From 74a4ac3993cc22024a2e3d3459aad1f7453749e2 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Wed, 1 Apr 2020 02:56:48 +0000 Subject: [PATCH 01/41] Bump alpine from 3.11.3 to 3.11.5 Bumps alpine from 3.11.3 to 3.11.5. Signed-off-by: dependabot-preview[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e0f5a04..c536278 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.11.3 as build +FROM alpine:3.11.5 as build ENV SQUID_VER 4.10 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -101,7 +101,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.11.3 +FROM alpine:3.11.5 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From 72ef256dfe278ab2dbd65550831dba8e39924383 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Fri, 1 May 2020 02:44:24 +0000 Subject: [PATCH 02/41] Bump alpine from 3.11.5 to 3.11.6 Bumps alpine from 3.11.5 to 3.11.6. Signed-off-by: dependabot-preview[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index c536278..a8cb4e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.11.5 as build +FROM alpine:3.11.6 as build ENV SQUID_VER 4.10 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -101,7 +101,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.11.5 +FROM alpine:3.11.6 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From 15cf0f1674dc50f416f99883a539ce7025c0f549 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 1 Jun 2020 03:01:10 +0000 Subject: [PATCH 03/41] Bump alpine from 3.11.6 to 3.12.0 Bumps alpine from 3.11.6 to 3.12.0. Signed-off-by: dependabot-preview[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a8cb4e2..37ebd2d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.11.6 as build +FROM alpine:3.12.0 as build ENV SQUID_VER 4.10 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -101,7 +101,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.11.6 +FROM alpine:3.12.0 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From 70ac196b8610b5e3d4eee9c4b6c1b385bfa7f186 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Mon, 1 Jun 2020 11:05:28 +0300 Subject: [PATCH 04/41] libressl 3.1 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 37ebd2d..480f611 100644 --- a/Dockerfile +++ b/Dockerfile @@ -114,8 +114,8 @@ RUN apk add --no-cache \ libstdc++ \ heimdal-libs \ libcap \ - libressl3.0-libcrypto \ - libressl3.0-libssl \ + libressl3.1-libcrypto \ + libressl3.1-libssl \ libltdl COPY --from=build /etc/squid/ /etc/squid/ From d1e2082f73a3576f176b9b5a74c502ca7ccd86e1 Mon Sep 17 00:00:00 2001 From: Dmitry Belyaev Date: Mon, 15 Jun 2020 13:48:18 +0300 Subject: [PATCH 05/41] bump to 4.12 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 480f611..b31497b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.12.0 as build -ENV SQUID_VER 4.10 +ENV SQUID_VER 4.12 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E RUN set -x && \ From a6b68820a9a430f91f7185ef48577985d68e0d32 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Thu, 18 Jun 2020 07:14:46 +0000 Subject: [PATCH 06/41] Create Dependabot config file --- .github/dependabot.yml | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..61d011e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,8 @@ +version: 2 +updates: +- package-ecosystem: docker + directory: "/" + schedule: + interval: monthly + time: '02:00' + open-pull-requests-limit: 10 From e4ce0fe59990ffdd2c674788669247f596a7bdf7 Mon Sep 17 00:00:00 2001 From: Dmitry Belyaev Date: Thu, 13 Aug 2020 14:30:53 +0300 Subject: [PATCH 07/41] enable kerberos auth (fix #28) --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b31497b..cb913ea 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,7 +63,7 @@ RUN set -x && \ --enable-epoll \ --enable-external-acl-helpers="file_userip,unix_group,wbinfo_group" \ --enable-auth-ntlm="fake" \ - --enable-auth-negotiate="wrapper" \ + --enable-auth-negotiate="kerberos,wrapper" \ --enable-silent-rules \ --disable-mit \ --enable-heimdal \ From 4251447c9dacf60faab0fe1ca7e95b78f2838b80 Mon Sep 17 00:00:00 2001 From: Dmitry Belyaev Date: Sun, 16 Aug 2020 14:45:13 +0300 Subject: [PATCH 08/41] add drone pipeline for arm image (#30) fix #27 --- .drone.yml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 .drone.yml diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..f248c72 --- /dev/null +++ b/.drone.yml @@ -0,0 +1,34 @@ +--- +kind: pipeline +type: docker +name: arm32 images +platform: + os: linux + arch: arm +steps: +- name: squid image for dockerhub + image: plugins/docker + settings: + repo: b4tman/squid + auto_tag: true + auto_tag_suffix: armhf + pull_image: true + username: + from_secret: dockerhub_login + password: + from_secret: dockerhub_token +- name: squid-armhf image for github packages + image: plugins/docker + settings: + repo: docker.pkg.github.com/b4tman/docker-squid/squid-armhf + auto_tag: true + pull_image: true + registry: docker.pkg.github.com + username: + from_secret: github_login + password: + from_secret: github_token +trigger: + ref: + - refs/tags/** + - refs/heads/master From cb78e8c2854a459432bf01626c1ef4cf5948c94b Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 16 Aug 2020 15:48:10 +0300 Subject: [PATCH 09/41] fix drone secrets err: "Registry credentials or Docker config not provided. Guest mode enabled." --- .drone.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index f248c72..d7f2cf5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -9,14 +9,15 @@ steps: - name: squid image for dockerhub image: plugins/docker settings: - repo: b4tman/squid + repo: docker.io/b4tman/squid auto_tag: true auto_tag_suffix: armhf - pull_image: true + pull_image: true + registry: docker.io username: - from_secret: dockerhub_login + from_secret: docker_username password: - from_secret: dockerhub_token + from_secret: docker_password - name: squid-armhf image for github packages image: plugins/docker settings: From 1a682a86c9a65494ab1d3b1c64f5db5c92b28c44 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 16 Aug 2020 16:06:05 +0300 Subject: [PATCH 10/41] fix drone secrets for github pkgs --- .drone.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index d7f2cf5..9a05277 100644 --- a/.drone.yml +++ b/.drone.yml @@ -14,8 +14,7 @@ steps: auto_tag_suffix: armhf pull_image: true registry: docker.io - username: - from_secret: docker_username + username: b4tman password: from_secret: docker_password - name: squid-armhf image for github packages @@ -25,10 +24,9 @@ steps: auto_tag: true pull_image: true registry: docker.pkg.github.com - username: - from_secret: github_login + username: b4tman password: - from_secret: github_token + from_secret: github_password trigger: ref: - refs/tags/** From 9aa1dbd893c7f440c327f3650b8b39690e885218 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 16 Aug 2020 16:25:17 +0300 Subject: [PATCH 11/41] remove microbadger --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 7ae3467..2b9e8c6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ -[![](https://images.microbadger.com/badges/image/b4tman/squid.svg)](https://microbadger.com/images/b4tman/squid "Get your own image badge on microbadger.com") [![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=b4tman/docker-squid)](https://dependabot.com) ![Docker Build Status](https://img.shields.io/docker/build/b4tman/squid) ![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg) From 6e0968cb9741ab67a7718581cb641de3f0db92b0 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 16 Aug 2020 16:25:59 +0300 Subject: [PATCH 12/41] remove dependabot badge --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 2b9e8c6..6dd44f6 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,3 @@ -[![Dependabot Status](https://api.dependabot.com/badges/status?host=github&repo=b4tman/docker-squid)](https://dependabot.com) ![Docker Build Status](https://img.shields.io/docker/build/b4tman/squid) ![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg) From ebe487186b067b63f6b243725271bf01727ece36 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 16 Aug 2020 16:31:27 +0300 Subject: [PATCH 13/41] add drone status badge --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 6dd44f6..5671129 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,4 @@ +[![Drone Build Status](https://cloud.drone.io/api/badges/b4tman/docker-squid/status.svg?ref=refs/heads/master)](https://cloud.drone.io/b4tman/docker-squid) ![Docker Build Status](https://img.shields.io/docker/build/b4tman/squid) ![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg) From e36539188f61f2d5489345f0d187c5422c385279 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 16 Aug 2020 16:34:51 +0300 Subject: [PATCH 14/41] limit make jobs --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cb913ea..7dfebad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -95,7 +95,8 @@ RUN set -x && \ RUN set -x && \ cd /tmp/build && \ - make -j $(grep -cs ^processor /proc/cpuinfo) && \ + nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n || echo $max_n) && \ + make -j $nproc && \ make install RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf From bee8e01cb085ddc654e283d408c91ee991bb8c05 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Fri, 28 Aug 2020 00:07:13 +0300 Subject: [PATCH 15/41] bump to 4.13 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7dfebad..724807b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.12.0 as build -ENV SQUID_VER 4.12 +ENV SQUID_VER 4.13 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E RUN set -x && \ From 824146b6c68c8784257d049e36479cb263a7116a Mon Sep 17 00:00:00 2001 From: gianluca-mascolo Date: Sat, 3 Oct 2020 15:31:02 +0200 Subject: [PATCH 16/41] compile install squidclient --- Dockerfile | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 724807b..9281770 100644 --- a/Dockerfile +++ b/Dockerfile @@ -93,14 +93,16 @@ RUN set -x && \ --with-openssl \ --with-pidfile=/var/run/squid/squid.pid + RUN set -x && \ cd /tmp/build && \ - nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n || echo $max_n) && \ + nproc=$(n=$(nproc) ; max_n=6 ; [ $n -le $max_n ] && echo $n || echo $max_n) && \ make -j $nproc && \ - make install - -RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf -RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf + make install && \ + cd tools/squidclient && make && make install-strip + +RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf +RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf FROM alpine:3.12.0 @@ -123,6 +125,8 @@ COPY --from=build /etc/squid/ /etc/squid/ COPY --from=build /usr/lib/squid/ /usr/lib/squid/ COPY --from=build /usr/share/squid/ /usr/share/squid/ COPY --from=build /usr/sbin/squid /usr/sbin/squid +COPY --from=build /usr/bin/squidclient /usr/bin/squidclient + RUN install -d -o squid -g squid \ /var/cache/squid \ From 212bdefa3b0b57285f9629f597f36f580ba55702 Mon Sep 17 00:00:00 2001 From: gianluca-mascolo Date: Sat, 3 Oct 2020 17:49:14 +0200 Subject: [PATCH 17/41] use squidclient for unit test --- docker-compose.test.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 7b48686..af6539b 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,11 +1,20 @@ version: '2' services: proxy: - build: . + image: squidproxy + build: + context: . + dockerfile: Dockerfile + healthcheck: + test: ["CMD", "sh", "-exc", "squidclient -T 3 mgr:info 2> /dev/null | grep -qF '200 OK'"] + interval: 5s + timeout: 3s + retries: 5 + start_period: 1s sut: - image: alpine:3.10.1 + image: squidproxy links: - proxy depends_on: - proxy - command: sh -exc "apk add --update curl && sleep 5 && exec curl --proxy http://proxy:3128 -I http://google.com/" + command: sh -exc "sleep 10 && squidclient -h proxy -T 3 'https://postman-echo.com/get?squidtest=ok' 2> /dev/null | grep -qF '200 OK'" From 6486bd001ca5ace8661f0344a03e3cd26a245c85 Mon Sep 17 00:00:00 2001 From: gianluca-mascolo Date: Sun, 4 Oct 2020 11:57:30 +0200 Subject: [PATCH 18/41] fix docker-compose version --- docker-compose.