From 7acf62b7dea020894b23d82c7a9df4fad1a87dfd Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Wed, 27 Nov 2024 13:24:16 -0800 Subject: [PATCH] Release article: 4.60.0 (#24135) Co-authored-by: Rachael Shaw Co-authored-by: Luke Heath --- articles/fleet-4.60.0.md | 83 ++++++++++++++++++ .../articles/fleet-4.60.0-1600x900@2x.png | Bin 0 -> 53782 bytes 2 files changed, 83 insertions(+) create mode 100644 articles/fleet-4.60.0.md create mode 100644 website/assets/images/articles/fleet-4.60.0-1600x900@2x.png diff --git a/articles/fleet-4.60.0.md b/articles/fleet-4.60.0.md new file mode 100644 index 0000000000..a54b3dca62 --- /dev/null +++ b/articles/fleet-4.60.0.md @@ -0,0 +1,83 @@ +# Fleet 4.60.0 | Escrow Linux disk encryption keys, custom targets for OS settings, scripts preview + +![Fleet 4.60.0](../website/assets/images/articles/fleet-4.60.0-1600x900@2x.png) + +Fleet 4.60.0 is live. Check out the full [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.60.0) or continue reading to get the highlights. +For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs. + +## Highlights +- Escrow Linux disk encryption keys +- Custom targets for OS settings +- Preview scripts before run + +### Escrow Linux disk encryption keys + +Fleet now supports escrowing the disk encryption keys for Linux (Ubuntu and Fedora) workstations. This means teams can access encrypted data without needing the local password when an employee leaves, simplifying handoffs and ensuring critical data remains accessible while protected. Learn more in the guide [here](https://fleetdm.com/guides/enforce-disk-encryption). + +### Custom targets for OS settings + +With Fleet, you can now use a new "include any" label option to target OS settings (configuration profiles) to specific hosts within a team. This added flexibility allows for finer control over which OS settings apply to which hosts, making it easier to tweak configurations without disrupting broader baselines (Fleet [teams](https://fleetdm.com/guides/teams)). + +### Preview scripts before run + +Fleet now provides the ability to preview scripts directly on the **Host details** or **Scripts** page. This quick-view feature reduces the risk of errors by letting you verify the script is correct before running it, saving time and ensuring smoother operations. + +## Changes + +### Endpoint operations +- Added support for `labels_include_any` to gitops. +- Added major improvements to keyboard accessibility throughout app (e.g. checkboxes, dropdowns, table navigation). +- Added activity item for `fleetd` enrollment with host serial and display name. +- Added capability for Fleet to serve YARA rules to agents over HTTPS authenticated via node key (requires osquery 5.14+). +- Added a query to allow users to turn on/off automations while being transparent of the current log destination. +- Updated UI to allow users to view scripts (from both the scripts page and host details page) without downloading them. +- Updated activity feed to generate an activity when activity automations are enabled, edited, or disabled. +- Cancelled pending script executions when a script is edited or deleted. + +### Device management (MDM) +- Added better handling of timeout and insufficient permissions errors in NDES SCEP proxy. +- Added info banner for cloud customers to help with their windows autoenrollment setup. +- Added DB support for "include any" label profile deployment. +- Added support for "include any" label/profile relationships to the profile reconciliation machinery. +- Added `team_identifier` signature information to Apple macOS applications to the `/api/latest/fleet/hosts/:id/software` API endpoint. +- Added indicator of how fresh a software title's host and version counts are on the title's details page. +- Added UI for allowing users to install custom profiles on hosts that include any of the defined labels. +- Added UI features supporting disk encryption for Ubuntu and Fedora Linux. +- Added support for deb packages compressed with zstd. + +### Vulnerability management +- Allowed skipping computationally heavy population of vulnerability details when populating host software on hosts list endpoint (`GET /api/latest/fleet/hosts`) when using Fleet Premium (`populate_software=without_vulnerability_descriptions`). + +### Bug fixes and improvements +- Improved memory usage of the Fleet server when uploading a large software installer file. Note that the installer will now use (temporary) disk space and sufficient storage space is required. +- Improved performance of adding and removing profiles to large teams by an order of magnitude. +- Disabled accessibility via keyboard for forms that are disabled via a slider. +- Updated software batch endpoint status code from 200 (OK) to 202 (Accepted). +- Updated a package used for testing (msw) to improve security. +- Updated to reboot linux machine on unlock to work around GDM bug on Ubuntu 24.04. +- Updated GitOps to return an error if the deprecated `apple_bm_default_team` key is used and there are more than 1 ABM tokens in Fleet. +- Dismissed error flash on the my device page when navigating to another URL. +- Modified the Fleet setup experience feature to not run if there is no software or script configured for the setup experience. +- Set a more accurate minimum height for the Add hosts > ChromeOS > Policy for extension field, avoiding a scrollbar. +- Added UI prompt for user to reenter the password if SCEP/NDES url or username has changed. +- Updated ABM public key to download as as PEM format instead of CRT. +- Fixed issue with uploading macOS software packages that do not have a top level `Distribution.xml`, but do have a top level `PackageInfo.xml`. For example, Okta Verify.app. +- Fixed some cases where Fleet Maintained Apps generated incorrect uninstall scripts. +- Fixed a bug where a device that was removed from ABM and then added back wouldn't properly re-enroll in Fleet MDM. +- Fixed name/version parsing issue with PE (EXE) installer self-extracting archives such as Opera. +- Fixed a bug where the create and update label endpoints could return outdated information in a deployment using a mysql replica. +- Fixed the MDM configuration profiles deployment when based on excluded labels. +- Fixed gitops path resolution for installer queries and scripts to always be relative to where the query file or script is referenced. This change breaks existing YAML files that had to account for previous inconsistent behavior (e.g. installers in a subdirectory referencing scripts elsewhere). +- Fixed issue where minimum OS version enforcement was not being applied during Apple ADE if MDM IdP integration was enabled. +- Fixed a bug where users would be allowed to attempt an install of an App Store app on a host that was not MDM enrolled. + +## Ready to upgrade? + +Visit our [Upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs for instructions on updating to Fleet 4.60.0. + + + + + + + \ No newline at end of file diff --git a/website/assets/images/articles/fleet-4.60.0-1600x900@2x.png b/website/assets/images/articles/fleet-4.60.0-1600x900@2x.png new file mode 100644 index 0000000000000000000000000000000000000000..01feb42ba2a21a4913baa21bd097e7b18f9c3de8 GIT binary patch literal 53782 zcmeFZbzGBQ*grl(KtU0aj-jX^hzKYhLj){JKpK<~B&D07C=CNCK}t|Mq@`72gtT-? z$LJa`wtepn=JR=;e}Avvf1cM%-M#z1&$;?~U)MP^NL5+!>>1`WAQ0&6gZuZMfIw8f zAP_kP1sU)S=9!)d@XzU2_jMdWAo{DgKSU3nT-gA=ByxPBco$UA$+`qwkebUX$$~&d zFv_Fnr$C^d+z0n$HQb0+MrDaW=RqKW(v4^Z?7iRL-~%R(DJb03e}|6M-;cnDh-<$8 zy=*+q@!v~(Vv7GO68}u%Uz8wt!@pp9B8h({ z@y{gwB}sw}{7aH2lK5v5|4ah(FG-#l!M`L)@P>aT@y{gwCCL*T_?ILJVd0-i{4tJi{|A#usjUv_$o;x4i9zaJkSO{g(0ola;`}sQB2Q54uh@#`PpNKe z7%T9^I|vv*%hl}9kw{ph=c`?E%Iu%Gk-HjND&bwZc>mUuGW9$9E5$s4@dac*dNmtv zKEJ;>8}`=i?pUMpS2l^DRZ|D{X1Uj*s`s~!y40bc(7c&1PiT}g|$iF17M694fC&_9&<4_E)IB>oj`|A`6z%G7^_ z`Tvit2wf5oC{@;JCpoMW(UmNrSZd^aZA83N>LQ<%oE4S%>h^0E!J8yX0^U1g z?of4Au+1u4k#!TK)D_wI9x8ced*NrRNjlakS@bq*30LOy(1d}k_YEtnFwCC3y@{6R zj`NN1y1k~dLI$IcB4R=eQ6-K7g5Ep|8OlvlOMOM=UWa3Y<^UP^;k%7zHb#>a?ESH` zdF$hRn)#x2sY_xQ%+lK2F|=-g)np;OC+SVZqc0TF9)mW4ympMCYj^zC&q(=bMg{m= zU22I;;-|cO^V8*hZe!T!Vbx4{9j|2%T(Qj6D~JA#H8?47)r8jGZCQihWgF!gR!