From 524d66775b6a1c413cdba39a7636bddde9bf6354 Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Sat, 14 Jun 2025 15:26:04 -0400 Subject: [PATCH] Release article: 4.69.0 (#29530) Co-authored-by: Onasis Munro Co-authored-by: Luke Heath Co-authored-by: Ian Littman --- articles/fleet-4.69.0.md | 127 ++++++++++++++++++ .../articles/fleet-4.69.0-1600x900@2x.png | Bin 0 -> 54375 bytes 2 files changed, 127 insertions(+) create mode 100644 articles/fleet-4.69.0.md create mode 100644 website/assets/images/articles/fleet-4.69.0-1600x900@2x.png diff --git a/articles/fleet-4.69.0.md b/articles/fleet-4.69.0.md new file mode 100644 index 0000000000..e26d67efec --- /dev/null +++ b/articles/fleet-4.69.0.md @@ -0,0 +1,127 @@ +# Fleet 4.69.0 | Bulk scripts improvements, Entra ID and authentik foreign vitals, and more... + +
+ +
+ +Fleet 4.69.0 is now available. See the complete [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.69.0) or read on for highlights. For upgrade instructions, visit the [upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs. + +If you're using GitOps to manage Fleet, read the note on [global configuration in GitOps](#global-configuration-in-gitops) before upgrading. + +## Highlights + +- Bulk scripts improvements +- Entra ID and authentik foreign vitals +- Secondary CVSS scores +- Self-service software: uninstall +- Add custom packages in GitOps mode +- Bulk resend failed configuration profiles +- Turn off MDM on iOS/iPadOS + +### Bulk scripts improvements + +IT Admins can now run scripts in bulk using host filters. This makes it easy to target and take action on hundreds or more hosts without manually selecting them. Learn more about scripts [here](https://fleetdm.com/guides/scripts). + +### Entra ID and authentik foreign vitals + +Fleet now supports pulling user data—like IdP email, full name, and groups—from Entra ID or [authentik](https://goauthentik.io/) into host vitals. This helps IT Admins quickly identify the user assigned to each host. Lear nmore [here](https://fleetdm.com/guides/foreign-vitals-map-idp-users-to-hosts). + +### Secondary CVSS scores + +When a vulnerability has no primary CVSS score in the [National Vulnerability Database (NVD)](https://nvd.nist.gov/), Fleet now shows the secondary score instead. This gives Security Engineers better visibility into potential risk and helps prioritize remediation. + +### Add custom packages in GitOps mode + +In GitOps mode, IT Admins can now use the UI to add a custom package and copy the corresponding YAML. This is useful for managing private software (like CrowdStrike) without a public URL. + +### Bulk resend failed configuration profiles + +IT Admins can now see all hosts that failed to apply a configuration profile and resend it in one step. No need to visit each host’s **Host details** page to retry. + +### Turn off MDM on iOS/iPadOS + +IT Admins can now disable MDM directly from the host detail page. This makes managing MDM status more consistent across all Apple devices in your fleet. + +## Changes + +### Security Engineers +- Added vulnerability detection via OVAL for Ubuntu 24.10 and 25.04. +- Added ability to sync end user's IdP information with Microsoft Entra ID using SCIM protocol. +- Added ability to sync end user's IdP information with Authentik using SCIM protocol. +- Updated Windows 11 Enterprise CIS policies to version 4.0. +- Added new Detail Query 'luks_verify' used to verify if the stored LUKS key is valid. +- Added additional checks to vulnerability feed validation to prevent deploying an un-enriched NVD feed. +- Added SHA256 hash of Mac applications to signature information in host software response. +- Added `FLEET_AUTH_SSO_SESSION_VALIDITY_PERIOD` environment variable for overriding how long end users have to complete SSO. +- Added ability to execute scripts on up to 5,000 hosts at a time using filters. +- Added ability to run a script on all hosts that match the current set of supported filters. +- Added a new API `GET /scripts/batch/summary/:batch_execution_id` endpoint for retrieving a summary of the current state of a batch script execution. +- Added the endpoint `POST /api/v1/fleet/configuration_profiles/resend/batch` to resend a profile to all hosts that satisfy the filter. +- Added a starter library that is automatically applied to all new Fleet instances during setup. + +### IT Admins +- Added ability to execute scripts on up to 5,000 hosts at a time using filters. +- Added ability to run a script on all hosts that match the current set of supported filters. +- Added a new API `GET /scripts/batch/summary/:batch_execution_id` endpoint for retrieving a summary of the current state of a batch script execution. +- Added the endpoint `POST /api/v1/fleet/configuration_profiles/resend/batch` to resend a profile to all hosts that satisfy the filter. +- Added ability to uninstall software via Self-service tab of My device. +- Added a starter library that is automatically applied to all new Fleet instances during setup. +- Added `FLEET_MDM_SSO_RATE_LIMIT_PER_MINUTE` environment variable to allow increasing MDM SSO endpoint rate limit from 10 per minute. When supplied, this parameter also splits MDM SSO into its own rate limit bucket (default is shared with login endpoints). +- Added ability to sync end user's IdP information with Microsoft Entra ID using SCIM protocol. +- Added ability to sync end user's IdP information with Authentik using SCIM protocol. +- Updated Apple MDM enrollment to skip webview popup when end user authentication is disabled. +- Added SHA256 hash of Mac applications to signature information in host software response. +- Added UI to filter hosts by config profile status. +- Added UI for seeing custom profile status and to batch resend to hosts its failed on. +- Added filtering for hosts endpoints by MFM config profile and status. +- Added immediate cancellation of profile delivery when a profile is deleted; if it had already been installed then its removal will be pending. +- Added ability to turn off MDM for iPhone and iPad hosts on the hosts details page. +- Added ability for gitops mode to add a custom package on the software page to then copy/paste the YAML needed for packages that cannot be referenced with a URL. + +### Global configuration in GitOps + +This release fixed issue where SSO settings, SMTP settings, Features and MDM end-user authentication settings would not be cleared if they were omitted from YAML files used in a GitOps run. + +**If you have these settings configured via the Fleet web application and you use GitOps to manage your configuration, be sure settings are present in your global YAML settings file before your next GitOps run.** + +### Other improvements and bug fixes +- Added Neon to the list of platforms that are detected as Linux distributions. +- Updated scripts so that editing will now cancel queued executions. +- Warn users of consequences when updating script contents. +- Improved effectiveness of app-wide text-truncation-into-tooltip functionality. +- Prevented misleading UI when a saved script's contents have changed by only showing a run script activity's script contents if the script run was ad-hoc. +- Stopped policy automations from running on macOS hosts until after setup experience finishes so that Fleet doesn't attempt to install software twice. +- Added tooltip informing users a test email will be sent when SMTP settings are changed. +- Added copyable SHA256 hash to the software details page. +- Added device user API error state to replace generic Fleet UI error state in Fleet desktop. +- Revised PKG custom package parsing to pick the correct app name and bundle ID in more instances. +- Ensured consistent failing policies and total issues counts on the host details page by re-calculating these counts every time the API receives a request for that host. +- Allowed Fleet secret environment variables for the MacOS setup script. +- Validated uploaded bootstrap package to ensure that it is a Distribution package since that is required by Apple's InstallEnterpriseApplication MDM command. +- Modified the Windows MDM detection query to more accurately detect existing MDM enrollment details on hosts with multiple enrollments. +- Created consistent UI for the copy button of an input field. +- Updated the notes for the `disk_info` table to clarify usage in ChromeOS. +- Fixed an issue where the cursor on the SQL editor would sometimes become misaliged. +- Fixed slight style issues with the user menu. +- Fixed an issue where adding/updating a manual label had inconsistent results when multiple hosts shared a serial number. +- Fixed reading disk encryption key not showing up in host activities. +- Fixed a bug where a host that was wiped