From b6cdb516ca6b0097435eb8b9179e0024e811b07f Mon Sep 17 00:00:00 2001 From: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> Date: Mon, 30 Jun 2025 17:50:15 -0400 Subject: [PATCH] Release article: 4.70.0 (#30342) TODO before merge: - @lukeheath: "Changes" section --------- Co-authored-by: George Karr --- articles/fleet-4.70.0.md | 99 ++++++++++++++++++ .../articles/fleet-4.70.0-1600x900@2x.png | Bin 0 -> 52217 bytes 2 files changed, 99 insertions(+) create mode 100644 articles/fleet-4.70.0.md create mode 100644 website/assets/images/articles/fleet-4.70.0-1600x900@2x.png diff --git a/articles/fleet-4.70.0.md b/articles/fleet-4.70.0.md new file mode 100644 index 0000000000..84f797be36 --- /dev/null +++ b/articles/fleet-4.70.0.md @@ -0,0 +1,99 @@ +# Fleet 4.70.0 | Entra ID conditional access, Android work profiles, and more... + +
+ +
+ +Fleet 4.70.0 is now available. See the complete [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.70.0) or read on for highlights. For upgrade instructions, visit the [upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs. + +## Highlights + +- Entra ID conditional access +- One-time code for custom SCEP certificate authorities (CAs) +- Work profiles for personal (BYOD) Android +- Script reports +- Teams search + +### Entra ID conditional access + +Fleet now supports [Microsoft Entra ID for conditional access](https://fleetdm.com/guides/entra-conditional-access-integration). This allows IT and Security teams to block third-party app logins when a host is failing one or more policies. + +### One-time code for custom SCEP certificate authorities (CAs) + +Fleet now supports one-time code verification when requesting certificates from a custom SCEP certificate authority (CA). This adds a layer of security to ensure only hosts enrolled to Fleet can request certificates that [grant access to corporate resouces (Wi-Fi or VPNs)](https://fleetdm.com/guides/connect-end-user-to-wifi-with-certificate). + +### Work profiles for personal (BYOD) Android + +Fleet has removed the Android MDM feature flag. IT admins can now [enroll BYOD Android hosts](https://fleetdm.com/guides/android-mdm-setup#basic-article) and see host vitals. Support for OS updates, configuration profiles, and more coming soon. + +### Script reports + +Fleet users can now see which hosts successfully ran a script, which errored, and which are still pending. This helps with troubleshooting and ensures scripts reach all intended hosts. Learn more about running scripts in Fleet in the [scripts guide](https://fleetdm.com/guides/scripts). + +### Teams search + +Users managing many [teams in Fleet](https://fleetdm.com/guides/teams) can now search in the teams dropdown. This makes it faster to navigate and switch between teams in Fleet's UI. + +## Changes + +### Security Engineers +- Updated vulnerabilities feed to fall back to non-primary CVSSv2/v3 sources when primary (NVD) data is not available, instead of omitting scores entirely. +- Updated custom SCEP proxy implementation to include one-time challenges. +- Added the `source` and `username` fields for host certificates, reporting 'system' or 'user' based on which keychain it was from (for `macOS`, it will be 'user' if coming from the "login" keychain), and the corresponding `username` if the source is 'user'. +- Updated certificates card on the host details and my device page to show a new keychain column. + +### IT Admins +- Enabled Android MDM support. The functionality is limited to turning on Android MDM and enrolling a BYOD device. +> **NOTE:** If your server was already using Android via the experimental DEV_ANDROID_ENABLED=1 flag, please turn off Android MDM before updating your Fleet server. +- Added support for filtering the hosts page for hosts with any of the 3 batch script execution statuses. +- Extended `POST /api/v1/fleet/hosts/:id/wipe` endpoint to allow users to specify the type of remote wipe for windows hosts. +- Improved releasing a macOS device during ADE enrollment, by increasing the frequency of checks for readiness. +- Added an audit log activity item for automatic install policy creation. + +### Other improvements and bug fixes +- Updated the Open Policy Agent (OPA) dependency to v1.4.2. +> **NOTE**: This upgrade drops support for YAML 1.1 in configuration files. If you use the `-c` option to specify a configuration file when starting the Fleet server, you will need to update any `yes` or `on` values in the file to `true`, and any `no` or `off` values to `false`. +- Improved error and loading state for self-service page. +* Implemented searching the teams dropdown. +- Removed sort column buttons for host software columns that do not support sorting. +- Updated migrations to use the `utf8mb4_unicode_ci` collation across all tables and added a test to validate that new migrations use this collation. +- Added new optional parameter `--outfile` to fleetctl package to override the filename being generated. +- Updated software detection so that a new installer uploaded over an FMA app does not report as an FMA app. +- Improved error when trying to apply builtin labels. +- Updated copy and remove platform callout in manage automations modal. +- Update UI references to "Frequency" to now say "Interval". +- Prevented editing the UI MDM > End user migration section when GitOps mode is enabled, since this is GitOps-configurable. +- Made the gap between characters in password fields consistent. +- Updated to consistent 14px font size across all input and dropdown fields. +- Removed username requirements for certain MDM CIS policies. +- Added macOS redis cluster support. +- Changed to using DeleteObject S3 api for GCP interoperability. +- Updated to use the Source Code Pro font in the Disk encryption key modal for clear differentiation betweenvthe letter oh and the number zero. +- Updated go to 1.24.4 +- Fixed result count shown when running a policy. +- Fixed bug with the 'Observers can run this query' tooltip due to missing styling rules. +- Fixed possible user invite race condition. +- Fixed issue where NDES SCEP admin page was parsed using wrong UTF16 endianness. +- Fixed manual labels in gitops not selecting hosts by hardware serial or uuid. +- Fixed a database bug where the `host_uuid` column was too small in some secondary tables related to ADE-enrollment and IdP accounts. +- Fixed missing CORS header check for JSON requests. +- Fixed bug when listing software titles for 'All teams' which caused duplicated entries. +- Fixed a bug that caused custom OS settings targeted using "include any" label rules to never verify on hosts that only included a subset of the targeted labels +- Fixed the Docker Fleet-maintained app install script to prevent a successful install from showing +up as a failure due to directory existence checks (live as of 2025-06-13 FMA update). +- Fixed issue causing a 500 error when clicking "Manage Automations" from the Queries page when osquery logging has certain configurations. +- Fixed issue where you could not delete a bootstrap package. +- Fixed policy autofill using incorrect media-type for query. +- Fleet Free: Removed the installer dropdown (Premium-only) from the Software page and Host details > Software tab as installer filtering isn’t applicable on the Free tier. +- Fixed issue where users were not able to reenable end user migration in the UI. + +## Ready to upgrade? + +Visit our [Upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs to update to Fleet 4.70.0. + + + + + + + diff --git a/website/assets/images/articles/fleet-4.70.0-1600x900@2x.png b/website/assets/images/articles/fleet-4.70.0-1600x900@2x.png new file mode 100644 index 0000000000000000000000000000000000000000..36f82ff95a0d02ab0653fb3c00d294f554dcc758 GIT binary patch literal 52217 zcmeFZby!qg)IL0bgaV=uh?ES93I@_0Gl+;jC?TbEgQRpbV}VkGQql-2NOz~iAV_z2 zgF_EJzjFr0_j%uczw7(Yb6s9coU`}ZEADl#wfFd5NkNYK4AU711Va7r!M!IC2o(|n zA*Y}q13o#@*AfQ)oPP1(nF9nue+~Rc^zg~mRp3J+hbMA(A(^c#3&5LGX3~$PA&?vt z<$(by1kxPz@Se1)E79_hG!f(+1j3uY8hRghue%uCYvd5W4-Wn3dS?0OCGaBnI`Y47 z>rS)%_pKc<#ed$yV<5!;d3%ln`JZ=?zmJ}1S8{<_3plpsXIUobt<#9x>A z>k@yHB*6#%Cdm^`{B?