{9P zi*^v8#dD>ve8)Pk3i)_v((9VIR#MQTPui!izlj)EDR2BuBhUiZyaz^qv<;g06jru4 z^Mw1UY5O+*c1u;rS{<3Oui4f z>7@rIWLVk*ZYu2*MO-Fj@+p`b>tQ{z9En5T!**0OJJ;K5mEK$mY@eGg>KQ_=sBg}f zGx!-P73~$7_4nIj&w9t*I2283=*zScXrZm9);UG!Pcg^hQV4gM$2;)4X5O2Xi4h*s zgY&^nu(Epe@V6Iz`D!Y6Bd7}vr{D({LpbgddSaqw>gm1(I~FbXIYvGxqS$If z>Y6OySKsi-U9Vg(=J)YBf2rl&_{1Qak#2?H;V6SVebeQZD3pRR0uxCPsKrHGr!Cd# zP&g^*tWjdvKzI#IsEN5{Eq~YGVaw<3k=KleEA_!5i%X$-!RKcqQ!q(){*rfz0w=iMma4;|2*4UQv330e8&({=(3t|pqgC=Ws^B{j zTI^Wc$E@OvVb&%p=3XX!VMTd&ppCZyqf=QCH$6)zzp`p#JJ(pSq5!?`5sOkR^_c$n zkwZnD8+BW&W$%kpMBv#oVGOTJ%Ul}^Z4PR+clp=DiY=s&QbwNbNo9x`l#4v4hudnf zn^VKG_U|!Pv#(iS#C*`pyv90uR!1u>dIVLdYT^XJQConR43~+`=brR^KH3|I@Ugo2 zA|qjXKiQ#16)I55zaA8ZJ)}-wNXZWoTs9QamJrb;-Rj@XoyM>nriJ=f#Wk~`wVJU$ zjyIH31YB^(zHvhXhST%?{6HDogY67Zo)I48q%4Sd)ez9g-q~Hn=8Ui9A4Z!o)rYjxrZy%Ki>gEOIJN}qnli-kFqv2<ChiP#n?~oYAMG2;(r|oIa%MACwr|v z2{@4cFgH*}`k-vN3A}B4h#p?l)vWDu=_8@myoveX+8~8&YLi$C&T$9y@D1v0q|uX5 z5We5r?fh5vba;A_c8xxS?M*CW1~KK~fgiEskNKRkgD*!c8dM16SZ}zp2Li!EjjjUe z443ocO=}aT-f4{0?5ENvkkibG>-;{^sWuairA`XU;U$i{?3DfH@{zW8mv;|^Kf9ag z$cRMR%Ao{3JZ>OAR6*6N)A+BcrLN#=JP32s<>nDS#~$wBZnOT(cC`Cw9J2Axx|c9> z)BCmLZ%eNO(pK0F>UnSumA*fp!D6DL_vnNIP;@+A(KAs-AA=OsZzNxwdZd$IhpN-P z*mFO)DGEpb(~sl@!DpqCfG>v3+L!AHuW}3FTHp~szbBce)iz#gRO}z1vF}^&QedJ( zfCsIs?lAXslTa%H+KEgcge$m=v$@7tp86a)C^K)fxRl36c+KnzPTtEo`JBdoI)!=`W2s}TPR;sPuZJiM zj!dZK&_x6c2)i5!tUpH*RLy-IzmgV^F>W6n!fP~8sDbW(z-S)i-)+ME08elRZiaW?WOSrK05bRJOFJOwg+_H8||&h z<*t<*keSG(FpkY<49pY0!62U4#pbO=_+bVl9v>j97J-1aTI((s;IUjSw(h-TD8yJ} zv|be!*}sau8?Zgx-A8w_49M&p}m#HW;d4BPEQoN8cdi)-!WkO zfy!U9gqhj!5rnNuk7wy-RY4b%m}$hFaGhfPBOrx^zO?FM&>eG=SKO)KKhvqgN=SLp zK{)fx3MoMF`QEr<#oFiH@a*f?Pz1O4G>o!J?Qd5wI`HHHzjtO-kO3#%Z{H#SSn|Kw`crIW!0hF_H{nIek-uvEhVrG2 ziuUU9WPmL*;aCTKqtK0;r8JGbX?dD{V6u*zaJ%g;j+gJ`#TYf^cHL7Pgzq&k;l%uh zq(fN+2y4efRR%v*R#s$o-;bZy%;yQeib=hJ3mD(cL_9C=gM?0#i{$z04*~c}w(@c3 z8OX`o1ir?XvNQht%z({TD+0(1V5~+aAd}Bmzolg-`{Yp&H|4Rol)yB;UJ>!M2Wvfz zpQfHY=YoeT2oncTew4KNAJJ0dy@KI#1m#E3^Gm+~f+;_`2^n!Xx;+FrT=L{PQYL71 z4$suG@y;C>C*}3&57CqycI;I2!cxM_!z)Q2&e4}I@FB@hh~TES(+5Q0EMWhgxaDqh z)WpYDxdZx}#oPmG%Ixh7zANrlJlD(@-fXkPmq!pJ5gh>71F^413o~G5&TMAW-LLqZ z{-DEGN9lA{z1zE1yc9B2;K}w#f(LM)P@gXG(ZuB;se`o11Cof#n6JbRK8h~Zu)K1Z z66rc}D+~2^g%G^OeQX$&d|xxT6Pdv{nIaN;(9{{{hm^6q!Fn=-*&5Ll_Q@4P+Ch41sjeFSI_6O+63`O2UX;QK)zK>h6O#m!D(%_#%f_b~IR3YFyN)?If{LEo-fVif>#cg(R7ygwhyK-c8lV=Z^7TkL9Vb zVet3vGvo;-UQi6jd>F$PIdxoL(FIZgy;B_PTfa7X2EV5KDy-6@ z=%ybF`MwwTq)-~sO*7Thrxw;4ZvIc;<+9VkEmnbQ-FizM_i%Xa2TK?B^OP2(tr#Ov zs9kHZGZ$ivo{67I2Oh%@RRw(bSW|EnhHp5AvAmA9L8q%Wf>Ft6qn?(wQsA{7El3`e zz>nEAeEJ=#ExY<6Ga-#8#+hjD&o-2eHo!lfhHg_aen4iPj*>$U3A@KRA}#zJO)yaI zJ2+d8xLfq5$kS>@D(zxBmzf@R->e$DK%L%`$jTBn_~;u(U_Hnnz}Ug%CUb`g|2kpk z*jEr=g}ki6%nUG&4vWIB+bQzTg~^r0f=#oApg%sB8yV|=Q{;iTUWFMI$!=S9d+^wvW+b)F@LQcXt zrbm#XSH1L_P9DaR$|~WCK%!B*Du1-ui>%W`S!)W3NiguUO0&D}xWbFem+w8;-h{Jo zDHA*vqKVI0rOk%9Pf4FNg0V=M@}~IsjI5kixrVYk5jpobwl@_w<8yK>XOh{UE23!@L{)06lFS@5u}L+EDxvlljj+S2QJjI;Lniio3MH970j#LJfH`rmgwf}iUi}?FY~&fUT5#MI}uBqN}DCv-}IcL3F(n^H1aeW7e~3qt;je_ zhL^J4cF8AYkZ6qa?czT3&gQQ0&_Vh;!utJ8AqkGybJ*cdzs*djXDWRmVG#|TzB{=h z3qDprjQb-==Hqx1s8AVJYb)7b2KU1Tp<}E#NyXDD{g41kfyNG_{f9SnCTNFQhc_Ko zj@r45_hvOV!ZCYIo85ncha@A`&7bD^czMEq3<<576EuFC44+|i<&TOECn~jfmsqg} zP@u54#u{4Lp#9z%lq?N=n_5FXdCLJut_6ETcQsfgTwgrL;oAUmt$RkOw5$r+630z* zz~TY15xhM$5^qVpymuqY^yUHNc=(n>e!mFO8aonCovBT-gl_czwzfB!^N8Z|(Z0np z)0>M^aF`)Dh|35o|G4uPfj&q&9(u*7z2%USGdEsEJC-3Hy>!XBZiuyaq>>pl-kdSv zp_hF+=4GW{`Qp~iFMy;)i%mRh4thg=!eB4uRLuFvh9zGu%_IR`hRyu~xgu|;%LEZK zkqcn0q8*@v!ec1vC7H~`UbaUFKpQZ8?wBj% zlVV94ObJW=*g5bsqCDJjLDM|FY~~0i*Hi`n6%@Eh(jnk|dpe&)ext{9X-1IOI07ik z({TQy*Guy#7Ww;fA4;G{+KzTa9B!UMKhPxAbEfyF=&53 zxSpi#2&ue@{E;hhlF1qHg{_5!JZtaB=HBj#M&qy3k%~-54ipYsLlzN6MsSHsEiJ#Z zecw4b^M&zN#Wq!av<-|QK?}TE?YD2DYwt{&bSEmN`3Vz5$;fzL^+6)p&w~EU9Q0w2 z?n{21OXki6+jSG2}bT*GdI=GCwO@2pBI*qzBlS0fEHG9aI)5Pvw zWNQ)jjbLl^9JrJO`tzPQR!Ul+^qTObw-w(GcR@%YLHgiu9IycSKAJAq8-VAhc%irp zPVV`_j<-0z%d5X-Z)$_rrd06(vLU45SN1qN27&gqtEys~7i5s}BWn7Dg&9(gr-gmi zM(wwOrL`ppcjE9pACND#jnC@LYd&OS+v~qI;7vR%0)fC5(ns9k(>P9X<68~RLO>vW zRT^)}tvT{{VB8fjR2A{i6x4~p5uYNtcR!DHk@EN+D7EhRt(r$PUS2a+MxmZE&Q>S) zKw>AfbERO%%%>yyWf%<%9uY`vk;5Z>2;ctx_Btlu+iL7CL0q$axU2%YU3&S@Z7$M-;>Eqr_j-Tn|m;=PGp z_rYuEfyk5G`Jsn^Y};RlHGgKkfr7Lb@@J(Y|-hv!rT$0C62@m zk0#L7B9HFg-!qiZ@yz!eM{HNlCzsJa-7`c^)ju_cPNGf>2xwa2DL(ZpS&Z{$?f%$b ziXR+{iCEfk{LSAlA02<$!MDFCFYpDm_F?LOy2rk4!8F1+q`-2=L5yt50fozG?