From 6bf4eb148318a49d8624d99fe8f701f16a43391f Mon Sep 17 00:00:00 2001
From: James Valleroy <jvalleroy@mailbox.org>
Date: Sat, 11 Nov 2017 16:14:27 -0500
Subject: [PATCH] shadowsocks: Add shadowsocks client with socks5 proxy

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
---
 LICENSES                                      |   1 +
 actions/shadowsocks                           |  97 ++++++++++++++
 data/etc/plinth/modules-enabled/shadowsocks   |   1 +
 .../services/shadowsocks-local-plinth.xml     |   6 +
 plinth/modules/shadowsocks/__init__.py        | 126 ++++++++++++++++++
 plinth/modules/shadowsocks/forms.py           |  61 +++++++++
 plinth/modules/shadowsocks/tests/__init__.py  |   0
 plinth/modules/shadowsocks/urls.py            |  29 ++++
 plinth/modules/shadowsocks/views.py           |  82 ++++++++++++
 static/themes/default/icons/shadowsocks.png   | Bin 0 -> 16487 bytes
 10 files changed, 403 insertions(+)
 create mode 100755 actions/shadowsocks
 create mode 100644 data/etc/plinth/modules-enabled/shadowsocks
 create mode 100644 data/usr/lib/firewalld/services/shadowsocks-local-plinth.xml
 create mode 100644 plinth/modules/shadowsocks/__init__.py
 create mode 100644 plinth/modules/shadowsocks/forms.py
 create mode 100644 plinth/modules/shadowsocks/tests/__init__.py
 create mode 100644 plinth/modules/shadowsocks/urls.py
 create mode 100644 plinth/modules/shadowsocks/views.py
 create mode 100644 static/themes/default/icons/shadowsocks.png

diff --git a/LICENSES b/LICENSES
index 7957c93e8..dc86c91c7 100644
--- a/LICENSES
+++ b/LICENSES
@@ -58,6 +58,7 @@ otherwise.
 - static/themes/default/icons/repro.png :: [[https://www.resiprocate.org/Main_Page][BSD-3-clause]]
 - static/themes/default/icons/roundcube.png :: [[https://roundcube.net/][GPL-3+]]
 - static/themes/default/icons/shaarli.png :: [[https://github.com/shaarli/Shaarli][zlib/libpng]]
+- static/themes/default/icons/shadowsocks.png :: [[https://commons.wikimedia.org/wiki/File:Shadowsocks_logo.png][Apache 2.0]]
 - static/themes/default/icons/syncthing.png :: [[https://github.com/syncthing/syncthing/][Mozilla Public License Version 2.0]]
 - static/themes/default/icons/tahoe.png :: [[https://github.com/thekishanraval/Logos][GPLv3+]]
 - static/themes/default/icons/transmission.png :: [[https://transmissionbt.com/][GPL]]
diff --git a/actions/shadowsocks b/actions/shadowsocks
new file mode 100755
index 000000000..bfbb8e67a
--- /dev/null
+++ b/actions/shadowsocks
@@ -0,0 +1,97 @@
+#!/usr/bin/python3
+# -*- mode: python -*-
+#
+# This file is part of Plinth.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+"""
+Helper script for configuring Shadowsocks.
+"""
+
+import argparse
+import json
+import sys
+
+from plinth import action_utils
+from plinth.modules import shadowsocks
+from plinth.modules.shadowsocks.views import SHADOWSOCKS_CONFIG
+
+
+def parse_arguments():
+    """Return parsed command line arguments as dictionary."""
+    parser = argparse.ArgumentParser()
+    subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
+
+    subparsers.add_parser('setup',
+                          help='Perform initial setup steps')
+    subparsers.add_parser('enable',
+                          help='Enable Shadowsocks client socks5 proxy')
+    subparsers.add_parser('disable',
+                          help='Disable Shadowsocks client socks5 proxy')
+    subparsers.add_parser(
+        'merge-config', help='Merge JSON config from stdin with existing')
+
+    subparsers.required = True
+    return parser.parse_args()
+
+
+def subcommand_setup(_):
+    """Perform initial setup steps."""
+    # Only client socks5 proxy is supported for now. Disable the
+    # server component.
+    action_utils.service_disable('shadowsocks-libev')
+
+
+def subcommand_enable(_):
+    """Enable Shadowsocks client socks5 proxy."""
+    action_utils.service_enable(shadowsocks.managed_services[0])
+
+
+def subcommand_disable(_):
+    """Disable Shadowsocks client socks5 proxy."""
+    action_utils.service_disable(shadowsocks.managed_services[0])
+
+
+def subcommand_merge_config(arguments):
+    """Configure Shadowsocks."""
+    config = sys.stdin.read()
+    config = json.loads(config)
+
+    try:
+        current_config = open(SHADOWSOCKS_CONFIG, 'r').read()
+        current_config = json.loads(current_config)
+    except (OSError, json.JSONDecodeError):
+        current_config = {}
+
+    new_config = current_config
+    new_config.update(config)
+    new_config = json.dumps(new_config, indent=4, sort_keys=True)
+
+    open(SHADOWSOCKS_CONFIG, 'w').write(new_config)
+
+    action_utils.service_reload(shadowsocks.managed_services[0])
+
+
+def main():
+    """Parse arguments and perform all duties."""
+    arguments = parse_arguments()
+
+    subcommand = arguments.subcommand.replace('-', '_')
+    subcommand_method = globals()['subcommand_' + subcommand]
+    subcommand_method(arguments)
+
+
+if __name__ == '__main__':
+    main()
diff --git a/data/etc/plinth/modules-enabled/shadowsocks b/data/etc/plinth/modules-enabled/shadowsocks
new file mode 100644
index 000000000..99f3b05e1
--- /dev/null
+++ b/data/etc/plinth/modules-enabled/shadowsocks
@@ -0,0 +1 @@
+plinth.modules.shadowsocks
diff --git a/data/usr/lib/firewalld/services/shadowsocks-local-plinth.xml b/data/usr/lib/firewalld/services/shadowsocks-local-plinth.xml
new file mode 100644
index 000000000..93e10f2be
--- /dev/null
+++ b/data/usr/lib/firewalld/services/shadowsocks-local-plinth.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>Shadowsocks client socks5 proxy</short>
+  <description>Shadowsocks is a lightweight and secure socks5 proxy, designed to protect your Internet traffic. Enable this service if you are running a Shadowsocks client, and want to provide socks5 proxy.</description>
+  <port protocol="tcp" port="1080"/>
+</service>
diff --git a/plinth/modules/shadowsocks/__init__.py b/plinth/modules/shadowsocks/__init__.py
new file mode 100644
index 000000000..5164d880e
--- /dev/null
+++ b/plinth/modules/shadowsocks/__init__.py
@@ -0,0 +1,126 @@
+#
+# This file is part of Plinth.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+Plinth module to configure Shadowsocks.
+"""
+
+from django.urls import reverse_lazy
+from django.utils.translation import ugettext_lazy as _
+
+from plinth import actions
+from plinth import action_utils
+from plinth import frontpage
+from plinth import service as service_module
+from plinth.menu import main_menu
+
+
+version = 1
+
+name = _('Shadowsocks')
+
+short_description = _('Socks5 Proxy')
+
+service = None
+
+managed_services = ['shadowsocks-libev-local@freedombox']
+
+managed_packages = ['shadowsocks-libev']
+
+description = [
+    _('Shadowsocks is a lightweight and secure socks5 proxy, designed to '
+      'protect your Internet traffic. It can be used to bypass Internet '
+      'filtering and censorship.'),
+    _('Your FreedomBox can run a Shadowsocks client, that can connect '
+      'to a Shadowsocks server. The FreedomBox will also run a socks5 '
+      'server. Local devices can connect to the socks5 server, and '
+      'their data will be encrypted and proxied through the Shadowsocks '
+      'server.'),
+]
+
+
+def init():
+    """Intialize the module."""
+    menu = main_menu.get('apps')
+    menu.add_urlname(name, 'glyphicon-send', 'shadowsocks:index',
+                     short_description)
+
+    global service
+    setup_helper = globals()['setup_helper']
+    if setup_helper.get_state() != 'needs-setup':
+        service = service_module.Service(
+            'shadowsocks', name,
+            ports=['shadowsocks-local-plinth'], is_external=False,
+            is_enabled=is_enabled, is_running=is_running,
+            enable=enable, disable=disable)
+
+        if service.is_enabled():
+            add_shortcut()
+
+
+def setup(helper, old_version=None):
+    """Install and configure the module."""