=HE&=(QBu|{+Z;~WL!(W&9>k@yH_B#`o*fAkxmhN zND(}}f#FP_F3+jcou3B`e+|fn7u4G<8a#hl;8ybBWidRP>;tzDP0o^#EOl8cy<47y zmd%#wz@#znKQ|)3Ja~5X>zc%!r8;^Obok~$o0}ALe4J(V-?qG3<$fJ(52ca{3h8pEtmZzZ3se z^o3dv4<^9>^6I~p1pGe^@waIETc-Xk z%>VyuMf9-(!S*<@*F{KO$HRGorNga0az2Gif-XZs3&tHKI`~gsSI&$4y1FzjUI(iQ z&+KdF0YR;rjv0&rt#PAI*RXO1YuX}Cp3BhI5MMdN-`$QZV^tjH0hvMD4D;IbeJ(Ed z5!P;-E_bqU$!P0K5%<*U?-u$rKq95IfJ+IMZgOE8|~Y&s~ttp9kjhils2sx_9EM-<^-Kwzp%by z896Lxo4#`M73#`%aX}SF;ihxF&u>jnCI8EfnK?iE1*I6}zKu~4W*qIb@7c449#C^a zAV^~|^|(MMm)Q3&qg(4zoy;Z;Io0p_u^D5Mta-gusn!iHbfBwyqmyi1CKy$@BJEiQT8=l^X-& zb1LaxR(dWb!wxz)S%0b4nZ{oW?o{iIqqXY5L0T9@WG?nEomO1DyFYxi)^r5Bdj@_O5EAP$`$cOoTyyip2)afVCp6UD3p2kmZzbaqN z*#0Cn_)q!Jo;ap*+8>IMrLgxd+QQad6v_yE*=q7ZHiu$;{$)qM-3x&~%X|wilQZ@x z!_07FZZ5GR9BcRODak-tQjYxT$n;Wo9v|2tccNvBzOmXVwycACBVK+f`g>H};bPPwhhAJtcDIvIPnKx`g#X^(}3jIH0Cr?F@|7!DNKl z(h}4p=U~04_umFwq2Q=Qhv)eRa%NoK2K%;kr3iP8P}%(-RlAGPm=wKuk!+5r4ie_R zI+^G`bZ&1i=W7$|j5U7^U3#5MD{E6pwgjQ!YGC^jxmlX!b?azeQ>BuqHYn_T-$9e- zFNLDI_g*uupO5a&YmYE%9nILvVPJ!FCf#`kDc&}P6w^gMeGRaxqg2kMiMTMk{py)D zjVu&;fxkiFq-BX*JdXr4{{6xlx&`Mg6t1WH`(o+7(8cC!T)ap2TkOGCj&{)T`%k(v zS>Ey8x)KZotH@qwra75jrJc^O*GibOX8Nu&<<(ugo$%z3I{skEbT+@F| z&Le|qY<5gs`;fwz_vmRy7qeQnMa$r~cW}R*DO$^{cQ@x3&HabS+$Y=Qf}RndNCvqn z3zGUTs!QU`MMt_$lPFo)Q+y8T*RJbk=$`8Ac;=shTWk({52L?u{=r1uOG#zfD#7x? z&1NV@^&T7U3nq6btq&~=$bi4#CaPFVGa?AG^X4Q9<^9!t4V}pB?Qo~GPYshd@&a=h z<`1LSahV&*+1^IU_DE#gJs!@hgr%CxxNueScs@QE2BM00%Lj7}Z7s59dQMdZRY~-A zT~(18zIW7=PyOQ+U3f2y`f#wKBhP>{b+Yg%t{7qdSaqPVX0*RDGwLPf$vEwvck{y5Y=8l@u8|V_ITs*2~wSwjz;5kh;3561s+0U&7UQasM{MNZZ5W@st z@^y03^9tF-qfC|G+*y)(_PcEehYJMl)Yws|i3_elkhi_$c2qs!XmT2I zT7)4&Bf$WBFqNbi8EC3wA13{sPGJ^? z=HyW%AHFSngKE_7x|lr6T~DP;1@Ay*Hl;kp6HLv843yfuI1Tg3wrL9$U$_=$Ps#%bJGuTgDN@H_AN_9uap$iksJ{?4GZjjB%;YMF zXH2O{^t`U7 zD1+W`PWR$|zYD=}|J3mek!8IDK(9vYzbZX>&S9XS7dE=EDBgO{*(+Lz+*S*>R>odt z{ko!N==Zb#sq>rUz~B&g#AxU%Z$18P82bgouC`C-ujmYX^!e6mttO#rmc0#raiic9GdlMN+I1*Ltz}%y9G&t>Po9E5qksc2=QCd^WHucv-78{R zZ?T4c;>YtXiC@p0S4oSNB)0jL!%+F)8Nv>V5-WZ=mrJt>Ai1IGc8}VeWNJG3GLz_T zUA%3ba6O0sB~3DTZQa9)5jE~QZqJm#7)g8|sRQK0icBnmTz;rM*0z8ki2e<5)bWo? zDYE%}r`YB~c!L+{kTDt!@P;4tyCpD!ypec$6KBElp9gWNyT(GdE44?f!cOoehyxzjUS(S=`2!X%g zZs1f9SH)gf)Ay>vKTIHn48NI#d2VAWc6=wGzy`bn!es*$;?EL3OqB-LuWj$Z@fyn$ z{o+OKna15%F)8|iM=dSn^5T5#!T(!R+V;uGTCX;uMZ+{1i&bmIXZ%E(9d^f#vv^)8T~} zYApGQ5S%o&+JNZPyt}ES!CxO;tq@l6-QdzTR!&cf5sTx73}71^!8Ohai5Xoc7?_g= z5d0J*Fj&yOk!?w=36R=-zPjuZESn>D5a%;CP!iA@6XZqvoBCuHf}b@w7c~s$Q%q|& zgpjex0zY?}9uBI^zm+=(u)*>nDT6=2!FL>HLCc#D))n~Wvij*=AUv#GI)h!T~-p$pOqS=k8EjqgnnOVc`y9d&6LymmZ@a~p&FyRUua7hF%j`gAEPfXvpz zaQZ3Xsn9^-3@}WY+?tGjCcZ{ROzE(Khc*ReMQ8WfXBHk62lO zH+4`GP25w}+sI`R5vCS%TwVSaA%!J$gYgMJQ-7vm^im7<-ILq#q1J~}$t#DLF@IAB z3(woSHzt7DqN4+dXwQ>JYJde~83;PnV%P#pztvS~x?>*8g9 zG5!;6m`WV))Yor}mtMbb$JlF&z$z1#@#5cMl(p3jazeBwoWTzxW>ls%H3Q2~U|CZjhuZpA zh^KDtDqMp4>!3W@XH8QX>FDg5f5SYkrp~5`WBb_O-xL!ShU&R*V*mLdz;pS|EN8wgSL4sS#Gtd3#vG5 zto`~xYqt+qbaYbX_*XLkrYr7tlc4I#xFlYL73me$RTT zdX4y50L-sVRZYzw#S#s25*s6RY7FM<>9UOBUW$w#)>;!O-OPF01G~rl>|9x_-BOgk(Jc znrFI*3#`NKhTuBs0A89a$CkvOJT-QhRgq(B_y^ikAAq8S{&??|!CRWgwI>w+J}6B2 zj6)aKS`n^5611SHqr3eT5R)>8^S`Q|Z~UB$VBnTm5Bwx9NZSGs?l=Zf`sP7Rqn-6k zPJf-LkhPxJ{i%YGWMEwUm5_=z=kxO2`|<%&eVR1z(yW#WGCqg=Yu*R@mw;&nqn@2t zrjwS<@#+K^E?;zXWYEQ`{gt-}jNW~Iaj#jcgPr+%UdmH@%@zxN@FQ33=bc*IzJ;VN z!N@7O;c30L&4;~o5JmWf8)KeaZ)~lk7`Gvq}DeTv$ zIi}e~9)iXU9lM_M<79IX8 zbNAc?n!Ky=+!qR1C9cU_Vy{Wj(8Bo+VVtNyAOk^C0de5H|multm7yS zzmD>tFf*f`0<$EnPu>>Km!!fMx-LS4mUG@LH+v;b74JVPA7tW3Um0~RppeqM?WJuf zOVwFm%Hy8N>=$&Q0I+Wn>-!k_^X|W5qu&3l^_}eAaeY+b&3TX&fpNVvgz zh?SLd#*TX}$ghqrSpm(ZWrkhUef5JiFB!