpm|XRa8E1j}o`M@SfcL4Kca@~tB1e@YNZvh#Dl@rM>r zs;#sZ84jKyj#ds#blFSQH)i5o2?MooL8>Oo8^-pm@m}Nf@h~1AmKsD14w2ETTE+{c zRar4eEiB+^5VPdc%v1X=gDhTo3wZ!9f|KDAX2?aFTtqoAtr<+G((*XtSi-lS7sx~f z`vcW!7&yx6-O89$7e=rw?s;Anf9%l3TbE$tf$9>Q4Nj)6W|J{Nqy8H&JgUR;yL?Cw zHY?QN4K4GA|0OFB_#MHPp#;>B+v2-{?V@(~%>*2E%w1I*{gbZ~`%N300v7C9PZw|P zH$wgu`F%bl-EsQXAIg<-n(jXemgzj2a}y5WX5?(R``UQ=mtLUEy)_E79|hWf;GcAZ zqT9T&Lbs=QIRxD>ScLncMzG>Q=evu|^{#^&zsY@QpE@M&E6oCVFH^0af9O`BO%;Hg zf7C4UihuF^@}#JicHDPp_&n=a!1Ap)WH}Hsd>*iHChn!4Irphc)qBvTccNjt=oB!? zzj}kPC9Wsho^=NXf^ZmI;UIb?goK-P-Z<}9y4!Ln3)F>xk|2n02E_6Y&|Q)E7OG#^20yp*mY(kZqS7!)YfdpZQuC#m*=ku}aU ztAOB{Ks<_?+{Ey+5uc=QCR5ypi6`Qd;+!C$!>jFH5s@(LvzLs26i`RQL(gCnF=x~L z>kJ#iS>!^(hoNm+W(F!--GOKJ(pm7k26PNoBYIaY^Sw0ZeBn02d(wrGMlU0s=Me^x zfMXYO8YkT&o`fO|&W4ph;817U0emzR$4b%; z7-kdCi~{0)7`KRb_%x6-pHd9Mc%7?5>{%K_OA(kjN*iB8ywDrPD_hFod8DdZk=7pG zvS)+2%3N*DmqyoqO;Wb@IRKlrn^U_Scf#u$jZbMiA-6jsM-H`1u#In>h`hO$7z7Qw zho3H{Jw+JGvBUPntSj@=5@8Xl~2s zE384`(43Sj?5@i&LUp>#Oj{P2oNsclCECBA$VAPmHMc2gM;ZuU2O3f3qC1`OJ#(=l zXRFJZ>T;^OWH&-mZ%CZ6CCTd$a0m7TlpRUj@K67`gDxJ(u>*HxKT(J;Fo!k!`H zs?*3*Ly`6PY)}xLj?OYTx6W-EJvdaqbP^j4TT696g4;tb_oyamx0`~G5p3`ID!VvfVlQwgHM4RW7wl`v~OVdeB1NX zJF`*-<37ho-EWvXaWre}7My(QY}7j)Nt}!}`-Arm`T2-V>&+>QL>Tl2cCtiJlJR-8oqgJEBr3fnaPRq9p|qQn;-x)7;sJ>sIxxU%QputLwAGurCE?n@48=+&qH2gy5QukvE)fJB3r7)g}F1Ff3_5 zdQ3lTMDVF@G9HCFI^cWP6mauJwcv>HC`$ysO66*oFXld|);V%l`lnBZ?~6cKFGYL# z!kb&tEw$Qj@02Fo-K74IOlD!;pp8Aud@F5jK3qr{)a}x>n7J?3X&j>iU$_6Lfe*7{ zp)pJj&If>KDBOEcIkz_>1p#IOUi8G^IvbNsu#9kJI8%EoD~5W~YhEg>pbYJ@etrax z3|4j3h_Ve)T+V<6Dh#k>2+adm$jId&=Y#3;L(dCQs7|=2A{W%5Ci$(Ge_^h3q=)fY zlodce=%jIkd|+li_`tdZHr?@ktuocXxS~sX_PLFvp75hG?bfa~=vBkUAx0Ro+=XZ5 z=kd49j_@+bADqxJ5U#p6&^@OCw(r@o>>g&>c2~4vdz>$Jeu3}T>&|qQfLmqt7+nRV z5ITVhibT;Z?>C);gA((lK8I3ZQId`wPyQ+SLM_o33A2>a#qmtIL+`lm`-x$v{Y`z# zaF6?GwLZ-{P8cxyB3{I;oSZmZx>ZjZqnVG4EH9$o5LBkRnobX?%UBE2&01nidbZ2m!Aay0^F{%glJb^e`!SE4wkOv<-^jvX7G(LIO z!rQVs1(X{lKS&{UZVbxv>u!_v zWZ6EkH6Jbplm48*q!@qfs<{1a8yN>X$o@9lbN4etQVbI_if(r*qId~Y5r(00C0cnv zUaw2lboVBMH_mnImB=9li{+bkx11CJU-gN>E7-G2_0?3y#?lUX{IDw;vpkow6;X&- zsxKsthu>p}CC{?v`&5V}@_}j55m5agXQQX&Z1Z0!!WQN_f`|*vYT~ zyqm9~jZ(Ebtf(s6J)ulXZ%H~^CRhTybZ5OBmH-stw=p+G*;%?Q#RQTs-V#DM^!NhK z;U#Xs0(8#ij4p?=R)myEI92vUDPj<7a0ryA%JBWlC4yc!o2~__i;;kWAE$?t1Ntn0 zSbIa-i7e;%8=xJ9zad_0bmt%_Nk7_IF4bV1!l{JVbf3S1=iz4%v~u2E085a9yO{pN zJ}2k<0j|?>wW^kf}D}bcZWWhMo4fVRv0(_1-ZGyxLd>9?JHM zu9&EeT>@E>rSYgBUHFZwo+Dv6LYQBJYGaCAmr}fQVJt=IelQ^NF{wraj_ocWBkWsy za@25VyK+>ZYQ>PmUC@S zp`0ty23-=g`sB+ba1#j{{0m?HpOB!{H|DPl)%hn)Ci_g!g?NbSXZDL5Ir;St=Yvb* zmWeY^vNx-H&SiD%7d}I(`_fhQvmcDBel)93Pp zlUThVx%vdDzEG-{O+eK#c;JK`=%9ro*Sn-brJ>H|^SIk%wkOK~==a7PS?evrl}AUk86Ew2Nvk-#e6 zL?poHpS+YTZg;;Oj08ZEU8OpI>j$NGO8(YcVLl+Q1$aFg*ZVLl{h;(@d4(-X!2nXa z267rz(hR8FNLa`aw&O8_t1`v337Gjp+%av&_m{Rw`qlucBV$D{G9Pi6dF>TGqitbH zWZ?YgH6VLJ60!;UoP;Hu2N<^-Ri~KAT+Y*tlq?%FTiO1H5Nk6-tj*31TU{GRH`hWT zR5;3Co9gBU5wge7bS`}d=cw@IJ4VZL&o6t-Fi(m+By32a{}}A8-5z8t7eO`tLzf0n z-At%>bhz}=C{z+<0cbI(-rb_0a*E%g8p$L`&ua>3Vhc%oeXRM7w+WE*!KI77w0`U;y+V{APYthE0lXVfg!zn{O4Iw-A>10L4$8?92TCkI zLwmn%qAI|PimZjUU=3v;#>QA69dva1NfEjpz#VX4P8YG9-LHVJT-8pZ*A2<`N68mt zozepN!eR#y!IUyeqx;@e!UV|CALU34m9R}4mSQGcKHRB9rxAQ|8Zj(N(hKC?bBX-A zGMQhhf5;9QhyIabOYE>SKfYUlBkP%oOxl4@x1ig@*zGKKo5gPDv)fmqLX+4(^LIl) zXc8eW0ZfE|R1Url4zwUbJt{~*7~LLgqsGQL4|zFR3VvQ^c%m=w*P> zCV#hI`CA7246@H47acAkiHU(P+Rvu#PUN={HurXGS&I&2Dnyr zmUvZP^-Ok5-W;UdA|S22s!MOAR~0B$UX^6cF+I6>2v^{i4RLPK@f=ahb#)L)RKRmI zt9!QGrre^Q%Bwm|Rp0pMxZclT_1xs@3vOWbr*-wkh*rSy;YyqOlk#(${SVQ+;<@^r9{rspZ+|24 z6HkLrhq;011k1Pt9^`3Nxpw8$GsK@fDwa9Z)*1!_Y8(4`>=j*$&jG)~dtP7dl2 z4lFKHexT!l>ikS*C>qMC4s>ZGj8152PJ{ErrxKVt=bs?LaN2JG2aWCrHw6ES0fHkx zxgUcO6XH-yhp~V0*Dmqb4o$U(S71TuJ@Zjn zRjk+-96hjpb0>f8iqu9EyCo{l1(2clIKQ!d%Oa1lR4PEsg8KFq+_Uixy#kI9zH~4G z)X2hbTo~PN{{^1MUR3OB_J^AIB-GN;KkX&l324Jp?dt*B+5Hu0ohtSRN8c-;t-+Uw zxRC<~SNx&V&^_?z06YL%Cn9jZlv=GyDFnoT*gZW8feu6fwC*clf@m>lei8h?6tNb6 zsE1gtmNfq~W)4e0tgu>WPQ?77MR?m5xeHO-Upu@5C?Uv!1oyQqb%c}}+A)p3-tfr&>6G?_!o!U6TyT&oz}IYEiLM@LtVaAmu>3u znYw%|7nq3uzx8SCeFjqNA)R=hi&xfe@}y7Mx1zY zIB1Q87fPRYebt@_CKPmDX%c;!t1eHe%VX*?Q(dO1%Otr#pAyE?F~5O&!L1kxXBoaO z{_*_yv|6)pc3rhe#!8H4kZ=xpI!1cgGjN<2=;1rDJ^$nfIUXg9&+rGIy*}m-s&TWd zvomvz@&_m5WvcVgn~1Un-`n2mys+mdd>Se(lM?3e`!5_t5hOq9CguEbK^9S_{By+p z8g_cz5(_>GBKnxLUh_OA^J>%=OmI$3Ds@#}Gqg4R3tvvH-F)d;2Q+bw+>OOJ^wtunZJX0}`Ube1;aN*}4({!_c9`?2&faix2x z(&x5YdIU>v?-;|frz+j0-O{(Q^xJWzRl-ou#=h;*q?n~=#Fb`z5;S=!TAD({Sqdq5 zJ4@dZS2_cwEl==9I_PD+$t)E16b+!W`=>(f>?+YgqXwQECY)VW4vjhwU9TgF1LU3N ztur2v!ym&rbsnsNhxXg3o9c>hocty@Zfc%8h&^D7bzLdGb7WxCREq1_b_;ERQ|swg zCQfZ5F@vM1T`i~cOK$iGv9HbOuW#yqwa7?@<~gB!SfYL!Ex&LAd+hV{3q|LRy93<6f=(Ntl+z&OpqGcr)#^ zzv=<0z_ySafZw6rn-46IiE04LfTFV3!2JlRo6|G#Bow(*jA;cD%W?W7^#CIxAU$7a zYk)G{`D+1$6&%YzG((b66_Lkq(p@Yzra6I-5LxW}6>d4X;gqgg-~e;QR!Wk)>@ zn!cpNJX8(&OQ7!G7R3;U5~2H zJ1SMaH87|GP>fwlvIHPTSq;vA9)nl$w|M&{{5(aVfc@f^VO|FQQr;87K4-*^&O z4NBaoL?eO*jhfW2prDCD2^R1~HyRZ!Ds6)(VnszD5L>{Fo0zO8M^R8wc{H|Ksihhf z0Y94nLIA4)S_QF!($=#E6}9EFHSh0t&&=7gn?=#*|GZcK&-La~X7-#jGxyxzbI%u7 ztDX&=KH!If#>n3hv-tXuVBH3MJ5*v815dwYZrVk5_Z4N)RUxd?eVH^FDm$jJTDN6* zzolFyZVeAE9+fe?$NF)@qoXp0Mz-dU8yeZ0KjoLhgNt&@B6|-AM!4!bZvB))01B3D4{ykh9S6>rH>dgDoWeJmcr$cGS^%w8WQ-e1 zZVA?Y#n=p44LWlo$V?5*OOGmmFTu>xq_35GhLzO(L;5TJ*>UxL@z3WIzL|g8xvQ-d6uk=kvkd%mRTBU7R{V30 z;-9>oasJ5@E;$ZdvP}2~R2klo5$B&1eQ)ylM)6Mu`R6?HPm7;_MuC4Sg@2SX7`h@u z_$T?f;-6e}%j2H{;gNT|WAc_->F-%luGqlDhdUTbf%FwS59P)U1s=;-V3`GQ|A$7~ zqVJGppnZj93S!TIu@%b{kPDLGV3qL~!XDZ?G#~q(xed#NWolIN3zbA30L#49#UV`M zpC=*li8>GCnRVsy@r+Vm7|$#dPFxXKh?nW^pD}0dZut_OcLEPK`r^D?Fz3E|Vp52B z#BfHKOE1y>Z!~K#9=Ku5WUL5`MTHr0O^FKg@Y0IHbU}@0x({DW*VldFe)Q*u5Ne~j zQ|WKmY`^~2lBbMdu~bJJq2{H}`<0Kqs|1Rp`N(%in@M|fTuhtkal zI30I*=evtNK=iYB@kT_27nf!P7hjMu4zAQ3#(i_;YK9c{=JG^%&HPUxc>-=LFBx?D z++jugXj~jZr3P?e!TEvA{bWp+#oB)0>gNDBHJ{55#qwwOUx$ri&SkiyU{A&jw6NZ4 z{U`(4;2_z7Q@oSj!;}mFKJp+y{?3&3keS>x&X(k+$K%-v{4;gG;D?Ge@PAExo&^5^ zUEyCj+k-!`y_=Hp)q$&S8N+slqF=iXm@!ymjudrxRy70_XoP9)12DMuiU)7fjN@Rt zDt4|^)PiDj{uIH|Mtcb0i2Wjg=Mv#bHQx(gtaeq^F@y`|0JNgNkQ4c^TLb7Y0kB3e zqYExyw{@`MawqWaUDqQELbpR&7;47Uh^NS3i1Drnf6nEquA#+ zGQU^)+6K6W$4oo5c3ssGDUTawR2v2;E%!ibL1fcuIfj+|nI#U6CD1eTI z60p_9-}yBw>?)%ge#{AC7LQ1SJ{9=;Mn3A6zLp(0m+0e!EARxA4$JQa0v^upl$!1+ zs>vhM9p59<7yZZyT=J1efT>YKfI)AIE**X^`oimU6Y2ePzz(mEu_B2l0U$UF4RZkj zXgRd}OMfmcpl{F0n6My4Y)`TU?Ksb>Li-EOyEacvda0q*u*RjxD zItx4yPG~=P=Vp}bvOXIoA7Vg{1h)uqe5A&6_p(KC0c4q0WLI7=LP#y=-ZUgQ92m5MU5L~p0TfZ>ws=uCJiXR)SznXdYNf`M(N4;njZot+KTstN6!8Ht7 zh3sf16X#w@I5G%1SBJ}XZsLEfdxwPjZL*wsN3rEl$;x2;T|k9ozGenQwYV5|e3{d; zzZHdNMqw3NyCqB2@D4*a-L+_qKmkNqR#cj|16wZ;GBT+l7_q;LzLEVBB#FGC zn2jjg3_YZ3i?#A20>CyaY1d03o?mJ1AXESZyUqwCh(A3)&s{P6qfYw9H~^H9GXcZ^ zCxn2fRmov;sh%?jI$~7bdP9LInfRv5vtJdaYk5VIRd<8;x&tU0j3oM>OiCoI$$`y? zwsxEK6`}OE#n;cp*x)_nuFXGcc=|{9 zv97#i{j{-V>Tb7bR}tL>l=Hmu!uQIZvEY;U`Cse5hLrc)dXY1)x8jra!F!Ge*2<#q z#g0a5t-K>HMR$aO3jj;5p%^Kj+Uiqa&xZ4JqvsDCXcnEA6TthAu*$KGm6(w&BR$&d6VAe zX4YAPOB}8cm0WPqEQ04;)xBXZGYuRq;^WDO5%=JtUTu~QC?c4-blYAMkXu#qvLu9+ ze@XOz9Ce`!qo{*0B9VWDtI6K}9XZ!xr2yD68xfH@2^!$73Y$P-QZEgk-#u8nSg0L; zV+9e6x@a7Nl;;XxVQ?;-ECyW0NvKlvv-<+|09wf7BK#()htNcDig$2vn^m*>@e4Ta zi17{PKZiX66!$y`ciROQZ;E_4B)zS(CAe6rn%DWwVEMlOdFH8J?4P{|g5%sBjJC|_ zJ8Q)E{vvigc>!%#T2a4PbIlDDbJF_XSJWyrKYEJz!(gM>ZNsDq7tuGNZT^v)R8J^1 zXhh#;)O66kzH_UV2noMlEXjd3xb8gRx+MBd+F$xT(I-y7To&>{9H-yY0&To6ar&M1 zZS>)VmE)q)Iq>`yo5ad=8B#9ockc%VR##5duDNmK;tBID=umwoR#T6^VE;9VHv%Nr@ef&P~II*akTi#Y0ZRcD%%H$Y9+k$k2#X zhoWIVgo6&bmcW9ybc$-cL^#+pVj&tT4vhNmRZ;-E$e^s#3s!|+88|cm(gZh!I%5eI z8bE=DCgyGF3sfD{VKe(l34(g`7M5mU3BT-ZK`EFy?9pG{xt^^^paUjEtS0OrHOe_~ z$gqJ&`)Ha;GlR7s0V(}kxS#JWqDR3fN|(pz+*8koPD2`+uZ17d5GEWoyTf=Ktd~^` zTq%N6>M>%8pH=TP%E=^D+huCim^0`MZ2b(@e~5zKz2EdSxWuEZaJxApu-|r?s_JsY z*h*ku?gCd>urGH=3LosC9cqA($*XY%TDf)D?6LvR0VQOV$nx=W@5n@9#3cYbEp`Oo zChW&CUvfPhYpbU1%XF8QZWa}mnq0B%7`O{v;NOC$F%q3^3dCmPo!fn(@b`b+3C1q) zjq;QD`*jJ!W!>y#P=BD8~irt2(nfMu~~{U8K+z$=%;27ziu`%32492 z8Gz0G>t_z6Le*0SNwwy*e z$48+@JZvn^1OY3cQF7fsOf>7q@CcE@dnt>NrQI7O!-19bghF>ZJenemV6d4>MmF>w zCj&1GSwu1L)=%MhM%8s+xY4TF8%FVIlNB~DRM=SUVPg%jk;_sF8^SE$M^rpYu<_h21{?8? z1Fxt}cbsZazz}yj+I=-CsylhD>g1=-N+);RflhKMYI6UcQ2i?=j}?)}P$L{P)jvx- z#u=8~vyB?Rz(;lb0?pxv<`<@K#F{zi_i5!?Yfc-63*^vQ%-DUve=+#7`e7GJt?n$? zSMBeIrk?`&d+GYWcB0W-Ff%LzL5Oha->($tC#z%tdoaW!lOk4E|5T=v68IH0R|e8X zc6OrrN^5M}%d_*#?z4i=u9dSXTleG_u7+_bvc|4{WqDE0Wq5;AEBEH}ZQ&Y>Wd=BQ z8WtdsB1AT%k$RNNgaLdehgUF~jNWJ5EZr!Iw%*v%2NbD9Y#)t-NwB)_4o)MYom22) zz>Vv23fI=Oj`39sb#}?WeHI2`2R33^={V*QF(jt~Z-ql3FYbdkNmHj_;`}Fy10uT* zm?Q@mjlxZNdlD)-Afcj2E8fb85)}oWA_zdeI~+AqzQ)TM508!H5vG#C?jC0y^o+1n zHfa=!TEV~)FbRp751kr~mQ43E zM2I`ycNgD|PIBs~%XsKC`d|tC#`fTtDE|VO&ZAC3;DR$aplD@BR+)2KdWaVqy@S)D z#4&n>O2CBx)>+zB77n}Ua^iZKGH zJ=Bgn9H;axEq)gV(nY>TDekAgz{X%N+G{%xx9PZpQ3SyUGnwu-jXC`2Lws7qCqYJi z;5YY8{T{FSAZ~*hs>q(hCm%ML=$(G>;HgN|(p9{Kkk#yY0*kaKpE{T*oO$BlWk_Zm zYmI&HbuD&ZS*>4#%zK9vesJTCK80V_t>Zy@6ipfai@qgw2m;WEmH$x$13Fu1c?&R4 zsJF!86;K;{PRtm;q>uo|=ozd^dRySi&qU(0-IGB=er#$)QytH%+7rs$uqp&vf;Uk3 z+Lzv?y2y4v+ufybY!dhY0Rf=B9Op095Q1p4jK1SCGWBVZky}(UUL|8x^79#BrWcLN zlq4@ril4?)UMhX#0nJZ5_OXJWfZ(HQ(`3SwDre2^Kmu7n?2a%M z5tM;ANEn{_nf$_&gKGSW%RzAl8V%)NDphTVTIs*3cGHxj6`PNcs{5dmeZb~FO^CdLqZ>>M8`@We~(65xy&?(3cALs{1ni&4F7{n^aP}lbn`NQVNl&OJm2P zJE4+gQw|+gjN>Y2uPlphi0+O33s3uZc6^Cnv42R1VOq)mtTvlH&viqPU+Or>7lsQs znv|nZAH%BW@h{w0o)XqwsFL5SZfPV6YEQ=W=Iv{^272oWC0SKKj>Dr%=!?6 z{*0BNJi331#MemUBM?lQa+5#2AcJBj=d1qv3@=O@qe2VQu1p;U+9>B)hhR4lC<66h z-Q>_Vv>HJ?jYcyU3@URSc_vdJ8C!qjF8_^Sv|JLe_ixJnj2^61@8Rg$pTX4^Og^4y zI1DQD?8zsBM?c>9Af!&VC%{S3O#s8WK)7je>yvCS5kFofFwI%NN>z!wKo#>KOn?XF zaWgM~VEJoOmY@*jF2f+t5t@nC20QKbxX+%FG=YN6CpVspnu z$?I@r+?Pec@wt!!1waqfL*6I=L5h~SJEviIQzw1+{_Wq9nY#URzP9zaWD_pha1*shYQrBnPZLHX%ujISm4hN(~=)K?@( z0zHCvZc_LtB|eJD6LKO?rNIaH{8n8BC|~Rm$47;S55Y{fTRdOE23dfU5XZtSRt|`S zQwo?XV9`oqK@FP(3r(p1C*M^6_-9ks&%voze;muc`rVtV(048sF#-kR1BeNr7&?n- zIt;$pS)#TGsw-IgBOr9#;I#0hpYdfjU$R@p4Wax)p#l%X|A&ujb-Aqti(2uZwq{enFneYNZ1Hi@YHkFTOAwxIx>S)baLK4Md?Vk4DM&k*iYLqI=@GB z4em5-iDg7qbq63>=Nd{r>=0+=;~<0vuB*F6(wd(OlOI3W%RRDHbciAS&g>J2^JPM?cZ zfB?Wl;@BzAtt#MYDiUO-ZiLTIW(5V3B`7(V4{_h3DAbsBE7sqIFC zF#w?_47}rEsbw;wM~2`6O)hLAPq@E%RHM#zPB=i#9DE}9b*W|d z&674TnZfW@JnD&yZQFc=c=+)|>(RAt_o;b;nI@H#+_G$FJcM`&;M3@Jot#U9Sd;xbenM)jE991Ah+=;v1simjBY=f^jE5ZqtdI2hK6@F2WPipO*yDf z=Ty`T1DqQ!^#YtwBBlnE{&doxr#*pkk52kyRTf6KM`eU}KM}mIwc}-+@3P1oJpmR2 zm`j88cM^iac3y_9?^f#9F4Jz2z59T1Kst;LV8j?ZJ-zBUGzkzf6*dJc{t+(@9&Wy?`$towTW{C;FD2F$gfVbgaS<>kYT(!$OLHN*hJr2!=oNyZ+@GA1lRrUO- zs_%Q~QS)GQ0*6VW*6x&-v<4%W;*$&P0c&axz=4H*H=Ri6m&^iKtVR}0L0N65vfA$U z$0h)om2u`aWjn3JB4LHa>wFYQk?TI=3A^?Y=jt zQZ4wwQb+4=#E?Yi@-eVQG_45N;9pE6pDi%XB|bxTcs?FtUU&(9aa#Fte1aKaLAH}M z`dUFfUt*C-6Fvn62$8a}PBWqB6co&a*UJmB*+3mhsHgp}0#nPU#`SgYOZC}!MpK-?h#YfL+jROC6#8ZPai;TX4Ron>P^wz* zff;nqct9lW+#4Wbzrjg-$|NSqSIPH~uaf*^`FiS_?;&54q!1BUeO$b&`m`C=~L~%vOMy|y;Q4+VT^#%=>Ib!vPKlGT_c}HYs9LVLtp)C!jOlf zq`1@PpNpyc_@{;>pB}?5E2Y`-TctyFr7LUN(Ki3E7&vbBP6k{dr^cAQJ?gzNdv@Q0 z)q6sTHMX=BG%`!@StuG+u-~i9LX9#DaFs0QISO5}Sr~wA0g82XHyMC|)`nT2)~4!A zG7A}A30x`5PsJ>hnjQjs$}G@S>^IWLezL08{X^e4wqgS?CP~!zP4e1jhGL&8mOSl; zz8xn=3dT%m2F#Zj`*nYQmpY+YEMO5A=WqnaKX2tC4s0cD=^N^C7ou@hd0sc|hsYLY zQBj%GJvVkYOa!7;*vaVoiaeC?)p&m81S05e-a=nC)4(S#GF6X4Y&cAz>D zUibcMAW1EdBoZmpvcj9FUBAW{FpMM-oHumUJE>TS>H}~p+V@Q zz;>=ohub8`#!B_Zg?MFWZSCW?syKZ(>yoQQy(<|>@LKIzv@XOF6RvL#uw5(%tN$0D z6k^shzT;~(2mV00Xq`eF3an2s#}y(?0#(BC<~+olzP%GzdzH}&@Af92n@-@1*o|a% z)qcnpw=#q{L}VITN305K@i8h1PrepDrYIzPmOyHYRTO|_#*ORr2MfS${y|Br<#a#P zgIF^VJ_EyR*A+zZR-bouD-pi%+{#ftxAGtN82ypxR>F})sKe+Fe~G1D3BTzprN{_D zmHw~;Cmv1WJ*3r{D7luZVOCVswbY)H(~@o{NZC6K1EJqA2idaC2nTzPLHSB3Lm578Rs|;AB-HxF&vB^Qnm{34ivN8tFiuovZkh zpLIMAz9e|yOBxhRdj=z%ItE{k>;b;q6P{ci;<#%l9-arFdnlj{uYPxM_Iq428LRof zo9{K$E8%CrAxuaJhu{x)3?iFM;aiL8St%stsL>)P^$a1W66m}5>l-~gt0;)gL{p3@% z7KnI)E`VmBLnvLQ)nf+MA=h2Hu~V#7p4nwIkFcpiNp=og+>ByUhrK}I+`FHB0Cnwk zmm6JsV~*lw3DcrB&>CHjoe70&IeO&Gz$~@F5DhA(sIhQaFQbo_$zmDraq{51(x)ZI z`?Ta+cco_1O2LKElKv9&yb^vUh3PaWU5J-u2hxs6!KCN!2a`4dc|4VVzN9AnoQz1> zpKKImelMa?0{{$GbUfDtyYckNwF@TOw#!y;NNz2`IT%Pso6%7^71Qz z%F!v%P2UzljyAFwI2H*sQackz9?Gg4&hIP@l`NeRMEtMUp}6b4g{o;vjGkpRIT0Af zCM+&J8P#zzJ{p;S3GY|6E_8bJCRJ54vU!N#!L=DB3&T-q&}kqqf=4X+i(vr7Kjta# z{7YEmt+lLq-oy<4h;nM;ka3N*fr4hG#~#A`L0Dc>9gFw9Q0o(KJYCbEnF+8Il-q}f zqN|5?VpERx#4DJC`GvQ|dARe;3j9(TdGOKT`B>LOOsf_6vP=bKz+9A02IzT=1f%bO zMo<#Hi@4_dN=DHcm%ocdum^?@2mhJr5EPgW9H;ND+fj8oJ`r-^HnkSCMN`x!slJyB zLMv3RSx!(8ydOpy8I7^zQ1Y4pCEMmuZ^uHKptP6;5wx=oWW#Dq4{t@>gH=^v{BLnY z_i;&BGB7~x#JG+=S%5L@fmdMs2Wy4#i+&8oKRMAS@agB;{7Nbex!>*30I*QAEl=2J z0d`R1CscdND&yCd0V1$x6AJK;c~XLZ%#$4aW1iIKAM-7eLtatJs0@*+MlCvmwmFL6 zh~!A0=xAXQt%=nj42J>bbQnu#p;kQ}U;h^C?Ug0xRswukM0NthP0z=Etkr4<24<1S zq)so4EDX*l+>qk&maVWrxt(aPQ=w&ZmIHZWn%Ix+rXR@f^5w-lB9M5V3AFK#`D~L1 z#`z6RJl|7<`OYW0tU4r~{z7%#Ry_W?2Fv-Scd4bel2}DwA-WXNOO4cuAY5jL z?H6cINo_8Ny#@tQETtXsuJ3^(J|mS4l@s!f}D5OTYJX{ zwm4cd^{3>cK&#>-N;Ut8t9F%@{03isi!bk*JlcfB*XHv>k`>yyF`r-3JVX5EsEd4( z_=wFV@(~;L8QU?~J+Mzc3b!TjQF@zdm`YE!LMf%E_|{W;6MY)5@7;&^G@cZ%#$+N+ zz%R9;cPIm;oo;lki2Q9Ro>gk^ zKoUIlJW1A`EGk1YJ#(c$hU;XNhvK6Iuz@@HI0chzwm)NL41Gll+?6sNi|#oX#{7f zpZC(T0fjp=W>8}YC>9lCiZ>R84Z(i6-vO+KP(D^^YY$Y78ljkkbInlwRZUb+#g4$v z03{kKh5)n_FybzysHcs~A$%KGUWa()dV72QjQ)p;A?DSv9eaEf=D{1516PCm;9mF| zSQk=|&9z*?+Q+!J7ICs*?fWdLX@_n-jc$=jKP=ujsV}8Luws@}=$V1o`J(xhW}}Cq zKGN$zoaO>lQhR{6Tks{UcIVBmlrX9k`Px}Ra@8JaIk#a`%x11=Hk;OWTi8a(IxKsM z!hSFe z@DR4o{bdcwpoy-P?!U6xq(LS=N6!?@GG|TX(VHgt?uDYUHOmvhcd>mS*bGFa2rh}1 zK0~QU3X9JaA}u0QvpkHS*r%{kW|_fkOYj^0Bx5 z%=NlPCp+71;@*=y$ZR=IAlPaLDtkaPnQoa-d$3N1t4`qQ^Qk6uxLs>a^m`Uj26D5r zJio6_BH*@)P}>iY9yoP^^x!?^IMNCe@&5?o7Y`5YUSW$tX*sn)#oI3tiI_Yf60uPeS_)0!ruSg|1FVFbW*ue<-?0j@mr|eT zum^i7%SyJ-yw(EO$#_}y=joY>p+yszV2_bsvwh(#)(2HLOOT?u66TO3P~A)B%oQCE zTJ}qdEj0-M;J>mofL}2K0Hg8iYPs1HQb)G*0HnnA0D!TpfKsq~2iDASbQL&dxG_=} z1Zbp`@Wm#Rm1IT15STp7C#AK5u~96-CPVkPUU&cO1_?Za578id%*8>FkvLbWIc zO&d%-*b@>vj_q*ylM{GZO3~uCbSEUnnrV9gQD^`VoJJs`I-az%GNonR&fF!?S6n9$ zkoI(xMw>z%CYFT>T!&SGoA`qDM+p)U<<3SXRM;BgI-3nzTtfZS8Z09&->gC4cnBNf zz^=JUTx5BKH1kqV(hAKqBZFq*Yp_E7aNr)!gpmE1Gc2lRB`v(ZiS(fZM4g%KhNdfN zDK&gP7L_d_Cg{AC8ci9y5cGXT5cHg?0Sec>rCS`KMBsK5i*1Gpfu>WOCAL!x^iil+ z8R*zm*luEH{i?gquL{;3PV_oiJ%2Ecnko#k4`Z!bD|tw-=z?q~@Xw(} zoc5-tz&Vd#fRULGR;8(!h{OCs`BQOZANV#3Z>#@~{++}7z@PIH8y5_5lY`(Uh=o#-B;4vp>Ksw;}D)}Y5#9iIIh+>zUNa;X+!@s0X*V* zuB7wy7_w1~gTNtM_#EBK6**TUCz)KtZ!EPHzi=2F!y)BxSELW~l*h*HQ4ASnyt)ULOoU%6@RE~Wtb%7Um4aZ z@oSM($2faGeF16>45XdC9DX6r9_Qpd)uslh7?>toiJ=%%?CZ1vl7;Bm!kTbuK&3bz z5Nd@FQ5YD_xJOs}%#m`Uarln$E{7DqH|cOzBjZklvvAPvS6>n6gh$W)6OVAfz$13x zk+hUfOctr&1pf9z^1bK8gb5s+mb;%}#<`b3BO{Y!tzl|K>J4?daCE7^^D!H`Vi%bnT;qXcC|DD*3&xM7oKt z2?T}XHtXWFtUKL9E2ct9xQB`8X|#LDfH|~1=6zk5NVV=_J&BuPbN}tB6BOV zEej%4DWQWIA|;jUn54?#3Sw_rgo>XTpvs~mF0nUcNNkgtviMkWdaG%zj+!!NOTjD7J7x|xX#l^!OyqzqaNv$KZ%`%#>F zv#P3(KVE@_;M~Xy=Y4xDof{>gwcCZ~=1KfG1T~nArbC3>3qeHpDn=6r6g(m&z$0On z1dp^KHP)XocGl1_+lnqxA=YLIW@o+duSX%V;#2{w%Q4tzM_}>KI5%$b;aIxo01eb} z-($Q*;m_3Ys}(PQ+@oOUQ^jF{rRNw4YSu5=v5p8&AB*k{Mc*lpu9oY`h@JWDBaA|e z^i_F%v^Cz;mI+&8Q~sEBY9bEHoo@345cr~3WI27(wKcu{Y`$chCI*rY*G)T=I)n}^ zvSn;^rJn&EI#7;E)+1OHSMca-rS)hob}G+@MT4wcD@UUap(N>wkfvdRgG_v8aQz1+z^6KouczFi*uFqVnqmD~|GN?34+N{Us| zUnM_K$?+=bqmmqz9HNo~Rg$KX-9MMgzEnwvO8%;nzo_ILmAtKzHkDkWl9yHTf=ULd zWS~kORmp=YDH;rod0~e?eCdy04$E&-lRqy~k<@G>jyS*B%oM>(m5SrSoj;z`h?}ee z_VL)e+wEy31az$sJ?qIj<3*Z<@(?YlTdmeXv;ix3)U=2%ME*nU5m0eJ)sXTQ*ws7lxdqP=G$r(KL>Wl6x@ldc^@c<-ISg_-S(6D}dMno} z8GRgY*@>&rXPah}A4eDwvXqHP2FbV~3kwu6b>IOu#w+2UIxnRZwn!HwL>XLELx&LC z*6Zr%bvQNRcEOjmxNb&A;5{Y8j0(QZT%d^HO_!{f-h>$BNxCrt{uZ5AK^#PMzKGER6&Zwx zDn}R5ZqekLrS(Kje4YV(%Na<-D=HbmzD~_EjKKMQS!BGq#1VP|5%;DhCi26o9m}$V zb+@AK;G($<>zio^p6gL}QD$1&>v#th-2IHQnq6UJgZC8Ssh%4sOaCIpl*9`%T>geB ziCgi3L_Bg)74&+~qtuMVVR(+|k@IDRM6!f7>M0kcS)f$Hf+pE-%KN+D#E$`> zQtE0_B|f)O5yW2fD+1z;52iETLjnluGssFc-_PV;^|}ans((xWbv%;B?6A>$RN*s< z{ehY)Ad|64*8Gb( zf|4yD809u1B}<2T+m7^L3BaYHB>xC#rZ1oE%jf#?c_vRrU^xKDZ;9Im`Q4}nkZ@3y zfm6XF4i=j6oh(epw`^D3b#k$+USR9KK6G3g??VwGRkO})536QmNP@xw4nwADsZHOU?KBwA%aFvZxM>p}VV#JjI(KQW@NzQ~?F1&C zM&)`3Ur<-Nm48vvl1U|r;S0hgM9C6q8Vffhg&AXtnW849HOuECL44R4&;cqs>mL4D z-2CW~OPaJtO}yh%zMLai?1%&xZ}5&DxEstGasq*E52p>q=J(uTm{_G3DaRDZ5x`|w zOIlw^p4R8dj%1O-wsPlQdXr^45zbnVf6H3;;Be^G7dm~=i=`o)xpO28RpKOMjamW& zD>Sl+?>tSe(A}uQCy?tcLK-dSad+adv7UU-Cl*uqN;LA?S<}oRb;av=3rq2Z!Nphl z*Hb_iXHg+Q)Tm|JI1gE>nH@Y`=`W>tC>K% zx1H~>fq@Bv)K`*;#6l76JNcA5a6eTSCzI^<7)GR5h*+8;cXN>J+IO%vn}hYf;h5C$yIBt zNdi}lrA$F}dp}WfAtceb?bwiF!l4O(iTRC9=X^uX8S!@N)^Tu`)AR$vsONc<2Oakb ze_&d50@d;z`!X|C;}G7~*j~s+D7qr{EY7uZ-~EYrckL>ESuRJqvHA>ubfI}Gr}ltK$G zdPt2|WJ`|~)jNA?Hh_n?)ZMwCoN4PVRSzk>!Br)COO+aAaqJS8`1gNmz}A(@N()(v zLN38fY~rA0f%koUg@vrZGCDWe1weQwuGv0$L}_*H18pFBIYg|xhwK~J6iYEIz)ODS z1o{@lRRr8L_utJ*JqeM_LNW|*zIhed^^YkKykXIELgVi^EYgyB*GWb)n?F{PNnq5O z%bI9%avRn^vuj4{RrN!6ZkDnsw(!M{iI02Ayaq1zHPG>v+j5nN#g(Um*?Z|hPkg)} zaGW7a2xc%ER#CfxKYY|GAri2ZF6eW z2Bvoc%T6$4-S{`9Ayv09u8U=WIPOO$1MLoYHetjT$3Mnv6*TZNUOR-IQ_Z#_x(U$* z`2|cdUXv8wA;IDwJw<}XKjvw8_{V&cQ5i}xfwgq+i6pD=%_KLD*gNgRuQDg}} zMG-{-Z$LK6E7JFicOQX68u&<(#{6QyAp5wNL2X}XcW%3CK0)M>-9|KPKxH#OdG~K=Z6#RrQgEgx-^aj^7*5%SPp#Jd)aXdF;F!DXM>4qpP z>~J>g&dnd9gEHF^!dg^uf@Dk$XF+gQ@>Q^2LSCq=k}b+LBzHeYaRkFo6y4zw0H#o_ z9yo+d?F4o%ya1npiw}8^tjE`O)-_jMkB2%w4n&Gi?+m<59(#DKz#4BsJ*mUaz(fIA z-uvyN3~As&2sV)NJCa7yh1zlPioE74Vi;tDRE?Q&LX=4^ftZcrk8J$|y~b#TKb)-7 zkE1Lhu#BH}*6yv3@?efBG-+vq5D>2#|1VU1iUS+DLIVq25DhR|^ct+=*`9VmWn7TQ zalt4yhE~KEhpdn1Z;T5HnAR+(?7_9r!!sxAz88pOLte+gLh_!!H7@ZTcVNmuuj7jg zjI;&%DSTk%ytD<0XNopbwe4nKF8cbRk&^uCBx)UFQtFGb^4JsZyvuZV_n|LZM(X#V?tbbE z$5%wj2ga@6NndpK_3MjOo2f5?b@!1IzEx*je5nRFQD^izR*_DIt(pS*7JE@D)X^B1 zBYx{1)r&`v$=P-x#P1=^N~#-`hS|49DSdXI8s(oK#5GE6jQDozW5;nwNVj+u@b_pw`A6$be<1kd7AvxHi_hM>p|0``;63@@QepbN-}3!? zUlBtv%D0_!?E8>Zj1~S(wFTrT>y8LyO6&gQMY`#g;cOI_eyj}V>a3l!c9RT1G6fZ* z;l()3dC0SYk!)aPn6IRmlk=yeWL&}z=#Gu*xRoABB}T$(2rM3=ULmb%6i33Qiw%lKyh1d*gH7D!Lr}wE0-8eL=U~D%AO8bJz-FTsBylYf)<1x^9M|c_!gIlQW3H1N@ zk08fZxU**|`|s!&JruXObgn6jue6VBP3J}0ovU#~=+NR_lh5Xw%{yz*ZOm-- zz#_$VedFKci8wuAj$A!6ym;-DMIc8WaLyJZI6U0yT!9@J4J3NW*E0t4O!>*fEql;* zD>^8j=hLU7zLjMq?YAF1C3XMOVnyHJrZ@ADXH#6)+QPq7M>JMUL_?d<~4#}}f?X&JMkZVOV zI1;TQs+_>K-)QCEEe;e{Uw{||2GLOdMaXwm{v9KXUekj+8&`bz@VfN^{T`$-&K)&5 z&B+!?yY#EsSHw^=4WQaN$GxMJ|NSh8z7RYs>M4Ih=xchuWk3t`_;?uJV6>aJ#=|?$ z7I(7#FqUO9aV%oi@;}oURAkZ-JXl&#GgemAg47$-R^-}!AC@mCX7fM@8E?Z0P<%KF z&fjR_E)usl5zpQX93ur^q23KS5ivDbV|)VPUK#OBO;p~*o+hP0yHS{9X_l_((N27^ z<`yBQXKAOF8D!&Z8{UuN%$g+y5#L7#WC%r7Z`qoolFFaul{dZh7-{j*3K$qAgB7R} z{h4&x#?58zGlpqbw@*G85ccHQQ&lB2j9n(KG3M+%<-zZNtm~QR!Kn+yPNuP; zxyJWl0xR{Ol>B{cBQ>Ry_2{pYjFMtfj`=TJ|3PQ$W@U#`_Rsxrm}ulrj)VcKGMhlJ zwd|fJU_J!3*XB=TD)GK2l|IfE0xwYd4*FR18bGDK#EMn&9{5Kry**c~m2d#3iDbdr}&1SV)I;C;V$g2!`1?h zGR)YW%S+0!SqFeshYGRtOs}U~VWn^9Mv40S07d^DjN6ss)a_vX&!x0JsGEF5TC#Yy zyF;`^65d8am*K9Odg^gZJ1O)*jr1rYr26A19_*?GS$dLIa7up+N=3ZeCl+^Y#Mwa)HvU;93?v2y;#5`n;Swzy_=pLRzHoe8WLM*5JIh(6GrW&^n0sic6cP`WBoUA0yt?6 z*GeOJD8og3jM=F@*#0{cJc=9^Fv`Ugu(}-9@sAd`MRF?N=F7MH^3?16`_AEc)bF`o z0Bk$!0A_YcI#0V)@jVZOi*~z3(uI2OgJ*qqooB31Trh}GDMmr_;^$I9d~EawQ_vf? z0=d97MnvxBdU4xRsuz!1U`cnX5GCHSd$|)ANi!3LdO;^cg33aNHYKL#<&?g;|ZC z_?`RnY!Hn1kIJCPXMcy~wwl0QZw$XE^vNqh+qNqijGtR?)sW_b&eW$qh?fJl`fl8-(xV;Ht85;fCi*KBJS)4d>H zZZL;`Bq?x|NB0SiXzfsbU}wGa3Wsnx?@EGcNIu1Bmyv7abx$0LA+a7D!omlP5ZwpX zv&1rB_L2{296TMD#`@#^-h_qm68!UY91x%fX;)|C)3`J_AedCAaK1(I8t2kDAQ7Bz z*KcxZD)WF8G)O5r_z@*V5FoBDR#Jpf35TZaHWzW!E)XdM??@#eprqLJz|;x6J68`1 zKYPuLnCz^j=UtB`8uOdja~Oj8k`8=99(yD%I#+iUUlg&nq#jyC33NUK;( zD(S-fB<%f{uZR#1KvYZB25{{A(Z5ZHn)Pq#5WZg`Rc9S=fC~J#;HRC{zLJ4|HBl(N zih_bFlqj8x6Ywgm`xXL56KukF8Lt}JfkCQ;K|qr*GF=Dq z$DJLgnz*P*RO@Z13Sl=?E6{vUBxx6_eQZ#MB8F-e_|(q2as|;Itdo0*fw*c6!42LC zo=*3)m|;^4NjE=U&KQ7s9@)Gzx>o$;W~TlXhWM_?ss z?tDYxc6{s_y0idBL8fc>fYa2%Zv`J_4^!}h`|(-gKWy&-rFOCxdhBX{mMGokA1XJOV-mO; zO3B|VUpYCeGAKOv@*@n?#2o=C#(N=f?dO`awe@HwE<}Ge#B}tRQI4zCrfm8MneN;7 zYh)5~sOQI8NIFQD-pdBB=N>9vY*eY8K`_AC6Y(wJAs{&Vq>&e_aJ9v)h;h}vB(Ky- zTo?{FQ0vvLy1mk(7>hT56V~vtu&7jpFeqMfn0uZe0lL)_ZVY(zQWc1!GE=pB$gQzo zvz$bMaGU!7Ey((wm6$D?x&x@xb*3r|38>xxUwk85rYn?mpl<+H2KZ*IL&a5_A0|f7 zJ#>l~L$1KxI7i{2lpTfHVC-nWJ1S#44WJ4pa38yz-$>fdmG&@A0CxaFZVn;v%th;2 zM!@B6tD~&wYVS}b8DsGuKht29Tn8V}<4}!Z6S9jjRL*S;!3;A{wUyQ~za~Jd5 zYB182Q{(cW$*TfXGkYuE$<^2Pj*qo4kOM?1UI50A&QqUMcf2Cib^K`w*eI=|(R?MB zLJ`@Pd4hc{$`x)_gi)h@HEfCCGq<2@(5-N}<;YqkR{DI0#Rocm6C~l3Z3Pi5rFn8Pt;yr?kkX!byD4bt5HB7PQN)&*O=|zX{7fx#uo23J0GXb>`0x1l zU!7s3c^LfrG5=7!TtU4uie!c2H30^rK<9W0bP4-m{QJLUfF2VQ{rh3&d|Wx4a3AO6 z!Xk`9MPeE%O=i5wOf;Ell~D@OIMV8kiqSr0lAXI^eF zH31(*XauczBaWChY>)&k?(j|L^BaBqto!5B#2=|l2N8a0M#5^2FhM@_dBra&`Dm7A zbXD+2q{{za)8lw7^H+;DvKIbc=<%W?9zAgFJv+UBH2L%Cy0!$G;HGlXxebVcx+(|` z;gJQS^m~M-Ftu_4?rl2@Bh}Ee^Uz*SITMg?i{QLb2LZI3ltfOH+VPB(+KHs2tv@cQ zU)|B_-g=5q`4^oZb;eFGR8B?T-~NZuH!L`h%bQ5i{>ay5r+M`J>+gh~f0N|<(KBFb z>q1WozR+`~K>AJeoc?>E%nT+*9N}GVVL>=yu2hgHo}lN6s?kq+EDt<)PSlW?^6{%4~t8oyQ2`j}f1$8cF z6||w~;SkG_F%k3;^b5)%(&ye5ReC>{IM)S=ZwL`T?@EpZZXts@=!iHCo@R76-=HADrLNfh`8jH) zYj~9$h*OO1U9Yn(fFc$OTaYiwti_R*cgs^9@P{Oh%rD=uG`lK~Ih4h$mUo16`d5}5 zWfxlwe6zcv^Ws6;s*|y-L*^!G*G=ioQ9P|2W@1{9z)vO-BDnV+wRC()Z2MjVGVe8P zCzL(>BEm3y$I|Y>+MD65&j715(jJ?19M9~}*cLV#j(Htr4 zy{qC6Cn)^WE#hXASxjN?B}MzC_$~gIWik~eGsg%7+G_F1>{6_Z60L(1cOHGQ7%kE3fsdU)n+`qFmSXHcwxoD~+;d zS!oG!s$y605=#u9Kcs31Gq}GYIERD%!$@KwJ#^%FsL+X6ZU6uV9W&)`oCxJBC^~>{ zUgL7um8=zNR5OkDDs_R>Pu)Ssi>M6W0m2r6uyJ|<0a`u|`_GV%@p1VOYa3#~hcoS| zgrWF^?<@=fQ$&Q}cnO?nVGt>VmYGG)Fv4)?KY_D1{lWkhlYqZ1O23?~@Ylq`&@U7v z>K93&U;Zc53V4RF@-L1xqgBi-who0rY+CpoSWx;0e*^LxqJrTyvzYUON8_oC%~(ON z#t_;&&{_s+#Xoq1$aqB-m?A_h4Q(5m!!7Z}uFO1wi%ZGH?E~ zz81%1vON_2-AHG+%l_A9)`ulH#UvhO0V?YVDwG!F`A5Ap5o)V?nR#lom40exUHBLs zg1&>0aOy6MQanXCayVLyuPPN6S}$oJV~H9^q!G5H%NEGX`)T|^h6+#}s!yfQQ$r1w z`BtdK%A_&`AOA#!B`@hXgueGBv_qpTr~AP)0fH=Avp=#4Wt>7VQ}!jWP-cGx1_*ZQ zUfrIjdxero0|aBCrVLI6)KUON4v@h?ElidC68q4S&{-c5aSN6Ggd;oTps~aO(O~C#{!boXz@=b~5=}i)!IDQ< zehI{S-n?Jmi~M{+`N2IFL^!~zCRpOvHOLc!ptY=MON^{UMllo;=4g_y5KedJ@TemI zDX>gr4!zUrq=E|-gS9_JTf%-^{ydBga|OV0%%Bme3T#;aV?IEKN*R7pV5oU2QTCjt zQg{GBxo%&7v*W#H#n9?zpQ5$}C^B}t#7bYvMTP3_bPVgj0f^K~xSly^jFI_+cPt$e ztm7z$zs|v!bk0)zQzuKr2pI(JZ1K3xwxUE47orhA?lV^#o@Rr%1B}CX1`09X+9+qU zVL%wHT}8A(si;0dUtup4wcfhc73x?kia@*$=EThbYEY&RY!?*-mH=Xw?Qzz#NBG?4+ z8vrQI50dF{T)E-=P)a7Ak7BG>5?ITRGGKKvUGdnKkyU9YB@uRC;Uhw@)+Rs{G;DxR zfh3sGF8Ddu17zR$nLS#yBKWEOL_|nykObP9Hldi@x5u)K!d2{J7$sUnN(*lE`k2Df zggk1(M?QgO$V@(3SGCk5P=%*YOhj%-)k##37ijfZ^}s$WM8t73NygR^TJjJ?V2|?y zdk%n2&GJWI-q{(O!PgpoRGL_;Ti`;xj~DSyIlg(8EK;*gz=>+F)6pp^ZDWo2BXmoc zB4|oah>jAkbzB8)KK*FkN*(zrYT}NsgNH`8;C{zl;VE12a>mIp?7w?r9L$&wlB3pk zlvV^WwdneM$q#j1iJ;Eq5qn#N%=GUN|QhgYB!3=t%sBxwQItY~)KZ#sSyH@mVy5(Ym z)h<60(c@ltxM=Q?e+NxZ2e0~k8D_7weETzYku79@#z{1kHQO4*mspS=77eOX3WTUI zvp+-4P|sDf_~Kv0mv89(8IAb`QWch}Kg~wa^E`swq~S*gO%N-D6Az)MaHKVE(U5i? zmIiRC39ittyNrv6P`sMB7Dq|2KAs-uP4nS*aJvJ4{9FfHf^|Ju1T0hlZsQ+U{}myx z){$-Z;e6nsib`-$&POYEu;KozI*u@~umk`VdgH9@$nIl&jo9*61zpC)Y(dvfUYyng-egb+c}f3v0JOr*f)ih zS$d6zpq*EnUnhVV==8_~#8Q|Cm+?F^nc|?u$aVY4>IzK=DlDQ^2q8ZJX`B$k@z@qn zDBfS~HmXnZ0ZNfr=Nkky+$AUU0m1Y63h0V6^xmKmfxCpD_VesP$i74MU`?=op74mc zLxO;fR^bPFUyRl7gHZYka}$`8BVX$HpJT%JULU!}?V}tvrv%%aBzG>0k${rw1>bCn z_&ZYSl;z(_ZFjD=9Obad>2n?D$|bU8PDQ62@bD}Ij3RrL)R4J{aPK=iSM8@IT^J=nf5#I2R`C?zb)R(t> z`3hftlrLZD%a8ZvC;IZ$CJ%`C4P}(?dFvYAaVXC^LwHWOC`!eWF3e~BK63v?%MzVw z;)S1c|4JscT{g$}QZUXRRi*%xc@aCTuIojSV)uUd2o!3FMhH3+64&54iQ$RVOPd#a>LB{!?& zdX;R?l23MTfoff-cSt1YQ%pK(efp+a@|Y`RU!c~6!(^(p;Yu@+Q>c|FO2tU~Z^GuU z=+2H{S+vE%4MUvHTob}{9mYa;UnuqMZo*Y#!Mo4GkD*JL=f2%~UQ$EmDJ9XC03FKwCBMO!-{Q-=zWjDyewQ!rZPr1Zndl$? z$X@)0?4%YXs`WJF7uLyZep>h)*o-idYgoUJ&4y^L5`u@3hiY++&@lUi7ax8UcRc=% zzV-0BzXt0zllkl?q_Xnpulc;pd1VO_Rw-4-8F3pH=QHG49*xi~F0&)#)H2(ql$F`D zDR>lKC{ttT%ncTK04~iv@Xur@#*)FU;-o{ZD)6w{O%;!@GCR-{fLe~t1~|v7&cvE6 zl7R|JSpn|E!?1oj8?~jBW$QY)WFNH5CNNl$7n#NWMBxiwA=fuB(1G%$+~kFUf+hRA z;#<2`a~imT*i8SD*|224;NT+CHW&LhRB!r5Ernn~a-lMSJF}i&ua* zVvwj=&N?6)B(h~ctWfm4Ak%(XfdCoDjdsEM^8^6xU4Vt=qG(z43+%EC6|U45;Fa~; zRpt!J#m>r^0#&6I#W2TPkY?b zp)_j&XHEDzb{4E{DEbyIDnTu1aZbV+%N)*ENXN8Ns98>3fr)iELDCq;t>Csy_r?df z`cXgCOciSmXfA@DNPtZ`5g^>XJt_yI1K0Y@1*i5-J7Wzdm49Y^jWfqvN) z!yuy5t?wa#xj`%rp86y2vkDe*DAUb2(|Tg>1XM1oGQ-JozcOObJ| zpchMfoQfzTXqL&(-8W_{OyzdGocLmac@djH zdqJB`b5v2qYKA+@f%hQk^+;c-M!JP;J0u9+zAH=t5$6UJ-f_jHmkwRqiQhI z4!}4c*T&S*Dg2oY{B1W(6bYX-o(V3&!C5pw;yoA8(Ao`Q^|G3Y(=5NZ(I8E|tyFJE zNwTB@NyrH^5x-LIiid8)#$BvgFGEPP@I9*#*O_j#T6Yhz`mM2?p68ZfZ@}HZ6%StQ z@*s#ieI;5L_sD~lE2|+@&G9qpqTdmQ=qzb`Wtiae4=|JMuzQ~DY1xkY{P2Fu#;PYpk-9cFQ^J$k&?V$v_RVS#y$YHlsr%^5WvodnZY0Z zhz6CFJXIS1_RGheqFv5pc+-(RaR`Q~*#EQa%c1+}4wjduI8AS<`8GC< zgIFhUL4h%vGBzQj2wJY0rL>T0IkD(bC>p}GT^Dl*4gTE49^#MYI!(yj=&cJEb%R}V zcufnYuqH~v!V!k`dsvJIDSW{UZopONKv@00w9@wwR#!e)6TJHcW}p<{)R~2|8V7=M z_Y2`aPoGf}5b6rfQbZfn&$+@Ng=-K`m{~+<2|0T}sQJgd=bd9rlnA}ngJCkZSK9O4 z_tEF*#@KLr75&piRsTRG$E&1|N?u$K{auPNRDAp-_IRA|^R`ixRm{!EKY`+t^tlT( zHyrkm$+DSov!d!CNw@;qd(I`e(;DLIf@M)VW}0J%V#*bw;;?p@vK5g z;8K=DjYq0LfD7#b?Q{d6hW_Dret=R#qz#a;ok-a3mSKN^tjfTJ#VCk7(tVD=z{RRC z-_-4>n&x)`a19=w0@!vWc8()oHjD9JS9K;}WETCR28$d0aUVZ`hZ4Wi0TtMN%nvRf z1-m~0f{3V}yHo$6z!k`8R!5YKcEZbiC}bvd=6_#gdFJe!RLoO5e@z~ zDB>#<-m@zh36g;$ySfJ(JCge}WUkI@)3`jxu(0r{$|o9ca0 zm)<9KrEBjWfZvqVdpz;=#NWq6RQliSFJAVqOk!_czNrF6)3CRPdvP3la-z4|xo8{^AIbNUsXXMEMoY7tK@E#)T?CH>Ti*! zsb|18!S$KI_`3WPSg^VjmK(8)t-tX3ItY*Ob!2(&GWQ(R+OcFG@)-d`B-%TeyQ0Xh zQzrKp-5JUs5L~n>y-f_m!D(reFM`q-H7MRm78tcd<68BaT|9ie5^v(D`EEkujr2lA5798{{i;6n}X?ol|4RP>FNJxk3AWoW=YL# zN`LhIbzHQp6fUAW`YVx_%T;obO3qhF#fopyAHh5SXZ+jqm7R$Dw?-8wD!;CJ{eRFN zzcAagUH@zB@#g!yKK(y?EJLP!TWTdwe|#)1Pbuwj&+Q^l0hN6Hx%}FxlC)*tB2Ovo z@$_Zd9$z+jANKg^rQgFIUzNfhryZ&7vHNJelRn!DOa094#vcDB(H_?wv=4jyug?@d z0HoOCWyW#PY1}?L!}8~=`1=!Z->{fSMfw(~WlD}t5z5+59|IvwhMhRo=@j#OJLk|_ z0i50UFeHrQX5)3Jq$OB?5no4F^q0t67=`)AxK)G7O8)=z2s7$$)Ae(9n(;EuPA_5G zh=8>q4I$+>Aw3ZoLVPWZ-$SE&7<(pooNZ<>+ZW22xt-T(+=Nmm9CJkX(k>iI#yRtV^M^UQ4#@*VGW3c zx{obYAz3U*l(6C)wIG3u2sWXA2r*pG2&51Q$FAM|ASs06j{0k>k(1Lx4M9)?~I;2G9VXK;YfgU7%-`(;zw*oPqrd0kcQ@{^$@^vF@M{dWonj_ zlMoHbI`9^9NY1XCv5maNYe#{LDRXj+zK&JGoLIbsB}_ZtvvAX>)embk^(mlg`dfjA z+2f7u7^ZEvNC!C)6OU?hk`aA3HAh!_vp6`hMISnf6Y~)&%fs3r&UQ=G5g{SfWuUa! zT_U}~^d>uxXs!gMM{`z`XIBCm@J$}Sae5uYyuwDK#s(GvrNRd8OC7_2c65aimf)gS z1$8bQ;Yo2=HopzjA(`WLu(6O#y16PEN@vSqsnhM^eT z!%5<3cTg8lxH;2srsn(n2Jo_1{Kmcg6TwyPYe36aKrVD#93Rkc`uvdd5X*voYZiXd zTa%&R=JPk^7c6}k;h39@#<#Oh{khBpA0vs`E{(}xbIe+pWo=Fh+gY(`UMSd{vCQe+ zsLZ{25#h73CSOH_Q%wy&DRp>L!>6&VZ)zAUy@f66=rAN&Nwt#J9yKzOWsC9Fyl-d2o^SMBwiB{p; zR&+_W@YAcxgvgUzKH0h1YV8Ec-=^kmK}SOA?+&y3Hcw?FzKMJka^~kD8P14&D~m+c zp;pe|Wea&E)Dpf`>;Pe>w35>yt=Vqxw-rmur6P^T^E;z=?RynK^F-~JVMS;m&Sj;Z zw(s2lAuV@$rj-?L4YVLzue%NdA-%e$Z&X(i?g^39?S?^aT?R8H>O9g2m9 z(GPrvWB4bU;=pc`RDkI=)L6vTG|=#nOZT-`6E(aXcc#FV*{2)X9RLk=*Ul;m-}R9B zF3nsE9){8duVG}%?T6dhFZ)*{dI*v-zO3YpV0}KS31Rm@{n5w(Yd;GWy5)r(Wji;O zK^DvVb(E)XwP-l9K}=Z!?lRP`FnN1$W}4w^1urTj{HLUd7L9Hw9~-=lmsl zN-!+@5u(>B**Iggp%sitDG4)6-WxVD=iQm*W%HDm0h1ys941AiR39V&ld^EUI2}(S zp-D-suLFxoHpB)Y41rnv;3BmajXb9sRdkGF)lf7aM90n<_tHsJFJ^@w6q^(H_&Iaj z*+BhLVGpQ{1!X=M9D^dXr=&`zo0agL(h9L-VG*n-rcmHQWa85__wTo=wpd;4^}TrQ z1b#KP%LLA`;^Qh=kB!A=?x}whjk@Tsk{qjk%~!vkTMRWj&pT;aIg|)K!A6{d-r#@e z>}<=n@^JD>F6NGMqnl&}%>qCXT-@_2%f{Q%%;4gUUMHvxta#uPkp9{#@o-MAEf26_k`8Y=6=B>|bZoQGHNU=4C6 z^+}`-od$Hhcn!~nvYNeN{GL1+Pv#v>{uy5U-jo%vXL$gE6-Uf9Jg+o}@PxW?8L96ko`$4q_){#Ys@08sBz^lxlDK^oe?cz5h-@om7uEW&;G)3g zH$9p*D19nUbm7AYR(4e#=>AA}VMX9X7P!#P zT0c>p!uls_uxOxr8RT|l;PFZG(wg~XW#CbrwFC3{DVB0H@P!lD{r+5*n1uIO2l2`^ z6w|EblH|O|B$_jo@1j}Lkl0x_=$1}bEnUiYPGItcQhWk2qfjiM?LsCSM377_Gw$bW z|03Y#iCV@+f)TW31-J@)VBhQ0>^^rv0U}b{_av!HY41$8$C1iU00*d#+fG&==VE^V zdtZcQ@N9AVb9UC7wbRL5tU^>fFdh$91dh1z(KIMd z!#WtnR*{RQAdYesh& z_-;~d1FTDZU2v667)x(C!5G>S;W(4*J%cEq&>Bf?`e4DCi=6NLV%8KB;z zLB&$PbE~2RwblbwGKu&cml~f}5Z-S`V^f1cBcRk61c0M_X#Dh5f$adm)=^7J3l5tI z*dr<6xh^$4mwWIG_TdkRP9Q5k5}fA#AL`x(Jc=S~1I|DOBM^HKq5)+cG-_B;gMuak zGJzl+3=&pcqoPJdjEb6-1ft6&I0Qt3|+U#ZtC>W_~1flqMQv1ftXV?eBN%>3)2BY=?-91YIhf#Bb{7Nw+saXUL zlA>WL=bgw_74Kjqlz+t^K*;g`q_^r-zIc;k|8%cnZZ54#h>j;ZkKXGOKIVM32j5fN zVW6gxd+gtr32FxcwOC&*i>1KMs2$B;kt1S-xOzmg1-|#O+VHnv;{>#aJ`TD`A2(_( z!I1m}-LLh~z0}23uoheeYv8K0^90dq0U3ze`#q*`%OP$+kO39oM*rB|<;EFh0XGwD zD_&vuQn;P+AK=CWHFB;*aJy9Fc78H$L^BD$N&l<>Kf1CP((Es*@ z`_$iznGvEK{uZpA02+Ya;Iz`IQ&e-H^+g_9i>4BtB~%w$3)M3jzbl8J2kkYFE9z#G zx*)M6y9pzl@T1;%0i+FqwB`!CajAg)*%Kh`xtg?C#saaKq)AIl(VCvLUtnEJeLI1$ zo0Jo5y#ki1J|VOd*pew$) zxBFnf#sc2#*7~G~@QOa^=YhACKH2<~0yC3bH$4hv))FD#{KvudIj%x^oC@U;PhV?I zzyB+FY+R%u1KE=0@qZQzWE}|EKIs4d9eqllZG%3SDJZHR`=j)szX3MTcR}BPEIa-N z_$6);7P7kXg-)b(u1K2n4UshI8-AsnVgtmCp;IK3M>%a{LYPiuUMl z{IBdK<-b_uf7Nqsua{OCT(lQHuX4s&+rGa9vT z@)h_9xo|e1^%9;usiv(ZJaa$TQ=Inqiv)y4fc_6G;aR1=VoYvdmhjx!q_TNMtUcDo zjCf-_?MfA;f-RTu#4gk?oFzO9Mz@Om9C?vb#=C?^^(cFRTY)U$d2F4;4{muzMB#}? z&|^Bt*hzVpMy&+Y;A(J-nk4&c%={O}>{PrjUO*T2jcrk_+4&Ng-zpz>`A$G-}aH$s~pR6LE*!34;#r zIfA&m6!Hr7u?XU?mDhVG3tFU*kC2j13i(NGrH~)-0)@`;7_@T+eOUsJq12N_9z9 z9*|$)kn*h*j^42a%%9^?>rsaUy_FVq#u0kdF`t#;jcoqN5e2MLuKoFE$_RwmOVF{n zGzGkaNp-ftb*9tRBn}s+uNJTfb{N}C+gCp+)SdMJsC%GroJT~Ex+m}#sQXu3U1H!S zL679jNNxFL8F|~CMt{TfVXpdz_|0~^x1>Ww-;_(mLWjgKx!|{{`5oE=zgy#5*@yHd zu3YJ+@C0+QSBE$Q4n}r|q}D25Cskh)s_vPdm52xF`tzOog^q)&MqI1JC+Hy@nr?@s z3MWrYhe^7j`F7AP)ffNBzT*wSx%vq&&Xo@niu*mhQ4t{a79 zc>uEyQUEkRo&>Kz_&U;t4MqQfK9lYTE8)u@LA3H;gq zl$O3J-O*?obscKyfeA~5yQ4gj{oFMED8LUW)^h>F-*62FI~9U1pyM= zPW$1PREkY7z8-qu9sK`>T|N(L@yg^5kqjSAnp@G<5Sc zdw@w&U?N;eQgc1m3r%^O#Pky8=X*eyTfFip_D4c6N&Y$@g)yU3W##)=*HjpQ2GzD& z6BYn@`k^_5k+JYL7r#<-&Ai6SUTibyt~cYF-hln)84yv3G#0N`E^zZVRM3|{Wui*Q zfQtd6#QNLh-{qhWTmi;0RP4mxxfiE6lu;}unE(!l#B3b(XZq~BnM;9ZL1L9nR_D;H zLEIQ82goqKlHMeF0d9z7#oZv-3{U^1{9MtpeTfjM)}>8p9ksfxAG(Lu(XhCq3@6CA%6t)VI;y%+-8rz`?0!3HdT%>7KhqH7P}D!2#gM&t5}mWGpFHWr?ULd z95NC>v;RRg1w}P|IFmyVF7|^+<;0)c?RRf?@qUNJuPOHZN#Bv0rW&K^8NsA>?`kgc zw42WFFWk-dSs>O6tQ|Oie&EQI*nXs=|4z`czV&$QVHQl5A7GV>r!p-Xk{ipv*yivH za&76plxClKn363~$53*ju&I14{}rrzl>Kw=hLwGAKn{s3M|8jfC#cLp& zPP6~nvn5_3zCbYC|K0T-yf|Y_yyWff@Ve!tmUyB2uzv$79j(9Sb|8frJ6F2B`WSWB zseIfsuuup2YE5i0vQVXWTKXE*nKH<*kaL2cLn1KKU?dj>nJ!G5VM5`j@q^9g*9);P zmCmOOZ}DNFc@dJmYS&Hch)o@R`PEIwRlu3kS*75CRDu+&nlbwmS+$!`@+NVy20bc8 z@kIil+R*{2WV&^FixK4SIe-cD?&iOP_@a*(fj$8kpO8X2`J!o*(U58%P<5Ug-*U$d?< z-N7q%1Y5NHr*0Vrf`Ks47bvNP7IpTk)G1RDGcB6&_feRXUspMaK&mVyNNk9?cvt|R zhnKJd0Zcp}hUA8aXHn0TP}P0505Jf7umI)sF2?;h{XIj9u(wzv*=~y_okpylB`6qQ zEV{svNpyiU`|o@BOdWB{1;N%-3hz1~F8dW$le(ZcPTq7zwhh>5Eq1UF%1Oh5&0-Vm zvjO`!^inEjC@JXb_}lPbQjHt7@fhWB{cp^4M5b3m(_k}}2L{CtAF{x@|m26rx9~vn)`4#m!{1-@z|HpqRYos(EAKDF=tLJu@ zLDp^(zVcWIym4}=X_320_KM12!#7aIYHJMV-sTPd;s=WkCbhiaM;;-O}Im2HBH1l)wPjqWG6AbGvK(iyY0Yp7+KsAZfJC=?Z9 zT|ws}Q4G*#+$jOYjPR*`)F-Kj1wJY|Xqj(B&h=Iz7CdFB+zq-7s$NHxj>P`GMR~|L z=0QM3+_v`{@CR7#=Nkwm^AMi`Onw@>oplOvgf4)xBX&t0Y|P0fAeR4=Pqcy=6KbVk zgpklK=}jXfTtj+oRPhgR`f^81)3WT{T@O>_c6n_WD<<&sh97*a)LWo!O#Y zZ>XzWX5l(e2Pxu^n{2r{3pVDtOBA*e+8HaGa9JT6S4u(a90(<{-S0t%GZt6)nnTsQ zAW5C2k{WGMiWv0U?lY{ltONO_o3!Y3KXo^vQwlkNVS3pV!&FYT&E9&NM|?oKQm2*pOG=1lyP&7pE7~e7 zBXo1d&fkHSF;@&P#1@=QVy4VQN8X5iOF4E34y3B_RqTe{J-iAJ;dX`E52Nn6?^k@s zWc}NCWBJE@q^Y-QU@Pj)R>{ypz$wE?K&&o6I}Ung#ADshLjg_16F|hq>6(Z@fZB`+ z{{U06tF4~j&8NXv+ik@<5fbheWBG5Auh=E$4fE1eL*g*c>UkLo#vf`;-AniIS!|Rr zkG~c0Ae4(}#3j#A+&MbYZ-XgA?%ZDdo%$mUVpoB}PUlx#&z`2x*k*bh` zIV8Y{M(3=;-bgEcy>Q#cLhM3U*bAAZ>PYPoRzG+P6*O{)HrbtyMU{wQf;5c2z;l6y zI_s;658=^!L6Khp2HmLXtY{US#%k}^TRiu<;{PUjGfkVn|&&6xE9 zd9Fs2+0QhtM8|CTX>q-tXN9pH;$Q2p8CA9M8rij3#1D zmrgT*j#-(Uynm-jH`^HAMv&Zw)+% zLeJu!p=K{pF^X&Ns!gKv-Z5rnK!Dt(mwb>9apM}zYJ5)S6P`jV^#sK<5L|^2UwDB` zOITJkTi|QY4g|^5frGr&lm9^^g;!+jr}U>#_f4piFv|;6LQqW~%n0Pd@*gQCh7Kc~ zhX5o!#XeoPwweV=E|=?$sI#hAfX3X)82J$y12+allO`Z$kQ2uM)6Ew70I)$jFvt@& z%B38ZYh9>?%<})faW{-+ZwI3(XAtF}y?P)SjQ~s$K=LqJ*W&aT1w7dVUK4M2PSPVb z4V*M2C_rRBl_6zhA5*IZ3wo4GG9*iTWa3V^4!nG$Zm774sp`{`A9r5Rb=B`Qzfj z#>sKE7wZjbacqs=m$S zM6Ke*t1J_nubyXD*y9IPr&PY>ywz5yqN7-#*mWqTKDY*Vk*!BI@#Frur=ME0hROtk zo>|}Frm*)K=#B0ij1iHMuGuW=wT6~xEgly6)|lLTT0COjJdY2R%>~02poD3q_VB14 z8rM^w2g97;EU=Jb5J7ZtN41EoNdzCFXa8q9rAsCobb-9pl@s{{rcyWK)W^UBMHeap z=G(sbT9wy=4lVY=S@P)&Fdd)5S&;8+pRIPcG+_>x5{Vfr>v6%kf2moxLZZA-OKSp* zG->=@L7T%S(Jrh=?0hhv%D9dnyONha?tMz0?u{yb0IdXtM8$S;E^&C9hbkGH>?6b6kQ#|HZyUX}j)8@$hD-%k}CqQC%je z%cbgafx4WnE?cYN1nz|6*w*}#F|(Gfx1L{6(|`!MMoW+ku%-g*gpx>M`Ik;qqYyPq zz|Ld8dw5)AK^U4toQlcr5(b3zd;_N*Lm~utC2ooH${tE!F90( zjmFP&vdw5A((vDy+y~ypKK7hFN zpou*`7mJxbr{zMI0J@;3D==32?0-;J*zw_Y$n1!nagdUgAn6C%=t)XQ#p&o{X9lC` z;XDbtbT%VH16<{L8bpJIb5+f3b?eErfMc_YVpOY!G6$(U3}s|a6tu@I zV6l%8k$NzFSqT4(5AR4bYQ}<6xNC3J{EalT{7tV910;x|UvsQG)|O5qcp^-Zeo(Fu zyOj8V2c8JmZzsDEuA>m)T2)R~Qkc>oyqPYE4CD&vH99?6aJKySN=dS*@Fdl0PJ9ia z&~4C#Io^FUXBp5-iDBK8vcHFs$Uv}1&8CXZ3`YRnSWmoFcK3grM;+A%nU#hVS(e6H zegXeMwCswwSlspUN)fA~qYx^#4n!v*t)0C1V=5PJlBIXwN%^dsh3#2!Ee?5A` z4z(~(tJN0$;a?mLCe0_3SdxNQD~C!zAWE^XYI_E^B{$3RKek#^Ab5<20w(!dE>W-a zRsDqmm+(TKh+3lJSFtdOuDckxR#54`3tfoK zIIMv_lN*tI&cPN6mU9ky)_VLZM1qo@*z46$7~bCAsJ$KE2u|2Jpj+Db{24p8R2#L| z<0(ckW768?SMRWl+JX4}0$7fs{ns5KDckFDF^yN&6>-z=Yfw3C{|DH80I}{g%-`Yx zlP70<(H^RG{EVF`Y1qNWcx4U8BH=t1$Juh&l;D8<3Nfuy`vVkc^>)827gJYix%m00 zHss=-zOCf~P$Hpc2Htq&;;hSExi~tyH@V1`!jy|Qj&DmYo_60vtGA~bH6tngdsZ5x zb!9J*xHCz-eM@y^H{hPuu6q0I%8oA}yrZH>kso6BfDkMlUn^XRuZes*zTvyH@K^iA zj-ZhNKU<66e$tDR#P84(z2a9pgJGCG!w7@F-wI9jX-Bp}^&@jyQyr2Gs&~R057pO} zxm15TvNx(fB!x-!vyN+v>I2+2QQG*j*fPdQ_JR_62&kn!a5-*QPij_(-7jYsDvb?b zO_qQEf4&&$ zQ`F@lb?Kun{U^e57dI(E2@t(BoVtp`N^#!d@~MWg_|PuZJFBn#o+*DRDlG^36whIb+s z|2qmZR-`J&;S@6gYTxGgeg%=vHx^-vC+{=El9MZ-$V(a6Ar9Dyq;oF1X*KQ*>jwO5 zHm@qOM*9l$mQQ=F07VNJ&E;#%99{bYVdETUQk+7?nule(p-k;L=N4JTKv+ZRz=o(1 zt8*YI0OQbxj1x+A>{B|viXX~q4~d|{f&}c+!j(SH65gd&y#{X7hbqglfuzwu0unu$+*uQ4k!yAOPxVUcf#^?ofs{5vK?_rve} zmnjow^NL}4-x;%iWBcLPKF;6v3BLP1e@62cxpT0i|3s=+oUinX?wwnLZtv8g9>h=T zSrI4x(!}RY$;;eB%<`RXrOcGW&w@75<^f)*5zU9gT&T zxtWjkv>rqY$B51HPnFu(m!sm)CC01%CV_W>7u3iK#^ zin(3!l;SfV_2;ijt;QwA8saOuWOX5fj0d7QO!gHa&KTKQ)cYOoLgb!PxBYZ_CYQit zSZB<#WllrIA)PQ9Cv;dNP{v>q6J~|I*A-$@uZAt{^bTA_y*?`PEib}6%bXb~Xp$i8 zc7-Uy4i~VWo38>aQ0;o&38U;V<(EAKn5Y0U`u`2CVn7e50*1u}z<&$_fdqnbZ(Rsd zFak#*%8%^K=h8QbZ5IBGeSz^2aE(ode4^=MxPg~FPgMXxK!=-;GGu8QIT)a;hX4fv zmi7r*3_HtMUsM8D2Z{~^@u9(r0nHflCN_`u-tu4jq89v^&cH;CyA%8yv-cwSm!p73 z@Yj{@Rq(gX*k{47k=iKuw}{8qw%}juc`t$wh0w#8^9$x1@?VC7n-cqmQxBH^x@8*i zt%vTh$KQPPUJx%w0T1FEFWf8QyQ=pY@u<{B#P1TPscpos^SoC*-tyn}g2u7)o^kxo zQG3C0HVSxf{N;kZ;@D%~aeP#2BaY9DYt%N5w|U+RjxZIk!c=shY`{cpQzjy|0kadZ z8u#Z{?@}+c?TEdK7sLAgI;<}aqU8*R<*!((2^85^xpYw&%G`_6n zOFcVFx1lQDp(wJUDDpKeU=?JXzRXy<5Cn_+U|SiGM$SHN#RDjbZaxGdSdC$EJxUSQ zU%C%w$b-w^h<`jit)Q;ksm%@X`30!er0=i*Z=o_i7l$1FmI|D}Lnfd|{ul@A`zX>A^%3`Xf+jH6bRIS~eNmAJxNwo3oaFk~In#Z#3p!iyw`tryd(w z{c1J79M*ST{);AVVjsXy85a4y0PB^;jLchUSW!GJLIb4faAWbnqu@?g<9_Oah0QC6 z<^4X*pP$z}_03_C@8heABK;K9q)@;8aHh=O5Vg5gPF^YUTXQr!9mPnuWNHcx#4oFD#-R!FaO^C+Zx6rr}0 zejsCn3lB?HNNgi1+V|giT<_io1x|XfK_KHdO_A;3JGqz8&n`&4mA!@W$QtaLhY-jCDMscBeotQUGh-Po+5pxl0obr=AB zQGp`^&Ys0ILm2?%I^9Sz3bb{mm( zRGEuB0oD|#>(&8Zb1;s}1PtpTz!msE6?7eosHQA*PqUv!Gh{#jrOK^hrspISAoMd? znZz5M2%zDRq%a2tAW#u|2cwRsnN#DgGr4fedmleKn+wR z^aZcsg7*Mj@?RAf+~C*)Xx;?aoP-?;z*70$$I%xYac${IEeG;5%gWIg6GWhZ1uGx| z{19Y8m)4pe9kLG3T1#du3n&&?XZ!N4DOo;Dvefj141%l$B5^Inkji2lM79{>SV2=z zI;`)1^IwM0Opkr50(&`6YPIlaV2^6SJY+9w;b;`_sD+!(+^br6zG9!%!VsyAYN1%% zskYTZj^}*~9}*HE>5d`+_Q|6>T_H$2E_o0bK1xnGG#J$t|ESGmhMo5<)t2R-^Nj9z zElny1v=?Qx60st5D2QuolNuWYx4tm4J(frJKC&Wq|28D5jG8TuQPl2@TD&AssZjUU0L-=ic{sG^pZ+9HY?|Z)N$ODdT*(k64O8-zIx;I0&3J}*h(!kB_p|fz_;6HbBzEKEkD&@SvG!Ia@p6+3#pK;JU=qsK#Sj*uB zC$ZFdgSFs@OK{IO_Mr;YBMB;!kv!`;q`wcrcYv>qI<=HKwUo7#M;gXA*zK{&&G>B% zsYn9myf2noT)5?KTrx^|Vf^5Cu+Hp_yfyDBG*)UyuKb(15idFQ%MI!|8|*V~c$MYh zQq5Y-8@N2xB#$+=BTN9&u*_y8__$l=gg?gu?A3|z?HiLzWr)O;RHQ!!6&qt zz=v@4KyEdMg;rsLFp#s$51_%DLVLr!GHK003VvQO{Vg+A1gi7%5D})2=Qwqy)vqgC zL^+jjZszSWW@Ura3=3DuubKRXj{$%xGr~$mDnBO?bb`MNnB5S;`ciW5$dt`UU>cON z*{Hc&+Vj7%nT$(+N-j)a#84}IDC))rJzWSrDD#FKErh1xU9szaK}TPH-=>1P)HH6= z9{G`HQygW4KWBZ`weXS$rs3r8@u(0df1k}uUgNc^Vhw!nP}~`c15~u(U?kt>WfbzOwgp}xC9b^Y3zT-WwS{C05Zx5rv@2`;vdvsZviuXk2l z%5{V7Aud_hDJRG1dE7ike)vw00(7hgDqLkNP zphN_aEg58LDFovGN9Q|yIYW^BR9!xli+BvnaK4MAo47>Nuji*~ z!~LW2pwWMSC%xgmf(;XUhLqR(!`_&#H{9PGU^VD#mOn!pg$}S^?6=yInY};*y*TJZfs=_CQ#Q?-(bjuPClUWc5ZQXvj@f`{!RKj z;0qGIOu~owADw4njFxiPNSgh`&X1*afXLRv-fgAky6*s#*Xk_(8{Fty*=$mK#>@wm zyrAw0s0?jFcZzD{9#UumVK_575%&YkydNsg=(`5T;1nntoeA*HLlJH&wRU%#O0}AL zw?|!@w5gPd!M+X#G8uu2-0mYq#D^9*06;uy|2i6k%m*Qp;h$98l3r?G!;m5z_?aC| z0r~8i%M{CmXu?ZioJ^vL7YNH{qow%W2YwP>ixMRk3{HNr>2_A;~aUdFYEUTPfJK0UJe< zZGu@8jdA=_y>oxeg2z9v-hu1#__KD;snj}c)AKS^*0PUM4oDtAZ?gI{`)GD4K?Xlf z!HA8cnARB}N}!J&n(QR?ORC>%rl>AJ4J>U`< zz#$`e--0B&{UpZ$FBvL3ZHgF^2hM<`OlhGqTj+=132zIXsYzZ!GS)VtfMhb^3`)j} zALR#78zJPQbX9@jsbjHkmrvj47g(oZ;<2gw>d(mzLnN?*BDYC#`{&p@A6`jc5yGf5gO+G?0u&X$o9dT2*=j?&bV>BL>K z$qetDJ~cS;8q?}O?yx)1#Si@pI?`K!L>&{T_Lali)9|+MruY^!LUSZ|q8HoE`vXt- zF_a*|Gb9bgA7%}LnyR5ih4vlS32O6;fZ8#xs*qkuYKe$@^V7OBKMi0^Kg|X5OVpX1 zsir#hZoen$$ZrcyJn9v8l2FaB6<<@4vP}Qc@#dp;^r-zJN8{;4Fu`lTe*xlB@ zPx*7=A3dh@3;HjU(V?%4Sz)OeNrirKwyLr308QA}xXVgyh@b4H(8Uvf@hS>%7%XsC z{MY_!)HG2zlNI9R=Y3zTqQz8<1q zhx|HXsCp1PBl;$WraIEkZ3H402BJMDrE&xA;h6gbZ!kEoeT%${Oh)Mov8W3VWQ{Va z)V-Yn{e0{U$jY7WPQ8c9QRPsyetID4KMd8vE58scu22Z;tndS>53jk;F1+&twu*Od z@Pc(%QUCw6moKn;5!PuXn5RU>k%Sd3Y^=#E}7<5I;`iLR3SPx?E1i zh^uFJlF~BA%a|&<&1Tg(Agh!ue@m zIvgODLQN#(!z##XQu}etU=U}NFsqupwe%Gu>;?RdX_onNRfAqA_x)w#Ijlm% z$+P4tCTG+n%{1__*{E$t(WAV$RK*gOX@|?k7uy+rsogXUyEUC!6dj&Zbj^axX?N!*9B4aE@l3D@~l9X7&b~d08tVDYN$ng*be5 z+oxv3E}Sy^BOl5+&8PvY>~xTIO+^>(d;^ai`J0jY*jlU`XdHUDFCJs}DppaqNI#`6 z>_>NTPhCEDXZjG8i%G^VGzKJSwd?_CEEy6UKPbJUQBy>+V}Hpx`5+<&Oc}qZ4T_nc zo5q>PX!`QzdpT~0)l7f%)R8EL1vcr&o&<5y%rQki?oq`c%|kL{XRun3t4gQ}X~X_k z0-IuI>^R{z%>sKX;;B+GJMDjeR{)g9?=mBYYP{Z&hguqeNL6eW*H1)#jBztNJLezb z*7R1F&MPQ)(U{u^Ox`OCffg3T;g}KCxt|^;XtGsGE^&@XeR2svm_rD2p|$=r zVZ@V=MT*?NV6W~32>AAQ#54UJUiQQc)MHkldrRrwIAr4Tkpro0Xa$)Mzf1Lk*W zhA?0rjREuP6N@om_Q`TFVFOnOr#v{4HGYD`^5iQh?)X*| zj0{AX_}-dskX1cWK_w_JmQ#kP{0Ps`7`6W%zO*X@8#_G&`f~Y$L*EwoJ*@gG^vMJ$ z4fyZnZs47!=WMY>Y#(ivf)*Y&Tj`r;GByqMZWU2wQq8>FsMHL4w#4^{AYg?>(jp+6 zsRzu6V==At;3>>5U}?0GDbr}E51-Mwz#~o=NV7S-vHy9A+Ey1Gl4PYlj7o=a8bHV9 zb_In&Dr*rpC=)zzObesu@CEK%3GMh}wfvg#|U8G)j-wva8t$ZU) zNN$Zp09!?apXfyg^h>du{L1{JYMOuej#&AtCx@`feDrVluK$T=K=bGQRGD9ay;WpC z0cUlDvtfs`dj^>lURed}+m3RGc&<{Zz>%S-hGl3oCBAf@Ye}#BlD#-1!izh%;cP6W zJpst1ZguY^pgHCf2K=$U1#)c#y|)zZS&DzuJB!pUfO1;33kE@u2YVES7U(2-p2YJa zL#=#S5Qdv-kVhQqBg8H|a(p#-mnrs`)Fd8BpMwOVySYAU!$6E>5+{!;0Fv4_W?n~; zX%%yZYKCBOz#8wuNCj4@HGGkZkj^%9|DPnx6U2AM;=WjK6vBF=$vBr_N1*aOfckN* z_8``O>+v8C0m#wx>TTjd90x;x<6z}MpudDjJUrTREIm{95kUrc=qv>ML;|XYuaPt;~=%&d9X(9&TIJ#9JmH};W|{{vVV2qsxE2;*NA<9 zt57~8TzwL7DW?D!nt~y2isi<|%sy-YgyahNK#sO+F}^isK2F*s?T>;{ZqASQy60O% zXXD%m40A8Jg65#ne;{7^>`RZ{+HB8{eS!0>M`31XQg=v;LKisPhMON*ht|*>MU0_+7-T&uLa452U z#wkE3&!fKIG@+*;&nU_(+Jzs1xwi9Th$k2G11G;O%88j z>kpIJa6b&K&v;dewp$|w4}K9LCSo^S-ir(?`)F=Q(^-I2!WjxRXf@u?TSR^Q74U1}(N z3vMR9MJD+X@hyq+@UJHgZK+$-{LG1j0pG(Iyt$v(7_iD5!jwxrrux6V{bcB|N8KqI zM7EBIzv94{+}=fK4-N=J#qbTF##DQw*=R@6y}{(OpjlFUlwa<@8XhJofB|{s3}{1`=cT0hM=>`2R`}A9u;}Pz3lOXA|Hm z0Y0>%LJ=5RBd}g6J-ZwLVC!Ra7VP{qpmG^oe?F=8 zmhGQ~_R$XgW3->`w2xV4;g2LJhlEXII<}O-0Pz=DEhafi2#9jC?XUX*klP3dHpUuI z`7{Apr~paE|IhUY8>);DW|Av=>ksDPFj=-q!6f<_GoNS!UT%sd zkxQPrWYku(nCIN3Ys}~fQ14s_Q#t;x!W8+Z6(`B;c^_lRh@i2gBsf0rjmkr?pYq|x z;t_}Eu2xy;9uSd~`W^oN#+0xQ6*QzEU=R3;LwAWqkZ^<|zM$`#_`~>rzWvq-Kr7dS zRsx?yd~zK}No~g`=L^o*Znt(G3nEgcjn7=e}hPZNY%} z5Wi=nli!*xzr)@}l?O(6%+azL`yHs+?;a1?@7!X@<&l2~DJd`@ zKVZx(?*$sp_;xF$H?lCx=GD?yNOOR)BhA)i@zfEeamvqDGiM@EkQ}|q9XfgiC6U^g zb9T1``GK<@593H_WS-9P$Ko>ityPtMNOxpefzqge)aN*U3KCDT7^E3tw_VNXc{AT9 zb6n2(-!1MGPYO4T^XK#)IIlnRs@NI=ZxYZ^l!qN*YZ&R?e3gcfL;NiTFu6hi+I5GhEYpd6J$3M#-+ z*8cHVHPjPb3rPhe&D|9wY5WuqW}Z$!@D=NlEFkRsv=$>0s1lzs^C-ME7U%m0VkeQc zIKyQiHZNQ%XSuk@_>9@-;)!GqHTrzQ9t5uxC#GSH0amTU5nB$cLUjX?@A`L;?$#{E z6tGEF52n^~%}Y_VgUKDT2D3bG?iU_w;yX-{eREUQ!Y3srg;=gaf(TYXM%7yYXz)Wp zG8*)or)Yyf{oLy_&;q~|5`uMX9gA48n;i1+20{S9O#vuBz@2GkeTcEM+;k9#^oNi> zp|)=;`J&gGl4(n^h=l+tVKGa{QfW%GF8~op#UcU-sY3#NULlfzpGSyJ)2H!BX%V7{ zkXi`Qi)%uA6Qazee_DwC^K&a9dJ@~4xa1Z&*`fuUI2wyhAC~CU-WgyiEsxycY<3== zETfag{-wwPNyjHtPeg0{suaJkF@%HtK%&+10#hNNkZ1*Z5%!#}t#dFa*e|Cmn55(& z=uqsW@_|gB&sI&y!b3*_J~HNBDlZiy8&eNxkGwtT6)ZMv>I6|pJ;=1WiHr(-c^?_G zEIc=P^EGD2IBTOYa75q-GXeza?wvwau`w^@Jfe7z__9+)- zg)<~TDr50Pu;*>VviMQMSE**SGxS;V>O) z8%oGalhHr4qDei)BEcP)inFMVE&uzk5gKwws}*56ekfBxQ9EH@ph=htt-?`H&|bB* zB_uTm2qf^AA=hw~(UQ`nNV?#*!?495##ov^$A|PdEa^MF4oeQj*YbbRoxw;7BY?;O zMe$3fn=pB4XUN*c0=ku0k|1r10|@0WUuRTYqaBwkKTt$R^ZKRuF5Ny)_%8Cj_%729 z{^P!j`WijhE*2lj^P~NzK3dRU_p=X)6WuAlkbIU=0Sg)YU*oJt;eTq%B7l> zzHzdih7;WIPrzQhk)EAoGD807+hoVeF?Bx>n;!oKcnnOf?6?&6A|)2WQ)6*GW#6v; zyKmT{Wb$vhRDk%0nI*34oY6^+`lPUura{sa0Ax~XgP`tZ-*~ADzazzt z9_XQIu9v19E5e2TW`d^a=j%N*m6sxkH-4I+seCUq{khv8r>XjyG;RDinWp~N8bZKi zkJ|e1MG8D~yg4&KIZXa97<=lT(%0E5ME9H4YQ~$CIFCSXy zhV20lN3y*fS)@2pa;4_TsC6EW$V=f!)5i&p$oImLi@W}Dj;OE6k$#(!IIUY3z3ahTUJB;B zHYG5Z?*;R+1OGVY>T6JSTu`b;sEX7`GY*5tbTc)Xz{f>tk@=~br?#2W)`_5eOD;)pnb=Co`FAmR zK^dw@qtr#)!v1HUE_GFKKu-HW|4C@0zedL;M6sY$seZsP9GP4tMsf{EcPMwN!u~Dqk)hX$}KR{0l zlotDT6d4U7ttN(e3V7+>ZRn^ZBb&~ZDcCbY3If(E$vAktmW%`5@<@if6vB4zGP9DjVl4l*kQ6q+O@)^eb!W^sHVdD0K za%dc~WXG@~gnW?KS_J8Q@Uz&-KT;H10zc0Y%}=h@yhkJ))rrF_IXx83MekCMWc_l5 z5=|iinrIS6YItFJDd;hiQ(z%I|0!pn@%5Mj~bR}N<^0JVM8yX zCDq|usm|#Rs~9=O%QUtnvaRsN;V0Ao>i7bUsqIsFgcg=A^8{Q?1Py+yj#XGaH(f;v zsDZo!uY#0-H>Nv0d(^+zDt{22RKSxC&lN2S0?vJ9+#(g}*&q>j;IG9T&Rvk91^axd z$Q|*D<_I?+I}b-5;w-q0vFYC{#F~g0Q^+}*al1;QXZfG`S?OBUvy`>=4?kE9Y?QTT zmWv(VPjxQTQj-;uS|#sJrxIEj%P!WP>*+O~&Q&L{(+5BIy+r4d@1=9C?D)q!m-?EW z>vnO3+|Ko9jnKz~y+$ZRkg*4J=RFvqk(wGNsga|pQA}yQQ@+kvc#)>YL#sX1ke8xr ziqRu%7VrPZsiD3mHR{AU`d?F{IOL^9zM@7-r#(<(a0ib`F7;C5CPj_=N;NfZ zTjimKycBAjx-LNt`Ch28AnlJ+Lw!wZTra+mOAYWT2*`?X-9QMTB{O-o(tBOOp38ZQ zM2{64I0ZfS=Qmv&sLd*Cq47~YOV`4XCTmAWX6>=X-%y9$s?}rqE0^mgpm&sV7z5>i z9|8hZzc#xxV>1#>x@MPaEfY-=gxE1?!o|kQI8T~z=MY5$%LtHI94A%ER3sY3d)Rg!-D4xbaQ4<51#H56}9v z_iDd>MA`DU>)@4x7UTAOpGW)ECFn3at6IL!n17xo#U0CCQs|c=7ooQj)R6Cm8jrXC z z1Rdl{p~Hji{x}`f*Q7(m>q&I5GEN*v<>hD@<*ACEtbp?BuxdBTtGqoOL8SvlX*B_> z*t1)xv?gL^qj7pC&Z_!SVvozSjJ22Sp^1kYch>~Qe65;@KjymfR{tqdXB#?q)b8qp z&h_ZnrJn;_cRb}^U+v{<7UdLOXA#*Y`j-8O5Ah>tSN~3sX^Zf)OeuGGI^`^FWh^hz zEPdfs4@=8bN5Ay-1WTp7u=JgjKh9G1HCg(AcvNmjroo>Z!Q8 zRH(~U>hgiQyrV9w)n&B0EK`?f)n%c&^jDYT)a4F!$vFTC8drYmO?OVtx0-YTa>Fnf z=p)-zAk%r)Ym(`lw4V3+K`PPt3cT~#v-@H_@6qd#z=8I|u;WhY7IA zVQi#lpTu_mzu$l5oj!Zre`TQ*;h-9V9FiCb_FtLQ8Jugq|B9QR9%PPVCUYDSU8Wg? zai#pDCr}c%J(onYq%^)wE#ILoY8?!>?N?jALw(M>hmzlg8$zb|ru^>fB~E)S`0!*W z;E|M{p2UA+<~;V*7CD zLs^v2*@RAX4zr6AE10p8_^q%vrGX&7x&-miqb4grhDg5KbVEp@jKe~m{iUwP+4V-3 znyg|7Fs~&PWXu2F*x?`nd-3cn*GqsEyX!3aG!z{SH8PQ?kYaDVNZB)>gk?*N#VtC3 zb)@HX8;r7$Mifm$Nug=LUh}ddnBXS30MQ_00@W-7;$+gGrwAZDPZvNKFPf(Tp=et@ z0|E$#Z!RFk2|&P7E}>FP>${F0tIBou2*#moIer|+aG7YSFkBztX7}^)w2(XOA%_h+ zSiIvfz6hu1;FLaYar3x@37yq$x?+S4g9I4XRZs#ptX3TyEc;$`AyQ4K-jxn})XVDB zEl7j}so8NUj+Q@Xhmt^r9V$w(pSe#JhTb5#!cD%)qvSAR>ZP% zo8OA)tgg34wcjuy z2t*Q~;TfU?>M}E<>Bpi3mW%{g>H%F!THu+!C{}Jp>Z;LVG`+nlDO)y-(Iu5MnpH1Q zz_8R0T@Ql~WIlmF3KTBv#Hmi!NICqCBanvAQ{C{LBO=kUT>w-+$WlLu1p234xhzSR z&>I41gOQ9oi9fpIW?mx&T_Id$uM&xVT`6EMr15cQu2Slul*xD<=2q(5mAMRK8)eSX zM8v>;wILyM#_Y3L6{sd3Vy~)MmlAEB@`hcfW|i;<_hCpJ<@`EJ3!Fa0hHsUFT!>Dw z;y-$({mCK+FGzkFDI9P^??7&YAO%?jCGnM(m=ybVWc0R@7^9|;c}h`M6mIHZSl7}m z=OMMVvW^)<+KT$3C(hVaeo;kPiQe!?rHT1gPgfIxV<6pE;^{_IkWu(N&p zo|n|Xj{J;c$El_cm8Gn5+%;ESWYm6%r^b?rspDtty8P;-7IKmQ`?9oHAPsHD{Xakq+j$V;aK!e z5fy8ZJj4!SRMneNfNGkrMn${%Mn#Kox_RDb)6bAp)5x9jX~ULO?6%$|E!s0(Q0UhM z$DVgCigfFOQ(R*i0zJ>xAbtM%VuC(S3vnEba;waYagTig1NuEg3AX&_{*9y7R(4y~ zHrW5O#IbD<4G@e$AmFM7#s6YW(TwX}La$y|d8`=;6E&w%2Q8j!X0jMO6Tb=pJD|BdNi<6yB;*s%`9O2*$_8Q8I8tkSJQQAGBtItSaHf8RP9y zdAMmmqjmuAbV*9grB&sZ8?}exsg{^)FEwgY`E&8a4x#E@6O9^iaq)5GVf^5#i>i*T z%+Q4|x~#IJE_f-nkPJ7aRUU6f+nXbY(x%c9eSLQ5L|qDd>t^=SK^8q4YL&K9jLHWnhj`Bge1Su9=RsjC!aU zu|$ej`RLqQM!(#F7m?N2ea#Wnh*=u#`OGr*j`9*NRrypnQ;f)_f7?Nf7(hJe^dLQ0 z>nOmPX-^;irN9Z9(9)4jH&7-pYrm7S^TZJ&J4!USOL;}hbkHae4fbHOVe??~F#>GV zEZ}GFer{rid2?y?^rt_Bou_4^T9PUt3i9a;L^hfS^RfIy#u{tpA7x1uy;Z$)CHBk^ z_Ng(W>5VTC*E5Tu2{O!8LyOf{nm(_|kpbX^3kjIJ*JR^pjn$LIelqb0Qf z%Lc+k&zWR`Xp(dVr+G*hWXD49q6dw2J%4i9%=m}M)yTX<3+QaKgLpW3H`~IR5ttb)G52omfjY%~132EK>@#)fpW3=l;W4UUy z4mF#5Qln#hX``Z@VHV$^8io0f)FssDn6B_gJ9mxtU%mut>sPAL&RwZS-^PIuG>kmg z0{Ksi6BKkbT6_a%)2XGLlX0j{MYmc0t|J{aN`GGLI2o-7YQEN48)tTtRq`Z%&gWqZ-5gjyo@x9n2F7@r&=E?)1QQl^lGP04o z9SvvF2S}SONT_2lxuRkbDpWhI(N}pu5`gtv0MECqonOVDfvUQx1IK3^<2i$u3bI0c z8aH3&kf+It7RfCt5habyYdrL}>gZG;N)ub+(7^5~FlgG}_6xyQMb^4Sc08MqoR}#^ z)UeZ*BBbVr-XgnnvJaUowF$wWlOkHW!1~SjIChq%Q?(Su?kaM9DeEQyTn~e1tSrY* ztYi0wu2CXsAN)8$0{pbP@-eg}Kjt5EeOZCrV>DjI%5)|6pra&+`fqi)UtO}*rSJC7 zn`2|Qx}gh+V2m@J_@h;jwLuNm*V9nV_;vvsi!98V&nw~=yz0R^rNzKtozh2w3v01q z1M(2sSZ@bF`8@z-wdfBjpha#7{Zf(aN)HuVUREpvEh?@XCbD67dd#JTXd`D|6g5= z*IFk?t?u`*2WyPE9sC4_i{cSRvr4e+3J;fxJ7YqZGJsYRa$RJRc$;HP5+IX%ejXwL za<|qpsX&hEkmHcCsO2AA)KU)&u!6UopUlQR34pTo6%{HJ2x7=K;)n#|kcG`yd*Dtj za7fzdY`@%Vwdq6OCaHQOcgD#IvW>5m8Vu49W>XlKvK1&%w#*3rd|owAUjWt+6#qcP z4&n%T5EhUcftd4q)6y`^1iA;(P|WUk;TO%S&w9#z8}gRJ04c@pjB*ZtViHgClpi|6 zTOKQ7QtXc}@RWa#hS5|0_SW?;l=32344!I=VbL@x_B>gZ*a#sL4e)nRt_a~!?6KWp znOa=j`)%(odT*OPY@`VBRuskYOB7Dv9~8VE&Q`hOaKI9dIu2t~QsD?Kr7+XB$9ix| zX@S#|gS|A6x;LE9@`6(uqz(U<05#&Y9tSK_wDyh@4)7a=vklJDx#nMde^du$f>Sj^Y=C&21~_DOQ|lzWbHg@ZDkNiwQ6BC+93N_q!Qi zC@)c019ig2_(v&F`o?L313*%WLM0_2V(7eMvVtTwwmk5^)rsyMXT(q@m)@{_Pgmv0 zg-CdGMA@aV4Z>e@9)z@lz76_BxzZ=J2S-DMwX!m5?$WS{4s<#_I{eI9A4~P9-g#VQ zxg2HUj`Zay6L@!HnQ_2qOF~97*7YSnp?m}_ggsL1G~vI~od9;J>P)zk?*sN%0MzXz zcZmOpe*A8H9xJI5+JKVPyulxv12!a`%ipszr`z?g zf|}EWy+8pi)S18)V&!CiEFSh7X4=3>4`%7ZC3o7<0$4beVjt&$8!8K(0dWLT+az-i z*SG;z2(LKfu1;qiY}x+qTo2wiVw_|zJWLGWBkFRWx*V-8IX}Vxc7g}%nSe{Oe|5_K zouuqv6H$Ww+bY;PSN|!eIgx3d3abe@ryUvR&_mqmxuXicUP(bkv5uQ0=_5Gz(w28B$j0k0bw9j1e} zgBhF%nr%0%9aQ*W;e2UD#~hU;JF!)6^vP{fqaDo%jUHse&U;kFm>fX>(?xe%{vQ8r z6=t1R=Y+h#BTPqb_i>|N=p4Ali2+185wQV=>l?_?pWbp?gF{HDor0Ai*s3HK-q2hq6 zX^;B1gQ;WMfCQw?`M^0%vItSa^dV1h42mcr4DV$$43SiBe}mx(26qy_l@{TT3OJ~Q z;KWW~F8~t+1a=@r%Z#;KT7?g*|KrdS;ey%UP*I~c`H2?lK*Gb4s&8%^t8YEYtD6)mST9waO*@T8T@LF|| zR=xMl^GFD78pkvIn18a!(z%E4yOqy$C3e5=Vt3w(!^AA`n3#lpk^O$3<2SA5_j483 zMAS&agVBoiFDfUoYqTtI(EDorK>*HvrGYM!bY4T^1E*5~$MZjJrMt@~edG4a7g-6y zofD|USLX0o7w=E|=Wl@6@nE>ecJej}ze%n3yQ1qQ5-B){deATh>@NROo>-J+QM9sydLSSCj3xG2nV1n?O-&exoz&th4~dfbQQT72{O?_- zw@p++lFX57hAIOj4p)%s*rfU>PKbs5tqq>sooFzrJ!58wObLHm%zPY^`8fE;f9+}X zj8avA7RCo^)IV-hDV~v+0HlO>XjEocVJGYlSPg!P`j_Ez%{qREVkj#PFsj3im^p z*#HkOIAX@LwHr%QTwZ|VnipUqc`-tW=JEp1Gz<bp(|C;a3ofT4~=4Z^wZHyl}RF z&vN5UU(pBIeY^>HA^DCXXyrpY=@s_yhO9^V5r8S?Q<^}W@#3q4X9x3GFCh15UN6wV zad?Te_moUUU5UNAKzk>Kxu=c1VG3y1`A1W5r@93JGiK${erU67_1v%#X_LMUbaQFS zK;eI%qzsG+q{|6)nmzO?WokqW1N0EZX>dl@mj9rbXKLbPsYear_`S-@014Efi#K+D z?r+U~>lq6=kKM=eZ_U-MLbB6PLL3`0@({Ry-Eg-ObAcd8&5|t}?jqP~n$3+en!xFvr+G*=wwf69jrXARMH$T=RimYp2{p1OPVc%;7Ks5>BfH5sg13 zwNiFU_@*?L#cG|*TC#xM4uoff zOQ}_2m!L!2|M>!4y9vIEbO!u`4hlf}=!8@8k@Yktut4@E_C1=jQdkFI#kw7C)IPxn z>LfHHT#q06G&H;tA>w`|H$1>X;rd;k)RXXL9-)fNy7t^vIq%)6BhhKntcja3dwSu- zfz>+?uQ;)K=YR?rENGY&$V>T$NNI({Y{38T;s3Q1%xn@g zhh@MAT}GCCtd7qjaRc!m$R8#3@h|P)4Dp+4#qwz9@I#W0Qw8up&OxHo)CcG zvoKr*)|_KTAalZ4%m3wjrAnpQ=iTDiG&l|Os5L{0@9dsipt+(BGjKI|aWqf#h_M{)e^>^WUhewB*ra;W_ zs{5o5tU4ahf_vYj*ZpJVw#h%~)%g442mQ5v@?lop7^mnH=*s%Z{j9nLsvx$WITLTK zx(9V7#>}Dk?Y~cbygzoP!Oz%mDRYY|lWxpBOn%?seq-Rbf13IRRi@x)tSkN*Kj>a* zt;#L=C8XP`t5CmD^nLvHU#-6EWXx>D&)7yOQ|f;6wEQ0H{(gYpl&Eij-Yxv*5&Yv} zPYe0D0`g%}K0=faFjfY-G|OV8*vWBMsx&6<%6OLvRt0_b2^4BP%T>Z7dIYjtPPI_Q zu3aq!SZ#Qvxx)VOGl)ucl6)F7=h6y=zr{xrP&r_Lm3Oo>*Z17rP8@k2B7@$mj0QFI z3TkLHUWIdUEKG%%N{#dc`{W9hXwc;4rTgfVV%ebQzsThG#8AP^mfr;@8v3U z5;VCrD02@X=r|Y;F&IV}Eu8kE^y8VLA4A9_oO%)aYAzdrio~pI0kt}yF8R&pLS3&3 zh{vOER-mDfiapT^E&!4E$NNR<7Ko7!;g#hpJSf-9VJV`_Hb^CfiSS5Ab^$@a9-&E- zNq}Ip9m=e`Ni~m0BpCX-W7h29t5v==Uj-zFC`YFzB431(2AU8ipi7`ON$U1*t7C?2 zy3GslnUB)^qj6R>I5RR1ehQx`O6&J#O0vj_1LudAz7VasQ>dj5MTkj z!CYu_XzNYLKaM3F<~5Z=~W5k{nS4nCs6nd56!SIp9KMvK7mp`Bo|5M?>~O z&wVD2ehz<@Q^NE(LF7UP!7MiSHZ}<4;t$~S(GF}5g(%Pg5jfnijTGBz`WTd1b-SWW z5T@?{LQ=x)OVPyq6*Acj*=HXsEues;WSbHC!&GqsWx#nUFvMg{J^PWWkN|#ntD*=5 z0#K?Y^T`<5@sA)~|JKsgO1>sh0+PpnQahCrj$~qE&VWhzXOu7Y59Akrtouha{lnXc zuQ+!4oF0hSG>N>$NczZWP>p}jjQXEsLF)|A#i(5(Z!QR$(bK>@=&Sq&r4@ioT8$4Y zW$+jpc1J|%5kAIF!LHmd|EDAO8bWX%eyMU0pC9QG20aCNU5DaK0qE{~(%%LgK`qlQQTxY4%nBVmlS!Uw@ccRsiPGuaz|lWYOtTg3m>t zOIe;fZU1c}7;{w%bLr{-R)KRq+{cU^x4r)|jY`5SRSD5vt0R8S1YE*0y*0%lnht=f zUgIRE)3-k51VuV9Mj1L2q;o7&xoP2aKwtuuLCaKxj+6KL)blmw(wP+7R{WAMO0SV_ z01Qli>BcS1jXLLmnzSCk^N;td)h(#JFsqu+++)~WM6#vZz{HNb&OyXU+Y!Y#PmF+s zPwj^O8WGWbbwyc&d9H+Gg{^b5IkR&=+d-EpCN7G0-2oy2#-o;oYmOFCzJiLuadHU3 zXS?`7=hsVpYJ}So500q@hqwCb^t}8&qdz2DB532-SuKCzqL!Na;HN$7m*CcnD$K2TsD7*!N-prXzgsahk3SD zrNW^!yYxw=wTojT&}|f0WD{YvznDuf&}uwNVJuaz9qg!U8>EC72qL8ILz?}VJXa-S z%~G?tVEz;b`8_E7c|TI&e{fSm;Um$-agWUGm>iUcwn_vZ(fN7Oo+=aTLsc;ReW-$V zGRhohI{7^ke;%duGq9OJv(0}{S-DhZ`Cq-2>pjUSG+F1c$6l~mY34F&Of;DTZ7SMX z)Dt>yQ0XY>qD&6d;aFUUf>TJ!fmwE>M#(=%Zq9VMXu*6O0Q&7*3ef0GST1X#?zkn-b#~%ig#i)V@_K-WK#O;uLK7 zTPT7Fpfc!P?gH-d?`Mf%&^YQ@4GI%`Ylc>UamKx&*VdbyYq!w&y|??47<*aZ;N z-p>p#PcxfWAtin4fkn}Fg?U>mza{4SFe+Ll`bmRn0-|OReHXc&&|9z2G4z1+^Q446 z{C{YB6ZojA^L;$QTpTdt1SJ|3G}u^!Ya*ZlK_(FNMhA_1K&+!84HavIM4|;rOad8) ztJGraLKUrAR8-s$6*U25wTfsJmnw?loes6&#%9U?dERr*%$-R<+VB6D&j;?Ed(ZOj z?|a^}TqOw|K)O;uLPUgmVAA;zib}wR6OVA9t!(jyC{k~liaon?bu;M&`pzpw39&duU!51;_U|+CIvP6y?rUfxXB=*!F zn70+7B(lnu09kkIv8ri^V@Len2EC~&VGn-XngWdIKcNObwA|kp9nxJRd@CR0wW4N! z4=m?T zuXEVC9KFOA(Xp}BKDU9dEUBV84j**(o;yBxZynz$6NNGov38!VZN*-!?5Y2vm937Z zS=oBwoSh&07PgZ}c&zNZk)#5~*6}?kgS51@deYDLw|q1E%kcCk+fj6XP#UGcvGKZJ zv11~g?q!~SwMYa|`9_Bt%RAGdCkqmy3mpQ*;BQibKj6*{PCEF*x)m(zkn}aA z4OEZ-P}Q`#eg;pg5{5B42@g2M?F<+(k-bx9X{OLmo_mlnPsznMG*4WBQ_~OYZ8QzUTI8TzQGVej~>wcMKnzehW*Jj zO^8uFP)nMt4K1R|exu5<4?Ox5R%{3%0E@lO=YUx(jmKUN-CNh+BCd)xr_@Xuo;S|Y zLhPYLj{CqF|7f4(j_UdudP@zVXSu^WdFsCPCZuzGVsMy}e}H^$Q0uGu)AToNo-6d6 zuPlP2ujqdso+rm2MRo*n=ZGmvKJhC>J|9_XSjE~z} zL)>*-LpT=~5EOgh_JFe+H=!stz^Sa%NX)-AeIa$lyQoEiA?K3J@`3B7jSV@yzAK9! zbI|lZXN+k6vbHOhuY8BqK2Wr3Zh3=Eg*t>Hz0@ZP+?$&ek-~(mo~??yz${c7AWX+0 zys3;`0AIxgo>j0BwtWx25zf4-geHy&Gt!?6ZXOhZQouNwT^8js;#xf$lz?>4io^BSq1fc zL96_pEyGdj5&3|jDA|KhRLmS#@<7a!8O>`NNff;{wT>BqVEhU9iXT74Hx}KhRS*My zpFD;C{NCOFo)6D(kLDp_AV3Mtk5H?S&{b3R0i6y#5nTjTKKzT7srhh7{Q{-m4iCj| z*t}Nop0DtR{H^3~$J+VznZh!+_$I}8@J*QMZ;fLa3$^`F@0&1Gbo$X8m@uSU+$aOi zJce~Yah)cBt-`B3j23erke8K(%nv>*FV!MEY)>sj{;>Bnyyteg8~H8*ZSKj{>3z4} zgG3FRb=lM za}5I9LPR1bw!4qsq~-+*F&EIZKw@!E>(TQe`O;Weq(U`D$L9DawtE}%fu!yzZ({@L zyd3M|`r+skCg{z{2_oxcg5!5fExhz`e0|-mLQeRtN=dIhOVgoA3PUA+j)M(N$LPI_ zgo)3}1*B}cSt^`vGo<(N9;>ZX8S4g2|A=lf5W_2(Ld?NcZt{48`B0T<$ftlU;48;J zQ0hS&zz#apV_#7yC+ED~XpFktCdf)v>t%VRr0O30-|T1(*#(7>C*A!j(u``T$2ORN?-zlxva1tv%O zD1^3?-7lJZ6fszb!`U7GYB|Cr`^eb!5}JdXjG{*71Nf zF;}l%kPr_vG^QO&;iq&fh8c-0?LmW*ztBH7MmjLM|84nhe9)0@;KE zVe>Vj8{M057?hXB&~gW#5&?=8cJw9?ygZB*Uzvd!tI%huEF1{olTb7IQLXvn*1ou- z_p{Bq=5i+p0Z8oSY21*L*vzAd#;lBE{i3HKCxcqNDP)GG$UUba$qHr4#3O;fa6jne zd=T@jTWBRlg~3~7qfCzC{BUf9Y&GB{gLgzZZ%VSs*wIpC3Y(H8$=b(*eg_+XNGzyC zj z_{XV28WkED8kCO4#0XcTG(&~d#x-^w+d^2Bz*3a>vSc}WI#c*WDV(D2#VI9YaU6c{ z{`nh;7*1_N#Be?yc;*8nANVw3OkIx(PE_Ej80kv6adcADGcKI^To^dg$UL!yad+(~ zQmI6!eer`>G`}INwu~x{xFL69gm_>|8cy4*kPeDs-m|L zW8OrBRsT8=JwhW&Wbv1VuU=1_&yfwZod2;$v&1KwyX*>n&ZzebytJ?8njfsE>$%2; zCI1w=HLOX$wVkYT80@P*LJ23U&5l4VE~!<+Eg=wmaPElToDSN&Qw!k)w#?~cuEIkI z8QHM+MjSVnq>E#{c`4VVlP(99{)55meQ}Y&dLM#{+c`#RfoN5oP`?J#nn%htEh1{G<*zSwYbA;150Y+;ju!IlrKu-I!S@NKTLf zpp+~j368ZWOIt?t7*svpRYs#D(;e&womKKh7`CkF5zmUwJa&L;@>T^J#;VFPcK3vh zt~69g(T5m|GO9#Y=7Gs>ZPo4lx?6*&v4QXJ6ehkMlgs+W;N@_b*A)2#6q)_$!96^(UI;c^z>bd2 zvooPBxI{-6+I@M8OPj%0o_uO=``B*VHPr5dRc<;s%G^bN7qm0C+tHhSNb?iv=_d%% zH|LE+Mrb5-bYwImH1LB!^D1$CG%awckYE{XLUy>Vgs=i&$dr4lPyr8(Ip}zDQnJAp^~%)!67nnEU*~^rHM|;w==QE7?^LtHDo}5DQ&J`(F)sD9n1JF8qH9+-PvAyWvY=#fR!L z@kOx0QC8M)qeDEYxcerq8i(KrL zC@k^a{0;i3#f7wA%1xbCt-PbinSi4pkyA!)yV4jZFrQgYFrZl*K&`pc6P6sxrc5-`Sy*z{N9kcn6-io6ZY$8-iO+*5|N0sEr^!vF&t6gb z?Rk2~Bw*7hJ)u`P=5<7=_BS4s&jF=DDFJ?x-)LLUmmE#UzUTQ8 zIsqmx!~wt_HuStR z4FX7CN?s73i8QM3>RhuvmAKmN!B(u4j^-;{p{G;WrjlaZRG@&gRB3L)a^qM*%LsUK zeUZ<-S5Mg`1p;<}R^PEs9@!ZM#_J03D)cWX3w5Pqa;(-*JrabkSqqZVTrw$0U{#j5 z{)7JpN%#C`AWe%AS0udy{52-1uO?+dRkoaS0(xDVERmEq89#qbm>M^SDIy5E_#Y~j z2!U`DG&gC~bgY7qAw^=8bfsRlkfcM2NF_k}W2T|Bq*f?5{q{`eWg9(IJBkoOG|(2X zA$00n7UvCgpa^&$5>e_t+k<1C#?d1gP-!Lpym80r1Ht1{ z%u9N__J6={UAy+Hh8aHh`csv$NOC-Z-}By4>ft|!-}LwP1;6l9|1a_Tc6SH-?$9eh zJHc<`YaagLOX%sEoyxyQ-`yAd>Yx07iQhpT@q4=e9{G3TY7c%qNQXMONBLa7ZeQ@5 zJO5|!yYX7sqCDE79NHp~9ZIefP}n+geDol!6+Q+rXW_tir}gRkAt!z?w~op7u2G-* z$y$xe@|Gg}{s4xj_kRpity}LxzMf{$_5D+#t{wzuN~*e~>x&$cnG%0-5pEc}%7!B6 zbHxz7k|64zKbV0SClwto6vkbSyI`%F>@uMk@R8Lh2*qTn2+c_%-l0tig3hA#%D6bz zk)m^WA-(cD#E$lg_9r!s>y;-T64k@`Evx zvX7IYWVb#mOI8MEt8K_hem7#Z%KF~KE4^C!