+    helper.install(managed_packages)
+    helper.call('post', actions.superuser_run, 'shadowsocks', ['setup'])
+    global service
+    if service is None:
+        service = service_module.Service(
+            'shadowsocks', name,
+            ports=['shadowsocks-local-plinth'], is_external=False,
+            is_enabled=is_enabled, is_running=is_running,
+            enable=enable, disable=disable)
+
+
+def add_shortcut():
+    """Helper method to add a shortcut to the frontpage."""
+    frontpage.add_shortcut('shadowsocks', name,
+                           short_description=short_description,
+                           details=description,
+                           configure_url=reverse_lazy('shadowsocks:index'),
+                           login_required=False)
+
+
+def is_enabled():
+    """Return whether service is enabled."""
+    return action_utils.service_is_enabled(managed_services[0])
+
+
+def is_running():
+    """Return whether service is running."""
+    return action_utils.service_is_running(managed_services[0])
+
+
+def enable():
+    """Enable service."""
+    actions.superuser_run('shadowsocks', ['enable'])
+    add_shortcut()
+
+
+def disable():
+    """Disable service."""
+    actions.superuser_run('shadowsocks', ['disable'])
+    frontpage.remove_shortcut('shadowsocks')
+
+
+def diagnose():
+    """Run diagnostics and return the results."""
+    results = []
+
+    results.append(action_utils.diagnose_port_listening(1080, 'tcp4'))
+    results.append(action_utils.diagnose_port_listening(1080, 'tcp6'))
+
+    return results
diff --git a/plinth/modules/shadowsocks/forms.py b/plinth/modules/shadowsocks/forms.py
new file mode 100644
index 000000000..f6a2f1777
--- /dev/null
+++ b/plinth/modules/shadowsocks/forms.py
@@ -0,0 +1,61 @@
+#
+# This file is part of Plinth.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+Plinth module for configuring Shadowsocks.
+"""
+
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+
+from plinth.forms import ServiceForm
+
+METHODS = ['chacha20-ietf-poly1305', 'aes-256-gcm']
+
+
+class TrimmedCharField(forms.CharField):
+    """Trim the contents of a CharField"""
+
+    def clean(self, value):
+        """Clean and validate the field value"""
+        if value:
+            value = value.strip()
+
+        return super(TrimmedCharField, self).clean(value)
+
+
+class ShadowsocksForm(ServiceForm):
+    """Shadowsocks configuration form"""
+    server = TrimmedCharField(
+        label=_('Server'),
+        help_text=_('Server hostname or IP address'))
+
+    server_port = forms.IntegerField(
+        label=_('Server port'),
+        min_value=0,
+        max_value=65535,
+        help_text=_('Server port number'))
+
+    password = forms.CharField(
+        label=_('Password'),
+        help_text=_('Password used to encrypt data. '
+                    'Must match server password.'))
+
+    method = forms.ChoiceField(
+        label=_('Method'),
+        choices=[(x, x) for x in METHODS],
+        help_text=_('Encryption method. Must match setting on server.'))
diff --git a/plinth/modules/shadowsocks/tests/__init__.py b/plinth/modules/shadowsocks/tests/__init__.py
new file mode 100644
index 000000000..e69de29bb
diff --git a/plinth/modules/shadowsocks/urls.py b/plinth/modules/shadowsocks/urls.py
new file mode 100644
index 000000000..a4e2d5e71
--- /dev/null
+++ b/plinth/modules/shadowsocks/urls.py
@@ -0,0 +1,29 @@
+#
+# This file is part of Plinth.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+URLs for the Shadowsocks module.
+"""
+
+from django.conf.urls import url
+
+from .views import ShadowsocksServiceView
+
+urlpatterns = [
+    url(r'^apps/shadowsocks/$', ShadowsocksServiceView.as_view(),
+        name='index'),
+]
diff --git a/plinth/modules/shadowsocks/views.py b/plinth/modules/shadowsocks/views.py
new file mode 100644
index 000000000..e861e0443
--- /dev/null
+++ b/plinth/modules/shadowsocks/views.py
@@ -0,0 +1,82 @@
+#
+# This file is part of Plinth.
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""