and re-enrolled without deleting the corresponding host row in Fleet had its old Google Chrome profiles (and other osquery-based data) showing for about an hour. +- Fixed an issue in the database migrations released in 4.68.0 where Apple devices with UDID values longer than 36 characters would cause a failure in the migration process; the `host_uuid` column for tables added by that migration has been increased to accommodate these longer UDID values. +- Fixed issue with GitOps command that prevented non-managed labels to be deleted if used by software installations. +- Fixed several corner cases with Apple DDM profile verification, including a migration to clear out "remove" operations with invalid status. +- Fixed a bug that caused a 500 error when searching for non-existent Fleet-maintained apps. +- Fixed a bug where global observers could access the "delete query" UX on the queries table. +- Fixed parsing of some MSI installer names. +- Fixed a bug where deleting an upcoming activity did not ensure the upcoming activities queue made progress in some cases. +- Fixed a CIS query (Ensure Show Full Website Address in Safari Is Enabled). + +## Ready to upgrade? + +Visit our [Upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs to update to Fleet 4.69.0. + + + + + + + diff --git a/website/assets/images/articles/fleet-4.69.0-1600x900@2x.png b/website/assets/images/articles/fleet-4.69.0-1600x900@2x.png new file mode 100644 index 0000000000000000000000000000000000000000..f57043a4bf0c26e0f4320ae6ee030fb9c3d421ea GIT binary patch literal 54375 zcmeFZXH-*L)Gi!~6lo$#hoBqZEqG|sK@^ZG9jQ`- zAiab1PUtnXXmxvO&LAqYeb z2Z6{bD9C_MFeduqz#qz&D!NV}5aSixe?)g5{<98zNaXZT`8FuGoqZ8_Lux7iKpq6j zM^GI-Jp%&u9NoPm|Ja>qc|@KFbPfa(ELx9H!rtjEL-w0FB^~0H{&VTt{CNqy2)hdZ z@7o4SuK&JuAg1`wTWCCp_&;yY@xcG{4)piYQ)&Da6TvM0n#5m|_!}h%-tae=o=W1c zN&Gd5ze$o{1Amj`sU-fI#9xyD{Y{dmM({UD61?HBN&Gd5ze)1c2L2{VLRk1~5`RtN zZ;~W5Y<>N~r|0gAs z@Dlg;Uk3Pp-~Ph`BKpsJ6}A60nh1*rk^bjfE=i*QHOFuy24*CGF8B;7*Pl1Qi@zKH z74=`^`tPLguRHw>Ab&&V-z4$hEcrJd|3x5wG1p&|`Jb2o{fn#rRua(v7{uSA?Qfa- zw=n;I*NPb61f1=`r+zmvZ9^~DN%k&}#+Zc+ewhn7GWrmKSjpk@g+2K%iy9iT_ywJ8 zC%wO2u?h}t*K^Kc32sjud$O^o{B*-W!o_ttnnSH#5$0|5CbeDO-fN{Xh zO$lb_vF&y<4_k>I`t)^Z|6^<%qANxmHE_t2W;WjNt8T}D;O{SA;7Ww#g20JX7;5N= zPrdgxZBoeY@DMt=$*r_$ur)`p`epD6<7M>V!>nGa$*r{_go+&^=^ zVjn%ONFQbl?Vp(M`Ccwg_M-es?*12q;$a|NHS5Nfl#BNbTABSPmDO8A z6Z4OuJ3R!M{^P>eKCv6%dLn? ze(bI3hS_wUuT<`^r>e-m=Vp#=9-|#@HeP;rjsQNal<<;|kkV$HM0#f*&Ul+Yyz#1X zJ!ki$-0=CzkptX{($nj(dxZ|Tln1Cv-zh+n(K2gQ7f%>}=%L5G(jf7pD3W0N-l zlVfSRH9!BUDr(Om?Fq?HMQXk(WlVOt=dA$9vA`#rHWPC#Qm(wCMl(TSImSEGy-`R7 z@!X)cs;tXdmq|U=m0^}Nf5@8C;|4o$8uS?z>*4{C|N&{jFGss!9J(`NP zM4`YI`A3_j{r8%%C8A?8UEcI6%9i}TPY>-I%3+>55sHU(HTz3(YZ=B#65n`YyGYmu z8WiFNkOlqyy#5w;IU7MbMvR6WD;v|P_5`A#TDbNje7ii)hYz!$_o$kvJ~Wbk;Hbs> zms)AVd!JeN6wK`fgHbkp%&fig8f5r_MQ`EL4Brm(15J<`OeSyYWMZVl;g8u3 zoje3`QMgI%v}FljqK5+#|9Wu)*@pEMi!wG^Why@uV`{y^FNks6;SRfuK_in6ANJ<5 zzZ2rS90oY6#6fqi6`66hgW+$Vl}OEJSC#xp8TOV+wOY%#*GjHmz^gZNq8rpn>RV2AjNh*B6$of=0+Zr#h5Fb%{?Y16^0d zf%?ynQPOOs7$cV{grXv;kW==Rt429Sq}^S*K{?o^*2wn|#*6eSlMQ~dnu;}|l_lG) z;I+qhxUiqs3eZ^tNJW4K`~|gmyk}!c1cG;8pF$vfzj$sSKe72b-7Fu_S}PoVxpo{G z1YtCEn;*^J-9;$&$$WEo@Vl@Yl4+&j#$SEQ`@!ilpvQQ#RGDw;Xj8N_cBv_@No92C zsfo#Xds9o3^t?}8$(=}=vVeKrE{IF zw4-rpQdrYPapK|Yn_3#L!Kk%L>Db!!D!My><+Qv=E|IDJ_S{ayf6D2_s^LWf85a1G zubY=qQ0zq#;+f{_nDZ7NmDF3C%z*_b@!;-u; zy3^kt5T}$x4ktuir?Xc*^==DTV{>o?+OlB^Wl<`ve6VHDV}w}cE(yM z?evAe=^(72p^bOM$-pzgrj)6=JNB{+RrRw$#(+yhMY2qH%+~=W4B1wcmsSUKWpkE0 z82+I;5=XUFS=QP|`<5LuqZ>vEwLmE%e#Im@Z%6*=AW(9`$9;!NK43gs84zgeNlPpfvIM z!45(ZwR#m9xF0gMxFp?v$JHlJjND!yyHUYi zVdq~}JF=?#KXrbKGR`?f?z5P_RkfQ)`@Q#hjaz>yi>cDCFSd3;#ao@sy4B2SEpx)o zki%}3@>C2OQh1J@9+aMijy>O5k6CyU<96|j{onx*<>l`W#MU-jZ&|0*fB!uO^B{;W z;yqsC@ASrp7M5Gtq(mNKA9$>(b_AqMj2?*Dz0ZEZc1|k3b#82x@B}XdZphJjF3bKL z?8X-_!*+`ZEt~$Pz{D}!6SIa&L!E|HV|EH|md-9kXHK7j>QX>~Fc+{;EoM0rCf_gd ztkHS{`7rQSTB@+Im7s<`CrLu9KS4^4ap-)BmXv{Gdb<9rtvJc3HO{t#SjwoV4b1(vv(R=+ z=eah*qP$eN-CzD}W4{Qmj2;T#U+tQi{9y7ty$PWxM*MawPKy8kSXSgU#mv!F;}GY$ zXKDUl9#kg^gh>kVgCvuV!!hcFyfJ$T@2RHC76@+DYf~R1sJQaLXQRY`=Hr2 zymSEJq@a*6QO9O3lvE2qwdcZ*3J%COo`PX)!1&Pj;P&`XABI($(_IL5*5q2+^t*^+ z#-J&jj7t&txzo(=(CQ+-f?)s+R*uL${S!EZPTVYXd0S;uO;}mqbjoDx)*Meo65ZGe z8dFKd)q$Xdw$H|NF%aagadoT&P!a1K4{?|qi)uM0e_6u#Jqe za;uBllRhljLENT?vAb`=?g;bs0FOO0Cd$VU1b>$>SUFWeEw^HY;pH(GDSnCHLa|6MDAsY||J=+upl}HJUG4al&FTOvwI%A z?Yi$OyBWe;2&fBvY?yaPc)xwD-ogAo&L@m>zOa^D`(os8XH^mZQP{9H0^0JT19oVH zr~T!