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.test.yml b/docker-compose.test.yml index af6539b..69bc18a 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,4 +1,4 @@ -version: '2' +version: '2.1' services: proxy: image: squidproxy From d01a447dcfab8585c8048aca648dbb029df0e754 Mon Sep 17 00:00:00 2001 From: gianluca-mascolo Date: Sun, 4 Oct 2020 16:18:04 +0200 Subject: [PATCH 19/41] changed docker-compose version to support start_period --- docker-compose.test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.test.yml b/docker-compose.test.yml index 69bc18a..e0f80f8 100644 --- a/docker-compose.test.yml +++ b/docker-compose.test.yml @@ -1,4 +1,4 @@ -version: '2.1' +version: '2.3' services: proxy: image: squidproxy From 6eb782b5a6e812448e3318c4286796352988bd97 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Sun, 4 Oct 2020 22:49:22 +0300 Subject: [PATCH 20/41] Migrate to GitHub Container Registry from GitHub Packages https://docs.github.com/en/free-pro-team@latest/packages/getting-started-with-github-container-registry/migrating-to-github-container-registry-for-docker-images --- .drone.yml | 4 ++-- .github/workflows/dockerimage.yml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9a05277..9d66ef7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -20,10 +20,10 @@ steps: - name: squid-armhf image for github packages image: plugins/docker settings: - repo: docker.pkg.github.com/b4tman/docker-squid/squid-armhf + repo: ghcr.io/b4tman/squid-armhf auto_tag: true pull_image: true - registry: docker.pkg.github.com + registry: ghcr.io username: b4tman password: from_secret: github_password diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 719d057..bede3ed 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -42,11 +42,11 @@ jobs: run: docker build ssl-bump --tag b4tman/squid:ssl-bump - name: Log into registry - run: echo "${{ secrets.GITHUB_PKGS_TOKEN }}" | docker login docker.pkg.github.com -u ${{ github.actor }} --password-stdin + run: echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - name: Push squid image run: | - IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/squid + IMAGE_ID=ghcr.io/${{ github.actor }}/squid # Strip git ref prefix from version VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') @@ -65,7 +65,7 @@ jobs: - name: Push 'ssl-bump' image run: | - IMAGE_ID=docker.pkg.github.com/${{ github.repository }}/ssl-bump + IMAGE_ID=ghcr.io/${{ github.actor }}/squid-ssl-bump # Strip git ref prefix from version VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') From b90f70705c4fea2d003af8a5f08fc0ce9fa9ed56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 1 Nov 2020 02:00:25 +0000 Subject: [PATCH 21/41] Bump alpine from 3.12.0 to 3.12.1 Bumps alpine from 3.12.0 to 3.12.1. Signed-off-by: dependabot[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9281770..d9f3b85 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.12.0 as build +FROM alpine:3.12.1 as build ENV SQUID_VER 4.13 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -104,7 +104,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.12.0 +FROM alpine:3.12.1 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From 88f5a067fb2b4f7568175e23929f318b38090818 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Jan 2021 02:00:21 +0000 Subject: [PATCH 22/41] Bump alpine from 3.12.1 to 3.12.3 Bumps alpine from 3.12.1 to 3.12.3. Signed-off-by: dependabot[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index d9f3b85..9f70e65 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.12.1 as build +FROM alpine:3.12.3 as build ENV SQUID_VER 4.13 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -104,7 +104,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.12.1 +FROM alpine:3.12.3 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From a56bf2890d47fbfe9f6b9b049a5e674b90faee4e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 29 Jan 2021 17:51:38 +0000 Subject: [PATCH 23/41] Bump alpine from 3.12.3 to 3.13.1 Bumps alpine from 3.12.3 to 3.13.1. Signed-off-by: dependabot[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9f70e65..e1fd6e1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.12.3 as build +FROM alpine:3.13.1 as build ENV SQUID_VER 4.13 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -104,7 +104,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.12.3 +FROM alpine:3.13.1 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From f5fbbb90342d3d9097fa9d7a4079f881d86257ea Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 11 Feb 2021 21:46:14 +0300 Subject: [PATCH 24/41] fix docker cloud build status url --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5671129..d4b37ee 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ [![Drone Build Status](https://cloud.drone.io/api/badges/b4tman/docker-squid/status.svg?ref=refs/heads/master)](https://cloud.drone.io/b4tman/docker-squid) -![Docker Build Status](https://img.shields.io/docker/build/b4tman/squid) +![Docker Build Status](https://img.shields.io/docker/cloud/build/b4tman/squid) ![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg) # docker-squid From 3d2e367c1478090d1b7b02f550c800974193831a Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 11 Feb 2021 21:52:34 +0300 Subject: [PATCH 25/41] bump squid to 4.14 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index e1fd6e1..776fa1f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.13.1 as build -ENV SQUID_VER 4.13 +ENV SQUID_VER 4.14 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E RUN set -x && \ From 7e71d6c43be433d2c6372ddfab6b94ba89c09a6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Mar 2021 02:00:22 +0000 Subject: [PATCH 26/41] Bump alpine from 3.13.1 to 3.13.2 Bumps alpine from 3.13.1 to 3.13.2. Signed-off-by: dependabot[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 776fa1f..a303d8a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.13.1 as build +FROM alpine:3.13.2 as build ENV SQUID_VER 4.14 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -104,7 +104,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.13.1 +FROM alpine:3.13.2 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From bc32b5d1da167c9b1680dd15a8957c8b1098e525 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Apr 2021 02:00:32 +0000 Subject: [PATCH 27/41] Bump alpine from 3.13.2 to 3.13.4 Bumps alpine from 3.13.2 to 3.13.4. Signed-off-by: dependabot[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a303d8a..e2af0c5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.13.2 as build +FROM alpine:3.13.4 as build ENV SQUID_VER 4.14 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -104,7 +104,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.13.2 +FROM alpine:3.13.4 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From 0e581bd49925f8010d3abae45c9f24078f3c7e5b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 1 May 2021 02:01:12 +0000 Subject: [PATCH 28/41] Bump alpine from 3.13.4 to 3.13.5 Bumps alpine from 3.13.4 to 3.13.5. Signed-off-by: dependabot[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index e2af0c5..cfd0b16 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.13.4 as build +FROM alpine:3.13.5 as build ENV SQUID_VER 4.14 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -104,7 +104,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.13.4 +FROM alpine:3.13.5 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From f1c7c6796f4c0e485817253105a18ad698dc14d7 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Mon, 17 May 2021 15:31:05 +0300 Subject: [PATCH 29/41] bump squid to 4.15 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index cfd0b16..b8ade31 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM alpine:3.13.5 as build -ENV SQUID_VER 4.14 +ENV SQUID_VER 4.15 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E RUN set -x && \ From ba0d25813ee8b9846e0aee3e14670477347d7b17 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Mon, 17 May 2021 17:05:24 +0300 Subject: [PATCH 30/41] dockerhub login for build in drone cloud https://discourse.drone.io/t/how-to-prevent-dockerhub-pull-rate-limit-errors/8324 --- .drone.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.drone.yml b/.drone.yml index 9d66ef7..87b2180 100644 --- a/.drone.yml +++ b/.drone.yml @@ -17,6 +17,8 @@ steps: username: b4tman password: from_secret: docker_password + config: + from_secret: docker_config - name: squid-armhf image for github packages image: plugins/docker settings: @@ -27,6 +29,8 @@ steps: username: b4tman password: from_secret: github_password + config: + from_secret: docker_config trigger: ref: - refs/tags/** From 0dcc8358030b067f29fe48f40e93ec9e0144d04c Mon Sep 17 00:00:00 2001 From: Dmitry Belyaev Date: Thu, 10 Jun 2021 17:17:50 +0300 Subject: [PATCH 31/41] Update ci (#44) * + ghcr.io links * update ci * more cache moves * fix cache move after compose test * output image * update description and don't login on PR's * dependabot: actions --- .github/dependabot.yml | 18 +- .github/workflows/dockerimage.yml | 275 ++++++++++++++++++++++-------- README.md | 16 +- 3 files changed, 231 insertions(+), 78 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 61d011e..5010239 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,8 +1,14 @@ version: 2 updates: -- package-ecosystem: docker - directory: "/" - schedule: - interval: monthly - time: '02:00' - open-pull-requests-limit: 10 + - package-ecosystem: docker + directory: "/" + schedule: + interval: monthly + time: "02:00" + open-pull-requests-limit: 10 + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: monthly + time: "03:00" diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index bede3ed..61b6d67 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -5,79 +5,220 @@ on: # Publish `master` as Docker `latest` image. branches: - master - + # Publish `v1.2.3` tags as releases. tags: - v* - - # Run tests for any PRs. + + # Run tests for PRs to `master` branch. pull_request: - + branches: + - "master" + jobs: - test: - runs-on: ubuntu-18.04 + test: + runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 - - - name: Build squid image - run: docker build . --file Dockerfile --tag b4tman/squid - - - name: Test image - run: docker-compose -f docker-compose.test.yml up sut - - - name: Build 'ssl-bump' image - run: docker build ssl-bump --tag b4tman/squid:ssl-bump - + - uses: actions/checkout@v2 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to DockerHub + if: github.event_name != 'pull_request' + uses: docker/login-action@v1 + with: + username: b4tman + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Build squid image + uses: docker/build-push-action@v2 + with: + context: . + push: false + tags: b4tman/squid + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + outputs: type=image,name=b4tman/squid,push=false + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Test image + run: docker-compose -f docker-compose.test.yml up sut + + - name: Build 'ssl-bump' image + uses: docker/build-push-action@v2 + with: + context: ssl-bump + push: false + file: ssl-bump/Dockerfile + tags: b4tman/squid:ssl-bump + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + push: needs: test - runs-on: ubuntu-18.04 - if: github.event_name == 'push' + runs-on: ubuntu-20.04 + if: github.event_name != 'pull_request' steps: - - uses: actions/checkout@v2 - - - name: Build squid image - run: docker build . --file Dockerfile --tag b4tman/squid - - - name: Build 'ssl-bump' image - run: docker build ssl-bump --tag b4tman/squid:ssl-bump - - - name: Log into registry - run: echo "${{ secrets.CR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin - - - name: Push squid image - run: | - IMAGE_ID=ghcr.io/${{ github.actor }}/squid - - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - - docker tag b4tman/squid $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION - - - name: Push 'ssl-bump' image - run: | - IMAGE_ID=ghcr.io/${{ github.actor }}/squid-ssl-bump - - # Strip git ref prefix from version - VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') - - # Strip "v" prefix from tag name - [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') - - # Use Docker `latest` tag convention - [ "$VERSION" == "master" ] && VERSION=latest - - echo IMAGE_ID=$IMAGE_ID - echo VERSION=$VERSION - - docker tag b4tman/squid:ssl-bump $IMAGE_ID:$VERSION - docker push $IMAGE_ID:$VERSION + - uses: actions/checkout@v2 + + - name: Docker meta + id: meta + uses: docker/metadata-action@v3 + with: + images: | + b4tman/squid + ghcr.io/b4tman/squid + flavor: | + latest=auto + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Docker meta (ssl-bump) + id: meta_ssl_bump + uses: docker/metadata-action@v3 + with: + images: | + b4tman/squid + ghcr.io/b4tman/squid + flavor: | + latest=auto + suffix=ssl-bump + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Docker meta (ssl-bump ghcr) + id: meta_ssl_bump_ghcr + uses: docker/metadata-action@v3 + with: + images: | + ghcr.io/b4tman/squid-ssl-bump + flavor: | + latest=auto + tags: | + type=ref,event=branch + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + + - name: Cache Docker layers + uses: actions/cache@v2 + with: + path: /tmp/.buildx-cache + key: ${{ runner.os }}-buildx-${{ github.sha }} + restore-keys: | + ${{ runner.os }}-buildx- + + - name: Login to DockerHub + uses: docker/login-action@v1 + with: + username: b4tman + password: ${{ secrets.DOCKERHUB_TOKEN }} + + - name: Login to GHCR + uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.CR_PAT }} + + - name: Build squid image + uses: docker/build-push-action@v2 + with: + context: . + push: true + platforms: linux/amd64,linux/arm/v7 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Build 'ssl-bump' image + uses: docker/build-push-action@v2 + with: + context: ssl-bump + push: true + file: ssl-bump/Dockerfile + platforms: linux/amd64,linux/arm/v7 + tags: ${{ steps.meta_ssl_bump.outputs.tags }} + labels: ${{ steps.meta_ssl_bump.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Build 'ssl-bump' image for ghcr + uses: docker/build-push-action@v2 + with: + context: ssl-bump + push: true + file: ssl-bump/Dockerfile + platforms: linux/amd64,linux/arm/v7 + tags: ${{ steps.meta_ssl_bump_ghcr.outputs.tags }} + labels: ${{ steps.meta_ssl_bump_ghcr.outputs.labels }} + cache-from: type=local,src=/tmp/.buildx-cache + cache-to: type=local,dest=/tmp/.buildx-cache-new + + # Temp fix + # https://github.com/docker/build-push-action/issues/252 + # https://github.com/moby/buildkit/issues/1896 + - name: Move cache + run: | + rm -rf /tmp/.buildx-cache + mv /tmp/.buildx-cache-new /tmp/.buildx-cache + + - name: Update repo description + uses: peter-evans/dockerhub-description@v2 + with: + username: b4tman + password: ${{ secrets.DOCKERHUB_TOKEN }} + repository: b4tman/app diff --git a/README.md b/README.md index d4b37ee..475cf94 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,19 @@ -[![Drone Build Status](https://cloud.drone.io/api/badges/b4tman/docker-squid/status.svg?ref=refs/heads/master)](https://cloud.drone.io/b4tman/docker-squid) -![Docker Build Status](https://img.shields.io/docker/cloud/build/b4tman/squid) +[![Drone Build Status](https://cloud.drone.io/api/badges/b4tman/docker-squid/status.svg?ref=refs/heads/master)](https://cloud.drone.io/b4tman/docker-squid) +![Docker Build Status](https://img.shields.io/docker/cloud/build/b4tman/squid) ![Docker Image CI Status](https://github.com/b4tman/docker-squid/workflows/Docker%20Image%20CI/badge.svg) # docker-squid Docker Squid container based on Alpine Linux. -Automated builds of the image are available on [Dockerhub](https://hub.docker.com/r/b4tman/squid). +Automated builds of the image are available on: + +- DockerHub: + - [b4tman/squid](https://hub.docker.com/r/b4tman/squid) +- Github: + - [ghcr.io/b4tman/squid](https://github.com/users/b4tman/packages/container/package/squid) + - [ghcr.io/b4tman/squid-armhf](https://github.com/users/b4tman/packages/container/package/squid-armhf) + - [ghcr.io/b4tman/squid-ssl-bump](https://github.com/users/b4tman/packages/container/package/squid-ssl-bump) # Quick Start @@ -29,7 +36,6 @@ docker-compose up - **SQUID_CONFIG_FILE**: Specify the configuration file for squid. Defaults to `/etc/squid/squid.conf`. - ## Example: ```bash @@ -39,4 +45,4 @@ docker run -p 3128:3128 \ b4tman/squid ``` -This will start a squid container with your config file `/srv/docker/squid/squid.conf`. +This will start a squid container with your config file `/srv/docker/squid/squid.conf`. From 024ff445bbb8ed08fca14657d07b467fe383f228 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 10 Jun 2021 19:07:18 +0300 Subject: [PATCH 32/41] fix ci --- .github/workflows/dockerimage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 61b6d67..e678c49 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -221,4 +221,4 @@ jobs: with: username: b4tman password: ${{ secrets.DOCKERHUB_TOKEN }} - repository: b4tman/app + repository: b4tman/squid From e023bae64b56ab6ce637687984bdbb9a491eca4f Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 10 Jun 2021 19:19:35 +0300 Subject: [PATCH 33/41] latest tag and tag suffix --- .github/workflows/dockerimage.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index e678c49..b91285f 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -96,7 +96,7 @@ jobs: b4tman/squid ghcr.io/b4tman/squid flavor: | - latest=auto + latest=${{ github.ref == 'refs/heads/main' }} tags: | type=ref,event=branch type=semver,pattern={{version}} @@ -110,8 +110,8 @@ jobs: b4tman/squid ghcr.io/b4tman/squid flavor: | - latest=auto - suffix=ssl-bump + latest=false + suffix=-ssl-bump tags: | type=ref,event=branch type=semver,pattern={{version}} @@ -124,7 +124,7 @@ jobs: images: | ghcr.io/b4tman/squid-ssl-bump flavor: | - latest=auto + latest=${{ github.ref == 'refs/heads/main' }} tags: | type=ref,event=branch type=semver,pattern={{version}} From 82d495d6815333f140efafd9f584958f095748f4 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 10 Jun 2021 19:20:54 +0300 Subject: [PATCH 34/41] disable (temp) multiarch --- .github/workflows/dockerimage.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index b91285f..5619c75 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -162,7 +162,6 @@ jobs: with: context: . push: true - platforms: linux/amd64,linux/arm/v7 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache @@ -182,7 +181,6 @@ jobs: context: ssl-bump push: true file: ssl-bump/Dockerfile - platforms: linux/amd64,linux/arm/v7 tags: ${{ steps.meta_ssl_bump.outputs.tags }} labels: ${{ steps.meta_ssl_bump.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache From 93fe767842457814c886fc495a82a62e34d5cc68 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 10 Jun 2021 20:11:08 +0300 Subject: [PATCH 35/41] fix latest --- .github/workflows/dockerimage.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 5619c75..5961a63 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -96,7 +96,7 @@ jobs: b4tman/squid ghcr.io/b4tman/squid flavor: | - latest=${{ github.ref == 'refs/heads/main' }} + latest=${{ github.ref == 'refs/heads/master' }} tags: | type=ref,event=branch type=semver,pattern={{version}} @@ -124,7 +124,7 @@ jobs: images: | ghcr.io/b4tman/squid-ssl-bump flavor: | - latest=${{ github.ref == 'refs/heads/main' }} + latest=${{ github.ref == 'refs/heads/master' }} tags: | type=ref,event=branch type=semver,pattern={{version}} From 20bcc3ca7d439faa8a75b09d04b9e2a5e2066855 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 10 Jun 2021 20:12:18 +0300 Subject: [PATCH 36/41] remove dockerhub-description action --- .github/workflows/dockerimage.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index 5961a63..a7da34f 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -213,10 +213,3 @@ jobs: run: | rm -rf /tmp/.buildx-cache mv /tmp/.buildx-cache-new /tmp/.buildx-cache - - - name: Update repo description - uses: peter-evans/dockerhub-description@v2 - with: - username: b4tman - password: ${{ secrets.DOCKERHUB_TOKEN }} - repository: b4tman/squid From da817bec0de8d25017ba233ecdc026987902bc9c Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 10 Jun 2021 20:13:01 +0300 Subject: [PATCH 37/41] Revert "disable (temp) multiarch" This reverts commit 82d495d6815333f140efafd9f584958f095748f4. --- .github/workflows/dockerimage.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dockerimage.yml b/.github/workflows/dockerimage.yml index a7da34f..8e8b090 100644 --- a/.github/workflows/dockerimage.yml +++ b/.github/workflows/dockerimage.yml @@ -162,6 +162,7 @@ jobs: with: context: . push: true + platforms: linux/amd64,linux/arm/v7 tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache @@ -181,6 +182,7 @@ jobs: context: ssl-bump push: true file: ssl-bump/Dockerfile + platforms: linux/amd64,linux/arm/v7 tags: ${{ steps.meta_ssl_bump.outputs.tags }} labels: ${{ steps.meta_ssl_bump.outputs.labels }} cache-from: type=local,src=/tmp/.buildx-cache From adc4f54b020eb0b8e810cbbc01328055f0c38bbe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Jul 2021 02:00:23 +0000 Subject: [PATCH 38/41] Bump alpine from 3.13.5 to 3.14.0 Bumps alpine from 3.13.5 to 3.14.0. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index b8ade31..5773084 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.13.5 as build +FROM alpine:3.14.0 as build ENV SQUID_VER 4.15 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E @@ -104,7 +104,7 @@ RUN set -x && \ RUN sed -i '1s;^;include /etc/squid/conf.d/*.conf\n;' /etc/squid/squid.conf RUN echo 'include /etc/squid/conf.d.tail/*.conf' >> /etc/squid/squid.conf -FROM alpine:3.13.5 +FROM alpine:3.14.0 ENV SQUID_CONFIG_FILE /etc/squid/squid.conf ENV TZ Europe/Moscow From 4649add0df8122bb5820b6df2a55876bcf657b7c Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 1 Jul 2021 12:02:20 +0300 Subject: [PATCH 39/41] bump libressl to 3.3 --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5773084..ebd681b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -117,8 +117,8 @@ RUN apk add --no-cache \ libstdc++ \ heimdal-libs \ libcap \ - libressl3.1-libcrypto \ - libressl3.1-libssl \ + libressl3.3-libcrypto \ + libressl3.3-libssl \ libltdl COPY --from=build /etc/squid/ /etc/squid/ From 9e6775a42281947cc54b07324c9a426becaec841 Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 1 Jul 2021 13:11:00 +0300 Subject: [PATCH 40/41] fix conflict with libretls and libressl --- Dockerfile | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/Dockerfile b/Dockerfile index ebd681b..3b7e5dd 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,6 +3,11 @@ FROM alpine:3.14.0 as build ENV SQUID_VER 4.15 ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E +# fix conflict with libretls and libressl +RUN set -x && \ + apk add --no-cache libretls && \ + apk upgrade --no-cache libretls + RUN set -x && \ apk add --no-cache \ gcc \ @@ -113,6 +118,11 @@ RUN set -x && \ deluser squid 2>/dev/null; delgroup squid 2>/dev/null; \ addgroup -S squid -g 3128 && adduser -S -u 3128 -G squid -g squid -H -D -s /bin/false -h /var/cache/squid squid +# fix conflict with libretls and libressl +RUN set -x && \ + apk add --no-cache libretls && \ + apk upgrade --no-cache libretls + RUN apk add --no-cache \ libstdc++ \ heimdal-libs \ From 2e3e78056dba5dd889af6510382d24e650e9319e Mon Sep 17 00:00:00 2001 From: Dmitry Date: Thu, 1 Jul 2021 14:14:15 +0300 Subject: [PATCH 41/41] fix sig verification keys imported from http://www.squid-cache.org/pgp.asc from https://sks-keyservers.net : > This service is deprecated. This means it is no longer maintained, and new HKPS certificates will not be issued. Service reliability should not be expected. > > Update 2021-06-21: Due to even more GDPR takedown requests, the DNS records for the pool will no longer be provided at all. --- Dockerfile | 11 ++++------- squid-keys.asc | Bin 0 -> 95203 bytes 2 files changed, 4 insertions(+), 7 deletions(-) create mode 100644 squid-keys.asc diff --git a/Dockerfile b/Dockerfile index 3b7e5dd..9758f58 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,6 @@ FROM alpine:3.14.0 as build ENV SQUID_VER 4.15 -ENV SQUID_SIG_KEY B06884EDB779C89B044E64E3CD6DBF8EF3B17D3E # fix conflict with libretls and libressl RUN set -x && \ @@ -31,15 +30,13 @@ RUN set -x && \ cd /tmp/build && \ curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz -o squid-${SQUID_VER}.tar.gz && \ curl -SsL http://www.squid-cache.org/Versions/v${SQUID_VER%%.