|tn+w~8?G1ww}4uuOff{0)0A#& zkBvC*p{d|;6yU`3dyoZh0SMDOE19`B#FR6dZbPl&R%Dbd9yRpgU|*n-3E9BH+0qc! zk3`z!h=g}H4bDHTz0dAo)3-J6K_m1`A+tB!ka`Et1_-v)6kGz9)($j77XQry6Phwp zU}yh1Zof5JS-7H}0Wo@}I!0j(E0+;4d&hE38J%%YzRiKrqV71&h))D_U7DR84^10hjO2o*L`bsD> zWs; zWGZEMiu=n$h#6kR?t|dqHOB;;cKoYurVdxMr{ZwA$Nr<81`}`m{=|vtKA?`VQ$6cD z*3>^3d<+PRGjo@#86SlY<%a$NHJN7Vh|i|gG&|`*x*8auu0YCh0sqkJUw0Tt^|m-l zsGFGvX*-sb4B1oq z!&eok!YTfUOlF|VKin>+^# z-2vCD385m^lZE`vPw^$7Lo#N&6}a_N{%maBgpLD6w++qdDF9i^jj+w3MqdnGVd#szR=YG9bI8*VC zT*}qui@!h;_Ojnf##5Io{#4MP!8`LmAW&&X)d|PZS%N|I?s|6ExMZ8%uoHKg0jG;p z+_7I^=5u_7v!L5{=CmBl>5sM@zLs+`TQ2MpSlIF;UN)_&ou+2)E8w>;$hV{F6#A$- zxjwq6URuD+1oNLcq&>WFc0v0(!Xg|kq0H%dR1jttqPH$tRwX~!639th{s`(fx z=*F|}1Bt9AT;e!?4*sTr-4MIjZzV0p=`F{))`+^y4M4SWPz(q$6u>VvoIiCGeWhNh zhn`S1=3^sK>ztA7#~c++}*ab{bvf9`;|f&`8?OEV*#*iAyWM z8Sxwm&d?0m(FOGav}6#)#%mh7p>FB~LU|umO@g-WY>U-kUMQWz4T9t*I=y^%~w6S8#j{bh7wBXPE6G!#gDqk`{pflrP zhz>LWw3VA^m-e+}C6s?z9j2Hh4uM~Um#Ej(eC`iAvI6auIf(y38izU}KCV`{a}`zO2BV0`lJB|KLR~M{I9CuQj%T-(O~HOUda+>#psM3A@@D< z%(1?W(mRo7qLAif67bE3av3g<`;A&}j#f)kxb?Sh0^f)T+VTd{6W!@wJc%?jHb`cc zBrPu^Gz1@l)=%-OKL>j8%Zv_{$Xd0@Ggx5dkBRoB&G)81bKV_aD@vVfX2CJwhwe z9mG=7>Ztz`LWV`2T>LqjO+fJBaJbNu=^E;2KUKsh>qB*sN)*8nWd80K|2dY`+Aoj{mQRTPP{! z0HHD_YT;Y|B28EO@THL>35FdhwO5pKnGA~3q=RThplOMi0BEtyVD;C+@xvvG5`{u* z5FG`mivN)3=p_Ceg(Y8v#j$>j5>ysgtSjOTnB-WWB;GuPH~N!oR3b4utZ|#JkrP`7 ztF1Il1eGtZOT6UiAMP!4z}~(I;|?aHotz;=>PBmk;0A{HBBlM!h>{(_+}ed0TLUJM zo)FGX>nI)=h0Z%R0zkT+Nx(ZX)Q&pNg~MLPZm+z-l5p(!H#(NX>RRjYbD##&|JmGTQhAX;A1 zk)e_6X;OYZPjJ>xxk%2}vyz_+9Kh%t%4M#De>tr}u0?syEd3!bf#ED%=0in}V_ zK^Oq%lJ<8=*&!sFxr})VHQ2H4Z-Y$+p_(i4JKEKbo(ra3k`rj=+C)-ko+foQ zU`Br2x^80-&td(?o^4DC2w6=9jQVq61}Ftm35-ycfwccd+J115tbrrTkNUram4K-P zxWftoWF^`kgZBNcdI$qTjZqr+_%BpX+8ZO%-GWy5$EbI^x<#wzbmE!nd{&IM*0W5* zvJJSvu$o22aF*!I=YESwB;Le&;-JXs1k7}c>m*W9Z`Cord+d6S`gk6eg3FTdw60$w zh&)FugB@kW?iVwV9()_(z;+Nk5jgiLhI1efJPju^=~Rm)Xj58>fS5*?N0GdbD~I+s z)nmmM{#H_%ZP^$ zk7MZstmtQ@ywj)VIad31I$B$JmXTHzTEIe%|Dj8Dz&7dvv2fzq$f1N1(yKVuM_-$O z&9qPHsW~!5Dk0m_tb}boX;8wp3r*N2k{?yh&gnh5iD4U*o6*l<0<;;Pr-f};oVl8M ztQa0UOk~GIZYLuIqgt`+_&v(CX!|W99>9C~{3_{79`NtK(i+E_)Dq5!jpd@||Fw;% zH7yAH7xh>3vd318G$~2wAO-(xy(kZ3=vBZmfu`YQW+`zZ^!!?44NW=FvlV2D{lXN( zH>Tbj0d|2^5QlSWgL0qaW*#OBJXg<#&%TRmjro_1$DF2u3V3Yga(gS6%j_0iF4J8$ zT&`RJR|$VJ1DhC&^E4H+0A!B-@))*rI@Nj6A@k1T!mmJcGrcXg(%RB$HPY;h7!n7Y z@Qx?U+R@?pcBH@HPT--@*+c_IH&ifz^kBbH8!=)<5e#=zJzWsGr9AOVjpOTgbqh2f z50QjtsUEnd_7a+y@h~y9NLGXje$)7QR{f5w+LKoVi%>(m*L&_an0v=++GMm++z$=*=itX)%mL6PUWSju zbp!6>9jdWQa)RA~uI z?vo&z>sjFT8E%XcUfarr{%xdkp);kHp2Ed6kK^x$&lXeHMO4IvK8Ugy9TvikR?v+C z5T=|7^72JVHyRX--K%@0Q-_=)n&cAI&C4M%PGUpWoC7!cFpd5^woN*~X$V$ggrC5B ziW1+(E~3EWhuD1vqzV6m^b0i5J2O&4xat@&ji)Ttl0ISESu8;US8iYkvxP&LE$+jw znpGRQ6Hes3yLOgN@5`GLM~`k%s9*b~5sVtfB?y_^m4_GhR2tQW z$FY2D6g&ybG*gpo)F4(~@yXKNxYu@QJWuG_qz>VBtbe}Y5uY;!$fS+- zd(%QCK9Cru761q=m=08(-1vt<5CG!yg+4b%^cn)d2<-NAQpIN$yA$#Gz9C(Fu0q)~ z@hQ{dGh<;=e9Dyg6dayTLnS^Wub#cyWw8Gi8h_3kk>z-njpI-lNL(tYB0b z(Qxh+>w}6Hmkd=M3oj}aFS?wa$_uG2yr`;A=f(Tw9e6QV^J3TYNnYqBTX*NBqq%RY zoPkqgI;ygQi@ew%QIc1cL2)+CKT>~B_MA?JOjM2tR?@voHzn4}7y(!>Wf-(W)2=I4 z22blYI&h<}88>Q%uW!<3AjJ^u(zqdWaAwE(*QCGYd<4?Bo1x$n=&AW1Dr2K8jg~w7 zYc5#UTG{HqL@8Q;S2K*MCD#7d3Ja+bQ^&%~_6LtcL_`Rxbc3(-fIeLw>6AG)aH z@GXmP@S{r7o;cf0M5US$G%TGDTXM4~+7lZ;_to$41)61(hq0s_H3<)+{^R>2NQ&m3 zfD6BZQrtcQd)WD&Q^mo+!nZ?MUwTtH*6nkE+a0}zB0&TWl^9grah61~*x6b;#ExJc zyW^ko0ma9x*w+y_SV?ouKeCl}jeks;VD3^*41xkkJShfr#Rw&E`Pc{u)hJ#^`bR&TBv4Qp z*^_&wDE1!FHNH5VK<@o7%8bovw?UVNAurlNekCQFI)4V44HFN_E|>^qD=V0Q90sxs z+OR@Z^xP&CM<-NKGN0HK5>?(5nH!M~w?7}FT95|QCQpTi#*cwR6_B*brEW9=ST8}` zpj19Zp99lhU;?LMb3I#w%GFWj>Hq_oO08pp=P}&Z2WGeNIJ%Qq9!y`v3ecL{ebT^= zcKi<9u~t$nYU(qv@Loz^6Sl|Cm&fMgH=p8Isjl2f#Z#r;p4uN@NZ4-#W;8cra%Ph# zr~d<9fXYht0@T*>3Y6-QZK%inQhe|r&}5_8z`{8Nv+<;H4UEytd>4w|O5j7zZSo7Y zr@EZ8lr!gHJYM=TlVU44pPbQhMOI*C0wlB8^?zoP22|w(}t$f~+eH04v&TQ_*67~J$@G=8g^v-(rH*f`Zd z=9j=lcHwdZO;sp!EhUD+KpKkhGVhe*4tZJa2dGE}i4Cf=GD<-MQIA?*4^t>mKPV(s zc*8z1+hZUT2IA{OjNs7NORQ)Q+#Q&~M2g(ZWc~tTh{{tKSZBlVX9FhBl(~ZGv6uD* zrV9n8+QBLCph5R=e4&jGp#^Y~duKa}RV&H}T=axd3DZ=>9Dj;wOTg+M@ezX;fJ=?z zLjXU8$;Fz2d^c|hX9sbN3%e~$P!gWRCews8NC;NMzNfuO_Q{DtiOCPup<$J&8+%Cd z2IPU`U-hBtTlPW`0JTAY0OY%K25-P7pX3H)Rx$bnlWEv9SGe`O3W)(KKA#6cj;-Zf z3{HU1J+Mh&CtKO!i77z&?jZD_5#y)`eF0CC)cu19Nbd3=1Y}+9aroA3J$u4;fnkjo z;8yyPGhFbAET!kM-s}}^hlxFeMMi|0w(bEsGz;@NUaFqr^9frezO4%u07&;s9Q|YZ zfI6ABIpR_{v$WuNCuWFR#uS_d6FzM{DG5aoJYfWL0HNrKn(LJe_t~c_Zi11pk|F%Z zQ(3xcBbMF~huvoxKvakSLL6-DNNgd4Voi(KUGl@KEP^?T`bY5sYqU}*rjuYPRw;pu zqGjx2sjp-+u<-X{4{?;pE3ygP`n_uQ&Yx=*98+&<5U^Eq5yo@<0%KMBthp`6^L z*>{PWQqH_*kTeJ%3}lia8w4K=D?Z~f7z*4683&E0(OC4vuP zV)tDQgKz=A(~Zwj@(2_<0C3D7(oXx~e#+HCJau{%nlF2tp^0{uY8J<=@P+|BqO0OF zOmr1!{sWuCD;uv+A*)~H_2m;aQiEStQbMj`|V|1^xwDy54Yk7$y-XW7qrX7O9L+! zjcZ%(8#nM%eEO(yXV*z9;sfxe>%>!|!7lLEFxXh4b^_+V%uoUpEF|~%7&2oXyWc)3 z>JnF%FV$sgJ;+d)h=w}EZ}JhS)cIZD6VzjzD?U>A1u@1+;1@?^z?n?v9H8R)BqwHj zYT#Wmaeh|?-fY2IN8)({@eJI`E#!e0^TxF;1)4x_D&@711~#AWDlckx8HcoLU=^M~ zTf{YW=lTNrGbjdEf2iXCFmt`VYoKv5kct(`{sP1 z(i`gXnz~#%4OIF9F3n3HC$azfL`DWbxBt4Oo;~W1wmWJ;5 z$fHWzXuap6ggtO;!1W+(vn3^8%<>))w+W;=F7yXRvEihCYl+%wo;O(BCNQn(=^C@YVwDvz`>MwGg= zqcK;9Ayo-aU1vv(r#Aa%5VdGe&5H2{$CUxjVSqa)0XG6Mf{efg6StwrSirrp-_OH+ zeTl$*`d;A%_0e5#Y% zm15@bC0ve)QFZbuI=`Tv^i7 zd8|E!Bw=y`T3Mvrn^WB_i4+?=0yfv}It2>#441y7`R8xhYG>!$oArG4ETGk=aYwf) zHz=)n9gnl9Id){w@?jp`k$O@8SEqs#vIBOOv_K*~^MN9gk1)fj>VU3_mcoWh#AnE0 zafqYO9iVrnRK}Mvz6?S-zJ1G(1O+@K;WTD~B(D~eBwPxjNWzr`LK0XWN^me%3LSBO zyczV^N&_PXZC~?Gf$0ZQpHt!)Hh`h-cBFh>1wHU9i1qgU2~rrp#poID9(XY6-Io@2 zbjJ9=bLj|>6vX=SI3;c+TB7u1Ei!}{>7Ad21sG0gwsH%E0C5TpGX=$mPTjk(_X9M$ zfBFACBpE$73G|YVK)a9M1X}X*IGx3RxwM^W-;-gkL0P|!<~gj)a|C1-K@;oTHL!4T zK|Rn4w%nAp0*AffFWp$z^jF4OCOMR`M(Z?^wlfhLSwo#&B$kS!%oq5AH`j@Qo&pII zEA3?UAo*>lsh~l6Nulb{C)7w2O^Izt41G~s4}CZH101cj1IZM`m1@`CQAOl9 zK?7jFKns12JMFOO92#-kij~Nrtk`FMWNZ;lqGR2d(i^1=FoOpv=BPB;YpOXChO@Pk z(3<KxU4J+egy>b^o^q^5V`Z=bvFn2M z0a<9JXJ94w)=!HJ%f_!91d_wxE2Q<-?U>xlSMt&*KMJG%M~Y>_AkQ4w(73@Te6usR zz^oRdMjqJmI+yn-JIXy8;7hge1vlw~4PlkAngaE{oYM#H#b4^wP>q|D)cIc)bTm}x zAZ&Uv#_beOoqztKLml_lS}=U7u@hzxkizf4^sY?RrRM|b&_t8>WHqXl)wlt1VbW^s zKW;@ST3e2pa@_4taZQcyN{f`q$dN>oi5FEz3q(1co3n6GYT%9wB*!)}OSga^h_55t z8a9!qrI9Ud-{j#_e?7_~%S+qboU)d(9+_?5_^`R9M;CnRv##HuuL{E7@(e0jNPF=;7l z*do(mj;4{V+eq0*C8hn++@sXZzYRk8={TTtO6WM!K+i=)e0s?O&bV|vd{q1;Vv?>W(Fp)ibk!3xu z;ZZ4Ov`~A8>e$~9Q38v~H@pA2I(MeXdgvA*yd0{f4bNrJCbAa zOEzxMvk;Q`rFV`u`K8)Z6}g#P!uhbT(b!5FiXk!RSA||BaIBUaXc7k5au6MShaKq& zFC^+s={i6MiaGJ;-J^iS9?##9`OOEEzXNC!sBZjERI_n=R-kzpU*cy~Gy@K*O&r#? zHk!CV^I|}PS7F39LC)sY6Eghqp8VqAS)W|aeceFKx~8KP>&B21;Gdl1 z4cl5uZ(R^6%|_u3ixo2UgcB``oT6u%T>cRX25n3QkRI$`ba>jlz#h=A=pBfnr+ z5p-i6*vwHV^EwBXE6_lOZ~3sSj54&&Ql){FWszZ)9eGJ;5Rn$5z1s_6eUN@R9HCWeDQ zj0jO2^C@b^VdXD6F_g?!n0&^igwtceBTF>Zm=Hu-Eb?9KGKhJql?)R`Wx@aY%Tz0g zw&O1|)~v82{ZWP^)<%>ut&;c@sR}xxu*!-cKb(RC#61Vp0NuDY9lz9={->jfOL73q z4J}R`XA{U}VXJENQsvzizYs(d7%)Dk*MDIU81x;9vQdBdSfIVC7U#VC2j0aQY9H>_ zTuvD@{@$b>5~C03CX54B&u>W`jtu^KjKbfJza|jGo?%kqnQI}ZW6~n{6nWj7eg4B6 zN&B3ybG3zgj^E4B8RK`_0G%(+8l2T}y@=<1r|U^P@AC)ecdVZRe_;CCj15!PgTOA> z-y8dXgvb8ZkZsl4{!;=lnbDMu`m!t}vf3;R`AF1LGk_Bw>I_ByK?mIj{`Ni?7riWG z1k#NxFc>u&zsRrOnIC9AhP4~pvjWb)MWy{8_h7Z$PjJC{60RmO)#ji;S!7kI+H6`D zv9rqtt_s}M)&j4?<)!DV2JTf2+?UcoS&Q96`rZji!m5 zQkRcaDHyBlC=kDfBkXI3$XXT0Kkfx3WVDXd>$$wbTF%3jf4pCyZUOuR#3qg2RVk9V zbc^-I0IW&@)9ZfLYZT97rzu|JHGF-H9LHEo(nKD64G88M2mm1=OXTg65P2{n?vpWuNyCSDt}68J!_V<&2TB==EFBqH84K=HM|y2U0&lLKp_3Tt3~R^fj`|4Ea;(t`Av&(d zoAaFP{cwyr*VXhJ8ChGrs`%sBdF&RGwtUZ3HR5J)#wV?Q@sF{AcuhlBfuG*hGtWf5 zt7mAspkrU&o@8cFS>df){%_25!?Pu@+%XPzt0$A8_)F@$lQ@rJJqL@OpGN_#D7Rdi z@@JG{cxaZU*!Ue-IJ00Ko^h#4F@C?~!w;S;v6c_l)$G@}Dw99oN&Lj3vDpP5N~t-r zp#_7>_wW-7OqyM+@y7a`+E#%Q;+fG8{`z)C!S^RE=7v^?{>6&f{IA*6fHh%X2jZlUA-gxs5E; zJz+H!4$j{axT6b8J2xO7`7B?zWF5dt3K#X60?3Nsf)L>?48=*6#kdx?^0bb>h#k~R zRm=*`UT95nR00`Rtkk1r%9IQ#2Ywfrk-=)bIUdM`5-~#!rtdRbss20&5g`JiME8zA zsR3@7v+(nXLL@Q3#c)Wc>;~p5>?esmG(kuMdnR*81=!_Dhtkdtn8FK>k9~yLMUXvAA6X{iKbOXv%&(~@h zS3;-wF^VnI4pv`J(E4;(>=RfiEY;&$l*IR^m3T`84D?h4ygaXy2-ti>Lr>~m&>PaT zuJ&k?#^9P8Z7eWt9BJdaz_Vh%lQ_7kKwv~yVG4s77{hV*9*KH%5fBkYR9EpQpu1Rs zlzY|-WCez)3RXx6`JrJwd>>$aw3oozCkZRkI(8CXMD1;{d$lAW&X@V-bU3%_CG7~s z<-G>-*}%eE8JEBYH6JhXXHCwAQb+xDyg*|%;4L+%GtEJ**{!j`NJ|vA#s=V`*>lnJ zL>bxy5-95<(x=#S?4du;p68Abl#fcHoJ1GjohNVZ;JO_U5<#YjZaTsl8sTa!+8SZZ z8OXlT!3sF{L)j3Ml=~{vQEY#7fc8Tzp@K6Za`n%7aY_zYs8xvp%Q=S-H+|Ga5yvK2 z{uJy6T?;YrJ(H=+c_gS7w%83=4c@paKh_^t__WzeVn^c+QOgm$tcv{&Ys8HON{(Qg zAC$+|mj?)|{?5zK7&){x7M0xbGsW#+r7pXE1@GS#&sACpaQa|Vdy&G~SOvO&u{r^a zu>0Y#X1B)wUECUvtI}!lg8n|)Wpqgmo0XQ#SH{#)SJ*Zp&v@ZE?Ow!_@raowS?mFN z2T4sE#Sje zW24!E0@Wz=W-L&)8jcmj(ke$YqQ($r=pgbLAJppBx<-@a>&*>OZesu^# zl|b`{6#8UDsq8MC=qmP|Sg5RmJtqk7iMX;W>p0c$p5h0w1PMb8v!?krVg~0~&x=!? zX%BpB8f=w~xKV;sM&R5e*@8M0qQNiHn&=TAB**NB)+0WQc#@M8PVVhbQRnEm#EMG{ z!GR+JiG26U9-Ufo5oVKV`d6-4@m!A;k6>BDO0_@_LQ$n{cS;uiEWIxPmRJnCo*`(1 z4wfO{+WsV=V!)MzD&hLqN7jo};x}xOnOnvAfVa@3P-q8{tvJ)C=DIslb}(F_#m2`RZi4(>r(^)a7f7o4%4l`s|)UubOgoNQd3KH(ev28G$YSaP zDzc~-A<|A1(F8@4e~c{X^!VqQA_7J8g-_@KvQK6WKalX?d3+veUBVi;nmu^OJ+DFz zwFmDPY!2%`ewPe63RN?2{v$o)sAo&~BPbMM{*lt6J@AJFFA19a@r5AqqY1@Lq3_=E z`AeTvx&W%}%Y17My4ja}eoFs==`SgJ0j^AdY=OVk2zH1SS$un%$ry^?j0a}oJ#$Zm z`27;{Pe6BeLA_k}5bj{!iTSfXLYh3`PPaYf&$juMDdC=89ql9n7ENHMzmHB1`)Fhr zmn_s+2oU5(c9X&(hB;ic?acL}b~=m`zEZt&+}E2_ng|MQavzC&7DQg>v&IWFY6)7{ zy9BN1DaE23Y9_!jIWZMRQw9*`@k~7>mC$_LpaqKO!v|12Rj=`9_zVMm|F2|>LVIH( z6Jn63;-zAr_ToAf#42b($(vySNWxg8D)t@CL25uzBz>BaI+Cc0J&2MRp)x7*>BGiE zvHzrrN{J>O+ka2d1O#h3 zD7rwz%1{!mOrqV|G*yP6(<-1_$9c_{C;tq8xHtW}`tkotzj~sp|3SaPO26`{Usz!# z|5+s;X`6XohO(LB?}})x`g2kdTc7bg9!_^{f&!4Br={9X=LQx@@*fLx9uES z-uOk<$jl|Sa|`Bre3K70$JE~-9Xa$DTLELEI`0qP52;DwyiS&#G=s&!2pPv3TnI39y@w&WYV3 zy!2vsEeo4@n0v){N1v@nVNAzh*t|Y)$6u+s*a-pvhyh~WtOGq>Xc3;-&K~Di#BOm~ zh2H^``IR?;OehhNA&TobzjE>|o@tA@?4Yyxl@Gfr>c~=SpjfX8^1}HQQVH`bzt~Mx zACS$fkm&Ll0P5_DsJ1q(*@G{4eY;FO$;ZrjO*&eJK?(93atW%|^80klW}Rr4!^ z&g(nBe>B~9u9Xtz1HM{J8QH=8|7cpSx=K%q19c)te z{q$%A9;NxlJGt^%hML7Fp<^zjGi5Wh!-!(p2z0cLIvS3BP905w!bA+5S$TgyLZRW( z&BU%p6;7VjG1vf9T%GLrfA?nv5FI-J5<5uu3efW1a{&-L#g{1sAXb5i0W?O(^t1{k zlDl2&VsqjC&`Jp2J71axg%qP?2!+9g%9(%H{u!ELQcmWd;M6+74 zt^=BzG8LL|FTx#-X8O#)>ryPqx+*5^*-`97bb$74#9f>j7%wzZb!<;g?#9cZ2Dj z7!Zz32o&uJXFQ=@aRmC?yl1~krTfsLT7N|V4 zzJggR`CLA5$!}7l>*96t`R78reTj{4`#LjNKZ=th)gDB|5I)<{pVEcgZlT<6ao?Xr zCSQk=x)>}rL>kFb+j(A%!jgp_OB9x=LfLT#vf54!ZAzleTRp`fgOoC!Hv4ZtjIc4U ze%GMD?4?|?@`B)igcA!vAa>z1yW9DU%cD}x>B(Hmr9$iRj^CJV?kNc^=99p~5;9Y* z=Rg@{av^ylA?^iNe=c7?$;WredubNQLBgnPnvA_cexq(Z`&Po;)4<>+YHh3^BPlW)TImHX_z zAK8%)>}?;}ZJYMPMH&em|MS z!u(6gu;KY!c}j+PYPr|^R>;3Q2=YfD6DoO_qMt&4InQh_^!I`OIr?+#ivI5g9Igln zMe#jYp+A)|mHr_t%ijn3ALA*uXZp8apKL5a|FiZ)f53~w!v-#$d>N@K1cuePn{)%g zNvjk(k-DwQ_Nc=XlC|_Ae$1YBsO9c|oltk~P*C>?FLhJwUz6v&)OQ)(H*7A-Bp~zE z(UchC$?i?4tFQqQ=w2@RD?z8&U~v*mCqz~=br9JWo5&^_mlT$_x0XdVg(9DEFyx$# zr=e(ft`VYX2{~u`$|JjIB{$$_Y2^D5SAHin{)2!k3}Gek{p6P6`#4Fav%$q8!~ zPQ>;SVFz(m)kOs-gy70-+>R|cF_tNMX0}|JedprU&1lG4e@!w?j6j&fkP)ktZ_J}n zgqNAAkDzT*XZ!&dVTC@=6=!FNut#>5McxlAoKkQiL@MAs#b60u1!fw-vuJ=iauZ`x zUnw#Spq>wmD2;p@!e@q)e?&Tge8K=$5z20v!U7o zUG=(aYHIUF1YWeW#-XLE>uV1{8^NxyaARv0)1L^Gh*1S z8(I^N*d%aOZhnKCK+`-RQCl=3nqS)R)1XOLSK;hTLF>gZ;rr>D>uRS0zA)hX>6$=O zo~~Sbim6d^W$iD4jVfJJTYH!(J*oD%`xZZ?vJ)?t$jR(Za~6ul$ukSJu{4 zT|aUB$blaQnzQf}tpt7Ob9>EAfu^USoUw24A3=@JlK*cLE68&jf+X|FWi6qCljuzN z2$s?M>9X`MYq{I8zJVg2k26K4VYR8&bP;}ps1PvmTq67@Q}~0DqLn*#y0;qWUDb=d z0zh$ea*Y*i`mt8lyzqE3{?Ucl=008YqgLA{8F4(z%g-o^`{zM0fj$hDjDtz~cL$w- zf+_^Ou^YN=*sSc_`~tCquz$SbXxu;#brLGCYc+s8K9YX~R@R~D`>=TqsU$);GoI@o zm;w7ei#XOjjX?koV>;`fN)VAL5Bdh+Wz;|9hdJCLG8_Z_ennhCgmUh%zPEhUfUF zb!9C~)c!G13$IxoFRyxv-*3Rno8+aU9`@VL^qKn2@>y%3z1$mhQC>rdN}W^8`ck{3TVg3FrV7;8AzSGTH6ZjhKl2hkr$ zrM|Eg7Ge7C-2aHu7D8zQ%}25wC~gq(2EY*y%_E`d(tL1fH&6h`E~$IgeGCpcQG}Af zjKqdoQ~zso(fhIN9V4BliBOo>v80MuD#1f)0LMQ{9A{K_B93Uk1iSU|(U^Q-j}}S` zd5z|le@k|Z%HvS`Y{nrgO7o;d)Q3gB1SyP9&{Q{d!Iwqq?Bmsug(!UcA*yhl6kZ{N zW_?R@tZqGv${hbuZ`0Q4liGm6dX(vbe~`YiLZw%&@>3T<(Ut1;F?1soiK`^~6^em-xr_^F8;4 z=3enA1D}lrPgxoTd*QLsHCyur zUqk8r{=dnai5}hzBX1VOg*VqpeWEW+0u45hYWO3PuDV6rvvmxroQvv_=C<3m9#j!%4a|+MEcX%iDk+nQmGR??6QAyaV zd&6ceKCy=o5Twa#R%#dj*x>Er#cMl~V3zw}Cr=61-9*vkg7A%+7Wu8xkBr9Zm_ey# z{DpwDXF<{u15o$PIDs^)L7+dlUnC9i?Nj=#YEr$Omv}o%zpa-id|SqpA1l_%D<;Y! zs@8%;tLAlRyi(mMpJ#c`#vj`#DHTW!*glJ>!X!bE!4UViJ>`Nj(8v+(0KBLrd zd@2%(_>5N_pKSm_jL%#m=2)|zVVAHB$A7N4j_^Ux0l|1wv7PAo`E=UV(k8xGBA=^- zY13cr7)!fRMfxjh)3o9po?KLbcR&p9v)osv16CB0COK2s3;?j?reR0#mH)XvFykON zsfHarMmt^b-83h643`MOl{Rk?M>1Qw4>aXt=+>}fXld-gKr>g`q2$D=x}@4zYD!)O za8=uE&z~)&kf;j^N=>@GJ4gisIub(I49itOz##Fx>A;N7#gS(fplpV{Pv4yW)lr;Z z;>ZA$C?rMegnF3ElI}HU8kUh!SY~I&mnlyCYeKr9Rlbu#@ff^% zh~ir#q=Q`nYHgNSIiX*Ub-@wZni({efcZx^(8(KndjKmrCe^~z6k!hv0UfLm#x=Zg z7hQm_@4f|#MMcYqy++%Gmlga4korEGCH-!YpW4=nm?e5P?w8V@wD{0hy$GvIQHr5+h776{t7AE=3MUBt#Ukp-b18G0Hjr3k z>G@$-Aae_%Zd~Y;={xA7^5m+WHF&U=ZR3ypSg&r0<=Ga4sP~i5H zkP{%z>UC}6wUt350bnbMP%Ap(AMaPHTSB>flAd31#5>Z4{pC3&U&&CUmGu%KpY?5? z!7OP3fSLd0cf9g-Fe`!Qs&eP@RapV~`YrsCV(WppYuIt+p`#xVi*Vayt><=%Mc_AX z8g^X!V!wG(YHXb@C6g5xhtO;VnvTH#4LjZ$KlQypb2dF5;Jb+>VG({HXb@2;+58QB zo?aF7AYXt$3vlHh??v=^@6p9sx9CCMwrA3HkyR-LtVa4C+BvO08RMmul7eKCrZXux z;XKf482vL^uV?ECC8KQmuQ*$^hkQO z`VBOJ1Xwd-GWT=Q7XL_%dFqy^J@NOXUTo)U(Thi(O{d6Qd1pqm*7JvSPLb}NQbbkm zTzU>a7ZfSNWUG=MpSA?mOwQ4e@zXtxE0C~HWKUhJ%4POcVQ(Dok|~;-eHWxlKAWNB z(;QOA&^Aw57ESg)zKj+b+0C z$?cq0_ut8I+E{YBDQcPm*3b$%1CGIx^Tz!q1X^VwCQ-Cn2#s)eUM$J*KNKR&xF0cz z$poouGTxB+2AjS&?R(Bv#&gItIsVUIB$$ZqMFJYnj)^_W=T8I$9M6a$c6x9BA&7zq zJvnL-1l(qAN2PRFl?G;rmd!%P3kn&Gv=ALsRlx{&KzD<-Ii%q@v0U1-L9~N6u@gpS zvSdYu?A$m&o9iBu=uY4=Kw~>a)}!|jm%pFN&pL@?6*p4G6u$U%@o#XE?y$=hf<^2f zGp)IO1TDrrWH2kcPd#tc0M7)ie7+F0W)T$()0@O&L=TetW$Iz=u?a^Gv75_>5W6Zq zr0RK=z5<;f`ab3>Vw=+UDT%%TAG!r8&^5fFRrrYDxOG4Zj*b;xRgOk9mOT{9i)k?(e}#zVDhu)qMJ8j`Z0=lp_t)<~QiOs=5OyZMll zt4j8fSp<=hiL3-sx!?-4cQ?LEqpZqCTa=W~n#+pRkqc-EqX#wOW1@d*LyCSVpUz&= zXEk#6XYiznR(@)?#fRE$8;9E4mV$AZv*45r z4py??*<`nUbCmsh{j_I3@bg*bZhk$b`B~mK;M*JRLy@uKs)3rT@FgUOLXg4)B;W#` z`n#GL0M`86ut<%P(@K$3rWc1|ofVGbFDp0$H#jg+%P^EjJ`|ryLU-}TFB4=zvRC0Z zOW{|)L130lk!;YQ!mjz46=3jVVZe%M{|j-kqg+M->>|5kC-HG>Y#1-=VvkGA?H}?a zO}KR=z5x{LiAQeJ(U9q)FsK%yfya%@d{|%z z*_O-qI&fEJ(pZ~GFaOdqgdv9+9@P+D40G`li2t19Y(t(O9w%DC2 znFEybWLE-AgG=7tCmavxl=atNG>yez4fXNUCny`Ey9R*3Pg*10U z&tG?jKihret?i;EGT-5TB=a56V_E!n8Rj->@u8nef!9j}0Q% zK*SpXK`K9QM*qMS+qy`9bU-H#c^S<_znBOtnL@8X3hoCtFcX}1#9f$o=q**ddt=bT zRsfYOH=@->5tubL--yEsi(8A=6|agv<}NuBbh*yZMXOsXe1Ylm-H=onajf<2if3-% zZG|C+bxV)6GGu;;J)`^bqG;~ZAChpDK8R*NHUATWd?kcw*17vh>{$XcB{xC2NeY#s zr*^#V)(;FlUvw=3&(GDS(z6Wo1WhJ@M4%_mRkM2i9VzM7nmo6kH~b2+o z5iiuMc%dW<9W-oKiIVwxRz+X+pin64SZBP7NK*7^opO8-UB)X;?nM~`G0I*WXqFS{ zAfgyESpg|7O2o(uPxCR^mq&aY>#Bppnpo@4QImbw3QHw0;gkyI6cIL5%G`!1a&7daFZXz zjr$rSHvmw`zM*tn(h1{)1>{XKHlO7VzDT9sx3gZuGV%;F+Z^bi8aglo26l-b3s?+q zD*0m(e$*UgM@xM;o+f_CEcf3RcGehq2ez+AY5wtkgWRcmIuri!IXw#hz|KFsF$kD~ zI*tYbSo>V(A+6&?2&C3|G7NGyuo@tPJ!{e@*+_O?rw*}qZn0-pPn{TIYEz;}JWxv! zk2h}HP?a###6z0n@rvZ@Z;YmxR|N662U9`R40f-&R8(lqnY<8Ep>8Xi!jB4q zy;A=W>aOJvKvjpU5T~9u_(RV(E=v-pm5+ot)oDFTG7qU^7I3Ur-ehJ6(4b9UPkAN< z4D#T-LY_D7vNO_=znkyPXcGJxpG020BJwBB?Hu`QE)nG48X?FN3dk6Yur=WsW~_#zi_K@XJ%j~=Lk6Z z7dV|syRqBp=)eqapS2_S#Lx2u^{mpkt4qMS7!QlFU2G*py7VQIqWs;@aeP70KCHF8 zPg^-Yty#PZCrj^cubynYnu8z||A2@_|ckd=BR1<~QyIkp63VS+NAJ3n@Ci&?-!71u@cm z?XSZDGDbTu=rvZ*Jju)keOO?Fr5Bg4Q!7d~5Fy9^(IwA8rI;q^e3;>a&)zgudg8B)p-mcC!-?8|?_Kga5~i zb;i=&f^Z|2L&8O^6P5`zd-I~G8GBL%p8*o8YuGQp%%Xy?IjMoBO`N#W3>K3Jw$gQwfw34mmI6iWnz3n?J zhrz;{?V-pLY(9)dn1AP5h8NfbgtZ=595xxO-(6ITxEOMLJCCsmEc{(&u)e*n_96!A7J@7)|WysPdIC%I4_6>U8@m1C-SF{F`c}BK|HodB_rxlKpW3LuX2zwXxS>ecYu7 z!w%h&utO&1O4=i*si25tJiRn0FkL?4*RZ()SyIlQO3>h#D_2K510JeiFqKFmKZB*& zOd=x(;J~}b52C0er$MEXofpG0VRlXqIJ<>|GN6&rf!ovKIy1s8gQpt-%@0zuc+UP~B)HW!syk4s$=vG-(C zmpx14dG4+$o>ss=vgL!n30wSzEwOyDW^AL3e4=&_e-p~;^E^j)e11HhD}V@sI-f79 zDcP`$1YYVMdk}at5$cx~{|2W2nZ!!Z_raL~W%h2p`Vg@f>!xtP@7f-K{Y>E9sefCl z;77X?5UOE}g8!^;{ir(Vh@M-fWHvqVmDV!AB&M-MH`&7A(c&NAeFm#D(5b@Hm*SB<<@8F@&PZTO$kO# z!KH3<4zLuicS!KyD7Z<-+HD)MpsH{Asecz`LZ`D}3*mc6X$a&AD(&N*ID`R%Q9fM9 z+GhQN%qM)V=oKctpk(|HL@L2km|^h8+}P%(LT+%r+k7<-Ze!R|C0M&#?^4`PGOvWR zgx|F`U1fqDd`nuD9{xvF8e_$Tq5%PDuyt;QhhOx|>;!EYa;AovqX(o$THYZ!@-H|i z+C41*YIYHs3A_jy7}vPHOYJ}~E*nO^CJQe2V6mzO$vob0dBE)hIHkgV9qX1?$I5-) zQdG~X<@d3(hoH@AH?rhdPsvJeNvrl@mb5b9yN0yC-kx#eY!n~hDSl$2ct`$l4HfjU zlKcT_@E;Kfj{{6+fdA*trDkSBGyPXTK+P1<4dET`a@?W)G>xf`kP7BRvC^0NC|tV; zfdgc&0#vG8nrL`%C!BYzjo~B<@l`RJnvB`$EDZ7mypHwm6CM^Gq**9$l{x_}5wLvT zxPR)G&O(S3hdl}4+!{Yv_?eh2k2H6X=k;tiHRliN2a)p$G(C!UI3XQV&(2I1qnijU z?A5(tS3Q1Cy^!Bxy!t!Dw$r8#4m8eS5obu~v%3&7^gj)Yz-ta|T>5$=!konz>|#YS zfK$o;w4bPT2x=Ao7{@nXQl^C7UbUeesU;D4u!DdRhWZA-vR@eqiC>e)5n5-4wN=;sXGQu#$QgVL~47SAIKx_Fkt*I(H=b^ zNR#1af1lEvpUv%geqc1(13(iX!e|fwS=k#0We9|c7C+j^79kN_%I<#y10KkD4zebG z#zSD7&S(=Y3YvS<(ofpso7_9Qq3cUg_Q%&X)!b22bOSh@%L2c|bE`yD0@+P|W~ zDzpQRAfblr{}s|YkYZQW!erjni2`z5Sr0z(N1l7$N8bo(VLPZdpeqF1j6%&Cve|mN zj~&wck;rfz)&=u)uJESURDKN15Om4#v6EwvGIV? zr5wE0`I>*My@ESJ_!QSdxkf6Gk3LFDRF@zE2G=T~Po=o7jB$UET8hiKInt)|tAd;) zsaeNJ7Ms02@jturJkv&&eH2|^{3~De|BR#+oQlfzD#dA$sqv5H^l*4R%4V3J>frUI5hKcKx>FU&hme_t_1tY$Kz0iU=tS-y{x z5$&C^gan-E<0w_k?}}lXh{F^SR}3p6F|q!;O-hzDe_T7+UNKC?V~%wP7e|n2j`iLE z@C>X%k6cjE{PO4RQR@LzLojo^f_X)dgIB1ZC=Ej^+~u=UWzv4~84y962?dV54t>Om zzy6+Qf5$UHMrL|a-@PR7*a@UYp&aW=exOAaF5;$AfszPtAGW}cX+Oh{8`I|d2)~3} zlMe(IPypJrM$Yx&e9B8qd}3AoTSaO<_oU(CI8Q@odcKeN`k;RJC-j4SV&sxkV0n+d zdpVpX#$$NqoXq5F^*tF5Ye+{FNRyw9BzTJdWrGk`^oKeShYGH)ZRAl@cH0+OcC;5} z4{EwYW(RlYuC+=Y2#?)0NO&Q{FOO#VMn*$EewDe0uPo|+_4PUU$VN}!2-wqNu&u}0 zk(x|j)OrNZ!TAHvj^MH%P*Bh(ZS{3JZJe1RnpvG7GlIS>M1M9=#2zW-pCggfUbBXA`)q z0bGhdfD4_gk_{WEzzv%>5LP4`BxZE<753KUa{vs%2%A|Cn|rkD)Kaz$L~aWm(iZo? zlT{W1xy7R|Jrm7w8gY)~;f3(FBj1%`(6es9Cz$uAj-XY<5b@sh>M-+gXVV8MlNe0C zCOhzx)nPB19u%PZ$xa-n4#yaOFbz?-tb3S3D~SeWOc)shap?WWSLa|4b5?bBP<0!h;||Y+5bQ>RDPij6CQV*flB^xZ z3nH%|ZoUkefKLwAr9(+1bf>IFsv)>Fpk1UIs1+_2)UM$pu%ZYN_1~MlYw?cFQTU;m z5d9ibP{0ZFEzOBq|9nMM7x^o(&Yod_9pT7M+iahE{>xz8=XL~)L^J3J-rF6Fhb&VP zkGK^XK=}wI_Xg`UeCI2C^C`kQhJ$eyuftXlv$1{m{il_h6^bw*2}wT%v`*c21q!g= z=TGJwA=t@Uu%|Zc8;4n-PBe(-xtWjez^5(IJ5cz*Mg!V}^JYo5gO+#d~| zZ=R&)Lc6dd))e0X>w9SI1&X5sPXc7!v9nA|QM(G#5|&)Fq&0;&l|h^Z1Hqw$(Em%K zDr#3S0(==_R)?0L>FfSK*3JaJs^a|n0l6BLc!QNTF4Sma8@1KAHdNG$2EAyi!CD*8 zwsDWG)u0K+7WKv?kn81WP+F;?rL9%ks>P*%OaBI?2wE*gYjMZ@+y)hw7Q`y=_xH@4 zyM&;&pEn=n%spr3nP;ADo_XdubK1_prAi3ZOxcQikc{OV%=vI4sXKIyvL!4;hmTm~M5VERfq00JlM|GQ{Xo6+wSB>j?%{-kEK$x* zmQFKhM7GdDShg?%v?`f7vWVHdkRA7A5&(1jJk^|p*z2A?542Qvuvzv3#ZWB58J$RU zswL*Ap!c-eHA**Hw>Q-rK5%f+XmgzBJ|CBi6#D~U*<8Y(+@qGL z;E9f_;3e}!eUKf>Au>ghdG~vfWbXe}Cz&UkRa8xv2N>^)=LD05XkMr%=bEnD+ckYk zXjmss664*LkCI6uy~|s_>KIA?&70!d8y<0xBYrKSmLS_InLsu{VtkEQhG~>1P6^%e z3~ura9#*xHT|?P57z~$`o6aXwjvHhy zfuR9zC;-R9U5Y!r;R6PEeZc^W#uuNqg|qLK1@jfKNWvhVx7-VUG->Vj+rcNT zjY^-*2e_7Nrr!tnkWVXCWWe&?VUE-T=F#OFCQqnD7tl&nbY>&GUDFnHi-Ccdi zv3su7Q}`!+47UB4CgP6djXZorf(JBs|1QbkBtW!H;;y&v<{e;^p0cMTb}i@oODG8f zqj`p1y#LU;H(a`((~c;VBCpenRcW}VWif+G|6^vy(3Vnl8kYO?W>e7W{$6_;2_fg7 z`S&2)CCs*UDBWu8Y>|9S`9AVEKsK-^$rhO}rcJ+VFI5O%>3`PtZpz74 zW5tp4L>NC!5||PEp6y#PSu)yooV8*s%{T{`?^zTiyH{r+U_T!IZOQ zZdhG=IMw@wCkR3Yn}P;o)sBtmqu2}v{G%sEBw^hZyp~QX1wsP&l2&tZNBsl zorPpy6Uo2;xZbfUH>T>e9(&Y3n+KZO+TQ4YOLr>t-1)Qb-|pu5n*IlS!?TNU2-m+4 ztzK~!zlc6lly6%|8$$pmxWPK^y(yxKW@asYni=y$kSxc*1AinGPRD1|pL@BHq^IG$(xN zJrJ2XK!l3u6Q8zJ?B4A8XtLths)qVG?bo7~k7f!%R@@bvuDIur>8pKzb{SgE6Deh1 zG}n;@06&F)^OspD?PLKS;O;bm4p?a$v%_8X_OxaSX?rf$pAeXALR@ePoWwA9kX-og zy9{^KfZ-O*$8_Q23)So~e_DJ&Lw|Wo>XA~iRwU4o5DRsKAv7cL*ZjzDQbgukidRle zbAKvS2+xnZ!C(S?PEb&G@~|U-!HQ(1PxWIunSPr&JWMC~Gh^lplARete_cZ|BTutR z6Kj+Q_D)O>$D*WTD>T=-FMYzCP^~fz2@F!a>kg|mp+Jki_=Hona_OXNd9EtuS|%|f zoDHMFer!o)Gv^w_^gLYz^beYwp+TcNudV-3oz1AHjVb|z(Cn_Tyljw;GlVwu@TGyUoQGFPQADezG(CPL|~8!WgIZ0a*7aUkIr$9HZR+V%$@Xk_J0LR7E- zd7R5b$GPeAFi?GFx{xT)lc#e5H?t>6%8X(lx8J`|rkv%?g^2m_jo*T=}x8$Ky`Ai;UzibtwT`GUjg^mJyqGn4(m=O zPskVl+<&7$a_Cqa#FC@^o0_}cAXYwoi(_T!09ICJuTg>>64P#4ZG0T#kq_xUd!Z%Z zeX`bKy{lnwMfNCO*^cOy9jzZ0N)<)k_>Cxn;$%Ox^HXeJl6e*>a?^$?J!qA9l)Xol zg4p6Re@t8B9M`-wyRUn4%b3V`#n$}&3@;;B?`fX>_5Dn%3v%Dr%=-`6suGEeJlB2@e+cg)C0MjGQL2=+tdvD$&BpvS z%TA%ltrs-BCw6iUYn^(g3xlLtdq=xri@&Zil>xOH>Z_9Bk!c{bMzXYZ9la_IHZsx* zf2E@U7dG3?7kY;5&#5^-NnEg)nX+?#led>6$STeGBjy@l>(ssM@Jl4IVc8i1Tf*9r zn6Dc|+HA6cf~y2Fi0y1CNq*Ad)*$*4F5J?gWXLy*4ZPpfCl4Q;)MTZ0;mn6zB7u>q z$<=!Pfr4797XGlXR->zR(Vqs^8dq4$z1CkgqOeCAmV~<&)=D~9zc1|3@cQ7v0=yEg zR_wuo9FyIn&PO1!Q>bBa%&-WZ_sOm1(K#Q~(<3!oX3Zv7s_bNFa&_jQ=YFLDTwGHhbgVZR;~VRP2~G9E#P<5& z)aLr&oR<1va)aPLBsZJJCV1(|H7c7hrSDKv{WPgbPi|D%WFw7BLfIrBJ-J@b_-q$R$B3J+p+NJ=`I_C>=zEUZg7N znHuEM4h;|2sG%meS_$udM=bZe%OrVX=D{&nKk~;gjx1TF;DAzP4*R?_N_X1Iq08@x zu~y2ACnkn>|9yMl1PyJiHkbNG=7QVX%`yWS?JCW2ZPOVcnkhT;mm>RJef$uZO7rYH z^)nfCrnuk(*)`~4kg0V~cVO9ZpM%%s#Rr|ezKX5`tK4N(Vn?i;#V8Q+pwp2ST*Akm z`w!Cn##~9aAA2x!t^|dhPZss@?n!E${<*t1wo)omqvyfM30jB$D>$8c}q9`w#-;0|ZVm)U|J z>Dlg{AC?`bctR3}ToxnGrkv^QL5W+s*C_;h8Zr)(h6i^kRkY*djpT~PrymTc4zlRU z8;#wkOSh{QQv|Xna7)M{wTB0mS;g|}=8&4Xgpp2hyJC>vXN5ns0Et%P7&Y2B7!0P%FmlNldaILpp`k5 zb7ofA^W3id_2jo(j37eMozf};ITZwC9Mfun78scHj+h)41lW>dKquq?^$4x_!X3}* z_;8CY;+Jpdn~P`h1t*vD4TJ7Qcq{RRV~5#V@@_1KUrUns=JCk>R1S?6i8R-rEfS;h zKx8>Zdzd-v@}Lir2gP(SquKK>i9|CqvOqMHnc8&?Vp|+p@S5J2)JNd@le0Tm^6gHg z&S%Ab+HTA&&-@*#B=b!2bR6kT_+1P`Z+P_1gNOstl4}secAB9C;HXEPLKW_2ZMPk) zZ4m2v-pPp{Fl$&FmPGa*b0?j!*;@)}} z1y{-v4YuQS{M*$~eE$T<>~(wk~yU)ggFdP5CHe{QDq<+1CfFZEdMU_u4!0bX49 zRntUff>>Y&@kT7W+>Ci_wi*T3^?@l(;(X~^MXiSR&AIu23`-1e*SLSRWNDER9g^gF zK?K58xFFI(J?+1O)j1A=4j4Y6A!imh9i0ZDQ-VC-&St*o4Y%8IQ^Bcc@biIeuY%bX zx81HdBzC>2s@JZ!R%!C7=g7(wSIb!f{3;up@T@UB9kj>{Hd{?S-QGW)XLp>DY|1@- zf3}kh^&GWr%sqX|KNUXF(}vvBMgFOm9elKb( z)95G2><>94N0~hSz?UrqivdcCy_2%}$+98Kh};f2%4tCUSl?w*3aH z`o{YlwxvzG>{XPKnXPe?T9IEZWX2PrT-mxUib1>}Tl1ctk39Kgax8;UPlmHfvZHj% z)?t2)Wfo?+y}6QG8VLyzIJ@dyYIFX;z2l9~;e|@;#Y6R0T^;LQh*q**R;#MVsZ)jJm5Z)+XC$ODPC)sYma9?m` z{cO$&pZd#-;NW|*{2MLvaVaa4B(~TRJhIDBZ658I;yB||i3$vvb+n>Sy=O`ya!@K| z(!xhA#GShdP559+W;_pFTEneXy+Xr(*e|^Q8Tk7Zru|L$%llVTj$prr9?zA1*FTPI zJrXDD?1lS<0km{y#%$5E#-YkERK1e}Ho{5t&_6HQzf*1CkcgqlcR+sXlp_b*A2NHc zb5M%&wjB3tN6nIj&V?+UODZ17* zw?<>p)sLsg*<}e-EHaOlwVT%$d!J3)~$0$aZdd3$4X@>V}6f3$v_ z&?w)(Xk(mL6eQb_#7wcq30;vYcZ|}L;p%_Dts4uuH84NrO!})8FUX1HAI@`m^UC~r zF1+o+@oj>eNT#LFP%hV1gYU|6Kh2tW3xn+Yn0a+b_^qV>?(jQ8q}vb~AP|&3F}N=!gD)2nX+S|-!j9+6b#?e zl8PNTC2brdNQ~8y*a&MRZpx9kIY;6al}u3DRjLlpv>bp!X8o^_bY7x9M<_J3S73C` zjGQr*QEC1Ncj|G8CKdXunSH@U6v*xl)i!ChWvn?jLwe6NXGjGDXqr=*d4a~n8crPmO*V#pb@Enlm!Rkqs{0w_P6H~* zQPfR60nL#eVDuHf$oIo_ABi_3Z{A5g8cENL`D%w1fit2-Uoxz;w8>+Y8{?Ei{TM}o z8f_P5MxKDB!X)ykKzkR7J}gC5eh&O3|6BWMp`&>+1TP#7@tVIcA3V-R? z%N=P;MWQ56zVU2sv-a&7TBtUZD&+V*^$6{%qs>}dFUfZklyL_+jX+#XP6=B{XeuOB zu={RX874EAVixo|1bDfrmqH`LV-s#uRA`P0EmnY*sIigSj(w9 zOmY{Lk-~(wRukIVaI24W@WziAg?nntCQ&6tRj%dcw!X3bi>O=_8*?I@a2kiVYw*j% z-FMiu5^|;C3Xq{np+bdlkCDZd!<%;G23WHdmHZ2o}**X;5f~+0Tk5SEcRy?)(o>1dDPqX(ID^^%C7l0@mUTK>sl+*Ei3Sb z*>Ep}1R;^hhdAP6NLwr-i&rmL;>FWYzYqSE^o)!JxsfjWos=_rA2i(a zaR#V!$Oq_uU36aUa{@j1d9@O%UOg^ws7KF-LHYaUQ!~KIO>?(alkMxoZRGo%GKnz6 z1RO1>REhX>38@ivj!nFw$Lh?wOXr->*uCw{R+*9a>B7*bvGMS>LL4EgtbY)X%EF-@_XiEtZl@`Z{UVIZet*9(mN&4QVI1#njjM44Bw602 ztv9%eBf>ysKZ&eYx;Afa&?w{Gdlj}R?%;@A2YtTs8$Kn#uq>`TE?4;)U-_oO%F0WX znCA#yR`o!H{%O9!cWJ;vX-S6`O7ZTgwkaQtrZh8QcyOI<5Pi7OHi%BJ=lW{O$++3i zUZxMuvAM*&s1es?##b@BUb#E9=s1BhveQE@WE0-;V=2j0u-dAaso-kZ?Dj98PP1u27iS&eB6j3%UA;MIHwz!pVm+h=t zIViiWN){944t!PP+>Wc!(rIYD1L6NzT+>3;^o}qV}+ACEEn|9(?j`2OK^pG<> z(yo*#B}(JBEw9wRM#thII6P42swdcsH^sP8V##2wW2RF4lI#5@yTbs9*9^&EO2S{R zb#|}liOu)Z3!muKS4A3ub*y&6iv{NWdm{d?oQqlqv6FwBaJX!Lu_FS`YuV3M=6t66 zI`cl$ic+CF!&8T4yml*R9dwb?;N8CGPNK#_;@t3v!NKFQJr_q^zP-*#{{@1BeSxwr zipDW1@UXGpObjB+;b-!wp?gD~z>Q5x|CleJFgPKa_;RwK+)z+%jLMmo<|JYKd8&`+ zq$uB})8S(Bi#1!+^U7O2h|TrTmqk$MbwxpWRY7@mK{@p0dNR(n$uQf)sVJyZnXA*l z=dZ|<@O6ySzAQIff5Nx{jQOg?>H=MPg#2JbH<)9O>zVXTSOi-hT#UBibEPkuD`)`B zfaasNaC(MMK`0dPuy)%`+ZgGjENUbA6)QzJY>+l{g?!XTR2Z3Jz$~JfKbZ#&&d!+Iex4&Pvi`m=9BPbUJC*S&lsHHb|7@_e;DuaOXE) z#Ey*q2bs%^5rHAGG+ADkX&6?Qsc;|l&B-l9ufsZ))*;fvm37D$m9aA6$~^>8%K)!Y z@dY#W`5K*W|1aAr^bzbd>yd;0NjeA!GeeG#AjcQAvH9o)be}ePzp~iCz;2HVux)bJ+j&3m}yL zb*4ngSdt6)msx;CqkZie7dhUw4+a-!d1$=r9GTM2^;>Xezbg%kcYoPZbh_L(nV_yQ zO-WvdVHq+PmUn#I_4+#yGAls~4*kbR-+ix2%x?}rjCY-6m2P~t;lp_MIIA@BM^@>Xc=uQM%}1Z(-JjQk%&0jhURP4j zN29w=5`#0NrbfTtU|js}a=%+S>ta-cf7U%#b}X6z;B$E6Zn^J8t=dD)yiBn@=g9j9tbJz9I&p<2;;P?HEzS#0h-%ar{Ys^}klstMnzj`xc2mqeSvdBeGNFd!Ls;aNh%M65uz!lGNaXHTk^qgC zsgdR{U70)P*_EU>yPxy5PFfqS{t5(&zO0$Erc<#2B&isHypuM{Hw?>nm*>dxnP@3` zG0UZf=q+zUNcOaASIb;LH9AjtRiB}V^Sd{k^1&eF2GzA5RX4%pP`%;p!BEYAi`|;# z5j@XV509^iXfvBcgx+xD`a!ydQYjNCt=1z_AiUuObBNs2>a zuqqn<30A{GQhri71kxq@m&%nC5Bn)s%X53;i-nGi;;7+4q2ZZVE|Lo2r zY*tt9!>1}YGj{!{+)_|(kIL|>N%X-8sIL4$)swh^luuEJXenjO&t-gdv(MQEXB5A# zey|M=o>rAutQsZ*vuU*|gjc;GYA*lxU{do$_ArqHw^d`xe#L0x-F4cQBv0o^BS;W# zxKIc>T4lE+DS&B{M4`9X>vyFm*~iCZaPKDV=toTWtX47=5eK666qI`l%Cn;~gj0Rd zN_7i5Ly$)v|9zzr;Eh@pJXgDFo+&%48E)Z1`#Z+nKU6p#B+P+r@hLzvG24@ zgz5jUI-vC-3 zT0DptPqhCH=;HnFGm=q0$fv+R*}>nX82%+1bRPab|2zE8Ir#TqS%m+nV)&2Wvw8f3 zx~fGk_#>~H;E!X-tyO)35%??GX1ps1{!EloZHUt?A7S85RZhM_KL`9Ca^v zRVvDwC=S;*zUC*cfCz<|Sh+Uix9Af@LdM(&$P>^S^R7l zx$YfnO3fhL>O3z8b`0bH`>2~n$*~ zeDTO#Dh|N|2Mw6g5=Kx6xg4o2J3*GZC zsSToURR>$D?D~QO=ZZH-GW&2rs_!1_)uh-CjXK#4lAkEOBx<8^r4@A2- zwv{trKPP~sIeofF%j1qUEykW(oil?zHS2c}yY}1U1Zsqb{ZN5(q+0~g3>|c9CHzRd zdnW+^+a{`)p5&{?2Ub7q1xTgp?yEc|`7TmmY(iUmRp3vWJKGhlJhz}cFDlEk0z=-& zVlwUFt}@!qkKnf;>9=zp$ffnaof9#qYA(Oy3%CNIXO6|+ndXXD-LOh=o7P5JRa+2+Q{Hl1I7nqv?!hV_HK20% zXW1P{=C*eOL546XyVh%q&?YR~rXHC+LE-m7#E}_ig&q)s3ZN2ww7DdF z=N+j>WWZr>wb!JaC$;Z;18P)mPJ0e|zo2HgaD84IS`V}wfRk{s=S?yZ__;2yxKx6I zz?6G|S)mbkED;$wy1C2k;^-b_)zP0Opu&30BpYsrJ!d*^tZ+Zm_H#8-_H%2r4^W*9 z^p7b`0Xue@=_XB!XLkj3#Nj5`ysjz2D=7QtR@h3GtqG1`wh+z1s-g`&)4pL<79ZH* z?+ywZ&Fcx+ZfR{}w_95|2xLlhD>TXpqk{b?#mt0?jtxW4I)}JzuZ9+kdZ1KM@<-#{ zDgCC;hWLW(lw!!oRL@p_B!LohR}}j`{?~2nwnroUn+1tA#7+)dl|4sx?vnjXX71~= z%anv;Aj~$~hUr)0H5LWVj;Y%CRR8=mE$OKL*Bu*<{?-8xw#iJL{gHA#9%-X9a9Vn~ zP#WSZW-rntt^3i9v$(NH=w(OPBZf~Pi`R8FLP4El$ku1(fVQpD?`8E$7N20fgNxl( zprfS!RdZix^EcfO%9^*#bD*&OJK1lm{qpQ_1KV@{vO?f#bD~CH8!ZtZ_@|bL;j&wi zm?sDs7W?mYRXt9h_m4rcjy3DSMK80PCgN<^6}>h6D-fWkuN3y~er^vT-u<{d4m^Mg zNCD3|<0td;ltAh`T-{6k^leJOK8Y!TBKm(|qRafGqGRL9NAHu2cb`eUdd^oukj5)m zukUvWs%tmLwF?gF{!koxJl?%G&*NPS=yPdGJr7x$+DR8OU@DoCNk>5XB;=$Nb5uHS zpn|yr=GPXMW^P*=%3Af=o$;=9LfwyYX=+Cx6yPz-EAe=AY}7r8V&@_X;3GYjTjMsf zH+2CflO=2>3maEy7|wCTgFFty`&~EeO!ldJw#Ap(b-+vR*p$_F-|qxOJTq~a$~20f z)MpiP5z`+&BoSbC#@>SkGM zh)7ne+aR{|dM&w_(Zi{izp%0Y%6o}sm1HMNjIk!D?YH2IPX9!JAsV)ZfTmuJs7)VL z0}I_Ni^9oHIvmKCz_U~XHg^Z0<>7>GWn&f(&22+HiY|0)To6n@y{#N!Yu~~NTh}#q z|B=)it?}+Jh$F$F&&hLSYpLrZo@IyXX6J_(Je{$b7o|uZ<~Z8Gkdy{asLajNQPz<6 zdYO_Mcy4Ye7vmQ1hr~01M*p9i@-mRFl z1wC88*_vgHmi2c^L`!(tteJ}k_(xI{zNa$8wrEIbk9S#~T}H&!&dgr)2U;mX<2&oE zm+|iwSarq)0OStT`}7c07U}9V54ME==#b|5kx@1Lvcd90j=ly@I~#ghekxLj$Fy_; zu2N>?LR~OLo4xykV;9oV@B-gKUtyiH&Pa0HW`Q)s}l1D);4Hsc2 zu91{}g4vqlfhU}p+|2fVb|_t#{j`03vAo3XWbP~42C)hMiu5b?`jwHcjCt8>(gFFW zi*irDXivkh+=M1QXu**)k_GYQ__S9rUIX(JWu*$#<(O$w7jEWtrTbSjyN7>gQeVsbyR&Z`~%-Ba6pOv>Sb!xMzC%sFL5a zm*-GTQX|K%J7naCkbF_+$XvGaKccuMH`c+Yu%~ANE=vsPC+TfhfpDHoNp?Ks zb=cEeF8xw91UcL*s&C(CTbj}U04~;+eNh7F`~2}I^!fU~e4kmp;IT9%nqX(k4*TO+ z+LK>0@>|YOCNe#1^$06cn)XCVA2ZB%_lI|)?lv>FOLP6SN?voL3HSIF5}@Oiiuga} z6nKv>aV}m3Yne)srKXVgk9Pqjh#kGxFwoS5U==7;BxCa!gTqS?Ov2wjQ9%R&>f|iX zaQ-jZ9k{a4dKcPn?QeXY{wvi#@h1HPc+klwFXXIE*kx2vold=z_-%o{tH|FLyvD)c z70B|XotDN^Lk{hi?@8VHIv<{pQNUaae{qucd5U_vr{t0A4(VSNzB-o#nw72nUlh(vY``$}ax`$USkr=}5>a=Nss1P2H%8H)(Y-1C)@GFKQ zAeA{3Jr2i$V)hh-xsc*T{Ekms?(qF2o=>{mc>Yi-VeAcm+~7nLy(&BGcM=3Uc<)Om zM?39pjcz#pa7j#{pK!vf4$=nu2a~kHt^o%#t0gpYKG_oCdz?Razaxop^QN}Pzdez( z@Yf|(ct=d8(9eu)X?O@v^s}P>>hSnqFyftxMm%7=tKE2$lCgwjETOiT>iqkmKj<)- zXr!-dusp@)3kpr5HQJy_ol-5s-*>(AkI@D2$+2Q;wMR!4(T^xPLW@$TGMieUdF&;6 zG*WIBlJEtw6(_pahQLtRl!w1~caxcj?@*@X=&%6OU^+2;_>H` zPSznopZ5KeJV7R=gkD!}6{lr^P3RxwV&04nrjPtZ58gRCunYO`x1V_^d-<)af?%J_0(9NX&IKORhnPC z>vP=d*l@pCI(!@52bV3XyL~dOH3a~RhzHqa}=`n+{-&e3v=WY+2h=UVI;p0 zd;SdD421!9mRhrosw5`a)t#g2#FvNjt(!dQ8TXXu3deoCDg+S}>9d9|FVlvuLb&iD z)_(Rf8u}w-Ez6NP4)y!=;nJptx(70B4U$9`1|Szge=7G`$(5HClvhM$#-aKOBKGMT z#9li{0bS?59Vo(=hL`W=G#w?!Csm+Pu+&Cya)?@^vh$15HTE)~c{hGA8XN!(3V~#> zc-HSuoTRcj8Fv0*y*9H(dUVZ!I?wI`sU zVIIKW2Gm}Wh-%+HNbR2usJ(q%R6Aw05jng@`$~yN@C3Dp1Pgv4kfoT&lJE~CnQe|r zYGB5iWtChs_H9QrXx~4vU@&#v!|8dm9ndJ@W}1jn;ibHc zBf>x(=`~iMU4oaQe+hOESN*Bn>xvTI>g+di!b^P#@1J)qnx+t1wG}M2D`{>5_^!>3X9UBfGo82xxy$AYtY#1>qAUrx* zya+~}_p+Z@zGJ*$n#P?aW+|dDYJa9~xnJGcVq?*otF~ku6EMQ}FgZr-;;H zdtgni2$P_yS+=AVc)z3ms2nrAC0R6p8M#=IsQ>~A54V3(Jb-lqT3#ujfyqZ?LBZPk zag#^e|3M^bwp*`=LrMky?Ys16$lGd(cb}%)xxpP0)1U`enH)qLT>laWxc@gD8-BR(fO+xh zePGwI;nXio`bE6^w+_>(tG&crrQdk2Ev*xM_3o_fZZLA2q=X97fr5toXf?);=Op9+ir4?~ibIZb8R}#}2xG1v?+XsOO_9 zMZ^2sIhQ;c@7~4@Z^MA$y(jaY8{Tjf?!O=2!K`3DwN-w2dAf{Zb@mw>TCxY|Hl@FxdH+UN>_ zOvD!?hjzX+B=rHWXWRl7wk_CpshP~&yC+0KW?Cd63^g9%1!FrVaS$RsFv=3LA0=cQ|XI!^+!8dDQcPZVQ%- z3c=W9mx*FSreSzyBBxmxelLuE_tG;j;~ilJVW+#}kJ4u)*i~ssB0g0cniOiRK)%sJ zaX@xo-U8K2!>XN%Cv3}TE5`ka^u*-ocl)mv$WI`_y$c+BMS=$pbL?%Ba5y4`+w{W1 zaS;m#@b4p`+_?r(-0b>!uL~Td8sVR#p>3kTp9Y;g0!0gGXrv?VVaFylMRaJk0w}o! zt%SXj{lpsEvl0ZsMiRJR4RyY%5j)yZsI|s?@7Tuah*<52_+o`4VuKMEIG(u5JwL-SX}pC33*P zG@9_wRu_a&+diw7T4WcFHpi~Ev#L}d(nz^QB0=YpX8V#)Z8FU#tj-A>0c>$N>}b?(y+{2eY@RUo@-10-J}Jql%wHj zAJV62ud995Si=u@-PKiZ&(^Cdqio>0>3pLVj8H-BjlJCJGQ9nB#cN6#UOJbm&e*G9 zTW(K5!8q_#>IC2c+mGY!blY;UL_sTRB?L$&eW&O1s{wAxxGePDM&1R}jNN~Gx#csg z&mi)jWA?|W53mQ@h&%(%Gf-az@wA=JbA(Oi=exFvqO@wQ(m*!yW`-+uFTZ4WQ2fH3 zP6rz(f8`ra2OA|yHHZ=?hHXm7{Ij4e`_o~@vPzBJhK>3c8PkQ^IF$T&Su^Y)>KHW( z`w@~Zz|W>UQt{W<2jya}^YHO2pw!bjIFWRE6NMw#{$}C2 z{7dSPKs5CRUzDFZ-wT$+Df^18N@i81)GU`i99irAR+2U~k18Tk+pcP%qZ2k>Hsv+s z?xNdG?q(f)MoG5QRf@Ikp-RC_JDXy|M$V>~axYcuUDY3{Y9m!ussESZZ>FOtt64eZ z?Fr`0@82gx)X#qY%snh~G%;v`%=DDdSOg#jGn*UfUfnky5-#kc`&VB4k0pFA`_M7)OrW1IXy8mHm>0BP@ zPvv>8$OwxYghx(;!Z#M0B6GO`54Sm&5q={pWDW2 z-7ea+jd#~;i-Crg!i469XRQC&RL8;#sJJa(w9${tP%ft=p;w7l z_`M^4r3561tvtYyUjYBUDjd#tnik>*ZY>8jj7Mc0FCNqm9 ze93OUko9A#Wey*`E*`X4gS%~%b(y1v)s22QKI5O%tCKyHcNTs`CPPHGOoDx0P45u{ zprg!3DJ@FE0}fF)+CKodZQ~1U7YKKzjeE67kxV-B@gx@_ASNrCZ1pF(S#2fCL2OT> zgG{r3_e$7=ca;^pB3(WOX@)z}Wgvk7DLU#;;4KQJ@_>3|XocLShP+iKL#w@(tNzqd zda6GV>;0V=@jt&|HhrwyBzYE$aC8%V zLL~u{;oik|XEI`?bLED7oE*J0e$}@${d(!nG!7%Ja++RH<%=#x~Yx#y5Ra z6ZMYV9+%mA9Oqr~1!B%+;NxdAlpcXw4#yAV`z}v8#YkwE=Bk@DOd`rsgv^9tdp^kL zB94qN7(29c^^h?`TB}8&&q8M>8PG1wuzcuWhJtZGw3k(pG?F78l!w=jcH=QM*VByO zmnubN#vu0PVXIYfh-H6h^P;pts{>73s8x$CExg2P+Xm1T;TmNO01iuNhOv(gJ$@#1 z0%-SfMn?yyHaUb-W+v2TKY}6DkPM4Q40r~YNQR|d`V%3fV){c=&YYJQ6}57r^7b~x zljsaD!%jX2kBZT8=ENk| z3W*_1X;&BOE2RQ|+OJ_Iik-g9x$WT_iRzY?I@B@|!+uh=p z2{2LzK->PdB|tDR*oTCQ_Z8hajw}Kq$lcE+;z%E5{R!!1t|$UMadVy{YUK#@-L3x{ zj+oMAweuw4pGodHe|<%?zKOkkj!e3&*&cuLX;Hi6pDxZl-O8SZ<(DyKKAZa#*?{@d z;(Pncgn#n>#9pU5iErkGahU)~sYss?ZB$5FAt-w%qc3$166`O#_a|barbw!nAFOsb zb_v}Y%fOr!9>d(Qt_n$jF#UA9C8CtkRveh&cnHPN$LD+FZ|Jzg~;9fnU) zCII7b?mj49)EgYHwZFj|KOI{UF1Q5BDhq$$`f;73C${5UtVy7M=&#)t?P*Cr zAK!OF;(jv0fuY#u4>q=PdP8GvGH9tyVpO{yQ{^DG%l8wsfecUh3|Dlg?C73h+_W^6 zskON@m5U_s>~!cPh{%kMY^}Nu13cECEL#_JA!>qdb zG_t2}kV4{Wx(JTh5{TZ+^0kFXh{$SI)2k-&{ezueKyJk|%)sKkB=YhCry3$oHAaOd zE10GRv9U|Mg=pSlpoPE~YheKL3DXA%^|`3_H+=01bsGcn2Zn4aO_H@eLK)e@<-5~;OeGnvEgWu=i*|2hsJ z(Y`EN)u<8kzT545`FlH!j~j^3`**r1m%S0wl~vb}r-@^OFpB1_0!9HCeGU&nsYzz` zlOLM2mmmNMC*A7<^_l5&X|9u|N=bhI@bPh!WnV=_KvjgztK55V)k+FxcN1K5qf%30 zC^7D%sgpa)Dw1GA<%9!r*Q*ZUO5s`Kq*_>{ljWJRX$RSBxUAh314@@>Kc`-V1tMV# zEe+p2fDh+0jMJL_pW^p z4B3DQpve%!!@Vd%W+S(aufp&&5z7iEN&yX*EfdKin--22x+gL~iByq1&3E$D z>J~e)j*=&nALPl&kw0;wAb>UTWXF-!s;^T7u@~;}0p6an3_f0${W}Yu^rLL&C{EM; zbN$lyGcuR2rxitFuw^Ctx~yVT!EpOWeKMB@iw}Px3#lF|lfr6lUPxJgn)=qdBHep5 zJC+E0w}*?ctX4eTvi>Z+|&lqr6)qwW2T}4}$Wr{G3A?s<{ZA|UyUiC?Yu13no zJl1^)cim?wHZIQ0ewC+~-Dz)Gt(1T;h_=Z%`12`)^W9u%YxpnXsy~gT&q|bo*dK1p z`v_{~hA?`_Kp#P*(8}1MR6GPaoXukZ&*1`Rt&_Q2^`{Q!xuQBete``+avd(?%-R2j zX3_UPcjU`oLpxs?lKK#qpNOA*pBZ}8O6Csn9BwFx`(f9%^cHbSA!((!$dJSrOaw+{ z>ch&m)37C(@xw`U>-sg2_FKN+v-X9zDf~e2v_LjGXYT3~?wR{U)@0_g%DT)ErJVFR zoUdR{7!hAEzPt`~8Qz0ktLr(jYJ^{29$2-JPb)_!sz~>}Phs-BTCk*G;rO_q;uxqx zwZoK+?n;w_N6=?g!)To1XB2$}Z;$;ntH^SX$r5@$Nnbm^tXB8o_8s>Bm>-`;JN~m-(VaBiBR@cOACO0Nd?gS4^GO9>GDo zpPZmNE2^jWaO^Ac2vsQ%k!xm;s8C@A#7^JavK9{0?DuRgu~{lvn@rsy*m5;rG4N(XdxOiXKRcSI&8|0Lqn=c~_C<***elc_w}IgeG;R?CW}><1GR zbD2?-{khw}<)&&qXF9cz4=R2Qws~nvzsUNX;m;DqP@XWf^W`C_4Os7wWMW0%U1|hD z3Zih#56tpL{W%v?Yq}l%{iNZCyLje4Q8UKgEPj^mx3YgHJAXsS1;VPNv z2gkHMo0VlaI)X zcTJ+LgD5|d3B}q_M&KNG*|c>~>5 zmGWI+ZF${0x%j1FdVRGKSf!=$&386m7H5t8YI@Wt+G_ z8EPyC35Jd0%P^V z;cG#Lz8loB@2@c`ljO2MKG^a>^%7Mep53 zSss=0QYR0OFSxiIFKGnIJ3P@dwW=I?RbI$nq3OQS(QT7FEQv6Ws~m~(lcIVx zRv`cB>WH{3@fR7c z*EQ*zL_eJtE9+~hTF`yF#iB9|wdNhkh=hH0Qaq1xLg=Bhrk~!~M@dJWe2mU?WUFWY zoeSL5>P*?od&rE$yDzi3#az`=Y-tLbr1j0E=qRSyx}(XYCYf%m%#8XS?TCU^<2u*q z;HGV?y(~hy5&Lk8%xYr|!gcDAJ}?TkN`X-l?px8!K@HkTUQ;KTLyrS? zJtHcY_kIDhRef4tgloY-C6jzkIU_a6@as;lsdX=mekXqASgK{pb}+0OnDFlE1(XK1 zt<82V$kw+0s|0UL%!7tTwnrNp3t{|44>HFxYX4pHQoGUVCKegQAa>`j@-&83dEQ_q z%fs8FHMQ0xGckDTH_BzICh*}o*SiRul9}0kb~&LYGr1HwF6Cuz`Ee3yvB-IU4%Uz9gB@ zhn4httX6UUWjv(TRxe&^1$@Itui$*2p%zv%nCURb8}%>cMZep#mT`@KJEyzP-hcsm z|4UNRCes8rd;$KYe?g|HzkA5v(#gi`UML~&GIOx%RyI8f4pa}@eMOVj_Uv;^kZO?3 z{?VpNo7OGjHN48AXyMVmL4y&L9vhvJ*tZzacdYqTtyP&vsm7>!gmxS3zNw(}dKLFo4g9#5JzF){FJ9=?341j`W?LZsbdzOFEjOWD~f6BMF{`>4lQTrdARoEV*S`wDz+CyhHI=b?Q4&w;7(|7S1R5y@p93ALlBP15o zA`HRQWR~A*rQbFjey9BJ9%01q9{<}go*jfYuD%~v>Ca641VW^t>WDw zOP0)z9UmTf{Bg&{yPx4#eBs1ld@p|7k@4e|*EmI$!81Mc+erS2o{Y4dEt0AEq zW&Vcss@dj0Hrsf{^C^P`7Y^-weMq9Gwd%4&>f<5F&JDxbcF1hq@j-Ij*t)iDbT8h0 zh#Cd4nTzCPdyB(xaAA;?s8FFo__Yo<15}FT^KI;TDGRUi3}G6}3ls~RtR2=P>Io{; zapu(4E=d9LYnKKiT5j#qdQHTyF1H2)YNb`b-z62Wb{WuQY(W!K3e(J4J_jK>{w243 zc?(M{g1V8|qFP^yQzKIqJP&+_F29bPVPB$=;v%F-dU*WV?i>vpPC%4NywMPY1{NWn z1T5TUxOWqAtcAV!)Tz0R8hISarLfUs74)FR|0q`uQbm%Hn&jm7C=TJh0ts{Yh_T$l zIJV(npQF>6BFga7`3!nJ?lM-b9Gd|FR~ul$7`mb|Yq{!A<@He+S8|b_6Vc~F*x0QJ zOt4iqh@G*(3k$d!^<>Vtf67X!DRLv>so>K@CE+~}c$x7ZgoL7rQU%NGvyD(=+S}%W z3{7T^Db3Sf!pDn7CWRFV0h&MVWpA%oInC9h^w>uFoc&fEMHUZnpCJeZeFc4|Hr-Ie zES6yBCCNHzZ{$zg1Hq@ zt*kjBZK?e3Y5%o)HdoIcPBb#P`z;ulC&ubej1+UNjLwO{O4t)~wMHmnY>s=HBVrRy zam;fz-fV3BnG$ioKTs(odkvmDTs&LLl$klQl-sN5kDj07qRxfIYOeY-j9gKolbsfM z>#mif!i8BUB~VL#@MZ@@V9gM4(mL3HR@p#x2n}eJ@&i~($K*dlrCbGHu87Ly{}-U8 zRt~M_!v8O5@&5GwD1PhL#J(Ou$3IW$N;+x0>vuv&nUiIiEe>sNZRMT8gB7Qva?xnk zQjgKR&qaufO6$4mPi4EQauDn4&J$U!+-SD*qd^7zjJaBH^ql5-sc~jO>b~A^EtZb;=9pp3BNxWIzaeqFl(bKC?1I?pdHLAhiM3H|Z=07bw)fB#=K1{PyLdiZ z@!qUoq~_PBL046iyjSyo%F95pV@;*7N#AN|De`~BJ`t(ft_A+j;f{DoyYIsfogc*F z-8Zqvk}2)@z~O%tzv2rL!^VL9RLTXg=87l~!0b6)v|HDvCcB?ks3zu0?QvR>nsk0J zJl?JC90eWk-LIzRYp0)oUaK7uu$2%-$m#u}O;mULSmAL9POHLACoy-sgBdL_`GOJ0eC{ZK#|$G1X2yaSCw0homoXc@ zeb#Kam%wPI4eQP?ARyN#z@#TQP%Gum+OnQfnE%WBKih6~(@ zbCT@rcO@mA>$l_U$;R#x$@`9k+Gn1JwvB$G?enZ)IyTgwdEVJ=+X81ea9W#N7YiL6 zdd`Uznw{%M#Jm1v2xBpIMPtvC!h&4U)H3EfIo?=bD0{H0B)sCC&=9E> zM;c|AD)(bw$^p&Zpfy<#``2xeEJvCM?YRHzO9U@+H%ykl@tEin#caLLCVAR5GvrV? z+sM$uvBSx zL~+`MO+tb*TQmtq9dfY~obUot*)p-O?%>wVXxR*(nKGeN0Qd0#t4)>0mdcUX_&Fp9 zFYaw~^Jh6XG|ff?Mx$qJCF8&3SVf0$eRi-!xdEd_O6bR*K$kwEG!wf`5b5o5K}>H$ zASHGkx01mzEZ+Ixpmk)Cha+Hf&alqcSTeIsRnk{1;#a2ZG;4RK9w}<_rrglZ&`KI4ANAWuSq{sf>XktAkktsXXp@UO-rwF57o;GXg8Jj)^?ew~lzD`v{ z(HiSfYlX&2x1Kh$j*f&a`#F_lb>V%ypzPLlv+0hY(R;&nHWqPHDXo0cBc2|M&T)+I zD&yr;?Q9(lNbfoZ$5&=X{@(~u?E844@$N_HxOhGM_qYZz0<%fwnS;hzqxM>DsOY3NoNyTLN1w*i_X9*I z#Rf?fL}jrPdvv`V1tj{2Eu}C2DVHQ+JcunpPTP@U?qTP|=oo?VP8Cj!+*AF@p_v_( zaeK{G=vX2Tg7r-Pa6%7Lb5mtpaU1uj|9VwgEkM|}Rd!_$M%F)EznzQkv2Tt;|Jp``G3-_Q`liq54`_FAjr`sm3)=^U);=%^}hB}{iS zL1{Q~u$s@>hPVSdI|p>1!K!AgYJ}ppgH@?5suB)&!!H`eI{EJ?uH?%m1>*fy&yVs( zdoH&~a`T(QM`z`lMhYV`UT#&Ku4F%mylnW8=j!*15b;&-QdO!+NZp#Kgc91Jm)H2u zG^JDpUoMZzFVLDlpDO)#OW~{NAMfa{)5^U!jZ@HsdxO1zrQ^^z%hL9UZ zo2q_uTL-wk|4~!Ny!RHwwjSps#-&JOxl6(;-;*!mT?__SBZb2;L8OD&^QU?VGp9^G zxcb0YDin10w}+Hur}K5NTyxjx-b9KqWDMe+2!B5EYHqxmu`2tl#4^! ze5cqQ*)hg|@^IZsTSE0Vuy%U%-Q3zqOQ7D%6he2#-}7k_7bq%j`>ahe3zzlU^tyAaG4NLk13dHQHZhbP ztWWDJE$2eXPTs`r4aXGy4j((7At;T*FaHMOKh5C}UfN#_^pEwLN!FN!{DaAgEj;X4 z?;!TWwQidyH^c($!pEO;l52ylOs3(hM#rEwp6gy5b?&lqm&0Fv-knD2&pFs#sA{bd zp=#GWy#sb-<%8RLb!Yhu9c$dgaH~^M)~n7!bh$WULCWaOHuHD+OcT<|G}%r=B>Av1 z2r}qdKK6*g2u7W4X^9ra6blj9gee-1zA-R-{RRnQU6hh1Xcgv~Xio!2uj^&iXNqZJ zpjK$M0+4ErqV7WuaB_yveQ+O7X;7OMt4dh1ebY13zrYg1LhOOL5@4%&Y!NNEx^Jdz z(@R2IU=umyN6BhE5A5LMXu+aB!t<{lP_@xj6)Z!7f+V#h95=8g;wZ*$T65>Zn&AyU zqX!5@YFl6Hxhw;Rw8CzEmgEqlLu|!mTjlJDSuB~9(n30Z5YXgN2wqZqzNA@kxbeO!zTgo15Mrx zMwnw^tUvifjZqm>T!i_j;Tpu2tPx(gWj`G1FaRqpf`gIw?gE;lSLlQ^C&1b9I1BoQ z3G6lWgV?`cjZD{=$IW#8{aBQ#kJ&q~KiI1&KfzWpnsY@8{(*aA40i_Uj|UlpRjRgE zg_v5gU1N;T;h+CrG$lbW1VEFkSPN-U5bx26L=%(rHMA3ZBOg zk@erBbENys-=kapHFe{C!tTDyz~$DeJ`l)#$_*_uM=Ub|m(o`Dk;`ej_EOr+STnHI z+71}-k-EF4L^>xCN<$auR+^#%Nx#i&KbzqciN`Pn##K7?fPghdp76mpjs3Xg|%^^`unRIp|yR?=U5+o(so2Ir3Md21FDfK^$lfeeAs6{(po= z3eWEi;Ql7_srjRyjPInq9lo{wkk(kIonTLQqjsr?N>7)C$9dFilQC2?l{{2;FIkqy z6{KAgLv>fH9*rpMO@i{t#V8M;?_asZtEIWYS|KmF zB6TLV&AT?YeE5#$mWZt3F7;kJ`WJ<%qrl}SpC}K1a`J#BJXc{{{R2)-9JQkK_3ob- z=kxfD0KWt2d)k}U_jFyDM^ZwNKg~O)5zHUG`VG$hMM1;a&u~l?Hr;zMXg4tkPdmzC z4t-2Zyrd^3JV=!!C^M=|J(9=S6&QGB#AYsJvi^7Lgk)xCA3r(J?0mV}RERW{;Za&a z(J3nKu+@)54qbjAi!4uyaE>oHH1(hBOA=ihTYsHvNAzrSBaFm56FYy6cp_u+&GpY% zh?OHlTSqB3s%hzwBh1~#giE8O8MzZj3h(U--$}d`7DpFmB4~pu+I_ zI+*U?;Gva=AC91S$?1tjtJ&lIwNE?abstdEfAnM0mDC&(}rWRKOy zNg)x)N<-icSVg&g-{LIXXFj@~AaUFF$@Gzk`yP_Nm1RL9E2^hDU+-t@s{}&&7uP#zlt?}qt=Ku9qugHz@d6HN5E$5PVQDo_^lsE4GQ=Z&K!#-OvTrXWKq|=JOa%7 zYePsQKq!|9UfR1}fxEJTiH~qw>$=WY6;NHl6`R#afADLn4bU;4`dY|jIH;*dgs#NbQ9XKp9} zxHDmq2p|GyuUl*i@GCihqh3B;0Hv?O5Ohky(LZ;-1f;L0F7 zqtbalwvCQx+hG!Fe2P?mQX(^IzN=QNYWl339<}fYgTj=bK`||);H+qQxSRjX0DO=x zD~K?bRuZ10wS%Z5FZAOm{kYGjklZ3C-hG4Ja0?suY$xe3e|;>@m)(cq{Qd2%E>@L& zidhdz2d;eAjQm8LnbsXUtKl{y3VLaPxWe2P`ma~9!EMK4w z(vuK9B@ZgK+65I>eOuA;+cG;gJq6 zJ>p~)Z%YJT&Z{yBC?Cx`iNW0AkT%qG_chCzNQ>-|eUC0a|PUZUetQ?F0 z*o%GW?P^aJ0TRH^BnJOe$Nw8~qO4?8RzAc9?-xp)=gw z9%uD|iwG`OMU{8jY~?GW%EtV6-y5X=LsSLAu2$c&7%TC_?~x8=AEOlBu;CSx*3x7K zGlMgO9{Usw1aiJw;c+k0l@ZLd-;0xr!^4w{S0A4IEuyuNM5@2Nlw6$MHMuBt*&Y8N zF{mUtWSQjInn%s{pz7heYd~O=fa*_xUCpRt89YXAeu&i|+|}Tm6SrC&#ociK?>N*k z&N#_geO4iF?J?}Z1SaPVr(d+S=D+OkHpGYBlD%tU&0LQyt*AJ}XY929XT#7y6-H|PS z=rSj5qBGDdc%Hq7%JBuQRYxVd*r)wHzw~~Alg{iML4q#KF_DiEX?o7FId7h3?;^)0 z!x4v~OG*gH(*tWjM0JWYI$zj1m(i((2dm=ko%g`ePO$WE*){rjR(IdjY=jnD(@i<> z0^Pq7YEM-)b%qmBx{RK~Sw5Y@#(5}@!_&TwyZAgGxGHoPi~U7^-ouBQjyl$;sr*I3 zOX4rum65H|Z@p7aD6ZLsz*lRrvsR0pwc*~UN8z}UhiBx8MeD@Cl4XcRhU?CW4i9M- z*5ShQq)Kvr6@>YtnPqdG@Hp{#s*@S=NHvXTTDZ|FmmRobjlQ4?ZP{JEj*GbCfZ52W5v}q48t5kDBWSSZTTwy$ zeL}Qeo=T~GsW0k*8!}4W_*U6RnHfOZ&g!t|;&!QVr|fq>aFXc!NZkx)ep~5Itf7Q5 zr1HxrsA;5xjM;_!Voi@lQTdz6B_vk+i&HHpv-UtLzrsvXw4Snft-iH1 zSd0OAB!)K$wSd|a(Bzeue#JOHXN$LNl*DZ8=;SDjkPj&2I0Ss;d36ba zDhWQeNRbd|#C5Az9BUX$k`P8iyDSsqvEYbFJ%qpDHCL%x01&TpQOi#D5ky@a``GSV zcyuMDpivU89qzQCTrF_&D&I1}=hPPq$d7H;@=|9{(~;GwU?*18U8rKCv4$S`B!DCWqj%?o_6_IURi;?ZP{UO_OL^o#>2heY+dLJaF zjIp*3O+*nm88t;^o7%SvI z7xH7v%heY$V6r{R`gC~6A{}5uSEbG+75Y@byB)c{zmV(u`SYyr*K3HG&DylTO9$!C z#T{C0>%swFnrOt2m++cf>*i<+$x^TTmqlZpMc-_s0dq()}06yj}}Oi!%o zzr)Q#^4drLliBB&95>Jx9tU3b)sGxa^7IJms(RgKwoMovYu0MS%!i?_%!hWxsteB{HJZOAu&SMqZwtRHz&Gk2m#Li=R*~P;Y-rxAhzLhPfI2QBbCt<@a;Bab=0I%MYwu)L{-p8 zM6+zt&9Zl8^RsMol3A9MW1Y{0Omjmry(_N=WFPP|nd>XRN;GzNERhsEgv<4Ls)gI_ zBl}Spg3HT~+26~ljf^)+ry8VF(A6d-^p^so7ezo942&#Dh#oLDsU8AT4Ft0iH7bO9 zzeE*k)ySyK_#$sJO7HZq^I?MAZbW$2*TC~s>3$J@Q>1^Nf*UBv1RDw_yh5td?nG!; z3)z}*tZEHJ&4v;&&P!?@ugAZ-dHpl`S!ASh4YF}Az7h0Gst2T$`IOk?-w|a3Dvb)R z%rmiOn>c823lVMHeDm+NadVt5tbuxkH-948Y`aG9NeOc2l7@$phiXyLx+Hn1))TGw ztGgB{oU}6;>@qaD#YA|;|Cz~6+K1UXIr_c$Rk!LX2B%r)0-V4kR%wc=g`$X4E-=Q^ zityf#-Zb5>5eJcX?RT^06KYy%IJA7$B$V=KWyVrVLKE@YG)XG|&!Nu4KyLEzd}t52 zn;B*hd%4vonm+B**)UXzQXQVj`FF3IvV5J1x4K%1K|Cvm3 zowQ9+5=!3h?^$b~bLJA-_w%0*Icx8|F3)<_b6d}P)>;RM0mH=4f0)xJuaw5RENn1+ za>HKG&GX{BUi6&0_GV#mp!uRMESW>LiSP$jfcB_%iPDQCTsd~{xcnaSYD%>3q?=(%TIH5x7T4v31P$Nqv` zo)^729JqB~@<95gqoP=@9Jk*Go?{BuvYCitUPYsRQ91T263{a|;6yXD$PN<)90fP8 z5CRaj(FsGTi~cm=M7FC>+9%mLWe~gyGvVNhtK`Aunl>P8^j41bD20vM;Y&a}Cmg;j@+O^NoMGq#dd5b>Li3(CXsztbYT6D5(~1#cOrmM&2uDYPF|dDe|$~BOn2;r zoN7LCij>q)ui-)vDQRRhvDJ5DmF(U@b&sFvRInwAmlswh?1{>?H1A2#2XrT~@JG>b`BX&u3!OXr5WG`IsJSJ5j^rOPiYZ zu-u)x?TjrU6I&W5raDjK!EFmUyNQFQc@pu|OHh`mRvxPLU=gekN;xm}C!(C@WvKM5(zZ+-v{e1gZmk}6+@)%?8)kQ*qe;7~%JRFbk_ZUxu1a-$CLzS8 zs^%s!*Mr)=7H_E9*)~*NqzzT6+=eRRL|loI=6!W4)##<%(WK2^_fMR3_T+QUpLCv1 z@b36EnX>D|=DGLTw|YO?^>?`jd*%rRY4PYPfu5(a(%+5|@1g=EX55~*FAg z-YG{h;>kFiDx!N#$eF5^%`PEwt@ojszyysZBy~Sbhh5ho#&XvLgQp_3#Gi0h9H)ty zZp!1#iW@&%erI2tskm^aqTuX`DjTq zrv9*sa9Gv*qb*pbb0JDMC|&X=tEy5}{KKSzJB8K>cT<nU7W8p_XmD7igSF}cdcx^Uawzfou5HpVE;_TDpkJ^(Vv@lkSh$`8BcTT~MLiwuA$MdPiE%`JU^I z%kjmCEt=Rr|K}lgrN>rb{nj@dI1sx=o#4T7thyATdnO2cN5HgT(PqTJFR2^ToN(adn^g-_`x$6IS=T`uU=|Gpy3m z*HzXxX{xat8!k$P4x!HM2A1l?<#Wg&_MT-KP2r5-0v6xL!k;~}|^k>9D~tn&`Hn}|jlq<>(?Mt=3DbW5COfA*xj zI;&S!>+;;&`>Hb)7pbZ!>TKpN1tx%InCZ|pu_+VaSBL#C>dZ)3q^og~6cE6e0@tVd znF3diDKG`<#6{f{%>G_mjhMc>s}UYlarngvNGJyMN$tW@Wzj)a116S2@n$F|8K{Xh zLD>w;Ra2PgoaiUlQ=X1BA(QLv$sQz!zhaZ?5kUCLNDI(F4^1-rRnMviK;$wMi=I(q*kwtO0MZwOiikonxoi7g*P@HC=kQA>e%R!V$cYe zD-pGh{hz1=XNbctDrq1=7na_-6H{1>jiT(Rf7vizHA&MtPgT6P#`~z_oeyy6C>JKo zoCIqP*{9Ztq!MeFnZ)|Le)#@*0Hn6orV){yyhfaV{QG!$YKz&nJT+%0ya!Jam6Y=y z^zq-Pu02=EuzhX4jF39{%b-m2%jVKvpRB&@hn zc_rWET3g@-sP>QYcwj64+DAE>d56kL9`Vb~_+l4^9P^T_E)HM}>nybEFqL(}PcwSk z7FCN@O6-21!)0axP z-_huA+Q;lWa^!)Z7)dhLKGLqkE=r}@dI3x}fEC{8%0pWgPJ5}pD0<~*5lYj`N0ELwSuA>t8!^Rn`S%@=<;WlgUf$N!^y^hE zg7&H_C^YeOZy%ht%w;v_`+j5zl3PBPvk&eZ;+*ecvMJ&0gE^{YQ$PYmT{;6bhRKVq zq-4|4b{-60dKSgtv~MVG8e!(j#S$%80;*PjN~{0+>xTn6@_;;M7frn6Qtf#BL(j5k z=ys6f<#{QPr$^RrY(HbUbWxdf5&tCi9$F3j=#aCQ#vKonJKk>U!^>s)aTCv)7D0nF zBghrGqKhr)-zYJK-_d4B&p44t2Fa+?y}4D=^Fnm-wt%+j{fxH0^t}2x!1}(B2$dP3 za-R1dgTO|P=+Ki_o+O`aQ;J>Qb$q%AxZ0OhLnft9-KV>$1yt$$pG$O_Hd9&1v@AO9 zLQfj0g+<&x`G_h&isUMw7j(t+6ClW##Z-ZklXH#C;<=<=M)O(G&-t~g413x07|`hQ zZRq*7r25zgmt96*VY!QFgYn>>#6$P_?c(_N7U=v85j9<{Hj#8k0e>4NaC&sm{W#*zWQwSI*;40=qTA_e^jTU+qicekcFO^ya%nV)c6+7`te--r zC!&5^Z>g2lv+4U>%OnHcr9bJQJJN_~EejH44eQ?A3 zi|SXg;DnN=dEfesa%G27sx;zhDxu3$Dr);XKJGgxc6>-dN#=?~7EyrT5~GUWjF%Tf z!;u*R71~O;^p7%F%_Pc{h)O2($qD`j&iT#>eR3L&4piqug*l^d*HO+oOmx&~a%?p1 z%)dA_Eb<5;YfjDh)>tHKiD3fy@FEbZXgP!HXxs3&Qj&ulJPg&5g)Z6_gb%R zw6eYPVT&(%z-;k5^kW@m6iT8CC~vfx4i2S8#)vjFMu3bV&|ymt!XrGuC};OD!>TXj z$vbCJYgjt%)|o|iWdY%2>yl7?ke7|3!(Q?+b*)nhYeDBl)DI8Ph>-^8U!~iZ)C!)c z_*$QJOJ8MBT}F?KRVOqs zv{+c`PZhtx2i5avw6B2II#40^6v7XQ`S_R{G-h8A9}~E{#f@2l?wH=o)qWLl7`>0` zPw$V9%F{bY8i?K>IM&f7pB=q3hyzn`x#x^r&hky={IIs5&M19+;nM{t7SQy$M$`K^ znx19|-Nae|v~F_4N02~{XDu>v{GNW$=*9`mhUL9T_si|w&Ow(GMXiocKED(s`2DRJ z#dOYEEF3@6e=7uXZy9XFB5&_>ed7u4gJzJtI`MuylxEvZA-6RTc)ApKfYi2iln4?> zEtl?|v7QGO)%RBw)qK>m(j_poSt(KDt*(5TMlRajs5}~c%Eh?aOD>}PNZ<6i9Z(9ht{pQCl&M;zD%2ZR!1=@F^sTe9vCS*{J z6!MN%qb(k~EQ|D!oJjrw4Jlg`26IA$VqR{5MBBHtbue=HW7u~eHt(6voB&>9W6}qr z;G~#qh{{dHOjXb-IMlj20HuX5Gc2O-dn*cM;=_Szd+wAGH;YR2r_ho)_UohlQI2j3 z8;#!*biGkP8~xO3)dPHZ4wB)0*?pkp|(NF4@j8#1T)$(c>3= z+7ArQ&m?rj+$=d9Fp7lpXjOkK?YRJkZy81MZrUye!}yJwbxqY70O`zA>EX|(GtZ_! zdNsXd!y)OfJedxMvewU`6X zZ<-=vbNbrzYnst(drFBJ85!Nch1pUWYMG}9yVEK@sq7Z^3ncuNqaU+XV_5U*G#c!OzLNlxsz-e zK%)(D0FdNdytJx$3%pdXHu%&e>$(XtVDy}D10FBj2sgkbca4#(oqrWCh{R%Qhc%xW zgTOcv9`R=yjsmu}i;ig7&oJnoybV;@@ikSMgGl|AW*3D=ml{$;mz1Nh!cA3V8xe*Q zVi4s|b33GAoL~%-pb$q3FKn*cssw+kvqdOs)k6V_Ae7=|Zi4U3-BM*>tjXPrDX6v5 zNN%fpUDa#Is6TZsExwEV19HUe){~ZBq?a5s&ktm_B72I!r$n_ftxk~C!Y3W$~ z^)LKrc8D>B@uVaTIAQeSpiA>wxi~{+E{0gQy{563zMzRY)_`kH%1D38BY~kmaFUo1 zt6{$$2{MYK+kWIGw~&j*k{&qO=|wi(YSc^BsXiJaoD}jQ1Q{eln7nPh967NKH_}>+ z*XL9(sI~)Ac*j$K}eqt))o8f>k~JjucJ<_Mudrf{M0O+TWLLxXYF{xG;m@w zz0~try`GzP*C;lC2 zExK}h)tkQR4|>z8LOASS+p~PZWwD))lh5{KvJ?6%YO6soG#U&foN&mu9&pQ(X8X36 zMh@I`AR%Vb%8N#eZBJ4K=;KT>A?)X0aM8>BGNo%Yl<^>>cCj5jnZ z3X=N)G|s$lLe*bB$ww5&%M3@wXX^;JC&Vi71@ zn4c;saXM6&z0*4NL+oz;8fK=n?@)q8xt-sZUul7wuA zzkRxTWA-tm$3XnkE|P6u+n^DzPc#3o7ewe5QCPu@Bf5Q$zLsv4wDTyNuI#8h7_3rkIOTF{4PB1m5GeV4+=BD5$NH>X-Hd7t6jgvNc)Q2*p$jE>@|06{K%FlLM zMYTL2;Z1Lw$~V3cF_IO~?3fnarG_26r^H}4h4d$dLH7F`mHpO$7&r+UyoLb>8bj$TcT^#EIqX)-%JU9TLucU8{fcD4#eB*OpoAV5O4(p&K=-W?*o9biy*wB zn$b&BQ_Xo1LO=$V3FfE%uo&~kPRgxaWfwv||ZIM=cL0R%RMnFQfIyXp= zS4s|7MK^hILE{1^Gqyo=PSs-@gT(B6fqAh`EHb7UTc7=@36dNW+H0X@@B$|b>#|dn zgQ}^*mc`fxP4n*^9XBuPg>&Sh!771tEkXCoqbujTX;P(b2^{6|qe|dq;8UFe)n(UO z6Q&9o9-86&<9nRctIz(zKH?aBn$UdiI&AWJtibvZFqYnD0K$Y z+5UB|=!su|H+_FlZRY0iY2+7O4k9M3{W{4nH%Bn#{yF zUHjgv1!C8j=+Ti1$W^TxE`If=v|6%spT1)^x1@vCR=#=hDop1p8&VOSzPF=0NM5sU zxrxt_JlRw)zW~{rF2^KEfKz@zv~04ynV&nj(di!`8X`Y;l1$6X2d!71jxAO#$vH~4 z7`!`9LSAyfn~4YkSyD)#503~UmTZ^_!?U|0#6nEoKfT8Pz3bw)##nX_Chhwe0A;QE$ntbDvx z#td~AJ>F`Ps9LFYJa62n)LK#z0yh}>z;9LSqB*?KZ5(x0=>mVj;C#JKEnH9$(MEMw zWBKydHr@;hMz*_RVj~rM$2OEL@b}!zH|`29t~4L>Qv0@0Rq46&C3cXd7LMHK4jrb+ z^JiP~0bl0}huNq_4L%Z*xn6SiVPablG0pFV;=;c0l-gkAX4Za7u_|m*1sR3G>At_Q z^;}sywm$5p_Z$=3Mtm^sg@-B=e9T|4E!7; zggcE4T|QgMd4R6~-H{7%HyU9Qy4Y&+loS{xr8D~>>PL1>SA^WbSMXC4Bred8Oio$K zj2}Mm=)*^}hr1WXjp)IJb=c-6Jh-+rz2m_e8cM+5V~>lIyQ7$i@LJ zIvu((KHu5czB(1oqXa|dT4GM{^*{6i&2ekDaVb;ry(Jaa2_-597S@v%i5F?OFb5Xv zxow#g4=jK}f!bhE5yJ2{&mgPF_2kENsfC9h)T%;NtjhGKv?{c8pGw=7Ag-!2>BcPQ zA8(}a0u=}o+ud>~wZjmhA7n$hrctW2x4EaPqkVqir&5woRnokp&V9U^o1Kvksxwo! zeR|`P>>#YT_VqY$-$c1`@>~QaGK}5DW8C#9I zXZnKjj0TA_eqG1_nZ#Jf?n2nenz&}F5W87j4#XXW)RKvcPbd6 z(Y#O^+w|pn$d_KbvoFp4XYV?&H5#rxl}Gkkc?PQ_`i+^X9j2Ld)wq^#gC@fJT z8aBrfMY)IqBUMfSh;cDvr$0@QR*-gqCMyeYdc_X$h`^{CX_`|`@yJU3f;FiDy@ z>;3Z@{nAP?!vsy6H7u&NH07%Ju3P4-erdAka`C`Qd$860nQnVYIPAdlW!7-wzzlzGtqs+B%jrvGbZ}?9 zftjfMter?P~MsSIwQyX{E5IKXD6zkquT zxL1V!zkepO?C@_LQx#b!RR1gX)ic#Gswg;glyKx0PU)s(3WpdCu>%PpojH`%pU7x# zL3(~cdQqGXOV1syg#|(scqJRUQolT_sK!afM5!twFjtxYk#J28wt1=Amu&r}+6-Br zvjSon-b&n<#H~~!8a)d_a=Xdgnpis1SWQiDJ*J5;DreS>F^`7HH$K>mm*&|S`*Ry) zd3LVQ@HrqA5M8j^X9D5ZQ~rWAv5oS_`B>lZrUY)x%qeNsM)l1)5>FcZ)F9ifRcsBi z4b7=`)}CuloY3Jf2XaKqj@eghM z%DAG9xuVb9=IG>ei%zkk5BVF8_OsSwyQnz&k*{KuRq9BsCD*`3|4jqWX;-(2evd)Z z;v)tqn!SLm(E)EWOa2~PpbF>5;kfub@zX_3Oio258B7NKYI3Sy5gWf2vs)``q1s5~ z-kB0;wya%fQzS~?kWC>ZU$?z3*h+Q&OP0kP#_Z z4*Qr6WCcL!fQF(+6t`^ua_T zhrI;8|0W;N?WC?>pDc++?1;PcOKI>@FXTr5+QqR!y&^|15|1}OUwQ-`(5yF;u zRTh~a1I#xn#C#)0Z|FtXkUp*_n*3rc*a5CQA6RjXVJ*C-n_|JR%uj`2j<3l4NH5Zv zmFf%55QppRugv`nP=Ht*^_acnf<}5?jAgAG6pd?aPl+me*K;iObVpww0P<+zpCQ0D z?4sWOnbfse)zT|o5jV^zD#l-&r#YOBh^4VVaWuzMFPi(=t1-=ed0R(w?FJiFxO+gF zz7llJ6xwv`erDC_YVKF{G%BAzA2 zEwMv`Zh0g)-tx+AT;*+O=8adUezLgdHcH$w;)$MDyQAHDH4^>qEzqDFG4n2?bJFqp zl>AkDf(x@NF(NLK)v3v)Xwjlna6A!Rw5()lbS@S3EK@DL%BQaViMXwOZHp+sQFSzm z_gVopkIhkr&G);7P4_L|y;KKBpMw4^<-Pv#9;BC>`;g0Mgh42zDh>Tp1+-Xwog%vu zJI}gBTOUl!sim~t-_2=rvbGsGDMKfM=^jZ z$F$>imxlDameN=ZFaB0OGcA0ErRV7ezd;xVS`P}7E&F_s{Z4-j+aYBvY^y> z+!)$p03=iLx7+zOX;Y?$t25M5tvZ}0)l5a-Ds9R#8Gg!QVVEccCk)iyMx=3fS;xMI z;f@xrX5jG&^rL@&pHaO!4e0s@6gA`r3z-4wAMs;H`VB!>1O#mxii(PhE=yqM6oc+= z(@#OG({M{ieAu%^x_xn3dgJo+=$BKW-I*A)l+*-Ff78WdGf#eJ^z&2xWLq9}Ua1=m6mm8LDQ|`em8=Y{z{cx98YFeit&8%X-9>cYi;d)e8j(;y5?2Fg2 zd2Koz%E5CpD_Skvgcb0U5BzZl8w2AkodZ)LnJaJfw#<0v*d!s%4HEfj{<|-$0 z@I*1p*9o0L>4F=r?NVHFj_e7DT&0U*Mu{EiEEFlur8t!8r&!UKfItAH^`4K^*t4uV zy1cXyXHoGR(9Da{R)z8vl|9Ef^S>jfTie<-HZb#?!GgVHIufBK4rTNuFC|4gy73uDRZ*8L=8SxB(5CHuwx57LMWXg$Qo3YO!(rWtD3R#AVwSqSEg}6(g_z zmS&cio`&4eLe+8PMc?_7Lx3R$Su>#`-7`$q2m}H#={jt3d`#DC&F+}4 zn!d+$S)5Dz`fb?NZg`i92rpqH%@js?^k-Kesg?OgiMTpZ9$nFgC4U}rRAyXBagez1 z`df;=Llicyo-L2c3@yq217TqY`v7-w^u~2ev0vvE!?$KHKYVlxZ17nWO9!WjY?~^| zqe_@|2&z()OxZT{D7u+-d&P{f zQBRDXt0{*Z7dss$&U&YsvW()Yj2lJ3Lzn0j$nB^oNVd*|XK-bkc@!qExz@!r(wkZq z>C1xTnPl+Oc;k?IUIU5q_fQ3T!A-&~P5k3Knzj1{XoP*SMlkT4(6($1+01Gc)YK&j zH0>u2wuYWx3s!XQC!KLnWMllzrf&sU+Ew^xGBJIcV2Fv$@Dx4xcemr40iik?ssj}P2{B>vSL}Ik#7SpM zSVt*}P9~C32q_m5JKr|OEi5NW4wGknT{1&;ln%Bt<9m_erB!a=%AI*vf^~<>gE7&y z+pz7R)O5GYCJqOSw|;UCcf5#=b3;+hP(bUz z`=z~vQjvM$Dm$4o22|HZMCIS=h0e&ei*&PPzEI=43jf43L}Uj~BB zu7;1)fd0gX8aMs*9lPM5wvA_BH2Koz+foaE$S#YG6PvH^d32x=nNpb>kt^3bso+S* z7-jl5awEcEXh5nBTMd#mNEqo!kTS|(AW>}z&J1Xdu`YpYDF5ndeW@6#kW%L~z{UcU z4_9|UxzWr(RD8k5{|m~aV_rm*ER-m*zr4K*kEO9`oJiRNjerR=ifN2QN|k;QDfSDV zYk9V=k*+I9Yv+o+ht|_718qk~X;B~$WkVBkgQhxvvMt}pQ>{D!7eeXfWdAZ(aE^IW zC6`*wQ$=_qq+J*4vj}%JF}0;(eP{5Y>c+Q&fR9?fe7RsobB4r zTqm+&HF*_3LGlMoh|=M8Yj{vQ(@?S)k$OxmY;WZUM+}#7cK8P9U|k1xRUuY_#5b9hPSJ6JbaYuoXWe0CGr%N&{3}{K1>G( zjY};&vixuzXElOXkC;rvI%&ykYIoecwn234&LP6wsM0m1;tZQBh<5b^9{X&AtQYx~ z%g(8ccHrh-4SB6b4lrfZFmj{Pf$h@+t>-D=#W9T?#^X+6%#ESwX6$~hl44Y%UHG=1g0PSoRRum`*@AEYE%0jYjPE7 zRQH&NTa%ZLsUeQPwz^zamjHdsR|?pW#teIMm2hGdFaY#44>a{XX0#PIA|dXE%BmBM zE4Oi1QW0c^*NI5&<`%|rc;-vH< z^H9Ya{c;}qUwll{Odn5U%vmei36qP@$gKs9>~bW@Y=Ie0T{W{D8<(Stm9rmtUi2SN z`!UOAFjsR#rt5A!pqaX~qQcan5gU7G{8^JOyj9!l*-o+q_Y~`qhDX`!hkRJ@LvHDs#^vMD zp8#oz(=h)U(*0MZZ~Q2h0WOCvFkwd&3&Z>p?SNglD2YEHqyxNkggea*r;&Mxfo&gR z^IXkG+n4k&W5}{Hs#@91NVfccP4&-j7}-Sr1q0+aRBa-E#{l^ahnvVhVSxNq)=it7 zO!M)562Ww)%=%E?r%ZI)c67?dR}$mc1Rd7Iq~i!ppma=0M+Lf=6h}VqYMwtG`TV4s zXoY{noI;s+`YPyPJ{cJ2*dF9?#H=)X|vEUA5-SE@mI|u=J zj;cVwDb7bj4%?1?R8C6J7;Rkt25WLUfhpb%&oY{`(y}wCt~>hv;QnHbrHoGXG-njj zj2S!>H4O3W44-ceP+AQLFM?aR601AhpnHuN1g#*dwXc5Pktr8gmvA|agxZ!N=nSoC zzP(2V^@p|>q_n-xaN75njo$TKK2SZr>_FP(yl<)>nhdZqxTQ>uGcnzMpsuR9_*@nq zZ6q^8KJR>%tuCjsLi7fS)t8!exl%v-pa(=shRwTklgH-G=D@9}E;<=D=HHHRyDpXjw5QoCd_F;Mp%*TVFvS7vG zfCwqucBe4j;v*u?TrH#81+iI{9OcVI-`c`bJA8f4Ds)_`uYWhQr^B^koZ?M7*rPal z&VO~1%FjNKTvpzjFxfE*VG2fGcq}*!53V_Z^P{e_iEb>5oXIOSRt&*2$^flIRPyuB z3~*OnPW-nNi2tp0xA}_f7OGHo^EXZ^ko~h%TW{Ha@I$fe-|T&p{cMEy4!R&G`+Mef zM@|3fkA4Jypt)VWoKiEFWM8(pmJS~`H`BR$!^H5%H#road4v^lzF&FgZPnw2&RYx^{Qm{DH`nEBSKt+A$7~p)Q_TvhHiJ347xf2QwQbP75Y4NF z(oMtiAG;Xc!P4_mI=C9EV`J0M)WSzH8iq&sJYr*Zk>zTvvn>(V>*4X`NW_iVjJ|)E zz1;mYTDJB%l$3VdTRzQ=i-TaTUW{IG<@P}!TP7DSk=;V&7H5m>$48tPx1D913|!B$ z_5V@|O%yo)fn|d1N*Iw6z2H)5cXq&Y5Ph zxovA5`^|ICDx7JtLKG_8y1is7K3C1Ku?88-*?yW9dq=o6$5TM zCu`$S`y8@sSf(FH!5V_B`1y{e$$ODVkA5~aeFsZyNKKtc;;76M>Cyj6O+8*Ohd&!% zlW|n$){F$hR4YM1^5zuoSQ4p@!_7w;?wJCdhT-QZ-FXYToyJc#(JbLwl z&ul^Mxa=*I7BVvb%Jz_C(RPtF4bdzJUD*8`y$HIT1=}jbO5C`n@=k9X>b7N~fThv! zo;P&)?C$R8!9PGh%iUsf-}U5Kj(%npQ)}DW$l9Lg=B?1r8a+d@Wi+ZkrOV?qh?R^? z>nOK)b_m$F{z=_HFi8(Ih=5SJH6kD*y7(eNPj?P6w#Y2$MaD{|4dtpg969(dsg5Ru z@`|-m9jVU8@R5t$tYPVybU4jxO7jLya~gqa$|Z1|pf9X5`Q~q9b=2hR{BB{LI$f9E zbXmvTeidfqCZ0QA81Z`M&Flp>4~VBZ>{7C<@exOOm*!1UOwwr;hiLJYZsVh@0c0C6 zoRcjAY>qFa!Z=H7D!#4R*Yv*)rhD2t^Oh3yueOGvo~z8Dp*~hi(!2Uv9Ia!v?&LoC zT&0HZ7_8E7HDCjrZPce#bIt+laHo}(?x8PwK9K=6&&i%j0O@?%Q}{{FaktU{U~I=; z7(4D5)_R@2GPTwqP!QDUm8q!*>1jBD5PG4r#%xo4OT5qiD@)SBL#{uAHVDr`3jH5f zaftErY&E3*2PA61lMs&>f#Dw=*EInw@lN2S1HYGPfsw+v;D|CYIAgbcg)+i%av<{x z;$s3AP315TAqvZ0hM**qT?**CTgZ1~e&lXbbQXWM1hzb!Z3{Qg)I_f`0QD z>v-mKXL8l&3pepnrZ*yao+Gewz;5*gzz)sB8wj^)N>p6$Tld?*<1f}g6pnnVG9ecbNFjxV{CXkns`Y!|7+Wp!ehGEtiu9houS z?^dqyhX}NbBN#TQUOez3?hS&7PVh{t!lT!vrd|o7t6AdJ>rC zNnpXh2IwNf!x2iHYx;n>6s-kKEfx|evdDgAk;=;BT+cH_J&3#LkPCAIqN|}PH{yvA zFFXi_in3!xnR+EIv8vERs><$Ywtb^xV*xXl5-K@@V5k}`wrc%^nNcg*g<{c~WWfAZ zGDcrQEJ_dDTJO z?N9<$a`9#{15+LVQ4i4|o7m*IxDOY`a1(~@5Qr0h^0khc!J-^@n1i^l{Ftz;wL^FG z=|2Y=ws`*KhOK8+zHWEz1$C^WH^K34wE|9e(8n{WoQqJ2a&i_$L-uwe2*R_4iQY|Q zzs=}%N0SGFreHkW!lT1I0(t(#O%6uV6rBbmc-!V(`{eqN8N!4nzxcrY)dcqns&X*~ zTmutj{|aAsN2~ua0CqNE5p+j)50JY%x@Ew(oddj$8vksD%lYo-d+z6x1=ue~F!X)b zlkL2)NF>(l4014DD~t>Eb#bEJ5=M&d?Ah}C*|U{W8__xEIOWDuFREU4rz{2`^3cCJ zs+I-Yv#sbFgryNRjKn*KyVB*kxNV%dM*S8>XJ^-@gPTM&ie2-!jZpB@U&Zzk1K<{( z-O`e{CNy)9U7FoS(ZQ_6u6)z?gIz|yc;$K2G~E=^*>=_u;btqZI@SOSY!CbBN3S{v z&G{6ms0wD+i+Nh%*pnLGl28^7->MPVSYzJ36!1bF}XFkisW9Q?^fhfziXe z!cgz?cxh-9Z;c?T<3u`6I9dTIig^~2a9Fo&rZ_uB=gS9fB8Ecw32`|n+$6KW~^+!@x zv`^+H0*H@pl?Y~ZDN}G$tA5a;tkh~PoU`eJ&M?pb>2_< z0YR?ohW2EQS!3Ix>euwHp4G#LY;$Y>Ejzz|V>M7)IP3Buhf~9T&PkLGXZ!82NXqDk ze|e2yUE}qc&fEx(1_j>96&{LC^Y(E#Te;}zEP((hW}N6wSMihGxtyO!7%fJ3o&Bjz z71^BAe48ZrN-G+hb~dSXMyNin^B;>1n*55fO@t8JEkcO$kd|hT)0$PrX-zaO9VRX= z^5LdoZ0{nXqOA|;P2tmWt5s$!goy)l#X9_aOw#kE{reVEt2XZX4HL~13WAd2D|-d8 zFyR*6Acz7EdEt+}qU-3>B4w~VtZ5abwfWrMgLB*P#~7^QolJJ)fVO2~3~t*1v3f58 zyYwBMfZ|_3ULD5@7ARl*X|Y+DYL5J^8-{!xzl#xCt8i-?TOnYmOyZFH%IkB3*_2}8 zoVt`D`?|NG z>~4j}*b}+!vJHH3%|I z#*cIEEMJDXa>q0+U(>C{s>FB6E>V-F$Gr+sEjDau#w$v{ug(QGGa5)5eF{t)PIJp@ z?d!Knh0mxmqViMWKa|0aQh%LPe5*KjjtiLV1kGy{y&5h?>(!86$VEe3dnzwTo zY)_1H?`g9jJeHcy9Vck&n8h8ZxHRWh?3twbjFZ5AdKjF{AbnY3A8ybk=4FhT+<}|v zh1_<7rA5F(kpK@{7+f#OEx;Kb#L$eL2;+6W@GRLRC9-GJx9$mdlp? z&^5SK&m(r*xHZvpkIWiVEwDxXYmWMyaE0!RqTQYn3CXhMzHgRldiN@OlIo0K(gTrm zM7it;!PAix&1wTh_^caJLT%j)pRE+lmrlIo8)uz2k#4#>^*sEOnwk%hio~e-c+izw ziBOBOXPQWi&r~7mkPS)x(>OkvW_Q!xom@A+)I8d-l)qOUEWJdCaclpY+3Vsq7Lx(u1D)`Zo`B&zw}pORi5P#P}(tp=-Qka?2IpID4}7X_~!