+Plinth module for configuring Shadowsocks.
+"""
+
+import json
+from django.contrib import messages
+from django.utils.translation import ugettext_lazy as _
+
+from .forms import ShadowsocksForm
+from plinth import actions
+from plinth import views
+from plinth.modules import shadowsocks
+
+SHADOWSOCKS_CONFIG = '/etc/shadowsocks-libev/freedombox.json'
+
+
+class ShadowsocksServiceView(views.ServiceView):
+    """Configuration view for Shadowsocks local socks5 proxy."""
+    service_id = 'shadowsocks'
+    diagnostics_module_name = 'shadowsocks'
+    form_class = ShadowsocksForm
+    description = shadowsocks.description
+
+    def get_initial(self, *args, **kwargs):
+        """Get initial values for form."""
+        try:
+            configuration = open(SHADOWSOCKS_CONFIG, 'r').read()
+            status = json.loads(configuration)
+        except (OSError, json.JSONDecodeError):
+            status = {
+                'server': '',
+                'server_port': 8388,
+                'password': '',
+                'method': 'chacha20-ietf-poly1305',
+            }
+
+        status['is_enabled'] = self.service.is_enabled()
+        status['is_running'] = self.service.is_running()
+
+        return status
+
+    def form_valid(self, form):
+        """Configure Shadowsocks."""
+        old_status = form.initial
+        new_status = form.cleaned_data
+
+        if (old_status['server'] != new_status['server'] or
+            old_status['server_port'] != new_status['server_port'] or
+            old_status['password'] != new_status['password'] or
+            old_status['method'] != new_status['method']):
+            new_config = {
+                'local_address': '::0',
+                'local_port': 1080,
+                'server': new_status['server'],
+                'server_port': new_status['server_port'],
+                'password': new_status['password'],
+                'method': new_status['method'],
+            }
+
+            actions.superuser_run(
+                'shadowsocks', ['merge-config'],
+                input=json.dumps(new_config).encode())
+            messages.success(self.request, _('Configuration updated'))
+
+        return super().form_valid(form)
diff --git a/static/themes/default/icons/shadowsocks.png b/static/themes/default/icons/shadowsocks.png
new file mode 100644
index 0000000000000000000000000000000000000000..ef038ac138703a9aace2df15a7cbdae9d25aeea0
GIT binary patch
literal 16487
zcma)EWm6nox5ZrscNp9?IKkZ|xLbm|I}8xq9fG?%!QBZGB)Ge~+dIz>xK;PV^n97q
z)pfdiuf3N{go=_hDiR?Q1Ox=Ctc-*j_<Quf4+0$cSgl=?0|6nzA}b-P?)mG?4^aeX
z;p5YT1z1_uy2G-S+Ohw0Co<Ber2N_Da=~ZX``vb$WA(0i=||LZt>OM@ZiY>2qDe+a
z0d-j`G*kvuq`(%4{qr_E<BQ9|TASnLehnL$;2$BEi$BkQJOnM6jQc|nv)B+#`z2ui
z|3`#7ci0Mcm>&#|rxi#E8If?OimeDVqQAn7*`{m75n~>CA?{||86-?(ukh%<7bOQv
z;ZpXe4?1Cje*?YR%WSL&;76sP#xJ$`S9OeugQFphEg2pY6Jw!_i;ay<KuWq1VW6d^
z=3G}*b%xo&!pLY7He?#)ayVr`%wxYM8b21a*bd2|qYbLNg-WM#LaM=hULg2Npe<Gg
z(|eDM$71`pSUwF`CNMre9ycf`sJg$upFduT<Ty6+{eICXO<rCeeY4eRH?C5vHfMBd
zYQul4HwbI4RCyXYgH20>2Avw2(F#IgRvjq`_>WC3sV*-Q8zr;dd>On(MC|8B3?bKv
zWRZx42S%SNfZi=ZCKnoyMPFuea&mp6R5{lUm;^cIOk#d>Wld0<lL3(gWP&MCp;tvV
z7t0Gl(C_qgnjRb+ByYA^ydWbaT$%RKa3hxJKcli<ZCUT|D2*l+^cEg97fpN{N^w4@
zBUHvu0&*Pr85hH*&b+@q#@TFiJ|FSBokW*KhK%y}NN47BI3rCN2o~3*rPl5dkz(Nx
zD$0Gc<0~p}C)T?BVNnUSzrUY`pr-VTx4y<^vBpL;mEpTeeV-Af>KvjNB1W0QfDEFX
zq9TdBdTEjO{Rt{M0z#SH<yg&HD+(<uS<<MZru9>4(Rckzv=F#|KYui@$`+L?BPGJ6
zIdyf32$YnSS&IMo@k35bte>Ibgkec@z?#^aLR1?EDI&;S^2q11Yw-v8A)C`}vSbg6
zF9;Q+O&q%tFvk?z`ij|)7Z@U1&_o>)QRxxI>41))qXcMRdi{94O#9d+`xFuXY*#De
zmy(YWRU}8K6_e$LrO(geaZoy1ZafUez`&qn6hN#Hqa%69-JnujrzX%xO{SwWXy+zm
zQdD)TL>U?yqL)bY=ktBKss_rZ5RE6h(Q5gWt0f_TV9$|ct@rl!*4B$;la9&B$w?Ub
z0kT0MOMccdRMZvFDg}4;{7MuG-_6N~-?uwEJE!?wkLuEyaK%xRXcn@8oiP{*2?<Wh
zuMg*B$Vf=mKTd(kD6h&6KNY<;)rr)Wpc213R(_J36R78(JD;yKzln#TP14Rj*feM(
zWtu2Qs4*AIx=|sVR%qBon~lV-V_;$3N=QDyRw#BT)r1;I=*~;rk*gIeH`e2LkIpFZ
zIq!|WW(#;2qBTh5pWwL>XfYP3(}J$7u~XTa*u5Vw-eFXWZHJlNvvu_-i$c5dz)R=q
zxgY82>6e@RULT$*rDG+CU@0Hy6l;QnQg<HB%UNJdVjMYp#k*flD$}obM|yNhm9ixY
zp;cnUtm=>BsJV9mTqKscDE54ci3~0CwNZGiA2*wyA07|U1Ya7)Oc6&Vwr~62a2JAr