<7H^sZ z*K(h%;@ioA(}c!Ic2s85X+_M)_Zb8Xs`ST%n~BWbx3|)q$3E7{U~_1DbEC_Un_Vk!RE<ToItZ@V zHwR_H6GhNZd$#O3wz?LO?W!)m)$sj`Sy2_o#)A%y^L_mB~~vG3OPvYyRR*&X#& zPud^p*i1L|ehh=K>*W2(f!#@x-+Vk-@?)bz(%#z3tMj?Mw#hwcXZ!1j(nXZsjL@SL zTGCJXFR_0`!-*43X_@W@=cw4Z(p8ghf);`cN_PC^Ut|t5I9hJ~LWKp%Z=}=MfE%#G zw84COvh-uWU9`dK(}gKNcm)0keXzv<|?!^!JyZ_{&&^C+r`7 z+pEb9zC}Tj4>m&Cjentn{x*foExUqgDh!<-JAs9-rREhMnC$&xBG7fh4Ij=Xy%zJq z+~u3(un?CBqKK}eL99xTc5k-y4pcdq-+OUrQ94iR40o5Lnf|6nCY$Fg2ov9ai~Qf2 zGWI@v2QI{Q{bdTI*4sppJ0e7^C|6uDYYK$lm@t($|y{ zZ*6##*KB!MW~fLA6dW`j5wtsw_q#8#t4vI(qL#*}a*J6j?5}qzH}7)5Z1!I|y?M7# zFFlWLZnQAR)Q%6FWTszD4%#%EOzg0+pTdqjkiLr5y5+{2 zJ2n&aDF=wZ+Z}g^IRMeW)Vy@0CWQH8UvEjA?LqPR%oHpE)*+VXc9HlK)r6;yic>L_ z>sY<14$UDq@dX?9EdrTS7jVh^VfI7d1zn2S8Kc8Kw~Y1StTdi?GM0j*y{NGeyhto! ztT7*?92J}rsNB7l*2t$3k75}<5d!g|DV~b!=;3Mx4W1*l5>MLu{dYOQ(1qtQl+fQt z$ZaDqBE?hSsbo24D&32e9-S$eHEJI&#X)4S%8+V zfKwc`f%y8z_l5iVfs~pi!ZRg2xf05Vl=&)2;Oxh-QQZPK143P`l(-U^;e_LeouWkB zANbW0E_tphz@~{4%=Ug+3j5|6mXuRKO(}5s7dIFa@I;&$#`I(ZZ&lA^73^6_9}Fcn zq#+_YkId%)R+c84$wEtc0%YcE*Mk=kqx8qGf*{^_LBzK2!K{BSY5=4Ux)6P^#=5QB zJq}ea-#F^5eep86#N&lxzv)cC1|dFCrQnwAc1Rk-s0jhF4F)(g%q4OaoODy}mbsEu zilc&Of=^qJ+SQ+gaQhW|ywdW{9&EgJp>#6bB^5nG7xydq;;koDRo5C<;)T*47S!#{ zUnV64pp#{u414|XMJDd8m0J+Sa~*B+3aN;GhO)5Sx}co&G=C4KXNP(?hW$=3e$XC1 z8+Qxh;-GSpBp>4~z=LpkL~*zli9HV*9*^&9J{9^_$6O;5&8a6tKjCJ6A`cKs1s_A> zg_QSIe&oi~(wNN$nE>Y5^MiLHm*yRfAUb;awy)`adZC@(|9!{BqS~UIHvFgzmr}TM zg;aW6iZTo2&IQMFg`Tx2UFyqFpfg3m4MJiGs(bb9SST$K4L~M6RVa)j^k*boQK#dA z(@?HZ=IQ2cZ36>ZV<0uEof`fd=~+eb`QhqYnZ5kH4(?$mfz_eGQ-ycXLw+R8OTS-o zDbQK`O-Ri&xLBY&{kt`j)YJ86WIesvZFLk}+U(Xf62WfnK9zW8&D6gQCT6(P89=oc z%+88M%j&>7N@q%;E06qTs;I$i-Q45jii&hMjEZGEle9a@_7@ z;pqlBVBgOHRO83(@Fid$C3UH7$W~3*Oj03=n(h_juV^_q>FtNEr-(V)wekRx@gvn9 zFVGBLlWO_lP^iHH^OFpVZ@w8Hq*og)T-%@K1@G3X5UjXc6c^q=S8rqfY|47Z-{6q* zd%T=*esyi?juil+@WbK;PSPOX3-N*ni@*%^+YKjoK+GpF?p{^(s0^rg6y-#?6Lu8` z0YIvk0oA1??e5xy^;->)o!sr##s}3t8_(ySx4zl%TT_lan%u_L`zm}8Jjk*z&mGMB zTb67db2Ga4Xv+VSWQmzvbjRU>A=O^~;N~aUkvbyN_5s40%*TdXWqz1^mQ1UeEP}7A z{^E*W%8Z;}sVB%3eVF-|CCOvsNglpTD)<3_g6wA78(l^ed#jNtXu(vPbF0kY)jZ?_ zJma|O8BgOWek8ePeL#H9tZ4P!>KAK}4(Fd+S-bT^Ox+YXtB@ES)2c)ApOBM9Oju*< z@mE(|W{mDh$RvgAeOW(o)~yk zPqKU}^GB{3cSasjMCnlx+YhV!SNawa1!qVh14wDYCLLr3ABXu$9L8P!wDb;!>gD6} zwKIuKRcgCx8Lg5J%^;jO10fLPd5rXa^@6>H+{%grjEk3yn@sLD_|6kQRQk(J>-S`TagE-k+9J>Pom7H~PV246A?2 zq2sLHfHqAT=MNUWZU4q9!oxf)kWybN?SmoLbT-rd8OL^EavBk@nMz-U1i)wsQ=f=$ zuGIIQ*X}3ObbOt8x`71|lLc0Lb10nfl<$jUhc4*TgCq}cSp$z2%1iVRr~M5OzVpY} z;!~6!#9?wY8=am3e4_V;=I#;FA}HY@E{bx$vj!b3%OT}6TlZjJU|vEaY5;7jbTx5G zm{>3j?YhzbH=scrk5k~L%4B6V#XYC@DqeF@J)OX;k0du*_7<;*-0;5Xkuv(XJ=y&j zuick8?T+p9Ls^ohaUx4zvci6EeX=c?Ok9oqX@o|P~fYZKlDC?_j{ z%3J>srlPp+C_%zF^10wN!EkRU<6qW=I#2#|1B$719?K~h;MQR|RnM0kV<=zW&<4)( z91K$u{m#s_@**%7#)S(y(ND`wy{36na_-UI=Xxt+nR9`-bsjc}0jo5Vz%&Z;33a0H z9^QDPM<5ilQJeh%YauQ%eAkjLV6t8!&);8nQOePo zddz%{1s9Y4LFW3H0jZ9-l0RhNXeG{mS4{C9^7-m^SC>~u9A>7k2Q}6S@>TA^!D?rv z!0SM$7;Jo9sP2j_bQLkHFtVGdxpN3WZP&!QIve!pz|fe;2I>I8*#H6sx?*ZL?UNcE1`D`_A>g}mN*c_6wp2agNrSJXZCbs?50 zG61Z@KwYS#M^#(csVKKv8bsw*^9l9An9nSWb5I#M`x^ctFMV82vsUF?-gT>EU@0Dg zhec0;2-Ua0FN2=k{8Zt?F<-N^s-}Q*eG#7-yBWam`~q?I4=AN}vq&tUDFD;;pa;ON zYQhK13}a~PJU44a5JaM#Xm{BBSKxKA&p`6JJR3=ZI6&o>qI{2r%{zViq3u6*ttDHY zwQR-YQWdM8DeL~7XDqb~m9nu^zsv5|>g;8SMGVF1i&XjuUVLwrjchd!Hd0T~^?MX= z8ueJBeQI>cuyE(1q}w zZ+X7Ks@nBc(MGlQjDv-DM}o6G_Pv?>tt%hTJ-aeDB35ngGB@yq@8Z_()ppciuWm|@ zU)Imbh9M{z74^=3aQqS86;oGk`vUf7!^V%2d(DN?~CS|KizcB{V1jIa81va;TPh%PZG%r z03Cu0vF#2dE4S|zBu%cxvz5H)tBRGLk9DDb`s6?Zl3L?=h1&UykJL#ISZvD~s;_Nlu!YiDbW(JvTh3$T^< z7~ei`-F2KgFsCQV(d9_%TVbLoI_?Xm*5WIon8??mV>sYNLl(cCQNaKU+Zpmtp??h< z>6-rj`wd4*jjKtbn2lFahxk;4zrU>DBChlcA|J4Z(ZN^i;Ew8RuIb=X7NeSFgwy<&dvulE>U8{hnE~8}5qw0v0f$ljEB3pWZ z7O$6Rd^Mu_l4(f0a&0o$#!m=yP+OO3``Y0Hma0V}yi-p60NUz4`V8BjP3bw9G*N1SRJbmh~%KxtRg_s1h3 zJ3n*mt@OEH$%qHMK>Y)ZXg|EiN8&s_wbt~T+;E|K-Oe-ZwcyuewXQ9CPElH4YD{0`r-I6@ z;xwYSdy(s}-Pdl4PI_L#b9oz&p@0J*TD&-MM~tknfcbK3)F- z;c*M_e8U%p6b9-Wb*&tZeEU=#OqIR>Vpw{R_8AT-O)u_0s}$BC8Bv*qMk z-5uK)Bw2t?nXglwd#p9Muf5TOv_daFV*=qym2b-)$HOwD2W_6(1b50tV_;N6a>=qMg`MIZ0TP!