`Po!xkagxixpgEp;lL553&kg}qCNJa3zpi+0eBA26{0I))(DG!F5o@S z<^a&2xxAp-f#g${W7OK%iKcDDykE>H09e^r-y$b?Yw}tAGE!z0`qQ(J95wb0HFB_h zP?dD%&b}H4ILHv;%{})lljXt%ht^ey*FTwaS<-t0-0!bTNs5DwJ$Kipnt#O+bfIy^ zF3U3)n*c~jWv-#R)N^NSvQYC1Lmnd)4~M2=IuFm(cJG~SyW#U%4;#Q8J}8@=4sFp# zPFowlJ}@{OLe-sJ9`oGO3x*g;dt4`oI`cLz_I(z`I2K>Vq1hyCK6m@Ck~>-tI5@xN z`8~cutQ!mo?0BrD6@r zF97B}Tf&AkVE4nZ-4_5{TA<98Dx5w&ew?~@}~UdVqSmh?U} zQuC}+5C29fwpbRY!Dr5%j+b#UDff5Lm&f$YDd{j~0h!H^kJ6$HZ2;g-WR_%X9o92L zZ|3p_8BT|9^d%fl7l)?<>*BBEOuRauSMDpR2FnfT(Lu}e+N#KeoQkga9vyN3+lt2O z(raFjSIqb61`w`LTwF{jQ_bPZ8`zq$lCZSTob3^M;f{~y^g*lj;s6xmzL$co#~xbC z8WEJ7Q4p2YZ{K>{e*pygAxVwd^tP?El#@Dil zmnZq<;sufi-COyG9h~pKKkBI+0n#?|Si#10#H4y$H~#={pVgE#!UR4faTybj^>^Ib zkmc%g=sE1hXih##e`RNfF3Pp9Uw^6`F`jUlR5BlMIdl+m3SAfT#g47=GAFYh!*N3E zr!KYjHYB*lnHMLt({({@cyov_qJL%kTMq2+CUTYZS{*_bQPS5@329_i8CMoVik2SV zQ@DL@5=q|EeC{&^q#D~|C3DcCZffm%ldw)~2#|q58NruH7dhk@*w$k5jE(Q(G}%I@ zXEyUyEC>vKm`_nKm!?0pNu%H(h>Pf5(XNfC4q3hrryM5AGv{mDL&;xXt?I2z+1? z@qAQ)%fGqTTOT`SM<6%uT07kVdxytruC+ z#We%Y0pora00%A&sInw@2&XO8BJVH5%*r`^myOF9eb#+*IF=Eae65!8A0=4q@89ps zqYDWp1FcV9gpo(=uO&>a`7^nl)-gBPaUry`H&Ehp)o%aJZ|8>PyC0NUj+`kRfrJ}o z3|m<_XYPE^2LIyhmKWSwUSZlpGtf9(>&IMq&{DQsko#t9L;xzLfYy8l+e&4c8h}lw zfIxEbkRx@vrmB&(;DUp(P@ZXH>_>TOfR+xBo?KZ-6b~;!6H>(Z#At7v+-8xy^n|E}SZ@MsP|M4+z?x}~u zsnl_C2K0mcVYZL=V(D5|65*R5)st@yOUiZ~)^?@MR!siHyXXL%C4k_2Ma;ezlpP4z z$v_W>g+QS8taoypM^ip^g#2m6g%dvrH1CXR6K?{`9GPTuEEB#=&Of2=DEKlOJ(}k& zw|daPe@X>thUi z$(p8ehcW7XB!9YEr&Y(r0@rWG|Fa4{mw__EaNI1c8WH$`7UMRZz!vU_zjPhgNmxIo ziKFm{T|bI=f8mq-`Pec;{eKOz`WHZN%EWKb@0Mho3F>qe(CqGRt>98z+>H`@XJB*Y z>o?w=OlEB(QLZpnZ68rOZNqn$ctyC(U&*{SxvFkb7UNZIDRJ($kkd2Axp?e;(q6^! z-mm-Zzv8j=Yw@prAwb9Jio@(IlNKvp0DuhOoAh|q@%nu)v}`&vpFj_Mh`XSYlyKbN zh#&KLM$EWZzy-!>~U_D?4vcF*E|p8 zj1Fglh*qZl4eB5`S+Xnz9N6ZI>(tDm!*WVZ7tCu=(4NAZ`f5EF!tO}XLVsrgVcHf@ zT-&@PV|71X$j9J5#1Z?^XPL++iS9Tlmk;c9iSuYSC~_ncv6?}ukZfCUY<6#+o?tCS zCTLT>Hm5M}GsCjBavm6IfO`;Q5H-oC z1~<@q3~w)@2Mx)T9S;|N-;L}LrYJ!3=$k5z+wE;hle9n&2}WMTgx}&q(;7r>41(G- z9iv?1bZkX-`gWAvEBmJuyD3d|{b?BNXmZLuZGOmP;Tc$5Oipqw`Q8(=JFpHuzpx@; z;pwf`L?+UdFVC@nJa89$mm8KV2}XA9PMEzihX-5vhprN?;r^7AQxhw8c(CXk7b{kd3(e}>4~Jf2qO z-xNG*O;YQkxZNsQY!kXm2x3+W#9V-(v`SV^e?z0au)J#VGO~eJNv>_Fxw{$cbr=VV zvh|Z4OVJJr$nB5$PaS;^|72A_Gc&U|ef?5c9LB;4+I2kXVM+KmGdg{Dfi@GI@!uS9 z5@g=#4K?gBhup@uvZY_@I(1yzrM}+tHLi?8N1BmDk$h^>|GbddYhD1<4b`;RLjE2S zCIo*g2%aug<{B&-y&w%S7y@K|Q%{}@Du*@3)I>J@>$=m0HGAkiovN%jFQ20c_1L7G zzK(D^&^#o+&{c;>V#A9T;LXcAgc3+@$vGD2=}ch(gc;p&h?VI6$3mK!0(+mUiHja$ z!#^*kgC8#RBdUIWYjMM%X3#w&Ng?(ab5-bvUtJi@!ktm|n$;371?V{bWiun7U{g6I`C$K~_eHU@AeqiyvI)<>9WBRk@2UKF3HClQ(I zzoau9`ABcmdrxHNT3NEJmU%61-djjLA7-@?Mlf#bNL@CLUg8IciP|7OL3z&HZUBS&*o0-LJ6x6NmZWbYO=On5PQG?J(Uo zexA^-f*ay};*HSSYd0NYE{kZQXhii^y(U=#c}OUq8swjrTp*sAcInRAd`Us4IdjrG zSw`0o%{0YTU#!{6r9*~@j}zkZ4>o)Ve&gVdd}>FJ$?(Kx_e?eX>`CqO0c=pGj(){t zH=n$LXH0)JjUmu-_3kV!%)Ax3&t%A=W8mW7MDRFfI9|-mEEoxIQ!mjQ-bX&L3)6dG zaL!Wrnrucls9OyeF+TeCVu(UEaqMOHyFoY%x3Chc)ozNXVg`|%i1{fHfkHj(f!S9a zb!8>2e@&6EWdgbH#G@!(KDDht%xbZ^>?j7$)~(1rk7+(fNE^2#@PX`H!Evf#6|Dcc zgS#?HG|Ag^Ouowj>V+wE1X$U&Gb2&bi>U`w$+^MeV13bMk}5md~SPHNZH50y)N zZx671E%$)?-mPK1030eXQBPsD$A5>drxEqqVR z@IGYeK`mRGgf$lKDdlkBph@;Wsl*o_Nzx=7HYsZpIlLC^@6fmPWAb%af`7uPds~AU z(v(=N{$#HM!33Ph6*U!T6*YRzgpaLOz+T~#h<1Nv@?KTTd3sGUKJ8pWqc>UZWbt#L zp$foug6gGdgFeLo)?PdI0MfmY;`=QAr9n}7Mf6Ps5OoQ`Ndt^m&?EC^zba{O(+y&- zaN2eCWJu#&O~!+;j1U zJjlGUrH>%cUIfk`J6|f=mh#4K*k3nNXt_Yc)Ok)g4a}7DV!x#?zxojOZ%E;K3eEyS8eEUAg6VT!G}6IXPoIYRoS?W1DwdWg za%g$QpYC^ZHBKl%lK7lzcDtw`F)=6q*-H88W1uBfyoHt73A~^qD_Lo@leby)n8Y$^ z&;eU;=Ge9kD-*md0}t|&Crgg?%AVfpupMGnEX3?bzp6sHdS`@3*@K1(L{FE6AK;CU zbu}i@(%oWdz%*KeCx;WHTZ8!@wognv(6WTWk9sCQ1fkp|gYFHg9h2Q| zH74(^_v4sOjdZa;hex!)^6(E_crR=;>tGa^(6}&S^xLSJEUXw%f*v+2foP|5$m32? zL7Qx&7X~LQ+#^Exr(>sL_&Z3wb_bh`@6hM?JOr8Bdm6b9ZTRU}{m7e6lcbYoi$(jK0z+z%-B*beE5Fgub%t9`cRUA}?S(K6^cXj3)_i zJR(_~$C~S&S)7Lhyaka6YtWG4-j+b)Fb|AFgDza^Dk04LNW|x(2ZhU)<5Wg@3n?FM z%b)CjJlCAN>S6U~==nqCBsx4B2^zrxV)+`&5*fBEPJUMs6}^qY&6plmt9`JBU1wh$M7MQq)wRk8JT-c^I`2kC;4oO^B%&4&-Jw#c(Lx;a>d6N{ zstdfG&N-~OCDCQ1Ukm?JTM)#jMy1kF3NGWrAtk*xjA58vL?mK`AY_mgDSpkx;i@w; zfbyD3!DzLj^ZZ449NsunQy3bAoVh?$# zQxs>5eX`rR_vs=4+FGQOf?Ru!k5o7IE&hLt-ok9WE!82WU%`Vpy`iZj+xK4JVa}DA zVT%rB9DXP8&UzQ;MZCd)7X_g(`>I_xfk%U;V-ox6DsLDZ-T!himE#8HXFqyQy@a4J zkVq^(Tl3n8WryS)O+@ilSU?Vqu7Dnr$pQrrmAwGWNj1PAx6;XsunkoB1aoYykXQGV zj$X9b`4we3%?CkSNBnF-x;8|*$uU_(P9mJDH(T!wo*_IIE03q{Gqs92o63+mdK!mK zORCEFTjtVcU+A5kJ>?G;$O{f6CU2dC%p^(#^c4joFnKU-XLo< zz?fxfcCO*B_u_3XDkcb<4Q$^ORJ^$G$KIjGCx|AJpC#G{Rrtk<`1#v)Wi8#?Tti12 zURWQ6--jCe!