zw)_Yc-x5aR$O3A<PozGsM4D7he4ub2uv`<dCjSoF!=LpgjE?jhbrcv@3tzcsR_!=Q
zl<X{5KQHhy_D2q&LC`2yN$F3H&jYW%Z@d4ew^^f6sYwgI7Sp%%_i}pnUodjXf9nI%
zs3I|H^xK@x7b-NAH{2EttbmnzmVdsz4zfn<)WYNk38|Ng$s)4S(Ro%m?G7swp8xW)
zN3Y_)VR^G!!DkV5F)dU$yMk$o;ov^_e7l`~X4Y+bO8=7sKe;<(f%yvimH^~Wu?F8Q
zKP)V)O>{K0?ugB6rUY!pxK3z-QXZeqL@r1JLR63}NlwTMTs^kwAep?9QVzS@$-F@x
z!L>iF>{|@50z*lzdLRsa+H$dGy--Rvgy^<AbgxP|B3t$BTJ9fJ2%J=JdTY->yrze?
zU5C@Il#`Oul<!Tn5KIP@FV)5&#@0E~5+VavJbrVjLdLA=NGwS%r_H}JAyEKmnMBpv
zxBZb|$=wuZjjrb+W&9u2mY|S&6BfsGsVsw*cKiVzIctsX{pljv)7_l1$K=GsD>Ee}
zG-CgQ{he3hQ!q^aPu@hno66em6G;S)X_?~0;$e#tk8ybshsE^PFqC4%lBz2Gwi_$c
zUb7A1_TXii&gp(K1W+P$mwHf#`+27O1oQ9C$x3yZ@XxeshBHP^J5(c)-^0OM7c8v0
zLrOCw3OU<z;5s$Z^uj22ZPhWTh1d`Gp%NO&>$ugsp3U#(owbP}`0euCAHOC!Lv0`p
zAg5kE;uFB+)#>>Le(|U8PZn$tGX#<U{q@KNv0{cy7K=HD7<GDH4~&kE(!a&_V5V3P
zZ9jfB5XM5=dWel1P=QXV%*)$)JvurH>*LRzDBZGw$!}9{>X8}@MaDZ=EdMqVNo<6X
z!f<ciP<m?7k9cRt4R=A#fEQO#P@sWI#QkOzFAGWx8J72j>*l_rqn4?r&G9U_PGQvI
zzS<M{eQqOg!9BJu-D?p#9qrM^V>x3?!M?GWWU&s|!=n&DDpu~*TI*CV?l1FPuQwYR
zX40-RhK;2ky0|;sS9qd&*Lk{Cqd9^nXOF5)lV6<b>nl(XFJC2~2tKWx=44~5+urI6
z#)=~o?j{G{D1yCjEXGDagi6f?ML9X^X49ca$q?f6<?MLuOH8vj{qhXy{n}R7bEdbP
zPh?l?ndwNXLg_eC=a;)<H!CYE%eW^6-N@gFVn*yo!>FQTL3;?Os0;FFp~PC_k$tNU
zVvXw6#>Ur=pxkO1Ol<6V<H2wY@#$ZDjrP+yf?6pHh8~c}8=btCv(Orq@jE*^cH7(A
z{5?QwX{(G34z+9mE;gic9uaRtwf#F7ztBQMLQo+2#{Ql<VLA{UTmK5~<P%~aQ*{ZP
z#?Gy_RkrR$L7c_KP1M0=ecCD7Mf8N-NCc`MnA+pCI}7i1Y0&Ul!`aGW8bu^|24~2i
ztc=m`fcL^9W3Q~Oj#@U8)5`hOq37KlJ!8lhCz)!=@au=z<4>5s`<nL`>#yJ3cM+Wn
zH<s_iWn&59lBtv*bRd{{WgEb4Lcs9INC13;B50^^gIU?9em?o0T0ZrTgxhv0fQ>rS
zUP6sYAq&x>7TdE`m!>nO;pQ~nWgB=GNs1;4X`KX7@B`I;rRg{a3=ha#p)wt`h@e?H
zj!{~L^cm-WRXU&2C=DfNXbxw-GKoMMYZ^;7CzXlSdABF1^R+gYMKFdt2>HM9CJq)-
z@_Wk-75I&+=2j_3--Hfc;7?uDS$^s-T_47gR>UG2N%`LXbu?PUb3H{uM*a=x*kj@F
z!T4&~<kK%xO3GN?ah5M0M!Ge2Eq|f5q%>-B*GAd+B#J>o=l%<Q6{-ahH-?CZ)br_T
zJ0S3;P2g%~V*MLTLihgT^I`6z&1Uy|&r(d88nfUXq^Cf?4X!|xrOGe9?!@;x#j6u{
zef_m))}A*^;lN0egPF#C_kz~@y}Sg<U&%9xiHSzb#EhKdM(ggm^Kok-WFoHD&kR<6
zyt?C2(73XsEJ(yYQBC=JqOozmpzWxnfA?l%N<d5&6U7#i+#rS<UA*%A8rl=DJw^CY
zU)f5SqL01`*MfnYUYeGX5#c9u5_pEO-y?dd);bYI&31_X{&HIDgG$WnDAX}9%{Q@i
zxc1#J;NXW-UHI_ngd|%NU+)ny=zVd5bu39rE~2^=HI)DdXF-69%6#M}Dv@*FBqdL~
z{7^wV`ANimgtq>Oe_2U*nR=~l*E9;;3vz1-?aDGXQHZ4Y#Ar*rW}Tz~?F{ar$b>k~
zX>o|;Odvtt#m-RFvfJrDMW{9-f!M?y+}czD39Jv-l^#kCTG~U|4@M=UGoMK+X*cNG
zm0GeDn2&#cxPORRpmZgMmp3+*jP?4s2MUz3`Rk=)iTm<@SP@3*p}2dLY0qCEczrw{
zcC5Lt+SN7&cjQ|)KgV76oo?Vas_XMACza`;TSIHDw$aH)TV-4H1`8Snrn>DVCtSw)
z=bKB>jbLF=)GcD1RifuWQzKSdFM#`1L9gc;$_m_ANCn}oUA5L<PI<n>Ny+ix4tF2i
zmJ&+vU?-40-=x0g&l97~p90PolISobW+tx&TdN14+4A-+D+ey$yL;9~VXDi^f3XDu
zm+TWwf-u+|j-0c#PWwZVdjJK-YLv0Bdp94HHJbHD7SsLUXZ{O_8s2oQ58ZrW{4}*h
z2j(Cb?aY6lgG^!=N-M^pp+-~&%d_l|$<tyGN!*#3UQTP;WX>ACh6QJyV0G&7SB2zR
z{2&<8O}6-u_S9+8Ds+Qt_!FSqm@0#y;irswhy}CIj$!o-eEG0gLd$aT`iu#v;p*9G
zT;GVOni^<eqXsNyn+7Da0ZxQVKkJyAYd6IW($dqz`wsnpBT_0LeRw=s3@upz11I&p
z^=7wU5(OotPrU#W-xIl~L2XTbF-K5Alzmb;9gZEms!o_;5xlA?RdrP|aX9$IDYta@
zDsLSWdcvw(Fmn4n()RL%)?n;rq^ADPF$!swR#MQa1~Lw%g6;x$YW&Cb=hJTSKJ*iz
zX&l@5=`97;d<FJ8>k13xKM1IY2V>EfB$068k>|{_#DK|l2-b=)4-K<FM5_w~YyE8H
zmrCF`$%<>_Wn?_#6>x+8NiI^igjZ4_<iHD>Vsv<1b|-zpJ)f8vwI6ZN{DNXcy&@wz
zhqfjSuc#JHJH;Z}y%fw1drZ{iRfruZox?dU?7<DRaV6_k4E_0&d!x=|U>#@?J%`|v
zvW<i&Mh&0C*a-#)^hTn^L#D6-wMOV<R*|L!Im!2Vorpe)$A0$Zi(Xh!nn?4Ij#1xX
z?oc}$iL9}c_NS+(o+L!HNW~sYjs3Xrb}`UQtq|-bxVq^Y8ymZ{Lw2E+++9I1-0M22
ziCY-asTJy@UFB<y6GZgw0#s`y{+&uPGRP689VlX<`Uhukt!m21$Ry3r&qw544j59)
zwabBIg4tXz)}9UB2Xa8wD!%K{UY^)esL}T_?AAEzfy0l3Sr=hJ8dR`R(4ogFEaOV%
zQ575X<YFab6*UI=iJQg{wt9NXRly;+nal-EecypSO|Y-iKcXw-02R8SH9CzyJS8MT
z?DZ=zW0|2Gd>pNRsOJ4-g<1Gk-2E5F^zHpXhb>^<IW3X$(U&Hfja6z=0Cw1|`Aep~
z`W|-)<cQ|$MaSh!kPyvI6Lxt8jOs3_pwGiR>U!h-pmNFiwv{^JhzgZdx~&<CE!Q~n
zg2-jcA2A=>*a`ybrQy12>LwYrMQSQ4<A4MbpgcxZ_#8c*Mgma187Z63<%hytiQ-5j
z(YILE+WvAyUYG?g#*@PJ=<Fcan9H8cx37PcbuYM`foQlzRyZ!Qtu>}scGdpxFG)Gx
zC*|7lMjJ<y&Y7W8m=eaZwf8gP=<DP5e>#$>Q{?QV8+kP)s`I2<I`!$#IC$PG^<5U*
zv+%Lu5k&X+5mnHf3ktcX-*8nxI223kM(brW55qef;PH$^AHeCVIaJ_nfKQ(=naPzk
zXs^K6UBKX0v0SznQ+bO}kHs~i>2#1Nj2gkfCCkyhu8b5pH}stNZc?wkN^Biv3>Ez1
z<=DP#ob~GSm~rB4Ys+NKc`I_7c&ffNLx3n2P`|hFUyXl-frqaY)R}3H;?GB<HRj<H