`Bnu?cmGv96ual?gVc9cyK8%Y-@`w&x~ zArPq;*nuKVL&Xp#Aa`#xh+|3*H-uxst4mvC1qg!nI-o7}bU#7+9(0C%Z(Q3ic&ZmQ z%22!2p9B-4wms)^qT1?zz)%EOn`3=0TFytft`If$ghtYDY0`{v$38nql_2AZ#apw? zQ{kveC%QhucjU*l!uYEjcTt8jQ<;jxOqS&P1lTU-IUd}Tb7bV!R9^h9>LF+5NrWOP z6+xVVRFgkR_wrmQ!lcC$zVVko{${_hc-s!MEpD`;{|E0Pd_YftAhG!j-gI(y1n#7* z334F_q&4lG6zjpH*AGJeG-m_V4}r`%F0}|ZKqU_J(=RO(zD&qDmhT|o%FfP6mZ#M3 zy*jQFDIn8q$IFI#Zu7_ckyp9u0R|#)FE)_e0oT^}lw##Bbh0aO~dXRfrQnmzCIq) zP-;I?v4`YOSL>wexRC3dt@l5p;By%yB^X@I{BK>tdf)}%q~o|etgyaw&sN3i;cM~p z>p~NUT(q1INgwjKV*5W%SN1SnN_bTCD|!dx+nh3f zONO-k8nw*8jlMth>bnTJX?S!YqMHe?0zeBuTMKWz6l7#qa=q-um`lKi-~|^vjRgOy zR?lTc{^6!h#~+3cm&>=I-jB!;{+9wJ9bz`{?rY&SC@LiQ3cPx*ya3ibu>hVXw zgtYhxIlph1V(S!!;XS|ad(^Ajhuy<7LuWF zuAVEj1zLk?OVx)-mfbjdl^}2Vm7^WyeRMI2UR7L;PlRsZmX>Z{rC#|zha^}H$wPa1 za`AHK1|gp3sX#&DUt=W<{$)Y*XIWQC9uy0cO8I;=2uAlEr5AD`miKekzpK@(E=su? z$4HqtJ`!C-e)2weNur0@h3P~{9zBuR+=#F&YGxgJLg@qVG2Tbl{bv6^6U-R*Pjx@U z1U$3dU(swvS2p6L5V|%{i5Zdt_yZq!IP3_Mvom2!-oiWciDYs!)tj6?t&(WY7tFWx1zWd;TQ9@H#FXTtj2EQ z*P61x0Ga(@Xh*@hMlM{TRKonx>MI9=GtEov1DF7RZ@h$_YunepTnlxQ3lNvcl$vYO zWO%cZ0UbNY8hJ~F=r)1Rq|&f33CAN;9ib9@2`Ra|MzfpG3Bm8kN(2Oa0v+g-QrnrR z?m}MjfFQm`NaGv=gHy4*y`T!+hc%!zV9t(?Q0*Y%rY;309gj+tASt$lce7rT2PZaz zh^dHPe*tJWD0~8y)>d*Q2)5jpXtgeC#@v{U*?R=q$?;=at3-Z#2DB{1Ak6lt@AMjn zixgCEf5HcOCGzuOl7Z!3oL8;&n97iCAJ#VD=;(35zS|INbu0R4sE<`#yR@{SZpY53 z2o_JB1&c5Ju5!KpKvD0X6A7}}@k?pXm1HNOlMA?I>wjMg+ZK;4(WIDOD}ebcWb1EF z@XiT0$VMJ+Ra-XlG|p8O+)1EljUJ(;EkjWiHtVB1XKq;(d68)O2(2Fl5utK5bFE}I zv&QJ+acOP@l{w+Rd{N0`6%b5vOsbZ^GvGc7{chAR&mvM+a^AZ2O zqVt5(tDE?rYczx=T6Nq%AUvG;{x9%=JH@n$-eI0=CT=$+@#b6DBHyXbqTgXVgEYdY z^5umPzhb1g#2))dRJzX{+Ua3BHRlOYC>99;lAF>4#L-K)urrA6mHtyt07pq4b$K!K z1L}m3++Tf~_dD$A_D(p``IDQ4*;`od$`r=7qKy8ieUq@1A$(|%Zg^A)a^UTi%Gdvq zDB|YNaXBFq)q$2dDB}n@ipt#A!3=wkqcIz;7GJ@u;Dwc&n$^PmLugkaFHs-?8@vU5 zxto|xErKWlRk6gbObR^v4zRdDY9;_@Mm5We1)WNsfT{x`yVAxW_8VL-^|lrJ>~|)032QA-oOBeY9hzS%5vpij*-R0I|ZJ@9g?XKOqz4o>3aT+ZVO*n?#$E= z`B}7@#@LrNf_}&@gYiap-v<`N(D#g*GTs%3cn`St``o?m{j-^ZNXL(gEn*_ySiIoy zG|*hB7LUjBIvjeT=n5=1fwJhoz)N%am)L?N?~*m= zAmCZQ2Y!uOPVW2YAVA%idyM8d*O9mUXmYBE%*-5KhrRrik7=2eIrM)PwjF~PPJO_$ z#u<4SNx=^qe`pg%2SQO%(WNf3NZA)(bu0T8|K!k@J$TZBO*-Ou&LO33s zE@XD7o)>ZI6i=FOJscy2J39h!M^tOj@V)0buCW(I+Be2}@@(}eKC2GSc26PrU6T@p z6CcG3+$^PGJzxG?JCKtq9 zb{O^z3cHyw@J%6-MJ;#*>T-MekKM=c9&P>MvM(s-s5zkish!#&|HP=v^V#yrkIx5u zE&2p`KUJ>F{wK-J;)%&1 z;N2XgWzGi%RrIm~I{RoF6Q1iNeC@YY6r)(w68;Pwg?2mx_yfHxwJ4pmGPWhuC?Bz` z-~%hAVLab{dt^lJ{)O8*g;!40g`7PHqRil3h%pv`cCny&F$q7@CP0ib;Tg_--`PmO z2{_9P&!_3ul(nXW{^Yvg+z)B2?}y^y;bELtzgf`KOpl&D?e z8&IJj!*3au$#&4$K_81es5aoCrD0+O@gD1*s2?1{hBGu>~WOpctzyCQHa_giM4^i63*@ zo*hk3AquuC0TPdVP4ozE^&8TZVNCEk;dW=)W2u2#{Qx?8+ck-*o=y<*F~_|2m}<-YKoaVcUn}fgrC`Hg0C^g5>5^I%UKDgwVhWhsa7HEV)k@sZs^@J)dOtPW^Mxs` zSA8S7Utom0^^5U7Wxb_1ro~`|-GYwLn!ISP%0L}O=u-1hZ9Lh`7-Aya%rkrn4rs8j ziR>H~+YlGxU|*Sx@n~oAl8S}wN1KO&lQ;k9&5tc3Kco=4;$Y!P^6JV7ID zfg=c(@D(rE-A1xta4N?rE8NqA)uN;Tz5`wyGxxpZ1ug8qp58fsm@Y&UA7z{Yh`rI+ z0{A_S-A$eN_k3DAwbXXF+UTSZ?IKs5|1Q1#U%Z$GRzUb@Cr~EHm1EsPWj zrQ?a3koO8-sy_CCNqO~|83GQFXkqg#S4s+(;iN3cxK}(6jSsAJ(js9P+{w)O-{GnB z6gL$|x&}s$T6Zn9Z3_lfa~hd+3Zs1aOKZn79S9L3fp2M+j|huv;lR@n^+IFMz05ZC z#M57B0d}T#`lay(8gtN=JbC1s*4Il2Y4|SQci$FDo?4IG*?Wz>_sqoqVKP92nplZJ z>%?HOu)aUFINTrrpa{r+0IgNgMeB~TRAIFo5+CsuuPcs~<q+uG1;P%~p? z8X=FEi;v%p;od`=CE1SjLXZj_J%ZOkWChCH`+dbLSQTt_pLkSpZQoKKK)$K7aF>#+ z5M9-UyuDakoVWL(@fd%B*8HiKr*hx3Fav`tQOUYxmv%}EGt;l(*E{cuH~;g4E-ZZm zh#Uy-*>VxX;R$79M)lofj2Bns(YSC@2#5+#w|+I-ZD61mzygBsR(ffT{-di+$mcs$AkWqTUJna83O@3xr#>66T& z%JrVRtfJX*W46hc$fw&xtY?{zZj<-rt+BnnEFY1@)2MK{TSkT7V(Iz#QRq*u({5DP z`__Jvv>CbBk4*3VRC9bn?C#V2mmYSoqTdJ5A7#o{G5gF@i4*{Y7xeDgHGkYH*l)L) zYx(`Y4cAl7nI{S@l?cDBb$&UTFP_rvU_&B7(4IkpyqkYn8LFD~ibYeeU@@n-$mJmy z!