+L~GtYqEI{1OeeQ(B?IIEiv^ztW31NcisnD2+Y*$u`yU2KIj%UX zt=8BzNDYfV?yE|HJlHq=GuRsyXaqnw z8T}}LnQQjOE2bH?Xaf-#aQG)&C2qATc(d|&=*j+IC#v zHhX>`?)d=G{v-9o!*WP#?T)QXvq^KHRu)acBZ|Jx-uM>Jr9=0F-hkIKWdEYj4b{ke z@$WAjkIi}i8F;uCV0k_1QJl5E>Id`i`+Tj)@nx4seEiZl!l7BrF1`8b+dyD}Qb_@| zBd)+>N~6IA0ByZ{QL@`rCLL0AtcH}Y@UW16yK>#}%g!`l%6wpj!UQL69dC?1qY|I~ zdabG%kYsDCpU>J{>VO%Mizw0h&%-?fWHbGjEW#8}HUo03ZUTlzlmX^FM8Tg8q|;s7 z_(%0J18%SCmVdJ6&)H&?g$o_Y22bj5ztQKzmwnK#=eTU4r!8jdy&Q!Vo=aF?MGMpv zCO?-C1Kb~h3o+xn3Dt-yvju3u^J#T^m>AAe9{F><0)vV&ttX}(}N4zM#%p&5Q6|)!52cRm&4kxI^ ziUaR3t*uQVzj0+X&@m{ISS)k9!<{|!O)Tno*(-mk3ry)t-L)zo_9zX32qoDK`fwFp zyUJ+f{o=yU;KfI&ef*e%zOJ(c4<*$Co-T>bto~PVG|P&nIV+T^?>*^*e_;NfvrR_*llu(%ihV9$F7HDsY9v zY)K+6WZaubJ*XHI@8fE=T=l-GmMB+U&?dPHFAtCxTG(jA1=WEU_^>~y)djHimGwa4 zFgy35I0N-SL_4=>%d6ab((fi+$hfx!Z~gE6q&l``*jhag^yLB6RDGUU529PGM zq|Z%DDg+u#8$gV_E{{Np$>lDZky@yj0m!-e;G4Qjku=zH2u3%u(8caoNf4%Bjagt8seVd${* z(}^Y%0WUOuF4*k1W0PCaH{toy;>jc(c7l3El6z)(R8Rgzh0k;RN}x785(3aG7t2xE z%=EnW3l6`_Ab``GYE(VR^hbHfZJOz+CJLjzN|4IqZ%N+3 z1ux)Qy1$+}xEVjwc~Gn)aDntW5eLV#*<|Cqc6-duW0?vv`O`I-b#a^nm&-$z*VUdW z6UspnfM?w>+-$s81~)CAs1%-lJC4nC>LuRXSO0bvf3H#$&T4@;!!eV5(0v7_LwT`N zN=oW#-!8rMoCGf)_`ykQ7Q`H2NZu!^9DzJDpQQQR zkzUTKQfAI$SwLbfIGO#RW05K05uU^hhSPm6wfuN1zq8rW^on}-MkV@pvS8-Z>vr_B zJzat+j=p(So+(==RrH|>F581ZCKNX%)_#?_{bZsMD)pm=XCGkr+jl5h%)Igf-j%%E z1-zb14xi!L zx**W4WOfZ~%T7{1X;&H`w}xU^;WtMNlh0(o$+)v~FyajpOa-OP)(UEl_^I5Go>wmC z=~;4uOElPMxbSO`G)KMiiuTq-`?qwK+dLhA%*OQ^g45j>q9#u~f`<>E)Ha~y#>i;n z-cmzmjYzv&EGD;#wo=QMYocReS_X8>F&*h1)SMg7n zn4B6}-U5v0AglO-Mj^F0h2QchK-LUeLwMjs1Jt%B(&0L){ia3Uj}u3-u`&{k{$;_` zI7C%W98h=4SQQ>OfI!1z?|ag<>%fvlwDlhpPzm9Pcj`vvyu*gMsRrubb4?^(Lr)0k zz_maD&k?(NBwrO@n9L^!+o`j%tONI|20%0A@ooi5KGkMt39jvA{2kK+eE&fDE%Y@c zL;TXoJ?^q6%qR0(pt;}nZ80u=;j~6z_w0662NTW zI(bM0QCK09v!bq{$G##iG7&530i6XjU`xA4H2B-~39?b5&GI7mU|ku`Vv5=DUd}9EjlR5W_s$IIUAT7B|=)TLW1=ESy6>*>P zv_03J`20yi+S0;Djo7(YEg;M+6PZY>Bvm=-!3krkr;L5IK-J;qC7re`@lVhjbc%ef zI}!4XRwaA_H5unu@g4zp#n*Shcw~4g&)ASf@9pI>Aa&}Mf9I+P_cJJdn5-5mTEedj z%{d8e@NPXIeg^bii`TBYx#eIPM0r6mH`PW|2G3Eak`g}CLn(29#=?XnFbyc*zuYye zB^L-uOtkAdo6Qrr)Ehppt>^NhazAvC2_-JWQ94>J5;)VF`<;LMWdYDzusV~oX@J)g zzGw!>Q>*4Xx&mza&9)oIOC!+X0xMd|_90FD*M|cG1nTbsfGA)6ssAjWj!wyC-J>0D z)79meuFOsE`0ZT8iI?r*X9~b-?Laf!=3}|iel89pbJ&3ObXfXVR!79_hlbq_@7t~p z>3#1=49MIvT;y@NpJBVd0mOkjmg9mQ(_=$>4rJ_l#|bFqVIT(5?;UMz*3l%awR>hh z$PFh4dls$jetlB0+tniFdCUH=ze{8IOj>0@=)pkW2OreZ`bUSl$2LGUoVm51#RLce zFWcl_IN8EWMCKMq_)1fazvp;*w1!r%G!E|1H<+D^Z(k zt%qe3;FPb#TP|&j+6*+x?yK#yC1#S+1qgktKI~|*^I1OT*mE+GeLFB8FH&e9*SELt zP>Y)F^c*;XaPE3AKkx4un?3MYPjSgN?OXEEQ>|#_`Z*SRBl~MrYg#a1gxoj<;pu}H z;O+FDUCn#)1`HBRZy)PwKJI#leLd9dx^b)Bts2b!qsUv$R1l2f`0ky`C;LZlKrN{Y zYh|?5hSfHhI$-8y6yD(?nQX-I(Ec-Z+>Gm972owFOD}oa=Sjn&r9wY)wLW2E+rk<@ z3H)YNG?T3|5{2%xjYK!OMcuT&XJxr38adB9(0k3t#`?v0to2?%Sf$ZgJ6xa8cK{9w z12H#3EkL@dW*+_V7EHTx5zTFV)@%7^TqvZ#F)rmpCX?^ByY2BVN&YkvfmGGI4N88= z=zH|L1PoW}>je7Ruq=(X^ZQR6Usg#~`U1WUpuxfp>$QOQw)|x)yI6IoP%zC!; z$J_t*wV#aD+l<|Bn)(vSpHP^bb)F0uBB>RnhK5o)0AAa)&*XFUM7P0s-F7n{hMJlF zUgHEaj6rM$QxLW0%%52)z6QvbY})pI(QP1_SKqG4rw!f_|_T5s+O@+v;{knJV^JstXSDua> znItPuyo)EF>>m|fiy(pQt`3O0h};&XcAR*#7HB-W?jwH=Wc7*tW%bOIQ!0lRd0$Zf zuHc1=5@vIMd1*3vN0TaE1=P^NQ`zEG&wJm~a?#5>kvSX#kI6FCJO`BVX%5u#tOnrJ zO4D8n(=4&n3J&EyEKzz3aTPsSAervu!#=vNy9sM**y}h8O5WH^SRLWN6;{7E6u%+8 zcJOkxB=T*a8!$^@|BadX5_DZ*dF7wC{XrANsIMZZYsJ&CEvUU$TkR*U72cCh@9eVp z23%sH&J8((oqv@^265G)dBwgPjs3bQ2MQ;lRFPp^LA z`(%RwM|;YCF?fXQ-~V>s;^?B?lxi0{nTr9(pMe~c{KXulOa`H?TsPEw%z)|1#&Oh5 zMhv2H1cud$70q0CXkWsnIv688HGF_HJtm4(r_K>y+Jja4)PehUoH1{7N**-x?rj0% z7h_7DNS`EWsjH8NZBLBhJ}x{$gFbH8hF=GC2f9{n&89LY2dm#B1~IdwC(7`st;8~{ zOyI^XLAiWx3bkWENuNWVgFS8=55ytV?uVM%eJMM(sa8cYxt0P8fv%nHsB1trRN!Kf zxb8HqDz@}{aIdl}cbnEmmQzOf>H`@uT3M@S!E9dU!7QVdX##Mc z$d0Fx^ZD|xtm8_vgH{A&7}&&fa!C~uM`y+h0RngM8SKK?QyonD$90TuSLT@W(FehO z?DypJ#2$-3jn9BIz`)#4Yw7B{h!g}h%zWL?w@)l=l}5d>4guqpl4=pZ6Qh9g@EOM$ z1TTOPZulH3=cb+kSN3`ix5XBtt|Mpp28`)>)F3xol&B~=RanpxOY4%60fDnc!v|c&+PSaai)6pH-=O}=DIH-IGq;IHSu_rL~+wLN7(lo|s%rb&95UMwC zy6M-3i2JmDI{>|?Tnt@^#Uj7R%E8>nV!Bi;vGa~^Awu`H=1>;KvksEq*U%C9EMJC+ ziEllmm3Ds?e`{yYY%Ctj$y2ihYp~~pJ+0hdxH(A&A2nxqD5s1;x&ig-qF4119gopN z4_bf*6Dxcas=Ka=PR(Q`9HlJGgDDj1CqwRB~SYt8K< zs6}U7J`tI|Oe%BMoZU~iEjaTz*iIh070e=Bef~gV))1R2)O=L(bzXaHkrO@)sO-*_ z8$8rNOt|HYgCNjL9L|#!_by^G&Jz>C4|tspm1&Km9Y9{6A1iR#^vkhYIQ>MjIVA`j zxqlyc6u_Ec$dcq=a0Ukhh`!}HO6(`p9Do0aO>B(pM3#}Xu&Iz)MU2*SA=!