$PJ%+(7zn&Z#&0 z$9|^@J}wb_rJS6@2A_PFp6fouu`w)F^5)PqDtzza-U|-Wt(Pa^V;SEw27$hQd_9G! z4;mISCtZ02;Co=tB-iAJBL5k(IQadjbAH+RT%V42MHmxL^w&iU)$DBdn z63!#PFCRt9A->8uSk!uM^=xkP(ko=PJ4Yj~57MnrUpfZ)L)CuA>BsLhw40lu6A{#< zU%??Bzd;`M{!)bQiSIC;Fy@p8L{3U*w`vkAF%2fQ=Pd-k>Yx5&&-M+!a`fZ=Qseo+ z4RX$_BpeJoh1c;9KyVNf1X_fYZ753ryx(&Ee&%fk3h1p~+i$kAxE%%jQ>lF?X2T}G z@Ask=1i(9p?YA}9I~hj%igB+P1QqTv-*7w(1c98QyMQk@$d#gqA}Hr~?`ax1&K-%O ze(4Z#=I2_yLE7Ob6~|*upxzg7&>m--eOb;@pr_i3xY@uLXXs@MDKXvWl;bckn86z$ zNIddbAKf%mxqS~ct!{qXncfb*bE+fud5)E|fXp$Sv?p}NxVm)RXjm@Qh)JLfCOYEf zr?iNnT-c@9!Fx`3GJ#0Qc7=OEX>O|C`)zg3cLQY9(CfCG3B^W zCx=iai!*ev)e~Vb-EZ(nyMfzWd04uPUmj9>GH;viMo$P;uDbZDhrv9elb)74L|;(^ zP~S0?>Y@0(G2b&)8%N2;&)C{B0GI0dY(GCH6YTO_O6{q6ideNpf939;=QMC|XKU#j zV(qHhHK5^ci}H^Gx(JFAi=)MS_{m0IAIn8m%w220{cNtf@$hH+4z784|KJ3xnYq-R zW>vq9k>EWe|EM*i;v?UmWI!i^r(95HrzsuRDDNrQ@=Dw+rzXSC7KTUW!0t-t8<@W7 zhbm=n@6qX?iA<9YPOFgT;}aO0?bv)YtgCUpF2BifPgo<#^-Id{JD-NO5Z9w%;cFNZ zX#i*}CWzKih?b&~5Q-yT;u2YmuyJNzSi~ozb~RG;xu|7|fipV`MK3z4jM=0TVQ2*R zpib?U_JZ)&g776HEyboC^$cBgzm}&-IE%-14e_)A2TgGGsd(>)nR9&XiuFg@+r6=D z=uyg|?QA1bRc|wv3yDDA4~S~p=}By^)5AphF1SG(`4V9-2CARQ`^j~(P9D~y#xNI7C()ps@AFG=3x8|-R;<%P}h zYO!_ej;ND8*y}fauC%HrY^LwASqU_Xk;i#VBL=4m)tBT-l2^`2A1u0!KY;JpDZ(#h zf{l(0ZRHN;U{J%ivdP#96;uV+^t;mh&*Xw^5-?Z1ovi9jUT0Zb5@DRzF#(?q_#IvbH8Z_iA}bi?y2pkFjPE*$7Oyz+kL=KVa; zdp_?ng~N}7r14vk`KMgRYd<^5AqM(<^;L!ww!c(^xee4G844NcmVO@UeYfoqe5(Zr z&uO&IKrLn^ZLgy*h>gPgBksTt5bHFWhx%YJ`+8@G$H1l-itUi`p}(x<>j+&&(??h` zQ0c_G1tgH@#YOH%_$`U0Ci^X~_P)}f^fN`tmow^PB13`|{FI~Q5Gj>F=<=MTQ==c~ zE58hhL0o4M8Ik9s0)Cl*syPB9QV)V#hF=1>B;0} z?ir|DAN<{)QdK!5Zm(pPx*S^JeG9)ps^vL+fwNl`1q(94u94V3#ty7(z}FPOt`@BB z9nhfbA=ttX`^kO8Ad9+FY>bR8Q#;n3`yCbDsczN_&v(boD6WuK$oMqY%-}iz0a)-$sUC0NjEY%IU$P%EvxBu_yT0(9^;yZLCv`^~9mP#s zfl|dBx{+_(rFtH$Re3(RO5X1}m@S83NSqw85;JOebIuC;4cfZ37>^2wF~qS{gEXM2 zm;knX-qeJbbR35Y;71LB*<0`qA4dLw$?<#YMfbnOI_R>ZT-OK5h(SsYI6qW3J%5?} zo6H^;C9hOgU9~ccE_OC1uFT0oYSc+w-bTv6VfYRktza9v=1^UPVJatQ-4V#jX@n(A zac#}gpa<&`=@dSuB=?8=M<839m3nndpzkf;fZ!=wZT{5h4Xz2V@4d>`6J#lefI?AP z#yt#$yt+I&Il`sMHWxbv9@vOiCeu%7uQtPe%qFy*zh7>uQMow>Ah0k!)TD^`t|ZCa zZJ(7MftS-k0xy2OWpr&(6DYtAmKAObgh_m^f({amjCL|q?Aqy>EOh4cLu>iU*Z1AA zdylOriVOC4`490eR!&8{NGKJLHg$S->n1~8qF%=U_Wa~%rNJmLu3Qoff|wW>PW_lm zVEv8Rr=v6(4%X~h+S1$sB5&FQ~ zxFJJR{?_cU5=IK>5Os6oKnP^17L$OzKs({6TbetVbih+(jk~$j#Go*>UHnc<@bg{SF^^HH9w8(( zucsGozc?-a=6;f8fQ;Z{%{jyzWX@i!1iP-`Rm*)7$Au(7=QPf7)$hu9 zi_h1YsL>oUy54stX$5r@n={Vt&rE0@u>-4k9{1-uKO>W9fT*^Ym4j0|%_}0%UKbFO zc}6jpj*6f;%*3r^5$c&?E8~s1V;Df2^^&$Yx7TPrwV+ioN5-gARt~Flq^E0WRb-z( zw+rID>Ibg3Uw-pJ2$7LScMpe2PqsIowEBlOVE2DzRTUtU)JP3LzEdc4NLL7tV4lyj z!^3j=OA%Cl8m*qt1p|TiIU^YR!L+LbeMD8bFaR&&5mb#~fz(?5fR#*mDE90Lyx7?X zg4ULlh@NaQ&G9;TWb6Ax46qS!(sXzG#8Xm3knf?Ho-7@?+dCQN^x#Vo0OY%;HP~`C zu`}n7hi>f)8?Tk%cRyZNFOTT)^yfJaRKGa&U6oV@)FzK7{dme=(Yyv?8l2V*u?*O& zz?_;z`Og4P{RuuBJq4rgz?uR(_aQusKs!ED`6Dyu)X#0tU{%eS-<>jHk)Lv?JL)q8 z5idWJXx8Xz7O;r77lNS$f5;&Z`rmK}O*qAK03e~e2Zt1WpS1jee~JS(T{{4b0FIh) zRRDqH+GY1kx)Rwm-#09S2Q|814TJ1=%S044^`-Cr$V38r`I_owWFG`uX53qktkTYG zInMq(V~8{>15Ok`s@>32Leu%!rM}JiD1O=_5O-y^ov6r!$6@9SU=6rZI0>KYxZf$; z{uJFQuAsBw0Db@C1H{p}wJ}?5?^&;xJ@3B($TRJXa*~U2Lm~QjmtLb4$ZNwM%$J5W zG-7t0o~o3+dHek}lh6yVU!n)a`(2q(@o>pJ-INfJX6#vx6Qj5WOb&v;k2e8rSC-%m zN{mT74Pade=$VD46|eUGu*BJ1*w-A^nKX394>^RnmNf;YpgNa!|9WmtUM7{aCf{R< zl@x3A2chkZ4<1LAL=ew}+nbG|h{Ufm0J#6E5Keq)VBBgcee1YBv33 zDOO0YLoZk;!8Bk8P8!W|HofSG(4S<}~HoWFz6E>3j-VhA~Gp~%} zP!SK1iG!Z+UTb#=1e(!3ow#l3Y+%=xQ~wnvUX89Yc1^eRibXO{sjq3eMmn)31hv0A z)5S;TH_pbMTGbrNe(Z>w8SS`5a*h{a@*ev{%u(G+A0elVEdzlJ^BrtX0Wr*?psp?- zcfuja#dV;Xnf7ghb8~1`Fwa|>5ha?c%4)Qnh`ANf>u|xD+4kuUwB9)~5>;>Y$%s$& z*h@P=!K?8ehjhCI0}_3_HY{hLh|jpWAIeoRVY)Fr%($2_THy=e!`FrHsMM3hR~xh5 zP+h`xXD#Y@NQaA0k!IBim^8!nuzi^(%bN>ipd_>2#_Y|3J{dmT4!j1wdD1ONyI_eO zic+`;a?3B_xd_VsX|O%2Nv8`Dtg%nE5iQ~UjrpXM=`7gd09Kl_~62$Ynwf8zrne9!256o55>Gk?JJrJ-aIgW>=_Lc`|@Ah*_Ojn=h?fIQ zcIQ$(fYUxaM?