^g+uJTdkwF&+GQ_LkpS&y-}jEL3Z1uJF5`Q`_-i@UX49Xp?1)H??ds5s-g5Gpzb| zl7^15!1{a=>usqp^ok91L?AHZUamxwV0CyMc?RUCbY+-`{Y;}4c|F7Boc0SjFgHK^3gubQ{ot1W+V ztuRo07d|;&0PGI~krS#bWHar&{^rJ7jf&K{WCeG#{2!oUC*wWEft=x0gObd5I5)j{ z!zdA~LW)m&XXm*^#6e~GoSLRN%iijhTyJ6CpBF&XB+qp`cRu^(sUlt{N_X(?Z(_{GUIZ}Q zthdtm*20jfyXQ)q#Y@y4#&E3rHCy~{1Et+yC~tvv!y37eAk{}{z%^gU3|Cn=fZ$af z&A4F>um{#L)e5~HHGsU(&v-4U-f{+9%dy$H+XsPY)*4ib?$`>BD zbt)5`<6Fa*7IGD1^e9!HDF)`m;pIx$!Q^|zKn(5J;PpUla0Z|eX{p8(2I#;(K$v-uH zBji;@MD0@FVNdzsp*a0^!>c7*;o?z)#ibj;wx8HAA7Ex6VxA7=>0hZokr# zC(oV2=Nx43aT^h0&R2snY&QBRv(%@WdJCSBpdq>fBTAGPl^$Kxd7c3xtnbWg-Papd+t>E%u&$iH2Yc~9h?fC8)@Y2HoE$!5D zzQ?ZPtyy1`_8S^aZmiqyeg8Wm;we5W=uI*-uqy~$QTIT?2!ZI+n2gsZxI38`Nt1cZ z>bQHiGi~vN6~0>p$f%ZhC7_$OHB#_Kq!+%`27zRg-zgoBDMoZqlSPWd$>8CLIU%$= z!%Ss`p3FTtKsU+s>m8XS;4=^pJWmG-3ZgCbce@(eERI1EzbpK0-hqajZQ@ZAS};yJ z8!KIQe2`{28f@hPi%+nJANmXHem|Wk>^Ohny|T1DJ*AiNiAC0|n62>y_F=1TBBEB4vLpQ1II|Kh~%R9E^r6V*f$N z+1KB*I6jNx=V!o|{lKy<3-#U~F>#R!+^(g*%T^`~h_wu5n)N*P+?qhVXF%S-`YpF! zZjtI0OZI01q{wr&E23^#RFcT!$4MBBocOrdC{P;%trOAwvmWfey=4GFjxY6;b}ZGF zD~Yq$sTn`CGu}`byE%u`^aXSZs8;K#O5$(4biNBLe$ggt5lR$X;^3Z`I;&^*Fve~$06EbMRHc=!Q(>c3__^oJPbNn<8aQbL zC--EQnd)9^E2ApXcB~m7%J?{eqIzi@LJJNJal8Vi0>FLQ8PtAhzh!Yu9-&%bi8 zusoy5RjaxI^Lhw=4}o*w%Uob{$QEb<`}90d0}LMa{7wq>xSpLIyevjISuO$J8A1k~ zgpsOd;T_MTC^w>&@S68-@jEXhelw>wh3db7a*L|WM`}Ne-2uAhf>fDD$qa0E!8aiG^bg^6AEHczT zEN=~ZFe;Q5xhzP%r3M(2@{phLghmk1t4x-CHnS$OH3Fr^j}?XQVgXzBF>di9V?0i; z*Hh;dw%A><7TxKPJw0u4?OuKvAGemhG+MxKEVp+t}+-F}6uy?-w zoNMLw>#Jp!x!K>Gxuf|20A4QM?JYY7+0=hQC{M{hL|(e8?ZT?D zuWKW-JHy`A{ezABaNLY!C}hokWhsIYE!o2>q`r*)%P917 zWpqEHx3YEn6-%cSV0CMxPFmfzgOCh8NKohkw>Ix@L3;WCr?B0=^IYECY)&u?&Dqzz zKw@bzTOGBy=@TrWhiO4-jh%F1fP*?fdRA5N5pO8R)-ibW-dGE#MOkq!=iIUtT}v6X z_PM{PyLUvJv$jOj5Dt|%pJjfU2>Bxt`+h^*8zR;t0~H=~*Z3TDZM|fA+}+FdFrdp6 zSdfF6i*xP0Li%AlGusKD-i+iGdr1?^Rt-#f)r-emZmph92DaAnb1e(s-%5i>9h;J7 zY4r=YS#LLSE&iBXq~HTQf$x6BMlr+T5Jy8lOp8@WlW}E2dFBm_-u@V5VWK?;TWPcAQWTu`1(1 zV?$tWim$Z&rNar*x$akNv4!7SMXXI%4)1jxH+qgW6RJxFJG+;JE&u#I>B6Ex@asF? zE(ep}FchyKaON50h6!My*c7Q0-TXq7WR8))v=D=%;km2iz5aapaT(BF6}LW>CPAkj zGuw3Q*y3+|N=}Pqu;a#wk|2IR>tV%AUDD)y)&2t(!R!LDgPf%EXcju(7Tn0E;(45( z9aQ2P1liksYs5uUpUt-`Pjsqi^zg%=b);{POX%fbmf@rB8A=P8<=Csfz5e4@mcH{X z-Ef+WYTCd8o_-u9DNK0U?6?he(P!~o^Dz8@^HSD&4HZu#mp+SY9?KXZhiE3zl6zr_ z^NK#cUKHocAFZ6@$*LWM0oyrDl4gf?U%_Pv0#Jl*DH^>L%hon!b?iaNoA~_u?=>wL z-;P~-JtioTX}>JFt^a~6>y(eOqT4jJ#s$;QJT;R4Bzy5D=tsU#=JtU3P&4D zdz6xuOvxQL#(O!*GgiZEyFs%!bup_1@Q92Sd>(eCRUTu+nD4*N6!#^ z-Ff8k*jb3aE0|0~lFaTqz5=`N^xAqWKCea=04QSC#O-Tg{D6ArTkjKPwXM%vR!Qas z!&yM>b&q3ydMlLg;KSu$Di*bpwQI~yHmt5=^W9TabX}j6($(ot#5#&bT_&$`e5Z`VJH|st(!73t&#Wubu+CZjPnH7YE2b zk}Qe#>!__TX=2`NqlS|;biIs*bFzisX|~T-j(%OMXUdGc;_TYa1Iq8BeW_9#zM4W#CcV-HyOdO)43iureBnsb? z^}IjNiEHCe+Hn57dR9n>C}=) zPnmzE@?`O<3(%}ZcgX#s+lGks0xGr~>hP@^?Jsd2@!Q#TkSDzhC~vz1JfEthZ$g9U z4iuS95ZS{>X_t{gqNZ}?(?--^0DEYR>d?BDqTx%RXPRK!pt>&<@;ird+AFJaKHpP4 zE0@!Txs$1v<8KNjb!)*PKFt%pkNiWfp)A_zC7kiEZA|Mww1hd~M^&{!8{mM%G ztYk4KC8}AfBWlBQlq0nwj;|X&mAb*)hVX3ZD8n zxA&q5sakSa>ptjFGGd7^r z<#wMcIkgZ0xOt!Zpd1JRgWlZekX7T?KX3Wz@If_J&iCj1QQSfioWi*8Hhz~6@a6$)MM2P0cSFk!Hmzr zt#@v@3@A;$KWP!Gy_7FtMld1tO*UuA16MG|ni(^SXHum73S`$K9}Jis0x? zm_C%a7BEA?qIB?c+p?$N4+f99F8s3b>QsXN7;WqQGiaoqlE@qr0fq0Og6`;c(k53S@&}+FJw68Oa78AIqveQ%uIH-g@xVxR>38$A0?L zC+ErfHGK5+*YxaZpGwKKg6sx{%+;qe3Y(Jvp)3{zPTTIBH0q|EaXLxGWJiXQ0z#Ex zVND9M7H~_7L8=6m#)Fh#$sjdTwW2r*5>KPuxsjTho=hdB#`TC|Io9g%li;DxC(q#l zBDiQERQLwq6|lO8Aqf1!-X70De%RrW*yZFkUzCr8RI{b_st3z-i#}>uUBrwrfaR5{ zbeQ1oUK~5DWcQ~>yWlAQt9$6fWF1TL02$OQ?SLQ zbP*FnUPo)?7>t0;Me{(w6;u-$CxISKRIetF)3}*QO6pA@^8}ju@ilIRY7NBd=8&-@ z*oiWvZ;>QKSzy-qZQe}mz%ubBQ&f^nMTnZI#`6 z`KN85QU+?GRIorp7BbrXk|t&oZ=??<8QZlaf|M)I44wfr-mZCg$PAum@XHlHJmgPg zG>sACN=-at@Fw^BTbtjv5%aTDTx{*i-(p?u%DwcPYxE(hw(B{Jd;9Tsffc~7;p-V| zhjDQfC9qL!8-ET`&D*hKF3yUo zZ?{p~-|tdB@DbiFpf)poI|xfp-u}rpR8b+H_^WmPxkA!eC2i4FamzhwyZ#ztJxFZo z_A{O-ACWx@1Qt+Bstn$s%+zeQg+OSNZ#QR=Lb7#w2G8Up@-+&Pp(6oaR4-JoDTTEF z#LeT->t~;eMqmHSwuqlZsw!s>N*Bc;&!^w<@*ZB&XvngB4G`y>ckx5|EB}C&2`<70 zgds}F8A#J6`e3TFp#$9^+g#_=!d_ylaK7ulZcTUko(%ML1*nX%!nXpT!q0X{kiu^J z?