- z;UAu4$euh&yWiY#X6z4X+9_XML5s(!#ezWzs{3ug*lERTV@%>VQ=O&C9}j^?e*qx5 zwtHse;mFE+HBhGP+4@k>dhxD>ts^6gqOG4;ohJ$Qe|VB89Q_>%$s#6+=k>Cn>WfUe z$1y_|e?Fg%eGav~X>q-MNN~3GKej(P@ct;67k9FWOXfoti96-Hmz8a;9JuN&Yb7>5 z(b~!^=@<^%aTj%1k(W{p>aZ8q@IX{jEQ1m*C%3g_>;N=;G@^lOFp)%7Y41Acw8i4hI3%mYZEiKFUyH*E{aCN?%9Ji`n}7azPron z%4>BI#r&JwodR^_Q3gfPztKwBbqsN8+H1yv8#Ze$OWn86xow}-p4j{)?iv`(T>}$R z9gXhmkmfJxEcDvrPT<{X?i~S7IvZ81gtcQQ9G2?r<|(!C=pn5e(y0zPXtP%-Cluv+ zXv%!-AN%S|8QXJ&GQ>2pS|fLoz+2A2B+?m&9e3=psZP$u6!)`z;^V_k-e(S!&9xpecSW%=?~v`wMDn~t3d6m0=119 zd(#;O(*^>A%#3x7#AYn$aAvF$(JfE>pPR8v1kwi8G#5h##_D+1pRiXSr^CcSYYANsX#GO~=9sq>IjQ#}Bz;h!f zZ;bfK+iz~fIm*pMwTs5~s!q*Zp8YA3m}U1HC6J-em?Cxd-pcH`_SU@7o>I*k1$?tY z#b;$v^^(=_pxNt|6F$g(ChvOt`azN*Oy&1t?I$~mSOV5wMku6!?NE-N-($VrZ-){; z|3#0s9SVMa+1B#e+_pJI)Z;Ji{cJxo1lj?5AN}zeb4@<$e$Jb-dSmt{LHAu2R_G4D`!Ag>Qao`G4h!CO{cZovpI!}n%U4ml^9SRgot*7&-ZdHiFTC*D z#-0l#fkyc`D%VA^2@1p5AYzrI(C%%D?OwY%7n=|tmc)j9R$;AeDXo(HN^8NTGClge zDYvIXT(0R1ljr?8R76<`)>zy`4y_m3&9=7kViTfjyN6k`2k2TFIBKiO%^JLu-#O4m zyda-+be#$6o>*pr?YvU?bI_KKkZoKDPo%7rZC(gCG zJaat74^Pzb6sgYV^%+`hg>eKTg`)xI`BE0jeRj*)2+?ZN44VeYmn_S4lx1VvO6@BG~PZ(6+zqV!S zE`H}2C=m#ndW99X75~_orNt#oGzZIR5DZeRo^13EZ5t;V<3x)k!jbR&T{?it7;x2E zm|gVair#`!WMvvVOf0k9bSaeQT>Xj8^0^^en}6qAs9~bEsz7U03KWW2T?2WV8veOq zV|FZr5KWp5No+v2%kKTMtZOc)1+GkQ-yv=aV1@E+8-V4&lwFebM)5s6G7Fb<7(qWmt>c0 z{;9(pcfkh9EDTCyJ5g*>MH$mj4O#}N`$Nu(G zd4ybxU~YRLSN6^kLE2H~CWySk6L~NCzHDD; z8$4WuZV2@cpjn&zR;fi>293(Vyzo~B{>qm|qp7dwKF=||>PubwkSL?q`kgqSmI|l= zPSz^4Ry`HAk%6%PkREuMZdiA`On1u)w@hcjWvYVcjybB%d^%zBpkqY{Lo1+VGvuSK zdOR)Q%91rw!=X#1(px4ss#6PRv{IbQnK|nN(7K~1o-bS_)64Rx^c2OxI@D55zDDUR zHg<|QIWB&SC$Xr;buK6D zlqjM1rV&Iv>?c~_056B6>cNipu|f*6Dv;Ke%7-76zCTqIAojXxxubw}s?g=cBsq*3 zuh3(o%IFXQn9dws6(s*QUSo19r$VMW?Wm#*XDbFrSK%E<{ekl(M!(v8Wl+>q(jBdQ z&UKxozh#X}0c1=%yr$Jq%`j=WqG3lk?6wewutM$gG8XAHK88X=`}bCF%E?_6-CFL# z1YB)rLhU_MB~6R6KQs|y%1x1pV(-Pr=hP>_7+kE+Y7S|pI$Y#vmNF)U~#rnuZId~WZNAtT+@ zh=z$z-;V1puuP&GcXb`j7pPN#dI~)LMu8?j6-22W8jt5iHWe3om5A;g_O+2p%&g-d5GF+p2~7JALup z^2OP5NY*@WBoFC|!yd2nxnGlCfx2nT?~cFM-slt$^GVcJ2|Addj&^NDpA%URIm}Tv zrQAV^S{=B=3MTJ4@Fr?hk#G6`psaV*=^UCl2ZS|TaeM!H(LWxJ$#&SG zX-OT=J84GKpRA9jKu)q8H z7C-JV;LQY^2AFZo_4nEX;{KjOT9otx>n#3tn7uXJU_7t6z78$2Gt z@s$em?YNLKsf9n$xF|~F1RiZ+M`&&7sx47`V$YVDCo`W2y)CTc?N4wo=b^X7nl-u$ zDiC52tuhP9R;<#7r!vuWy=b~z60E^Oi+8{!PHg$YdnK1xBKjNK&^fUpIBZBwa7=Mc za6(C{V@WZ2H2G0nd}`sr4;-$0H#oBVcbE{Vg;Od<+Q}6beJug_JkI9ein6wi!&ZFy zQzAzZ#BCc78Jqo5>e}NFgKZlhTk-SrQ=KD7*KmIo*B=~3>~!b5QoUj6oeKaZ9JX%E z*;e=dhqJ?qNSgCw`Nr{-C0L}p&}P#Phm&H>gXM0_zeAn**R+)*k{8id+NXYi5CUz& zd1uZO-FS5rj$BMrg8u-(Sn%3)MLo+g_5Q%kBCE#P%_7YpDs}|VcAJj-F|1H(*o5kw z0=fWqzM6#o{UWbMR9*_>A->dWA-m(B#(OTpzE$a7LVI0-t&zTeH8skam3ZdaBdw}+ zR@nOGg>+c@{GUei4UP(ZAO_=I99_75Z(G5K*#M4BZNY{$&a?9xnZutj4~>S%EUk`l z+0DbUD@0Golag@;uitRTTelLzfSMSsR3iE_SNDiNjpQ1#cQYJ1Q9Ox|^rX?bs}1?V zEw76Do=bIdG&q}KmZUoFQca?zTa{2q(59R~z%2xVI~%eHHSyPFp)kfyI zo{XGh^}uZOWtQ8;yKl1k9bEOPxO$JUzpx^jL)f-PSdufKVGmCA7tXe{mlxi*@7&bX z-D$0D<5@eNdRq=#-&QsWpFY@90mIfX-JQ?}TTk$gCa%$sVe3TEK|gF=v;U^Yf47_CCgeO)}5vo?{|_q;jN6_0(rGjBo-!GehUZ)!UnNZn7Di7+4k6|$9@Vc z7Eeo0?5n0EcT~+{Yoo(l*CY-8l}hkO^%uM%HN#9GBqU0&Og0Sh2bt!z-U|EXeen5i zCOdB^TvFfFDxK;58BJ8nrN$Ja1`8P1G2pKP6(q-ye8b~zjr~q@%Q9gi1r#yrmD{2I zCPTfqYBVs^+2}rfhDgnh6!}tdOFFpO1|>MGJRKZU*)w&lPKYdW0(z{*vgi^0lP#uS zoWnv=N1UZP^r(q0zb?e3a4cXoQEv8+G&*tH0%GEYm?zVSyz0M#dQEv%m2hil$TsLdoG-2uK z|3f!3a)dxl(VuJwhJaDyJ>7;oLnJ6IjvkIbXOB0MS1~D+ATjM5npwk8(N_EAX4ahI zX4;whvR_ew{}%22$X2TNJ%SF1;AbIV9w#0TYvy>mr zkUHdBhuv>wBoijzZj_{-W|y;xTgw1Q#BYGIqZWAa7Wt{418%HUBs+c4C{6j?$DUtl z)a&wg$51~_y{Ey20hV~c>1nx~0qyJ0Np<`JH-O4%b>g)b6h8rrLea$r9*L4TQKm$6 z*)5K7%5(Mu7a?se)}px}`MZ>ePeKFkLl4TK_0^X=ui5mSS1<{gJROClzj#h+gq>(N zf74B1kvPtd0*&PYBuE}ITFh8mh7{<0mRF$jn!7bb+=umebtO0>)6OoFt!G@TOc3v4 zzL0B_hX(@0kIXy!IM+UUXu+Ij@nQ0oMmP2ab{G}S@_8#&6P%3{iZ)#Mrb&@%y`zcv zys<+OAK@ql9vbJ!Nq-0n^oH|j@bp+)K7qA(Bco+@Mb`c5T33+wE z&h>CV(q;$mY)~2=J93>#b~7XsBLju)fQ{jI$Bp@ zROg>n23nQ@4W+a&+%2-QkAyPUl<53JAAt_s#RiNwHUO$z&oNNxF!p?i`tIeR_v|kv z4p4!S>JAhCdhUw}J)GqUJxD&fzwt26$#~Q5*cLfBTnw>Suza)HGcnukYWq;~U)3*e z(V~YEe(FuDprM?D-iPLdr6(A42z17Ov9h37IG@LJQMqxEu8Rm1lw`W^$FUW;%Cg%6 zpM2R%-WsCd{#JY2R18(@R~#Jt{z$rmQ_qEMFQ`~!pZDWyV%4)AF+jE0UK?}7JF~rg zTki~j2mcz20)`!gXe)}@qv?_$IbDrB(F}w>q%>2U{j!OB6HULVg>dAmCp9A>8`K898?|X_iHJs>IU$)JeRK+Om%% zuB*Feks3di{dVn8!t{irgec)dGyya|gJL}5k5w{6Og-4t6d`|1Oylid%7mp){YRS3 zU#$nZ&n0t^Xxbl_9vBVlni`N**go*u_nQ?t{b&%Lg zRfW3Iju=Kds;U-S6}s|{NeonCw4nvT5;D-QXB*;hi8qeZX?~6(QVUz};5&Usiu+Lo z;{OS$ak>1FQh)x~jl44=1VD7;6reD935}NP45{YnLD9kI{owq@=FVKx`6_PfUqzEu zk&~07Jehst-NMF<%#JS1`FOP>(lEL2J7Ym0R@Yu%i}h`OXsh7{5Xvn#Pmd6G8;fzt zA7NK!hou{q3H9TvgVNvekq=1*BE5X<#e=es8Gre6c|`c)(5TF=E^u_Cs3GTSa2zb5 zw%!aT|JDORv?DVqn-@l_?7JhD>~J-K|9J#0QZ z#N|;Cgo;U|$*{o&vUy8cwMORFQ=FAlF6qH!>Iogg#Wt)lgR+yf))ZHp8Cx5_KZ*B9 zgzT~W;<|cCZlYKTMZ*9+ySYWyOO)q>1&gD>zSq(S*|W{1L6$Hvf3Aj5cw1wZkQ?Ld zF3RBv6&ZtqW$Ye4Ue;(V&$?BW7Ecax(??@}QLp~~Yq1d6381ddo`nFk<-^{vE!rcd z6bxJ3kr-RQ{gw%M8MdeGta*H2!*=Mo|FdDcomC{eVzpfd04TJDVH+flEjM9!oPG)o zXh=#TPqxoMmUFc5Qf3KnanfDy`#rkdgD=2%%9_ zXU(Y2A6CV6@~J^&T8zoaSvvld{_vPe%@ym@W-ls>wpMIu*fIB%_b3G1H08-LyciC8 z$h+inmf{gVUkz>H;>l5MY^y(1F-NFERIf0U<%(=qP{gtz;b&PEDBDQ-x1AI;$;Ts7 z#&ox|x>rA9_&W8)8RgFO#SwS-@^Sc&SeT#$$CrsXzV}p&BdrJaF@;{VR^zoUJC8}; z3^RqAG(Ex&3P%2OZwa?C#T?z%d96xl52TeeJ80!&u^kjU*yLhq5sX+g77HpD$o;S9 z0I@lNvw#qvvVf-1L~H@ITGhqbTC+o)1?1j|+uviWM|Pxr8e^iuL84Eu=+lMX0;Si_-r@l!gkY(K2?Q@ zsl9VQ{rS01>7D!L&&eI#IvK$bA+qCT{&Uj3;+f|qfUoy`j>w%kbWwl8fCyE8N=yFg zPq=HfU+krB!%Hx0jb4QF?Mbn}d#GwC8A55-N7r+NtvaYL7~Luu5I-#Z1_#T+Hd zn>^Xcf^soZl}M60{9Ge;^&t{XE#yGzG7GAG10LUVgneq9qqdk+P9LEcl&}}jhdL)E z2v*{1yazGUy@qc=>Ac})0_>U2*v*Ip=veh0itcFkuU*VwBQb+5gv(1H!N;b5qm5>I zI9&BCgARUrpI0^4?^d8{j#f*_L)Fp~&EH4Wymg0DHCz~Zrc*BlD2*0&HFt8f;dp4? zd)coq;%9JQ7Jas>5aIyJ78}EvGX;RdGFZ$;>sRiry02N&C0t3i+6+BJ?YgJ<&5Yl*Sv#K!6)vt6j%m*Xm^ zppo-&(x?bclZhhvlo1TJm4D!UQf(j8YI!PLLpr>f^x}_R5AWtdf$8t3rY|DNymFiX z^kbds*n*cMo&Xl&8_teF-QI($1$_p69OC6{e#f|V7J6TJ zPSxWF{hgSdi+@>2DiBFD`CLceWX>Ht)v5}QFGIx@8+U*?dN4F<|Mb(1J-<|`(S1t6 z7R5qv?9Zau&}ahLO{8{58*VRbSH7j8jH;8j;6)AM0baq6BK-B64(?v5AMRCZ4)!1Y z@|BZe;c5{#>d9P2-N)m0_* zYaBZksVbel0$Dxi(Tp|O^G;lb!wX)^yxbEGf4*%AKvZYajoDG;9PxT~1V5Q4vzznN z9qrz$TiwyNy`G(z@eCswjditt8)#Ov7ri_z=QD1)G-e0}!FU@CP2bDR>EsUEQX(kb zLO*>4PAnmQw1-KE9leC;jxxU}#J9RyAQIMo)$XW_dGJvg-GvgDNuJ|%H(l+H4(e4~ z^z``%^aJv7TYcoY1s(O?pJJotVpW;V)*?YCNG9Wn?7k#6wGgi$sPwrK&(sR*wu_9v zCdo@~cw*c0UG8F`(AHt5A4WFyuiz@>YRmg!nPYVt^yf@kY$vt6!57UezNSz^jjzh9 zwyO?QQxq8A2pNuV%o9y&I_@{}Ino619HFyZ6J7YR3lT#-8aQFAD>nSR{<|r*(pE{rUrN#jkVptnm|s(Nz3YJ&Oeln#SnW zqFq^(i*=9>@Dv@Nx`U&JMrd;d)#&^+{icIiPUr#Xc_<*A!Ilb7H&x_}g5Z)ND3xhj z^Gb_XM(OkJSAU(E6r_j9MoCLyN{GB}>_O*K3-8gWb4X*;X51sKqb?7!9JUq*#MS9w zN<~Xecx2<)4h}Uwvhnb+ivq1K+=UKXL~X9VDJ}VS2V+ndg^1M~YtxDt>H7RqQt&s-*??LV68WPKl_V5yD>;?bqNK0?zS{hz0skukmAoYHtp^b`}F0oByW#b)?eF+ATdaI&zfI=Jn=2gT*7%Gecf>S)>ZePLp4vk7a zM2BjVz@YcMl6rpZpcUgXM>b|LOyvyO%{p9wrclHcCKmq4ng8=O4q;;J?VR~9itbCz zTq*3%ycn2T=WXXlICnw%7-6SNHG!RISEJ^b{))l(7_74P^?ZjMJD<4xe_|_FEyF!B zZZ>TeSZqH9>FZKeNNi4!4Oq?-OmbBDA^|~-m5@j@LLcKgr zR4Nf&tvdn3#QLsYqj&f=n;yMr%=Zw&Q#YZHFFTaE6^w9EMR_{ZKM-4$K}G`I6vGum zVQ@t|@u;mTI8K*UE{$G0i|uuDV;P^9?{*&I4Jrm*`Z7fq*Q~H^wORWP~2ZBb{d;LC5KsBi?Lzp71g@^4&JERCZ1%4$sv=qw#HVQ zAo=Pp@`}_JGuhfj(x=WAb!3!!tx=zST6_%v<*G+rA&{J5xMb7&+%5g3{$7x?pFU*K#ti^c)LhCyPgcQF!Hr z@cMEY4xmHqeUlhNzAQe}!i-{ z&M+xgojlk2&@uZ$jYh}crD@Bon<@Gn6maGljP70qqg!ZS8ULBvvVCo>_%AK~ORFyE z9Tb^a2mr9g{@;;eqyvHvHCPRf+27&ST6_ypz1-emZ3%?=EoJ1pLvwNT%N8mC0}XM< z8yy3w!S-dfOY=NMrfT~JQ$rw$p7jR-3ly=BU&y3+1ycbYh}Mt*7cGI0F!|tTg|Upo zsYfJc`3m9$XrdD0DT~5nJ_RH|)txB0LsE-qdCu>)kZYNgSGZ>l&#A$H4TXY*Qk}mR6ap?CtIfE_zu9`=9&eTFaaW)oH=pdv z=PkkLw$-kka?Ha;YCsq~@at}Fq?g@>qgL6Pu4e#CmmZ&4*mcgo@Aa%6)%(uh+UrYq z6!vzCj4uR+`iOw>{bKg_O9_UHSPT)M@=*0DlmxZ#k^&>qnfrzhd(mJ@`8O&LxY|2 zw$W9mTvZ9B+}Y}=MzU<{EgjX=b^kx&-UPm?>e}NE$kkwpHx99JK%=G_=b%`F<3&&p z5;YFhILEQ6QjL;m>O?RJa=jdlN-K4wt!=H3a~rCtt%A1l z|NhqA=MG8GzW0Cc|Igw41tYBnmbowH^7(>Ahk%K?oPj|N^3Xz(iUbAIgYg{(8%7J<82;`%hUTe9I9>h3? zBX6D}z7WlXtulX%=c1~&ozL`Y3Bp*J>y*OJl-<3lf`(g_z?Zse6AF{{E}wsm;fgRu zdmM}-LWu!h2v&2gAIKCWp~8B1Mj?>UmPS8*%k`eO&!y5de##|V`W)?D>33s6VpuYv z(Ny}xzroadVX6zy)LNItK46eNRc`ewX&6mDkv87%mrW@2cVSm`pr&lS;kjBF!uP$6 z;rF>^(5yFfF-+pb+A&ZE?2t#<=aT3fqhjR16;&u}z1p9_o$&`BfGmR6XP-T2R^@2y zaHpItXl>k>S$kU5(S0S+MJG5@1~Fu5#h807#n5GIyz<&kgV3&NeczzbZl+rYmbvu- zxofpc`ANG_^+_Y_;PEdFpSxI4S5n zXJbV{$?lJArptK}PzMix9 za`EafW&P!#&Ut~+-*BWeX)Cp&ZWDG4(t-_KuYp+XzjE7P>@N7qtqmwFkHBv$eieM9K;UMQj-127z(i)qK^{}@=%HW1^yf=?s zshjBXANDKRw62m3{Y#=fgSWY3Vae#8JLmykK_-k`mwIO@Q|o^G&qlRIBT!6Xt-<6A zlO$>EIde@-_TK9T-;Lxa77Jyv=k9Bij<9hY=y^h2*GAXiZJ^V7uRrOx`muYWSkuF} zFZ3!9qCgfi_gxbyivT^KyrR%LdZLAtTByypaJO$Ek18!tXk9IciPC(UDvjP7LAY-x z!F>geeCF!4W3fw@=4LSa`K!$&-v2>7Sr7y!yFV4h3>p_?*5nOEof(RKhdM*Suc9FH zmI-lKP;re53vTyKHKHQ6KL%4&WKecnQfN?~{Dn6ON}%DZh(X)7m+&_k=eTLsO;26kRDi%%q*|0!VzyychgQ91`ki+yVxKclSh}6TlR-RDiZ+ z?fa$Y4;(T$=63`!=37m5m|q8+A|f)8OML^{u_SQ{Y|@bEia+(UNv)X6`dk2c>HzR) zFrV)UtBTB2LB$=4D)vO17X6OyZa{2a7~swd^5euimtKkNAiYHe(E`H0N21G)f)d?E ziDLYZ8YmzCt*)Z7AFVO%^Bmtu9o=3?@}mBd(`43FK0qsNfa^W^R_p{Z+vh)47SvsCZQmX$w9eNJeAS?-+j}j--u}1 zHrGpJUgfP(HPknYz`lj7o%-)wm|CEpCHbGx#3K>f!*W6^<5dL}DI!rc2)Ls=Ov8eH z@|2ursj%Yjw@|tn>siGVf2AE#r=uCpGf{Qv5Q3A|GcbCz>6qN2#tpT0-68hz%mtDk zJv-)eNN$pEHq!Deae~?}4r4BNmccv;ed%1-#Cjg>YQk~_78^Ezi6R3YC@MU>&kahV zCzpHsEvi)+JSrERSL6C5-F3wV%0g*;Naa*Ox|MP)(zc}?)M{oiDMS9HttYa^v@(;J zNO=bDy9DWzs)~j;z}O=gnGx;>E64#Ww6Gxc)`SvRzOTBzCj!3T`@F^i5}P2cSXMrF zvK3SRxw6?dKQx#w2J)vlZr5kLOD?8Qbo@lvuKArp;T>QvlT}e>>t!^4$v*-gg#_Ps2p%(T4&$_VwV;#U7iQV-Z{? z@j*hgO?F>kg8~aC*N>MODCF(hT`$7KPFod>R}@A?ZPkv^4#Z5^PiaYnYvd%cD#g_+ z6nLZ$siJl|bBOD{_cK=sxp9M>ZQoWV$db|O*7&dAP#LzA7*rJfxwzaPj>y*N_4o;;4nR7>o2jm z<7{p*W8L?B5Dw{^Aic)X988f()tSJ6*aLTrH^jI-<7BsJ*Dde2onrHU?69qJ3>NUN zbb;n1zV6(-8ZE71?%52w6j4eFLX!PhlC%~!4GXpZV#<{A>MA1^8S$?h)=$Ef9W z*zriEEJ3Gz>^C-0zh04B3MU5}fy}o)%sH>d@_xvV%Zgcpesg8Oy z!xQ&zwvzKxe08|&sv~%^56AiE4Wd+g_7bbEp{!nhlb6|z^=Kd^R$V%f5~B?;-{YDR zhi|*lBzpx*UZTX|n3F2*iu~WDyQABcvLCQl|AC#!uetkjgtQV%4a0X_{`T6wzUX&{ zVJd!GWRZ&7JD>I-zv5`xOR2p^^noLb)yj%xZ-bDXirXqG=2T;(M~U=Rt?14P-F0#N zo7qN#!CYjXyNmV`FdaqxC#Tu;=m48oD;SP+*m=Je?NA+0hzqns0Zq$fm`ii9jx&y` z0>6s*{;Fv4y56L6={E7~?U4>pZ&q(U6pBmHipW(Q? z*c*(#?&uHW!9r=M7>j=NHlsH{hDZ(dwq8z#aO#@FkK22G+onvU9XFHw-zlskJtrDj1fJd=QjF2sBE z2?|J`l<%NcQ;^QX<3$u3CCQ)|8fTH3H&>O>!wU+=g*AHHEZAG}k`=8u1iD;Nz-)jn zf+sm`DTD_mQ{F%@1?sE`mjp~U@tx0B0b^rkxMliz_ry*vo$X2+_}hDLoYZ6O*UM0&Qr^;xs5*5BV!qx?BYt zRi%m2-5aU2Mfw`8g=L%VGqWTZvPjQbc)!zfO*~@P;6iDQunBWABgQBvXpGTK^vro* zb0vEE7*vXWwk^A`3BH=MQP^eh~Q-{E$82<~je&c_EK-&y!7C3xknzsWaE6>C2tG@qA%qC3F@U*1SOtWvJvsegtjCPl zR_N*~bgnK--XQ~FFcrT4O89~pK6G|a_<(3M)EW_;`JRJsfH>vhd-9;c-~;#=zM2A4 zXJ8h?cP8|!75!>NzZxNzis3`j^YFoc2s;6@QLlu%%{!J3iSArj03!T1>n5=WL_g%; zN+70lB#P;`@qa`=Fg~=f1=4#UmGD$6L>GQT9{kJFgSn zv-jr+u1DTj%C4wv3t#nRev1Ty&Th2N@Y-j7FR2PLmlruYOK2%- z7b%V;vX{b8ovl8ZhCsT~eXupbx3e=1EJY-p=Vn}j6c0?Bx_>1w01Op82D8R@=h&mk zA-#NOCVB1Ms=o6pw(sbL;M3*7yfyYgwQ$6y`cNP%$;ggqGtg-&7*;eNz8(xUD`D|y zZq~3+2q6IUFjsx0+@+an%xScxHZ+3*x-KIhOFOFWq&$}$p$G5hDUB#dCKC64(~Vc$ z%p|koCD9m$wMLWdmS!_7a^mO)J@eJdrrf7$VhrxszDpMk%~e~990;EQy_NO;u&|n? zQ=aqSw`8xgY8>O;=)Xk|MTIonrCYKL;mDDVs;|7Ty4^rbfQ_!7XsWd&IgvbMna)sB zW@0YRORU&F9=Lq7&1~3R=h&rgUxfEKisR+-_RH3j*uwSx@u|MKCrhE_=w{}z7LL~P zY_W;WJGa4u)}d#=37MHhriScOW@AW(JjF}LB@g_#$B-m+*N+GMk0y>YtDR0XmYg%A znuJgZ_up|G#T;l!NFcAfN?vzWw9$F4r|1kOlpGhGsKm#IcteRd$i$tWhEhZJ!rjzLWS2d+0zt&&7?%cN! z@`Pug*RCB38me-tPkjfsV5KyM8D)%bs&o^r)IuA2L$HN9Bx|H&h6noWq{%klmQ)0j z{~XplhVvU@%3CjFob|6mWE(YPqc?L?D1v-d8hYizGxHFVHEaX$wiX%4HJmyq5Fp%_ z8%Vx?*A)*66ANrxvV6qwi_J=0(qxyf?TsA%z!{5y_9B!;?_3F>lL+-O)NcDxx+9i%DkTAs~qh%1^G{iTJ@lBK6h!SQuQke<0P-(nKVrt6|NFLiF zqo3d7${SV_%&68;DwvI?Agy>O4i0kp#6kn|8cXTM^Qo ze0$`pkTkf9Oou_^O@~9kn~qt4nKK=;{g0|>G-v4x>KYG8Y*zdksF)51Np#96_@xg6 zJA;w8@8S6PJjqMNw68i((gi3EfWZQkb;TyI7BN2O7^zn5FU@gqZD@x57^h`v`I1Hzy!$;PIU|%Pt&6Ac)Vsqu=A@N z#+mzQ=d0}O5{Qk#&dkKNRyS#Y(tIBB*us842?=eRZ)qs-Ef1aHMPt3i{e6q`T=D*< z`>H$Wn6!ojenC`ynrYK-_k=rz`wzrZatEtNu48-|zyBYP-w|Cm{!A5W9q7@qU#%D^XEITCKtxtC0qh;`e9 zYb>77OtV_eE+7L4DB3C;97lf92OsKuS6a^=ph(i1SHpczxTibX)7zb7gyTR?v)KM1 zJwwJe%1dr&6tRmbZg;SNfXTFEMe6y`WE5gc4O2ED7YG`vuEP`dZM$>9RxU4h2~g^#K#Nw2TICEW3&qOYthnOQT0DF zNbr%HyQoP9L%rHDB22=v&$={wu}I&$qjsjGEkP?a3$Q~qz+JLnuKw@Kav+;MFKW%@ z_tZ-3<*pTWNYRSsptSx%4Jk+|Z0RpWE#≺{Od4z6{9EH`2kTt^+1?rQMQhedp|C zmPWkR)|Qu48$HJf2%95_<7y+dxAcXX7Vc#c^ry6k)Ifi_H`M)oFIW5)T~9*aJC(pk z1yO~ogRTw6XATSMGe zyV#&ZmFChG;v>(VS3hP!^7@zMAmM9`TtbyHSXwex8eMc%&IzMb8r7n}%)Y#oy!IK{ zGSgA&k^M{jL$i%m|=&C$nzggLiI4P%kOfuwLga ztN9eKN}oQYiXS>zv4wuyD=nI|SU(N`DP|L+iCyD<-}Y-?;(lG19%OxWRb5Nb?Y=Uz z&&AgJ<)yh1{BwGr3Wh9a5YKlVk6?>AGiiq~7*8bH5x1OqvM|$)>Qn{I_fZ)e5DTv<98gaNR`P*B5<= zJkCBSZ>3qg%(112;Q?O9$15ngvbt$t=(!c^pWRydM9KH!(Um?;h$$(JPP=cNiOWqs zt^-;r18A5sfb#cylXH4O<@;OYrr!vQ66al-Z#m^!Uhn?mmg7vmx5Z)NsrL&~oqGy( zIM}4hjvClTM-AOXn@#LLW!J0sDE1;<@zTcL+z}5xixZCA^=dhySLM$9Uhz$mUGq^s zBD*KJxGDCPI;qwU7t4&T3epTPmWcNlH^9kGpX<+gBV-U1M;3>|`XjK{E4V0g%l9}}!6q(7Dij|@M6+|Tr+3Jba_2@qnD^PiLFe05!H`$wl&gZZi&X*V%$Pj7ZG~`&VGsy} zLnp75Q||mkaLxNmg44CP;1&`dzXfkwwx2PPSNnG{kTXFxrZ5P9YElRBnH|6n7 zrQO7s(JyB;T>C?{WUBzp;pBrIkjV!-*qL}(YXauY7&6mB^up0&(4$$jKm`k>=Ze=H zZ+Hh=WVr-GbdG;a>B7fH+GB@(_Bg`w=!v6@hvV%6`}e;jW`APUh&Ug-;~7?H&+TCJ zmX6T_^b2uYL|oP9T&gnfTN_+#Jg3gvtCTfq&Km$lqT#WQ1xG;GYy3ua*9r{lDZ zP>6x4xQL3#Kvi^^&sfz+9-HOX8x;BkZlsstTPd1BOxf3t>Uql~1rm0;BrJ|WnBki) zIMQzAUwuscPCk6mr31bh=M8N;P=2SEU-g>8;OJG_nf5cEjULct-6JKa=*G>J@5?=MmSZ-J$0URXuU0E)>lc z)Ti$@zf=$LW?OkiEBYWzyN%$uVgH{+Yq9@=#UR|`%+h!KD^)e_^NO0XSV#F+9eTw` z&`6N+B!I%Rc<$yoV?H50Q4PL6uQKbXmDCuIz+(wb=uh{{+^yZOD7Y8$`tt+;lwtz> zZ?zL$IML+xvTcytW6d@6vrk({CI+0Rg-FRbF;-!+>s0{Fn{XurEkUg*EzH8@LxM4% zP8m%UP7dhe(oESY%VqgTzl1Ps1odCi_@e<0ZbX9#I*kp_{0WQyF3PsiS#E`Ep{%zm zL(3Fabmq%{hU^T+B;~b|@;XU58hsoG8-Kj)R-IkEd633tJ{zP7&>7({g7T|Q%~o0h znnAzydJMg)1ZrZr0h;PtXvSpTTM1{-pMS#}lkA4F4F`{eZqKem-_4(zst;H*=6hfW z)n$W@%rSMGa9zjHJK43Dw4LSgM+;|AyO=4(Pm*1l1J6`!15%98F!y5{G_NRCt4|+> zc5_-cmA1_6^ZB1tvk` zSoKF^tFc+`aRt8%2@X^H9+ww`!D0#-nCLgY437%!^iKy?%{IZ3Oycubgg@j6Pf}W- z0>~Q-a*sjwEGZ(i#c>w;iQ{~WJTC0$03K)ev?{Tj>|E4$_EGpR90ho3G@|IG@wW_q-}V8`jAw1yQ0eX4^nw8id#VLFfr?boQpbb z{n$lyHkzu>*b78k2*2KkW3spkiyemOaP?IJnHMZNl3Y6ZXTYpK)SGnSrhjWRU! z4GS`tBI~HcbTlP7=jyFfb#J!*EjIvqW^Ae0-M5GJB0rh)`AyzVJAmAPDejYO05Ea% z*+&K~ri(Rh^_d~{;n71TjQMcNm>|5&EZBr_^y=}MvY9U{&{^EJ{)F__tN9qB3AKj8 zUwcVH?OjE?mo?HViS5T8WbVe~L<)waVapVCRYl)_VGvsuAB8A$R!x5>XDY}Hd(Im1I( zv2~EI*uD5lJ_M^p(j;eIyySP;PFXFY4ad9*sXks?Tyq3g%lmnT1xKounu+Qql5uc%Vo3Js2MRi+$Cd*faqaiVi;F>zo z|7dTHuX@1=DUT3dV8f3{c+cf|-@@p^LtOk*q4)=t0shXFNXu>rI{zqNBhV1RMaj-b zBp7BTGsEU5=QLuEG!tZ#C(kE4ueaADK4SVIIcF(}jE|DL%uk-U_@f}X%cA6*v0JZI z?jd>NQl2kC-)fU5zNUA}k|(}%UUHAO+BUqrl zN6FKlRO`f{a6xN5-LFhtj z&`56VMr6A77>@Cj91EOKHU@xYJ3i}nc_UZSBaBCRbklh``#?a`+qxtA0;AS&WPl~O zo=H_v)KqJ>u2UBZ0Gs-CBcXir&n(V0{~O9!^LrOJ&!^8UtTDZu;m1^VVrtjW_~_Kk z4;6e%dAfB9fud+ByZ&@9dcIv#TwCaya9FtdZv%WN-~d?32)($u;H z9pz$UZwo;+bvCg)lbG~8cAMOrE%-`rii#P5##KH&ZtG<5%(yD+MfMpvbM%bn+VE{4 zm3tR?GPp@3ZpgCfT#uLN6w| z*N!Hq9f$uO?T~h1(y^Y=zWf$)O>Q18oJ>04jbvx1TF6}a>gxJ%{Ht<`Q|Mn#Q9k$8 z)rMK-#$_rs=9SBi;gfns|MX|s`z@%k89ya2)O*fLKkLu^$G&<#qGBmC1$__17-cu1 zg=pJ@O}_6rNSBzj$_>(3yLAsMJ9NVz-22@*abT27Aa3nH02O;NTN;vcd%LYx#?wPr zX^r@?;$TUm+I{;cjhaQz7J5#cmG9Xea^8*a8PO?98olZg4u2`fCh40aK9Mk3J|S}Y z`=Ha`S%MG!l^jcdb%iL>DnR9q@dvA^Q2A3@A57v88r?su-JvRE zwPjdouI!AsbFWi0R2u!<_upUi-?Vf@9wAfY7Fsfd+U+JxtZ9nd%xUonGy5adB9N8Z z|NGYq5UMk%dXQN!5#9vmQ1!08! znj_3=4J|{#cki#@dH-zrgI+0ZQ9j;0GAv1M48tH*2PjFs+fBV?z6x~v`uPRAJ>-lW zk>rp`HOL795jC|uu{xsmI*rnf zWz@K|_3K3MZ65&>q9=PJoQ zaw^0tjb>5b*U@to>wDTklGCVG-$yzIa{5@}wcG@Qdh8=uEqu^!>`}v}Ytbm*P4ILI zS6y7xdDIRXXNAeMcSOj{^x5i5<66yk%ge?GZ0C-M$(^v>y`QQKR9Buf(F&^LXVz+v zqS9jzgR~Itj3*omYFyBv(GmUnpaY~aF#yU_o z3&o=8aesG2MSk*D{-|DWq}|eblY@IFc{xzT5n4~m14|A#ZWQX#LeFgL*-RncGwkW` zzX1?u7rF1bL+I?4N?w4QC%g1xv4vK&*Y{wMRtTbpkJv*vo!vu2TNi>%o35UdYmt7-CH1IZX{Zi6 zAk`{fo^3LQo^~-NW9+N187jegg%YgE8*FeAPPP<i6>a<6>TaP)0n_1!6X2%z7>e~hC`$~Y@w>A75{_p&Dk$&Sc4Sf+P4$dDS@+A_V2 z8RPz+x1{gK*}odM&5IS~d(ZT+VQ755H|Tp(a)CjQo&P(|BMo>XK5nS|7_ z$*#lfx$1}c!4pW8#MEaU(l#m}V(BxPEF$XeopQAG(l?(^eXN?xo07i2Fo+u4q>5hZ zu$r9V>zI?-qHTlp@+_yZ>&*2Jq%r=@6IS^xdcFI^oc#UpqgeiK7;o}7YklOelWN3} z{p9Z!8bJPV@RP&_{g*RA+%&6wJt=m=SWd@U3Y6G!gu z0?=SBnXNa1PhSh>ea__SUrPH;uBIgCph>bI8sjaD`amS)!f+zjekf8aTD7Mx^QBpn zG0#sKAB0Ds*+FS0v30M~+aq2gA0Y^lyuBVqpOW$h=NWKP zE%<1b%8ZoxhRF`t=+sdrqTh0tH)`$Id+Wh@jqnD@tGV+5`J*~$mg@V4Lq=Py9G?j0 zzx%Fwv!F%$vlM3#z`r71ORP&J#Zll3)uNw`g10Vz9&7#M&I3A1K7Wa@iW5%J!GiPT zA_;X_uXW1nY%yiPd{7GbD+N7Py6jfpBZ6TpiiV%)jZXg1yjBL&UgwJHo*vh&r>+dv zNCQ|Ssm|Ui!x|bOhjOVKzvDRJr)faT-9^nqL2H~tYu)&SnHcM~#r&UTF0 z3;VJ;B~RU4?rd|pvkiXh+!<>?{rdfM{ay(8_`PV=&5P>??#x3qb)kSIV|csswajum zcji<_HrdhWK#RCykK$ZdZ|?23{;jL)-Y&|$9m3nb8K_HD+ZIyDSvRS;>`;4#F;*hmn=M`q##*jeRI06Zu^Boptl*jkyDOL|c89 z1U2S_L6zb?P0w-EmBtn?if7?TWZ<4lcIqpo1gOuhhNjOF0w@0cxYL9yux`(;rYNtO z$)oJGwhbWNi1ORQp;V32Namu4LI;m3`LhGjNDRKy5qVvZ-m2)}Ez4gW{@;x5zw{RZdFxVejb zJQ3#X+0CNry6u^Rp9K&K%QrC&KulII*16S-D+;!^9JTYC0K+EDux$Rr1)e0Jw>nX- zJle7r;j=GS@PH8H)zOannsj9gTSms4VIHsKupq^h=;yDw38Y#vrAi?L@*z2eY?X|t zACh5n=JFA*VQ!g@4!BzcT?pWoaIx8)S=^8Zp3Q}|?M`jEC+u_D8Q=HnhCe-58~XF@ zAY}bj6ht;&E=DjDBq-5hg&S_L8UyE;q;yd)jRh?G`7+?5C7;8$i53>*9BiI{f)p(6uW1?)ydORh~|d#pgx*FZXx<2Sxq8|Jnauf6+0k z+(u3Clazod=t_z4^fiRooWOeZSM3`#MO5+{D6L3RLYlnx;4>3!vC5?PW=TGKVoh9oF=;}|gC~Q2;PqGxrYjT<&Zvf0B4QKUVe8?OE38LPlfPrlJlaZrl z0QC(EXrvXkn7tYo-y6yn{ecH0i??N3X{e{!Z<+!j+pa7sp|0$z(}77Zd;++|;|=Kr zWMcAB04(S~zHgGO3>Y6b2Yz{}hGn+0S04th4~N}$RA$6HTL*kZ*g6kQz^N5@vrTt& zvRtp~DVE0o-UL2B-l;`1M~7SAbaYs~JYdI9=UY6O7!I448F|5j@QoSQP){<$mQPF% zn>R7Ma$f1guyr|5=S~@z;}vDXn5D_iA5r>eDeTG_D4||rof(h<40K5R9L<~eGUx0gQAi+ z<4lzyTo2JIvnSw)qdm8`u%hmtu%*-arGE0$0Upqwj%9O^9~yGWZYWqHc5CoI`CCD_ z*-c2v5}t0hL^?#``}xTSG18wCWJWKd(jsVOBL_LG^kyKXRQQoB!%&OFhP}z#wIl$= zS1)GXZ`jV@oAnRiI~#zD?PFKL_bk5ShHy45&JfPd&ky5k;>4ML$Kaj!y6(_g8?06w zxdl-hi@3W-r~%7d%ygea(4wwYHYdS(=YIZ>J^SIydZw2P?d678h-d@x2~CbiFvG}S@p7A zoug<`H7i23=0Pffm|(OeXrHTpEZ8zV$V`OsHhSAs(OZW-BPj*@1KYlaRHQ6GwE3wg6LvB>|xWd($&A{ZiegPqL@os5j(unvYh8{N;Mpm4+j zZ8_Li7^^$-`D}B&asljn#7Dt7BXbNZ^erAwFCsgfJxIQSSb4g7ggi}Rdm|$Gtwf3k z!&pURa_)!9X5+8B&zXcKL59C|wfpYJPi||q@RKYZHz?r^+`}-dUDTF1EV}pS5^G!A zD~m)UI2PdvAF|aVeNM==h=gI~K0Doqkbly4R*?Q0ux-)C_y^dW1=zL3Ew^+1byeFA z9iZaKxLH5U7eJ%ghHO`Lv%U06p8HsaygWEZ<7`ihQ@6f!koMj`+O^<$He^x* zUs}h7<<;4%_4Bpt2>U6!YdVyuNyl4xFC-nsR^AO(VURAd0a)H%hQKcDZAt03q|Q@U znjK2tXP;XOutzn3Y!jee=FXEWNm3xCYpGswtrS*aV&)I?yX2fco1dKFK05-2<4XwvH6f8?C>6T)#<8ICpx2fa9*nwEOwh*r8jWh0wY_#Ijnl^D`Fu4)??Qh6W*KS zEM~_s)l+EdLJ@3%xv3-RRX3>#N+O#K&;ZcIHiWJ6^*j#h$2^@3|I1_oOCo`9pO6__ zI)Pm#nToP0vml1Njr0K6%AoS}1Re?*jb5s&xIshF*=i2k(XUEHL6rxril~QOzlR^AKFK~T zsKT;cLODyMKP=mG6Xi5=luP{x%(1J|O8x0x{Ih!^R7p1xs_{_oq|)wPm-k726adVD z$^x^gJ?o1qy-h%irc=knC_4I5XR0g;Ezj;qpc`dYqI=WOP&b6m>z~HYg(@4sOYn|YQJiufW`=+vneHFVMUvq9QVPFpLm2jsu8qH2LfmNz`C z0vhGqs~asW5Vb}v?OQ)s%ZfCX0CC*UJWZI~AUd%#GTHeP-OxfRIcGF8qpTRWvC^B}g3LYv$p_5DPyta*aqy=%;CUk@DLc;ukic9R6S80h&y4bpJ zBFN~hpS>5a0@fU%Miat8mZC=H0E&W%eIT7>piSuTB-FQ)9Th;cTie$hB=*H$9t@u2~VQTsAI!7a}crs z!b2EjFGSG$fz+?vsQc>{d2Zw`8@Nk}yA1yu639V7CV|EBcMh@vJh`zJeL{v(H@-0g zD?=EMz{1263$#8@7E@#Nufv(>wLiJ25gN+e@e-7L*252@re~4QX@knAsnY=Y1SIKz zWYn}dthng)fR1IQl@pLiMDyF6U93`{);rZO0|nK}jZ9q9hZCnUpanR{|^~-J$FLRa(_9P_5EKYseK z4f__1hdPH7uIZ5HlVPAjiWt7^d1@_Ipkl0}j#r%OKxBy`khaVDb^xeMh96fC z{y5tEU4)cFwY*=61&r@he=j74$dp~K3#_f8IWVzIA~^S(U{r}xE5VIORCxHe)|M)axg|bWj(!n~HCO_@=>b=%ktT3?M;l zQC9O!v4+{^7yQyFQz&>YZqj{9K(R@^*QARYiBI-%q8{DhYoMwod}d-~vckmT_he$Q zJEBN}ZiCR;^YT-P<~e%mCVFJU;+2>-0I*ekG2@~e-+@E_!gj~J(bdyydZgAe9jkO< z0iGTBUp=Xn zAz*L%SCy&Q?=B^LlHD%N2@Iq|zX#D;D3A*xU)qFF%7Vz_rSUfk{7l8#J2lVvLm{CS zH2Wh3ZlHi6rtS3Pl9Iv!Z=3UiVdAeF9Oi)f*Ubu<6x3u|%Debl&Xoe}O7>SLex%j` zv`XJ&VZgaf0X#p=!Gn0}3rBsoxj-OHT<4osD>T)LNjv;b*GY}>m)=ZPN~0HUckx=4 zCHYL-c?tMPK=hEkG{}I#?MVzP?)#&t89Q(amPgq;aww?aatlinoqK!h8YZScA1@HP zu*%%@Wp5)HdzoZ-d5HG|j(PFw4K3oqU{)J9_&fJj*+U@>C=bmmY^K z)QU_sg}E<%VF$Sm6SwYJ=)Uc|$r0~ipNt|#X%I?@TYMso(3;Fd z%t-k2zU#G0!c>WBTwSeEAf+0m>rDbpH_djFm(omPr|Zm;R_a25Mk@fUO{(0S7wG6` zD`4m`iWu_nVmdo5FeQTZE4wXnKRo+MD(X0IAN~q`!($N-j04HL`&!%L)}#A?!c2N8|nJo182PY z79D6~luz*vV9TaFe-n=e>j@DFfR8fsteRBlOy6r2-^>dW>&3l(Hlv`|?XB0J-(r}m z*T3&Gpx5F5L9cVHntJW?dq3zkTKgITaeh%ml9z|Dt6+ZOd=v(gRcAr|eZ}(=h^1xt zbOwBSgmC=U7|98}nLyhy;g75+k`w7#FF}S&=v)mZw*M z#ZDDjmD9fG(x%bN-d0u#^w|R4$da>_%4-Ulu;TZBk`0ic%X-ioMQ2v`>dI52B!)(_ zpkc-AKe)0rDqAa~72UST8K{&xfPvx~S`1a3(TmQ1&K0N>B+mYrrkj#mu0;`EICA?x z>8uduT*h1%3osRy7(Cv>r#XM*wV8?$b@EiQ`#UxT<+sFXx;aeTevzB4jy_Hov|=tX zEL*#q3-kqjX-PR43T53yFJB)+2^z?d07F`q(Y^kH&>d~#=Af1oM2@wIH!)zOLjhK$ zB~UBu>eHcNqWLY!nL7+eqF^}jd$o$uNfjcAueaQya)@?MIYF%@T+z)^-(>eh2(Ec3 z*A3XV^Y0PgTQ0O7R_Xx)kp|nZd(B_1q9X0^ASmp-QVhK=<`So(?)cr&y?BxW8tF!A$|j3oR1#Vd8>}C-^nf_0huvfK`%! z5V#35Mh@K&2RnlWqnZ&C% zsp!SEYS@;UrjNmC>+BN?6vj4YDju^UoFB4OA5L^jrubSZ>Z0*<=YoGxo)*WpWD+x6 z(I&At|VC~8****OSS+`w{;>7=4Dul2_dFs~Pz z*nfq2%_O!QSaaY1pl0;;P#gQa<}NS0%OBk3yg%ZYE?!dY;B zdM|1l1>bX_M5z_i2_4Pgty672V4ttlHdj0|nL_(>oQ)7Xg~1>v&|GMR*!{!ARp%EQ zwAE$yp8CbOqmMeOZI9$*lZTx*^@~Htwe66cbIST1pC7MXLUfxsB}H9#hDVQ4R~Zh( z3WMZhhp?ifMa~@>0fFq1^V-ZdYZA)x{?Xsh^mC$`;P{EHyNlx*H`l17u7AR6gjwne zGFSsNIjuPwM&AZX9| z0?qbuVq=EyN8#M~{7x;;DtSr4t|sw2lMAYq*eg{l8&FNXs+xtKfbIxKD2>&0bd$3R zD>BC^CW~hT$^kA2XPRqv!4Ha9gAX)A;3A)~|NN`TIc}w1qm~(_HtI_%BQka9DnIoR zV;wy()>2@F8bV58v6~4O-K16e)4f6i{ekFp+vVxALXRxmt!{MTjn@!5S9LX~s_JW9 zh%Vl$5K$#FQm1SCr3eZvXGUnv^Aa+<)&S{21?Djv@z@2Sa&+(C zVvrfRT@z^^La55T!aZ}kE(#ern^+xE*XbV$y*Rls$z z1kpf=-Ar6s4!At382?rL>atjoK09cQB^&KQCT+K4=C^L%6U|)zb!g>1;M9cy5U{<- z`y=&be7C+%>R4{0JgwA!TFUwWE$UDAbKR{WW9m^^es^0@H@M}B92Zfa4r*slvEZ{m0Q(HqWL$;M3#>J|WrwJ8tW)aoxBENb1_$)b zVS}K>baQ&XK9J~S*Y8jtT^$W6hQ1$VA!gf7#%QqM2jX7)n55LJfEWAhHiW`G(Yb^4 z{3I1ivj4Pr7?F?L%Ff|QPqgr941aHK^lVD>TUSmMlt+4w zg^8yh>1PkCBm{__gn^y$nUgDnsh=xRab=R?x2Smf#q20oyJl-oeH?1Pw8p=$a%l~m zj4c!OnV04uqtp%&;B2Gq$a8~3Xpz|WH|>sRD3PX*A!ak{_e}y@xT(sNo!n^&m~v95 zO_En@fhGPqOOOs~Gi9S)sX9uH%u6)^L6}(nu#jcxd3KZyd==0-%db95qx4h>StkOzZJ%@w(IwbLZ4tCbSHe7eqE_tTj&Y3fJa2T+ z9Fa?TlgxOIs<^_w#^l2N?9TQhvEIcthx3mXIrHL>uO~XHWDubWV`E6TLsHC1bK>mB zPNM(lp~J9ZYfdM~_E0do=4r;bBe^S_zAKn7V!WH2 z_NdSuWK9mX)!}KuBwJX`qv>-%wT8MNYt&tX?wS;;HPaM&j~Lkvqg}Tghr$1w6SZVc zO+qz8Dp!^Lal8J@e3Q3gFy3fyWQPIu8sgZRYVBpnwHp28DbUkdAw}r*$M0I{$$;~X zY0=?_?7Haw(YXVnqq9zk*ZXv?UYqRNO)Z(Y6OUY5qhDZ-q8NZaMG}?${X;_rY0rh4 z2of0S7(s@Crwj9b{YT$6x26$sz7}We*s3wgnr2!W!BlRN(sp*9a^WI?_}THIuzdyv z6pees|A(#n`Z=Znoz1==rqMqCaClY;;u;4cona7i&{4SA_Af_`AHJql!5=PwW2XX4 zA;-=MG9$jhrvq6REP1q5fdg_dtV~%wBpDLJm5f@fr1y578Ax9)IaTq;IfXo=L`k$! zL(D@A`;0$GK!LYWD-o})^DL~>qoRh+9@x-RN9P;5^89=wD^2G8^c|v0J2oX`yp-8s zEh8%$<8Qn!3Wh8Zu`sQtR#!#I2c7k;RfAB`M9G9|l1~+h#V8oB1Ls%j!2srZvMq{T~N@VO2a_pIyWh;S4+;Ojm? zTK&N0Xxm?|$eS*up<1^SNgJW4S;8jWkSA=WgPb|!$>-5gJnJcN%y^Uf1vfgRA|?V=_XiB zg4C9wdc*ydsC;DsQA#qF5JAF3%R+HQy1~OrJ&gYKresVp8|XEdG-P*`!BX3h!qHJT zgF%-o!21COKrYBWK{y`$X{8D65_kE|?-1JKc`iFtB(Il#3t2@ECjk!mUxP{8w5ODh z(wfbbxLAel+)!qi=3QQBIIjXwA=So^y!o2d%tgHuc*J|v|ivI zs2?aqZVG3@Mv*%N|vuD?Qth-EEVuHda$lKZbna*JPbXhQOH8W2uSh00HP&hMMY6dHs zwV}4ic=&O(IrxL(#)1`FepvY0eHs z&!hdbrkkVPj zjo(NMGr3+q!jZkt3F^XSJd&|WDL_?phTpM>jG5syM=qhE8`=bhFp=JVfWF@IJLzle z(xdFJ!BHE*2Ep$-Q-pzQmjo4GG!`U={U(;&KZ`i776NaUN z5oknnN z3K})3#=<(;MQx&5Yn102Sj)A^T84=U$Hd$FZrIPZ_tngWDjz$l6xsVr&xaO(Ithir z*5jX$J7IVj5aFiwiVxNe%N{x38~Ctn!iUhqAm|0U28lt#Ca0Tf2dz)rz@ zYI=S3QBpR9(vlnguomFF!OraJ&_ptDkXEj%jB3_x_Y)vA3<{__`HptkjUM)=x$X&fJzD zA74c$kjV1iF-UfeLKbpuW~_Trqk&^dtvhJh&gVX=F!Ys14B55l?2q$wkfMPBaYAyA z;v7DSl4~&CP|I9G*C#lv+%v!3pmWUz$?g|G+=Mf}&y%t1zpBAF8vx+DlK@&wRD%Drz(OIs#ee3NPUSlSSRT^E+Qo zUfsDCwDgY~6fIn-`0Z1L{t{M{M0;)QY)O^hO`=gqP1n*^xwor#@DEuZWn<8i;PDGD z+WqV^&u%`~HZA_hqP>`~c6=9@xxfNidE-g=SXmNfCur`;m9^pY^Z@zvb;GhF#yNvx zBB1Asgs+*xDNIg_D}aar7}R>$C;Q^Y{G#s8HR~n2m(xn}u?-Q-hGUc6;&5`#5kouH zOh|UmQ3pz4YnjB4?Z$C_P|Gv{?JZoPnd2n1)9 zb$(Xbc9PDX`Lzw)_tL=qSyyN?#H^9{CMU~Jr`lPmGPt$viN^H3MoDjs%CW@8aKW{JTXB%2?>HC;G?V1~!84`a?o;py0_b95+7`R%~dW zI*sEe8&z$eESO}jlGzUv*XOEx$&#A#{JBaOxRdK@EbeX0C5=KLjh@aoX>P~JLzl803>$5 zKo;ZH4*G%wBZBmGy3KB`9@APmC;Vm+)nwP>(Wu32M|mRuVv1fYm4magGNF_7Xu2L1 ziN_zKLBvCHkqa&MR>d{i^Iuf)_CYJgiw|%2D`XDvkiOq6+~ei_?rruYYcw8Vl%sakPUs+ z2K1+^;J&@!ep11GlkS;6ddz*6FM8ge32!k@k3dB%H|LruoBSQ;K&I+xSa$Q3(g=9$ z*9c~gsltL_vl=Qh6^Bzc2ph{0-viBQ6_A*^k!Jh*g+@Km_U{eGvREd%Ec$Yz=e}PV zWx}$J3 zA>~-L=-UpdX%4BSmwQ%Oj3`uoP5}}bnzB1o95n0|Toj{}nmZVuF8}LbC=t?N$y`Iy z%a_j;%{^*A_xuVB5~22J!E1l!@Mv^Of!nRTlG{8g`$s+sVu!hFr(JYS{9G$e9w?C- z5xr)w*Ox!`tQ>-WFxP)u*Jr!DVeiI z_1K_p3YhTR*-rUVvU-i`xuNfu8hF&@zLvxpPdXJTtoYTjenF$TU0N)Ub{pfpw5o$6 zX&Hrr`fL>1u+7J+zzD43v`X&S+{9#NAi zyVI4~J4hb_Jr02|M{w2AF1f{!@dD@gY~vi(5}zRLU1Ri)opndUeUB-Y3j`HC&v;xt zOX3&!!|;M^n?*`vtAeyX>z&=le&&~+%28%_QapkHit_r?{cO8)_X;@lr-8HQLSgB6 zA|IYvXp$?%_ctxy@vVE1+y+93{CHaHp~np}o_7%-V+kFB2fkX#qNoV`iF}oX1;4ud z2tHc#a|Y@^_bQQZKOA2@-Hq4Jm()&OxmxfuUSFjv<8^m+ALku-w%5xqDJjdoiZHRL zT8k5)FRGxR$p{>To`fbg-+y)a+U(<|F8(O!@Mtj5&Ut^1|Am1_yoqe%`VUf3azxVm?U zJ8|{{{014(%IJ^fIY3NIwSV53e~wxOEh>0K`g#uARA3THBP$&L#@-V@FX%+OovfD z`aACqAl+g3`!M)ZIz9)CQ@l`r8Qgj)-=_K&Bos^a3gPc;muo(@IyE)SEHGQ&NbV$ zUdsQQw(c^jH*byoQXSF&PQyLCQx^&imqwG_L27P0Rz1csyKPLnbfLmV+yM!Ljl=}& zu!U&*&it>w9@WCAE0HMCaP3umuu|>CW2xe9qU-4wuhGezOr2u`WbGFpW5ZF|?h~Z~zoudRO%X`2#lsn` zckuhhhCF4fMARDT8b0^6R+Hy;iPt6q7RhG*^|?{K*;yvK;&YtQ$!;|{sI%u_;4nW=lrN2_#v(xYCFd{o6Iop zvGQcKBJa_Cs_U(pPrJsG7f#j83d{D~bd%FE(6q$`F(G!@r@x39A;A1KzIWmq`M<}M`>Yi)Wt9&)U`jOXM;MvA z7>DLV!NKCeS7bgqSGFr2#G&ZFIBd>LHwzc`*hMj*7Dta-tVIc#Sv?Yw@BzEPIL_dV zj~R|52es9?u$`&uS*``Lny*MhGFy4SW^-7Y{$f|k4O`kPLPs6u`Z%qRdQGBMD>YJy z)>DJbT-V*&w!Je4PCi9GNkevnC3^)r=PbU0_P^Rb3vb77|TBsUWZAOt(gqwyC#`5QR`rEGIlikp!hH)oZ03NquG2q2sDy1(yUgNnSN z#p*+A!aO~4551hn%l_LW&*Xmv@SU~wSHrgr@MRK>CnMjqT184D6*os-)2Nqm{Di8d zK^pVcr!|`Ez-E#`Acu_!Ex_km+uY&6R7XvH_i!NLj#gR|^_B-@{$$NCHZ{OkZ7^y$ z`Z$u(8;Hx;#Auiw^_x{i?Exn<@~)HMDeS*rL}yghp= z$z~#KiIS8%OdPn?R}*Q?uSKN2=_@AE4mkp(ozR1BgI;1&929*SkpSNlTd^+tXo@32 z-wQGcDT!-cK`{;aPV?VZferT3wdTGtMw+y(GWpovY`ALpR@+9&Ig^KSe%0~GuGd7! z&NYd)Ju_b;eLD8|acx^9=S&>du_j1%J!w?t#4S=P7O14%y;bt}FHj~LdIuJu41-i; z0Se-cuIhG4tL?Y@4Jm0t4i~-NS8c%@A%|TN4y6FuS2tVy$emd*W-C@z>db zj%PJZy))l=$!({e_tvmryAOjQXp{mpbFw;-h_KYJ9Ll)KYF9aP%)lkkM(f(> z_udqE2{9An=vVgO*QJZ9Y@7Lu2Lua;Irj-a2M!2s`IdZSvioimyLcQ0&N)dm2K#;{ zd|5wNemn@#_6_G3tIH$N2@MYP*>!!~k7)G^3``<)0cn4}w&7u-HF@8cdtbOzYZ#_KK3bDCj^MO>;z!0`nM%S1YLVtwO-B zTEW6g`f!9z*{97O_3zuozgK(q@*qg{HcDI{TS6|$l~g}62GJ+Z8ru&E1W+03;%S_@vaW1-w!_JJs^@6Txt z6Q6GO)n4S`N90BRer(>0FwpSwnfD^?*{d}dzza8;qhCpFbSPcM#rybN*i65ZbB5bK z+8^$(djFr|k5ERRDM1PH$cfaQAec>3v0^zRo;^%c1`G^DR1NV&P>o}Yh{^2B3Loe0 zc({{GMbV|Zz=cfNOUIZrj>3ve+uxn(5|$k_-Nm+F+AjTdh>-wGNnoyND;>6FS$ZFrAj`R>G(?gOfM6kIquu1+311(34vmgy zO}e;Lmz{)@j`sOJ=+$y}PEfR7eckw&oU`Ib_&AxD;)RK=z6_tE-v7VCr^{mQ96smH z92_6pXE|WKb`VDqnTmy*DCl@G*%e466=l3Fa%MVa>%!ofIX>fqBHzS82hQSM*}=L% z+9t}_O>=zHVmI&-Q!t~tgI{8nUlwMDo%Kii#;4>MLrrrm7L){R{r7GKMf$23fw^SW2%Q^pNY<pcKP2 zg0oc@lllhoi?0iNjRh{5XVl~&fAW~CYKgQPf9e(iRmDrO-SRj^;(ZIFn{Nc}qtMV| z1Jn=x$JPZuOE~xpXls%s8!3}P*EmBdl0%EzBBa{pzyDf{Vf0!dhAd|)iLU$Ge}>^! zZw;vWtGfrsP}ANEqX&DyaJPOK_QUVX`SZJXilN_SAoRb_{%6pCZB`-lj2lX#4}UT^ z^o~Ct-|*G^x%8WZ&o^LyQlwjZrDc;)x=t+&%uPS^{VnQ(>=`VqcJG3;K4gLj0C&!2f>3A$96^wqor?Z1*v*=n8@j9z!62IKnO!w`&0C@mV zh6jQ%0@N{&;Sqf`>x((5*Kn|#S`MvBCy&?hfo};vst69 zv6>`1v{|7l`r0G$W(C`}xDg9XRF9-JyPN)Dza%B;L#i?(e|5O1a!I9fK948^p%F!p zW-~E6l2rb;Dz7bUxqVREv4w3}kd~pQOAPhiQwj|MK>^=$OSzTkHR`y^i6$ger!05c zk508_bw_oWMxzfY^>XM5;_w*va1kEwU}DrW7J!XZm#!UppWt34RDhh`c3*GGz}OW`6Z@eBl+{E)`4w~not3l&K ztwp=NJV7xK#9$ujH*fYxZ@&LJk$&RP9MaRQTd0{s`c7Vc71I0t;J=OZpDd>7hjeKU z>A3~39n#3h40$?)ql!8B${-yZz}ug3wiD&RcKV%Two`i?=4@iEox-FHOjw}Kx7<}= z`lu<%71_Kd&#nDm)8sZaWtx240Y#de_@&-t%5LW(O}0Ta>fD#fBx=S(bD_B-MKnn~W{8e_h`G`2&X-wDzjy*#5a@ zoxzmhl;;xj>0o*)4z+V_Wt&BUGHOSs{nb&u#?}W*f;edX zwYaV&(cLg?xIYuOpzebo#^l4HOczWXhkB4-!MSkXSfes!!Q``mv0{QQe9%2p@$Ey< zsij)MS*m5*e!ajmW0mv(v$0B*u!1w?iec`CWN)<4HeSFU1$);8@ zWJb-jTJMJx3fyYFeX)i8joyAY{U`b_t0nMXKe)i&J!&ir%g(dD_4>C3ud^+t@n+*? z(-D;*JJK>CK9Gs7x8kcMr zqp#YOkKGG!Pk-`=S1c1;siLhGJNw;dv40U=~b#%o0+N$9J zaU@x+ofgb&2{GE9ZKPS8y#CMj;0QY0gzN>Ilb+&1X2Yp#&TekIFxmY8zmks~q0LDb zoSW>vRX^t(v3|#zb8MeRvdiMu|A(|U0k5jM{=b8AF%IztH5vyrTC}0IH8|8z1uuef zqd|jW4Qe&kDJs^e35Gf)Cc)fZ4#t*R2ijt*7F%txDx$R-1ObO%i$fK)b*%PWlG5M5!r z^CJxHNd52!NB752r^_Jv@^P}9d_JA=^F8;YgVMO0DhR-h!;u@m9Hhdr|Nnf?2%CgU z?Npo7#wZqZXYw^)88y6iyvLfXiVdhXZ@&*3Q3 zMdODZ4x{x7@u$#=q*fW2x<7_{Hs7k3A(^q<5a4==f6w#pFZ_GDWhZsos?G${&w4W# zLpzeOeA@eGhsrNQTE70xJPW=Mpd~0hs)wMM4oRO-DHT@AGt*_|c7dYb#Q7J}4RB_I z?|a(V^~ryTB4ly;3QFD?QYH+=lMDno!(D2LYy4Jl3D!TkS6G`idYdga(6n)lZh{__WH z*GGh{uOT=UBxA13?Cg`J90bqukvZUG`VyT~EXk7$7`t&*9?rWtZ$lI%>9%i9xcp9Y zj?b8hJN#|dW3%pXVf;8gt4l*Ih#?c5!VgR16G;HwvZccqczCTc;!HX(1%AH>Er zeHXlnIUZSHhq=L0v=CopOM|RuRQH4j{y}?AqJT5|p9=27`&xnZbObdAtFF#YM(dHF z-+%w-Bza7m|Nf8UKfcHkt+WsMukxTI2O{J>yX(fCH@e(_BWS>mPpIClq38=+=(#q# zJ|$to$u+{pc%zGQyP!Gtm;|x+%H7JAnr-8aqYzAQ4T@6Xq*#HV1!XUug<$E3g#87a zXm5*hWU9ow#+dS~j}APH&o*rea-ptQZs{p?szKOf#QVc1(EtY*Zds|L5&m?b3$+-F znD_F3rUs04hp>k^cB@JRQ;Ox;%=Pc;lWf$C&;kyU@kJ+;5^3scxA91ZH#asRrkp_( zg}*#k_>0PUAD(-M20v?oDRz9Un zelg0O$BO()<}d=C_fw;JsI8CFd=Gc}GyCE$!B&*M;v;B5tZJ%O9T}!{@o1F~B8L^S z+YrH&F+qhc!nO0rsdlaAw zTP+Q_mS{n}z0|xh3iX7iW?$~9mqBc|Cz0Q1Fhww}<6SPokG>YAOv6qIAq~#An7b{O zDB>QBIOVhPj-&3~H!``Dh60ur?~cN(CLU0cE;+s`8zwkb@0%=4z(oTW9D;d(d#^(< z$-1`%+hld7$`rgCVXM;`H+nCpF0*6aOPZ5PnHjz8yB$$6L}#8hw=MSb5%?eJl3(cO zeB81;;MhT_zvzpJ&*FS#$#4ri%m+zm5FG`kb>i%;RW@M{|e+ukx&BpSf zE!(HJZeO1~YW&1_=R`_Sdbm{8E-;sc4OkkhK`2G&$Q;?c3;$F+Bc+nHo7|L#CmrP^ zp+YD_QFs#sf4c9@ll(b6(YdxchLAMlmOa^mC`HFE`xBYbd%bEM&TP|fHbLJ)lG^v8 zjcdHeDC+2mbPc`nd2c)9&H8MV{b}gCBPy6+3{oDkZz-!HU2>@XlvV3Tq;&&9la+^a zCu#sWux%6$_RM7O70wq_#*4^l6F0`%t#%QV{PH33z0`v(W=KC=v))Hk)G~_QIMgE3 zUc42eakvi3jyzq?PUPDLC99{)#;cxGoB{-D8J^V4mPeJ+1iGlwMR?GS1qblr_;L)m z>n5WEo&|WLDuc$TcW^QoI^pDn8WewC&?9YX5x_{5_9GLm&R30ytecaE0pt~h3b-ut z^KEwT_uJU?{(y0U$Pa2?BsKg`69TguVT`PHPF}RX?yN%JLZiVckZ3fMm+pq|m?S(a zAqI%t1LGTTTWm<+0`=vvU9OApjWp|t_e$dj2z%i3|#v~_oNsR?g59g>m21(SfS9?Dgu8ky!oqM)w z>y2t7^F`s_)b309_sdQd_vyW>M4_;)h0o4CYz4jq6}KGj`b=gHL{7pBFNPwT?mL9! z@DVWIlptCBa$Dy@6~nrUU%E+&|AoMsS((}0Y+myrw??6_vYMsQ%8hhXkf)=%tIk) zQ)Yvy0Et@Ga^Ln<(n8;)-@duVVxqD59UK14FCDiy-J^%$eZgy+_#m_e`-Dt71S4_+ zS=0tch8J*>*+WDQV)rfat3qGGI>-MoI}WuWROL0BZSfI<-Fr(ZG;AKE`wWD1>pVz( zrMy-PfjwSL!vT)rZs^wVk+Ftk`sOyS+2WY;kCHhbUA`(YR6B-{br^!KD(iBK$sA9J zH{cW{!a=Tz@Fo^sq_(Ve#ipS_lI0Cte>pZ|9>0=ZfNmddGB|_RS7JhK+iV1wK_sk? zc`+VHH>)#@n=?@Q0uDR!1w?InLa}%x0RuJzh*8RU>xf3#p1l!60ioli!=A{}fMJnZ zNS(UT&$*9casI($|DBB8-PtB0fFo#tBr`({fmKjoNXFfS-DfO^^KP=4;vpBJHCEyH z7;!_?K$5+ zuVq^r*p3F88=F@;jG8v+SU)`88M85&6xe4nlIcH)49WDvJ)%Z%t?p`rWBH`{`fCzN zc0DIk4;vpWd3z`ly=QT{B(<-+*q!z?FEurkQ>mvzTZ7Hq0gdppuOO@Mieh!h*5?m< z7u%(?Ymr(T8gv{(Mfk%C=VUV`A9F)G?Zmzx3#N40uJp%h>R!oIhoDQQv>P#*S}qJa zxz3zuBomj?WI_$qB~u8VVf%bwQQ4%P^OCl`m7uV=?CgI#OXakOwgrYQsq6;Wc-J*1 zblJ`%-r>RL!vLEw>5(BH%%0BpKDQp#OlP`rH+qel!FtT8UM+1U8>qn8F}_ z@J$iJv?m-B#BRDT-wZ0BkcYo$at~cJB_?=Jx(L&EU-K* zHJ-J9XuhU>{nIzZ zN7Fzc&}u|yG5JFVwGg`kzemffCu?%1&u40l?M%(*Jdlo$%Y`a$ zgp#)Asyw{)fPqx%M-@%)nS44<%v@&?mHzm+ecmAWFtN(9L~;1V9&X4@nQx&qaICjt ziOM#1rKdC`+c#)j@p-+O-K`H;OrD_z9^O7mSa8f7ZCfwhLi2vC!Y;eIG1!P@v6dhG zEf){vC_x)>BaHs$5EU0UWL-HT&gDj|k{6~a;;c#jF+Xx=gubX3P;@@O`h%h$UE(Nu zlWsjQqVRn8det1gmefSPEzpOr_zZqyIv_OXLSHlF`UEtUc4q@nrJIU~nvyp)->YT^ z%GJ%^bfZm*s}pLlS}|s0-7KHFHJ6@nyITj+r6*i_%fP1^tJ=_CPx!)MB@8&JSN30Q z__l*B{LS0ws%^swXJP=hC;O<-0Oa()`G1en_#if4O9M=Lz(0za+1&C{H^gctjVSjz ztXDr@KxU2a*CpI$r|=|yI3=K!r2Zf>;D{CNVd2DL*q7x|YunANz}NV4Ws^!25JhPa zIu^A~+s$z(G=Y#jr+}VM*!@{@aZ)> zXjppDv8;4ySV~KMkA5k>wiN$%ybr+B(Vnzfr8X1R+HKzL;tnvgizg-b)M4qz@Xv^Tq|x;+7pKO>;lWB!7oo#Fp&XveJQvGCap0apqMJ=x0FT~k{l4t zAxsvr>jy?`9|J?UYdrLCoDp_yK`%Ywr3Lp8^W)!pFF1(pcdSwcRrhb`6}ao2(?R+h z47dQ_@maf|Fu+fv@Y5jtG>}yjA1)V(@is9Iu~yyi&Mj<5vs{Jrsa4KLK)2Y6ubEx& zOpmq%L&XYp4)e+3hAELWAJ9hJ{4_D#M>>kK%yU_B@48M6P@!o#>5I%K>2aX97o5`6 zNzC(BOe@52ImP5j;; zOKjtFAJ+=Ya)A-Vp7>1OkmKNlVN$RqP5p)C-auGlSf$1$rs(X9Mi5^#ZST%kTfSo~ zqsY@YmXF`NX!-aG!%(=jA2`@`2L^}#{7AtYQJ`a4BX%^a!zMa^wKRM{PzyVK_frd` z>gX2_fVhhYw8-PH6R+?f7+> zB|Hl6Jq@0D24M3gtRMeaoM1EZHQsi@nzR+j*ObYTeC;*c$(Q_KLzb7X&YO9#Jh8Wz zqf&EGb@)zt#A(~Jw2(ezvi*!5ryr(zsE1~08u{s9Z_{&q*jp_lq6>fUfsmUO-j;U@ zgS=lZobu>t{=Xh(?|=}cLiFN(--KBZJaLP zf$}XRVN|dSr!9hHlg?~SA^=aaVTXMZ9UC^aTs%lgD2%KsWE_k*`3W)qD=iaLYv&x} z-;iZ|7Xhe%|Mabq_B_Vft2knu(T8#LeLoIoox+HROQ-i6?{}Pj zsh56Xrmp`OZ$lE%3inoGg6<-%x`hfWHI#+JIrkdJ>m&i3xX$Ui4glHYB*tPLW&c$=y%bCd-+Yj4fF~iDuu1( z;2UrN>G+z{vq_y5E_j}g%4W63y?u_ctK~wq*-%W_yvGb?(O1#ZMsAR(1Kqt7ckTGN3jpy_u)-rksxXoJrurWE+WMUZsETkiId2b#sFvQ zR@c!&6>tc0EwwPwVm^ZUy0ToPb^+ynod&V1e1G8!!}2C`)p((A8|krxD8YUokzBm3 zi|C=>wDt!hSE^KkAwz~MMk|`im)f$zC?~coD+I0lYnIGqDZh1>>(#9`1SQw^`Jjbdvt%H72hXM9b^f%(>ddpq z-eQd-v)D_a^R?Lb_F*((nE8@T7nin?5#KlT(l$?zA z-ihF8ko}^DpUKWXH3%5oMEwVWTa#mpim@|YpPT%b>>{9)(zuVi|Md}KeoaJ`Gh}lN zM%UEBQ4rJ0IacOMmceF^Yy%|%*vGEZx`p~f?y*ITeY&6 z-gQPiM;!OO&jq<-%RF&OsB|@!!UO`tqg;>)+uP(#XDnMTNF9$cRF*rST#&E0_sRuf z?FQ(1Pa8`zc05|jP3m|Er-s*U=Xy)@y_WQEXije~%D%Z>XSfw*)*0L4b}cn>iO*@= zY13Z_Awk)b?MFIos@x!v3>OT%5{i$_DG|_0hQbQ6pGi;ot+ZbV)5yfLDjhq|6=Uz3 zP;Q|ZZCo3G^1@Lp*;b>VyS^7}6sA~cIb4u^@nfTYW>*bjtZ2n~b3sY<(3^@f|3=bC zkN!-yG9?@8=JE61i^TFR4v1o=b;T6e?Z&KF_Vb6NyYc@j#BWT@^&jvfN*W;zz#@2`dsNa_N$@TuIUIOx`;Alh3<94nzBT@h{)M2}(}g(s;LED|^c1 zYkV7Y$jR3yLto$2r!NKCxVNTif~tM`G{R$r_-gfgKq~v@6uvkkdXcF`_QR$+P_YqQ z=1m~_;lsXbG4Ok-c!c^$OV@Fdw{$Vl+fj<%J|#?KPqrn``oH*Mnh6NM6(T#O6+ump z81p$E$(Wa$_sRNAS(n6b(a3WNH9rMM3DFzXE|C@C)3J?f6%CVOdU*>MY}WVJiA&+! zEuXL}PP(enFVacXz902}(5?-Va8kJbuP#&G&cyel~Do{ANc-xnL)iidSmwr`~dZFg?zM5d@j(n_fSna4@QDwC#QP}0( z_ON!yd+Kg->cg5P|DmDxSY!TC^4Yg)M!i@|u1P_aA+LDIl8YnYYf`HO|B%OBBTq!o zxJD+Y!kSTkJvP{>&04gx?i&l+WIT=8>MNq^%n1Z>76U7Uv-+A`x1Wc#sdcqVfv6p_ zL4DUO*#z_(qL6iMa5%X8r)W~|AFrgr8jh}`r8>|jOxF3HYg4_xXWyf+#&Ha@9*`ph z`g#qR*j?My6pfEB8cL*f%WNAS!R7@?rKongcyz`4F|i86)^c)&0MU$3YM zj;!jQI4)KbjMwk5ne+OKO6n^h>TR z83wbLcAFm7`r{32Q+JQ- z<~b;x#FF^Y-L)f+0v#hKf{u|Bx=$NdL?SzQ}UgOaqYmG`6d-7}`Cj>wiaHL(`;IG;XhS(|IKUk_#4L01bs zdw4FE896~?e1kiYd{U+uTNDmyu{gknX8SqI-JRxsKAVKaT1W^dXRiXxfXu4p+r5Z( z$DSA#!G^G!4E!%Dy^(wU$v!saUAIQpAj2>YV!|?sU~ zW5CtHAaZ7vq@{Cf!JuRI7qMo|r-n9>EGH*+zB&fMO-gTRtW6hBPS;dUmPa^A1)m%J z>gctS{x&Ojn%t7+k%?MNZf&}*oWe;}jA+C>qBgbD$ngp+=0Q|bZ4;Wix1}%n3oKHw z&p^-S%+a&l?Jh>v(>>lBU`DX~+C_ey;7;+7^I`BS)gRD12d# z^I#Y^5C{Vm8k>+Q*o8;~;AmHqJdE`$0^DUgt9{f#U}=In&!hUp#&p?5LzJr%?>fl} z9^1gV%gOvB*ry0w^VpbZmKuT8d$}Ndz)sq!6x|N&B=^|ZsUFTku zPUgV*$s7Y!V}m@Or$|K+mA^KgED;hUEzF~Y;6rT@si;1koficaV7B{8}D2wHws7nTrj_O^55D7rS*J2s!ssCUT;~qIDZxk_agYizI4Uu?u2D&(|WPlRmW26IF`-bsFFFgqL6C zmS0V5+m}g-2?#_0B9iZ3A=3H>qDsnO_5PRvVbLEV=sp^mt~cr%YzS&Nacvg1<~VYR zvg)RdjJ7WJ19h71O3Z?~O#!ISTsa7+Kz5S>lw;MoKh3i0u}2JG)pr-U@zk66IAz>m z*9cpfJm+20z7@jI0&CdI95nIloceLdi*(u7zqlDqci$RrBu7`ubxWmnt09_BOG}6@ zp|Ky!D5cBR|3_8+xX@SG)2iI3+jQCA?cIH=tp3a@HTnFOYVwcn(TPdE@RQ)nB?r%j zo@2g(G4vZ?zqrveI)A$;V%2;<-9lJ&_ZKQodiTwS>q3UK?IzE=lfs(zS;K5j+W;X z5kRN9q)V>l6-%!bmdAqf|C8uV5hE}mo?M?=l%E2kYrs~LjOV1)WXD?2R421>q;U#K z0Mxe8rqI+Y5sneOOCS&Q&C5h(`ir@k-4k!$M;*H)G6 zXF0)+1Cy!xs?FJD@}Fi7B5&9~MJ$WMN7;bV$L>DeOLBh4z5o0dkLcBnTCaX=dsQ5r ze75-gF0CoWOw9CGlP@AMaeVB#$=W_4zX7+4%zrmb-P6|stERrb>WePSYsj&a-fo@O zP(<|1HVRRR&9h9ynojuII;SUkX(;ocLRIwRgj&HtHdCfgfKl|l8sS4%$d#>N%^TT9 zCEb*ZGMk>u{GM$jE<>?aySq{cGwdtrWTx-L;E%fZdM2~A6+N7y%u&PRzO3k@S|7Gn z1^QPCiaM>8X|yF|@wY=TDxf$_eVkLxEc5!J`}*}h@u2=t1-;)ZupwuDE#HP5bon5R zQfPzP3hNIqsQ>AVLF#vWu~o}H>A3q^uMYb^-hHXJr6j)Scn-qgu>VHCsFnw3d0{^{ zkIIKLJxD(-!*K$to_}}OJ@2&p#asS)kfB)crf8&3D z$*&k@wa_QtGIaltEKof)h6LMUr%b0dMt7{=qNN6Z3wQR(mIN2jsg$Q%wj30F3ASaF z{|ami`pT3^(tkA>;9ItfFWN?*dhIM$bA`y?^2`F_HCN^%Wd>e;l6gXb1CV9)1T3Cl z6}k5sfQnuEE^#j6rTWS5BI}JtUd7&nHJVqWC)~tTV_>(=?KOLYX)FqF{;-cy-fS^! zIh~Ql5lTzL2LlkC1(*7iF{yKUrE!fKaDtn;gDg}+>!n4RM&+ZTT4)XPPQFs9v3bdx z`$zc{f4RUmd)r1gBh%hg=?RmAfo*~(9U!Mzneydf!zYRXS&&rAJIvyMKGGk4UP2(E zNdbk%%uIdY8dtu@xW$&Vn_25XMU;m-TT5C}qN8uZrS#0o%!i-o zB3A#lQEZxi^6)RS(**O$XVd(lC%pKwf%FJBjA7~*qa}+vot=#KtJ``Hh{r1)7=PCn zp@O;ujNH7-@y@P#9EX#Jo6h2cx1 zq*$5QRyLNVg8r6^55yvpJAh!C~!WNy| z2n}1G9lmLkOSA$_{;0{>BiqzkYJ8)8{m#Dd;=ZmhRk2{FR>CXBim_Tg$uX8inq1Xn zB6Ex!0q}zzkJxMV8mF;UCi69W51901(B1Ze#u!0ITCfeMoL{@Bh%PF15!POtfHMsGr{076?Z^8asWtYne^EcMGV9f#Y?AzaWiso*c zhbdUoO~bT_Pc%-pzB@8^aAT5 zI>H7%)0-x}S?u5R>X*T{N-MQ-GrCtSQ{T5$vSUf9&b8Gkv4MRDNt@)@LrL=C+oZ64 z^1_XPKlW4oj9C}&I8xBlQbK*eN@4=MG3M$7hOayzK zfq^>s+c3A2!99TB>5{Fjqq1%6XT-Mpp$8f;!-T&V{(3+qKi^V+l2{q7Ew&rb@<-2W z2xV*RXT-<)>DTgPYgvP$p}I_H%;-tizDyJ)-OMea7<;BmHo7+d?b`g$AZ@OX^#{an zC}D0G3J*9bYYZQSqg*neUdcCIX9u{>ss`z7HkC4qy(gWA)J|8k#nn95YDU&nNGK0a z7|>mG7LebI0GO){Orxf)jENY#4X9Ug{d0!rHv1Wo(vM?-Y^8UG0%j3lhJ9yPIP_l! zB3JU@{n|_Pld~@YmR;nqc<5g^j}H;6G9J8pq#bdBh}kdnspdI0Lq{ld&7~+=b|`tc z1CHJyeM+MabZ+5!`h@9(0Ome!d~Ol6-HD*_Rj?^~xqJIYJ7ZxksdjE2OZ54|?$bt2 z=X*xT#oF=lpD>Z%L$DC4?iF&d|B`S0VTZ2%3#Y+SSL%0SceKuTzgyo6qDkv)AJ2Wn z%~Cm$v17#>d9uGX$BjHgpx(LOM}#6N%rSZQH4LBLr}M zQr+7dr10GH-IDP6_6GU1H!^2MDq;aBAIOmH@drM1Y+%>4QeQ{E+WBhpZ}N0o^BBy^ z$1fg6zY^(rex7O!XFP!a7@m2nx5&$jhAgI=qRiO}Rt2%eQAN~pv0;*n(&(aG7vT$& zBXgb?>{!g3DB_a&ff`F;Ce@0Xq2>F}ahA?SRrN5ul|_F=`zsWwKVQ13pp~zv70*%F zIJA)SFy?k<<6p;5&5wT(yetauOhwRHmB<$*7_P3)&vXeKe9@ci*XMNk`3M|jW?Qc~ zpXZ1zC^^q>zJ+td@#%5eFRW5|PS0#t#t6NfO`C$+sMpb3s$p4Q!4&hW=F|8eg>vPn z&c2i}!qu=u>`xs&8byU(y?4VcoAP-67;Q`FLv9R9V1H z`W6GD>q+Iq8!kHe?BbbmiR&p})Ag}-ecH$ix#=2#y#Bg;XDp>k5Tqt%>`=AsnX|EK; zq(tPj*#x$mV+bU@MzK3=$-t)(+Y$e>?TK6-Mb?{jrv;17Bkg(QEX^)F#TF?{G8p|y zr)zc^T`Q;^T{lG6LD@c6$(Lsi!uX4MY$h*!oG<%eM-n=xHfRdH>QD1(bXiCy{5aOFY8tS`(JC4-%vgZU4e7W!HPAo+1NWKU_k5 zt39)7ESr7737VJk#5S`iN$MnS*nwi)`YpTm!hfGY4`O$;7~|Fh)sUNui>7V7kJ)fli$w&jKF!g78>^+*P;k>y3TO+@2{_q1 zjb!DSqF$1W2`&Bz;wtd@9cpzEJ|Ml3Po=qDbF%|bM>7Q@cHCLqydX^ST%(mkm^HRz#yGruQr~q11 z^4BiQms``cZPyM^l~+%U)T9{FRgFDXrK*ZZNaRJb@DApu68Q=#>6g5_D^z8^DM<85 zoj(m23eF#U!SMZlwlwuhrj1&oU+w!07JJD))>9w>gRz*iy-p4?U$ahqDo4i`oRK@! zKj{_?+rM~*pLpj-iZ8c+VcNCxEp7m~t67|#=7S6!I!|^ocjo_SEbCP{9Vx5VbZ4up z%j~%i$fpmhS$zK49CdMi^URtt>)Z$O1l{t)aQ1Dr4#~8t+pb<^Fxc}+!-w$E&c9Ah zl3c-l3-yl#^zbWxrFm~U*{Wst^p@_J+8yE#PH@N6lFB%NV``i6d)8&XqDDDO`r$l* zlq(=c?=O&%wz%I#(x`T1=G=|9hLaZ6Yy8nN){S}Mu=SXg89fH8z9KN~oXhanI-1>YX{NmAzGLNxM z)?Gco6v_fYOkDh~|kb=tx&n&{R(8 z2&-x_S^d^qhc{BGU-uaNbag2VqZaDvS=Absb?15`V;3&BP*QF?2 zhAxO~c-MbaJraVhkL<2z0Tj1hF@H+(V!N**_`e5qzlAm?y#1; zFQwVdzSK<5EN|a*$=Yppi+6p-En-sr{T~(8XphKhYxouR)o{_iY46p)*gxK7XH1Rx zbG++cpf29^mLYJP_@bIoqn{(rdWLM;54Ap!VqyP34;v!h{C*xsI~&&D#DcDu_E#wv z-Y+yzPM>EEqFJV(7oa2YCv?pqkbnMeQyr$dV*d^%ZdksfjMGlaIsJRR>e-IgA4=TmmyOq&ig zd8%4oy&(0JWl-l@PsiF-Sn4}GibBjS}pis=T-I_jVN9Av!~T392WNdHP-ZC z#S^>YRHfa~B5sXw3+WRa={G2cgAh#ky5I@9Gs6GtS>ZCu0ZSf&4{{7H{=tm=V3{X8 ziHn)Id|wkISBVoMj(@>bQr`mc`^rVTICE#7eG{Vl9*vA-P*yui^MS`(MzwJ6(D+hz z0YJ$sw;tVV5cl0=h6QVQeR4%FqcNS;(Qpzfh4f><5GJC3Z?BO2#s`bqMxDf8u zJgy{^7s@i7m*-hz&gI4ez~9i*Aol%B2C}aBJoA{ANNm&d46bU^$23h2rp&A9*nq)2 zn-Y1tgw7uqf``hI1dlXxKBp^@YqGfwh$+C-# zeJ`-W$cN84U$=R1CG=KLz7n#i_eV3cl7nLLYXtTQ(=>bNSR>g>Bwfh3Bq6QQq*n9T z3o}zcHcVWxneJY@Aiq23{|xNzYLX7MU5{fv*KN~sgHrAvzVMuLn!a)7^z&^;-xbi1 zL*$Fk9Xo@`BBvY~mx*DZT~X#V9+>y@7*^&Ol{MHFub~|B+;yWav>!dVjFbK4wRGx9 z`$p%jT<&fh5iZb85c|z#gX8a)*XIw&@b~-HEdJzDySeWNhAxN9u4lOsM@<(;J!o&3 zqe#tanmpScI1yzbs!<4bCUQ4KtbM6imkT8{6xcu0sPdZixWaII`xLh_<8>M4uTm4( zg=Y4M@z^if5~jTep=oCNN5a%#Z%(i`4s1JH)CMF!Km+M}3e1;!GGspgP_0~2mwB~M z-e%@L{XCbM%};;#H2io3A<*r36U9FDdv>y5Jy5

uXE}rW12#KTe$#c7s%oE(nfb z6T`2LUr+OLm|@d$Q{>y&fU}E9D(}4OvU#QXbfj2O_~3$fP43ORzRQR*pc6RbdsZ{@ z%dO@I_q)_CknLTM3StLj2rF?TI2M3xh2TV@Pbs2sX=Q(nlL4d}3$wPvDsOLYNR7lx%gXa2w6Z3B?qJ7kM<)7JX~qTj0tkh z=1Iu4$2ke95|dO4OUQ~3#7M#nYXxFA)i0wq@yZRI&m{E^zoxPcl3MViF?gKBEmyXuqZ*YN1 zbu24i>OS_;GL+L--%XB{L9pvr%%AAfx%CHL5Ft1A&zO>3gs>4O+iK2!0__r%V1NB} zt%kjM{ng}nB4Q#~&-_+fu9R0V%+Z3woG!w@>5gHUo==F2lk&sb^f)3@l=P9+65*_J z;5%~wd^4{8@34tqY1}|4k1i_gA_Ci#UsX6>rTT+rLzz9YP49rq*eD0rhr0mR`GPC@ z%jqM_2T|k<7!#r?E3NvE9+C0{pZeMV{2Y?zRN`P1erw#5Yi715tYKnPRAb3G6;QkN9RxA zB#9nCF};|kJ6aBpf{kTH4e+>?v0)_}MAEwC5FISRbzP$l5aA>dHZouDJTn%rX{(t7 z|8&j_P&)176^8LV8VMl7rcipwl4QKbs}K#^{tFI#vs8@O)AM6#_;XW=#-o<(YhK3Y zxi7+MZ2QNI5}O|V-zgD$ScTIizy06q)>2r9TP0hf1h}a_;!Geg7t11PL<7 zqm{z%lu4eYYWnfxTWX^qKgkq?C|r46yL33;IkLFCg*Vdv{K7^5aFjsdkc}tK?Of_Q ztVAVM+mlQA*tbBSOtHmGRqU!6n- zqb^5E{1QGiZT+UcKDCrL{#Vr`gUBS2#_&5kG5#R~^hJDD=*B;Yj&0T2vpXor!plHl zXZOeX_`L9rciXXkllHo6Al0yNi?MI`8(w=+u+Obm8j+k}KmLEg(I3i9 zhf&eTm4X4KthBT`DY+Kbl#>Mf>!hU|?-BQ1Rz>c+&x>YW2p^GnlKVV^#l0 zvVCt$+%>r(QBP+@iffCg5zu-T-uN_m;oI8uLfx){!71!O-Z*5&Wf-woyu;?dOWqpFYEZ01%KcyhUQ>6ZYO@BQ_-L$6^@P#q z?^|v3p-r*UbA=~hiNKUn=O9Sq=PIcyFt0h%bK(nogH)Fmh0RlGmonhgVZA+rvcNgZ3YvWvA!$zY{?qI|RyK9Bk z^t{SXn|wKpSwnop5fri*jW4JrApPlD@v-RIJURbdaWZ=jf^5kMthrbko9qP{kZ6)9 zY(_CPhZ7#5mx9>Qv+`#S`>I_y&b1|Dgc_&-O*Wsf*>Tu@f^y~$o9J@pjRo76i6fDe zxo-Sj&t(pl(h6d?4?Eg=3J?3^%b32;o>2ZV^DJRLm{O&M(d+^gQ$GBzoJd#)OQM9sIbf>+92dH&`vo=!0qr=Vm zwQ^dv6+D!*ooG&Und%?g?q+1m_(kg6^QIJKIQ;9;wn=2DT&(K&R(3*DNh+mB{Ck-O ze!n01)y2wmyj;zujxLV0ueEmK7{|dA^%DGTH__p5<3sWTJVysfMCmSTQuqVJXNayQ zQ^a8FiRZg$C1QlWl^Rh@=o6#LFMeb~h2YO(-D2uc`# zKn;v3Y@l8Zl&gW=Tm$uehd8V6w})xcV!UbXcouR~QZEZ0816JOhg~Y=>x|OyT70hT zz~z)nVbFD@-&n$ALow>K5~@J=8g<0_Po;6l{Vp3X-3r34;XEU^8-2|Bc-Iap-?cX0 zRb%N!M;ecUjzyB>vp!-&niVCJH5 z_~K}u#-zvggsJ^ZDX{c}2ag-f3{0uC*-B4XHppw%VKjk>h`_vXCL;9JEC8Zm!185J z_|n)x8rSPRb2MvN(f49cc+X%Z)7LuGn4P=zUPxma_TD!{4ktk_*)}-js_!3FlsSVy ziap4j#1+dyqxeCVTBT2nG!)y8X@MAeRfi2FvN@4c{jE) zAM)=o7BO+|3@Ej{X325s|RJfP&f01a%ezUlZi!?5hutIh_KVw zbZ;dzQRjMl?qKbrZ>%)dvr))D8Rk(c5k}glzx_bjJ5OdV^VvIIPZNhN>-vrsNxdSK zWbUZxja*%cF`B<9{L!h7c4!heMd*6+YNE1kVYIW#x0zKJ6R6Y^jy-H3XA+WshCtwv zcjNn$htm1FAs|B8MwY^}O8j?v6~xZl57h<&Ds-#Fmg{tZAe!;=%S)Ymy27a+B#R!x z5e0sqzKdyDsCzigN&G2D{0RuPv5=hWplswX-Q+vGbxt%)syA3a-dm~HP2__FWqtnG z2sZ=N+L$^hQXv|qhiLaXx%t?DqWzTKD%Ao;s}csEEgZ5rJY4>fn-cqnt7&~v1e{!zO`6=TBIv8liQx~n87-ZBm&)k!f!O^ zli-#T5)i31AuSWW966mYlF67-$tqi?q#enGo}lEC`95JNB;#EGRR}a^4h=^^tmT^%{&uC6IMd8C^KUHGM^&u*|cN2eA6x6V9w21d{_Zm_#DlEQbM#!k^f>c?5i< z;rfm64$`5(99xYqw0tXxpZw77#Tt)u`ZB``UR{*`>M|KtG)SHC+-#pKt))-7+ecc_ zPXAOIgiJFlskbBTt>0b#iEUfH;m|?Gi4asfIfLv)kJ&U`CEADw=?Qc3Ao5Vt0v^l5TxvmK$Kg zo;bV}+qLA5hFxC-r83jq+$~&p6zxzF(6MZte)=R9AK{5$p1?DxHm77od&QXB`95^x`grBOLHkH%`#`L& zlmcj$alBHRX%J_~_w^yUB`&{gIalcaLk6Q)#G=1=K&W`)vLC8h;Xs?v4(H? z=In8}>>V|(_;?4g?=U7fwa{>OvLL^uO^nj4bW^F@@6*T{K1)P0>ZG zT>wU1+CJSbzjr5E^9zq%AM;+Z7U^N~ZG#(n^ZphDxE|u1<${C-^qDaQ+Ayl=vLE^ngjGc7 zmY!;Jjv8$~ttwJBg63qCr#hY3=KkuG?}vhAy;MOIi*Wjhb4%W{HxDA4+$L zwraCgSEb>VHe*mf9s0N={d`kCT3@AGjC!0WeeatRis}@H3vRYNk_Nv6pr<_d3a$JN4_=!=B?<7Y(rr7zftq9 z%>N5Dx7}ki)O`5bFQI1aAC8(;!bGJA2{pCWLw@Gb1E@Las==vw4axy(c7Fyn4;oCq zk3haFBx~i8HJHJxIbB$XCMpTXsmK{x4?8Y&xuw+b8#LYb+pIJX$Y1Pm{DLZ+j#8wL z1}7Nlr0LF9NtXMh4AO~!1hLc!`Bq4K1$cP!Kl827u9A|o);lZI1lw({t;$F9+uGT+ zHMt_cE!)1kOI}-G+#djAlE$F3K;oXN38MqPQ@6iKN*tZ!bKz`P5Zm&o9GMJ(#o_!b z9GOZ*)N-|hH&-h?7yIj6`Q{)1#GA>;*HP8&dE~9IVpK!ctbxIm$P1=KgzpYM*%Wqt zD*Foy6v*?8<2K_P2n+`_ust6*ggITcgGS9bE9OGlu!JVX4&Kb~NjH7-^4K9ye*o=5 zx7c)wBBSl^uQL4I?cz*<|4o-&dx`ce?;}EOg`AalvwnDaW z)Ibyp@#jFMPk~w7LA(k(xW?c;pUy}1HP#mj5k7GJqH)82ZS4%I@0WM;t(;8^zp8KXAW{uzC@Ttu};BnQyOen;Uh{h`Z$=hHWZnB`U7=-cNWDOhRS^i_$-dAe|!2r@_ zf45Nm<5o0Oj;hc3vO*!2$U~=H~UjH#ppM3K9gvz)FX|Bh@K)0S>Bi zmN2&U5Z8c{Ba5A!`-W40^^%kZLBBxIM}Y|<$&0zypQ6gWcExoN3&uxM7gdof_tn-y z!HY6z{hoK$CvJ$uFWO>aUP5$YCm0Ox%h$0Lc|sU9Hn<$t?nb7kI|B#nC@1wm3$&AD zrX`M2yXo}jf+#LLr5cMzc$Sjyh_Qo`58s;PcF$_cZyc#bo&|cDlHC@2p0m`g6?yiI zr~|6uZCUs%j~GdEOi~fv^7lf=A<}Y@)WK9v+mu}lAnGpXw1gw>iPorW>-7flbtHlW zo~~;YlpLGRhrm96Ik{y05y`!mXc%pfEIEWTs#w(0C9O8u2EN(%sEMFyQ*zAm_;vf( zAXg+ut*J@%CO==zIqI~qJQ)lp6uNjSe%)dd#i#94R)5X{`BXC4ZVPQ*ZoXpllSGlnW&>Fcr3!+9QU|-|a?{%t z;W2;9$7kkJ1vm@oVG*?0E^j(na5F2QU_C5XmHBF4T8!_kjD5dL#BP?}kG=YatD8rO zrL6R84-x9kS7KVynn}pNO+8H%^IPsJbD;fRDYG_oq&tZ@i2ZP2gO^%^l3NIB1H~3L zWr@cew>85?A6j2Q=pAQ8Ti9Q`>b_Ni#$Cfre9^c>+ol8JT@w_mO07wzUe2WL z@@YQorA5=u;n_d_iEmrCw%{mb3vLMv!iV_Nq(q~2Z2W`~E)DoR0cPYHDkB)CB9AA9a{^I7s z92}ZgMsU0{BerKC$@rq-Z5yD%&-8#^=#-~UnMhrhKaej#a?_c_oPxMKAMaRdjhv=N zrtY?hW|(CmRL#fq<8kR6q6e=H;PL%m&KD1L&q$@@8Co?%OK^}~soMQr-&@%>gR;!u z)ly_)B`vB2YBcwGX|>vvqs(BdGL_=+AhyV=sC|r0gH_4)5uUw^an42W!7Gd5-H3t( z^o!5>gE}gVPZ&OpTyot2qL?{E>9@mQl0m2b@r>7PYCc_;AXa3J%7vSTe{4k{zF-Hj zSb^u7*~#ZUIj~^(n5cao**F1XY*0t}&%U%qcw>fPjRp;Q{1Kq^C8Tzq(k}80+TZUM zyQJ=RE6IWX#iB}b^(X5py%}9At`}V^tQTF|43-x~{h>?Rp(S-sd zxZk^2*(yn2MOnH_WmTlT4N|^wO0^2E2c9;54SB%+wDJ3H_QQZ0z|`p$SGXw+le_Df zCB99C+DoCyUhHF&lYA`R+9CPX8YTiZ6%qoP`jYb*zP^_mcdPiJN&JBE*XJA4%_Ebw zK&X;-YWo{p=z${slheiea>6PGTGP>M_*t#%)W@}{H-^glxxLz z>g}Gh#`KHd-=^R8Ws+O-`;FVN&x=Jk1Z<`K&KudQUrB}4XFbn;qxR+w+Fn?2d8SGlzL4kx9`h`+)K57NkX%>;M$%s~H3b{t< zOA>g^h#6`|E>if88A~TGQ7y`v17p$n(?sw~5I1~nZFIMdmOx%%BXY*r1h_b>lC6HZ zI;;rK@hZeY)dW-)Fo^_0aW|lEkZkqXaI#W)AxZU4cL^AubD=@i=|+N?459!8aq7Fj zzmDSO#+y-)T{US4%HCWz4&+m&dahF=fNFA*EKZmFRA-BY8^xsh46QSvx@LbQE=c0o85)b5v&CbYzS@PzfK zm80cVDNS@{Qz&hqAlU|p_DkA8`;E<5tjDopn})(+T%NfM7_Ckta1I!;o6!cT52sjR zIgfw<{Mmzw>8eUy(X|6%wg+Kw^oFb7L;yQT(CF{K#%F!1b~@f~kdpTCaZI#WOn)-h zH@Qo@o}YKUAi4%gjeNT~#bU;$`QkEEzh%ZYW&G_PSVSHRYi2XRG#X~=33SxIZr!IV)0I=sr;Bg&+N(Ks0 zMl9tp4Idb71aP>QKR2XY7>6ttpwvoV)DK)PdJafExh$gb?U|`HGzf)Sz zod8u4UhwDs4lFD#v2=(8t=(FJ=I;L$ENda7^J~a|+BF}4;S;aJ5^I`s&3r!j9$^Ql%zhXSJ^mkGZ%Z`T7Iwn@t?d zzAbPe%6g$7b+^j{z`oUSFE0_bZkjshY#p~vq}DrauHhx@XFu0t_o$zco$%L4$QGA4 zA^X_Eb)7CNNi()PL6exTRbVL8dAWbkV5FJC7&Rjb%67g!3gyl7C*YWAlpC_`p-wAX zl|Y+k*c20Av;!fLuG_6c^7xelxTW3X{PxG^D#OlJ{`ujq)DiU8Y`mjFja(2w-#kSHm#f9Ph^25wAovGKDCITA~=9 zdz2run4rxQUf0s)`qTA)wPJi$^gZXgsG7j7&jt_y$}y?e_z?m@&3p>$t1r*~#9X2S zjIq=JWAcn)?d1@>yBFrn&S(p!urJjnC>3b7pW6@`EKX%tP3$|{DsMx7~!`gArtxl+>+8}E=c z3ZlIr0J<#bCemak>OLsht3TWevT)yTKBGsPm!!<6mJ}+DAHg=6V@>8(A*|p zkivt9*<9pLG5zG?K(Ug2YXD0=m%!OuaC!N0#)TUb9Ewzgk1cnm8h_BQqBf~iE5kc` zRJ2eK8UJudgCm(YFdDmoJZ5KuA&6CF>%^W=LbkvNcXw~22yakw{2j7>k_$m-i;h|5 zjNI99-vN*{sJTWUd#W-AnLR8H&pX3GW)1~n9GS#lpn_Q6UGNfy?I0KMEbtFz42XB; zxjYGjU*ti$ft0R4+9>fd$HfPvD#BNN*wL@>9Zp}Hk9Qu8Z(1o$RiQvl1=)+Ious43 z#Qn^rvprV39(iU^l!r&jA;Vp)AOcvqG<@+zdbz#OKHGT+Yen$Fd?v7*;3<5-;4r&E zw-kveP$5i(r_7SJ)Eq*igihjS2K(^;$^MFj)$p1YV^UEoxKAc2L6805-tIxJi(OM8 z(G%Vncix#pis?97to!|;w3sI{;hqa6AoVvm0by563*YKA8dwK?cj*o-8nN1=*E>R2 z_g&u;jxOjVeEhFa`GbD$OJ01>@bj34P>3JvZ@_@Y=M4y#%;%UGI<|hwrJ1rVMBjUk z7I(9thSiU(-oz;(=q|_{JLPx%M_u`Qjrw~%n;Uhfnt~kBs8{+F;_A$KutE6p3k-B5 zSB3NsCXRf=1s{HeiX-?iUt`5NGY=o<%zm*W3wf?T*_5pFfnE^(3itzlgg?IB>G;FA zGmk%Rc{<{c@}Z7D%G9rKNYIDZNVVrb_>go04X#*>6-lcY5e;kXlfGrXAmf`4)dQoA z!;8FK4-VP)IBDO5{R}$LAxbz8rQzR)k@oc+JDSbw9*fq%0 zu=IHdc~~LG=JXSNcRPCS<$_7;gc;~*_6~a5FEljUsCQgfKmz?O)~_sT5f^LXOU6%6 z2K)o-rRallm}e6_U9LhwtmvtTlE-b~DESlb>Zx{~!e}&x7f2g^))Yo3HD*x7;OHC7DUvn_?r+QhBki9Fwpv(?c}|A9U@~uDUy!B8Tuf;2`K#&w(Soz%eRyQLm`VQuN>hQ_1H-7j z3D-Ea*MzDtW_5g;OyATiyaWrywQOh|k{t8;HDpyz8M+{7g6N(@= z^{oic`!mS>gDI*4{j}QYCw-v`d*kf?-6Q84V%#tM9v_Zp!z5O?F@6#(1qiP+ggR12B|}+0jaVR01r9nyl<1+`AN$;$@Gpb!&nvAqIoLHc0DeSk4fz8BIPKD9NO)WS9*WqAHl-?Ae5IemI#jgxh6z{xq4sxm%#YURC0( zYU{5%vSoi^cA=Tae3fZmCIVy29vb9nIPn=+n3z||XT{uh-QX6-Y+ICQBQqsCIa|Fb4ukB5hZqc{B25P5Y z&+@oyUnZ0;4HrKJEtGmvfPbA2r1OYC#dKh?`9~1D(#9zj6npd3pTY?!Ap^psF#K+X z8zqBqoAh`OIt*`W#bzT(`Wy5-qWCNegBSLxanKq}%*wKYcGqbvhQIVJHm>v^R_YPi zMJ?mwi*|3@__dZXBsTKl6IRRkLg&}h2ep53eBIQVmVM$6UdC$K7snshvP*o?sl(bf zp2!S><99o>-LmAdkFfso{Y=K-Z-(Z-omwicC^sQ`HaD>X3r|ndK^Y|z|9V4_9RL$v z@FdvW7rYy1=lI#|$$A5{V1EYVtBcn5bV9%#6nTiaB(0WR_sk@IVxu1CCk4`F?r|(k z0D%bZ40k{4BM2^+6812@0$WlMX!07G`0cUE0bkW}h6>eLD?#kV6SR0B($Pj~xRohL zV?ASYvplu3b<@#g9ok#L=<6l%1<#@^qiM!vz!$_$`}L8&KR@5SfPSC&2_wh(sfd&|u>LCN}{3{pBMi7Oc0h7Yd*D22)U(F@7-`sYljfxQ}3|KLNff*|^n zKfT&r7RlW7a*f@>3o`Z;rn5e@1RLnXlFyxq3N2V%_Vao~N=&f8hptVxLHY1t9qa-+ zN=0Uu_;`B1GU`cvil#8GU%aN9QifbUB)pAWQo-fgw5Dc2REeQ^t?`cf0 zZA3w=Vpnw!GEbhNGfsxLy9qTsL}Z+iDrR9s&LRmuv4xN+rRlP_+N2|$A7@hVAQnAKsp~Aqnf3&0CScj%63~MB#S8;fA*@@Y~)lY zQ6fYBk}}j;d@05c2K^bmeDI z;k1Xc@rroY@1+{}h|FpJbSD6B@C>Hx8;v?#cj6#NJjFXFnpQcoQdr5J$rSJWhF3PY zNZ@-H?iMGGtu5l@^`~w*EI#K`VT%zr@cJP=Qf~?Um(-CvWN{;A-4xQFu6x|2UEh>< zJwLi;4x#dD6o9iUraKHD55A?eXxfGp{^gjg^)jxFRy(6)_6WtQRML91BBv5HC|1i6pe0d6sx)E3BUXAS9o7&&k?}Wrz4l?lH>IQb6Z6kaCJrvQl}@}age72>wd6t zu>SJ!QmBI>Ih9DJ58U*k9Z%2`{(6vB!UG>i4_`%gis|9#znpytI!D$CE4H4vQo4`t z7mAl~2`lxBOK86^cC|eR$yeElKwd$}d5U+P>(!=}kv4%n!*gg!s4W(r7Z{$C7#a?J zOxHIhQ_(a49Y|caBv?O*Zsi-w*c4Md9J-S?HWE*3AehpiQ)J(P^mZ^Fea~5LH=S-z zJr6p6p$9?i&h2D1VJq6x^x2$$>93;jk24&bn9isWn^a2wSr@5ef&N5d8^@NX%Z|KK zv$uHH7&V!iz)IUArX>fu!|TbhbtyBT)MHBOpx&+xS#CkWYpqVd6og_655MnooZ4nN zgsyp6>ov00Yr=njlxx@FuobAKui0X&K>>HSe(~aFZ34`6NpOYMkm6m3sB2afSL$`H z#ot6NYGAelHHh7EcEWHK-q7Tv)o9jh?a%g!AS}5ZM9Yf)sCAo8L6@WrFj=hCs~z3@ zQj&V=vouS|&7AGo2c;U6yuYtZo1|PCJp6lMh6K#gWNrGTRwU6_kdHs{7_SM&0kMu) zAU6DleX_urvc9>|dk2@^m*lJ#X{RkS z&)b3-NW$Y-=7Q;1P+= ziB0LUxIlQ0^DI*n8j>lk0mEX{Z?oDP4w&ct(siF=82YuzvyFO zCXka;1z<~}0#SGBx70?(MY#cR)oLx(JUGL7mVO0Ss7@IUGxNPYud)$JuY|irFxwQo zC;Z{R^2f({zA(qT$d|K-{rKZ##~%slOi~f_A9zX@@CSWi;eK_2;}7nD8edNsV^mxI zA>xmAxKR=vd0>#p5jg0Xud*!L@j)FT%C>*Up9k%U_Qb&+dGucAi1v6C3J}pA_|y%` z?MMLg)}pW6J+Sf<`xDk&Da>QtV&_E#z6A4Iz9h_#ZRv-3ILHQ(IZ^@*bd@>G&%exZ zOVXz6Jz;49kl}3)f%(}GEb>M4t0s!=Sg@9o=twZ;m!(TNRp@ix_oL5;LR>*SLo?E9 zEedF3wFMHzkyY2BJVmBw-g98WaM^WN)ERHyYIFqTu7H3?E{q7+8;XFOtqP3BVBt64 z)`5VP%?>HFd4rTFWp+=lXxF9wdcs{kanz}>_>5Vl2-D#emqLlZ^@N{(oL^>iZv=Hu z_;SIU@Pfsl?Xw7N{qS)!{S7|H$NBATKFWv#_>fK7fGfvMx~kVR918P>Z4zmM1xdr@ zLzJ8oP3cvH28NE*h1Iu~tiDacQ1-qhkWNeCo!hM2#Cg@fe-P01)t?;2`@z4LlQ$Zj zP8Y}83c zW3d|!6I5H)ky;93J8NUVVF(p6=#W&pNkuAk)vBwi@b@|{hg(yE=#0*hZE6_v)@>bV zI33ICFofP=!>Q>1#`>S}lU$VNhsSGb2up_Zzim;T^A~|dW$6fu1^AnBcA+dVlD{p- z@m6iYRi!JGe9{hN+>VhNs-z_+o*${NbhiPWZZpUjf3<3%&9m{v@B!kBvm6coTmSR^ z$Nraj>8nC1{2;jLb3KAWj{ zb0NE}CtwH{@mkPS_N8)aBJ8~nM*U-?sRrSf_^ieB1I=K}>9R!nk7nRFhS>h3+kJ-U z3yDCi_;mArlJo@iY!a8W3t&WL*d7Zt(P78ed)gCgD;^U5Yl&;j*dh5)QSpo6C^ccD z+iDpvgII5ilX`G(btfXO^i>!2Rc{x_f$JfB;}48){{nSZD39@3Gn_uF*ZAr*zB;wt z0C6icAk<_3WaPem@{^Ib7mPt{-W}pF=~UpcoPu!22fr|sH_=u-cyVk^0+oGbDhY8V zxoMp-DsBqO-nv@x7*_rt`krSUy-5nW4apRIbmm3IN5z`a-KKtd1Atm*FeQ*IO_z*y zWyP zw|9ZFYdZV*6LL7naYh*(CEih~4t1Gm!UW+Y5;=*%#C3!+EoGGIlo=g$>5MtU94DJW zXn0jqs?AG~sz#8$oe&a~21SSxm+C(6(571C(#rq)d)C_LGBYXd|MUOP=acMp_Fk7~ zJ@@sjTVg9cAiSf=4NO1U)rNvuNTVsS+L7nFdeZ$p(HDT!mod?o{E^Tkob(H*^X+o( zE7g}l#@1c9c*m(4)OWtuEOHU=XwozAPsVe-`km`pVbtighrIGH*lTdDACDT!+}t#5 zn$l>d-Rc7!q&qCFkuE=a{10#dRl^hCmErL1buJYcwq42%evyU8zyD!TdZ}SrjWFd- zA~A{Poj;Z~dxZ&AaK!=u%8kmM%NT4G+gGwz>xF_}-!M6j5WW5!A=DM_Uk%}2*+zs* zr-*M+7R@5=LZK$+ox{&;I&CwShWsEl+ujNN_gg&R0X3d0Pi3@Nm4JJZn)34$!VLQW(Ez zKC@aFu1TY1Y9U}N3;Aqz=|aK^AGLmQkaGgDdeu1U%_|W)i6X8?MW9(zoRC_V8#h7Z z4lYR%SlE@&7)*W~oM&h3c(*657E|1Vnmq(bR=EA zH}(mf1}5k(JB#26u#QRRE(L$%H?+Mj*{e|xYl}w%u&z$p|Ast^TW*D zQ+}&d74^@-zO>kUmm7QOr(x0k3?G?KkB=zycmVvSK?cPiS_syokS>oc(nEA?wz(RI znw^siciAqu@MHFp4!@{BxbW|mc&lSWb?YC5D2OKCG&d@Kv=r*8((&W|e$-9F#%%20 zLwiIU*tS}sL~5GiNF>NDT~Dv-M5#1uXfFGjFaX)L@+Ef~m^+lC!>gSf2tlf#-L{Sz zb<$ZTi(W245j=POATEQu3OlTRZs+uPAK6bjRCyM3nZnEO26@_OyD53O(a8&7YG{sq z1%5MXw$Kou5eSnCTX$jdV6K8xa$)TjsV4P{_}!Q{jNG-+I zyk$>TDrp(so~)){m0q%e^F&_Jn<^bgl54C^=UM=;oo&)gLvKiSTcl|G`b*E({jyt3 z+t@d4x>R)^U^*|4CZ1ya?{3Q$6ea}5s+ato9dk(}O5C~`5 zckm&wYTtoz@t%*SKYlg6WIgCwp*J<@;r1kKKa()wXM$yN6zyk(NK<~@lRdY zM6t~dscs!{$f2moAXaHt`HC-<-SK#Y(tlCYray%zyl99z+C3h$haqTyezB!sUGFtW zK8oY%CRP=WOwL*?Cq!b9+b;Q3mZ`B93}H+D@6hyc;cm0^lDAkg^Ll#E7t-3L^ljxI zza}~BO!Hn^(GJ1H5$P<}4p8IF`%s-?20_C=q!TJQsi}UNe7jNO>@n^DJ)A&lii12g z;mj3I#UgXbOh0ujit}Iph;&!q2tk(;aRa+c52&#PLBrsJfH0@JplbB6y-3d-OtF7U`zcBc)zi|jGs2YQs~3ywt%A7LS*VoHD)-E<|O z@?S%=A?*u)ah`d*rb;^ioJ9b1SlI5;NFT&F&EP-t_5ZKW;oKLDNyh&SP4td;JqF58 zjZj==^3x^IocvU$2g*+c^5ZOYpIPXqE*qa*Sk#=t_ zHf;XAm(}xH>n#bVPYSvsh#fG;jdE<~W}ObmD`=81|GdEVVqdHV&O&pVmtp1^<%CBd zhU28M^l+}WXPvqFg15Shiq%A|mxJ-x6RF|c1y6%${2t6-ti7IT++5;fJyZ@(f(IgW{PSk2CH03dTrJiG(s&v^7-`g7G%=FQ?dtd%W0-h@AAlp?qJbA7Fc z2*R|?7MfW8S#H#VBk92Sm8^NAq9!I?+H>P(oi2y%kq#inXWNsts7gjFGGw27?Dt^r zFLK{r{hHi2wFSa3uk!AGV?s}}z?_(=XGuxz{ZSBvaB|HZ0a@}r5rurNZk8ecTpAWNOmXzVl!vNE%Cef`v@_vDHh zO-cu&Ua!_!pWJ(Noa*({rOED-^%V-Fo=C}+%NdIBU)V)6gB}tPY2eO)iKl50k?h{q za`XOhP;z8ST{i$2lf-^KQR80*I%8`cXb{YsxW;sLIwR-}UlT!QGJ;Na|3a&LvXiiY zFf+!L`WmQDXcayga=o8&h4y$<1M>6xzToADQ# z@E3rD%Tlt_8*_tIgcjSsuC%#u}t+%%T#)-CC|Z93Pbr%arjoV}!HdTnyybn|=ciq&P4Dj*z@s6U)4 z>`b@obat0UUp7hRav1k*;e}3TNhh=Xo15Z~uA$#D*)6M)8$RKT=C<>b-7oWl8|X)z zHQ`)tpnp`q7EavakTdOWkycidOsa$N;G2>f=U5XZHA)xy8rv?4YHQ;(fnrU2X?)wO zf~a;?pg*POT1qgBUAvaHKbDKdT)&zLuW>~3q-JI5|KD_WWXa^(cV~*k1hM+>WU}K& z{JWWdH}dZ~Rx9aXG#=yKLx-aAOTnk|O7@N_F}E2v_WO2K8L|KGmh|{?NL%P_+c8m3 zClz`+wzQ{-2xlg!zCJDw)d(4EsxSF__yMHP@$VV_J;}ev`PiV3JR9}Q#Xgy7)+>QDhX#$x$}NUpn{$v?xEib1%ZQP_r3OOMk6cWh~{andUWZ{-z8$Y;E2&H zURdS@{iZS0eq%g0>h6;j-${1cN|!9di5cxZD3Kg%0&*v}uvnl8?S-^AHs&gSKwdWL zU^O^SMyf1rb&;#`O#9T*l+ImTr!OPzOM6qUa=QCMbq~!0RDFC|0+?;*)kL*KeWruu z@v%?w5U&EqFvloOR6S4yu5B!;K-)XuRUpQNSX!