*}/squid-${SQUID_VER}.tar.gz.asc -o squid-${SQUID_VER}.tar.gz.asc - + +COPY squid-keys.asc /tmp + RUN set -x && \ cd /tmp/build && \ export GNUPGHOME="$(mktemp -d)" && \ - ( \ - gpg --keyserver hkp://p80.pool.sks-keyservers.net:80 --recv-keys ${SQUID_SIG_KEY} || \ - gpg --keyserver hkp://ipv4.pool.sks-keyservers.net --recv-keys ${SQUID_SIG_KEY} || \ - gpg --keyserver hkp://pgp.mit.edu:80 --recv-keys ${SQUID_SIG_KEY} \ - ) && \ + gpg --import /tmp/squid-keys.asc && \ gpg --batch --verify squid-${SQUID_VER}.tar.gz.asc squid-${SQUID_VER}.tar.gz && \ rm -rf "$GNUPGHOME" diff --git a/squid-keys.asc b/squid-keys.asc new file mode 100644 index 0000000000000000000000000000000000000000..2f745739ac76e5e140365206287b1de8b3feeb0b GIT binary patch literal 95203 zcmd42bx@sMvc|h{*Wec1-Q696ySoR1ySoJm5G=U62DbzY?he7-65Q`5Gdba#Z|0nP zs?M#te+xafn)xmU#rcAk zuBDc_rMJm{IOC-16SN~fQTbWQK|pQh@;ZJ z<@^f`b|qnX-fgeQ!c%1L^0=&Yi5|N4Bqjg_1OQS;EcDjSkx<&y%*?^k)RB@`V>^0V5B_ivF7Q_%pa2q3TrfyD7-%RkP;himXfSXLP%scs0uWG4KTvEC z2vC_NGJOCn404Ud4&;;0x$(Fq)FW+SXMl4%j$efU^3!fY1H$xP(-d06iJrm|(mMAR zUjWG~Z*FSW6>0>FP?*{`x3@pmIj8v|NcSMRhstiEDhkztlq@RaJ=;QhW>kX*bO=51 z4F_JQ5Y&H9Fokn&wLqIoGQCztfFODI>2lDp3Z<@Er>)LlF~k(Hs)c&!K6y%ss`Q70 zISv9b8?|L(V##E|*Nz6-2IIn3VSj|>_~MVQ0f9kV8EN2AodT6>TNCCrnXgfiaJ#6E zon9+v*75FnX3?9evBoQjRU;S>qZNp5`kZfO-lI#8V3>^T^6OP=VDDmh#82;tMa`yu z^*IXXmu(r{9Tbw6S9qe6lz6Kd4kGYNJ1U@d5HMf|OM(AEK?qQ(rSc4*jxQCwmx6lI zUk^lbslWQ_+^0MECJ<+6riB*`dp`G(zfY6f*D`h)rGtgB(k5F+>20*H|n zH1v`wE z+T`ny?{w03+$t~7>_Z(n-_Ur-UOl~+5s>wYha6WpG2ZcAa5h%ogi5A1riPBDgfgb?RD`^a&!4mWEq2*|=}-8dWB2cYdw~b_$g>P5 z6@Q{2=@NR-@6+bihAnrXVYmc48p`nY^)S_X+JQ9~HB-k1lHyt4hF+#$0DSVOg_+86 z(kJ#qcqn{vOtT?JgDQdP<^Zaw7FoSOk%B>Wny3c~-8$&h=mc1$O0>=#I4MlXoB*A| z0Q%F6pX=53a4HNX^#OYRb85X4Hi-8MH)EOvaj!@YjBp@Ub%LE!~^@Xa!rY&*> zwZHtzz^uJaOUkbE2M;7CEFUtg!y%Z36nf|hksF7Tn5kWJ6Tui@6!J8311oBZkrTYL zfi;LUT0c?zhaDsJ$Ypl%Qt^Mu_us{x)Kc;Le{2db<$G9ydU8WyxIm5f+B0%K(eZmL z!d3G+r;Zx-E%F%3#QU@0eq}UziS^;++Oj*p$=qQ;Qy|`$FNuF?S_52RUznH!c zbqYp|q;s2Q(=0G3c-yXqk)1Ata)xSYxVTrmPa=>t)dYT`+Z{2lHBDxZvKx753t_x8 zuroyX^tMwwK>QBY58s(#`eLS85GTBOg6!jNOZxm=sE5}Wwrl87 zn%!yN)7BD|4fZt8dA8~seN9WEjr1uOggZguK9Ck63HpStjfsnQiu@!AzZ?;pn!?$p zR>Ui_NESwZlyXOC4jI)|Mp_7n!%01t!;>FP8sC~KpC$6-Nyg9VIy4M$B`^2{wx)P> z(M`-O3`am~w}WPsZ9lO22ov{Bg5q$H!2#C=CjLk=7wnzEPgFFA^v|`&M1u)Mr~6BR z$j7AtRo#WiHBu5r`QN+seLmCH&8dgHA-kd=OjKG6p#2(UquiWrd}U}9tF*?amkc>c z#j?nRh2Oe%O4JS_uneY+`(6}jhxEIIqb2WLerHA>%|zjy0cOpVaATeSe?{%D)5z_A zIV-KR0q`k%hECM|i;2vp*wog=Ii+Rg zqj=K#<`DQ>+a5!);2`24XgfpdEk2_Re(rHUu00u%`>-;)I*KdZ-{;ZJ3@TuCJqTe? zFHMKYCPSn%fpT$ud!!loDH+EO!`kAT();A#VWs9?st-=KR;71uZje=Dp|}Y5;8OX{ ziKNiJV55%ouSeDY;gK{4fCfYukI(q+stZ({++wua)1W15{`-VQ1ybVZea#&)$+ zm8*wNd%bY5p>CD=)RdK4qt23R8XA+ugF}}kkD#KcWF5RF=c;AUq>h&ka%{dO=BC8f z4Sy_r%bxnn_sVRoN=D_5iyDbRLePEYv^~ZrvXZp3VfYVL=26_o4-g+1XZ?*#yWk{Y z*XM4vbUPk9Bgvb9TI`b2u9=Rmd=j>BXrnU4Oi-NC(n{qylM-1?* z;e1a8QAAU~CON4~ztA*#m|gU+dr^5%SJ7UuJr0HeU0-C6#;sK#-E z!2948YuRv29B}``5LDP~qa$!H`+Tr8Tq;NKhlyFzx$0YaaOBM%sfX5fBVP~9qxVh6 zFhbbUkjWeg$GU^Xg2ekpwV-sMm@Nkn-xmpT7$vm7+H&t&?Qvv0)F0aSwjK2DXACcI z7w?zP;ONV%4IwKQC7tKu!eg-KMu0N z3NN7nG3A@c~@j>fx|;r4&5yGY{T0S}D$);XChU%b57Ytaa;ZU5>a;OTni zqefegDh~&7`y3e)vXccX1|K}E6CvD=xxyQvzFQc7_*~NQ1EE~GcNqJya4HMUR@4fFg8|!Hby}$)YDWyXplF4QkwRwX z<@HY7F(C%g3(x^o7>=BR{*{w}sjkIvjW7s{gpK6qSjS=`8fjVOb9tILvzctWpedMEmdSdjt^a#BDgrv{nUc0RkE^TB`ZB7ky! zqwEdUt`PdZfTG+bCKMVWk_y8ki8}wsj_J6HB(q8zHrg^`W@1I`0*FSSmAJ!}><8B2 zC9Wt7Maz}0?d|1vx7s$md@2pYoU4Akl_c(9@;ZZdX#SLRu0>~{X{r!cE9fqRO;A|m z1z-xS+c4pu$+S!`_d-7~fwD7=eY74?XDmDQS!L0U(U^NqD`4jv0Zgk?&q#J?G$!3k?Zif=1whc9>-3Gk!=${b{nr8fl80*1*FjvM4)zV6Kdre7@ zIJu!o(eHq0<0Z{@=9@TygsVkPkZhd+UmRJ~#0W+hz`42%@A`J~6g{rdiAs9Mtw6ig1Yeu+Gn-csTV?(78&lk^ z_-{P)g3Elh9IoZaiA1ch61zJomXetcMuozAOl6bEOFEhU2s6WU|C(0MviwhJ_57XZ zv^uLE3fDVNKcsnp22?|*M6r2}HTQZDgpmJC){1Y~LG+BTN-Kq~9F7k}it$EW25a?K zNtG}^KowL<3)bf~;dP#Aq%M3%N+RwNpC$uPp|79shLj%DOl$i#fonxqhj%|-0>-}d z^zprRti51doexS_>zwUWLMuq`QKVI!?#)-~RmSx66yaVolUIHv0w#?F0C@;bDjOt0 z%h%?<7<(%Dx>bp65lAN+UD7Pvft0&Ej7`c%%DzpS?aHDiQgN#-tm@N8ZYDeFse7b# z+~Eo?E*+kx(YGQl?;&3e$zTbPl;Xu`#0MDAgXZlSf7*AZxYW0WLKc17Lm;T4LoTMo zY6#6l#Su(e1H(eq4&0*aQ)+ID$wJP8I)klU=j(fvQ0Gxs*3HBLi(E$?CNE!0k-lO-wxv4Do)#k zU|rQ7Y-<(v8w%fEd6XGmYtb-Al^B%c*Y*et8V}jbF_d98lJ*u24J~{eH(nW~@*J_U z?dV*la`6@L8`vo+AUWXTvxY$^;D8bHGLN@EwZWa|9G##SD#dc$QebF3>EBh0hia_3 zSK_=1k0|n~qhtr*NUyk>k6_GI;f%Efw_M;tlH5PZEPagtv~f#Q}ctgC3wO zCBn;-4l=)lPUogFw`mBP!N zb{o>b+_Td;(mUn;N_t7iRHlwX)Y;J1lu+H&(b3cf=pMTM<1d20ycjxTLt_h5dOHVm z{xCD}S16zWpqcRePJdNyFlHeCotYr4P%1(S`tv%r4Um=Zu;$I&i!vONXV`rC)mq1! zo_iIL>C#3hGrQD_0Ab82-&MUW{Cc#}C>#V29QhyTwZvqI%F70Ya}4T{%^yl`8>CZF zsOB7QPA=MB$$?PZkOPs19ED?*@CUOnBy^H1M3<_k-SQe8S@4#hlwnD?*V^vurk2da;$mbxuQ*rL{thflxBW3d^ARIoF z`VoBN4#|~GK@_;f2da|EIF3QbGX!9^7!y~COCbAITYAc(|ZfgFsHa*$X~euh}a`Z?*HK@#*2Et*D1 zlQBvh9y!+4{NqIVNoIo8Fc0fgtRIw?#_I&IDBT10SJBe5bwc`}U&6$}k%6xPSj|Y3 zmdie?v*VTAjS9Vg;vxyi@`J>1rN#6}MV$4HIOGl&O+e&`17sD#_K;w5G#!6bH61Ik z#63%(U+`@LMfjDR$k2d7xrQc)nub96o5TzZSiY7|@LXI{%h__9XG~15hQ+QK<&gx{ zrq`Q;Z@&2=f-HZtG^OeWW5YAwA`x-zjA&^`pRnWp0IfY0qOj9X*>$rmmb0Bc9Fsp9 zw?bIv*6nA?{xJJf$<3 zCJBMoM&~2=A;j3ceE~Xk3oZ0 zW5=eLBnDNWa@JC5V2X_{${Ghp^wj%L8tUX)gZAi47tj}>H#lsHM8&o2Z z9;{6=@QtDBQ7}O_0ALVM4;Y{G3TQ<+?6B%e5;;C4f=w^1-t8+9-jg|_T@W?gc{0!O zd}IGfAP*~`qlR&*5TgGj3T3#V1|;0pq*Cr@_=mO~Q&Qf`meg-;^kO)+pc$p!k_(+> z4TA?5Yibk=mS=SLaV8~iTRJnO)P?U?wbLqR_1_USY-q%QB3(*3tn0-(B5=3z1DYeA zDCyqbYcB3#Wd6vOe_*4T>e0q;l3fZFrAJ-1)+BIRw4?DTX`ZrXZ2R^>6c-76;X-VE z=cZ(NS5Q6T4ifv$Z27V}EQVpJW*Y+j>y2zXjeD5EHY zE$Su>xb*<;jaDh3)d4R|9vll8SHMd8AL$Jb0rQ;R&jI#3k4NYM8HDjd{1~MLHPJBd z9$3o-kMdfg3jmoOHV1k;v-E&{5koO#jRbVIIP&4=-Cw95N)@>KFDxcK#$VS=IMeK! z%bm1Pl1iJ!2%#hpTfdbmuB>AkpMDp7CDFo(=%18A%6;d|>>;a|+RfcJB6UyKS~fNd237(uFSK!T();_H zC&ZwLUW*+%_PJ7N9za%XMZ~Uhu~#TKG1Cpgk99DR)PE*c<4V1nr@pKXHpB$v>u_(<#$w#0+D z0ZGv*El@2M2R(6~5AzPlQa6i~Ev`oU->F{B8gnAB;JD>gI*GF;Bk`7t$lD<>RZ`BN z!Up+H(|011`~U~E<4pNw)(x;zXUn(CVS}lr3VSU?pZxT`Y5jhORC{0-$PcHOyahq4 z1}^w$cT1us+hH5Nwn1!BcAyuV(~;Fzp3AaW=5abcYAjrXl2lOZFk%*;`&8MJ;2aY7 zV>9APkdyyQVCimwi?S0x&UosWZfRfC`;I5pr>VQLkBL;7b##)ZwhorogmQKcCXP-H zc5exJEq;9>_>Vtqe}7I7yiDQ;Za&Xv0C4jW#TVCoj*Sq{o8r64gZFc)fJ{9E@W{o! zA3bxjU&psyJrZ-1)zkr5;TxQ)T4tzrmqIt}eZv(!kfK$rVaC5W&$m(kxP1DXB@F>8 zrY;iw&%2Zzz1U8!A(q84OF*W)8b0oXS^f-+2Rm(@yk?YXD5NGJD=Oa{?#%^(fcSJ? z7`BZ=9b2~&$Df^2R6bSfd9lcb;9Yi6@3$rNfgBIZo88?B*W{-)eQW}4b==yIqkv44 zw>WQTN0*_R^$QstP-z$+T@)mkS3wss8+eqdqqD%&GL^k*zw6cx?gPqeI3=A1km$ z2W_q=Zkp0)TW*;^Edg0UZU?E@EDx+YjwdY5mahg&HbGebaKu!9@;!475i9N4UH!;H z!~t3HJV_4zJZgn4Z>(zGC^Ue*S#kqp z5K-WJj^4%Ob?bazO z6JRA$mSpm7js=kEnIM8kQtByR)lt^K7HUL=`ks|JOz#(m00LAbYUzCs9LjyDlaMP9qQcUDS8AdfZoh6lyQLc&6_~wmNXNhd>BxNEPHSE9 zbHxU(OKj~sA@XYbm7j7hgkzOp>-9lpe*RqG4TxVNMaWEM6A*+^NW}x&QHv2tgiPzb znW#0r0~t+ecTZ%W3u@!%_K7Vsv9LSBm(y(0F8#hUnYdx(St`Jc3VyT7_ICf=95EFCFyv!QSc9!xvc4rP7)>AgN(wyb^-UVsPETCBcil zGcIL-8klm^hl&rcb2+SAP%Sn_H)36SYf+ggZ^qW#2H@m9f; zlHB<;Q;rRg!PUr$FGN*$*@6(yG0=$BKoph3_DCRM%rkjjF&@`}9CQMl@C!FSl`z6VnG`|Jyu zcXBhI)zQuGRb@Pnd_trGWYx@T5zNLH?(djjAuH;T&FJS~rvtLm!5!L)L*HRt)$aEH zgl*v{!N=Bp!Px~Nc;;wF7la}eI?b2t1CPV4#B7*z>fJ!K8zZa`daqcQeBhzvPSG&o zua`}%@(A0;N1(yrSY1`}ha;i++5DN~0M7odZR^MJMHCu6XC z_(xPnV6_K3w;(6(31uM)XW{SaiX0b88TgXZ(Dck%L-c^zVQ{~l%m8Fc7(ja3rnvbb zx#=^|(GXUf8>Z?2GHujJ>qAtxo3ANRBc+lz4&>O>5?*k0;MkryM;!zxLvacNuXnfJ%?;8eDffD8eV`Vc`Qm9|t0NGLmWJgRgvF2NTZUH{@|PB5gl z<}}@SA+j$Z)3$RZn|frTBLq6VB!3|FIB9je7?71lV}or14T*41ys!RaT)THdDZTs! z$FP9xnWNzLpjg(d&^N*kY^>Uh=@E%%UTq`niVym{~45UUCwcUvff4faxBKUe>PHX-SG*<)I#L#JdOs+62hpPtg+S z`Kd-*1?|hH^#jGfTWA^s$oc0XDWSLC@JpXB6kGY~oIhQGM?e)!hAD5%A(X4LxdOv` z>I2#Z4{AV`Kl#9eE20dq*%%8JjW(;z!ia!kSnKa2Ktfla`k8Z-Ly%B!YHxQo4gSd1 z?yd9SzOnsk-{tYVL6~OM_lWZ02v4#}Z@y&v?=C6PD~bre(Vz5f z##E+>P%Cb|6F-q5O}L&^j9{#uFJDRr+_-mwy*dL6(N1&Hj$hc9NCO0o9Wp$ixC11@ z=+Erx$p20GYisv+@8iGJ66%K&dw$B_buaN5@I5JNKwSz?oW=RWZ)p{lI8Aa1asW#% z_D4}`3YwaPw{!(LNsIks4moxLh;PuJ~*`PHIsZ;+5%)6U(gNjT++Vc=8R0Z z+_f;uDoHv6WM$mHhBfGe@W0Q{u)8a{rO_4dc?{G2_4e@pyW;uRN%gxj38Mm}!y1<_ z4cPNiofOAjXwN`&PnO()LXJGn@z;NXOhhDO@Ohb;$UHEU z7%|KePk?mj8p%8cr25e-J#S;)66UQYf4Fi$1{0hhk4|*H1jTf@$`pwxY+C8nM^T5l^8FF#LKfB6V(Utp_gYjN(EV;0)^i(~YQ3UF)R z11oT+z{MO(ZfGmAOFj6`hHkx1yH9^Oz|KPLne)4|aK-^-<$OK>%Z-eJH^)7ksV&nGr|EwxB4hrO$O<1!BW1xJ0X=b7`nv)Jec{zRCXg+AxoW_dOJ zc>x9|UDoj7AAn5FjBw^?=0hnmH7CvLFUDgu40Wh~IKa+=`5^R_O+y zFWv6b(+ut;X^UP6D@Stz6tGP!T@?-^BNf5a$T%%DJ>v9vuVwa!Bd#?d{LJ~?5k!aq zvbILASEN5Ti%h|&q@GO{m40iHm<2juwh0vQpdZvpX-nGHoVb3D?jAfJPXFBOMBaRN zd*-Cy6TIT2F~(FS0%WSw<*7&In)@+in4S_lxfxn-t9}BiR&6Lz|6SLS`j!W}+S#Cb z^-~PuACBn1bQa@$!1z(^aoA~z4dG-9&%(a7=^F3OrOj>`bDVtR%B z){?N!#vR)IQXW&zuQu>u{k_8(Yt?xFX1%{=M}g1sD;Iw6IShBeZ0=bsSAuF+?GHb{H|`r+Zh);L z1!SttEbAqk@?bk)?R7panjZlcU6UoUlh(5DT1wV_pYr?ZgxjMU-r()6)-Oa*Ser6p;G@_Xdv9=ug zdVppz$JA@4Wn4Wx6{QT>_)Op(;4;hJaz^MVe8G)9htZ*B2x*eB&Kez%#+9kjsf`|m z_JJ1>4!OyZI4e{;)C%*T-I@&tA^vre!b5-xN4U;FfB{gQ0ndy4h}@VqpkD4Z2XtzS zY^`%X%P==H)m;g>A21lWJ@Dz*o(?q#r|Wzm+%3~1KEB^{%e=@UwB>bmsBz$3!IfMPlv z_Cw&g!h|e6A+?hM!0KK%Wu+n5ujG6JhfO%bl;Rs+!*Lkj6eXw9BR)(%M&HeFAvB)k z)t+y(PCY{1^;?N%okV}PT$h_iK&R|Any$8plY%M<$z=>!pH*scvoP`am?L7KL_zPrSTyBflJ}Ln%OT2;%M7%(@PF6s;+bAx%lN1*^5e+nk zWvp5Qe~Ceva7At-2F$INSZ8(9l_ihC^cqS>0-nU_-DGFQB4@Ne_A*>y?Kk&x><@QJ zUnH+L7kUv0!!54dL!07G2w@LqR|z6}a%WW8mIvO?Q(klDQ4Sm(C|PFLr6~Sz``|oJ z_TK0zDcD7dt|R3q?=)J*ZL*QGV@KS`FoG~5j3}M44Qi*FyxkFLqabi}8=i4%Da>*6 z!7C}Lbzb${a`n6CY90u*Zl;M96NIv4e1VwUz5{WE)c3H#Li}#HeDHWVQB`B zaX#`Dk59Z5#D;~y;oK^Zrg$HC(Oa7`=cOw)R0o?%vXwAV$zpx%TTKYjjG(>*%Es5z zX@;sV0^YsFWPOwwy!4c*hc3!!uL%if-rgxohW zMh&+yEdu;1-erhhj}6-6N9d!}qA78= z>2wrruDOBzuv(AkEnUTzBK1Yn{#~R}F{lR=`kUI0#~LIEmG-a%{gkZ9&*Tj;UbE%m zV+BqW2!!}KZXt&g@Z(%R?r0|>=U`$DL6k|GOULe5ALtU}jRrKQ_g?GhL32*2Mb0vE^4^1hCGCSF z_F%Q^ILrrF8nm3EBT-~9wDLm8B1(>2z7%Qk-uUk#P1-{}Nl1h}B4jQNQ>PCTo_9y4Uue!F3S4I8&q(MG|W|5IZ z11WR-??jdknUl-i;|BG5w>oTk&FYT~6H&jUcxa~t4nn##iSXSN8uM(^!P$dsFF8xE zdMRdI2tZCKH$7*1D?I z9rp!=X{*4kqf(KggUxGY@%!b-_DLD?Ror?IQhj0Cw=?t2hA%r{NghU-8gPjnMSymi zoy)^n$TIgj7UvAAp_g^x9B=qyeXAKP8-Tba+bx3u3#G9apI7pJ@|xwc#DxG~Y^W&o zB5)C{5a~n6hEw!uZ)H~jsL?LyM|_VS-y_1c$|p&_hA$!JWAdZmI(Az5i#?6|DLA(RLOZaMHv459x~9b)<5dpGS?y!M zSbAqKsAgLL+lV?W&dlT|ORV+146hu0hx?zcmrb|_2Iq{5!CZR-vK@p;;b4VWnXaM%c&wAtdZ07VK>8w0G$f0+=z0j!&Jm80c64rN zJY=z81`I)n1Gx1`6P5@(>Q?QfMd=LXvl@TY)2W<)sc{~vn(EOZ;Mi0yxG4NWv#RdV z%!mrgV}ChxrH-yL5)I{G8IKLNaGaH;`mxKEi#3g+T6!#u8jkYVAke5%(6G&uTKz{Ry2+vf=r>GtFJ5rOl`vCYJ2bZyIvo7QJ5DZydrs0aZz8{uB&#nkodF zTeu?5m{|MM_n9w6!bzL|yGYfxP*2j_#44d^Hj^7>?+}#1MK~T5HMZrIa-5=Z7wPU_ z^?vn4S7l;qK7{q-RCG_)gi+NibCM$AN<~1Ro@nqAs-V_~R!f3+d#&BFp?EOo@Yph& zaC`1BJ}pKSxJa_#y&>h-SubkGr^;TFzmC-)PV16Xf>rc-0zO*~J08||{;kDzYYM#U zDKyZGP(W?QV#J`Qg$1pSnT{2@!N(#hB=3`|y1)z*kl3PDAP}G7jCX9uaL_C%Gd- zV}TuEbVd9c14+WBd;HqPVOw$gW#csb<++OdZGA_i0WzKD&V5qqEOGXB01N7dMy9px333;SUxs2^&H5(%)2<7T*fXphZaJIkJSP zP>$7VNBS002VtlN&>-WFzDs%BI(80>7B#UiD9l#bx#z*b1?XnB^AE8qjPlqpIV79} z9?0)&vBxx5#wdclcuE84#pl)iw!R}efKQ2;t{ibPZ~9ARKtKdeYVr#pUY0!RZT<#LE9a}l)4)R?QjMO1Rgl4Pp+_Dv6~iXteSE%^qOKsUsG z=NP^PUFmiFYcH{4;p` zXdAt$7_J8(Q#MM!odG0D2&ketL0;Nnhqh@*xbheG}k{=Og~CM?$mV*L~w}>)XB?@CnPi<7igM z8gEN5_O7ApI9a#gDie^wjNBaPi84apwifwA6qg^zE2y{U1?OL^Z^HvX*2;(k%}`f> z3!jh;%5qpd>AV$kEFcXEI;(cL!MzP&)cQ?VciB#egW`qjCZX&9tIz#yeIo?`vPwd3 zavhC%5HG2I7-J8u`oD@5H38m+(^_9mYayd};;B2-$A~mn539a#0VV#$`Zn|fWa_#^ zy=^QJIq1U%Kb4ZlB0Au|19~#)uauyn5)ytMRP&6m=)*o#%_lsk>3^`A)BS-zfgM*d zm*8dd4bE&mT3piX5E1_g=$65X@bk7u9-}G37NE~I?lD?UY5ZraSsN4lNrO=Ft-nK@ z1cW_K>N?