=PZH+_*{Mcr=o?EY3?@985|OWGUl?(@67MoI#dZ+%D(l0CwFl8YSwb>F5;rKDW8R z5pyX2YFn$ce3~eDq31Ls@lekXXw{7aqUy{F>-F8cY=E^Ej;#gq`ZLatMaUq!8etQ| z;zt^`N>sNrBe!z1`X% z2o)4>pXFowFxYMG==Xu7(wYRRAneriWiZ?00x0a!QJ|fzZ3znfQ)T;3qn&$OKngKY z@FWl!)N&?0Kv~Nd&)>d~yJoZ}o_X#Fl5m-kcz0_GWUEL%e6>D!m!xt0K8u4A1fDEj za>bgIQHaxF>fQw|uC;1+@H9t1vj;QFjgM5!=?fl0oIzikn=9f>&52%iHm`zyR5Hi~ z5m*FpkOlqN6%4x2Ks-X&|Dcu;A3r5S2~i6BJPhva*XMqjCRtL!UTORgD5j$`Q+0FC z>zb|Y_rzRs__mM|DP1j)x&fBZZ)po#`^Ye+7U&Q5zGIJlspJDXfQGCH@Frr2*huJ^ z{0m=liyo^g3q1%e2{T#L&7XP{qZC-v|Fs#xLf71+hLVkZoY81T?U=fNDSiUjze32q z?$amlrVCQ?z~Z0axin`2o@uoI1dm(%RB1w}ZBsE#-(S1^Y+FCH2RMIWsMzw!``=KV z%&$N?Bd-UNQBL>e;G3Sk@MN*)>lm~FxkeK2S>*Q5RrIEdwz6dy;HjJ>U=08S*NarX z;QjVmpB{gU7L_*HXC`n9Lu{PRXXnL-GkPk$Ds~w+*K&Stb@!O`(=^QjsY`rRX!igD z>}kVn>>r7*O#*}b&tTu;1VmHEKmVh5p=xpO-_c)um6pq_l1I}wfU)EwGAR7MFJqk4 zoNp1%jOU=0P(=?YH>ZmlW;?97*C=HdRrGqPwLb z*juU;=0mddy%=aA-j8%rOldGX>*(iFvEjgL|7Mnzvs8x0YXe(o^}fGc)cj*d68rr? z_YJI`>*aoVMjlV^5tNZv)i#jT6N*8Hg`Ao1q2?xqIOc*aft#Ej&G*8#Z2Rdc#>bK}L60RN&@B zGV1=&wCMU0$Gw;rKfF6eD!k%Z#Tva^AdM;aV;V-J3CUB+L$QVEhSOc(b*a zyBANfhHyCxr2S`5#siYZkZZP)DY=5zXy%q5LW~z5h9oWL8W?)^^$(J@2zi%poM{>d z$gSbJof&zC;QsKT;aBemI`pR-8q?Dgi_9yEu~7G`9;{LI&w zF!3;?4RrxlasyDYAD%v$i>}bi4DC5wW`u}oxyTZ;RrnuW*B1dWi!mHcuLfZ1)1%lS zVjr0ccb_OZ4f)z3VCETA-cR|tUP;NyV9(qP?PPAPPFIpz}lvRywQsPEx_3m%<%{n-VABHrHH!% z0!g;zT|UtCz=0&SN9hlO-%dt~Or-cg#kamJrr%&Vt48rqy612&$E@!zXm2bcfp~>M zK+#8F_SeWp15n!^mNz?xABqVj1lOR3$y=zr0o6E=*{naE_3karwZuJNG|6!tKpQRf zf}K>QtN7xcxqLm}$G_%a{eu|*5Ix}TI+aZu6C9W^Ae)s=iwt%h>f+q4nb&4*Q%f=v z{`rkOH}mK!I%tvTt>~Py0>upyD8lh)wPl=m`2^~c3Ht-qzULSU=gTkz9}*x{N&>`e z0K{t@tSb}wj<_xC13!at%zaNwHTgrS0V55Wep$5rPQq4lPqx7-^a3nuF*aYR$`6XF%-c$v$Gq0A?bk;#A)KGD+s&CL02)1We2&dO z0ywfJFG7Y?=(DD{=#$Tp!P-kl^?09-t_z53hH~p17BXD*Ga^BUSyLXi!PGMG$&d&& z;Zq+i?`Vk(jueM1=~7I$fOG}7Fx?DV>H*mGgfm-tk9WMQqH>=23I&ejB;=Kx5yzh@ z0ICG0NnW49&*vFKHA^gG|H_%TNGLa8GLAgVq!0NEWf>Y#e2_u z)Fw@`s70#~0V6rpfV_~eeH zMEcML)_ycC$9`fIu-vt_>34_?#&#XOHM>#f%oeIh2mVqoXV zD>sVA0}DO%Ag7S6y@EE60P^1O>N7DLuz^XTZ!YDL;L3LZoboNOAFmqWI+d}R<&;4yNEox3XmL^St%SZ)F%w`Vb6cvO znvE&byM3VPbeAo!Z6r?+JD+qOdwY;xaf`Yjz6g_aFi;Y2R$*J^Q_Ge&_xqydUSZE& ziSj$Jkjh&SK+AM*@YzoY>@xy{@TbxvA0tRY$n)FCSw>q)BBi^G2O`^_;u4(fm4F}5 zAEmL8&kNJ2c--eV7BNg&l_TR0=L-DRNiO>%%Y;IP3S3}X8zg~_FyrZFE zLE+ZMim0{99x*;A0wTr_znN$rLam3z-5wZd$bvE8cN!Ah@|oa9*PSgHkyk{2f5KYg z%s*Qh6>sJ?kkvj9q%wFE&$~Ir=h zQhbg)-{!Zkz6hHL#9@2(M;q`7Ho$B=)-2 zI1e1;Ea*W`L*^aHofx0`nsz{l;R69Iy!ZFz{7q=rAx z%QHuT3Ioz^a~#grPrs}s+H8=ZxlinRx?O}+h^z)96ts6a+-8d3i6vmeuG z1LJ);o0e|#ee?_9=r+A~#^A)8`$4us=~Qw%Nq1z}^h&MgA<8~h`N;AQ^dOa|IHrnA zxTf5BN5(g9GYfh^AOWmSZ2J={u#V8z^MO{fMa+1tHFYf|g*?Xr9|I)Jj&>B9 zf8U47=M0k-V?#K(b4KF|bfAehCWB7AsSj&TlC>7#w zuB&oGlQrbNRd11ff`dnEGec1bZG~9i9EgF4rW~1rB1x6)-sYiU_dMrYiAoNEb6<*+ zWiLkqyKwh4;Y_03;y)YD8%-7)fjfi=I(UWM?LVkyU+cuizf%Zl;W*UW)df35nqAoC zU{qwkmoWs+$l~zk^pyJUsvMR%f8}yC>+b{2cEiAY1eKilJ@%S65*$FxhFg3g1r7*z zDZGDTKJ8YRdzke5WxWh+HdLjFHvf58l9wqEc-F^Fl!gt&ZX1YfNg+Uk+t%_}ouku6 zZD)P-e5gjn>ar0+lKJiw6rC`6bka{5FH7lU`laMM)~@xTf{~)h+zbsS|)B-NHBS zGk>|{%*ZFQkzNB0p+2?3a2MmaVu5>*+{$Una~T+ujE<~p)CHV2-8-1V-@ zuNZ2twPk#cSr5|ZK(lUuNA%6f@!p}dSCv~{s5Wv-F$<+Pyb1oa8i-@`r7l{kDj?5# zw!_HVeUl7c)fD6%vcIO~pz45hw(8&Yf%R@uAARzqmU(+?Fr$&{)^k~sK2EWjP<_r zl~uN^>`gl49FFhfsnh%Oeg6aB+vj_`@dFOG^E{7nJ?_`_xUT#CVzjd{=#szG_4v74 zmESunD&k8VwrT8-ZiswU>7OuMa|w=G4KgK}%`|u0p z7c;HTMtdtadC&a|gSnLe1~E+j+XexWVUA&dSvpfm>4E3ybj!9tBkgv?LkcFr8h}Ud z6a(peY%+>|R$0imnuLA7_o|y&zG`z$nqx(Tx>}LYWP&azna%BauOP5@^s&8v%)d`| zAxQ?@v%uHnQo{Lc(w0j^aCxd!WB2tw9bC?Sx$?|2I19rD^JmANPp5@7-igRdh9dOn zMToz)?|5zp@0K*@u#jQs8?3U}pD}?}NB9jYq5$LH*k^%?SOhS{`kf+ppRf;LnvjV3 zexEaWdN1|V_M~2r%tDGn%kb6aY3YOhT>z<;=c=14>kc!EOB|N`KRpXXY1CH*ME7P= zRXQN5LlU)x{p+Dq`^Y=K_ZpZ*)t^~((Y9+Gl{AG%82br!W^>^B4hUcot04CTvOZH# zMFDJ4&_dTxlTG zSYP>Tqo+g2+d)YWI#2qJ7m4^_$XSe- zEk&C65Tz!8n#q_b{RuOX95Yz3B24sf#eo^aY zE&5uW9gzJ7-jk#f^H34kx%TmW{OGNb|!J>dtgl~JD-E^JbAbhzNqda%xzF8 zt213ARej;+3Bu}65IR;lf~h)S5QXyJEC&eE+CN7nu?Y`{%Dgvz$ze7vNs0-r(+iy7 zy^B?na2)81x_lS-U?uyY;LBkn_xjsit{Bku=0Yng>^Y!b=DP}2iY!Tvk!nE5ar;2) zh;7v#qXOzNl}vlh?w_8UepceGe?K!n@*BW|Y!lSw0Kom*BuRru{x(=Ze+4!