=u`b?!-eTn}&*sH)d_j2{2F8yLe z6xpQeTx_1JuSU_N?F_W(HEP(^haUezGP4@c37f?+0uTLy?c_27zvbPSKI$MO(s$Wb zCLajO)~3Glr$D=OmU!tjP$3VHtwwEIIsyFy{k;Box9>GP=P1Dy`~H<*r-j71_AnJb zDV~ds1U9&RdOEwc_9AF5YgwuRAd!kxqn^1$coKP@WM(U?u0NW;R02U(s3yLmuJD8t zUEdq~iCP>lyH8NmIPPHk!Ye{9xfHwu682OD%eXI$r6Z%1&We@Ap9!D4F~3UEYwyM4 zAD#d!x7(|+WMyGX_!h5(>AHMn+54yLy-muQKL9J`Un&!(c|+v5#d1X5xw0%reyTnO zl^xel9rg%vFf6}|Uf_x~@dHFLrm%!LNkOdf?E_&yjO-7-=&-^-Lq--ZgxM9y2x5Oc zW}4+u;rQOFh2;)>mFvi>Do24Rn7+lM?-<5wRZ&gZsz)a8%sSvH%~dr8r4FS~K;ziP zteNIv`8pH`Tf!hC};@KLif^o0R;U^7sWj`Q)WZqDk&zP9Jg5 zI(-;AL{j29cdl#Q7Rg{1jgs2DZAS9JFPzo6fx~yFCKt}!tYgFRZHGRjp0c7~55w35 zwFhgZ;T3A?OWxSW?0SQGVtY5gJLhB^A&|3>TA+jdfsvX;rpKZqg z=WE$#b_@{mo2eZG$xPbii?`j)t!C+m8;(7u;fQHRPgYPQvp3)RZxESlBnh{d;*$9teAlD6X#NRtwvimb{YUD|A3`JH@SCAvJvmA#SoBW= zPWx1GTQ510#+W~_uyc04zZWig#?EeW3~S6NdW65aKr3$W8~CNwa(_HdDzVqx2`mSz z<~Ud*MxEI??w!T6U~%Jf3ueK|g~iQ@*wv?!R}!9UVULiO8b8{%63^|ZPXxJ zqO4NT*Cbw-TGyY_3tZCDi+q~RVtq>bXc{(Zv8|%i%18Kijr?*}CqCxG?<_Nns}*er zmh^Q{l&9N2`PwUh2kKl7^a0p!GRV_`U)V`E90Ap4c<^h33!wL9AXKUHm_S?RZ3koy zgVowG1rV~d*7v}jLc^p6;f8lqx{H&1x-XYgPyd&z9{!YG;gXhKS(08IrGwZ#i?yHC z6)UXfwOatxj9U>bKT$>0ZB?Jn(rqCIyJE0A%uM=DwEhH?RBNWf;LT2|$i<$RVOC^k zoc5|GuIQm0GV0l@bE&wFQEI_phz&+JNHw}TbRAc5kt8}UT4qkf{<2aBkL*b#@E7 z`fz_{CWH0*(fjon^;&3{T5KB8;?Dpi(zXcu>ZSga?sZ8^OB?G?@8?=d4JF?Gi74UR zDPdkkX#ckl>oo{R{Wm*z?v-83t%g6;i?XUN9YjOoA*pohw>M3t>IS0{!^P=U`BP1` zl+mR3XpHP+y=UI+HjkID_@icuc*)r5+Ul9QxJC*7lwRwSmL3Lv^+(skxvuM>e$sUn ziIfY50_&&)exmcS{ekI7o6GNqAmz;XE5F*YTGYYeikML&*zw1hyFxc7Rpr}csmX({ zLPh2-{}299{%d+KJ~-Y?xr>b%yl91P>lv z0)ZU@Qx3tG1%bOU5I4!SWjY{n<3X^k6ij&G5ye;q_RpzeojNEWbBW_!6P3KFGO(AW z>h#QKpaE;A%F99n=&a|H*X$|5;>NAqcjMZ9=UiUxz;naje*lf&g{SfFyZUK6@fZL< zmSLdqEN=(|;9smtUMq(sIqN?6igu9V4I|nra@oih+4^#|)jJKP&?T~!1 zmc4xqC$w#yT-dT1;lATrSF*?oj8wa*EyU?&`TO!zf>*aw#I91E@1L#u6hp|eFDt=3_5{Q07y)!X`MXN*EC zaF*=;hOCkTH&mASs%c)XhDx0Dru+#nxIo7bkQ1(%;?`qV>n9$b`3f?xFrqn20OoJo z&7Fdiym)j6We4wH7{55O|hLIF+ZBAxluGDtP%tElEex=jF1=!n5fqeWYKbTgS_-xYTC>_yM2)NxsmdiP z_{eOHwtxV*47~P#1c^mAJA37Pz>GV@0(WM$@ZGsoa_F~q2r|Rj3I62179V;J5=#$K zb8>aY7ru2B37j7<1b08lW!D%^wWL3#E28vJEjkKFn9jJ}ooxnH;6=KgHb|6$fyn`S zhIhE}M#-|QUG{UuAeZJP{hmL_aJWA{&AF{MOGGUYSXai7#L5DB+tSx2dB6lqf-5 zIBp-=%ma!4H;mUJGtKB+Aw zl~hHz`-}mkD#6HIs_s)T!X+Jjw$&s&CySRfmLhVIO2*@pM=y8we61UdFEZff`!#6( zNe}w;-UU*UnFY#QYO?3p3r$^oPBw-q4qhnW;Y{|q{PIB$nd}qvbK!K31@|U9(BnPuEy|zx^FX6?)Hi%ySvQPH@4uAW$bPP#$+oDUelghvJ}L6_tna84C$8R z3)_Ti`enme)o$I+KH&P4b4&H=b5m>T zbH`L4rHnH6tge_^J4Ms}b`41Gq%>I?IJ`f3&Gsni`Wyk%$Z^tIn29;ey(7aP_0!vY z(LqivXH&@VLx@Lpf6hHZXKpIKQ(xOrF4Ea*T>i)DQuIx6FEd!=!)N0|gira75cMcOfP|e>HyEE7QsenP4Ga~42OcCA z4IF;QyewBFf3SU5FeHebb%?HSr;dM)^_n1;xc@M7y|~6wd2qbg*&bBxGMjT!7Rr)> zt`6U{&jJR*k-iCiQe4QXoqUE8E{xq|R+x2OUF$Y#t5bBk1}Xw|=5!P@63nCg^**Tz ztyVA<@zybADgxZ1UCME5^I=j$Df)E%<=(g4GwKt1>PJ>5dhPdz7WLZG>IRMX=_%Dl zk5lGL{tM_{xVj9w$sRgj@@wqyT%MMV5J%ef{4SF8C-e6b2;lK^_n7M*H|v4c zEl2E_KB%AX!m$XCyaMa^uD6b5_Ayg(AI9_Bh>3^34})>xTrlm%g=@g3wO_1b#=Z#9bnZe}f^#e$@Qbtkr8>C_YxJ(q zWvNx#1RZdtk(4Gf(%y5c9m+UnRnMuTPuDrcR)EDaTo~g^@BAYyT&2ZP(5X&P{mH zytUIb|0FNrH|DLK#w3#uhGklKql&FUDz*l?KT2NHU?0R-JG&@b9WRPew%t{eJL^gn zC-k#4%9h!PG)QMjFx0>TJ-gPk6y|llkyJu>{=joFD!>FmkPx!5FELnHpp*Ew>aF}ctUJ$oj$}oiqaTT4a6~|nkaC?eYsTOxt#y6oynT9#?FMN*nI%>tN$AJQik$~=w-eR zUFlX>wA}#n{5s)PM!y=QPYyXceo8XXB7Bu2rvc=gEljg6LdQg4 z0Ekvn2uZ3FgdjDuoEaeCldFtd&c-U@R@K6)u za7a!w&E(qYX#mNU?>|-oTZCkKWf%z(_kIkfJG?h(*vdM@xZ2d~N51MXt*`yJ1J=W> z-mjZc0E>z{_zZZLeba;YcXh~f&wPC=0Z}a4Wd2={sQ-;R$@cus3$+D_k2`!V_ZDh# zowQcqzw%DT|8*yy{D@Bew*_UQ@rdiBt4*DJY5%fL4no30|6L{W6JQ{wA3l<&wkrP@ z_XyqNO&(%-34S`b@K$Wg8ObZZueY5WBt^;0x7`n6IGJhU2h;CjjN$p?_(6@6-D84# z9N-@N@sQ1L%I~98koen&hYst1UyLUGD}hhxIZ*FH>$wI?;v2tJEU6d?_(mufFB+L? zBWn1a=L)eT$v7tX$;(-E?b29&^P0nlzNmJ*6NG?kAYeg4*kCo)*NB`as9 zqx+YF$Yl!UO{F_UX^=F#}{s~lz1UbP%7ZgZLf6DVkP}v_Z4eQxd!u%IJOUS#d zVd6`Cq5Vups}T!E03Zk%RPP5*7V5oWaJ`fBsy8Z>u4XtoJbBG(!e)L!Q!;b6Mbzr$ z=5pTE4rDOjIJ($)*aSk!B3xwyj6bmxNwXXAQlnlBR>eL zhS%;DO|YS%@O3rthP^4q{O*`l@=QC(+`oH0+H5YVY3xC)Cr9(NjgQvrTm@v**I_sol!ncdd;lyF1PM z+%Ek{aT@m3Waj(UhD96vI*G2exXiZ!XmL(bdc0&#vQs}7&QM&f4JvA&>nFofOok<| zx=AgK{~+0Qr4r17X|AeeT6VIg!bWH+Z0r3BQ(+@3@^6`E(<=QQb?oAOP_9Kti6u5^ znk!{B<$s|9L2T)z-l}ZaU8)$eNJz~-FH6NosSAm@`&vY#747%Hjp9@op)eWM#YaCG z^;H?09*TGyQ}Y9vljy9@Nc6ox_(Ob+8{kJ*Og7DOQ56;&UHf~rtuW^uN)))9F3C6J{+=fy(MY^zcbJRdijSEV-t%22a&_v432SyD z{<}tg*@=z0*vr!y3YWV5TB-YmYpAHLFHVfbok41yV>vVK}2b@C57Cx~54PB(sP zVbD!$kqvPm$q;bv#hFe7OQy>Hy1ipu)UA)m)rbn_W(1Wld|w1-`R&$zk!KmfcLtPP z;=a8L1b^q^0>PUhE3=Q+^RblRR z0ylq>XEcj_SRq!yJ}lQ0`{16jgO-Xp5ni}&tz|K$t=!+PWRGSFjZ+VMvfwWuiZTr> zI%UB~^4bxmyZwNkjTZJ^# zp#*>M^Vo{W3YU%&_Wjs(IMUHJsqgJe5KEj^5&$1-^;je@^05TEMZc8@FSv2wn&d*C zfz=#zV6<`6z`icp=H)wDCT#uk9db2StJdsG>5u!ht26tC?IB*Wev9;;uNo~f6BI}2 z+$ispL+Abz+;(o1x7x}Y#Eg&fpxfTym0rkq^?m{EVQ+rJi{ebqUHmGU$eFF53scd4 zon-ehD$dd4$;@t~#`KMO5_8{rxpAP>WjMV`^$&D6TlbE7g6cJI(_zeyJO^S7ObWZ7 znVaa>TEi=H5X27jH@CaFePjLOFVMWH8?~|vr+`<3=Cktbe?p5KOGBoiDg)Y?U}5t0d<|{;@@Kn8lY5+8QXdHU%ot=Gvzv|JZCMEJlZ-&x?MmW) z7F;iWv!ABm+&Fj1JRd)GleW7K{igV?x9MOj?h_k*&3Oo>ZdCZRQQP3T6q~zyrv)?3 z8EZHym~QK5FrbC1tZd|UG#*8KE!ZE1(9Bqa{IV9t1?aDB3f3+BTmdv{sUu?9RxLJc zDx!Y%)rDm?$?l8AhJ435MFRk{*pZ8?-t(o;yLNLcji$O1)`z$&;+3w$jlzS6HBEwe!Ih(-pu z;7qly%xl~oe&HMp3NNzoqK`JiV>DGafHS8m*_1ND)UR14rlZWFLv`%Bj&2Mf~z z!@@B|SXc%HPEw{8=^2b@l!OB$wwhk!Gj7wUGh0-RPI~}-?iSkhJ92{wi??bV_cAWh z9VHSY2HB^eYj#{DS~48%;GwM?{yZ0$&ow{-gbHV*QcB4~J93el!pXFz4B~5}rn=S) z@4uI-x6&xDovqf}4XU1PBnPTK{6G2-#ICvDRp$tA)ukYxAV08w2{8>phZsiSh1Z`A z9WFzilsPCxdIXb4uXX;(i)OIilZePaQAP4k+%tB|BN2CaU(&cQ!0Zd4$UkA;U|9H< zrJg(d;MLeegV)2<0(nzHNUfMvGU$7@@#@l^Sw&}^XN>t@QPU7BP5~3BiYS4dqRmIT zB95eL+;UV@l%Yup>>CW9>OVy+V0_HGR>OfpYL1Io8Z|Qny3L318@$qi z=~I{|{06&dL=eWa4RlO24|FkuTFvRw>G7{z`ric&=z`xni=#Dlw~Z3S0JQG(X`qs` zH&;(yT;tY7dVk69kT%PHGdYSQ$*cHP7)iFZm#%DWtu1Il^xGmb>QB0^&r)j86SQ-w z=!|O-d-LrZEsOM?{*baiw>U>$H59bxfRgC{Yxs9H|E}cU6>6nW#b<0C5B#s*&=rc} zD7t2&7|{TL|AS`2YtB^shS+^U28#S|`pBG=uCn`0;Gh;m2Z?rLmu~P!84Itfg7weim^$Q4;@Ddwf5^MU3wjjVrtWqT zpo0Rv;g=b5NU~Gxe%9S4CLHCW(y|G$vZ4+^@y^U3-0gXRai#H`ppY_8j zA3ItoI>E16eKDWH_aHZF*R4Skhs|Vc$_>BuR8`rMTzKKwROX{rww#`#b@**|99OT9 zFmMM}W<{Z}lR7tB@4eMo^ zam9}(e3^}m84f$WR%{*R^cU6vhQ zp?>7Xb?>5Jz$I05|G#)!rMEzIZ?p6V*X%42gSPl(S_&!ByHq-RNHGE!KK}(5cuEPR zw6)T|*dBTTpl~>cS@S3%N`6c0NUSn0d?$9)1H~Xx>rWyx$DUrj7RViTHNnh>ma2jQ z<8{*q!Ug=?pj8_9!~D01k@c{CI7`wVOoX%rfU+aKS3Pz6elrbK%7q--QXRYNkxlFA zD4R2u+?Tu&y_-vX-yW5h=s}%TVvTC$sR>Vd_jNPuIwNP4Fpx4M(vHhZki3b~g0746 zaP-rRzWW*e=yZCim2Hv2E6Qup-e0fKKK7o(Ky~DH`XxxwOF=3t_Sly`0Iu_`sR~3#0N_O8Ztzv}l zTDw_t*7^RYVWInA`{g|d4`w(Hwva2N>nk&JjfqQg(1}KZ2Dru^rm>dBBfUpE@5D*? zrjd>GVj+XX`a@MxF^#i!bh@UYe^Eh27^2Y^>fFGNf%$E=1m(HJKeqUHFt2m%Xu2RY zhi-?^d`4u3Z=Qne)-#BYWLM8J`StfvUI0RoUx)blt^<_^V?Z9Ay)S(1_X@Ip$S)Ci{RLw88a&9EQzy(_= z;>sDswwn>Tk=Np;Xo<ZH?NjG ztGq>ztW2UUXH9(Za!IT7KizSIU=jL<%5f<--LxdZ5?aWZr?+s79 zu9O(P;SpuO!~IMnrqi+dep)wmZmT!uQo>~}apkTnnKUl{*iAr|_K zFfQ3*Xc%`Z!1&`U4aREgA~236ZsNeKECZ`IjFtTkZ#oe$zb-J#@Rz(&bF<~}4T-)z zHUZj|M@8rx;Xs?nIW^ni3d0Yz%n{ZxM`#-W>zE@1o9AC!ip_LZ>tG6M>bWFpWmRuD ztt?ac>IuL;B|`B4_&0GrtJ4FmU%_tO@QE$F&gcR2IWGq>Y!N54%X4JXREMo*QMv$w z1fesPa(YLpCcUc)D?V@$5Aa`LcRn;rs;SQQok!J$y9?~W=d%ugzfGE}e7x;oaKIP{ ztS8&1G{$a0lh3OljRUT^X0jMj6jZ@5^|dNRBD|~a4fEJM)biNOA_lP)U-NU`TXOZW z`WaV^b@DnsM@i;ClV%;7@f|++KtU<+Vy)TyCm;R%=RSH3B!nGlwu!QQNsN)g1Ss%> zPADC(JF+`Whp&2Xr>>uvDcuMXS6W;0Q~tN`?Miw4v!+ThQCm}ylr-oZRw$W*lEec9 z0~zr&B6<(b6m}g4eKh4z>Rpuj7bd?JiYmX4!RW(4@M2Y8VSOc06(y>bKoQj-1g2a& zdU@e`Mt(sb4?jA@nRFaeKW?ZMQ{`wPHNRr?Dyj(7e6x%UAd;uZ^z}#DHgL z)a>1`@U)+DJ6@5IvMc)Ma{t9hDKy(Mcgt#W0oXxYZJ}g3clB~T=totqVKfUew|m$) zZ~SwYZnrEo+R}ykvgy(Ne^t{p>8#?Z;)K_>cA|&%SB&M}lGY35!j~H$_Til(B#7{?bth+Fo*`H4`*jlcfsngh4i4F4P zKx$fSS!V+(5$7Mj;x+W8cB!9;Gr}{!D-VqK8i3|(h&owip#&K*2NLhUJS=oG@gQ6@ z>O+-2;EagIw1Y#9y0V$xXe%wZ&|d6V&PZP&{!|^*4FeV`uMVG|P`;_w^KAHi->BtP zNQbp#1tu-Vrmd&80Lz2h?yoPUnP!b)I%rsbO82;=r6unAD;wtoiOuI82>t+qVML4T z{@jTt=1cN`SnV$uqFMqSm zRhug$#tUMtzbVndHm!O6pCTPhVT+3(g=Fr3P-^ZbA3HeYpN^+2c5o_H=MwoX&5BRJ zvQE6o#STh46C~1yx;R3g2nnH0r48f)*uF_Up_UCdMsb8)w{Y64iFigX*7ua}?3YyAXbjV4t-zBl`u5lCI{Rm;b(l8=wnqCd^OH(dc1 zaqq9(ps~9Ys{&xs#tzrO8?OJSzNuu_(rV^;+|ao?mw0Xqb6{%F=ZuL=%F{LdPo%SD zUg^R3M*Y7Cj~9@q545JG{zAY)A(+rjA)cND?#}m`kUdQyHtHEf&)Anw)ihhiUkI8R z-E7$qVDyl><}N9rW9eX)zvD&fa@Z&8NoI75vgdl%2sgRjP!DP7m9U8cZ@Tru!`2x} zV7OVn#0=TZWM&uT%bl!=fn??qOm;eV0YqXu`X{WD8qbT#xy>eau63qiPkw7fjR8D| zXR7DY(I>e{Lcf+NmD!lg93n#zEFQg{Ssa zFI%}Wf4_dRgCnkIz#toA(4Gz^5!Th#b53RtF83wcr7JC;PMb9j zR%?mvhFM9XCz$dUTZ7=ytFvYyf1?G$Xo)5baPq~&i`N&()tVgBr;3yz{|{+> zuN$ouPoO6KfGEv8^`~@8ln!FubBY+Xa)#0W`rSZ6sJJkyq7Y)m(70IpIU{0VrgPicB=`XNZC2_om%Ifi~qq_a;kSlF2CZqfeFO_rVI z7V;rZs+%a*tsfsmTdg&&Fv z3wO^;m6ig81eg;jz@!?jGGqnpF81I&;A$=&mwC3YG2Hq<*AeF}NQvTAgT7G0N#Epu zXbx3Gy2}JMGDx5zvK`hkTwXzD&UYH)0E~(jrn7H#d|;X#^;>d(7zWwx(@AD3t>I`n zyx+@Ccda(zpXqO7Cs&OH8WjiM&GVhcm6KU9GS8>}n6rY&aq?&-$k zWcQ_d7sT2R5bvS5l7AQPJ^9HT>JVz-y$b3T@7WUii1&2M&ra+v#9UoWuELR|M_mw+ zoD;Ae6awFKVVhZHkJlv`Xn=W1Nk+2wo9x7E>79tYH`uZszzX5(_xH zIkJV~M%APGREPeQRy~%+CvDXC$Osv;l*mT-3GqNDv=G6uT)sy{hq4ATlGsO8<Gw)Z;SZE^%Vz|Le-#4ppZM z<@9u|7aKU_! z!~tMbV-A3taF!BoF`Hd<0CqX+KXw2LK!W_(eTMvf(>_A`&A&v*hr8BT_fm1e!~UoB zB0{pe!=Ou?IMoq?4mA^zWur=d9s123lXsXnVy-e;thS6+S4{sbw9?q9=qtp-UDi4x z38wygJPn^eLNJI{|FjJY{!}l`lMpznmI-rWrJ1oT7YeQ@2rVDc^-O@B@h1ZI<6mX+ zJ<<*(HTA{T9Y6o*f3m7GB}X~e{i zwHHq0evrx8W%*w*i7BUb}kzji4!!npyAM^yY3o1`}ngfU`|4Q6o$-xZCFI`g}!9Oz{?MJov!LD+p z2AqE%YkrrSkPilv%Q@A`cqw+qA9<t|qs{%8cwGz7Y|E%3Kx0eaG4!+NUVJQEg?~hq4s{SfW&0xo47KcR`iCqqoRN9 zFBH|~&G37E2VX%6ZNu-^Ax4i!%WR7B6HFf6;euJeln`~kH%!cxo$od#5zI29jkb*Q z-U4zdNiN|M)W?T^a+u>6+P1iM zZIVeB_N&5uZ*=P>YBZI#wUhptswoTK05l^KvPM3m5>nU0!UK+X+Ok?LH7P7Mhu4F{ zV*9b8*oDOsn_IOKCOcr!crqH>iV^;H4r`9KO9#<{PMm}V=Q|atx@{h#TZzcR+n{VG zg;~-Xx!a~K&8-CE=KM)L7)w)^N^UQe5r#^x%TLdZK!;<}DD_-o-e1juh@+mk<=4&h z#`E8m$jK=~K(K~#D3iE|`IGfNh<()>0ZkO35wpLuJ)UjkT8ifri;en-h1#txwtIxS z<@_$i7^Fr;0@feDtG>{(sCt?`+^dK|8fVaKjgXa%XRdGUUe}CYk8$A$LG2V47Wph$4vLoQC0ePiu zSyHeXeyO#?OK;lU%~hp@tvb0DJ*ovLdi4xqk9Qa2SMHPWefnZYtH^zYdyEc0yudc- z&K-+ne|4HUA}H zYGW0d?Nd$gql_?V|J!15|3U#FSfNJlXl_))U&L1}Rm7pY&ymb6OI6UOo+d_5q~e5p z_Oe`!V6LS`N_2$FS?zPy*b`<5w|keCSlib)Sk9KQ4A_UCS3T;*7k)7#fbKVKAkMkw zEVu#9pil+9gdB*5WHK@G52)2#rj$YM>qmo%TOl#8Ssd4cfb7>#%Y?Vq_H|C!k z`~RpAJgkBeixg3Kt#{IRU80}Dc6;qekbh2Ai=wqA3x%S``=Y!qEjpp3sJc~S+cU!> z_J^~6foznoC%TAL*QM*R)J<0*34k&&jm;1abBRfYN*i_|B%$O$ZbdcIG&PTf?~M7w z#{Sz&=U2?16B1~Hy0jP~(0^2&GV?=AVlC(uUi7BuZ3N_`NnXpqcit_^i<-wvu}P_( ze^o(%jK{0h#}vAqA3Xb-^Sk-+j?GRwy;Qp<{Okla5Vb96R7Hc zEsWDQa{~~`qCC>Si%uJWKh}dza?%GU7%o9oH2FnO0z;qV?i~X|S+u!7moj9~3&TMH ztJlXF9SY5e7c&#C}eA#(2 zItY+v+Uy#@k`1@NeJYy81k)5ZQcSAN#SZV6GMHHd*MFW1PUyoV0>^!=vrBzVS#0(8 zXLfoEW&2kaKZgtUlfJ|JlytC&U!;76(|3D0e`bMr34dmup6EM!5;a)PZ~ZBPAU9fn zO0RTDORp|Thfx|W*GF1PBR8$W7;(bOZiNHCj1uBRdI0-DJ;_6O${z zfFkj*g;)zs@)a=^%FV&sBJ8Bn=s{u(maVL8h<&ks5+X11TF~^rJsrXckN{+xlvpSVhszsHy(~|X| zLka!><>kww9+;yeHfepJps76m+SP{+S73s<6drcdq;NYKh6cR-xPJ%m@Z`M_s|UOr zQIsds7pv6%Q2N3-q;vII5g*v%60>(q59J#9mx2WNVj{n^g~>-%xa}9+Qm<+e3IAxs zXet0BmD3KH3UTBVgR%{1ZN0S|itCPWQJo8ybCelVROov>8%zuAEi!5r0+Vxz&JFG85F_=p9UkDFQm3 z#S2-pQZHREgs|c`IB`_9#=$aWPdEB;aGX+9JXfWI2L?89b)f-YUoLIjFUO{Nk#}qY z&X%#p<=Y&4WIH7y8sNVnO@0u2?2sw6;6B%reWkJoiK8dUYGBM!EOtzoFsdrd z!5qSB?0ku{hAE9`t<9Vu_MMYI)vj@QV+3UWU>i?IlZbyEf;Y}*b-(ahAEbs)V|~oE zw-UWlmlgqs9a17-82OJ~lAEyVO`^7hPfk!C9d&FRF?I>(kC+mMD6t2BC8CHsGJeDk z^M-F8Qy_|ztKWx&s?|QEjH-nv-j;7g&(t)*g97^ptjhwT1@;SK z_n1-@KQZ#8GIxlyZnxz~QAIi1t&Pv=X25H{Xj!N{H^V-5AInD_U_O&q7a*z=wmulb zag<#5!^R{2Y|PvRu^sNnEh9lEmQ6yu?O9<@LA#Ne zP#*Hvr3qlB)8~3&kVOnTZxX(vNewCK#96f=4oI25;s=t62oFRK;)~ zDlm9l;~LqC9^oW!mmKlV7*hx~#O?-YQBHr|v3FDjeW3~&)sJ3tS$kC51qgIKh_zcW z!d3Rk+yN?<79r2DaH%gLjx$j#e7VbinLFr9um2(~slK#`MDxg&pQYedb}UT_n&!dz z#QQ$8)(WWZdiX=F=Ra?eu^I9F&+!4-$7MGZ8kZSv zkX$4RYq)Ov1-Ogi^fw*Hfa>G7%sM4_+NOuot$c0>VHliJ=cx* zuY}+@pR0{5^S$NvPcTpgUiD{8%d_BcCcF1i$-qrti=tt0gkH2tTVJZ-Twy8D{~cYV zLa54=`!CPxCA!330B>O;BvHR(4`&Ntc00*!z+f!5hg~#sErDo`oA;N(R_7~8J$um z?Y{5d$vf+O&w0f2-CAVEOLgKAT4|41mUKr+x~C-F8>OkZfwa04K65yUh=1El_;;`R zh-4XCsZ5Yj`Sz$OiF$cnX6 zF~V6X!YSgmD>0;-CnGh~IaO*%=TKQLhsIim#&NJnZ}^u6!K{kA z*b3AezESo&Z23F@o{J7H0k8;PkQrT9(9Z`s{cJ?c&i4Ti|AfyQ#djl1%h1oueDn2@%*&;@#b)&f$b57po>h>WF<9ms3o=jmpeXb2KUb9b7L)n0 zrXtH^ez|4xGOv;Czc2H5UKh!{?>x*~5&p)e*ZdnFIO~wG7X7CCr+A))rz?at9NYm} zu8p!p2+S3gbK*{qI+U{&H|2a%T|qgccYXLs@uI0}p^LLMGv6=@-RdZn9TX|rmCrD`v6hp$n->iRty?%Dz+ z?&S(cN~eGuQ*MKCbK&Gj7k)cs zs&I?#(KJ7iDlF<3n@{$r8vKhKBMBB9(Br)Utppzs)&8Gm6W0I-#W?pWF{2Q zG|g}Vf4!m3h7-M_0kASr@nq}QiLTZ~oN?-`NRYh=;{MTg&ld8{Z+)i724Fef8{TrH zQ>uQZMTn<8z6p$fKJD0`*uaL|pa$k}WNAOE|Hbq{?A0hkWQB+D;a}QUK70kRs23WE zvoJ}W%% z-gdk&M{4b|y```9T!WyLaCca7hkS~gJb$l*aBn|tgyVc0=Z~r%!+XQmra4UblO?jQ zf(A#u!=8dLFAZv{Zg5jCc9L_x;ifn2DXX(LY%lvAZdC!cXB)N$;ak`C!vF2E5H0cn z@L+vFCD+iT=x_IbOGI*9jHXcV2Zoero>suSsbGU&KjtZeu%RE3szZtS`Rr<;qb8lR z)48;s2Hfr?Kg)bdMh$&d-tVR%3c11>6kJ_P+d1`rRoio_9(LEPbr4(JcnIy`ul({i z4*59GsW|(kke#Ndj0DvX``39*8=ypOru+#4Vvh~eqGD?5?@)!!s)UTQEu-SN_b+!9 zHupbCJHLNMffLu^9)nSuoj#gqM;)HyztG_#Ug&cXFZ8{Lm)bCK#h*=3>I7NJu_DNU z9|oc%nm6(nsNq$4lu(}o$N?9@W57l57&YdW0vFNAfQ#q^aGp-Jf(M{}tLhz2*Wt|;FDR|iP1+j#q$k+4bUdmZK+%^z(u42-wkGj?|SVUDP;|2iTn z?Q5u-OXQY|sLAe~R09TKj#Ys`xAX6T(R1x*Ax!k#A(541T%u35x&w6FvIcC_=dK8O z*wog-ZN#|RH>=^AE~@KOj;P=0?UD7lt?aJr6O>ge)l8AJkcc)ZUaE<8_GDAC#OJCn z0iws?LwjBL7jOap8K%>sJebxXT7Hx5hNI~YRRsPKK096Z@_4#?W83NCAy<)Tu7wRS zAl;9>{*O~=Sh{G3ve+mKWz;T%j^#Y{r}T;_jcZ|;?_4T^IM)Klj*g)f)y=AK2j;2O zR5Pjo)*>jR$QB28ojRIJX|yOQ$1$4e>{vJU>LIeGiBs!&)$#l_8T z$iTu+A%^!Vu2HOtvH&8pN?`8b#-_X)7C!$@37E@ygSNPQGfj>_&2f)Jj2a|fu@-G| zN8w3%Vn{(7V(Qk~28&EQ>6m*b+Sj{9keMtmgKl%g> zr6Gd90hS-NxG6OT=BSs~i!C5%IN>dsA16y%rEGk|1cY&H&a-iGv~d0SNPLP67jE@` z5$A%&9<>04YK0@8){s9+Yuq2DSGXitsE1{9*RABYP%cqS=Wce7UxfO_m93ctHr;&$ zOtp*Ou>^K9F2G5P^0f4))~lj4{;qZ`4qlP^57y>dJS@OHCWokIaffP(;`vm>s4Cp{ zNG3u8n8R{NxS}ak6ZKjC)<1L};N!MAqDp z2rMgpnW&1Mda{*Cni-UNo>gkLvcnw?|L-Xv8%OEV*2V^-l$iG{hnE7x>D<7lRnJ#mNVA^!&YvQAz932cMjylT!)l0*J>dNh7wokPwASHbW4t5scMR^^nmx{Y9FjX6lAml%F%MCj&W`Z=(qRW{&lw|t z2YP3aq<>|MG{!A6M7h}Cuf^{Q5--laZdm^UTH7qyJy#{+MA1l`DEeS4zHuKp$3N;W z3KF;J?^9aKp9{tw|gn6n0kW`gB zbi8XVTfu&&KEXi+Xy8q_)OVU6P5QBkp5K12HFAd@rFBHbH;JsQky3;&k63XwH!mUP8yFMROlN`^jeQ*nPwGv=Gt#>MuXXAPB*>) zF8c2gm~JyOfe>9O;9cJ`ps{;G#-_R}Z5)+zHmUL!Rcz>=v#<>Pi5_b*mgUiZbD@}r zfuo(ND6MWpV6OQ8kUx(PgzLn(>y1B$XgT)kd?6^YN{=#>d>Ze&wNEn9?Lu%_m!4CX z(6(IR!k89qtCb(TVj%Z#`g*Pq1E~9J#Q`NA9<4eJtb6J)y^u(1IMvfSx`L7Cc67(v zC)31^?{lLj%@Rh&?S38HH$ju$K;)D$-V_LOY6!CuHki}ozUJT8cHS&-%-pL02eKxO zfm=-Tit5V>JFV|rn0%Y=P|b~cHg^+KEwTH0Y4bq4RyDEvc^X3qW?8Tx8Yoa-ShrZt zny=xlzj4IbHq2?iHH>k~QT!^2Mh_Y<-)RE#9$M`@oHEACHAN(VjcPvAdHK9_McAyf z_QP=>Iu_O*`dYoOR@ca7<53}<(k)h+M7t#z;&DLb(pr{O#_svKG0|;$kfABc*=z}F z!Fx15iOR6QgYFz!9$YVr{|C(e>+As=kA1HixH*y^FG%Y}JM?5crY9yYxgB;N@zpaW zF=qY7xBL+8;02NA3!US9%q7By-4N}`|01ijqtyx#+z@Sn{VWX8_GK4=8B8!1{%8-? zZu9+%M>m+pC}jM2-^jAY_IUXK-~_|qB95pJ3&*ktO?a&kyRDHj3lbfc3l=Ek+O{-T z=yH8wrRwszgw8NrSyI<(m#g)6CAqA{M@w_9bh(}_ZPDtwwKUfXmn*D2!deVB-dlpZ z<$TN~=09X3h6)XFPutbuuh$Tkt{@&*Im^Dc6WDHSuMavpXrw-{1-tb@?_B$3x6mtc zGk%oN@W4Pk-nWm(BZCFQRJH+8XK|XK%l4{D{j`o}dwcv(>tWWK&{yk9wzpvT3`DU! zroz$+p`8A~T2B-yXT8qNXt6lbwRSuo)6XJtZYDC$k!W2TI4JXczT|f8+~7__JDFd} zg{QIU_(FeqWXei@L5Hc$W~A!wBkZ|#v@SStoWp3mkFI1`ShxKbc*!U(jES!hc?U#8 zi=@vhmSEia4@D0~uHq8_;s@&iC7X<{ypLI@5=gFMrs$*UG=n8kES)_K{qxa-qT1yR z+F5rzdl}N%6A2qa!kzUacSPDo^<7o`2oifP)~@d*?7`!Avimr_WfY__j6fWwCyJdT z<{K$Tjk{P5dU5*RA4d3;CZvJP9}QeQ50%1Bn^Q(D1{?ZYQ{UQTiDWPyq#_`gSnZTj z?eE=SFlrG~!Z{0USvf?8Y6bMtpJ1|DrN@niQERM!vfo}`aI+IXrLDeP{dIs5H!L<% zU=DV%R|Q#qlGW?c@`R{z$4e+`-<1W{_!l<5kpH&k0fSiW$CItvaM|4@aG-#Nd$R$pBz!Yk&r11(LGc@qB=~{&G(%lipY&w-o?C&y~*dE|B8iZMS zK@e9}GrT?2hPT`~n{9~aD*y3I*bFv!)53?~ZU+Cf8LgozSNR4XQPg&N+MSkx#rp+5 z(X8^xxB#}dOTn9d@%1M6DIwTql)Bewg9no7SWeXvmg`y< zYui1yb>})em361&!s$9;xQ(-}XPJJ~^#JE+CLI`@f|$XK)bp+6oLR+9yo}tXijPIL zpmq{Me-K+Axbq{!8S_dIJ+Sx?NG1O zF-Fimq}>R5MM=2yn%yIZV7BEJLn)_}eXoP*h%H1l^pJi=+K%6I^_xbP^F(LZGK&>a znobL9-3-&vgr9mpl%t!kn21G9vE!d3$1s|%#e%{*ZI1}3bQ4JV=5)VfOeRC!E%y7M z`L5qkmaxC^V?9QLPOMS4u^`owqR?eh==^n_L4fBRVpcGp@?BtuUQ6%xU$bT(a` zOZ5E0SlWDqD5o`~LxzGxzS>wCW96wF%xKPyI?f8U)Tzr?xN7lDCpOE>mCR_i{>ep< zP=JNG!jA=w zRoh|r2?vnT-pYPN2k3z1a5wwv`eYXrm}()5>$|diVh)unYE0qPJDyJ@wfWfL@RREv5uJ4 z(M6P!yak%3ri!>Rt%#bcE?5)k{@f{P?Vor+?!ks+_d`3V4OuD)nCdM|&lqp@3R;sb z35a!aRIrB>2<-IJpGNEi7g$c6@No2frjX(c7Y`A8SSiJ#VO81t&rUk;VbGMiJ+*)_4xgtN;XdCG%<2j)t~SZ*=@2dhd{Fr_3j_tFRNls)^lg#l!xBTx zKBa?E-52?OF1{n`ClzWapl(?K&Gs>AW_X!NS$Do)Zrt>Hg@g7uQNZqvrVQ~HRWRG4 znEiyk_|EG0ls4@ww(qQ=uEBNV^}vVI$%(naN!t0i@6OkB{VzpXAhe})O??Rr=1S|G{AeoCDs^lN0v!PnE- z>5agaUm*Q9iI~a{)bNwK@g#z2I#L85(02aw(F~Y6D!k}}0S<)W@9%+$R;ew8cr1f3g_fd|3!0A69=N&H|UDew$QvD9P_8vlK}{ zt@z71ql-t^=|{2JpGDPjANhNZ8tQ_>tB@SvvRM)MC_K|#V&BFcrmUP`fS`#oPWE+pb^SJ_Nu_7U*5IIq*3Lf zu2A4AkIp(Rj8ITdE0rUNofZ0338VahzECUibsb*fHcdV8KW4$Dhl!WY^0MnTO<5J_ zN+-X2XSAeAh6Xf9#Pf@_4~L$%8(+Janm%}W|GCq@`r5z1PAR3}>caQe{C7!0ejlsq z5EG5QLY9Y0vIsawe6LCw{dAb-a7r`(lpSB`&ljX6Gj7OAxc%paE1W@bm#Jb0#1$Q& zi2Yylq%+#KLZ;jE+o%!>w?v`}ug1eM1_yx%fg0NOAq338oaLgS6bbd)3@ILxeY4{Y z2XJQEz7)B`)v^ihC@6si=8_@EfR&%Du%eWJ4MJ`#`6L|0m1QHr!^kIDWL=S_`Bq8R z{4YzgR1~sIEzNQ^S=jY;y zE4lE*5gqF5^m0o7Y`RQ~M`1OZ$!wMzb(?*^z`oyY-zV{XVznDMUD0E#bg^Z+zk?ra zG35%ZWcQ(#_ZE8vlUSFslkj)3S$F-f@KRt*Wq(P41+f*mgRRSAMZ=Qwx!8NGUQ2(5 z`}nnaK;Xl-C|0Wrm&J0y`gN7=e97#mR`MI4Ss7b zap_OZ1z=E)Z=+`6zf$2360g1rN~zo|0~HS$v*LZTiKG04s3s|)`R4z)uR6()l(j;b z(>m!n#cLqf*`YL$D^=7$R(ey=aDM*fe$f5eoT%GmUaKa9M0oHf2i?E^(U61gm2i{( zY&|gP!GrFdc8JEe7%}5Lw(r^#9jhnAtG1pKUiZJCkwbq`)8Kgf@4Ef^s(t7pQ2Nv{&&4x6vsSdTua&R0?BiLPE=;?$xK zZ+U2-KFr+lKCj?6sR)TqjqzQqceVFwrrJ(<`UXflU!y!2cn0Q{-G#W^xa+z&C3B-* zo@;78&gxC{5rI9`NBAtA?No;RSABa8hK$*x(-Bf&9+y{m+|7KcjQ{Eg;7aK0=JwS` z2i|&59T4S&tME4G6Ae?dK75<6w^dC4%CG-YBoeUpJi4a8A^dvpoznlcfSrFS@6bu- zkapRj$iH80MybH#Pp~H4Efk5Jw7Tfus}iq;VRI`YHqZFZTOYdngl=oD(VE-bUm)*h z5%RzLlVI?GW&f6MB9psmG|-nIcI7^vl9$bn)C)#^KRTF8?Db=lQXMj0bDvu^Tdq*E zFaDbfHAuX1uPPEPPW_Rig|sb)jF;B@8FX}qG0rT%w>mP7IIuQC9_H(|Tp*~$=*TjLq;sdTd=>{MlQM8J-VM@t#vSEf7(x-Ea7GHBS1k?^FI!*; zxYeyzWdH5iJ_!D+>mxeCbt$nB^dyK4J!k&NIcc_@JxJ_xgmcoCrK$vcE^!dw3BM3c zY-@t%@4u@4IU#Pc))XACbeR|=w(Tt5b8rwCXTMD_>cIZqVfir{*c$fmn6041^1T0c z^cGD0EZqjXK`d)+=<`vfpJ$nW9VD)v5^1@8OFrkP*~rxk!H$e(9)M&m=6c=*R#1cocyzjDl~{G)H2 znBztkq}AU)Yi!&edZ)fT&rziIleQ=gvcLySSh>eC~DNIuE8RT@X@)FPJR) z5kawI?}(iyML+=&DWa&4dd8rF1t~&)_r2EMXU>@F^cSc-y>BS=ouNxJ?5jk9--z&XaQK;e<=^xOhB(^SJ_=`}23Jj$zp)`@D zVu448-3R_KKH2s>?1LJSXLCOq3Zt`{(7Kd-A~z@beM@&7i-;wNn2#rf4sNBPMV+tj z)o}oLh6_ZZR-nCO_B~>e2(NHau`TrbZ@cU_!a|jCwigfWFg>qSDn)r4IPykqaw`iz#bA~=b9EFoKYiq4L1f3JW8q&1lnUhqDi^}r5*itiXF z=^FaAc=%sv=E0>qPYhMQPY8-kc#03vB|OB~d2Q&9bA|6OBW;&NqF+V+TpyXU6Xze- z(yQUoYa^YvVR`^4?H2RKFuleig4SryKSs*GZV+j(f)_MZ%!7JDGn?fC zL1=<>6VWY^whM4qQ|OM*BxrmRX}hH_uAI~}l#wGoj>Mavf{Vb4PG>zuxsmAhNZW;x z_!+nsU{R?2X&~W#$-`^9K@uLaUSMWJ*`-OdD4WmLg8duY6X(jDV{^SLhpHF1%ye$p z`2{>g2CseCVkuy3OzUvIkxk14~|UnK_S(LUow zgKi=NUSf#D^Hb~s;v;c z1AHGOR51X9qx$gvhwp2N=$x~c^ginY@~4mf>aKq}>Yq>6pa*D*@lvt}NXCCTKRSi2 z6X%%NdN6fg!YzUL2eWHNU0m%tt>GxzS@gUognff{MKxucxF|&!SolN4e4|qfql*t>pXA7@9%$}M%ikgKZa&OP&S-l(FK&V$qgUU zowql+JttEG;g}^+JdY*vlPL_L0BDQ=32nniEw0suM_=NJ5x7%&(dg%#lN(9HSn?TE zc)FVf`SceW*OLBUzG)pD{Qa2J8Dhczy$Sw0mV6d)sb*Mlg1kdtIo*7t^Og zid+K1Fnd?GwCSe>;j>|i0F#Mb`qR4#bc8#&UQqc2ERFvQmr zw1o$7Y;MHQBB?l?2-K6E2vw5>R@0p4{o-T%P95_<&UZ|gzor{-RWU0qZF*XwzeE7@ ztyo?q`6CO*@(@OF$R~DAP6R{rQX$~>oBn8RQJq8vCsaN3FWG#nJ8!-pnaf%v zA=0bHu;&VNk-kLr32ez5SZKP?!uK5c*JY2QhN%rSpF#8^wloQQfsUk2O*jXPOP)bM z{pi0Jlura1Nh!l*2r>XWFX zDqs-vc;(HHzP{Vgmt`U}l0Z2-51 zhLCny?RGBTAgM?wMR9YMLveRo#hJe;`nw3!zyq9U1fv)Kf&NB{+VD`qhv8^6rF?)& zwcCLG?#{PJn_mW5WU+iTX!EeD^HBB@|Ihe&0{P%>WT9$*=OfeEBg zWhg7In@_S5%L-Tkjv`qE(*Za+`iw6lbEh)V>1xa{j2S_;fk1KtkCrq7 z8ifDBpc0EPp$9gyvH6iswcu9M0Q^oBZ1W+7XOH~EE_EvI#vuu~NCe(M%f*Ao^tD%K zu#d*e3}?{M?$sGZXDdP!rcTOr)J&apKzY6o^uAFP)Q5lIf^Z0uIjbEN^d{181^~Sz zqsn2sO2|xh!lOu9@bj-TTG@<9Ck02ak(}}^5y)*6%{a@P7~-n%w47o z^L6@>W@Zu5<85Q8N1J=9g2J*LLBbh31e(|R-Z)#X%*V76ih-|3Qv=xVPHs3G@Hm4< zJn+mmt^qG9K9W-t+Ev+}Rfo}3P4e=GQlgXhSFlBbUv-dA=bb=W;7p*g@j`~4i6E2? zgf!>dH*{l|76^}&$vyx$K&-%;j$j)_6*Y!TvR;-4fb<0U@&GCGSj%+2#Sd=Jnj&-k zuraIBucEUQpmpUF!+zaUI%OmUwL+;A)d^c5Sm3Q2nP=eIKe#l3y5lk+0t3!F=F?!A zYEi3F#G9ANv`>{v*G^hlv1*m19z8 zW*+~>&EHtyt5MQ+m-7!4$~8O&aLy=D$O6Hlz2g>${0#{~26(|P_w;udWsqSxr*79M zb0Dk3{imapP_BH{>X-zOkA%g{vbp#!+Q=j;_XB%b}YIC!YVC+2`+7@rqN+*CF z1fr$`F)b?V_rWH71VMfuH8AB2{@^@FEcksM%k)JMZ1F80(WYxw%mSBboUS+lgpex? zrnNUc~4T3@hQtm z4vP+HR1R`sr$LDZAFXoy8mSIjIQxZA0A|pF2n>ZcqaeItHY;Q)JTLM*FZVpJ@jP#| z&(@|f-Nj3@l9u)qQ(n`8GaA$nlUZcqM5(b)LS%lVcf$Gs=1~7#`0;P$^+>twF!p$Y6>H z?T2wQb0mi8gh))XKkKgQ%h;>S-A(t($qml;&0+$C|HitOj+UuaCmC%c)?YQcwpnTx zN1|#Vu%AYb;APHoV?b2{cmHK@dL>lRM3yEwI*twGfvnJdb3-%FAITGK3vlkE9aH+j z74WR}=_1^D_p>3Gkc-YG%{h9y+YlHDu|NGAt`wru*k~0Qv}GM7%sdahFP1z-WBbQi zWJ4(I%0k!mx?T(tza^dfmxr>p=$Xg>0+n;k0&+J)j%h)`^@MX1b&KyxNg`j+evx}T zWU8H4$7n?rjba^UOQBnGxfAHdH6R4d)Wig#+eW2gGxMdFGL-JenFNpT)oU zEiR6>;o!H-kh#s`uFa-d#3$*VMuZsYK}*3rf<=ay_1e9#y(eB_O2FWtEj-Yh*({|( z$)p}{QoE>BFGWcagrzIbRUHHwC!cSG-@-J0p0c^fpE z2>y}A&xFPvyrd`T(gaRyIh*drI=RFfmLDnSVVPtOPBfJL^}%!dBMFEH+7HA92={|A zTzhd5w)Wv;+aHl7?VLFJNU6g)StwUOL25$~&<2qOxBH~~V?kcrO(tWk$2whJ)HHW6 zyI!99C4oWw@wli#iG*f8I1xWF1|8XMWyQ+kuK0I$ag*rsL=FP@_(84DBX?EApohRO z25EP5^)yCKO9bVrm(YI;)sZU9)!>ulZ_V=1Or$ZwfW@hvOi`Wr`;oC!pnQwMmc%CC zOTmi|8}A0-9rBEw{Y0-{48WBJuP`s8%`5jx=lJLWq)m~SNyp0OGfSJ-H`WuQK8g~U z-TMqk#WqK!Wk5#f=nr>EW6ok*z-SxBkOJ{Qs}D|>!k%gM+*`gAuDE!10_d&T8;2y~ z!LP5Tmocu|m}=sw1kl8Pbu-#=$D4}*jvQ&CcP#k%&AJ8UDPy3?qIQP$T_g>fCD;cZ zjm1+h0rB^M1=FeAw*o~nWh#6N$m(j?0Ul>?3R$v&%x82g~-dfbdPLL z4Us4}<6l}6>*GcEiEqT0AZl0Qv_2T?i5=++AwlS_!|+>~YKbSFW{#ZJvrnk9TCRFQ zs)iW(vpi2S-Nh7%Czx}*`)TSR#xnxRwUULfBHK$oO`2&E{ zQ^QwsXh2-X1>&K3zq`V-Zh~b(yi@wbuWPE~`mc4WBZo0Ko4uQ+k>&zCa8znJ!gG~< zM%y26YUVqtRQ(TWpwxUytvt{~_rV7eJ7M-=&uV#r40#|5B&Y5_R|=8Ip9# z8MLc*(ZBP*LB_Q$Y3I|1N&hR#QeW!^@>R~_Uu*kXmGfF1ZxQIQkaUvxlF1bq`F(i; zmLDjAB4HCx5aYi#UL=(uRPot;7G-e`04%`IGdrQB2Sp@y=jXWFyho;V{ zIPnbr7;k=LI1~7UH)*0N`2NnTHsHeJKep7C2|IAX{cpJUv b4tSOGL7i`(spBng zEaLy1<7Z(yr_;}NI>)oV81I9uStfJF&;iOeX|nUYGLOj|5dy4B>xqruNJ%)}?atyc z9CMEi%!wQ~Fq;F=yW5KE1zTMN?a*^s7>jtCbD==RJ$w`ECw*@i&k~Cw@_-N(rjBOt zE%YBj>*?|u`)a6`PKjGu(0a@icwJ4WYwkVP;%U6q`(!?(h%N>t25E7QqqmGp+di5F81!Nd7S0x+Ar z69xl`o253U6rA9C;Yyv|$)b-TEb$TqAmkA$fu?}fO{XxN`QRpPs9prhrD_WCLNqzj zK9uN#I;1?u12Wzixi@AeNpd7Y$WDec3&2%94O9hCJF$;yzK>9+_PPItUzq*hwY(ZQD3^# zYoboEAbenWQ@$N^bVXaa1UJz|QWdff_H38|(w0_Bfc!Qp0C=aZAOKb#78j4=3Am}( zaU$i_@gxu%L;1(%BSUT*iM}oGFnm_Ow5!|3sF?80!-`wJ?C*i_!uBBQqCH#_TicwK z*JuX^rAYe(5H~FDk=|PxgT>3|5>;Yo*bG}5$w7p~Vuom>JWhPd=a_AlU#3-|g6X0S zySCvn3eSXiMmr1((0!V7^>A%L=rE}qw315ftVFW19mAmnpRB{kJ}O+-l=u{Ho&8^f z&)p?H=UuYBEaKT;92&>*W9{`qS*EEFFN_C_!XvZ-ATY|fo|bLi zXI8(#W*7#~a0W}xY5OW9Z4HA^&ZK;CWFxeabOBkMxGLLJNOz7tZ;lU`ztA7EUhFxU zLBee9$!YUJPuXend%o6b^Y^6hba6@r$L!NU-a?<}f6TU)>!UocvClERQVf0|4vh49 zBS8N2rF4T$U#1GQ?)16fH_b_iuPRG!7lAqKfg~HfP%6!N_mA2*+K`y8Lc19(CecpH zPe>{6G}{3Ju#HZOO_ILSjujbeFj%Ch>?A2Z!wzEFRHI_s=d#H!=V^E!qkP9P+xcL<4vKTs_2MlK zThFD$xuMDpLKZt=uTKwEOy&=EHyjj6i<%{zGDim40w%fY3U*VIwaMiKRUVBwAeRkTrqv{nYt^`&ILQS1EX)qIxlMx_ zB&2u7TNHy{;(CdbMd+kq*FqHqa_|>ST?8$hjh#d&eFkd>hbV(CJ&^;v_rX`%JNzec z2+3e9SA2YxbIlL66;|b(SI1lAk{e$@AbAISZ#@Ci6HofIo}s~Hx@dosxOo&G6-T99 z9F)J1bR&P858t}s3J(#yM?u-&iMS{3-|8{vee&aDsXWP@xw-;M)w^glthd+tC99MN-}s-e2FC-9iAfz-@#SN6s;VWB^u zS=tNwu^#y2Fk*366>eHxb)5yyjv|uZkAag_v^;r^*aD0@N zAzjIq-&55+Vy~6T>-Nyo>jtF=UBK~`kQnzTm8PoV-rGH@D8S(H$ma?`c7j=;#`QlW zAMdcgymsd;GH?Vzm&*-<_<#v`$zfseNF**Z^cX)$cS*oEEWZ)qm-Bo;$dey%OKAo} z(YI+Qu7uFRI5$*~LF=7}4-*-V+yR08K10;uTYBxiSR&Q$P`ck|Q0JVC64e+9tRaWv zy+mM*d|a10pbgtL+TyyJ)$DaQqYVG!^EQ11+*(m?x22|DHbpqs!v9!YjA@=T?0e*t z`FLheP`+@vXZ`R8?7h`9*Hg`%rqBXig6g4k(J;5litGdz>&?iJR&?D_3vzomF zfsUBwTv45hV3>uxbtRRZYL$17xRD9cO!g#A>nL2{azkCDaI^Nu+T742ic`CSXX+@g zR;!!)n^MX<+kQ^=ZlTHr%0V_Z@A{z)zD^pwGj*MvA?ARYw)+q>A#^awS1J=Y?8=OMGnjJ!wVJfQBPdqt@whH^1A^QTwlQxt|E#^ zIPk^~v3$%1jH2@qEOHoxxxLCZZn}Y|J42GoX%3h|a$YDF=7E4dKpZ0j+WGq8JkSygVZ;3iHN7f?696_9}j}WXdyV)j4gdva8(lD=t zTc;}*heMMVgmZsGmy8Y&zl*MwK3`M|Q(BQQ_(LF-jF+PVSU8jR%5nyO_Rmf9%=)@a zG)b>EgmLRipsJivbzxcUiBAP4w`CX(M)@b{d>>JwSl|`~j^Lla^`NGIS5eG-6QpV* z{RHZO{IavXUZ-}ttorAwxoce=s)@Dw;5c!H={cCgABuI=D(CV#3RXD->UhgrmuHaK zcp&Q!yZ<^)#f>-m$WnX*?mpJl*);^k4VPS~p>B^!Z8F zT6$TNfk$GxTm_fP--`2+{PC-k$_{jlK*hid*K$r6Mehjg6G4N*eQ#&r&))`vU90P8 zkmzit)0FUWw-%v3z;GZ?GiFPiiFLS8Ggh-4Nc@k_YxI%L@|mkTf|i0qGv~qXo$#%Z zNP|VvtFe4M(C=N(;%pCjrwEceNODDI-~-eAH0Qs#5X94GqMw{iII3C1zwy9pKe1Lc zxi~B(AnNC=*3_Z&z?>*>^;U_jZm9N!_7apwYd|wkUhq63MnsCTBV1h7SlHfbl6Th|Y1)Rh9D{GPC5AHP%0U zzn$R^K~DoYg`L8$goj#Z;$(WHVll0Npqss*jD0h-GI1kcVVK`(W{I3KE)# zY|-WRag*4{Q5iF2f$1icF)oA2#FY#ZtkBhxGeFKJ09gG3JZxaK^{_z8iUOnLZW!3Y zkxrWe1#Lu5mZF~{AUJ#|LLUm#hr%SE7m30*R`mQ+yat{^yMPHesLW~EK4>gfN?0C_ z$IJwY3IaRUaxt?48BGEy7KMFfrN_+VI-j|;g)D+ID&_*42*`t(lKRkfh?(h3TC8`I zWQj7!Q9c0$G)5T4z|k;aoIMbZng9euwySucbAO&TqI(6#9ecmg%j>^VuV@m|XAuK; zB`)G}Z;|NP{_25WPLl_ry}2?MmZHCNCAr;HNc|O1e+3LSRgjSI(@}#;M zDQAI1I!FRb-w@FTGcq(YlF3;ZoNdjf8sH-NaF1cMO%cUz-`e@CpDB#A|kg=_swP(U!ut|^3_uCqk}(_yz)mTZBYB#8$>dS#c{L_2F*Gg zmaK3}@3a-#J_}%qLNNvSgbz(SL;1unUliDNmyH6qEYz779o=D;2OS8!XmL?5wV7QI zu}l>2aKucobXPW2K0_46ts#E>Pz~`1 zX^{l|ke9&B#ft^uOvFd*l!Rd}6${1k;Y=OQ>JGs=Z^1|NV)#_K{rWFljR`=1ss>C| zIc+{sMIw8gpNp_bC? zL_f2#XeSa{AW7si)M2)kAN0bz zu<94opq$2<$+NuEK}hD4+Uuvt_lx=)nlG2x5#NMJ zfmlYf>QF_s*diTAL(AvDB%oTD-aM27pK?xv>%U3v=xs&r9K7Q+? zM2X=b7?rfBd6=t!X6nXSajo)|f%9T#F(2n>7x6j^Ar@a-kQLFM5O82dEbt)<#0O>~ zi)bE+@+&Zl+6n-+tI zH#VH6Qcf`2I#bIy-&R4kiGF>B#x>UbAWWU%Y!d&0&Y)^txS2zr!!s=s4`w{o2bFNJ z3%lj@u9Dj>b{!z7JInXZzI}**2)e zcwmMgX*)qRP^we8RnwtN-m_bHrgV^)1{E8E9r9g{JME|@l0$<5Dd&^E$aud7#ntKj zjy0U%ny>~RRZlF~N=RW+R~i@2KgWVi@romIPU+%Cd*Feyh2d;G0=lW6)IEZAM`F1;1oa45%xU}`0oZi3eSn=siF?^ZrM0nr><`|hEZT?G zWn0De2&BU8U~HF^GJ)R|Iy*6#{RmYc?^n3*kLG)5=In((Q)bAUJ)z@*389@i(B^%%{-`l-ty9&dyoDRZ6Y&m9{+7H&*#sf zapS0t@=dVf2&fDGg?|F+-xxkbVcfaHhLeT|XG3q@MT@2@ozfsKR*O9)Fi0#86n3_9 zxR$=WrRqRf6<^G!e-_X+B5;kodCoU+NO+;!kr)~O3BUQiPrAdz$}b+A6aERmvvOZ>2mVJR4Z((yN-kv00&{7& z85IAb*7r8l>+1LPPyw=7JG!<0?4$Z48X%WIP+?XTZ?$XhFu2Ct^q?*t)r46(HzFS< zlP-qCvS0g1zra0^7Z46XkzXwgOBNgpeyZSHfRDo4T(Sube=&;{NN&WW&&}5)e2c%M zoYSVa)*h~2DgXpskY{*q?m{LZpUaGtZBIixzV%7j(IvV_{DOYNX&i+@U-FLy7~*{T z9erv_ei09RalF}ja&Bj3VSYdXN86FpaE?RG)VL2j)8!PAlfS&r7*Z^PSS$n$ND( zS`)^D2foBSHLjO#zY+>+u6583UE-<<_hqNV9e@X_~N_S3S*wjn!LPaN<8`BhE2*z_|B_aeew8 zeFp5A<;i#Bf#=WjGzc`8G-pSFrcN2q_gwef%Hz%ZP1exA0M& zlKyhw%Uz+rI{f8YlC9rg>hQ<@ZHzz8>zJh9>A8C7@ALQcL*wdjm?VE`nAj3``%;({8u#!K0)Y4#%HN2b$s%wLi&X3@X1BZ!7bl}s*4 zdKpal!mI*GSaQR0mUHoQJ7oC|I1GwF5%Wa+nfU1F0^wzw+&lYQ~esbKtqs?#dRVqbP>)10);MwtPt9S%>q72ODhCp z+n*z2$cp1;w{5yJE~w50S*2U>&vvn0D8o*$9Cj)6gjHYr3ytI4Q)+%IQ@ZM1J5)l#%PE=0%bCeSD9?te9*<6 zKcDd*9}<%`j0Jj}%Ahqg9aZx~RO$K&dkIfS=$)6l;T$Tb?VSa;Lri|T&EH>y#+m!Z zpi43?`8)kjPEX;A@_2q8r+lMZF~=5)-%F;XCCOMm9yolp2}ao80H@^+-@iI(GZH6) z3z|8E9Qnj>w0A))aA$WkquIqrBgx2%#CpTe&n%!b;2)Vb>CZOcsu2M6?c#0F7Jj8W zYbDE(_iSA67~~?(x%iNslgc1=efN#UD_WO8Bf8)7EHoCJrAf{!tqBV z7OOD(@h0d#y=ZfjMJ;KstuTW(0-SD&(jVAZxkC)QRT_liJK;3#X0uFt4)LKOT)myf z-v`R?z;DOjkJrK9<&TXI@R?@atj~lhSBSVc^M(uBnSafYYAUoEH1(G$5H_PR4@qtl zbochPf7$Ns)7dLbBp@tlVSHqoNR9T7l+Vq=LAyJ65~=NqD2lKVGu4UZp?T(~<6D*Z zf4>HOJ1-u4a|92}yRiP%m3%h8ClWtk3ETw}P?oR8OR!IRNqQX&J^qqq$e6BdJ}rtR z*1)Q4vldMkioo`wN?0$$Ngy?>UP?$*?l8l}$cSt3rY12fAXZUoK}k*YA`L z0j|i+5(f7ZOd{0Au^owtwDG{VPuZxP4Dsnsd~XfRu)g#})-jvLf;V(Fj=8uPOC!C~ ztK-Q;>w8H?3hzG9s za6Fx4K`-4|pI$G=v(daI{4Qqr?UkMw$a^kC{lskNWxAt)WD?x^p1DuP93ZO0omXKC zy!pb;;C6bz+nI2JvI7TWZx;{lJerOTZN$yj8zn|w-q6prgjXmzm}D7F%SbOQmChD5 z21}mgRHsqxVWI;zfLc9L1Wi3U7f03FbJEq7xQFChsH^&E=e1i9d+)+M72eUr(!be% zFZYr6V+1POR4P@Ez>GP%q!LMqOg4lr1BvcX1PRQ0V_JVJOM<_A{FR3S`=BWUKqKW% zJkTz)GlWAg61Tg0X{99%e40WtN4g}c4a}C$zbnE7k{5?K*soe36cWJL@yiv)=S8b5 zjhCyZcwMsz>7cKdO0vj#wsik^;6}wX=YmJj*L#=h@I09k;6L_@o{P_E^uWa*D|wxr zZiZ4$;kO%V5j1(`M4S@&QMSGH*ec}HhGoqy3;>)*hg%S=)N#?vzi!$SrioQqDf zIX>8dC&@smKf5FOs5xgJu@Ei2UThRX)CK7Dr58YEgUN)EnH;8IGU124)MvoGq?a&+ zl{t@3=+_v^;Tj-DAnuIpaG?C@p2(dSR?LjboZyJ0!2|^%T4^^ zf!~`k1VJ*IZ(r5{!xySn@hT-V-te$5GX|l2s=dH3k#WUz=j=f^&dXU8=k*)mYLC>O z4^R3Vzu!}9y@_KpYCSL_9qj`jwCmpi+;YhTRcAO4zo!mvM%^!s#_-s`-jt*du@YFHE$SF_q;4n8vALI{cWb2fL&P zU}A+zq)y$z$f}&TKcr6B-jHHee9HhI3kD8{`eH5i;vcMKHkMB_@aEPB0hfJ_71-B7 zx0lvfHlNC29{2oW<4<%CY?{*6%?GFKIBnh86dG-s^A%_ma4+foI0Uwak`)bS`Sq$L z6k`xT^>>UQdq5A-J(@3`&mL%mu4_^vWdYof3 zL+xgU+Re^&XoS+i+X#S`G+rvDx;$+RPVFXE{j!V(Y`aKz&e&zAfW$f|JDpTOb%s#0 zTLj%vnDZ;DIfT zWj+)1vxEt?K6v}$LKPiG7wOJAqCll{F3BTg1pKj_TMOrnLR);)GyaWNw9a+Mf8Xi( z@`#xKd2?Z_`70AL)-XB_RJB$u5~bmc+=9XMaV>*Oo9H+^?{*c`7aP9`ziQ^hWD7Yy zjeEx-^7ePUEuYg6^SxNqBfIsN`d9;WB(VRRLL{})_U#K$7 zzh(2u_B=TEnCN(tW$RWB57wrQCHls##rdJP46$iN6B>i|w%&sDUy<;E<0xc$HSgwv%^@1!HN$3#XMjEtcMz@OdZ%MS^kay$nk{0w5K zvYa9SDn!h;5XXyHGU&2nHHqYQI~}7XqCz&N?Xp-j9%yihowi#TSyuyJ83RY4H!?k? zC-Of&7ue?%kEG*B_=Y=C%gPS(ik8Px8imRfc+o97?>V>n1~h=sA<_WS@aJDN03e?J z^CTZeJUHwY_Go|Kawx+Z6-VUR=y`TL&ztQtIM=3v&*sE~=QrZ#Yt6L@5Si#SAyMh5 zM1wkS`N)&l94YV22oP%5F;+vqW&GuXv+sTW+@?aOR8SM+3n*^(E(yu*OB%CT|GnRX4LaLmo_Q`WCS`1s$pYYlxX&ehLyW zUSYw7fZJw1J%;h6suYB=C~zgq9$@lrYd!8VRUW2yGe;{xU=Qm>9vCL11$S_d4KK26)#((zJlomdT zjq_jw*0-%A2m3C8DE)^VXUf6J^deaq&{07onh|SJ*+!-cG0~Nu&JA)LK~nHtIFC{N zsne2-*L9vCPKEjR-%5JIA-3g%53nuU{Mom`@#BF5KQNP@kS&`&jPGxMrg>8qKeQ`m zSQyUW-&inlw5)UO8{w@_YM&f9EBDR9S>4R*9J2b2v*b#!I>a5bC-oce(|Wd!Z*tkF z%Qnp>vFP)rYcqeredtZS>1KHOb{x&z&ZZ0&!}!@aRM`_h(UUC&ZW&I()r<|@!5&yI zU5AYABeAOKB#iz!Uo-5Do)EAbTWEC(t<^b)a~l_zZfTpitf4T0{b(w-ZdFJPP+a@y z+_sBQeNOd35lDbQgf?>HqbP!RNC?OX6`arX{scZ1a9|dHkewSY1((0^*T7=wpI>&~ zJofDd^P=(&cT<5x7&G6XiPrilzVK+OC6#bgKFz|0!RXHaeBBbdR_Q*==FbL*Bca>x zX3u6)dz=G1ut0vYBV%glEe%x$ibFOicA%mR=dNe8i;>2f!*_57aUoGJbtkXbLLci*Y9kPd%lSFBONT=byD_Hnbe?$h z>0|WC&;_I$0lOfUWoZA+UBdc(zjR?UArcWR1EZ!OTs_ND_0vPU_tTR&3^pN>afgTe z)P|AT+m>1if1z=!Veh)Ki?7Wf+% zAD#Jq^s9n7>XnGU@K1@}obrl|VZRr`{Pz)))B4BHz=G3&jQ;WS&`E_VKPAQJc~H)c zsQn`G>yhIda4qd|sjNvPHUJT$Mb+zQah;ckDsRW@;xRZq1~Tu>A_X2g8pz;xS4FwEovR<50#1kI#q|6UY1%UpX#qpiFpqs zeJ|dd?iAoXS5$h4J`=0pjPH~C#0We&b1#L122&l>?@wK8`xA_lSIElICfLBlq|$qt zsbSYq8(aq0dMW8z^5ml*8uuhrf;!N&k~yqtTF#@-p)*89VXX+ZYqbw&x#J_#Bc0c2 z7p-ZknJ1M#pF@|x&rO*;u>~(}>1Jg`9|LkIDPW(m{E;*eYphQnCQIDt-TS3i&tRQd zqDojJ-8r}w`ptWtQ>d;}p+3JrK6yr83|YdIC710v*LnXay+=X}lIh%iu>OodBDgKT zv54=a!S|t5DT*H8zW~$IHRjW zhFpGlyJ9g*#sec>?}$nuoNCBBf7-L9&Y!|ZsBa?%%A4S z{ONe%hrKI`i9!%W*ufz^E37>MdM)-8OL~TY&cH5b60=0{=vdQUA+P9IpZ*~=lYi913@GZe#cx{3-n9MBbM*?6$a80Iik zG<~R*7)6Fpc6`fuG{SU}w9(UgS)cSzP?pp1d+m{M8$uE4H1;f;KOJbYQ_3y5<}44Y zJ=7yLQ`e$-dM^S$zF&Iw?waaXghj{=UYWxFnc)VdQ00yA;lzH7$T<^a#J~7I@W2X_ zK_&f9@}~=FFaLO(63JCrc*x-cjGar@x&DAXpM$vO7Sl4-hvLC^H}+N=e!7pgBd`op z#e(Gr$$V8ldtkjbSQ1HO$8fxC_p(_XWm0FHWX>Hgy&=M#xD^6LaQ*(|s(EX0D-GT0 zf)GPH%Tbb6s09PjUL*?tkWXFY!XQU4ETj6_nL@G~({$Ccfc7qAI(18>OM5~{-Bh&~bOLw{m1TrR02Bvf7h0y-EI@-VJ|3&Zs{TDLEqmjrzfx-jL zV*ev%8=L4Xm({`1`(}wl!f@h!x*&#;Nhx1M?a^7pRJZ-&s@dW`>=7_Ca0o?&CZvg? zZH(vVw;>kVQmM29xGs}W6rnJ!I#Zcss~qQQ@omf5&dtLhPzQ)sSO0q&Ls{+hWY7Zp zn%reGsGv=N@Ybmz(Iv~PyDv%!LQv`~(+%C|QORbB~UV;N;T2HkM+m7&TD@GJCY zUgP0qJ4Rd{s^l@_(9FEON_X54s_cOuB#YV(W+W^`+IG;(?3J`SIF@vW3$p z9k$ju`0JLn#=&8z!F&W1{+14nr#by_bOOijijKjB^@Rb_jvFS?kNz7qS(K2mXsQr4xipf_iv1Vsgx-W zZE3T&a5kd)dzILYeovSK6FJq-i6`TWTEYS|lJOR%NBGLO?^BHPv>B0idS7>K(dE}- znA>?>@xho6DcjNi@@uas4nh0Pq5Y!5P{rNwY#3?ZP$l;-3u)+;+49*xQA7qXs49~y zxz0t{jv!ld&;n&jODvtA=topIq4^oXPiNHmaI=Tqai2|4{{DR3P4K-OPwr=fg0Mhq z@gYkdP+hKSLVSUWtCA5He~SMhBa!b+pevMvvUU=aP&5yl@PBk-O-=RZ&ZXq{TH7ov zyD8(d;yT)fX%_HU-B*}{8x6CVtD&KQ!?`t|Q#E)J#w1aJKKTyL3~7@4Y-jYf6ZS3J z@kTT28qP8K;Emg+QpRJWdxIZP8G)W2u?O8fb2|yS{Z$L7R+^#)1!PI?Co3R!Tx z?0L@O^N>M4Z6r?VUtXck>;8TzJ6h6a`i<-WBD*U?>#-l+rUj*>5JmmypvTKIOvN7> zt)LXgIZxduOx|HFh8Nhm5T$|Yj&$CqhiT#iTT*4Gc1LKHT~%EM!vFEa&G7G&eM};dc*#=BBy6!Uv!JWdDDv zed57Iw{zx)7K#U-$UxYr!$y~#;AqA4LzEM9zLK^N zkH#z95YEO{J;B)@94F4+LwhF zf@gH+YvPyll<zoh8PjE7Wu>}iEmDtFd#TAhf74dPf4e#7{KC=2Zk zs~C}Jvsi~>nvtI=+*({B+eZO`^4Av~gFCN)x)rzX#yWhp8yk6W+rbf$*ttpmMPo?P z^3YG%VTUUm1_!SYi-Fh)rMr1zF$S+x3zbebBJ3Bs8OCokxtf9#*TD)b?YadRT3H-o zl`>;t?214H=_JHT�DM>pXKVEcrTOdTsw^{DCiUh!6Y0p`c3`3Z3b=1_fZ6-ZLc! z-s6UCJY-8P5YnpkIJ`YW2>=bs>V3F|_6Vlrn6t%{`4U3Dc zN~@f!@8lrcsJ?7IEi%tQ8&o-G)d8hv9y4BTQso?1M~Nz@MICQ(P1EiHa1VZz!bHE+ z{%An$cq`U|AA480AQJ4x=_u+K%Oj#UD%`5sX^)s&z0^4&4{i4$w>EEmFw)C9Kl12l z;*85_csS!CaRB`rni)8$$>g+d4Mw9f11g)(lJkn2I2VoO0C+*58HzM;ju^hR#+mT! zcQwv=m;JZKx#7eOHO{mh)iqAx69ByS7ykLV1kl6*_~)_%0Da_=jWy0yyYbXv)Rr2j z^zAQeoU6P2S>w!n1OLn!g@67U@O6!IM;l-?bUe-KXx zGzae8eE?{>{F@r5IPwMPO~%hNcWke5ItF&sIQt%efBp*Z;EG+t!OS8|!^dZNa9;8& z`Zm0jN=3{J+`jET-160}DW@7km6!IRa)QNp3H0wHW(0X*4a3D4_Jr@Yo(($qUbMkz zMvQoet``&l(M`Sj+?GteSYD^tCH`QnEWuqrQhL-A{}p~PbeXj`2TGyJM|zWoK!dM@ zhrsuzCqBtdxADj1C&zfNT>tfeqn0H3I!vev_Vor07-LNcqx%DoPS0m zp#a^L(gW{XN)OgYsUayXdC|j@Qkr2XtqluLz2CEx2GmE1Q)y0_ml8fd3ZDLBC>1NE zQ9oEpf%+)XNu5q!N(}3<-~ooxzDjA?3QOso_4Vi}KuSNo;E@hD^Mleyd#RpYz_pCf z`0zI@rR(dXv==Eo?xmzWl^RNYl~UhNETv=Wqr}q#&iP(Ss_~A7(s!o{Pv^TD->|M8 z>F7O9$V-V_;{KC>N>`?o_P@aLbZ>o>a65mR^C9j(p%05^va!d4j~Pm>l+x(6mQvsP zC~>mUxy4IKHJ)!Mz13Z$n+q3j|75pvg*-;K5#kY=E)g!iK7%u7=>1F2RN%m{^na%DM(T$Q2HICpip&;MULoUgXu+c|>ND!u-D>c()Q9Ef+1P(k(PwSd}4owi0~j zC6^#J5CvXcZFOjO&2nH6?@!0(aPA&2LDgXoLvTSy;qX6?2|>7M^Q(*6LJh)>Ok5AMHjVt(`MaBpa!VGHN zRa@zY*Lbv}E_*}G1CoDy)j@>mf49|6SE{>62yw_}&uwxjmLyo@C8+j0!VoM{g4+hG zcH)8Y9$J*tZSgqr!fBFhON;v+*Y8%g_9qp$ayn`^MvpH(^{Cd(kU`WF!}1F}s+|rH zkh@Sjj|j3ShILT}o*q$4JA(`xH?$Y+oG2GUkc%#C&_gU2E`vrphTsq{L3WO@U?W4Y zi4tt^fK_)Fsyna;f&ni ztoHlCWb~2^F}IBcC;g?`If-l_Pw!-%ai`Ew$F575hb%1$bGD)Kal2Z=Flr94wEjkz zCFa14wDalU4L+1hVfITE1~VgU4F_8WIOtGe7VcDGP9Pic;EAptj#hm0NsIB^o?W&#kPZWZ$7qs@h8$#on@)ggX>8N_rAbm^vUYM9Vl%^ zs-8Nip7On{G&8I`bb<)<`$?RJWFYOpaK7y0WSAmpw`(w@f?iUyx2bMADyg@Uq?iWY zz6VlshkF!MY)Gv*Ubwm~Ns0+zr#+Cm(M#%BLu!PQ>YXITc(-ZU-wSxWm(*8(s(?+D zR9cc0efrTokowxB?y?bMk|FijaU$T8C%S59;2N?AQuljF^);lrE2(}-QcU!k?Sa&p zUQ)Zas(@>b6|R0c!R3n0W%km)*HxOA)N6*+C?)mZBq;{7VwaRT$7x$0{EDsRjmtdF zP-sYPX)9dyRZ?s$>XLyUmPlg>rF({SE#a-si%U{Qgwwv`i10u|a2yFn166nlo|Z0W zTQ&ifV^Qb2RP+;nAo`j=R7)o)`Vn{u^t2wH+GUC|Cl&oGsr^BNzA9U4U#Yb(l5g{w z+7DpuTRuu*KI?ndKGdM!qUihMC2H?J0(YZW=KB!+RfFzMkgj0ufkTLnq34l;9-ObW z-`~K)yr}NdRl1kb%r0UsK2-U`G2B|xpj$hB%Q7%$^8>8;s!g6yj*9Eb7={lqAu1Mp z=yz3K8EA1l{E@JK^gkeSM3Tr5L*z&$^1)&uvhgDiC-tQDU&!qNW^%C#+zv-%Jr&#j z;=xA+-P5g{s^PNjCB_%oN9r8K>fcm|@ogXkE=5 zKoTPDsmcw>LzLv`2}zQTNV3r$NS1p^(t@#Ijv@Kt(ZXeaS&2^*-|j(|DWp?V(N7Tcrw#fzMbA?7Ept8YipuM1I47LzHk?ZgkzkONcP!YpTXX9h%s=B^CY0jYR)18arphixqtXUIP7M zaVdi?VWV3r`a6RDq(MJa(O*>b75jLC7INn_XV-@*%)cw>!wvd8Xc_u{NzvQNjw)}+ zd_NWa8j<}NgMO8w7pUylkJTwWC-R*tIXxEK^^1zxMoZ58P{cgLmOLz3@>5gtn=D~z zjFxO=OaA^}m*z93DlPfjZKn2*k|oEQl0&s*rj`se_qf@C)Y9kkQ?&FHmY8C} zut9I2=nv|;)1t8+bn(*3spxNhN%RH=ea7J;(X)676Hh$HW1}9d{rpt)LP4MVv#M@@ zqFCLa7RZ`3Y@N)$ou6>{J59U5Iy_gxqe9ez} zKs}ffWX{Ug$q4D(Z0{Fu}0!5l7AOSVoGj-AZh}&X2j=PGcg=@Ona(EWue! z@xBgz%=_!X9N59jt*rR%e9$N7uzE0$sEs+tk9lN0m_v^8*2%d5=MF!nvrwrq=sUFcM=GL$gkUAahw^4A_orm zK>OQ%o@k1Nz%-}X2Pv_9-8u&2B9cLW`{6+njF;ghVqEzWPb|miBh6X*ehT`MHAL@V z&_^ix`*;cTj;DIi4<&j$75!a7-|A@X`z!iOioV;s_Rj+#&e^HxF9`aZ2L0_!VSc)z zU&-qmZLWcZFRZtwqMt43B?kRsMenKTol89E{~`MF_flj(T+llkbY6CbWMMx=KjRpW z?6PrTVk&wX78Y?ozz-_>OXzBW{+pujKhA@WBqq%{Cl&o`sr?;;K19)1Df+n?9(3@P z=Ioz}{;HslG3dLHO`-ND75)B`Jm@mET=i~>?4v#>^W6>l6N)|@FJbp}jXda*LEM*$ zK1tAbf3LEispxko`md*WG@nc6hoqu^Cg>j+^k31@gZV{@e%uG1+Ovs%U@AKKj0H;# z`h$voKG9QmuDI!g^VsJb%o2M%xZptU05;izQ?j($K(GLdeWAezg!~bPe3p{GQ@LBx z+H4K#wVut`Yz-;}o3X$z-$5N{%Zo6qz}BFGP6epN-5S((C{1vUv~rfOcWY33sk=33 z8Y!Y#4u=0wtT=eLL}OvBVm}W z`-ox9B*fC!yzq94n>7EFnr>;>cvR2>H7f^PNV?R| zkM>+$Xmj83GO6+3k5*I{+LQggXwu<)aZggVSm6C{)nSf>@|h+=yuh<>iE^(T=xGIq zQI-3?m13LH6|~LGqyZOM3bueg3NN9w)^-}tdPyC&NjuH(g7|NUT%$yuS|vm-TC(R6 z=R18|BAdTaPWDkES1OU;a4UlAWF09;WLAnG=ZPS%81y%gfk2RcD##&TK^g(Q4naCu z9_VBv;bh;-bYXHdFkDvWthb2S&z+bw1oZW~JHaT|)M)Css312Ow|Rms|7frVeI*`LR`CYl|Xfp^{%mG`^fV|GkOq&Ww_nWC)+G1ZUt zf6{>2&nAs%V1my7_v`Obc9`hvXQrU9`0F&)_!3s`WQi9uu+-st?1V&`exZ!V#1LO4h}Qu?wsTXq6h9EI^yh) z7_}h8Em!oeyQp@9F1^-QZ>a1p`fXHQAY#xbD*E-Rx~;oY(Wj@P-@T0JdmHpzMZX;{ zp}JAen(_Iuax;wd3pleI3#|J}nf(?6C3Ff`M+(5D+bPV(=6mfFu;bm+BQTUG=A%ldySwl?xNbU< z-9O`{!ww=A9B1epqjVlT(()6mn-1fKbFr5Wd(K$!R72-OXc=-X8*1r%_=?ddS|{Y< z(j4WI?&%;e9hGbA29>L?(ixbmbQC$@ye2lf{}aA7{wd?L9R)V|(Z zOgu+dD_VT#LFdefla`8plAvE{(8nwKk&6DC?Vuosqz!e%(O*tA9uf<-HbmMgk?tzO zwJ&tAIgG=e53!X;pdh4xplQ1S)%FZr8^g9&yyz_E}c&mMd zxIKmW+8x$=;96l`2S4X)EWow8`eI@gHN)a(^JbCg$n;o;k}shBt;GSjWc9tGVNT^Z zTh@`nAlB8Y1F+<(k65rDOQQjGfELhz&V3cei3J)nhTvXR{)qU)i>;m!?bwY&H!=Xp+}haM?Pg*->d8-qO+>jORT7HrzpI1N_Aq5^m_yu$FvA|nv)lZ&=I6(hKC+b%|D|#cmgpF=o>p?$(=qq1L@zPhM_O1q9zN!%oKB2V-(>!?uw%nvS_okxXAhrLs zMwy=q`-1t)wf0L_dTPhwcbYRO6`g#>0`D30-ip3eYag}0r}hp+Z;^_=N|?XRp#KPu zMePd}{g^8~wMz?K{X&ZDPcC5XJq-FpMW2k9P~FDS9`qww`va-ys|7vHpv(Pi(cof5 z-&W>9KZ@x2spvll`kc>Ibzh;k1oP_@{rg-Gx=flJl!~4%=(ij6af-fEC;yM!?LimA zt&^`Hc)V_JLGNwQPf+x~6n$Vz54y~HJd}#Q10@kJ4f-kw2b0 zKw87p!%Q%17uLh>S2~APt8g%PDj~4)Q@BC*&X=@QVjNneQbPC1f^_ z;A5YH4{{wLS14qs4>FjLeH1d$2kA=48#qD+YE68QBM2F$kPSXa6G9p(!i?2-(IDQ()hf5Ap~hk0_+84^m0U>AsIy+<;f0u(P|N zjd&c9Ov=e;;dQt|Rm>3&JazyhHbTC0s^UEIY!U}CoRHSU!KZyJ&UYb;)0B|6akrtN zwzRp0Y+eaSe?sDccYW-xCgjC!0{Lc+SNL}c8LW`>xn9U)g#7g zab%kr^|omRAjc&k*B)r8tt4de?=H^E$63fMLasep*f+y@pM37CrTWeGYPS#Z-}qJVRUfvc9!tnDg?#VB$snYW zK!V2$#B#HBIUvt&5k61$LB1elphDJgj@^}DE+N}C3(l!NoEd~XB9OoVA~kq}J7d^R z6-No~sfhRa5U(R7_ZJ~~fjFRLa4;cX{Vb5qK1f$WN)__7kHI4dIYJtw-48--qffhc5;8#{-}@jV z2{}a}Q+<#jgsl5ssGZ}3bR(opA?ZHejwB>oAc3t^Uc^4C&8R%{Szg+9nPgp?@cS|4N)A-KkwQSFPz zz4g3E2zICtGR228i4a_^O2|kbf(3kebO(mEGs$~p`AV+kO=l92O;TgZAsK3nVJ!)X4&|UUUv2Hz;KHyWZ+@ z2{}k1zx!|wBV_h!q1M!g)0mJe2vMyMYQ(Lm6zj*2MC-pjYS?nOffBe3z{Hl%T(oOk zwATo^H3`|@g*-?|W)iZu3mHquYpYypH4QBjmlJY!67q)&Ig^mYr!LN?E~FhH6-mf5 zF62N$4o^bHx{zIq0eO3+OKq?V`IeBu76K(qm&~0?SOgIKa?bRmhGw|H=ZN>%3YX%R zBdjM)B;@2IWcQ^Oaw8!Nmm3^kUBd`!V?jttU8G)weE3OSNXHP=+JfSNT>)EDkdS#F z*M;=!B7lyxAe?$}k=770XIWiH?-7(`LGi!^G9^tVJx<66OAQiEDP~z7qJ#`eLbhIF zA=eR-SmNT$I^RMD6LOn{_%zgopba0nNTqH?S%i#9Laubl?M2AGNywzDZAF_Fifw;- zIBDCLUE6*FVB*llZdF&7ShP0?d2Epj`RyDex|H;OH!ijdw($gGJLGMbRDK5%h%JY^xn z2)QK*89v5BdJ%G95;8<~(~;|JLSB2{r8cC8#o33D0fb;Y!UZ(fc)!mFXtQj|odm zpZ?WNsixzCrHpyb3wwj=JEWQ!0oBh*b*1Mz8qa-fDL0KN>kb@Q?D+%r8K}3i} z8k=j3@bM*?0Z!hI#c5wm)|)9Uz%``+LZ8<7hri?wzCQfA!3c0xj%&%tV>Wq=lgIIv z$IDRuXbkspZxiI_{X9_L2q+WsXIc4skaAAM@}#zF>}33hx}auavTsB#L*mt+s5A?e z;%>iqI`8LU-MHVkYw??``&C;v{}Ml)>wfr?`0A1!$(w_;l)&A4ow)`j!s9{qS5SRf ze3K}jD!9J#IF*%=mRPKiI_Uim;7NVeY0nY$+7kx*|IDO!QmvIDV3I%D^PIZviR)~| zo=KjpNxKi*qeff5Q`Ne*dCi$yVfB(O34`~2KtKJ?ihL?f*u9JrJPl^*@fcc)xoc>g)|`-_#d{v@{hR@8S`@-3EH{Ii3aDvZQ%N8axL=> zxS9H>>h~?z{`&T;uL%eK3w<5Vn*XW3C@;T{1=Wv$5Rex$94hZX$_r~?RE&p+Oiu7A zPj!hW(Q2mi@BzwQHnjo8$tGZPbvM3!hi_gwu|L66l-dY0^gl^$Ot;!d(SK;%!bp1@oMPx30&EDQ1jB2){j#2Ji5-%{9F7X{`wdGUXMP`gg(&jlJjw@&(ND_cEe%nbT~zO{B7=B zb`?4L+qt-lS<53y*ZUXx>Ufh+-UI977k7}?;#WR#tKYals9?N<*P+pI`>pIw#uIFA zKPzV@4qyKb%s!UVK1SDPkB&F{_`8wFb@> z%Yi*3n0FP@Y%t$F57IG`hN>CX%!Do0e*j53PW1~;mtWDoTh!UUL*wpJdGo2mJhst1 zw{?O;ge{{(iBzz!*(8McB!|09aI%pq+u5~U-4>x&IuY(x=hr0Mn+@#e)$l#^$r9hD z>cTD5mxo}IKhL>y3-}#eC%^xXx^IDxqPqT1LV^n>PEfEBQCE!`6x*P*CWsCjentp z;9n>q_^;(%7za&>0)Azblt7qL$n&Y{e6T(58A8KPM~IPdHkoipfl)%vmsPgd2H=d1 zb5P%2pZu5LEqK10@Sgc)=kUt>Qg`*kHTWc+$Lr~Vwv+Wkhx|8jmU>t7--<6%)4Rj> ze{(dy_~+Ww>D&AM&Bea=M{Mu=2hZ`nzsvT%|Lya>_g8$ro#XEr#DtY+{2jf&J^KF1 zeN~%U-yg{~ll1+>3D5^n==_owWUs*S7f)5vf{$>hPmn6VvBZ@|s59zxh!g}@Y_#?u zgZ9H;DakK@L>0E!$9}gKU!1T{W#^4_8u9VXW5RRkG^(#$`1Q%ohi9fAo=3I`Jj*x! z7vQn$rEl%SKnw+4A-cfCwcuwT1ZVi--DWtX__jQbfckW+#kHY>BzZ+ZB~KYa^fyU~G-M?ZYyQ^OZ>;lqTx%TK~Zg1-`hjSmS<^XzZGR{CGVGeW^r z4S3?$5m5rng9PS2FEH)kxiT3ZqDk0U=HiJJPMN2}vfCg2#F$A-7vkNMfidSxV?A$D z_dw$iU6|%P)5?ZdO4sq)8=QOi3Gd9s;uAK|cfQa1C*jMO_5^wci~uU3GvQbm3xF5+ zdd7nOMeB{G>3m9j<|Bn zP!bgmBdn*oR7iqXeC8yX;$TTxMQe6N9uau&z}!9&hA(r63kNU3XEqNeateX@0zO`Z z&&NXRwQ@g8A2R^GUnn$2@g;E)M?6k0QzK>%GT5O`5AnP0+D`%cC>M0$bRYZ^F9Gia ziEAexrPELvbdb`HU+1tVI)qt1IoCz8{hI$?Lo?cP*!n5=9&mwiv5y9RzVEG109Dw5 z$_I}z?VFVR45^^90pH>qx%l87&X2)&_Ke2A;c@b?(KwSY%2(F;jk8O^b64i_Q+zIq zn_%zJK=SEibKrPYDi+s~qGoZ>$qu2Qz{lc4A+~jt0>;-MM4mlR9-*EFDN6*#cm#Yt zU45|6|L_l(V5d-c9*zwKGVGR*ftD|RN-EDv(vQrinWR?<{Uh|{=F|9HJbZ-^8=QZ} z`_TkHeA5~Y0%;86Lr%2fF@HUjiR z3G+y{1LCE)O6rATliPmqrEnAU_2xR!!VFs|R=UrA>QYBwhXE>pum(26%zND+zeIm#=;Yh-M!UI#K*y#?k^G`v6$# zC|}(Le1uq0^dm)4KYU&1w;%Sy2b7BX6dKo1h`sbYj*xB#JzeN{Qb5MzNg+>S_oRaN zT*z+`uK=*C3SV1^uLtG#5w zoH|8v$p#Fj-gOJ-kTY)a%S-H01*C^x{P^uwJ!qxCYo8@hGOOIMEU(4>`h9fYz8L_;E7cXCIyL<5)uWv-z<>0qVzB*ZdgL@Chveoa0Xp(+;?7g4M zkFo4to#As_vhS$u$w*=le5&|Sz=FosxyD?3Q9$8X^CN%;qs~#Qdx&`m?-GkR}@7j+5I=(P1mbI@QhMzzFoLc_J z61gJ(_RITt`PW!LS%=pHRM)|00F#Jz0KVrad|UHH{%5ok|4ZKi`lq_$e>>5CYm&W; zT^ICYJ6Zql5WYDW(Odx9(NfUj_WtNB5l`4_-tHEE`0*Wk_-H@Ge*AVlzj{92CxD&k zhhhTOZT*l`CY}A;&fx1(KM*wN0(b!S(qlbRmYY&P%z6uu{w#YH3zc;S?+(%5-a5^|pC?!0JUCg2Q_}7?r zEpDXt@vkC;Ftyal38{iwPOQ+)wfFUoL>x%O8T^Jhv-=RM7`s44a6b4ab~9fRz$on}KTnF?1Bt+LV!bEmOv;yx zbMJw%5CXaRlBsV3*e>!V3l)9~>4P~rW{HY`NSPb!Zx$nAqM}Jos*b~rS{x@K{_sST zBZ1dbz%M#!QoKG@Gzn6vgozs}{)D;x)X^ljsDgISv)`6SbbweSP^oCrzH2SUH%Ot~ zHIaV&p9$W9Z%CBDzXXh_b0>oTBR2Z*-_Q*FJHh*@*Esl3!tp+UAs%siPqr7#m$&Ob zBDlp+h}-aSDiKwJi{pUTQ-D_|6!#EQ_#F5EOu&r&?F^=pAffSf2zTDFZ~iC1Xe1c^ z@z_nVGoP}v>pjM>$Fy03&7r@dB_j%$-o~B zMj{`j{LxajD)R{gjRk2lP$qTLA*%EY9Hhfeh_nc@n`b&@gXA;LdmVuNmHMlI8HA_l z2R)u(;6(oo8!_NP*bxQ)>$vQ2_M6MR_yF`Pxy=1ri}Wx+7(CgqEYM7J0TYK#l>K=RozmIeKtAOagZ+|CF1&4a<@16uB$^LfCAC(S&jM-`YQAxy%`H%9) zjRz$2hcIQehd+#0wv#^?pF%8B_-B%Dp`$?8Lw2IP@k56{l6c^+FQeB7vpK|PEir?l7NWIgXbltk2JF9IsZe=-)r&>?6r7WSV2OPdR$7a5t^4gYCu zYWq;`+K0g~Pa0)no%VTFp$+}XtgbeZaMm5oYxjOrtkZ!6@CH{8KSDhWE=ka$OI zYi2la>NXhXt0%_s)&c6RUGY}D6?e13|BOye!)_7Bw!P4nHnA0tw0$WJZ@LVR+-H}r z^>UrjbT*p8C}O9lw)Y+Dv;R$dw{)Lmeb&z29oGsPZ;!p}%-+J+f?S65f_LqxgR6zS zT9sn{#cOY0Sg{@bYae}2@>c+gC!=9Q=Fm*#j20%AVr(FzzU`4;1cfzlwxD z(e&vh^j)5omLTcpB&n@Pns}b};&SM}657`y=0Bjtlz)Cc+c4>$W95k|TXG_YXup3B zIw4K!!^QOGP-D4D$Uft#w?wIf0OCA)OXi9Y{FSuW|5`2ju?I$`cXpkOzTm)nc8ze^ z&%=L&_ta#4-M;?fybByx5D;K$r5Qe9Hew4fy?v5<4?n#+d*U*nc{Y3X;m4SEH;31* zUI_6+s`?5~@dU(oGz{D6IHE?#&DfZ<695XOm8R9cc)~y}0bPusQy= z%=gO#%NWdGU|^cSy;cc<4>+M#yIPDC^4O^4F?CGf%UMdgX9`>x z56*oxhIgOu;9S!q&s7wn*~Cdb)@>k(Fl9@?EoXW?A;r@^`7@^7)B(Ky9Pfpa?~6Fa zhLeDfm+F2k#fFC=P{=bDjLR!pAKn{QdoN?b$i1ADnuk*mCw##il2R)y|3TGNuKoEX zBxHz8M^}}}()iy|YjvO9@B#*KV!HwO;Gf9(tXkTK8rp{%$39@byAC3c`l%!Q^;6HH z@ZS4LEh>p>d)*Aq7xDduWwkAK>?M)63;>|!yC+fm>-p|P|Ly(baDR?M_zPCf;iA7u zb1oOXLnZU3t6;Xjy^-B)5BA8Iww?U=#p@mO8n&W}5{}V$Z}5`AD+jL;2Bf!AL)}wLE<|b=>tIF1(L$mW zk5_`cf{KI!G*o{*?^>{pQ8FFyjs4K?*EFI`i5-Msji<8SnjYSTQen=(a=P{L>2{Bm z!sP=NW0;3vm}F3{xHXza@E78!<2d*Pf6~7hlkDFpf2@q-lzcuCg%WZqiw(3e1tLhm zS+4zFK&@lZm1I}93JkYC2T8k`07%mINlM5gT0;E&chjEb0yFjj@Z;FEYtKB6)(P18 zmG=Z~9xY|(5R{JX*<~1iJKgTrm6gh}fHx88AEy|#3NVy_VKKv4+^T05J-wP1(B;l7 z+Uwy3dW;*i<|;e>ylp?yuR@>z<=!zJws*1)+YI2Wtj{=QtOy7U=< zTtQv}VXK6*#M=UA{gIrN!X8cRZa%zcmWoUOeMi$p2P!Cr0*arT4{sm8{p@@=2=<@O zcix@TW%Rb+A|Pjb@&nzJKk;quhWAAFapeytKU)Vn%g^pW{-O&zmB0VgeDnm^Hjl{J zJqbpVKS}-9_4w`hSjMy*MFk-g<!20ri^!=SNbkV2jf*(83ujg6C9z+J6^3jPjK)DU**qM!hJerwjHhnUS9GEqqX#uKyC%t&8+ zT&gS`f+cA<(cFXd9QKhPtmDea0nJp#uJ`#UZR_7%?=vZ%(B1iLS^KgS4uns>lj0M6 z2rkXO-F+yD(eHf<6mC~TH*?^5P3Wj?qBloUU-OinP^pKbr(Ka}N{ zB_!T;{&wDc@ZCL=?Vrg`p#a?M#ePo!2is%+x{=>|`&|z|P~Ro^!G7T*=Np=hP!x45I z?{tIT*}ubo$f|)s9rXk4<4kcT@tJ-9BklP;iPJs&<<{8_-D&zqBGaM&QT=m3Mlyei z(t}NR_0OFTZwG&MjGzC__#`7e89!Cj&($9MT>a2?;HR7Z`7!+JOegkQHLt0$u|GPp}AJ1 zaI3W=XYcttbq`?qxJIHsg7#iDp3OEeTFGy5H69pAPXYE+FzyE!W9I@_bU$SZ za2jp#)Rgg2iueq>q3HN*FP-bX0lDhqz`B#Kp%v_||Z_iR4=b~dQ3tjxAQ2U?vq2qhl zF=FUr!Y{DnXWNgj8~)5gCp)61#Sr-L##55pJ>fa^5McMqV+G;p(4R4;O~Vi{<^qm6 zv8Dp<32-g>15Dx6;+*?wyi|9TQAc#SdTC@}01^*DQ2oSPME- zdNzQCqOngH=_mpG1Z7+g-~vF@v3yIsTuA&l_6=dS673SPx2L%FwoEawUa}+!(silU zd})Z7VFPPp;jY~qwFY$HbP)_V{3UzsTp%hbUfwD8_Lbg>R!})1C@jH7lD$3p5uw#+ zfY7DA?Pk5QtY`Z0X@@>ZG>F}ao_%>hciO;&Evsv;z5}S}Zhorcc;J5%KOb)PxSFZ)bLQ>afgj3aH}z8< z_{shdo{jRmw0?pzb@Wru@(%RVD{}x*C;mt3`Ua@vWb6{-w8rp+@q=&pFqmPcrd#O0v(g!<04e+9b!gY})Cj#1klqgU;?6;fns zs5NV8n*TBES z$U5|2;I%Lm!6IvhBg_;aO6hECKbLM}FxBrNt({Lm+ReY6mE6CwvZ%r(zaq{!n%-0; zUCUe%ZrSdJiGlf_dbD+FN9Bflg)R@?f}Us4qm;zJz4R#WbUjMHKiRGInSch4H%n+x z3u5nWD?orAMqDCjxKZM9A_EGL{Rv3N>oZftU#aUygV25eK&ECmOBorYBmcSgaKIcX zLdRpmUDuCJ{C#q4s_=gz@n1;%%S0#41xAZYC1N-1no~SZBGgTY4!wV-tDk^k|MF%G zc_tw$Bt-Lw`+Hp6^CW@)6yrxWK<7JlldaDZLw)*g-%u0Z^-Q!!`)gu+phA~@Iy&s2tUWuc6 z!2bvnJ^MQ*Vy~VLs)zC@B#8OE`WX-HW5ck_?EuWC865P5_Y-z6~vSQaMJGJVAv3P6N9k*As8F_v46;c4O`K z_&z7KKEy&*tq+IF`fUDGvdA+LzFd2=S1N-_AR(GnQ?@-zjWfVR;T&L9niOtkGj;ix85PceBuTSvtxZr{@#K9<6ZZk zr}`hsp{ji(WF z_Dc1XJ7ac#RIXFuVkX#&xi^*n5ka99Ld|`iU5?3prXwL{A`56YKHuI0kjZ){#dprX zd`1~q9Anol+2#~(>IeMycWX($pWt88cc-nNS+1B4##Z}-5HPoh8hUFI(V+doz2*q} z9WiVB{lOjBFWx@)Ri7sWRRg?_aZGZO2DplQD(`CFd>z=L(bWKRsR2^$U%vzLaoBrZ z%IDU<2@rh*6e zPBD(n68Ut)Xc4Ru*4` ztV|e#0b9usDy<@EybuThx(vw=0qB7J%?WB7bX-!dl}K*Deizr{%j{2|kz%^n{wj#F zXM&TC)M-&VQbyBg{zBq5X?Nz%^|#TqLXVL+G#a0jUywG=0J5U5c&X7K72c7)tFgug z#hj;ruYd*H5x25 zPJ5g8))}XLJi++o2jP9M7=YtP;XSYDi{nz`FPyb1aET}PdR~zU9rD>`W@7oIcgE@G#I&ttC$)VtUfJR?BMz z_RCkd|6mYqOma8)#D{`r2;ZF#6(#liv73dG{ku1U?D?UH;+>uwXa$qxd=g zqQ2Dr<$emHB0{v2{L6jX&2K+D+bjOwZ?)1z@XP-W*i-VdN#f_)8_X_8e7FE(pD-OG z?!um?uxBa!=|1ho`{G}^H{KNOgIjd`e255gG_%B9y}@i)g5`pYO;9d(M^g2`cziBdRCp@`@7?769tKbfC=v|?DXp9HBsny83 z>xIN$HGssEHHjrsy_F>Xi^Ga?^wYZ=@zm*qI=A-{Pn`1F{AM>;*+t|h$RZOIC9nf_jQSs8N58~ zR;w4879uo&lCHv$A4BOnWmb12D3P2pRCqe4BDRL)=UM=rPu)^^G&tqGmyZ{ z28K~XO;<}Bp^IAj%oOH3lwirO$4Iy#YCI-<1Nm=eGXJHp->ACM_8Xc!tNdVm(j<~| zG!NjULQpJ?9b-VkD1-Dgz+WTm*NKn9&#|`!j#5bABSn8$W~2Mtn>}z!Sh@IPI&UpvNMAN3UJ$8%Z-eTI`G@8Gp1-{2nieK^GbH z1rsa!3LZfz9nNFj9n?wNDnbM5cI01Qd=<3Dox~$J{1}bL1pe4xdFuX(*)sa$=DU>d z6upTi5$V?6d=K_^m)qO(9P1)4KGC21{pm`M(c~CSw_Z&?eT9By{q-fzyap~*yCzsz zG?&2D@*41?S6c_|`B$pd)_|H2Ls=B53}8ne3c&{iZUwc-?>dg#-x7X5dNTN(-=F4K zsw7*%_173r`|87_@$IyH-Kp~ZONmUop1=L`41xQaD*^XTpTD)^2l{M9yZo)#gHPe{ zkQjMdlwCjb^DDp=9p`Tu|AM`I^S7?Y?a$x3>vQ3VbB(UER0a&>%nx*wz@33=fn{NOD;PU^bJYLG)x{$~1*e}e2MG;#EDnojyW^q;}VrbtoRr$oC zE+BzA{Q$ugv!XvTq|?jKHVM1FJ_+cjzeh2X04U{tVeBO!%78~YAdb@YYxh{gbzjnT z?Be;@pqu0|m*8DJ|MHF7^*kXA62jP#x1@&0Z!}_yXZzdt^Ix~)fBTIVWzU5KP>d`z zzzj$(Q|Tql;KC_j%_=BYm5>6hJLZ4vN9szxo%8Q`Sp4ny7{8Xb$$HQv$AnYOzo)SO9k=(%HH3A0+w;$N zk9+8ZG?6D^qW!=`33!|Q?RPZay|eO(6Et;_1RC}?Mg350s?aGTy#4m4JM%N(V^92K zk1AJ&9{PvAHuxC~>91F*QUG0C2d3_Leun(a?-f8glJh?k$Ty}09pylQnqGkHh)|88 z*5f12R?;v3b*bU|lZH?EXO)CRU;?T% zOadLqCD1v(ViGlLiML566592`Ys5kWcXTWwfR}m!Osq2Z!&e3P3Wz_oHUwMMf+$7t zL5hvJ^8$2Gp_#tUw6y)OZ`+%$0)1BCE6;3Of<-{RCu2>opN8`<0rBvqTwj0g_fd=3 zr_w<%`jQPq1$${a+q&uu?3XLMJ^&dY;`m&kWeB=M^n&FIMfjCjR9?I;d@%b2^qFc- zOEy@Oxi0%O6c|YH7d}&Z4>U(*S|TjsPbd<0-@wxUT>)sUgYTnG{9S7N3{?05d>F$3 z)H&%u(w=fZxFQKTnUhy1Bj=Wjft;Jfh7pSx5%4*9O&l9tj0O(A%e)F>d);jQu!pg5 zNN;1|(2NPiTf*6qx{S=onBJMiYwOlhAEvd4R`e}+^5MH1^G{-uX^QO+r#U_#ph>Ec z>A8>NL_%Imh&`Qod8HO3>CitkrfqNiFDB(BO5X|fzwmoK0l$49Al+H@zv44L2|q~5 zfW}wAw6ax_$X+W#Lfe&uuiG!`3||xfQ~Ui)Jiw2PJqgAR?e`=6qQ(!`qoeUp{6z=+ za{Gmyj=x=gm)1cqXwl!_Dcj+a&{E9zi&jv(x!QdIi{y7*XA&nnBtL?WyWx^_gpcKW zb%2lP1)bvKKgACdf_{GJNib6I!*=VxyV~o&j1>Cse00}|{>#`|`fms9+unI3mEXP{ z*51CofqfuS*tZ$9#J-r=v2U=jV&4wC3Z~w*Z%lHevTrDO2=7m`5p=VUEZoSoAKq6} z4yJ7$)W0dFO{JUpQ%sxAJ{JN;|L*X~{JjJCxowa3`1w_P{LDW$C4Thx(L1sKzuFo0 zA5;0=w*LUML;Jr2_&HrvpPzp++v8{UpHt$eYyQdndHgd7mPuRKF8OCu&3}M@PVdv6 ze~xL7pE~rNLcY4@pJR3c|NH_41l{GIm;TfV|8!$NnTJH4=qft{|yrzzLZNJ`Y_)6*msdUA5mIJ&0tySj3zM?MaB^AIHg0=-9iv9mPP8-DR&v)souG2<|cdY1fVLZV$5%E|G&g@y$DwK;<*rX zJ2W!s;LY!2V;#waIB4uEjkEM<@Njxo-0yO<%j10P1~8D?reSnjHu$@68g=_vmqwA z2_tb?{%mxgA|Fc32M{*)xEkLk-Wbt8)tmuDHcmu?Sz_1!jm#Kia8 zmS_F6*DYxoX2eOE9dI@fI5*M0r)75zXAz(#Mpb?0J@O0w46ut#54Kd^ZxKg;?HC`t zl4zxXLo)^4PVi7hc(+9y5FWDdP<%aKPh6YCYyY>1guoNy`D-Db$V@yjme=mVwJcoI z-I=^L3)gyvmn|Y{@oo{W#U>%kVHaEkUF0V3j3%yd;B?OsI3~s`^H(i=*QXzW)i?75 ztGyF(EzsIwxS4J@P5h|MuEyN1ec0Zgw%N!#$qko*87Rh>dz%6M_OTxI2GZGh; zXN^R6Aes|kqpc%wUD~30wTJGF0^N1?@BRQ`404K5+Y-v z1_oPiuKt%<{MMz1nbE#CN@n5N&(bdG9T~r8rd76QW_%6K0yqoATU~0}??;IPpGHdR zFBdgd=cCIYK817|bxfYsf}Xd^qL(WIrPh+wwpqOO(y?YVvmQyE9;L>!8`3U0I5N3s zW>Z^ut@_!=3iZrHj=R9^8W#fb&+$|sz78CgxWO^{F4#x=fK1REE2`$1$CP5y@;30J zId$VY(%yPlZBP-_M-ZqQ*TGO(eLgx?5N*%MRmIVeJkDOOC<*f01EgMcBj%$UWh)GM z3FnXV1b@6v@!=oOm&lnqZ`J3^)vH<3lxvf*vN3vbx>@|5G3z39WJbrPn-;dSh-O-5 zG<#`epGA=DrnilzLwPqcQ-AC@dnqi(Qaq-=dJL;6u{;M>DTcBHCFjX1Zg{GlOWokJ=gaOp!1^)4zCV_uEr&-`1&*^UPkLPpc4BNG< zS2LM9tcJ4z({oHHGAvLLHPg$BzcOZVV-x-eS)&4xecpzaItk2iVl;aN2ie5tBI@h# zBdq}|Mn)&EkU=W5BS=jy(RdJ!3qS z*)UMe=kEYq?4IAIMEJeE0r=F7lgPRd;aZUseFSsQz;9zgpnh8~WBLQTrlr+y%QU9% zmBo_`W7=;Z|MlB?7)@)0^UXqhkicl%6P0$3yEAyr;I{{V8^?kJl}xu@vX;x2$>jy@ z5*5E_M8$qYCKZKHb`*+^Ob_AW^Z@{_ym*^2eGftjL8|6HIrYFb=k0*NF~&kOV*(j~ z;#2xsel0{GmInLg1D#{gV*p3KmQ6yV)4uk?{&+o_MRPU2+gXf{r9;@yB3D zphPO6O{xlvg(YA#*hrU#7Q;5#%v-cPyaRh(P`GIjSfW5<3tgweRsFVfqw#6*A?2v) zm^^k1El6xJE9>VC6PNi%eyH@ES9#8>J?Az09K69-6>oqws&W&&vEJd0DzS-*HwG*P zZ``wo%Nuj#eV{905!t_oH~xkC_-^vXd51Z?L8O5<2%F-KppYR2Zye>m1AfxH0o|#1 zW8`jK@W%Sxg*Wzs`V@sv4eD@6EJG|yM~v~yKAkYelOzO1L5KqDR?CrS8L!{g)0n;z zcj~ugh0k)SN^Xf{jrid&AaG8h9QqCB0eS?AKv)P$WCGMv5MJ$d`*xR;l6rXhd+A|; z9QrNfftF0$9mti_!=P^WP`_;#qv-=G^^RF|D^)7~h?z78GdK@;&T~EIdHNhI%2#2P z!Jp&6pT`G6k=_;1SmniU8MB(vWOl3CnhG%W0k=c1Xn(R*G|mJ#3(x}oFlDM;dD0-*S~ zO8i?#jx|3|=R~sBb$`6-=%XU;7%i*UpE?BvCBW~ z9_aib=$tDo*$p~Bcd()}$t3!U04O@wYAh;!or2C+yYE7}lj(e8uP*4k|8Cu&^J|^b z`NHhZ=-df;=V6fiBY7Y9oGT{5nuO`Tw5sHk2A9Au+kQsl8AX^aRRb`Q! zqjD(7D@ouv@;(H46$rda2+aOH1fGIo|C9vYkn1Nfa~s_t@LTywg3JLZ0?*Ru>yW^A z=y!!VD9y^L4?&R!?I(8Wg1{x&egdy7x0WPm(k(%b_U??p_1kicY06DEjA`G9o1SYl zo-HT48%=YlBBg3tcKtLO-yzB2t1uSSK0EBy;{3V1-mn5nxh%hij->0r%M07MvN$?b z&LuTEQ@s%>h94acx?>VwX)*$;iC?$1p{ZPWNPXjXzxfAi6_bQ&RqNT*K z631-&SbPlz4RL?`0kKnlj_17y(DRQRzeLW|d8_AqmFJu>EdRjqe04iL@8P{&@5yhT`N85omrz?OaL3sR>AOCC7*}54-u@A4siVBsa=J6Yy!a;V##Tl*&GEF zAFYUERv{1ed7BcVK$vF$W@F(g856cF4W=14EuBH1&@&b`AkbdoVSS*5jwrNU>L_D3 zqsihx1dSS^dc^T5AzJ_C4nh>fKAes)b`B8$!JuHBktmq9sW$=1Xpfr89R=hwnELJk zQon6iWBLlwhrPS>dFo*p_(v5n!*hPU=loXB`CNSt6~R}PQS7gr+mX5SZYz-9m_?sQ zE`QN9G{18k3?vWT%8Kd*}F$UoQG2VlqPXGKAPn9c>?IF8zynZK90}h zFIw6sL^`>b~?D4b7ds}*E zL1(_2pfloB<=a-k{n27vinROj5aV+)gw7Vy z?yeZ~Z6BT4yNAyAqLSaGvo}QjDvNYZgs4G4-wiQN>z_nt0-)&pw8mnGbY8ZX&nbXs zOIg-p{N@i`(0M|-pUx|{UyPq>V;xHeIXQ?ivUIfWkv>RhAp<@~?>d65EFE6}7QuH$|Pu(OSmtjrfjMJK-~p$uX05d0}r;46X;HY2|^BNH*9x2n8& zlYuE+Jh=L!QPClo)%&!EHU225D?BtMXuWN=wV1{4UzKTEzYk*YxKRrq<6C?@m@h>z zM*tUr32@u6JswXaz$c} z3P?!up-^ABp|Kv4zg+BOmU7&-zylJH((poT@zG{GxUCDZeeB1ZIY0JG`10&X_(NcM zzufW%rvwFH#D48dKZH1QHURl>bZ&3{-YdYoA@KdKk$2`A*- zS%sklJ+>0lSs~!`al#kP>gP5m8DcE#(q6|o7iK30c!)nTnVyrvGV z>d>qX&#J>y>hQ2S+@}tAsKYK7vQ41jx*L8CSis8BtR6?6DfkT7mrs!%uPMPS;E(uX zps(KG95a%A&{i@L*Zb6<{2)jLrRuN1)rFWI+Jm!YB^V~i!CMU|k;ABpP?PY9HutJ4 zJU;}z0~xt?%X<<<6oMB@aD6C_U?}Hx``^c*TIL#Wy==4$^XpPiFpcP*x=|taVWpN( zPeAnqV$8*XyPF+O8B>$>oNnAk{sHlB6)^GHmD8aEF;Pd@t8opA3%LvDq}Dl^q)t?z z$8!|x-%pGglZenCy3eI(#lpEmSkD{=ivxY-N)#g+s|vMfikcH~BKrT;}Qz8dj$BV^dkC;c%*i zpDw4S3F#e#0+VVR0vI^*=I-uWj_ITPYmfDy&7JY)!f%B)_a$#ym{D; zJaaB}H1n=X`vR5r9u~R;jJ~^B{I$_AOsOzRPyF ziEc5Z7W$Z6`sBZrk)A7U0k5*ljFgw)t!3_8juW70H=R<*{o;JNwwD_wOhK@$~Cm_g=KCFter zTm*(^3JeGc8CP;1g=~+ywXbur2o;qdha$3sgYg4KlV*WzC$*F zY%7l|(gz=c%O`)8xF{jJn#hxbpoeBWplK_$2<7FVxV0I9|t)svz+z{vZ;+Y6v7gqU!eA`yWzo zeLoqZVWV(!4XaaYh~h~)zYY#n%#2QpsM$))6`A>X1u8x#EA0gEBDEXrN$#G!NP9^r zgFs@=VZ(8Oxjfu1goNXrtj0ssMe$)O!PIH?a|f!FZWTv>;pr(8a4n4wRSANMWwkAK z21f(#a$PAI62XOj6)zTGNblYS*9m10XK#6TmydnBGQ}ROMNN48!Thwlx#j};7Q%! zzMh9O!nu*&aJAUp>qcWA5oxg|nfX9b03&N-RShP3>`$pU02rvj>R1-!vEaBC|6hSh zo)ISZt$uVYmh z5j%uHi>poHBOn699vTKPt@guf;?1~gpZhCERY=T#G6*u31W7lh-3go#eXES7W=NjZ zH{Twb^fX8_wm@dg&f~*-Kn*wDL@AAwqM?&fT8hcEa^3=hv3riOuusE_=@Y=)*@R6% ztHEt9FU!RmPI$CH>2hXmQN`DQdb?{faT`VFOosZ~sLY6sU{@gGB-|6`Rru$)Zv3Tx zTnbVsUt`)o@o;2x0AI}l0$XD*K-f99>ZCUmCQyVu?RLJfJI2A*2a9klo_*|btO2{WXs}0JZJyQ7ta{)DriN!C7>Z7CBoe97O6h6*e zL2-$WZNt}xjD{~ncIsZ-YDO>r39@1|{8O%kUfg6X*t7n-9(8$0&n`maAdqf#>N0lL zVl3!``{517!c#LEK1??jUY^nLS^9+H@4~N8E~+RjV0!8)vQlJ9A)JMy8QfNeBIU?c zo{Xa7u>~PylWAc?kqP*HA%3f1x&nJ@O}_(dBPT4w4e4AnErnSwP6Bt!I0q`N`7?y> z*gnU;7E4J;*-G*&6jv!a7MUt7iew%8FUTGogoDVFz)d~6#UlkcrJI3UGaGq{td4K5 zlr(0TD@qmTt|*m4;K)APVrb*-@G+)ES>w301kFOD7Ph!hA?^gLG(#f}cG!}Fr)m6TrG^qBrID&`G<80 z{;v#nL^Yyml5&FU(DSpODdmPs00yW6#i;b|#`XAfghIR@x#=K`_pibI*fKHblkvG# z5CPhfCNG+GR9L0OmTVvUP3@7kr(>}^48HH?X$;;ux%VGhu^7R@2OvJs>6ms5U+=P;^p5j!I*Xk(d}Db zMGS%DlYnk~$*-x+Xp9LDO-8*!zxO^PP0kE58E~Imt_osvf0XiU@!UM658uLS6lqX85F|i6P4bHqDa8bXVi7C{awOSE1NM-&cv&-1VZ6!y%RpdwH(=OH{UrJu)BesG z^oEU9%*{0BI%CeF7sm!uhu$MXRvtqd``?hv`4#NSwOWJ&!