~MPY7PKFM`zdLAl#}l9z_Jny=C27a^_-D1^Ffbry%6%EO@zL2s`U_ zj?R_%%qC0%?(B?n7|bQkY6(Lgdn&)e%j_dL79O>LwkB%zb(Tr8g!%|wLM56#YIyf)0IzO`* z2nBn##@SEWFK#^CH~F==M=e2o%K<;5%gKz3CS0dHUAr6Qg3p4)4bD}mEEP15e=MVm zRy3L%_y&F8nF3Qs3NdQND6kPlY_;r0pH*DNHIdAu%~Si#X5han^sgTgK@0>*w-9hV zid{X%YpFrx_g5dw}4#aX=sK$mPKkd$l?=kL?u=1mgZb)9Kx$mwAuhagP% zP3H9qZs>jiDE`|n5Z7dC@!qFtST-xew3??Gm_aNbA~)7lCD74(M(P9V?)fig9HS7~ zx$R%Ur5}xCFk^0jB@u&|p97960K^4cm|;8VjeG%)T4bx8qORC9*vu`c==i7u?6)xv zY^x*zIT~-!2YW*?Gh^s2`_4b`XK*pt zQbrib;EzyamNNIkut(cwf2RNpA_U&te&Y9 z#^aXOp?59E+WTXGqdzSu-sd5zFw^?O2VAcvwdb0WgMqAsTZ6rn!0x`I-@FHMOl>n< z424-2(Vraln=9*vCyJ5C9W?Z#9lp(nafKcBug`7%dX3hkj*(y#nBhZJOuGNt>Z&Qi zBH~NP_9T$*OE&bVp1193x^b;ATe9;fhhKZ@)OB_K zU`?4S+`f3*v6qXl(#wq=2wh?ViE9DHAI8Q@?@(Y_U=2vlR1$LR$zBlWGtE`wGP37cz^5_t{VAauQ zG6s$ESf4iNY26wE8ZT<{Gm7cqjy@^+eN0uY&w9K=PT7(P?Vep|R`0q2JNxk|utyCU z##^;g98m;A%Aq{25P7!#))cg83LNYU&S6x3L_!6RZiW9wkKtm__d3n1P86DZ2s_aV zir3we!>kdj;F^J#c1(<&U|Y@x%#ajgBngUI>SB?JXX(B2m>Min0i9E3dWA~gl?IR$ zT}WLG?^85~c;|gm>%D0B0UFF|Vb_Yt`K2V3zXQ%RVt=G{q_#3viEH?^9ar5!3@IZw zK!SlrnEeGHL|8rnj;fG})R3LGIzz^pM?M$(1C|Yh(%V}8G6^)VEV#rXpgrUYbVLy^ za?h^RSIc*tWqR16@cuXMEBenrg%@3u6%Zs>Z%M>(09LO z1WE;jBSHMGkM5s1*cs84_U%b;Nl2~OD|L2ICua?OlJ4- zM!=6roAXDS4&2!ExVT)Jt45FfAqpNAG7Z<(KhW~snc<@WSJzZsija&m`&K7t%}KhY zi_79zw`JT}FV$=KqwA;2W%ex^jYvH=kC4EoZ};%nJGSMh=h*-vlaqw2O8n;Zdjg!1 zI-9Dm9Di6X>p1rv8vo{8ery;RoLmo;+pMjnk#Tp@vL5Tk*1uZ|94fW{gQQ-Usheq5 zV6``GoLy5xV=+PKb0V|dKCW2g{?USKQ}}9+Dii5Q%C!$+EROZt_F9|HN`_jBtO7Yh z*eL&Dr^vH6!292`zRk@Ws9i;|U|Jk&>#&C&#jaY`lkD~4o$dy6WzmC;(bq`^M_$eD zMo(HbZ9NlFWEbWPm-JGw9xCO*nawep4Z`&xx}eBS(b=6DKdsSC10d6g>kZyJ%b^Oh zzQM=?5(M%J$bY^hbMvs=`mE@AJfPDT+rTzIKR2(X(K30p@mw%B z*>*rVLQBSKekHI^ndQ#PC$x3Te#!Op>5{>E@mIjPd0kO+TXa{~tM*>I-zAeIC<$AA zEJB)ZI#efp`JCUZPp9X4miErv@>_`X5qSe8bavNya@t_i)Xp0&R*z&Vx%{Fd2V2!< zGFI)QMe}T$?jU~02A3dHuN;G1cZ{bD9cWn2-&hd%g?!Ru6QbLlR}iNyB0mvZ-ugi0 zQ#17~In~`k)k~BFs~HF94A_SE5C4iJ3Z%Lwx#Ks)FJ@i8STN>7cPY_&;)7T&X5&HK zglmoCA5Ye-DSgV}d-g#1*!o?bT9&v9=Gi0qog! z3Cll5W8a^$&O>}**JFdF=lrfA4_y*q`UOaML01+$zP;+ zd=4VV&qUg4WvR}_C(wkDfP4N-25>kaMyeArZe|-@3}c{bnTOe65pW#l>b^;W=;mgI zfGk7+Um3*om=51lwHx|GOSRxO`^u->)*Ade+{mS%A>RKQla*zT&Q zzl`m-Isq9Wv%bd3@tRx(?

mj%;BTkN#lg6VJot1g|ijjG>f9#9Sob@u;?_EvG*DF~w zM@d3jlr71nzJNx|@cU?`zXzZ`+=e4tch7H*O?vZ!d|9`rDyW56$7?gHuw*SBD>rXOh-OFs}_!Xjpz6_8B67OdT zNAzHN?ui9X6!4wly!4StImcwk`*XlHxw;ierRyed0}6R(v1}GYeHCiU`SY4zYeeh9 zI-_`EM4{`-Hw)g~Qs^vZ59<34F6 zE*h~g_(+NO&+`}j1`gzX|C*0GsoR#5+y3lILsSPC7seRf#TI2WhNfC40_WNTY@cTZ zv%V_KJo|;|EF;ePX+qY5{oUXa0q3r*Oo;bVA^SJCCj>IRN3L%jGUq(MCMV1rtJpVN zR^!#w4L>NYAgyK+^6+AX>f`ohOM`LvN%hPq_{d%oI}T6pGu?hL$xsh$GT*w8;RI#_ z<#*q)zx(|atLyK)R58IL0qvnnEJU^kqn)RrpFKup62uZGZ@BY0xl&^ipRRaH@o|{I z%Ty$q>}nks7bFiYwn-Ft5u$}c=H)8g89L#+@c_UmjleI;+=Xe9fj`nS3{>6<(W}co zmc5($HE9C_kZ`_H-8j8I>-CEuGjUN&*$?D6RLlSd-W_U^8=f3 zHD3DTXCFnjoCV%@pUd&%-|9*lx#GN=nIz&8Hi>NPaj9L*p)R$Iv&p5G(HaIVKMT@h z7bzq_ygtS|9-&gS_ln1)U7H0=Apjyy1nP5lvMz_Ur#9@ZGWihug7gjexcRFX0#?wC zd;P4FS^WLlZ_!U2TDi3QVi*D*-8}DmaMaf~0%1Lf-Yk9yso*)(9 zA^GyJl_R{@vpd$oijIL7Nh`ZkUe90eOvunuPc;5RW4!j+>HRg$Kveqs$7z*XY|(F zS!9?r-%UiP`0j45ALsHgh2DLjOH@lAuyAu@O_Ydz@t3nAsn~o9Td0;WMd>{$ys#~` zJNJD!Rq6J{qNP!&wfj=b7cd_iw8Z~Rr!`QKAF=9Q2@;Wi;p3DCA29BBDcpv=jskTK-=@+g%-ZWdo&tg#oKH^jalE~F{MN~_mk;R zY=;*;uz`ou$_7_Kk5Z((63-;VWvFLXEzUaK{iqx7Wvgqjr*2wx)KHnDe5t;{oV;+J zOZ*mXMeqBbDU(O>T{pn$s{XF7oucIpuAuH!o}uqmlrryO+8#b^0i2&OkRd^WiAsc{ zNi-Qf-zWtdS6{z6SO<2t_EoycfZ$K;o0L-Iho>2(_XY2?v39DppB}VuPJ*yHpvAM*~ast5vnS z7LeA@@D_DV?X2ueOB}7(YO;h?i`+6pet}(O8uOb)%Wqli9^Lt<&mS(4Qa`wh5lSe% zE`~Ur2GZ!m-cm}(Ua5NqCW|-c%i<5uOx;K8oVPz?SR!oSw z^LROoP8;(fO$> zcOIKADu!r)=DHCMV|gtgfgvz*>+h-Qfnx|RUr}v6;?mAh z4zUS2hkDBuR+b&r6z?^toJl9TJx>c7(@SGqJ^&Uj^tVYM^id$qbGvFWlQ;UGN9}d|55=rTfewfd;r$uKK<9jn` z4>T5POggh}nhbW2yYJwzO>Z`EESQ{>c(xeoc6VV8xIlgsVT>{d31`3a^|oQyBUPPG z*P3tI7O=0Wce(bx1peWQ$f`cn>g)KMb(F#NCA~2+&CcNbuGE+-Jn-q#OBf{H07q!N zsO?Xohul{?+-N4$#7liBVhsxnX;nyqn#2Ge2TOebdcTG?Lcp(pm;vs}b+jg;DNyTA zvcQ(}0^QFpJlu}ILw~zm6#kp>#W3uqsPkafB;&6k|9q`$(UgMaQQv-S#|i~x*x=FS zDx27l1d*8Br@cq_Kq``Nxm>lwX+D^0A6EfCcD!Q8cj#UVYYU&oz$cXR6vY=ugc zV;$zpO^eC;9*dFf*B$J1haQ&gn|LsxL4cb$pXw+;a0zy1Ia8H2He90g{(&O9naA&6 z&P4tyBKIRqQ&W@r1%DtNr;v${iqEo*YN2m%D%|GPiJjY8#ky&OxX>`rr}8@ORdEY{ zn;Kj6Sf;?)j|(K9;ciL7dQx)-VeG|43a`48uec`Bu4{lz6?