_EHLYZu>FoB6CL z{nZ95+OQ2U_K)8{g#=+B#aWW{ zr=!PfY88Rl?CN44LfT(K;!xau9EH|)39Kt{9EG)0&RaW|F2_-OcP?&UwED*8Hn@)L zf3}((P5(M!A^#kdznx|^cR)J4)N~)+UHYLwRLM7!1w@}9E^%yNh*b*9Op0Lw|C_Fh zk$_~SE#=UZ_*e{;qpmnT@skkn+CQhWwVG5T^pFBZS#U0oh}<601&~37 zDTC<6L;RMPf2q*4Qyct5%a`IWoXuy>Z6nIrRRpMOKSne|lPZJ+&$jiN8KTZl9 zP8f`XEBXfG0hOIEQq74k6o2z^;{``r@|Q>d+axXp1KQjOYm(=KO5y6zuW^cnK5g2p za@qkh7)YmN^5;apYS#I+y>g~SbZl?S|HJt|G>QK*#zJEQ+@^GW>fg$it&xYeoz3Rc zJQiW9Is=CgdZpz7SyJmMx_ z#g12%C16_Zq994~ymaUiK+CrQ~lhI0ZFI&48Cw^r#Dg2#WK29%K3EpeNA$#(j?G-{vo%RN!T%|umSyix-0#f{;= zn%}|YfK0czj9b#oI>|mHfBlQ~+37>MKkNBd z&i~Rx|EC@OY@(w%0*74wjW7NDw7>0WmPp|HY7}p8w^rLTM)`<)qLtJgb>oc!Jp5)F zX+`}zBTFlqDf#QA9i1-rDgIQx|9>=#U#{-2gEt1&V2|uk{g!DeX5yy0{#q^kgQ+Oy zUy3_kZg8T4XM(w7y%g!+TG=K(P)|N-`DuKL0?P#j+CxIBB;AZV0EwU#fSW`~!)BHr zkMa8&Y#}rJch}(#fC|#=F0h~Y)`k6^==0P}$*j@vb$jV2^Z3_2$9XTgp!vc{aY)WMhNKAGF4^wK+B$v6=Q~e8_TFQ zATVn9Mv$y>lfA3!=YCL>9$mbgb46Q(IcxdO;-GP8F!U!)DDq|Eq8h=yepzCU++3fbrB_H5ic(Cl{)F zM*8m&D9muZ!D*OtXyWYa3Fr`G2b=`r`PSP{;9O<9;1*T8EqnP6GxNXgn(-3$wl!Zs zU!D=`fyJ`_aCqzaDQyTYr(yJH_j_f;C+&~DX{re5!ao|Q-!BpacGjp8bjr+F3RSaa zC*s$l&|`Bzr%DIJ{rbd3P-@bl#Vw{XzRH#Qz{h;%(ekgOL z>$4VuF99H4*F@b zQsfN9pO@3b0!&}6{WNXZTEjGox)hd$M*fQL1Vua{FgxEVj;2V%5eM5&M@O>oVTe?v zWgnxevcAv{Gn~7CjZi(@G;U)*3A~a-h+W@b9gG3o<~Z63e=4XipO2UeE>yNZ;B}0L zO1T@{eDGXXyIc1V&%=9!QTdyeDN1Vmoem3QWV$4iPf;;Lo#0B!q;o0|~)nua;v9_bdb z0?3aTGEI(NU0tQ|swA4Z1QYX2U)(lcN!W&qu*S_g?lD8LhLrlxwgnR(&WyXypHL9L zsp0R1-Vq7V4CJ1Jd>5{~FGKPDr-+J`2+4$bX_URtB~#D&gaD{uvQ?Z7G`+J$U;^x| zfdRRK&#rcsuX;^=ez6$k2YO9kBAKoCa9vB^kU_{b@h#`;<5&{E2oNc{9C3~%Jr-R? zOck3Y1kAcA*d4W~K8StFlAg5a7*Hl080S`%HVHH=cp)e6bNHreY4-zzn3;bJ{4F zvdO0HHyh7gmG+B#Ri>f(rX%7Kj(@C5y$3~uPIpJ2_2J$M`&h6u2t>aFqNAEREWRZI zK*!!g&`|wCq9)Z%qqc5#MTyiKRTKSC zpLUO7n@plWzq#iLgpcft82zjx_EgB{0O8^}Zaty}1ftz3nL9td+d>;CNVFSgl+6jxL;Zeu(W1%7=6r*~qtKB+7694jUY|vJ&JmULgB4f^kvm} zocFuc;pXXy;%C7EPm?qOV+0zVn^{)r_Qe7Ct?<@4(N2F?Q(>PSL&wbuO+L^t{)fvL zO=Ip|Cs1+$mmlB#44=SaNZbs?-_#7%8^i+8pz;uRk~^vb_i3emMjVK8H8g67f?vY+ zFoL$B2+a_;muzuYNqk`EJ=26*iRIwdRj{(kwQ&;3#aBA$L;I$VKvU2zK49p&-j%QO z0bJ7Z+Z)w|@4BpMYbz|y^>!Ux4nZcq$?vj$oEfyy#2Pr zI4d}?tvK9t*T*JNZgQZVD!}N(vO&`GO*5~HS}A!Cp&#Szwlz6ne7)h2DYA;Y5an9&x{kvHB+@Qi_SLM+3_SRt z{^l?RF@A0MgxkSV6oeR#OC;W!0BXj>FwY0!8mX68O7m;9TU*JcLLpulAKhh_w<`IL z?pb)%+19G|$$#{y7x!`w*LPRWIv3vJy&stdFFd70Z?^u?DTxxE!)K|KwNn@K(d^@s zAc+xAy8X`}i7~-E7{jlv%EHPQ61@;}`}va&Y~MsUHBCpOYH0>RRZu=f&Xlw`r&(l% z33Vk4S^Z|6;Nb_?sFJx@Q|{~6Z7af<7}j^D-%%B*gK#j;>IL3lTYQnxrJ^a9W3wF1i=&Idf@}><-Pf+UF_3;D;?z-#bTqjc<9*s?)ds zlZ;Y;R0F$?11Xy5tfBaozN|qnN0pzjKi6wolHd=G5vhX=b~EY^N*Z~DccqMtj-pt% zc>OBW=HTJPD-pP%gvMu*;(>>pA7zriv5@gPn01Pu$|GBUW@({qqz5JTQMGRBE0jdf zk#@eLy<1$*un2wfLH(>;Kn6&8gA|Ek@>n>Gt!ReV-0;Ze7AQDu0HJV7i@9#(4!>92 z2fk4OtaVm{^|R{~1k(ZCB@v7v47 z?65apK9manv=zQ~&p&E`|BBu`Y0tVQ<_y}F;8@Tg)STLh@PmnDv#4qnOFwHP1KtPh zbPPRs@#KogS75W%iI?pO+>SCC99e;0X?x4-J49bzb0{3UzM=-{#l_uj_?x$|GGgRX zT0r>`i^ljJ;yDa-J^TqXP%dbF{F48>T!0Vo4X$E|;#{QP5@$~nqf>}&7c>%LfDSav z;ob`x|B_#jcXh&bx_lF(tq-KLQ?6-~wB1S+n7Kj7; zVL)^1WB;n;jO6bZnFos^{C zzOUsQ#IkykDne&N(u(j@asSr;uQss1%LNP70COjJ=ldR)pwBf;2d~%D8BC@7W&@Nx zFj9i#kDa82s1TMi58*%A|9N5T$$FlZ3%nn-%>#tpolCp^;tok)mouHoAtr&DWIiHm#JU^(W(=ZUrN<75|4=TNp8UavXnce+8nrc|p%(C9?^tAly;AJVK_)k4)_R748j z1$HSDkUGR!%SXe$DsHsQE>k&Lla%dG|5&rSTFX*7Z6%_kx8`F(lVlXV{avpF9=66Q z9XFwNG2aBXO^Rd_)*^V`UrR>L7ty4XV^lT2aqxLiRKs?0v6zGPB~hjNmGkGb`3{M# zhP3h7m~|tOpsOq=d>k(=Epf5;ap*r6k1Rec<<~L%OS#~`8Z%7|Y%HuTO>F7@^kzOU z92h)4E`Jve*bxC*AE6imvGONldB+x)<|?wkAUSsdpu=1$>WlEM>Jn;e8fA^ZHk3Y@ zhWdXg99#laIzIb;qD0)xZ3pwzkyYGOxbW(x4M0e;cR&C&Y8zFSx#&A2oAr*q-|>Go z%Jag(AvREkZq$829(cHg7|c#!Xp>q+`9jW-R~~}5@jbzL zRyYU)>UYj}_(p}=@WvSS^yFOEgqHHeb&jCyIPY}h$a11M^C@?ZY{WwTx=nT2f8hM1 za4>Za%C7$?hTR)dBx}<~u22w>yy5cOhy|4K@)Mm?jouwfN}W7-PnV71$v~*s6P#y- zgBjq!(kk*GKk2N+q0+AI-_TTYoxaip8g-gd#Y!s3IP0o#Qtmfax-6JZ!KHz!>bfkA@dW1?!S1dA z-1mi7ZxI^Wk%XH`({wJ1NME%xUxKoeZm*ezzG){AhZ;%1NY?!br6qat-h585ha3Zi zjDx5|K?_YfO{?Vdcf@@e3{;aq!;kI*sZP?7Hu@&Bu)f24T_L{y7xjPEBle77-vR@6 zT=5H?elZ=A>=<#6?TZguN7Ph$K;g{$qAY14cC{PsB5x{crns>zrRWb1K(PO%QvaJ^ zmm~mXpP^u(L`gdUKibF7XeTPp^37~*N+PkWYf0iGgb0iEii#3e{h}? z$mJ3VF~M`%7bgGsp9Yfw%uexMk~aoi;#> zPjP+xzlrfIfbgeF3d1U3w59OhwG`O#{1wtM*5?n(5;Rv$pQBEY_;PMd?7NgNPN($J z;y+W*g$xk)lNdZ)Pij4zjB%MgP-&NFzlQ8#Ge%Jh2zoQuh z`6Iv+@JF#JznPoNDtg1pP$h3jYG+Ol4^z7H6^Kk#4Ssn)4ar{aGr33Gq>tq}b-22p zi_m1EwCA>*lhQxndd+*`iIVhcg4~bfJxRfl$Fy$}e;)M8mtI#kPNt%17C6^S6;Mxj zJ_VI^sHi_mI_IT;H5q={Zc(CR(|7il)$-ocu+2;GBvTw$iPWd-nC&1ul`C48rMO;) zU#U6-^z{zxQ}kfi?MZQOLaCT$(t-2#;kX z=b&jmB2`MY@{AYIhxH{Bn9iiOQrI>XO(lsoKK04+AMuO|8xFqO^s~ zwqJy7wW)4L1mu!ED=Z#*veWjGFgRYdhezJ+o}r|RncyB*Rzx6ldx2Q+$+GMrw&!+tTuZ@=~XTEU{@9eRSY!S<}w zem?Ybn%hd*HhjN>ia3UZLRYrXfOr7*kbN^WX+KJN_X- z6E0F^AgzhwhtgZR)+BCe5*2Ng-lRG0U23*pOCua*WjQ4TBS%IcTHgzO!>?wzTAjZ7 z`0Q6C;jD%*XAt3NOX1$5V6rHn*WDb>WoRTKt0QA_-0b``R_xN0{b6<&Cy?R?_S8!l zAw8fwsjED8aBO#O5yP_X6tGdaN)0d0*L~q9mOTqL{P`pc=(^q{U2_a<%qZUdQT4A; z&A6~Su-mE@lxVm-1knmMt}0z0V6EwE5k+j;Bu;bbZ! znEmLvtVvOD@5$Um7k0sCT(r}C=j{ZiArpbP6h(w|G>fpt^Lf2#$`1_;m|*Y21esFGBmv?oKN^PGv1+n$CJuf@#_k+goW`PL^bx z`>C5iJyCN{&Ni-e68={Og;$8&h`wF9nbs0ThJ(-q@%mE`iYqI4lr0?CHQy%}=84h{ zK7-cm$tDRsk;&$?m3Sdj<#9agUe?W@Q4gV9WJF{kLS4j6BJr}_Q%_lzgwVqw(3DCb zR;=6mkj+ocMhByp%kq=uuBOQD%A-ej{zH%duhg^RXP7$zfBKwAN-hQ?wUwO6BkI<- z94WjGft!x&q7-9|C+|c*k#I^&6P>ceZAclu=fpsa)Hq?kPV9`^$Qwuzvc>AMw0AO4%>w2 z<3F=I5ash+dWqkiKOkKbvhOEyq@uXwFchH1BDm|pHspj6Ojk8=QK;=1dZDKGqWkU6 zw-@;QlCtn=Oq804xnE3`6@r6JM}AmxdU)gh416%Bl`^ijXcyQ<{-yW*rA?tWr>o{1 zmb6$F!ss9mR2r;#e&zf|68)D*xOX%2v3G+hBWrb?5>Iy0zf;f1J}~#xzci4Q#zo(1 zdYY=9XX+T_lAhJw>Q7so3aq+9zg;sHMvPTR)= zr&v2TKMA71gdvU+C|u)kHAJu}FSiAaGks>^`4;=`Eo+5CA(cxQ6@#nSp0)MdyeMoZ z_vcH_v+4ksTe}?N$g&HbO|<_0teCi&i1|zmO`!$EAO#A#P_^{0aCZGv$y6pu3tK!S zJoa|zQqIF~RYS&52bPVfr<^=(^7g&H7{5dc{$ldq4%HzT*92jH?Jd-;ak6cwC z3!+MBhxwg)R#{di*^(-=bRe$d@7-G|LOg1CeQvkECKxNc5kMbV>xNQZlDS0tfraXD z`12jZ6zqw4fV)Ep^=WW3f>&|Emxj#=JI53r zW{I5Jv@$nFA?)h5s0FU&@$`}qwjqw!hHZ#h9n1Sk{F<7l@7?x7*BVp0TjYKWq=tTb zt9B0A^dw0CPCfJ2!`w40nGNrV+G(-SP(w`GGogarVtamu8J2@fyTrxk^Lp4J%QTxj@3h`eS&YN?>GPfK87!w$9Of^!UDQ<;YYOLJd%}N! z(~-YAw1Aq)VrTBJL_hUBIn??snO_)@cT^$!Z3{u;7Mt{Yi3QS#8a%P&1BRrSr_lrY z{mKn|^6Ao|EULRn@gU?&hCX5`i-e8o>ol?XJp31=pCXz)b&tt2R7OaIn|jjatedu2 zzWFc|R(026jEeQf`r9EN-QOsTPL$*qseN5Q4CM?EqdY=1=w6Qi5`rY{q$4wpL+ZXz@$ZK{^FaatNEK?6Q_x~lMnQw(+NC)(r__a%MW#y&WBvzLq&hlCn&-f&i_a~ zfx^nCh}sc}j)VQKuFzJsP9K4uC5Isvq?SxAM{Q}MCG64;J&EE^D}Au^-G%+B5!5q+ zoremPC3XFl4~--u(27Z)i!;tn+=zLg0nla2tr8f(lp&dZyXt1stJeAKm^SbvTF(e} z3Pym#qzSbAjos9Q7J%CXG#aBf$N3R$*9UMh%`D&EU`JTwW&bY(d+Qv` zgEqFnr&%LaPMu@iB>gdg2NwoRWbOkmqnqrdRpZ*UGr0$G5Auv{A}4${0bLxrkx2H} z^VONPF|+UYJH1kK!0erRhHTEh`ymkED{fB=ZWUEETUYF^X6GgEGFNHT)hZ@bCY|{! z*tsHL$$kRGe2DPo^Z4*3g|V75Hu+{3;_{Sy+pgfL-;19c_?O@*_@TF_fBf%BOa|QZgHL8j*2*6k-GSCA;iClFc1A-u|zAES_<($-*}Z`$Tqz$W4lSDe2fBhq-|Xk43=phpw0=KSeT zn4c5u7yxtko;^_}1WnH{^sor^>$hPY!HXoIeL|s+v3@-(_8m2O*ZvGg!>Z7g#L6F> z=X!iF2B81l6pzHi7e$1UIiiZ{0CAn&j1mG6267Htz(ft&8M8i&DX2Og(G7_5{K0un zutV&DvU4L`nUqv9tsqP8RGlJdV zC&1tYadUo*%^`6=gR51wk*#&~M}G&(PPIdty=b$4KNi1_JRfT{ax%vCgwF%?_$QD2 z(BA|*MGPqWTf!xHY0LE_jK{i77&bjHJuL(+}sz=!mf&}B#cC5u?Oll<^nQ2 zJNsZfT4+H%Z`^8sK!F84aTAQ3{{Q7B_!bN}#rSwqEu5H)64?=#V=xGY1;E3mL0Q6) zKk=JpE4K~AUl!0GR}@BDNwxe*J)V306~IH>lR$;&gMI&ogZKSQ?-J!*#Njd4deXS0 zwG0R1imyMi@QaYL_9j2)L7@pA#_y^WP_;4A>V!(9@NY))r6MvHmK>-~U*SzE* zCos}q(|yD?r9)3((DF_>8Vp(HX2KzI0*hx#Hvb)b{D8SVw;AXK_uJ#U3|Y~J4AjRE z-RY-yO1e?zCS1~>wJ*zrDsH@ zbpCUd&l49_dSewGwm`XB)hyqlyNxv31u<-}(BnU?)sb8GrtAFvMYhvm~ zPmvF?K2%LQJo$P{}+jGkW62bo}9@8M>EGs(uqJl}3Vp52H zS%wHpVpe~WL0Lo5VBlVMk!2+;7)9h*hScd6r-)x&jV5>mMep5Yq2# z)bYxvEZ#7IGEm3C27=Id_1FLcJpK^z8z^+|0dWrnth&875Q6l9Jg%DMdvUG?Mxd=UgA<1((>A?P<(9-|%AS z$@B+0k(}N)A_q;zbW#S{%l438X0~l;smmE6#+}Pwj`<)&y_|xkt5&gsAK@38E!@4< zHV?5i+nJ=fiZMt4p}aK8)o4$&(}oz!W+STgmPvm{!AC7=v=%1zcL#^WvjoDA7nJfj z9chC`i#r|V0`Hv^f-$Dp~ zz)95v^i_EL?)p5b<%oVgpV(0}Jt75^Ny;wNHfL!R$Odyj;ww~gTFQg;GDR^G#twp&>uqJ$!I?Q**(wmG{;C# zmbr|>{Xob~D@Bnv2em%C3zQX}>L77S`tc214dKRhM`!1)jPl_$`Ns=2{Y zj~luY*Zigk?{x5Bm-9vK3J|q^^21#dY-mEv({tFs5V&`*!xjE>er1CVdCyfXwwu>C zdczF~ImFnpoamY_Tv*ldfnVuZZ$-kqTF{ZFrbOS>+M-Vj{1eOKc`X%Ux8jRmNoMj% zsA~#Dl=Bw>q&0_LL)X=~UnwLaz#f)9X4Dz_W6-DgPpAeY^QC^6$3r_(9gE^q2`WAr zw5w^M`jp^|g&Bl#m?T>_Tws+u(-w&sdM<)`xGR05jln51| z7k2wwLNq$DVYe*o4qdyno>QL$h!d4iE|#-F!%IGTRS_21OSYV-VX&l*xb= zt%z?Mb7xUmiKkvRVFGS@+ogg^PjH@T7T6Pk>vByAB=CksGi28@<7a`gsc^NF1DeBj zm}6T$g5~$KurtIUD|Gr91uOr-d7gEGfY}>CL$5sxL-Q(`o4*D@66jF6uk}9KQhsh6 zN)oo^9O$GnbNL{pTZ>=u#3mEK`A60%z6#1xIpbeA7^)5<(5v-iO;$sKxr6!*eB(fd z+f3Os7=D5j&F@Atmuk0J?s&4EXIbaOEO2Mq%6P(+4vV4FgG-}nb|Q@}RCGWe!6@jY zs(wp1zjsI@QNSqlP_jFJ5}*H(b*6!`qZO8$cG~4g{kyEQCRk`B%ksCP07}DPgK(h_ z`sgZ=m=DToD85@b)a}oD{zujcSftnN@9zX~D`|MiS-zEUju8l0Nm&AAw+_I35T;8W z8JCMtC_n<=&s5?0{09ffIvJj3on~jC>?}H%*Xy!-#BY!sv@!d|HR1?2QUOhe80)9H zWNdZSwVTmcJ#qm0&#YADrjes}bN;s26)$UzhVfYe`Pg&q_hmS>7>&9@ynJ ziev`;3ab{$$k6Pql&|LMn{@Gv*Kq&b1Rx(@c|*qa9SZbqH$RLb8#B$>paeFt6K307rd~0jFRQPZOv`i;3hhqwZxp36 zr9*;eji|KuAiJjsI?AC&MSJ4$Dm#>o^ew>GCkIAQTdZ2V^vb^c8$$U2MW1RTz84C=O=p2^tAWI2jBirOvD&pNUhZyjuccli>u zeuDFYbm%KTx?@zizWz}(uwWWRZ<+uDxy$u#wLDvKm+xM@Q<-6LJuK*}?l1`vrB=!n zYKC}p+9fu%yrm$-OYY>aK93Rx9}%G#1IoKD#x$|p5#yg$jWxO zGV!|9X#{9!a1tm&%aS%vgY>Vef&_Y)dzNJ)GrI=SE%d1pT>bO?bH|s1371NhTJJ<> zTFGuRx99_zTOB#ul@Q5HV}6rOD03SKM|lW(=8jJ$Ss^Ag1UY$u1U0R?jCFf-i*Rym zlc>AED^~T+VF<~-9F%eD&RS{f>GH9D!Sq zjm=j zg^{bWvq}IdSB9t5F+Nwr=MH`3YR5YYr&hcQ# ziylsgJrul}!^BzcSZM0vt<0*cT-`QPIs5os8|e$Kwa9R~y`tD|oubnj&>K zfqth}sDiPokmAT?5y^{t*EHBfhi_K*#7at>Vl9XqHjDIHG<+KE(@PQFtFU_Sb%-hL zCRD5hi>B|t5@{-;{~?`x*Eljej_C_-F|*~d9CDZgju{bS8AXE;`_$dK%DlOd!5hj8 zyEX0ea^NNO;5uW|-&CS|>DKZS=& zr6Q83$Gi0~k#!<)m&TcWn{lA}O`{8$pz;If(>Q9BxV4GjZGTAMH5+cvF**6QS|*f+ zpi9C6LHU*N_(U6J(1u=8N*EFA6^0n=VSt4Kq#;JCQc=@fk}iW-*uFA?Y}ZSnTF-%3 zR`LmL%dLLvty;G{aBl~`;X5P_w5j(~5*HatYJKJl5oRCzt=z?{f?eRv!eFeH>xw$R zd7kDG4PN#=lT|(;*%OkCa(#{q@8h{!iNheXkG-{e(JD7LmH-*Sm-qJsjEC*;&iCZaUvo+5bmtV z9;4H3SXOB}!C*`5c^jQTOiKD_lX&Zr*_$^Tvy%qb%Yn!hd&!2?XmUE)fMfrkx7)v} z3h;w~8Bz2iyC=t88)bAD?j3x=Vspkov$!gpfe~3n4^dTBwTtVA5r2rL+%gWtVUR!_ zh}F-0?UpqB&emkI zQz%yUwB;B~^Q;k8T&sUEWMb*6OBIp_bQ?meXEWTZ}u96s~ zT%Xr*ge-{4j%VaaTw|RGJz_G$(3=^vJnP^f+tI_vaBU(<7q%}2-PdKW4{gXym9_T` zs@NTqEaQw`3Q6!27*?egMTU&PMJp|=Qc(DR49;xv+rS9*Jzz|}#$a*~!r&a)-K?Ll zdPQ01D`N+9{8SDm@~^6b&3IT)@K&9DO-;u~%NTPM(ffH1RiD%{vTF8Dtr~cmioh4# z(2ej5T|!8HJI#rS5K8)8S>lh36|E7ft;d#yDL-n!MF{MGm-6~tZv{#3$cHFqltNy7@OAFb+A*L z8=`=|7#H;kXV&i6R3b|u)Rhrk+kOIf3Tmfch0w0+P1*y4OV&li$1JbjveVLUVLep) z5w%=&?M^q>%v7<{Y-f#5vrkj_e^QmNsX_wC3C zlvICejIgVB_qz&eG@;1FwtTqOAlu}AQE5?2Z#~f_XMt8Zsuw$KqT-i3U9 za+S}hN`+s5tb2LURJj^bFTzw3Hnyz>A?rmdAW4s`Ai~?5C#0o4VVWi?IBM-T7B_f; z^NgzOivt=f8Q%xJP8$@Ou z^O4WMbH1zSq@t{{REm{g8TKRy(UcssfO$Q`%6%!eAR7N_yqQZ*7`!r)%sHPJ|7O8T za|&Xdf5fmNfF&aGysJKbwgMCJOS|ZAC4$EC0gPD+R{S_87r*H4GsKO{m-HHBZKev2j@A*I0*^LdOS zOQ9*KC7xwW`MEI?Q;V8U zS^(pTN!4>I7Xb@kZMl7kqz5aLyCM>{cb1{&lM+7c1GZen1Cs4!iCli0#CuWETc`nV zpv!^v{0DB(HXra*Ypf`He<1Y9=v0nB*%49x%ZofyVCYFbmurOY8$x9TCUw6o!{4N( z;R0b&kc_|}HaK7kq^YU{I04b)hW^{>W-t(xj?7DTCJ+9FlrIDK?0fi;pUa5u46r0I zU&}}ZYuxu0-y~eujo?Laguc|#KP`klodEYA8jUpm`qkKv?FHP1s02jnj&`N;@46*L|%E22s!gJ?RyN069)AVBx0xRK5!A^Pg@o1`;EO`4jQYAv$ zz$1zDA4rKZz#x!l7+r$>)t(eP7-BAhQ$*f+67~%+lf)I&vJ3sXx0>dyr-$QWECI27 z=s&2y(*K(ZBvJmP%n zJ;aa0qJ{cl^-+KcR~h!lQVk={nS$9cwelkUv=W3OiVaJqaZl$WGxk+SCUt`? z{S&0cur-zF6hz@vdAp1JAxwjK^^eA;D#1mpWY(9o?0zhY?sinmGXbg>uuzpFUKgkE zm6OyKx{~8<#_|`v01qu$L%j_@T`oDK0XAsbzM^f;z241=GB54j0 z#U~h7HAYJrAa{H3athT4dmS1G6c!nIR@kwf6gJK491ol5#{-_~a{7A8HDZzlRNb zWpOm+rIETseeVy3DWBtWrH3(;3&NB{uM{6#>Oq{t>&Amp7(1=O4Cuw^_7^uuxtyGv z>Z6s<3tFu0U?`*;#h2hU>Qxg?t#L=)o<^Z-joRr-m6OF&;~S1m^}$w*y1)oLebid_KP10fT|oLlX;HW;E}Z|u6XKpmh6_ru zUVE>IiC~Bi=;adl~76gS!-10A-1aw#`VB$#xkccoFcSayus^EFT?O9h%(8%fp6+vSBpjqsam-Sbnm*i{pM zj!P(9Ko`*i2Tox%9r0_PyGr?kd0DQXKG0poJM@syBMN6HLE4GtlfdvLC}I5jUb8nUn zD_ugh!ROoFORRdUf^r(GH$ox3g?PinN?>vdruMRtgpp7TWOHeP(8M0Z2W0f1rT|qrG#J z0@JgIJTf?Ei{PDH$GDMPF^yknOp(|vh zy)zgLh{+E7>E4^BnF$JwBD51vWU$s0&j^cy95>qz}F;$$AXy1{%Z@jt%zRP4@d3%= z+Xvf2&s+(JpPq=;Nk^F%tcM(ve5CA>b3=P=!EBit@S9LakQtpV%fCM^I#A0AMyRIW zObN}6X3UOa$0^$Ie%2i-_hR&u8m@*`5lzuD1nlkp9A|jOR07V+dWkhREDVI8tZ{ zbJlM{#etXB3~-hy_NjwLt5j%M-ua6gG1Lw`P^=n%g1*s+e5@mLx;G zRuo!k*eZmw#VcnC(~VJ(Vj2liV344Znzvv14n>45-jcrE(IWdj@RHU?LbxJxEshxMB>x>`n0TdARep?