_sTX5&4 z28HpK`SPmI`e%vtIyYtADj?+Z5ix;G+zT$IWUqkh!1a&%%pxJQW}&h65no})L* zMgc8rUbRfp8jE5BeuFk5H`k$Wz@jF%&9$aMck7`LdPAS*X0V4-^^@mk=t%)3y5pf& zvPQwB=?RFeBrqTK=h1p~6ZE6g@L_ieasAR^TDqmp71Dp7h6zc|`Z$^X6IpybUDBwU zlkVf(XqlJCjx4aclYEvp+IoFD!fou~^FwA~Pj4Vl?Z?OEa1BvhrT}EN?unOK3j5A1 zoni%!A1z`55Ok#=Cpnm;vJSkX*>tWMKzW~1&1T5d<|AIp=IB=3lyg}8WHRn^kjZwh zFI%|V?|L#jDFhU#i2G&V#LkJzB{JHG=?@>saM2#NVlMzowhU^2^PaVyL`b!)D+fS< z(ngU57!kZ&}o?EqwzP*{xY^I6_wpe$@Y-3h*`oYg{cn9Eu-rIGc?--2XzEYG{F0prQa#=i1tx!M9id zr7%l+1h?LT%bd?SlOAPDfhiejWk6rc1oonqi{!sgL9Jfm`z!9a@uTN279yxktjI>0 z#B2hVTkYe)A+ST|O}yUHq}R;=VGeB6j&~6ggGhMw_2p?b=WmH}X94Esz1gj(Nw)KX zA6>uIBD`!ZE2H@Jsp$+P-TL?Mt+tLTJrRPaEDuH6T2wyZNgw994ID$VN5_e4hm(^0%Ylb~{q0N{l!_i>f0RVL+H(#7po#&aN(j+P6c?*Lv3=wrJvatUW$ ze5i$w!176~J1=*2d6ac$^vdlvx|1DRI*I=cdAM^Hu&Zgnt~6PwcURXzv!c(o(dZlo zrY69^aHqX2@Y6$)wuMx>3!ovz5;y=m$0-2&zBiz~{zl)wX=!nYRebCy$I1oQ2JEem z4}Yel8*wSP)B1W!+=xEJ*(sCpoE4uiqUM%wp?zzu32?q^DNcBMZ~P5#ECT)z4{l@U z;BM>;m1F4f1V+#gRGaKq89&VxaGTR~n_H1LRr6P#wZk8t0bkYPeGMYybJKxBgFHkh zfJ?sw4w@AQOvioR9(FU0(@6=`X>|2LJnNb_a{e_GSik#ZP zqXW8FnCixXM?kS!JrMnsDB=`LLsQY8rwAt!R!rW*LoTD z(iW6_PoHQff}e|p-O55(ZLk#jSeI-Ji-8sSeoXJ1)wAB&5t;uyPMz!xuzdZ9=m*=; z+y+w<}w3rB=A^siW$J9aVKSR@Qp32vou^J zY(Cq5M4*+`hJTALnhz#NvhlQ7DN@m8r?c>|Gt~?Jo>2K%oF?pO==?`F;kjcZ?IRVE8x=ndRVnMphD&0ktcTwoYPDgaz*&fO21%>W)p3po9bH zXPT7~LPPsuI@?})l~rGY^<+Upzo8d3sLh&!nJ^%eLEkNOkm*BZ$uV!hkgQJ56V!)D zdOp1M?fB{{7}U9%7M+~KRqQ!(hsDDG4qs`(FJ>j__K2Ue%)y5FOX>3Y*}8{TMFlKZ zJaYV8MGse!7;(!s1#^N6Ee%(TaiYD36D{aW(Rc$1F=$v95S4_3C#r_ei;TuG)jcZD zn+vC_db5nVUx^oS761UQSEh@LL&M#d!h|aOp%qe3m)4Le&WF&W25Jh zIEv5U*9Ji+BP_V~YTr_4G4&nLblk~mf%itVr&KAd1T*LXgC+IG;*vKV4|3B(Y3qGE zt;ZaHv1|awLN5 zeFv-QpCTVXCd-}_mX!3rDG*_QqTbloQz)vZJ3r%CIR~x4X_(1O$!0ahh2624t)|3G zxnXxjQ);?NF_`19DG#z|aEq9I?VuGtS=fOU5!-9An$KkQfv_7V^g68feNStCqBTurr#ni#XxGV5*T^ZEV|FmC?43VHC6*&XAaysGb(H=$J$pY9Yq!>GrhcFr{zxd6@q_6m!zPGasSp zqu)?Vz6bWN`guIuISN*D|7Xw52a9e=F4Hx|&tOqf-B>TF zKnedP@zlDg-1g(gUcrLNkd$Qk2E(DJ-o16HhIt2YB#MH z%*HA)DMu+w-d7B^`k$v79qVy+un!s^LpNgC9bw~JE!DIxuq`jX@qxXKWy#~i5ir^N zGMl@3{eiL>oNM88)SOp`4aXp*GIRUFLh$f`-j<7XT>d|kCn+Cwg!DlwE&*B&JaKJ_ z6-NJ&ebq}WpkaN>yTn|o(MN_qRDg&ExxB}p33LSVmkvuwgI^21{+zsg@YVqavC1BD zGX1fxES*I=hh44o(`ODyg%}84XN(^Ohc^2iNAi98s$>o0yYxo#*e~q&fOIqk&u5t? zOCOWRUp7*WkkYXBWt~u$06QV)o@G>Kb6WL&u={4r#e9bzT(^#w6_3a!g+QC#;WdF> z%3$W@m@sP4ifz;O^rstX5&tyb-nbv*ZQiz*035~Yzi>+1*yfz@^-JeidC0d4kNw4C zcXlz8M=4@L)XG4|VE72*cTCRtZZKb#^}0WJ{}9FDJY=|v;t=Y30_OpgNZIx7(#|9uPHIMiR8qCbchzl7oa%Eg`6*?VJpS#gZ+}Cd z(T+PW4`J9lIGuo$B2fye8Dh&?qjL?yuwYlgq~TLp#m@%7ufMKNSj3VGn}lUPD~9Xe_+v@|47q zAB~RV`Wi0%L#d{<R`z7s zH==7fE7#3{Aw`k+S{*I^aD%Mu2-$Z;ife`<*_ZxoLndfGu7LD!YH@vk`3y%aKO02O zwQD_Ks-l9M)1yp0ab$3B{I=U2Ti{21DDpjyaR)PQT1gR8$N7wE7`EXX39V$&_|Tqk z^+DelU<|vuVleLoZb9??3h?S-M^&8IPSe58vGEAtUa>7mNsD{fc?F;QNoD4b4ZI%s z?B=Tkuwj~~zg4dt0C9tDaH4oO9#rwbUu9 zf$eHmQsz+VOWw7&znq%?#FJQz;CV-WbZMFtO3sYJqR!rVkZHu z+&3fY?f3^p31^I`MF4hjQACY4Fi8&Lt|&?^nA`L$)VAWuQQO!(E>j7|LEjC#?>pMJ zB?{+fw7rjs-QH@)}RQtIo4|BJj*Pw5fg z%0;5XV*6E56s@V>IVV~HM)l0o`97Ha-fV--!)AJi@EzU;Dg%(lKlr9axb1!k*7E0S ziSMBw5R!r8G&`w%AZy_-k6HnP1JFNk>eGLA9g@d#kNGm&EypLmWs``}*)Z(Di}&bl zj%(VkB(D+UA7rf(F$PL9JI^au(W9YLd`F#Kxts%&W+g9s0Z60 zNgfY8=0}!qqSf}|zg5@*4GIu1F+PwzH}c%niEN@e08Yf0V0X3vdfZIj`nhB<;p{wC zFcoQowfdGqjV<+0VMnmHcl3v>aCb(85d~SFGyj%yOdUuq9wr!Zt8U=MV#r~XqT%c` z#vT^=GwZe!Dc6^!LH09r*o)GLSuoh;h-*#NlC2V_X<}yjK(V3-@rVx zUmmP3MV_yZ@{86pN2m6OHEGQH_8n~LS0$M4#%EkJ5qUVEBT8D38qnFjxK#{aR>LcT z^aPdK9jB8|0d`MD-vQePfd3t5S5~yY=VE6DiD-<--6v-Q>t5PT2eavTG00a)>~Xg} zf0ohcGaiCQ)p(kD)mN9m%(G1_rAW zds51d<^Rg1d?U1&W*;b9KfwF%$Kj)r+#)jE%n>lK`7q*$f>yEXWJ{ ze~6|b^?$=5=B%9kq-(Gi`>cg%Pj6U5hR!1?#ABO7W#PJW z+!oJh6pllH!>d3`fnk-S>f!U83K zJG^QY?T5vMD@MCkYUeO*OAA_@m$B@&gl5&yAs!$UV{r}}-rHL^RmDdDoB4s2XkA%3 z`3fYh@Ip*QB`TLZL6S;pL)0%Es!}6mH+@YT6F&u0w}zqNe#{?M5KVWz8bX-2rSTQX z(<0KMZd@1ZSc_uo%%fele~-PPm<#>V^d)jmw#_vsvR3!rU@Mdw`AzDfO+xa)6zqNN z>$D4_S|{&Dw6^FOdYNIp&%B@!V1~M4k@IShg3HIgaE3i}c zUEecm8{P1QuR(J3im!-TS=&Lf4?f^+g%1R(*_=MUDw^Z} zY=e!*_4;6`i|N%&{(BvYUzJOE^3|s;XH8gwlixBoo^^crL?tmL3f?XueBb$_7M7we{2Accy&6|N=Gn=9}nM}_73$qrzMk$)o^bokch)+c47Y1FGdP;UL{s-14 zRW*7BX}c^b`e;6K-G!OTQ-+$@%7!`#ntcSbjep;9DT@)qipT9?Bh7=8!0I|^apl|4 zlWy#&-pL#oOunEDa0JK;z+yjo?uy!RL^!jhrOU0KP@I{_;jCKJr)2jLz|UqUeo71` zV=H2c4|iFh8N7Vc=ERCn9XkcJcRce@GR^*zVfzevb7qf@pHK)%=>$&M@g!f}WM>emB4OAUVodfhL zkqtInp^2|4+1$MvsJc=fq_FjV2?lW@jQ!=a!5`4$_K|<;&pP;zEIBT@~kTaGPEMx4+@M@wA&M>ZguudXh1r3ldd11lkSg#&A z>cgH3Uq2gBjeNNwILNKNQr)pDwiY#)gWB!2+C(WZJh>4ob_ZN9skHk6&OC$*zp&Pj#k1N?