`#~Do-yx0cUX|1{C zEwlN%<4l+zGyScGuYyw2NDRX6H-0LpTxSmanx)6n^Z6PKQvpWu^@&4;$?bF3Yc8e; z!O<=W96zJ5kbKoX!PdR0sm2kjBOtZ>GjZ76$9VhW%tRHa`AfyRq>^ z(e`1Z&xT}d{6WAVHokdZ-&4#$9;c5Kq_0)Txn^++;XTooQ@tV5niLF0E0qbmh#n-| zf}*m>KK(J0P~=a+;pC(=+z46KDU8^vlO4sw&z|Akk}|5Fnz9+c2*HBahO9GTyU)p= z6tezQIl($9!;GF3q$L}{NqGpy2q_9EiyZ#<4d^g>Szvh6=SI^o`kvNFkh7DJHN8kx ztW^SvNX}F|M;ffh`xO=fWASNA0_DXkjfR6cf@o;nR-}Qd@Sw~OU4|zC+PbY^gg)Ve z${D5394!}-^I#BZ<2Abg|7dr=?)ZemqbEBdkP3N9k}1(kFaZAXoFdFWj~L?(`X|&0 z>dmF*z*c-h;Q3DzeY-ADVWESbnw3W({*s$OEP@Hx>=rEbUm zYz^NAvbx{IwQRzA%RxshYa4BVGL!L7oy!jDV(;R%U3rrD!s}0z!y0usMqON{ejToU z9jp#7><^oMG-j(4Ha*Fo`JOD7vjh(3eIn2;>vWsHpcLn^|nP|?wJqQfh9-lV} zKlf1CB<<!>La2%Wjs}FH$HT~>TImF|3VvNpBiF06 zep~$|@0i7#jp-7tAUHG!t~Cd~j_F==%iCOjV>W+(oVov7X8LN@Ej29^s(2!pYk2{} zS{Ug!;BDv>iD1HjGL^^q<|s$;!#Q4_?r}4h#MKBuDha>O*ITV95-_oHB7LoB)@grE z2oS6j1?U{txIKUeexo0-UwMs^0c|6giC<5|iS}V?K}`{XR>9rvWtrqOYF0cA$Q=iL zPzNyC!$KkjFOQPLKlcS4OF+jY`pK%S_WmkN57Uf*3Y#5R?~z0;@VrQ(VTwddy@5n; z`AGD&F}+@_58fL1o;h$mhf>7(I&;fF{#0cNd z<*TA-^GNJH>^EsfaZQM=UXX5%>k!0EvG+h+`@M3Z_K1;kSfzfg9{}2CY8g(V|EcV$ zeZF6%tLtQk6_svBoL)e(2{iV%^$I{R3D+oLGy#qVX${#MVHB8t7_w21y$K5sx~&kx zj>d3?fwrTNH^sIyzmFWz^li8*a!KY?z=kQM3UkG9>eis=oE_p&Sh0bHk<&~MY%^90DOq?CgXD9l7* z^9E=e@PmDS1-X>(1HY4;93P%!j&H02a5p}H7D@|ZzXJjj*ie_rmM_5biWTu@v|qzn z%vo{m3bhR|mP?HBL>A4m-=KZsY9{s>0mAeYX$Ty;#!4g(qxcc&gxEeqd^`7vz0sGw za)fZ-S^dFwQTP`LWX6$Z^vYo4E?_^6tzp`!&wAqxI`yLh+&N+qo)v$51C_LOWneH8fU4RxzDs$- zl7QK^!Yp24L?5IR4?9#7LTvmv-a;X;lk$bB>t9;*wb6JQge8P(vry!0Lg zmsehi5dp0zygrNgJCFmZ3Pmo>3q`IBl;eZm6%iEQ7k^_+|1$_6CtrYE6~%F5`X@LE zS!&rL$6i@6@V#*$U!zcJKS?tRo(La&x12!(iNS0**zn$X2U--{ zP}_B)HRR&}dS=rq6+1wQ&WmK#tx>A;362#5nk!>24MeiW;SRA`&nuD|pRWaCN)UQ$ zxM^JxG_6yEF8Zvm9OTo1?wa-^nG3WAK*Hg%+gGkq7+u2dDEGj5y__>fIz#R{bF&H% zd^rmMlZ~9`=eo}y?s+~|NG1a|Dv1}9l5{H`B(If#_ckBm@E*Y6MerW{VbU#V-}f?; z?9fpmurIWgpHpa%D!Ux4bfyu>D6NFyJYstAMeGOQ0I9e=>foWy$!8rpr#MjTyIO|EQid=%#TkFlU3q1+BTjP_%Lm_)<}^bKC&0T zn1*R^ZdhbmZCSFT+ZO(@N`q+C2R~hvz`Mf-e?ENhx5Ed6+A5)hj}>4zCgE6u9ww9)zssGo zl%`NO)mU*eW{|Vt$l!4WkXgJs+!tspv*H!j4PJnjVTA?N&3y45uWU!el zN=1YL{NTWbusIEug9uJr)})3Z_OV!CfKRYNO(Z_YqYU4fwFcYH!<};IQxhlxD`z--=)U{>&y%U z^94wx79qo0Kpv<;cNN7pk_F6^^JE!nk*LM11?Y$KS*r4{iu8N`MLIOt=Rkt-+0vq#C0FJ+o@=%(CDs#d0J)SWY~^S~X9+W) z#*Y|bzNjLB4dsD^#b2IV|uh7yNAXU_+B@rPnHW1Kmh}Kf8bK6Fg+#3 z%_Uf%xIad$7}?aDp@jxwst5L(W;?P} z9?aPd-Gq>7lfuqF;Z4dSnJZ*rcf1o|)33lN#=%m5+^YPs{iGWfC6}>+0(%I-3xWRp z+L-ka@knV!HBcHJ;vOs9D z?A0awETGJn#lp%e)AxUAIZ5px7hKP$pi8RcsNRlUOwvblX6>t-Qxcs}i|(S9#-N#c z1QCPw(JgfI#mizIMgl__Hxb}=q!1s=M8lltR_6UUA1wNjrCNuW(&1t)UUTr37ovT3 zeu-QM=K@_Mh4Kgf{eMcKs=Md_cZH7tZNOeDcb!42j)*t5$-zrsAWaSXz?4bZ>&GtiDvyYMteLrJ;#SY?_>yKTbVdVk2Ow@ zIIos-BI*(GlspP5Rzj}A`ngl|N-qM)apz*#poc_zObr~_Obl?|4GuC=1A0sZQ21VH zKq8yQfpS3N>FO5kZ_u*n`4D9(XygcJNE^A>C~*&2^F;Tstwrz@(4%Ijx4L-RU7J`z zZ4wy9LYgHFOP4Sx0~@=IQw-6pzm3*79{enEJXzs*r}c6ydx2uCg8x(m|EaJ%a#aB; zwlByiZTJMyeH{wFte@C#RcsyV8c@zHZWR2f*q8VnvRXsddbOF(;I?>92#bg@xe&6J zhpZ3jn9LAjFIFx_@fu^+La7P>V+uj%;F}W^s`;|>74^srTsNW?o-!I5un9;glDP`b zT(GnrGhR(YaUC_~l30I&d6eR}!dd7rK8N!gE%Ai}xJUq=pI^e)0Z)+}^R=ve->k$z^b^cp zEtM6ALh{Nh;0gf)Jiw;Jf1xkMcH)2K2*!{VSN>=_-kJq4Ho1=8T*J~Il4z=So)Gs0G zXX{?n9NeuB0u9q=6x?Csu=pppd9>Nkl5ZPyRGY52;S%bdLNPS5cnQl z)pZc$-e2S110Fw9&cm!ANneYgdBB6~*@(2o^>%b$><8?by zxQ^usS1~lAQa{uOi+*I4b_!^1saJ$UF`OD1#%#$^n{;P^QzBnE1@AwvbVDBAGU;{T z?)C27X1VJOT6IJ|Wt&tU?2CghWS@AGeZ~$~PC>X|H=Kgtv+bOMP_#sx0)Zk44^CgP z`)SPG97unH8O=JdBH;`uPNls*TY{Zj#qS$CWNwA@?D$_pLcX@ZYh8=3Ts;G(e?a$)>w8k}cBLu~QI8kb9GZs-= z)D)tuG>NE!O=-x{bV|d;M#2KtZ|f5-!7QVRS;k7n_D8B}7fd;#1ZLVd0g|S-uD_mu z>2biaEj>K`8G!>uGV=Wok~;y5V-}P}BZXJ_x>snR_>!}IiZ*sIVZu75U8IBf?e*Vf zIp;Ujf7jEP-5j^L+M~B1BF1$^+=x~G{78P{sim=XG^(=1Wa#f+x zAZ3S*_0^pzP;v#)`PU>lw-HQEm-cFZr<&q9iu0gay zBc3P6zFOvgBd!#DWuca{o1c1`VxcUdYK45mx0UJ6#ToUPHsSB~@tJT*3e!=CK?&N| zFGyj+`SHl)j_1hcE#wesRs#_0BYNts*giZWHDqGnkEU&csPBx1-!gp>y%fz!qUh=? zDzKy#+l{>VES;J)VS_7Lfl01(c@$hgtONur^JU`}VkJ$m!Y}~RY6qWDT3KkJfnWnJ zy!u6OEE^(X*g*VtPbTQ)+zt>@2ZUVxbP9y1Oi(f<6e7r14mOAdY?4xLt%+lC?^*C< zHixWF&Ei+DLTL-|!Td@nl22E0P`+9GlhM#mt_<0PE599H^y8&)6F0|~g?Fn!=CZIN za$#Xb@y5yVa_bG%RQ&JdY-b&kDI+68R-G8lUnLE%zy%^}D=^Q1uoh#6^LW-X%ohz= z6^agBB{`!~;N(PW$ST-{Rq-Lvya2J4R!-s5GZxA`1&8xXY>k*?>*c5#jV{8;NYJ#r zc&pJ+CViLXPZ}A?UZT7zC~EuuUxD_B{3fw^g}T1YjTw=BUReY$B#QM2z}h_NVMH*5 zLO`sa$bn}NG_BKuu|Ei3&CZ|8uE7;)c#y`7d8dHgf1xsB>Z&qgd{UXX9~SVguV>X$ zY*(}jC^3A@HXO8pYNw1T34T&8;j?LAUnjG3$mHo+_wxi06DN@G00t4#nFcu!je;+gWL2Fk0A*Aq#J-^eJOrRRx8fz3_Q z4|Fz>0wDP!VPk`FE5YggKFlGfL!*Frju!N}CYWHeqfe%AO^6Yq253=iu6m251B0}V z;t*&Z!)d-vLZ^HkgkJHqq7Sc{mZFa|Bh(wO?<(+9@}BCTBOZ)h1`I-H!?uWqj*UeK zjNdRW>UX*N-Lu4)y*xG)KeSPRNx;k=YJ#Kt6EgKllBS(<4Wq=GQz*$M@kyb z;_V2wJkpoz@HOlCY9@rM2P4@~^zUDNAsC_UX;Jj6spt`-Wg`*!UHq?PSz89bSSA`N zo2!JpRPP9-?9=8e6bV_7BLJ#(2O#7+J_TsMo6sf~q>Tsw!9H?I68C+Yp{l*UGSgua z-<&dr2CqbAvKf2x;~9(r?dP$egfy&YThczCV^n#RG>YC}T6-+V-e15w{8l{W*8hMx zA7D&TZDNx$1lgE6WWWQZDkhW<<43N&ReUm85)3YpHcrl!?<`?_)7}x*E`#9oYkN}V z_ivL+*kmHN9&6#xj`aH!HxR}JnF53jm;xPtLXhgaiqipy%HyavA*_&j2{(zFoNz({0Lu16+_m9fD%nJ$|b#=*olsS+UM*xYBqUNXy2`sKs}pumMLQmOYw`Bg}I^+ zUr~+q6H7P%&>*d52mR25Fxw~UB%rUG&R_-YOygC>=8%>aTi|%!drVnJ_sN)v`}T+f zMM6r{VdVkxYt1(hjn5G-cTkTc>%m7b$1ruHi~+gNNnFAMf-BZjB4RZCNP0U9PNP_e zjgaL!r6DnwYAjH742{@CYPmewyD>e|@1DoWLKlNU5cmT{p@{Yrz(BvlV<92iNx1Kn zUez~|p`9U7 zq9a7?gda1asEtyh29dx9!w|RADQ+uDG|QGKmd*L_F|h2)@IG8Y1o*)=jy)%erY@_; zHE7Q=uUnCB|n&&gszO=(>?S9Y+|X0dHw} z0T0BV!M&&TJv(%d!eb!*05M!C9+u>3u3;-6CoUyp_)l_6jWjlpGOdR#GxB!pej;#x z*bIT2lO%9S_UIV0Uc*M9;(Q<+!iImc@*LnEyITWC=&NKAsZx_%M+#3@uN(y?pjw@k zqenj?Y*j!lRzvm7key3N2d|80SKy=0A*-Ztm^JiTCt<-bIC{NEDgr{ZWh@xF+tfBW zi%Ly0LhnckN{vj+rdJkJpjbkp2DJfY%ajK}$1*Z0H%{2QSWTqJ+F-IClFTqY%rpn> zFCL(Ks*8dOl?1|50V|Hi^m6^fG(Xs4z#3NI0_Qj~1P7A>WwM);Ofpx|=2a^Eql;=n z07VGKckQ74{DTUE)x3_I=qrA&yJ-jMtnBcwKk@(uE~VO6fQ>2yIH)@P=pnIKdjeFT zc8*@8LV`6cn<{$FTWuHyT8Fz%RA3Y;Z^Zs;=vQ#0 zv54sTmiTNX^7Jyl`nwtn-oTTRsk49l56Z{oLMvts1^*T-Xs3Y`xuCT(x z5|6W9CxG8v&t8DzguiE`8BNpWs~%b3^eF+)Wait0=DIAXs)vk)Gu7iT9+v$xW*p z%~7DLJkZ-dc^L&24iUd@HgzRa2_i?ZZfw_VYxUU?2_vQB^i^E>b{Q*}V#kXGS4{@& zpIX}5;{TBDo4!OFPRAu_b$yVq%b2_?06jh(;mmP$XT!V{Ad96|bE_8W?Zs$8fFd$C z5DaXZ0F;5q9y9K)+e3~>EygQIuf}q zAd{lsIZrD*7d-SCevD?8#zVqTfvfw&da3_%hL zj^tQ)EAPpQ9<1hR_z3HrAvB~G)Kn2QDJ(fGnQaNO%BU>#o(iH7un0>whd|J}PGEEy z1;WLV#intt#D_}E7y?oBWKxkAV>v9``vpv9rp1l~^6(pLvuW>MfLx-00B0PV{il5L zh9*DV!SGQ#fX>f26Tf}njW?#xhchOCHF8M<&Q3QPhp21gjizxRkwbF`<&h$khdV+! z%$WWra&{2UQlqg!ogHs9{z{zD(mM;+LReB&YJC^7R~tq6wuI3Mr^8u)hC_bR;fn zv9KK-;j9v$kii+g;8fCxbca{C$r`Fa15L>~h63onH2ZsZVYdTlo&8QTb{rNr7d#;I-3=A~{>`r7AzI0E8?utr3uArTY~GbU&Yd8nl93sP`MC zy@X)wBUKE{jxb0m78gtP5uYE)`YT(&~8Q84~TsDs{> z0YGc6T13;i_HGA>+R5WsgB&YBrNm&YMOd#zwWGFirJPN2Rjj4e&TG$e6e-otIF>2+ zm{Cor6KSbr#k4qF_!IU>aoTi!ElCFOWvGITL2_3OIJPeYXnSbe_G@BEdRFL+ z`BRGA*X#G$PJ-OO#7vEHbI2Ma@1n<``oI?{9o9jcbLDMi&8Z)Vl~}Nyepg=+=*Z?! zdRE~@CRgcH2JH28QKDHN7CP>}dO$(G@c{+R2I<=mL$dcln51dIN=b*BfZ30Qs5YZn z*XZ``y>3|xYoU3ud+qw#`$1J4oszBBhp)WZ<6>TuV9M{^F_dL7>DT+s{jV(_X7%52k}3T*@@{)otZ zH0R6b2?EXi1kdf*pS2mFmz8bDpCzkk-z94P#5oDQ__5&w%nfU2Eaz0z9Azi zgWAi!>u0od8(M-|KiOzx^og^x>c-&TD~zVYMK`HFdfUhTj6RO?K)b8`^)ov@?$22r zDhdS11*$<1X1fL_k9So(v^d7Tc4p*Q6vW&fMizy#D(N$&YddV z2c^H9#5|AIeigrmCJXQiV(sJ=h!^5Mw~9RxeW|`7cLi7iCFM&wJRQXqGqjB5D*y^j zn$8cQf3Z%EN*K`Ys9e;(9$ngj9*z1h;%{%|iDleLFz;E;KRQ~3=}zvK3CR+4{`FXv z7!cOZ-S9Z)F16;KfLl6`J)egO*T@j-POJvm54uj zqft`}>Y>3Zqqay`4L;jN91((Qpct9%7y4{xu*sj%YijRh07m9i$Wp>Z(b4f2@V5vQ zm`4v-GL02nYYJYxX2QHQ48pdr|jiq2oY9op>|s&0&rEMCiBj-wLlD?`d&GRmTO!2xj;us9-^>tuPn z!B~z9X6eEcL|Y!yM&kz&!Pj1Uh4jGf(wC6aN=cSX#ijy#8<+kcOe*j*@E=7J6o$?k z#M29@6U1S#JkNWySvq}5J7!5`E_wS-nx$y!q}j`87gC7>sRSq3n`!?*nL{v73%~j$ z=IN7V?U<+UZYLNtPa9mXWrYUW%r5wsVw0VMc05Q&Z@3O9wFVyjNEm!#N8YO7c80fg zBZ*&k5>&7xUSTz>UvyO?sT^?FW02c(x3OaEk5ADU+_R`143Y)Sv|I0p!{9@eQ4D4h z4#D7cDC5SU3Z}F%@E7bkbPTF0Xy6}!6T|NA12|Cwf2@E(4A#0{D-80iJrx-szj4^e zf4rwVEcc1g0gcV@OQKqpBOim{INiifd`s4mj_a6F_~p+Pl2vg!(N3s|&>eXpKhe4i z>bRlu4-Fxp;w^k;+tcJ1eO+}_Yl0>BOG@|?Onqb?)f zMa1sn-A=?V7O#`}m&eFy!QEcQgYy{=hN56-6LV#GbOy==(YUE_Zf2>QnydhC@DCXi z7x2o7!h8fLy$DWX0zlT1-RNIU16?A{2IF08-GQZKJOCCrvP`!-%W;P2J#(AG0_w3< zCZ}~alSeV+t+@#|#)=++mXnQ|0NaFGL9}N8#ju=}RS@Vy08wRro9)NkTl7nrS#$X{ z2#9QBowMl9vNhdPX!vMPtqY+2UyC`M$zE&7QL>D$hTe~{q9=fz?LWr50nr+eH*^4N zak!I*tI8Y0=gKoCqX5={CAv6_+dzG%+h1{iAfAhH$|OdB8;mw_j6;9)dN#5&AehHW z(F@oY`UhC61U;S`iSR=VuBhT+6%G|G>Vuz4ZfWKJ$4B;@cfibf7{NK=XZL>5=y@J% zxTdcC^JgfEVl$Af!dO(nf{^rjA=T(kf&C@^G-Ji+&Vl_yuu_wTN?gGSvPiFu=a-CR z^D29kvGSaPRa8riHlGN;uOReQNH!ozW4Z~aG?sWF)shcxBy$Sxga}Rn)z2wh;LG~G zgxo}2WUQGsO7TFVO9=lY9md+Iy&7K!e>~e*{1KWD{)kZIsd94)PBFs`*}w~FuIgi~ zEX+D*Z?k4ZM3yfm>p1A3dB$omc)3^6cLhbuU|Ej+aWL*-gKk^kvMd4glS9Via5d8g z-=ZwbLO!+9o;rOvK7nnP)Fm{`N27o?Dam z8K2TZ|DG25eZ10GL($5i1b!I`ObNj>>5&Rz9E6+jH{i;DyeGi?*A{4o$3WTgDM0Z# zgr7AMR*q%^cE2Zdn-uqa%5r(6j)0PSvKKb^<5hEq1b_Sk0_uDgY|13Ay=v{!JctGg z7`4A~U=KDyT}9ttF7N;Be7o~Y*Sq2JZn{zXDQN)A(uc{_N=ymwo91I>-> z-VNWATcJB$nmdKV{(8cb+|0KX!VKc7`7Xdy&>J2!M~@VtkF}hrQh1EY$S^mdk?6AR z_gR}muJ$HY{`i<;B#dtqn_v-jHu$`h4WUMFxtV4x5m6|kTP@v#7?(1cXy|<>4&VP9 zY6%7VH}J*__&Ff+mc@7un>Go}A@f`n=PG47gd!v8puF@FcahH#$t#Q81A#wvzZUoh zYuXX`K4{fUyI^sgz#lGNurNv~z=Xh`hyp)T;J^F$mk4}`)sDc=yN#|b={LajS_J+V zb8l45K&61XLON;U$Mf58(?=wY<@soz#^m^5hnP%Sq%gTyK1pl3m5>9IP76flyVlP} z=A$3|5@dE>*bXuW2}nfdM`rAGcq~oFFI5HTUOhS-z86tkJFWF?oP1|@QJ2;q<<~xS zxoHcGeP5J{8hhMK_QtKRlMH3S-8uAMF{Q;nVDNk@lbV~*3Q|GjHO{_~+BDZ#(YJf` zfdHP)J`eMv!2_38eqc>+My9Hn8P7up;Cw9q7N}t_1f3NH*X69WroR~c@u-OjOc(y6E1A-jZvh=^h69KU`8meC5Ah(dKhLP!&NpyUs*c2S|KV_6l5sPw8(+>} z%9ji`y&O4GrkmHtx!;(B-Gk~Y4P(UsBwxvy)&+m_X1vKX$k;T-41kPg4)_lH9{XSg zUNROfzlb1p?=x^V-USF`t;cf2*{67`Ta$ME$5Zuh?*_~iQprmgf?hoElZzf>rMQXi z1lOfv3U`0xJv!;xs2Ms8!3yUlmp3ept~#X;wV=K3d$P_euO#9xU8Pnt>h3`0SXNni zHMf;qLR=2m8cFd6*C2vd3a+WhL5I1w;~o?=hunfgK0Z*VeeiTYKAUh$O5QtjUj>Aj zvHtK^4Bq%(UfKyWKZm1re+H7wpi#J3OB)uDu1+5ZG(^6{-j>QE0xezq|BA1jhAOzP zyK!s$C-#&Bs<#R9Fk>>hpGjH3B0~Pb_pm{5;QslfvQFw(owjTUL{#=|O9Qfh2B?)O z%S_}GfR$Qp&%GZZzRmW&SGTuD<|~FxkjJBGnA@E1QtlApF4%Vv!Kh`a9EfO1KAIT$b589e8zoeS|fINqpzO&neL5^9r| zQM-hFi7qd$;Qo4aqX7Sl&=qV7JD)Tn1`A9q+9^VZeC!b7D!?2%gdqszJHrkQQ0N0j zH2T2YQS@;w(~<0uWXiZGJ3LGPi4J#Bm0eeh4#`eHHx^C|ah1W$fNzzFu0#tbXeSJhAdhTHOt*cQJm(q$eK&eiHQ`c*vg$cacS`0^m3V0xPBXdnm>UuYug)fhYRlY4xB> zfw6RL_yPO?@3OeWSi+;#0~S{g^3?+tZwQ}(ANH_sMF`JPm$TF*M_o=-mz&k)73N|JYDHJFx6{DuvnhpbR`G~ydC(50i*WcpeBvwln}@~ z8uK~`o<1k627|XgIgRUJ!1#2MIq1*Tr2qA)$Z|OanUUYdQ*-zs&)Z4<;1#m5^thPSEyoH1yUS z)nay}S#V&b{aPB}yVcQmHv!0ZKhr>7)B%tO=0<_sequ*JzJ)>wK(2l3U_cIt0^$I9 zy)-}|`$XT}BzzgZky2xPB~p{BF3IY0wYqd(2Lbt_jesQBujEvazm5MlOXjQQ{aeDQ zUJMX6xg+LKQ5D>`BnIgX@{i?tFs#wmx6(!164Lg!Lfdt7h&H2^GtD5`ITsEW`eL;T z9)R`_;Jpq)`0!OapJK!s;1&NkdR?Gy<(|$E|Dmd@-&DirW&DZYV?D1?y(KngN@CyDL!&MlAks1!mgxXgxVPE-F6L#pdM8c{iNRcWq+}r_2`f2 zOdmSL!Iny+<~X>s!Il|D%|{{;vmg;1O<<5%QwIembbH#Avg7nj?-&E%2h&sc1osn@qaTgjYmJ5=$&ZbZ zrC5UpOj?K3^^OEcMA0)d)f)R~xErdo#=aOlAip<;TfmdgvyCu?|B#x|htPm*^`u0i zoMLYLXNZb!5!1&%|08_!6O7OiHtbUC5%zQ9Pkgg zqg>?dB{mH{C=(}kg8woa$5O>hP`cF0>Gnd@iZApC5CyWMf}I-`0=-TglXD^jQ7xz^ zR)AeEywVbQr8LSE<_8hOK(!EIIHhbiGs>qqKfhYb^YKn?<|h2fW#;nfzo-Q{DKp~C z+zF$jW)7BsWiHo#BsbH{E|=o!yn&d4u}@kBqMjKgYJ$85R6Ghi$(@IwX9Xug z1#C<@%%0RCsX)#KG{}D})1+?YzS(uZ&2_)ixd)jmAfMdjs3chw!g&A9YIfsne+d3x z;xb$;#t4D2IYh+i8$BN9ie}p6DAiB*yH+$WJP-CC_)1|D(jBgSF!>Ou2j`~Ue--%% z`oT=w<|Q9d1!;KrBb@~^?5XMGC1)4251*dc#3>iOJ-mMt=X!#M1qn!h{^R{Bbu0G`uKRY$WTjowq!bFNMONC$Ym7?7J5V6Kq`28DuT}7u zN9KztT50RH5>)DxzdG;2g|LvMQCZXpL?r=ME#m7iI^`EH>g9!~XuX7o_-Cw4#e}(G z4RV7Joh@KOAQI$;2%y}s^OTzgUZZd;9;F-!JY-U0igocH?{~@_KZ-Kw{|2uIt=;}| zmsr&W&q7512tNyYH$gs!3mbQE{%JDy*X|Z2@b<2H!-KOP8 z4fJ?E!s8_(ug>6HiN8x?(IIDNlFZRMUM-ZaeQVol=>UKgMtCs=gpKAS^36V@u7Uhv zO!p7z=TP(+si4MT+{&(r973jLbvE*qvP|uc**MBo=0dm}m4OaXP`Cra8Lm}KOn4v( z+4jHN!V$g?%K2wivafF&9EB&c5{L+T$!e=-GUAD-|Z?~{^a_uSjde|#>1NPREC zNPW*`y8Op7+%_)vrf#izT?2lLouHtKN3e*Ce<;4nDKKhpK<|td&wo&ML|Y;8UvrcEvSI-bsunLysI)&PD7Alm?NhYe4C2(gm_X3r@ypOvR9I zA2vX|&X5OiAy6?AvP~A(@t_9I)*JJB@J_ZXxng0Mihe;r_a?VU$aXHO!Gt?EbWbvB zC*v3AA4-Z~U0OF4Va2EWv|_CPr0D`%fyl_4!^w=2q9CVRpMV)RR`!}wy}#fZqxNq8 zTEXRx*BiB5Qp&lNb+Ck<>)@ z8HlRhBQJ<2FkFV62jfKn$t2oO+{yNO;3aTfUKC(5PscW5Ee!feiaok3tpr4>qTvaw>rfu#d=(68+S(L_XF2)H1$?hJZ2?mxqjb zPplq!TuSxkrFxs?XeQA=L@BEezsi|g%d>K%172F8w4r@v)rJmpml5g=dvL4`!s(Q$zQOq2)N31@4U_ZCQQE`U0gdcbR zxEnuWgr(ZkTgpj7D24Rd_}*T4wtGG6QDhLko^>0c=X%y|)VNsueWLrk`Tkf-?&$vg zFcF=NdE2Rm^Keec7T%y0FgKT*0F4~#{XpuK$E|zq>`mTBL@i-cAzCeR*Vtq63ta*N z7~BBPPmH$ZctlXj5{P#gdKY=HqJN>UcKFDX$eNkFFkuvW}bh>hAF zf=Q3HS!;)saUE)hM<*-ou!1mKX+`U`c5ui=1yPGK{|5@<)aQSRf>>~Q`wC+5OOAq= z;x2JI6$H%T{~2BWS9LG_Nt(+-k?@l5;BOxOrVMU+s7s2v{P2c6yzOE5qSe^%>>BS_ zg;`6K|M_o(L*aiabM}O?aqvII)`6$Qk>F(FyeC-@`Bf+fkQXbqpWRLu{`2}*4eGcA0%+Ak+z_XF}FJq!uoVSDs=1x44 zv>#jHIr>7QusDQ!09WFd+GPX>@o()pm6!+os=!#8GiC4klqBZ;o{2>)qma4blI&vZ zvQ9;L-x`anQ{(ljLhGnGg)rO${WYBl!Md0hdd?5YwiCxeSeg~U_m#)O z_Z@)K&rb380k(3GVrhMTlE2%qn$L}zTsp%bBDFTN7H^a513EUfztfzf@bQTSfgi^E z4cuJ?ANq&0jhX?7srek$D83mJhap{%J>vFjlQ>gkQ&9Uo*m414LJ0J+-jSRu^rV3!(uXh9HM8N<+ z+8V>xYpBG5NtmQ+#)8`LjX$e(LA=wtq6y+s_Jy`Y*0b3j8pYyewueS5;R5hf*ZDL< zSmso9l(FKdz=2cznE4%x4R6udiSEJ#`aH_@R3;He-IDXB3O%;NOl&#Sx_B|5(H$h~NGY8)Xs z@bk(xKk;Ln@d_;|#+eFzh~3&pe0mV{84wmAbSf;mC7b`jE&=I7bnn%dA_P&_t-eVc zyCW}h8M|hF6Lp1On5c}M-a|0q#i+4Ub<@}_Lm6%CWCxaFOcfPuci3&EUGZ%DhRkN; z)$8`)0#YkaS5-$(_r>wbkP*b_4y=umNQ90^z3X*!4?(*CK;J3P;n}F?5Z5v+)PMK8 z7oHx z5;gxd?q@UY@~3|Z({>-*4%7A)kjS)=(%5TZT5XdiR&r5X*b65a_DKC0j2|$~Ilj=9 zxeA>OvFfRS;7(ZLCSr=3%S`Kp4sw~mXZYm{T>>NDH_J|=K>?Oi$xG?f!ca2|7D53p zRDqYfbO75~o4$H1>+xTz)}^~lkdUqFYBHx2F;`;42B4!49$0b90BODxpn5~j=zYs2 z#Eb$5XAp<Bd5)#5I)Qasp3^=l5Ok6u8dxQ)9rC43R8UKUKh>C{ zlftJm6OrZF`LU|bp6O!^Rpi=vMWU~=`2+z%`Whr=S1SxZcX38?3H4?{gZ8U<_^1!$J`(f7Tl^g#wz3`k&3EEhe= zmua3ut2Lj%9b&C^@DB9x*BFMxO;059$MFQTO+JfKf?Wa~R1RG_RS~``se&Y=$oZWz zce*!kPt{fQCQsbMgH7aYlC47N!fG%APAXX^zj{^=vr3W+^R~`yD8#8f!}7MwU0Im7 zX?EvO@9M(5wR2KJ6Hs1ZrHWY5(}@A;YBX&`XhS4`40wq5b8l|mk8^*6?_HlV;D(W6 z!dF(GQ+HAy!tFu}sX``BfI=GRz$cHQJ{0;$@U@B*XB!}?)Az{j_U~R2emY|r@cA#{ z88=2Jd*k+3-X=c3J3k0&D-R-n<>G00h1RB4w+szqe!xn@?_f)TvG6I-;P>)u@dLPJ z;e{o_KwQoP3Y5_^D$(C9{tr-t?o5qb2ad}1!amS~pm)&rQ3mWo`yi}>M=nyt~X8VouJe6p~4nA!>J=?a-wF-qmCVJM_K2BN(Va0e7Z#n4Kkmrcm z@XLY^XIB{d0-+^K;I1r+IaJp-AK10u#@sP+?yd^mUsZsY;Yz8>Nzx(+6a3>2RbdH* z;DZn?k!sp#0k{%eje{|G0QFH3RO0tD-1#0YRw}OF-apz{=M13GD zCF1k}j@CpSpr*r&5hU#d_m1R@$%V90*kiQi=KM!TZBeT>N^#0SyTH3-5vBA>UX>6~RWBhE4@m5qu#k)x3SP zZ-{E?4ZtM>G8My2UqGqqXYpv5**j3sx~UKfdJXBDUkE0JphvX}R$$>tMj=Su*IvO; zH`;UPDg!qO0iivqy%1C%60QVws!zrtg=#=sNiADNCKp6d#Gk}=dmyv05XkTivwC)B=Yf?;IP0{=v`LN( zl@#L63u8FvUT?6mi??+xwxP|wmIFt)6)1_cgWd3dbSL~7n^J&{gOxoC@zzK5dm}Hk z3l9m?5AYls2pECLNgnx`BzGw`cTZ&H`H59yM5SoHhAT;7G|<8PLaTR1n`Y<5y7C*jwAwTiJU?`CFf`1 z8iAwakkqhbrJ9?py-3kcik8O8%Rt-jll_;70 zk1Vjpx8}V^oQzA3Kqn>Q1X%5BpVA(H35@ne+sH&QtaR-VRrlLI1&!a~wiB9e}J_uMhZ+47;Wi zPs4_UUZ7GqY%qfR0H;}X6D-6UBN)LC*y)=JTAK><*3W&-o43{oZpOpVz&qs3$-MPO za1{%M3h$61V&pM41Vg{psH2uws4y1S;ofUqgdyabxxd5L8&IA|iuZ|tC$asITD2Aq zLICnGoNo;p`v#qQdZ6Oe$JS>stbFp&c&DCYLvcdzEwnN!!SR6LrhSol$SD?CU_bwy z*pNbX`MtWFsV?U(1d<<9hDDN;bT92lKK?WGgjwn>AE0Z~$Fs3a93k%A z@`<k9^Sn5(+j*o zwf|N>j3Po zvl*2kI#FXLrwq7F3+EpV(*Z+li~Wwvq=9c~jdKN4@lwwffWbHcruM{+xr?z?AL9iw z0AtUBNRZSN+1``>mO>Q6>sz$qI zg>dlAAu#LT;+PdEPr&yj9pIaoQ=MYV8!9?LAG8OTu5widw=<$^URjpW>@2M7zl9}o zy~$Wy$58`HloIAL2l(=M;1L!3?C%=?m*usO|89kX|Ld_fq4nED{O=wb#Xr)+Y5cdv z7M_$!%U0UzI~8Th2wXXbU+q%nH|IH&d0JCuo-|JUbamc^r$Nixv;HXr=(PX@SeQTn zxBN*G3}ZzTPV)ORmk*l#Ch?NDWqP);q5+B8rVsWu?o9ETJv)O%I)e{6YX&IcP-+!H zTxK}9%v8A4uk7k)6NL@*CqG->7lSQF8Fja#ygs11@=8%Z&#?*+tfw^&+p&(Cd6LfS zRA~hFBqP~P=ipa43lLXW8{FUB?+I?~6!{E^G(QP$>>k-=jpOD@C)Lx-);R8IbAG-M z+gntwG`(LOKD2FOwc#ZKpa9DZQb0CXI7|?pAi^HIE6w^aQNz}u+ z7y#%(YMq8kRLc|Spg?eZo{0p)dGE}`=8cpr)Q?oE<5*mjNvg zdI7F+fa`F8HGR0(>WK{=JvU+4XAR`t*D60%7k^K)AO#=fy)*6ONCt9Mb*lV=ea!?c z*-@6Vi=L5o&y!06KI@gf0OV6?d-(@Ypby>*B2BP57O?Uuk}0HGqxa!RN~3NZzFXZD z{R-^wYSf;LJs=>sz;M%@*o#!@``Gd~62 zqVohJ1fp(-#IZbZ0@aSKFV?tyfdidpdZc~!Hy1$oLCw+lKNjI*obcD(9GyC4?;1pP z|4MRWl|P1pvaKmcb~Z6-;@?Q>D9NF@--#w2Tpb&!WD%gI2;k;fCl=Vz3(Xj>npj$L{;wM_-n>F05_Aol|kMD zc_gTxl7(vyscfG@8sHbGwy#yC^~xpgz)DEBW#2synYEs9HxXCAG5;0Czirx32}2Y^ z)^L)9EdnRvyK*o-$s0V7I=58P!vy$#;2j8g4^qzVTSo8-KC8SVC2!B%SFrWj+lVuv z8nLt|d7E~waT7l#^)w(KmzvWVb2z)o>!6ILK~9&YyRR*=^?_Y^F^LMZJWBlu6e9Bv{U zUzpc0rz?`woSq!{8z%-`koo8he~n#7Z6U-7mTzj zkxiiYc13SkO->Ynr$j4cq6ySI_LH@;X_Ss|{BH<6iv=;ML>^n(5czCKCnL7q5 z_T#?~2mkvD)n#N7 z?f)}+DZziu{$Fz__P^R?{~wn=Zkp}3|8e|1;|l0YxGS770B`53*nDZ^Y$6H$fvNN2 z901rhj+9`u8Be9Lq=~YVKhY)>OFTs^a%5==r!DfDt6rcOsEG*se1H(CP0-g?Vb)Hy zp0qcEWYxRtDchkZR1nwFS46{9WCJ^e0grdU)-dA)UWgSCuxiY}1Kz0eR>huh~Vg@i3+Y|pV$BVF9P{sOW zYhNV|e(x;%?!Uha2&IOe0r~@Fbkx{hsdnS&LojPu3FC;wTrmu`51VUiH?nt*`ysxD zI2x8`<2CB^A$7W(K)U`a@|q-yfYJ^x;-{kN@m)!Le=qofxr9P5I~j#AVzUMH+dvyUQcOy2g!Q-A!>psd)Y^1pj7} z{+XnICNPu3-2NaPsH?IC4t`vrEJOKpKvgcO1~~Xta9#FV`;i;Ko)0OjAFJQO?lCm2 zSaeY;2wA=R5ppV6w4PV6s9b^QRru}X*z`m011-r$ods0l^n}_bbjkFl(9)fwU0d)n zH(CJ|;^{$0Bab=iFfU9cnUB=PAXVff3#-Yb!9k1a;@JK6N1fHpTmgW2kQ^4H!Q>CF zV)i03SR&V&tWtRiu8`l9g&I|_h&06kE6EhQ^2XjGvu?VR)$7>zwYncOL{jKR;afmY zD1lk@D6Su)qQ#tki2rX5>Js0N&5tDXV>wV4?FX$8`_U{{P(@zG_e1LKpda1P4>`{= zfNX9xN8xKpf%-o}medf)@-XQP=INL$DI`lk7mJaljHt8*t(+f6mZZe)R0!rZS!N0P zvD#Ly2)E12`0hx(9dzextQ8DT7R-89TrK+OVP2dVFk+pnNJq-QG@&RhS~OZEkl<2G zpJFyF+zVA=u@3QZyPlss2tF!wF&92a8f(y%wQ=~^^H2hLD};g$KKKK`FOe(oAur>B zFOzp9P+K%<2~gDnM8k-`e32BwemLS2S<-M$Wv=58F6tu z0`(1z4-`Cmb-c9&5~m{X%v2Y8+V>>SeZ$ zy#UNEdsKqSHAX{)vU(nkq26c}IWbuQJNvx4I zyF_({U?CpGNdlyU;&?zdV5Thmm8b*HG3CN?eR)CO0)!Y8gy!WPp97>>uIxqrFTpx zfF)md(9_2;V-|iBsMT$cZ`1Zp)%ML5Bx@AQd+&?2y+^mbkJp5@a6!CL9)j7s@D$+K{`xvNN5ufj z9j-`>UzT$a66fR7&S5QlgG%Pc-j<4HOhQRy62#V$-0eo~hX5r+Nhw=O!-G)-iFGZi071{m(F;A zKjHtnf4bfV5E}liu`<8Y@l;7nd|kbZcT*4ycqySKfarf3V3h(S##SnggaUY14yGtW z4pm&Q$H?Ss|GR1&BTJ01`a)JT+v_lk&v<$!qSTV(tpqVi@Dyg^U^gVKI5+nSx+EuS z5tpAE^Lgx#*X*X54tkk;ft>8rwTHuzlk-xoabF{bXv{wu#RL0$88!ET)q`uk2q1u2 zw_A)k1BM6;GoqNc%|AmtD@2g`auzMuYh8@jTm`~OJdhBCAmuO}YCS2RpN{UOBVTu_ zH}8NEyqsXc@y-^vy~s@2CcN$q4a~CNfvwaK`tM7?SHe$YWl5*t2bo-A5d1K6O8W@* z0%nY0UPp+AIY7*@CH(O=erWswP3uImfhi6pi^LYsUoOwO$56*K!co+{jUSPl4+#LL znHl9mB4*4L>dXLJxG1v=?n<T-#?lwAXfyb-OqB+@mWD9ox?gNaMI@u_;Z(ri!Ywf6c7RX}YhgNan5ZZN{QjM&!A zgc_j#I=@Z{PF5Z6tzrj8u$puhDY7agK^Gns%8aTAn ze!xJ_Bzrv}LepXdEN==qY!(vU$|zN|Gd^RDplsEX6i!C){6Mq@yL#PDyv35k8eKb` zPR})EYGkS0Hn3!p{mPp=S|d&I<!Y8csNVOLtgZ2lee)2QO+=; zoLjtGTD)6!alWv2YvoDtReDZ2ZWyX`bZBojJsMSpIq~Bz%5ma&zCGjJSc4G#9N;lq z6eEZJ=F!NN*e{v{`gTn1n7+S!ua=@2H9Q0a2aomQkfjWp)v!iUAFeDK6USR%h7$+L z0Dsu6hk&dR9L_2#O-9CzU><(3|7BQ~P->=_fV(7-P{DntU;+$5^PYAFcI8ovQv*OL zh7$Y3Ah-R;9jZSzTMZ!uj>1H7um$xrF7TnAW;7f2wu6v~tl&6Q5I#n9ON^*Q*Cf78 z!P`}&Xrvn@qym{+(CdXlFGxAi2OD8cLl*o!v+H?gRB(JMpdJ{+F$cf^lCh7#Z&Ikj z^aWD@*#viwq2<80a^83F$CLAorR(z-R08CFL|b9j1Z*k>u6=o1Dy#A7n07I6+4eRV z7()yI+zG*!Qyna90vzGo1T0`~_|C7~OqtG38?OT;n}HIJ?jh$MW%iu}T^q4r3s5f`AN?J`>_Ha-tHKY`*58A<2HSRQW8qtS(>c za8~RRG<()ofOVY=#$uF0eRoe*^~FX_b}@?%Z(B4i)h#Z_a02?X=rJgY^B881$C%2W zC}V%aWMfRmI6G&5z6BqBA|r)3P@gr$ zOCiSSda!*^5E`{c6*X}t&>5JxI>J9QdP10sIAElIPGVmi?FRJ?ecK$*nrve^8)h-P zNjzFN{?f9>yXz3vn1?#rs56;FwChko_%yI|pyddo_A;0{Xf*T)?u8z*p|{wH?rH+k zmTHgE4L1-Ji(ha>gAP^(_>fEOx^h?p9F!A%Qq(*ODtOLQ?EfPy<*JwpqYBUL*WY57 zRe?xNpe4 z@X`&hwdExV00}Qu>A|pr1=O*v)Ln=0(wVvrqE)(Y%&ZEu99B6d&|*}ctn7Vel2OxB z26yotJeM8(&l^C?7YS{#`zP`3+jz^4u=)u6_4o>Y$0EYU#_=sb>>w7A$h|TYfRz3afGW0aMz9*r79EQh_|Dn=L>8PCXhaEB+;$i5u z7o!+o@T{}N+#ws>*VU-u1O^hP8#NQ;rn^yd5^jDk!*c6RFb3^I33V&9O85_Mts=az zbEC}bmwNx$AcZJF>Ex%CH#-p*agwmfw(>ao&ZrB1l9)>HYPx+7DsYX&@GOUK;SA|^ zSz``s^ov2&!{Xe?Gtm-&Y+jtc6P-D{Bgp#2L)H#VJp`s`zdel?xn%(ONwV!GFsfu% zb>IX;KR?D@PVm#fa(zY3#Ok}FZMkJE_pNy1v2vHSEmy&Eub^CTUysU3!F@d|2L$)Q z&Qedf5aKz#?WcqI=}igcy0k5q#&TCBl>00W1=6*TH=tYr%UPZcTiJ6k38{4$5Cp80 z3Vkn)d>}lSfuIXEZ@Gv%fq1MJtE8Xmk5cWw$Wv!{&H?>|ng)MkKrixSY^03nc@}hpjXJaOK?5xHTQa2m%=6F zYpjIB`HfiHa~i!a@#68JEQQ0w39L~-lNKM+Imv6Rde$3iioj3elrJI-IhcRUU5k;U zX=f4kQTV_Gdpr8-UIjk{Wh$xw{HO=m^oAhOk}(m#Qo-{t{hf;*5aC3!2!I55C{LFj zp;QcDl^IYDI{*uCfb;z(B;fyh1wU$;%AgkipaQSLzfrqES`iwcjZ)N(0kJplD;e@@0v`;3s-tRWMC znol7Zn$9u&ST$Mc{BCeTx-s8>1iD+jy8`-z^UdYFTKWoSVHSTghT8|_1bOL3-E@f+ zLEgjSPI7o7Q?lHYwiaR9-*AhO%4)Cy`LEIcA`54>VdWSWiG`ZTq_Y^iwIn4ekOcfV z8B~|556w<|)IeGQ0rt7lPhl?|JAwngO=!4O!3b9iQIWgUCs<-udki5*%%kR7ev1JF ztqFn!8Hmt=DA%X@tOEQW$u(zl3nkhaLPXT+ySLEvjQZ7W$iXEC8K&%2$G$nNYOn20 zIym*I=EL35hz}6U#De8nJavcw?qUN}3cfH!rvhtNehscK6fNoR2! z(pjW3Rv|1euJ*z>8&Z$hql6{r!Ow(;cKCL6B-STsJHPg~i0k}Jx ziBBf8k`4JBpm4O8i4rf79nC7*xbwllO3X-J#qbnK5HP_LS#LMsS3Cp z(T&(_CHst6F%PF#3s;+C_%dVI!1SVt}xlQk4b9&oQ_?53`Y>fn(Yk$+=_ zFKg(6RAZ$tYvh!Wx0B*Vv(Kf6i^L(Tu9KMtQ+ylp(*Y3V7)^OhpAe9Q(&64(>y+Y$*he6na4Nx^>nci2u~cLcj`=aPP`8I73{j2Rsx%@1 zqflf5O4EZv9OtQ?#%MB69w?f0lG$O>1Xy^4FlgFf>{o&{TsW8DHE4AFLaj)M{3-$< zvf#aDGxfXW*>#V`=d3O+eC|X|>yr-G0u5y0w+mT4dnsg52ujdBCeNF|`hYk%BAszC zcT5XR^YTzLm|yEO!57!InHA{HEbP|J*J`?D?i8;z2Xs8G9Bs}Lqa=Ts2Bf&{QUuT4>MO1%QS(T+nj zwF0m1(XIj~LXbipsw5q7fk{q|Q{YZZq1TGAbj%Hm45~;RukQRTQb@pxs`BE)R1c&G zdVnG-_hRI3VhAgoU^s3&S% z>^J;48W<=mRa3GrS8j%2y!ls+uBn||=voj%m)DK1u4ys7s^D)AUAuZl(WUe%&)SRW z)eCzlw6GC1i_{@ze(NggU?#HYQ2SgM*ne1iecpAaqyLg!eO@ko#+lAX9npIY!wB@<)4voINBp3RY3HlDNfuM*-X!RL)8I_0=mw_LXjv_AK2v4{=HOWry z@=mMidAvI?2w~5r2c6@^coO5h>r&~pmW%Rp)>p&Zd{(E@yAErX*Faf1r?6cNwLS?7 z`%>0rO@d`NYEwnejD*l?4~9q4ulO}rRn#1SyiUO|b$H-FIur^QEX+{~h1pkN8Q-MRHguL7}{=i>Ou={=)Bw`dX;g8v-q}=xkRog+-1a5#tcpIVA*a zXMwIny~QXQZ&yjD`S$9#CUmW!EleG14WGxx=$|Mpe?dC762iP;@L=7*!5jv1+vd)N z2M_Z$F5T>BrV?jEUc;b$G!s+5{`j6B&HknHLqN)Z)jEoe% zRwhOVYLj`U95Uc=uJVB**zwqr>Fg3$UYF9olRCcF@_fBicQ16n)jg8tC*0kB0zdZL z!rkR?ftutBAyE77E`8lo5n-RX)g~(7=6>$K(Y2I1xKu&OxZrQ^rzv%+n=cP6c7)3nei>8XxEBI_uO_sN(jd zgRtod0IfYwS6T{f)}F4gHB@zJ__vyO({1~rPB;~_*X9ibW?Ua0lLXvCm){$p(UCmK6iQss;%B# zCir?nEe}R~t`xtG6`sdhZ%rDKJOipwzp7rxl5724?N?^9mGz$aD3WZyH+)B{ef@PG zw%V0x_|y6wejfb~OpaKd`}dy(odade$N?8j$jqH|2T#yEEN<&$g_%t1jS|9Qrj7Xg zW_%|>-9Bf@J!89Ozu(CHU1~664JwrCDX*yBYyCcB2!r%wGuAHl{Hv#(+BYPjZd5M& z&KY80^^zs{e>zb=l%z7A)L9PVTBwIhbgw=C+D%|&S|;r=xfjQv&uwzQR4t*l`mJnX zU%@PpBIyQP6asbC;5I-_Z~+Bsz>>EGD%%CrMZY583-w}c0jfwap@15su>}nE=`Z)# zH$y~P{f_GZsPE2h1Js7)2glSc$uUgb-$wx@Ey+N{^Q;R~^)5^;)R@XqKw10R$JEfa zK%MRasv}JOm=pu*8!VC|rlchW)VVI8PI3Wtqy|cv)PDQ+whz=Bd2KNDx2Fz{sjFN- z4b?y?BP!&3EE40X+vHyH)I7Ogsw}J3?~fe-)vqm3sV<;8!qgj(SBKGOFgOoPWs)X( z9I4pWbNpLKz+rhl`OYQ0eJMMTs+iv_!h7Cj4k{qLqL|IJFFuP2?{>LY!nSExV?cF;=s*1!L-gA?tCxsQjUw8!I~=3_Hn~^SUnloV z^(L5pS9Ac>-LekCQFDT+?k=Fv4jOE$QQrC?2GnmgP}GTv`kqT%Kn-;Pb(#ihAFH+c zHGkVargklEgDL+L2gg)_3#gf3E@DbrQo{Rz9mCXXa<4G8TJD#sm6}$+!5siKd!8F8 z!PL&jV?cF;sVBaVVQPa!p!J$i1yr#Ms5}=?$7`T$g{gqCV4V1K`fZFzH3{&gmUSVpv+%L`AsetO$0ZC8p?hPr?{%>~pk8mMgwsH(5q$JD)+8z{k4e-}_4Ve0e!F`!mTu-ciI5ujfCB!;Qg za<4G;kld?dAHnFKe$_rug9C1$1XBwiJvgRHT|jl!KsB@bihOx4ppJI|)k^~?)BlfR=@w*(>|t- zp6domFm<^LsE(xXR2NVW%bI?@LQ?^CnhU67TtIczK&?_dmE8eQmzi#$1XHg*d~i(N zu`heB&Gx82|dN_cAZ{RhX?{BL8J z`mF{^T2erDbpiFwdofJCFZT>RTK$5N_R;jwd^bdbrfe5P9ii#lZ(OFdU&pX>ng*v_gL9`etFSZQ1-h*T3d>1$iI2i)$lxc7dyi1I5O`Mt5D)%ZD5|Mijr>uVGcL2@{apNfA zo!#{@a5}=ys;^?$*~J+afK#f$xl4nCnUJ&v8XOLyDm6HmiRrh>ZXY}I|KuhXv|N%s z(FIONYUo54IA?2cN;EiWE^u0Q#CYdpxgWzdh5b(K0GyH;Zg7N^U%Thv*tv603_G^~ zW@5*y!MR(SRlM^T7dSICIQanQ&QIIN&QWngIU&}$E^s=+P7fD2Y6FUFtP;sGT;Lqo z9>dP3a?b@}R=*xma8wwRb1R5d4Z2#KBd$nb0F8UQ?B#bK96MECI@s}_M$F_Y%;<;YFh&p{Rzp2g>rBs$w0F*#X)%jac$zEYN1spnvFKKJr@y6ZV)k$7QBbG;C7uZ#=UgfJz5^Gkklxbsa z&+ygJu2;$w^VRKqbv5_0a9$G?D%XLps`zR(H?rtg_0hI2N7^a^{Z{sR}b*j*{)YRqpw1I^_Q<=U)j-D*YMT$J+W7NqOUIEtKYd^?Tfz3<*OUM zjD4j-CG2uPzS{If?3D`b@KqS~1coqnmv8^3x5ufX+Bu8DEI z3dQl|Q~d7Fh~+!qsW2j6E#<4fM`Ev3*psiW=c^w-i@j1|TE3dZS0i1o@}n>g<*U2H zv9G+*SJ`~^1x_in&&k2$!lO8;GP=rpa&&$nE)n?HOsopv{uzV~xxeISwYFLCkwM2X z(`%lrQfJy5hrEd?1!hFU8uP(^tWfz)WWCcstbXiwnQ<}JzGrgnH5O&^530{r%0eRg zTV6gdv8qlhA?3)bT~Kq4nK3b8d~SgoN^j6Xf0)%aqSuN?;}$LcjvH8 zSYG}?oB66YXo9N)%;~9Kb1+sOSB@O8v1VgsA>INs=0dm#*YW7pmdf-2%!TM>n*d4@ zUvqK^%by4uVDw=nck4)<#3AxJ5}R+91!oeCL^)mLT`3~?6F2|>R^LB#D(F%GP3VHZ z9eP|ErN>BP1txl$V8|nH!cLg|cJqS7xJSzQDTIb_#i%3+nYT?hbV6n*^TJN4k+5!p#@`HS6X;Xf_aP_$$Jy*N#|q}U z#r46c{gcKVms`2`k@8y#S%Sb$1!F;$G6yt>%MiheM)(|xwXm$3Nn=BpIRqD`+U6US zXD)L9pUB~%*d0`bReW@NAWfMn2i^lGL4v_?G5W~5 zsptoH$M7eX3OPUR1HXf)UL0kr1b9c$-))ocrj!UM@rIBb#T=b0t5xoycHU5s0|r22 z*rRY^D)-75Pc`G<&|@{v4fa}v>HOi5HM!QXE!KbG+tt+E&d3gY$PZ{^9jlp`j{x3;|)0`=KBv~pdf?6 zV|uX;eCkvomCU07Irc5@b=YxKHx%d^nr-&!#}>C@4@zhRAd;O@?}U4bYwHNeUt%rV zi~b-IxmR8Gs7ojt9JdtiZM;4f`B+Oj1$UQGCQB)krEH~KGQGoQUzmzbK@~Uwg9$H| zu&mYlMQ`H=osAW}j|l8Xn!2ln(0aoISEr1U2UxL!L!6AK-lrJN@>)HQ#dat!7NX?i zfK=o^@xay?!Lv}d!0fxAD748J+E^gT_6uJB(6}E5XEJ*z&8boI0om1LW|&f(I-j45 z!_l&RNNiBdBU60V&}3gIA7o7#&vk>1J3EI4Vu8z;cc6Q#-T@c0Pr-F%Yq|6Uqg7A$ zN1X*!P%mT&wabH(n&5#LE`HW z4s2>v>%GBVU>wm?BEAlfY}-j5;Y;vNzSNH$2T?!^yX_bn>bpd;9EZ6yP^u5BBjTOj z*!N!~q`pgC9y|dw&P3S+eKM3`yx{H%(zl%SEjKP{FnV#zApVr_k5GJ;*Gx556wO-T z%lhs5K)tZ4?jR)!tE4!@5V6HQ-wWnstjNOl1K_XloAUe{pP5t;+ER>Eu*GIlF$w)J zVq`=xI2#VjC?x0~W%g}idX)STR%H{$pH)OvbR*E6e^48Na8@!vEePyG2B8fIl;93q zce3=>{ok|=o>v~bMoPU(-$3q zrhGW`x`^3fUdImz$Av{Wi3Rdujyc*MX^we$-v#D`m-moC!=HdU!@BJn7V5c7C9uAa z3JgfW!Nhd$IP7Ng_E?NK(S^e3ND*9;>%)_raJImbDhj`dvRNp}%06XC%j&rT8w??t zJ-Y`RTaY4jW*!^B$6`ohji8Mr`&$fCi6^HKpCtT8L*aG8ad5-Hx#_wF9z`aaGDALI zsXlHG!uj|bRKiw)M^Ti6fE#gk4i0y#ZJ3q@>|^6aY5K6drfEH;i%_Ct@I_&$(Z|Da zzXpwq%$^tm=(dTT7-r7p*xDICi<4cF4(Y^lW03MGd@ES;g?ewNP~}GMQao|LgxDlu zX1V|)6q|*oBSXE{hL2SsclKY*x)%^^XdB`Sh<48A>z&oQMUrprZT=0qgB`m}?A{&* zY8Xh+K!(@K57o5T?GIT!5+lq>@r5oz{RjpdEAFhv(;DzG?XR(7Le_6 zedaul#eL>q9>Jw32>zeH5>7%fGNn-g4p~319xsyd!Lj6bJTq!}s^xmMLRMUlawx!x zwQZkx&A+g6ulWos*V|%X!CU5>;SCK`XRh(ABbgnx8^=&69YGMl0jXk4wM}4iq)DKU zJVf<2ODU4%w(WvJkm~eSw23zJAAN;JGm<^_!$+G9bpdWenG*_4*>(_ z5qZu2pX$Y}vJFgeMfeT9Ck#9tsK?g}oSk8`KIB1rw@=L0$LjK)y1XqH*yh(NqPgy0 z@5QW?bmE?yD4#r|%0BLty)Rbw_Gnp4%A%&4*xRwux7Rvvr^Mclh`t@I+POfrGgMuM zsLQZpVPESJahvRQ)>DfAv`zWzrL_e3fSFqziUjX#6nz757Ci2MarTc=t9^=I1f>SEVAI79!f8I1;c5o-UX|GcNP^+ zLe8f;gB69AP|~qOj*k1wFe7l>aT3m!*%@AQnUenHq6={9?7zcr!Vqy&qrh}Er3{8b z9~T3yG+IF!Isz^kblCU|7;?awqAZQV07wV%jk9-opx?WAP3)07TaC z9By%Fr)7IKFo+4?7;;nXoTbGy36ROtTzov%V7C4Is4Jzz^*0f`v@TZLH-YBBL)bU&(hHxSRE zC)C;q%ei{Sm7Isi*u;C&E6VMKX8{XprWL&HOdS}tcZrE!sMeQbny?1@V*AVc(sT-g zZ1DtBH%l8xa3QG@io{6)%KE%{4ZG1>Ga!(jZlAuzaplomE;$P<%CVa84fqlA+V6*R zc-R^uanS)9Xq+!QGwrXMRRx*+7R(}ZZ!d^k!HM<;H|%kFtdq}owyw+IRSPGTKbP(+ zW@oSvKj=wwD?z^mV&j3TBB%PLdJDq1O!#)4 z3@ZX8u7ZLC&ia)-jvzXgU<;Gvy=T;}m*QLRY5X`j$8N zV{2ts?;YN~KSn&>z1w&cXh8xeZ&eWlZv=@g)(&V0UkCZeUHH#( z-4d%7$0dN2LtFxl!^( zFwPJ#AgEzEww>VNeG@?!FpqHFb3q0lhrMu}?A^mezx2s~>X1BfabZib2@4jm5_5?o z6dB0v(Zd_MG#$ZugbgGOGwfiV&paO|f2^JH5i@@%vzGVr%ye&Pnc&$xS!0o9_ehFq?8XHAF($ zOLLXfllKkGrVn4jlFK-vL29M#a3b1x*AyI_7qt(@4`aoGdc3OH z=)V-`D-E`^`g;Fmau_j5AhQaUv?S; z-Acp5SQ9$WuBsj}O8zl@JPlLK_ueM0X-=T|2)b+sxLVkz0b#qc-mM-^=w@C>S@QZup(8NgRAjcGm#C)tazur$hi zVJ|@UVe#Ptyb@{wN{?JN#NK*MqzmAJ2*;C@j>VD1@z;!n5_JL@0{k$!iJO?3 zr4A>pD5C1*!2fPa_5 zfi(~+J&~oi0&=)+U}+#h)LupSDAWL7b{il9_Tzcg{?|ETO*Zs`H8~Dr%Qo{n%W21} zcL(?}+yz9M`3Ee%M5nYWX@eAYdDSd0pa^WKAkA+faT(q2@AR_PC@zv=7Eky-mC@Bb6gZ{qI zWQ40nZg6~D@OTcZ11CEJ!&?Zh*=PI960|-O4hR8vx5*ZC!wAdkU6l%RfG*r0u#kbv z=r@D3un9`w=^q>+oe_DJm#WoBy;Gr5c^mRG(Iy%tS*q6saKF~xXMmh%Kp9|M5ofP; ze);@Ve9>`!d0Q%U!qt~xG76KsmtfF!m)a9zPS5a~H)eYC_8Zn+jDO=$$Hos*(D7e^ z+FL8(+r5xQNVpK1DB&bSEjYkfvAiBX^J~Bne$5^}^Stz8X#GXZHsvz|%Td5*E_ehN zKAvx(fnuhmKeH%rk71o7pDhpCHz&4edI-X-^?9T#6;?$<$N{58VI)O zbNVK-4RQdD2=#6X|4wi}P-$2Dp(e#SHi~mx4nya3R&^!3U+dOplmOQ}_+=v3ke|Rc z7^vGBFSW}xtQ_8};+h9G3fG(!xCGTGodCOO zzq0-yly$%iXNa0sWS|voK*vDo=RbES4L^XES=nKwA5L9+a7wS zV^|$=G3e{urFVwGG*bnVqtwbPc+SR(XR~^PZp^TsO9h^9{|dCHqJv&_!I{XsPM5;{ zC_Ls+1c^sv`mkunXI%;9{)$mo1-2+YaTnEYdGU!mi}r3S!fKA9#*b2p`>z{irSu*K z?PC-L8`6tf*ErP`GtqiIIm;|dgbTpDqB3qwpF=mOg_)zKnb8xGD}lU@?u8rvan9SkC$ zsembBdMn9O7~?uQ?h;6?M_*{6V9OTj?IsS_U9(onu%|d!rkHS z6a~5e{$`RbR0`$b*7QE}LU>)5V{)Z=&P6_GF~N8d=J`n3bo=4KT>k;JT(i+(IQn#? zXpH9)yQ;KLcme#M;?SDNBM$q7r;!L+ImtwF&Bo}@aVRaSu~wa~IWP+ho(`Zz$eyYd z4~{w@p6?G4mY%BiRR767b2w(|M$+`nm_E$xR*3GfnPGXG3UI_s6rSyH$^g&*Bko(^ zqbjcd6G(7@;06I36mXGPlNN0d(8Qu95bRyp*q~^mQjNuGtXNY?0ByvDO-Rep`tyeGrSgc8qv_ zr;U}%3ib53T%h!RR~C(0zI5>WpgvX1&r}@Xc2)N7W8h>wh=6lk@G{xo*s9_KVLAyo z9Fy%Mez}xa#0Pi<8XIxpuA5QCu1Rbz%Z>wOPH*_~@D+&*M zg6u%u!_5_8IWZzRE`Xg|MG5b8dMknTcRk~Gh|LTT^BL1h87H3wl8qy}ZoE=~m$dZ8zdKnhjLcwHQ9 z6MV^7&6@X0&3Zpou-sBU<7iM^*1$bXqcle$;|Bzrpn$Nk;MkEMjW&c~uxpFgfH+#~ z0%FU%VwD)qqHx=RHw$YIS7EnBy?H+KaFdBA7`yrPa`DsI5AgHlcGN=}D+kBlGDX*Foj zy3h{viCS;rMrhKgM3EQxpumuTyYU(&_H5SiN@|u_X$&yDE7az#h`Yh~6XSzT<8mY@ zm^Iy7KMvfCJ2;T1kgw5>umS|AmL0OwpMC+B3eo3>qz~9HPM0u9u4|loHm1O!Sh3j` zyuk&Zp&sI+g&!dIcL-AJ=KerUo3krOL?Squ?(Ji@V_UJQQa`tV)r>3c12OmEdk8`g z4oT#?xy~<@5q(f9`&gfI?3*OcEp%K;Ck>{%oaO!t&${?d_*>M?6|sLJaIR z&&2r}K6-W#NIlmlX@L{6?DT!BmOzLRh76yd9R*Yye4j3O$^XpH-$VKD%(dlu~Gn^jZBNjJ)di+&LO#Jk? z;?m{I*d9{k-;S_GVn@ADG5$t@25dyE3kkr&(HQ?oD#9#sbiTy+--3mDj?JhTe;$aM z!+4$4!r1v;C=egxFPfci&Wxrus_9+%v2K`UVE*9|~g`G24yNn)*Le5v5BK<2yOfsh!Y6WysuuD%P z15hVg?O8p#DE!ueEh8|SS-Yd!QyhLj(gr2xT`_Md>OnR`3oi6wg$L)Y<*#e-VOsU& z>!b*9Dq(cX{<#nj=46D$j7ENz@J2GchH?A~71n(N-M^*9E(Ht-qtI2u9S)P0-3}Ac za?8z%voe{*@Qwh)7(QLzKjH}p8wnKRl7kA<+`m*s8IcxOqYK9w0(&{w^||_VEIRmw7jlw8rlACx z`s>7fVWdb$@pTP(EF#<&H^~vxR79unz-}PVU0suJ65vTW9hk``Sa!4idvm6Q(ndML)qgkyq1$6x}e${$X@y05R6@C~)Mk?`u zY|p~d1O;X~qQv`b8r7rX8tzib;VKGiY=W1CHIs>w8M!Q>AemX89}zz%qBatB; zZfb*_{iU(9W|W*@Z`;)PSQ4n_?P(x1u(v^8VQ=LMge>B7Sb3}W$vwS1yjZFqG7XNS zBPqcl*aJ*$qK0}9)2P1z#bcwd*o-2l7A+K!4arK)O_{kV=Z%|>KcqUOwh;k`I7JZT zn|W*5lQr&74gdie(D0`3ye9O2m+F5j3>)GDOZjnE{s#K*E*hcQg^SC^jepBQ#uK8@ z8(dUj53-)5qk7+7JkSE)z;{vMUc{f*1>5i!oeVNUEw|1hehhcP8N2NMJMaPb^-RB^ z;ckpR)_d!IMN z*BC6QUnodXB^VuDgcp7%twjJ5=|VocfZ|TX8WwT{i->6o@&*7(?JzB+)JrNPtU=Kg zQu>y$a2O*B=yP-zL1Z^gXl0nUR_z;y2Ba7GRF)$G z^)MVUQKG;J^-!-n_GC1QEkhY-<3HZZY65-lGruQk6G>Ec=J6hf9|WCYke?oEGE15OB{NQBe`0nr;Bs~9-DQ4VU24WBDrclThg z6^wsTFO81}b>|YzGLEW(Ku6?8X`2z|aE1^DUyv|+9wij`y|uAB)W%`e z=X#LMOHs=qR+nfau6Q^BtA)NVidBk2O!0c$^94%jo*I-#ZV}TM9Vb-%m~zyNo+AB9 zE?~+Qd0ftmJ$B}wsMJ0JnFHstWoXPYs9mf@`8|s{ zV}8Mys&~b>;|qiBIPrV}e#HRf3{TOgjcMN6F?h7A5Dvxiy4Mhkm2bwqh|G^et=O+Q z?ZrvXxYdZV9fJUSuWGM7Ta~=&g9uYXiyW&>4$k>IWa3$jh;i2FF-RW6lVyJw>)J7$ zQTHI9Fa*noM2`WR|M(~8;2EYWUGGu@jZ_Q-1@IP9lHZDRSB8Y~|2sS!4(VTb>0NPx zGqX*O|EOo4#0zW-kH=I8qDj=D&r++;MKZ-T2iDk;m%_^T;9r(h<(FHgODuP1D<;%t;#mYt6*FNjO zJ66+Y=UKx)vr_kp)LOZRsq8YT9dN!{{1R0kf2&}rN{Z-c3}5D;XJhaK)~}NvLP%#{ z36B8`&~M)U2`R0wjM^;IIJjH^ErHATaKWiO&rqMkp{Wp9a8t<}P&*A%EUXwX#8rw# zQjx4qKLLAn{)zk1iNevd)a6EXsZf`z)a5dDnf^~O{jpHt@!n9pKP3ErJNwmf4~AOd zDzH%=Y3|lz2{`G^tsiPeki8(VQ}SdaQP488$WEIFd|~i71BNiP)+d9+961LrwYoo< zB;hSElP@TWmUn-9g7oXLj{x+gz-AQatF5?rQM2;jE~TF_Z_i4?4*zXAua3ULPEt4U zA8qC?xl{LU-2L9T`?k3IsCxz-(}>?yUixCCDZ$C!=iW{6&VLThnfJN(akpIDH1QN@ zkDT-&W0afV&itiPh9Z$j{OQ+2-ehFEm&U(=(&<;B-;j4a1co=6ym8NYNCirLM0yq_ zEr$#Xhpsj|hyu|W9h{$Wo_0_=)^gz29mA~<>GBxwV^#ZEsg{Gk6opLQp$*QHII@)$ zLiUicEVk$jTDh|f4Ku>}DtHY(dEG+lI+7KnV~X-U;CzC(NIoF(@o=Ah5a5^U2f$z= zd<^bzcsdP!7Z!Xt&rsQ6unv`ct_*lT72u*%_`##|Cdq6zV>^z#Vc zGETvhzA0X964@3qJ&cCCfwiI5pj_#Dq0@;NQ*(sW zHEp2RUa%v5a5k)0KgN}>+E;gkp1 zEzh!XrB%eK7L26A7DZ#I(~)(r0=z7MQu!TPJbaVFn|$6};7sj<2))H9^WWAY}?j$ftP zg+T(6AAr0y;2RcQBv)A*6h-$Z$D6`L(twhJCU0m3%3)ygLo|%jHwDY4=mLb13FzcA(o3=Xe=mJ4r7Dabx{524_p11h*}!;oxu(mgbk z(K^M*!Dzzcw8E3{#GKzr=&wvfFx5dOh9}`^ImR`qr<|=N;8Pf+Cg0 zcyO@(KH`D)CeV3QFcw&`-jl?N>Pr}Uw?=PKXeqpcLWKl2FS15hYCI2NO!GT_Ah5~n zJWR0d6C`1i(y<56vH{4uy_jm!mpLV~HwB!jeLY3BJunN?7gI@?$amj{P?5^%nurzjbsJE!h+e^Ez{v?T{GlHZh^BX08Fcw79Sw@2@i<)> z6A6~#Yo>vI8yMkvEVWFCE3&~Q=mTnGbs4(4fHSQx5|0CYY3R5UV{ySt)j6_<2^Qn` zDzdYR!YAVIM7w7(`c%h5lkMI`;XaYKd8g7P@Qruzn(DrR@H_r6wmsO_3cJm%DE#4% zTXz>hCwps8BMev&89;M!aNI?lpj#McO1F}5^zGvmE1CQVEK4~SJCl@zTd>=T9I=HC zR(%vHCEZ{wgX|VuhzefK@l}*lP#1#2p|kISc*z6hBQGF0;STnS-Z)NO`l?Hsy8QQ8 zdH1Qhw7&~w@|-c1VlP=e##x9fu2IiP>&0LYsSXO7XJV=c!81E;K0UrX$mh&KcEceam_Y*tL&UiAMF+V&6sa&SA zaq*R*&a18H_@Xvj0#0(C&N2-6VB!mjJm|lCUZMZw3SDIhal=FdRgO00m$4tP+xMOj>MyJX# zZpjmHGobpTJ$07E^|UP7Q&Ige0@0rS`wY`l?b!fR@GISt==Xvo^fZe-Z2)Ba$DY!1 zckJoYeLMD)U$JvwckL#dZr{f@fM%&&O_r&i3xZEG2fyRfxGp>Weo!$Q-z4<*SBp(= z4N1YaLQ*b#1FUVRCeb4FHgGyahhIY=bSAX(fIg>4rIA{A7Vz=jBg{9AuJQvat_{c~ zo()=Y6l6sWiypM%Ss54|oCkfd3SSL2l6sa!)=*raX5nxs`h1?ZC$Sun-hS-Zs!N)TNxRrzq|M+^VT%Q(K z8WCBRMuHtzWQ6vk!{hBCAsl;#;5^?@TIPfyHHr;6v_Z4z*f1-+zghsfj zRv=Zft;C+%=JDG#ZPLqG;jN*<3x@wN~!K*kHlbVBi-A6BbbM-M8j2@fW z>QETUtnfIU6gFF2B#BG1b#k#Z6S)eeB+90sdMO)$(ic57Z!Oi=n(+E!5RsT>ye!m+ zo8oZV3!R`@l{w%IEkT)Z+F$f%?Tx6J?;`(%--xVjRujatJ?;flb#cM^nWLh)g&5!M z!uxQ0py0Kcmtru!vS59ock%kdS}ceC11c%l8hHShQSGgJFfyKVgQ7@h(7U!rEKaSu z+^R0K)a6EXnX?0CXf&e33Hn^(Tc?7P6Zgv^FV2CNh%Fl67;F=SmBPP(O#)H(@)_G% zapxsCB58w*f^CRn{v1EUUVB3CrUefo=`f6Eum*;8YcQ;9;-}6K{1&j0L5{enm@in!Qi!b}A(Ml-_+mFki{X$z+ru=AA>0HgbOGwe!jrq0rv4o`Tm1na zW|`?z%r0gwWYsAw?32PLNZ~XT-o?Ucsptpb=GGHH_%SmS!bwESo&jAI!d@<@sb}?> zDywn?3Np9GR}|Xi!M7f7t>o6(=`UU1`M1o)RKvRTWt|qW!iZBldSer)dpzBS*=o`Q z=^$kwXx`FGJKZ-zI--?5g7lVbA<}A#biQI;u=`L%-2&84?Hf#Jx}<9 zP>6j~8eQB+nHZC>KdT90UrcxZo7>u37qLpuy23fB8bvYuIK|mI{~%ipE|q=jF8^Sm ziW!pN-e;7x=CQh&?mck6*^&ST7myASBLWX{B#3T6cY?hZ%`xnykf>+#+!&f!XHAD4W;M^D;v7;S_96S9R(!@+3 zFT_>T@t%qP%nqH{e&2N2=dW=~E1xIOjK zSs#IrPNRAS1bTl_p`HHgMMT#{d1w&%#FN4O6HplYaDrEqQh9t8QoC6xKMYR@M6Ra3 z3}etFI%n@4Bokh>uEmtp8CH0Ve(@$=u-j+I+sH8a3W&M${SJu1=R>Fl;FF#Y8l{F2PCDc=vJSEsW#X3OoVKzm3x^-C$ZmJ(%J{J*_WWVfa1(8*~HDxswD+ zN+}RgF6(mXPE<-iP^?@P8=;HgcPdsIMftpM;^!|wAF2|D^{9P6bQHsuMymK8lv<{U z28Pg6zwl8>J$fTSUJd0E%IXXXmkUNig-iKM8%AF5DrKp8^{7RU_y|GT!fj6Q!jP8q-DA6U*3PlhC z19jpN0Pb3$nSr7^=nhJC_18$FLWpy6g{U8&k}&d~IKOG3!g*HfW_MQm8wg~(w`~S~ zc7svGRLP$t{EVWEhW1oY=a*CGmlM{?1pJfe{&(uJF#= zz6*?DxwEWew4Ah!_RwNS;!?v|Jvb>1`(zk3Tu{rJ*>q@ag-m1ULgdy5Y?v<0@>3$5 z^cSu<4;(~s6s(D2hL1y2=W|Cj#ErJ{sHyTPZ(v}(#<_7JVAxDSQY+)btFeJ=WQs^5 z>7{hM#0m8<&K-*82@TYd7ywk)y52o?6Y%<^;5CL%*sr}R{(m`Hb(Jv#?tUS?oQSY=rhSa zARH^kXJy0<2z{ZC_yO&axW1X?JS-AbnF!wg?($-QM_kkFXG(S4!T>*s3N7QE4+U%2 zO^|{)ESLu?izhlJM5*g}Q4vOvSjrc3s0M;8<)m-)nYoszj=A=G3hNpd#FgOaSN+5- zTlN~zj~$#k@#ojG&d?q-G6OUNKch{}XY3mgMp0Rx{gx!$ApN!K2gX7GlqIX#3*v#@ z1r>okaSDVY`g0#ksD849``q)YcVIS=MNzb}R)(#I)|Sd_H!wwtN7ZZEaGaWqN7KcQ zU%5@MqMJh!-L;qb4aii8`tb1@^K5~-G~9*gAuAOEp|3j1)}{PYEdyUU#24tuKWHEi z+6j%I_cEB>cl{?xl-NM`VGaOMf#6>HE$AyLGkEei1~aXxdAE&P&oV4Kx+5a|^g zt<)APOxiI4Z|0wk?F2HV0)PkVn2%8%!)uZtVWHZ%dfne25_Pux6(EG6+E{m9h9jD3 zd`bQslSlg7m!ofa>{|}|mczb*Owqm-B5dq~9OQ6g#7<6ZAnc-OBsT;+@0K6|fm4~j z)-CREfYW+s94sB%pWS`?n8)5Y8(B4ysx}jlTn<9OVJF72tnRS6X=%!A83QYk)pksFH6EBcoTK^bsZmnI(+X#H|c6WE1U?B7o zFz{J|?dw1v?*iG|sWToy4>;=Qp&rtcEw@&BLv=*MiZO$c4HcYuVxf1%I)H3Z5*V5g zj#WLea<^Jo?Q#H1bJ`#YTV=N(a8vGf%}^Yb6)hLML6HWseNqu5B94}*)?&A$epDY< zzq{msbn?NC=wvR+M7gkgdAJ(vczHRBR%z=> zmIQO64@x3nCtP3Y4iSbtj91FYgZbdW!Zof3P_-^lASLnNLUyB57>IBnTVN;y=gj`T za)a%;m~c8D(98nU0vbj}!1XnNhS+?=IKs3hEBqwslYH+AD-$Qs5qf2AZM|O$wk`fEo z@Hs2~nZoBo*>+u~!+W3+ow0JjzCQ1YLW`KrBm*+b#xE^lJI&>Cm2|J}<*YKcik7Ga&v$?GO6TzG`D=IZ{G==VbcDw=niXx-$Gb`bqP#N$wnET=IDqEF zA?R`fMBY~n9-~*xpRa;)@5Y~BPV|JK8R5^blzZ~GGw8&X$|sK7>i^u*_mum9`G(rQ ztk#SNY^#ic;!W=|=-bJLtDo%M1`B-y9Ogm2E7+c_3Ko@S2FVhaGRu=>qcJmqB`NG? zS%jJC1Hc`z8s$0E50Mp}AE4$FCmP<9`wIyo(E)@QTNLBcs0R(yL$%4MjLuT#)5Z>Svi#WkSKk7CLPB#O~T#`oHvnM0YXq)n@2r+^@! z$Vva#wZxPdCo@D6jK#)C6(m5ArAfeU@PT3tQjFFI4~z7JVl{#shojj-*`vbIo+p!W zv`lK&Q4$C;bjI2_Yuu++0~bg1XIy^VVShaIs}e7Wl0ES#S<2slpYr$~0VO8BD5IFg zy5j@8#Sdx$zmUvmEH4QkXfuVvS$JfgdFzQI;Ul)M+|nkXga@W5(Ure3{&0%38`OCG zIgcQvO?vyNn(A`&6{M8;Q$!zYr?MP6&ygPos6u12(n)r#y4=Ui#yq~qMlg4r$PW;j zlpmaQ-@R%i>)!hlHGYLK)JiUktQ=y#2hJ-x(2D3HlHyI$u-UZW>1-hfrZXD^UFu8D zLN^QGx*WEIk@uL~WO>f15zYY8ZSMT(F$(Y?en1GvfFACYbeNiyp37JRy;8ldB73jW z)5mbKSU=~G>2_g>??Oo`VoEGrA`Ew#M9bbY@f4zM`7C)h}mtKyD7}Ryig;+FPO$1?QLWt7vxa| zqTU|Iz6H%FWO{3BQG(zE<*L}f1T)?B*Q66>jpE!!3-K~Fq6rLdl%*4C*(JG6k{>NV zyEi^;;-A0;tK+x_AgfMeUv6w0aA!LgIPoktKJ4d1xFxb1*LWCmfDwUV2Y5sp+2B90 z&5yW3$#9V!^5i60eTd*T(dHiaTh(}0>pUccTXi^TVHtD-nMR=n4Pp5Q0%t9e9ee=^ zTFEX0S-S|Ulir@GLs0-<@WqPRKkS2cHHRKBitfglTLJ3TT*JpvH}IpnXEe51bFIY- zRADQIciBm{X4uqZp>sbSvT~$`0rMnYZ$&_j9}+9V>)Y`|7rc%{ve*I_a=A!v>WAd- zrD(XMVE62c1AvMh#DllqVeLQ$e;~87)MO_O+tG5gS49jk_2x+|80m`FBVIrq0GCNu zQP)<~0fav0?HZvo3_@?di3r8OEP!#(Q6W@n*UBJ@7triJ_5l3WC|3oIL4n%)1xQrP z0ClefX`xoPisW5VtFxiu zRK69r+o>PG${>eJ0TX3T_=@MFg)uOLOe=YJry{UK>`F0orIE$a6~%^&vze;FYAm_d zMl(6~vfRA2ZMcB5jrSMj=+llh1kg%KwJ7l{1~oxmpW9YRn@g3BaiI`kmu`KfTw@lh z5zmoR;4Bl=26?G00yAUkWheh!5l>RW67kdtW#Lz&F&(Icg(@$J+QH!MrP&w9@b;3o zp34wA!Q0p3@Kyz`9I~ftyr~>jE#}mTTLr50tbUy$Mbxe!g-dnczcCpp@-;{zeFJYa zvNkQ=5k_i=6wO_cU&_4L$C0-W@OOoz$nWvsPWn&=))UlaoVtuvmlysn?@m=uK6QC^ zCET2Bd`br=!N1Y#o$e=3bg|wEAnhWYlx2Y7$~~|zc088V|6 z!hnZ^{4olj@jtcCjo*z-7($5th4NV{-)ZFovM=MaD6v=&mu3}x@Zpt!o+CF<@iNA# zphV`o&+zzbV4{#xVW}|=*r$!(Kn7Dp1{W(@L#;07?`9Q_MwuGLyaGGp9$W$X6>B#& zMn4(9{6jw76O@`~01X(zAluChVQ^E4S5&3buVmwTETej+9d~ISZz{-tE2Soh0hkdB zDIXiKfby}iP$nOi>Q6dD3;;-W=I`eL;2n|ED76^7X>2}wGjDAW@7B2c{tP_)N8`b` z>@j>e(fkj=Zx{Pd0H89|ro2mYQ(*0<I79c>TISYK2kI?E2lI+gO7r2%j{OM=4oK-og{3%{4$Qvb^4u> zQ=HOzws%GU@RrbfUhEL@#*Ir5b{uznBXaS>%{bUlP8=-S@^0{;Z}5(y;oFLPzgE~V z?s&grrSjO=P}{LJjS|s{;XlTY9b#1F)Cjdp2_6KZ3^7U*tbpL4b0W-`Nt9DFwn7ua zx%wC}+*_w0(G8B?8*~4`SV9FrA98p!@EJ9IW@1Gdq8opt27fth1`aJJB)D%jp3n*# z_!a4Z(Y^^{XypL!LB+dB7e#yI5d;A+|0QGyM~k{wJ#{30T&Cx9>21y1vz1lBKWgFC z(O1Y%8=r}w{wxP>Qu;w<4fAA~E!O&VL`v)Ne5=?CQ_r7~4dr9_3o`oR4(6-qFCf?8 z&Zl?-ZMamLeL6cR*9W3zcNd>!Q!oZsW%vcOqW>Pe5c$ZI8z3x;+EhWsu#Ooh!1x2x zX0=5P$9F1`lY>2s?>O;+`btfGW#*=wH*V8&N)bSJi{wzbGiQ>EC}lbNf)m*VtfOFy z4fuqE=2|9?zJMZlbBhOiuUE^Cm`m}4ER>*+)X2BSn}ns^CC?N>QRE_o=#_h(_{tJ^ z46rNgTo{90y6t2XsJF#xC~M1jN$WZY04iO{O40j9TqDyVX!H>7la@>>ixExiZt#H8 z@+co}oqP}0D5+r0A>bW{^8ijOBw0Jf!ELP z)dR1{BuYLMSqqz(w{|NofMuad4(1TgEqPlUob%P?wYTJH>*El_5MC$yH?ESu5O4?i zQ?z+hbr$j`o$gZ1ja}VjmAYqlBbF2?-`VW>H8MNb}f1LUy741uJ4oIr4bx>*Ya%QP4d5mZXW`O_V12 zJQcG&+KS}1kb4#R^+FBMK`=CLEfKedO0W?({KtEiXP>u z=yZ9aNs8GICu+Z$=?r=`utw<1Ag`d8T!DFMfo@qxU8VU})5VaGE@>Raj*c$fC@zoA zv=W-k;Uv@i%i@UoivvXoE4u7bCV!Zeotc5?g)^;(64M20$idlS3Uwd+>*f1 z3G~qU$c)Q;F@EkI@03fjI`AH2_0I5)YD!U7$X8}=%6a3Cdnyj+$-FGs(|l@pSBo|9Rs77yib-A^6*|tZV#f|MLK72mafNPId4V^Q09+Sh9OtOuL>ZZ8C<#D)IXRXPa zvZy6nsB8sTVHewG)|=Ds(1m&g0XGi9qZ~bV%=gXE0be&rX_|8=@1Q(jK9bIKBOZ7% zlsdA7V-&A*D#aT!Gn?M0JGh9&xwU;y{Ok>J?$;mQi;bPq=qEMft=}Fqil;~|d>Ib` z=OP>ebI2PiW&Nzx((iJQ9v>6$0Nk zmvgqs^xAY-^_7k;VK6$lfH3BZ4rTZZnIpTQkPY~g?Ri!`Gy_hUpn7*C~Aa! z2<6~!2=(D_$kpupgnq9?tBPar(5N3UL@<66M-<*UmP(z#pI>zle&!{Zb8{=;y9+VNmU3FBV9B2F{R76{f)eLmDpl*js;^e78!EIPt?X@|`Y$!Mb$M$xwlLtyW?qaQCOLs{p;i z2BSy0&GfV7IXa_g4R5CQ5f*U9Kvh4j?y)12_m1BK3CL~gnK~}pTX#P(0xS!QImI4~ zY4sSWp!v3MvJ!>wn(T^oY2U^c0jn|T_om4b487OGO5Gp1joQu`FJXwd`Ukpz zm12?$6=0%;hn5XEhD4}BpamI?Fo7Gq3z#Df6D1c z5(W?6`ZCnQnMR?Mw#o>Gd_!mfmV`}bB%~0_SJ)v%P_qU|RT{+$&{;@yRz`85`WfCB z2ycj_G9rP>%E@wz$U08?;Ezdl>h{=Z2liN|f8ZvlGxI*Um;?vWqO-j6H3(ncb<+l= zf*#K3l1VuM>EfzjA&xHu(PKD1hb#b8wGlevcqD)56vr>qmOaOdAXu|r!dy_G;+>4*rdH+n@ z`v%1jdZ3gdwP}~d!<|ewD5kR76M6EX%b7p{J>T?h8XYi+z}gvJi21FfSOF}ZfmRme z2>hCr35o2T5B^p=-9jrR;jyxnL1E z5hYFrq)v&EKfIYU+(uqETI7nTyl$F3hulkcA-d}8Sc{fZO1$EufjyPHnqaHD2n$x? z6%e_fm9lsgK^^GK{ei-p0@$QxD%Zt=Ex~Hq^LNr`{Hs$|V{Dg%A>n-PSrxZBwqO=jPGUG_0HZ4sQ6gsCAlRFk`O}avDWT}WKIS6>uB0A=u zUEz&ft?|}gs!~~y<;A_@47|XK5>?$}!`p@dJ4Yefm!$|~cwHj$H3`t0Oc<`=GjIM2 zmp;~^04%O%l*ncs)Q7XDRlZZ4nqcMqEZaij!aX2kDF&;e#UGvRoquc(ymD>)>qQDYt91K&c@!cO2?Ch>$wzx z^A?SA)h`$_hVDl#L`9sN_Bz&Vun|Ee6rsets5NLfeKPtmp1jIKVr=t1)}c>7LAM)Q zO}9-w#+0+i=r&>pu6=>RBD$TF?W1~(K1Ies4BeCes^UxP@|(5t)K5L#qn_?mmo{~o zr!KqIWv05!P?x`{%d6^g?Y(gJPsTiUd_INDfBuK8(_wu|DJD#Nco*Kvm+%0vMRNb( zA^4))!r8k5P8wFb1`qwzTUR2VH^SqL>VeQMc%02LA4>$lW1g9GFhzZEkW;k0b`Y@3Hw zf)Y6G=T1;Gn?F{Eqd%&RZ}=kAcBQxWI;ucC<;j%hIYN0ZOQJj2f+u>iBj~yg5);(y zb<+83=uc8|Dv>j!NAU2i-a2lLh^+@wM}3NYTyPHeI-ENA;zaL?#>q~N)xz@%9qvQP zZB)*f=vXa9!GpbL&$i~Zr@Z^`^qSYuzMePrF7QjkXJg;vJWLmc+EV8pqu()tQ$K=j z1G#0|dO#C&zK)FZl)%s&9JUce(@-8rJ41eT;Tp8ox`<7NKf}o~vAQr&uRuu|u~(X# zIlR$zfFq)HfNEAN;?}re7B140s6+*2=DTupbM#d@rBGvAM{S6_NVWLoDsx|J5+N#6 zmnrJ|Dvq}GOmZF-pVEff3~2|b!=%pOyMeOTVS_uw zr*!=G0}Ai|ef$>K$uijSnVTHB0fJrJ5Zf4w#xlX;CLf&cW4CMXPrxrH!DW9CAgx(y zHtttK?Dn1aXdz&L5@NS=zC)A1^k#hBz^_3BADx+?JiyO0-e+>`R?Jk#*e$pH@`ip0 zK23_PFl_2+g;qxdFa4tve_OLfJmIWER_0w?D+R)SIT7eo3vq#%zoSj&L~&i|g&eXv%@ z0w;-#N{>ap*5=v(C5OM8HlsiO9URypSlfnbh)5ZF02ql9CIwy@pk+D!<2}oo`)J@c z=^MB9d1a5)rI)&R7eNvZ#e%iT^Z8nT^g;t)f&S>8zlk`_-!at^$KT!P4)@*!-iA8w zR(CwRy;I$>OaL$;1|4Dp8iV}ZObEYy2QbFN#Z18QYAd?mWOP3L3*ieqV^H9U*REe; zGOZMliySKjlv@D<+n#qsqg=P2;?`|kNmlsXg^b_hgwAY)6>39RUaL#?TW zognhHD+@O9u#+^snTUL*xEseSZ6&4xhKqAx(4&Ro*eMqeWfM`vuPaP7mF8xS+&Jku z`KTXm31+vLbBeoif^{EW^8qF-#=(_T*NU~0*)joCsTvXVZyf~Bt4U(xR%r3q%2N+;q zB^gfofwKsF2Z1nX1P{cNn+Sx^KRi$cHOcYaYB|##Lj)N%2j+u)P7Ks5TOiL=SFw-;w_X5hO;ACWiE16GL8t|ND1I z49~f7#PDeimdyVjYZ`RQ|G;37y#@w7QTfBek;yBwV zOrtB!I;@ysoebE*pCP5{zvv>z_DG*PxIMFAwPHLEBWYD zembH$PNHCzKCk^ae^b{ov{WQW$q=;?|9xruaZ2s~z<&5n=@R7^7sR2wOZ!nFeRI;! z(zq{+H@+eeN;(4cC8kma^fDyTpI_E~G`-fT9Q?2C$NlsFC-!4N-!6&Kd{!JWy0RbB z3%cR|IBx&a_G1!uK4J8rGvA5i7M|$JkNP6^BX?d`_Cufl<8r#J>+^s10wTInwUshk zr}xw6_CE+r+;M^YsHgC_O8yznHHB5seiuK5d*dPJX43p-xf`)EP)AQR5`6T&l^ZZ< z#wL;xo>5fg&`i7OXDSjxl(Y++g`;LMeZbE~wND(?*xKI;t;@37*Oc%`pzwh}I3mLw zo}^qFVBXw+;d}(_OR$uE7^k$@t&+MA<{n!DHyt~BN4(Aslwh=F!E5M)-~P6r=^P9G zf`=0OA`jox{t`v}1#QSI;6xa#l#6P3PM2PmY<4{`3x2RU3X?+`S<1OC)gS&Wkh|U= zZr2k%{^4z$V%mk*{#0xT|5xvw596LQuz_$*9~`qd4mk^}#BVFM&w1=@?yKHj-8&FY z>l5kAcr6Aj)CQc$ouI3oZLISlX|m$L$A=u@wea2?jX5H6p4{#cSv#&jkfCE!%ZTv$-r zPliKPdjxm@N`RRZ%sv5?3nPCeTpD~}+8=(!^enPd&+L(0SPkQ?Wu(Z@&Ea0f4OeXi zaxoy;84Z$cWx#3|N(WNcAohRTY?&1&P3&_{Enq|~tq&+M5`D&z!g}TrlunLZHM2o| zgb~Xv<1?l}DoCty&=G?GWbwGu&r(E!+Bcpc3bp=*>x+W&jh;7jhFY(7ifY#Cb9apH zfNGoz6gTZ?s?#`=)zRTsBl%<|C;d@#-e2f61&;@NnSb}j?}JAM74j11CeB~am+fB1 zTH#FW+W{tMBZN>|>^=UIdtzAbG3HLhf*JO)?+h|td!`C9F2$Fvj}ZYRQ)C6_*HI}e z=RebcxsMO_#W&#I`v(d3EmD`k>T;aAoLB>G_~{`N!HW6QGJcnAtkB;!mcmS4?S99eC3u-&t>-gvMsDv=$~{v`_12|Y zmr+!s3eUZCEVhtcocP;B{)K4@#NvTVlSSj#mbIpy{sWJH~^clhCUR;kIG3 z?;YMdPG@mw0t&kvO?W<3q*BNwc7NG^pT`c2x5wQZurVz?1?LQH@rJljK#@J;az5-RB>9-3gU!jliQ?Z@)LcsYRg4Re;c#CB~?h4Dk6bzw?SVGL$?u{Dv@s=oFy)^WscR9<^3J z6X77Q7iHRmMvj#|dHY&nWRqY&zcsCOBFLm82#0xFVllo1Xq2Ji=GD1gg!Fku=t4t_+V5Ts2)q2?CTOe6)hx=;L8r0$RE zGGGo^^$KX+D67g%Ox~Q@Z0xh%u9nQbd?IK+Z%>}^$fNpLF@3ekvVehHdl|U)rhJ$y zZiay)RB)mM7ozzK8oi-;s3Q<=#1Rp_gh}ne#jwls9~_LimH8#|HxqxUgsEPrw#2@{ z`PhYL+A?|*6TB-jQiBK6z4aN$T9hM$ zonX$L5CXkW7Yd>N&j5TB@`?_7>vsvljL9&W&1O%bruQL^U|9G3Kd5XB!7ER=vrBW> zM^PzM7C&P>&cMqFO#=}SuG$33J)IrY4^XyaHreOAG721xLsbs&XT07jug72wA$Ke+ z^l|z;bPg-Ci(9a1UB8+Qlpc7SNNwZZrA_X6+}>nUTjG@6U%weA)F24sd71`nW|uTG zbyyxmV_3eOem=mkoT;O8u#f$BAt}Sqc=6~wrsWlf)9#cbQkrhX=9g1PLqpVz#>tY! zqjCK6rki#}?#p7*0m#%)n_Wg0fbdA%Yu;M2H=GQ{{ooV3mER)W^dzr_qV*o~r$W&f zVK9XP`f-I)UMJv#Nu-p833J;&i1^W(FGq z^|BY1&a28|o?jvTUI?q&y2a0fM6Y4fzM8 zorQ@bX9~r^is+lieSRcaHmP-P>IZj=%yiGo1BMKgw>oX3hP^P91>gy?qpTJIEV$Rqmq*R03M zh*#zt1^KGNs*P0U8|`yaMk;0gcd00<%&}1wtpk-gEJFz^vx~vaPQS<39F;O}J0(t; z`>4#JSrXMKb+%IGmQy@B$L?44O~A6D`W(niqB6fdUYP@|n$b`%qRbCMnJ+s|EAzwx?P4}rQpuZDs zJ~1IMKo}GSS7kSX0Fi@Wd}qpkc%tb@vZY80a;`(q_osK0=3U%mxV0gp$4c-`N~GW* z_E?s?Z{aR@@EC7>Pvqza5BBobej;g}+UG&GUFgTChtNQw=NxC98AbC&oxB{no?8H6{rIHJV-%V zz$xlMXY$UUQ#>-TkAkKBS7J4_{WWx9UO}2^G9H_bId+03HVXS>u5tW|quk#Tc{Hz?y$3 zm`I4PSk9at;1AiYzasJ@s@N!ZF4lh4Vzv4Xb|nim<9i>kPWt%=9HkkYT3v+x$KJNr zp%^$&LZ8t*y)OQqU&Do4TIJ&vsGwT_FDf3KnS(9bVbYY#Ee9VC@{;sp3ek-N=uq(i zXpOW3cE63MQc}HjACQ9Kfd|aNO5)>hI~G6M#rvo&=Dm1S+G6AI1TN`bTiEH7*?ePl z(dSeY1psVa+OT7kw4~}3XmWH+X#`K{L}@%gqbULl=HU3)Rj=O z?IzfGD|_Ii-L858JAvU<4+=!4JLQ+O6D$XzmmX-cN7A%HTaJ&ThQ=9M`eYX{!`pF3 zXfi>e3E;v;dMll%9IujSBXJRA)wsvn?|Tz_}uHHb})Xj>J`^D3jr~n zK2NR5n|$8bLqEwzWjm_9Ky3dU#UyXZZd)c<(+Jb$BM|Aq!evcbcQT)YMd6Lb_7!;& zNNK}z&hx`V?u9ai@td1fY+s^YY{iT5;f#Cj3-a2V!WZO49)iunm-5vHeq|55m(@%x z*go@H0el{?ugRJi-dw`?%rX@Cjy-U3alxh{@8Z>TmFuoT1qIt8Q*oI%YIAF=0(=Aj z4<7V*>#o!j0?L%Y1dK!-otuDfplGrQ*Z@83ogcjI#De=VPi^-EPfmqaXnkC31!E>agt)v?e4XMxGt8(2 zctK009VV6<{RmFUrzFmSYd$rc6)sByHQY0P$ZdnPmJ2oZfE0lPbW#&5q24!1s61Sq zHH0%l;Xo)2s?yzmHS~V$8%dfn#qj{WKeb>V_5Pe5R>7Ol`wSd8{Z2Ifq5n;>gyNM1 zQ|kSH4rNDT%RC7tpmuQCk%1az{fxtlJ|G9?z|HTT(nDS5C zYdl3F$v&wQrT?3l(l>HHU6)fjD@p0^mBCN~(?5tdh3Th(Zl6ASWTsyokB>ZZZaz3? zn(#LRtC923NW7kzf)+Z}Go$b#LC>6n6k4NaPUctL>6ug%NY*p|L8Kpg=3ltP>6yR$ zlX|ANxArikHh8d)x2{q)x?HGzS16ndWt-~Ge9q_bO|rt7hTpvNhu|+1&iHqrKu`t354Q6F_F-BuJ-&-7KvRAi}u}89$ zn4l6_*C56>c`#MX!PL}YP%a!y4LX&uZ02C-nslYzx3kSqh&p#sRjG+g3j;F(rn3RW;`VsFQ%otfCVeH3aJ;Dcno ze;G{doxf0YeEKAv_2~Y(zwrH&>7DUC_eR!yFKf(T8%50<{ua(;bz8`}{ zCd8^zXT}9n5iOi};|={vq%h+`+6)mn1hZgIjd&rlWeLyG=tY}j*cmmH}=6` z?TzioWG_CKH)c80`sCPSuR`tc@8VrD|8DXnT`!JnTHuMaekjlAiRwOoUy0u%bHwND zSM&Ss`7Cfe#j69KJ)Fd6zXQ5E)wK)oB0<-lt-chWjtSx2^4TRQkj!U{1Ax!=7(Oeu zugb%sayW0G$i#4V2$LrWLtYAAzbcOtbD<2pm=GTKkbQGr`}*+Bd68#7#5_Ac;f`|? z?d(voeI1<2Ju|T*=XG!@e*&lSgOY+h-q20~Ap3X41^<9kxprdh2j04$;%m&zL~g)! z;;0W=cS}{PP%^%%iKq%-{KO|!ec}!MLaMs@w<)o@sy(ddB-DeMsxrKn$-W%iV8&g7 z?X3R|_iMJyOl7J|Z*{pzT@K$a?>yj8y6E;UQ%@JEOF&&Fs>`|Ra+bQ}sY|Z9oUAUo zy@BefpStu?m-evqUAMPSJ?&PP_toVsb@`jRys9qi)umBgo>iA8)#VX&88{8of8Gz0 zr~eY?tMz_9tu$#}?dN0Wt7Ya7Mhb@?a-a->yie?~NWMuZpm&Tn%k&#WM=-Qxu%z2% zc?cI1#$!%QY1OJc2k6QcDQlu2k17pk z_U>uB47m9ia*P?#t1YvBM)D6n=66Z!2h3!*R*lXOnRElNI&M(#@$4%Rw*(;E|K^X< zvW!32t<*ypzAArRIV8WpiWI_LPWN9Bg@;l;NYC*ATHjohhYh4cz|o4`@Q~Dda_EqiWZh115-e$86RMSH3|E>d+LP+|9&Y@LN7N7 zA6HVALwf-147SZbG95fA3vXUw+T0Nf72XBa!ny|4OZlbXC`u9bGqkoG5LJ;j z#GjMi|4%WzS7^LT9F7wlg7=+XWo+Qj=$SpiJJ?i1UK-()yE}V6gE z&yV!Vu^dqM(5-q0Ay&WxrJ=yYxAV#aUCIx3;){ zz63NY?I>$e;OW8%tqCXOnP6Z$194@;9u zG&Gh1C?wHthnHR|PVRX`DwA$hLoBU2PPHyqx zU{UN=gG~~-u2y7S7C7b}@Q2$hbEwJzD^(#Y_hZT;GEl`9#qbz zV4(;0Q^=IJb1=tKh|Dri2{$+b9dh^ir&du~yU#Ie79KQB1Pd85|O2?YhC|sg2?exfI%LRq7bM5 zCgJZ2g+FLEx=!Hl3hl1|Tgh0d1!^s56%dQlzvRrd6NHU1LyG*#deJf5eD1%3 zah^3?3Fb!L@daS+!+sh_pohX zXQ}d4**a3#xioT7JST$+h5%Opk|-yG3e&R7TVHgWZxsSeQJ3ew3p&&pIwax$f5N}{ zeLoNX-rqZ(e`~gO!@u9^)hP}&|2Fmcy!?9-nkM=Z`8Ql6=$n5*_xuZgPv;L;LUy~# z9|i+df~9>F7`PPuh8$x5ln19AqL(b3dS^97kcYR;+61FWmkxihKVq8du6zvfqDO=m zfEHXu)+)z#8EJlO!NXvt^AFJ=W}joJocS&c94Dob#r zM~VG|tk`zPH}h4&``-FW+fM?4&h$^^heqc0#O?a5iwK z1wS>2&YO)Ige1VI$L$NST6aO3_b)e`h*?~1oZy2fY5r}`PB{^Fnws=1v<7J&N=*uc zmcuw%;q~M+)mhm)gd9;pdV+n8Jm1kv;iQ7ZE|p%kKJT{OEDSkMU2ajA_a}ore~h41 zf_jY`kI4A=Gxo6)`($~zVLy!$&)+F{=eA3@$CWln*nbTv7yxZGO3{)jvvk!lpGU0M zq{oZ(Z(lda6yI2eVPck;L0;CQQ)Ftf-rY-(iQ@`kmS~eAQ@SumrD!r)oL_dIn*>C0 z^Atf;O#eZCbvz}k4c{nuqwf$^FeU5tmM)n*6zj{dFCivt1?Y-i}6Ur^`MAe*_# zcerVc)zk`k{@B`dSiD>Q$#g4IOg}+-aJ-DrXx_mika4K}gzay(cpa6~VMKZH_~zFv7~S}W0c|=nR8W6Q6`Ymc;rMaz}V51VGSkE#($j& zmZL~xslx@SB?V2lSpnyKBwb8^r!-_1kVKI#rbus2BRdY%BAp>3EhN)nBZ#?*Z{OToK!=jaY^wNj2Jpjn{tDC9YaCOgXW?(;jBXW(bn4bXKU>_|+=kIeS2NMHWh z;*@czv#=HhKZVwM)>I$kZWpAlOTQcMQr$;!Aai8MPt(EV!yIUvXZp4#2 z+T9;#;4#t{k5}J?pn3Y0_y*Ymx-z$&pxgqg$8<2^^>B?BEr+Wd6@AAVl$NEFNN5$`}XCg5IPLWXQiRFIcwYxCT?qQo&WO70xuVx zOwG=;Pbk<{jkaifaA+7FFuW;*8G>F#BGuwXB=}~n!P3+N`2S;M%p(OaTyMmt}1AeTgLJnsf$erQayPy`091-X4n|rqiqXQKL)tLf2L*>O`1ZfOS zo#NhfnL)Mg4-8X0J)}P+(Lzc6nOY21y)uDS1>yw!dKc7n3NI9)P!L-21R2HheCdLh zs?Hp>p>{*nNbibCncfv;nfcqQhX6BKz))6{pm9tAs{RxI?^c@8s9?AEfi1|Lm&tU= z&z+i`*SgGocme>vq65G&c;h4;E987wnpcf|H5o<1fltQ?m4E{PW2ALd>Fe#@zLtZa zqgC+jYV7wmqV?5o>zf>{?`*}jDdc1HZR5<7?SYGE=n%PmY33k1?LHjs^#B<-C)Qxg zjiT3|{cb|LkFed}X?BV8*E;Es6>a~lW3(8pk!(f9lVl9+6jLqW|9a68JHmY2DxLPGIOz6WklktM2X5cS$VzL=h-H zBZ=Y(@Oc;TNEW~dr8NVXh7JR|g=vI8!D}aQ|NOdNvsg^ec5;^ z7s7{_rtudi;R7TyJlMIBCI5661?`&$a6J5A{wJpX5g`XRbLm;g~0(^P^j+0m#9A#`Irb5LJ zr$5WR_WK=0@+pYp3xr%3yM%-AC^S&P7&E$r3_{!9LR^3Y2#8o<{HWX`s$zG2jcOGtHb9E_OGyOP z2f%CQ?WG$FWmp=WSr9xSQmu>Cm-2;KuM&%9z}0ZQTi%i03miFw zL40cWtUKbcvPjTPIFa`tQ9ASpD8lyEqjp4OLj`oUQohEUIedd&3%(FVP+6 zw-{#xipog~4W0@PDWZU!q{Sl_sPe+!<#YoVjs$1MeH6`tKt1>fgmq^{Kf+^0bh?pL z)}aGIB*}}OFg98o{Q|#LXm8W3etcBrlbFNGLWjSG)2%V0?hFVa^*X--S~C##&}ame z_>X&NG^<;%qM2J)zd_(nYMy|fL1##%2kW^Y-Lb?MwObyYcfRIQp%nM!D|QJOKt8pq znRZ0YE9L9-Uxf8kBPv?XpMVjMJGN0P0L9^K5oqwZH>e20tb8bdRBp_hps!|C!(J6q zSLIVzfvm(h{Tnn6`Wngd@EPJI0;;Q4)O>qZ0%Gumg6D59?$O;q(yxqy%BYXjUhD2Z z&H^|$CFvuHU;LIm3he>eXJEJpmA(A*8_3=S{o^N9LEo8m46Y?ivw)%dG*j(8+kFUwsBTIW$?pB=C=n$G;T* zhbjOcY*GOF;&i-mUEB>AQWyYX9n5go9Zmqd9glx`_-?Hf1b*7s4Scy>z&CHyk>K+# z=nta{djnfH1C|f^107^Sh}IwFF&-A}0Mj98(K82%$lGpI3L~n`Q3O!k7SVQIV@W!v9wY!hv5)x81~qU=s(2CJqHVqg%;R83o$1t z&Y=&+II6t3!RfQ4JjNOQOnER@1!-qNWtFZ06IY~k`RINp51895Q(_7H=3VgDuU@|H zFE;W8EA*hhb47K!>$QTe*AA_if+d^MeZB>w&K@-#S5r0=fetp#K@v#`1UubH`HAhI-LmN{+WJ043kR@MGmHAW@I@|&c zq+9}}ia6TB{zmGX)-CRdfTA_5od1sTt51}DsUQp(A@dKasWkQl8sGRxP~zG_fa*7s zJAg3Lz4_(1L(*7P@U z{9g}m=yvqdp1QcyntlNLir%!U6+zgxj9E8&R}^K08e4GQm^J;S=UxGAEbrr+tfoUF zm{66w@%qhua<@2>KRvL`n!f2T`aRCCJ&gB<&dc3${f<7l+j5)Lc%(Kvh-SzYuBFT@n0oS|-#>?zl&fk(^9A7$hZU{Nf!@}Vm&P+LW} zJVdnkA29WXbP`dy^xCfY}4#&lvt7 z0}FRwkE9Xf(adG%g`-M^AC7BZoxl(KQ$G$J>V0b;Yx;hY`rX#)Aa(Cqmw?p0$CXu& zawc4DO>chgVf*ywl4;#Hx5bPs=a7tLAY=I&oI2-SvElj+eVnwxt!v>G%@G=_mu}uv zA!V+*oN+2BdX6|naWqY!=d5vE>Kk!ms5`hgOY}`>Z)&2Zaa+C)Rq|L|<+%Oa^Z1P2ucCgY3wBX|=8@|6E_j4e6xsuYku+Yn3h5eIR30WS3w{TWXl>_??iW4a5Zf)0 zr)+;t(l=ep$k?lujAZdsUsQm=ZX>~@nQq+^??%1EQu2oy+PmkR0-|#(Uqh7ydPMtE z$o?e6&=@Y47^&$`*RcJ3x{+Uig3n|SLHi^K;Q}8-sY)42Z{JJ-iPZ!X#%TZg1;rur8)ng+*?#YG6nR=NQ5=)qzJ)~c zaY`3ek}M!!maKC_G6YUV7kl}d6?*q1%t=*c!IW$T1hUjtV!ZR#5>kYf%!Gna|7o?j zFm&)(oSzP#1sn8!2JM&TUBGNVJRQVSx?b+#6n%^*tk-*1`X&)|*o?S%K01VeKjx?7 zXjQ3sPp=&VI+pTtpo6GcCil`G9sJL9-zhhr3)iBzSaGwuYKZcq^fED9quTTf^AIX< zjd=(dFhMQYmJ=lZ#1uc3ix0}N^+nsSeZMyoAMN+{7mI1utg7M)S`ild z86xC+N5;O%#H_$I-qV}COPaj*H}-C7F#As=1KTwSKZ)uT)Lzbs2!$?aEZi#q$T>g_ z0H7y#Ui1t6CUYN48XLO8Qr8XVd`n>+j(|w_ksJQ>bn^uoF5_%S*A0gb4)WI1slo!4 z{@f>^Ye066G1USPaLLO25a(`vT8y!O0E9F`301mb0A4ZtNe9D)=kDzJq^=;tdcAr4)% zj@;);3|Ex+Is^ z*if+rE@=&_LPpYNO0&Bp9tD(iNh?!alAN`Y=8`PmReS|_uo99;uQYk2+LaLHv0eZ% z`nybSx^_%My%wzgN=@U+q{*aUqT@pM6ReS-U}B+QYw&KGWs;x+1)z7LAe2K~rvZM` z&ypSnUa77-YC6(a2VSWTUTI-)`W6E4{<%sy7`tv-hXMq6G^byXqGB7h9qp69Ag^tmbtSVeK;f%P2Z#&y1XrmrD!Rhd-=+6H&R3Ktnc z2w7Kk>m|ljoj^;XuBy_ysw(TMS_L<|u|~bsY(CSKIubY2TW#-`GkU9|rTOK-rp3|% z)~(1)3YWKuC#3JPi*L?Bz$Biq1|gfSm(de|{Yz$Kg$@FKch-F4!{F|{Fqll}Xh|5m zi5X$^s5JDi4FPq+e4OSkC7i+IVt3TjrmJ?Gd1^ha6S(uw)-ATpOm~addGD6UJNMk( z;1(-=ZZYW(;jc{o^wrkqPeRXnA%jHxT(<;gB}O^kdHw|a!9&Joxt--tLg3W=N%qOw zMNj5r6Um=WPH|R?Q=HWRy)*ffh(0(`r<^k0NSGy_>iyxK%}Y^Vno{Vl%Dv`KQ;EGe z9k^_8mW!e8_Nqg7L#!bkih44aQXd5kVW?Kh@C-8o`cZ!38mG)aF zzdy6$m+wC9t7Fopg~8jmr1ulg^r&SrCMA$&OiCb=F@ZqLnDV?DAdqBCw`@trYxnVW z3_D_%vSsghiB|(1OU9I)-kXsz{qX=FAd)e4MS*L*8URH6bEkkHV~Tp7D48*pc9AhX z=m{d+kjx8f7vjaEhxTFYsEhqAbl|G{BBQnnW4fA z&>z4mfHm|shdpjwKsHklOZtTyesBH4vRl&q!bRS@N9CP6G#`Fp4g5liKQQZs|1W>Z zZZ^d$yil%M4lZqB{?g>NAi@a8u#9rnN&d1Q)@*pb;deBWYeX{BGPtbvUI2e}j}-R+ zA8oZ$(;X3Z)iZBY?M`1ElfNw6;{2u0>FM@SRa*_UcAq+?)?Q(2So^r8xzmcD+LnM} zxAK>Jyc+0R@|Wy{-~9Y#qGvHYDe5|ZiF%cM`Ag?eZB_nqsS#9IrIY}u`}xa39YkGX zAT!iPAr{B6oWFL(cIN!0?Jr4tzXU^VRgZ60{?ebt#c|y3Yp7fK%R@#GJm2x=xj$z9 zGR!Y$^c`18^Z$wbrPm|>wfyDYM>FOx@7!noRA@@NpZbgUuBW_nf49T`?PmV+!AZ6{3?PKRi~Qw!EQ;`a)ID1g$RD~(ii7G_{<41OWF2qXXN&Te>rb}m z!c0_kCyglgYJfnJzid&*M;G`y?pFTN)2o4wC4b3I@6E_xzTDFXNVoErXT2H#MDmwT z0olU*2_X`hs?^ZYQo!hi+ru@Z>XFav`<5?Ie zlbrfLC}rsC_Y9aAD9Mh=bf~Ics&b$XPmvyTsOsCWtt-{=0?NDtruI|2ynl$5Z?)~Rby3p}C5K5nKn@O4)Of`~4l(T6XVg@ZXl<^rIpc$2u%H!9`JmILoSXs!COzJ{Oea#Sj6*zZ~OYfm>;{Y?U*Gb51> zqf$DA*Y&8>mpfTu1f!W*>?O^2HII)mDl;)r!7BilT(wZ_E^9GXy?gWciQBAU|9O47 zVSmMYw~M@UAN}{LO^E|Gc=Pxv<5R}I|LK2&eFyK-mKuqD-#Nv;^T@@deJ@I}@As4c zsix($Ov9QEmQ!XW$&m_WDkbH(k%PakEUAo{w>|I>{GK?_H9@lw9j{|d<}PP*~c38!+7d^ z!@Z|;CtmNaW#7dwU9{|jr1|BwDf129`~ZU*I-|}l`&V~%KVIK?nlF!JmmU(zGp19UydaI~*Zcbz~dAUsv-Gt}@1 zT@R}_c{M<&E}TLq9bdk!uVZ+Kt~(y!)j-ExJBjYD+}+=^4(c_!2ISjZ3pxPlhU1u+ z7-AfUf8}lopCt*@Ap_{+38ZfvM=}6L*9^JE>Wg7d&Wj>X^-kq^*Q_u$W)(H0W_SFA zm{u4<=oZcSw1-mtMDIJ*PiTAIJoLFfzo0GX%H1#Suzn%pYe=RO6o>3nYG)dzd#+*9 zP~#f(6EFa9i&yUcu#Jz8^a}?`+g`#a|I8q$-#ze5(-AbK*3 zlQ6Dqg4_7nVdi#P&#t6}yotM%!I9S^4Ikr-stwqeFjQ7w z0}Nr6EEY{h!>xj--W(6FK4>aieR@7hs986n)^{>~~o z@9gNFK5Qzw?5yUFgdWVgVfUJw&~Kq0&49pK)UG3gWOQxCp}tN+l%+6M+t+9Y)hTC4 zGc+!o!TA90=Q~+X`aEByi-Yub#3mp8LOh0wc8PzyrXk`VXJz@^Th8bNru;U;kyKiS z0HmB$0eQ}G`|p~5Bvrj>v6;V4Aos-NkyQE$LhIgFoB2qpcMg_am7jbG%{~maGj&0J zGM~5Sjh1k4UCLRWn{mF(@!0Z%nc#~i&~(cbRmbxe50$ZvEI#Y;YENggNOoxH5-M&CI~VZ1Vt2O7w$G4tg;m1vr^WB6QuBY#hij? zK7>=?*sRAh_qspm7Tyqce{H&M1nZSj+9z*IIB~wl&e&~6u7MhtLarM4EjkoRw(A~z z_P64p<)kag4Ta0T;sB`qi6kHb?}M;Q6jjk?NF(fv^n!~jxd0lK#GnfDvg5TKBv9UF z7QbhDr;4BCDBM!z1a2N+1y3GQ>JAx~S?Wd~C{p)Iq5NFb4%YVLUfwi*zO_006lB3v zaT<#w4Q+4(>%dPLnS+xdzPV<<%z<6=^NaU8@bgcz{rtpUEXz;%CMOP+6c+oqciCCW zJrOmq@Wq;p9LFiFsQek;^Kdrf$vqZlk`XffCVEaEQgb%=jx)qJ+B!0wAuBjfrWcIg z9Hu`X%*ymTkL|$pW3J51^eYY!Zm-%+ey&V_>Ali6aHsHp>(5hp1-{2V`_I!aPvJYY zGx(nFo0)#S{|oS4wx7^%$ zcV1`kt=}^*6=cBA?Th+<_U^)NxGmSqHHC@UGm;WKEuF~Tv_-SNB zV0P>R!C+eO+4_~90U_fMQqMW+H}^T1C0P?}`Zb$IuwKjvu9S&Gi6oc7dG*TxGmd9! zdKbU^PKF+FTFo4x0y#n@&Z0;O{GM84qkRN-lIMrmXqcfe(lySym~|r5Nc&TPbIcCCq?u(sDB9k1yn`XxE zFb$nJ1bLi5mW;{2{-?zPiP5eaTcdMO1w=}Gw-F!o!3c~TMwpQb6TkUDclL9dTjt)9 zCSXceTku?T3@8j# z6PFNJhz&k&7m3X(YURtA8AfYZ-zzxzHcF#+gh?;GGe?