z@$qZ89k=0S0z%Qab&_q6HUBBx6CtLPF-wIRSgy#J9A5fXr?@zR038ONK1gAlXJ(Ee
z>#|dToX(`b($jfUYs(Pfw-MMy<`cx#-FyAmP<_?c%<&i88(65<l6cdn0fTVDYmij%
zErL_pBN#{AfooH>j0=u3k?N8|iQcH-e!!8g!-NFGZ66Jp1B(IWB0FWzcrk(Cj5esK
z7xRMJRK*;CNU=;DEhlM*8uHITt`KE9z#_;lj#|dml~WGDAoy#i><dgEvaBGSR;{66
z&U@Ks#w^rmhb0X)f3%z|xpQMAL$OTsU&Ca4rkRgkQ^cktabhGGw`IW_m{rmi(WWi{
zn4rJ_&$OgMmNP)&x6G0pUKnXaF*|fwZ`aEW16o1z`*F^xO0*ny(9}~2=73hXXwX9#
z(DFufY7eKV{15WRlcOIPfYPyDI@;G-?DVkdEwKwDhx|WhSa>N#=hrHKOlG2*^Vsqw
z><k`TL!5aLQ}9gSZ+&H#YVKM;tw_c|+baz&`Rb(VP`RP@65dnU3bKo*mMN5q`58!z
z?sW1>F$I7rmfkwd4cNeu#5ahLQo9JXwK!2JG_EB3`9tsOLND;D*HOo`=~mHHg;+SN
z{0aRo5z1&e5m}a8Ko0xm%Yx7mOM_lLs;OR4A{P*t_W*_&0i|3aKc1s^3wMLRs-Ut>
z?6bMjxGA4|pAUC<WepeOFO&K@xEkz`(SrbLj?s!_2Q28I`nX@WBO-O$RcozKU%vg#
zL#csk846;Su9%ROm8FwJ3uKb434$)CodQTS2p1F<I{eibcfHg^gLX*fp9a8a&?n=5
zh@c?xeUO)BVmA+c7Z@BCwckN%kxT`GhmL{0AyyIpHUZAmT1prb=#U^)RaL>I82G4%
zHaR&><RxN_Fps%euOUXRlIj4AV2a=+GFKT@Tblhy6Qwj%I{@AaDN`MDL)o`dwC+Fk
zaR@6@PoUo&lqp?*B_AxbHEZ<CDWx}tZ0YD36I`bWjgleJ==LCf_u|lemg&d(Zf;x)
zX|uiPrTfnLk&=&eC;8+(t$a_*W-S!qo{<binH3J=nt`<wI7%}xsAD$GGQa*SO|}iB
zKr8JLs4yjm7WaNQEB{uDhI8(A#pxd{w<$nTM-%Ff@|zUemyUhM{;~D?{nOnK>6$&5
zoT9Zweu{RP?2sen%)K(9h2dvb5kkwDrkm-)em9sbpi0unqm=~{2pAw0XhDU)$4%qE
z)(?BF-tZsd2mTe5m1|g<MO*QV?N(sRMThEbgnqCG16xc4(z1EPWm#3vQG*Z>kS=0<
z@u64u%CwooTEJudx~P3mP^|iZAxLFd_Bt*+9AVu<$eG1_RdC0n8RoK0!xl+XSLQ-@
zY&czFblZyvdhB{HGN6AnYgo+p%s4IQl{bO3ptmB$wgOS3k`861glI)+3brd!<F~y5
zHf_3JEJ4hC(!LrZsP5~{DCOke-wImE$v6YYvtngV*XRbEaZ^bD%$B?}@Wao(jBG{V
zd<K4m;A8nHxI909L3#iY(&ME!(FUy$^v1*XV%fp2Qne_0_XLAL6eY^J8{XUfp}aHA
z>)B<*DL}DW!!Flc`-7N#YjkMSBg#!(xp1jyS;JeoYT+haTw8y<ObPB#3#rb%RGU0_
z`HRoKXHN}J@v+3!14Y#K@(J(=Y%NX$--imL`nT4o=i-dxQmyh|8D}hcEebM1SiOX<
zXA*w6#<BdCnON*_!r!Z@^W4^bLK!sfAvrE_%iCKt9xCHib40Nf7H^{@lJb}VCxB@l
zkBL?RT_x^;^mkzpPwTT6^^M@a3C!S~$@^Nd@q8|TY9)6k|Ak$eSC!}4$P@ewjO0qO
zro8t2PA=#x9PXunGo_XJf)VtbyMc94qrX`Y{t-Xu*Y#t9ye&X{&q4yaSxzU;u)ID5
z+srQz-!fXb-jv@wTZn;qn&2~4UQqKZ$2^)ED8-r@Y4}~}E49p13jqPa^59>WB}P$8
zI0s8dM@L$B@fzV3AdU>Ojp-3j!-JHzN-Gt+ZxDVslWFucWg>KGxP^2#%zEbL**}|$
z=}qKR5v5$yq*`82wTYe8AK-1X^+liJK1%_%=5l`EtcoH9sZN~i^vxy(M?J`5I1UXX
zpga;ph}K_DbEbD4SaI<SHO%pj6`v{@Khy~6*4#rv23_)Liz=mN0e>r^%02KA(N%G3
zTe6B4!3=2``86YVKoXqPUZbDN@N_T{F5x$5S^uJ9r+GnP2MCkMrBcDW<-0p<VC9fp
z7p&Gs&59qk;6yh*!4AOw$R-N1YvRIEHEOa{ef_U>fEu-HuWHyOQLSeJSCRXrlp~9W
zZ~od?t0ghy^3hHby3x1nra)X<FLceKfJ&AT3?H+pRxi@F2O)Y<)m&W)7m-w8rs9Pl
zYGKH0CWqC4n<!0~fme7e{;`;sS6g0>XM|t#9hY{S&HV}X>Lt-anE?O#uFIf^#>r&v
zVQ<UX<PFk|`OLTbv+!m6TkY%7cy9pIoES{p-J>InFA*~XLw~Kx_P}8DhFr%MKQ??s
zT-@T2h&koxZ~JgXM@XSQ;QB8E_NIH8bh+@qbZaIfVXLZ+^kjzmuPE%pU)&4}+RP4R
zF$b|kUZIn)Lm`llgyF{n2-Srzt&EAzNl0p09*_PO@?_XT3b-^>aC&lW)^tY7F%+DP
z|IBCxWwLTrP0CQPUp&Z~0^_mcYJHa&G~SoD8}s#Ub4V*kgqno0t@6#6XN0Yp2IKKb
zAMS4^L6)LTbGZiMkQ&dgKttMaL7e!}-tX8IQ5@fXwh%(j@xPV~=82fS6*AwBWxY0B
z{H1XthL+`txwbTTz&q181v0z~H+>gy8S8==!a8pG0CqzP$dW62dQ|5ymB}e4sh1De
z)D+9tTP_A{^%Pk?@7=syOnS@B4$O(*$b*1K0?34ux08RBo17(55S+LE_-ic;FazxF
zr{lv#siaDM{BrQadBWLqoS&q(I;w}cERkJ?JCCnlunk!P`*)z2uaWws{<^i{k=Ev*
zElHKSJAQbEA%KOC;yK}&x5pF{sp_!9`AYS90NKAEFmG{WGAI()&8F$1XE9Y2&vwjg
zPB3F;T*QK!Igd5@KEHn*7}7s37RYe%9geSj06dNA!c?Z1Z|zz+cqITrX_930Zs;hN
z)MWcu_pA(ssxx625!b@m@4@&8oWmB?eyN?+w{9<j@7cGsEb&y~Jb`fh)k(cx)tuXX
zAI)5c{#T36oMaQUb^ssQd_6OqmsE?emxRH*B_9q{Lv4X?i9k($A+Nn@w5)wDXW+ve
zxR_L7p89%pPkkVTAvhn;7K2{yPdh4EG~mB5kXNXE82jEnMJy3Iym4q{;>~YmwfLzm
z(#OyLbt7AI#cp_4MF52oIHX+@T{#CI{`_4IvRg`cC!rW^b2&s>X|gJ0DfB<QTg32M
zS|=0Fsn;yr!<iqpJhK=S>HN6W*QO=dz0u1+CqM}&K!~IIbESDtb(V65uIMb|Mu{_o
z7D`bG7wMXF`|O=g-ii9(sdp=jOx>(zP&xFs$11{!^<nh)=4Mg``z3~kucS@$7`Pa{
zXo_+bz9bX21~M%C$#3k`ki=QGXjESv=)IcJ^wLwOJL<oqbA@B66Rq&1tr|74Gm<Gk
zfC~}|poN2)llnm|OzTwv!@V`Urg^76Npjz=^;PpL6?FFNU{DI`&U6qung&hymRuSM
z38I9-Kcg@M;i`Mb*15P&H7OCbKibc%e5JAxlq!f&D=-I}FXWu%=kEvs?B%p_0OSKB
zL~DPFX^X5|OkXM{W7djaQA4Mm?qoKeh1lO07;aE2I=B;-@IBnSR~@L~U{?rh-)|hO
z4D%RL@``^V%dIT^$)EOFFdH)6Eblt8$l8~n;X5E#GYww5)Sp=<27O2#nwa$Se4$=l
zvd`p~h$j(nKkIt_QH^YYGKVpQfuA%WRg-+P|8J1HVerbs6xh9X59{0Z>au`rPQ~ST
z@KBRPUfyNVqo#-PFpIud#~t1~IFP<+vfp)+m^$?PFIc|Vi39Xa>8~=##$V-KRS?&N
zX#}8n!P!Nh0NDYS(E)Y)eox0o{3PtrKabBg`5`}WKFb~%Yy!JVAFRzw_SiW1d=Y$!
zP?3=bRB`H!9mEzfi|Xp?v;&-IW26R}px?(On%Ma@(7|Pe__O20Xz*e*(G&p_Mye|@