`T!@_RM}N;m5XCX&#wc=R~a8z9M1oZewd+eU9%ZS+YsOUvaO9eiun7MhJ`3U*;RQt#+=3T!F%0_)*t_ojN@rserq+{JmC> z9))X-Hupb$gYfV4G5*biTf(a`#_e7wka;W!mYsC|s1BvI#tM+PQC{`Gf>K+%qNEM5 zwQ`&=!FoX9rAYJ8F4kuUQV}?kSNT_C3#}si5}Q>v0RMWubEI{fdi0g*=K=9N4pp2! z-v=MN9A@T1)Euc!Vv}R}j=;<%0NCZV{D6go<2{2$a^-j=S>^^x_D|5X?axiA!(J&x zP0jmNpchwd&PE}8%__)Xefp!?eN#<$ObLYV9KqACz``uP)Xg6tAYdH`*Tt|h# zmzX&eKrnl2G*S4qBjLJ`XRO+J@BtFXAD{#=1M1y2Ux2`PwWHAjq621pfmp3Rs#2_i zY`gC+TPPcg^t3$C5PZO)kJg11nd_p&Cq3mp{e}MU#>TXWupwOkZM6)`ZhC>nQoHFR z>ITkmGgqRB3q=wO5tehcFR$u$-Bo{iF!kUAh(0XYq0I+)=BO=I|Na+2bf|VwB+x-! zPMg47ISs4bdc9xe#FPXMwio)#%Wb5;K{$dZ?o(t_=sZf5Fn30tD)fH(M6|w+0e0t- z4M94rTpt8Ha|FJv%jAG0# zcQ&@t5BcOJTlyga%#8{^x9F5Yq-nE9C!TRdVP!?aLJ1`hzbtkyYyp&qX|4=|AVf zQ^FmAfCGs=hGnp9mDYnRxq;uNraol(Jxt)&!_DRr23(QoNTd*csGKY$?!Qp`tNako z&e)3t8xSbUE00w=ugttJ!Q`8%sPORR)jk(+noRZ}m;u9<)4vatR<3~E=I;jiOCJU% zZW*Yg|0IHZiFg&;H3buL`gn>!SV{CQLL|Cr%VzvRauY0U5~pq+L2NK0whO%Q|BNnH zM|!j5!3{+i1v}j5qg;rNscwrs(c0T5& zf;H7Cv`!0uBBXJOVb8w2&LQ0P4@!Ab^{~@0@yb^was*R^YccmSv&+?X#98o zS|Km#5cVHm^v-*TnbvxN z`>rCxoK~LzpuzgPy)Tg~lGu@U@u27f|Df(5+(dBvN#~2}P&Xb1 zs_39VRM5_Klpd;ZR`~S2rB&Vq&!_ngOKohPx9R2F-Axy-IV@ZU*kO4Qe^UGMg-cWT zx%4S5K~)u4=! zVxEE<#6V|;6wemK*#lY;h0%G7)KbQ}a;q+v<|OmgHZ{A`U2*o| zq>Q8_{kO4gs+<#z40p~GWRTN^`q~wN*lSUJz~o~%6|n|42$O^~`?!-rooBnBu>fn) zW;q2NP8f+cr*28-mL;HbZ8v$ELUlYRv)|{d0a5svQzhav$UeP4mfQde-un{edW)d4 zNF8=Qh!Y}4uHzs9HAEv?OU|!9lZ?YLOYc36(J>ljs@Dr47a|r)u*z9Gle)ioZA~$P z1#>OlXy_@@q%~;#(G0u#iL+@$;0iG@b?W z>b%Z=vjLam8Iy5y*opgDjRMFrpAM-tz+tLq(=B=3Yka-rr!t+n^Uv6hsx76?X7r?j z*nk{~7P@;f>y6dm9gj6(WqKv419b;j?R<8DZ&l;SO&s;|-cfY;^V65ch6Q{U4hB07|>l0#G@(hz7iBk%N@Zu*F4 z+`uVgleAgHdwhIaDTNqX9~WtZU8VdBr8-psXtuDFy%#j3>+x+r0BL4FWD}xRL#)MN zE#X`ZhrzrsNh9C_4&4xbYdl0;djjue)hq<~^^9-}FCXMUME4Joq7ELSsK)!rO;i0I z*}c!tj_cn)H7>Kl;bXS6ICQ(E!_k^2p)|V&dn4$wd@xcm!hY=mi%P^ZH4dK(BUI@i z)=ztbN8^tLV;?-^I(~EE)b1d&8#Rw2K+fyz9)bRa=#X5aN6D zFn^*b-gc}5?WWlK(xkUA4@q=85y;C;ERw1v>D072Z`dpa?3@2n&44;Q|0X^8(b!FJ z*T^K9Y+LSE3Z>4yck|*{{;S>eRGjcg1e!G;-J}CHuJuo!5m>C;Abdyz#aMIB*9*ab z8`*a1YH~4{|40H#m)d#S$+1QJa$4)JRxh;NXa32w;#B?JRjcUKv(HkRuV7{zerIXj zP`j<1q_OIm>zsRhVRBuLcSSW3+(87RYW-J1E(Uqoxt&|&=fT)$f8Wh3vkGC|MT|D40ie0r!1XF$(FB%P(zFX#tpdZ7o7hQWk4NAq_EZ+c}~Kg-v5 za2V2nBZYM5bww7^Lpj6q+f7sLuBq*XQw@qYE%Qa7{D8-%pA4d5tWG{BPd+gLuAZ%D zSZstq>&QS+Y!$!d&QLY=VL~d-b!q3FhTY`-2$U$;8%g}$e1*uR8P?@xCb%2{a{cqH z6y$Pz?IMfYGrQCQFohEA;- z(5?K-^T0i20$gY{z9d|8oi@KAd|J}uSN{)EI-!HI$IqkhhRCpxKSG4=H99QKVyB}5 zCv>qHy+Y7s7f)2a^L@PTof~>9zZRHEreDiv-L2s9pqUtg$X;*EYaa^Ixh-eWGjnBE zu-l#5$=`*ZXg*o+ zY6Mi>oYVSN-B^BEF_QLsf!DOb_}CC(X@$mQ*;Mp8CFHu3LM=sec|HG;&&(gdz0#Jf zkxCOB@z@)pLmlnM!K0p305I1@3Ew^2`+`n|=>YwOm>a2480E5iB^{r za}#YnPZ2Upk4_5$)kvlu;JMP><|q*=$(gBi-H+m>gWVZ6a`_kCQF3rld(mm_+L-?e zhb~*N(^C3)MxEDI0GhOsA&Xo>SblI!=6;Ao+|_Z$ipNx^R1z4rBN!Wt6?dQf8%Q1j zw{y0cw@H-FEJM=O#hq28;sOv-aNNrRsO11>P-}24no!;5Qq4x9M@zY}3)4+`I4GJI zAT+g}!0I>%N8>{%CT&5VAYqXM^>}_zlC#exk$qYb%2BLspjg}s(cF>xo1M$Cx4}SG zv=1zo+CYxfmnzseG3%AjVT8gwIrl)2sJwVZ!0-g0hvaq3>#^mPg_SL1PoQ25$W=U^ zWr4x)>S(#Esgb?&aQ;x^-aiEt5G`VADe|iTx6%jN)*$9detszO=Z!K4XU>Jj`lY}M z(;5)#9ji$I4ftX+tJbx`CqO5ItRn{hOT|Zl0w;>var|sQq$TGn(oT-*X#{p?ZqUviu~08Jmd?qX0*SUY)AJ7<{(-W^+2MId$h{5mg7 zxm6aLm9roiWY1vwcDKMt0dL|S;P8~N8JVLAmVm0IVd(3J>2mb>-WP77IRim(k1x)= z;gU_xM_RQ{xTBQe%$;twV;6(&r8Ye_GLW}4G&Hp#h}|GpY7Ja%dayq|r3M0l`;^sM z>Ku!blS7XeJwcIv){dYAyQNfNl~G3UTVMjkA4g-##1*>DYSoYnCV}#Q>o_`%l}frS z^lm%YCJF0#{nxhAQC68_#}5aQMfb%`%ojh0HOa0i_jzLk`=sUEBA-z`|Ko0!gS|%d zvvp-I<3_tFzr`Mzy@M#kVPduI5bj#+rPLJ=%lW(Y!N9c_O!GcH{0&2Qybz=!f#I=TG6F6UVH=bax|4<|zD-h2pbt1}Kd-Q61FR zv)@JeNtWKY%isIv3@cgb9PV&ORjkBmzM*0_TvfEM^fiZW;h`yys!a(P=@?!b#*@XS z+spgWJq#!rtcgaUKz@91T-5od2M~BBdaIaAJWf8Hf7fHfjO^VCzns^(AkJEu#=T^L zR^}WLtHg>ID{X6l9v-Q(+dXMb!ve-@t17*IcZFW{QWdxbv8c3jN89GM+c^+XFy8{{ z_(SW6a}ftGZL`4Td_nY4rF>(gfXK+&tMr8LG8K0k6 zx8&(_zwxhNRu}xPd}(7LPV^g2F`mN?Rd9Hb{k1 zD+}<9`+GBI+$KL@?