-*AWhlvMUWCmPL&o&OPTk$ za4(gaP;!Tb-Oj43TC_(=x0!T;>-lbpS1EmMJfZIZJbIPXmx9_6f^lMLWIK)|{9SiH z(5nGKt>eC8*{QGveIL+nB^UgKns(jy|9oLd5_>H_%-fNRnr6$jo+(@?z$sMOWj25*EjGzI&6eAsM-!Paupyw8}L_62=QS zu)^;QXF_VJoPxg{YDVt=N)gX?=Eh9Ht&`(qn zN)t1R1A>@QchZE^2@@`KHALr^(UpI_(98*@D{N%Oi)J5<)71X3&yvI6_SB!QShC^M zWF2qrFuUf(ESa1@#aKI2aT`7ZhEGFLR)mC3;7IS?HS*5gK1YPWjv@X$g|JfZ);HJr*Q4{sOx0AC+{8*8%{9j;BtzW)USd z+hX=KAfxdN#Zt|7i;UWLI4bE62%1zzl12nV9T?Bzv^eft&B=zkHR1XXLu42x;@}h% z6dSXBdS_-^EETi~@~sqUIc#@|x4**E$bNSpoi0c;yK`)!fhG?@*LhMI1{)PQqCFE?>uL7BPc#V|FVn3%! z1+kxYDeo*(TW5W>wl$%UF_UqDvv&HXcX0Ci6cL9%i6S|Q(UkMU3cH@l2Z1%<;S6#_z*yd^L#4GnXq+1;NJMnMdM2*qDc_#4TcIHxvdNchD=GPIn!zQs77lmKnz#jV);u0bwYNPQjBL zkf%);$jTN&7_|rZLcrdp(KBkn#ywHYt(x|pO`J(t5oG%Xq8Vnxc%z<632<5|EwP1> zg)Y86-F9N+_ke#>&Eb(1AK~Njdq?KiU;o%!c`Vao8IvjrA8fV#QS?MUl}0eXyc`Aj zM?9q@K&+#TwelgDi>$;h{->=sPCk&T$u=S9!y=1D*y5lCk$k|KTnbw=@@sNTClEci!$h7fLo`8-uYE9>?;u7J>PtvQSdEHQuNNBa5gXE@!tu|zR0?eujFf{?&MeCLKexYp%njN z##0{N`tcOl?o9FbDk5Z-47CZ8)_DjPuy`p;hTuG8@uxTsDQ}$zR=Zf|@ozD$ly*|( zZw`Af@)RaTA%<#K>!rg~yZVZMxp$a$RUEdPWXEBj)sro-^Wd88P6%$Y;9?E=k7H83osp+I=>r6qRNwyA;v|*uFvr zq+9dvp7L39iM6r|Z&&;)e%q&jV#-^DFaQ)}qLJla2E#k?%nYWyMapJ2<%fNhZpx=h zX>(Sd6Zm&w(v<5fD&6fc%W6u`%_#<{igX&I+Dh|8qt8diYahBY#Tuor|5Wies83u%iXbDfc75t(62k90&=GwH zQ5U0wD|Ez^V}`dt9M8mY$U>pcJGf_(uLIGI>>XV2hEHfk0kU_Hvi{RzbGW~=2$9I% z+0h+bRHvO`{bv(}2FBd1{~VvB;xl;VQBk~9_J053U%ej^u8QEVeZr^x;<~cKlR+ND zHyr+^5->#6vHD5}P64)PJ(Z7t-nzCV0QW_|y#hb+W$7el9y_?HZoCgU@%_w3(|?`Ql|XK(Y!y@>Ko4@Lr6G%%AO#4K);E$fSu0tn-Y~ASClR7$0x`Y)y`>gaY*x7<)FZ%bWCg z5~f$BDkB6(1hlb2N?jeh6x-5C_dUEC07>T00!=FhNisQdG0zxu&yi?w5-p~i-a5wT$%B#dF*phnHRBPp!}i5a`G1ECq`&(8FB zUDchgfBCYnYgoBu`pt@rU5j9G_$9y2H}qiBfNViK2#%ov%JJ_PCS^Z4f7aQYq;F94 z$C*D{yVi#;j7~xAIj~)s=Fdj+g@Cz#P_m^P?(>bgAOh)3MY5)@NiBF{aY{EBewhQn_}9h!S+7AEhF@4$#5BYF z+0(01hhMCxF)O5;K=ZbC1jfGNAk4mS2c$#33P+6Ygjzpx&6{cSXJbyW?&VKMiVGR` zI9$m8oAYN=#`@$bOwu66Rbi?Z9>^?)Hw@~0=i_piLL*^o#ypPA(B-=`uk`g1>9UWr z{_5*P=FcQT&De)^8yV-%LjHbbWU^D-_VK$b@rv2|^>BL+eQehJ*|pF5yoJu6bv6m< za}__r{MoB%8wU!?&!C^kFn>0HFT_vWdA`q2bZh=>wqc-WhTrPZ?fJ7=S9m^1B=3Le z{Mm!2C1dG~g6j#;wU_&p17TGc3OHf4PdR+neC{ltHJ4Z`yYRvYLJ>4DS0zuKRB@k6 z=>w*`1*U+1UCf^i9FW13x3C^1DT68hYGt}9R}W@VIVbSkzYj-cfa>^GZMbK`EN3$1 zH-C|C%6~W1n(|K$6H`9nQJC_K^Jm>0Z-4gN%;W9*q2ZMAcG~qm$TfSUu(o^x5rdJ`LmiMR+0zn`Bg36DEGra>h?|#XLu34#8JH3N@{iCrrr20~ zlFM)1EB#TU&^`E%tA%#O{H`BnS!A)}rHEx4mV_5$gHL6S@AJr~J_2eTh}n8?5%=hb zU4OV4_-((#R^iv2NRdZmypLwb@03S31Ha4v&;@=Uc8h=8Z@*Re&34o9OWfzf50klm z{{7~WPViINNfoXelfVU=eg$5pGx_4*g9tqhledh&Sb!?uK;JU?o&9+l{?Grxhku&< zp8aVj_@|?G)9fzz+dcgpwsrU|^DpM4ekOjO9lvWo*$n*t^l%sWbx(eWfyP_GKR10v z_faiA{L149h8~yE{An@!Q+G zZ+~BXunYcnPkwLTI{b3e@w@AH+3|biw#~rrs|S7*{I1?Q{E9zG<6rMPeE4B?ir@ae zeCuZ5w^LX6EmZ$f#rU8y;_yER67qU=|J6zNFTy46KUZA4x_^#8UHq|vuioc34U1MUYKaf%DVgf##0KkT|;b%gk#L;eT+kc%mPmEFNF z_K{@|AT4DS6k_IH5}}_HGB^dV-AY7K&VJhW=f1OoYDTeM2@=+;@kMT-fXz<#oT3Z` zZDqcJ+pVzyTK9Zckp^MVAd=ikplh|KU!c|GT&P=H+gB2?lJ@)DYhGgz>h5wMXz~?y z8+oCVT%^%wa*wU2&&A%l&+PR1^NbGk+2$}GeS(djkW&Z=8(-yx6WPS6p~-E$LC6Wp zEe}qX@1(~TM-E&Ti7kzMzbdkD-HDNXmT}`lun7yhQM9J0G&ry4b_33><-z+sf;ZgG z$H*`z-^2@N@J6n=H&q+jdPI7x@%ZT8eB&0eBKLeBD`t=tF*LfO{UHIT{cA;lptXOd zVgOc^woi6ndqr5aOn*kTfMe&RaV&*jTYuirbF#`ju+z_xU5g+m!+9BQ<$&GAZ*SCn z^oY%o2=K7Ch9xD7-G%o6zAnyRley9i`9{ZdA}Q|1o-hZ5HsO1dsVm`eCRU^H);S$A z@lvp18Wwl3si{e95-AV%EbuDd9lpv?rTv9S?4|bR^iXg5%fic9cY{cuCz+VSzu+Vj z4^_|}MQD#eVB|cFVjqivm|T>|g%inb#AYhj=4hMZ=7c20z2kQvLC1I=J(~Su)m(5nadjK9jb+|1rUZ!y9X!ur z2!aoOHm$75lRaNQYzj7gLmP%dX{A8`*!dA8bDyh9NPu^+#gAoyNLa~5d-EtC#ep8S z3_62k$9688%eS2u^1^-nX(dyLHA^DSgrd6OnXQqA7uv|nHRR5B!|XQO4{81!zUFqOhw;T$3P53FPCReqnKN>lUaZ}b`VRi(wl`}%BiXs` zi`dwaKm>y-<|CEB5Sr0gBy$S5sX~WGcpZxCxZfgR%o6-QM|h(@W1MrQrIgtC)X60Cq~l5S4H zBgaw{SJeJOX+V(i8g%3c6|SmyRp=J2GvY?Agaio5#y~5peG!4tN+Dut`%Doxm9#+7 z5gz_~DgJi?|D8;hos0>R_6fph&UZgU^|KXNQa|VO*D=3f$THk-j()D{T0d{=Poh9S zWmQ?Ke%{hO{XAlxAsFc=`dQggKY#wbr=R<=%MSW!9eAgEpp>=4c$i#{h8g~;C{M|4jG21k}nKTQ^{LJH^6-;C?);qUqI69p>@BN zHmT;G)?o?Da^Vcy#?2~oQ|Q+F`?x^+5G`zzA}Lx}Bn_u(VcT)4g~ITOOIlG&qfRhg zn;>j=o^G`8l8#z+8Ae|tNmkYB8@66ljZNEWLfH!wdq>8V`E+{D#9 zP>3QphrbX(`Neqf8r<`bMoOmyB9-u!V5i%D5(lDFA0rNUp=S}AL?d~FZaNcfa^|gd z>6@G20h$Wg83kKuC*ZsF&m#zIWDxmzVXFi)5jQHf~Y;dT|ZO<_OM?hmH1R~ zg6^+Rc?(#JbehdS5XTVL!p>$np#T8L7Xa;HGP8>0P*eb{0L?8bQNUmPmPaoQz|QWI zR41S(M!Y=ZH*N9;Qf!Z+h=A@>%pRslD4ti13K2&)MdhL} zE58uX$^u&~0*&#Q2VD~{mN)YtV+x!p3NxPPyEi;#Xa(aN&)b!4L)+SjursolZCA4G z*dSPEzwBT$t^g{!h0~zSO};zoNiUByi#s4B5xnMK#92^Of$NSo>)KYeS^ZvY$Dvqe zyO(n^B16*(@+9XsNQk|y1w@fe#w%dGM1-wS>{YZ$@ywJ)Aj8PduiM5j?76FXBm{C;6UvbP-x#Pci-$;^3 zP{X<&wY`G#_Nf2i&|u@<(&Q{5Llk|HG*K{^T?`G*JAIF#jVpsqU%@#=0lnJ5S-Ob= z5Z&~wygaOTX<(tM=`l3I`O+NsRFV;b9wvRnusV6~^gbRnVOdTe z>=V}D zoYbSN|ElW;MV#|s9Y+?%`$W-U)am&>PL)G&+4K9v?_rFiRC{qe&&f^^gO+JAF^LC! zIDu)~7z2SF3sBh_xE};tg;5gJ9TKr70*nQy40=I}HoY-6xzJ9cHc;BFzUS% ziM<+$y+D!jQ!+7}G634IlX`Zo{gk3yp&pq_7qq)TX-a_!Ei7$%Yrjv-p1NNI!<5QG zcmKy$A*bcgN_vkA#bqtfud~OFgz>ks#h(6%U2lA{M&JRJaIFrPZ*Mkl{U~_+1w53| z#8Bw~4Kp%x&&g0F;VOYEW`-d+2sb{*5^RcLZlZ>7VAE%!B}%<3a7fyq8#Kz|rwdLh z-vAJa2_kbNDap)a>R(Od6W?aja<*N~kYWsU`MQu*va;B+2u4@%vW}uXpU_Xkwjd%+ z0Qisqw7<$HR7<2K5+KRF0Syukb7*ezdDCWY3f-^1*4Ffi`thmmvSn|g598gjq!tY$ z?m!?V%s!|L>B$|~aVS;<&E<j*_(pz#VlnSyDsClm4RoP`RTDX^!At=LtPn8fxb6Gf zVGSTCY68BBYpbFtR915G^$!{_0L?O>=0p}J)2p;+k$#0}ojW98`t3GVlLRzXw3xL8GgaNewo@~oxd${zjJ(yGT67~xRxDRs0TWew}L z4?36bC|5m$O~1qyZ4ZTFXuS8pi5o^=eAR`u`z#$64k)2x>pRf;B+vy7p?V&wYqj58 zIDTBP>Dp~`a!_^qC=FOS@N4`GG8nGk7{E!YxZ=A=Y$KzcRzSl@D`_A1c}neL*``*g ziK83t20jx;!S-Vz*=W%j+{0o^SFGayLRoA@8HVNzr#!+L5>bBZSiP#e|Ei#~2$Tvo z38jm^1w>F!5+RiJC>C*s^gtYG+&vc4-8>Mj zlD)KlBt5%a+H=oCc&)Z!u5kqe`XbNmn~Smc?Ll5BK>V1A8!xdK~NT)H>81fWNdnV}O9#M4!VY3>E%eE~%%HKXy%mzlztfK5Eh+RWP>I z{uhk$41JI5hIWOz&Qe;E5tg7bNS6#o-P{w2Du=NFSqW9WG_t8RF@cnVt)zNDOTT$n zmm)k)0wAqf@kJzA587J=6+w;0M^j`~ z4x=bJUrMO>C1PThj4;I3MPn7bz{&ZmQsVh|mYJ&rV^R83@ zXyj>OD7!FXwh8AN=pKG@>^g4aI>{>=Y~-Pe_>$Sx3za%59E&M;`^b zgdkTEWB_l5N+H9>V+Wg#WikRYHtACsx=8#i$WK3>2`U}OepNUm9=L8GqxsYFhtirq z1N#?=T@80>ur+>GaHT!GS#$+C*TCRC3x_nH2AN0e*RyqFv7_;_+-SUaGybK3L>PDO6U~)K?c4d`jk`moKIfg6c7A8 zOkD$S7=uGRcknpljH@E-`wN9nsX~U=IGN)a;LjKwp4}sO6Q`7x4h~}gg@>SVPVc4@ zs2S)#hqdAy2H;pQ?189;6DX_q%L&K`{mCn;<3q{^Z3Ak`07nTN<|cR2amtb~J3$a) z5)FvlHkq30)k#ywnWjqF6xy@nI476J^IkiVo_k~oOigc?8mKz4jJ=+?Ou~F?O-fJj zS(A4?yc633)aDUIXGT27z7tB4q-R=sCY}Xp=mjc;paY;f%sT#YygGJBTbiIjL&VYh z#Ggh?WF`vW*-m0x(%T8liHAW!L|3IDUNj@g(#~ zA&?LNE>Ld}yAEvlo-vIWI#i^gOUy+pf;$iquR$y9-h~}+SqaY&hV3YawfXk@mkvG~ zc2*|8-j2k+WekQU8Q3Q3u$nb#{}VxYRTzC(I*zb!dQod((zoezF~t~wf(fOy8pB^W zseJxUTvCXi#q>al@yPXTP?>n^e-L^!?u(w(+w)TRWD=shZ|8nhNLxNA8 zntRc}iR&-bmf#`;`Hn4(*Ou~XhqILhmtUdnl=uHzZT}&00E0FzL`W>4^#W*@3TWGA zZLpXP#=cJ6h150KUi<1KgzYzzLF8u=`@~_8*>H1B(HUfn^17$>x_LDZtKn2%2IHLL zo^&sRNjNlkkn4}N-1Mw~r$U+=1m{W1s)9DwNUQ_vyQ*pR)~j?BEfI`Pgp8!WO;NH< zrIbzc7M4yen;M_QFMRz4=S9MpOFIMZ>fK3Uw6trHJND-)*kaVeA}IbOXqRKHQLDY) zZ_sQ?U=pDCQD5|jiW&JXcOn%{Yis+K#ljVa3f9^zka7LQaxhF)oyv8BK_I33G-|fb z>xlSvozzQ=1ar$`Zy*^jk9|@edmbryH1<{E!Zqx9N~an{Vrqbmv1TDjqlvMxEs^&a z!CsDE{_%R1@4C%*?b>SzgPp)duWBso<^`1Kh17WXa69p0#?76;08=vJm?33}D*oOx zy&8L?V6Z2+s+Y@$;1&@9e0^>Sp>vYs@+!!%7!mFkXL;&u;4%f&a z31GG9sZM*k>lHA~u3j#WXAXFvDtj9|V+aJ7toG)aO~cILiuZ)SR|?w3xFsivoy z+Ee^*NqXoj(qsQL04+VveOgw{oH1K|PLm&idy>~kAU^6GAi_5KY1uoq>~#IvORIoL zYX~>~NU(Lj>l`xLJkPb)PT-T538z*=bl6k6nIbj$n6>cu-&O2=N)apK_J~@F6@aH$ z9nD4|mh6~p$Rt)yODY+4HiI23Q*xanU_em8k5*}jsIKji%1=wK!{!T}4tQ98O0K~` z<6Z5^$y7|Lj*i&zMp@4=moPT0uHZ;VglkkHk+=j+oUvhcQFB!!UY{c!r)~7GdAU>2 zx*dgwi4D-s&u5chNTCMPPGH%k8g1*!Of;3_9z8~r_tHq*thK3P=`mcpU{(}4f$`ET zS3IEEG19E}+8r?-xcwZK%T5%V-!%OGNyr;kR}#Mp;#c8~Cy+&e1@Zu(dErjIM4?kL1Vma*osq%KZog z9!D?{gju?B=JzOzDWkiY!hzu7NDN_f{ztk;O70*{kNrj+tI|~n_hp+FDa8s%1R&Be zSN-%~@!Ow8VlPJ)euQA6hN}+-?1V0N%8fdK^(Q$w(f%*gG$;N-bdgRqHt<3cqx?v` z5-=k_>i;&r^1|nqvFWQQdn^|{iyZi}8K9`aFwA?uR+@!~AczD>6^rxfp=t-vKGQys zsE&G4FCCK&4g5@z6WD~5{b|H*IqhaCfsl!r;V=3reZvV(`@4%DpiIl$jT6{zhZDdA zFc2+l_$L_x9=g>(U?<>D-2PWXG`>T|M3G37hl^Am{POMu>UKE>Ef{A2P?91+*(l@_ z_q*w4beUb1f{P%p2m~iu@q~9(Tu182`qU&VDkJd;JAuNzb^ULXb~ zoFxbgR%oSKaRS9aEEo)TBU5&~2!mP0;1awKhom8jxZ~-`XacpxHB#f8z@s}GT+m3V zvLe=IL01-W?)<`jvce>f+(84m65$CAq&Je*U4einv72No@a_cIQ@=>87c5fX`t6f! z826QBLt?$K;qh9qfuA!-(NJOoYH*^RE7s^-0Dj?OTgbkLJcWT?*7u+UmS|^x4~m6> zf5-X_tI_QtfFAz<3*aDSD@ua%!VxYRJa7>f8eRRf$bqj%F!AyIyOD)IU=8s*ksd1q zP&NtJP`P1A?qc`Q`zVzbc>KcHbZ8&KQ4vP_Wt-prEBB_iZ|DcH3PXxJ;%DBE!TYN0 z@53T$`HTN%=-sUR4cDbtNzj4qP6MwU&Lqstn7rqx&o}Bo!`&BhG}Ph%Rne;~RGWBi0nlf=Lq?mM<}Z z;ddLn)fXcDQCe57=yU=Hnlcf`Q-P(XG`MZ7Q6;%qTcadLmYqJke8Xu-WJHcw z9WDdSzunN#x7w%iNr1tYQ2%t03!{o?07{CXWMo6-eK_yN!8=-rd$3HE{d-exjW5d)F$6^huK}K$M0lzER0F=8~8<;v(+L@{9 zH>Y0i#-r6Tv?}q-1nZS+ND9kJw`g}F3ZW(M!E5?5cofvEp+k@{Z23^i+#+cd5h?p< zwn;M~X~51K_vI@<$&yMX+JCmS7JDMpMOAd=W^-e z-wt9LU6G3+&_W{?h^aszfX5aZmV^)}h}nY_0)b-Q<+?>C8q05A>6Q|taSD=lA)yWy zekGYfarUv*v*4zDv(j~{(zRYmAibtlwB=`mIFb0&7Wt{4$sdI>b9sFWnM$Eoa8isF zQ{z?OSQP=q*ptX{F0ZP!d0f@;st}XWp&a+Hoe2er0*!*p8No1?`VOv^GOMT;!0d<1 zbb6X`83ArK2T+2}8lJiTybOfo@PJ1iAH1-5vvo0M{ZG*A#ML5^u}5`nl4E}18eHj< z2q2r1Ycgy57;n!p~ zWUej|!Vsn=FJc=cu9~Y8l^7$;r!hr8FrTxE>H!&tW!mstj+lUh+pKz;v)7JM=uLHb zysD%;J|2|$wRA(?m9db`IH$DcW-(#8(yO? zR+87L92G7Xx)aaQ&{~)YGMV*Tu^R|hJaFFu)Ra5f1!qWxaLy%mqx2Zx2GPbI_(Evo z4Y_z49|VF;QFNWXu%?3_--wTeXk1eo>HlqT@{TOUi`ml10s~kL`w&8m9pG* zS`MPCGgQrk!HGs;PxIh1UY2NyG4a52Qg3(_;rJ<^;%%|Mt)kGt;SB~a2UfsaS7Hfq zRm2%z5ydu@vi@tXKLy`50=KWMlxavOZ%rwEaIbs>M)|q%qeh`^3_cb>9`bV|aig#k zm#hNmU}Jkh2SH5trTws;yNzS&^GRbTFZMAbeZCf9pyFZ$fm!EwPRPgT5~?-uv}!%P zDqhfDB_heV1+~gW_*bjsZ80soBuQ&I207Du`5f}~>(Z<`Kkg&uf z4^2$I6t=QqI$27mFB4=e^5wp4FRjQ0DMen&RHV==0yE`4oTTbrECZXB1Kw^Y`mq7cZm+r|aUo`-*0W zF7Chr9dz+&Eg`zNq!V47rsYHz$4j}v#hG;RVl5}Sc$k*!L>Gl@m`scZ`boXvmDEM~ z3=D)#=olLe)$?oZ_F7W3_Nwe!Yft|gTo(_#u@A{Gy&i;R`vsH?;iIy{(o@F&bT?1yS>&-yMV_!)FHz}DnTm|@ zicq_Mlc`7_TLj=IZAVy&c40e~aY1g(1W;~Xrq-|Zig29m3+#Wh!9~KsyddrR7})uH zpJF0RJ3oOwRiaN*jlW{D&6Zt6=d zn#mTBKm;SPsoL10#9a2~k!9^(Dqw61zRdufSh>~~B4JiYA&t5cv+;^6SU{LS^E@3P zh$6AU>N!M1jQrpLNtm{6T*PpO0Amyzl(6I-~Z{5j)=R3@I|-U-<^(t%%oK z2na$~HRk%;ueJRrgcOtOiy|1l0mD|Y7#QYU!)mcb_!wPJdfnxM$B~$89gtU1r?d#|-4~~GjL3Esk)Q*)@?JYqQX`Rgbuo5N6f=OS7a$Nd zMf)$tr@Y{82o9}`JeY&txso>Jdh7K8bf(28g?=rUR9ElxhBL%&Dan02pv;?$PQ&1~TNk_urC2C3L|s!AGT1P^q*dmAK|L#f*k5{^!2+F(V#!NggwsBkwdaiIr0@X#c*di<#yHB)<%VGg1@N3hDuFIs} zP&(0e4JdUi+NRS$+cHpL`6+E1x>)gtgQ-mPX3HJ0JYsisTLdi8Ds1v$`PrOqU^!=( z&BpQ#S@Xoa%Lz<0ebD&B6v02zQb8UtMdOZ;wlSbaU*Mylv8Q5UJtL~-5jOPHgE2n@ zvQ$_z$u+x`i3ArDBS8~OZ9Ws_J{}YE|A_oZM&ks&`jUImAT9v!<2UStOeH3OFfX>x zIq(pxvHU4Hn&bBmG9UaMO-sY-F&wk2;+S0(clasujl95!k>M19y7to}fHtfq$JoDI zK7t`(ykJLo3r*%=Mf7KnF|(is0Y81|^@ELH4Ik|t`F`o%=q1>As6^;8d^LgwmJ?nL z>vs({)-gnGSif7aQICDW(0a24bwW{fG`>AH1%?ZUB5e4z=lLmu`R=c0X<`#1SP)AQ z92#vvULA=8106mE8S{=?!*O#&K@P{%sVDBL>r=f|wv*X<}ua z!Ie@hiKOmt>}?SSsXw%}~#JirnFVO|uro|{2G z0~_{8WrWS{(J|whSne!l*wjL$oDRfxd!7a5_$SPWUpZ3aCu9;d(6ayh)IA`46IWMK z1`$G4@E1d#{KX_zu(t;3{4L=l{DxTsR!qbewzpdDXLw60>*ao~ESqZYg*A|6u~tN2 zQ3PBV&RPSYDF;=ww^b|}8vt`J(jn%R(Z-yFieRZ~8wdfTWx$^;V34%& zSGEM6E*ocg~WoP0JfxJuyzZ~pdWJp<~GGJrf+x(&|Tt1nIn3N}rZhbG|K zv^c`pu(z~@Bc*bMP#iD?)aoy%80Z@f)u@H`Boq45xFsWP#lLP(F*Wg+*zj1-qD?EP zu_#UU#p_#y!MemInfO-AQC5rWc~tu>^k~g-TzE(Buh}j*`CX3NHf-EBIQj3~3@_(h z_2$|Vtn_Y`mhC{A`Cxj(h8{uZ=P<27XAB68eeft1oOfgoY^*2=Ha&^EelNm_oV%a; z(cnDX75uXd!IVyf<9ol4C}v_{#E`?@%rZ1V{)uZz(O|KGrQNb@qbAxcNCFlzxa)tT z4MAAV+-2B{f58r531(w(dS6Q7fgf-w^7kJ^7H-6}{I|@EM232Nn~=;Gh}Gis0zsr- z?T$}VdJ;!aZ}}!KIImZa`t>IT8~gGRc6x<~y`0mthCXi%ecl@P=!p!LFN16y^%psr zY_5(T!-N#00;mnr&NAb)Gt3^6f;HRR0%hp)HGe?(FiNsi1i$@WO#BH3t|nZ&vjJ`d zl+c1@pIsDeoJ2E7?lhf;w+e1eu<=OTB%&-I18GI?oj~I-U0CJQlUK0lf^sDbZx5s> zwh~q}=t&M_RUM6rLL!GfcBdf2(_rI?#HwLK&)*KI-6eixkBJ*c{Nk5GgN@S_?wSQKG@Wc?Gu`dP$t;4FK#ih*`sIudK5bx#S%e0Vp}+UjsHLD zC*(&X{Dg$w+C!{ zn(=Q}U7sWr*tkuw@de=_%tfP|HwGEa=M%^*tu564ANQH?*_mQqF|nwBTjL%myM#?N z_k3RYu+PScC4f!X3`@X30Op|B{pYW>A?Uxc1h5H7!|Yjt-n7`+EkOi(lIb?rB%YMv zEUPhG=!fY#S((8zU2@#MN4=wCOK@3--$9%i=oM^_Wm=IQ%O$RIuX)I4=V0Ps)w_!w zV_UUz2y@)t20P#+8Jw9K5m)H9bCdJC#t!o)Unky58Pghc>^q|R`SetCh^7-b@Af1g z<&p5K^sUT%ocf@Tj}oA59;Pz4Kt3LDkv1fO2+$qDY&HWQAK*sU&iIHkAQqC3Uvgls zVPnr=;}0sj*s}XSMA5T`DZCAlw}XyQdW67%5unA&+bk`jxEDhF`ArkZlOv!T$2#GY z-N_Fq{6L>L0sd|aw4~4?&}4bv3$>xH1bPxTx^_kgE6|^EG%z#LVIp0AxIvmiFdI*R z_#PhO_Fx<;?GXld!4YC=l{tR@k0b>9j_w}r4SC(f-NoQ$7TlpRIqvEG4DJ_!i6;Z` zmKjNopR61|{`JfpzxBQ!3F|{H=pNR0ai4s5IQ|W{r8I2ZAvpPSX2RS~-T09zL2j_= zBeFQNJcxn&^5CR_TXBzP;C{x{Sk}PZaqo|Wd&&7e+(qqS05Yh31J{dmjr%g%xNoul zB@2SW^j<(v0v<9w0;V5)carJIj4A4o6`Ac_ON+t_<(42^64K4^TV4cv%qVTBD|^?# zr74{uZtdN_c@9cuwu0d~?rsP9)VzfJ8h1@{N;@!`HTUhTLlAJahq zNjfty{Z^(Zo#AdxTo2;ju<<9s$;Q@WA6-|re!Bw=Js<=en!CuOg$(VG5R1)P#dLdj z*WC&~XuzOmv)#Mr^bY@(HUz=%)V*H~#q5d@;@;Qc%h_3kAWR|XUF;JANh_VeAMZ*E zfo7V-eOMOU@A;ii2tb%ER)C|=>z)wQaA8k(gy3Iai4f!k8#ht98#e9~Y#PzQ_X!zx z-2a_T@`aQyF3bTqcp(2<#>y82+})2M^Bz^#ZVfS>mNY)a3Ia(z5?jd$bm?PUhu$N zjsq$&LUEt8q(`ISQ1$HxU@&cx^e!`&{_!z0|Ig@}3{V(3LjV~qbiY4M0WGHK6j_83 zJ%{7*cI@Y7Ogg3u4=2snpu1=fjFp?=Qk;Svg@C;H1qI~qiLuPKF=EPM5FtFNk|!24 z%ok8J(2x#QVN~4QD})%lH}|UquP#KZVI5{8E|5Wqb-M=}r|H!m!KNMr-|~~3%6C6$ zP@I9T_??3D6VpKR6~V^aO_u~(;&K$I5@kkeT7MKpl{u(4HrhYOifY3;4A2ac>a4;e zbm|#2lF`^CKlxJL9Ego9uSULqJF;*+M$m9Fkr{>U0jFc9678xCdp4&@jIfPhPw78J z;Gf>qrXd&xhtdD<2sRq6=PyB!J$Qlx@7^JJ2SU1E@?gNIrWxVxf&Kr~5$LvHZ!agzRLW3j;2hi&P zbfQjV#Dak3*Zo%ZTbuZR!zaQ+5#qozpMzfz=zO>EyOnloCfKwa@Jk#oWxHjdFsPGe zptjJkx%XZs6M}c@&vgBnqCZXgbDjQNtv}WJbFu!MuRmw&&j|e~*PoO0=S2M})t`R) zbCCY*r$2k?Pl5jIq(9rs5B$?jQ>}jre6qjYw>$o~0{0CkVg|x;;r@#r5w zUy9byzcd-f>=O@{=WWB1QuyDn^a8ljHWUNb5Y1dM1m(h;tf0t4Xq>x^IYV9o7ToqYS3`8UNAg5NnlRtw#hQATdVYO{QIwA_L+;S zPG!3?mBNWX$LB)bvQcJC!@rGd98*m@284bk1mamu2l0jM`7Pl&jE#FrK{I9Q?79a> zfv2)_xJ?F3k^UQklW#=wMt94p40$jgwW4TV9$;k^OO`o3b5(R`p(O%2>~fBxH)`*I zLbDWesGPQrL*+hVMg&@DWA@k70;Ijq9ap=b$IEOP|07TU3iL>x@ z9Y8ex6RxGJ#^Z8EU2BnjL{YcOK4>Rez?UU>>Lg#B?DX85Sa59_T8Dpe$6y-_u@LBi z1^bEEqw!dmZtmuC<~Hb#jSxaVw1OG9DqOIHHB&>B25AJC$a_F9JpeFi%aE7!uS457 zsjDW)r48YM^*H9RaT!vHp;)&!z^>9NcLvH#fiwberEwo%nSfzklC(U2dSQ9|tbEeT zX-CvTS~lawY4KeblTUfbq)z} zYYfR&9v_=q*8dfJWd|6P;ZRXtUr4?Kdl5IZJs$-lPOoif8F(lm7S)Uf`4hiU^0Q0q zq?KS?iqd{tp%QN4M%$9%oEE&Wz=xK_1IXaH)wCh7=V(IZB#N;PG$HDNu&FW{e?TOLWUJx{eUtz$QpJ+exkkuq zIFpT)JMMlE*Tjp6P`S*KRI{f^BFK9XG+ZZcK7h|Lq;Aa*r zl^-i$#JPpN85ttX(mTMVp!g3Iq~Io20>rG+^bl&4#oiKW%4bTQU5f6%*e^v9P=WgG zFS|RH_(U~6proHy`d zUf+W2#APxkr%`14hnBjQ+Mx2l8#|%$u3!GQs7xD^cn11W9v@iDV*nd>pxA(~B95R0 z6|X#Y1KBhr9ysXh={e=jo%MX^+(+9Wrwg{4N|bIC=4-Y=`Nl1a@wP;7XX6%4eYi%N zBBjw(3x1@j?{LAwAuX(8p)>Djip9!eV~fjT*ObJMnuR9HoNMG{xQX&+WT-4QC|njh z8DDI=PTrneiV$R2S?m|3I1L-IpFKXjC(MV<{20?afmgqo0-i(OxrndOEMGH`!Nesl z+BX}c7&Sij)$4MS7?Gh^lT7Wu(}g)q+o$1uQaw`buwNZmFA+iHLfM$Z#;AG*e+k;$ zlT1^5D=rpqi$NWITii)U^hBBUQVqTZJn?%-Kso^ArFQZBmx_xY0J2u!K5X8O;S-oA zDz4uZb_;;_X^T*qRb{N?TJ* zglktet&yil;Gsbr;{gNJi&NQ^7wErOZkXF6Sfb4^>xVf&4GfFj&+Z^>U~^)3*&o5v z*^^71mZ6ixO_(lpo%19)n4~|~>rb8h$dXyv+TsLud+A7Y0ljz6c|z98{!a(wo8tYonA|m9hC3x1tQ#dO z-|c&)9mE32bQjDYA$3!9)d(buUAAu&P~nuX~H*hc9EhBik9&=_7`~z`Y*?A zG&YH)sDvb4G^QYzVGjA1shH{hco4g17UDQESwfV16g7MyGCFo;yH22Y}7>%|3Fc*VDV^C zz5LECs*_)JIx4PAxL16xHlL-f({bgRZ=W!4*@k^fa;QhR)x2fP_N_=Clq}c1+PwXb zAbpKEGAvd{*Rr_-)LQ0&{jYy?M2fUjus<+ww*;^Rqdp3Ba{keVNk}EfC2GG~`6G3422}7s-#X z(=igyfFuLMcwievk`$s3Iv$V#No9?PRfxVqpYe!pLqj948u`sIPE!H~;|9g~eAM6P ze1t33`HUg4or2KAW_$WmShyGuT=^-e4%!GSd`Cr8p)?_^BXM5 z%Rx%?sEGJuDo;EyVzHK!UFwHxxl+nGOEeFUh{($&PK>}V0x2=PB3=-edgCeyhph9& zTOm$tcqITv8$57m_?URXC@opVlGmUq>`beoz_kdhJXS)}H$2A%^&_P8^m@D`vHG$C z3W%kQHSjSusH46dLxD9I_85v*9z(&;rVcd6Py{YsE1qyS0gk8wNR zXmpJY>U(;}P%JekQBWEZC)0648Y_gXIxR%ek**oAiW{3F2kV(qcq>dcy|n*9rPor3 zZm(X-TLDBy!>*QcWQt=((&V|Biu~FZ0lk%#Z0&Ht2;}T0VdkmzO$kaGpLo_ zB%q`F-iPWRGqyS+rRZaw744BybW&$UpX5LZQ(kCwu6wo=O+#mlR|IjiTPj6n2saad zrZ0dIQRBNn354|@bv7}A5R1OjVndRU=0Qs6wLh=?8_k(EZzC>hxgKI8%n?FeC+} z8L|V(yIj*KBK&EU8;)*(*voJu;?EF)q~Ih+h~eQXx#7e)lo0-bV<(_{m?mCDYKV?J zi;&=T1!2q;#gdWdSsHQx#wrf!GEm_#G)A5uEt2R2W5?K&si{2&_v@m7jMjpw{j-M=NFEbxl34b{UEIR~lux_|!IZ6p7DV z!yjjk+(DR2<>dlR=it_(2nVA2B%jK@675#dPGyOvbCFTf4()SDh`A5q|gB z;X2T)YGe#qY@#bY+aPfwA&3V)co$v>-gIZQPbjt7i2_%Anm`%9LuxwXu!Q69!JCI7 zij6qKL7ZuPzO-lI**N1yOUjc-{0^yZ4Jz4~?~xTZg%PYA31R*&#|;kGnP>zBMwlR0 z)=N&8eq#*^>5&G~TO?MED}?ec64#PEYYHLg%_|w`iN|kH2zw*JH6=|w({$2G2~<6c z08@^8V=z6eq{`rPDEaZgpWdN$9f^1$*mR-ofF z^-_9lp?=Hqm-oFST-5Klt^5|Ow=3Hz9$TNh&ZLB8TBhQdhy z4}+73Qv-N0ZV+L#0%1+`k>(=_OqASxPVc^8JpZ-|hNy1`!4S^G6*wXL2f>@ykx0%+ z2!;sE(w_NSAsA~be1ZX)pkeR?Bc37{KQ)jJ6(&tj5ezNqT&aT54DLoaHyJa6u_FaT zE5w!1Mli%xa~cMGg18#NxH2z`VBoyATUUu-;EX7KwiK*x5wB_;?sl@{#jv=Eube)M zs_8XZ0$~SxLU&$daO>-x#E;WOB?|UIp9mpw%8VirTa@Ty;>Hp&4>lsitiRmbxUuf< zDtJ;VJ#L&&^HMC*hoMxd$4m_{x?!nj->RM_Zf2zCu!`_(fx2R6SFw0<-4LjwD`~ zST2$Zhhs>r%AHQ)Ap)2w1pu{_M`8xRtnVka7`a{sA$@CPW{_w=Uh8EkG6N?{!7(y3 zeR_ULF1B@D5ONG$}19)j_c3J~NQ zJtS7kbVpjc+OWQ$CWt5yt3NkjVj^+L01@JOx0_J#&=)CRV&8N!lmu%N&O>)0aIRd_ zB0+lA$PI&={rmaGItT_mc45Dj?ID(P1>;i?`4|Vp0Kvd3AF3N6cF8UjhV)1a1Ho^5 zA_dkl!R|!lIR=MjnQ0r(Jc4{~b+HA4opY7bQ~=07UeC1G;5MJLZ9anz@ADHbS_Lb> z1&TSI*)lY{c*-bT_GNM!D963(_z#6lCDI6Ap-04~kRO3iQ>RG$PAXO;{&*XIoM+?* zE}DEJzsNV7<%)PtO>sE}Y|8kZgR`&#OfH^078QZ5wBuz~blYHo9xruCnYwMw?mNVD zTGPaHJFQf=y_Bo90D#D6th0D-J(pi~i04$h%^Cz}FYsxW8C`fxF@9Q5<*xX1*#Iv- zk-3$*1{ISC_gH6BDIpvj9Qe$cn;DVrV^z9BvHGhFQg;WdZ*tSIf~(I&1_j8oJl54u z3Z%RG67pSQz&|Wc#(=+KKe6-}FxdDU7@v#->!b$bz+h87-ylGs-bv=x^kU6!Sj&N_ zsO@XGX$_W%3DjU33FxUKpamaaxdIA#^q6Jv~pu9|OFoVEc zb-CQYr&D)V;f8h^Q}8;6Ol>S-u1W$^KQU^f1m>|zVP>7{q|WG~2(wORs$8*D!K{;+ zDuJ(L)|oFi6PT$kFq!HEW~vKJraFOZq;NK>yXhl1e!!wBKE9;PxzjkECmyQRRs_{* z3xa8xdv`=*ow2KFqM^NxtMIQdQ>r3^0kBHd3A)0JRF(Xb6KDWc1w4JpTbhJ+s10^L(?yO!NF2=J`5n&u`DxxlgwxshB92xWJ}hm%p5v zf>Fj2qZpY13&GW7Iq{SfjHcL2!M>wLGX;D1Na~tRy{t`7Nx|+O+?On%XcuSsB`JcmMPlhrM(94d4QROaK*xJ8)>IUu5*_e$z>@Bt9tCNBi9M0o=B4s^27}? zT5tBHIeEqBTkN3RI(`Gwg}59}#rO@dR6M z>edN-Uu8r68W1cc)aM*$$X&XaM5`guBvDi;OBxv?lQ3IqT2$K;51P3JRedXsPcJ1V z$)R~MTGz-Due{3y5-$x;rE^%I=$y`fdm$^GACaYBjb5U-DkGhLD$toyfKp3!P3KQ! zdxbG`Mw$|ROqZhVPTtMGvQm^mFwbA4G=@xybao+_5w6>E@&=Ng%oR?KFW$4{KbRmi6 zAH0}pffNI66P?tYhCW^eRY#%|C0MCe|HF2{rj}i(dkTEy1sP{UdpYetrNHJ(ljbE3 z$bs!(-o?aEV~x4G+$i?MRMd$dAAX)oRb*~A>cpGzj7zST$TvppQk7@x@tE=2a$p>d zHLw)HTO+seR@`FA)!HR&>8?3^>D)hGejXvAqs|i)P+4;IDo*uDE>)Q>g@FoVt7z;l zse~9$a`D*xtQ?6=XXTDdRj_@A^oMcdQk6Yk_Liz3L{DF;5^Q=SpKaLezj=)`IaLk% z%r@So%@jD-U_kS=;LTt1_!HNI)+mF6VbFDoM%kdu9n;r z4T){;(e@y#&@DU!4ZmW^0Ygcgt`B-h&Pu?0xhuFZlZbvhonZJ{7ZFv;wH<_eMu zwWcrlqVZWcrnK>xo++4yIHscIHhcZesNL*v5JXn3Acuv};23J3Q_#|2*54d6kLz!~ zZUvB_*Brjhu>NK|r7GL{o4KrP*5B+e1!esW9C|fy-~yamv_zK+a4ykuT`s^Gq~$hy z0nUz6uR9BH+WtzM#&vT6&f`-0$5?>luCxnq&XYE~w*Y6+b9MpFDr$q1H*rEI3vfm} z;}h8QAe;+uKKYCI?JgGJEN54csC6)xlpX0hW@E~q10<@gl)_srWn6cL1vr})Xym36 zm~jEldzp%4UV!tM6t$xRR<2E}sS9u>byhTW0nXW-6-`}$Q_@+{)CD+!&Wg^JsSt*@ za53&X&t@RfuO%nHL4D(m>f-LC52HtdTjDS-#u1W}bxXeX@jrz1=skirX2Xw{W zfT?OTtZTtCPCOIm#m~{AoU&8buIg&4l<{%jNQ?VsZ=Wp^^Mg?~u|VUJU==>RP!X(1bI9u}c~u+ipW@@Xj{M{F2AXLG*P zJ54@kvxI7ff*e^cz;qYXL7d3=0Og zkquBey}bdz*lt^evC8x1EsHuz3Pqm z|7S?Mb9!^Z;Er&qy>k<%cq^;G4!6(KuWw3}$|DRevP-AW+gH<0ne0tQzeQAa66nz< zeR7(~P929Xy)W4yL97xIV{&w1;+JNmpjBvLr#&(JCim7z-8f$bPD;T@sSX(<^~VT} z8R({DK@Q}Ol=4>0w8O*-86nseD#{|qWGXUNifC)fM;7gssc0XsH4It0iKhr)T8Ga_ zQqK-qWND@%S9nF((fyf<6iE?|_OVF46j61eF&Di{@Axe-Mgvd<(YssTohmna_KUFY zDOEHIO#E9CSYuY8t73ATz|snnmr-IxZ2_MI*OUs_4XzHH_QY1L4ot|#q}0`cUp+Fx7tyeQshhUb?6eS0MKF|;`|095jd}iEs;nHK`CY9R9q>=DD1Vn>*Ao06Jxn-q2w(?v$2amz>;HItDrnVD+ay@U|Q zCHLGqxtvZ2(?u88RFo*={%#W|97@srzu&c<_qO+*aL(`d`}g@Y``vpz&wAEc&$>O= zm;I%ZYQU}IP7h$+Lny?)JCbf?6`i5eC)6?Y0G3oaDlpo1&~vJ75dK7+*OOWXFZF@_ zN;`FWKqarOBtEA}TUp-?)F#B>q?76J&;&cVZthNeo!Qhf;2+}d4se$Ao%V2LkRc_} zL%avZ%fj8XPIcrCK$VW;_U^zzI?72(0ji~p+nXJfrjB&g)tqbU)eE;O)x;pV4^bDl zIeeULnpVMvwhT}er$R%pNJfkqlj}GCo@~Z**^MAc1?-H}&C)rBx59|4+S*#;T<%V^ zLeorBChvi!u{|T;k!Z>tiY5mWBjAP?M8F5S0ygdORfuvq8L3M=CU^fKv>Ha|rHIMl34&wBWy}?EpyAo}e(?){Z zA^c~}W}*-`4o{a)_&QXqXGchAxWr^-Q{@-6Fx!QmYM{g+gK5;2`3R}o*+7ZefePOO zZ7oo*lSRBMaK&8H8;94;Rk8YsS?LnqreOy5Y6wpmjA;$7er^Q` z@;$ZhqBJ|B41m+Emiwshyx7_Da82G{pN3iemFj*(w`#c4FgLTUc-Ft?O5|fE z%Jk9VR)W|~{2Gn#7M|C?Ehi_snhgdz*Yqc+VJ2mgN#8U~ep@o<&7zUX{;5ZvZa?&| zGx`0OO)yDoif4tDN%jSqe4D#^V>j_DwS5+uWh&f@8Hc07Jidl;j~4RH!B{yLj5R}+ zt&bX43Px}-Q9S2~zeAXqHHNR#;U_hy5`xXw@a(R5y@;mbD5Jar$>P_Yf7cm}R zYN_R9_CyaCjl)P{hVYqud}$CMeBllcCA~d|gzB7#?2(V1UP6{cc(Kzl#)#s3Q8DIy zaL9=7{o=cBm-CPjCt~^DFBvnmT%>axQLA6K%y?D>(Bh4NO&v1g{2at-Z+ym?DcvQaa3fVVlzxyYNB`zFu}DI-lT2p>ia2Uws2S-N9ST8w@U&m$l8Wx` z7KKpkr*>BKB^dxX1l+i@qE|>!CkY-JC~9bou*e@74wOve3I;C_wMG%z3LN2P(QKr? z_M^>w69)7UbXy4HX7VzCq{&%_1G*^^)I$_BNW`48`Nhh4;7Vh{$2{bhCrtRur_-3Q zoR%9zosJ2GPoFZz4ri%OVn~v)PgAkRPOpq-Jtw7g0u&YW1S0&t^l7|` z-ZhRrI`JalD8qyTox>?`4lC&#IPieiSok$36ux;?oI_VQhpy<0Vj#v4pU$Bx)Fhb0 zsP)r1ES&8)he~x0RhK%>LDEjBl_cBh9ELph2hQR1C;iSrZ~jho4rNKsL7L{Afh0Fa zf+QM*luF|qXaX4Fii9{++3|#54UJWKClG1*AEzslegbrEplFhl2u^_3?yRUc0ZIaf z@2sdd0m`CB?W|~U0<`7Mih3sy(UJB?kEaomcLI@eoF_%hxI2P<$L`dnH^*>cp)>B@ z$sEHGkLb7?yWDUL(erK2M5tNJf*<2fE4naE6m%vdvAgU+mJ|z%TAGC1`~;0k=NMM- z1fnD$3E7|^69{DB=f}vSVPGV&z=Me!bc?K#BF@T=DS9TRBfNFIN1geU@h3XG`sNt8 zVu^v+7>3Ic7>MW2H%V;yh>1a^A$6n>-cQ&Dt;U(^js*gll(H(V>;p_z}(eF znQ;Ff8A$9U^Daq7oNUzc8neX93@56$iM?OJ7rDT96@RYY+P2~gjjoIxWW~-u+~@8! zvt{s#eMQV7YT0= zlYS`;(-nA9YwT4qnzX1KEIRwLHN|_@nW2Gf8y>^#}64;oFR^WII3nj8$%D z37Tw>q|>aHIK*JGK$$kN$L$wnL+sDF^wDL*MrD@`Xd)%)kW0b2tL2!)W$LfkV@)qm9Stm2R$$q-|aV^qG==5tg0fJ$a2WsZ`j zBYJ`=swYN&&;g=PJ~t`)!Sawr;y31xR?hO?4i~1ptYMknqpbW~#P3hbMO3m?b;HOg zDg>o+A^om1Q9wloaw+?WT?kac6Sz#kr%Kt;V(fR9Zfl-$^iJw-S++K z^AMxfXmS}zKiM+nK}iAVrPz;pzfAIE%TDf>X?o8~%Kb9`z#NAY3>+T}Z<@U4<=}n( zI+K&k8O#(WHP3nY0bicu+%Mx!wrH$qVr~V-;|&p;9NkU&X#=!Etk=ncOt>$l%3C>g zC1!MY_8tC=5hIFLq%C=Zrc%6H6QjE|_mi9C`(=C+G%siYnV=CHZeoHauH}+PcbYcN zm8>N;t}uSgMOvhP+g z0h6MMMacRkM|T&^P+s%g^~+>lHDz<6=Zg{-&HXaSI?+DkNHHvc*?Eyz0wxZj|LUtr z^$CV*mX95**m#mrRA$$44#%ezz_nj~m?l(<<2#tVcv84IGy za<{qXOcg&dD_!Uv=@7n+;j{hgu5u^okNVM|A7ARn2L1R@Ki<=i<@&KuKVH_47xd#9 z{di11;I$4v!t|9Dx^2<95CfUpx1F?DrDdbw6mmm6N>{?nGc24vDE^;gfRhq9c{(6TiJ(gF4f(hoj zncr;ZA(sz!Z0jni6s>_9j$(MhJ8n4TWo6wW)j6(~0riUb+kedJe$1N+J#-v*uZ*9g5pKfWm{#!qU7g$`bf+ zUL%k-LC|2;>nTCAD;T-8mS~tAvQ76Ki;LzeKbq;ljHX|yXA-h|CwtY+KIRLf%L+3o zV8p*W8UMnyo!E?(wPGKh#m=k&qy&(tg)8B#;=-s^hUwD6VwRLiVZ@u6Y#|m!THxHP zA1!3U8O4v7XXPb8TyTkpo+yPxEX{DkXV*omm(}}TroBGIk@OX8{FZ5cIaxX^qi$r| zkL-^4i!Ex?%nU^~&f=o)cg6NIe3aveqAYbF+(>zf2*WCRo_n~==HhDE$n0#RO~l#73x*|Vi*oPBg);L>bmK$->v)1VuBy{zeo{q0n@pLMVf zx!(0oPY{5%-*JIf)@P@ZaOvsscSuiXvUjV5cA<>MHA4pcc$JBDPImm5fl_cncI__} z5gxaW#xR8hw_HY-iunLZMJ6qw-Qy;7bJ{n?^&R?|2X9llr3vaW{N+?OC(ua(MZ*o) z^(K=KoJio|QvqKnVE#_AB`%cBbt5=YQI5m8C{m&`55|C`&XJ}L3TbO%6aw1IfJzla z_anb=pRVEqHdc|@5z_tzeoy4fs2;ytSr6?+JAobAD@={T#4?P)ad+2Xe$*ve;=_LX zLwL%y7(bdf1YPXE_! zq3R{Mdds~2O5#od2@RjwBhgsH{qDPn_z-MwXli>ATKaf21WS(~58jvJMPt#((!#cZ z7PU73VvB2TRWU^x*4g$4X!b5`HrU>%)c5^B&!NG0&P=rdaU67PAfSk%g=WD9?9QT) znC3B*Nly>JG!>+w?+mg>k%F33e$PYug*$)W5rhbm;9)3abh@#+47;0YHjmBb6HrQ` z%Gj)V$I-vmpjk^9H-7{ChbQkr)2-fANgB%7$Ea>L6f;6RCT3$iDU7eCBY&{6zMf*7 zOgwA*MVuZMv0&*}jK!7AiQUYLC&Ke|1)Q5CZWFq(AS|DSU?2Sj2Qm0Y6FhuI2d16v z&6M>$=(~CCLdbzXPay#b=c(fz9xPBROIicV#=ok?MiY~Di2m@$U#nG zXRHVGpQEzLr3S;82B?0Qf|-Jj{X~95m3akGSw{QQUAMB!R$bWeOren2kg$b5InZg= zb=23IW}#dXgCSMwul-zDvdov?he!MXzELbD$zE*gNcE;N+6(BEKcRIsj^>8GE1@+| zp&^|r(v2@@$TJQ2i=*7vv0&E=%eZA#=^QJf(ye+gMd>~o;Zr(k1D*jE z07Mob!clFSQukwxDUmjlC}FZ8Ynte0j;H(Jgj`lHDRYg-3sP4iXKUE#ZzjqwPRuM~ z_Z5Rf(S#CtutNPiI$h#;RQv0*l^Ul@#OF~RtkB;M@M*$TL}j@ik#>j<5$q8@*uVdr ztO*bba|J83D&jONwnW>%DydmV6Q0NtO_=*0G+{eJs?UQ4^kMv9=mK2t7z8Bf0@P2G z3}*k2k(`lrj1~`3qX;HmL*)$@5gXgR#MJX3r}Fv$xFit^-wkM+RUbpx9G%xWH*KyD)`p@b22dAhS zmL(PdXwQ8I{eK;voX)^!Qh$t5e~_j>Kx0w9^v6b!^1s_3`@XL$2X23WC+&~pFHGr= z(ZA?ePWq$6)IaWz*knp2*dI#^b0zl*_Q`t}{BfULo?xFmHYH7;rmLl zeD+EEx6vopczu%8AJ=jIBIut*vEtDvMv1r^2?@w|>@#>Nbz@XL#{*JkFq>KEuxPwp z<7%ph2~He&+{=n^v9JiNS$ZgF-98*e94=Mj`X<=?2wFvlvrng7Fm+|ol3+90_R!6y z7yK_hoWh2!tl8sDr=RIXw83Fwq&+!JdhY31-H&iI} z?;%JSARGv0cV>5Q7t@p}Bk%|A)5HsBya92W#J_|!O6em_;{VI?)bWN@)2WosR_4FX z4M9UDZPL|=XLK3EGM_Mw0?~9ejY4?_MRxxF8eAis1(JRS0lAcWo#>QIsA4KsI$?3N zy8Zy&kaCjj?O4axHsf7)v31evF96xzHeAC{MLW{=%ybIAYnwG@D#iTH0m&>@u(A$$ zn^H1&|Dk>TIVXG`Q{cTj*^?{PGGGD*7(;TCUoE3Z%pz3a^rK@Ym_)F$?tE8s;ixcM zV_tM=1Ttv}<%Gy%j&!00678AHrIXm4LK~jzT8AEyGa^oF(+(gc?(bBp$o43dvD~K^mEL3rx3QN)Qe0BEHKBZDyDWwj~ zFx1QZk9o-!cNy59?h>RNdpo4*;gM*3Y<@I80oyoEDqxRr6G$GokP|Nal5f6XuZWs0 zA#w===`edm)SK{29*dD8e#z$-3Y1@P;!FJuzZ6oeFeR}X?iqpWDnUVr#Z1DK@uy1t zX+ftdf-q>D${+C0wx-g;ovU9kIas^m#?f6@bY11j6@6%-@N4AN*3pUwAGjwlW%9pXe#cmP3+rw+lpotlDrch{cCbnQWMj5C~MEAz6-5^76ydJf@1Fcz_fl!1P^v-lNo2cbcTF{^r zk{(k~gp1NFrFrV-Z*aMs88Yk&3e00?s3`>;^Wa`SqU|Xsbb$`ZDEcUL*9hnRYoDAf z?_aA}j5tt*X|;=^&iVuA(=Z7UeE)ao-vibEqubU04^H;~#S{=oG2>rQCNn(ql79M2?~)d;|<`O7BOE!zndJ^qsOZ0RN}^ig&Ge;qhrtLen7+ni4PEh z`ePNJx=6-@NUmf4P-m5si3c=JN-&!)j}oH}y76H4AI1Z1&-4F|Th10oXnyy_gMF5! zjR%dxOgtDrHeEc3T;F6os9mn{pqLGUyAo;G2xQU{%1PouhQO2K!P(cT^$^-bJg5_) zq>Tr$<|cOiWo#2_6r- zCm6scc*Pz#p)*bJu(JMf<}@#MY(_bH`_$M$nhA+8C{QE$B{g=`8OZ-^>=<;D`Wj^; zDR#(@zSyB%=*Es?ehS2nQR9NKL(~u*uUMK;$276ywa-lK`1!Qt*deG=Vn^15|2}q{ zBgvPEGU$hOkhask4Rf6LoJjbC$I7%jqkLk%M1!WnN-KkMB~iubhp><>&qQEfqvpmA zr-K*Ptenq&fJ_kx=E~16N`=Ic(hfa0qia0$;>AwXX>+wN>RiL9b6aZE`F&+l)KO2D z6mYxa6N91yl4DS*8-oyFWTnH*)*x7VQ;Y~h-te@*?kaNUs1pW` zq|9+ZW>|>(PX0`X}!2YfPK>4&@3FkV?F?)DkIFbDBzr8q*^h5WAZ zDTCgLy=zzbFI7?HF!4#P&%~!(sqBkS;cQ}9x0CUTwujWlw6ASKC(U>H-4~z6zpn8q zQ<^f{XRMr&MJ7Idc)2e=X-vU*rD}XIK51iC3FRd5X}&b5 z@ky)GVE$RI21964d{PfHO>H3NziXlevudKjhHAHJb)8LX@+ zoRJQqU?#f~rygqFkgMLDW%X$?fav;h15EBky+FVkhFUM`D8M=&^KqsusET^%g4o~kO3?7+0%VM6v=_0DD4b;bWuI>V$QgryCd8;j>@8EVru{%NM%+i^n44A^)3&NFkTq}x4)0idT6} zIg=(xJ(M3-hNqlh41BgoBPjRSvS{b!1FV)fAEV=Qh@Em75SLdJ^~ZQ>%ev^ottUo1 zE_BtT*+Mxo^eM{8!v zB%j)P;w~mAO;TTUMH=c0B>~0t8l>I|{npB%mS)YR0Xn)|F1$tT_byA`e><18lC9e{ zS%VeS)}vhFLL*ycCGEwqeCOG_;alekG58XjORL9CutzeoOs7n&^CimgcR7YkcKK|& zgXQM)d#@kE)&+7qzT<~62O~o53&zmvQV9nurWv0`&p@AP<dzmH1Lt9gyWp6*H3y=2c@26ZXZD!I@HkE*FB;rmSb?|wga~L z*JItSvwXsi1Y+Hb&T=he)%r?ykWUbjN$xhOe*L2pU5GUk~tC{1S6gl;VuExP4i zmlVSVTXJ*tED^ZonTaXp1aqa)u{r|`>R85QDg!A6Ich1RV{%=RmQVJg%S*N1EQ3`U z*RYWIffuw{q4MUA?8?C?Qi^O8hSK3A8XZ!^?t6*K4{4yef?lj1WE7ETXtbhTAco;2 zdWrpr-qrpnq*N4%#<3C`FDp>>#mPD0ntcY(wb^`u(^+8heeTi6mplVO{RL*;R(f)Q zNyjI09&~{jxyT)4dL6!QVgMxHAVA}|kKBAIViM(FDBwyO`q;lvVD^dn7YZ&e3-A?O zC=f}QxJz$S&$i<3WKZ<7z+}(07wBY@H5^aQVQMtxT035uw zlzrJKRWB(CeJBxbRUaCj)@ggJgWG*jF7XCr@Fn z&;xc!qYlyG)1BE$Gej3L$O;gwcq{b?e!KcJtXluNPq=0Y(rRv>ihUT3ElazeEh-44 zm8N}d)5#9Z@4oq=VbALP&^l=fN0e1{PdvfQ56v@M7NIo;$o1@!i-Yq+T3hCa-uS!D z53LhsF@g|6j6fzWp`2uXs7&BGKcv-ZNq1kUc1CE@{E*}|5Xxqu)VFlVIY}L(uSg`# z4@J*3^F#8wGjzvHp~kFd-+O-2{7~ml%>2-{Ov<@NPZc@_E%QU8E(*>MJ+KS=*_lDm z`62B#XMU(VYB=*lgIL;|A8LmAp`3I7cz)=)C7d5>xKQVZO38zNe#n+2P3MQ|MLMc) zDk)>}Dn45LBeo+YaF{6qF_V)S^5wQVgTt90La~|r2|gWOXqp5)ot>ydg~VL~({XWB zFzEYr<9dy$WZE2F1ZO8U+|^{p)_k}(E*69`JMmk##uhU>A->)!MvyVIkz16UXkZ^037E`H`3PANY7FO&Hl0Oi=yE!P9Z zK)s}OpuQ}6p!HBa>&70{^LJP)o5C~31NiVP`h|nw`BFmXat3h4UfnsTB~D$Z39~~r zTg5ztld7{O-dD|zjOR3zFrmYFZQ!R5FOss(tdexL5xLwP`)T;r(JaCFIp@vB-7vT^ zZ=SlZ(<~x4_n1gS@xbk|R;(TcoRfuef9&5`gBQuZjR`3VOG#KD3mq8Vql+~(QiwXl zl41S@Yn4lFMP=)9=`4|($(InhG{bd8KZ$fC?lnnzv7pvw6i&Y}@_h9h@{8%c#HBLe zH7g`msP)#aAj<#N4CZHMw6<|L)e*THubIfBQU$t%nGBhSrO%R29ePqxNKoQyP1S z^YuH<;oJd+y90DjgD1*t5)Dz-8FJJFjg2BRo`v7t>sL%K@^&H-@sl$7vLeyjD1yk1 zcRZPsHi~^8TC$krHpl zZROs2spRif6i@XgDE}BNxng}6HW8ZM8FGNi6bni#tMtg^{Jn%?0&)FlBW8WKj8E{v zW~DdZUC)I9%1%3^vuq8i$W(sD*;w_GqQ!RQ10e3Al=a+xoo4D{?momI^X$c#{5-(ok zQQHGyll_njgyDI6R&6_?d_Mi5#_r)oH7$sBrM4zbuXCQQahWx(qH)|ki<1yp(b$$~ zHLl^QeTy5KnyQ0fMO@5+hzG|frXG*Xs@L{#?GLgMiW4q!1eJqz_Jh64cC)LRo5Rrs z89X;9Z|8*Dm?g-j8Ak_g2P@fNMe-SY+K-x6A__PjU(h;gCuh<1%q+vG^2{sAx_7d( zha_d<53V$sc(xGg?5j2%E}8fzX9qKJi&T%ZIg6R(mAYtqeevhtQGH?2mrDv{d zoNjMklSaji1D{KTQo+h8c+EKQs}5BM4ofqgB5oBurEb;;cv)dFYD1$6OZXYjx@H(0 z`Uue3#!urpqAmhn<+Y5eo@D(T}9{} zK13AARF-l&7P`!mi7w28K*weQMvH2Ywgb-$(eGmw@_E_ig0-sUVUT&6Hgj1+8t7v`d3iMi|8dVue znXA0O!8#9l&O<&Qmg2ldhW+Gj6e{=4_^e$;IjBe?FYsz3j1GZD#C>Eo?vP%Y1(b;u zvKNVp>?Zl*TN5nT57Qcfq6FCEmdvBe4vLp4k7|)rn7^v}1g7 z^8>`L2`;S8z&Q3|R*3gYy0AwDW*=I+0dT4TdD-*x!#zxr(SDFZfq)*Aje_vrP$o!7q+Q6uR**O6x^O7*~w=H=C#s z|B4a+N)Z3<1`~aoj(?~B>G)RwRpdYFb)oYNqQqS|@h@E=#J`nkI<}he?{X9W=zIQW z;$H?ag2a_dtvs)Dp3}s?9wz=B!g_G$De>>$Y2x1s4!9kmyJn{GPpu3lXHRSRFXG>T zo<6l#ed)2qjgb>sV5rRGgh~~5Vn4Dt(Am|sv|BR{_&nDQVc93Rk$vk3-M9PDKHEb#?XZZD6AdbeRP zWmX79oJH!;DOLEirz7X%k4kdW!8E!&5KOO)GMGN{P8xkp6HFWCnP7UL*`Wa`QC=W| zhTtwQJ9MN3(=KQJ>0o;6z&{;KFE&NR6-XfPTnFyI@FV)!44u`byFs&!dAGa&=RnZB z>}DruezWNRQ_y_3TT?+(6B!dU#XUiJa_!^IF~^8MX!b}GG_}47np*!a1?(oTnYSU{+@V1;5HH6ck60ODti*OR{)rDpzQDjH8Y)(gTrV1L-nf!ijb=~n z#{nZtRxgPxw!_nLjPO|}6w7B2e|O-A>5YM_0)AMc;)h#dDkKd#_=z?fXmc0a^KS*( zd5YGNF5#NIO5q@HPD4+3@5Gkl*a#jR8kwS%IVD8zSS`*epB{3s$UM-up8 z@8zKoUuj5ycuoC6)Zf2vAv{+5PWA`bz)gV(b7k?Y+SBNya4j}n8rm+2@;EO!h(+`G zfG&*Y$Ft5uIlUMsT>Bo|2dEUF2p@{^P{;=)D`+<>Ukeuy@l8@#M?rv!jH2d6(5zC3 zXL_P|*0%m^VtPHk=)p-IFp5p(cXYzUMfBy)9zthyYB~!GO(=zhCN40Ud4x>6S5$c| zYj|BD8a~*qnRa^zn83&kIi}VGO9VEaYHB7r2#`u9vSH-^+y$;iW@`_zU=$C))dtiz z`TYLKBfv!gWY-azw;?qVu|6%+&_PI@s z_FcVyY_tdMu@Uzv4X$srr_B1e(LQPLx<-58aUV6>1&96CXn%3?jz;_Ztsil-#S?{a zqcjm}9(GQu+Tc?ja`|BQead&T8pnmR#!4mRI}`<`z#fhJH%%cy$*@N{LlkTswL*QI zRv;s&3w^7VbMLg2TAc&6TBoZu=tX}mET3iAKbdO;xDaH8J~+{EP%UTECx=hOc)g zr_}oDXVY6Ejb-U-jo9k1l|>5w9;kI&x>~y}_1B`Cv#$-*I@hh`x?3yjiuYIx*#k8! zS7g}Ns}&C&athoFM%{h7K;_g=hq|@HD9Q>w&B-Z8Hz`MPY54T%<`Yl&bTc2iIbJHc zx|wyP=!?_7=*wa!r^h5lW;>vZXU#fUo!pepK#u#~Zql2HKo8tps7+hY1M&-TaOu%?4NghBL3C+J?q8%+d#qohJuDXP!J0}fgd4) zhI&fRXP)+C98aR0vg26|uzxzx2eiu2T&Z%z@4hNH1(9J7@v6)>RR(F5wpztn>#HKh z5%H?jnkp@|%8q@dmHH4RWC+9Ii46O@f4YPXHdX$4sPM8_tGsxFuL{L(zwA{xz*HHn zRU%5*Rj>I7%Vd=)UX@LKmHiG{~HLalQ3&pyIBv6YTq zmC2?`wN~k=RfgDoJ@z@>V}C!-Wq*jN(nG6^(JDO?zAD{W;+zxj;2bfR{2q@bi2b> zg|~;x5O$GPned8FlSTP&_Nx4= zP}#p%t3>w}A@@wFa<*4xfvGZ3tGuCAKAGujr4@PUzmahOb}tVU-_V zaM>Sbs=Uxqc=^{}Lf98y`>H@N8TM;lm4i%`QCg*?w({xaJ|Q2?DsivM<`b3uwp!&Q zZDl~MuNAo!uh^^ds;TmJLVxs^mGT zROWJaqJvF>?8fhW*cP6k;<`z(b#t+0ro;Bab$)CuD3s}bY~u{Jc8YDxl@4t$AK|4a zE^VF7#I&1~0*#5oA$LZSRmDAG{+qx?p+V)R}?f3D1PMed{ z$Nku12HWQygtm4rZ7UB?!|4a9*oytwjy2dOD7G~&wwuynyD=5pZhmav9jBbOQEa1J zY~9mg+j6a+Q|Z$M4L-R&Xs|s6KMQ@!cCmeZSQ<{>sqkYHxn1eUHppN*NwKwadtqie zYzL&$7V%?iVX&=-NrSc}W1K!cEgiN2fpbuj@U6n-Ys{JC0@r^Wt8yEw*iLY<{njN7 zr>`vbb1Ifq*2@N)?j-W=@B@6*rlx`9k!cNX|r*q znak;0y_M76ifxQbTbp#)w!Q18O|rmy{n)NI*j6EUgSI1GY)d+)k=sY9v<>iMJIY`i zt=OtuY~#~mYa@dQ$G-_}J8U1PpY>8sn=7`HTx@yiu!WxTb1E7#*N^QEgY8}nf5B-d z7u)*0G@O3?4?i~Xx6pQjE4TLPu>F3gADiTVkNUAqG1zWaY8>f@( zVSa4A47LLm+kq~pRq3!jl-j46eryfLD5o#)C7do8<@9N{blA=u=ci2~;LBh7O1bXU2xQ*6^*Y}*b>!|8%aer#f=H~Fz$Vz52Wdoir6jTbw# zJ(CXG9;uvm_hZ}FU^`8*Mch6;KOMGLulCa>efst1K2BF0t(<JZZFL7(9C#pk)Jm4Z*%ZW-}3y}S{rP=6`Low!RfGlW~E?T z|EZ7DSMybFtI*w`?R%Hgmg%sae2pKQa5~M8?J9$9v|^j-aysvTG;$l88tYH+W9w+J zHCJriTx_N3uyszwwt1tE)73{Qr}x54!09HJ({|~w)!*djRQ%h+er&Y{TQ|k_xQp%W z{nK#TF%TC7+fYBYo(9{SNMb=-@kmE|Z%Bvj-6ek7B=2qI$Cfx!IlWM^-CN>d%TI^x zy7_)=GM1UY!6&!B8Eo4C0&UNn?_m49LmE!o-0R0CdB|u#wt)uQ?TT%li)}_aY{$!O zFHVLp-m<+PTjLSRX&1#-=*sPsblCd;(@&dl`tBz_PM?j33*r2HUqVVbHeuT!*#~ z+oj=j|5VF5-;b@2!FH2kYvamoYC3EmrD|`sAKOn|l+$*K?QNIS-s!N7OSP;;ANl0= zn8EfugaA$_yVy3hO~dIcskD{*v7K$Oou=3dU2G4e!!|w@+aZ2zyBcht!{|WUHn$gw z(qa1{Fs>ILvTmJ^(^opH+$Jct7hP=4(_y!d8uDUp8o3>l zitRW*wgU{dr(ks8G~!|#l@8nKcl)(heDC*beVo3Zr<|Uo*w&xp(3YDH+ung$0`Zo! z{Mf1uw)I%F0&NRi+TPqZ4X4vD@zW;Waer(bUE&bTO zIaE2_O=(+K>~MNyI&4D%o?NVc-iJQ9-D9vljPV>e?dD>u-^byUyL5HiL)K$AlQw5* zS^Qh6AKU4It>RE%sxn++5)#!zE4EF~SQ=_P@Qw`Z9(OkD%5tg|I!lUjkICN-#tO0( zx(|f~rj-eq1PI==!}V7yH0^Bi%%4Z&=foM#eiSS8rVA+|M9w5?okHP^b$SqTgB&6h zY#UujdqVc{ATwNS%?X*qy@QHvtP8O_0dk55DRLq260(uo?X*r0x1ARW8Sg>%b|Lo? zvWExx(ZyCp$m84^r`T4ykWqx3;6diNkO72zC_CShd$f@ zI}QTm0l8#Iu)XF&z9giF2Pt>4y-CQsax_fp40a)N2^r-<@?FSXgzRvRh*_a`UC2a2 z?(!hrUC4!m9O*&YxR59zOL=Zg zTc@6oLp(^COTkh?Uc+%QgY66#@(dxvJjmfL7|H-Y>#f4N7GTDRVy8N6^$o?MW z7ninvgv^uMJ){>lxsWb|oZ&%k8sf+xn~<;N_6@01;zEAGDY(Q99%Psc`Gk;tJV<*N zvWSp5xX{DMVB27)o!Nw(;z2gMkXs1Z$ZI^b=T334l@l`FgM8`oGn|k;Jjf~+Qb@?- zxO>B3%X6_ELdXdol=fssBq@CN&Izn1`kW3fy8X*sCa4w~?sX|BBV?2Znd(A@5whc3x6Utv99bVn$Xy;}jSJy^?!=KE zzbn7g4A@c~i!GnD5Lhd7E9}lv|h1^8QoG)B#7rGRb5^{F|?5$m5^6*eYGf*Bt;k!GoOPLf$6i!+N*Q zGcM$LLay{6yILIx?MH~@Kykd_MR5r9l5LosjlG^@ke}oH05-OtgA0Z~t{BQ@3UJkM zInLtZnjpTWn5TZwKK9#WO8RfFLT1f!vZXV^MhgkRMt5SW=BxDH8-rv2t!;ZG&KpdQ zTD%jk*Rd53M`H)MZ=ns+b0z2j{bR5J74+b^fYNgT+bJYHr+^;N0+I@`yA+$#Wm`4c z#xMQQHl9EaP9*awVxNFRmi#KCmtsi&mABY_ z^?Zmb?lm9WFF*e3)byj^n$pheI|v7t(7{d3M)2 zoG|gVry|5X656F_W}9mo8rF5KYgmK-EA7KTQDQtqlzd)<`tw)hv1nY=@_4*O6Y_ZW zy#Jr_I5C_mkNrSVQ}PH;euHD^Kd&Qm#s*}9lhxWIV&5T0CQvTe!=PLbHY^zirKB;S zp6tuRya4v!2a#7Vgrz%s@mwuE+%1%(iARqBpZmN0?xSBqQ+|Qj^C5ELN0btp z)-H;dTh_kLVq&?&0Vsn)PRPcM-{m)ST~V{5yd1ZnN1&&$lrnr)=0UXd!ii#t0q+zWgb#bab0L>scBHk3@Z>?9k@*Y#U$&F} zcWoj~|0lz|{s_r*(#0pvfy{3gnJ4Mrq+ru?e+#=(( z2$Zb25Jm7g0bvD2y1GSpRvKCzg;qxkU>m#Y_x||apWlB}TPX&LBG8J@2}Oe9c>t7< zhos19rLdV2w1Usd60lQVA~rJ&oR$Gp2GgrJIU1i@CB+LXqw#z7ad0JGXJn#5)U%;z zi~*kKlyJ{SwmqqJiuX%rU0o_utV{eO4CX2r43F0tq~$=mX;&hJReH9V=&a^-pnmM9 zAA3vP?x^d8C%Lf7e&w3f<{pD;pt%R|A=hjqRhgQm%9&av+C-JJ(p35NcWLEEeE67} z$YUDP%}71$lX2s}04gzQPCdDgdU{y;QrfBF?~^poV18XXJGX^vA(p=h>r8m_O)dJI3g5%4i2oLouZBJvk2aVT?bw0GjYRo`w)u;x&#)2VRw8FX2)fu)z3;x}Sr3C7%m%BsZH6NSmU#50mutS~ziT z!=1Q4;raHE4~7!gf!~e4LN8-2asIajhFK^F*T?W-Wj*>nC4qD)o;8UT#4UP~sCdbQ zF>WX=-h<0A6=+dL0l=}`TXq0a1Yp|a!rj>hir`(jR;aHu0NRm?F*2q*Q1Lo~Wjyq2 z77hTTUIZfD9Xj>Hez#>LPNaLZLSNyT3bx%zhx+RDJorQ^)}&2!Br^7lUN2#pPh9h`Tz+RSICtYh zYwUx#LI~!wshiVshyqR0k##mS+q0U9g0_|K0R`O=brf{sBvsJYsG#xC&vHm|Vy9wU zR2HpXR!?8KnZ9zf{lfJ$#w)0g-@Io!k4#3vNHN>awr|8JxM2_T1A6_$nD!!W8HD{z zA|Ft^l4!gQFF3*%vFf*?3x7Q^x-fApt_f`&UAQ9@t=`chTs;yL#rJ+57ZI=iHvIDE z8RMRy08|*%blml^QY0g9VuyG@M^weW@5vfjvun`o73i--DgRu=K8=SuQs3e^2a4L^ zusWP!>u7ZyLc&N~@AMJh^kk{mF3!YVY4LpC*qPfuwl%u25p@3R*a6L!;Sppug3RYY zL%jVf(b#(fVhdL{gkSz5W88BLr4iDCx=sg5+T`_Mp+r)cE3_A5e*2<+F3sg2PpV27 z=W%)v5a|!CKMNc*d_LVC7SjtF=)a?rmek>6@pQW|?XO+Z{AxcoQ55q5{dfYCCW#A^ z^poSyGlRLGy+?}=8{@PF4E~{MjZdQ!X&n}mf10q}-s~xW3*#DQ%nXR^mcZWdx_vxa zYWSNIZ1CyX1KT?;7@wVY46Q}8<{7R2+Q(7eqYnK59qPntyB@KnVU7S{TXiwV{Sx-+) zy4uaj)CS%pXNA7JhKv3%BnB(ldGX~Zn)*0)ly%29(-8^>?xH&ra!6M!G#Njl`VQI8 zV5-YD-p5RJiJ7@5*^kvjd$2mvkp)z_K+iOp@}0D) zOvL<*-b0I!T*~j(0(n;sBP6uKM8}85JJB(;Yk|IM#IE0_;SU1UjqGw#YbSLEy7bq3k`I-@UJW^wd|kz>lHAND04y(H5AZgIN z*932-DfYFs0fSmiCQMs-!lm2Rt1evcj}5lf-DwM4+awZfmHM#X=&M~NUG}26lG$xw zgi|DLdUetgcJ^X>dxdzk8Br+9rxFtV>Jp4s;mI0+H&q!)RnkS^4`<>bz^Oq2+8DtK z)9A!JfTZj5<-rQQFyvU(exxx4;=b%z@0cW*+JLY!Knd!hI8G8rSn%nZh9&q(W zw82DBGzhnbEhii|*hsR37*vUbp$fk(w&$J-9uEt+Yaf4TWR@DkClukNP4%e6{B#{Z zVGR0daz)P)?jGlKZH*B+2n8~9Kb)I=81Ai+yO@xh)pjOkE41(O-om>*XN%8b3aO(r zrLmOmyWi1lh%$;IB7q`#!2Q32DM~m1%el7)mSYcoTX8!s5fv#?m`xBgqOvO%_O=3DPkH(g|FR)u4ZMKs4w~3B- z#tV|}Gq37-QLl9KUw(+^C>tRbsHVtx(vo_7U5wQA-Oo5Vk@X%wP?8AwkI(tO=K|*$ zjTYjW-A}B^80|gAiLyU&G8Cb?ct$V&q06Rg|L10+>ZDDZ*%JES<|q1JKhyc08CQEM zuvKbN1!{~#p%xq*_i4d%*yR>izN@!h9=^371~b)LFAmqt2hI4U91=FoOSeNOCQ{hR|4avmZpeWERZIx<#6xfkHuYrHNCU2VU-0PojXoINA()A-82s z)1HqHim+DZVN&8g(^>8D&Q!-lYB&<mJXv*DWv8uay1t`o4Z4mayTJez;A!E+d2%Xpf9Xg zoEXWliKkLo&*)m0_&Y&XC^EtX!nHrSW(`Fk!(d8GHk%t9*$7pcjO2=$;p9Pvz2|sb zCIt|+8Rk_$0`tgvJ~CDMNXA3Z1EP3~GPFP$#Vco5Cfxs7b(v$Z4K96IY>&pXwY`=)VSL1m9|2YTo`F?o(An@v@=0#<@Ec4 zoq=h63{!;x4)S>4rP9dx--q67qB9I_zzD?`w2+HEcGq={AfI+zy>)!J*5(#QE3|#2 z5%Sm{IhnC#^Khhz-{UVOl^NSDc2Wxrwn+))j>;-`CYeph{hspwLhge}mD_2Usr1xa z-)cxw8s9g9EWey(MPxB(209orWVb?UV$u+p+PTxs_I9L7luATP( zXg$=~_0vD}`MjhL@W~iY)J@RxwAqT5$sTe6YX0fZ0qizS=*J zmc-zD{rE;d>h8bX6_R%b20;fn6^UzZce^@i~+_E z*VzDM-ccwwynMe-(Z!O7d-)0Gi`@MH2nO7Gg5(>q!HhrnpgAXG`t4CvNk=Tg_t*?K zNY`O90r?)LF45bVH^&PCsR)=hy5U^@6h*APW*F-u{z!`G*oc)iT`&hU&|dD-z>24% z%j%#njr1YF08=NG)z~G2dF+OSee-1^>VuAh9QQ}Lz;Gj&kDGjKBIs{29}C^w*#v|O z%*8GuzLKajfd;)u8h2I}sWx%k83Si@*>I_%BRbfee5^CrOgqke^itDtsBI5F&KYN# zvc4YvdbHR5>4um~9k?46WWB@O&JXv34t0_{^b1_yeVwXEshbAaAB*2L@c|3F%dhE= z>5peW|laZidZS28b;A>~|cfDcW5%QKx-jH+AB8;T+soj}&{04_E zd@W#`=Ca+BfV^RDz<$T~`eS_Cflsmp>__pV`>6ovp7YrU=Z`M{KB&kT`WF5%``ZRZ zG5t`&cbfEy#=i0C2&kgOsWy!t=~K29#G9)AF$<}AX&L@AgkTWsIYRfg8~yq@T2Znq&H z7*`w{uDzPyVh1HI3%Z~HKjX)M7c|R-MDPNlbpPN;@_|LtU&{Lh`S@j&v3HOQ8PIj& zsgh4lM8#u~J^2TUpBSt8f`Ki4h01JFd7YsWieD}BsT7B6#Zb-sLNG+Fz0jcH$pzA>NB0{fH1)M zYkhNxLG4a#bVsh`B3R9$v5n1XIC4pY!r@M{A@u5@DxvW>cB)ZtXRN9wt&R)P`*FmZGTZ{jj zLxBZ-gcU0OvH&`Y(D2?@8fY@vKsM61J(#)2GP%e*4lWAI%9&W`9ZY41U*S#(S@DhL z#-}CFCv_a=-mlcS!XZ5gruF zlOO%bh2TXx5Yu^M=zffc5KDxkp{U$ZD1fkTb6;~V8;aQH4aU|60P+mUVg>^kxQMQL zN#SC<3)*j(>gaT!{qW>hRh}j6D97f^h}_DWHHFC~;voYz3PSRAyRqGDyCT7rF+&i% z7-MA;wN66o1XmFo#BJ|7L}`Z7ASq(qB6qy(W~(#Qvmo1@&6e?xneSYE6pv$U`E-P` z#37D&ljM6ce&159lB|a0e|KfFQ;GVjcm+$efu0F0`@STYqBoNl@Qd-Z}dI zXIP~^AUeP5#^=^bX5DPL){+X`7jPoK%M?bQhy;KLsRlX;D^wqJR*?doJkUNA^e0Xd z870xbNa-)}_dnMIv5yWIfg78TG5Z0Uq4SFxKa9qql4uY`FvY;O@}(_26gUrs&O_9B zP@)y zb|ixye?VaF!>-%th|@j-x>5InoivAU%4;zqRJrKY2Z{+c#y15hR%ixWDR`_*gVTT6O!kTIF|WPNgdiFuAzKe|h(Rw^< zfvNteRzF^=zn0}zZ@49;I^TaJ#K*I)m+J8NvCwX;ia`oT9`*+^L4ro(S;Msm6h5@} zWv(19`YI`z&3YZbM`LDSV84W`?YMH7H9zq4!~FRH{CrQ~=Qw^&^hcKia%%u`H6ii} zZY%5e75)~^Cgc(1|MnF}LSfb+$4=|N|Lp$#T(aC8shQiQ7$7bL#|}$NKYU+c=xG!1 zBJg}T&+y$5@O(|4X9!QW*e!pwf45?k?ET^@22M7drMnN|Sg^gdpDuA=LNq=Yx>gv8 z_F9*2W2+(5Hx3&&Q1kXk!)k0(dk_EL!vAIVv7k6H%r&uqeU0b<LP}6K^$Zk@G20 z?&84tluQu|yZ~H58NRsb(_BQ+7-!U#kKPHLzhj3xJ(itq=!CDO*F`7-#c<|K?%}^i z(2ru`kPK8hGhhRd(~Ek7V}8=+$AUL+AR3C?Z+N5#HU zylX{k7JnHyG8*0{@`_9WoPsw~TA}%`XiTyHZZ2{`uQK@HB7Hi$c-GlptB;CP`c~Fk zqv;M2;-q7l9QHr~B#%rEi-bx^4&zy^K7!fCbGEFb^%h0qIayM$IInh9MH`gK1Ge7B z$1}RFN^}!hnZ49@#g}S~c?}z)F-2JVk_sfHI-iY6vKw&;f1Z;t7ecR9Z=u3ukE9>C)c*UQlm$^FenN+@}u6$pZ z&a%#ZGF~D_R8B+(q?(-Fc|IRMhwyX5H%aZ`6^z-DiN_o8I~OLd7M4FHv5-f@c#vwIl3Z~J+Pgb#dnxaal5qvvL&n+d9Azt;`UH<8L(bqF z)K$d1v-d~+NAm2v+h3Ds;^6;Oo)2D;BF_cS{GmLrWqax6c?$Y3kFgQG#Xryrgfx+- zYgV0^AFw2ypFC%SF$s2_ z+041*UBa?tg99enc6iXLMhvR=p?oXZ&-OcKsd$Ucjuk8}$$7$QovK(rj-B><%9%lq z+c1_7S6dtch&3&&ZyAkqJ8o>iE?{c+UHZjC8`j;PaWa-nTVWKmO9Pf)m{nuzg*_Da zYTNlJw4g>_C|bZj+4lRZR6>x3q*X@Q^C=<7 z3i~d)ek==14f~Oo_!1t;$& z#?WA6TtA^sN9BG#w<1d?PLmQdI&GG2o7QQoeAaZzpt$3~jh#4Ji#MY++S&bOb$M6) zXwx1ehV$^dYkR5oJ{a~6QTgMI<2Cve#X|>>cxzBGI&d#`Rem(qM{L^(F*>rv&tzlL z2k6qz?0ffvk<4@&y*TQeSL1p}Iod-Pdh;`k5yX0|CPn_IQ!1=re_Ec1x7tT>Bw&frscJeu0eKF-!HYqYZNeSvMlZn3AXO00;nbxoJ%xP z+4{UAl^R1K$FlIWN+D%)NwuMnONG%joDSmAEg3o>XYlR0@~=oie!A}M$Q*8intt~x zX!;5&W+6J|TBmtL;7pLF`(B&}&dp}ncOJvdmG7;lGk}J|pk!vH5_3qAL_TdDVlR|t zD0cf8v>-i^*h?INS%}B-*=#o85e6=+_zUPN_Oo2Vd>{&lP@@YpR_OauFFh$%Ug8gG zOCojjf}1T^q1g{}wgTEl#QB$Hj9*ljYiBi(u}IN?h~#ZU^I(pVJJc|H~z8+bVtH4bY8l9>XjS30U+cgOMY;D z>?xMWwtE~JC}HJ<)|qXSUYS)UbBPc;u=EFkAWF_!n-+l?+Z0xokBio>D#uu0TQja@ zV^%agFSF{`{PG_7DTE2N%t^m;PK%SEg)NV}q&$pNuuQZf3XfN`m|x)vDZMmb1!KdD zNrjlil}NGxwFX<_f@wP69%ClrYw9X+AP^)b&Vx>-RF|O!lm+zWtK9O(1f)W_B^F~c z3+Kmi7PXkuT36&i7qRFXbKbbh%k)jvUGMY&x+ZfL<1hrL#ZtG+NWx3NyQhq<0d?14t-#3bF}l0{`k9P zBaRTC811+t+U#8>LA_Rnr_`dv0CY6elKX(1op9Q>;=6Fc1Per>ofk!8tD{@iM;C4b zl0{Lg<(?D<`g%mCeBAG%`{1CpbUly=L~h(Fz5svvoj87jFLo@UqQ`tr(IL-UdLRwe z+05hkJ!dn|40W=e&j3AWR%YDMCeEPXc>off&FA$18Y(u;1O#W>10TWK0N#9_hxtNL zQkWv@U^f2a1`9ns;P}rverkoM%mpFG54`2XqwwNap(*R4GnfsL!CvoIAOT}@tm@EQ z+P+Ul;#4To@y!-Idt=4Lu-r0MNh*#0Cx?%;M(MUJ&GvYEacGg0UKzkGrva=E&tdv9 z!Fh16*~ChGmC6kZg{+1t$De&yhuPN*JO1q*(ODIJ(SE*<h=KUP5a_2a>jx z70-Go=hNAPw#NQw?RuhTX+{3l@t575sIPzv%Np*(8X#7tU9Aom?~Upwu=;VQf4nJN z8%4WlP~-<+@NS|ff1o5AHrV%{C@J1u`f-4M+a#~C}#r5mDW&sM8F?H4x3($!ocd}~i+4o^DiTvGm&2mGiu2I>O*nK)sz_x)Td zK{m&Hi)i3)d1SeUXci^qU*X9`>hBQ;#~|efjxq+ZDhig@0U=6{$3qcp9d`h5Bod=j zrh~FVe>;X+Pr4Cn?c8kW z!yRA`y~ftiFB&>AdQ*w#pBRr0B2};RA%i2p1m&Pt_j-nw8gojQuQ# zzk72G)eJ1lKnoOl3j$7i1=2H%o%W+ZQIrol3Rwv%Bg5H1O;xdg{~v!j^b0kd@d7;& zbB76^?E$e(giKv! z$3u{w8$b^l9mBj&{)F0pk`IwWosNE8yBjo^(I`3@$_i>hjF9DQ?P8W(Iu&UkfuM@H z3Z6g}(hz%_=%u7LjwP_EYHp-Efg}cYSO)1!ncoi8+@tnLwn4clgXkZ+o#HIUw%8;& zm5Q9~=AvE3NtF5I^imc~IsJSr_jmgGi;Zf3ak5e=kPcgF6cNJuD;;(e=Kp950wY6fgqzxt>9i=6|ZG}U2Tp(S$#&Kf&OG#zH`4ib5Jh(ltKKHl#c zkXLBU-A(rw8-Xr0)nUz=>aa`@(J)yl2)6%c`|HC~{v!js5fReYUsbLDdVd`^#Prwd zSN<>hYr}3k?XN#8ugCv0d7X(M=95+dtAGVE!7G{(RwQ^N>YcHTmY z1{5^hZXZVmIBYOB5wM5ww3!CS7vwV2%={8Ya`rz=41hCtP6o4Wj=t?!E08?YkQ|^_?hB6k@`-q8 z&2652fD03^#p_FA13HcW2c66fAts~{!Nlg9okXPVAy6~k6=0B_r2TWUe1-sygaIpD z=%4}2As{d-tEP}$&GZm$3uQuMQYw)`*%cgXdnwnIB!>IvTn`tZCp>wQ_NQM)R>=M) zA8jM&di@{1{wyGQ|Btvgfsd*>-^UZp=zvToDzUMGP9$nj)S#e2K_(dRMuP@Ljfxtr zOH|YVNr)^O%p&7(F^c!&Hs7cbMDOC$%Lif z{yzWkVeWFyeb2j}_v~PqmM5@r#ax;cGfsz$z|0+XZQcpb7GwZTz008sKUvQLkvs9J z)>(~)E8aP1@a`B!2X1ldTmrX(L}L%@gHa>Q))+Hh-ECfxkcdw9#`<+2AFEL(l0^7290VNR&1H z(&u=uS>Nw;PJ3B)Ejg4)4#B--9eg)g+&x$2zmmXWn9Ve^O^4+TXMOSyxXoq$#$0i9 z_nQ3*U^tJO75!z|;hrxd6DFl*HhzX3AKCMTRK57WOmYfZp|U`@XQR%U$DFc!9XZ(z zYlYZ7G>T?gRuJxana-BaY=;ZLQS@cp9=Aa+j1MEfX}P}q2)ofagVAZBsXtwAx_?Ma zCgIy7&=urw{DF2EF3e+x>=?Nb(b=BS0t7)m3SgVnxQ7PA3ivLy`UcIW0Q=(Kc}M!< z#ot1%UMp;*Fl8QvgEg*%6{`w*A_|OtMhwwg;Awx@bo`@%%+45Tk+Y*(ZgkK4A&0W( z{d^Qdp|R(^dyIHa;0(1!22w3h2J8=oL8@N$nnX{UM<_2`$TqUS@e6{EQPz;#VxGAY znx4N+if)j-a&QYY8e|I=xwkzxkI)s7Wlz(eN?Bc|YJNb((kj-Ub7A)?g1`*=nd}oyJxxA^C*rNArm{>R-8ue2Oe*6%gtt z`UWcjv(@twl^H_@AF0xj_c$;p`5KJTG3)InfQuWxlmCW<{MwwE|J+XV?=ShO_tT6G zQ6&%WH2>>d>;RL1uawbi)6*1;#UfzQgF<*G<6L(CPtT@oK)P*K24a4ISKZv0%<-87 z18}o=g~^nPUgAdlG&-`JQJ>U``R-Ag;pIfF&cF~nr}6>wX9N$B4nUGFQuw~XjfZ2U zhn*_Dp?UvV(H=PvYf6&aNB*WiP^arRz_W}-PY~k4a$*hPlDi2-@Ig>Od9XugqYr2d zAB1^G38?3LC29awv}@Qd5M&T37&U3g}-cUWopc$qkqc21*o4 zw_C-YK;da>?$sHy7C)uV72q;zXqXPlEHYLLhqTtutAGbxpclc0``=}YwOc-?r|_RU zz`2D``_%DQO@Ht%le`0B{6Ps|2z=o(Zuhtshs*f79zDEdsXFur?9v%k4*+cRHGz4R z<&6K^sDEi-vOnHF=;37j3p14Zmsi%myn^AGaJ>#_cZ$MA@|LH>pr z?1~D#DjvUtA}nz<8bYm=Eg*n;J4U*!U^r{VYp8zAMo{%%Wm@U084F|z3@e|GH;p4z zttHq2%>Dt37KZp|cTca|K8OQZBhrg|FE0swR=nl2;?^C5OLEqfq|Ygo#Spq8gw;dt z2!4yEj?6tncD}aD`j zd8A%K!E3`kx=z_qarNlRYQQ$Kp|F=?*bY7ZLs*4`eJA2FzrlD|c!&T+2%hALD2-@Q zspD}jN=dKo;-B4Z|GI4zRhV$^w5z6>V5mWFH--wPl)S+oE1NRs-u4`Erc;wPm`~_Z z->cKKK}RJ%necHmePtGf$!4V~ z4ETA~rd!=kA5PA}j#t~0BcH*MLu^Zk7R2UNZ+H0YCG*)Eyn-h!k{4I=EbbCgX*18_ ze4yYcV&3VAI+DW=QJBWV(Gf^N>j-buB(pX#pMooh>j)wR5e{l}UK!=`>KKG$SDY&2 zOmn%HfH`tQx`537%_*n3mr-gFCzMWgOYxO-`bvA@7i?${_p_|z(08@9)M#8q2op{`-P*rd?6rNBvn-P zLs3pPInIR-bu1N z>J)4d9ov(!g>fZ?09TNC2+Od|Ogy|zru6=Y5WCEoY07T*@S32wLUHKrG$u% z?sJkR*x5!(NTS%=oaZ&iTlkjEJ;4N7qqE7EX31=(CxnLtXt3=|=#0E{J=dUsm}h#; z@NlYt!t^!RLZx;+bXD5_pv9_TV!Og6WR`es?T0o<1Z;wTe1ebf)$I`dy|cNQGb7Ek z(veuooOIV6{m>G;?dXS&!E9mUhnAck_e1$4LHKh01g$E9UM5*VKvct3yxN|J(7CsLM-Fi$Wx6HAXSCENONwAADS}L7Il=OICW}NmLGw9*<;VP-%IGyf zhvjsf5+3kIP2st|d(85Z(CVRmm*L-Mk>fD)q6EQQxwOQDq+?~dia`vsxW#0{h%ifl zZ5>K2fq2VG(Bo4cd5w$xL+|94gP0OnK?R8dKPz$NAMb0Od)u=<7P{kd1FfuZ`A51tujA0>6;98cg}SY!P-5}OI*2k>ckd>sJ;H*1*r(u2 zQhQ0(S9{2G_Z%K_Z+DhSS737u9Ros4F$HDZ^s<&#I2Yp#bSs-SN9ubqkZPw`4nwIngUP2Tqj! zxiz0@fnsX}xJ$TSiFQXLpseRkVI3R2Xfc|!Pze1-yRkh7&jE{3kvErKqc;kS_PiaPgz2JXwCm za|AFJiPN`k`zy&F;YFve?8%qMAxfiCg@UppP_1c5XW6TsBDQGrV9UAC;) zAAi$aEsqN7P`U0uN}7kAt#5)w4=>3bu!f7N}w&ZMwXCI@0Zl{fkHva0-dU$(1DR?)*coj>Z=gT#6~ zATts`q#ft4U6lKv?u_Z`0k%^%C_(zU+;zO#<|+oy9y55sIwbIq_YCd$$4GG_t_`9l zpf~HzQ%Em{L;8+!)2jinD&fZlM!GBSE9%SAY$*;WxOmL}u!R*hifZ5WYAceTi_{vc#wg zg_DyjmuQa-P@3CN`g}&+2eWzrcyPe<1Jvs7NZrfd@SQM4W*LuS7p)V{4nI6;F0ie`QW&cPxY;I;`GTJQ;rBS`SCMm{smblbD#rHhfO zher4vFr(Wrll7oPPH^m~0jnD7gH-7%ThzcP=#+U1iJZUrGF&@)Q?B27XIf-mX;c;l zU{nudJ||8W!;psnN!VlzB(u@UKMD1L=!Yj8W39R=nWUE_+cc-?dr}E)(h#|f)<@8H7&FE`!8sD*{o>H6T^)hPZ4!A8|-PidXZ2Y{Ahdm|jkpnj%%ef)s|O4?37vv;5#k-J$j@lOr~%)= zSAL?06O!wLBWZB1`WgGPUiL_e{kwW~r{kUP2_i9F9kC6rIXD-4b?x^p_T?IOHTLgn z_2DR=(dS^3*6~}g^wjoT`bdHp1|C;Xlu0G*}W;HJM9rz1H8VyyepBI>`9tN^<&|1g%(BCvn>rX!82_V8B;0qOG zs0R1Rh1B73xIYzVEc+XxAWt7DyM~0yaUnc8aa=a~g0R6BvfLNTa))F&3lPr>=>Fc? zfHh!y)!B0DY!SW&Y@X139LMB%t8f;+Z3b&>5^?mHl#@@rr~`Zb>~Gs1Yo&^fZd&-aOULC)mRgOabk% zM|Doe+{7H!x2T?s%|Q|M2XO3IGnJjD9{OCLWeFxQ+km#of8t#M_nJPG&L~JAs1waN zZUvRg%q4rwC$@FcI?%p980Yp+9nMFa@_=|I*ZF97`n6-a3Tf%8&*~L8Ppk_((WXr} zAMM6#J6v zlyC7Op_D6G%1jr0f77oR3qu*;h%?6urM!v{2d39xF&baiV-wWsebpFk;0u)kaKGeO1d5i)lHR{Q z5!g`#w)o>1u%H1}tbtvpfkk9PdK1`?ZU@*KLlc1sX1B(HZGKRbx}I~GL!PHJu({HL zF~H)a8k!v@9wieuoJP&>iRLFOVoZFD~GNMr|8o+5q}IDqaV4e+t51c3YF z6YXNmjYIeLQ#53)JOcUiPh)gHVIb#e$eV5wR4>j=fDE-t4Y_ScBILou`Sv*EGYsTc z(dYusEgJHc-zPwZN~DH-?L&!>k0s>1IOHE;edI<^L%u*mzH(FoWPfLnZwn+s4iNH3 zpTxK^!$AIk{yOC8t|31cPJk>OkmAZ&gzY)=8x2sKQUL)@j%&gY1MmtBaPf`8-dUF< z0PGai+5cfKM`3#sa<4e5>ORecAK9D?d5SgUTgE0p?o=gu&PZfJA3|Pelnwr5x`BL) zhWy@W!TJ5i6ClgHCo;ikZ*+4a69y4r?T0aQ7-RtIjkG;A8sNq;2>?4qb@0C27S>_H z5JEmQj_TL64wi}pGr6K>kH~})xA&3R0kk|ZY6H(14zz;u&p?Z%2c)SL9j0QOL zm;`_^%f+Vx*)gi7#cQ9aJ+PZf&4auvyf-o4Z_tWgAyQPnn;2<*q+vu z>i}Z~@Co0~(6pCofHO6~yRgtRR-triUqO|K>M3MGn?%Ft<$?b-9udC~IE?!H-gOpNNN>`>Z4n)dnu9S_T<=O5$&_gvFtdG@ zE9DfXeeO~kE~DT8!MKi4-WF=ZK= zqpIXnM7rPq9Gju$iVthb5F4VgHyRBJw50<2oVx-<>`=?ydAyakYEoc3KHr z(`c_`bA^BX)_o^^#2`J$fHENC7U~lOAUr9;Ri3|TD(%j-A2L?bBD`i}!7fZEtjUPn zvG+UI$+9UB9+ipaTt5_teTJ|zZvmb%5bMvc&S9AWJ=TZrKAEGXMmMoJ1v~Lgvpk}+17x${=42}FiBQ~JgT1AGK$eq zoP$=vq&aXv-R6XQwoQktz#Qa>$XXK0nB#abxQL@VVz6eOU@(!u!oJaR$*LC6W#C2? zTb?-HoSPo!aU+PkDjC|@rNAI-n8qN8!duDUR$$P*HQaNU!Qcdm0{gYT!OAjHl8w#+Q^N$2F{6Wr{|Zti1VLcyc2Hd zdwKP0Zk-_gj`aW1R%|+t~Jd79IpiSV14Sal7%Y!trPs$(~F}SV!pV`fC`>x?Pf+nj>FVN)3 zyyQSxmC+aVbV5uhR?!e>IG&XtW~;toXkb|m4X4CtkbVtxQ)urgG~C#fiiY0{4e4pCFIKi(^S3oxD;K5dli@QOw`%pP%=CjQ_#G2)pY#4p_x z1nZNC=ZBpc<^0XNAin>5Li|UQh4_!VWCn0xCm2Z)CDrRyKRJlC*THG8*Au-Z_C+7I<_?=+?B^vP^UCLAxAI=(k zM-2OGiBC%Grx`<758e_PgkI5USaJPqtQF_an@TayLV5m`(}=E!@D`Z{qg zU(`6%h;tDK8Iwh3N@^bF5J%QiO+wAlki{)B#F0W4+Cg$S%qJ)~t2Q_yZ2N||h9|y} zB_z(;T;zy8M~Tr1VtfFJ5t*|IGU|jioMHv1EAqGd9~2`){Jf0CFnSapSv)0`P&Q8> z8DBIC8DN)Z8D7NwyqUtK^>WvUj<0Y(5V)sU|Lmf=j{U(Cwk?-|s^^iGuHLCd*XZ~!(Pw(kEcA~)HXT0&4R$YD{DgT29Swg^F!Wk?}9sepGFOy$5cff^j+ie~Bb*91hS)`?_k}trjYo7*} z4glur*oEk5E{Nc69Bf?ioCbB>c(8P&jVyP4hR)|T6Y=inch`c<3V=vpWO*CJ$%7T* z;&it^YAW1q59d_2GE&A(@T!8m3tAyG*l}ZN7l^x3-bs_EjCZJtoSkvh-{_3ujf%HF zK?7tz^~nOT{B~|Ji?+(C)tKDXOLp;f^XvZwK1aLpIY#4C^#2<^f1}Hc^XHM}!k<^? z?*@PTP0!MvUE>!}$f=hMfI?!Jv)$|*3lo7-YN^qAG16Carmn>1yo`mc=ul<|@I90m z5kB{qMV*!@vP3A7$zp8J%I7(gjUMg%KYd~<3Y#N~{1`1=d{>HXoF=`@H&UM35aRS_ zXB@8zp=4;2XQR=I)B6C0 zYlZy{FEK+1w4ZKi z&t^6KHx8w-sCo>&Vzn4lJP5bE*lOK|v)3Z0Sa!etu%F*PXm5`jZiTyVvRc2}$LhV= z3ax$@HCmdr{5wqj30en#X60=)>) zHrgb9T*_+GH9ies!32KD3?B01#43FbNHRZWyzTH~|9_Jo{>Bx=yAz%So7IH>B=W>R z8_kY}WmPzpsT5Wpgvz8~&I*71a{{&dMr@k66CQnOb-|{|-M8un^Yonq9XApj-zC5; zE3BLqh}X78|JJPj@oOUT!mDOA%k@(A-YASeTwjiv3;s8C#{U}4e>lC-3<~%I<*fj% z!oqUV$pU7g3|<_oWl)}^lm53H8Q7b&41SIQ;F!Ffm30uKZ-zw@=SX{?)(H!s;04s( z08^zQ2uX07cX%B1bt3vrw)v+&LWrw#G?EG zz*6(XM}kVzjct$bs&gesCGbmJS2grZOjTFEFv1}PPKZiQZ`iv!A5`=<{Od6Qh* zGpaiUhw9QUgu~d1{|Zi{$jb+8T2ALj|D>*}*@ZMw4yAbsq=_OvN+Hd!Ax-Y7xowk3 z^Y(p>G`Cgi=~*I4h(OQUg(RU_U_K;i1;V}=6DdhKq6)T*N&&A?9$Nd@B>Q*8;eku6 zE<4c9SYfr#!ID{gT8RlFYp}0h81KTjphEe-2((iWS|${%&$Uat89L2^+**>)(Sq{D!(T zA-KV9l0KOFG7zsns1F5>KClkKeiM+F+WY3z{_>Br9ZmS^pHhFEKwR?p4R63!YWDe* z4<0l5h>Bz=g1UG`(yaQso?|#Ps~)Zd_58b_DzUyyqUVN=`i)XM>ZE;Qf=;$c|Jtr~ za>=-4orKhR9s}G6+ziiulbJ%7K<=CT)7wNRMRU5rQE`T8>vzye^mnMMH;PXFGsEcQ z)n@wR&ULcAHl~y3bfS|vyQ!0>iB9fZ8v|x-N@?^FE3`syn+CR6eS$Jfr4?LM2>Vw0_YH5j4 zLmz3`E@|OgXI>Yi^_ED>3Ff&SLtI*~W6217S8#75t=C6uGX;cQ)Ca@I$LfPY#246qWfp7O2;vMUY!ORqb{MKHdy0#en zcSnBzfZ9-gzj9C+lytPr=`Tr=NcDK>TXfa(C6!vLFgiLH_+zm_$X5^khz-I|vzFiL zpMD8}LG)l9Z4mug@ml^XtPFuvuTM8p{pxxxRp1npsv~z zilkltF{xMaK! zC|jY;I3IE?RGR{a#lf>n?^%m1#6mN!eiPbsv84!b+`-68k{vtGHLGXP&`5NQ+U6iy z+FUmY1)&y^Ecs$VWOFjvWCiHw?IS~X=(11mgds^XaC~?gOG$r!Wn$@L<4#`X1VC2j6W@Wiv zHmd^Hv&q!U^-{e$8>AkV&`>rcC;6*WsV+OCcZ;}r(0k%Fsp*{|ZF;tc_y11&s#p1m zrkPE;vVeqo_Jnq8z*_$ua|GZ|*qpHZVv5o%9apfp@=~l}=I~}!z-h#xjQ?#JhaCLg)692ty zp655Ke<1>kbGuosbv+x#E^@t8XRR0gdR1SBzXmqXN~jf*_&Y+^2QY@w4CncS`k)Lv z;C#Sx;ZvzJB7PLl3q~)xN;A5Y29(h8aP)JIV$Fg!vr_mQKLMjlrBcVVwuT7;L}GHR zqpLhlr+W!08*`rbvD#aCk^rjp0&HaOxBHm<0gSFWl4340*{0XR7BBybE^YY1%ZBGHEpGg&<|(Un{XQ7hmvaru$Yq$2=SMB+Aes^u zPY`X$aN1SAXYS`}A8PRBnA*uIGQi*z$eOYHg2+7jF3ssOuT%+I1xwQBN{zu9qW3CL z?r&TQs^2E*j9~N8;K@}A)8vwPzyk97{(`useSS%(g@r=i+pPg#PM%=d1NULY*3b?p z#YhZo6`|}fLfK)2QW7rCEI}<+GGL{@{sZJ49`3dcqYbY5Y52jP4bNFKym3*@eW=OF z7eBSZ;meOv7hh7*-UfeN5}F(7!&=Ryyv^zb_vcBe&92mDRp)w6hIOSYRek-X*x5U4 zB`9#Ew^3C}-7CG<(wQRRD`Kf;)r2sPjz-UuX;w9^XQ<;N zGWU)j5KGSHL;r^>lUn~0i1sCW^d$OM5upzBmpXWgx6!s zPwvoN;t_7&Z~$73F}h~e5OH&$%JmEmJaiyu1k#y-17(^6=eRPd zbuWSg`?)y~ryuJ@>-1!zUonXVlZj+VF!Y?+eNSJ}VI69PKeG|TSRu@++7jI#HAP7X z6Jj>g;DaUbe++}Tfq@qS9gd|h!|hUU$$&P$JsR#DFEWRtv$8k@+uu64I5dxaG9{S9 zg&vs_9LG{$jq*!y+)1;r_tD%ITuVYvnZdJ3xfTqSGqB(@(5umg9Tp1zfs)dSmw&5W z8BF$z;f)c0Q!D**Y$#vG_81{yubn4@!mar7F}3MYr?m~&DpDPD-UHND3 z)2WeJVQq<;**|qCk$$Ch`#z*~DjrLE&#`V;c2zNA!rsf_od4)=Jc1a&YoqeIIK2cn zRte`Y%@9>L%OG3VXF$rC-V(bNTv&~-dh?;C&PVaycjm&t?FOHhN;9R9RDi)MCU(Z`Q`+RnWw@~EEqoX#O!!JD8n98D5y zBN4`^hVL$*)g6IONCKJw%!*AlG5jU)lJHYfY~&a^RB+@$!;wnzsGg4 zGtxbZD}kMvD-Jll$dx!(MDCaP+L=Sc`o#A9=|6~FLvU7Dm)j!6NM9^MdX|;VDk`9Q z|1nW<2&}-8SrLSRrxHOJ@w%VL+E=?M zc2g5G&N}BCIH(4h*2af`S}}aB)bB$vE{7c-L}jX&p*vR(Bz2iuVjOtJ_@9 zs`68j*0xXNvezsKZ8)SDZ=B;UUcY1hgTHAu;JVwZBvv=g?_^pC(cIJvwV=QPQlgo&^vAMn6(f)Eb@|wy0KVZ|^enEv6|*1VI>l>|B~aH)^*PofHmli)hT;uJ zbPGj4X;x3TUN)<{UC-+9r$HZ&MA{jBD>Z!uY%k`sy$FO5XF&rwP7X~0O=#Ku^@5ZX zdiD_t=`$K&2^dtHAfLxhv#~wTjdV8YbAmSJC?%(|)!IyL%mJz%jNFU;udk3UbnM(x zeK6m`{w;5_dJSPY8IX_mQ~?}>?(;z+%g)9|f6>pHRkJIT%K0l8&@G7pN%EcFk$#4Q zcq{f{ywU~1XqNEGo7Kx` zjKp~W`MaLg34Z~(J(I{y*5~I)m}~w;tXsf}3msMop}#y*lZdB8wf5{EBk?X+5=cCg zBw7hVfBoDzi6Uy~I=D(W+3MoG%vPT069HA9eW9r;fMkPno7H01vl{gjs5&`LRg(PV za6NbX10@y2NeKuk-<_vP!IO)WVUIY{nzvj?DI}usgj$BE>NbpslM@>EzxSrL+e+C6Z9SV~0H|KM}%0{CX0QMK4zbtUnElQan7 z93K2E(J;(=dQ$eW?6^cbhjFe zX=WSRE}WlM+wll=>qFMoJOVwd$2nv++^0kVsMTwEm#MmAS{Y8UT*ykPBHGge^+-YG zws@8HNU(3t5I}MnY2g%#XP97DUPmZX3u7tc+E;n2Tk#ewBf$tgAQN zbKNEPq?OniU9q|VV+H-XMjygz7hqBaF^#+!VhRx#d{#xb&mJ+mXUR_tWf)dVFwdqI zO^@&cYV8G#U)WWsm7N`tb}ix&)0+k;ZGv{>T1c94!bT#Du#<9PJWLris|yiFF$i77 zw^Qb=!v&tGFvVN-!Q;@Im52e2%B0d4*){QhuP-_0q}G=y_dEL1{*l&~TNn@8o|g_b z`ttNSd!{ehi(~q-p(M4we6zF@eR%|Xl~5dUeJPLY%iqah1nzZmb?MC@N*Drj>rKC| z;r`EDM71gE>cvK``-&<>o3-K~o>zyIL2>G0ii7HgJ3HAuPdxcVNVpTl`Rm9|6$jc~ z#rVW1&NVw#oI?@UbyOU0innUUV^Exr;)>Hje+vRO(|M*^X4SC z=$e5EP3u8k5vu7~H0qH@LH9v1M;o^n&M)Tq?m^Ziuv`9!-h|*2;K$%mL=dqZva>$W zTB+LD$U|0CZxW!!8UiR)hY{)sl$z>%_w_`segpi|Xc8?y9?Ln1cUu1x*y+GFer^4D1KB}4<>ol-RJAC8GVGa4m=oJ9ooK8EeQ*c4;2&Zqa|9 zi~ipW{e8D5(BJF7r2mJG^anbjAFhY;e`t^BAMVJ%xD)zE?iT&$y68Vh=-+mG0{ybV zLCm4-zWzr#(tlVd^y?0pBOi3=r=RfZmK5x6Zn8bdHd3kE556($Fi|^%hERo-z?J|l z4ps=aka=E=Ewy|LSE}bKqWZ9~3+cvlB|RH$+0&Q~ufu6GzS;tY?Z2;sF9ijzz60rl;+ZH5YfiVqUBxe1^y!dFY9E( zV&T^VZMwS^<&hpc>w+)AY<;qNj84$O1_cV%Z6lG8M4h(hyW<#4K!H@BY_wkYQ}5pg z##Vx{#5L$Un2S!Qy0oO^WIR|_^t~%`Vmm)F?XKXLAyKRRq9ge6BOLTi|2hz9}LZ}(rtxzql zai)&S&F1+qK);_^ZFbSwjxC3@mShW&s?fX#Hc~#yjs8WQ+A72q-3#KlWul3roJ$gY zG7r&R-;1Kj{&HyPAW%H>bLzqxvmYjksnEcWp)zmS zbI>`o>>eMX9r`=S;Ug00%mXwbr@DPO0@Lqw2#OYtv2AobbB$d<^*U4cz2=eED922X zE4M=DVX^CLXUjS{gcy4>2`F){L}UUr4xhu0#0jx1I)sBzmbNbdgAQXdeRKg3Lo)lk zaXw5RM}cq15(Unf0seiQ-22%H-+y6a4 z__7WHPm*`){#q179*5Gyo>4#t-Qr$Iu9Bn#p{F22SjsJw2kP`}q@TpsrAUX{fGz`T zxDLPU1_7W}?JYC_eh82t=33lq;MRIb>apy&DAXs=u~D z%LDQs4b&08LfC?&Mo4_ASB)2=CBC2=*mDjvbOPv-!P1E@?1n9>Xu1;BK@JAf$O~oU zwu`{NoS7>qn@Y;1mP7{8afFlC=QRV{%R7i8*}purGkm2+BsO-|33mj+RU(CeI2)th zIx4bQ^Q801>pb#0Pu!sty86(nO5(DHH_1L0B zL~eVI+`x^j>A7*vz!{wWgU?mV2^tV2gg&iQpQ}rWVW;PZ#?JQz*`pyX;D{elYON2# z2~qD_DH6q(+)hrj?sb|TDsQsO6~&aKLpPj!0+FPttXI+e!+* zW;$^0r2p_Ce1NXBI($ZyYl$)>rN@^=Juz~uTas+foK~kfWR%mvObt8cGuah}8}%Q- zzP6bF$UolC(zlQ@VNaP?hiAkzos@xbJ+@e>d+NO!mp~xYKU1>`I1)G&nW&)_A2fzo zJ?Na=L7szMWymC&TkhOcI5(AYWBVq4$zT@2ANt-bF-DaQmzguDv6RhBCBnH+apzJ;nKF3T~jUr0p z<0k6D$KRC2uGtjzdx-ikzKd$~{o%SaW3fyGfAy|Dj(pfQO;gYJ)j5sAi8ti_eKP+9 zm_rB}GUy=$lu^q&K%SOc2MBz~Rx3`|ie#A1xljG5`G62)4vT&kurMq6kN9IL{E@E749Qbw#zVD~&OZ2FbZE$^=>V^?69ge}1krIK2gDcKM z5!HWShp5(MXVOPJiiwv=qS+v@P-YNiLUnpIu294 z?u6p(vcIjGQmNknJ&pNKcr`DWsScNB2z@q$jCs@;3O@kBPP%{gz)UVJYyH}5g*I9B z+r5*!Vruo+uOm4kV$Q;}J^lJLL)^gnh5@?Q7N&=%W8YbCOkJc3$N<6`!_L|(hsRMs zBO+*GkeLDUxs0V}Gfye1eEG%>{6Z1 zCh5^kFT-m<_t?h(U7TOW3-KI!DzSE4I?*CV$W6)58iK+xrN(4tN`X$9j+E%@PIeT| z?6)vG^F+o$v}(d@63^97g?w&u`5MOXF8i+e17rgd`@mcF$yGs0JdB5W9vm_R0HRA= z`Tb2-QUo397x>3BFtia`6!9^glajY0j_B&Q|1BoFz^Y$27?TW6o3syReeDzd!e7rR z6(!gqs>JsF@Z^xRLjUXxGy*o>Hfn0dflgggJfNkj3qL3c&51ta%-@m-mN9-N2QsqN z-^T0O)wmQmV6Cz7p3-+(X7+D1yZRH^4Fpy$)mR^OKyVPGGD!vQ~f^i#89fqxE2Qi85z zk9b*RF}Sb(@rnpPC1W-g) z*}lCb1>G$R3$(?6e^PA`P(61NFGZ=*=}t>eU)|+jgYxrOet_lU$MamCDgW#KQvOrs znF^WD0=(+YcN1(9i2G_K4=@>QFoA`Ll{u|gHNO#l%DIop;2*eBj@c!Z0p&w5OXnkGgFt}yo zL6gCZ_4Bgls+j;EeZeg+{Sli`kb3fd2{lKeJcxZX;qnJ1pm>zmKbPh4RXxtuRl^8* zUI+fy!1pJ{>-@fe-}6Q|A|Nd(9Ln+D4SM7(TOA>4Z+vbkOVaVX`n(<`JshXOrEmTw z8JTsDVc4FsOO3o4paF22`s<~7P)t-B)r0TnV|j!TRIFRS1V^4t9Vn&C4*Om?jqPTC z<4=MaTmt+%4{CY@@44<76R+UK{f!TpbSSf4|6DFE9e|)}IM01SFrO%deOKxa3-DnO z?