#PGQ)UL-9R zoG9NnU!u|9{^m1PASz+BOS#R>9m6y3x^!|CXn8A1oNWfd&)!F|Co!3`8cmgCq4f5b zEn=StHNPkiHKBi}B7N^!-npdw4W#5|S2cD6s<%)j+{S%t_oo)L2;Y|uqAYTu<`^D! zIlO~53FBI9oepVD-$l8@sX-Z-R=rp!BIxJGKYur!*6l=$p;Q(FQ-F~@SRZt}i<><> zXw^l3e3Gr4clayr5BNab3u0y9%)#C}qb7xrS-x55!T(TllXZwMv?7+qN}E9_O(885 zz0&R2QS==~&jmBc#NhR2B)ab4P#x8A{Qh*j$0S0#5P={YnO;8YuTLyu=Yf4rm_GXK zD9McUt}s>!9E4|TV%K*ts%X+nFC`{YHS}d}@ve9C3CPJ8yP78`wErval7Hg zVH|#f#4Q=0pC!n9`&@_Kno>T#Gx47CU@*LVQ3xBMJ^pn*?0bW4{=~fKj|E~E2s**y z0oU_pCxNKRhhH(!BL%t9(CN@ZcxjsB@jF|07v;$S0^8SatXTH($YvHp@U3rj4+ zPAs^#HVn$uw73&@kj-oJvt$&umUfD?RLF(626v-*`_gJee}_s!(;6DX>Xsns(*UW9 z|BOEE&CGXAXA;Tj6-%?%DQ7aqVQzWjVQ6r0ypt27JIO>Ez$@7CRcw z7^|aJwlg$wbS4t9v$h5@HX>ffzy56`_}_p3*N^|6EB)VIr-EO-{}R*9A)RPN)KgTZ z0~&Fc#fwohF~>KGQ=}j2j%?iFH-+hdGBjgT#Sm3ispa5cfvo(dClQOD)Su5iAv*rQ zrZuj_cf8@jtJzW4d@S(tUcjz=J2=lopCr^x9g>uT2E=qK2c|W9hnRVzRJi--m<0^t zl;cmztU?n?wvPu~tj4wN4$G*xHz0~Bi^er%Jy(N)`jl_$t13%S+n4JP=+dJIn3p## zp?0s;DCH|A#2~*YgZ){Lup`M|M5XXuy9Q@P_tZFBw7j@UX}AbX9rWp7klKtv*U_qPDFY zl4}{`M?_KR-0;ih>4TR6Y2VwyYQpZavS8QR#<3|dqF$^3jOTJMY3E?G=JYfNlz~yp^z1;Rb+Lb5nl2oR!=v<7*tA_N|aFA zaez8O#1ovBckdr@u(OAw)S>h10I&W`TCnb6!~Uf2i?QGiS+Na#pkCx&;LFzG2C?%S zNox#szA3u=Mo;>0=dhd*B<8c^KhOwiBk5`!!vww4 z2fh~WrJ2#u_rOj9gIkwu7T;>d^gasX{*KRAFr&xy2o|*MIgayI3lsyc!NTy0u%-CD zC990fuc*Ai?ya_>0a=CTZ?%%zjew#1(UJ(v%0=u90r#gk_gIfO1I}bOpJd*~!;}G| zlyAaKf-F=ai*bLxPY)Yl4ntRl4lMh4f1iLC80hGbYzGUI779&MTQ&itBW1;T2HK#h72<%;2!v}j7g$3Rfb|g}S=l!z-)|b# zWaa*jN85yVRYp&6ex#B$;hm_s11Pm(>h9{hb>OCSCkREdy|&vr=LHad*}SSWphbQ8BNG7p9P zf)uduR%e2!m;Ps-{NU9rwHzbZvx8X>{iyw!sKWn zxfc1Yd@hhrZ#?)!Rw0O5|5tp%%^cF{wkT?Q0osbVLVZI;ZVXy{cUbM_B8Iz#RRi$+ zW)1UsxztXXGCE;BmOxnCx%Gwj(c9%s`Ud|Z#~LF86w^;rG(2w=Ux3yT*NZfb1H z@5Bp1CvRU)a}Kbudu^T`*9IIau=#3M8l$l*xv#JvJ+1%7F`-s`#IerDbrWg)){prM zSWl17fb$r&1n+lNsebV4wB9;09>Cfpc2hATrUpd;>vfz+#i6d7(8cd3IBs+tk2v}K zHWX+9p<6u3z#L!tpGdI?viNR>qiYmn!{#jSCdUBln$fL}7ER38W!xzc4?mhYx<>mX zp5l~AJ>tCHRagkBFtc862W2vvW61TMVc{?`g)od(Tjc5sd%^&ssKh?iUY=ZwJ|Vvt z)WjTk4b+H7TJP`cax3$B#0jFEe<$jeiM`$gSey7lG4LJ-a_2>V{~*HryCT~v9hia} z@l%Aj|ITujaN83jaI1YQyRiF-(qoGJvuJaQ39f)a8AO=mXlQ zv64S;C?c*IdEKd*3U^Gi0j0fvIN@JMURS(NT$o^9HhYm3|_`dWxTF$qr{9$*q=T- zRFWGkN$@slJjF4Re#D84W%Z4L_Ct%o1bVkv-ZobSCs+x})Ih=b1T1~(J`4h;TdGiM z(zYlz))~7k#vQ_xsDc!5pW=)nKH`MOnt5RRQS#o&0=1JX&qI-L*O(hA$x*NQ6$PjI?Eet5(It8-#qp3eM884El~OewAQ4hgIb z;o2U$d%1e}s7-93EN%bk4?p>{oQ(TKb}9Sn<%&Y)*Ph@Ej7B`-IOII&<6SNxXW0UA z{>1qU)qF`Gbt0X$)8UsG;uNj`fL^KHNJe%K;b*DF$!YS@C#^F3vDN7B`!y{5*ZFgC zxQWc@t+tm5+%NbYDa44Gc%K^hiaT@Ibk)Bhi9Ul~?q)NQ+IkWOh31W5^Lq)WOR zq)WO%L_s=6r@{9@~-WX!*-wVp6C9!e|ergSnvC;HDio9=Xwmh zhTbGhR0Ti zjyH6CLaE$rH$yvajReG0s%^L^@GvwnkG~;XR~QXc$)<(96mkst&JL_wknFVXoqobk$PK(R ze2I)Tk$d;Aa3pRp?Ed-gWiP(Q4dyD#gY{UxuSpR6T`u0l_|ZFP_oEQf&2MLbsdnnH zSFTH3>Jr<@6U71JC&2GipYP9gJdQ1>&R&iF6QZw6U!}H#D0Du z#Xtg@QLwrgX5$6fIe9rctCpOmmZN+9VQ@6!|J<5>>38CS!M)NnQEsxhM!VFA-{cbr zcG*%@wL!yJ`1skhM*HtttA|X95ko&`tfZJ>pDV{;61pDAOawy=2jvkyP^OrWREPRp z0#Vmc*~>{q7(4sq;-njhF^qUB3kW5;>e=XK9$PLP8a*AAFzab5b%f&ZsBNf=^|L(x zF%D+jwZ|`ibJuqF292V^a_2Uwcl=Vp_d0%z&i(2jh~sGvT-rJVxU&L*E_2f?|C=ubO0P)YCv$S! zbs`v?57@C#oXh*N&4B>*t>3lytIoTA%wEs;r|IsqT?qHNK=h!AG=N9jcW|WP#b<1k z?Q898Mg@z5Qx3(sOsO-s0r$VP7(J77Q=y-YSi*;xM^n!zUkdE1A^$sE4&q(=OaACV zh!Qb`69YQ1I9h*hO+T2qgNS#mG-PTC3O`LXdZO2SKRRYRNRmlKPL^;?qJskck8jR? z=+9Ih5N_;EOC!Gj`g$4`XTK%|x*mJ?Y*ZF=F}G=8S2;e_iibS+en*RqZG5ICRe+H| zKM$I;UW{zrDC$+}*;w+~ZeJxj)F)?!S=Mc>-Bx?*c3$BC$$XHM)kCSEg`N~eHO^dJ@A}K1wgsFzuJX#Fyn*lX4T;35DG(((!leeSHQe1V9PzDIy$ z4To_GCKuNCjd+`qmGx9^s-&SmbAy<;Db}=r0$gW^RXj^0Suh zPcV{_9Bf031}Kk+%-?9Zxh07dEVwZ#A4+6->)6;`_e z?m~t>_~rCHi$=gdclsjqBfItIsE6F{m@42~&Q^~A8$)KJuzkJ5;DUY3Ev+(~&OI)$ z7Kr+U|HZ6{`*d6&uF?DM7KheF68>Uis4gZKkQq@eL^dMd4#BXAXL;68j2Uoy*+l?+ z-pe$-8!HUDI^>yq_LVAZhtZ(7P+`={Kef0sx9C$H%HS_=!`G$a&|{4)tFZV@De{JB zl;!nz4Z&3#a?r5-FOFovof9ZdUCC|r7715HJZPGZ5T>eKgQIM_A;F^_>Pwi9JNpP6 zidRXTyv_Gc!_gQ^H>{fdzkF<+yTXyOX*Gf3+-5uQ^G+zhe3uCl;EmEbkgN`5uRzjoSt3kZBb+?6jaQzmIzSd}~&27IlJTc@oJz;M!FcnRQvdhR3Px!0AbHCEU{MLmlS$EE~0ctFek`3>c@^Syk-<7Bq6 zwfNv;x$97Keu)#u|A#h+X4u5VZm%0RvIkEP)}lSy!6R+4Hq3>P^@?qSYC9gJeTP5I z*UVFxQ_P%t9c1wa-WXXwyTXwX+FXXNhegzTILU_R6FUj03#Wgsu_$)5;TxGsrz)aC(suq3fBfPx|zcOkoD^JtWgzQag*W%x)Xu8X-|(`?f|* zZdWsSUUNAy;kY{|y*zwvyklRbI#rp^{wadVQiK9s7Qt-0f!oDzSDU)9C2Z^(E+hn} zU=Du7$*g*c+j#$GlaVI>O6CV5Z&JLf`MDkEB>o_j{NQcJmqZQMXfUI2X>slk*Ar&3 z)hG>4iHQeiYT`DRmKExM^(m(`rM19iM!1=>pfn{&rRZ<)qi1d${eUX&EAlPXgjQ;V zrlajTea2Ox9?VA>JPZ(2)0ylEIpTEbCY7cWZJK&lsSme4DX8#2tMn@w+3{OkIQ&F) zPbA>Sv&VXOy(Nbh%R&*UYg{?9vrtUYu{~n*+dWrD0eH$iD9)v)+ye7;lU8NxzYIjI+KxH(bV1hcJafjs2FWTVA_^Ov*<6*= zZX$gE;Y|wZTnM|`!jf)S+W#+G7*!5%jQMh%zC5FRfr&y5%8LGYi~RoJ_NV|3v+sm- zH!41RQpH#*5I+1oKMBonE}u7aEEKv<%fj};-9d!c2SLqs)P56@>v1m4_r zcv##@HoJyQ>Is;ms+lhzpR&wtj58A#x^_#k@UmB2tw-ts+7NU-my!1Z6EKY};g5&R z<1{8D@2}whRFj#KIyix3DxV!gevecBK8cd2n!m;sh!{DO1B3Jb&jsZ}*K_HD2nB)j zOTpQa^kCqtdX3D2_zRcG*p71sOjN=7nDkhY@Q%(ET#(&Rs_ScT$T zx*$FQ&{8CR=RD5bMSagqGF$7q8e8LVhA1QrXG*P{MHivX6ywok2WD5aKPM8Dfx5&A z=h27aT)LnvUXa6@-!t9csm(k;wpqNpHmaEW8Ds*P+K=xli#)#H5XiI;6^qT}_j{(BBH!UXQAs8K9K#Im4&+Rb7HF9LZH)5)Wq*-qHL&2w z`3eWPvNb5qr7O!h2h8>HN=yGmBUMnFe%)=NaxT+2g>n#V;yGy(^%v9)(pj&q4s_~< zAS8MNod4gh49+DQ-vv&c1mfE*M))fIu5CYCiq6EfUk=8=CCXv^LVqMv_QdqXiO7V> z6Z)7b7<(cef%?ZqT)M=Yk0EL3*fc0Qx}>gX>ey{*_==Ac-*k0?ks$~8)|B4&aRQat zUh~FY53)>(7=?L1y~y~`_jBoL1U`cy#!IUvm@jgSgS(KEqOTvCDa@ww1D-XdnoCj7 z{n7mIec3P8yU_gH;t7_TmgLr1O5ntr(Bw{Cn6<*VD!~ z&PtSAA7Iz_?Hl)CzOGEQAPmIqozE|OA3$v!f=i!P9wdz;%Rh*HPRWUcTBg%j6p_j@ z5zcj2AY7{Lv>tWbnQFPo`NU`FkUaWk_$>2uP79}DR84OFcGCN%G&FeG*UP2V$!RiHOl$hKjmYl z3z%*U=+mC=N}?qbJy1kg3&7KOM=mp67O^9pa4`6Y++FTP9Cul6TKj-`)OX5xrqWZI zOXrB1@ zG{fs_MxLM=x8=gcY@#+fV3b{?9>0=fjBExpk-9`Yt;6_zU9ny_rYY+qK^#RcR?-y? zyuKC)+B2mD@9o*ys!P*v?4g@szmKRx%QJ*z%HnDUKdgIgDuYZuUU~1uD8}KgI1CP) zzD8gLLYFR%LxWfQUsw>PHL3)?Qh%nXJqK#pwwM0RH1c03G~t%NT;HbY$L7~w;Q)Q@ zUvE4BnDx2Adxa)buNdp$`7Kg7aaGz9IUV;JgNxLqHoJa=Y8=T^#cx-1v~&R;!3 zG=Ve^`kv>%Jf?X?LKb&^2;Pr*oOHH*G0g&1GPygyz%t=40vb?iq?&r#9Tsyi>E1Ek zrQ4DjYhO)qg(IdzU<$?Ao{oi7M(e+t2E(J({f~JN-Z~8uyGQa&a7`r1a|xC~vKE*) z@!YH2eMBmyS`tUPeP$nQ4Z+~(Wp_ex7PoBq+0G~h%IyFTJW%|kY1{Ekupx`|}K-xT`L z;mtt5ZuCphcRoN3a#eMk^icDO-F}rhwZ|O4#7e~n)e$an;Pl5tkeYc26aQAbsP2>+ zCJIz@xG7H(x!(({UABXcSr-}V13!G83k7=Go4cN#usHwfkN$eV`g%vInP_G6sa`LW zeV1aQyu_uG3;4jzylK4})mq-?TImiv2u~h_eua9K%k{wNj{;MWta@5k;bw92%uu8l zwSeCHtD?`^fsW}#H1Kv*n4NBSAj@zpcqDC!N@xle=U@F%SsUmz;iFM+$|y?4LVxZw z5f&eAXvok4-EjREgz^H@Ibti7faZqzJ2EBSCKwzz{W0hoNYs&Kp4ZR4YqTsMa6FWm z2uK{^dIDlOv@DzyL*+>gZ!FC3dx78R7E+<*<(JO|r#}vWX!jWu9W((p&3 zH_r^TRenOU`aV63>vBZi%yDn_iDkLlXv`kc27?2qKRy7X6%3_q!WBLI15=SnT+D-s*aglG`N|q@(Xsr;LN`GqdQ;fk4>#0b#-=pe(ytH`iDZI zFrEhw3{75!?*Y1ob#sT#eophbRT~;>hz)7WU6C^w960?Evh9t-&>nri1~vG z*1qQt%NPvt4Vl*&&rEghWh(wAp9T8kom%3VgYQQPhu86J^Uq)V`3$MU;(Y(ZOVd?t zmq)aX?BCf0_W50;;_D1V<-3f|_r>X?W{WTCL2+d83~P+>lM9`|VbQ7dUJOjV5u(j{clIvwvYmUuR5J)zU=GyjCStOS*>RcqC_7E*kN_={b%%vr2aw? zri!ywdbRS-)*oSTTnzr`;B!m{V_uNHEje3296T1ebpw5e)r5(z5%ZPzV0WII6v&py z+LRFcEo06njJfHL_5JwX%0u=2zw3e5XN~5-P=4ZV3!0sB8Uc68SIJW{2^#s2flBd! z-uZfu?t8|TbQ3;4PwKse-WSk%j7uCieHOhPT&B)C8=`hWQ9qkUKJdQ3k~%5$CU`&T z!taXCk{Ru7V}Is&e?s9}vfkB)!GY6f$F_k2_LZUmt#`H5$~W%j;}7#aqV2w%06lm! zs;~XsjkLu4pCvNiD~iX%V6F}jhtp^K1R+@=`Pl>9M&ko@HRd;FEbo?RO9{-qDWx}inPM=-63I229?do_-gBys6-HwmfB95tAd_eBzfDAFb zCbM)dM>fgU)r~UqB{>F0M-Ye8XRm`UBo#lQIfwl3{Y*%dzF&TCTuiV!fGZ;idECaf z*%P^$WCsKi)Sie|L}bD0kKV;n(EW3%&mPHw^G>NE?-p%*bTx3 zPGgu`6ErRKeXlk&l)ty3$3Wwa%kKrJ&wiT#gd?Y*ej@_HV1h9#QmX%I!fCE9F&JLZ z8_}Nkt>qi_BgOdRl%=fF@?RXVIREOiafo0bfs?q^ebJ-C>!y_(ed=|Xg-)LVVMI27 z?TM70kHyiO#{0;xFSL+G0!qYOuE(bd1^Qf<`s{DuFEqUptLLJ=etXV3)8cP(i&l)0 z&lOlng$2{?^xj_SipQGxlTPRv)M3;xIB@!G{UEUOBdMyw8qc)|f@di{OGQLf6ZO9Y zL}~|#pX~=hQVP;R;vcJTC!)g!Ctz^k^w~%n5Ut0QVP5x;%!C9+dxZ`J)V?RRX9Yt& zk~0-ltBKz3_~%rqGK#L#PpE{z;{2=6W&NTyAq z%XOtFRI45GIa;+2oQMw0Q!`kcfAv`%EJ#)(>f#2IOSQ>MQlXFHw)?#~dR_oMEn%hW z(1tg0SH-^2$nyC5j$#&+aJ+oaaQf`cec(@HhVOikLE^~?QyOjuh3jvt>j3IxYfRQftO6;lKKsPRs5 z^w8n{v)qy7CN`H*ug~*rFgX1Zr_k?ysn5xAIiDatT<55 zbGl|IHnB!Zy`0Ry^ghwFVw)aDXAy_fXQ$Y~eztq}d4gqy^$bBGYhb-0p3SZX^vc;7 zbDL9H5+kd8x;Qv?4Brei$4$eYV*QxLd&uN0C_oRDDTXYz@%ja|+YzoJ(C*w+EagOrisMgC$Pm zLv4Et@{0zQ4>Z6&^E=vf7HwDO@1GyqIK4NP?A`A)hIy_JS_M#?OI>vYv|+I9W(~Uz z*l(ax?QH7C3VylRn{0q&KFlF;RKLbHPKzjcGSXjwLq@;?jl(bB51g)A@d!jZvs!Dl z8E4d^e5jF`;e6|EGV%04tslE9-p&qgYFKvOTM=C+dfko!!|q7z*K|YIbE&J|)BqWq zz_{g4sq`+*h6dF4-gY(Zf|a&_Thr9H)T<9xP`-8DXR30;stVWl_-Z}yx+;?m$m626 z_6SeggqT>k zAEI&~xrc`tNX>mIs|vyf=fdQ!s)3Ctr3F*@=A#E#Q(2RbPQP4>dJeA<_e@CpllEnMmKl8l=u zm}u9KkdcUy5Rpg_5fHBjKnSk%7c?t5H8}_Z!f7>_DaY_IYu443c>A%XV?OuoDYEF*epYTdnKt*%|hHoVqzpU>5X;-}Wq&Ug_qbL_KOR~N^Au?1ZQQP~)bbbrAy zi)KofW+gd_Hsq?CYE)a~qw>Yk1Z~Rx@-+ufpFV##{xgup$m{-H_39qoEXvLMnk0&I zPZd=wyQ1XO@AXBNHoNwIo19(C{73C&fo`))wfAK%GNdEAGo@#*FGHwq;d(G?cqS=! zq0{^g%jcN=RNiPLNv*HH-4C{x{D?6~^tpU3sMUlNe?^or&1}oLSVsIIQAppTseC3> zkLA!E-Kk+E15}5PU#lnLS^9~bMi`$H)8S!x%-J+g^Ay`tAmK3kDbH)!YPh|3jbu-r zP!v}VO?s08Hr*v@1gG|zSwXU9C_Tln6Q^!5?TT83g#AcEa#gYcMGC@dbU0el({x?< zpqZJO@m=LL_A4BC${r2SI%C?zOm{Rw_|{2EP3+}4$FV%Ua)1CbgX}Lqf}qB;+M$&E zF=~0tcL^HAT~g9dEB>L#NkQ@H7p!d(8=K*rM?;*A>!fvN)oHV1!08Dg7Sj6;YR809 zVyDnG1>JJdnEwaoABsG$12mN0GGTue-yB>=`|kbjx_j1m{@qDP2J2on?rhfHXvGlO zEfXQ{Zl8Rv78soWPZT+zq}QRl;F6MVn}(zl3?vHt=xj=-AT0LB|JhG!qut;KobZ}q z5Q1=(P11l!TigpSE`(@jn7PjI>Z*7&NVX)cH-?jR^aFZ^ln?iFOkb$$T?eIiqiH4L zapUvODV1(rZCxCApS@_nbNw}<@Ko|SNd7dw1|ep0c{z7+YV4uR4f;vMsVqP;Wgfqx zjrF^+f}OB`C~EX=H7CdoYK;GWFBv#0IZOx?SC$=D2BXi)8Zj+ltpi9+q#~2+ls$o@{(Gv1PMdFE_=^~>)V}#aG z@w>NQjlB#SjbcO?P>OG&un}K`w9nULFcoWWMQ?|ya^+!8#jhD!IF)cTE493zYOjq) zLsRbRCJ6W}oF3UVoBF$>MPTP!jcjfi4(^4i5f*<{;pMyw|F^@r7_cenz&=H7|qbL;H2zkQsfr{zWb zYC*BNs=3m#1f^KdJ6k!WoGyMB|9QF^GqaEe9R-2Zf1r~8^jU~om^nE+*;$x5z){KY zROzqB;3Cct6lS$*ryrdUTO^qDdVFWr13Fol5Cpii zKPBLor9v9oV4As+cY(r z^+UFuz~h{=bvkg|mVDp&_~!CPn5+8krW!CXo}c&FZ*eZUMNH-1H)|J(+@@3eM@zl; z|DvTDf_zF$UYL?xIE1RCzfm(P*P$S=J~RfBm4Wc2E%BCRW{~aTInuQbmGjEB8&?NH zvcN+cx{oh4P;pSN*wC{vsSrK=7#B0rj=d zH(|Xd{E4-QV?u=DJuwC z_F>q3fb)-GMt=wlycl*PA`^Xl(O{kD3EjlZ7|k%?*m^OX*>cuozd5Fd)2znOm&h`4 zL!;YEM*(M;Z-cnnj2A}}e@t=kRSKS*YX2=^Bzz#-hHa3p|S`#o2P@c0^%?HmTmIK1l%yjv~}5G zqDgoI{|t0-uy<%R9?0V>wBro+e^M#wWe1wCZ|JcvVVeU65#9iTJ^eJvE!=!C&p3A9Sj4 zcZolru(Vw~G7Xl~mG7Rn!TuI@F%o-U3UA8o(Qq7Eay`RDujJ|v#*wxW*_bquFPjUC z+-Q%qC3uik({c%_^I2~n>}!Ra)IOvQYAyf%1e6sErl z#*<=>kApMR0UX3EN8Mtk%GJF_goU%6%R!qqX}VTwZnjV9UYhi10d9 zV6VRQKea-SOR><_*~8Jy?yrfL`EQmTPCY0FBbWnYpUA2|V0&kIXU`%Wsp6#DqXr$4 zbP~YTbq%$4ULbcd?B%jnu_s#C)n^qE#G-+kDQ8)JXZu2&*{^_(utP=t_CT{S`P+-h zuYwCqCM@i%reMg2V8Q2t&+U;aM5?#vFUqC!cZ|AWaVYCPQ`*;`NN^K!*68|JK7*uT4BbJ?PY|{vqoU&DsUUyWv9{ zX0=7j)YpY2Y1NaP)$r=fz+_f6oDs4#g*G?$=5I&?gx7){}WGz88i!7MlbQ0x1L}`$m>t}cZ4SHp?<)+S`WMkN=pVJ&OsyW`qTc& z0;%T{ByMIhJI)(fKvWyKoqj@#Mrpbt6x8`9yRvqq8zz2)Z!(ktvZ?zvkyD4LetE*^ zk0vFh6>|LWf&0L%+)N)mF!d^tJ?D2B*7Gypv>xlYS`WNuSGWzx7imu|`>=&cM-B2A zOUD_77nBMSfJ(vLZo6-tSDLhhITWzn`brIz1|Q)36={G7nhE{xmm+8%pnXK+DY}pr zVqd0148)r8UygYX+v0=foO2Fh(qqvjTn!rR{3W~=^^;|UD;#(cwA&IiMK}%0+uRdq ziFV7ZvfuhHWd8~02_!3Vutgzb!NJ@D&E{}u*3Xd=SK1W@2Tr`)ECnt8{CcL;=9U(h^)z+<|W zQadJG%32uQ$l&~>IBBCZF}mUHn*cKe&AW*xU5+p~O%MN6cV0G6N`Q=oQItVE&iMOX zvf6tAv)h@LGC4DV6tH_e@gpT=FMK=da3|JmAv%yGIUW}0U-2?Z2Doq9V)dVu&4oZARwaPt5|U4cipGnQ%7$O;v%l4+(;Vq9M~y7#uj!QOyCopO^_0wP`j*1>?IXT(%#QAF;hR(@89OiTe!(2TpWc!~~p1aX|Z8mv6uMCWc!r z#8Q;?D+e;5zOc|b^4o@J*iHFR1eY0PYC3YDO)QuD2TpXHehr#JM`l@daFR6B%Y=!w ziZ05#_Z|=dQky3DNreZA)@d})Q|jpKKC1;wJs2D~(NTFCgeCm+pB6rfKjCK=BloD0 z(UUV$Wdmf81&3VU?dfhYTeF6TtZ!1_05~7<%3>MaTGuz+!3di7?k-FU@lz zMvjcxjAOSRC4d@T0?yPDt~o=`!x83n#rUjr##k7VRE+2Q9~R?Mbo9yu;qlSL`*La= zOVwcVZ51W0Q+kv)eBkuD(tN-Yi|mcVeXH#=scG{WpTHevJ#eBUa|a|9g)>NIGG!-h z*g9Nqj{PVYx<+LrvuKlUP)c2Zr<)gA*NT0WGiQvW|sy4v8bf zVTkIGBpIdjFa^6@=3bdd(~VK9ZoB)@#Ve-1`u>Qpq&DWiO`)bHfL2wFW%X#4J3*M@ zVQ0sxDx^Thy9dc?UXkO@Q?(pGc~HTA{Zj&DhR1yO>bb<>L`ON$>~W_icHQ2xMc+Hh ziVRgt|J}0lBT*1;)%eK_4p*Hk3bgRqI^#&?MlV5|Z~uNT_@+=R(3Th`bm8`%)!v9?(~Qx?x2mO(G-G8 ziRk;ufc&NA-6)FW?Rl#8OiM9?bO0^q9qfCCYvyFn1om)~ui)$TA&j0eHu3LoJ!ut^ z2t7csTgWx?q3LwHRR2Bdm)jgj+51Z5FzbO6`F@o{GR-H@#SLy8_Wstp`ypao6h*S_ zu_mCXsn1GdqY_=M*fAACFkf5d=q$Iv;Jg+igPzl&upr11g<`CaG#HCEXen^5a@1^| zv2u5EBesZ6=yNDYXKs7}vyLKOJ-`dQ-QD~6deoVM8w?JdSf~KP!