$0GfyCbXqjSNg)ypw)cdf2*I;;}2a7E6>Ojq}NQ(z-_f~wa zl_BSJRVJqWIV|rZBHXLU$D$eh-?o{0&sEBrTx9)WEzU0lzTq)Mm3mWcPY}CAl^*UK zzs%dA@nuaB_3)EOtk(dQ5O<&7K%ZASp6M!d>fqrL?m%HAtJG$(CGQK(8K^;jV|G}{ z`$$m2zr2dr({znJ@eV9twoM{=2V>i(10(HSk)M|J-Vp0lYl@cQwurF#M9Upf2$J1< z0}>wD{S3T+M6gJ-+-L(CZ1iT1iaNbEW@>wo28-j^#(^a>f?fy)9m z$Pr6K+@BR@3+BBg%y-FyN97LB3vbWSZn6*<;(;}uAVcq&18~u(G;Cunp$tsADhNt- z?eCmnjsIEq#e(R$O3?^LrI92+NP+MSVaaiv3py(F#&2Oz4S)JVW~0k)tRJ^ih&eJ` z9meFug|bJ{QirnK=w^)#jGAcsrkcD7>aQo>wpa0V8_a=H!(Z|SaGHNExEssJpioiBI&7?af_JltJ9AU|0H*mg%jkPnz$ydSJK}${*aDrJ4k-7AdFC4oaX{y8ZDLbW4uSQrVhV9Rt3q- zAsegVE~2s`c5oV6kYC?1L{o!wC4{4^qiKecCvKG+i3`OUY5dA#^~BEoZ2hJb@m?23 z2rTYu{0WZGG%in{TGIhRLvfE4U$eG$*`E^yHL$vsP`u|ue?gl}jMt#CiTj6r1L&B{hFF?{2XU>0P9jQW_U0%b=4o2LCq zY%15i#s&r0rNiyE7Z_hPr3cF~R1;R+;VKaD_|i3JIm!fpFi*?`Ps3Sc|* z!>N=_mcAf@S%BseSOZL!i?=}5L=JQyAyTqz4%C6xs0X7teDOQuaohIa6Z&yt#6l_| zl!Vq9cfpQ_6U7sf@;eWrqcNYV6|NsXe8U!V$1uO3apq$c`w$rH0f_crZ3dXyJ?p{T zNbZ}9PfE_{+K#lbC{Pn?^e7E#r;=Fjmu7>81<1n7x)j1o{~9=D|IYyBkOy(snZyZV zNkK``SZFg&`A$RC`kvssWsJ}*>K%aGPW?O10I5`I?io_nKi@s2@bU&hD&xh&|G>|! zD;ENyc9V$gl=bWr`qY$mir$ zF`eNo>IF|JiF-6Q*>mDNeU8#Kq|qRSlI1*RUx7p5TJ=F|znB=xC(%8B^#wR*C#feM zNHyvtwjjM_yL~QBLWkc@vOeguK{A|)T*Wt@?=Pvol4G8FMr5<$IyiJjfIB27T$#+w zT7(j!)EHep&IrLm%4{0tAD)FE=mA=K$WQcn;^vs2Wb+r6(PM%DSQy|tf=oY3%ubjA zX|MFyc=)q$w+er}7>k!g@nlCIMUyYwaMOq1uP#&XAAmh7R=e-3%+o-=8u8XEKP{3W zlbtD$5Bz?gnAnUK5i=ua0 zJKA&?s{8Qi7ik5T@c_B5dxYTawfS^;nSyGGkk3gdu7&egZvU}CObJIaF?@FXF(EJ0 z?A?J}rmz9NKH<1y3ob{V8Bb0REEY&~)C6ehjvu&;R*>}TuSrPZB^dz^n4SdT;sA=5 zXsH80jR=FaPPAld2r%Dqu_ftYB`DltUt2UhJB?(xPO#ZbE^w05wJWD|bR_v6kP z{e9S??BM!fujdL4wsv$%n3}lavRtrCmrGFO2F6kfU6*~-;mVvaz}M!}Q0T4z+@K;g zz+X43i7`EOJ}ZrHo|IM;T06R;@+XL1^!j9ad^G)*nAn=%>ZFkjT=ZIZwX`mx!hL?u zMfK&=kwV9LHKoU(r&DUWG%US^719gg2s!tlpUTcM&dcBxVT|wStTQRNVE>&wK|cVX zUPG|1KF>cJtaac8pliASTX+VMe=bj|#Qa=9p}T}(u0o4@2IO|xLW}Gxkv{mV%f^-R zOBe!vh2A%=1ZqtKl(ECVzL3hxWL}#HZdfF_ViW!dG3WYj?q)RohM1X+E*E}^<^SZw zz@*%8_ycr0T{IMVXG?n*&Xp~go)4>cLfHAPcBTJH`X$I?WG@u3H2M=Xr=e~KoU z;$Q>bhiwiY7d=T$nn|Tcn#}$t}#>%ek=z7T!2GDo>4U-y~)QVP+@Ol3<(o6Tw*Xq!V+;m)+nkcP` z(xv#B;#^{6mFihM_ zXJwt94_PVfkq7sO3&Z_}Cn!@6+h4Q%WRY;2pY!p+W(^myF973oZ@jn?*6Xp=Ty5NB zIRl`;x5~q(`Ef?_xRILIxY_}E9LV3>=waEJH`0?s-n<@sqIl5!B~rfPg9~C=0##QA znGFkQJc6%)-UF}3kWfHAcnv8X1dP$%`q~dkF0#1BhY(2m=rxTieN~Y7n7L?THl7xU;y- zj2(VLD9fzl^Cq>^5Aofr!_{kIPYSPk6gl;0c+c1s>!)~-EeZp*#Fe*h1EUfy>GD!( z8Lu_Ex(du?bUA{!7($8XOuw1gFa_qkcIj=E4^>+rDRJRG&gVY-b8$JSZ(d&k?F2%4 z%PlTh>(pN9>H)(w_0}}ZqJ51Z;_}d=cY1m#xscBS56TKKvC0xv=+2c7)bOr-&KyU@ zKjU@4TS?iDuWtruwbmahF49_b)gNk+&$&ZA6p3azX(+Y}pZ1aC z>t-j{AG#bL*`fv8<2sgxJ+bZ-x%c%h?iC_1byWZx#b?D3M5Xo) zQs%k%b+}4B9XwRG%=paquic^suNJesN4K?VC#Z0uU(Scqn{Jv!g<0 zkqe)dF4rl4VRMar@e}vPn7JOj|IqlpYrZ{7y|zA3wA|rl9Xe&aS~`T6Xg~B^lqo-} zJZoM|2PYWn>^eKuiP}Xx($iFoD@p$H=Cy$HV7JUc8VkJc=@)gI@pTtq@}^4SAH55M}F* z$@Oq7w0vNLQ~0M`||`9y+-sXbvJ0gsKPZ%W$Lf(@*-`k(Inn5j0~to@)%% z;c{yNH~(ZjlqU-*&_U*`Y`;+Eu(fRQy$SkkazT=0o(4`abtA=iQyFZX^30=Xwgky- zv&Qf+&x>%-pI!Esst=~NjkWAd?NE{@@Z1ounb@Bt)O}X-nVy#?FQWsx)FLO*%2u-G z*%J<;L3Q3?V`4AU>2+IEkE?YL1xWAA$&b$-B_r9>MKK@yI zsjKq)gfkG-|w0w^bMenGYWK4JO z6z|M;Imku9sJrTeyH)%CWjP=IRzbGb z`MYg9ov-14dYH>sJ;X)qv(Xr3?~%$PBuxxsCrH2(jAwHLZLjWJw|j8Dsm)7Q4K21Y z5e)bHCU1o(9EcS>d)e6UN;NLxkkk;Q3OoxMDe{|YXkRtHam7+Me+E|K|e zyK}kex-vWJX0II*nUTOt0*FiBJg@kDIUD>RnA3(ajfVQ6_bx`zuT$K1cgJ;ku68fO zBW>ziR@GH+P89E9&Jt}a`i(~$7>xVLR0^SbeO(FMHf~0kj{f`!jeJKeaKjZHdPCG~ z3Q%Fk@Rw<5`$eQM*`2JQ7zNwXO!>+I5fk_;YnY4o(%*G(m8I4L9`0kC5LG!hgL|efTf{hmv^xjdCg^o;CuPqRx zLQB{gILv_cl5-4ov1Rp+4_W{`$!y|)w;bPM3OEeat3Q^gSm0&1I+twdx$CGN#8}S* zW4!+Sfti>B;H2d%WcUHqfQz-Y1GVig`N}D-N!9@Uzw$|iOL8}IUzh)pNT8{XsST4{ zq*pCyVD6Tv_Fu%d3{`!qpAjo__^xL4G!o7wbc=WEk?O9=%8ZPVO}TzNIwm)GYo%WR-p9DWAsn>5rSwXTg1Y_lc4E}syqzXQ@_ zS8T(N2EQXd==KD}wbwVfvAF30WO5LGy!;fP;z^)-_R*PB`PGS{H9JQ*K-KsKNwFlc z?g$n{j?JOb=9A+?dC@9wSK}et=O?