>H$?PVbtWrn^U{SEKdLcQ&0J)@4on z#YJ&nta!fK?1T@v>frq`XoMWOEEMW_hDz6&SjSQ88+7Xx4nfcuYc>H;us=f^|`}>0$Ie6FY}h09gskxAHJtXRTr7X)H$hzE#iNHk@1=IxXUMEI79*1B4 zb@nd()J>a0-L_@+k2U)*7CxGf1Wuqh9&w{4B+Z8&go_bSxM0PIA}7iM~BgZ}uq zT>i-TE7rY>hF%-f&F$y6KprV7v(SUB761aw)U4!17=u+Hj+vZ)4c4b5W#HA6ewXX9 zgNP;r=L_v$A|I=9xfWs^p{}DLh1<;W<+d7=!ysM8{8sM-L#-TTUJopci-R0 zKU0$tVQn>H8KJA|AmlSU06Z6jUPSV~T~nj%n9DRZ<=K)$rTOZagsnoc1!OGS{>a5DxiD0(@vYn4GXl`?yvLPYP=j+`|Sj1#4Gv`@)9>Ee%HuZua5f1hkggFMOkxH2ohjaYVJo-`8;rG`co?E+;LnaK)JHMVul?3YQ-YFI> zH83+e&u{tg*m(UZVK7|_J|G20LRm*!+CviN^T#8JI4uUaTAj^Nx%$i_jB!+SC*`f0 zA7Kqb@O*ve-bPRWur$JiJ_;Sm6d{A$tywQ~c;q1Y6!kSo*T27HzV~O?SSU5}QuLRC zf@=4P(|x~gyj`ru3}F}e!z8s>iOK4YcG&q5{%?<84L4L7wEGoBrsz}OK6Ue?a$zX{ zUK=AMv2<`8y4CpQLf=$#G;r|3?*`Kg1o_lu;(N;axd{=^|FsL=h_3nLGinIU? zU)Vu%1bE6iDu>Us@~2P}>(V6|^Yf4KMCs8^qIF9hd%)X3Kk8`*nx?OHYGyU;?VCn> zn#gZ-^ihpZJF-ity{f&kPfPQ0V_cLS-bPs0n5lxQn!7w}81itj{1vOd5@wz~lL&&`P~v8w2`ahl%unq3VI5b)q6A zL(WI3D*?lbKeVfL_b!J?QnBKP(i}bA;jY)G(bG&{9Rh#Fbp_UkN?j}_bdZ91$y-UN zE(O8zDIj*9N83ZttxkSJ6B3mY4Dl0}-}DtG(17xqKET?r!A*xrMtPA&6E)k@%M_S) z17#1&=Y6up58&tMnxZ0qU}w=nR`A<#F*vPT+4`M&o14%n3YWZ?*o+swL3SmteaX@E z>Ez0$AH_9ujMSfp4;6lVsQx8^XiRkhaA&q|&%cBnX?L%Dk`&q@S5P#-B1R8T!fJdF zp&_F7jV^-A$M($Boc)e#(q}MqB_X8r^x1*YHcUZ*H~1X=-BPDJUqka(pCl|aAX_}f zbN8&LKyz$%Vmvo@27T;~wWc!JJ@lOJSz(HsORnBC`Rb82Uwdns=L9ywec$usGKg)5 z_bnRa>Nkwn*C)7GRwTYr2wik#{WqI{((>CQ?9TJ6(SrBgv9UfEbuiY>h2=mt;W%uP z-#(i>Y>dHnK_=jLZq=7HHWE+QK^U6Os3KLA7E7B~6_V&j#0;?>%iwI}a~b|En~>P3 z6{;d{`L^llJplQUu=7Uo+##1(yPP}l{_l#+U%2K_Jk?-8(`;ZD4t;QegMdyS2LT;fBeh*0|i<*(iFvCv4KC$~)hQ6zVhc5F(QrC1Vt z9zMiD-5}j!^Vk1I&zh$zSZ;m(oO@hdfTqBt0Y5Jo`{i9l)U0R0Dfx%WEx?^%t!X6C z!NIsv&U0E`n*!@c2>5AP3>vH3^s$4&q6r2owr5;O4Q~WYQCO!a@o2BqBU@hF{3vD7 z-r%ul#{qcR%`{5IM!){7Y_8gnWcaJP%*tooDfXBsD#wdx(C?NyHQB`XomDymL1GgQ zNYyadt3nq-IhWtVQPC?215vqKRuR64^Mn+5E4|?Pym;;xjr0+};tmUFTew`?~Js-AIfKfAGDbFt@oB z0s$YaexTc%( zW#MDJZo!DxDZXEbm0CbPQ$wlxEzb@-)rBw7iQY7RA6igM8>X)Auw%z`MpR!W-;Qn5 zQ=oDMn=^wh44u8hOL;}2SoC`K1D?kaS3}{&VKCEa(Uzt$d)m~{PH9kTs@T*g`W+RpJ5%P&(Y0E#KrL#c7R(?7=ajE z!0lh?g7p^w0HbAQKU1;+NrLpkXhcCoBFQBH5VUi@Lkci%Mys|#ZI%WQY{&=c1hszT zVZL6gQT3wWk_hs)<~m5!a)_h<2>~~#=vl|lde*w7gpdS}n87aVsV#X(THQzC8;wJ) zT+41yOLpuzi9BEb9KhfwM!|Y>0~t3&_v)dtQ*(cwI-T%wJITJ;9;#XeaE-FZ5c}8o ztsF=i0L20b^sH_Qo>)6*e#lt)pi0|W?-k7=$8 zrm$#!uXxv{OQ~6w_-_*wGSz{4WXJG_hDfGz{j%4@*yu+QpkMkroXST-YTbJLp2J(l z3;bpC>nvVMd#lm$q0Gd=@!`DWlCwV>Yg((NB)1n37P#NM^dlqcVnxS-6*9}r#H`(~ z)mgQJ3jSZJug|w;-_FBIQg;M`OG8`z=3PXAm&J5ob5Z|Hn_&ll#Z~mEiKmv79m}N$ z#HVS`oeB`d7t9Lp0oB-v1chiP_j6{ zKd&fMsbnNlWxcL_>2j}!q@Fg%p2DAhp z^Ky&nC9a@XtTLhrv*pS(&!YK9d}KU}mpK#rp&a@vp{~Er@Zp{;(S`pP`$RsT*Nwle&scK%@mO(WP@juz(MftiL@egTFE-bb;5Izsmod2fOH zV@S%SH6N_BQ>_x4Xv08!Cyy9_mWe%PWG7~uT;?M%+6Ba@R?okb`@O2im0hF;ev#*! zW6mW1TV~OX1#g~ceffer>UFFco;$x~(M`fau|jgZDm+EUbO$@vE*!k=AujshZI9ow zk#*z+R1J)ikaTl4=hor(7XKOHslIr!NPJc!au!FREr62m)(+WNui#~ zb}D2)@rj%h6XIi{xR7!?X>|0a9n_0oD4|TN@L!9%DCA?>(rm24Q+8vZ_#5NN{i;sr zCgiWMQ`tAa8b*zELU3Eu^wZ%(GcA6qX4ota$TOj+ zZg05Ga9+aYmI}1;043D9`Z}5U;7NGhybP(bKQsZbz0TH`H(JjC2PbktvAK3NRT-mm@_a;( zYg7)GO4j{mr!=c1vCOehYqCZ_)>xd`dg2Crh*aD{_Cuf4=x=R3-Rd#(OTW5Y`0Vvj zCN)Y9+@OS>!S}e|F`(WB@Zjh5h|5INe-ZGW_(5<@VQ*8@Cpe zJYLNNREi%Ef2lbU;&ll(1B&G*Jw3p`P8GOURI>U`MWSpJ!o$K_x6TUrq!hHzoa!H0 zV^%#bq)hc!M!yc>N%dFMQ>+?Hk=6(DszjUrO3gD%Ml96q{J_pDvaoFPx5b`US?w*M z@{Z3h`unT*m+BtSFVW3!hTG3|2kY|NOAn>5&Vf*!xB|Q{zxngXul`iE6y{K>We__i_*Ynz*H)wREr zxU`b{jN9uD*1l}F&_JMSEw*;v6`S9Cg45Kg-k6tdpr$iBL7lg{;Wb1H2`c&wV~vGS7~owz8i=%RPEbULD>Z1s(pElHW9HNOT%1#Ud+`Xt>_fE7$7h< zTWueTe|+qG;iCl$yWz92>P`VT zzg^gJSVM7z#NFhmwNS|mMIxo=YG;U^JT}&B?#zasDkk#0g4j`1FlCA+xU<_a!0|dP z4{N6ux2GVi0~|(ua62kEa0=Ct7n&g3kkLPC=5ZUKLG7g0wGVcO8(TX)X%>G#VMrGvGwsR zoF2fMG|dt+v&s58Vd@5m!}S*i{=1nKA^Pm$kL2X)dn>8M1|v>#u{YKg^76L zo=0Dcxs-q0luw)sJLM7uCxiEXdnfQ(P@lfIbmN^m7`eR)3r(eU6=r{1aAWCaOGmRY ztyeO{>}bkQX9xpSl$@l1S%R9U0rT;Ra(n@!!>(3@rZ6z(8|3>2zR*di=76-T0ei~!wN04x!+sCZORtk27KHC{qd zAVtvz!1$;8D^tDtMA4iS!!}kVO=H{c%Sr6{pEycths#VC8l*br`-Pu60z`)zf|vcR zM~i?15hcZ9&PGwiQIftAIvWv;g~ zD0;ggvI$(D(T644TDcYw3i}seDpU=)dHY{sUR7YW!0UWkDbw%*y=j6=nLqH~q|#}B z9tKR@QY7d-t9z0k#9E=jseSjgG9d0E>Y#cHMu?K+PdDs|?J;#zbk_`!A^ zzUQWGcDga&tcu@Zw5D2g$b5;(ix7p}`&`lN9ErE#Lk|~rajDwsFo3&lO*m+VE$@hb z9i^(P=^>f2iIIG5U@D&OJ^${8Nb0JIgTU)|p&6QOk0c6xG$zX)t?uY$r&ToyKkr`E z)_8I6wz$HDSd_m)3RqFahs@0_VOpN&sN^~mY{tLzjNbk%S2|y@!