zbw8u^#Yv*sdrAPO8FKk!6plPFCj6WGRf6cM6F@oGp^%!ITGHGZ);v+2LGr9z=wNDB
zBR<keVt@IMJ#q7_C{C|T&ko8}4QfZPK?tz{k(=Auno#7QFBw<*H@7N*R+J}1+B44Y
z>BFHp6~!Jbq2an4kJ|N1Sv`29davokz$WeR{F-?qU0nRx)zORl#Moy0S^jknFY<K>
z8W~LAWwW?`B*dL?n1m(w-QgJ1ht&{_pzSHQE}Z*Ds6x$i);08L?61_aasHD#CZ2x~
z!mAH|b?w^Oj%|oVUoYnEc_W%d+ZcS)!GV=!4|sbOl176eJgVqqyE4`|S-J;3Mrzg8
zorBgEaH9;^?R^j^7-+?_&*hw)uK%{XomQlJ+pcRb87&x-W1(QDl<_JdMIvu^3{)EL
z=cmlNNe#w^Jf&XGQ1!pEDErjeUUEDcpTg@_iFogV{yFHWe9DMqK`$^G!N>u|kqmb6
zJnzS4n6G2+!mBF-$_+c|{04I$L_IPRVrfO4w`!>v^vCE^fojA%(a_B`XL3@vFgk|~
z<fms)+I2RN2{i0%$0f3Z@g!SG4tj$<0se~4`*J7n)bMzR#xXZO4&CU9E3{sf?I}>G
zuEsaDFtKYtuNvO_Mn;Jz2gH^tP03G-RDq+CN?bPo6e=aO&B9E{&ko1-aBj#x8o%c~
z5aAU~CyyCW@As|7;(Q;l$=ZZjx}!m{Tp)u36i@+me1Wsk!%qsP4n^4tT0Kt;45;$L
z60zJo6$Y4V(g-`1BF@RkYH{cX9b~x1bL;f3H=ze+UJ-Ol+&a9OVWD+tz>3V2%*@P<
zdNVLtNI37F-K#^AED)a-rRVayFLhUsT9zX(Mj<(f9Z|`!%38$C_ky)n9>X~*bOj$|
z$ZP@vg}0XRdUAeXIH)h$7acO@E`5W|t))}N33kZBA91-OeyGrHO8$IUb$EW<4CrZ3
zSiIFoGtk!b0km_0-VQ#FN0lY2b>O!{m=HslzI7=7Y$1&lqvRvix$j9F5G&QJhf$3n
z|3sp?f8E`<)!|Aoy`(?D!qfNm8S<jufZgPNJX>}_BCZn#JbX|^sSzg5R#jEmQl5^r
zACA1{)fLtCW8v>pHQb(TAyLHSFdj!ldQ+z|GNg^NOuWw6xgL?aNAf8kN))X9HA9jR
z5NiExAVX6mkrnJ+N~I*<h9CK2!tQv8spiY}V35l-u0!R^FOeD!I-5$-@5Fr(fIUrv
z5P-eBf)mU$iZLu=N#fR1tJJK{H^*J5asiHrfdw2sLfJH14AU^;sK`h)c$3I-B52qY
zKoLb9!MScpgrV~hRRn_fkfw?jN2SCu@$*n<o$aQxcDn~(lMMjg%$^Vx+6+ryD)m`U
zD6sfd(=vx46hHG$g<-TgQTkPI2XAkbX<Y4~s!L;dAXayP=sCiG=)}zOa5`5QO*e3+
z<`RqI>|KdJ@JHC%==AjFfc+7ThLmGPc)J$bEq9`Qcc>TRgpk_0dz9ol4T5g3-1-Q`
zQHw>+WGdmEosq)NFs-jhV`2aL_HBmH)}T<!W+%zj%#Js3PMZ7r%hYkZFLc{-@%IW>
zVq8z!bENpaYnyBt-!BvL;y~f;Z&;Tp+BdU560)+QgkhkAj}n@*fZ%>mJ3c6FZf?%Q
z<7EDrygk99a$u`CxG7fY2soN452I6!hF8(~OY*y`#4urMYB8sms!)_K%8y@>dwrL|
zO-Xw>?<j2HWyW+G!)xY7nh=T5=P?S@b`q!lNF1uI{v>BnJmu#ytv!c=Q|q*>5SK|B
zK8IhmII4<^c=~>i&Cjd9&7!w#o^FX?ws#3fTxdll)2R_+2>`R#P5Mv99wg`aNb64B
zvJ1+Xq5gbrG*n+70Im}6uju@xF@ewfF)jIMaZcLK>R)3EARo_Lf}EX47@0Ef8%Sg~
zWLn2f0o<G}ut6pi*r_x5vK^4*@{H?5zc~{pZ_sH_6#<tiEQ9N;i|$PH&SOd()D3~C
zQZri0+BJI8Cw%D&Dn^6KWO-ChI#eX03-Z6@OkNr-rZ1|Edb;`3-9CT31F0YJ1e8mK
z>*1a;DY7++0$E%O=EYJ_KxHxr?``vFniP$~2Fi;;6t2n8QL=@~LJdj`e+OHo6Qils
zitV76HNo9xS2dZ~bqwb4!OR)T0$c*_Ju`IS=Z946pGKX;rewG>O@DOC)`jmz&@Ga<
zOPZpWT@4*8Xosfs#cy%KA2Jq*Aa@zL*j*UabDIZ-b`tXxnRgYz3Pn)f^0B&%cJg+j
z)3Vq!<>+ikA`<O>l@x7RqAUf{Km%w3Hqj)m*ecudXt_#&d`fwiJ4$k*I57fJbK(p=
z8X+=p5zFYB(HS_aT;Q|l{fF_x54K?8RU{Y>e?I10ZCy18YfpsNw20DD;$2rxE;1JN
z8q+45vx1jW^HGO&m^W>62G?u3AO9rrXvB}nxukrk0DtV|`&!M^H_A*Fc+1m$TMaKG
zCfK3U?UBOMHW#Z!+;p37De@Dlm|JZ@(<1tQpYkmV0?k?u@r~0z=|LJVH6HR`X+<@w
zb(>MmU!hT5!}$C7<pAbngnU{#J{N6w4IJmUf*2B);vTH5BWEm}!=nDck}u&<jf(N#
zh{si(5nQu6tE!V0NZbuy+#p>I<JE))A?yq(h_dmT&M6ve?K5yiv$SfhAn#Xfy_%+7
zWh`+nx9lEJi3PHlH*G{8xGPSeaSxtlCh|5%^k7$wVUmWT?7-}ETi7TQ;V4?0CkB||
zVhyBf^WGVZI6oUssKzq5p*#-NPONh_@VD&k<b*l5LC39D8AzN$h6Htgg2Zq|$&ou^
zQfS)E%92&ma41tE*yh>`RE65+B;XzD9e}xI>Du$D5?uN}$ObG9_Q8x==&V!%zB;H?
zV@OPetJ3yxDtmPa^*!s}ZO0X<byzZKtI3#%jW9!~J3m39E;fqo7B?yf_{O0OS4na7
z2x}lH(kyx8{O{QozuA+bv*n)oiQT1Zo^jeJ-d(Om_-Hci<3wG$j$6hT!k1{R*#^&F
zQO>${EALK(_x5(CPMQE$N{$%AM7Y6<R@pWa(MQ>W*GZR%?TJrn^KHh?Vr^g?$t%@B
z)5wqFz4jE@0YNlZDc|Gx#%<=uxD_|YbM6cWskekjXi)X5d=7`v&{~Xx*iHTYjl4v|
z$R1vT5I*t=vV15W;#`+1o~OqZ(Mdz1AqYc9;a24F!mDgAE9C1hf~KGfoy2-2iKP~9
zyOlB$0x1ASnxSWJ#N3LH)$+%TD8#yQi6NtL3B_-PxJKP+``;kL%)i_A(HGp+<z=4Z
zbmTmT7lDc+zx#aj@I>@XThVR5K)^L0qn{JLXs(RqBrPE-O}NH8ARGMa1{0GG$vO{E
zQjRAYhK3tx@pkAPuX(qQQbVTa@w0n-<_4vkkdrU6L4=P->7a9?(zyh$=4e&avM!M>
zMcisj_sGzCqjbA7{s(=9zpDyNK9<>KgP2AB%(>@=Fdi&kfZ+fy_|C>>%BAG4$@<c5
zIGG1&C-TKinCA0a(7#o8cwAc-Xx__(I2a&2>^bRBNZ1$G5i^iTs*s|rmA<ZSI|nDH
z`g!)v@Wu005*9ngVQ=}j7R}W+wD#+3iqaoCej7{wva#BBCv<S+W1l7x{3VCChMg7r
zx4fg%P-00Scz7<+f_E|VTEYZC)MT<jd|4Zb9q{rAE+^e^%$EupUkHe1qGYU-5We^b
zm$0NIC;y5F4{y!>V;U)dHXE1-(@YvC3ozfKX3EIOuvsRtci`EGnBzyTKnUKjRKGWa
zhMw!kU%;iIsF8!O<Ct+f{Ebgb4oWaoLiH?G)9m1=C(|X1KB^Ub!|H7KK*fK%#`nAl
z)45Vyapv9kj8iQQyf8S2HNG;Pk^O#Z&<WW+SzKD`08CPgr$)dWAYTop$cwxe1HmTz
z-UtQzB{oF0q(bL|@4gVIs5rMrmU_S_Amf(hRACo}jly(F1g-YfZGQ>9ekNKJXZ@&$
z;^Z$TmA0egcJG}RH=iH;<r2^v+qr(F_=2<~qh8lod`MkB3;a5M+@XPid-j4dWyn|C
zr4T+&ubUwDn$4f`4_RdQZ7Md&?KH>lVc82Fjd+y05l?iY>n1!>GH#%NhV_SqMGq+!