}*yY;dt(b_iPNXz6!%hhIaV?ve(MWX3`i^qSsH-$sO4bZs$E# zN4W)|d_PgAn4|Z<_)T#T|GOK>RBm|gNRo)$WntsYPRXQ$38#{L1pP8=cs^a_{&MEH zvFiDsY;UDXn^v&mdsAx8sVNesUR&p@6>*?6lRECe>(~CchMXU)`noWf3HZ9ZrV%fY zYsg<8GZ1Qeo!EIDUETKDoHv8cEb}v@r>x@r6t7G@w78wPlio$iuHUIP2>vY2F5+tF z@VeIYp#vY2u4*#kQMA5EtFzzT9`{WwYn}b6- zqJzb`z9Y@a?46l6B+3pmuNwEpH&*grZ8U2NIZFDj^UcE6&)axvm#ZTZYyK*p z(qaa_MpB0lstiWKk$ChCe*GlH;EwUx*7z#kJYH7hqg`$7Oa859T?omHQ`Q~o%QVykTn1K8q^{!lIYu0k0zU}DRM^Mhgvm%99Ki3Zwoh7>D$ zwM5FVi2q6|DWd>)&!Nac&^qh>2=8xq=iDpvr5+&>`J%QdHkKfeirn;B{HLl)>ka$` zfY#p~0x*=1e8#%+_rxj>`uh9J-Nd{8vn?RYO_+`Iuz6@XtPogcsG8BoEldnZc zlDc%2e){@A^{AlQwK>5XcU>h}dtY`RvHpeWX_11VYIoe?44|F0LXCJXb?#+>@Jes| zKF3Zd9LKQ*E{ucrSTWmtpAx#B;C%hVPlns5jz!W+4G=7QefzE^I!gRgX2>>N)d*$G zR(_`Yv=^`ZC1z=Gdiqb5-+9~>XXmu=FSa$e!Sc?iK@|1c)VRa9gZ|vARqam;{Ggi{ z$g0OfH9t`GBZsKIKxf}F_`z6%(6M5OsxAg zuFM+vBf{iUb%wLIfo_{mqHLt5sRAvsk_E1)*B-(kc4vJ68hel&BRcnW) zmq%pVM#w6Fyoa(r(vo+bvo4;Wp(~!+76V81 zmg)8nyX}(jn*t^kC8ABgYzuw*7l9zQ&li8x%;!qYjsBHMLXK3ik0ZWD60M2XH)e1C zJGLG}RK0KEg}n)N*#JDde5&jyP8rnDR(i7e-p{81?f5-=FtZJln=NPMwE!>dbM(Ib zoNpd!ArJ+=HTIDi*5qijWo@UGoB9y9PKXu__#PtBvtQxDK0hQi^L)L!M1+0ry#xx& z(`GIPl<=Wj1uTReeY3CUX{fy?yAiqP__->>K`wI;c&>q`tK_G0dPb_F)te zvO1}_mO%$P1K6|9uY~sz;&Vsy<0yrjm8Xym^Y2oU z#VUo|@Wm`e$`YMToKd5kK-lv7#u|^d6;=Lt)dUsCGe(XJxv(qTq>mhcbi}{B{UQ2X zHG^4hzUBIb(wmgU0=u5p*)}C5zJ0+xZ}_=rO57re`ixYiCs!syjQ@+8WrW(z32s{GZgK)9!F zLr4JX90y-3wqphZQD73=eCX+_sj1qTN8lPXg1-huIs*6D3Y-B+r2(8rdOydH z-8@d25)uR>>*i}~kXVHXM%sLP;NTvi=|FozM2_uS%(kjMxJ&tG;721N=Xdlu0faX; zEqi@eJ#h0Ly1~0IZP}K74Uvrf!`jViPV^i+WMgKqdKm6PU{d3~H+94ZHX`gE>^LE} z#02=28q|3@>jz!1=d@(&YBU-iGJct0NswG2cgHcE*<&X5lZ42MqNj7&BlWFQ0?=OI z6Uq`{=?}-U@)r%^$PKV2eOH(r+ZSjyXC30OX3c10>fCa+FWua<7 z>vt0WhB8QIn0hfaqT9eb4y@px-Y-D;UdhJ2A-)=A(^B5Yhkl4wvH1ilPfR&fg_o4M zgk!eaCTsWO>P$O?*2y#ts5ch0#)FZt5msJbXN|(C>CFUSm$i7iWEW`R6o0@+EO&h% zbnvFf*86XXs!Y=Rjc?CN%|tc004?tJsN($mpC@SWa@1Z<@g8f^1NQI}e>lj_(k8Z) zVpfHSouQVNYy6vC*sBH}(%^_$Hw)*MBLeuqgbZwm3H;L~LDXl8ro$D1kUBQz4-SF8 z3N)L3^_fYmBVNoH!9tuORpcq_p0z*|`qs%481w(MR zaLVYdPw{}sc;FKcYg{F9De?!2lp}OvQ_k^QZT4ocPg~+%8I38G+QPj$XLcz}`%eKK zU$?-%Bz(FXBAej*!@*!9B;6#!S9;%oVrNGwh6|jmjT`HQQIze1xew&g=vzDU7Kx7M zlaXY^{)YR_oi@SHoA2Ts{YV5`oJeKQ#+*kwf3_2^PSMcokM?@1MXv~wK;ITHZjdyf z2!N?ofF0eQ*gVpc+^=kclu?8DeiVYwF?|^5WDZP>*9k)o64HbA)v*2C6knYUIq(QV zT$uCh+%pK70^&6;VmYOD+V&q8Iisppy|sy4^AUuPxg6KSr6KHH!4HZ_j=Ct-ZHRN2 zMRv&+XgsWS`kJ{nseYC*BJ%I7Iq(y>tX;>HxA=;;TR{AXz;6xQ=Mk8l>-TPuDD zm_!$}+NlH{;Gt?4|C}HgRVVB=D!`2ESx<}|=ji>kh756Nsm5@XDH1X00be;T*Vn0q zjZ)f@&Kmr*gh=#ZTa0_#kF2ArAvmCQsEOd8;!Y&V|(vl^gDu1H!U@v!hl&lo(L2K@t6HH@|ATG zpk51@8GYUP0ko~LfSnEEs#GmbSH&$8uI7Cbx);6q0^oQITJv1u(7W zM0Q-Tiy3I}tR*x2$}9gG3~p#*NfD_rqDB`?T1QTT z-O{q>vq>P?B75C-dHB9P)Mq%X)iXauGEU0EM-u9fFlNE*8VE8lMRpEJ-o9*NGl$nO z$W$?y!uH&^hN`X5&(J4)v-;DTk%`-5{+I2Wc6bmXNDXmQl%7djAnJiCTAPsSX6r*K zEd$_?#yq=v%b*xxiC#v}#|y$;TWngHA}#1iINb&Y9rPQ2W?^zf$M=yBr9k`c{9HRo z)(cR~!%8MS{JhtD{9ZsQ=XoufK(kzHQ2THK4FsxF#*nj079CIA$MpQzK+A%%g(W6& zv$wL*gQ}AZN}SiOt0W#^S!7}QW{?M#NvQ$-hG{XtAf6s~X9h=-F^{Hr@$qw%2vEoa zlpI9Wt3H|Y#H@Ur90SdyO#K{HfQzPx{JcEC!yX^Cl7tT2*6M$fP=wVNxHU5GzY+*|SGX5u?`;%O1)-|c%{ zi^c~|g@)B~OW)h>U}!OEr)pEmJI+;mGR^%; zVNRqlioq^|`nepZutJLJ=*Jl6h;H`ZYp3DqF=p4>V^q;YsMrWDW@2&6@7v>>G`8oJ zUXuIgkAtwVD!L7H31}67iv~cG{?iQ?L>8sM>V{F6El=u!6u=_@nyNfgxOK%FF4BSc zs|Kg0*lM~<9y+YC!8_2gEz8NmX(_9hrZj}MUael)BS(ZH=m+H$K61I{*N^$wt8Q#H zygJ_oI$De}3N3s%Z(UuRWjtX`O+axaNfOmqUgjnv?@&8G3~F;{lHeN_)90H&xcy-Z z@6UN&unpjj4Rd9k>w30ofhN}lV+)j*WaY{=q7_7vVNni{&}dyXc@q$IaWtXA)izt18S z`q$VR$F?g9_-sI!41nU8F%5pXaxT=`rEU+G)r2wfc`oI!+EQgWYjk8(kTQ(HDVMFx z3|3)%N~rQ=M)zKpk_Kzp^o*oeajn}+RSDTv&3fts6&>TR(iENwMd>REDLImpVkQU zRH5IZiEo01z$|L6uR6(>lxX)i0vm z8~?li?SCYLb-M=!>o3@j%PT4)^284u{Gh$$|35EauutS%|MyEL!s9K%{|WgP2H@~N zUng(vQ z<6rsT_``R@zvNOmdF!90I9a9>lQ=m!Cn#}(hZNm{yYDX@ZYJEh5t^Si2qmW