|tbR`j3+T?fPDt zU+J3u?9$GU?8ZWol=8C~J0`C5XE%Qu1!o>RvqnoxpEKNW+@g+K zL2&O_X_SV(drvy(rw6NV#27Z8Rcc&lpzP~&*nX^_25F6R5rHeEZAJ z_g=e%5kK`Q%sElb$bgA;XUNj#lHdn}b0Cu~Vy|L6+PZ*hMRKE|*J9t|pIj94ynCNS zl7Xq`y_~cnq>UBwP0V?6r~6p`jV|Z-O#Lk4{N5L?{Pjv82W_@=Ca=;#s%qm;o26*= zoL;gSwW3D6=&~dZuU~Pj`!z%W`siXC+}$K}iz-+(M&zmTEvh#T489;iIfPEd3b@JN z_W14lnsP*4^u}scWwtk)JazJupC4=I<9)&UkX5q`CH zpX!l_?`pa%0+Jn7)Wq0OM}prOL322|HpS`go@2(G&C1SvR9x-4aA>Ck6C?k8Rq~%< z>d?Sx!K5!HdPN(>qZ^B%NpoB6vUYusSU}rzdqktJ)!615!6TUY*;M+}K&-=SzK!+m z23M+`t>%W+BE7Bk4^_m0LMG6(Rh3GaIqg;ac7J*R^2^dLo0&BPoMQRHG^r3T&JHf z#~7e`n5bhttkc+(Fr)g<7Rz|uF?wcF!7t-SP@buIsRo7PgSHm)+k|!q)C3P4E8N^s zp(HC?i-s^o=@rz-l(pJzTYnv4QoG}yKkuMV%AZu4&CtAGGTyT1LKBhM)aI3gRmh5~kE_b1jsZ*FYunvf#!u$~{8QH`XFu_dN?9UN&%> ztpW!fx9%_iTmPw#nSTw@eFq;=H5j^YzKXO1>NAmiZ6KwU{CsNbFWn}NpAbv6xo@UZ z_4B&e-dnNN3Guw&ejl_*FWg>kQogX?!--!ZaOc(zLpm+ljjJm%AGCTkd72vHWuxGy zBg8wLfN;ad?vmWw2CA!3ePhu@q4jUNLxWr*+Lh^#W%!#d$IA4tulvABChh#?mTU-5 zc_Vtt8>-Jc#CX^v)Fs#TzfYn%8Pi%r#gN|P6f3OWVt;z|Ja|G)E}6kn%Hy5>Lc5YT zUo3y^(zX&xz`{!uRET+fIxO>yx%0td0nj2bz6J-0^_Tg|!8dxbp=pK#8fD$fOS4hH84*W0@z zjvGXV$@*tND0V>GNa~V|7%RBgRJ&mteiJakxa$@PD_%MVs++nURKZa1G+Im&Hlo=( z#Y14LXc4X`v%qKNB1agv9J1nZ@#`x)?vpl*aijQk>d1vA%w|c${A++Hr8iM1aX1nF z1i%ZwXP&QeoKu9>F8qJ;kB@_4E=TXpJkg#VFe^0iV;hhQC&r)!2s4;@1qkOz8_Ue^ z)Z0id8|{oNDi7%0k%yf8KnfYAc1pbF6Z&{iwYT$vNA4@xt$+swt;U;~J(R4*xm0QG z0CD|Od|H&q(w$vw|1rHBu+O<0Ogo)RXssSN|!gBeQ+;e|NaK$SaNK%En%86H8N zT`nrw-60$)KM(0Hb*qY9H(x>X;<&kkd4V#Ydg-c$!wy>8!h?$W7EAmv1G9g#NVJv> zocrD98+P5Ka*xe;eq6|z4lcPL1Xf5TTh!Ay<6ThZELKO|?$)J$CL?&_S>Lv>@GbN2R;h3w>j2c3M9=C+m%}{uZ`x29%67|ki zu&j6gRmAeMdNV2;8d0w^<05%H$FVH5+jKecXdYAxko)amIP5kaY<`cQtl7Hoiqg6e z4dXBjJOEGq{{e37^ zstJd|UyS%ZMOz&#_J#WMig}wkTx|d*zdE3j_P&_uhp=xU%sY?$R5q*HSGCpz*F{lU zXG}LHRIhWdIY%{c_sQQv(U~qq?3#=Yl;J>azUjnB%+0NAMcTf?XHAJnSKnm8E+sM2Swx;iWAPR}!N`IR{vr4OjWU>=&hvJ{y~vd-v(| z=}A<;U)!qY*1?qQLZ6Pn%vQFYKvv^{3-sKLcB?y^kIL4IxVYJ4aZJnRIy=iZApDj3 zKC~PL<9rV~w^1)eL{{VD)r%$PP17?i375W#0uJ|@M`oH$4iBp1)f(7aQKOxL$vX5^ zCCdPbBO5^Se3A}%CwHeI!Cr_MtM=TcH;2ay@cp_`f4ZtExypy^jTj*2G~psyDB-M2 zq7>S5JEVVOdj{rX?*1>zeSd2Yxw3V%{L}QGi^_s>TXm zk5UJz+yH&$@q|Z9!j?p;$9kX*)j4#GuI9(Tmv58{B&35G#8#BY`mSwnQ#}b+68vG2 z31ht|?TsE%xeUAE!t$kO@qD9G#loXF!gy*Q*ptP#5?e*2)^!faMBpO2T7k)y%~| z#;CBt)KvG@zB3=(1}tIf@FcnqdJN8Y<=EKvMG$%MzHj-W9 zXZ1o2v0N2BGS%!N(l=(0)nEWCi+Xpp9YCH?uHe>n{SHRZ9mOvZbXEk~z>O76(G_%- zBH4_}hKXhVv~{Pm(P^%V$UUN9WUT>=E(An>yeIFbtu1zJpEbsOn460jUJJ9Q>w_!~EaPS+{(7T(I zi{Ibxwu0YK_^<944QZk@JgXWkX`x5G=Bc~ksOv!Ua%YhA!;@cRKbf5{o!r~CO+9lA zM!wupj(Y7JN-P0Wo{s1PYr+gWWh(cs*o_R=ESOEzeci$vEDqpJIxpB$(q($FwDCo* z7S1n~O$TP>P;*tZ>h)?yBVHn4bV~j*-oL6D19ti2ez6N=ftT6rQ)2~s3bemtw ztX(8y^KYjQobl+=RhPl)RBF%#6{}JD+M;Ul{4j@0kOpOh@4>0muvlJC&~iuXJN8ie z_fR|?S8@H`w7ho<;ZHKjkePF3=7v%COGYaSIX2jAQ)r()$Nqml+`rZsPJGQybOzvn z({}ttdIc_@qt2~0dsx4P_YVV!H^hJ)cCiq^?w>yf9`H$Uj}T<=6^e!F{jk?Ow@S zbkFU95xD()=uZrnHrYUdp5^d&`ZXr5zQ^r3g3aR~WS>tZ*q8cW%JglYJX$G6xdq)_uP~P&KG^B{louPkRzvrLdE9!!{ zv}*gJ;2<2xhsn3lla>)&K%gAdrYAEMkPRe^j;A-?boK0`;~*pr>k>%CHObv3B7 zLq-e3WNKRUD?||A{-ho7%$o1Q_Q&(aub)|N{(~y!l6IfINcNL6Ej5Av8BEHLt@mLW zU^zzMRl$vg&mTjzukR(CB_~PH2U)TF?26}~I}QMC`tOHez-suACW~Fo75$9n*W=+A zC(3#rbchWintAkO@~yskaOdc|wowyISKA$4v&y&yi_rL-ZR`#8GTf`J-gW1k0*Oz} z<7eWJ z%P$d@SHNUSm!7tloV24n6U`de0>Yll;gCm-qG#;|P!VffunlUik)_JCfU*0r3905J zs%{Tl#Am!R`^XmmPj2Z9Ir!f4PvXdg#1C9WJ$BhorUU#wxk9LqBkZ%%L1qiVB+Ae%nLp>hNS!OcW6?aHTvFPe$yM3`?!rANX`VzZ|<^w4`r=XpgERM15_ZO z2iVhl;S3s}ZV*EZ2Pl_c22}0l$=`vVQ82WO3cNzmlUp{|+sykTN;XVVwJhpc3=kPt zyVm<~bE0fEdhd!OkZIB|Y)N32%zJEQ<~j7sX&lfQf*dK_sz|s3uf*x=oSeCCv@87j*U*kXCt2__d>^Gj~nzd*>MEC1s?!1_r~FedO&;d zKVNn+3N$|C15g$QJxcmZnU~Vw(hc`{+0gDBXd{-zli zZ~hE)+ipsY#2JCN8a)&XOgNb-UpQc_W_LW%yYQdF4>OQ%`!Ar0(DpTM=2~B;l(M#l z?(<_AN-x+7vj7)pxS!+CR2}a7FO#;8Q=|Z*MHqi`Wj^>y{3F0K+gt}iKsCmP!8)3Y zBFm{oD-7;u$xnxo4B^p2_pWu;Lx~jB6So(qL9tftx-`5|gPP0C=JC%NTno3k8x~kK zAbjFURpCzduC=JP@D1u$6Fq$)lMz zF2ZJZ7SnhAG0or|5x;%MRvtL8;V*HcEx8We6|83v&JQmC7a^#hPlUK`l{lw zqxZ>X%Dk7vImuYda+W^UC^aI~g*7h0f}&wmCV|b#y#1Oc z+og5EAt@GpVmgVl!q2$g?zhtok=KnQeM2V)J{IIVs7MvwZ=q1hv!P2dsMA&}a>9ws zzXW!L)qFjy91GJ8hGZX5b^e7B!3P6iZffYQ)DALzLxFuQPu(<7ywjwo>0OW&1dX6D zO;;!XZckXxTg*^fli~`}TmRf6XDRf&H+OFivheISO+u2T3$+npYp{pgh7!CBEaB1N zrQf|6VC_^v96g`wjlTIkuB2ydFyu`x60II;py8hP}l zxKD@}+vR93N-fTo{6&-ZR_6Zf@hq0{qHtT*_Evk8%xh_?vh}eT%d-#&={y{B&_>$&-pXChwfis5Esny)f5tcp7yp^! zC|vx{6i4CW|JdRvT>NK@qj2$`DgOT(E}q(9L%`M^1|#3pQ#Da^-(R>xuboKuRWzV) z!Bcg1J_$A^FXJjwQdUmpF}Lu(wF>0h@va)~3CIEoU7K5!IF{|yUAE^*`% zM@jPEr{O3`9$MnaC5~L;C`tb714l{n&=N;3apV&JAI>H8Qwoh?-Er^NAgkWFeg9UD IobikQ2hPaKwg3PC literal 0 HcmV?d00001