zR^fqT?Zh%fEtbZ_d);-GT{U-8S+&-U4MT@2KYBV{)?w3rWp)QPj+|QUIK7vIL3@;S
z;nBgpHBiuFZj^?NiW}12{%^Jdyt<nBYvA#xcuzX8Tthu^7ER3?N4|sd?R99*)+@G5
zvv39FTiWN-ZXB6jv-LfH#w7HzkEDP!p8~)_oe8PJT6PzO9xef?$}#CmN`tqn3(%|E
zQ(?@-iW05q?1U?>5m_60p`XY>Jt;kpq_y5>ivrK2Uo~t>^1EJl`aCJ14bZ*Z0hI$}
zSn7o}+bT|8+ztyC=35_uO^}*f6=h|!Jy!eoyT5U-mwPx7x*jYQV8^4nFwI{$rW1!(
zd=RStwN9E1Om2UEem3H^nl1XW{**LQBm-NAF$b_?;q~_C$8ftK$<+Lu+TsJ?;=|GN
z_4IqIMb@T_{^Z}4jHg2B`13C-h315VR&`0;|N9R|V!~%ZV}uNDx4g%_j#Z(b#qd4f
zI_Af{taaCde=s3;!m#T*3afZivBU7W9Q^r^iXjw4XxI~hUf;gM#MNjPJ+gtFrlg{x
zl5jto5mo#eS&0WNjG3t4ZMY+emuIY9Wrurcd~c13^D1h!B+EXKXBPZ0Qz`3_zT!kN
z_|Fb?@q-~)m?c{+?zi`MFhk*`V}9>1x^)Km-hH>U=0fZ0K5^euBkpKiEq9(8r}hbL
zQENC;W5HelZMnPvp-_`*;ZjeCb$socJK}o3*<>}Bw&{C|S^}Ae--V(?c!;f0EI=B^
zV#M$6Pzl!RS&-4tVoL<_m~So(3{xo{dXJqVdQYlr+%7OpKI#I*fB(!@Uxk+Eqc4NA
z`*h){;%~=om^!>Fh2CJUUg3JXkFKeWAU_DXfhitSF|9>WT^nU$F=G8mo~x{~-acPh
za*!QV4|AOw<)KN|b*>8b%kooDm?BvwxVT>OGYbMVQh*2=pm<CtuwyH^QLTtMfkGzH
z)MEJZo{HgCpTM)h)w`{Ck}=WTwaPRKQ4T_FIo9E}<$k4isTG5*VG?jWbGtWbps!ic
z=F3MEK6%^F#bhAjMt-_J35AVim80s2|Bu*E`7A9Z-sc0|%J037ZmcWI_soL2+NiBW
za;EsI(XG7Vt{SNTwP@sIq4KlQbO=ddS7a=R#SkoL6^L{U7Kn)p0~ip9Ut+MGV9x9;
zT)JBG!-R-G2wffKb(X144fZ)LWsn=~h!Pl9l`m)>#-;Z6pi~AV<_+}rge=GR(#r3*
z&j{f_FYxLEWX1CSviU2Ul9Qko1b*6(6IbJ@Z7X~kbQBaNXdUk@<5rnO2CO0mLnfpb
zF3USyppAS4=@V=R^ar3x+IAWG<J%p7-8{M&%zdM|=IwZ4zJoJzwr<muc4{C50&ouE
zJ74~Hqod8vIJZqqmV3#)g9RZrNZVYzD7PLQ(EyZe)6dwXbi;xr&h`)9yt@(Ai=eL#
zxz&fUAiIc1eQH`-R!BZwrB^>*VlEyKBLXPz92QaStM}cJ`5jH2z@MXQpy$e055K=Z
zB!8r|S4}l8_eY*U6RT<`vK8MA<D~ySr94(2wz|ti71?~l<#sb#8R>5gW&Zc-RAUZk
zt$}uK=At*5|Fh%+1WD%xucdNg<KUcwDf1J;_+XIjNEySx0!$x_)YvE3N4N9YAaG|n
z4=d$TRqGDmYL>RwEzsE2L=IG{P#L?CItf#8F2r7Pb>_ksMg7s&+7nq5AP?~cs=(k~
z4}Zt01r-5qn{0URhN=$LM9)-oWkm~E`HhM1*L!yrS`7`tfknR0`Rs0-aQFRa0%cEw
zz~s?$JclEs!`_S5-;Rhr??@wm4I|GR{#2N=WR13&k0o!@G-rlMgj8y%FEXTaBZlWj
zwb<6ijeb|msSuSykL@3iclu5E`1>c9&CV)I+J`?ucJQl!sI#-P`#8Y|{1Oo}Lo77<
zNZn}pdB%`R1hF8hzD_*zn|&=qukQ&r8f1t|T2DbrbL#JFtjG{-;;!YVDQ6hXDguK?
z^aQflcZOZ<ZrvrjQJMB}4?*+rzg8%bWUX?2*SR;k>$F!{dyCH-Tf$|gWosuDj=xr3
zB?li~2)2;a^mvVd{Sd;?&&APpH7FJMk6YVlAfOMm)8qN?&4Z%iV!x3Kw&r(FSqX0?
zv-`Zzf<H3#Xn=bRN9a2HC9U6`v_s^U-KoAsdH2GYB42V+3Vix>o4jHGz1XSvZ{Fv`
z6klraRzC+;VOLRFNN{}~&Ytc67D%=Mlc1^LHL876fp^6q1u0qQX60O=sOj8A>HZ&&
z*^tdPZC6;c8&G)q=FdPn<$nyN6A)Rq?)?XA*(VLXC-1XJGiSIEQ;zW2f2#@C<|QX8
zWNj^2!88To6U2N9qmdqX$SqEXZ^5zs!ZejFkhTg|s3h~;!ksN;RDHIsLBRMSZ4+~@
zlTeGp$*f1X4rn+p(zCCV@KuQLk)zme7)X3a+$t@Qja4V6D4zX!^PXP20<(}%jjWWs
zA`q#>-jtcbxsnXYDuhl{=&21c-i>=;Ah4|;`65y8CH&R#vc6ivC8AcsF96-V76&((
zltrr+P!nFX3RPY9eYM4I2&_t1EOdI^+Pj(^!kus9V=#H8DS^;A13IEoCtz<H=*ooE
z4?^;;#5C(aoNf(p9uR&#-<~?&ojIvUOKPDQX1-D}oR*#U5ni^7ozghA>9o6mwwDY}
zF3oC~b*rJ-{+PMA5G-}Fe)VtMsFqi+lni)X-TW8)1~shY)ATJ_ek{l_3`TTji(Hc!
zwQL70miqsv4ep*P(Q&h*4y?XZi@Qs~PTa+HG6`>$G!w0M$`ZM__tx?Wxa}EFBO_sG
z=um6JGcHh+bwIDyecuTb>Pw*Qg0MDL(VI3BXM20UU|Qn#TsZm9koJ4c85ypCeX&9=
zJO3=G0|C^FBu|+eXd2h~b~ABVco=jM*uLKxG~H2;v>`DxjhuvI;ozxf2xz)jdtE@4
zpvCXe*QslP?1(e<B^oxd#U40idx)bAvI}n3z^TPKDV+Z{jz)W;1(VMTdGfdaI$Wve
z^W(LL7F?;!J#4jVQ9DPwsNcv^ge#YOx|!Xe0i1S|5ICH&QhteEgZR5G2m_d5%qj8H
zbAuwrS-mZNreFy@x9k03HGSM)lwRZH)C7HvUKF71WX?;dn*LSOb=B^7_4wG>bHuup
z!XK4#Pd&eivMY8p)r<;ufa*+~>cpM+;q|FgfiB6WRdoqsCWCmb>;jRyp^$Kyq!y2V
z4+Gx&bG1vIzLBMmvD4krU(|0U3OcA9>~+lb6)BsTFrwd7R1#&pce6b<o`p^l&y=2q
zEl&p!V>BTVvS({^<&@>wH04-~7|CaMNoES>$La1O7iIm;Yz8uC7uyZTwhf<s0|yyo
zcEUmGV{Plcx%H@5ghTriX<uZso&kF@eD}J1T!3GNS1_VS@(9!s*dpN9|8RNH(C3`_
zAE~G>hiy%Y_PrPWkqiz!wR&^G2w{a3l#5Vhi$TPTIypMSBcX<O8Bx$Q=_&-WEoD)4
zXP3n^>DgNdDWe?PZ_jGa*15@v-~~da)!z=nc(}Ok&b@(<)^KKyBFy0qD_H-CKXGbO
z(!A=dr$p61XCm@yl1ic8ZVv<&-v652Upp9`qFC4!NgJOb)n!_%MFi8L!tfYYx~uTM
z8SUtok?AV`_WyW$ZZ!109#ZG<!QJyGeM&6e)o&xop+bQ5!%J~ks@pdGZNEO{ezv4~
z9u#hfOeHI~!CijYQY%(voP%1Ytc3uoSb!G(3cYyEgQ)w!L>-h0M0lYOq*3iOVfKM|
z`XfxeXGyZG|J(ohX8%(7ZbqC}g0|v-PLR!fOSAA-7_B-JZq?t|_Pw?UEZPspx2J1t
zcUtUb&jDWnlA)F<a(qjsMxHK4kJ4uRHcgyW@tIg05oI*i?_RAW$;6%3F&SHfbR$Bf
zV3)AK%rORLb|?>m*f-TH_}w_xh?p2ZqAu*SSVCD}F2S4vOz2EwGkb=&%(QVpPztuU
znZ5v-<KoT3rJG-$g-sN(L}jngN>d!Xca>#L%E&0>mSDbON|cHkg>1R9+&KsY`m|YV
zb+T}mR*?2ON?Xn}Ib{S$uJfv&ZO!#YC%3-mIFMV7LBI5^;e%ApBdF07@nODa<>i*+
zii}<B><}|L@9pmwx7e?HbC2r69gwRItZiQ+w?l2zi30c^h3Twr^nTkbQkpg^J37|!