$Msvk~NWYJr@SK zLoS~^jUuC2dC=l1$RU(iCgDK;o{8@_3e3q(BHqH#=rB% z=-H~+;>9^gCgmNeIa!ugB|{uOxG_if)+PkshZUQf5|g3N^^S0QMU>XG#Crpr>@BqB zgC`&G$lt!$baQ%mWT6#h3H*-Bc&)2bxt1wihGw-1_1=I_@geMb`o^I+*%nyOJm%`G z1$aR5R$0wQ7K2~-j46BOHZ;k?#co0~ApQ5)yjIUo9r~M`_{Z!hE1QnD;456j7mv#eAbObZ3 zG7TTl=#+*1cuCxB_6#p`M1dKp4_HYj@wn}Xial9s=lQ}tSjFg!HCTgaH6A_J+#3s(>|?o>_ml? z_Hq2q38T`l?s!0IsNp|a8B>xF!7y%Fq|7pT})&uxyQ~$Nk&eYx( z-;_BD^)qqX5Ju&>T^AYxLnSKL26tfmI}qo3py&NkoJ#<=xA6EinYYh9 zKPTc(PyDh}(X8S`Xbs6)36OrComYkU_)W4mSxv#H&88NNAA}d@=0Q`s{trvs6vtwN zj(v-I-k^47HO6_6-LcwcN%AFzA*ka^x_@eVM9z>a0P|e%OeS&>Bp=`U>b3_#!SF(TZ0K;Z_4xbzhAZGf{#XyFI0q&!{XdCwic*ktqG!z+ z`@x4x(ccSvKCBd8JX`Oq0-EGwUM?(U)wj%1B%wOCJlo^W2$cUxoNM@jbk0N>v#CZv zL^Pbj_*{M0iR-xa<$^&G)3ZeRI!<&j%+?1}oDWCJtmYwtTMb%@#>a=jmZJkp_x;qK zHfCgv2!;`sN$#&_ETE1BbF|!|VS1+`N0ubTYqvt!v1;&9J?4!Dr{$BnBsKkk4HPUg z^aA^RJa%0MwUVuxB6rm|@4h~;UH`Iw;@wyw&~0|v>_`gei+k^4W4li2Dr5^rI>sUzu)ujF;*a4_X^GEov+E>Tt ze%&$_i3AmGE}nf96T#E=24~2(w$H-KD|;olu5jR4)^!&^oSdwfziePxG_qd(^vVm{ zfr%@j9@Lo5IC4v0tmtwGk)Sf)k?edoga$R^m#iin%lZHvOgud|K;Robd*ZnBHYsPk z=y3Zbr3}DPm2MEz4R+_;^|T1e)Y+7O7V`xLC!EIs`hG4uM6A?6mD+lf(8C61MBTl* z$=T59l)LrWAef7h=6R8&{r)WAi?-KMtRW_2Gm7FB4m>;BL=5=mYe&l-{p}d-0;!XP zXN$u)VSRp}miJ3WV-KsoX73NL5}p29{&9MvuK?$g)r9M$;5P$uQ!HAF46fXQj5z9P zv+}IMlSW-WZYahU+pkCsr;z>452BmX5gpr_1yQGt5p-5pIcT=Wpl zw|e43n+YvdxDXLnzRgcPi!R9sNqP~Rp@V4F4aaPOl@qs=GgA4AM#yvnXpm3~D9XK6 z3mM}fJ1!DKCAabI>#6T>6TUX>=woerB0-%Ztnq+lRL_;$x?nhMw1#w#!Ypy8)BV`< zk%X*FV$oEc@U(+^(u(A~&_MKv`o^rt(WvigYim00j{DD7lVj#3Sx-Y7oR3VrzpH&-9R@OI;xHl}JOcy`pm&f3bs%H3Vu z+|I_u*~t<*VeGbb!PVbE}w-n+s9w(3up-leS?qlRSl5K{i4 zWoUR|>Nw3eqj94d%VHu7>{+*K^t#xx8%TCDz6NV=4jieZ*Z|HI1(*w6&m{#IunEp$ z5Rc>3`G*H{E@dg%_3VqU;S`5gsMy14^lmE$C z5W6E?_<4&JTeNssD2dB&3n6}TAvf+2ZNHmja4wm$*n5cY=DA~uCj7&5Q{Pi{$LVpU zZ4N;L^>XTg6|(N_U9%GLA*xYr?(;3#G>5`AYsRw8>FNk1;UgSf*@tMR1OvDk2Q&Ru zAr$ckFKeQ3)KhI|H7%N5c-rCyC^h3A-FeJ1i2FZxq1)eKckZs9c9!fGW)`+qx1HT= zM6W&-JezIG21;YAS`bzUY)|(GpQB;UvTqu{QS$(Qy?cTA!@BD z($BwJ5T4DJ#syOoRXhowGOdd|Ejq>Yo=7>E4hp#eSSjsLsgZn5yrcC4?kFkJ+&RR< z$5%M;Z1#m2_%b7#1h2JTzD#64d%0gxJ6dz=DL06*I=6Rfr)l^Db2wW1fK8f5F8P+qdHz`sP!0f5`h1S)2 z;Mr_TT9E(M9L-9TJ9dnFJlTFdsm`-M?p*@H3NW_pyV#TR?5_(bbXYkhsJCjm0M7qq zD`_L|U^q+GFwGuJS=ujK4VW zY&M%as6p!HqyLc@uQ_?fo3`<~sCZ+wx&-8AjK7xOSRbT`;MsaWzUcOTIZuMR?@JuG zmL4%gNIF%YDL&7qGM;O;*NoB{+Ks^`Cc-Uf5DKE*&JxuAQa!(MJSb1S(5`G%KFZ*4x_YF&)p_x(C6%Kq$ zPX%yj5lh*DEV^$a6u`9tN1gU9<*!>>LGH>~xLoZ%7kkRjOG%&E+>ia({W}Z}94pRw z0ZLlA73vj`@7y(w95k{%V%829IQk07Dw*jW&B1O-?z1npV|kq>ek=J+9SjZ}D^A}7 zN^CVW7@CLQ^hY2er9Rq0DEDoQDFi`g?6LLYy$Za8`PPhF>Ramp-Q)%^IB=|Z@;#7G z3@j2*p@yydT`V1C5G&eax-oHr;2_kqgMH-<;>n5)!X|UebNsjFa zG3I?zoI@XP>MpJ1V7-tbTSn0Eab{WmH2c%A7%guHQ`?6d15KNpFgS4Rx(^vBt;Q$u zbER)pj#GTw;<1H(-*nCQ1cW8(VO>9O^}M6M-OI*sJ(6hiy`?$~4jjAwco?{@*LRM8 z(s`aqO=xw^ox9bDVz~pce)Oz8YzO(ku^I^_K%ezfi137;APf#1yUvLT8tO$pda#6z z6zFRe)w?Ae_q0u(a)J_n6)=OVd~4KuE_%V8TZiS>ZIW3S95{Ae6%1QrHKW+-|FV*t z-uh&mMRT>-B{C2P>>t0FY#C|g7oFen4O`=Bk4h$wx84{VaWvT^$bH%P(LS5-4yFLcQ@jH2EAtjHf zJ@$GVUwxcvlQdc3BLLdrxQ&(CeQE5U{10WL$vzZ$xI4jQyMSH)r=veuL`WC7A?nDxN1>u9l%tW>#$R@p`Y zB;CHe89Yz?z$qX5S`f0FDDlLV2yVUja>}tsMHanH;%d6Yr&l=eEj_fL^61$HR&G8{QfN{k z>j3gz`CE*li$#zY(Y<%@QD3x6G?dS3dtW;ny7mNi^d20$egQ^$=?C$!eB9C9H%Vvm ze1bOb^=!uhaMO8##!doMUxWBa!*uk*YCEm9242Ff2dAKm;@ijuUZ=ch1 z@T8ZEa&;Dh2BuaQV(-c&-ra3B9=?0yzf`H_Ct+~l*mc1NV2aH-qxa`E*5^4b7$c&K z&Dp}7ib%kY;U)%;)km)RYYs|Zvx8LR%dF`?>yY=@I$>TI73t@hPYjkKXa2=NZG)p^5u6ofo44}# zU7f1fUMB1msJ;L4JHQ{b+QvA1HIGf1r9%6G{3Ez8l#%6|EzEl0*#5*>Namw8l7irO z9dF56?MAfKs?iF={M*5<@(#hb3p%;Ai&wiK(-D^*f4orug9FFXKc5D578Yj5vUSp5 zt{?A6C7Kg(V>#Rc4OQW;sA@z8Pr544`eh}2%Lbolj_1ST{L9iCgS&|(pJCB8yKdTW zo_ggBs&DGm8Oe@AvR=PU^Wes{uw>O3dm51|!7Z;%6A6p+FDuUO1oV^e$H9Je&kT4? zw_n>@P`T9y)4u=(`*kn4bd$oFy*_m;Obn4SS5A8yPM8 zXVBU+_f4#0u%74=|Cgki?&m{HJ<)lxcg)`e;{Slbfn&uz0oxXMi>>JB%SJi-G33r< z!P5tlk<(y5H?(37D0_EHSB8dFR3z5b;1tA^!{ES;Tzq#6l1_f$&6D5ysxfJ^t!7Uh z+em~!8WYr(?>GJ^M+|B|d?=-sjr-&{PalIC1_zE^?*=WG4nI2is6?N!`WBDWS*~N$ zXQ=1_*4M4$p1?<+ANb>=SX65f;d+LBhLSKiaO^rK&`Sei@2y|=zkS1cDR4kFXU)}ofnJ`VugNB8@U1VsB{^j|CW7i!x0NWq=rYVUgfnpmIMdQw}YWOtz z7%pf99Hgi+L5Z?knLA`S5j!LqzeQbkg#$lw@#X>Gt#^t>t!KieI_n8PFp5hLn&`BG zTfccrKgrqWs^&=BHIHR8Bv;&8tJ;Lc`IlWMZ3CX+m-sgNi-H$kk|r-Wsl&OfXB_}5 zen*^IsX(OdJ56y&7O|g(qYj<#Ef^d)cD)wdl}t7u9pxwCpLQEt$y58w>(5wn^Zvjp z(S|62LoFS1MJ=wEm)Iy@oJck#5rgn zPPa*b-B9m*?t)sjq)Pjdr8fG^EK3=Q3DNSd%D`-TJ!Y2H;I#3!azMX zr~*p)-lv&UJ2|*rD#+eGNZ>g67FyN*_j|#s24%qh{qqf?;Xg6Xk%|5bz>hgwU z?W!R=Ayk%J^Qptr`>-qSSV8*r@QUjH530cpFz^nvpwUDtP@=R#f~D{0EA!!Q*Z}@f zm;P4}($A@V>T8zk)T~?uGsiJ#S5W^!HIRG{tgF3;$Rmrql|mYg)>Z@FHb>!o9l#N! z#1oLJWW;4k_LCqqKP+AFSi68x4I~*M|C0dv4=p|QAAuoqYM)1GikPH6ANcXxI3$Bx z*2M{g`<$N|(tKj}O4nB?;&yPXg%av+{3jwvMH(4oLK)rqFL>F5ZweL{s2+r33p3*P zh+F5?1Q6W((iC6ro{TL+P82HBCwGFfF}e5K#b#9F0)ID%L;+_p+vzNxT_ay@+^EE{ zsCwc$mr8drDLMP2-w7|>Qfv-#n$Jsa%bC~<$8RvUekGf?Ja%CDW-3eG>O@}K zKp|>3&vlz<1mok2m@u|j95uE{jSjBQ-$etvZ1!6QYOiB`ZBId=fB2STR#4q_&X$Zd z%#NTeM`HVKYCaM}MU=KbpPT%K+!wmZ=jJAEjdl_af^Jip*xgzmC1(Wo!KS+;jo^4f zqH{=AXTsAIoOvb(;dp8D7PVjkjn=QA6hD-T)ibKIfSSY<`G&Ep=G5LY+xZm^dI4v3QGkee@_#Kycp$%9!BoTfq54}zWa z;V!dGjF^hF4CZcJgQ}2p9!d~uo|tQ4^-DCHJg$&47xzICvGGv5!hzQ`7@vcZjj``_ zm=~u*OO$WOi5?4v=?q7KI(hkG9Bq#33VklkQ=9no=U84MXFUMtud#uz_+BstMJJv) zAAP8zUH9-rwCl`zCzN=2+kp}N5?D%T9y8|@$t9~$mf0KlO&&^yUE;t^hq7A($+0Y@ zPP;Je>()CQW4s!YW%h_d=U|lzYT22huN!_~OODT))(&CVSm?t%7o4V1Ee7bSKu?4A zD3Nc@3A7D zJ3CS_qM$P~3gcj41lC4Wm#?o&su|UN3S0fY%KW_~=&Qj2cJN)x@&~+H)y)4_O~cI0 z&C<)v&HledjsHH;@O1K%JaD08ke;=}o39VzzE&pVSQANpO7XS^NzF`M;MB^mp{%-N zuOY%%f|dcH#H%k0Pba$o2mjzACK9E2=0GCp6qT2bAK~55+D||W;W;Oxk5S%YA1Bp% z{9VNZ#VPL26%IU|{5=H}@r`L){3Zx+)0q7}m-WFg_OV9iBQPOq>s>Au(WYx*%8Oq5 zk0x8GWZ$5)>t9O+PbViSfMT~F^65>H*|MZmd#RhO{A?$f4H%HDH#BTjd3Q%0{5~x@ z+ujUf3x-jwFL2-xjbCtAE${S)5@22yy z&Yvd5XNDyMoJ-mjZn6`DAtWnqwT%8XB`@*PbN?v)hK_VRUWezPG@{q&)D041O7Vfs z)32}5;@J+HB@7N64eUw+Ci848*o@Lf9|iRtC=8lDwYYF?jE7{s7?N&Q5WPAl*J0bDc3TXjmeNJbp6w z+PVna0Spct4V(b(7P!H?fE&&$t)`cLy28^T{>jP!DFTp$of`R;>MrDFad+~4=r#f# z2GYaQlW;UJVj?7KQj+cUb$)~*OQG}5Y8@-$ z278$GH2q5hGrNQLqxSrJfq~#@hpjAW^lM6=iiNFLK#Qj@)I_}(>gOup-|Iskv9f$J z_8tZYjt2I+4SvD>{auhpG5tBd_<%L8t3$ooCLJT` z|4{apaaC?z+xMbD1Sx3|5TzRtq)SS=lu)|6L%O9qq#L9p1d$Gr25Ey%X{1BmxqP;l z%XMG(exCQE+x*-AW(NS@u?18e&77{?!|>I!EdS$#8` z8wHwLl3x1+17-Pl$q+x(qrm9Q#QieG|L*KWV+?>xoPf-Lq;WuwN=XAv^c;;A3n2-> zW?hq=GHTzyHJK=PT{3fWGl%43!RWwYU;yZ|+5&Bs>wmV+cA9pH(-@(s4BkBgam>wX zIo88w^LdPJnDXkK3E~0f8@GYZKPxYMXQvr}g}fV{_^{)?M%CyG*na&OcS$Cv6Z9)B z?z$WniZDxLA(QnZof(p$+&F{Ium9-$je&L4Az2?;vhTSylIsYakXQ-exLGfz;R%5> zOTX<$Ga|Jw*6%CzlwzNJLo_*WhS7n;z)|y{(~DYVbY5LB2jc^t-B^>KQiDTFiNNxT zB7|InOf)c!iD>QhK!8u+mT5nM4CWR@s z+OS;r62s?Ze!q);bCm!$EOy2G+hkp=0}i^DM`+HnyR_}c+Xo_}&T zKmTO1c@hCK{nQd|&+;I2r}SF~4g+Vjg7piRedqnFqsVJAmWjv{Gw4HADiI(#br53a z9R9lg!UnAlNs(H^@T>zGe}3!0VPG;~hvhMUj)2jlGaPFfaf2M$=+O%y=Xp>%#5A{h ztX{QPerIX}bb`<1ZTBm>%fLiEe1 zO`g8zLw9zzM#5e)(HQI!u>w|+RhJYL$-`F)1oasXoy8VUNL*M_LxjFxNjkh3aY92&?kJmg)2l+(rt}3;@h~M8^ zdtVrL4d%Jvupy-VD1v5`ruaXYDB8s1AdB-_mBd9@uXr*x8T~Ng(vF**>~-<(hsv z`Uw`3!{Jga3~-hjdv89#c--cL&ef*1ENmm7bw?GFX|>yI<*8$f(K=kOvp;@~Mm|#A z1?IWnaA`gQ=oF-4XaA$%nW)gsnIuIaM-6q9zJm%8$T9)yk`Hmcm5vo<%0EYY=#2Ks6D>A*fph>jaEnUd9)gl~+yJvl4;xNibh z=Wkr927G4hepHunD@IK1daTpyq zTv`Nx<}|X^W5SC36S_czMPAz4Gt zaF{a*l;1q~O4)jP@!W`4UD^k!v8>%gh8@J8M+V1ox&ivR_e?}K7(pQvU{?hr& z96b%vKJG-Cz9Z-}RpSMp6-rV)i1#$_<^ywdzb~eAj0PQ}|Kkew0n|Y95boeVI`Eh? zln#6;1xT2s3cV+ehFuS=^1bYzDKF)L;)9K~n+b`iB$7PFblxu`8Y?OUrC@a6FsGy@ zNH8~Xt7$$J9MHJESWvLdjCXai0n7u=&h}|qBNjfqBSOk!{kldD=B92f*;3JbTIl|59yA6K<(_eH8l^mG0z<_u#7Y_y~%1JA?> z`hQI`Cf!Pt&AiZrMq;4zc3qx)22#IiiPX|C;sWD2RgDe4?OZ1TrQX z=v#CX5$RX&B8p$_ivR=sZFYOK4(2e`*Kq@xxbyW{Zj2lG9N)`RzPu)>hS(HKNu&&nM02(4gsk77d+dM4 z15YF8;y{C;0>1o#+%P^PdLKEAdGFw_7w2F{_<~Uw_vz`~GxZjCy#6S*5yO29yAX-r zI^f!szZ}hn%#h?GGn2LQD%bji(!&I|t{k$?@ABYfUO(5dn$>(Zb>Q-0W;BC8FP#pW zG5u#a@K7@Ypo_49tjj~w_&74vh$k`~XI=CaBOtHK%FVrZzG`Rheh4AYt|k7f$rFsMCWv}uaTmxFmOI2gIc z0D`rJmTuSPjUP3cB?R={lzre`ZaCFEw z-RUHq>^z@Wg;BTT`%LGHKWC?H-04!`z=+tosZWWzyX2td`~BcFE_h)_ZX(kVm%diR zHimo6&Dm`3rIp>oZQoowUg|EC?{)UOqyla#j~-o(Bd*Tw`DLk|mG|tYH>7MSr?=h+ ziFs$fu#DWmm}{c(tH0_)8|pX5rdaUsl7 zFcMf>K}(@umpThO7#TR(8*y{N^%#POk(49Abwk0QihBGi=c#hyoBE~AJtP-X==EE- zuwI_MJxh@zMc^G^J-sje*c$4U{2gH6u7h3~0oypVePFyR;2}!9;r9;d8_0nhdk~Bo4ekl z(8C|4{+8tL^aIk^P>=HTE#_ z(IM>VNQrZDSAR1Y9XJ@t1QuWe_v1VVe!l!uamI+M`@5f2KVk>~r-pXwjT??l+h*Fe zwdDK=7x$LSlVEhFEpCuk6#v%#?)?q z@bIQ(t@{E!#Q%nEa4_->*leD&kaV(&XYH4#CAtQ+h?sD2qL)F^af@`GHz>&Wq1UNW zPvAuSq_3ABh1K~RM)D+sZSM4}P7d+hio|!r{zuBsVr;4Cz~wI2FtCZ#jQ#fRcI+J$ z#J1knRYLTI(Sd`Jpj~v`l)Tu5@R& zq$X?sl7E4bkBY#>v{Jez&&#Wu3G!GmzB3?6I9t!u0hqlm)0gtNJ=B`aQ?#dthk9;G z;w{X0;9#U2=wv~w^7J9*vTaU}`E!N>EAJzQ%%7p42`7CeZ$m}2R1YKR*BGS*^o5Q_ zs0Zu!?+gbcW3_;L$35qEjM#I{<;#>a+gQxH#uGw*u%W=^L}_6g)>b_{GRN4caEzX^ zx`NSxgONrw;Cr?-p~w<8lxN8A_Ve&6amSZIaO zfrF9XsX^RuoWj&B^+z1DfwZl(ynqBon;(G0U2jXq3nasBzYJko^ zD>yui)My5t6&^OGV?mBJg3m%PR^GaU^hjJ3h>}dKiqA~^#5o=+-ahzZ6Pd=v2aP}f z(fJ!j7K6Akt@OIc-j_pVwo}c7ZzB|S-0I*El$&@{y;+_SC=NGQDc6_4&3{&!1ifD1 zw+PC21IC3a!gtVAS4mW?H+BMF67% z2O~2Gz*B^qDGtU}l&PBRIpL6^C(Si4* zF0uod^p!X9^2W-p)jguN@x2)wyt~T)DXYbn`&@~$Na%#Mu}`HF=djt3z#N|7VPs<^ zsC0e8(dXe7)6q9Wk$)~`f$RB#7&xIg^d1*c4tj`>f2&@9S7-hMqfYQA%y{5Dsi#T6 z!>5R^kDAuq>02;QZDZ;}kaqO;9Y{&6Jp5Vs)vMU``3E0l{@I`9ydPnHXZSYr8=$6D zD6R;X|49l~8^-8(kRN8oQyEb#kRG=~*A^E<4ILnolIIw{dV*k|0WA;u=Y0vo!N_dT z@-EKAtNUb-B`kBjPhA5YoxWU88dS)WN7r$vxpovUOf5PrF5eOP{*XKYMh6Z?(tsKU z3~kJxRldgSe|%*qF&WfU^eMTcR6tGnGTkHe&f?Zuh!#H;m^=7_L1$A0J4} z-$;qdC!SPOCzMR`IWK%hN4bQ^niId>BjY!gifm~-Y`0FFwzRVVdf7n z3PWB=2)`zztZWNK{`NDN%MGM{BpLbA29KsxJ=^^C8VCi^Q6-`4>F@Et!N|ZNknT#x z`eLGSEmT|?;kNK3f$V3w(}w^N9A@U1Tg%Z{>P9&htt$@-mLY1v>ii8O-NrT1mkFQ2+O-k?R+>_+QV@@yUB81U_gOQH?;JrWU#@1JmGfySN zr2ddi6td+Q4DEv@pAj0LFhwX#>@Ffv?M{~1D2EKA0|z7PPC+CtE73cN4wLL>3r6b8 z!}dU(ZhZzSxu<&#Zl;{HWplYp&;x`DDcGoj(Sd`JF(CeU>z+9+O6+!N;!QFfQf#3( z7UFk<{mCg)2ea-jmSI)B4RW{~6wj>@-d;5Az#z+FD(Vaf3NsG|Wo z_cD{)>yTqTDh+EzXmK=B7eGNjR)NuhgONhO=5y15D^n!RaNsq_JkXNH73GT2P5>l$ zDU6hR7ppAdd1dvKXUOZ}c}|$`5WX`)4KXBZz7OwVj)w)_&LR^0 z9QGHT)XVlqDI};rj-Dq*`$3bI|9sEz5YaINRJSGn zBBqt1(aU&*3j{@!658z0eZueYz;#Bj0&iFsRP_`|HWBG_t@F4JA)u#R{{%eE*G`ew z9&_W}vJE9@ywTB_?;Tg(_eTdF{@oRWWLn5u{A_wlaRb4{75^}$;)ntxTMv@8B|mM= zwQ1C#wjhUeRYT-gE|dZDJHvNIxX^@T9aFt+5)_ozPM(X}kY6!2@EC8y0m-6)4q(iW zkfEQwi12UnHCB8zc=3nW{TGkpJ_xNW@l5#z2EzF{BXPs~sN2dvZCxLOCJP?!h?o+E zH$;e!cRwgBm|8es+We9FFCIs3@HNI}U^Y{KF^*$b%NeFSO!dOB6!ZmAn$JAp*~F&G z-8kEiLt-1(=+`a+{-al>UuD{K}KD>+`-*Wf+e*BK&lSJV=B!V^_!o8!LbNs6LISyf@y`z*H;sxQ9 zZw<`i=I{7i6Rgy)OW(l~N5kQNc>D5`K&64RL#0L-zo%cE$U{7h1@>@$%LI;~#zydU z{63v`UjGaK5n_NMVe7p7?uF_m5yAJ7i>V(iTSxG2fi;wOX*^BgVV!cTj|+UqhR$?6?1@2Gy~CDTKiu* zfAO}41yEVp{c(}0PNKd+<(qm&m|B*BNg+7Yr7YB?MxiznwC{6z9+O>eEKsUcy3o^ z0g`Kv10j?r?h~=3+*P(;-?K66>^%p+4>e>N!4l`5wR(={y1YvcJ$pP2J-N4eKIT8rz}go&rO|{-+ZV`KpnSN(GWBtR7`nUp=e@)C^F{;v zPKjlebno(qBN`v9nl1KGDf&bD;(*nxhY(jZwTY1a*r8>7q6XDHi=gjccw5jKF#jdc zS}zayB3RcClq(xtwh`g#cyD|NpW2qm#y0s*zEzeHL+79pL8ippawml6Z2X4E8 z?`9!2(w#dWxsHvqlQnNMqcnJ@BM|4LHFsEE8%G%3dEzg-Z-pL(udt)fw&0UIFs~@@ z*6{f;^4I+J10P@(^QiYcrJ@!#1SWe@i%Yt_8wk5f**V!p zIYU#1_?$30aM_+~2H-x{AM5#wO-1+5aV5y&HWK`0FXllBnxSFl*@4?)E&Ytz0i>zk zSnqqq`oBi$$DlH(?2YZid>L0Ywzf2Nmfe-nXN{5Hz#b-L+kI*Cmgca1iU{Fi>=w_J zu=JlOEozUk{r?iBNrBAKA zk{V)`x%_8Vz&G`d238EwB#kyz5d%~wvKIV!hJ%?**<7&lP4&s@$;f73^#neYn%gqY zIy^6X_D2Uk8jgS`lUqu)AMwSi#2_-PbMjYs!Pxv51=KZ7m08?Z;ch6ADiCh3_;F+$ zAVUtL19!1;cOf{nEEUr>1}sM;UMvk4=e0J*@s++(V# zzjXeJst^i51+aUtzT|R!N1`=O9!4%zk>kMx^~Q`A9UQs`hUV)lgAQv5z1HytZ(vw1 zd~${mB#`+OF|M2;Ekc;HSM%iF+lH8)?YAN6w~Y@(`ZRk^4d~Wl+bX8X3;N}}{)`7c zsFkSA?PNLXuNDD1|4bS9 zsG36v;<+K^FdCmWcV?TKG1^#>9{5v5Ly~7=5Z=ti29uT7ZK{Y+53^Wz7=rV6|Ft)07D#TCo1s2D z^lKSr#q!i3G5OE825(A}<^WOYpsTY>xrr8g>6}P;DTQ|7h)Wof{4FZ#i`R2Bwxcwv zfwzUR5d;x}e?Ad-k2ebka3!cet!NTRM9-qA^Y^u5>L7g2Tm|;fxbi=gW!Bxr(Jqlt zeQoa_ldsGC(Sc8^d=&$YhmTL5eHBzqej6;Pyu73T@E#v-Hh{P{FbxhF$ZW>~FINhy zL$hbIcCcY|;BEodAp{?1y;V`^P3^CON76^hdSi`9t|+@;3I#ngz?