*CY%6fgzXpj^r4OVLUqv%qx;J4b_m^_Z7I-vjxg8i>*KHlg=i}E$+5)kbVAncP+RUNvY*}(z%FiHoiMB>WJAVZL8m2;f2T>z zB9woAQtpj-E7%dSOy=Q@4rSNBpO9HywMcJ(!ltUfVGEdt`Yyd1CT$orWghu87k!(N zI1J+C7G70knc{7bH9RY*K{+P}G5_$@j)B>B~$Pks9o|@D1!=Cz6 z=oiKnaK6an{3>)7Ox;sbmh6lEa1p1{jAV9zK%Nn>1hgE`<8{6jx(E-2`H0~W$_F7u z^f51qm4|o8>{yJbL^i@@>Klr>;u=Sw-(Nswb9|_H0LCur<^sA56dHY4w_Rvg7vp8* zTnYLi`5r=)0U*KoLvdC1OyCU)Xo))VE2Vb}yh7 z{Yo8za%HC~&A~YT;B_`?fBEV@VB(YwIxKxox4_{qr-HZKa7hQMvbb@h|K$+@|Gje> z&_ErJ_EESn7hVJ>x3d{;d)o8OK;lWq#%eXwvNuqGJ~+s!Ja*QY56LYwc(OBeZmIqt zB|V+j3Uv+poI1wl8nZ0c~Ui(HbOBh@{oT>oOx)TI>#TS~vbuU_! z+Hl}t7!-i1&;_>M(RhB4nWa%Z5f#EDM7)i^_#3iWUibohDgymCw&tk#3=h2?cK-%{hFCF@NjBKaOqo{S?B-E%< z*TBn6BvKw3BgTlj-u4W?%u(Z4V#y~+@}|f)tVBZ25X1~g*P@GD#3bAEuj35IjyxuT zV`VW?6O`eq#YP$S+smyCGMNmT@aO(}q787{%h^oTn$3fbN&(-<m8B{~HtP|s^mEdGX{4A>V?T35rWb!DOS{4J2 zOQ+rLI+=maT$Ig6CD0Xw`V46^s`bzban&+TX8y$;RBN2hwJRqR_-~xdQ3p5E$>i~} zXHMqEd`(p_(aCrPd#I#3JC>Z<$s8x?kXvLF)IbfcL7jTEth;gI13CbAAneRsNUr~6 zzTMUAozgVT0Ybw3Ix}rPiXrq0@k4%sf9L6+Ld&XTiQ6cTIkq7Qj;#z1``xn)UDaluAY2|B zC$?|i`$qc?5p;DG_YHyCzOu5o_Lb=>?&sr0N5!!{VH{gIl3;pZFs&t$}qM^Zi2#yyAsJH)Pxt$ zGYXTwLn}-sB?-ofyV@)4dFVK!Fo^VRQJ6EqN6(WRMPbg8qj*eBcoa$AUH8{`(8i4gTl_*Rwrg&ebo#2x>8oap zfv>t1ThKV3N?+aHDY5?>@%dIApI^vMnJF7YQ9{q<)(I2!Rd(5-O);YDyNvNUT-DqL z?B>9scS&}Fc8(vMsdY=jB&4UQZfBu2=o{7tGIGW>?Thnhl9>=i&9@|A3 z?Lt~f#*voB9O=CYc42|I>S2bsK4zk(5J$V1*g`VA;jCpx6WuZ|_p?8qpW9h4o=fH8 zv<9*DQcMJTPUp&It_{Q*Nu|gGe_;3&W`u|%S1>mW?FIPX-Lnl&9-|sm0;sf~2fRLTQ{KrelAUlZvCBWYrA&@9_CX@p~s2RO-K@y0qWJK|e3#oNc6pFS+9J#Ks6c~|oUMeiRg`T-tD1#0s^gixC=H?fwvx*w%P zpQ6RHj`4=AK>fD#YF{{*i|!iP9VnA)v9=`IKg&NcseF74DeJl|Zo_#OQanyKfa=Y{ zUN>$=%0qVu^u_eyQF7Tax8tJM-;_bSagXua9`7(iGf4E3GPPouqY#ix9vJ@ZP-Zc; zj%0ZyF-rhh4$n4S-Us(gs49S$?x{xWx#cL`AFcn!Hrm-j5Z*IRx18+(hPN#i}< z-5m&LHAo(GiNj755TKm|#7=DXoJk;#&d4tgL1&-sSy9NbR%o`}!@Sr85P6K2=8lsVl@E|=jC}e9-r-zZiOa?GrElFmtI@*M01+q1|I9O2&LCR+m zvm+T!+=4_ffCjYD#2(p^xndIRaTYGKx>_Df46(ZU=6cx0+78QA62|*r=Tmk4^dMz2 zWy4mo9re>jUTt$l88~6a%Oil??M?a_g$-!sM z5J3|iRHo-YQ&l{llp{bSQcWMZ>4k)xs^!JRr}clw6NJGY`0B&iI45J~V-TiUt$0$e zBNEn4nMY2}mHzp?qS*Cs>t39T7-Io6D+mk-iMn(#bSe5yv$`h*4D{w7avcOY3?kJI zA<5qFC+j-t!xuh)%_!rq*^UOg#kEhlBd&%ArH_1oXuW^7RnV}oDzjPr=ZVBFd=QJp zc`}hCfq;j81p!#kzSNahU0DIdheL~vCrgQc{qEua-S1Q5KkRY`|9KAx{znS_6bhIO z<%IQ~vVAoc`Sx=m*Q|0~&+4^nfowUDP2%s{9q_|?YrX$Fx|WZ&FTu*v*6XNN?b417uSHU zyaXY*=&Q+x?!Y2PLlrUNC2X5YbHz2D zit~-n>6zkumyeE)~<^0Lc&v_D9)oe_Zyr?k@;P_s=fvjJ%gF;?JAs& zpPJvkZC4{M!igWzx7 z052xhl4t9_I2y$>CxF@yO*)zQ74k*#Qr!e!Y=tv&!@j4OicauWf(m*5vWcr}JQeGM zcrwu!PiIxX{!E95!U-G_@JtloR}1j!n{n>fSiHce13P@$n*3?0e0sG0v?o42gE(FM zIZq^c>yYHrERQB!;zHl38V*JMh0QxWd%IrW$k$U44Se$x2!PJ(n&|?()*HUro=y8C z!Wqbvf3rq9_bRC3hsiZkTz?W~3OVP1^wOL_ALjuu3b;$wxZyr#0?}8MJh_4u2X@~$ zwHjN&_KJQKhsXHqM(B3|^&1w+pYTNitb495CtOU^YpEIvcLucww;5fr@&@rN2XBhl zy(lG`5H_H`{IFdtGS6AD0RzH*7U}{)Mcw>IkSKHfS(_25`-#-uadSzif2IFw71beW z{7`W8H*ybJBB8gQnj;>5##U!thn^?Fpe4X{9Z)$EA95CVOfmr$-m`W!Gc3I7D)SzE zl9`PtJUUZdc9)EmopH0ADN=qV*unkRC?jkjd8)rr?_t#|(#vs4Zh0M%?2j;7gmTp| z9;z94Lf2jaC-lB>)%CriTL&_DS*`b2$*(>3jx%Q^$D1kY~IQ zC!ad6E{J3gY>r;x#y4Zw^xuzi~bh- zK|&=^ZNMWyg}BHFGi{i8qx#u4>%(WY(Av$Ex;$!IDP>Sb9o5sB)VJ4*hxzSNpmPhA z2k_wiPOZkd4!xqyafj=&ubTf8e&;**ZQV6~Lp6Sv?IC`bgMT2HE(0tPLxE?ZQ z#hxS`g|jx*u;^%S>gfEjo#^O?qu@EiarPwFN6q+pcm2;#RRhJjbo3zhSwMBxDIGVrEepi@C?GV<|$E8VS& zr1ZhROP%fn6J9hpH~IGma*?O*TrZ#meq#D&onCccC+X(=kYXJ>S zRY5=SkckJWLd}%*$1X%U&$666${1^Mdqw9sy4bP2UGuBkv`+YSB1_s8zfMn04_28Q zdU%5%mlWM@Crpb^q-o&=DCy}KP3W}j6@AyC$<4n#DenYukj2B5yLoug?w7Y~dz{qN zsXqU7KIq!HJ#xPq$ep1s>^;x1cdWD^${|*?MTjGWf9nlBsD&j8<;*k$v!$%r%9y1* z9y6@5BOU|qfdM~H6*v*DGTg?Q@hX3b+5npBdq&OoLd zncb4>;7Sw1q%TMAS$woh{Ut77Aoc4>c*X>8I1WYaQh#@C?*l_A?LCXocWv*x#9#FR zd=lX$5sCilmGgE3|Gr873LW1VbYOSP$WxuZyg#h?Dv>Xj5bm3fd3|8Lk=|?QwV`J} z{1-(CEYhtve*65b2Wv*20QD;LE-1|0_|-BTNm*FNS`pWBUQ>_v)Kn(nV|zYNI|acJ zDz0&Rn~{+PX)MutlV!3b%;Lzf-eh@FP{`_rX|txVpcIDgo!9=Y*MtPfCfG@=(wlZJ zG%8^|CoA&I?r{v|IT(L-`4fNB_qu%xTZ^|5XmMc+*2JlT=~&dnd#eode*M#B-DZ7j zi?wAndpxF3JEV0@}Hg18DH#>n+&Iz+XQBxr(sj3&U^i!Lh3% z*UMLxNXHKDxYYj^^f$=l7aVGF$55vBUc?TRa;x{p#aLUm1)JKo54Li)S?M_L2JH_n z)+(p@L-}E)65O(7%lFypY0g4|QUM9}2x8~=J0f6#)w`8M0qC6Aez;5crqoJb0`hJ> znGY7`$98Ynn>)ErE+J$T(L;Ae@F`P0ge5G5E=CXMREUO=s7UIU8I1LZ-Kp?(Ky$;2Rb>)#vg z>Lajb5gRD(ZDH^K<%%M<4*tc;**LYKJ8`n?Ga(a{v&}p9Qwt1f;mZ(&g!?+Vr>CN@ z*!2(>)?YE;%@HLI&vO`}G0Gd{Gj?2*I|}*b%~f)Pye)hIbVvI$8*=C2feo8V%$37H z+32Xh^@r@KBQq{RUsi@?pPmldJ(DlSBrl#?ux>9rcK6rcic*jXGtDZI;Wxaw8gD`? zT7Q5zu#NZBkr*GcOObm!(l|LSw5j!fn~r( z3@J2pYb@ZX7_Yw+4gpvJr4y^QzwWu?XNFg^<{5;`Slj2p~Bhx7!jqa zc-r!vITT;ssrz4b-k`p$E`c33m?;vdFe+&W6%2szgTU5p8LHMXBAEeeHckLH>cC%~ zdeDq3y6m3b7e`x!zAJA1X0Ku4fyWHPwEMi__BH9n_3vlkq=n4MeTxTt>aX9yY<4x) z-oh{cQ$Oq_4`1nrz40)1c4Rr8ESy$P=-fZPPOi?j4Pg4vzTXTDeK9oj(a_LJl$BWo znRp|QB3roRoxJqbQ(C_ZKUoU#bb}OUKN3zmGd%F?LYN;8{*fb{0tbIqh!dT*tcJ|G zEst9EIqO)f)NczMyf9~RQJ3XI>~6;twzhUHZl8xNUTT0~VQ4N2{cC7wQDNxQBB(?r z)paTg9~#;*G}KxcY8#3ZiJ$<1B22yV5;v+{Eji)GdR|}&Z&B2DQ&HdT0G^q?23R)F zAeQ~UhFN6#>la}aN4VncHP^p`CF^Ve9;^MWJPdTb2#&vS?`EIfZr)oB`WE=Rsi#4v22g^xr-oemimw z$^^@@hlNMpn^%;+V#@s7rNc*|E2dis)^|J{PCF;ueSJx2shlbuIJiCMH}Y>1`1h}3 z`^*IXecWXW*mu0cKCl3}vXfZ|{t0`8gE1b(SXhYDMaV*jx1nv|d12^7c?nJi{PsEE zWD)S|L3S4Atk|-wC}(?7mrVqlS(LsBxk~-@V?12^-9P`HaN1en9w2xJ_&W+O!=oO} zOJ6f(&O^7{ezE3q&+xrQ2%(>hnzZDgx?TkSD* zO&vywYHB6?GzEi&f8cUqXj37!>rc{auq@wiUtk#9y>QD4;cb@{L;LitoW^%P3xJs?vim*YncJq|EPefPW1lyqQ_7~OGx(odl-Q6s@iwLZhID)u;;&hI< z_7>*MFYNN=>2}7UD7Aa*Trl{f!YxaOc4-~jcWF`j$5{S;IV|FwaKEpLS@i8sle=S3 zKDgVEm%emLYozAJ37WfEuRcKTWfLYMmt>EkPifU(kR~Y&jOf6h4`g-s$MdA~RsKSNx3JFXt z%=x&m%a$|jqCshnW000~f{8m!>d4dV6g*w+h(NeyzXJbDo@SGoUAB<3g?(3Qo!y}s zItXkBLyw#;It!GkvkVR#ojv zeU}v4{V)JB=q31{I9p#JTmLF3ch4;fmuD1V1Gb^*+lQwAP!uZVQ@5e%Yl_lWhHAYS zyera*v9c(AL8!J{xS$9Q$%_YALZ~+LbbDaGqHsnoQw!jvTI3v59Ce5@@#?<|TIrju z`Z+BK=7K!bvwnMUQcr>iq8Q7|qKdHd7OT|0KSs{piiib~^@G5TExihKZ&uD#_l%KP zBCIbB`Z8HxYV_r1eW}owEA-`JeK}8GO5_r2{wDR$or7=$F?1h9F@16|Q{?y^cc%?Z zufc3sysF18A=Ue;zl|dv^F0S3EnSUXfC(UXyoR4EH*y}suiNiV+bfn`{dhWB+mFPH zODYef?P7dIg6)yugt{H;Y*~k+7Gs;NzO~E>A^H~+XS|uoOqa$o;eC+Y3+Tb#tBA<$ zN&S(r{U!1kf(1Go;}IMroc$6b=rUY_eXyp2B*mA-Rkinh#Ysazl6U@ zbS7!cPoixErYNAC@iHPIF2F=Fh?-<~H|$%-8S1qh^a-elk9t>xxIVbOPm!MiT@f zG1?(gn8qJi8~jm%;O|7H+7!6*NH?1Q}vkE!GX60PjgT*7D$hbacLK^iR*^J8W?|V2;pyhDOB_ zRIu>*X_&6i+(Mc$-~GR!8A_`DwM}TYJ+o(+#t#(8OD)P&Gk(_7Gqb4*7L_kR;lV=8 zW-LJ~1fhyN9aSvnv=^u%PnO3WMf$6xl~`#4kD@$`i`#m$JNz-So*oR!|1wAR#kEwA&Q+MITB+iE{>l z!e%!=lgis&`o;@nIs#CbCs^V)iNbSJly?j00|R4yp;!;GMQgTty?753%{D-z%8Hr%cK71v8pVX3M@c1*lLs>R%?_#nNN!Qm$95Yl#@SKy?82A z;<1FRIMWmjeIK8)3;J&DppVnC%tEMM zQAZzNhdy4@+UmWAYb|0zN0q0QQf`1>GP8+%2c`VtFD|7#4hTlBOH@j?ygTBzp}WDa z{)hh;_ziO7H+{fP@$)w|rLq^x!EtTG;OMrOB-ZVwy^IyqXfLm)UDMhEak!0UeF1R2 zG?AB7Y&SnAbddMJeukeXI=I3@E&oE7tkDsmWi2{QOO~r;_*96AX_3`aY$+li0VL^1fZrgS^9O{SC83+kmE)kG8e8L?WH3>H;gj4?j6JRf5^{wXS(?5 zCysm0Ps_pa@^Al#{M;nCb;{2__S-c-W9vmwSB!=dq7Fyo&QTqVY1uNS6>4R#A&0nR zM6Yq-o6s24I#R(Sy!YG7`D{NNErIzvTqSe`py&fow)9Y{R${@f(5KxLSAW!xs zMyAJq$X^5CTTwmgqG4s)!v+V`41L!?ZE+G$h8-5b>u) z&QC~7!|8GcCWd;_A_JHPG-=F{K70tZMh?VPg)Wzlr^8Qx0_|kIh^(KO0)pV<5cZBn zz_F9|I~Z;HAHZlf-e>$`Vx&-Oi^>@2uim@UVt;5N=34B#-qDi+uWl`a6Ik+(HxnL4+JC|41%pA?}FNNa=0E&y_nB3=Zya~Y% z_d$-cyQ>sLc3*D-BP$wGUyc%09e+Gj^-5`_C)IBclfmxx6Zldp4vmhByBfor7-NST zOPfUw(lhD`HksBojb07lkK5hIW9p< z99KCJ6vrhlOdOZEuzYpk!?0tvCyfv4svS^I{e}*x>zm?zWI+&I61-2>H^udAqxFkl z2e;rt+K?cAXI(5o`yD2T(^(Kt5U0Zg@i^>c*PvK{1|{z1J|t*g6ULo7;t~9;}XFLHs>aSDTsk7WjzZG+>UJo<+OD4p_Tb(pBSwB?O1=q zSaC2kD|Ry5o|_L#q>?OB+vj2lCiGbxNPw2nB=bOIUyOs<<=FUpLIJjQ$Zz`S9yL3y znj=B$x2E5kkNqK0(H3XJw{@w;3T?0T*3CCwS9SG`l~p_}D$_qZ=pA@VwHK3qD5-Ro zib{X$KGiwAEf0IAY^%9q>~+-#_+JlZTr=pVD#^VI+!apVYp#~O z+jU;2FVO6Z5rW4C$Gz&GQ$81317sg8igFU+v6mUr$yD#0s&gPwE&Xu4#I)|f1eu6feY(P4ejZ%q>rRu+Rp{V}cqoMkouM|^#xryt)-H=;L z1%p;);1?>s3SvEtuIkRjkY=m3vj-vN&i=2o%Rn;5p zd@s?HXuihzDe(&DM4>(?O^A09Z+?rK2s)zPQ$&=u4qXrvE7t~ZXXU=b1E65%;hqC# zvxi^IT{cBPc&Yw^ZGiYC)COtv(YCMk8-m3Oy*2}u##QBKas@TR#JjpYXebn}T&w9y zPR7A|a8`q=aX|HqBw#4+ADj_Q?acIlCgEy=yn*7R2=RKk$6eSIg*Y zkXPs{ubA%S-``A!b7pP{+6{XC8Sz#>%LF^afpVgmP1b;K%`-)F;@dECW?bWFmS=l@ zTWfg0Zd&An_XiB;CYv|v;v&rmp$IXnZ{fTA2!Ym4J~|@tqcU#pf3M7Ki(bl++jW3T z2Oy5X_S6bMEm5cveT#js$pnw1%1VtW7?=&5>SeVgc42dkA;UJ?5{FmDVUP;)Zoq24 zefE6v2I-v5L|P;;-ia{ho90%)FNbl4$$+=cCNLnY)~O zwtLRG=ib3I;KZ&)@uQJkI}pqMUYJX9*V@>nk^l;@ZRlD2dkh*XuCk# zaW-oa0Ifo?A^<)aS7h<#;-k~k1cVc7pd@a?q|2u?W1soRa+PuOF_yFNhEtsToD<-B z`iPUz9s{5KQTte+_G+n3Pf8N^Wez$YZy-Hc?&+s_wXI6Qu}(j2q*=&gohop`olQV1 z&Pdz|b`uK`*dpA@kmrk~Wtac7xSm)9M2@6p65WU&7`-Y+1yEHF;5-g+E?#d~APLUn z6wYNQdvIcxD6pm`1XmdC*8}vUNoeTRpQx`O^X2bpB~&n942ow){>@W!fDLeiYHTj5 zo${2H#MCKs(zM(<868gK`gQ|xF)V|q-5?KnBA4kbIuM^*`@57l1)p0B*TMhRp_m+k@^U*>9sYOWiI9z;=4(I&h+ z=tB%U7}!WP(TJlbHa0@+AzO)3Do4*(8ukxGBcV;44qTnsch!kV5Dl?ZJoNPMj=`v* z*FRb1p=Xeqp{4MOW8H39Zv`$~`!fdt87Si^YKtRT>9Jl{$!lzAk5}f@u7iy!MUas0 zL`wjpoS0UU!{M#q8|aZWyy6^+Sypp|Iz8vjM>VDxr=(&#X>v;HfPUbx=MY;C-F38B zNkqXYkm+N>BF-i-xTsh;0zu39>o_V@X+UDze3QP~Pf7qnvf0s6!Ymb=%FxPuwV$b6 zDq~I@WqAjVyOg5*01v^`K?SA zNa>cBJQ8n0ozTZWkiL3rk8tfgDOaP7#3nCg8OVcHlQZss3=qT9aOX|uu%Y4ZSYcqH z6^4x1)eUXzN~7kJ`Z$g~*70 zVjxK$^b~PV70o|B&ko$@1n#L*qzoD!iF@HrBz0q!oTcpRLv(?G$j$yvLtkZND$G$+ zj7H!L4eME_25%r2dIK@#P<|u&WKmbHvr?=4)>J{hQp-a=jm(EO@&R^o3i@TI_^4B| z)aZ^7Fxzwv5?GrmgPo>I7!Zkw;=MqI-;`ChUM$yH#z*o76&-53FnMqB(_!)4pIgTP z;bXG5F|nNNBz&{rx@`mKuwo!cPb(BmwY8X)|)w4bD z-yB|XPTHM?N-J1Ipp_XPL_W*Cat-;~4-{CDkQM+UTWGi+ZH%&QSTHpihBJzUj4;*Y zxMNo{EvB5_HO+MBON6eAF;>3=ibNut3<&&*Q1kS==;;NqZr^-Bi5`_lC;W3l9>o_J zs((r^$2>hHx0JF?^~fvKBQE$(qfrR4!6n8Qf%L$%W|=6wyOjh45JDt{G{$Ayn2gHj zhgka5`8z)(8ZAm_TMbf(7AcWGc%ySMf;8yBg!ZbiyV+ZFvdfTEXET53>b$x zRBG?zrM^XoYPH1o*yrJ%xDT}RNZeiO*nFNiB%Vwo`gr&KiPEn}igJ1;w~SZlW4Qv* zsq&l?5!hGmsr;uxu08B#5utc3MPs+uk$MDON?R>PFB{%Vj`(}%A9Zl{TNb0=W2C<6 zDrjkL<%@XcYWY?M^l<05?3{q!8npG0YV8MIGWL}~;w@P@C3FS?Q7Y~ldPnO@T*#{j%1 zr}1sWG?sIv9G!RsETltnNe@$wZxa&o#OtNLi`an&En#&o3{$Z9g z2!lK}xrqHRv(u^Si7UK~arl2c%VZH22Fuhx%sgSGaY5omD1e7qZr!np$ZYzFIeJP~ z26G!#N(OUuHs8cYZ}LehJZhH|rg{R!TE|pfU|}_7Ds7rf^|e?%K2ve0 zT9BFEHt&h-#8*};iEa3N@YUn;YFh40K{Nb+USqe^39_u3rh4ceuAMCJFk#3wQcRLa zd6;4L>q4NfzLx37zBkI+?S8dJHAU}Fmu4jJW9DmE{NO{_UVI}Oo}Rk!VE^nuJQQl3 zXND$~;P7=2m<0GkA!Eb{Kk7tU=uN^XLX--IpFHvA?5Y#}iAH6P%QL8{LML%|OaP{t zQod0Mlpq>J+PoR*9u95J*Ol^wl3SBoW!{2|5i~GAAi1EJ4Ap?F<2E2~6cPYrw`u^# zo}zwGSBI;*K}So@cwvOavCMsnQxd?#<)-dh0t{~FG(&|MLJ~uTsRA0blxPM~$51ue zsVqgo29Y9?F$I`0E#SE4AdBPsjb5YshBg()bm8zraeO|#ocj%qnU{+nieqGs zyUXFvv>wMg5QAeGA_gODvBtx3&&WR-6Zgneo{H$y-$viXCfBhxEq58X@1#&zY8K-V zZGt$JFR3f!I?d=?oXao2VVui#zF`sb92+3zIp`zxp@_5-TTa_4id6{=kiP*|0IRoV zgeU%MH*{LPH8VVMbyvCDEj)4e&T_X`xaMk10eG7ou31N~OZ=~U1&q*3v)~~ETIm&M ziPel0qf1Q!C+0x%c$})PM)X~kDBx>I>{dY}oEb6%%3> z3@yJk*ja>f_4r+c;j%A|OH5rrzEsM2kPkFqu?mZ_N|mWHS+29Rsy~u&pbBY?vl(+4 zIi;%L0gM?%0FO*k#1JQ~p=@`rZYsDrIz2(OK?|c>B@#-8lcBIUf0T)U8g3Ve@WvNV zfz5~M#)uWr8Y7^h1mO(`IhnQ#pw`F_u1yC8ltXs~T*N!wL;tM;s{G(Y2#fHD@j226 zSK%AsDctDXM7M#TSwUHzZa=;^`+|mUvfPUouCRMy!ZpLCx`kGitpY36d?hW)mhdSi zFSr7CF%w+`It7!~wWyJBB-tWIXcxNX;^R>dt;ZnB zKHF9*(sak_g%FO@Dt;&xt*8)_=OTps6ugqlq2t^=@Kv^6ZL#vxH%j@k1r4bk$6Tl z$-H2=!hOV8dV#K-7ojLYIuNyt`zDi0#r(y>e^%k^!z

J(%r@L(TEF3bv0QqtnO+T}1@UTGuY%Dnrt$nT z8a6JFk+J$nDL*536&tX|WC8E{bJt62YmFJxXiAuZ2uQK{xy$4Yva4BqfIP0ac*HQ! zK@NK@-(@drQ}|l5!(|B5lhVBZ40+i#*M7kJaxP!OM@k`hJkUue4@9W$&)v)dXkUP{ z^$%F<`*VNLKLYjzASN-Jizi&`t(vRPblZyRB|;O$)2K}!WPryWllSTNn1R9n!`{1q zM^#gT1_;tjP@&5#5FcmYuf_kdPU2sRN^0x0>v@7m{_xnx3uHc!9*^ZcUB-skMw zT5GSh_S)<03rsE(2_2*6+Zf2gFXZEv*&RqF3ze}|Au0D3(>oF2)qr1NsiGUa8n$@? zv?-XSMeuMzx0Z|Lz==EXyf3F)@T4aJ57K#JH{!t|q6?>mfmIX&l_Ud*a_L}MG=hAj z3(W|q%}ClNKmm7Iq_R8T-AQKbWF{WGM%;X(0)R8l|#o zJhUI6(WI~Ic*gkOvqk9tq=JPK0MZk$F(D16ro3m(k&du@ABo}A_usWrcU>SgeLf6& zqYHW?Y~KX^Ig6D(_-860so5ofK_9dbFz5pb0k}x5sSlKVuXWD5iDiI|bPC6k1-r!| zduR<2^g-0jLY&G>W|^R`OE~IiR*7zsjtr(&K5Gj6%6~=(e1iZt>@rD&z&{p1F?y5i&J?$Cqsi{9ObI-zQvxq_eRF|lg&IWK*y=z8gU~&A z!M~`%38W_sWO)de*$*hC1tZ58=#?1r4|1sFM#NfueIsfZgkCV^ri$XVREY|t4&t>` zi3%RPd=OE=gJxW9l0!Ngw3Xh`;ZcRYf7q;UE5BRmI3L#HljM7{ZO(!u&N&6fgCyot$Z0$}Iae>Jqir}#N{?ln^;uakWv)dnc{Q4lr@!;t6~pM(cZ7s zevIkX$0@~uNd=k3$Q`IEa2I>tV%B1PeNk<jtg&xxtXHlp4VWlX&bb_ z@z>n@H<11K5(HYo*2)JvzOVHx!@WC6v%V!ur*Q+%v}CN|;v%FMH63EgZ|4BAw#m_G z6pbRj<_tVMKFN6_H_}k-wLVv)Ed<7Z)zL9R8PvfGx*`r+sojoorV6Sc5jUWeAO-(# z;39^*{sb0h39lA7!?^@L09+1K_Z44;KF-H<)SHO8Wgh011m9V=87a;sGm?;+Tb#B6 zFO!{h4S30{$;j$fSyP;KJm?%*Q;;=NWleR~%{Q~ABCAVf9pbFJQDq&1tPYiRsI!hM z8CdI3PHa70#X2a4)&9ZTyWyrR4vy{CLOtiAn;aAHRj-b-P2^6`N6!F*WISRvObjOG z1BD%!{jNn4P}mNckk?6gjoI)jyap1D>UD8Gu-J~-F>?cp$E@67k{y{UH}SA?0};-- znS03eo2A|%=KLG4hEBiKRKdkm#xSL@+Ae=+F=p1DPc{7l^g8{PIutn6wZpiOf(aqV zax-{6YCV`rsP$)RkCgGp(?t|cRe@Ut$Ex64DmYRFDJuBNBL%)tL8l4~6>L|*Mis16 z!5b=QR>4~-kfYnh5fz^wzYRKrA2s@X-RO7D#A)~PW8_C57)b&BEdF|6 z46Z8`w8@%fG{IfWA#`#Z$tEevSs<4N(cE9N4h(d82qls)5gJa_e8VA_?M0o^k2hsJ z2pIf*8*`%8h;|6i(5!+gv z(kv{V~FtK1hPQ@`U z8IIspiS=2I>is=cZDIBBJ*nQRG)6!CP3Z?vlO9I&2YyoXA2%(>yPvl$N3o&IYt&$b zSOdyEL=yu_wS@4ps&ACn(QV9kMZsIUsP#-kq4pyehnI>8!IaZ+^^({#3nkn6$cD=j ztUJSyO&MNA!3-S4qCO!P1+VTB$`|Wvxmpy{T(&`bWd=w23R(@Uj>m-xgcxcCLV8pd zY(a`LNEb1N87SSE-`pByZR7=`1f56t00%ikE*~&w&DD|z@=T*ofhLBt>HU>e3>c3U z@G!r`7et)IKbcR4At!qoF=jaMgmz{qslNx!wi7vgGnp-`PfNjOWsQB{iXr6^VbsH% zYQICfXc3zsuGg93X5uOzx5bk(H>XJNVo`7d|W5NAZyQs zhs1d2G!c`V5+Ei&vQie;4gd{Cl?sbAO zEblgHo(ps$)Cjs2+6y&6HRLKQ(^5<>rH=4ePCex|dSFqo)-vd}WG%>V24|poVv4t@ z25bVgfoecHqh_zlovS&am_+LV6lTUVZYPja?TnjxKI>^80)i-sj=}#3Oa-7a$|B?$ zC}=!kg2e1PF>ow!SceqbULr?~29v$*PLd_-q))zK{8 zxsMo{*0o6zcs_+B8WW_PnNVUTl#m8ygF-aY>as5stx$?$hVM;v4yrOttU^XUhl+}N zIDq$IXm96`gHKeUoq6?_CgL5&^ta?4^XAr%gQFG)0@pon=X2Lz%CZ>E7uxwU>&K{47<1 z-AB&44CLji%}{5)w|?{)U{?U%jS|KBilUH_=dbsJN@9*|!dsO!*IPgH3;<7SgrCDz zUN`dsd>SKvw)18(FA(Sk0(0%WF6IRaFhy=sbvl?22*47#go#7hD=(t}l!?v_*D}9g zFRSSyJ#*lhT*cI2wHQ_PCixNKq%@N8#}OjKzf-|ID$rFhM+Lu9L6r(_R>2J_xJCt~ zD!5n$=c{0x3P!8oOck8-C4^;zeE2p8z!-TEGb8$ZI&fPB9Kz61*3tu0K>FfvT-8C^ zL@auSc+1x_bMz@_z3mPX2!>lROaRbJ*tSf*fLpAAw+?2qC@Zcq(GB9ulP_=9$8uC; z>Q4Zx@nI3Vh;oA3P4NQJOE3(SHX6Ur6{4Sh0JQk3Kl=ipQz^hk3d-4+7?kl<7vFrf zQ2Q8u`3&t#hPd5XL?aC1Jrfgbw2J`?s1@Rlo1qu#S?h~>mK7DOnw3+8rGvHi0=A0+ zS!?LDs3r4V6v$aS!Sg{;!S2d;I;P{}PBOpI&;=6GMznSesm~aq^)$eQn}tPiLP(OJ zpmpjv7&$n(NoF7XW>U~K74TM3WzFP4c3H`ujaor>l-~;P~2fkceuc0WQ4G(WKfP3uAWQ}l1R3#acx-(5_lA8QYyVfuf=WCA(7B!?yfjTujj^nf(=vM7X~s`;Uc=J-?=c5_0|N>#-f5y<;IRQn|4O~DI{2Y`I)2W zRl@NG%Xs($GL>5N0^v-03FQE%NjZRRQcj3fZBjvqrR2;cmSr*su`H9pYkV%mVso`v zK4Dzm4f_0y^of!0MGC%L!sjM@Zk#W-?3p;{%l$?8VR`DKNK7=E-^W>U-cNCqLoju7 zMH#vX!zI+4;}leAyi~8O1>hs|wABAyz;n~w&*NiR!?aACZ1xAdSe{yny1=h&x)%4E zpssm%FLhCo8nd6}Nn^&sy?}n48q%ZSAJF*^e~H*%hG}023M3thnxo`3b{ZZ*!O4)= z+9r3S@jqzszkL3~lZQP2K~hOuunB|)-E3pCkAo zFNzi5>9fm|=6MF${nmYQN~iioOx@M3R8D9Hanx3fm3oo4Uh+t=?4= zWWV7!Iii#|{}pVAb1q2md`11*27yM+N)iaAH$!a^&Fpvsj;|JFfXw7D36*a=_jvEU zi1!-BpMkQxKQf-antlq@Cwg}>r|bAJP5?UCZkU68py+SDu5EHP8beV@N3+zRc^Y~e zoR47iI~Gd}66+zh=9gjBK$N^X>txJ~_O}I7HK(~y{lnjwb7EASK9y>T_Lh4@nj~!8@(7W_{TV{R{k-*NMb6^p_PB|MW#FFO`w4qjP|6fuRlUy zSh~jT*!{A6ZqDl{gZY>RpZTE4Z9d#1SL-__F<{=*B8-%oonU#El5JNm@nwo^b(8vS;ltN?^EI2U{n$G-C zhx2Y1yv$UtA=t)=6MQ(`Y?HpX6*7~OS*#q5{6bCxlduf{4Z~fAuQ0HABNs)sYKdL6 zJX@F#ld-#Hiy=Tzcwp=Vi5D>utO(gNXL^c%Ma_pXa~lguC=`~C4)6;IcQ1U8P;o^a zKluU{>!bJ@(nuOkT!WdH>(10y$bXuyS|znrs}LEN@$^X?x~-2!bJdrG07nIYUnT?- zGjDEAxjdL`S<^&r#oAJHX@hx=3=gQ{S3YW_5>lmh}iE@p+oxp#e!K=;Wu*0ot;@tT?e9z4fRO}10pzb`fI{sijqw1}lc zq7S3=TeZ?}N5W?X{U&sSeiONZev=T$aRiRgZ^GqR%Q|mKD&H?qA}&h;#_-LnU6Gou zm6|SiWf$)ynm>!_@Nq6A0ijJANCW&aPKn@OpXzUftYR(W*J{xtxStrTTyC%F-o}s3 zUcg$MxL(tjs&yBlGv73IW&^9Im;q?T*tX6rJW+J!+sGk0Q{g;NovA9O&iq@B!hkHo zKVtK;iVCAhy(Y(XG2PUerNUpd=YT|+`5^kQTpoIHUPdkoqjS`#V|GHY7-|g_2)AMg zTHvJ);wIKF#jjyi^5?d*zZA?NF(uMfI zcK2n34}d6a;%H7KE%wL{+AI9viZOmlazVSQJSYsoi22Nqs@Jeh=q9KJQGDW%6|IMf zym8iRkYpslcEpGL+XzcF3&0@Z2mQa!mhZn$GeBol09^htJ|iMtZN-6OJy8M~?qL`( z1)-)X0guqA3lt65anzT_9mnCr{sUnxpxPir6(krN;lm73a(qC`Y{7zptw_9AOXlDg zm@T{lE+6ILxo2&^e;JMQ%`1baw+9Wi_I^RR>Ua zUvM_zRUO=ZveMmGjIngL2n@%iQGZgpJC|tP!>XXW(USG;o>~riQ`i$<{{gkRxKPi4 z{LQsjdO^ifcQ<3l2VX08epszT1gS0E%@*3niOyc#@w}z874oz?9ySF!QfKFr*r;7} zw!)Uy#zyiSno@;(F>H7>5vYEjxk@HVXFr(@Sk^#`{A}ibrbgp};W8TdRWL>Zj2un*_QHT01y4TlqS!(qKZf7bjtwSY?13qn)1yiE# zG-usJtD4)>LLa-**5mCF&bo6{o+DTdmOykL>8$&{yt@5J$&wD&w#t%@)M3uLA*vdD z_x26*;gh~E4K`c%QO>$gFs=cwqfnE2=XBO>kas?(KdphJ!GW7_^Zyes#iTjoI9Pk2 z(_?sXMkSr|aO~g92TVT2qd$ueW7CUpsg81Bo>Po%IiY>MC`JwE+Q zpWa+lu+kYk4%|DTV7aq4gn?vyAmcfozA4m!-rrOlJmupVPbK&QSr7X?>wNldK;d;R z`Jy;@+S@bvzUsvU&mR3?sMCShJ;lK>FIV&R=+`|506A7$KQZ^I1i<1sP!zl~vAAG` zv-UDH;)fPX9}6^7e4(A00QjBr0vY%DJp1*%W(!ia&$C-!9x@y_bH^7*neX!~^EsC^ z22yGeD+-QJDlTYn)*i&T2+fcJRq7ZU@IU7Wb!HM6K(W-bLhp*K(6iUCZ#7A`>AXPJ zpZuO}eoQ&jQSYWe*6%&rih@5)F2-*0IaN@X?GK@DzrKb*0+*TVo=g}EPw&y8570NP z$Axl0bhMLvdBCrK>?lv@qfDQ^Kh#Nb z;;<7{!$H5^=?i_r8n)nH){(x@2dH5yI=)psr%49_93BUBv=1_hevGcgm$qMDp@;_e zf&=>_d}+%-Ha_^%fXgl^oXx_$N`k9E2{w(EeQ6s3-BzG-q(5z~a0u@-85_uY&hJ@W z6r7F@1=p0zyQ=3>{GP4oW%LSqxmaG#e9qxnft~_M(Ni9I=YKBU(?XfjM5c!0rM?mD zMpwSqR}U{CCF>xBL0=cz>GIX%#wwAo4!%N8hp)cW{BA~z2N}#SW{u1M7R~h4SC}8n z7DrTLelPn&L^bB;GA`CYHAB&kWBTpv7F02VlAJdEMhl8GJRULqY6}8h<$2`vViY?P zvGnO@>&qarzIrdT&AwsNN9t=7@Wb$U)b!(-3c$Tb;n6w$C=_!>_(YSOqSy}{CBbJZ z_(TOCsbHH5T2-)C1*=rhsDh;`cu@t2+9D zseCcq4@JrjEV0K6L#fu7@!}n&ej~?=*X31sym&%oF~^Gst!kpii@7RK2CQzmO0+UaXaO_IQyiy!|3x za=dU`hm1nU;zEv>B74n88-^~ za&!*f$snNx$E4jPW5?@AL9YEAHW0Oj4F`ve6*696u=w1sx5{`ykri$5N}TcHrE4R` z3ot!aku_krSabtl`{yNi8ujk*aG~F54HwWf2cctU+!8xp&`YL|%8}6mvW&^f8B*xqci47svp0cCt=XF!6rWxkl8q3~w^7byMYYMC*pGgI-(VoO3&eiiJ@_ z#l>%Zs$H-lETZg-_^^Xr?ekr3!wW6idRvF3o#CM6LY_DB>UzTXBCOwzp*@LkI!vw~T2{I&9J?BtkhtSg;CnjQ?SVcAC z4UZET*JPZ?_tnFPYL63OD2x-hMlU>0a0G<9jT$FrM2-`!kQWRjk>dpEi!zbp1afh> zi5e%o);Iy`qY8X-P~(JI+!`m$qV_o9wZ;hy3@BD&jT4j+v}%nLNJWb!_Bi2{al(a< z131%fqeBLWbt-s61RGOjql;Rk#XVex2y|{+5W!7zK zt78&fzqL*phA=jU7UL#H`C$JQWC}(URWMe@LI_-iX{(BZT9Vw1M&B_~iu03bXyIH$ zluMR!%_?PLelqeG6?9bw+MmNKww-Ra-Q|RX1==}Sf@`*SJ8J_-4@|86lDszeHauul ze01uX$Eod$JWfrnIzmxjsKHUFhkRtq;P6Q+pG-Ip(g}FlG7I(9zEC?g$x6IShpo09 z(1!~3R!i#eI_nr(c!g;jkgb75k);J62e6)Ymq0gs#e%-+@F!%fX(_ zz>vtvkY9htR-SwddIPjIRwjQM4ggx^)7Rp9%^i!MNNBG_d&R+FH=tg$(y@b{5y&de z7ycGur-kQvr+p`ED|C5153JSe#p*VO+N>Ran zXK)T43ejMw9ke|@K|!B>ET$wACq0#LULbuzq5ht&tO4+G#lbTR%9xb#K%r-Cp}y0! zr9S~>Cm)ZR#~gPZlSlr&(9XAvkUQFBqJ;<{AcLR{s1c0@;BDvCC34{UCU0)=}IlJmP&Um~TGc{!?qhX+1Ai69qhHyx#R?Z)i)f$VW%WPx*-{y~3EtMa$Y_Jf*TPq0e; z>6}Fj;cr)A>WwAl?Q)?y1qJjaot?PfZ3KNbAP4+XbSmQ#)GX5_D1I+G(jE?|F3Dt} zGQ#gRyF|XKaNlO|_@Pn}oQ5D8`rj^mja^vE30?8QzruM%gI2qui;UAn#_2NNOQgT< zW{{S$6V#oftg2-Xg(Jod-;Ki(>D#qALBwLWC2^79|iH?B0)eOS+Rzp z#wh2~2%Il^mfEo1A^@>Xz`lkL@a%Ec$Uny0Bu1#sPOE8RUvj<7-!4?0N6A8YFq0M( zcBIdA(cQQbk4NPgm%j@}+0I45B33SzRss^{7g---$_L0f89fEkYjj;!BR@sNxgfw8 zI;$Lmj%((%6opb*)KCeOF9D|LWWgWUf^hPAl+H|wFUwUhmdn@-#_|X<)PmJ#AgQsx zgZhXqbLkRr)N^dt;nv?aWK7#R<4Rcy0p?j9}{bUFPWrkIacs4`omfo>Ri= zL4?3m5BU)iK5M@H$(5=f{Vu!!o-x&f7wW-~E>!9vvar`IEc^m;laZhv%6qGaC13GU zA*CKl*?c*bf@UiUuTm8FCQwaet*-{=r-VRi-2$Z>xW|gR0q9jxo^0K)8msD61Lnsg zO2fSKk^Pk;SR-B32c@uRL9jkf=fSO#YISv>6bw`0=IN1jt;_`oK?iD9Ybzxsmoj5? zV192baj+{=a@Y@lX8pm`lbvQi99PrT6G(kGfP+&2DN5n<48A>0q6J$P0dl4VaxnGO zA1O`Kz^b4r!0vO^k^pEIY8?JWX&q=9VT+okMM$C)o_v&QpY1tV3EJY=cy<75^d3Tn zIcG*Ug7m{|1cT+YBVNIN;Dq+S@VEX?KUrI^^XbJNaW0^BNlL?(=yuJ#lF>XIoB`?sf~Z-{ymzLbLHR(( zQb;(d!Tu*Qm_n9HR(fj~g&NA$4dt5KX#7Cn1vyVS(N;PCxX)55u5?r73=O9)uv2#* zDYoE&H-YQ_*eWNiZ$!V!F?4<5R~v=jRTh43wczmUAt+OlFoF~IvqONO{{$PsU;frY z@P~o|QvWBMy4p@XS|NBG5#+@*GGNBw_xE1?2Mt~oEs16G8Ja(BNqG;H{svbH~btF zAjBYQg7aw5ztIKye+b9DbM9k6-Z_UK9GtEam-FajRO(sVRwWumkm(zoXKiaqG%hrw ztCEZ}thY%#f^pv)+1* zW<=ZH1bBO#ca{Kb0nBZsCmGjU(G=qdE9x*VvZA>EMtT>;+(v=*)@y9F-c}nY<88++ zCY}$N?^}`#TBPze#i+KT4r7`X#eP&P>Nc*iqF!U76|FXktmt=*bFAo(j583`YT=G_ z9qBy!2&hx1>w+%y>n8NySh%`6@Nbz5@27p_bdBrcOLFB6&We>i&gE_Fx+a7R7*dSP z9u0G@vcH-CvbgzkcRF)--{743RSNR7_Mnb+`1hVOx5c@<%kMn;4CnGy7dnr|)oitm zZoAq;)fcBS#b$QtH{NJJ+tPGl_?~hu-$8udMM!+!#lN*C4@MM~0@iw9j!#$;ymqIS zjlII*g~7^ZfvIBY8xFXkc8*tjoKuG2-w~)igz$Vc2`$5z+m7YgF|Qpfv14U+tip=@ zx>~waRrG692Bp?tFOnYKmtOfJJM-em%nf*`I?hg86Pebg9<~6y*+U~~&w)xzkId5se&sish5^wN1I~$l|KHFmCcU_DW zI;XVU;CG(oZ%B}!`Yngo`s+zjd!QTT8zFoziMkZ}V z>@0t4B7%yB3lH_0X(9aNC#+z!834_u8ji&`v=d#qir|j<^RG=5XWWelI~Q+%>H-}3 zn;RwWj)><)#Jv&ml8AU&M7$y#|6?@>6Y(g$Y`5~qMM&jh=E`#-@<>mI^E4n&)d>;l z(%a$mHl#CkOCx_l1Jb;QNVMTaEc$^({1eOv;6JSy&dd@U3+}aDgT04 ze<{7Y#X%<6%#?pI<$bgac97oPBn+}K&TBxojv&4ZhuJ$~ zv)i2Wu7PfdWOhh=Z2!ZY$Rz;6x?}!WZ?eF&po%=+hWd!v--)|i5%M`Bwfl!n`!3pS z!1yr)>inefjwA%`@#*Ps(Be=;`kUwcMY8U6k(mH8`$41xoZLiqevdzINZ*+95G^Q! zD;-*Jx~u(CkO*j1okV0Xi~Kee_tfr0;xYu&xamERj%mBv&p|ejVRm8+IV1gdSj)%C z&i1*Sb(t9;Qq3+020>2QxipYdb_uaS)x~Fc>C|$z7i1L~j~I|8X$Uo>^BfylkcY5T zo}ZSLkwu|Tl8SoXWT%Yzcb(Z^%~VeyrtsQIcIZ1GdZIsYaXK?*`U7QHkFv_=B(*zR ziHh>S`QY*AdLhpTKIdvboN^1$XGJypsu4KnoZ#X^J0Db$dl2hYgqvto@}hXjPut0h z<0UV(lN;hCzhNh@iI=?DPHu~ryvt7RikJK)lbutP#|#nWgG5A~V~2=Z&5g*TISnfF z(=w&Rn-|2;uqg&wBV9z z5Jn6BhJmf&7s80KH2i;15oYCJ4667*OjIG$P*UXz7ssd;B%S4dmqXQA{zet7KAP!$ zt52r>!p+jVi2dd`nv_}ag-dGvK*qr)8-}y|9Y^Cq*;+DmPRWyuTO{MUuc3tnBJTho zat{=ul0!oDFnUdBB&@PI&bS~Dl??zQh57(!RB=d%`X3Vr(c@&d0RZJ4AesIydXTKs zSKlqQC?(?47o{FwG%&bSuk=r>zl)AM6kPp}Rzk0afx%TaP(8@6p|3XvLutjCw-c5S$^QSwXDIalH$F#?&+S*^ z6BoH7D~G=^qo*~niug1tDO$||j>9VRV;p2)jhIXbOQbazzKH^6O`9cmUq| z<}f$FY9ckJSxuf)V~$M&tR_;CnALb$O~imQu$msXM+`*+v$7JYY>}f^@>F(hI@p9mefVk>Q_;&#D&s>G$K`z2IPr!B`%as38%Lqoh@vU?B*mP z#;%8oZ>EhSrlt6O|C>%NEqIBm{ce0tm!6sddfT)n;X?fRKStKp^Mh4K^-R!L7vVM) zEPK5k$Jy^W&pG9~Lokj=!2F`U4w{ z8PDK@ZX=dW!5^(ykz2b_rHXF3mM zeFVZ5c{Z1(!Fkv!&+6cZNax|Rm8SEs{lP+%qby$n2ox6<;qeC z?p_HaRYG2`gwZO&+bf}1C6x3^n4}WQdL>L&2^GB(X4?tzA#=uGy zCll-`GQplA6YMFNV59CS$3fj<8c(ImZ#&jF&7_zie2^xq_Ax2H%6)h+Df=P*>~2yH8R!rmO@YZYG!6w*-r>Pi zf$V+FI49+hcMstjWom@gawxF8hXq!DbKyxj6rMwPS_QI2&=37i(63^zDApbbWA!&1 zo|HrBJ%r;{AZr*9WMzj3nGElT>P@PT|Hx$cDss(X(5wsSqD0?(M*S6O^7Ix-c@swt zduu#2^!2Sng27>^FU`;w7-X~mHy0M_h|76ln@PmO^;I8-I+U*(8Xr;dRYTDtD!yuQ zC@Wv}RbIXoCoF^*QSnt@RmQ0Js==m+(pQb;9J4QkVLtnESo5=gilJ`y4Y1~C-%^5~ z>9FQ!-x=daZg0dq_3O<8t_#ltWSvDDps*d~aZR}Y${Gp`_qe1x`YS0$#{Y|kG`o?; z@DP64mPx>GtVuu(h#j`Bhpw`%YoJHl8Adc@I;sosJfG~zg#Z3hmjAzX0~Qcu48hWj zsjZ3VjYOHT*t3CZkkz_K-MH})%mzN+W3E@_qFM(Jr{)54ZmB}ng!UWOnaNnc5l(Nv z#(u39f64lei1ZV&YSm6rk??$j`@JrSJ-+2iEPCHGZ7f^CcJqd+@5$O_Yyf+AC0A#g zOI)#tJ-ioWGFCy>@(|XVXK;Y!k;a36#$l5Sx$qyiR-8TU1snp}@pl`FsP>(8K#D9(I8 zEI>hpSQuLr$XFw*^idKJV>2DL`WUxk$t0_FW20sw!c44z$-;sa$E-7XMcvvRIM!Tl zc))UfuU2r-S<8iz#mJdo6d2WoWrVwV>{Y@3$_Lw@M@p#S#8Bu&eI-_ex%CDu4M$|* zBC(0aH?AJ9%*1GKQIzy=pPuZ&eD6?%hP zXM&5>d4O~G)RTDU7U$0j)GX|AJRh50KdoHUG1S=ehAeg8rGkH{V5>W;^Vk5>l>=UBO7X;#0&b7{eMt+4v?q@04?guiaeAuV%AkD?HG4 zU`iezWFCu$d_F8PQ@qQu|0Kb9lSev%R3#u4j{ZJ}fJU7t8^cfkU3e3XyNSU zl0q(%cd>Rj-Lpn-ti`>o!80$Jx;P<_Qm1dj_VC&d&Mgk6dT(8f^9`~Vs^bk@wIAc< zuk*d5yF4pBUv!-7TynP7(^wqzB^K!`^?gOSRbib`z0a#1+oNT7 zYqf3A(dYLRk65X#YlEa(@6(nS>$oH{gcI^+E~W0sZH(~Oh|Dr@QTD@s0m)3g*9@)CxqcAa%){9)|F!HJ~Ouw zJ984dpife8YcO|kYrzZl$z?LQH&}r<;n;@aY}5id45sd#$t|ixoFj&tH6oJ9h|vMD zCQ%@S6S=Dd=Wgvt!llPhhU$V~9J>Wr(fl@CD~tz#v9?VMb)1NMg|SZ?P;b{BXZpW-NLXe9i**8;Qy%1Qf(U{dDTBq(I$U%q- zM)i;AZZwHS$J_HX4>Wlj1LsT2G@Rq(!NIJ&-@>ic?C448Nq7bS&{5E!-pO)RC{i6$0DgM*4aZdg^Rv0p{FcFpF3S(S$>{*QhXQ={jiSHxkr;S~gCRTqO`0LkLS~2LeE~QG59^{5^#~Eqjd;;B3jT9YIL*$o;FX#)xc? z6bGS^J3NpHt?xj9%GO4<4sgS*hrva&1Q&q`u8kkS4dWLE7l;vD1Oo11Q;?^MwWCi! zD|QB+*flNAmxLS^elhyCiM&?33w$*hECl|?Pio7q3&D=yOm2{&0V8b5h;jTy*7jpi zM_4i!%;$xWrs-LWwH`Z|TXdP8A$qd#p^al!kQkMa5hKerdk*ehFL z32ALpKJI&O77qPzAvp9zu(NHc#IcvmOI4!pqk(MAQ1;5*=15%;wpT!n2lqt^XTC{} zOh$|g<&;1QC*aEilV*Wz#zIqM9ej%c7Y;}fI7%=w?MT5Le0oNXQDNpos*J1V;fp*W zVGWysDdEMHa#?|tdo|our;nztxL{QzIC&O0j2N$5*WvK0CH9Z(3K)XpCPeghevA4b zv;&u;gHLgFM#l*_p#@Cp;)U#z_j}AssZ878T*4ax-C7#%!N9p4JJVI+Twbs);|GqB zVctC6vmWZmaW0{B=d*6K?bY-QtYW?xhLVXJ_80GW%{rdSDj(-OPelxe6bD8>pyB+T zIZi65h|8jkID{T;eD5A=%S-@eZ~n6~l@(V7@aNd5462Uk6NjSx2Oc?WOL z?f1NcnGXPvi1Q9aG#ntlxv)4IzL}7%63UiF+0sahQce!y$rcmK$O+h#WLjnrFw-)F z)n!^{Vscfp+mTgFF3U3W8ag zY_xs?Ay6LYJX}Nyz^YE|{%iPz2RC0jjQdYio2Nlb>3`52BojqeCK0HTa%P3BTdD*# zJ@f44(mTc}g%O*tb2S|urkI*C%0Zf4PI*S}Vh5;kzo`gv(YwL=Y9{LGW|`o{Pz2Tq z8{u-ntGZ=hvT>zV7A0kYxm~h0B#J|r7&wQzs773b1opIg$~2B+@nGs6Q%#kUQvflU z34oRhwun?n#75S5{d&9g$3?#7U zd-jY81Y9Sy3D1}~!GkI{O`g~Zo=3FDT-?v|KIeIID2_VxcCQxtC`Aj5Is-Rr;!f0V zSLGkte*}2Y)+m~O5T*Opsea)EEjkxg!T^Kk{{D4#$)ki-- zN>m>y9U93Q>?54O7|}oliVo(9#p2@cV>mlX;x@*Axujz#` z_|A)i@5XY|x;~@IfNzn+N$|fHZ1f%GwZWcxxT6lg+ol&9%H2f=pqAe2s zhkpmICNfDGV?a`l)2IS!Ff@B`M>@?@;9JhYBiFV@-DE=4!UKH*Q#Bkz?$rXbkv=M? zXT8-DUX>uJ2x0he9@QWetBXoBqM0(b00R$a(El$5LdM9zRVZAEO0Gu8qku-NDAF+_ zhPw+lf@QDZC9I`#u0MpGmuhgFQ~{}7h{;{vcXk8ZTb#Hjw5eiQn_%f5&_Un`)2f?g2N3*=0T zz+nR@UhbC2th*D- z%m714gbf@_t)Fux;KxMi^|K?aEVEAoM<{j$QZ%5%=W)I_FznLtIDjR170=?EHRvU|6=4m|Dsb&(mkDk3&aY0K|(xb&Eq#iu_8Ct`ErAOeQ(5+0o+FJlNpYF0U8;XA4q)=vJU@GF3-Zs5HK#y z)dILVi9Lv8eKu}keZW=fTY7Gv^?~-|+=0~dRedhj_cTX19oH|hKHyQ#ixTfX#T<9b z$nE90o(b*YV#0#AoOdNj0hwr+7>KADr!3`xKB5mb)K(%$ptg<9yH-$A2p^JBqYT|p zF~;s!!$tBim>z{AMvtrg;z!>4QOEGQc-*)6Et`>WwPIU4uSo}+Wrj0Piph+oarT#F zrtub^Cug9ysO@5vPcZd|r}9V~PLu={oQGqHImSC4Zl$l2I~U=+YyUzf-{Ulp2mF2s z{>gDZ81{uCq$VU1V}6(y@&OO>moR@m4P_eh$~j_1G9?0PDXDU^8c-iR**=90l8)3` zM#fmOKHqzz-hb({-nY^f4P?C3#)>(%Ng`iK$sbA%9*9LwT!zHfYV9F7Aijn)sbwd$05{ zKVSdnL(I>AI4wdrAYL2^(M6>ZN^^4^u#K3XN8#(N8%eI}^}WiA3nzNCnteU!J?DH{ zYM4;%c+8v&9{XccOTjlfL{G1$7qw;|jmnvyvVXxAaMXAbSx9H)=IhaPObp%`wK8nH-c{U9)Uq3p=k(I5{!#Zk)oS}d}a(?yH+TBnN^ z7p$s$yyF&yF1RjcCW`?h7u=l(?pD*`U;d%jbhyr?P{<^_aEE|!icv{C6e}YIRV~Ji z&kOg|J}1F~d7$S@;Sn*4p3~0-Eg>M2smS;Pv2#cGHxh7;qjA=YN>8|NSW(Rv6l>9rbq56)$+M`D-f8L4uA?@OpULZ=TtOf$`2(Qy+pf8P8$PAP$HPoJC`^Z<~f(Rii7DV6hoT_ zHH?D?@%eP+-Vl7}2~|k+2NM!-vj02IC6n$?sGo!<9P+=Z-j8Fek%$AaPaop19|}jU z*0ZAHA6&=Hn(ls$15@pC^vViUe_b#E=QyY2NKGtp($F9*GU1Lg2jk$J> zAb2Dlt&CQUBkdYW~XdF+RoFS8`O%N^ok3`2Ad(sY83QO?06>b=t+P#2#h3%<4DJM)glvDmA+P zfv*=Cg>jx(K@FLoCD45IeEH%9GGD%t?e)1{gmu88LPg4<7!A)aJnqwmV}g zydJ||aQqG9#qh@%6tqk|25KpZ)j`SIgGlRNsjM+%zx}rP;VPK=g5NrH?jOoy(Re4o ztckXNoOK-W0Rsk!$ruUIr?4f|7&H9>fuRsEcz^H=U^w2x05E)C3uH9%%#jgVK&Bqb zIV@OKaEzHj*sx@zsjSf$tzgqJ+u6QY**qpm!`~#dmPnf?n;tt6YxT zc~tbq1Cx~@l+WJrk{%fEI3fm9SHES^Kwg6SMtQ0l{iR{BBj815hq35Y8RVXvg+cB^ zbBG5qfXGO3;Hds*Phc6*u(M7h6^4JG0jTg@Es(MdedWBr0St&C3uS8It-*2boyPd5 zSTlJrs=u9e^A)`TM3l`Sq%J`t?~Rm3mNP&jKMD-HI-k?0tY!07PJ?iY^CEp&xbrog z=a`xvZ-?>EAK}Qo?Z)yaO^*2In-_w1KscEC+*pevo=}thXJ-QMNs)tlZ+QQq;Dr!c zHVC|0&NIU24Jvy9Zmm7i(aTdmJ)Oh+d!N7#cU_H3yD#_{y&g>c?0ypv^q~WX%cyAs zBgRTkgjMUN%>wcaTm5~IKu>)GK_K<=AInLEct8BFc(FV+fL35YSoR7U_^sq;*K&IC z;+b-j_glXLiX$RX4EIM=N2_&XC#fEXfpxU38;k5$9a%9?;@Li=MYaza=J&LD+9y#F(_Cgk`wAna?&3cnf$yiir9}6 z{YQGq({xV^y`fWJ5_0xZeCbpWn$mxVU~VhRS8oS;q@?=OUQRr@@E7`D-|RFMeWLdA z!Oj0zIDO*jE=~72R`^_9+uv!_R`|?mhp!9`SYJD1{%nO9s(7psOjh%lHiTpqXn^o|h3T~MW?t2o}rzK7i`Y`CvS)>jV zD<4UR7&JpHnKbx}Mn9n^8tc1508kD+HlL zc}{e?{5k2)qlInFOOu0I2CLI}Mwxv5Dp-3PZca5Xi{^!~TxUy;1icWsK=b=eb0wPIYZSewP^fEm zEfy4?&Uu0%=q(`_sR7UYBU3f0sKj}`2mjdg%MwEH0UCV$<{{|eK6!4D>JzMTEw6@r z!4a}A-&uPHJEk_&!nJ;)AGV0Z(f%;MO-MJ32S%~wWOE$M=b4mnFpW@)>Y!d!Em+OB z&R|{Iv0rG}UG@G9@W}az@D<^uqY_%cI#`>Hkb?km#1aLY|C6O58#7U7^NuBW$l?{e z5%F7*Vu>iO1c!N3guy%wY-3`_FmHWT3MNCL6fHO|5d&T7tkS^IY6T>&SL)7i*1m)a z^!IVCQT@aeFIQ^gYdv27p09ajB#G)pHTiJeRG`ekjH$OXzoUL)eiHJ70{b&6f7kI7 zGCH_a^&5E|XR)e|(*kCv)-M>_o=Ho9HOOba}-qk9&t`b~1B~lY8l@K0pg8wOfFb@m#|Ev0-`!C;6 zAAH<20DbV>sr~4Ki~lJ7u(Kk*K9KSK37A8$k!DbxR&ah-5jB)R11un;mN)0thI_U=dKQGAy}0HH`U`h?PIP1xW-r5q zo8#*d^=B{lR`=vrE(>0RCB>Vx+5-+}?W@QMr(9M}_Bwysy0P_>92p&duAi85G6XB< zBzU!D7$}E(luT@E1}{;vHN)?zF7Y%HZzYmvMe-$L(?E1rSQ+4&t(=oR?`XkE)Cm6i zi5Wk{(a6vUS5VedXWbe&L(|uTY)L*|N|%`pLxd`z2TBL=vp3 zXDyGr=4B8g{q_FS6S00GN!|D4@MXinL&fqOa`@|uPftQ(vM+lT-&WSN--p+rSN7t!3z`paQ@fsOLf9EjoZ79qsbP+O7Yr#K=*OHaxR&fKGLT*>|Nv2H{g!C z?8Y=)@;ftUWPO%X3tkCwAIO+`2Wl?>J$XA8=xH?q^?D_$LWWD20pwiE8@+tOS?Dw; zlij+ z2f%CE7#cm!1Dgp^>< zfO9@iA`|0;B*|BtKwDp#FJdagd@))u-(U_mtym4F@@=z~A)~8L5GC3OtcYL7O-G^q zFqYxIs6s8U(qaAB%NH|lisjcww>MutO2K7ql;H5yT{ zqnR(Xjy1-aznAX$feKdK1j0TiCR2Dk68$)v%|&irGl+Yhn2<*6qjEzxNG zHwMlC+3f&EW9PzT;13uMZlNm9$Y_{{b`F6)!5)jz-wqTe1b&hdnBWLpmL9kn zE{TKAxx9%?!?zQykZ~Azvb*De@ZJe9yM^E6EI-h5yFMET}vo_Rtfe%4Z!+(GKoU8na&HljUDUy96zFJ_lx@Q9g$+I%lfc&`U&QSU9`dxJwSYO%>3xD0pXi#=Fc4 zDh!2T_A_8tbjvl%LjH(vJmsOvLV1{-ET9X~Mw*2oj02#T^ss;~M9VV^Lox?IFX>-l zQ6btWvoOST0Q8d16$TZe<(q{evjd=)bgsZI9X{GD3;`Yh!9+9!c2Et245bTQJ|KEY z-wNnLv=p;2B)eaF^)1!|pq6y404^kpkm&(XOS)Dd7m`H?^Z=-Zu8l9v1K=*{Spi*0 z79q<0QtMEnJOFx$JP20`(IP~70Q8cs71)Jn7KcET2S6{8hj^mg>Pu_!Wv?NdWv?tu z3-vN+HZT3|-KH9oP8J-5dJ!_+;7e=8%!~Y%y@9pFnmMW#(Pz@zf{buLgm4?av<6>x zD+M(>#9CsFA61JeHj$LLQohEQX85ujD6!e?tR>bYQniSN69y2pgs>6f-hw-eec1+y zo4uB`#2QMf7SVNm%l+X{S6CvR0yrGv3Tp^fLg5HaFmU4btr8B0w8A2Slh8LpHyjRW z`&JT%L)t#I#o>@vI7F}#`bMaYfs^)7`r~kjD?%7oksJv;GHainc39imU?R5QdURS5$)(w5IW(pExTzQoXU z*5M$W_0wixfjiD^*rP9`vrchz$m&~}lxw*5u`NgR{>CInN?oDiNu3Ud&^H&`!kio97 z`KwMm&+6QVmj}H->(1GAi=@Kiou4?GznZ!Y^e^V{2iH5B9ZkN}&Vx*DXin|yMx=5t=#*Ny{sfSyqlaB-qC_Wt(+8=}MwA)W z`FS(2ZXVXz#Ufvz$gs-yrN|fTVY7&vMH;2Ae8W3;p-6M{a3MtH=O{9~@;xc?3H#lP zE(hVfQe?PuIa)csvkgTWn-Q{=&rsy}%6Fy6hvWvcNSPEl9>{9o)8R}0PScKx-JQXV zqm-5pcrRD)BqKlQYa4Q8C=OFl29X-E0)e+N?>%(z1`t`gldj~NrQ zH+puC4W_t#$+I0zJ7(^bGAv&HA$kLvRgdH*x=|>eaW|_H|_B5ZV!$c!b~4a zrWHxq>ph)ggQNb(mwb)8X@|CZXE5t*rhg>q2LTt=`e zfn?f~M7+iZ)3bfaSLDV+E&`{KadD#hj6la57adaQ9#SZbl0P0wP0-Hsm@zQ|IV~=7 zP~f{GkSp#7xw3f3iIR`N@Va;yMj%%n54i}OCdb7I6dLaifpjEcd;XjKu$U>6f(Fd!+)!q6u`*TzC0VNisTNMXikB*NB4xNEooF9w~kDH6sh zo!O#s;;3fXDPjEF%ovRyGFnDV7}Xr+i$&G8aKiZJGGBCWg>mE-%s9pn(AM8e`zlH; zzL~u~trPqRZuGKLguMjx_2#tCBei7qd)dp={tXTVfBKo-HmN`a{j0PsQQERO`#@R; zcom$=b3$yZ3v|#wPkWPjtzjYitL#tHU{>z{zZNsEZJ2==`j)i!nAsW{vOmw>n6?u# z2nj5c%$Ds2is)~qH8Zm{I%IFjZb>sBju1wkr>yKnm>?_qAxAkf_d|loQeST)u^(bo zvsj~TNA^RGxzdPbYW72pdSte((SE40fO&0$wI6CMlFXJ(+YenH6_ClbpmTFS)OZ4! z`ys*8Qs1o3SmU`LVl=Q=qitXJLyjiowoUMUsL`VGDl5GoV!VO8F)9L7H|=^;K@`<2 ztA>u7P_Pk`wKb5JHWrFj7cef(DL`0Te8_C^v<2wi7*-Yrv-PDcb}=zVA;K1pomqrc zBTZD`Od+$aCz*DH)nW>>#HdBiNy7Tj!5q;D(gJS?V7=ujo3@VHk4eMC6#F`J|?ykzbbMoeRl=lbLAa5j<&FqUC&t56Cg>5Umc~OBBx{U7bW%J- zIl+&>up%CYes5Q(Rt)QAP&Ney1D(YQkiBVDT%7pQ1Wrk>#3wG#S9@bEs znIjr4nvh|9x|ktaH8s=O6V^|kF^8?61S#7S6h^0;xuVetBf{09F^I(Ykis}|qfRVN zjdU=Dk;-6}7^L8R3L}-t4ADrDF3n-2vX~TQMN;|CfZw4e028HZxY&T@p=|$B$p?oikUf;yKMDEh zQw7F{n*UTV8-01e`A`#|DyhzN_w|D_Zx-wa+nLA`<239C?|WE6EUtbKzmFMdclCq$ zLIDBRS3j6PjC{1g`aycJst%Ia59%*SM%y0i2kn=UyB~y?stON!%ftaImg=E9eGN;9 zh1L)5?=mBO_XX zb3`Ks>NSVa%3_9Sv}lcm@yTO`XnaT-s5{%0Hi}tdv9do@gfYrzzG&SW#$_}Uqt&i_ z;!vca;UC7Tgn6T}Qs!3}uZheOjhEP7VZ=(ABN{P~rZJ4xBxZ<4i&j?{p9*G(#)qW& zEMkPLVwPB}YKF0osTh7APg_S!ZcC1A0ub5tr?F_lx&fw;D z2J8>9PI19D4(ul>Hg{@Hgg6;VCDwT{NW`%cp;Ar9h7a!Hm#w%iX4-O*l?m@6PZ0GIJZI`8*BS(}8{5gxTDgj=i~8m1+eW zre)!1$TBT(ei=80-^UX`B7niJj(_9dPE}Mkp{boK*hzaacBElZwP56BlO3gIlO6XO zCjyD~v&@|!>a%n-J06vb&p=OALmkNnb=WYhQ_dW&Rfo~QG4YVAEn(m@0nk`D)m(E zxn=ZOpI`Kts%Q2kM_s(2JoO<}&tEsxo_Oq=ZCA6NjwLbuH~nJZ>n6ULPzu#Xzs!t=OOD41HbUfmFYJ=BsS{m0U^yyfZD9|P^*+u!`7>3dnP_C{On z9TU~wa&Lv~DKwU1R}tEL@BKryc^=!mU)nV3?X3WB9U)whB^1N{L%H}QdNl&}12MtN zEOGe3S=aaZ4dvW1WS-xEIJR;}oZsLc@c9ky{?Bh{FXwjHh*KlX^Bc;zEA+p1e#4$2 zU`Rma=9aN4fSgA%Xo|wSp3477#F{AX2-=Z5@O?L0?ZOkZT!R*V|9MR z3<_-*g|^FB@$>M0ZJg`C^BY(pHo3}C4lnV^=% zVMF7=4w-ym9qiyx56=0&VFW7H%Yz;G;Ytf1?0}}M(S%ZG{O|^~kz2B1!>5~N(SaIw zf99GGsAz6Zo;;X1*EEq7JlNrc`QeS+0ztfk9opM>Lp~x8b`Vs+G3sE42;|)TAQyFN zMc>G|iQFaEe?#Pabpt>yy&vR^zg{Ek_oxcSoDPOt7;#KMSpNq7IjxG{9#H)D1h62# zEn*0MlMuVqU&b^4xMRIRVk+Je5np4)!8nT%hXRCDnrB&*Ij?AlV7iZfqWBYMS(H_W z&$76mT^@Os1#NS(FE=xnsZks?Mx13)W?nxt@Utw+dYxq|QU<7^l@Xq!jU_3LITr z7QiiOyzvQpr}w*^wX6}lEwK5zeo}@P=h|@7HQo~hzrLD#t|`%8?o7wF_4AXkl^@Bx z&rXUt>L;C!oz_=zr?tECo{pO}tYu?QN~wt6*mjMnEdpkb*EEq48ebs^+DCGTk9W*P z+zxpghxoPM$YU;EoFrWMj0zrC!6FGTdjGDPoX(z29liH9M4=^&IX6p@4wd&q70mh} z_*aX|zpyvu{3jSBBT>`H9Bcvp{9k`h7@ash`uzW&vR<5linK&y!E=D_@kRLAeYfl- z{^XOtL+w>@1M!E5)~7y)e8%UvykL3iV~9p?AU1aW002dt{}drlb92gQoXGmcv;t7N zW*6s(6e&*ZC{hfo$6Q26oO5qK6)&-fk#jcc*L;Q%JB~Gdsd<Hfg=E`Q+W41Zu+rav$X8v9>?A(6fYUv5$YUg;}CtG?~e4tZ94)+ZkD>DzpXjc6$_K81~@_!5`%w!WI>_xgW)EA9)F zMmL&`ZjeT|v(Z*I`o2HgV541ry$5_PjqdknH%g=X{Mjp2qx%7YG`i1fbgM6M8CnXA zcd${151Xm6{kf+3?E?)j`t`Na=sRYkYo*Z*Y;+A9eb1lW#zqalzSoc21c~WxfA#@s z^iyIcnC|xL`=rrNtwy)_5<_SyFg~4)ru!0`{MbWX)AZP;7u!h|l6RHaD2N2|u4SVw zZ1i1!b}Jig^Xr{{{eU#O)1SRZ8g2Jy?^BKL^y{BWqwQ9sn|+B5Xelt>#YSBqwjUeG zYZ|X!c6kBG!bX>wjeRXsciU*st%AMtAtLJEYO=ez@`l(;a@j zT^ikPHM$8Mik1T7GuUVbi0#+AeKpHIJ^IrtNftJ`-)s~_LZcxz+RaAa@x!N&M%VcD zZGOE&8r|s6{y-YtK$eq6Hwp`akv3S3ZbXNorNH=1Hkt`y`}HngP3X}%=l+IdVWYdv zMnNPrx{r-^vC*~u>;^Up#$NB&KafTN$R=qNiQ849?~ozMy=$#TH=sk&Qeb=*8_fc- z{n&S3)9~I;v;Io5u+g1nqaYF*{gjOwY;=u3yPJ)o$lHE>lQg=@pS?~R#f@_tRHN8X z4;DnDE3HOb(V=K5Fy75Z-C;R>YACvDu;ny|jpo>Lns{~Xw+3HMbJ=LFEvK)|^W+S^ zoQ`CpBW*ctoRxmr;LB+q8_l!jwCX3XRSv$Kj$)&uY&kvn?AGeRm(zSUns3YL<3lz- zH288lnvIUO<+SS4hoB|~SxyV{sc4U;az7@t^9Y;-;%U)0c-Dkg55>Ek$)T0sN-oTS zbgxVPNkU?)Ug)(&I`qqjJ{)wBE*u>LAHF{Jf-hIWmqPgbw)EGX_Zr5dK^~<5U2)*cQ}Cq|zG7Rayz%FBD6&Bw`wMY>Srq?e z#DQ;=g3m?xN^JErWn}wlgRXuGaqV#we3^0J%UAGa5Wb1Frg~~_)%k<2sR~PC;LC~w z-)IG2CgCf!mD=Vf7f%{=rB*mG20nKj_`C|fEW$U*)_)u8_e~#s{Z|?TUrrqO{0crd z;VZNC-z68HvvBbB-=rA$a^t{N(B1D`hzd}Rv0(S&cNt^a;8VnoK^>%SQ>@cHAwcb$UI3;5<$!+U0{zg;S0KV6pwF8tAVN0itI5y)?hgiC3kp?Ype&99IF*Ex%1`C zBPR^HE)>GVKv@z8$_fQ#F`?wfC|e^QGc5noLDz^vm>4K0#(}a*L0Lj5?-3|X_tC_u zM_fPXdQk`y17&F(C}$`rClbp01WME2^y(2e!nzq`f0Ga<2Fgispq#0oEG3i+1xnLF z^@EkmY6e|L3SnZPEb9%W2$=$O5&?Z!05zRj^F~&}lQzhcWuZ+Bpx4C#lnO`zT1G$@ z381FK`p?Gej|{rX6xzf9S{?^b>L3N^bp-TL0n}8S7u;~%;G2*07NN-)Kqtomlxj!; zT24UuA;-2OD*_ilrUuzDF0_dOv?30m)I0gRewMn;1Z6 z#sQT2NC7&7fbyH9ZEMau^Qg}TUyqVD(SZJ;nn3mPn9W4OLvR}eTvMTbJM`$WgRf9Yp%`#QdG-dEx=DdcdS5hbjTv4RG!KExJaETAW zeM7)CRqTsP7mpfz6-x@mfGg^>H@K8Y1upR+xN8Jl(^P#vJ!|m4bpC(DeF=P2)!BXm z84W@@L5YnDn%Jm8ttJYZSgaFF@J53M#Tpegb&ZM|B|ub`#3YdEWB@C+wjXV=YQ>$l z6j9M8AwU2Z7G-k*<Dy0IK_z>K81zc@zFMf9YrH9_!l0q@yifN4pmrAL?B|Zdqy@0EO*UOgAy7tf; zT~a6p+}XI*h0$&1Z5rJ_5Fdj30gjH{-F43y6^GvLl0q@yih+%%E|pS&I~!*NcQcMo z-~Y>prdJ($yGshifGY+z9$YG=0+;v@-2WADwcWkvrl+b8z1`i6CS$-A0~-%6&6Wa} z_z+whN5}5=t8TA9^mdmNiUC&)Y&^JBN(C@M*kxZmRF*xjAg_rgXT z+SCCz(vlf&Ju$-#^VbS{VwRg9|2;9&&5!?{nC<4re^1PK^W(oKX1)3G-xD+6{P^!V zv45c-GvK%x;m_vD^f~WCTi0{?rk;gY+r~+Gi#YL)Em_!2Flqu`aO97hEk8bE$A|fQ zz4brpi*Mu{7Pvksa4BZn4eNtXWE2K2#bmo*V6xry{TJ`Q=WzUAmVuwEeE7KmlT3g5 zkHqSP#gp#2E1|7*V#4CK*0Bk1wYA=r@LpT%EeRjCZJ9XilMMcTp4+x%?66%pA3JPc zF5a6s7+?LWTk7N7zhpv?yL<6<`%4C+vdMi0`ImB^iO-MW@6O(ZJ^K&p^-kNCBJYx< zBL6$G&r3>C?$<@R>lS~vzfB4qR*<<4w|Kt&=%U2+nVY!i^v$HA+|Q(Z4;KF7zEy|g zMuESrAoI(2pv<{vt&^6 z;!nq{K8n{ndiPpd8lE1-NrP!@kNW_90!Od-&Y!xn$BZ4JJCQkc0(L$>p1>}Ax7 z7YZ@&JQXy@mXK?EV0*}+=X0v1x<`5ei%+l&eB%CQf%M&i%r+A1yULZN0wngB+Ei)!osLsy+NWrg`m+>0J{K>P|?SVMoS&IcY#xzIG+sc0JwmyD0eAgW$7JY z-L}Oi35hU2Q!41;ZxU$nu~LiB-gr{NF#&aJ@l*RZ3y5zPWqttAWP{GVpxc#@qzp(> z$)F5HJ#Z0ll8c3dG75XGYuj?2cPSR8ZQ^YqUIBRX-G13bXgfdz<3yNt0-{BQpy`(3 z-nWc2;lo=f?MTzRMVaqLNz-;nkV~363S_D&u>qy<3rdv?$|~&jj+UmSyt$c_D##U~ z+hwE)vYd%or^}TzLBbtr+6)*rInvZtBm!-u>0L@wVd4%-6GRCDmH3SalVZx}$MhUE zC|j`vE${5zYh4j0x8{o03C9#~GDWs_iYOH%VnU;#$__0`=yK1}qBJ0ophT%>AwEV) z@uDc*1PO3NslfkcfufWar9$f6H;|^peM;FvLY^JH!KKp+do2|~DpDNO$_A9F0DyYO zVMUqmB(`RP5k`(Si5#I#D4|P^_7aROJqls$l-Q?rc8-VGpOkQHA*Lhq9wf;Iy!gOT zQD&RaZad@;Heom<$tRNJi#1B42KjnHF0S;pbzzm3u+5!aS*0TH+eVHy{~%V08h41S z(tF>}Dp`(p|1eg`x1a3!0j*NWp|nbW`wq}XTczz?TBRb$Qn|=ddAwCB7ppYfySNLh zBzoDkRl3gmj*+Gx#46o<2(8lE?_rfH9R2=btkT!}lqmf`R%!I1v`V)NtkG7fqbsXq z)h?+)#A?;_fVmhwAlv7 zBTfa;l(>DyNDPf2yB9{{BE&ST9e1|FAY&^1K7C1pEg`_JqY+B61(bmmR&f-r5d)#T zL_vs`qzUY=&CmyN4Z(po!0(RU2w5}&JAlAD2#jq9< z79#)+#xIP880wkmB|3CL5Te_V00ps)ZiDVn{PPa90aT@pk9+7)N7{H3!3+Wrw1K!r zMd`6o6{L z--H+l4>SshCKyCOl!Q;4(S}4B+kug=9&c^#p+geEsEr6QLPqEz80}C|1fm2s0m;Je zPB2D@#&a~WPSNZp27Nk~*m1NX8SnLA%z;3IIDlf{JcA~N6(pGs1nBHhorwdA92}Il z7uiB(lr0I}b{(xmi}!lys6krzfJ7qOv7UqV!<{1xf=6eM37wbE@V^ZT#NLnhp?~7r znC^}ednAd61rAF@XXyH*#7mReB}yEI1xUmCB>p0mJ)=bSjPRex-Vy#2ukX)Zl9i9O zOj73uJ*8LkUn%3LL8-kcbLg=gI&JLNi`scewK4tBYh!=7ctN9kZTv4aFb5u5cyS0d za1h+DU~#B4Fz--n;1GC7q0#|0(9ygPyU;x51^!Fzn|kTC&d&QrE#7<2Dfqu96+h!M z@H06Fxrf9Z;}aG?AUTVx6FzNg9g*-wTWfK`*KMr@3E$!Q$63`0p&L-a0kR?CC-rvd zvf@$aTI`p<-qjgey@cDAMAl1k{U(;ccC%lJeE-%g9={h}-M+kcH(QZhjoQOc>m4Sd z>mM3lKej<(wE?p;3io@E`d9bU8-qk|E@JQf3f0ds8(2iu@10VGKm%=H>lA)CHi#dr zBR%8K;}cNHMQo&8*12Nsxh#i9yCd;MV=R})>fKQ&!Ef+d0D&vvWz8^G!6(>jr+p2> zOAs5Hy}=ef!xgG%Q5EE`^iB=)E*30fZN4mB?xXi^QI&h1``2}Nj4$;{^)S5&cKNSV zt=LtCTQqP#11m6!6;z?_{9WFuzm+;iW??&lrmPydP@iRH^Oe@X^@L#0daI=apA}xu z8p^H2m0YktgM|lvWcl$?4tcLBYc`Jo(xtAgY|*5%u$cgm;wBmStHxlTmr+^e_yl%( zr>|yz%2<3?nmc^7TmBuPbS^sfw}iK<(kvL>X0OhW^}*Mw!_B)OQuoLwh7D`v7{eb~ zz+bl&Odk!5!5{p1)(_LmkAak>!~uj#wdc;^#sOdk>60E!A75@~vA-jHnAN$&>Rf8& zZ<=^2KDPa%f|_qKs>1l~RrM);Q>r%M_lT+u#re%+&KTC%C$YG*IlQ7cf93dN$g8pv zGz5_#5kML2y3>}o$nH2nFsoIEU+n~DgUzNi5qyI6Ss5gZtS=tw1#N4$mP1;&zPOA> ztS^>h!1LROo(JVq8s(67KM!@^Bzhn6@GYbvD&#eMI37vRN;&7=5Xgj9%f$ppXJ>mc zJ`%23UAH+=*i2~(7JxUP5i!ZOKOE0R)DTqe9C2?7tM~L}d!6kTvQbhwcI=s2|06sa z2eUHyl=JagCrpvTd#mh#C^ae>+t=6!)_8oNS>fQ5RHt1Y%&Q?27$3N zW#?w>P3Ewcj`jBU~ zmnLOZ06qAJkNmJ|!)DcP6$M~kR*gKFz&%J73ItG1&oi^eCltaAUnQJSt-6} zf%VpF6f`jg!q~MM70YaAoq{~}PXU%7hQ5X{gBaSbDq+TFi3k$Oh*|{_)<&+={M$!M zd&ChGi@EUppNm{6lIxPb(RO1uy75Fbc zjFKlnfU2mYLC@c2YbAgkkgCZ7yHA-*?6adewbQ(E z7?8?C-Ch{ZXL_-y5oS_-p3(`wHk?YTNuJIX#s2livej*Y;oP7paxtKC49k=ExeVug z*=xx2*aR`0xyuMrQ*XJcts5Qw00QA(V-0L&^Qy%?*1#pj{_WPDkF1vcu%z4hNK`Iy zJ1pC+sIdeLuNa=Vsw988w!=2XEc01br@FLqT~Rq6ucHngRZD%fHszv(akV z3xJnXp4ga$j;MH&BDj)<-^lygDQGdTWGRtxa6)-10mra~;*KYq1!D2y^_oibR6ilY z0ftn7Hji51qncUNkQ%AEDXUSAGqYyMaaPu2JYwLmjK|uxavb2F3K<^F)A-EH>X7z^ zxC|P6#HSBXkWxOAL)yQ1z*Eh7v)PD5i4$Z0$lA$*p`IP zG8h*&yoaccZwU`U?Dd3%X6jQdIwA;06WDgD{Q+`ffbW*EFW^<}Ow$ETG7?s-nU#Pr z*|b0HxCqoxYiJJ}irHW=>2k}z#9FmkqQDmWeB7zTc~3a7N#`@Na=a`-zV=VbLV!2K z9dyrj43Ga3GcFe2Ncf;|o8u>1w6%9CR5+B#rVT7O_`nDzrgrP`wu znkY{^_)Kkl+1CvWm^YRRHTWNLIDbA5()R_mG@(A3OxICD1MQi{=ZWp1UD!}6cUkCa z9Ju=!^@D#@ZzUgES8%Q5AHfiH0@u}|8}(i5jF9)QD;oM7135MJY-{^Ms4xzAj>+M0jskPwwxeKYMbzw>WSq z`o-3sO;$@M%wIDYeA5ZmW;^gFNOBz$7QBQ;5!1O}49>42i|Fgbo|FcgY2I;w*hyElB)H(QW?c-r7bC0ehmgVE+fNJ~nRTS@7=#*r>Ol6g8qFQc%WY z?Eb9L_}?A_5B8I*xC(G!&&xFr>n`-t1h#0s!Zz6wcD_wo>gyv7F7@fge9{;qn1z$M zv8+UC5=S_A?Ai=GYSsR*sS&`~#s81?i!CFY^?tE9w@Mk8Oxr-K5G+gm-uuO-9(=#p zSB~Tke}(M&p%t{M_lred?*HR{v47VQM~1Tb3|n`Q@BZatT}DBpkR&o0qK#JFC(T46 zkBO*;Ws{IU90`nq*Jx68yv{42vvlqpu?qi{sFlP3GqS*ctHP?s|!1$(g} zG#@wZy}iYt?NW!W>hP&LO!^3l-~E2Eb5%0%Yzj^7)|CK*$v_6}Oa`js1h!|oi=)jR zv42g`yFLcBHM4u75^pLL*xR>|=11oZg6J#*W0<0uDz#)bfZfbi*prOfBej`#k-#9e zP<5%YkJJ(BjD1Ebn>B&D?(cvjmW5te0@1()NL;VeKpKhKHsZz&USkUZlhId-={Dv+GZa@@!qK*4u_5z+ggew3_u5VH^J2$G?$rJY?0D(KXCydebb zW*^kXeah*WeNa!N619BX)ABE}*4V7XI%YR=1C53K%H12Ft|w^(N~!$-8=#&nEjTEN zt!mgq{J>ftj&fr0#G9HR5|rC)1xvC@!`_z9(;G)7VWg)e$qHVGZA?3oCSDQfOW;~I zW4F_eRBzo=coBtsG6+z&A9tE?$G^7abJ?=k*EljS5qUT6jhZ^2r+w7?_nD4ut2@!#2!79aD@3tNZ^sz(1IigbsxG& ze>2j{*z(?UzKt!-hZp#lC9W^X-7qvb zv&S!9UTPO)wxBegW0t}4mR5WrVFNb(%xxJOY)X8;G9#-X6SZyN?1RF@Wi2gz3;ZpK zxU*_#a8}PR-+sNNAQRuPZ^3iSOIXpe=xDT_xI(x8l6S(_PWzaz5ZnH#OQv4rw2yfV zvF#re*gIP6CWM+ozs3seEaJktGV52KP$fdm-Z9}oc6Qh+yCpeot;kmr^mPd z#=22{r~RDx_D}3P<4&jjLGkTBa_?h+U(-J?zWr$z-v1Y;{UPz~XC}`pHtiqgYM$Jt z6!=#c>;a?d6K*`|_}vAW8&MXI(u;a6hZJD%&;snM*X)5fu++>RzQ6mL3o=^)F-n~- zr8X2Mt}gIzY-#NUp|QmYCR*8rlHMg1Tj3asl=&s^((l`W;Z0PBi=g*_awhI9v3?Prg#H((7*?GCQ? zeQW;Zz?Ibgb?Peo+3rV7c4b9)%iOURF z2AT`1Iz(_o;(7{J?e2T0QlwxOXe+4ay=g~UDNiT<@(*|6VIE$ip`ww&r&(4diX8RH z`}8|JOu}olQnWBXrUhHUHVZ$0<4HVB?Xt~h-udVfJnY|Po8_0hwi^$#yKJ*^;XmKN z!$DoPxn$D+WYflWh34K<9{(IK_UW?8hMaBh;$eE1O?n12VyEe0SzR`nzw%uwWKNfD ze)_xjKf}WzUAEaV;m;@FVRDyk-tvp*+XRys%JSYT@J^j*PpEw2z^@8=fj1z3J8J8% zp0+fD2yi9j?{7O#y|ADc>H*`Iqez}E(s~4LDK0<#lbO#I^nz@F{WL=TbdeS>ZYf^p z&wk|Ff?kji2*C;z$-T z-cwt>^H-vqa!$=N3A?OIqmA8$Q- zPv{@WSBlbiGIB+-Q^v%ewX*^HM_iJt+=_& zdq%r=3f6*jq8z}HrqTa1(^VqimAb(LxO1_iKHl;8YQ_WXQ6Nq1yRp}H@Z0SOM(y9c zgAlovJ+Y{G);py)N1USP?>N-C7a=q0?{BHwJlVgz?&Ha10(bxhq@CWU}ys=}pz06iWA%ES}-V4G3t3C<-y~ zD>Y@yWFo5wdi8Sf8vlJUg`;Pa;z>4mGIftYBRomP%$S=1CO8SE)UeUI;{kxwff^6Q zlmx?+j95Y>RY{MfQ}CWJW5?d^Q8VL=E=b8D1?F#YnKG^S(`i?)x|TA z+*Q`UHZ+`_v77gbpxpHq1ZBPMOR)(;E=}AG)rX$r?rI0R?GE6r??)8_fcD#um&~#U>Ag+Dyluy73XBBVJPljSH#Fs-tQxlHKy;cnP{I+ukRJ1BO-8uZ&S0H7&dX8b$vFW^>$FF`7fC{3el3Z+n=;9dwv$r-VaD3r) z<_Q4hlhw|XKiHqG02>m)?r8dZr#z(a&v5Yob!Q_D0=SSg9x$XYNSwbB@cLJbJsDp> z0SAQEeFO>s&bEfh1SdmzD=-u_2v$@Yq<=bB66EY9zHI3cD+Zy)SI|5%cJ?sB_scl= z#v#ETmA^(M845Pk;{()vbk&kmLZeRl_p9Y#{@-Hd?d-1V^F!Ji&^AF##=!UqK*?Rz zGpy=mEk{xE>zz{9E&ag2(p0Nqb=C182gno!DFoIb7MnlJXG zYPEz;Kn^Cu>V+X}lGmxk_5j9EIckZ5Z(O(dKI&B5(vcB^?<>o?!*|>{-O;besSooE zR@syaHwkZLmGipLKdx9uoxpZ9I1Bv)dnxzKt+(=7a73rou*zFMg%_MS!M~c^)z%&i z*UR(*8H4MeWw&x5T7pfGVY1403|vJ*ffX3h597c=WzzdMEX$j0Egj$UnY;yAW7Txs zH=R|7TfejRd=vIywilX0J3i7n16k&5Oem4@IaAdoQWYgfScC}$Xwh9f=qWqKNj(kt zt4Tdwc$nmzO4`A=e}Q^k%hx(!3;MY96RqTsI)B0w5T{{P)!ifuNU~=KAcI$txga3O z4nT&|{c2m_u4?vd09^fq5J!^`AUO!}7R!JREC(ul=3mMBNdnLB90H))yojtB^i>5- ztN_^KwbaZOG~p@4eFLhP#>`rsP_T0H0pAQl3(wXKpg&xiEvq0TIZ9| zlTRk$0ZgAP2wk%M8YS_jcz58GQWmQUaI>mZUPik9 z90l(ni%ZU?4 zZ{)|*-bWJ%=v4|i`IBmAJZPp4;j)wj2l8U4IEFA@(;o^8z`Jk`diFU zVqWg9iP$)Q6xByYeK;s_31*p>!1v)N+5X7k8Y<^U3&#v%9cZgRCfQZt#r(JL`(yY7 z!c!eLatjqMg9?`~vX|_T=;WO?aPtTkH)H&Tcgo379njc~zkufW$Noo%fAlu&1f|B} zt6imnsmLQK0Q%4e;tcT6hGV?FhD5~$++Z^(1R1d#^k@_$Q4`EZ@EfJ1o-vBaUXStG zK?9NMaG7H$^dZTE78<5DsFvxYb;AH5(lDe`lhg&mOcUC=m42-Z&7%frpYn zLi?dbAm-~4OQtj=N?yHFWS(H0j#%FLfKT{-HomrYWC>`TQP4ODvol*UPcpf4nVJ-y zzjxwU^~=U?rYzwF5uP55Ed~Km30dX7RD`)a@`bnX-x`xG|Ji({l%pSN;20<6z*mT= z2fkZd0srtQVE_tI@Q*tyR^L1yT>b)h2@PL^Ogw==V-ln|%6kXu4KL{0UJOBfkO0O4 z(5-aLq-oOiu`2MA7A>TwTZ^g6i5Ox#l{LR;YVLyG;|9gSd%A)5LRchYAz*GYSg)qU zf)><^Z_V;A8vkF$!V4hl75-P;tA=hNdl-TYl!8B(12u#_s~xi7zKLw+jZwwpkop-L z_p8SLo%YvM#p_r4yYyKnsy?FJlb$MD-b<#5`++O0KI6^Lmy z#k88kkTeS#^Q#3CZ7EoMIPp)XXd5`_@L4cJ5L2D@HP<5WRatfV=bA+^#-HR<{4 zVk-4YB(avTQ}Pm2!^~}_SHXoE2ZcDjl3qU4Rw6q}kQW9(dX6rG1 zQ$r9S;cKitpIeEXL4CaC$INf6p&7W5w_83rfoB8PS`E9s!G3%XkI?LN7Y39Vh9N`CqIVAUtqs?RA#kU_Lt*Ot7J!z{RiNIZz0+1fmF)x7`x;tga=)p(4$9DuT-d`&aL%Lg{?RN3b#= zGueymhXGb-G!)c@Zgjlhow9<4CJx3tDlJT7jukl83gC;_fd`VU{1sLA=Ps*XR&|e% zBTxo?tAt)Yfd2W8s&nKKbmL-RS(ahtZy0-=cmBoM-ub@lJehA11zc`(_)GjlZz)k+ z69xB^YM(LsODy7GXuo@ZJ?`H4_VYBU1IOmC7&|;*B?YcY z!r28XOt}WMzZ^vNf&PoCQgfT57gH;;FsPwF8){AftNv%aSlbI z>A`r(MUUKO3SnM&AVmp0pacZ_KcrfruwGwIywMc-lWui3tBm`Eci6sL_R`R*#7jyG z`3gD?+DF!ayc2(nPH)l-4(dFty1iR4Z!0}v5q}dSvsC{(cwf9B4qp2GczAD_e*k#- z%6|s$zaww0E4r7r&wkmByuI*`1IpX2(fn2RM+qFX>sV^37BmQ0;2N;?atPYWt^^Hz zeef89Mm?QU5hZB$$poXGc1H6XE~8;t6)XV11$~4l6+{rB0?iivl{&*o%#7qHetV}p zi2}gEiugx1P{!q2vsxNUvM!j|lPf+UU!_)H1Vr{~;BYUXM2{1Y;zR;G$dr8~B22yv z`y@SZF>j;rp8pb<+$+)pDRb|k>$`&K|6{RY3ImaaSr;^7+8-n1h(B}8bL!o6SEwTV zo}D!hYIcF6W{$~?!RKLxkB|7|(I-D%M7Hu-KZDEWC1@(S3cg#{ma)k0fkwi!qw4ogxd5_&HY(UgIq3mH zGie1DRdeZG{n0EC7y;=dXX%Qn(@TOrSvpx}uzImj%%GDQIJvOM_9Wi1x&HUtV>x5K=y^a;1zas2;G6B{mfs%y(dlljY0s~ zh!fPBwG#lu2k4qbEUOaH7=AP;`2-VB9s5TL&>BMGP!0hu)01@p<>`2dNBDpM#&F2d^N}tCqH|=)Bh~; zgMkQRghiVb>-QtLltRjvPA-wAnAtv@ILbp+bZhZ;Few-o{ zL*J1Hqwi_a^o1N$C%g1>r*}HHmIfA7Mu?T6uOu2la*${U^fQXSWmw|UEq#06A@n_u z1!CxH1)#|oc{tWPKe29mVpj@_kjU2J>y~J{sKQWuE-B8nL4*}@tSJ8V?k*|*_D!TX zSA9Y9A^ug-N*hh_y|j#=_?4viS1*9#)3wq%-Xf-dG@(!Txh1}ntToUkMcMkTded#5E%ki&0y>J5< z=5g6Ma3v?I=rrNuX)3WCUGh>e?)D?KO4BV?UrKz-sOi-aO~1Fo(R2im%6$SpI46vU z{i!9hrLnhraaIMCztW}rt+y)WuMRJf?th>Rz*ho^2Y|p(AaF4(7)UKJ5xQ*4&v;zC zJUa#VY6qXg=%DFkp#+B+1atANsLX6`F$t9pLj&VL4VA|q4lgqtUS@cpSeD`ElqkwD zu$6|yC4({%C`her+ple4_msKnHit4lawrq}SmdD}P@vmbbc;d%V+v>-*krO5hz7d` z_x@wBS7U6PEp-p}>{}hM`#NAlu|lUrLEg)O{3Cn7a}eu1i~<>vj0szTev5siBJoh*#*eh>x zz&?;X=R1&pWDlQnV0o4$c3s7(CZ{%1%HiM+EcOT#gfrmMOYih~WP1Uy?4DBqP8_5AO=;;a#M9c$ExD%@i*B z6_|VbjB$q9&;! zwy3@7DbV%VsGuN*zB*rA5#3*c6K>JFhg`t*<*Pav7Sy0E?!ys$PfnJ5r@zS)f4jwL zH;Vtrw)i4z&4^7Y%E%oVh{f{^xym-TbIeJeoCGCsppY!GurCcVLiA=5LD-u)8z3kV zgr*eHH=?IfRtxov0SGV3pfF^g6{y$P#W+viVY8V zhfAr$5D!vCq7x>}K-zSn7)~!&4-Zqcw=MAe*zYX5*!Zh9}+N zX!tOQEY(MrC6^#nA!wQZ!rBB=T&3SNdHdDl_uRg2-j*u_tPvh%c5 zM&vO<&x}JsPlTx;o}nkBO|zAjQ8~#a0eVnHdbhGg2*Scxdis$>B0XV*P3KE*6%a?& z7q4@udXAf_$Obr6Ri^UbRNQ&3i;DB@o__`v--yy}#z;~0Y*+Hxspu(9Kt5$874j)Z zz|l;UogO|NjM_1Ej&Ch4z{$4G{)SE5?EBoY=33> zL^)&p4yD@oD0K1d+$R)W%awIka>^co6J)E+<4QEl#TZB`_Lm~jcG0Mpu%SgMAX1ww z4G)e$(#_j|3ei>cB^UeeMalbNum_+djP)JG{;QLV(Tyn%6pJGpPKFRc?|kUzEZIED zJO8-6jowFF;aMgPg!mUUrWQ0}(+ss`2shudg>ssbwQVFYMSrcS3@Pf?5~H?u?ls#w z4eSO|N#~ScnhjNqE_1dV^=5L|EpLWg8>ji@)e#vWS*UE>>4T+WtENd|t)cx868qgh zL0mSu0%;vkN8|w>IJ{0T9%!6leC4d$_78Y2H71KpQ zI#HOVbbAy)U>-CNd0Y(U6lR@^lXIv}c#(dX#yXJlMSpI8!sOb|v~$Db`m7o@3v*qD zzFxUx%c9w zqbDUG3~AuL5KB}!(8aY`0nYgn|9GDacPJ*)3os8Cda520g^PoLu%{tkAm(0~rchD9_`%a*C zTi*G7>sMD{mX=|;@cIO9M&rD%6q2rGHrm9r3`#RP_))L)$H;7W1&9^;3}Q~pT}omx zG5YYQCdWcKbP}U?T&{8~*%Z{g^99R)aX(7n;ag)kpy3Qsw(FyI|7K ztcK1>XO#qpc4G6`G59pp$Tb~S@PPVY44@myj^0y|lq(iq@qr(YlY1R8>Y^ z0x7>uH&*3S%&{>qMK z=zd1^JF8BFJNY2SNUMM3B4oFOLwoxc!=7 z4geE$PO^?wnc(Ho*3xF!ZRib!1}0yPH!XnNC199e!WBvA;l&3KJ`aWA!B`{6hB!~U z2+UUd2f0FKdv+Bmqx0-&vlrU=6MBW=-`oFq4A7UdJv>L17;mIO#>m}~xy#h3BL)U# zr_fX|`iO8?Bui^Vq3+ z&DCWV!wDh`hUthB@I zr=gV*7vSt?oN}EZIXA?VUOC$HMe1M{8M)N_$HnzL^zRkZVkwm=)~n-_@|-1QsCQ8jLufFp(<=!(ViL!fi#lu1%WOD2a+i%?jZ zODV%*GEBs|ki%_5Up&pD4uOr#Z#b!&(?&R55ce2vb%X{Iuz_sJ_Vmk$6JE!7*%Oaa zpTTE?i8{vMgSn=}2kmhmd5kB(+DK26bG*{LAsQ}339{J@nIvxBzL@U2w2>`5|zq! z;AlqTQbE5IQDoU7`&Rw}KYFbJ|c=4_zT-eGxP zZ^snR!*Fai=F3~yZUqbbVysu<3{+Hy35C$>FYVkGwi`{}==gM{^8ah z1oaVKt{wNqB6#bIP?Gki1*@2JFNOhS{fVq0pi*8SConQS4G!&Kv)o3hdtp|M9M!@D zb|@C$8k2~SS1d*Ut_+6u$*g9%H#!S95p@pda2309_^INy?6A8f{yx}{80LUo?o<*V zu>ctiBKXKbi@Ypl)LLfWfi(qMXei(i;Yz~JmLpPp%cV++xdSd88;z5sT_VXy6&urO z6F@Pi-ue#K0#U1GR&d%DxiaA}1Q+|}*L5Uv_nw}x6e)bUhGmdYgvja5&=G(N$!pul z0hrrMAeL7^2tZF@1=P4O0k{A)M|GJ=gcF|4+E553>6B2vqBKXq9=}7uCK^ym#LMCl zA3dCwcx)eL4>0{AbgNii?cJq0D(>1#RKJi!<6N!K=_rQ7N$PMsU!ooYh-CX2DXar6 zP3h3fuvxk9=kCr`y+q`x(j718UmtoAj@_Q|Ff`=aXcr%`2f_NRY*eB|wz>~+tKC{g zxr4}-@(7WYBZyGVYq~A+@l2FedumS$$huN=MC3W9E+PzV*om8vXPi#EQ=ZSvs^D|n zsPBs#u8 z6%#1?MIAYLE02|uZlQlLF>-sE$;AjS}35FXXf-BE)R0t6hAhaDA3ql<{ z(dP+xX3mrKIm)gyW!JmPZg!p9<{Way!j>P7pQ$_Ex6?MN&@Gh!Q|VFVTt1;tNRXw^ zn@u&i-)_!9M-~?Kb*gOL;Ht7&RXM{{`IvbX)y#IC&(Y^-zS5Mfc0I3goi|3xmYT9< zuIJ^h^NL8>98)&W_1xz=x6HW_kKjzT!9Qf5Kv}_gq66V z6=m@4>*?pBu*`)Ssa$Hg%r!cORe)s*B`P=i=aK0~#aP!u^x=1!6#MmzwQ@{PLyq*D zVa$60xK!Wst3#JVr=u1u_x_;f;6 zwM?vg2X~_x2T_UuJL`1?Y?+&J)!i}90LH|Erm3H@5XZBIPZary1q#>gNNj}snxf#x z43bzl_38&G3TDb3H>ci^Pv69H3S&Eb6%zayk4TnG{}mc3#_Crm&O%SOB)@eM%@A1jV4hs4@Gd2)v!zB8J0J_8uN8w4&*0kOj)Bx16&*sUfEGZ60}P=UCosNg z=MnS2Rx?f~_Vfb5i<1=Qz6%(q%N!&<{|n0&qpM}W!b(i682T|n4Ng-W$WQ<+sGwDU zjU(v!Zk1^XB8ibx-O}2hJE;tJPEKUZ2&s`Z*oe*2qRQ2Uo<~4JzKc>22}ha1b$j7Z zMn+1`L+7C=r(g&fRgi{QS^W6<;2N<$Xf(cq<;EdM-zCq@itIl+YtC&QC0?C-{wLhx8A zv;S-)^scNXZPFprvZ^zg*znE=3f1`cr8eTjSD5A|qa&R|8D(FM;cRaMxoY`2Q5LR@ zmH<0s4yFNH>;XChWehmN&vWw=BRn6WH-;UD_QUR6_g zrMeHpZ!gyO>9xWQ%0+>x_6x52p-c&jSA=%)n;Y%95g7}Dn0LCVlPc=ebsg#ozbUrIxmV14iD zK3EP3E_H^!!+_4KU}i!HAC`l=Wxf{=TjU`Y({{ch53%f`)3)o;Pq_(a=vzniPq>kT z>Yx0G9f{hl%78wvf*DlzzrwikA>ff2#)c&tstgIwv5rPtNguroe+( z=m1+^g239_^wHrclE27X{}xZ6aF{ZQY33F>#7)XT6@Fhp~P1Eu@n~#*NEdNkD$F3-U$Y>FW^x75g_vx=1DYYrNB5k*IK?Zj3Gs)+_?{DlF;@qWlK0p11^5F=}}gu zWqbx{WoXvz@(#Pqc?V_X9So$@%|L`nMKP5q4A>E*d634oouD9BJfT0O=$J}G=iX$I zpy$1bTEgBu%Sf0ZiopZOO(}=QvCX*x_}Si9Kf`Wh3q(`3r6J3HD>t~b>pqYG>lu)q zatj+b`<amOpv2%<7Or%1*c zLnp_ouo3S`y}*d=gieE%!5YI)39V`vc}Uf^T4;d_B|MZ6N-A#55QvHB^8N-O0Bi|i zwPC7l%f{uR+|{9ljIQt&V-3rXYH&^#ion_J`6}ii!$S9>DEJ;aS_fpxuOmujgF(;e zcH@Fbk>Ic-CCNpD9Vh3GJXj;q67Yeq(nJ#iYSV`MtUUBE12b;=q64+Bc#VOL`f~)S zZn`ut;Z^C<$R7L>DP#GBtaF0nR7l2kX~tp63Yl1H8dDZgx_C4#C!a?-#eQZEos=mg z9$H3~eGlE-MKl?q?A>`0%7))yD9Pmx?ohHrku`0pAuIXo4B35owu-1>t#m}4O^~9= zI!pRiaiQer!oYTeq3o28F^f=zgp^HPic0q~^5nS+6H*}bd&Gz^=b;N2D>|v+d8(Tb z^jJ#_GErelrXa&vQj!7&`2`u}QM6;yTFww{0Vu<`m@?}`r>}Al7i2t1qSWpLde1ou zSc+RHAFoiL-{%G_5Q)b~afH&E^8d5g04oA*Lg}iroS2G}yBJTCIINKrRX`hmt}1f_ z%SJ+1NQ*6@HaSvxNe?mWgC$vnFvB6XFCEk`ykO)ZC9>%8(SIG)+O8jhTLrs-}A^Az0p}R=D=|g^-qa+@pp(P$9 zh@lhWsFkS9E%B^8v{fXYbQTZG#N=D+6tF7pa?$yJu~Y0p>HIWm)pWM#1CfD%ZSmtS z1*jV$AB&YWv@KRNkvXOy6ka~KYYIDIR>%_Ax})&1gCd%!D148$DI@~bv6;u9r=_(^ z3jhAhE-4&EAyAl=#8H@YuI*?3qQ<}ON7VcldJ9n_Qjz#s#*?q5ki^XotH3ZIhw(5^ zjMI8XxQB|-EWVEW)FAdOr89Ueo+7LvYV}z)JO-QzU5s^|en8^cBn-ksOqOeTnhb zN<9N8hckeDRINrdDuIf(VHQp?bD$Jia14RtLQcxfNrjvQOE?mTmGV#)Wphd=_+|0@-n z_q_6*L45=b%XvRC3B+4JQu=X6$YO%Ji*SJiKZ7va@IrA5)O!L`!d_=z zbnuG(J9OWz3e$CwRiCy?_uZP&P8Ulk)39!Z)P~tK##{Prs$PnndQnHVxF%p~G>CL! ziE;r|$HerFDr1akF?v$G7+`=*T1dwDTS@h=XP^#c2#4 z)Fy}Tfa~%uVk1}$Sen&CHh5Ji!#?JH#0j5S zuKW0K%p&UPZP?R;H#jjsO?U!gre_B8j4>MpsKh?(uzUkUL4*`JRe(pJru3DXF*oTG zd<1AOYJNm&)*q^ZPohwB;C0Hs1h^w3C2yCKBMAeyWg>BPyTN&?Q-#T}4d)SkP>vd7 zLALAJ*&%(XIWmZZBZZ%!F`T0Wl;pqTozDJ5v41Zm%g2!<44kZ+^Z)u|Oc5J808Oc+tF{<-v*u7wTEaN%(BhrWV5r!S$x!eLG!bPb z`O7BVM~Is7L|F#d;>ZBaKCI>-VM<90C6{=M7b2V>zIstv2BTacj7U*eK+4zwUQQ*J8;2+f&d-NoyW2rl2*>NTpyq|+gs1K|x^c4DBa0DR_`(9{a zE?dyO543c-(^3^FZ8}n?NlUUsU1tU&ErFytxD6}GII)ngLGW3HBrbS2ofPE>wLQV! zICHNED8Q6xqF#-9q2`tHw&$6DYLcR&c3n}jec^7iMGjs|mlmND$@YWK3;6YSBi{HE z0(%pv#l;&EFV7=6>b4?I9F4Ra;N~IHP(G51TjLG`xnYqzh9{dO;q~8*?<-vA= zRpwE}^$c&Bt+XZAp?oP-X3ctN`FZbycUZ1~*hX#19unbTO;)#xVUD4gK7I zQZK}r8ZX5#5vDr9{)$s)oM&hh0xzxz1srT~C*3|)y2{!mi&P_MEJx7T_4X(GPG&Cv zNQAC|&0+^MnYIf)!N-umf~3y*htUam+eosd_C%*+6xmV1O?(9K7EMJN4X7{l2RaW- z)9=L5esVPUd*(sn$!tO*@nkvUL(F#~EBzQm;Sup9j|dbfXd>QSiaNyJW&!+JK~>oD zgTT<5N~urykhU?T;tA|GgPGCPZob7*o8_ppaenw{hw^q%uS$milg~jd^nSx$;cFho zEC40tNuccD3I3>%34p+yC!2FXsf16fp-8~5=VRFBL}K7PL+y~DlnjBKe(Ubn0lB+` z8%MiThN>tq_?rFLe*mNzrs>BN6avz0*ZCZMj`2+Ue232$@C1K6Z!w9x(DO#L2PH2`lH;0bW_dl5Or z`Ynk>AxoiMd=o8`K2n1qA_8>^hUKgPEU~KDlo4r&RF-Prvs{%c)9ZZ8*s!WkLg;^e zW-Lhv_{izT=%MAnwnGApu?4I+?8-7TsQ$%23j~70_j0=~s*EG~c zt)~S>@E6bqHjrWI7Zr*4q5~aYh$3gvyJ!uKxXGyy5hF<1KT@>TMU+UrE-gs4uVEJ% zRn3T^tGj7?sW!w8eO1{w`g(O$Iflu?B2=ZCCR7t*t5Rj-s%mRjBN3Hn*j-gWOTpMi2w&^V#w6la^x~tERqRg-U48% z;XP(*xeJU;$$5<;6pV=e7#e~c=aqixKT4B{EI z=?Z%_*@_^lO^2!pG$PJY9x(|52h2m(=`%llg?STlkJ!E zu^0|eohddSq9qFg5MOrU*QOo3?=CAs;^2I%HoP>a6Rh*|%W&MW`I|5W^qpCinv@GMeECf6ycd61~3(AXhsRac=~6($%6a z_SCa2Q7}e&VzV6NV47oQM&!i;CPV07jRAS zg&U{@((3xd2(BKB*=Stofb}xkoJKkaeyvuveXQb1C0E*uRWkcIa(wLo)TCMoHLFNX zV?K$vrwhd0Fa}b#9OuZ6h7pLy!>BdaE{wovmz6_q*1&>6ZesL7f4{K8-9KdC36th9 ztx7s8dbtrcAvgw03T4d-oLmhRDMA~Bq`bqw$X##Kr*e&I(5tIoJr7l8O=py!j9OgG-MZrFG>VG|Ki6%+2Q+0;ogrdsV9Q%Ck+@<@DMZc8lDZ#LZrH=d;1tm7 zdI72^aLQZzNRYI*vijQETBfeZ$8=px)!o`>kE$T-C1a4Z^Z8ThVL(2bM)rVqVZf3O!Z3KL9L{g&0q^8UXMk1s?E13}4AQ*# zF*GXSv0fL7y}QsJJtT7D%vD1&s_0e-2hPfQmccWaS4OfiXtq?d2^~1Q7vSOzXbKW* zk{q%`I3?b|3v1E(c@O*ps5SO%lav1O}4>2k|=Zx-gablCYG)Mk0_u27*v&Djs zhD)eztHHS|H2L@_ilCwi=02lup{QfV{%Dmj5m1IPWus1<%SN4092xM&fSMR#6;T=O zAzntcfT8_>wjdyh6HypWIM6Td7YjY8px2l}&AWj9CsEK-sLy0{go!0e<+w1M_LV`A zBw(4>7Lp%GxbNCcW~AILhXMES;Nm(1q|>^xUGait1_)xe!vtjjhz>-fWY5(O9or+{ zhiuc1`gh5;wQm&DIlWF%EYt$`W`A)NjLl;hIxrz>OuTW82Q>cv_GYxUH-C}9m63?V z4`7Md8!^Asf&;N+<5$9x_vMiG0S_^xdhAT2A9zrCDD2HIr18O5$>IDmfg#%7^mAZ{ zm-6oI4d4~=gk(xAP4ERd#0cd)L&U{?7|wil?R^H#_$C}hn$Y*(m57brD2X^!W?<31 z-vjzLQvY4(`$s`fGcZHR8q}YA>^kZ%@#eu~?QV{_2U6~lLt3Sbz(?(1m%fPl=W)ez*o7t-)^36lS;3A4vB<+AjRqB!{%kJm78kc_);dbz1k} z$MA!GA(kKC+Z@lktNV5wv@QY_ht?>FvJ^2mmI_>-M<5VVCTlX-9nH{-pZozgusT!PhIy!X8g{u6inAky_bN81Bw zFUVoQi!$~eEnU}~*gZmybPetm%b$Zu*CU5VNtY|IEMs6fb2u#9nXbT6Tez6`^55*w z#>AKCwwe6Y_wUa>@VSVeheWGHs1?AvaRa0dqOk;C~NGTt2>Ut(he zl<3+`yTtInv2U59yKlk~jQ)qm3dX?{_W@6oU>vIW@+Ps)T@%QG{`$lIUFa7kxuO4| z%+6sP&JUyUwzWE|B?lNZFqyJ+3#Y$2kdVfN8ofZEYW(ti;vdZ|SqyJ>c%zokb ziaj~ZDxfnCcR=EnnX#upO794cM@gm{{I6iA$m}m@7;|5O!mcd*0W!W-zjZRc{xeL* z_lA1O_*M)9?nkL{!Wew#Dts-D_xL#e32->_jm;JAj|{SuVUvUe>PX8)7fZp(y)S^dIf|iFcLDuwM>G`Y1-$7R3vuvxp zQ(u!Cm{3!V!cOhg2A~+ht2-$~3iZKPJImzG%U~a!DGp;H6AUl{N zi2`Y#3ee z8LDld3xLIJ%*v`k4Pks9L7kC{<=6!<&rL(dt)N_m%M7gX##e&B>C^Ma zP*R|Bz5-0&47ot7IN`VpO3W5`z$AO^(*#0`OsHWmfe zoHrO2XwspX_gK3uv%xv0$88DP7 zzkovz-;)q+x_=T8|}3>v-a3qZ{*j{e*rq=xNPWF2~)v&g*B`L9WWcM7#u$ z0V8tMKg4b`vucE}+*-r%!l=kk`6Q-s`dMR72eykiVLO{NY=WuqTx0o{;_F4BV-P<@ zyqpHvRGbr6vDUq+UOc%18=7L54KuG1^uwmJPqGO$qKvEGP>e#dsdwGp#IZl6gf2j> z-uY+yYWC-h^)M{KF4LhLSoAoob>Z+P6!4-zUB^9R`^qjn(C|RcbqS$kz^b~AYTVU& zzmIo&;%@FTY+|t&w3L$_Lev=akQa`jn?bKH?9<7pN$gYT+OA&CIN-~h&onO|PY|%{ zX()}gbUUxxGbPB_LC-r4dY;Z=#8+>&PpkNF1TLw2Mye=DxKIK||FU?QT1}Ecl~1?) zbm<~)x=uQwh_pL;w*MxsU5OUAx{e#i9w8JBorz2{>^v^%J3|?`L`5Unv{+NXWOKeG zjScizyq#GApcl;m=goMRf5hKbr*gjCb>3mlgP!y1OytX^h=u**R@bMd;k5OV1W<_e zL8pc_nRm?k2EMjA?lm?^!m>HM=KbKHgdN@94PiYk?QT8pD>dp>L;za+SGLF{sGY+T zd;9fWQG3kf0Tk^cUP(ro&_a;2u49b1-VfajO~X%J$2f2OgK|=hNziy68jmac#`ECN z&&Q?9o4ezoU}4sF<;*`9W3qJyLG(YbfguWQX zsFcmY=t@L1ilGuGS}@|_x-vG1Px9bnJ7wvCw7Flsh|ltrB_q^mQ0oc-O2h7|K~bwI zj9OvkS-W7jP%X@Y*b4<}+eny2#d^EoKec%0kIWjMxvHR1Hqlrh?