zdtwpVT`T%L#VYo9_rUBfW{j3ezbcc3{z47_33(v7s@epp*6;1&7tCM<eYAg|$i+So
z^Rb=!fUmF-Y&i|()4U7jQE$E}+snIps4k%_$fH7}DRu&zAhW==`{RA3+2;3mkFO_;
zi4ybEb(9g769xB+6^;dSf9^u+5(z6TP2!vu;;u*;C`Q6DC`muxA2*c)6;OO<=mgg?
z<<tni+67;!2s5HK;CCfwW_o)c&EzZJ`pI1V^cQ$Bs3bZSRG;yzE()sP336kQx##Nj
zTJrw+R0WSt`u3F^zTL^{Qsj4WodA?Wxi*tJ4)Pw6nv}#DSAo5ql7fOQcpnTF9>W}R
z6RP2QAKqN)+9Q?N(1}vp5x6vpo4)^wjMk+h+?Sw72C=Y>CQ9Ytxk1X5;G6Hhh>NPd
zg~`Oi>4WXZXa$;+O3KR9@XH5zvjg8Llhk3m?=Je=Rosx_2c^gyTs1ZS-PYIFQ$A%|
zT)qLir#Fta85#ihSRX#-RY*S|vgL}aW@IrbaVC_VY|a4bbC;@>_eX7KGx^Z|B@nVf
ziNSDCT`YWbzUPSA%Tz`46H`<EIqwe$Lysdo{ZRr!caAvp63nJGOyl3qGa@yK_E+ta
z5TK@!jeNew?k+q@Z~sdt*F441Vo8L)t@Ir}*xI%u3JFV5gp&IOQ&{mf<++;{;{~57
z<+&q3h5hozn|&}S>Z1NPz}VOU0nX*D`3>ty;c6K_!3?adlF>P#S>=gdk!J;mu`U6>
zR@q|e)4+@&p`i(FqyfR!D%^DfH(g%@zBDDdq4%wGG{2#0{NBplb~{jg9UIcnE5^^3
zBUI$DsTOZ1lbvlakQ!zP`SHi5{bUu+ZRGQOq7ViAbV>wgB7U)glS7-}G#eT?8&%O9
zCL1eT4KIVf_q$(Qu5&PZn7@m|;_DZ`_UaZrf>m6AE#bzU<0a8zEOvDC^u;Z@XVu91
z>=%=uoQgEWgFhLK@J(pSoKxE=z&ydLdo65-q%FpBC2-_`2!mZvkcGvbH=wsXaqg-=
zHV#1*t-V$=#ZO*>^Vh=W+4x0g?z6uS*9DBr?kB7ws!&H*n>)DjKbwPB)3G0g+0`(7
zi#ycfg9`9O0t;y*<f?4_vEa0dKDm4<6M-;zW`zg8(NztEJwgq*LK{7Q{DOumd>u<U
zo-p`k?mrwC=^eGg>NQtujCu?~n`i0#ZVdi3#MH1-qX|GuhZ(0|>l?@A3|AUBQLu`R
z<}n^j)Qnm+f0&t>Cyy2?7ZvmKz2SWp;m(caRxwmu_o0Xdb5F13v=IHp08Q^g1TRnt
zq}kOi+r9Rzomc%mxnK{cA~4|iI9e?pNGGULeWPQl@-&hZALN$OJps;k^;!89OW3cr
zoNs)*zbb#>2P{;_Ju<r`t$e?VKKDBN>9HY93SaRJ-6M-ZF(y7Uv%S@*$KNQ}HhgZ|
zt0;}I)x=Z9qo0fl0iEAH@Zz@H2wd+!<kMKrk5_-!P6bMHQVzd{ERoM*7f0AEuuwv;
z#hO|ky>MTBOm^=3d$ue>&wfSc95nJiE<Pml+zN67uHrSJ^Q91KyihgrY`rQE5!yx-
zfN4RI*v?%}PCmZpmhFKsWv&KA0Dh44>z?_wmGZ)JZIHQ$05s)}l*pr<oZR>gIEhsa
zm4Q#kB`5M4F1$iSdP;LD_e3eGt&+kBW8RF62!it+1kcjC-A_AF=&naICS}#ZT37{4
zKncF@m_vXg?tl=083@%B$VQ=5G^{m|%KVCDZY8S0Km{jYpRy@~iu<7iV33^|2tA>|
zge{h9<uLl3<k>v)n-+ZhFW-k{Bd-RD2|Ho$(f;!tp)0~JsHiL)9~KrC{)*9b5aAQG
z$uIyf!;7>3J(CzAfEEGvJU^UDR2H*Jfhdqkqdz=mHefuN{u2eA$8nyKSL`gQ7OgfE
zmDb&-XEP!!=wii$*?T~cWJD~?yV~wTOIO!BQzj}DEYE$q#}~sY;^dP`sh4VtuQ`kb
zm9fC&=LK68tc04I?9#|&hC6gW(>Q^#@Ef8k;R-)uBD5?>ZT~mugjvIzE1?)Rv9Lgt
zBQh##`t51}ed40?R*6_6J2uJ(uIVcSl~i*)AyWmBD4+@>u1G|KQ9q-$^iLRzLA$HD
zn3$NUt7}tzty<sM&KCxq*k2QF4wHf*XsXp3YMfDZ&pGjd74xwq0{@gVIT6F6ilGw<
z$zumaSaGOf?^!e%)uq9vm&<}#7~~atI@x}aMpdy*ufuG6urw_Xj;Y$2ey5cjyP1gC
zq$<COA}cqcBfvx?P|>AoIr_fnC}-*WDRZ@#q+AdqD*dI1w4Ct|hkUd(IhVG&7Dz=!
zR!oDH3RVu2bI+!JuH&M;^0_chh`${i+o1%f7;FRPgCXUxInR#gwbq7@QYFQSsA02L
zg29=Tx$^SzO~KngU+Dh}IyuU(ql!=>kg#RS#aI_B5#+aHg@7<&&oPs!I5Cwq>e#+V
zvZus@Nu;}UUZ<V9*49?TX6t2PZxXrWfx#K+exT0Gk+AR7LXa#f9U_0?aGVrZB2>go
z!XE*SEz$$|@87?_xA;EaD1tLG&itcPc_F;Df4+?cg_4N1tY8KglmJ3tZ3<Ozn6xt}
zL>-ITRoXx1l!ZwoY*YNfp~54z1QR2Ic+Rxs`gRYOpTaAAwDMC&|F|gAcFu!06wO`e
zIq25x%Z*_u=%>KV0?8U!g^vyRxXslQNkzaPH4|Vn_;z3wSUVgKl2oKZ0G-zbQ6WMo
z!WLTND>jzSQXiF<=2-iHJ8IPMh=^ldRsA8ngxuT!HUR;F-Hyxd)d#Q#?FVRWYdHbg
zf$kgk&E(@%rRtu@ygEqbN-(Po>1QbB&j(4womA)z@6&1)Xn3?UViJ<|R6t2(^*pX}
zAz1Zot*dhsrq9UYw&NEGkD)*&;^C?~K7_7uoJhu=Z@J1U67$F}!3u#-p-X17oxvCr
z7c`c^B<w2XRx}3ZNKce<zP3$*!(0MfRApdi^Z*<xVUs(a6B~R*SsC5q+w-jj0Bm{|
zssrcSs-mM&P`3VFjGv8Ul?~=~J=M^Mx-B%kE_$ZJu*3NnMI&IrWLp26Fv;^8VS+nE
zY~76&DClrKp1rB<`9K0Y&7>8;kxdfv7;Sxh{RW54?ke48>y-2Lj>kRl9Hso%?vMXc
zZ+UXw3Fhh+J$*DnU+x4<I!rx$XO~!nXqqZWWp<u}_vb;RNrd`CeW2N64!8b`o7Mxe
z{M(_d<p>8=pW6&ph<}bA%r~_q*d*YC_}0O)*g`c#@cZ)l5jnEyL*wB`qk{*xwg+_d
z=34;!(CDqX%|-|$RF?syFi3Tv0QHTvZv8fb@RN?KP8A-M^EFmKtwM&U_eow}DzT4B
z6vtQ&@HmhvxJ&nE_!2f9=9)?0sYg*QoegZp*|IUa&1BpD_J4)*pFSZWAU;1|8ovS7
Uw;|=he;@!ME2$(=BW4WxA7O8|tpET3

literal 0
HcmV?d00001