{ItMlDcP?2@#Q zbh==F0(5?3U$_R(S>V_#fzh0t$J(T5yz(<6YmEMtKnDE-P`drIky$xu!FTJrl_W+3 znv#}j4HVn`)`3eK$N>=g%oj`I`GMcdYhIdr0wFklo3H$p=fv#hjF0F( zmHg`J88mVGTL&&}P-+fB4AJ%TG|Se2JQh4!A_ldhxla@s;Fwx}NgEw;3}Gg}@0`A` zz0|{h0`=Pc)`7d7)&ziJuagSe8Rl}~$d^7}46R)VpHr$kf~z)6gRv1(k6p3alCx)} z`*(R7I-v>a|LFXkHqh+=nRz1u?dH6U8{0l~9%1G9EG`&&nBb5XNRDH`K5-H(K{{Db z(;!PDBRdVF1D7_y7y~U;jE+pNmk%KuBCOyaN8h9*!3EpQJ83`m%Kgv|^6z24!lC2fI{^c<90>g0RG4#j_M~$epGTa0QN+NZ$DAnvv>I~$=Zlb9q~TB zLB0?3TySZF9MG)fW{b}n6)~=|Xfex5xN!RGn%DgdkW8m?1WfCBgh7fGRzwqSD(x4| zPoeYl_xqZOdkOVd{Pr-5m4XB0WT3mL$v2OZ$J(*WA#(x@Bwsh?r8laJ!vNyVm&OPu ztJ(Z7x@BR#h?swSbZbGWqBNC2QAxu1dRfU4FTl+_P>R88wAw0qlAmQ^mLMf)*xKZ#Kiks|lwV4MzgxWM`gy zy$^$>gyC@Zvm=l|S!fe}G!rXz^OcfsSL|9~hLGRBb#|MH!K1*E|mHjwQzUS^bY&=&?nuA^kOZ9;2I ze!q7(oUKa&yvLM%tA1Y&<_N!;b|l>&*iK8VX#`t&ocpJb%Tl*Pa_AB^X7%?odG3?J z>imtf?d}7tc}3HG7&gJqRYb2U*A~$g$U%t;wvq%xs6(2=dL|VGCuX+fH@Pbmp9$-&*qt#X2O{CKiA|Zo2MJq2*r1h;z}L})XEO6l;-9l=_r_2kOy|LzzTj^c zr3b~;JP{EdQqyRk3_?uH-*1r_{PbW37ybp-P?Oh3veRfUSGs|o;f%OXBlJIh)Pmgu5BVWB<&W~o%|{w%KVI~q-$jIONq_6W z;cRUe;1i1~FlF{EU%)IyEABqLcA{$Zm=rXee$;l?%Q5-O3G1Tqcq_r;6$4v2j1C;m z-X8^thDw*HGgZbW6H-wr;fQbUO84%LL9*h-E#k`0xXHtUTtDitIV#ITa1;LMz~gK* z(C}4)JSizt^;}i$VWhNU-;o=C{Mj?m%Wt}v{JlVlWy8)=4E+(T(2D+x*$LPglbC`i=pvZNEa&g&;rh&zBGgcSb-Se8a5{qXUPtQ=7qe zD0*_CaIC(T*S9}uv=(-IekxuO90VbCI%SXRZA)5gg$~+K-PrSdH(+$&ytSraCK-@M zdk<$(c{pP}`n;GyU=eIxl?uA{A-F1wl$@MVqK+K8Dk6o4MpVI$2d;%c^BZt_SAl$T z)NNI+dveKeCi{)Uwur?V%+vgc&RAX#9}~vx+l(IKx((eSe`DxW==x>hkd4ZqFJ#}8 z2v&0c^@>fQb!wuLy7L6d-J#rknM?qutCr?91yQu@9*i(9Q&8Ubluc%Uc`i7dJ;ejC zcn32xW-*)DU2hgF?pNP&SfZ%_rjw$)h8@I&x;NDDB<-=Mi`j!Z7@1;bc4SbTtVRx z;i^?_+89_94vw=FNn7G5E1;r%D56^Nnya6fF4an_8n42;o;|rgbmPC^>^k6SDVehk znDzaB_cYLFcm!A5kTuFi4g|^>nm5YPc_Z@Yl5~X#xoCn^AGZHU{TH0wBMqXxmgTD@ zdMSx4$%x*;56B_?uQfqCk#`(Cw(_hYNI8at<1AJP{n(n?YkxqAkUdW5{|hMbN(OeR zyH}RdY)uBjYUb(JLok9W8m%NjG;sTJ8q{-L?sJvOkNeuz`3~kp%;4AigN=VxX8m@J zwugggz%C~IMxJ{0Ltb;a%)gpb><0Z0{lMFw3nDM}YiJ=hS!zI8$ zmUU)wxs_m5M*o_ICikifoF$a>^4qJ=v){QFP?EnY3W+DxH#+_oY^*GlNf3N9+`~UO8euH zGH**37Q9BYz)R1egc2r2Hm|cRJn2Ms7186TY1*Z2!4f(G!Mj91CNJI4#8ej9bG{_!*J3L zAzW0+NXy1RHIpN^ly*E+nIyS3|8B$NiTkVRRfUuuww-aBW%O;$LBH7x%(FyUrx zU~lAT=57S79fyGdz^mB^4bt?@I@G3@s+l|YK&(k78zsdx-rZibyt9^vNO#gmZ~+d@ zL-{SdKM69w;|`_zlGvob(r|(n;{2Z0a9+*ykDzc$al8H5-on{CJIo_)aSW~OmLnO^ zL|K-!@+M}Hl*;1k2+?l6_4v6lsJG-F9RL-6HO`oiZB^wXtJ5e)ZjpesX5L!8!OyqaGZy z{X(BO?wM;2)$Tpzja}7clEnaJP&R}L%Ug$`l$XPU75X8#me^VRXMc3y(aj6MQ6D{Q zWIOEfdR_0)g%{L^)eu-mzX-_`<`I^ajY+Pw8$T_>W?AJ}FB*at(EM|l1Gj4Z)l#<~ z6o7ixN${wmp>QPipWHK+yE4uR3Hbs%5142b0)=-N*LE}#*{GTk*!Vs`TT1++1NxBu zx~*sTYb2y9{Aq&80NB2Vm6}97cey)`r%jvuK@szD%}NR+Q>(~&Z&4*Oo#vBpP`n7z z0}ac~hcG%%vRk0Ri_tYB^I5^JaO5KgkH9stu}xZiV-yRStfi2*fXxSbJ*(<>NUKLaydK zpkozSjPP(WZ3?OT9{0*QWG=R_cJ1CC{G$UrpTAlcw^zDd9CjDR{1^&>`MQJP+gw9a1@YcAs*>{c;!`ICx_<39_5w z)PaOntI;ZLOhdG{+N@$?%RmtGGBvLHL9Fp!-K}L`yVP)P)X5RLdHH>ahx2?+$pgwX{mcIMnxO_9eOR5p;SDi3WEiZh za>}87|B8odfxkN#Lu84!=?q}o;{6>`uWOOayHwn?FJe(6pJaT8(dj_YgT61}{N^qD zVg5Hlf#C2Yo>eaIVaPV5OkXbBPF$*r{giAk~HsrQkTXrl95T#&1DeAxF`{H)@kMHnu6 z{LG~ARRo?gjLsB24pay0hCE(dmt0<%03@qZjH>e3h?ZqmzWx|9sJQ0l*$z0GHH@Wy zn!~;zbrw&^_7rJ%x)q`h^Bn?sQwP<7g{ zb!NBTQ{QbIZ!w4gko9uoy8DawQM9_Pef)wM?aW8rpglsf*WFErQi?sjw(#lNB`b06 zX?_^!BEK_V*ogfbmZb5t#UYx ze9#cyjV!Ysx}RDa1jh5vwgTRR`d|%wDctkLYvxs&-am&kx_{cHo=L@kh5_DRLMo1j zFM?l<*9<0+%@6bso8N-f`P+l4Zwjyoi4*4onoPozF}dRpyFqeO5msxEtO1wO&#yU9 zG{>DGy*m=%U(Tu15wljAFpZ0c zaJ_3H3-fBy19_b6g34)yE++k&IlUK!ha}@Fo~$N+#v_a={u8RhZ_q20RlOD_&Iw9J zSL^DCi{ELgD0Ne7Xfy|ssEdGnVpJ#ITm1P&wC6GtpsUx_a?o@YtcUQ%<8Y`B@0jDF z+1`$ZjTorQK_u=-tTTIQmVSAieSdlaO@|LSgiPL}8B`Q}2;nxc>2LSTJL}%lggMNC z+{3T$@TG}e8uJ=$HBJ$Tp#EbY-aGb89?&+*SkyhLenp6j2WkzdvSZ$nb?;;cT;tEl zY%)xJssM$@zhMA@|2}j)&O702!Ec6Y2|j{S&+@KYHJq{I$0z5wT1SFzJ=cm$z&eP? zzr&xO@LY0Nouag}b(q7hunRLSR3}f+iWbi=crBI{@$H@UH2{cusxK-Vc&BGWfY*1b6Fm&d?zn(MI40`nkFiRx;=isFF0stiVgM~vYL6h53ljWdn>&t|K7mawW`+uP-nDTA6n)@k~Akt zxltkCS`KLeOr8`J#7jZP6CTaw9fj(HhYnyi>HRkE+C4u7GGg9$2t;15D_15#9=T=y z+_+HtTwCk9y#0q>v@sQrqEy)N3|@okyo@$+Ble-==KwAi`uDQTIhB~ctc~=dl1^7? z^~mg{01a`(m-RN9im0CJ)UZD4>EcqShbgobZcq6Y4-sk{xaP((Qn~>a5!jAA-ZYsG z6Pf9{^=J(udyAtUxP=lKuU6s|*taiZBPCCry8Lz`87%HX zNMTwNS8FI4ncapt_JP~Eey#5gineKc`3^nl;6Q%QJa+PI(IQ}E+9<3lz9W~dQSvqL z5UC%WPnzU%6krQxZZ-dS>1HMYJzxAD&q^&DbUf=h}5R(HY!aZRh%|TLO7#gxqAXlV*H~6pxri92caTvI%X(WZtNkb zQ>39cX%webH4H(Q86!z%ZbC)_{G?9F^ziJJ+O1f z+S`y=MRk%tm=e58L&?+Fk2lL!E6(CP)2kx%AA4V4PkJxgjgT9}wP@Uhmg|U4Gtz@o$&fg|a>EumnlSu2Y;zbvV;R5{a9-9r5`zl^z zUbEElz(<`s+2IF&#slwVt)K&Mn6h<8PzP&4Nhh?>o%r><&Rj4nz(sAXC;?t;i9cBk zQ<1my+^5Aq7X2Z10RC|xqCucTlIe&$&lxu3_TKt%1FzE16S2T3k(V{oHViS_J( zwm>!uamiUIm)G1c%62B>weu#MdO|dR%`(#e(Ww&!QHYDm50L}`I?Vr5#tyyc38WJ& zv1=)vWZ3nI=I{4kUX4_*f)1l;m}hF+KiczaM=rjf)S7>lxPi4q{GVQ+m}u9KkdbbJ z0(nA2Xk|PKq9~u@bqF4sk))y|1OegqKd=$miVyOo7TNqG{4r%;_FO0SiS||PSR6oa z$qeB%UbCUc6W<<&E2z1Al9*A)7yXY>R>RQP7IJ~|*$e?;^)@mjs@=HG4@Y~_DU88G z{RZ(vC4!r855G~P5-GdCmko1{=FeFw(4S*kYbRSYN+s)WWy{)G9$$R!`7tC^4&P0I zX@-WQ=G|iS#7a~|>iv!glywn@ln?n@chvOg$XaHu+NfcJ=T8;x{ccZL3dzlrBIJ+Ox9<>n-DrgwRHPMnW^jc7`4pu+_l zdsU&R(@8g_XWa$@nUI47KUq@SKRWQllNR_JB;#L?JasA6%DQ-mzkGdS7?RY+4Gt`E z5$)dPlM^ybV%6p*wc>Xz*}weJfhV3EOJIs8-xo5~q2AaLrRG@QE%Jo~odQtWXYQz8Mxq!}J#4|??90jmcpT*sb6=mVmY~Fh$AQl>w2E91J zStU5ni;$3%yP$_M;v|x0OtcwB2ab3;9s`mqniN!eg4c)tx!=%KV{H4|Pg>B!MfyeQ zr28fh!v4;wSUzHg#@+kxp-AJO@xT+$&!C&bBXV{sqRbQo_9(P>H7aLTx~T@=LD4}0 zVIwZs!cUE<2a`Won)YRAaRxg7EH&`N^J@V>5w#B0?-QJxKV5sqKqgwm;K?P)0thV0 zg`zm}Pd**%!+Vm&?YKW2FaNszXgmFXOsPLJX(KWkR0NPbFMxRL4fY}75FUiAuKm;~ zW}yJWg0DAj9lG5?8K~UJSqeUBc_32#|7VtNME?Jrr53+#$6|y|N`*?ATa*%3dS;fC zdWMGf;4UpnYa2>S8*39IdrD&`YXe6!8*4pF*atD0f@F%Ho6kRIF`pyPl_zx?2rXCjzQoXE0waL%mheVh0@ou`xnMp zAd{ga>=g8Jy4OQBNGFfTtlWnfuC5*41s96Y6+~TVGDl739=?T9V^G?g0Zqh z2VpEeI=9fjTYf4_)VAL>>z|JzY{s?78*vIubH(PT^%AQ0j8qfJ2nvo?CRVsQ%5zj= zIS9N%o}iZ!(5lnqhJQ+^_4L!WbKkqdySW1#@4nz`*S$;(_(9Du>@QSZ$x?79PKo=w zreBP$!eQ8}g-s0d*XkzuOg#G;z7=PPf(Ba7+=S|4KH834NC9F~h4P&*pLHVDK5%S~ zGp`R_8_fV$hSX0rpjnE9y%Py}B^7gSCs3xXb)!ZajtSGrxlxMgS=(5f8R%L5dZE8x zFg+!|{jVFV{$n#X`2GLEmG;BqQ0+``pb;^##UEK`$l9pJZjeM!77KJQ0@r?g;ArUN z_)utbUbJhrrkiIu?*x+*hR?+r0~f;miX{`ePs3Qn#8Si2Btwz(s=MGYmQINIR4X!; zB;Wyx#`i~-`&j9p{-v}e9275d1|>Az3zzRw&53s1?W`PA6j*Nur6njv_>K!>$)X0M zvZ}pAeO>Fs$^W{BssTeo;CqF=Q{t5h8Rz8({F!%XE~6bsKe7Oh47 z8=ObETc^JhX#ZR4?ALO44|dWp6#&MTt_xu`h~SFF;qUQIKry9gJVXTvtD91k4^e^x z3~V)Y?X3EpkY&l_ppEzg`-834=Z~hIEPJM-O!YCsOLkvk zB*CI5f2?xvW}>`3jyofcBc)HVsgK)VI)5!o;J)^(by9<^i1>S>^fv=5%un7l2{xWs zfn|vqSu4k$ZHsJ(Z1b&~gI+!P_eU@~aLdvMIq+t>)mZH}O|>k=j`ti)eTbA%()+;g zJYDn6|1rX35W@7Kn)u2Ww#5j&KRWQsk{cjP7MRALB3Dwv5(99A^cPZatrmihAX!z6 zRyCGQ5P`@Z&8Z&qM5$%Rly5-ie_57R8^9AppdfSGQn{RQ2Ts{c+UGUagWA_j5qXMW zZrR!K76~NBroNMGBiBBK#_u0=k9KpQ`nNR1Iqm0#r zOZXADH)#BQ)l8^VCjTXPV{M>A+TIijNhLhtCPC))emQ00O_gTa?XnbYg``OgHZ$KI)xjT9ug_FgST+J%RrQp z*phh5^dgjtN5AbB%|h^9|A!=1HDd6=8}85IM*3!Y*8d}b8weZz`U|+*2I1$r0ui9m ztYix$fy&QA4g%lav2*R!#jg|scOftpmUC$;Ue{r>@BJB>zRr5C&=;cf>l>s%K@=kj zQTX2?9Bgdc(u5?rA1*YJaiYpo%o7yLqA5!Aw*p8Vbkc)zdPxyKQ<2rRo%xAwj%X(L z&nE@HGo1mBk%?Eu!q*onx~J##YRt}8;{slw>O-g zNc$5?{t5x+C;*$32+LR9Cry1t^c^ws8D6d%7XSfSb034n6zu{es~=!<$*slqsbc=R zJmXjHCM)-tT4RYvXmfC+ZbAs^ z$oj1l^B@EI^Mv2szJb+RH$jyP(y1Xykpy>M{2Y(lB}h#<<`NVs03{LWUN~NbA8$(b zCk*aS6`6~doW(#LV*lvChY~w5b-m`qn;Xj{-}Si>Pog2uq6ts-f&G%M4!W=KZEcop zo%9xb3BiZvnHd~F=YI($>fgbUF30I%OEib@S*AHd_J)bSLK0yC=+VZtCnnIC&A&Hj z&4-`zxF>Cw>kf<#TqyYrLak3Ed-Od74GXH9zMxsG;***WqQxM)KiwmX3`o za==wSsQQ;sk`;yyNjpugAq%c|lYd2qf-H6yGKOmUDruAd1Yui! zH~3!W>LUq}63ca*DAB-&I!M9(`Vl5s zoHH1s#~=<_J|&oWhk%7F0N4f&GNi^aoVzk{gN1cLJF4{66n30j)l2mU_72o^$<(4$ z_JVppW3IV3P0%!j@li~5cn6SN;u08ApGXd)8wL7_xIH64WAZP%j-Bs@^Z7LP`m5|i zOYL$|Z8pyPFUC7gual>1rOg;*6w*Gh$+-4pvRVyQ1J#_NS3QgdRj=$>(u+ef2ofsN z&pV^2#)!O;Lm8Rxgu{_mF1C===@RVH~P4BP!p!jBl#PWxa~X z7tW72p%$XSlN%Ugp76bwN>0$fniJQsdA|e1%tE);*zBOzH+^dL@7=#sWj%ODj|{1c z2}2DV>1##987HfbxavCnv1H>xN+IvD_Aun7Scz*UQ#p}$EjLQxXB|^}bTA%3p@Qkmo#+Lc*6#eS=_}!C0y7DH$ zR|={%pzo?R{opqtF$a?SwkPSL^SVNyGF$}LTT)Pfc1-$cPLFHr0B^@)dT-rLNCA19 z_e*X#-i3?xuJ_tEBKvC+^=Gw^;yF$QdeaVvu9El2)2*DzX9?>#qW8jUi^oMYZ)CY> zvpR(;zFUy&g=}y}XbKzMLh3iVw_!v{>Ehed^?9{U<&_2v z=&Kh#FIfezemBwd_1auW+Z;y{4&TSl$l4r@sj3UU7fD{*WzN&pOhuI~cSr{fnmF{` z`FVnU&EqDb%ws;9hIkCW3=G_Otzbs}6qa~VMHN)Xk5p?7e7x4!4duj-?M%(AKWFt$%k?|4f zGu->>$dIWf7T4z=-{)IYgd$|TvFGVX`CwdIOy{%vU9Cna4HOcVqmJAzfB6l}aAH#*4Z~&g4x_Vs!Wl zrBrxC^e#on&rfDEY6pP~F_q8v`{ z;i&b>H_qgYA3^;|i>AE~Tm%aDFVUM#q^RS@I7Q1+Oes)p6t}%(2prwwG;43$izoK- z<|mzRQTKvNsiCv}1_~ndRUwigqF|upruzK1iSGcCk5oUOVUpGQV{N<)na&U^RE)FL z)c}R;lWUl6UmH_9HT@MM?mH?aQI~1HLxhG`WD6X0NC+BwG3%6>uwwFR%Oytzdz~j; zz;07*QCMWvwfAq%(9XlnnX4JN#G0y~<2^hJ^Ni?bU9}~Ua><@Ay-Tc~EOPho({p=2 z=|0vwLDLsr??#X=E{gLVOXCYzWqPOW*qpr2C=YM0i#?5E_WJ({yUMVr+HMUq!~l}g zIE2*D4T4CQC?V2A!w5r5OE=Qp2uLbj5=yr)lt?3ubjP678Q%ELd#>;MuJdc}>-o2z zb+2cwb?K{fd`iL$PS`)cf9}0Hx{}Ow7;QbP0vHw>qEExNIJ! zV!;S36}9X8oi}VZ^Dl1(0-W8LCIn316^!c*QSFNy&dt6U+?ly7RSHfq?-P%jNp>j=VKt!ijL3yf8~+ z#b7NmJGQiZ6TdBQXw@JzXHJK2P+Ic4Qnl2G*B^!k7)k1ejH)I z5D+iGn+OW|g7HkDNT-E``^D_G7AessK2L6c%sl=OmAIa1Bw?}CDC9fCF#W2}g+jfD z-F9T!y(cN!m{wA0Zhl)Rjs55g45# zbi75<^;Y!{pkdvG7Yv*Kgsa`t>x?$+!`BF{saJ*{J#kl9YRowumNnc=Z?F!t+Ta zzp~MRBTWjDF4AA!TIE(eZVvEpQfC5#wcE7hh@69?*Y>#r4ZW4)FC39;;uWbFmk6T+ z7Db5EPwFj<-HIVrWKZz1PY>LBMF3?a! z(u)r(NeUS|D-oSbRv*_mar6nhClvjhcy;KCjqbv|k+{+|lcl5{!QH@tti@Kl;m@>k zYe1UjQA$~mR2(%O=jvy!g*@9M*sEfA+xs(@QUNqB!OL#urBTNf9r*;w!W$ zQOKc)YHCZYj*H`3x3j7GG^yHVWu3%*f10e+w(4{nBAZs@V~Esx{*lv;m=&kbfRzrJMkod;k3)d+v+6)ThySG!8JA zeBue4rOsJaaWf{PF(kFgYCAr?!fJ%nyDIQKj25LngGAF3ZARIYdC0tOfVge8@0KYR zT1qrkPFqiI{la##>1`!cKkkb1N{jjgWg|%)$I;DMh&Fw`5%VBP zz&OFGLJgpa&qZq4IU#9YDZl`-X6Uo_m0Fmxj$OgY)ZQHCZ0>mD05o>i>S2uL_HU zg<5#duCw%z90TB|{xB7aCBthoS&67_#Wy*&p&vCEiE8z{{@+qkx?cqRPX^(37FF!= z3oDbjpTPyO#&N9DZX8oP$TLy8AlwHku<5oQ+i=cnl_fPHy$u|O zBDep1k^1xT$JYF7bhmW>{dN?i@&9}k4r-u~ES3V1QFP^(Zm98l3cZa>$_`5lR7xNo zXMK&xs>KrR6xnt3wa>rB} zJvUs&A)D`~%4uTl(`(7Yne&e}#neYt!`gIJwECUgwM|f475^`7Nmm*TDp%YcDvT&X zCr*i%TaXs$A-UGF?9U!@su!vl3;YdquZtNpjiX4m@M4NlWZa5Pz;VZ!HumnQH#lN$ zPd5%IkW`ZPZol&2V2&PzXdTJ9ueD90hw{H>q0>u(v5NVlfQxI(^JNk-tStid z5y7vo)z@$0wf&a!_R{l1P~9%JbZ?*kT?XEn>aSV=wiOG%El7|=oa?a{oAw7$6C(4!Ox}btd8B?48=J`MZtEmr+4wm7 zh?L!5P4ypY-E-oW^2yP5)PhL!?UPlHUrLwv<1y`jxZhrpnt40gmvPTaJdbUMVJPvJ zqRN9jre4e;-Dc!_q0P7mre76Pk`M1Bt1GZM5jAZ-Js7I<4nIa)@);YQ z!1Y3jTgj))vObhP;vwZF02~AF6SXb8^nO)yrMeCUUf-uV<>YnheUYCWqpE)*p z$_K>PaQv-&Uo($xjKt_ia9QHU^G-K;-q55y!&+@=n(Ih%*Eyc zn7h<6Iw*lRknU=;I4|^1x3Fpx*9|@g?+P(b46@k+-~`Vk;#i{drK$x7sR{cVT_%ntxzo~ z*6+|ZX#e#0<-t53p&B0+Ax)8xgV@X|FCjy8#jQQU{*TF<{@vsOCny5WmHTU>bx|n+ znL{7V14aB%?{Q+3wryAJ)Zp7%&>lc6i1$obq6jQOaF>{&preRN%$ix+H!y^&vcK0$ zQ4GhgYJ*&u4z}cHX73GNS82y^X_mQ-`Uk^mt(DJf31w@%q)KPN9npWa`WH^A@Z6s%k z{p04e&XMnoq8LoyWBm9LO4^Oh`xpi}8@=p&3B9;C3v%TAyjBU`^aqz2t2`!c`leDh zI!}#ln-QFiCl$@PbWAuQjP5j_@POFR@`)fwlk4QoX`m8%W3XVeY!F{$2;lR4(8gx+E7pHeHb{vI(~^! zrD4LCI3IJNQ)8Jc_>|r7b;ZX?ow#{M;Va~rx#d{K{&k+O+=F&v+AR(>!UN^2c)Pw7 zfbqFVoQ&GAM&*XSuydWyR5zw83;gVm>9(4pvAI4Jsr24S)y5>UowSyqhi@zg^5c1?@)0U%l8dc?1uzBcY!>4Y;CRs7?^Vg`;`fN+(x0^qpsul(;W9&PqXQYj*P7tH(Xkjbo1yjK z-l6>hiDzlWYKwIWt@Yu;^ zWJ5-k)F{e9IGAz$y973&1G51Ghr&G55+>h9mZiHMC4eM2A7n1bArUEna{%y7YRp!{wEjD+yq`5Vr3mVRX9LNG0xMaoN5nR>n8eA1(a#U0BxK0c9l!WZna;4eCY zCzESN*bt0!-jvMLea-$pllQim)f@I}`DG=@s+>PY3G$rl6Hu(4w6-cvU~0Qog(v5f z^Mrn%aL>Qx8rvh{E8XfS^in>aYP%ppe;gik>@@vyYT2Z#ZL`vm2djGnFp%Ntm~EgK zqOT#~DfeE0e{pBmQ2NP?lm1B=D2WYXtYIAVC}+NmfHeIF)YK_zy|(r;O#VZAK@Tj5 zEni5e1PHSkhn^TnxS<~n@>g6xpy#5omm`MNmDVw(T8bB0!?MWbxE zmjiww2OTDn76rzKl(>nXY?Af;b+Jh`iW+PLjN|PIPv>VbkVq2m(P(@b$Qn}$7rrQQ zjc@Yp0xc(f>t}_9Jbg+Q8%t1WZ8(}&63208aiQp819-9Mxfwa>ldB?G&dYAy&{1@s{u%5IDt~mo zTN99Sae~26-E$~O1h>7XL^wbM<32hFjR6yI2Pjk$iHU~;!UkZGfpBo~02t%|AUfb* zm%t3!wZ)uN`$!0S5Z*k}ZXwU+YvN@n7DwlMNAFj=Q@%qtF=Ve!uQdD3&gC#F8B~Ia zFZ1K$Wb?D8r5WuI1vy-O1lx=iU-Rx5I$_B=IrPn5iDOZfp~cTUbDrZuecp~UT|ds_ zFwkJj6=hk(^t`ASC4#Jx*IeRaxb7YUmZyHp{Y?MLmxu(&(OWzXbMOFQ&(v=!_8s|9 zyQWWec(ZPzVMrXO3Sxmv4Q>lq#_)Y^O(&lgF&^dz*QVABTheOhPs|yxII^em5Dcs@ z5zY&L^Ail>31e7;yrW`k_{z!;Mc1MGs!YDW*-I|xg%vf>0~`eA_=+()7sw5XYW z{6(;S2w6H*)%hlw3t}>J8W7fmm$6z2HESv>b)@R1%kU;B4x;3JkVehOp@ zYUbH3J+6qfT$45;{~tQ@bp{)siGM6a`XJa?rQwAM9^OnLBAsdJOV%WGGc zFa7S^^#~24`$^I7pz0Pn5jcqsH|)7<%$4}}w#4ZeW5EYC7k#PW-c_ec49tg8$ZC)T3JxC>`Nr8Koqt_T?c$Ge!suX zvEe-*Qvc>C6Ksz?wWkW`&_b4kJrHyiX9!b{M+=Y@tf<#|sPFa!SGK0QCw)vy&`E(c zoNOjBG~6N~rLJ_FvFzmDS&5zbV