<)OYY$XNhPH|Gl;7t7Y%mJYS!8fnS4aj!Yr0!lpdI)in|1|Cn%T@nnp3wjWt z>{hFZp2;jLhKWi4JzzK9jB|DDC2>{Z?7JW)>mB*i+-}=FB16C&&&5Z^0xXIZ8nlwYmcuBoc4IMh&g4GB>NREw zxf{7S38_Y=$x&qyp6Tvwz&UxikXoNt@r$Ys=RNmMTBq-B*_97~HuLhu(PH+S=d5&x zl{Gk&O~q!?Djr~YkhdX|6>cHN%~>xo=pn9mIol;wibxEAdYjr^Lk1dY{Mz& z*g4FXMO4Ii;H5eB>iZ(WRxES1jge8KTa3M6O+WYr< zWY0}HtcB_MMkB2Yo68O71N()%#sv>Sk(!mkH&(<`EdCiyaaWlztoU>0LxHEaUd?Xg(+)hH6zO~^uT^_)auG@6aA|1)mr7a{h{Qf%2rhzF+JY`m0cfV zzF}!ChCe(E=7^i~+E2NUx=#D1z<-cVkXzc@@PdG`T=w}RDOp4@J9%;8dtZ>>=0i44J>0jr+Vc`;7z1rrBrrt!4j#*zTDA2P< zQ;+J=Zdh_cCBvxut^`Q=yLC^BBaUl_OG%D^SnZDQ|Jc?;%DBGZI}kw2=l&&YV=F6F zfe4k}emk@PX!z7ac7*TSE*HFkLa_z+9~aN$FOUoYA>9|<^2s!aT&T0z@)a`Cw@PG9 zDdM(PA2Iol8y$Q&YguNI&(1#rEDFSRJy~&KSaGIt%}K;; zUDt_258=jNjeBqW@x|^<{3k8OkHhXlh}KQxpYxrhY>!lSc%yWxe6;nq>K{7xD&3eY zcAY{ucGw>cCq4@`0`rQTo9HB(dmaEplH*s%Gy8<%##HHRsZO)6NYqP6QR*)?3izgb zEqI+aygFNri_f*a!Gw?hZGtTzQs-Ok!@O;8`tEb7n*c!nia%f@xHQ~e0MTJcU##xt z6(HVGq9NZ=BuatFQ`W3u&CJt6_4frDv5=6m5CP) z<&^))!Uhsj=*`PiXz$ip;R$LNPSh)DP#aO`vx}57E8c9h)s?-P2fyXBz5isr>CL5Q zoo#vR^7~@%>piBLQN8{|*2Fa))>2<6v}ctMyV`UB^^4Pv`rA-NJ_- z3JQuxv4?#{Pv3L_k(pG?NzCuh7% z_}$!%Q9^;>?$J84YS}zx){3-FXTMdYCsg5i-Ww0`qxlN*^tJ8hrJFoQLQ!6AY=?*t zS%IzhDW11vG~Urrv|YzPC*vuW8}l>cJ?-BDzkJHn)w4cLFc2Wa?X2^9bU;sT04 zj5>8n!>KCOR_PPwpq8<#P>ru9;;Rn zHm2E5_;a&};pWjc(!!jk5;N3n?tO*JLHw|k-IyEfpe!6Mc)H~nRk4JXpmt6Yl^7iGh zZH{(dG-a^Wz*}B@bux1@1_cw;RJ6D#mTNFu{v59PE-#5-+iW6o#y~Z4YX`UXE&$O+ z6Qek&CG+#FY?ah{f9&uWXxjkD>Ma=Po`YFw24j|C?XxGcBY8l4bj$Xv*aKV<57t|D zRPPubWha`9oO3tM{3!5X;H51s;JAYwdRP9m5AlhF0G42Ru&LS{J$McUy~96E z1>JHQmr14xuDTikc(xH`sWVP{>U@uLsBb~oI$hloFKvPOvA6k+u=9YuIZ2cPnh^m4 zCleQLKBAyiKmbddzA&6ZMb*dGSmdwbR{Nt06-|*?}J>2!&u7{|^MB0}gOY?M?!bV)i3^{N?m;ATSIM7%Q_- zk}a9`YMUjWh#qP)DFzpnK;tpl>@zB2m{4z>jH7Cb>Hrh|TosYZm z3xKo>G>y5eo+7vlGVxs(ZFhcvl=BSY8j%a>pEKQ8M^pU8{VwZ+mP#qf$vd#mtQAra zcXV@25VKJzB&;bONu%qSeUT4cbNqbn+jyu9lLX+unTWQ>jixkpCSg~ADVGwRyx4>! zkiS=)_k!a0tFnixVv1*qZxc{_65e0Fi8iUsAbp4`=we-{J=>w;bEznEs;@Fh=Qxe(M ze*6yn`q0`W*Wdb=fX!S!#&E)5tl;S24GRS=6fJob<5Y!pHGC|UHZyzOhpII7LRrP| zz}(&O6mEJsn9)_}O6nX``sYBe|Eo?9`)!8baNytH(*bx1a9>(2|FRqzS7#{Gz-xH7 z+CcZEIGIczDau>3ejZP=!m}OqiR3mhK|npI+ZC;k7(f+jVffc9VAZYFpXVs*X3vC7 z4UQr&9Tt((!K(IAiTDeedaAlS^kBTPLfQ0*9dNqAw8j(u&6>m?Jc;H%ZJ>(@=d-j8 zcp#N!Ks29T+xy^*yDJ+aH$#ue4PYksQ{-A8%|u!LmKP?i_RkWdnN(CEl(fk zkuBXfxJYN!O{1Oyy4bp^OX>y}QSl1s=6s#21h*82kyDmz6tHv0w-mdQ(nO`YCjq8& zYNRJC2!dubH{R9&HeNu&LHxC7pw_GtOrK>)wzosvQ5XuptfSfi#>|H{K?ne3>oxPg zz>w@*i|>MfpLxdW&~POM?1!xD$ut%IH1*E}`6~qqaXsKFDgm{+nIry*x=+U%kcH)q zng9whOSEp4Ak@k}w@$0N{sE_?%<2+6nZJtL&RjpHeTcWu@>;*@3h;qID<^Zj0C6+e z1VNeqq$b4yRm;h&C+hhB-G{a#=(% z%674aVKi(9)x~D^sm`RSPbdAZ!{&_xaebIZd&ry?wOk!%vQr62b5l`&eG_cEFP?^% zYsJ|9eU+C$Sj?Q(eYs5w{Oo+2qn0lufQ07s>xlr4el9esXrZ~{#||^nfPq-{EI_*< zfehd{wv>1uS|7ml1KWaB!=8=+i!RxI9uD-w7=t_Gp4;%G?pfKgy8l}4tkrb*AC2(* zJDuhuzi{82*qFrIs8p|Wg}f*Wgq0TPE{5(nf#>@tL?k4eSNj{3$U>5%Uj!Utf)?mx zTUd$n-dN9@_!oD3S((tKw(b1LDX4AqvSLs0m>2TQ+^w-b9I89=M#;iZVS`X&`{rZ{ zBh(ERyEm|wTaVcWZ{<030B5At;EP9j{YPNQQijP;`cyk({@(d6XY0g7f&b#pq&K-C zAMqJAV*v6pU6yGAZ!4F_0<5l?{%`p%q)*oMEd2+hItTwZU$HQs&#!7h~H0*67l`1a~ zbf*Vs)Bu&tzaOh-6g-{OSE6}|0WJW)CANfCGt#N`o%TYM{bw=EMZTDgf+9Vn!m`V# z2PF=fyFDn0sZn6m_(4s;5$SRVu^8gER~vV<4EdnX8KL+)X@n{0^Ag9(FVe$xA^Ean zP5O3s+N|eOAcNB~IVnyz{7`(!n5FSh2Zb3pFuuSZt$T;Bg?0m6=(n7I8?R*RASEha+5yy4^z3o>ie`p16!SCr zcy%AyR3%GqdCxTh0S&l1N zjYSV-#wC*H-PwSq1pu&7Q&9=j>d`XVJjCDd+RCFjlf77z0R`D+czWC(Shf5Kbju=* zF}D+Zh=c(AQ=<`X#!(;X^sYRbtQ_FzKyGm@B1hWQ`4H5>Q?+${>bX221%unKt?$Kz z`;JHv8`t(IK|S!}&9Mc5U+C0n@>utTVe(Y_;Fk>hpLj)%LNLxUB<-C|>Mv>hy_7t% zf{+fDv;%rWKVrlSVkchw8dA^y43rVr^@W2cD}Noy_G~|uy1`goPyuNwJxjXLFn5v3 z1X4su^@%|%~zFvvNLPNaG&Xe8K{pAl1C0mB+LPJ;tlRyktfym zUx+h?WZNJiPn^i;+J3v0GRrNNes(bGc|5IkK4?0jSA(B5y6fnE9Eoo?g{PF+dDS*y zHz0=Cn6P+^!YQVke#sesL9b0A2L7B;d_6d@-~h0G^N3RS%VlsblpDh}W={@3`BUwJ zrCTtb9NmAwfNhI-K{RY!^CIhiMr*oFCn)|bRYZ@(N!Aw-YuC%L&4%96I&%D(T@m%t8v|e`&K|8e@+K;b4uvx^3rg2` zgXVgg+OE5H~nYJKaD8E@@zMX-sis!vu9ecVn@r!){k3c?rlo{fM6Pc0P1zE!Q2xDzg$ z?9^kp_{fI_pR-}eN{8qPy$t>IanpT`tX^c9)-0)SrV~DFZP25frDja96>0s05AxHH zSm9F7_CahJCIUlH4dg*la~kW5FXamgp7kJ)ml|>5uN6TL1ik`dC9eMc?(d)A;~bBX zK_~wf5PN(ASlrSm$Pi($@2m%zid!&n!+&;?yKgy~K$PoI2BgZsF7<{y&<;->im8_TL6Ve@_zpugHG$ zZ{2kAKUh^D8P)&!3Ojx2-@OPp-KG67#irP3H7R>(dPK4P1 z>O>g*?@q+~|J{i=ed&n-oo>^=n{;XtrzUagB~EN0;MAF(?8K=_oSMXGkUX&g*lCbF z*@;t=I5mmWAo