`SoG1hWqQv5l4L z6o5z9MG>3JGH{G=P7AYYxut?E-b<(30B7kYF>ms! znr}`Udu;A9ge9ePlx5URForeM;iJek-~4p!;bNW9eZ?chLX;R)xi6bsMdf|6I#==@ zuJII`7|m7N2Xs-P{m{9T@7RDf2A{CP2hcFk1wN1;flD=sxPndM7BFGFk7gl?oa%uO z8dSjnt*$x_(u`1@i#VOY+eFPkBoF^XXgYnQKTj+<38p+eiAD#OHdulZ!r8lDSJnaz zi5Vto@xX$uxwDz(0$PR|l2ch#P@Z;en8#j6Qz2vi$nygJJoOpgyUqboI-veW>7(c| z&IjIRkQP{3z#qH_Qv1MP_TmAnBEKdEu_JhR%))j2>UkeD5PsIw9w$G)rzxq6U2g~h zwsPqBYlxShaXQ4C+9kaNPI;GJ0`n~k1a~y;BPGgkCxOs`_>?Rdh8o_%1s3b1TsrM( zoGTJT?5I4){WIDZP)Jc5C@yTI8Pjx4x3|Gz@e;5}KhN}@P0(U`@8a^f?HM-Igusc* zTOcm)3MyjIGiB1{fCJuc;-{*0Y*&&;8-?`R+?G*gg?<5yBfzk=Qy zG@=xBbJiF(Y_5|%)?gj2#*!Rq(kHzhd}(vNd^<98rIomyP~gK02xuj-NI8P3tU+b` z<2j{}f03@R#5UnyQ~WCA2~H}_NwqpTSRMAeH%MOM!?Qr}$6N%D(ns%%!ai zPqu#98D37o$K>q3{xvH5Dh zp^0RBWEkkYP4q0H$CFYy33_@pP+0N6JHHhQb(H}Vyu$qudU|IGp8y)MRUlNrPR5BYY~dLfcX^0BwOBPS=_2V18YzyJzJ zW=Pg*3D&;xMHq7$a?m!97(k6nU{dfx1c(H^v^=iqhCO{Z@VWFB|>R6RG%)g5dlyQU-r66KtA?$C$Hhe zCnrJA&o-7o9+F_XwHV?1qc6vLeQ<|vHRw4be7!1-8j_`}j@N{DT}j{MD`TaPNKpES zKm>UE)-yo#hbetg^d1L85FgtCSo;>~VS`pAB#11z42D54u-OzKXaxPQ5-M5LB>6ZK z-q~OM6mh|?XRt^)A5;))6=G7v%h8@Fe}$Yxp0TO$AMD`(GgRhCV+_3Geg;_6X^Y|H_yZxx zrY*)2HD1=WrDN5b&QKvxIUVAFe^iG$#U(E1 zzC9bzW14gncD%;Elxz4ApDKLB2OSh_-O1n>LlgjpAOKs0XEG>&YU=O>AA8Hy;$TM0 zA<}3Rzr9oBi&t^@tkfAL6n*G-@!Qj=?z>*@vk_h}z1l>QC z-Fa%e?Vm0nM6eMndBlp^rhSOifT6d3zMP;_xU9_@cYV zkZ_PC%8?bck_bbpebHtTO_sqrwhhjfh=xXhQt~glFUCzpf2qH}8o%Q;T&t3@9 zQm$bpn*=~c1&R}^ywe^M++~mr;K*PdW3f%vp7*(mnbd6AcY&3;hVu|=SZN}@rP)8L zWT1&DCs1P)JS78{7W+G_J)5kSPQ0^@EzM;EiP%R;fQM$PRS^W%{^gqrw7dvtbc7i0 ztGl0W2Lxo35L{`KbtDrN5D3z150yl(Hi;mL48)iOj{f#8GOt~-H<&W>Uc*_|sz)DF z?YllAXRByurTZ)6aAuz%CBmTs*lmiI5=`A9oRke<`NwA>$lVDS=%U_*DaHA0zN3(f zN~_P*X#zt!l8KBZm!YYV6b$%Ir-WvkvY}naOBVV8U9KMxf&gZLkVYVZC20hHO(kGv>J7q%B0`(|_Q~V5 z0caGMIT8Xi%V+?AigXv0_Rp5*QQAM{YBdNd3NF$Pxe)>g0daxKj8TZ1-`pC00(w90 z9wQx5dVkpmrt_qfU-+PSCcDp&n+p1s-s#npVSJ_D8OFshb`o(#v<J5x1a zqQNJfSVFKD>Rgo8_60yUTHD+89iM$SP91GmB%i5C4sD-GLILtp_Rpr?D>}yP+`zS3 z*|F(@wdW(NWk1w+Z3#4>vLtaW0W2AaJ}>6IaAG@P)Y~=XL;`8yy7~)6E)q&X-!o8w=c@+0_&OpyiZvhM1n$ z`k)|BKgt@@a^ueAb6a{F>C&}R**8k1&4 zKCbGs0y?A_clZK`OhPz>p`lMvY+~2NCb^5*qe}(fTjT&dBJqRdGv&jBbn~2B~WJ4BVM3NA27o49&a-M|7$N%&p-ahDcf5Lj(_LJh-*tAE*L; zL=5XK|J&GR+VbxVKM$sizf&_XK3*zW@3?+(5Mlz9y$?S}Nt(?TxaDG@D-fvRO$Gw* z;>0`kc(x1vAeve4o!U#FsG@zMZbEe|WfZ6jxCMpNb7H7fRE!MA(BMus{Xq_!7Ai3W zus>s30;KZs_6#--)v?62syS0KG#uksMf+0i&-E@#F*6}|P+%?!tcTArdj>`? zO(-wsANmREDGJ;8m?`pdq!#UW7&~3IBy-atp+rJ6 zRJzGtRU!mGZ@3)JR);rF0HuG+o~ina&^zeF`=gYTR}ksIIjE2DUvyBUq>O>X)i?Zz z(sIX1s;CW`0qC*NBPo|)C8PrQBBhX z_8J3!=(1w`sW78enkf!3l!c7XQShS8x`XiwLfM#6h#X@QUu!Bkxu{$wi zYVwCGq9$o%vc!Z0=D9t^JRptu2wM|NgkbJkI=Z{B{c?~2WmAsA`IV!Zqlk)%rUhk? zN5Oh-ICBX6;eUKBf#&G4)v@$$L&yz_A+b6oeA!j*IP3gG`PascSH4OnTt|fmneCix zPFC@x0x7WT>Zpoj(7nx1{_!!Kn=#X;#}*MWgI-(6YmxzwkWqn^xFjA|>#|m;Zxx7A zrh+JPfj+sTy7VL-9{m7aIy+M}SN`eGd9PqK=f=<(R6pb-1W)9nPSuWlROQEEs=_N0 zrdXG{;HXa4da5v9-kHSaHJ9TTu7 z*8Yr<-r`H;YRro$Yy)ou$jpP{O0WQA8{lje4HnnTFoM{OK0oyknTv;Cz0WZsP=LWH z+|j7WgTeZp2*5!Y)~|d)HPQU*U%8lY(st-jPkehJoMgU|LQTzEQeui1M+F&yXZkCv zXW-RsaR$#BI)#iU(=CwEA}6K8m^%Wa&@5NH=O_sEMA2I95nudY&@0cL^AgU1H&#*2hiabsagGp6&v02k_MUMP7@O@iOi}lEc!gz< zJ%-}jR`Jd7%nd)wLgga_GM37qV~6kda>Kzd!G-+u1%BNsQIsgCV1AZ8J17|Os=gG! zLD{Ry$#2!W5?LUt@GjkDMjUHOpkCmiCLJUcOe!*yB%kDbli5WkNjl^_9(F_ZNc&^6 zRx-RdBp2Q zlwKG2EW(oWuCtU|vq#OeZ>d)+ZINRQ8($u%&KTGIP<6tRgWO7@VY~U0grar zYw$=26?;Lji;zzWvejMyCtWz5u+WHfk+1_Hm$lOc2oZeg7YGp!=~q15Ws?kwVz+GT zK*^mMG1-fp@RPmpJVL4@VB5^KJzMUwC8e^ZCMAc7#+|WtONasa41?2U=u2;!3u5DcfjWqbh)VF(B2qDb^r>429Uzhdrsgv*Ud-4 za=OaiMjd9EX_yT$eJWfUD`XwSt(Ye$+ocNSl%?2`V<~ohc!?R~qEWJMWGm0`P!8Z# z^Yh4+0Yy_4s@=itnP|0_W{*X}g*2HMu~V&Y<7cw$Q2|h8z~eLoK&>RJKHT(%OrvCM zRu{o55V~e%eZ58IJ(`VdHwH=8KsS<3HNb_btu^#zYpAd9`Ij|U4|Tie zYD;Tv4ku8YehV-4A`oAYDnz(mb;V5>Xk&nuKXlnT-3FZn-U|4z*RjFE-o@V8DCGOV zVhNcjx_wi=#!|^q?%26B_nmKlvdjz=UEuw@+6Oi$8M#>BbO;}v)dxJ>rw_M{{anPu zJATOvF87pw5WNh)cdCUi-*m-XSIlbTdnIAdVNi3A_^?s( zxkvtBw%{cHG-se5dvy+SLpj0|ljgcMHfTadL9*G)^U7sv+Rcb3T(DjCgpAFUl+D_9mkTV!^it%HASA0JP zU4L2{em^XrD(Hmouds`mN7-RFZdGKq?z&fkja$jW#e*X^1S8f7r^*$j{K&PHtY5i> zX%obs6=pvC{AS`$(`)oV4p@8%R6^K}tF`m%T+N?Kfw< z-B{p4LXH=ibDVDEuB21?SS)?0n#Mv^s_xwM$95!hXY?eLE7(qzvVStYsa$f?4lH~; zHg9#jt%t4uhz^-A|3;8KW&Sh5cxSBRG>cB=c|)TPQf6>XsQ!wPNf>vaCY6S>obc4M&q zIa159_FHtDU9^!vg^|w>QYaaWKnT5WcjJkEJq&V)HiQ*howc*NO1PZ6QNaW^9H@~7 zK{TVHj8J&oUcPM~C`h8YE6VEvsLe#Ev>y@WarBUBww}2;Q>?VmM1p0z0DGMn6c?S! z5a7rh^^_G3D4BrF zn1zs=a^}Ipv?9;z!&<+@!63`XKo=A zw6o1(53kETMLmmrwM8%t1_K}?L-_LWjx8nCZ}k{k^=mxFR{cU>z1dEMt6*;=kwEHV ziC*BsoXRGDQ7<*P$u2BM5#)k7bH}v*OA(~;PTEVAt%-WM4(GKt2p5S< zBq>E9F~nev(E$q;Qb{Bv3gpaUH9mCBRk8M~tvBFbrN7d}tLlAj(4yf9rYPF`oU&hiz5|gz`PC0pGV}A%&f@2Pd$^|Xrhko zvAMqji&*>T)fqw6rpYQyma01JWX#b*J*pJf&~G#17I?LJBQ8UQ2|==oL2W$zsXwl- zluXp@$wWgU(;uIF=VZza`(U$Z62X`oUj|WRtb3LgQm1s<6v`5~_VMms6e7Qy-!1RS zi00?jF)(L2tLNGzCy?W#nK_cgC?#`AdF>0hvn!T9Nq4;6PUR-<+L3B}XiRM0vazhr zoOPCDn^Uh5-)dNyKb7m~<*|e@B*tAUr8j>Ug$EH(tdiSdJs}@cP+O%$6kH^#JbuC+ zcQ{6Hm>O)roOQS$BZDX7xAoL`U?yA8=q)T@cia#$$0pf-?pB>Rvr}Gf_=p;{N%q`$a73d?0a6gNkDs7J>PzNSKa9^V6n|z^PNw^7VCWa;Rc{7 zSRbH?hlBhmGlJ?lIze`KiPh%wNJy{qEuMBWSBj*?>Ck&daiWFhj;{~ZUW@*z4lnfa zwh0y#@w9xn>j(!7bT_0pU)a zg@Z5t*EU5<1Hw7)ys2>c095_x-m`B?`>Qq{cas#gzx{Gekfr3dE?C4o)i^fU-CRt!QIei;yuELQjh&pl6)6^rvT`N}dHC zo-TiFQ6%7cUNVgI zW-O-qHZ6k6QlH#s0Uu{*w;Fuj&^lyfXn89l2+|lucE*!7&oTnX@ZWrwxmgN<6H~m1 zj%(C<>c=$~YO$X?z0{}EJA9gDp6^a9@Tug*KEDw4nwGj=6TKyqsE9z+XN*qoW+L7L zpl9*1@p)EH?1mZKNn}8D2jh0h%&P7=Voj%^7>!l<`Q&sQ7wUel{E;(6YN(-5Kvn98 zTiEcUyVT)QJU|i!acq?ZDR#J=V)_ar1-;7KGAA@LB+)3LcbbmKJ}P%2s;HdTb{L>O zt~ETdI<(l~dC@E0H+mNXe(2ueLuE5uGT(se)TgOtLU^LQ47jw2RoFQtdM(<5rZdzq z$~M~o@PbZ0Ck{CjBb#tTF%xQ*8JIBBKuRAT)KF6MMjzQ+!%IvT&E@lDm1|2eACQ}dX z)NFcX9HsPH82<5YE%Bl@+nnuNV?1{Fm6AUClslxMCNdVgT12OBZUKqUHUc4{7M^sw ztEwV@G2$|Et=s47Z^szrctL)QO3QEl#yCDe9K%gtdj+b7SL}dpS_vHW9rmE#)u%$c zYSFGrwBw)h<8F7f|rE=q6r7OOiu6UPiV03o{J>|_KZ9|(*7|ap3WeKKM z&ixb**a1#$;!IjJ&aFUFX^sgvV3-b9S}oaQ#6h}jI}1uL?gDYArhT9%Qw)io*qn8m z&XM~VkZp^l&$m3ea|NXKw-wU|qwUE&4|DJILEB&@{ofdiwZv9Adk~p|Xm25RbcC=L zQB%1K%TgRtKev;ifmr)`P}7mhasnE1XK>m=4`$p;G2|bYn`1^UfXK^Y>6`3J zKLws>Ynsr?PF%hth~2k2SiK5P_XM$~EkSw(E3O#=@{2s~w| zCZ{yWRcH0P*hFTeLiJ-dW*el@(uv5q3<6$Eq^1y5%9x44(naRCBxQU%3MbVfw-Xt% zoyF>KsTzLA5k^L>S;K4Tg~q4_KB=IItPz%e)L4=<-Cptn3ReXl*8b5QA{oZf8T$MS z+)iXRCNirM+n*DU7D})(n^KwAxu@6c2K(yW@Det539k>(W?DK&C&94K*}0+nCmUb8 z>bDALZ{nd106qopl4y$O z_e6;cWm7#`ovlhmmrrRhsZhJ<;-j0~sLB8tZa>jpP+G8YHw@HO>6m(gDK#3&7_nMk zO5%dD)na(FF?=UNkpzh)hD_x1M>}(7f++2)vROXPZMqpf(A)7;h#EVMPM{tSpSe{a zH(5*(E%%7X6fsrvTv-d3zD(_dw^Tck8MGG7#f8ryBnpOaF=R`JC+NH}flff?0APP`gwrk8_&> zY=}HSM8-N5@GyaZsgB4}7RX2Z5UpZRkOmoRb;oI(g?&B`;s}gEv1&D5zJ+L5?^?@1 z;ON8L<^3!}rb*16-aTvbvvECOYP)q!9g@Vferq{re+~wVksG@I4mBV}H2Qw9$8D={ zg1ECjq(-UDSvf53>3%3g40A}z9)k~d*XLd;!|$zhy)Hx~>Q2cZpfrw!mJReXQzHIa zSGN_0qc7BDdG6^V)kLpD5=5JbvJT)Rn)TtWCTT@;BoL^;12fq<%gO>UL;}^aIFNpU z=MtG4!*GFv40}1>UmJV5?leT{_F75W&Pp`K-dp6H=ggJ0ToQRep=$Di`87%t>1u%qM$wK#3V5u{Jh`zte&&b|RWiC=;S!0ySQta(gIWXFvxx)51( zQ6IjC)gBT)C!yX2MBhRpnw#fGCf!tRrL4E|dHyAFH&_0p1{W!rJ4)onut}?2(#L+H z;F=&w5jN6FuP;AJU(9;r+RsaiC88-7Pm`Fx1f_dDmi~+GGIxk;K2&-!_u<9WF8-4@J`KFW#{Tyej< z`9XJem%F;%6+d*vcU>{h6**VD;fm{A5xU|ES6u1}-`+%b^$Ay8@)ttl3ro`J{j6_e z(s|ta3($b&Y|FJ|ZA_3IzFrG){u;!VuAtYyKjlOB#wGZ%re!ufZ-RN8Ta7OtTgyX~ z!QTlt9x258_FwkL@e_kjQ4Bs=G5F+y1yx35J`@)F7pkhvgLXzH%1IbHoG_I5Ey%T& z(OvP~G5qk{Dn4QEF#k$dScSww>zh?g308k4bSXwd83pE{*?X5GB|^*+<_aq?pFX5xAz_sCs6Z z+gfAe^G?wbDidzSM&}zxBk9EZ2|6V-cj|{a8q?8ysNSIJ(6Vi@IW`&qTU(5q)Mh+1 zm0R}Weo}|Z@PT)`dcE zklc3cxBc=`ilRWI%gSibEm9JZ86cxvwjmKIlGWViW4XcynN|7ssr#85a(umWs=^)q zNBd_S@Vx^6&0_fxC(x7$B|eb?rl2*0|IJ6S_Mh9k zqPJ|B8EmIB-oUol?CsZ?y&bLeu;uRCg0dabf#S{ql=k9_V=(brn2wN-WtL`>06s zhq|vPUc2x3Na56O?sOloee=5of}3^r$xyRXH0%hUf6%n8AimcfQ50RtKdD(a`yw~w zd}}6hL;H@KxBj|c&2u{M zbsK@|6bx9hD19lR%aw=6^n$s~ z_E(OVP`l8Lgm-dFvZCe{3g+^1`E3?1s-ZZ%9DZ!X%U&Mw@81$H%^50FglJNGZL@_?-Gr_ zlkWU6me$DDxa_Ex6OB*D(v$6Cba(1NQZK(pcP`*YQkMHnexzup{Z!q_Jebh*_!X?8 zCn=*mmS07m7}1p~Tc?fh-P(THdL^a^XeOe^@Gx1&nmE5F(dr;K=v3opaiz^C4|fbN zgg`}xBLiaireF4}ypGX(#4C_Uh-|tH z--}+R6OuY7kBPDsO!fJUiGwkU*wG7#`XA1+tj{MUBo_=ZA=x_EiiEp*?ipm|pT)QT zzm=Df|7Y^@p+ob2b-YWb&wTDx~sdN-UoS+FT`J< zOP3SpVqXHeq!u!W*L{)@f&~%`MPQE2q@t#!6Fz+Uuv(g9(ofWH=}$jdw;}v8Gi6j? zTo0znQTjueazj=gBRcI7k$mrF*;Py0SVZE7^jh*)%NIWL6eyj#+1CA2b<4=O z#b({e%VUeO>woU*Mm9_R{t}~E)O+gN8A@f= z$x#)* zvU^bly`O!XXWPC?#7D`fekZX4owgj)ofLn^ChA( zKq4)LsM32tS7kTW#^!7rqBq$WT4D1E_LM#O>~jrP=C0t$BeC>R_GEEQg}%#8e`JS7 zlIN|^i9^Ry0~#UA0g`dOknUkR-TvH{Ml^6Im90qFTCd*?*3FI@o!lU8Xgie~_Gs1z z?a{m%En7)t-56(Q)e_6T=6;7!YXu#|bk3{# zD2HcruGUyL!QUn$j89`F=(*hb`h<4j!tF=vq!I=suTH6 z*kHve8&yzAB;91e!X6)p*fgp+FEBE#%7v@-ljp3mJM$coFh_IWQ^BLi9Q_ai$gJ49 zovbWU?7rOzx7sohYeKU~TY^V2cjhuhSJK>#FM2bP9IKAwL)KlxqI#2XU(3#1Yz$4g&~ll-C#8x42s z?6D}ssU&iA84v%?fW1sjAWMMtwLW~o*)hxki0BIrO@1Q&=Dw!DK>&Z91$?Tzyiv7e!RZJ%>;o0U50ryJc8A& zloeN1vc6TiaE4H(mXc;qd6G<4OA_xs zIZ32DMRdWyL4DN;LbI*(*i)Yc;vNB!pp)m4B!`&8MSYXW!T|yZm;5hfCZ*DbLNsMz zo|_-V%c5V@a}-SlD=NFd55l3{!VK+{FOcuiGc#Yji04`C72PjYGlK}(;^9HR>zCC9 zRu=J@K(oT9#Y)^RWxm#&NwB*>eh?R;x)$P^PO?TN*W#$I*ZFI)D}ScV>hwE(m=vm^+;?HFlxT^d zL{aaelu>B5a&cjXn%F425x4tG{cJ<9uObgMH|CurwXi(lj0bzmelqnD}aJs?D zA3NZ(o?@N_T9+my^S63ss^>zffm$mOP<@=~t4zYPpiHV?7p6>V^qnYE&qgT|Ic8}T z%5?evK$(P)tch?D0fdW`Nx0+}d1acZ|HJ&L1Q9?lgCh5^7RecNHRy7%(mC;Mr64aE@h z9+lyVKXO#S4Ex9wv)fi~Ea#0@ncwar`^Qaett!`b8PkwN4Hp}K= zLyJvn-)GNmGMK#$obNAi0!5=o>kGWmvp{x%k8UiNRi?5S%2FluS z+c^We8sRgQ!e9MI@R}^IIA!1Q`o9Oi#VqYR1mD@!{HZpUABm^GS;tKx(){&|oHNR@ z=7@g#zCTF2oFaU&zOV7Yhvrx+^Ho?X>53FXURjD!Yo&{mrRa)R^F3Owl`Fr*TB3i1 zC!-59j`2JV51&|U=^ZqZpQFk%3ZAW#X|8p=T&uuFVi0CB*%A#GJKGQxy+!M@x}nit zVpH*`Q-^7L1P%MB6tZ)&1Nj$UrzTWl`YEzt*2THuGg6AxN%C&flIh)pyR^gHPSJ7OG~zQ&sCve!4#$j<}Z}C~%pBa;Y@Yw2Rp(=LWfHbh6l! z@lMr|o4&lbqs8~QV@8n{`tE2ktKC+fu}zK;rosWD$TV(7UySV08RV{|l6#Cq`YxWA zvXPtfAGNw7;oIZ!P#%Y4cKlV-q)&3iM_qB8D~@r+@ek2iy^xJQ3kjQE{nbvnA?vSx zSACtCFK;#GFjG@yE-IH=kQck4OIfOI%2I6$?|wrkm3#?A%M+8;4;ylp6~oR}A^wUA z7}FLjqZQ%UXel|*rx=wwYAWoy!-a_uqSCGzk>UAo0fYI%EO20&P9n22m06z3Jd~fo zE9%KqsEXX6i_Xpso}{MC{O6*ObT}hciyyY;vr8YI%)80#pyg=nN_VeqrQJhmT*pG{ z6L-nBR+LpCyA;Mx$>mpVc-?QDqV(x?xONwNl#^Tdc>EST^q?&$)Kjjtc~7Y|wNWn{ z5C!*GZ@Z0&KqZ~ekWzEud`6Qx4!9=&F}5jkt!AU586!ZaC-p|WCUuK&Q+8q9BkZ7E z&`k>8{g6YVMO>&-z2+>SpEd8CMzmXjr9<3MiuDJ*{0rk`4o^urE<2Qw1`Ghd&&e(@ z>L$@V1=Htbf9$FJW9xOCooQWGadu|MVBJPJgQ^YW%%eJ)^4$n0P`(@Cq)FX~6-$J+j}bJl7wlb}Fka-c zj#VoOxy-ylCYqTAg9H=ZfkA>v-WJYH6z5uz6C~AWCo{}%$GP$1oF|8A~5gA#-|pO<5xS-<7fJtBKh1 z1G%ThcgPfJRzpWLhdtzu+nAh`%?%qhvwd|L;PN_A6R;+8pC#g>-^#sI=7szcP3=Y^ zn}rkIJJCiRD^(rASBl47!iTy#DHF@OM~}-5zv!IoqNgVC-8tFCrqM{cX|!Yz`+>MA zgB3^VkxeD5jQ`xiEhD%xC$-^eKHC~d_=JYbUO>V~5+#3y*{2R(*9&kk`*6}|Lft0( z&VZ;PKo%<`rPaC+9zGuEV|MUCUc`_$5)5{sp*O`hcA?zDHcPVji7e@^L3_v^ZFcj3k!*nfINI)`pK=_H1!YmDTR+%xn^wH`yac14R;!FrJk_w}j`3^lo~_ zFEdYEre&MHfNG(Y7&jP`grS{Wry5_5wdFLS97=8zjd`(w7ew=|_JLTWcnrp1rJ3U; zW>w2JV_R$#a=g?WcM#?lM;5;?$BZEuOXHX^1XNr*j$^KE&oMPDRv5SnNfP9G_h;^%;$~5MKd?36y1peC$8!v#Tb} zwN|^F4dh;@DkIvgu?ye6?;JVn<7p%Qt8Sx>F+ZYBB=psiu1M(N(L0jn_xaiE{n5sW zT#+`8xkcKzw%-PAK5=)6+&Id6+8F8)Z47mAb6Ec~O*a}xv@sfUVYD$CbMa1Tv%k*( z{eME6MnBxUk8-nbv@se-w28#aXcLLoJEhG_K4r28Z6aO5W=e+?(ThXs6N))9W#UVI zCKLTrEUBAysa6nY9!h06?}h!(RwpxE`bg$L2g+n#^Aq@WBY!quC3+rC&HB^y(TT>V zV(I5qr;mD-hL$BAmmU40>{=yXxYWrK-jdtYo&5dU5GkWUUPUITO=URxW+#}~p3>BZ z+jh01rrFH%yqXCrG25GDKxeL0zku1t<#P_$Yp?9Ht!`M3iY>meh}6Xh@+vnOMcVvo z10OR$p=RKe6Szy1I+mpc;icWyt@*4gCc5Ht_tTMy(_QP;f0Lv~&zvt{NE*84PXZjk29>G7Z=sev^eH}GwHV{uK3eR?W`Ji8g>33?tK z<4%2!CDuP1#O~~2-=wls?9Sy3n#HGg%jwJjB{9Vs#qg?bg&Et#nq2u=`|p*8@4ZSi zv;oZma|Fx&f`u9sfXKdzxoW9Ok4zE{bwRZ9#AHc9LYr)AF{ zU=}^BTjxXqvkuUz648i@jcBNkS^3B{E*rJj1E6jatTia`2>8-o;m#g*n$Dma1{9(W z4+WnPbu6x#Vowz1e(in-4xz=KLl};MPsDO*8=Ujdu}E!hm2R+oCjc1^5#%snzUacd zfH^N~sFFBgn$d4GdZE6SHXjA1%5cUj>eKrE6^+|#2#I~q)Gj6_Lm`K5G_K)CA7IK9 ztCZ+iW$u*E4icM3*GR(!wfd5zAEkp0SM<;3Dn@A4f^!pObPIdB1*&O+)*gDxCXl>p$vNokYoMVrKd zGg8XPnAN7B51dV(!MR1!GdUc%SKJH-a5EghO*kyUq7KO0>`bti3J1BtaZ#Y&VfwI9 zB)i~YqX?M{N0FruPvJS7d3c(Y9S;k4@k6bM6>3FXP%EN3y%Tz^Vgl9ETjdI0V4?4H zb*mwicnX2YczgWbLO-Qo4s*syRN3UP;@kal6<7?H9COZr#quFGv%6!s;gp#-JmRw9 z&+$R&9hI>Tw}`=MjaXkRpk%aPS67c&mQ-A2fchDj5b!3c2(s&lhPzRNtk|6MYx`z_ zmk_T8LE)H|9E(=Oa^o^>-KBce*4ScOBDCsmR+~EV1q)KaJq~Y_QmARs-|@lq8uJJE z4v4`HQ>%>t(P(p<1qRGVqH8%Qeol7YO2Mt5~GP8u!diR&=073Q7&EiupKLXx>DblMm-u&KuqrWuCZA`kBi zgCr!5R-PWzE+(sD(L{n5s5O1db%B387Y$rL?nQ)O(*brED6V#$g46bMd$7R8Q6d{v zDYGzHRjKa)+z2nmTEszk@oEz9T2CtyYpxqkb44xYRmgyaHZo||70`(cq9kM(4;h-i z8Obox6gS9ap@6|fRFS1}(*smN0VaM6PN!I0)Ecn;@Ce}R1w4*+yetjbY5(2ZW7+&$ zOJFrkFl!o#nPkzBo99%Ab_^lk_cDAyyg~qU*^B=|SYMu30_#4})u}eT20V#Ok*=Ot zd&vI(7G2{7SbKS=h)igelZB;5&-`%GR2J8tMHre?P)~gD3=80i@spXg`F|+f?|GD& zQqzyomZY|hUdF>Ij8l|U_PBpA3n>3QmA$2eOGlfH9NvFzHP(6mWg!A|K&sxZ61{2issNN@2R=!>e5R${qe#d$WYOv#C*CfbUt2#6<$k%bdhQA0rXc+(^vx z-`40MEN$>N7aHMKYxb@dob1d$q8IR9GpuRn0O<61>HZleKU}95EOMVb@Im5G`Fd{d(;uKfh=8Dr6Ar3cUbPB`W4;Sg5YpR*; z2D@L>=3iql6&6Jh%9s}R zZ(PZ06FqXTwRuYw)z#*WR5W%R`7Mw1%$1@AGq#s^&trbf!q@w?*E3uCwYDNrek`m} z^M;ltwtqq$An-Jrk;9tvVcm!(wqI;d{XRCi(uwV7*b}mwqJ^8-{-&SU{uqYEPi)8h zbsF7D=;9=iz(FZ6eLf(3;2OsQgvgu=o#8@MnY&86uf#gODs$DiC6->UA9QE*DI;BM zLlV1h4eK2Dr|k06zEiQLHHlp7NS0{4ZU~#%fx;>9EgS|XHMiH4Xn@;!= z-oMlVgrSU5Y;587hNggbb&pnWat&~&v`HI|Wxi14-d$GuDWU{fTkYB}bq3-tUE?$C zeMn=^@jJS&#G~qTgXY%tpYBP--F}0E1zrPuI>@PjMtx|?slaq>5SV$R4&f(+D}U-R zYY}FXrMXkyk`xk_tp=CHAQABD9F>G<@o?#MS8t$t2|O&gdJ7VZ`SQ{O!t3vgXblNA zsVSp5baM3c>CGhuM6Vhl{Z_jxg@)dau2Sp*v8Th#AEaFarr;f?Db@ig5!)U07^%E{ z4jVgFXCIY!>RQZW$kO+#@>})5;-`YjuV*Dne=2WvfO7+6(DP3F^sQC?SAXqS<>yT7 zSLKCKLFKpl>RoIU&08rp-{qgj4V>NiEF&3VZA(F658$H_al#0qG>OqTW!C z3QC$3@=c$|kMlS@cBA=+8drSyHax-(hEgJr&^taL_9EHedV=4@i-i^2IqL91+qr^6 ztz&mSD7|i6cJ<$+#Avbwg^|DSv^JueT`5mhAxW#WDGF9emkxeqbEmx0}FT_0<^mWwNRNI%CEi&WH<6~_Vgb7W#udf?3qvya_`*Ix9nAkn^?_FcjM2Dmz ztP^=S+u_St(CTE_3JV^0#@e3PPmM&4MU6+~wV`=6zE>7Xo~GEz>OLT<6hSM*%C={W z`bXb>)*@`i#@312|GEXF^rzpGOMXv@enat2JqM;~+%v{mNl)5JpM!@LCT%lUN(hM! zisKQR?E6U5qdt4KyjFlf(8_TC^Z(K#;j7Z-koOLhT=>_K5AzPwN_$S?h-|B4t_xCJ zWGnE*S`+r+_8NnfDv2p(xs&Dm{O|Oxim8_@kpSBO-98b6+8q(-xKgQ7jUs}ip*Tkg4-*RTdIlp{t@ z=7wE%%WX!DPTtO6AcY5rbzG=IKDxv{qAM4kdyy)454(R82*0#Cm%h6EyY(@uU^PvW z`T+JCY7!bix~rFN^e*-IdgVl~73lBv1lZ z!X(H#t=fo&QO4INcX-bPiuVMRzU!B!2&6dN{Y_a!ba8>7Oh+=`KJ%-^3e9;}9p0?L zZ4jswL6+F7^hcnF`%GO5s=mn{SjSHaL=)Ar;%Cbq_(XK{uNMz$)0PKe|8 zcZmeo%RdcB{_}HjQEp8NEh*_tN}3jwh_1Gjv}=I}4dIDYu9SLQdjK+CM(8oJ2Y>cF z4ol02LMl`~e5-&3(YVn!UMtK3qxs;P9vCln?y~~PT3W?Gtcvq@0WtRM``EK1zcPeh zx67X8j|B)W9w^*iYqy7T`?tsFyMy>ugzBIBn5iH0Qxh?4Z)vx+2I_D9810c8@@>Z4 z@<+zXw5@CX^gd~GK}5Vn8odxZskX$}#Bpz`&3#cx?>YNcv}?_R!tC1d=N9Z5LBqcB zgLPicmgPTUgzO_n+W85DZy`o`J4BAPIcr${vnEHPeY5^}1sOb9Ns&~P;lF*Nj*PRY zBbf>aFXZJ>vGRWt07jk4<^px54wLNKCy1Xu$xk$M<>tu97_^8hrCtj5HRvAC%)smo zR_=?F`qTF^D)zgN$BNzK<}7GUw2m#c*k<&ESi3f28GU+emgbD!k8h$y7o7y@-2-E@ zI8wDl3Hyq>S)ABChPrY}Z2o_YR$BWSv~1SJR@!^3}V-{HJ_I}*%{xCNWntFhX zw(~ZEJa2jTR+3^*>GkOc@^4M-KbLpk!>zj|Tz7eRDoS9hjDE9!|FcOLAYWXZTwf6m z8sR)WPSPUW4%cC!I(V7JjY3XBKdRMOc=H20&41yAl$?O& zJMHIs7+4$0c6LXH*;XfNp-D{9c^=Ua%s( zdp>*X&nUK^Yl_ZO`9V1~?fpCz!!^f>-Sp1)aUi;0MlZIid19Hi#mW$osZ|Kv(Wwg# z{Yux`Yc8#g`+3L~>${Ck?|Y-Tzx(bWH~w8@Z^qL>xuEN{AoiiI*J6hf$^GGizZo}5 zZdan@uf;A|##_gAXagzbbtP1v&X-$C$aIbsS&Fab&o{vrZT${nU(T6Gk7=A z_{f#VrZSHwM(j$Ych$tw>-OU&JY#~}(TA2@GT=;--iNajDu8ywk{7_mBa;I2Z||52>^lzRras^6te9@FD_GIsX( zp*^Zuiv`%BjNJw{zT^<^NsZW*%w5ry*uF(c?#x3a2;{$tHS?I}QzJ-+KbXoqm72Ao z^|%xX{s^sZ3_jZ`3#|{IA#zm%K#vYj2N1l3hUUGHeu! z`@Ea%Q*mJG-K$;N%DpDr<7>CqxVXu_x4=GHC!j1Ujng|Y^@%1p2$B*yU`c(_R8hAs zjD%dob#a%~Yx83!%BWeeuO1J-CWP-7^t5igP+PbQw|z3!<-hnecF*vEGv2Ik?N(r6 zB7(1dgk9imN|Mu}{A$feWu@ug%v-L>KTXI-beC1+7Y)_2>*Nj5$s~9Kb3NhES&rC- zCs@w3o(iI1y4Z@2Hz~xt3jaV_ddrS+&w!f#@zW>hnltd^V{()Z0TU*I)6_r`;*3X{^Ery z6>IwYxZI=R`ZH3r{Z7Y<4h4fV-CG>1%2;q{;oV~9{Kc=HvZO%#btdYKS90|kxfZ|r(nZjTE)pJZoTP*K1Nx=A-$sG=-%0(JzxPyRPow;AF?>=xsjcuaaUnvF z&612VK;3=unDol}v9l*NGXBm+jO$XFCz6?$v{&pXoq+HWj{ISudS$TW_ulX%GJi~L z|5LE+rTvn*Q8y>nznH4~8^;4&`Rn}iR%Mr_eP=e(vteyOY*B!b7or!Indp;qR7|Z z0Yy&laI)DSMU1ORpfHvM#;tT|eVHvsna%l+h%)Txwnb8bggL2*tiH4MlISYF&;Jhb z3@^XeoX_W6aq4gE>H>Gw<%)zAnm-W5ExGa+S|jgu?1T16jeGZKR~+Gr_jcgYPAVA< zDm{-a*HjZae|8Vh;Lqk8ITty#z@Itw@DYLrUqe-U>nM*sLG$og38^X*#(| zVtNaTsxU_vci97lIo!c0D6*knQY$gVhuAVZMJ|L00k6`9rn46Pn4llwb$%sPi-Z=> zVuP;UhIn6A$Y&vWhQQ2~!i#)<6m^yM-g4!OHu{Kw)+)fynsp}x&Wx9YDAj7MmJZp~ z*9e&|-b`kYKGcxl*N#k@t*-$L=jQ^p{L6}pa^=C^+c?^{K?GFjDA5M3MH>BXMcqno zJej|N>cW$MZTuePic@Zc!`kvG3R-%_E1izN?Ji!~D)@+3HmQWaR%Xi&yXZC-t_;*` zsI|RcEI5_~5!{}b)nrrq)J>%0^jup*x@hg7J_{~tLkt=_t zWf4u%-TYi58{Or~U*x)tM%rp-s1a@d)c%}BCCfPLVGU1z8`lHd_HR`z{eV65T>~0g zr-v9jBXw?6hMwjjPm71gRs)bmo5b zsJcC#=)kUt%c##L^Gu&;6M3!`-?QVNR0`-xP2i#25UgIV-a`;;dNRmO{3t1)iOa01 zg`Oxgtn@^Id8Seb;`QoF3;>_?laOdV6!P`;OB3yZ@8#?)cMq@RzznQ2kRG{;bh6N5ThR zEH&rmF}qPHGS}t^1p&Vm#_CVM1)crw17UdEUFMX&?~3`Z_=YQPbj9ng=t$$RE+~d1 zMSo@UMQ>FXV2}BtI&(PIaglWo2vlSDyt{34Ym9_#GsG%Pu*`lE0lyMk@-?OlywSQf z$i^7qD4Tkal4-H)Uq($dAtjdHXogauvUC%JRT(Tf`kZ|I^qnJ~Gs)rnGHD-KU}k~_ zOWGel^F8f%e&L{C`?EpWgTZ=~?4|cEx%0vSZy*IY#Rr2r-umLqdt>K)_*xFd;0S@| zg0d&07hiw=pGa>k-F9FVLN}xe{RZrulQhy|034*b7Y|`raV(SlxrF>F2z9?=^!TSxr3;@$i_-*4B9%#@cSu!@;|*zrXnK z*us}r>EXp=l6Mpzex&f_`GVk!n}7M}h!X-Py{zBN)~m-{w)up*C)H?!o+38!Aj{Ex z*=FQ%0s@AkGIuNellcjpkFBXff~(8Idr>J(9;t2Xnp!!si%Cb#rBdCix;WKE-rLl9 zIzyW_^Q3!qAAMLNW%YBPgCjQtBi04KSyX#tXZ4NM#Ieg`xAtu*SN_a8@3eB|^Cm|f zj0f*C-QIW|ihB-5E{Zf=S=8Sg?o#;Me6DrcX?W(#fio@DRlX(N-}E zh=A1(H@^jmSb$`Nu*kvhYJwf3#ihQ*={o$fe8o{eqpLb(r4_?|r$S&TBxKDXRy6$d z`4NeXG)5A@HloWVmRE>*(IB<=-$2-9;CfbN5y-(c;V16eZRF<4^^QeuV#E%Ya>xy< z8TN518(I?{JVc(+7%axJzIz7vXnl8j^|q1?*M4-ng19e1n0YQCLCbnm*MU(W8ddf4 zY-nq~J@>p>9zwk2 zTyH>1MNOa^4hukXdArizd}5bV&3(nqaT; zSzo3j(-gaBscpzUwhaq>v2|@u`N@$|pdq)Zpl$_y8tIw)GfTL3SfZm4e}jN~fj;5& zypV*)ldV-L&UAGow7(c#`|!goP!YoORUrsh^O|U`*CiTjbe{%=t)$)VBXra3xgvTW z@1f3w>BSKZWJ!^VVmY-$;NoUGIK79CTdhVvZ9B9J<}_Jf-9W_@D2KJiE-(d3+sLFy z7bb+q{J`l#i-4>ZFv#y@LE5RR(2XeqS3Kx#fP?JOja6ohPO{>ZlT`pcuu3Z-Pi^=G zuW3qqPGufVG2nMi`HDeF%qxVUNQ0Q0zt!h4?PZyN@G!81znTPPPPdIc1 zP^^ulY|j!JqGdlHgF3ANAaW2ov678ZfGnyCGB<_4l3!Xp^LD;&<{Po2LM3y=(}!71 z76rn-IXdXp96Tuq2<*bhm~k;8%h+;R>m9&&4Mi~XEL`!$eyv-f9#B)=`pg8)D9;6g zCgVgM)NAP}jWBXay;w~#uM42{Rv?Vm*oAfNi#}>X_~WmY2$Zlb2$Z!N36$fvO^Yp( zdWONZxTaGjB%f{9(Wr)^35#19)es|Es9dIP4^o_Zf=YYh~nEuhtl&UtLUB=lKVs4!1HJxpN1(?#|NVbP!I#-H>CzbVLR@@&yZg zziX+VX6=ow*8(MSB{rIDFvUu5Y_U4xU%|lUmjklPuE;3DrOF`ZXNfwxnXsDmTI}2? z?>ONKfAnofNhC}WA_CIf$I|qX%WV19!^NH<&ss6;ITgH9BCO$moTW-F}mgZdXYN*em{03sR$;cnbpk7gQ9Joxf8JJ@KE}l*@U6`$b#}qOM_j@nk1eMg}=5vF195{h>Ik}$BF=KXx4*@=bU)szc}lqt}MsHe~7P{9O62aY<5iDZJDphk?5 zufkq9ezpoCMw5(X3J^YaPKm4@BRuAd(j_Eut$LDt5Ix(w=6Ll=?J( zmkm@rJg;lEQ$87iQr%-|-V1Nl=h-JBqoN~XrlRk&;*|HRKt(Z63et#+;^Ct#qm*P2PaJNQ4iI-=Z%z&ug9K&~PHg&xvC0V$WQ2H>aFTgSsc1|^i3T}p|nQc6_Yg`e~z?O)1HX?{JW^s?R%U25K4db>o|x$@OZyl>od zkZZv){S9)(ZkSxjm#ZZf2u?|ZYuGQYIM{a+k5hECbd*xZ_jsfe8Po6KTg4yEv_39N zM~j&U&vT%nW*}@%xQ2Yz*o@+h$Iz>c+Dr%qewNgyY%RItD@aP#E8QI1qE20}x-X+2mp5J995dsa! z1TIw5kanFa?;8#nZ`bT4Hi4KhxK7AdYjpPSfWJ8J4DSY~(V&m_NsVvkT0 zq44U#NN70VQ;|@Zxp8KuR1NxmUt<5TZAJTsjf>m|wl17-`rEJ9Bnf%7dTWg~W;@*q zFAI&sN+wtr)Y%!Vy_!k5E~Z&>jNhVeAryBcmb&u9@xjbzaY`E+7L5W$YFrwk7mY4~ zRMF@*mm1v(VcC}*xGj>P$pQv4PnHZAG?06W1jC>qS3XUh@fLe+am@_ReUp}w5M5Fv zsS@^z1oeBH?m;>m1vgRW!a{c^TR1C)?p^kp58WkQ>Y3K|P1?LXF{1Il%fxIWwC7!w zU3lJA+l6GJiAf!AgLg(QB{tuZcf!wwWxOW*bYZ-6+VjqNH}*>r?~G^0E8`LDo}q?3 zPegym6Q|iS3*up9OiHbec$V*^SMj!#^rDL*!tFalT&xx`#Jont5W5gVetGKKuXl;j z`>mDqvV!s>^+NeAVi|GGs{FrW^h7^n?CmJ&1jDMRq@5)KVJ4mHeOFQ$phEvz`d;W? zn_%^)q-S3E_IbB2O8WiLQN8=byM0sAf1QEt^eLDYXIQ1AS_?Q$)^3L9!E8z?>q0Ai zP7fvSwC8(<2BxHMve(hL>|hSO@a}eFK9PRb5>R4LK1bhGVS_WaKCZ|ta+_=R3M2_r zzca|f)bCnx$^sRAdXfvh%D5!Qxt2jCg=d<9I|c}uco&^wU({+L`Y)mGVjo-h=wH%f z=|QtmUdZZoQR^=nbW!gw;^C`>d_CNsqSnpg;IB5RDkwWa{%WgTlxnUEUR>4)Qis0b zeRV;ah$Scngnympfq_T_Ogyfh8WC`{ z2v!@OI>t3%l+N8vz@!e0y$+Qfn)5vF3w$Eq#e%BVAc8iodjGycJHgXuH_7R0SDb*? zwQ8KeOEwsQ;^CR6M0!@V=?XZk9%l;;7QVIqg=^3UEbqkW6}wafEXBBufTb9>O$eJm zFRsHW{M_XOcQr!zyLAO*}**-HchmrYZOrG z$dI07V|dNwtO#fwr_P4)5fL{&`i_#qS!*@Di?iCaCtWgoEGLby*7H4YkvQ-P1pl|Ipr>>KWF5QyWZZqP0I5vd5SV z&H~&#r(l8AD11`UqEv)Cj#O&X=Kz7i@)ST}`6mdca5TTNTc3*hK7WMzL48(7SV&5b z1ugxL|Nbd>4EeGZ!=|X{t;ykZucb!%y{4GLsU4PB{ts7t!4)l52#BzJIM8Gb0uA*< zIhfqA(dS=6o676pl`2mVAqo(LpDHXrM8~ilEHW{fz!j)u{m-4z1c&GmO@#Ab{EIaP zhL#?J2w1g>aNPm}@`+1Gdk@XKwD+W-WPiJ>zf`)tPVAoY7l++3V078l2Nw3on|eU_ zp*gB$Rry+;m4(M$wW}w*;Hba#gr}eKdQbTK_rKW_*51y&^M-KmKi2Zk7k{|BCmi+u z*Lzl#-^w=}NpzgwaBrL-`5L2j#RR-|ZorWWruG| zWhZT`NM$eIR+-ASZmUWiKK#|x;gepiNF9FptCgw4TVJh8Wrn|&%1nB#B9*!PwaQec z^|h+t$hARw)gV=L&951pA9U^Ts5*Vm2ks5dg#2sSb$`;58mQL1q6nLQy(9RJqW+@< z-%*0^sJ9KDzJJ^BiTR#>j(TJJAzh;Ep+x!*Z0r0-{(o$MD6svB{)iV*?zcv{s>FVS zwPLiJF0y$PU`XN`Tl;m;r}>=47h@n*6prk!{+)Ay)4nJpIqX#_;USpeOrl zpjfHthaitznHa%J4Z&&udO&Du$ zSM|P)U0%<=nuCJed4rOTPhR`&?j!qch<6MP<{mQgS3(=IbU&NKR^cskBQ&{nFy1_enO$oW4pCtAPdQ+|EBxsJ^+^a>I@MBk}2oCB-Y?l z-vj%@z@~^CH<{@^*wsbuRh4v?UGrDTNniYW+taJCr*TaJY6ysRNLyZ5%@UKTpLcN| zbB(eITs@QEXt3G20e(%;FN`;f-1Q5(4`MSgeZ$K(`PjnyCMEZ5;pWgI35qK&E z4PIIQN< z+FRlL3t-WwJ&V{Q_T;HEf!LP77bxR?^rp|*z+Nrbs{}jkJJ?Sa>;MwM4of0Hp`pz! zDfB(yP8C2@uL#$l56!+Wn$-$|-->4U^ltC0{@XjLPkWHF(4O{Ifl#zJ8~-C=@XdWj z&2<)n)Gt)m{T##MaR!1e!JK$I-*@zNg2wDnlNVq6nJHj8iCp z?GYQAOXTr^&#=MG!QrM)0LcvnvHYPR`JShHZ~QL;o?5|EEqcRrNAI%*k0Qd>kM04_ zQSWt;o`(lQG?4=u>1#i}p!Ne4!Nd>@ zz0H8x1ySYKWN$qp-q_oSiMJj|Y3bTA;PVD#$#|sms!{_oSFqi}@TkcthcHAar=mP+%}_Qp3=~8;oOsIB(la0<;;7833Ipe^nAY@5!G8^r;qo zdfSUe!46RIxL_~Pr_ep=CA40BfAn!^_Je}@-Y1$Z>FZB|{@a5@)}GqR#$kCxn2Lh6 zXqYWQ0b$?VC^h%PLUZ@4xqCrSHE9A1AXem`DSN#S`n{iz8??vsUiuZgA*p^;`sHTP zD3Fc^YM{lkQRO_#4ms^Wt*463T4fA@(@vY|!JVpap&tsGL;!&Zoj2o;@P+$*?C;hI zt9B%2=fM`%ZG2$rAxrp-zT2=DEAAN3K2YBh9F&j0?lzF3rN zp2nBF<+9D{4n}STy02_zSyK~97^d^g(0lypw_eeoXzO1iY;`r|%AdYg&3f_6m4E&q zO%U3n-ogj}wC-?vGlKdp(lY(&)74|4HIzCIG>@yHe|g;jd-g9Myw3G6Kf|-KaM2lm zr{8!!zf1a!@1l|JpI8fh`1!OjO}{)%{G1|wPEnVChT)IRY3Bb4Zi8uV!G-BH)o!Zx zI(^~K#{SFK{ZwsuQzZ?pc3IUZt;KER*iWZ0{y`uqCu__I%Jd^UWW_RqUn5%KXAXL$r~8lLQR5)+{xsnT z+z0}$7Tp!Dw$H(_h;&%67 zc^~BcEOIlOG@X6Ulj1|R()f~{0)GV6_E@`1g;@v@5R1pFQgU~7Zzfo?8$tJ`Rwcoo zilA<{vfq^&%7R>jYsR?k76BnCLnju_+Aw{BtZ#FWy{bMaBgI6)N~OcK5!D>+zge`m zLFVj+?2rMdKAoL7FC7wO&WM*jAL{rMUVZ>vd687oZ=bb$;qMMx*hrIMR zJs8%lA`?*U?I=D+Gy7_rdsRy^UigH=T(z0U^X=$TK^(#%Sxezu{WTSsjsN~$lmIH< zaA>r`CA`sII@ewbUrHh{e`F?WfBN#0*xJX3D|*uUv^3AUL7e3f-?SOqdH_AK=I27# z3*q-;LEV$=j&RLkLH4V#de=2%ioQyq*3-Hs$TlXkW0)h5s7y9?U3hQ+44iS8qs1Di8{8CcqFm?iG*!r@=#FrrnD{)JuuI$GQ6_PaCov9;erGjkL4aV z5gG$r7si9tV;UrX*%MC3W(2vf#@XnqmAi4>RmgThkR1t>NL->enHzLyl6fudf8b$) zg~ja;>8(1Fk2`|x&jibQ(1D%O0h)E7Xy`NoMcWV+LCKb%_KeUuI!@93Z2?{>m=Q?L z63~DR=AlAxgeR1jtQrAu>+kVa{*%Zd^O3rAE1o~sq|(#` z_@Y^4bJXHTi?vWvCD{PH=r*@EI(5T8miWvk;ocinXoCD868V@ov?nY2sXSXg?P-(t zFRCbf0#II@3UGucCScQN%!wBHgD2SL7Nf<=A@abl_UQKwl738yL+w%AjTQJGJzHiQt`O^HVMxZAi;XAi*;OVX6f8& zz(Q&+qV%g4c&kFf2G^JRu@!Y5kdB^>(h%g&GA0%oSW+Mw%{Z?iJM7m3L5B@5pD=Qs z4YsJ$A}+2yo_z@oBx4%BGJVv3qKsP*Lv&n*@jp8VR-eJ_Z%N_V7>o0;a%VV7oiI^V zzcCfRdq$iJ;hN*1qQow{-W!!Ha8)M}@TUYBLeB!7zBRz94{cdg&Rb9_TmI;iCcx`d zfI{2V0|jfmBL5}(5!HiWRD|ah>u{v7paq838knoc)LWSy1Ch^#*dM37up+X}j^0Yu zGOP}rNr16QOP>Uodc6$ym~ffH9#;l2h}Ew*8wHs}=ZRcQy)ww2f$V##4f%k*D7p7k z>m^^zzkEx|$sq1Yw9oXoaGhrWCb>VGFk=mY12*&w1m|ElS8KsX<7=^Y+y1w4RjmDR z0b7SBU02wQkRyEt*#-_yDqfAvnQH(k$K*vL$V3q$q^b;OeWi4r8lf04pjg8X3NjP8 z00Kpy$%EL-XlE?_ZE8cd-h*rf$X49RmSz^H8EDZ(sXzT*<9@>EzIygZo(VC?WcjZ* znOrPUfrq90AFt>h>s6v46^d(4+3kn~9wpq%pJzeNL-~!AVciwxvTnA*1k(iSuzp+8o!M4IWsEysj!DK-&Tg>HKYfC=@HCk*XeDTXhl)s)1 zQFfUhi3kGn7_#H6111!aOGIGS+G|F@$L~L8eC$+#Jp)k7pzwB@^RbK=#KMD(BC|GJ z_j|s(_N<_XlcYo@Wgn?d@-`*lyymMK=Tu#!98Q@kKxcsPga7PWSj@!JP z?q7z-7y^67C&OfDdga8r4>Xqj?KQ_TXbmh{E|r}iS92|z4^UGoId?7A{-|_Kf#@nz zI(9nR7Hnr#|8By(M}o4~WYBHTQcZ-BxerHw;Pt{u2(zpc1kuz8QSMspl1(?~SQ8TK z>U1y%w}@(q^jyW8aR^s%z>=cu3E%sN3C@Qj!GR{t5pgEi4`ii9e3&fux&)mr>m@|B zL8erQw(fF5gxKW~>w|E&F|_G4G9{RjF%53nTq zeH1Hls#EBA|AzL^Focr=#T2L{P_z}5ltEi5mlJ5=gq}hW#4u?XjffZ_fgq)%CLNBa zyHvp|*IP7*C|*ENp|^4wlD4*`MF=gHGKduv_Av#@*fQAsKi_w)eTF0*xYy_R&ja22 z?7fC}z4Ln4yViD>p$T~X@j}&$>}d7 zHA?OW;o9;DQe$7gt`)WKC&0wMix<55>7U~r|JKXDu9JUV=lS<2B~JirLsF|8b&(vw z!fweCBF}_ILL2r}zrd8?YZR#yr4q@|w97*wY9SWvi3WgqvhyI~TXvX-K zRTVU?tZEav^p32?J?n=pT!Wq zjVw&AE=f*Ye)S2-iR-UMgld=qZQ_d@>{-i2FkVOndmh0$a4Nl&FG{@2S$q2O>}_K9 zgD*8^&$vs6yIkik`yC6j-zsMB$6uE^{%RC|HHg1}$Qxj6Qt9sDWmM85;Lk-y2#O%b zxDn8GdJp8qN9cG#_-1Y(!O=PH+9aciEOd==2imFM(6s@&HZoIS zQwvP{7Krct9}XzS3t1m;&%iM7%g6gB?cTyE@E?@SxP*6G?OmgLcjVSdWi54!85C-X z4>_%k&#{AzpjrVxac}|!a&X|Y+{|zN$$#mzyFz#@0?X+_&>2D0q!9j0XmAt64{!nE z#7kIyWb+f!6WHYN&DS>OEJ4R@Y8*6bQ7S%vzJAG(*KVN=_6miF&fBH0?SnG6+}mW* zr8)AgD$oZP%2JBe6o8nehfYk2!@GW1B^t{1hvgcBtP_~)N+b8asz>#rbe$d~6#l}6 zVTjo(vDo2_#$t=VW|!Z%%l`I|*wU?;Tx@A}UklKIk#L?1B+PPU=YIh{yrxj;=J}EN z>dkJxTCU07%#EQ9@vbo&bPe29$1if=kc%e3IP0y9Ckc>8hp-(;wAdvRCg!5#!rN_1 zUdYB3!XDgia|VCt0&{_mYc-#uMZY)HU7Amrj|cw%PcamzHCLmu8Ng{5Fn7UklpE zAIXtEYN^HLrG~{vg3;73;%r7BeH5@naEa94e^W}&mtxlJOogA!rQn}rF#69gO{FDN zCEYmMMJ7nYh9-CiVW}ZUdC5-k*wjQL!w<+FVOn@?HdKT3zgV!*YnNSba;<{BI&BN= z-G?&`OVF8DosvndDovFUem6JMAfio|#LVcn~10sqoZ12zHS&e5yoRYxyKr8N_X z2A#~wGN@ews#IR@Njj6nA&Tu!460NoBA18zT20a%PZ6h(TbwH)gaX(_%EQmrb+LYk7F;*WIkq-~)k{Wec_% zh0RhiDnDBF!?>0P9Ev;q`2ys)+Auo&xhP(?XD$nQjM{&^cQ%pCba(bhX`Ai~P0c*u zE~kG^{u;ZJqM3=iUX(1zM~u%l7j?k;T)oC4AEyByr!<^PD}ogJQthf|k^swbT*2t+ z>o_w`0w~T@YvtiJ%iL#t5I66e>oab%&QTLVZ1q#Bpzdv);7`TqURD2%s@A>MWvP$) z>L8x-sAq)+JhbBJ&O&>`bflM4&2r$;e0bsC9Z{%bvlWYs;aIzA*>y(3K~bQiJq?B& z_*7DgO^Ftans0U#i8O4ay$YO2=2#hK=!7=$XHw5e&%fV%xy`-w-2080W2;^_75T}$ zb6A)T5v|4N8wSI$gO2o-s$}X?3O5W1FMYLO)JmRv})l_l+C9XWDCVNRMr+vAb%B z6zgB|q{yCTO4g-~P*g!q63`4p(O&?&g)`&7N-;nl`6db5!Ta%69+nm-Qq!??G94}U z(^ABbo}jjP*P64I=$W}*!2E>3bs71a^ZLCG<3}KW-y;(~uS5FDpV_3Mc!4mU9Bh*H z3w5nY)-48u=BT#f2#`XNdMp&=pV*k$xe9vWy(fx)Fi2{6s9{BrZbM_I#zGpC|J|Yl)c+)#U@Z}A3d%n z;sdLzx%Oqup2g_2%VR-V|BqMudjDzBHlASIh1 z5T*N8wwJJI}nYosv^%E*<)7bHK zDTQ@4an+W2KXIKjrgmIU?dJ8hd~K$-s^{cj7-w5b`I;eKe!g=i=v=WRDH?s(LHE{K zX=db=|3EdYY2jRvGo)EqS%-m4#9Bp&dI-_L4BA2~PPiImV=`-Q}XsLi0H7&u1Frn zXr+XT<0t;TQczKzh2Pt?c<$*k7VR4w3+KC$7V+~a@YPDT_2J2Je5Bn?S(D>fk=&e% z{B4q>)N0F=TXYU5*}-W-ftJfE7dtbfB9%E20-r)6!kJ@h(;uY9J*`Rd{M})_ROS=< zP=))LX{5p!NS(N)RUa_A#=iY=D`lsRd(y9PPpeurt)wS8@d;MODV#{9AzF?_!~4JL z7=q3nLnJKBBNU;~SD^BQ7)UC`!-1g;vQ8^lv-d-+vf8?nOuyHAdouGC1YpJh0g!{S zEdhY1_Q;eC3nlSamLl;4SWhS=a~ zCpzQ0XxLMOVT2=}nDJGOdxFMOFz$!g5u%ah#yue#HxC(UkDO6cYCE0|gMfva?Wnk% z_?x+^dZ(_ix(iN(pE}F<^bmJB&|U6740c_>#I~P)GA+}61vL%BHuH~K3s-&F#=G`YjPT>d#$%v9-YQNivY&KWcWfIF#^+tF zmvA8TKaKH^QU<`RDfW;Ry~9}UZGV5*^yzMW&w^r=Bwm1nr{i;eqGHP0c_Sx=TazV3 zh;U`cy`Sd@MpY61Xg{42?N|TQ8#o{;X_j0;VUEhLF=c?e7hn zzL!R3!!ehh@ZFfBgnD~?VV6^;cOT?-ut88wH6#Y6v;-ZJfowi!?RpQM@miGL2bvl* zu13+v+k2>9PkGqV!U@}Ysn|iknuc};XA__=`=FkOiY2(wVkqCV%{Ph{5cCoP7`HVT z06b~5n;dZAh%=2*{%b6Z^7kml(@!4m6d8;7Lzuv5qyP8-moX%00x$cphh6Wg^^QpB zN`2WTn((5)gnSekk!?^$75#%+fo4~N#cR>PC!m3+qJ7^_u|hF%%ZwSR%mI9(rRAz= zTEp01kU)>>)VRkzOVw7rF*P`%&3XNlt0J-B+&vqJzju1m5mjdd# z7lpY83c~Qu#%CWc-Fm0cmfq6)>s00(wA~@-{+90;1mEM$pq-=P#k-m{ zA3gN}KSFhFHpt5`inw6-7m-N?EAoW`tgb$rqOX;{kbPC-hJF)jgVqw;ySdugBTn{? zYPR=X6c5&kM5YYup=}e!G%>c8NbsDeWyKYGS9#O!nYzkUp^;8iE%#Yir6~fz47J>Q z-cisQ=X*eg0I}Iw$~`ooIl}@5R79ZtgNx!FLk*bdI|1^|@d>!#3c!fVsX}^yoPqox z6voCcKxxU^W?Ip4tssPR;N%DJWz~_^MQr_JnsatHAF8E}PD7ovB7!LqMkQZHB6GL$TqN6f*KgyR?*Z4i|8*0LS?Akz4|f`AB|r>I6(3!evZY@Ho%>a(UY7r-+qC7S0v27J3meBzXSXPyW)v_aONRnIw3rgKnd*T_xsvrujf5iDwBI z#*DmqgO{OZ+Sy`K$V6XM1!JP>bvY(-E<`n-rAMy}bUa)u;XMZf^x1Gp9%w0QSX1h; z4uolQ1&bqs0iBJOEB4;|&F`){i?L0RuMVa34~-@IH&&{~Xi+BAN9@AS?d{AiJ^BzG zY%X066S#E1a44|$e!pNo8FY-%_6WBGaj3qn$@!fU`ZUJ_>KgbfY@qOFd{Ocm1-tIx z1p4KP){^Yo#{19UZXj`FmS(=4#C;(aPpb5PQplEOf1n#+ZB1r4`mF}kC`);(CW297 z0e%fyLlQmCQd(V>vK)RFYw?4Er9j9+A8Nf4XIBcTUb<`6-=rYXW;Z;p8?e^O5eytb zc~N}6$b+irSScz;qEU98{fv%czp?=f+L#JXz(~0ByX+f5`_mXls*j^=ElVLCuNZdL zLy&rA&devCiQjO8CF(UbsKP8AmThb&n5MZOS|6OjW|%tF0YQqowN7AG9G|tDO2{@} zyPIy93|yfbR@lcCWtj8%rFHT7Yh`-uR1>q!T5`LGO(2p|7kvh*!&t{pb7gTE;s_Rc zwTv8kd=lT=!l!6OJ`Wk(EnGbedh~akAiCkldi3Or$<6jLnU>fCL(0{u|B^42<~ONC z5WDzFzs>`fIfe|6|5L#dPo*>fGLR$J1TdV$N2$X{sh`FP&~vUYRZ21W^;dBtZf!9A zK5blgYTOE+TwGhVB~`LKHIY2{*A4mJ(83$ipDZ;X3gI26Iai@U3d*e?)qrKiMbb6U zzW!N41DHBX-i?%MTKUj5psWUzaa~bkC>!6EJxuB@EoWr9L^(Eod88oXYjO&r`D`KH z8LM2U4Vl=+XVh2AzIwaC1f&KiR%e%)4)x3>@N@4KgE(=$Vi2yK-ku0;*&9@8#R*NK zW%j!UR-|;Jg`X1`^p%at;97cd$G#v3%|~+j;#?FrK$?<>ghqp^N6ps#Ts%*FhdPAeE+AQQnms6M$$rd zH?y8kX6G9I$}awmV0Y)Bu=;$8{q*KIQ{RYqHL#JS02l8zp9C&0SteX;YS#I~+Bh*J zneobP<}&F#41(zGLeVu8cKA7{Cy$>$h+>^qwUFK)K5g{gOK(FPR!t+h?flwgzuX|* z8x8W@b+7hiuR`Fo>|^xBDL53o)RJnYJge^4j)UcsPqNNWUgH;d!xCQhPg=r>q51KloTOP3RfvnAPz)Q(_F3mgY>-4T&>2l?^1N)bKr!$xMza2-K?UNEyG7EWv*R z8RP7D2P6#FD4E&4V1G4@E69%&WnM$8vUxF)5rq^fBwLrmC6!xRdF`$}3 zu-8eL$7jg^-pHKLBy*DHB9n51G;uF;pnX~I6iw$oKiBm^Q%aO>c`vDXVO* zXY9%Dh~Mt{W1io>Ego_hD&)6$e=>eMOmA1(h|w>gy-B_}Br$402nRs+ujVEeGoz~} zz@J!KAf~@}&E!<}fVO^UZFyiar_s|{b+*5yCqBPVpkzj#dAEiVE$EIu&VKp`Q>GS* zo(4tFDx_#LyI>Ao(Ph+ZCL4D(XZ3uRjtUWUFRz_I&VMYApl=8T3#{Kl1byQvLy#S+ z+*5?00odtX&|gkn1)=7?H3g`7#G@t}`vBBTmOuyl;^Li#HCb)BdD*Xdh23RP`14CM zv6Js&G|cKc{@Y-Wthb!k!Ijsq9@#17<)%a(6n40}V09i>ro0wge}%X@Zf#z9IVcBH zUha*M^3x}C%1bM%j(xv-XVl}SRrwx~1q&DDx*Mwp^_be~Ol-v(3Fm2*7)l;{b&;;A zTwZfc$u^}BiOH80G$Vi}XEc}T&LD+>HPY;@aM8BJFZ|MEn{}MxE+^Rqx90J$Ynnl9|2)hG{kmWh1C7c~#jDzH7!=xn#JP)B>(DUHfD> z*u#3uErC)gsb@Rxvb&cBF52pSJ0INy%mxFEo5tv-DZ1I-2&hmWm1~G@K3WsvcbC z*l$%GcU^}(0@4Al`Xy@%s*hCl-TPOcXw|Ru)!p%JWuJD{Q_mNS{cu%Z{WCZAT<`l^ z^`m_C6_SN?S(&Te{8B;nYE_@tzk2WO0{)%H9PpRB>M!sR)LnmALG{t9KCOTCc~*Uq zuRhXMzur}UcyFEk<_Y(CRo|MfU2^@ltF@Z{GEuuf=XNO)8Ks_j~x(EZ3Vq%3ld$KfA3E-n;as+1`{bwl`6(#Sir60QY8o(VJGiS;EXE zoF7ND$8ndlKhlAvIyFg_OcGfEc5R)dGP)TX-H74r)dbyS&nGDH*v{6^p0Lb%9Z-H- zt^e*11IuGb$_;>GAhRo0GR7MRLq}c-=D{7#q zzKRz&kp1-IMa6d-Uuvp9zSYzY`pW?fs>T|s`ZY4W=U)a-_nN`rDJG5JDW-6C)w)6m z28^c|-8nR5Pk-8~`SLnZ$un#}grD<#Ve=8b`j^ih^@1xlu)Sh%1%PAsBdo^2^2Gzr zUb|rj{TG+dAt-yqUsZ8n``bdu!DPvOl=4gdrt(Gh{Hn{bbmoy&KDFo zIVeeP>J8Q56%V71_~{K5j!mT;DkcotT>>>4q){6cG-UE?8!vp8H`>>&ABTJGf&RJ1 z^yhTBf5)`^PzU8K$f=`#@O>HhXj@(!@X?in?%(Y@ev1~IT3(nVSZbX zu^}j)nR5rjS-TT`zftF@5SBTn0J@tc(nXa4TkKUW8$+e z7T0kE)p=YC#*`nA&KLaB;QTg47&Lwh4_sczWuOz-&fU?;U>_?5u|Ldl+i!%}yBrYt z{ylG>qP}P}zXR~m|1|uq(goC27!r551JGgQadk>Y!7(j&sMFi}@wd*;O$?NOB*n|W z=1TRJv+>djH}L<9_{WFC-rp${|9=-$-`^%Zb_id1*P{+BFs7*k1cB3ad&<2m6cPw|4zk!;DCRPsBbVd=1bSzRj;+I{jHEK%l$Z zlu&2%J@Scdzz56Ki{%<@IY^qlNgB&9V@?93-tURa65_I7h@Q7@lb+`f4i9k{507r@ z#O2V_`UPQOy$21VdM%0!*nHd+t!DpufbJXyKLQ?FX;WoJbacO0YOtLb&&qJ(Di;O8T&2)Dm@q^or`b?+ zt-?nFd?c5KkM+ILm%Tdg!xZa>0r-9OfgFC{UvK!m@_YU8dx0J}{61|(gx@K@H~fBu z-iq;C+~38FKT+sEOwLamA~sjXH&`gwOvmOv;n=(T^B1`rJ*?3a?BkOKLJR|TQwBbU z`C9n&R=}8Llql*yKD!fA_0!=&Y{KX>Y((MV_qf13fsI7zo)pcLJ^y;YF|1iW}P5Auqhf|uw)I*PbdE(S?|5v|G{0?W#+NyU|h z@lG@@@BL|50r=Sy9L@6Z2b0GvcF8{bEAM3H#+4ci$v$1W2L4JkdlSF)r^xmecWd`b z3eq3zd_S2BTw0D@qEIO-I6d|p&SL{g`v-d}d2Lkk;lnSw_^QKOt~j4epq6;1wshuu zmtXX)Z^k>ysKptj0U}~5m=T6Y-tD;3F)oQsrD`&W-T1cHNIWv)Gq3k4K>B+HNOOI% zBEd>72{u}qNWkYhG2CZIz{`N-Kas=_O8D>l@dLd;h7swjGQCIw;$TT@H~E$O=v)MR4NGQwk_tK;hLPnVY{P=ZtX2z?l6z_10ZG6uQ^~$6P0rk^e4Xk4 zmcvfEt~@jHtpC<3Q+)-yW7w*YtjP8#1eo?Kc;Tx1)r})z_I|wzV!Qs}%LYw&-dzz# z(^mqHyzEph?!b`@rc}M@rd&5+&2I)K0P(WX4SD*QrhzAk-u6im{hNl0Mq#i?_(1>I z!2H4>Kd@y!^9P>1mj+>O@*&)AXuGFSq62BVY>~+u9+kxgkhWI-*De*Tz$RINP2mqn z?YCZokq^BrN$k$9vT>K~^?i-o%Ud$ACQv2eu8SNR61^aO_3t&J>Y6c<30xF|hE zqOu^|bmTyeSr9%u$W!5ez14*SSjgO9_om7h`m_=zeaXxbee2}mvtQMvXZBDo`&;6x zYQR|Bx1pnwYo_u$~Q2`*_IM2qFpTjU)lEZuk#Sm`l8uHW*S^fD z(uw4#zGT(bWZ&aeZ_VYccCMNJvq6|$Xci+i6GFR|%rmv)iQ@TAtQ9t#=U!oPNM;%< z732y=iDBkMMOixrRFooEm>G^}b^@CIq$}>Q>tF@b&t$JPRqflSq6+IzisxQ;YeJFB zmM49tlsfT6r5%zf#}3)^S*CGGDcTAXzH+dw#%{0+7vT@HfFyG^b^K_6v9A*Js_FmG#+u4t49Z2lBEcjJ^AAU$`mc>qmz@^=4oA z?$3d$r?*khZ#U@g5pCs@eT;?bvM ztEazL^`bFmxND84RHp2ld(9wx68CD$^>+>lpL>g5KKBm)RJ}`rNNnDne!}}A{2WGeHpI-|u#>&!E%FGYJF$Crl3+_KTw2Hhx@ z4o)j~-UF-{Uf)^tuD!c52ZxziiDbC{?rz`}f)9C8KkfQ#LX|+gtU#9u)PD5x`Wv7W z-Ui08f{|9_$7mvu+22k?`wo+tCz_j;S*N^(lM$M;fw+llEAh<_n#bF#PcqBNoLxC_ zb<3zsVoc`bF>L5Hj~ZcD+wFYiL>@K&|0CydNY2W`rN2-~FP2 z$p*<$G%tv~9e7!!ETYU6$?YQaEJ1$V-L#M$l%ck0R#)GbA#o`KKO};A(z~ z*T0U`&ac$#%J5p|aUy;~)TX&5+M0(2VF!9XNuSiq>99=62QC9vd_j(Fd{zfGNRN_s z0^ALtWBKHXeYEGlIZi&(d~Gx|o`;kxg*idxu=K>iZz_eYji;vZ=jw((X@A*F{pntQ zgZ`3%cbPRnx-}+-%(BLAm=bYNP!ZmAmeY`x#2^}IB=Xa_X|krcX?1N{C>C`H&|T`p zQBkJ<_2c+SKNU$j3`d;pnzRlP9hv`}sU~=sUv;2M2B@Y0Z7t&mh`6^6LiW z=u5d|_oRL8L(C3UN12h|bnhejb#@K>Pcz52Z-@1mZlZAe-_2jh!RO{lm{zSo*?v`N*3GK_82oA)4J<}NG9$hGN zM^uJ;wWU8jU+ivSl>9ktYOkQJovQtyK_o{0-_(x8JIch*jbr9}5pR{1*?>mw#U*<@ zf(36qnw=;K%ao09@AlR^Wf_H=DvYVpy|9t?zYOA!SgzcF?~yF9u{(<2y8ugZQi^*2Z6Cihx9rj$gfb zZB2T8_Xp*ZtCreLX>>Czy4l6uJoy3F_LoYMRp`krI@WgLiujx(Y;2mBMf|Q^G0u8K z93ro6z}W=0hmXB|TWnCOQ5~N0(1)hp#E$wCv-h}LV{YQv`lw4LHfx3n%4}UC_C*h? ztc1XqV+B<$iNX85$;3`@Ell2S3oz@xVpe2X4du5gH{C9M+0uq zT%U38KCXA);ZZnjKjZaaq+R|!gylzw<@5S7m`wcXm>Pm8qn$rzT%Puah6nx{F@{{y ze*C=DTp##(oo;qG^B>ehYkzN#_`Gt}hdv2xe)_>Vdf@ z{4lxT2bMn4TG;dO7|zg=PXLcc0SzY`omSbxL(!yHo|ja5__>5eWR-j%)=lS*IMhf~!jYq*Xf|%(?2kDG zq_3cj*t{maw(B3ms@A5T?dsj7>e=+#o_|!WWmO30H>9=rqSH#+-`s^_>r`xA`prbw zYr9mvnO;Y^bq~Rs-31YJ>0erK&vdmqkxyzY< zLw|J3^UCWF^S8bvej9M!Bkq@2&_`X-9O7G;7typ$3;z6K;L$whe@qi}6dZc|AGBhzK#`Zd(G*=ozMEDF%<@r}bgQ(dNklX;5X%^W1VT(&x^F=Ye+(}W z+A4~A;9lGQ^(VbLCk8m;e#x}u-#3W6=T z;dxDHGhPcXR3*?|E*61L?Dz(SxlBJ1w5hO}`m+{b^lRgpQK?`UN@^;Vq@+$mNv(;` zyN5E<*gx04l^c}QYALDJwcRiFQ&Ou@QX^1OQ&Cdy9aqb86iRB8S5he{snzj$N2x;z zy(B*&{nQ{q@Jh;mBLQ&}#~VF+bixWY+~g31U5V!pBd2LtLDQ|*6LgqNJ? zg^rHIUDmj`Uw`UIf~Y^;ciA2H!92%`X(ymt^d6Z+9f9WXx1Z)G2(J(z;Zwc`6WB)4 zfMVW(h89>leB9Aemhy-EVdH$C^zZ>H`ho8c;^s!{Z8n9Kr+cn7WeU=t`ADOkf^eX} zJ3`=~BJp=`l#29-yV=HLYELfj!Fx%)dQ~Q`*Un_do~hLxIKEvpE5|p!=(+YcOSa+r z;*_pS;wl?D;L0W)JUi}9eSULJtKi~Ut9={OzVZO4VA#C&=KE26ULiWXW`!++e(oEEy(ClB!owLu^ybRubFEM!ey z5cgo&0Ev@bdOR-yk`Eauq?C7!n84rX@E;xWw@Pg8ctvPk;IU00VX}*8SLzNqPzd2m z{ebd)Adwo@T-61N_7e;y*AeR} z&t2Yfm+9^@Ydu=Kju>rTUzB$2)EkLW0=C zRi~LahWF2nRzp`LO2_gtQ+C0Pw(yx^Me{!{)jmwyZdY&U!~JfEZW^PTCc6pBe)Z_> zl(xx)x5oJ0E;~-lR&DYhlufoq(Np2v@4L>cdv7sr1h7Axd8z>hxqp0t=qxo6F>ZPI ziNm8c%nYBnww*mBj%5<%9V}1zvAtO7$M(#eg0US6keRaCKgf-3Mcqdk+aFi%)Yz`D zMm4s(7UaifHW8sjhRre41c!lbdt{cJ;?St6e^;fYtWrWv1+a1;%P$LX3W~+9hzJh_>)fe^N^Fr=t6u zOB$42uw1O>9X(uF&3EOUc2brghenI<97TvhYfv`DIuP3(Jzs#hm%a1FWeJ&sdPM6V zpNvetnFnV1;fi#@YU)^7BW#1rUo_w}A>y~R_L1OpNG5yK@&RSiX zi}0;fIU8xorex+pW4~19qzO)kA+P0h1+eBN_-P7Kk^7=H7^_peW2GgMju?@{25UMD z=^#yiTvvM1n7(zQb(@+El3P{9CZz2jH?PK}z%8F#y0s+Pw^EMaoUP&|rm5xy70aoC zZ(PoSZu9LcnkKVRT*Aaw)8Q-FMv`|dB-S>~mg5NkI9Eo1eEK2yi@rAGeWJM@4~*qp zsTZ9C%N;HW^M-KALBI&hH7Z+b_7vlO=f=brm8&zKbNAG5vmC!BWiz#lFKI#?RzjcE#weUiJJI0`A(y!+A@>$+QXc~Z za9#F!ribwI75jT7@b#GmN?AwM@$8p(#6Q@%9P zdQXl3V}T*X@;8i{mobE8p0hPjvQp;{k5vQJYG6Y6%L9c5mwptV{Ru;gTWF3iBL51} z=qCtUt6oUV<$Fa7ouFvR^Bblcl-beVO}317$!Qf38SdTHzMl35LB;7PA)i0Pd2%b_ z?Z0DSIR3kDC9mt5HWF@Ty(7_4VyPX@#%aFeu=Iq+nmr1d5RK2j>d6}r7bWjIuJa2`42%JysPl(nqv;m92{z6Nw+^T) z6FFzI&MKg=)g=u_kvh`;P2su$<-t!bDaG)Rw+%h_%yV7UwTUE!IzPR_4jy2628A4Bk4WV0?9Swm`gS1PVBdw{@t#D`y!nGuOp$py3b}e1KGc9rM zrz>5%bEOYawFTWn#-+=@nLb`)!90Y&JE2g1g-1E=Rk| zXWiwK?y|sL((baiyBx3z-M_2pe$5o}^MhdWn0uZ6x7g3jjmG}zyPQfv|F1NbidYK~ zB{h{zJLEpN%ySFXlh)ThQmP@7dUE@j=P14=$=oL6*kNPB?vo3qu{0fJG$BOXn+cCp zgNwtM10q*M5TIretZhYQ^rljpjAGRiINUXKV;GR_>%gUei}j7U^t1ze$Q9msD9_A6n&p3m^@~K_s3+)XKr*r-{n$oVMjeDBKOmis2 zszEBP(M<+HpoS=XYj{GNhNgrKH>~@%F)T-)?CDH~$OL#t_I6empPnU!mXD5P$7+%U z99`BJY;on}oHox9KD&!*Kbk#TvhdwaCJULRvPV2{ajU#NviRryYOde+%shg{@i*vo zhW~78DqU*92UDaz+W}_xTF7Y64~HsC@ribinaAc=Qz!#b)5sGq&vTh(N5 zEnjPg_O>ttmXCP(H4U1Xb(0hUqi^_V=B}9E9TS=4T70F$FO$fUB@WB4l8Fc=SYm1Y zN#G<%`qO=<-Ekj86mzE1umP0VRjGz~BPas5qX10D!+F2*-87((cFkL@RH=RtO^_a7 z0cPG+(mO%yfqlK9bB$t(!XI5#V9weE5Hzn8Zjd5x%bFxq7!?fJ1m7VfDl}wP(F~b< ziO7mI4Qj={^baRK76feHg8sIBY;c(i3r3Fpo@2rv*W?7tdW&`}J2%M*wVy#b$u>91 zuXCXUF|s~cpi+0hV@tVG6MeR(1oz+My5)`Iehobt_Pk!CSpcrmt8UrH0lo#=V1sa% zh9(y$JkVLUEiU%d8Rj4VNtYcq6#IoM{mY#wje1dHWq8O&Q!k%>1Tmarrq%>eyi%&Y z<)CY0uK(^zI-0`*T%WjZOlrp>7BCaNV;G z>IpfhfnSk8pspAF9n?|&@Q$E%8?1kTF$q%-LEn?O^J+FvzhH8dk99uLAoT0K2B=T} zz<+Xd^7c^He$f`%(VvvQ ztVeWT8r{Pl3e^e`P8oXAMHxIm*-0g_k=hbCj$eH$3%}d^d$p;4wiWs{mWbM=+`j_0 zF6;YWfakE2qdtW|PfQphAt?f%mW=F&51O12zR9O6M04W%21j2IyLqUOY~OHcL1g=r zz?~_Z)RK#A-!l25M7G=SL^%SBBVA<2`jHNj-5jAOD4S#*D6)O#m4%V*#S|HmyR*>kMjbK7}zmM3~3y=n9VIfVENQ0B`zaz~9^fe@Vqw)@N(EcmwhHUXIGXekLAsV_zMw5WlZpQlKwb&O=}9`EAn|<1vOSUWv{#y84$+ z7nqv}E~=%5nK&D{XD$;L5Q_5tJ2eBVDMc{tTds%J-o@H52>J;-kU#*F~x+*nV?)4mMa%TEf^(8bW_!y$yEf z?n8f1*?V=X_lpbOcNN@A8R;)iHfR|QUbUsi!lu4R`+>Vg`D{*ZbYy@9JH(MNNchSg zjxF44@e^JjZ<2gslvBr~r-G?4i?|^;9cJN`9G<{@1*btRTC1;bEHJ3-|}zbDpYRR&M_3~h=YrwJtFco{nUifs?bl^jg<@{FGPG< zc8;|m{J$|OPy2Ys(b6r@|HFv>7Z%WeG+<=Pnl8`L|J6U{=>PMNM*rVgO{4#1Ir<9) zVs8EEUJP#c1DO0T+0~XuCUuKdssrSSA4~-&q7^HJ$>4-xZtQzEZemf>rVy;Br%=^n z^Xwok73nUs{v_Zgv*%gUH~B2pd4tPY!EVj3odh*9BkQ?j??-dnZq2(aepL1i_wHQ1 z`wt$4Fa8Go{+Vs-cZ=7&#=wc!G-|(ZLo%>`ViWFmGwks23nH38-Fkfil_mb(Q{;V6GIbioMh5r z+Jx@~vJ@OyF>)&3hzE75<21G<1e=NTN;ktdR`5>6!=~jFneMb7J}pFCED9kk4|+Bx z5yOrHt7rZgxw)Cs5{|dEG>AEX{E*CUXwk9%f%a+DT*ni{<#-~Rq~{hCc?3h)>^v_u z(dlDgD=AxDsnOJ_`dF1^1U{Uearq*yJC`rw&3mg#FUxTmh{guWGtxf8NKqKFc?8kjmZE)Bb%w;A@Td*BPj1I^;+=U?!{RTshw zSij4F7hZsW4Jzp})YteA3j!I8g~P`*Z(*F6Sf>jNC6tyfIKr!XURrQd?X`1$NLUL1 zy>kZm8^({PiUs+HoWJ&8{ur6*UoBwSYHHS7g@&j?V|3Hx zYDT~VBeJaJBnVY5R+~$KeiYUWZI97Xapo6Dzs0Vd=rknf*^SKWx0XiX4pf>B{IZpi z4tiAzk~gx=(+~D#oN7i@chV)={4!k7nakSvL3lc9#Q=nh9nZ*ls2Z}hulGTzuSm1| zCgAphCc#fu^$gdx+*Kg&I1a*qL$7k)W@_6>0 zRxq~PuRQLDd?ms?aJpKj!5?-$OMG^zYGv5n1s)t;V#iI0tjnQ9nlrKM8}FtFOr?46 zHRd@+0d=Jd)?p_ZxG|fgF+6-P(IPhY4iCWf=M4m)5&+0#e4p)@*ISDi&H@k~{Cot$ z&q@TshhGy29{fOGLS>y&;5=e}S1i}n)v(0ddQ!iciEjfs;MLr&1MghwwkQx z{oUr&3+>18PFj;eL0DLJExd53srNVf_4P z-3KDlt*OT-eQ#sT$lNUa99i(K;^ zJG-eg6(mTg@Bzt*Z^dt@rDScIk3HJLIoV0tbu<4ktN)-^YLnnM^c zGaq_v;G=G|Zz`^)A`{DAgc~La5Nk0Crx^9=U#Lay-`o+Ik$<3!__V$N3omTogv#%L zz!x?!x|e?LNB8Vm(ddK#wc+udqju?diNO`tq)qRlMefw9^fG}6**{>+ zoKg_uuEJ@_{?;C8oRX{m)+75kGT=J}s;;Ap#Xx}O(hadcOjzNUOBnVt~6IO z+QAnU`AI<$wIVRG`&-dyk{Jc-B4+)DRf%}nmC81l4_XXkc-m9uZ=CEdC%DTbcRAW! z{_U5Trmu4xiT4JI@>@E_)aT+4pVwx>nH$}N^e#7V!bE9;q*F+P2gh^*x;&Rn@?18B zBiD+fziAAc5c5Z~Q50FygaMD{t2X_1);NB{w@Ov4!zUTQ-ptDstM~%X-D!{=?+jNF z@2JZZt}!L*n$&p`I&_iXy)>}`Gxypx>M@FTwPHr)2dggUQ{Uc-_ONof65@-OMHh~b}Z}$Bk#pj@Pi|qrmVzBbkVyR1F??&WEf=S^{0F3BmHSe zzC-LA_F5gbe}KvSjRx%W&WUCznEpk9xIz1$6!ouKXaiFxVpg;I@(aK4zH=iR@F_qr zNZcJAZ3w>Z@B&DH0>cdfW*=%;=fD;-{$fN4$-$e|PDCz!f>E!FIt+heE^Dp~(n(-O zO|CX)!~!U$>KdG2tKDZ~!eFirVAO#Oon>}|Rf;SonyaAJQQkSuKN2XI37L<@y>EkJ((ImIH(Gpqb00kO+lE*#|jBmp4>pBa0XbJWJ8gbf*v+p(*@^`B|<3`?g8Hqdxym z7~LK9X}jQp*pF}V`r`Xv9H=koV3Y`2VI9y}KlN~nX*_ez9AMe^g~lAaM==PJK!m&0M$zD>`yySyEF`kJCY*(RBbfZ zEq0{6_LeZGk2po$7>(fN8cQ4lhdMa2LSKlUBJ)6}M!?(<{A{)TRmTIRD8eDYZwjwe zH~zl7;9hcK&x<=o*+oHhEGDedMj;Q8RN1L}x`9-Rwykuuf%n!?s2l#IWjDE7yWbMs z(~*&e4mPM92@V}j(h6ePZ|Y4H%NAM5H`jz!vFyirC(q$#yGjh2k;q&u`y$XKLRAYv zfG#TVm9`v9z`~lO`9Aiaq zBXPsmFjnyyU)dEpgERe??5B*R^0$1j?Xg#ioUSO?cKaC$wpobHf^8Odlk46eulZox zgPzgb7+v-Ua;l(>#9eVDeSdBGtGeQMwOpXUYz#w_q}xpUW1eTre3bN(l7F)9=o|9e5*6 z?x(|caC_C5ci^sp>UA76mzZD7+Vk46)n(nlQHDEtoS2y|g3OmpB>Wy%& zR5*Gev`fOdk%OG4Uobg$K13-kZ~J@*DYxkK#tIe9ohSQubF4;Iju&T-9-)iotlzW8 zc)x|&;+N~8ve!mg6FbTlFUnqv&XYy@#|jvBo_-OF&{%B}b(SumBPWa8OBVH~=aNUe z2ThHt4w9R6Wl|KXOm5S-1zRHxr-)Hrdq*2gpWKja?_z(AigNDGJe^B~;$CST&{>al z?hY&$<{n~@MB5@e1u%jX{w62B3>eKVJV4^bHXudZbwtJ; znk2bn;I#Jg(8j4&*=D%Hqt#=VCa&1Iun`jMPEd%SF5B!+fZ`oAPb%GB!H#LUOOh$*3 zoedf9^LZZZR^`wOH54Q{A>)iOCvEEtIVK(7{h>AMVbwVl9XyzO?wAv$9+QH=a{xUQ zQ^~7uj+#=i${()O{#OFbJ{gH`1z;XawR97$nM`B{(1AASXjLQ1vSnu+FefcQVHnUB zKXomaq$1_});7AzB*!@cTtjWaE?nDjj^N&5)K{+DxXt>4-dy`VU7n3LnV$D|aeY(_ zZA&Mvh)Ic(9)*1k!G>+FZVt1}qW^_Ab8DX5VL1(+X!@j(Cu6UaDH|Kk|GGO{q*~AFH5f;%+5yC}F8x^5 zYg%40XIIfhgLVcZ0?`>(1UWr|N_xhxvCkrm?<3zKtAiGz69mh3R3K-s*g=9%xq}3s znv#C8rfVa|d%QR${gfRf_!P%`JXM>1J5{x=W-|v3{+WXYISAy>Q_{UPU9VEISI>HS z^(emR&$XM^*7mKMR`t}hs+Us1nH)U$r`pYHQdRu-dUCg?rv<0?O{?nRQEmH+CDV56 z;RwQ1`epQeeBOm9S}{92Lf6Q1t4~#}s@>d^s$v5m$H1&hwr?$IxiA@gnN#Ri#pmdg z6`VGwc*^GIY$qxw#gwdtGe8SUFKsKeAzX5=UA-RO_$-5dC);Xk{~%Y4^eUU!$!UHxc)m9OeF=9mEZ>*--4gY@JoYdzOTw1@_>4r)xA}O) zF-HN`%QbKHg)@ioY|<_KTyg4K3ZPf+?GGuz*DNiCqWR@oE%J)Q;q&*nPck5&ljZT2 z9X81&c815F5c!PKU3mIWey;`QDvg)N9_21RBC(6*AwMuey~rly^ng}{k=G&N<6B(o z75ZS<-UdOUT-Qw5ZPVm`#%HayAd-c}FaWW;{DDv5(&G!dM^%(PdM4dxM*fd3>GEVc zIo!HGX7KJ&QbWR13%if|?sd(Sjq%-2^4-@nGP<93oL}mnT-bdb-M^KNM!%6eMnBZL zf3SSe(PJ`(ggu)JMlY`$ER;L%`}UL@{q3^ENPnH{{_%hF-T$GcVDwnEvYT?<2Zh}q zJ9ziBIwU-8+ueV{cfXhK9;2YqpBi<4Vqy0Qx<5MC{bviie>gtq=)vibaLv2h9Q`k+ zy3t>4wp@AO)_u>he)KC61*4xp_v_|H$bW*n9P*DFynAG7NO=0TyC3Vj-(Z%^R=hR( zC-?B(Ckwl0nYZley#^hoL@Mlkr(l>oFe2-kDeF4f4YR@bgVj?%wTJnBHXK(lOpJ5c ztkaFfTXiuO-_>}mKG(fGOAM*YyI=`mNO)Oc_j~#7bxTv>>X*Cf z-*(l{7*M^dfAzzy`Z!;Gq^o|gs~%ok(ECy9eP;jaJqHW;eNBnSomRc&QmVGPs>AOqsQPhL9p1m{C04b`RmGu-oyUXavEQEHzwP7C z59fp(H7R9`&Mpm~I8k4ngn{=edc0VVXY+V?(c@croE@)FNKjT*^k$CUtXI4!C>vVz z=9_wRy?gUsRbk(!>y3`dr_R?tR`_P3-uzJkr=aXhMQ;w$n|XR8Hh@)OS&d^j&%trE z6?Si6V!e5F3N?-_sDX^>`JeQBfn{8~@)O+ihxEL>;CaG5zg^F-F`vbiPrB!Up1-Ko zJP#3yTJ5*!`P72v*bhBFPtWgT0WT`w;GR#>^U*vH&&l8kyo)E`A{a&fz*QIE3jon& zgjR?>F$HxJ%Gf`1zL^N`#A8l3rGZpSh+W%`A=iaP06WB?pc zy@7Ot4nBJsUsPZ6?$WmA{oCH}YuPitsIH{_#kRKh+nRS1nzBzx4C!>N2Ycb|4(v*M zsN_<>-a7}j!UnQ3;aB(0fo-WPP$E0mw>81Hm3aFcW6Wx`HKEM4wftuh3bYy3+S~yZG#VWnkKi@-Z29s|eq5m+=GV%Fp_w_(9p2vPtg<1kl`+ z(}S8Hw&^J%QXYO!+JZ*RCRNI7WyywmH><>joIka)`D+?WMC02=4?^R=-x>`tN8=+# z}u93R-re&U*aXTvp5K*~sw`D>9rjnB3Nu>0-5 zR-jJ&bD;5-_~%DC{vo~LBC%BvJ7K0@R{X-}99>JrKGlx1;FtMFtDNRMoN3hlQd`>x zZSh%u64ip(C!d)L)zJXvtMN~HIP4gw7-2Xcz658{u68t5TuH>oaQGb(1fjV0 zH%jI*8ZQ)uyj94E@Krrr%8u|ydwX2#*0qt`uYFa7pU(Hcv+WtudhZsew}~D2%V}96 z3MMMK&V?>8Jdj@#RxgP4bUJ>ucx}S->xn;!_|;Y^q=IiObDRX)EkFeqWLd7<2EV>3 zB>}(I`CiU`-SKPE9(pae;g)4>QAEgWSM@^#Z5caX`_WcP-lc3__L+Qg+- zk~jj3z)~#Pp8Ouc&NZQIlIb^U*1iO)DyNL1 zLT~NF_peyoTPwk8@_vC2J;R|1D3i35DCc<7q5f!7^vR^RaBZ$UGL;$jW@_S!=9gJtOrV)O zR27AcyYPEI#FsL z@97<-b&>ko^sr5Q3Zo>I?nUwx(~{O2=`_yH3|ODfSiMwEYX8FJok-|R|J zOp*6b8M1s!uu7)^KF_b*xU(K}IgZGCRKJ-%g}OeK2fF&?is2v%b`j2AUXTr+(2i-{rYb^ zw*;#5P)9BE@SY#$aSxS+`wxdX+?PA?H_3;eE3?;1Gf_9;8=T`CMBVYwH~5u;1}C@% z?<{VxkeH?pavZ$P@z8$c_AI~Jjl#J-zSD69ogzsZ#pisdgK$uBr;*tB1i~B=!=rv_ zY;){);0e+rb3BpPx6G#RaGS69RM>dt#`QvK`Yw0GL*TDDlM|(DnKANNUBC*SqwU8i z&G64(FHpfvPHUoZ2tADaolQ|#-vl3}ws>IGoj&S*+e8)Z>h)};)3c_Elru5{!|;e| zrGnVk)sh}AlNLqwI5lo-9`}uDvtig-Jht769_a(60I*tJu8@(d43GSg>k_RlhXAyq z?nsie9b)MCCh4F~Yb#oN?Kka&74GG|{v^wb-L2hs72L0k?t|D*AN3wu5TyZW<~MOj z5z8_jHJeLS2x5)7Y7qqDkzEEjs>!_EkrF-XZ{{-blx^j16cONVO{zo7^B&U{>oYp5qr)S1p-1d}gToTU#>J#jfJRbf0W;c% zcWqYb-NcG;_QPU!rB3h`^4i2(evIVn5miI1UKn=nknGQ~AK~z;&>Cxq-WJ-AyuR2V zvHREPi@Ps&`eLlavrf=e3ic-S#W@FRWL{s`YM%{C5*#jiXh-^D*g(}_+F;?BHbb-> z!%?Uj*magYKs_qCSt6k>!?GK9LQ5>L7Jc{#w&}FrUNwJoEpg2s@>;?*EiJLnhi+Z0 zTu4HPMWXBznu6HzxoQyv(h|>q(7#%jht6w>+9e-ROFaAI|KGI44Xpa>Ok}h~^WHf@ z1s|>1W{DAeU8pzCk=}?D7<$pk{LYD1IP^+nU~4~bs!$#*zx6+)F$T=%(Kr^@TgCnh z4ms{l_AS-dC4!GpI=*OpFyp7}rXF>5i{;iNI^J#JOMFp)B8ZLNPZW`e>LI7SN|_G} z@~%#`a}q{)j;K&?rq3HGYwD)SZjcvKYi)XpYml({bui-*>wUQO-rE+;=;8NnSMP4W z?XbdN#xp$HC3KX)fpe z44|K7!0#meu4{&N47%-#jfLd8?0M(YIdW+Q7;=3nGk{zdyk8`VfZm^6W`!b0JR(^BWL#UEwVH{7J@itW|tNWRT zH%%fdu-n%&?(=@{Go;U`bWRQHYl%`hx|y<)!?e)bq73PE7Yk>+iyZtMHiELV&ll>< zhzTL^ty^ewA|X>3l>NKams*@O&h=AGhIGV24q~*QScr+LtTJ~vGqN3D_-cQgHK@Br z0psL`8^=|-zQcDe2Vp%RERQejq5po~BT72jc7C+;D!ls9X5uB}bHv-ft6F#_GW_vH z2kt_UCjCNJ@2-5)Oh%|Ny}AA6O39dHBr&&n%t`I99F%PDJ1E{UJZ9hXou+BkbetSD zT7wfGZ~p|168YX&t<}7{q%Gbtn&&m`FJ7-N?R9(wFM7)O=cbJRTko#5eM?j6P&nbc z1Q(5|o2FBMCd+K9xj?F_y$48BK_gKIg4aYpcd4EE;gBJ1L*jup>(+Mvt+aNxWz%N; zt>w3Bf>}+$!V4k)b)s_dn#>_iKHixV$w%b9%UB(k%djzxhQk6o-{f5%?|@c{LwN&F z-elR{mf<@0CV#kzab}dMJkKX7ceuSUcygh-kMg;Jwv*rbgLU`ctO%EnOZZpi?$t>J z(B7;^Agwg~zR!s97J0kS!i778w!=d^Z=2BGD^U3Z+Hci5+}@#|K&w}_iXFtBnVrY2 zy*6lH$|bh!7`HnE?e=jCpR@tdbf~n@(T`kQkuH_~xlt`K_dcJ&-eGCwDeQB?-fx>& zYEgd-|E)5obXzs{HlA5BToAiuRy1}~rXtfn-i{KA{$C8-CsNVb?^||?O+KY$0DeOrNk0pn@>uVYq*oT> z2x2F<=aFQu4M}Ib`Tr70O!F9vpF|>QrbLU-&u)Ub^Snex>N8SE3kO$7D52kYYkx^a zfwdpU*fVAO9Aeh~n^^0bp>k-k_HIVaYhxq<5#2{z%vPCdJr)(rZUU_BItj{-KTCMr zzS@!WHJP&#l&#)Hy~;FhIn(3cO{O>Zelj}Tp_Y?L((k9(^1v5*(ks-mD#RDL8q%{1_^sk~^qA6dZSDkr zuTayu<$!rUuU)eSyvmC3lcY~MUkMeNlyyx=P%0%E#0a!|01ZQrtQ{DvR9 zyFKHxW^z}v*yiX8%WW{Y7TQP>6JChVdV&X9Zt3KzPj1h8SPx2`)(I-XPr0`RM&V*F zVYpbdR_*5WPoZdeZU6f9gNfFAuN6Dm7zp6gpIV+3Jj$+apa**VSuXwS#XtPqFWzwpcYF*!TT7nT)qB(|mg3HS*}Xm>-l2n%ZTp`vvtul69{?#B z*$r*GF=GKMHWo-VLzm@@thXxNARF2 zc%8@5zG9PRD4Vo`zA3!<27eYuAmxrA+)Hugt%+`eNLz^nQSZ^(M|3lHwZRp(Pe~<_ zrrPw%+B9dmMKDC&yPj2Pftq2EepEq_nB<%JBhlKECwFyca z)p3(LCcTSvzY=k6G(xZ~a_hI@mfsQ#{Wiq&Tf!kiIG$tG#@-hThNx!kKqIS9dDTnt zT=nGD4O$O&8^U}2AtFzo;iPAae)?CV+^ff~&5O9bHtE@~x5#?_3z#?D=X?ynUfB3z z15l*@$0`x^m>Tvq-+DBV&fHk9Ib8a#F?G5I?&{BrSkHj zl|Wa0h+5aVT!sAxYf%C-Z%m`zn{UIm8~dR-_wR3wWCjA0k20Nq;Ftv}fD_cFD<5y} z7(&*yWHF(pAxOOl2ti~X{y*a01U{>CBqY;P`m1t1ZpwR}`U|o_*HDJ^koM=?k zD5$}@L`997U~E}}Gl5KpD`;s&#fq)AsMu0V5tV8X#JD507{w|s)jI|)qCyZQ|L1w% zb7spVMD+Xn=cC*^_nv#syT9*w&*qC9cjx9uQ0_Hv=$2yszGEH<4kyvMn$nYvDJKKH zq3;gmJ9R01NwBmYI@bG7;@eb**0h;5*^jVvIt%-YiuZ2@P54J1&$9P`jL-Rj)~xR! z7OQe87HAY5a#>~Vb4*zXfh4^0DMNf+z#I3hrliy)#Ui1V2DSqH`3$w+bZcC)^c7lh zm%2&L!_pP<-6{-#L6IxAJra5w-cMaYQGjm-fPkdgIA!3}AjOq(!Ws=$p)c}63;|rX z{Gdg=*Bq))CU%2C0z9y&ejUSCEI6bu#!xtp9X#O>>Fv)byc?gN$}KDM?2~)!la508 zX4w&dz-5C@G-re)fc3ATF?dZODS?nsYm0H^sjf}u9*h^@_IyHyy%-@WO(*jiJ^W#~ z@y;A3f|N7pD+m(m6uByWsctga%QYJO1EHtx&p-^^#UuObNPYGBEpZ;mYtinKPf~e6 zu;~YS#{;DGW5Ps9j(8@22@okX?!?>;Heuxri6ckRxY9u}i7&xm9jbKr4zqspGu<10 zP0dp(5+eZzzezm)7SX_O5|O{tiU??`GQqPTnd}7Vnx#?70$R>@?=l^iG6srZzv;NZ z{L2c|BpJA62sx_ro#Ey8!U0cs!kH3HNAo854MH`q-XTVn_wQ=g0S`Stx! zw%+qpJ~)ER5f0D=EIf(N^AyL0@g~C?Isrc^G{nDoM&UF(jK!f) zH04^{Ra&yB)76bh{Mb`2BqzmzZad}!9iZ4VIKVkVw3q|T#zFw@$mI@#J>w{W52FOo zBEue#NR$lJRyYt6NCmTvMt8?9JMgVtZPqtO@YJ44qBxXf0)M=pW!{(Jw|8+!=+Ycg zXU`zUgJNCb_hBBt-BCY=vkW9HY2W9? zKcjn4AOq`DTa$f50c5Uz_B+{Y9JtZx{Dceul8V1|I%r3o4sYDIC#O1{Vr%!Cq340aVbB*rfNpDhL} z;0*2)KyaN6We-FS`RV76-~#st(pHpiKvEhJ8=kj+_K5x-xVQX15#{846#YZIUuWMt z=)@)dZi2bN?|be0ZOEVS5MSD0p41!s=s}r|~NzT5Ef@ARqrA3?u$+l16kF@R=M}H%X(s8{=})#@C`M z2gZdL-FC_eTMVFQO(G3j7wvC*rtwDJ`Ik0=`6AND#&{zOYvYZ`YiZ=ExIU(Djbmj;c$UDaKqrhRaZYJ=b&+OSS3wnuR(H$8ffHG$OJ!)enuua<%QdHGv4#@vuA;J zFZ*o@rzl&#aGX=1H-c_}XoU;+^J4dQWnJEl&r#qQ*uaA3<`~9d#sc{7{%3@p?}6IT zA=cW6Fl&NNymMV#CfSe*{-OU#vfAI1)i4(Octabq#cbqzo0?FsKlsgF-kIxwBJKuw zLl5cQUO2`HcQljvL?0+FiJ^$>fW3D-d)*UvFH%&L=d-tx00n;hocQrm;5Sgl#Eg46 zRP2B)W8DkdRrkUh_g4+6?q#6`0=3UKweuNje|LPGdisj)#a)*Olr@Yyr7}d^TipIcFQXUH2S`$7?B@k3r5}g3S4}>ut8~GsYGz=MY=e$c{v5w{|Mgr@kjOngNDly_M*@L;}BRzP4a)xSMiFfKiWkiY_`6HfDyA$*D zZ7iBW+sDcGV?j|W#450je~`C^2Q+chO0h7nhUlxku8E7HycYeqI9Wfwry^6ZDv5ri zxjSkA(3yuytX0ljAObLg=19OiL*_Y({KI9c2y4%`eIJ`Dlr+2M*fGT(`{FDzy}PBR z+W_xQ1Q7@+2uTpJ7V;;6DA(=?2Cm8%P<-hPnX%4r-Ts72Q9?BWr}mVh?^CexGOp_h zUY?DqcQly{r4FN`WoN5H5i`G$M1vAbIF>KfQ@3GfbL9udm;~fSg_VLT4MH7!h_ip$ z8T2R27{i~)NgD1?7HkGYu^0fv)`6ba4?!c4<~Br#9B(LK)p4o*7!%~JR7BaZt}CP{4n`hAsax1NnL6L4hJg|hwq)AX# zri5{k#(AJmVss}f3=71##$*EDr|~zmrFgEo!CYH>c@aRf$Ips6FiAmpf1qTm61}HS z2hhdty&tGLl+il)=z2@&DbaKtM%kOzF|top3Y=alN&zKHC)D6YBN2h^b_Joi#&#(k zYvfx)$6E6PA}(~KQ2|^Mtf?q+1DT7wZX8qpA{kVF<{qs;y3( zs?4UDHYLHB5NA>(fbx`T8+=74NiN<}U7dyHF!+_&E&W%Eim}iRWFx0>hI|^~-GN0% zS7E*gFS@b3IywHgE&|qO=+NDEuQDl@Op=DsWbc@iEK;}K#EML7pa5HoRzSehQU2%e zSjwNc_5TIszmyDkqOtEeGyiWv=Es+~M&FJdGy<|W_h_mT)nCqt!gTUu_}9HXT-G}E-1&1XOd&+h-TOn zyyH1~u9;lG%FL^S82n)U=$MCM4D1kLBLkm&DUpFX6>C`MPA3^_MToFWN3L@V=ZFwt zK80Kt73vPenAf2~b??VK`bvdLixMW!%0!stJ^Uc{>q<=8!6odp%dQ(wp)xbq;1vjM zG>1YJ?8vO&jSJpq{*j{LRCRJKOK>9gtYZ8^fx~E9ap$x6B4f=bjoj)1dr7>|`FdIC z1#i>!{0MCfDV0~;~Djd_cfzJPuRMB!WisPRI*Z&g{-|dt1BHsVsR>Ze{ z5fkzM!`S7$PXF{n8pSv#_55GvKPva zrN(XGlqqnTk)mwo%qWX-t>*T=ovc>S#7Pu%3Nl4c8Ux=n_;okkt|bvd(Z6*S?e1ge z)nceiL0psmvQP(w@{K0(m27tD zcScL#4y1NDGiW{Bm#n<>0)`>iAE9{r?6uFZMIkjnIx-Z{=>plN63<-*sgF zix7bDCc2ha$%kI@j;K_Md24PX0YKL({tU+x@EpEtYg5)rx06N#o@aagIU9oR4Cw1;CV3iu=)O#ld2iDfsF9N`Np;Sn{ur>*lgc!) zzY%a`h>KXFHv*eFAuJwmOmY$|l*AigcJF$hk|MCVA2;iAR%GU#fyNY8dI};C9oYV+MF<{+IF?+}_ta z^EAMLyFT8~O0t>HnjYgFroDxD_9ep2KHkO45EdcaTt&)4#OK9DyyXrR@i|7s`RX7R zb3A2d$3dV@NLY;kVsEDK?h|5w|oRco;!3HyCvu!usVaq02jcOiiH(!0`t4j18CMVN_Eb zK>dgSe$<8SNdV%|yTp-HlI5mFNgzZdHx4^4k~BjOGnZUBe*+$X5Qhg*U<{snmNMi~ zg6YSEXJF3+tK;BD$~06?HfogCF#{e~4$9BsZ^yIv-FR4~Mc7GN*fY+#Y$LcG(;>Gi zEB30x-ctD8^a|gk85KrQ<@P@~dATs+R7xoDZQ&K?YX;*J0rVANx%{a_0ikrt_Q?r@ z$)x#To=u`TDB5h;K5Iv8KUbPnGV4bq^Jh;cHrqumb2zvX+>XFUaxB5^m=|%65(D!h zp2yo10Ka=$0W63`q%wflCM3X&CAlKy&udRY(G+5;M4{D>3GLBO^a$;x*nuPko}WLV z@YuA4guSy1Hwqls-NnF_u_Gbrsp;m#JSdVb-J}?iVR)5ZfcP8RTLa6l#fC%9E^xuKL>@P6Z zs9>zoga;MjHU6P5RfPZL-}1J9**7N#hP=Tt5^iMTc7X(c6{W9wr=L&$7$a(9H#-F% z9vAaP#a!pL`D5$rUp}y~x?W!p}!7}9=*Ghkm@wiWg{(;XAp}_BULqj+8Sn6m zo5%Zf9XHZq9+e7OREh8S2L-ErKo!i#s>~~+U>BbrS1@@k$X;daia{3gFpo9G6wLO` z(nFD|U=zew+UQs@>8|TZ3TXO(eUfgI`CVtDKQ+d5GhYUzwwrmZbSVJ7c3^th`3Hrn z==RpwQ9GG-O}0qQp#8S3B9tF zxXxjKxC-&1g*XM?M-<)~!dp#vtJzGgFRbk~XnSCEBMYK&^wD%lk^#;R88hO=G>IY< zgA5~_e+k^Qkv_zLu$HmGcxcHS7O+|Y`Bg`uD=wJ{)Py0y3a+SG?mjaV=#(a) zlenI`yl|l|rpuuyOx+-zsqg}wgyfhjpx-EMs{D4yJp-&SO(M}|2Bc?+Lek+DH!|*U zH6{5}|7O7~0IUK1Ecqb;E|x;c4>Oa4^EKel*b9{&gFBITP95k7W2e~1tnTlsjMa^i zSb>!4h4HD3Xk%L{CH6R5f&`6nt~z`%7%{X>xfdD))SHw5`GOrT)F%r8h4>D>%nMQY^>{&TzR6F_TM zjCcIwT%uN9r>-F9aE?Prs*rcMXC3ywz}};oBB@*JNv*^EY_#b1w4Xq3-hiD;kQdpX z=m1VCO5PtBd?CTRE(@M|Zk#=hD4|Lc*9M*)bn?EmMpP5d86uSKOV4bT?jdYKIcA`M zwgtmhx9?T_m_6m_rqoe zge)14}?x1;iS%zcQiySk2K>pnhn-zqe_wM8zlhpStRb>#w+J-1w`p8+ZMo z-X|t!Upck&msiy9=UqIxA9ne=ynYWdb0HeY$Ny1TIUL;9xBf`)6DOf)eVw=Ibkv37 zeNg-t@#3<)e6@6bQTz}se)Tx1nMIG&qVrKJ`}Wa4Yth}jP1=Jv$^UfiO;=xEH|{b} zaGQLVjnA%#f5uG)qP6-N77olu3>7(vAYEA!FEoIK&d@@j)mYl$Ivnod?26*UkgmYm z$;)YUg4?pZjtjP%hZo=$50UdJ$DM+I^A+BvBl%0Qt*g%gpO&D7%&03pN|F}4B8dPj z9al?+jsru#H5(x)d9S{~+oY~kNPK<$MAUL8Yf0d?x9NAR5&he14aal-{rx$fz~4AE zV}R-DKEZ9f)ff9B2l$@7;kv8quDGtY&R6=Lw`m_V?_GRJcH_2Ny-oe_13*40sD8(u zW2|uWbLmKK+pYackZZU0zw=*ztc~_R;&=b(f0YCMqwiRL-Nq=&=bZ8_cLc_^_T2M6 zxIW9r!9QcW-CyVEp6BqSj11v`59n6RqgN6R=u{bqHuV}qv^F!xEs0f=W!VWR%?p?laV++=Vf&2o}*(Giw#R$6sBHA_eI=zNurZ0~KdL%4HFM-txI ziFnfhOLp{n+{BeUdb~dG8+{$%$7vXK_%m+9hVy64xJLhmUND0u z-5T6oa;7+qzv*Sv5crPgu~J_`sFe6=9s69t4aJO~iWol?p{G^z1bUtzObOS`g)U=} zi05EF>6t52Orvcf1s?l4raio(P-^}F116-U(T z%5h9I0?Cf73Hy`tK9tTtFj&cd&c=s?EV!arPe(!v@s|>FCcK1cO8*jbY3fcx6Zv%q zE*-~dgR(H$I z)asVRs$2O+m+Hc_Ev$|Maki9j&0%~-Bap!{$PM_`Zy|ATi0a4-|{ z*y+n9oAR3>^>`D+5i#yYKkKwLneXvUF8N)c6(-r23BOA2OR@o|j9Qk-C(=>DtAQ%M zaF(3L(at=6+r z5X?Q-eiA8%o*nXqBwv9q0>+&UdsJ2wH@F2jAOvh>LF}FdV~qElGN1W2uVuc{wuwtL zERWe+w?CocqBP}q5I-M^879fy`F%vmRBK=b7OrH)Q zF)GYLL*Kx7bi5-L0BE&=O!Uq$6~;dl$6AAFvM7!5iaL*CK}}={c0!+(S^SC;@hdR+ zRRh0C`}iU^0_#%dHXFDp*tCm)TRUtL5eTlRT<+d_y0BxCLY$I$)VViRT7%Etu=8a zcD<(wrRV2^(g!Q034XS0&w?%{c8Xrs!6;$MlrIy1HcrF>6VwV7PNBzbN)Mnl9$11W zK$S)%1+;wH+{Qx@a!vKZffR4#5El_SZ73V{S<75Qg>aj zwK3qFp6M@LHTe;;RYa$I-Yw>aIHZEWC{id!%)=O0{6OC{|B0nrO=C5Vl@j+ zrOBj!IbEd(l32-6cj6TF1E2D6OZy$1Qr9d1o9q;FYZ|YU1VNk{=ian8X#6UAQVH6T zC=X7ku#)7_{i&EInYw|w8tzXeITy!Vfp!U>b3$#WBqE@|oJH|({NSOFtG!Mg{5JZ2 z%!5gaTU@BQPn+0rbm|88qX8&0nQ|mlW-}5lA$XOs4 zdMc2p$`|g3gW6wTfY|t=Y_jNmsca;J*G*SFq>uwfZKE7%(XsQi#|QX;1c5{)qjDoT zL9Hd9wFI@6e2zf0@gCWp^|*pca_`!E$1|WN-ij0jud?0E_b0UitjY|wK3-8>C9eGA zeU-hB7zv!Zf`W;4bexyL`X;=}`T%S6YKm~|`6YNB&BY_{;{46a8@-`NnMnXqTUa&6 zPvna66JD|Y{mMABT73%dZLHLBP*!JSZ z$=OPn`Wx9`1GBh|qy#7<*2M9=a)qUcyeBzIf3M6#EtF$WQ<*nIcPQ#L^XyiE_UJ0R zO{1sezecprdQMw{FiRku^UPfo^1Nqx31>%gK7WOxU6ml(h$9@&J~5ze8-#o6eMxYG zu9d#<$lQo$zSMG2J~Z8k_9zkUStJF}p&_-RJx z%4!0@njqQ`5;utFBHG9${P}mH`}29($p&!@Y3Rke0lpWOL0dYb&q6{as)+srcXFyR zUp^-<_eJ_d_6v&UGLeEFQZ1-L{aOAi?GV?=f222U zfZPKY+5w6sZGbOD|K0n&aA`lYsT%QXDe=HJtTMQvit#`t@L-p0?+i|RASw-TMZgIYx=DWQ z-ZoQqVS;U|4YnTGoVAZHJRG9W@S9GYK;^r8Zw9&`4eFE*0lhz7AacWc7}hg&8>^dC z=W}k%M3gz@kmkYo-fBNq7_bnm+7eztpK8#jW;s?_4;V*|P}zhd^m$;5;mCW-X@7+y zT=osC0%6Ctoe^7MmX!3z>^eEwYxwwl9s*Srq8MGXSTx1FU!aYPFmyhGJR0&8} z0l}9ps){po?00Kb3JL0% z+(ViJ`@M;Mt)RZq$H~-hM^8X$14QsrixUcw^#DS+5yR66?SFKg{t$Q{ z$Y&*(7-QV6g;Xl)+W%ps(zQS6W15{~3v#A!y7P1s&iozPid1YiiuX-8^cO47TfEaG zP6D+noA)3St9_j>*;&NF4>En|u(KONsX|ZTcq4cN3JG(uVJrCHmi)ZOOv!WY&%?9? zZ3y9bs@B*{$@M8hnW+MxAjgv5q+Jj&e98W)J7)`*9@9 zpj&Q~bupoJ_3skP62a2(eE2BmP?K4FcoZelpPyYC8CU6`n0Dg27!gB|m0(v9R*r;t@Sp7w$+>?xU*99?x~k4*UyCuW5$i5zcU6tB~eBVe&e~4?x4>%S( z@ggAxX|6Ic2%}H71cOSmseuT@)II;{SXzkQLZGIKN5?>t-Hu^mC#LG<*I6L?Z!OW2 zGGJ-aa9=edltg@YZJdw0{h4bP2of<%0Q_RB?%%5#b@K7 zaC~lBkvouqs-Ootfnw}zgS-H}4lKdK{$p&<4wXr-V;*nt$5h&Uxtg#M>Rk(i+yF6? za7!!!V{*sym)K%Q8;H64%}i20%Y1ZU=CM+AZ&*41c+a?$f3%a@i2G6>@b4dK`RARM zmY%-z)6o;_t25mFm;6ZdEQf^u-_!Gw^WugFT0}eivhxG!`OC~6=y@^nl+X!i-FPyT z|HQ-yVuv1#M&*o&W7BRKlg)nEDu>go+OhQ*Z*UsL-D#dpb+N|8xu{Rqv)!XUC$zT| zW88?Tp)^!5O+dNQ_hj6Zt@Uk*YRr;}GT-#IHZ5k)u*V!tni@CX(ANlZGX<*jW$(